1 /*- 2 * Copyright (c) 2013 Zhixiang Yu <zcore@freebsd.org> 3 * All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * 2. Redistributions in binary form must reproduce the above copyright 11 * notice, this list of conditions and the following disclaimer in the 12 * documentation and/or other materials provided with the distribution. 13 * 14 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND 15 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 16 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 17 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 18 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 19 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 20 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 21 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 22 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 23 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 24 * SUCH DAMAGE. 25 * 26 * $FreeBSD$ 27 */ 28 29 #include <sys/cdefs.h> 30 __FBSDID("$FreeBSD$"); 31 32 #include <sys/param.h> 33 #include <sys/linker_set.h> 34 #include <sys/stat.h> 35 #include <sys/uio.h> 36 #include <sys/ioctl.h> 37 #include <sys/disk.h> 38 #include <sys/ata.h> 39 #include <sys/endian.h> 40 41 #include <errno.h> 42 #include <fcntl.h> 43 #include <stdio.h> 44 #include <stdlib.h> 45 #include <stdint.h> 46 #include <string.h> 47 #include <strings.h> 48 #include <unistd.h> 49 #include <assert.h> 50 #include <pthread.h> 51 #include <pthread_np.h> 52 #include <inttypes.h> 53 54 #include "bhyverun.h" 55 #include "pci_emul.h" 56 #include "ahci.h" 57 #include "block_if.h" 58 59 #define MAX_PORTS 6 /* Intel ICH8 AHCI supports 6 ports */ 60 61 #define PxSIG_ATA 0x00000101 /* ATA drive */ 62 #define PxSIG_ATAPI 0xeb140101 /* ATAPI drive */ 63 64 enum sata_fis_type { 65 FIS_TYPE_REGH2D = 0x27, /* Register FIS - host to device */ 66 FIS_TYPE_REGD2H = 0x34, /* Register FIS - device to host */ 67 FIS_TYPE_DMAACT = 0x39, /* DMA activate FIS - device to host */ 68 FIS_TYPE_DMASETUP = 0x41, /* DMA setup FIS - bidirectional */ 69 FIS_TYPE_DATA = 0x46, /* Data FIS - bidirectional */ 70 FIS_TYPE_BIST = 0x58, /* BIST activate FIS - bidirectional */ 71 FIS_TYPE_PIOSETUP = 0x5F, /* PIO setup FIS - device to host */ 72 FIS_TYPE_SETDEVBITS = 0xA1, /* Set dev bits FIS - device to host */ 73 }; 74 75 /* 76 * SCSI opcodes 77 */ 78 #define TEST_UNIT_READY 0x00 79 #define REQUEST_SENSE 0x03 80 #define INQUIRY 0x12 81 #define START_STOP_UNIT 0x1B 82 #define PREVENT_ALLOW 0x1E 83 #define READ_CAPACITY 0x25 84 #define READ_10 0x28 85 #define POSITION_TO_ELEMENT 0x2B 86 #define READ_TOC 0x43 87 #define GET_EVENT_STATUS_NOTIFICATION 0x4A 88 #define MODE_SENSE_10 0x5A 89 #define READ_12 0xA8 90 #define READ_CD 0xBE 91 92 /* 93 * SCSI mode page codes 94 */ 95 #define MODEPAGE_RW_ERROR_RECOVERY 0x01 96 #define MODEPAGE_CD_CAPABILITIES 0x2A 97 98 /* 99 * ATA commands 100 */ 101 #define ATA_SF_ENAB_SATA_SF 0x10 102 #define ATA_SATA_SF_AN 0x05 103 #define ATA_SF_DIS_SATA_SF 0x90 104 105 /* 106 * Debug printf 107 */ 108 #ifdef AHCI_DEBUG 109 static FILE *dbg; 110 #define DPRINTF(format, arg...) do{fprintf(dbg, format, ##arg);fflush(dbg);}while(0) 111 #else 112 #define DPRINTF(format, arg...) 113 #endif 114 #define WPRINTF(format, arg...) printf(format, ##arg) 115 116 struct ahci_ioreq { 117 struct blockif_req io_req; 118 struct ahci_port *io_pr; 119 STAILQ_ENTRY(ahci_ioreq) io_flist; 120 TAILQ_ENTRY(ahci_ioreq) io_blist; 121 uint8_t *cfis; 122 uint32_t len; 123 uint32_t done; 124 int slot; 125 int prdtl; 126 }; 127 128 struct ahci_port { 129 struct blockif_ctxt *bctx; 130 struct pci_ahci_softc *pr_sc; 131 uint8_t *cmd_lst; 132 uint8_t *rfis; 133 int atapi; 134 int reset; 135 int mult_sectors; 136 uint8_t xfermode; 137 uint8_t sense_key; 138 uint8_t asc; 139 uint32_t pending; 140 141 uint32_t clb; 142 uint32_t clbu; 143 uint32_t fb; 144 uint32_t fbu; 145 uint32_t is; 146 uint32_t ie; 147 uint32_t cmd; 148 uint32_t unused0; 149 uint32_t tfd; 150 uint32_t sig; 151 uint32_t ssts; 152 uint32_t sctl; 153 uint32_t serr; 154 uint32_t sact; 155 uint32_t ci; 156 uint32_t sntf; 157 uint32_t fbs; 158 159 /* 160 * i/o request info 161 */ 162 struct ahci_ioreq *ioreq; 163 int ioqsz; 164 STAILQ_HEAD(ahci_fhead, ahci_ioreq) iofhd; 165 TAILQ_HEAD(ahci_bhead, ahci_ioreq) iobhd; 166 }; 167 168 struct ahci_cmd_hdr { 169 uint16_t flags; 170 uint16_t prdtl; 171 uint32_t prdbc; 172 uint64_t ctba; 173 uint32_t reserved[4]; 174 }; 175 176 struct ahci_prdt_entry { 177 uint64_t dba; 178 uint32_t reserved; 179 #define DBCMASK 0x3fffff 180 uint32_t dbc; 181 }; 182 183 struct pci_ahci_softc { 184 struct pci_devinst *asc_pi; 185 pthread_mutex_t mtx; 186 int ports; 187 uint32_t cap; 188 uint32_t ghc; 189 uint32_t is; 190 uint32_t pi; 191 uint32_t vs; 192 uint32_t ccc_ctl; 193 uint32_t ccc_pts; 194 uint32_t em_loc; 195 uint32_t em_ctl; 196 uint32_t cap2; 197 uint32_t bohc; 198 uint32_t lintr; 199 struct ahci_port port[MAX_PORTS]; 200 }; 201 #define ahci_ctx(sc) ((sc)->asc_pi->pi_vmctx) 202 203 static inline void lba_to_msf(uint8_t *buf, int lba) 204 { 205 lba += 150; 206 buf[0] = (lba / 75) / 60; 207 buf[1] = (lba / 75) % 60; 208 buf[2] = lba % 75; 209 } 210 211 /* 212 * generate HBA intr depending on whether or not ports within 213 * the controller have an interrupt pending. 214 */ 215 static void 216 ahci_generate_intr(struct pci_ahci_softc *sc) 217 { 218 struct pci_devinst *pi; 219 int i; 220 221 pi = sc->asc_pi; 222 223 for (i = 0; i < sc->ports; i++) { 224 struct ahci_port *pr; 225 pr = &sc->port[i]; 226 if (pr->is & pr->ie) 227 sc->is |= (1 << i); 228 } 229 230 DPRINTF("%s %x\n", __func__, sc->is); 231 232 if (sc->is && (sc->ghc & AHCI_GHC_IE)) { 233 if (pci_msi_enabled(pi)) { 234 /* 235 * Generate an MSI interrupt on every edge 236 */ 237 pci_generate_msi(pi, 0); 238 } else if (!sc->lintr) { 239 /* 240 * Only generate a pin-based interrupt if one wasn't 241 * in progress 242 */ 243 sc->lintr = 1; 244 pci_lintr_assert(pi); 245 } 246 } else if (sc->lintr) { 247 /* 248 * No interrupts: deassert pin-based signal if it had 249 * been asserted 250 */ 251 pci_lintr_deassert(pi); 252 sc->lintr = 0; 253 } 254 } 255 256 static void 257 ahci_write_fis(struct ahci_port *p, enum sata_fis_type ft, uint8_t *fis) 258 { 259 int offset, len, irq; 260 261 if (p->rfis == NULL || !(p->cmd & AHCI_P_CMD_FRE)) 262 return; 263 264 switch (ft) { 265 case FIS_TYPE_REGD2H: 266 offset = 0x40; 267 len = 20; 268 irq = AHCI_P_IX_DHR; 269 break; 270 case FIS_TYPE_SETDEVBITS: 271 offset = 0x58; 272 len = 8; 273 irq = AHCI_P_IX_SDB; 274 break; 275 case FIS_TYPE_PIOSETUP: 276 offset = 0x20; 277 len = 20; 278 irq = 0; 279 break; 280 default: 281 WPRINTF("unsupported fis type %d\n", ft); 282 return; 283 } 284 memcpy(p->rfis + offset, fis, len); 285 if (irq) { 286 p->is |= irq; 287 ahci_generate_intr(p->pr_sc); 288 } 289 } 290 291 static void 292 ahci_write_fis_piosetup(struct ahci_port *p) 293 { 294 uint8_t fis[20]; 295 296 memset(fis, 0, sizeof(fis)); 297 fis[0] = FIS_TYPE_PIOSETUP; 298 ahci_write_fis(p, FIS_TYPE_PIOSETUP, fis); 299 } 300 301 static void 302 ahci_write_fis_sdb(struct ahci_port *p, int slot, uint32_t tfd) 303 { 304 uint8_t fis[8]; 305 uint8_t error; 306 307 error = (tfd >> 8) & 0xff; 308 memset(fis, 0, sizeof(fis)); 309 fis[0] = error; 310 fis[2] = tfd & 0x77; 311 *(uint32_t *)(fis + 4) = (1 << slot); 312 if (fis[2] & ATA_S_ERROR) 313 p->is |= AHCI_P_IX_TFE; 314 p->tfd = tfd; 315 ahci_write_fis(p, FIS_TYPE_SETDEVBITS, fis); 316 } 317 318 static void 319 ahci_write_fis_d2h(struct ahci_port *p, int slot, uint8_t *cfis, uint32_t tfd) 320 { 321 uint8_t fis[20]; 322 uint8_t error; 323 324 error = (tfd >> 8) & 0xff; 325 memset(fis, 0, sizeof(fis)); 326 fis[0] = FIS_TYPE_REGD2H; 327 fis[1] = (1 << 6); 328 fis[2] = tfd & 0xff; 329 fis[3] = error; 330 fis[4] = cfis[4]; 331 fis[5] = cfis[5]; 332 fis[6] = cfis[6]; 333 fis[7] = cfis[7]; 334 fis[8] = cfis[8]; 335 fis[9] = cfis[9]; 336 fis[10] = cfis[10]; 337 fis[11] = cfis[11]; 338 fis[12] = cfis[12]; 339 fis[13] = cfis[13]; 340 if (fis[2] & ATA_S_ERROR) 341 p->is |= AHCI_P_IX_TFE; 342 else 343 p->ci &= ~(1 << slot); 344 p->tfd = tfd; 345 ahci_write_fis(p, FIS_TYPE_REGD2H, fis); 346 } 347 348 static void 349 ahci_write_reset_fis_d2h(struct ahci_port *p) 350 { 351 uint8_t fis[20]; 352 353 memset(fis, 0, sizeof(fis)); 354 fis[0] = FIS_TYPE_REGD2H; 355 fis[3] = 1; 356 fis[4] = 1; 357 if (p->atapi) { 358 fis[5] = 0x14; 359 fis[6] = 0xeb; 360 } 361 fis[12] = 1; 362 ahci_write_fis(p, FIS_TYPE_REGD2H, fis); 363 } 364 365 static void 366 ahci_check_stopped(struct ahci_port *p) 367 { 368 /* 369 * If we are no longer processing the command list and nothing 370 * is in-flight, clear the running bit, the current command 371 * slot, the command issue and active bits. 372 */ 373 if (!(p->cmd & AHCI_P_CMD_ST)) { 374 if (p->pending == 0) { 375 p->cmd &= ~(AHCI_P_CMD_CR | AHCI_P_CMD_CCS_MASK); 376 p->ci = 0; 377 p->sact = 0; 378 } 379 } 380 } 381 382 static void 383 ahci_port_stop(struct ahci_port *p) 384 { 385 struct ahci_ioreq *aior; 386 uint8_t *cfis; 387 int slot; 388 int ncq; 389 int error; 390 391 assert(pthread_mutex_isowned_np(&p->pr_sc->mtx)); 392 393 TAILQ_FOREACH(aior, &p->iobhd, io_blist) { 394 /* 395 * Try to cancel the outstanding blockif request. 396 */ 397 error = blockif_cancel(p->bctx, &aior->io_req); 398 if (error != 0) 399 continue; 400 401 slot = aior->slot; 402 cfis = aior->cfis; 403 if (cfis[2] == ATA_WRITE_FPDMA_QUEUED || 404 cfis[2] == ATA_READ_FPDMA_QUEUED) 405 ncq = 1; 406 407 if (ncq) 408 p->sact &= ~(1 << slot); 409 else 410 p->ci &= ~(1 << slot); 411 412 /* 413 * This command is now done. 414 */ 415 p->pending &= ~(1 << slot); 416 417 /* 418 * Delete the blockif request from the busy list 419 */ 420 TAILQ_REMOVE(&p->iobhd, aior, io_blist); 421 422 /* 423 * Move the blockif request back to the free list 424 */ 425 STAILQ_INSERT_TAIL(&p->iofhd, aior, io_flist); 426 } 427 428 ahci_check_stopped(p); 429 } 430 431 static void 432 ahci_port_reset(struct ahci_port *pr) 433 { 434 pr->sctl = 0; 435 pr->serr = 0; 436 pr->sact = 0; 437 pr->xfermode = ATA_UDMA6; 438 pr->mult_sectors = 128; 439 440 if (!pr->bctx) { 441 pr->ssts = ATA_SS_DET_NO_DEVICE; 442 pr->sig = 0xFFFFFFFF; 443 pr->tfd = 0x7F; 444 return; 445 } 446 pr->ssts = ATA_SS_DET_PHY_ONLINE | ATA_SS_SPD_GEN2 | 447 ATA_SS_IPM_ACTIVE; 448 pr->tfd = (1 << 8) | ATA_S_DSC | ATA_S_DMA; 449 if (!pr->atapi) { 450 pr->sig = PxSIG_ATA; 451 pr->tfd |= ATA_S_READY; 452 } else 453 pr->sig = PxSIG_ATAPI; 454 ahci_write_reset_fis_d2h(pr); 455 } 456 457 static void 458 ahci_reset(struct pci_ahci_softc *sc) 459 { 460 int i; 461 462 sc->ghc = AHCI_GHC_AE; 463 sc->is = 0; 464 465 if (sc->lintr) { 466 pci_lintr_deassert(sc->asc_pi); 467 sc->lintr = 0; 468 } 469 470 for (i = 0; i < sc->ports; i++) { 471 sc->port[i].ie = 0; 472 sc->port[i].is = 0; 473 ahci_port_reset(&sc->port[i]); 474 } 475 } 476 477 static void 478 ata_string(uint8_t *dest, const char *src, int len) 479 { 480 int i; 481 482 for (i = 0; i < len; i++) { 483 if (*src) 484 dest[i ^ 1] = *src++; 485 else 486 dest[i ^ 1] = ' '; 487 } 488 } 489 490 static void 491 atapi_string(uint8_t *dest, const char *src, int len) 492 { 493 int i; 494 495 for (i = 0; i < len; i++) { 496 if (*src) 497 dest[i] = *src++; 498 else 499 dest[i] = ' '; 500 } 501 } 502 503 static void 504 ahci_handle_dma(struct ahci_port *p, int slot, uint8_t *cfis, uint32_t done, 505 int seek) 506 { 507 struct ahci_ioreq *aior; 508 struct blockif_req *breq; 509 struct pci_ahci_softc *sc; 510 struct ahci_prdt_entry *prdt; 511 struct ahci_cmd_hdr *hdr; 512 uint64_t lba; 513 uint32_t len; 514 int i, err, iovcnt, ncq, readop; 515 516 sc = p->pr_sc; 517 prdt = (struct ahci_prdt_entry *)(cfis + 0x80); 518 hdr = (struct ahci_cmd_hdr *)(p->cmd_lst + slot * AHCI_CL_SIZE); 519 ncq = 0; 520 readop = 1; 521 522 prdt += seek; 523 if (cfis[2] == ATA_WRITE_DMA || cfis[2] == ATA_WRITE_DMA48 || 524 cfis[2] == ATA_WRITE_FPDMA_QUEUED) 525 readop = 0; 526 527 if (cfis[2] == ATA_WRITE_FPDMA_QUEUED || 528 cfis[2] == ATA_READ_FPDMA_QUEUED) { 529 lba = ((uint64_t)cfis[10] << 40) | 530 ((uint64_t)cfis[9] << 32) | 531 ((uint64_t)cfis[8] << 24) | 532 ((uint64_t)cfis[6] << 16) | 533 ((uint64_t)cfis[5] << 8) | 534 cfis[4]; 535 len = cfis[11] << 8 | cfis[3]; 536 if (!len) 537 len = 65536; 538 ncq = 1; 539 } else if (cfis[2] == ATA_READ_DMA48 || cfis[2] == ATA_WRITE_DMA48) { 540 lba = ((uint64_t)cfis[10] << 40) | 541 ((uint64_t)cfis[9] << 32) | 542 ((uint64_t)cfis[8] << 24) | 543 ((uint64_t)cfis[6] << 16) | 544 ((uint64_t)cfis[5] << 8) | 545 cfis[4]; 546 len = cfis[13] << 8 | cfis[12]; 547 if (!len) 548 len = 65536; 549 } else { 550 lba = ((cfis[7] & 0xf) << 24) | (cfis[6] << 16) | 551 (cfis[5] << 8) | cfis[4]; 552 len = cfis[12]; 553 if (!len) 554 len = 256; 555 } 556 lba *= blockif_sectsz(p->bctx); 557 len *= blockif_sectsz(p->bctx); 558 559 /* 560 * Pull request off free list 561 */ 562 aior = STAILQ_FIRST(&p->iofhd); 563 assert(aior != NULL); 564 STAILQ_REMOVE_HEAD(&p->iofhd, io_flist); 565 aior->cfis = cfis; 566 aior->slot = slot; 567 aior->len = len; 568 aior->done = done; 569 breq = &aior->io_req; 570 breq->br_offset = lba + done; 571 iovcnt = hdr->prdtl - seek; 572 if (iovcnt > BLOCKIF_IOV_MAX) { 573 aior->prdtl = iovcnt - BLOCKIF_IOV_MAX; 574 iovcnt = BLOCKIF_IOV_MAX; 575 } else 576 aior->prdtl = 0; 577 breq->br_iovcnt = iovcnt; 578 579 /* 580 * Mark this command in-flight. 581 */ 582 p->pending |= 1 << slot; 583 584 /* 585 * Stuff request onto busy list 586 */ 587 TAILQ_INSERT_HEAD(&p->iobhd, aior, io_blist); 588 589 /* 590 * Build up the iovec based on the prdt 591 */ 592 for (i = 0; i < iovcnt; i++) { 593 uint32_t dbcsz; 594 595 dbcsz = (prdt->dbc & DBCMASK) + 1; 596 breq->br_iov[i].iov_base = paddr_guest2host(ahci_ctx(sc), 597 prdt->dba, dbcsz); 598 breq->br_iov[i].iov_len = dbcsz; 599 aior->done += dbcsz; 600 prdt++; 601 } 602 if (readop) 603 err = blockif_read(p->bctx, breq); 604 else 605 err = blockif_write(p->bctx, breq); 606 assert(err == 0); 607 608 if (ncq) 609 p->ci &= ~(1 << slot); 610 } 611 612 static void 613 ahci_handle_flush(struct ahci_port *p, int slot, uint8_t *cfis) 614 { 615 struct ahci_ioreq *aior; 616 struct blockif_req *breq; 617 int err; 618 619 /* 620 * Pull request off free list 621 */ 622 aior = STAILQ_FIRST(&p->iofhd); 623 assert(aior != NULL); 624 STAILQ_REMOVE_HEAD(&p->iofhd, io_flist); 625 aior->cfis = cfis; 626 aior->slot = slot; 627 aior->len = 0; 628 aior->done = 0; 629 aior->prdtl = 0; 630 breq = &aior->io_req; 631 632 /* 633 * Mark this command in-flight. 634 */ 635 p->pending |= 1 << slot; 636 637 /* 638 * Stuff request onto busy list 639 */ 640 TAILQ_INSERT_HEAD(&p->iobhd, aior, io_blist); 641 642 err = blockif_flush(p->bctx, breq); 643 assert(err == 0); 644 } 645 646 static inline void 647 write_prdt(struct ahci_port *p, int slot, uint8_t *cfis, 648 void *buf, int size) 649 { 650 struct ahci_cmd_hdr *hdr; 651 struct ahci_prdt_entry *prdt; 652 void *from; 653 int i, len; 654 655 hdr = (struct ahci_cmd_hdr *)(p->cmd_lst + slot * AHCI_CL_SIZE); 656 len = size; 657 from = buf; 658 prdt = (struct ahci_prdt_entry *)(cfis + 0x80); 659 for (i = 0; i < hdr->prdtl && len; i++) { 660 uint8_t *ptr; 661 uint32_t dbcsz; 662 int sublen; 663 664 dbcsz = (prdt->dbc & DBCMASK) + 1; 665 ptr = paddr_guest2host(ahci_ctx(p->pr_sc), prdt->dba, dbcsz); 666 sublen = len < dbcsz ? len : dbcsz; 667 memcpy(ptr, from, sublen); 668 len -= sublen; 669 from += sublen; 670 prdt++; 671 } 672 hdr->prdbc = size - len; 673 } 674 675 static void 676 handle_identify(struct ahci_port *p, int slot, uint8_t *cfis) 677 { 678 struct ahci_cmd_hdr *hdr; 679 680 hdr = (struct ahci_cmd_hdr *)(p->cmd_lst + slot * AHCI_CL_SIZE); 681 if (p->atapi || hdr->prdtl == 0) { 682 p->tfd = (ATA_E_ABORT << 8) | ATA_S_READY | ATA_S_ERROR; 683 p->is |= AHCI_P_IX_TFE; 684 } else { 685 uint16_t buf[256]; 686 uint64_t sectors; 687 int sectsz, psectsz, psectoff; 688 uint16_t cyl; 689 uint8_t sech, heads; 690 691 sectsz = blockif_sectsz(p->bctx); 692 sectors = blockif_size(p->bctx) / sectsz; 693 blockif_chs(p->bctx, &cyl, &heads, &sech); 694 blockif_psectsz(p->bctx, &psectsz, &psectoff); 695 memset(buf, 0, sizeof(buf)); 696 buf[0] = 0x0040; 697 buf[1] = cyl; 698 buf[3] = heads; 699 buf[6] = sech; 700 /* TODO emulate different serial? */ 701 ata_string((uint8_t *)(buf+10), "123456", 20); 702 ata_string((uint8_t *)(buf+23), "001", 8); 703 ata_string((uint8_t *)(buf+27), "BHYVE SATA DISK", 40); 704 buf[47] = (0x8000 | 128); 705 buf[48] = 0x1; 706 buf[49] = (1 << 8 | 1 << 9 | 1 << 11); 707 buf[50] = (1 << 14); 708 buf[53] = (1 << 1 | 1 << 2); 709 if (p->mult_sectors) 710 buf[59] = (0x100 | p->mult_sectors); 711 buf[60] = sectors; 712 buf[61] = (sectors >> 16); 713 buf[63] = 0x7; 714 if (p->xfermode & ATA_WDMA0) 715 buf[63] |= (1 << ((p->xfermode & 7) + 8)); 716 buf[64] = 0x3; 717 buf[65] = 100; 718 buf[66] = 100; 719 buf[67] = 100; 720 buf[68] = 100; 721 buf[75] = 31; 722 buf[76] = (1 << 8 | 1 << 2); 723 buf[80] = 0x1f0; 724 buf[81] = 0x28; 725 buf[82] = (1 << 5 | 1 << 14); 726 buf[83] = (1 << 10 | 1 << 12 | 1 << 13 | 1 << 14); 727 buf[84] = (1 << 14); 728 buf[85] = (1 << 5 | 1 << 14); 729 buf[86] = (1 << 10 | 1 << 12 | 1 << 13); 730 buf[87] = (1 << 14); 731 buf[88] = 0x7f; 732 if (p->xfermode & ATA_UDMA0) 733 buf[88] |= (1 << ((p->xfermode & 7) + 8)); 734 buf[93] = (1 | 1 <<14); 735 buf[100] = sectors; 736 buf[101] = (sectors >> 16); 737 buf[102] = (sectors >> 32); 738 buf[103] = (sectors >> 48); 739 buf[106] = 0x4000; 740 buf[209] = 0x4000; 741 if (psectsz > sectsz) { 742 buf[106] |= 0x2000; 743 buf[106] |= ffsl(psectsz / sectsz) - 1; 744 buf[209] |= (psectoff / sectsz); 745 } 746 if (sectsz > 512) { 747 buf[106] |= 0x1000; 748 buf[117] = sectsz / 2; 749 buf[118] = ((sectsz / 2) >> 16); 750 } 751 ahci_write_fis_piosetup(p); 752 write_prdt(p, slot, cfis, (void *)buf, sizeof(buf)); 753 p->tfd = ATA_S_DSC | ATA_S_READY; 754 p->is |= AHCI_P_IX_DP; 755 p->ci &= ~(1 << slot); 756 } 757 ahci_generate_intr(p->pr_sc); 758 } 759 760 static void 761 handle_atapi_identify(struct ahci_port *p, int slot, uint8_t *cfis) 762 { 763 if (!p->atapi) { 764 p->tfd = (ATA_E_ABORT << 8) | ATA_S_READY | ATA_S_ERROR; 765 p->is |= AHCI_P_IX_TFE; 766 } else { 767 uint16_t buf[256]; 768 769 memset(buf, 0, sizeof(buf)); 770 buf[0] = (2 << 14 | 5 << 8 | 1 << 7 | 2 << 5); 771 /* TODO emulate different serial? */ 772 ata_string((uint8_t *)(buf+10), "123456", 20); 773 ata_string((uint8_t *)(buf+23), "001", 8); 774 ata_string((uint8_t *)(buf+27), "BHYVE SATA DVD ROM", 40); 775 buf[49] = (1 << 9 | 1 << 8); 776 buf[50] = (1 << 14 | 1); 777 buf[53] = (1 << 2 | 1 << 1); 778 buf[62] = 0x3f; 779 buf[63] = 7; 780 buf[64] = 3; 781 buf[65] = 100; 782 buf[66] = 100; 783 buf[67] = 100; 784 buf[68] = 100; 785 buf[76] = (1 << 2 | 1 << 1); 786 buf[78] = (1 << 5); 787 buf[80] = (0x1f << 4); 788 buf[82] = (1 << 4); 789 buf[83] = (1 << 14); 790 buf[84] = (1 << 14); 791 buf[85] = (1 << 4); 792 buf[87] = (1 << 14); 793 buf[88] = (1 << 14 | 0x7f); 794 ahci_write_fis_piosetup(p); 795 write_prdt(p, slot, cfis, (void *)buf, sizeof(buf)); 796 p->tfd = ATA_S_DSC | ATA_S_READY; 797 p->is |= AHCI_P_IX_DHR; 798 p->ci &= ~(1 << slot); 799 } 800 ahci_generate_intr(p->pr_sc); 801 } 802 803 static void 804 atapi_inquiry(struct ahci_port *p, int slot, uint8_t *cfis) 805 { 806 uint8_t buf[36]; 807 uint8_t *acmd; 808 int len; 809 810 acmd = cfis + 0x40; 811 812 buf[0] = 0x05; 813 buf[1] = 0x80; 814 buf[2] = 0x00; 815 buf[3] = 0x21; 816 buf[4] = 31; 817 buf[5] = 0; 818 buf[6] = 0; 819 buf[7] = 0; 820 atapi_string(buf + 8, "BHYVE", 8); 821 atapi_string(buf + 16, "BHYVE DVD-ROM", 16); 822 atapi_string(buf + 32, "001", 4); 823 824 len = sizeof(buf); 825 if (len > acmd[4]) 826 len = acmd[4]; 827 cfis[4] = (cfis[4] & ~7) | ATA_I_CMD | ATA_I_IN; 828 write_prdt(p, slot, cfis, buf, len); 829 ahci_write_fis_d2h(p, slot, cfis, ATA_S_READY | ATA_S_DSC); 830 } 831 832 static void 833 atapi_read_capacity(struct ahci_port *p, int slot, uint8_t *cfis) 834 { 835 uint8_t buf[8]; 836 uint64_t sectors; 837 838 sectors = blockif_size(p->bctx) / 2048; 839 be32enc(buf, sectors - 1); 840 be32enc(buf + 4, 2048); 841 cfis[4] = (cfis[4] & ~7) | ATA_I_CMD | ATA_I_IN; 842 write_prdt(p, slot, cfis, buf, sizeof(buf)); 843 ahci_write_fis_d2h(p, slot, cfis, ATA_S_READY | ATA_S_DSC); 844 } 845 846 static void 847 atapi_read_toc(struct ahci_port *p, int slot, uint8_t *cfis) 848 { 849 uint8_t *acmd; 850 uint8_t format; 851 int len; 852 853 acmd = cfis + 0x40; 854 855 len = be16dec(acmd + 7); 856 format = acmd[9] >> 6; 857 switch (format) { 858 case 0: 859 { 860 int msf, size; 861 uint64_t sectors; 862 uint8_t start_track, buf[20], *bp; 863 864 msf = (acmd[1] >> 1) & 1; 865 start_track = acmd[6]; 866 if (start_track > 1 && start_track != 0xaa) { 867 uint32_t tfd; 868 p->sense_key = ATA_SENSE_ILLEGAL_REQUEST; 869 p->asc = 0x24; 870 tfd = (p->sense_key << 12) | ATA_S_READY | ATA_S_ERROR; 871 cfis[4] = (cfis[4] & ~7) | ATA_I_CMD | ATA_I_IN; 872 ahci_write_fis_d2h(p, slot, cfis, tfd); 873 return; 874 } 875 bp = buf + 2; 876 *bp++ = 1; 877 *bp++ = 1; 878 if (start_track <= 1) { 879 *bp++ = 0; 880 *bp++ = 0x14; 881 *bp++ = 1; 882 *bp++ = 0; 883 if (msf) { 884 *bp++ = 0; 885 lba_to_msf(bp, 0); 886 bp += 3; 887 } else { 888 *bp++ = 0; 889 *bp++ = 0; 890 *bp++ = 0; 891 *bp++ = 0; 892 } 893 } 894 *bp++ = 0; 895 *bp++ = 0x14; 896 *bp++ = 0xaa; 897 *bp++ = 0; 898 sectors = blockif_size(p->bctx) / blockif_sectsz(p->bctx); 899 sectors >>= 2; 900 if (msf) { 901 *bp++ = 0; 902 lba_to_msf(bp, sectors); 903 bp += 3; 904 } else { 905 be32enc(bp, sectors); 906 bp += 4; 907 } 908 size = bp - buf; 909 be16enc(buf, size - 2); 910 if (len > size) 911 len = size; 912 write_prdt(p, slot, cfis, buf, len); 913 cfis[4] = (cfis[4] & ~7) | ATA_I_CMD | ATA_I_IN; 914 ahci_write_fis_d2h(p, slot, cfis, ATA_S_READY | ATA_S_DSC); 915 break; 916 } 917 case 1: 918 { 919 uint8_t buf[12]; 920 921 memset(buf, 0, sizeof(buf)); 922 buf[1] = 0xa; 923 buf[2] = 0x1; 924 buf[3] = 0x1; 925 if (len > sizeof(buf)) 926 len = sizeof(buf); 927 write_prdt(p, slot, cfis, buf, len); 928 cfis[4] = (cfis[4] & ~7) | ATA_I_CMD | ATA_I_IN; 929 ahci_write_fis_d2h(p, slot, cfis, ATA_S_READY | ATA_S_DSC); 930 break; 931 } 932 case 2: 933 { 934 int msf, size; 935 uint64_t sectors; 936 uint8_t start_track, *bp, buf[50]; 937 938 msf = (acmd[1] >> 1) & 1; 939 start_track = acmd[6]; 940 bp = buf + 2; 941 *bp++ = 1; 942 *bp++ = 1; 943 944 *bp++ = 1; 945 *bp++ = 0x14; 946 *bp++ = 0; 947 *bp++ = 0xa0; 948 *bp++ = 0; 949 *bp++ = 0; 950 *bp++ = 0; 951 *bp++ = 0; 952 *bp++ = 1; 953 *bp++ = 0; 954 *bp++ = 0; 955 956 *bp++ = 1; 957 *bp++ = 0x14; 958 *bp++ = 0; 959 *bp++ = 0xa1; 960 *bp++ = 0; 961 *bp++ = 0; 962 *bp++ = 0; 963 *bp++ = 0; 964 *bp++ = 1; 965 *bp++ = 0; 966 *bp++ = 0; 967 968 *bp++ = 1; 969 *bp++ = 0x14; 970 *bp++ = 0; 971 *bp++ = 0xa2; 972 *bp++ = 0; 973 *bp++ = 0; 974 *bp++ = 0; 975 sectors = blockif_size(p->bctx) / blockif_sectsz(p->bctx); 976 sectors >>= 2; 977 if (msf) { 978 *bp++ = 0; 979 lba_to_msf(bp, sectors); 980 bp += 3; 981 } else { 982 be32enc(bp, sectors); 983 bp += 4; 984 } 985 986 *bp++ = 1; 987 *bp++ = 0x14; 988 *bp++ = 0; 989 *bp++ = 1; 990 *bp++ = 0; 991 *bp++ = 0; 992 *bp++ = 0; 993 if (msf) { 994 *bp++ = 0; 995 lba_to_msf(bp, 0); 996 bp += 3; 997 } else { 998 *bp++ = 0; 999 *bp++ = 0; 1000 *bp++ = 0; 1001 *bp++ = 0; 1002 } 1003 1004 size = bp - buf; 1005 be16enc(buf, size - 2); 1006 if (len > size) 1007 len = size; 1008 write_prdt(p, slot, cfis, buf, len); 1009 cfis[4] = (cfis[4] & ~7) | ATA_I_CMD | ATA_I_IN; 1010 ahci_write_fis_d2h(p, slot, cfis, ATA_S_READY | ATA_S_DSC); 1011 break; 1012 } 1013 default: 1014 { 1015 uint32_t tfd; 1016 1017 p->sense_key = ATA_SENSE_ILLEGAL_REQUEST; 1018 p->asc = 0x24; 1019 tfd = (p->sense_key << 12) | ATA_S_READY | ATA_S_ERROR; 1020 cfis[4] = (cfis[4] & ~7) | ATA_I_CMD | ATA_I_IN; 1021 ahci_write_fis_d2h(p, slot, cfis, tfd); 1022 break; 1023 } 1024 } 1025 } 1026 1027 static void 1028 atapi_read(struct ahci_port *p, int slot, uint8_t *cfis, 1029 uint32_t done, int seek) 1030 { 1031 struct ahci_ioreq *aior; 1032 struct ahci_cmd_hdr *hdr; 1033 struct ahci_prdt_entry *prdt; 1034 struct blockif_req *breq; 1035 struct pci_ahci_softc *sc; 1036 uint8_t *acmd; 1037 uint64_t lba; 1038 uint32_t len; 1039 int i, err, iovcnt; 1040 1041 sc = p->pr_sc; 1042 acmd = cfis + 0x40; 1043 hdr = (struct ahci_cmd_hdr *)(p->cmd_lst + slot * AHCI_CL_SIZE); 1044 prdt = (struct ahci_prdt_entry *)(cfis + 0x80); 1045 1046 prdt += seek; 1047 lba = be32dec(acmd + 2); 1048 if (acmd[0] == READ_10) 1049 len = be16dec(acmd + 7); 1050 else 1051 len = be32dec(acmd + 6); 1052 if (len == 0) { 1053 cfis[4] = (cfis[4] & ~7) | ATA_I_CMD | ATA_I_IN; 1054 ahci_write_fis_d2h(p, slot, cfis, ATA_S_READY | ATA_S_DSC); 1055 } 1056 lba *= 2048; 1057 len *= 2048; 1058 1059 /* 1060 * Pull request off free list 1061 */ 1062 aior = STAILQ_FIRST(&p->iofhd); 1063 assert(aior != NULL); 1064 STAILQ_REMOVE_HEAD(&p->iofhd, io_flist); 1065 aior->cfis = cfis; 1066 aior->slot = slot; 1067 aior->len = len; 1068 aior->done = done; 1069 breq = &aior->io_req; 1070 breq->br_offset = lba + done; 1071 iovcnt = hdr->prdtl - seek; 1072 if (iovcnt > BLOCKIF_IOV_MAX) { 1073 aior->prdtl = iovcnt - BLOCKIF_IOV_MAX; 1074 iovcnt = BLOCKIF_IOV_MAX; 1075 } else 1076 aior->prdtl = 0; 1077 breq->br_iovcnt = iovcnt; 1078 1079 /* 1080 * Mark this command in-flight. 1081 */ 1082 p->pending |= 1 << slot; 1083 1084 /* 1085 * Stuff request onto busy list 1086 */ 1087 TAILQ_INSERT_HEAD(&p->iobhd, aior, io_blist); 1088 1089 /* 1090 * Build up the iovec based on the prdt 1091 */ 1092 for (i = 0; i < iovcnt; i++) { 1093 uint32_t dbcsz; 1094 1095 dbcsz = (prdt->dbc & DBCMASK) + 1; 1096 breq->br_iov[i].iov_base = paddr_guest2host(ahci_ctx(sc), 1097 prdt->dba, dbcsz); 1098 breq->br_iov[i].iov_len = dbcsz; 1099 aior->done += dbcsz; 1100 prdt++; 1101 } 1102 err = blockif_read(p->bctx, breq); 1103 assert(err == 0); 1104 } 1105 1106 static void 1107 atapi_request_sense(struct ahci_port *p, int slot, uint8_t *cfis) 1108 { 1109 uint8_t buf[64]; 1110 uint8_t *acmd; 1111 int len; 1112 1113 acmd = cfis + 0x40; 1114 len = acmd[4]; 1115 if (len > sizeof(buf)) 1116 len = sizeof(buf); 1117 memset(buf, 0, len); 1118 buf[0] = 0x70 | (1 << 7); 1119 buf[2] = p->sense_key; 1120 buf[7] = 10; 1121 buf[12] = p->asc; 1122 write_prdt(p, slot, cfis, buf, len); 1123 cfis[4] = (cfis[4] & ~7) | ATA_I_CMD | ATA_I_IN; 1124 ahci_write_fis_d2h(p, slot, cfis, ATA_S_READY | ATA_S_DSC); 1125 } 1126 1127 static void 1128 atapi_start_stop_unit(struct ahci_port *p, int slot, uint8_t *cfis) 1129 { 1130 uint8_t *acmd = cfis + 0x40; 1131 uint32_t tfd; 1132 1133 switch (acmd[4] & 3) { 1134 case 0: 1135 case 1: 1136 case 3: 1137 cfis[4] = (cfis[4] & ~7) | ATA_I_CMD | ATA_I_IN; 1138 tfd = ATA_S_READY | ATA_S_DSC; 1139 break; 1140 case 2: 1141 /* TODO eject media */ 1142 cfis[4] = (cfis[4] & ~7) | ATA_I_CMD | ATA_I_IN; 1143 p->sense_key = ATA_SENSE_ILLEGAL_REQUEST; 1144 p->asc = 0x53; 1145 tfd = (p->sense_key << 12) | ATA_S_READY | ATA_S_ERROR; 1146 break; 1147 } 1148 ahci_write_fis_d2h(p, slot, cfis, tfd); 1149 } 1150 1151 static void 1152 atapi_mode_sense(struct ahci_port *p, int slot, uint8_t *cfis) 1153 { 1154 uint8_t *acmd; 1155 uint32_t tfd; 1156 uint8_t pc, code; 1157 int len; 1158 1159 acmd = cfis + 0x40; 1160 len = be16dec(acmd + 7); 1161 pc = acmd[2] >> 6; 1162 code = acmd[2] & 0x3f; 1163 1164 switch (pc) { 1165 case 0: 1166 switch (code) { 1167 case MODEPAGE_RW_ERROR_RECOVERY: 1168 { 1169 uint8_t buf[16]; 1170 1171 if (len > sizeof(buf)) 1172 len = sizeof(buf); 1173 1174 memset(buf, 0, sizeof(buf)); 1175 be16enc(buf, 16 - 2); 1176 buf[2] = 0x70; 1177 buf[8] = 0x01; 1178 buf[9] = 16 - 10; 1179 buf[11] = 0x05; 1180 write_prdt(p, slot, cfis, buf, len); 1181 tfd = ATA_S_READY | ATA_S_DSC; 1182 break; 1183 } 1184 case MODEPAGE_CD_CAPABILITIES: 1185 { 1186 uint8_t buf[30]; 1187 1188 if (len > sizeof(buf)) 1189 len = sizeof(buf); 1190 1191 memset(buf, 0, sizeof(buf)); 1192 be16enc(buf, 30 - 2); 1193 buf[2] = 0x70; 1194 buf[8] = 0x2A; 1195 buf[9] = 30 - 10; 1196 buf[10] = 0x08; 1197 buf[12] = 0x71; 1198 be16enc(&buf[18], 2); 1199 be16enc(&buf[20], 512); 1200 write_prdt(p, slot, cfis, buf, len); 1201 tfd = ATA_S_READY | ATA_S_DSC; 1202 break; 1203 } 1204 default: 1205 goto error; 1206 break; 1207 } 1208 break; 1209 case 3: 1210 p->sense_key = ATA_SENSE_ILLEGAL_REQUEST; 1211 p->asc = 0x39; 1212 tfd = (p->sense_key << 12) | ATA_S_READY | ATA_S_ERROR; 1213 break; 1214 error: 1215 case 1: 1216 case 2: 1217 p->sense_key = ATA_SENSE_ILLEGAL_REQUEST; 1218 p->asc = 0x24; 1219 tfd = (p->sense_key << 12) | ATA_S_READY | ATA_S_ERROR; 1220 break; 1221 } 1222 cfis[4] = (cfis[4] & ~7) | ATA_I_CMD | ATA_I_IN; 1223 ahci_write_fis_d2h(p, slot, cfis, tfd); 1224 } 1225 1226 static void 1227 atapi_get_event_status_notification(struct ahci_port *p, int slot, 1228 uint8_t *cfis) 1229 { 1230 uint8_t *acmd; 1231 uint32_t tfd; 1232 1233 acmd = cfis + 0x40; 1234 1235 /* we don't support asynchronous operation */ 1236 if (!(acmd[1] & 1)) { 1237 p->sense_key = ATA_SENSE_ILLEGAL_REQUEST; 1238 p->asc = 0x24; 1239 tfd = (p->sense_key << 12) | ATA_S_READY | ATA_S_ERROR; 1240 } else { 1241 uint8_t buf[8]; 1242 int len; 1243 1244 len = be16dec(acmd + 7); 1245 if (len > sizeof(buf)) 1246 len = sizeof(buf); 1247 1248 memset(buf, 0, sizeof(buf)); 1249 be16enc(buf, 8 - 2); 1250 buf[2] = 0x04; 1251 buf[3] = 0x10; 1252 buf[5] = 0x02; 1253 write_prdt(p, slot, cfis, buf, len); 1254 tfd = ATA_S_READY | ATA_S_DSC; 1255 } 1256 cfis[4] = (cfis[4] & ~7) | ATA_I_CMD | ATA_I_IN; 1257 ahci_write_fis_d2h(p, slot, cfis, tfd); 1258 } 1259 1260 static void 1261 handle_packet_cmd(struct ahci_port *p, int slot, uint8_t *cfis) 1262 { 1263 uint8_t *acmd; 1264 1265 acmd = cfis + 0x40; 1266 1267 #ifdef AHCI_DEBUG 1268 { 1269 int i; 1270 DPRINTF("ACMD:"); 1271 for (i = 0; i < 16; i++) 1272 DPRINTF("%02x ", acmd[i]); 1273 DPRINTF("\n"); 1274 } 1275 #endif 1276 1277 switch (acmd[0]) { 1278 case TEST_UNIT_READY: 1279 cfis[4] = (cfis[4] & ~7) | ATA_I_CMD | ATA_I_IN; 1280 ahci_write_fis_d2h(p, slot, cfis, ATA_S_READY | ATA_S_DSC); 1281 break; 1282 case INQUIRY: 1283 atapi_inquiry(p, slot, cfis); 1284 break; 1285 case READ_CAPACITY: 1286 atapi_read_capacity(p, slot, cfis); 1287 break; 1288 case PREVENT_ALLOW: 1289 /* TODO */ 1290 cfis[4] = (cfis[4] & ~7) | ATA_I_CMD | ATA_I_IN; 1291 ahci_write_fis_d2h(p, slot, cfis, ATA_S_READY | ATA_S_DSC); 1292 break; 1293 case READ_TOC: 1294 atapi_read_toc(p, slot, cfis); 1295 break; 1296 case READ_10: 1297 case READ_12: 1298 atapi_read(p, slot, cfis, 0, 0); 1299 break; 1300 case REQUEST_SENSE: 1301 atapi_request_sense(p, slot, cfis); 1302 break; 1303 case START_STOP_UNIT: 1304 atapi_start_stop_unit(p, slot, cfis); 1305 break; 1306 case MODE_SENSE_10: 1307 atapi_mode_sense(p, slot, cfis); 1308 break; 1309 case GET_EVENT_STATUS_NOTIFICATION: 1310 atapi_get_event_status_notification(p, slot, cfis); 1311 break; 1312 default: 1313 cfis[4] = (cfis[4] & ~7) | ATA_I_CMD | ATA_I_IN; 1314 p->sense_key = ATA_SENSE_ILLEGAL_REQUEST; 1315 p->asc = 0x20; 1316 ahci_write_fis_d2h(p, slot, cfis, (p->sense_key << 12) | 1317 ATA_S_READY | ATA_S_ERROR); 1318 break; 1319 } 1320 } 1321 1322 static void 1323 ahci_handle_cmd(struct ahci_port *p, int slot, uint8_t *cfis) 1324 { 1325 1326 switch (cfis[2]) { 1327 case ATA_ATA_IDENTIFY: 1328 handle_identify(p, slot, cfis); 1329 break; 1330 case ATA_SETFEATURES: 1331 { 1332 switch (cfis[3]) { 1333 case ATA_SF_ENAB_SATA_SF: 1334 switch (cfis[12]) { 1335 case ATA_SATA_SF_AN: 1336 p->tfd = ATA_S_DSC | ATA_S_READY; 1337 break; 1338 default: 1339 p->tfd = ATA_S_ERROR | ATA_S_READY; 1340 p->tfd |= (ATA_ERROR_ABORT << 8); 1341 break; 1342 } 1343 break; 1344 case ATA_SF_ENAB_WCACHE: 1345 case ATA_SF_DIS_WCACHE: 1346 case ATA_SF_ENAB_RCACHE: 1347 case ATA_SF_DIS_RCACHE: 1348 p->tfd = ATA_S_DSC | ATA_S_READY; 1349 break; 1350 case ATA_SF_SETXFER: 1351 { 1352 switch (cfis[12] & 0xf8) { 1353 case ATA_PIO: 1354 case ATA_PIO0: 1355 break; 1356 case ATA_WDMA0: 1357 case ATA_UDMA0: 1358 p->xfermode = (cfis[12] & 0x7); 1359 break; 1360 } 1361 p->tfd = ATA_S_DSC | ATA_S_READY; 1362 break; 1363 } 1364 default: 1365 p->tfd = ATA_S_ERROR | ATA_S_READY; 1366 p->tfd |= (ATA_ERROR_ABORT << 8); 1367 break; 1368 } 1369 ahci_write_fis_d2h(p, slot, cfis, p->tfd); 1370 break; 1371 } 1372 case ATA_SET_MULTI: 1373 if (cfis[12] != 0 && 1374 (cfis[12] > 128 || (cfis[12] & (cfis[12] - 1)))) { 1375 p->tfd = ATA_S_ERROR | ATA_S_READY; 1376 p->tfd |= (ATA_ERROR_ABORT << 8); 1377 } else { 1378 p->mult_sectors = cfis[12]; 1379 p->tfd = ATA_S_DSC | ATA_S_READY; 1380 } 1381 p->is |= AHCI_P_IX_DP; 1382 p->ci &= ~(1 << slot); 1383 ahci_generate_intr(p->pr_sc); 1384 break; 1385 case ATA_READ_DMA: 1386 case ATA_WRITE_DMA: 1387 case ATA_READ_DMA48: 1388 case ATA_WRITE_DMA48: 1389 case ATA_READ_FPDMA_QUEUED: 1390 case ATA_WRITE_FPDMA_QUEUED: 1391 ahci_handle_dma(p, slot, cfis, 0, 0); 1392 break; 1393 case ATA_FLUSHCACHE: 1394 case ATA_FLUSHCACHE48: 1395 ahci_handle_flush(p, slot, cfis); 1396 break; 1397 case ATA_STANDBY_CMD: 1398 break; 1399 case ATA_NOP: 1400 case ATA_STANDBY_IMMEDIATE: 1401 case ATA_IDLE_IMMEDIATE: 1402 case ATA_SLEEP: 1403 ahci_write_fis_d2h(p, slot, cfis, ATA_S_READY | ATA_S_DSC); 1404 break; 1405 case ATA_ATAPI_IDENTIFY: 1406 handle_atapi_identify(p, slot, cfis); 1407 break; 1408 case ATA_PACKET_CMD: 1409 if (!p->atapi) { 1410 p->tfd = (ATA_E_ABORT << 8) | ATA_S_READY | ATA_S_ERROR; 1411 p->is |= AHCI_P_IX_TFE; 1412 ahci_generate_intr(p->pr_sc); 1413 } else 1414 handle_packet_cmd(p, slot, cfis); 1415 break; 1416 default: 1417 WPRINTF("Unsupported cmd:%02x\n", cfis[2]); 1418 p->tfd = (ATA_E_ABORT << 8) | ATA_S_READY | ATA_S_ERROR; 1419 p->is |= AHCI_P_IX_TFE; 1420 ahci_generate_intr(p->pr_sc); 1421 break; 1422 } 1423 } 1424 1425 static void 1426 ahci_handle_slot(struct ahci_port *p, int slot) 1427 { 1428 struct ahci_cmd_hdr *hdr; 1429 struct ahci_prdt_entry *prdt; 1430 struct pci_ahci_softc *sc; 1431 uint8_t *cfis; 1432 int cfl; 1433 1434 sc = p->pr_sc; 1435 hdr = (struct ahci_cmd_hdr *)(p->cmd_lst + slot * AHCI_CL_SIZE); 1436 cfl = (hdr->flags & 0x1f) * 4; 1437 cfis = paddr_guest2host(ahci_ctx(sc), hdr->ctba, 1438 0x80 + hdr->prdtl * sizeof(struct ahci_prdt_entry)); 1439 prdt = (struct ahci_prdt_entry *)(cfis + 0x80); 1440 1441 #ifdef AHCI_DEBUG 1442 DPRINTF("\ncfis:"); 1443 for (i = 0; i < cfl; i++) { 1444 if (i % 10 == 0) 1445 DPRINTF("\n"); 1446 DPRINTF("%02x ", cfis[i]); 1447 } 1448 DPRINTF("\n"); 1449 1450 for (i = 0; i < hdr->prdtl; i++) { 1451 DPRINTF("%d@%08"PRIx64"\n", prdt->dbc & 0x3fffff, prdt->dba); 1452 prdt++; 1453 } 1454 #endif 1455 1456 if (cfis[0] != FIS_TYPE_REGH2D) { 1457 WPRINTF("Not a H2D FIS:%02x\n", cfis[0]); 1458 return; 1459 } 1460 1461 if (cfis[1] & 0x80) { 1462 ahci_handle_cmd(p, slot, cfis); 1463 } else { 1464 if (cfis[15] & (1 << 2)) 1465 p->reset = 1; 1466 else if (p->reset) { 1467 p->reset = 0; 1468 ahci_port_reset(p); 1469 } 1470 p->ci &= ~(1 << slot); 1471 } 1472 } 1473 1474 static void 1475 ahci_handle_port(struct ahci_port *p) 1476 { 1477 int i; 1478 1479 if (!(p->cmd & AHCI_P_CMD_ST)) 1480 return; 1481 1482 /* 1483 * Search for any new commands to issue ignoring those that 1484 * are already in-flight. 1485 */ 1486 for (i = 0; (i < 32) && p->ci; i++) { 1487 if ((p->ci & (1 << i)) && !(p->pending & (1 << i))) { 1488 p->cmd &= ~AHCI_P_CMD_CCS_MASK; 1489 p->cmd |= i << AHCI_P_CMD_CCS_SHIFT; 1490 ahci_handle_slot(p, i); 1491 } 1492 } 1493 } 1494 1495 /* 1496 * blockif callback routine - this runs in the context of the blockif 1497 * i/o thread, so the mutex needs to be acquired. 1498 */ 1499 static void 1500 ata_ioreq_cb(struct blockif_req *br, int err) 1501 { 1502 struct ahci_cmd_hdr *hdr; 1503 struct ahci_ioreq *aior; 1504 struct ahci_port *p; 1505 struct pci_ahci_softc *sc; 1506 uint32_t tfd; 1507 uint8_t *cfis; 1508 int pending, slot, ncq; 1509 1510 DPRINTF("%s %d\n", __func__, err); 1511 1512 ncq = 0; 1513 aior = br->br_param; 1514 p = aior->io_pr; 1515 cfis = aior->cfis; 1516 slot = aior->slot; 1517 pending = aior->prdtl; 1518 sc = p->pr_sc; 1519 hdr = (struct ahci_cmd_hdr *)(p->cmd_lst + slot * AHCI_CL_SIZE); 1520 1521 if (cfis[2] == ATA_WRITE_FPDMA_QUEUED || 1522 cfis[2] == ATA_READ_FPDMA_QUEUED) 1523 ncq = 1; 1524 1525 pthread_mutex_lock(&sc->mtx); 1526 1527 /* 1528 * Delete the blockif request from the busy list 1529 */ 1530 TAILQ_REMOVE(&p->iobhd, aior, io_blist); 1531 1532 /* 1533 * Move the blockif request back to the free list 1534 */ 1535 STAILQ_INSERT_TAIL(&p->iofhd, aior, io_flist); 1536 1537 if (pending && !err) { 1538 ahci_handle_dma(p, slot, cfis, aior->done, 1539 hdr->prdtl - pending); 1540 goto out; 1541 } 1542 1543 if (!err && aior->done == aior->len) { 1544 tfd = ATA_S_READY | ATA_S_DSC; 1545 if (ncq) 1546 hdr->prdbc = 0; 1547 else 1548 hdr->prdbc = aior->len; 1549 } else { 1550 tfd = (ATA_E_ABORT << 8) | ATA_S_READY | ATA_S_ERROR; 1551 hdr->prdbc = 0; 1552 if (ncq) 1553 p->serr |= (1 << slot); 1554 } 1555 1556 if (ncq) { 1557 p->sact &= ~(1 << slot); 1558 ahci_write_fis_sdb(p, slot, tfd); 1559 } else 1560 ahci_write_fis_d2h(p, slot, cfis, tfd); 1561 1562 /* 1563 * This command is now complete. 1564 */ 1565 p->pending &= ~(1 << slot); 1566 1567 ahci_check_stopped(p); 1568 out: 1569 pthread_mutex_unlock(&sc->mtx); 1570 DPRINTF("%s exit\n", __func__); 1571 } 1572 1573 static void 1574 atapi_ioreq_cb(struct blockif_req *br, int err) 1575 { 1576 struct ahci_cmd_hdr *hdr; 1577 struct ahci_ioreq *aior; 1578 struct ahci_port *p; 1579 struct pci_ahci_softc *sc; 1580 uint8_t *cfis; 1581 uint32_t tfd; 1582 int pending, slot; 1583 1584 DPRINTF("%s %d\n", __func__, err); 1585 1586 aior = br->br_param; 1587 p = aior->io_pr; 1588 cfis = aior->cfis; 1589 slot = aior->slot; 1590 pending = aior->prdtl; 1591 sc = p->pr_sc; 1592 hdr = (struct ahci_cmd_hdr *)(p->cmd_lst + aior->slot * AHCI_CL_SIZE); 1593 1594 pthread_mutex_lock(&sc->mtx); 1595 1596 /* 1597 * Delete the blockif request from the busy list 1598 */ 1599 TAILQ_REMOVE(&p->iobhd, aior, io_blist); 1600 1601 /* 1602 * Move the blockif request back to the free list 1603 */ 1604 STAILQ_INSERT_TAIL(&p->iofhd, aior, io_flist); 1605 1606 if (pending && !err) { 1607 atapi_read(p, slot, cfis, aior->done, hdr->prdtl - pending); 1608 goto out; 1609 } 1610 1611 if (!err && aior->done == aior->len) { 1612 tfd = ATA_S_READY | ATA_S_DSC; 1613 hdr->prdbc = aior->len; 1614 } else { 1615 p->sense_key = ATA_SENSE_ILLEGAL_REQUEST; 1616 p->asc = 0x21; 1617 tfd = (p->sense_key << 12) | ATA_S_READY | ATA_S_ERROR; 1618 hdr->prdbc = 0; 1619 } 1620 1621 cfis[4] = (cfis[4] & ~7) | ATA_I_CMD | ATA_I_IN; 1622 ahci_write_fis_d2h(p, slot, cfis, tfd); 1623 1624 /* 1625 * This command is now complete. 1626 */ 1627 p->pending &= ~(1 << slot); 1628 1629 ahci_check_stopped(p); 1630 out: 1631 pthread_mutex_unlock(&sc->mtx); 1632 DPRINTF("%s exit\n", __func__); 1633 } 1634 1635 static void 1636 pci_ahci_ioreq_init(struct ahci_port *pr) 1637 { 1638 struct ahci_ioreq *vr; 1639 int i; 1640 1641 pr->ioqsz = blockif_queuesz(pr->bctx); 1642 pr->ioreq = calloc(pr->ioqsz, sizeof(struct ahci_ioreq)); 1643 STAILQ_INIT(&pr->iofhd); 1644 1645 /* 1646 * Add all i/o request entries to the free queue 1647 */ 1648 for (i = 0; i < pr->ioqsz; i++) { 1649 vr = &pr->ioreq[i]; 1650 vr->io_pr = pr; 1651 if (!pr->atapi) 1652 vr->io_req.br_callback = ata_ioreq_cb; 1653 else 1654 vr->io_req.br_callback = atapi_ioreq_cb; 1655 vr->io_req.br_param = vr; 1656 STAILQ_INSERT_TAIL(&pr->iofhd, vr, io_flist); 1657 } 1658 1659 TAILQ_INIT(&pr->iobhd); 1660 } 1661 1662 static void 1663 pci_ahci_port_write(struct pci_ahci_softc *sc, uint64_t offset, uint64_t value) 1664 { 1665 int port = (offset - AHCI_OFFSET) / AHCI_STEP; 1666 offset = (offset - AHCI_OFFSET) % AHCI_STEP; 1667 struct ahci_port *p = &sc->port[port]; 1668 1669 DPRINTF("pci_ahci_port %d: write offset 0x%"PRIx64" value 0x%"PRIx64"\n", 1670 port, offset, value); 1671 1672 switch (offset) { 1673 case AHCI_P_CLB: 1674 p->clb = value; 1675 break; 1676 case AHCI_P_CLBU: 1677 p->clbu = value; 1678 break; 1679 case AHCI_P_FB: 1680 p->fb = value; 1681 break; 1682 case AHCI_P_FBU: 1683 p->fbu = value; 1684 break; 1685 case AHCI_P_IS: 1686 p->is &= ~value; 1687 break; 1688 case AHCI_P_IE: 1689 p->ie = value & 0xFDC000FF; 1690 ahci_generate_intr(sc); 1691 break; 1692 case AHCI_P_CMD: 1693 { 1694 p->cmd = value; 1695 1696 if (!(value & AHCI_P_CMD_ST)) { 1697 ahci_port_stop(p); 1698 } else { 1699 uint64_t clb; 1700 1701 p->cmd |= AHCI_P_CMD_CR; 1702 clb = (uint64_t)p->clbu << 32 | p->clb; 1703 p->cmd_lst = paddr_guest2host(ahci_ctx(sc), clb, 1704 AHCI_CL_SIZE * AHCI_MAX_SLOTS); 1705 } 1706 1707 if (value & AHCI_P_CMD_FRE) { 1708 uint64_t fb; 1709 1710 p->cmd |= AHCI_P_CMD_FR; 1711 fb = (uint64_t)p->fbu << 32 | p->fb; 1712 /* we don't support FBSCP, so rfis size is 256Bytes */ 1713 p->rfis = paddr_guest2host(ahci_ctx(sc), fb, 256); 1714 } else { 1715 p->cmd &= ~AHCI_P_CMD_FR; 1716 } 1717 1718 if (value & AHCI_P_CMD_CLO) { 1719 p->tfd = 0; 1720 p->cmd &= ~AHCI_P_CMD_CLO; 1721 } 1722 1723 ahci_handle_port(p); 1724 break; 1725 } 1726 case AHCI_P_TFD: 1727 case AHCI_P_SIG: 1728 case AHCI_P_SSTS: 1729 WPRINTF("pci_ahci_port: read only registers 0x%"PRIx64"\n", offset); 1730 break; 1731 case AHCI_P_SCTL: 1732 if (!(p->cmd & AHCI_P_CMD_ST)) { 1733 if (value & ATA_SC_DET_RESET) 1734 ahci_port_reset(p); 1735 p->sctl = value; 1736 } 1737 break; 1738 case AHCI_P_SERR: 1739 p->serr &= ~value; 1740 break; 1741 case AHCI_P_SACT: 1742 p->sact |= value; 1743 break; 1744 case AHCI_P_CI: 1745 p->ci |= value; 1746 ahci_handle_port(p); 1747 break; 1748 case AHCI_P_SNTF: 1749 case AHCI_P_FBS: 1750 default: 1751 break; 1752 } 1753 } 1754 1755 static void 1756 pci_ahci_host_write(struct pci_ahci_softc *sc, uint64_t offset, uint64_t value) 1757 { 1758 DPRINTF("pci_ahci_host: write offset 0x%"PRIx64" value 0x%"PRIx64"\n", 1759 offset, value); 1760 1761 switch (offset) { 1762 case AHCI_CAP: 1763 case AHCI_PI: 1764 case AHCI_VS: 1765 case AHCI_CAP2: 1766 DPRINTF("pci_ahci_host: read only registers 0x%"PRIx64"\n", offset); 1767 break; 1768 case AHCI_GHC: 1769 if (value & AHCI_GHC_HR) 1770 ahci_reset(sc); 1771 else if (value & AHCI_GHC_IE) { 1772 sc->ghc |= AHCI_GHC_IE; 1773 ahci_generate_intr(sc); 1774 } 1775 break; 1776 case AHCI_IS: 1777 sc->is &= ~value; 1778 ahci_generate_intr(sc); 1779 break; 1780 default: 1781 break; 1782 } 1783 } 1784 1785 static void 1786 pci_ahci_write(struct vmctx *ctx, int vcpu, struct pci_devinst *pi, 1787 int baridx, uint64_t offset, int size, uint64_t value) 1788 { 1789 struct pci_ahci_softc *sc = pi->pi_arg; 1790 1791 assert(baridx == 5); 1792 assert(size == 4); 1793 1794 pthread_mutex_lock(&sc->mtx); 1795 1796 if (offset < AHCI_OFFSET) 1797 pci_ahci_host_write(sc, offset, value); 1798 else if (offset < AHCI_OFFSET + sc->ports * AHCI_STEP) 1799 pci_ahci_port_write(sc, offset, value); 1800 else 1801 WPRINTF("pci_ahci: unknown i/o write offset 0x%"PRIx64"\n", offset); 1802 1803 pthread_mutex_unlock(&sc->mtx); 1804 } 1805 1806 static uint64_t 1807 pci_ahci_host_read(struct pci_ahci_softc *sc, uint64_t offset) 1808 { 1809 uint32_t value; 1810 1811 switch (offset) { 1812 case AHCI_CAP: 1813 case AHCI_GHC: 1814 case AHCI_IS: 1815 case AHCI_PI: 1816 case AHCI_VS: 1817 case AHCI_CCCC: 1818 case AHCI_CCCP: 1819 case AHCI_EM_LOC: 1820 case AHCI_EM_CTL: 1821 case AHCI_CAP2: 1822 { 1823 uint32_t *p = &sc->cap; 1824 p += (offset - AHCI_CAP) / sizeof(uint32_t); 1825 value = *p; 1826 break; 1827 } 1828 default: 1829 value = 0; 1830 break; 1831 } 1832 DPRINTF("pci_ahci_host: read offset 0x%"PRIx64" value 0x%x\n", 1833 offset, value); 1834 1835 return (value); 1836 } 1837 1838 static uint64_t 1839 pci_ahci_port_read(struct pci_ahci_softc *sc, uint64_t offset) 1840 { 1841 uint32_t value; 1842 int port = (offset - AHCI_OFFSET) / AHCI_STEP; 1843 offset = (offset - AHCI_OFFSET) % AHCI_STEP; 1844 1845 switch (offset) { 1846 case AHCI_P_CLB: 1847 case AHCI_P_CLBU: 1848 case AHCI_P_FB: 1849 case AHCI_P_FBU: 1850 case AHCI_P_IS: 1851 case AHCI_P_IE: 1852 case AHCI_P_CMD: 1853 case AHCI_P_TFD: 1854 case AHCI_P_SIG: 1855 case AHCI_P_SSTS: 1856 case AHCI_P_SCTL: 1857 case AHCI_P_SERR: 1858 case AHCI_P_SACT: 1859 case AHCI_P_CI: 1860 case AHCI_P_SNTF: 1861 case AHCI_P_FBS: 1862 { 1863 uint32_t *p= &sc->port[port].clb; 1864 p += (offset - AHCI_P_CLB) / sizeof(uint32_t); 1865 value = *p; 1866 break; 1867 } 1868 default: 1869 value = 0; 1870 break; 1871 } 1872 1873 DPRINTF("pci_ahci_port %d: read offset 0x%"PRIx64" value 0x%x\n", 1874 port, offset, value); 1875 1876 return value; 1877 } 1878 1879 static uint64_t 1880 pci_ahci_read(struct vmctx *ctx, int vcpu, struct pci_devinst *pi, int baridx, 1881 uint64_t offset, int size) 1882 { 1883 struct pci_ahci_softc *sc = pi->pi_arg; 1884 uint32_t value; 1885 1886 assert(baridx == 5); 1887 assert(size == 4); 1888 1889 pthread_mutex_lock(&sc->mtx); 1890 1891 if (offset < AHCI_OFFSET) 1892 value = pci_ahci_host_read(sc, offset); 1893 else if (offset < AHCI_OFFSET + sc->ports * AHCI_STEP) 1894 value = pci_ahci_port_read(sc, offset); 1895 else { 1896 value = 0; 1897 WPRINTF("pci_ahci: unknown i/o read offset 0x%"PRIx64"\n", offset); 1898 } 1899 1900 pthread_mutex_unlock(&sc->mtx); 1901 1902 return (value); 1903 } 1904 1905 static int 1906 pci_ahci_init(struct vmctx *ctx, struct pci_devinst *pi, char *opts, int atapi) 1907 { 1908 char bident[sizeof("XX:X:X")]; 1909 struct blockif_ctxt *bctxt; 1910 struct pci_ahci_softc *sc; 1911 int ret, slots; 1912 1913 ret = 0; 1914 1915 if (opts == NULL) { 1916 fprintf(stderr, "pci_ahci: backing device required\n"); 1917 return (1); 1918 } 1919 1920 #ifdef AHCI_DEBUG 1921 dbg = fopen("/tmp/log", "w+"); 1922 #endif 1923 1924 sc = calloc(1, sizeof(struct pci_ahci_softc)); 1925 pi->pi_arg = sc; 1926 sc->asc_pi = pi; 1927 sc->ports = MAX_PORTS; 1928 1929 /* 1930 * Only use port 0 for a backing device. All other ports will be 1931 * marked as unused 1932 */ 1933 sc->port[0].atapi = atapi; 1934 1935 /* 1936 * Attempt to open the backing image. Use the PCI 1937 * slot/func for the identifier string. 1938 */ 1939 snprintf(bident, sizeof(bident), "%d:%d", pi->pi_slot, pi->pi_func); 1940 bctxt = blockif_open(opts, bident); 1941 if (bctxt == NULL) { 1942 ret = 1; 1943 goto open_fail; 1944 } 1945 sc->port[0].bctx = bctxt; 1946 sc->port[0].pr_sc = sc; 1947 1948 /* 1949 * Allocate blockif request structures and add them 1950 * to the free list 1951 */ 1952 pci_ahci_ioreq_init(&sc->port[0]); 1953 1954 pthread_mutex_init(&sc->mtx, NULL); 1955 1956 /* Intel ICH8 AHCI */ 1957 slots = sc->port[0].ioqsz; 1958 if (slots > 32) 1959 slots = 32; 1960 --slots; 1961 sc->cap = AHCI_CAP_64BIT | AHCI_CAP_SNCQ | AHCI_CAP_SSNTF | 1962 AHCI_CAP_SMPS | AHCI_CAP_SSS | AHCI_CAP_SALP | 1963 AHCI_CAP_SAL | AHCI_CAP_SCLO | (0x3 << AHCI_CAP_ISS_SHIFT)| 1964 AHCI_CAP_PMD | AHCI_CAP_SSC | AHCI_CAP_PSC | 1965 (slots << AHCI_CAP_NCS_SHIFT) | AHCI_CAP_SXS | (sc->ports - 1); 1966 1967 /* Only port 0 implemented */ 1968 sc->pi = 1; 1969 sc->vs = 0x10300; 1970 sc->cap2 = AHCI_CAP2_APST; 1971 ahci_reset(sc); 1972 1973 pci_set_cfgdata16(pi, PCIR_DEVICE, 0x2821); 1974 pci_set_cfgdata16(pi, PCIR_VENDOR, 0x8086); 1975 pci_set_cfgdata8(pi, PCIR_CLASS, PCIC_STORAGE); 1976 pci_set_cfgdata8(pi, PCIR_SUBCLASS, PCIS_STORAGE_SATA); 1977 pci_set_cfgdata8(pi, PCIR_PROGIF, PCIP_STORAGE_SATA_AHCI_1_0); 1978 pci_emul_add_msicap(pi, 1); 1979 pci_emul_alloc_bar(pi, 5, PCIBAR_MEM32, 1980 AHCI_OFFSET + sc->ports * AHCI_STEP); 1981 1982 pci_lintr_request(pi); 1983 1984 open_fail: 1985 if (ret) { 1986 if (sc->port[0].bctx != NULL) 1987 blockif_close(sc->port[0].bctx); 1988 free(sc); 1989 } 1990 1991 return (ret); 1992 } 1993 1994 static int 1995 pci_ahci_hd_init(struct vmctx *ctx, struct pci_devinst *pi, char *opts) 1996 { 1997 1998 return (pci_ahci_init(ctx, pi, opts, 0)); 1999 } 2000 2001 static int 2002 pci_ahci_atapi_init(struct vmctx *ctx, struct pci_devinst *pi, char *opts) 2003 { 2004 2005 return (pci_ahci_init(ctx, pi, opts, 1)); 2006 } 2007 2008 /* 2009 * Use separate emulation names to distinguish drive and atapi devices 2010 */ 2011 struct pci_devemu pci_de_ahci_hd = { 2012 .pe_emu = "ahci-hd", 2013 .pe_init = pci_ahci_hd_init, 2014 .pe_barwrite = pci_ahci_write, 2015 .pe_barread = pci_ahci_read 2016 }; 2017 PCI_EMUL_SET(pci_de_ahci_hd); 2018 2019 struct pci_devemu pci_de_ahci_cd = { 2020 .pe_emu = "ahci-cd", 2021 .pe_init = pci_ahci_atapi_init, 2022 .pe_barwrite = pci_ahci_write, 2023 .pe_barread = pci_ahci_read 2024 }; 2025 PCI_EMUL_SET(pci_de_ahci_cd); 2026