xref: /freebsd/sys/dev/ipmi/ipmi.c (revision f856af0466c076beef4ea9b15d088e1119a945b8)
1 /*-
2  * Copyright (c) 2006 IronPort Systems Inc. <ambrisko@ironport.com>
3  * All rights reserved.
4  *
5  * Redistribution and use in source and binary forms, with or without
6  * modification, are permitted provided that the following conditions
7  * are met:
8  * 1. Redistributions of source code must retain the above copyright
9  *    notice, this list of conditions and the following disclaimer.
10  * 2. Redistributions in binary form must reproduce the above copyright
11  *    notice, this list of conditions and the following disclaimer in the
12  *    documentation and/or other materials provided with the distribution.
13  *
14  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
15  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
16  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
17  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
18  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
19  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
20  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
21  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
22  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
23  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
24  * SUCH DAMAGE.
25  */
26 
27 #include <sys/cdefs.h>
28 __FBSDID("$FreeBSD$");
29 
30 #include <sys/param.h>
31 #include <sys/systm.h>
32 #include <sys/bus.h>
33 #include <sys/condvar.h>
34 #include <sys/conf.h>
35 #include <sys/kernel.h>
36 #include <sys/malloc.h>
37 #include <sys/module.h>
38 #include <sys/poll.h>
39 #include <sys/rman.h>
40 #include <sys/selinfo.h>
41 #include <sys/sysctl.h>
42 #include <sys/watchdog.h>
43 
44 #ifdef LOCAL_MODULE
45 #include <ipmi.h>
46 #include <ipmivars.h>
47 #else
48 #include <sys/ipmi.h>
49 #include <dev/ipmi/ipmivars.h>
50 #endif
51 
52 #ifdef IPMB
53 static int ipmi_ipmb_checksum(u_char, int);
54 static int ipmi_ipmb_send_message(device_t, u_char, u_char, u_char,
55      u_char, u_char, int)
56 #endif
57 
58 static d_ioctl_t ipmi_ioctl;
59 static d_poll_t ipmi_poll;
60 static d_open_t ipmi_open;
61 static d_close_t ipmi_close;
62 
63 int ipmi_attached = 0;
64 
65 #define IPMI_MINOR	0
66 
67 static int on = 1;
68 SYSCTL_NODE(_hw, OID_AUTO, ipmi, CTLFLAG_RD, 0, "IPMI driver parameters");
69 SYSCTL_INT(_hw_ipmi, OID_AUTO, on, CTLFLAG_RW,
70 	&on, 0, "");
71 
72 static struct cdevsw ipmi_cdevsw = {
73 	.d_version =    D_VERSION,
74 	.d_open =	ipmi_open,
75 	.d_close =	ipmi_close,
76 	.d_ioctl =	ipmi_ioctl,
77 	.d_poll =	ipmi_poll,
78 	.d_name =	"ipmi",
79 };
80 
81 MALLOC_DEFINE(M_IPMI, "ipmi", "ipmi");
82 
83 static int
84 ipmi_open(struct cdev *cdev, int flags, int fmt, struct thread *td)
85 {
86 	struct ipmi_device *dev;
87 	struct ipmi_softc *sc;
88 
89 	if (!on)
90 		return (ENOENT);
91 
92 	dev = cdev->si_drv1;
93 	sc = dev->ipmi_softc;
94 	IPMI_LOCK(sc);
95 	if (dev->ipmi_open) {
96 		IPMI_UNLOCK(sc);
97 		return (EBUSY);
98 	}
99 	dev->ipmi_open = 1;
100 	IPMI_UNLOCK(sc);
101 
102 	return (0);
103 }
104 
105 static int
106 ipmi_poll(struct cdev *cdev, int poll_events, struct thread *td)
107 {
108 	struct ipmi_device *dev;
109 	struct ipmi_softc *sc;
110 	int revents = 0;
111 
112 	dev = cdev->si_drv1;
113 	sc = dev->ipmi_softc;
114 
115 	IPMI_LOCK(sc);
116 	if (poll_events & (POLLIN | POLLRDNORM)) {
117 		if (!TAILQ_EMPTY(&dev->ipmi_completed_requests))
118 		    revents |= poll_events & (POLLIN | POLLRDNORM);
119 		if (dev->ipmi_requests == 0)
120 		    revents |= POLLERR;
121 	}
122 
123 	if (revents == 0) {
124 		if (poll_events & (POLLIN | POLLRDNORM))
125 			selrecord(td, &dev->ipmi_select);
126 	}
127 	IPMI_UNLOCK(sc);
128 
129 	return (revents);
130 }
131 
132 static void
133 ipmi_purge_completed_requests(struct ipmi_device *dev)
134 {
135 	struct ipmi_request *req;
136 
137 	while (!TAILQ_EMPTY(&dev->ipmi_completed_requests)) {
138 		req = TAILQ_FIRST(&dev->ipmi_completed_requests);
139 		TAILQ_REMOVE(&dev->ipmi_completed_requests, req, ir_link);
140 		dev->ipmi_requests--;
141 		ipmi_free_request(req);
142 	}
143 }
144 
145 static int
146 ipmi_close(struct cdev *cdev, int flags, int fmt, struct thread *td)
147 {
148 	struct ipmi_request *req, *nreq;
149 	struct ipmi_device *dev;
150 	struct ipmi_softc *sc;
151 #ifdef CLONING
152 	int bit;
153 #endif
154 
155 	dev = cdev->si_drv1;
156 	sc = dev->ipmi_softc;
157 
158 	IPMI_LOCK(sc);
159 	if (dev->ipmi_requests) {
160 		/* Throw away any pending requests for this device. */
161 		TAILQ_FOREACH_SAFE(req, &sc->ipmi_pending_requests, ir_link,
162 		    nreq) {
163 			if (req->ir_owner == dev) {
164 				TAILQ_REMOVE(&sc->ipmi_pending_requests, req,
165 				    ir_link);
166 				dev->ipmi_requests--;
167 				ipmi_free_request(req);
168 			}
169 		}
170 
171 		/* Throw away any pending completed requests for this device. */
172 		ipmi_purge_completed_requests(dev);
173 
174 		/*
175 		 * If we still have outstanding requests, they must be stuck
176 		 * in an interface driver, so wait for those to drain.
177 		 */
178 		dev->ipmi_closing = 1;
179 		while (dev->ipmi_requests > 0) {
180 			msleep(&dev->ipmi_requests, &sc->ipmi_lock, PWAIT,
181 			    "ipmidrain", 0);
182 			ipmi_purge_completed_requests(dev);
183 		}
184 	}
185 
186 #ifdef CLONING
187 	/* Detach this sub-device from the main driver. */
188 	bit = minor(cdev) % 32;
189 	sc->ipmi_cdev_mask &= ~(1 << bit);
190 	TAILQ_REMOVE(&sc->ipmi_cdevs, dev, ipmi_link);
191 	IPMI_UNLOCK(sc);
192 
193 	/* Cleanup. */
194 	cdev->si_drv1 = NULL;
195 	free(dev, M_IPMI);
196 	destroy_dev(cdev);
197 #else
198 	dev->ipmi_open = 0;
199 	IPMI_UNLOCK(sc);
200 #endif
201 
202 	return (0);
203 }
204 
205 #ifdef IPMB
206 static int
207 ipmi_ipmb_checksum(u_char *data, int len)
208 {
209 	u_char sum = 0;
210 
211 	for (; len; len--) {
212 		sum += *data++;
213 	}
214 	return (-sum);
215 }
216 
217 /* XXX: Needs work */
218 static int
219 ipmi_ipmb_send_message(device_t dev, u_char channel, u_char netfn,
220     u_char command, u_char seq, u_char *data, int data_len)
221 {
222 	struct ipmi_softc *sc = device_get_softc(dev);
223 	struct ipmi_request *req;
224 	u_char slave_addr = 0x52;
225 	int error;
226 
227 	req = ipmi_alloc_driver_request(IPMI_ADDR(IPMI_APP_REQUEST, 0),
228 	    IPMI_SEND_MSG, data_len + 8, 0);
229 	req->ir_request[0] = channel;
230 	req->ir_request[1] = slave_addr;
231 	req->ir_request[2] = IPMI_ADDR(netfn, 0);
232 	req->ir_request[3] = ipmi_ipmb_checksum(&req->ir_request[1], 2);
233 	req->ir_request[4] = sc->ipmi_address;
234 	req->ir_request[5] = IPMI_ADDR(seq, sc->ipmi_lun);
235 	req->ir_request[6] = command;
236 
237 	bcopy(data, &req->ir_request[7], data_len);
238 	temp[data_len + 7] = ipmi_ipmb_checksum(&req->ir_request[4],
239 	    data_len + 3);
240 
241 	ipmi_submit_driver_request(sc, req);
242 	error = req->ir_error;
243 	ipmi_free_request(req);
244 
245 	return (error);
246 }
247 
248 static int
249 ipmi_handle_attn(struct ipmi_softc *sc)
250 {
251 	struct ipmi_request *req;
252 	int error;
253 
254 	device_printf(sc->ipmi_dev, "BMC has a message\n");
255 	req = ipmi_alloc_driver_request(IPMI_ADDR(IPMI_APP_REQUEST, 0),
256 	    IPMI_GET_MSG_FLAGS, 0, 1);
257 
258 	ipmi_submit_driver_request(sc, req);
259 
260 	if (req->ir_error == 0 && req->ir_compcode == 0) {
261 		if (req->ir_reply[0] & IPMI_MSG_BUFFER_FULL) {
262 			device_printf(sc->ipmi_dev, "message buffer full");
263 		}
264 		if (req->ir_reply[0] & IPMI_WDT_PRE_TIMEOUT) {
265 			device_printf(sc->ipmi_dev,
266 			    "watchdog about to go off");
267 		}
268 		if (req->ir_reply[0] & IPMI_MSG_AVAILABLE) {
269 			ipmi_free_request(req);
270 
271 			req = ipmi_alloc_driver_request(
272 			    IPMI_ADDR(IPMI_APP_REQUEST, 0), IPMI_GET_MSG, 0,
273 			    16);
274 
275 			device_printf(sc->ipmi_dev, "throw out message ");
276 			dump_buf(temp, 16);
277 		}
278 	}
279 	error = req->ir_error;
280 	ipmi_free_request(req);
281 
282 	return (error);
283 }
284 #endif
285 
286 #ifdef IPMICTL_SEND_COMMAND_32
287 #define	PTRIN(p)	((void *)(uintptr_t)(p))
288 #define	PTROUT(p)	((uintptr_t)(p))
289 #endif
290 
291 static int
292 ipmi_ioctl(struct cdev *cdev, u_long cmd, caddr_t data,
293     int flags, struct thread *td)
294 {
295 	struct ipmi_softc *sc;
296 	struct ipmi_device *dev;
297 	struct ipmi_request *kreq;
298 	struct ipmi_req *req = (struct ipmi_req *)data;
299 	struct ipmi_recv *recv = (struct ipmi_recv *)data;
300 	struct ipmi_addr addr;
301 #ifdef IPMICTL_SEND_COMMAND_32
302 	struct ipmi_req32 *req32 = (struct ipmi_req32 *)data;
303 	struct ipmi_recv32 *recv32 = (struct ipmi_recv32 *)data;
304 	union {
305 		struct ipmi_req req;
306 		struct ipmi_recv recv;
307 	} thunk32;
308 #endif
309 	int error, len;
310 
311 	dev = cdev->si_drv1;
312 	sc = dev->ipmi_softc;
313 
314 #ifdef IPMICTL_SEND_COMMAND_32
315 	/* Convert 32-bit structures to native. */
316 	switch (cmd) {
317 	case IPMICTL_SEND_COMMAND_32:
318 		req = &thunk32.req;
319 		req->addr = PTRIN(req32->addr);
320 		req->addr_len = req32->addr_len;
321 		req->msgid = req32->msgid;
322 		req->msg.netfn = req32->msg.netfn;
323 		req->msg.cmd = req32->msg.cmd;
324 		req->msg.data_len = req32->msg.data_len;
325 		req->msg.data = PTRIN(req32->msg.data);
326 		break;
327 	case IPMICTL_RECEIVE_MSG_TRUNC_32:
328 	case IPMICTL_RECEIVE_MSG_32:
329 		recv = &thunk32.recv;
330 		recv->addr = PTRIN(recv32->addr);
331 		recv->addr_len = recv32->addr_len;
332 		recv->msg.data_len = recv32->msg.data_len;
333 		recv->msg.data = PTRIN(recv32->msg.data);
334 		break;
335 	}
336 #endif
337 
338 	switch (cmd) {
339 #ifdef IPMICTL_SEND_COMMAND_32
340 	case IPMICTL_SEND_COMMAND_32:
341 #endif
342 	case IPMICTL_SEND_COMMAND:
343 		/*
344 		 * XXX: Need to add proper handling of this.
345 		 */
346 		error = copyin(req->addr, &addr, sizeof(addr));
347 		if (error)
348 			return (error);
349 
350 		IPMI_LOCK(sc);
351 		/* clear out old stuff in queue of stuff done */
352 		/* XXX: This seems odd. */
353 		while ((kreq = TAILQ_FIRST(&dev->ipmi_completed_requests))) {
354 			TAILQ_REMOVE(&dev->ipmi_completed_requests, kreq,
355 			    ir_link);
356 			dev->ipmi_requests--;
357 			ipmi_free_request(kreq);
358 		}
359 		IPMI_UNLOCK(sc);
360 
361 		kreq = ipmi_alloc_request(dev, req->msgid,
362 		    IPMI_ADDR(req->msg.netfn, 0), req->msg.cmd,
363 		    req->msg.data_len, IPMI_MAX_RX);
364 		error = copyin(req->msg.data, kreq->ir_request,
365 		    req->msg.data_len);
366 		if (error) {
367 			ipmi_free_request(kreq);
368 			return (error);
369 		}
370 		IPMI_LOCK(sc);
371 		dev->ipmi_requests++;
372 		error = sc->ipmi_enqueue_request(sc, kreq);
373 		IPMI_UNLOCK(sc);
374 		if (error)
375 			return (error);
376 		break;
377 #ifdef IPMICTL_SEND_COMMAND_32
378 	case IPMICTL_RECEIVE_MSG_TRUNC_32:
379 	case IPMICTL_RECEIVE_MSG_32:
380 #endif
381 	case IPMICTL_RECEIVE_MSG_TRUNC:
382 	case IPMICTL_RECEIVE_MSG:
383 		error = copyin(recv->addr, &addr, sizeof(addr));
384 		if (error)
385 			return (error);
386 
387 		IPMI_LOCK(sc);
388 		kreq = TAILQ_FIRST(&dev->ipmi_completed_requests);
389 		if (kreq == NULL) {
390 			IPMI_UNLOCK(sc);
391 			return (EAGAIN);
392 		}
393 		addr.channel = IPMI_BMC_CHANNEL;
394 		/* XXX */
395 		recv->recv_type = IPMI_RESPONSE_RECV_TYPE;
396 		recv->msgid = kreq->ir_msgid;
397 		recv->msg.netfn = IPMI_REPLY_ADDR(kreq->ir_addr) >> 2;
398 		recv->msg.cmd = kreq->ir_command;
399 		error = kreq->ir_error;
400 		if (error) {
401 			TAILQ_REMOVE(&dev->ipmi_completed_requests, kreq,
402 			    ir_link);
403 			dev->ipmi_requests--;
404 			IPMI_UNLOCK(sc);
405 			ipmi_free_request(kreq);
406 			return (error);
407 		}
408 		len = kreq->ir_replylen + 1;
409 		if (recv->msg.data_len < len &&
410 		    (cmd == IPMICTL_RECEIVE_MSG
411 #ifdef IPMICTL_RECEIVE_MSG_32
412 		     || cmd == IPMICTL_RECEIVE_MSG
413 #endif
414 		    )) {
415 			IPMI_UNLOCK(sc);
416 			return (EMSGSIZE);
417 		}
418 		TAILQ_REMOVE(&dev->ipmi_completed_requests, kreq, ir_link);
419 		dev->ipmi_requests--;
420 		IPMI_UNLOCK(sc);
421 		len = min(recv->msg.data_len, len);
422 		recv->msg.data_len = len;
423 		error = copyout(&addr, recv->addr,sizeof(addr));
424 		if (error == 0)
425 			error = copyout(&kreq->ir_compcode, recv->msg.data, 1);
426 		if (error == 0)
427 			error = copyout(kreq->ir_reply, recv->msg.data + 1,
428 			    len - 1);
429 		ipmi_free_request(kreq);
430 		if (error)
431 			return (error);
432 		break;
433 	case IPMICTL_SET_MY_ADDRESS_CMD:
434 		IPMI_LOCK(sc);
435 		dev->ipmi_address = *(int*)data;
436 		IPMI_UNLOCK(sc);
437 		break;
438 	case IPMICTL_GET_MY_ADDRESS_CMD:
439 		IPMI_LOCK(sc);
440 		*(int*)data = dev->ipmi_address;
441 		IPMI_UNLOCK(sc);
442 		break;
443 	case IPMICTL_SET_MY_LUN_CMD:
444 		IPMI_LOCK(sc);
445 		dev->ipmi_lun = *(int*)data & 0x3;
446 		IPMI_UNLOCK(sc);
447 		break;
448 	case IPMICTL_GET_MY_LUN_CMD:
449 		IPMI_LOCK(sc);
450 		*(int*)data = dev->ipmi_lun;
451 		IPMI_UNLOCK(sc);
452 		break;
453 	case IPMICTL_SET_GETS_EVENTS_CMD:
454 		/*
455 		device_printf(sc->ipmi_dev,
456 		    "IPMICTL_SET_GETS_EVENTS_CMD NA\n");
457 		*/
458 		break;
459 	case IPMICTL_REGISTER_FOR_CMD:
460 	case IPMICTL_UNREGISTER_FOR_CMD:
461 		return (EOPNOTSUPP);
462 	default:
463 		device_printf(sc->ipmi_dev, "Unknown IOCTL %lX\n", cmd);
464 		return (ENOIOCTL);
465 	}
466 
467 #ifdef IPMICTL_SEND_COMMAND_32
468 	/* Update changed fields in 32-bit structures. */
469 	switch (cmd) {
470 	case IPMICTL_RECEIVE_MSG_TRUNC_32:
471 	case IPMICTL_RECEIVE_MSG_32:
472 		recv32->recv_type = recv->recv_type;
473 		recv32->msgid = recv->msgid;
474 		recv32->msg.netfn = recv->msg.netfn;
475 		recv32->msg.cmd = recv->msg.cmd;
476 		recv32->msg.data_len = recv->msg.data_len;
477 		break;
478 	}
479 #endif
480 	return (0);
481 }
482 
483 /*
484  * Request management.
485  */
486 
487 /* Allocate a new request with request and reply buffers. */
488 struct ipmi_request *
489 ipmi_alloc_request(struct ipmi_device *dev, long msgid, uint8_t addr,
490     uint8_t command, size_t requestlen, size_t replylen)
491 {
492 	struct ipmi_request *req;
493 
494 	req = malloc(sizeof(struct ipmi_request) + requestlen + replylen,
495 	    M_IPMI, M_WAITOK | M_ZERO);
496 	req->ir_owner = dev;
497 	req->ir_msgid = msgid;
498 	req->ir_addr = addr;
499 	req->ir_command = command;
500 	if (requestlen) {
501 		req->ir_request = (char *)&req[1];
502 		req->ir_requestlen = requestlen;
503 	}
504 	if (replylen) {
505 		req->ir_reply = (char *)&req[1] + requestlen;
506 		req->ir_replybuflen = replylen;
507 	}
508 	return (req);
509 }
510 
511 /* Free a request no longer in use. */
512 void
513 ipmi_free_request(struct ipmi_request *req)
514 {
515 
516 	free(req, M_IPMI);
517 }
518 
519 /* Store a processed request on the appropriate completion queue. */
520 void
521 ipmi_complete_request(struct ipmi_softc *sc, struct ipmi_request *req)
522 {
523 	struct ipmi_device *dev;
524 
525 	IPMI_LOCK_ASSERT(sc);
526 
527 	/*
528 	 * Anonymous requests (from inside the driver) always have a
529 	 * waiter that we awaken.
530 	 */
531 	if (req->ir_owner == NULL)
532 		wakeup(req);
533 	else {
534 		dev = req->ir_owner;
535 		TAILQ_INSERT_TAIL(&dev->ipmi_completed_requests, req, ir_link);
536 		selwakeup(&dev->ipmi_select);
537 		if (dev->ipmi_closing)
538 			wakeup(&dev->ipmi_requests);
539 	}
540 }
541 
542 /* Enqueue an internal driver request and wait until it is completed. */
543 int
544 ipmi_submit_driver_request(struct ipmi_softc *sc, struct ipmi_request *req,
545     int timo)
546 {
547 	int error;
548 
549 	IPMI_LOCK(sc);
550 	error = sc->ipmi_enqueue_request(sc, req);
551 	if (error == 0)
552 		error = msleep(req, &sc->ipmi_lock, 0, "ipmireq", timo);
553 	if (error == 0)
554 		error = req->ir_error;
555 	IPMI_UNLOCK(sc);
556 	return (error);
557 }
558 
559 /*
560  * Helper routine for polled system interfaces that use
561  * ipmi_polled_enqueue_request() to queue requests.  This request
562  * waits until there is a pending request and then returns the first
563  * request.  If the driver is shutting down, it returns NULL.
564  */
565 struct ipmi_request *
566 ipmi_dequeue_request(struct ipmi_softc *sc)
567 {
568 	struct ipmi_request *req;
569 
570 	IPMI_LOCK_ASSERT(sc);
571 
572 	while (!sc->ipmi_detaching && TAILQ_EMPTY(&sc->ipmi_pending_requests))
573 		cv_wait(&sc->ipmi_request_added, &sc->ipmi_lock);
574 	if (sc->ipmi_detaching)
575 		return (NULL);
576 
577 	req = TAILQ_FIRST(&sc->ipmi_pending_requests);
578 	TAILQ_REMOVE(&sc->ipmi_pending_requests, req, ir_link);
579 	return (req);
580 }
581 
582 /* Default implementation of ipmi_enqueue_request() for polled interfaces. */
583 int
584 ipmi_polled_enqueue_request(struct ipmi_softc *sc, struct ipmi_request *req)
585 {
586 
587 	IPMI_LOCK_ASSERT(sc);
588 
589 	TAILQ_INSERT_TAIL(&sc->ipmi_pending_requests, req, ir_link);
590 	cv_signal(&sc->ipmi_request_added);
591 	return (0);
592 }
593 
594 /*
595  * Watchdog event handler.
596  */
597 
598 static void
599 ipmi_set_watchdog(struct ipmi_softc *sc, int sec)
600 {
601 	struct ipmi_request *req;
602 	int error;
603 
604 	req = ipmi_alloc_driver_request(IPMI_ADDR(IPMI_APP_REQUEST, 0),
605 	    IPMI_SET_WDOG, 6, 0);
606 
607 	if (sec) {
608 		req->ir_request[0] = IPMI_SET_WD_TIMER_DONT_STOP
609 		    | IPMI_SET_WD_TIMER_SMS_OS;
610 		req->ir_request[1] = IPMI_SET_WD_ACTION_RESET;
611 		req->ir_request[2] = 0;
612 		req->ir_request[3] = 0;	/* Timer use */
613 		req->ir_request[4] = (sec * 10) & 0xff;
614 		req->ir_request[5] = (sec * 10) / 2550;
615 	} else {
616 		req->ir_request[0] = IPMI_SET_WD_TIMER_SMS_OS;
617 		req->ir_request[1] = 0;
618 		req->ir_request[2] = 0;
619 		req->ir_request[3] = 0;	/* Timer use */
620 		req->ir_request[4] = 0;
621 		req->ir_request[5] = 0;
622 	}
623 
624 	error = ipmi_submit_driver_request(sc, req, 0);
625 	if (error)
626 		device_printf(sc->ipmi_dev, "Failed to set watchdog\n");
627 
628 	if (error == 0 && sec) {
629 		ipmi_free_request(req);
630 
631 		req = ipmi_alloc_driver_request(IPMI_ADDR(IPMI_APP_REQUEST, 0),
632 		    IPMI_RESET_WDOG, 0, 0);
633 
634 		error = ipmi_submit_driver_request(sc, req, 0);
635 		if (error)
636 			device_printf(sc->ipmi_dev,
637 			    "Failed to reset watchdog\n");
638 	}
639 
640 	ipmi_free_request(req);
641 	/*
642 	dump_watchdog(sc);
643 	*/
644 }
645 
646 static void
647 ipmi_wd_event(void *arg, unsigned int cmd, int *error)
648 {
649 	struct ipmi_softc *sc = arg;
650 	unsigned int timeout;
651 
652 	cmd &= WD_INTERVAL;
653 	if (cmd > 0 && cmd <= 63) {
654 		timeout = ((uint64_t)1 << cmd) / 1800000000;
655 		ipmi_set_watchdog(sc, timeout);
656 		*error = 0;
657 	} else {
658 		ipmi_set_watchdog(sc, 0);
659 		if (cmd > 0)
660 			*error = 0;
661 	}
662 }
663 
664 #ifdef CLONING
665 static void
666 ipmi_clone(void *arg, struct ucred *cred, char *name, int namelen,
667     struct cdev **cdev)
668 {
669 	struct ipmi_softc *sc = arg;
670 	struct ipmi_device *dev;
671 	int minor, unit;
672 
673 	if (*cdev != NULL)
674 		return;
675 
676 	if (strcmp(name, device_get_nameunit(sc->ipmi_dev)) != 0)
677 		return;
678 
679 	dev = malloc(sizeof(struct ipmi_device), M_IPMI, M_WAITOK | M_ZERO);
680 
681 	/* Reserve a sub-device. */
682 	IPMI_LOCK(sc);
683 	minor = ffs(~(sc->ipmi_cdev_mask & 0xffff));
684 	if (minor == 0 || !sc->ipmi_cloning) {
685 		IPMI_UNLOCK(sc);
686 		free(dev, M_IPMI);
687 		return;
688 	}
689 	minor--;
690 	sc->ipmi_cdev_mask |= (1 << minor);
691 	TAILQ_INSERT_TAIL(&sc->ipmi_cdevs, dev, ipmi_link);
692 	IPMI_UNLOCK(sc);
693 
694 	/* Initialize the device. */
695 	TAILQ_INIT(&dev->ipmi_completed_requests);
696 	dev->ipmi_softc = sc;
697 	dev->ipmi_address = IPMI_BMC_SLAVE_ADDR;
698 	dev->ipmi_lun = IPMI_BMC_SMS_LUN;
699 	unit = device_get_unit(sc->ipmi_dev);
700 	dev->ipmi_cdev = make_dev_cred(&ipmi_cdevsw, unit * 32 + minor, cred,
701 	    UID_ROOT, GID_OPERATOR, 0660, "ipmi%d.%d", unit, minor);
702 	if (dev->ipmi_cdev == NULL) {
703 		IPMI_LOCK(sc);
704 		sc->ipmi_cdev_mask &= ~(1 << minor);
705 		TAILQ_REMOVE(&sc->ipmi_cdevs, dev, ipmi_link);
706 		IPMI_UNLOCK(sc);
707 		free(dev, M_IPMI);
708 		return;
709 	}
710 	dev->ipmi_cdev->si_drv1 = dev;
711 	*cdev = dev->ipmi_cdev;
712 	dev_ref(*cdev);
713 }
714 #endif
715 
716 static void
717 ipmi_startup(void *arg)
718 {
719 	struct ipmi_softc *sc = arg;
720 	struct ipmi_request *req;
721 	device_t dev;
722 	int error, i;
723 
724 	config_intrhook_disestablish(&sc->ipmi_ich);
725 	dev = sc->ipmi_dev;
726 
727 	/* Initialize interface-independent state. */
728 	mtx_init(&sc->ipmi_lock, device_get_nameunit(dev), "ipmi", MTX_DEF);
729 	cv_init(&sc->ipmi_request_added, "ipmireq");
730 	TAILQ_INIT(&sc->ipmi_pending_requests);
731 #ifdef CLONING
732 	TAILQ_INIT(&sc->ipmi_cdevs);
733 #endif
734 
735 	/* Initialize interface-dependent state. */
736 	error = sc->ipmi_startup(sc);
737 	if (error) {
738 		device_printf(dev, "Failed to initialize interface: %d\n",
739 		    error);
740 		return;
741 	}
742 
743 	/* Send a GET_DEVICE_ID request. */
744 	req = ipmi_alloc_driver_request(IPMI_ADDR(IPMI_APP_REQUEST, 0),
745 	    IPMI_GET_DEVICE_ID, 0, 15);
746 
747 	error = ipmi_submit_driver_request(sc, req, MAX_TIMEOUT);
748 	if (error == EWOULDBLOCK) {
749 		device_printf(dev, "Timed out waiting for GET_DEVICE_ID\n");
750 		ipmi_free_request(req);
751 		return;
752 	} else if (error) {
753 		device_printf(dev, "Failed GET_DEVICE_ID: %d\n", error);
754 		ipmi_free_request(req);
755 		return;
756 	} else if (req->ir_compcode != 0) {
757 		device_printf(dev,
758 		    "Bad completion code for GET_DEVICE_ID: %d\n",
759 		    req->ir_compcode);
760 		ipmi_free_request(req);
761 		return;
762 	} else if (req->ir_replylen < 5) {
763 		device_printf(dev, "Short reply for GET_DEVICE_ID: %d\n",
764 		    req->ir_replylen);
765 		ipmi_free_request(req);
766 		return;
767 	}
768 
769 	device_printf(dev, "IPMI device rev. %d, firmware rev. %d.%d, "
770 	    "version %d.%d\n",
771 	     req->ir_reply[1] & 0x0f,
772 	     req->ir_reply[2] & 0x0f, req->ir_reply[4],
773 	     req->ir_reply[4] & 0x0f, req->ir_reply[4] >> 4);
774 
775 	ipmi_free_request(req);
776 
777 	req = ipmi_alloc_driver_request(IPMI_ADDR(IPMI_APP_REQUEST, 0),
778 	    IPMI_CLEAR_FLAGS, 1, 0);
779 
780 	ipmi_submit_driver_request(sc, req, 0);
781 
782 	/* XXX: Magic numbers */
783 	if (req->ir_compcode == 0xc0) {
784 		device_printf(dev, "Clear flags is busy\n");
785 	}
786 	if (req->ir_compcode == 0xc1) {
787 		device_printf(dev, "Clear flags illegal\n");
788 	}
789 	ipmi_free_request(req);
790 
791 	for (i = 0; i < 8; i++) {
792 		req = ipmi_alloc_driver_request(IPMI_ADDR(IPMI_APP_REQUEST, 0),
793 		    IPMI_GET_CHANNEL_INFO, 1, 0);
794 		req->ir_request[0] = i;
795 
796 		ipmi_submit_driver_request(sc, req, 0);
797 
798 		if (req->ir_compcode != 0) {
799 			ipmi_free_request(req);
800 			break;
801 		}
802 		ipmi_free_request(req);
803 	}
804 	device_printf(dev, "Number of channels %d\n", i);
805 
806 	/* probe for watchdog */
807 	req = ipmi_alloc_driver_request(IPMI_ADDR(IPMI_APP_REQUEST, 0),
808 	    IPMI_GET_WDOG, 0, 0);
809 
810 	ipmi_submit_driver_request(sc, req, 0);
811 
812 	if (req->ir_compcode == 0x00) {
813 		device_printf(dev, "Attached watchdog\n");
814 		/* register the watchdog event handler */
815 		sc->ipmi_watchdog_tag = EVENTHANDLER_REGISTER(watchdog_list,
816 		    ipmi_wd_event, sc, 0);
817 	}
818 	ipmi_free_request(req);
819 
820 #ifdef CLONING
821 	sc->ipmi_cloning = 1;
822 	sc->ipmi_clone_tag = EVENTHANDLER_REGISTER(dev_clone,  ipmi_clone, sc,
823 	    1000);
824 #else
825 	/* Initialize the device. */
826 	TAILQ_INIT(&sc->ipmi_idev.ipmi_completed_requests);
827 	sc->ipmi_idev.ipmi_softc = sc;
828 	sc->ipmi_idev.ipmi_address = IPMI_BMC_SLAVE_ADDR;
829 	sc->ipmi_idev.ipmi_lun = IPMI_BMC_SMS_LUN;
830 	sc->ipmi_idev.ipmi_cdev = make_dev(&ipmi_cdevsw, device_get_unit(dev),
831 	    UID_ROOT, GID_OPERATOR, 0660, "ipmi%d", device_get_unit(dev));
832 	if (sc->ipmi_idev.ipmi_cdev == NULL) {
833 		device_printf(dev, "Failed to create cdev\n");
834 		return;
835 	}
836 	sc->ipmi_idev.ipmi_cdev->si_drv1 = &sc->ipmi_idev;
837 #endif
838 }
839 
840 int
841 ipmi_attach(device_t dev)
842 {
843 	struct ipmi_softc *sc = device_get_softc(dev);
844 	int error;
845 
846 	if (sc->ipmi_irq_res != NULL && sc->ipmi_intr != NULL) {
847 		error = bus_setup_intr(dev, sc->ipmi_irq_res, INTR_TYPE_MISC,
848 		    sc->ipmi_intr, sc, &sc->ipmi_irq);
849 		if (error) {
850 			device_printf(dev, "can't set up interrupt\n");
851 			return (error);
852 		}
853 	}
854 
855 	bzero(&sc->ipmi_ich, sizeof(struct intr_config_hook));
856 	sc->ipmi_ich.ich_func = ipmi_startup;
857 	sc->ipmi_ich.ich_arg = sc;
858 	if (config_intrhook_establish(&sc->ipmi_ich) != 0) {
859 		device_printf(dev, "can't establish configuration hook\n");
860 		return (ENOMEM);
861 	}
862 
863 	ipmi_attached = 1;
864 	return (0);
865 }
866 
867 int
868 ipmi_detach(device_t dev)
869 {
870 	struct ipmi_softc *sc;
871 
872 	sc = device_get_softc(dev);
873 
874 	/* Fail if there are any open handles. */
875 	IPMI_LOCK(sc);
876 #ifdef CLONING
877 	if (!TAILQ_EMPTY(&sc->ipmi_cdevs)) {
878 		IPMI_UNLOCK(sc);
879 		return (EBUSY);
880 	}
881 
882 	/* Turn off cloning. */
883 	sc->ipmi_cloning = 0;
884 	IPMI_UNLOCK(sc);
885 
886 	if (sc->ipmi_clone_tag)
887 		EVENTHANDLER_DEREGISTER(dev_clone, sc->ipmi_clone_tag);
888 #else
889 	if (sc->ipmi_idev.ipmi_open) {
890 		IPMI_UNLOCK(sc);
891 		return (EBUSY);
892 	}
893 	IPMI_UNLOCK(sc);
894 	if (sc->ipmi_idev.ipmi_cdev)
895 		destroy_dev(sc->ipmi_idev.ipmi_cdev);
896 #endif
897 
898 	/* Detach from watchdog handling and turn off watchdog. */
899 	if (sc->ipmi_watchdog_tag) {
900 		EVENTHANDLER_DEREGISTER(watchdog_list, sc->ipmi_watchdog_tag);
901 		ipmi_set_watchdog(sc, 0);
902 	}
903 
904 	/* XXX: should use shutdown callout I think. */
905 	/* If the backend uses a kthread, shut it down. */
906 	IPMI_LOCK(sc);
907 	sc->ipmi_detaching = 1;
908 	if (sc->ipmi_kthread) {
909 		cv_broadcast(&sc->ipmi_request_added);
910 		msleep(sc->ipmi_kthread, &sc->ipmi_lock, 0, "ipmi_wait", 0);
911 	}
912 	IPMI_UNLOCK(sc);
913 	if (sc->ipmi_irq)
914 		bus_teardown_intr(dev, sc->ipmi_irq_res, sc->ipmi_irq);
915 
916 	ipmi_release_resources(dev);
917 	mtx_destroy(&sc->ipmi_lock);
918 	return (0);
919 }
920 
921 void
922 ipmi_release_resources(device_t dev)
923 {
924 	struct ipmi_softc *sc;
925 	int i;
926 
927 	sc = device_get_softc(dev);
928 	if (sc->ipmi_irq)
929 		bus_teardown_intr(dev, sc->ipmi_irq_res, sc->ipmi_irq);
930 	if (sc->ipmi_irq_res)
931 		bus_release_resource(dev, SYS_RES_IRQ, sc->ipmi_irq_rid,
932 		    sc->ipmi_irq_res);
933 	for (i = 0; i < MAX_RES; i++)
934 		if (sc->ipmi_io_res[i])
935 			bus_release_resource(dev, sc->ipmi_io_type,
936 			    sc->ipmi_io_rid + i, sc->ipmi_io_res[i]);
937 }
938 
939 devclass_t ipmi_devclass;
940 
941 /* XXX: Why? */
942 static void
943 ipmi_unload(void *arg)
944 {
945 	device_t *	devs;
946 	int		count;
947 	int		i;
948 
949 	if (devclass_get_devices(ipmi_devclass, &devs, &count) != 0)
950 		return;
951 	for (i = 0; i < count; i++)
952 		device_delete_child(device_get_parent(devs[i]), devs[i]);
953 	free(devs, M_TEMP);
954 }
955 SYSUNINIT(ipmi_unload, SI_SUB_DRIVERS, SI_ORDER_FIRST, ipmi_unload, NULL);
956 
957 #ifdef IMPI_DEBUG
958 static void
959 dump_buf(u_char *data, int len)
960 {
961 	char buf[20];
962 	char line[1024];
963 	char temp[30];
964 	int count = 0;
965 	int i=0;
966 
967 	printf("Address %p len %d\n", data, len);
968 	if (len > 256)
969 		len = 256;
970 	line[0] = '\000';
971 	for (; len > 0; len--, data++) {
972 		sprintf(temp, "%02x ", *data);
973 		strcat(line, temp);
974 		if (*data >= ' ' && *data <= '~')
975 			buf[count] = *data;
976 		else if (*data >= 'A' && *data <= 'Z')
977 			buf[count] = *data;
978 		else
979 			buf[count] = '.';
980 		if (++count == 16) {
981 			buf[count] = '\000';
982 			count = 0;
983 			printf("  %3x  %s %s\n", i, line, buf);
984 			i+=16;
985 			line[0] = '\000';
986 		}
987 	}
988 	buf[count] = '\000';
989 
990 	for (; count != 16; count++) {
991 		strcat(line, "   ");
992 	}
993 	printf("  %3x  %s %s\n", i, line, buf);
994 }
995 #endif
996