kvmvapic: Catch invalid ROM size
[qemu/ar7.git] / hw / ide / pci.c
blob91151fc85e53ed1258f9b51a8f61341be661fad8
1 /*
2 * QEMU IDE Emulation: PCI Bus support.
4 * Copyright (c) 2003 Fabrice Bellard
5 * Copyright (c) 2006 Openedhand Ltd.
7 * Permission is hereby granted, free of charge, to any person obtaining a copy
8 * of this software and associated documentation files (the "Software"), to deal
9 * in the Software without restriction, including without limitation the rights
10 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
11 * copies of the Software, and to permit persons to whom the Software is
12 * furnished to do so, subject to the following conditions:
14 * The above copyright notice and this permission notice shall be included in
15 * all copies or substantial portions of the Software.
17 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
18 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
19 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
20 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
21 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
22 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
23 * THE SOFTWARE.
25 #include <hw/hw.h>
26 #include <hw/i386/pc.h>
27 #include <hw/pci/pci.h>
28 #include <hw/isa/isa.h>
29 #include "block/block.h"
30 #include "sysemu/dma.h"
32 #include <hw/ide/pci.h>
34 #define BMDMA_PAGE_SIZE 4096
36 static void bmdma_start_dma(IDEDMA *dma, IDEState *s,
37 BlockDriverCompletionFunc *dma_cb)
39 BMDMAState *bm = DO_UPCAST(BMDMAState, dma, dma);
41 bm->unit = s->unit;
42 bm->dma_cb = dma_cb;
43 bm->cur_prd_last = 0;
44 bm->cur_prd_addr = 0;
45 bm->cur_prd_len = 0;
46 bm->sector_num = ide_get_sector(s);
47 bm->nsector = s->nsector;
49 if (bm->status & BM_STATUS_DMAING) {
50 bm->dma_cb(bmdma_active_if(bm), 0);
54 /* return 0 if buffer completed */
55 static int bmdma_prepare_buf(IDEDMA *dma, int is_write)
57 BMDMAState *bm = DO_UPCAST(BMDMAState, dma, dma);
58 IDEState *s = bmdma_active_if(bm);
59 PCIDevice *pci_dev = PCI_DEVICE(bm->pci_dev);
60 struct {
61 uint32_t addr;
62 uint32_t size;
63 } prd;
64 int l, len;
66 pci_dma_sglist_init(&s->sg, pci_dev,
67 s->nsector / (BMDMA_PAGE_SIZE / 512) + 1);
68 s->io_buffer_size = 0;
69 for(;;) {
70 if (bm->cur_prd_len == 0) {
71 /* end of table (with a fail safe of one page) */
72 if (bm->cur_prd_last ||
73 (bm->cur_addr - bm->addr) >= BMDMA_PAGE_SIZE)
74 return s->io_buffer_size != 0;
75 pci_dma_read(pci_dev, bm->cur_addr, &prd, 8);
76 bm->cur_addr += 8;
77 prd.addr = le32_to_cpu(prd.addr);
78 prd.size = le32_to_cpu(prd.size);
79 len = prd.size & 0xfffe;
80 if (len == 0)
81 len = 0x10000;
82 bm->cur_prd_len = len;
83 bm->cur_prd_addr = prd.addr;
84 bm->cur_prd_last = (prd.size & 0x80000000);
86 l = bm->cur_prd_len;
87 if (l > 0) {
88 qemu_sglist_add(&s->sg, bm->cur_prd_addr, l);
89 bm->cur_prd_addr += l;
90 bm->cur_prd_len -= l;
91 s->io_buffer_size += l;
94 return 1;
97 /* return 0 if buffer completed */
98 static int bmdma_rw_buf(IDEDMA *dma, int is_write)
100 BMDMAState *bm = DO_UPCAST(BMDMAState, dma, dma);
101 IDEState *s = bmdma_active_if(bm);
102 PCIDevice *pci_dev = PCI_DEVICE(bm->pci_dev);
103 struct {
104 uint32_t addr;
105 uint32_t size;
106 } prd;
107 int l, len;
109 for(;;) {
110 l = s->io_buffer_size - s->io_buffer_index;
111 if (l <= 0)
112 break;
113 if (bm->cur_prd_len == 0) {
114 /* end of table (with a fail safe of one page) */
115 if (bm->cur_prd_last ||
116 (bm->cur_addr - bm->addr) >= BMDMA_PAGE_SIZE)
117 return 0;
118 pci_dma_read(pci_dev, bm->cur_addr, &prd, 8);
119 bm->cur_addr += 8;
120 prd.addr = le32_to_cpu(prd.addr);
121 prd.size = le32_to_cpu(prd.size);
122 len = prd.size & 0xfffe;
123 if (len == 0)
124 len = 0x10000;
125 bm->cur_prd_len = len;
126 bm->cur_prd_addr = prd.addr;
127 bm->cur_prd_last = (prd.size & 0x80000000);
129 if (l > bm->cur_prd_len)
130 l = bm->cur_prd_len;
131 if (l > 0) {
132 if (is_write) {
133 pci_dma_write(pci_dev, bm->cur_prd_addr,
134 s->io_buffer + s->io_buffer_index, l);
135 } else {
136 pci_dma_read(pci_dev, bm->cur_prd_addr,
137 s->io_buffer + s->io_buffer_index, l);
139 bm->cur_prd_addr += l;
140 bm->cur_prd_len -= l;
141 s->io_buffer_index += l;
144 return 1;
147 static int bmdma_set_unit(IDEDMA *dma, int unit)
149 BMDMAState *bm = DO_UPCAST(BMDMAState, dma, dma);
150 bm->unit = unit;
152 return 0;
155 static int bmdma_add_status(IDEDMA *dma, int status)
157 BMDMAState *bm = DO_UPCAST(BMDMAState, dma, dma);
158 bm->status |= status;
160 return 0;
163 static int bmdma_set_inactive(IDEDMA *dma)
165 BMDMAState *bm = DO_UPCAST(BMDMAState, dma, dma);
167 bm->status &= ~BM_STATUS_DMAING;
168 bm->dma_cb = NULL;
169 bm->unit = -1;
171 return 0;
174 static void bmdma_restart_dma(BMDMAState *bm, enum ide_dma_cmd dma_cmd)
176 IDEState *s = bmdma_active_if(bm);
178 ide_set_sector(s, bm->sector_num);
179 s->io_buffer_index = 0;
180 s->io_buffer_size = 0;
181 s->nsector = bm->nsector;
182 s->dma_cmd = dma_cmd;
183 bm->cur_addr = bm->addr;
184 bm->dma_cb = ide_dma_cb;
185 bmdma_start_dma(&bm->dma, s, bm->dma_cb);
188 /* TODO This should be common IDE code */
189 static void bmdma_restart_bh(void *opaque)
191 BMDMAState *bm = opaque;
192 IDEBus *bus = bm->bus;
193 bool is_read;
194 int error_status;
196 qemu_bh_delete(bm->bh);
197 bm->bh = NULL;
199 if (bm->unit == (uint8_t) -1) {
200 return;
203 is_read = (bus->error_status & BM_STATUS_RETRY_READ) != 0;
205 /* The error status must be cleared before resubmitting the request: The
206 * request may fail again, and this case can only be distinguished if the
207 * called function can set a new error status. */
208 error_status = bus->error_status;
209 bus->error_status = 0;
211 if (error_status & BM_STATUS_DMA_RETRY) {
212 if (error_status & BM_STATUS_RETRY_TRIM) {
213 bmdma_restart_dma(bm, IDE_DMA_TRIM);
214 } else {
215 bmdma_restart_dma(bm, is_read ? IDE_DMA_READ : IDE_DMA_WRITE);
217 } else if (error_status & BM_STATUS_PIO_RETRY) {
218 if (is_read) {
219 ide_sector_read(bmdma_active_if(bm));
220 } else {
221 ide_sector_write(bmdma_active_if(bm));
223 } else if (error_status & BM_STATUS_RETRY_FLUSH) {
224 ide_flush_cache(bmdma_active_if(bm));
228 static void bmdma_restart_cb(void *opaque, int running, RunState state)
230 IDEDMA *dma = opaque;
231 BMDMAState *bm = DO_UPCAST(BMDMAState, dma, dma);
233 if (!running)
234 return;
236 if (!bm->bh) {
237 bm->bh = qemu_bh_new(bmdma_restart_bh, &bm->dma);
238 qemu_bh_schedule(bm->bh);
242 static void bmdma_cancel(BMDMAState *bm)
244 if (bm->status & BM_STATUS_DMAING) {
245 /* cancel DMA request */
246 bmdma_set_inactive(&bm->dma);
250 static int bmdma_reset(IDEDMA *dma)
252 BMDMAState *bm = DO_UPCAST(BMDMAState, dma, dma);
254 #ifdef DEBUG_IDE
255 printf("ide: dma_reset\n");
256 #endif
257 bmdma_cancel(bm);
258 bm->cmd = 0;
259 bm->status = 0;
260 bm->addr = 0;
261 bm->cur_addr = 0;
262 bm->cur_prd_last = 0;
263 bm->cur_prd_addr = 0;
264 bm->cur_prd_len = 0;
265 bm->sector_num = 0;
266 bm->nsector = 0;
268 return 0;
271 static int bmdma_start_transfer(IDEDMA *dma)
273 return 0;
276 static void bmdma_irq(void *opaque, int n, int level)
278 BMDMAState *bm = opaque;
280 if (!level) {
281 /* pass through lower */
282 qemu_set_irq(bm->irq, level);
283 return;
286 bm->status |= BM_STATUS_INT;
288 /* trigger the real irq */
289 qemu_set_irq(bm->irq, level);
292 void bmdma_cmd_writeb(BMDMAState *bm, uint32_t val)
294 #ifdef DEBUG_IDE
295 printf("%s: 0x%08x\n", __func__, val);
296 #endif
298 /* Ignore writes to SSBM if it keeps the old value */
299 if ((val & BM_CMD_START) != (bm->cmd & BM_CMD_START)) {
300 if (!(val & BM_CMD_START)) {
302 * We can't cancel Scatter Gather DMA in the middle of the
303 * operation or a partial (not full) DMA transfer would reach
304 * the storage so we wait for completion instead (we beahve
305 * like if the DMA was completed by the time the guest trying
306 * to cancel dma with bmdma_cmd_writeb with BM_CMD_START not
307 * set).
309 * In the future we'll be able to safely cancel the I/O if the
310 * whole DMA operation will be submitted to disk with a single
311 * aio operation with preadv/pwritev.
313 if (bm->bus->dma->aiocb) {
314 bdrv_drain_all();
315 assert(bm->bus->dma->aiocb == NULL);
317 bm->status &= ~BM_STATUS_DMAING;
318 } else {
319 bm->cur_addr = bm->addr;
320 if (!(bm->status & BM_STATUS_DMAING)) {
321 bm->status |= BM_STATUS_DMAING;
322 /* start dma transfer if possible */
323 if (bm->dma_cb)
324 bm->dma_cb(bmdma_active_if(bm), 0);
329 bm->cmd = val & 0x09;
332 static uint64_t bmdma_addr_read(void *opaque, hwaddr addr,
333 unsigned width)
335 BMDMAState *bm = opaque;
336 uint32_t mask = (1ULL << (width * 8)) - 1;
337 uint64_t data;
339 data = (bm->addr >> (addr * 8)) & mask;
340 #ifdef DEBUG_IDE
341 printf("%s: 0x%08x\n", __func__, (unsigned)data);
342 #endif
343 return data;
346 static void bmdma_addr_write(void *opaque, hwaddr addr,
347 uint64_t data, unsigned width)
349 BMDMAState *bm = opaque;
350 int shift = addr * 8;
351 uint32_t mask = (1ULL << (width * 8)) - 1;
353 #ifdef DEBUG_IDE
354 printf("%s: 0x%08x\n", __func__, (unsigned)data);
355 #endif
356 bm->addr &= ~(mask << shift);
357 bm->addr |= ((data & mask) << shift) & ~3;
360 MemoryRegionOps bmdma_addr_ioport_ops = {
361 .read = bmdma_addr_read,
362 .write = bmdma_addr_write,
363 .endianness = DEVICE_LITTLE_ENDIAN,
366 static bool ide_bmdma_current_needed(void *opaque)
368 BMDMAState *bm = opaque;
370 return (bm->cur_prd_len != 0);
373 static bool ide_bmdma_status_needed(void *opaque)
375 BMDMAState *bm = opaque;
377 /* Older versions abused some bits in the status register for internal
378 * error state. If any of these bits are set, we must add a subsection to
379 * transfer the real status register */
380 uint8_t abused_bits = BM_MIGRATION_COMPAT_STATUS_BITS;
382 return ((bm->status & abused_bits) != 0);
385 static void ide_bmdma_pre_save(void *opaque)
387 BMDMAState *bm = opaque;
388 uint8_t abused_bits = BM_MIGRATION_COMPAT_STATUS_BITS;
390 bm->migration_compat_status =
391 (bm->status & ~abused_bits) | (bm->bus->error_status & abused_bits);
394 /* This function accesses bm->bus->error_status which is loaded only after
395 * BMDMA itself. This is why the function is called from ide_pci_post_load
396 * instead of being registered with VMState where it would run too early. */
397 static int ide_bmdma_post_load(void *opaque, int version_id)
399 BMDMAState *bm = opaque;
400 uint8_t abused_bits = BM_MIGRATION_COMPAT_STATUS_BITS;
402 if (bm->status == 0) {
403 bm->status = bm->migration_compat_status & ~abused_bits;
404 bm->bus->error_status |= bm->migration_compat_status & abused_bits;
407 return 0;
410 static const VMStateDescription vmstate_bmdma_current = {
411 .name = "ide bmdma_current",
412 .version_id = 1,
413 .minimum_version_id = 1,
414 .minimum_version_id_old = 1,
415 .fields = (VMStateField []) {
416 VMSTATE_UINT32(cur_addr, BMDMAState),
417 VMSTATE_UINT32(cur_prd_last, BMDMAState),
418 VMSTATE_UINT32(cur_prd_addr, BMDMAState),
419 VMSTATE_UINT32(cur_prd_len, BMDMAState),
420 VMSTATE_END_OF_LIST()
424 const VMStateDescription vmstate_bmdma_status = {
425 .name ="ide bmdma/status",
426 .version_id = 1,
427 .minimum_version_id = 1,
428 .minimum_version_id_old = 1,
429 .fields = (VMStateField []) {
430 VMSTATE_UINT8(status, BMDMAState),
431 VMSTATE_END_OF_LIST()
435 static const VMStateDescription vmstate_bmdma = {
436 .name = "ide bmdma",
437 .version_id = 3,
438 .minimum_version_id = 0,
439 .minimum_version_id_old = 0,
440 .pre_save = ide_bmdma_pre_save,
441 .fields = (VMStateField []) {
442 VMSTATE_UINT8(cmd, BMDMAState),
443 VMSTATE_UINT8(migration_compat_status, BMDMAState),
444 VMSTATE_UINT32(addr, BMDMAState),
445 VMSTATE_INT64(sector_num, BMDMAState),
446 VMSTATE_UINT32(nsector, BMDMAState),
447 VMSTATE_UINT8(unit, BMDMAState),
448 VMSTATE_END_OF_LIST()
450 .subsections = (VMStateSubsection []) {
452 .vmsd = &vmstate_bmdma_current,
453 .needed = ide_bmdma_current_needed,
454 }, {
455 .vmsd = &vmstate_bmdma_status,
456 .needed = ide_bmdma_status_needed,
457 }, {
458 /* empty */
463 static int ide_pci_post_load(void *opaque, int version_id)
465 PCIIDEState *d = opaque;
466 int i;
468 for(i = 0; i < 2; i++) {
469 /* current versions always store 0/1, but older version
470 stored bigger values. We only need last bit */
471 d->bmdma[i].unit &= 1;
472 ide_bmdma_post_load(&d->bmdma[i], -1);
475 return 0;
478 const VMStateDescription vmstate_ide_pci = {
479 .name = "ide",
480 .version_id = 3,
481 .minimum_version_id = 0,
482 .minimum_version_id_old = 0,
483 .post_load = ide_pci_post_load,
484 .fields = (VMStateField []) {
485 VMSTATE_PCI_DEVICE(parent_obj, PCIIDEState),
486 VMSTATE_STRUCT_ARRAY(bmdma, PCIIDEState, 2, 0,
487 vmstate_bmdma, BMDMAState),
488 VMSTATE_IDE_BUS_ARRAY(bus, PCIIDEState, 2),
489 VMSTATE_IDE_DRIVES(bus[0].ifs, PCIIDEState),
490 VMSTATE_IDE_DRIVES(bus[1].ifs, PCIIDEState),
491 VMSTATE_END_OF_LIST()
495 void pci_ide_create_devs(PCIDevice *dev, DriveInfo **hd_table)
497 PCIIDEState *d = PCI_IDE(dev);
498 static const int bus[4] = { 0, 0, 1, 1 };
499 static const int unit[4] = { 0, 1, 0, 1 };
500 int i;
502 for (i = 0; i < 4; i++) {
503 if (hd_table[i] == NULL)
504 continue;
505 ide_create_drive(d->bus+bus[i], unit[i], hd_table[i]);
509 static const struct IDEDMAOps bmdma_ops = {
510 .start_dma = bmdma_start_dma,
511 .start_transfer = bmdma_start_transfer,
512 .prepare_buf = bmdma_prepare_buf,
513 .rw_buf = bmdma_rw_buf,
514 .set_unit = bmdma_set_unit,
515 .add_status = bmdma_add_status,
516 .set_inactive = bmdma_set_inactive,
517 .restart_cb = bmdma_restart_cb,
518 .reset = bmdma_reset,
521 void bmdma_init(IDEBus *bus, BMDMAState *bm, PCIIDEState *d)
523 qemu_irq *irq;
525 if (bus->dma == &bm->dma) {
526 return;
529 bm->dma.ops = &bmdma_ops;
530 bus->dma = &bm->dma;
531 bm->irq = bus->irq;
532 irq = qemu_allocate_irqs(bmdma_irq, bm, 1);
533 bus->irq = *irq;
534 bm->pci_dev = d;
537 static const TypeInfo pci_ide_type_info = {
538 .name = TYPE_PCI_IDE,
539 .parent = TYPE_PCI_DEVICE,
540 .instance_size = sizeof(PCIIDEState),
541 .abstract = true,
544 static void pci_ide_register_types(void)
546 type_register_static(&pci_ide_type_info);
549 type_init(pci_ide_register_types)