]> git.proxmox.com Git - mirror_qemu.git/blame - hw/ide/ahci.c
projects / mirror_qemu.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
ahci: split ICH9 from core
[mirror_qemu.git] / hw / ide / ahci.c
CommitLineData
f6ad2e32
AG		 1/*
2 * QEMU AHCI Emulation
3 *
4 * Copyright (c) 2010 qiaochong@loongson.cn
5 * Copyright (c) 2010 Roland Elek <elek.roland@gmail.com>
6 * Copyright (c) 2010 Sebastian Herbszt <herbszt@gmx.de>
7 * Copyright (c) 2010 Alexander Graf <agraf@suse.de>
8 *
9 * This library is free software; you can redistribute it and/or
10 * modify it under the terms of the GNU Lesser General Public
11 * License as published by the Free Software Foundation; either
12 * version 2 of the License, or (at your option) any later version.
13 *
14 * This library is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
17 * Lesser General Public License for more details.
18 *
19 * You should have received a copy of the GNU Lesser General Public
20 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
21 *
22 *
23 * lspci dump of a ICH-9 real device in IDE mode (hopefully close enough):
24 *
25 * 00:1f.2 SATA controller [0106]: Intel Corporation 82801IR/IO/IH (ICH9R/DO/DH) 6 port SATA AHCI Controller [8086:2922] (rev 02) (prog-if 01 [AHCI 1.0])
26 * Subsystem: Intel Corporation 82801IR/IO/IH (ICH9R/DO/DH) 6 port SATA AHCI Controller [8086:2922]
27 * Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B- DisINTx+
28 * Status: Cap+ 66MHz+ UDF- FastB2B+ ParErr- DEVSEL=medium >TAbort- <TAbort- <MAbort- >SERR- <PERR- INTx-
29 * Latency: 0
30 * Interrupt: pin B routed to IRQ 222
31 * Region 0: I/O ports at d000 [size=8]
32 * Region 1: I/O ports at cc00 [size=4]
33 * Region 2: I/O ports at c880 [size=8]
34 * Region 3: I/O ports at c800 [size=4]
35 * Region 4: I/O ports at c480 [size=32]
36 * Region 5: Memory at febf9000 (32-bit, non-prefetchable) [size=2K]
37 * Capabilities: [80] Message Signalled Interrupts: Mask- 64bit- Count=1/16 Enable+
38 * Address: fee0f00c Data: 41d9
39 * Capabilities: [70] Power Management version 3
40 * Flags: PMEClk- DSI- D1- D2- AuxCurrent=0mA PME(D0-,D1-,D2-,D3hot+,D3cold-)
41 * Status: D0 PME-Enable- DSel=0 DScale=0 PME-
42 * Capabilities: [a8] SATA HBA <?>
43 * Capabilities: [b0] Vendor Specific Information <?>
44 * Kernel driver in use: ahci
45 * Kernel modules: ahci
46 * 00: 86 80 22 29 07 04 b0 02 02 01 06 01 00 00 00 00
47 * 10: 01 d0 00 00 01 cc 00 00 81 c8 00 00 01 c8 00 00
48 * 20: 81 c4 00 00 00 90 bf fe 00 00 00 00 86 80 22 29
49 * 30: 00 00 00 00 80 00 00 00 00 00 00 00 0f 02 00 00
50 * 40: 00 80 00 80 00 00 00 00 00 00 00 00 00 00 00 00
51 * 50: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
52 * 60: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
53 * 70: 01 a8 03 40 08 00 00 00 00 00 00 00 00 00 00 00
54 * 80: 05 70 09 00 0c f0 e0 fe d9 41 00 00 00 00 00 00
55 * 90: 40 00 0f 82 93 01 00 00 00 00 00 00 00 00 00 00
56 * a0: ac 00 00 00 0a 00 12 00 12 b0 10 00 48 00 00 00
57 * b0: 09 00 06 20 00 00 00 00 00 00 00 00 00 00 00 00
58 * c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
59 * d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
60 * e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
61 * f0: 00 00 00 00 00 00 00 00 86 0f 02 00 00 00 00 00
62 *
63 */
64
65#include <hw/hw.h>
66#include <hw/msi.h>
67#include <hw/pc.h>
68#include <hw/pci.h>
69
70#include "monitor.h"
71#include "dma.h"
72#include "cpu-common.h"
f6ad2e32
AG		 73#include "internal.h"
74#include <hw/ide/pci.h>
03c7a6a8 75#include <hw/ide/ahci.h>
f6ad2e32
AG		 76
77/* #define DEBUG_AHCI */
78
79#ifdef DEBUG_AHCI
80#define DPRINTF(port, fmt, ...) \
81do { fprintf(stderr, "ahci: %s: [%d] ", __FUNCTION__, port); \
82 fprintf(stderr, fmt, ## __VA_ARGS__); } while (0)
83#else
84#define DPRINTF(port, fmt, ...) do {} while(0)
85#endif
86
f6ad2e32
AG		 87static void check_cmd(AHCIState *s, int port);
88static int handle_cmd(AHCIState *s,int port,int slot);
89static void ahci_reset_port(AHCIState *s, int port);
90static void ahci_write_fis_d2h(AHCIDevice *ad, uint8_t *cmd_fis);
91
92static uint32_t ahci_port_read(AHCIState *s, int port, int offset)
93{
94 uint32_t val;
95 AHCIPortRegs *pr;
96 pr = &s->dev[port].port_regs;
97
98 switch (offset) {
99 case PORT_LST_ADDR:
100 val = pr->lst_addr;
101 break;
102 case PORT_LST_ADDR_HI:
103 val = pr->lst_addr_hi;
104 break;
105 case PORT_FIS_ADDR:
106 val = pr->fis_addr;
107 break;
108 case PORT_FIS_ADDR_HI:
109 val = pr->fis_addr_hi;
110 break;
111 case PORT_IRQ_STAT:
112 val = pr->irq_stat;
113 break;
114 case PORT_IRQ_MASK:
115 val = pr->irq_mask;
116 break;
117 case PORT_CMD:
118 val = pr->cmd;
119 break;
120 case PORT_TFDATA:
121 val = ((uint16_t)s->dev[port].port.ifs[0].error << 8) |
122 s->dev[port].port.ifs[0].status;
123 break;
124 case PORT_SIG:
125 val = pr->sig;
126 break;
127 case PORT_SCR_STAT:
128 if (s->dev[port].port.ifs[0].bs) {
129 val = SATA_SCR_SSTATUS_DET_DEV_PRESENT_PHY_UP |
130 SATA_SCR_SSTATUS_SPD_GEN1 | SATA_SCR_SSTATUS_IPM_ACTIVE;
131 } else {
132 val = SATA_SCR_SSTATUS_DET_NODEV;
133 }
134 break;
135 case PORT_SCR_CTL:
136 val = pr->scr_ctl;
137 break;
138 case PORT_SCR_ERR:
139 val = pr->scr_err;
140 break;
141 case PORT_SCR_ACT:
142 pr->scr_act &= ~s->dev[port].finished;
143 s->dev[port].finished = 0;
144 val = pr->scr_act;
145 break;
146 case PORT_CMD_ISSUE:
147 val = pr->cmd_issue;
148 break;
149 case PORT_RESERVED:
150 default:
151 val = 0;
152 }
153 DPRINTF(port, "offset: 0x%x val: 0x%x\n", offset, val);
154 return val;
155
156}
157
158static void ahci_irq_raise(AHCIState *s, AHCIDevice *dev)
159{
160 struct AHCIPCIState *d = container_of(s, AHCIPCIState, ahci);
161
162 DPRINTF(0, "raise irq\n");
163
164 if (msi_enabled(&d->card)) {
165 msi_notify(&d->card, 0);
166 } else {
167 qemu_irq_raise(s->irq);
168 }
169}
170
171static void ahci_irq_lower(AHCIState *s, AHCIDevice *dev)
172{
173 struct AHCIPCIState *d = container_of(s, AHCIPCIState, ahci);
174
175 DPRINTF(0, "lower irq\n");
176
177 if (!msi_enabled(&d->card)) {
178 qemu_irq_lower(s->irq);
179 }
180}
181
182static void ahci_check_irq(AHCIState *s)
183{
184 int i;
185
186 DPRINTF(-1, "check irq %#x\n", s->control_regs.irqstatus);
187
188 for (i = 0; i < SATA_PORTS; i++) {
189 AHCIPortRegs *pr = &s->dev[i].port_regs;
190 if (pr->irq_stat & pr->irq_mask) {
191 s->control_regs.irqstatus |= (1 << i);
192 }
193 }
194
195 if (s->control_regs.irqstatus &&
196 (s->control_regs.ghc & HOST_CTL_IRQ_EN)) {
197 ahci_irq_raise(s, NULL);
198 } else {
199 ahci_irq_lower(s, NULL);
200 }
201}
202
203static void ahci_trigger_irq(AHCIState *s, AHCIDevice *d,
204 int irq_type)
205{
206 DPRINTF(d->port_no, "trigger irq %#x -> %x\n",
207 irq_type, d->port_regs.irq_mask & irq_type);
208
209 d->port_regs.irq_stat |= irq_type;
210 ahci_check_irq(s);
211}
212
213static void map_page(uint8_t **ptr, uint64_t addr, uint32_t wanted)
214{
215 target_phys_addr_t len = wanted;
216
217 if (*ptr) {
fe6ceac8 218 cpu_physical_memory_unmap(*ptr, len, 1, len);
f6ad2e32
AG		 219 }
220
221 *ptr = cpu_physical_memory_map(addr, &len, 1);
222 if (len < wanted) {
fe6ceac8 223 cpu_physical_memory_unmap(*ptr, len, 1, len);
f6ad2e32
AG		 224 *ptr = NULL;
225 }
226}
227
228static void ahci_port_write(AHCIState *s, int port, int offset, uint32_t val)
229{
230 AHCIPortRegs *pr = &s->dev[port].port_regs;
231
232 DPRINTF(port, "offset: 0x%x val: 0x%x\n", offset, val);
233 switch (offset) {
234 case PORT_LST_ADDR:
235 pr->lst_addr = val;
236 map_page(&s->dev[port].lst,
237 ((uint64_t)pr->lst_addr_hi << 32) | pr->lst_addr, 1024);
238 s->dev[port].cur_cmd = NULL;
239 break;
240 case PORT_LST_ADDR_HI:
241 pr->lst_addr_hi = val;
242 map_page(&s->dev[port].lst,
243 ((uint64_t)pr->lst_addr_hi << 32) | pr->lst_addr, 1024);
244 s->dev[port].cur_cmd = NULL;
245 break;
246 case PORT_FIS_ADDR:
247 pr->fis_addr = val;
248 map_page(&s->dev[port].res_fis,
249 ((uint64_t)pr->fis_addr_hi << 32) | pr->fis_addr, 256);
250 break;
251 case PORT_FIS_ADDR_HI:
252 pr->fis_addr_hi = val;
253 map_page(&s->dev[port].res_fis,
254 ((uint64_t)pr->fis_addr_hi << 32) | pr->fis_addr, 256);
255 break;
256 case PORT_IRQ_STAT:
257 pr->irq_stat &= ~val;
258 break;
259 case PORT_IRQ_MASK:
260 pr->irq_mask = val & 0xfdc000ff;
261 ahci_check_irq(s);
262 break;
263 case PORT_CMD:
264 pr->cmd = val & ~(PORT_CMD_LIST_ON | PORT_CMD_FIS_ON);
265
266 if (pr->cmd & PORT_CMD_START) {
267 pr->cmd |= PORT_CMD_LIST_ON;
268 }
269
270 if (pr->cmd & PORT_CMD_FIS_RX) {
271 pr->cmd |= PORT_CMD_FIS_ON;
272 }
273
274 check_cmd(s, port);
275 break;
276 case PORT_TFDATA:
277 s->dev[port].port.ifs[0].error = (val >> 8) & 0xff;
278 s->dev[port].port.ifs[0].status = val & 0xff;
279 break;
280 case PORT_SIG:
281 pr->sig = val;
282 break;
283 case PORT_SCR_STAT:
284 pr->scr_stat = val;
285 break;
286 case PORT_SCR_CTL:
287 if (((pr->scr_ctl & AHCI_SCR_SCTL_DET) == 1) &&
288 ((val & AHCI_SCR_SCTL_DET) == 0)) {
289 ahci_reset_port(s, port);
290 }
291 pr->scr_ctl = val;
292 break;
293 case PORT_SCR_ERR:
294 pr->scr_err &= ~val;
295 break;
296 case PORT_SCR_ACT:
297 /* RW1 */
298 pr->scr_act |= val;
299 break;
300 case PORT_CMD_ISSUE:
301 pr->cmd_issue |= val;
302 check_cmd(s, port);
303 break;
304 default:
305 break;
306 }
307}
308
309static uint32_t ahci_mem_readl(void *ptr, target_phys_addr_t addr)
310{
311 AHCIState *s = ptr;
312 uint32_t val = 0;
313
314 addr = addr & 0xfff;
315 if (addr < AHCI_GENERIC_HOST_CONTROL_REGS_MAX_ADDR) {
316 switch (addr) {
317 case HOST_CAP:
318 val = s->control_regs.cap;
319 break;
320 case HOST_CTL:
321 val = s->control_regs.ghc;
322 break;
323 case HOST_IRQ_STAT:
324 val = s->control_regs.irqstatus;
325 break;
326 case HOST_PORTS_IMPL:
327 val = s->control_regs.impl;
328 break;
329 case HOST_VERSION:
330 val = s->control_regs.version;
331 break;
332 }
333
334 DPRINTF(-1, "(addr 0x%08X), val 0x%08X\n", (unsigned) addr, val);
335 } else if ((addr >= AHCI_PORT_REGS_START_ADDR) &&
336 (addr < AHCI_PORT_REGS_END_ADDR)) {
337 val = ahci_port_read(s, (addr - AHCI_PORT_REGS_START_ADDR) >> 7,
338 addr & AHCI_PORT_ADDR_OFFSET_MASK);
339 }
340
341 return val;
342}
343
344
345
346static void ahci_mem_writel(void *ptr, target_phys_addr_t addr, uint32_t val)
347{
348 AHCIState *s = ptr;
349 addr = addr & 0xfff;
350
351 /* Only aligned reads are allowed on AHCI */
352 if (addr & 3) {
353 fprintf(stderr, "ahci: Mis-aligned write to addr 0x"
354 TARGET_FMT_plx "\n", addr);
355 return;
356 }
357
358 if (addr < AHCI_GENERIC_HOST_CONTROL_REGS_MAX_ADDR) {
359 DPRINTF(-1, "(addr 0x%08X), val 0x%08X\n", (unsigned) addr, val);
360
361 switch (addr) {
362 case HOST_CAP: /* R/WO, RO */
363 /* FIXME handle R/WO */
364 break;
365 case HOST_CTL: /* R/W */
366 if (val & HOST_CTL_RESET) {
367 DPRINTF(-1, "HBA Reset\n");
368 /* FIXME reset? */
369 } else {
370 s->control_regs.ghc = (val & 0x3) | HOST_CTL_AHCI_EN;
371 ahci_check_irq(s);
372 }
373 break;
374 case HOST_IRQ_STAT: /* R/WC, RO */
375 s->control_regs.irqstatus &= ~val;
376 ahci_check_irq(s);
377 break;
378 case HOST_PORTS_IMPL: /* R/WO, RO */
379 /* FIXME handle R/WO */
380 break;
381 case HOST_VERSION: /* RO */
382 /* FIXME report write? */
383 break;
384 default:
385 DPRINTF(-1, "write to unknown register 0x%x\n", (unsigned)addr);
386 }
387 } else if ((addr >= AHCI_PORT_REGS_START_ADDR) &&
388 (addr < AHCI_PORT_REGS_END_ADDR)) {
389 ahci_port_write(s, (addr - AHCI_PORT_REGS_START_ADDR) >> 7,
390 addr & AHCI_PORT_ADDR_OFFSET_MASK, val);
391 }
392
393}
394
395static CPUReadMemoryFunc * const ahci_readfn[3]={
396 ahci_mem_readl,
397 ahci_mem_readl,
398 ahci_mem_readl
399};
400
401static CPUWriteMemoryFunc * const ahci_writefn[3]={
402 ahci_mem_writel,
403 ahci_mem_writel,
404 ahci_mem_writel
405};
406
407static void ahci_reg_init(AHCIState *s)
408{
409 int i;
410
411 s->control_regs.cap = (SATA_PORTS - 1) |
412 (AHCI_NUM_COMMAND_SLOTS << 8) |
413 (AHCI_SUPPORTED_SPEED_GEN1 << AHCI_SUPPORTED_SPEED) |
414 HOST_CAP_NCQ | HOST_CAP_AHCI;
415
416 s->control_regs.impl = (1 << SATA_PORTS) - 1;
417
418 s->control_regs.version = AHCI_VERSION_1_0;
419
420 for (i = 0; i < SATA_PORTS; i++) {
421 s->dev[i].port_state = STATE_RUN;
422 }
423}
424
425static uint32_t read_from_sglist(uint8_t *buffer, uint32_t len,
426 QEMUSGList *sglist)
427{
428 uint32_t i = 0;
429 uint32_t total = 0, once;
430 ScatterGatherEntry *cur_prd;
431 uint32_t sgcount;
432
433 cur_prd = sglist->sg;
434 sgcount = sglist->nsg;
435 for (i = 0; len && sgcount; i++) {
436 once = MIN(cur_prd->len, len);
437 cpu_physical_memory_read(cur_prd->base, buffer, once);
438 cur_prd++;
439 sgcount--;
440 len -= once;
441 buffer += once;
442 total += once;
443 }
444
445 return total;
446}
447
448static uint32_t write_to_sglist(uint8_t *buffer, uint32_t len,
449 QEMUSGList *sglist)
450{
451 uint32_t i = 0;
452 uint32_t total = 0, once;
453 ScatterGatherEntry *cur_prd;
454 uint32_t sgcount;
455
456 DPRINTF(-1, "total: 0x%x bytes\n", len);
457
458 cur_prd = sglist->sg;
459 sgcount = sglist->nsg;
460 for (i = 0; len && sgcount; i++) {
461 once = MIN(cur_prd->len, len);
462 DPRINTF(-1, "write 0x%x bytes to 0x%lx\n", once, (long)cur_prd->base);
463 cpu_physical_memory_write(cur_prd->base, buffer, once);
464 cur_prd++;
465 sgcount--;
466 len -= once;
467 buffer += once;
468 total += once;
469 }
470
471 return total;
472}
473
474static void check_cmd(AHCIState *s, int port)
475{
476 AHCIPortRegs *pr = &s->dev[port].port_regs;
477 int slot;
478
479 if ((pr->cmd & PORT_CMD_START) && pr->cmd_issue) {
480 for (slot = 0; (slot < 32) && pr->cmd_issue; slot++) {
481 if ((pr->cmd_issue & (1 << slot)) &&
482 !handle_cmd(s, port, slot)) {
483 pr->cmd_issue &= ~(1 << slot);
484 }
485 }
486 }
487}
488
489static void ahci_check_cmd_bh(void *opaque)
490{
491 AHCIDevice *ad = opaque;
492
493 qemu_bh_delete(ad->check_bh);
494 ad->check_bh = NULL;
495
496 if ((ad->busy_slot != -1) &&
497 !(ad->port.ifs[0].status & (BUSY_STAT|DRQ_STAT))) {
498 /* no longer busy */
499 ad->port_regs.cmd_issue &= ~(1 << ad->busy_slot);
500 ad->busy_slot = -1;
501 }
502
503 check_cmd(ad->hba, ad->port_no);
504}
505
506static void ahci_reset_port(AHCIState *s, int port)
507{
508 AHCIDevice *d = &s->dev[port];
509 AHCIPortRegs *pr = &d->port_regs;
510 IDEState *ide_state = &d->port.ifs[0];
511 uint8_t init_fis[0x20];
f6ad2e32
AG		 512 int i;
513
514 DPRINTF(port, "reset port\n");
515
516 ide_bus_reset(&d->port);
517 ide_state->ncq_queues = AHCI_MAX_CMDS;
518
519 pr->irq_stat = 0;
520 pr->irq_mask = 0;
521 pr->scr_stat = 0;
522 pr->scr_ctl = 0;
523 pr->scr_err = 0;
524 pr->scr_act = 0;
525 d->busy_slot = -1;
526
527 ide_state = &s->dev[port].port.ifs[0];
528 if (!ide_state->bs) {
529 return;
530 }
531
532 /* reset ncq queue */
533 for (i = 0; i < AHCI_MAX_CMDS; i++) {
534 NCQTransferState *ncq_tfs = &s->dev[port].ncq_tfs[i];
535 if (!ncq_tfs->used) {
536 continue;
537 }
538
539 if (ncq_tfs->aiocb) {
540 bdrv_aio_cancel(ncq_tfs->aiocb);
541 ncq_tfs->aiocb = NULL;
542 }
543
544 qemu_sglist_destroy(&ncq_tfs->sglist);
545 ncq_tfs->used = 0;
546 }
547
548 memset(init_fis, 0, sizeof(init_fis));
549 s->dev[port].port_state = STATE_RUN;
550 if (!ide_state->bs) {
551 s->dev[port].port_regs.sig = 0;
cdfe17df 552 ide_state->status = SEEK_STAT | WRERR_STAT;
f6ad2e32
AG		 553 } else if (ide_state->drive_kind == IDE_CD) {
554 s->dev[port].port_regs.sig = SATA_SIGNATURE_CDROM;
555 ide_state->lcyl = 0x14;
556 ide_state->hcyl = 0xeb;
557 DPRINTF(port, "set lcyl = %d\n", ide_state->lcyl);
558 init_fis[5] = ide_state->lcyl;
559 init_fis[6] = ide_state->hcyl;
560 ide_state->status = SEEK_STAT | WRERR_STAT | READY_STAT;
561 } else {
562 s->dev[port].port_regs.sig = SATA_SIGNATURE_DISK;
563 ide_state->status = SEEK_STAT | WRERR_STAT;
564 }
565
566 ide_state->error = 1;
567 init_fis[4] = 1;
568 init_fis[12] = 1;
569 ahci_write_fis_d2h(d, init_fis);
570}
571
572static void debug_print_fis(uint8_t *fis, int cmd_len)
573{
574#ifdef DEBUG_AHCI
575 int i;
576
577 fprintf(stderr, "fis:");
578 for (i = 0; i < cmd_len; i++) {
579 if ((i & 0xf) == 0) {
580 fprintf(stderr, "\n%02x:",i);
581 }
582 fprintf(stderr, "%02x ",fis[i]);
583 }
584 fprintf(stderr, "\n");
585#endif
586}
587
588static void ahci_write_fis_sdb(AHCIState *s, int port, uint32_t finished)
589{
590 AHCIPortRegs *pr = &s->dev[port].port_regs;
591 IDEState *ide_state;
592 uint8_t *sdb_fis;
593
594 if (!s->dev[port].res_fis ||
595 !(pr->cmd & PORT_CMD_FIS_RX)) {
596 return;
597 }
598
599 sdb_fis = &s->dev[port].res_fis[RES_FIS_SDBFIS];
600 ide_state = &s->dev[port].port.ifs[0];
601
602 /* clear memory */
603 *(uint32_t*)sdb_fis = 0;
604
605 /* write values */
606 sdb_fis[0] = ide_state->error;
607 sdb_fis[2] = ide_state->status & 0x77;
608 s->dev[port].finished |= finished;
609 *(uint32_t*)(sdb_fis + 4) = cpu_to_le32(s->dev[port].finished);
610
611 ahci_trigger_irq(s, &s->dev[port], PORT_IRQ_STAT_SDBS);
612}
613
614static void ahci_write_fis_d2h(AHCIDevice *ad, uint8_t *cmd_fis)
615{
616 AHCIPortRegs *pr = &ad->port_regs;
617 uint8_t *d2h_fis;
618 int i;
619 target_phys_addr_t cmd_len = 0x80;
620 int cmd_mapped = 0;
621
622 if (!ad->res_fis || !(pr->cmd & PORT_CMD_FIS_RX)) {
623 return;
624 }
625
626 if (!cmd_fis) {
627 /* map cmd_fis */
628 uint64_t tbl_addr = le64_to_cpu(ad->cur_cmd->tbl_addr);
629 cmd_fis = cpu_physical_memory_map(tbl_addr, &cmd_len, 0);
630 cmd_mapped = 1;
631 }
632
633 d2h_fis = &ad->res_fis[RES_FIS_RFIS];
634
635 d2h_fis[0] = 0x34;
636 d2h_fis[1] = (ad->hba->control_regs.irqstatus ? (1 << 6) : 0);
637 d2h_fis[2] = ad->port.ifs[0].status;
638 d2h_fis[3] = ad->port.ifs[0].error;
639
640 d2h_fis[4] = cmd_fis[4];
641 d2h_fis[5] = cmd_fis[5];
642 d2h_fis[6] = cmd_fis[6];
643 d2h_fis[7] = cmd_fis[7];
644 d2h_fis[8] = cmd_fis[8];
645 d2h_fis[9] = cmd_fis[9];
646 d2h_fis[10] = cmd_fis[10];
647 d2h_fis[11] = cmd_fis[11];
648 d2h_fis[12] = cmd_fis[12];
649 d2h_fis[13] = cmd_fis[13];
650 for (i = 14; i < 0x20; i++) {
651 d2h_fis[i] = 0;
652 }
653
654 if (d2h_fis[2] & ERR_STAT) {
655 ahci_trigger_irq(ad->hba, ad, PORT_IRQ_STAT_TFES);
656 }
657
658 ahci_trigger_irq(ad->hba, ad, PORT_IRQ_D2H_REG_FIS);
659
660 if (cmd_mapped) {
fe6ceac8 661 cpu_physical_memory_unmap(cmd_fis, cmd_len, 0, cmd_len);
f6ad2e32
AG		 662 }
663}
664
665static int ahci_populate_sglist(AHCIDevice *ad, QEMUSGList *sglist)
666{
667 AHCICmdHdr *cmd = ad->cur_cmd;
668 uint32_t opts = le32_to_cpu(cmd->opts);
669 uint64_t prdt_addr = le64_to_cpu(cmd->tbl_addr) + 0x80;
670 int sglist_alloc_hint = opts >> AHCI_CMD_HDR_PRDT_LEN;
671 target_phys_addr_t prdt_len = (sglist_alloc_hint * sizeof(AHCI_SG));
672 target_phys_addr_t real_prdt_len = prdt_len;
673 uint8_t *prdt;
674 int i;
675 int r = 0;
676
677 if (!sglist_alloc_hint) {
678 DPRINTF(ad->port_no, "no sg list given by guest: 0x%08x\n", opts);
679 return -1;
680 }
681
682 /* map PRDT */
683 if (!(prdt = cpu_physical_memory_map(prdt_addr, &prdt_len, 0))){
684 DPRINTF(ad->port_no, "map failed\n");
685 return -1;
686 }
687
688 if (prdt_len < real_prdt_len) {
689 DPRINTF(ad->port_no, "mapped less than expected\n");
690 r = -1;
691 goto out;
692 }
693
694 /* Get entries in the PRDT, init a qemu sglist accordingly */
695 if (sglist_alloc_hint > 0) {
696 AHCI_SG *tbl = (AHCI_SG *)prdt;
697
698 qemu_sglist_init(sglist, sglist_alloc_hint);
699 for (i = 0; i < sglist_alloc_hint; i++) {
700 /* flags_size is zero-based */
701 qemu_sglist_add(sglist, le64_to_cpu(tbl[i].addr),
702 le32_to_cpu(tbl[i].flags_size) + 1);
703 }
704 }
705
706out:
fe6ceac8 707 cpu_physical_memory_unmap(prdt, prdt_len, 0, prdt_len);
f6ad2e32
AG		 708 return r;
709}
710
711static void ncq_cb(void *opaque, int ret)
712{
713 NCQTransferState *ncq_tfs = (NCQTransferState *)opaque;
714 IDEState *ide_state = &ncq_tfs->drive->port.ifs[0];
715
716 /* Clear bit for this tag in SActive */
717 ncq_tfs->drive->port_regs.scr_act &= ~(1 << ncq_tfs->tag);
718
719 if (ret < 0) {
720 /* error */
721 ide_state->error = ABRT_ERR;
722 ide_state->status = READY_STAT | ERR_STAT;
723 ncq_tfs->drive->port_regs.scr_err |= (1 << ncq_tfs->tag);
724 } else {
725 ide_state->status = READY_STAT | SEEK_STAT;
726 }
727
728 ahci_write_fis_sdb(ncq_tfs->drive->hba, ncq_tfs->drive->port_no,
729 (1 << ncq_tfs->tag));
730
731 DPRINTF(ncq_tfs->drive->port_no, "NCQ transfer tag %d finished\n",
732 ncq_tfs->tag);
733
734 qemu_sglist_destroy(&ncq_tfs->sglist);
735 ncq_tfs->used = 0;
736}
737
738static void process_ncq_command(AHCIState *s, int port, uint8_t *cmd_fis,
739 int slot)
740{
741 NCQFrame *ncq_fis = (NCQFrame*)cmd_fis;
742 uint8_t tag = ncq_fis->tag >> 3;
743 NCQTransferState *ncq_tfs = &s->dev[port].ncq_tfs[tag];
744
745 if (ncq_tfs->used) {
746 /* error - already in use */
747 fprintf(stderr, "%s: tag %d already used\n", __FUNCTION__, tag);
748 return;
749 }
750
751 ncq_tfs->used = 1;
752 ncq_tfs->drive = &s->dev[port];
753 ncq_tfs->slot = slot;
754 ncq_tfs->lba = ((uint64_t)ncq_fis->lba5 << 40) |
755 ((uint64_t)ncq_fis->lba4 << 32) |
756 ((uint64_t)ncq_fis->lba3 << 24) |
757 ((uint64_t)ncq_fis->lba2 << 16) |
758 ((uint64_t)ncq_fis->lba1 << 8) |
759 (uint64_t)ncq_fis->lba0;
760
761 /* Note: We calculate the sector count, but don't currently rely on it.
762 * The total size of the DMA buffer tells us the transfer size instead. */
763 ncq_tfs->sector_count = ((uint16_t)ncq_fis->sector_count_high << 8) |
764 ncq_fis->sector_count_low;
765
766 DPRINTF(port, "NCQ transfer LBA from %ld to %ld, drive max %ld\n",
767 ncq_tfs->lba, ncq_tfs->lba + ncq_tfs->sector_count - 2,
768 s->dev[port].port.ifs[0].nb_sectors - 1);
769
770 ahci_populate_sglist(&s->dev[port], &ncq_tfs->sglist);
771 ncq_tfs->tag = tag;
772
773 switch(ncq_fis->command) {
774 case READ_FPDMA_QUEUED:
775 DPRINTF(port, "NCQ reading %d sectors from LBA %ld, tag %d\n",
776 ncq_tfs->sector_count-1, ncq_tfs->lba, ncq_tfs->tag);
777 ncq_tfs->is_read = 1;
778
779 DPRINTF(port, "tag %d aio read %ld\n", ncq_tfs->tag, ncq_tfs->lba);
780 ncq_tfs->aiocb = dma_bdrv_read(ncq_tfs->drive->port.ifs[0].bs,
781 &ncq_tfs->sglist, ncq_tfs->lba,
782 ncq_cb, ncq_tfs);
783 break;
784 case WRITE_FPDMA_QUEUED:
785 DPRINTF(port, "NCQ writing %d sectors to LBA %ld, tag %d\n",
786 ncq_tfs->sector_count-1, ncq_tfs->lba, ncq_tfs->tag);
787 ncq_tfs->is_read = 0;
788
789 DPRINTF(port, "tag %d aio write %ld\n", ncq_tfs->tag, ncq_tfs->lba);
790 ncq_tfs->aiocb = dma_bdrv_write(ncq_tfs->drive->port.ifs[0].bs,
791 &ncq_tfs->sglist, ncq_tfs->lba,
792 ncq_cb, ncq_tfs);
793 break;
794 default:
795 DPRINTF(port, "error: tried to process non-NCQ command as NCQ\n");
796 qemu_sglist_destroy(&ncq_tfs->sglist);
797 break;
798 }
799}
800
801static int handle_cmd(AHCIState *s, int port, int slot)
802{
803 IDEState *ide_state;
f6ad2e32
AG		 804 uint32_t opts;
805 uint64_t tbl_addr;
806 AHCICmdHdr *cmd;
807 uint8_t *cmd_fis;
808 target_phys_addr_t cmd_len;
809
810 if (s->dev[port].port.ifs[0].status & (BUSY_STAT|DRQ_STAT)) {
811 /* Engine currently busy, try again later */
812 DPRINTF(port, "engine busy\n");
813 return -1;
814 }
815
f6ad2e32
AG		 816 cmd = &((AHCICmdHdr *)s->dev[port].lst)[slot];
817
818 if (!s->dev[port].lst) {
819 DPRINTF(port, "error: lst not given but cmd handled");
820 return -1;
821 }
822
823 /* remember current slot handle for later */
824 s->dev[port].cur_cmd = cmd;
825
826 opts = le32_to_cpu(cmd->opts);
827 tbl_addr = le64_to_cpu(cmd->tbl_addr);
828
829 cmd_len = 0x80;
830 cmd_fis = cpu_physical_memory_map(tbl_addr, &cmd_len, 1);
831
832 if (!cmd_fis) {
833 DPRINTF(port, "error: guest passed us an invalid cmd fis\n");
834 return -1;
835 }
836
837 /* The device we are working for */
838 ide_state = &s->dev[port].port.ifs[0];
839
840 if (!ide_state->bs) {
841 DPRINTF(port, "error: guest accessed unused port");
842 goto out;
843 }
844
845 debug_print_fis(cmd_fis, 0x90);
846 //debug_print_fis(cmd_fis, (opts & AHCI_CMD_HDR_CMD_FIS_LEN) * 4);
847
848 switch (cmd_fis[0]) {
849 case SATA_FIS_TYPE_REGISTER_H2D:
850 break;
851 default:
852 DPRINTF(port, "unknown command cmd_fis[0]=%02x cmd_fis[1]=%02x "
853 "cmd_fis[2]=%02x\n", cmd_fis[0], cmd_fis[1],
854 cmd_fis[2]);
855 goto out;
856 break;
857 }
858
859 switch (cmd_fis[1]) {
860 case SATA_FIS_REG_H2D_UPDATE_COMMAND_REGISTER:
861 break;
862 case 0:
863 break;
864 default:
865 DPRINTF(port, "unknown command cmd_fis[0]=%02x cmd_fis[1]=%02x "
866 "cmd_fis[2]=%02x\n", cmd_fis[0], cmd_fis[1],
867 cmd_fis[2]);
868 goto out;
869 break;
870 }
871
872 switch (s->dev[port].port_state) {
873 case STATE_RUN:
874 if (cmd_fis[15] & ATA_SRST) {
875 s->dev[port].port_state = STATE_RESET;
876 }
877 break;
878 case STATE_RESET:
879 if (!(cmd_fis[15] & ATA_SRST)) {
880 ahci_reset_port(s, port);
881 }
882 break;
883 }
884
885 if (cmd_fis[1] == SATA_FIS_REG_H2D_UPDATE_COMMAND_REGISTER) {
886
887 /* Check for NCQ command */
888 if ((cmd_fis[2] == READ_FPDMA_QUEUED) ||
889 (cmd_fis[2] == WRITE_FPDMA_QUEUED)) {
890 process_ncq_command(s, port, cmd_fis, slot);
891 goto out;
892 }
893
894 /* Decompose the FIS */
895 ide_state->nsector = (int64_t)((cmd_fis[13] << 8) | cmd_fis[12]);
896 ide_state->feature = cmd_fis[3];
897 if (!ide_state->nsector) {
898 ide_state->nsector = 256;
899 }
900
901 if (ide_state->drive_kind != IDE_CD) {
902 ide_set_sector(ide_state, (cmd_fis[6] << 16) | (cmd_fis[5] << 8) |
903 cmd_fis[4]);
904 }
905
906 /* Copy the ACMD field (ATAPI packet, if any) from the AHCI command
907 * table to ide_state->io_buffer
908 */
909 if (opts & AHCI_CMD_ATAPI) {
910 memcpy(ide_state->io_buffer, &cmd_fis[AHCI_COMMAND_TABLE_ACMD], 0x10);
911 ide_state->lcyl = 0x14;
912 ide_state->hcyl = 0xeb;
913 debug_print_fis(ide_state->io_buffer, 0x10);
914 ide_state->feature = IDE_FEATURE_DMA;
915 s->dev[port].done_atapi_packet = 0;
916 /* XXX send PIO setup FIS */
917 }
918
919 ide_state->error = 0;
920
921 /* Reset transferred byte counter */
922 cmd->status = 0;
923
924 /* We're ready to process the command in FIS byte 2. */
925 ide_exec_cmd(&s->dev[port].port, cmd_fis[2]);
926
927 if (s->dev[port].port.ifs[0].status & READY_STAT) {
928 ahci_write_fis_d2h(&s->dev[port], cmd_fis);
929 }
930 }
931
932out:
fe6ceac8 933 cpu_physical_memory_unmap(cmd_fis, cmd_len, 1, cmd_len);
f6ad2e32
AG		 934
935 if (s->dev[port].port.ifs[0].status & (BUSY_STAT|DRQ_STAT)) {
936 /* async command, complete later */
937 s->dev[port].busy_slot = slot;
938 return -1;
939 }
940
941 /* done handling the command */
942 return 0;
943}
944
945/* DMA dev <-> ram */
946static int ahci_start_transfer(IDEDMA *dma)
947{
948 AHCIDevice *ad = DO_UPCAST(AHCIDevice, dma, dma);
949 IDEState *s = &ad->port.ifs[0];
950 uint32_t size = (uint32_t)(s->data_end - s->data_ptr);
951 /* write == ram -> device */
952 uint32_t opts = le32_to_cpu(ad->cur_cmd->opts);
953 int is_write = opts & AHCI_CMD_WRITE;
954 int is_atapi = opts & AHCI_CMD_ATAPI;
955 int has_sglist = 0;
956
957 if (is_atapi && !ad->done_atapi_packet) {
958 /* already prepopulated iobuffer */
959 ad->done_atapi_packet = 1;
960 goto out;
961 }
962
963 if (!ahci_populate_sglist(ad, &s->sg)) {
964 has_sglist = 1;
965 }
966
967 DPRINTF(ad->port_no, "%sing %d bytes on %s w/%s sglist\n",
968 is_write ? "writ" : "read", size, is_atapi ? "atapi" : "ata",
969 has_sglist ? "" : "o");
970
971 if (is_write && has_sglist && (s->data_ptr < s->data_end)) {
972 read_from_sglist(s->data_ptr, size, &s->sg);
973 }
974
975 if (!is_write && has_sglist && (s->data_ptr < s->data_end)) {
976 write_to_sglist(s->data_ptr, size, &s->sg);
977 }
978
979 /* update number of transferred bytes */
980 ad->cur_cmd->status = cpu_to_le32(le32_to_cpu(ad->cur_cmd->status) + size);
981
982out:
983 /* declare that we processed everything */
984 s->data_ptr = s->data_end;
985
986 if (has_sglist) {
987 qemu_sglist_destroy(&s->sg);
988 }
989
990 s->end_transfer_func(s);
991
992 if (!(s->status & DRQ_STAT)) {
993 /* done with DMA */
994 ahci_trigger_irq(ad->hba, ad, PORT_IRQ_STAT_DSS);
995 }
996
997 return 0;
998}
999
1000static void ahci_start_dma(IDEDMA *dma, IDEState *s,
1001 BlockDriverCompletionFunc *dma_cb)
1002{
1003 AHCIDevice *ad = DO_UPCAST(AHCIDevice, dma, dma);
1004
1005 DPRINTF(ad->port_no, "\n");
1006 ad->dma_cb = dma_cb;
1007 ad->dma_status |= BM_STATUS_DMAING;
1008 dma_cb(s, 0);
1009}
1010
1011static int ahci_dma_prepare_buf(IDEDMA *dma, int is_write)
1012{
1013 AHCIDevice *ad = DO_UPCAST(AHCIDevice, dma, dma);
1014 IDEState *s = &ad->port.ifs[0];
1015 int i;
1016
1017 ahci_populate_sglist(ad, &s->sg);
1018
1019 s->io_buffer_size = 0;
1020 for (i = 0; i < s->sg.nsg; i++) {
1021 s->io_buffer_size += s->sg.sg[i].len;
1022 }
1023
1024 DPRINTF(ad->port_no, "len=%#x\n", s->io_buffer_size);
1025 return s->io_buffer_size != 0;
1026}
1027
1028static int ahci_dma_rw_buf(IDEDMA *dma, int is_write)
1029{
1030 AHCIDevice *ad = DO_UPCAST(AHCIDevice, dma, dma);
1031 IDEState *s = &ad->port.ifs[0];
1032 uint8_t *p = s->io_buffer + s->io_buffer_index;
1033 int l = s->io_buffer_size - s->io_buffer_index;
1034
1035 if (ahci_populate_sglist(ad, &s->sg)) {
1036 return 0;
1037 }
1038
1039 if (is_write) {
1040 write_to_sglist(p, l, &s->sg);
1041 } else {
1042 read_from_sglist(p, l, &s->sg);
1043 }
1044
1045 /* update number of transferred bytes */
1046 ad->cur_cmd->status = cpu_to_le32(le32_to_cpu(ad->cur_cmd->status) + l);
1047 s->io_buffer_index += l;
1048
1049 DPRINTF(ad->port_no, "len=%#x\n", l);
1050
1051 return 1;
1052}
1053
1054static int ahci_dma_set_unit(IDEDMA *dma, int unit)
1055{
1056 /* only a single unit per link */
1057 return 0;
1058}
1059
1060static int ahci_dma_add_status(IDEDMA *dma, int status)
1061{
1062 AHCIDevice *ad = DO_UPCAST(AHCIDevice, dma, dma);
1063 ad->dma_status |= status;
1064 DPRINTF(ad->port_no, "set status: %x\n", status);
1065
1066 if (status & BM_STATUS_INT) {
1067 ahci_trigger_irq(ad->hba, ad, PORT_IRQ_STAT_DSS);
1068 }
1069
1070 return 0;
1071}
1072
1073static int ahci_dma_set_inactive(IDEDMA *dma)
1074{
1075 AHCIDevice *ad = DO_UPCAST(AHCIDevice, dma, dma);
1076
1077 DPRINTF(ad->port_no, "dma done\n");
1078
1079 /* update d2h status */
1080 ahci_write_fis_d2h(ad, NULL);
1081
1082 ad->dma_cb = NULL;
1083
1084 /* maybe we still have something to process, check later */
1085 ad->check_bh = qemu_bh_new(ahci_check_cmd_bh, ad);
1086 qemu_bh_schedule(ad->check_bh);
1087
1088 return 0;
1089}
1090
1091static void ahci_irq_set(void *opaque, int n, int level)
1092{
1093}
1094
1095static void ahci_dma_restart_cb(void *opaque, int running, int reason)
1096{
1097}
1098
1099static int ahci_dma_reset(IDEDMA *dma)
1100{
1101 return 0;
1102}
1103
1104static const IDEDMAOps ahci_dma_ops = {
1105 .start_dma = ahci_start_dma,
1106 .start_transfer = ahci_start_transfer,
1107 .prepare_buf = ahci_dma_prepare_buf,
1108 .rw_buf = ahci_dma_rw_buf,
1109 .set_unit = ahci_dma_set_unit,
1110 .add_status = ahci_dma_add_status,
1111 .set_inactive = ahci_dma_set_inactive,
1112 .restart_cb = ahci_dma_restart_cb,
1113 .reset = ahci_dma_reset,
1114};
1115
03c7a6a8 1116void ahci_init(AHCIState *s, DeviceState *qdev)
f6ad2e32
AG		 1117{
1118 qemu_irq *irqs;
1119 int i;
1120
1121 ahci_reg_init(s);
1122 s->mem = cpu_register_io_memory(ahci_readfn, ahci_writefn, s,
1123 DEVICE_LITTLE_ENDIAN);
1124 irqs = qemu_allocate_irqs(ahci_irq_set, s, SATA_PORTS);
1125
1126 for (i = 0; i < SATA_PORTS; i++) {
1127 AHCIDevice *ad = &s->dev[i];
1128
1129 ide_bus_new(&ad->port, qdev, i);
1130 ide_init2(&ad->port, irqs[i]);
1131
1132 ad->hba = s;
1133 ad->port_no = i;
1134 ad->port.dma = &ad->dma;
1135 ad->port.dma->ops = &ahci_dma_ops;
1136 ad->port_regs.cmd = PORT_CMD_SPIN_UP | PORT_CMD_POWER_ON;
1137 }
1138}
1139
03c7a6a8 1140void ahci_pci_map(PCIDevice *pci_dev, int region_num,
f6ad2e32
AG		 1141 pcibus_t addr, pcibus_t size, int type)
1142{
1143 struct AHCIPCIState *d = (struct AHCIPCIState *)pci_dev;
1144 AHCIState *s = &d->ahci;
1145
1146 cpu_register_physical_memory(addr, size, s->mem);
1147}
1148
03c7a6a8 1149void ahci_reset(void *opaque)
f6ad2e32
AG		 1150{
1151 struct AHCIPCIState *d = opaque;
1152 int i;
1153
1154 for (i = 0; i < SATA_PORTS; i++) {
1155 ahci_reset_port(&d->ahci, i);
1156 }
1157}
1158
1159static int pci_ahci_init(PCIDevice *dev)
1160{
1161 struct AHCIPCIState *d;
1162 d = DO_UPCAST(struct AHCIPCIState, card, dev);
1163
1164 pci_config_set_vendor_id(d->card.config, PCI_VENDOR_ID_INTEL);
1165 pci_config_set_device_id(d->card.config, PCI_DEVICE_ID_INTEL_82801IR);
1166
1167 pci_config_set_class(d->card.config, PCI_CLASS_STORAGE_SATA);
1168 pci_config_set_revision(d->card.config, 0x02);
1169 pci_config_set_prog_interface(d->card.config, AHCI_PROGMODE_MAJOR_REV_1);
1170
1171 d->card.config[PCI_CACHE_LINE_SIZE] = 0x08; /* Cache line size */
1172 d->card.config[PCI_LATENCY_TIMER] = 0x00; /* Latency timer */
1173 pci_config_set_interrupt_pin(d->card.config, 1);
1174
38a08f05
SH		 1175 /* XXX Software should program this register */
1176 d->card.config[0x90] = 1 << 6; /* Address Map Register - AHCI mode */
1177
f6ad2e32
AG		 1178 qemu_register_reset(ahci_reset, d);
1179
1180 /* XXX BAR size should be 1k, but that breaks, so bump it to 4k for now */
1181 pci_register_bar(&d->card, 5, 0x1000, PCI_BASE_ADDRESS_SPACE_MEMORY,
1182 ahci_pci_map);
1183
1184 msi_init(dev, 0x50, 1, true, false);
1185
1186 ahci_init(&d->ahci, &dev->qdev);
1187 d->ahci.irq = d->card.irq[0];
1188
1189 return 0;
1190}
1191
1192static int pci_ahci_uninit(PCIDevice *dev)
1193{
1194 struct AHCIPCIState *d;
1195 d = DO_UPCAST(struct AHCIPCIState, card, dev);
1196
1197 if (msi_enabled(dev)) {
1198 msi_uninit(dev);
1199 }
1200
1201 qemu_unregister_reset(ahci_reset, d);
1202
1203 return 0;
1204}
1205
1206static void pci_ahci_write_config(PCIDevice *pci, uint32_t addr,
1207 uint32_t val, int len)
1208{
1209 pci_default_write_config(pci, addr, val, len);
1210 msi_write_config(pci, addr, val, len);
1211}
1212
1213static PCIDeviceInfo ahci_info = {
1214 .qdev.name = "ahci",
1215 .qdev.size = sizeof(AHCIPCIState),
1216 .init = pci_ahci_init,
1217 .exit = pci_ahci_uninit,
1218 .config_write = pci_ahci_write_config,
1219};
1220
1221static void ahci_pci_register_devices(void)
1222{
1223 pci_qdev_register(&ahci_info);
1224}
1225
1226device_init(ahci_pci_register_devices)
QEMU mirror