1 /* 2 * QEMU AHCI Emulation 3 * 4 * Copyright (c) 2010 qiaochong@loongson.cn 5 * Copyright (c) 2010 Roland Elek <elek.roland@gmail.com> 6 * Copyright (c) 2010 Sebastian Herbszt <herbszt@gmx.de> 7 * Copyright (c) 2010 Alexander Graf <agraf@suse.de> 8 * 9 * This library is free software; you can redistribute it and/or 10 * modify it under the terms of the GNU Lesser General Public 11 * License as published by the Free Software Foundation; either 12 * version 2 of the License, or (at your option) any later version. 13 * 14 * This library is distributed in the hope that it will be useful, 15 * but WITHOUT ANY WARRANTY; without even the implied warranty of 16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 17 * Lesser General Public License for more details. 18 * 19 * You should have received a copy of the GNU Lesser General Public 20 * License along with this library; if not, see <http://www.gnu.org/licenses/>. 21 * 22 */ 23 24 #include <hw/hw.h> 25 #include <hw/pci/msi.h> 26 #include <hw/i386/pc.h> 27 #include <hw/pci/pci.h> 28 #include <hw/sysbus.h> 29 30 #include "qemu/error-report.h" 31 #include "sysemu/block-backend.h" 32 #include "sysemu/dma.h" 33 #include "internal.h" 34 #include <hw/ide/pci.h> 35 #include <hw/ide/ahci.h> 36 37 #define DEBUG_AHCI 0 38 39 #define DPRINTF(port, fmt, ...) \ 40 do { \ 41 if (DEBUG_AHCI) { \ 42 fprintf(stderr, "ahci: %s: [%d] ", __func__, port); \ 43 fprintf(stderr, fmt, ## __VA_ARGS__); \ 44 } \ 45 } while (0) 46 47 static void check_cmd(AHCIState *s, int port); 48 static int handle_cmd(AHCIState *s, int port, uint8_t slot); 49 static void ahci_reset_port(AHCIState *s, int port); 50 static void ahci_write_fis_d2h(AHCIDevice *ad, uint8_t *cmd_fis); 51 static void ahci_init_d2h(AHCIDevice *ad); 52 static int ahci_dma_prepare_buf(IDEDMA *dma, int32_t limit); 53 static void ahci_commit_buf(IDEDMA *dma, uint32_t tx_bytes); 54 static bool ahci_map_clb_address(AHCIDevice *ad); 55 static bool ahci_map_fis_address(AHCIDevice *ad); 56 static void ahci_unmap_clb_address(AHCIDevice *ad); 57 static void ahci_unmap_fis_address(AHCIDevice *ad); 58 59 60 static uint32_t ahci_port_read(AHCIState *s, int port, int offset) 61 { 62 uint32_t val; 63 AHCIPortRegs *pr; 64 pr = &s->dev[port].port_regs; 65 66 switch (offset) { 67 case PORT_LST_ADDR: 68 val = pr->lst_addr; 69 break; 70 case PORT_LST_ADDR_HI: 71 val = pr->lst_addr_hi; 72 break; 73 case PORT_FIS_ADDR: 74 val = pr->fis_addr; 75 break; 76 case PORT_FIS_ADDR_HI: 77 val = pr->fis_addr_hi; 78 break; 79 case PORT_IRQ_STAT: 80 val = pr->irq_stat; 81 break; 82 case PORT_IRQ_MASK: 83 val = pr->irq_mask; 84 break; 85 case PORT_CMD: 86 val = pr->cmd; 87 break; 88 case PORT_TFDATA: 89 val = pr->tfdata; 90 break; 91 case PORT_SIG: 92 val = pr->sig; 93 break; 94 case PORT_SCR_STAT: 95 if (s->dev[port].port.ifs[0].blk) { 96 val = SATA_SCR_SSTATUS_DET_DEV_PRESENT_PHY_UP | 97 SATA_SCR_SSTATUS_SPD_GEN1 | SATA_SCR_SSTATUS_IPM_ACTIVE; 98 } else { 99 val = SATA_SCR_SSTATUS_DET_NODEV; 100 } 101 break; 102 case PORT_SCR_CTL: 103 val = pr->scr_ctl; 104 break; 105 case PORT_SCR_ERR: 106 val = pr->scr_err; 107 break; 108 case PORT_SCR_ACT: 109 val = pr->scr_act; 110 break; 111 case PORT_CMD_ISSUE: 112 val = pr->cmd_issue; 113 break; 114 case PORT_RESERVED: 115 default: 116 val = 0; 117 } 118 DPRINTF(port, "offset: 0x%x val: 0x%x\n", offset, val); 119 return val; 120 121 } 122 123 static void ahci_irq_raise(AHCIState *s, AHCIDevice *dev) 124 { 125 AHCIPCIState *d = container_of(s, AHCIPCIState, ahci); 126 PCIDevice *pci_dev = 127 (PCIDevice *)object_dynamic_cast(OBJECT(d), TYPE_PCI_DEVICE); 128 129 DPRINTF(0, "raise irq\n"); 130 131 if (pci_dev && msi_enabled(pci_dev)) { 132 msi_notify(pci_dev, 0); 133 } else { 134 qemu_irq_raise(s->irq); 135 } 136 } 137 138 static void ahci_irq_lower(AHCIState *s, AHCIDevice *dev) 139 { 140 AHCIPCIState *d = container_of(s, AHCIPCIState, ahci); 141 PCIDevice *pci_dev = 142 (PCIDevice *)object_dynamic_cast(OBJECT(d), TYPE_PCI_DEVICE); 143 144 DPRINTF(0, "lower irq\n"); 145 146 if (!pci_dev || !msi_enabled(pci_dev)) { 147 qemu_irq_lower(s->irq); 148 } 149 } 150 151 static void ahci_check_irq(AHCIState *s) 152 { 153 int i; 154 155 DPRINTF(-1, "check irq %#x\n", s->control_regs.irqstatus); 156 157 s->control_regs.irqstatus = 0; 158 for (i = 0; i < s->ports; i++) { 159 AHCIPortRegs *pr = &s->dev[i].port_regs; 160 if (pr->irq_stat & pr->irq_mask) { 161 s->control_regs.irqstatus |= (1 << i); 162 } 163 } 164 165 if (s->control_regs.irqstatus && 166 (s->control_regs.ghc & HOST_CTL_IRQ_EN)) { 167 ahci_irq_raise(s, NULL); 168 } else { 169 ahci_irq_lower(s, NULL); 170 } 171 } 172 173 static void ahci_trigger_irq(AHCIState *s, AHCIDevice *d, 174 int irq_type) 175 { 176 DPRINTF(d->port_no, "trigger irq %#x -> %x\n", 177 irq_type, d->port_regs.irq_mask & irq_type); 178 179 d->port_regs.irq_stat |= irq_type; 180 ahci_check_irq(s); 181 } 182 183 static void map_page(AddressSpace *as, uint8_t **ptr, uint64_t addr, 184 uint32_t wanted) 185 { 186 hwaddr len = wanted; 187 188 if (*ptr) { 189 dma_memory_unmap(as, *ptr, len, DMA_DIRECTION_FROM_DEVICE, len); 190 } 191 192 *ptr = dma_memory_map(as, addr, &len, DMA_DIRECTION_FROM_DEVICE); 193 if (len < wanted) { 194 dma_memory_unmap(as, *ptr, len, DMA_DIRECTION_FROM_DEVICE, len); 195 *ptr = NULL; 196 } 197 } 198 199 /** 200 * Check the cmd register to see if we should start or stop 201 * the DMA or FIS RX engines. 202 * 203 * @ad: Device to engage. 204 * @allow_stop: Allow device to transition from started to stopped? 205 * 'no' is useful for migration post_load, which does not expect a transition. 206 * 207 * @return 0 on success, -1 on error. 208 */ 209 static int ahci_cond_start_engines(AHCIDevice *ad, bool allow_stop) 210 { 211 AHCIPortRegs *pr = &ad->port_regs; 212 213 if (pr->cmd & PORT_CMD_START) { 214 if (ahci_map_clb_address(ad)) { 215 pr->cmd |= PORT_CMD_LIST_ON; 216 } else { 217 error_report("AHCI: Failed to start DMA engine: " 218 "bad command list buffer address"); 219 return -1; 220 } 221 } else if (pr->cmd & PORT_CMD_LIST_ON) { 222 if (allow_stop) { 223 ahci_unmap_clb_address(ad); 224 pr->cmd = pr->cmd & ~(PORT_CMD_LIST_ON); 225 } else { 226 error_report("AHCI: DMA engine should be off, " 227 "but appears to still be running"); 228 return -1; 229 } 230 } 231 232 if (pr->cmd & PORT_CMD_FIS_RX) { 233 if (ahci_map_fis_address(ad)) { 234 pr->cmd |= PORT_CMD_FIS_ON; 235 } else { 236 error_report("AHCI: Failed to start FIS receive engine: " 237 "bad FIS receive buffer address"); 238 return -1; 239 } 240 } else if (pr->cmd & PORT_CMD_FIS_ON) { 241 if (allow_stop) { 242 ahci_unmap_fis_address(ad); 243 pr->cmd = pr->cmd & ~(PORT_CMD_FIS_ON); 244 } else { 245 error_report("AHCI: FIS receive engine should be off, " 246 "but appears to still be running"); 247 return -1; 248 } 249 } 250 251 return 0; 252 } 253 254 static void ahci_port_write(AHCIState *s, int port, int offset, uint32_t val) 255 { 256 AHCIPortRegs *pr = &s->dev[port].port_regs; 257 258 DPRINTF(port, "offset: 0x%x val: 0x%x\n", offset, val); 259 switch (offset) { 260 case PORT_LST_ADDR: 261 pr->lst_addr = val; 262 break; 263 case PORT_LST_ADDR_HI: 264 pr->lst_addr_hi = val; 265 break; 266 case PORT_FIS_ADDR: 267 pr->fis_addr = val; 268 break; 269 case PORT_FIS_ADDR_HI: 270 pr->fis_addr_hi = val; 271 break; 272 case PORT_IRQ_STAT: 273 pr->irq_stat &= ~val; 274 ahci_check_irq(s); 275 break; 276 case PORT_IRQ_MASK: 277 pr->irq_mask = val & 0xfdc000ff; 278 ahci_check_irq(s); 279 break; 280 case PORT_CMD: 281 /* Block any Read-only fields from being set; 282 * including LIST_ON and FIS_ON. */ 283 pr->cmd = (pr->cmd & PORT_CMD_RO_MASK) | (val & ~PORT_CMD_RO_MASK); 284 285 /* Check FIS RX and CLB engines, allow transition to false: */ 286 ahci_cond_start_engines(&s->dev[port], true); 287 288 /* XXX usually the FIS would be pending on the bus here and 289 issuing deferred until the OS enables FIS receival. 290 Instead, we only submit it once - which works in most 291 cases, but is a hack. */ 292 if ((pr->cmd & PORT_CMD_FIS_ON) && 293 !s->dev[port].init_d2h_sent) { 294 ahci_init_d2h(&s->dev[port]); 295 s->dev[port].init_d2h_sent = true; 296 } 297 298 check_cmd(s, port); 299 break; 300 case PORT_TFDATA: 301 /* Read Only. */ 302 break; 303 case PORT_SIG: 304 /* Read Only */ 305 break; 306 case PORT_SCR_STAT: 307 /* Read Only */ 308 break; 309 case PORT_SCR_CTL: 310 if (((pr->scr_ctl & AHCI_SCR_SCTL_DET) == 1) && 311 ((val & AHCI_SCR_SCTL_DET) == 0)) { 312 ahci_reset_port(s, port); 313 } 314 pr->scr_ctl = val; 315 break; 316 case PORT_SCR_ERR: 317 pr->scr_err &= ~val; 318 break; 319 case PORT_SCR_ACT: 320 /* RW1 */ 321 pr->scr_act |= val; 322 break; 323 case PORT_CMD_ISSUE: 324 pr->cmd_issue |= val; 325 check_cmd(s, port); 326 break; 327 default: 328 break; 329 } 330 } 331 332 static uint64_t ahci_mem_read_32(void *opaque, hwaddr addr) 333 { 334 AHCIState *s = opaque; 335 uint32_t val = 0; 336 337 if (addr < AHCI_GENERIC_HOST_CONTROL_REGS_MAX_ADDR) { 338 switch (addr) { 339 case HOST_CAP: 340 val = s->control_regs.cap; 341 break; 342 case HOST_CTL: 343 val = s->control_regs.ghc; 344 break; 345 case HOST_IRQ_STAT: 346 val = s->control_regs.irqstatus; 347 break; 348 case HOST_PORTS_IMPL: 349 val = s->control_regs.impl; 350 break; 351 case HOST_VERSION: 352 val = s->control_regs.version; 353 break; 354 } 355 356 DPRINTF(-1, "(addr 0x%08X), val 0x%08X\n", (unsigned) addr, val); 357 } else if ((addr >= AHCI_PORT_REGS_START_ADDR) && 358 (addr < (AHCI_PORT_REGS_START_ADDR + 359 (s->ports * AHCI_PORT_ADDR_OFFSET_LEN)))) { 360 val = ahci_port_read(s, (addr - AHCI_PORT_REGS_START_ADDR) >> 7, 361 addr & AHCI_PORT_ADDR_OFFSET_MASK); 362 } 363 364 return val; 365 } 366 367 368 /** 369 * AHCI 1.3 section 3 ("HBA Memory Registers") 370 * Support unaligned 8/16/32 bit reads, and 64 bit aligned reads. 371 * Caller is responsible for masking unwanted higher order bytes. 372 */ 373 static uint64_t ahci_mem_read(void *opaque, hwaddr addr, unsigned size) 374 { 375 hwaddr aligned = addr & ~0x3; 376 int ofst = addr - aligned; 377 uint64_t lo = ahci_mem_read_32(opaque, aligned); 378 uint64_t hi; 379 380 /* if < 8 byte read does not cross 4 byte boundary */ 381 if (ofst + size <= 4) { 382 return lo >> (ofst * 8); 383 } 384 g_assert_cmpint(size, >, 1); 385 386 /* If the 64bit read is unaligned, we will produce undefined 387 * results. AHCI does not support unaligned 64bit reads. */ 388 hi = ahci_mem_read_32(opaque, aligned + 4); 389 return (hi << 32 | lo) >> (ofst * 8); 390 } 391 392 393 static void ahci_mem_write(void *opaque, hwaddr addr, 394 uint64_t val, unsigned size) 395 { 396 AHCIState *s = opaque; 397 398 /* Only aligned reads are allowed on AHCI */ 399 if (addr & 3) { 400 fprintf(stderr, "ahci: Mis-aligned write to addr 0x" 401 TARGET_FMT_plx "\n", addr); 402 return; 403 } 404 405 if (addr < AHCI_GENERIC_HOST_CONTROL_REGS_MAX_ADDR) { 406 DPRINTF(-1, "(addr 0x%08X), val 0x%08"PRIX64"\n", (unsigned) addr, val); 407 408 switch (addr) { 409 case HOST_CAP: /* R/WO, RO */ 410 /* FIXME handle R/WO */ 411 break; 412 case HOST_CTL: /* R/W */ 413 if (val & HOST_CTL_RESET) { 414 DPRINTF(-1, "HBA Reset\n"); 415 ahci_reset(s); 416 } else { 417 s->control_regs.ghc = (val & 0x3) | HOST_CTL_AHCI_EN; 418 ahci_check_irq(s); 419 } 420 break; 421 case HOST_IRQ_STAT: /* R/WC, RO */ 422 s->control_regs.irqstatus &= ~val; 423 ahci_check_irq(s); 424 break; 425 case HOST_PORTS_IMPL: /* R/WO, RO */ 426 /* FIXME handle R/WO */ 427 break; 428 case HOST_VERSION: /* RO */ 429 /* FIXME report write? */ 430 break; 431 default: 432 DPRINTF(-1, "write to unknown register 0x%x\n", (unsigned)addr); 433 } 434 } else if ((addr >= AHCI_PORT_REGS_START_ADDR) && 435 (addr < (AHCI_PORT_REGS_START_ADDR + 436 (s->ports * AHCI_PORT_ADDR_OFFSET_LEN)))) { 437 ahci_port_write(s, (addr - AHCI_PORT_REGS_START_ADDR) >> 7, 438 addr & AHCI_PORT_ADDR_OFFSET_MASK, val); 439 } 440 441 } 442 443 static const MemoryRegionOps ahci_mem_ops = { 444 .read = ahci_mem_read, 445 .write = ahci_mem_write, 446 .endianness = DEVICE_LITTLE_ENDIAN, 447 }; 448 449 static uint64_t ahci_idp_read(void *opaque, hwaddr addr, 450 unsigned size) 451 { 452 AHCIState *s = opaque; 453 454 if (addr == s->idp_offset) { 455 /* index register */ 456 return s->idp_index; 457 } else if (addr == s->idp_offset + 4) { 458 /* data register - do memory read at location selected by index */ 459 return ahci_mem_read(opaque, s->idp_index, size); 460 } else { 461 return 0; 462 } 463 } 464 465 static void ahci_idp_write(void *opaque, hwaddr addr, 466 uint64_t val, unsigned size) 467 { 468 AHCIState *s = opaque; 469 470 if (addr == s->idp_offset) { 471 /* index register - mask off reserved bits */ 472 s->idp_index = (uint32_t)val & ((AHCI_MEM_BAR_SIZE - 1) & ~3); 473 } else if (addr == s->idp_offset + 4) { 474 /* data register - do memory write at location selected by index */ 475 ahci_mem_write(opaque, s->idp_index, val, size); 476 } 477 } 478 479 static const MemoryRegionOps ahci_idp_ops = { 480 .read = ahci_idp_read, 481 .write = ahci_idp_write, 482 .endianness = DEVICE_LITTLE_ENDIAN, 483 }; 484 485 486 static void ahci_reg_init(AHCIState *s) 487 { 488 int i; 489 490 s->control_regs.cap = (s->ports - 1) | 491 (AHCI_NUM_COMMAND_SLOTS << 8) | 492 (AHCI_SUPPORTED_SPEED_GEN1 << AHCI_SUPPORTED_SPEED) | 493 HOST_CAP_NCQ | HOST_CAP_AHCI; 494 495 s->control_regs.impl = (1 << s->ports) - 1; 496 497 s->control_regs.version = AHCI_VERSION_1_0; 498 499 for (i = 0; i < s->ports; i++) { 500 s->dev[i].port_state = STATE_RUN; 501 } 502 } 503 504 static void check_cmd(AHCIState *s, int port) 505 { 506 AHCIPortRegs *pr = &s->dev[port].port_regs; 507 uint8_t slot; 508 509 if ((pr->cmd & PORT_CMD_START) && pr->cmd_issue) { 510 for (slot = 0; (slot < 32) && pr->cmd_issue; slot++) { 511 if ((pr->cmd_issue & (1U << slot)) && 512 !handle_cmd(s, port, slot)) { 513 pr->cmd_issue &= ~(1U << slot); 514 } 515 } 516 } 517 } 518 519 static void ahci_check_cmd_bh(void *opaque) 520 { 521 AHCIDevice *ad = opaque; 522 523 qemu_bh_delete(ad->check_bh); 524 ad->check_bh = NULL; 525 526 if ((ad->busy_slot != -1) && 527 !(ad->port.ifs[0].status & (BUSY_STAT|DRQ_STAT))) { 528 /* no longer busy */ 529 ad->port_regs.cmd_issue &= ~(1 << ad->busy_slot); 530 ad->busy_slot = -1; 531 } 532 533 check_cmd(ad->hba, ad->port_no); 534 } 535 536 static void ahci_init_d2h(AHCIDevice *ad) 537 { 538 uint8_t init_fis[20]; 539 IDEState *ide_state = &ad->port.ifs[0]; 540 541 memset(init_fis, 0, sizeof(init_fis)); 542 543 init_fis[4] = 1; 544 init_fis[12] = 1; 545 546 if (ide_state->drive_kind == IDE_CD) { 547 init_fis[5] = ide_state->lcyl; 548 init_fis[6] = ide_state->hcyl; 549 } 550 551 ahci_write_fis_d2h(ad, init_fis); 552 } 553 554 static void ahci_reset_port(AHCIState *s, int port) 555 { 556 AHCIDevice *d = &s->dev[port]; 557 AHCIPortRegs *pr = &d->port_regs; 558 IDEState *ide_state = &d->port.ifs[0]; 559 int i; 560 561 DPRINTF(port, "reset port\n"); 562 563 ide_bus_reset(&d->port); 564 ide_state->ncq_queues = AHCI_MAX_CMDS; 565 566 pr->scr_stat = 0; 567 pr->scr_err = 0; 568 pr->scr_act = 0; 569 pr->tfdata = 0x7F; 570 pr->sig = 0xFFFFFFFF; 571 d->busy_slot = -1; 572 d->init_d2h_sent = false; 573 574 ide_state = &s->dev[port].port.ifs[0]; 575 if (!ide_state->blk) { 576 return; 577 } 578 579 /* reset ncq queue */ 580 for (i = 0; i < AHCI_MAX_CMDS; i++) { 581 NCQTransferState *ncq_tfs = &s->dev[port].ncq_tfs[i]; 582 ncq_tfs->halt = false; 583 if (!ncq_tfs->used) { 584 continue; 585 } 586 587 if (ncq_tfs->aiocb) { 588 blk_aio_cancel(ncq_tfs->aiocb); 589 ncq_tfs->aiocb = NULL; 590 } 591 592 /* Maybe we just finished the request thanks to blk_aio_cancel() */ 593 if (!ncq_tfs->used) { 594 continue; 595 } 596 597 qemu_sglist_destroy(&ncq_tfs->sglist); 598 ncq_tfs->used = 0; 599 } 600 601 s->dev[port].port_state = STATE_RUN; 602 if (!ide_state->blk) { 603 pr->sig = 0; 604 ide_state->status = SEEK_STAT | WRERR_STAT; 605 } else if (ide_state->drive_kind == IDE_CD) { 606 pr->sig = SATA_SIGNATURE_CDROM; 607 ide_state->lcyl = 0x14; 608 ide_state->hcyl = 0xeb; 609 DPRINTF(port, "set lcyl = %d\n", ide_state->lcyl); 610 ide_state->status = SEEK_STAT | WRERR_STAT | READY_STAT; 611 } else { 612 pr->sig = SATA_SIGNATURE_DISK; 613 ide_state->status = SEEK_STAT | WRERR_STAT; 614 } 615 616 ide_state->error = 1; 617 ahci_init_d2h(d); 618 } 619 620 static void debug_print_fis(uint8_t *fis, int cmd_len) 621 { 622 #if DEBUG_AHCI 623 int i; 624 625 fprintf(stderr, "fis:"); 626 for (i = 0; i < cmd_len; i++) { 627 if ((i & 0xf) == 0) { 628 fprintf(stderr, "\n%02x:",i); 629 } 630 fprintf(stderr, "%02x ",fis[i]); 631 } 632 fprintf(stderr, "\n"); 633 #endif 634 } 635 636 static bool ahci_map_fis_address(AHCIDevice *ad) 637 { 638 AHCIPortRegs *pr = &ad->port_regs; 639 map_page(ad->hba->as, &ad->res_fis, 640 ((uint64_t)pr->fis_addr_hi << 32) | pr->fis_addr, 256); 641 return ad->res_fis != NULL; 642 } 643 644 static void ahci_unmap_fis_address(AHCIDevice *ad) 645 { 646 dma_memory_unmap(ad->hba->as, ad->res_fis, 256, 647 DMA_DIRECTION_FROM_DEVICE, 256); 648 ad->res_fis = NULL; 649 } 650 651 static bool ahci_map_clb_address(AHCIDevice *ad) 652 { 653 AHCIPortRegs *pr = &ad->port_regs; 654 ad->cur_cmd = NULL; 655 map_page(ad->hba->as, &ad->lst, 656 ((uint64_t)pr->lst_addr_hi << 32) | pr->lst_addr, 1024); 657 return ad->lst != NULL; 658 } 659 660 static void ahci_unmap_clb_address(AHCIDevice *ad) 661 { 662 dma_memory_unmap(ad->hba->as, ad->lst, 1024, 663 DMA_DIRECTION_FROM_DEVICE, 1024); 664 ad->lst = NULL; 665 } 666 667 static void ahci_write_fis_sdb(AHCIState *s, NCQTransferState *ncq_tfs) 668 { 669 AHCIDevice *ad = ncq_tfs->drive; 670 AHCIPortRegs *pr = &ad->port_regs; 671 IDEState *ide_state; 672 SDBFIS *sdb_fis; 673 674 if (!ad->res_fis || 675 !(pr->cmd & PORT_CMD_FIS_RX)) { 676 return; 677 } 678 679 sdb_fis = (SDBFIS *)&ad->res_fis[RES_FIS_SDBFIS]; 680 ide_state = &ad->port.ifs[0]; 681 682 sdb_fis->type = SATA_FIS_TYPE_SDB; 683 /* Interrupt pending & Notification bit */ 684 sdb_fis->flags = 0x40; /* Interrupt bit, always 1 for NCQ */ 685 sdb_fis->status = ide_state->status & 0x77; 686 sdb_fis->error = ide_state->error; 687 /* update SAct field in SDB_FIS */ 688 sdb_fis->payload = cpu_to_le32(ad->finished); 689 690 /* Update shadow registers (except BSY 0x80 and DRQ 0x08) */ 691 pr->tfdata = (ad->port.ifs[0].error << 8) | 692 (ad->port.ifs[0].status & 0x77) | 693 (pr->tfdata & 0x88); 694 pr->scr_act &= ~ad->finished; 695 ad->finished = 0; 696 697 /* Trigger IRQ if interrupt bit is set (which currently, it always is) */ 698 if (sdb_fis->flags & 0x40) { 699 ahci_trigger_irq(s, ad, PORT_IRQ_SDB_FIS); 700 } 701 } 702 703 static void ahci_write_fis_pio(AHCIDevice *ad, uint16_t len) 704 { 705 AHCIPortRegs *pr = &ad->port_regs; 706 uint8_t *pio_fis; 707 IDEState *s = &ad->port.ifs[0]; 708 709 if (!ad->res_fis || !(pr->cmd & PORT_CMD_FIS_RX)) { 710 return; 711 } 712 713 pio_fis = &ad->res_fis[RES_FIS_PSFIS]; 714 715 pio_fis[0] = SATA_FIS_TYPE_PIO_SETUP; 716 pio_fis[1] = (ad->hba->control_regs.irqstatus ? (1 << 6) : 0); 717 pio_fis[2] = s->status; 718 pio_fis[3] = s->error; 719 720 pio_fis[4] = s->sector; 721 pio_fis[5] = s->lcyl; 722 pio_fis[6] = s->hcyl; 723 pio_fis[7] = s->select; 724 pio_fis[8] = s->hob_sector; 725 pio_fis[9] = s->hob_lcyl; 726 pio_fis[10] = s->hob_hcyl; 727 pio_fis[11] = 0; 728 pio_fis[12] = s->nsector & 0xFF; 729 pio_fis[13] = (s->nsector >> 8) & 0xFF; 730 pio_fis[14] = 0; 731 pio_fis[15] = s->status; 732 pio_fis[16] = len & 255; 733 pio_fis[17] = len >> 8; 734 pio_fis[18] = 0; 735 pio_fis[19] = 0; 736 737 /* Update shadow registers: */ 738 pr->tfdata = (ad->port.ifs[0].error << 8) | 739 ad->port.ifs[0].status; 740 741 if (pio_fis[2] & ERR_STAT) { 742 ahci_trigger_irq(ad->hba, ad, PORT_IRQ_TF_ERR); 743 } 744 745 ahci_trigger_irq(ad->hba, ad, PORT_IRQ_PIOS_FIS); 746 } 747 748 static void ahci_write_fis_d2h(AHCIDevice *ad, uint8_t *cmd_fis) 749 { 750 AHCIPortRegs *pr = &ad->port_regs; 751 uint8_t *d2h_fis; 752 int i; 753 IDEState *s = &ad->port.ifs[0]; 754 755 if (!ad->res_fis || !(pr->cmd & PORT_CMD_FIS_RX)) { 756 return; 757 } 758 759 d2h_fis = &ad->res_fis[RES_FIS_RFIS]; 760 761 d2h_fis[0] = SATA_FIS_TYPE_REGISTER_D2H; 762 d2h_fis[1] = (ad->hba->control_regs.irqstatus ? (1 << 6) : 0); 763 d2h_fis[2] = s->status; 764 d2h_fis[3] = s->error; 765 766 d2h_fis[4] = s->sector; 767 d2h_fis[5] = s->lcyl; 768 d2h_fis[6] = s->hcyl; 769 d2h_fis[7] = s->select; 770 d2h_fis[8] = s->hob_sector; 771 d2h_fis[9] = s->hob_lcyl; 772 d2h_fis[10] = s->hob_hcyl; 773 d2h_fis[11] = 0; 774 d2h_fis[12] = s->nsector & 0xFF; 775 d2h_fis[13] = (s->nsector >> 8) & 0xFF; 776 for (i = 14; i < 20; i++) { 777 d2h_fis[i] = 0; 778 } 779 780 /* Update shadow registers: */ 781 pr->tfdata = (ad->port.ifs[0].error << 8) | 782 ad->port.ifs[0].status; 783 784 if (d2h_fis[2] & ERR_STAT) { 785 ahci_trigger_irq(ad->hba, ad, PORT_IRQ_TF_ERR); 786 } 787 788 ahci_trigger_irq(ad->hba, ad, PORT_IRQ_D2H_REG_FIS); 789 } 790 791 static int prdt_tbl_entry_size(const AHCI_SG *tbl) 792 { 793 /* flags_size is zero-based */ 794 return (le32_to_cpu(tbl->flags_size) & AHCI_PRDT_SIZE_MASK) + 1; 795 } 796 797 static int ahci_populate_sglist(AHCIDevice *ad, QEMUSGList *sglist, 798 AHCICmdHdr *cmd, int64_t limit, int32_t offset) 799 { 800 uint16_t opts = le16_to_cpu(cmd->opts); 801 uint16_t prdtl = le16_to_cpu(cmd->prdtl); 802 uint64_t cfis_addr = le64_to_cpu(cmd->tbl_addr); 803 uint64_t prdt_addr = cfis_addr + 0x80; 804 dma_addr_t prdt_len = (prdtl * sizeof(AHCI_SG)); 805 dma_addr_t real_prdt_len = prdt_len; 806 uint8_t *prdt; 807 int i; 808 int r = 0; 809 uint64_t sum = 0; 810 int off_idx = -1; 811 int64_t off_pos = -1; 812 int tbl_entry_size; 813 IDEBus *bus = &ad->port; 814 BusState *qbus = BUS(bus); 815 816 /* 817 * Note: AHCI PRDT can describe up to 256GiB. SATA/ATA only support 818 * transactions of up to 32MiB as of ATA8-ACS3 rev 1b, assuming a 819 * 512 byte sector size. We limit the PRDT in this implementation to 820 * a reasonably large 2GiB, which can accommodate the maximum transfer 821 * request for sector sizes up to 32K. 822 */ 823 824 if (!prdtl) { 825 DPRINTF(ad->port_no, "no sg list given by guest: 0x%08x\n", opts); 826 return -1; 827 } 828 829 /* map PRDT */ 830 if (!(prdt = dma_memory_map(ad->hba->as, prdt_addr, &prdt_len, 831 DMA_DIRECTION_TO_DEVICE))){ 832 DPRINTF(ad->port_no, "map failed\n"); 833 return -1; 834 } 835 836 if (prdt_len < real_prdt_len) { 837 DPRINTF(ad->port_no, "mapped less than expected\n"); 838 r = -1; 839 goto out; 840 } 841 842 /* Get entries in the PRDT, init a qemu sglist accordingly */ 843 if (prdtl > 0) { 844 AHCI_SG *tbl = (AHCI_SG *)prdt; 845 sum = 0; 846 for (i = 0; i < prdtl; i++) { 847 tbl_entry_size = prdt_tbl_entry_size(&tbl[i]); 848 if (offset < (sum + tbl_entry_size)) { 849 off_idx = i; 850 off_pos = offset - sum; 851 break; 852 } 853 sum += tbl_entry_size; 854 } 855 if ((off_idx == -1) || (off_pos < 0) || (off_pos > tbl_entry_size)) { 856 DPRINTF(ad->port_no, "%s: Incorrect offset! " 857 "off_idx: %d, off_pos: %"PRId64"\n", 858 __func__, off_idx, off_pos); 859 r = -1; 860 goto out; 861 } 862 863 qemu_sglist_init(sglist, qbus->parent, (prdtl - off_idx), 864 ad->hba->as); 865 qemu_sglist_add(sglist, le64_to_cpu(tbl[off_idx].addr) + off_pos, 866 MIN(prdt_tbl_entry_size(&tbl[off_idx]) - off_pos, 867 limit)); 868 869 for (i = off_idx + 1; i < prdtl && sglist->size < limit; i++) { 870 qemu_sglist_add(sglist, le64_to_cpu(tbl[i].addr), 871 MIN(prdt_tbl_entry_size(&tbl[i]), 872 limit - sglist->size)); 873 if (sglist->size > INT32_MAX) { 874 error_report("AHCI Physical Region Descriptor Table describes " 875 "more than 2 GiB.\n"); 876 qemu_sglist_destroy(sglist); 877 r = -1; 878 goto out; 879 } 880 } 881 } 882 883 out: 884 dma_memory_unmap(ad->hba->as, prdt, prdt_len, 885 DMA_DIRECTION_TO_DEVICE, prdt_len); 886 return r; 887 } 888 889 static void ncq_err(NCQTransferState *ncq_tfs) 890 { 891 IDEState *ide_state = &ncq_tfs->drive->port.ifs[0]; 892 893 ide_state->error = ABRT_ERR; 894 ide_state->status = READY_STAT | ERR_STAT; 895 ncq_tfs->drive->port_regs.scr_err |= (1 << ncq_tfs->tag); 896 } 897 898 static void ncq_finish(NCQTransferState *ncq_tfs) 899 { 900 /* If we didn't error out, set our finished bit. Errored commands 901 * do not get a bit set for the SDB FIS ACT register, nor do they 902 * clear the outstanding bit in scr_act (PxSACT). */ 903 if (!(ncq_tfs->drive->port_regs.scr_err & (1 << ncq_tfs->tag))) { 904 ncq_tfs->drive->finished |= (1 << ncq_tfs->tag); 905 } 906 907 ahci_write_fis_sdb(ncq_tfs->drive->hba, ncq_tfs); 908 909 DPRINTF(ncq_tfs->drive->port_no, "NCQ transfer tag %d finished\n", 910 ncq_tfs->tag); 911 912 block_acct_done(blk_get_stats(ncq_tfs->drive->port.ifs[0].blk), 913 &ncq_tfs->acct); 914 qemu_sglist_destroy(&ncq_tfs->sglist); 915 ncq_tfs->used = 0; 916 } 917 918 static void ncq_cb(void *opaque, int ret) 919 { 920 NCQTransferState *ncq_tfs = (NCQTransferState *)opaque; 921 IDEState *ide_state = &ncq_tfs->drive->port.ifs[0]; 922 923 if (ret == -ECANCELED) { 924 return; 925 } 926 927 if (ret < 0) { 928 bool is_read = ncq_tfs->cmd == READ_FPDMA_QUEUED; 929 BlockErrorAction action = blk_get_error_action(ide_state->blk, 930 is_read, -ret); 931 if (action == BLOCK_ERROR_ACTION_STOP) { 932 ncq_tfs->halt = true; 933 ide_state->bus->error_status = IDE_RETRY_HBA; 934 } else if (action == BLOCK_ERROR_ACTION_REPORT) { 935 ncq_err(ncq_tfs); 936 } 937 blk_error_action(ide_state->blk, action, is_read, -ret); 938 } else { 939 ide_state->status = READY_STAT | SEEK_STAT; 940 } 941 942 if (!ncq_tfs->halt) { 943 ncq_finish(ncq_tfs); 944 } 945 } 946 947 static int is_ncq(uint8_t ata_cmd) 948 { 949 /* Based on SATA 3.2 section 13.6.3.2 */ 950 switch (ata_cmd) { 951 case READ_FPDMA_QUEUED: 952 case WRITE_FPDMA_QUEUED: 953 case NCQ_NON_DATA: 954 case RECEIVE_FPDMA_QUEUED: 955 case SEND_FPDMA_QUEUED: 956 return 1; 957 default: 958 return 0; 959 } 960 } 961 962 static void execute_ncq_command(NCQTransferState *ncq_tfs) 963 { 964 AHCIDevice *ad = ncq_tfs->drive; 965 IDEState *ide_state = &ad->port.ifs[0]; 966 int port = ad->port_no; 967 968 g_assert(is_ncq(ncq_tfs->cmd)); 969 ncq_tfs->halt = false; 970 971 switch (ncq_tfs->cmd) { 972 case READ_FPDMA_QUEUED: 973 DPRINTF(port, "NCQ reading %d sectors from LBA %"PRId64", tag %d\n", 974 ncq_tfs->sector_count, ncq_tfs->lba, ncq_tfs->tag); 975 976 DPRINTF(port, "tag %d aio read %"PRId64"\n", 977 ncq_tfs->tag, ncq_tfs->lba); 978 979 dma_acct_start(ide_state->blk, &ncq_tfs->acct, 980 &ncq_tfs->sglist, BLOCK_ACCT_READ); 981 ncq_tfs->aiocb = dma_blk_read(ide_state->blk, &ncq_tfs->sglist, 982 ncq_tfs->lba, ncq_cb, ncq_tfs); 983 break; 984 case WRITE_FPDMA_QUEUED: 985 DPRINTF(port, "NCQ writing %d sectors to LBA %"PRId64", tag %d\n", 986 ncq_tfs->sector_count, ncq_tfs->lba, ncq_tfs->tag); 987 988 DPRINTF(port, "tag %d aio write %"PRId64"\n", 989 ncq_tfs->tag, ncq_tfs->lba); 990 991 dma_acct_start(ide_state->blk, &ncq_tfs->acct, 992 &ncq_tfs->sglist, BLOCK_ACCT_WRITE); 993 ncq_tfs->aiocb = dma_blk_write(ide_state->blk, &ncq_tfs->sglist, 994 ncq_tfs->lba, ncq_cb, ncq_tfs); 995 break; 996 default: 997 DPRINTF(port, "error: unsupported NCQ command (0x%02x) received\n", 998 ncq_tfs->cmd); 999 qemu_sglist_destroy(&ncq_tfs->sglist); 1000 ncq_err(ncq_tfs); 1001 } 1002 } 1003 1004 1005 static void process_ncq_command(AHCIState *s, int port, uint8_t *cmd_fis, 1006 uint8_t slot) 1007 { 1008 AHCIDevice *ad = &s->dev[port]; 1009 IDEState *ide_state = &ad->port.ifs[0]; 1010 NCQFrame *ncq_fis = (NCQFrame*)cmd_fis; 1011 uint8_t tag = ncq_fis->tag >> 3; 1012 NCQTransferState *ncq_tfs = &ad->ncq_tfs[tag]; 1013 size_t size; 1014 1015 g_assert(is_ncq(ncq_fis->command)); 1016 if (ncq_tfs->used) { 1017 /* error - already in use */ 1018 fprintf(stderr, "%s: tag %d already used\n", __FUNCTION__, tag); 1019 return; 1020 } 1021 1022 ncq_tfs->used = 1; 1023 ncq_tfs->drive = ad; 1024 ncq_tfs->slot = slot; 1025 ncq_tfs->cmdh = &((AHCICmdHdr *)ad->lst)[slot]; 1026 ncq_tfs->cmd = ncq_fis->command; 1027 ncq_tfs->lba = ((uint64_t)ncq_fis->lba5 << 40) | 1028 ((uint64_t)ncq_fis->lba4 << 32) | 1029 ((uint64_t)ncq_fis->lba3 << 24) | 1030 ((uint64_t)ncq_fis->lba2 << 16) | 1031 ((uint64_t)ncq_fis->lba1 << 8) | 1032 (uint64_t)ncq_fis->lba0; 1033 ncq_tfs->tag = tag; 1034 1035 /* Sanity-check the NCQ packet */ 1036 if (tag != slot) { 1037 DPRINTF(port, "Warn: NCQ slot (%d) did not match the given tag (%d)\n", 1038 slot, tag); 1039 } 1040 1041 if (ncq_fis->aux0 || ncq_fis->aux1 || ncq_fis->aux2 || ncq_fis->aux3) { 1042 DPRINTF(port, "Warn: Attempt to use NCQ auxiliary fields.\n"); 1043 } 1044 if (ncq_fis->prio || ncq_fis->icc) { 1045 DPRINTF(port, "Warn: Unsupported attempt to use PRIO/ICC fields\n"); 1046 } 1047 if (ncq_fis->fua & NCQ_FIS_FUA_MASK) { 1048 DPRINTF(port, "Warn: Unsupported attempt to use Force Unit Access\n"); 1049 } 1050 if (ncq_fis->tag & NCQ_FIS_RARC_MASK) { 1051 DPRINTF(port, "Warn: Unsupported attempt to use Rebuild Assist\n"); 1052 } 1053 1054 ncq_tfs->sector_count = ((ncq_fis->sector_count_high << 8) | 1055 ncq_fis->sector_count_low); 1056 if (!ncq_tfs->sector_count) { 1057 ncq_tfs->sector_count = 0x10000; 1058 } 1059 size = ncq_tfs->sector_count * 512; 1060 ahci_populate_sglist(ad, &ncq_tfs->sglist, ncq_tfs->cmdh, size, 0); 1061 1062 if (ncq_tfs->sglist.size < size) { 1063 error_report("ahci: PRDT length for NCQ command (0x%zx) " 1064 "is smaller than the requested size (0x%zx)", 1065 ncq_tfs->sglist.size, size); 1066 qemu_sglist_destroy(&ncq_tfs->sglist); 1067 ncq_err(ncq_tfs); 1068 ahci_trigger_irq(ad->hba, ad, PORT_IRQ_OVERFLOW); 1069 return; 1070 } else if (ncq_tfs->sglist.size != size) { 1071 DPRINTF(port, "Warn: PRDTL (0x%zx)" 1072 " does not match requested size (0x%zx)", 1073 ncq_tfs->sglist.size, size); 1074 } 1075 1076 DPRINTF(port, "NCQ transfer LBA from %"PRId64" to %"PRId64", " 1077 "drive max %"PRId64"\n", 1078 ncq_tfs->lba, ncq_tfs->lba + ncq_tfs->sector_count - 1, 1079 ide_state->nb_sectors - 1); 1080 1081 execute_ncq_command(ncq_tfs); 1082 } 1083 1084 static AHCICmdHdr *get_cmd_header(AHCIState *s, uint8_t port, uint8_t slot) 1085 { 1086 if (port >= s->ports || slot >= AHCI_MAX_CMDS) { 1087 return NULL; 1088 } 1089 1090 return s->dev[port].lst ? &((AHCICmdHdr *)s->dev[port].lst)[slot] : NULL; 1091 } 1092 1093 static void handle_reg_h2d_fis(AHCIState *s, int port, 1094 uint8_t slot, uint8_t *cmd_fis) 1095 { 1096 IDEState *ide_state = &s->dev[port].port.ifs[0]; 1097 AHCICmdHdr *cmd = get_cmd_header(s, port, slot); 1098 uint16_t opts = le16_to_cpu(cmd->opts); 1099 1100 if (cmd_fis[1] & 0x0F) { 1101 DPRINTF(port, "Port Multiplier not supported." 1102 " cmd_fis[0]=%02x cmd_fis[1]=%02x cmd_fis[2]=%02x\n", 1103 cmd_fis[0], cmd_fis[1], cmd_fis[2]); 1104 return; 1105 } 1106 1107 if (cmd_fis[1] & 0x70) { 1108 DPRINTF(port, "Reserved flags set in H2D Register FIS." 1109 " cmd_fis[0]=%02x cmd_fis[1]=%02x cmd_fis[2]=%02x\n", 1110 cmd_fis[0], cmd_fis[1], cmd_fis[2]); 1111 return; 1112 } 1113 1114 if (!(cmd_fis[1] & SATA_FIS_REG_H2D_UPDATE_COMMAND_REGISTER)) { 1115 switch (s->dev[port].port_state) { 1116 case STATE_RUN: 1117 if (cmd_fis[15] & ATA_SRST) { 1118 s->dev[port].port_state = STATE_RESET; 1119 } 1120 break; 1121 case STATE_RESET: 1122 if (!(cmd_fis[15] & ATA_SRST)) { 1123 ahci_reset_port(s, port); 1124 } 1125 break; 1126 } 1127 return; 1128 } 1129 1130 /* Check for NCQ command */ 1131 if (is_ncq(cmd_fis[2])) { 1132 process_ncq_command(s, port, cmd_fis, slot); 1133 return; 1134 } 1135 1136 /* Decompose the FIS: 1137 * AHCI does not interpret FIS packets, it only forwards them. 1138 * SATA 1.0 describes how to decode LBA28 and CHS FIS packets. 1139 * Later specifications, e.g, SATA 3.2, describe LBA48 FIS packets. 1140 * 1141 * ATA4 describes sector number for LBA28/CHS commands. 1142 * ATA6 describes sector number for LBA48 commands. 1143 * ATA8 deprecates CHS fully, describing only LBA28/48. 1144 * 1145 * We dutifully convert the FIS into IDE registers, and allow the 1146 * core layer to interpret them as needed. */ 1147 ide_state->feature = cmd_fis[3]; 1148 ide_state->sector = cmd_fis[4]; /* LBA 7:0 */ 1149 ide_state->lcyl = cmd_fis[5]; /* LBA 15:8 */ 1150 ide_state->hcyl = cmd_fis[6]; /* LBA 23:16 */ 1151 ide_state->select = cmd_fis[7]; /* LBA 27:24 (LBA28) */ 1152 ide_state->hob_sector = cmd_fis[8]; /* LBA 31:24 */ 1153 ide_state->hob_lcyl = cmd_fis[9]; /* LBA 39:32 */ 1154 ide_state->hob_hcyl = cmd_fis[10]; /* LBA 47:40 */ 1155 ide_state->hob_feature = cmd_fis[11]; 1156 ide_state->nsector = (int64_t)((cmd_fis[13] << 8) | cmd_fis[12]); 1157 /* 14, 16, 17, 18, 19: Reserved (SATA 1.0) */ 1158 /* 15: Only valid when UPDATE_COMMAND not set. */ 1159 1160 /* Copy the ACMD field (ATAPI packet, if any) from the AHCI command 1161 * table to ide_state->io_buffer */ 1162 if (opts & AHCI_CMD_ATAPI) { 1163 memcpy(ide_state->io_buffer, &cmd_fis[AHCI_COMMAND_TABLE_ACMD], 0x10); 1164 debug_print_fis(ide_state->io_buffer, 0x10); 1165 s->dev[port].done_atapi_packet = false; 1166 /* XXX send PIO setup FIS */ 1167 } 1168 1169 ide_state->error = 0; 1170 1171 /* Reset transferred byte counter */ 1172 cmd->status = 0; 1173 1174 /* We're ready to process the command in FIS byte 2. */ 1175 ide_exec_cmd(&s->dev[port].port, cmd_fis[2]); 1176 } 1177 1178 static int handle_cmd(AHCIState *s, int port, uint8_t slot) 1179 { 1180 IDEState *ide_state; 1181 uint64_t tbl_addr; 1182 AHCICmdHdr *cmd; 1183 uint8_t *cmd_fis; 1184 dma_addr_t cmd_len; 1185 1186 if (s->dev[port].port.ifs[0].status & (BUSY_STAT|DRQ_STAT)) { 1187 /* Engine currently busy, try again later */ 1188 DPRINTF(port, "engine busy\n"); 1189 return -1; 1190 } 1191 1192 if (!s->dev[port].lst) { 1193 DPRINTF(port, "error: lst not given but cmd handled"); 1194 return -1; 1195 } 1196 cmd = get_cmd_header(s, port, slot); 1197 /* remember current slot handle for later */ 1198 s->dev[port].cur_cmd = cmd; 1199 1200 /* The device we are working for */ 1201 ide_state = &s->dev[port].port.ifs[0]; 1202 if (!ide_state->blk) { 1203 DPRINTF(port, "error: guest accessed unused port"); 1204 return -1; 1205 } 1206 1207 tbl_addr = le64_to_cpu(cmd->tbl_addr); 1208 cmd_len = 0x80; 1209 cmd_fis = dma_memory_map(s->as, tbl_addr, &cmd_len, 1210 DMA_DIRECTION_FROM_DEVICE); 1211 if (!cmd_fis) { 1212 DPRINTF(port, "error: guest passed us an invalid cmd fis\n"); 1213 return -1; 1214 } else if (cmd_len != 0x80) { 1215 ahci_trigger_irq(s, &s->dev[port], PORT_IRQ_HBUS_ERR); 1216 DPRINTF(port, "error: dma_memory_map failed: " 1217 "(len(%02"PRIx64") != 0x80)\n", 1218 cmd_len); 1219 goto out; 1220 } 1221 debug_print_fis(cmd_fis, 0x80); 1222 1223 switch (cmd_fis[0]) { 1224 case SATA_FIS_TYPE_REGISTER_H2D: 1225 handle_reg_h2d_fis(s, port, slot, cmd_fis); 1226 break; 1227 default: 1228 DPRINTF(port, "unknown command cmd_fis[0]=%02x cmd_fis[1]=%02x " 1229 "cmd_fis[2]=%02x\n", cmd_fis[0], cmd_fis[1], 1230 cmd_fis[2]); 1231 break; 1232 } 1233 1234 out: 1235 dma_memory_unmap(s->as, cmd_fis, cmd_len, DMA_DIRECTION_FROM_DEVICE, 1236 cmd_len); 1237 1238 if (s->dev[port].port.ifs[0].status & (BUSY_STAT|DRQ_STAT)) { 1239 /* async command, complete later */ 1240 s->dev[port].busy_slot = slot; 1241 return -1; 1242 } 1243 1244 /* done handling the command */ 1245 return 0; 1246 } 1247 1248 /* DMA dev <-> ram */ 1249 static void ahci_start_transfer(IDEDMA *dma) 1250 { 1251 AHCIDevice *ad = DO_UPCAST(AHCIDevice, dma, dma); 1252 IDEState *s = &ad->port.ifs[0]; 1253 uint32_t size = (uint32_t)(s->data_end - s->data_ptr); 1254 /* write == ram -> device */ 1255 uint16_t opts = le16_to_cpu(ad->cur_cmd->opts); 1256 int is_write = opts & AHCI_CMD_WRITE; 1257 int is_atapi = opts & AHCI_CMD_ATAPI; 1258 int has_sglist = 0; 1259 1260 if (is_atapi && !ad->done_atapi_packet) { 1261 /* already prepopulated iobuffer */ 1262 ad->done_atapi_packet = true; 1263 size = 0; 1264 goto out; 1265 } 1266 1267 if (ahci_dma_prepare_buf(dma, size)) { 1268 has_sglist = 1; 1269 } 1270 1271 DPRINTF(ad->port_no, "%sing %d bytes on %s w/%s sglist\n", 1272 is_write ? "writ" : "read", size, is_atapi ? "atapi" : "ata", 1273 has_sglist ? "" : "o"); 1274 1275 if (has_sglist && size) { 1276 if (is_write) { 1277 dma_buf_write(s->data_ptr, size, &s->sg); 1278 } else { 1279 dma_buf_read(s->data_ptr, size, &s->sg); 1280 } 1281 } 1282 1283 out: 1284 /* declare that we processed everything */ 1285 s->data_ptr = s->data_end; 1286 1287 /* Update number of transferred bytes, destroy sglist */ 1288 ahci_commit_buf(dma, size); 1289 1290 s->end_transfer_func(s); 1291 1292 if (!(s->status & DRQ_STAT)) { 1293 /* done with PIO send/receive */ 1294 ahci_write_fis_pio(ad, le32_to_cpu(ad->cur_cmd->status)); 1295 } 1296 } 1297 1298 static void ahci_start_dma(IDEDMA *dma, IDEState *s, 1299 BlockCompletionFunc *dma_cb) 1300 { 1301 AHCIDevice *ad = DO_UPCAST(AHCIDevice, dma, dma); 1302 DPRINTF(ad->port_no, "\n"); 1303 s->io_buffer_offset = 0; 1304 dma_cb(s, 0); 1305 } 1306 1307 static void ahci_restart_dma(IDEDMA *dma) 1308 { 1309 /* Nothing to do, ahci_start_dma already resets s->io_buffer_offset. */ 1310 } 1311 1312 /** 1313 * IDE/PIO restarts are handled by the core layer, but NCQ commands 1314 * need an extra kick from the AHCI HBA. 1315 */ 1316 static void ahci_restart(IDEDMA *dma) 1317 { 1318 AHCIDevice *ad = DO_UPCAST(AHCIDevice, dma, dma); 1319 int i; 1320 1321 for (i = 0; i < AHCI_MAX_CMDS; i++) { 1322 NCQTransferState *ncq_tfs = &ad->ncq_tfs[i]; 1323 if (ncq_tfs->halt) { 1324 execute_ncq_command(ncq_tfs); 1325 } 1326 } 1327 } 1328 1329 /** 1330 * Called in DMA R/W chains to read the PRDT, utilizing ahci_populate_sglist. 1331 * Not currently invoked by PIO R/W chains, 1332 * which invoke ahci_populate_sglist via ahci_start_transfer. 1333 */ 1334 static int32_t ahci_dma_prepare_buf(IDEDMA *dma, int32_t limit) 1335 { 1336 AHCIDevice *ad = DO_UPCAST(AHCIDevice, dma, dma); 1337 IDEState *s = &ad->port.ifs[0]; 1338 1339 if (ahci_populate_sglist(ad, &s->sg, ad->cur_cmd, 1340 limit, s->io_buffer_offset) == -1) { 1341 DPRINTF(ad->port_no, "ahci_dma_prepare_buf failed.\n"); 1342 return -1; 1343 } 1344 s->io_buffer_size = s->sg.size; 1345 1346 DPRINTF(ad->port_no, "len=%#x\n", s->io_buffer_size); 1347 return s->io_buffer_size; 1348 } 1349 1350 /** 1351 * Destroys the scatter-gather list, 1352 * and updates the command header with a bytes-read value. 1353 * called explicitly via ahci_dma_rw_buf (ATAPI DMA), 1354 * and ahci_start_transfer (PIO R/W), 1355 * and called via callback from ide_dma_cb for DMA R/W paths. 1356 */ 1357 static void ahci_commit_buf(IDEDMA *dma, uint32_t tx_bytes) 1358 { 1359 AHCIDevice *ad = DO_UPCAST(AHCIDevice, dma, dma); 1360 IDEState *s = &ad->port.ifs[0]; 1361 1362 tx_bytes += le32_to_cpu(ad->cur_cmd->status); 1363 ad->cur_cmd->status = cpu_to_le32(tx_bytes); 1364 1365 qemu_sglist_destroy(&s->sg); 1366 } 1367 1368 static int ahci_dma_rw_buf(IDEDMA *dma, int is_write) 1369 { 1370 AHCIDevice *ad = DO_UPCAST(AHCIDevice, dma, dma); 1371 IDEState *s = &ad->port.ifs[0]; 1372 uint8_t *p = s->io_buffer + s->io_buffer_index; 1373 int l = s->io_buffer_size - s->io_buffer_index; 1374 1375 if (ahci_populate_sglist(ad, &s->sg, ad->cur_cmd, l, s->io_buffer_offset)) { 1376 return 0; 1377 } 1378 1379 if (is_write) { 1380 dma_buf_read(p, l, &s->sg); 1381 } else { 1382 dma_buf_write(p, l, &s->sg); 1383 } 1384 1385 /* free sglist, update byte count */ 1386 ahci_commit_buf(dma, l); 1387 1388 s->io_buffer_index += l; 1389 s->io_buffer_offset += l; 1390 1391 DPRINTF(ad->port_no, "len=%#x\n", l); 1392 1393 return 1; 1394 } 1395 1396 static void ahci_cmd_done(IDEDMA *dma) 1397 { 1398 AHCIDevice *ad = DO_UPCAST(AHCIDevice, dma, dma); 1399 1400 DPRINTF(ad->port_no, "cmd done\n"); 1401 1402 /* update d2h status */ 1403 ahci_write_fis_d2h(ad, NULL); 1404 1405 if (!ad->check_bh) { 1406 /* maybe we still have something to process, check later */ 1407 ad->check_bh = qemu_bh_new(ahci_check_cmd_bh, ad); 1408 qemu_bh_schedule(ad->check_bh); 1409 } 1410 } 1411 1412 static void ahci_irq_set(void *opaque, int n, int level) 1413 { 1414 } 1415 1416 static const IDEDMAOps ahci_dma_ops = { 1417 .start_dma = ahci_start_dma, 1418 .restart = ahci_restart, 1419 .restart_dma = ahci_restart_dma, 1420 .start_transfer = ahci_start_transfer, 1421 .prepare_buf = ahci_dma_prepare_buf, 1422 .commit_buf = ahci_commit_buf, 1423 .rw_buf = ahci_dma_rw_buf, 1424 .cmd_done = ahci_cmd_done, 1425 }; 1426 1427 void ahci_init(AHCIState *s, DeviceState *qdev, AddressSpace *as, int ports) 1428 { 1429 qemu_irq *irqs; 1430 int i; 1431 1432 s->as = as; 1433 s->ports = ports; 1434 s->dev = g_new0(AHCIDevice, ports); 1435 ahci_reg_init(s); 1436 /* XXX BAR size should be 1k, but that breaks, so bump it to 4k for now */ 1437 memory_region_init_io(&s->mem, OBJECT(qdev), &ahci_mem_ops, s, 1438 "ahci", AHCI_MEM_BAR_SIZE); 1439 memory_region_init_io(&s->idp, OBJECT(qdev), &ahci_idp_ops, s, 1440 "ahci-idp", 32); 1441 1442 irqs = qemu_allocate_irqs(ahci_irq_set, s, s->ports); 1443 1444 for (i = 0; i < s->ports; i++) { 1445 AHCIDevice *ad = &s->dev[i]; 1446 1447 ide_bus_new(&ad->port, sizeof(ad->port), qdev, i, 1); 1448 ide_init2(&ad->port, irqs[i]); 1449 1450 ad->hba = s; 1451 ad->port_no = i; 1452 ad->port.dma = &ad->dma; 1453 ad->port.dma->ops = &ahci_dma_ops; 1454 ide_register_restart_cb(&ad->port); 1455 } 1456 } 1457 1458 void ahci_uninit(AHCIState *s) 1459 { 1460 g_free(s->dev); 1461 } 1462 1463 void ahci_reset(AHCIState *s) 1464 { 1465 AHCIPortRegs *pr; 1466 int i; 1467 1468 s->control_regs.irqstatus = 0; 1469 /* AHCI Enable (AE) 1470 * The implementation of this bit is dependent upon the value of the 1471 * CAP.SAM bit. If CAP.SAM is '0', then GHC.AE shall be read-write and 1472 * shall have a reset value of '0'. If CAP.SAM is '1', then AE shall be 1473 * read-only and shall have a reset value of '1'. 1474 * 1475 * We set HOST_CAP_AHCI so we must enable AHCI at reset. 1476 */ 1477 s->control_regs.ghc = HOST_CTL_AHCI_EN; 1478 1479 for (i = 0; i < s->ports; i++) { 1480 pr = &s->dev[i].port_regs; 1481 pr->irq_stat = 0; 1482 pr->irq_mask = 0; 1483 pr->scr_ctl = 0; 1484 pr->cmd = PORT_CMD_SPIN_UP | PORT_CMD_POWER_ON; 1485 ahci_reset_port(s, i); 1486 } 1487 } 1488 1489 static const VMStateDescription vmstate_ncq_tfs = { 1490 .name = "ncq state", 1491 .version_id = 1, 1492 .fields = (VMStateField[]) { 1493 VMSTATE_UINT32(sector_count, NCQTransferState), 1494 VMSTATE_UINT64(lba, NCQTransferState), 1495 VMSTATE_UINT8(tag, NCQTransferState), 1496 VMSTATE_UINT8(cmd, NCQTransferState), 1497 VMSTATE_UINT8(slot, NCQTransferState), 1498 VMSTATE_BOOL(used, NCQTransferState), 1499 VMSTATE_BOOL(halt, NCQTransferState), 1500 VMSTATE_END_OF_LIST() 1501 }, 1502 }; 1503 1504 static const VMStateDescription vmstate_ahci_device = { 1505 .name = "ahci port", 1506 .version_id = 1, 1507 .fields = (VMStateField[]) { 1508 VMSTATE_IDE_BUS(port, AHCIDevice), 1509 VMSTATE_IDE_DRIVE(port.ifs[0], AHCIDevice), 1510 VMSTATE_UINT32(port_state, AHCIDevice), 1511 VMSTATE_UINT32(finished, AHCIDevice), 1512 VMSTATE_UINT32(port_regs.lst_addr, AHCIDevice), 1513 VMSTATE_UINT32(port_regs.lst_addr_hi, AHCIDevice), 1514 VMSTATE_UINT32(port_regs.fis_addr, AHCIDevice), 1515 VMSTATE_UINT32(port_regs.fis_addr_hi, AHCIDevice), 1516 VMSTATE_UINT32(port_regs.irq_stat, AHCIDevice), 1517 VMSTATE_UINT32(port_regs.irq_mask, AHCIDevice), 1518 VMSTATE_UINT32(port_regs.cmd, AHCIDevice), 1519 VMSTATE_UINT32(port_regs.tfdata, AHCIDevice), 1520 VMSTATE_UINT32(port_regs.sig, AHCIDevice), 1521 VMSTATE_UINT32(port_regs.scr_stat, AHCIDevice), 1522 VMSTATE_UINT32(port_regs.scr_ctl, AHCIDevice), 1523 VMSTATE_UINT32(port_regs.scr_err, AHCIDevice), 1524 VMSTATE_UINT32(port_regs.scr_act, AHCIDevice), 1525 VMSTATE_UINT32(port_regs.cmd_issue, AHCIDevice), 1526 VMSTATE_BOOL(done_atapi_packet, AHCIDevice), 1527 VMSTATE_INT32(busy_slot, AHCIDevice), 1528 VMSTATE_BOOL(init_d2h_sent, AHCIDevice), 1529 VMSTATE_STRUCT_ARRAY(ncq_tfs, AHCIDevice, AHCI_MAX_CMDS, 1530 1, vmstate_ncq_tfs, NCQTransferState), 1531 VMSTATE_END_OF_LIST() 1532 }, 1533 }; 1534 1535 static int ahci_state_post_load(void *opaque, int version_id) 1536 { 1537 int i, j; 1538 struct AHCIDevice *ad; 1539 NCQTransferState *ncq_tfs; 1540 AHCIState *s = opaque; 1541 1542 for (i = 0; i < s->ports; i++) { 1543 ad = &s->dev[i]; 1544 1545 /* Only remap the CLB address if appropriate, disallowing a state 1546 * transition from 'on' to 'off' it should be consistent here. */ 1547 if (ahci_cond_start_engines(ad, false) != 0) { 1548 return -1; 1549 } 1550 1551 for (j = 0; j < AHCI_MAX_CMDS; j++) { 1552 ncq_tfs = &ad->ncq_tfs[j]; 1553 ncq_tfs->drive = ad; 1554 1555 if (ncq_tfs->used != ncq_tfs->halt) { 1556 return -1; 1557 } 1558 if (!ncq_tfs->halt) { 1559 continue; 1560 } 1561 if (!is_ncq(ncq_tfs->cmd)) { 1562 return -1; 1563 } 1564 if (ncq_tfs->slot != ncq_tfs->tag) { 1565 return -1; 1566 } 1567 /* If ncq_tfs->halt is justly set, the engine should be engaged, 1568 * and the command list buffer should be mapped. */ 1569 ncq_tfs->cmdh = get_cmd_header(s, i, ncq_tfs->slot); 1570 if (!ncq_tfs->cmdh) { 1571 return -1; 1572 } 1573 ahci_populate_sglist(ncq_tfs->drive, &ncq_tfs->sglist, 1574 ncq_tfs->cmdh, ncq_tfs->sector_count * 512, 1575 0); 1576 if (ncq_tfs->sector_count != ncq_tfs->sglist.size >> 9) { 1577 return -1; 1578 } 1579 } 1580 1581 1582 /* 1583 * If an error is present, ad->busy_slot will be valid and not -1. 1584 * In this case, an operation is waiting to resume and will re-check 1585 * for additional AHCI commands to execute upon completion. 1586 * 1587 * In the case where no error was present, busy_slot will be -1, 1588 * and we should check to see if there are additional commands waiting. 1589 */ 1590 if (ad->busy_slot == -1) { 1591 check_cmd(s, i); 1592 } else { 1593 /* We are in the middle of a command, and may need to access 1594 * the command header in guest memory again. */ 1595 if (ad->busy_slot < 0 || ad->busy_slot >= AHCI_MAX_CMDS) { 1596 return -1; 1597 } 1598 ad->cur_cmd = get_cmd_header(s, i, ad->busy_slot); 1599 } 1600 } 1601 1602 return 0; 1603 } 1604 1605 const VMStateDescription vmstate_ahci = { 1606 .name = "ahci", 1607 .version_id = 1, 1608 .post_load = ahci_state_post_load, 1609 .fields = (VMStateField[]) { 1610 VMSTATE_STRUCT_VARRAY_POINTER_INT32(dev, AHCIState, ports, 1611 vmstate_ahci_device, AHCIDevice), 1612 VMSTATE_UINT32(control_regs.cap, AHCIState), 1613 VMSTATE_UINT32(control_regs.ghc, AHCIState), 1614 VMSTATE_UINT32(control_regs.irqstatus, AHCIState), 1615 VMSTATE_UINT32(control_regs.impl, AHCIState), 1616 VMSTATE_UINT32(control_regs.version, AHCIState), 1617 VMSTATE_UINT32(idp_index, AHCIState), 1618 VMSTATE_INT32_EQUAL(ports, AHCIState), 1619 VMSTATE_END_OF_LIST() 1620 }, 1621 }; 1622 1623 #define TYPE_SYSBUS_AHCI "sysbus-ahci" 1624 #define SYSBUS_AHCI(obj) OBJECT_CHECK(SysbusAHCIState, (obj), TYPE_SYSBUS_AHCI) 1625 1626 typedef struct SysbusAHCIState { 1627 /*< private >*/ 1628 SysBusDevice parent_obj; 1629 /*< public >*/ 1630 1631 AHCIState ahci; 1632 uint32_t num_ports; 1633 } SysbusAHCIState; 1634 1635 static const VMStateDescription vmstate_sysbus_ahci = { 1636 .name = "sysbus-ahci", 1637 .fields = (VMStateField[]) { 1638 VMSTATE_AHCI(ahci, SysbusAHCIState), 1639 VMSTATE_END_OF_LIST() 1640 }, 1641 }; 1642 1643 static void sysbus_ahci_reset(DeviceState *dev) 1644 { 1645 SysbusAHCIState *s = SYSBUS_AHCI(dev); 1646 1647 ahci_reset(&s->ahci); 1648 } 1649 1650 static void sysbus_ahci_realize(DeviceState *dev, Error **errp) 1651 { 1652 SysBusDevice *sbd = SYS_BUS_DEVICE(dev); 1653 SysbusAHCIState *s = SYSBUS_AHCI(dev); 1654 1655 ahci_init(&s->ahci, dev, &address_space_memory, s->num_ports); 1656 1657 sysbus_init_mmio(sbd, &s->ahci.mem); 1658 sysbus_init_irq(sbd, &s->ahci.irq); 1659 } 1660 1661 static Property sysbus_ahci_properties[] = { 1662 DEFINE_PROP_UINT32("num-ports", SysbusAHCIState, num_ports, 1), 1663 DEFINE_PROP_END_OF_LIST(), 1664 }; 1665 1666 static void sysbus_ahci_class_init(ObjectClass *klass, void *data) 1667 { 1668 DeviceClass *dc = DEVICE_CLASS(klass); 1669 1670 dc->realize = sysbus_ahci_realize; 1671 dc->vmsd = &vmstate_sysbus_ahci; 1672 dc->props = sysbus_ahci_properties; 1673 dc->reset = sysbus_ahci_reset; 1674 set_bit(DEVICE_CATEGORY_STORAGE, dc->categories); 1675 } 1676 1677 static const TypeInfo sysbus_ahci_info = { 1678 .name = TYPE_SYSBUS_AHCI, 1679 .parent = TYPE_SYS_BUS_DEVICE, 1680 .instance_size = sizeof(SysbusAHCIState), 1681 .class_init = sysbus_ahci_class_init, 1682 }; 1683 1684 static void sysbus_ahci_register_types(void) 1685 { 1686 type_register_static(&sysbus_ahci_info); 1687 } 1688 1689 type_init(sysbus_ahci_register_types) 1690 1691 void ahci_ide_create_devs(PCIDevice *dev, DriveInfo **hd) 1692 { 1693 AHCIPCIState *d = ICH_AHCI(dev); 1694 AHCIState *ahci = &d->ahci; 1695 int i; 1696 1697 for (i = 0; i < ahci->ports; i++) { 1698 if (hd[i] == NULL) { 1699 continue; 1700 } 1701 ide_create_drive(&ahci->dev[i].port, 0, hd[i]); 1702 } 1703 1704 } 1705