From aaeda4a3c9e4d1d25c65ce8ca98e2de06daf1eec Mon Sep 17 00:00:00 2001 From: John Snow Date: Thu, 17 Sep 2015 14:17:04 -0400 Subject: ide: unify io_buffer_offset increments IDEState's io_buffer_offset was originally added to keep track of offsets in AHCI rather exclusively, but it was added to IDEState instead of an AHCI-specific structure. AHCI fakes all PIO transfers using DMA and a scatter-gather list. When the core or atapi layers invoke HBA-specific mechanisms for transfers, they do not always know that it is being backed by DMA or a sglist, so this offset is not always updated by the HBA code everywhere. If we modify it in dma_buf_commit, however, any HBA that needs to use this offset to manage operating on only part of a sglist will have access to it. This will fix ATAPI PIO transfers performed through the AHCI HBA, which were previously not modifying this value appropriately. This will fix ATAPI PIO transfers larger than one sector. Reported-by: Hannes Reinecke Signed-off-by: John Snow Reviewed-by: Paolo Bonzini Tested-by: Laszlo Ersek Message-id: 1440546331-29087-2-git-send-email-jsnow@redhat.com CC: qemu-stable@nongnu.org --- hw/ide/ahci.c | 22 +++++++--------------- hw/ide/core.c | 5 ++--- hw/ide/internal.h | 1 + 3 files changed, 10 insertions(+), 18 deletions(-) (limited to 'hw') diff --git a/hw/ide/ahci.c b/hw/ide/ahci.c index 44f6e27..ad05527 100644 --- a/hw/ide/ahci.c +++ b/hw/ide/ahci.c @@ -49,7 +49,6 @@ static void ahci_reset_port(AHCIState *s, int port); static void ahci_write_fis_d2h(AHCIDevice *ad, uint8_t *cmd_fis); static void ahci_init_d2h(AHCIDevice *ad); static int ahci_dma_prepare_buf(IDEDMA *dma, int32_t limit); -static void ahci_commit_buf(IDEDMA *dma, uint32_t tx_bytes); static bool ahci_map_clb_address(AHCIDevice *ad); static bool ahci_map_fis_address(AHCIDevice *ad); static void ahci_unmap_clb_address(AHCIDevice *ad); @@ -1289,7 +1288,7 @@ out: s->data_ptr = s->data_end; /* Update number of transferred bytes, destroy sglist */ - ahci_commit_buf(dma, size); + dma_buf_commit(s, size); s->end_transfer_func(s); @@ -1331,9 +1330,8 @@ static void ahci_restart(IDEDMA *dma) } /** - * Called in DMA R/W chains to read the PRDT, utilizing ahci_populate_sglist. - * Not currently invoked by PIO R/W chains, - * which invoke ahci_populate_sglist via ahci_start_transfer. + * Called in DMA and PIO R/W chains to read the PRDT. + * Not shared with NCQ pathways. */ static int32_t ahci_dma_prepare_buf(IDEDMA *dma, int32_t limit) { @@ -1352,21 +1350,16 @@ static int32_t ahci_dma_prepare_buf(IDEDMA *dma, int32_t limit) } /** - * Destroys the scatter-gather list, - * and updates the command header with a bytes-read value. - * called explicitly via ahci_dma_rw_buf (ATAPI DMA), - * and ahci_start_transfer (PIO R/W), - * and called via callback from ide_dma_cb for DMA R/W paths. + * Updates the command header with a bytes-read value. + * Called via dma_buf_commit, for both DMA and PIO paths. + * sglist destruction is handled within dma_buf_commit. */ static void ahci_commit_buf(IDEDMA *dma, uint32_t tx_bytes) { AHCIDevice *ad = DO_UPCAST(AHCIDevice, dma, dma); - IDEState *s = &ad->port.ifs[0]; tx_bytes += le32_to_cpu(ad->cur_cmd->status); ad->cur_cmd->status = cpu_to_le32(tx_bytes); - - qemu_sglist_destroy(&s->sg); } static int ahci_dma_rw_buf(IDEDMA *dma, int is_write) @@ -1387,10 +1380,9 @@ static int ahci_dma_rw_buf(IDEDMA *dma, int is_write) } /* free sglist, update byte count */ - ahci_commit_buf(dma, l); + dma_buf_commit(s, l); s->io_buffer_index += l; - s->io_buffer_offset += l; DPRINTF(ad->port_no, "len=%#x\n", l); diff --git a/hw/ide/core.c b/hw/ide/core.c index 50449ca..8ba04df 100644 --- a/hw/ide/core.c +++ b/hw/ide/core.c @@ -591,7 +591,6 @@ static void ide_sector_read_cb(void *opaque, int ret) s->nsector -= n; /* Allow the guest to read the io_buffer */ ide_transfer_start(s, s->io_buffer, n * BDRV_SECTOR_SIZE, ide_sector_read); - s->io_buffer_offset += 512 * n; ide_set_irq(s->bus); } @@ -635,11 +634,12 @@ static void ide_sector_read(IDEState *s) ide_sector_read_cb, s); } -static void dma_buf_commit(IDEState *s, uint32_t tx_bytes) +void dma_buf_commit(IDEState *s, uint32_t tx_bytes) { if (s->bus->dma->ops->commit_buf) { s->bus->dma->ops->commit_buf(s->bus->dma, tx_bytes); } + s->io_buffer_offset += tx_bytes; qemu_sglist_destroy(&s->sg); } @@ -842,7 +842,6 @@ static void ide_sector_write_cb(void *opaque, int ret) n = s->req_nb_sectors; } s->nsector -= n; - s->io_buffer_offset += 512 * n; ide_set_sector(s, ide_get_sector(s) + n); if (s->nsector == 0) { diff --git a/hw/ide/internal.h b/hw/ide/internal.h index 30fdcbc..7288a67 100644 --- a/hw/ide/internal.h +++ b/hw/ide/internal.h @@ -536,6 +536,7 @@ int64_t ide_get_sector(IDEState *s); void ide_set_sector(IDEState *s, int64_t sector_num); void ide_start_dma(IDEState *s, BlockCompletionFunc *cb); +void dma_buf_commit(IDEState *s, uint32_t tx_bytes); void ide_dma_error(IDEState *s); void ide_atapi_cmd_ok(IDEState *s); -- cgit v1.1 From d9033e1d3aa666c5071580617a57bd853c5d794a Mon Sep 17 00:00:00 2001 From: John Snow Date: Thu, 17 Sep 2015 14:17:05 -0400 Subject: ide: fix ATAPI command permissions We're a little too lenient with what we'll let an ATAPI drive handle. Clamp down on the IDE command execution table to remove CD_OK permissions from commands that are not and have never been ATAPI commands. For ATAPI command validity, please see: - ATA4 Section 6.5 ("PACKET Command feature set") - ATA8/ACS Section 4.3 ("The PACKET feature set") - ACS3 Section 4.3 ("The PACKET feature set") ACS3 has a historical command validity table in Table B.4 ("Historical Command Assignments") that can be referenced to find when a command was introduced, deprecated, obsoleted, etc. The only reference for ATAPI command validity is by checking that version's PACKET feature set section. ATAPI was introduced by T13 into ATA4, all commands retired prior to ATA4 therefore are assumed to have never been ATAPI commands. Mandatory commands, as listed in ATA8-ACS3, are: - DEVICE RESET - EXECUTE DEVICE DIAGNOSTIC - IDENTIFY DEVICE - IDENTIFY PACKET DEVICE - NOP - PACKET - READ SECTOR(S) - SET FEATURES Optional commands as listed in ATA8-ACS3, are: - FLUSH CACHE - READ LOG DMA EXT - READ LOG EXT - WRITE LOG DMA EXT - WRITE LOG EXT All other commands are illegal to send to an ATAPI device and should be rejected by the device. CD_OK removal justifications: 0x06 WIN_DSM Defined in ACS2. Not valid for ATAPI. 0x21 WIN_READ_ONCE Retired in ATA5. Not ATAPI in ATA4. 0x94 WIN_STANDBYNOW2 Retired in ATA4. Did not coexist with ATAPI. 0x95 WIN_IDLEIMMEDIATE2 Retired in ATA4. Did not coexist with ATAPI. 0x96 WIN_STANDBY2 Retired in ATA4. Did not coexist with ATAPI. 0x97 WIN_SETIDLE2 Retired in ATA4. Did not coexist with ATAPI. 0x98 WIN_CHECKPOWERMODE2 Retired in ATA4. Did not coexist with ATAPI. 0x99 WIN_SLEEPNOW2 Retired in ATA4. Did not coexist with ATAPI. 0xE0 WIN_STANDBYNOW1 Not part of ATAPI in ATA4, ACS or ACS3. 0xE1 WIN_IDLEIMMDIATE Not part of ATAPI in ATA4, ACS or ACS3. 0xE2 WIN_STANDBY Not part of ATAPI in ATA4, ACS or ACS3. 0xE3 WIN_SETIDLE1 Not part of ATAPI in ATA4, ACS or ACS3. 0xE4 WIN_CHECKPOWERMODE1 Not part of ATAPI in ATA4, ACS or ACS3. 0xE5 WIN_SLEEPNOW1 Not part of ATAPI in ATA4, ACS or ACS3. 0xF8 WIN_READ_NATIVE_MAX Obsoleted in ACS3. Not ATAPI in ATA4 or ACS. This patch fixes a divide by zero fault that can be caused by sending the WIN_READ_NATIVE_MAX command to an ATAPI drive, which causes it to attempt to use zeroed CHS values to perform sector arithmetic. Reported-by: Qinghao Tang Signed-off-by: John Snow Reviewed-by: Markus Armbruster Message-id: 1441816082-21031-1-git-send-email-jsnow@redhat.com CC: qemu-stable@nongnu.org --- hw/ide/core.c | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) (limited to 'hw') diff --git a/hw/ide/core.c b/hw/ide/core.c index 8ba04df..1cc6945 100644 --- a/hw/ide/core.c +++ b/hw/ide/core.c @@ -1746,11 +1746,11 @@ static const struct { } ide_cmd_table[0x100] = { /* NOP not implemented, mandatory for CD */ [CFA_REQ_EXT_ERROR_CODE] = { cmd_cfa_req_ext_error_code, CFA_OK }, - [WIN_DSM] = { cmd_data_set_management, ALL_OK }, + [WIN_DSM] = { cmd_data_set_management, HD_CFA_OK }, [WIN_DEVICE_RESET] = { cmd_device_reset, CD_OK }, [WIN_RECAL] = { cmd_nop, HD_CFA_OK | SET_DSC}, [WIN_READ] = { cmd_read_pio, ALL_OK }, - [WIN_READ_ONCE] = { cmd_read_pio, ALL_OK }, + [WIN_READ_ONCE] = { cmd_read_pio, HD_CFA_OK }, [WIN_READ_EXT] = { cmd_read_pio, HD_CFA_OK }, [WIN_READDMA_EXT] = { cmd_read_dma, HD_CFA_OK }, [WIN_READ_NATIVE_MAX_EXT] = { cmd_read_native_max, HD_CFA_OK | SET_DSC }, @@ -1769,12 +1769,12 @@ static const struct { [CFA_TRANSLATE_SECTOR] = { cmd_cfa_translate_sector, CFA_OK }, [WIN_DIAGNOSE] = { cmd_exec_dev_diagnostic, ALL_OK }, [WIN_SPECIFY] = { cmd_nop, HD_CFA_OK | SET_DSC }, - [WIN_STANDBYNOW2] = { cmd_nop, ALL_OK }, - [WIN_IDLEIMMEDIATE2] = { cmd_nop, ALL_OK }, - [WIN_STANDBY2] = { cmd_nop, ALL_OK }, - [WIN_SETIDLE2] = { cmd_nop, ALL_OK }, - [WIN_CHECKPOWERMODE2] = { cmd_check_power_mode, ALL_OK | SET_DSC }, - [WIN_SLEEPNOW2] = { cmd_nop, ALL_OK }, + [WIN_STANDBYNOW2] = { cmd_nop, HD_CFA_OK }, + [WIN_IDLEIMMEDIATE2] = { cmd_nop, HD_CFA_OK }, + [WIN_STANDBY2] = { cmd_nop, HD_CFA_OK }, + [WIN_SETIDLE2] = { cmd_nop, HD_CFA_OK }, + [WIN_CHECKPOWERMODE2] = { cmd_check_power_mode, HD_CFA_OK | SET_DSC }, + [WIN_SLEEPNOW2] = { cmd_nop, HD_CFA_OK }, [WIN_PACKETCMD] = { cmd_packet, CD_OK }, [WIN_PIDENTIFY] = { cmd_identify_packet, CD_OK }, [WIN_SMART] = { cmd_smart, HD_CFA_OK | SET_DSC }, @@ -1788,19 +1788,19 @@ static const struct { [WIN_WRITEDMA] = { cmd_write_dma, HD_CFA_OK }, [WIN_WRITEDMA_ONCE] = { cmd_write_dma, HD_CFA_OK }, [CFA_WRITE_MULTI_WO_ERASE] = { cmd_write_multiple, CFA_OK }, - [WIN_STANDBYNOW1] = { cmd_nop, ALL_OK }, - [WIN_IDLEIMMEDIATE] = { cmd_nop, ALL_OK }, - [WIN_STANDBY] = { cmd_nop, ALL_OK }, - [WIN_SETIDLE1] = { cmd_nop, ALL_OK }, - [WIN_CHECKPOWERMODE1] = { cmd_check_power_mode, ALL_OK | SET_DSC }, - [WIN_SLEEPNOW1] = { cmd_nop, ALL_OK }, + [WIN_STANDBYNOW1] = { cmd_nop, HD_CFA_OK }, + [WIN_IDLEIMMEDIATE] = { cmd_nop, HD_CFA_OK }, + [WIN_STANDBY] = { cmd_nop, HD_CFA_OK }, + [WIN_SETIDLE1] = { cmd_nop, HD_CFA_OK }, + [WIN_CHECKPOWERMODE1] = { cmd_check_power_mode, HD_CFA_OK | SET_DSC }, + [WIN_SLEEPNOW1] = { cmd_nop, HD_CFA_OK }, [WIN_FLUSH_CACHE] = { cmd_flush_cache, ALL_OK }, [WIN_FLUSH_CACHE_EXT] = { cmd_flush_cache, HD_CFA_OK }, [WIN_IDENTIFY] = { cmd_identify, ALL_OK }, [WIN_SETFEATURES] = { cmd_set_features, ALL_OK | SET_DSC }, [IBM_SENSE_CONDITION] = { cmd_ibm_sense_condition, CFA_OK | SET_DSC }, [CFA_WEAR_LEVEL] = { cmd_cfa_erase_sectors, HD_CFA_OK | SET_DSC }, - [WIN_READ_NATIVE_MAX] = { cmd_read_native_max, ALL_OK | SET_DSC }, + [WIN_READ_NATIVE_MAX] = { cmd_read_native_max, HD_CFA_OK | SET_DSC }, }; static bool ide_cmd_permitted(IDEState *s, uint32_t cmd) -- cgit v1.1 From 9ef2e93f9b1888c7d0deb4a105149138e6ad2e98 Mon Sep 17 00:00:00 2001 From: John Snow Date: Thu, 17 Sep 2015 14:17:05 -0400 Subject: atapi: abort transfers with 0 byte limits We're supposed to abort on transfers like this, unless we fill Word 125 of our IDENTIFY data with a default transfer size, which we don't currently do. This is an ATA error, not a SCSI/ATAPI one. See ATA8-ACS3 sections 7.17.6.49 or 7.21.5. If we don't do this, QEMU will loop forever trying to transfer zero bytes, which isn't particularly useful. Signed-off-by: John Snow Reviewed-by: Markus Armbruster Message-id: 1442253685-23349-2-git-send-email-jsnow@redhat.com --- hw/ide/atapi.c | 32 +++++++++++++++++++++++++++----- hw/ide/core.c | 2 +- hw/ide/internal.h | 1 + 3 files changed, 29 insertions(+), 6 deletions(-) (limited to 'hw') diff --git a/hw/ide/atapi.c b/hw/ide/atapi.c index 79dd167..747f466 100644 --- a/hw/ide/atapi.c +++ b/hw/ide/atapi.c @@ -1169,20 +1169,28 @@ enum { * 4.1.8) */ CHECK_READY = 0x02, + + /* + * Commands flagged with NONDATA do not in any circumstances return + * any data via ide_atapi_cmd_reply. These commands are exempt from + * the normal byte_count_limit constraints. + * See ATA8-ACS3 "7.21.5 Byte Count Limit" + */ + NONDATA = 0x04, }; static const struct { void (*handler)(IDEState *s, uint8_t *buf); int flags; } atapi_cmd_table[0x100] = { - [ 0x00 ] = { cmd_test_unit_ready, CHECK_READY }, + [ 0x00 ] = { cmd_test_unit_ready, CHECK_READY | NONDATA }, [ 0x03 ] = { cmd_request_sense, ALLOW_UA }, [ 0x12 ] = { cmd_inquiry, ALLOW_UA }, - [ 0x1b ] = { cmd_start_stop_unit, 0 }, /* [1] */ - [ 0x1e ] = { cmd_prevent_allow_medium_removal, 0 }, + [ 0x1b ] = { cmd_start_stop_unit, NONDATA }, /* [1] */ + [ 0x1e ] = { cmd_prevent_allow_medium_removal, NONDATA }, [ 0x25 ] = { cmd_read_cdvd_capacity, CHECK_READY }, [ 0x28 ] = { cmd_read, /* (10) */ CHECK_READY }, - [ 0x2b ] = { cmd_seek, CHECK_READY }, + [ 0x2b ] = { cmd_seek, CHECK_READY | NONDATA }, [ 0x43 ] = { cmd_read_toc_pma_atip, CHECK_READY }, [ 0x46 ] = { cmd_get_configuration, ALLOW_UA }, [ 0x4a ] = { cmd_get_event_status_notification, ALLOW_UA }, @@ -1190,7 +1198,7 @@ static const struct { [ 0x5a ] = { cmd_mode_sense, /* (10) */ 0 }, [ 0xa8 ] = { cmd_read, /* (12) */ CHECK_READY }, [ 0xad ] = { cmd_read_dvd_structure, CHECK_READY }, - [ 0xbb ] = { cmd_set_speed, 0 }, + [ 0xbb ] = { cmd_set_speed, NONDATA }, [ 0xbd ] = { cmd_mechanism_status, 0 }, [ 0xbe ] = { cmd_read_cd, CHECK_READY }, /* [1] handler detects and reports not ready condition itself */ @@ -1251,6 +1259,20 @@ void ide_atapi_cmd(IDEState *s) return; } + /* Nondata commands permit the byte_count_limit to be 0. + * If this is a data-transferring PIO command and BCL is 0, + * we abort at the /ATA/ level, not the ATAPI level. + * See ATA8 ACS3 section 7.17.6.49 and 7.21.5 */ + if (!(atapi_cmd_table[s->io_buffer[0]].flags & NONDATA)) { + /* TODO: Check IDENTIFY data word 125 for default BCL (currently 0) */ + uint16_t byte_count_limit = s->lcyl | (s->hcyl << 8); + if (!(byte_count_limit || s->atapi_dma)) { + /* TODO: Move abort back into core.c and make static inline again */ + ide_abort_command(s); + return; + } + } + /* Execute the command */ if (atapi_cmd_table[s->io_buffer[0]].handler) { atapi_cmd_table[s->io_buffer[0]].handler(s, buf); diff --git a/hw/ide/core.c b/hw/ide/core.c index 1cc6945..317406d 100644 --- a/hw/ide/core.c +++ b/hw/ide/core.c @@ -457,7 +457,7 @@ BlockAIOCB *ide_issue_trim(BlockBackend *blk, return &iocb->common; } -static inline void ide_abort_command(IDEState *s) +void ide_abort_command(IDEState *s) { ide_transfer_stop(s); s->status = READY_STAT | ERR_STAT; diff --git a/hw/ide/internal.h b/hw/ide/internal.h index 7288a67..05e93ff 100644 --- a/hw/ide/internal.h +++ b/hw/ide/internal.h @@ -538,6 +538,7 @@ void ide_set_sector(IDEState *s, int64_t sector_num); void ide_start_dma(IDEState *s, BlockCompletionFunc *cb); void dma_buf_commit(IDEState *s, uint32_t tx_bytes); void ide_dma_error(IDEState *s); +void ide_abort_command(IDEState *s); void ide_atapi_cmd_ok(IDEState *s); void ide_atapi_cmd_error(IDEState *s, int sense_key, int asc); -- cgit v1.1 From f91a0aa3743c8bdf0dc0f646606a3dc8bb2c7df8 Mon Sep 17 00:00:00 2001 From: John Snow Date: Tue, 1 Sep 2015 16:50:38 -0400 Subject: ahci: remove dead reset code This check is dead due to an earlier conditional. AHCI does not currently support hotplugging, so checks to see if devices are present or not are useless. Remove it. Reported-by: Stefan Hajnoczi Signed-off-by: John Snow Reviewed-by: Stefan Hajnoczi Message-id: 1441140641-17631-2-git-send-email-jsnow@redhat.com --- hw/ide/ahci.c | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) (limited to 'hw') diff --git a/hw/ide/ahci.c b/hw/ide/ahci.c index ad05527..0c699a7 100644 --- a/hw/ide/ahci.c +++ b/hw/ide/ahci.c @@ -602,10 +602,7 @@ static void ahci_reset_port(AHCIState *s, int port) } s->dev[port].port_state = STATE_RUN; - if (!ide_state->blk) { - pr->sig = 0; - ide_state->status = SEEK_STAT | WRERR_STAT; - } else if (ide_state->drive_kind == IDE_CD) { + if (ide_state->drive_kind == IDE_CD) { pr->sig = SATA_SIGNATURE_CDROM; ide_state->lcyl = 0x14; ide_state->hcyl = 0xeb; -- cgit v1.1 From 33a983cb2821600f4ed5720919434256e8371ec2 Mon Sep 17 00:00:00 2001 From: John Snow Date: Tue, 1 Sep 2015 16:50:39 -0400 Subject: ahci: fix signature generation The initial register device-to-host FIS no longer needs to specially set certain fields, as these can be handled generically by setting those fields explicitly with the signatures we want at port reset time. (1) Signatures are decomposed into their four component registers and set upon (AHCI) port reset. (2) the signature cache register is no longer set manually per-each device type, but instead just once during ahci_init_d2h. Signed-off-by: John Snow Reviewed-by: Stefan Hajnoczi Message-id: 1441140641-17631-3-git-send-email-jsnow@redhat.com --- hw/ide/ahci.c | 32 ++++++++++++++++++++------------ 1 file changed, 20 insertions(+), 12 deletions(-) (limited to 'hw') diff --git a/hw/ide/ahci.c b/hw/ide/ahci.c index 0c699a7..b86347d 100644 --- a/hw/ide/ahci.c +++ b/hw/ide/ahci.c @@ -540,20 +540,31 @@ static void ahci_init_d2h(AHCIDevice *ad) { uint8_t init_fis[20]; IDEState *ide_state = &ad->port.ifs[0]; + AHCIPortRegs *pr = &ad->port_regs; memset(init_fis, 0, sizeof(init_fis)); - init_fis[4] = 1; - init_fis[12] = 1; - - if (ide_state->drive_kind == IDE_CD) { - init_fis[5] = ide_state->lcyl; - init_fis[6] = ide_state->hcyl; - } + /* We're emulating receiving the first Reg H2D Fis from the device; + * Update the SIG register, but otherwise proceed as normal. */ + pr->sig = (ide_state->hcyl << 24) | + (ide_state->lcyl << 16) | + (ide_state->sector << 8) | + (ide_state->nsector & 0xFF); ahci_write_fis_d2h(ad, init_fis); } +static void ahci_set_signature(AHCIDevice *ad, uint32_t sig) +{ + IDEState *s = &ad->port.ifs[0]; + s->hcyl = sig >> 24 & 0xFF; + s->lcyl = sig >> 16 & 0xFF; + s->sector = sig >> 8 & 0xFF; + s->nsector = sig & 0xFF; + + DPRINTF(ad->port_no, "set hcyl:lcyl:sect:nsect = 0x%08x\n", sig); +} + static void ahci_reset_port(AHCIState *s, int port) { AHCIDevice *d = &s->dev[port]; @@ -603,13 +614,10 @@ static void ahci_reset_port(AHCIState *s, int port) s->dev[port].port_state = STATE_RUN; if (ide_state->drive_kind == IDE_CD) { - pr->sig = SATA_SIGNATURE_CDROM; - ide_state->lcyl = 0x14; - ide_state->hcyl = 0xeb; - DPRINTF(port, "set lcyl = %d\n", ide_state->lcyl); + ahci_set_signature(d, SATA_SIGNATURE_CDROM);\ ide_state->status = SEEK_STAT | WRERR_STAT | READY_STAT; } else { - pr->sig = SATA_SIGNATURE_DISK; + ahci_set_signature(d, SATA_SIGNATURE_DISK); ide_state->status = SEEK_STAT | WRERR_STAT; } -- cgit v1.1 From 28ee82557cdbf3d9023b58f7229b0d0fd1a3d776 Mon Sep 17 00:00:00 2001 From: John Snow Date: Tue, 1 Sep 2015 16:50:40 -0400 Subject: ahci: remove cmd_fis argument from write_fis_d2h It's no longer used. We used to generate a D2H FIS based upon the command FIS that prompted the update, but in reality, the D2H FIS is generated purely from register state. cmd_fis is vestigial, so get rid of it. Signed-off-by: John Snow Reviewed-by: Stefan Hajnoczi Message-id: 1441140641-17631-4-git-send-email-jsnow@redhat.com --- hw/ide/ahci.c | 11 ++++------- 1 file changed, 4 insertions(+), 7 deletions(-) (limited to 'hw') diff --git a/hw/ide/ahci.c b/hw/ide/ahci.c index b86347d..ea87f5a 100644 --- a/hw/ide/ahci.c +++ b/hw/ide/ahci.c @@ -46,7 +46,7 @@ do { \ static void check_cmd(AHCIState *s, int port); static int handle_cmd(AHCIState *s, int port, uint8_t slot); static void ahci_reset_port(AHCIState *s, int port); -static void ahci_write_fis_d2h(AHCIDevice *ad, uint8_t *cmd_fis); +static void ahci_write_fis_d2h(AHCIDevice *ad); static void ahci_init_d2h(AHCIDevice *ad); static int ahci_dma_prepare_buf(IDEDMA *dma, int32_t limit); static bool ahci_map_clb_address(AHCIDevice *ad); @@ -538,12 +538,9 @@ static void ahci_check_cmd_bh(void *opaque) static void ahci_init_d2h(AHCIDevice *ad) { - uint8_t init_fis[20]; IDEState *ide_state = &ad->port.ifs[0]; AHCIPortRegs *pr = &ad->port_regs; - memset(init_fis, 0, sizeof(init_fis)); - /* We're emulating receiving the first Reg H2D Fis from the device; * Update the SIG register, but otherwise proceed as normal. */ pr->sig = (ide_state->hcyl << 24) | @@ -551,7 +548,7 @@ static void ahci_init_d2h(AHCIDevice *ad) (ide_state->sector << 8) | (ide_state->nsector & 0xFF); - ahci_write_fis_d2h(ad, init_fis); + ahci_write_fis_d2h(ad); } static void ahci_set_signature(AHCIDevice *ad, uint32_t sig) @@ -753,7 +750,7 @@ static void ahci_write_fis_pio(AHCIDevice *ad, uint16_t len) ahci_trigger_irq(ad->hba, ad, PORT_IRQ_PIOS_FIS); } -static void ahci_write_fis_d2h(AHCIDevice *ad, uint8_t *cmd_fis) +static void ahci_write_fis_d2h(AHCIDevice *ad) { AHCIPortRegs *pr = &ad->port_regs; uint8_t *d2h_fis; @@ -1401,7 +1398,7 @@ static void ahci_cmd_done(IDEDMA *dma) DPRINTF(ad->port_no, "cmd done\n"); /* update d2h status */ - ahci_write_fis_d2h(ad, NULL); + ahci_write_fis_d2h(ad); if (!ad->check_bh) { /* maybe we still have something to process, check later */ -- cgit v1.1 From e47f9eb148fc3b9a67d318951ebceb834205f94c Mon Sep 17 00:00:00 2001 From: John Snow Date: Tue, 1 Sep 2015 16:50:41 -0400 Subject: ahci: clean up initial d2h semantics with write_fis_d2h and signature generation tidied up, let's adjust the initial d2h semantics to make more sense. The initial d2h is considered delivered if there is guest memory to save it to. Signed-off-by: John Snow Reviewed-by: Stefan Hajnoczi Message-id: 1441140641-17631-5-git-send-email-jsnow@redhat.com --- hw/ide/ahci.c | 27 ++++++++++++++++----------- 1 file changed, 16 insertions(+), 11 deletions(-) (limited to 'hw') diff --git a/hw/ide/ahci.c b/hw/ide/ahci.c index ea87f5a..796be15 100644 --- a/hw/ide/ahci.c +++ b/hw/ide/ahci.c @@ -46,7 +46,7 @@ do { \ static void check_cmd(AHCIState *s, int port); static int handle_cmd(AHCIState *s, int port, uint8_t slot); static void ahci_reset_port(AHCIState *s, int port); -static void ahci_write_fis_d2h(AHCIDevice *ad); +static bool ahci_write_fis_d2h(AHCIDevice *ad); static void ahci_init_d2h(AHCIDevice *ad); static int ahci_dma_prepare_buf(IDEDMA *dma, int32_t limit); static bool ahci_map_clb_address(AHCIDevice *ad); @@ -295,7 +295,6 @@ static void ahci_port_write(AHCIState *s, int port, int offset, uint32_t val) if ((pr->cmd & PORT_CMD_FIS_ON) && !s->dev[port].init_d2h_sent) { ahci_init_d2h(&s->dev[port]); - s->dev[port].init_d2h_sent = true; } check_cmd(s, port); @@ -541,14 +540,19 @@ static void ahci_init_d2h(AHCIDevice *ad) IDEState *ide_state = &ad->port.ifs[0]; AHCIPortRegs *pr = &ad->port_regs; - /* We're emulating receiving the first Reg H2D Fis from the device; - * Update the SIG register, but otherwise proceed as normal. */ - pr->sig = (ide_state->hcyl << 24) | - (ide_state->lcyl << 16) | - (ide_state->sector << 8) | - (ide_state->nsector & 0xFF); + if (ad->init_d2h_sent) { + return; + } - ahci_write_fis_d2h(ad); + if (ahci_write_fis_d2h(ad)) { + ad->init_d2h_sent = true; + /* We're emulating receiving the first Reg H2D Fis from the device; + * Update the SIG register, but otherwise proceed as normal. */ + pr->sig = (ide_state->hcyl << 24) | + (ide_state->lcyl << 16) | + (ide_state->sector << 8) | + (ide_state->nsector & 0xFF); + } } static void ahci_set_signature(AHCIDevice *ad, uint32_t sig) @@ -750,7 +754,7 @@ static void ahci_write_fis_pio(AHCIDevice *ad, uint16_t len) ahci_trigger_irq(ad->hba, ad, PORT_IRQ_PIOS_FIS); } -static void ahci_write_fis_d2h(AHCIDevice *ad) +static bool ahci_write_fis_d2h(AHCIDevice *ad) { AHCIPortRegs *pr = &ad->port_regs; uint8_t *d2h_fis; @@ -758,7 +762,7 @@ static void ahci_write_fis_d2h(AHCIDevice *ad) IDEState *s = &ad->port.ifs[0]; if (!ad->res_fis || !(pr->cmd & PORT_CMD_FIS_RX)) { - return; + return false; } d2h_fis = &ad->res_fis[RES_FIS_RFIS]; @@ -791,6 +795,7 @@ static void ahci_write_fis_d2h(AHCIDevice *ad) } ahci_trigger_irq(ad->hba, ad, PORT_IRQ_D2H_REG_FIS); + return true; } static int prdt_tbl_entry_size(const AHCI_SG *tbl) -- cgit v1.1