1 /* 2 * QEMU AHCI Emulation 3 * 4 * Copyright (c) 2010 qiaochong@loongson.cn 5 * Copyright (c) 2010 Roland Elek <elek.roland@gmail.com> 6 * Copyright (c) 2010 Sebastian Herbszt <herbszt@gmx.de> 7 * Copyright (c) 2010 Alexander Graf <agraf@suse.de> 8 * 9 * This library is free software; you can redistribute it and/or 10 * modify it under the terms of the GNU Lesser General Public 11 * License as published by the Free Software Foundation; either 12 * version 2 of the License, or (at your option) any later version. 13 * 14 * This library is distributed in the hope that it will be useful, 15 * but WITHOUT ANY WARRANTY; without even the implied warranty of 16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 17 * Lesser General Public License for more details. 18 * 19 * You should have received a copy of the GNU Lesser General Public 20 * License along with this library; if not, see <http://www.gnu.org/licenses/>. 21 * 22 */ 23 24 #include "qemu/osdep.h" 25 #include "hw/hw.h" 26 #include "hw/pci/msi.h" 27 #include "hw/i386/pc.h" 28 #include "hw/pci/pci.h" 29 30 #include "qemu/error-report.h" 31 #include "sysemu/block-backend.h" 32 #include "sysemu/dma.h" 33 #include "hw/ide/internal.h" 34 #include "hw/ide/pci.h" 35 #include "hw/ide/ahci.h" 36 37 #define DEBUG_AHCI 0 38 39 #define DPRINTF(port, fmt, ...) \ 40 do { \ 41 if (DEBUG_AHCI) { \ 42 fprintf(stderr, "ahci: %s: [%d] ", __func__, port); \ 43 fprintf(stderr, fmt, ## __VA_ARGS__); \ 44 } \ 45 } while (0) 46 47 static void check_cmd(AHCIState *s, int port); 48 static int handle_cmd(AHCIState *s, int port, uint8_t slot); 49 static void ahci_reset_port(AHCIState *s, int port); 50 static bool ahci_write_fis_d2h(AHCIDevice *ad); 51 static void ahci_init_d2h(AHCIDevice *ad); 52 static int ahci_dma_prepare_buf(IDEDMA *dma, int32_t limit); 53 static bool ahci_map_clb_address(AHCIDevice *ad); 54 static bool ahci_map_fis_address(AHCIDevice *ad); 55 static void ahci_unmap_clb_address(AHCIDevice *ad); 56 static void ahci_unmap_fis_address(AHCIDevice *ad); 57 58 59 static uint32_t ahci_port_read(AHCIState *s, int port, int offset) 60 { 61 uint32_t val; 62 AHCIPortRegs *pr; 63 pr = &s->dev[port].port_regs; 64 65 switch (offset) { 66 case PORT_LST_ADDR: 67 val = pr->lst_addr; 68 break; 69 case PORT_LST_ADDR_HI: 70 val = pr->lst_addr_hi; 71 break; 72 case PORT_FIS_ADDR: 73 val = pr->fis_addr; 74 break; 75 case PORT_FIS_ADDR_HI: 76 val = pr->fis_addr_hi; 77 break; 78 case PORT_IRQ_STAT: 79 val = pr->irq_stat; 80 break; 81 case PORT_IRQ_MASK: 82 val = pr->irq_mask; 83 break; 84 case PORT_CMD: 85 val = pr->cmd; 86 break; 87 case PORT_TFDATA: 88 val = pr->tfdata; 89 break; 90 case PORT_SIG: 91 val = pr->sig; 92 break; 93 case PORT_SCR_STAT: 94 if (s->dev[port].port.ifs[0].blk) { 95 val = SATA_SCR_SSTATUS_DET_DEV_PRESENT_PHY_UP | 96 SATA_SCR_SSTATUS_SPD_GEN1 | SATA_SCR_SSTATUS_IPM_ACTIVE; 97 } else { 98 val = SATA_SCR_SSTATUS_DET_NODEV; 99 } 100 break; 101 case PORT_SCR_CTL: 102 val = pr->scr_ctl; 103 break; 104 case PORT_SCR_ERR: 105 val = pr->scr_err; 106 break; 107 case PORT_SCR_ACT: 108 val = pr->scr_act; 109 break; 110 case PORT_CMD_ISSUE: 111 val = pr->cmd_issue; 112 break; 113 case PORT_RESERVED: 114 default: 115 val = 0; 116 } 117 DPRINTF(port, "offset: 0x%x val: 0x%x\n", offset, val); 118 return val; 119 120 } 121 122 static void ahci_irq_raise(AHCIState *s, AHCIDevice *dev) 123 { 124 DeviceState *dev_state = s->container; 125 PCIDevice *pci_dev = (PCIDevice *) object_dynamic_cast(OBJECT(dev_state), 126 TYPE_PCI_DEVICE); 127 128 DPRINTF(0, "raise irq\n"); 129 130 if (pci_dev && msi_enabled(pci_dev)) { 131 msi_notify(pci_dev, 0); 132 } else { 133 qemu_irq_raise(s->irq); 134 } 135 } 136 137 static void ahci_irq_lower(AHCIState *s, AHCIDevice *dev) 138 { 139 DeviceState *dev_state = s->container; 140 PCIDevice *pci_dev = (PCIDevice *) object_dynamic_cast(OBJECT(dev_state), 141 TYPE_PCI_DEVICE); 142 143 DPRINTF(0, "lower irq\n"); 144 145 if (!pci_dev || !msi_enabled(pci_dev)) { 146 qemu_irq_lower(s->irq); 147 } 148 } 149 150 static void ahci_check_irq(AHCIState *s) 151 { 152 int i; 153 154 DPRINTF(-1, "check irq %#x\n", s->control_regs.irqstatus); 155 156 s->control_regs.irqstatus = 0; 157 for (i = 0; i < s->ports; i++) { 158 AHCIPortRegs *pr = &s->dev[i].port_regs; 159 if (pr->irq_stat & pr->irq_mask) { 160 s->control_regs.irqstatus |= (1 << i); 161 } 162 } 163 164 if (s->control_regs.irqstatus && 165 (s->control_regs.ghc & HOST_CTL_IRQ_EN)) { 166 ahci_irq_raise(s, NULL); 167 } else { 168 ahci_irq_lower(s, NULL); 169 } 170 } 171 172 static void ahci_trigger_irq(AHCIState *s, AHCIDevice *d, 173 int irq_type) 174 { 175 DPRINTF(d->port_no, "trigger irq %#x -> %x\n", 176 irq_type, d->port_regs.irq_mask & irq_type); 177 178 d->port_regs.irq_stat |= irq_type; 179 ahci_check_irq(s); 180 } 181 182 static void map_page(AddressSpace *as, uint8_t **ptr, uint64_t addr, 183 uint32_t wanted) 184 { 185 hwaddr len = wanted; 186 187 if (*ptr) { 188 dma_memory_unmap(as, *ptr, len, DMA_DIRECTION_FROM_DEVICE, len); 189 } 190 191 *ptr = dma_memory_map(as, addr, &len, DMA_DIRECTION_FROM_DEVICE); 192 if (len < wanted) { 193 dma_memory_unmap(as, *ptr, len, DMA_DIRECTION_FROM_DEVICE, len); 194 *ptr = NULL; 195 } 196 } 197 198 /** 199 * Check the cmd register to see if we should start or stop 200 * the DMA or FIS RX engines. 201 * 202 * @ad: Device to dis/engage. 203 * 204 * @return 0 on success, -1 on error. 205 */ 206 static int ahci_cond_start_engines(AHCIDevice *ad) 207 { 208 AHCIPortRegs *pr = &ad->port_regs; 209 bool cmd_start = pr->cmd & PORT_CMD_START; 210 bool cmd_on = pr->cmd & PORT_CMD_LIST_ON; 211 bool fis_start = pr->cmd & PORT_CMD_FIS_RX; 212 bool fis_on = pr->cmd & PORT_CMD_FIS_ON; 213 214 if (cmd_start && !cmd_on) { 215 if (!ahci_map_clb_address(ad)) { 216 pr->cmd &= ~PORT_CMD_START; 217 error_report("AHCI: Failed to start DMA engine: " 218 "bad command list buffer address"); 219 return -1; 220 } 221 } else if (!cmd_start && cmd_on) { 222 ahci_unmap_clb_address(ad); 223 } 224 225 if (fis_start && !fis_on) { 226 if (!ahci_map_fis_address(ad)) { 227 pr->cmd &= ~PORT_CMD_FIS_RX; 228 error_report("AHCI: Failed to start FIS receive engine: " 229 "bad FIS receive buffer address"); 230 return -1; 231 } 232 } else if (!fis_start && fis_on) { 233 ahci_unmap_fis_address(ad); 234 } 235 236 return 0; 237 } 238 239 static void ahci_port_write(AHCIState *s, int port, int offset, uint32_t val) 240 { 241 AHCIPortRegs *pr = &s->dev[port].port_regs; 242 243 DPRINTF(port, "offset: 0x%x val: 0x%x\n", offset, val); 244 switch (offset) { 245 case PORT_LST_ADDR: 246 pr->lst_addr = val; 247 break; 248 case PORT_LST_ADDR_HI: 249 pr->lst_addr_hi = val; 250 break; 251 case PORT_FIS_ADDR: 252 pr->fis_addr = val; 253 break; 254 case PORT_FIS_ADDR_HI: 255 pr->fis_addr_hi = val; 256 break; 257 case PORT_IRQ_STAT: 258 pr->irq_stat &= ~val; 259 ahci_check_irq(s); 260 break; 261 case PORT_IRQ_MASK: 262 pr->irq_mask = val & 0xfdc000ff; 263 ahci_check_irq(s); 264 break; 265 case PORT_CMD: 266 /* Block any Read-only fields from being set; 267 * including LIST_ON and FIS_ON. 268 * The spec requires to set ICC bits to zero after the ICC change 269 * is done. We don't support ICC state changes, therefore always 270 * force the ICC bits to zero. 271 */ 272 pr->cmd = (pr->cmd & PORT_CMD_RO_MASK) | 273 (val & ~(PORT_CMD_RO_MASK|PORT_CMD_ICC_MASK)); 274 275 /* Check FIS RX and CLB engines */ 276 ahci_cond_start_engines(&s->dev[port]); 277 278 /* XXX usually the FIS would be pending on the bus here and 279 issuing deferred until the OS enables FIS receival. 280 Instead, we only submit it once - which works in most 281 cases, but is a hack. */ 282 if ((pr->cmd & PORT_CMD_FIS_ON) && 283 !s->dev[port].init_d2h_sent) { 284 ahci_init_d2h(&s->dev[port]); 285 } 286 287 check_cmd(s, port); 288 break; 289 case PORT_TFDATA: 290 /* Read Only. */ 291 break; 292 case PORT_SIG: 293 /* Read Only */ 294 break; 295 case PORT_SCR_STAT: 296 /* Read Only */ 297 break; 298 case PORT_SCR_CTL: 299 if (((pr->scr_ctl & AHCI_SCR_SCTL_DET) == 1) && 300 ((val & AHCI_SCR_SCTL_DET) == 0)) { 301 ahci_reset_port(s, port); 302 } 303 pr->scr_ctl = val; 304 break; 305 case PORT_SCR_ERR: 306 pr->scr_err &= ~val; 307 break; 308 case PORT_SCR_ACT: 309 /* RW1 */ 310 pr->scr_act |= val; 311 break; 312 case PORT_CMD_ISSUE: 313 pr->cmd_issue |= val; 314 check_cmd(s, port); 315 break; 316 default: 317 break; 318 } 319 } 320 321 static uint64_t ahci_mem_read_32(void *opaque, hwaddr addr) 322 { 323 AHCIState *s = opaque; 324 uint32_t val = 0; 325 326 if (addr < AHCI_GENERIC_HOST_CONTROL_REGS_MAX_ADDR) { 327 switch (addr) { 328 case HOST_CAP: 329 val = s->control_regs.cap; 330 break; 331 case HOST_CTL: 332 val = s->control_regs.ghc; 333 break; 334 case HOST_IRQ_STAT: 335 val = s->control_regs.irqstatus; 336 break; 337 case HOST_PORTS_IMPL: 338 val = s->control_regs.impl; 339 break; 340 case HOST_VERSION: 341 val = s->control_regs.version; 342 break; 343 } 344 345 DPRINTF(-1, "(addr 0x%08X), val 0x%08X\n", (unsigned) addr, val); 346 } else if ((addr >= AHCI_PORT_REGS_START_ADDR) && 347 (addr < (AHCI_PORT_REGS_START_ADDR + 348 (s->ports * AHCI_PORT_ADDR_OFFSET_LEN)))) { 349 val = ahci_port_read(s, (addr - AHCI_PORT_REGS_START_ADDR) >> 7, 350 addr & AHCI_PORT_ADDR_OFFSET_MASK); 351 } 352 353 return val; 354 } 355 356 357 /** 358 * AHCI 1.3 section 3 ("HBA Memory Registers") 359 * Support unaligned 8/16/32 bit reads, and 64 bit aligned reads. 360 * Caller is responsible for masking unwanted higher order bytes. 361 */ 362 static uint64_t ahci_mem_read(void *opaque, hwaddr addr, unsigned size) 363 { 364 hwaddr aligned = addr & ~0x3; 365 int ofst = addr - aligned; 366 uint64_t lo = ahci_mem_read_32(opaque, aligned); 367 uint64_t hi; 368 uint64_t val; 369 370 /* if < 8 byte read does not cross 4 byte boundary */ 371 if (ofst + size <= 4) { 372 val = lo >> (ofst * 8); 373 } else { 374 g_assert_cmpint(size, >, 1); 375 376 /* If the 64bit read is unaligned, we will produce undefined 377 * results. AHCI does not support unaligned 64bit reads. */ 378 hi = ahci_mem_read_32(opaque, aligned + 4); 379 val = (hi << 32 | lo) >> (ofst * 8); 380 } 381 382 DPRINTF(-1, "addr=0x%" HWADDR_PRIx " val=0x%" PRIx64 ", size=%d\n", 383 addr, val, size); 384 return val; 385 } 386 387 388 static void ahci_mem_write(void *opaque, hwaddr addr, 389 uint64_t val, unsigned size) 390 { 391 AHCIState *s = opaque; 392 393 DPRINTF(-1, "addr=0x%" HWADDR_PRIx " val=0x%" PRIx64 ", size=%d\n", 394 addr, val, size); 395 396 /* Only aligned reads are allowed on AHCI */ 397 if (addr & 3) { 398 fprintf(stderr, "ahci: Mis-aligned write to addr 0x" 399 TARGET_FMT_plx "\n", addr); 400 return; 401 } 402 403 if (addr < AHCI_GENERIC_HOST_CONTROL_REGS_MAX_ADDR) { 404 DPRINTF(-1, "(addr 0x%08X), val 0x%08"PRIX64"\n", (unsigned) addr, val); 405 406 switch (addr) { 407 case HOST_CAP: /* R/WO, RO */ 408 /* FIXME handle R/WO */ 409 break; 410 case HOST_CTL: /* R/W */ 411 if (val & HOST_CTL_RESET) { 412 DPRINTF(-1, "HBA Reset\n"); 413 ahci_reset(s); 414 } else { 415 s->control_regs.ghc = (val & 0x3) | HOST_CTL_AHCI_EN; 416 ahci_check_irq(s); 417 } 418 break; 419 case HOST_IRQ_STAT: /* R/WC, RO */ 420 s->control_regs.irqstatus &= ~val; 421 ahci_check_irq(s); 422 break; 423 case HOST_PORTS_IMPL: /* R/WO, RO */ 424 /* FIXME handle R/WO */ 425 break; 426 case HOST_VERSION: /* RO */ 427 /* FIXME report write? */ 428 break; 429 default: 430 DPRINTF(-1, "write to unknown register 0x%x\n", (unsigned)addr); 431 } 432 } else if ((addr >= AHCI_PORT_REGS_START_ADDR) && 433 (addr < (AHCI_PORT_REGS_START_ADDR + 434 (s->ports * AHCI_PORT_ADDR_OFFSET_LEN)))) { 435 ahci_port_write(s, (addr - AHCI_PORT_REGS_START_ADDR) >> 7, 436 addr & AHCI_PORT_ADDR_OFFSET_MASK, val); 437 } 438 439 } 440 441 static const MemoryRegionOps ahci_mem_ops = { 442 .read = ahci_mem_read, 443 .write = ahci_mem_write, 444 .endianness = DEVICE_LITTLE_ENDIAN, 445 }; 446 447 static uint64_t ahci_idp_read(void *opaque, hwaddr addr, 448 unsigned size) 449 { 450 AHCIState *s = opaque; 451 452 if (addr == s->idp_offset) { 453 /* index register */ 454 return s->idp_index; 455 } else if (addr == s->idp_offset + 4) { 456 /* data register - do memory read at location selected by index */ 457 return ahci_mem_read(opaque, s->idp_index, size); 458 } else { 459 return 0; 460 } 461 } 462 463 static void ahci_idp_write(void *opaque, hwaddr addr, 464 uint64_t val, unsigned size) 465 { 466 AHCIState *s = opaque; 467 468 if (addr == s->idp_offset) { 469 /* index register - mask off reserved bits */ 470 s->idp_index = (uint32_t)val & ((AHCI_MEM_BAR_SIZE - 1) & ~3); 471 } else if (addr == s->idp_offset + 4) { 472 /* data register - do memory write at location selected by index */ 473 ahci_mem_write(opaque, s->idp_index, val, size); 474 } 475 } 476 477 static const MemoryRegionOps ahci_idp_ops = { 478 .read = ahci_idp_read, 479 .write = ahci_idp_write, 480 .endianness = DEVICE_LITTLE_ENDIAN, 481 }; 482 483 484 static void ahci_reg_init(AHCIState *s) 485 { 486 int i; 487 488 s->control_regs.cap = (s->ports - 1) | 489 (AHCI_NUM_COMMAND_SLOTS << 8) | 490 (AHCI_SUPPORTED_SPEED_GEN1 << AHCI_SUPPORTED_SPEED) | 491 HOST_CAP_NCQ | HOST_CAP_AHCI; 492 493 s->control_regs.impl = (1 << s->ports) - 1; 494 495 s->control_regs.version = AHCI_VERSION_1_0; 496 497 for (i = 0; i < s->ports; i++) { 498 s->dev[i].port_state = STATE_RUN; 499 } 500 } 501 502 static void check_cmd(AHCIState *s, int port) 503 { 504 AHCIPortRegs *pr = &s->dev[port].port_regs; 505 uint8_t slot; 506 507 if ((pr->cmd & PORT_CMD_START) && pr->cmd_issue) { 508 for (slot = 0; (slot < 32) && pr->cmd_issue; slot++) { 509 if ((pr->cmd_issue & (1U << slot)) && 510 !handle_cmd(s, port, slot)) { 511 pr->cmd_issue &= ~(1U << slot); 512 } 513 } 514 } 515 } 516 517 static void ahci_check_cmd_bh(void *opaque) 518 { 519 AHCIDevice *ad = opaque; 520 521 qemu_bh_delete(ad->check_bh); 522 ad->check_bh = NULL; 523 524 if ((ad->busy_slot != -1) && 525 !(ad->port.ifs[0].status & (BUSY_STAT|DRQ_STAT))) { 526 /* no longer busy */ 527 ad->port_regs.cmd_issue &= ~(1 << ad->busy_slot); 528 ad->busy_slot = -1; 529 } 530 531 check_cmd(ad->hba, ad->port_no); 532 } 533 534 static void ahci_init_d2h(AHCIDevice *ad) 535 { 536 IDEState *ide_state = &ad->port.ifs[0]; 537 AHCIPortRegs *pr = &ad->port_regs; 538 539 if (ad->init_d2h_sent) { 540 return; 541 } 542 543 if (ahci_write_fis_d2h(ad)) { 544 ad->init_d2h_sent = true; 545 /* We're emulating receiving the first Reg H2D Fis from the device; 546 * Update the SIG register, but otherwise proceed as normal. */ 547 pr->sig = ((uint32_t)ide_state->hcyl << 24) | 548 (ide_state->lcyl << 16) | 549 (ide_state->sector << 8) | 550 (ide_state->nsector & 0xFF); 551 } 552 } 553 554 static void ahci_set_signature(AHCIDevice *ad, uint32_t sig) 555 { 556 IDEState *s = &ad->port.ifs[0]; 557 s->hcyl = sig >> 24 & 0xFF; 558 s->lcyl = sig >> 16 & 0xFF; 559 s->sector = sig >> 8 & 0xFF; 560 s->nsector = sig & 0xFF; 561 562 DPRINTF(ad->port_no, "set hcyl:lcyl:sect:nsect = 0x%08x\n", sig); 563 } 564 565 static void ahci_reset_port(AHCIState *s, int port) 566 { 567 AHCIDevice *d = &s->dev[port]; 568 AHCIPortRegs *pr = &d->port_regs; 569 IDEState *ide_state = &d->port.ifs[0]; 570 int i; 571 572 DPRINTF(port, "reset port\n"); 573 574 ide_bus_reset(&d->port); 575 ide_state->ncq_queues = AHCI_MAX_CMDS; 576 577 pr->scr_stat = 0; 578 pr->scr_err = 0; 579 pr->scr_act = 0; 580 pr->tfdata = 0x7F; 581 pr->sig = 0xFFFFFFFF; 582 d->busy_slot = -1; 583 d->init_d2h_sent = false; 584 585 ide_state = &s->dev[port].port.ifs[0]; 586 if (!ide_state->blk) { 587 return; 588 } 589 590 /* reset ncq queue */ 591 for (i = 0; i < AHCI_MAX_CMDS; i++) { 592 NCQTransferState *ncq_tfs = &s->dev[port].ncq_tfs[i]; 593 ncq_tfs->halt = false; 594 if (!ncq_tfs->used) { 595 continue; 596 } 597 598 if (ncq_tfs->aiocb) { 599 blk_aio_cancel(ncq_tfs->aiocb); 600 ncq_tfs->aiocb = NULL; 601 } 602 603 /* Maybe we just finished the request thanks to blk_aio_cancel() */ 604 if (!ncq_tfs->used) { 605 continue; 606 } 607 608 qemu_sglist_destroy(&ncq_tfs->sglist); 609 ncq_tfs->used = 0; 610 } 611 612 s->dev[port].port_state = STATE_RUN; 613 if (ide_state->drive_kind == IDE_CD) { 614 ahci_set_signature(d, SATA_SIGNATURE_CDROM);\ 615 ide_state->status = SEEK_STAT | WRERR_STAT | READY_STAT; 616 } else { 617 ahci_set_signature(d, SATA_SIGNATURE_DISK); 618 ide_state->status = SEEK_STAT | WRERR_STAT; 619 } 620 621 ide_state->error = 1; 622 ahci_init_d2h(d); 623 } 624 625 static void debug_print_fis(uint8_t *fis, int cmd_len) 626 { 627 #if DEBUG_AHCI 628 int i; 629 630 fprintf(stderr, "fis:"); 631 for (i = 0; i < cmd_len; i++) { 632 if ((i & 0xf) == 0) { 633 fprintf(stderr, "\n%02x:",i); 634 } 635 fprintf(stderr, "%02x ",fis[i]); 636 } 637 fprintf(stderr, "\n"); 638 #endif 639 } 640 641 static bool ahci_map_fis_address(AHCIDevice *ad) 642 { 643 AHCIPortRegs *pr = &ad->port_regs; 644 map_page(ad->hba->as, &ad->res_fis, 645 ((uint64_t)pr->fis_addr_hi << 32) | pr->fis_addr, 256); 646 if (ad->res_fis != NULL) { 647 pr->cmd |= PORT_CMD_FIS_ON; 648 return true; 649 } 650 651 pr->cmd &= ~PORT_CMD_FIS_ON; 652 return false; 653 } 654 655 static void ahci_unmap_fis_address(AHCIDevice *ad) 656 { 657 if (ad->res_fis == NULL) { 658 DPRINTF(ad->port_no, "Attempt to unmap NULL FIS address\n"); 659 return; 660 } 661 ad->port_regs.cmd &= ~PORT_CMD_FIS_ON; 662 dma_memory_unmap(ad->hba->as, ad->res_fis, 256, 663 DMA_DIRECTION_FROM_DEVICE, 256); 664 ad->res_fis = NULL; 665 } 666 667 static bool ahci_map_clb_address(AHCIDevice *ad) 668 { 669 AHCIPortRegs *pr = &ad->port_regs; 670 ad->cur_cmd = NULL; 671 map_page(ad->hba->as, &ad->lst, 672 ((uint64_t)pr->lst_addr_hi << 32) | pr->lst_addr, 1024); 673 if (ad->lst != NULL) { 674 pr->cmd |= PORT_CMD_LIST_ON; 675 return true; 676 } 677 678 pr->cmd &= ~PORT_CMD_LIST_ON; 679 return false; 680 } 681 682 static void ahci_unmap_clb_address(AHCIDevice *ad) 683 { 684 if (ad->lst == NULL) { 685 DPRINTF(ad->port_no, "Attempt to unmap NULL CLB address\n"); 686 return; 687 } 688 ad->port_regs.cmd &= ~PORT_CMD_LIST_ON; 689 dma_memory_unmap(ad->hba->as, ad->lst, 1024, 690 DMA_DIRECTION_FROM_DEVICE, 1024); 691 ad->lst = NULL; 692 } 693 694 static void ahci_write_fis_sdb(AHCIState *s, NCQTransferState *ncq_tfs) 695 { 696 AHCIDevice *ad = ncq_tfs->drive; 697 AHCIPortRegs *pr = &ad->port_regs; 698 IDEState *ide_state; 699 SDBFIS *sdb_fis; 700 701 if (!ad->res_fis || 702 !(pr->cmd & PORT_CMD_FIS_RX)) { 703 return; 704 } 705 706 sdb_fis = (SDBFIS *)&ad->res_fis[RES_FIS_SDBFIS]; 707 ide_state = &ad->port.ifs[0]; 708 709 sdb_fis->type = SATA_FIS_TYPE_SDB; 710 /* Interrupt pending & Notification bit */ 711 sdb_fis->flags = 0x40; /* Interrupt bit, always 1 for NCQ */ 712 sdb_fis->status = ide_state->status & 0x77; 713 sdb_fis->error = ide_state->error; 714 /* update SAct field in SDB_FIS */ 715 sdb_fis->payload = cpu_to_le32(ad->finished); 716 717 /* Update shadow registers (except BSY 0x80 and DRQ 0x08) */ 718 pr->tfdata = (ad->port.ifs[0].error << 8) | 719 (ad->port.ifs[0].status & 0x77) | 720 (pr->tfdata & 0x88); 721 pr->scr_act &= ~ad->finished; 722 ad->finished = 0; 723 724 /* Trigger IRQ if interrupt bit is set (which currently, it always is) */ 725 if (sdb_fis->flags & 0x40) { 726 ahci_trigger_irq(s, ad, PORT_IRQ_SDB_FIS); 727 } 728 } 729 730 static void ahci_write_fis_pio(AHCIDevice *ad, uint16_t len) 731 { 732 AHCIPortRegs *pr = &ad->port_regs; 733 uint8_t *pio_fis; 734 IDEState *s = &ad->port.ifs[0]; 735 736 if (!ad->res_fis || !(pr->cmd & PORT_CMD_FIS_RX)) { 737 return; 738 } 739 740 pio_fis = &ad->res_fis[RES_FIS_PSFIS]; 741 742 pio_fis[0] = SATA_FIS_TYPE_PIO_SETUP; 743 pio_fis[1] = (ad->hba->control_regs.irqstatus ? (1 << 6) : 0); 744 pio_fis[2] = s->status; 745 pio_fis[3] = s->error; 746 747 pio_fis[4] = s->sector; 748 pio_fis[5] = s->lcyl; 749 pio_fis[6] = s->hcyl; 750 pio_fis[7] = s->select; 751 pio_fis[8] = s->hob_sector; 752 pio_fis[9] = s->hob_lcyl; 753 pio_fis[10] = s->hob_hcyl; 754 pio_fis[11] = 0; 755 pio_fis[12] = s->nsector & 0xFF; 756 pio_fis[13] = (s->nsector >> 8) & 0xFF; 757 pio_fis[14] = 0; 758 pio_fis[15] = s->status; 759 pio_fis[16] = len & 255; 760 pio_fis[17] = len >> 8; 761 pio_fis[18] = 0; 762 pio_fis[19] = 0; 763 764 /* Update shadow registers: */ 765 pr->tfdata = (ad->port.ifs[0].error << 8) | 766 ad->port.ifs[0].status; 767 768 if (pio_fis[2] & ERR_STAT) { 769 ahci_trigger_irq(ad->hba, ad, PORT_IRQ_TF_ERR); 770 } 771 772 ahci_trigger_irq(ad->hba, ad, PORT_IRQ_PIOS_FIS); 773 } 774 775 static bool ahci_write_fis_d2h(AHCIDevice *ad) 776 { 777 AHCIPortRegs *pr = &ad->port_regs; 778 uint8_t *d2h_fis; 779 int i; 780 IDEState *s = &ad->port.ifs[0]; 781 782 if (!ad->res_fis || !(pr->cmd & PORT_CMD_FIS_RX)) { 783 return false; 784 } 785 786 d2h_fis = &ad->res_fis[RES_FIS_RFIS]; 787 788 d2h_fis[0] = SATA_FIS_TYPE_REGISTER_D2H; 789 d2h_fis[1] = (ad->hba->control_regs.irqstatus ? (1 << 6) : 0); 790 d2h_fis[2] = s->status; 791 d2h_fis[3] = s->error; 792 793 d2h_fis[4] = s->sector; 794 d2h_fis[5] = s->lcyl; 795 d2h_fis[6] = s->hcyl; 796 d2h_fis[7] = s->select; 797 d2h_fis[8] = s->hob_sector; 798 d2h_fis[9] = s->hob_lcyl; 799 d2h_fis[10] = s->hob_hcyl; 800 d2h_fis[11] = 0; 801 d2h_fis[12] = s->nsector & 0xFF; 802 d2h_fis[13] = (s->nsector >> 8) & 0xFF; 803 for (i = 14; i < 20; i++) { 804 d2h_fis[i] = 0; 805 } 806 807 /* Update shadow registers: */ 808 pr->tfdata = (ad->port.ifs[0].error << 8) | 809 ad->port.ifs[0].status; 810 811 if (d2h_fis[2] & ERR_STAT) { 812 ahci_trigger_irq(ad->hba, ad, PORT_IRQ_TF_ERR); 813 } 814 815 ahci_trigger_irq(ad->hba, ad, PORT_IRQ_D2H_REG_FIS); 816 return true; 817 } 818 819 static int prdt_tbl_entry_size(const AHCI_SG *tbl) 820 { 821 /* flags_size is zero-based */ 822 return (le32_to_cpu(tbl->flags_size) & AHCI_PRDT_SIZE_MASK) + 1; 823 } 824 825 /** 826 * Fetch entries in a guest-provided PRDT and convert it into a QEMU SGlist. 827 * @ad: The AHCIDevice for whom we are building the SGList. 828 * @sglist: The SGList target to add PRD entries to. 829 * @cmd: The AHCI Command Header that describes where the PRDT is. 830 * @limit: The remaining size of the S/ATA transaction, in bytes. 831 * @offset: The number of bytes already transferred, in bytes. 832 * 833 * The AHCI PRDT can describe up to 256GiB. S/ATA only support transactions of 834 * up to 32MiB as of ATA8-ACS3 rev 1b, assuming a 512 byte sector size. We stop 835 * building the sglist from the PRDT as soon as we hit @limit bytes, 836 * which is <= INT32_MAX/2GiB. 837 */ 838 static int ahci_populate_sglist(AHCIDevice *ad, QEMUSGList *sglist, 839 AHCICmdHdr *cmd, int64_t limit, uint64_t offset) 840 { 841 uint16_t opts = le16_to_cpu(cmd->opts); 842 uint16_t prdtl = le16_to_cpu(cmd->prdtl); 843 uint64_t cfis_addr = le64_to_cpu(cmd->tbl_addr); 844 uint64_t prdt_addr = cfis_addr + 0x80; 845 dma_addr_t prdt_len = (prdtl * sizeof(AHCI_SG)); 846 dma_addr_t real_prdt_len = prdt_len; 847 uint8_t *prdt; 848 int i; 849 int r = 0; 850 uint64_t sum = 0; 851 int off_idx = -1; 852 int64_t off_pos = -1; 853 int tbl_entry_size; 854 IDEBus *bus = &ad->port; 855 BusState *qbus = BUS(bus); 856 857 if (!prdtl) { 858 DPRINTF(ad->port_no, "no sg list given by guest: 0x%08x\n", opts); 859 return -1; 860 } 861 862 /* map PRDT */ 863 if (!(prdt = dma_memory_map(ad->hba->as, prdt_addr, &prdt_len, 864 DMA_DIRECTION_TO_DEVICE))){ 865 DPRINTF(ad->port_no, "map failed\n"); 866 return -1; 867 } 868 869 if (prdt_len < real_prdt_len) { 870 DPRINTF(ad->port_no, "mapped less than expected\n"); 871 r = -1; 872 goto out; 873 } 874 875 /* Get entries in the PRDT, init a qemu sglist accordingly */ 876 if (prdtl > 0) { 877 AHCI_SG *tbl = (AHCI_SG *)prdt; 878 sum = 0; 879 for (i = 0; i < prdtl; i++) { 880 tbl_entry_size = prdt_tbl_entry_size(&tbl[i]); 881 if (offset < (sum + tbl_entry_size)) { 882 off_idx = i; 883 off_pos = offset - sum; 884 break; 885 } 886 sum += tbl_entry_size; 887 } 888 if ((off_idx == -1) || (off_pos < 0) || (off_pos > tbl_entry_size)) { 889 DPRINTF(ad->port_no, "%s: Incorrect offset! " 890 "off_idx: %d, off_pos: %"PRId64"\n", 891 __func__, off_idx, off_pos); 892 r = -1; 893 goto out; 894 } 895 896 qemu_sglist_init(sglist, qbus->parent, (prdtl - off_idx), 897 ad->hba->as); 898 qemu_sglist_add(sglist, le64_to_cpu(tbl[off_idx].addr) + off_pos, 899 MIN(prdt_tbl_entry_size(&tbl[off_idx]) - off_pos, 900 limit)); 901 902 for (i = off_idx + 1; i < prdtl && sglist->size < limit; i++) { 903 qemu_sglist_add(sglist, le64_to_cpu(tbl[i].addr), 904 MIN(prdt_tbl_entry_size(&tbl[i]), 905 limit - sglist->size)); 906 } 907 } 908 909 out: 910 dma_memory_unmap(ad->hba->as, prdt, prdt_len, 911 DMA_DIRECTION_TO_DEVICE, prdt_len); 912 return r; 913 } 914 915 static void ncq_err(NCQTransferState *ncq_tfs) 916 { 917 IDEState *ide_state = &ncq_tfs->drive->port.ifs[0]; 918 919 ide_state->error = ABRT_ERR; 920 ide_state->status = READY_STAT | ERR_STAT; 921 ncq_tfs->drive->port_regs.scr_err |= (1 << ncq_tfs->tag); 922 qemu_sglist_destroy(&ncq_tfs->sglist); 923 ncq_tfs->used = 0; 924 } 925 926 static void ncq_finish(NCQTransferState *ncq_tfs) 927 { 928 /* If we didn't error out, set our finished bit. Errored commands 929 * do not get a bit set for the SDB FIS ACT register, nor do they 930 * clear the outstanding bit in scr_act (PxSACT). */ 931 if (!(ncq_tfs->drive->port_regs.scr_err & (1 << ncq_tfs->tag))) { 932 ncq_tfs->drive->finished |= (1 << ncq_tfs->tag); 933 } 934 935 ahci_write_fis_sdb(ncq_tfs->drive->hba, ncq_tfs); 936 937 DPRINTF(ncq_tfs->drive->port_no, "NCQ transfer tag %d finished\n", 938 ncq_tfs->tag); 939 940 block_acct_done(blk_get_stats(ncq_tfs->drive->port.ifs[0].blk), 941 &ncq_tfs->acct); 942 qemu_sglist_destroy(&ncq_tfs->sglist); 943 ncq_tfs->used = 0; 944 } 945 946 static void ncq_cb(void *opaque, int ret) 947 { 948 NCQTransferState *ncq_tfs = (NCQTransferState *)opaque; 949 IDEState *ide_state = &ncq_tfs->drive->port.ifs[0]; 950 951 ncq_tfs->aiocb = NULL; 952 if (ret == -ECANCELED) { 953 return; 954 } 955 956 if (ret < 0) { 957 bool is_read = ncq_tfs->cmd == READ_FPDMA_QUEUED; 958 BlockErrorAction action = blk_get_error_action(ide_state->blk, 959 is_read, -ret); 960 if (action == BLOCK_ERROR_ACTION_STOP) { 961 ncq_tfs->halt = true; 962 ide_state->bus->error_status = IDE_RETRY_HBA; 963 } else if (action == BLOCK_ERROR_ACTION_REPORT) { 964 ncq_err(ncq_tfs); 965 } 966 blk_error_action(ide_state->blk, action, is_read, -ret); 967 } else { 968 ide_state->status = READY_STAT | SEEK_STAT; 969 } 970 971 if (!ncq_tfs->halt) { 972 ncq_finish(ncq_tfs); 973 } 974 } 975 976 static int is_ncq(uint8_t ata_cmd) 977 { 978 /* Based on SATA 3.2 section 13.6.3.2 */ 979 switch (ata_cmd) { 980 case READ_FPDMA_QUEUED: 981 case WRITE_FPDMA_QUEUED: 982 case NCQ_NON_DATA: 983 case RECEIVE_FPDMA_QUEUED: 984 case SEND_FPDMA_QUEUED: 985 return 1; 986 default: 987 return 0; 988 } 989 } 990 991 static void execute_ncq_command(NCQTransferState *ncq_tfs) 992 { 993 AHCIDevice *ad = ncq_tfs->drive; 994 IDEState *ide_state = &ad->port.ifs[0]; 995 int port = ad->port_no; 996 997 g_assert(is_ncq(ncq_tfs->cmd)); 998 ncq_tfs->halt = false; 999 1000 switch (ncq_tfs->cmd) { 1001 case READ_FPDMA_QUEUED: 1002 DPRINTF(port, "NCQ reading %d sectors from LBA %"PRId64", tag %d\n", 1003 ncq_tfs->sector_count, ncq_tfs->lba, ncq_tfs->tag); 1004 1005 DPRINTF(port, "tag %d aio read %"PRId64"\n", 1006 ncq_tfs->tag, ncq_tfs->lba); 1007 1008 dma_acct_start(ide_state->blk, &ncq_tfs->acct, 1009 &ncq_tfs->sglist, BLOCK_ACCT_READ); 1010 ncq_tfs->aiocb = dma_blk_read(ide_state->blk, &ncq_tfs->sglist, 1011 ncq_tfs->lba << BDRV_SECTOR_BITS, 1012 BDRV_SECTOR_SIZE, 1013 ncq_cb, ncq_tfs); 1014 break; 1015 case WRITE_FPDMA_QUEUED: 1016 DPRINTF(port, "NCQ writing %d sectors to LBA %"PRId64", tag %d\n", 1017 ncq_tfs->sector_count, ncq_tfs->lba, ncq_tfs->tag); 1018 1019 DPRINTF(port, "tag %d aio write %"PRId64"\n", 1020 ncq_tfs->tag, ncq_tfs->lba); 1021 1022 dma_acct_start(ide_state->blk, &ncq_tfs->acct, 1023 &ncq_tfs->sglist, BLOCK_ACCT_WRITE); 1024 ncq_tfs->aiocb = dma_blk_write(ide_state->blk, &ncq_tfs->sglist, 1025 ncq_tfs->lba << BDRV_SECTOR_BITS, 1026 BDRV_SECTOR_SIZE, 1027 ncq_cb, ncq_tfs); 1028 break; 1029 default: 1030 DPRINTF(port, "error: unsupported NCQ command (0x%02x) received\n", 1031 ncq_tfs->cmd); 1032 ncq_err(ncq_tfs); 1033 } 1034 } 1035 1036 1037 static void process_ncq_command(AHCIState *s, int port, uint8_t *cmd_fis, 1038 uint8_t slot) 1039 { 1040 AHCIDevice *ad = &s->dev[port]; 1041 IDEState *ide_state = &ad->port.ifs[0]; 1042 NCQFrame *ncq_fis = (NCQFrame*)cmd_fis; 1043 uint8_t tag = ncq_fis->tag >> 3; 1044 NCQTransferState *ncq_tfs = &ad->ncq_tfs[tag]; 1045 size_t size; 1046 1047 g_assert(is_ncq(ncq_fis->command)); 1048 if (ncq_tfs->used) { 1049 /* error - already in use */ 1050 fprintf(stderr, "%s: tag %d already used\n", __FUNCTION__, tag); 1051 return; 1052 } 1053 1054 ncq_tfs->used = 1; 1055 ncq_tfs->drive = ad; 1056 ncq_tfs->slot = slot; 1057 ncq_tfs->cmdh = &((AHCICmdHdr *)ad->lst)[slot]; 1058 ncq_tfs->cmd = ncq_fis->command; 1059 ncq_tfs->lba = ((uint64_t)ncq_fis->lba5 << 40) | 1060 ((uint64_t)ncq_fis->lba4 << 32) | 1061 ((uint64_t)ncq_fis->lba3 << 24) | 1062 ((uint64_t)ncq_fis->lba2 << 16) | 1063 ((uint64_t)ncq_fis->lba1 << 8) | 1064 (uint64_t)ncq_fis->lba0; 1065 ncq_tfs->tag = tag; 1066 1067 /* Sanity-check the NCQ packet */ 1068 if (tag != slot) { 1069 DPRINTF(port, "Warn: NCQ slot (%d) did not match the given tag (%d)\n", 1070 slot, tag); 1071 } 1072 1073 if (ncq_fis->aux0 || ncq_fis->aux1 || ncq_fis->aux2 || ncq_fis->aux3) { 1074 DPRINTF(port, "Warn: Attempt to use NCQ auxiliary fields.\n"); 1075 } 1076 if (ncq_fis->prio || ncq_fis->icc) { 1077 DPRINTF(port, "Warn: Unsupported attempt to use PRIO/ICC fields\n"); 1078 } 1079 if (ncq_fis->fua & NCQ_FIS_FUA_MASK) { 1080 DPRINTF(port, "Warn: Unsupported attempt to use Force Unit Access\n"); 1081 } 1082 if (ncq_fis->tag & NCQ_FIS_RARC_MASK) { 1083 DPRINTF(port, "Warn: Unsupported attempt to use Rebuild Assist\n"); 1084 } 1085 1086 ncq_tfs->sector_count = ((ncq_fis->sector_count_high << 8) | 1087 ncq_fis->sector_count_low); 1088 if (!ncq_tfs->sector_count) { 1089 ncq_tfs->sector_count = 0x10000; 1090 } 1091 size = ncq_tfs->sector_count * 512; 1092 ahci_populate_sglist(ad, &ncq_tfs->sglist, ncq_tfs->cmdh, size, 0); 1093 1094 if (ncq_tfs->sglist.size < size) { 1095 error_report("ahci: PRDT length for NCQ command (0x%zx) " 1096 "is smaller than the requested size (0x%zx)", 1097 ncq_tfs->sglist.size, size); 1098 ncq_err(ncq_tfs); 1099 ahci_trigger_irq(ad->hba, ad, PORT_IRQ_OVERFLOW); 1100 return; 1101 } else if (ncq_tfs->sglist.size != size) { 1102 DPRINTF(port, "Warn: PRDTL (0x%zx)" 1103 " does not match requested size (0x%zx)", 1104 ncq_tfs->sglist.size, size); 1105 } 1106 1107 DPRINTF(port, "NCQ transfer LBA from %"PRId64" to %"PRId64", " 1108 "drive max %"PRId64"\n", 1109 ncq_tfs->lba, ncq_tfs->lba + ncq_tfs->sector_count - 1, 1110 ide_state->nb_sectors - 1); 1111 1112 execute_ncq_command(ncq_tfs); 1113 } 1114 1115 static AHCICmdHdr *get_cmd_header(AHCIState *s, uint8_t port, uint8_t slot) 1116 { 1117 if (port >= s->ports || slot >= AHCI_MAX_CMDS) { 1118 return NULL; 1119 } 1120 1121 return s->dev[port].lst ? &((AHCICmdHdr *)s->dev[port].lst)[slot] : NULL; 1122 } 1123 1124 static void handle_reg_h2d_fis(AHCIState *s, int port, 1125 uint8_t slot, uint8_t *cmd_fis) 1126 { 1127 IDEState *ide_state = &s->dev[port].port.ifs[0]; 1128 AHCICmdHdr *cmd = get_cmd_header(s, port, slot); 1129 uint16_t opts = le16_to_cpu(cmd->opts); 1130 1131 if (cmd_fis[1] & 0x0F) { 1132 DPRINTF(port, "Port Multiplier not supported." 1133 " cmd_fis[0]=%02x cmd_fis[1]=%02x cmd_fis[2]=%02x\n", 1134 cmd_fis[0], cmd_fis[1], cmd_fis[2]); 1135 return; 1136 } 1137 1138 if (cmd_fis[1] & 0x70) { 1139 DPRINTF(port, "Reserved flags set in H2D Register FIS." 1140 " cmd_fis[0]=%02x cmd_fis[1]=%02x cmd_fis[2]=%02x\n", 1141 cmd_fis[0], cmd_fis[1], cmd_fis[2]); 1142 return; 1143 } 1144 1145 if (!(cmd_fis[1] & SATA_FIS_REG_H2D_UPDATE_COMMAND_REGISTER)) { 1146 switch (s->dev[port].port_state) { 1147 case STATE_RUN: 1148 if (cmd_fis[15] & ATA_SRST) { 1149 s->dev[port].port_state = STATE_RESET; 1150 } 1151 break; 1152 case STATE_RESET: 1153 if (!(cmd_fis[15] & ATA_SRST)) { 1154 ahci_reset_port(s, port); 1155 } 1156 break; 1157 } 1158 return; 1159 } 1160 1161 /* Check for NCQ command */ 1162 if (is_ncq(cmd_fis[2])) { 1163 process_ncq_command(s, port, cmd_fis, slot); 1164 return; 1165 } 1166 1167 /* Decompose the FIS: 1168 * AHCI does not interpret FIS packets, it only forwards them. 1169 * SATA 1.0 describes how to decode LBA28 and CHS FIS packets. 1170 * Later specifications, e.g, SATA 3.2, describe LBA48 FIS packets. 1171 * 1172 * ATA4 describes sector number for LBA28/CHS commands. 1173 * ATA6 describes sector number for LBA48 commands. 1174 * ATA8 deprecates CHS fully, describing only LBA28/48. 1175 * 1176 * We dutifully convert the FIS into IDE registers, and allow the 1177 * core layer to interpret them as needed. */ 1178 ide_state->feature = cmd_fis[3]; 1179 ide_state->sector = cmd_fis[4]; /* LBA 7:0 */ 1180 ide_state->lcyl = cmd_fis[5]; /* LBA 15:8 */ 1181 ide_state->hcyl = cmd_fis[6]; /* LBA 23:16 */ 1182 ide_state->select = cmd_fis[7]; /* LBA 27:24 (LBA28) */ 1183 ide_state->hob_sector = cmd_fis[8]; /* LBA 31:24 */ 1184 ide_state->hob_lcyl = cmd_fis[9]; /* LBA 39:32 */ 1185 ide_state->hob_hcyl = cmd_fis[10]; /* LBA 47:40 */ 1186 ide_state->hob_feature = cmd_fis[11]; 1187 ide_state->nsector = (int64_t)((cmd_fis[13] << 8) | cmd_fis[12]); 1188 /* 14, 16, 17, 18, 19: Reserved (SATA 1.0) */ 1189 /* 15: Only valid when UPDATE_COMMAND not set. */ 1190 1191 /* Copy the ACMD field (ATAPI packet, if any) from the AHCI command 1192 * table to ide_state->io_buffer */ 1193 if (opts & AHCI_CMD_ATAPI) { 1194 memcpy(ide_state->io_buffer, &cmd_fis[AHCI_COMMAND_TABLE_ACMD], 0x10); 1195 debug_print_fis(ide_state->io_buffer, 0x10); 1196 s->dev[port].done_atapi_packet = false; 1197 /* XXX send PIO setup FIS */ 1198 } 1199 1200 ide_state->error = 0; 1201 1202 /* Reset transferred byte counter */ 1203 cmd->status = 0; 1204 1205 /* We're ready to process the command in FIS byte 2. */ 1206 ide_exec_cmd(&s->dev[port].port, cmd_fis[2]); 1207 } 1208 1209 static int handle_cmd(AHCIState *s, int port, uint8_t slot) 1210 { 1211 IDEState *ide_state; 1212 uint64_t tbl_addr; 1213 AHCICmdHdr *cmd; 1214 uint8_t *cmd_fis; 1215 dma_addr_t cmd_len; 1216 1217 if (s->dev[port].port.ifs[0].status & (BUSY_STAT|DRQ_STAT)) { 1218 /* Engine currently busy, try again later */ 1219 DPRINTF(port, "engine busy\n"); 1220 return -1; 1221 } 1222 1223 if (!s->dev[port].lst) { 1224 DPRINTF(port, "error: lst not given but cmd handled"); 1225 return -1; 1226 } 1227 cmd = get_cmd_header(s, port, slot); 1228 /* remember current slot handle for later */ 1229 s->dev[port].cur_cmd = cmd; 1230 1231 /* The device we are working for */ 1232 ide_state = &s->dev[port].port.ifs[0]; 1233 if (!ide_state->blk) { 1234 DPRINTF(port, "error: guest accessed unused port"); 1235 return -1; 1236 } 1237 1238 tbl_addr = le64_to_cpu(cmd->tbl_addr); 1239 cmd_len = 0x80; 1240 cmd_fis = dma_memory_map(s->as, tbl_addr, &cmd_len, 1241 DMA_DIRECTION_FROM_DEVICE); 1242 if (!cmd_fis) { 1243 DPRINTF(port, "error: guest passed us an invalid cmd fis\n"); 1244 return -1; 1245 } else if (cmd_len != 0x80) { 1246 ahci_trigger_irq(s, &s->dev[port], PORT_IRQ_HBUS_ERR); 1247 DPRINTF(port, "error: dma_memory_map failed: " 1248 "(len(%02"PRIx64") != 0x80)\n", 1249 cmd_len); 1250 goto out; 1251 } 1252 debug_print_fis(cmd_fis, 0x80); 1253 1254 switch (cmd_fis[0]) { 1255 case SATA_FIS_TYPE_REGISTER_H2D: 1256 handle_reg_h2d_fis(s, port, slot, cmd_fis); 1257 break; 1258 default: 1259 DPRINTF(port, "unknown command cmd_fis[0]=%02x cmd_fis[1]=%02x " 1260 "cmd_fis[2]=%02x\n", cmd_fis[0], cmd_fis[1], 1261 cmd_fis[2]); 1262 break; 1263 } 1264 1265 out: 1266 dma_memory_unmap(s->as, cmd_fis, cmd_len, DMA_DIRECTION_FROM_DEVICE, 1267 cmd_len); 1268 1269 if (s->dev[port].port.ifs[0].status & (BUSY_STAT|DRQ_STAT)) { 1270 /* async command, complete later */ 1271 s->dev[port].busy_slot = slot; 1272 return -1; 1273 } 1274 1275 /* done handling the command */ 1276 return 0; 1277 } 1278 1279 /* DMA dev <-> ram */ 1280 static void ahci_start_transfer(IDEDMA *dma) 1281 { 1282 AHCIDevice *ad = DO_UPCAST(AHCIDevice, dma, dma); 1283 IDEState *s = &ad->port.ifs[0]; 1284 uint32_t size = (uint32_t)(s->data_end - s->data_ptr); 1285 /* write == ram -> device */ 1286 uint16_t opts = le16_to_cpu(ad->cur_cmd->opts); 1287 int is_write = opts & AHCI_CMD_WRITE; 1288 int is_atapi = opts & AHCI_CMD_ATAPI; 1289 int has_sglist = 0; 1290 1291 if (is_atapi && !ad->done_atapi_packet) { 1292 /* already prepopulated iobuffer */ 1293 ad->done_atapi_packet = true; 1294 size = 0; 1295 goto out; 1296 } 1297 1298 if (ahci_dma_prepare_buf(dma, size)) { 1299 has_sglist = 1; 1300 } 1301 1302 DPRINTF(ad->port_no, "%sing %d bytes on %s w/%s sglist\n", 1303 is_write ? "writ" : "read", size, is_atapi ? "atapi" : "ata", 1304 has_sglist ? "" : "o"); 1305 1306 if (has_sglist && size) { 1307 if (is_write) { 1308 dma_buf_write(s->data_ptr, size, &s->sg); 1309 } else { 1310 dma_buf_read(s->data_ptr, size, &s->sg); 1311 } 1312 } 1313 1314 out: 1315 /* declare that we processed everything */ 1316 s->data_ptr = s->data_end; 1317 1318 /* Update number of transferred bytes, destroy sglist */ 1319 dma_buf_commit(s, size); 1320 1321 s->end_transfer_func(s); 1322 1323 if (!(s->status & DRQ_STAT)) { 1324 /* done with PIO send/receive */ 1325 ahci_write_fis_pio(ad, le32_to_cpu(ad->cur_cmd->status)); 1326 } 1327 } 1328 1329 static void ahci_start_dma(IDEDMA *dma, IDEState *s, 1330 BlockCompletionFunc *dma_cb) 1331 { 1332 AHCIDevice *ad = DO_UPCAST(AHCIDevice, dma, dma); 1333 DPRINTF(ad->port_no, "\n"); 1334 s->io_buffer_offset = 0; 1335 dma_cb(s, 0); 1336 } 1337 1338 static void ahci_restart_dma(IDEDMA *dma) 1339 { 1340 /* Nothing to do, ahci_start_dma already resets s->io_buffer_offset. */ 1341 } 1342 1343 /** 1344 * IDE/PIO restarts are handled by the core layer, but NCQ commands 1345 * need an extra kick from the AHCI HBA. 1346 */ 1347 static void ahci_restart(IDEDMA *dma) 1348 { 1349 AHCIDevice *ad = DO_UPCAST(AHCIDevice, dma, dma); 1350 int i; 1351 1352 for (i = 0; i < AHCI_MAX_CMDS; i++) { 1353 NCQTransferState *ncq_tfs = &ad->ncq_tfs[i]; 1354 if (ncq_tfs->halt) { 1355 execute_ncq_command(ncq_tfs); 1356 } 1357 } 1358 } 1359 1360 /** 1361 * Called in DMA and PIO R/W chains to read the PRDT. 1362 * Not shared with NCQ pathways. 1363 */ 1364 static int32_t ahci_dma_prepare_buf(IDEDMA *dma, int32_t limit) 1365 { 1366 AHCIDevice *ad = DO_UPCAST(AHCIDevice, dma, dma); 1367 IDEState *s = &ad->port.ifs[0]; 1368 1369 if (ahci_populate_sglist(ad, &s->sg, ad->cur_cmd, 1370 limit, s->io_buffer_offset) == -1) { 1371 DPRINTF(ad->port_no, "ahci_dma_prepare_buf failed.\n"); 1372 return -1; 1373 } 1374 s->io_buffer_size = s->sg.size; 1375 1376 DPRINTF(ad->port_no, "len=%#x\n", s->io_buffer_size); 1377 return s->io_buffer_size; 1378 } 1379 1380 /** 1381 * Updates the command header with a bytes-read value. 1382 * Called via dma_buf_commit, for both DMA and PIO paths. 1383 * sglist destruction is handled within dma_buf_commit. 1384 */ 1385 static void ahci_commit_buf(IDEDMA *dma, uint32_t tx_bytes) 1386 { 1387 AHCIDevice *ad = DO_UPCAST(AHCIDevice, dma, dma); 1388 1389 tx_bytes += le32_to_cpu(ad->cur_cmd->status); 1390 ad->cur_cmd->status = cpu_to_le32(tx_bytes); 1391 } 1392 1393 static int ahci_dma_rw_buf(IDEDMA *dma, int is_write) 1394 { 1395 AHCIDevice *ad = DO_UPCAST(AHCIDevice, dma, dma); 1396 IDEState *s = &ad->port.ifs[0]; 1397 uint8_t *p = s->io_buffer + s->io_buffer_index; 1398 int l = s->io_buffer_size - s->io_buffer_index; 1399 1400 if (ahci_populate_sglist(ad, &s->sg, ad->cur_cmd, l, s->io_buffer_offset)) { 1401 return 0; 1402 } 1403 1404 if (is_write) { 1405 dma_buf_read(p, l, &s->sg); 1406 } else { 1407 dma_buf_write(p, l, &s->sg); 1408 } 1409 1410 /* free sglist, update byte count */ 1411 dma_buf_commit(s, l); 1412 1413 s->io_buffer_index += l; 1414 1415 DPRINTF(ad->port_no, "len=%#x\n", l); 1416 1417 return 1; 1418 } 1419 1420 static void ahci_cmd_done(IDEDMA *dma) 1421 { 1422 AHCIDevice *ad = DO_UPCAST(AHCIDevice, dma, dma); 1423 1424 DPRINTF(ad->port_no, "cmd done\n"); 1425 1426 /* update d2h status */ 1427 ahci_write_fis_d2h(ad); 1428 1429 if (!ad->check_bh) { 1430 /* maybe we still have something to process, check later */ 1431 ad->check_bh = qemu_bh_new(ahci_check_cmd_bh, ad); 1432 qemu_bh_schedule(ad->check_bh); 1433 } 1434 } 1435 1436 static void ahci_irq_set(void *opaque, int n, int level) 1437 { 1438 } 1439 1440 static const IDEDMAOps ahci_dma_ops = { 1441 .start_dma = ahci_start_dma, 1442 .restart = ahci_restart, 1443 .restart_dma = ahci_restart_dma, 1444 .start_transfer = ahci_start_transfer, 1445 .prepare_buf = ahci_dma_prepare_buf, 1446 .commit_buf = ahci_commit_buf, 1447 .rw_buf = ahci_dma_rw_buf, 1448 .cmd_done = ahci_cmd_done, 1449 }; 1450 1451 void ahci_init(AHCIState *s, DeviceState *qdev) 1452 { 1453 s->container = qdev; 1454 /* XXX BAR size should be 1k, but that breaks, so bump it to 4k for now */ 1455 memory_region_init_io(&s->mem, OBJECT(qdev), &ahci_mem_ops, s, 1456 "ahci", AHCI_MEM_BAR_SIZE); 1457 memory_region_init_io(&s->idp, OBJECT(qdev), &ahci_idp_ops, s, 1458 "ahci-idp", 32); 1459 } 1460 1461 void ahci_realize(AHCIState *s, DeviceState *qdev, AddressSpace *as, int ports) 1462 { 1463 qemu_irq *irqs; 1464 int i; 1465 1466 s->as = as; 1467 s->ports = ports; 1468 s->dev = g_new0(AHCIDevice, ports); 1469 ahci_reg_init(s); 1470 irqs = qemu_allocate_irqs(ahci_irq_set, s, s->ports); 1471 for (i = 0; i < s->ports; i++) { 1472 AHCIDevice *ad = &s->dev[i]; 1473 1474 ide_bus_new(&ad->port, sizeof(ad->port), qdev, i, 1); 1475 ide_init2(&ad->port, irqs[i]); 1476 1477 ad->hba = s; 1478 ad->port_no = i; 1479 ad->port.dma = &ad->dma; 1480 ad->port.dma->ops = &ahci_dma_ops; 1481 ide_register_restart_cb(&ad->port); 1482 } 1483 g_free(irqs); 1484 } 1485 1486 void ahci_uninit(AHCIState *s) 1487 { 1488 g_free(s->dev); 1489 } 1490 1491 void ahci_reset(AHCIState *s) 1492 { 1493 AHCIPortRegs *pr; 1494 int i; 1495 1496 s->control_regs.irqstatus = 0; 1497 /* AHCI Enable (AE) 1498 * The implementation of this bit is dependent upon the value of the 1499 * CAP.SAM bit. If CAP.SAM is '0', then GHC.AE shall be read-write and 1500 * shall have a reset value of '0'. If CAP.SAM is '1', then AE shall be 1501 * read-only and shall have a reset value of '1'. 1502 * 1503 * We set HOST_CAP_AHCI so we must enable AHCI at reset. 1504 */ 1505 s->control_regs.ghc = HOST_CTL_AHCI_EN; 1506 1507 for (i = 0; i < s->ports; i++) { 1508 pr = &s->dev[i].port_regs; 1509 pr->irq_stat = 0; 1510 pr->irq_mask = 0; 1511 pr->scr_ctl = 0; 1512 pr->cmd = PORT_CMD_SPIN_UP | PORT_CMD_POWER_ON; 1513 ahci_reset_port(s, i); 1514 } 1515 } 1516 1517 static const VMStateDescription vmstate_ncq_tfs = { 1518 .name = "ncq state", 1519 .version_id = 1, 1520 .fields = (VMStateField[]) { 1521 VMSTATE_UINT32(sector_count, NCQTransferState), 1522 VMSTATE_UINT64(lba, NCQTransferState), 1523 VMSTATE_UINT8(tag, NCQTransferState), 1524 VMSTATE_UINT8(cmd, NCQTransferState), 1525 VMSTATE_UINT8(slot, NCQTransferState), 1526 VMSTATE_BOOL(used, NCQTransferState), 1527 VMSTATE_BOOL(halt, NCQTransferState), 1528 VMSTATE_END_OF_LIST() 1529 }, 1530 }; 1531 1532 static const VMStateDescription vmstate_ahci_device = { 1533 .name = "ahci port", 1534 .version_id = 1, 1535 .fields = (VMStateField[]) { 1536 VMSTATE_IDE_BUS(port, AHCIDevice), 1537 VMSTATE_IDE_DRIVE(port.ifs[0], AHCIDevice), 1538 VMSTATE_UINT32(port_state, AHCIDevice), 1539 VMSTATE_UINT32(finished, AHCIDevice), 1540 VMSTATE_UINT32(port_regs.lst_addr, AHCIDevice), 1541 VMSTATE_UINT32(port_regs.lst_addr_hi, AHCIDevice), 1542 VMSTATE_UINT32(port_regs.fis_addr, AHCIDevice), 1543 VMSTATE_UINT32(port_regs.fis_addr_hi, AHCIDevice), 1544 VMSTATE_UINT32(port_regs.irq_stat, AHCIDevice), 1545 VMSTATE_UINT32(port_regs.irq_mask, AHCIDevice), 1546 VMSTATE_UINT32(port_regs.cmd, AHCIDevice), 1547 VMSTATE_UINT32(port_regs.tfdata, AHCIDevice), 1548 VMSTATE_UINT32(port_regs.sig, AHCIDevice), 1549 VMSTATE_UINT32(port_regs.scr_stat, AHCIDevice), 1550 VMSTATE_UINT32(port_regs.scr_ctl, AHCIDevice), 1551 VMSTATE_UINT32(port_regs.scr_err, AHCIDevice), 1552 VMSTATE_UINT32(port_regs.scr_act, AHCIDevice), 1553 VMSTATE_UINT32(port_regs.cmd_issue, AHCIDevice), 1554 VMSTATE_BOOL(done_atapi_packet, AHCIDevice), 1555 VMSTATE_INT32(busy_slot, AHCIDevice), 1556 VMSTATE_BOOL(init_d2h_sent, AHCIDevice), 1557 VMSTATE_STRUCT_ARRAY(ncq_tfs, AHCIDevice, AHCI_MAX_CMDS, 1558 1, vmstate_ncq_tfs, NCQTransferState), 1559 VMSTATE_END_OF_LIST() 1560 }, 1561 }; 1562 1563 static int ahci_state_post_load(void *opaque, int version_id) 1564 { 1565 int i, j; 1566 struct AHCIDevice *ad; 1567 NCQTransferState *ncq_tfs; 1568 AHCIPortRegs *pr; 1569 AHCIState *s = opaque; 1570 1571 for (i = 0; i < s->ports; i++) { 1572 ad = &s->dev[i]; 1573 pr = &ad->port_regs; 1574 1575 if (!(pr->cmd & PORT_CMD_START) && (pr->cmd & PORT_CMD_LIST_ON)) { 1576 error_report("AHCI: DMA engine should be off, but status bit " 1577 "indicates it is still running."); 1578 return -1; 1579 } 1580 if (!(pr->cmd & PORT_CMD_FIS_RX) && (pr->cmd & PORT_CMD_FIS_ON)) { 1581 error_report("AHCI: FIS RX engine should be off, but status bit " 1582 "indicates it is still running."); 1583 return -1; 1584 } 1585 1586 /* After a migrate, the DMA/FIS engines are "off" and 1587 * need to be conditionally restarted */ 1588 pr->cmd &= ~(PORT_CMD_LIST_ON | PORT_CMD_FIS_ON); 1589 if (ahci_cond_start_engines(ad) != 0) { 1590 return -1; 1591 } 1592 1593 for (j = 0; j < AHCI_MAX_CMDS; j++) { 1594 ncq_tfs = &ad->ncq_tfs[j]; 1595 ncq_tfs->drive = ad; 1596 1597 if (ncq_tfs->used != ncq_tfs->halt) { 1598 return -1; 1599 } 1600 if (!ncq_tfs->halt) { 1601 continue; 1602 } 1603 if (!is_ncq(ncq_tfs->cmd)) { 1604 return -1; 1605 } 1606 if (ncq_tfs->slot != ncq_tfs->tag) { 1607 return -1; 1608 } 1609 /* If ncq_tfs->halt is justly set, the engine should be engaged, 1610 * and the command list buffer should be mapped. */ 1611 ncq_tfs->cmdh = get_cmd_header(s, i, ncq_tfs->slot); 1612 if (!ncq_tfs->cmdh) { 1613 return -1; 1614 } 1615 ahci_populate_sglist(ncq_tfs->drive, &ncq_tfs->sglist, 1616 ncq_tfs->cmdh, ncq_tfs->sector_count * 512, 1617 0); 1618 if (ncq_tfs->sector_count != ncq_tfs->sglist.size >> 9) { 1619 return -1; 1620 } 1621 } 1622 1623 1624 /* 1625 * If an error is present, ad->busy_slot will be valid and not -1. 1626 * In this case, an operation is waiting to resume and will re-check 1627 * for additional AHCI commands to execute upon completion. 1628 * 1629 * In the case where no error was present, busy_slot will be -1, 1630 * and we should check to see if there are additional commands waiting. 1631 */ 1632 if (ad->busy_slot == -1) { 1633 check_cmd(s, i); 1634 } else { 1635 /* We are in the middle of a command, and may need to access 1636 * the command header in guest memory again. */ 1637 if (ad->busy_slot < 0 || ad->busy_slot >= AHCI_MAX_CMDS) { 1638 return -1; 1639 } 1640 ad->cur_cmd = get_cmd_header(s, i, ad->busy_slot); 1641 } 1642 } 1643 1644 return 0; 1645 } 1646 1647 const VMStateDescription vmstate_ahci = { 1648 .name = "ahci", 1649 .version_id = 1, 1650 .post_load = ahci_state_post_load, 1651 .fields = (VMStateField[]) { 1652 VMSTATE_STRUCT_VARRAY_POINTER_INT32(dev, AHCIState, ports, 1653 vmstate_ahci_device, AHCIDevice), 1654 VMSTATE_UINT32(control_regs.cap, AHCIState), 1655 VMSTATE_UINT32(control_regs.ghc, AHCIState), 1656 VMSTATE_UINT32(control_regs.irqstatus, AHCIState), 1657 VMSTATE_UINT32(control_regs.impl, AHCIState), 1658 VMSTATE_UINT32(control_regs.version, AHCIState), 1659 VMSTATE_UINT32(idp_index, AHCIState), 1660 VMSTATE_INT32_EQUAL(ports, AHCIState), 1661 VMSTATE_END_OF_LIST() 1662 }, 1663 }; 1664 1665 static const VMStateDescription vmstate_sysbus_ahci = { 1666 .name = "sysbus-ahci", 1667 .fields = (VMStateField[]) { 1668 VMSTATE_AHCI(ahci, SysbusAHCIState), 1669 VMSTATE_END_OF_LIST() 1670 }, 1671 }; 1672 1673 static void sysbus_ahci_reset(DeviceState *dev) 1674 { 1675 SysbusAHCIState *s = SYSBUS_AHCI(dev); 1676 1677 ahci_reset(&s->ahci); 1678 } 1679 1680 static void sysbus_ahci_init(Object *obj) 1681 { 1682 SysbusAHCIState *s = SYSBUS_AHCI(obj); 1683 SysBusDevice *sbd = SYS_BUS_DEVICE(obj); 1684 1685 ahci_init(&s->ahci, DEVICE(obj)); 1686 1687 sysbus_init_mmio(sbd, &s->ahci.mem); 1688 sysbus_init_irq(sbd, &s->ahci.irq); 1689 } 1690 1691 static void sysbus_ahci_realize(DeviceState *dev, Error **errp) 1692 { 1693 SysbusAHCIState *s = SYSBUS_AHCI(dev); 1694 1695 ahci_realize(&s->ahci, dev, &address_space_memory, s->num_ports); 1696 } 1697 1698 static Property sysbus_ahci_properties[] = { 1699 DEFINE_PROP_UINT32("num-ports", SysbusAHCIState, num_ports, 1), 1700 DEFINE_PROP_END_OF_LIST(), 1701 }; 1702 1703 static void sysbus_ahci_class_init(ObjectClass *klass, void *data) 1704 { 1705 DeviceClass *dc = DEVICE_CLASS(klass); 1706 1707 dc->realize = sysbus_ahci_realize; 1708 dc->vmsd = &vmstate_sysbus_ahci; 1709 dc->props = sysbus_ahci_properties; 1710 dc->reset = sysbus_ahci_reset; 1711 set_bit(DEVICE_CATEGORY_STORAGE, dc->categories); 1712 } 1713 1714 static const TypeInfo sysbus_ahci_info = { 1715 .name = TYPE_SYSBUS_AHCI, 1716 .parent = TYPE_SYS_BUS_DEVICE, 1717 .instance_size = sizeof(SysbusAHCIState), 1718 .instance_init = sysbus_ahci_init, 1719 .class_init = sysbus_ahci_class_init, 1720 }; 1721 1722 #define ALLWINNER_AHCI_BISTAFR ((0xa0 - ALLWINNER_AHCI_MMIO_OFF) / 4) 1723 #define ALLWINNER_AHCI_BISTCR ((0xa4 - ALLWINNER_AHCI_MMIO_OFF) / 4) 1724 #define ALLWINNER_AHCI_BISTFCTR ((0xa8 - ALLWINNER_AHCI_MMIO_OFF) / 4) 1725 #define ALLWINNER_AHCI_BISTSR ((0xac - ALLWINNER_AHCI_MMIO_OFF) / 4) 1726 #define ALLWINNER_AHCI_BISTDECR ((0xb0 - ALLWINNER_AHCI_MMIO_OFF) / 4) 1727 #define ALLWINNER_AHCI_DIAGNR0 ((0xb4 - ALLWINNER_AHCI_MMIO_OFF) / 4) 1728 #define ALLWINNER_AHCI_DIAGNR1 ((0xb8 - ALLWINNER_AHCI_MMIO_OFF) / 4) 1729 #define ALLWINNER_AHCI_OOBR ((0xbc - ALLWINNER_AHCI_MMIO_OFF) / 4) 1730 #define ALLWINNER_AHCI_PHYCS0R ((0xc0 - ALLWINNER_AHCI_MMIO_OFF) / 4) 1731 #define ALLWINNER_AHCI_PHYCS1R ((0xc4 - ALLWINNER_AHCI_MMIO_OFF) / 4) 1732 #define ALLWINNER_AHCI_PHYCS2R ((0xc8 - ALLWINNER_AHCI_MMIO_OFF) / 4) 1733 #define ALLWINNER_AHCI_TIMER1MS ((0xe0 - ALLWINNER_AHCI_MMIO_OFF) / 4) 1734 #define ALLWINNER_AHCI_GPARAM1R ((0xe8 - ALLWINNER_AHCI_MMIO_OFF) / 4) 1735 #define ALLWINNER_AHCI_GPARAM2R ((0xec - ALLWINNER_AHCI_MMIO_OFF) / 4) 1736 #define ALLWINNER_AHCI_PPARAMR ((0xf0 - ALLWINNER_AHCI_MMIO_OFF) / 4) 1737 #define ALLWINNER_AHCI_TESTR ((0xf4 - ALLWINNER_AHCI_MMIO_OFF) / 4) 1738 #define ALLWINNER_AHCI_VERSIONR ((0xf8 - ALLWINNER_AHCI_MMIO_OFF) / 4) 1739 #define ALLWINNER_AHCI_IDR ((0xfc - ALLWINNER_AHCI_MMIO_OFF) / 4) 1740 #define ALLWINNER_AHCI_RWCR ((0xfc - ALLWINNER_AHCI_MMIO_OFF) / 4) 1741 1742 static uint64_t allwinner_ahci_mem_read(void *opaque, hwaddr addr, 1743 unsigned size) 1744 { 1745 AllwinnerAHCIState *a = opaque; 1746 uint64_t val = a->regs[addr/4]; 1747 1748 switch (addr / 4) { 1749 case ALLWINNER_AHCI_PHYCS0R: 1750 val |= 0x2 << 28; 1751 break; 1752 case ALLWINNER_AHCI_PHYCS2R: 1753 val &= ~(0x1 << 24); 1754 break; 1755 } 1756 DPRINTF(-1, "addr=0x%" HWADDR_PRIx " val=0x%" PRIx64 ", size=%d\n", 1757 addr, val, size); 1758 return val; 1759 } 1760 1761 static void allwinner_ahci_mem_write(void *opaque, hwaddr addr, 1762 uint64_t val, unsigned size) 1763 { 1764 AllwinnerAHCIState *a = opaque; 1765 1766 DPRINTF(-1, "addr=0x%" HWADDR_PRIx " val=0x%" PRIx64 ", size=%d\n", 1767 addr, val, size); 1768 a->regs[addr/4] = val; 1769 } 1770 1771 static const MemoryRegionOps allwinner_ahci_mem_ops = { 1772 .read = allwinner_ahci_mem_read, 1773 .write = allwinner_ahci_mem_write, 1774 .valid.min_access_size = 4, 1775 .valid.max_access_size = 4, 1776 .endianness = DEVICE_LITTLE_ENDIAN, 1777 }; 1778 1779 static void allwinner_ahci_init(Object *obj) 1780 { 1781 SysbusAHCIState *s = SYSBUS_AHCI(obj); 1782 AllwinnerAHCIState *a = ALLWINNER_AHCI(obj); 1783 1784 memory_region_init_io(&a->mmio, OBJECT(obj), &allwinner_ahci_mem_ops, a, 1785 "allwinner-ahci", ALLWINNER_AHCI_MMIO_SIZE); 1786 memory_region_add_subregion(&s->ahci.mem, ALLWINNER_AHCI_MMIO_OFF, 1787 &a->mmio); 1788 } 1789 1790 static const VMStateDescription vmstate_allwinner_ahci = { 1791 .name = "allwinner-ahci", 1792 .version_id = 1, 1793 .minimum_version_id = 1, 1794 .fields = (VMStateField[]) { 1795 VMSTATE_UINT32_ARRAY(regs, AllwinnerAHCIState, 1796 ALLWINNER_AHCI_MMIO_SIZE/4), 1797 VMSTATE_END_OF_LIST() 1798 } 1799 }; 1800 1801 static void allwinner_ahci_class_init(ObjectClass *klass, void *data) 1802 { 1803 DeviceClass *dc = DEVICE_CLASS(klass); 1804 1805 dc->vmsd = &vmstate_allwinner_ahci; 1806 } 1807 1808 static const TypeInfo allwinner_ahci_info = { 1809 .name = TYPE_ALLWINNER_AHCI, 1810 .parent = TYPE_SYSBUS_AHCI, 1811 .instance_size = sizeof(AllwinnerAHCIState), 1812 .instance_init = allwinner_ahci_init, 1813 .class_init = allwinner_ahci_class_init, 1814 }; 1815 1816 static void sysbus_ahci_register_types(void) 1817 { 1818 type_register_static(&sysbus_ahci_info); 1819 type_register_static(&allwinner_ahci_info); 1820 } 1821 1822 type_init(sysbus_ahci_register_types) 1823 1824 void ahci_ide_create_devs(PCIDevice *dev, DriveInfo **hd) 1825 { 1826 AHCIPCIState *d = ICH_AHCI(dev); 1827 AHCIState *ahci = &d->ahci; 1828 int i; 1829 1830 for (i = 0; i < ahci->ports; i++) { 1831 if (hd[i] == NULL) { 1832 continue; 1833 } 1834 ide_create_drive(&ahci->dev[i].port, 0, hd[i]); 1835 } 1836 1837 } 1838