xref: /freebsd/sys/dev/ipmi/ipmi.c (revision 7dfd9569a2f0637fb9a48157b1c1bfe5709faee3) 
1 /*-
2  * Copyright (c) 2006 IronPort Systems Inc. <ambrisko@ironport.com>
3  * All rights reserved.
4  *
5  * Redistribution and use in source and binary forms, with or without
6  * modification, are permitted provided that the following conditions
7  * are met:
8  * 1. Redistributions of source code must retain the above copyright
9  *    notice, this list of conditions and the following disclaimer.
10  * 2. Redistributions in binary form must reproduce the above copyright
11  *    notice, this list of conditions and the following disclaimer in the
12  *    documentation and/or other materials provided with the distribution.
13  *
14  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
15  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
16  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
17  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
18  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
19  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
20  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
21  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
22  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
23  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
24  * SUCH DAMAGE.
25  */
26 
27 #include <sys/cdefs.h>
28 __FBSDID("$FreeBSD$");
29 
30 #include <sys/param.h>
31 #include <sys/systm.h>
32 #include <sys/kernel.h>
33 #include <sys/malloc.h>
34 #include <sys/poll.h>
35 #include <sys/selinfo.h>
36 
37 #include <sys/disk.h>
38 #include <sys/module.h>
39 #include <sys/bus.h>
40 
41 #include <machine/bus.h>
42 #include <machine/resource.h>
43 #include <machine/clock.h>
44 #include <sys/rman.h>
45 #include <sys/watchdog.h>
46 #include <sys/sysctl.h>
47 
48 #ifdef LOCAL_MODULE
49 #include <ipmi.h>
50 #include <ipmivars.h>
51 #else
52 #include <sys/ipmi.h>
53 #include <dev/ipmi/ipmivars.h>
54 #endif
55 
56 struct ipmi_done_list {
57 	u_char		*data;
58 	int		channel;
59 	int		msgid;
60 	int		len;
61 	TAILQ_ENTRY(ipmi_done_list) list;
62 };
63 
64 #define MAX_TIMEOUT 3 * hz
65 
66 static int ipmi_wait_for_ibf(device_t, int);
67 static int ipmi_wait_for_obf(device_t, int);
68 static void ipmi_clear_obf(device_t, int);
69 static void ipmi_error(device_t);
70 static void ipmi_check_read(device_t);
71 static int ipmi_write(device_t, u_char *, int);
72 static void ipmi_wait_for_tx_okay(device_t);
73 static void ipmi_wait_for_rx_okay(device_t);
74 static void ipmi_wait_for_not_busy(device_t);
75 static void ipmi_set_busy(device_t);
76 static int ipmi_ready_to_read(device_t);
77 #ifdef IPMB
78 static int ipmi_handle_attn(device_t dev);
79 static int ipmi_ipmb_checksum(u_char, int);
80 static int ipmi_ipmb_send_message(device_t, u_char, u_char, u_char,
81      u_char, u_char, int)
82 #endif
83 
84 static d_ioctl_t ipmi_ioctl;
85 static d_poll_t ipmi_poll;
86 static d_open_t ipmi_open;
87 static d_close_t ipmi_close;
88 
89 int ipmi_attached = 0;
90 
91 #define IPMI_MINOR	0
92 
93 static int on = 1;
94 SYSCTL_NODE(_hw, OID_AUTO, ipmi, CTLFLAG_RD, 0, "IPMI driver parameters");
95 SYSCTL_INT(_hw_ipmi, OID_AUTO, on, CTLFLAG_RW,
96         &on, 0, "");
97 
98 static struct cdevsw ipmi_cdevsw = {
99 	.d_version =    D_VERSION,
100 	.d_flags =      D_NEEDGIANT,
101 	.d_open =	ipmi_open,
102 	.d_close =	ipmi_close,
103 	.d_ioctl =	ipmi_ioctl,
104 	.d_poll =	ipmi_poll,
105 	.d_name =	"ipmi",
106 };
107 
108 MALLOC_DEFINE(M_IPMI, "ipmi", "ipmi");
109 
110 static	int
111 ipmi_open(struct cdev *dev, int flags, int fmt, struct thread *td)
112 {
113 	struct ipmi_softc *sc;
114 
115 	if (!on)
116 		return ENOENT;
117 
118 	sc = dev->si_drv1;
119 	if (sc->ipmi_refcnt) {
120 		return EBUSY;
121 	}
122 	sc->ipmi_refcnt = 1;
123 
124 	return 0;
125 }
126 
127 static	int
128 ipmi_poll(struct cdev *dev, int poll_events, struct thread *td)
129 {
130 	struct ipmi_softc *sc;
131 	int revents = 0;
132 
133 	sc = dev->si_drv1;
134 
135 	ipmi_check_read(sc->ipmi_dev);
136 
137 	if (poll_events & (POLLIN | POLLRDNORM)) {
138 		if (!TAILQ_EMPTY(&sc->ipmi_done))
139 		    revents |= poll_events & (POLLIN | POLLRDNORM);
140 		if (TAILQ_EMPTY(&sc->ipmi_done) && sc->ipmi_requests == 0) {
141 		    revents |= POLLERR;
142 		}
143 	}
144 
145 	if (revents == 0) {
146 		if (poll_events & (POLLIN | POLLRDNORM))
147 			selrecord(td, &sc->ipmi_select);
148 	}
149 
150 	return revents;
151 }
152 
153 static	int
154 ipmi_close(struct cdev *dev, int flags, int fmt, struct thread *td)
155 {
156 	struct ipmi_softc *sc;
157 	int error = 0;
158 
159 	sc = dev->si_drv1;
160 
161 	sc->ipmi_refcnt = 0;
162 
163 	return error;
164 }
165 
166 #ifdef IPMB
167 static int
168 ipmi_ipmb_checksum(u_char *data, int len)
169 {
170 	u_char sum = 0;
171 
172 	for (; len; len--) {
173 		sum += *data++;
174 	}
175 	return -sum;
176 }
177 
178 static int
179 ipmi_ipmb_send_message(device_t dev, u_char channel, u_char netfn,
180     u_char command, u_char seq, u_char *data, int data_len)
181 {
182 	u_char *temp;
183 	struct ipmi_softc *sc = device_get_softc(dev);
184 	int error;
185 	u_char slave_addr = 0x52;
186 
187 	temp = malloc(data_len + 10, M_IPMI, M_WAITOK);
188 	bzero(temp, data_len + 10);
189 	temp[0] = IPMI_APP_REQUEST << 2;
190 	temp[1] = IPMI_SEND_MSG;
191 	temp[2] = channel;
192 	temp[3] = slave_addr;
193 	temp[4] = netfn << 2;
194 	temp[5] = ipmi_ipmb_check_sum(&temp[3], 2);
195 	temp[6] = sc->ipmi_address;
196 	temp[7] = seq << 2 | sc->ipmi_lun;
197 	temp[8] = command;
198 
199 	bcopy(data, &temp[9], data_len);
200 	temp[data_len + 9] = ipmi_ipmb_check(&temp[6], data_len + 3);
201 	ipmi_write(sc->ipmi_dev, temp, data_len + 9);
202 	free(temp, M_IPMI);
203 
204 	while (!ipmi_ready_to_read(dev))
205 		DELAY(1000);
206 	temp = malloc(IPMI_MAX_RX, M_IPMI, M_WAITOK);
207 	bzero(temp, IPMI_MAX_RX);
208 	error = ipmi_read(dev, temp, IPMI_MAX_RX);
209 	free(temp, M_IPMI);
210 
211 	return error;
212 }
213 
214 static int
215 ipmi_handle_attn(device_t dev)
216 {
217 	u_char temp[IPMI_MAX_RX];
218 	struct ipmi_softc *sc = device_get_softc(dev);
219 	int error;
220 
221 	device_printf(sc->ipmi_dev, "BMC has a message\n");
222 	temp[0] = IPMI_APP_REQUEST << 2;
223 	temp[1] = IPMI_GET_MSG_FLAGS;
224 	ipmi_write(sc->ipmi_dev, temp, 2);
225 	while (!ipmi_ready_to_read(dev))
226 		DELAY(1000);
227 	bzero(temp, IPMI_MAX_RX);
228 	error = ipmi_read(dev, temp, IPMI_MAX_RX);
229 
230 	if (temp[2] == 0) {
231 		if (temp[3] & IPMI_MSG_BUFFER_FULL) {
232 			device_printf(sc->ipmi_dev, "message buffer full");
233 		}
234 		if (temp[3] & IPMI_WDT_PRE_TIMEOUT) {
235 			device_printf(sc->ipmi_dev,
236 			    "watchdog about to go off");
237 		}
238 		if (temp[3] & IPMI_MSG_AVAILABLE) {
239 			temp[0] = IPMI_APP_REQUEST << 2;
240 			temp[1] = IPMI_GET_MSG;
241 			ipmi_write(sc->ipmi_dev, temp, 2);
242 			while (!ipmi_ready_to_read(dev))
243 				DELAY(1000);
244 			bzero(temp, IPMI_MAX_RX);
245 			error = ipmi_read(dev, temp, IPMI_MAX_RX);
246 
247 			device_printf(sc->ipmi_dev, "throw out message ");
248 			dump_buf(temp, 16);
249 		}
250 	} else
251 		return -1;
252 	return error;
253 }
254 #endif
255 
256 static int
257 ipmi_ready_to_read(device_t dev)
258 {
259 	struct ipmi_softc *sc = device_get_softc(dev);
260 	int status, flags;
261 
262 	if (sc->ipmi_bios_info.smic_mode) {
263 		flags = INB(sc, sc->ipmi_smic_flags);
264 #ifdef IPMB
265 		if (flags & SMIC_STATUS_SMS_ATN) {
266 			ipmi_handle_attn(dev);
267 			return 0;
268 		}
269 #endif
270 		if (flags & SMIC_STATUS_RX_RDY)
271 			 return 1;
272 	} else if (sc->ipmi_bios_info.kcs_mode) {
273 		status = INB(sc, sc->ipmi_kcs_status_reg);
274 #ifdef IPMB
275 		if (status & KCS_STATUS_SMS_ATN) {
276 			ipmi_handle_attn(dev);
277 			return 0;
278 		}
279 #endif
280 		if (status & KCS_STATUS_OBF)
281 			 return 1;
282 	} else {
283 		device_printf(dev,"Unsupported mode\n");
284 	}
285 
286 	return 0;
287 }
288 
289 void
290 ipmi_intr(void *arg) {
291 	device_t  dev = arg;
292 
293 	ipmi_check_read(dev);
294 }
295 
296 static void
297 ipmi_check_read(device_t dev){
298 	struct ipmi_softc *sc = device_get_softc(dev);
299 	struct ipmi_done_list *item;
300 	int status;
301 	u_char *temp;
302 
303 	if (!sc->ipmi_requests)
304 		return;
305 
306 	untimeout((timeout_t *)ipmi_check_read, dev, sc->ipmi_timeout_handle);
307 
308 	if(ipmi_ready_to_read(dev)) {
309 		sc->ipmi_requests--;
310 		temp = malloc(IPMI_MAX_RX, M_IPMI, M_WAITOK);
311 		bzero(temp, IPMI_MAX_RX);
312 		status = ipmi_read(dev, temp, IPMI_MAX_RX);
313 		item = malloc(sizeof(struct ipmi_done_list), M_IPMI, M_WAITOK);
314 		bzero(item, sizeof(struct ipmi_done_list));
315 		item->data = temp;
316 		item->len  = status;
317 		if (ticks - sc->ipmi_timestamp > MAX_TIMEOUT) {
318 			device_printf(dev, "read timeout when ready\n");
319 			TAILQ_INSERT_TAIL(&sc->ipmi_done, item, list);
320 			selwakeup(&sc->ipmi_select);
321 		} else if (status) {
322 			TAILQ_INSERT_TAIL(&sc->ipmi_done, item, list);
323 			selwakeup(&sc->ipmi_select);
324 		}
325 	} else {
326 		if (ticks - sc->ipmi_timestamp > MAX_TIMEOUT) {
327 			sc->ipmi_requests--;
328 			device_printf(dev, "read timeout when not ready\n");
329 			temp = malloc(IPMI_MAX_RX, M_IPMI, M_WAITOK);
330 			bzero(temp, IPMI_MAX_RX);
331 			sc->ipmi_busy = 0;
332 			wakeup(&sc->ipmi_busy);
333 			status = -1;
334 			item = malloc(sizeof(struct ipmi_done_list),
335 			    M_IPMI, M_WAITOK);
336 			bzero(item, sizeof(struct ipmi_done_list));
337 			item->data = temp;
338 			item->len  = status;
339 			TAILQ_INSERT_TAIL(&sc->ipmi_done, item, list);
340 			selwakeup(&sc->ipmi_select);
341 		}
342 	}
343 	if (sc->ipmi_requests)
344 		sc->ipmi_timeout_handle
345 			= timeout((timeout_t *)ipmi_check_read, dev, hz/30);
346 }
347 
348 static int
349 ipmi_ioctl(struct cdev *dev __unused, u_long cmd, caddr_t data,
350     int flags, struct thread *td)
351 {
352 	struct ipmi_softc *sc;
353 	struct ipmi_req *req = (struct ipmi_req *)data;
354 	struct ipmi_recv *recv = (struct ipmi_recv *)data;
355 	struct ipmi_addr addr;
356 	struct ipmi_done_list *item;
357 	u_char *temp;
358 	int error, len;
359 
360 	sc = dev->si_drv1;
361 
362 	switch (cmd) {
363 	case IPMICTL_SEND_COMMAND:
364 		/* clear out old stuff in queue of stuff done */
365 		while((item = TAILQ_FIRST(&sc->ipmi_done))) {
366 			TAILQ_REMOVE(&sc->ipmi_done, item, list);
367 			free(item->data, M_IPMI);
368 			free(item, M_IPMI);
369 		}
370 
371 		error = copyin(req->addr, &addr, sizeof(addr));
372 		temp = malloc(req->msg.data_len + 2, M_IPMI, M_WAITOK);
373 		if (temp == NULL) {
374 			return ENOMEM;
375 		}
376 		temp[0] = req->msg.netfn << 2;
377 		temp[1] = req->msg.cmd;
378 		error = copyin(req->msg.data, &temp[2],
379 		    req->msg.data_len);
380 		if (error != 0) {
381 			free(temp, M_IPMI);
382 			return error;
383 		}
384 		error = ipmi_write(sc->ipmi_dev,
385 		    temp, req->msg.data_len + 2);
386 		free(temp, M_IPMI);
387 
388 		if (error != 1)
389 			return EIO;
390 		sc->ipmi_requests++;
391 		sc->ipmi_timestamp = ticks;
392 		ipmi_check_read(sc->ipmi_dev);
393 
394 		return 0;
395 	case IPMICTL_RECEIVE_MSG_TRUNC:
396 	case IPMICTL_RECEIVE_MSG:
397 		item = TAILQ_FIRST(&sc->ipmi_done);
398 		if (!item) {
399 			return EAGAIN;
400 		}
401 
402 		error = copyin(recv->addr, &addr, sizeof(addr));
403 		if (error != 0)
404 			return error;
405 		TAILQ_REMOVE(&sc->ipmi_done, item, list);
406 		addr.channel = IPMI_BMC_CHANNEL;
407 		recv->recv_type = IPMI_RESPONSE_RECV_TYPE;
408 		recv->msgid = item->msgid;
409 		recv->msg.netfn = item->data[0] >> 2;
410 		recv->msg.cmd = item->data[1];
411 		error = len = item->len;
412 		len -= 2;
413 		if (len < 0)
414 			len = 1;
415 		if (recv->msg.data_len < len && cmd == IPMICTL_RECEIVE_MSG) {
416 			TAILQ_INSERT_HEAD(&sc->ipmi_done, item, list);
417 			return EMSGSIZE;
418 		}
419 		len = min(recv->msg.data_len, len);
420 		recv->msg.data_len = len;
421 		error = copyout(&addr, recv->addr,sizeof(addr));
422 		if (error == 0)
423 			error = copyout(&item->data[2], recv->msg.data, len);
424 		free(item->data, M_IPMI);
425 		free(item, M_IPMI);
426 
427 		if (error != 0)
428 			return error;
429 		return 0;
430 	case IPMICTL_SET_MY_ADDRESS_CMD:
431 		sc->ipmi_address = *(int*)data;
432 		return 0;
433 	case IPMICTL_GET_MY_ADDRESS_CMD:
434 		*(int*)data = sc->ipmi_address;
435 		return 0;
436 	case IPMICTL_SET_MY_LUN_CMD:
437 		sc->ipmi_lun = *(int*)data & 0x3;
438 		return 0;
439 	case IPMICTL_GET_MY_LUN_CMD:
440 		*(int*)data = sc->ipmi_lun;
441 		return 0;
442 	case IPMICTL_SET_GETS_EVENTS_CMD:
443 		/*
444 		device_printf(sc->ipmi_dev,
445 		    "IPMICTL_SET_GETS_EVENTS_CMD NA\n");
446 		*/
447 		return 0;
448 	case IPMICTL_REGISTER_FOR_CMD:
449 	case IPMICTL_UNREGISTER_FOR_CMD:
450 		return EOPNOTSUPP;
451 	}
452 
453 	device_printf(sc->ipmi_dev, "Unknown IOCTL %lX\n", cmd);
454 
455 	return ENOIOCTL;
456 }
457 
458 static int
459 ipmi_wait_for_ibf(device_t dev, int state) {
460 	struct ipmi_softc *sc = device_get_softc(dev);
461 	int status, start = ticks;
462 	int first = 1;
463 
464 	if (state == 0) {
465 		/* WAIT FOR IBF = 0 */
466 		do {
467 			if (first)
468 				first =0;
469 			else
470 				DELAY(100);
471 			status = INB(sc, sc->ipmi_kcs_status_reg);
472 		} while (ticks - start < MAX_TIMEOUT
473 		    && status & KCS_STATUS_IBF);
474 	} else {
475 		/* WAIT FOR IBF = 1 */
476 		do {
477 			if (first)
478 				first =0;
479 			else
480 				DELAY(100);
481 			status = INB(sc, sc->ipmi_kcs_status_reg);
482 		} while (ticks - start < MAX_TIMEOUT
483 		    && !(status & KCS_STATUS_IBF));
484 	}
485 	return status;
486 }
487 
488 static int
489 ipmi_wait_for_obf(device_t dev, int state) {
490 	struct ipmi_softc *sc = device_get_softc(dev);
491 	int status, start = ticks;
492 	int first = 1;
493 
494 	if (state == 0) {
495 		/* WAIT FOR OBF = 0 */
496 		do {
497 			if (first)
498 				first = 0;
499 			else
500 				DELAY(100);
501 			status = INB(sc, sc->ipmi_kcs_status_reg);
502 		} while (ticks - start < MAX_TIMEOUT
503 		    && status & KCS_STATUS_OBF);
504 	} else {
505 		/* WAIT FOR OBF = 1 */
506 		do {
507 			if (first)
508 				first =0;
509 			else
510 				DELAY(100);
511 			status = INB(sc, sc->ipmi_kcs_status_reg);
512 		} while (ticks - start < MAX_TIMEOUT
513 		    && !(status & KCS_STATUS_OBF));
514 	}
515 	return status;
516 }
517 
518 static void
519 ipmi_clear_obf(device_t dev, int status) {
520 	struct ipmi_softc *sc = device_get_softc(dev);
521 	int data;
522 
523 	/* Clear OBF */
524 	if (status & KCS_STATUS_OBF) {
525 		data = INB(sc, sc->ipmi_kcs_data_out_reg);
526 	}
527 }
528 
529 static void
530 ipmi_error(device_t dev) {
531 	struct ipmi_softc *sc = device_get_softc(dev);
532 	int status, data = 0;
533 	int retry = 0;
534 
535 	for(;;){
536 		status = ipmi_wait_for_ibf(dev, 0);
537 
538 		/* ABORT */
539 		OUTB(sc, sc->ipmi_kcs_command_reg,
540 		     KCS_CONTROL_GET_STATUS_ABORT);
541 
542 		/* Wait for IBF = 0 */
543 		status = ipmi_wait_for_ibf(dev, 0);
544 
545 		/* Clear OBF */
546 		ipmi_clear_obf(dev, status);
547 
548 		if (status & KCS_STATUS_OBF) {
549 			data = INB(sc, sc->ipmi_kcs_data_out_reg);
550 			device_printf(dev, "Data %x\n", data);
551 		}
552 
553 		/* 0x00 to DATA_IN */
554 		OUTB(sc, sc->ipmi_kcs_data_in_reg, 0x00);
555 
556 		/* Wait for IBF = 0 */
557 		status = ipmi_wait_for_ibf(dev, 0);
558 
559 		if (KCS_STATUS_STATE(status) == KCS_STATUS_STATE_READ) {
560 
561 			/* Wait for OBF = 1 */
562 			status = ipmi_wait_for_obf(dev, 1);
563 
564 			/* Read error status */
565 			data = INB(sc, sc->ipmi_kcs_data_out_reg);
566 
567 			/* Write READ into Data_in */
568 			OUTB(sc, sc->ipmi_kcs_data_in_reg, KCS_DATA_IN_READ);
569 
570 			/* Wait for IBF = 0 */
571 			status = ipmi_wait_for_ibf(dev, 0);
572 		}
573 
574 		/* IDLE STATE */
575 		if (KCS_STATUS_STATE(status) == KCS_STATUS_STATE_IDLE) {
576 			/* Wait for OBF = 1 */
577 			status = ipmi_wait_for_obf(dev, 1);
578 
579 			/* Clear OBF */
580 			ipmi_clear_obf(dev, status);
581 			break;
582 		}
583 
584 		retry++;
585 		if (retry > 2) {
586 			device_printf(dev, "Retry exhausted %x\n", retry);
587 			break;
588 		}
589 	}
590 }
591 
592 static void
593 ipmi_wait_for_tx_okay(device_t dev) {
594 	struct ipmi_softc *sc = device_get_softc(dev);
595 	int flags;
596 
597 	do {
598 		flags = INB(sc, sc->ipmi_smic_flags);
599 	} while(!flags & SMIC_STATUS_TX_RDY);
600 }
601 
602 static void
603 ipmi_wait_for_rx_okay(device_t dev) {
604 	struct ipmi_softc *sc = device_get_softc(dev);
605 	int flags;
606 
607 	do {
608 		flags = INB(sc, sc->ipmi_smic_flags);
609 	} while(!flags & SMIC_STATUS_RX_RDY);
610 }
611 
612 static void
613 ipmi_wait_for_not_busy(device_t dev) {
614 	struct ipmi_softc *sc = device_get_softc(dev);
615 	int flags;
616 
617 	do {
618 		flags = INB(sc, sc->ipmi_smic_flags);
619 	} while(flags & SMIC_STATUS_BUSY);
620 }
621 
622 static void
623 ipmi_set_busy(device_t dev) {
624 	struct ipmi_softc *sc = device_get_softc(dev);
625 	int flags;
626 
627 	flags = INB(sc, sc->ipmi_smic_flags);
628 	flags |= SMIC_STATUS_BUSY;
629 	OUTB(sc, sc->ipmi_smic_flags, flags);
630 }
631 
632 int
633 ipmi_read(device_t dev, u_char *bytes, int len){
634 	struct ipmi_softc *sc = device_get_softc(dev);
635 	int status, flags, data, i = -1, error;
636 
637 	bzero(bytes, len);
638 	if (sc->ipmi_bios_info.smic_mode) {
639 		ipmi_wait_for_not_busy(dev);
640 		do {
641 			flags = INB(sc, sc->ipmi_smic_flags);
642 		} while(!flags & SMIC_STATUS_RX_RDY);
643 
644 		OUTB(sc, sc->ipmi_smic_ctl_sts, SMIC_CC_SMS_RD_START);
645 		ipmi_wait_for_rx_okay(dev);
646 		ipmi_set_busy(dev);
647 		ipmi_wait_for_not_busy(dev);
648 		status = INB(sc, sc->ipmi_smic_ctl_sts);
649 		if (status != SMIC_SC_SMS_RD_START) {
650 			error = INB(sc, sc->ipmi_smic_data);
651 			device_printf(dev, "Read did not start %x %x\n",
652 			    status, error);
653 			sc->ipmi_busy = 0;
654 			return -1;
655 		}
656 		for (i = -1; ; len--) {
657 			i++;
658 			data = INB(sc, sc->ipmi_smic_data);
659 			if (len > 0)
660 				*bytes++ = data;
661 			else {
662 				device_printf(dev, "Read short %x\n", data);
663 				break;
664 			}
665 			do {
666 				flags = INB(sc, sc->ipmi_smic_flags);
667 			} while(!flags & SMIC_STATUS_RX_RDY);
668 
669 			OUTB(sc, sc->ipmi_smic_ctl_sts, SMIC_CC_SMS_RD_NEXT);
670 			ipmi_wait_for_rx_okay(dev);
671 			ipmi_set_busy(dev);
672 			ipmi_wait_for_not_busy(dev);
673 			status = INB(sc, sc->ipmi_smic_ctl_sts);
674 			if (status == SMIC_SC_SMS_RD_NEXT) {
675 				continue;
676 			} else if (status == SMIC_SC_SMS_RD_END) {
677 				break;
678 			} else {
679 				device_printf(dev, "Read did not next %x\n",
680 				    status);
681 			}
682 		}
683 		i++;
684 		data = INB(sc, sc->ipmi_smic_data);
685 		if (len > 0)
686 			*bytes++ = data;
687 		else
688 			device_printf(dev, "Read short %x\n", data);
689 
690 		OUTB(sc, sc->ipmi_smic_ctl_sts, SMIC_CC_SMS_RD_END);
691 		i++;
692 
693 	} else if (sc->ipmi_bios_info.kcs_mode) {
694 		for (i = -1; ; len--) {
695 			/* Wait for IBF = 0 */
696 			status = ipmi_wait_for_ibf(dev, 0);
697 
698 			/* Read State */
699 			if (KCS_STATUS_STATE(status)
700 			    == KCS_STATUS_STATE_READ) {
701 				i++;
702 
703 				/* Wait for OBF = 1 */
704 				status = ipmi_wait_for_obf(dev, 1);
705 
706 				/* Read Data_out */
707 				data = INB(sc, sc->ipmi_kcs_data_out_reg);
708 				if (len > 0)
709 					*bytes++ = data;
710 				else {
711 					device_printf(dev, "Read short %x byte %d\n", data, i);
712 					break;
713 				}
714 
715 				/* Write READ into Data_in */
716 				OUTB(sc, sc->ipmi_kcs_data_in_reg,
717 				    KCS_DATA_IN_READ);
718 
719 				/* Idle State */
720 			} else if (KCS_STATUS_STATE(status)
721 			    == KCS_STATUS_STATE_IDLE) {
722 				i++;
723 
724 				/* Wait for OBF = 1*/
725 				status = ipmi_wait_for_obf(dev, 1);
726 
727 				/* Read Dummy */
728 				data = INB(sc, sc->ipmi_kcs_data_out_reg);
729 				break;
730 
731 				/* error state */
732 			} else {
733 				device_printf(dev,
734 				    "read status error %x byte %d\n",
735 				    status, i);
736 				sc->ipmi_busy = 0;
737 				ipmi_error(dev);
738 				return -1;
739 			}
740 		}
741 	} else {
742 		device_printf(dev, "Unsupported mode\n");
743 	}
744 	sc->ipmi_busy = 0;
745 	wakeup(&sc->ipmi_busy);
746 
747 	return i;
748 }
749 
750 
751 static int
752 ipmi_write(device_t dev, u_char *bytes, int len){
753 	struct ipmi_softc *sc = device_get_softc(dev);
754 	int status, flags, retry;
755 
756 	while(sc->ipmi_busy){
757 		status = tsleep(&sc->ipmi_busy, PCATCH, "ipmi", 0);
758 		if (status)
759 			return status;
760 	}
761 	sc->ipmi_busy = 1;
762 	if (sc->ipmi_bios_info.smic_mode) {
763 		ipmi_wait_for_not_busy(dev);
764 
765 		OUTB(sc, sc->ipmi_smic_ctl_sts, SMIC_CC_SMS_WR_START);
766 		ipmi_wait_for_tx_okay(dev);
767 		OUTB(sc, sc->ipmi_smic_data, *bytes++);
768 		len--;
769 		ipmi_set_busy(dev);
770 		ipmi_wait_for_not_busy(dev);
771 		status = INB(sc, sc->ipmi_smic_ctl_sts);
772 		if (status != SMIC_SC_SMS_WR_START) {
773 			device_printf(dev, "Write did not start %x\n",status);
774 			sc->ipmi_busy = 0;
775 			return -1;
776 		}
777 		for(len--; len; len--) {
778 			OUTB(sc, sc->ipmi_smic_ctl_sts, SMIC_CC_SMS_WR_NEXT);
779 			ipmi_wait_for_tx_okay(dev);
780 			OUTB(sc, sc->ipmi_smic_data, *bytes++);
781 			ipmi_set_busy(dev);
782 			ipmi_wait_for_not_busy(dev);
783 			status = INB(sc, sc->ipmi_smic_ctl_sts);
784 			if (status != SMIC_SC_SMS_WR_NEXT) {
785 				device_printf(dev, "Write did not next %x\n",
786 				    status);
787 				sc->ipmi_busy = 0;
788 				return -1;
789 			}
790 		}
791 		do {
792 			flags = INB(sc, sc->ipmi_smic_flags);
793 		} while(!flags & SMIC_STATUS_TX_RDY);
794 		OUTB(sc, sc->ipmi_smic_ctl_sts, SMIC_CC_SMS_WR_END);
795 		ipmi_wait_for_tx_okay(dev);
796 		OUTB(sc, sc->ipmi_smic_data, *bytes);
797 		ipmi_set_busy(dev);
798 		ipmi_wait_for_not_busy(dev);
799 		status = INB(sc, sc->ipmi_smic_ctl_sts);
800 		if (status != SMIC_SC_SMS_WR_END) {
801 			device_printf(dev, "Write did not end %x\n",status);
802 			return -1;
803 		}
804 	} else if (sc->ipmi_bios_info.kcs_mode) {
805 		for (retry = 0; retry < 10; retry++) {
806 			/* Wait for IBF = 0 */
807 			status = ipmi_wait_for_ibf(dev, 0);
808 
809 			/* Clear OBF */
810 			ipmi_clear_obf(dev, status);
811 
812 			/* Write start to command */
813 			OUTB(sc, sc->ipmi_kcs_command_reg,
814 			     KCS_CONTROL_WRITE_START);
815 
816 			/* Wait for IBF = 0 */
817 			status = ipmi_wait_for_ibf(dev, 0);
818 			if (KCS_STATUS_STATE(status) == KCS_STATUS_STATE_WRITE)
819 				break;
820 			DELAY(1000000);
821 		}
822 
823 		for(len--; len; len--) {
824 			if (KCS_STATUS_STATE(status)
825 			    != KCS_STATUS_STATE_WRITE) {
826 				/* error state */
827 				device_printf(dev, "status error %x\n",status);
828 				ipmi_error(dev);
829 				sc->ipmi_busy = 0;
830 				return -1;
831 				break;
832 			} else {
833 				/* Clear OBF */
834 				ipmi_clear_obf(dev, status);
835 
836 				/* Data to Data */
837 				OUTB(sc, sc->ipmi_kcs_data_out_reg, *bytes++);
838 
839 				/* Wait for IBF = 0 */
840 				status = ipmi_wait_for_ibf(dev, 0);
841 
842 				if (KCS_STATUS_STATE(status)
843 				    != KCS_STATUS_STATE_WRITE) {
844 					device_printf(dev, "status error %x\n"
845 					    ,status);
846 					ipmi_error(dev);
847 					return -1;
848 				} else {
849 					/* Clear OBF */
850 					ipmi_clear_obf(dev, status);
851 				}
852 			}
853 		}
854 		/* Write end to command */
855 		OUTB(sc, sc->ipmi_kcs_command_reg, KCS_CONTROL_WRITE_END);
856 
857 		/* Wait for IBF = 0 */
858 		status = ipmi_wait_for_ibf(dev, 0);
859 
860 		if (KCS_STATUS_STATE(status) != KCS_STATUS_STATE_WRITE) {
861 			/* error state */
862 			device_printf(dev, "status error %x\n",status);
863 			ipmi_error(dev);
864 			sc->ipmi_busy = 0;
865 			return -1;
866 		} else {
867 			/* Clear OBF */
868 			ipmi_clear_obf(dev, status);
869 			OUTB(sc, sc->ipmi_kcs_data_out_reg, *bytes++);
870 		}
871 	} else {
872 		device_printf(dev, "Unsupported mode\n");
873 	}
874 	sc->ipmi_busy = 2;
875 	return 1;
876 }
877 
878 /*
879  * Watchdog event handler.
880  */
881 
882 static void
883 ipmi_set_watchdog(device_t dev, int sec) {
884 	u_char *temp;
885 	int s;
886 
887 	temp = malloc(IPMI_MAX_RX, M_IPMI, M_WAITOK);
888 
889 	temp[0] = IPMI_APP_REQUEST << 2;
890 	if (sec) {
891 		temp[1] = IPMI_SET_WDOG;
892 		temp[2] = IPMI_SET_WD_TIMER_DONT_STOP
893 		    | IPMI_SET_WD_TIMER_SMS_OS;
894 		temp[3] = IPMI_SET_WD_ACTION_RESET;
895 		temp[4] = 0;
896 		temp[5] = 0;	/* Timer use */
897 		temp[6] = (sec * 10) & 0xff;
898 		temp[7] = (sec * 10) / 2550;
899 	} else {
900  		temp[1] = IPMI_SET_WDOG;
901 		temp[2] = IPMI_SET_WD_TIMER_SMS_OS;
902 		temp[3] = 0;
903 		temp[4] = 0;
904 		temp[5] = 0;	/* Timer use */
905 		temp[6] = 0;
906 		temp[7] = 0;
907 	}
908 
909 	s = splhigh();
910 	ipmi_write(dev, temp, 8);
911 
912 	while (!ipmi_ready_to_read(dev))
913 		DELAY(1000);
914 	bzero(temp, IPMI_MAX_RX);
915 	ipmi_read(dev, temp, IPMI_MAX_RX);
916 
917 	if (sec) {
918 		temp[0] = IPMI_APP_REQUEST << 2;
919 		temp[1] = IPMI_RESET_WDOG;
920 
921 		ipmi_write(dev, temp, 2);
922 
923 		while (!ipmi_ready_to_read(dev))
924 			DELAY(1000);
925 		bzero(temp, IPMI_MAX_RX);
926 		ipmi_read(dev, temp, IPMI_MAX_RX);
927 	}
928 	splx(s);
929 
930 	free(temp, M_IPMI);
931 	/*
932 	dump_watchdog(dev);
933 	*/
934 }
935 
936 static void
937 ipmi_wd_event(void *arg, unsigned int cmd, int *error)
938 {
939 	struct ipmi_softc *sc = arg;
940 	unsigned int timeout;
941 
942 	/* disable / enable */
943 	if (!(cmd & WD_ACTIVE)) {
944 		ipmi_set_watchdog(sc->ipmi_dev, 0);
945 		*error = 0;
946 		return;
947 	}
948 
949 	cmd &= WD_INTERVAL;
950 	/* convert from power-of-to-ns to WDT ticks */
951 	if (cmd >= 64) {
952 		*error = EINVAL;
953 		return;
954 	}
955 	timeout = ((uint64_t)1 << cmd) / 1800000000;
956 
957 	/* reload */
958 	ipmi_set_watchdog(sc->ipmi_dev, timeout);
959 
960 	*error = 0;
961 }
962 
963 int
964 ipmi_attach(device_t dev)
965 {
966 	struct ipmi_softc *sc = device_get_softc(dev);
967 	u_char temp[1024];
968 	int i;
969 	int status;
970 	int unit;
971 
972 	TAILQ_INIT(&sc->ipmi_done);
973 	sc->ipmi_address = IPMI_BMC_SLAVE_ADDR;
974 	sc->ipmi_lun = IPMI_BMC_SMS_LUN;
975 	temp[0] = IPMI_APP_REQUEST << 2;
976 	temp[1] = IPMI_GET_DEVICE_ID;
977 	ipmi_write(dev, temp, 2);
978 
979 	while (!ipmi_ready_to_read(dev))
980 		DELAY(1000);
981 	bzero(temp, sizeof(temp));
982 	ipmi_read(dev, temp, sizeof(temp));
983 	device_printf(dev, "IPMI device rev. %d, firmware rev. %d.%d, "
984 	    "version %d.%d\n",
985 	     temp[4] & 0x0f,
986 	     temp[5] & 0x0f, temp[7],
987 	     temp[7] & 0x0f, temp[7] >> 4);
988 
989 	temp[0] = IPMI_APP_REQUEST << 2;
990 	temp[1] = IPMI_CLEAR_FLAGS;
991 	temp[2] = 8;
992 	ipmi_write(dev, temp, 3);
993 
994 	while (!ipmi_ready_to_read(dev))
995 		DELAY(1000);
996 	bzero(temp, sizeof(temp));
997 	ipmi_read(dev, temp, sizeof(temp));
998 	if (temp[2] == 0xc0) {
999 		device_printf(dev, "Clear flags is busy\n");
1000 	}
1001 	if (temp[2] == 0xc1) {
1002 		device_printf(dev, "Clear flags illegal\n");
1003 	}
1004 
1005 	for(i = 0; i < 8; i++){
1006 		temp[0] = IPMI_APP_REQUEST << 2;
1007 		temp[1] = IPMI_GET_CHANNEL_INFO;
1008 		temp[2] = i;
1009 		ipmi_write(dev, temp, 3);
1010 		while (!ipmi_ready_to_read(dev))
1011 			DELAY(1000);
1012 		bzero(temp, sizeof(temp));
1013 		ipmi_read(dev, temp, sizeof(temp));
1014 		if (temp[2]) {
1015 			break;
1016 		}
1017 	}
1018 	device_printf(dev, "Number of channels %d\n", i);
1019 
1020 	/* probe for watchdog */
1021 	bzero(temp, sizeof(temp));
1022         temp[0] = IPMI_APP_REQUEST << 2;
1023         temp[1] = IPMI_GET_WDOG;
1024         status = ipmi_write(dev, temp, 2);
1025         while (!ipmi_ready_to_read(dev))
1026                 DELAY(1000);
1027         bzero(temp, sizeof(temp));
1028         ipmi_read(dev, temp, sizeof(temp));
1029         if (temp[0] == 0x1c && temp[2] == 0x00) {
1030 		device_printf(dev, "Attached watchdog\n");
1031 		/* register the watchdog event handler */
1032 		sc->ipmi_ev_tag = EVENTHANDLER_REGISTER(watchdog_list,
1033 						   ipmi_wd_event, sc, 0);
1034 	}
1035 	unit = device_get_unit(sc->ipmi_dev);
1036 	/* force device to be ipmi0 since that is what ipmitool expects */
1037 	sc->ipmi_dev_t = make_dev(&ipmi_cdevsw, unit, UID_ROOT, GID_OPERATOR,
1038 			     0660, "ipmi%d", 0);
1039 	sc->ipmi_dev_t->si_drv1 = sc;
1040 
1041 	ipmi_attached = 1;
1042 
1043 	return 0;
1044 }
1045 
1046 int
1047 ipmi_detach(device_t dev)
1048 {
1049 	struct ipmi_softc *sc;
1050 
1051 	sc = device_get_softc(dev);
1052 	if (sc->ipmi_requests)
1053 		untimeout((timeout_t *)ipmi_check_read, dev,
1054 		    sc->ipmi_timeout_handle);
1055 	destroy_dev(sc->ipmi_dev_t);
1056 	return 0;
1057 }
1058 
1059 #ifdef IMPI_DEBUG
1060 static void
1061 dump_buf(u_char *data, int len){
1062 	char buf[20];
1063 	char line[1024];
1064 	char temp[30];
1065 	int count = 0;
1066 	int i=0;
1067 
1068 	printf("Address %p len %d\n", data, len);
1069 	if (len > 256)
1070 		len = 256;
1071 	line[0] = '\000';
1072 	for (; len > 0; len--, data++) {
1073 		sprintf(temp, "%02x ", *data);
1074 		strcat(line, temp);
1075 		if (*data >= ' ' && *data <= '~')
1076 			buf[count] = *data;
1077 		else if (*data >= 'A' && *data <= 'Z')
1078 			buf[count] = *data;
1079 		else
1080 			buf[count] = '.';
1081 		if (++count == 16) {
1082 			buf[count] = '\000';
1083 			count = 0;
1084 			printf("  %3x  %s %s\n", i, line, buf);
1085 			i+=16;
1086 			line[0] = '\000';
1087 		}
1088 	}
1089 	buf[count] = '\000';
1090 
1091 	for (; count != 16; count++) {
1092 		strcat(line, "   ");
1093 	}
1094 	printf("  %3x  %s %s\n", i, line, buf);
1095 }
1096 #endif
1097