1 | /* |
2 | * QEMU AHCI Emulation |
3 | * |
4 | * Copyright (c) 2010 qiaochong@loongson.cn |
5 | * Copyright (c) 2010 Roland Elek <elek.roland@gmail.com> |
6 | * Copyright (c) 2010 Sebastian Herbszt <herbszt@gmx.de> |
7 | * Copyright (c) 2010 Alexander Graf <agraf@suse.de> |
8 | * |
9 | * This library is free software; you can redistribute it and/or |
10 | * modify it under the terms of the GNU Lesser General Public |
11 | * License as published by the Free Software Foundation; either |
12 | * version 2 of the License, or (at your option) any later version. |
13 | * |
14 | * This library is distributed in the hope that it will be useful, |
15 | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
16 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU |
17 | * Lesser General Public License for more details. |
18 | * |
19 | * You should have received a copy of the GNU Lesser General Public |
20 | * License along with this library; if not, see <http://www.gnu.org/licenses/>. |
21 | * |
22 | */ |
23 | |
24 | #include "qemu/osdep.h" |
25 | #include "hw/pci/msi.h" |
26 | #include "hw/pci/pci.h" |
27 | #include "hw/qdev-properties.h" |
28 | #include "migration/vmstate.h" |
29 | |
30 | #include "qemu/error-report.h" |
31 | #include "qemu/log.h" |
32 | #include "qemu/main-loop.h" |
33 | #include "qemu/module.h" |
34 | #include "sysemu/block-backend.h" |
35 | #include "sysemu/dma.h" |
36 | #include "hw/ide/internal.h" |
37 | #include "hw/ide/pci.h" |
38 | #include "ahci_internal.h" |
39 | |
40 | #include "trace.h" |
41 | |
42 | static void check_cmd(AHCIState *s, int port); |
43 | static int handle_cmd(AHCIState *s, int port, uint8_t slot); |
44 | static void ahci_reset_port(AHCIState *s, int port); |
45 | static bool ahci_write_fis_d2h(AHCIDevice *ad); |
46 | static void ahci_init_d2h(AHCIDevice *ad); |
47 | static int ahci_dma_prepare_buf(IDEDMA *dma, int32_t limit); |
48 | static bool ahci_map_clb_address(AHCIDevice *ad); |
49 | static bool ahci_map_fis_address(AHCIDevice *ad); |
50 | static void ahci_unmap_clb_address(AHCIDevice *ad); |
51 | static void ahci_unmap_fis_address(AHCIDevice *ad); |
52 | |
53 | static const char *AHCIHostReg_lookup[AHCI_HOST_REG__COUNT] = { |
54 | [AHCI_HOST_REG_CAP] = "CAP" , |
55 | [AHCI_HOST_REG_CTL] = "GHC" , |
56 | [AHCI_HOST_REG_IRQ_STAT] = "IS" , |
57 | [AHCI_HOST_REG_PORTS_IMPL] = "PI" , |
58 | [AHCI_HOST_REG_VERSION] = "VS" , |
59 | [AHCI_HOST_REG_CCC_CTL] = "CCC_CTL" , |
60 | [AHCI_HOST_REG_CCC_PORTS] = "CCC_PORTS" , |
61 | [AHCI_HOST_REG_EM_LOC] = "EM_LOC" , |
62 | [AHCI_HOST_REG_EM_CTL] = "EM_CTL" , |
63 | [AHCI_HOST_REG_CAP2] = "CAP2" , |
64 | [AHCI_HOST_REG_BOHC] = "BOHC" , |
65 | }; |
66 | |
67 | static const char *AHCIPortReg_lookup[AHCI_PORT_REG__COUNT] = { |
68 | [AHCI_PORT_REG_LST_ADDR] = "PxCLB" , |
69 | [AHCI_PORT_REG_LST_ADDR_HI] = "PxCLBU" , |
70 | [AHCI_PORT_REG_FIS_ADDR] = "PxFB" , |
71 | [AHCI_PORT_REG_FIS_ADDR_HI] = "PxFBU" , |
72 | [AHCI_PORT_REG_IRQ_STAT] = "PxIS" , |
73 | [AHCI_PORT_REG_IRQ_MASK] = "PXIE" , |
74 | [AHCI_PORT_REG_CMD] = "PxCMD" , |
75 | [7] = "Reserved" , |
76 | [AHCI_PORT_REG_TFDATA] = "PxTFD" , |
77 | [AHCI_PORT_REG_SIG] = "PxSIG" , |
78 | [AHCI_PORT_REG_SCR_STAT] = "PxSSTS" , |
79 | [AHCI_PORT_REG_SCR_CTL] = "PxSCTL" , |
80 | [AHCI_PORT_REG_SCR_ERR] = "PxSERR" , |
81 | [AHCI_PORT_REG_SCR_ACT] = "PxSACT" , |
82 | [AHCI_PORT_REG_CMD_ISSUE] = "PxCI" , |
83 | [AHCI_PORT_REG_SCR_NOTIF] = "PxSNTF" , |
84 | [AHCI_PORT_REG_FIS_CTL] = "PxFBS" , |
85 | [AHCI_PORT_REG_DEV_SLEEP] = "PxDEVSLP" , |
86 | [18 ... 27] = "Reserved" , |
87 | [AHCI_PORT_REG_VENDOR_1 ... |
88 | AHCI_PORT_REG_VENDOR_4] = "PxVS" , |
89 | }; |
90 | |
91 | static const char *AHCIPortIRQ_lookup[AHCI_PORT_IRQ__COUNT] = { |
92 | [AHCI_PORT_IRQ_BIT_DHRS] = "DHRS" , |
93 | [AHCI_PORT_IRQ_BIT_PSS] = "PSS" , |
94 | [AHCI_PORT_IRQ_BIT_DSS] = "DSS" , |
95 | [AHCI_PORT_IRQ_BIT_SDBS] = "SDBS" , |
96 | [AHCI_PORT_IRQ_BIT_UFS] = "UFS" , |
97 | [AHCI_PORT_IRQ_BIT_DPS] = "DPS" , |
98 | [AHCI_PORT_IRQ_BIT_PCS] = "PCS" , |
99 | [AHCI_PORT_IRQ_BIT_DMPS] = "DMPS" , |
100 | [8 ... 21] = "RESERVED" , |
101 | [AHCI_PORT_IRQ_BIT_PRCS] = "PRCS" , |
102 | [AHCI_PORT_IRQ_BIT_IPMS] = "IPMS" , |
103 | [AHCI_PORT_IRQ_BIT_OFS] = "OFS" , |
104 | [25] = "RESERVED" , |
105 | [AHCI_PORT_IRQ_BIT_INFS] = "INFS" , |
106 | [AHCI_PORT_IRQ_BIT_IFS] = "IFS" , |
107 | [AHCI_PORT_IRQ_BIT_HBDS] = "HBDS" , |
108 | [AHCI_PORT_IRQ_BIT_HBFS] = "HBFS" , |
109 | [AHCI_PORT_IRQ_BIT_TFES] = "TFES" , |
110 | [AHCI_PORT_IRQ_BIT_CPDS] = "CPDS" |
111 | }; |
112 | |
113 | static uint32_t ahci_port_read(AHCIState *s, int port, int offset) |
114 | { |
115 | uint32_t val; |
116 | AHCIPortRegs *pr = &s->dev[port].port_regs; |
117 | enum AHCIPortReg regnum = offset / sizeof(uint32_t); |
118 | assert(regnum < (AHCI_PORT_ADDR_OFFSET_LEN / sizeof(uint32_t))); |
119 | |
120 | switch (regnum) { |
121 | case AHCI_PORT_REG_LST_ADDR: |
122 | val = pr->lst_addr; |
123 | break; |
124 | case AHCI_PORT_REG_LST_ADDR_HI: |
125 | val = pr->lst_addr_hi; |
126 | break; |
127 | case AHCI_PORT_REG_FIS_ADDR: |
128 | val = pr->fis_addr; |
129 | break; |
130 | case AHCI_PORT_REG_FIS_ADDR_HI: |
131 | val = pr->fis_addr_hi; |
132 | break; |
133 | case AHCI_PORT_REG_IRQ_STAT: |
134 | val = pr->irq_stat; |
135 | break; |
136 | case AHCI_PORT_REG_IRQ_MASK: |
137 | val = pr->irq_mask; |
138 | break; |
139 | case AHCI_PORT_REG_CMD: |
140 | val = pr->cmd; |
141 | break; |
142 | case AHCI_PORT_REG_TFDATA: |
143 | val = pr->tfdata; |
144 | break; |
145 | case AHCI_PORT_REG_SIG: |
146 | val = pr->sig; |
147 | break; |
148 | case AHCI_PORT_REG_SCR_STAT: |
149 | if (s->dev[port].port.ifs[0].blk) { |
150 | val = SATA_SCR_SSTATUS_DET_DEV_PRESENT_PHY_UP | |
151 | SATA_SCR_SSTATUS_SPD_GEN1 | SATA_SCR_SSTATUS_IPM_ACTIVE; |
152 | } else { |
153 | val = SATA_SCR_SSTATUS_DET_NODEV; |
154 | } |
155 | break; |
156 | case AHCI_PORT_REG_SCR_CTL: |
157 | val = pr->scr_ctl; |
158 | break; |
159 | case AHCI_PORT_REG_SCR_ERR: |
160 | val = pr->scr_err; |
161 | break; |
162 | case AHCI_PORT_REG_SCR_ACT: |
163 | val = pr->scr_act; |
164 | break; |
165 | case AHCI_PORT_REG_CMD_ISSUE: |
166 | val = pr->cmd_issue; |
167 | break; |
168 | default: |
169 | trace_ahci_port_read_default(s, port, AHCIPortReg_lookup[regnum], |
170 | offset); |
171 | val = 0; |
172 | } |
173 | |
174 | trace_ahci_port_read(s, port, AHCIPortReg_lookup[regnum], offset, val); |
175 | return val; |
176 | } |
177 | |
178 | static void ahci_irq_raise(AHCIState *s) |
179 | { |
180 | DeviceState *dev_state = s->container; |
181 | PCIDevice *pci_dev = (PCIDevice *) object_dynamic_cast(OBJECT(dev_state), |
182 | TYPE_PCI_DEVICE); |
183 | |
184 | trace_ahci_irq_raise(s); |
185 | |
186 | if (pci_dev && msi_enabled(pci_dev)) { |
187 | msi_notify(pci_dev, 0); |
188 | } else { |
189 | qemu_irq_raise(s->irq); |
190 | } |
191 | } |
192 | |
193 | static void ahci_irq_lower(AHCIState *s) |
194 | { |
195 | DeviceState *dev_state = s->container; |
196 | PCIDevice *pci_dev = (PCIDevice *) object_dynamic_cast(OBJECT(dev_state), |
197 | TYPE_PCI_DEVICE); |
198 | |
199 | trace_ahci_irq_lower(s); |
200 | |
201 | if (!pci_dev || !msi_enabled(pci_dev)) { |
202 | qemu_irq_lower(s->irq); |
203 | } |
204 | } |
205 | |
206 | static void ahci_check_irq(AHCIState *s) |
207 | { |
208 | int i; |
209 | uint32_t old_irq = s->control_regs.irqstatus; |
210 | |
211 | s->control_regs.irqstatus = 0; |
212 | for (i = 0; i < s->ports; i++) { |
213 | AHCIPortRegs *pr = &s->dev[i].port_regs; |
214 | if (pr->irq_stat & pr->irq_mask) { |
215 | s->control_regs.irqstatus |= (1 << i); |
216 | } |
217 | } |
218 | trace_ahci_check_irq(s, old_irq, s->control_regs.irqstatus); |
219 | if (s->control_regs.irqstatus && |
220 | (s->control_regs.ghc & HOST_CTL_IRQ_EN)) { |
221 | ahci_irq_raise(s); |
222 | } else { |
223 | ahci_irq_lower(s); |
224 | } |
225 | } |
226 | |
227 | static void ahci_trigger_irq(AHCIState *s, AHCIDevice *d, |
228 | enum AHCIPortIRQ irqbit) |
229 | { |
230 | g_assert((unsigned)irqbit < 32); |
231 | uint32_t irq = 1U << irqbit; |
232 | uint32_t irqstat = d->port_regs.irq_stat | irq; |
233 | |
234 | trace_ahci_trigger_irq(s, d->port_no, |
235 | AHCIPortIRQ_lookup[irqbit], irq, |
236 | d->port_regs.irq_stat, irqstat, |
237 | irqstat & d->port_regs.irq_mask); |
238 | |
239 | d->port_regs.irq_stat = irqstat; |
240 | ahci_check_irq(s); |
241 | } |
242 | |
243 | static void map_page(AddressSpace *as, uint8_t **ptr, uint64_t addr, |
244 | uint32_t wanted) |
245 | { |
246 | hwaddr len = wanted; |
247 | |
248 | if (*ptr) { |
249 | dma_memory_unmap(as, *ptr, len, DMA_DIRECTION_FROM_DEVICE, len); |
250 | } |
251 | |
252 | *ptr = dma_memory_map(as, addr, &len, DMA_DIRECTION_FROM_DEVICE); |
253 | if (len < wanted) { |
254 | dma_memory_unmap(as, *ptr, len, DMA_DIRECTION_FROM_DEVICE, len); |
255 | *ptr = NULL; |
256 | } |
257 | } |
258 | |
259 | /** |
260 | * Check the cmd register to see if we should start or stop |
261 | * the DMA or FIS RX engines. |
262 | * |
263 | * @ad: Device to dis/engage. |
264 | * |
265 | * @return 0 on success, -1 on error. |
266 | */ |
267 | static int ahci_cond_start_engines(AHCIDevice *ad) |
268 | { |
269 | AHCIPortRegs *pr = &ad->port_regs; |
270 | bool cmd_start = pr->cmd & PORT_CMD_START; |
271 | bool cmd_on = pr->cmd & PORT_CMD_LIST_ON; |
272 | bool fis_start = pr->cmd & PORT_CMD_FIS_RX; |
273 | bool fis_on = pr->cmd & PORT_CMD_FIS_ON; |
274 | |
275 | if (cmd_start && !cmd_on) { |
276 | if (!ahci_map_clb_address(ad)) { |
277 | pr->cmd &= ~PORT_CMD_START; |
278 | error_report("AHCI: Failed to start DMA engine: " |
279 | "bad command list buffer address" ); |
280 | return -1; |
281 | } |
282 | } else if (!cmd_start && cmd_on) { |
283 | ahci_unmap_clb_address(ad); |
284 | } |
285 | |
286 | if (fis_start && !fis_on) { |
287 | if (!ahci_map_fis_address(ad)) { |
288 | pr->cmd &= ~PORT_CMD_FIS_RX; |
289 | error_report("AHCI: Failed to start FIS receive engine: " |
290 | "bad FIS receive buffer address" ); |
291 | return -1; |
292 | } |
293 | } else if (!fis_start && fis_on) { |
294 | ahci_unmap_fis_address(ad); |
295 | } |
296 | |
297 | return 0; |
298 | } |
299 | |
300 | static void ahci_port_write(AHCIState *s, int port, int offset, uint32_t val) |
301 | { |
302 | AHCIPortRegs *pr = &s->dev[port].port_regs; |
303 | enum AHCIPortReg regnum = offset / sizeof(uint32_t); |
304 | assert(regnum < (AHCI_PORT_ADDR_OFFSET_LEN / sizeof(uint32_t))); |
305 | trace_ahci_port_write(s, port, AHCIPortReg_lookup[regnum], offset, val); |
306 | |
307 | switch (regnum) { |
308 | case AHCI_PORT_REG_LST_ADDR: |
309 | pr->lst_addr = val; |
310 | break; |
311 | case AHCI_PORT_REG_LST_ADDR_HI: |
312 | pr->lst_addr_hi = val; |
313 | break; |
314 | case AHCI_PORT_REG_FIS_ADDR: |
315 | pr->fis_addr = val; |
316 | break; |
317 | case AHCI_PORT_REG_FIS_ADDR_HI: |
318 | pr->fis_addr_hi = val; |
319 | break; |
320 | case AHCI_PORT_REG_IRQ_STAT: |
321 | pr->irq_stat &= ~val; |
322 | ahci_check_irq(s); |
323 | break; |
324 | case AHCI_PORT_REG_IRQ_MASK: |
325 | pr->irq_mask = val & 0xfdc000ff; |
326 | ahci_check_irq(s); |
327 | break; |
328 | case AHCI_PORT_REG_CMD: |
329 | /* Block any Read-only fields from being set; |
330 | * including LIST_ON and FIS_ON. |
331 | * The spec requires to set ICC bits to zero after the ICC change |
332 | * is done. We don't support ICC state changes, therefore always |
333 | * force the ICC bits to zero. |
334 | */ |
335 | pr->cmd = (pr->cmd & PORT_CMD_RO_MASK) | |
336 | (val & ~(PORT_CMD_RO_MASK | PORT_CMD_ICC_MASK)); |
337 | |
338 | /* Check FIS RX and CLB engines */ |
339 | ahci_cond_start_engines(&s->dev[port]); |
340 | |
341 | /* XXX usually the FIS would be pending on the bus here and |
342 | issuing deferred until the OS enables FIS receival. |
343 | Instead, we only submit it once - which works in most |
344 | cases, but is a hack. */ |
345 | if ((pr->cmd & PORT_CMD_FIS_ON) && |
346 | !s->dev[port].init_d2h_sent) { |
347 | ahci_init_d2h(&s->dev[port]); |
348 | } |
349 | |
350 | check_cmd(s, port); |
351 | break; |
352 | case AHCI_PORT_REG_TFDATA: |
353 | case AHCI_PORT_REG_SIG: |
354 | case AHCI_PORT_REG_SCR_STAT: |
355 | /* Read Only */ |
356 | break; |
357 | case AHCI_PORT_REG_SCR_CTL: |
358 | if (((pr->scr_ctl & AHCI_SCR_SCTL_DET) == 1) && |
359 | ((val & AHCI_SCR_SCTL_DET) == 0)) { |
360 | ahci_reset_port(s, port); |
361 | } |
362 | pr->scr_ctl = val; |
363 | break; |
364 | case AHCI_PORT_REG_SCR_ERR: |
365 | pr->scr_err &= ~val; |
366 | break; |
367 | case AHCI_PORT_REG_SCR_ACT: |
368 | /* RW1 */ |
369 | pr->scr_act |= val; |
370 | break; |
371 | case AHCI_PORT_REG_CMD_ISSUE: |
372 | pr->cmd_issue |= val; |
373 | check_cmd(s, port); |
374 | break; |
375 | default: |
376 | trace_ahci_port_write_unimpl(s, port, AHCIPortReg_lookup[regnum], |
377 | offset, val); |
378 | qemu_log_mask(LOG_UNIMP, "Attempted write to unimplemented register: " |
379 | "AHCI port %d register %s, offset 0x%x: 0x%" PRIx32, |
380 | port, AHCIPortReg_lookup[regnum], offset, val); |
381 | break; |
382 | } |
383 | } |
384 | |
385 | static uint64_t ahci_mem_read_32(void *opaque, hwaddr addr) |
386 | { |
387 | AHCIState *s = opaque; |
388 | uint32_t val = 0; |
389 | |
390 | if (addr < AHCI_GENERIC_HOST_CONTROL_REGS_MAX_ADDR) { |
391 | enum AHCIHostReg regnum = addr / 4; |
392 | assert(regnum < AHCI_HOST_REG__COUNT); |
393 | |
394 | switch (regnum) { |
395 | case AHCI_HOST_REG_CAP: |
396 | val = s->control_regs.cap; |
397 | break; |
398 | case AHCI_HOST_REG_CTL: |
399 | val = s->control_regs.ghc; |
400 | break; |
401 | case AHCI_HOST_REG_IRQ_STAT: |
402 | val = s->control_regs.irqstatus; |
403 | break; |
404 | case AHCI_HOST_REG_PORTS_IMPL: |
405 | val = s->control_regs.impl; |
406 | break; |
407 | case AHCI_HOST_REG_VERSION: |
408 | val = s->control_regs.version; |
409 | break; |
410 | default: |
411 | trace_ahci_mem_read_32_host_default(s, AHCIHostReg_lookup[regnum], |
412 | addr); |
413 | } |
414 | trace_ahci_mem_read_32_host(s, AHCIHostReg_lookup[regnum], addr, val); |
415 | } else if ((addr >= AHCI_PORT_REGS_START_ADDR) && |
416 | (addr < (AHCI_PORT_REGS_START_ADDR + |
417 | (s->ports * AHCI_PORT_ADDR_OFFSET_LEN)))) { |
418 | val = ahci_port_read(s, (addr - AHCI_PORT_REGS_START_ADDR) >> 7, |
419 | addr & AHCI_PORT_ADDR_OFFSET_MASK); |
420 | } else { |
421 | trace_ahci_mem_read_32_default(s, addr, val); |
422 | } |
423 | |
424 | trace_ahci_mem_read_32(s, addr, val); |
425 | return val; |
426 | } |
427 | |
428 | |
429 | /** |
430 | * AHCI 1.3 section 3 ("HBA Memory Registers") |
431 | * Support unaligned 8/16/32 bit reads, and 64 bit aligned reads. |
432 | * Caller is responsible for masking unwanted higher order bytes. |
433 | */ |
434 | static uint64_t ahci_mem_read(void *opaque, hwaddr addr, unsigned size) |
435 | { |
436 | hwaddr aligned = addr & ~0x3; |
437 | int ofst = addr - aligned; |
438 | uint64_t lo = ahci_mem_read_32(opaque, aligned); |
439 | uint64_t hi; |
440 | uint64_t val; |
441 | |
442 | /* if < 8 byte read does not cross 4 byte boundary */ |
443 | if (ofst + size <= 4) { |
444 | val = lo >> (ofst * 8); |
445 | } else { |
446 | g_assert(size > 1); |
447 | |
448 | /* If the 64bit read is unaligned, we will produce undefined |
449 | * results. AHCI does not support unaligned 64bit reads. */ |
450 | hi = ahci_mem_read_32(opaque, aligned + 4); |
451 | val = (hi << 32 | lo) >> (ofst * 8); |
452 | } |
453 | |
454 | trace_ahci_mem_read(opaque, size, addr, val); |
455 | return val; |
456 | } |
457 | |
458 | |
459 | static void ahci_mem_write(void *opaque, hwaddr addr, |
460 | uint64_t val, unsigned size) |
461 | { |
462 | AHCIState *s = opaque; |
463 | |
464 | trace_ahci_mem_write(s, size, addr, val); |
465 | |
466 | /* Only aligned reads are allowed on AHCI */ |
467 | if (addr & 3) { |
468 | fprintf(stderr, "ahci: Mis-aligned write to addr 0x" |
469 | TARGET_FMT_plx "\n" , addr); |
470 | return; |
471 | } |
472 | |
473 | if (addr < AHCI_GENERIC_HOST_CONTROL_REGS_MAX_ADDR) { |
474 | enum AHCIHostReg regnum = addr / 4; |
475 | assert(regnum < AHCI_HOST_REG__COUNT); |
476 | |
477 | switch (regnum) { |
478 | case AHCI_HOST_REG_CAP: /* R/WO, RO */ |
479 | /* FIXME handle R/WO */ |
480 | break; |
481 | case AHCI_HOST_REG_CTL: /* R/W */ |
482 | if (val & HOST_CTL_RESET) { |
483 | ahci_reset(s); |
484 | } else { |
485 | s->control_regs.ghc = (val & 0x3) | HOST_CTL_AHCI_EN; |
486 | ahci_check_irq(s); |
487 | } |
488 | break; |
489 | case AHCI_HOST_REG_IRQ_STAT: /* R/WC, RO */ |
490 | s->control_regs.irqstatus &= ~val; |
491 | ahci_check_irq(s); |
492 | break; |
493 | case AHCI_HOST_REG_PORTS_IMPL: /* R/WO, RO */ |
494 | /* FIXME handle R/WO */ |
495 | break; |
496 | case AHCI_HOST_REG_VERSION: /* RO */ |
497 | /* FIXME report write? */ |
498 | break; |
499 | default: |
500 | qemu_log_mask(LOG_UNIMP, |
501 | "Attempted write to unimplemented register: " |
502 | "AHCI host register %s, " |
503 | "offset 0x%" PRIx64": 0x%" PRIx64, |
504 | AHCIHostReg_lookup[regnum], addr, val); |
505 | trace_ahci_mem_write_host_unimpl(s, size, |
506 | AHCIHostReg_lookup[regnum], addr); |
507 | } |
508 | trace_ahci_mem_write_host(s, size, AHCIHostReg_lookup[regnum], |
509 | addr, val); |
510 | } else if ((addr >= AHCI_PORT_REGS_START_ADDR) && |
511 | (addr < (AHCI_PORT_REGS_START_ADDR + |
512 | (s->ports * AHCI_PORT_ADDR_OFFSET_LEN)))) { |
513 | ahci_port_write(s, (addr - AHCI_PORT_REGS_START_ADDR) >> 7, |
514 | addr & AHCI_PORT_ADDR_OFFSET_MASK, val); |
515 | } else { |
516 | qemu_log_mask(LOG_UNIMP, "Attempted write to unimplemented register: " |
517 | "AHCI global register at offset 0x%" PRIx64": 0x%" PRIx64, |
518 | addr, val); |
519 | trace_ahci_mem_write_unimpl(s, size, addr, val); |
520 | } |
521 | } |
522 | |
523 | static const MemoryRegionOps ahci_mem_ops = { |
524 | .read = ahci_mem_read, |
525 | .write = ahci_mem_write, |
526 | .endianness = DEVICE_LITTLE_ENDIAN, |
527 | }; |
528 | |
529 | static uint64_t ahci_idp_read(void *opaque, hwaddr addr, |
530 | unsigned size) |
531 | { |
532 | AHCIState *s = opaque; |
533 | |
534 | if (addr == s->idp_offset) { |
535 | /* index register */ |
536 | return s->idp_index; |
537 | } else if (addr == s->idp_offset + 4) { |
538 | /* data register - do memory read at location selected by index */ |
539 | return ahci_mem_read(opaque, s->idp_index, size); |
540 | } else { |
541 | return 0; |
542 | } |
543 | } |
544 | |
545 | static void ahci_idp_write(void *opaque, hwaddr addr, |
546 | uint64_t val, unsigned size) |
547 | { |
548 | AHCIState *s = opaque; |
549 | |
550 | if (addr == s->idp_offset) { |
551 | /* index register - mask off reserved bits */ |
552 | s->idp_index = (uint32_t)val & ((AHCI_MEM_BAR_SIZE - 1) & ~3); |
553 | } else if (addr == s->idp_offset + 4) { |
554 | /* data register - do memory write at location selected by index */ |
555 | ahci_mem_write(opaque, s->idp_index, val, size); |
556 | } |
557 | } |
558 | |
559 | static const MemoryRegionOps ahci_idp_ops = { |
560 | .read = ahci_idp_read, |
561 | .write = ahci_idp_write, |
562 | .endianness = DEVICE_LITTLE_ENDIAN, |
563 | }; |
564 | |
565 | |
566 | static void ahci_reg_init(AHCIState *s) |
567 | { |
568 | int i; |
569 | |
570 | s->control_regs.cap = (s->ports - 1) | |
571 | (AHCI_NUM_COMMAND_SLOTS << 8) | |
572 | (AHCI_SUPPORTED_SPEED_GEN1 << AHCI_SUPPORTED_SPEED) | |
573 | HOST_CAP_NCQ | HOST_CAP_AHCI | HOST_CAP_64; |
574 | |
575 | s->control_regs.impl = (1 << s->ports) - 1; |
576 | |
577 | s->control_regs.version = AHCI_VERSION_1_0; |
578 | |
579 | for (i = 0; i < s->ports; i++) { |
580 | s->dev[i].port_state = STATE_RUN; |
581 | } |
582 | } |
583 | |
584 | static void check_cmd(AHCIState *s, int port) |
585 | { |
586 | AHCIPortRegs *pr = &s->dev[port].port_regs; |
587 | uint8_t slot; |
588 | |
589 | if ((pr->cmd & PORT_CMD_START) && pr->cmd_issue) { |
590 | for (slot = 0; (slot < 32) && pr->cmd_issue; slot++) { |
591 | if ((pr->cmd_issue & (1U << slot)) && |
592 | !handle_cmd(s, port, slot)) { |
593 | pr->cmd_issue &= ~(1U << slot); |
594 | } |
595 | } |
596 | } |
597 | } |
598 | |
599 | static void ahci_check_cmd_bh(void *opaque) |
600 | { |
601 | AHCIDevice *ad = opaque; |
602 | |
603 | qemu_bh_delete(ad->check_bh); |
604 | ad->check_bh = NULL; |
605 | |
606 | check_cmd(ad->hba, ad->port_no); |
607 | } |
608 | |
609 | static void ahci_init_d2h(AHCIDevice *ad) |
610 | { |
611 | IDEState *ide_state = &ad->port.ifs[0]; |
612 | AHCIPortRegs *pr = &ad->port_regs; |
613 | |
614 | if (ad->init_d2h_sent) { |
615 | return; |
616 | } |
617 | |
618 | if (ahci_write_fis_d2h(ad)) { |
619 | ad->init_d2h_sent = true; |
620 | /* We're emulating receiving the first Reg H2D Fis from the device; |
621 | * Update the SIG register, but otherwise proceed as normal. */ |
622 | pr->sig = ((uint32_t)ide_state->hcyl << 24) | |
623 | (ide_state->lcyl << 16) | |
624 | (ide_state->sector << 8) | |
625 | (ide_state->nsector & 0xFF); |
626 | } |
627 | } |
628 | |
629 | static void ahci_set_signature(AHCIDevice *ad, uint32_t sig) |
630 | { |
631 | IDEState *s = &ad->port.ifs[0]; |
632 | s->hcyl = sig >> 24 & 0xFF; |
633 | s->lcyl = sig >> 16 & 0xFF; |
634 | s->sector = sig >> 8 & 0xFF; |
635 | s->nsector = sig & 0xFF; |
636 | |
637 | trace_ahci_set_signature(ad->hba, ad->port_no, s->nsector, s->sector, |
638 | s->lcyl, s->hcyl, sig); |
639 | } |
640 | |
641 | static void ahci_reset_port(AHCIState *s, int port) |
642 | { |
643 | AHCIDevice *d = &s->dev[port]; |
644 | AHCIPortRegs *pr = &d->port_regs; |
645 | IDEState *ide_state = &d->port.ifs[0]; |
646 | int i; |
647 | |
648 | trace_ahci_reset_port(s, port); |
649 | |
650 | ide_bus_reset(&d->port); |
651 | ide_state->ncq_queues = AHCI_MAX_CMDS; |
652 | |
653 | pr->scr_stat = 0; |
654 | pr->scr_err = 0; |
655 | pr->scr_act = 0; |
656 | pr->tfdata = 0x7F; |
657 | pr->sig = 0xFFFFFFFF; |
658 | d->busy_slot = -1; |
659 | d->init_d2h_sent = false; |
660 | |
661 | ide_state = &s->dev[port].port.ifs[0]; |
662 | if (!ide_state->blk) { |
663 | return; |
664 | } |
665 | |
666 | /* reset ncq queue */ |
667 | for (i = 0; i < AHCI_MAX_CMDS; i++) { |
668 | NCQTransferState *ncq_tfs = &s->dev[port].ncq_tfs[i]; |
669 | ncq_tfs->halt = false; |
670 | if (!ncq_tfs->used) { |
671 | continue; |
672 | } |
673 | |
674 | if (ncq_tfs->aiocb) { |
675 | blk_aio_cancel(ncq_tfs->aiocb); |
676 | ncq_tfs->aiocb = NULL; |
677 | } |
678 | |
679 | /* Maybe we just finished the request thanks to blk_aio_cancel() */ |
680 | if (!ncq_tfs->used) { |
681 | continue; |
682 | } |
683 | |
684 | qemu_sglist_destroy(&ncq_tfs->sglist); |
685 | ncq_tfs->used = 0; |
686 | } |
687 | |
688 | s->dev[port].port_state = STATE_RUN; |
689 | if (ide_state->drive_kind == IDE_CD) { |
690 | ahci_set_signature(d, SATA_SIGNATURE_CDROM);\ |
691 | ide_state->status = SEEK_STAT | WRERR_STAT | READY_STAT; |
692 | } else { |
693 | ahci_set_signature(d, SATA_SIGNATURE_DISK); |
694 | ide_state->status = SEEK_STAT | WRERR_STAT; |
695 | } |
696 | |
697 | ide_state->error = 1; |
698 | ahci_init_d2h(d); |
699 | } |
700 | |
701 | /* Buffer pretty output based on a raw FIS structure. */ |
702 | static char *ahci_pretty_buffer_fis(uint8_t *fis, int cmd_len) |
703 | { |
704 | int i; |
705 | GString *s = g_string_new("FIS:" ); |
706 | |
707 | for (i = 0; i < cmd_len; i++) { |
708 | if ((i & 0xf) == 0) { |
709 | g_string_append_printf(s, "\n0x%02x: " , i); |
710 | } |
711 | g_string_append_printf(s, "%02x " , fis[i]); |
712 | } |
713 | g_string_append_c(s, '\n'); |
714 | |
715 | return g_string_free(s, FALSE); |
716 | } |
717 | |
718 | static bool ahci_map_fis_address(AHCIDevice *ad) |
719 | { |
720 | AHCIPortRegs *pr = &ad->port_regs; |
721 | map_page(ad->hba->as, &ad->res_fis, |
722 | ((uint64_t)pr->fis_addr_hi << 32) | pr->fis_addr, 256); |
723 | if (ad->res_fis != NULL) { |
724 | pr->cmd |= PORT_CMD_FIS_ON; |
725 | return true; |
726 | } |
727 | |
728 | pr->cmd &= ~PORT_CMD_FIS_ON; |
729 | return false; |
730 | } |
731 | |
732 | static void ahci_unmap_fis_address(AHCIDevice *ad) |
733 | { |
734 | if (ad->res_fis == NULL) { |
735 | trace_ahci_unmap_fis_address_null(ad->hba, ad->port_no); |
736 | return; |
737 | } |
738 | ad->port_regs.cmd &= ~PORT_CMD_FIS_ON; |
739 | dma_memory_unmap(ad->hba->as, ad->res_fis, 256, |
740 | DMA_DIRECTION_FROM_DEVICE, 256); |
741 | ad->res_fis = NULL; |
742 | } |
743 | |
744 | static bool ahci_map_clb_address(AHCIDevice *ad) |
745 | { |
746 | AHCIPortRegs *pr = &ad->port_regs; |
747 | ad->cur_cmd = NULL; |
748 | map_page(ad->hba->as, &ad->lst, |
749 | ((uint64_t)pr->lst_addr_hi << 32) | pr->lst_addr, 1024); |
750 | if (ad->lst != NULL) { |
751 | pr->cmd |= PORT_CMD_LIST_ON; |
752 | return true; |
753 | } |
754 | |
755 | pr->cmd &= ~PORT_CMD_LIST_ON; |
756 | return false; |
757 | } |
758 | |
759 | static void ahci_unmap_clb_address(AHCIDevice *ad) |
760 | { |
761 | if (ad->lst == NULL) { |
762 | trace_ahci_unmap_clb_address_null(ad->hba, ad->port_no); |
763 | return; |
764 | } |
765 | ad->port_regs.cmd &= ~PORT_CMD_LIST_ON; |
766 | dma_memory_unmap(ad->hba->as, ad->lst, 1024, |
767 | DMA_DIRECTION_FROM_DEVICE, 1024); |
768 | ad->lst = NULL; |
769 | } |
770 | |
771 | static void ahci_write_fis_sdb(AHCIState *s, NCQTransferState *ncq_tfs) |
772 | { |
773 | AHCIDevice *ad = ncq_tfs->drive; |
774 | AHCIPortRegs *pr = &ad->port_regs; |
775 | IDEState *ide_state; |
776 | SDBFIS *sdb_fis; |
777 | |
778 | if (!ad->res_fis || |
779 | !(pr->cmd & PORT_CMD_FIS_RX)) { |
780 | return; |
781 | } |
782 | |
783 | sdb_fis = (SDBFIS *)&ad->res_fis[RES_FIS_SDBFIS]; |
784 | ide_state = &ad->port.ifs[0]; |
785 | |
786 | sdb_fis->type = SATA_FIS_TYPE_SDB; |
787 | /* Interrupt pending & Notification bit */ |
788 | sdb_fis->flags = 0x40; /* Interrupt bit, always 1 for NCQ */ |
789 | sdb_fis->status = ide_state->status & 0x77; |
790 | sdb_fis->error = ide_state->error; |
791 | /* update SAct field in SDB_FIS */ |
792 | sdb_fis->payload = cpu_to_le32(ad->finished); |
793 | |
794 | /* Update shadow registers (except BSY 0x80 and DRQ 0x08) */ |
795 | pr->tfdata = (ad->port.ifs[0].error << 8) | |
796 | (ad->port.ifs[0].status & 0x77) | |
797 | (pr->tfdata & 0x88); |
798 | pr->scr_act &= ~ad->finished; |
799 | ad->finished = 0; |
800 | |
801 | /* Trigger IRQ if interrupt bit is set (which currently, it always is) */ |
802 | if (sdb_fis->flags & 0x40) { |
803 | ahci_trigger_irq(s, ad, AHCI_PORT_IRQ_BIT_SDBS); |
804 | } |
805 | } |
806 | |
807 | static void ahci_write_fis_pio(AHCIDevice *ad, uint16_t len, bool pio_fis_i) |
808 | { |
809 | AHCIPortRegs *pr = &ad->port_regs; |
810 | uint8_t *pio_fis; |
811 | IDEState *s = &ad->port.ifs[0]; |
812 | |
813 | if (!ad->res_fis || !(pr->cmd & PORT_CMD_FIS_RX)) { |
814 | return; |
815 | } |
816 | |
817 | pio_fis = &ad->res_fis[RES_FIS_PSFIS]; |
818 | |
819 | pio_fis[0] = SATA_FIS_TYPE_PIO_SETUP; |
820 | pio_fis[1] = (pio_fis_i ? (1 << 6) : 0); |
821 | pio_fis[2] = s->status; |
822 | pio_fis[3] = s->error; |
823 | |
824 | pio_fis[4] = s->sector; |
825 | pio_fis[5] = s->lcyl; |
826 | pio_fis[6] = s->hcyl; |
827 | pio_fis[7] = s->select; |
828 | pio_fis[8] = s->hob_sector; |
829 | pio_fis[9] = s->hob_lcyl; |
830 | pio_fis[10] = s->hob_hcyl; |
831 | pio_fis[11] = 0; |
832 | pio_fis[12] = s->nsector & 0xFF; |
833 | pio_fis[13] = (s->nsector >> 8) & 0xFF; |
834 | pio_fis[14] = 0; |
835 | pio_fis[15] = s->status; |
836 | pio_fis[16] = len & 255; |
837 | pio_fis[17] = len >> 8; |
838 | pio_fis[18] = 0; |
839 | pio_fis[19] = 0; |
840 | |
841 | /* Update shadow registers: */ |
842 | pr->tfdata = (ad->port.ifs[0].error << 8) | |
843 | ad->port.ifs[0].status; |
844 | |
845 | if (pio_fis[2] & ERR_STAT) { |
846 | ahci_trigger_irq(ad->hba, ad, AHCI_PORT_IRQ_BIT_TFES); |
847 | } |
848 | } |
849 | |
850 | static bool ahci_write_fis_d2h(AHCIDevice *ad) |
851 | { |
852 | AHCIPortRegs *pr = &ad->port_regs; |
853 | uint8_t *d2h_fis; |
854 | int i; |
855 | IDEState *s = &ad->port.ifs[0]; |
856 | |
857 | if (!ad->res_fis || !(pr->cmd & PORT_CMD_FIS_RX)) { |
858 | return false; |
859 | } |
860 | |
861 | d2h_fis = &ad->res_fis[RES_FIS_RFIS]; |
862 | |
863 | d2h_fis[0] = SATA_FIS_TYPE_REGISTER_D2H; |
864 | d2h_fis[1] = (1 << 6); /* interrupt bit */ |
865 | d2h_fis[2] = s->status; |
866 | d2h_fis[3] = s->error; |
867 | |
868 | d2h_fis[4] = s->sector; |
869 | d2h_fis[5] = s->lcyl; |
870 | d2h_fis[6] = s->hcyl; |
871 | d2h_fis[7] = s->select; |
872 | d2h_fis[8] = s->hob_sector; |
873 | d2h_fis[9] = s->hob_lcyl; |
874 | d2h_fis[10] = s->hob_hcyl; |
875 | d2h_fis[11] = 0; |
876 | d2h_fis[12] = s->nsector & 0xFF; |
877 | d2h_fis[13] = (s->nsector >> 8) & 0xFF; |
878 | for (i = 14; i < 20; i++) { |
879 | d2h_fis[i] = 0; |
880 | } |
881 | |
882 | /* Update shadow registers: */ |
883 | pr->tfdata = (ad->port.ifs[0].error << 8) | |
884 | ad->port.ifs[0].status; |
885 | |
886 | if (d2h_fis[2] & ERR_STAT) { |
887 | ahci_trigger_irq(ad->hba, ad, AHCI_PORT_IRQ_BIT_TFES); |
888 | } |
889 | |
890 | ahci_trigger_irq(ad->hba, ad, AHCI_PORT_IRQ_BIT_DHRS); |
891 | return true; |
892 | } |
893 | |
894 | static int prdt_tbl_entry_size(const AHCI_SG *tbl) |
895 | { |
896 | /* flags_size is zero-based */ |
897 | return (le32_to_cpu(tbl->flags_size) & AHCI_PRDT_SIZE_MASK) + 1; |
898 | } |
899 | |
900 | /** |
901 | * Fetch entries in a guest-provided PRDT and convert it into a QEMU SGlist. |
902 | * @ad: The AHCIDevice for whom we are building the SGList. |
903 | * @sglist: The SGList target to add PRD entries to. |
904 | * @cmd: The AHCI Command Header that describes where the PRDT is. |
905 | * @limit: The remaining size of the S/ATA transaction, in bytes. |
906 | * @offset: The number of bytes already transferred, in bytes. |
907 | * |
908 | * The AHCI PRDT can describe up to 256GiB. S/ATA only support transactions of |
909 | * up to 32MiB as of ATA8-ACS3 rev 1b, assuming a 512 byte sector size. We stop |
910 | * building the sglist from the PRDT as soon as we hit @limit bytes, |
911 | * which is <= INT32_MAX/2GiB. |
912 | */ |
913 | static int ahci_populate_sglist(AHCIDevice *ad, QEMUSGList *sglist, |
914 | AHCICmdHdr *cmd, int64_t limit, uint64_t offset) |
915 | { |
916 | uint16_t opts = le16_to_cpu(cmd->opts); |
917 | uint16_t prdtl = le16_to_cpu(cmd->prdtl); |
918 | uint64_t cfis_addr = le64_to_cpu(cmd->tbl_addr); |
919 | uint64_t prdt_addr = cfis_addr + 0x80; |
920 | dma_addr_t prdt_len = (prdtl * sizeof(AHCI_SG)); |
921 | dma_addr_t real_prdt_len = prdt_len; |
922 | uint8_t *prdt; |
923 | int i; |
924 | int r = 0; |
925 | uint64_t sum = 0; |
926 | int off_idx = -1; |
927 | int64_t off_pos = -1; |
928 | int tbl_entry_size; |
929 | IDEBus *bus = &ad->port; |
930 | BusState *qbus = BUS(bus); |
931 | |
932 | trace_ahci_populate_sglist(ad->hba, ad->port_no); |
933 | |
934 | if (!prdtl) { |
935 | trace_ahci_populate_sglist_no_prdtl(ad->hba, ad->port_no, opts); |
936 | return -1; |
937 | } |
938 | |
939 | /* map PRDT */ |
940 | if (!(prdt = dma_memory_map(ad->hba->as, prdt_addr, &prdt_len, |
941 | DMA_DIRECTION_TO_DEVICE))){ |
942 | trace_ahci_populate_sglist_no_map(ad->hba, ad->port_no); |
943 | return -1; |
944 | } |
945 | |
946 | if (prdt_len < real_prdt_len) { |
947 | trace_ahci_populate_sglist_short_map(ad->hba, ad->port_no); |
948 | r = -1; |
949 | goto out; |
950 | } |
951 | |
952 | /* Get entries in the PRDT, init a qemu sglist accordingly */ |
953 | if (prdtl > 0) { |
954 | AHCI_SG *tbl = (AHCI_SG *)prdt; |
955 | sum = 0; |
956 | for (i = 0; i < prdtl; i++) { |
957 | tbl_entry_size = prdt_tbl_entry_size(&tbl[i]); |
958 | if (offset < (sum + tbl_entry_size)) { |
959 | off_idx = i; |
960 | off_pos = offset - sum; |
961 | break; |
962 | } |
963 | sum += tbl_entry_size; |
964 | } |
965 | if ((off_idx == -1) || (off_pos < 0) || (off_pos > tbl_entry_size)) { |
966 | trace_ahci_populate_sglist_bad_offset(ad->hba, ad->port_no, |
967 | off_idx, off_pos); |
968 | r = -1; |
969 | goto out; |
970 | } |
971 | |
972 | qemu_sglist_init(sglist, qbus->parent, (prdtl - off_idx), |
973 | ad->hba->as); |
974 | qemu_sglist_add(sglist, le64_to_cpu(tbl[off_idx].addr) + off_pos, |
975 | MIN(prdt_tbl_entry_size(&tbl[off_idx]) - off_pos, |
976 | limit)); |
977 | |
978 | for (i = off_idx + 1; i < prdtl && sglist->size < limit; i++) { |
979 | qemu_sglist_add(sglist, le64_to_cpu(tbl[i].addr), |
980 | MIN(prdt_tbl_entry_size(&tbl[i]), |
981 | limit - sglist->size)); |
982 | } |
983 | } |
984 | |
985 | out: |
986 | dma_memory_unmap(ad->hba->as, prdt, prdt_len, |
987 | DMA_DIRECTION_TO_DEVICE, prdt_len); |
988 | return r; |
989 | } |
990 | |
991 | static void ncq_err(NCQTransferState *ncq_tfs) |
992 | { |
993 | IDEState *ide_state = &ncq_tfs->drive->port.ifs[0]; |
994 | |
995 | ide_state->error = ABRT_ERR; |
996 | ide_state->status = READY_STAT | ERR_STAT; |
997 | ncq_tfs->drive->port_regs.scr_err |= (1 << ncq_tfs->tag); |
998 | qemu_sglist_destroy(&ncq_tfs->sglist); |
999 | ncq_tfs->used = 0; |
1000 | } |
1001 | |
1002 | static void ncq_finish(NCQTransferState *ncq_tfs) |
1003 | { |
1004 | /* If we didn't error out, set our finished bit. Errored commands |
1005 | * do not get a bit set for the SDB FIS ACT register, nor do they |
1006 | * clear the outstanding bit in scr_act (PxSACT). */ |
1007 | if (!(ncq_tfs->drive->port_regs.scr_err & (1 << ncq_tfs->tag))) { |
1008 | ncq_tfs->drive->finished |= (1 << ncq_tfs->tag); |
1009 | } |
1010 | |
1011 | ahci_write_fis_sdb(ncq_tfs->drive->hba, ncq_tfs); |
1012 | |
1013 | trace_ncq_finish(ncq_tfs->drive->hba, ncq_tfs->drive->port_no, |
1014 | ncq_tfs->tag); |
1015 | |
1016 | block_acct_done(blk_get_stats(ncq_tfs->drive->port.ifs[0].blk), |
1017 | &ncq_tfs->acct); |
1018 | qemu_sglist_destroy(&ncq_tfs->sglist); |
1019 | ncq_tfs->used = 0; |
1020 | } |
1021 | |
1022 | static void ncq_cb(void *opaque, int ret) |
1023 | { |
1024 | NCQTransferState *ncq_tfs = (NCQTransferState *)opaque; |
1025 | IDEState *ide_state = &ncq_tfs->drive->port.ifs[0]; |
1026 | |
1027 | ncq_tfs->aiocb = NULL; |
1028 | |
1029 | if (ret < 0) { |
1030 | bool is_read = ncq_tfs->cmd == READ_FPDMA_QUEUED; |
1031 | BlockErrorAction action = blk_get_error_action(ide_state->blk, |
1032 | is_read, -ret); |
1033 | if (action == BLOCK_ERROR_ACTION_STOP) { |
1034 | ncq_tfs->halt = true; |
1035 | ide_state->bus->error_status = IDE_RETRY_HBA; |
1036 | } else if (action == BLOCK_ERROR_ACTION_REPORT) { |
1037 | ncq_err(ncq_tfs); |
1038 | } |
1039 | blk_error_action(ide_state->blk, action, is_read, -ret); |
1040 | } else { |
1041 | ide_state->status = READY_STAT | SEEK_STAT; |
1042 | } |
1043 | |
1044 | if (!ncq_tfs->halt) { |
1045 | ncq_finish(ncq_tfs); |
1046 | } |
1047 | } |
1048 | |
1049 | static int is_ncq(uint8_t ata_cmd) |
1050 | { |
1051 | /* Based on SATA 3.2 section 13.6.3.2 */ |
1052 | switch (ata_cmd) { |
1053 | case READ_FPDMA_QUEUED: |
1054 | case WRITE_FPDMA_QUEUED: |
1055 | case NCQ_NON_DATA: |
1056 | case RECEIVE_FPDMA_QUEUED: |
1057 | case SEND_FPDMA_QUEUED: |
1058 | return 1; |
1059 | default: |
1060 | return 0; |
1061 | } |
1062 | } |
1063 | |
1064 | static void execute_ncq_command(NCQTransferState *ncq_tfs) |
1065 | { |
1066 | AHCIDevice *ad = ncq_tfs->drive; |
1067 | IDEState *ide_state = &ad->port.ifs[0]; |
1068 | int port = ad->port_no; |
1069 | |
1070 | g_assert(is_ncq(ncq_tfs->cmd)); |
1071 | ncq_tfs->halt = false; |
1072 | |
1073 | switch (ncq_tfs->cmd) { |
1074 | case READ_FPDMA_QUEUED: |
1075 | trace_execute_ncq_command_read(ad->hba, port, ncq_tfs->tag, |
1076 | ncq_tfs->sector_count, ncq_tfs->lba); |
1077 | dma_acct_start(ide_state->blk, &ncq_tfs->acct, |
1078 | &ncq_tfs->sglist, BLOCK_ACCT_READ); |
1079 | ncq_tfs->aiocb = dma_blk_read(ide_state->blk, &ncq_tfs->sglist, |
1080 | ncq_tfs->lba << BDRV_SECTOR_BITS, |
1081 | BDRV_SECTOR_SIZE, |
1082 | ncq_cb, ncq_tfs); |
1083 | break; |
1084 | case WRITE_FPDMA_QUEUED: |
1085 | trace_execute_ncq_command_read(ad->hba, port, ncq_tfs->tag, |
1086 | ncq_tfs->sector_count, ncq_tfs->lba); |
1087 | dma_acct_start(ide_state->blk, &ncq_tfs->acct, |
1088 | &ncq_tfs->sglist, BLOCK_ACCT_WRITE); |
1089 | ncq_tfs->aiocb = dma_blk_write(ide_state->blk, &ncq_tfs->sglist, |
1090 | ncq_tfs->lba << BDRV_SECTOR_BITS, |
1091 | BDRV_SECTOR_SIZE, |
1092 | ncq_cb, ncq_tfs); |
1093 | break; |
1094 | default: |
1095 | trace_execute_ncq_command_unsup(ad->hba, port, |
1096 | ncq_tfs->tag, ncq_tfs->cmd); |
1097 | ncq_err(ncq_tfs); |
1098 | } |
1099 | } |
1100 | |
1101 | |
1102 | static void process_ncq_command(AHCIState *s, int port, uint8_t *cmd_fis, |
1103 | uint8_t slot) |
1104 | { |
1105 | AHCIDevice *ad = &s->dev[port]; |
1106 | NCQFrame *ncq_fis = (NCQFrame*)cmd_fis; |
1107 | uint8_t tag = ncq_fis->tag >> 3; |
1108 | NCQTransferState *ncq_tfs = &ad->ncq_tfs[tag]; |
1109 | size_t size; |
1110 | |
1111 | g_assert(is_ncq(ncq_fis->command)); |
1112 | if (ncq_tfs->used) { |
1113 | /* error - already in use */ |
1114 | fprintf(stderr, "%s: tag %d already used\n" , __func__, tag); |
1115 | return; |
1116 | } |
1117 | |
1118 | ncq_tfs->used = 1; |
1119 | ncq_tfs->drive = ad; |
1120 | ncq_tfs->slot = slot; |
1121 | ncq_tfs->cmdh = &((AHCICmdHdr *)ad->lst)[slot]; |
1122 | ncq_tfs->cmd = ncq_fis->command; |
1123 | ncq_tfs->lba = ((uint64_t)ncq_fis->lba5 << 40) | |
1124 | ((uint64_t)ncq_fis->lba4 << 32) | |
1125 | ((uint64_t)ncq_fis->lba3 << 24) | |
1126 | ((uint64_t)ncq_fis->lba2 << 16) | |
1127 | ((uint64_t)ncq_fis->lba1 << 8) | |
1128 | (uint64_t)ncq_fis->lba0; |
1129 | ncq_tfs->tag = tag; |
1130 | |
1131 | /* Sanity-check the NCQ packet */ |
1132 | if (tag != slot) { |
1133 | trace_process_ncq_command_mismatch(s, port, tag, slot); |
1134 | } |
1135 | |
1136 | if (ncq_fis->aux0 || ncq_fis->aux1 || ncq_fis->aux2 || ncq_fis->aux3) { |
1137 | trace_process_ncq_command_aux(s, port, tag); |
1138 | } |
1139 | if (ncq_fis->prio || ncq_fis->icc) { |
1140 | trace_process_ncq_command_prioicc(s, port, tag); |
1141 | } |
1142 | if (ncq_fis->fua & NCQ_FIS_FUA_MASK) { |
1143 | trace_process_ncq_command_fua(s, port, tag); |
1144 | } |
1145 | if (ncq_fis->tag & NCQ_FIS_RARC_MASK) { |
1146 | trace_process_ncq_command_rarc(s, port, tag); |
1147 | } |
1148 | |
1149 | ncq_tfs->sector_count = ((ncq_fis->sector_count_high << 8) | |
1150 | ncq_fis->sector_count_low); |
1151 | if (!ncq_tfs->sector_count) { |
1152 | ncq_tfs->sector_count = 0x10000; |
1153 | } |
1154 | size = ncq_tfs->sector_count * 512; |
1155 | ahci_populate_sglist(ad, &ncq_tfs->sglist, ncq_tfs->cmdh, size, 0); |
1156 | |
1157 | if (ncq_tfs->sglist.size < size) { |
1158 | error_report("ahci: PRDT length for NCQ command (0x%zx) " |
1159 | "is smaller than the requested size (0x%zx)" , |
1160 | ncq_tfs->sglist.size, size); |
1161 | ncq_err(ncq_tfs); |
1162 | ahci_trigger_irq(ad->hba, ad, AHCI_PORT_IRQ_BIT_OFS); |
1163 | return; |
1164 | } else if (ncq_tfs->sglist.size != size) { |
1165 | trace_process_ncq_command_large(s, port, tag, |
1166 | ncq_tfs->sglist.size, size); |
1167 | } |
1168 | |
1169 | trace_process_ncq_command(s, port, tag, |
1170 | ncq_fis->command, |
1171 | ncq_tfs->lba, |
1172 | ncq_tfs->lba + ncq_tfs->sector_count - 1); |
1173 | execute_ncq_command(ncq_tfs); |
1174 | } |
1175 | |
1176 | static AHCICmdHdr *(AHCIState *s, uint8_t port, uint8_t slot) |
1177 | { |
1178 | if (port >= s->ports || slot >= AHCI_MAX_CMDS) { |
1179 | return NULL; |
1180 | } |
1181 | |
1182 | return s->dev[port].lst ? &((AHCICmdHdr *)s->dev[port].lst)[slot] : NULL; |
1183 | } |
1184 | |
1185 | static void handle_reg_h2d_fis(AHCIState *s, int port, |
1186 | uint8_t slot, uint8_t *cmd_fis) |
1187 | { |
1188 | IDEState *ide_state = &s->dev[port].port.ifs[0]; |
1189 | AHCICmdHdr *cmd = get_cmd_header(s, port, slot); |
1190 | uint16_t opts = le16_to_cpu(cmd->opts); |
1191 | |
1192 | if (cmd_fis[1] & 0x0F) { |
1193 | trace_handle_reg_h2d_fis_pmp(s, port, cmd_fis[1], |
1194 | cmd_fis[2], cmd_fis[3]); |
1195 | return; |
1196 | } |
1197 | |
1198 | if (cmd_fis[1] & 0x70) { |
1199 | trace_handle_reg_h2d_fis_res(s, port, cmd_fis[1], |
1200 | cmd_fis[2], cmd_fis[3]); |
1201 | return; |
1202 | } |
1203 | |
1204 | if (!(cmd_fis[1] & SATA_FIS_REG_H2D_UPDATE_COMMAND_REGISTER)) { |
1205 | switch (s->dev[port].port_state) { |
1206 | case STATE_RUN: |
1207 | if (cmd_fis[15] & ATA_SRST) { |
1208 | s->dev[port].port_state = STATE_RESET; |
1209 | } |
1210 | break; |
1211 | case STATE_RESET: |
1212 | if (!(cmd_fis[15] & ATA_SRST)) { |
1213 | ahci_reset_port(s, port); |
1214 | } |
1215 | break; |
1216 | } |
1217 | return; |
1218 | } |
1219 | |
1220 | /* Check for NCQ command */ |
1221 | if (is_ncq(cmd_fis[2])) { |
1222 | process_ncq_command(s, port, cmd_fis, slot); |
1223 | return; |
1224 | } |
1225 | |
1226 | /* Decompose the FIS: |
1227 | * AHCI does not interpret FIS packets, it only forwards them. |
1228 | * SATA 1.0 describes how to decode LBA28 and CHS FIS packets. |
1229 | * Later specifications, e.g, SATA 3.2, describe LBA48 FIS packets. |
1230 | * |
1231 | * ATA4 describes sector number for LBA28/CHS commands. |
1232 | * ATA6 describes sector number for LBA48 commands. |
1233 | * ATA8 deprecates CHS fully, describing only LBA28/48. |
1234 | * |
1235 | * We dutifully convert the FIS into IDE registers, and allow the |
1236 | * core layer to interpret them as needed. */ |
1237 | ide_state->feature = cmd_fis[3]; |
1238 | ide_state->sector = cmd_fis[4]; /* LBA 7:0 */ |
1239 | ide_state->lcyl = cmd_fis[5]; /* LBA 15:8 */ |
1240 | ide_state->hcyl = cmd_fis[6]; /* LBA 23:16 */ |
1241 | ide_state->select = cmd_fis[7]; /* LBA 27:24 (LBA28) */ |
1242 | ide_state->hob_sector = cmd_fis[8]; /* LBA 31:24 */ |
1243 | ide_state->hob_lcyl = cmd_fis[9]; /* LBA 39:32 */ |
1244 | ide_state->hob_hcyl = cmd_fis[10]; /* LBA 47:40 */ |
1245 | ide_state->hob_feature = cmd_fis[11]; |
1246 | ide_state->nsector = (int64_t)((cmd_fis[13] << 8) | cmd_fis[12]); |
1247 | /* 14, 16, 17, 18, 19: Reserved (SATA 1.0) */ |
1248 | /* 15: Only valid when UPDATE_COMMAND not set. */ |
1249 | |
1250 | /* Copy the ACMD field (ATAPI packet, if any) from the AHCI command |
1251 | * table to ide_state->io_buffer */ |
1252 | if (opts & AHCI_CMD_ATAPI) { |
1253 | memcpy(ide_state->io_buffer, &cmd_fis[AHCI_COMMAND_TABLE_ACMD], 0x10); |
1254 | if (trace_event_get_state_backends(TRACE_HANDLE_REG_H2D_FIS_DUMP)) { |
1255 | char *pretty_fis = ahci_pretty_buffer_fis(ide_state->io_buffer, 0x10); |
1256 | trace_handle_reg_h2d_fis_dump(s, port, pretty_fis); |
1257 | g_free(pretty_fis); |
1258 | } |
1259 | } |
1260 | |
1261 | ide_state->error = 0; |
1262 | s->dev[port].done_first_drq = false; |
1263 | /* Reset transferred byte counter */ |
1264 | cmd->status = 0; |
1265 | |
1266 | /* We're ready to process the command in FIS byte 2. */ |
1267 | ide_exec_cmd(&s->dev[port].port, cmd_fis[2]); |
1268 | } |
1269 | |
1270 | static int handle_cmd(AHCIState *s, int port, uint8_t slot) |
1271 | { |
1272 | IDEState *ide_state; |
1273 | uint64_t tbl_addr; |
1274 | AHCICmdHdr *cmd; |
1275 | uint8_t *cmd_fis; |
1276 | dma_addr_t cmd_len; |
1277 | |
1278 | if (s->dev[port].port.ifs[0].status & (BUSY_STAT|DRQ_STAT)) { |
1279 | /* Engine currently busy, try again later */ |
1280 | trace_handle_cmd_busy(s, port); |
1281 | return -1; |
1282 | } |
1283 | |
1284 | if (!s->dev[port].lst) { |
1285 | trace_handle_cmd_nolist(s, port); |
1286 | return -1; |
1287 | } |
1288 | cmd = get_cmd_header(s, port, slot); |
1289 | /* remember current slot handle for later */ |
1290 | s->dev[port].cur_cmd = cmd; |
1291 | |
1292 | /* The device we are working for */ |
1293 | ide_state = &s->dev[port].port.ifs[0]; |
1294 | if (!ide_state->blk) { |
1295 | trace_handle_cmd_badport(s, port); |
1296 | return -1; |
1297 | } |
1298 | |
1299 | tbl_addr = le64_to_cpu(cmd->tbl_addr); |
1300 | cmd_len = 0x80; |
1301 | cmd_fis = dma_memory_map(s->as, tbl_addr, &cmd_len, |
1302 | DMA_DIRECTION_FROM_DEVICE); |
1303 | if (!cmd_fis) { |
1304 | trace_handle_cmd_badfis(s, port); |
1305 | return -1; |
1306 | } else if (cmd_len != 0x80) { |
1307 | ahci_trigger_irq(s, &s->dev[port], AHCI_PORT_IRQ_BIT_HBFS); |
1308 | trace_handle_cmd_badmap(s, port, cmd_len); |
1309 | goto out; |
1310 | } |
1311 | if (trace_event_get_state_backends(TRACE_HANDLE_CMD_FIS_DUMP)) { |
1312 | char *pretty_fis = ahci_pretty_buffer_fis(cmd_fis, 0x80); |
1313 | trace_handle_cmd_fis_dump(s, port, pretty_fis); |
1314 | g_free(pretty_fis); |
1315 | } |
1316 | switch (cmd_fis[0]) { |
1317 | case SATA_FIS_TYPE_REGISTER_H2D: |
1318 | handle_reg_h2d_fis(s, port, slot, cmd_fis); |
1319 | break; |
1320 | default: |
1321 | trace_handle_cmd_unhandled_fis(s, port, |
1322 | cmd_fis[0], cmd_fis[1], cmd_fis[2]); |
1323 | break; |
1324 | } |
1325 | |
1326 | out: |
1327 | dma_memory_unmap(s->as, cmd_fis, cmd_len, DMA_DIRECTION_FROM_DEVICE, |
1328 | cmd_len); |
1329 | |
1330 | if (s->dev[port].port.ifs[0].status & (BUSY_STAT|DRQ_STAT)) { |
1331 | /* async command, complete later */ |
1332 | s->dev[port].busy_slot = slot; |
1333 | return -1; |
1334 | } |
1335 | |
1336 | /* done handling the command */ |
1337 | return 0; |
1338 | } |
1339 | |
1340 | /* Transfer PIO data between RAM and device */ |
1341 | static void ahci_pio_transfer(IDEDMA *dma) |
1342 | { |
1343 | AHCIDevice *ad = DO_UPCAST(AHCIDevice, dma, dma); |
1344 | IDEState *s = &ad->port.ifs[0]; |
1345 | uint32_t size = (uint32_t)(s->data_end - s->data_ptr); |
1346 | /* write == ram -> device */ |
1347 | uint16_t opts = le16_to_cpu(ad->cur_cmd->opts); |
1348 | int is_write = opts & AHCI_CMD_WRITE; |
1349 | int is_atapi = opts & AHCI_CMD_ATAPI; |
1350 | int has_sglist = 0; |
1351 | bool pio_fis_i; |
1352 | |
1353 | /* The PIO Setup FIS is received prior to transfer, but the interrupt |
1354 | * is only triggered after data is received. |
1355 | * |
1356 | * The device only sets the 'I' bit in the PIO Setup FIS for device->host |
1357 | * requests (see "DPIOI1" in the SATA spec), or for host->device DRQs after |
1358 | * the first (see "DPIOO1"). The latter is consistent with the spec's |
1359 | * description of the PACKET protocol, where the command part of ATAPI requests |
1360 | * ("DPKT0") has the 'I' bit clear, while the data part of PIO ATAPI requests |
1361 | * ("DPKT4a" and "DPKT7") has the 'I' bit set for both directions for all DRQs. |
1362 | */ |
1363 | pio_fis_i = ad->done_first_drq || (!is_atapi && !is_write); |
1364 | ahci_write_fis_pio(ad, size, pio_fis_i); |
1365 | |
1366 | if (is_atapi && !ad->done_first_drq) { |
1367 | /* already prepopulated iobuffer */ |
1368 | goto out; |
1369 | } |
1370 | |
1371 | if (ahci_dma_prepare_buf(dma, size)) { |
1372 | has_sglist = 1; |
1373 | } |
1374 | |
1375 | trace_ahci_pio_transfer(ad->hba, ad->port_no, is_write ? "writ" : "read" , |
1376 | size, is_atapi ? "atapi" : "ata" , |
1377 | has_sglist ? "" : "o" ); |
1378 | |
1379 | if (has_sglist && size) { |
1380 | if (is_write) { |
1381 | dma_buf_write(s->data_ptr, size, &s->sg); |
1382 | } else { |
1383 | dma_buf_read(s->data_ptr, size, &s->sg); |
1384 | } |
1385 | } |
1386 | |
1387 | /* Update number of transferred bytes, destroy sglist */ |
1388 | dma_buf_commit(s, size); |
1389 | |
1390 | out: |
1391 | /* declare that we processed everything */ |
1392 | s->data_ptr = s->data_end; |
1393 | |
1394 | ad->done_first_drq = true; |
1395 | if (pio_fis_i) { |
1396 | ahci_trigger_irq(ad->hba, ad, AHCI_PORT_IRQ_BIT_PSS); |
1397 | } |
1398 | } |
1399 | |
1400 | static void ahci_start_dma(IDEDMA *dma, IDEState *s, |
1401 | BlockCompletionFunc *dma_cb) |
1402 | { |
1403 | AHCIDevice *ad = DO_UPCAST(AHCIDevice, dma, dma); |
1404 | trace_ahci_start_dma(ad->hba, ad->port_no); |
1405 | s->io_buffer_offset = 0; |
1406 | dma_cb(s, 0); |
1407 | } |
1408 | |
1409 | static void ahci_restart_dma(IDEDMA *dma) |
1410 | { |
1411 | /* Nothing to do, ahci_start_dma already resets s->io_buffer_offset. */ |
1412 | } |
1413 | |
1414 | /** |
1415 | * IDE/PIO restarts are handled by the core layer, but NCQ commands |
1416 | * need an extra kick from the AHCI HBA. |
1417 | */ |
1418 | static void ahci_restart(IDEDMA *dma) |
1419 | { |
1420 | AHCIDevice *ad = DO_UPCAST(AHCIDevice, dma, dma); |
1421 | int i; |
1422 | |
1423 | for (i = 0; i < AHCI_MAX_CMDS; i++) { |
1424 | NCQTransferState *ncq_tfs = &ad->ncq_tfs[i]; |
1425 | if (ncq_tfs->halt) { |
1426 | execute_ncq_command(ncq_tfs); |
1427 | } |
1428 | } |
1429 | } |
1430 | |
1431 | /** |
1432 | * Called in DMA and PIO R/W chains to read the PRDT. |
1433 | * Not shared with NCQ pathways. |
1434 | */ |
1435 | static int32_t ahci_dma_prepare_buf(IDEDMA *dma, int32_t limit) |
1436 | { |
1437 | AHCIDevice *ad = DO_UPCAST(AHCIDevice, dma, dma); |
1438 | IDEState *s = &ad->port.ifs[0]; |
1439 | |
1440 | if (ahci_populate_sglist(ad, &s->sg, ad->cur_cmd, |
1441 | limit, s->io_buffer_offset) == -1) { |
1442 | trace_ahci_dma_prepare_buf_fail(ad->hba, ad->port_no); |
1443 | return -1; |
1444 | } |
1445 | s->io_buffer_size = s->sg.size; |
1446 | |
1447 | trace_ahci_dma_prepare_buf(ad->hba, ad->port_no, limit, s->io_buffer_size); |
1448 | return s->io_buffer_size; |
1449 | } |
1450 | |
1451 | /** |
1452 | * Updates the command header with a bytes-read value. |
1453 | * Called via dma_buf_commit, for both DMA and PIO paths. |
1454 | * sglist destruction is handled within dma_buf_commit. |
1455 | */ |
1456 | static void ahci_commit_buf(IDEDMA *dma, uint32_t tx_bytes) |
1457 | { |
1458 | AHCIDevice *ad = DO_UPCAST(AHCIDevice, dma, dma); |
1459 | |
1460 | tx_bytes += le32_to_cpu(ad->cur_cmd->status); |
1461 | ad->cur_cmd->status = cpu_to_le32(tx_bytes); |
1462 | } |
1463 | |
1464 | static int ahci_dma_rw_buf(IDEDMA *dma, int is_write) |
1465 | { |
1466 | AHCIDevice *ad = DO_UPCAST(AHCIDevice, dma, dma); |
1467 | IDEState *s = &ad->port.ifs[0]; |
1468 | uint8_t *p = s->io_buffer + s->io_buffer_index; |
1469 | int l = s->io_buffer_size - s->io_buffer_index; |
1470 | |
1471 | if (ahci_populate_sglist(ad, &s->sg, ad->cur_cmd, l, s->io_buffer_offset)) { |
1472 | return 0; |
1473 | } |
1474 | |
1475 | if (is_write) { |
1476 | dma_buf_read(p, l, &s->sg); |
1477 | } else { |
1478 | dma_buf_write(p, l, &s->sg); |
1479 | } |
1480 | |
1481 | /* free sglist, update byte count */ |
1482 | dma_buf_commit(s, l); |
1483 | s->io_buffer_index += l; |
1484 | |
1485 | trace_ahci_dma_rw_buf(ad->hba, ad->port_no, l); |
1486 | return 1; |
1487 | } |
1488 | |
1489 | static void ahci_cmd_done(IDEDMA *dma) |
1490 | { |
1491 | AHCIDevice *ad = DO_UPCAST(AHCIDevice, dma, dma); |
1492 | |
1493 | trace_ahci_cmd_done(ad->hba, ad->port_no); |
1494 | |
1495 | /* no longer busy */ |
1496 | if (ad->busy_slot != -1) { |
1497 | ad->port_regs.cmd_issue &= ~(1 << ad->busy_slot); |
1498 | ad->busy_slot = -1; |
1499 | } |
1500 | |
1501 | /* update d2h status */ |
1502 | ahci_write_fis_d2h(ad); |
1503 | |
1504 | if (ad->port_regs.cmd_issue && !ad->check_bh) { |
1505 | ad->check_bh = qemu_bh_new(ahci_check_cmd_bh, ad); |
1506 | qemu_bh_schedule(ad->check_bh); |
1507 | } |
1508 | } |
1509 | |
1510 | static void ahci_irq_set(void *opaque, int n, int level) |
1511 | { |
1512 | } |
1513 | |
1514 | static const IDEDMAOps ahci_dma_ops = { |
1515 | .start_dma = ahci_start_dma, |
1516 | .restart = ahci_restart, |
1517 | .restart_dma = ahci_restart_dma, |
1518 | .pio_transfer = ahci_pio_transfer, |
1519 | .prepare_buf = ahci_dma_prepare_buf, |
1520 | .commit_buf = ahci_commit_buf, |
1521 | .rw_buf = ahci_dma_rw_buf, |
1522 | .cmd_done = ahci_cmd_done, |
1523 | }; |
1524 | |
1525 | void ahci_init(AHCIState *s, DeviceState *qdev) |
1526 | { |
1527 | s->container = qdev; |
1528 | /* XXX BAR size should be 1k, but that breaks, so bump it to 4k for now */ |
1529 | memory_region_init_io(&s->mem, OBJECT(qdev), &ahci_mem_ops, s, |
1530 | "ahci" , AHCI_MEM_BAR_SIZE); |
1531 | memory_region_init_io(&s->idp, OBJECT(qdev), &ahci_idp_ops, s, |
1532 | "ahci-idp" , 32); |
1533 | } |
1534 | |
1535 | void ahci_realize(AHCIState *s, DeviceState *qdev, AddressSpace *as, int ports) |
1536 | { |
1537 | qemu_irq *irqs; |
1538 | int i; |
1539 | |
1540 | s->as = as; |
1541 | s->ports = ports; |
1542 | s->dev = g_new0(AHCIDevice, ports); |
1543 | ahci_reg_init(s); |
1544 | irqs = qemu_allocate_irqs(ahci_irq_set, s, s->ports); |
1545 | for (i = 0; i < s->ports; i++) { |
1546 | AHCIDevice *ad = &s->dev[i]; |
1547 | |
1548 | ide_bus_new(&ad->port, sizeof(ad->port), qdev, i, 1); |
1549 | ide_init2(&ad->port, irqs[i]); |
1550 | |
1551 | ad->hba = s; |
1552 | ad->port_no = i; |
1553 | ad->port.dma = &ad->dma; |
1554 | ad->port.dma->ops = &ahci_dma_ops; |
1555 | ide_register_restart_cb(&ad->port); |
1556 | } |
1557 | g_free(irqs); |
1558 | } |
1559 | |
1560 | void ahci_uninit(AHCIState *s) |
1561 | { |
1562 | int i, j; |
1563 | |
1564 | for (i = 0; i < s->ports; i++) { |
1565 | AHCIDevice *ad = &s->dev[i]; |
1566 | |
1567 | for (j = 0; j < 2; j++) { |
1568 | IDEState *s = &ad->port.ifs[j]; |
1569 | |
1570 | ide_exit(s); |
1571 | } |
1572 | object_unparent(OBJECT(&ad->port)); |
1573 | } |
1574 | |
1575 | g_free(s->dev); |
1576 | } |
1577 | |
1578 | void ahci_reset(AHCIState *s) |
1579 | { |
1580 | AHCIPortRegs *pr; |
1581 | int i; |
1582 | |
1583 | trace_ahci_reset(s); |
1584 | |
1585 | s->control_regs.irqstatus = 0; |
1586 | /* AHCI Enable (AE) |
1587 | * The implementation of this bit is dependent upon the value of the |
1588 | * CAP.SAM bit. If CAP.SAM is '0', then GHC.AE shall be read-write and |
1589 | * shall have a reset value of '0'. If CAP.SAM is '1', then AE shall be |
1590 | * read-only and shall have a reset value of '1'. |
1591 | * |
1592 | * We set HOST_CAP_AHCI so we must enable AHCI at reset. |
1593 | */ |
1594 | s->control_regs.ghc = HOST_CTL_AHCI_EN; |
1595 | |
1596 | for (i = 0; i < s->ports; i++) { |
1597 | pr = &s->dev[i].port_regs; |
1598 | pr->irq_stat = 0; |
1599 | pr->irq_mask = 0; |
1600 | pr->scr_ctl = 0; |
1601 | pr->cmd = PORT_CMD_SPIN_UP | PORT_CMD_POWER_ON; |
1602 | ahci_reset_port(s, i); |
1603 | } |
1604 | } |
1605 | |
1606 | static const VMStateDescription vmstate_ncq_tfs = { |
1607 | .name = "ncq state" , |
1608 | .version_id = 1, |
1609 | .fields = (VMStateField[]) { |
1610 | VMSTATE_UINT32(sector_count, NCQTransferState), |
1611 | VMSTATE_UINT64(lba, NCQTransferState), |
1612 | VMSTATE_UINT8(tag, NCQTransferState), |
1613 | VMSTATE_UINT8(cmd, NCQTransferState), |
1614 | VMSTATE_UINT8(slot, NCQTransferState), |
1615 | VMSTATE_BOOL(used, NCQTransferState), |
1616 | VMSTATE_BOOL(halt, NCQTransferState), |
1617 | VMSTATE_END_OF_LIST() |
1618 | }, |
1619 | }; |
1620 | |
1621 | static const VMStateDescription vmstate_ahci_device = { |
1622 | .name = "ahci port" , |
1623 | .version_id = 1, |
1624 | .fields = (VMStateField[]) { |
1625 | VMSTATE_IDE_BUS(port, AHCIDevice), |
1626 | VMSTATE_IDE_DRIVE(port.ifs[0], AHCIDevice), |
1627 | VMSTATE_UINT32(port_state, AHCIDevice), |
1628 | VMSTATE_UINT32(finished, AHCIDevice), |
1629 | VMSTATE_UINT32(port_regs.lst_addr, AHCIDevice), |
1630 | VMSTATE_UINT32(port_regs.lst_addr_hi, AHCIDevice), |
1631 | VMSTATE_UINT32(port_regs.fis_addr, AHCIDevice), |
1632 | VMSTATE_UINT32(port_regs.fis_addr_hi, AHCIDevice), |
1633 | VMSTATE_UINT32(port_regs.irq_stat, AHCIDevice), |
1634 | VMSTATE_UINT32(port_regs.irq_mask, AHCIDevice), |
1635 | VMSTATE_UINT32(port_regs.cmd, AHCIDevice), |
1636 | VMSTATE_UINT32(port_regs.tfdata, AHCIDevice), |
1637 | VMSTATE_UINT32(port_regs.sig, AHCIDevice), |
1638 | VMSTATE_UINT32(port_regs.scr_stat, AHCIDevice), |
1639 | VMSTATE_UINT32(port_regs.scr_ctl, AHCIDevice), |
1640 | VMSTATE_UINT32(port_regs.scr_err, AHCIDevice), |
1641 | VMSTATE_UINT32(port_regs.scr_act, AHCIDevice), |
1642 | VMSTATE_UINT32(port_regs.cmd_issue, AHCIDevice), |
1643 | VMSTATE_BOOL(done_first_drq, AHCIDevice), |
1644 | VMSTATE_INT32(busy_slot, AHCIDevice), |
1645 | VMSTATE_BOOL(init_d2h_sent, AHCIDevice), |
1646 | VMSTATE_STRUCT_ARRAY(ncq_tfs, AHCIDevice, AHCI_MAX_CMDS, |
1647 | 1, vmstate_ncq_tfs, NCQTransferState), |
1648 | VMSTATE_END_OF_LIST() |
1649 | }, |
1650 | }; |
1651 | |
1652 | static int ahci_state_post_load(void *opaque, int version_id) |
1653 | { |
1654 | int i, j; |
1655 | struct AHCIDevice *ad; |
1656 | NCQTransferState *ncq_tfs; |
1657 | AHCIPortRegs *pr; |
1658 | AHCIState *s = opaque; |
1659 | |
1660 | for (i = 0; i < s->ports; i++) { |
1661 | ad = &s->dev[i]; |
1662 | pr = &ad->port_regs; |
1663 | |
1664 | if (!(pr->cmd & PORT_CMD_START) && (pr->cmd & PORT_CMD_LIST_ON)) { |
1665 | error_report("AHCI: DMA engine should be off, but status bit " |
1666 | "indicates it is still running." ); |
1667 | return -1; |
1668 | } |
1669 | if (!(pr->cmd & PORT_CMD_FIS_RX) && (pr->cmd & PORT_CMD_FIS_ON)) { |
1670 | error_report("AHCI: FIS RX engine should be off, but status bit " |
1671 | "indicates it is still running." ); |
1672 | return -1; |
1673 | } |
1674 | |
1675 | /* After a migrate, the DMA/FIS engines are "off" and |
1676 | * need to be conditionally restarted */ |
1677 | pr->cmd &= ~(PORT_CMD_LIST_ON | PORT_CMD_FIS_ON); |
1678 | if (ahci_cond_start_engines(ad) != 0) { |
1679 | return -1; |
1680 | } |
1681 | |
1682 | for (j = 0; j < AHCI_MAX_CMDS; j++) { |
1683 | ncq_tfs = &ad->ncq_tfs[j]; |
1684 | ncq_tfs->drive = ad; |
1685 | |
1686 | if (ncq_tfs->used != ncq_tfs->halt) { |
1687 | return -1; |
1688 | } |
1689 | if (!ncq_tfs->halt) { |
1690 | continue; |
1691 | } |
1692 | if (!is_ncq(ncq_tfs->cmd)) { |
1693 | return -1; |
1694 | } |
1695 | if (ncq_tfs->slot != ncq_tfs->tag) { |
1696 | return -1; |
1697 | } |
1698 | /* If ncq_tfs->halt is justly set, the engine should be engaged, |
1699 | * and the command list buffer should be mapped. */ |
1700 | ncq_tfs->cmdh = get_cmd_header(s, i, ncq_tfs->slot); |
1701 | if (!ncq_tfs->cmdh) { |
1702 | return -1; |
1703 | } |
1704 | ahci_populate_sglist(ncq_tfs->drive, &ncq_tfs->sglist, |
1705 | ncq_tfs->cmdh, ncq_tfs->sector_count * 512, |
1706 | 0); |
1707 | if (ncq_tfs->sector_count != ncq_tfs->sglist.size >> 9) { |
1708 | return -1; |
1709 | } |
1710 | } |
1711 | |
1712 | |
1713 | /* |
1714 | * If an error is present, ad->busy_slot will be valid and not -1. |
1715 | * In this case, an operation is waiting to resume and will re-check |
1716 | * for additional AHCI commands to execute upon completion. |
1717 | * |
1718 | * In the case where no error was present, busy_slot will be -1, |
1719 | * and we should check to see if there are additional commands waiting. |
1720 | */ |
1721 | if (ad->busy_slot == -1) { |
1722 | check_cmd(s, i); |
1723 | } else { |
1724 | /* We are in the middle of a command, and may need to access |
1725 | * the command header in guest memory again. */ |
1726 | if (ad->busy_slot < 0 || ad->busy_slot >= AHCI_MAX_CMDS) { |
1727 | return -1; |
1728 | } |
1729 | ad->cur_cmd = get_cmd_header(s, i, ad->busy_slot); |
1730 | } |
1731 | } |
1732 | |
1733 | return 0; |
1734 | } |
1735 | |
1736 | const VMStateDescription vmstate_ahci = { |
1737 | .name = "ahci" , |
1738 | .version_id = 1, |
1739 | .post_load = ahci_state_post_load, |
1740 | .fields = (VMStateField[]) { |
1741 | VMSTATE_STRUCT_VARRAY_POINTER_INT32(dev, AHCIState, ports, |
1742 | vmstate_ahci_device, AHCIDevice), |
1743 | VMSTATE_UINT32(control_regs.cap, AHCIState), |
1744 | VMSTATE_UINT32(control_regs.ghc, AHCIState), |
1745 | VMSTATE_UINT32(control_regs.irqstatus, AHCIState), |
1746 | VMSTATE_UINT32(control_regs.impl, AHCIState), |
1747 | VMSTATE_UINT32(control_regs.version, AHCIState), |
1748 | VMSTATE_UINT32(idp_index, AHCIState), |
1749 | VMSTATE_INT32_EQUAL(ports, AHCIState, NULL), |
1750 | VMSTATE_END_OF_LIST() |
1751 | }, |
1752 | }; |
1753 | |
1754 | static const VMStateDescription vmstate_sysbus_ahci = { |
1755 | .name = "sysbus-ahci" , |
1756 | .fields = (VMStateField[]) { |
1757 | VMSTATE_AHCI(ahci, SysbusAHCIState), |
1758 | VMSTATE_END_OF_LIST() |
1759 | }, |
1760 | }; |
1761 | |
1762 | static void sysbus_ahci_reset(DeviceState *dev) |
1763 | { |
1764 | SysbusAHCIState *s = SYSBUS_AHCI(dev); |
1765 | |
1766 | ahci_reset(&s->ahci); |
1767 | } |
1768 | |
1769 | static void sysbus_ahci_init(Object *obj) |
1770 | { |
1771 | SysbusAHCIState *s = SYSBUS_AHCI(obj); |
1772 | SysBusDevice *sbd = SYS_BUS_DEVICE(obj); |
1773 | |
1774 | ahci_init(&s->ahci, DEVICE(obj)); |
1775 | |
1776 | sysbus_init_mmio(sbd, &s->ahci.mem); |
1777 | sysbus_init_irq(sbd, &s->ahci.irq); |
1778 | } |
1779 | |
1780 | static void sysbus_ahci_realize(DeviceState *dev, Error **errp) |
1781 | { |
1782 | SysbusAHCIState *s = SYSBUS_AHCI(dev); |
1783 | |
1784 | ahci_realize(&s->ahci, dev, &address_space_memory, s->num_ports); |
1785 | } |
1786 | |
1787 | static Property sysbus_ahci_properties[] = { |
1788 | DEFINE_PROP_UINT32("num-ports" , SysbusAHCIState, num_ports, 1), |
1789 | DEFINE_PROP_END_OF_LIST(), |
1790 | }; |
1791 | |
1792 | static void sysbus_ahci_class_init(ObjectClass *klass, void *data) |
1793 | { |
1794 | DeviceClass *dc = DEVICE_CLASS(klass); |
1795 | |
1796 | dc->realize = sysbus_ahci_realize; |
1797 | dc->vmsd = &vmstate_sysbus_ahci; |
1798 | dc->props = sysbus_ahci_properties; |
1799 | dc->reset = sysbus_ahci_reset; |
1800 | set_bit(DEVICE_CATEGORY_STORAGE, dc->categories); |
1801 | } |
1802 | |
1803 | static const TypeInfo sysbus_ahci_info = { |
1804 | .name = TYPE_SYSBUS_AHCI, |
1805 | .parent = TYPE_SYS_BUS_DEVICE, |
1806 | .instance_size = sizeof(SysbusAHCIState), |
1807 | .instance_init = sysbus_ahci_init, |
1808 | .class_init = sysbus_ahci_class_init, |
1809 | }; |
1810 | |
1811 | static void sysbus_ahci_register_types(void) |
1812 | { |
1813 | type_register_static(&sysbus_ahci_info); |
1814 | } |
1815 | |
1816 | type_init(sysbus_ahci_register_types) |
1817 | |
1818 | int32_t ahci_get_num_ports(PCIDevice *dev) |
1819 | { |
1820 | AHCIPCIState *d = ICH_AHCI(dev); |
1821 | AHCIState *ahci = &d->ahci; |
1822 | |
1823 | return ahci->ports; |
1824 | } |
1825 | |
1826 | void ahci_ide_create_devs(PCIDevice *dev, DriveInfo **hd) |
1827 | { |
1828 | AHCIPCIState *d = ICH_AHCI(dev); |
1829 | AHCIState *ahci = &d->ahci; |
1830 | int i; |
1831 | |
1832 | for (i = 0; i < ahci->ports; i++) { |
1833 | if (hd[i] == NULL) { |
1834 | continue; |
1835 | } |
1836 | ide_create_drive(&ahci->dev[i].port, 0, hd[i]); |
1837 | } |
1838 | |
1839 | } |
1840 | |