search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
KVM: remove support for kernel-irqchip=off
[qemu.git] / tests / qtest / ide-test.c
blobdbe1563b230f33c87a4712ede4f9244818027951
1 /*
2 * IDE test cases
3 *
4 * Copyright (c) 2013 Kevin Wolf <kwolf@redhat.com>
5 *
6 * Permission is hereby granted, free of charge, to any person obtaining a copy
7 * of this software and associated documentation files (the "Software"), to deal
8 * in the Software without restriction, including without limitation the rights
9 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
10 * copies of the Software, and to permit persons to whom the Software is
11 * furnished to do so, subject to the following conditions:
12 *
13 * The above copyright notice and this permission notice shall be included in
14 * all copies or substantial portions of the Software.
15 *
16 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
17 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
18 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
19 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
20 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
21 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
22 * THE SOFTWARE.
23 */
24
25 #include "qemu/osdep.h"
26
27
28 #include "libqtest.h"
29 #include "libqos/libqos.h"
30 #include "libqos/pci-pc.h"
31 #include "libqos/malloc-pc.h"
32 #include "qapi/qmp/qdict.h"
33 #include "qemu/bswap.h"
34 #include "hw/pci/pci_ids.h"
35 #include "hw/pci/pci_regs.h"
36
37 /* TODO actually test the results and get rid of this */
38 #define qmp_discard_response(q, ...) qobject_unref(qtest_qmp(q, __VA_ARGS__))
39
40 #define TEST_IMAGE_SIZE 64 * 1024 * 1024
41
42 #define IDE_PCI_DEV 1
43 #define IDE_PCI_FUNC 1
44
45 #define IDE_BASE 0x1f0
46 #define IDE_PRIMARY_IRQ 14
47
48 #define ATAPI_BLOCK_SIZE 2048
49
50 /* How many bytes to receive via ATAPI PIO at one time.
51 * Must be less than 0xFFFF. */
52 #define BYTE_COUNT_LIMIT 5120
53
54 enum {
55 reg_data = 0x0,
56 reg_feature = 0x1,
57 reg_error = 0x1,
58 reg_nsectors = 0x2,
59 reg_lba_low = 0x3,
60 reg_lba_middle = 0x4,
61 reg_lba_high = 0x5,
62 reg_device = 0x6,
63 reg_status = 0x7,
64 reg_command = 0x7,
65 };
66
67 enum {
68 BSY = 0x80,
69 DRDY = 0x40,
70 DF = 0x20,
71 DRQ = 0x08,
72 ERR = 0x01,
73 };
74
75 /* Error field */
76 enum {
77 ABRT = 0x04,
78 };
79
80 enum {
81 DEV = 0x10,
82 LBA = 0x40,
83 };
84
85 enum {
86 bmreg_cmd = 0x0,
87 bmreg_status = 0x2,
88 bmreg_prdt = 0x4,
89 };
90
91 enum {
92 CMD_DSM = 0x06,
93 CMD_DIAGNOSE = 0x90,
94 CMD_READ_DMA = 0xc8,
95 CMD_WRITE_DMA = 0xca,
96 CMD_FLUSH_CACHE = 0xe7,
97 CMD_IDENTIFY = 0xec,
98 CMD_PACKET = 0xa0,
99
100 CMDF_ABORT = 0x100,
101 CMDF_NO_BM = 0x200,
102 };
103
104 enum {
105 BM_CMD_START = 0x1,
106 BM_CMD_WRITE = 0x8, /* write = from device to memory */
107 };
108
109 enum {
110 BM_STS_ACTIVE = 0x1,
111 BM_STS_ERROR = 0x2,
112 BM_STS_INTR = 0x4,
113 };
114
115 enum {
116 PRDT_EOT = 0x80000000,
117 };
118
119 #define assert_bit_set(data, mask) g_assert_cmphex((data) & (mask), ==, (mask))
120 #define assert_bit_clear(data, mask) g_assert_cmphex((data) & (mask), ==, 0)
121
122 static QPCIBus *pcibus = NULL;
123 static QGuestAllocator guest_malloc;
124
125 static char *tmp_path[2];
126 static char *debug_path;
127
128 static QTestState *ide_test_start(const char *cmdline_fmt, ...)
129 {
130 QTestState *qts;
131 g_autofree char *full_fmt = g_strdup_printf("-machine pc %s", cmdline_fmt);
132 va_list ap;
133
134 va_start(ap, cmdline_fmt);
135 qts = qtest_vinitf(full_fmt, ap);
136 va_end(ap);
137
138 pc_alloc_init(&guest_malloc, qts, 0);
139
140 return qts;
141 }
142
143 static void ide_test_quit(QTestState *qts)
144 {
145 if (pcibus) {
146 qpci_free_pc(pcibus);
147 pcibus = NULL;
148 }
149 alloc_destroy(&guest_malloc);
150 qtest_quit(qts);
151 }
152
153 static QPCIDevice *get_pci_device(QTestState *qts, QPCIBar *bmdma_bar,
154 QPCIBar *ide_bar)
155 {
156 QPCIDevice *dev;
157 uint16_t vendor_id, device_id;
158
159 if (!pcibus) {
160 pcibus = qpci_new_pc(qts, NULL);
161 }
162
163 /* Find PCI device and verify it's the right one */
164 dev = qpci_device_find(pcibus, QPCI_DEVFN(IDE_PCI_DEV, IDE_PCI_FUNC));
165 g_assert(dev != NULL);
166
167 vendor_id = qpci_config_readw(dev, PCI_VENDOR_ID);
168 device_id = qpci_config_readw(dev, PCI_DEVICE_ID);
169 g_assert(vendor_id == PCI_VENDOR_ID_INTEL);
170 g_assert(device_id == PCI_DEVICE_ID_INTEL_82371SB_1);
171
172 /* Map bmdma BAR */
173 *bmdma_bar = qpci_iomap(dev, 4, NULL);
174
175 *ide_bar = qpci_legacy_iomap(dev, IDE_BASE);
176
177 qpci_device_enable(dev);
178
179 return dev;
180 }
181
182 static void free_pci_device(QPCIDevice *dev)
183 {
184 /* libqos doesn't have a function for this, so free it manually */
185 g_free(dev);
186 }
187
188 typedef struct PrdtEntry {
189 uint32_t addr;
190 uint32_t size;
191 } QEMU_PACKED PrdtEntry;
192
193 #define assert_bit_set(data, mask) g_assert_cmphex((data) & (mask), ==, (mask))
194 #define assert_bit_clear(data, mask) g_assert_cmphex((data) & (mask), ==, 0)
195
196 static uint64_t trim_range_le(uint64_t sector, uint16_t count)
197 {
198 /* 2-byte range, 6-byte LBA */
199 return cpu_to_le64(((uint64_t)count << 48) + sector);
200 }
201
202 static int send_dma_request(QTestState *qts, int cmd, uint64_t sector,
203 int nb_sectors, PrdtEntry *prdt, int prdt_entries,
204 void(*post_exec)(QPCIDevice *dev, QPCIBar ide_bar,
205 uint64_t sector, int nb_sectors))
206 {
207 QPCIDevice *dev;
208 QPCIBar bmdma_bar, ide_bar;
209 uintptr_t guest_prdt;
210 size_t len;
211 bool from_dev;
212 uint8_t status;
213 int flags;
214
215 dev = get_pci_device(qts, &bmdma_bar, &ide_bar);
216
217 flags = cmd & ~0xff;
218 cmd &= 0xff;
219
220 switch (cmd) {
221 case CMD_READ_DMA:
222 case CMD_PACKET:
223 /* Assuming we only test data reads w/ ATAPI, otherwise we need to know
224 * the SCSI command being sent in the packet, too. */
225 from_dev = true;
226 break;
227 case CMD_DSM:
228 case CMD_WRITE_DMA:
229 from_dev = false;
230 break;
231 default:
232 g_assert_not_reached();
233 }
234
235 if (flags & CMDF_NO_BM) {
236 qpci_config_writew(dev, PCI_COMMAND,
237 PCI_COMMAND_IO | PCI_COMMAND_MEMORY);
238 }
239
240 /* Select device 0 */
241 qpci_io_writeb(dev, ide_bar, reg_device, 0 | LBA);
242
243 /* Stop any running transfer, clear any pending interrupt */
244 qpci_io_writeb(dev, bmdma_bar, bmreg_cmd, 0);
245 qpci_io_writeb(dev, bmdma_bar, bmreg_status, BM_STS_INTR);
246
247 /* Setup PRDT */
248 len = sizeof(*prdt) * prdt_entries;
249 guest_prdt = guest_alloc(&guest_malloc, len);
250 qtest_memwrite(qts, guest_prdt, prdt, len);
251 qpci_io_writel(dev, bmdma_bar, bmreg_prdt, guest_prdt);
252
253 /* ATA DMA command */
254 if (cmd == CMD_PACKET) {
255 /* Enables ATAPI DMA; otherwise PIO is attempted */
256 qpci_io_writeb(dev, ide_bar, reg_feature, 0x01);
257 } else {
258 if (cmd == CMD_DSM) {
259 /* trim bit */
260 qpci_io_writeb(dev, ide_bar, reg_feature, 0x01);
261 }
262 qpci_io_writeb(dev, ide_bar, reg_nsectors, nb_sectors);
263 qpci_io_writeb(dev, ide_bar, reg_lba_low, sector & 0xff);
264 qpci_io_writeb(dev, ide_bar, reg_lba_middle, (sector >> 8) & 0xff);
265 qpci_io_writeb(dev, ide_bar, reg_lba_high, (sector >> 16) & 0xff);
266 }
267
268 qpci_io_writeb(dev, ide_bar, reg_command, cmd);
269
270 if (post_exec) {
271 post_exec(dev, ide_bar, sector, nb_sectors);
272 }
273
274 /* Start DMA transfer */
275 qpci_io_writeb(dev, bmdma_bar, bmreg_cmd,
276 BM_CMD_START | (from_dev ? BM_CMD_WRITE : 0));
277
278 if (flags & CMDF_ABORT) {
279 qpci_io_writeb(dev, bmdma_bar, bmreg_cmd, 0);
280 }
281
282 /* Wait for the DMA transfer to complete */
283 do {
284 status = qpci_io_readb(dev, bmdma_bar, bmreg_status);
285 } while ((status & (BM_STS_ACTIVE | BM_STS_INTR)) == BM_STS_ACTIVE);
286
287 g_assert_cmpint(qtest_get_irq(qts, IDE_PRIMARY_IRQ), ==,
288 !!(status & BM_STS_INTR));
289
290 /* Check IDE status code */
291 assert_bit_set(qpci_io_readb(dev, ide_bar, reg_status), DRDY);
292 assert_bit_clear(qpci_io_readb(dev, ide_bar, reg_status), BSY | DRQ);
293
294 /* Reading the status register clears the IRQ */
295 g_assert(!qtest_get_irq(qts, IDE_PRIMARY_IRQ));
296
297 /* Stop DMA transfer if still active */
298 if (status & BM_STS_ACTIVE) {
299 qpci_io_writeb(dev, bmdma_bar, bmreg_cmd, 0);
300 }
301
302 free_pci_device(dev);
303
304 return status;
305 }
306
307 static QTestState *test_bmdma_setup(void)
308 {
309 QTestState *qts;
310
311 qts = ide_test_start(
312 "-drive file=%s,if=ide,cache=writeback,format=raw "
313 "-global ide-hd.serial=%s -global ide-hd.ver=%s",
314 tmp_path[0], "testdisk", "version");
315 qtest_irq_intercept_in(qts, "ioapic");
316
317 return qts;
318 }
319
320 static void test_bmdma_teardown(QTestState *qts)
321 {
322 ide_test_quit(qts);
323 }
324
325 static void test_bmdma_simple_rw(void)
326 {
327 QTestState *qts;
328 QPCIDevice *dev;
329 QPCIBar bmdma_bar, ide_bar;
330 uint8_t status;
331 uint8_t *buf;
332 uint8_t *cmpbuf;
333 size_t len = 512;
334 uintptr_t guest_buf;
335 PrdtEntry prdt[1];
336
337 qts = test_bmdma_setup();
338
339 guest_buf = guest_alloc(&guest_malloc, len);
340 prdt[0].addr = cpu_to_le32(guest_buf);
341 prdt[0].size = cpu_to_le32(len | PRDT_EOT);
342
343 dev = get_pci_device(qts, &bmdma_bar, &ide_bar);
344
345 buf = g_malloc(len);
346 cmpbuf = g_malloc(len);
347
348 /* Write 0x55 pattern to sector 0 */
349 memset(buf, 0x55, len);
350 qtest_memwrite(qts, guest_buf, buf, len);
351
352 status = send_dma_request(qts, CMD_WRITE_DMA, 0, 1, prdt,
353 ARRAY_SIZE(prdt), NULL);
354 g_assert_cmphex(status, ==, BM_STS_INTR);
355 assert_bit_clear(qpci_io_readb(dev, ide_bar, reg_status), DF | ERR);
356
357 /* Write 0xaa pattern to sector 1 */
358 memset(buf, 0xaa, len);
359 qtest_memwrite(qts, guest_buf, buf, len);
360
361 status = send_dma_request(qts, CMD_WRITE_DMA, 1, 1, prdt,
362 ARRAY_SIZE(prdt), NULL);
363 g_assert_cmphex(status, ==, BM_STS_INTR);
364 assert_bit_clear(qpci_io_readb(dev, ide_bar, reg_status), DF | ERR);
365
366 /* Read and verify 0x55 pattern in sector 0 */
367 memset(cmpbuf, 0x55, len);
368
369 status = send_dma_request(qts, CMD_READ_DMA, 0, 1, prdt, ARRAY_SIZE(prdt),
370 NULL);
371 g_assert_cmphex(status, ==, BM_STS_INTR);
372 assert_bit_clear(qpci_io_readb(dev, ide_bar, reg_status), DF | ERR);
373
374 qtest_memread(qts, guest_buf, buf, len);
375 g_assert(memcmp(buf, cmpbuf, len) == 0);
376
377 /* Read and verify 0xaa pattern in sector 1 */
378 memset(cmpbuf, 0xaa, len);
379
380 status = send_dma_request(qts, CMD_READ_DMA, 1, 1, prdt, ARRAY_SIZE(prdt),
381 NULL);
382 g_assert_cmphex(status, ==, BM_STS_INTR);
383 assert_bit_clear(qpci_io_readb(dev, ide_bar, reg_status), DF | ERR);
384
385 qtest_memread(qts, guest_buf, buf, len);
386 g_assert(memcmp(buf, cmpbuf, len) == 0);
387
388 free_pci_device(dev);
389 g_free(buf);
390 g_free(cmpbuf);
391
392 test_bmdma_teardown(qts);
393 }
394
395 static void test_bmdma_trim(void)
396 {
397 QTestState *qts;
398 QPCIDevice *dev;
399 QPCIBar bmdma_bar, ide_bar;
400 uint8_t status;
401 const uint64_t trim_range[] = { trim_range_le(0, 2),
402 trim_range_le(6, 8),
403 trim_range_le(10, 1),
404 };
405 const uint64_t bad_range = trim_range_le(TEST_IMAGE_SIZE / 512 - 1, 2);
406 size_t len = 512;
407 uint8_t *buf;
408 uintptr_t guest_buf;
409 PrdtEntry prdt[1];
410
411 qts = test_bmdma_setup();
412
413 guest_buf = guest_alloc(&guest_malloc, len);
414 prdt[0].addr = cpu_to_le32(guest_buf),
415 prdt[0].size = cpu_to_le32(len | PRDT_EOT),
416
417 dev = get_pci_device(qts, &bmdma_bar, &ide_bar);
418
419 buf = g_malloc(len);
420
421 /* Normal request */
422 *((uint64_t *)buf) = trim_range[0];
423 *((uint64_t *)buf + 1) = trim_range[1];
424
425 qtest_memwrite(qts, guest_buf, buf, 2 * sizeof(uint64_t));
426
427 status = send_dma_request(qts, CMD_DSM, 0, 1, prdt,
428 ARRAY_SIZE(prdt), NULL);
429 g_assert_cmphex(status, ==, BM_STS_INTR);
430 assert_bit_clear(qpci_io_readb(dev, ide_bar, reg_status), DF | ERR);
431
432 /* Request contains invalid range */
433 *((uint64_t *)buf) = trim_range[2];
434 *((uint64_t *)buf + 1) = bad_range;
435
436 qtest_memwrite(qts, guest_buf, buf, 2 * sizeof(uint64_t));
437
438 status = send_dma_request(qts, CMD_DSM, 0, 1, prdt,
439 ARRAY_SIZE(prdt), NULL);
440 g_assert_cmphex(status, ==, BM_STS_INTR);
441 assert_bit_set(qpci_io_readb(dev, ide_bar, reg_status), ERR);
442 assert_bit_set(qpci_io_readb(dev, ide_bar, reg_error), ABRT);
443
444 free_pci_device(dev);
445 g_free(buf);
446 test_bmdma_teardown(qts);
447 }
448
449 /*
450 * This test is developed according to the Programming Interface for
451 * Bus Master IDE Controller (Revision 1.0 5/16/94)
452 */
453 static void test_bmdma_various_prdts(void)
454 {
455 int sectors = 0;
456 uint32_t size = 0;
457
458 for (sectors = 1; sectors <= 256; sectors *= 2) {
459 QTestState *qts = NULL;
460 QPCIDevice *dev = NULL;
461 QPCIBar bmdma_bar, ide_bar;
462
463 qts = test_bmdma_setup();
464 dev = get_pci_device(qts, &bmdma_bar, &ide_bar);
465
466 for (size = 0; size < 65536; size += 256) {
467 uint32_t req_size = sectors * 512;
468 uint32_t prd_size = size & 0xfffe; /* bit 0 is always set to 0 */
469 uint8_t ret = 0;
470 uint8_t req_status = 0;
471 uint8_t abort_req_status = 0;
472 PrdtEntry prdt[] = {
473 {
474 .addr = 0,
475 .size = cpu_to_le32(size | PRDT_EOT),
476 },
477 };
478
479 /* A value of zero in PRD size indicates 64K */
480 if (prd_size == 0) {
481 prd_size = 65536;
482 }
483
484 /*
485 * 1. If PRDs specified a smaller size than the IDE transfer
486 * size, then the Interrupt and Active bits in the Controller
487 * status register are not set (Error Condition).
488 *
489 * 2. If the size of the physical memory regions was equal to
490 * the IDE device transfer size, the Interrupt bit in the
491 * Controller status register is set to 1, Active bit is set to 0.
492 *
493 * 3. If PRDs specified a larger size than the IDE transfer size,
494 * the Interrupt and Active bits in the Controller status register
495 * are both set to 1.
496 */
497 if (prd_size < req_size) {
498 req_status = 0;
499 abort_req_status = 0;
500 } else if (prd_size == req_size) {
501 req_status = BM_STS_INTR;
502 abort_req_status = BM_STS_INTR;
503 } else {
504 req_status = BM_STS_ACTIVE | BM_STS_INTR;
505 abort_req_status = BM_STS_INTR;
506 }
507
508 /* Test the request */
509 ret = send_dma_request(qts, CMD_READ_DMA, 0, sectors,
510 prdt, ARRAY_SIZE(prdt), NULL);
511 g_assert_cmphex(ret, ==, req_status);
512 assert_bit_clear(qpci_io_readb(dev, ide_bar, reg_status), DF | ERR);
513
514 /* Now test aborting the same request */
515 ret = send_dma_request(qts, CMD_READ_DMA | CMDF_ABORT, 0,
516 sectors, prdt, ARRAY_SIZE(prdt), NULL);
517 g_assert_cmphex(ret, ==, abort_req_status);
518 assert_bit_clear(qpci_io_readb(dev, ide_bar, reg_status), DF | ERR);
519 }
520
521 free_pci_device(dev);
522 test_bmdma_teardown(qts);
523 }
524 }
525
526 static void test_bmdma_no_busmaster(void)
527 {
528 QTestState *qts;
529 QPCIDevice *dev;
530 QPCIBar bmdma_bar, ide_bar;
531 uint8_t status;
532
533 qts = test_bmdma_setup();
534
535 dev = get_pci_device(qts, &bmdma_bar, &ide_bar);
536
537 /* No PRDT_EOT, each entry addr 0/size 64k, and in theory qemu shouldn't be
538 * able to access it anyway because the Bus Master bit in the PCI command
539 * register isn't set. This is complete nonsense, but it used to be pretty
540 * good at confusing and occasionally crashing qemu. */
541 PrdtEntry prdt[4096] = { };
542
543 status = send_dma_request(qts, CMD_READ_DMA | CMDF_NO_BM, 0, 512,
544 prdt, ARRAY_SIZE(prdt), NULL);
545
546 /* Not entirely clear what the expected result is, but this is what we get
547 * in practice. At least we want to be aware of any changes. */
548 g_assert_cmphex(status, ==, BM_STS_ACTIVE | BM_STS_INTR);
549 assert_bit_clear(qpci_io_readb(dev, ide_bar, reg_status), DF | ERR);
550 free_pci_device(dev);
551 test_bmdma_teardown(qts);
552 }
553
554 static void string_cpu_to_be16(uint16_t *s, size_t bytes)
555 {
556 g_assert((bytes & 1) == 0);
557 bytes /= 2;
558
559 while (bytes--) {
560 *s = cpu_to_be16(*s);
561 s++;
562 }
563 }
564
565 static void test_identify(void)
566 {
567 QTestState *qts;
568 QPCIDevice *dev;
569 QPCIBar bmdma_bar, ide_bar;
570 uint8_t data;
571 uint16_t buf[256];
572 int i;
573 int ret;
574
575 qts = ide_test_start(
576 "-drive file=%s,if=ide,cache=writeback,format=raw "
577 "-global ide-hd.serial=%s -global ide-hd.ver=%s",
578 tmp_path[0], "testdisk", "version");
579
580 dev = get_pci_device(qts, &bmdma_bar, &ide_bar);
581
582 /* IDENTIFY command on device 0*/
583 qpci_io_writeb(dev, ide_bar, reg_device, 0);
584 qpci_io_writeb(dev, ide_bar, reg_command, CMD_IDENTIFY);
585
586 /* Read in the IDENTIFY buffer and check registers */
587 data = qpci_io_readb(dev, ide_bar, reg_device);
588 g_assert_cmpint(data & DEV, ==, 0);
589
590 for (i = 0; i < 256; i++) {
591 data = qpci_io_readb(dev, ide_bar, reg_status);
592 assert_bit_set(data, DRDY | DRQ);
593 assert_bit_clear(data, BSY | DF | ERR);
594
595 buf[i] = qpci_io_readw(dev, ide_bar, reg_data);
596 }
597
598 data = qpci_io_readb(dev, ide_bar, reg_status);
599 assert_bit_set(data, DRDY);
600 assert_bit_clear(data, BSY | DF | ERR | DRQ);
601
602 /* Check serial number/version in the buffer */
603 string_cpu_to_be16(&buf[10], 20);
604 ret = memcmp(&buf[10], "testdisk ", 20);
605 g_assert(ret == 0);
606
607 string_cpu_to_be16(&buf[23], 8);
608 ret = memcmp(&buf[23], "version ", 8);
609 g_assert(ret == 0);
610
611 /* Write cache enabled bit */
612 assert_bit_set(buf[85], 0x20);
613
614 ide_test_quit(qts);
615 free_pci_device(dev);
616 }
617
618 static void test_diagnostic(void)
619 {
620 QTestState *qts;
621 QPCIDevice *dev;
622 QPCIBar bmdma_bar, ide_bar;
623 uint8_t data;
624
625 qts = ide_test_start(
626 "-blockdev driver=file,node-name=hda,filename=%s "
627 "-blockdev driver=file,node-name=hdb,filename=%s "
628 "-device ide-hd,drive=hda,bus=ide.0,unit=0 "
629 "-device ide-hd,drive=hdb,bus=ide.0,unit=1 ",
630 tmp_path[0], tmp_path[1]);
631
632 dev = get_pci_device(qts, &bmdma_bar, &ide_bar);
633
634 /* DIAGNOSE command on device 1 */
635 qpci_io_writeb(dev, ide_bar, reg_device, DEV);
636 data = qpci_io_readb(dev, ide_bar, reg_device);
637 g_assert_cmphex(data & DEV, ==, DEV);
638 qpci_io_writeb(dev, ide_bar, reg_command, CMD_DIAGNOSE);
639
640 /* Verify that DEVICE is now 0 */
641 data = qpci_io_readb(dev, ide_bar, reg_device);
642 g_assert_cmphex(data & DEV, ==, 0);
643
644 ide_test_quit(qts);
645 free_pci_device(dev);
646 }
647
648 /*
649 * Write sector 1 with random data to make IDE storage dirty
650 * Needed for flush tests so that flushes actually go though the block layer
651 */
652 static void make_dirty(QTestState *qts, uint8_t device)
653 {
654 QPCIDevice *dev;
655 QPCIBar bmdma_bar, ide_bar;
656 uint8_t status;
657 size_t len = 512;
658 uintptr_t guest_buf;
659 void* buf;
660
661 dev = get_pci_device(qts, &bmdma_bar, &ide_bar);
662
663 guest_buf = guest_alloc(&guest_malloc, len);
664 buf = g_malloc(len);
665 memset(buf, rand() % 255 + 1, len);
666 g_assert(guest_buf);
667 g_assert(buf);
668
669 qtest_memwrite(qts, guest_buf, buf, len);
670
671 PrdtEntry prdt[] = {
672 {
673 .addr = cpu_to_le32(guest_buf),
674 .size = cpu_to_le32(len | PRDT_EOT),
675 },
676 };
677
678 status = send_dma_request(qts, CMD_WRITE_DMA, 1, 1, prdt,
679 ARRAY_SIZE(prdt), NULL);
680 g_assert_cmphex(status, ==, BM_STS_INTR);
681 assert_bit_clear(qpci_io_readb(dev, ide_bar, reg_status), DF | ERR);
682
683 g_free(buf);
684 free_pci_device(dev);
685 }
686
687 static void test_flush(void)
688 {
689 QTestState *qts;
690 QPCIDevice *dev;
691 QPCIBar bmdma_bar, ide_bar;
692 uint8_t data;
693
694 qts = ide_test_start(
695 "-drive file=blkdebug::%s,if=ide,cache=writeback,format=raw",
696 tmp_path[0]);
697
698 dev = get_pci_device(qts, &bmdma_bar, &ide_bar);
699
700 qtest_irq_intercept_in(qts, "ioapic");
701
702 /* Dirty media so that CMD_FLUSH_CACHE will actually go to disk */
703 make_dirty(qts, 0);
704
705 /* Delay the completion of the flush request until we explicitly do it */
706 g_free(qtest_hmp(qts, "qemu-io ide0-hd0 \"break flush_to_os A\""));
707
708 /* FLUSH CACHE command on device 0*/
709 qpci_io_writeb(dev, ide_bar, reg_device, 0);
710 qpci_io_writeb(dev, ide_bar, reg_command, CMD_FLUSH_CACHE);
711
712 /* Check status while request is in flight*/
713 data = qpci_io_readb(dev, ide_bar, reg_status);
714 assert_bit_set(data, BSY | DRDY);
715 assert_bit_clear(data, DF | ERR | DRQ);
716
717 /* Complete the command */
718 g_free(qtest_hmp(qts, "qemu-io ide0-hd0 \"resume A\""));
719
720 /* Check registers */
721 data = qpci_io_readb(dev, ide_bar, reg_device);
722 g_assert_cmpint(data & DEV, ==, 0);
723
724 do {
725 data = qpci_io_readb(dev, ide_bar, reg_status);
726 } while (data & BSY);
727
728 assert_bit_set(data, DRDY);
729 assert_bit_clear(data, BSY | DF | ERR | DRQ);
730
731 ide_test_quit(qts);
732 free_pci_device(dev);
733 }
734
735 static void test_pci_retry_flush(void)
736 {
737 QTestState *qts;
738 QPCIDevice *dev;
739 QPCIBar bmdma_bar, ide_bar;
740 uint8_t data;
741
742 prepare_blkdebug_script(debug_path, "flush_to_disk");
743
744 qts = ide_test_start(
745 "-drive file=blkdebug:%s:%s,if=ide,cache=writeback,format=raw,"
746 "rerror=stop,werror=stop",
747 debug_path, tmp_path[0]);
748
749 dev = get_pci_device(qts, &bmdma_bar, &ide_bar);
750
751 qtest_irq_intercept_in(qts, "ioapic");
752
753 /* Dirty media so that CMD_FLUSH_CACHE will actually go to disk */
754 make_dirty(qts, 0);
755
756 /* FLUSH CACHE command on device 0*/
757 qpci_io_writeb(dev, ide_bar, reg_device, 0);
758 qpci_io_writeb(dev, ide_bar, reg_command, CMD_FLUSH_CACHE);
759
760 /* Check status while request is in flight*/
761 data = qpci_io_readb(dev, ide_bar, reg_status);
762 assert_bit_set(data, BSY | DRDY);
763 assert_bit_clear(data, DF | ERR | DRQ);
764
765 qtest_qmp_eventwait(qts, "STOP");
766
767 /* Complete the command */
768 qmp_discard_response(qts, "{'execute':'cont' }");
769
770 /* Check registers */
771 data = qpci_io_readb(dev, ide_bar, reg_device);
772 g_assert_cmpint(data & DEV, ==, 0);
773
774 do {
775 data = qpci_io_readb(dev, ide_bar, reg_status);
776 } while (data & BSY);
777
778 assert_bit_set(data, DRDY);
779 assert_bit_clear(data, BSY | DF | ERR | DRQ);
780
781 ide_test_quit(qts);
782 free_pci_device(dev);
783 }
784
785 static void test_flush_nodev(void)
786 {
787 QTestState *qts;
788 QPCIDevice *dev;
789 QPCIBar bmdma_bar, ide_bar;
790
791 qts = ide_test_start("");
792
793 dev = get_pci_device(qts, &bmdma_bar, &ide_bar);
794
795 /* FLUSH CACHE command on device 0*/
796 qpci_io_writeb(dev, ide_bar, reg_device, 0);
797 qpci_io_writeb(dev, ide_bar, reg_command, CMD_FLUSH_CACHE);
798
799 /* Just testing that qemu doesn't crash... */
800
801 free_pci_device(dev);
802 ide_test_quit(qts);
803 }
804
805 static void test_flush_empty_drive(void)
806 {
807 QTestState *qts;
808 QPCIDevice *dev;
809 QPCIBar bmdma_bar, ide_bar;
810
811 qts = ide_test_start("-device ide-cd,bus=ide.0");
812 dev = get_pci_device(qts, &bmdma_bar, &ide_bar);
813
814 /* FLUSH CACHE command on device 0 */
815 qpci_io_writeb(dev, ide_bar, reg_device, 0);
816 qpci_io_writeb(dev, ide_bar, reg_command, CMD_FLUSH_CACHE);
817
818 /* Just testing that qemu doesn't crash... */
819
820 free_pci_device(dev);
821 ide_test_quit(qts);
822 }
823
824 typedef struct Read10CDB {
825 uint8_t opcode;
826 uint8_t flags;
827 uint32_t lba;
828 uint8_t reserved;
829 uint16_t nblocks;
830 uint8_t control;
831 uint16_t padding;
832 } __attribute__((__packed__)) Read10CDB;
833
834 static void send_scsi_cdb_read10(QPCIDevice *dev, QPCIBar ide_bar,
835 uint64_t lba, int nblocks)
836 {
837 Read10CDB pkt = { .padding = 0 };
838 int i;
839
840 g_assert_cmpint(lba, <=, UINT32_MAX);
841 g_assert_cmpint(nblocks, <=, UINT16_MAX);
842 g_assert_cmpint(nblocks, >=, 0);
843
844 /* Construct SCSI CDB packet */
845 pkt.opcode = 0x28;
846 pkt.lba = cpu_to_be32(lba);
847 pkt.nblocks = cpu_to_be16(nblocks);
848
849 /* Send Packet */
850 for (i = 0; i < sizeof(Read10CDB)/2; i++) {
851 qpci_io_writew(dev, ide_bar, reg_data,
852 le16_to_cpu(((uint16_t *)&pkt)[i]));
853 }
854 }
855
856 static void nsleep(QTestState *qts, int64_t nsecs)
857 {
858 const struct timespec val = { .tv_nsec = nsecs };
859 nanosleep(&val, NULL);
860 qtest_clock_set(qts, nsecs);
861 }
862
863 static uint8_t ide_wait_clear(QTestState *qts, uint8_t flag)
864 {
865 QPCIDevice *dev;
866 QPCIBar bmdma_bar, ide_bar;
867 uint8_t data;
868 time_t st;
869
870 dev = get_pci_device(qts, &bmdma_bar, &ide_bar);
871
872 /* Wait with a 5 second timeout */
873 time(&st);
874 while (true) {
875 data = qpci_io_readb(dev, ide_bar, reg_status);
876 if (!(data & flag)) {
877 free_pci_device(dev);
878 return data;
879 }
880 if (difftime(time(NULL), st) > 5.0) {
881 break;
882 }
883 nsleep(qts, 400);
884 }
885 g_assert_not_reached();
886 }
887
888 static void ide_wait_intr(QTestState *qts, int irq)
889 {
890 time_t st;
891 bool intr;
892
893 time(&st);
894 while (true) {
895 intr = qtest_get_irq(qts, irq);
896 if (intr) {
897 return;
898 }
899 if (difftime(time(NULL), st) > 5.0) {
900 break;
901 }
902 nsleep(qts, 400);
903 }
904
905 g_assert_not_reached();
906 }
907
908 static void cdrom_pio_impl(int nblocks)
909 {
910 QTestState *qts;
911 QPCIDevice *dev;
912 QPCIBar bmdma_bar, ide_bar;
913 FILE *fh;
914 int patt_blocks = MAX(16, nblocks);
915 size_t patt_len = ATAPI_BLOCK_SIZE * patt_blocks;
916 char *pattern = g_malloc(patt_len);
917 size_t rxsize = ATAPI_BLOCK_SIZE * nblocks;
918 uint16_t *rx = g_malloc0(rxsize);
919 int i, j;
920 uint8_t data;
921 uint16_t limit;
922 size_t ret;
923
924 /* Prepopulate the CDROM with an interesting pattern */
925 generate_pattern(pattern, patt_len, ATAPI_BLOCK_SIZE);
926 fh = fopen(tmp_path[0], "wb+");
927 ret = fwrite(pattern, ATAPI_BLOCK_SIZE, patt_blocks, fh);
928 g_assert_cmpint(ret, ==, patt_blocks);
929 fclose(fh);
930
931 qts = ide_test_start(
932 "-drive if=none,file=%s,media=cdrom,format=raw,id=sr0,index=0 "
933 "-device ide-cd,drive=sr0,bus=ide.0", tmp_path[0]);
934 dev = get_pci_device(qts, &bmdma_bar, &ide_bar);
935 qtest_irq_intercept_in(qts, "ioapic");
936
937 /* PACKET command on device 0 */
938 qpci_io_writeb(dev, ide_bar, reg_device, 0);
939 qpci_io_writeb(dev, ide_bar, reg_lba_middle, BYTE_COUNT_LIMIT & 0xFF);
940 qpci_io_writeb(dev, ide_bar, reg_lba_high, (BYTE_COUNT_LIMIT >> 8 & 0xFF));
941 qpci_io_writeb(dev, ide_bar, reg_command, CMD_PACKET);
942 /* HP0: Check_Status_A State */
943 nsleep(qts, 400);
944 data = ide_wait_clear(qts, BSY);
945 /* HP1: Send_Packet State */
946 assert_bit_set(data, DRQ | DRDY);
947 assert_bit_clear(data, ERR | DF | BSY);
948
949 /* SCSI CDB (READ10) -- read n*2048 bytes from block 0 */
950 send_scsi_cdb_read10(dev, ide_bar, 0, nblocks);
951
952 /* Read data back: occurs in bursts of 'BYTE_COUNT_LIMIT' bytes.
953 * If BYTE_COUNT_LIMIT is odd, we transfer BYTE_COUNT_LIMIT - 1 bytes.
954 * We allow an odd limit only when the remaining transfer size is
955 * less than BYTE_COUNT_LIMIT. However, SCSI's read10 command can only
956 * request n blocks, so our request size is always even.
957 * For this reason, we assume there is never a hanging byte to fetch. */
958 g_assert(!(rxsize & 1));
959 limit = BYTE_COUNT_LIMIT & ~1;
960 for (i = 0; i < DIV_ROUND_UP(rxsize, limit); i++) {
961 size_t offset = i * (limit / 2);
962 size_t rem = (rxsize / 2) - offset;
963
964 /* HP3: INTRQ_Wait */
965 ide_wait_intr(qts, IDE_PRIMARY_IRQ);
966
967 /* HP2: Check_Status_B (and clear IRQ) */
968 data = ide_wait_clear(qts, BSY);
969 assert_bit_set(data, DRQ | DRDY);
970 assert_bit_clear(data, ERR | DF | BSY);
971
972 /* HP4: Transfer_Data */
973 for (j = 0; j < MIN((limit / 2), rem); j++) {
974 rx[offset + j] = cpu_to_le16(qpci_io_readw(dev, ide_bar,
975 reg_data));
976 }
977 }
978
979 /* Check for final completion IRQ */
980 ide_wait_intr(qts, IDE_PRIMARY_IRQ);
981
982 /* Sanity check final state */
983 data = ide_wait_clear(qts, DRQ);
984 assert_bit_set(data, DRDY);
985 assert_bit_clear(data, DRQ | ERR | DF | BSY);
986
987 g_assert_cmpint(memcmp(pattern, rx, rxsize), ==, 0);
988 g_free(pattern);
989 g_free(rx);
990 test_bmdma_teardown(qts);
991 free_pci_device(dev);
992 }
993
994 static void test_cdrom_pio(void)
995 {
996 cdrom_pio_impl(1);
997 }
998
999 static void test_cdrom_pio_large(void)
1000 {
1001 /* Test a few loops of the PIO DRQ mechanism. */
1002 cdrom_pio_impl(BYTE_COUNT_LIMIT * 4 / ATAPI_BLOCK_SIZE);
1003 }
1004
1005
1006 static void test_cdrom_dma(void)
1007 {
1008 QTestState *qts;
1009 static const size_t len = ATAPI_BLOCK_SIZE;
1010 size_t ret;
1011 char *pattern = g_malloc(ATAPI_BLOCK_SIZE * 16);
1012 char *rx = g_malloc0(len);
1013 uintptr_t guest_buf;
1014 PrdtEntry prdt[1];
1015 FILE *fh;
1016
1017 qts = ide_test_start(
1018 "-drive if=none,file=%s,media=cdrom,format=raw,id=sr0,index=0 "
1019 "-device ide-cd,drive=sr0,bus=ide.0", tmp_path[0]);
1020 qtest_irq_intercept_in(qts, "ioapic");
1021
1022 guest_buf = guest_alloc(&guest_malloc, len);
1023 prdt[0].addr = cpu_to_le32(guest_buf);
1024 prdt[0].size = cpu_to_le32(len | PRDT_EOT);
1025
1026 generate_pattern(pattern, ATAPI_BLOCK_SIZE * 16, ATAPI_BLOCK_SIZE);
1027 fh = fopen(tmp_path[0], "wb+");
1028 ret = fwrite(pattern, ATAPI_BLOCK_SIZE, 16, fh);
1029 g_assert_cmpint(ret, ==, 16);
1030 fclose(fh);
1031
1032 send_dma_request(qts, CMD_PACKET, 0, 1, prdt, 1, send_scsi_cdb_read10);
1033
1034 /* Read back data from guest memory into local qtest memory */
1035 qtest_memread(qts, guest_buf, rx, len);
1036 g_assert_cmpint(memcmp(pattern, rx, len), ==, 0);
1037
1038 g_free(pattern);
1039 g_free(rx);
1040 test_bmdma_teardown(qts);
1041 }
1042
1043 int main(int argc, char **argv)
1044 {
1045 const char *base;
1046 int i;
1047 int fd;
1048 int ret;
1049
1050 /*
1051 * "base" stores the starting point where we create temporary files.
1052 *
1053 * On Windows, this is set to the relative path of current working
1054 * directory, because the absolute path causes the blkdebug filename
1055 * parser fail to parse "blkdebug:path/to/config:path/to/image".
1056 */
1057 #ifndef _WIN32
1058 base = g_get_tmp_dir();
1059 #else
1060 base = ".";
1061 #endif
1062
1063 /* Create temporary blkdebug instructions */
1064 debug_path = g_strdup_printf("%s/qtest-blkdebug.XXXXXX", base);
1065 fd = g_mkstemp(debug_path);
1066 g_assert(fd >= 0);
1067 close(fd);
1068
1069 /* Create a temporary raw image */
1070 for (i = 0; i < 2; ++i) {
1071 tmp_path[i] = g_strdup_printf("%s/qtest.XXXXXX", base);
1072 fd = g_mkstemp(tmp_path[i]);
1073 g_assert(fd >= 0);
1074 ret = ftruncate(fd, TEST_IMAGE_SIZE);
1075 g_assert(ret == 0);
1076 close(fd);
1077 }
1078
1079 /* Run the tests */
1080 g_test_init(&argc, &argv, NULL);
1081
1082 qtest_add_func("/ide/identify", test_identify);
1083
1084 qtest_add_func("/ide/diagnostic", test_diagnostic);
1085
1086 qtest_add_func("/ide/bmdma/simple_rw", test_bmdma_simple_rw);
1087 qtest_add_func("/ide/bmdma/trim", test_bmdma_trim);
1088 qtest_add_func("/ide/bmdma/various_prdts", test_bmdma_various_prdts);
1089 qtest_add_func("/ide/bmdma/no_busmaster", test_bmdma_no_busmaster);
1090
1091 qtest_add_func("/ide/flush", test_flush);
1092 qtest_add_func("/ide/flush/nodev", test_flush_nodev);
1093 qtest_add_func("/ide/flush/empty_drive", test_flush_empty_drive);
1094 qtest_add_func("/ide/flush/retry_pci", test_pci_retry_flush);
1095
1096 qtest_add_func("/ide/cdrom/pio", test_cdrom_pio);
1097 qtest_add_func("/ide/cdrom/pio_large", test_cdrom_pio_large);
1098 qtest_add_func("/ide/cdrom/dma", test_cdrom_dma);
1099
1100 ret = g_test_run();
1101
1102 /* Cleanup */
1103 for (i = 0; i < 2; ++i) {
1104 unlink(tmp_path[i]);
1105 g_free(tmp_path[i]);
1106 }
1107 unlink(debug_path);
1108 g_free(debug_path);
1109
1110 return ret;
1111 }
QEmu