mboxd: Stripped down super simple daemon
This daemon may prove useful for debugging and for adding features.
Production daemons will likely need to be better designed
diff --git a/mboxd.c b/mboxd.c
new file mode 100644
index 0000000..5edd95b
--- /dev/null
+++ b/mboxd.c
@@ -0,0 +1,508 @@
+/* Copyright 2016 IBM
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+#include <assert.h>
+#include <errno.h>
+#include <fcntl.h>
+#include <getopt.h>
+#include <limits.h>
+#include <poll.h>
+#include <stdbool.h>
+#include <stdint.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <syslog.h>
+#include <sys/ioctl.h>
+#include <sys/mman.h>
+#include <sys/stat.h>
+#include <sys/timerfd.h>
+#include <sys/types.h>
+#include <time.h>
+#include <unistd.h>
+
+#include <mtd/mtd-abi.h>
+
+#include <linux/aspeed-lpc-ctrl.h>
+
+#include "mbox.h"
+#include "common.h"
+
+#define LPC_CTRL_PATH "/dev/aspeed-lpc-ctrl"
+
+#define MBOX_FD 0
+#define LPC_CTRL_FD 1
+#define MTD_FD 2
+#define TOTAL_FDS 3
+
+#define ALIGN_UP(_v, _a) (((_v) + (_a) - 1) & ~((_a) - 1))
+
+#define MSG_OUT(f_, ...) do { if (verbosity != MBOX_LOG_NONE) { mbox_log(LOG_INFO, f_, ##__VA_ARGS__); } } while(0)
+#define MSG_ERR(f_, ...) do { if (verbosity != MBOX_LOG_NONE) { mbox_log(LOG_ERR, f_, ##__VA_ARGS__); } } while(0)
+
+#define BOOT_HICR7 0x30000e00U
+#define BOOT_HICR8 0xfe0001ffU
+
+struct mbox_context {
+ struct pollfd fds[TOTAL_FDS];
+ void *lpc_mem;
+ uint32_t base;
+ uint32_t size;
+ uint32_t pgsize;
+ bool dirty;
+ uint32_t dirtybase;
+ uint32_t dirtysize;
+ struct mtd_info_user mtd_info;
+};
+
+static int running = 1;
+
+static int point_to_flash(void)
+{
+ /*
+ * Point it to the real flash for sanity. Because hostboot has
+ * expectations as to where the flash is we can't use the kernel
+ * provided UNMAP ioctl().
+ *
+ * That that ioctl() does is detect the size of the flash and map it
+ * appropriately on the LPC bus on the host. The issue with this is that
+ * if a machine has a different flash size to what hostboot expects the
+ * mapping will be incorrect.
+ *
+ * For example 32MB of flash for a platform would mean that hostboot
+ * expects flash to be at 0x0e000000 - 0x0fffffff on the LPC bus. If
+ * the machine actually has 64MB of flash then the UNMAP ioctl() would
+ * map it 0x0c000000 - 0x0fffffff but hostboot will still read at
+ * 0x0e000000.
+ *
+ * Until hostboot learns how to talk to this daemon this hardcode will
+ * get hostboot going. Furthermore, when hostboot does learn to talk
+ * then this mapping is unnecessary and this code should be removed.
+ */
+
+ int r = 0, devmem_fd;
+ char *devmem_ptr;
+
+ MSG_OUT("Pointing HOST LPC bus at the actual flash\n");
+ MSG_OUT("Assuming 32MB of flash: HOST LPC 0x%08x -> BMC 0x%08x\n",
+ BOOT_HICR7 & 0xffff0000, BOOT_HICR7 << 16);
+ devmem_fd = open("/dev/mem", O_RDWR);
+ if (devmem_fd == -1) {
+ r = -errno;
+ MSG_ERR("Couldn't open /dev/mem: %s\n", strerror(-r));
+ goto out;
+ }
+ devmem_ptr = mmap(NULL, 0x1000, PROT_READ | PROT_WRITE, MAP_SHARED,
+ devmem_fd, 0x1e789000);
+ if (devmem_ptr == MAP_FAILED) {
+ r = -errno;
+ MSG_ERR("Couldn't mmap() /dev/mem at 0x1e789000 for 0x1000: %s\n",
+ strerror(-r));
+ goto out;
+ }
+ *(uint32_t *)&devmem_ptr[0x88] = BOOT_HICR7;
+ *(uint32_t *)&devmem_ptr[0x8c] = BOOT_HICR8;
+ munmap(devmem_ptr, 0x1000);
+ close(devmem_fd);
+ /* Sigh */
+
+out:
+ return r;
+}
+
+static int flash_write(struct mbox_context *context, uint32_t pos, uint32_t len)
+{
+ int rc;
+ struct erase_info_user erase_info = {
+ .start = pos,
+ };
+
+ assert(context);
+
+ erase_info.length = ALIGN_UP(len, context->mtd_info.erasesize);
+
+ MSG_OUT("Erasing 0x%08x for 0x%08x (aligned: 0x%08x)\n", pos, len, erase_info.length);
+ if (ioctl(-context->fds[MTD_FD].fd, MEMERASE, &erase_info) == -1) {
+ MSG_ERR("Couldn't MEMERASE ioctl, flash write lost: %s\n", strerror(errno));
+ return -1;
+ }
+
+ if (lseek(-context->fds[MTD_FD].fd, pos, SEEK_SET) == (off_t) -1) {
+ MSG_ERR("Couldn't seek to 0x%08x into MTD, flash write lost: %s\n", pos, strerror(errno));
+ return -1;
+ }
+
+ while (erase_info.length) {
+ rc = write(-context->fds[MTD_FD].fd, context->lpc_mem + pos, erase_info.length);
+ if (rc == -1) {
+ MSG_ERR("Couldn't write to flash! Flash write lost: %s\n", strerror(errno));
+ return -1;
+ }
+ erase_info.length -= rc;
+ pos += rc;
+ }
+
+ return 0;
+}
+
+/* TODO: Add come consistency around the daemon exiting and either
+ * way, ensuring it responds.
+ * I'm in favour of an approach where it does its best to stay alive
+ * and keep talking, the hacky prototype was written the other way.
+ * This function is now inconsistent
+ */
+static int dispatch_mbox(struct mbox_context *context)
+{
+ int r = 0;
+ int len;
+ off_t pos;
+ uint8_t byte;
+ union mbox_regs resp, req = { 0 };
+ uint16_t sizepg, basepg, dirtypg;
+ uint32_t dirtycount;
+ struct aspeed_lpc_ctrl_mapping map;
+
+ assert(context);
+
+ map.addr = context->base;
+ map.size = context->size;
+ map.offset = 0;
+ map.window_type = ASPEED_LPC_CTRL_WINDOW_MEMORY;
+ map.window_id = 0; /* Theres only one */
+
+ MSG_OUT("Dispatched to mbox\n");
+ r = read(context->fds[MBOX_FD].fd, &req, sizeof(req.raw));
+ if (r < 0) {
+ r = -errno;
+ MSG_ERR("Couldn't read: %s\n", strerror(errno));
+ goto out;
+ }
+ if (r < sizeof(req.msg)) {
+ MSG_ERR("Short read: %d expecting %zu\n", r, sizeof(req.msg));
+ r = -1;
+ goto out;
+ }
+
+ /* We are NOT going to update the last two 'status' bytes */
+ memcpy(&resp, &req, sizeof(req.msg));
+
+ sizepg = context->size >> context->pgsize;
+ basepg = context->base >> context->pgsize;
+ MSG_OUT("Got data in with command %d\n", req.msg.command);
+ switch (req.msg.command) {
+ case MBOX_C_RESET_STATE:
+ /* Called by early hostboot? TODO */
+ resp.msg.response = MBOX_R_SUCCESS;
+ r = point_to_flash();
+ if (r) {
+ resp.msg.response = MBOX_R_SYSTEM_ERROR;
+ MSG_ERR("Couldn't point the LPC BUS back to actual flash\n");
+ }
+ break;
+ case MBOX_C_GET_MBOX_INFO:
+ /* TODO Freak if data.data[0] isn't 1 */
+ resp.msg.data[0] = 1;
+ put_u16(&resp.msg.data[1], sizepg);
+ put_u16(&resp.msg.data[3], sizepg);
+ resp.msg.response = MBOX_R_SUCCESS;
+ /* Wow that can't stay negated thats horrible */
+ MSG_OUT("LPC_CTRL_IOCTL_MAP to 0x%08x for 0x%08x\n", map.addr, map.size);
+ r = ioctl(-context->fds[LPC_CTRL_FD].fd,
+ ASPEED_LPC_CTRL_IOCTL_MAP, &map);
+ if (r < 0) {
+ r = -errno;
+ resp.msg.response = MBOX_R_SYSTEM_ERROR;
+ MSG_ERR("Couldn't MAP ioctl(): %s\n", strerror(errno));
+ }
+ break;
+ case MBOX_C_GET_FLASH_INFO:
+ put_u32(&resp.msg.data[0], context->mtd_info.size);
+ put_u32(&resp.msg.data[4], context->mtd_info.erasesize);
+ resp.msg.response = MBOX_R_SUCCESS;
+ break;
+ case MBOX_C_READ_WINDOW:
+ /*
+ * We could probably play tricks with LPC mapping.
+ * That would require kernel involvement.
+ * We could also always copy the relevant flash part to
+ * context->base even if it turns out that offset is in
+ * the window...
+ * This approach is easiest.
+ */
+ if (context->dirty)
+ read(-context->fds[MTD_FD].fd, context->lpc_mem, context->size);
+ basepg += get_u16(&req.msg.data[0]);
+ put_u16(&resp.msg.data[0], basepg);
+ resp.msg.response = MBOX_R_SUCCESS;
+ context->dirty = false;
+ break;
+ case MBOX_C_CLOSE_WINDOW:
+ context->dirty = true;
+ break;
+ case MBOX_C_WRITE_WINDOW:
+ basepg += get_u16(&req.msg.data[0]);
+ put_u16(&resp.msg.data[0], basepg);
+ resp.msg.response = MBOX_R_SUCCESS;
+ context->dirtybase = basepg << context->pgsize;
+ break;
+ /* Optimise these later */
+ case MBOX_C_WRITE_DIRTY:
+ case MBOX_C_WRITE_FENCE:
+ dirtypg = get_u16(&req.msg.data[0]);
+ dirtycount = get_u32(&req.msg.data[2]);
+ if (dirtycount == 0) {
+ resp.msg.response = MBOX_R_PARAM_ERROR;
+ break;
+ }
+ /*
+ * dirtypg is actually offset within window so we probs
+ * need to know if the window isn't at zero
+ */
+ if (flash_write(context, dirtypg << context->pgsize, dirtycount) != 0) {
+ resp.msg.response = MBOX_R_WRITE_ERROR;
+ break;
+ }
+ resp.msg.response = MBOX_R_SUCCESS;
+ break;
+ case MBOX_C_ACK:
+ resp.msg.response = MBOX_R_SUCCESS;
+ pos = lseek(context->fds[MBOX_FD].fd, MBOX_BMC_BYTE, SEEK_SET);
+ if (pos != MBOX_BMC_BYTE) {
+ r = -errno;
+ MSG_ERR("Couldn't lseek() to byte %d: %s\n", MBOX_BMC_BYTE,
+ strerror(errno));
+ }
+ /*
+ * NAND what is in the hardware and the request.
+ * This prevents the host being able to SET bits, it can
+ * only request set ones be cleared.
+ */
+ byte = ~(req.msg.data[0] & req.raw[MBOX_BMC_BYTE]);
+ len = write(context->fds[MBOX_FD].fd, &byte, 1);
+ if (len != 1) {
+ r = -errno;
+ MSG_ERR("Couldn't write to BMC status reg: %s\n",
+ strerror(errno));
+ }
+ pos = lseek(context->fds[MBOX_FD].fd, 0, SEEK_SET);
+ if (pos != 0) {
+ r = -errno;
+ MSG_ERR("Couldn't reset MBOX offset to zero\n");
+ }
+ break;
+ case MBOX_C_COMPLETED_COMMANDS:
+ /* This implementation always completes before responding */
+ resp.msg.data[0] = 0;
+ resp.msg.response = MBOX_R_SUCCESS;
+ break;
+ default:
+ MSG_ERR("UNKNOWN MBOX COMMAND\n");
+ resp.msg.response = MBOX_R_PARAM_ERROR;
+ r = -1;
+ }
+
+ MSG_OUT("Writing response to MBOX regs\n");
+ len = write(context->fds[MBOX_FD].fd, &resp, sizeof(resp.msg));
+ if (len < sizeof(resp.msg)) {
+ r = -errno;
+ MSG_ERR("Didn't write the full response\n");
+ }
+
+out:
+ return r;
+}
+
+static void usage(const char *name)
+{
+ fprintf(stderr, "Usage %s [ -v[v] | --syslog ]\n", name);
+ fprintf(stderr, "\t--verbose\t Be [more] verbose\n");
+ fprintf(stderr, "\t--syslog\t Log output to syslog (pointless without -v)\n\n");
+}
+
+int main(int argc, char *argv[])
+{
+ struct mbox_context *context;
+ const char *name = argv[0];
+ char *pnor_filename = NULL;
+ int opt, polled, r, i;
+ struct aspeed_lpc_ctrl_mapping map;
+
+ static const struct option long_options[] = {
+ { "verbose", no_argument, 0, 'v' },
+ { "syslog", no_argument, 0, 's' },
+ { 0, 0, 0, 0 }
+ };
+
+ context = calloc(1, sizeof(*context));
+ for (i = 0; i < TOTAL_FDS; i++)
+ context->fds[i].fd = -1;
+
+ mbox_vlog = &mbox_log_console;
+ while ((opt = getopt_long(argc, argv, "v", long_options, NULL)) != -1) {
+ switch (opt) {
+ case 0:
+ break;
+ case 'v':
+ verbosity++;
+ break;
+ case 's':
+ /* Avoid a double openlog() */
+ if (mbox_vlog != &vsyslog) {
+ openlog(PREFIX, LOG_ODELAY, LOG_DAEMON);
+ mbox_vlog = &vsyslog;
+ }
+ break;
+ default:
+ usage(name);
+ exit(EXIT_FAILURE);
+ }
+ }
+
+ if (verbosity == MBOX_LOG_VERBOSE)
+ MSG_OUT("Verbose logging\n");
+
+ if (verbosity == MBOX_LOG_DEBUG)
+ MSG_OUT("Debug logging\n");
+
+ MSG_OUT("Starting\n");
+
+ MSG_OUT("Opening %s\n", MBOX_HOST_PATH);
+ context->fds[MBOX_FD].fd = open(MBOX_HOST_PATH, O_RDWR | O_NONBLOCK);
+ if (context->fds[MBOX_FD].fd < 0) {
+ r = -errno;
+ MSG_ERR("Couldn't open %s with flags O_RDWR: %s\n",
+ MBOX_HOST_PATH, strerror(errno));
+ goto finish;
+ }
+
+ MSG_OUT("Opening %s\n", LPC_CTRL_PATH);
+ context->fds[LPC_CTRL_FD].fd = open(LPC_CTRL_PATH, O_RDWR | O_SYNC);
+ if (context->fds[LPC_CTRL_FD].fd < 0) {
+ r = -errno;
+ MSG_ERR("Couldn't open %s with flags O_RDWR: %s\n",
+ LPC_CTRL_PATH, strerror(errno));
+ goto finish;
+ }
+
+ MSG_OUT("Getting buffer size...\n");
+ /* This may become more variable in the future */
+ context->pgsize = 12; /* 4K */
+ map.window_type = ASPEED_LPC_CTRL_WINDOW_MEMORY;
+ map.window_id = 0; /* Theres only one */
+ if (ioctl(context->fds[LPC_CTRL_FD].fd, ASPEED_LPC_CTRL_IOCTL_GET_SIZE,
+ &map) < 0) {
+ r = -errno;
+ MSG_OUT("fail\n");
+ MSG_ERR("Couldn't get lpc control buffer size: %s\n", strerror(-r));
+ goto finish;
+ }
+ /* And strip the first nibble, LPC access speciality */
+ context->size = map.size;
+ context->base = -context->size & 0x0FFFFFFF;
+
+ /* READ THE COMMENT AT THE START OF THIS FUNCTION! */
+ r = point_to_flash();
+ if (r) {
+ MSG_ERR("Failed to point the LPC BUS at the actual flash: %s\n",
+ strerror(-r));
+ goto finish;
+ }
+
+ MSG_OUT("Mapping %s for %u\n", LPC_CTRL_PATH, context->size);
+ context->lpc_mem = mmap(NULL, context->size, PROT_READ | PROT_WRITE, MAP_SHARED,
+ context->fds[LPC_CTRL_FD].fd, 0);
+ if (context->lpc_mem == MAP_FAILED) {
+ r = -errno;
+ MSG_ERR("Didn't manage to mmap %s: %s\n", LPC_CTRL_PATH, strerror(errno));
+ goto finish;
+ }
+
+ pnor_filename = get_dev_mtd();
+ if (!pnor_filename) {
+ MSG_ERR("Couldn't find the PNOR /dev/mtd partition\n");
+ r = -1;
+ goto finish;
+ }
+
+ MSG_OUT("Opening %s\n", pnor_filename);
+ context->fds[MTD_FD].fd = open(pnor_filename, O_RDWR);
+ if (context->fds[MTD_FD].fd < 0) {
+ r = -errno;
+ MSG_ERR("Couldn't open %s with flags O_RDWR: %s\n",
+ pnor_filename, strerror(errno));
+ goto finish;
+ }
+
+ if (ioctl(context->fds[MTD_FD].fd, MEMGETINFO, &context->mtd_info) == -1) {
+ MSG_ERR("Couldn't get information about MTD: %s\n", strerror(errno));
+ return -1;
+ }
+
+ /*
+ * Copy flash into RAM early, same time.
+ * The kernel has created the LPC->AHB mapping also, which means
+ * flash should work.
+ * Ideally we tell the kernel whats up and when to do stuff...
+ */
+ MSG_OUT("Loading flash into ram at %p for 0x%08x bytes\n",
+ context->lpc_mem, context->size);
+ r = read(context->fds[MTD_FD].fd, context->lpc_mem, context->size);
+ if (r != context->size) {
+ MSG_ERR("Couldn't copy mtd into ram: %d\n", r);
+ goto finish;
+ }
+
+ context->fds[MBOX_FD].events = POLLIN;
+ /* Ignore in poll() */
+ context->fds[LPC_CTRL_FD].fd = -context->fds[LPC_CTRL_FD].fd;
+ context->fds[MTD_FD].fd = -context->fds[MTD_FD].fd;
+
+ MSG_OUT("Entering polling loop\n");
+ while (running) {
+ polled = poll(context->fds, TOTAL_FDS, 1000);
+ if (polled == 0)
+ continue;
+ if (polled < 0) {
+ r = -errno;
+ MSG_ERR("Error from poll(): %s\n", strerror(errno));
+ break;
+ }
+ r = dispatch_mbox(context);
+ if (r < 0) {
+ MSG_ERR("Error handling MBOX event: %s\n", strerror(-r));
+ break;
+ }
+ }
+
+ MSG_OUT("Exiting\n");
+
+ /* Unnegate so we can close it */
+ context->fds[LPC_CTRL_FD].fd = -context->fds[LPC_CTRL_FD].fd;
+ context->fds[MTD_FD].fd = -context->fds[MTD_FD].fd;
+
+finish:
+ if (context->lpc_mem)
+ munmap(context->lpc_mem, context->size);
+
+ free(pnor_filename);
+ close(context->fds[MTD_FD].fd);
+ close(context->fds[LPC_CTRL_FD].fd);
+ close(context->fds[MBOX_FD].fd);
+ free(context);
+
+ return r;
+}
+