1 /*- 2 * SPDX-License-Identifier: BSD-2-Clause-FreeBSD 3 * 4 * Copyright (c) 2013 Zhixiang Yu <zcore@freebsd.org> 5 * Copyright (c) 2015-2016 Alexander Motin <mav@FreeBSD.org> 6 * All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 1. Redistributions of source code must retain the above copyright 12 * notice, this list of conditions and the following disclaimer. 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in the 15 * documentation and/or other materials provided with the distribution. 16 * 17 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND 18 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 19 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 20 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 21 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 22 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 23 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 24 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 25 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 26 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 27 * SUCH DAMAGE. 28 * 29 * $FreeBSD$ 30 */ 31 32 #include <sys/cdefs.h> 33 __FBSDID("$FreeBSD$"); 34 35 #include <sys/param.h> 36 #include <sys/linker_set.h> 37 #include <sys/stat.h> 38 #include <sys/uio.h> 39 #include <sys/ioctl.h> 40 #include <sys/disk.h> 41 #include <sys/ata.h> 42 #include <sys/endian.h> 43 44 #include <errno.h> 45 #include <fcntl.h> 46 #include <stdio.h> 47 #include <stdlib.h> 48 #include <stdint.h> 49 #include <string.h> 50 #include <strings.h> 51 #include <unistd.h> 52 #include <assert.h> 53 #include <pthread.h> 54 #include <pthread_np.h> 55 #include <inttypes.h> 56 #include <md5.h> 57 58 #include "bhyverun.h" 59 #include "pci_emul.h" 60 #include "ahci.h" 61 #include "block_if.h" 62 63 #define DEF_PORTS 6 /* Intel ICH8 AHCI supports 6 ports */ 64 #define MAX_PORTS 32 /* AHCI supports 32 ports */ 65 66 #define PxSIG_ATA 0x00000101 /* ATA drive */ 67 #define PxSIG_ATAPI 0xeb140101 /* ATAPI drive */ 68 69 enum sata_fis_type { 70 FIS_TYPE_REGH2D = 0x27, /* Register FIS - host to device */ 71 FIS_TYPE_REGD2H = 0x34, /* Register FIS - device to host */ 72 FIS_TYPE_DMAACT = 0x39, /* DMA activate FIS - device to host */ 73 FIS_TYPE_DMASETUP = 0x41, /* DMA setup FIS - bidirectional */ 74 FIS_TYPE_DATA = 0x46, /* Data FIS - bidirectional */ 75 FIS_TYPE_BIST = 0x58, /* BIST activate FIS - bidirectional */ 76 FIS_TYPE_PIOSETUP = 0x5F, /* PIO setup FIS - device to host */ 77 FIS_TYPE_SETDEVBITS = 0xA1, /* Set dev bits FIS - device to host */ 78 }; 79 80 /* 81 * SCSI opcodes 82 */ 83 #define TEST_UNIT_READY 0x00 84 #define REQUEST_SENSE 0x03 85 #define INQUIRY 0x12 86 #define START_STOP_UNIT 0x1B 87 #define PREVENT_ALLOW 0x1E 88 #define READ_CAPACITY 0x25 89 #define READ_10 0x28 90 #define POSITION_TO_ELEMENT 0x2B 91 #define READ_TOC 0x43 92 #define GET_EVENT_STATUS_NOTIFICATION 0x4A 93 #define MODE_SENSE_10 0x5A 94 #define REPORT_LUNS 0xA0 95 #define READ_12 0xA8 96 #define READ_CD 0xBE 97 98 /* 99 * SCSI mode page codes 100 */ 101 #define MODEPAGE_RW_ERROR_RECOVERY 0x01 102 #define MODEPAGE_CD_CAPABILITIES 0x2A 103 104 /* 105 * ATA commands 106 */ 107 #define ATA_SF_ENAB_SATA_SF 0x10 108 #define ATA_SATA_SF_AN 0x05 109 #define ATA_SF_DIS_SATA_SF 0x90 110 111 /* 112 * Debug printf 113 */ 114 #ifdef AHCI_DEBUG 115 static FILE *dbg; 116 #define DPRINTF(format, arg...) do{fprintf(dbg, format, ##arg);fflush(dbg);}while(0) 117 #else 118 #define DPRINTF(format, arg...) 119 #endif 120 #define WPRINTF(format, arg...) printf(format, ##arg) 121 122 struct ahci_ioreq { 123 struct blockif_req io_req; 124 struct ahci_port *io_pr; 125 STAILQ_ENTRY(ahci_ioreq) io_flist; 126 TAILQ_ENTRY(ahci_ioreq) io_blist; 127 uint8_t *cfis; 128 uint32_t len; 129 uint32_t done; 130 int slot; 131 int more; 132 }; 133 134 struct ahci_port { 135 struct blockif_ctxt *bctx; 136 struct pci_ahci_softc *pr_sc; 137 uint8_t *cmd_lst; 138 uint8_t *rfis; 139 char ident[20 + 1]; 140 int port; 141 int atapi; 142 int reset; 143 int waitforclear; 144 int mult_sectors; 145 uint8_t xfermode; 146 uint8_t err_cfis[20]; 147 uint8_t sense_key; 148 uint8_t asc; 149 u_int ccs; 150 uint32_t pending; 151 152 uint32_t clb; 153 uint32_t clbu; 154 uint32_t fb; 155 uint32_t fbu; 156 uint32_t is; 157 uint32_t ie; 158 uint32_t cmd; 159 uint32_t unused0; 160 uint32_t tfd; 161 uint32_t sig; 162 uint32_t ssts; 163 uint32_t sctl; 164 uint32_t serr; 165 uint32_t sact; 166 uint32_t ci; 167 uint32_t sntf; 168 uint32_t fbs; 169 170 /* 171 * i/o request info 172 */ 173 struct ahci_ioreq *ioreq; 174 int ioqsz; 175 STAILQ_HEAD(ahci_fhead, ahci_ioreq) iofhd; 176 TAILQ_HEAD(ahci_bhead, ahci_ioreq) iobhd; 177 }; 178 179 struct ahci_cmd_hdr { 180 uint16_t flags; 181 uint16_t prdtl; 182 uint32_t prdbc; 183 uint64_t ctba; 184 uint32_t reserved[4]; 185 }; 186 187 struct ahci_prdt_entry { 188 uint64_t dba; 189 uint32_t reserved; 190 #define DBCMASK 0x3fffff 191 uint32_t dbc; 192 }; 193 194 struct pci_ahci_softc { 195 struct pci_devinst *asc_pi; 196 pthread_mutex_t mtx; 197 int ports; 198 uint32_t cap; 199 uint32_t ghc; 200 uint32_t is; 201 uint32_t pi; 202 uint32_t vs; 203 uint32_t ccc_ctl; 204 uint32_t ccc_pts; 205 uint32_t em_loc; 206 uint32_t em_ctl; 207 uint32_t cap2; 208 uint32_t bohc; 209 uint32_t lintr; 210 struct ahci_port port[MAX_PORTS]; 211 }; 212 #define ahci_ctx(sc) ((sc)->asc_pi->pi_vmctx) 213 214 static void ahci_handle_port(struct ahci_port *p); 215 216 static inline void lba_to_msf(uint8_t *buf, int lba) 217 { 218 lba += 150; 219 buf[0] = (lba / 75) / 60; 220 buf[1] = (lba / 75) % 60; 221 buf[2] = lba % 75; 222 } 223 224 /* 225 * Generate HBA interrupts on global IS register write. 226 */ 227 static void 228 ahci_generate_intr(struct pci_ahci_softc *sc, uint32_t mask) 229 { 230 struct pci_devinst *pi = sc->asc_pi; 231 struct ahci_port *p; 232 int i, nmsg; 233 uint32_t mmask; 234 235 /* Update global IS from PxIS/PxIE. */ 236 for (i = 0; i < sc->ports; i++) { 237 p = &sc->port[i]; 238 if (p->is & p->ie) 239 sc->is |= (1 << i); 240 } 241 DPRINTF("%s(%08x) %08x\n", __func__, mask, sc->is); 242 243 /* If there is nothing enabled -- clear legacy interrupt and exit. */ 244 if (sc->is == 0 || (sc->ghc & AHCI_GHC_IE) == 0) { 245 if (sc->lintr) { 246 pci_lintr_deassert(pi); 247 sc->lintr = 0; 248 } 249 return; 250 } 251 252 /* If there is anything and no MSI -- assert legacy interrupt. */ 253 nmsg = pci_msi_maxmsgnum(pi); 254 if (nmsg == 0) { 255 if (!sc->lintr) { 256 sc->lintr = 1; 257 pci_lintr_assert(pi); 258 } 259 return; 260 } 261 262 /* Assert respective MSIs for ports that were touched. */ 263 for (i = 0; i < nmsg; i++) { 264 if (sc->ports <= nmsg || i < nmsg - 1) 265 mmask = 1 << i; 266 else 267 mmask = 0xffffffff << i; 268 if (sc->is & mask && mmask & mask) 269 pci_generate_msi(pi, i); 270 } 271 } 272 273 /* 274 * Generate HBA interrupt on specific port event. 275 */ 276 static void 277 ahci_port_intr(struct ahci_port *p) 278 { 279 struct pci_ahci_softc *sc = p->pr_sc; 280 struct pci_devinst *pi = sc->asc_pi; 281 int nmsg; 282 283 DPRINTF("%s(%d) %08x/%08x %08x\n", __func__, 284 p->port, p->is, p->ie, sc->is); 285 286 /* If there is nothing enabled -- we are done. */ 287 if ((p->is & p->ie) == 0) 288 return; 289 290 /* In case of non-shared MSI always generate interrupt. */ 291 nmsg = pci_msi_maxmsgnum(pi); 292 if (sc->ports <= nmsg || p->port < nmsg - 1) { 293 sc->is |= (1 << p->port); 294 if ((sc->ghc & AHCI_GHC_IE) == 0) 295 return; 296 pci_generate_msi(pi, p->port); 297 return; 298 } 299 300 /* If IS for this port is already set -- do nothing. */ 301 if (sc->is & (1 << p->port)) 302 return; 303 304 sc->is |= (1 << p->port); 305 306 /* If interrupts are enabled -- generate one. */ 307 if ((sc->ghc & AHCI_GHC_IE) == 0) 308 return; 309 if (nmsg > 0) { 310 pci_generate_msi(pi, nmsg - 1); 311 } else if (!sc->lintr) { 312 sc->lintr = 1; 313 pci_lintr_assert(pi); 314 } 315 } 316 317 static void 318 ahci_write_fis(struct ahci_port *p, enum sata_fis_type ft, uint8_t *fis) 319 { 320 int offset, len, irq; 321 322 if (p->rfis == NULL || !(p->cmd & AHCI_P_CMD_FRE)) 323 return; 324 325 switch (ft) { 326 case FIS_TYPE_REGD2H: 327 offset = 0x40; 328 len = 20; 329 irq = (fis[1] & (1 << 6)) ? AHCI_P_IX_DHR : 0; 330 break; 331 case FIS_TYPE_SETDEVBITS: 332 offset = 0x58; 333 len = 8; 334 irq = (fis[1] & (1 << 6)) ? AHCI_P_IX_SDB : 0; 335 break; 336 case FIS_TYPE_PIOSETUP: 337 offset = 0x20; 338 len = 20; 339 irq = (fis[1] & (1 << 6)) ? AHCI_P_IX_PS : 0; 340 break; 341 default: 342 WPRINTF("unsupported fis type %d\n", ft); 343 return; 344 } 345 if (fis[2] & ATA_S_ERROR) { 346 p->waitforclear = 1; 347 irq |= AHCI_P_IX_TFE; 348 } 349 memcpy(p->rfis + offset, fis, len); 350 if (irq) { 351 if (~p->is & irq) { 352 p->is |= irq; 353 ahci_port_intr(p); 354 } 355 } 356 } 357 358 static void 359 ahci_write_fis_piosetup(struct ahci_port *p) 360 { 361 uint8_t fis[20]; 362 363 memset(fis, 0, sizeof(fis)); 364 fis[0] = FIS_TYPE_PIOSETUP; 365 ahci_write_fis(p, FIS_TYPE_PIOSETUP, fis); 366 } 367 368 static void 369 ahci_write_fis_sdb(struct ahci_port *p, int slot, uint8_t *cfis, uint32_t tfd) 370 { 371 uint8_t fis[8]; 372 uint8_t error; 373 374 error = (tfd >> 8) & 0xff; 375 tfd &= 0x77; 376 memset(fis, 0, sizeof(fis)); 377 fis[0] = FIS_TYPE_SETDEVBITS; 378 fis[1] = (1 << 6); 379 fis[2] = tfd; 380 fis[3] = error; 381 if (fis[2] & ATA_S_ERROR) { 382 p->err_cfis[0] = slot; 383 p->err_cfis[2] = tfd; 384 p->err_cfis[3] = error; 385 memcpy(&p->err_cfis[4], cfis + 4, 16); 386 } else { 387 *(uint32_t *)(fis + 4) = (1 << slot); 388 p->sact &= ~(1 << slot); 389 } 390 p->tfd &= ~0x77; 391 p->tfd |= tfd; 392 ahci_write_fis(p, FIS_TYPE_SETDEVBITS, fis); 393 } 394 395 static void 396 ahci_write_fis_d2h(struct ahci_port *p, int slot, uint8_t *cfis, uint32_t tfd) 397 { 398 uint8_t fis[20]; 399 uint8_t error; 400 401 error = (tfd >> 8) & 0xff; 402 memset(fis, 0, sizeof(fis)); 403 fis[0] = FIS_TYPE_REGD2H; 404 fis[1] = (1 << 6); 405 fis[2] = tfd & 0xff; 406 fis[3] = error; 407 fis[4] = cfis[4]; 408 fis[5] = cfis[5]; 409 fis[6] = cfis[6]; 410 fis[7] = cfis[7]; 411 fis[8] = cfis[8]; 412 fis[9] = cfis[9]; 413 fis[10] = cfis[10]; 414 fis[11] = cfis[11]; 415 fis[12] = cfis[12]; 416 fis[13] = cfis[13]; 417 if (fis[2] & ATA_S_ERROR) { 418 p->err_cfis[0] = 0x80; 419 p->err_cfis[2] = tfd & 0xff; 420 p->err_cfis[3] = error; 421 memcpy(&p->err_cfis[4], cfis + 4, 16); 422 } else 423 p->ci &= ~(1 << slot); 424 p->tfd = tfd; 425 ahci_write_fis(p, FIS_TYPE_REGD2H, fis); 426 } 427 428 static void 429 ahci_write_fis_d2h_ncq(struct ahci_port *p, int slot) 430 { 431 uint8_t fis[20]; 432 433 p->tfd = ATA_S_READY | ATA_S_DSC; 434 memset(fis, 0, sizeof(fis)); 435 fis[0] = FIS_TYPE_REGD2H; 436 fis[1] = 0; /* No interrupt */ 437 fis[2] = p->tfd; /* Status */ 438 fis[3] = 0; /* No error */ 439 p->ci &= ~(1 << slot); 440 ahci_write_fis(p, FIS_TYPE_REGD2H, fis); 441 } 442 443 static void 444 ahci_write_reset_fis_d2h(struct ahci_port *p) 445 { 446 uint8_t fis[20]; 447 448 memset(fis, 0, sizeof(fis)); 449 fis[0] = FIS_TYPE_REGD2H; 450 fis[3] = 1; 451 fis[4] = 1; 452 if (p->atapi) { 453 fis[5] = 0x14; 454 fis[6] = 0xeb; 455 } 456 fis[12] = 1; 457 ahci_write_fis(p, FIS_TYPE_REGD2H, fis); 458 } 459 460 static void 461 ahci_check_stopped(struct ahci_port *p) 462 { 463 /* 464 * If we are no longer processing the command list and nothing 465 * is in-flight, clear the running bit, the current command 466 * slot, the command issue and active bits. 467 */ 468 if (!(p->cmd & AHCI_P_CMD_ST)) { 469 if (p->pending == 0) { 470 p->ccs = 0; 471 p->cmd &= ~(AHCI_P_CMD_CR | AHCI_P_CMD_CCS_MASK); 472 p->ci = 0; 473 p->sact = 0; 474 p->waitforclear = 0; 475 } 476 } 477 } 478 479 static void 480 ahci_port_stop(struct ahci_port *p) 481 { 482 struct ahci_ioreq *aior; 483 uint8_t *cfis; 484 int slot; 485 int error; 486 487 assert(pthread_mutex_isowned_np(&p->pr_sc->mtx)); 488 489 TAILQ_FOREACH(aior, &p->iobhd, io_blist) { 490 /* 491 * Try to cancel the outstanding blockif request. 492 */ 493 error = blockif_cancel(p->bctx, &aior->io_req); 494 if (error != 0) 495 continue; 496 497 slot = aior->slot; 498 cfis = aior->cfis; 499 if (cfis[2] == ATA_WRITE_FPDMA_QUEUED || 500 cfis[2] == ATA_READ_FPDMA_QUEUED || 501 cfis[2] == ATA_SEND_FPDMA_QUEUED) 502 p->sact &= ~(1 << slot); /* NCQ */ 503 else 504 p->ci &= ~(1 << slot); 505 506 /* 507 * This command is now done. 508 */ 509 p->pending &= ~(1 << slot); 510 511 /* 512 * Delete the blockif request from the busy list 513 */ 514 TAILQ_REMOVE(&p->iobhd, aior, io_blist); 515 516 /* 517 * Move the blockif request back to the free list 518 */ 519 STAILQ_INSERT_TAIL(&p->iofhd, aior, io_flist); 520 } 521 522 ahci_check_stopped(p); 523 } 524 525 static void 526 ahci_port_reset(struct ahci_port *pr) 527 { 528 pr->serr = 0; 529 pr->sact = 0; 530 pr->xfermode = ATA_UDMA6; 531 pr->mult_sectors = 128; 532 533 if (!pr->bctx) { 534 pr->ssts = ATA_SS_DET_NO_DEVICE; 535 pr->sig = 0xFFFFFFFF; 536 pr->tfd = 0x7F; 537 return; 538 } 539 pr->ssts = ATA_SS_DET_PHY_ONLINE | ATA_SS_IPM_ACTIVE; 540 if (pr->sctl & ATA_SC_SPD_MASK) 541 pr->ssts |= (pr->sctl & ATA_SC_SPD_MASK); 542 else 543 pr->ssts |= ATA_SS_SPD_GEN3; 544 pr->tfd = (1 << 8) | ATA_S_DSC | ATA_S_DMA; 545 if (!pr->atapi) { 546 pr->sig = PxSIG_ATA; 547 pr->tfd |= ATA_S_READY; 548 } else 549 pr->sig = PxSIG_ATAPI; 550 ahci_write_reset_fis_d2h(pr); 551 } 552 553 static void 554 ahci_reset(struct pci_ahci_softc *sc) 555 { 556 int i; 557 558 sc->ghc = AHCI_GHC_AE; 559 sc->is = 0; 560 561 if (sc->lintr) { 562 pci_lintr_deassert(sc->asc_pi); 563 sc->lintr = 0; 564 } 565 566 for (i = 0; i < sc->ports; i++) { 567 sc->port[i].ie = 0; 568 sc->port[i].is = 0; 569 sc->port[i].cmd = (AHCI_P_CMD_SUD | AHCI_P_CMD_POD); 570 if (sc->port[i].bctx) 571 sc->port[i].cmd |= AHCI_P_CMD_CPS; 572 sc->port[i].sctl = 0; 573 ahci_port_reset(&sc->port[i]); 574 } 575 } 576 577 static void 578 ata_string(uint8_t *dest, const char *src, int len) 579 { 580 int i; 581 582 for (i = 0; i < len; i++) { 583 if (*src) 584 dest[i ^ 1] = *src++; 585 else 586 dest[i ^ 1] = ' '; 587 } 588 } 589 590 static void 591 atapi_string(uint8_t *dest, const char *src, int len) 592 { 593 int i; 594 595 for (i = 0; i < len; i++) { 596 if (*src) 597 dest[i] = *src++; 598 else 599 dest[i] = ' '; 600 } 601 } 602 603 /* 604 * Build up the iovec based on the PRDT, 'done' and 'len'. 605 */ 606 static void 607 ahci_build_iov(struct ahci_port *p, struct ahci_ioreq *aior, 608 struct ahci_prdt_entry *prdt, uint16_t prdtl) 609 { 610 struct blockif_req *breq = &aior->io_req; 611 int i, j, skip, todo, left, extra; 612 uint32_t dbcsz; 613 614 /* Copy part of PRDT between 'done' and 'len' bytes into the iov. */ 615 skip = aior->done; 616 left = aior->len - aior->done; 617 todo = 0; 618 for (i = 0, j = 0; i < prdtl && j < BLOCKIF_IOV_MAX && left > 0; 619 i++, prdt++) { 620 dbcsz = (prdt->dbc & DBCMASK) + 1; 621 /* Skip already done part of the PRDT */ 622 if (dbcsz <= skip) { 623 skip -= dbcsz; 624 continue; 625 } 626 dbcsz -= skip; 627 if (dbcsz > left) 628 dbcsz = left; 629 breq->br_iov[j].iov_base = paddr_guest2host(ahci_ctx(p->pr_sc), 630 prdt->dba + skip, dbcsz); 631 breq->br_iov[j].iov_len = dbcsz; 632 todo += dbcsz; 633 left -= dbcsz; 634 skip = 0; 635 j++; 636 } 637 638 /* If we got limited by IOV length, round I/O down to sector size. */ 639 if (j == BLOCKIF_IOV_MAX) { 640 extra = todo % blockif_sectsz(p->bctx); 641 todo -= extra; 642 assert(todo > 0); 643 while (extra > 0) { 644 if (breq->br_iov[j - 1].iov_len > extra) { 645 breq->br_iov[j - 1].iov_len -= extra; 646 break; 647 } 648 extra -= breq->br_iov[j - 1].iov_len; 649 j--; 650 } 651 } 652 653 breq->br_iovcnt = j; 654 breq->br_resid = todo; 655 aior->done += todo; 656 aior->more = (aior->done < aior->len && i < prdtl); 657 } 658 659 static void 660 ahci_handle_rw(struct ahci_port *p, int slot, uint8_t *cfis, uint32_t done) 661 { 662 struct ahci_ioreq *aior; 663 struct blockif_req *breq; 664 struct ahci_prdt_entry *prdt; 665 struct ahci_cmd_hdr *hdr; 666 uint64_t lba; 667 uint32_t len; 668 int err, first, ncq, readop; 669 670 prdt = (struct ahci_prdt_entry *)(cfis + 0x80); 671 hdr = (struct ahci_cmd_hdr *)(p->cmd_lst + slot * AHCI_CL_SIZE); 672 ncq = 0; 673 readop = 1; 674 first = (done == 0); 675 676 if (cfis[2] == ATA_WRITE || cfis[2] == ATA_WRITE48 || 677 cfis[2] == ATA_WRITE_MUL || cfis[2] == ATA_WRITE_MUL48 || 678 cfis[2] == ATA_WRITE_DMA || cfis[2] == ATA_WRITE_DMA48 || 679 cfis[2] == ATA_WRITE_FPDMA_QUEUED) 680 readop = 0; 681 682 if (cfis[2] == ATA_WRITE_FPDMA_QUEUED || 683 cfis[2] == ATA_READ_FPDMA_QUEUED) { 684 lba = ((uint64_t)cfis[10] << 40) | 685 ((uint64_t)cfis[9] << 32) | 686 ((uint64_t)cfis[8] << 24) | 687 ((uint64_t)cfis[6] << 16) | 688 ((uint64_t)cfis[5] << 8) | 689 cfis[4]; 690 len = cfis[11] << 8 | cfis[3]; 691 if (!len) 692 len = 65536; 693 ncq = 1; 694 } else if (cfis[2] == ATA_READ48 || cfis[2] == ATA_WRITE48 || 695 cfis[2] == ATA_READ_MUL48 || cfis[2] == ATA_WRITE_MUL48 || 696 cfis[2] == ATA_READ_DMA48 || cfis[2] == ATA_WRITE_DMA48) { 697 lba = ((uint64_t)cfis[10] << 40) | 698 ((uint64_t)cfis[9] << 32) | 699 ((uint64_t)cfis[8] << 24) | 700 ((uint64_t)cfis[6] << 16) | 701 ((uint64_t)cfis[5] << 8) | 702 cfis[4]; 703 len = cfis[13] << 8 | cfis[12]; 704 if (!len) 705 len = 65536; 706 } else { 707 lba = ((cfis[7] & 0xf) << 24) | (cfis[6] << 16) | 708 (cfis[5] << 8) | cfis[4]; 709 len = cfis[12]; 710 if (!len) 711 len = 256; 712 } 713 lba *= blockif_sectsz(p->bctx); 714 len *= blockif_sectsz(p->bctx); 715 716 /* Pull request off free list */ 717 aior = STAILQ_FIRST(&p->iofhd); 718 assert(aior != NULL); 719 STAILQ_REMOVE_HEAD(&p->iofhd, io_flist); 720 721 aior->cfis = cfis; 722 aior->slot = slot; 723 aior->len = len; 724 aior->done = done; 725 breq = &aior->io_req; 726 breq->br_offset = lba + done; 727 ahci_build_iov(p, aior, prdt, hdr->prdtl); 728 729 /* Mark this command in-flight. */ 730 p->pending |= 1 << slot; 731 732 /* Stuff request onto busy list. */ 733 TAILQ_INSERT_HEAD(&p->iobhd, aior, io_blist); 734 735 if (ncq && first) 736 ahci_write_fis_d2h_ncq(p, slot); 737 738 if (readop) 739 err = blockif_read(p->bctx, breq); 740 else 741 err = blockif_write(p->bctx, breq); 742 assert(err == 0); 743 } 744 745 static void 746 ahci_handle_flush(struct ahci_port *p, int slot, uint8_t *cfis) 747 { 748 struct ahci_ioreq *aior; 749 struct blockif_req *breq; 750 int err; 751 752 /* 753 * Pull request off free list 754 */ 755 aior = STAILQ_FIRST(&p->iofhd); 756 assert(aior != NULL); 757 STAILQ_REMOVE_HEAD(&p->iofhd, io_flist); 758 aior->cfis = cfis; 759 aior->slot = slot; 760 aior->len = 0; 761 aior->done = 0; 762 aior->more = 0; 763 breq = &aior->io_req; 764 765 /* 766 * Mark this command in-flight. 767 */ 768 p->pending |= 1 << slot; 769 770 /* 771 * Stuff request onto busy list 772 */ 773 TAILQ_INSERT_HEAD(&p->iobhd, aior, io_blist); 774 775 err = blockif_flush(p->bctx, breq); 776 assert(err == 0); 777 } 778 779 static inline void 780 read_prdt(struct ahci_port *p, int slot, uint8_t *cfis, 781 void *buf, int size) 782 { 783 struct ahci_cmd_hdr *hdr; 784 struct ahci_prdt_entry *prdt; 785 void *to; 786 int i, len; 787 788 hdr = (struct ahci_cmd_hdr *)(p->cmd_lst + slot * AHCI_CL_SIZE); 789 len = size; 790 to = buf; 791 prdt = (struct ahci_prdt_entry *)(cfis + 0x80); 792 for (i = 0; i < hdr->prdtl && len; i++) { 793 uint8_t *ptr; 794 uint32_t dbcsz; 795 int sublen; 796 797 dbcsz = (prdt->dbc & DBCMASK) + 1; 798 ptr = paddr_guest2host(ahci_ctx(p->pr_sc), prdt->dba, dbcsz); 799 sublen = MIN(len, dbcsz); 800 memcpy(to, ptr, sublen); 801 len -= sublen; 802 to += sublen; 803 prdt++; 804 } 805 } 806 807 static void 808 ahci_handle_dsm_trim(struct ahci_port *p, int slot, uint8_t *cfis, uint32_t done) 809 { 810 struct ahci_ioreq *aior; 811 struct blockif_req *breq; 812 uint8_t *entry; 813 uint64_t elba; 814 uint32_t len, elen; 815 int err, first, ncq; 816 uint8_t buf[512]; 817 818 first = (done == 0); 819 if (cfis[2] == ATA_DATA_SET_MANAGEMENT) { 820 len = (uint16_t)cfis[13] << 8 | cfis[12]; 821 len *= 512; 822 ncq = 0; 823 } else { /* ATA_SEND_FPDMA_QUEUED */ 824 len = (uint16_t)cfis[11] << 8 | cfis[3]; 825 len *= 512; 826 ncq = 1; 827 } 828 read_prdt(p, slot, cfis, buf, sizeof(buf)); 829 830 next: 831 entry = &buf[done]; 832 elba = ((uint64_t)entry[5] << 40) | 833 ((uint64_t)entry[4] << 32) | 834 ((uint64_t)entry[3] << 24) | 835 ((uint64_t)entry[2] << 16) | 836 ((uint64_t)entry[1] << 8) | 837 entry[0]; 838 elen = (uint16_t)entry[7] << 8 | entry[6]; 839 done += 8; 840 if (elen == 0) { 841 if (done >= len) { 842 if (ncq) { 843 if (first) 844 ahci_write_fis_d2h_ncq(p, slot); 845 ahci_write_fis_sdb(p, slot, cfis, 846 ATA_S_READY | ATA_S_DSC); 847 } else { 848 ahci_write_fis_d2h(p, slot, cfis, 849 ATA_S_READY | ATA_S_DSC); 850 } 851 p->pending &= ~(1 << slot); 852 ahci_check_stopped(p); 853 if (!first) 854 ahci_handle_port(p); 855 return; 856 } 857 goto next; 858 } 859 860 /* 861 * Pull request off free list 862 */ 863 aior = STAILQ_FIRST(&p->iofhd); 864 assert(aior != NULL); 865 STAILQ_REMOVE_HEAD(&p->iofhd, io_flist); 866 aior->cfis = cfis; 867 aior->slot = slot; 868 aior->len = len; 869 aior->done = done; 870 aior->more = (len != done); 871 872 breq = &aior->io_req; 873 breq->br_offset = elba * blockif_sectsz(p->bctx); 874 breq->br_resid = elen * blockif_sectsz(p->bctx); 875 876 /* 877 * Mark this command in-flight. 878 */ 879 p->pending |= 1 << slot; 880 881 /* 882 * Stuff request onto busy list 883 */ 884 TAILQ_INSERT_HEAD(&p->iobhd, aior, io_blist); 885 886 if (ncq && first) 887 ahci_write_fis_d2h_ncq(p, slot); 888 889 err = blockif_delete(p->bctx, breq); 890 assert(err == 0); 891 } 892 893 static inline void 894 write_prdt(struct ahci_port *p, int slot, uint8_t *cfis, 895 void *buf, int size) 896 { 897 struct ahci_cmd_hdr *hdr; 898 struct ahci_prdt_entry *prdt; 899 void *from; 900 int i, len; 901 902 hdr = (struct ahci_cmd_hdr *)(p->cmd_lst + slot * AHCI_CL_SIZE); 903 len = size; 904 from = buf; 905 prdt = (struct ahci_prdt_entry *)(cfis + 0x80); 906 for (i = 0; i < hdr->prdtl && len; i++) { 907 uint8_t *ptr; 908 uint32_t dbcsz; 909 int sublen; 910 911 dbcsz = (prdt->dbc & DBCMASK) + 1; 912 ptr = paddr_guest2host(ahci_ctx(p->pr_sc), prdt->dba, dbcsz); 913 sublen = MIN(len, dbcsz); 914 memcpy(ptr, from, sublen); 915 len -= sublen; 916 from += sublen; 917 prdt++; 918 } 919 hdr->prdbc = size - len; 920 } 921 922 static void 923 ahci_checksum(uint8_t *buf, int size) 924 { 925 int i; 926 uint8_t sum = 0; 927 928 for (i = 0; i < size - 1; i++) 929 sum += buf[i]; 930 buf[size - 1] = 0x100 - sum; 931 } 932 933 static void 934 ahci_handle_read_log(struct ahci_port *p, int slot, uint8_t *cfis) 935 { 936 struct ahci_cmd_hdr *hdr; 937 uint32_t buf[128]; 938 uint8_t *buf8 = (uint8_t *)buf; 939 uint16_t *buf16 = (uint16_t *)buf; 940 941 hdr = (struct ahci_cmd_hdr *)(p->cmd_lst + slot * AHCI_CL_SIZE); 942 if (p->atapi || hdr->prdtl == 0 || cfis[5] != 0 || 943 cfis[9] != 0 || cfis[12] != 1 || cfis[13] != 0) { 944 ahci_write_fis_d2h(p, slot, cfis, 945 (ATA_E_ABORT << 8) | ATA_S_READY | ATA_S_ERROR); 946 return; 947 } 948 949 memset(buf, 0, sizeof(buf)); 950 if (cfis[4] == 0x00) { /* Log directory */ 951 buf16[0x00] = 1; /* Version -- 1 */ 952 buf16[0x10] = 1; /* NCQ Command Error Log -- 1 page */ 953 buf16[0x13] = 1; /* SATA NCQ Send and Receive Log -- 1 page */ 954 } else if (cfis[4] == 0x10) { /* NCQ Command Error Log */ 955 memcpy(buf8, p->err_cfis, sizeof(p->err_cfis)); 956 ahci_checksum(buf8, sizeof(buf)); 957 } else if (cfis[4] == 0x13) { /* SATA NCQ Send and Receive Log */ 958 if (blockif_candelete(p->bctx) && !blockif_is_ro(p->bctx)) { 959 buf[0x00] = 1; /* SFQ DSM supported */ 960 buf[0x01] = 1; /* SFQ DSM TRIM supported */ 961 } 962 } else { 963 ahci_write_fis_d2h(p, slot, cfis, 964 (ATA_E_ABORT << 8) | ATA_S_READY | ATA_S_ERROR); 965 return; 966 } 967 968 if (cfis[2] == ATA_READ_LOG_EXT) 969 ahci_write_fis_piosetup(p); 970 write_prdt(p, slot, cfis, (void *)buf, sizeof(buf)); 971 ahci_write_fis_d2h(p, slot, cfis, ATA_S_DSC | ATA_S_READY); 972 } 973 974 static void 975 handle_identify(struct ahci_port *p, int slot, uint8_t *cfis) 976 { 977 struct ahci_cmd_hdr *hdr; 978 979 hdr = (struct ahci_cmd_hdr *)(p->cmd_lst + slot * AHCI_CL_SIZE); 980 if (p->atapi || hdr->prdtl == 0) { 981 ahci_write_fis_d2h(p, slot, cfis, 982 (ATA_E_ABORT << 8) | ATA_S_READY | ATA_S_ERROR); 983 } else { 984 uint16_t buf[256]; 985 uint64_t sectors; 986 int sectsz, psectsz, psectoff, candelete, ro; 987 uint16_t cyl; 988 uint8_t sech, heads; 989 990 ro = blockif_is_ro(p->bctx); 991 candelete = blockif_candelete(p->bctx); 992 sectsz = blockif_sectsz(p->bctx); 993 sectors = blockif_size(p->bctx) / sectsz; 994 blockif_chs(p->bctx, &cyl, &heads, &sech); 995 blockif_psectsz(p->bctx, &psectsz, &psectoff); 996 memset(buf, 0, sizeof(buf)); 997 buf[0] = 0x0040; 998 buf[1] = cyl; 999 buf[3] = heads; 1000 buf[6] = sech; 1001 ata_string((uint8_t *)(buf+10), p->ident, 20); 1002 ata_string((uint8_t *)(buf+23), "001", 8); 1003 ata_string((uint8_t *)(buf+27), "BHYVE SATA DISK", 40); 1004 buf[47] = (0x8000 | 128); 1005 buf[48] = 0; 1006 buf[49] = (1 << 8 | 1 << 9 | 1 << 11); 1007 buf[50] = (1 << 14); 1008 buf[53] = (1 << 1 | 1 << 2); 1009 if (p->mult_sectors) 1010 buf[59] = (0x100 | p->mult_sectors); 1011 if (sectors <= 0x0fffffff) { 1012 buf[60] = sectors; 1013 buf[61] = (sectors >> 16); 1014 } else { 1015 buf[60] = 0xffff; 1016 buf[61] = 0x0fff; 1017 } 1018 buf[63] = 0x7; 1019 if (p->xfermode & ATA_WDMA0) 1020 buf[63] |= (1 << ((p->xfermode & 7) + 8)); 1021 buf[64] = 0x3; 1022 buf[65] = 120; 1023 buf[66] = 120; 1024 buf[67] = 120; 1025 buf[68] = 120; 1026 buf[69] = 0; 1027 buf[75] = 31; 1028 buf[76] = (ATA_SATA_GEN1 | ATA_SATA_GEN2 | ATA_SATA_GEN3 | 1029 ATA_SUPPORT_NCQ); 1030 buf[77] = (ATA_SUPPORT_RCVSND_FPDMA_QUEUED | 1031 (p->ssts & ATA_SS_SPD_MASK) >> 3); 1032 buf[80] = 0x3f0; 1033 buf[81] = 0x28; 1034 buf[82] = (ATA_SUPPORT_POWERMGT | ATA_SUPPORT_WRITECACHE| 1035 ATA_SUPPORT_LOOKAHEAD | ATA_SUPPORT_NOP); 1036 buf[83] = (ATA_SUPPORT_ADDRESS48 | ATA_SUPPORT_FLUSHCACHE | 1037 ATA_SUPPORT_FLUSHCACHE48 | 1 << 14); 1038 buf[84] = (1 << 14); 1039 buf[85] = (ATA_SUPPORT_POWERMGT | ATA_SUPPORT_WRITECACHE| 1040 ATA_SUPPORT_LOOKAHEAD | ATA_SUPPORT_NOP); 1041 buf[86] = (ATA_SUPPORT_ADDRESS48 | ATA_SUPPORT_FLUSHCACHE | 1042 ATA_SUPPORT_FLUSHCACHE48 | 1 << 15); 1043 buf[87] = (1 << 14); 1044 buf[88] = 0x7f; 1045 if (p->xfermode & ATA_UDMA0) 1046 buf[88] |= (1 << ((p->xfermode & 7) + 8)); 1047 buf[100] = sectors; 1048 buf[101] = (sectors >> 16); 1049 buf[102] = (sectors >> 32); 1050 buf[103] = (sectors >> 48); 1051 if (candelete && !ro) { 1052 buf[69] |= ATA_SUPPORT_RZAT | ATA_SUPPORT_DRAT; 1053 buf[105] = 1; 1054 buf[169] = ATA_SUPPORT_DSM_TRIM; 1055 } 1056 buf[106] = 0x4000; 1057 buf[209] = 0x4000; 1058 if (psectsz > sectsz) { 1059 buf[106] |= 0x2000; 1060 buf[106] |= ffsl(psectsz / sectsz) - 1; 1061 buf[209] |= (psectoff / sectsz); 1062 } 1063 if (sectsz > 512) { 1064 buf[106] |= 0x1000; 1065 buf[117] = sectsz / 2; 1066 buf[118] = ((sectsz / 2) >> 16); 1067 } 1068 buf[119] = (ATA_SUPPORT_RWLOGDMAEXT | 1 << 14); 1069 buf[120] = (ATA_SUPPORT_RWLOGDMAEXT | 1 << 14); 1070 buf[222] = 0x1020; 1071 buf[255] = 0x00a5; 1072 ahci_checksum((uint8_t *)buf, sizeof(buf)); 1073 ahci_write_fis_piosetup(p); 1074 write_prdt(p, slot, cfis, (void *)buf, sizeof(buf)); 1075 ahci_write_fis_d2h(p, slot, cfis, ATA_S_DSC | ATA_S_READY); 1076 } 1077 } 1078 1079 static void 1080 handle_atapi_identify(struct ahci_port *p, int slot, uint8_t *cfis) 1081 { 1082 if (!p->atapi) { 1083 ahci_write_fis_d2h(p, slot, cfis, 1084 (ATA_E_ABORT << 8) | ATA_S_READY | ATA_S_ERROR); 1085 } else { 1086 uint16_t buf[256]; 1087 1088 memset(buf, 0, sizeof(buf)); 1089 buf[0] = (2 << 14 | 5 << 8 | 1 << 7 | 2 << 5); 1090 ata_string((uint8_t *)(buf+10), p->ident, 20); 1091 ata_string((uint8_t *)(buf+23), "001", 8); 1092 ata_string((uint8_t *)(buf+27), "BHYVE SATA DVD ROM", 40); 1093 buf[49] = (1 << 9 | 1 << 8); 1094 buf[50] = (1 << 14 | 1); 1095 buf[53] = (1 << 2 | 1 << 1); 1096 buf[62] = 0x3f; 1097 buf[63] = 7; 1098 if (p->xfermode & ATA_WDMA0) 1099 buf[63] |= (1 << ((p->xfermode & 7) + 8)); 1100 buf[64] = 3; 1101 buf[65] = 120; 1102 buf[66] = 120; 1103 buf[67] = 120; 1104 buf[68] = 120; 1105 buf[76] = (ATA_SATA_GEN1 | ATA_SATA_GEN2 | ATA_SATA_GEN3); 1106 buf[77] = ((p->ssts & ATA_SS_SPD_MASK) >> 3); 1107 buf[78] = (1 << 5); 1108 buf[80] = 0x3f0; 1109 buf[82] = (ATA_SUPPORT_POWERMGT | ATA_SUPPORT_PACKET | 1110 ATA_SUPPORT_RESET | ATA_SUPPORT_NOP); 1111 buf[83] = (1 << 14); 1112 buf[84] = (1 << 14); 1113 buf[85] = (ATA_SUPPORT_POWERMGT | ATA_SUPPORT_PACKET | 1114 ATA_SUPPORT_RESET | ATA_SUPPORT_NOP); 1115 buf[87] = (1 << 14); 1116 buf[88] = 0x7f; 1117 if (p->xfermode & ATA_UDMA0) 1118 buf[88] |= (1 << ((p->xfermode & 7) + 8)); 1119 buf[222] = 0x1020; 1120 buf[255] = 0x00a5; 1121 ahci_checksum((uint8_t *)buf, sizeof(buf)); 1122 ahci_write_fis_piosetup(p); 1123 write_prdt(p, slot, cfis, (void *)buf, sizeof(buf)); 1124 ahci_write_fis_d2h(p, slot, cfis, ATA_S_DSC | ATA_S_READY); 1125 } 1126 } 1127 1128 static void 1129 atapi_inquiry(struct ahci_port *p, int slot, uint8_t *cfis) 1130 { 1131 uint8_t buf[36]; 1132 uint8_t *acmd; 1133 int len; 1134 uint32_t tfd; 1135 1136 acmd = cfis + 0x40; 1137 1138 if (acmd[1] & 1) { /* VPD */ 1139 if (acmd[2] == 0) { /* Supported VPD pages */ 1140 buf[0] = 0x05; 1141 buf[1] = 0; 1142 buf[2] = 0; 1143 buf[3] = 1; 1144 buf[4] = 0; 1145 len = 4 + buf[3]; 1146 } else { 1147 p->sense_key = ATA_SENSE_ILLEGAL_REQUEST; 1148 p->asc = 0x24; 1149 tfd = (p->sense_key << 12) | ATA_S_READY | ATA_S_ERROR; 1150 cfis[4] = (cfis[4] & ~7) | ATA_I_CMD | ATA_I_IN; 1151 ahci_write_fis_d2h(p, slot, cfis, tfd); 1152 return; 1153 } 1154 } else { 1155 buf[0] = 0x05; 1156 buf[1] = 0x80; 1157 buf[2] = 0x00; 1158 buf[3] = 0x21; 1159 buf[4] = 31; 1160 buf[5] = 0; 1161 buf[6] = 0; 1162 buf[7] = 0; 1163 atapi_string(buf + 8, "BHYVE", 8); 1164 atapi_string(buf + 16, "BHYVE DVD-ROM", 16); 1165 atapi_string(buf + 32, "001", 4); 1166 len = sizeof(buf); 1167 } 1168 1169 if (len > acmd[4]) 1170 len = acmd[4]; 1171 cfis[4] = (cfis[4] & ~7) | ATA_I_CMD | ATA_I_IN; 1172 write_prdt(p, slot, cfis, buf, len); 1173 ahci_write_fis_d2h(p, slot, cfis, ATA_S_READY | ATA_S_DSC); 1174 } 1175 1176 static void 1177 atapi_read_capacity(struct ahci_port *p, int slot, uint8_t *cfis) 1178 { 1179 uint8_t buf[8]; 1180 uint64_t sectors; 1181 1182 sectors = blockif_size(p->bctx) / 2048; 1183 be32enc(buf, sectors - 1); 1184 be32enc(buf + 4, 2048); 1185 cfis[4] = (cfis[4] & ~7) | ATA_I_CMD | ATA_I_IN; 1186 write_prdt(p, slot, cfis, buf, sizeof(buf)); 1187 ahci_write_fis_d2h(p, slot, cfis, ATA_S_READY | ATA_S_DSC); 1188 } 1189 1190 static void 1191 atapi_read_toc(struct ahci_port *p, int slot, uint8_t *cfis) 1192 { 1193 uint8_t *acmd; 1194 uint8_t format; 1195 int len; 1196 1197 acmd = cfis + 0x40; 1198 1199 len = be16dec(acmd + 7); 1200 format = acmd[9] >> 6; 1201 switch (format) { 1202 case 0: 1203 { 1204 int msf, size; 1205 uint64_t sectors; 1206 uint8_t start_track, buf[20], *bp; 1207 1208 msf = (acmd[1] >> 1) & 1; 1209 start_track = acmd[6]; 1210 if (start_track > 1 && start_track != 0xaa) { 1211 uint32_t tfd; 1212 p->sense_key = ATA_SENSE_ILLEGAL_REQUEST; 1213 p->asc = 0x24; 1214 tfd = (p->sense_key << 12) | ATA_S_READY | ATA_S_ERROR; 1215 cfis[4] = (cfis[4] & ~7) | ATA_I_CMD | ATA_I_IN; 1216 ahci_write_fis_d2h(p, slot, cfis, tfd); 1217 return; 1218 } 1219 bp = buf + 2; 1220 *bp++ = 1; 1221 *bp++ = 1; 1222 if (start_track <= 1) { 1223 *bp++ = 0; 1224 *bp++ = 0x14; 1225 *bp++ = 1; 1226 *bp++ = 0; 1227 if (msf) { 1228 *bp++ = 0; 1229 lba_to_msf(bp, 0); 1230 bp += 3; 1231 } else { 1232 *bp++ = 0; 1233 *bp++ = 0; 1234 *bp++ = 0; 1235 *bp++ = 0; 1236 } 1237 } 1238 *bp++ = 0; 1239 *bp++ = 0x14; 1240 *bp++ = 0xaa; 1241 *bp++ = 0; 1242 sectors = blockif_size(p->bctx) / blockif_sectsz(p->bctx); 1243 sectors >>= 2; 1244 if (msf) { 1245 *bp++ = 0; 1246 lba_to_msf(bp, sectors); 1247 bp += 3; 1248 } else { 1249 be32enc(bp, sectors); 1250 bp += 4; 1251 } 1252 size = bp - buf; 1253 be16enc(buf, size - 2); 1254 if (len > size) 1255 len = size; 1256 write_prdt(p, slot, cfis, buf, len); 1257 cfis[4] = (cfis[4] & ~7) | ATA_I_CMD | ATA_I_IN; 1258 ahci_write_fis_d2h(p, slot, cfis, ATA_S_READY | ATA_S_DSC); 1259 break; 1260 } 1261 case 1: 1262 { 1263 uint8_t buf[12]; 1264 1265 memset(buf, 0, sizeof(buf)); 1266 buf[1] = 0xa; 1267 buf[2] = 0x1; 1268 buf[3] = 0x1; 1269 if (len > sizeof(buf)) 1270 len = sizeof(buf); 1271 write_prdt(p, slot, cfis, buf, len); 1272 cfis[4] = (cfis[4] & ~7) | ATA_I_CMD | ATA_I_IN; 1273 ahci_write_fis_d2h(p, slot, cfis, ATA_S_READY | ATA_S_DSC); 1274 break; 1275 } 1276 case 2: 1277 { 1278 int msf, size; 1279 uint64_t sectors; 1280 uint8_t *bp, buf[50]; 1281 1282 msf = (acmd[1] >> 1) & 1; 1283 bp = buf + 2; 1284 *bp++ = 1; 1285 *bp++ = 1; 1286 1287 *bp++ = 1; 1288 *bp++ = 0x14; 1289 *bp++ = 0; 1290 *bp++ = 0xa0; 1291 *bp++ = 0; 1292 *bp++ = 0; 1293 *bp++ = 0; 1294 *bp++ = 0; 1295 *bp++ = 1; 1296 *bp++ = 0; 1297 *bp++ = 0; 1298 1299 *bp++ = 1; 1300 *bp++ = 0x14; 1301 *bp++ = 0; 1302 *bp++ = 0xa1; 1303 *bp++ = 0; 1304 *bp++ = 0; 1305 *bp++ = 0; 1306 *bp++ = 0; 1307 *bp++ = 1; 1308 *bp++ = 0; 1309 *bp++ = 0; 1310 1311 *bp++ = 1; 1312 *bp++ = 0x14; 1313 *bp++ = 0; 1314 *bp++ = 0xa2; 1315 *bp++ = 0; 1316 *bp++ = 0; 1317 *bp++ = 0; 1318 sectors = blockif_size(p->bctx) / blockif_sectsz(p->bctx); 1319 sectors >>= 2; 1320 if (msf) { 1321 *bp++ = 0; 1322 lba_to_msf(bp, sectors); 1323 bp += 3; 1324 } else { 1325 be32enc(bp, sectors); 1326 bp += 4; 1327 } 1328 1329 *bp++ = 1; 1330 *bp++ = 0x14; 1331 *bp++ = 0; 1332 *bp++ = 1; 1333 *bp++ = 0; 1334 *bp++ = 0; 1335 *bp++ = 0; 1336 if (msf) { 1337 *bp++ = 0; 1338 lba_to_msf(bp, 0); 1339 bp += 3; 1340 } else { 1341 *bp++ = 0; 1342 *bp++ = 0; 1343 *bp++ = 0; 1344 *bp++ = 0; 1345 } 1346 1347 size = bp - buf; 1348 be16enc(buf, size - 2); 1349 if (len > size) 1350 len = size; 1351 write_prdt(p, slot, cfis, buf, len); 1352 cfis[4] = (cfis[4] & ~7) | ATA_I_CMD | ATA_I_IN; 1353 ahci_write_fis_d2h(p, slot, cfis, ATA_S_READY | ATA_S_DSC); 1354 break; 1355 } 1356 default: 1357 { 1358 uint32_t tfd; 1359 1360 p->sense_key = ATA_SENSE_ILLEGAL_REQUEST; 1361 p->asc = 0x24; 1362 tfd = (p->sense_key << 12) | ATA_S_READY | ATA_S_ERROR; 1363 cfis[4] = (cfis[4] & ~7) | ATA_I_CMD | ATA_I_IN; 1364 ahci_write_fis_d2h(p, slot, cfis, tfd); 1365 break; 1366 } 1367 } 1368 } 1369 1370 static void 1371 atapi_report_luns(struct ahci_port *p, int slot, uint8_t *cfis) 1372 { 1373 uint8_t buf[16]; 1374 1375 memset(buf, 0, sizeof(buf)); 1376 buf[3] = 8; 1377 1378 cfis[4] = (cfis[4] & ~7) | ATA_I_CMD | ATA_I_IN; 1379 write_prdt(p, slot, cfis, buf, sizeof(buf)); 1380 ahci_write_fis_d2h(p, slot, cfis, ATA_S_READY | ATA_S_DSC); 1381 } 1382 1383 static void 1384 atapi_read(struct ahci_port *p, int slot, uint8_t *cfis, uint32_t done) 1385 { 1386 struct ahci_ioreq *aior; 1387 struct ahci_cmd_hdr *hdr; 1388 struct ahci_prdt_entry *prdt; 1389 struct blockif_req *breq; 1390 uint8_t *acmd; 1391 uint64_t lba; 1392 uint32_t len; 1393 int err; 1394 1395 acmd = cfis + 0x40; 1396 hdr = (struct ahci_cmd_hdr *)(p->cmd_lst + slot * AHCI_CL_SIZE); 1397 prdt = (struct ahci_prdt_entry *)(cfis + 0x80); 1398 1399 lba = be32dec(acmd + 2); 1400 if (acmd[0] == READ_10) 1401 len = be16dec(acmd + 7); 1402 else 1403 len = be32dec(acmd + 6); 1404 if (len == 0) { 1405 cfis[4] = (cfis[4] & ~7) | ATA_I_CMD | ATA_I_IN; 1406 ahci_write_fis_d2h(p, slot, cfis, ATA_S_READY | ATA_S_DSC); 1407 } 1408 lba *= 2048; 1409 len *= 2048; 1410 1411 /* 1412 * Pull request off free list 1413 */ 1414 aior = STAILQ_FIRST(&p->iofhd); 1415 assert(aior != NULL); 1416 STAILQ_REMOVE_HEAD(&p->iofhd, io_flist); 1417 aior->cfis = cfis; 1418 aior->slot = slot; 1419 aior->len = len; 1420 aior->done = done; 1421 breq = &aior->io_req; 1422 breq->br_offset = lba + done; 1423 ahci_build_iov(p, aior, prdt, hdr->prdtl); 1424 1425 /* Mark this command in-flight. */ 1426 p->pending |= 1 << slot; 1427 1428 /* Stuff request onto busy list. */ 1429 TAILQ_INSERT_HEAD(&p->iobhd, aior, io_blist); 1430 1431 err = blockif_read(p->bctx, breq); 1432 assert(err == 0); 1433 } 1434 1435 static void 1436 atapi_request_sense(struct ahci_port *p, int slot, uint8_t *cfis) 1437 { 1438 uint8_t buf[64]; 1439 uint8_t *acmd; 1440 int len; 1441 1442 acmd = cfis + 0x40; 1443 len = acmd[4]; 1444 if (len > sizeof(buf)) 1445 len = sizeof(buf); 1446 memset(buf, 0, len); 1447 buf[0] = 0x70 | (1 << 7); 1448 buf[2] = p->sense_key; 1449 buf[7] = 10; 1450 buf[12] = p->asc; 1451 write_prdt(p, slot, cfis, buf, len); 1452 cfis[4] = (cfis[4] & ~7) | ATA_I_CMD | ATA_I_IN; 1453 ahci_write_fis_d2h(p, slot, cfis, ATA_S_READY | ATA_S_DSC); 1454 } 1455 1456 static void 1457 atapi_start_stop_unit(struct ahci_port *p, int slot, uint8_t *cfis) 1458 { 1459 uint8_t *acmd = cfis + 0x40; 1460 uint32_t tfd; 1461 1462 switch (acmd[4] & 3) { 1463 case 0: 1464 case 1: 1465 case 3: 1466 cfis[4] = (cfis[4] & ~7) | ATA_I_CMD | ATA_I_IN; 1467 tfd = ATA_S_READY | ATA_S_DSC; 1468 break; 1469 case 2: 1470 /* TODO eject media */ 1471 cfis[4] = (cfis[4] & ~7) | ATA_I_CMD | ATA_I_IN; 1472 p->sense_key = ATA_SENSE_ILLEGAL_REQUEST; 1473 p->asc = 0x53; 1474 tfd = (p->sense_key << 12) | ATA_S_READY | ATA_S_ERROR; 1475 break; 1476 } 1477 ahci_write_fis_d2h(p, slot, cfis, tfd); 1478 } 1479 1480 static void 1481 atapi_mode_sense(struct ahci_port *p, int slot, uint8_t *cfis) 1482 { 1483 uint8_t *acmd; 1484 uint32_t tfd; 1485 uint8_t pc, code; 1486 int len; 1487 1488 acmd = cfis + 0x40; 1489 len = be16dec(acmd + 7); 1490 pc = acmd[2] >> 6; 1491 code = acmd[2] & 0x3f; 1492 1493 switch (pc) { 1494 case 0: 1495 switch (code) { 1496 case MODEPAGE_RW_ERROR_RECOVERY: 1497 { 1498 uint8_t buf[16]; 1499 1500 if (len > sizeof(buf)) 1501 len = sizeof(buf); 1502 1503 memset(buf, 0, sizeof(buf)); 1504 be16enc(buf, 16 - 2); 1505 buf[2] = 0x70; 1506 buf[8] = 0x01; 1507 buf[9] = 16 - 10; 1508 buf[11] = 0x05; 1509 write_prdt(p, slot, cfis, buf, len); 1510 tfd = ATA_S_READY | ATA_S_DSC; 1511 break; 1512 } 1513 case MODEPAGE_CD_CAPABILITIES: 1514 { 1515 uint8_t buf[30]; 1516 1517 if (len > sizeof(buf)) 1518 len = sizeof(buf); 1519 1520 memset(buf, 0, sizeof(buf)); 1521 be16enc(buf, 30 - 2); 1522 buf[2] = 0x70; 1523 buf[8] = 0x2A; 1524 buf[9] = 30 - 10; 1525 buf[10] = 0x08; 1526 buf[12] = 0x71; 1527 be16enc(&buf[18], 2); 1528 be16enc(&buf[20], 512); 1529 write_prdt(p, slot, cfis, buf, len); 1530 tfd = ATA_S_READY | ATA_S_DSC; 1531 break; 1532 } 1533 default: 1534 goto error; 1535 break; 1536 } 1537 break; 1538 case 3: 1539 p->sense_key = ATA_SENSE_ILLEGAL_REQUEST; 1540 p->asc = 0x39; 1541 tfd = (p->sense_key << 12) | ATA_S_READY | ATA_S_ERROR; 1542 break; 1543 error: 1544 case 1: 1545 case 2: 1546 p->sense_key = ATA_SENSE_ILLEGAL_REQUEST; 1547 p->asc = 0x24; 1548 tfd = (p->sense_key << 12) | ATA_S_READY | ATA_S_ERROR; 1549 break; 1550 } 1551 cfis[4] = (cfis[4] & ~7) | ATA_I_CMD | ATA_I_IN; 1552 ahci_write_fis_d2h(p, slot, cfis, tfd); 1553 } 1554 1555 static void 1556 atapi_get_event_status_notification(struct ahci_port *p, int slot, 1557 uint8_t *cfis) 1558 { 1559 uint8_t *acmd; 1560 uint32_t tfd; 1561 1562 acmd = cfis + 0x40; 1563 1564 /* we don't support asynchronous operation */ 1565 if (!(acmd[1] & 1)) { 1566 p->sense_key = ATA_SENSE_ILLEGAL_REQUEST; 1567 p->asc = 0x24; 1568 tfd = (p->sense_key << 12) | ATA_S_READY | ATA_S_ERROR; 1569 } else { 1570 uint8_t buf[8]; 1571 int len; 1572 1573 len = be16dec(acmd + 7); 1574 if (len > sizeof(buf)) 1575 len = sizeof(buf); 1576 1577 memset(buf, 0, sizeof(buf)); 1578 be16enc(buf, 8 - 2); 1579 buf[2] = 0x04; 1580 buf[3] = 0x10; 1581 buf[5] = 0x02; 1582 write_prdt(p, slot, cfis, buf, len); 1583 tfd = ATA_S_READY | ATA_S_DSC; 1584 } 1585 cfis[4] = (cfis[4] & ~7) | ATA_I_CMD | ATA_I_IN; 1586 ahci_write_fis_d2h(p, slot, cfis, tfd); 1587 } 1588 1589 static void 1590 handle_packet_cmd(struct ahci_port *p, int slot, uint8_t *cfis) 1591 { 1592 uint8_t *acmd; 1593 1594 acmd = cfis + 0x40; 1595 1596 #ifdef AHCI_DEBUG 1597 { 1598 int i; 1599 DPRINTF("ACMD:"); 1600 for (i = 0; i < 16; i++) 1601 DPRINTF("%02x ", acmd[i]); 1602 DPRINTF("\n"); 1603 } 1604 #endif 1605 1606 switch (acmd[0]) { 1607 case TEST_UNIT_READY: 1608 cfis[4] = (cfis[4] & ~7) | ATA_I_CMD | ATA_I_IN; 1609 ahci_write_fis_d2h(p, slot, cfis, ATA_S_READY | ATA_S_DSC); 1610 break; 1611 case INQUIRY: 1612 atapi_inquiry(p, slot, cfis); 1613 break; 1614 case READ_CAPACITY: 1615 atapi_read_capacity(p, slot, cfis); 1616 break; 1617 case PREVENT_ALLOW: 1618 /* TODO */ 1619 cfis[4] = (cfis[4] & ~7) | ATA_I_CMD | ATA_I_IN; 1620 ahci_write_fis_d2h(p, slot, cfis, ATA_S_READY | ATA_S_DSC); 1621 break; 1622 case READ_TOC: 1623 atapi_read_toc(p, slot, cfis); 1624 break; 1625 case REPORT_LUNS: 1626 atapi_report_luns(p, slot, cfis); 1627 break; 1628 case READ_10: 1629 case READ_12: 1630 atapi_read(p, slot, cfis, 0); 1631 break; 1632 case REQUEST_SENSE: 1633 atapi_request_sense(p, slot, cfis); 1634 break; 1635 case START_STOP_UNIT: 1636 atapi_start_stop_unit(p, slot, cfis); 1637 break; 1638 case MODE_SENSE_10: 1639 atapi_mode_sense(p, slot, cfis); 1640 break; 1641 case GET_EVENT_STATUS_NOTIFICATION: 1642 atapi_get_event_status_notification(p, slot, cfis); 1643 break; 1644 default: 1645 cfis[4] = (cfis[4] & ~7) | ATA_I_CMD | ATA_I_IN; 1646 p->sense_key = ATA_SENSE_ILLEGAL_REQUEST; 1647 p->asc = 0x20; 1648 ahci_write_fis_d2h(p, slot, cfis, (p->sense_key << 12) | 1649 ATA_S_READY | ATA_S_ERROR); 1650 break; 1651 } 1652 } 1653 1654 static void 1655 ahci_handle_cmd(struct ahci_port *p, int slot, uint8_t *cfis) 1656 { 1657 1658 p->tfd |= ATA_S_BUSY; 1659 switch (cfis[2]) { 1660 case ATA_ATA_IDENTIFY: 1661 handle_identify(p, slot, cfis); 1662 break; 1663 case ATA_SETFEATURES: 1664 { 1665 switch (cfis[3]) { 1666 case ATA_SF_ENAB_SATA_SF: 1667 switch (cfis[12]) { 1668 case ATA_SATA_SF_AN: 1669 p->tfd = ATA_S_DSC | ATA_S_READY; 1670 break; 1671 default: 1672 p->tfd = ATA_S_ERROR | ATA_S_READY; 1673 p->tfd |= (ATA_ERROR_ABORT << 8); 1674 break; 1675 } 1676 break; 1677 case ATA_SF_ENAB_WCACHE: 1678 case ATA_SF_DIS_WCACHE: 1679 case ATA_SF_ENAB_RCACHE: 1680 case ATA_SF_DIS_RCACHE: 1681 p->tfd = ATA_S_DSC | ATA_S_READY; 1682 break; 1683 case ATA_SF_SETXFER: 1684 { 1685 switch (cfis[12] & 0xf8) { 1686 case ATA_PIO: 1687 case ATA_PIO0: 1688 break; 1689 case ATA_WDMA0: 1690 case ATA_UDMA0: 1691 p->xfermode = (cfis[12] & 0x7); 1692 break; 1693 } 1694 p->tfd = ATA_S_DSC | ATA_S_READY; 1695 break; 1696 } 1697 default: 1698 p->tfd = ATA_S_ERROR | ATA_S_READY; 1699 p->tfd |= (ATA_ERROR_ABORT << 8); 1700 break; 1701 } 1702 ahci_write_fis_d2h(p, slot, cfis, p->tfd); 1703 break; 1704 } 1705 case ATA_SET_MULTI: 1706 if (cfis[12] != 0 && 1707 (cfis[12] > 128 || (cfis[12] & (cfis[12] - 1)))) { 1708 p->tfd = ATA_S_ERROR | ATA_S_READY; 1709 p->tfd |= (ATA_ERROR_ABORT << 8); 1710 } else { 1711 p->mult_sectors = cfis[12]; 1712 p->tfd = ATA_S_DSC | ATA_S_READY; 1713 } 1714 ahci_write_fis_d2h(p, slot, cfis, p->tfd); 1715 break; 1716 case ATA_READ: 1717 case ATA_WRITE: 1718 case ATA_READ48: 1719 case ATA_WRITE48: 1720 case ATA_READ_MUL: 1721 case ATA_WRITE_MUL: 1722 case ATA_READ_MUL48: 1723 case ATA_WRITE_MUL48: 1724 case ATA_READ_DMA: 1725 case ATA_WRITE_DMA: 1726 case ATA_READ_DMA48: 1727 case ATA_WRITE_DMA48: 1728 case ATA_READ_FPDMA_QUEUED: 1729 case ATA_WRITE_FPDMA_QUEUED: 1730 ahci_handle_rw(p, slot, cfis, 0); 1731 break; 1732 case ATA_FLUSHCACHE: 1733 case ATA_FLUSHCACHE48: 1734 ahci_handle_flush(p, slot, cfis); 1735 break; 1736 case ATA_DATA_SET_MANAGEMENT: 1737 if (cfis[11] == 0 && cfis[3] == ATA_DSM_TRIM && 1738 cfis[13] == 0 && cfis[12] == 1) { 1739 ahci_handle_dsm_trim(p, slot, cfis, 0); 1740 break; 1741 } 1742 ahci_write_fis_d2h(p, slot, cfis, 1743 (ATA_E_ABORT << 8) | ATA_S_READY | ATA_S_ERROR); 1744 break; 1745 case ATA_SEND_FPDMA_QUEUED: 1746 if ((cfis[13] & 0x1f) == ATA_SFPDMA_DSM && 1747 cfis[17] == 0 && cfis[16] == ATA_DSM_TRIM && 1748 cfis[11] == 0 && cfis[3] == 1) { 1749 ahci_handle_dsm_trim(p, slot, cfis, 0); 1750 break; 1751 } 1752 ahci_write_fis_d2h(p, slot, cfis, 1753 (ATA_E_ABORT << 8) | ATA_S_READY | ATA_S_ERROR); 1754 break; 1755 case ATA_READ_LOG_EXT: 1756 case ATA_READ_LOG_DMA_EXT: 1757 ahci_handle_read_log(p, slot, cfis); 1758 break; 1759 case ATA_SECURITY_FREEZE_LOCK: 1760 case ATA_SMART_CMD: 1761 case ATA_NOP: 1762 ahci_write_fis_d2h(p, slot, cfis, 1763 (ATA_E_ABORT << 8) | ATA_S_READY | ATA_S_ERROR); 1764 break; 1765 case ATA_CHECK_POWER_MODE: 1766 cfis[12] = 0xff; /* always on */ 1767 ahci_write_fis_d2h(p, slot, cfis, ATA_S_READY | ATA_S_DSC); 1768 break; 1769 case ATA_STANDBY_CMD: 1770 case ATA_STANDBY_IMMEDIATE: 1771 case ATA_IDLE_CMD: 1772 case ATA_IDLE_IMMEDIATE: 1773 case ATA_SLEEP: 1774 case ATA_READ_VERIFY: 1775 case ATA_READ_VERIFY48: 1776 ahci_write_fis_d2h(p, slot, cfis, ATA_S_READY | ATA_S_DSC); 1777 break; 1778 case ATA_ATAPI_IDENTIFY: 1779 handle_atapi_identify(p, slot, cfis); 1780 break; 1781 case ATA_PACKET_CMD: 1782 if (!p->atapi) { 1783 ahci_write_fis_d2h(p, slot, cfis, 1784 (ATA_E_ABORT << 8) | ATA_S_READY | ATA_S_ERROR); 1785 } else 1786 handle_packet_cmd(p, slot, cfis); 1787 break; 1788 default: 1789 WPRINTF("Unsupported cmd:%02x\n", cfis[2]); 1790 ahci_write_fis_d2h(p, slot, cfis, 1791 (ATA_E_ABORT << 8) | ATA_S_READY | ATA_S_ERROR); 1792 break; 1793 } 1794 } 1795 1796 static void 1797 ahci_handle_slot(struct ahci_port *p, int slot) 1798 { 1799 struct ahci_cmd_hdr *hdr; 1800 #ifdef AHCI_DEBUG 1801 struct ahci_prdt_entry *prdt; 1802 #endif 1803 struct pci_ahci_softc *sc; 1804 uint8_t *cfis; 1805 #ifdef AHCI_DEBUG 1806 int cfl, i; 1807 #endif 1808 1809 sc = p->pr_sc; 1810 hdr = (struct ahci_cmd_hdr *)(p->cmd_lst + slot * AHCI_CL_SIZE); 1811 #ifdef AHCI_DEBUG 1812 cfl = (hdr->flags & 0x1f) * 4; 1813 #endif 1814 cfis = paddr_guest2host(ahci_ctx(sc), hdr->ctba, 1815 0x80 + hdr->prdtl * sizeof(struct ahci_prdt_entry)); 1816 #ifdef AHCI_DEBUG 1817 prdt = (struct ahci_prdt_entry *)(cfis + 0x80); 1818 1819 DPRINTF("\ncfis:"); 1820 for (i = 0; i < cfl; i++) { 1821 if (i % 10 == 0) 1822 DPRINTF("\n"); 1823 DPRINTF("%02x ", cfis[i]); 1824 } 1825 DPRINTF("\n"); 1826 1827 for (i = 0; i < hdr->prdtl; i++) { 1828 DPRINTF("%d@%08"PRIx64"\n", prdt->dbc & 0x3fffff, prdt->dba); 1829 prdt++; 1830 } 1831 #endif 1832 1833 if (cfis[0] != FIS_TYPE_REGH2D) { 1834 WPRINTF("Not a H2D FIS:%02x\n", cfis[0]); 1835 return; 1836 } 1837 1838 if (cfis[1] & 0x80) { 1839 ahci_handle_cmd(p, slot, cfis); 1840 } else { 1841 if (cfis[15] & (1 << 2)) 1842 p->reset = 1; 1843 else if (p->reset) { 1844 p->reset = 0; 1845 ahci_port_reset(p); 1846 } 1847 p->ci &= ~(1 << slot); 1848 } 1849 } 1850 1851 static void 1852 ahci_handle_port(struct ahci_port *p) 1853 { 1854 1855 if (!(p->cmd & AHCI_P_CMD_ST)) 1856 return; 1857 1858 /* 1859 * Search for any new commands to issue ignoring those that 1860 * are already in-flight. Stop if device is busy or in error. 1861 */ 1862 for (; (p->ci & ~p->pending) != 0; p->ccs = ((p->ccs + 1) & 31)) { 1863 if ((p->tfd & (ATA_S_BUSY | ATA_S_DRQ)) != 0) 1864 break; 1865 if (p->waitforclear) 1866 break; 1867 if ((p->ci & ~p->pending & (1 << p->ccs)) != 0) { 1868 p->cmd &= ~AHCI_P_CMD_CCS_MASK; 1869 p->cmd |= p->ccs << AHCI_P_CMD_CCS_SHIFT; 1870 ahci_handle_slot(p, p->ccs); 1871 } 1872 } 1873 } 1874 1875 /* 1876 * blockif callback routine - this runs in the context of the blockif 1877 * i/o thread, so the mutex needs to be acquired. 1878 */ 1879 static void 1880 ata_ioreq_cb(struct blockif_req *br, int err) 1881 { 1882 struct ahci_cmd_hdr *hdr; 1883 struct ahci_ioreq *aior; 1884 struct ahci_port *p; 1885 struct pci_ahci_softc *sc; 1886 uint32_t tfd; 1887 uint8_t *cfis; 1888 int slot, ncq, dsm; 1889 1890 DPRINTF("%s %d\n", __func__, err); 1891 1892 ncq = dsm = 0; 1893 aior = br->br_param; 1894 p = aior->io_pr; 1895 cfis = aior->cfis; 1896 slot = aior->slot; 1897 sc = p->pr_sc; 1898 hdr = (struct ahci_cmd_hdr *)(p->cmd_lst + slot * AHCI_CL_SIZE); 1899 1900 if (cfis[2] == ATA_WRITE_FPDMA_QUEUED || 1901 cfis[2] == ATA_READ_FPDMA_QUEUED || 1902 cfis[2] == ATA_SEND_FPDMA_QUEUED) 1903 ncq = 1; 1904 if (cfis[2] == ATA_DATA_SET_MANAGEMENT || 1905 (cfis[2] == ATA_SEND_FPDMA_QUEUED && 1906 (cfis[13] & 0x1f) == ATA_SFPDMA_DSM)) 1907 dsm = 1; 1908 1909 pthread_mutex_lock(&sc->mtx); 1910 1911 /* 1912 * Delete the blockif request from the busy list 1913 */ 1914 TAILQ_REMOVE(&p->iobhd, aior, io_blist); 1915 1916 /* 1917 * Move the blockif request back to the free list 1918 */ 1919 STAILQ_INSERT_TAIL(&p->iofhd, aior, io_flist); 1920 1921 if (!err) 1922 hdr->prdbc = aior->done; 1923 1924 if (!err && aior->more) { 1925 if (dsm) 1926 ahci_handle_dsm_trim(p, slot, cfis, aior->done); 1927 else 1928 ahci_handle_rw(p, slot, cfis, aior->done); 1929 goto out; 1930 } 1931 1932 if (!err) 1933 tfd = ATA_S_READY | ATA_S_DSC; 1934 else 1935 tfd = (ATA_E_ABORT << 8) | ATA_S_READY | ATA_S_ERROR; 1936 if (ncq) 1937 ahci_write_fis_sdb(p, slot, cfis, tfd); 1938 else 1939 ahci_write_fis_d2h(p, slot, cfis, tfd); 1940 1941 /* 1942 * This command is now complete. 1943 */ 1944 p->pending &= ~(1 << slot); 1945 1946 ahci_check_stopped(p); 1947 ahci_handle_port(p); 1948 out: 1949 pthread_mutex_unlock(&sc->mtx); 1950 DPRINTF("%s exit\n", __func__); 1951 } 1952 1953 static void 1954 atapi_ioreq_cb(struct blockif_req *br, int err) 1955 { 1956 struct ahci_cmd_hdr *hdr; 1957 struct ahci_ioreq *aior; 1958 struct ahci_port *p; 1959 struct pci_ahci_softc *sc; 1960 uint8_t *cfis; 1961 uint32_t tfd; 1962 int slot; 1963 1964 DPRINTF("%s %d\n", __func__, err); 1965 1966 aior = br->br_param; 1967 p = aior->io_pr; 1968 cfis = aior->cfis; 1969 slot = aior->slot; 1970 sc = p->pr_sc; 1971 hdr = (struct ahci_cmd_hdr *)(p->cmd_lst + aior->slot * AHCI_CL_SIZE); 1972 1973 pthread_mutex_lock(&sc->mtx); 1974 1975 /* 1976 * Delete the blockif request from the busy list 1977 */ 1978 TAILQ_REMOVE(&p->iobhd, aior, io_blist); 1979 1980 /* 1981 * Move the blockif request back to the free list 1982 */ 1983 STAILQ_INSERT_TAIL(&p->iofhd, aior, io_flist); 1984 1985 if (!err) 1986 hdr->prdbc = aior->done; 1987 1988 if (!err && aior->more) { 1989 atapi_read(p, slot, cfis, aior->done); 1990 goto out; 1991 } 1992 1993 if (!err) { 1994 tfd = ATA_S_READY | ATA_S_DSC; 1995 } else { 1996 p->sense_key = ATA_SENSE_ILLEGAL_REQUEST; 1997 p->asc = 0x21; 1998 tfd = (p->sense_key << 12) | ATA_S_READY | ATA_S_ERROR; 1999 } 2000 cfis[4] = (cfis[4] & ~7) | ATA_I_CMD | ATA_I_IN; 2001 ahci_write_fis_d2h(p, slot, cfis, tfd); 2002 2003 /* 2004 * This command is now complete. 2005 */ 2006 p->pending &= ~(1 << slot); 2007 2008 ahci_check_stopped(p); 2009 ahci_handle_port(p); 2010 out: 2011 pthread_mutex_unlock(&sc->mtx); 2012 DPRINTF("%s exit\n", __func__); 2013 } 2014 2015 static void 2016 pci_ahci_ioreq_init(struct ahci_port *pr) 2017 { 2018 struct ahci_ioreq *vr; 2019 int i; 2020 2021 pr->ioqsz = blockif_queuesz(pr->bctx); 2022 pr->ioreq = calloc(pr->ioqsz, sizeof(struct ahci_ioreq)); 2023 STAILQ_INIT(&pr->iofhd); 2024 2025 /* 2026 * Add all i/o request entries to the free queue 2027 */ 2028 for (i = 0; i < pr->ioqsz; i++) { 2029 vr = &pr->ioreq[i]; 2030 vr->io_pr = pr; 2031 if (!pr->atapi) 2032 vr->io_req.br_callback = ata_ioreq_cb; 2033 else 2034 vr->io_req.br_callback = atapi_ioreq_cb; 2035 vr->io_req.br_param = vr; 2036 STAILQ_INSERT_TAIL(&pr->iofhd, vr, io_flist); 2037 } 2038 2039 TAILQ_INIT(&pr->iobhd); 2040 } 2041 2042 static void 2043 pci_ahci_port_write(struct pci_ahci_softc *sc, uint64_t offset, uint64_t value) 2044 { 2045 int port = (offset - AHCI_OFFSET) / AHCI_STEP; 2046 offset = (offset - AHCI_OFFSET) % AHCI_STEP; 2047 struct ahci_port *p = &sc->port[port]; 2048 2049 DPRINTF("pci_ahci_port %d: write offset 0x%"PRIx64" value 0x%"PRIx64"\n", 2050 port, offset, value); 2051 2052 switch (offset) { 2053 case AHCI_P_CLB: 2054 p->clb = value; 2055 break; 2056 case AHCI_P_CLBU: 2057 p->clbu = value; 2058 break; 2059 case AHCI_P_FB: 2060 p->fb = value; 2061 break; 2062 case AHCI_P_FBU: 2063 p->fbu = value; 2064 break; 2065 case AHCI_P_IS: 2066 p->is &= ~value; 2067 ahci_port_intr(p); 2068 break; 2069 case AHCI_P_IE: 2070 p->ie = value & 0xFDC000FF; 2071 ahci_port_intr(p); 2072 break; 2073 case AHCI_P_CMD: 2074 { 2075 p->cmd &= ~(AHCI_P_CMD_ST | AHCI_P_CMD_SUD | AHCI_P_CMD_POD | 2076 AHCI_P_CMD_CLO | AHCI_P_CMD_FRE | AHCI_P_CMD_APSTE | 2077 AHCI_P_CMD_ATAPI | AHCI_P_CMD_DLAE | AHCI_P_CMD_ALPE | 2078 AHCI_P_CMD_ASP | AHCI_P_CMD_ICC_MASK); 2079 p->cmd |= (AHCI_P_CMD_ST | AHCI_P_CMD_SUD | AHCI_P_CMD_POD | 2080 AHCI_P_CMD_CLO | AHCI_P_CMD_FRE | AHCI_P_CMD_APSTE | 2081 AHCI_P_CMD_ATAPI | AHCI_P_CMD_DLAE | AHCI_P_CMD_ALPE | 2082 AHCI_P_CMD_ASP | AHCI_P_CMD_ICC_MASK) & value; 2083 2084 if (!(value & AHCI_P_CMD_ST)) { 2085 ahci_port_stop(p); 2086 } else { 2087 uint64_t clb; 2088 2089 p->cmd |= AHCI_P_CMD_CR; 2090 clb = (uint64_t)p->clbu << 32 | p->clb; 2091 p->cmd_lst = paddr_guest2host(ahci_ctx(sc), clb, 2092 AHCI_CL_SIZE * AHCI_MAX_SLOTS); 2093 } 2094 2095 if (value & AHCI_P_CMD_FRE) { 2096 uint64_t fb; 2097 2098 p->cmd |= AHCI_P_CMD_FR; 2099 fb = (uint64_t)p->fbu << 32 | p->fb; 2100 /* we don't support FBSCP, so rfis size is 256Bytes */ 2101 p->rfis = paddr_guest2host(ahci_ctx(sc), fb, 256); 2102 } else { 2103 p->cmd &= ~AHCI_P_CMD_FR; 2104 } 2105 2106 if (value & AHCI_P_CMD_CLO) { 2107 p->tfd &= ~(ATA_S_BUSY | ATA_S_DRQ); 2108 p->cmd &= ~AHCI_P_CMD_CLO; 2109 } 2110 2111 if (value & AHCI_P_CMD_ICC_MASK) { 2112 p->cmd &= ~AHCI_P_CMD_ICC_MASK; 2113 } 2114 2115 ahci_handle_port(p); 2116 break; 2117 } 2118 case AHCI_P_TFD: 2119 case AHCI_P_SIG: 2120 case AHCI_P_SSTS: 2121 WPRINTF("pci_ahci_port: read only registers 0x%"PRIx64"\n", offset); 2122 break; 2123 case AHCI_P_SCTL: 2124 p->sctl = value; 2125 if (!(p->cmd & AHCI_P_CMD_ST)) { 2126 if (value & ATA_SC_DET_RESET) 2127 ahci_port_reset(p); 2128 } 2129 break; 2130 case AHCI_P_SERR: 2131 p->serr &= ~value; 2132 break; 2133 case AHCI_P_SACT: 2134 p->sact |= value; 2135 break; 2136 case AHCI_P_CI: 2137 p->ci |= value; 2138 ahci_handle_port(p); 2139 break; 2140 case AHCI_P_SNTF: 2141 case AHCI_P_FBS: 2142 default: 2143 break; 2144 } 2145 } 2146 2147 static void 2148 pci_ahci_host_write(struct pci_ahci_softc *sc, uint64_t offset, uint64_t value) 2149 { 2150 DPRINTF("pci_ahci_host: write offset 0x%"PRIx64" value 0x%"PRIx64"\n", 2151 offset, value); 2152 2153 switch (offset) { 2154 case AHCI_CAP: 2155 case AHCI_PI: 2156 case AHCI_VS: 2157 case AHCI_CAP2: 2158 DPRINTF("pci_ahci_host: read only registers 0x%"PRIx64"\n", offset); 2159 break; 2160 case AHCI_GHC: 2161 if (value & AHCI_GHC_HR) { 2162 ahci_reset(sc); 2163 break; 2164 } 2165 if (value & AHCI_GHC_IE) 2166 sc->ghc |= AHCI_GHC_IE; 2167 else 2168 sc->ghc &= ~AHCI_GHC_IE; 2169 ahci_generate_intr(sc, 0xffffffff); 2170 break; 2171 case AHCI_IS: 2172 sc->is &= ~value; 2173 ahci_generate_intr(sc, value); 2174 break; 2175 default: 2176 break; 2177 } 2178 } 2179 2180 static void 2181 pci_ahci_write(struct vmctx *ctx, int vcpu, struct pci_devinst *pi, 2182 int baridx, uint64_t offset, int size, uint64_t value) 2183 { 2184 struct pci_ahci_softc *sc = pi->pi_arg; 2185 2186 assert(baridx == 5); 2187 assert((offset % 4) == 0 && size == 4); 2188 2189 pthread_mutex_lock(&sc->mtx); 2190 2191 if (offset < AHCI_OFFSET) 2192 pci_ahci_host_write(sc, offset, value); 2193 else if (offset < AHCI_OFFSET + sc->ports * AHCI_STEP) 2194 pci_ahci_port_write(sc, offset, value); 2195 else 2196 WPRINTF("pci_ahci: unknown i/o write offset 0x%"PRIx64"\n", offset); 2197 2198 pthread_mutex_unlock(&sc->mtx); 2199 } 2200 2201 static uint64_t 2202 pci_ahci_host_read(struct pci_ahci_softc *sc, uint64_t offset) 2203 { 2204 uint32_t value; 2205 2206 switch (offset) { 2207 case AHCI_CAP: 2208 case AHCI_GHC: 2209 case AHCI_IS: 2210 case AHCI_PI: 2211 case AHCI_VS: 2212 case AHCI_CCCC: 2213 case AHCI_CCCP: 2214 case AHCI_EM_LOC: 2215 case AHCI_EM_CTL: 2216 case AHCI_CAP2: 2217 { 2218 uint32_t *p = &sc->cap; 2219 p += (offset - AHCI_CAP) / sizeof(uint32_t); 2220 value = *p; 2221 break; 2222 } 2223 default: 2224 value = 0; 2225 break; 2226 } 2227 DPRINTF("pci_ahci_host: read offset 0x%"PRIx64" value 0x%x\n", 2228 offset, value); 2229 2230 return (value); 2231 } 2232 2233 static uint64_t 2234 pci_ahci_port_read(struct pci_ahci_softc *sc, uint64_t offset) 2235 { 2236 uint32_t value; 2237 int port = (offset - AHCI_OFFSET) / AHCI_STEP; 2238 offset = (offset - AHCI_OFFSET) % AHCI_STEP; 2239 2240 switch (offset) { 2241 case AHCI_P_CLB: 2242 case AHCI_P_CLBU: 2243 case AHCI_P_FB: 2244 case AHCI_P_FBU: 2245 case AHCI_P_IS: 2246 case AHCI_P_IE: 2247 case AHCI_P_CMD: 2248 case AHCI_P_TFD: 2249 case AHCI_P_SIG: 2250 case AHCI_P_SSTS: 2251 case AHCI_P_SCTL: 2252 case AHCI_P_SERR: 2253 case AHCI_P_SACT: 2254 case AHCI_P_CI: 2255 case AHCI_P_SNTF: 2256 case AHCI_P_FBS: 2257 { 2258 uint32_t *p= &sc->port[port].clb; 2259 p += (offset - AHCI_P_CLB) / sizeof(uint32_t); 2260 value = *p; 2261 break; 2262 } 2263 default: 2264 value = 0; 2265 break; 2266 } 2267 2268 DPRINTF("pci_ahci_port %d: read offset 0x%"PRIx64" value 0x%x\n", 2269 port, offset, value); 2270 2271 return value; 2272 } 2273 2274 static uint64_t 2275 pci_ahci_read(struct vmctx *ctx, int vcpu, struct pci_devinst *pi, int baridx, 2276 uint64_t regoff, int size) 2277 { 2278 struct pci_ahci_softc *sc = pi->pi_arg; 2279 uint64_t offset; 2280 uint32_t value; 2281 2282 assert(baridx == 5); 2283 assert(size == 1 || size == 2 || size == 4); 2284 assert((regoff & (size - 1)) == 0); 2285 2286 pthread_mutex_lock(&sc->mtx); 2287 2288 offset = regoff & ~0x3; /* round down to a multiple of 4 bytes */ 2289 if (offset < AHCI_OFFSET) 2290 value = pci_ahci_host_read(sc, offset); 2291 else if (offset < AHCI_OFFSET + sc->ports * AHCI_STEP) 2292 value = pci_ahci_port_read(sc, offset); 2293 else { 2294 value = 0; 2295 WPRINTF("pci_ahci: unknown i/o read offset 0x%"PRIx64"\n", 2296 regoff); 2297 } 2298 value >>= 8 * (regoff & 0x3); 2299 2300 pthread_mutex_unlock(&sc->mtx); 2301 2302 return (value); 2303 } 2304 2305 static int 2306 pci_ahci_init(struct vmctx *ctx, struct pci_devinst *pi, char *opts, int atapi) 2307 { 2308 char bident[sizeof("XX:XX:XX")]; 2309 struct blockif_ctxt *bctxt; 2310 struct pci_ahci_softc *sc; 2311 int ret, slots, p; 2312 MD5_CTX mdctx; 2313 u_char digest[16]; 2314 char *next, *next2; 2315 2316 ret = 0; 2317 2318 #ifdef AHCI_DEBUG 2319 dbg = fopen("/tmp/log", "w+"); 2320 #endif 2321 2322 sc = calloc(1, sizeof(struct pci_ahci_softc)); 2323 pi->pi_arg = sc; 2324 sc->asc_pi = pi; 2325 pthread_mutex_init(&sc->mtx, NULL); 2326 sc->ports = 0; 2327 sc->pi = 0; 2328 slots = 32; 2329 2330 for (p = 0; p < MAX_PORTS && opts != NULL; p++, opts = next) { 2331 /* Identify and cut off type of present port. */ 2332 if (strncmp(opts, "hd:", 3) == 0) { 2333 atapi = 0; 2334 opts += 3; 2335 } else if (strncmp(opts, "cd:", 3) == 0) { 2336 atapi = 1; 2337 opts += 3; 2338 } 2339 2340 /* Find and cut off the next port options. */ 2341 next = strstr(opts, ",hd:"); 2342 next2 = strstr(opts, ",cd:"); 2343 if (next == NULL || (next2 != NULL && next2 < next)) 2344 next = next2; 2345 if (next != NULL) { 2346 next[0] = 0; 2347 next++; 2348 } 2349 2350 if (opts[0] == 0) 2351 continue; 2352 2353 /* 2354 * Attempt to open the backing image. Use the PCI slot/func 2355 * and the port number for the identifier string. 2356 */ 2357 snprintf(bident, sizeof(bident), "%d:%d:%d", pi->pi_slot, 2358 pi->pi_func, p); 2359 bctxt = blockif_open(opts, bident); 2360 if (bctxt == NULL) { 2361 sc->ports = p; 2362 ret = 1; 2363 goto open_fail; 2364 } 2365 sc->port[p].bctx = bctxt; 2366 sc->port[p].pr_sc = sc; 2367 sc->port[p].port = p; 2368 sc->port[p].atapi = atapi; 2369 2370 /* 2371 * Create an identifier for the backing file. 2372 * Use parts of the md5 sum of the filename 2373 */ 2374 MD5Init(&mdctx); 2375 MD5Update(&mdctx, opts, strlen(opts)); 2376 MD5Final(digest, &mdctx); 2377 sprintf(sc->port[p].ident, "BHYVE-%02X%02X-%02X%02X-%02X%02X", 2378 digest[0], digest[1], digest[2], digest[3], digest[4], 2379 digest[5]); 2380 2381 /* 2382 * Allocate blockif request structures and add them 2383 * to the free list 2384 */ 2385 pci_ahci_ioreq_init(&sc->port[p]); 2386 2387 sc->pi |= (1 << p); 2388 if (sc->port[p].ioqsz < slots) 2389 slots = sc->port[p].ioqsz; 2390 } 2391 sc->ports = p; 2392 2393 /* Intel ICH8 AHCI */ 2394 --slots; 2395 if (sc->ports < DEF_PORTS) 2396 sc->ports = DEF_PORTS; 2397 sc->cap = AHCI_CAP_64BIT | AHCI_CAP_SNCQ | AHCI_CAP_SSNTF | 2398 AHCI_CAP_SMPS | AHCI_CAP_SSS | AHCI_CAP_SALP | 2399 AHCI_CAP_SAL | AHCI_CAP_SCLO | (0x3 << AHCI_CAP_ISS_SHIFT)| 2400 AHCI_CAP_PMD | AHCI_CAP_SSC | AHCI_CAP_PSC | 2401 (slots << AHCI_CAP_NCS_SHIFT) | AHCI_CAP_SXS | (sc->ports - 1); 2402 2403 sc->vs = 0x10300; 2404 sc->cap2 = AHCI_CAP2_APST; 2405 ahci_reset(sc); 2406 2407 pci_set_cfgdata16(pi, PCIR_DEVICE, 0x2821); 2408 pci_set_cfgdata16(pi, PCIR_VENDOR, 0x8086); 2409 pci_set_cfgdata8(pi, PCIR_CLASS, PCIC_STORAGE); 2410 pci_set_cfgdata8(pi, PCIR_SUBCLASS, PCIS_STORAGE_SATA); 2411 pci_set_cfgdata8(pi, PCIR_PROGIF, PCIP_STORAGE_SATA_AHCI_1_0); 2412 p = MIN(sc->ports, 16); 2413 p = flsl(p) - ((p & (p - 1)) ? 0 : 1); 2414 pci_emul_add_msicap(pi, 1 << p); 2415 pci_emul_alloc_bar(pi, 5, PCIBAR_MEM32, 2416 AHCI_OFFSET + sc->ports * AHCI_STEP); 2417 2418 pci_lintr_request(pi); 2419 2420 open_fail: 2421 if (ret) { 2422 for (p = 0; p < sc->ports; p++) { 2423 if (sc->port[p].bctx != NULL) 2424 blockif_close(sc->port[p].bctx); 2425 } 2426 free(sc); 2427 } 2428 2429 return (ret); 2430 } 2431 2432 static int 2433 pci_ahci_hd_init(struct vmctx *ctx, struct pci_devinst *pi, char *opts) 2434 { 2435 2436 return (pci_ahci_init(ctx, pi, opts, 0)); 2437 } 2438 2439 static int 2440 pci_ahci_atapi_init(struct vmctx *ctx, struct pci_devinst *pi, char *opts) 2441 { 2442 2443 return (pci_ahci_init(ctx, pi, opts, 1)); 2444 } 2445 2446 /* 2447 * Use separate emulation names to distinguish drive and atapi devices 2448 */ 2449 struct pci_devemu pci_de_ahci = { 2450 .pe_emu = "ahci", 2451 .pe_init = pci_ahci_hd_init, 2452 .pe_barwrite = pci_ahci_write, 2453 .pe_barread = pci_ahci_read 2454 }; 2455 PCI_EMUL_SET(pci_de_ahci); 2456 2457 struct pci_devemu pci_de_ahci_hd = { 2458 .pe_emu = "ahci-hd", 2459 .pe_init = pci_ahci_hd_init, 2460 .pe_barwrite = pci_ahci_write, 2461 .pe_barread = pci_ahci_read 2462 }; 2463 PCI_EMUL_SET(pci_de_ahci_hd); 2464 2465 struct pci_devemu pci_de_ahci_cd = { 2466 .pe_emu = "ahci-cd", 2467 .pe_init = pci_ahci_atapi_init, 2468 .pe_barwrite = pci_ahci_write, 2469 .pe_barread = pci_ahci_read 2470 }; 2471 PCI_EMUL_SET(pci_de_ahci_cd); 2472