1 /* 2 * QEMU AHCI Emulation 3 * 4 * Copyright (c) 2010 qiaochong@loongson.cn 5 * Copyright (c) 2010 Roland Elek <elek.roland@gmail.com> 6 * Copyright (c) 2010 Sebastian Herbszt <herbszt@gmx.de> 7 * Copyright (c) 2010 Alexander Graf <agraf@suse.de> 8 * 9 * This library is free software; you can redistribute it and/or 10 * modify it under the terms of the GNU Lesser General Public 11 * License as published by the Free Software Foundation; either 12 * version 2 of the License, or (at your option) any later version. 13 * 14 * This library is distributed in the hope that it will be useful, 15 * but WITHOUT ANY WARRANTY; without even the implied warranty of 16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 17 * Lesser General Public License for more details. 18 * 19 * You should have received a copy of the GNU Lesser General Public 20 * License along with this library; if not, see <http://www.gnu.org/licenses/>. 21 * 22 */ 23 24 #include <hw/hw.h> 25 #include <hw/pci/msi.h> 26 #include <hw/i386/pc.h> 27 #include <hw/pci/pci.h> 28 #include <hw/sysbus.h> 29 30 #include "qemu/error-report.h" 31 #include "sysemu/block-backend.h" 32 #include "sysemu/dma.h" 33 #include "internal.h" 34 #include <hw/ide/pci.h> 35 #include <hw/ide/ahci.h> 36 37 #define DEBUG_AHCI 0 38 39 #define DPRINTF(port, fmt, ...) \ 40 do { \ 41 if (DEBUG_AHCI) { \ 42 fprintf(stderr, "ahci: %s: [%d] ", __func__, port); \ 43 fprintf(stderr, fmt, ## __VA_ARGS__); \ 44 } \ 45 } while (0) 46 47 static void check_cmd(AHCIState *s, int port); 48 static int handle_cmd(AHCIState *s, int port, uint8_t slot); 49 static void ahci_reset_port(AHCIState *s, int port); 50 static void ahci_write_fis_d2h(AHCIDevice *ad, uint8_t *cmd_fis); 51 static void ahci_init_d2h(AHCIDevice *ad); 52 static int ahci_dma_prepare_buf(IDEDMA *dma, int32_t limit); 53 static void ahci_commit_buf(IDEDMA *dma, uint32_t tx_bytes); 54 static bool ahci_map_clb_address(AHCIDevice *ad); 55 static bool ahci_map_fis_address(AHCIDevice *ad); 56 static void ahci_unmap_clb_address(AHCIDevice *ad); 57 static void ahci_unmap_fis_address(AHCIDevice *ad); 58 59 60 static uint32_t ahci_port_read(AHCIState *s, int port, int offset) 61 { 62 uint32_t val; 63 AHCIPortRegs *pr; 64 pr = &s->dev[port].port_regs; 65 66 switch (offset) { 67 case PORT_LST_ADDR: 68 val = pr->lst_addr; 69 break; 70 case PORT_LST_ADDR_HI: 71 val = pr->lst_addr_hi; 72 break; 73 case PORT_FIS_ADDR: 74 val = pr->fis_addr; 75 break; 76 case PORT_FIS_ADDR_HI: 77 val = pr->fis_addr_hi; 78 break; 79 case PORT_IRQ_STAT: 80 val = pr->irq_stat; 81 break; 82 case PORT_IRQ_MASK: 83 val = pr->irq_mask; 84 break; 85 case PORT_CMD: 86 val = pr->cmd; 87 break; 88 case PORT_TFDATA: 89 val = pr->tfdata; 90 break; 91 case PORT_SIG: 92 val = pr->sig; 93 break; 94 case PORT_SCR_STAT: 95 if (s->dev[port].port.ifs[0].blk) { 96 val = SATA_SCR_SSTATUS_DET_DEV_PRESENT_PHY_UP | 97 SATA_SCR_SSTATUS_SPD_GEN1 | SATA_SCR_SSTATUS_IPM_ACTIVE; 98 } else { 99 val = SATA_SCR_SSTATUS_DET_NODEV; 100 } 101 break; 102 case PORT_SCR_CTL: 103 val = pr->scr_ctl; 104 break; 105 case PORT_SCR_ERR: 106 val = pr->scr_err; 107 break; 108 case PORT_SCR_ACT: 109 val = pr->scr_act; 110 break; 111 case PORT_CMD_ISSUE: 112 val = pr->cmd_issue; 113 break; 114 case PORT_RESERVED: 115 default: 116 val = 0; 117 } 118 DPRINTF(port, "offset: 0x%x val: 0x%x\n", offset, val); 119 return val; 120 121 } 122 123 static void ahci_irq_raise(AHCIState *s, AHCIDevice *dev) 124 { 125 AHCIPCIState *d = container_of(s, AHCIPCIState, ahci); 126 PCIDevice *pci_dev = 127 (PCIDevice *)object_dynamic_cast(OBJECT(d), TYPE_PCI_DEVICE); 128 129 DPRINTF(0, "raise irq\n"); 130 131 if (pci_dev && msi_enabled(pci_dev)) { 132 msi_notify(pci_dev, 0); 133 } else { 134 qemu_irq_raise(s->irq); 135 } 136 } 137 138 static void ahci_irq_lower(AHCIState *s, AHCIDevice *dev) 139 { 140 AHCIPCIState *d = container_of(s, AHCIPCIState, ahci); 141 PCIDevice *pci_dev = 142 (PCIDevice *)object_dynamic_cast(OBJECT(d), TYPE_PCI_DEVICE); 143 144 DPRINTF(0, "lower irq\n"); 145 146 if (!pci_dev || !msi_enabled(pci_dev)) { 147 qemu_irq_lower(s->irq); 148 } 149 } 150 151 static void ahci_check_irq(AHCIState *s) 152 { 153 int i; 154 155 DPRINTF(-1, "check irq %#x\n", s->control_regs.irqstatus); 156 157 s->control_regs.irqstatus = 0; 158 for (i = 0; i < s->ports; i++) { 159 AHCIPortRegs *pr = &s->dev[i].port_regs; 160 if (pr->irq_stat & pr->irq_mask) { 161 s->control_regs.irqstatus |= (1 << i); 162 } 163 } 164 165 if (s->control_regs.irqstatus && 166 (s->control_regs.ghc & HOST_CTL_IRQ_EN)) { 167 ahci_irq_raise(s, NULL); 168 } else { 169 ahci_irq_lower(s, NULL); 170 } 171 } 172 173 static void ahci_trigger_irq(AHCIState *s, AHCIDevice *d, 174 int irq_type) 175 { 176 DPRINTF(d->port_no, "trigger irq %#x -> %x\n", 177 irq_type, d->port_regs.irq_mask & irq_type); 178 179 d->port_regs.irq_stat |= irq_type; 180 ahci_check_irq(s); 181 } 182 183 static void map_page(AddressSpace *as, uint8_t **ptr, uint64_t addr, 184 uint32_t wanted) 185 { 186 hwaddr len = wanted; 187 188 if (*ptr) { 189 dma_memory_unmap(as, *ptr, len, DMA_DIRECTION_FROM_DEVICE, len); 190 } 191 192 *ptr = dma_memory_map(as, addr, &len, DMA_DIRECTION_FROM_DEVICE); 193 if (len < wanted) { 194 dma_memory_unmap(as, *ptr, len, DMA_DIRECTION_FROM_DEVICE, len); 195 *ptr = NULL; 196 } 197 } 198 199 /** 200 * Check the cmd register to see if we should start or stop 201 * the DMA or FIS RX engines. 202 * 203 * @ad: Device to engage. 204 * @allow_stop: Allow device to transition from started to stopped? 205 * 'no' is useful for migration post_load, which does not expect a transition. 206 * 207 * @return 0 on success, -1 on error. 208 */ 209 static int ahci_cond_start_engines(AHCIDevice *ad, bool allow_stop) 210 { 211 AHCIPortRegs *pr = &ad->port_regs; 212 213 if (pr->cmd & PORT_CMD_START) { 214 if (ahci_map_clb_address(ad)) { 215 pr->cmd |= PORT_CMD_LIST_ON; 216 } else { 217 error_report("AHCI: Failed to start DMA engine: " 218 "bad command list buffer address"); 219 return -1; 220 } 221 } else if (pr->cmd & PORT_CMD_LIST_ON) { 222 if (allow_stop) { 223 ahci_unmap_clb_address(ad); 224 pr->cmd = pr->cmd & ~(PORT_CMD_LIST_ON); 225 } else { 226 error_report("AHCI: DMA engine should be off, " 227 "but appears to still be running"); 228 return -1; 229 } 230 } 231 232 if (pr->cmd & PORT_CMD_FIS_RX) { 233 if (ahci_map_fis_address(ad)) { 234 pr->cmd |= PORT_CMD_FIS_ON; 235 } else { 236 error_report("AHCI: Failed to start FIS receive engine: " 237 "bad FIS receive buffer address"); 238 return -1; 239 } 240 } else if (pr->cmd & PORT_CMD_FIS_ON) { 241 if (allow_stop) { 242 ahci_unmap_fis_address(ad); 243 pr->cmd = pr->cmd & ~(PORT_CMD_FIS_ON); 244 } else { 245 error_report("AHCI: FIS receive engine should be off, " 246 "but appears to still be running"); 247 return -1; 248 } 249 } 250 251 return 0; 252 } 253 254 static void ahci_port_write(AHCIState *s, int port, int offset, uint32_t val) 255 { 256 AHCIPortRegs *pr = &s->dev[port].port_regs; 257 258 DPRINTF(port, "offset: 0x%x val: 0x%x\n", offset, val); 259 switch (offset) { 260 case PORT_LST_ADDR: 261 pr->lst_addr = val; 262 break; 263 case PORT_LST_ADDR_HI: 264 pr->lst_addr_hi = val; 265 break; 266 case PORT_FIS_ADDR: 267 pr->fis_addr = val; 268 break; 269 case PORT_FIS_ADDR_HI: 270 pr->fis_addr_hi = val; 271 break; 272 case PORT_IRQ_STAT: 273 pr->irq_stat &= ~val; 274 ahci_check_irq(s); 275 break; 276 case PORT_IRQ_MASK: 277 pr->irq_mask = val & 0xfdc000ff; 278 ahci_check_irq(s); 279 break; 280 case PORT_CMD: 281 /* Block any Read-only fields from being set; 282 * including LIST_ON and FIS_ON. 283 * The spec requires to set ICC bits to zero after the ICC change 284 * is done. We don't support ICC state changes, therefore always 285 * force the ICC bits to zero. 286 */ 287 pr->cmd = (pr->cmd & PORT_CMD_RO_MASK) | 288 (val & ~(PORT_CMD_RO_MASK|PORT_CMD_ICC_MASK)); 289 290 /* Check FIS RX and CLB engines, allow transition to false: */ 291 ahci_cond_start_engines(&s->dev[port], true); 292 293 /* XXX usually the FIS would be pending on the bus here and 294 issuing deferred until the OS enables FIS receival. 295 Instead, we only submit it once - which works in most 296 cases, but is a hack. */ 297 if ((pr->cmd & PORT_CMD_FIS_ON) && 298 !s->dev[port].init_d2h_sent) { 299 ahci_init_d2h(&s->dev[port]); 300 s->dev[port].init_d2h_sent = true; 301 } 302 303 check_cmd(s, port); 304 break; 305 case PORT_TFDATA: 306 /* Read Only. */ 307 break; 308 case PORT_SIG: 309 /* Read Only */ 310 break; 311 case PORT_SCR_STAT: 312 /* Read Only */ 313 break; 314 case PORT_SCR_CTL: 315 if (((pr->scr_ctl & AHCI_SCR_SCTL_DET) == 1) && 316 ((val & AHCI_SCR_SCTL_DET) == 0)) { 317 ahci_reset_port(s, port); 318 } 319 pr->scr_ctl = val; 320 break; 321 case PORT_SCR_ERR: 322 pr->scr_err &= ~val; 323 break; 324 case PORT_SCR_ACT: 325 /* RW1 */ 326 pr->scr_act |= val; 327 break; 328 case PORT_CMD_ISSUE: 329 pr->cmd_issue |= val; 330 check_cmd(s, port); 331 break; 332 default: 333 break; 334 } 335 } 336 337 static uint64_t ahci_mem_read_32(void *opaque, hwaddr addr) 338 { 339 AHCIState *s = opaque; 340 uint32_t val = 0; 341 342 if (addr < AHCI_GENERIC_HOST_CONTROL_REGS_MAX_ADDR) { 343 switch (addr) { 344 case HOST_CAP: 345 val = s->control_regs.cap; 346 break; 347 case HOST_CTL: 348 val = s->control_regs.ghc; 349 break; 350 case HOST_IRQ_STAT: 351 val = s->control_regs.irqstatus; 352 break; 353 case HOST_PORTS_IMPL: 354 val = s->control_regs.impl; 355 break; 356 case HOST_VERSION: 357 val = s->control_regs.version; 358 break; 359 } 360 361 DPRINTF(-1, "(addr 0x%08X), val 0x%08X\n", (unsigned) addr, val); 362 } else if ((addr >= AHCI_PORT_REGS_START_ADDR) && 363 (addr < (AHCI_PORT_REGS_START_ADDR + 364 (s->ports * AHCI_PORT_ADDR_OFFSET_LEN)))) { 365 val = ahci_port_read(s, (addr - AHCI_PORT_REGS_START_ADDR) >> 7, 366 addr & AHCI_PORT_ADDR_OFFSET_MASK); 367 } 368 369 return val; 370 } 371 372 373 /** 374 * AHCI 1.3 section 3 ("HBA Memory Registers") 375 * Support unaligned 8/16/32 bit reads, and 64 bit aligned reads. 376 * Caller is responsible for masking unwanted higher order bytes. 377 */ 378 static uint64_t ahci_mem_read(void *opaque, hwaddr addr, unsigned size) 379 { 380 hwaddr aligned = addr & ~0x3; 381 int ofst = addr - aligned; 382 uint64_t lo = ahci_mem_read_32(opaque, aligned); 383 uint64_t hi; 384 385 /* if < 8 byte read does not cross 4 byte boundary */ 386 if (ofst + size <= 4) { 387 return lo >> (ofst * 8); 388 } 389 g_assert_cmpint(size, >, 1); 390 391 /* If the 64bit read is unaligned, we will produce undefined 392 * results. AHCI does not support unaligned 64bit reads. */ 393 hi = ahci_mem_read_32(opaque, aligned + 4); 394 return (hi << 32 | lo) >> (ofst * 8); 395 } 396 397 398 static void ahci_mem_write(void *opaque, hwaddr addr, 399 uint64_t val, unsigned size) 400 { 401 AHCIState *s = opaque; 402 403 /* Only aligned reads are allowed on AHCI */ 404 if (addr & 3) { 405 fprintf(stderr, "ahci: Mis-aligned write to addr 0x" 406 TARGET_FMT_plx "\n", addr); 407 return; 408 } 409 410 if (addr < AHCI_GENERIC_HOST_CONTROL_REGS_MAX_ADDR) { 411 DPRINTF(-1, "(addr 0x%08X), val 0x%08"PRIX64"\n", (unsigned) addr, val); 412 413 switch (addr) { 414 case HOST_CAP: /* R/WO, RO */ 415 /* FIXME handle R/WO */ 416 break; 417 case HOST_CTL: /* R/W */ 418 if (val & HOST_CTL_RESET) { 419 DPRINTF(-1, "HBA Reset\n"); 420 ahci_reset(s); 421 } else { 422 s->control_regs.ghc = (val & 0x3) | HOST_CTL_AHCI_EN; 423 ahci_check_irq(s); 424 } 425 break; 426 case HOST_IRQ_STAT: /* R/WC, RO */ 427 s->control_regs.irqstatus &= ~val; 428 ahci_check_irq(s); 429 break; 430 case HOST_PORTS_IMPL: /* R/WO, RO */ 431 /* FIXME handle R/WO */ 432 break; 433 case HOST_VERSION: /* RO */ 434 /* FIXME report write? */ 435 break; 436 default: 437 DPRINTF(-1, "write to unknown register 0x%x\n", (unsigned)addr); 438 } 439 } else if ((addr >= AHCI_PORT_REGS_START_ADDR) && 440 (addr < (AHCI_PORT_REGS_START_ADDR + 441 (s->ports * AHCI_PORT_ADDR_OFFSET_LEN)))) { 442 ahci_port_write(s, (addr - AHCI_PORT_REGS_START_ADDR) >> 7, 443 addr & AHCI_PORT_ADDR_OFFSET_MASK, val); 444 } 445 446 } 447 448 static const MemoryRegionOps ahci_mem_ops = { 449 .read = ahci_mem_read, 450 .write = ahci_mem_write, 451 .endianness = DEVICE_LITTLE_ENDIAN, 452 }; 453 454 static uint64_t ahci_idp_read(void *opaque, hwaddr addr, 455 unsigned size) 456 { 457 AHCIState *s = opaque; 458 459 if (addr == s->idp_offset) { 460 /* index register */ 461 return s->idp_index; 462 } else if (addr == s->idp_offset + 4) { 463 /* data register - do memory read at location selected by index */ 464 return ahci_mem_read(opaque, s->idp_index, size); 465 } else { 466 return 0; 467 } 468 } 469 470 static void ahci_idp_write(void *opaque, hwaddr addr, 471 uint64_t val, unsigned size) 472 { 473 AHCIState *s = opaque; 474 475 if (addr == s->idp_offset) { 476 /* index register - mask off reserved bits */ 477 s->idp_index = (uint32_t)val & ((AHCI_MEM_BAR_SIZE - 1) & ~3); 478 } else if (addr == s->idp_offset + 4) { 479 /* data register - do memory write at location selected by index */ 480 ahci_mem_write(opaque, s->idp_index, val, size); 481 } 482 } 483 484 static const MemoryRegionOps ahci_idp_ops = { 485 .read = ahci_idp_read, 486 .write = ahci_idp_write, 487 .endianness = DEVICE_LITTLE_ENDIAN, 488 }; 489 490 491 static void ahci_reg_init(AHCIState *s) 492 { 493 int i; 494 495 s->control_regs.cap = (s->ports - 1) | 496 (AHCI_NUM_COMMAND_SLOTS << 8) | 497 (AHCI_SUPPORTED_SPEED_GEN1 << AHCI_SUPPORTED_SPEED) | 498 HOST_CAP_NCQ | HOST_CAP_AHCI; 499 500 s->control_regs.impl = (1 << s->ports) - 1; 501 502 s->control_regs.version = AHCI_VERSION_1_0; 503 504 for (i = 0; i < s->ports; i++) { 505 s->dev[i].port_state = STATE_RUN; 506 } 507 } 508 509 static void check_cmd(AHCIState *s, int port) 510 { 511 AHCIPortRegs *pr = &s->dev[port].port_regs; 512 uint8_t slot; 513 514 if ((pr->cmd & PORT_CMD_START) && pr->cmd_issue) { 515 for (slot = 0; (slot < 32) && pr->cmd_issue; slot++) { 516 if ((pr->cmd_issue & (1U << slot)) && 517 !handle_cmd(s, port, slot)) { 518 pr->cmd_issue &= ~(1U << slot); 519 } 520 } 521 } 522 } 523 524 static void ahci_check_cmd_bh(void *opaque) 525 { 526 AHCIDevice *ad = opaque; 527 528 qemu_bh_delete(ad->check_bh); 529 ad->check_bh = NULL; 530 531 if ((ad->busy_slot != -1) && 532 !(ad->port.ifs[0].status & (BUSY_STAT|DRQ_STAT))) { 533 /* no longer busy */ 534 ad->port_regs.cmd_issue &= ~(1 << ad->busy_slot); 535 ad->busy_slot = -1; 536 } 537 538 check_cmd(ad->hba, ad->port_no); 539 } 540 541 static void ahci_init_d2h(AHCIDevice *ad) 542 { 543 uint8_t init_fis[20]; 544 IDEState *ide_state = &ad->port.ifs[0]; 545 546 memset(init_fis, 0, sizeof(init_fis)); 547 548 init_fis[4] = 1; 549 init_fis[12] = 1; 550 551 if (ide_state->drive_kind == IDE_CD) { 552 init_fis[5] = ide_state->lcyl; 553 init_fis[6] = ide_state->hcyl; 554 } 555 556 ahci_write_fis_d2h(ad, init_fis); 557 } 558 559 static void ahci_reset_port(AHCIState *s, int port) 560 { 561 AHCIDevice *d = &s->dev[port]; 562 AHCIPortRegs *pr = &d->port_regs; 563 IDEState *ide_state = &d->port.ifs[0]; 564 int i; 565 566 DPRINTF(port, "reset port\n"); 567 568 ide_bus_reset(&d->port); 569 ide_state->ncq_queues = AHCI_MAX_CMDS; 570 571 pr->scr_stat = 0; 572 pr->scr_err = 0; 573 pr->scr_act = 0; 574 pr->tfdata = 0x7F; 575 pr->sig = 0xFFFFFFFF; 576 d->busy_slot = -1; 577 d->init_d2h_sent = false; 578 579 ide_state = &s->dev[port].port.ifs[0]; 580 if (!ide_state->blk) { 581 return; 582 } 583 584 /* reset ncq queue */ 585 for (i = 0; i < AHCI_MAX_CMDS; i++) { 586 NCQTransferState *ncq_tfs = &s->dev[port].ncq_tfs[i]; 587 ncq_tfs->halt = false; 588 if (!ncq_tfs->used) { 589 continue; 590 } 591 592 if (ncq_tfs->aiocb) { 593 blk_aio_cancel(ncq_tfs->aiocb); 594 ncq_tfs->aiocb = NULL; 595 } 596 597 /* Maybe we just finished the request thanks to blk_aio_cancel() */ 598 if (!ncq_tfs->used) { 599 continue; 600 } 601 602 qemu_sglist_destroy(&ncq_tfs->sglist); 603 ncq_tfs->used = 0; 604 } 605 606 s->dev[port].port_state = STATE_RUN; 607 if (!ide_state->blk) { 608 pr->sig = 0; 609 ide_state->status = SEEK_STAT | WRERR_STAT; 610 } else if (ide_state->drive_kind == IDE_CD) { 611 pr->sig = SATA_SIGNATURE_CDROM; 612 ide_state->lcyl = 0x14; 613 ide_state->hcyl = 0xeb; 614 DPRINTF(port, "set lcyl = %d\n", ide_state->lcyl); 615 ide_state->status = SEEK_STAT | WRERR_STAT | READY_STAT; 616 } else { 617 pr->sig = SATA_SIGNATURE_DISK; 618 ide_state->status = SEEK_STAT | WRERR_STAT; 619 } 620 621 ide_state->error = 1; 622 ahci_init_d2h(d); 623 } 624 625 static void debug_print_fis(uint8_t *fis, int cmd_len) 626 { 627 #if DEBUG_AHCI 628 int i; 629 630 fprintf(stderr, "fis:"); 631 for (i = 0; i < cmd_len; i++) { 632 if ((i & 0xf) == 0) { 633 fprintf(stderr, "\n%02x:",i); 634 } 635 fprintf(stderr, "%02x ",fis[i]); 636 } 637 fprintf(stderr, "\n"); 638 #endif 639 } 640 641 static bool ahci_map_fis_address(AHCIDevice *ad) 642 { 643 AHCIPortRegs *pr = &ad->port_regs; 644 map_page(ad->hba->as, &ad->res_fis, 645 ((uint64_t)pr->fis_addr_hi << 32) | pr->fis_addr, 256); 646 return ad->res_fis != NULL; 647 } 648 649 static void ahci_unmap_fis_address(AHCIDevice *ad) 650 { 651 dma_memory_unmap(ad->hba->as, ad->res_fis, 256, 652 DMA_DIRECTION_FROM_DEVICE, 256); 653 ad->res_fis = NULL; 654 } 655 656 static bool ahci_map_clb_address(AHCIDevice *ad) 657 { 658 AHCIPortRegs *pr = &ad->port_regs; 659 ad->cur_cmd = NULL; 660 map_page(ad->hba->as, &ad->lst, 661 ((uint64_t)pr->lst_addr_hi << 32) | pr->lst_addr, 1024); 662 return ad->lst != NULL; 663 } 664 665 static void ahci_unmap_clb_address(AHCIDevice *ad) 666 { 667 dma_memory_unmap(ad->hba->as, ad->lst, 1024, 668 DMA_DIRECTION_FROM_DEVICE, 1024); 669 ad->lst = NULL; 670 } 671 672 static void ahci_write_fis_sdb(AHCIState *s, NCQTransferState *ncq_tfs) 673 { 674 AHCIDevice *ad = ncq_tfs->drive; 675 AHCIPortRegs *pr = &ad->port_regs; 676 IDEState *ide_state; 677 SDBFIS *sdb_fis; 678 679 if (!ad->res_fis || 680 !(pr->cmd & PORT_CMD_FIS_RX)) { 681 return; 682 } 683 684 sdb_fis = (SDBFIS *)&ad->res_fis[RES_FIS_SDBFIS]; 685 ide_state = &ad->port.ifs[0]; 686 687 sdb_fis->type = SATA_FIS_TYPE_SDB; 688 /* Interrupt pending & Notification bit */ 689 sdb_fis->flags = 0x40; /* Interrupt bit, always 1 for NCQ */ 690 sdb_fis->status = ide_state->status & 0x77; 691 sdb_fis->error = ide_state->error; 692 /* update SAct field in SDB_FIS */ 693 sdb_fis->payload = cpu_to_le32(ad->finished); 694 695 /* Update shadow registers (except BSY 0x80 and DRQ 0x08) */ 696 pr->tfdata = (ad->port.ifs[0].error << 8) | 697 (ad->port.ifs[0].status & 0x77) | 698 (pr->tfdata & 0x88); 699 pr->scr_act &= ~ad->finished; 700 ad->finished = 0; 701 702 /* Trigger IRQ if interrupt bit is set (which currently, it always is) */ 703 if (sdb_fis->flags & 0x40) { 704 ahci_trigger_irq(s, ad, PORT_IRQ_SDB_FIS); 705 } 706 } 707 708 static void ahci_write_fis_pio(AHCIDevice *ad, uint16_t len) 709 { 710 AHCIPortRegs *pr = &ad->port_regs; 711 uint8_t *pio_fis; 712 IDEState *s = &ad->port.ifs[0]; 713 714 if (!ad->res_fis || !(pr->cmd & PORT_CMD_FIS_RX)) { 715 return; 716 } 717 718 pio_fis = &ad->res_fis[RES_FIS_PSFIS]; 719 720 pio_fis[0] = SATA_FIS_TYPE_PIO_SETUP; 721 pio_fis[1] = (ad->hba->control_regs.irqstatus ? (1 << 6) : 0); 722 pio_fis[2] = s->status; 723 pio_fis[3] = s->error; 724 725 pio_fis[4] = s->sector; 726 pio_fis[5] = s->lcyl; 727 pio_fis[6] = s->hcyl; 728 pio_fis[7] = s->select; 729 pio_fis[8] = s->hob_sector; 730 pio_fis[9] = s->hob_lcyl; 731 pio_fis[10] = s->hob_hcyl; 732 pio_fis[11] = 0; 733 pio_fis[12] = s->nsector & 0xFF; 734 pio_fis[13] = (s->nsector >> 8) & 0xFF; 735 pio_fis[14] = 0; 736 pio_fis[15] = s->status; 737 pio_fis[16] = len & 255; 738 pio_fis[17] = len >> 8; 739 pio_fis[18] = 0; 740 pio_fis[19] = 0; 741 742 /* Update shadow registers: */ 743 pr->tfdata = (ad->port.ifs[0].error << 8) | 744 ad->port.ifs[0].status; 745 746 if (pio_fis[2] & ERR_STAT) { 747 ahci_trigger_irq(ad->hba, ad, PORT_IRQ_TF_ERR); 748 } 749 750 ahci_trigger_irq(ad->hba, ad, PORT_IRQ_PIOS_FIS); 751 } 752 753 static void ahci_write_fis_d2h(AHCIDevice *ad, uint8_t *cmd_fis) 754 { 755 AHCIPortRegs *pr = &ad->port_regs; 756 uint8_t *d2h_fis; 757 int i; 758 IDEState *s = &ad->port.ifs[0]; 759 760 if (!ad->res_fis || !(pr->cmd & PORT_CMD_FIS_RX)) { 761 return; 762 } 763 764 d2h_fis = &ad->res_fis[RES_FIS_RFIS]; 765 766 d2h_fis[0] = SATA_FIS_TYPE_REGISTER_D2H; 767 d2h_fis[1] = (ad->hba->control_regs.irqstatus ? (1 << 6) : 0); 768 d2h_fis[2] = s->status; 769 d2h_fis[3] = s->error; 770 771 d2h_fis[4] = s->sector; 772 d2h_fis[5] = s->lcyl; 773 d2h_fis[6] = s->hcyl; 774 d2h_fis[7] = s->select; 775 d2h_fis[8] = s->hob_sector; 776 d2h_fis[9] = s->hob_lcyl; 777 d2h_fis[10] = s->hob_hcyl; 778 d2h_fis[11] = 0; 779 d2h_fis[12] = s->nsector & 0xFF; 780 d2h_fis[13] = (s->nsector >> 8) & 0xFF; 781 for (i = 14; i < 20; i++) { 782 d2h_fis[i] = 0; 783 } 784 785 /* Update shadow registers: */ 786 pr->tfdata = (ad->port.ifs[0].error << 8) | 787 ad->port.ifs[0].status; 788 789 if (d2h_fis[2] & ERR_STAT) { 790 ahci_trigger_irq(ad->hba, ad, PORT_IRQ_TF_ERR); 791 } 792 793 ahci_trigger_irq(ad->hba, ad, PORT_IRQ_D2H_REG_FIS); 794 } 795 796 static int prdt_tbl_entry_size(const AHCI_SG *tbl) 797 { 798 /* flags_size is zero-based */ 799 return (le32_to_cpu(tbl->flags_size) & AHCI_PRDT_SIZE_MASK) + 1; 800 } 801 802 static int ahci_populate_sglist(AHCIDevice *ad, QEMUSGList *sglist, 803 AHCICmdHdr *cmd, int64_t limit, int32_t offset) 804 { 805 uint16_t opts = le16_to_cpu(cmd->opts); 806 uint16_t prdtl = le16_to_cpu(cmd->prdtl); 807 uint64_t cfis_addr = le64_to_cpu(cmd->tbl_addr); 808 uint64_t prdt_addr = cfis_addr + 0x80; 809 dma_addr_t prdt_len = (prdtl * sizeof(AHCI_SG)); 810 dma_addr_t real_prdt_len = prdt_len; 811 uint8_t *prdt; 812 int i; 813 int r = 0; 814 uint64_t sum = 0; 815 int off_idx = -1; 816 int64_t off_pos = -1; 817 int tbl_entry_size; 818 IDEBus *bus = &ad->port; 819 BusState *qbus = BUS(bus); 820 821 /* 822 * Note: AHCI PRDT can describe up to 256GiB. SATA/ATA only support 823 * transactions of up to 32MiB as of ATA8-ACS3 rev 1b, assuming a 824 * 512 byte sector size. We limit the PRDT in this implementation to 825 * a reasonably large 2GiB, which can accommodate the maximum transfer 826 * request for sector sizes up to 32K. 827 */ 828 829 if (!prdtl) { 830 DPRINTF(ad->port_no, "no sg list given by guest: 0x%08x\n", opts); 831 return -1; 832 } 833 834 /* map PRDT */ 835 if (!(prdt = dma_memory_map(ad->hba->as, prdt_addr, &prdt_len, 836 DMA_DIRECTION_TO_DEVICE))){ 837 DPRINTF(ad->port_no, "map failed\n"); 838 return -1; 839 } 840 841 if (prdt_len < real_prdt_len) { 842 DPRINTF(ad->port_no, "mapped less than expected\n"); 843 r = -1; 844 goto out; 845 } 846 847 /* Get entries in the PRDT, init a qemu sglist accordingly */ 848 if (prdtl > 0) { 849 AHCI_SG *tbl = (AHCI_SG *)prdt; 850 sum = 0; 851 for (i = 0; i < prdtl; i++) { 852 tbl_entry_size = prdt_tbl_entry_size(&tbl[i]); 853 if (offset < (sum + tbl_entry_size)) { 854 off_idx = i; 855 off_pos = offset - sum; 856 break; 857 } 858 sum += tbl_entry_size; 859 } 860 if ((off_idx == -1) || (off_pos < 0) || (off_pos > tbl_entry_size)) { 861 DPRINTF(ad->port_no, "%s: Incorrect offset! " 862 "off_idx: %d, off_pos: %"PRId64"\n", 863 __func__, off_idx, off_pos); 864 r = -1; 865 goto out; 866 } 867 868 qemu_sglist_init(sglist, qbus->parent, (prdtl - off_idx), 869 ad->hba->as); 870 qemu_sglist_add(sglist, le64_to_cpu(tbl[off_idx].addr) + off_pos, 871 MIN(prdt_tbl_entry_size(&tbl[off_idx]) - off_pos, 872 limit)); 873 874 for (i = off_idx + 1; i < prdtl && sglist->size < limit; i++) { 875 qemu_sglist_add(sglist, le64_to_cpu(tbl[i].addr), 876 MIN(prdt_tbl_entry_size(&tbl[i]), 877 limit - sglist->size)); 878 if (sglist->size > INT32_MAX) { 879 error_report("AHCI Physical Region Descriptor Table describes " 880 "more than 2 GiB.\n"); 881 qemu_sglist_destroy(sglist); 882 r = -1; 883 goto out; 884 } 885 } 886 } 887 888 out: 889 dma_memory_unmap(ad->hba->as, prdt, prdt_len, 890 DMA_DIRECTION_TO_DEVICE, prdt_len); 891 return r; 892 } 893 894 static void ncq_err(NCQTransferState *ncq_tfs) 895 { 896 IDEState *ide_state = &ncq_tfs->drive->port.ifs[0]; 897 898 ide_state->error = ABRT_ERR; 899 ide_state->status = READY_STAT | ERR_STAT; 900 ncq_tfs->drive->port_regs.scr_err |= (1 << ncq_tfs->tag); 901 } 902 903 static void ncq_finish(NCQTransferState *ncq_tfs) 904 { 905 /* If we didn't error out, set our finished bit. Errored commands 906 * do not get a bit set for the SDB FIS ACT register, nor do they 907 * clear the outstanding bit in scr_act (PxSACT). */ 908 if (!(ncq_tfs->drive->port_regs.scr_err & (1 << ncq_tfs->tag))) { 909 ncq_tfs->drive->finished |= (1 << ncq_tfs->tag); 910 } 911 912 ahci_write_fis_sdb(ncq_tfs->drive->hba, ncq_tfs); 913 914 DPRINTF(ncq_tfs->drive->port_no, "NCQ transfer tag %d finished\n", 915 ncq_tfs->tag); 916 917 block_acct_done(blk_get_stats(ncq_tfs->drive->port.ifs[0].blk), 918 &ncq_tfs->acct); 919 qemu_sglist_destroy(&ncq_tfs->sglist); 920 ncq_tfs->used = 0; 921 } 922 923 static void ncq_cb(void *opaque, int ret) 924 { 925 NCQTransferState *ncq_tfs = (NCQTransferState *)opaque; 926 IDEState *ide_state = &ncq_tfs->drive->port.ifs[0]; 927 928 if (ret == -ECANCELED) { 929 return; 930 } 931 932 if (ret < 0) { 933 bool is_read = ncq_tfs->cmd == READ_FPDMA_QUEUED; 934 BlockErrorAction action = blk_get_error_action(ide_state->blk, 935 is_read, -ret); 936 if (action == BLOCK_ERROR_ACTION_STOP) { 937 ncq_tfs->halt = true; 938 ide_state->bus->error_status = IDE_RETRY_HBA; 939 } else if (action == BLOCK_ERROR_ACTION_REPORT) { 940 ncq_err(ncq_tfs); 941 } 942 blk_error_action(ide_state->blk, action, is_read, -ret); 943 } else { 944 ide_state->status = READY_STAT | SEEK_STAT; 945 } 946 947 if (!ncq_tfs->halt) { 948 ncq_finish(ncq_tfs); 949 } 950 } 951 952 static int is_ncq(uint8_t ata_cmd) 953 { 954 /* Based on SATA 3.2 section 13.6.3.2 */ 955 switch (ata_cmd) { 956 case READ_FPDMA_QUEUED: 957 case WRITE_FPDMA_QUEUED: 958 case NCQ_NON_DATA: 959 case RECEIVE_FPDMA_QUEUED: 960 case SEND_FPDMA_QUEUED: 961 return 1; 962 default: 963 return 0; 964 } 965 } 966 967 static void execute_ncq_command(NCQTransferState *ncq_tfs) 968 { 969 AHCIDevice *ad = ncq_tfs->drive; 970 IDEState *ide_state = &ad->port.ifs[0]; 971 int port = ad->port_no; 972 973 g_assert(is_ncq(ncq_tfs->cmd)); 974 ncq_tfs->halt = false; 975 976 switch (ncq_tfs->cmd) { 977 case READ_FPDMA_QUEUED: 978 DPRINTF(port, "NCQ reading %d sectors from LBA %"PRId64", tag %d\n", 979 ncq_tfs->sector_count, ncq_tfs->lba, ncq_tfs->tag); 980 981 DPRINTF(port, "tag %d aio read %"PRId64"\n", 982 ncq_tfs->tag, ncq_tfs->lba); 983 984 dma_acct_start(ide_state->blk, &ncq_tfs->acct, 985 &ncq_tfs->sglist, BLOCK_ACCT_READ); 986 ncq_tfs->aiocb = dma_blk_read(ide_state->blk, &ncq_tfs->sglist, 987 ncq_tfs->lba, ncq_cb, ncq_tfs); 988 break; 989 case WRITE_FPDMA_QUEUED: 990 DPRINTF(port, "NCQ writing %d sectors to LBA %"PRId64", tag %d\n", 991 ncq_tfs->sector_count, ncq_tfs->lba, ncq_tfs->tag); 992 993 DPRINTF(port, "tag %d aio write %"PRId64"\n", 994 ncq_tfs->tag, ncq_tfs->lba); 995 996 dma_acct_start(ide_state->blk, &ncq_tfs->acct, 997 &ncq_tfs->sglist, BLOCK_ACCT_WRITE); 998 ncq_tfs->aiocb = dma_blk_write(ide_state->blk, &ncq_tfs->sglist, 999 ncq_tfs->lba, ncq_cb, ncq_tfs); 1000 break; 1001 default: 1002 DPRINTF(port, "error: unsupported NCQ command (0x%02x) received\n", 1003 ncq_tfs->cmd); 1004 qemu_sglist_destroy(&ncq_tfs->sglist); 1005 ncq_err(ncq_tfs); 1006 } 1007 } 1008 1009 1010 static void process_ncq_command(AHCIState *s, int port, uint8_t *cmd_fis, 1011 uint8_t slot) 1012 { 1013 AHCIDevice *ad = &s->dev[port]; 1014 IDEState *ide_state = &ad->port.ifs[0]; 1015 NCQFrame *ncq_fis = (NCQFrame*)cmd_fis; 1016 uint8_t tag = ncq_fis->tag >> 3; 1017 NCQTransferState *ncq_tfs = &ad->ncq_tfs[tag]; 1018 size_t size; 1019 1020 g_assert(is_ncq(ncq_fis->command)); 1021 if (ncq_tfs->used) { 1022 /* error - already in use */ 1023 fprintf(stderr, "%s: tag %d already used\n", __FUNCTION__, tag); 1024 return; 1025 } 1026 1027 ncq_tfs->used = 1; 1028 ncq_tfs->drive = ad; 1029 ncq_tfs->slot = slot; 1030 ncq_tfs->cmdh = &((AHCICmdHdr *)ad->lst)[slot]; 1031 ncq_tfs->cmd = ncq_fis->command; 1032 ncq_tfs->lba = ((uint64_t)ncq_fis->lba5 << 40) | 1033 ((uint64_t)ncq_fis->lba4 << 32) | 1034 ((uint64_t)ncq_fis->lba3 << 24) | 1035 ((uint64_t)ncq_fis->lba2 << 16) | 1036 ((uint64_t)ncq_fis->lba1 << 8) | 1037 (uint64_t)ncq_fis->lba0; 1038 ncq_tfs->tag = tag; 1039 1040 /* Sanity-check the NCQ packet */ 1041 if (tag != slot) { 1042 DPRINTF(port, "Warn: NCQ slot (%d) did not match the given tag (%d)\n", 1043 slot, tag); 1044 } 1045 1046 if (ncq_fis->aux0 || ncq_fis->aux1 || ncq_fis->aux2 || ncq_fis->aux3) { 1047 DPRINTF(port, "Warn: Attempt to use NCQ auxiliary fields.\n"); 1048 } 1049 if (ncq_fis->prio || ncq_fis->icc) { 1050 DPRINTF(port, "Warn: Unsupported attempt to use PRIO/ICC fields\n"); 1051 } 1052 if (ncq_fis->fua & NCQ_FIS_FUA_MASK) { 1053 DPRINTF(port, "Warn: Unsupported attempt to use Force Unit Access\n"); 1054 } 1055 if (ncq_fis->tag & NCQ_FIS_RARC_MASK) { 1056 DPRINTF(port, "Warn: Unsupported attempt to use Rebuild Assist\n"); 1057 } 1058 1059 ncq_tfs->sector_count = ((ncq_fis->sector_count_high << 8) | 1060 ncq_fis->sector_count_low); 1061 if (!ncq_tfs->sector_count) { 1062 ncq_tfs->sector_count = 0x10000; 1063 } 1064 size = ncq_tfs->sector_count * 512; 1065 ahci_populate_sglist(ad, &ncq_tfs->sglist, ncq_tfs->cmdh, size, 0); 1066 1067 if (ncq_tfs->sglist.size < size) { 1068 error_report("ahci: PRDT length for NCQ command (0x%zx) " 1069 "is smaller than the requested size (0x%zx)", 1070 ncq_tfs->sglist.size, size); 1071 qemu_sglist_destroy(&ncq_tfs->sglist); 1072 ncq_err(ncq_tfs); 1073 ahci_trigger_irq(ad->hba, ad, PORT_IRQ_OVERFLOW); 1074 return; 1075 } else if (ncq_tfs->sglist.size != size) { 1076 DPRINTF(port, "Warn: PRDTL (0x%zx)" 1077 " does not match requested size (0x%zx)", 1078 ncq_tfs->sglist.size, size); 1079 } 1080 1081 DPRINTF(port, "NCQ transfer LBA from %"PRId64" to %"PRId64", " 1082 "drive max %"PRId64"\n", 1083 ncq_tfs->lba, ncq_tfs->lba + ncq_tfs->sector_count - 1, 1084 ide_state->nb_sectors - 1); 1085 1086 execute_ncq_command(ncq_tfs); 1087 } 1088 1089 static AHCICmdHdr *get_cmd_header(AHCIState *s, uint8_t port, uint8_t slot) 1090 { 1091 if (port >= s->ports || slot >= AHCI_MAX_CMDS) { 1092 return NULL; 1093 } 1094 1095 return s->dev[port].lst ? &((AHCICmdHdr *)s->dev[port].lst)[slot] : NULL; 1096 } 1097 1098 static void handle_reg_h2d_fis(AHCIState *s, int port, 1099 uint8_t slot, uint8_t *cmd_fis) 1100 { 1101 IDEState *ide_state = &s->dev[port].port.ifs[0]; 1102 AHCICmdHdr *cmd = get_cmd_header(s, port, slot); 1103 uint16_t opts = le16_to_cpu(cmd->opts); 1104 1105 if (cmd_fis[1] & 0x0F) { 1106 DPRINTF(port, "Port Multiplier not supported." 1107 " cmd_fis[0]=%02x cmd_fis[1]=%02x cmd_fis[2]=%02x\n", 1108 cmd_fis[0], cmd_fis[1], cmd_fis[2]); 1109 return; 1110 } 1111 1112 if (cmd_fis[1] & 0x70) { 1113 DPRINTF(port, "Reserved flags set in H2D Register FIS." 1114 " cmd_fis[0]=%02x cmd_fis[1]=%02x cmd_fis[2]=%02x\n", 1115 cmd_fis[0], cmd_fis[1], cmd_fis[2]); 1116 return; 1117 } 1118 1119 if (!(cmd_fis[1] & SATA_FIS_REG_H2D_UPDATE_COMMAND_REGISTER)) { 1120 switch (s->dev[port].port_state) { 1121 case STATE_RUN: 1122 if (cmd_fis[15] & ATA_SRST) { 1123 s->dev[port].port_state = STATE_RESET; 1124 } 1125 break; 1126 case STATE_RESET: 1127 if (!(cmd_fis[15] & ATA_SRST)) { 1128 ahci_reset_port(s, port); 1129 } 1130 break; 1131 } 1132 return; 1133 } 1134 1135 /* Check for NCQ command */ 1136 if (is_ncq(cmd_fis[2])) { 1137 process_ncq_command(s, port, cmd_fis, slot); 1138 return; 1139 } 1140 1141 /* Decompose the FIS: 1142 * AHCI does not interpret FIS packets, it only forwards them. 1143 * SATA 1.0 describes how to decode LBA28 and CHS FIS packets. 1144 * Later specifications, e.g, SATA 3.2, describe LBA48 FIS packets. 1145 * 1146 * ATA4 describes sector number for LBA28/CHS commands. 1147 * ATA6 describes sector number for LBA48 commands. 1148 * ATA8 deprecates CHS fully, describing only LBA28/48. 1149 * 1150 * We dutifully convert the FIS into IDE registers, and allow the 1151 * core layer to interpret them as needed. */ 1152 ide_state->feature = cmd_fis[3]; 1153 ide_state->sector = cmd_fis[4]; /* LBA 7:0 */ 1154 ide_state->lcyl = cmd_fis[5]; /* LBA 15:8 */ 1155 ide_state->hcyl = cmd_fis[6]; /* LBA 23:16 */ 1156 ide_state->select = cmd_fis[7]; /* LBA 27:24 (LBA28) */ 1157 ide_state->hob_sector = cmd_fis[8]; /* LBA 31:24 */ 1158 ide_state->hob_lcyl = cmd_fis[9]; /* LBA 39:32 */ 1159 ide_state->hob_hcyl = cmd_fis[10]; /* LBA 47:40 */ 1160 ide_state->hob_feature = cmd_fis[11]; 1161 ide_state->nsector = (int64_t)((cmd_fis[13] << 8) | cmd_fis[12]); 1162 /* 14, 16, 17, 18, 19: Reserved (SATA 1.0) */ 1163 /* 15: Only valid when UPDATE_COMMAND not set. */ 1164 1165 /* Copy the ACMD field (ATAPI packet, if any) from the AHCI command 1166 * table to ide_state->io_buffer */ 1167 if (opts & AHCI_CMD_ATAPI) { 1168 memcpy(ide_state->io_buffer, &cmd_fis[AHCI_COMMAND_TABLE_ACMD], 0x10); 1169 debug_print_fis(ide_state->io_buffer, 0x10); 1170 s->dev[port].done_atapi_packet = false; 1171 /* XXX send PIO setup FIS */ 1172 } 1173 1174 ide_state->error = 0; 1175 1176 /* Reset transferred byte counter */ 1177 cmd->status = 0; 1178 1179 /* We're ready to process the command in FIS byte 2. */ 1180 ide_exec_cmd(&s->dev[port].port, cmd_fis[2]); 1181 } 1182 1183 static int handle_cmd(AHCIState *s, int port, uint8_t slot) 1184 { 1185 IDEState *ide_state; 1186 uint64_t tbl_addr; 1187 AHCICmdHdr *cmd; 1188 uint8_t *cmd_fis; 1189 dma_addr_t cmd_len; 1190 1191 if (s->dev[port].port.ifs[0].status & (BUSY_STAT|DRQ_STAT)) { 1192 /* Engine currently busy, try again later */ 1193 DPRINTF(port, "engine busy\n"); 1194 return -1; 1195 } 1196 1197 if (!s->dev[port].lst) { 1198 DPRINTF(port, "error: lst not given but cmd handled"); 1199 return -1; 1200 } 1201 cmd = get_cmd_header(s, port, slot); 1202 /* remember current slot handle for later */ 1203 s->dev[port].cur_cmd = cmd; 1204 1205 /* The device we are working for */ 1206 ide_state = &s->dev[port].port.ifs[0]; 1207 if (!ide_state->blk) { 1208 DPRINTF(port, "error: guest accessed unused port"); 1209 return -1; 1210 } 1211 1212 tbl_addr = le64_to_cpu(cmd->tbl_addr); 1213 cmd_len = 0x80; 1214 cmd_fis = dma_memory_map(s->as, tbl_addr, &cmd_len, 1215 DMA_DIRECTION_FROM_DEVICE); 1216 if (!cmd_fis) { 1217 DPRINTF(port, "error: guest passed us an invalid cmd fis\n"); 1218 return -1; 1219 } else if (cmd_len != 0x80) { 1220 ahci_trigger_irq(s, &s->dev[port], PORT_IRQ_HBUS_ERR); 1221 DPRINTF(port, "error: dma_memory_map failed: " 1222 "(len(%02"PRIx64") != 0x80)\n", 1223 cmd_len); 1224 goto out; 1225 } 1226 debug_print_fis(cmd_fis, 0x80); 1227 1228 switch (cmd_fis[0]) { 1229 case SATA_FIS_TYPE_REGISTER_H2D: 1230 handle_reg_h2d_fis(s, port, slot, cmd_fis); 1231 break; 1232 default: 1233 DPRINTF(port, "unknown command cmd_fis[0]=%02x cmd_fis[1]=%02x " 1234 "cmd_fis[2]=%02x\n", cmd_fis[0], cmd_fis[1], 1235 cmd_fis[2]); 1236 break; 1237 } 1238 1239 out: 1240 dma_memory_unmap(s->as, cmd_fis, cmd_len, DMA_DIRECTION_FROM_DEVICE, 1241 cmd_len); 1242 1243 if (s->dev[port].port.ifs[0].status & (BUSY_STAT|DRQ_STAT)) { 1244 /* async command, complete later */ 1245 s->dev[port].busy_slot = slot; 1246 return -1; 1247 } 1248 1249 /* done handling the command */ 1250 return 0; 1251 } 1252 1253 /* DMA dev <-> ram */ 1254 static void ahci_start_transfer(IDEDMA *dma) 1255 { 1256 AHCIDevice *ad = DO_UPCAST(AHCIDevice, dma, dma); 1257 IDEState *s = &ad->port.ifs[0]; 1258 uint32_t size = (uint32_t)(s->data_end - s->data_ptr); 1259 /* write == ram -> device */ 1260 uint16_t opts = le16_to_cpu(ad->cur_cmd->opts); 1261 int is_write = opts & AHCI_CMD_WRITE; 1262 int is_atapi = opts & AHCI_CMD_ATAPI; 1263 int has_sglist = 0; 1264 1265 if (is_atapi && !ad->done_atapi_packet) { 1266 /* already prepopulated iobuffer */ 1267 ad->done_atapi_packet = true; 1268 size = 0; 1269 goto out; 1270 } 1271 1272 if (ahci_dma_prepare_buf(dma, size)) { 1273 has_sglist = 1; 1274 } 1275 1276 DPRINTF(ad->port_no, "%sing %d bytes on %s w/%s sglist\n", 1277 is_write ? "writ" : "read", size, is_atapi ? "atapi" : "ata", 1278 has_sglist ? "" : "o"); 1279 1280 if (has_sglist && size) { 1281 if (is_write) { 1282 dma_buf_write(s->data_ptr, size, &s->sg); 1283 } else { 1284 dma_buf_read(s->data_ptr, size, &s->sg); 1285 } 1286 } 1287 1288 out: 1289 /* declare that we processed everything */ 1290 s->data_ptr = s->data_end; 1291 1292 /* Update number of transferred bytes, destroy sglist */ 1293 ahci_commit_buf(dma, size); 1294 1295 s->end_transfer_func(s); 1296 1297 if (!(s->status & DRQ_STAT)) { 1298 /* done with PIO send/receive */ 1299 ahci_write_fis_pio(ad, le32_to_cpu(ad->cur_cmd->status)); 1300 } 1301 } 1302 1303 static void ahci_start_dma(IDEDMA *dma, IDEState *s, 1304 BlockCompletionFunc *dma_cb) 1305 { 1306 AHCIDevice *ad = DO_UPCAST(AHCIDevice, dma, dma); 1307 DPRINTF(ad->port_no, "\n"); 1308 s->io_buffer_offset = 0; 1309 dma_cb(s, 0); 1310 } 1311 1312 static void ahci_restart_dma(IDEDMA *dma) 1313 { 1314 /* Nothing to do, ahci_start_dma already resets s->io_buffer_offset. */ 1315 } 1316 1317 /** 1318 * IDE/PIO restarts are handled by the core layer, but NCQ commands 1319 * need an extra kick from the AHCI HBA. 1320 */ 1321 static void ahci_restart(IDEDMA *dma) 1322 { 1323 AHCIDevice *ad = DO_UPCAST(AHCIDevice, dma, dma); 1324 int i; 1325 1326 for (i = 0; i < AHCI_MAX_CMDS; i++) { 1327 NCQTransferState *ncq_tfs = &ad->ncq_tfs[i]; 1328 if (ncq_tfs->halt) { 1329 execute_ncq_command(ncq_tfs); 1330 } 1331 } 1332 } 1333 1334 /** 1335 * Called in DMA R/W chains to read the PRDT, utilizing ahci_populate_sglist. 1336 * Not currently invoked by PIO R/W chains, 1337 * which invoke ahci_populate_sglist via ahci_start_transfer. 1338 */ 1339 static int32_t ahci_dma_prepare_buf(IDEDMA *dma, int32_t limit) 1340 { 1341 AHCIDevice *ad = DO_UPCAST(AHCIDevice, dma, dma); 1342 IDEState *s = &ad->port.ifs[0]; 1343 1344 if (ahci_populate_sglist(ad, &s->sg, ad->cur_cmd, 1345 limit, s->io_buffer_offset) == -1) { 1346 DPRINTF(ad->port_no, "ahci_dma_prepare_buf failed.\n"); 1347 return -1; 1348 } 1349 s->io_buffer_size = s->sg.size; 1350 1351 DPRINTF(ad->port_no, "len=%#x\n", s->io_buffer_size); 1352 return s->io_buffer_size; 1353 } 1354 1355 /** 1356 * Destroys the scatter-gather list, 1357 * and updates the command header with a bytes-read value. 1358 * called explicitly via ahci_dma_rw_buf (ATAPI DMA), 1359 * and ahci_start_transfer (PIO R/W), 1360 * and called via callback from ide_dma_cb for DMA R/W paths. 1361 */ 1362 static void ahci_commit_buf(IDEDMA *dma, uint32_t tx_bytes) 1363 { 1364 AHCIDevice *ad = DO_UPCAST(AHCIDevice, dma, dma); 1365 IDEState *s = &ad->port.ifs[0]; 1366 1367 tx_bytes += le32_to_cpu(ad->cur_cmd->status); 1368 ad->cur_cmd->status = cpu_to_le32(tx_bytes); 1369 1370 qemu_sglist_destroy(&s->sg); 1371 } 1372 1373 static int ahci_dma_rw_buf(IDEDMA *dma, int is_write) 1374 { 1375 AHCIDevice *ad = DO_UPCAST(AHCIDevice, dma, dma); 1376 IDEState *s = &ad->port.ifs[0]; 1377 uint8_t *p = s->io_buffer + s->io_buffer_index; 1378 int l = s->io_buffer_size - s->io_buffer_index; 1379 1380 if (ahci_populate_sglist(ad, &s->sg, ad->cur_cmd, l, s->io_buffer_offset)) { 1381 return 0; 1382 } 1383 1384 if (is_write) { 1385 dma_buf_read(p, l, &s->sg); 1386 } else { 1387 dma_buf_write(p, l, &s->sg); 1388 } 1389 1390 /* free sglist, update byte count */ 1391 ahci_commit_buf(dma, l); 1392 1393 s->io_buffer_index += l; 1394 s->io_buffer_offset += l; 1395 1396 DPRINTF(ad->port_no, "len=%#x\n", l); 1397 1398 return 1; 1399 } 1400 1401 static void ahci_cmd_done(IDEDMA *dma) 1402 { 1403 AHCIDevice *ad = DO_UPCAST(AHCIDevice, dma, dma); 1404 1405 DPRINTF(ad->port_no, "cmd done\n"); 1406 1407 /* update d2h status */ 1408 ahci_write_fis_d2h(ad, NULL); 1409 1410 if (!ad->check_bh) { 1411 /* maybe we still have something to process, check later */ 1412 ad->check_bh = qemu_bh_new(ahci_check_cmd_bh, ad); 1413 qemu_bh_schedule(ad->check_bh); 1414 } 1415 } 1416 1417 static void ahci_irq_set(void *opaque, int n, int level) 1418 { 1419 } 1420 1421 static const IDEDMAOps ahci_dma_ops = { 1422 .start_dma = ahci_start_dma, 1423 .restart = ahci_restart, 1424 .restart_dma = ahci_restart_dma, 1425 .start_transfer = ahci_start_transfer, 1426 .prepare_buf = ahci_dma_prepare_buf, 1427 .commit_buf = ahci_commit_buf, 1428 .rw_buf = ahci_dma_rw_buf, 1429 .cmd_done = ahci_cmd_done, 1430 }; 1431 1432 void ahci_init(AHCIState *s, DeviceState *qdev, AddressSpace *as, int ports) 1433 { 1434 qemu_irq *irqs; 1435 int i; 1436 1437 s->as = as; 1438 s->ports = ports; 1439 s->dev = g_new0(AHCIDevice, ports); 1440 ahci_reg_init(s); 1441 /* XXX BAR size should be 1k, but that breaks, so bump it to 4k for now */ 1442 memory_region_init_io(&s->mem, OBJECT(qdev), &ahci_mem_ops, s, 1443 "ahci", AHCI_MEM_BAR_SIZE); 1444 memory_region_init_io(&s->idp, OBJECT(qdev), &ahci_idp_ops, s, 1445 "ahci-idp", 32); 1446 1447 irqs = qemu_allocate_irqs(ahci_irq_set, s, s->ports); 1448 1449 for (i = 0; i < s->ports; i++) { 1450 AHCIDevice *ad = &s->dev[i]; 1451 1452 ide_bus_new(&ad->port, sizeof(ad->port), qdev, i, 1); 1453 ide_init2(&ad->port, irqs[i]); 1454 1455 ad->hba = s; 1456 ad->port_no = i; 1457 ad->port.dma = &ad->dma; 1458 ad->port.dma->ops = &ahci_dma_ops; 1459 ide_register_restart_cb(&ad->port); 1460 } 1461 } 1462 1463 void ahci_uninit(AHCIState *s) 1464 { 1465 g_free(s->dev); 1466 } 1467 1468 void ahci_reset(AHCIState *s) 1469 { 1470 AHCIPortRegs *pr; 1471 int i; 1472 1473 s->control_regs.irqstatus = 0; 1474 /* AHCI Enable (AE) 1475 * The implementation of this bit is dependent upon the value of the 1476 * CAP.SAM bit. If CAP.SAM is '0', then GHC.AE shall be read-write and 1477 * shall have a reset value of '0'. If CAP.SAM is '1', then AE shall be 1478 * read-only and shall have a reset value of '1'. 1479 * 1480 * We set HOST_CAP_AHCI so we must enable AHCI at reset. 1481 */ 1482 s->control_regs.ghc = HOST_CTL_AHCI_EN; 1483 1484 for (i = 0; i < s->ports; i++) { 1485 pr = &s->dev[i].port_regs; 1486 pr->irq_stat = 0; 1487 pr->irq_mask = 0; 1488 pr->scr_ctl = 0; 1489 pr->cmd = PORT_CMD_SPIN_UP | PORT_CMD_POWER_ON; 1490 ahci_reset_port(s, i); 1491 } 1492 } 1493 1494 static const VMStateDescription vmstate_ncq_tfs = { 1495 .name = "ncq state", 1496 .version_id = 1, 1497 .fields = (VMStateField[]) { 1498 VMSTATE_UINT32(sector_count, NCQTransferState), 1499 VMSTATE_UINT64(lba, NCQTransferState), 1500 VMSTATE_UINT8(tag, NCQTransferState), 1501 VMSTATE_UINT8(cmd, NCQTransferState), 1502 VMSTATE_UINT8(slot, NCQTransferState), 1503 VMSTATE_BOOL(used, NCQTransferState), 1504 VMSTATE_BOOL(halt, NCQTransferState), 1505 VMSTATE_END_OF_LIST() 1506 }, 1507 }; 1508 1509 static const VMStateDescription vmstate_ahci_device = { 1510 .name = "ahci port", 1511 .version_id = 1, 1512 .fields = (VMStateField[]) { 1513 VMSTATE_IDE_BUS(port, AHCIDevice), 1514 VMSTATE_IDE_DRIVE(port.ifs[0], AHCIDevice), 1515 VMSTATE_UINT32(port_state, AHCIDevice), 1516 VMSTATE_UINT32(finished, AHCIDevice), 1517 VMSTATE_UINT32(port_regs.lst_addr, AHCIDevice), 1518 VMSTATE_UINT32(port_regs.lst_addr_hi, AHCIDevice), 1519 VMSTATE_UINT32(port_regs.fis_addr, AHCIDevice), 1520 VMSTATE_UINT32(port_regs.fis_addr_hi, AHCIDevice), 1521 VMSTATE_UINT32(port_regs.irq_stat, AHCIDevice), 1522 VMSTATE_UINT32(port_regs.irq_mask, AHCIDevice), 1523 VMSTATE_UINT32(port_regs.cmd, AHCIDevice), 1524 VMSTATE_UINT32(port_regs.tfdata, AHCIDevice), 1525 VMSTATE_UINT32(port_regs.sig, AHCIDevice), 1526 VMSTATE_UINT32(port_regs.scr_stat, AHCIDevice), 1527 VMSTATE_UINT32(port_regs.scr_ctl, AHCIDevice), 1528 VMSTATE_UINT32(port_regs.scr_err, AHCIDevice), 1529 VMSTATE_UINT32(port_regs.scr_act, AHCIDevice), 1530 VMSTATE_UINT32(port_regs.cmd_issue, AHCIDevice), 1531 VMSTATE_BOOL(done_atapi_packet, AHCIDevice), 1532 VMSTATE_INT32(busy_slot, AHCIDevice), 1533 VMSTATE_BOOL(init_d2h_sent, AHCIDevice), 1534 VMSTATE_STRUCT_ARRAY(ncq_tfs, AHCIDevice, AHCI_MAX_CMDS, 1535 1, vmstate_ncq_tfs, NCQTransferState), 1536 VMSTATE_END_OF_LIST() 1537 }, 1538 }; 1539 1540 static int ahci_state_post_load(void *opaque, int version_id) 1541 { 1542 int i, j; 1543 struct AHCIDevice *ad; 1544 NCQTransferState *ncq_tfs; 1545 AHCIState *s = opaque; 1546 1547 for (i = 0; i < s->ports; i++) { 1548 ad = &s->dev[i]; 1549 1550 /* Only remap the CLB address if appropriate, disallowing a state 1551 * transition from 'on' to 'off' it should be consistent here. */ 1552 if (ahci_cond_start_engines(ad, false) != 0) { 1553 return -1; 1554 } 1555 1556 for (j = 0; j < AHCI_MAX_CMDS; j++) { 1557 ncq_tfs = &ad->ncq_tfs[j]; 1558 ncq_tfs->drive = ad; 1559 1560 if (ncq_tfs->used != ncq_tfs->halt) { 1561 return -1; 1562 } 1563 if (!ncq_tfs->halt) { 1564 continue; 1565 } 1566 if (!is_ncq(ncq_tfs->cmd)) { 1567 return -1; 1568 } 1569 if (ncq_tfs->slot != ncq_tfs->tag) { 1570 return -1; 1571 } 1572 /* If ncq_tfs->halt is justly set, the engine should be engaged, 1573 * and the command list buffer should be mapped. */ 1574 ncq_tfs->cmdh = get_cmd_header(s, i, ncq_tfs->slot); 1575 if (!ncq_tfs->cmdh) { 1576 return -1; 1577 } 1578 ahci_populate_sglist(ncq_tfs->drive, &ncq_tfs->sglist, 1579 ncq_tfs->cmdh, ncq_tfs->sector_count * 512, 1580 0); 1581 if (ncq_tfs->sector_count != ncq_tfs->sglist.size >> 9) { 1582 return -1; 1583 } 1584 } 1585 1586 1587 /* 1588 * If an error is present, ad->busy_slot will be valid and not -1. 1589 * In this case, an operation is waiting to resume and will re-check 1590 * for additional AHCI commands to execute upon completion. 1591 * 1592 * In the case where no error was present, busy_slot will be -1, 1593 * and we should check to see if there are additional commands waiting. 1594 */ 1595 if (ad->busy_slot == -1) { 1596 check_cmd(s, i); 1597 } else { 1598 /* We are in the middle of a command, and may need to access 1599 * the command header in guest memory again. */ 1600 if (ad->busy_slot < 0 || ad->busy_slot >= AHCI_MAX_CMDS) { 1601 return -1; 1602 } 1603 ad->cur_cmd = get_cmd_header(s, i, ad->busy_slot); 1604 } 1605 } 1606 1607 return 0; 1608 } 1609 1610 const VMStateDescription vmstate_ahci = { 1611 .name = "ahci", 1612 .version_id = 1, 1613 .post_load = ahci_state_post_load, 1614 .fields = (VMStateField[]) { 1615 VMSTATE_STRUCT_VARRAY_POINTER_INT32(dev, AHCIState, ports, 1616 vmstate_ahci_device, AHCIDevice), 1617 VMSTATE_UINT32(control_regs.cap, AHCIState), 1618 VMSTATE_UINT32(control_regs.ghc, AHCIState), 1619 VMSTATE_UINT32(control_regs.irqstatus, AHCIState), 1620 VMSTATE_UINT32(control_regs.impl, AHCIState), 1621 VMSTATE_UINT32(control_regs.version, AHCIState), 1622 VMSTATE_UINT32(idp_index, AHCIState), 1623 VMSTATE_INT32_EQUAL(ports, AHCIState), 1624 VMSTATE_END_OF_LIST() 1625 }, 1626 }; 1627 1628 #define TYPE_SYSBUS_AHCI "sysbus-ahci" 1629 #define SYSBUS_AHCI(obj) OBJECT_CHECK(SysbusAHCIState, (obj), TYPE_SYSBUS_AHCI) 1630 1631 typedef struct SysbusAHCIState { 1632 /*< private >*/ 1633 SysBusDevice parent_obj; 1634 /*< public >*/ 1635 1636 AHCIState ahci; 1637 uint32_t num_ports; 1638 } SysbusAHCIState; 1639 1640 static const VMStateDescription vmstate_sysbus_ahci = { 1641 .name = "sysbus-ahci", 1642 .fields = (VMStateField[]) { 1643 VMSTATE_AHCI(ahci, SysbusAHCIState), 1644 VMSTATE_END_OF_LIST() 1645 }, 1646 }; 1647 1648 static void sysbus_ahci_reset(DeviceState *dev) 1649 { 1650 SysbusAHCIState *s = SYSBUS_AHCI(dev); 1651 1652 ahci_reset(&s->ahci); 1653 } 1654 1655 static void sysbus_ahci_realize(DeviceState *dev, Error **errp) 1656 { 1657 SysBusDevice *sbd = SYS_BUS_DEVICE(dev); 1658 SysbusAHCIState *s = SYSBUS_AHCI(dev); 1659 1660 ahci_init(&s->ahci, dev, &address_space_memory, s->num_ports); 1661 1662 sysbus_init_mmio(sbd, &s->ahci.mem); 1663 sysbus_init_irq(sbd, &s->ahci.irq); 1664 } 1665 1666 static Property sysbus_ahci_properties[] = { 1667 DEFINE_PROP_UINT32("num-ports", SysbusAHCIState, num_ports, 1), 1668 DEFINE_PROP_END_OF_LIST(), 1669 }; 1670 1671 static void sysbus_ahci_class_init(ObjectClass *klass, void *data) 1672 { 1673 DeviceClass *dc = DEVICE_CLASS(klass); 1674 1675 dc->realize = sysbus_ahci_realize; 1676 dc->vmsd = &vmstate_sysbus_ahci; 1677 dc->props = sysbus_ahci_properties; 1678 dc->reset = sysbus_ahci_reset; 1679 set_bit(DEVICE_CATEGORY_STORAGE, dc->categories); 1680 } 1681 1682 static const TypeInfo sysbus_ahci_info = { 1683 .name = TYPE_SYSBUS_AHCI, 1684 .parent = TYPE_SYS_BUS_DEVICE, 1685 .instance_size = sizeof(SysbusAHCIState), 1686 .class_init = sysbus_ahci_class_init, 1687 }; 1688 1689 static void sysbus_ahci_register_types(void) 1690 { 1691 type_register_static(&sysbus_ahci_info); 1692 } 1693 1694 type_init(sysbus_ahci_register_types) 1695 1696 void ahci_ide_create_devs(PCIDevice *dev, DriveInfo **hd) 1697 { 1698 AHCIPCIState *d = ICH_AHCI(dev); 1699 AHCIState *ahci = &d->ahci; 1700 int i; 1701 1702 for (i = 0; i < ahci->ports; i++) { 1703 if (hd[i] == NULL) { 1704 continue; 1705 } 1706 ide_create_drive(&ahci->dev[i].port, 0, hd[i]); 1707 } 1708 1709 } 1710