xref: /freebsd/sys/dev/ipmi/ipmi.c (revision 3fc36ee018bb836bd1796067cf4ef8683f166ebc)
1 /*-
2  * Copyright (c) 2006 IronPort Systems Inc. <ambrisko@ironport.com>
3  * All rights reserved.
4  *
5  * Redistribution and use in source and binary forms, with or without
6  * modification, are permitted provided that the following conditions
7  * are met:
8  * 1. Redistributions of source code must retain the above copyright
9  *    notice, this list of conditions and the following disclaimer.
10  * 2. Redistributions in binary form must reproduce the above copyright
11  *    notice, this list of conditions and the following disclaimer in the
12  *    documentation and/or other materials provided with the distribution.
13  *
14  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
15  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
16  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
17  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
18  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
19  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
20  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
21  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
22  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
23  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
24  * SUCH DAMAGE.
25  */
26 
27 #include <sys/cdefs.h>
28 __FBSDID("$FreeBSD$");
29 
30 #include <sys/param.h>
31 #include <sys/systm.h>
32 #include <sys/bus.h>
33 #include <sys/condvar.h>
34 #include <sys/conf.h>
35 #include <sys/kernel.h>
36 #include <sys/malloc.h>
37 #include <sys/module.h>
38 #include <sys/poll.h>
39 #include <sys/rman.h>
40 #include <sys/selinfo.h>
41 #include <sys/sysctl.h>
42 #include <sys/watchdog.h>
43 
44 #ifdef LOCAL_MODULE
45 #include <ipmi.h>
46 #include <ipmivars.h>
47 #else
48 #include <sys/ipmi.h>
49 #include <dev/ipmi/ipmivars.h>
50 #endif
51 
52 /*
53  * Driver request structures are allocated on the stack via alloca() to
54  * avoid calling malloc(), especially for the watchdog handler.
55  * To avoid too much stack growth, a previously allocated structure can
56  * be reused via IPMI_INIT_DRIVER_REQUEST(), but the caller should ensure
57  * that there is adequate reply/request space in the original allocation.
58  */
59 #define	IPMI_INIT_DRIVER_REQUEST(req, addr, cmd, reqlen, replylen)	\
60 	bzero((req), sizeof(struct ipmi_request));			\
61 	ipmi_init_request((req), NULL, 0, (addr), (cmd), (reqlen), (replylen))
62 
63 #define	IPMI_ALLOC_DRIVER_REQUEST(req, addr, cmd, reqlen, replylen)	\
64 	(req) = __builtin_alloca(sizeof(struct ipmi_request) +		\
65 	    (reqlen) + (replylen));					\
66 	IPMI_INIT_DRIVER_REQUEST((req), (addr), (cmd), (reqlen),	\
67 	    (replylen))
68 
69 #ifdef IPMB
70 static int ipmi_ipmb_checksum(u_char, int);
71 static int ipmi_ipmb_send_message(device_t, u_char, u_char, u_char,
72      u_char, u_char, int)
73 #endif
74 
75 static d_ioctl_t ipmi_ioctl;
76 static d_poll_t ipmi_poll;
77 static d_open_t ipmi_open;
78 static void ipmi_dtor(void *arg);
79 
80 int ipmi_attached = 0;
81 
82 static int on = 1;
83 static SYSCTL_NODE(_hw, OID_AUTO, ipmi, CTLFLAG_RD, 0,
84     "IPMI driver parameters");
85 SYSCTL_INT(_hw_ipmi, OID_AUTO, on, CTLFLAG_RW,
86 	&on, 0, "");
87 
88 static struct cdevsw ipmi_cdevsw = {
89 	.d_version =    D_VERSION,
90 	.d_open =	ipmi_open,
91 	.d_ioctl =	ipmi_ioctl,
92 	.d_poll =	ipmi_poll,
93 	.d_name =	"ipmi",
94 };
95 
96 static MALLOC_DEFINE(M_IPMI, "ipmi", "ipmi");
97 
98 static int
99 ipmi_open(struct cdev *cdev, int flags, int fmt, struct thread *td)
100 {
101 	struct ipmi_device *dev;
102 	struct ipmi_softc *sc;
103 	int error;
104 
105 	if (!on)
106 		return (ENOENT);
107 
108 	/* Initialize the per file descriptor data. */
109 	dev = malloc(sizeof(struct ipmi_device), M_IPMI, M_WAITOK | M_ZERO);
110 	error = devfs_set_cdevpriv(dev, ipmi_dtor);
111 	if (error) {
112 		free(dev, M_IPMI);
113 		return (error);
114 	}
115 
116 	sc = cdev->si_drv1;
117 	TAILQ_INIT(&dev->ipmi_completed_requests);
118 	dev->ipmi_address = IPMI_BMC_SLAVE_ADDR;
119 	dev->ipmi_lun = IPMI_BMC_SMS_LUN;
120 	dev->ipmi_softc = sc;
121 	IPMI_LOCK(sc);
122 	sc->ipmi_opened++;
123 	IPMI_UNLOCK(sc);
124 
125 	return (0);
126 }
127 
128 static int
129 ipmi_poll(struct cdev *cdev, int poll_events, struct thread *td)
130 {
131 	struct ipmi_device *dev;
132 	struct ipmi_softc *sc;
133 	int revents = 0;
134 
135 	if (devfs_get_cdevpriv((void **)&dev))
136 		return (0);
137 
138 	sc = cdev->si_drv1;
139 	IPMI_LOCK(sc);
140 	if (poll_events & (POLLIN | POLLRDNORM)) {
141 		if (!TAILQ_EMPTY(&dev->ipmi_completed_requests))
142 		    revents |= poll_events & (POLLIN | POLLRDNORM);
143 		if (dev->ipmi_requests == 0)
144 		    revents |= POLLERR;
145 	}
146 
147 	if (revents == 0) {
148 		if (poll_events & (POLLIN | POLLRDNORM))
149 			selrecord(td, &dev->ipmi_select);
150 	}
151 	IPMI_UNLOCK(sc);
152 
153 	return (revents);
154 }
155 
156 static void
157 ipmi_purge_completed_requests(struct ipmi_device *dev)
158 {
159 	struct ipmi_request *req;
160 
161 	while (!TAILQ_EMPTY(&dev->ipmi_completed_requests)) {
162 		req = TAILQ_FIRST(&dev->ipmi_completed_requests);
163 		TAILQ_REMOVE(&dev->ipmi_completed_requests, req, ir_link);
164 		dev->ipmi_requests--;
165 		ipmi_free_request(req);
166 	}
167 }
168 
169 static void
170 ipmi_dtor(void *arg)
171 {
172 	struct ipmi_request *req, *nreq;
173 	struct ipmi_device *dev;
174 	struct ipmi_softc *sc;
175 
176 	dev = arg;
177 	sc = dev->ipmi_softc;
178 
179 	IPMI_LOCK(sc);
180 	if (dev->ipmi_requests) {
181 		/* Throw away any pending requests for this device. */
182 		TAILQ_FOREACH_SAFE(req, &sc->ipmi_pending_requests, ir_link,
183 		    nreq) {
184 			if (req->ir_owner == dev) {
185 				TAILQ_REMOVE(&sc->ipmi_pending_requests, req,
186 				    ir_link);
187 				dev->ipmi_requests--;
188 				ipmi_free_request(req);
189 			}
190 		}
191 
192 		/* Throw away any pending completed requests for this device. */
193 		ipmi_purge_completed_requests(dev);
194 
195 		/*
196 		 * If we still have outstanding requests, they must be stuck
197 		 * in an interface driver, so wait for those to drain.
198 		 */
199 		dev->ipmi_closing = 1;
200 		while (dev->ipmi_requests > 0) {
201 			msleep(&dev->ipmi_requests, &sc->ipmi_requests_lock,
202 			    PWAIT, "ipmidrain", 0);
203 			ipmi_purge_completed_requests(dev);
204 		}
205 	}
206 	sc->ipmi_opened--;
207 	IPMI_UNLOCK(sc);
208 
209 	/* Cleanup. */
210 	free(dev, M_IPMI);
211 }
212 
213 #ifdef IPMB
214 static int
215 ipmi_ipmb_checksum(u_char *data, int len)
216 {
217 	u_char sum = 0;
218 
219 	for (; len; len--) {
220 		sum += *data++;
221 	}
222 	return (-sum);
223 }
224 
225 /* XXX: Needs work */
226 static int
227 ipmi_ipmb_send_message(device_t dev, u_char channel, u_char netfn,
228     u_char command, u_char seq, u_char *data, int data_len)
229 {
230 	struct ipmi_softc *sc = device_get_softc(dev);
231 	struct ipmi_request *req;
232 	u_char slave_addr = 0x52;
233 	int error;
234 
235 	IPMI_ALLOC_DRIVER_REQUEST(req, IPMI_ADDR(IPMI_APP_REQUEST, 0),
236 	    IPMI_SEND_MSG, data_len + 8, 0);
237 	req->ir_request[0] = channel;
238 	req->ir_request[1] = slave_addr;
239 	req->ir_request[2] = IPMI_ADDR(netfn, 0);
240 	req->ir_request[3] = ipmi_ipmb_checksum(&req->ir_request[1], 2);
241 	req->ir_request[4] = sc->ipmi_address;
242 	req->ir_request[5] = IPMI_ADDR(seq, sc->ipmi_lun);
243 	req->ir_request[6] = command;
244 
245 	bcopy(data, &req->ir_request[7], data_len);
246 	temp[data_len + 7] = ipmi_ipmb_checksum(&req->ir_request[4],
247 	    data_len + 3);
248 
249 	ipmi_submit_driver_request(sc, req);
250 	error = req->ir_error;
251 
252 	return (error);
253 }
254 
255 static int
256 ipmi_handle_attn(struct ipmi_softc *sc)
257 {
258 	struct ipmi_request *req;
259 	int error;
260 
261 	device_printf(sc->ipmi_dev, "BMC has a message\n");
262 	IPMI_ALLOC_DRIVER_REQUEST(req, IPMI_ADDR(IPMI_APP_REQUEST, 0),
263 	    IPMI_GET_MSG_FLAGS, 0, 1);
264 
265 	ipmi_submit_driver_request(sc, req);
266 
267 	if (req->ir_error == 0 && req->ir_compcode == 0) {
268 		if (req->ir_reply[0] & IPMI_MSG_BUFFER_FULL) {
269 			device_printf(sc->ipmi_dev, "message buffer full");
270 		}
271 		if (req->ir_reply[0] & IPMI_WDT_PRE_TIMEOUT) {
272 			device_printf(sc->ipmi_dev,
273 			    "watchdog about to go off");
274 		}
275 		if (req->ir_reply[0] & IPMI_MSG_AVAILABLE) {
276 			IPMI_ALLOC_DRIVER_REQUEST(req,
277 			    IPMI_ADDR(IPMI_APP_REQUEST, 0), IPMI_GET_MSG, 0,
278 			    16);
279 
280 			device_printf(sc->ipmi_dev, "throw out message ");
281 			dump_buf(temp, 16);
282 		}
283 	}
284 	error = req->ir_error;
285 
286 	return (error);
287 }
288 #endif
289 
290 #ifdef IPMICTL_SEND_COMMAND_32
291 #define	PTRIN(p)	((void *)(uintptr_t)(p))
292 #define	PTROUT(p)	((uintptr_t)(p))
293 #endif
294 
295 static int
296 ipmi_ioctl(struct cdev *cdev, u_long cmd, caddr_t data,
297     int flags, struct thread *td)
298 {
299 	struct ipmi_softc *sc;
300 	struct ipmi_device *dev;
301 	struct ipmi_request *kreq;
302 	struct ipmi_req *req = (struct ipmi_req *)data;
303 	struct ipmi_recv *recv = (struct ipmi_recv *)data;
304 	struct ipmi_addr addr;
305 #ifdef IPMICTL_SEND_COMMAND_32
306 	struct ipmi_req32 *req32 = (struct ipmi_req32 *)data;
307 	struct ipmi_recv32 *recv32 = (struct ipmi_recv32 *)data;
308 	union {
309 		struct ipmi_req req;
310 		struct ipmi_recv recv;
311 	} thunk32;
312 #endif
313 	int error, len;
314 
315 	error = devfs_get_cdevpriv((void **)&dev);
316 	if (error)
317 		return (error);
318 
319 	sc = cdev->si_drv1;
320 
321 #ifdef IPMICTL_SEND_COMMAND_32
322 	/* Convert 32-bit structures to native. */
323 	switch (cmd) {
324 	case IPMICTL_SEND_COMMAND_32:
325 		req = &thunk32.req;
326 		req->addr = PTRIN(req32->addr);
327 		req->addr_len = req32->addr_len;
328 		req->msgid = req32->msgid;
329 		req->msg.netfn = req32->msg.netfn;
330 		req->msg.cmd = req32->msg.cmd;
331 		req->msg.data_len = req32->msg.data_len;
332 		req->msg.data = PTRIN(req32->msg.data);
333 		break;
334 	case IPMICTL_RECEIVE_MSG_TRUNC_32:
335 	case IPMICTL_RECEIVE_MSG_32:
336 		recv = &thunk32.recv;
337 		recv->addr = PTRIN(recv32->addr);
338 		recv->addr_len = recv32->addr_len;
339 		recv->msg.data_len = recv32->msg.data_len;
340 		recv->msg.data = PTRIN(recv32->msg.data);
341 		break;
342 	}
343 #endif
344 
345 	switch (cmd) {
346 #ifdef IPMICTL_SEND_COMMAND_32
347 	case IPMICTL_SEND_COMMAND_32:
348 #endif
349 	case IPMICTL_SEND_COMMAND:
350 		/*
351 		 * XXX: Need to add proper handling of this.
352 		 */
353 		error = copyin(req->addr, &addr, sizeof(addr));
354 		if (error)
355 			return (error);
356 
357 		IPMI_LOCK(sc);
358 		/* clear out old stuff in queue of stuff done */
359 		/* XXX: This seems odd. */
360 		while ((kreq = TAILQ_FIRST(&dev->ipmi_completed_requests))) {
361 			TAILQ_REMOVE(&dev->ipmi_completed_requests, kreq,
362 			    ir_link);
363 			dev->ipmi_requests--;
364 			ipmi_free_request(kreq);
365 		}
366 		IPMI_UNLOCK(sc);
367 
368 		kreq = ipmi_alloc_request(dev, req->msgid,
369 		    IPMI_ADDR(req->msg.netfn, 0), req->msg.cmd,
370 		    req->msg.data_len, IPMI_MAX_RX);
371 		error = copyin(req->msg.data, kreq->ir_request,
372 		    req->msg.data_len);
373 		if (error) {
374 			ipmi_free_request(kreq);
375 			return (error);
376 		}
377 		IPMI_LOCK(sc);
378 		dev->ipmi_requests++;
379 		error = sc->ipmi_enqueue_request(sc, kreq);
380 		IPMI_UNLOCK(sc);
381 		if (error)
382 			return (error);
383 		break;
384 #ifdef IPMICTL_SEND_COMMAND_32
385 	case IPMICTL_RECEIVE_MSG_TRUNC_32:
386 	case IPMICTL_RECEIVE_MSG_32:
387 #endif
388 	case IPMICTL_RECEIVE_MSG_TRUNC:
389 	case IPMICTL_RECEIVE_MSG:
390 		error = copyin(recv->addr, &addr, sizeof(addr));
391 		if (error)
392 			return (error);
393 
394 		IPMI_LOCK(sc);
395 		kreq = TAILQ_FIRST(&dev->ipmi_completed_requests);
396 		if (kreq == NULL) {
397 			IPMI_UNLOCK(sc);
398 			return (EAGAIN);
399 		}
400 		addr.channel = IPMI_BMC_CHANNEL;
401 		/* XXX */
402 		recv->recv_type = IPMI_RESPONSE_RECV_TYPE;
403 		recv->msgid = kreq->ir_msgid;
404 		recv->msg.netfn = IPMI_REPLY_ADDR(kreq->ir_addr) >> 2;
405 		recv->msg.cmd = kreq->ir_command;
406 		error = kreq->ir_error;
407 		if (error) {
408 			TAILQ_REMOVE(&dev->ipmi_completed_requests, kreq,
409 			    ir_link);
410 			dev->ipmi_requests--;
411 			IPMI_UNLOCK(sc);
412 			ipmi_free_request(kreq);
413 			return (error);
414 		}
415 		len = kreq->ir_replylen + 1;
416 		if (recv->msg.data_len < len &&
417 		    (cmd == IPMICTL_RECEIVE_MSG
418 #ifdef IPMICTL_RECEIVE_MSG_32
419 		     || cmd == IPMICTL_RECEIVE_MSG_32
420 #endif
421 		    )) {
422 			IPMI_UNLOCK(sc);
423 			return (EMSGSIZE);
424 		}
425 		TAILQ_REMOVE(&dev->ipmi_completed_requests, kreq, ir_link);
426 		dev->ipmi_requests--;
427 		IPMI_UNLOCK(sc);
428 		len = min(recv->msg.data_len, len);
429 		recv->msg.data_len = len;
430 		error = copyout(&addr, recv->addr,sizeof(addr));
431 		if (error == 0)
432 			error = copyout(&kreq->ir_compcode, recv->msg.data, 1);
433 		if (error == 0)
434 			error = copyout(kreq->ir_reply, recv->msg.data + 1,
435 			    len - 1);
436 		ipmi_free_request(kreq);
437 		if (error)
438 			return (error);
439 		break;
440 	case IPMICTL_SET_MY_ADDRESS_CMD:
441 		IPMI_LOCK(sc);
442 		dev->ipmi_address = *(int*)data;
443 		IPMI_UNLOCK(sc);
444 		break;
445 	case IPMICTL_GET_MY_ADDRESS_CMD:
446 		IPMI_LOCK(sc);
447 		*(int*)data = dev->ipmi_address;
448 		IPMI_UNLOCK(sc);
449 		break;
450 	case IPMICTL_SET_MY_LUN_CMD:
451 		IPMI_LOCK(sc);
452 		dev->ipmi_lun = *(int*)data & 0x3;
453 		IPMI_UNLOCK(sc);
454 		break;
455 	case IPMICTL_GET_MY_LUN_CMD:
456 		IPMI_LOCK(sc);
457 		*(int*)data = dev->ipmi_lun;
458 		IPMI_UNLOCK(sc);
459 		break;
460 	case IPMICTL_SET_GETS_EVENTS_CMD:
461 		/*
462 		device_printf(sc->ipmi_dev,
463 		    "IPMICTL_SET_GETS_EVENTS_CMD NA\n");
464 		*/
465 		break;
466 	case IPMICTL_REGISTER_FOR_CMD:
467 	case IPMICTL_UNREGISTER_FOR_CMD:
468 		return (EOPNOTSUPP);
469 	default:
470 		device_printf(sc->ipmi_dev, "Unknown IOCTL %lX\n", cmd);
471 		return (ENOIOCTL);
472 	}
473 
474 #ifdef IPMICTL_SEND_COMMAND_32
475 	/* Update changed fields in 32-bit structures. */
476 	switch (cmd) {
477 	case IPMICTL_RECEIVE_MSG_TRUNC_32:
478 	case IPMICTL_RECEIVE_MSG_32:
479 		recv32->recv_type = recv->recv_type;
480 		recv32->msgid = recv->msgid;
481 		recv32->msg.netfn = recv->msg.netfn;
482 		recv32->msg.cmd = recv->msg.cmd;
483 		recv32->msg.data_len = recv->msg.data_len;
484 		break;
485 	}
486 #endif
487 	return (0);
488 }
489 
490 /*
491  * Request management.
492  */
493 
494 static __inline void
495 ipmi_init_request(struct ipmi_request *req, struct ipmi_device *dev, long msgid,
496     uint8_t addr, uint8_t command, size_t requestlen, size_t replylen)
497 {
498 
499 	req->ir_owner = dev;
500 	req->ir_msgid = msgid;
501 	req->ir_addr = addr;
502 	req->ir_command = command;
503 	if (requestlen) {
504 		req->ir_request = (char *)&req[1];
505 		req->ir_requestlen = requestlen;
506 	}
507 	if (replylen) {
508 		req->ir_reply = (char *)&req[1] + requestlen;
509 		req->ir_replybuflen = replylen;
510 	}
511 }
512 
513 /* Allocate a new request with request and reply buffers. */
514 struct ipmi_request *
515 ipmi_alloc_request(struct ipmi_device *dev, long msgid, uint8_t addr,
516     uint8_t command, size_t requestlen, size_t replylen)
517 {
518 	struct ipmi_request *req;
519 
520 	req = malloc(sizeof(struct ipmi_request) + requestlen + replylen,
521 	    M_IPMI, M_WAITOK | M_ZERO);
522 	ipmi_init_request(req, dev, msgid, addr, command, requestlen, replylen);
523 	return (req);
524 }
525 
526 /* Free a request no longer in use. */
527 void
528 ipmi_free_request(struct ipmi_request *req)
529 {
530 
531 	free(req, M_IPMI);
532 }
533 
534 /* Store a processed request on the appropriate completion queue. */
535 void
536 ipmi_complete_request(struct ipmi_softc *sc, struct ipmi_request *req)
537 {
538 	struct ipmi_device *dev;
539 
540 	IPMI_LOCK_ASSERT(sc);
541 
542 	/*
543 	 * Anonymous requests (from inside the driver) always have a
544 	 * waiter that we awaken.
545 	 */
546 	if (req->ir_owner == NULL)
547 		wakeup(req);
548 	else {
549 		dev = req->ir_owner;
550 		TAILQ_INSERT_TAIL(&dev->ipmi_completed_requests, req, ir_link);
551 		selwakeup(&dev->ipmi_select);
552 		if (dev->ipmi_closing)
553 			wakeup(&dev->ipmi_requests);
554 	}
555 }
556 
557 /* Perform an internal driver request. */
558 int
559 ipmi_submit_driver_request(struct ipmi_softc *sc, struct ipmi_request *req,
560     int timo)
561 {
562 
563 	return (sc->ipmi_driver_request(sc, req, timo));
564 }
565 
566 /*
567  * Helper routine for polled system interfaces that use
568  * ipmi_polled_enqueue_request() to queue requests.  This request
569  * waits until there is a pending request and then returns the first
570  * request.  If the driver is shutting down, it returns NULL.
571  */
572 struct ipmi_request *
573 ipmi_dequeue_request(struct ipmi_softc *sc)
574 {
575 	struct ipmi_request *req;
576 
577 	IPMI_LOCK_ASSERT(sc);
578 
579 	while (!sc->ipmi_detaching && TAILQ_EMPTY(&sc->ipmi_pending_requests))
580 		cv_wait(&sc->ipmi_request_added, &sc->ipmi_requests_lock);
581 	if (sc->ipmi_detaching)
582 		return (NULL);
583 
584 	req = TAILQ_FIRST(&sc->ipmi_pending_requests);
585 	TAILQ_REMOVE(&sc->ipmi_pending_requests, req, ir_link);
586 	return (req);
587 }
588 
589 /* Default implementation of ipmi_enqueue_request() for polled interfaces. */
590 int
591 ipmi_polled_enqueue_request(struct ipmi_softc *sc, struct ipmi_request *req)
592 {
593 
594 	IPMI_LOCK_ASSERT(sc);
595 
596 	TAILQ_INSERT_TAIL(&sc->ipmi_pending_requests, req, ir_link);
597 	cv_signal(&sc->ipmi_request_added);
598 	return (0);
599 }
600 
601 /*
602  * Watchdog event handler.
603  */
604 
605 static int
606 ipmi_reset_watchdog(struct ipmi_softc *sc)
607 {
608 	struct ipmi_request *req;
609 	int error;
610 
611 	IPMI_ALLOC_DRIVER_REQUEST(req, IPMI_ADDR(IPMI_APP_REQUEST, 0),
612 	    IPMI_RESET_WDOG, 0, 0);
613 	error = ipmi_submit_driver_request(sc, req, 0);
614 	if (error)
615 		device_printf(sc->ipmi_dev, "Failed to reset watchdog\n");
616 	return (error);
617 }
618 
619 static int
620 ipmi_set_watchdog(struct ipmi_softc *sc, unsigned int sec)
621 {
622 	struct ipmi_request *req;
623 	int error;
624 
625 	if (sec > 0xffff / 10)
626 		return (EINVAL);
627 
628 	IPMI_ALLOC_DRIVER_REQUEST(req, IPMI_ADDR(IPMI_APP_REQUEST, 0),
629 	    IPMI_SET_WDOG, 6, 0);
630 	if (sec) {
631 		req->ir_request[0] = IPMI_SET_WD_TIMER_DONT_STOP
632 		    | IPMI_SET_WD_TIMER_SMS_OS;
633 		req->ir_request[1] = IPMI_SET_WD_ACTION_RESET;
634 		req->ir_request[2] = 0;
635 		req->ir_request[3] = 0;	/* Timer use */
636 		req->ir_request[4] = (sec * 10) & 0xff;
637 		req->ir_request[5] = (sec * 10) >> 8;
638 	} else {
639 		req->ir_request[0] = IPMI_SET_WD_TIMER_SMS_OS;
640 		req->ir_request[1] = 0;
641 		req->ir_request[2] = 0;
642 		req->ir_request[3] = 0;	/* Timer use */
643 		req->ir_request[4] = 0;
644 		req->ir_request[5] = 0;
645 	}
646 	error = ipmi_submit_driver_request(sc, req, 0);
647 	if (error)
648 		device_printf(sc->ipmi_dev, "Failed to set watchdog\n");
649 	return (error);
650 }
651 
652 static void
653 ipmi_wd_event(void *arg, unsigned int cmd, int *error)
654 {
655 	struct ipmi_softc *sc = arg;
656 	unsigned int timeout;
657 	int e;
658 
659 	if (dumping)
660 		return;
661 
662 	cmd &= WD_INTERVAL;
663 	if (cmd > 0 && cmd <= 63) {
664 		timeout = ((uint64_t)1 << cmd) / 1000000000;
665 		if (timeout == 0)
666 			timeout = 1;
667 		if (timeout != sc->ipmi_watchdog_active) {
668 			e = ipmi_set_watchdog(sc, timeout);
669 			if (e == 0) {
670 				sc->ipmi_watchdog_active = timeout;
671 			} else {
672 				(void)ipmi_set_watchdog(sc, 0);
673 				sc->ipmi_watchdog_active = 0;
674 			}
675 		}
676 		if (sc->ipmi_watchdog_active != 0) {
677 			e = ipmi_reset_watchdog(sc);
678 			if (e == 0) {
679 				*error = 0;
680 			} else {
681 				(void)ipmi_set_watchdog(sc, 0);
682 				sc->ipmi_watchdog_active = 0;
683 			}
684 		}
685 	} else if (atomic_readandclear_int(&sc->ipmi_watchdog_active) != 0) {
686 		e = ipmi_set_watchdog(sc, 0);
687 		if (e != 0 && cmd == 0)
688 			*error = EOPNOTSUPP;
689 	}
690 }
691 
692 static void
693 ipmi_startup(void *arg)
694 {
695 	struct ipmi_softc *sc = arg;
696 	struct ipmi_request *req;
697 	device_t dev;
698 	int error, i;
699 
700 	config_intrhook_disestablish(&sc->ipmi_ich);
701 	dev = sc->ipmi_dev;
702 
703 	/* Initialize interface-independent state. */
704 	mtx_init(&sc->ipmi_requests_lock, "ipmi requests", NULL, MTX_DEF);
705 	mtx_init(&sc->ipmi_io_lock, "ipmi io", NULL, MTX_DEF);
706 	cv_init(&sc->ipmi_request_added, "ipmireq");
707 	TAILQ_INIT(&sc->ipmi_pending_requests);
708 
709 	/* Initialize interface-dependent state. */
710 	error = sc->ipmi_startup(sc);
711 	if (error) {
712 		device_printf(dev, "Failed to initialize interface: %d\n",
713 		    error);
714 		return;
715 	}
716 
717 	/* Send a GET_DEVICE_ID request. */
718 	IPMI_ALLOC_DRIVER_REQUEST(req, IPMI_ADDR(IPMI_APP_REQUEST, 0),
719 	    IPMI_GET_DEVICE_ID, 0, 15);
720 
721 	error = ipmi_submit_driver_request(sc, req, MAX_TIMEOUT);
722 	if (error == EWOULDBLOCK) {
723 		device_printf(dev, "Timed out waiting for GET_DEVICE_ID\n");
724 		return;
725 	} else if (error) {
726 		device_printf(dev, "Failed GET_DEVICE_ID: %d\n", error);
727 		return;
728 	} else if (req->ir_compcode != 0) {
729 		device_printf(dev,
730 		    "Bad completion code for GET_DEVICE_ID: %d\n",
731 		    req->ir_compcode);
732 		return;
733 	} else if (req->ir_replylen < 5) {
734 		device_printf(dev, "Short reply for GET_DEVICE_ID: %d\n",
735 		    req->ir_replylen);
736 		return;
737 	}
738 
739 	device_printf(dev, "IPMI device rev. %d, firmware rev. %d.%d%d, "
740 	    "version %d.%d\n",
741 	     req->ir_reply[1] & 0x0f,
742 	     req->ir_reply[2] & 0x7f, req->ir_reply[3] >> 4, req->ir_reply[3] & 0x0f,
743 	     req->ir_reply[4] & 0x0f, req->ir_reply[4] >> 4);
744 
745 	IPMI_INIT_DRIVER_REQUEST(req, IPMI_ADDR(IPMI_APP_REQUEST, 0),
746 	    IPMI_CLEAR_FLAGS, 1, 0);
747 
748 	ipmi_submit_driver_request(sc, req, 0);
749 
750 	/* XXX: Magic numbers */
751 	if (req->ir_compcode == 0xc0) {
752 		device_printf(dev, "Clear flags is busy\n");
753 	}
754 	if (req->ir_compcode == 0xc1) {
755 		device_printf(dev, "Clear flags illegal\n");
756 	}
757 
758 	for (i = 0; i < 8; i++) {
759 		IPMI_INIT_DRIVER_REQUEST(req, IPMI_ADDR(IPMI_APP_REQUEST, 0),
760 		    IPMI_GET_CHANNEL_INFO, 1, 0);
761 		req->ir_request[0] = i;
762 
763 		ipmi_submit_driver_request(sc, req, 0);
764 
765 		if (req->ir_compcode != 0)
766 			break;
767 	}
768 	device_printf(dev, "Number of channels %d\n", i);
769 
770 	/*
771 	 * Probe for watchdog, but only for backends which support
772 	 * polled driver requests.
773 	 */
774 	if (sc->ipmi_driver_requests_polled) {
775 		IPMI_INIT_DRIVER_REQUEST(req, IPMI_ADDR(IPMI_APP_REQUEST, 0),
776 		    IPMI_GET_WDOG, 0, 0);
777 
778 		ipmi_submit_driver_request(sc, req, 0);
779 
780 		if (req->ir_compcode == 0x00) {
781 			device_printf(dev, "Attached watchdog\n");
782 			/* register the watchdog event handler */
783 			sc->ipmi_watchdog_tag = EVENTHANDLER_REGISTER(
784 			    watchdog_list, ipmi_wd_event, sc, 0);
785 		}
786 	}
787 
788 	sc->ipmi_cdev = make_dev(&ipmi_cdevsw, device_get_unit(dev),
789 	    UID_ROOT, GID_OPERATOR, 0660, "ipmi%d", device_get_unit(dev));
790 	if (sc->ipmi_cdev == NULL) {
791 		device_printf(dev, "Failed to create cdev\n");
792 		return;
793 	}
794 	sc->ipmi_cdev->si_drv1 = sc;
795 }
796 
797 int
798 ipmi_attach(device_t dev)
799 {
800 	struct ipmi_softc *sc = device_get_softc(dev);
801 	int error;
802 
803 	if (sc->ipmi_irq_res != NULL && sc->ipmi_intr != NULL) {
804 		error = bus_setup_intr(dev, sc->ipmi_irq_res, INTR_TYPE_MISC,
805 		    NULL, sc->ipmi_intr, sc, &sc->ipmi_irq);
806 		if (error) {
807 			device_printf(dev, "can't set up interrupt\n");
808 			return (error);
809 		}
810 	}
811 
812 	bzero(&sc->ipmi_ich, sizeof(struct intr_config_hook));
813 	sc->ipmi_ich.ich_func = ipmi_startup;
814 	sc->ipmi_ich.ich_arg = sc;
815 	if (config_intrhook_establish(&sc->ipmi_ich) != 0) {
816 		device_printf(dev, "can't establish configuration hook\n");
817 		return (ENOMEM);
818 	}
819 
820 	ipmi_attached = 1;
821 	return (0);
822 }
823 
824 int
825 ipmi_detach(device_t dev)
826 {
827 	struct ipmi_softc *sc;
828 
829 	sc = device_get_softc(dev);
830 
831 	/* Fail if there are any open handles. */
832 	IPMI_LOCK(sc);
833 	if (sc->ipmi_opened) {
834 		IPMI_UNLOCK(sc);
835 		return (EBUSY);
836 	}
837 	IPMI_UNLOCK(sc);
838 	if (sc->ipmi_cdev)
839 		destroy_dev(sc->ipmi_cdev);
840 
841 	/* Detach from watchdog handling and turn off watchdog. */
842 	if (sc->ipmi_watchdog_tag) {
843 		EVENTHANDLER_DEREGISTER(watchdog_list, sc->ipmi_watchdog_tag);
844 		ipmi_set_watchdog(sc, 0);
845 	}
846 
847 	/* XXX: should use shutdown callout I think. */
848 	/* If the backend uses a kthread, shut it down. */
849 	IPMI_LOCK(sc);
850 	sc->ipmi_detaching = 1;
851 	if (sc->ipmi_kthread) {
852 		cv_broadcast(&sc->ipmi_request_added);
853 		msleep(sc->ipmi_kthread, &sc->ipmi_requests_lock, 0,
854 		    "ipmi_wait", 0);
855 	}
856 	IPMI_UNLOCK(sc);
857 	if (sc->ipmi_irq)
858 		bus_teardown_intr(dev, sc->ipmi_irq_res, sc->ipmi_irq);
859 
860 	ipmi_release_resources(dev);
861 	mtx_destroy(&sc->ipmi_io_lock);
862 	mtx_destroy(&sc->ipmi_requests_lock);
863 	return (0);
864 }
865 
866 void
867 ipmi_release_resources(device_t dev)
868 {
869 	struct ipmi_softc *sc;
870 	int i;
871 
872 	sc = device_get_softc(dev);
873 	if (sc->ipmi_irq)
874 		bus_teardown_intr(dev, sc->ipmi_irq_res, sc->ipmi_irq);
875 	if (sc->ipmi_irq_res)
876 		bus_release_resource(dev, SYS_RES_IRQ, sc->ipmi_irq_rid,
877 		    sc->ipmi_irq_res);
878 	for (i = 0; i < MAX_RES; i++)
879 		if (sc->ipmi_io_res[i])
880 			bus_release_resource(dev, sc->ipmi_io_type,
881 			    sc->ipmi_io_rid + i, sc->ipmi_io_res[i]);
882 }
883 
884 devclass_t ipmi_devclass;
885 
886 /* XXX: Why? */
887 static void
888 ipmi_unload(void *arg)
889 {
890 	device_t *	devs;
891 	int		count;
892 	int		i;
893 
894 	if (devclass_get_devices(ipmi_devclass, &devs, &count) != 0)
895 		return;
896 	for (i = 0; i < count; i++)
897 		device_delete_child(device_get_parent(devs[i]), devs[i]);
898 	free(devs, M_TEMP);
899 }
900 SYSUNINIT(ipmi_unload, SI_SUB_DRIVERS, SI_ORDER_FIRST, ipmi_unload, NULL);
901 
902 #ifdef IMPI_DEBUG
903 static void
904 dump_buf(u_char *data, int len)
905 {
906 	char buf[20];
907 	char line[1024];
908 	char temp[30];
909 	int count = 0;
910 	int i=0;
911 
912 	printf("Address %p len %d\n", data, len);
913 	if (len > 256)
914 		len = 256;
915 	line[0] = '\000';
916 	for (; len > 0; len--, data++) {
917 		sprintf(temp, "%02x ", *data);
918 		strcat(line, temp);
919 		if (*data >= ' ' && *data <= '~')
920 			buf[count] = *data;
921 		else if (*data >= 'A' && *data <= 'Z')
922 			buf[count] = *data;
923 		else
924 			buf[count] = '.';
925 		if (++count == 16) {
926 			buf[count] = '\000';
927 			count = 0;
928 			printf("  %3x  %s %s\n", i, line, buf);
929 			i+=16;
930 			line[0] = '\000';
931 		}
932 	}
933 	buf[count] = '\000';
934 
935 	for (; count != 16; count++) {
936 		strcat(line, "   ");
937 	}
938 	printf("  %3x  %s %s\n", i, line, buf);
939 }
940 #endif
941