4 * Copyright (c) 2013 Kevin Wolf <kwolf@redhat.com>
6 * Permission is hereby granted, free of charge, to any person obtaining a copy
7 * of this software and associated documentation files (the "Software"), to deal
8 * in the Software without restriction, including without limitation the rights
9 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
10 * copies of the Software, and to permit persons to whom the Software is
11 * furnished to do so, subject to the following conditions:
13 * The above copyright notice and this permission notice shall be included in
14 * all copies or substantial portions of the Software.
16 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
17 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
18 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
19 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
20 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
21 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
25 #include "qemu/osdep.h"
29 #include "libqos/libqos.h"
30 #include "libqos/pci-pc.h"
31 #include "libqos/malloc-pc.h"
32 #include "qapi/qmp/qdict.h"
33 #include "qemu/bswap.h"
34 #include "hw/pci/pci_ids.h"
35 #include "hw/pci/pci_regs.h"
37 #define TEST_IMAGE_SIZE 64 * 1024 * 1024
40 #define IDE_PCI_FUNC 1
42 #define IDE_BASE 0x1f0
43 #define IDE_PRIMARY_IRQ 14
45 #define ATAPI_BLOCK_SIZE 2048
47 /* How many bytes to receive via ATAPI PIO at one time.
48 * Must be less than 0xFFFF. */
49 #define BYTE_COUNT_LIMIT 5120
93 CMD_FLUSH_CACHE
= 0xe7,
103 BM_CMD_WRITE
= 0x8, /* write = from device to memory */
113 PRDT_EOT
= 0x80000000,
116 #define assert_bit_set(data, mask) g_assert_cmphex((data) & (mask), ==, (mask))
117 #define assert_bit_clear(data, mask) g_assert_cmphex((data) & (mask), ==, 0)
119 static QPCIBus
*pcibus
= NULL
;
120 static QGuestAllocator guest_malloc
;
122 static char *tmp_path
[2];
123 static char *debug_path
;
126 static QTestState
*ide_test_start(const char *cmdline_fmt
, ...)
129 g_autofree
char *full_fmt
= g_strdup_printf("-machine pc %s", cmdline_fmt
);
132 va_start(ap
, cmdline_fmt
);
133 qts
= qtest_vinitf(full_fmt
, ap
);
136 pc_alloc_init(&guest_malloc
, qts
, 0);
141 static void ide_test_quit(QTestState
*qts
)
144 qpci_free_pc(pcibus
);
147 alloc_destroy(&guest_malloc
);
151 static QPCIDevice
*get_pci_device(QTestState
*qts
, QPCIBar
*bmdma_bar
,
155 uint16_t vendor_id
, device_id
;
158 pcibus
= qpci_new_pc(qts
, NULL
);
161 /* Find PCI device and verify it's the right one */
162 dev
= qpci_device_find(pcibus
, QPCI_DEVFN(IDE_PCI_DEV
, IDE_PCI_FUNC
));
163 g_assert(dev
!= NULL
);
165 vendor_id
= qpci_config_readw(dev
, PCI_VENDOR_ID
);
166 device_id
= qpci_config_readw(dev
, PCI_DEVICE_ID
);
167 g_assert(vendor_id
== PCI_VENDOR_ID_INTEL
);
168 g_assert(device_id
== PCI_DEVICE_ID_INTEL_82371SB_1
);
171 *bmdma_bar
= qpci_iomap(dev
, 4, NULL
);
173 *ide_bar
= qpci_legacy_iomap(dev
, IDE_BASE
);
175 qpci_device_enable(dev
);
180 static void free_pci_device(QPCIDevice
*dev
)
182 /* libqos doesn't have a function for this, so free it manually */
186 typedef struct PrdtEntry
{
189 } QEMU_PACKED PrdtEntry
;
191 #define assert_bit_set(data, mask) g_assert_cmphex((data) & (mask), ==, (mask))
192 #define assert_bit_clear(data, mask) g_assert_cmphex((data) & (mask), ==, 0)
194 static uint64_t trim_range_le(uint64_t sector
, uint16_t count
)
196 /* 2-byte range, 6-byte LBA */
197 return cpu_to_le64(((uint64_t)count
<< 48) + sector
);
200 static int send_dma_request(QTestState
*qts
, int cmd
, uint64_t sector
,
201 int nb_sectors
, PrdtEntry
*prdt
, int prdt_entries
,
202 void(*post_exec
)(QPCIDevice
*dev
, QPCIBar ide_bar
,
203 uint64_t sector
, int nb_sectors
))
206 QPCIBar bmdma_bar
, ide_bar
;
207 uintptr_t guest_prdt
;
213 dev
= get_pci_device(qts
, &bmdma_bar
, &ide_bar
);
221 /* Assuming we only test data reads w/ ATAPI, otherwise we need to know
222 * the SCSI command being sent in the packet, too. */
230 g_assert_not_reached();
233 if (flags
& CMDF_NO_BM
) {
234 qpci_config_writew(dev
, PCI_COMMAND
,
235 PCI_COMMAND_IO
| PCI_COMMAND_MEMORY
);
238 /* Select device 0 */
239 qpci_io_writeb(dev
, ide_bar
, reg_device
, 0 | LBA
);
241 /* Stop any running transfer, clear any pending interrupt */
242 qpci_io_writeb(dev
, bmdma_bar
, bmreg_cmd
, 0);
243 qpci_io_writeb(dev
, bmdma_bar
, bmreg_status
, BM_STS_INTR
);
246 len
= sizeof(*prdt
) * prdt_entries
;
247 guest_prdt
= guest_alloc(&guest_malloc
, len
);
248 qtest_memwrite(qts
, guest_prdt
, prdt
, len
);
249 qpci_io_writel(dev
, bmdma_bar
, bmreg_prdt
, guest_prdt
);
251 /* ATA DMA command */
252 if (cmd
== CMD_PACKET
) {
253 /* Enables ATAPI DMA; otherwise PIO is attempted */
254 qpci_io_writeb(dev
, ide_bar
, reg_feature
, 0x01);
256 if (cmd
== CMD_DSM
) {
258 qpci_io_writeb(dev
, ide_bar
, reg_feature
, 0x01);
260 qpci_io_writeb(dev
, ide_bar
, reg_nsectors
, nb_sectors
);
261 qpci_io_writeb(dev
, ide_bar
, reg_lba_low
, sector
& 0xff);
262 qpci_io_writeb(dev
, ide_bar
, reg_lba_middle
, (sector
>> 8) & 0xff);
263 qpci_io_writeb(dev
, ide_bar
, reg_lba_high
, (sector
>> 16) & 0xff);
266 qpci_io_writeb(dev
, ide_bar
, reg_command
, cmd
);
269 post_exec(dev
, ide_bar
, sector
, nb_sectors
);
272 /* Start DMA transfer */
273 qpci_io_writeb(dev
, bmdma_bar
, bmreg_cmd
,
274 BM_CMD_START
| (from_dev
? BM_CMD_WRITE
: 0));
276 if (flags
& CMDF_ABORT
) {
277 qpci_io_writeb(dev
, bmdma_bar
, bmreg_cmd
, 0);
280 /* Wait for the DMA transfer to complete */
282 status
= qpci_io_readb(dev
, bmdma_bar
, bmreg_status
);
283 } while ((status
& (BM_STS_ACTIVE
| BM_STS_INTR
)) == BM_STS_ACTIVE
);
285 g_assert_cmpint(qtest_get_irq(qts
, IDE_PRIMARY_IRQ
), ==,
286 !!(status
& BM_STS_INTR
));
288 /* Check IDE status code */
289 assert_bit_set(qpci_io_readb(dev
, ide_bar
, reg_status
), DRDY
);
290 assert_bit_clear(qpci_io_readb(dev
, ide_bar
, reg_status
), BSY
| DRQ
);
292 /* Reading the status register clears the IRQ */
293 g_assert(!qtest_get_irq(qts
, IDE_PRIMARY_IRQ
));
295 /* Stop DMA transfer if still active */
296 if (status
& BM_STS_ACTIVE
) {
297 qpci_io_writeb(dev
, bmdma_bar
, bmreg_cmd
, 0);
300 free_pci_device(dev
);
305 static QTestState
*test_bmdma_setup(void)
309 qts
= ide_test_start(
310 "-drive file=%s,if=ide,cache=writeback,format=raw "
311 "-global ide-hd.serial=%s -global ide-hd.ver=%s",
312 tmp_path
[0], "testdisk", "version");
313 qtest_irq_intercept_in(qts
, "ioapic");
318 static void test_bmdma_teardown(QTestState
*qts
)
323 static void test_bmdma_simple_rw(void)
327 QPCIBar bmdma_bar
, ide_bar
;
335 qts
= test_bmdma_setup();
337 guest_buf
= guest_alloc(&guest_malloc
, len
);
338 prdt
[0].addr
= cpu_to_le32(guest_buf
);
339 prdt
[0].size
= cpu_to_le32(len
| PRDT_EOT
);
341 dev
= get_pci_device(qts
, &bmdma_bar
, &ide_bar
);
344 cmpbuf
= g_malloc(len
);
346 /* Write 0x55 pattern to sector 0 */
347 memset(buf
, 0x55, len
);
348 qtest_memwrite(qts
, guest_buf
, buf
, len
);
350 status
= send_dma_request(qts
, CMD_WRITE_DMA
, 0, 1, prdt
,
351 ARRAY_SIZE(prdt
), NULL
);
352 g_assert_cmphex(status
, ==, BM_STS_INTR
);
353 assert_bit_clear(qpci_io_readb(dev
, ide_bar
, reg_status
), DF
| ERR
);
355 /* Write 0xaa pattern to sector 1 */
356 memset(buf
, 0xaa, len
);
357 qtest_memwrite(qts
, guest_buf
, buf
, len
);
359 status
= send_dma_request(qts
, CMD_WRITE_DMA
, 1, 1, prdt
,
360 ARRAY_SIZE(prdt
), NULL
);
361 g_assert_cmphex(status
, ==, BM_STS_INTR
);
362 assert_bit_clear(qpci_io_readb(dev
, ide_bar
, reg_status
), DF
| ERR
);
364 /* Read and verify 0x55 pattern in sector 0 */
365 memset(cmpbuf
, 0x55, len
);
367 status
= send_dma_request(qts
, CMD_READ_DMA
, 0, 1, prdt
, ARRAY_SIZE(prdt
),
369 g_assert_cmphex(status
, ==, BM_STS_INTR
);
370 assert_bit_clear(qpci_io_readb(dev
, ide_bar
, reg_status
), DF
| ERR
);
372 qtest_memread(qts
, guest_buf
, buf
, len
);
373 g_assert(memcmp(buf
, cmpbuf
, len
) == 0);
375 /* Read and verify 0xaa pattern in sector 1 */
376 memset(cmpbuf
, 0xaa, len
);
378 status
= send_dma_request(qts
, CMD_READ_DMA
, 1, 1, prdt
, ARRAY_SIZE(prdt
),
380 g_assert_cmphex(status
, ==, BM_STS_INTR
);
381 assert_bit_clear(qpci_io_readb(dev
, ide_bar
, reg_status
), DF
| ERR
);
383 qtest_memread(qts
, guest_buf
, buf
, len
);
384 g_assert(memcmp(buf
, cmpbuf
, len
) == 0);
386 free_pci_device(dev
);
390 test_bmdma_teardown(qts
);
393 static void test_bmdma_trim(void)
397 QPCIBar bmdma_bar
, ide_bar
;
399 const uint64_t trim_range
[] = { trim_range_le(0, 2),
401 trim_range_le(10, 1),
403 const uint64_t bad_range
= trim_range_le(TEST_IMAGE_SIZE
/ 512 - 1, 2);
409 qts
= test_bmdma_setup();
411 guest_buf
= guest_alloc(&guest_malloc
, len
);
412 prdt
[0].addr
= cpu_to_le32(guest_buf
),
413 prdt
[0].size
= cpu_to_le32(len
| PRDT_EOT
),
415 dev
= get_pci_device(qts
, &bmdma_bar
, &ide_bar
);
420 *((uint64_t *)buf
) = trim_range
[0];
421 *((uint64_t *)buf
+ 1) = trim_range
[1];
423 qtest_memwrite(qts
, guest_buf
, buf
, 2 * sizeof(uint64_t));
425 status
= send_dma_request(qts
, CMD_DSM
, 0, 1, prdt
,
426 ARRAY_SIZE(prdt
), NULL
);
427 g_assert_cmphex(status
, ==, BM_STS_INTR
);
428 assert_bit_clear(qpci_io_readb(dev
, ide_bar
, reg_status
), DF
| ERR
);
430 /* Request contains invalid range */
431 *((uint64_t *)buf
) = trim_range
[2];
432 *((uint64_t *)buf
+ 1) = bad_range
;
434 qtest_memwrite(qts
, guest_buf
, buf
, 2 * sizeof(uint64_t));
436 status
= send_dma_request(qts
, CMD_DSM
, 0, 1, prdt
,
437 ARRAY_SIZE(prdt
), NULL
);
438 g_assert_cmphex(status
, ==, BM_STS_INTR
);
439 assert_bit_set(qpci_io_readb(dev
, ide_bar
, reg_status
), ERR
);
440 assert_bit_set(qpci_io_readb(dev
, ide_bar
, reg_error
), ABRT
);
442 free_pci_device(dev
);
444 test_bmdma_teardown(qts
);
448 * This test is developed according to the Programming Interface for
449 * Bus Master IDE Controller (Revision 1.0 5/16/94)
451 static void test_bmdma_various_prdts(void)
456 for (sectors
= 1; sectors
<= 256; sectors
*= 2) {
457 QTestState
*qts
= NULL
;
458 QPCIDevice
*dev
= NULL
;
459 QPCIBar bmdma_bar
, ide_bar
;
461 qts
= test_bmdma_setup();
462 dev
= get_pci_device(qts
, &bmdma_bar
, &ide_bar
);
464 for (size
= 0; size
< 65536; size
+= 256) {
465 uint32_t req_size
= sectors
* 512;
466 uint32_t prd_size
= size
& 0xfffe; /* bit 0 is always set to 0 */
468 uint8_t req_status
= 0;
469 uint8_t abort_req_status
= 0;
473 .size
= cpu_to_le32(size
| PRDT_EOT
),
477 /* A value of zero in PRD size indicates 64K */
483 * 1. If PRDs specified a smaller size than the IDE transfer
484 * size, then the Interrupt and Active bits in the Controller
485 * status register are not set (Error Condition).
487 * 2. If the size of the physical memory regions was equal to
488 * the IDE device transfer size, the Interrupt bit in the
489 * Controller status register is set to 1, Active bit is set to 0.
491 * 3. If PRDs specified a larger size than the IDE transfer size,
492 * the Interrupt and Active bits in the Controller status register
495 if (prd_size
< req_size
) {
497 abort_req_status
= 0;
498 } else if (prd_size
== req_size
) {
499 req_status
= BM_STS_INTR
;
500 abort_req_status
= BM_STS_INTR
;
502 req_status
= BM_STS_ACTIVE
| BM_STS_INTR
;
503 abort_req_status
= BM_STS_INTR
;
506 /* Test the request */
507 ret
= send_dma_request(qts
, CMD_READ_DMA
, 0, sectors
,
508 prdt
, ARRAY_SIZE(prdt
), NULL
);
509 g_assert_cmphex(ret
, ==, req_status
);
510 assert_bit_clear(qpci_io_readb(dev
, ide_bar
, reg_status
), DF
| ERR
);
512 /* Now test aborting the same request */
513 ret
= send_dma_request(qts
, CMD_READ_DMA
| CMDF_ABORT
, 0,
514 sectors
, prdt
, ARRAY_SIZE(prdt
), NULL
);
515 g_assert_cmphex(ret
, ==, abort_req_status
);
516 assert_bit_clear(qpci_io_readb(dev
, ide_bar
, reg_status
), DF
| ERR
);
519 free_pci_device(dev
);
520 test_bmdma_teardown(qts
);
524 static void test_bmdma_no_busmaster(void)
528 QPCIBar bmdma_bar
, ide_bar
;
531 qts
= test_bmdma_setup();
533 dev
= get_pci_device(qts
, &bmdma_bar
, &ide_bar
);
535 /* No PRDT_EOT, each entry addr 0/size 64k, and in theory qemu shouldn't be
536 * able to access it anyway because the Bus Master bit in the PCI command
537 * register isn't set. This is complete nonsense, but it used to be pretty
538 * good at confusing and occasionally crashing qemu. */
539 PrdtEntry prdt
[4096] = { };
541 status
= send_dma_request(qts
, CMD_READ_DMA
| CMDF_NO_BM
, 0, 512,
542 prdt
, ARRAY_SIZE(prdt
), NULL
);
544 /* Not entirely clear what the expected result is, but this is what we get
545 * in practice. At least we want to be aware of any changes. */
546 g_assert_cmphex(status
, ==, BM_STS_ACTIVE
| BM_STS_INTR
);
547 assert_bit_clear(qpci_io_readb(dev
, ide_bar
, reg_status
), DF
| ERR
);
548 free_pci_device(dev
);
549 test_bmdma_teardown(qts
);
552 static void string_cpu_to_be16(uint16_t *s
, size_t bytes
)
554 g_assert((bytes
& 1) == 0);
558 *s
= cpu_to_be16(*s
);
563 static void test_identify(void)
567 QPCIBar bmdma_bar
, ide_bar
;
573 qts
= ide_test_start(
574 "-drive file=%s,if=ide,cache=writeback,format=raw "
575 "-global ide-hd.serial=%s -global ide-hd.ver=%s",
576 tmp_path
[0], "testdisk", "version");
578 dev
= get_pci_device(qts
, &bmdma_bar
, &ide_bar
);
580 /* IDENTIFY command on device 0*/
581 qpci_io_writeb(dev
, ide_bar
, reg_device
, 0);
582 qpci_io_writeb(dev
, ide_bar
, reg_command
, CMD_IDENTIFY
);
584 /* Read in the IDENTIFY buffer and check registers */
585 data
= qpci_io_readb(dev
, ide_bar
, reg_device
);
586 g_assert_cmpint(data
& DEV
, ==, 0);
588 for (i
= 0; i
< 256; i
++) {
589 data
= qpci_io_readb(dev
, ide_bar
, reg_status
);
590 assert_bit_set(data
, DRDY
| DRQ
);
591 assert_bit_clear(data
, BSY
| DF
| ERR
);
593 buf
[i
] = qpci_io_readw(dev
, ide_bar
, reg_data
);
596 data
= qpci_io_readb(dev
, ide_bar
, reg_status
);
597 assert_bit_set(data
, DRDY
);
598 assert_bit_clear(data
, BSY
| DF
| ERR
| DRQ
);
600 /* Check serial number/version in the buffer */
601 string_cpu_to_be16(&buf
[10], 20);
602 ret
= memcmp(&buf
[10], "testdisk ", 20);
605 string_cpu_to_be16(&buf
[23], 8);
606 ret
= memcmp(&buf
[23], "version ", 8);
609 /* Write cache enabled bit */
610 assert_bit_set(buf
[85], 0x20);
613 free_pci_device(dev
);
616 static void test_diagnostic(void)
620 QPCIBar bmdma_bar
, ide_bar
;
623 qts
= ide_test_start(
624 "-blockdev driver=file,node-name=hda,filename=%s "
625 "-blockdev driver=file,node-name=hdb,filename=%s "
626 "-device ide-hd,drive=hda,bus=ide.0,unit=0 "
627 "-device ide-hd,drive=hdb,bus=ide.0,unit=1 ",
628 tmp_path
[0], tmp_path
[1]);
630 dev
= get_pci_device(qts
, &bmdma_bar
, &ide_bar
);
632 /* DIAGNOSE command on device 1 */
633 qpci_io_writeb(dev
, ide_bar
, reg_device
, DEV
);
634 data
= qpci_io_readb(dev
, ide_bar
, reg_device
);
635 g_assert_cmphex(data
& DEV
, ==, DEV
);
636 qpci_io_writeb(dev
, ide_bar
, reg_command
, CMD_DIAGNOSE
);
638 /* Verify that DEVICE is now 0 */
639 data
= qpci_io_readb(dev
, ide_bar
, reg_device
);
640 g_assert_cmphex(data
& DEV
, ==, 0);
643 free_pci_device(dev
);
647 * Write sector 1 with random data to make IDE storage dirty
648 * Needed for flush tests so that flushes actually go though the block layer
650 static void make_dirty(QTestState
*qts
, uint8_t device
)
653 QPCIBar bmdma_bar
, ide_bar
;
659 dev
= get_pci_device(qts
, &bmdma_bar
, &ide_bar
);
661 guest_buf
= guest_alloc(&guest_malloc
, len
);
663 memset(buf
, rand() % 255 + 1, len
);
667 qtest_memwrite(qts
, guest_buf
, buf
, len
);
671 .addr
= cpu_to_le32(guest_buf
),
672 .size
= cpu_to_le32(len
| PRDT_EOT
),
676 status
= send_dma_request(qts
, CMD_WRITE_DMA
, 1, 1, prdt
,
677 ARRAY_SIZE(prdt
), NULL
);
678 g_assert_cmphex(status
, ==, BM_STS_INTR
);
679 assert_bit_clear(qpci_io_readb(dev
, ide_bar
, reg_status
), DF
| ERR
);
682 free_pci_device(dev
);
685 static void test_flush(void)
689 QPCIBar bmdma_bar
, ide_bar
;
692 qts
= ide_test_start(
693 "-drive file=blkdebug::%s,if=ide,cache=writeback,format=raw",
696 dev
= get_pci_device(qts
, &bmdma_bar
, &ide_bar
);
698 qtest_irq_intercept_in(qts
, "ioapic");
700 /* Dirty media so that CMD_FLUSH_CACHE will actually go to disk */
703 /* Delay the completion of the flush request until we explicitly do it */
704 g_free(qtest_hmp(qts
, "qemu-io ide0-hd0 \"break flush_to_os A\""));
706 /* FLUSH CACHE command on device 0*/
707 qpci_io_writeb(dev
, ide_bar
, reg_device
, 0);
708 qpci_io_writeb(dev
, ide_bar
, reg_command
, CMD_FLUSH_CACHE
);
710 /* Check status while request is in flight*/
711 data
= qpci_io_readb(dev
, ide_bar
, reg_status
);
712 assert_bit_set(data
, BSY
| DRDY
);
713 assert_bit_clear(data
, DF
| ERR
| DRQ
);
715 /* Complete the command */
716 g_free(qtest_hmp(qts
, "qemu-io ide0-hd0 \"resume A\""));
718 /* Check registers */
719 data
= qpci_io_readb(dev
, ide_bar
, reg_device
);
720 g_assert_cmpint(data
& DEV
, ==, 0);
723 data
= qpci_io_readb(dev
, ide_bar
, reg_status
);
724 } while (data
& BSY
);
726 assert_bit_set(data
, DRDY
);
727 assert_bit_clear(data
, BSY
| DF
| ERR
| DRQ
);
730 free_pci_device(dev
);
733 static void test_pci_retry_flush(void)
737 QPCIBar bmdma_bar
, ide_bar
;
740 prepare_blkdebug_script(debug_path
, "flush_to_disk");
742 qts
= ide_test_start(
743 "-drive file=blkdebug:%s:%s,if=ide,cache=writeback,format=raw,"
744 "rerror=stop,werror=stop",
745 debug_path
, tmp_path
[0]);
747 dev
= get_pci_device(qts
, &bmdma_bar
, &ide_bar
);
749 qtest_irq_intercept_in(qts
, "ioapic");
751 /* Dirty media so that CMD_FLUSH_CACHE will actually go to disk */
754 /* FLUSH CACHE command on device 0*/
755 qpci_io_writeb(dev
, ide_bar
, reg_device
, 0);
756 qpci_io_writeb(dev
, ide_bar
, reg_command
, CMD_FLUSH_CACHE
);
758 /* Check status while request is in flight*/
759 data
= qpci_io_readb(dev
, ide_bar
, reg_status
);
760 assert_bit_set(data
, BSY
| DRDY
);
761 assert_bit_clear(data
, DF
| ERR
| DRQ
);
763 qtest_qmp_eventwait(qts
, "STOP");
765 /* Complete the command */
766 qtest_qmp_assert_success(qts
, "{'execute':'cont' }");
768 /* Check registers */
769 data
= qpci_io_readb(dev
, ide_bar
, reg_device
);
770 g_assert_cmpint(data
& DEV
, ==, 0);
773 data
= qpci_io_readb(dev
, ide_bar
, reg_status
);
774 } while (data
& BSY
);
776 assert_bit_set(data
, DRDY
);
777 assert_bit_clear(data
, BSY
| DF
| ERR
| DRQ
);
780 free_pci_device(dev
);
783 static void test_flush_nodev(void)
787 QPCIBar bmdma_bar
, ide_bar
;
789 qts
= ide_test_start("%s", "");
791 dev
= get_pci_device(qts
, &bmdma_bar
, &ide_bar
);
793 /* FLUSH CACHE command on device 0*/
794 qpci_io_writeb(dev
, ide_bar
, reg_device
, 0);
795 qpci_io_writeb(dev
, ide_bar
, reg_command
, CMD_FLUSH_CACHE
);
797 /* Just testing that qemu doesn't crash... */
799 free_pci_device(dev
);
803 static void test_flush_empty_drive(void)
807 QPCIBar bmdma_bar
, ide_bar
;
809 qts
= ide_test_start("-device ide-cd,bus=ide.0");
810 dev
= get_pci_device(qts
, &bmdma_bar
, &ide_bar
);
812 /* FLUSH CACHE command on device 0 */
813 qpci_io_writeb(dev
, ide_bar
, reg_device
, 0);
814 qpci_io_writeb(dev
, ide_bar
, reg_command
, CMD_FLUSH_CACHE
);
816 /* Just testing that qemu doesn't crash... */
818 free_pci_device(dev
);
822 typedef struct Read10CDB
{
830 } __attribute__((__packed__
)) Read10CDB
;
832 static void send_scsi_cdb_read10(QPCIDevice
*dev
, QPCIBar ide_bar
,
833 uint64_t lba
, int nblocks
)
835 Read10CDB pkt
= { .padding
= 0 };
838 g_assert_cmpint(lba
, <=, UINT32_MAX
);
839 g_assert_cmpint(nblocks
, <=, UINT16_MAX
);
840 g_assert_cmpint(nblocks
, >=, 0);
842 /* Construct SCSI CDB packet */
844 pkt
.lba
= cpu_to_be32(lba
);
845 pkt
.nblocks
= cpu_to_be16(nblocks
);
848 for (i
= 0; i
< sizeof(Read10CDB
)/2; i
++) {
849 qpci_io_writew(dev
, ide_bar
, reg_data
,
850 le16_to_cpu(((uint16_t *)&pkt
)[i
]));
854 static void nsleep(QTestState
*qts
, int64_t nsecs
)
856 const struct timespec val
= { .tv_nsec
= nsecs
};
857 nanosleep(&val
, NULL
);
858 qtest_clock_set(qts
, nsecs
);
861 static uint8_t ide_wait_clear(QTestState
*qts
, uint8_t flag
)
864 QPCIBar bmdma_bar
, ide_bar
;
868 dev
= get_pci_device(qts
, &bmdma_bar
, &ide_bar
);
870 /* Wait with a 5 second timeout */
873 data
= qpci_io_readb(dev
, ide_bar
, reg_status
);
874 if (!(data
& flag
)) {
875 free_pci_device(dev
);
878 if (difftime(time(NULL
), st
) > 5.0) {
883 g_assert_not_reached();
886 static void ide_wait_intr(QTestState
*qts
, int irq
)
893 intr
= qtest_get_irq(qts
, irq
);
897 if (difftime(time(NULL
), st
) > 5.0) {
903 g_assert_not_reached();
906 static void cdrom_pio_impl(int nblocks
)
910 QPCIBar bmdma_bar
, ide_bar
;
912 int patt_blocks
= MAX(16, nblocks
);
913 size_t patt_len
= ATAPI_BLOCK_SIZE
* patt_blocks
;
914 char *pattern
= g_malloc(patt_len
);
915 size_t rxsize
= ATAPI_BLOCK_SIZE
* nblocks
;
916 uint16_t *rx
= g_malloc0(rxsize
);
922 /* Prepopulate the CDROM with an interesting pattern */
923 generate_pattern(pattern
, patt_len
, ATAPI_BLOCK_SIZE
);
924 fh
= fopen(tmp_path
[0], "wb+");
925 ret
= fwrite(pattern
, ATAPI_BLOCK_SIZE
, patt_blocks
, fh
);
926 g_assert_cmpint(ret
, ==, patt_blocks
);
929 qts
= ide_test_start(
930 "-drive if=none,file=%s,media=cdrom,format=raw,id=sr0,index=0 "
931 "-device ide-cd,drive=sr0,bus=ide.0", tmp_path
[0]);
932 dev
= get_pci_device(qts
, &bmdma_bar
, &ide_bar
);
933 qtest_irq_intercept_in(qts
, "ioapic");
935 /* PACKET command on device 0 */
936 qpci_io_writeb(dev
, ide_bar
, reg_device
, 0);
937 qpci_io_writeb(dev
, ide_bar
, reg_lba_middle
, BYTE_COUNT_LIMIT
& 0xFF);
938 qpci_io_writeb(dev
, ide_bar
, reg_lba_high
, (BYTE_COUNT_LIMIT
>> 8 & 0xFF));
939 qpci_io_writeb(dev
, ide_bar
, reg_command
, CMD_PACKET
);
940 /* HP0: Check_Status_A State */
942 data
= ide_wait_clear(qts
, BSY
);
943 /* HP1: Send_Packet State */
944 assert_bit_set(data
, DRQ
| DRDY
);
945 assert_bit_clear(data
, ERR
| DF
| BSY
);
947 /* SCSI CDB (READ10) -- read n*2048 bytes from block 0 */
948 send_scsi_cdb_read10(dev
, ide_bar
, 0, nblocks
);
950 /* Read data back: occurs in bursts of 'BYTE_COUNT_LIMIT' bytes.
951 * If BYTE_COUNT_LIMIT is odd, we transfer BYTE_COUNT_LIMIT - 1 bytes.
952 * We allow an odd limit only when the remaining transfer size is
953 * less than BYTE_COUNT_LIMIT. However, SCSI's read10 command can only
954 * request n blocks, so our request size is always even.
955 * For this reason, we assume there is never a hanging byte to fetch. */
956 g_assert(!(rxsize
& 1));
957 limit
= BYTE_COUNT_LIMIT
& ~1;
958 for (i
= 0; i
< DIV_ROUND_UP(rxsize
, limit
); i
++) {
959 size_t offset
= i
* (limit
/ 2);
960 size_t rem
= (rxsize
/ 2) - offset
;
962 /* HP3: INTRQ_Wait */
963 ide_wait_intr(qts
, IDE_PRIMARY_IRQ
);
965 /* HP2: Check_Status_B (and clear IRQ) */
966 data
= ide_wait_clear(qts
, BSY
);
967 assert_bit_set(data
, DRQ
| DRDY
);
968 assert_bit_clear(data
, ERR
| DF
| BSY
);
970 /* HP4: Transfer_Data */
971 for (j
= 0; j
< MIN((limit
/ 2), rem
); j
++) {
972 rx
[offset
+ j
] = cpu_to_le16(qpci_io_readw(dev
, ide_bar
,
977 /* Check for final completion IRQ */
978 ide_wait_intr(qts
, IDE_PRIMARY_IRQ
);
980 /* Sanity check final state */
981 data
= ide_wait_clear(qts
, DRQ
);
982 assert_bit_set(data
, DRDY
);
983 assert_bit_clear(data
, DRQ
| ERR
| DF
| BSY
);
985 g_assert_cmpint(memcmp(pattern
, rx
, rxsize
), ==, 0);
988 test_bmdma_teardown(qts
);
989 free_pci_device(dev
);
992 static void test_cdrom_pio(void)
997 static void test_cdrom_pio_large(void)
999 /* Test a few loops of the PIO DRQ mechanism. */
1000 cdrom_pio_impl(BYTE_COUNT_LIMIT
* 4 / ATAPI_BLOCK_SIZE
);
1004 static void test_cdrom_dma(void)
1007 static const size_t len
= ATAPI_BLOCK_SIZE
;
1009 char *pattern
= g_malloc(ATAPI_BLOCK_SIZE
* 16);
1010 char *rx
= g_malloc0(len
);
1011 uintptr_t guest_buf
;
1015 qts
= ide_test_start(
1016 "-drive if=none,file=%s,media=cdrom,format=raw,id=sr0,index=0 "
1017 "-device ide-cd,drive=sr0,bus=ide.0", tmp_path
[0]);
1018 qtest_irq_intercept_in(qts
, "ioapic");
1020 guest_buf
= guest_alloc(&guest_malloc
, len
);
1021 prdt
[0].addr
= cpu_to_le32(guest_buf
);
1022 prdt
[0].size
= cpu_to_le32(len
| PRDT_EOT
);
1024 generate_pattern(pattern
, ATAPI_BLOCK_SIZE
* 16, ATAPI_BLOCK_SIZE
);
1025 fh
= fopen(tmp_path
[0], "wb+");
1026 ret
= fwrite(pattern
, ATAPI_BLOCK_SIZE
, 16, fh
);
1027 g_assert_cmpint(ret
, ==, 16);
1030 send_dma_request(qts
, CMD_PACKET
, 0, 1, prdt
, 1, send_scsi_cdb_read10
);
1032 /* Read back data from guest memory into local qtest memory */
1033 qtest_memread(qts
, guest_buf
, rx
, len
);
1034 g_assert_cmpint(memcmp(pattern
, rx
, len
), ==, 0);
1038 test_bmdma_teardown(qts
);
1041 int main(int argc
, char **argv
)
1049 * "base" stores the starting point where we create temporary files.
1051 * On Windows, this is set to the relative path of current working
1052 * directory, because the absolute path causes the blkdebug filename
1053 * parser fail to parse "blkdebug:path/to/config:path/to/image".
1056 base
= g_get_tmp_dir();
1061 /* Create temporary blkdebug instructions */
1062 debug_path
= g_strdup_printf("%s/qtest-blkdebug.XXXXXX", base
);
1063 fd
= g_mkstemp(debug_path
);
1067 /* Create a temporary raw image */
1068 for (i
= 0; i
< 2; ++i
) {
1069 tmp_path
[i
] = g_strdup_printf("%s/qtest.XXXXXX", base
);
1070 fd
= g_mkstemp(tmp_path
[i
]);
1072 ret
= ftruncate(fd
, TEST_IMAGE_SIZE
);
1078 g_test_init(&argc
, &argv
, NULL
);
1080 qtest_add_func("/ide/identify", test_identify
);
1082 qtest_add_func("/ide/diagnostic", test_diagnostic
);
1084 qtest_add_func("/ide/bmdma/simple_rw", test_bmdma_simple_rw
);
1085 qtest_add_func("/ide/bmdma/trim", test_bmdma_trim
);
1086 qtest_add_func("/ide/bmdma/various_prdts", test_bmdma_various_prdts
);
1087 qtest_add_func("/ide/bmdma/no_busmaster", test_bmdma_no_busmaster
);
1089 qtest_add_func("/ide/flush", test_flush
);
1090 qtest_add_func("/ide/flush/nodev", test_flush_nodev
);
1091 qtest_add_func("/ide/flush/empty_drive", test_flush_empty_drive
);
1092 qtest_add_func("/ide/flush/retry_pci", test_pci_retry_flush
);
1094 qtest_add_func("/ide/cdrom/pio", test_cdrom_pio
);
1095 qtest_add_func("/ide/cdrom/pio_large", test_cdrom_pio_large
);
1096 qtest_add_func("/ide/cdrom/dma", test_cdrom_dma
);
1101 for (i
= 0; i
< 2; ++i
) {
1102 unlink(tmp_path
[i
]);
1103 g_free(tmp_path
[i
]);