@@ -12,6 +12,7 @@
#CONFIG_ISA_IPMI_KCS=n
#CONFIG_PCI_IPMI_KCS=n
#CONFIG_PCI_IPMI_BT=n
+#CONFIG_IPMI_SSIF=n
#CONFIG_PCI_DEVICES=n
#CONFIG_PVPANIC=n
#CONFIG_QXL=n
@@ -10,6 +10,7 @@ config PC
imply ISA_IPMI_BT
imply PCI_IPMI_KCS
imply PCI_IPMI_BT
+ imply IPMI_SSIF
imply ISA_DEBUG
imply PARALLEL
imply PCI_DEVICES
@@ -30,3 +30,8 @@ config PCI_IPMI_BT
bool
depends on PCI
select IPMI
+
+config IPMI_SSIF
+ bool
+ depends on I2C
+ select IPMI
@@ -5,3 +5,4 @@ common-obj-$(CONFIG_ISA_IPMI_KCS) += isa_ipmi_kcs.o
common-obj-$(CONFIG_PCI_IPMI_KCS) += pci_ipmi_kcs.o
common-obj-$(CONFIG_ISA_IPMI_BT) += isa_ipmi_bt.o
common-obj-$(CONFIG_PCI_IPMI_BT) += pci_ipmi_bt.o
+common-obj-$(CONFIG_IPMI_SSIF) += smbus_ipmi.o
new file mode 100644
@@ -0,0 +1,384 @@
+/*
+ * QEMU IPMI SMBus (SSIF) emulation
+ *
+ * Copyright (c) 2015,2016 Corey Minyard, MontaVista Software, LLC
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+#include "qemu/osdep.h"
+#include "migration/vmstate.h"
+#include "hw/i2c/smbus_slave.h"
+#include "qapi/error.h"
+#include "qemu/error-report.h"
+#include "hw/ipmi/ipmi.h"
+
+#define TYPE_SMBUS_IPMI "smbus-ipmi"
+#define SMBUS_IPMI(obj) OBJECT_CHECK(SMBusIPMIDevice, (obj), TYPE_SMBUS_IPMI)
+
+#define SSIF_IPMI_REQUEST 2
+#define SSIF_IPMI_MULTI_PART_REQUEST_START 6
+#define SSIF_IPMI_MULTI_PART_REQUEST_MIDDLE 7
+#define SSIF_IPMI_MULTI_PART_REQUEST_END 8
+#define SSIF_IPMI_RESPONSE 3
+#define SSIF_IPMI_MULTI_PART_RESPONSE_MIDDLE 9
+#define SSIF_IPMI_MULTI_PART_RETRY 0xa
+
+#define MAX_SSIF_IPMI_MSG_SIZE 255
+#define MAX_SSIF_IPMI_MSG_CHUNK 32
+
+#define IPMI_GET_SYS_INTF_CAP_CMD 0x57
+
+typedef struct SMBusIPMIDevice {
+ SMBusDevice parent;
+
+ IPMIBmc *bmc;
+
+ uint8_t outmsg[MAX_SSIF_IPMI_MSG_SIZE];
+ uint32_t outlen;
+ uint32_t currblk;
+
+ /* Holds the SMBUS message currently being sent to the host. */
+ uint8_t outbuf[MAX_SSIF_IPMI_MSG_CHUNK + 1]; /* len + message. */
+ uint32_t outpos;
+
+ uint8_t inmsg[MAX_SSIF_IPMI_MSG_SIZE];
+ uint32_t inlen;
+
+ /*
+ * This is a response number that we send with the command to make
+ * sure that the response matches the command.
+ */
+ uint8_t waiting_rsp;
+
+ uint32_t uuid;
+} SMBusIPMIDevice;
+
+static void smbus_ipmi_handle_event(IPMIInterface *ii)
+{
+ /* No interrupts, so nothing to do here. */
+}
+
+static void smbus_ipmi_handle_rsp(IPMIInterface *ii, uint8_t msg_id,
+ unsigned char *rsp, unsigned int rsp_len)
+{
+ SMBusIPMIDevice *sid = SMBUS_IPMI(ii);
+
+ if (sid->waiting_rsp == msg_id) {
+ sid->waiting_rsp++;
+
+ if (rsp_len > MAX_SSIF_IPMI_MSG_SIZE) {
+ rsp[2] = IPMI_CC_REQUEST_DATA_TRUNCATED;
+ rsp_len = MAX_SSIF_IPMI_MSG_SIZE;
+ }
+ memcpy(sid->outmsg, rsp, rsp_len);
+ sid->outlen = rsp_len;
+ sid->outpos = 0;
+ sid->currblk = 0;
+ }
+}
+
+static void smbus_ipmi_set_atn(IPMIInterface *ii, int val, int irq)
+{
+ /* This is where PEC would go. */
+}
+
+static void smbus_ipmi_set_irq_enable(IPMIInterface *ii, int val)
+{
+}
+
+static void smbus_ipmi_send_msg(SMBusIPMIDevice *sid)
+{
+ uint8_t *msg = sid->inmsg;
+ uint32_t len = sid->inlen;
+ IPMIBmcClass *bk = IPMI_BMC_GET_CLASS(sid->bmc);
+
+ sid->outlen = 0;
+ sid->outpos = 0;
+ sid->currblk = 0;
+
+ if (msg[0] == (IPMI_NETFN_APP << 2) && msg[1] == IPMI_GET_SYS_INTF_CAP_CMD)
+ {
+ /* We handle this ourself. */
+ sid->outmsg[0] = (IPMI_NETFN_APP + 1) << 2;
+ sid->outmsg[1] = msg[1];
+ if (len < 3) {
+ sid->outmsg[2] = IPMI_CC_REQUEST_DATA_LENGTH_INVALID;
+ sid->outlen = 3;
+ } else if ((msg[2] & 0x0f) != 0) {
+ sid->outmsg[2] = IPMI_CC_INVALID_DATA_FIELD;
+ sid->outlen = 3;
+ } else {
+ sid->outmsg[2] = 0;
+ sid->outmsg[3] = 0;
+ sid->outmsg[4] = (2 << 6); /* Multi-part supported. */
+ sid->outmsg[5] = MAX_SSIF_IPMI_MSG_SIZE;
+ sid->outmsg[6] = MAX_SSIF_IPMI_MSG_SIZE;
+ sid->outlen = 7;
+ }
+ return;
+ }
+
+ bk->handle_command(sid->bmc, sid->inmsg, sid->inlen, sizeof(sid->inmsg),
+ sid->waiting_rsp);
+}
+
+static uint8_t ipmi_receive_byte(SMBusDevice *dev)
+{
+ SMBusIPMIDevice *sid = SMBUS_IPMI(dev);
+
+ if (sid->outpos >= sizeof(sid->outbuf)) {
+ return 0xff;
+ }
+
+ return sid->outbuf[sid->outpos++];
+}
+
+static int ipmi_load_readbuf(SMBusIPMIDevice *sid)
+{
+ unsigned int block = sid->currblk, pos, len;
+
+ if (sid->outlen == 0) {
+ return -1;
+ }
+
+ if (sid->outlen <= 32) {
+ if (block != 0) {
+ return -1;
+ }
+ sid->outbuf[0] = sid->outlen;
+ memcpy(sid->outbuf + 1, sid->outmsg, sid->outlen);
+ sid->outpos = 0;
+ return 0;
+ }
+
+ if (block == 0) {
+ sid->outbuf[0] = 32;
+ sid->outbuf[1] = 0;
+ sid->outbuf[2] = 1;
+ memcpy(sid->outbuf + 3, sid->outmsg, 30);
+ sid->outpos = 0;
+ return 0;
+ }
+
+ /*
+ * Calculate the position in outmsg. 30 for the first block, 31
+ * for the rest of the blocks.
+ */
+ pos = 30 + (block - 1) * 31;
+
+ if (pos >= sid->outlen) {
+ return -1;
+ }
+
+ len = sid->outlen - pos;
+ if (len > 31) {
+ /* More chunks after this. */
+ len = 31;
+ /* Blocks start at 0 for the first middle transaction. */
+ sid->outbuf[1] = block - 1;
+ } else {
+ sid->outbuf[1] = 0xff; /* End of message marker. */
+ }
+
+ sid->outbuf[0] = len + 1;
+ memcpy(sid->outbuf + 2, sid->outmsg + pos, len);
+ sid->outpos = 0;
+ return 0;
+}
+
+static int ipmi_write_data(SMBusDevice *dev, uint8_t *buf, uint8_t len)
+{
+ SMBusIPMIDevice *sid = SMBUS_IPMI(dev);
+ bool send = false;
+ uint8_t cmd;
+ int ret = 0;
+
+ /* length is guaranteed to be >= 1. */
+ cmd = *buf++;
+ len--;
+
+ /* Handle read request, which don't have any data in the write part. */
+ switch (cmd) {
+ case SSIF_IPMI_RESPONSE:
+ sid->currblk = 0;
+ ret = ipmi_load_readbuf(sid);
+ break;
+
+ case SSIF_IPMI_MULTI_PART_RESPONSE_MIDDLE:
+ sid->currblk++;
+ ret = ipmi_load_readbuf(sid);
+ break;
+
+ case SSIF_IPMI_MULTI_PART_RETRY:
+ if (len >= 1) {
+ sid->currblk = buf[0];
+ ret = ipmi_load_readbuf(sid);
+ } else {
+ ret = -1;
+ }
+ break;
+
+ default:
+ break;
+ }
+
+ /* This should be a message write, make the length is there and correct. */
+ if (len >= 1) {
+ if (*buf != len - 1 || *buf > MAX_SSIF_IPMI_MSG_CHUNK) {
+ return -1; /* Bogus message */
+ }
+ buf++;
+ len--;
+ }
+
+ switch (cmd) {
+ case SSIF_IPMI_REQUEST:
+ send = true;
+ /* FALLTHRU */
+ case SSIF_IPMI_MULTI_PART_REQUEST_START:
+ if (len < 2) {
+ return -1; /* Bogus. */
+ }
+ memcpy(sid->inmsg, buf, len);
+ sid->inlen = len;
+ break;
+
+ case SSIF_IPMI_MULTI_PART_REQUEST_END:
+ send = true;
+ /* FALLTHRU */
+ case SSIF_IPMI_MULTI_PART_REQUEST_MIDDLE:
+ if (!sid->inlen) {
+ return -1; /* Bogus. */
+ }
+ if (sid->inlen + len > MAX_SSIF_IPMI_MSG_SIZE) {
+ sid->inlen = 0; /* Discard the message. */
+ return -1; /* Bogus. */
+ }
+ if (len < 32) {
+ /*
+ * Special hack, a multi-part middle that is less than 32 bytes
+ * marks the end of a message. The specification is fairly
+ * confusing, so some systems to this, even sending a zero
+ * length end message to mark the end.
+ */
+ send = true;
+ }
+ memcpy(sid->inmsg + sid->inlen, buf, len);
+ sid->inlen += len;
+ break;
+ }
+
+ if (send && sid->inlen) {
+ smbus_ipmi_send_msg(sid);
+ }
+
+ return ret;
+}
+
+static const VMStateDescription vmstate_smbus_ipmi = {
+ .name = TYPE_SMBUS_IPMI,
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .fields = (VMStateField[]) {
+ VMSTATE_SMBUS_DEVICE(parent, SMBusIPMIDevice),
+ VMSTATE_UINT8(waiting_rsp, SMBusIPMIDevice),
+ VMSTATE_UINT32(outlen, SMBusIPMIDevice),
+ VMSTATE_UINT32(currblk, SMBusIPMIDevice),
+ VMSTATE_UINT8_ARRAY(outmsg, SMBusIPMIDevice, MAX_SSIF_IPMI_MSG_SIZE),
+ VMSTATE_UINT32(outpos, SMBusIPMIDevice),
+ VMSTATE_UINT8_ARRAY(outbuf, SMBusIPMIDevice,
+ MAX_SSIF_IPMI_MSG_CHUNK + 1),
+ VMSTATE_UINT32(inlen, SMBusIPMIDevice),
+ VMSTATE_UINT8_ARRAY(inmsg, SMBusIPMIDevice, MAX_SSIF_IPMI_MSG_SIZE),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static void smbus_ipmi_realize(DeviceState *dev, Error **errp)
+{
+ SMBusIPMIDevice *sid = SMBUS_IPMI(dev);
+ IPMIInterface *ii = IPMI_INTERFACE(dev);
+
+ if (!sid->bmc) {
+ error_setg(errp, "IPMI device requires a bmc attribute to be set");
+ return;
+ }
+
+ sid->uuid = ipmi_next_uuid();
+
+ sid->bmc->intf = ii;
+}
+
+static void smbus_ipmi_init(Object *obj)
+{
+ SMBusIPMIDevice *sid = SMBUS_IPMI(obj);
+
+ ipmi_bmc_find_and_link(OBJECT(obj), (Object **) &sid->bmc);
+}
+
+static void smbus_ipmi_get_fwinfo(struct IPMIInterface *ii, IPMIFwInfo *info)
+{
+ SMBusIPMIDevice *sid = SMBUS_IPMI(ii);
+
+ info->interface_name = "smbus";
+ info->interface_type = IPMI_SMBIOS_SSIF;
+ info->ipmi_spec_major_revision = 2;
+ info->ipmi_spec_minor_revision = 0;
+ info->i2c_slave_address = sid->bmc->slave_addr;
+ info->base_address = sid->parent.i2c.address;
+ info->memspace = IPMI_MEMSPACE_SMBUS;
+ info->register_spacing = 1;
+ info->uuid = sid->uuid;
+}
+
+static void smbus_ipmi_class_init(ObjectClass *oc, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(oc);
+ IPMIInterfaceClass *iic = IPMI_INTERFACE_CLASS(oc);
+ SMBusDeviceClass *sc = SMBUS_DEVICE_CLASS(oc);
+
+ sc->receive_byte = ipmi_receive_byte;
+ sc->write_data = ipmi_write_data;
+ dc->vmsd = &vmstate_smbus_ipmi;
+ dc->realize = smbus_ipmi_realize;
+ iic->set_atn = smbus_ipmi_set_atn;
+ iic->handle_rsp = smbus_ipmi_handle_rsp;
+ iic->handle_if_event = smbus_ipmi_handle_event;
+ iic->set_irq_enable = smbus_ipmi_set_irq_enable;
+ iic->get_fwinfo = smbus_ipmi_get_fwinfo;
+}
+
+static const TypeInfo smbus_ipmi_info = {
+ .name = TYPE_SMBUS_IPMI,
+ .parent = TYPE_SMBUS_DEVICE,
+ .instance_size = sizeof(SMBusIPMIDevice),
+ .instance_init = smbus_ipmi_init,
+ .class_init = smbus_ipmi_class_init,
+ .interfaces = (InterfaceInfo[]) {
+ { TYPE_IPMI_INTERFACE },
+ { }
+ }
+};
+
+static void smbus_ipmi_register_types(void)
+{
+ type_register_static(&smbus_ipmi_info);
+}
+
+type_init(smbus_ipmi_register_types)