1 /* 2 * libqos AHCI functions 3 * 4 * Copyright (c) 2014 John Snow <jsnow@redhat.com> 5 * 6 * Permission is hereby granted, free of charge, to any person obtaining a copy 7 * of this software and associated documentation files (the "Software"), to deal 8 * in the Software without restriction, including without limitation the rights 9 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 10 * copies of the Software, and to permit persons to whom the Software is 11 * furnished to do so, subject to the following conditions: 12 * 13 * The above copyright notice and this permission notice shall be included in 14 * all copies or substantial portions of the Software. 15 * 16 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 17 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 18 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL 19 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 20 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 21 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 22 * THE SOFTWARE. 23 */ 24 25 #include "qemu/osdep.h" 26 27 #include "../libqtest.h" 28 #include "ahci.h" 29 #include "pci-pc.h" 30 31 #include "qemu/host-utils.h" 32 33 #include "hw/pci/pci_ids.h" 34 #include "hw/pci/pci_regs.h" 35 36 typedef struct AHCICommandProp { 37 uint8_t cmd; /* Command Code */ 38 bool data; /* Data transfer command? */ 39 bool pio; 40 bool dma; 41 bool lba28; 42 bool lba48; 43 bool read; 44 bool write; 45 bool atapi; 46 bool ncq; 47 uint64_t size; /* Static transfer size, for commands like IDENTIFY. */ 48 uint32_t interrupts; /* Expected interrupts for this command. */ 49 } AHCICommandProp; 50 51 AHCICommandProp ahci_command_properties[] = { 52 { .cmd = CMD_READ_PIO, .data = true, .pio = true, 53 .lba28 = true, .read = true }, 54 { .cmd = CMD_WRITE_PIO, .data = true, .pio = true, 55 .lba28 = true, .write = true }, 56 { .cmd = CMD_READ_PIO_EXT, .data = true, .pio = true, 57 .lba48 = true, .read = true }, 58 { .cmd = CMD_WRITE_PIO_EXT, .data = true, .pio = true, 59 .lba48 = true, .write = true }, 60 { .cmd = CMD_READ_DMA, .data = true, .dma = true, 61 .lba28 = true, .read = true }, 62 { .cmd = CMD_WRITE_DMA, .data = true, .dma = true, 63 .lba28 = true, .write = true }, 64 { .cmd = CMD_READ_DMA_EXT, .data = true, .dma = true, 65 .lba48 = true, .read = true }, 66 { .cmd = CMD_WRITE_DMA_EXT, .data = true, .dma = true, 67 .lba48 = true, .write = true }, 68 { .cmd = CMD_IDENTIFY, .data = true, .pio = true, 69 .size = 512, .read = true }, 70 { .cmd = READ_FPDMA_QUEUED, .data = true, .dma = true, 71 .lba48 = true, .read = true, .ncq = true }, 72 { .cmd = WRITE_FPDMA_QUEUED, .data = true, .dma = true, 73 .lba48 = true, .write = true, .ncq = true }, 74 { .cmd = CMD_READ_MAX, .lba28 = true }, 75 { .cmd = CMD_READ_MAX_EXT, .lba48 = true }, 76 { .cmd = CMD_FLUSH_CACHE, .data = false }, 77 { .cmd = CMD_PACKET, .data = true, .size = 16, 78 .atapi = true, .pio = true }, 79 { .cmd = CMD_PACKET_ID, .data = true, .pio = true, 80 .size = 512, .read = true } 81 }; 82 83 struct AHCICommand { 84 /* Test Management Data */ 85 uint8_t name; 86 uint8_t port; 87 uint8_t slot; 88 uint8_t errors; 89 uint32_t interrupts; 90 uint64_t xbytes; 91 uint32_t prd_size; 92 uint32_t sector_size; 93 uint64_t buffer; 94 AHCICommandProp *props; 95 /* Data to be transferred to the guest */ 96 AHCICommandHeader header; 97 RegH2DFIS fis; 98 unsigned char *atapi_cmd; 99 }; 100 101 /** 102 * Allocate space in the guest using information in the AHCIQState object. 103 */ 104 uint64_t ahci_alloc(AHCIQState *ahci, size_t bytes) 105 { 106 g_assert(ahci); 107 g_assert(ahci->parent); 108 return qmalloc(ahci->parent, bytes); 109 } 110 111 void ahci_free(AHCIQState *ahci, uint64_t addr) 112 { 113 g_assert(ahci); 114 g_assert(ahci->parent); 115 qfree(ahci->parent, addr); 116 } 117 118 bool is_atapi(AHCIQState *ahci, uint8_t port) 119 { 120 return ahci_px_rreg(ahci, port, AHCI_PX_SIG) == AHCI_SIGNATURE_CDROM; 121 } 122 123 /** 124 * Locate, verify, and return a handle to the AHCI device. 125 */ 126 QPCIDevice *get_ahci_device(QTestState *qts, uint32_t *fingerprint) 127 { 128 QPCIDevice *ahci; 129 uint32_t ahci_fingerprint; 130 QPCIBus *pcibus; 131 132 pcibus = qpci_new_pc(qts, NULL); 133 134 /* Find the AHCI PCI device and verify it's the right one. */ 135 ahci = qpci_device_find(pcibus, QPCI_DEVFN(0x1F, 0x02)); 136 g_assert(ahci != NULL); 137 138 ahci_fingerprint = qpci_config_readl(ahci, PCI_VENDOR_ID); 139 140 switch (ahci_fingerprint) { 141 case AHCI_INTEL_ICH9: 142 break; 143 default: 144 /* Unknown device. */ 145 g_assert_not_reached(); 146 } 147 148 if (fingerprint) { 149 *fingerprint = ahci_fingerprint; 150 } 151 return ahci; 152 } 153 154 void free_ahci_device(QPCIDevice *dev) 155 { 156 QPCIBus *pcibus = dev ? dev->bus : NULL; 157 158 /* libqos doesn't have a function for this, so free it manually */ 159 g_free(dev); 160 qpci_free_pc(pcibus); 161 } 162 163 /* Free all memory in-use by the AHCI device. */ 164 void ahci_clean_mem(AHCIQState *ahci) 165 { 166 uint8_t port, slot; 167 168 for (port = 0; port < 32; ++port) { 169 if (ahci->port[port].fb) { 170 ahci_free(ahci, ahci->port[port].fb); 171 ahci->port[port].fb = 0; 172 } 173 if (ahci->port[port].clb) { 174 for (slot = 0; slot < 32; slot++) { 175 ahci_destroy_command(ahci, port, slot); 176 } 177 ahci_free(ahci, ahci->port[port].clb); 178 ahci->port[port].clb = 0; 179 } 180 } 181 } 182 183 /*** Logical Device Initialization ***/ 184 185 /** 186 * Start the PCI device and sanity-check default operation. 187 */ 188 void ahci_pci_enable(AHCIQState *ahci) 189 { 190 uint8_t reg; 191 192 start_ahci_device(ahci); 193 194 switch (ahci->fingerprint) { 195 case AHCI_INTEL_ICH9: 196 /* ICH9 has a register at PCI 0x92 that 197 * acts as a master port enabler mask. */ 198 reg = qpci_config_readb(ahci->dev, 0x92); 199 reg |= 0x3F; 200 qpci_config_writeb(ahci->dev, 0x92, reg); 201 /* 0...0111111b -- bit significant, ports 0-5 enabled. */ 202 ASSERT_BIT_SET(qpci_config_readb(ahci->dev, 0x92), 0x3F); 203 break; 204 } 205 206 } 207 208 /** 209 * Map BAR5/ABAR, and engage the PCI device. 210 */ 211 void start_ahci_device(AHCIQState *ahci) 212 { 213 /* Map AHCI's ABAR (BAR5) */ 214 ahci->hba_bar = qpci_iomap(ahci->dev, 5, &ahci->barsize); 215 216 /* turns on pci.cmd.iose, pci.cmd.mse and pci.cmd.bme */ 217 qpci_device_enable(ahci->dev); 218 } 219 220 /** 221 * Test and initialize the AHCI's HBA memory areas. 222 * Initialize and start any ports with devices attached. 223 * Bring the HBA into the idle state. 224 */ 225 void ahci_hba_enable(AHCIQState *ahci) 226 { 227 /* Bits of interest in this section: 228 * GHC.AE Global Host Control / AHCI Enable 229 * PxCMD.ST Port Command: Start 230 * PxCMD.SUD "Spin Up Device" 231 * PxCMD.POD "Power On Device" 232 * PxCMD.FRE "FIS Receive Enable" 233 * PxCMD.FR "FIS Receive Running" 234 * PxCMD.CR "Command List Running" 235 */ 236 uint32_t reg, ports_impl; 237 uint16_t i; 238 uint8_t num_cmd_slots; 239 240 g_assert(ahci != NULL); 241 242 /* Set GHC.AE to 1 */ 243 ahci_set(ahci, AHCI_GHC, AHCI_GHC_AE); 244 reg = ahci_rreg(ahci, AHCI_GHC); 245 ASSERT_BIT_SET(reg, AHCI_GHC_AE); 246 247 /* Cache CAP and CAP2. */ 248 ahci->cap = ahci_rreg(ahci, AHCI_CAP); 249 ahci->cap2 = ahci_rreg(ahci, AHCI_CAP2); 250 251 /* Read CAP.NCS, how many command slots do we have? */ 252 num_cmd_slots = ((ahci->cap & AHCI_CAP_NCS) >> ctzl(AHCI_CAP_NCS)) + 1; 253 g_test_message("Number of Command Slots: %u", num_cmd_slots); 254 255 /* Determine which ports are implemented. */ 256 ports_impl = ahci_rreg(ahci, AHCI_PI); 257 258 for (i = 0; ports_impl; ports_impl >>= 1, ++i) { 259 if (!(ports_impl & 0x01)) { 260 continue; 261 } 262 263 g_test_message("Initializing port %u", i); 264 265 reg = ahci_px_rreg(ahci, i, AHCI_PX_CMD); 266 if (BITCLR(reg, AHCI_PX_CMD_ST | AHCI_PX_CMD_CR | 267 AHCI_PX_CMD_FRE | AHCI_PX_CMD_FR)) { 268 g_test_message("port is idle"); 269 } else { 270 g_test_message("port needs to be idled"); 271 ahci_px_clr(ahci, i, AHCI_PX_CMD, 272 (AHCI_PX_CMD_ST | AHCI_PX_CMD_FRE)); 273 /* The port has 500ms to disengage. */ 274 usleep(500000); 275 reg = ahci_px_rreg(ahci, i, AHCI_PX_CMD); 276 ASSERT_BIT_CLEAR(reg, AHCI_PX_CMD_CR); 277 ASSERT_BIT_CLEAR(reg, AHCI_PX_CMD_FR); 278 g_test_message("port is now idle"); 279 /* The spec does allow for possibly needing a PORT RESET 280 * or HBA reset if we fail to idle the port. */ 281 } 282 283 /* Allocate Memory for the Command List Buffer & FIS Buffer */ 284 /* PxCLB space ... 0x20 per command, as in 4.2.2 p 36 */ 285 ahci->port[i].clb = ahci_alloc(ahci, num_cmd_slots * 0x20); 286 qtest_memset(ahci->parent->qts, ahci->port[i].clb, 0x00, 287 num_cmd_slots * 0x20); 288 g_test_message("CLB: 0x%08" PRIx64, ahci->port[i].clb); 289 ahci_px_wreg(ahci, i, AHCI_PX_CLB, ahci->port[i].clb); 290 g_assert_cmphex(ahci->port[i].clb, ==, 291 ahci_px_rreg(ahci, i, AHCI_PX_CLB)); 292 293 /* PxFB space ... 0x100, as in 4.2.1 p 35 */ 294 ahci->port[i].fb = ahci_alloc(ahci, 0x100); 295 qtest_memset(ahci->parent->qts, ahci->port[i].fb, 0x00, 0x100); 296 g_test_message("FB: 0x%08" PRIx64, ahci->port[i].fb); 297 ahci_px_wreg(ahci, i, AHCI_PX_FB, ahci->port[i].fb); 298 g_assert_cmphex(ahci->port[i].fb, ==, 299 ahci_px_rreg(ahci, i, AHCI_PX_FB)); 300 301 /* Clear PxSERR, PxIS, then IS.IPS[x] by writing '1's. */ 302 ahci_px_wreg(ahci, i, AHCI_PX_SERR, 0xFFFFFFFF); 303 ahci_px_wreg(ahci, i, AHCI_PX_IS, 0xFFFFFFFF); 304 ahci_wreg(ahci, AHCI_IS, (1 << i)); 305 306 /* Verify Interrupts Cleared */ 307 reg = ahci_px_rreg(ahci, i, AHCI_PX_SERR); 308 g_assert_cmphex(reg, ==, 0); 309 310 reg = ahci_px_rreg(ahci, i, AHCI_PX_IS); 311 g_assert_cmphex(reg, ==, 0); 312 313 reg = ahci_rreg(ahci, AHCI_IS); 314 ASSERT_BIT_CLEAR(reg, (1 << i)); 315 316 /* Enable All Interrupts: */ 317 ahci_px_wreg(ahci, i, AHCI_PX_IE, 0xFFFFFFFF); 318 reg = ahci_px_rreg(ahci, i, AHCI_PX_IE); 319 g_assert_cmphex(reg, ==, ~((uint32_t)AHCI_PX_IE_RESERVED)); 320 321 /* Enable the FIS Receive Engine. */ 322 ahci_px_set(ahci, i, AHCI_PX_CMD, AHCI_PX_CMD_FRE); 323 reg = ahci_px_rreg(ahci, i, AHCI_PX_CMD); 324 ASSERT_BIT_SET(reg, AHCI_PX_CMD_FR); 325 326 /* AHCI 1.3 spec: if !STS.BSY, !STS.DRQ and PxSSTS.DET indicates 327 * physical presence, a device is present and may be started. However, 328 * PxSERR.DIAG.X /may/ need to be cleared a priori. */ 329 reg = ahci_px_rreg(ahci, i, AHCI_PX_SERR); 330 if (BITSET(reg, AHCI_PX_SERR_DIAG_X)) { 331 ahci_px_set(ahci, i, AHCI_PX_SERR, AHCI_PX_SERR_DIAG_X); 332 } 333 334 reg = ahci_px_rreg(ahci, i, AHCI_PX_TFD); 335 if (BITCLR(reg, AHCI_PX_TFD_STS_BSY | AHCI_PX_TFD_STS_DRQ)) { 336 reg = ahci_px_rreg(ahci, i, AHCI_PX_SSTS); 337 if ((reg & AHCI_PX_SSTS_DET) == SSTS_DET_ESTABLISHED) { 338 /* Device Found: set PxCMD.ST := 1 */ 339 ahci_px_set(ahci, i, AHCI_PX_CMD, AHCI_PX_CMD_ST); 340 ASSERT_BIT_SET(ahci_px_rreg(ahci, i, AHCI_PX_CMD), 341 AHCI_PX_CMD_CR); 342 g_test_message("Started Device %u", i); 343 } else if ((reg & AHCI_PX_SSTS_DET)) { 344 /* Device present, but in some unknown state. */ 345 g_assert_not_reached(); 346 } 347 } 348 } 349 350 /* Enable GHC.IE */ 351 ahci_set(ahci, AHCI_GHC, AHCI_GHC_IE); 352 reg = ahci_rreg(ahci, AHCI_GHC); 353 ASSERT_BIT_SET(reg, AHCI_GHC_IE); 354 355 ahci->enabled = true; 356 /* TODO: The device should now be idling and waiting for commands. 357 * In the future, a small test-case to inspect the Register D2H FIS 358 * and clear the initial interrupts might be good. */ 359 } 360 361 /** 362 * Pick the first implemented and running port 363 */ 364 unsigned ahci_port_select(AHCIQState *ahci) 365 { 366 uint32_t ports, reg; 367 unsigned i; 368 369 ports = ahci_rreg(ahci, AHCI_PI); 370 for (i = 0; i < 32; ports >>= 1, ++i) { 371 if (ports == 0) { 372 i = 32; 373 } 374 375 if (!(ports & 0x01)) { 376 continue; 377 } 378 379 reg = ahci_px_rreg(ahci, i, AHCI_PX_CMD); 380 if (BITSET(reg, AHCI_PX_CMD_ST)) { 381 break; 382 } 383 } 384 g_assert(i < 32); 385 return i; 386 } 387 388 /** 389 * Clear a port's interrupts and status information prior to a test. 390 */ 391 void ahci_port_clear(AHCIQState *ahci, uint8_t port) 392 { 393 uint32_t reg; 394 395 /* Clear out this port's interrupts (ignore the init register d2h fis) */ 396 reg = ahci_px_rreg(ahci, port, AHCI_PX_IS); 397 ahci_px_wreg(ahci, port, AHCI_PX_IS, reg); 398 g_assert_cmphex(ahci_px_rreg(ahci, port, AHCI_PX_IS), ==, 0); 399 400 /* Wipe the FIS-Receive Buffer */ 401 qtest_memset(ahci->parent->qts, ahci->port[port].fb, 0x00, 0x100); 402 } 403 404 /** 405 * Check a port for errors. 406 */ 407 void ahci_port_check_error(AHCIQState *ahci, AHCICommand *cmd) 408 { 409 uint8_t port = cmd->port; 410 uint32_t reg; 411 412 /* If expecting TF error, ensure that TFES is set. */ 413 if (cmd->errors) { 414 reg = ahci_px_rreg(ahci, port, AHCI_PX_IS); 415 ASSERT_BIT_SET(reg, AHCI_PX_IS_TFES); 416 } else { 417 /* The upper 9 bits of the IS register all indicate errors. */ 418 reg = ahci_px_rreg(ahci, port, AHCI_PX_IS); 419 reg &= ~cmd->interrupts; 420 reg >>= 23; 421 g_assert_cmphex(reg, ==, 0); 422 } 423 424 /* The Sata Error Register should be empty, even when expecting TF error. */ 425 reg = ahci_px_rreg(ahci, port, AHCI_PX_SERR); 426 g_assert_cmphex(reg, ==, 0); 427 428 /* If expecting TF error, and TFES was set, perform error recovery 429 * (see AHCI 1.3 section 6.2.2.1) such that we can send new commands. */ 430 if (cmd->errors) { 431 /* This will clear PxCI. */ 432 ahci_px_clr(ahci, port, AHCI_PX_CMD, AHCI_PX_CMD_ST); 433 434 /* The port has 500ms to disengage. */ 435 usleep(500000); 436 reg = ahci_px_rreg(ahci, port, AHCI_PX_CMD); 437 ASSERT_BIT_CLEAR(reg, AHCI_PX_CMD_CR); 438 439 /* Clear PxIS. */ 440 reg = ahci_px_rreg(ahci, port, AHCI_PX_IS); 441 ahci_px_wreg(ahci, port, AHCI_PX_IS, reg); 442 443 /* Check if we need to perform a COMRESET. 444 * Not implemented right now, as there is no reason why our QEMU model 445 * should need a COMRESET when expecting TF error. */ 446 reg = ahci_px_rreg(ahci, port, AHCI_PX_TFD); 447 ASSERT_BIT_CLEAR(reg, AHCI_PX_TFD_STS_BSY | AHCI_PX_TFD_STS_DRQ); 448 449 /* Enable issuing new commands. */ 450 ahci_px_set(ahci, port, AHCI_PX_CMD, AHCI_PX_CMD_ST); 451 } 452 453 /* The TFD also has two error sections. */ 454 reg = ahci_px_rreg(ahci, port, AHCI_PX_TFD); 455 if (!cmd->errors) { 456 ASSERT_BIT_CLEAR(reg, AHCI_PX_TFD_STS_ERR); 457 } else { 458 ASSERT_BIT_SET(reg, AHCI_PX_TFD_STS_ERR); 459 } 460 ASSERT_BIT_CLEAR(reg, AHCI_PX_TFD_ERR & (~cmd->errors << 8)); 461 ASSERT_BIT_SET(reg, AHCI_PX_TFD_ERR & (cmd->errors << 8)); 462 } 463 464 void ahci_port_check_interrupts(AHCIQState *ahci, AHCICommand *cmd) 465 { 466 uint8_t port = cmd->port; 467 uint32_t reg; 468 469 /* If we expect errors, error handling in ahci_port_check_error() will 470 * already have cleared PxIS, so in that case this function cannot verify 471 * and clear expected interrupts. */ 472 if (cmd->errors) { 473 return; 474 } 475 476 /* Check for expected interrupts */ 477 reg = ahci_px_rreg(ahci, port, AHCI_PX_IS); 478 ASSERT_BIT_SET(reg, cmd->interrupts); 479 480 /* Clear expected interrupts and assert all interrupts now cleared. */ 481 ahci_px_wreg(ahci, port, AHCI_PX_IS, cmd->interrupts); 482 g_assert_cmphex(ahci_px_rreg(ahci, port, AHCI_PX_IS), ==, 0); 483 } 484 485 void ahci_port_check_nonbusy(AHCIQState *ahci, AHCICommand *cmd) 486 { 487 uint8_t slot = cmd->slot; 488 uint8_t port = cmd->port; 489 uint32_t reg; 490 491 /* For NCQ command with error PxSACT bit should still be set. 492 * For NCQ command without error, PxSACT bit should be cleared. 493 * For non-NCQ command, PxSACT bit should always be cleared. */ 494 reg = ahci_px_rreg(ahci, port, AHCI_PX_SACT); 495 if (cmd->props->ncq && cmd->errors) { 496 ASSERT_BIT_SET(reg, (1 << slot)); 497 } else { 498 ASSERT_BIT_CLEAR(reg, (1 << slot)); 499 } 500 501 /* For non-NCQ command with error, PxCI bit should still be set. 502 * For non-NCQ command without error, PxCI bit should be cleared. 503 * For NCQ command without error, PxCI bit should be cleared. 504 * For NCQ command with error, PxCI bit may or may not be cleared. */ 505 reg = ahci_px_rreg(ahci, port, AHCI_PX_CI); 506 if (!cmd->props->ncq && cmd->errors) { 507 ASSERT_BIT_SET(reg, (1 << slot)); 508 } else if (!cmd->errors) { 509 ASSERT_BIT_CLEAR(reg, (1 << slot)); 510 } 511 512 /* And assert that we are generally not busy. */ 513 reg = ahci_px_rreg(ahci, port, AHCI_PX_TFD); 514 ASSERT_BIT_CLEAR(reg, AHCI_PX_TFD_STS_BSY); 515 ASSERT_BIT_CLEAR(reg, AHCI_PX_TFD_STS_DRQ); 516 } 517 518 void ahci_port_check_d2h_sanity(AHCIQState *ahci, uint8_t port, uint8_t slot) 519 { 520 RegD2HFIS *d2h = g_malloc0(0x20); 521 uint32_t reg; 522 523 qtest_memread(ahci->parent->qts, ahci->port[port].fb + 0x40, d2h, 0x20); 524 g_assert_cmphex(d2h->fis_type, ==, 0x34); 525 526 reg = ahci_px_rreg(ahci, port, AHCI_PX_TFD); 527 g_assert_cmphex((reg & AHCI_PX_TFD_ERR) >> 8, ==, d2h->error); 528 g_assert_cmphex((reg & AHCI_PX_TFD_STS), ==, d2h->status); 529 530 g_free(d2h); 531 } 532 533 void ahci_port_check_pio_sanity(AHCIQState *ahci, AHCICommand *cmd) 534 { 535 PIOSetupFIS *pio = g_malloc0(0x20); 536 uint8_t port = cmd->port; 537 538 /* We cannot check the Status or E_Status registers, because 539 * the status may have again changed between the PIO Setup FIS 540 * and the conclusion of the command with the D2H Register FIS. */ 541 qtest_memread(ahci->parent->qts, ahci->port[port].fb + 0x20, pio, 0x20); 542 g_assert_cmphex(pio->fis_type, ==, 0x5f); 543 544 /* Data transferred by PIO will either be: 545 * (1) 12 or 16 bytes for an ATAPI command packet (QEMU always uses 12), or 546 * (2) Actual data from the drive. 547 * If we do both, (2) winds up erasing any evidence of (1). 548 */ 549 if (cmd->props->atapi && (cmd->xbytes == 0 || cmd->props->dma)) { 550 g_assert(le16_to_cpu(pio->tx_count) == 12 || 551 le16_to_cpu(pio->tx_count) == 16); 552 } else { 553 /* The AHCI test suite here does not test any PIO command that specifies 554 * a DRQ block larger than one sector (like 0xC4), so this should always 555 * be one sector or less. */ 556 size_t pio_len = ((cmd->xbytes % cmd->sector_size) ? 557 (cmd->xbytes % cmd->sector_size) : cmd->sector_size); 558 g_assert_cmphex(le16_to_cpu(pio->tx_count), ==, pio_len); 559 } 560 g_free(pio); 561 } 562 563 void ahci_port_check_cmd_sanity(AHCIQState *ahci, AHCICommand *cmd) 564 { 565 AHCICommandHeader cmdh; 566 567 ahci_get_command_header(ahci, cmd->port, cmd->slot, &cmdh); 568 /* Physical Region Descriptor Byte Count is not required to work for NCQ. */ 569 if (!cmd->props->ncq) { 570 g_assert_cmphex(cmd->xbytes, ==, cmdh.prdbc); 571 } 572 } 573 574 /* Get the command in #slot of port #port. */ 575 void ahci_get_command_header(AHCIQState *ahci, uint8_t port, 576 uint8_t slot, AHCICommandHeader *cmd) 577 { 578 uint64_t ba = ahci->port[port].clb; 579 ba += slot * sizeof(AHCICommandHeader); 580 qtest_memread(ahci->parent->qts, ba, cmd, sizeof(AHCICommandHeader)); 581 582 cmd->flags = le16_to_cpu(cmd->flags); 583 cmd->prdtl = le16_to_cpu(cmd->prdtl); 584 cmd->prdbc = le32_to_cpu(cmd->prdbc); 585 cmd->ctba = le64_to_cpu(cmd->ctba); 586 } 587 588 /* Set the command in #slot of port #port. */ 589 void ahci_set_command_header(AHCIQState *ahci, uint8_t port, 590 uint8_t slot, AHCICommandHeader *cmd) 591 { 592 AHCICommandHeader tmp = { .flags = 0 }; 593 uint64_t ba = ahci->port[port].clb; 594 ba += slot * sizeof(AHCICommandHeader); 595 596 tmp.flags = cpu_to_le16(cmd->flags); 597 tmp.prdtl = cpu_to_le16(cmd->prdtl); 598 tmp.prdbc = cpu_to_le32(cmd->prdbc); 599 tmp.ctba = cpu_to_le64(cmd->ctba); 600 601 qtest_memwrite(ahci->parent->qts, ba, &tmp, sizeof(AHCICommandHeader)); 602 } 603 604 void ahci_destroy_command(AHCIQState *ahci, uint8_t port, uint8_t slot) 605 { 606 AHCICommandHeader cmd; 607 608 /* Obtain the Nth Command Header */ 609 ahci_get_command_header(ahci, port, slot, &cmd); 610 if (cmd.ctba == 0) { 611 /* No address in it, so just return -- it's empty. */ 612 goto tidy; 613 } 614 615 /* Free the Table */ 616 ahci_free(ahci, cmd.ctba); 617 618 tidy: 619 /* NULL the header. */ 620 memset(&cmd, 0x00, sizeof(cmd)); 621 ahci_set_command_header(ahci, port, slot, &cmd); 622 ahci->port[port].ctba[slot] = 0; 623 ahci->port[port].prdtl[slot] = 0; 624 } 625 626 void ahci_write_fis(AHCIQState *ahci, AHCICommand *cmd) 627 { 628 RegH2DFIS tmp = cmd->fis; 629 uint64_t addr = cmd->header.ctba; 630 631 /* NCQ commands use exclusively 8 bit fields and needs no adjustment. 632 * Only the count field needs to be adjusted for non-NCQ commands. 633 * The auxiliary FIS fields are defined per-command and are not currently 634 * implemented in ahci.o, but may or may not need to be flipped. */ 635 if (!cmd->props->ncq) { 636 tmp.count = cpu_to_le16(tmp.count); 637 } 638 639 qtest_memwrite(ahci->parent->qts, addr, &tmp, sizeof(tmp)); 640 } 641 642 unsigned ahci_pick_cmd(AHCIQState *ahci, uint8_t port) 643 { 644 unsigned i; 645 unsigned j; 646 uint32_t reg; 647 648 reg = ahci_px_rreg(ahci, port, AHCI_PX_CI); 649 650 /* Pick the least recently used command slot that's available */ 651 for (i = 0; i < 32; ++i) { 652 j = ((ahci->port[port].next + i) % 32); 653 if (reg & (1 << j)) { 654 continue; 655 } 656 ahci_destroy_command(ahci, port, j); 657 ahci->port[port].next = (j + 1) % 32; 658 return j; 659 } 660 661 g_test_message("All command slots were busy."); 662 g_assert_not_reached(); 663 } 664 665 static unsigned size_to_prdtl(unsigned bytes, unsigned bytes_per_prd) 666 { 667 /* Each PRD can describe up to 4MiB */ 668 g_assert_cmphex(bytes_per_prd, <=, 4096 * 1024); 669 g_assert_cmphex(bytes_per_prd & 0x01, ==, 0x00); 670 return (bytes + bytes_per_prd - 1) / bytes_per_prd; 671 } 672 673 const AHCIOpts default_opts = { .size = 0 }; 674 675 /** 676 * ahci_exec: execute a given command on a specific 677 * AHCI port. 678 * 679 * @ahci: The device to send the command to 680 * @port: The port number of the SATA device we wish 681 * to have execute this command 682 * @op: The S/ATA command to execute, or if opts.atapi 683 * is true, the SCSI command code. 684 * @opts: Optional arguments to modify execution behavior. 685 */ 686 void ahci_exec(AHCIQState *ahci, uint8_t port, 687 uint8_t op, const AHCIOpts *opts_in) 688 { 689 AHCICommand *cmd; 690 int rc; 691 AHCIOpts *opts; 692 uint64_t buffer_in; 693 694 opts = g_memdup2((opts_in == NULL ? &default_opts : opts_in), 695 sizeof(AHCIOpts)); 696 697 buffer_in = opts->buffer; 698 699 /* No guest buffer provided, create one. */ 700 if (opts->size && !opts->buffer) { 701 opts->buffer = ahci_alloc(ahci, opts->size); 702 g_assert(opts->buffer); 703 qtest_memset(ahci->parent->qts, opts->buffer, 0x00, opts->size); 704 } 705 706 /* Command creation */ 707 if (opts->atapi) { 708 uint16_t bcl = opts->set_bcl ? opts->bcl : ATAPI_SECTOR_SIZE; 709 cmd = ahci_atapi_command_create(op, bcl, opts->atapi_dma); 710 } else { 711 cmd = ahci_command_create(op); 712 } 713 ahci_command_adjust(cmd, opts->lba, opts->buffer, 714 opts->size, opts->prd_size); 715 716 if (opts->pre_cb) { 717 rc = opts->pre_cb(ahci, cmd, opts); 718 g_assert_cmpint(rc, ==, 0); 719 } 720 721 /* Write command to memory and issue it */ 722 ahci_command_commit(ahci, cmd, port); 723 ahci_command_issue_async(ahci, cmd); 724 if (opts->error) { 725 qtest_qmp_eventwait(ahci->parent->qts, "STOP"); 726 } 727 if (opts->mid_cb) { 728 rc = opts->mid_cb(ahci, cmd, opts); 729 g_assert_cmpint(rc, ==, 0); 730 } 731 if (opts->error) { 732 qtest_qmp_send(ahci->parent->qts, "{'execute':'cont' }"); 733 qtest_qmp_eventwait(ahci->parent->qts, "RESUME"); 734 } 735 736 /* Wait for command to complete and verify sanity */ 737 ahci_command_wait(ahci, cmd); 738 ahci_command_verify(ahci, cmd); 739 if (opts->post_cb) { 740 rc = opts->post_cb(ahci, cmd, opts); 741 g_assert_cmpint(rc, ==, 0); 742 } 743 ahci_command_free(cmd); 744 if (opts->buffer != buffer_in) { 745 ahci_free(ahci, opts->buffer); 746 } 747 g_free(opts); 748 } 749 750 /* Issue a command, expecting it to fail and STOP the VM */ 751 AHCICommand *ahci_guest_io_halt(AHCIQState *ahci, uint8_t port, 752 uint8_t ide_cmd, uint64_t buffer, 753 size_t bufsize, uint64_t sector) 754 { 755 AHCICommand *cmd; 756 757 cmd = ahci_command_create(ide_cmd); 758 ahci_command_adjust(cmd, sector, buffer, bufsize, 0); 759 ahci_command_commit(ahci, cmd, port); 760 ahci_command_issue_async(ahci, cmd); 761 qtest_qmp_eventwait(ahci->parent->qts, "STOP"); 762 763 return cmd; 764 } 765 766 /* Resume a previously failed command and verify/finalize */ 767 void ahci_guest_io_resume(AHCIQState *ahci, AHCICommand *cmd) 768 { 769 /* Complete the command */ 770 qtest_qmp_send(ahci->parent->qts, "{'execute':'cont' }"); 771 qtest_qmp_eventwait(ahci->parent->qts, "RESUME"); 772 ahci_command_wait(ahci, cmd); 773 ahci_command_verify(ahci, cmd); 774 ahci_command_free(cmd); 775 } 776 777 /* Given a guest buffer address, perform an IO operation */ 778 void ahci_guest_io(AHCIQState *ahci, uint8_t port, uint8_t ide_cmd, 779 uint64_t buffer, size_t bufsize, uint64_t sector) 780 { 781 AHCICommand *cmd; 782 cmd = ahci_command_create(ide_cmd); 783 ahci_command_set_buffer(cmd, buffer); 784 ahci_command_set_size(cmd, bufsize); 785 if (sector) { 786 ahci_command_set_offset(cmd, sector); 787 } 788 ahci_command_commit(ahci, cmd, port); 789 ahci_command_issue(ahci, cmd); 790 ahci_command_verify(ahci, cmd); 791 ahci_command_free(cmd); 792 } 793 794 static AHCICommandProp *ahci_command_find(uint8_t command_name) 795 { 796 int i; 797 798 for (i = 0; i < ARRAY_SIZE(ahci_command_properties); i++) { 799 if (ahci_command_properties[i].cmd == command_name) { 800 return &ahci_command_properties[i]; 801 } 802 } 803 804 return NULL; 805 } 806 807 /* Given a HOST buffer, create a buffer address and perform an IO operation. */ 808 void ahci_io(AHCIQState *ahci, uint8_t port, uint8_t ide_cmd, 809 void *buffer, size_t bufsize, uint64_t sector) 810 { 811 uint64_t ptr; 812 AHCICommandProp *props; 813 814 props = ahci_command_find(ide_cmd); 815 g_assert(props); 816 ptr = ahci_alloc(ahci, bufsize); 817 g_assert(!bufsize || ptr); 818 qtest_memset(ahci->parent->qts, ptr, 0x00, bufsize); 819 820 if (bufsize && props->write) { 821 qtest_bufwrite(ahci->parent->qts, ptr, buffer, bufsize); 822 } 823 824 ahci_guest_io(ahci, port, ide_cmd, ptr, bufsize, sector); 825 826 if (bufsize && props->read) { 827 qtest_bufread(ahci->parent->qts, ptr, buffer, bufsize); 828 } 829 830 ahci_free(ahci, ptr); 831 } 832 833 /** 834 * Initializes a basic command header in memory. 835 * We assume that this is for an ATA command using RegH2DFIS. 836 */ 837 static void command_header_init(AHCICommand *cmd) 838 { 839 AHCICommandHeader *hdr = &cmd->header; 840 AHCICommandProp *props = cmd->props; 841 842 hdr->flags = 5; /* RegH2DFIS is 5 DW long. Must be < 32 */ 843 hdr->flags |= CMDH_CLR_BSY; /* Clear the BSY bit when done */ 844 if (props->write) { 845 hdr->flags |= CMDH_WRITE; 846 } 847 if (props->atapi) { 848 hdr->flags |= CMDH_ATAPI; 849 } 850 /* Other flags: PREFETCH, RESET, and BIST */ 851 hdr->prdtl = size_to_prdtl(cmd->xbytes, cmd->prd_size); 852 hdr->prdbc = 0; 853 hdr->ctba = 0; 854 } 855 856 static void command_table_init(AHCICommand *cmd) 857 { 858 RegH2DFIS *fis = &(cmd->fis); 859 uint16_t sect_count = (cmd->xbytes / cmd->sector_size); 860 861 fis->fis_type = REG_H2D_FIS; 862 fis->flags = REG_H2D_FIS_CMD; /* "Command" bit */ 863 fis->command = cmd->name; 864 865 if (cmd->props->ncq) { 866 NCQFIS *ncqfis = (NCQFIS *)fis; 867 /* NCQ is weird and re-uses FIS frames for unrelated data. 868 * See SATA 3.2, 13.6.4.1 READ FPDMA QUEUED for an example. */ 869 ncqfis->sector_low = sect_count & 0xFF; 870 ncqfis->sector_hi = (sect_count >> 8) & 0xFF; 871 ncqfis->device = NCQ_DEVICE_MAGIC; 872 /* Force Unit Access is bit 7 in the device register */ 873 ncqfis->tag = 0; /* bits 3-7 are the NCQ tag */ 874 ncqfis->prio = 0; /* bits 6,7 are a prio tag */ 875 /* RARC bit is bit 0 of TAG field */ 876 } else { 877 fis->feature_low = 0x00; 878 fis->feature_high = 0x00; 879 if (cmd->props->lba28 || cmd->props->lba48) { 880 fis->device = ATA_DEVICE_LBA; 881 } 882 fis->count = (cmd->xbytes / cmd->sector_size); 883 } 884 fis->icc = 0x00; 885 fis->control = 0x00; 886 memset(fis->aux, 0x00, ARRAY_SIZE(fis->aux)); 887 } 888 889 void ahci_command_enable_atapi_dma(AHCICommand *cmd) 890 { 891 RegH2DFIS *fis = &(cmd->fis); 892 g_assert(cmd->props->atapi); 893 fis->feature_low |= 0x01; 894 /* PIO is still used to transfer the ATAPI command */ 895 g_assert(cmd->props->pio); 896 cmd->props->dma = true; 897 /* BUG: We expect the DMA Setup interrupt for DMA commands */ 898 /* cmd->interrupts |= AHCI_PX_IS_DSS; */ 899 } 900 901 AHCICommand *ahci_command_create(uint8_t command_name) 902 { 903 AHCICommandProp *props = ahci_command_find(command_name); 904 AHCICommand *cmd; 905 906 g_assert(props); 907 cmd = g_new0(AHCICommand, 1); 908 g_assert(!(props->dma && props->pio) || props->atapi); 909 g_assert(!(props->lba28 && props->lba48)); 910 g_assert(!(props->read && props->write)); 911 g_assert(!props->size || props->data); 912 g_assert(!props->ncq || props->lba48); 913 914 /* Defaults and book-keeping */ 915 cmd->props = g_memdup2(props, sizeof(AHCICommandProp)); 916 cmd->name = command_name; 917 cmd->xbytes = props->size; 918 cmd->prd_size = 4096; 919 cmd->buffer = 0xabad1dea; 920 cmd->sector_size = props->atapi ? ATAPI_SECTOR_SIZE : AHCI_SECTOR_SIZE; 921 922 if (!cmd->props->ncq) { 923 cmd->interrupts = AHCI_PX_IS_DHRS; 924 } 925 /* BUG: We expect the DPS interrupt for data commands */ 926 /* cmd->interrupts |= props->data ? AHCI_PX_IS_DPS : 0; */ 927 /* BUG: We expect the DMA Setup interrupt for DMA commands */ 928 /* cmd->interrupts |= props->dma ? AHCI_PX_IS_DSS : 0; */ 929 cmd->interrupts |= props->ncq ? AHCI_PX_IS_SDBS : 0; 930 931 command_header_init(cmd); 932 command_table_init(cmd); 933 934 return cmd; 935 } 936 937 AHCICommand *ahci_atapi_command_create(uint8_t scsi_cmd, uint16_t bcl, bool dma) 938 { 939 AHCICommand *cmd = ahci_command_create(CMD_PACKET); 940 cmd->atapi_cmd = g_malloc0(16); 941 cmd->atapi_cmd[0] = scsi_cmd; 942 stw_le_p(&cmd->fis.lba_lo[1], bcl); 943 if (dma) { 944 ahci_command_enable_atapi_dma(cmd); 945 } else { 946 cmd->interrupts |= bcl ? AHCI_PX_IS_PSS : 0; 947 } 948 return cmd; 949 } 950 951 void ahci_atapi_test_ready(AHCIQState *ahci, uint8_t port, 952 bool ready, uint8_t expected_sense) 953 { 954 AHCICommand *cmd = ahci_atapi_command_create(CMD_ATAPI_TEST_UNIT_READY, 0, false); 955 ahci_command_set_size(cmd, 0); 956 if (!ready) { 957 cmd->interrupts |= AHCI_PX_IS_TFES; 958 cmd->errors |= expected_sense << 4; 959 } 960 ahci_command_commit(ahci, cmd, port); 961 ahci_command_issue(ahci, cmd); 962 ahci_command_verify(ahci, cmd); 963 ahci_command_free(cmd); 964 } 965 966 static int copy_buffer(AHCIQState *ahci, AHCICommand *cmd, 967 const AHCIOpts *opts) 968 { 969 unsigned char *rx = opts->opaque; 970 qtest_bufread(ahci->parent->qts, opts->buffer, rx, opts->size); 971 return 0; 972 } 973 974 void ahci_atapi_get_sense(AHCIQState *ahci, uint8_t port, 975 uint8_t *sense, uint8_t *asc) 976 { 977 unsigned char *rx; 978 AHCIOpts opts = { 979 .size = 18, 980 .atapi = true, 981 .post_cb = copy_buffer, 982 }; 983 rx = g_malloc(18); 984 opts.opaque = rx; 985 986 ahci_exec(ahci, port, CMD_ATAPI_REQUEST_SENSE, &opts); 987 988 *sense = rx[2]; 989 *asc = rx[12]; 990 991 g_free(rx); 992 } 993 994 void ahci_atapi_eject(AHCIQState *ahci, uint8_t port) 995 { 996 AHCICommand *cmd = ahci_atapi_command_create(CMD_ATAPI_START_STOP_UNIT, 0, false); 997 ahci_command_set_size(cmd, 0); 998 999 cmd->atapi_cmd[4] = 0x02; /* loej = true */ 1000 ahci_command_commit(ahci, cmd, port); 1001 ahci_command_issue(ahci, cmd); 1002 ahci_command_verify(ahci, cmd); 1003 ahci_command_free(cmd); 1004 } 1005 1006 void ahci_atapi_load(AHCIQState *ahci, uint8_t port) 1007 { 1008 AHCICommand *cmd = ahci_atapi_command_create(CMD_ATAPI_START_STOP_UNIT, 0, false); 1009 ahci_command_set_size(cmd, 0); 1010 1011 cmd->atapi_cmd[4] = 0x03; /* loej,start = true */ 1012 ahci_command_commit(ahci, cmd, port); 1013 ahci_command_issue(ahci, cmd); 1014 ahci_command_verify(ahci, cmd); 1015 ahci_command_free(cmd); 1016 } 1017 1018 void ahci_command_free(AHCICommand *cmd) 1019 { 1020 g_free(cmd->atapi_cmd); 1021 g_free(cmd->props); 1022 g_free(cmd); 1023 } 1024 1025 void ahci_command_set_flags(AHCICommand *cmd, uint16_t cmdh_flags) 1026 { 1027 cmd->header.flags |= cmdh_flags; 1028 } 1029 1030 void ahci_command_clr_flags(AHCICommand *cmd, uint16_t cmdh_flags) 1031 { 1032 cmd->header.flags &= ~cmdh_flags; 1033 } 1034 1035 static void ahci_atapi_command_set_offset(AHCICommand *cmd, uint64_t lba) 1036 { 1037 unsigned char *cbd = cmd->atapi_cmd; 1038 g_assert(cbd); 1039 1040 switch (cbd[0]) { 1041 case CMD_ATAPI_READ_10: 1042 case CMD_ATAPI_READ_CD: 1043 g_assert_cmpuint(lba, <=, UINT32_MAX); 1044 stl_be_p(&cbd[2], lba); 1045 break; 1046 case CMD_ATAPI_REQUEST_SENSE: 1047 case CMD_ATAPI_TEST_UNIT_READY: 1048 case CMD_ATAPI_START_STOP_UNIT: 1049 g_assert_cmpuint(lba, ==, 0x00); 1050 break; 1051 default: 1052 /* SCSI doesn't have uniform packet formats, 1053 * so you have to add support for it manually. Sorry! */ 1054 fprintf(stderr, "The Libqos AHCI driver does not support the " 1055 "set_offset operation for ATAPI command 0x%02x, " 1056 "please add support.\n", 1057 cbd[0]); 1058 g_assert_not_reached(); 1059 } 1060 } 1061 1062 void ahci_command_set_offset(AHCICommand *cmd, uint64_t lba_sect) 1063 { 1064 RegH2DFIS *fis = &(cmd->fis); 1065 1066 if (cmd->props->atapi) { 1067 ahci_atapi_command_set_offset(cmd, lba_sect); 1068 return; 1069 } else if (!cmd->props->data && !lba_sect) { 1070 /* Not meaningful, ignore. */ 1071 return; 1072 } else if (cmd->props->lba28) { 1073 g_assert_cmphex(lba_sect, <=, 0xFFFFFFF); 1074 } else if (cmd->props->lba48 || cmd->props->ncq) { 1075 g_assert_cmphex(lba_sect, <=, 0xFFFFFFFFFFFF); 1076 } else { 1077 /* Can't set offset if we don't know the format. */ 1078 g_assert_not_reached(); 1079 } 1080 1081 /* LBA28 uses the low nibble of the device/control register for LBA24:27 */ 1082 fis->lba_lo[0] = (lba_sect & 0xFF); 1083 fis->lba_lo[1] = (lba_sect >> 8) & 0xFF; 1084 fis->lba_lo[2] = (lba_sect >> 16) & 0xFF; 1085 if (cmd->props->lba28) { 1086 fis->device = (fis->device & 0xF0) | ((lba_sect >> 24) & 0x0F); 1087 } 1088 fis->lba_hi[0] = (lba_sect >> 24) & 0xFF; 1089 fis->lba_hi[1] = (lba_sect >> 32) & 0xFF; 1090 fis->lba_hi[2] = (lba_sect >> 40) & 0xFF; 1091 } 1092 1093 void ahci_command_set_buffer(AHCICommand *cmd, uint64_t buffer) 1094 { 1095 cmd->buffer = buffer; 1096 } 1097 1098 static void ahci_atapi_set_size(AHCICommand *cmd, uint64_t xbytes) 1099 { 1100 unsigned char *cbd = cmd->atapi_cmd; 1101 uint64_t nsectors = xbytes / ATAPI_SECTOR_SIZE; 1102 uint32_t tmp; 1103 g_assert(cbd); 1104 1105 switch (cbd[0]) { 1106 case CMD_ATAPI_READ_10: 1107 g_assert_cmpuint(nsectors, <=, UINT16_MAX); 1108 stw_be_p(&cbd[7], nsectors); 1109 break; 1110 case CMD_ATAPI_READ_CD: 1111 /* 24bit BE store */ 1112 g_assert_cmpuint(nsectors, <, 1ULL << 24); 1113 tmp = nsectors; 1114 cbd[6] = (tmp & 0xFF0000) >> 16; 1115 cbd[7] = (tmp & 0xFF00) >> 8; 1116 cbd[8] = (tmp & 0xFF); 1117 break; 1118 case CMD_ATAPI_REQUEST_SENSE: 1119 g_assert_cmpuint(xbytes, <=, UINT8_MAX); 1120 cbd[4] = (uint8_t)xbytes; 1121 break; 1122 case CMD_ATAPI_TEST_UNIT_READY: 1123 case CMD_ATAPI_START_STOP_UNIT: 1124 g_assert_cmpuint(xbytes, ==, 0); 1125 break; 1126 default: 1127 /* SCSI doesn't have uniform packet formats, 1128 * so you have to add support for it manually. Sorry! */ 1129 fprintf(stderr, "The Libqos AHCI driver does not support the set_size " 1130 "operation for ATAPI command 0x%02x, please add support.\n", 1131 cbd[0]); 1132 g_assert_not_reached(); 1133 } 1134 } 1135 1136 void ahci_command_set_sizes(AHCICommand *cmd, uint64_t xbytes, 1137 unsigned prd_size) 1138 { 1139 uint16_t sect_count; 1140 1141 /* Each PRD can describe up to 4MiB, and must not be odd. */ 1142 g_assert_cmphex(prd_size, <=, 4096 * 1024); 1143 g_assert_cmphex(prd_size & 0x01, ==, 0x00); 1144 if (prd_size) { 1145 cmd->prd_size = prd_size; 1146 } 1147 cmd->xbytes = xbytes; 1148 sect_count = (cmd->xbytes / cmd->sector_size); 1149 1150 if (cmd->props->ncq) { 1151 NCQFIS *nfis = (NCQFIS *)&(cmd->fis); 1152 nfis->sector_low = sect_count & 0xFF; 1153 nfis->sector_hi = (sect_count >> 8) & 0xFF; 1154 } else if (cmd->props->atapi) { 1155 ahci_atapi_set_size(cmd, xbytes); 1156 } else { 1157 /* For writes, the PIO Setup FIS interrupt only comes from DRQs 1158 * after the first. 1159 */ 1160 if (cmd->props->pio && sect_count > (cmd->props->read ? 0 : 1)) { 1161 cmd->interrupts |= AHCI_PX_IS_PSS; 1162 } 1163 cmd->fis.count = sect_count; 1164 } 1165 cmd->header.prdtl = size_to_prdtl(cmd->xbytes, cmd->prd_size); 1166 } 1167 1168 void ahci_command_set_size(AHCICommand *cmd, uint64_t xbytes) 1169 { 1170 ahci_command_set_sizes(cmd, xbytes, cmd->prd_size); 1171 } 1172 1173 void ahci_command_set_prd_size(AHCICommand *cmd, unsigned prd_size) 1174 { 1175 ahci_command_set_sizes(cmd, cmd->xbytes, prd_size); 1176 } 1177 1178 void ahci_command_adjust(AHCICommand *cmd, uint64_t offset, uint64_t buffer, 1179 uint64_t xbytes, unsigned prd_size) 1180 { 1181 ahci_command_set_sizes(cmd, xbytes, prd_size); 1182 ahci_command_set_buffer(cmd, buffer); 1183 ahci_command_set_offset(cmd, offset); 1184 } 1185 1186 void ahci_command_commit(AHCIQState *ahci, AHCICommand *cmd, uint8_t port) 1187 { 1188 uint16_t i, prdtl; 1189 uint64_t table_size, table_ptr, remaining; 1190 PRD prd; 1191 1192 /* This command is now tied to this port/command slot */ 1193 cmd->port = port; 1194 cmd->slot = ahci_pick_cmd(ahci, port); 1195 1196 if (cmd->props->ncq) { 1197 NCQFIS *nfis = (NCQFIS *)&cmd->fis; 1198 nfis->tag = (cmd->slot << 3) & 0xFC; 1199 } 1200 1201 /* Create a buffer for the command table */ 1202 prdtl = size_to_prdtl(cmd->xbytes, cmd->prd_size); 1203 table_size = CMD_TBL_SIZ(prdtl); 1204 table_ptr = ahci_alloc(ahci, table_size); 1205 g_assert(table_ptr); 1206 /* AHCI 1.3: Must be aligned to 0x80 */ 1207 g_assert((table_ptr & 0x7F) == 0x00); 1208 cmd->header.ctba = table_ptr; 1209 1210 /* Commit the command header (part of the Command List Buffer) */ 1211 ahci_set_command_header(ahci, port, cmd->slot, &(cmd->header)); 1212 /* Now, write the command table (FIS, ACMD, and PRDT) -- FIS first, */ 1213 ahci_write_fis(ahci, cmd); 1214 /* Then ATAPI CMD, if needed */ 1215 if (cmd->props->atapi) { 1216 qtest_memwrite(ahci->parent->qts, table_ptr + 0x40, cmd->atapi_cmd, 16); 1217 } 1218 1219 /* Construct and write the PRDs to the command table */ 1220 g_assert_cmphex(prdtl, ==, cmd->header.prdtl); 1221 remaining = cmd->xbytes; 1222 for (i = 0; i < prdtl; ++i) { 1223 prd.dba = cpu_to_le64(cmd->buffer + (cmd->prd_size * i)); 1224 prd.res = 0; 1225 if (remaining > cmd->prd_size) { 1226 /* Note that byte count is 0-based. */ 1227 prd.dbc = cpu_to_le32(cmd->prd_size - 1); 1228 remaining -= cmd->prd_size; 1229 } else { 1230 /* Again, dbc is 0-based. */ 1231 prd.dbc = cpu_to_le32(remaining - 1); 1232 remaining = 0; 1233 } 1234 prd.dbc |= cpu_to_le32(0x80000000); /* Request DPS Interrupt */ 1235 1236 /* Commit the PRD entry to the Command Table */ 1237 qtest_memwrite(ahci->parent->qts, table_ptr + 0x80 + (i * sizeof(PRD)), 1238 &prd, sizeof(PRD)); 1239 } 1240 1241 /* Bookmark the PRDTL and CTBA values */ 1242 ahci->port[port].ctba[cmd->slot] = table_ptr; 1243 ahci->port[port].prdtl[cmd->slot] = prdtl; 1244 } 1245 1246 void ahci_command_issue_async(AHCIQState *ahci, AHCICommand *cmd) 1247 { 1248 if (cmd->props->ncq) { 1249 ahci_px_wreg(ahci, cmd->port, AHCI_PX_SACT, (1 << cmd->slot)); 1250 } 1251 1252 ahci_px_wreg(ahci, cmd->port, AHCI_PX_CI, (1 << cmd->slot)); 1253 } 1254 1255 void ahci_command_wait(AHCIQState *ahci, AHCICommand *cmd) 1256 { 1257 /* We can't rely on STS_BSY until the command has started processing. 1258 * Therefore, we also use the Command Issue bit as indication of 1259 * a command in-flight. */ 1260 1261 #define RSET(REG, MASK) (BITSET(ahci_px_rreg(ahci, cmd->port, (REG)), (MASK))) 1262 1263 while (!RSET(AHCI_PX_TFD, AHCI_PX_TFD_STS_ERR) && 1264 (RSET(AHCI_PX_TFD, AHCI_PX_TFD_STS_BSY) || 1265 RSET(AHCI_PX_CI, 1 << cmd->slot) || 1266 (cmd->props->ncq && RSET(AHCI_PX_SACT, 1 << cmd->slot)))) { 1267 usleep(50); 1268 } 1269 1270 } 1271 1272 void ahci_command_issue(AHCIQState *ahci, AHCICommand *cmd) 1273 { 1274 ahci_command_issue_async(ahci, cmd); 1275 ahci_command_wait(ahci, cmd); 1276 } 1277 1278 void ahci_command_verify(AHCIQState *ahci, AHCICommand *cmd) 1279 { 1280 uint8_t slot = cmd->slot; 1281 uint8_t port = cmd->port; 1282 1283 ahci_port_check_nonbusy(ahci, cmd); 1284 ahci_port_check_error(ahci, cmd); 1285 ahci_port_check_interrupts(ahci, cmd); 1286 ahci_port_check_cmd_sanity(ahci, cmd); 1287 if (cmd->interrupts & AHCI_PX_IS_DHRS) { 1288 ahci_port_check_d2h_sanity(ahci, port, slot); 1289 } 1290 if (cmd->props->pio) { 1291 ahci_port_check_pio_sanity(ahci, cmd); 1292 } 1293 } 1294 1295 uint8_t ahci_command_slot(AHCICommand *cmd) 1296 { 1297 return cmd->slot; 1298 } 1299