1 /* 2 * QEMU AHCI Emulation 3 * 4 * Copyright (c) 2010 qiaochong@loongson.cn 5 * Copyright (c) 2010 Roland Elek <elek.roland@gmail.com> 6 * Copyright (c) 2010 Sebastian Herbszt <herbszt@gmx.de> 7 * Copyright (c) 2010 Alexander Graf <agraf@suse.de> 8 * 9 * This library is free software; you can redistribute it and/or 10 * modify it under the terms of the GNU Lesser General Public 11 * License as published by the Free Software Foundation; either 12 * version 2 of the License, or (at your option) any later version. 13 * 14 * This library is distributed in the hope that it will be useful, 15 * but WITHOUT ANY WARRANTY; without even the implied warranty of 16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 17 * Lesser General Public License for more details. 18 * 19 * You should have received a copy of the GNU Lesser General Public 20 * License along with this library; if not, see <http://www.gnu.org/licenses/>. 21 * 22 */ 23 24 #include "qemu/osdep.h" 25 #include "hw/hw.h" 26 #include "hw/pci/msi.h" 27 #include "hw/i386/pc.h" 28 #include "hw/pci/pci.h" 29 30 #include "qemu/error-report.h" 31 #include "sysemu/block-backend.h" 32 #include "sysemu/dma.h" 33 #include "hw/ide/internal.h" 34 #include "hw/ide/pci.h" 35 #include "hw/ide/ahci_internal.h" 36 37 #include "trace.h" 38 39 static void check_cmd(AHCIState *s, int port); 40 static int handle_cmd(AHCIState *s, int port, uint8_t slot); 41 static void ahci_reset_port(AHCIState *s, int port); 42 static bool ahci_write_fis_d2h(AHCIDevice *ad); 43 static void ahci_init_d2h(AHCIDevice *ad); 44 static int ahci_dma_prepare_buf(IDEDMA *dma, int32_t limit); 45 static bool ahci_map_clb_address(AHCIDevice *ad); 46 static bool ahci_map_fis_address(AHCIDevice *ad); 47 static void ahci_unmap_clb_address(AHCIDevice *ad); 48 static void ahci_unmap_fis_address(AHCIDevice *ad); 49 50 static const char *AHCIPortIRQ_lookup[AHCI_PORT_IRQ__COUNT] = { 51 [AHCI_PORT_IRQ_BIT_DHRS] = "DHRS", 52 [AHCI_PORT_IRQ_BIT_PSS] = "PSS", 53 [AHCI_PORT_IRQ_BIT_DSS] = "DSS", 54 [AHCI_PORT_IRQ_BIT_SDBS] = "SDBS", 55 [AHCI_PORT_IRQ_BIT_UFS] = "UFS", 56 [AHCI_PORT_IRQ_BIT_DPS] = "DPS", 57 [AHCI_PORT_IRQ_BIT_PCS] = "PCS", 58 [AHCI_PORT_IRQ_BIT_DMPS] = "DMPS", 59 [8 ... 21] = "RESERVED", 60 [AHCI_PORT_IRQ_BIT_PRCS] = "PRCS", 61 [AHCI_PORT_IRQ_BIT_IPMS] = "IPMS", 62 [AHCI_PORT_IRQ_BIT_OFS] = "OFS", 63 [25] = "RESERVED", 64 [AHCI_PORT_IRQ_BIT_INFS] = "INFS", 65 [AHCI_PORT_IRQ_BIT_IFS] = "IFS", 66 [AHCI_PORT_IRQ_BIT_HBDS] = "HBDS", 67 [AHCI_PORT_IRQ_BIT_HBFS] = "HBFS", 68 [AHCI_PORT_IRQ_BIT_TFES] = "TFES", 69 [AHCI_PORT_IRQ_BIT_CPDS] = "CPDS" 70 }; 71 72 static uint32_t ahci_port_read(AHCIState *s, int port, int offset) 73 { 74 uint32_t val; 75 AHCIPortRegs *pr; 76 pr = &s->dev[port].port_regs; 77 78 switch (offset) { 79 case PORT_LST_ADDR: 80 val = pr->lst_addr; 81 break; 82 case PORT_LST_ADDR_HI: 83 val = pr->lst_addr_hi; 84 break; 85 case PORT_FIS_ADDR: 86 val = pr->fis_addr; 87 break; 88 case PORT_FIS_ADDR_HI: 89 val = pr->fis_addr_hi; 90 break; 91 case PORT_IRQ_STAT: 92 val = pr->irq_stat; 93 break; 94 case PORT_IRQ_MASK: 95 val = pr->irq_mask; 96 break; 97 case PORT_CMD: 98 val = pr->cmd; 99 break; 100 case PORT_TFDATA: 101 val = pr->tfdata; 102 break; 103 case PORT_SIG: 104 val = pr->sig; 105 break; 106 case PORT_SCR_STAT: 107 if (s->dev[port].port.ifs[0].blk) { 108 val = SATA_SCR_SSTATUS_DET_DEV_PRESENT_PHY_UP | 109 SATA_SCR_SSTATUS_SPD_GEN1 | SATA_SCR_SSTATUS_IPM_ACTIVE; 110 } else { 111 val = SATA_SCR_SSTATUS_DET_NODEV; 112 } 113 break; 114 case PORT_SCR_CTL: 115 val = pr->scr_ctl; 116 break; 117 case PORT_SCR_ERR: 118 val = pr->scr_err; 119 break; 120 case PORT_SCR_ACT: 121 val = pr->scr_act; 122 break; 123 case PORT_CMD_ISSUE: 124 val = pr->cmd_issue; 125 break; 126 case PORT_RESERVED: 127 default: 128 val = 0; 129 } 130 131 trace_ahci_port_read(s, port, offset, val); 132 return val; 133 } 134 135 static void ahci_irq_raise(AHCIState *s, AHCIDevice *dev) 136 { 137 DeviceState *dev_state = s->container; 138 PCIDevice *pci_dev = (PCIDevice *) object_dynamic_cast(OBJECT(dev_state), 139 TYPE_PCI_DEVICE); 140 141 trace_ahci_irq_raise(s); 142 143 if (pci_dev && msi_enabled(pci_dev)) { 144 msi_notify(pci_dev, 0); 145 } else { 146 qemu_irq_raise(s->irq); 147 } 148 } 149 150 static void ahci_irq_lower(AHCIState *s, AHCIDevice *dev) 151 { 152 DeviceState *dev_state = s->container; 153 PCIDevice *pci_dev = (PCIDevice *) object_dynamic_cast(OBJECT(dev_state), 154 TYPE_PCI_DEVICE); 155 156 trace_ahci_irq_lower(s); 157 158 if (!pci_dev || !msi_enabled(pci_dev)) { 159 qemu_irq_lower(s->irq); 160 } 161 } 162 163 static void ahci_check_irq(AHCIState *s) 164 { 165 int i; 166 uint32_t old_irq = s->control_regs.irqstatus; 167 168 s->control_regs.irqstatus = 0; 169 for (i = 0; i < s->ports; i++) { 170 AHCIPortRegs *pr = &s->dev[i].port_regs; 171 if (pr->irq_stat & pr->irq_mask) { 172 s->control_regs.irqstatus |= (1 << i); 173 } 174 } 175 trace_ahci_check_irq(s, old_irq, s->control_regs.irqstatus); 176 if (s->control_regs.irqstatus && 177 (s->control_regs.ghc & HOST_CTL_IRQ_EN)) { 178 ahci_irq_raise(s, NULL); 179 } else { 180 ahci_irq_lower(s, NULL); 181 } 182 } 183 184 static void ahci_trigger_irq(AHCIState *s, AHCIDevice *d, 185 enum AHCIPortIRQ irqbit) 186 { 187 g_assert((unsigned)irqbit < 32); 188 uint32_t irq = 1U << irqbit; 189 uint32_t irqstat = d->port_regs.irq_stat | irq; 190 191 trace_ahci_trigger_irq(s, d->port_no, 192 AHCIPortIRQ_lookup[irqbit], irq, 193 d->port_regs.irq_stat, irqstat, 194 irqstat & d->port_regs.irq_mask); 195 196 d->port_regs.irq_stat = irqstat; 197 ahci_check_irq(s); 198 } 199 200 static void map_page(AddressSpace *as, uint8_t **ptr, uint64_t addr, 201 uint32_t wanted) 202 { 203 hwaddr len = wanted; 204 205 if (*ptr) { 206 dma_memory_unmap(as, *ptr, len, DMA_DIRECTION_FROM_DEVICE, len); 207 } 208 209 *ptr = dma_memory_map(as, addr, &len, DMA_DIRECTION_FROM_DEVICE); 210 if (len < wanted) { 211 dma_memory_unmap(as, *ptr, len, DMA_DIRECTION_FROM_DEVICE, len); 212 *ptr = NULL; 213 } 214 } 215 216 /** 217 * Check the cmd register to see if we should start or stop 218 * the DMA or FIS RX engines. 219 * 220 * @ad: Device to dis/engage. 221 * 222 * @return 0 on success, -1 on error. 223 */ 224 static int ahci_cond_start_engines(AHCIDevice *ad) 225 { 226 AHCIPortRegs *pr = &ad->port_regs; 227 bool cmd_start = pr->cmd & PORT_CMD_START; 228 bool cmd_on = pr->cmd & PORT_CMD_LIST_ON; 229 bool fis_start = pr->cmd & PORT_CMD_FIS_RX; 230 bool fis_on = pr->cmd & PORT_CMD_FIS_ON; 231 232 if (cmd_start && !cmd_on) { 233 if (!ahci_map_clb_address(ad)) { 234 pr->cmd &= ~PORT_CMD_START; 235 error_report("AHCI: Failed to start DMA engine: " 236 "bad command list buffer address"); 237 return -1; 238 } 239 } else if (!cmd_start && cmd_on) { 240 ahci_unmap_clb_address(ad); 241 } 242 243 if (fis_start && !fis_on) { 244 if (!ahci_map_fis_address(ad)) { 245 pr->cmd &= ~PORT_CMD_FIS_RX; 246 error_report("AHCI: Failed to start FIS receive engine: " 247 "bad FIS receive buffer address"); 248 return -1; 249 } 250 } else if (!fis_start && fis_on) { 251 ahci_unmap_fis_address(ad); 252 } 253 254 return 0; 255 } 256 257 static void ahci_port_write(AHCIState *s, int port, int offset, uint32_t val) 258 { 259 AHCIPortRegs *pr = &s->dev[port].port_regs; 260 261 trace_ahci_port_write(s, port, offset, val); 262 switch (offset) { 263 case PORT_LST_ADDR: 264 pr->lst_addr = val; 265 break; 266 case PORT_LST_ADDR_HI: 267 pr->lst_addr_hi = val; 268 break; 269 case PORT_FIS_ADDR: 270 pr->fis_addr = val; 271 break; 272 case PORT_FIS_ADDR_HI: 273 pr->fis_addr_hi = val; 274 break; 275 case PORT_IRQ_STAT: 276 pr->irq_stat &= ~val; 277 ahci_check_irq(s); 278 break; 279 case PORT_IRQ_MASK: 280 pr->irq_mask = val & 0xfdc000ff; 281 ahci_check_irq(s); 282 break; 283 case PORT_CMD: 284 /* Block any Read-only fields from being set; 285 * including LIST_ON and FIS_ON. 286 * The spec requires to set ICC bits to zero after the ICC change 287 * is done. We don't support ICC state changes, therefore always 288 * force the ICC bits to zero. 289 */ 290 pr->cmd = (pr->cmd & PORT_CMD_RO_MASK) | 291 (val & ~(PORT_CMD_RO_MASK|PORT_CMD_ICC_MASK)); 292 293 /* Check FIS RX and CLB engines */ 294 ahci_cond_start_engines(&s->dev[port]); 295 296 /* XXX usually the FIS would be pending on the bus here and 297 issuing deferred until the OS enables FIS receival. 298 Instead, we only submit it once - which works in most 299 cases, but is a hack. */ 300 if ((pr->cmd & PORT_CMD_FIS_ON) && 301 !s->dev[port].init_d2h_sent) { 302 ahci_init_d2h(&s->dev[port]); 303 } 304 305 check_cmd(s, port); 306 break; 307 case PORT_TFDATA: 308 /* Read Only. */ 309 break; 310 case PORT_SIG: 311 /* Read Only */ 312 break; 313 case PORT_SCR_STAT: 314 /* Read Only */ 315 break; 316 case PORT_SCR_CTL: 317 if (((pr->scr_ctl & AHCI_SCR_SCTL_DET) == 1) && 318 ((val & AHCI_SCR_SCTL_DET) == 0)) { 319 ahci_reset_port(s, port); 320 } 321 pr->scr_ctl = val; 322 break; 323 case PORT_SCR_ERR: 324 pr->scr_err &= ~val; 325 break; 326 case PORT_SCR_ACT: 327 /* RW1 */ 328 pr->scr_act |= val; 329 break; 330 case PORT_CMD_ISSUE: 331 pr->cmd_issue |= val; 332 check_cmd(s, port); 333 break; 334 default: 335 break; 336 } 337 } 338 339 static uint64_t ahci_mem_read_32(void *opaque, hwaddr addr) 340 { 341 AHCIState *s = opaque; 342 uint32_t val = 0; 343 344 if (addr < AHCI_GENERIC_HOST_CONTROL_REGS_MAX_ADDR) { 345 switch (addr) { 346 case HOST_CAP: 347 val = s->control_regs.cap; 348 break; 349 case HOST_CTL: 350 val = s->control_regs.ghc; 351 break; 352 case HOST_IRQ_STAT: 353 val = s->control_regs.irqstatus; 354 break; 355 case HOST_PORTS_IMPL: 356 val = s->control_regs.impl; 357 break; 358 case HOST_VERSION: 359 val = s->control_regs.version; 360 break; 361 } 362 } else if ((addr >= AHCI_PORT_REGS_START_ADDR) && 363 (addr < (AHCI_PORT_REGS_START_ADDR + 364 (s->ports * AHCI_PORT_ADDR_OFFSET_LEN)))) { 365 val = ahci_port_read(s, (addr - AHCI_PORT_REGS_START_ADDR) >> 7, 366 addr & AHCI_PORT_ADDR_OFFSET_MASK); 367 } 368 369 trace_ahci_mem_read_32(s, addr, val); 370 return val; 371 } 372 373 374 /** 375 * AHCI 1.3 section 3 ("HBA Memory Registers") 376 * Support unaligned 8/16/32 bit reads, and 64 bit aligned reads. 377 * Caller is responsible for masking unwanted higher order bytes. 378 */ 379 static uint64_t ahci_mem_read(void *opaque, hwaddr addr, unsigned size) 380 { 381 hwaddr aligned = addr & ~0x3; 382 int ofst = addr - aligned; 383 uint64_t lo = ahci_mem_read_32(opaque, aligned); 384 uint64_t hi; 385 uint64_t val; 386 387 /* if < 8 byte read does not cross 4 byte boundary */ 388 if (ofst + size <= 4) { 389 val = lo >> (ofst * 8); 390 } else { 391 g_assert_cmpint(size, >, 1); 392 393 /* If the 64bit read is unaligned, we will produce undefined 394 * results. AHCI does not support unaligned 64bit reads. */ 395 hi = ahci_mem_read_32(opaque, aligned + 4); 396 val = (hi << 32 | lo) >> (ofst * 8); 397 } 398 399 trace_ahci_mem_read(opaque, size, addr, val); 400 return val; 401 } 402 403 404 static void ahci_mem_write(void *opaque, hwaddr addr, 405 uint64_t val, unsigned size) 406 { 407 AHCIState *s = opaque; 408 409 trace_ahci_mem_write(s, size, addr, val); 410 411 /* Only aligned reads are allowed on AHCI */ 412 if (addr & 3) { 413 fprintf(stderr, "ahci: Mis-aligned write to addr 0x" 414 TARGET_FMT_plx "\n", addr); 415 return; 416 } 417 418 if (addr < AHCI_GENERIC_HOST_CONTROL_REGS_MAX_ADDR) { 419 switch (addr) { 420 case HOST_CAP: /* R/WO, RO */ 421 /* FIXME handle R/WO */ 422 break; 423 case HOST_CTL: /* R/W */ 424 if (val & HOST_CTL_RESET) { 425 ahci_reset(s); 426 } else { 427 s->control_regs.ghc = (val & 0x3) | HOST_CTL_AHCI_EN; 428 ahci_check_irq(s); 429 } 430 break; 431 case HOST_IRQ_STAT: /* R/WC, RO */ 432 s->control_regs.irqstatus &= ~val; 433 ahci_check_irq(s); 434 break; 435 case HOST_PORTS_IMPL: /* R/WO, RO */ 436 /* FIXME handle R/WO */ 437 break; 438 case HOST_VERSION: /* RO */ 439 /* FIXME report write? */ 440 break; 441 default: 442 trace_ahci_mem_write_unknown(s, size, addr, val); 443 } 444 } else if ((addr >= AHCI_PORT_REGS_START_ADDR) && 445 (addr < (AHCI_PORT_REGS_START_ADDR + 446 (s->ports * AHCI_PORT_ADDR_OFFSET_LEN)))) { 447 ahci_port_write(s, (addr - AHCI_PORT_REGS_START_ADDR) >> 7, 448 addr & AHCI_PORT_ADDR_OFFSET_MASK, val); 449 } 450 451 } 452 453 static const MemoryRegionOps ahci_mem_ops = { 454 .read = ahci_mem_read, 455 .write = ahci_mem_write, 456 .endianness = DEVICE_LITTLE_ENDIAN, 457 }; 458 459 static uint64_t ahci_idp_read(void *opaque, hwaddr addr, 460 unsigned size) 461 { 462 AHCIState *s = opaque; 463 464 if (addr == s->idp_offset) { 465 /* index register */ 466 return s->idp_index; 467 } else if (addr == s->idp_offset + 4) { 468 /* data register - do memory read at location selected by index */ 469 return ahci_mem_read(opaque, s->idp_index, size); 470 } else { 471 return 0; 472 } 473 } 474 475 static void ahci_idp_write(void *opaque, hwaddr addr, 476 uint64_t val, unsigned size) 477 { 478 AHCIState *s = opaque; 479 480 if (addr == s->idp_offset) { 481 /* index register - mask off reserved bits */ 482 s->idp_index = (uint32_t)val & ((AHCI_MEM_BAR_SIZE - 1) & ~3); 483 } else if (addr == s->idp_offset + 4) { 484 /* data register - do memory write at location selected by index */ 485 ahci_mem_write(opaque, s->idp_index, val, size); 486 } 487 } 488 489 static const MemoryRegionOps ahci_idp_ops = { 490 .read = ahci_idp_read, 491 .write = ahci_idp_write, 492 .endianness = DEVICE_LITTLE_ENDIAN, 493 }; 494 495 496 static void ahci_reg_init(AHCIState *s) 497 { 498 int i; 499 500 s->control_regs.cap = (s->ports - 1) | 501 (AHCI_NUM_COMMAND_SLOTS << 8) | 502 (AHCI_SUPPORTED_SPEED_GEN1 << AHCI_SUPPORTED_SPEED) | 503 HOST_CAP_NCQ | HOST_CAP_AHCI | HOST_CAP_64; 504 505 s->control_regs.impl = (1 << s->ports) - 1; 506 507 s->control_regs.version = AHCI_VERSION_1_0; 508 509 for (i = 0; i < s->ports; i++) { 510 s->dev[i].port_state = STATE_RUN; 511 } 512 } 513 514 static void check_cmd(AHCIState *s, int port) 515 { 516 AHCIPortRegs *pr = &s->dev[port].port_regs; 517 uint8_t slot; 518 519 if ((pr->cmd & PORT_CMD_START) && pr->cmd_issue) { 520 for (slot = 0; (slot < 32) && pr->cmd_issue; slot++) { 521 if ((pr->cmd_issue & (1U << slot)) && 522 !handle_cmd(s, port, slot)) { 523 pr->cmd_issue &= ~(1U << slot); 524 } 525 } 526 } 527 } 528 529 static void ahci_check_cmd_bh(void *opaque) 530 { 531 AHCIDevice *ad = opaque; 532 533 qemu_bh_delete(ad->check_bh); 534 ad->check_bh = NULL; 535 536 if ((ad->busy_slot != -1) && 537 !(ad->port.ifs[0].status & (BUSY_STAT|DRQ_STAT))) { 538 /* no longer busy */ 539 ad->port_regs.cmd_issue &= ~(1 << ad->busy_slot); 540 ad->busy_slot = -1; 541 } 542 543 check_cmd(ad->hba, ad->port_no); 544 } 545 546 static void ahci_init_d2h(AHCIDevice *ad) 547 { 548 IDEState *ide_state = &ad->port.ifs[0]; 549 AHCIPortRegs *pr = &ad->port_regs; 550 551 if (ad->init_d2h_sent) { 552 return; 553 } 554 555 if (ahci_write_fis_d2h(ad)) { 556 ad->init_d2h_sent = true; 557 /* We're emulating receiving the first Reg H2D Fis from the device; 558 * Update the SIG register, but otherwise proceed as normal. */ 559 pr->sig = ((uint32_t)ide_state->hcyl << 24) | 560 (ide_state->lcyl << 16) | 561 (ide_state->sector << 8) | 562 (ide_state->nsector & 0xFF); 563 } 564 } 565 566 static void ahci_set_signature(AHCIDevice *ad, uint32_t sig) 567 { 568 IDEState *s = &ad->port.ifs[0]; 569 s->hcyl = sig >> 24 & 0xFF; 570 s->lcyl = sig >> 16 & 0xFF; 571 s->sector = sig >> 8 & 0xFF; 572 s->nsector = sig & 0xFF; 573 574 trace_ahci_set_signature(ad->hba, ad->port_no, s->nsector, s->sector, 575 s->lcyl, s->hcyl, sig); 576 } 577 578 static void ahci_reset_port(AHCIState *s, int port) 579 { 580 AHCIDevice *d = &s->dev[port]; 581 AHCIPortRegs *pr = &d->port_regs; 582 IDEState *ide_state = &d->port.ifs[0]; 583 int i; 584 585 trace_ahci_reset_port(s, port); 586 587 ide_bus_reset(&d->port); 588 ide_state->ncq_queues = AHCI_MAX_CMDS; 589 590 pr->scr_stat = 0; 591 pr->scr_err = 0; 592 pr->scr_act = 0; 593 pr->tfdata = 0x7F; 594 pr->sig = 0xFFFFFFFF; 595 d->busy_slot = -1; 596 d->init_d2h_sent = false; 597 598 ide_state = &s->dev[port].port.ifs[0]; 599 if (!ide_state->blk) { 600 return; 601 } 602 603 /* reset ncq queue */ 604 for (i = 0; i < AHCI_MAX_CMDS; i++) { 605 NCQTransferState *ncq_tfs = &s->dev[port].ncq_tfs[i]; 606 ncq_tfs->halt = false; 607 if (!ncq_tfs->used) { 608 continue; 609 } 610 611 if (ncq_tfs->aiocb) { 612 blk_aio_cancel(ncq_tfs->aiocb); 613 ncq_tfs->aiocb = NULL; 614 } 615 616 /* Maybe we just finished the request thanks to blk_aio_cancel() */ 617 if (!ncq_tfs->used) { 618 continue; 619 } 620 621 qemu_sglist_destroy(&ncq_tfs->sglist); 622 ncq_tfs->used = 0; 623 } 624 625 s->dev[port].port_state = STATE_RUN; 626 if (ide_state->drive_kind == IDE_CD) { 627 ahci_set_signature(d, SATA_SIGNATURE_CDROM);\ 628 ide_state->status = SEEK_STAT | WRERR_STAT | READY_STAT; 629 } else { 630 ahci_set_signature(d, SATA_SIGNATURE_DISK); 631 ide_state->status = SEEK_STAT | WRERR_STAT; 632 } 633 634 ide_state->error = 1; 635 ahci_init_d2h(d); 636 } 637 638 /* Buffer pretty output based on a raw FIS structure. */ 639 static char *ahci_pretty_buffer_fis(uint8_t *fis, int cmd_len) 640 { 641 int i; 642 GString *s = g_string_new("FIS:"); 643 644 for (i = 0; i < cmd_len; i++) { 645 if ((i & 0xf) == 0) { 646 g_string_append_printf(s, "\n0x%02x: ", i); 647 } 648 g_string_append_printf(s, "%02x ", fis[i]); 649 } 650 g_string_append_c(s, '\n'); 651 652 return g_string_free(s, FALSE); 653 } 654 655 static bool ahci_map_fis_address(AHCIDevice *ad) 656 { 657 AHCIPortRegs *pr = &ad->port_regs; 658 map_page(ad->hba->as, &ad->res_fis, 659 ((uint64_t)pr->fis_addr_hi << 32) | pr->fis_addr, 256); 660 if (ad->res_fis != NULL) { 661 pr->cmd |= PORT_CMD_FIS_ON; 662 return true; 663 } 664 665 pr->cmd &= ~PORT_CMD_FIS_ON; 666 return false; 667 } 668 669 static void ahci_unmap_fis_address(AHCIDevice *ad) 670 { 671 if (ad->res_fis == NULL) { 672 trace_ahci_unmap_fis_address_null(ad->hba, ad->port_no); 673 return; 674 } 675 ad->port_regs.cmd &= ~PORT_CMD_FIS_ON; 676 dma_memory_unmap(ad->hba->as, ad->res_fis, 256, 677 DMA_DIRECTION_FROM_DEVICE, 256); 678 ad->res_fis = NULL; 679 } 680 681 static bool ahci_map_clb_address(AHCIDevice *ad) 682 { 683 AHCIPortRegs *pr = &ad->port_regs; 684 ad->cur_cmd = NULL; 685 map_page(ad->hba->as, &ad->lst, 686 ((uint64_t)pr->lst_addr_hi << 32) | pr->lst_addr, 1024); 687 if (ad->lst != NULL) { 688 pr->cmd |= PORT_CMD_LIST_ON; 689 return true; 690 } 691 692 pr->cmd &= ~PORT_CMD_LIST_ON; 693 return false; 694 } 695 696 static void ahci_unmap_clb_address(AHCIDevice *ad) 697 { 698 if (ad->lst == NULL) { 699 trace_ahci_unmap_clb_address_null(ad->hba, ad->port_no); 700 return; 701 } 702 ad->port_regs.cmd &= ~PORT_CMD_LIST_ON; 703 dma_memory_unmap(ad->hba->as, ad->lst, 1024, 704 DMA_DIRECTION_FROM_DEVICE, 1024); 705 ad->lst = NULL; 706 } 707 708 static void ahci_write_fis_sdb(AHCIState *s, NCQTransferState *ncq_tfs) 709 { 710 AHCIDevice *ad = ncq_tfs->drive; 711 AHCIPortRegs *pr = &ad->port_regs; 712 IDEState *ide_state; 713 SDBFIS *sdb_fis; 714 715 if (!ad->res_fis || 716 !(pr->cmd & PORT_CMD_FIS_RX)) { 717 return; 718 } 719 720 sdb_fis = (SDBFIS *)&ad->res_fis[RES_FIS_SDBFIS]; 721 ide_state = &ad->port.ifs[0]; 722 723 sdb_fis->type = SATA_FIS_TYPE_SDB; 724 /* Interrupt pending & Notification bit */ 725 sdb_fis->flags = 0x40; /* Interrupt bit, always 1 for NCQ */ 726 sdb_fis->status = ide_state->status & 0x77; 727 sdb_fis->error = ide_state->error; 728 /* update SAct field in SDB_FIS */ 729 sdb_fis->payload = cpu_to_le32(ad->finished); 730 731 /* Update shadow registers (except BSY 0x80 and DRQ 0x08) */ 732 pr->tfdata = (ad->port.ifs[0].error << 8) | 733 (ad->port.ifs[0].status & 0x77) | 734 (pr->tfdata & 0x88); 735 pr->scr_act &= ~ad->finished; 736 ad->finished = 0; 737 738 /* Trigger IRQ if interrupt bit is set (which currently, it always is) */ 739 if (sdb_fis->flags & 0x40) { 740 ahci_trigger_irq(s, ad, AHCI_PORT_IRQ_BIT_SDBS); 741 } 742 } 743 744 static void ahci_write_fis_pio(AHCIDevice *ad, uint16_t len) 745 { 746 AHCIPortRegs *pr = &ad->port_regs; 747 uint8_t *pio_fis; 748 IDEState *s = &ad->port.ifs[0]; 749 750 if (!ad->res_fis || !(pr->cmd & PORT_CMD_FIS_RX)) { 751 return; 752 } 753 754 pio_fis = &ad->res_fis[RES_FIS_PSFIS]; 755 756 pio_fis[0] = SATA_FIS_TYPE_PIO_SETUP; 757 pio_fis[1] = (ad->hba->control_regs.irqstatus ? (1 << 6) : 0); 758 pio_fis[2] = s->status; 759 pio_fis[3] = s->error; 760 761 pio_fis[4] = s->sector; 762 pio_fis[5] = s->lcyl; 763 pio_fis[6] = s->hcyl; 764 pio_fis[7] = s->select; 765 pio_fis[8] = s->hob_sector; 766 pio_fis[9] = s->hob_lcyl; 767 pio_fis[10] = s->hob_hcyl; 768 pio_fis[11] = 0; 769 pio_fis[12] = s->nsector & 0xFF; 770 pio_fis[13] = (s->nsector >> 8) & 0xFF; 771 pio_fis[14] = 0; 772 pio_fis[15] = s->status; 773 pio_fis[16] = len & 255; 774 pio_fis[17] = len >> 8; 775 pio_fis[18] = 0; 776 pio_fis[19] = 0; 777 778 /* Update shadow registers: */ 779 pr->tfdata = (ad->port.ifs[0].error << 8) | 780 ad->port.ifs[0].status; 781 782 if (pio_fis[2] & ERR_STAT) { 783 ahci_trigger_irq(ad->hba, ad, AHCI_PORT_IRQ_BIT_TFES); 784 } 785 786 ahci_trigger_irq(ad->hba, ad, AHCI_PORT_IRQ_BIT_PSS); 787 } 788 789 static bool ahci_write_fis_d2h(AHCIDevice *ad) 790 { 791 AHCIPortRegs *pr = &ad->port_regs; 792 uint8_t *d2h_fis; 793 int i; 794 IDEState *s = &ad->port.ifs[0]; 795 796 if (!ad->res_fis || !(pr->cmd & PORT_CMD_FIS_RX)) { 797 return false; 798 } 799 800 d2h_fis = &ad->res_fis[RES_FIS_RFIS]; 801 802 d2h_fis[0] = SATA_FIS_TYPE_REGISTER_D2H; 803 d2h_fis[1] = (ad->hba->control_regs.irqstatus ? (1 << 6) : 0); 804 d2h_fis[2] = s->status; 805 d2h_fis[3] = s->error; 806 807 d2h_fis[4] = s->sector; 808 d2h_fis[5] = s->lcyl; 809 d2h_fis[6] = s->hcyl; 810 d2h_fis[7] = s->select; 811 d2h_fis[8] = s->hob_sector; 812 d2h_fis[9] = s->hob_lcyl; 813 d2h_fis[10] = s->hob_hcyl; 814 d2h_fis[11] = 0; 815 d2h_fis[12] = s->nsector & 0xFF; 816 d2h_fis[13] = (s->nsector >> 8) & 0xFF; 817 for (i = 14; i < 20; i++) { 818 d2h_fis[i] = 0; 819 } 820 821 /* Update shadow registers: */ 822 pr->tfdata = (ad->port.ifs[0].error << 8) | 823 ad->port.ifs[0].status; 824 825 if (d2h_fis[2] & ERR_STAT) { 826 ahci_trigger_irq(ad->hba, ad, AHCI_PORT_IRQ_BIT_TFES); 827 } 828 829 ahci_trigger_irq(ad->hba, ad, AHCI_PORT_IRQ_BIT_DHRS); 830 return true; 831 } 832 833 static int prdt_tbl_entry_size(const AHCI_SG *tbl) 834 { 835 /* flags_size is zero-based */ 836 return (le32_to_cpu(tbl->flags_size) & AHCI_PRDT_SIZE_MASK) + 1; 837 } 838 839 /** 840 * Fetch entries in a guest-provided PRDT and convert it into a QEMU SGlist. 841 * @ad: The AHCIDevice for whom we are building the SGList. 842 * @sglist: The SGList target to add PRD entries to. 843 * @cmd: The AHCI Command Header that describes where the PRDT is. 844 * @limit: The remaining size of the S/ATA transaction, in bytes. 845 * @offset: The number of bytes already transferred, in bytes. 846 * 847 * The AHCI PRDT can describe up to 256GiB. S/ATA only support transactions of 848 * up to 32MiB as of ATA8-ACS3 rev 1b, assuming a 512 byte sector size. We stop 849 * building the sglist from the PRDT as soon as we hit @limit bytes, 850 * which is <= INT32_MAX/2GiB. 851 */ 852 static int ahci_populate_sglist(AHCIDevice *ad, QEMUSGList *sglist, 853 AHCICmdHdr *cmd, int64_t limit, uint64_t offset) 854 { 855 uint16_t opts = le16_to_cpu(cmd->opts); 856 uint16_t prdtl = le16_to_cpu(cmd->prdtl); 857 uint64_t cfis_addr = le64_to_cpu(cmd->tbl_addr); 858 uint64_t prdt_addr = cfis_addr + 0x80; 859 dma_addr_t prdt_len = (prdtl * sizeof(AHCI_SG)); 860 dma_addr_t real_prdt_len = prdt_len; 861 uint8_t *prdt; 862 int i; 863 int r = 0; 864 uint64_t sum = 0; 865 int off_idx = -1; 866 int64_t off_pos = -1; 867 int tbl_entry_size; 868 IDEBus *bus = &ad->port; 869 BusState *qbus = BUS(bus); 870 871 trace_ahci_populate_sglist(ad->hba, ad->port_no); 872 873 if (!prdtl) { 874 trace_ahci_populate_sglist_no_prdtl(ad->hba, ad->port_no, opts); 875 return -1; 876 } 877 878 /* map PRDT */ 879 if (!(prdt = dma_memory_map(ad->hba->as, prdt_addr, &prdt_len, 880 DMA_DIRECTION_TO_DEVICE))){ 881 trace_ahci_populate_sglist_no_map(ad->hba, ad->port_no); 882 return -1; 883 } 884 885 if (prdt_len < real_prdt_len) { 886 trace_ahci_populate_sglist_short_map(ad->hba, ad->port_no); 887 r = -1; 888 goto out; 889 } 890 891 /* Get entries in the PRDT, init a qemu sglist accordingly */ 892 if (prdtl > 0) { 893 AHCI_SG *tbl = (AHCI_SG *)prdt; 894 sum = 0; 895 for (i = 0; i < prdtl; i++) { 896 tbl_entry_size = prdt_tbl_entry_size(&tbl[i]); 897 if (offset < (sum + tbl_entry_size)) { 898 off_idx = i; 899 off_pos = offset - sum; 900 break; 901 } 902 sum += tbl_entry_size; 903 } 904 if ((off_idx == -1) || (off_pos < 0) || (off_pos > tbl_entry_size)) { 905 trace_ahci_populate_sglist_bad_offset(ad->hba, ad->port_no, 906 off_idx, off_pos); 907 r = -1; 908 goto out; 909 } 910 911 qemu_sglist_init(sglist, qbus->parent, (prdtl - off_idx), 912 ad->hba->as); 913 qemu_sglist_add(sglist, le64_to_cpu(tbl[off_idx].addr) + off_pos, 914 MIN(prdt_tbl_entry_size(&tbl[off_idx]) - off_pos, 915 limit)); 916 917 for (i = off_idx + 1; i < prdtl && sglist->size < limit; i++) { 918 qemu_sglist_add(sglist, le64_to_cpu(tbl[i].addr), 919 MIN(prdt_tbl_entry_size(&tbl[i]), 920 limit - sglist->size)); 921 } 922 } 923 924 out: 925 dma_memory_unmap(ad->hba->as, prdt, prdt_len, 926 DMA_DIRECTION_TO_DEVICE, prdt_len); 927 return r; 928 } 929 930 static void ncq_err(NCQTransferState *ncq_tfs) 931 { 932 IDEState *ide_state = &ncq_tfs->drive->port.ifs[0]; 933 934 ide_state->error = ABRT_ERR; 935 ide_state->status = READY_STAT | ERR_STAT; 936 ncq_tfs->drive->port_regs.scr_err |= (1 << ncq_tfs->tag); 937 qemu_sglist_destroy(&ncq_tfs->sglist); 938 ncq_tfs->used = 0; 939 } 940 941 static void ncq_finish(NCQTransferState *ncq_tfs) 942 { 943 /* If we didn't error out, set our finished bit. Errored commands 944 * do not get a bit set for the SDB FIS ACT register, nor do they 945 * clear the outstanding bit in scr_act (PxSACT). */ 946 if (!(ncq_tfs->drive->port_regs.scr_err & (1 << ncq_tfs->tag))) { 947 ncq_tfs->drive->finished |= (1 << ncq_tfs->tag); 948 } 949 950 ahci_write_fis_sdb(ncq_tfs->drive->hba, ncq_tfs); 951 952 trace_ncq_finish(ncq_tfs->drive->hba, ncq_tfs->drive->port_no, 953 ncq_tfs->tag); 954 955 block_acct_done(blk_get_stats(ncq_tfs->drive->port.ifs[0].blk), 956 &ncq_tfs->acct); 957 qemu_sglist_destroy(&ncq_tfs->sglist); 958 ncq_tfs->used = 0; 959 } 960 961 static void ncq_cb(void *opaque, int ret) 962 { 963 NCQTransferState *ncq_tfs = (NCQTransferState *)opaque; 964 IDEState *ide_state = &ncq_tfs->drive->port.ifs[0]; 965 966 ncq_tfs->aiocb = NULL; 967 if (ret == -ECANCELED) { 968 return; 969 } 970 971 if (ret < 0) { 972 bool is_read = ncq_tfs->cmd == READ_FPDMA_QUEUED; 973 BlockErrorAction action = blk_get_error_action(ide_state->blk, 974 is_read, -ret); 975 if (action == BLOCK_ERROR_ACTION_STOP) { 976 ncq_tfs->halt = true; 977 ide_state->bus->error_status = IDE_RETRY_HBA; 978 } else if (action == BLOCK_ERROR_ACTION_REPORT) { 979 ncq_err(ncq_tfs); 980 } 981 blk_error_action(ide_state->blk, action, is_read, -ret); 982 } else { 983 ide_state->status = READY_STAT | SEEK_STAT; 984 } 985 986 if (!ncq_tfs->halt) { 987 ncq_finish(ncq_tfs); 988 } 989 } 990 991 static int is_ncq(uint8_t ata_cmd) 992 { 993 /* Based on SATA 3.2 section 13.6.3.2 */ 994 switch (ata_cmd) { 995 case READ_FPDMA_QUEUED: 996 case WRITE_FPDMA_QUEUED: 997 case NCQ_NON_DATA: 998 case RECEIVE_FPDMA_QUEUED: 999 case SEND_FPDMA_QUEUED: 1000 return 1; 1001 default: 1002 return 0; 1003 } 1004 } 1005 1006 static void execute_ncq_command(NCQTransferState *ncq_tfs) 1007 { 1008 AHCIDevice *ad = ncq_tfs->drive; 1009 IDEState *ide_state = &ad->port.ifs[0]; 1010 int port = ad->port_no; 1011 1012 g_assert(is_ncq(ncq_tfs->cmd)); 1013 ncq_tfs->halt = false; 1014 1015 switch (ncq_tfs->cmd) { 1016 case READ_FPDMA_QUEUED: 1017 trace_execute_ncq_command_read(ad->hba, port, ncq_tfs->tag, 1018 ncq_tfs->sector_count, ncq_tfs->lba); 1019 dma_acct_start(ide_state->blk, &ncq_tfs->acct, 1020 &ncq_tfs->sglist, BLOCK_ACCT_READ); 1021 ncq_tfs->aiocb = dma_blk_read(ide_state->blk, &ncq_tfs->sglist, 1022 ncq_tfs->lba << BDRV_SECTOR_BITS, 1023 BDRV_SECTOR_SIZE, 1024 ncq_cb, ncq_tfs); 1025 break; 1026 case WRITE_FPDMA_QUEUED: 1027 trace_execute_ncq_command_read(ad->hba, port, ncq_tfs->tag, 1028 ncq_tfs->sector_count, ncq_tfs->lba); 1029 dma_acct_start(ide_state->blk, &ncq_tfs->acct, 1030 &ncq_tfs->sglist, BLOCK_ACCT_WRITE); 1031 ncq_tfs->aiocb = dma_blk_write(ide_state->blk, &ncq_tfs->sglist, 1032 ncq_tfs->lba << BDRV_SECTOR_BITS, 1033 BDRV_SECTOR_SIZE, 1034 ncq_cb, ncq_tfs); 1035 break; 1036 default: 1037 trace_execute_ncq_command_unsup(ad->hba, port, 1038 ncq_tfs->tag, ncq_tfs->cmd); 1039 ncq_err(ncq_tfs); 1040 } 1041 } 1042 1043 1044 static void process_ncq_command(AHCIState *s, int port, uint8_t *cmd_fis, 1045 uint8_t slot) 1046 { 1047 AHCIDevice *ad = &s->dev[port]; 1048 NCQFrame *ncq_fis = (NCQFrame*)cmd_fis; 1049 uint8_t tag = ncq_fis->tag >> 3; 1050 NCQTransferState *ncq_tfs = &ad->ncq_tfs[tag]; 1051 size_t size; 1052 1053 g_assert(is_ncq(ncq_fis->command)); 1054 if (ncq_tfs->used) { 1055 /* error - already in use */ 1056 fprintf(stderr, "%s: tag %d already used\n", __FUNCTION__, tag); 1057 return; 1058 } 1059 1060 ncq_tfs->used = 1; 1061 ncq_tfs->drive = ad; 1062 ncq_tfs->slot = slot; 1063 ncq_tfs->cmdh = &((AHCICmdHdr *)ad->lst)[slot]; 1064 ncq_tfs->cmd = ncq_fis->command; 1065 ncq_tfs->lba = ((uint64_t)ncq_fis->lba5 << 40) | 1066 ((uint64_t)ncq_fis->lba4 << 32) | 1067 ((uint64_t)ncq_fis->lba3 << 24) | 1068 ((uint64_t)ncq_fis->lba2 << 16) | 1069 ((uint64_t)ncq_fis->lba1 << 8) | 1070 (uint64_t)ncq_fis->lba0; 1071 ncq_tfs->tag = tag; 1072 1073 /* Sanity-check the NCQ packet */ 1074 if (tag != slot) { 1075 trace_process_ncq_command_mismatch(s, port, tag, slot); 1076 } 1077 1078 if (ncq_fis->aux0 || ncq_fis->aux1 || ncq_fis->aux2 || ncq_fis->aux3) { 1079 trace_process_ncq_command_aux(s, port, tag); 1080 } 1081 if (ncq_fis->prio || ncq_fis->icc) { 1082 trace_process_ncq_command_prioicc(s, port, tag); 1083 } 1084 if (ncq_fis->fua & NCQ_FIS_FUA_MASK) { 1085 trace_process_ncq_command_fua(s, port, tag); 1086 } 1087 if (ncq_fis->tag & NCQ_FIS_RARC_MASK) { 1088 trace_process_ncq_command_rarc(s, port, tag); 1089 } 1090 1091 ncq_tfs->sector_count = ((ncq_fis->sector_count_high << 8) | 1092 ncq_fis->sector_count_low); 1093 if (!ncq_tfs->sector_count) { 1094 ncq_tfs->sector_count = 0x10000; 1095 } 1096 size = ncq_tfs->sector_count * 512; 1097 ahci_populate_sglist(ad, &ncq_tfs->sglist, ncq_tfs->cmdh, size, 0); 1098 1099 if (ncq_tfs->sglist.size < size) { 1100 error_report("ahci: PRDT length for NCQ command (0x%zx) " 1101 "is smaller than the requested size (0x%zx)", 1102 ncq_tfs->sglist.size, size); 1103 ncq_err(ncq_tfs); 1104 ahci_trigger_irq(ad->hba, ad, AHCI_PORT_IRQ_BIT_OFS); 1105 return; 1106 } else if (ncq_tfs->sglist.size != size) { 1107 trace_process_ncq_command_large(s, port, tag, 1108 ncq_tfs->sglist.size, size); 1109 } 1110 1111 trace_process_ncq_command(s, port, tag, 1112 ncq_fis->command, 1113 ncq_tfs->lba, 1114 ncq_tfs->lba + ncq_tfs->sector_count - 1); 1115 execute_ncq_command(ncq_tfs); 1116 } 1117 1118 static AHCICmdHdr *get_cmd_header(AHCIState *s, uint8_t port, uint8_t slot) 1119 { 1120 if (port >= s->ports || slot >= AHCI_MAX_CMDS) { 1121 return NULL; 1122 } 1123 1124 return s->dev[port].lst ? &((AHCICmdHdr *)s->dev[port].lst)[slot] : NULL; 1125 } 1126 1127 static void handle_reg_h2d_fis(AHCIState *s, int port, 1128 uint8_t slot, uint8_t *cmd_fis) 1129 { 1130 IDEState *ide_state = &s->dev[port].port.ifs[0]; 1131 AHCICmdHdr *cmd = get_cmd_header(s, port, slot); 1132 uint16_t opts = le16_to_cpu(cmd->opts); 1133 1134 if (cmd_fis[1] & 0x0F) { 1135 trace_handle_reg_h2d_fis_pmp(s, port, cmd_fis[1], 1136 cmd_fis[2], cmd_fis[3]); 1137 return; 1138 } 1139 1140 if (cmd_fis[1] & 0x70) { 1141 trace_handle_reg_h2d_fis_res(s, port, cmd_fis[1], 1142 cmd_fis[2], cmd_fis[3]); 1143 return; 1144 } 1145 1146 if (!(cmd_fis[1] & SATA_FIS_REG_H2D_UPDATE_COMMAND_REGISTER)) { 1147 switch (s->dev[port].port_state) { 1148 case STATE_RUN: 1149 if (cmd_fis[15] & ATA_SRST) { 1150 s->dev[port].port_state = STATE_RESET; 1151 } 1152 break; 1153 case STATE_RESET: 1154 if (!(cmd_fis[15] & ATA_SRST)) { 1155 ahci_reset_port(s, port); 1156 } 1157 break; 1158 } 1159 return; 1160 } 1161 1162 /* Check for NCQ command */ 1163 if (is_ncq(cmd_fis[2])) { 1164 process_ncq_command(s, port, cmd_fis, slot); 1165 return; 1166 } 1167 1168 /* Decompose the FIS: 1169 * AHCI does not interpret FIS packets, it only forwards them. 1170 * SATA 1.0 describes how to decode LBA28 and CHS FIS packets. 1171 * Later specifications, e.g, SATA 3.2, describe LBA48 FIS packets. 1172 * 1173 * ATA4 describes sector number for LBA28/CHS commands. 1174 * ATA6 describes sector number for LBA48 commands. 1175 * ATA8 deprecates CHS fully, describing only LBA28/48. 1176 * 1177 * We dutifully convert the FIS into IDE registers, and allow the 1178 * core layer to interpret them as needed. */ 1179 ide_state->feature = cmd_fis[3]; 1180 ide_state->sector = cmd_fis[4]; /* LBA 7:0 */ 1181 ide_state->lcyl = cmd_fis[5]; /* LBA 15:8 */ 1182 ide_state->hcyl = cmd_fis[6]; /* LBA 23:16 */ 1183 ide_state->select = cmd_fis[7]; /* LBA 27:24 (LBA28) */ 1184 ide_state->hob_sector = cmd_fis[8]; /* LBA 31:24 */ 1185 ide_state->hob_lcyl = cmd_fis[9]; /* LBA 39:32 */ 1186 ide_state->hob_hcyl = cmd_fis[10]; /* LBA 47:40 */ 1187 ide_state->hob_feature = cmd_fis[11]; 1188 ide_state->nsector = (int64_t)((cmd_fis[13] << 8) | cmd_fis[12]); 1189 /* 14, 16, 17, 18, 19: Reserved (SATA 1.0) */ 1190 /* 15: Only valid when UPDATE_COMMAND not set. */ 1191 1192 /* Copy the ACMD field (ATAPI packet, if any) from the AHCI command 1193 * table to ide_state->io_buffer */ 1194 if (opts & AHCI_CMD_ATAPI) { 1195 memcpy(ide_state->io_buffer, &cmd_fis[AHCI_COMMAND_TABLE_ACMD], 0x10); 1196 if (trace_event_get_state_backends(TRACE_HANDLE_REG_H2D_FIS_DUMP)) { 1197 char *pretty_fis = ahci_pretty_buffer_fis(ide_state->io_buffer, 0x10); 1198 trace_handle_reg_h2d_fis_dump(s, port, pretty_fis); 1199 g_free(pretty_fis); 1200 } 1201 s->dev[port].done_atapi_packet = false; 1202 /* XXX send PIO setup FIS */ 1203 } 1204 1205 ide_state->error = 0; 1206 1207 /* Reset transferred byte counter */ 1208 cmd->status = 0; 1209 1210 /* We're ready to process the command in FIS byte 2. */ 1211 ide_exec_cmd(&s->dev[port].port, cmd_fis[2]); 1212 } 1213 1214 static int handle_cmd(AHCIState *s, int port, uint8_t slot) 1215 { 1216 IDEState *ide_state; 1217 uint64_t tbl_addr; 1218 AHCICmdHdr *cmd; 1219 uint8_t *cmd_fis; 1220 dma_addr_t cmd_len; 1221 1222 if (s->dev[port].port.ifs[0].status & (BUSY_STAT|DRQ_STAT)) { 1223 /* Engine currently busy, try again later */ 1224 trace_handle_cmd_busy(s, port); 1225 return -1; 1226 } 1227 1228 if (!s->dev[port].lst) { 1229 trace_handle_cmd_nolist(s, port); 1230 return -1; 1231 } 1232 cmd = get_cmd_header(s, port, slot); 1233 /* remember current slot handle for later */ 1234 s->dev[port].cur_cmd = cmd; 1235 1236 /* The device we are working for */ 1237 ide_state = &s->dev[port].port.ifs[0]; 1238 if (!ide_state->blk) { 1239 trace_handle_cmd_badport(s, port); 1240 return -1; 1241 } 1242 1243 tbl_addr = le64_to_cpu(cmd->tbl_addr); 1244 cmd_len = 0x80; 1245 cmd_fis = dma_memory_map(s->as, tbl_addr, &cmd_len, 1246 DMA_DIRECTION_FROM_DEVICE); 1247 if (!cmd_fis) { 1248 trace_handle_cmd_badfis(s, port); 1249 return -1; 1250 } else if (cmd_len != 0x80) { 1251 ahci_trigger_irq(s, &s->dev[port], AHCI_PORT_IRQ_BIT_HBFS); 1252 trace_handle_cmd_badmap(s, port, cmd_len); 1253 goto out; 1254 } 1255 if (trace_event_get_state_backends(TRACE_HANDLE_CMD_FIS_DUMP)) { 1256 char *pretty_fis = ahci_pretty_buffer_fis(cmd_fis, 0x80); 1257 trace_handle_cmd_fis_dump(s, port, pretty_fis); 1258 g_free(pretty_fis); 1259 } 1260 switch (cmd_fis[0]) { 1261 case SATA_FIS_TYPE_REGISTER_H2D: 1262 handle_reg_h2d_fis(s, port, slot, cmd_fis); 1263 break; 1264 default: 1265 trace_handle_cmd_unhandled_fis(s, port, 1266 cmd_fis[0], cmd_fis[1], cmd_fis[2]); 1267 break; 1268 } 1269 1270 out: 1271 dma_memory_unmap(s->as, cmd_fis, cmd_len, DMA_DIRECTION_FROM_DEVICE, 1272 cmd_len); 1273 1274 if (s->dev[port].port.ifs[0].status & (BUSY_STAT|DRQ_STAT)) { 1275 /* async command, complete later */ 1276 s->dev[port].busy_slot = slot; 1277 return -1; 1278 } 1279 1280 /* done handling the command */ 1281 return 0; 1282 } 1283 1284 /* DMA dev <-> ram */ 1285 static void ahci_start_transfer(IDEDMA *dma) 1286 { 1287 AHCIDevice *ad = DO_UPCAST(AHCIDevice, dma, dma); 1288 IDEState *s = &ad->port.ifs[0]; 1289 uint32_t size = (uint32_t)(s->data_end - s->data_ptr); 1290 /* write == ram -> device */ 1291 uint16_t opts = le16_to_cpu(ad->cur_cmd->opts); 1292 int is_write = opts & AHCI_CMD_WRITE; 1293 int is_atapi = opts & AHCI_CMD_ATAPI; 1294 int has_sglist = 0; 1295 1296 if (is_atapi && !ad->done_atapi_packet) { 1297 /* already prepopulated iobuffer */ 1298 ad->done_atapi_packet = true; 1299 size = 0; 1300 goto out; 1301 } 1302 1303 if (ahci_dma_prepare_buf(dma, size)) { 1304 has_sglist = 1; 1305 } 1306 1307 trace_ahci_start_transfer(ad->hba, ad->port_no, is_write ? "writ" : "read", 1308 size, is_atapi ? "atapi" : "ata", 1309 has_sglist ? "" : "o"); 1310 1311 if (has_sglist && size) { 1312 if (is_write) { 1313 dma_buf_write(s->data_ptr, size, &s->sg); 1314 } else { 1315 dma_buf_read(s->data_ptr, size, &s->sg); 1316 } 1317 } 1318 1319 out: 1320 /* declare that we processed everything */ 1321 s->data_ptr = s->data_end; 1322 1323 /* Update number of transferred bytes, destroy sglist */ 1324 dma_buf_commit(s, size); 1325 1326 s->end_transfer_func(s); 1327 1328 if (!(s->status & DRQ_STAT)) { 1329 /* done with PIO send/receive */ 1330 ahci_write_fis_pio(ad, le32_to_cpu(ad->cur_cmd->status)); 1331 } 1332 } 1333 1334 static void ahci_start_dma(IDEDMA *dma, IDEState *s, 1335 BlockCompletionFunc *dma_cb) 1336 { 1337 AHCIDevice *ad = DO_UPCAST(AHCIDevice, dma, dma); 1338 trace_ahci_start_dma(ad->hba, ad->port_no); 1339 s->io_buffer_offset = 0; 1340 dma_cb(s, 0); 1341 } 1342 1343 static void ahci_restart_dma(IDEDMA *dma) 1344 { 1345 /* Nothing to do, ahci_start_dma already resets s->io_buffer_offset. */ 1346 } 1347 1348 /** 1349 * IDE/PIO restarts are handled by the core layer, but NCQ commands 1350 * need an extra kick from the AHCI HBA. 1351 */ 1352 static void ahci_restart(IDEDMA *dma) 1353 { 1354 AHCIDevice *ad = DO_UPCAST(AHCIDevice, dma, dma); 1355 int i; 1356 1357 for (i = 0; i < AHCI_MAX_CMDS; i++) { 1358 NCQTransferState *ncq_tfs = &ad->ncq_tfs[i]; 1359 if (ncq_tfs->halt) { 1360 execute_ncq_command(ncq_tfs); 1361 } 1362 } 1363 } 1364 1365 /** 1366 * Called in DMA and PIO R/W chains to read the PRDT. 1367 * Not shared with NCQ pathways. 1368 */ 1369 static int32_t ahci_dma_prepare_buf(IDEDMA *dma, int32_t limit) 1370 { 1371 AHCIDevice *ad = DO_UPCAST(AHCIDevice, dma, dma); 1372 IDEState *s = &ad->port.ifs[0]; 1373 1374 if (ahci_populate_sglist(ad, &s->sg, ad->cur_cmd, 1375 limit, s->io_buffer_offset) == -1) { 1376 trace_ahci_dma_prepare_buf_fail(ad->hba, ad->port_no); 1377 return -1; 1378 } 1379 s->io_buffer_size = s->sg.size; 1380 1381 trace_ahci_dma_prepare_buf(ad->hba, ad->port_no, limit, s->io_buffer_size); 1382 return s->io_buffer_size; 1383 } 1384 1385 /** 1386 * Updates the command header with a bytes-read value. 1387 * Called via dma_buf_commit, for both DMA and PIO paths. 1388 * sglist destruction is handled within dma_buf_commit. 1389 */ 1390 static void ahci_commit_buf(IDEDMA *dma, uint32_t tx_bytes) 1391 { 1392 AHCIDevice *ad = DO_UPCAST(AHCIDevice, dma, dma); 1393 1394 tx_bytes += le32_to_cpu(ad->cur_cmd->status); 1395 ad->cur_cmd->status = cpu_to_le32(tx_bytes); 1396 } 1397 1398 static int ahci_dma_rw_buf(IDEDMA *dma, int is_write) 1399 { 1400 AHCIDevice *ad = DO_UPCAST(AHCIDevice, dma, dma); 1401 IDEState *s = &ad->port.ifs[0]; 1402 uint8_t *p = s->io_buffer + s->io_buffer_index; 1403 int l = s->io_buffer_size - s->io_buffer_index; 1404 1405 if (ahci_populate_sglist(ad, &s->sg, ad->cur_cmd, l, s->io_buffer_offset)) { 1406 return 0; 1407 } 1408 1409 if (is_write) { 1410 dma_buf_read(p, l, &s->sg); 1411 } else { 1412 dma_buf_write(p, l, &s->sg); 1413 } 1414 1415 /* free sglist, update byte count */ 1416 dma_buf_commit(s, l); 1417 s->io_buffer_index += l; 1418 1419 trace_ahci_dma_rw_buf(ad->hba, ad->port_no, l); 1420 return 1; 1421 } 1422 1423 static void ahci_cmd_done(IDEDMA *dma) 1424 { 1425 AHCIDevice *ad = DO_UPCAST(AHCIDevice, dma, dma); 1426 1427 trace_ahci_cmd_done(ad->hba, ad->port_no); 1428 1429 /* update d2h status */ 1430 ahci_write_fis_d2h(ad); 1431 1432 if (!ad->check_bh) { 1433 /* maybe we still have something to process, check later */ 1434 ad->check_bh = qemu_bh_new(ahci_check_cmd_bh, ad); 1435 qemu_bh_schedule(ad->check_bh); 1436 } 1437 } 1438 1439 static void ahci_irq_set(void *opaque, int n, int level) 1440 { 1441 } 1442 1443 static const IDEDMAOps ahci_dma_ops = { 1444 .start_dma = ahci_start_dma, 1445 .restart = ahci_restart, 1446 .restart_dma = ahci_restart_dma, 1447 .start_transfer = ahci_start_transfer, 1448 .prepare_buf = ahci_dma_prepare_buf, 1449 .commit_buf = ahci_commit_buf, 1450 .rw_buf = ahci_dma_rw_buf, 1451 .cmd_done = ahci_cmd_done, 1452 }; 1453 1454 void ahci_init(AHCIState *s, DeviceState *qdev) 1455 { 1456 s->container = qdev; 1457 /* XXX BAR size should be 1k, but that breaks, so bump it to 4k for now */ 1458 memory_region_init_io(&s->mem, OBJECT(qdev), &ahci_mem_ops, s, 1459 "ahci", AHCI_MEM_BAR_SIZE); 1460 memory_region_init_io(&s->idp, OBJECT(qdev), &ahci_idp_ops, s, 1461 "ahci-idp", 32); 1462 } 1463 1464 void ahci_realize(AHCIState *s, DeviceState *qdev, AddressSpace *as, int ports) 1465 { 1466 qemu_irq *irqs; 1467 int i; 1468 1469 s->as = as; 1470 s->ports = ports; 1471 s->dev = g_new0(AHCIDevice, ports); 1472 ahci_reg_init(s); 1473 irqs = qemu_allocate_irqs(ahci_irq_set, s, s->ports); 1474 for (i = 0; i < s->ports; i++) { 1475 AHCIDevice *ad = &s->dev[i]; 1476 1477 ide_bus_new(&ad->port, sizeof(ad->port), qdev, i, 1); 1478 ide_init2(&ad->port, irqs[i]); 1479 1480 ad->hba = s; 1481 ad->port_no = i; 1482 ad->port.dma = &ad->dma; 1483 ad->port.dma->ops = &ahci_dma_ops; 1484 ide_register_restart_cb(&ad->port); 1485 } 1486 g_free(irqs); 1487 } 1488 1489 void ahci_uninit(AHCIState *s) 1490 { 1491 int i, j; 1492 1493 for (i = 0; i < s->ports; i++) { 1494 AHCIDevice *ad = &s->dev[i]; 1495 1496 for (j = 0; j < 2; j++) { 1497 IDEState *s = &ad->port.ifs[j]; 1498 1499 ide_exit(s); 1500 } 1501 object_unparent(OBJECT(&ad->port)); 1502 } 1503 1504 g_free(s->dev); 1505 } 1506 1507 void ahci_reset(AHCIState *s) 1508 { 1509 AHCIPortRegs *pr; 1510 int i; 1511 1512 trace_ahci_reset(s); 1513 1514 s->control_regs.irqstatus = 0; 1515 /* AHCI Enable (AE) 1516 * The implementation of this bit is dependent upon the value of the 1517 * CAP.SAM bit. If CAP.SAM is '0', then GHC.AE shall be read-write and 1518 * shall have a reset value of '0'. If CAP.SAM is '1', then AE shall be 1519 * read-only and shall have a reset value of '1'. 1520 * 1521 * We set HOST_CAP_AHCI so we must enable AHCI at reset. 1522 */ 1523 s->control_regs.ghc = HOST_CTL_AHCI_EN; 1524 1525 for (i = 0; i < s->ports; i++) { 1526 pr = &s->dev[i].port_regs; 1527 pr->irq_stat = 0; 1528 pr->irq_mask = 0; 1529 pr->scr_ctl = 0; 1530 pr->cmd = PORT_CMD_SPIN_UP | PORT_CMD_POWER_ON; 1531 ahci_reset_port(s, i); 1532 } 1533 } 1534 1535 static const VMStateDescription vmstate_ncq_tfs = { 1536 .name = "ncq state", 1537 .version_id = 1, 1538 .fields = (VMStateField[]) { 1539 VMSTATE_UINT32(sector_count, NCQTransferState), 1540 VMSTATE_UINT64(lba, NCQTransferState), 1541 VMSTATE_UINT8(tag, NCQTransferState), 1542 VMSTATE_UINT8(cmd, NCQTransferState), 1543 VMSTATE_UINT8(slot, NCQTransferState), 1544 VMSTATE_BOOL(used, NCQTransferState), 1545 VMSTATE_BOOL(halt, NCQTransferState), 1546 VMSTATE_END_OF_LIST() 1547 }, 1548 }; 1549 1550 static const VMStateDescription vmstate_ahci_device = { 1551 .name = "ahci port", 1552 .version_id = 1, 1553 .fields = (VMStateField[]) { 1554 VMSTATE_IDE_BUS(port, AHCIDevice), 1555 VMSTATE_IDE_DRIVE(port.ifs[0], AHCIDevice), 1556 VMSTATE_UINT32(port_state, AHCIDevice), 1557 VMSTATE_UINT32(finished, AHCIDevice), 1558 VMSTATE_UINT32(port_regs.lst_addr, AHCIDevice), 1559 VMSTATE_UINT32(port_regs.lst_addr_hi, AHCIDevice), 1560 VMSTATE_UINT32(port_regs.fis_addr, AHCIDevice), 1561 VMSTATE_UINT32(port_regs.fis_addr_hi, AHCIDevice), 1562 VMSTATE_UINT32(port_regs.irq_stat, AHCIDevice), 1563 VMSTATE_UINT32(port_regs.irq_mask, AHCIDevice), 1564 VMSTATE_UINT32(port_regs.cmd, AHCIDevice), 1565 VMSTATE_UINT32(port_regs.tfdata, AHCIDevice), 1566 VMSTATE_UINT32(port_regs.sig, AHCIDevice), 1567 VMSTATE_UINT32(port_regs.scr_stat, AHCIDevice), 1568 VMSTATE_UINT32(port_regs.scr_ctl, AHCIDevice), 1569 VMSTATE_UINT32(port_regs.scr_err, AHCIDevice), 1570 VMSTATE_UINT32(port_regs.scr_act, AHCIDevice), 1571 VMSTATE_UINT32(port_regs.cmd_issue, AHCIDevice), 1572 VMSTATE_BOOL(done_atapi_packet, AHCIDevice), 1573 VMSTATE_INT32(busy_slot, AHCIDevice), 1574 VMSTATE_BOOL(init_d2h_sent, AHCIDevice), 1575 VMSTATE_STRUCT_ARRAY(ncq_tfs, AHCIDevice, AHCI_MAX_CMDS, 1576 1, vmstate_ncq_tfs, NCQTransferState), 1577 VMSTATE_END_OF_LIST() 1578 }, 1579 }; 1580 1581 static int ahci_state_post_load(void *opaque, int version_id) 1582 { 1583 int i, j; 1584 struct AHCIDevice *ad; 1585 NCQTransferState *ncq_tfs; 1586 AHCIPortRegs *pr; 1587 AHCIState *s = opaque; 1588 1589 for (i = 0; i < s->ports; i++) { 1590 ad = &s->dev[i]; 1591 pr = &ad->port_regs; 1592 1593 if (!(pr->cmd & PORT_CMD_START) && (pr->cmd & PORT_CMD_LIST_ON)) { 1594 error_report("AHCI: DMA engine should be off, but status bit " 1595 "indicates it is still running."); 1596 return -1; 1597 } 1598 if (!(pr->cmd & PORT_CMD_FIS_RX) && (pr->cmd & PORT_CMD_FIS_ON)) { 1599 error_report("AHCI: FIS RX engine should be off, but status bit " 1600 "indicates it is still running."); 1601 return -1; 1602 } 1603 1604 /* After a migrate, the DMA/FIS engines are "off" and 1605 * need to be conditionally restarted */ 1606 pr->cmd &= ~(PORT_CMD_LIST_ON | PORT_CMD_FIS_ON); 1607 if (ahci_cond_start_engines(ad) != 0) { 1608 return -1; 1609 } 1610 1611 for (j = 0; j < AHCI_MAX_CMDS; j++) { 1612 ncq_tfs = &ad->ncq_tfs[j]; 1613 ncq_tfs->drive = ad; 1614 1615 if (ncq_tfs->used != ncq_tfs->halt) { 1616 return -1; 1617 } 1618 if (!ncq_tfs->halt) { 1619 continue; 1620 } 1621 if (!is_ncq(ncq_tfs->cmd)) { 1622 return -1; 1623 } 1624 if (ncq_tfs->slot != ncq_tfs->tag) { 1625 return -1; 1626 } 1627 /* If ncq_tfs->halt is justly set, the engine should be engaged, 1628 * and the command list buffer should be mapped. */ 1629 ncq_tfs->cmdh = get_cmd_header(s, i, ncq_tfs->slot); 1630 if (!ncq_tfs->cmdh) { 1631 return -1; 1632 } 1633 ahci_populate_sglist(ncq_tfs->drive, &ncq_tfs->sglist, 1634 ncq_tfs->cmdh, ncq_tfs->sector_count * 512, 1635 0); 1636 if (ncq_tfs->sector_count != ncq_tfs->sglist.size >> 9) { 1637 return -1; 1638 } 1639 } 1640 1641 1642 /* 1643 * If an error is present, ad->busy_slot will be valid and not -1. 1644 * In this case, an operation is waiting to resume and will re-check 1645 * for additional AHCI commands to execute upon completion. 1646 * 1647 * In the case where no error was present, busy_slot will be -1, 1648 * and we should check to see if there are additional commands waiting. 1649 */ 1650 if (ad->busy_slot == -1) { 1651 check_cmd(s, i); 1652 } else { 1653 /* We are in the middle of a command, and may need to access 1654 * the command header in guest memory again. */ 1655 if (ad->busy_slot < 0 || ad->busy_slot >= AHCI_MAX_CMDS) { 1656 return -1; 1657 } 1658 ad->cur_cmd = get_cmd_header(s, i, ad->busy_slot); 1659 } 1660 } 1661 1662 return 0; 1663 } 1664 1665 const VMStateDescription vmstate_ahci = { 1666 .name = "ahci", 1667 .version_id = 1, 1668 .post_load = ahci_state_post_load, 1669 .fields = (VMStateField[]) { 1670 VMSTATE_STRUCT_VARRAY_POINTER_INT32(dev, AHCIState, ports, 1671 vmstate_ahci_device, AHCIDevice), 1672 VMSTATE_UINT32(control_regs.cap, AHCIState), 1673 VMSTATE_UINT32(control_regs.ghc, AHCIState), 1674 VMSTATE_UINT32(control_regs.irqstatus, AHCIState), 1675 VMSTATE_UINT32(control_regs.impl, AHCIState), 1676 VMSTATE_UINT32(control_regs.version, AHCIState), 1677 VMSTATE_UINT32(idp_index, AHCIState), 1678 VMSTATE_INT32_EQUAL(ports, AHCIState, NULL), 1679 VMSTATE_END_OF_LIST() 1680 }, 1681 }; 1682 1683 static const VMStateDescription vmstate_sysbus_ahci = { 1684 .name = "sysbus-ahci", 1685 .fields = (VMStateField[]) { 1686 VMSTATE_AHCI(ahci, SysbusAHCIState), 1687 VMSTATE_END_OF_LIST() 1688 }, 1689 }; 1690 1691 static void sysbus_ahci_reset(DeviceState *dev) 1692 { 1693 SysbusAHCIState *s = SYSBUS_AHCI(dev); 1694 1695 ahci_reset(&s->ahci); 1696 } 1697 1698 static void sysbus_ahci_init(Object *obj) 1699 { 1700 SysbusAHCIState *s = SYSBUS_AHCI(obj); 1701 SysBusDevice *sbd = SYS_BUS_DEVICE(obj); 1702 1703 ahci_init(&s->ahci, DEVICE(obj)); 1704 1705 sysbus_init_mmio(sbd, &s->ahci.mem); 1706 sysbus_init_irq(sbd, &s->ahci.irq); 1707 } 1708 1709 static void sysbus_ahci_realize(DeviceState *dev, Error **errp) 1710 { 1711 SysbusAHCIState *s = SYSBUS_AHCI(dev); 1712 1713 ahci_realize(&s->ahci, dev, &address_space_memory, s->num_ports); 1714 } 1715 1716 static Property sysbus_ahci_properties[] = { 1717 DEFINE_PROP_UINT32("num-ports", SysbusAHCIState, num_ports, 1), 1718 DEFINE_PROP_END_OF_LIST(), 1719 }; 1720 1721 static void sysbus_ahci_class_init(ObjectClass *klass, void *data) 1722 { 1723 DeviceClass *dc = DEVICE_CLASS(klass); 1724 1725 dc->realize = sysbus_ahci_realize; 1726 dc->vmsd = &vmstate_sysbus_ahci; 1727 dc->props = sysbus_ahci_properties; 1728 dc->reset = sysbus_ahci_reset; 1729 set_bit(DEVICE_CATEGORY_STORAGE, dc->categories); 1730 } 1731 1732 static const TypeInfo sysbus_ahci_info = { 1733 .name = TYPE_SYSBUS_AHCI, 1734 .parent = TYPE_SYS_BUS_DEVICE, 1735 .instance_size = sizeof(SysbusAHCIState), 1736 .instance_init = sysbus_ahci_init, 1737 .class_init = sysbus_ahci_class_init, 1738 }; 1739 1740 static void sysbus_ahci_register_types(void) 1741 { 1742 type_register_static(&sysbus_ahci_info); 1743 } 1744 1745 type_init(sysbus_ahci_register_types) 1746 1747 int32_t ahci_get_num_ports(PCIDevice *dev) 1748 { 1749 AHCIPCIState *d = ICH_AHCI(dev); 1750 AHCIState *ahci = &d->ahci; 1751 1752 return ahci->ports; 1753 } 1754 1755 void ahci_ide_create_devs(PCIDevice *dev, DriveInfo **hd) 1756 { 1757 AHCIPCIState *d = ICH_AHCI(dev); 1758 AHCIState *ahci = &d->ahci; 1759 int i; 1760 1761 for (i = 0; i < ahci->ports; i++) { 1762 if (hd[i] == NULL) { 1763 continue; 1764 } 1765 ide_create_drive(&ahci->dev[i].port, 0, hd[i]); 1766 } 1767 1768 } 1769