[PATCH v2] hw/ide/piix: properly initialize the BMIBA register

qemu-devel.nongnu.org archive mirror
 help / color / mirror / Atom feed

From: Olaf Hering <olaf@aepfle.de>
To: "Philippe Mathieu-Daudé" <philmd@linaro.org>,
	"Richard Henderson" <richard.henderson@linaro.org>,
	"Kevin Wolf" <kwolf@redhat.com>,
	"Lev Kujawski" <lkujaw@member.fsf.org>,
	qemu-block@nongnu.org, qemu-devel@nongnu.org
Cc: John Snow <jsnow@redhat.com>
Subject: [PATCH v2] hw/ide/piix: properly initialize the BMIBA register
Date: Sat,  1 Jul 2023 19:46:59 +0200	[thread overview]
Message-ID: <20230701174659.10246-1-olaf@aepfle.de> (raw)

According to the 82371FB documentation (82371FB.pdf, 2.3.9. BMIBA—BUS
MASTER INTERFACE BASE ADDRESS REGISTER, April 1997), the register is
32bit wide. To properly reset it to default values, all 32bit need to be
cleared. Bit #0 "Resource Type Indicator (RTE)" needs to be enabled.

The initial change wrote just the lower 8 bit, leaving parts of the "Bus
Master Interface Base Address" address at bit 15:4 unchanged.

This bug went unnoticed until commit ee358e919e38 ("hw/ide/piix: Convert
reset handler to DeviceReset"). After this change, piix_ide_reset is
exercised after the "unplug" command from a Xen HVM domU, which was not
the case prior that commit. This function resets the command register.
As a result the ata_piix driver inside the domU will see a disabled PCI
device. The generic PCI code will reenable the PCI device. On the qemu
side, this runs pci_default_write_config/pci_update_mappings. Here a
changed address is returned by pci_bar_address, this is the address
which was truncated in piix_ide_reset. In case of a Xen HVM domU, the
address changes from 0xc120 to 0xc100.

While the unplug is supposed to hide the IDE disks, the changed BMIBA
address breaks the UHCI device. In case the domU has an USB tablet
configured, to recive absolute pointer coordinates for the GUI, it will
cause a hang during device discovery of the partly discovered USB hid
device. Reading the USBSTS word size register will fail. The access ends
up in the QEMU piix-bmdma device, instead of the expected uhci device.
Here a byte size request is expected, and a value of ~0 is returned. As
a result the UCHI driver sees an error state in the register, and turns
off the UHCI controller.

Fixes: e6a71ae327 ("Add support for 82371FB (Step A1) and Improved support for 82371SB (Function 1)")

Signed-off-by: Olaf Hering <olaf@aepfle.de>
---
 hw/ide/piix.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hw/ide/piix.c b/hw/ide/piix.c
index 41d60921e3..1e346b1b1d 100644
--- a/hw/ide/piix.c
+++ b/hw/ide/piix.c
@@ -118,7 +118,7 @@ static void piix_ide_reset(DeviceState *dev)
     pci_set_word(pci_conf + PCI_COMMAND, 0x0000);
     pci_set_word(pci_conf + PCI_STATUS,
                  PCI_STATUS_DEVSEL_MEDIUM | PCI_STATUS_FAST_BACK);
-    pci_set_byte(pci_conf + 0x20, 0x01);  /* BMIBA: 20-23h */
+    pci_set_long(pci_conf + 0x20, 0x01);  /* BMIBA: 20-23h */
 }

 static bool pci_piix_init_bus(PCIIDEState *d, unsigned i, Error **errp)

base-commit: d145c0da22cde391d8c6672d33146ce306e8bf75

next             reply	other threads:[~2023-07-01 17:47 UTC|newest]

Thread overview: 14+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-07-01 17:46 Olaf Hering [this message]
2023-07-02 22:18 ` [PATCH v2] hw/ide/piix: properly initialize the BMIBA register Bernhard Beschow
2023-07-03  7:59   ` Olaf Hering
2023-07-03 20:33     ` Bernhard Beschow
2023-07-04  6:38       ` Paolo Bonzini
2023-07-05 10:01         ` Olaf Hering
2023-07-05 21:52           ` Bernhard Beschow
2023-07-11  9:11             ` Olaf Hering
2023-07-11 19:06               ` Bernhard Beschow
2023-07-17  8:46           ` Bernhard Beschow
2023-07-17  8:52             ` Olaf Hering
2023-07-17 11:03             ` Olaf Hering
2023-07-17 18:55               ` Bernhard Beschow
2023-07-11 19:04 ` Bernhard Beschow

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:41d60921e dfblob:1e346b1b1 )
 OR (
bs:"[PATCH v2] hw/ide/piix: properly initialize the BMIBA register" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20230701174659.10246-1-olaf@aepfle.de \
    --to=olaf@aepfle.de \
    --cc=jsnow@redhat.com \
    --cc=kwolf@redhat.com \
    --cc=lkujaw@member.fsf.org \
    --cc=philmd@linaro.org \
    --cc=qemu-block@nongnu.org \
    --cc=qemu-devel@nongnu.org \
    --cc=richard.henderson@linaro.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).