1 /*- 2 * Copyright (c) 2013 Zhixiang Yu <zcore@freebsd.org> 3 * All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * 2. Redistributions in binary form must reproduce the above copyright 11 * notice, this list of conditions and the following disclaimer in the 12 * documentation and/or other materials provided with the distribution. 13 * 14 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND 15 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 16 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 17 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 18 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 19 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 20 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 21 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 22 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 23 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 24 * SUCH DAMAGE. 25 * 26 * $FreeBSD$ 27 */ 28 29 #include <sys/cdefs.h> 30 __FBSDID("$FreeBSD$"); 31 32 #include <sys/param.h> 33 #include <sys/linker_set.h> 34 #include <sys/stat.h> 35 #include <sys/uio.h> 36 #include <sys/ioctl.h> 37 #include <sys/disk.h> 38 #include <sys/ata.h> 39 #include <sys/endian.h> 40 41 #include <errno.h> 42 #include <fcntl.h> 43 #include <stdio.h> 44 #include <stdlib.h> 45 #include <stdint.h> 46 #include <string.h> 47 #include <strings.h> 48 #include <unistd.h> 49 #include <assert.h> 50 #include <pthread.h> 51 #include <pthread_np.h> 52 #include <inttypes.h> 53 54 #include "bhyverun.h" 55 #include "pci_emul.h" 56 #include "ahci.h" 57 #include "block_if.h" 58 59 #define MAX_PORTS 6 /* Intel ICH8 AHCI supports 6 ports */ 60 61 #define PxSIG_ATA 0x00000101 /* ATA drive */ 62 #define PxSIG_ATAPI 0xeb140101 /* ATAPI drive */ 63 64 enum sata_fis_type { 65 FIS_TYPE_REGH2D = 0x27, /* Register FIS - host to device */ 66 FIS_TYPE_REGD2H = 0x34, /* Register FIS - device to host */ 67 FIS_TYPE_DMAACT = 0x39, /* DMA activate FIS - device to host */ 68 FIS_TYPE_DMASETUP = 0x41, /* DMA setup FIS - bidirectional */ 69 FIS_TYPE_DATA = 0x46, /* Data FIS - bidirectional */ 70 FIS_TYPE_BIST = 0x58, /* BIST activate FIS - bidirectional */ 71 FIS_TYPE_PIOSETUP = 0x5F, /* PIO setup FIS - device to host */ 72 FIS_TYPE_SETDEVBITS = 0xA1, /* Set dev bits FIS - device to host */ 73 }; 74 75 /* 76 * SCSI opcodes 77 */ 78 #define TEST_UNIT_READY 0x00 79 #define REQUEST_SENSE 0x03 80 #define INQUIRY 0x12 81 #define START_STOP_UNIT 0x1B 82 #define PREVENT_ALLOW 0x1E 83 #define READ_CAPACITY 0x25 84 #define READ_10 0x28 85 #define POSITION_TO_ELEMENT 0x2B 86 #define READ_TOC 0x43 87 #define GET_EVENT_STATUS_NOTIFICATION 0x4A 88 #define MODE_SENSE_10 0x5A 89 #define READ_12 0xA8 90 #define READ_CD 0xBE 91 92 /* 93 * SCSI mode page codes 94 */ 95 #define MODEPAGE_RW_ERROR_RECOVERY 0x01 96 #define MODEPAGE_CD_CAPABILITIES 0x2A 97 98 /* 99 * ATA commands 100 */ 101 #define ATA_SF_ENAB_SATA_SF 0x10 102 #define ATA_SATA_SF_AN 0x05 103 #define ATA_SF_DIS_SATA_SF 0x90 104 105 /* 106 * Debug printf 107 */ 108 #ifdef AHCI_DEBUG 109 static FILE *dbg; 110 #define DPRINTF(format, arg...) do{fprintf(dbg, format, ##arg);fflush(dbg);}while(0) 111 #else 112 #define DPRINTF(format, arg...) 113 #endif 114 #define WPRINTF(format, arg...) printf(format, ##arg) 115 116 struct ahci_ioreq { 117 struct blockif_req io_req; 118 struct ahci_port *io_pr; 119 STAILQ_ENTRY(ahci_ioreq) io_flist; 120 TAILQ_ENTRY(ahci_ioreq) io_blist; 121 uint8_t *cfis; 122 uint32_t len; 123 uint32_t done; 124 int slot; 125 int prdtl; 126 }; 127 128 struct ahci_port { 129 struct blockif_ctxt *bctx; 130 struct pci_ahci_softc *pr_sc; 131 uint8_t *cmd_lst; 132 uint8_t *rfis; 133 int atapi; 134 int reset; 135 int mult_sectors; 136 uint8_t xfermode; 137 uint8_t sense_key; 138 uint8_t asc; 139 uint32_t pending; 140 141 uint32_t clb; 142 uint32_t clbu; 143 uint32_t fb; 144 uint32_t fbu; 145 uint32_t is; 146 uint32_t ie; 147 uint32_t cmd; 148 uint32_t unused0; 149 uint32_t tfd; 150 uint32_t sig; 151 uint32_t ssts; 152 uint32_t sctl; 153 uint32_t serr; 154 uint32_t sact; 155 uint32_t ci; 156 uint32_t sntf; 157 uint32_t fbs; 158 159 /* 160 * i/o request info 161 */ 162 struct ahci_ioreq *ioreq; 163 int ioqsz; 164 STAILQ_HEAD(ahci_fhead, ahci_ioreq) iofhd; 165 TAILQ_HEAD(ahci_bhead, ahci_ioreq) iobhd; 166 }; 167 168 struct ahci_cmd_hdr { 169 uint16_t flags; 170 uint16_t prdtl; 171 uint32_t prdbc; 172 uint64_t ctba; 173 uint32_t reserved[4]; 174 }; 175 176 struct ahci_prdt_entry { 177 uint64_t dba; 178 uint32_t reserved; 179 #define DBCMASK 0x3fffff 180 uint32_t dbc; 181 }; 182 183 struct pci_ahci_softc { 184 struct pci_devinst *asc_pi; 185 pthread_mutex_t mtx; 186 int ports; 187 uint32_t cap; 188 uint32_t ghc; 189 uint32_t is; 190 uint32_t pi; 191 uint32_t vs; 192 uint32_t ccc_ctl; 193 uint32_t ccc_pts; 194 uint32_t em_loc; 195 uint32_t em_ctl; 196 uint32_t cap2; 197 uint32_t bohc; 198 uint32_t lintr; 199 struct ahci_port port[MAX_PORTS]; 200 }; 201 #define ahci_ctx(sc) ((sc)->asc_pi->pi_vmctx) 202 203 static inline void lba_to_msf(uint8_t *buf, int lba) 204 { 205 lba += 150; 206 buf[0] = (lba / 75) / 60; 207 buf[1] = (lba / 75) % 60; 208 buf[2] = lba % 75; 209 } 210 211 /* 212 * generate HBA intr depending on whether or not ports within 213 * the controller have an interrupt pending. 214 */ 215 static void 216 ahci_generate_intr(struct pci_ahci_softc *sc) 217 { 218 struct pci_devinst *pi; 219 int i; 220 221 pi = sc->asc_pi; 222 223 for (i = 0; i < sc->ports; i++) { 224 struct ahci_port *pr; 225 pr = &sc->port[i]; 226 if (pr->is & pr->ie) 227 sc->is |= (1 << i); 228 } 229 230 DPRINTF("%s %x\n", __func__, sc->is); 231 232 if (sc->is && (sc->ghc & AHCI_GHC_IE)) { 233 if (pci_msi_enabled(pi)) { 234 /* 235 * Generate an MSI interrupt on every edge 236 */ 237 pci_generate_msi(pi, 0); 238 } else if (!sc->lintr) { 239 /* 240 * Only generate a pin-based interrupt if one wasn't 241 * in progress 242 */ 243 sc->lintr = 1; 244 pci_lintr_assert(pi); 245 } 246 } else if (sc->lintr) { 247 /* 248 * No interrupts: deassert pin-based signal if it had 249 * been asserted 250 */ 251 pci_lintr_deassert(pi); 252 sc->lintr = 0; 253 } 254 } 255 256 static void 257 ahci_write_fis(struct ahci_port *p, enum sata_fis_type ft, uint8_t *fis) 258 { 259 int offset, len, irq; 260 261 if (p->rfis == NULL || !(p->cmd & AHCI_P_CMD_FRE)) 262 return; 263 264 switch (ft) { 265 case FIS_TYPE_REGD2H: 266 offset = 0x40; 267 len = 20; 268 irq = AHCI_P_IX_DHR; 269 break; 270 case FIS_TYPE_SETDEVBITS: 271 offset = 0x58; 272 len = 8; 273 irq = AHCI_P_IX_SDB; 274 break; 275 case FIS_TYPE_PIOSETUP: 276 offset = 0x20; 277 len = 20; 278 irq = 0; 279 break; 280 default: 281 WPRINTF("unsupported fis type %d\n", ft); 282 return; 283 } 284 memcpy(p->rfis + offset, fis, len); 285 if (irq) { 286 p->is |= irq; 287 ahci_generate_intr(p->pr_sc); 288 } 289 } 290 291 static void 292 ahci_write_fis_piosetup(struct ahci_port *p) 293 { 294 uint8_t fis[20]; 295 296 memset(fis, 0, sizeof(fis)); 297 fis[0] = FIS_TYPE_PIOSETUP; 298 ahci_write_fis(p, FIS_TYPE_PIOSETUP, fis); 299 } 300 301 static void 302 ahci_write_fis_sdb(struct ahci_port *p, int slot, uint32_t tfd) 303 { 304 uint8_t fis[8]; 305 uint8_t error; 306 307 error = (tfd >> 8) & 0xff; 308 memset(fis, 0, sizeof(fis)); 309 fis[0] = error; 310 fis[2] = tfd & 0x77; 311 *(uint32_t *)(fis + 4) = (1 << slot); 312 if (fis[2] & ATA_S_ERROR) 313 p->is |= AHCI_P_IX_TFE; 314 p->tfd = tfd; 315 ahci_write_fis(p, FIS_TYPE_SETDEVBITS, fis); 316 } 317 318 static void 319 ahci_write_fis_d2h(struct ahci_port *p, int slot, uint8_t *cfis, uint32_t tfd) 320 { 321 uint8_t fis[20]; 322 uint8_t error; 323 324 error = (tfd >> 8) & 0xff; 325 memset(fis, 0, sizeof(fis)); 326 fis[0] = FIS_TYPE_REGD2H; 327 fis[1] = (1 << 6); 328 fis[2] = tfd & 0xff; 329 fis[3] = error; 330 fis[4] = cfis[4]; 331 fis[5] = cfis[5]; 332 fis[6] = cfis[6]; 333 fis[7] = cfis[7]; 334 fis[8] = cfis[8]; 335 fis[9] = cfis[9]; 336 fis[10] = cfis[10]; 337 fis[11] = cfis[11]; 338 fis[12] = cfis[12]; 339 fis[13] = cfis[13]; 340 if (fis[2] & ATA_S_ERROR) 341 p->is |= AHCI_P_IX_TFE; 342 else 343 p->ci &= ~(1 << slot); 344 p->tfd = tfd; 345 ahci_write_fis(p, FIS_TYPE_REGD2H, fis); 346 } 347 348 static void 349 ahci_write_reset_fis_d2h(struct ahci_port *p) 350 { 351 uint8_t fis[20]; 352 353 memset(fis, 0, sizeof(fis)); 354 fis[0] = FIS_TYPE_REGD2H; 355 fis[3] = 1; 356 fis[4] = 1; 357 if (p->atapi) { 358 fis[5] = 0x14; 359 fis[6] = 0xeb; 360 } 361 fis[12] = 1; 362 ahci_write_fis(p, FIS_TYPE_REGD2H, fis); 363 } 364 365 static void 366 ahci_check_stopped(struct ahci_port *p) 367 { 368 /* 369 * If we are no longer processing the command list and nothing 370 * is in-flight, clear the running bit, the current command 371 * slot, the command issue and active bits. 372 */ 373 if (!(p->cmd & AHCI_P_CMD_ST)) { 374 if (p->pending == 0) { 375 p->cmd &= ~(AHCI_P_CMD_CR | AHCI_P_CMD_CCS_MASK); 376 p->ci = 0; 377 p->sact = 0; 378 } 379 } 380 } 381 382 static void 383 ahci_port_stop(struct ahci_port *p) 384 { 385 struct ahci_ioreq *aior; 386 uint8_t *cfis; 387 int slot; 388 int ncq; 389 int error; 390 391 assert(pthread_mutex_isowned_np(&p->pr_sc->mtx)); 392 393 TAILQ_FOREACH(aior, &p->iobhd, io_blist) { 394 /* 395 * Try to cancel the outstanding blockif request. 396 */ 397 error = blockif_cancel(p->bctx, &aior->io_req); 398 if (error != 0) 399 continue; 400 401 slot = aior->slot; 402 cfis = aior->cfis; 403 if (cfis[2] == ATA_WRITE_FPDMA_QUEUED || 404 cfis[2] == ATA_READ_FPDMA_QUEUED) 405 ncq = 1; 406 407 if (ncq) 408 p->sact &= ~(1 << slot); 409 else 410 p->ci &= ~(1 << slot); 411 412 /* 413 * This command is now done. 414 */ 415 p->pending &= ~(1 << slot); 416 417 /* 418 * Delete the blockif request from the busy list 419 */ 420 TAILQ_REMOVE(&p->iobhd, aior, io_blist); 421 422 /* 423 * Move the blockif request back to the free list 424 */ 425 STAILQ_INSERT_TAIL(&p->iofhd, aior, io_flist); 426 } 427 428 ahci_check_stopped(p); 429 } 430 431 static void 432 ahci_port_reset(struct ahci_port *pr) 433 { 434 pr->sctl = 0; 435 pr->serr = 0; 436 pr->sact = 0; 437 pr->xfermode = ATA_UDMA6; 438 pr->mult_sectors = 128; 439 440 if (!pr->bctx) { 441 pr->ssts = ATA_SS_DET_NO_DEVICE; 442 pr->sig = 0xFFFFFFFF; 443 pr->tfd = 0x7F; 444 return; 445 } 446 pr->ssts = ATA_SS_DET_PHY_ONLINE | ATA_SS_SPD_GEN2 | 447 ATA_SS_IPM_ACTIVE; 448 pr->tfd = (1 << 8) | ATA_S_DSC | ATA_S_DMA; 449 if (!pr->atapi) { 450 pr->sig = PxSIG_ATA; 451 pr->tfd |= ATA_S_READY; 452 } else 453 pr->sig = PxSIG_ATAPI; 454 ahci_write_reset_fis_d2h(pr); 455 } 456 457 static void 458 ahci_reset(struct pci_ahci_softc *sc) 459 { 460 int i; 461 462 sc->ghc = AHCI_GHC_AE; 463 sc->is = 0; 464 465 if (sc->lintr) { 466 pci_lintr_deassert(sc->asc_pi); 467 sc->lintr = 0; 468 } 469 470 for (i = 0; i < sc->ports; i++) { 471 sc->port[i].ie = 0; 472 sc->port[i].is = 0; 473 ahci_port_reset(&sc->port[i]); 474 } 475 } 476 477 static void 478 ata_string(uint8_t *dest, const char *src, int len) 479 { 480 int i; 481 482 for (i = 0; i < len; i++) { 483 if (*src) 484 dest[i ^ 1] = *src++; 485 else 486 dest[i ^ 1] = ' '; 487 } 488 } 489 490 static void 491 atapi_string(uint8_t *dest, const char *src, int len) 492 { 493 int i; 494 495 for (i = 0; i < len; i++) { 496 if (*src) 497 dest[i] = *src++; 498 else 499 dest[i] = ' '; 500 } 501 } 502 503 static void 504 ahci_handle_dma(struct ahci_port *p, int slot, uint8_t *cfis, uint32_t done, 505 int seek) 506 { 507 struct ahci_ioreq *aior; 508 struct blockif_req *breq; 509 struct pci_ahci_softc *sc; 510 struct ahci_prdt_entry *prdt; 511 struct ahci_cmd_hdr *hdr; 512 uint64_t lba; 513 uint32_t len; 514 int i, err, iovcnt, ncq, readop; 515 516 sc = p->pr_sc; 517 prdt = (struct ahci_prdt_entry *)(cfis + 0x80); 518 hdr = (struct ahci_cmd_hdr *)(p->cmd_lst + slot * AHCI_CL_SIZE); 519 ncq = 0; 520 readop = 1; 521 522 prdt += seek; 523 if (cfis[2] == ATA_WRITE_DMA || cfis[2] == ATA_WRITE_DMA48 || 524 cfis[2] == ATA_WRITE_FPDMA_QUEUED) 525 readop = 0; 526 527 if (cfis[2] == ATA_WRITE_FPDMA_QUEUED || 528 cfis[2] == ATA_READ_FPDMA_QUEUED) { 529 lba = ((uint64_t)cfis[10] << 40) | 530 ((uint64_t)cfis[9] << 32) | 531 ((uint64_t)cfis[8] << 24) | 532 ((uint64_t)cfis[6] << 16) | 533 ((uint64_t)cfis[5] << 8) | 534 cfis[4]; 535 len = cfis[11] << 8 | cfis[3]; 536 if (!len) 537 len = 65536; 538 ncq = 1; 539 } else if (cfis[2] == ATA_READ_DMA48 || cfis[2] == ATA_WRITE_DMA48) { 540 lba = ((uint64_t)cfis[10] << 40) | 541 ((uint64_t)cfis[9] << 32) | 542 ((uint64_t)cfis[8] << 24) | 543 ((uint64_t)cfis[6] << 16) | 544 ((uint64_t)cfis[5] << 8) | 545 cfis[4]; 546 len = cfis[13] << 8 | cfis[12]; 547 if (!len) 548 len = 65536; 549 } else { 550 lba = ((cfis[7] & 0xf) << 24) | (cfis[6] << 16) | 551 (cfis[5] << 8) | cfis[4]; 552 len = cfis[12]; 553 if (!len) 554 len = 256; 555 } 556 lba *= blockif_sectsz(p->bctx); 557 len *= blockif_sectsz(p->bctx); 558 559 /* 560 * Pull request off free list 561 */ 562 aior = STAILQ_FIRST(&p->iofhd); 563 assert(aior != NULL); 564 STAILQ_REMOVE_HEAD(&p->iofhd, io_flist); 565 aior->cfis = cfis; 566 aior->slot = slot; 567 aior->len = len; 568 aior->done = done; 569 breq = &aior->io_req; 570 breq->br_offset = lba + done; 571 iovcnt = hdr->prdtl - seek; 572 if (iovcnt > BLOCKIF_IOV_MAX) { 573 aior->prdtl = iovcnt - BLOCKIF_IOV_MAX; 574 iovcnt = BLOCKIF_IOV_MAX; 575 } else 576 aior->prdtl = 0; 577 breq->br_iovcnt = iovcnt; 578 579 /* 580 * Mark this command in-flight. 581 */ 582 p->pending |= 1 << slot; 583 584 /* 585 * Stuff request onto busy list 586 */ 587 TAILQ_INSERT_HEAD(&p->iobhd, aior, io_blist); 588 589 /* 590 * Build up the iovec based on the prdt 591 */ 592 for (i = 0; i < iovcnt; i++) { 593 uint32_t dbcsz; 594 595 dbcsz = (prdt->dbc & DBCMASK) + 1; 596 breq->br_iov[i].iov_base = paddr_guest2host(ahci_ctx(sc), 597 prdt->dba, dbcsz); 598 breq->br_iov[i].iov_len = dbcsz; 599 aior->done += dbcsz; 600 prdt++; 601 } 602 if (readop) 603 err = blockif_read(p->bctx, breq); 604 else 605 err = blockif_write(p->bctx, breq); 606 assert(err == 0); 607 608 if (ncq) 609 p->ci &= ~(1 << slot); 610 } 611 612 static void 613 ahci_handle_flush(struct ahci_port *p, int slot, uint8_t *cfis) 614 { 615 struct ahci_ioreq *aior; 616 struct blockif_req *breq; 617 int err; 618 619 /* 620 * Pull request off free list 621 */ 622 aior = STAILQ_FIRST(&p->iofhd); 623 assert(aior != NULL); 624 STAILQ_REMOVE_HEAD(&p->iofhd, io_flist); 625 aior->cfis = cfis; 626 aior->slot = slot; 627 aior->len = 0; 628 aior->done = 0; 629 aior->prdtl = 0; 630 breq = &aior->io_req; 631 632 /* 633 * Mark this command in-flight. 634 */ 635 p->pending |= 1 << slot; 636 637 /* 638 * Stuff request onto busy list 639 */ 640 TAILQ_INSERT_HEAD(&p->iobhd, aior, io_blist); 641 642 err = blockif_flush(p->bctx, breq); 643 assert(err == 0); 644 } 645 646 static inline void 647 write_prdt(struct ahci_port *p, int slot, uint8_t *cfis, 648 void *buf, int size) 649 { 650 struct ahci_cmd_hdr *hdr; 651 struct ahci_prdt_entry *prdt; 652 void *from; 653 int i, len; 654 655 hdr = (struct ahci_cmd_hdr *)(p->cmd_lst + slot * AHCI_CL_SIZE); 656 len = size; 657 from = buf; 658 prdt = (struct ahci_prdt_entry *)(cfis + 0x80); 659 for (i = 0; i < hdr->prdtl && len; i++) { 660 uint8_t *ptr; 661 uint32_t dbcsz; 662 int sublen; 663 664 dbcsz = (prdt->dbc & DBCMASK) + 1; 665 ptr = paddr_guest2host(ahci_ctx(p->pr_sc), prdt->dba, dbcsz); 666 sublen = len < dbcsz ? len : dbcsz; 667 memcpy(ptr, from, sublen); 668 len -= sublen; 669 from += sublen; 670 prdt++; 671 } 672 hdr->prdbc = size - len; 673 } 674 675 static void 676 handle_identify(struct ahci_port *p, int slot, uint8_t *cfis) 677 { 678 struct ahci_cmd_hdr *hdr; 679 680 hdr = (struct ahci_cmd_hdr *)(p->cmd_lst + slot * AHCI_CL_SIZE); 681 if (p->atapi || hdr->prdtl == 0) { 682 p->tfd = (ATA_E_ABORT << 8) | ATA_S_READY | ATA_S_ERROR; 683 p->is |= AHCI_P_IX_TFE; 684 } else { 685 uint16_t buf[256]; 686 uint64_t sectors; 687 uint16_t cyl; 688 uint8_t sech, heads; 689 690 sectors = blockif_size(p->bctx) / blockif_sectsz(p->bctx); 691 blockif_chs(p->bctx, &cyl, &heads, &sech); 692 memset(buf, 0, sizeof(buf)); 693 buf[0] = 0x0040; 694 buf[1] = cyl; 695 buf[3] = heads; 696 buf[6] = sech; 697 /* TODO emulate different serial? */ 698 ata_string((uint8_t *)(buf+10), "123456", 20); 699 ata_string((uint8_t *)(buf+23), "001", 8); 700 ata_string((uint8_t *)(buf+27), "BHYVE SATA DISK", 40); 701 buf[47] = (0x8000 | 128); 702 buf[48] = 0x1; 703 buf[49] = (1 << 8 | 1 << 9 | 1 << 11); 704 buf[50] = (1 << 14); 705 buf[53] = (1 << 1 | 1 << 2); 706 if (p->mult_sectors) 707 buf[59] = (0x100 | p->mult_sectors); 708 buf[60] = sectors; 709 buf[61] = (sectors >> 16); 710 buf[63] = 0x7; 711 if (p->xfermode & ATA_WDMA0) 712 buf[63] |= (1 << ((p->xfermode & 7) + 8)); 713 buf[64] = 0x3; 714 buf[65] = 100; 715 buf[66] = 100; 716 buf[67] = 100; 717 buf[68] = 100; 718 buf[75] = 31; 719 buf[76] = (1 << 8 | 1 << 2); 720 buf[80] = 0x1f0; 721 buf[81] = 0x28; 722 buf[82] = (1 << 5 | 1 << 14); 723 buf[83] = (1 << 10 | 1 << 12 | 1 << 13 | 1 << 14); 724 buf[84] = (1 << 14); 725 buf[85] = (1 << 5 | 1 << 14); 726 buf[86] = (1 << 10 | 1 << 12 | 1 << 13); 727 buf[87] = (1 << 14); 728 buf[88] = 0x7f; 729 if (p->xfermode & ATA_UDMA0) 730 buf[88] |= (1 << ((p->xfermode & 7) + 8)); 731 buf[93] = (1 | 1 <<14); 732 buf[100] = sectors; 733 buf[101] = (sectors >> 16); 734 buf[102] = (sectors >> 32); 735 buf[103] = (sectors >> 48); 736 ahci_write_fis_piosetup(p); 737 write_prdt(p, slot, cfis, (void *)buf, sizeof(buf)); 738 p->tfd = ATA_S_DSC | ATA_S_READY; 739 p->is |= AHCI_P_IX_DP; 740 p->ci &= ~(1 << slot); 741 } 742 ahci_generate_intr(p->pr_sc); 743 } 744 745 static void 746 handle_atapi_identify(struct ahci_port *p, int slot, uint8_t *cfis) 747 { 748 if (!p->atapi) { 749 p->tfd = (ATA_E_ABORT << 8) | ATA_S_READY | ATA_S_ERROR; 750 p->is |= AHCI_P_IX_TFE; 751 } else { 752 uint16_t buf[256]; 753 754 memset(buf, 0, sizeof(buf)); 755 buf[0] = (2 << 14 | 5 << 8 | 1 << 7 | 2 << 5); 756 /* TODO emulate different serial? */ 757 ata_string((uint8_t *)(buf+10), "123456", 20); 758 ata_string((uint8_t *)(buf+23), "001", 8); 759 ata_string((uint8_t *)(buf+27), "BHYVE SATA DVD ROM", 40); 760 buf[49] = (1 << 9 | 1 << 8); 761 buf[50] = (1 << 14 | 1); 762 buf[53] = (1 << 2 | 1 << 1); 763 buf[62] = 0x3f; 764 buf[63] = 7; 765 buf[64] = 3; 766 buf[65] = 100; 767 buf[66] = 100; 768 buf[67] = 100; 769 buf[68] = 100; 770 buf[76] = (1 << 2 | 1 << 1); 771 buf[78] = (1 << 5); 772 buf[80] = (0x1f << 4); 773 buf[82] = (1 << 4); 774 buf[83] = (1 << 14); 775 buf[84] = (1 << 14); 776 buf[85] = (1 << 4); 777 buf[87] = (1 << 14); 778 buf[88] = (1 << 14 | 0x7f); 779 ahci_write_fis_piosetup(p); 780 write_prdt(p, slot, cfis, (void *)buf, sizeof(buf)); 781 p->tfd = ATA_S_DSC | ATA_S_READY; 782 p->is |= AHCI_P_IX_DHR; 783 p->ci &= ~(1 << slot); 784 } 785 ahci_generate_intr(p->pr_sc); 786 } 787 788 static void 789 atapi_inquiry(struct ahci_port *p, int slot, uint8_t *cfis) 790 { 791 uint8_t buf[36]; 792 uint8_t *acmd; 793 int len; 794 795 acmd = cfis + 0x40; 796 797 buf[0] = 0x05; 798 buf[1] = 0x80; 799 buf[2] = 0x00; 800 buf[3] = 0x21; 801 buf[4] = 31; 802 buf[5] = 0; 803 buf[6] = 0; 804 buf[7] = 0; 805 atapi_string(buf + 8, "BHYVE", 8); 806 atapi_string(buf + 16, "BHYVE DVD-ROM", 16); 807 atapi_string(buf + 32, "001", 4); 808 809 len = sizeof(buf); 810 if (len > acmd[4]) 811 len = acmd[4]; 812 cfis[4] = (cfis[4] & ~7) | ATA_I_CMD | ATA_I_IN; 813 write_prdt(p, slot, cfis, buf, len); 814 ahci_write_fis_d2h(p, slot, cfis, ATA_S_READY | ATA_S_DSC); 815 } 816 817 static void 818 atapi_read_capacity(struct ahci_port *p, int slot, uint8_t *cfis) 819 { 820 uint8_t buf[8]; 821 uint64_t sectors; 822 823 sectors = blockif_size(p->bctx) / 2048; 824 be32enc(buf, sectors - 1); 825 be32enc(buf + 4, 2048); 826 cfis[4] = (cfis[4] & ~7) | ATA_I_CMD | ATA_I_IN; 827 write_prdt(p, slot, cfis, buf, sizeof(buf)); 828 ahci_write_fis_d2h(p, slot, cfis, ATA_S_READY | ATA_S_DSC); 829 } 830 831 static void 832 atapi_read_toc(struct ahci_port *p, int slot, uint8_t *cfis) 833 { 834 uint8_t *acmd; 835 uint8_t format; 836 int len; 837 838 acmd = cfis + 0x40; 839 840 len = be16dec(acmd + 7); 841 format = acmd[9] >> 6; 842 switch (format) { 843 case 0: 844 { 845 int msf, size; 846 uint64_t sectors; 847 uint8_t start_track, buf[20], *bp; 848 849 msf = (acmd[1] >> 1) & 1; 850 start_track = acmd[6]; 851 if (start_track > 1 && start_track != 0xaa) { 852 uint32_t tfd; 853 p->sense_key = ATA_SENSE_ILLEGAL_REQUEST; 854 p->asc = 0x24; 855 tfd = (p->sense_key << 12) | ATA_S_READY | ATA_S_ERROR; 856 cfis[4] = (cfis[4] & ~7) | ATA_I_CMD | ATA_I_IN; 857 ahci_write_fis_d2h(p, slot, cfis, tfd); 858 return; 859 } 860 bp = buf + 2; 861 *bp++ = 1; 862 *bp++ = 1; 863 if (start_track <= 1) { 864 *bp++ = 0; 865 *bp++ = 0x14; 866 *bp++ = 1; 867 *bp++ = 0; 868 if (msf) { 869 *bp++ = 0; 870 lba_to_msf(bp, 0); 871 bp += 3; 872 } else { 873 *bp++ = 0; 874 *bp++ = 0; 875 *bp++ = 0; 876 *bp++ = 0; 877 } 878 } 879 *bp++ = 0; 880 *bp++ = 0x14; 881 *bp++ = 0xaa; 882 *bp++ = 0; 883 sectors = blockif_size(p->bctx) / blockif_sectsz(p->bctx); 884 sectors >>= 2; 885 if (msf) { 886 *bp++ = 0; 887 lba_to_msf(bp, sectors); 888 bp += 3; 889 } else { 890 be32enc(bp, sectors); 891 bp += 4; 892 } 893 size = bp - buf; 894 be16enc(buf, size - 2); 895 if (len > size) 896 len = size; 897 write_prdt(p, slot, cfis, buf, len); 898 cfis[4] = (cfis[4] & ~7) | ATA_I_CMD | ATA_I_IN; 899 ahci_write_fis_d2h(p, slot, cfis, ATA_S_READY | ATA_S_DSC); 900 break; 901 } 902 case 1: 903 { 904 uint8_t buf[12]; 905 906 memset(buf, 0, sizeof(buf)); 907 buf[1] = 0xa; 908 buf[2] = 0x1; 909 buf[3] = 0x1; 910 if (len > sizeof(buf)) 911 len = sizeof(buf); 912 write_prdt(p, slot, cfis, buf, len); 913 cfis[4] = (cfis[4] & ~7) | ATA_I_CMD | ATA_I_IN; 914 ahci_write_fis_d2h(p, slot, cfis, ATA_S_READY | ATA_S_DSC); 915 break; 916 } 917 case 2: 918 { 919 int msf, size; 920 uint64_t sectors; 921 uint8_t start_track, *bp, buf[50]; 922 923 msf = (acmd[1] >> 1) & 1; 924 start_track = acmd[6]; 925 bp = buf + 2; 926 *bp++ = 1; 927 *bp++ = 1; 928 929 *bp++ = 1; 930 *bp++ = 0x14; 931 *bp++ = 0; 932 *bp++ = 0xa0; 933 *bp++ = 0; 934 *bp++ = 0; 935 *bp++ = 0; 936 *bp++ = 0; 937 *bp++ = 1; 938 *bp++ = 0; 939 *bp++ = 0; 940 941 *bp++ = 1; 942 *bp++ = 0x14; 943 *bp++ = 0; 944 *bp++ = 0xa1; 945 *bp++ = 0; 946 *bp++ = 0; 947 *bp++ = 0; 948 *bp++ = 0; 949 *bp++ = 1; 950 *bp++ = 0; 951 *bp++ = 0; 952 953 *bp++ = 1; 954 *bp++ = 0x14; 955 *bp++ = 0; 956 *bp++ = 0xa2; 957 *bp++ = 0; 958 *bp++ = 0; 959 *bp++ = 0; 960 sectors = blockif_size(p->bctx) / blockif_sectsz(p->bctx); 961 sectors >>= 2; 962 if (msf) { 963 *bp++ = 0; 964 lba_to_msf(bp, sectors); 965 bp += 3; 966 } else { 967 be32enc(bp, sectors); 968 bp += 4; 969 } 970 971 *bp++ = 1; 972 *bp++ = 0x14; 973 *bp++ = 0; 974 *bp++ = 1; 975 *bp++ = 0; 976 *bp++ = 0; 977 *bp++ = 0; 978 if (msf) { 979 *bp++ = 0; 980 lba_to_msf(bp, 0); 981 bp += 3; 982 } else { 983 *bp++ = 0; 984 *bp++ = 0; 985 *bp++ = 0; 986 *bp++ = 0; 987 } 988 989 size = bp - buf; 990 be16enc(buf, size - 2); 991 if (len > size) 992 len = size; 993 write_prdt(p, slot, cfis, buf, len); 994 cfis[4] = (cfis[4] & ~7) | ATA_I_CMD | ATA_I_IN; 995 ahci_write_fis_d2h(p, slot, cfis, ATA_S_READY | ATA_S_DSC); 996 break; 997 } 998 default: 999 { 1000 uint32_t tfd; 1001 1002 p->sense_key = ATA_SENSE_ILLEGAL_REQUEST; 1003 p->asc = 0x24; 1004 tfd = (p->sense_key << 12) | ATA_S_READY | ATA_S_ERROR; 1005 cfis[4] = (cfis[4] & ~7) | ATA_I_CMD | ATA_I_IN; 1006 ahci_write_fis_d2h(p, slot, cfis, tfd); 1007 break; 1008 } 1009 } 1010 } 1011 1012 static void 1013 atapi_read(struct ahci_port *p, int slot, uint8_t *cfis, 1014 uint32_t done, int seek) 1015 { 1016 struct ahci_ioreq *aior; 1017 struct ahci_cmd_hdr *hdr; 1018 struct ahci_prdt_entry *prdt; 1019 struct blockif_req *breq; 1020 struct pci_ahci_softc *sc; 1021 uint8_t *acmd; 1022 uint64_t lba; 1023 uint32_t len; 1024 int i, err, iovcnt; 1025 1026 sc = p->pr_sc; 1027 acmd = cfis + 0x40; 1028 hdr = (struct ahci_cmd_hdr *)(p->cmd_lst + slot * AHCI_CL_SIZE); 1029 prdt = (struct ahci_prdt_entry *)(cfis + 0x80); 1030 1031 prdt += seek; 1032 lba = be32dec(acmd + 2); 1033 if (acmd[0] == READ_10) 1034 len = be16dec(acmd + 7); 1035 else 1036 len = be32dec(acmd + 6); 1037 if (len == 0) { 1038 cfis[4] = (cfis[4] & ~7) | ATA_I_CMD | ATA_I_IN; 1039 ahci_write_fis_d2h(p, slot, cfis, ATA_S_READY | ATA_S_DSC); 1040 } 1041 lba *= 2048; 1042 len *= 2048; 1043 1044 /* 1045 * Pull request off free list 1046 */ 1047 aior = STAILQ_FIRST(&p->iofhd); 1048 assert(aior != NULL); 1049 STAILQ_REMOVE_HEAD(&p->iofhd, io_flist); 1050 aior->cfis = cfis; 1051 aior->slot = slot; 1052 aior->len = len; 1053 aior->done = done; 1054 breq = &aior->io_req; 1055 breq->br_offset = lba + done; 1056 iovcnt = hdr->prdtl - seek; 1057 if (iovcnt > BLOCKIF_IOV_MAX) { 1058 aior->prdtl = iovcnt - BLOCKIF_IOV_MAX; 1059 iovcnt = BLOCKIF_IOV_MAX; 1060 } else 1061 aior->prdtl = 0; 1062 breq->br_iovcnt = iovcnt; 1063 1064 /* 1065 * Mark this command in-flight. 1066 */ 1067 p->pending |= 1 << slot; 1068 1069 /* 1070 * Stuff request onto busy list 1071 */ 1072 TAILQ_INSERT_HEAD(&p->iobhd, aior, io_blist); 1073 1074 /* 1075 * Build up the iovec based on the prdt 1076 */ 1077 for (i = 0; i < iovcnt; i++) { 1078 uint32_t dbcsz; 1079 1080 dbcsz = (prdt->dbc & DBCMASK) + 1; 1081 breq->br_iov[i].iov_base = paddr_guest2host(ahci_ctx(sc), 1082 prdt->dba, dbcsz); 1083 breq->br_iov[i].iov_len = dbcsz; 1084 aior->done += dbcsz; 1085 prdt++; 1086 } 1087 err = blockif_read(p->bctx, breq); 1088 assert(err == 0); 1089 } 1090 1091 static void 1092 atapi_request_sense(struct ahci_port *p, int slot, uint8_t *cfis) 1093 { 1094 uint8_t buf[64]; 1095 uint8_t *acmd; 1096 int len; 1097 1098 acmd = cfis + 0x40; 1099 len = acmd[4]; 1100 if (len > sizeof(buf)) 1101 len = sizeof(buf); 1102 memset(buf, 0, len); 1103 buf[0] = 0x70 | (1 << 7); 1104 buf[2] = p->sense_key; 1105 buf[7] = 10; 1106 buf[12] = p->asc; 1107 write_prdt(p, slot, cfis, buf, len); 1108 cfis[4] = (cfis[4] & ~7) | ATA_I_CMD | ATA_I_IN; 1109 ahci_write_fis_d2h(p, slot, cfis, ATA_S_READY | ATA_S_DSC); 1110 } 1111 1112 static void 1113 atapi_start_stop_unit(struct ahci_port *p, int slot, uint8_t *cfis) 1114 { 1115 uint8_t *acmd = cfis + 0x40; 1116 uint32_t tfd; 1117 1118 switch (acmd[4] & 3) { 1119 case 0: 1120 case 1: 1121 case 3: 1122 cfis[4] = (cfis[4] & ~7) | ATA_I_CMD | ATA_I_IN; 1123 tfd = ATA_S_READY | ATA_S_DSC; 1124 break; 1125 case 2: 1126 /* TODO eject media */ 1127 cfis[4] = (cfis[4] & ~7) | ATA_I_CMD | ATA_I_IN; 1128 p->sense_key = ATA_SENSE_ILLEGAL_REQUEST; 1129 p->asc = 0x53; 1130 tfd = (p->sense_key << 12) | ATA_S_READY | ATA_S_ERROR; 1131 break; 1132 } 1133 ahci_write_fis_d2h(p, slot, cfis, tfd); 1134 } 1135 1136 static void 1137 atapi_mode_sense(struct ahci_port *p, int slot, uint8_t *cfis) 1138 { 1139 uint8_t *acmd; 1140 uint32_t tfd; 1141 uint8_t pc, code; 1142 int len; 1143 1144 acmd = cfis + 0x40; 1145 len = be16dec(acmd + 7); 1146 pc = acmd[2] >> 6; 1147 code = acmd[2] & 0x3f; 1148 1149 switch (pc) { 1150 case 0: 1151 switch (code) { 1152 case MODEPAGE_RW_ERROR_RECOVERY: 1153 { 1154 uint8_t buf[16]; 1155 1156 if (len > sizeof(buf)) 1157 len = sizeof(buf); 1158 1159 memset(buf, 0, sizeof(buf)); 1160 be16enc(buf, 16 - 2); 1161 buf[2] = 0x70; 1162 buf[8] = 0x01; 1163 buf[9] = 16 - 10; 1164 buf[11] = 0x05; 1165 write_prdt(p, slot, cfis, buf, len); 1166 tfd = ATA_S_READY | ATA_S_DSC; 1167 break; 1168 } 1169 case MODEPAGE_CD_CAPABILITIES: 1170 { 1171 uint8_t buf[30]; 1172 1173 if (len > sizeof(buf)) 1174 len = sizeof(buf); 1175 1176 memset(buf, 0, sizeof(buf)); 1177 be16enc(buf, 30 - 2); 1178 buf[2] = 0x70; 1179 buf[8] = 0x2A; 1180 buf[9] = 30 - 10; 1181 buf[10] = 0x08; 1182 buf[12] = 0x71; 1183 be16enc(&buf[18], 2); 1184 be16enc(&buf[20], 512); 1185 write_prdt(p, slot, cfis, buf, len); 1186 tfd = ATA_S_READY | ATA_S_DSC; 1187 break; 1188 } 1189 default: 1190 goto error; 1191 break; 1192 } 1193 break; 1194 case 3: 1195 p->sense_key = ATA_SENSE_ILLEGAL_REQUEST; 1196 p->asc = 0x39; 1197 tfd = (p->sense_key << 12) | ATA_S_READY | ATA_S_ERROR; 1198 break; 1199 error: 1200 case 1: 1201 case 2: 1202 p->sense_key = ATA_SENSE_ILLEGAL_REQUEST; 1203 p->asc = 0x24; 1204 tfd = (p->sense_key << 12) | ATA_S_READY | ATA_S_ERROR; 1205 break; 1206 } 1207 cfis[4] = (cfis[4] & ~7) | ATA_I_CMD | ATA_I_IN; 1208 ahci_write_fis_d2h(p, slot, cfis, tfd); 1209 } 1210 1211 static void 1212 atapi_get_event_status_notification(struct ahci_port *p, int slot, 1213 uint8_t *cfis) 1214 { 1215 uint8_t *acmd; 1216 uint32_t tfd; 1217 1218 acmd = cfis + 0x40; 1219 1220 /* we don't support asynchronous operation */ 1221 if (!(acmd[1] & 1)) { 1222 p->sense_key = ATA_SENSE_ILLEGAL_REQUEST; 1223 p->asc = 0x24; 1224 tfd = (p->sense_key << 12) | ATA_S_READY | ATA_S_ERROR; 1225 } else { 1226 uint8_t buf[8]; 1227 int len; 1228 1229 len = be16dec(acmd + 7); 1230 if (len > sizeof(buf)) 1231 len = sizeof(buf); 1232 1233 memset(buf, 0, sizeof(buf)); 1234 be16enc(buf, 8 - 2); 1235 buf[2] = 0x04; 1236 buf[3] = 0x10; 1237 buf[5] = 0x02; 1238 write_prdt(p, slot, cfis, buf, len); 1239 tfd = ATA_S_READY | ATA_S_DSC; 1240 } 1241 cfis[4] = (cfis[4] & ~7) | ATA_I_CMD | ATA_I_IN; 1242 ahci_write_fis_d2h(p, slot, cfis, tfd); 1243 } 1244 1245 static void 1246 handle_packet_cmd(struct ahci_port *p, int slot, uint8_t *cfis) 1247 { 1248 uint8_t *acmd; 1249 1250 acmd = cfis + 0x40; 1251 1252 #ifdef AHCI_DEBUG 1253 { 1254 int i; 1255 DPRINTF("ACMD:"); 1256 for (i = 0; i < 16; i++) 1257 DPRINTF("%02x ", acmd[i]); 1258 DPRINTF("\n"); 1259 } 1260 #endif 1261 1262 switch (acmd[0]) { 1263 case TEST_UNIT_READY: 1264 cfis[4] = (cfis[4] & ~7) | ATA_I_CMD | ATA_I_IN; 1265 ahci_write_fis_d2h(p, slot, cfis, ATA_S_READY | ATA_S_DSC); 1266 break; 1267 case INQUIRY: 1268 atapi_inquiry(p, slot, cfis); 1269 break; 1270 case READ_CAPACITY: 1271 atapi_read_capacity(p, slot, cfis); 1272 break; 1273 case PREVENT_ALLOW: 1274 /* TODO */ 1275 cfis[4] = (cfis[4] & ~7) | ATA_I_CMD | ATA_I_IN; 1276 ahci_write_fis_d2h(p, slot, cfis, ATA_S_READY | ATA_S_DSC); 1277 break; 1278 case READ_TOC: 1279 atapi_read_toc(p, slot, cfis); 1280 break; 1281 case READ_10: 1282 case READ_12: 1283 atapi_read(p, slot, cfis, 0, 0); 1284 break; 1285 case REQUEST_SENSE: 1286 atapi_request_sense(p, slot, cfis); 1287 break; 1288 case START_STOP_UNIT: 1289 atapi_start_stop_unit(p, slot, cfis); 1290 break; 1291 case MODE_SENSE_10: 1292 atapi_mode_sense(p, slot, cfis); 1293 break; 1294 case GET_EVENT_STATUS_NOTIFICATION: 1295 atapi_get_event_status_notification(p, slot, cfis); 1296 break; 1297 default: 1298 cfis[4] = (cfis[4] & ~7) | ATA_I_CMD | ATA_I_IN; 1299 p->sense_key = ATA_SENSE_ILLEGAL_REQUEST; 1300 p->asc = 0x20; 1301 ahci_write_fis_d2h(p, slot, cfis, (p->sense_key << 12) | 1302 ATA_S_READY | ATA_S_ERROR); 1303 break; 1304 } 1305 } 1306 1307 static void 1308 ahci_handle_cmd(struct ahci_port *p, int slot, uint8_t *cfis) 1309 { 1310 1311 switch (cfis[2]) { 1312 case ATA_ATA_IDENTIFY: 1313 handle_identify(p, slot, cfis); 1314 break; 1315 case ATA_SETFEATURES: 1316 { 1317 switch (cfis[3]) { 1318 case ATA_SF_ENAB_SATA_SF: 1319 switch (cfis[12]) { 1320 case ATA_SATA_SF_AN: 1321 p->tfd = ATA_S_DSC | ATA_S_READY; 1322 break; 1323 default: 1324 p->tfd = ATA_S_ERROR | ATA_S_READY; 1325 p->tfd |= (ATA_ERROR_ABORT << 8); 1326 break; 1327 } 1328 break; 1329 case ATA_SF_ENAB_WCACHE: 1330 case ATA_SF_DIS_WCACHE: 1331 case ATA_SF_ENAB_RCACHE: 1332 case ATA_SF_DIS_RCACHE: 1333 p->tfd = ATA_S_DSC | ATA_S_READY; 1334 break; 1335 case ATA_SF_SETXFER: 1336 { 1337 switch (cfis[12] & 0xf8) { 1338 case ATA_PIO: 1339 case ATA_PIO0: 1340 break; 1341 case ATA_WDMA0: 1342 case ATA_UDMA0: 1343 p->xfermode = (cfis[12] & 0x7); 1344 break; 1345 } 1346 p->tfd = ATA_S_DSC | ATA_S_READY; 1347 break; 1348 } 1349 default: 1350 p->tfd = ATA_S_ERROR | ATA_S_READY; 1351 p->tfd |= (ATA_ERROR_ABORT << 8); 1352 break; 1353 } 1354 ahci_write_fis_d2h(p, slot, cfis, p->tfd); 1355 break; 1356 } 1357 case ATA_SET_MULTI: 1358 if (cfis[12] != 0 && 1359 (cfis[12] > 128 || (cfis[12] & (cfis[12] - 1)))) { 1360 p->tfd = ATA_S_ERROR | ATA_S_READY; 1361 p->tfd |= (ATA_ERROR_ABORT << 8); 1362 } else { 1363 p->mult_sectors = cfis[12]; 1364 p->tfd = ATA_S_DSC | ATA_S_READY; 1365 } 1366 p->is |= AHCI_P_IX_DP; 1367 p->ci &= ~(1 << slot); 1368 ahci_generate_intr(p->pr_sc); 1369 break; 1370 case ATA_READ_DMA: 1371 case ATA_WRITE_DMA: 1372 case ATA_READ_DMA48: 1373 case ATA_WRITE_DMA48: 1374 case ATA_READ_FPDMA_QUEUED: 1375 case ATA_WRITE_FPDMA_QUEUED: 1376 ahci_handle_dma(p, slot, cfis, 0, 0); 1377 break; 1378 case ATA_FLUSHCACHE: 1379 case ATA_FLUSHCACHE48: 1380 ahci_handle_flush(p, slot, cfis); 1381 break; 1382 case ATA_STANDBY_CMD: 1383 break; 1384 case ATA_NOP: 1385 case ATA_STANDBY_IMMEDIATE: 1386 case ATA_IDLE_IMMEDIATE: 1387 case ATA_SLEEP: 1388 ahci_write_fis_d2h(p, slot, cfis, ATA_S_READY | ATA_S_DSC); 1389 break; 1390 case ATA_ATAPI_IDENTIFY: 1391 handle_atapi_identify(p, slot, cfis); 1392 break; 1393 case ATA_PACKET_CMD: 1394 if (!p->atapi) { 1395 p->tfd = (ATA_E_ABORT << 8) | ATA_S_READY | ATA_S_ERROR; 1396 p->is |= AHCI_P_IX_TFE; 1397 ahci_generate_intr(p->pr_sc); 1398 } else 1399 handle_packet_cmd(p, slot, cfis); 1400 break; 1401 default: 1402 WPRINTF("Unsupported cmd:%02x\n", cfis[2]); 1403 p->tfd = (ATA_E_ABORT << 8) | ATA_S_READY | ATA_S_ERROR; 1404 p->is |= AHCI_P_IX_TFE; 1405 ahci_generate_intr(p->pr_sc); 1406 break; 1407 } 1408 } 1409 1410 static void 1411 ahci_handle_slot(struct ahci_port *p, int slot) 1412 { 1413 struct ahci_cmd_hdr *hdr; 1414 struct ahci_prdt_entry *prdt; 1415 struct pci_ahci_softc *sc; 1416 uint8_t *cfis; 1417 int cfl; 1418 1419 sc = p->pr_sc; 1420 hdr = (struct ahci_cmd_hdr *)(p->cmd_lst + slot * AHCI_CL_SIZE); 1421 cfl = (hdr->flags & 0x1f) * 4; 1422 cfis = paddr_guest2host(ahci_ctx(sc), hdr->ctba, 1423 0x80 + hdr->prdtl * sizeof(struct ahci_prdt_entry)); 1424 prdt = (struct ahci_prdt_entry *)(cfis + 0x80); 1425 1426 #ifdef AHCI_DEBUG 1427 DPRINTF("\ncfis:"); 1428 for (i = 0; i < cfl; i++) { 1429 if (i % 10 == 0) 1430 DPRINTF("\n"); 1431 DPRINTF("%02x ", cfis[i]); 1432 } 1433 DPRINTF("\n"); 1434 1435 for (i = 0; i < hdr->prdtl; i++) { 1436 DPRINTF("%d@%08"PRIx64"\n", prdt->dbc & 0x3fffff, prdt->dba); 1437 prdt++; 1438 } 1439 #endif 1440 1441 if (cfis[0] != FIS_TYPE_REGH2D) { 1442 WPRINTF("Not a H2D FIS:%02x\n", cfis[0]); 1443 return; 1444 } 1445 1446 if (cfis[1] & 0x80) { 1447 ahci_handle_cmd(p, slot, cfis); 1448 } else { 1449 if (cfis[15] & (1 << 2)) 1450 p->reset = 1; 1451 else if (p->reset) { 1452 p->reset = 0; 1453 ahci_port_reset(p); 1454 } 1455 p->ci &= ~(1 << slot); 1456 } 1457 } 1458 1459 static void 1460 ahci_handle_port(struct ahci_port *p) 1461 { 1462 int i; 1463 1464 if (!(p->cmd & AHCI_P_CMD_ST)) 1465 return; 1466 1467 /* 1468 * Search for any new commands to issue ignoring those that 1469 * are already in-flight. 1470 */ 1471 for (i = 0; (i < 32) && p->ci; i++) { 1472 if ((p->ci & (1 << i)) && !(p->pending & (1 << i))) { 1473 p->cmd &= ~AHCI_P_CMD_CCS_MASK; 1474 p->cmd |= i << AHCI_P_CMD_CCS_SHIFT; 1475 ahci_handle_slot(p, i); 1476 } 1477 } 1478 } 1479 1480 /* 1481 * blockif callback routine - this runs in the context of the blockif 1482 * i/o thread, so the mutex needs to be acquired. 1483 */ 1484 static void 1485 ata_ioreq_cb(struct blockif_req *br, int err) 1486 { 1487 struct ahci_cmd_hdr *hdr; 1488 struct ahci_ioreq *aior; 1489 struct ahci_port *p; 1490 struct pci_ahci_softc *sc; 1491 uint32_t tfd; 1492 uint8_t *cfis; 1493 int pending, slot, ncq; 1494 1495 DPRINTF("%s %d\n", __func__, err); 1496 1497 ncq = 0; 1498 aior = br->br_param; 1499 p = aior->io_pr; 1500 cfis = aior->cfis; 1501 slot = aior->slot; 1502 pending = aior->prdtl; 1503 sc = p->pr_sc; 1504 hdr = (struct ahci_cmd_hdr *)(p->cmd_lst + slot * AHCI_CL_SIZE); 1505 1506 if (cfis[2] == ATA_WRITE_FPDMA_QUEUED || 1507 cfis[2] == ATA_READ_FPDMA_QUEUED) 1508 ncq = 1; 1509 1510 pthread_mutex_lock(&sc->mtx); 1511 1512 /* 1513 * Delete the blockif request from the busy list 1514 */ 1515 TAILQ_REMOVE(&p->iobhd, aior, io_blist); 1516 1517 /* 1518 * Move the blockif request back to the free list 1519 */ 1520 STAILQ_INSERT_TAIL(&p->iofhd, aior, io_flist); 1521 1522 if (pending && !err) { 1523 ahci_handle_dma(p, slot, cfis, aior->done, 1524 hdr->prdtl - pending); 1525 goto out; 1526 } 1527 1528 if (!err && aior->done == aior->len) { 1529 tfd = ATA_S_READY | ATA_S_DSC; 1530 if (ncq) 1531 hdr->prdbc = 0; 1532 else 1533 hdr->prdbc = aior->len; 1534 } else { 1535 tfd = (ATA_E_ABORT << 8) | ATA_S_READY | ATA_S_ERROR; 1536 hdr->prdbc = 0; 1537 if (ncq) 1538 p->serr |= (1 << slot); 1539 } 1540 1541 if (ncq) { 1542 p->sact &= ~(1 << slot); 1543 ahci_write_fis_sdb(p, slot, tfd); 1544 } else 1545 ahci_write_fis_d2h(p, slot, cfis, tfd); 1546 1547 /* 1548 * This command is now complete. 1549 */ 1550 p->pending &= ~(1 << slot); 1551 1552 ahci_check_stopped(p); 1553 out: 1554 pthread_mutex_unlock(&sc->mtx); 1555 DPRINTF("%s exit\n", __func__); 1556 } 1557 1558 static void 1559 atapi_ioreq_cb(struct blockif_req *br, int err) 1560 { 1561 struct ahci_cmd_hdr *hdr; 1562 struct ahci_ioreq *aior; 1563 struct ahci_port *p; 1564 struct pci_ahci_softc *sc; 1565 uint8_t *cfis; 1566 uint32_t tfd; 1567 int pending, slot; 1568 1569 DPRINTF("%s %d\n", __func__, err); 1570 1571 aior = br->br_param; 1572 p = aior->io_pr; 1573 cfis = aior->cfis; 1574 slot = aior->slot; 1575 pending = aior->prdtl; 1576 sc = p->pr_sc; 1577 hdr = (struct ahci_cmd_hdr *)(p->cmd_lst + aior->slot * AHCI_CL_SIZE); 1578 1579 pthread_mutex_lock(&sc->mtx); 1580 1581 /* 1582 * Delete the blockif request from the busy list 1583 */ 1584 TAILQ_REMOVE(&p->iobhd, aior, io_blist); 1585 1586 /* 1587 * Move the blockif request back to the free list 1588 */ 1589 STAILQ_INSERT_TAIL(&p->iofhd, aior, io_flist); 1590 1591 if (pending && !err) { 1592 atapi_read(p, slot, cfis, aior->done, hdr->prdtl - pending); 1593 goto out; 1594 } 1595 1596 if (!err && aior->done == aior->len) { 1597 tfd = ATA_S_READY | ATA_S_DSC; 1598 hdr->prdbc = aior->len; 1599 } else { 1600 p->sense_key = ATA_SENSE_ILLEGAL_REQUEST; 1601 p->asc = 0x21; 1602 tfd = (p->sense_key << 12) | ATA_S_READY | ATA_S_ERROR; 1603 hdr->prdbc = 0; 1604 } 1605 1606 cfis[4] = (cfis[4] & ~7) | ATA_I_CMD | ATA_I_IN; 1607 ahci_write_fis_d2h(p, slot, cfis, tfd); 1608 1609 /* 1610 * This command is now complete. 1611 */ 1612 p->pending &= ~(1 << slot); 1613 1614 ahci_check_stopped(p); 1615 out: 1616 pthread_mutex_unlock(&sc->mtx); 1617 DPRINTF("%s exit\n", __func__); 1618 } 1619 1620 static void 1621 pci_ahci_ioreq_init(struct ahci_port *pr) 1622 { 1623 struct ahci_ioreq *vr; 1624 int i; 1625 1626 pr->ioqsz = blockif_queuesz(pr->bctx); 1627 pr->ioreq = calloc(pr->ioqsz, sizeof(struct ahci_ioreq)); 1628 STAILQ_INIT(&pr->iofhd); 1629 1630 /* 1631 * Add all i/o request entries to the free queue 1632 */ 1633 for (i = 0; i < pr->ioqsz; i++) { 1634 vr = &pr->ioreq[i]; 1635 vr->io_pr = pr; 1636 if (!pr->atapi) 1637 vr->io_req.br_callback = ata_ioreq_cb; 1638 else 1639 vr->io_req.br_callback = atapi_ioreq_cb; 1640 vr->io_req.br_param = vr; 1641 STAILQ_INSERT_TAIL(&pr->iofhd, vr, io_flist); 1642 } 1643 1644 TAILQ_INIT(&pr->iobhd); 1645 } 1646 1647 static void 1648 pci_ahci_port_write(struct pci_ahci_softc *sc, uint64_t offset, uint64_t value) 1649 { 1650 int port = (offset - AHCI_OFFSET) / AHCI_STEP; 1651 offset = (offset - AHCI_OFFSET) % AHCI_STEP; 1652 struct ahci_port *p = &sc->port[port]; 1653 1654 DPRINTF("pci_ahci_port %d: write offset 0x%"PRIx64" value 0x%"PRIx64"\n", 1655 port, offset, value); 1656 1657 switch (offset) { 1658 case AHCI_P_CLB: 1659 p->clb = value; 1660 break; 1661 case AHCI_P_CLBU: 1662 p->clbu = value; 1663 break; 1664 case AHCI_P_FB: 1665 p->fb = value; 1666 break; 1667 case AHCI_P_FBU: 1668 p->fbu = value; 1669 break; 1670 case AHCI_P_IS: 1671 p->is &= ~value; 1672 break; 1673 case AHCI_P_IE: 1674 p->ie = value & 0xFDC000FF; 1675 ahci_generate_intr(sc); 1676 break; 1677 case AHCI_P_CMD: 1678 { 1679 p->cmd = value; 1680 1681 if (!(value & AHCI_P_CMD_ST)) { 1682 ahci_port_stop(p); 1683 } else { 1684 uint64_t clb; 1685 1686 p->cmd |= AHCI_P_CMD_CR; 1687 clb = (uint64_t)p->clbu << 32 | p->clb; 1688 p->cmd_lst = paddr_guest2host(ahci_ctx(sc), clb, 1689 AHCI_CL_SIZE * AHCI_MAX_SLOTS); 1690 } 1691 1692 if (value & AHCI_P_CMD_FRE) { 1693 uint64_t fb; 1694 1695 p->cmd |= AHCI_P_CMD_FR; 1696 fb = (uint64_t)p->fbu << 32 | p->fb; 1697 /* we don't support FBSCP, so rfis size is 256Bytes */ 1698 p->rfis = paddr_guest2host(ahci_ctx(sc), fb, 256); 1699 } else { 1700 p->cmd &= ~AHCI_P_CMD_FR; 1701 } 1702 1703 if (value & AHCI_P_CMD_CLO) { 1704 p->tfd = 0; 1705 p->cmd &= ~AHCI_P_CMD_CLO; 1706 } 1707 1708 ahci_handle_port(p); 1709 break; 1710 } 1711 case AHCI_P_TFD: 1712 case AHCI_P_SIG: 1713 case AHCI_P_SSTS: 1714 WPRINTF("pci_ahci_port: read only registers 0x%"PRIx64"\n", offset); 1715 break; 1716 case AHCI_P_SCTL: 1717 if (!(p->cmd & AHCI_P_CMD_ST)) { 1718 if (value & ATA_SC_DET_RESET) 1719 ahci_port_reset(p); 1720 p->sctl = value; 1721 } 1722 break; 1723 case AHCI_P_SERR: 1724 p->serr &= ~value; 1725 break; 1726 case AHCI_P_SACT: 1727 p->sact |= value; 1728 break; 1729 case AHCI_P_CI: 1730 p->ci |= value; 1731 ahci_handle_port(p); 1732 break; 1733 case AHCI_P_SNTF: 1734 case AHCI_P_FBS: 1735 default: 1736 break; 1737 } 1738 } 1739 1740 static void 1741 pci_ahci_host_write(struct pci_ahci_softc *sc, uint64_t offset, uint64_t value) 1742 { 1743 DPRINTF("pci_ahci_host: write offset 0x%"PRIx64" value 0x%"PRIx64"\n", 1744 offset, value); 1745 1746 switch (offset) { 1747 case AHCI_CAP: 1748 case AHCI_PI: 1749 case AHCI_VS: 1750 case AHCI_CAP2: 1751 DPRINTF("pci_ahci_host: read only registers 0x%"PRIx64"\n", offset); 1752 break; 1753 case AHCI_GHC: 1754 if (value & AHCI_GHC_HR) 1755 ahci_reset(sc); 1756 else if (value & AHCI_GHC_IE) { 1757 sc->ghc |= AHCI_GHC_IE; 1758 ahci_generate_intr(sc); 1759 } 1760 break; 1761 case AHCI_IS: 1762 sc->is &= ~value; 1763 ahci_generate_intr(sc); 1764 break; 1765 default: 1766 break; 1767 } 1768 } 1769 1770 static void 1771 pci_ahci_write(struct vmctx *ctx, int vcpu, struct pci_devinst *pi, 1772 int baridx, uint64_t offset, int size, uint64_t value) 1773 { 1774 struct pci_ahci_softc *sc = pi->pi_arg; 1775 1776 assert(baridx == 5); 1777 assert(size == 4); 1778 1779 pthread_mutex_lock(&sc->mtx); 1780 1781 if (offset < AHCI_OFFSET) 1782 pci_ahci_host_write(sc, offset, value); 1783 else if (offset < AHCI_OFFSET + sc->ports * AHCI_STEP) 1784 pci_ahci_port_write(sc, offset, value); 1785 else 1786 WPRINTF("pci_ahci: unknown i/o write offset 0x%"PRIx64"\n", offset); 1787 1788 pthread_mutex_unlock(&sc->mtx); 1789 } 1790 1791 static uint64_t 1792 pci_ahci_host_read(struct pci_ahci_softc *sc, uint64_t offset) 1793 { 1794 uint32_t value; 1795 1796 switch (offset) { 1797 case AHCI_CAP: 1798 case AHCI_GHC: 1799 case AHCI_IS: 1800 case AHCI_PI: 1801 case AHCI_VS: 1802 case AHCI_CCCC: 1803 case AHCI_CCCP: 1804 case AHCI_EM_LOC: 1805 case AHCI_EM_CTL: 1806 case AHCI_CAP2: 1807 { 1808 uint32_t *p = &sc->cap; 1809 p += (offset - AHCI_CAP) / sizeof(uint32_t); 1810 value = *p; 1811 break; 1812 } 1813 default: 1814 value = 0; 1815 break; 1816 } 1817 DPRINTF("pci_ahci_host: read offset 0x%"PRIx64" value 0x%x\n", 1818 offset, value); 1819 1820 return (value); 1821 } 1822 1823 static uint64_t 1824 pci_ahci_port_read(struct pci_ahci_softc *sc, uint64_t offset) 1825 { 1826 uint32_t value; 1827 int port = (offset - AHCI_OFFSET) / AHCI_STEP; 1828 offset = (offset - AHCI_OFFSET) % AHCI_STEP; 1829 1830 switch (offset) { 1831 case AHCI_P_CLB: 1832 case AHCI_P_CLBU: 1833 case AHCI_P_FB: 1834 case AHCI_P_FBU: 1835 case AHCI_P_IS: 1836 case AHCI_P_IE: 1837 case AHCI_P_CMD: 1838 case AHCI_P_TFD: 1839 case AHCI_P_SIG: 1840 case AHCI_P_SSTS: 1841 case AHCI_P_SCTL: 1842 case AHCI_P_SERR: 1843 case AHCI_P_SACT: 1844 case AHCI_P_CI: 1845 case AHCI_P_SNTF: 1846 case AHCI_P_FBS: 1847 { 1848 uint32_t *p= &sc->port[port].clb; 1849 p += (offset - AHCI_P_CLB) / sizeof(uint32_t); 1850 value = *p; 1851 break; 1852 } 1853 default: 1854 value = 0; 1855 break; 1856 } 1857 1858 DPRINTF("pci_ahci_port %d: read offset 0x%"PRIx64" value 0x%x\n", 1859 port, offset, value); 1860 1861 return value; 1862 } 1863 1864 static uint64_t 1865 pci_ahci_read(struct vmctx *ctx, int vcpu, struct pci_devinst *pi, int baridx, 1866 uint64_t offset, int size) 1867 { 1868 struct pci_ahci_softc *sc = pi->pi_arg; 1869 uint32_t value; 1870 1871 assert(baridx == 5); 1872 assert(size == 4); 1873 1874 pthread_mutex_lock(&sc->mtx); 1875 1876 if (offset < AHCI_OFFSET) 1877 value = pci_ahci_host_read(sc, offset); 1878 else if (offset < AHCI_OFFSET + sc->ports * AHCI_STEP) 1879 value = pci_ahci_port_read(sc, offset); 1880 else { 1881 value = 0; 1882 WPRINTF("pci_ahci: unknown i/o read offset 0x%"PRIx64"\n", offset); 1883 } 1884 1885 pthread_mutex_unlock(&sc->mtx); 1886 1887 return (value); 1888 } 1889 1890 static int 1891 pci_ahci_init(struct vmctx *ctx, struct pci_devinst *pi, char *opts, int atapi) 1892 { 1893 char bident[sizeof("XX:X:X")]; 1894 struct blockif_ctxt *bctxt; 1895 struct pci_ahci_softc *sc; 1896 int ret, slots; 1897 1898 ret = 0; 1899 1900 if (opts == NULL) { 1901 fprintf(stderr, "pci_ahci: backing device required\n"); 1902 return (1); 1903 } 1904 1905 #ifdef AHCI_DEBUG 1906 dbg = fopen("/tmp/log", "w+"); 1907 #endif 1908 1909 sc = calloc(1, sizeof(struct pci_ahci_softc)); 1910 pi->pi_arg = sc; 1911 sc->asc_pi = pi; 1912 sc->ports = MAX_PORTS; 1913 1914 /* 1915 * Only use port 0 for a backing device. All other ports will be 1916 * marked as unused 1917 */ 1918 sc->port[0].atapi = atapi; 1919 1920 /* 1921 * Attempt to open the backing image. Use the PCI 1922 * slot/func for the identifier string. 1923 */ 1924 snprintf(bident, sizeof(bident), "%d:%d", pi->pi_slot, pi->pi_func); 1925 bctxt = blockif_open(opts, bident); 1926 if (bctxt == NULL) { 1927 ret = 1; 1928 goto open_fail; 1929 } 1930 sc->port[0].bctx = bctxt; 1931 sc->port[0].pr_sc = sc; 1932 1933 /* 1934 * Allocate blockif request structures and add them 1935 * to the free list 1936 */ 1937 pci_ahci_ioreq_init(&sc->port[0]); 1938 1939 pthread_mutex_init(&sc->mtx, NULL); 1940 1941 /* Intel ICH8 AHCI */ 1942 slots = sc->port[0].ioqsz; 1943 if (slots > 32) 1944 slots = 32; 1945 --slots; 1946 sc->cap = AHCI_CAP_64BIT | AHCI_CAP_SNCQ | AHCI_CAP_SSNTF | 1947 AHCI_CAP_SMPS | AHCI_CAP_SSS | AHCI_CAP_SALP | 1948 AHCI_CAP_SAL | AHCI_CAP_SCLO | (0x3 << AHCI_CAP_ISS_SHIFT)| 1949 AHCI_CAP_PMD | AHCI_CAP_SSC | AHCI_CAP_PSC | 1950 (slots << AHCI_CAP_NCS_SHIFT) | AHCI_CAP_SXS | (sc->ports - 1); 1951 1952 /* Only port 0 implemented */ 1953 sc->pi = 1; 1954 sc->vs = 0x10300; 1955 sc->cap2 = AHCI_CAP2_APST; 1956 ahci_reset(sc); 1957 1958 pci_set_cfgdata16(pi, PCIR_DEVICE, 0x2821); 1959 pci_set_cfgdata16(pi, PCIR_VENDOR, 0x8086); 1960 pci_set_cfgdata8(pi, PCIR_CLASS, PCIC_STORAGE); 1961 pci_set_cfgdata8(pi, PCIR_SUBCLASS, PCIS_STORAGE_SATA); 1962 pci_set_cfgdata8(pi, PCIR_PROGIF, PCIP_STORAGE_SATA_AHCI_1_0); 1963 pci_emul_add_msicap(pi, 1); 1964 pci_emul_alloc_bar(pi, 5, PCIBAR_MEM32, 1965 AHCI_OFFSET + sc->ports * AHCI_STEP); 1966 1967 pci_lintr_request(pi); 1968 1969 open_fail: 1970 if (ret) { 1971 blockif_close(sc->port[0].bctx); 1972 free(sc); 1973 } 1974 1975 return (ret); 1976 } 1977 1978 static int 1979 pci_ahci_hd_init(struct vmctx *ctx, struct pci_devinst *pi, char *opts) 1980 { 1981 1982 return (pci_ahci_init(ctx, pi, opts, 0)); 1983 } 1984 1985 static int 1986 pci_ahci_atapi_init(struct vmctx *ctx, struct pci_devinst *pi, char *opts) 1987 { 1988 1989 return (pci_ahci_init(ctx, pi, opts, 1)); 1990 } 1991 1992 /* 1993 * Use separate emulation names to distinguish drive and atapi devices 1994 */ 1995 struct pci_devemu pci_de_ahci_hd = { 1996 .pe_emu = "ahci-hd", 1997 .pe_init = pci_ahci_hd_init, 1998 .pe_barwrite = pci_ahci_write, 1999 .pe_barread = pci_ahci_read 2000 }; 2001 PCI_EMUL_SET(pci_de_ahci_hd); 2002 2003 struct pci_devemu pci_de_ahci_cd = { 2004 .pe_emu = "ahci-cd", 2005 .pe_init = pci_ahci_atapi_init, 2006 .pe_barwrite = pci_ahci_write, 2007 .pe_barread = pci_ahci_read 2008 }; 2009 PCI_EMUL_SET(pci_de_ahci_cd); 2010