xref: /freebsd/sys/dev/ipmi/ipmi.c (revision 1f88aa09417f1cfb3929fd37531b1ab51213c2d6)
1 /*-
2  * SPDX-License-Identifier: BSD-2-Clause-FreeBSD
3  *
4  * Copyright (c) 2006 IronPort Systems Inc. <ambrisko@ironport.com>
5  * All rights reserved.
6  *
7  * Redistribution and use in source and binary forms, with or without
8  * modification, are permitted provided that the following conditions
9  * are met:
10  * 1. Redistributions of source code must retain the above copyright
11  *    notice, this list of conditions and the following disclaimer.
12  * 2. Redistributions in binary form must reproduce the above copyright
13  *    notice, this list of conditions and the following disclaimer in the
14  *    documentation and/or other materials provided with the distribution.
15  *
16  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
17  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
18  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
19  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
20  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
21  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
22  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
23  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
24  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
25  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
26  * SUCH DAMAGE.
27  */
28 
29 #include <sys/cdefs.h>
30 __FBSDID("$FreeBSD$");
31 
32 #include <sys/param.h>
33 #include <sys/systm.h>
34 #include <sys/bus.h>
35 #include <sys/condvar.h>
36 #include <sys/conf.h>
37 #include <sys/eventhandler.h>
38 #include <sys/kernel.h>
39 #include <sys/lock.h>
40 #include <sys/malloc.h>
41 #include <sys/module.h>
42 #include <sys/mutex.h>
43 #include <sys/poll.h>
44 #include <sys/reboot.h>
45 #include <sys/rman.h>
46 #include <sys/selinfo.h>
47 #include <sys/sysctl.h>
48 #include <sys/watchdog.h>
49 
50 #ifdef LOCAL_MODULE
51 #include <ipmi.h>
52 #include <ipmivars.h>
53 #else
54 #include <sys/ipmi.h>
55 #include <dev/ipmi/ipmivars.h>
56 #endif
57 
58 #ifdef IPMICTL_SEND_COMMAND_32
59 #include <sys/abi_compat.h>
60 #endif
61 
62 /*
63  * Driver request structures are allocated on the stack via alloca() to
64  * avoid calling malloc(), especially for the watchdog handler.
65  * To avoid too much stack growth, a previously allocated structure can
66  * be reused via IPMI_INIT_DRIVER_REQUEST(), but the caller should ensure
67  * that there is adequate reply/request space in the original allocation.
68  */
69 #define	IPMI_INIT_DRIVER_REQUEST(req, addr, cmd, reqlen, replylen)	\
70 	bzero((req), sizeof(struct ipmi_request));			\
71 	ipmi_init_request((req), NULL, 0, (addr), (cmd), (reqlen), (replylen))
72 
73 #define	IPMI_ALLOC_DRIVER_REQUEST(req, addr, cmd, reqlen, replylen)	\
74 	(req) = __builtin_alloca(sizeof(struct ipmi_request) +		\
75 	    (reqlen) + (replylen));					\
76 	IPMI_INIT_DRIVER_REQUEST((req), (addr), (cmd), (reqlen),	\
77 	    (replylen))
78 
79 #ifdef IPMB
80 static int ipmi_ipmb_checksum(u_char, int);
81 static int ipmi_ipmb_send_message(device_t, u_char, u_char, u_char,
82      u_char, u_char, int)
83 #endif
84 
85 static d_ioctl_t ipmi_ioctl;
86 static d_poll_t ipmi_poll;
87 static d_open_t ipmi_open;
88 static void ipmi_dtor(void *arg);
89 
90 int ipmi_attached = 0;
91 
92 static int on = 1;
93 static bool wd_in_shutdown = false;
94 static int wd_timer_actions = IPMI_SET_WD_ACTION_POWER_CYCLE;
95 static int wd_shutdown_countdown = 0; /* sec */
96 static int wd_startup_countdown = 0; /* sec */
97 static int wd_pretimeout_countdown = 120; /* sec */
98 static int cycle_wait = 10; /* sec */
99 
100 static SYSCTL_NODE(_hw, OID_AUTO, ipmi, CTLFLAG_RD | CTLFLAG_MPSAFE, 0,
101     "IPMI driver parameters");
102 SYSCTL_INT(_hw_ipmi, OID_AUTO, on, CTLFLAG_RWTUN,
103 	&on, 0, "");
104 SYSCTL_INT(_hw_ipmi, OID_AUTO, wd_timer_actions, CTLFLAG_RW,
105 	&wd_timer_actions, 0,
106 	"IPMI watchdog timer actions (including pre-timeout interrupt)");
107 SYSCTL_INT(_hw_ipmi, OID_AUTO, wd_shutdown_countdown, CTLFLAG_RW,
108 	&wd_shutdown_countdown, 0,
109 	"IPMI watchdog countdown for shutdown (seconds)");
110 SYSCTL_INT(_hw_ipmi, OID_AUTO, wd_startup_countdown, CTLFLAG_RDTUN,
111 	&wd_startup_countdown, 0,
112 	"IPMI watchdog countdown initialized during startup (seconds)");
113 SYSCTL_INT(_hw_ipmi, OID_AUTO, wd_pretimeout_countdown, CTLFLAG_RW,
114 	&wd_pretimeout_countdown, 0,
115 	"IPMI watchdog pre-timeout countdown (seconds)");
116 SYSCTL_INT(_hw_ipmi, OID_AUTO, cyle_wait, CTLFLAG_RWTUN,
117 	&cycle_wait, 0,
118 	"IPMI power cycle on reboot delay time (seconds)");
119 
120 static struct cdevsw ipmi_cdevsw = {
121 	.d_version =    D_VERSION,
122 	.d_open =	ipmi_open,
123 	.d_ioctl =	ipmi_ioctl,
124 	.d_poll =	ipmi_poll,
125 	.d_name =	"ipmi",
126 };
127 
128 static MALLOC_DEFINE(M_IPMI, "ipmi", "ipmi");
129 
130 static int
131 ipmi_open(struct cdev *cdev, int flags, int fmt, struct thread *td)
132 {
133 	struct ipmi_device *dev;
134 	struct ipmi_softc *sc;
135 	int error;
136 
137 	if (!on)
138 		return (ENOENT);
139 
140 	/* Initialize the per file descriptor data. */
141 	dev = malloc(sizeof(struct ipmi_device), M_IPMI, M_WAITOK | M_ZERO);
142 	error = devfs_set_cdevpriv(dev, ipmi_dtor);
143 	if (error) {
144 		free(dev, M_IPMI);
145 		return (error);
146 	}
147 
148 	sc = cdev->si_drv1;
149 	TAILQ_INIT(&dev->ipmi_completed_requests);
150 	dev->ipmi_address = IPMI_BMC_SLAVE_ADDR;
151 	dev->ipmi_lun = IPMI_BMC_SMS_LUN;
152 	dev->ipmi_softc = sc;
153 	IPMI_LOCK(sc);
154 	sc->ipmi_opened++;
155 	IPMI_UNLOCK(sc);
156 
157 	return (0);
158 }
159 
160 static int
161 ipmi_poll(struct cdev *cdev, int poll_events, struct thread *td)
162 {
163 	struct ipmi_device *dev;
164 	struct ipmi_softc *sc;
165 	int revents = 0;
166 
167 	if (devfs_get_cdevpriv((void **)&dev))
168 		return (0);
169 
170 	sc = cdev->si_drv1;
171 	IPMI_LOCK(sc);
172 	if (poll_events & (POLLIN | POLLRDNORM)) {
173 		if (!TAILQ_EMPTY(&dev->ipmi_completed_requests))
174 		    revents |= poll_events & (POLLIN | POLLRDNORM);
175 		if (dev->ipmi_requests == 0)
176 		    revents |= POLLERR;
177 	}
178 
179 	if (revents == 0) {
180 		if (poll_events & (POLLIN | POLLRDNORM))
181 			selrecord(td, &dev->ipmi_select);
182 	}
183 	IPMI_UNLOCK(sc);
184 
185 	return (revents);
186 }
187 
188 static void
189 ipmi_purge_completed_requests(struct ipmi_device *dev)
190 {
191 	struct ipmi_request *req;
192 
193 	while (!TAILQ_EMPTY(&dev->ipmi_completed_requests)) {
194 		req = TAILQ_FIRST(&dev->ipmi_completed_requests);
195 		TAILQ_REMOVE(&dev->ipmi_completed_requests, req, ir_link);
196 		dev->ipmi_requests--;
197 		ipmi_free_request(req);
198 	}
199 }
200 
201 static void
202 ipmi_dtor(void *arg)
203 {
204 	struct ipmi_request *req, *nreq;
205 	struct ipmi_device *dev;
206 	struct ipmi_softc *sc;
207 
208 	dev = arg;
209 	sc = dev->ipmi_softc;
210 
211 	IPMI_LOCK(sc);
212 	if (dev->ipmi_requests) {
213 		/* Throw away any pending requests for this device. */
214 		TAILQ_FOREACH_SAFE(req, &sc->ipmi_pending_requests, ir_link,
215 		    nreq) {
216 			if (req->ir_owner == dev) {
217 				TAILQ_REMOVE(&sc->ipmi_pending_requests, req,
218 				    ir_link);
219 				dev->ipmi_requests--;
220 				ipmi_free_request(req);
221 			}
222 		}
223 
224 		/* Throw away any pending completed requests for this device. */
225 		ipmi_purge_completed_requests(dev);
226 
227 		/*
228 		 * If we still have outstanding requests, they must be stuck
229 		 * in an interface driver, so wait for those to drain.
230 		 */
231 		dev->ipmi_closing = 1;
232 		while (dev->ipmi_requests > 0) {
233 			msleep(&dev->ipmi_requests, &sc->ipmi_requests_lock,
234 			    PWAIT, "ipmidrain", 0);
235 			ipmi_purge_completed_requests(dev);
236 		}
237 	}
238 	sc->ipmi_opened--;
239 	IPMI_UNLOCK(sc);
240 
241 	/* Cleanup. */
242 	free(dev, M_IPMI);
243 }
244 
245 #ifdef IPMB
246 static int
247 ipmi_ipmb_checksum(u_char *data, int len)
248 {
249 	u_char sum = 0;
250 
251 	for (; len; len--) {
252 		sum += *data++;
253 	}
254 	return (-sum);
255 }
256 
257 /* XXX: Needs work */
258 static int
259 ipmi_ipmb_send_message(device_t dev, u_char channel, u_char netfn,
260     u_char command, u_char seq, u_char *data, int data_len)
261 {
262 	struct ipmi_softc *sc = device_get_softc(dev);
263 	struct ipmi_request *req;
264 	u_char slave_addr = 0x52;
265 	int error;
266 
267 	IPMI_ALLOC_DRIVER_REQUEST(req, IPMI_ADDR(IPMI_APP_REQUEST, 0),
268 	    IPMI_SEND_MSG, data_len + 8, 0);
269 	req->ir_request[0] = channel;
270 	req->ir_request[1] = slave_addr;
271 	req->ir_request[2] = IPMI_ADDR(netfn, 0);
272 	req->ir_request[3] = ipmi_ipmb_checksum(&req->ir_request[1], 2);
273 	req->ir_request[4] = sc->ipmi_address;
274 	req->ir_request[5] = IPMI_ADDR(seq, sc->ipmi_lun);
275 	req->ir_request[6] = command;
276 
277 	bcopy(data, &req->ir_request[7], data_len);
278 	temp[data_len + 7] = ipmi_ipmb_checksum(&req->ir_request[4],
279 	    data_len + 3);
280 
281 	ipmi_submit_driver_request(sc, req);
282 	error = req->ir_error;
283 
284 	return (error);
285 }
286 
287 static int
288 ipmi_handle_attn(struct ipmi_softc *sc)
289 {
290 	struct ipmi_request *req;
291 	int error;
292 
293 	device_printf(sc->ipmi_dev, "BMC has a message\n");
294 	IPMI_ALLOC_DRIVER_REQUEST(req, IPMI_ADDR(IPMI_APP_REQUEST, 0),
295 	    IPMI_GET_MSG_FLAGS, 0, 1);
296 
297 	ipmi_submit_driver_request(sc, req);
298 
299 	if (req->ir_error == 0 && req->ir_compcode == 0) {
300 		if (req->ir_reply[0] & IPMI_MSG_BUFFER_FULL) {
301 			device_printf(sc->ipmi_dev, "message buffer full");
302 		}
303 		if (req->ir_reply[0] & IPMI_WDT_PRE_TIMEOUT) {
304 			device_printf(sc->ipmi_dev,
305 			    "watchdog about to go off");
306 		}
307 		if (req->ir_reply[0] & IPMI_MSG_AVAILABLE) {
308 			IPMI_ALLOC_DRIVER_REQUEST(req,
309 			    IPMI_ADDR(IPMI_APP_REQUEST, 0), IPMI_GET_MSG, 0,
310 			    16);
311 
312 			device_printf(sc->ipmi_dev, "throw out message ");
313 			dump_buf(temp, 16);
314 		}
315 	}
316 	error = req->ir_error;
317 
318 	return (error);
319 }
320 #endif
321 
322 static int
323 ipmi_ioctl(struct cdev *cdev, u_long cmd, caddr_t data,
324     int flags, struct thread *td)
325 {
326 	struct ipmi_softc *sc;
327 	struct ipmi_device *dev;
328 	struct ipmi_request *kreq;
329 	struct ipmi_req *req = (struct ipmi_req *)data;
330 	struct ipmi_recv *recv = (struct ipmi_recv *)data;
331 	struct ipmi_addr addr;
332 #ifdef IPMICTL_SEND_COMMAND_32
333 	struct ipmi_req32 *req32 = (struct ipmi_req32 *)data;
334 	struct ipmi_recv32 *recv32 = (struct ipmi_recv32 *)data;
335 	union {
336 		struct ipmi_req req;
337 		struct ipmi_recv recv;
338 	} thunk32;
339 #endif
340 	int error, len;
341 
342 	error = devfs_get_cdevpriv((void **)&dev);
343 	if (error)
344 		return (error);
345 
346 	sc = cdev->si_drv1;
347 
348 #ifdef IPMICTL_SEND_COMMAND_32
349 	/* Convert 32-bit structures to native. */
350 	switch (cmd) {
351 	case IPMICTL_SEND_COMMAND_32:
352 		req = &thunk32.req;
353 		req->addr = PTRIN(req32->addr);
354 		req->addr_len = req32->addr_len;
355 		req->msgid = req32->msgid;
356 		req->msg.netfn = req32->msg.netfn;
357 		req->msg.cmd = req32->msg.cmd;
358 		req->msg.data_len = req32->msg.data_len;
359 		req->msg.data = PTRIN(req32->msg.data);
360 		break;
361 	case IPMICTL_RECEIVE_MSG_TRUNC_32:
362 	case IPMICTL_RECEIVE_MSG_32:
363 		recv = &thunk32.recv;
364 		recv->addr = PTRIN(recv32->addr);
365 		recv->addr_len = recv32->addr_len;
366 		recv->msg.data_len = recv32->msg.data_len;
367 		recv->msg.data = PTRIN(recv32->msg.data);
368 		break;
369 	}
370 #endif
371 
372 	switch (cmd) {
373 #ifdef IPMICTL_SEND_COMMAND_32
374 	case IPMICTL_SEND_COMMAND_32:
375 #endif
376 	case IPMICTL_SEND_COMMAND:
377 		/*
378 		 * XXX: Need to add proper handling of this.
379 		 */
380 		error = copyin(req->addr, &addr, sizeof(addr));
381 		if (error)
382 			return (error);
383 
384 		IPMI_LOCK(sc);
385 		/* clear out old stuff in queue of stuff done */
386 		/* XXX: This seems odd. */
387 		while ((kreq = TAILQ_FIRST(&dev->ipmi_completed_requests))) {
388 			TAILQ_REMOVE(&dev->ipmi_completed_requests, kreq,
389 			    ir_link);
390 			dev->ipmi_requests--;
391 			ipmi_free_request(kreq);
392 		}
393 		IPMI_UNLOCK(sc);
394 
395 		kreq = ipmi_alloc_request(dev, req->msgid,
396 		    IPMI_ADDR(req->msg.netfn, 0), req->msg.cmd,
397 		    req->msg.data_len, IPMI_MAX_RX);
398 		error = copyin(req->msg.data, kreq->ir_request,
399 		    req->msg.data_len);
400 		if (error) {
401 			ipmi_free_request(kreq);
402 			return (error);
403 		}
404 		IPMI_LOCK(sc);
405 		dev->ipmi_requests++;
406 		error = sc->ipmi_enqueue_request(sc, kreq);
407 		IPMI_UNLOCK(sc);
408 		if (error)
409 			return (error);
410 		break;
411 #ifdef IPMICTL_SEND_COMMAND_32
412 	case IPMICTL_RECEIVE_MSG_TRUNC_32:
413 	case IPMICTL_RECEIVE_MSG_32:
414 #endif
415 	case IPMICTL_RECEIVE_MSG_TRUNC:
416 	case IPMICTL_RECEIVE_MSG:
417 		error = copyin(recv->addr, &addr, sizeof(addr));
418 		if (error)
419 			return (error);
420 
421 		IPMI_LOCK(sc);
422 		kreq = TAILQ_FIRST(&dev->ipmi_completed_requests);
423 		if (kreq == NULL) {
424 			IPMI_UNLOCK(sc);
425 			return (EAGAIN);
426 		}
427 		addr.channel = IPMI_BMC_CHANNEL;
428 		/* XXX */
429 		recv->recv_type = IPMI_RESPONSE_RECV_TYPE;
430 		recv->msgid = kreq->ir_msgid;
431 		recv->msg.netfn = IPMI_REPLY_ADDR(kreq->ir_addr) >> 2;
432 		recv->msg.cmd = kreq->ir_command;
433 		error = kreq->ir_error;
434 		if (error) {
435 			TAILQ_REMOVE(&dev->ipmi_completed_requests, kreq,
436 			    ir_link);
437 			dev->ipmi_requests--;
438 			IPMI_UNLOCK(sc);
439 			ipmi_free_request(kreq);
440 			return (error);
441 		}
442 		len = kreq->ir_replylen + 1;
443 		if (recv->msg.data_len < len &&
444 		    (cmd == IPMICTL_RECEIVE_MSG
445 #ifdef IPMICTL_RECEIVE_MSG_32
446 		     || cmd == IPMICTL_RECEIVE_MSG_32
447 #endif
448 		    )) {
449 			IPMI_UNLOCK(sc);
450 			return (EMSGSIZE);
451 		}
452 		TAILQ_REMOVE(&dev->ipmi_completed_requests, kreq, ir_link);
453 		dev->ipmi_requests--;
454 		IPMI_UNLOCK(sc);
455 		len = min(recv->msg.data_len, len);
456 		recv->msg.data_len = len;
457 		error = copyout(&addr, recv->addr,sizeof(addr));
458 		if (error == 0)
459 			error = copyout(&kreq->ir_compcode, recv->msg.data, 1);
460 		if (error == 0)
461 			error = copyout(kreq->ir_reply, recv->msg.data + 1,
462 			    len - 1);
463 		ipmi_free_request(kreq);
464 		if (error)
465 			return (error);
466 		break;
467 	case IPMICTL_SET_MY_ADDRESS_CMD:
468 		IPMI_LOCK(sc);
469 		dev->ipmi_address = *(int*)data;
470 		IPMI_UNLOCK(sc);
471 		break;
472 	case IPMICTL_GET_MY_ADDRESS_CMD:
473 		IPMI_LOCK(sc);
474 		*(int*)data = dev->ipmi_address;
475 		IPMI_UNLOCK(sc);
476 		break;
477 	case IPMICTL_SET_MY_LUN_CMD:
478 		IPMI_LOCK(sc);
479 		dev->ipmi_lun = *(int*)data & 0x3;
480 		IPMI_UNLOCK(sc);
481 		break;
482 	case IPMICTL_GET_MY_LUN_CMD:
483 		IPMI_LOCK(sc);
484 		*(int*)data = dev->ipmi_lun;
485 		IPMI_UNLOCK(sc);
486 		break;
487 	case IPMICTL_SET_GETS_EVENTS_CMD:
488 		/*
489 		device_printf(sc->ipmi_dev,
490 		    "IPMICTL_SET_GETS_EVENTS_CMD NA\n");
491 		*/
492 		break;
493 	case IPMICTL_REGISTER_FOR_CMD:
494 	case IPMICTL_UNREGISTER_FOR_CMD:
495 		return (EOPNOTSUPP);
496 	default:
497 		device_printf(sc->ipmi_dev, "Unknown IOCTL %lX\n", cmd);
498 		return (ENOIOCTL);
499 	}
500 
501 #ifdef IPMICTL_SEND_COMMAND_32
502 	/* Update changed fields in 32-bit structures. */
503 	switch (cmd) {
504 	case IPMICTL_RECEIVE_MSG_TRUNC_32:
505 	case IPMICTL_RECEIVE_MSG_32:
506 		recv32->recv_type = recv->recv_type;
507 		recv32->msgid = recv->msgid;
508 		recv32->msg.netfn = recv->msg.netfn;
509 		recv32->msg.cmd = recv->msg.cmd;
510 		recv32->msg.data_len = recv->msg.data_len;
511 		break;
512 	}
513 #endif
514 	return (0);
515 }
516 
517 /*
518  * Request management.
519  */
520 
521 static __inline void
522 ipmi_init_request(struct ipmi_request *req, struct ipmi_device *dev, long msgid,
523     uint8_t addr, uint8_t command, size_t requestlen, size_t replylen)
524 {
525 
526 	req->ir_owner = dev;
527 	req->ir_msgid = msgid;
528 	req->ir_addr = addr;
529 	req->ir_command = command;
530 	if (requestlen) {
531 		req->ir_request = (char *)&req[1];
532 		req->ir_requestlen = requestlen;
533 	}
534 	if (replylen) {
535 		req->ir_reply = (char *)&req[1] + requestlen;
536 		req->ir_replybuflen = replylen;
537 	}
538 }
539 
540 /* Allocate a new request with request and reply buffers. */
541 struct ipmi_request *
542 ipmi_alloc_request(struct ipmi_device *dev, long msgid, uint8_t addr,
543     uint8_t command, size_t requestlen, size_t replylen)
544 {
545 	struct ipmi_request *req;
546 
547 	req = malloc(sizeof(struct ipmi_request) + requestlen + replylen,
548 	    M_IPMI, M_WAITOK | M_ZERO);
549 	ipmi_init_request(req, dev, msgid, addr, command, requestlen, replylen);
550 	return (req);
551 }
552 
553 /* Free a request no longer in use. */
554 void
555 ipmi_free_request(struct ipmi_request *req)
556 {
557 
558 	free(req, M_IPMI);
559 }
560 
561 /* Store a processed request on the appropriate completion queue. */
562 void
563 ipmi_complete_request(struct ipmi_softc *sc, struct ipmi_request *req)
564 {
565 	struct ipmi_device *dev;
566 
567 	IPMI_LOCK_ASSERT(sc);
568 
569 	/*
570 	 * Anonymous requests (from inside the driver) always have a
571 	 * waiter that we awaken.
572 	 */
573 	if (req->ir_owner == NULL)
574 		wakeup(req);
575 	else {
576 		dev = req->ir_owner;
577 		TAILQ_INSERT_TAIL(&dev->ipmi_completed_requests, req, ir_link);
578 		selwakeup(&dev->ipmi_select);
579 		if (dev->ipmi_closing)
580 			wakeup(&dev->ipmi_requests);
581 	}
582 }
583 
584 /* Perform an internal driver request. */
585 int
586 ipmi_submit_driver_request(struct ipmi_softc *sc, struct ipmi_request *req,
587     int timo)
588 {
589 
590 	return (sc->ipmi_driver_request(sc, req, timo));
591 }
592 
593 /*
594  * Helper routine for polled system interfaces that use
595  * ipmi_polled_enqueue_request() to queue requests.  This request
596  * waits until there is a pending request and then returns the first
597  * request.  If the driver is shutting down, it returns NULL.
598  */
599 struct ipmi_request *
600 ipmi_dequeue_request(struct ipmi_softc *sc)
601 {
602 	struct ipmi_request *req;
603 
604 	IPMI_LOCK_ASSERT(sc);
605 
606 	while (!sc->ipmi_detaching && TAILQ_EMPTY(&sc->ipmi_pending_requests))
607 		cv_wait(&sc->ipmi_request_added, &sc->ipmi_requests_lock);
608 	if (sc->ipmi_detaching)
609 		return (NULL);
610 
611 	req = TAILQ_FIRST(&sc->ipmi_pending_requests);
612 	TAILQ_REMOVE(&sc->ipmi_pending_requests, req, ir_link);
613 	return (req);
614 }
615 
616 /* Default implementation of ipmi_enqueue_request() for polled interfaces. */
617 int
618 ipmi_polled_enqueue_request(struct ipmi_softc *sc, struct ipmi_request *req)
619 {
620 
621 	IPMI_LOCK_ASSERT(sc);
622 
623 	TAILQ_INSERT_TAIL(&sc->ipmi_pending_requests, req, ir_link);
624 	cv_signal(&sc->ipmi_request_added);
625 	return (0);
626 }
627 
628 /*
629  * Watchdog event handler.
630  */
631 
632 static int
633 ipmi_reset_watchdog(struct ipmi_softc *sc)
634 {
635 	struct ipmi_request *req;
636 	int error;
637 
638 	IPMI_ALLOC_DRIVER_REQUEST(req, IPMI_ADDR(IPMI_APP_REQUEST, 0),
639 	    IPMI_RESET_WDOG, 0, 0);
640 	error = ipmi_submit_driver_request(sc, req, 0);
641 	if (error) {
642 		device_printf(sc->ipmi_dev, "Failed to reset watchdog\n");
643 	} else if (req->ir_compcode == 0x80) {
644 		error = ENOENT;
645 	} else if (req->ir_compcode != 0) {
646 		device_printf(sc->ipmi_dev, "Watchdog reset returned 0x%x\n",
647 		    req->ir_compcode);
648 		error = EINVAL;
649 	}
650 	return (error);
651 }
652 
653 static int
654 ipmi_set_watchdog(struct ipmi_softc *sc, unsigned int sec)
655 {
656 	struct ipmi_request *req;
657 	int error;
658 
659 	if (sec > 0xffff / 10)
660 		return (EINVAL);
661 
662 	IPMI_ALLOC_DRIVER_REQUEST(req, IPMI_ADDR(IPMI_APP_REQUEST, 0),
663 	    IPMI_SET_WDOG, 6, 0);
664 	if (sec) {
665 		req->ir_request[0] = IPMI_SET_WD_TIMER_DONT_STOP
666 		    | IPMI_SET_WD_TIMER_SMS_OS;
667 		req->ir_request[1] = (wd_timer_actions & 0xff);
668 		req->ir_request[2] = (wd_pretimeout_countdown & 0xff);
669 		req->ir_request[3] = 0;	/* Timer use */
670 		req->ir_request[4] = (sec * 10) & 0xff;
671 		req->ir_request[5] = (sec * 10) >> 8;
672 	} else {
673 		req->ir_request[0] = IPMI_SET_WD_TIMER_SMS_OS;
674 		req->ir_request[1] = 0;
675 		req->ir_request[2] = 0;
676 		req->ir_request[3] = 0;	/* Timer use */
677 		req->ir_request[4] = 0;
678 		req->ir_request[5] = 0;
679 	}
680 	error = ipmi_submit_driver_request(sc, req, 0);
681 	if (error) {
682 		device_printf(sc->ipmi_dev, "Failed to set watchdog\n");
683 	} else if (req->ir_compcode != 0) {
684 		device_printf(sc->ipmi_dev, "Watchdog set returned 0x%x\n",
685 		    req->ir_compcode);
686 		error = EINVAL;
687 	}
688 	return (error);
689 }
690 
691 static void
692 ipmi_wd_event(void *arg, unsigned int cmd, int *error)
693 {
694 	struct ipmi_softc *sc = arg;
695 	unsigned int timeout;
696 	int e;
697 
698 	/* Ignore requests while disabled. */
699 	if (!on)
700 		return;
701 
702 	/*
703 	 * To prevent infinite hangs, we don't let anyone pat or change
704 	 * the watchdog when we're shutting down. (See ipmi_shutdown_event().)
705 	 * However, we do want to keep patting the watchdog while we are doing
706 	 * a coredump.
707 	 */
708 	if (wd_in_shutdown) {
709 		if (dumping && sc->ipmi_watchdog_active)
710 			ipmi_reset_watchdog(sc);
711 		return;
712 	}
713 
714 	cmd &= WD_INTERVAL;
715 	if (cmd > 0 && cmd <= 63) {
716 		timeout = ((uint64_t)1 << cmd) / 1000000000;
717 		if (timeout == 0)
718 			timeout = 1;
719 		if (timeout != sc->ipmi_watchdog_active ||
720 		    wd_timer_actions != sc->ipmi_watchdog_actions ||
721 		    wd_pretimeout_countdown != sc->ipmi_watchdog_pretimeout) {
722 			e = ipmi_set_watchdog(sc, timeout);
723 			if (e == 0) {
724 				sc->ipmi_watchdog_active = timeout;
725 				sc->ipmi_watchdog_actions = wd_timer_actions;
726 				sc->ipmi_watchdog_pretimeout = wd_pretimeout_countdown;
727 			} else {
728 				(void)ipmi_set_watchdog(sc, 0);
729 				sc->ipmi_watchdog_active = 0;
730 				sc->ipmi_watchdog_actions = 0;
731 				sc->ipmi_watchdog_pretimeout = 0;
732 			}
733 		}
734 		if (sc->ipmi_watchdog_active != 0) {
735 			e = ipmi_reset_watchdog(sc);
736 			if (e == 0) {
737 				*error = 0;
738 			} else {
739 				(void)ipmi_set_watchdog(sc, 0);
740 				sc->ipmi_watchdog_active = 0;
741 				sc->ipmi_watchdog_actions = 0;
742 				sc->ipmi_watchdog_pretimeout = 0;
743 			}
744 		}
745 	} else if (atomic_readandclear_int(&sc->ipmi_watchdog_active) != 0) {
746 		sc->ipmi_watchdog_actions = 0;
747 		sc->ipmi_watchdog_pretimeout = 0;
748 
749 		e = ipmi_set_watchdog(sc, 0);
750 		if (e != 0 && cmd == 0)
751 			*error = EOPNOTSUPP;
752 	}
753 }
754 
755 static void
756 ipmi_shutdown_event(void *arg, unsigned int cmd, int *error)
757 {
758 	struct ipmi_softc *sc = arg;
759 
760 	/* Ignore event if disabled. */
761 	if (!on)
762 		return;
763 
764 	/*
765 	 * Positive wd_shutdown_countdown value will re-arm watchdog;
766 	 * Zero value in wd_shutdown_countdown will disable watchdog;
767 	 * Negative value in wd_shutdown_countdown will keep existing state;
768 	 *
769 	 * Revert to using a power cycle to ensure that the watchdog will
770 	 * do something useful here.  Having the watchdog send an NMI
771 	 * instead is useless during shutdown, and might be ignored if an
772 	 * NMI already triggered.
773 	 */
774 
775 	wd_in_shutdown = true;
776 	if (wd_shutdown_countdown == 0) {
777 		/* disable watchdog */
778 		ipmi_set_watchdog(sc, 0);
779 		sc->ipmi_watchdog_active = 0;
780 	} else if (wd_shutdown_countdown > 0) {
781 		/* set desired action and time, and, reset watchdog */
782 		wd_timer_actions = IPMI_SET_WD_ACTION_POWER_CYCLE;
783 		ipmi_set_watchdog(sc, wd_shutdown_countdown);
784 		sc->ipmi_watchdog_active = wd_shutdown_countdown;
785 		ipmi_reset_watchdog(sc);
786 	}
787 }
788 
789 static void
790 ipmi_power_cycle(void *arg, int howto)
791 {
792 	struct ipmi_softc *sc = arg;
793 	struct ipmi_request *req;
794 
795 	/*
796 	 * Ignore everything except power cycling requests
797 	 */
798 	if ((howto & RB_POWERCYCLE) == 0)
799 		return;
800 
801 	device_printf(sc->ipmi_dev, "Power cycling using IPMI\n");
802 
803 	/*
804 	 * Send a CHASSIS_CONTROL command to the CHASSIS device, subcommand 2
805 	 * as described in IPMI v2.0 spec section 28.3.
806 	 */
807 	IPMI_ALLOC_DRIVER_REQUEST(req, IPMI_ADDR(IPMI_CHASSIS_REQUEST, 0),
808 	    IPMI_CHASSIS_CONTROL, 1, 0);
809 	req->ir_request[0] = IPMI_CC_POWER_CYCLE;
810 
811 	ipmi_submit_driver_request(sc, req, MAX_TIMEOUT);
812 
813 	if (req->ir_error != 0 || req->ir_compcode != 0) {
814 		device_printf(sc->ipmi_dev, "Power cycling via IPMI failed code %#x %#x\n",
815 		    req->ir_error, req->ir_compcode);
816 		return;
817 	}
818 
819 	/*
820 	 * BMCs are notoriously slow, give it cyle_wait seconds for the power
821 	 * down leg of the power cycle. If that fails, fallback to the next
822 	 * hanlder in the shutdown_final chain and/or the platform failsafe.
823 	 */
824 	DELAY(cycle_wait * 1000 * 1000);
825 	device_printf(sc->ipmi_dev, "Power cycling via IPMI timed out\n");
826 }
827 
828 static void
829 ipmi_startup(void *arg)
830 {
831 	struct ipmi_softc *sc = arg;
832 	struct ipmi_request *req;
833 	device_t dev;
834 	int error, i;
835 
836 	config_intrhook_disestablish(&sc->ipmi_ich);
837 	dev = sc->ipmi_dev;
838 
839 	/* Initialize interface-independent state. */
840 	mtx_init(&sc->ipmi_requests_lock, "ipmi requests", NULL, MTX_DEF);
841 	mtx_init(&sc->ipmi_io_lock, "ipmi io", NULL, MTX_DEF);
842 	cv_init(&sc->ipmi_request_added, "ipmireq");
843 	TAILQ_INIT(&sc->ipmi_pending_requests);
844 
845 	/* Initialize interface-dependent state. */
846 	error = sc->ipmi_startup(sc);
847 	if (error) {
848 		device_printf(dev, "Failed to initialize interface: %d\n",
849 		    error);
850 		return;
851 	}
852 
853 	/* Send a GET_DEVICE_ID request. */
854 	IPMI_ALLOC_DRIVER_REQUEST(req, IPMI_ADDR(IPMI_APP_REQUEST, 0),
855 	    IPMI_GET_DEVICE_ID, 0, 15);
856 
857 	error = ipmi_submit_driver_request(sc, req, MAX_TIMEOUT);
858 	if (error == EWOULDBLOCK) {
859 		device_printf(dev, "Timed out waiting for GET_DEVICE_ID\n");
860 		return;
861 	} else if (error) {
862 		device_printf(dev, "Failed GET_DEVICE_ID: %d\n", error);
863 		return;
864 	} else if (req->ir_compcode != 0) {
865 		device_printf(dev,
866 		    "Bad completion code for GET_DEVICE_ID: %d\n",
867 		    req->ir_compcode);
868 		return;
869 	} else if (req->ir_replylen < 5) {
870 		device_printf(dev, "Short reply for GET_DEVICE_ID: %d\n",
871 		    req->ir_replylen);
872 		return;
873 	}
874 
875 	device_printf(dev, "IPMI device rev. %d, firmware rev. %d.%d%d, "
876 	    "version %d.%d, device support mask %#x\n",
877 	    req->ir_reply[1] & 0x0f,
878 	    req->ir_reply[2] & 0x7f, req->ir_reply[3] >> 4, req->ir_reply[3] & 0x0f,
879 	    req->ir_reply[4] & 0x0f, req->ir_reply[4] >> 4, req->ir_reply[5]);
880 
881 	sc->ipmi_dev_support = req->ir_reply[5];
882 
883 	IPMI_INIT_DRIVER_REQUEST(req, IPMI_ADDR(IPMI_APP_REQUEST, 0),
884 	    IPMI_CLEAR_FLAGS, 1, 0);
885 
886 	ipmi_submit_driver_request(sc, req, 0);
887 
888 	/* XXX: Magic numbers */
889 	if (req->ir_compcode == 0xc0) {
890 		device_printf(dev, "Clear flags is busy\n");
891 	}
892 	if (req->ir_compcode == 0xc1) {
893 		device_printf(dev, "Clear flags illegal\n");
894 	}
895 
896 	for (i = 0; i < 8; i++) {
897 		IPMI_INIT_DRIVER_REQUEST(req, IPMI_ADDR(IPMI_APP_REQUEST, 0),
898 		    IPMI_GET_CHANNEL_INFO, 1, 0);
899 		req->ir_request[0] = i;
900 
901 		error = ipmi_submit_driver_request(sc, req, 0);
902 
903 		if (error != 0 || req->ir_compcode != 0)
904 			break;
905 	}
906 	device_printf(dev, "Number of channels %d\n", i);
907 
908 	/*
909 	 * Probe for watchdog, but only for backends which support
910 	 * polled driver requests.
911 	 */
912 	if (sc->ipmi_driver_requests_polled) {
913 		IPMI_INIT_DRIVER_REQUEST(req, IPMI_ADDR(IPMI_APP_REQUEST, 0),
914 		    IPMI_GET_WDOG, 0, 0);
915 
916 		error = ipmi_submit_driver_request(sc, req, 0);
917 
918 		if (error == 0 && req->ir_compcode == 0x00) {
919 			device_printf(dev, "Attached watchdog\n");
920 			/* register the watchdog event handler */
921 			sc->ipmi_watchdog_tag = EVENTHANDLER_REGISTER(
922 				watchdog_list, ipmi_wd_event, sc, 0);
923 			sc->ipmi_shutdown_tag = EVENTHANDLER_REGISTER(
924 				shutdown_pre_sync, ipmi_shutdown_event,
925 				sc, 0);
926 		}
927 	}
928 
929 	sc->ipmi_cdev = make_dev(&ipmi_cdevsw, device_get_unit(dev),
930 	    UID_ROOT, GID_OPERATOR, 0660, "ipmi%d", device_get_unit(dev));
931 	if (sc->ipmi_cdev == NULL) {
932 		device_printf(dev, "Failed to create cdev\n");
933 		return;
934 	}
935 	sc->ipmi_cdev->si_drv1 = sc;
936 
937 	/*
938 	 * Set initial watchdog state. If desired, set an initial
939 	 * watchdog on startup. Or, if the watchdog device is
940 	 * disabled, clear any existing watchdog.
941 	 */
942 	if (on && wd_startup_countdown > 0) {
943 		wd_timer_actions = IPMI_SET_WD_ACTION_POWER_CYCLE;
944 		if (ipmi_set_watchdog(sc, wd_startup_countdown) == 0 &&
945 		    ipmi_reset_watchdog(sc) == 0) {
946 			sc->ipmi_watchdog_active = wd_startup_countdown;
947 			sc->ipmi_watchdog_actions = wd_timer_actions;
948 			sc->ipmi_watchdog_pretimeout = wd_pretimeout_countdown;
949 		} else
950 			(void)ipmi_set_watchdog(sc, 0);
951 		ipmi_reset_watchdog(sc);
952 	} else if (!on)
953 		(void)ipmi_set_watchdog(sc, 0);
954 	/*
955 	 * Power cycle the system off using IPMI. We use last - 2 since we don't
956 	 * handle all the other kinds of reboots. We'll let others handle them.
957 	 * We only try to do this if the BMC supports the Chassis device.
958 	 */
959 	if (sc->ipmi_dev_support & IPMI_ADS_CHASSIS) {
960 		device_printf(dev, "Establishing power cycle handler\n");
961 		sc->ipmi_power_cycle_tag = EVENTHANDLER_REGISTER(shutdown_final,
962 		    ipmi_power_cycle, sc, SHUTDOWN_PRI_LAST - 2);
963 	}
964 }
965 
966 int
967 ipmi_attach(device_t dev)
968 {
969 	struct ipmi_softc *sc = device_get_softc(dev);
970 	int error;
971 
972 	if (sc->ipmi_irq_res != NULL && sc->ipmi_intr != NULL) {
973 		error = bus_setup_intr(dev, sc->ipmi_irq_res, INTR_TYPE_MISC,
974 		    NULL, sc->ipmi_intr, sc, &sc->ipmi_irq);
975 		if (error) {
976 			device_printf(dev, "can't set up interrupt\n");
977 			return (error);
978 		}
979 	}
980 
981 	bzero(&sc->ipmi_ich, sizeof(struct intr_config_hook));
982 	sc->ipmi_ich.ich_func = ipmi_startup;
983 	sc->ipmi_ich.ich_arg = sc;
984 	if (config_intrhook_establish(&sc->ipmi_ich) != 0) {
985 		device_printf(dev, "can't establish configuration hook\n");
986 		return (ENOMEM);
987 	}
988 
989 	ipmi_attached = 1;
990 	return (0);
991 }
992 
993 int
994 ipmi_detach(device_t dev)
995 {
996 	struct ipmi_softc *sc;
997 
998 	sc = device_get_softc(dev);
999 
1000 	/* Fail if there are any open handles. */
1001 	IPMI_LOCK(sc);
1002 	if (sc->ipmi_opened) {
1003 		IPMI_UNLOCK(sc);
1004 		return (EBUSY);
1005 	}
1006 	IPMI_UNLOCK(sc);
1007 	if (sc->ipmi_cdev)
1008 		destroy_dev(sc->ipmi_cdev);
1009 
1010 	/* Detach from watchdog handling and turn off watchdog. */
1011 	if (sc->ipmi_shutdown_tag)
1012 		EVENTHANDLER_DEREGISTER(shutdown_pre_sync,
1013 		sc->ipmi_shutdown_tag);
1014 	if (sc->ipmi_watchdog_tag) {
1015 		EVENTHANDLER_DEREGISTER(watchdog_list, sc->ipmi_watchdog_tag);
1016 		ipmi_set_watchdog(sc, 0);
1017 	}
1018 
1019 	/* Detach from shutdown handling for power cycle reboot */
1020 	if (sc->ipmi_power_cycle_tag)
1021 		EVENTHANDLER_DEREGISTER(shutdown_final, sc->ipmi_power_cycle_tag);
1022 
1023 	/* XXX: should use shutdown callout I think. */
1024 	/* If the backend uses a kthread, shut it down. */
1025 	IPMI_LOCK(sc);
1026 	sc->ipmi_detaching = 1;
1027 	if (sc->ipmi_kthread) {
1028 		cv_broadcast(&sc->ipmi_request_added);
1029 		msleep(sc->ipmi_kthread, &sc->ipmi_requests_lock, 0,
1030 		    "ipmi_wait", 0);
1031 	}
1032 	IPMI_UNLOCK(sc);
1033 	if (sc->ipmi_irq)
1034 		bus_teardown_intr(dev, sc->ipmi_irq_res, sc->ipmi_irq);
1035 
1036 	ipmi_release_resources(dev);
1037 	mtx_destroy(&sc->ipmi_io_lock);
1038 	mtx_destroy(&sc->ipmi_requests_lock);
1039 	return (0);
1040 }
1041 
1042 void
1043 ipmi_release_resources(device_t dev)
1044 {
1045 	struct ipmi_softc *sc;
1046 	int i;
1047 
1048 	sc = device_get_softc(dev);
1049 	if (sc->ipmi_irq)
1050 		bus_teardown_intr(dev, sc->ipmi_irq_res, sc->ipmi_irq);
1051 	if (sc->ipmi_irq_res)
1052 		bus_release_resource(dev, SYS_RES_IRQ, sc->ipmi_irq_rid,
1053 		    sc->ipmi_irq_res);
1054 	for (i = 0; i < MAX_RES; i++)
1055 		if (sc->ipmi_io_res[i])
1056 			bus_release_resource(dev, sc->ipmi_io_type,
1057 			    sc->ipmi_io_rid + i, sc->ipmi_io_res[i]);
1058 }
1059 
1060 devclass_t ipmi_devclass;
1061 
1062 /* XXX: Why? */
1063 static void
1064 ipmi_unload(void *arg)
1065 {
1066 	device_t *	devs;
1067 	int		count;
1068 	int		i;
1069 
1070 	if (ipmi_devclass == NULL)
1071 		return;
1072 	if (devclass_get_devices(ipmi_devclass, &devs, &count) != 0)
1073 		return;
1074 	for (i = 0; i < count; i++)
1075 		device_delete_child(device_get_parent(devs[i]), devs[i]);
1076 	free(devs, M_TEMP);
1077 }
1078 SYSUNINIT(ipmi_unload, SI_SUB_DRIVERS, SI_ORDER_FIRST, ipmi_unload, NULL);
1079 
1080 #ifdef IMPI_DEBUG
1081 static void
1082 dump_buf(u_char *data, int len)
1083 {
1084 	char buf[20];
1085 	char line[1024];
1086 	char temp[30];
1087 	int count = 0;
1088 	int i=0;
1089 
1090 	printf("Address %p len %d\n", data, len);
1091 	if (len > 256)
1092 		len = 256;
1093 	line[0] = '\000';
1094 	for (; len > 0; len--, data++) {
1095 		sprintf(temp, "%02x ", *data);
1096 		strcat(line, temp);
1097 		if (*data >= ' ' && *data <= '~')
1098 			buf[count] = *data;
1099 		else if (*data >= 'A' && *data <= 'Z')
1100 			buf[count] = *data;
1101 		else
1102 			buf[count] = '.';
1103 		if (++count == 16) {
1104 			buf[count] = '\000';
1105 			count = 0;
1106 			printf("  %3x  %s %s\n", i, line, buf);
1107 			i+=16;
1108 			line[0] = '\000';
1109 		}
1110 	}
1111 	buf[count] = '\000';
1112 
1113 	for (; count != 16; count++) {
1114 		strcat(line, "   ");
1115 	}
1116 	printf("  %3x  %s %s\n", i, line, buf);
1117 }
1118 #endif
1119