1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
|
// SPDX-License-Identifier: Apache-2.0
/* Copyright 2017 IBM Corp. */
#include <stdio.h>
#include <stdlib.h>
#include <stdint.h>
#include <string.h>
#include <stdarg.h>
#include <inttypes.h>
#include <sys/mman.h> /* for mprotect() */
#define pr_fmt(fmt) "MBOX-SERVER: " fmt
#include "skiboot.h"
#include "opal-api.h"
#include "mbox-server.h"
#include "stubs.h"
#define ERASE_GRANULE 0x100
#define LPC_BLOCKS 256
#define __unused __attribute__((unused))
enum win_type {
WIN_CLOSED,
WIN_READ,
WIN_WRITE
};
typedef void (*mbox_data_cb)(struct bmc_mbox_msg *msg, void *priv);
typedef void (*mbox_attn_cb)(uint8_t reg, void *priv);
struct {
mbox_data_cb fn;
void *cb_data;
struct bmc_mbox_msg *msg;
mbox_attn_cb attn;
void *cb_attn;
} mbox_data;
static struct {
int api;
bool reset;
void *lpc_base;
size_t lpc_size;
uint8_t attn_reg;
uint32_t block_shift;
uint32_t erase_granule;
uint16_t def_read_win; /* default window size in blocks */
uint16_t def_write_win;
uint16_t max_read_win; /* max window size in blocks */
uint16_t max_write_win;
enum win_type win_type;
uint32_t win_base;
uint32_t win_size;
bool win_dirty;
} server_state;
static bool check_window(uint32_t pos, uint32_t size)
{
/* If size is zero then all is well */
if (size == 0)
return true;
if (server_state.api == 1) {
/*
* Can actually be stricter in v1 because pos is relative to
* flash not window
*/
if (pos < server_state.win_base ||
pos + size > server_state.win_base + server_state.win_size) {
fprintf(stderr, "pos: 0x%08x size: 0x%08x aren't in active window\n",
pos, size);
fprintf(stderr, "window pos: 0x%08x window size: 0x%08x\n",
server_state.win_base, server_state.win_size);
return false;
}
} else {
if (pos + size > server_state.win_base + server_state.win_size)
return false;
}
return true;
}
/* skiboot test stubs */
int64_t lpc_read(enum OpalLPCAddressType __unused addr_type, uint32_t addr,
uint32_t *data, uint32_t sz);
int64_t lpc_read(enum OpalLPCAddressType __unused addr_type, uint32_t addr,
uint32_t *data, uint32_t sz)
{
/* Let it read from a write window... Spec says it ok! */
if (!check_window(addr, sz) || server_state.win_type == WIN_CLOSED)
return 1;
memcpy(data, server_state.lpc_base + addr, sz);
return 0;
}
int64_t lpc_write(enum OpalLPCAddressType __unused addr_type, uint32_t addr,
uint32_t data, uint32_t sz);
int64_t lpc_write(enum OpalLPCAddressType __unused addr_type, uint32_t addr,
uint32_t data, uint32_t sz)
{
if (!check_window(addr, sz) || server_state.win_type != WIN_WRITE)
return 1;
memcpy(server_state.lpc_base + addr, &data, sz);
return 0;
}
int bmc_mbox_register_attn(mbox_attn_cb handler, void *drv_data)
{
mbox_data.attn = handler;
mbox_data.cb_attn = drv_data;
return 0;
}
uint8_t bmc_mbox_get_attn_reg(void)
{
return server_state.attn_reg;
}
int bmc_mbox_register_callback(mbox_data_cb handler, void *drv_data)
{
mbox_data.fn = handler;
mbox_data.cb_data = drv_data;
return 0;
}
static int close_window(bool check)
{
/*
* This isn't strictly prohibited and some daemons let you close
* windows even if none are open.
* I've made the test fail because closing with no windows open is
* a sign that something 'interesting' has happened.
* You should investigate why
*
* If check is false it is because we just want to do the logic
* because open window has been called - you can open a window
* over a closed window obviously
*/
if (check && server_state.win_type == WIN_CLOSED)
return MBOX_R_PARAM_ERROR;
server_state.win_type = WIN_CLOSED;
mprotect(server_state.lpc_base, server_state.lpc_size, PROT_NONE);
return MBOX_R_SUCCESS;
}
static int do_dirty(uint32_t pos, uint32_t size)
{
pos <<= server_state.block_shift;
if (server_state.api > 1)
size <<= server_state.block_shift;
if (!check_window(pos, size)) {
prlog(PR_ERR, "Trying to dirty not in open window range\n");
return MBOX_R_PARAM_ERROR;
}
if (server_state.win_type != WIN_WRITE) {
prlog(PR_ERR, "Trying to dirty not write window\n");
return MBOX_R_PARAM_ERROR;
}
/* Thats about all actually */
return MBOX_R_SUCCESS;
}
void check_timers(bool __unused unused)
{
/* now that we've handled the message, holla-back */
if (mbox_data.msg) {
mbox_data.fn(mbox_data.msg, mbox_data.cb_data);
mbox_data.msg = NULL;
}
}
static int open_window(struct bmc_mbox_msg *msg, bool write, u32 offset, u32 size)
{
int max_size = server_state.max_read_win << server_state.block_shift;
//int win_size = server_state.def_read_win;
enum win_type type = WIN_READ;
int prot = PROT_READ;
assert(server_state.win_type == WIN_CLOSED);
/* Shift params up */
offset <<= server_state.block_shift;
size <<= server_state.block_shift;
if (!size || server_state.api == 1)
size = server_state.def_read_win << server_state.block_shift;
if (write) {
max_size = server_state.max_write_win << server_state.block_shift;
//win_size = server_state.def_write_win;
prot |= PROT_WRITE;
type = WIN_WRITE;
/* Use the default size if zero size is set */
if (!size || server_state.api == 1)
size = server_state.def_write_win << server_state.block_shift;
}
prlog(PR_INFO, "Opening range %#.8x, %#.8x for %s\n",
offset, offset + size - 1, write ? "writing" : "reading");
/* XXX: Document this behaviour */
if ((size + offset) > server_state.lpc_size) {
prlog(PR_INFO, "tried to open beyond end of flash\n");
return MBOX_R_PARAM_ERROR;
}
/* XXX: should we do this before or after checking for errors?
* Doing it afterwards ensures consistency between
* implementations
*/
if (server_state.api == 2)
size = MIN(size, max_size);
mprotect(server_state.lpc_base + offset, size, prot);
server_state.win_type = type;
server_state.win_base = offset;
server_state.win_size = size;
memset(msg->args, 0, sizeof(msg->args));
bmc_put_u16(msg, 0, offset >> server_state.block_shift);
if (server_state.api == 1) {
/*
* Put nonsense in here because v1 mbox-flash shouldn't know about it.
* If v1 mbox-flash does read this, 0xffff should trigger a big mistake.
*/
bmc_put_u16(msg, 2, 0xffff >> server_state.block_shift);
bmc_put_u16(msg, 4, 0xffff >> server_state.block_shift);
} else {
bmc_put_u16(msg, 2, size >> server_state.block_shift);
bmc_put_u16(msg, 4, offset >> server_state.block_shift);
}
return MBOX_R_SUCCESS;
}
int bmc_mbox_enqueue(struct bmc_mbox_msg *msg,
unsigned int __unused timeout_sec)
{
/*
* FIXME: should we be using the same storage for message
* and response?
*/
int rc = MBOX_R_SUCCESS;
uint32_t start, size;
if (server_state.reset && msg->command != MBOX_C_GET_MBOX_INFO &&
msg->command != MBOX_C_BMC_EVENT_ACK) {
/*
* Real daemons should return an error, but for testing we'll
* be a bit more strict
*/
prlog(PR_EMERG, "Server was in reset state - illegal command %d\n",
msg->command);
exit(1);
}
switch (msg->command) {
case MBOX_C_RESET_STATE:
prlog(PR_INFO, "RESET_STATE\n");
server_state.win_type = WIN_CLOSED;
rc = open_window(msg, false, 0, LPC_BLOCKS);
memset(msg->args, 0, sizeof(msg->args));
break;
case MBOX_C_GET_MBOX_INFO:
prlog(PR_INFO, "GET_MBOX_INFO version = %d, block_shift = %d\n",
server_state.api, server_state.block_shift);
msg->args[0] = server_state.api;
if (server_state.api == 1) {
prlog(PR_INFO, "\tread_size = 0x%08x, write_size = 0x%08x\n",
server_state.def_read_win, server_state.def_write_win);
bmc_put_u16(msg, 1, server_state.def_read_win);
bmc_put_u16(msg, 3, server_state.def_write_win);
msg->args[5] = 0xff; /* If v1 reads this, 0xff will force the mistake */
} else {
msg->args[5] = server_state.block_shift;
}
server_state.reset = false;
break;
case MBOX_C_GET_FLASH_INFO:
prlog(PR_INFO, "GET_FLASH_INFO: size: 0x%" PRIu64 ", erase: 0x%08x\n",
server_state.lpc_size, server_state.erase_granule);
if (server_state.api == 1) {
bmc_put_u32(msg, 0, server_state.lpc_size);
bmc_put_u32(msg, 4, server_state.erase_granule);
} else {
bmc_put_u16(msg, 0, server_state.lpc_size >> server_state.block_shift);
bmc_put_u16(msg, 2, server_state.erase_granule >> server_state.block_shift);
}
break;
case MBOX_C_CREATE_READ_WINDOW:
start = bmc_get_u16(msg, 0);
size = bmc_get_u16(msg, 2);
prlog(PR_INFO, "CREATE_READ_WINDOW: pos: 0x%08x, len: 0x%08x\n", start, size);
rc = close_window(false);
if (rc != MBOX_R_SUCCESS)
break;
rc = open_window(msg, false, start, size);
break;
case MBOX_C_CLOSE_WINDOW:
rc = close_window(true);
break;
case MBOX_C_CREATE_WRITE_WINDOW:
start = bmc_get_u16(msg, 0);
size = bmc_get_u16(msg, 2);
prlog(PR_INFO, "CREATE_WRITE_WINDOW: pos: 0x%08x, len: 0x%08x\n", start, size);
rc = close_window(false);
if (rc != MBOX_R_SUCCESS)
break;
rc = open_window(msg, true, start, size);
break;
/* TODO: make these do something */
case MBOX_C_WRITE_FLUSH:
prlog(PR_INFO, "WRITE_FLUSH\n");
/*
* This behaviour isn't strictly illegal however it could
* be a sign of bad behaviour
*/
if (server_state.api > 1 && !server_state.win_dirty) {
prlog(PR_EMERG, "Version >1 called FLUSH without a previous DIRTY\n");
exit (1);
}
server_state.win_dirty = false;
if (server_state.api > 1)
break;
/* This is only done on V1 */
start = bmc_get_u16(msg, 0);
if (server_state.api == 1)
size = bmc_get_u32(msg, 2);
else
size = bmc_get_u16(msg, 2);
prlog(PR_INFO, "\tpos: 0x%08x len: 0x%08x\n", start, size);
rc = do_dirty(start, size);
break;
case MBOX_C_MARK_WRITE_DIRTY:
start = bmc_get_u16(msg, 0);
if (server_state.api == 1)
size = bmc_get_u32(msg, 2);
else
size = bmc_get_u16(msg, 2);
prlog(PR_INFO, "MARK_WRITE_DIRTY: pos: 0x%08x, len: %08x\n", start, size);
server_state.win_dirty = true;
rc = do_dirty(start, size);
break;
case MBOX_C_BMC_EVENT_ACK:
/*
* Clear any BMC notifier flags. Don't clear the server
* reset state here, it is a permitted command but only
* GET_INFO should clear it.
*
* Make sure that msg->args[0] is only acking bits we told
* it about, in server_state.attn_reg. The caveat is that
* it could NOT ack some bits...
*/
prlog(PR_INFO, "BMC_EVENT_ACK 0x%02x\n", msg->args[0]);
if ((msg->args[0] | server_state.attn_reg) != server_state.attn_reg) {
prlog(PR_EMERG, "Tried to ack bits we didn't say!\n");
exit(1);
}
msg->bmc &= ~msg->args[0];
server_state.attn_reg &= ~msg->args[0];
break;
case MBOX_C_MARK_WRITE_ERASED:
start = bmc_get_u16(msg, 0) << server_state.block_shift;
size = bmc_get_u16(msg, 2) << server_state.block_shift;
/* If we've negotiated v1 this should never be called */
if (server_state.api == 1) {
prlog(PR_EMERG, "Version 1 protocol called a V2 only command\n");
exit(1);
}
/*
* This will likely result in flush (but not
* dirty) being called. This is the point.
*/
server_state.win_dirty = true;
/* This should really be done when they call flush */
memset(server_state.lpc_base + server_state.win_base + start, 0xff, size);
break;
default:
prlog(PR_EMERG, "Got unknown command code from mbox: %d\n", msg->command);
}
prerror("command response = %d\n", rc);
msg->response = rc;
mbox_data.msg = msg;
return 0;
}
int mbox_server_memcmp(int off, const void *buf, size_t len)
{
return memcmp(server_state.lpc_base + off, buf, len);
}
void mbox_server_memset(int c)
{
memset(server_state.lpc_base, c, server_state.lpc_size);
}
uint32_t mbox_server_total_size(void)
{
/* Not actually but for this server we don't differentiate */
return server_state.lpc_size;
}
uint32_t mbox_server_erase_granule(void)
{
return server_state.erase_granule;
}
int mbox_server_version(void)
{
return server_state.api;
}
int mbox_server_reset(unsigned int version, uint8_t block_shift)
{
if (version > 3)
return 1;
server_state.api = version;
if (block_shift)
server_state.block_shift = block_shift;
if (server_state.erase_granule < (1 << server_state.block_shift))
server_state.erase_granule = 1 << server_state.block_shift;
server_state.lpc_size = LPC_BLOCKS * (1 << server_state.block_shift);
free(server_state.lpc_base);
server_state.lpc_base = malloc(server_state.lpc_size);
server_state.attn_reg = MBOX_ATTN_BMC_REBOOT | MBOX_ATTN_BMC_DAEMON_READY;
server_state.win_type = WIN_CLOSED;
server_state.reset = true;
mbox_data.attn(MBOX_ATTN_BMC_REBOOT, mbox_data.cb_attn);
return 0;
}
int mbox_server_init(void)
{
server_state.api = 1;
server_state.reset = true;
/* We're always ready! */
server_state.attn_reg = MBOX_ATTN_BMC_DAEMON_READY;
/* setup server */
server_state.block_shift = 12;
server_state.erase_granule = 0x1000;
server_state.lpc_size = LPC_BLOCKS * (1 << server_state.block_shift);
server_state.lpc_base = malloc(server_state.lpc_size);
server_state.def_read_win = 1; /* These are in units of block shift "= 1 is 4K" */
server_state.def_write_win = 1; /* These are in units of block shift "= 1 is 4K" */
server_state.max_read_win = LPC_BLOCKS;
server_state.max_write_win = LPC_BLOCKS;
server_state.win_type = WIN_CLOSED;
return 0;
}
void mbox_server_destroy(void)
{
free(server_state.lpc_base);
}
|