search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
PPC: e500mc: add missing IVORs to bitmap
[qemu/ar7.git] / hw / ide / ahci.c
blob8869fd6b422a5ced6874a789ede9a77f4e38e20c
1 /*
2 * QEMU AHCI Emulation
3 *
4 * Copyright (c) 2010 qiaochong@loongson.cn
5 * Copyright (c) 2010 Roland Elek <elek.roland@gmail.com>
6 * Copyright (c) 2010 Sebastian Herbszt <herbszt@gmx.de>
7 * Copyright (c) 2010 Alexander Graf <agraf@suse.de>
8 *
9 * This library is free software; you can redistribute it and/or
10 * modify it under the terms of the GNU Lesser General Public
11 * License as published by the Free Software Foundation; either
12 * version 2 of the License, or (at your option) any later version.
13 *
14 * This library is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
17 * Lesser General Public License for more details.
18 *
19 * You should have received a copy of the GNU Lesser General Public
20 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
21 *
22 */
23
24 #include <hw/hw.h>
25 #include <hw/msi.h>
26 #include <hw/pc.h>
27 #include <hw/pci.h>
28 #include <hw/sysbus.h>
29
30 #include "monitor.h"
31 #include "dma.h"
32 #include "cpu-common.h"
33 #include "internal.h"
34 #include <hw/ide/pci.h>
35 #include <hw/ide/ahci.h>
36
37 /* #define DEBUG_AHCI */
38
39 #ifdef DEBUG_AHCI
40 #define DPRINTF(port, fmt, ...) \
41 do { fprintf(stderr, "ahci: %s: [%d] ", __FUNCTION__, port); \
42 fprintf(stderr, fmt, ## __VA_ARGS__); } while (0)
43 #else
44 #define DPRINTF(port, fmt, ...) do {} while(0)
45 #endif
46
47 static void check_cmd(AHCIState *s, int port);
48 static int handle_cmd(AHCIState *s,int port,int slot);
49 static void ahci_reset_port(AHCIState *s, int port);
50 static void ahci_write_fis_d2h(AHCIDevice *ad, uint8_t *cmd_fis);
51 static void ahci_init_d2h(AHCIDevice *ad);
52
53 static uint32_t ahci_port_read(AHCIState *s, int port, int offset)
54 {
55 uint32_t val;
56 AHCIPortRegs *pr;
57 pr = &s->dev[port].port_regs;
58
59 switch (offset) {
60 case PORT_LST_ADDR:
61 val = pr->lst_addr;
62 break;
63 case PORT_LST_ADDR_HI:
64 val = pr->lst_addr_hi;
65 break;
66 case PORT_FIS_ADDR:
67 val = pr->fis_addr;
68 break;
69 case PORT_FIS_ADDR_HI:
70 val = pr->fis_addr_hi;
71 break;
72 case PORT_IRQ_STAT:
73 val = pr->irq_stat;
74 break;
75 case PORT_IRQ_MASK:
76 val = pr->irq_mask;
77 break;
78 case PORT_CMD:
79 val = pr->cmd;
80 break;
81 case PORT_TFDATA:
82 val = ((uint16_t)s->dev[port].port.ifs[0].error << 8) |
83 s->dev[port].port.ifs[0].status;
84 break;
85 case PORT_SIG:
86 val = pr->sig;
87 break;
88 case PORT_SCR_STAT:
89 if (s->dev[port].port.ifs[0].bs) {
90 val = SATA_SCR_SSTATUS_DET_DEV_PRESENT_PHY_UP |
91 SATA_SCR_SSTATUS_SPD_GEN1 | SATA_SCR_SSTATUS_IPM_ACTIVE;
92 } else {
93 val = SATA_SCR_SSTATUS_DET_NODEV;
94 }
95 break;
96 case PORT_SCR_CTL:
97 val = pr->scr_ctl;
98 break;
99 case PORT_SCR_ERR:
100 val = pr->scr_err;
101 break;
102 case PORT_SCR_ACT:
103 pr->scr_act &= ~s->dev[port].finished;
104 s->dev[port].finished = 0;
105 val = pr->scr_act;
106 break;
107 case PORT_CMD_ISSUE:
108 val = pr->cmd_issue;
109 break;
110 case PORT_RESERVED:
111 default:
112 val = 0;
113 }
114 DPRINTF(port, "offset: 0x%x val: 0x%x\n", offset, val);
115 return val;
116
117 }
118
119 static void ahci_irq_raise(AHCIState *s, AHCIDevice *dev)
120 {
121 struct AHCIPCIState *d = container_of(s, AHCIPCIState, ahci);
122
123 DPRINTF(0, "raise irq\n");
124
125 if (msi_enabled(&d->card)) {
126 msi_notify(&d->card, 0);
127 } else {
128 qemu_irq_raise(s->irq);
129 }
130 }
131
132 static void ahci_irq_lower(AHCIState *s, AHCIDevice *dev)
133 {
134 struct AHCIPCIState *d = container_of(s, AHCIPCIState, ahci);
135
136 DPRINTF(0, "lower irq\n");
137
138 if (!msi_enabled(&d->card)) {
139 qemu_irq_lower(s->irq);
140 }
141 }
142
143 static void ahci_check_irq(AHCIState *s)
144 {
145 int i;
146
147 DPRINTF(-1, "check irq %#x\n", s->control_regs.irqstatus);
148
149 for (i = 0; i < s->ports; i++) {
150 AHCIPortRegs *pr = &s->dev[i].port_regs;
151 if (pr->irq_stat & pr->irq_mask) {
152 s->control_regs.irqstatus |= (1 << i);
153 }
154 }
155
156 if (s->control_regs.irqstatus &&
157 (s->control_regs.ghc & HOST_CTL_IRQ_EN)) {
158 ahci_irq_raise(s, NULL);
159 } else {
160 ahci_irq_lower(s, NULL);
161 }
162 }
163
164 static void ahci_trigger_irq(AHCIState *s, AHCIDevice *d,
165 int irq_type)
166 {
167 DPRINTF(d->port_no, "trigger irq %#x -> %x\n",
168 irq_type, d->port_regs.irq_mask & irq_type);
169
170 d->port_regs.irq_stat |= irq_type;
171 ahci_check_irq(s);
172 }
173
174 static void map_page(uint8_t **ptr, uint64_t addr, uint32_t wanted)
175 {
176 target_phys_addr_t len = wanted;
177
178 if (*ptr) {
179 cpu_physical_memory_unmap(*ptr, len, 1, len);
180 }
181
182 *ptr = cpu_physical_memory_map(addr, &len, 1);
183 if (len < wanted) {
184 cpu_physical_memory_unmap(*ptr, len, 1, len);
185 *ptr = NULL;
186 }
187 }
188
189 static void ahci_port_write(AHCIState *s, int port, int offset, uint32_t val)
190 {
191 AHCIPortRegs *pr = &s->dev[port].port_regs;
192
193 DPRINTF(port, "offset: 0x%x val: 0x%x\n", offset, val);
194 switch (offset) {
195 case PORT_LST_ADDR:
196 pr->lst_addr = val;
197 map_page(&s->dev[port].lst,
198 ((uint64_t)pr->lst_addr_hi << 32) | pr->lst_addr, 1024);
199 s->dev[port].cur_cmd = NULL;
200 break;
201 case PORT_LST_ADDR_HI:
202 pr->lst_addr_hi = val;
203 map_page(&s->dev[port].lst,
204 ((uint64_t)pr->lst_addr_hi << 32) | pr->lst_addr, 1024);
205 s->dev[port].cur_cmd = NULL;
206 break;
207 case PORT_FIS_ADDR:
208 pr->fis_addr = val;
209 map_page(&s->dev[port].res_fis,
210 ((uint64_t)pr->fis_addr_hi << 32) | pr->fis_addr, 256);
211 break;
212 case PORT_FIS_ADDR_HI:
213 pr->fis_addr_hi = val;
214 map_page(&s->dev[port].res_fis,
215 ((uint64_t)pr->fis_addr_hi << 32) | pr->fis_addr, 256);
216 break;
217 case PORT_IRQ_STAT:
218 pr->irq_stat &= ~val;
219 break;
220 case PORT_IRQ_MASK:
221 pr->irq_mask = val & 0xfdc000ff;
222 ahci_check_irq(s);
223 break;
224 case PORT_CMD:
225 pr->cmd = val & ~(PORT_CMD_LIST_ON | PORT_CMD_FIS_ON);
226
227 if (pr->cmd & PORT_CMD_START) {
228 pr->cmd |= PORT_CMD_LIST_ON;
229 }
230
231 if (pr->cmd & PORT_CMD_FIS_RX) {
232 pr->cmd |= PORT_CMD_FIS_ON;
233 }
234
235 /* XXX usually the FIS would be pending on the bus here and
236 issuing deferred until the OS enables FIS receival.
237 Instead, we only submit it once - which works in most
238 cases, but is a hack. */
239 if ((pr->cmd & PORT_CMD_FIS_ON) &&
240 !s->dev[port].init_d2h_sent) {
241 ahci_init_d2h(&s->dev[port]);
242 s->dev[port].init_d2h_sent = 1;
243 }
244
245 check_cmd(s, port);
246 break;
247 case PORT_TFDATA:
248 s->dev[port].port.ifs[0].error = (val >> 8) & 0xff;
249 s->dev[port].port.ifs[0].status = val & 0xff;
250 break;
251 case PORT_SIG:
252 pr->sig = val;
253 break;
254 case PORT_SCR_STAT:
255 pr->scr_stat = val;
256 break;
257 case PORT_SCR_CTL:
258 if (((pr->scr_ctl & AHCI_SCR_SCTL_DET) == 1) &&
259 ((val & AHCI_SCR_SCTL_DET) == 0)) {
260 ahci_reset_port(s, port);
261 }
262 pr->scr_ctl = val;
263 break;
264 case PORT_SCR_ERR:
265 pr->scr_err &= ~val;
266 break;
267 case PORT_SCR_ACT:
268 /* RW1 */
269 pr->scr_act |= val;
270 break;
271 case PORT_CMD_ISSUE:
272 pr->cmd_issue |= val;
273 check_cmd(s, port);
274 break;
275 default:
276 break;
277 }
278 }
279
280 static uint64_t ahci_mem_read(void *opaque, target_phys_addr_t addr,
281 unsigned size)
282 {
283 AHCIState *s = opaque;
284 uint32_t val = 0;
285
286 if (addr < AHCI_GENERIC_HOST_CONTROL_REGS_MAX_ADDR) {
287 switch (addr) {
288 case HOST_CAP:
289 val = s->control_regs.cap;
290 break;
291 case HOST_CTL:
292 val = s->control_regs.ghc;
293 break;
294 case HOST_IRQ_STAT:
295 val = s->control_regs.irqstatus;
296 break;
297 case HOST_PORTS_IMPL:
298 val = s->control_regs.impl;
299 break;
300 case HOST_VERSION:
301 val = s->control_regs.version;
302 break;
303 }
304
305 DPRINTF(-1, "(addr 0x%08X), val 0x%08X\n", (unsigned) addr, val);
306 } else if ((addr >= AHCI_PORT_REGS_START_ADDR) &&
307 (addr < (AHCI_PORT_REGS_START_ADDR +
308 (s->ports * AHCI_PORT_ADDR_OFFSET_LEN)))) {
309 val = ahci_port_read(s, (addr - AHCI_PORT_REGS_START_ADDR) >> 7,
310 addr & AHCI_PORT_ADDR_OFFSET_MASK);
311 }
312
313 return val;
314 }
315
316
317
318 static void ahci_mem_write(void *opaque, target_phys_addr_t addr,
319 uint64_t val, unsigned size)
320 {
321 AHCIState *s = opaque;
322
323 /* Only aligned reads are allowed on AHCI */
324 if (addr & 3) {
325 fprintf(stderr, "ahci: Mis-aligned write to addr 0x"
326 TARGET_FMT_plx "\n", addr);
327 return;
328 }
329
330 if (addr < AHCI_GENERIC_HOST_CONTROL_REGS_MAX_ADDR) {
331 DPRINTF(-1, "(addr 0x%08X), val 0x%08"PRIX64"\n", (unsigned) addr, val);
332
333 switch (addr) {
334 case HOST_CAP: /* R/WO, RO */
335 /* FIXME handle R/WO */
336 break;
337 case HOST_CTL: /* R/W */
338 if (val & HOST_CTL_RESET) {
339 DPRINTF(-1, "HBA Reset\n");
340 ahci_reset(container_of(s, AHCIPCIState, ahci));
341 } else {
342 s->control_regs.ghc = (val & 0x3) | HOST_CTL_AHCI_EN;
343 ahci_check_irq(s);
344 }
345 break;
346 case HOST_IRQ_STAT: /* R/WC, RO */
347 s->control_regs.irqstatus &= ~val;
348 ahci_check_irq(s);
349 break;
350 case HOST_PORTS_IMPL: /* R/WO, RO */
351 /* FIXME handle R/WO */
352 break;
353 case HOST_VERSION: /* RO */
354 /* FIXME report write? */
355 break;
356 default:
357 DPRINTF(-1, "write to unknown register 0x%x\n", (unsigned)addr);
358 }
359 } else if ((addr >= AHCI_PORT_REGS_START_ADDR) &&
360 (addr < (AHCI_PORT_REGS_START_ADDR +
361 (s->ports * AHCI_PORT_ADDR_OFFSET_LEN)))) {
362 ahci_port_write(s, (addr - AHCI_PORT_REGS_START_ADDR) >> 7,
363 addr & AHCI_PORT_ADDR_OFFSET_MASK, val);
364 }
365
366 }
367
368 static MemoryRegionOps ahci_mem_ops = {
369 .read = ahci_mem_read,
370 .write = ahci_mem_write,
371 .endianness = DEVICE_LITTLE_ENDIAN,
372 };
373
374 static uint64_t ahci_idp_read(void *opaque, target_phys_addr_t addr,
375 unsigned size)
376 {
377 AHCIState *s = opaque;
378
379 if (addr == s->idp_offset) {
380 /* index register */
381 return s->idp_index;
382 } else if (addr == s->idp_offset + 4) {
383 /* data register - do memory read at location selected by index */
384 return ahci_mem_read(opaque, s->idp_index, size);
385 } else {
386 return 0;
387 }
388 }
389
390 static void ahci_idp_write(void *opaque, target_phys_addr_t addr,
391 uint64_t val, unsigned size)
392 {
393 AHCIState *s = opaque;
394
395 if (addr == s->idp_offset) {
396 /* index register - mask off reserved bits */
397 s->idp_index = (uint32_t)val & ((AHCI_MEM_BAR_SIZE - 1) & ~3);
398 } else if (addr == s->idp_offset + 4) {
399 /* data register - do memory write at location selected by index */
400 ahci_mem_write(opaque, s->idp_index, val, size);
401 }
402 }
403
404 static MemoryRegionOps ahci_idp_ops = {
405 .read = ahci_idp_read,
406 .write = ahci_idp_write,
407 .endianness = DEVICE_LITTLE_ENDIAN,
408 };
409
410
411 static void ahci_reg_init(AHCIState *s)
412 {
413 int i;
414
415 s->control_regs.cap = (s->ports - 1) |
416 (AHCI_NUM_COMMAND_SLOTS << 8) |
417 (AHCI_SUPPORTED_SPEED_GEN1 << AHCI_SUPPORTED_SPEED) |
418 HOST_CAP_NCQ | HOST_CAP_AHCI;
419
420 s->control_regs.impl = (1 << s->ports) - 1;
421
422 s->control_regs.version = AHCI_VERSION_1_0;
423
424 for (i = 0; i < s->ports; i++) {
425 s->dev[i].port_state = STATE_RUN;
426 }
427 }
428
429 static uint32_t read_from_sglist(uint8_t *buffer, uint32_t len,
430 QEMUSGList *sglist)
431 {
432 uint32_t i = 0;
433 uint32_t total = 0, once;
434 ScatterGatherEntry *cur_prd;
435 uint32_t sgcount;
436
437 cur_prd = sglist->sg;
438 sgcount = sglist->nsg;
439 for (i = 0; len && sgcount; i++) {
440 once = MIN(cur_prd->len, len);
441 cpu_physical_memory_read(cur_prd->base, buffer, once);
442 cur_prd++;
443 sgcount--;
444 len -= once;
445 buffer += once;
446 total += once;
447 }
448
449 return total;
450 }
451
452 static uint32_t write_to_sglist(uint8_t *buffer, uint32_t len,
453 QEMUSGList *sglist)
454 {
455 uint32_t i = 0;
456 uint32_t total = 0, once;
457 ScatterGatherEntry *cur_prd;
458 uint32_t sgcount;
459
460 DPRINTF(-1, "total: 0x%x bytes\n", len);
461
462 cur_prd = sglist->sg;
463 sgcount = sglist->nsg;
464 for (i = 0; len && sgcount; i++) {
465 once = MIN(cur_prd->len, len);
466 DPRINTF(-1, "write 0x%x bytes to 0x%lx\n", once, (long)cur_prd->base);
467 cpu_physical_memory_write(cur_prd->base, buffer, once);
468 cur_prd++;
469 sgcount--;
470 len -= once;
471 buffer += once;
472 total += once;
473 }
474
475 return total;
476 }
477
478 static void check_cmd(AHCIState *s, int port)
479 {
480 AHCIPortRegs *pr = &s->dev[port].port_regs;
481 int slot;
482
483 if ((pr->cmd & PORT_CMD_START) && pr->cmd_issue) {
484 for (slot = 0; (slot < 32) && pr->cmd_issue; slot++) {
485 if ((pr->cmd_issue & (1 << slot)) &&
486 !handle_cmd(s, port, slot)) {
487 pr->cmd_issue &= ~(1 << slot);
488 }
489 }
490 }
491 }
492
493 static void ahci_check_cmd_bh(void *opaque)
494 {
495 AHCIDevice *ad = opaque;
496
497 qemu_bh_delete(ad->check_bh);
498 ad->check_bh = NULL;
499
500 if ((ad->busy_slot != -1) &&
501 !(ad->port.ifs[0].status & (BUSY_STAT|DRQ_STAT))) {
502 /* no longer busy */
503 ad->port_regs.cmd_issue &= ~(1 << ad->busy_slot);
504 ad->busy_slot = -1;
505 }
506
507 check_cmd(ad->hba, ad->port_no);
508 }
509
510 static void ahci_init_d2h(AHCIDevice *ad)
511 {
512 uint8_t init_fis[0x20];
513 IDEState *ide_state = &ad->port.ifs[0];
514
515 memset(init_fis, 0, sizeof(init_fis));
516
517 init_fis[4] = 1;
518 init_fis[12] = 1;
519
520 if (ide_state->drive_kind == IDE_CD) {
521 init_fis[5] = ide_state->lcyl;
522 init_fis[6] = ide_state->hcyl;
523 }
524
525 ahci_write_fis_d2h(ad, init_fis);
526 }
527
528 static void ahci_reset_port(AHCIState *s, int port)
529 {
530 AHCIDevice *d = &s->dev[port];
531 AHCIPortRegs *pr = &d->port_regs;
532 IDEState *ide_state = &d->port.ifs[0];
533 int i;
534
535 DPRINTF(port, "reset port\n");
536
537 ide_bus_reset(&d->port);
538 ide_state->ncq_queues = AHCI_MAX_CMDS;
539
540 pr->scr_stat = 0;
541 pr->scr_err = 0;
542 pr->scr_act = 0;
543 d->busy_slot = -1;
544 d->init_d2h_sent = 0;
545
546 ide_state = &s->dev[port].port.ifs[0];
547 if (!ide_state->bs) {
548 return;
549 }
550
551 /* reset ncq queue */
552 for (i = 0; i < AHCI_MAX_CMDS; i++) {
553 NCQTransferState *ncq_tfs = &s->dev[port].ncq_tfs[i];
554 if (!ncq_tfs->used) {
555 continue;
556 }
557
558 if (ncq_tfs->aiocb) {
559 bdrv_aio_cancel(ncq_tfs->aiocb);
560 ncq_tfs->aiocb = NULL;
561 }
562
563 qemu_sglist_destroy(&ncq_tfs->sglist);
564 ncq_tfs->used = 0;
565 }
566
567 s->dev[port].port_state = STATE_RUN;
568 if (!ide_state->bs) {
569 s->dev[port].port_regs.sig = 0;
570 ide_state->status = SEEK_STAT | WRERR_STAT;
571 } else if (ide_state->drive_kind == IDE_CD) {
572 s->dev[port].port_regs.sig = SATA_SIGNATURE_CDROM;
573 ide_state->lcyl = 0x14;
574 ide_state->hcyl = 0xeb;
575 DPRINTF(port, "set lcyl = %d\n", ide_state->lcyl);
576 ide_state->status = SEEK_STAT | WRERR_STAT | READY_STAT;
577 } else {
578 s->dev[port].port_regs.sig = SATA_SIGNATURE_DISK;
579 ide_state->status = SEEK_STAT | WRERR_STAT;
580 }
581
582 ide_state->error = 1;
583 ahci_init_d2h(d);
584 }
585
586 static void debug_print_fis(uint8_t *fis, int cmd_len)
587 {
588 #ifdef DEBUG_AHCI
589 int i;
590
591 fprintf(stderr, "fis:");
592 for (i = 0; i < cmd_len; i++) {
593 if ((i & 0xf) == 0) {
594 fprintf(stderr, "\n%02x:",i);
595 }
596 fprintf(stderr, "%02x ",fis[i]);
597 }
598 fprintf(stderr, "\n");
599 #endif
600 }
601
602 static void ahci_write_fis_sdb(AHCIState *s, int port, uint32_t finished)
603 {
604 AHCIPortRegs *pr = &s->dev[port].port_regs;
605 IDEState *ide_state;
606 uint8_t *sdb_fis;
607
608 if (!s->dev[port].res_fis ||
609 !(pr->cmd & PORT_CMD_FIS_RX)) {
610 return;
611 }
612
613 sdb_fis = &s->dev[port].res_fis[RES_FIS_SDBFIS];
614 ide_state = &s->dev[port].port.ifs[0];
615
616 /* clear memory */
617 *(uint32_t*)sdb_fis = 0;
618
619 /* write values */
620 sdb_fis[0] = ide_state->error;
621 sdb_fis[2] = ide_state->status & 0x77;
622 s->dev[port].finished |= finished;
623 *(uint32_t*)(sdb_fis + 4) = cpu_to_le32(s->dev[port].finished);
624
625 ahci_trigger_irq(s, &s->dev[port], PORT_IRQ_STAT_SDBS);
626 }
627
628 static void ahci_write_fis_d2h(AHCIDevice *ad, uint8_t *cmd_fis)
629 {
630 AHCIPortRegs *pr = &ad->port_regs;
631 uint8_t *d2h_fis;
632 int i;
633 target_phys_addr_t cmd_len = 0x80;
634 int cmd_mapped = 0;
635
636 if (!ad->res_fis || !(pr->cmd & PORT_CMD_FIS_RX)) {
637 return;
638 }
639
640 if (!cmd_fis) {
641 /* map cmd_fis */
642 uint64_t tbl_addr = le64_to_cpu(ad->cur_cmd->tbl_addr);
643 cmd_fis = cpu_physical_memory_map(tbl_addr, &cmd_len, 0);
644 cmd_mapped = 1;
645 }
646
647 d2h_fis = &ad->res_fis[RES_FIS_RFIS];
648
649 d2h_fis[0] = 0x34;
650 d2h_fis[1] = (ad->hba->control_regs.irqstatus ? (1 << 6) : 0);
651 d2h_fis[2] = ad->port.ifs[0].status;
652 d2h_fis[3] = ad->port.ifs[0].error;
653
654 d2h_fis[4] = cmd_fis[4];
655 d2h_fis[5] = cmd_fis[5];
656 d2h_fis[6] = cmd_fis[6];
657 d2h_fis[7] = cmd_fis[7];
658 d2h_fis[8] = cmd_fis[8];
659 d2h_fis[9] = cmd_fis[9];
660 d2h_fis[10] = cmd_fis[10];
661 d2h_fis[11] = cmd_fis[11];
662 d2h_fis[12] = cmd_fis[12];
663 d2h_fis[13] = cmd_fis[13];
664 for (i = 14; i < 0x20; i++) {
665 d2h_fis[i] = 0;
666 }
667
668 if (d2h_fis[2] & ERR_STAT) {
669 ahci_trigger_irq(ad->hba, ad, PORT_IRQ_STAT_TFES);
670 }
671
672 ahci_trigger_irq(ad->hba, ad, PORT_IRQ_D2H_REG_FIS);
673
674 if (cmd_mapped) {
675 cpu_physical_memory_unmap(cmd_fis, cmd_len, 0, cmd_len);
676 }
677 }
678
679 static int ahci_populate_sglist(AHCIDevice *ad, QEMUSGList *sglist)
680 {
681 AHCICmdHdr *cmd = ad->cur_cmd;
682 uint32_t opts = le32_to_cpu(cmd->opts);
683 uint64_t prdt_addr = le64_to_cpu(cmd->tbl_addr) + 0x80;
684 int sglist_alloc_hint = opts >> AHCI_CMD_HDR_PRDT_LEN;
685 target_phys_addr_t prdt_len = (sglist_alloc_hint * sizeof(AHCI_SG));
686 target_phys_addr_t real_prdt_len = prdt_len;
687 uint8_t *prdt;
688 int i;
689 int r = 0;
690
691 if (!sglist_alloc_hint) {
692 DPRINTF(ad->port_no, "no sg list given by guest: 0x%08x\n", opts);
693 return -1;
694 }
695
696 /* map PRDT */
697 if (!(prdt = cpu_physical_memory_map(prdt_addr, &prdt_len, 0))){
698 DPRINTF(ad->port_no, "map failed\n");
699 return -1;
700 }
701
702 if (prdt_len < real_prdt_len) {
703 DPRINTF(ad->port_no, "mapped less than expected\n");
704 r = -1;
705 goto out;
706 }
707
708 /* Get entries in the PRDT, init a qemu sglist accordingly */
709 if (sglist_alloc_hint > 0) {
710 AHCI_SG *tbl = (AHCI_SG *)prdt;
711
712 qemu_sglist_init(sglist, sglist_alloc_hint);
713 for (i = 0; i < sglist_alloc_hint; i++) {
714 /* flags_size is zero-based */
715 qemu_sglist_add(sglist, le64_to_cpu(tbl[i].addr),
716 le32_to_cpu(tbl[i].flags_size) + 1);
717 }
718 }
719
720 out:
721 cpu_physical_memory_unmap(prdt, prdt_len, 0, prdt_len);
722 return r;
723 }
724
725 static void ncq_cb(void *opaque, int ret)
726 {
727 NCQTransferState *ncq_tfs = (NCQTransferState *)opaque;
728 IDEState *ide_state = &ncq_tfs->drive->port.ifs[0];
729
730 /* Clear bit for this tag in SActive */
731 ncq_tfs->drive->port_regs.scr_act &= ~(1 << ncq_tfs->tag);
732
733 if (ret < 0) {
734 /* error */
735 ide_state->error = ABRT_ERR;
736 ide_state->status = READY_STAT | ERR_STAT;
737 ncq_tfs->drive->port_regs.scr_err |= (1 << ncq_tfs->tag);
738 } else {
739 ide_state->status = READY_STAT | SEEK_STAT;
740 }
741
742 ahci_write_fis_sdb(ncq_tfs->drive->hba, ncq_tfs->drive->port_no,
743 (1 << ncq_tfs->tag));
744
745 DPRINTF(ncq_tfs->drive->port_no, "NCQ transfer tag %d finished\n",
746 ncq_tfs->tag);
747
748 bdrv_acct_done(ncq_tfs->drive->port.ifs[0].bs, &ncq_tfs->acct);
749 qemu_sglist_destroy(&ncq_tfs->sglist);
750 ncq_tfs->used = 0;
751 }
752
753 static void process_ncq_command(AHCIState *s, int port, uint8_t *cmd_fis,
754 int slot)
755 {
756 NCQFrame *ncq_fis = (NCQFrame*)cmd_fis;
757 uint8_t tag = ncq_fis->tag >> 3;
758 NCQTransferState *ncq_tfs = &s->dev[port].ncq_tfs[tag];
759
760 if (ncq_tfs->used) {
761 /* error - already in use */
762 fprintf(stderr, "%s: tag %d already used\n", __FUNCTION__, tag);
763 return;
764 }
765
766 ncq_tfs->used = 1;
767 ncq_tfs->drive = &s->dev[port];
768 ncq_tfs->slot = slot;
769 ncq_tfs->lba = ((uint64_t)ncq_fis->lba5 << 40) |
770 ((uint64_t)ncq_fis->lba4 << 32) |
771 ((uint64_t)ncq_fis->lba3 << 24) |
772 ((uint64_t)ncq_fis->lba2 << 16) |
773 ((uint64_t)ncq_fis->lba1 << 8) |
774 (uint64_t)ncq_fis->lba0;
775
776 /* Note: We calculate the sector count, but don't currently rely on it.
777 * The total size of the DMA buffer tells us the transfer size instead. */
778 ncq_tfs->sector_count = ((uint16_t)ncq_fis->sector_count_high << 8) |
779 ncq_fis->sector_count_low;
780
781 DPRINTF(port, "NCQ transfer LBA from %"PRId64" to %"PRId64", "
782 "drive max %"PRId64"\n",
783 ncq_tfs->lba, ncq_tfs->lba + ncq_tfs->sector_count - 2,
784 s->dev[port].port.ifs[0].nb_sectors - 1);
785
786 ahci_populate_sglist(&s->dev[port], &ncq_tfs->sglist);
787 ncq_tfs->tag = tag;
788
789 switch(ncq_fis->command) {
790 case READ_FPDMA_QUEUED:
791 DPRINTF(port, "NCQ reading %d sectors from LBA %"PRId64", "
792 "tag %d\n",
793 ncq_tfs->sector_count-1, ncq_tfs->lba, ncq_tfs->tag);
794
795 DPRINTF(port, "tag %d aio read %"PRId64"\n",
796 ncq_tfs->tag, ncq_tfs->lba);
797
798 bdrv_acct_start(ncq_tfs->drive->port.ifs[0].bs, &ncq_tfs->acct,
799 (ncq_tfs->sector_count-1) * BDRV_SECTOR_SIZE,
800 BDRV_ACCT_READ);
801 ncq_tfs->aiocb = dma_bdrv_read(ncq_tfs->drive->port.ifs[0].bs,
802 &ncq_tfs->sglist, ncq_tfs->lba,
803 ncq_cb, ncq_tfs);
804 break;
805 case WRITE_FPDMA_QUEUED:
806 DPRINTF(port, "NCQ writing %d sectors to LBA %"PRId64", tag %d\n",
807 ncq_tfs->sector_count-1, ncq_tfs->lba, ncq_tfs->tag);
808
809 DPRINTF(port, "tag %d aio write %"PRId64"\n",
810 ncq_tfs->tag, ncq_tfs->lba);
811
812 bdrv_acct_start(ncq_tfs->drive->port.ifs[0].bs, &ncq_tfs->acct,
813 (ncq_tfs->sector_count-1) * BDRV_SECTOR_SIZE,
814 BDRV_ACCT_WRITE);
815 ncq_tfs->aiocb = dma_bdrv_write(ncq_tfs->drive->port.ifs[0].bs,
816 &ncq_tfs->sglist, ncq_tfs->lba,
817 ncq_cb, ncq_tfs);
818 break;
819 default:
820 DPRINTF(port, "error: tried to process non-NCQ command as NCQ\n");
821 qemu_sglist_destroy(&ncq_tfs->sglist);
822 break;
823 }
824 }
825
826 static int handle_cmd(AHCIState *s, int port, int slot)
827 {
828 IDEState *ide_state;
829 uint32_t opts;
830 uint64_t tbl_addr;
831 AHCICmdHdr *cmd;
832 uint8_t *cmd_fis;
833 target_phys_addr_t cmd_len;
834
835 if (s->dev[port].port.ifs[0].status & (BUSY_STAT|DRQ_STAT)) {
836 /* Engine currently busy, try again later */
837 DPRINTF(port, "engine busy\n");
838 return -1;
839 }
840
841 cmd = &((AHCICmdHdr *)s->dev[port].lst)[slot];
842
843 if (!s->dev[port].lst) {
844 DPRINTF(port, "error: lst not given but cmd handled");
845 return -1;
846 }
847
848 /* remember current slot handle for later */
849 s->dev[port].cur_cmd = cmd;
850
851 opts = le32_to_cpu(cmd->opts);
852 tbl_addr = le64_to_cpu(cmd->tbl_addr);
853
854 cmd_len = 0x80;
855 cmd_fis = cpu_physical_memory_map(tbl_addr, &cmd_len, 1);
856
857 if (!cmd_fis) {
858 DPRINTF(port, "error: guest passed us an invalid cmd fis\n");
859 return -1;
860 }
861
862 /* The device we are working for */
863 ide_state = &s->dev[port].port.ifs[0];
864
865 if (!ide_state->bs) {
866 DPRINTF(port, "error: guest accessed unused port");
867 goto out;
868 }
869
870 debug_print_fis(cmd_fis, 0x90);
871 //debug_print_fis(cmd_fis, (opts & AHCI_CMD_HDR_CMD_FIS_LEN) * 4);
872
873 switch (cmd_fis[0]) {
874 case SATA_FIS_TYPE_REGISTER_H2D:
875 break;
876 default:
877 DPRINTF(port, "unknown command cmd_fis[0]=%02x cmd_fis[1]=%02x "
878 "cmd_fis[2]=%02x\n", cmd_fis[0], cmd_fis[1],
879 cmd_fis[2]);
880 goto out;
881 break;
882 }
883
884 switch (cmd_fis[1]) {
885 case SATA_FIS_REG_H2D_UPDATE_COMMAND_REGISTER:
886 break;
887 case 0:
888 break;
889 default:
890 DPRINTF(port, "unknown command cmd_fis[0]=%02x cmd_fis[1]=%02x "
891 "cmd_fis[2]=%02x\n", cmd_fis[0], cmd_fis[1],
892 cmd_fis[2]);
893 goto out;
894 break;
895 }
896
897 switch (s->dev[port].port_state) {
898 case STATE_RUN:
899 if (cmd_fis[15] & ATA_SRST) {
900 s->dev[port].port_state = STATE_RESET;
901 }
902 break;
903 case STATE_RESET:
904 if (!(cmd_fis[15] & ATA_SRST)) {
905 ahci_reset_port(s, port);
906 }
907 break;
908 }
909
910 if (cmd_fis[1] == SATA_FIS_REG_H2D_UPDATE_COMMAND_REGISTER) {
911
912 /* Check for NCQ command */
913 if ((cmd_fis[2] == READ_FPDMA_QUEUED) ||
914 (cmd_fis[2] == WRITE_FPDMA_QUEUED)) {
915 process_ncq_command(s, port, cmd_fis, slot);
916 goto out;
917 }
918
919 /* Decompose the FIS */
920 ide_state->nsector = (int64_t)((cmd_fis[13] << 8) | cmd_fis[12]);
921 ide_state->feature = cmd_fis[3];
922 if (!ide_state->nsector) {
923 ide_state->nsector = 256;
924 }
925
926 if (ide_state->drive_kind != IDE_CD) {
927 /*
928 * We set the sector depending on the sector defined in the FIS.
929 * Unfortunately, the spec isn't exactly obvious on this one.
930 *
931 * Apparently LBA48 commands set fis bytes 10,9,8,6,5,4 to the
932 * 48 bit sector number. ATA_CMD_READ_DMA_EXT is an example for
933 * such a command.
934 *
935 * Non-LBA48 commands however use 7[lower 4 bits],6,5,4 to define a
936 * 28-bit sector number. ATA_CMD_READ_DMA is an example for such
937 * a command.
938 *
939 * Since the spec doesn't explicitly state what each field should
940 * do, I simply assume non-used fields as reserved and OR everything
941 * together, independent of the command.
942 */
943 ide_set_sector(ide_state, ((uint64_t)cmd_fis[10] << 40)
944 | ((uint64_t)cmd_fis[9] << 32)
945 /* This is used for LBA48 commands */
946 | ((uint64_t)cmd_fis[8] << 24)
947 /* This is used for non-LBA48 commands */
948 | ((uint64_t)(cmd_fis[7] & 0xf) << 24)
949 | ((uint64_t)cmd_fis[6] << 16)
950 | ((uint64_t)cmd_fis[5] << 8)
951 | cmd_fis[4]);
952 }
953
954 /* Copy the ACMD field (ATAPI packet, if any) from the AHCI command
955 * table to ide_state->io_buffer
956 */
957 if (opts & AHCI_CMD_ATAPI) {
958 memcpy(ide_state->io_buffer, &cmd_fis[AHCI_COMMAND_TABLE_ACMD], 0x10);
959 ide_state->lcyl = 0x14;
960 ide_state->hcyl = 0xeb;
961 debug_print_fis(ide_state->io_buffer, 0x10);
962 ide_state->feature = IDE_FEATURE_DMA;
963 s->dev[port].done_atapi_packet = 0;
964 /* XXX send PIO setup FIS */
965 }
966
967 ide_state->error = 0;
968
969 /* Reset transferred byte counter */
970 cmd->status = 0;
971
972 /* We're ready to process the command in FIS byte 2. */
973 ide_exec_cmd(&s->dev[port].port, cmd_fis[2]);
974
975 if (s->dev[port].port.ifs[0].status & READY_STAT) {
976 ahci_write_fis_d2h(&s->dev[port], cmd_fis);
977 }
978 }
979
980 out:
981 cpu_physical_memory_unmap(cmd_fis, cmd_len, 1, cmd_len);
982
983 if (s->dev[port].port.ifs[0].status & (BUSY_STAT|DRQ_STAT)) {
984 /* async command, complete later */
985 s->dev[port].busy_slot = slot;
986 return -1;
987 }
988
989 /* done handling the command */
990 return 0;
991 }
992
993 /* DMA dev <-> ram */
994 static int ahci_start_transfer(IDEDMA *dma)
995 {
996 AHCIDevice *ad = DO_UPCAST(AHCIDevice, dma, dma);
997 IDEState *s = &ad->port.ifs[0];
998 uint32_t size = (uint32_t)(s->data_end - s->data_ptr);
999 /* write == ram -> device */
1000 uint32_t opts = le32_to_cpu(ad->cur_cmd->opts);
1001 int is_write = opts & AHCI_CMD_WRITE;
1002 int is_atapi = opts & AHCI_CMD_ATAPI;
1003 int has_sglist = 0;
1004
1005 if (is_atapi && !ad->done_atapi_packet) {
1006 /* already prepopulated iobuffer */
1007 ad->done_atapi_packet = 1;
1008 goto out;
1009 }
1010
1011 if (!ahci_populate_sglist(ad, &s->sg)) {
1012 has_sglist = 1;
1013 }
1014
1015 DPRINTF(ad->port_no, "%sing %d bytes on %s w/%s sglist\n",
1016 is_write ? "writ" : "read", size, is_atapi ? "atapi" : "ata",
1017 has_sglist ? "" : "o");
1018
1019 if (is_write && has_sglist && (s->data_ptr < s->data_end)) {
1020 read_from_sglist(s->data_ptr, size, &s->sg);
1021 }
1022
1023 if (!is_write && has_sglist && (s->data_ptr < s->data_end)) {
1024 write_to_sglist(s->data_ptr, size, &s->sg);
1025 }
1026
1027 /* update number of transferred bytes */
1028 ad->cur_cmd->status = cpu_to_le32(le32_to_cpu(ad->cur_cmd->status) + size);
1029
1030 out:
1031 /* declare that we processed everything */
1032 s->data_ptr = s->data_end;
1033
1034 if (has_sglist) {
1035 qemu_sglist_destroy(&s->sg);
1036 }
1037
1038 s->end_transfer_func(s);
1039
1040 if (!(s->status & DRQ_STAT)) {
1041 /* done with DMA */
1042 ahci_trigger_irq(ad->hba, ad, PORT_IRQ_STAT_DSS);
1043 }
1044
1045 return 0;
1046 }
1047
1048 static void ahci_start_dma(IDEDMA *dma, IDEState *s,
1049 BlockDriverCompletionFunc *dma_cb)
1050 {
1051 AHCIDevice *ad = DO_UPCAST(AHCIDevice, dma, dma);
1052
1053 DPRINTF(ad->port_no, "\n");
1054 ad->dma_cb = dma_cb;
1055 ad->dma_status |= BM_STATUS_DMAING;
1056 dma_cb(s, 0);
1057 }
1058
1059 static int ahci_dma_prepare_buf(IDEDMA *dma, int is_write)
1060 {
1061 AHCIDevice *ad = DO_UPCAST(AHCIDevice, dma, dma);
1062 IDEState *s = &ad->port.ifs[0];
1063 int i;
1064
1065 ahci_populate_sglist(ad, &s->sg);
1066
1067 s->io_buffer_size = 0;
1068 for (i = 0; i < s->sg.nsg; i++) {
1069 s->io_buffer_size += s->sg.sg[i].len;
1070 }
1071
1072 DPRINTF(ad->port_no, "len=%#x\n", s->io_buffer_size);
1073 return s->io_buffer_size != 0;
1074 }
1075
1076 static int ahci_dma_rw_buf(IDEDMA *dma, int is_write)
1077 {
1078 AHCIDevice *ad = DO_UPCAST(AHCIDevice, dma, dma);
1079 IDEState *s = &ad->port.ifs[0];
1080 uint8_t *p = s->io_buffer + s->io_buffer_index;
1081 int l = s->io_buffer_size - s->io_buffer_index;
1082
1083 if (ahci_populate_sglist(ad, &s->sg)) {
1084 return 0;
1085 }
1086
1087 if (is_write) {
1088 write_to_sglist(p, l, &s->sg);
1089 } else {
1090 read_from_sglist(p, l, &s->sg);
1091 }
1092
1093 /* update number of transferred bytes */
1094 ad->cur_cmd->status = cpu_to_le32(le32_to_cpu(ad->cur_cmd->status) + l);
1095 s->io_buffer_index += l;
1096
1097 DPRINTF(ad->port_no, "len=%#x\n", l);
1098
1099 return 1;
1100 }
1101
1102 static int ahci_dma_set_unit(IDEDMA *dma, int unit)
1103 {
1104 /* only a single unit per link */
1105 return 0;
1106 }
1107
1108 static int ahci_dma_add_status(IDEDMA *dma, int status)
1109 {
1110 AHCIDevice *ad = DO_UPCAST(AHCIDevice, dma, dma);
1111 ad->dma_status |= status;
1112 DPRINTF(ad->port_no, "set status: %x\n", status);
1113
1114 if (status & BM_STATUS_INT) {
1115 ahci_trigger_irq(ad->hba, ad, PORT_IRQ_STAT_DSS);
1116 }
1117
1118 return 0;
1119 }
1120
1121 static int ahci_dma_set_inactive(IDEDMA *dma)
1122 {
1123 AHCIDevice *ad = DO_UPCAST(AHCIDevice, dma, dma);
1124
1125 DPRINTF(ad->port_no, "dma done\n");
1126
1127 /* update d2h status */
1128 ahci_write_fis_d2h(ad, NULL);
1129
1130 ad->dma_cb = NULL;
1131
1132 if (!ad->check_bh) {
1133 /* maybe we still have something to process, check later */
1134 ad->check_bh = qemu_bh_new(ahci_check_cmd_bh, ad);
1135 qemu_bh_schedule(ad->check_bh);
1136 }
1137
1138 return 0;
1139 }
1140
1141 static void ahci_irq_set(void *opaque, int n, int level)
1142 {
1143 }
1144
1145 static void ahci_dma_restart_cb(void *opaque, int running, RunState state)
1146 {
1147 }
1148
1149 static int ahci_dma_reset(IDEDMA *dma)
1150 {
1151 return 0;
1152 }
1153
1154 static const IDEDMAOps ahci_dma_ops = {
1155 .start_dma = ahci_start_dma,
1156 .start_transfer = ahci_start_transfer,
1157 .prepare_buf = ahci_dma_prepare_buf,
1158 .rw_buf = ahci_dma_rw_buf,
1159 .set_unit = ahci_dma_set_unit,
1160 .add_status = ahci_dma_add_status,
1161 .set_inactive = ahci_dma_set_inactive,
1162 .restart_cb = ahci_dma_restart_cb,
1163 .reset = ahci_dma_reset,
1164 };
1165
1166 void ahci_init(AHCIState *s, DeviceState *qdev, int ports)
1167 {
1168 qemu_irq *irqs;
1169 int i;
1170
1171 s->ports = ports;
1172 s->dev = g_malloc0(sizeof(AHCIDevice) * ports);
1173 ahci_reg_init(s);
1174 /* XXX BAR size should be 1k, but that breaks, so bump it to 4k for now */
1175 memory_region_init_io(&s->mem, &ahci_mem_ops, s, "ahci", AHCI_MEM_BAR_SIZE);
1176 memory_region_init_io(&s->idp, &ahci_idp_ops, s, "ahci-idp", 32);
1177
1178 irqs = qemu_allocate_irqs(ahci_irq_set, s, s->ports);
1179
1180 for (i = 0; i < s->ports; i++) {
1181 AHCIDevice *ad = &s->dev[i];
1182
1183 ide_bus_new(&ad->port, qdev, i);
1184 ide_init2(&ad->port, irqs[i]);
1185
1186 ad->hba = s;
1187 ad->port_no = i;
1188 ad->port.dma = &ad->dma;
1189 ad->port.dma->ops = &ahci_dma_ops;
1190 ad->port_regs.cmd = PORT_CMD_SPIN_UP | PORT_CMD_POWER_ON;
1191 }
1192 }
1193
1194 void ahci_uninit(AHCIState *s)
1195 {
1196 memory_region_destroy(&s->mem);
1197 memory_region_destroy(&s->idp);
1198 g_free(s->dev);
1199 }
1200
1201 void ahci_reset(void *opaque)
1202 {
1203 struct AHCIPCIState *d = opaque;
1204 AHCIPortRegs *pr;
1205 int i;
1206
1207 d->ahci.control_regs.irqstatus = 0;
1208 d->ahci.control_regs.ghc = 0;
1209
1210 for (i = 0; i < d->ahci.ports; i++) {
1211 pr = &d->ahci.dev[i].port_regs;
1212 pr->irq_stat = 0;
1213 pr->irq_mask = 0;
1214 pr->scr_ctl = 0;
1215 ahci_reset_port(&d->ahci, i);
1216 }
1217 }
1218
1219 typedef struct SysbusAHCIState {
1220 SysBusDevice busdev;
1221 AHCIState ahci;
1222 uint32_t num_ports;
1223 } SysbusAHCIState;
1224
1225 static const VMStateDescription vmstate_sysbus_ahci = {
1226 .name = "sysbus-ahci",
1227 .unmigratable = 1,
1228 };
1229
1230 static int sysbus_ahci_init(SysBusDevice *dev)
1231 {
1232 SysbusAHCIState *s = FROM_SYSBUS(SysbusAHCIState, dev);
1233 ahci_init(&s->ahci, &dev->qdev, s->num_ports);
1234
1235 sysbus_init_mmio(dev, &s->ahci.mem);
1236 sysbus_init_irq(dev, &s->ahci.irq);
1237
1238 qemu_register_reset(ahci_reset, &s->ahci);
1239 return 0;
1240 }
1241
1242 static void sysbus_ahci_class_init(ObjectClass *klass, void *data)
1243 {
1244 SysBusDeviceClass *sbc = SYS_BUS_DEVICE_CLASS(klass);
1245
1246 sbc->init = sysbus_ahci_init;
1247 }
1248
1249 static DeviceInfo sysbus_ahci_info = {
1250 .name = "sysbus-ahci",
1251 .size = sizeof(SysbusAHCIState),
1252 .vmsd = &vmstate_sysbus_ahci,
1253 .class_init = sysbus_ahci_class_init,
1254 .props = (Property[]) {
1255 DEFINE_PROP_UINT32("num-ports", SysbusAHCIState, num_ports, 1),
1256 DEFINE_PROP_END_OF_LIST(),
1257 },
1258 };
1259
1260 static void sysbus_ahci_register(void)
1261 {
1262 sysbus_qdev_register(&sysbus_ahci_info);
1263 }
1264
1265 device_init(sysbus_ahci_register);
AR7 emulation for QEMU