* [Qemu-devel] [PATCH 01/13] ide: split ide command interpretation off
2010-12-08 12:13 [Qemu-devel] [PATCH 00/13] AHCI emulation support v8 Alexander Graf
@ 2010-12-08 12:13 ` Alexander Graf
2010-12-08 13:31 ` [Qemu-devel] " Stefan Hajnoczi
2010-12-08 12:13 ` [Qemu-devel] [PATCH 02/13] ide: fix whitespace gap in ide_exec_cmd Alexander Graf
` (11 subsequent siblings)
12 siblings, 1 reply; 29+ messages in thread
From: Alexander Graf @ 2010-12-08 12:13 UTC (permalink / raw)
To: QEMU-devel Developers
Cc: Kevin Wolf, Joerg Roedel, Paul Brook, Blue Swirl, Gerd Hoffmann,
Stefan Hajnoczi, tj, Roland Elek, Sebastian Herbszt
The ATA command interpretation code can be used for PATA and SATA
interfaces alike. So let's split it out into a separate function.
Signed-off-by: Alexander Graf <agraf@suse.de>
---
v6 -> v7:
- use bus instead of opaque (stefanha)
---
hw/ide/core.c | 20 ++++++++++++++------
hw/ide/internal.h | 2 ++
2 files changed, 16 insertions(+), 6 deletions(-)
diff --git a/hw/ide/core.c b/hw/ide/core.c
index 430350f..ac4ee71 100644
--- a/hw/ide/core.c
+++ b/hw/ide/core.c
@@ -1791,9 +1791,6 @@ static void ide_clear_hob(IDEBus *bus)
void ide_ioport_write(void *opaque, uint32_t addr, uint32_t val)
{
IDEBus *bus = opaque;
- IDEState *s;
- int n;
- int lba48 = 0;
#ifdef DEBUG_IDE
printf("IDE: write addr=0x%x val=0x%02x\n", addr, val);
@@ -1854,17 +1851,29 @@ void ide_ioport_write(void *opaque, uint32_t addr, uint32_t val)
default:
case 7:
/* command */
+ ide_exec_cmd(bus, val);
+ break;
+ }
+}
+
+
+void ide_exec_cmd(IDEBus *bus, uint32_t val)
+{
+ IDEState *s;
+ int n;
+ int lba48 = 0;
+
#if defined(DEBUG_IDE)
printf("ide: CMD=%02x\n", val);
#endif
s = idebus_active_if(bus);
/* ignore commands to non existant slave */
if (s != bus->ifs && !s->bs)
- break;
+ return;
/* Only DEVICE RESET is allowed while BSY or/and DRQ are set */
if ((s->status & (BUSY_STAT|DRQ_STAT)) && val != WIN_DEVICE_RESET)
- break;
+ return;
switch(val) {
case WIN_IDENTIFY:
@@ -2355,7 +2364,6 @@ void ide_ioport_write(void *opaque, uint32_t addr, uint32_t val)
ide_set_irq(s->bus);
break;
}
- }
}
uint32_t ide_ioport_read(void *opaque, uint32_t addr1)
diff --git a/hw/ide/internal.h b/hw/ide/internal.h
index 85f4a16..8617b87 100644
--- a/hw/ide/internal.h
+++ b/hw/ide/internal.h
@@ -566,6 +566,8 @@ void ide_init2_with_non_qdev_drives(IDEBus *bus, DriveInfo *hd0,
DriveInfo *hd1, qemu_irq irq);
void ide_init_ioport(IDEBus *bus, int iobase, int iobase2);
+void ide_exec_cmd(IDEBus *bus, uint32_t val);
+
/* hw/ide/qdev.c */
void ide_bus_new(IDEBus *idebus, DeviceState *dev);
IDEDevice *ide_create_drive(IDEBus *bus, int unit, DriveInfo *drive);
--
1.6.0.2
^ permalink raw reply related [flat|nested] 29+ messages in thread* [Qemu-devel] Re: [PATCH 01/13] ide: split ide command interpretation off
2010-12-08 12:13 ` [Qemu-devel] [PATCH 01/13] ide: split ide command interpretation off Alexander Graf
@ 2010-12-08 13:31 ` Stefan Hajnoczi
0 siblings, 0 replies; 29+ messages in thread
From: Stefan Hajnoczi @ 2010-12-08 13:31 UTC (permalink / raw)
To: Alexander Graf
Cc: Kevin Wolf, Joerg Roedel, Paul Brook, QEMU-devel Developers,
Blue Swirl, Gerd Hoffmann, tj, Roland Elek, Sebastian Herbszt
On Wed, Dec 8, 2010 at 12:13 PM, Alexander Graf <agraf@suse.de> wrote:
> The ATA command interpretation code can be used for PATA and SATA
> interfaces alike. So let's split it out into a separate function.
>
> Signed-off-by: Alexander Graf <agraf@suse.de>
>
> ---
>
> v6 -> v7:
>
> - use bus instead of opaque (stefanha)
> ---
> hw/ide/core.c | 20 ++++++++++++++------
> hw/ide/internal.h | 2 ++
> 2 files changed, 16 insertions(+), 6 deletions(-)
Reviewed-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
^ permalink raw reply [flat|nested] 29+ messages in thread
* [Qemu-devel] [PATCH 02/13] ide: fix whitespace gap in ide_exec_cmd
2010-12-08 12:13 [Qemu-devel] [PATCH 00/13] AHCI emulation support v8 Alexander Graf
2010-12-08 12:13 ` [Qemu-devel] [PATCH 01/13] ide: split ide command interpretation off Alexander Graf
@ 2010-12-08 12:13 ` Alexander Graf
2010-12-08 13:32 ` [Qemu-devel] " Stefan Hajnoczi
2010-12-08 14:59 ` Kevin Wolf
2010-12-08 12:13 ` [Qemu-devel] [PATCH 03/13] ide: Split out BMDMA code from ATA core Alexander Graf
` (10 subsequent siblings)
12 siblings, 2 replies; 29+ messages in thread
From: Alexander Graf @ 2010-12-08 12:13 UTC (permalink / raw)
To: QEMU-devel Developers
Cc: Kevin Wolf, Joerg Roedel, Paul Brook, Blue Swirl, Gerd Hoffmann,
Stefan Hajnoczi, tj, Roland Elek, Sebastian Herbszt
Now that we have the function split out, we have to reindent it.
In order to increase the readability of the actual functional change,
this is split out.
Signed-off-by: Alexander Graf <agraf@suse.de>
---
hw/ide/core.c | 734 ++++++++++++++++++++++++++++----------------------------
1 files changed, 367 insertions(+), 367 deletions(-)
diff --git a/hw/ide/core.c b/hw/ide/core.c
index ac4ee71..5e2fcbd 100644
--- a/hw/ide/core.c
+++ b/hw/ide/core.c
@@ -1864,423 +1864,423 @@ void ide_exec_cmd(IDEBus *bus, uint32_t val)
int lba48 = 0;
#if defined(DEBUG_IDE)
- printf("ide: CMD=%02x\n", val);
+ printf("ide: CMD=%02x\n", val);
#endif
- s = idebus_active_if(bus);
- /* ignore commands to non existant slave */
- if (s != bus->ifs && !s->bs)
- return;
+ s = idebus_active_if(bus);
+ /* ignore commands to non existant slave */
+ if (s != bus->ifs && !s->bs)
+ return;
- /* Only DEVICE RESET is allowed while BSY or/and DRQ are set */
- if ((s->status & (BUSY_STAT|DRQ_STAT)) && val != WIN_DEVICE_RESET)
- return;
+ /* Only DEVICE RESET is allowed while BSY or/and DRQ are set */
+ if ((s->status & (BUSY_STAT|DRQ_STAT)) && val != WIN_DEVICE_RESET)
+ return;
- switch(val) {
- case WIN_IDENTIFY:
- if (s->bs && s->drive_kind != IDE_CD) {
- if (s->drive_kind != IDE_CFATA)
- ide_identify(s);
- else
- ide_cfata_identify(s);
- s->status = READY_STAT | SEEK_STAT;
- ide_transfer_start(s, s->io_buffer, 512, ide_transfer_stop);
- } else {
- if (s->drive_kind == IDE_CD) {
- ide_set_signature(s);
- }
- ide_abort_command(s);
- }
- ide_set_irq(s->bus);
- break;
- case WIN_SPECIFY:
- case WIN_RECAL:
- s->error = 0;
+ switch(val) {
+ case WIN_IDENTIFY:
+ if (s->bs && s->drive_kind != IDE_CD) {
+ if (s->drive_kind != IDE_CFATA)
+ ide_identify(s);
+ else
+ ide_cfata_identify(s);
s->status = READY_STAT | SEEK_STAT;
- ide_set_irq(s->bus);
- break;
- case WIN_SETMULT:
- if (s->drive_kind == IDE_CFATA && s->nsector == 0) {
- /* Disable Read and Write Multiple */
- s->mult_sectors = 0;
- s->status = READY_STAT | SEEK_STAT;
- } else if ((s->nsector & 0xff) != 0 &&
- ((s->nsector & 0xff) > MAX_MULT_SECTORS ||
- (s->nsector & (s->nsector - 1)) != 0)) {
- ide_abort_command(s);
- } else {
- s->mult_sectors = s->nsector & 0xff;
- s->status = READY_STAT | SEEK_STAT;
+ ide_transfer_start(s, s->io_buffer, 512, ide_transfer_stop);
+ } else {
+ if (s->drive_kind == IDE_CD) {
+ ide_set_signature(s);
}
- ide_set_irq(s->bus);
- break;
- case WIN_VERIFY_EXT:
- lba48 = 1;
- case WIN_VERIFY:
- case WIN_VERIFY_ONCE:
- /* do sector number check ? */
- ide_cmd_lba48_transform(s, lba48);
+ ide_abort_command(s);
+ }
+ ide_set_irq(s->bus);
+ break;
+ case WIN_SPECIFY:
+ case WIN_RECAL:
+ s->error = 0;
+ s->status = READY_STAT | SEEK_STAT;
+ ide_set_irq(s->bus);
+ break;
+ case WIN_SETMULT:
+ if (s->drive_kind == IDE_CFATA && s->nsector == 0) {
+ /* Disable Read and Write Multiple */
+ s->mult_sectors = 0;
s->status = READY_STAT | SEEK_STAT;
- ide_set_irq(s->bus);
- break;
+ } else if ((s->nsector & 0xff) != 0 &&
+ ((s->nsector & 0xff) > MAX_MULT_SECTORS ||
+ (s->nsector & (s->nsector - 1)) != 0)) {
+ ide_abort_command(s);
+ } else {
+ s->mult_sectors = s->nsector & 0xff;
+ s->status = READY_STAT | SEEK_STAT;
+ }
+ ide_set_irq(s->bus);
+ break;
+ case WIN_VERIFY_EXT:
+ lba48 = 1;
+ case WIN_VERIFY:
+ case WIN_VERIFY_ONCE:
+ /* do sector number check ? */
+ ide_cmd_lba48_transform(s, lba48);
+ s->status = READY_STAT | SEEK_STAT;
+ ide_set_irq(s->bus);
+ break;
case WIN_READ_EXT:
- lba48 = 1;
- case WIN_READ:
- case WIN_READ_ONCE:
- if (!s->bs)
- goto abort_cmd;
- ide_cmd_lba48_transform(s, lba48);
- s->req_nb_sectors = 1;
- ide_sector_read(s);
- break;
+ lba48 = 1;
+ case WIN_READ:
+ case WIN_READ_ONCE:
+ if (!s->bs)
+ goto abort_cmd;
+ ide_cmd_lba48_transform(s, lba48);
+ s->req_nb_sectors = 1;
+ ide_sector_read(s);
+ break;
case WIN_WRITE_EXT:
- lba48 = 1;
- case WIN_WRITE:
- case WIN_WRITE_ONCE:
- case CFA_WRITE_SECT_WO_ERASE:
- case WIN_WRITE_VERIFY:
- ide_cmd_lba48_transform(s, lba48);
- s->error = 0;
- s->status = SEEK_STAT | READY_STAT;
- s->req_nb_sectors = 1;
- ide_transfer_start(s, s->io_buffer, 512, ide_sector_write);
- s->media_changed = 1;
- break;
+ lba48 = 1;
+ case WIN_WRITE:
+ case WIN_WRITE_ONCE:
+ case CFA_WRITE_SECT_WO_ERASE:
+ case WIN_WRITE_VERIFY:
+ ide_cmd_lba48_transform(s, lba48);
+ s->error = 0;
+ s->status = SEEK_STAT | READY_STAT;
+ s->req_nb_sectors = 1;
+ ide_transfer_start(s, s->io_buffer, 512, ide_sector_write);
+ s->media_changed = 1;
+ break;
case WIN_MULTREAD_EXT:
- lba48 = 1;
- case WIN_MULTREAD:
- if (!s->mult_sectors)
- goto abort_cmd;
- ide_cmd_lba48_transform(s, lba48);
- s->req_nb_sectors = s->mult_sectors;
- ide_sector_read(s);
- break;
- case WIN_MULTWRITE_EXT:
- lba48 = 1;
- case WIN_MULTWRITE:
- case CFA_WRITE_MULTI_WO_ERASE:
- if (!s->mult_sectors)
- goto abort_cmd;
- ide_cmd_lba48_transform(s, lba48);
- s->error = 0;
- s->status = SEEK_STAT | READY_STAT;
- s->req_nb_sectors = s->mult_sectors;
- n = s->nsector;
- if (n > s->req_nb_sectors)
- n = s->req_nb_sectors;
- ide_transfer_start(s, s->io_buffer, 512 * n, ide_sector_write);
- s->media_changed = 1;
- break;
+ lba48 = 1;
+ case WIN_MULTREAD:
+ if (!s->mult_sectors)
+ goto abort_cmd;
+ ide_cmd_lba48_transform(s, lba48);
+ s->req_nb_sectors = s->mult_sectors;
+ ide_sector_read(s);
+ break;
+ case WIN_MULTWRITE_EXT:
+ lba48 = 1;
+ case WIN_MULTWRITE:
+ case CFA_WRITE_MULTI_WO_ERASE:
+ if (!s->mult_sectors)
+ goto abort_cmd;
+ ide_cmd_lba48_transform(s, lba48);
+ s->error = 0;
+ s->status = SEEK_STAT | READY_STAT;
+ s->req_nb_sectors = s->mult_sectors;
+ n = s->nsector;
+ if (n > s->req_nb_sectors)
+ n = s->req_nb_sectors;
+ ide_transfer_start(s, s->io_buffer, 512 * n, ide_sector_write);
+ s->media_changed = 1;
+ break;
case WIN_READDMA_EXT:
- lba48 = 1;
- case WIN_READDMA:
- case WIN_READDMA_ONCE:
- if (!s->bs)
- goto abort_cmd;
- ide_cmd_lba48_transform(s, lba48);
- ide_sector_read_dma(s);
- break;
+ lba48 = 1;
+ case WIN_READDMA:
+ case WIN_READDMA_ONCE:
+ if (!s->bs)
+ goto abort_cmd;
+ ide_cmd_lba48_transform(s, lba48);
+ ide_sector_read_dma(s);
+ break;
case WIN_WRITEDMA_EXT:
- lba48 = 1;
- case WIN_WRITEDMA:
- case WIN_WRITEDMA_ONCE:
- if (!s->bs)
- goto abort_cmd;
- ide_cmd_lba48_transform(s, lba48);
- ide_sector_write_dma(s);
- s->media_changed = 1;
- break;
- case WIN_READ_NATIVE_MAX_EXT:
- lba48 = 1;
- case WIN_READ_NATIVE_MAX:
- ide_cmd_lba48_transform(s, lba48);
- ide_set_sector(s, s->nb_sectors - 1);
- s->status = READY_STAT | SEEK_STAT;
- ide_set_irq(s->bus);
- break;
- case WIN_CHECKPOWERMODE1:
- case WIN_CHECKPOWERMODE2:
- s->nsector = 0xff; /* device active or idle */
+ lba48 = 1;
+ case WIN_WRITEDMA:
+ case WIN_WRITEDMA_ONCE:
+ if (!s->bs)
+ goto abort_cmd;
+ ide_cmd_lba48_transform(s, lba48);
+ ide_sector_write_dma(s);
+ s->media_changed = 1;
+ break;
+ case WIN_READ_NATIVE_MAX_EXT:
+ lba48 = 1;
+ case WIN_READ_NATIVE_MAX:
+ ide_cmd_lba48_transform(s, lba48);
+ ide_set_sector(s, s->nb_sectors - 1);
+ s->status = READY_STAT | SEEK_STAT;
+ ide_set_irq(s->bus);
+ break;
+ case WIN_CHECKPOWERMODE1:
+ case WIN_CHECKPOWERMODE2:
+ s->nsector = 0xff; /* device active or idle */
+ s->status = READY_STAT | SEEK_STAT;
+ ide_set_irq(s->bus);
+ break;
+ case WIN_SETFEATURES:
+ if (!s->bs)
+ goto abort_cmd;
+ /* XXX: valid for CDROM ? */
+ switch(s->feature) {
+ case 0xcc: /* reverting to power-on defaults enable */
+ case 0x66: /* reverting to power-on defaults disable */
+ case 0x02: /* write cache enable */
+ case 0x82: /* write cache disable */
+ case 0xaa: /* read look-ahead enable */
+ case 0x55: /* read look-ahead disable */
+ case 0x05: /* set advanced power management mode */
+ case 0x85: /* disable advanced power management mode */
+ case 0x69: /* NOP */
+ case 0x67: /* NOP */
+ case 0x96: /* NOP */
+ case 0x9a: /* NOP */
+ case 0x42: /* enable Automatic Acoustic Mode */
+ case 0xc2: /* disable Automatic Acoustic Mode */
s->status = READY_STAT | SEEK_STAT;
ide_set_irq(s->bus);
break;
- case WIN_SETFEATURES:
- if (!s->bs)
- goto abort_cmd;
- /* XXX: valid for CDROM ? */
- switch(s->feature) {
- case 0xcc: /* reverting to power-on defaults enable */
- case 0x66: /* reverting to power-on defaults disable */
- case 0x02: /* write cache enable */
- case 0x82: /* write cache disable */
- case 0xaa: /* read look-ahead enable */
- case 0x55: /* read look-ahead disable */
- case 0x05: /* set advanced power management mode */
- case 0x85: /* disable advanced power management mode */
- case 0x69: /* NOP */
- case 0x67: /* NOP */
- case 0x96: /* NOP */
- case 0x9a: /* NOP */
- case 0x42: /* enable Automatic Acoustic Mode */
- case 0xc2: /* disable Automatic Acoustic Mode */
- s->status = READY_STAT | SEEK_STAT;
- ide_set_irq(s->bus);
- break;
- case 0x03: { /* set transfer mode */
+ case 0x03: { /* set transfer mode */
uint8_t val = s->nsector & 0x07;
- uint16_t *identify_data = (uint16_t *)s->identify_data;
+ uint16_t *identify_data = (uint16_t *)s->identify_data;
switch (s->nsector >> 3) {
- case 0x00: /* pio default */
- case 0x01: /* pio mode */
+ case 0x00: /* pio default */
+ case 0x01: /* pio mode */
put_le16(identify_data + 62,0x07);
put_le16(identify_data + 63,0x07);
put_le16(identify_data + 88,0x3f);
break;
- case 0x02: /* sigle word dma mode*/
+ case 0x02: /* sigle word dma mode*/
put_le16(identify_data + 62,0x07 | (1 << (val + 8)));
put_le16(identify_data + 63,0x07);
put_le16(identify_data + 88,0x3f);
break;
- case 0x04: /* mdma mode */
+ case 0x04: /* mdma mode */
put_le16(identify_data + 62,0x07);
put_le16(identify_data + 63,0x07 | (1 << (val + 8)));
put_le16(identify_data + 88,0x3f);
break;
- case 0x08: /* udma mode */
+ case 0x08: /* udma mode */
put_le16(identify_data + 62,0x07);
put_le16(identify_data + 63,0x07);
put_le16(identify_data + 88,0x3f | (1 << (val + 8)));
break;
- default:
+ default:
goto abort_cmd;
}
- s->status = READY_STAT | SEEK_STAT;
- ide_set_irq(s->bus);
- break;
- }
- default:
- goto abort_cmd;
- }
- break;
- case WIN_FLUSH_CACHE:
- case WIN_FLUSH_CACHE_EXT:
- ide_flush_cache(s);
- break;
- case WIN_STANDBY:
- case WIN_STANDBY2:
- case WIN_STANDBYNOW1:
- case WIN_STANDBYNOW2:
- case WIN_IDLEIMMEDIATE:
- case CFA_IDLEIMMEDIATE:
- case WIN_SETIDLE1:
- case WIN_SETIDLE2:
- case WIN_SLEEPNOW1:
- case WIN_SLEEPNOW2:
- s->status = READY_STAT;
- ide_set_irq(s->bus);
- break;
- case WIN_SEEK:
- if(s->drive_kind == IDE_CD)
- goto abort_cmd;
- /* XXX: Check that seek is within bounds */
s->status = READY_STAT | SEEK_STAT;
ide_set_irq(s->bus);
break;
- /* ATAPI commands */
- case WIN_PIDENTIFY:
- if (s->drive_kind == IDE_CD) {
- ide_atapi_identify(s);
- s->status = READY_STAT | SEEK_STAT;
- ide_transfer_start(s, s->io_buffer, 512, ide_transfer_stop);
- } else {
- ide_abort_command(s);
- }
- ide_set_irq(s->bus);
- break;
- case WIN_DIAGNOSE:
- ide_set_signature(s);
- if (s->drive_kind == IDE_CD)
- s->status = 0; /* ATAPI spec (v6) section 9.10 defines packet
- * devices to return a clear status register
- * with READY_STAT *not* set. */
- else
- s->status = READY_STAT | SEEK_STAT;
- s->error = 0x01; /* Device 0 passed, Device 1 passed or not
- * present.
- */
- ide_set_irq(s->bus);
- break;
- case WIN_SRST:
- if (s->drive_kind != IDE_CD)
- goto abort_cmd;
- ide_set_signature(s);
- s->status = 0x00; /* NOTE: READY is _not_ set */
- s->error = 0x01;
- break;
- case WIN_PACKETCMD:
- if (s->drive_kind != IDE_CD)
- goto abort_cmd;
- /* overlapping commands not supported */
- if (s->feature & 0x02)
- goto abort_cmd;
+ }
+ default:
+ goto abort_cmd;
+ }
+ break;
+ case WIN_FLUSH_CACHE:
+ case WIN_FLUSH_CACHE_EXT:
+ ide_flush_cache(s);
+ break;
+ case WIN_STANDBY:
+ case WIN_STANDBY2:
+ case WIN_STANDBYNOW1:
+ case WIN_STANDBYNOW2:
+ case WIN_IDLEIMMEDIATE:
+ case CFA_IDLEIMMEDIATE:
+ case WIN_SETIDLE1:
+ case WIN_SETIDLE2:
+ case WIN_SLEEPNOW1:
+ case WIN_SLEEPNOW2:
+ s->status = READY_STAT;
+ ide_set_irq(s->bus);
+ break;
+ case WIN_SEEK:
+ if(s->drive_kind == IDE_CD)
+ goto abort_cmd;
+ /* XXX: Check that seek is within bounds */
+ s->status = READY_STAT | SEEK_STAT;
+ ide_set_irq(s->bus);
+ break;
+ /* ATAPI commands */
+ case WIN_PIDENTIFY:
+ if (s->drive_kind == IDE_CD) {
+ ide_atapi_identify(s);
s->status = READY_STAT | SEEK_STAT;
- s->atapi_dma = s->feature & 1;
- s->nsector = 1;
- ide_transfer_start(s, s->io_buffer, ATAPI_PACKET_SIZE,
- ide_atapi_cmd);
- break;
- /* CF-ATA commands */
- case CFA_REQ_EXT_ERROR_CODE:
- if (s->drive_kind != IDE_CFATA)
- goto abort_cmd;
- s->error = 0x09; /* miscellaneous error */
+ ide_transfer_start(s, s->io_buffer, 512, ide_transfer_stop);
+ } else {
+ ide_abort_command(s);
+ }
+ ide_set_irq(s->bus);
+ break;
+ case WIN_DIAGNOSE:
+ ide_set_signature(s);
+ if (s->drive_kind == IDE_CD)
+ s->status = 0; /* ATAPI spec (v6) section 9.10 defines packet
+ * devices to return a clear status register
+ * with READY_STAT *not* set. */
+ else
s->status = READY_STAT | SEEK_STAT;
- ide_set_irq(s->bus);
+ s->error = 0x01; /* Device 0 passed, Device 1 passed or not
+ * present.
+ */
+ ide_set_irq(s->bus);
+ break;
+ case WIN_SRST:
+ if (s->drive_kind != IDE_CD)
+ goto abort_cmd;
+ ide_set_signature(s);
+ s->status = 0x00; /* NOTE: READY is _not_ set */
+ s->error = 0x01;
+ break;
+ case WIN_PACKETCMD:
+ if (s->drive_kind != IDE_CD)
+ goto abort_cmd;
+ /* overlapping commands not supported */
+ if (s->feature & 0x02)
+ goto abort_cmd;
+ s->status = READY_STAT | SEEK_STAT;
+ s->atapi_dma = s->feature & 1;
+ s->nsector = 1;
+ ide_transfer_start(s, s->io_buffer, ATAPI_PACKET_SIZE,
+ ide_atapi_cmd);
+ break;
+ /* CF-ATA commands */
+ case CFA_REQ_EXT_ERROR_CODE:
+ if (s->drive_kind != IDE_CFATA)
+ goto abort_cmd;
+ s->error = 0x09; /* miscellaneous error */
+ s->status = READY_STAT | SEEK_STAT;
+ ide_set_irq(s->bus);
+ break;
+ case CFA_ERASE_SECTORS:
+ case CFA_WEAR_LEVEL:
+ if (s->drive_kind != IDE_CFATA)
+ goto abort_cmd;
+ if (val == CFA_WEAR_LEVEL)
+ s->nsector = 0;
+ if (val == CFA_ERASE_SECTORS)
+ s->media_changed = 1;
+ s->error = 0x00;
+ s->status = READY_STAT | SEEK_STAT;
+ ide_set_irq(s->bus);
+ break;
+ case CFA_TRANSLATE_SECTOR:
+ if (s->drive_kind != IDE_CFATA)
+ goto abort_cmd;
+ s->error = 0x00;
+ s->status = READY_STAT | SEEK_STAT;
+ memset(s->io_buffer, 0, 0x200);
+ s->io_buffer[0x00] = s->hcyl; /* Cyl MSB */
+ s->io_buffer[0x01] = s->lcyl; /* Cyl LSB */
+ s->io_buffer[0x02] = s->select; /* Head */
+ s->io_buffer[0x03] = s->sector; /* Sector */
+ s->io_buffer[0x04] = ide_get_sector(s) >> 16; /* LBA MSB */
+ s->io_buffer[0x05] = ide_get_sector(s) >> 8; /* LBA */
+ s->io_buffer[0x06] = ide_get_sector(s) >> 0; /* LBA LSB */
+ s->io_buffer[0x13] = 0x00; /* Erase flag */
+ s->io_buffer[0x18] = 0x00; /* Hot count */
+ s->io_buffer[0x19] = 0x00; /* Hot count */
+ s->io_buffer[0x1a] = 0x01; /* Hot count */
+ ide_transfer_start(s, s->io_buffer, 0x200, ide_transfer_stop);
+ ide_set_irq(s->bus);
+ break;
+ case CFA_ACCESS_METADATA_STORAGE:
+ if (s->drive_kind != IDE_CFATA)
+ goto abort_cmd;
+ switch (s->feature) {
+ case 0x02: /* Inquiry Metadata Storage */
+ ide_cfata_metadata_inquiry(s);
break;
- case CFA_ERASE_SECTORS:
- case CFA_WEAR_LEVEL:
- if (s->drive_kind != IDE_CFATA)
- goto abort_cmd;
- if (val == CFA_WEAR_LEVEL)
- s->nsector = 0;
- if (val == CFA_ERASE_SECTORS)
- s->media_changed = 1;
- s->error = 0x00;
- s->status = READY_STAT | SEEK_STAT;
- ide_set_irq(s->bus);
+ case 0x03: /* Read Metadata Storage */
+ ide_cfata_metadata_read(s);
break;
- case CFA_TRANSLATE_SECTOR:
- if (s->drive_kind != IDE_CFATA)
- goto abort_cmd;
- s->error = 0x00;
- s->status = READY_STAT | SEEK_STAT;
- memset(s->io_buffer, 0, 0x200);
- s->io_buffer[0x00] = s->hcyl; /* Cyl MSB */
- s->io_buffer[0x01] = s->lcyl; /* Cyl LSB */
- s->io_buffer[0x02] = s->select; /* Head */
- s->io_buffer[0x03] = s->sector; /* Sector */
- s->io_buffer[0x04] = ide_get_sector(s) >> 16; /* LBA MSB */
- s->io_buffer[0x05] = ide_get_sector(s) >> 8; /* LBA */
- s->io_buffer[0x06] = ide_get_sector(s) >> 0; /* LBA LSB */
- s->io_buffer[0x13] = 0x00; /* Erase flag */
- s->io_buffer[0x18] = 0x00; /* Hot count */
- s->io_buffer[0x19] = 0x00; /* Hot count */
- s->io_buffer[0x1a] = 0x01; /* Hot count */
- ide_transfer_start(s, s->io_buffer, 0x200, ide_transfer_stop);
- ide_set_irq(s->bus);
+ case 0x04: /* Write Metadata Storage */
+ ide_cfata_metadata_write(s);
break;
- case CFA_ACCESS_METADATA_STORAGE:
- if (s->drive_kind != IDE_CFATA)
- goto abort_cmd;
- switch (s->feature) {
- case 0x02: /* Inquiry Metadata Storage */
- ide_cfata_metadata_inquiry(s);
- break;
- case 0x03: /* Read Metadata Storage */
- ide_cfata_metadata_read(s);
- break;
- case 0x04: /* Write Metadata Storage */
- ide_cfata_metadata_write(s);
- break;
- default:
- goto abort_cmd;
- }
- ide_transfer_start(s, s->io_buffer, 0x200, ide_transfer_stop);
- s->status = 0x00; /* NOTE: READY is _not_ set */
- ide_set_irq(s->bus);
- break;
- case IBM_SENSE_CONDITION:
- if (s->drive_kind != IDE_CFATA)
- goto abort_cmd;
- switch (s->feature) {
- case 0x01: /* sense temperature in device */
- s->nsector = 0x50; /* +20 C */
- break;
- default:
- goto abort_cmd;
- }
- s->status = READY_STAT | SEEK_STAT;
- ide_set_irq(s->bus);
+ default:
+ goto abort_cmd;
+ }
+ ide_transfer_start(s, s->io_buffer, 0x200, ide_transfer_stop);
+ s->status = 0x00; /* NOTE: READY is _not_ set */
+ ide_set_irq(s->bus);
+ break;
+ case IBM_SENSE_CONDITION:
+ if (s->drive_kind != IDE_CFATA)
+ goto abort_cmd;
+ switch (s->feature) {
+ case 0x01: /* sense temperature in device */
+ s->nsector = 0x50; /* +20 C */
break;
+ default:
+ goto abort_cmd;
+ }
+ s->status = READY_STAT | SEEK_STAT;
+ ide_set_irq(s->bus);
+ break;
case WIN_SMART:
- if (s->drive_kind == IDE_CD)
+ if (s->drive_kind == IDE_CD)
goto abort_cmd;
- if (s->hcyl != 0xc2 || s->lcyl != 0x4f)
+ if (s->hcyl != 0xc2 || s->lcyl != 0x4f)
goto abort_cmd;
- if (!s->smart_enabled && s->feature != SMART_ENABLE)
+ if (!s->smart_enabled && s->feature != SMART_ENABLE)
goto abort_cmd;
- switch (s->feature) {
- case SMART_DISABLE:
+ switch (s->feature) {
+ case SMART_DISABLE:
s->smart_enabled = 0;
s->status = READY_STAT | SEEK_STAT;
ide_set_irq(s->bus);
break;
- case SMART_ENABLE:
+ case SMART_ENABLE:
s->smart_enabled = 1;
s->status = READY_STAT | SEEK_STAT;
ide_set_irq(s->bus);
break;
- case SMART_ATTR_AUTOSAVE:
+ case SMART_ATTR_AUTOSAVE:
switch (s->sector) {
case 0x00:
- s->smart_autosave = 0;
- break;
+ s->smart_autosave = 0;
+ break;
case 0xf1:
- s->smart_autosave = 1;
- break;
+ s->smart_autosave = 1;
+ break;
default:
- goto abort_cmd;
+ goto abort_cmd;
}
s->status = READY_STAT | SEEK_STAT;
ide_set_irq(s->bus);
break;
- case SMART_STATUS:
+ case SMART_STATUS:
if (!s->smart_errors) {
- s->hcyl = 0xc2;
- s->lcyl = 0x4f;
+ s->hcyl = 0xc2;
+ s->lcyl = 0x4f;
} else {
- s->hcyl = 0x2c;
- s->lcyl = 0xf4;
+ s->hcyl = 0x2c;
+ s->lcyl = 0xf4;
}
s->status = READY_STAT | SEEK_STAT;
ide_set_irq(s->bus);
break;
- case SMART_READ_THRESH:
+ case SMART_READ_THRESH:
memset(s->io_buffer, 0, 0x200);
s->io_buffer[0] = 0x01; /* smart struct version */
for (n=0; n<30; n++) {
- if (smart_attributes[n][0] == 0)
+ if (smart_attributes[n][0] == 0)
break;
- s->io_buffer[2+0+(n*12)] = smart_attributes[n][0];
- s->io_buffer[2+1+(n*12)] = smart_attributes[n][4];
+ s->io_buffer[2+0+(n*12)] = smart_attributes[n][0];
+ s->io_buffer[2+1+(n*12)] = smart_attributes[n][4];
}
for (n=0; n<511; n++) /* checksum */
- s->io_buffer[511] += s->io_buffer[n];
+ s->io_buffer[511] += s->io_buffer[n];
s->io_buffer[511] = 0x100 - s->io_buffer[511];
s->status = READY_STAT | SEEK_STAT;
ide_transfer_start(s, s->io_buffer, 0x200, ide_transfer_stop);
ide_set_irq(s->bus);
break;
- case SMART_READ_DATA:
+ case SMART_READ_DATA:
memset(s->io_buffer, 0, 0x200);
s->io_buffer[0] = 0x01; /* smart struct version */
for (n=0; n<30; n++) {
- if (smart_attributes[n][0] == 0)
+ if (smart_attributes[n][0] == 0)
break;
- s->io_buffer[2+0+(n*12)] = smart_attributes[n][0];
- s->io_buffer[2+1+(n*12)] = smart_attributes[n][1];
- s->io_buffer[2+3+(n*12)] = smart_attributes[n][2];
- s->io_buffer[2+4+(n*12)] = smart_attributes[n][3];
+ s->io_buffer[2+0+(n*12)] = smart_attributes[n][0];
+ s->io_buffer[2+1+(n*12)] = smart_attributes[n][1];
+ s->io_buffer[2+3+(n*12)] = smart_attributes[n][2];
+ s->io_buffer[2+4+(n*12)] = smart_attributes[n][3];
}
s->io_buffer[362] = 0x02 | (s->smart_autosave?0x80:0x00);
if (s->smart_selftest_count == 0) {
- s->io_buffer[363] = 0;
+ s->io_buffer[363] = 0;
} else {
- s->io_buffer[363] =
+ s->io_buffer[363] =
s->smart_selftest_data[3 +
- (s->smart_selftest_count - 1) *
- 24];
+ (s->smart_selftest_count - 1) *
+ 24];
}
s->io_buffer[364] = 0x20;
s->io_buffer[365] = 0x01;
@@ -2294,76 +2294,76 @@ void ide_exec_cmd(IDEBus *bus, uint32_t val)
s->io_buffer[374] = 0x01; /* minutes for poll conveyance */
for (n=0; n<511; n++)
- s->io_buffer[511] += s->io_buffer[n];
+ s->io_buffer[511] += s->io_buffer[n];
s->io_buffer[511] = 0x100 - s->io_buffer[511];
s->status = READY_STAT | SEEK_STAT;
ide_transfer_start(s, s->io_buffer, 0x200, ide_transfer_stop);
ide_set_irq(s->bus);
break;
- case SMART_READ_LOG:
+ case SMART_READ_LOG:
switch (s->sector) {
case 0x01: /* summary smart error log */
- memset(s->io_buffer, 0, 0x200);
- s->io_buffer[0] = 0x01;
- s->io_buffer[1] = 0x00; /* no error entries */
- s->io_buffer[452] = s->smart_errors & 0xff;
- s->io_buffer[453] = (s->smart_errors & 0xff00) >> 8;
+ memset(s->io_buffer, 0, 0x200);
+ s->io_buffer[0] = 0x01;
+ s->io_buffer[1] = 0x00; /* no error entries */
+ s->io_buffer[452] = s->smart_errors & 0xff;
+ s->io_buffer[453] = (s->smart_errors & 0xff00) >> 8;
- for (n=0; n<511; n++)
+ for (n=0; n<511; n++)
s->io_buffer[511] += s->io_buffer[n];
- s->io_buffer[511] = 0x100 - s->io_buffer[511];
- break;
+ s->io_buffer[511] = 0x100 - s->io_buffer[511];
+ break;
case 0x06: /* smart self test log */
- memset(s->io_buffer, 0, 0x200);
- s->io_buffer[0] = 0x01;
- if (s->smart_selftest_count == 0) {
+ memset(s->io_buffer, 0, 0x200);
+ s->io_buffer[0] = 0x01;
+ if (s->smart_selftest_count == 0) {
s->io_buffer[508] = 0;
- } else {
+ } else {
s->io_buffer[508] = s->smart_selftest_count;
for (n=2; n<506; n++)
- s->io_buffer[n] = s->smart_selftest_data[n];
- }
- for (n=0; n<511; n++)
+ s->io_buffer[n] = s->smart_selftest_data[n];
+ }
+ for (n=0; n<511; n++)
s->io_buffer[511] += s->io_buffer[n];
- s->io_buffer[511] = 0x100 - s->io_buffer[511];
- break;
+ s->io_buffer[511] = 0x100 - s->io_buffer[511];
+ break;
default:
- goto abort_cmd;
+ goto abort_cmd;
}
s->status = READY_STAT | SEEK_STAT;
ide_transfer_start(s, s->io_buffer, 0x200, ide_transfer_stop);
ide_set_irq(s->bus);
break;
- case SMART_EXECUTE_OFFLINE:
+ case SMART_EXECUTE_OFFLINE:
switch (s->sector) {
case 0: /* off-line routine */
case 1: /* short self test */
case 2: /* extended self test */
- s->smart_selftest_count++;
- if(s->smart_selftest_count > 21)
+ s->smart_selftest_count++;
+ if(s->smart_selftest_count > 21)
s->smart_selftest_count = 0;
- n = 2 + (s->smart_selftest_count - 1) * 24;
- s->smart_selftest_data[n] = s->sector;
- s->smart_selftest_data[n+1] = 0x00; /* OK and finished */
- s->smart_selftest_data[n+2] = 0x34; /* hour count lsb */
- s->smart_selftest_data[n+3] = 0x12; /* hour count msb */
- s->status = READY_STAT | SEEK_STAT;
- ide_set_irq(s->bus);
- break;
+ n = 2 + (s->smart_selftest_count - 1) * 24;
+ s->smart_selftest_data[n] = s->sector;
+ s->smart_selftest_data[n+1] = 0x00; /* OK and finished */
+ s->smart_selftest_data[n+2] = 0x34; /* hour count lsb */
+ s->smart_selftest_data[n+3] = 0x12; /* hour count msb */
+ s->status = READY_STAT | SEEK_STAT;
+ ide_set_irq(s->bus);
+ break;
default:
- goto abort_cmd;
+ goto abort_cmd;
}
break;
- default:
+ default:
goto abort_cmd;
- }
- break;
- default:
- abort_cmd:
- ide_abort_command(s);
- ide_set_irq(s->bus);
- break;
- }
+ }
+ break;
+ default:
+ abort_cmd:
+ ide_abort_command(s);
+ ide_set_irq(s->bus);
+ break;
+ }
}
uint32_t ide_ioport_read(void *opaque, uint32_t addr1)
--
1.6.0.2
^ permalink raw reply related [flat|nested] 29+ messages in thread* [Qemu-devel] Re: [PATCH 02/13] ide: fix whitespace gap in ide_exec_cmd
2010-12-08 12:13 ` [Qemu-devel] [PATCH 02/13] ide: fix whitespace gap in ide_exec_cmd Alexander Graf
@ 2010-12-08 13:32 ` Stefan Hajnoczi
2010-12-08 14:59 ` Kevin Wolf
1 sibling, 0 replies; 29+ messages in thread
From: Stefan Hajnoczi @ 2010-12-08 13:32 UTC (permalink / raw)
To: Alexander Graf
Cc: Kevin Wolf, Joerg Roedel, Paul Brook, QEMU-devel Developers,
Blue Swirl, Gerd Hoffmann, tj, Roland Elek, Sebastian Herbszt
On Wed, Dec 8, 2010 at 12:13 PM, Alexander Graf <agraf@suse.de> wrote:
> Now that we have the function split out, we have to reindent it.
> In order to increase the readability of the actual functional change,
> this is split out.
>
> Signed-off-by: Alexander Graf <agraf@suse.de>
> ---
> hw/ide/core.c | 734 ++++++++++++++++++++++++++++----------------------------
> 1 files changed, 367 insertions(+), 367 deletions(-)
Reviewed-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
^ permalink raw reply [flat|nested] 29+ messages in thread
* [Qemu-devel] Re: [PATCH 02/13] ide: fix whitespace gap in ide_exec_cmd
2010-12-08 12:13 ` [Qemu-devel] [PATCH 02/13] ide: fix whitespace gap in ide_exec_cmd Alexander Graf
2010-12-08 13:32 ` [Qemu-devel] " Stefan Hajnoczi
@ 2010-12-08 14:59 ` Kevin Wolf
1 sibling, 0 replies; 29+ messages in thread
From: Kevin Wolf @ 2010-12-08 14:59 UTC (permalink / raw)
To: Alexander Graf
Cc: Joerg Roedel, Paul Brook, QEMU-devel Developers, Blue Swirl,
Gerd Hoffmann, Stefan Hajnoczi, tj, Roland Elek,
Sebastian Herbszt
Am 08.12.2010 13:13, schrieb Alexander Graf:
> Now that we have the function split out, we have to reindent it.
> In order to increase the readability of the actual functional change,
> this is split out.
>
> Signed-off-by: Alexander Graf <agraf@suse.de>
This patch "adds" some trailing whitespace. Can you take the chance to
remove it?
Kevin
^ permalink raw reply [flat|nested] 29+ messages in thread
* [Qemu-devel] [PATCH 03/13] ide: Split out BMDMA code from ATA core
2010-12-08 12:13 [Qemu-devel] [PATCH 00/13] AHCI emulation support v8 Alexander Graf
2010-12-08 12:13 ` [Qemu-devel] [PATCH 01/13] ide: split ide command interpretation off Alexander Graf
2010-12-08 12:13 ` [Qemu-devel] [PATCH 02/13] ide: fix whitespace gap in ide_exec_cmd Alexander Graf
@ 2010-12-08 12:13 ` Alexander Graf
2010-12-08 14:26 ` [Qemu-devel] " Stefan Hajnoczi
2010-12-09 12:31 ` Kevin Wolf
2010-12-08 12:13 ` [Qemu-devel] [PATCH 04/13] bmdma: split out irq setting Alexander Graf
` (9 subsequent siblings)
12 siblings, 2 replies; 29+ messages in thread
From: Alexander Graf @ 2010-12-08 12:13 UTC (permalink / raw)
To: QEMU-devel Developers
Cc: Kevin Wolf, Joerg Roedel, Paul Brook, Blue Swirl, Gerd Hoffmann,
Stefan Hajnoczi, tj, Roland Elek, Sebastian Herbszt
The ATA core is currently heavily intertwined with BMDMA code. Let's loosen
that a bit, so we can happily replace the DMA backend with different
implementations.
Signed-off-by: Alexander Graf <agraf@suse.de>
---
v7 -> v8:
- rewrite as DMA ops
---
hw/ide/cmd646.c | 6 +-
hw/ide/core.c | 322 ++++++++++++-----------------------------------------
hw/ide/internal.h | 53 +++++++--
hw/ide/pci.c | 278 +++++++++++++++++++++++++++++++++++++++++++++-
hw/ide/pci.h | 1 +
hw/ide/piix.c | 6 +-
hw/ide/via.c | 6 +-
7 files changed, 399 insertions(+), 273 deletions(-)
diff --git a/hw/ide/cmd646.c b/hw/ide/cmd646.c
index dfe6091..ecfa4d6 100644
--- a/hw/ide/cmd646.c
+++ b/hw/ide/cmd646.c
@@ -167,9 +167,9 @@ static void bmdma_map(PCIDevice *pci_dev, int region_num,
for(i = 0;i < 2; i++) {
BMDMAState *bm = &d->bmdma[i];
- d->bus[i].bmdma = bm;
+ bmdma_init(&d->bus[i], bm);
bm->bus = d->bus+i;
- qemu_add_vm_change_state_handler(ide_dma_restart_cb, bm);
+ qemu_add_vm_change_state_handler(d->bus[i].dma.ops->restart_cb, bm);
if (i == 0) {
register_ioport_write(addr, 4, 1, bmdma_writeb_0, d);
@@ -218,7 +218,7 @@ static void cmd646_reset(void *opaque)
for (i = 0; i < 2; i++) {
ide_bus_reset(&d->bus[i]);
- ide_dma_reset(&d->bmdma[i]);
+ d->bus[i].dma.ops->reset(&d->bmdma[i]);
}
}
diff --git a/hw/ide/core.c b/hw/ide/core.c
index 5e2fcbd..fce994f 100644
--- a/hw/ide/core.c
+++ b/hw/ide/core.c
@@ -34,8 +34,6 @@
#include <hw/ide/internal.h>
-#define IDE_PAGE_SIZE 4096
-
static const int smart_attributes[][5] = {
/* id, flags, val, wrst, thrsh */
{ 0x01, 0x03, 0x64, 0x64, 0x06}, /* raw read */
@@ -61,11 +59,8 @@ static inline int media_is_cd(IDEState *s)
return (media_present(s) && s->nb_sectors <= CD_MAX_SECTORS);
}
-static void ide_dma_start(IDEState *s, BlockDriverCompletionFunc *dma_cb);
-static void ide_dma_restart(IDEState *s, int is_read);
static void ide_atapi_cmd_read_dma_cb(void *opaque, int ret);
static int ide_handle_rw_error(IDEState *s, int error, int op);
-static void ide_flush_cache(IDEState *s);
static void padstr(char *str, const char *src, int len)
{
@@ -314,11 +309,11 @@ static inline void ide_abort_command(IDEState *s)
}
static inline void ide_dma_submit_check(IDEState *s,
- BlockDriverCompletionFunc *dma_cb, BMDMAState *bm)
+ BlockDriverCompletionFunc *dma_cb)
{
- if (bm->aiocb)
+ if (s->bus->dma.aiocb)
return;
- dma_cb(bm, -1);
+ dma_cb(s, -1);
}
/* prepare data transfer and tell what to do after */
@@ -328,8 +323,10 @@ static void ide_transfer_start(IDEState *s, uint8_t *buf, int size,
s->end_transfer_func = end_transfer_func;
s->data_ptr = buf;
s->data_end = buf + size;
- if (!(s->status & ERR_STAT))
+ if (!(s->status & ERR_STAT)) {
s->status |= DRQ_STAT;
+ }
+ s->bus->dma.ops->start_transfer(s->bus->dma.opaque);
}
static void ide_transfer_stop(IDEState *s)
@@ -394,7 +391,7 @@ static void ide_rw_error(IDEState *s) {
ide_set_irq(s->bus);
}
-static void ide_sector_read(IDEState *s)
+void ide_sector_read(IDEState *s)
{
int64_t sector_num;
int ret, n;
@@ -427,58 +424,15 @@ static void ide_sector_read(IDEState *s)
}
}
-
-/* return 0 if buffer completed */
-static int dma_buf_prepare(BMDMAState *bm, int is_write)
-{
- IDEState *s = bmdma_active_if(bm);
- struct {
- uint32_t addr;
- uint32_t size;
- } prd;
- int l, len;
-
- qemu_sglist_init(&s->sg, s->nsector / (IDE_PAGE_SIZE / 512) + 1);
- s->io_buffer_size = 0;
- for(;;) {
- if (bm->cur_prd_len == 0) {
- /* end of table (with a fail safe of one page) */
- if (bm->cur_prd_last ||
- (bm->cur_addr - bm->addr) >= IDE_PAGE_SIZE)
- return s->io_buffer_size != 0;
- cpu_physical_memory_read(bm->cur_addr, (uint8_t *)&prd, 8);
- bm->cur_addr += 8;
- prd.addr = le32_to_cpu(prd.addr);
- prd.size = le32_to_cpu(prd.size);
- len = prd.size & 0xfffe;
- if (len == 0)
- len = 0x10000;
- bm->cur_prd_len = len;
- bm->cur_prd_addr = prd.addr;
- bm->cur_prd_last = (prd.size & 0x80000000);
- }
- l = bm->cur_prd_len;
- if (l > 0) {
- qemu_sglist_add(&s->sg, bm->cur_prd_addr, l);
- bm->cur_prd_addr += l;
- bm->cur_prd_len -= l;
- s->io_buffer_size += l;
- }
- }
- return 1;
-}
-
static void dma_buf_commit(IDEState *s, int is_write)
{
qemu_sglist_destroy(&s->sg);
}
-static void ide_dma_set_inactive(BMDMAState *bm)
+static void ide_set_inactive(IDEState *s)
{
- bm->status &= ~BM_STATUS_DMAING;
- bm->dma_cb = NULL;
- bm->unit = -1;
- bm->aiocb = NULL;
+ s->bus->dma.aiocb = NULL;
+ s->bus->dma.ops->set_inactive(s->bus->dma.opaque);
}
void ide_dma_error(IDEState *s)
@@ -486,8 +440,8 @@ void ide_dma_error(IDEState *s)
ide_transfer_stop(s);
s->error = ABRT_ERR;
s->status = READY_STAT | ERR_STAT;
- ide_dma_set_inactive(s->bus->bmdma);
- s->bus->bmdma->status |= BM_STATUS_INT;
+ ide_set_inactive(s);
+ s->bus->dma.ops->set_status(s->bus->dma.opaque, BM_STATUS_INT);
ide_set_irq(s->bus);
}
@@ -503,8 +457,8 @@ static int ide_handle_rw_error(IDEState *s, int error, int op)
if ((error == ENOSPC && action == BLOCK_ERR_STOP_ENOSPC)
|| action == BLOCK_ERR_STOP_ANY) {
- s->bus->bmdma->unit = s->unit;
- s->bus->bmdma->status |= op;
+ s->bus->dma.ops->set_unit(s->bus->dma.opaque, s->unit);
+ s->bus->dma.ops->set_status(s->bus->dma.opaque, op);
bdrv_mon_event(s->bs, BDRV_ACTION_STOP, is_read);
vm_stop(0);
} else {
@@ -520,58 +474,9 @@ static int ide_handle_rw_error(IDEState *s, int error, int op)
return 1;
}
-/* return 0 if buffer completed */
-static int dma_buf_rw(BMDMAState *bm, int is_write)
-{
- IDEState *s = bmdma_active_if(bm);
- struct {
- uint32_t addr;
- uint32_t size;
- } prd;
- int l, len;
-
- for(;;) {
- l = s->io_buffer_size - s->io_buffer_index;
- if (l <= 0)
- break;
- if (bm->cur_prd_len == 0) {
- /* end of table (with a fail safe of one page) */
- if (bm->cur_prd_last ||
- (bm->cur_addr - bm->addr) >= IDE_PAGE_SIZE)
- return 0;
- cpu_physical_memory_read(bm->cur_addr, (uint8_t *)&prd, 8);
- bm->cur_addr += 8;
- prd.addr = le32_to_cpu(prd.addr);
- prd.size = le32_to_cpu(prd.size);
- len = prd.size & 0xfffe;
- if (len == 0)
- len = 0x10000;
- bm->cur_prd_len = len;
- bm->cur_prd_addr = prd.addr;
- bm->cur_prd_last = (prd.size & 0x80000000);
- }
- if (l > bm->cur_prd_len)
- l = bm->cur_prd_len;
- if (l > 0) {
- if (is_write) {
- cpu_physical_memory_write(bm->cur_prd_addr,
- s->io_buffer + s->io_buffer_index, l);
- } else {
- cpu_physical_memory_read(bm->cur_prd_addr,
- s->io_buffer + s->io_buffer_index, l);
- }
- bm->cur_prd_addr += l;
- bm->cur_prd_len -= l;
- s->io_buffer_index += l;
- }
- }
- return 1;
-}
-
-static void ide_read_dma_cb(void *opaque, int ret)
+void ide_read_dma_cb(void *opaque, int ret)
{
- BMDMAState *bm = opaque;
- IDEState *s = bmdma_active_if(bm);
+ IDEState *s = opaque;
int n;
int64_t sector_num;
@@ -597,8 +502,8 @@ static void ide_read_dma_cb(void *opaque, int ret)
s->status = READY_STAT | SEEK_STAT;
ide_set_irq(s->bus);
eot:
- bm->status |= BM_STATUS_INT;
- ide_dma_set_inactive(bm);
+ s->bus->dma.ops->set_status(s->bus->dma.opaque, BM_STATUS_INT);
+ ide_set_inactive(s);
return;
}
@@ -606,13 +511,13 @@ static void ide_read_dma_cb(void *opaque, int ret)
n = s->nsector;
s->io_buffer_index = 0;
s->io_buffer_size = n * 512;
- if (dma_buf_prepare(bm, 1) == 0)
+ if (s->bus->dma.ops->prepare_buf(s->bus->dma.opaque, 1) == 0)
goto eot;
#ifdef DEBUG_AIO
printf("aio_read: sector_num=%" PRId64 " n=%d\n", sector_num, n);
#endif
- bm->aiocb = dma_bdrv_read(s->bs, &s->sg, sector_num, ide_read_dma_cb, bm);
- ide_dma_submit_check(s, ide_read_dma_cb, bm);
+ s->bus->dma.aiocb = dma_bdrv_read(s->bs, &s->sg, sector_num, ide_read_dma_cb, s);
+ ide_dma_submit_check(s, ide_read_dma_cb);
}
static void ide_sector_read_dma(IDEState *s)
@@ -621,7 +526,7 @@ static void ide_sector_read_dma(IDEState *s)
s->io_buffer_index = 0;
s->io_buffer_size = 0;
s->is_read = 1;
- ide_dma_start(s, ide_read_dma_cb);
+ s->bus->dma.ops->start_dma(s->bus->dma.opaque, s, ide_read_dma_cb);
}
static void ide_sector_write_timer_cb(void *opaque)
@@ -630,7 +535,7 @@ static void ide_sector_write_timer_cb(void *opaque)
ide_set_irq(s->bus);
}
-static void ide_sector_write(IDEState *s)
+void ide_sector_write(IDEState *s)
{
int64_t sector_num;
int ret, n, n1;
@@ -676,48 +581,9 @@ static void ide_sector_write(IDEState *s)
}
}
-static void ide_dma_restart_bh(void *opaque)
-{
- BMDMAState *bm = opaque;
- int is_read;
-
- qemu_bh_delete(bm->bh);
- bm->bh = NULL;
-
- is_read = !!(bm->status & BM_STATUS_RETRY_READ);
-
- if (bm->status & BM_STATUS_DMA_RETRY) {
- bm->status &= ~(BM_STATUS_DMA_RETRY | BM_STATUS_RETRY_READ);
- ide_dma_restart(bmdma_active_if(bm), is_read);
- } else if (bm->status & BM_STATUS_PIO_RETRY) {
- bm->status &= ~(BM_STATUS_PIO_RETRY | BM_STATUS_RETRY_READ);
- if (is_read) {
- ide_sector_read(bmdma_active_if(bm));
- } else {
- ide_sector_write(bmdma_active_if(bm));
- }
- } else if (bm->status & BM_STATUS_RETRY_FLUSH) {
- ide_flush_cache(bmdma_active_if(bm));
- }
-}
-
-void ide_dma_restart_cb(void *opaque, int running, int reason)
-{
- BMDMAState *bm = opaque;
-
- if (!running)
- return;
-
- if (!bm->bh) {
- bm->bh = qemu_bh_new(ide_dma_restart_bh, bm);
- qemu_bh_schedule(bm->bh);
- }
-}
-
-static void ide_write_dma_cb(void *opaque, int ret)
+void ide_write_dma_cb(void *opaque, int ret)
{
- BMDMAState *bm = opaque;
- IDEState *s = bmdma_active_if(bm);
+ IDEState *s = opaque;
int n;
int64_t sector_num;
@@ -740,21 +606,21 @@ static void ide_write_dma_cb(void *opaque, int ret)
s->status = READY_STAT | SEEK_STAT;
ide_set_irq(s->bus);
eot:
- bm->status |= BM_STATUS_INT;
- ide_dma_set_inactive(bm);
+ s->bus->dma.ops->set_status(s->bus->dma.opaque, BM_STATUS_INT);
+ ide_set_inactive(s);
return;
}
n = s->nsector;
s->io_buffer_size = n * 512;
/* launch next transfer */
- if (dma_buf_prepare(bm, 0) == 0)
+ if (s->bus->dma.ops->prepare_buf(s->bus->dma.opaque, 0) == 0)
goto eot;
#ifdef DEBUG_AIO
printf("aio_write: sector_num=%" PRId64 " n=%d\n", sector_num, n);
#endif
- bm->aiocb = dma_bdrv_write(s->bs, &s->sg, sector_num, ide_write_dma_cb, bm);
- ide_dma_submit_check(s, ide_write_dma_cb, bm);
+ s->bus->dma.aiocb = dma_bdrv_write(s->bs, &s->sg, sector_num, ide_write_dma_cb, s);
+ ide_dma_submit_check(s, ide_write_dma_cb);
}
static void ide_sector_write_dma(IDEState *s)
@@ -763,7 +629,7 @@ static void ide_sector_write_dma(IDEState *s)
s->io_buffer_index = 0;
s->io_buffer_size = 0;
s->is_read = 0;
- ide_dma_start(s, ide_write_dma_cb);
+ s->bus->dma.ops->start_dma(s->bus->dma.opaque, s, ide_write_dma_cb);
}
void ide_atapi_cmd_ok(IDEState *s)
@@ -813,7 +679,7 @@ static void ide_flush_cb(void *opaque, int ret)
ide_set_irq(s->bus);
}
-static void ide_flush_cache(IDEState *s)
+void ide_flush_cache(IDEState *s)
{
BlockDriverAIOCB *acb;
@@ -1003,7 +869,8 @@ static void ide_atapi_cmd_reply(IDEState *s, int size, int max_size)
if (s->atapi_dma) {
s->status = READY_STAT | SEEK_STAT | DRQ_STAT;
- ide_dma_start(s, ide_atapi_cmd_read_dma_cb);
+ s->bus->dma.ops->start_dma(s->bus->dma.opaque, s,
+ ide_atapi_cmd_read_dma_cb);
} else {
s->status = READY_STAT | SEEK_STAT;
ide_atapi_cmd_reply_end(s);
@@ -1029,8 +896,7 @@ static void ide_atapi_cmd_read_pio(IDEState *s, int lba, int nb_sectors,
/* XXX: handle read errors */
static void ide_atapi_cmd_read_dma_cb(void *opaque, int ret)
{
- BMDMAState *bm = opaque;
- IDEState *s = bmdma_active_if(bm);
+ IDEState *s = opaque;
int data_offset, n;
if (ret < 0) {
@@ -1056,7 +922,7 @@ static void ide_atapi_cmd_read_dma_cb(void *opaque, int ret)
s->lba += n;
}
s->packet_transfer_size -= s->io_buffer_size;
- if (dma_buf_rw(bm, 1) == 0)
+ if (s->bus->dma.ops->rw_buf(s->bus->dma.opaque, 1) == 0)
goto eot;
}
@@ -1065,8 +931,8 @@ static void ide_atapi_cmd_read_dma_cb(void *opaque, int ret)
s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
ide_set_irq(s->bus);
eot:
- bm->status |= BM_STATUS_INT;
- ide_dma_set_inactive(bm);
+ s->bus->dma.ops->set_status(s->bus->dma.opaque, BM_STATUS_INT);
+ ide_set_inactive(s);
return;
}
@@ -1085,12 +951,13 @@ static void ide_atapi_cmd_read_dma_cb(void *opaque, int ret)
#ifdef DEBUG_AIO
printf("aio_read_cd: lba=%u n=%d\n", s->lba, n);
#endif
- bm->iov.iov_base = (void *)(s->io_buffer + data_offset);
- bm->iov.iov_len = n * 4 * 512;
- qemu_iovec_init_external(&bm->qiov, &bm->iov, 1);
- bm->aiocb = bdrv_aio_readv(s->bs, (int64_t)s->lba << 2, &bm->qiov,
- n * 4, ide_atapi_cmd_read_dma_cb, bm);
- if (!bm->aiocb) {
+ s->bus->dma.iov.iov_base = (void *)(s->io_buffer + data_offset);
+ s->bus->dma.iov.iov_len = n * 4 * 512;
+ qemu_iovec_init_external(&s->bus->dma.qiov, &s->bus->dma.iov, 1);
+ s->bus->dma.aiocb = bdrv_aio_readv(s->bs, (int64_t)s->lba << 2,
+ &s->bus->dma.qiov, n * 4,
+ ide_atapi_cmd_read_dma_cb, s);
+ if (!s->bus->dma.aiocb) {
/* Note: media not present is the most likely case */
ide_atapi_cmd_error(s, SENSE_NOT_READY,
ASC_MEDIUM_NOT_PRESENT);
@@ -1111,7 +978,8 @@ static void ide_atapi_cmd_read_dma(IDEState *s, int lba, int nb_sectors,
/* XXX: check if BUSY_STAT should be set */
s->status = READY_STAT | SEEK_STAT | DRQ_STAT | BUSY_STAT;
- ide_dma_start(s, ide_atapi_cmd_read_dma_cb);
+ s->bus->dma.ops->start_dma(s->bus->dma.opaque, s,
+ ide_atapi_cmd_read_dma_cb);
}
static void ide_atapi_cmd_read(IDEState *s, int lba, int nb_sectors,
@@ -2696,6 +2564,7 @@ int ide_init_drive(IDEState *s, BlockDriverState *bs,
} else {
pstrcpy(s->version, sizeof(s->version), QEMU_VERSION);
}
+
ide_reset(s);
bdrv_set_removable(bs, s->drive_kind == IDE_CD);
return 0;
@@ -2717,6 +2586,29 @@ static void ide_init1(IDEBus *bus, int unit)
ide_sector_write_timer_cb, s);
}
+static int ide_nop_start_irq(void *opaque)
+{
+ return 1;
+}
+
+static int ide_nop(void *opaque)
+{
+ return 0;
+}
+
+static const IDEDMAOps ide_dma_nop = {
+ .start_irq = ide_nop_start_irq,
+ .start_dma = (void*)ide_nop,
+ .start_transfer = (void*)ide_nop,
+ .prepare_buf = (void*)ide_nop,
+ .rw_buf = (void*)ide_nop,
+ .set_unit = (void*)ide_nop,
+ .set_status = (void*)ide_nop,
+ .set_inactive = (void*)ide_nop,
+ .restart_cb = (void*)ide_nop,
+ .reset = (void*)ide_nop,
+};
+
void ide_init2(IDEBus *bus, qemu_irq irq)
{
int i;
@@ -2726,6 +2618,7 @@ void ide_init2(IDEBus *bus, qemu_irq irq)
ide_reset(&bus->ifs[i]);
}
bus->irq = irq;
+ bus->dma.ops = &ide_dma_nop;
}
/* TODO convert users to qdev and remove */
@@ -2749,6 +2642,7 @@ void ide_init2_with_non_qdev_drives(IDEBus *bus, DriveInfo *hd0,
}
}
bus->irq = irq;
+ bus->dma.ops = &ide_dma_nop;
}
void ide_init_ioport(IDEBus *bus, int iobase, int iobase2)
@@ -2916,73 +2810,3 @@ const VMStateDescription vmstate_ide_bus = {
VMSTATE_END_OF_LIST()
}
};
-
-/***********************************************************/
-/* PCI IDE definitions */
-
-static void ide_dma_start(IDEState *s, BlockDriverCompletionFunc *dma_cb)
-{
- BMDMAState *bm = s->bus->bmdma;
- if(!bm)
- return;
- bm->unit = s->unit;
- bm->dma_cb = dma_cb;
- bm->cur_prd_last = 0;
- bm->cur_prd_addr = 0;
- bm->cur_prd_len = 0;
- bm->sector_num = ide_get_sector(s);
- bm->nsector = s->nsector;
- if (bm->status & BM_STATUS_DMAING) {
- bm->dma_cb(bm, 0);
- }
-}
-
-static void ide_dma_restart(IDEState *s, int is_read)
-{
- BMDMAState *bm = s->bus->bmdma;
- ide_set_sector(s, bm->sector_num);
- s->io_buffer_index = 0;
- s->io_buffer_size = 0;
- s->nsector = bm->nsector;
- bm->cur_addr = bm->addr;
-
- if (is_read) {
- bm->dma_cb = ide_read_dma_cb;
- } else {
- bm->dma_cb = ide_write_dma_cb;
- }
-
- ide_dma_start(s, bm->dma_cb);
-}
-
-void ide_dma_cancel(BMDMAState *bm)
-{
- if (bm->status & BM_STATUS_DMAING) {
- if (bm->aiocb) {
-#ifdef DEBUG_AIO
- printf("aio_cancel\n");
-#endif
- bdrv_aio_cancel(bm->aiocb);
- }
-
- /* cancel DMA request */
- ide_dma_set_inactive(bm);
- }
-}
-
-void ide_dma_reset(BMDMAState *bm)
-{
-#ifdef DEBUG_IDE
- printf("ide: dma_reset\n");
-#endif
- ide_dma_cancel(bm);
- bm->cmd = 0;
- bm->status = 0;
- bm->addr = 0;
- bm->cur_addr = 0;
- bm->cur_prd_last = 0;
- bm->cur_prd_addr = 0;
- bm->cur_prd_len = 0;
- bm->sector_num = 0;
- bm->nsector = 0;
-}
diff --git a/hw/ide/internal.h b/hw/ide/internal.h
index 8617b87..15ab119 100644
--- a/hw/ide/internal.h
+++ b/hw/ide/internal.h
@@ -21,6 +21,8 @@ typedef struct IDEDevice IDEDevice;
typedef struct IDEDeviceInfo IDEDeviceInfo;
typedef struct IDEState IDEState;
typedef struct BMDMAState BMDMAState;
+typedef struct IDEDMA IDEDMA;
+typedef struct IDEDMAOps IDEDMAOps;
/* Bits of HD_STATUS */
#define ERR_STAT 0x01
@@ -367,6 +369,17 @@ typedef enum { IDE_HD, IDE_CD, IDE_CFATA } IDEDriveKind;
typedef void EndTransferFunc(IDEState *);
+
+typedef void TransferStartFunc(IDEState *,
+ uint8_t *,
+ int,
+ EndTransferFunc *);
+typedef void IRQSetFunc(IDEBus *);
+typedef void DMAStartFunc(void *, IDEState *, BlockDriverCompletionFunc *);
+typedef int DMAFunc(void *);
+typedef int DMAIntFunc(void *, int);
+typedef void DMARestartFunc(void *, int, int);
+
/* NOTE: IDEState represents in fact one drive */
struct IDEState {
IDEBus *bus;
@@ -443,12 +456,33 @@ struct IDEState {
uint8_t *smart_selftest_data;
};
+struct IDEDMAOps {
+ DMAFunc *start_irq;
+ DMAStartFunc *start_dma;
+ DMAFunc *start_transfer;
+ DMAIntFunc *prepare_buf;
+ DMAIntFunc *rw_buf;
+ DMAIntFunc *set_unit;
+ DMAIntFunc *set_status;
+ DMAFunc *set_inactive;
+ DMARestartFunc *restart_cb;
+ DMAFunc *reset;
+};
+
+struct IDEDMA {
+ struct IDEDMAOps const *ops;
+ void *opaque;
+ struct iovec iov;
+ QEMUIOVector qiov;
+ BlockDriverAIOCB *aiocb;
+};
+
struct IDEBus {
BusState qbus;
IDEDevice *master;
IDEDevice *slave;
- BMDMAState *bmdma;
IDEState ifs[2];
+ IDEDMA dma;
uint8_t unit;
uint8_t cmd;
qemu_irq irq;
@@ -492,9 +526,6 @@ struct BMDMAState {
uint32_t cur_prd_len;
uint8_t unit;
BlockDriverCompletionFunc *dma_cb;
- BlockDriverAIOCB *aiocb;
- struct iovec iov;
- QEMUIOVector qiov;
int64_t sector_num;
uint32_t nsector;
IORange addr_ioport;
@@ -514,11 +545,7 @@ static inline IDEState *bmdma_active_if(BMDMAState *bmdma)
static inline void ide_set_irq(IDEBus *bus)
{
- BMDMAState *bm = bus->bmdma;
- if (!(bus->cmd & IDE_CMD_DISABLE_IRQ)) {
- if (bm) {
- bm->status |= BM_STATUS_INT;
- }
+ if (bus->dma.ops->start_irq(bus->dma.opaque)) {
qemu_irq_raise(bus->irq);
}
}
@@ -541,10 +568,7 @@ void ide_bus_reset(IDEBus *bus);
int64_t ide_get_sector(IDEState *s);
void ide_set_sector(IDEState *s, int64_t sector_num);
-void ide_dma_cancel(BMDMAState *bm);
-void ide_dma_restart_cb(void *opaque, int running, int reason);
void ide_dma_error(IDEState *s);
-void ide_dma_reset(BMDMAState *bm);
void ide_atapi_cmd_ok(IDEState *s);
void ide_atapi_cmd_error(IDEState *s, int sense_key, int asc);
@@ -567,6 +591,11 @@ void ide_init2_with_non_qdev_drives(IDEBus *bus, DriveInfo *hd0,
void ide_init_ioport(IDEBus *bus, int iobase, int iobase2);
void ide_exec_cmd(IDEBus *bus, uint32_t val);
+void ide_read_dma_cb(void *opaque, int ret);
+void ide_write_dma_cb(void *opaque, int ret);
+void ide_sector_write(IDEState *s);
+void ide_sector_read(IDEState *s);
+void ide_flush_cache(IDEState *s);
/* hw/ide/qdev.c */
void ide_bus_new(IDEBus *idebus, DeviceState *dev);
diff --git a/hw/ide/pci.c b/hw/ide/pci.c
index ad406ee..2506cc5 100644
--- a/hw/ide/pci.c
+++ b/hw/ide/pci.c
@@ -33,6 +33,259 @@
#include <hw/ide/pci.h>
+#define BMDMA_PAGE_SIZE 4096
+
+static int bmdma_start_irq(void *opaque)
+{
+ BMDMAState *bm = opaque;
+ IDEBus *bus = bm->bus;
+
+ if (!(bus->cmd & IDE_CMD_DISABLE_IRQ)) {
+ if (bm) {
+ bm->status |= BM_STATUS_INT;
+ }
+ return 1;
+ }
+
+ /* IRQ forbidden */
+ return 0;
+}
+
+static void bmdma_start_dma(void *opaque, IDEState *s,
+ BlockDriverCompletionFunc *dma_cb)
+{
+ BMDMAState *bm = opaque;
+
+ bm->unit = s->unit;
+ bm->dma_cb = dma_cb;
+ bm->cur_prd_last = 0;
+ bm->cur_prd_addr = 0;
+ bm->cur_prd_len = 0;
+ bm->sector_num = ide_get_sector(s);
+ bm->nsector = s->nsector;
+
+ if (bm->status & BM_STATUS_DMAING) {
+ bm->dma_cb(bmdma_active_if(bm), 0);
+ }
+}
+
+/* return 0 if buffer completed */
+static int bmdma_prepare_buf(void *opaque, int is_write)
+{
+ BMDMAState *bm = opaque;
+ IDEState *s = bmdma_active_if(bm);
+ struct {
+ uint32_t addr;
+ uint32_t size;
+ } prd;
+ int l, len;
+
+ qemu_sglist_init(&s->sg, s->nsector / (BMDMA_PAGE_SIZE / 512) + 1);
+ s->io_buffer_size = 0;
+ for(;;) {
+ if (bm->cur_prd_len == 0) {
+ /* end of table (with a fail safe of one page) */
+ if (bm->cur_prd_last ||
+ (bm->cur_addr - bm->addr) >= BMDMA_PAGE_SIZE)
+ return s->io_buffer_size != 0;
+ cpu_physical_memory_read(bm->cur_addr, (uint8_t *)&prd, 8);
+ bm->cur_addr += 8;
+ prd.addr = le32_to_cpu(prd.addr);
+ prd.size = le32_to_cpu(prd.size);
+ len = prd.size & 0xfffe;
+ if (len == 0)
+ len = 0x10000;
+ bm->cur_prd_len = len;
+ bm->cur_prd_addr = prd.addr;
+ bm->cur_prd_last = (prd.size & 0x80000000);
+ }
+ l = bm->cur_prd_len;
+ if (l > 0) {
+ qemu_sglist_add(&s->sg, bm->cur_prd_addr, l);
+ bm->cur_prd_addr += l;
+ bm->cur_prd_len -= l;
+ s->io_buffer_size += l;
+ }
+ }
+ return 1;
+}
+
+/* return 0 if buffer completed */
+static int bmdma_rw_buf(void *opaque, int is_write)
+{
+ BMDMAState *bm = opaque;
+ IDEState *s = bmdma_active_if(bm);
+ struct {
+ uint32_t addr;
+ uint32_t size;
+ } prd;
+ int l, len;
+
+ for(;;) {
+ l = s->io_buffer_size - s->io_buffer_index;
+ if (l <= 0)
+ break;
+ if (bm->cur_prd_len == 0) {
+ /* end of table (with a fail safe of one page) */
+ if (bm->cur_prd_last ||
+ (bm->cur_addr - bm->addr) >= BMDMA_PAGE_SIZE)
+ return 0;
+ cpu_physical_memory_read(bm->cur_addr, (uint8_t *)&prd, 8);
+ bm->cur_addr += 8;
+ prd.addr = le32_to_cpu(prd.addr);
+ prd.size = le32_to_cpu(prd.size);
+ len = prd.size & 0xfffe;
+ if (len == 0)
+ len = 0x10000;
+ bm->cur_prd_len = len;
+ bm->cur_prd_addr = prd.addr;
+ bm->cur_prd_last = (prd.size & 0x80000000);
+ }
+ if (l > bm->cur_prd_len)
+ l = bm->cur_prd_len;
+ if (l > 0) {
+ if (is_write) {
+ cpu_physical_memory_write(bm->cur_prd_addr,
+ s->io_buffer + s->io_buffer_index, l);
+ } else {
+ cpu_physical_memory_read(bm->cur_prd_addr,
+ s->io_buffer + s->io_buffer_index, l);
+ }
+ bm->cur_prd_addr += l;
+ bm->cur_prd_len -= l;
+ s->io_buffer_index += l;
+ }
+ }
+ return 1;
+}
+
+static int bmdma_set_unit(void *opaque, int unit)
+{
+ BMDMAState *bm = opaque;
+ bm->unit = unit;
+
+ return 0;
+}
+
+static int bmdma_set_status(void *opaque, int status)
+{
+ BMDMAState *bm = opaque;
+ bm->status |= status;
+
+ return 0;
+}
+
+static int bmdma_set_inactive(void *opaque)
+{
+ BMDMAState *bm = opaque;
+
+ bm->status &= ~BM_STATUS_DMAING;
+ bm->dma_cb = NULL;
+ bm->unit = -1;
+
+ return 0;
+}
+
+static void bmdma_restart_dma(BMDMAState *bm, int is_read)
+{
+ IDEState *s = bmdma_active_if(bm);
+
+ ide_set_sector(s, bm->sector_num);
+ s->io_buffer_index = 0;
+ s->io_buffer_size = 0;
+ s->nsector = bm->nsector;
+ bm->cur_addr = bm->addr;
+
+ if (is_read) {
+ bm->dma_cb = ide_read_dma_cb;
+ } else {
+ bm->dma_cb = ide_write_dma_cb;
+ }
+
+ bmdma_start_dma(bm, s, bm->dma_cb);
+}
+
+static void bmdma_restart_bh(void *opaque)
+{
+ BMDMAState *bm = opaque;
+ int is_read;
+
+ qemu_bh_delete(bm->bh);
+ bm->bh = NULL;
+
+ is_read = !!(bm->status & BM_STATUS_RETRY_READ);
+
+ if (bm->status & BM_STATUS_DMA_RETRY) {
+ bm->status &= ~(BM_STATUS_DMA_RETRY | BM_STATUS_RETRY_READ);
+ bmdma_restart_dma(bm, is_read);
+ } else if (bm->status & BM_STATUS_PIO_RETRY) {
+ bm->status &= ~(BM_STATUS_PIO_RETRY | BM_STATUS_RETRY_READ);
+ if (is_read) {
+ ide_sector_read(bmdma_active_if(bm));
+ } else {
+ ide_sector_write(bmdma_active_if(bm));
+ }
+ } else if (bm->status & BM_STATUS_RETRY_FLUSH) {
+ ide_flush_cache(bmdma_active_if(bm));
+ }
+}
+
+static void bmdma_restart_cb(void *opaque, int running, int reason)
+{
+ BMDMAState *bm = opaque;
+
+ if (!running)
+ return;
+
+ if (!bm->bh) {
+ bm->bh = qemu_bh_new(bmdma_restart_bh, bm);
+ qemu_bh_schedule(bm->bh);
+ }
+}
+
+static void bmdma_cancel(BMDMAState *bm)
+{
+ IDEState *s = bmdma_active_if(bm);
+
+ if (bm->status & BM_STATUS_DMAING) {
+ if (s->bus->dma.aiocb) {
+#ifdef DEBUG_AIO
+ printf("aio_cancel\n");
+#endif
+ bdrv_aio_cancel(s->bus->dma.aiocb);
+ }
+
+ /* cancel DMA request */
+ bmdma_set_inactive(bm);
+ }
+}
+
+static int bmdma_reset(void *opaque)
+{
+ BMDMAState *bm = opaque;
+
+#ifdef DEBUG_IDE
+ printf("ide: dma_reset\n");
+#endif
+ bmdma_cancel(bm);
+ bm->cmd = 0;
+ bm->status = 0;
+ bm->addr = 0;
+ bm->cur_addr = 0;
+ bm->cur_prd_last = 0;
+ bm->cur_prd_addr = 0;
+ bm->cur_prd_len = 0;
+ bm->sector_num = 0;
+ bm->nsector = 0;
+
+ return 0;
+}
+
+static int bmdma_start_transfer(void *opaque)
+{
+ return 0;
+}
+
void bmdma_cmd_writeb(void *opaque, uint32_t addr, uint32_t val)
{
BMDMAState *bm = opaque;
@@ -55,10 +308,10 @@ void bmdma_cmd_writeb(void *opaque, uint32_t addr, uint32_t val)
* whole DMA operation will be submitted to disk with a single
* aio operation with preadv/pwritev.
*/
- if (bm->aiocb) {
+ if (bm->bus->dma.aiocb) {
qemu_aio_flush();
#ifdef DEBUG_IDE
- if (bm->aiocb)
+ if (bm->bus->dma.aiocb)
printf("ide_dma_cancel: aiocb still pending");
if (bm->status & BM_STATUS_DMAING)
printf("ide_dma_cancel: BM_STATUS_DMAING still pending");
@@ -70,7 +323,7 @@ void bmdma_cmd_writeb(void *opaque, uint32_t addr, uint32_t val)
bm->status |= BM_STATUS_DMAING;
/* start dma transfer if possible */
if (bm->dma_cb)
- bm->dma_cb(bm, 0);
+ bm->dma_cb(bmdma_active_if(bm), 0);
}
}
}
@@ -198,3 +451,22 @@ void pci_ide_create_devs(PCIDevice *dev, DriveInfo **hd_table)
ide_create_drive(d->bus+bus[i], unit[i], hd_table[i]);
}
}
+
+static const struct IDEDMAOps bmdma_ops = {
+ .start_irq = bmdma_start_irq,
+ .start_dma = bmdma_start_dma,
+ .start_transfer = bmdma_start_transfer,
+ .prepare_buf = bmdma_prepare_buf,
+ .rw_buf = bmdma_rw_buf,
+ .set_unit = bmdma_set_unit,
+ .set_status = bmdma_set_status,
+ .set_inactive = bmdma_set_inactive,
+ .restart_cb = bmdma_restart_cb,
+ .reset = bmdma_reset,
+};
+
+void bmdma_init(IDEBus *bus, BMDMAState *bm)
+{
+ bus->dma.ops = &bmdma_ops;
+ bus->dma.opaque = bm;
+}
diff --git a/hw/ide/pci.h b/hw/ide/pci.h
index b81b26c..1cd7b06 100644
--- a/hw/ide/pci.h
+++ b/hw/ide/pci.h
@@ -10,6 +10,7 @@ typedef struct PCIIDEState {
uint32_t secondary; /* used only for cmd646 */
} PCIIDEState;
+void bmdma_init(IDEBus *bus, BMDMAState *bm);
void bmdma_cmd_writeb(void *opaque, uint32_t addr, uint32_t val);
extern const IORangeOps bmdma_addr_ioport_ops;
void pci_ide_create_devs(PCIDevice *dev, DriveInfo **hd_table);
diff --git a/hw/ide/piix.c b/hw/ide/piix.c
index e02b89a..1ab3f7d 100644
--- a/hw/ide/piix.c
+++ b/hw/ide/piix.c
@@ -76,9 +76,9 @@ static void bmdma_map(PCIDevice *pci_dev, int region_num,
for(i = 0;i < 2; i++) {
BMDMAState *bm = &d->bmdma[i];
- d->bus[i].bmdma = bm;
+ bmdma_init(&d->bus[i], bm);
bm->bus = d->bus+i;
- qemu_add_vm_change_state_handler(ide_dma_restart_cb, bm);
+ qemu_add_vm_change_state_handler(d->bus[i].dma.ops->restart_cb, bm);
register_ioport_write(addr, 1, 1, bmdma_cmd_writeb, bm);
@@ -99,7 +99,7 @@ static void piix3_reset(void *opaque)
for (i = 0; i < 2; i++) {
ide_bus_reset(&d->bus[i]);
- ide_dma_reset(&d->bmdma[i]);
+ d->bus[i].dma.ops->reset(&d->bmdma[i]);
}
/* TODO: this is the default. do not override. */
diff --git a/hw/ide/via.c b/hw/ide/via.c
index 66be0c4..bae2a4a 100644
--- a/hw/ide/via.c
+++ b/hw/ide/via.c
@@ -78,9 +78,9 @@ static void bmdma_map(PCIDevice *pci_dev, int region_num,
for(i = 0;i < 2; i++) {
BMDMAState *bm = &d->bmdma[i];
- d->bus[i].bmdma = bm;
+ bmdma_init(&d->bus[i], bm);
bm->bus = d->bus+i;
- qemu_add_vm_change_state_handler(ide_dma_restart_cb, bm);
+ qemu_add_vm_change_state_handler(d->bus[i].dma.ops->restart_cb, bm);
register_ioport_write(addr, 1, 1, bmdma_cmd_writeb, bm);
@@ -101,7 +101,7 @@ static void via_reset(void *opaque)
for (i = 0; i < 2; i++) {
ide_bus_reset(&d->bus[i]);
- ide_dma_reset(&d->bmdma[i]);
+ d->bus[i].dma.ops->reset(&d->bmdma[i]);
}
pci_set_word(pci_conf + PCI_COMMAND, PCI_COMMAND_WAIT);
--
1.6.0.2
^ permalink raw reply related [flat|nested] 29+ messages in thread* [Qemu-devel] Re: [PATCH 03/13] ide: Split out BMDMA code from ATA core
2010-12-08 12:13 ` [Qemu-devel] [PATCH 03/13] ide: Split out BMDMA code from ATA core Alexander Graf
@ 2010-12-08 14:26 ` Stefan Hajnoczi
2010-12-08 14:32 ` Alexander Graf
2010-12-08 14:35 ` Kevin Wolf
2010-12-09 12:31 ` Kevin Wolf
1 sibling, 2 replies; 29+ messages in thread
From: Stefan Hajnoczi @ 2010-12-08 14:26 UTC (permalink / raw)
To: Alexander Graf
Cc: Kevin Wolf, Joerg Roedel, Paul Brook, QEMU-devel Developers,
Blue Swirl, Gerd Hoffmann, tj, Roland Elek, Sebastian Herbszt
On Wed, Dec 8, 2010 at 12:13 PM, Alexander Graf <agraf@suse.de> wrote:
> @@ -486,8 +440,8 @@ void ide_dma_error(IDEState *s)
> ide_transfer_stop(s);
> s->error = ABRT_ERR;
> s->status = READY_STAT | ERR_STAT;
> - ide_dma_set_inactive(s->bus->bmdma);
> - s->bus->bmdma->status |= BM_STATUS_INT;
> + ide_set_inactive(s);
> + s->bus->dma.ops->set_status(s->bus->dma.opaque, BM_STATUS_INT);
Is BM_STATUS_INT constant naming appropriate for a general DMA
abstraction? Perhaps DMA_STATUS_INT.
> @@ -2717,6 +2586,29 @@ static void ide_init1(IDEBus *bus, int unit)
> ide_sector_write_timer_cb, s);
> }
>
> +static int ide_nop_start_irq(void *opaque)
> +{
> + return 1;
> +}
> +
> +static int ide_nop(void *opaque)
> +{
> + return 0;
> +}
> +
> +static const IDEDMAOps ide_dma_nop = {
> + .start_irq = ide_nop_start_irq,
> + .start_dma = (void*)ide_nop,
> + .start_transfer = (void*)ide_nop,
> + .prepare_buf = (void*)ide_nop,
> + .rw_buf = (void*)ide_nop,
> + .set_unit = (void*)ide_nop,
> + .set_status = (void*)ide_nop,
> + .set_inactive = (void*)ide_nop,
> + .restart_cb = (void*)ide_nop,
> + .reset = (void*)ide_nop,
Creative use of void* :). This looks unportable.
ppc and other architectures use function descriptors. There, a
function pointer is not sizeof(void*) so the (void*) cast is
questionable.
Also, casting to a function with a different signature is unportable.
You're relying on the calling convention to make this work.
Instead of fleshing out these functions, how about initializing
dma.ops to NULL? The program crashes should anyone try to do DMA
before setting a real IDEDMAOps pointer. That's not as robust as
limping along with non-working IDE, but should be straightforward to
debug if it ever happens. It also requires less code.
Stefan
^ permalink raw reply [flat|nested] 29+ messages in thread* [Qemu-devel] Re: [PATCH 03/13] ide: Split out BMDMA code from ATA core
2010-12-08 14:26 ` [Qemu-devel] " Stefan Hajnoczi
@ 2010-12-08 14:32 ` Alexander Graf
2010-12-08 14:35 ` Kevin Wolf
1 sibling, 0 replies; 29+ messages in thread
From: Alexander Graf @ 2010-12-08 14:32 UTC (permalink / raw)
To: Stefan Hajnoczi
Cc: Kevin Wolf, Joerg Roedel, Paul Brook, QEMU-devel Developers,
Blue Swirl, Gerd Hoffmann, tj, Roland Elek, Sebastian Herbszt
On 08.12.2010, at 15:26, Stefan Hajnoczi wrote:
> On Wed, Dec 8, 2010 at 12:13 PM, Alexander Graf <agraf@suse.de> wrote:
>> @@ -486,8 +440,8 @@ void ide_dma_error(IDEState *s)
>> ide_transfer_stop(s);
>> s->error = ABRT_ERR;
>> s->status = READY_STAT | ERR_STAT;
>> - ide_dma_set_inactive(s->bus->bmdma);
>> - s->bus->bmdma->status |= BM_STATUS_INT;
>> + ide_set_inactive(s);
>> + s->bus->dma.ops->set_status(s->bus->dma.opaque, BM_STATUS_INT);
>
> Is BM_STATUS_INT constant naming appropriate for a general DMA
> abstraction? Perhaps DMA_STATUS_INT.
I was thinking of that too, but then again, why bother? Let's just declare BMDMA status bits the standard and be good sounded the easiest :). Less conversions are good, no? And so far, no other user really needs those bits.
>
>> @@ -2717,6 +2586,29 @@ static void ide_init1(IDEBus *bus, int unit)
>> ide_sector_write_timer_cb, s);
>> }
>>
>> +static int ide_nop_start_irq(void *opaque)
>> +{
>> + return 1;
>> +}
>> +
>> +static int ide_nop(void *opaque)
>> +{
>> + return 0;
>> +}
>> +
>> +static const IDEDMAOps ide_dma_nop = {
>> + .start_irq = ide_nop_start_irq,
>> + .start_dma = (void*)ide_nop,
>> + .start_transfer = (void*)ide_nop,
>> + .prepare_buf = (void*)ide_nop,
>> + .rw_buf = (void*)ide_nop,
>> + .set_unit = (void*)ide_nop,
>> + .set_status = (void*)ide_nop,
>> + .set_inactive = (void*)ide_nop,
>> + .restart_cb = (void*)ide_nop,
>> + .reset = (void*)ide_nop,
>
> Creative use of void* :). This looks unportable.
>
> ppc and other architectures use function descriptors. There, a
> function pointer is not sizeof(void*) so the (void*) cast is
> questionable.
>
> Also, casting to a function with a different signature is unportable.
> You're relying on the calling convention to make this work.
Hrm, interesting. Maybe I should create one entry for each function type then.
>
> Instead of fleshing out these functions, how about initializing
> dma.ops to NULL? The program crashes should anyone try to do DMA
> before setting a real IDEDMAOps pointer. That's not as robust as
> limping along with non-working IDE, but should be straightforward to
> debug if it ever happens. It also requires less code.
Unfortunately, at least reset gets called before the DMA init :(.
Alex
^ permalink raw reply [flat|nested] 29+ messages in thread* [Qemu-devel] Re: [PATCH 03/13] ide: Split out BMDMA code from ATA core
2010-12-08 14:26 ` [Qemu-devel] " Stefan Hajnoczi
2010-12-08 14:32 ` Alexander Graf
@ 2010-12-08 14:35 ` Kevin Wolf
2010-12-08 14:40 ` Stefan Hajnoczi
1 sibling, 1 reply; 29+ messages in thread
From: Kevin Wolf @ 2010-12-08 14:35 UTC (permalink / raw)
To: Stefan Hajnoczi
Cc: Joerg Roedel, Paul Brook, Alexander Graf, QEMU-devel Developers,
Blue Swirl, Gerd Hoffmann, tj, Sebastian Herbszt, Roland Elek
Am 08.12.2010 15:26, schrieb Stefan Hajnoczi:
> On Wed, Dec 8, 2010 at 12:13 PM, Alexander Graf <agraf@suse.de> wrote:
>> @@ -486,8 +440,8 @@ void ide_dma_error(IDEState *s)
>> ide_transfer_stop(s);
>> s->error = ABRT_ERR;
>> s->status = READY_STAT | ERR_STAT;
>> - ide_dma_set_inactive(s->bus->bmdma);
>> - s->bus->bmdma->status |= BM_STATUS_INT;
>> + ide_set_inactive(s);
>> + s->bus->dma.ops->set_status(s->bus->dma.opaque, BM_STATUS_INT);
>
> Is BM_STATUS_INT constant naming appropriate for a general DMA
> abstraction? Perhaps DMA_STATUS_INT.
BM_STATUS_INT is a bit in the status register of busmaster IDE. So in
theory it shouldn't appear in generic ATA code, but I'm not sure how
much of this we can fix at this point.
> Instead of fleshing out these functions, how about initializing
> dma.ops to NULL? The program crashes should anyone try to do DMA
> before setting a real IDEDMAOps pointer. That's not as robust as
> limping along with non-working IDE, but should be straightforward to
> debug if it ever happens. It also requires less code.
Allowing the guest to crash qemu is not an option. We'd have to check
for NULL in all commands that initiate a DMA transfer.
Kevin
^ permalink raw reply [flat|nested] 29+ messages in thread
* [Qemu-devel] Re: [PATCH 03/13] ide: Split out BMDMA code from ATA core
2010-12-08 14:35 ` Kevin Wolf
@ 2010-12-08 14:40 ` Stefan Hajnoczi
2010-12-08 14:46 ` Kevin Wolf
0 siblings, 1 reply; 29+ messages in thread
From: Stefan Hajnoczi @ 2010-12-08 14:40 UTC (permalink / raw)
To: Kevin Wolf
Cc: Joerg Roedel, Paul Brook, Alexander Graf, QEMU-devel Developers,
Blue Swirl, Gerd Hoffmann, tj, Sebastian Herbszt, Roland Elek
On Wed, Dec 8, 2010 at 2:35 PM, Kevin Wolf <kwolf@redhat.com> wrote:
> Am 08.12.2010 15:26, schrieb Stefan Hajnoczi:
>> On Wed, Dec 8, 2010 at 12:13 PM, Alexander Graf <agraf@suse.de> wrote:
>>> @@ -486,8 +440,8 @@ void ide_dma_error(IDEState *s)
>>> ide_transfer_stop(s);
>>> s->error = ABRT_ERR;
>>> s->status = READY_STAT | ERR_STAT;
>>> - ide_dma_set_inactive(s->bus->bmdma);
>>> - s->bus->bmdma->status |= BM_STATUS_INT;
>>> + ide_set_inactive(s);
>>> + s->bus->dma.ops->set_status(s->bus->dma.opaque, BM_STATUS_INT);
>>
>> Is BM_STATUS_INT constant naming appropriate for a general DMA
>> abstraction? Perhaps DMA_STATUS_INT.
>
> BM_STATUS_INT is a bit in the status register of busmaster IDE. So in
> theory it shouldn't appear in generic ATA code, but I'm not sure how
> much of this we can fix at this point.
>
>> Instead of fleshing out these functions, how about initializing
>> dma.ops to NULL? The program crashes should anyone try to do DMA
>> before setting a real IDEDMAOps pointer. That's not as robust as
>> limping along with non-working IDE, but should be straightforward to
>> debug if it ever happens. It also requires less code.
>
> Allowing the guest to crash qemu is not an option. We'd have to check
> for NULL in all commands that initiate a DMA transfer.
You're right, I wasn't aware that the ops gets a chance to execute
before we initialize them to BMDMA.
Stefan
^ permalink raw reply [flat|nested] 29+ messages in thread
* [Qemu-devel] Re: [PATCH 03/13] ide: Split out BMDMA code from ATA core
2010-12-08 14:40 ` Stefan Hajnoczi
@ 2010-12-08 14:46 ` Kevin Wolf
0 siblings, 0 replies; 29+ messages in thread
From: Kevin Wolf @ 2010-12-08 14:46 UTC (permalink / raw)
To: Stefan Hajnoczi
Cc: Joerg Roedel, Paul Brook, Alexander Graf, QEMU-devel Developers,
Blue Swirl, Gerd Hoffmann, tj, Sebastian Herbszt, Roland Elek
Am 08.12.2010 15:40, schrieb Stefan Hajnoczi:
> On Wed, Dec 8, 2010 at 2:35 PM, Kevin Wolf <kwolf@redhat.com> wrote:
>> Am 08.12.2010 15:26, schrieb Stefan Hajnoczi:
>>> On Wed, Dec 8, 2010 at 12:13 PM, Alexander Graf <agraf@suse.de> wrote:
>>>> @@ -486,8 +440,8 @@ void ide_dma_error(IDEState *s)
>>>> ide_transfer_stop(s);
>>>> s->error = ABRT_ERR;
>>>> s->status = READY_STAT | ERR_STAT;
>>>> - ide_dma_set_inactive(s->bus->bmdma);
>>>> - s->bus->bmdma->status |= BM_STATUS_INT;
>>>> + ide_set_inactive(s);
>>>> + s->bus->dma.ops->set_status(s->bus->dma.opaque, BM_STATUS_INT);
>>>
>>> Is BM_STATUS_INT constant naming appropriate for a general DMA
>>> abstraction? Perhaps DMA_STATUS_INT.
>>
>> BM_STATUS_INT is a bit in the status register of busmaster IDE. So in
>> theory it shouldn't appear in generic ATA code, but I'm not sure how
>> much of this we can fix at this point.
>>
>>> Instead of fleshing out these functions, how about initializing
>>> dma.ops to NULL? The program crashes should anyone try to do DMA
>>> before setting a real IDEDMAOps pointer. That's not as robust as
>>> limping along with non-working IDE, but should be straightforward to
>>> debug if it ever happens. It also requires less code.
>>
>> Allowing the guest to crash qemu is not an option. We'd have to check
>> for NULL in all commands that initiate a DMA transfer.
>
> You're right, I wasn't aware that the ops gets a chance to execute
> before we initialize them to BMDMA.
For example with ISA we never intialize it at all.
Kevin
^ permalink raw reply [flat|nested] 29+ messages in thread
* [Qemu-devel] Re: [PATCH 03/13] ide: Split out BMDMA code from ATA core
2010-12-08 12:13 ` [Qemu-devel] [PATCH 03/13] ide: Split out BMDMA code from ATA core Alexander Graf
2010-12-08 14:26 ` [Qemu-devel] " Stefan Hajnoczi
@ 2010-12-09 12:31 ` Kevin Wolf
1 sibling, 0 replies; 29+ messages in thread
From: Kevin Wolf @ 2010-12-09 12:31 UTC (permalink / raw)
To: Alexander Graf
Cc: Joerg Roedel, Paul Brook, QEMU-devel Developers, Blue Swirl,
Gerd Hoffmann, Stefan Hajnoczi, tj, Roland Elek,
Sebastian Herbszt
Am 08.12.2010 13:13, schrieb Alexander Graf:
> The ATA core is currently heavily intertwined with BMDMA code. Let's loosen
> that a bit, so we can happily replace the DMA backend with different
> implementations.
>
> Signed-off-by: Alexander Graf <agraf@suse.de>
>
> ---
>
> v7 -> v8:
>
> - rewrite as DMA ops
> ---
> hw/ide/cmd646.c | 6 +-
> hw/ide/core.c | 322 ++++++++++++-----------------------------------------
> hw/ide/internal.h | 53 +++++++--
> hw/ide/pci.c | 278 +++++++++++++++++++++++++++++++++++++++++++++-
> hw/ide/pci.h | 1 +
> hw/ide/piix.c | 6 +-
> hw/ide/via.c | 6 +-
> 7 files changed, 399 insertions(+), 273 deletions(-)
> @@ -367,6 +369,17 @@ typedef enum { IDE_HD, IDE_CD, IDE_CFATA } IDEDriveKind;
>
> typedef void EndTransferFunc(IDEState *);
>
> +
> +typedef void TransferStartFunc(IDEState *,
> + uint8_t *,
> + int,
> + EndTransferFunc *);
> +typedef void IRQSetFunc(IDEBus *);
These two typedefs are unused.
> +typedef void DMAStartFunc(void *, IDEState *, BlockDriverCompletionFunc *);
> +typedef int DMAFunc(void *);
> +typedef int DMAIntFunc(void *, int);
> +typedef void DMARestartFunc(void *, int, int);
> +
> /* NOTE: IDEState represents in fact one drive */
> struct IDEState {
> IDEBus *bus;
> @@ -443,12 +456,33 @@ struct IDEState {
> uint8_t *smart_selftest_data;
> };
>
> +struct IDEDMAOps {
> + DMAFunc *start_irq;
> + DMAStartFunc *start_dma;
> + DMAFunc *start_transfer;
> + DMAIntFunc *prepare_buf;
> + DMAIntFunc *rw_buf;
> + DMAIntFunc *set_unit;
> + DMAIntFunc *set_status;
> + DMAFunc *set_inactive;
> + DMARestartFunc *restart_cb;
> + DMAFunc *reset;
> +};
> +
> +struct IDEDMA {
> + struct IDEDMAOps const *ops;
Why hiding the const somewhere in the middle?
> + void *opaque;
> + struct iovec iov;
> + QEMUIOVector qiov;
> + BlockDriverAIOCB *aiocb;
> +};
I'm wondering if this interface where you pass a void* to all DMA
functions is really optimal. You completely lose type safety this way.
Maybe we should use inheritance like in other places in qemu and
implement BMDMAState with IDEDMA as its "base class"? This would mean
that we need to make IDEBus.dma a pointer rather than embedding the
structure, but it's probably worth the changes.
> +static int bmdma_set_status(void *opaque, int status)
> +{
> + BMDMAState *bm = opaque;
> + bm->status |= status;
The name of this function is misleading. You're just setting a flag, not
setting a new value for the whole status register.
Kevin
^ permalink raw reply [flat|nested] 29+ messages in thread
* [Qemu-devel] [PATCH 04/13] bmdma: split out irq setting
2010-12-08 12:13 [Qemu-devel] [PATCH 00/13] AHCI emulation support v8 Alexander Graf
` (2 preceding siblings ...)
2010-12-08 12:13 ` [Qemu-devel] [PATCH 03/13] ide: Split out BMDMA code from ATA core Alexander Graf
@ 2010-12-08 12:13 ` Alexander Graf
2010-12-08 12:13 ` [Qemu-devel] [PATCH 05/13] bmdma: move header definitions out Alexander Graf
` (8 subsequent siblings)
12 siblings, 0 replies; 29+ messages in thread
From: Alexander Graf @ 2010-12-08 12:13 UTC (permalink / raw)
To: QEMU-devel Developers
Cc: Kevin Wolf, Joerg Roedel, Paul Brook, Blue Swirl, Gerd Hoffmann,
Stefan Hajnoczi, tj, Roland Elek, Sebastian Herbszt
The IDE core doesn't care about BMDMA blocking IRQs from getting submitted,
so let's reflect that in the code and make IRQ blocking fully transparent.
Signed-off-by: Alexander Graf <agraf@suse.de>
---
hw/ide/core.c | 6 ------
hw/ide/internal.h | 4 ++--
hw/ide/pci.c | 44 +++++++++++++++++++++++++++-----------------
3 files changed, 29 insertions(+), 25 deletions(-)
diff --git a/hw/ide/core.c b/hw/ide/core.c
index fce994f..6284539 100644
--- a/hw/ide/core.c
+++ b/hw/ide/core.c
@@ -2586,18 +2586,12 @@ static void ide_init1(IDEBus *bus, int unit)
ide_sector_write_timer_cb, s);
}
-static int ide_nop_start_irq(void *opaque)
-{
- return 1;
-}
-
static int ide_nop(void *opaque)
{
return 0;
}
static const IDEDMAOps ide_dma_nop = {
- .start_irq = ide_nop_start_irq,
.start_dma = (void*)ide_nop,
.start_transfer = (void*)ide_nop,
.prepare_buf = (void*)ide_nop,
diff --git a/hw/ide/internal.h b/hw/ide/internal.h
index 15ab119..af7e741 100644
--- a/hw/ide/internal.h
+++ b/hw/ide/internal.h
@@ -457,7 +457,6 @@ struct IDEState {
};
struct IDEDMAOps {
- DMAFunc *start_irq;
DMAStartFunc *start_dma;
DMAFunc *start_transfer;
DMAIntFunc *prepare_buf;
@@ -530,6 +529,7 @@ struct BMDMAState {
uint32_t nsector;
IORange addr_ioport;
QEMUBH *bh;
+ qemu_irq irq;
};
static inline IDEState *idebus_active_if(IDEBus *bus)
@@ -545,7 +545,7 @@ static inline IDEState *bmdma_active_if(BMDMAState *bmdma)
static inline void ide_set_irq(IDEBus *bus)
{
- if (bus->dma.ops->start_irq(bus->dma.opaque)) {
+ if (!(bus->cmd & IDE_CMD_DISABLE_IRQ)) {
qemu_irq_raise(bus->irq);
}
}
diff --git a/hw/ide/pci.c b/hw/ide/pci.c
index 2506cc5..270c13a 100644
--- a/hw/ide/pci.c
+++ b/hw/ide/pci.c
@@ -35,22 +35,6 @@
#define BMDMA_PAGE_SIZE 4096
-static int bmdma_start_irq(void *opaque)
-{
- BMDMAState *bm = opaque;
- IDEBus *bus = bm->bus;
-
- if (!(bus->cmd & IDE_CMD_DISABLE_IRQ)) {
- if (bm) {
- bm->status |= BM_STATUS_INT;
- }
- return 1;
- }
-
- /* IRQ forbidden */
- return 0;
-}
-
static void bmdma_start_dma(void *opaque, IDEState *s,
BlockDriverCompletionFunc *dma_cb)
{
@@ -286,6 +270,24 @@ static int bmdma_start_transfer(void *opaque)
return 0;
}
+static void bmdma_irq(void *opaque, int n, int level)
+{
+ BMDMAState *bm = opaque;
+
+ if (!level) {
+ /* pass through lower */
+ qemu_set_irq(bm->irq, level);
+ return;
+ }
+
+ if (bm) {
+ bm->status |= BM_STATUS_INT;
+ }
+
+ /* trigger the real irq */
+ qemu_set_irq(bm->irq, level);
+}
+
void bmdma_cmd_writeb(void *opaque, uint32_t addr, uint32_t val)
{
BMDMAState *bm = opaque;
@@ -453,7 +455,6 @@ void pci_ide_create_devs(PCIDevice *dev, DriveInfo **hd_table)
}
static const struct IDEDMAOps bmdma_ops = {
- .start_irq = bmdma_start_irq,
.start_dma = bmdma_start_dma,
.start_transfer = bmdma_start_transfer,
.prepare_buf = bmdma_prepare_buf,
@@ -467,6 +468,15 @@ static const struct IDEDMAOps bmdma_ops = {
void bmdma_init(IDEBus *bus, BMDMAState *bm)
{
+ qemu_irq *irq;
+
+ if (bus->dma.ops == &bmdma_ops) {
+ return;
+ }
+
bus->dma.ops = &bmdma_ops;
bus->dma.opaque = bm;
+ bm->irq = bus->irq;
+ irq = qemu_allocate_irqs(bmdma_irq, bm, 1);
+ bus->irq = *irq;
}
--
1.6.0.2
^ permalink raw reply related [flat|nested] 29+ messages in thread* [Qemu-devel] [PATCH 05/13] bmdma: move header definitions out
2010-12-08 12:13 [Qemu-devel] [PATCH 00/13] AHCI emulation support v8 Alexander Graf
` (3 preceding siblings ...)
2010-12-08 12:13 ` [Qemu-devel] [PATCH 04/13] bmdma: split out irq setting Alexander Graf
@ 2010-12-08 12:13 ` Alexander Graf
2010-12-08 12:13 ` [Qemu-devel] [PATCH 06/13] ide: add ncq identify data for ahci sata drives Alexander Graf
` (7 subsequent siblings)
12 siblings, 0 replies; 29+ messages in thread
From: Alexander Graf @ 2010-12-08 12:13 UTC (permalink / raw)
To: QEMU-devel Developers
Cc: Kevin Wolf, Joerg Roedel, Paul Brook, Blue Swirl, Gerd Hoffmann,
Stefan Hajnoczi, tj, Roland Elek, Sebastian Herbszt
The bmdma header definitions currently reside in generic code, but only PCI
specific code should know about BMDMA internals. So let's move the definitions
and everything using them out to pci.h.
Signed-off-by: Alexander Graf <agraf@suse.de>
---
hw/ide/internal.h | 27 ---------------------------
hw/ide/pci.h | 28 ++++++++++++++++++++++++++++
2 files changed, 28 insertions(+), 27 deletions(-)
diff --git a/hw/ide/internal.h b/hw/ide/internal.h
index af7e741..7e2ba1a 100644
--- a/hw/ide/internal.h
+++ b/hw/ide/internal.h
@@ -20,7 +20,6 @@ typedef struct IDEBus IDEBus;
typedef struct IDEDevice IDEDevice;
typedef struct IDEDeviceInfo IDEDeviceInfo;
typedef struct IDEState IDEState;
-typedef struct BMDMAState BMDMAState;
typedef struct IDEDMA IDEDMA;
typedef struct IDEDMAOps IDEDMAOps;
@@ -512,37 +511,11 @@ struct IDEDeviceInfo {
#define BM_CMD_START 0x01
#define BM_CMD_READ 0x08
-struct BMDMAState {
- uint8_t cmd;
- uint8_t status;
- uint32_t addr;
-
- IDEBus *bus;
- /* current transfer state */
- uint32_t cur_addr;
- uint32_t cur_prd_last;
- uint32_t cur_prd_addr;
- uint32_t cur_prd_len;
- uint8_t unit;
- BlockDriverCompletionFunc *dma_cb;
- int64_t sector_num;
- uint32_t nsector;
- IORange addr_ioport;
- QEMUBH *bh;
- qemu_irq irq;
-};
-
static inline IDEState *idebus_active_if(IDEBus *bus)
{
return bus->ifs + bus->unit;
}
-static inline IDEState *bmdma_active_if(BMDMAState *bmdma)
-{
- assert(bmdma->unit != (uint8_t)-1);
- return bmdma->bus->ifs + bmdma->unit;
-}
-
static inline void ide_set_irq(IDEBus *bus)
{
if (!(bus->cmd & IDE_CMD_DISABLE_IRQ)) {
diff --git a/hw/ide/pci.h b/hw/ide/pci.h
index 1cd7b06..0f96297 100644
--- a/hw/ide/pci.h
+++ b/hw/ide/pci.h
@@ -3,6 +3,26 @@
#include <hw/ide/internal.h>
+typedef struct BMDMAState {
+ uint8_t cmd;
+ uint8_t status;
+ uint32_t addr;
+
+ IDEBus *bus;
+ /* current transfer state */
+ uint32_t cur_addr;
+ uint32_t cur_prd_last;
+ uint32_t cur_prd_addr;
+ uint32_t cur_prd_len;
+ uint8_t unit;
+ BlockDriverCompletionFunc *dma_cb;
+ int64_t sector_num;
+ uint32_t nsector;
+ IORange addr_ioport;
+ QEMUBH *bh;
+ qemu_irq irq;
+} BMDMAState;
+
typedef struct PCIIDEState {
PCIDevice dev;
IDEBus bus[2];
@@ -10,6 +30,14 @@ typedef struct PCIIDEState {
uint32_t secondary; /* used only for cmd646 */
} PCIIDEState;
+
+static inline IDEState *bmdma_active_if(BMDMAState *bmdma)
+{
+ assert(bmdma->unit != (uint8_t)-1);
+ return bmdma->bus->ifs + bmdma->unit;
+}
+
+
void bmdma_init(IDEBus *bus, BMDMAState *bm);
void bmdma_cmd_writeb(void *opaque, uint32_t addr, uint32_t val);
extern const IORangeOps bmdma_addr_ioport_ops;
--
1.6.0.2
^ permalink raw reply related [flat|nested] 29+ messages in thread* [Qemu-devel] [PATCH 06/13] ide: add ncq identify data for ahci sata drives
2010-12-08 12:13 [Qemu-devel] [PATCH 00/13] AHCI emulation support v8 Alexander Graf
` (4 preceding siblings ...)
2010-12-08 12:13 ` [Qemu-devel] [PATCH 05/13] bmdma: move header definitions out Alexander Graf
@ 2010-12-08 12:13 ` Alexander Graf
2010-12-08 12:13 ` [Qemu-devel] [PATCH 07/13] pci: add storage class for sata Alexander Graf
` (6 subsequent siblings)
12 siblings, 0 replies; 29+ messages in thread
From: Alexander Graf @ 2010-12-08 12:13 UTC (permalink / raw)
To: QEMU-devel Developers
Cc: Kevin Wolf, Joerg Roedel, Paul Brook, Blue Swirl, Gerd Hoffmann,
Stefan Hajnoczi, tj, Roland Elek, Sebastian Herbszt
From: Roland Elek <elek.roland@gmail.com>
I modified ide_identify() to include the zero-based queue length
value in word 75, and set bit 8 in word 76 to signal NCQ support
in the identify data for AHCI SATA drives.
Signed-off-by: Roland Elek <elek.roland@gmail.com>
---
hw/ide/core.c | 7 +++++++
hw/ide/internal.h | 2 ++
2 files changed, 9 insertions(+), 0 deletions(-)
diff --git a/hw/ide/core.c b/hw/ide/core.c
index 6284539..a3f8104 100644
--- a/hw/ide/core.c
+++ b/hw/ide/core.c
@@ -140,6 +140,13 @@ static void ide_identify(IDEState *s)
put_le16(p + 66, 120);
put_le16(p + 67, 120);
put_le16(p + 68, 120);
+
+ if (s->ncq_queues) {
+ put_le16(p + 75, s->ncq_queues - 1);
+ /* NCQ supported */
+ put_le16(p + 76, (1 << 8));
+ }
+
put_le16(p + 80, 0xf0); /* ata3 -> ata6 supported */
put_le16(p + 81, 0x16); /* conforms to ata5 */
/* 14=NOP supported, 5=WCACHE supported, 0=SMART supported */
diff --git a/hw/ide/internal.h b/hw/ide/internal.h
index 7e2ba1a..414adf5 100644
--- a/hw/ide/internal.h
+++ b/hw/ide/internal.h
@@ -453,6 +453,8 @@ struct IDEState {
int smart_errors;
uint8_t smart_selftest_count;
uint8_t *smart_selftest_data;
+ /* AHCI */
+ int ncq_queues;
};
struct IDEDMAOps {
--
1.6.0.2
^ permalink raw reply related [flat|nested] 29+ messages in thread* [Qemu-devel] [PATCH 07/13] pci: add storage class for sata
2010-12-08 12:13 [Qemu-devel] [PATCH 00/13] AHCI emulation support v8 Alexander Graf
` (5 preceding siblings ...)
2010-12-08 12:13 ` [Qemu-devel] [PATCH 06/13] ide: add ncq identify data for ahci sata drives Alexander Graf
@ 2010-12-08 12:13 ` Alexander Graf
2010-12-08 12:13 ` [Qemu-devel] [PATCH 08/13] pci: add ich7 pci id Alexander Graf
` (5 subsequent siblings)
12 siblings, 0 replies; 29+ messages in thread
From: Alexander Graf @ 2010-12-08 12:13 UTC (permalink / raw)
To: QEMU-devel Developers
Cc: Kevin Wolf, Joerg Roedel, Paul Brook, Blue Swirl, Gerd Hoffmann,
Stefan Hajnoczi, tj, Roland Elek, Sebastian Herbszt
This patch adds the storage sata class id.
Signed-off-by: Alexander Graf <agraf@suse.de>
---
hw/pci_ids.h | 1 +
1 files changed, 1 insertions(+), 0 deletions(-)
diff --git a/hw/pci_ids.h b/hw/pci_ids.h
index 82cba7e..ea3418c 100644
--- a/hw/pci_ids.h
+++ b/hw/pci_ids.h
@@ -15,6 +15,7 @@
#define PCI_CLASS_STORAGE_SCSI 0x0100
#define PCI_CLASS_STORAGE_IDE 0x0101
+#define PCI_CLASS_STORAGE_SATA 0x0106
#define PCI_CLASS_STORAGE_OTHER 0x0180
#define PCI_CLASS_NETWORK_ETHERNET 0x0200
--
1.6.0.2
^ permalink raw reply related [flat|nested] 29+ messages in thread* [Qemu-devel] [PATCH 08/13] pci: add ich7 pci id
2010-12-08 12:13 [Qemu-devel] [PATCH 00/13] AHCI emulation support v8 Alexander Graf
` (6 preceding siblings ...)
2010-12-08 12:13 ` [Qemu-devel] [PATCH 07/13] pci: add storage class for sata Alexander Graf
@ 2010-12-08 12:13 ` Alexander Graf
2010-12-08 12:13 ` [Qemu-devel] [PATCH 09/13] ahci: add ahci emulation Alexander Graf
` (4 subsequent siblings)
12 siblings, 0 replies; 29+ messages in thread
From: Alexander Graf @ 2010-12-08 12:13 UTC (permalink / raw)
To: QEMU-devel Developers
Cc: Kevin Wolf, Joerg Roedel, Paul Brook, Blue Swirl, Gerd Hoffmann,
Stefan Hajnoczi, tj, Roland Elek, Sebastian Herbszt
We need a PCI ID for our new AHCI adapter. I just picked an ICH-7M
because that's the one built into the first Macbooks.
This patch adds a PCI ID define for an ICH-7 AHCI adapter.
Signed-off-by: Alexander Graf <agraf@suse.de>
---
v3 -> v4:
- add ICH7 instead of ICH7M (herbszt)
v4 -> v5:
- rename to ICH7_AHCI_RAID (herbszt)
v6 -> v7:
- use non-raid ich7 ahci (herbszt)
---
hw/pci.h | 1 +
1 files changed, 1 insertions(+), 0 deletions(-)
diff --git a/hw/pci.h b/hw/pci.h
index 89f7b76..0dce2b0 100644
--- a/hw/pci.h
+++ b/hw/pci.h
@@ -62,6 +62,7 @@
/* Intel (0x8086) */
#define PCI_DEVICE_ID_INTEL_82551IT 0x1209
#define PCI_DEVICE_ID_INTEL_82557 0x1229
+#define PCI_DEVICE_ID_INTEL_ICH7_AHCI 0x27c1
/* Red Hat / Qumranet (for QEMU) -- see pci-ids.txt */
#define PCI_VENDOR_ID_REDHAT_QUMRANET 0x1af4
--
1.6.0.2
^ permalink raw reply related [flat|nested] 29+ messages in thread* [Qemu-devel] [PATCH 09/13] ahci: add ahci emulation
2010-12-08 12:13 [Qemu-devel] [PATCH 00/13] AHCI emulation support v8 Alexander Graf
` (7 preceding siblings ...)
2010-12-08 12:13 ` [Qemu-devel] [PATCH 08/13] pci: add ich7 pci id Alexander Graf
@ 2010-12-08 12:13 ` Alexander Graf
2010-12-08 21:14 ` [Qemu-devel] " Stefan Hajnoczi
2010-12-08 12:13 ` [Qemu-devel] [PATCH 10/13] config: move ide core and pci to pci.mak Alexander Graf
` (3 subsequent siblings)
12 siblings, 1 reply; 29+ messages in thread
From: Alexander Graf @ 2010-12-08 12:13 UTC (permalink / raw)
To: QEMU-devel Developers
Cc: Kevin Wolf, Joerg Roedel, Paul Brook, Blue Swirl, Gerd Hoffmann,
Stefan Hajnoczi, tj, Roland Elek, Sebastian Herbszt
This patch adds an emulation layer for an ICH-7M AHCI controller. For now
this controller does not do IDE legacy emulation. It is a pure AHCI controller.
Signed-off-by: Alexander Graf <agraf@suse.de>
---
v1 -> v2:
- rename IDEExtender to IDEBusOps and make a pointer (kraxel)
- make dma hooks explicit by putting them into ops struct (stefanha)
- use qdev buses (kraxel)
- minor cleanups
- dprintf overhaul
- add reset function
v2 -> v3:
- add msi support (kraxel)
- use MIN macro (kraxel)
- add msi support (kraxel)
- fix ncq with multiple ports
- zap qdev properties (kraxel)
- redesign legacy IF_SATA hooks (kraxel)
- don't build ahci as part of target
- move to ide/ (kwolf)
v3 -> v4:
- prepare for endianness safety
- add lspci dump (herbszt)
- use ich7 instead of ich7m (herbszt)
- fix lst+fis mapping (kraxel)
- coding style (blue swirl)
- explicit mmio setters/getters (blue swirl)
v4 -> v5:
- s/H2dNcqFis/NCQFrame/g (blue swirl)
- redo -drive magic (blue swirl)
- bump BAR to 4k
- ahci.c: rename to ICH7_AHCI_RAID (herbszt)
v5 -> v6:
- PCI config space fixes (isaku)
- remove CONFIG_AHCI from default configs
v6 -> v7:
- improve interrupt injection
- combine tfdata code paths
- update tfdata more often
- reset port registers on port reset
- improve debug output
- add "feature" variable from fis for some extended commands
- always set feature to DMA for atapi
- osx 10.5.0 works as of this version
- use non-raid ich7 ahci (herbszt)
- reflect normal ich7 in pci dump
- stick to new IDEBusOps (stefanha, kwolf)
- ahci: stefan's ahci comments
v7 -> v8:
- generate tfdata on the fly
- reimplement immediate dma rw
- add safety net for busy engine
- adjust for new DMA interface
---
Makefile.objs | 1 +
hw/ide/ahci.c | 1374 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++
2 files changed, 1375 insertions(+), 0 deletions(-)
create mode 100644 hw/ide/ahci.c
diff --git a/Makefile.objs b/Makefile.objs
index 04625eb..4f692e4 100644
--- a/Makefile.objs
+++ b/Makefile.objs
@@ -238,6 +238,7 @@ hw-obj-$(CONFIG_IDE_PIIX) += ide/piix.o
hw-obj-$(CONFIG_IDE_CMD646) += ide/cmd646.o
hw-obj-$(CONFIG_IDE_MACIO) += ide/macio.o
hw-obj-$(CONFIG_IDE_VIA) += ide/via.o
+hw-obj-$(CONFIG_AHCI) += ide/ahci.o
# SCSI layer
hw-obj-$(CONFIG_LSI_SCSI_PCI) += lsi53c895a.o
diff --git a/hw/ide/ahci.c b/hw/ide/ahci.c
new file mode 100644
index 0000000..7e7aa89
--- /dev/null
+++ b/hw/ide/ahci.c
@@ -0,0 +1,1374 @@
+/*
+ * QEMU AHCI Emulation
+ *
+ * Copyright (c) 2010 qiaochong@loongson.cn
+ * Copyright (c) 2010 Roland Elek <elek.roland@gmail.com>
+ * Copyright (c) 2010 Sebastian Herbszt <herbszt@gmx.de>
+ * Copyright (c) 2010 Alexander Graf <agraf@suse.de>
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, see <http://www.gnu.org/licenses/>.
+ *
+ *
+ * lspci dump of a real device:
+ *
+ * 00:1f.2 SATA controller: Intel Corporation 82801GR/GH (ICH7 Family) SATA AHCI Controller (rev 01) (prog-if 01 [AHCI 1.0])
+ * Subsystem: Intel Corporation 82801GR/GH (ICH7 Family) SATA AHCI Controller
+ * Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B- DisINTx+
+ * Status: Cap+ 66MHz+ UDF- FastB2B+ ParErr- DEVSEL=medium >TAbort- <TAbort- <MAbort- >SERR- <PERR- INTx-
+ * Latency: 0
+ * Interrupt: pin B routed to IRQ 221
+ * Region 0: I/O ports at e880 [size=8]
+ * Region 1: I/O ports at e800 [size=4]
+ * Region 2: I/O ports at e480 [size=8]
+ * Region 3: I/O ports at e400 [size=4]
+ * Region 4: I/O ports at e080 [size=16]
+ * Region 5: Memory at ffa3fc00 (32-bit, non-prefetchable) [size=1K]
+ * Capabilities: [80] Message Signalled Interrupts: Mask- 64bit- Queue=0/0 Enable+
+ * Address: fee0100c Data: 41d9
+ * Capabilities: [70] Power Management version 2
+ * Flags: PMEClk- DSI- D1- D2- AuxCurrent=0mA PME(D0-,D1-,D2-,D3hot+,D3cold-)
+ * Status: D0 PME-Enable- DSel=0 DScale=0 PME-
+ * Kernel driver in use: ahci
+ * Kernel modules: ahci
+ *
+ * 00:1f.2 0106: 8086:27c1 (rev 01)
+ *
+ */
+
+#include <hw/hw.h>
+#include <hw/msi.h>
+#include <hw/pc.h>
+#include <hw/pci.h>
+
+#include "monitor.h"
+#include "dma.h"
+#include "cpu-common.h"
+#include "blockdev.h"
+#include "internal.h"
+#include <hw/ide/pci.h>
+
+/* #define DEBUG_AHCI */
+
+#ifdef DEBUG_AHCI
+#define DPRINTF(port, fmt, ...) \
+do { fprintf(stderr, "ahci: %s: [%d] ", __FUNCTION__, port); \
+ fprintf(stderr, fmt, ## __VA_ARGS__); } while (0)
+#else
+#define DPRINTF(port, fmt, ...) do {} while(0)
+#endif
+
+#define AHCI_PCI_BAR 5
+#define AHCI_MAX_PORTS 32
+#define AHCI_MAX_SG 168 /* hardware max is 64K */
+#define AHCI_DMA_BOUNDARY 0xffffffff
+#define AHCI_USE_CLUSTERING 0
+#define AHCI_MAX_CMDS 32
+#define AHCI_CMD_SZ 32
+#define AHCI_CMD_SLOT_SZ (AHCI_MAX_CMDS * AHCI_CMD_SZ)
+#define AHCI_RX_FIS_SZ 256
+#define AHCI_CMD_TBL_CDB 0x40
+#define AHCI_CMD_TBL_HDR_SZ 0x80
+#define AHCI_CMD_TBL_SZ (AHCI_CMD_TBL_HDR_SZ + (AHCI_MAX_SG * 16))
+#define AHCI_CMD_TBL_AR_SZ (AHCI_CMD_TBL_SZ * AHCI_MAX_CMDS)
+#define AHCI_PORT_PRIV_DMA_SZ (AHCI_CMD_SLOT_SZ + AHCI_CMD_TBL_AR_SZ + \
+ AHCI_RX_FIS_SZ)
+
+#define AHCI_IRQ_ON_SG (1 << 31)
+#define AHCI_CMD_ATAPI (1 << 5)
+#define AHCI_CMD_WRITE (1 << 6)
+#define AHCI_CMD_PREFETCH (1 << 7)
+#define AHCI_CMD_RESET (1 << 8)
+#define AHCI_CMD_CLR_BUSY (1 << 10)
+
+#define RX_FIS_D2H_REG 0x40 /* offset of D2H Register FIS data */
+#define RX_FIS_SDB 0x58 /* offset of SDB FIS data */
+#define RX_FIS_UNK 0x60 /* offset of Unknown FIS data */
+
+/* global controller registers */
+#define HOST_CAP 0x00 /* host capabilities */
+#define HOST_CTL 0x04 /* global host control */
+#define HOST_IRQ_STAT 0x08 /* interrupt status */
+#define HOST_PORTS_IMPL 0x0c /* bitmap of implemented ports */
+#define HOST_VERSION 0x10 /* AHCI spec. version compliancy */
+
+/* HOST_CTL bits */
+#define HOST_CTL_RESET (1 << 0) /* reset controller; self-clear */
+#define HOST_CTL_IRQ_EN (1 << 1) /* global IRQ enable */
+#define HOST_CTL_AHCI_EN (1 << 31) /* AHCI enabled */
+
+/* HOST_CAP bits */
+#define HOST_CAP_SSC (1 << 14) /* Slumber capable */
+#define HOST_CAP_AHCI (1 << 18) /* AHCI only */
+#define HOST_CAP_CLO (1 << 24) /* Command List Override support */
+#define HOST_CAP_SSS (1 << 27) /* Staggered Spin-up */
+#define HOST_CAP_NCQ (1 << 30) /* Native Command Queueing */
+#define HOST_CAP_64 (1 << 31) /* PCI DAC (64-bit DMA) support */
+
+/* registers for each SATA port */
+#define PORT_LST_ADDR 0x00 /* command list DMA addr */
+#define PORT_LST_ADDR_HI 0x04 /* command list DMA addr hi */
+#define PORT_FIS_ADDR 0x08 /* FIS rx buf addr */
+#define PORT_FIS_ADDR_HI 0x0c /* FIS rx buf addr hi */
+#define PORT_IRQ_STAT 0x10 /* interrupt status */
+#define PORT_IRQ_MASK 0x14 /* interrupt enable/disable mask */
+#define PORT_CMD 0x18 /* port command */
+#define PORT_TFDATA 0x20 /* taskfile data */
+#define PORT_SIG 0x24 /* device TF signature */
+#define PORT_SCR_STAT 0x28 /* SATA phy register: SStatus */
+#define PORT_SCR_CTL 0x2c /* SATA phy register: SControl */
+#define PORT_SCR_ERR 0x30 /* SATA phy register: SError */
+#define PORT_SCR_ACT 0x34 /* SATA phy register: SActive */
+#define PORT_CMD_ISSUE 0x38 /* command issue */
+#define PORT_RESERVED 0x3c /* reserved */
+
+/* PORT_IRQ_{STAT,MASK} bits */
+#define PORT_IRQ_COLD_PRES (1 << 31) /* cold presence detect */
+#define PORT_IRQ_TF_ERR (1 << 30) /* task file error */
+#define PORT_IRQ_HBUS_ERR (1 << 29) /* host bus fatal error */
+#define PORT_IRQ_HBUS_DATA_ERR (1 << 28) /* host bus data error */
+#define PORT_IRQ_IF_ERR (1 << 27) /* interface fatal error */
+#define PORT_IRQ_IF_NONFATAL (1 << 26) /* interface non-fatal error */
+#define PORT_IRQ_OVERFLOW (1 << 24) /* xfer exhausted available S/G */
+#define PORT_IRQ_BAD_PMP (1 << 23) /* incorrect port multiplier */
+
+#define PORT_IRQ_PHYRDY (1 << 22) /* PhyRdy changed */
+#define PORT_IRQ_DEV_ILCK (1 << 7) /* device interlock */
+#define PORT_IRQ_CONNECT (1 << 6) /* port connect change status */
+#define PORT_IRQ_SG_DONE (1 << 5) /* descriptor processed */
+#define PORT_IRQ_UNK_FIS (1 << 4) /* unknown FIS rx'd */
+#define PORT_IRQ_SDB_FIS (1 << 3) /* Set Device Bits FIS rx'd */
+#define PORT_IRQ_DMAS_FIS (1 << 2) /* DMA Setup FIS rx'd */
+#define PORT_IRQ_PIOS_FIS (1 << 1) /* PIO Setup FIS rx'd */
+#define PORT_IRQ_D2H_REG_FIS (1 << 0) /* D2H Register FIS rx'd */
+
+#define PORT_IRQ_FREEZE (PORT_IRQ_HBUS_ERR | PORT_IRQ_IF_ERR | \
+ PORT_IRQ_CONNECT | PORT_IRQ_PHYRDY | \
+ PORT_IRQ_UNK_FIS)
+#define PORT_IRQ_ERROR (PORT_IRQ_FREEZE | PORT_IRQ_TF_ERR | \
+ PORT_IRQ_HBUS_DATA_ERR)
+#define DEF_PORT_IRQ (PORT_IRQ_ERROR | PORT_IRQ_SG_DONE | \
+ PORT_IRQ_SDB_FIS | PORT_IRQ_DMAS_FIS | \
+ PORT_IRQ_PIOS_FIS | PORT_IRQ_D2H_REG_FIS)
+
+/* PORT_CMD bits */
+#define PORT_CMD_ATAPI (1 << 24) /* Device is ATAPI */
+#define PORT_CMD_LIST_ON (1 << 15) /* cmd list DMA engine running */
+#define PORT_CMD_FIS_ON (1 << 14) /* FIS DMA engine running */
+#define PORT_CMD_FIS_RX (1 << 4) /* Enable FIS receive DMA engine */
+#define PORT_CMD_CLO (1 << 3) /* Command list override */
+#define PORT_CMD_POWER_ON (1 << 2) /* Power up device */
+#define PORT_CMD_SPIN_UP (1 << 1) /* Spin up device */
+#define PORT_CMD_START (1 << 0) /* Enable port DMA engine */
+
+#define PORT_CMD_ICC_MASK (0xf << 28) /* i/f ICC state mask */
+#define PORT_CMD_ICC_ACTIVE (0x1 << 28) /* Put i/f in active state */
+#define PORT_CMD_ICC_PARTIAL (0x2 << 28) /* Put i/f in partial state */
+#define PORT_CMD_ICC_SLUMBER (0x6 << 28) /* Put i/f in slumber state */
+
+#define PORT_IRQ_STAT_DHRS (1 << 0) /* Device to Host Register FIS */
+#define PORT_IRQ_STAT_PSS (1 << 1) /* PIO Setup FIS */
+#define PORT_IRQ_STAT_DSS (1 << 2) /* DMA Setup FIS */
+#define PORT_IRQ_STAT_SDBS (1 << 3) /* Set Device Bits */
+#define PORT_IRQ_STAT_UFS (1 << 4) /* Unknown FIS */
+#define PORT_IRQ_STAT_DPS (1 << 5) /* Descriptor Processed */
+#define PORT_IRQ_STAT_PCS (1 << 6) /* Port Connect Change Status */
+#define PORT_IRQ_STAT_DMPS (1 << 7) /* Device Mechanical Presence
+ Status */
+#define PORT_IRQ_STAT_PRCS (1 << 22) /* File Ready Status */
+#define PORT_IRQ_STAT_IPMS (1 << 23) /* Incorrect Port Multiplier
+ Status */
+#define PORT_IRQ_STAT_OFS (1 << 24) /* Overflow Status */
+#define PORT_IRQ_STAT_INFS (1 << 26) /* Interface Non-Fatal Error
+ Status */
+#define PORT_IRQ_STAT_IFS (1 << 27) /* Interface Fatal Error */
+#define PORT_IRQ_STAT_HBDS (1 << 28) /* Host Bus Data Error Status */
+#define PORT_IRQ_STAT_HBFS (1 << 29) /* Host Bus Fatal Error Status */
+#define PORT_IRQ_STAT_TFES (1 << 30) /* Task File Error Status */
+#define PORT_IRQ_STAT_CPDS (1 << 31) /* Code Port Detect Status */
+
+/* ap->flags bits */
+#define AHCI_FLAG_NO_NCQ (1 << 24)
+#define AHCI_FLAG_IGN_IRQ_IF_ERR (1 << 25) /* ignore IRQ_IF_ERR */
+#define AHCI_FLAG_HONOR_PI (1 << 26) /* honor PORTS_IMPL */
+#define AHCI_FLAG_IGN_SERR_INTERNAL (1 << 27) /* ignore SERR_INTERNAL */
+#define AHCI_FLAG_32BIT_ONLY (1 << 28) /* force 32bit */
+
+#define ATA_SRST (1 << 2) /* software reset */
+
+#define STATE_RUN 0
+#define STATE_RESET 1
+
+#define SATA_SCR_SSTATUS_DET_NODEV 0x0
+#define SATA_SCR_SSTATUS_DET_DEV_PRESENT_PHY_UP 0x3
+
+#define SATA_SCR_SSTATUS_SPD_NODEV 0x00
+#define SATA_SCR_SSTATUS_SPD_GEN1 0x10
+
+#define SATA_SCR_SSTATUS_IPM_NODEV 0x000
+#define SATA_SCR_SSTATUS_IPM_ACTIVE 0X100
+
+#define AHCI_SCR_SCTL_DET 0xf
+
+#define SATA_FIS_TYPE_REGISTER_H2D 0x27
+#define SATA_FIS_REG_H2D_UPDATE_COMMAND_REGISTER 0x80
+
+#define AHCI_CMD_HDR_CMD_FIS_LEN 0x1f
+#define AHCI_CMD_HDR_PRDT_LEN 16
+
+#define SATA_SIGNATURE_CDROM 0xeb140000
+#define SATA_SIGNATURE_DISK 0x00000101
+
+#define AHCI_GENERIC_HOST_CONTROL_REGS_MAX_ADDR 0x20
+ /* Shouldn't this be 0x2c? */
+
+#define SATA_PORTS 4
+
+#define AHCI_PORT_REGS_START_ADDR 0x100
+#define AHCI_PORT_REGS_END_ADDR (AHCI_PORT_REGS_START_ADDR + SATA_PORTS * 0x80)
+#define AHCI_PORT_ADDR_OFFSET_MASK 0x7f
+
+#define AHCI_NUM_COMMAND_SLOTS 31
+#define AHCI_SUPPORTED_SPEED 20
+#define AHCI_SUPPORTED_SPEED_GEN1 1
+#define AHCI_VERSION_1_0 0x10000
+
+#define AHCI_PROGMODE_MAJOR_REV_1 1
+
+#define AHCI_COMMAND_TABLE_ACMD 0x40
+
+#define IDE_FEATURE_DMA 1
+
+#define READ_FPDMA_QUEUED 0x60
+#define WRITE_FPDMA_QUEUED 0x61
+
+#define RES_FIS_DSFIS 0x00
+#define RES_FIS_PSFIS 0x20
+#define RES_FIS_RFIS 0x40
+#define RES_FIS_SDBFIS 0x58
+#define RES_FIS_UFIS 0x60
+
+typedef struct AHCIControlRegs {
+ uint32_t cap;
+ uint32_t ghc;
+ uint32_t irqstatus;
+ uint32_t impl;
+ uint32_t version;
+} AHCIControlRegs;
+
+typedef struct AHCIPortRegs {
+ uint32_t lst_addr;
+ uint32_t lst_addr_hi;
+ uint32_t fis_addr;
+ uint32_t fis_addr_hi;
+ uint32_t irq_stat;
+ uint32_t irq_mask;
+ uint32_t cmd;
+ uint32_t unused0;
+ uint32_t tfdata;
+ uint32_t sig;
+ uint32_t scr_stat;
+ uint32_t scr_ctl;
+ uint32_t scr_err;
+ uint32_t scr_act;
+ uint32_t cmd_issue;
+ uint32_t reserved;
+} AHCIPortRegs;
+
+typedef struct AHCICmdHdr {
+ uint32_t opts;
+ uint32_t status;
+ uint64_t tbl_addr;
+ uint32_t reserved[4];
+} __attribute__ ((packed)) AHCICmdHdr;
+
+typedef struct AHCI_SG {
+ uint64_t addr;
+ uint32_t reserved;
+ uint32_t flags_size;
+} __attribute__ ((packed)) AHCI_SG;
+
+typedef struct AHCIDevice AHCIDevice;
+
+typedef struct NCQTransferState {
+ AHCIDevice *drive;
+ QEMUSGList sglist;
+ int is_read;
+ uint16_t sector_count;
+ uint64_t lba;
+ uint8_t tag;
+ int slot;
+ int used;
+} NCQTransferState;
+
+struct AHCIDevice {
+ IDEBus port;
+ int port_no;
+ uint32_t port_state;
+ uint32_t finished;
+ AHCIPortRegs port_regs;
+ struct AHCIState *hba;
+ uint8_t *lst;
+ uint8_t *res_fis;
+ uint8_t *cmd_fis;
+ int cmd_fis_len;
+ int dma_status;
+ BlockDriverCompletionFunc *dma_cb;
+ AHCICmdHdr *cur_cmd;
+ NCQTransferState ncq_tfs[AHCI_MAX_CMDS];
+};
+
+typedef struct AHCIState {
+ AHCIDevice dev[SATA_PORTS];
+ AHCIControlRegs control_regs;
+ int mem;
+ qemu_irq irq;
+} AHCIState;
+
+typedef struct AHCIPCIState {
+ PCIDevice card;
+ AHCIState ahci;
+} AHCIPCIState;
+
+typedef struct NCQFrame {
+ uint8_t fis_type;
+ uint8_t c;
+ uint8_t command;
+ uint8_t sector_count_low;
+ uint8_t lba0;
+ uint8_t lba1;
+ uint8_t lba2;
+ uint8_t fua;
+ uint8_t lba3;
+ uint8_t lba4;
+ uint8_t lba5;
+ uint8_t sector_count_high;
+ uint8_t tag;
+ uint8_t reserved5;
+ uint8_t reserved6;
+ uint8_t control;
+ uint8_t reserved7;
+ uint8_t reserved8;
+ uint8_t reserved9;
+ uint8_t reserved10;
+} __attribute__ ((packed)) NCQFrame;
+
+static void check_cmd(AHCIState *s, int port);
+static int handle_cmd(AHCIState *s,int port,int slot);
+static void ahci_reset_port(AHCIState *s, int port);
+static void ahci_write_fis_d2h(AHCIState *s, int port, uint8_t *cmd_fis);
+
+static uint32_t ahci_port_read(AHCIState *s, int port, int offset)
+{
+ uint32_t val;
+ AHCIPortRegs *pr;
+ pr = &s->dev[port].port_regs;
+
+ switch (offset) {
+ case PORT_LST_ADDR:
+ val = pr->lst_addr;
+ break;
+ case PORT_LST_ADDR_HI:
+ val = pr->lst_addr_hi;
+ break;
+ case PORT_FIS_ADDR:
+ val = pr->fis_addr;
+ break;
+ case PORT_FIS_ADDR_HI:
+ val = pr->fis_addr_hi;
+ break;
+ case PORT_IRQ_STAT:
+ val = pr->irq_stat;
+ break;
+ case PORT_IRQ_MASK:
+ val = pr->irq_mask;
+ break;
+ case PORT_CMD:
+ val = pr->cmd;
+ break;
+ case PORT_TFDATA:
+ val = ((uint16_t)s->dev[port].port.ifs[0].error << 8) |
+ s->dev[port].port.ifs[0].status;
+ break;
+ case PORT_SIG:
+ val = pr->sig;
+ break;
+ case PORT_SCR_STAT:
+ if (s->dev[port].port.ifs[0].bs) {
+ val = SATA_SCR_SSTATUS_DET_DEV_PRESENT_PHY_UP |
+ SATA_SCR_SSTATUS_SPD_GEN1 | SATA_SCR_SSTATUS_IPM_ACTIVE;
+ } else {
+ val = SATA_SCR_SSTATUS_DET_NODEV;
+ }
+ break;
+ case PORT_SCR_CTL:
+ val = pr->scr_ctl;
+ break;
+ case PORT_SCR_ERR:
+ val = pr->scr_err;
+ break;
+ case PORT_SCR_ACT:
+ pr->scr_act &= ~s->dev[port].finished;
+ s->dev[port].finished = 0;
+ val = pr->scr_act;
+ break;
+ case PORT_CMD_ISSUE:
+ val = pr->cmd_issue;
+ break;
+ case PORT_RESERVED:
+ default:
+ val = 0;
+ }
+ DPRINTF(port, "offset: 0x%x val: 0x%x\n", offset, val);
+ return val;
+
+}
+
+static void ahci_irq_raise(AHCIState *s, AHCIDevice *dev)
+{
+ struct AHCIPCIState *d = container_of(s, AHCIPCIState, ahci);
+
+ DPRINTF(0, "raise irq\n");
+
+ if (msi_enabled(&d->card)) {
+ msi_notify(&d->card, 0);
+ } else {
+ qemu_irq_raise(s->irq);
+ }
+}
+
+static void ahci_irq_lower(AHCIState *s, AHCIDevice *dev)
+{
+ struct AHCIPCIState *d = container_of(s, AHCIPCIState, ahci);
+
+ DPRINTF(0, "lower irq\n");
+
+ if (!msi_enabled(&d->card)) {
+ qemu_irq_lower(s->irq);
+ }
+}
+
+static void ahci_check_irq(AHCIState *s)
+{
+ int i;
+
+ DPRINTF(-1, "check irq %#x\n", s->control_regs.irqstatus);
+
+ for (i = 0; i < SATA_PORTS; i++) {
+ AHCIPortRegs *pr = &s->dev[i].port_regs;
+ if (pr->irq_stat & pr->irq_mask) {
+ s->control_regs.irqstatus |= (1 << i);
+ }
+ }
+
+ if (s->control_regs.irqstatus &&
+ (s->control_regs.ghc & HOST_CTL_IRQ_EN)) {
+ ahci_irq_raise(s, NULL);
+ } else {
+ ahci_irq_lower(s, NULL);
+ }
+}
+
+static void ahci_trigger_irq(AHCIState *s, AHCIDevice *d,
+ int irq_type)
+{
+ DPRINTF(d->port_no, "trigger irq %#x -> %x\n",
+ irq_type, d->port_regs.irq_mask & irq_type);
+
+ d->port_regs.irq_stat |= irq_type;
+ ahci_check_irq(s);
+}
+
+static void map_page(uint8_t **ptr, uint64_t addr, uint32_t wanted)
+{
+ target_phys_addr_t len = wanted;
+
+ if (*ptr) {
+ cpu_physical_memory_unmap(*ptr, 1, len, len);
+ }
+
+ *ptr = cpu_physical_memory_map(addr, &len, 1);
+ if (len < wanted) {
+ cpu_physical_memory_unmap(*ptr, 1, len, len);
+ }
+}
+
+static void ahci_port_write(AHCIState *s, int port, int offset, uint32_t val)
+{
+ AHCIPortRegs *pr = &s->dev[port].port_regs;
+
+ DPRINTF(port, "offset: 0x%x val: 0x%x\n", offset, val);
+ switch (offset) {
+ case PORT_LST_ADDR:
+ pr->lst_addr = val;
+ map_page(&s->dev[port].lst,
+ ((uint64_t)pr->lst_addr_hi << 32) | pr->lst_addr, 1024);
+ break;
+ case PORT_LST_ADDR_HI:
+ pr->lst_addr_hi = val;
+ map_page(&s->dev[port].lst,
+ ((uint64_t)pr->lst_addr_hi << 32) | pr->lst_addr, 1024);
+ break;
+ case PORT_FIS_ADDR:
+ pr->fis_addr = val;
+ map_page(&s->dev[port].res_fis,
+ ((uint64_t)pr->fis_addr_hi << 32) | pr->fis_addr, 256);
+ break;
+ case PORT_FIS_ADDR_HI:
+ pr->fis_addr_hi = val;
+ map_page(&s->dev[port].res_fis,
+ ((uint64_t)pr->fis_addr_hi << 32) | pr->fis_addr, 256);
+ break;
+ case PORT_IRQ_STAT:
+ pr->irq_stat &= ~val;
+ break;
+ case PORT_IRQ_MASK:
+ pr->irq_mask = val & 0xfdc000ff;
+ ahci_check_irq(s);
+ break;
+ case PORT_CMD:
+ pr->cmd = val & ~(PORT_CMD_LIST_ON | PORT_CMD_FIS_ON);
+
+ if (pr->cmd & PORT_CMD_START) {
+ pr->cmd |= PORT_CMD_LIST_ON;
+ }
+
+ if (pr->cmd & PORT_CMD_FIS_RX) {
+ pr->cmd |= PORT_CMD_FIS_ON;
+ }
+
+ check_cmd(s, port);
+ break;
+ case PORT_TFDATA:
+ s->dev[port].port.ifs[0].error = (val >> 8) & 0xff;
+ s->dev[port].port.ifs[0].status = val & 0xff;
+ break;
+ case PORT_SIG:
+ pr->sig = val;
+ break;
+ case PORT_SCR_STAT:
+ pr->scr_stat = val;
+ break;
+ case PORT_SCR_CTL:
+ if (((pr->scr_ctl & AHCI_SCR_SCTL_DET) == 1) &&
+ ((val & AHCI_SCR_SCTL_DET) == 0)) {
+ ahci_reset_port(s, port);
+ }
+ pr->scr_ctl = val;
+ break;
+ case PORT_SCR_ERR:
+ pr->scr_err &= ~val;
+ break;
+ case PORT_SCR_ACT:
+ /* RW1 */
+ pr->scr_act |= val;
+ break;
+ case PORT_CMD_ISSUE:
+ pr->cmd_issue |= val;
+ check_cmd(s, port);
+ break;
+ default:
+ break;
+ }
+}
+
+static uint32_t ahci_mem_readl(void *ptr, target_phys_addr_t addr)
+{
+ AHCIState *s = ptr;
+ uint32_t val = 0;
+
+ addr = addr & 0xfff;
+ if (addr < AHCI_GENERIC_HOST_CONTROL_REGS_MAX_ADDR) {
+ switch (addr) {
+ case HOST_CAP:
+ val = s->control_regs.cap;
+ break;
+ case HOST_CTL:
+ val = s->control_regs.ghc;
+ break;
+ case HOST_IRQ_STAT:
+ val = s->control_regs.irqstatus;
+ break;
+ case HOST_PORTS_IMPL:
+ val = s->control_regs.impl;
+ break;
+ case HOST_VERSION:
+ val = s->control_regs.version;
+ break;
+ }
+
+ DPRINTF(-1, "(addr 0x%08X), val 0x%08X\n", (unsigned) addr, val);
+ } else if ((addr >= AHCI_PORT_REGS_START_ADDR) &&
+ (addr < AHCI_PORT_REGS_END_ADDR)) {
+ val = ahci_port_read(s, (addr - AHCI_PORT_REGS_START_ADDR) >> 7,
+ addr & AHCI_PORT_ADDR_OFFSET_MASK);
+ }
+
+ return val;
+}
+
+
+
+static void ahci_mem_writel(void *ptr, target_phys_addr_t addr, uint32_t val)
+{
+ AHCIState *s = ptr;
+ addr = addr & 0xfff;
+
+ /* Only aligned reads are allowed on AHCI */
+ if (addr & 3) {
+ fprintf(stderr, "ahci: Mis-aligned write to addr 0x"
+ TARGET_FMT_plx "\n", addr);
+ return;
+ }
+
+ if (addr < AHCI_GENERIC_HOST_CONTROL_REGS_MAX_ADDR) {
+ DPRINTF(-1, "(addr 0x%08X), val 0x%08X\n", (unsigned) addr, val);
+
+ switch (addr) {
+ case HOST_CAP: /* R/WO, RO */
+ /* FIXME handle R/WO */
+ break;
+ case HOST_CTL: /* R/W */
+ if (val & HOST_CTL_RESET) {
+ DPRINTF(-1, "HBA Reset\n");
+ /* FIXME reset? */
+ } else {
+ s->control_regs.ghc = (val & 0x3) | HOST_CTL_AHCI_EN;
+ ahci_check_irq(s);
+ }
+ break;
+ case HOST_IRQ_STAT: /* R/WC, RO */
+ s->control_regs.irqstatus &= ~val;
+ ahci_check_irq(s);
+ break;
+ case HOST_PORTS_IMPL: /* R/WO, RO */
+ /* FIXME handle R/WO */
+ break;
+ case HOST_VERSION: /* RO */
+ /* FIXME report write? */
+ break;
+ default:
+ DPRINTF(-1, "write to unknown register 0x%x\n", (unsigned)addr);
+ }
+ } else if ((addr >= AHCI_PORT_REGS_START_ADDR) &&
+ (addr < AHCI_PORT_REGS_END_ADDR)) {
+ ahci_port_write(s, (addr - AHCI_PORT_REGS_START_ADDR) >> 7,
+ addr & AHCI_PORT_ADDR_OFFSET_MASK, val);
+ }
+
+}
+
+static CPUReadMemoryFunc * const ahci_readfn[3]={
+ ahci_mem_readl,
+ ahci_mem_readl,
+ ahci_mem_readl
+};
+
+static CPUWriteMemoryFunc * const ahci_writefn[3]={
+ ahci_mem_writel,
+ ahci_mem_writel,
+ ahci_mem_writel
+};
+
+static void ahci_reg_init(AHCIState *s)
+{
+ int i;
+
+ s->control_regs.cap = (SATA_PORTS - 1) |
+ (AHCI_NUM_COMMAND_SLOTS << 8) |
+ (AHCI_SUPPORTED_SPEED_GEN1 << AHCI_SUPPORTED_SPEED) |
+ HOST_CAP_NCQ | HOST_CAP_AHCI;
+
+ s->control_regs.impl = (1 << SATA_PORTS) - 1;
+
+ s->control_regs.version = AHCI_VERSION_1_0;
+
+ for (i = 0; i < SATA_PORTS; i++) {
+ s->dev[i].port_state = STATE_RUN;
+ }
+}
+
+static uint32_t read_from_sglist(uint8_t *buffer, uint32_t len,
+ QEMUSGList *sglist)
+{
+ uint32_t i = 0;
+ uint32_t total = 0, once;
+ ScatterGatherEntry *cur_prd;
+ uint32_t sgcount;
+
+ cur_prd = sglist->sg;
+ sgcount = sglist->nsg;
+ for (i = 0; len && sgcount; i++) {
+ once = MIN(cur_prd->len + 1, len);
+ cpu_physical_memory_read(cur_prd->base, buffer, once);
+ cur_prd++;
+ sgcount--;
+ len -= once;
+ buffer += once;
+ total += once;
+ }
+
+ return total;
+}
+
+static uint32_t write_to_sglist(uint8_t *buffer, uint32_t len,
+ QEMUSGList *sglist)
+{
+ uint32_t i = 0;
+ uint32_t total = 0, once;
+ ScatterGatherEntry *cur_prd;
+ uint32_t sgcount;
+
+ cur_prd = sglist->sg;
+ sgcount = sglist->nsg;
+ for (i = 0; len && sgcount; i++) {
+ once = MIN(cur_prd->len + 1, len);
+ cpu_physical_memory_write(cur_prd->base, buffer, once);
+ cur_prd++;
+ sgcount--;
+ len -= once;
+ buffer += once;
+ total += once;
+ }
+
+ return total;
+}
+
+static void check_cmd(AHCIState *s, int port)
+{
+ AHCIPortRegs *pr = &s->dev[port].port_regs;
+ int slot;
+
+ if (pr->cmd & PORT_CMD_START) {
+ for (slot = 0; (slot < 32) && pr->cmd_issue; slot++) {
+ if ((pr->cmd_issue & (1 << slot)) &&
+ !handle_cmd(s, port, slot)) {
+ pr->cmd_issue &= ~(1 << slot);
+ }
+ }
+ }
+}
+
+static void ahci_reset_port(AHCIState *s, int port)
+{
+ AHCIDevice *d = &s->dev[port];
+ AHCIPortRegs *pr = &d->port_regs;
+ IDEState *ide_state = &d->port.ifs[0];
+ uint8_t init_fis[0x20];
+ uint32_t tfd;
+
+ DPRINTF(port, "reset port\n");
+
+ ide_bus_reset(&d->port);
+ ide_state->ncq_queues = AHCI_MAX_CMDS;
+
+ pr->irq_stat = 0;
+ pr->irq_mask = 0;
+ pr->scr_stat = 0;
+ pr->scr_ctl = 0;
+ pr->scr_err = 0;
+ pr->scr_act = 0;
+
+ ide_state = &s->dev[port].port.ifs[0];
+ if (!ide_state->bs) {
+ return;
+ }
+
+ memset(init_fis, 0, sizeof(init_fis));
+ s->dev[port].port_state = STATE_RUN;
+ if (!ide_state->bs) {
+ s->dev[port].port_regs.sig = 0;
+ tfd = (1 << 8) | SEEK_STAT | WRERR_STAT;
+ } else if (ide_state->drive_kind == IDE_CD) {
+ s->dev[port].port_regs.sig = SATA_SIGNATURE_CDROM;
+ ide_state->lcyl = 0x14;
+ ide_state->hcyl = 0xeb;
+ DPRINTF(port, "set lcyl = %d\n", ide_state->lcyl);
+ init_fis[5] = ide_state->lcyl;
+ init_fis[6] = ide_state->hcyl;
+ ide_state->status = SEEK_STAT | WRERR_STAT | READY_STAT;
+ } else {
+ s->dev[port].port_regs.sig = SATA_SIGNATURE_DISK;
+ ide_state->status = SEEK_STAT | WRERR_STAT;
+ }
+
+ ide_state->error = 1;
+ init_fis[4] = 1;
+ init_fis[12] = 1;
+ ahci_write_fis_d2h(s, port, init_fis);
+}
+
+static void debug_print_fis(uint8_t *fis, int cmd_len)
+{
+#ifdef DEBUG_AHCI
+ int i;
+
+ fprintf(stderr, "fis:");
+ for (i = 0; i < cmd_len; i++) {
+ if ((i & 0xf) == 0) {
+ fprintf(stderr, "\n%02x:",i);
+ }
+ fprintf(stderr, "%02x ",fis[i]);
+ }
+ fprintf(stderr, "\n");
+#endif
+}
+
+static void ahci_write_fis_sdb(AHCIState *s, int port, uint32_t finished)
+{
+ AHCIPortRegs *pr = &s->dev[port].port_regs;
+ IDEState *ide_state;
+ uint8_t *sdb_fis;
+
+ if (!s->dev[port].res_fis ||
+ !(pr->cmd & PORT_CMD_FIS_RX)) {
+ return;
+ }
+
+ sdb_fis = &s->dev[port].res_fis[RES_FIS_SDBFIS];
+ ide_state = &s->dev[port].port.ifs[0];
+
+ /* clear memory */
+ *(uint32_t*)sdb_fis = 0;
+
+ /* write values */
+ sdb_fis[0] = ide_state->error;
+ sdb_fis[2] = ide_state->status & 0x77;
+ s->dev[port].finished |= finished;
+ *(uint32_t*)(sdb_fis + 4) = cpu_to_le32(s->dev[port].finished);
+
+ ahci_trigger_irq(s, &s->dev[port], PORT_IRQ_STAT_SDBS);
+}
+
+static void ahci_write_fis_d2h(AHCIState *s, int port, uint8_t *cmd_fis)
+{
+ AHCIPortRegs *pr = &s->dev[port].port_regs;
+ uint8_t *d2h_fis;
+ int i;
+
+ if (!s->dev[port].res_fis ||
+ !(pr->cmd & PORT_CMD_FIS_RX)) {
+ return;
+ }
+
+ d2h_fis = &s->dev[port].res_fis[RES_FIS_RFIS];
+
+ d2h_fis[0] = 0x34;
+ d2h_fis[1] = (s->control_regs.irqstatus ? (1 << 6) : 0);
+ d2h_fis[2] = s->dev[port].port.ifs[0].status;
+ d2h_fis[3] = s->dev[port].port.ifs[0].error;
+
+ d2h_fis[4] = cmd_fis[4];
+ d2h_fis[5] = cmd_fis[5];
+ d2h_fis[6] = cmd_fis[6];
+ d2h_fis[7] = cmd_fis[7];
+ d2h_fis[8] = cmd_fis[8];
+ d2h_fis[9] = cmd_fis[9];
+ d2h_fis[10] = cmd_fis[10];
+ d2h_fis[11] = cmd_fis[11];
+ d2h_fis[12] = cmd_fis[12];
+ d2h_fis[13] = cmd_fis[13];
+ for (i = 14; i < 0x20; i++) {
+ d2h_fis[i] = 0;
+ }
+
+ if (d2h_fis[2] & ERR_STAT) {
+ ahci_trigger_irq(s, &s->dev[port], PORT_IRQ_STAT_TFES);
+ }
+
+ ahci_trigger_irq(s, &s->dev[port], PORT_IRQ_D2H_REG_FIS);
+}
+
+static void ncq_cb(void *opaque, int ret)
+{
+ NCQTransferState *ncq_tfs = (NCQTransferState *)opaque;
+ IDEState *ide_state;
+
+ if (ret < 0) {
+ /* XXX error */
+ }
+
+ /* Clear bit for this tag in SActive */
+ ncq_tfs->drive->port_regs.scr_act &= ~(1 << ncq_tfs->tag);
+
+ ide_state = &ncq_tfs->drive->port.ifs[0];
+ ide_state->status = READY_STAT | SEEK_STAT;
+
+ /* XXX do we send a d2h fis here? */
+ ahci_write_fis_d2h(ncq_tfs->drive->hba, ncq_tfs->drive->port_no,
+ ncq_tfs->drive->cmd_fis);
+
+ ahci_write_fis_sdb(ncq_tfs->drive->hba, ncq_tfs->drive->port_no,
+ (1 << ncq_tfs->tag));
+
+ DPRINTF(ncq_tfs->drive->port_no, "NCQ transfer tag %d finished\n",
+ ncq_tfs->tag);
+
+ qemu_sglist_destroy(&ncq_tfs->sglist);
+ cpu_physical_memory_unmap(ncq_tfs->drive->cmd_fis, 1,
+ ncq_tfs->drive->cmd_fis_len,
+ ncq_tfs->drive->cmd_fis_len);
+
+ ncq_tfs->used = 0;
+}
+
+static void process_ncq_command(AHCIState *s, int port, uint8_t *cmd_fis,
+ int slot, QEMUSGList *sg)
+{
+ NCQFrame *ncq_fis = (NCQFrame*)cmd_fis;
+ uint8_t tag = ncq_fis->tag >> 3;
+ NCQTransferState *ncq_tfs = &s->dev[port].ncq_tfs[tag];
+
+ if (ncq_tfs->used) {
+ /* error - already in use */
+ fprintf(stderr, "%s: tag %d already used\n", __FUNCTION__, tag);
+ return;
+ }
+
+ ncq_tfs->used = 1;
+ ncq_tfs->drive = &s->dev[port];
+ ncq_tfs->drive->cmd_fis = cmd_fis;
+ ncq_tfs->drive->cmd_fis_len = 0x20;
+ ncq_tfs->slot = slot;
+ ncq_tfs->lba = ((uint64_t)ncq_fis->lba5 << 40) |
+ ((uint64_t)ncq_fis->lba4 << 32) |
+ ((uint64_t)ncq_fis->lba3 << 24) |
+ ((uint64_t)ncq_fis->lba2 << 16) |
+ ((uint64_t)ncq_fis->lba1 << 8) |
+ (uint64_t)ncq_fis->lba0;
+
+ /* Note: We calculate the sector count, but don't currently rely on it.
+ * The total size of the DMA buffer tells us the transfer size instead. */
+ ncq_tfs->sector_count = ((uint16_t)ncq_fis->sector_count_high << 8) |
+ ncq_fis->sector_count_low;
+
+ DPRINTF(port, "NCQ transfer LBA from %ld to %ld, drive max %ld\n",
+ ncq_tfs->lba, ncq_tfs->lba + ncq_tfs->sector_count - 2,
+ s->dev[port].port.ifs[0].nb_sectors - 1);
+
+ ncq_tfs->sglist = *sg;
+ ncq_tfs->tag = tag;
+
+ switch(ncq_fis->command) {
+ case READ_FPDMA_QUEUED:
+ DPRINTF(port, "NCQ reading %d sectors from LBA %ld, tag %d\n",
+ ncq_tfs->sector_count-1, ncq_tfs->lba, ncq_tfs->tag);
+ ncq_tfs->is_read = 1;
+
+ /* XXX: The specification is unclear about whether the DMA Setup
+ * FIS here should have the I bit set, but it suggest that it should
+ * not. Linux works without this interrupt, so I disabled it.
+ * If someone knows if it is needed, please tell me, or fix this. */
+
+ /* ahci_trigger_irq(s,s->dev[port],PORT_IRQ_STAT_DSS); */
+ DPRINTF(port, "tag %d aio read %ld\n", ncq_tfs->tag, ncq_tfs->lba);
+ dma_bdrv_read(ncq_tfs->drive->port.ifs[0].bs, &ncq_tfs->sglist,
+ ncq_tfs->lba, ncq_cb, ncq_tfs);
+ break;
+ case WRITE_FPDMA_QUEUED:
+ DPRINTF(port, "NCQ writing %d sectors to LBA %ld, tag %d\n",
+ ncq_tfs->sector_count-1, ncq_tfs->lba, ncq_tfs->tag);
+ ncq_tfs->is_read = 0;
+ /* ahci_trigger_irq(s,s->dev[port],PORT_IRQ_STAT_DSS); */
+ DPRINTF(port, "tag %d aio write %ld\n", ncq_tfs->tag, ncq_tfs->lba);
+ dma_bdrv_write(ncq_tfs->drive->port.ifs[0].bs, &ncq_tfs->sglist,
+ ncq_tfs->lba, ncq_cb, ncq_tfs);
+ break;
+ default:
+ hw_error("ahci: tried to process non-NCQ command as NCQ\n");
+ break;
+ }
+}
+
+static int handle_cmd(AHCIState *s, int port, int slot)
+{
+ IDEState *ide_state;
+
+ int sglist_alloc_hint;
+ QEMUSGList sglist;
+ int atapi_packet_len = 0;
+ AHCIPortRegs *pr;
+ uint32_t opts;
+ uint64_t tbl_addr;
+ AHCICmdHdr *cmd;
+ uint8_t *cmd_fis;
+
+ target_phys_addr_t cmd_len;
+ int i;
+
+ if (s->dev[port].port.ifs[0].status & (BUSY_STAT|DRQ_STAT)) {
+ /* Engine currently busy, try again later */
+ DPRINTF(port, "engine busy\n");
+ return -1;
+ }
+
+ pr = &s->dev[port].port_regs;
+ cmd = &((AHCICmdHdr *)s->dev[port].lst)[slot];
+
+ if (!s->dev[port].lst) {
+ hw_error("%s: lst not given but cmd handled", __FUNCTION__);
+ }
+
+ opts = le32_to_cpu(cmd->opts);
+ tbl_addr = le64_to_cpu(cmd->tbl_addr);
+
+ sglist_alloc_hint = opts >> AHCI_CMD_HDR_PRDT_LEN;
+ cmd_len = 0x80 + (sglist_alloc_hint * sizeof(AHCI_SG));
+ cmd_fis = cpu_physical_memory_map(tbl_addr, &cmd_len, 1);
+
+ /* The device we are working for */
+ ide_state = &s->dev[port].port.ifs[0];
+
+ if (!ide_state->bs) {
+ hw_error("%s: guest accessed unused port", __FUNCTION__);
+ }
+
+ /* Get number of entries in the PRDT, init a qemu sglist accordingly */
+ memset(&sglist, 0, sizeof(sglist));
+
+ if (sglist_alloc_hint > 0) {
+ AHCI_SG *tbl = (AHCI_SG *)(&cmd_fis[0x80]);
+
+ qemu_sglist_init(&sglist, sglist_alloc_hint);
+ /* Parse the PRDs and create qemu sglist entries accordingly */
+ for (i = 0; i < sglist_alloc_hint; i++) {
+ /* flags_size is zero-based */
+ qemu_sglist_add(&sglist, le64_to_cpu(tbl[i].addr),
+ le32_to_cpu(tbl[i].flags_size) + 1);
+ }
+ }
+
+ debug_print_fis(cmd_fis, (opts & AHCI_CMD_HDR_CMD_FIS_LEN) * 4);
+
+ switch (cmd_fis[0]) {
+ case SATA_FIS_TYPE_REGISTER_H2D:
+ break;
+ default:
+ hw_error("unknown command cmd_fis[0]=%02x cmd_fis[1]=%02x cmd_fis[2]=%02x\n",
+ cmd_fis[0], cmd_fis[1], cmd_fis[2]);
+ break;
+ }
+
+ switch (cmd_fis[1]) {
+ case SATA_FIS_REG_H2D_UPDATE_COMMAND_REGISTER:
+ break;
+ case 0:
+ break;
+ default:
+ hw_error("unknown command cmd_fis[0]=%02x cmd_fis[1]=%02x cmd_fis[2]=%02x\n",
+ cmd_fis[0], cmd_fis[1], cmd_fis[2]);
+ break;
+ }
+
+ switch (s->dev[port].port_state) {
+ case STATE_RUN:
+ if (cmd_fis[15] & ATA_SRST) {
+ s->dev[port].port_state = STATE_RESET;
+ }
+ break;
+ case STATE_RESET:
+ if (!(cmd_fis[15] & ATA_SRST)) {
+ ahci_reset_port(s, port);
+ }
+ break;
+ }
+
+ if (cmd_fis[1] == SATA_FIS_REG_H2D_UPDATE_COMMAND_REGISTER) {
+
+ /* Check for NCQ command */
+ if ((cmd_fis[2] == READ_FPDMA_QUEUED) ||
+ (cmd_fis[2] == WRITE_FPDMA_QUEUED)) {
+ process_ncq_command(s, port, cmd_fis, slot, &sglist);
+ goto out;
+ }
+
+ /* If the command is not NCQ, the sglist is needed in the core */
+ ide_state->sg = sglist;
+
+ /* Decompose the FIS */
+ ide_state->nsector = (int64_t)((cmd_fis[13] << 8) | cmd_fis[12]);
+ ide_state->feature = cmd_fis[3];
+ if (!ide_state->nsector) {
+ ide_state->nsector = 256;
+ }
+
+ if (ide_state->drive_kind != IDE_CD) {
+ ide_set_sector(ide_state, (cmd_fis[6] << 16) | (cmd_fis[5] << 8) |
+ cmd_fis[4]);
+ }
+
+ /* Copy the ACMD field (ATAPI packet, if any) from the AHCI command
+ * table to ide_state->io_buffer
+ */
+ if (opts & AHCI_CMD_ATAPI) {
+ atapi_packet_len = ((ide_state->hcyl) << 8) + ide_state->lcyl;
+ memcpy(ide_state->io_buffer, &cmd_fis[AHCI_COMMAND_TABLE_ACMD], 0x10);
+ ide_state->feature = IDE_FEATURE_DMA;
+ }
+
+ ide_state->error = 0;
+ s->dev[port].cur_cmd = cmd;
+
+ /* We're ready to process the command in FIS byte 2. */
+ ide_exec_cmd(&s->dev[port].port, cmd_fis[2]);
+
+ /* we're DMA'ing, so we're not ready yet, postpone cleanup to later */
+ if (s->dev[port].dma_status & BM_STATUS_DMAING) {
+ cmd->status = 0;
+ s->dev[port].cmd_fis = cmd_fis;
+ s->dev[port].cmd_fis_len = cmd_len;
+ return 0;
+ }
+
+ ahci_write_fis_d2h(s, port, cmd_fis);
+ }
+
+out:
+ cpu_physical_memory_unmap(cmd_fis, 1, cmd_len, cmd_len);
+
+ return 0;
+}
+
+/* DMA dev -> ram */
+static int ahci_start_transfer(void *opaque)
+{
+ AHCIDevice *ad = opaque;
+ IDEState *s = &ad->port.ifs[0];
+ uint32_t size = (uint32_t)(s->data_end - s->data_ptr);
+
+ DPRINTF(ad->port_no, "writing %d bytes\n", size);
+ write_to_sglist(s->data_ptr, size, &s->sg);
+
+ /* update number of transferred bytes */
+ ad->cur_cmd->status = cpu_to_le32(le32_to_cpu(ad->cur_cmd->status) + size);
+ /* declare that we processed everything */
+ s->data_ptr = s->data_end;
+ s->end_transfer_func(s);
+
+ if (!(s->status & DRQ_STAT)) {
+ /* done with DMA */
+ ahci_trigger_irq(ad->hba, ad, PORT_IRQ_STAT_DSS);
+ }
+
+ return 0;
+}
+
+static void ahci_start_dma(void *opaque, IDEState *s,
+ BlockDriverCompletionFunc *dma_cb)
+{
+ AHCIDevice *ad = opaque;
+
+ DPRINTF(ad->port_no, "\n");
+ ad->dma_cb = dma_cb;
+ ad->dma_status |= BM_STATUS_DMAING;
+ dma_cb(s, 0);
+}
+
+static int ahci_dma_prepare_buf(void *opaque, int is_write)
+{
+ AHCIDevice *ad = opaque;
+ IDEState *s = &ad->port.ifs[0];
+ int i;
+
+ s->io_buffer_size = 0;
+ for (i = 0; i < s->sg.nsg; i++) {
+ s->io_buffer_size += s->sg.sg[i].len;
+ }
+
+ DPRINTF(ad->port_no, "len=%#x\n", s->io_buffer_size);
+ return s->io_buffer_size != 0;
+}
+
+static int ahci_dma_rw_buf(void *opaque, int is_write)
+{
+ AHCIDevice *ad = opaque;
+ IDEState *s = &ad->port.ifs[0];
+ uint8_t *p = s->io_buffer + s->io_buffer_index;
+ int l = s->io_buffer_size - s->io_buffer_index;
+
+ if (is_write) {
+ write_to_sglist(p, l, &s->sg);
+ } else {
+ read_from_sglist(p, l, &s->sg);
+ }
+
+ s->io_buffer_index += l;
+ DPRINTF(ad->port_no, "len=%#x\n", l);
+
+ return 1;
+}
+
+static int ahci_dma_set_unit(void *opaque, int unit)
+{
+ /* only a single unit per link */
+ return 0;
+}
+
+static int ahci_dma_set_status(void *opaque, int status)
+{
+ AHCIDevice *ad = opaque;
+ ad->dma_status |= status;
+ DPRINTF(ad->port_no, "set status: %x\n", status);
+
+ if (status & BM_STATUS_INT) {
+ ahci_trigger_irq(ad->hba, ad, PORT_IRQ_STAT_DSS);
+ }
+
+ return 0;
+}
+
+static int ahci_dma_set_inactive(void *opaque)
+{
+ AHCIDevice *ad = opaque;
+
+ DPRINTF(ad->port_no, "dma done\n");
+
+ /* update d2h status */
+ if (ad->cmd_fis) {
+ ahci_write_fis_d2h(ad->hba, ad->port_no, ad->cmd_fis);
+ cpu_physical_memory_unmap(ad->cmd_fis, 1, ad->cmd_fis_len, ad->cmd_fis_len);
+ ad->cmd_fis = NULL;
+ }
+
+ ad->dma_cb = NULL;
+
+ return 0;
+}
+
+static void ahci_irq_set(void *opaque, int n, int level)
+{
+}
+
+static void ahci_dma_restart_cb(void *opaque, int running, int reason)
+{
+}
+
+static int ahci_dma_reset(void *opaque)
+{
+ return 0;
+}
+
+static const IDEDMAOps ahci_dma_ops = {
+ .start_dma = ahci_start_dma,
+ .start_transfer = ahci_start_transfer,
+ .prepare_buf = ahci_dma_prepare_buf,
+ .rw_buf = ahci_dma_rw_buf,
+ .set_unit = ahci_dma_set_unit,
+ .set_status = ahci_dma_set_status,
+ .set_inactive = ahci_dma_set_inactive,
+ .restart_cb = ahci_dma_restart_cb,
+ .reset = ahci_dma_reset,
+};
+
+static void ahci_init(AHCIState *s, DeviceState *qdev)
+{
+ qemu_irq *irqs;
+ int i;
+
+ ahci_reg_init(s);
+ s->mem = cpu_register_io_memory(ahci_readfn, ahci_writefn, s);
+ irqs = qemu_allocate_irqs(ahci_irq_set, s, SATA_PORTS);
+
+ for (i = 0; i < SATA_PORTS; i++) {
+ AHCIDevice *ad = &s->dev[i];
+
+ ide_bus_new(&ad->port, qdev);
+ ide_init2(&ad->port, irqs[i]);
+
+ ad->hba = s;
+ ad->port_no = i;
+ ad->port.dma.ops = &ahci_dma_ops;
+ ad->port.dma.opaque = ad;
+ ad->port_regs.cmd = PORT_CMD_SPIN_UP | PORT_CMD_POWER_ON;
+ }
+}
+
+static void ahci_pci_map(PCIDevice *pci_dev, int region_num,
+ pcibus_t addr, pcibus_t size, int type)
+{
+ struct AHCIPCIState *d = (struct AHCIPCIState *)pci_dev;
+ AHCIState *s = &d->ahci;
+
+ cpu_register_physical_memory(addr, size, s->mem);
+}
+
+static void ahci_reset(void *opaque)
+{
+ struct AHCIPCIState *d = opaque;
+ int i;
+
+ for (i = 0; i < SATA_PORTS; i++) {
+ ahci_reset_port(&d->ahci, i);
+ }
+}
+
+static int pci_ahci_init(PCIDevice *dev)
+{
+ struct AHCIPCIState *d;
+ d = DO_UPCAST(struct AHCIPCIState, card, dev);
+
+ pci_config_set_vendor_id(d->card.config, PCI_VENDOR_ID_INTEL);
+ pci_config_set_device_id(d->card.config,
+ PCI_DEVICE_ID_INTEL_ICH7_AHCI);
+
+ pci_config_set_class(d->card.config, PCI_CLASS_STORAGE_SATA);
+ pci_config_set_prog_interface(d->card.config, AHCI_PROGMODE_MAJOR_REV_1);
+
+ d->card.config[PCI_CACHE_LINE_SIZE] = 0x08; /* Cache line size */
+ d->card.config[PCI_LATENCY_TIMER] = 0x00; /* Latency timer */
+ pci_config_set_interrupt_pin(d->card.config, 1);
+
+ qemu_register_reset(ahci_reset, d);
+
+ /* XXX BAR size should be 1k, but that breaks, so bump it to 4k for now */
+ pci_register_bar(&d->card, 5, 0x1000, PCI_BASE_ADDRESS_SPACE_MEMORY,
+ ahci_pci_map);
+
+ msi_init(dev, 0x50, 1, true, false);
+
+ ahci_init(&d->ahci, &dev->qdev);
+ d->ahci.irq = d->card.irq[0];
+
+ return 0;
+}
+
+static int pci_ahci_uninit(PCIDevice *dev)
+{
+ if (msi_enabled(dev)) {
+ msi_uninit(dev);
+ }
+
+ return 0;
+}
+
+static void pci_ahci_write_config(PCIDevice *pci, uint32_t addr,
+ uint32_t val, int len)
+{
+ pci_default_write_config(pci, addr, val, len);
+ msi_write_config(pci, addr, val, len);
+}
+
+static PCIDeviceInfo ahci_info = {
+ .qdev.name = "ahci",
+ .qdev.size = sizeof(AHCIPCIState),
+ .init = pci_ahci_init,
+ .exit = pci_ahci_uninit,
+ .config_write = pci_ahci_write_config,
+};
+
+static void ahci_pci_register_devices(void)
+{
+ pci_qdev_register(&ahci_info);
+}
+
+device_init(ahci_pci_register_devices)
--
1.6.0.2
^ permalink raw reply related [flat|nested] 29+ messages in thread* [Qemu-devel] Re: [PATCH 09/13] ahci: add ahci emulation
2010-12-08 12:13 ` [Qemu-devel] [PATCH 09/13] ahci: add ahci emulation Alexander Graf
@ 2010-12-08 21:14 ` Stefan Hajnoczi
2010-12-09 15:48 ` Alexander Graf
0 siblings, 1 reply; 29+ messages in thread
From: Stefan Hajnoczi @ 2010-12-08 21:14 UTC (permalink / raw)
To: Alexander Graf
Cc: Kevin Wolf, Joerg Roedel, Paul Brook, QEMU-devel Developers,
Blue Swirl, Gerd Hoffmann, tj, Roland Elek, Sebastian Herbszt
On Wed, Dec 8, 2010 at 12:13 PM, Alexander Graf <agraf@suse.de> wrote:
> +struct AHCIDevice {
> + IDEBus port;
> + int port_no;
> + uint32_t port_state;
> + uint32_t finished;
> + AHCIPortRegs port_regs;
> + struct AHCIState *hba;
> + uint8_t *lst;
> + uint8_t *res_fis;
> + uint8_t *cmd_fis;
Are these unmapped on reset?
> + int cmd_fis_len;
> + int dma_status;
> + BlockDriverCompletionFunc *dma_cb;
> + AHCICmdHdr *cur_cmd;
> + NCQTransferState ncq_tfs[AHCI_MAX_CMDS];
Are the ncq_tfs[] elements cleaned up on reset (i.e. cancellation and
free sglist)?
> +static void map_page(uint8_t **ptr, uint64_t addr, uint32_t wanted)
> +{
> + target_phys_addr_t len = wanted;
> +
> + if (*ptr) {
> + cpu_physical_memory_unmap(*ptr, 1, len, len);
> + }
> +
> + *ptr = cpu_physical_memory_map(addr, &len, 1);
> + if (len < wanted) {
> + cpu_physical_memory_unmap(*ptr, 1, len, len);
*ptr = NULL;
> +static void ncq_cb(void *opaque, int ret)
> +{
> + NCQTransferState *ncq_tfs = (NCQTransferState *)opaque;
> + IDEState *ide_state;
> +
> + if (ret < 0) {
> + /* XXX error */
> + }
Missing error handling.
> +static void process_ncq_command(AHCIState *s, int port, uint8_t *cmd_fis,
> + int slot, QEMUSGList *sg)
> +{
> + NCQFrame *ncq_fis = (NCQFrame*)cmd_fis;
> + uint8_t tag = ncq_fis->tag >> 3;
> + NCQTransferState *ncq_tfs = &s->dev[port].ncq_tfs[tag];
> +
> + if (ncq_tfs->used) {
> + /* error - already in use */
> + fprintf(stderr, "%s: tag %d already used\n", __FUNCTION__, tag);
> + return;
> + }
> +
> + ncq_tfs->used = 1;
> + ncq_tfs->drive = &s->dev[port];
> + ncq_tfs->drive->cmd_fis = cmd_fis;
> + ncq_tfs->drive->cmd_fis_len = 0x20;
> + ncq_tfs->slot = slot;
> + ncq_tfs->lba = ((uint64_t)ncq_fis->lba5 << 40) |
> + ((uint64_t)ncq_fis->lba4 << 32) |
> + ((uint64_t)ncq_fis->lba3 << 24) |
> + ((uint64_t)ncq_fis->lba2 << 16) |
> + ((uint64_t)ncq_fis->lba1 << 8) |
> + (uint64_t)ncq_fis->lba0;
> +
> + /* Note: We calculate the sector count, but don't currently rely on it.
> + * The total size of the DMA buffer tells us the transfer size instead. */
> + ncq_tfs->sector_count = ((uint16_t)ncq_fis->sector_count_high << 8) |
> + ncq_fis->sector_count_low;
> +
> + DPRINTF(port, "NCQ transfer LBA from %ld to %ld, drive max %ld\n",
> + ncq_tfs->lba, ncq_tfs->lba + ncq_tfs->sector_count - 2,
> + s->dev[port].port.ifs[0].nb_sectors - 1);
> +
> + ncq_tfs->sglist = *sg;
> + ncq_tfs->tag = tag;
> +
> + switch(ncq_fis->command) {
> + case READ_FPDMA_QUEUED:
> + DPRINTF(port, "NCQ reading %d sectors from LBA %ld, tag %d\n",
> + ncq_tfs->sector_count-1, ncq_tfs->lba, ncq_tfs->tag);
> + ncq_tfs->is_read = 1;
> +
> + /* XXX: The specification is unclear about whether the DMA Setup
> + * FIS here should have the I bit set, but it suggest that it should
> + * not. Linux works without this interrupt, so I disabled it.
> + * If someone knows if it is needed, please tell me, or fix this. */
> +
> + /* ahci_trigger_irq(s,s->dev[port],PORT_IRQ_STAT_DSS); */
> + DPRINTF(port, "tag %d aio read %ld\n", ncq_tfs->tag, ncq_tfs->lba);
> + dma_bdrv_read(ncq_tfs->drive->port.ifs[0].bs, &ncq_tfs->sglist,
> + ncq_tfs->lba, ncq_cb, ncq_tfs);
> + break;
> + case WRITE_FPDMA_QUEUED:
> + DPRINTF(port, "NCQ writing %d sectors to LBA %ld, tag %d\n",
> + ncq_tfs->sector_count-1, ncq_tfs->lba, ncq_tfs->tag);
> + ncq_tfs->is_read = 0;
> + /* ahci_trigger_irq(s,s->dev[port],PORT_IRQ_STAT_DSS); */
> + DPRINTF(port, "tag %d aio write %ld\n", ncq_tfs->tag, ncq_tfs->lba);
> + dma_bdrv_write(ncq_tfs->drive->port.ifs[0].bs, &ncq_tfs->sglist,
> + ncq_tfs->lba, ncq_cb, ncq_tfs);
> + break;
> + default:
> + hw_error("ahci: tried to process non-NCQ command as NCQ\n");
Guest triggerable abort.
> + break;
> + }
> +}
> +
> +static int handle_cmd(AHCIState *s, int port, int slot)
> +{
> + IDEState *ide_state;
> +
> + int sglist_alloc_hint;
> + QEMUSGList sglist;
> + int atapi_packet_len = 0;
> + AHCIPortRegs *pr;
> + uint32_t opts;
> + uint64_t tbl_addr;
> + AHCICmdHdr *cmd;
> + uint8_t *cmd_fis;
> +
> + target_phys_addr_t cmd_len;
> + int i;
> +
> + if (s->dev[port].port.ifs[0].status & (BUSY_STAT|DRQ_STAT)) {
> + /* Engine currently busy, try again later */
> + DPRINTF(port, "engine busy\n");
> + return -1;
> + }
> +
> + pr = &s->dev[port].port_regs;
> + cmd = &((AHCICmdHdr *)s->dev[port].lst)[slot];
> +
> + if (!s->dev[port].lst) {
> + hw_error("%s: lst not given but cmd handled", __FUNCTION__);
Guest triggerable abort.
> + }
> +
> + opts = le32_to_cpu(cmd->opts);
> + tbl_addr = le64_to_cpu(cmd->tbl_addr);
> +
> + sglist_alloc_hint = opts >> AHCI_CMD_HDR_PRDT_LEN;
> + cmd_len = 0x80 + (sglist_alloc_hint * sizeof(AHCI_SG));
> + cmd_fis = cpu_physical_memory_map(tbl_addr, &cmd_len, 1);
NULL dereference later if cpu_physical_memory_map() fails due to
invalid address (tbl_addr).
> +
> + /* The device we are working for */
> + ide_state = &s->dev[port].port.ifs[0];
> +
> + if (!ide_state->bs) {
> + hw_error("%s: guest accessed unused port", __FUNCTION__);
Guest triggerable abort.
> + }
> +
> + /* Get number of entries in the PRDT, init a qemu sglist accordingly */
> + memset(&sglist, 0, sizeof(sglist));
> +
> + if (sglist_alloc_hint > 0) {
> + AHCI_SG *tbl = (AHCI_SG *)(&cmd_fis[0x80]);
> +
> + qemu_sglist_init(&sglist, sglist_alloc_hint);
> + /* Parse the PRDs and create qemu sglist entries accordingly */
> + for (i = 0; i < sglist_alloc_hint; i++) {
> + /* flags_size is zero-based */
> + qemu_sglist_add(&sglist, le64_to_cpu(tbl[i].addr),
> + le32_to_cpu(tbl[i].flags_size) + 1);
> + }
> + }
Only the SATA_FIS_REG_H2D_UPDATE_COMMAND_REGISTER codepath seems to
clean up sglist. The guest can leak host memory by setting
sglist_alloc_hint > 0 and not using
SATA_FIS_REG_H2D_UPDATE_COMMAND_REGISTER.
> +
> + debug_print_fis(cmd_fis, (opts & AHCI_CMD_HDR_CMD_FIS_LEN) * 4);
> +
> + switch (cmd_fis[0]) {
> + case SATA_FIS_TYPE_REGISTER_H2D:
> + break;
> + default:
> + hw_error("unknown command cmd_fis[0]=%02x cmd_fis[1]=%02x cmd_fis[2]=%02x\n",
> + cmd_fis[0], cmd_fis[1], cmd_fis[2]);
Guest triggerable abort.
> + break;
> + }
> +
> + switch (cmd_fis[1]) {
> + case SATA_FIS_REG_H2D_UPDATE_COMMAND_REGISTER:
> + break;
> + case 0:
> + break;
> + default:
> + hw_error("unknown command cmd_fis[0]=%02x cmd_fis[1]=%02x cmd_fis[2]=%02x\n",
> + cmd_fis[0], cmd_fis[1], cmd_fis[2]);
Guest triggerable abort.
> + break;
> + }
> +
> + switch (s->dev[port].port_state) {
> + case STATE_RUN:
> + if (cmd_fis[15] & ATA_SRST) {
> + s->dev[port].port_state = STATE_RESET;
> + }
> + break;
> + case STATE_RESET:
> + if (!(cmd_fis[15] & ATA_SRST)) {
> + ahci_reset_port(s, port);
> + }
> + break;
> + }
> +
> + if (cmd_fis[1] == SATA_FIS_REG_H2D_UPDATE_COMMAND_REGISTER) {
> +
> + /* Check for NCQ command */
> + if ((cmd_fis[2] == READ_FPDMA_QUEUED) ||
> + (cmd_fis[2] == WRITE_FPDMA_QUEUED)) {
> + process_ncq_command(s, port, cmd_fis, slot, &sglist);
> + goto out;
> + }
> +
> + /* If the command is not NCQ, the sglist is needed in the core */
> + ide_state->sg = sglist;
> +
> + /* Decompose the FIS */
> + ide_state->nsector = (int64_t)((cmd_fis[13] << 8) | cmd_fis[12]);
> + ide_state->feature = cmd_fis[3];
> + if (!ide_state->nsector) {
> + ide_state->nsector = 256;
> + }
> +
> + if (ide_state->drive_kind != IDE_CD) {
> + ide_set_sector(ide_state, (cmd_fis[6] << 16) | (cmd_fis[5] << 8) |
> + cmd_fis[4]);
> + }
> +
> + /* Copy the ACMD field (ATAPI packet, if any) from the AHCI command
> + * table to ide_state->io_buffer
> + */
> + if (opts & AHCI_CMD_ATAPI) {
> + atapi_packet_len = ((ide_state->hcyl) << 8) + ide_state->lcyl;
Unused variable.
> +static int pci_ahci_init(PCIDevice *dev)
> +{
> + struct AHCIPCIState *d;
> + d = DO_UPCAST(struct AHCIPCIState, card, dev);
> +
> + pci_config_set_vendor_id(d->card.config, PCI_VENDOR_ID_INTEL);
> + pci_config_set_device_id(d->card.config,
> + PCI_DEVICE_ID_INTEL_ICH7_AHCI);
> +
> + pci_config_set_class(d->card.config, PCI_CLASS_STORAGE_SATA);
> + pci_config_set_prog_interface(d->card.config, AHCI_PROGMODE_MAJOR_REV_1);
> +
> + d->card.config[PCI_CACHE_LINE_SIZE] = 0x08; /* Cache line size */
> + d->card.config[PCI_LATENCY_TIMER] = 0x00; /* Latency timer */
> + pci_config_set_interrupt_pin(d->card.config, 1);
> +
> + qemu_register_reset(ahci_reset, d);
Missing qemu_unregister_reset() in pci_ahci_uninit().
Stefan
^ permalink raw reply [flat|nested] 29+ messages in thread* [Qemu-devel] Re: [PATCH 09/13] ahci: add ahci emulation
2010-12-08 21:14 ` [Qemu-devel] " Stefan Hajnoczi
@ 2010-12-09 15:48 ` Alexander Graf
2010-12-09 15:53 ` Kevin Wolf
0 siblings, 1 reply; 29+ messages in thread
From: Alexander Graf @ 2010-12-09 15:48 UTC (permalink / raw)
To: Stefan Hajnoczi
Cc: Kevin Wolf, Joerg Roedel, Paul Brook, QEMU-devel Developers,
Blue Swirl, Gerd Hoffmann, tj, Roland Elek, Sebastian Herbszt
Stefan Hajnoczi wrote:
> On Wed, Dec 8, 2010 at 12:13 PM, Alexander Graf <agraf@suse.de> wrote:
>
>> +struct AHCIDevice {
>> + IDEBus port;
>> + int port_no;
>> + uint32_t port_state;
>> + uint32_t finished;
>> + AHCIPortRegs port_regs;
>> + struct AHCIState *hba;
>> + uint8_t *lst;
>> + uint8_t *res_fis;
>> + uint8_t *cmd_fis;
>>
>
> Are these unmapped on reset?
>
On which reset? Port reset sends a d2h fis to the guest, so we still
need at least the res mapping. I couldn't find the exact spot where the
state of registers after reset is defined.
>
>> + int cmd_fis_len;
>> + int dma_status;
>> + BlockDriverCompletionFunc *dma_cb;
>> + AHCICmdHdr *cur_cmd;
>> + NCQTransferState ncq_tfs[AHCI_MAX_CMDS];
>>
>
> Are the ncq_tfs[] elements cleaned up on reset (i.e. cancellation and
> free sglist)?
>
>
>> +static void map_page(uint8_t **ptr, uint64_t addr, uint32_t wanted)
>> +{
>> + target_phys_addr_t len = wanted;
>> +
>> + if (*ptr) {
>> + cpu_physical_memory_unmap(*ptr, 1, len, len);
>> + }
>> +
>> + *ptr = cpu_physical_memory_map(addr, &len, 1);
>> + if (len < wanted) {
>> + cpu_physical_memory_unmap(*ptr, 1, len, len);
>>
>
> *ptr = NULL;
>
>
>> +static void ncq_cb(void *opaque, int ret)
>> +{
>> + NCQTransferState *ncq_tfs = (NCQTransferState *)opaque;
>> + IDEState *ide_state;
>> +
>> + if (ret < 0) {
>> + /* XXX error */
>> + }
>>
>
> Missing error handling.
>
Yes, that's what the XXX stands for :).
>
>> +static void process_ncq_command(AHCIState *s, int port, uint8_t *cmd_fis,
>> + int slot, QEMUSGList *sg)
>> +{
>> + NCQFrame *ncq_fis = (NCQFrame*)cmd_fis;
>> + uint8_t tag = ncq_fis->tag >> 3;
>> + NCQTransferState *ncq_tfs = &s->dev[port].ncq_tfs[tag];
>> +
>> + if (ncq_tfs->used) {
>> + /* error - already in use */
>> + fprintf(stderr, "%s: tag %d already used\n", __FUNCTION__, tag);
>> + return;
>> + }
>> +
>> + ncq_tfs->used = 1;
>> + ncq_tfs->drive = &s->dev[port];
>> + ncq_tfs->drive->cmd_fis = cmd_fis;
>> + ncq_tfs->drive->cmd_fis_len = 0x20;
>> + ncq_tfs->slot = slot;
>> + ncq_tfs->lba = ((uint64_t)ncq_fis->lba5 << 40) |
>> + ((uint64_t)ncq_fis->lba4 << 32) |
>> + ((uint64_t)ncq_fis->lba3 << 24) |
>> + ((uint64_t)ncq_fis->lba2 << 16) |
>> + ((uint64_t)ncq_fis->lba1 << 8) |
>> + (uint64_t)ncq_fis->lba0;
>> +
>> + /* Note: We calculate the sector count, but don't currently rely on it.
>> + * The total size of the DMA buffer tells us the transfer size instead. */
>> + ncq_tfs->sector_count = ((uint16_t)ncq_fis->sector_count_high << 8) |
>> + ncq_fis->sector_count_low;
>> +
>> + DPRINTF(port, "NCQ transfer LBA from %ld to %ld, drive max %ld\n",
>> + ncq_tfs->lba, ncq_tfs->lba + ncq_tfs->sector_count - 2,
>> + s->dev[port].port.ifs[0].nb_sectors - 1);
>> +
>> + ncq_tfs->sglist = *sg;
>> + ncq_tfs->tag = tag;
>> +
>> + switch(ncq_fis->command) {
>> + case READ_FPDMA_QUEUED:
>> + DPRINTF(port, "NCQ reading %d sectors from LBA %ld, tag %d\n",
>> + ncq_tfs->sector_count-1, ncq_tfs->lba, ncq_tfs->tag);
>> + ncq_tfs->is_read = 1;
>> +
>> + /* XXX: The specification is unclear about whether the DMA Setup
>> + * FIS here should have the I bit set, but it suggest that it should
>> + * not. Linux works without this interrupt, so I disabled it.
>> + * If someone knows if it is needed, please tell me, or fix this. */
>> +
>> + /* ahci_trigger_irq(s,s->dev[port],PORT_IRQ_STAT_DSS); */
>> + DPRINTF(port, "tag %d aio read %ld\n", ncq_tfs->tag, ncq_tfs->lba);
>> + dma_bdrv_read(ncq_tfs->drive->port.ifs[0].bs, &ncq_tfs->sglist,
>> + ncq_tfs->lba, ncq_cb, ncq_tfs);
>> + break;
>> + case WRITE_FPDMA_QUEUED:
>> + DPRINTF(port, "NCQ writing %d sectors to LBA %ld, tag %d\n",
>> + ncq_tfs->sector_count-1, ncq_tfs->lba, ncq_tfs->tag);
>> + ncq_tfs->is_read = 0;
>> + /* ahci_trigger_irq(s,s->dev[port],PORT_IRQ_STAT_DSS); */
>> + DPRINTF(port, "tag %d aio write %ld\n", ncq_tfs->tag, ncq_tfs->lba);
>> + dma_bdrv_write(ncq_tfs->drive->port.ifs[0].bs, &ncq_tfs->sglist,
>> + ncq_tfs->lba, ncq_cb, ncq_tfs);
>> + break;
>> + default:
>> + hw_error("ahci: tried to process non-NCQ command as NCQ\n");
>>
>
> Guest triggerable abort.
>
Those happen. The guest can shoot itself in the foot. We have more of
these in other places. Just check virtio.c and search for abort() :).
>
>> + break;
>> + }
>> +}
>> +
>> +static int handle_cmd(AHCIState *s, int port, int slot)
>> +{
>> + IDEState *ide_state;
>> +
>> + int sglist_alloc_hint;
>> + QEMUSGList sglist;
>> + int atapi_packet_len = 0;
>> + AHCIPortRegs *pr;
>> + uint32_t opts;
>> + uint64_t tbl_addr;
>> + AHCICmdHdr *cmd;
>> + uint8_t *cmd_fis;
>> +
>> + target_phys_addr_t cmd_len;
>> + int i;
>> +
>> + if (s->dev[port].port.ifs[0].status & (BUSY_STAT|DRQ_STAT)) {
>> + /* Engine currently busy, try again later */
>> + DPRINTF(port, "engine busy\n");
>> + return -1;
>> + }
>> +
>> + pr = &s->dev[port].port_regs;
>> + cmd = &((AHCICmdHdr *)s->dev[port].lst)[slot];
>> +
>> + if (!s->dev[port].lst) {
>> + hw_error("%s: lst not given but cmd handled", __FUNCTION__);
>>
>
> Guest triggerable abort.
>
>
>> + }
>> +
>> + opts = le32_to_cpu(cmd->opts);
>> + tbl_addr = le64_to_cpu(cmd->tbl_addr);
>> +
>> + sglist_alloc_hint = opts >> AHCI_CMD_HDR_PRDT_LEN;
>> + cmd_len = 0x80 + (sglist_alloc_hint * sizeof(AHCI_SG));
>> + cmd_fis = cpu_physical_memory_map(tbl_addr, &cmd_len, 1);
>>
>
> NULL dereference later if cpu_physical_memory_map() fails due to
> invalid address (tbl_addr).
>
>
>> +
>> + /* The device we are working for */
>> + ide_state = &s->dev[port].port.ifs[0];
>> +
>> + if (!ide_state->bs) {
>> + hw_error("%s: guest accessed unused port", __FUNCTION__);
>>
>
> Guest triggerable abort.
>
>
>> + }
>> +
>> + /* Get number of entries in the PRDT, init a qemu sglist accordingly */
>> + memset(&sglist, 0, sizeof(sglist));
>> +
>> + if (sglist_alloc_hint > 0) {
>> + AHCI_SG *tbl = (AHCI_SG *)(&cmd_fis[0x80]);
>> +
>> + qemu_sglist_init(&sglist, sglist_alloc_hint);
>> + /* Parse the PRDs and create qemu sglist entries accordingly */
>> + for (i = 0; i < sglist_alloc_hint; i++) {
>> + /* flags_size is zero-based */
>> + qemu_sglist_add(&sglist, le64_to_cpu(tbl[i].addr),
>> + le32_to_cpu(tbl[i].flags_size) + 1);
>> + }
>> + }
>>
>
> Only the SATA_FIS_REG_H2D_UPDATE_COMMAND_REGISTER codepath seems to
> clean up sglist. The guest can leak host memory by setting
> sglist_alloc_hint > 0 and not using
> SATA_FIS_REG_H2D_UPDATE_COMMAND_REGISTER.
>
True, the sglist should only be created in dma_prepare (then the core is
responsible for cleanup) or ncq command issue.
Alex
^ permalink raw reply [flat|nested] 29+ messages in thread* [Qemu-devel] Re: [PATCH 09/13] ahci: add ahci emulation
2010-12-09 15:48 ` Alexander Graf
@ 2010-12-09 15:53 ` Kevin Wolf
2010-12-09 16:18 ` Alexander Graf
0 siblings, 1 reply; 29+ messages in thread
From: Kevin Wolf @ 2010-12-09 15:53 UTC (permalink / raw)
To: Alexander Graf
Cc: Stefan Hajnoczi, Paul Brook, QEMU-devel Developers, Blue Swirl,
Gerd Hoffmann, Joerg Roedel, tj, Roland Elek, Sebastian Herbszt
Am 09.12.2010 16:48, schrieb Alexander Graf:
>>> +static void ncq_cb(void *opaque, int ret)
>>> +{
>>> + NCQTransferState *ncq_tfs = (NCQTransferState *)opaque;
>>> + IDEState *ide_state;
>>> +
>>> + if (ret < 0) {
>>> + /* XXX error */
>>> + }
>>>
>>
>> Missing error handling.
>>
>
> Yes, that's what the XXX stands for :).
I think Stefan wanted to tell us that he thinks this XXX should be
addressed. I don't disagree, by the way. ;-)
>>> +static void process_ncq_command(AHCIState *s, int port, uint8_t *cmd_fis,
>>> + int slot, QEMUSGList *sg)
>>> +{
>>> + NCQFrame *ncq_fis = (NCQFrame*)cmd_fis;
>>> + uint8_t tag = ncq_fis->tag >> 3;
>>> + NCQTransferState *ncq_tfs = &s->dev[port].ncq_tfs[tag];
>>> +
>>> + if (ncq_tfs->used) {
>>> + /* error - already in use */
>>> + fprintf(stderr, "%s: tag %d already used\n", __FUNCTION__, tag);
>>> + return;
>>> + }
>>> +
>>> + ncq_tfs->used = 1;
>>> + ncq_tfs->drive = &s->dev[port];
>>> + ncq_tfs->drive->cmd_fis = cmd_fis;
>>> + ncq_tfs->drive->cmd_fis_len = 0x20;
>>> + ncq_tfs->slot = slot;
>>> + ncq_tfs->lba = ((uint64_t)ncq_fis->lba5 << 40) |
>>> + ((uint64_t)ncq_fis->lba4 << 32) |
>>> + ((uint64_t)ncq_fis->lba3 << 24) |
>>> + ((uint64_t)ncq_fis->lba2 << 16) |
>>> + ((uint64_t)ncq_fis->lba1 << 8) |
>>> + (uint64_t)ncq_fis->lba0;
>>> +
>>> + /* Note: We calculate the sector count, but don't currently rely on it.
>>> + * The total size of the DMA buffer tells us the transfer size instead. */
>>> + ncq_tfs->sector_count = ((uint16_t)ncq_fis->sector_count_high << 8) |
>>> + ncq_fis->sector_count_low;
>>> +
>>> + DPRINTF(port, "NCQ transfer LBA from %ld to %ld, drive max %ld\n",
>>> + ncq_tfs->lba, ncq_tfs->lba + ncq_tfs->sector_count - 2,
>>> + s->dev[port].port.ifs[0].nb_sectors - 1);
>>> +
>>> + ncq_tfs->sglist = *sg;
>>> + ncq_tfs->tag = tag;
>>> +
>>> + switch(ncq_fis->command) {
>>> + case READ_FPDMA_QUEUED:
>>> + DPRINTF(port, "NCQ reading %d sectors from LBA %ld, tag %d\n",
>>> + ncq_tfs->sector_count-1, ncq_tfs->lba, ncq_tfs->tag);
>>> + ncq_tfs->is_read = 1;
>>> +
>>> + /* XXX: The specification is unclear about whether the DMA Setup
>>> + * FIS here should have the I bit set, but it suggest that it should
>>> + * not. Linux works without this interrupt, so I disabled it.
>>> + * If someone knows if it is needed, please tell me, or fix this. */
>>> +
>>> + /* ahci_trigger_irq(s,s->dev[port],PORT_IRQ_STAT_DSS); */
>>> + DPRINTF(port, "tag %d aio read %ld\n", ncq_tfs->tag, ncq_tfs->lba);
>>> + dma_bdrv_read(ncq_tfs->drive->port.ifs[0].bs, &ncq_tfs->sglist,
>>> + ncq_tfs->lba, ncq_cb, ncq_tfs);
>>> + break;
>>> + case WRITE_FPDMA_QUEUED:
>>> + DPRINTF(port, "NCQ writing %d sectors to LBA %ld, tag %d\n",
>>> + ncq_tfs->sector_count-1, ncq_tfs->lba, ncq_tfs->tag);
>>> + ncq_tfs->is_read = 0;
>>> + /* ahci_trigger_irq(s,s->dev[port],PORT_IRQ_STAT_DSS); */
>>> + DPRINTF(port, "tag %d aio write %ld\n", ncq_tfs->tag, ncq_tfs->lba);
>>> + dma_bdrv_write(ncq_tfs->drive->port.ifs[0].bs, &ncq_tfs->sglist,
>>> + ncq_tfs->lba, ncq_cb, ncq_tfs);
>>> + break;
>>> + default:
>>> + hw_error("ahci: tried to process non-NCQ command as NCQ\n");
>>>
>>
>> Guest triggerable abort.
>>
>
> Those happen. The guest can shoot itself in the foot. We have more of
> these in other places. Just check virtio.c and search for abort() :).
They are bugs which should be fixed in virtio rather than being spread
to new code.
Kevin
^ permalink raw reply [flat|nested] 29+ messages in thread* [Qemu-devel] Re: [PATCH 09/13] ahci: add ahci emulation
2010-12-09 15:53 ` Kevin Wolf
@ 2010-12-09 16:18 ` Alexander Graf
2010-12-10 9:35 ` Kevin Wolf
0 siblings, 1 reply; 29+ messages in thread
From: Alexander Graf @ 2010-12-09 16:18 UTC (permalink / raw)
To: Kevin Wolf
Cc: Stefan Hajnoczi, Paul Brook, QEMU-devel Developers, Blue Swirl,
Gerd Hoffmann, Joerg Roedel, tj, Roland Elek, Sebastian Herbszt
Kevin Wolf wrote:
> Am 09.12.2010 16:48, schrieb Alexander Graf:
>
>>>> +static void ncq_cb(void *opaque, int ret)
>>>> +{
>>>> + NCQTransferState *ncq_tfs = (NCQTransferState *)opaque;
>>>> + IDEState *ide_state;
>>>> +
>>>> + if (ret < 0) {
>>>> + /* XXX error */
>>>> + }
>>>>
>>>>
>>> Missing error handling.
>>>
>>>
>> Yes, that's what the XXX stands for :).
>>
>
> I think Stefan wanted to tell us that he thinks this XXX should be
> addressed. I don't disagree, by the way. ;-)
>
>
>>>> +static void process_ncq_command(AHCIState *s, int port, uint8_t *cmd_fis,
>>>> + int slot, QEMUSGList *sg)
>>>> +{
>>>> + NCQFrame *ncq_fis = (NCQFrame*)cmd_fis;
>>>> + uint8_t tag = ncq_fis->tag >> 3;
>>>> + NCQTransferState *ncq_tfs = &s->dev[port].ncq_tfs[tag];
>>>> +
>>>> + if (ncq_tfs->used) {
>>>> + /* error - already in use */
>>>> + fprintf(stderr, "%s: tag %d already used\n", __FUNCTION__, tag);
>>>> + return;
>>>> + }
>>>> +
>>>> + ncq_tfs->used = 1;
>>>> + ncq_tfs->drive = &s->dev[port];
>>>> + ncq_tfs->drive->cmd_fis = cmd_fis;
>>>> + ncq_tfs->drive->cmd_fis_len = 0x20;
>>>> + ncq_tfs->slot = slot;
>>>> + ncq_tfs->lba = ((uint64_t)ncq_fis->lba5 << 40) |
>>>> + ((uint64_t)ncq_fis->lba4 << 32) |
>>>> + ((uint64_t)ncq_fis->lba3 << 24) |
>>>> + ((uint64_t)ncq_fis->lba2 << 16) |
>>>> + ((uint64_t)ncq_fis->lba1 << 8) |
>>>> + (uint64_t)ncq_fis->lba0;
>>>> +
>>>> + /* Note: We calculate the sector count, but don't currently rely on it.
>>>> + * The total size of the DMA buffer tells us the transfer size instead. */
>>>> + ncq_tfs->sector_count = ((uint16_t)ncq_fis->sector_count_high << 8) |
>>>> + ncq_fis->sector_count_low;
>>>> +
>>>> + DPRINTF(port, "NCQ transfer LBA from %ld to %ld, drive max %ld\n",
>>>> + ncq_tfs->lba, ncq_tfs->lba + ncq_tfs->sector_count - 2,
>>>> + s->dev[port].port.ifs[0].nb_sectors - 1);
>>>> +
>>>> + ncq_tfs->sglist = *sg;
>>>> + ncq_tfs->tag = tag;
>>>> +
>>>> + switch(ncq_fis->command) {
>>>> + case READ_FPDMA_QUEUED:
>>>> + DPRINTF(port, "NCQ reading %d sectors from LBA %ld, tag %d\n",
>>>> + ncq_tfs->sector_count-1, ncq_tfs->lba, ncq_tfs->tag);
>>>> + ncq_tfs->is_read = 1;
>>>> +
>>>> + /* XXX: The specification is unclear about whether the DMA Setup
>>>> + * FIS here should have the I bit set, but it suggest that it should
>>>> + * not. Linux works without this interrupt, so I disabled it.
>>>> + * If someone knows if it is needed, please tell me, or fix this. */
>>>> +
>>>> + /* ahci_trigger_irq(s,s->dev[port],PORT_IRQ_STAT_DSS); */
>>>> + DPRINTF(port, "tag %d aio read %ld\n", ncq_tfs->tag, ncq_tfs->lba);
>>>> + dma_bdrv_read(ncq_tfs->drive->port.ifs[0].bs, &ncq_tfs->sglist,
>>>> + ncq_tfs->lba, ncq_cb, ncq_tfs);
>>>> + break;
>>>> + case WRITE_FPDMA_QUEUED:
>>>> + DPRINTF(port, "NCQ writing %d sectors to LBA %ld, tag %d\n",
>>>> + ncq_tfs->sector_count-1, ncq_tfs->lba, ncq_tfs->tag);
>>>> + ncq_tfs->is_read = 0;
>>>> + /* ahci_trigger_irq(s,s->dev[port],PORT_IRQ_STAT_DSS); */
>>>> + DPRINTF(port, "tag %d aio write %ld\n", ncq_tfs->tag, ncq_tfs->lba);
>>>> + dma_bdrv_write(ncq_tfs->drive->port.ifs[0].bs, &ncq_tfs->sglist,
>>>> + ncq_tfs->lba, ncq_cb, ncq_tfs);
>>>> + break;
>>>> + default:
>>>> + hw_error("ahci: tried to process non-NCQ command as NCQ\n");
>>>>
>>>>
>>> Guest triggerable abort.
>>>
>>>
>> Those happen. The guest can shoot itself in the foot. We have more of
>> these in other places. Just check virtio.c and search for abort() :).
>>
>
> They are bugs which should be fixed in virtio rather than being spread
> to new code.
>
Not sure about that. Would you prefer a broken guest to abort so you can
debug it or to have it spew your log files with error messages or to
silently ignore errors and never find bugs?
Alex
^ permalink raw reply [flat|nested] 29+ messages in thread* [Qemu-devel] Re: [PATCH 09/13] ahci: add ahci emulation
2010-12-09 16:18 ` Alexander Graf
@ 2010-12-10 9:35 ` Kevin Wolf
0 siblings, 0 replies; 29+ messages in thread
From: Kevin Wolf @ 2010-12-10 9:35 UTC (permalink / raw)
To: Alexander Graf
Cc: Stefan Hajnoczi, Paul Brook, QEMU-devel Developers, Blue Swirl,
Gerd Hoffmann, Joerg Roedel, tj, Roland Elek, Sebastian Herbszt
Am 09.12.2010 17:18, schrieb Alexander Graf:
> Kevin Wolf wrote:
>> Am 09.12.2010 16:48, schrieb Alexander Graf:
>>
>>>>> +static void ncq_cb(void *opaque, int ret)
>>>>> +{
>>>>> + NCQTransferState *ncq_tfs = (NCQTransferState *)opaque;
>>>>> + IDEState *ide_state;
>>>>> +
>>>>> + if (ret < 0) {
>>>>> + /* XXX error */
>>>>> + }
>>>>>
>>>>>
>>>> Missing error handling.
>>>>
>>>>
>>> Yes, that's what the XXX stands for :).
>>>
>>
>> I think Stefan wanted to tell us that he thinks this XXX should be
>> addressed. I don't disagree, by the way. ;-)
>>
>>
>>>>> +static void process_ncq_command(AHCIState *s, int port, uint8_t *cmd_fis,
>>>>> + int slot, QEMUSGList *sg)
>>>>> +{
>>>>> + NCQFrame *ncq_fis = (NCQFrame*)cmd_fis;
>>>>> + uint8_t tag = ncq_fis->tag >> 3;
>>>>> + NCQTransferState *ncq_tfs = &s->dev[port].ncq_tfs[tag];
>>>>> +
>>>>> + if (ncq_tfs->used) {
>>>>> + /* error - already in use */
>>>>> + fprintf(stderr, "%s: tag %d already used\n", __FUNCTION__, tag);
>>>>> + return;
>>>>> + }
>>>>> +
>>>>> + ncq_tfs->used = 1;
>>>>> + ncq_tfs->drive = &s->dev[port];
>>>>> + ncq_tfs->drive->cmd_fis = cmd_fis;
>>>>> + ncq_tfs->drive->cmd_fis_len = 0x20;
>>>>> + ncq_tfs->slot = slot;
>>>>> + ncq_tfs->lba = ((uint64_t)ncq_fis->lba5 << 40) |
>>>>> + ((uint64_t)ncq_fis->lba4 << 32) |
>>>>> + ((uint64_t)ncq_fis->lba3 << 24) |
>>>>> + ((uint64_t)ncq_fis->lba2 << 16) |
>>>>> + ((uint64_t)ncq_fis->lba1 << 8) |
>>>>> + (uint64_t)ncq_fis->lba0;
>>>>> +
>>>>> + /* Note: We calculate the sector count, but don't currently rely on it.
>>>>> + * The total size of the DMA buffer tells us the transfer size instead. */
>>>>> + ncq_tfs->sector_count = ((uint16_t)ncq_fis->sector_count_high << 8) |
>>>>> + ncq_fis->sector_count_low;
>>>>> +
>>>>> + DPRINTF(port, "NCQ transfer LBA from %ld to %ld, drive max %ld\n",
>>>>> + ncq_tfs->lba, ncq_tfs->lba + ncq_tfs->sector_count - 2,
>>>>> + s->dev[port].port.ifs[0].nb_sectors - 1);
>>>>> +
>>>>> + ncq_tfs->sglist = *sg;
>>>>> + ncq_tfs->tag = tag;
>>>>> +
>>>>> + switch(ncq_fis->command) {
>>>>> + case READ_FPDMA_QUEUED:
>>>>> + DPRINTF(port, "NCQ reading %d sectors from LBA %ld, tag %d\n",
>>>>> + ncq_tfs->sector_count-1, ncq_tfs->lba, ncq_tfs->tag);
>>>>> + ncq_tfs->is_read = 1;
>>>>> +
>>>>> + /* XXX: The specification is unclear about whether the DMA Setup
>>>>> + * FIS here should have the I bit set, but it suggest that it should
>>>>> + * not. Linux works without this interrupt, so I disabled it.
>>>>> + * If someone knows if it is needed, please tell me, or fix this. */
>>>>> +
>>>>> + /* ahci_trigger_irq(s,s->dev[port],PORT_IRQ_STAT_DSS); */
>>>>> + DPRINTF(port, "tag %d aio read %ld\n", ncq_tfs->tag, ncq_tfs->lba);
>>>>> + dma_bdrv_read(ncq_tfs->drive->port.ifs[0].bs, &ncq_tfs->sglist,
>>>>> + ncq_tfs->lba, ncq_cb, ncq_tfs);
>>>>> + break;
>>>>> + case WRITE_FPDMA_QUEUED:
>>>>> + DPRINTF(port, "NCQ writing %d sectors to LBA %ld, tag %d\n",
>>>>> + ncq_tfs->sector_count-1, ncq_tfs->lba, ncq_tfs->tag);
>>>>> + ncq_tfs->is_read = 0;
>>>>> + /* ahci_trigger_irq(s,s->dev[port],PORT_IRQ_STAT_DSS); */
>>>>> + DPRINTF(port, "tag %d aio write %ld\n", ncq_tfs->tag, ncq_tfs->lba);
>>>>> + dma_bdrv_write(ncq_tfs->drive->port.ifs[0].bs, &ncq_tfs->sglist,
>>>>> + ncq_tfs->lba, ncq_cb, ncq_tfs);
>>>>> + break;
>>>>> + default:
>>>>> + hw_error("ahci: tried to process non-NCQ command as NCQ\n");
>>>>>
>>>>>
>>>> Guest triggerable abort.
>>>>
>>>>
>>> Those happen. The guest can shoot itself in the foot. We have more of
>>> these in other places. Just check virtio.c and search for abort() :).
>>>
>>
>> They are bugs which should be fixed in virtio rather than being spread
>> to new code.
>>
>
> Not sure about that. Would you prefer a broken guest to abort so you can
> debug it or to have it spew your log files with error messages or to
> silently ignore errors and never find bugs?
If you need it for debugging, maybe have a DPRINTF_ERROR macro that
aborts with an error message if DEBUG is defined, and doesn't do
anything in normal builds? I'm still not sure if aborting is a good idea
there, but I think it would be acceptable.
For normal builds, the preferred behaviour is doing the same as real
hardware in such cases. And real hardware doesn't kill the machine when
the driver is doing stupid things, but rather sets an error bit in some
register or something.
Kevin
^ permalink raw reply [flat|nested] 29+ messages in thread
* [Qemu-devel] [PATCH 10/13] config: move ide core and pci to pci.mak
2010-12-08 12:13 [Qemu-devel] [PATCH 00/13] AHCI emulation support v8 Alexander Graf
` (8 preceding siblings ...)
2010-12-08 12:13 ` [Qemu-devel] [PATCH 09/13] ahci: add ahci emulation Alexander Graf
@ 2010-12-08 12:13 ` Alexander Graf
2010-12-08 12:13 ` [Qemu-devel] [PATCH 11/13] config: add ahci for pci capable machines Alexander Graf
` (2 subsequent siblings)
12 siblings, 0 replies; 29+ messages in thread
From: Alexander Graf @ 2010-12-08 12:13 UTC (permalink / raw)
To: QEMU-devel Developers
Cc: Kevin Wolf, Joerg Roedel, Paul Brook, Blue Swirl, Gerd Hoffmann,
Stefan Hajnoczi, tj, Roland Elek, Sebastian Herbszt
Every device that can do PCI should also be able to do IDE. So let's move
the IDE definitions over to pci.mak.
Signed-off-by: Alexander Graf <agraf@suse.de>
---
default-configs/arm-softmmu.mak | 1 -
default-configs/i386-softmmu.mak | 3 ---
default-configs/mips-softmmu.mak | 3 ---
default-configs/mips64-softmmu.mak | 3 ---
default-configs/mips64el-softmmu.mak | 3 ---
default-configs/mipsel-softmmu.mak | 3 ---
default-configs/pci.mak | 3 +++
default-configs/ppc-softmmu.mak | 3 ---
default-configs/ppc64-softmmu.mak | 3 ---
default-configs/ppcemb-softmmu.mak | 3 ---
default-configs/sh4-softmmu.mak | 1 -
default-configs/sh4eb-softmmu.mak | 1 -
default-configs/sparc64-softmmu.mak | 3 ---
default-configs/x86_64-softmmu.mak | 3 ---
14 files changed, 3 insertions(+), 33 deletions(-)
diff --git a/default-configs/arm-softmmu.mak b/default-configs/arm-softmmu.mak
index ac48dc1..8d1174f 100644
--- a/default-configs/arm-softmmu.mak
+++ b/default-configs/arm-softmmu.mak
@@ -8,7 +8,6 @@ CONFIG_ECC=y
CONFIG_SERIAL=y
CONFIG_PTIMER=y
CONFIG_SD=y
-CONFIG_IDE_CORE=y
CONFIG_MAX7310=y
CONFIG_WM8750=y
CONFIG_TWL92230=y
diff --git a/default-configs/i386-softmmu.mak b/default-configs/i386-softmmu.mak
index ce905d2..323fafb 100644
--- a/default-configs/i386-softmmu.mak
+++ b/default-configs/i386-softmmu.mak
@@ -13,9 +13,6 @@ CONFIG_FDC=y
CONFIG_ACPI=y
CONFIG_APM=y
CONFIG_DMA=y
-CONFIG_IDE_CORE=y
-CONFIG_IDE_QDEV=y
-CONFIG_IDE_PCI=y
CONFIG_IDE_ISA=y
CONFIG_IDE_PIIX=y
CONFIG_NE2000_ISA=y
diff --git a/default-configs/mips-softmmu.mak b/default-configs/mips-softmmu.mak
index 565e611..f524971 100644
--- a/default-configs/mips-softmmu.mak
+++ b/default-configs/mips-softmmu.mak
@@ -17,9 +17,6 @@ CONFIG_ACPI=y
CONFIG_APM=y
CONFIG_DMA=y
CONFIG_PIIX4=y
-CONFIG_IDE_CORE=y
-CONFIG_IDE_QDEV=y
-CONFIG_IDE_PCI=y
CONFIG_IDE_ISA=y
CONFIG_IDE_PIIX=y
CONFIG_NE2000_ISA=y
diff --git a/default-configs/mips64-softmmu.mak b/default-configs/mips64-softmmu.mak
index 03bd8eb..aeab6b2 100644
--- a/default-configs/mips64-softmmu.mak
+++ b/default-configs/mips64-softmmu.mak
@@ -17,9 +17,6 @@ CONFIG_ACPI=y
CONFIG_APM=y
CONFIG_DMA=y
CONFIG_PIIX4=y
-CONFIG_IDE_CORE=y
-CONFIG_IDE_QDEV=y
-CONFIG_IDE_PCI=y
CONFIG_IDE_ISA=y
CONFIG_IDE_PIIX=y
CONFIG_NE2000_ISA=y
diff --git a/default-configs/mips64el-softmmu.mak b/default-configs/mips64el-softmmu.mak
index 4661617..8e6511c 100644
--- a/default-configs/mips64el-softmmu.mak
+++ b/default-configs/mips64el-softmmu.mak
@@ -17,9 +17,6 @@ CONFIG_ACPI=y
CONFIG_APM=y
CONFIG_DMA=y
CONFIG_PIIX4=y
-CONFIG_IDE_CORE=y
-CONFIG_IDE_QDEV=y
-CONFIG_IDE_PCI=y
CONFIG_IDE_ISA=y
CONFIG_IDE_PIIX=y
CONFIG_IDE_VIA=y
diff --git a/default-configs/mipsel-softmmu.mak b/default-configs/mipsel-softmmu.mak
index 92fc473..a05ac25 100644
--- a/default-configs/mipsel-softmmu.mak
+++ b/default-configs/mipsel-softmmu.mak
@@ -17,9 +17,6 @@ CONFIG_ACPI=y
CONFIG_APM=y
CONFIG_DMA=y
CONFIG_PIIX4=y
-CONFIG_IDE_CORE=y
-CONFIG_IDE_QDEV=y
-CONFIG_IDE_PCI=y
CONFIG_IDE_ISA=y
CONFIG_IDE_PIIX=y
CONFIG_NE2000_ISA=y
diff --git a/default-configs/pci.mak b/default-configs/pci.mak
index c74a99f..d700b3c 100644
--- a/default-configs/pci.mak
+++ b/default-configs/pci.mak
@@ -10,3 +10,6 @@ CONFIG_PCNET_COMMON=y
CONFIG_LSI_SCSI_PCI=y
CONFIG_RTL8139_PCI=y
CONFIG_E1000_PCI=y
+CONFIG_IDE_CORE=y
+CONFIG_IDE_QDEV=y
+CONFIG_IDE_PCI=y
diff --git a/default-configs/ppc-softmmu.mak b/default-configs/ppc-softmmu.mak
index f1cb99e..4563742 100644
--- a/default-configs/ppc-softmmu.mak
+++ b/default-configs/ppc-softmmu.mak
@@ -23,9 +23,6 @@ CONFIG_GRACKLE_PCI=y
CONFIG_UNIN_PCI=y
CONFIG_DEC_PCI=y
CONFIG_PPCE500_PCI=y
-CONFIG_IDE_CORE=y
-CONFIG_IDE_QDEV=y
-CONFIG_IDE_PCI=y
CONFIG_IDE_ISA=y
CONFIG_IDE_CMD646=y
CONFIG_IDE_MACIO=y
diff --git a/default-configs/ppc64-softmmu.mak b/default-configs/ppc64-softmmu.mak
index 83cbe97..d5073b3 100644
--- a/default-configs/ppc64-softmmu.mak
+++ b/default-configs/ppc64-softmmu.mak
@@ -23,9 +23,6 @@ CONFIG_GRACKLE_PCI=y
CONFIG_UNIN_PCI=y
CONFIG_DEC_PCI=y
CONFIG_PPCE500_PCI=y
-CONFIG_IDE_CORE=y
-CONFIG_IDE_QDEV=y
-CONFIG_IDE_PCI=y
CONFIG_IDE_ISA=y
CONFIG_IDE_CMD646=y
CONFIG_IDE_MACIO=y
diff --git a/default-configs/ppcemb-softmmu.mak b/default-configs/ppcemb-softmmu.mak
index 2b52d4a..9f0730c 100644
--- a/default-configs/ppcemb-softmmu.mak
+++ b/default-configs/ppcemb-softmmu.mak
@@ -23,9 +23,6 @@ CONFIG_GRACKLE_PCI=y
CONFIG_UNIN_PCI=y
CONFIG_DEC_PCI=y
CONFIG_PPCE500_PCI=y
-CONFIG_IDE_CORE=y
-CONFIG_IDE_QDEV=y
-CONFIG_IDE_PCI=y
CONFIG_IDE_ISA=y
CONFIG_IDE_CMD646=y
CONFIG_IDE_MACIO=y
diff --git a/default-configs/sh4-softmmu.mak b/default-configs/sh4-softmmu.mak
index 87247a4..5c69acc 100644
--- a/default-configs/sh4-softmmu.mak
+++ b/default-configs/sh4-softmmu.mak
@@ -3,6 +3,5 @@
include pci.mak
CONFIG_SERIAL=y
CONFIG_PTIMER=y
-CONFIG_IDE_CORE=y
CONFIG_PFLASH_CFI02=y
CONFIG_ISA_MMIO=y
diff --git a/default-configs/sh4eb-softmmu.mak b/default-configs/sh4eb-softmmu.mak
index 5b8a16e..7cdc122 100644
--- a/default-configs/sh4eb-softmmu.mak
+++ b/default-configs/sh4eb-softmmu.mak
@@ -3,6 +3,5 @@
include pci.mak
CONFIG_SERIAL=y
CONFIG_PTIMER=y
-CONFIG_IDE_CORE=y
CONFIG_PFLASH_CFI02=y
CONFIG_ISA_MMIO=y
diff --git a/default-configs/sparc64-softmmu.mak b/default-configs/sparc64-softmmu.mak
index ecc3122..d8f17e7 100644
--- a/default-configs/sparc64-softmmu.mak
+++ b/default-configs/sparc64-softmmu.mak
@@ -9,8 +9,5 @@ CONFIG_SERIAL=y
CONFIG_PARALLEL=y
CONFIG_PCKBD=y
CONFIG_FDC=y
-CONFIG_IDE_CORE=y
-CONFIG_IDE_QDEV=y
-CONFIG_IDE_PCI=y
CONFIG_IDE_ISA=y
CONFIG_IDE_CMD646=y
diff --git a/default-configs/x86_64-softmmu.mak b/default-configs/x86_64-softmmu.mak
index 7f22599..eff26d2 100644
--- a/default-configs/x86_64-softmmu.mak
+++ b/default-configs/x86_64-softmmu.mak
@@ -13,9 +13,6 @@ CONFIG_FDC=y
CONFIG_ACPI=y
CONFIG_APM=y
CONFIG_DMA=y
-CONFIG_IDE_CORE=y
-CONFIG_IDE_QDEV=y
-CONFIG_IDE_PCI=y
CONFIG_IDE_ISA=y
CONFIG_IDE_PIIX=y
CONFIG_NE2000_ISA=y
--
1.6.0.2
^ permalink raw reply related [flat|nested] 29+ messages in thread* [Qemu-devel] [PATCH 11/13] config: add ahci for pci capable machines
2010-12-08 12:13 [Qemu-devel] [PATCH 00/13] AHCI emulation support v8 Alexander Graf
` (9 preceding siblings ...)
2010-12-08 12:13 ` [Qemu-devel] [PATCH 10/13] config: move ide core and pci to pci.mak Alexander Graf
@ 2010-12-08 12:13 ` Alexander Graf
2010-12-08 12:13 ` [Qemu-devel] [PATCH 12/13] ahci: set SATA Mode Select Alexander Graf
2010-12-08 12:13 ` [Qemu-devel] [PATCH 13/13] ahci: set pci revision id Alexander Graf
12 siblings, 0 replies; 29+ messages in thread
From: Alexander Graf @ 2010-12-08 12:13 UTC (permalink / raw)
To: QEMU-devel Developers
Cc: Kevin Wolf, Joerg Roedel, Paul Brook, Blue Swirl, Gerd Hoffmann,
Stefan Hajnoczi, tj, Roland Elek, Sebastian Herbszt
This patch enables AHCI for all machines supporting PCI.
Signed-off-by: Alexander Graf <agraf@suse.de>
---
default-configs/pci.mak | 1 +
1 files changed, 1 insertions(+), 0 deletions(-)
diff --git a/default-configs/pci.mak b/default-configs/pci.mak
index d700b3c..0471efb 100644
--- a/default-configs/pci.mak
+++ b/default-configs/pci.mak
@@ -13,3 +13,4 @@ CONFIG_E1000_PCI=y
CONFIG_IDE_CORE=y
CONFIG_IDE_QDEV=y
CONFIG_IDE_PCI=y
+CONFIG_AHCI=y
--
1.6.0.2
^ permalink raw reply related [flat|nested] 29+ messages in thread* [Qemu-devel] [PATCH 12/13] ahci: set SATA Mode Select
2010-12-08 12:13 [Qemu-devel] [PATCH 00/13] AHCI emulation support v8 Alexander Graf
` (10 preceding siblings ...)
2010-12-08 12:13 ` [Qemu-devel] [PATCH 11/13] config: add ahci for pci capable machines Alexander Graf
@ 2010-12-08 12:13 ` Alexander Graf
2010-12-08 12:13 ` [Qemu-devel] [PATCH 13/13] ahci: set pci revision id Alexander Graf
12 siblings, 0 replies; 29+ messages in thread
From: Alexander Graf @ 2010-12-08 12:13 UTC (permalink / raw)
To: QEMU-devel Developers
Cc: Kevin Wolf, Joerg Roedel, Paul Brook, Blue Swirl, Gerd Hoffmann,
Stefan Hajnoczi, tj, Roland Elek, Sebastian Herbszt
From: Sebastian Herbszt <herbszt@gmx.de>
Set SATA Mode Select to AHCI in the Address Map Register.
Signed-off-by: Sebastian Herbszt <herbszt@gmx.de>
---
hw/ide/ahci.c | 3 +++
1 files changed, 3 insertions(+), 0 deletions(-)
diff --git a/hw/ide/ahci.c b/hw/ide/ahci.c
index 7e7aa89..2ef03ed 100644
--- a/hw/ide/ahci.c
+++ b/hw/ide/ahci.c
@@ -1328,6 +1328,9 @@ static int pci_ahci_init(PCIDevice *dev)
d->card.config[PCI_LATENCY_TIMER] = 0x00; /* Latency timer */
pci_config_set_interrupt_pin(d->card.config, 1);
+ /* XXX Software should program this register */
+ d->card.config[0x90] = 1 << 6; /* Address Map Register - AHCI mode */
+
qemu_register_reset(ahci_reset, d);
/* XXX BAR size should be 1k, but that breaks, so bump it to 4k for now */
--
1.6.0.2
^ permalink raw reply related [flat|nested] 29+ messages in thread* [Qemu-devel] [PATCH 13/13] ahci: set pci revision id
2010-12-08 12:13 [Qemu-devel] [PATCH 00/13] AHCI emulation support v8 Alexander Graf
` (11 preceding siblings ...)
2010-12-08 12:13 ` [Qemu-devel] [PATCH 12/13] ahci: set SATA Mode Select Alexander Graf
@ 2010-12-08 12:13 ` Alexander Graf
12 siblings, 0 replies; 29+ messages in thread
From: Alexander Graf @ 2010-12-08 12:13 UTC (permalink / raw)
To: QEMU-devel Developers
Cc: Kevin Wolf, Joerg Roedel, Paul Brook, Blue Swirl, Gerd Hoffmann,
Stefan Hajnoczi, tj, Roland Elek, Sebastian Herbszt
From: Sebastian Herbszt <herbszt@gmx.de>
Set pci revision id to 0x01.
Signed-off-by: Sebastian Herbszt <herbszt@gmx.de>
---
hw/ide/ahci.c | 1 +
1 files changed, 1 insertions(+), 0 deletions(-)
diff --git a/hw/ide/ahci.c b/hw/ide/ahci.c
index 2ef03ed..fdfc011 100644
--- a/hw/ide/ahci.c
+++ b/hw/ide/ahci.c
@@ -1322,6 +1322,7 @@ static int pci_ahci_init(PCIDevice *dev)
PCI_DEVICE_ID_INTEL_ICH7_AHCI);
pci_config_set_class(d->card.config, PCI_CLASS_STORAGE_SATA);
+ pci_config_set_revision(d->card.config, 0x01);
pci_config_set_prog_interface(d->card.config, AHCI_PROGMODE_MAJOR_REV_1);
d->card.config[PCI_CACHE_LINE_SIZE] = 0x08; /* Cache line size */
--
1.6.0.2
^ permalink raw reply related [flat|nested] 29+ messages in thread