1 /*
2 * IDE test cases
3 *
4 * Copyright (c) 2013 Kevin Wolf <kwolf@redhat.com>
5 *
6 * Permission is hereby granted, free of charge, to any person obtaining a copy
7 * of this software and associated documentation files (the "Software"), to deal
8 * in the Software without restriction, including without limitation the rights
9 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
10 * copies of the Software, and to permit persons to whom the Software is
11 * furnished to do so, subject to the following conditions:
12 *
13 * The above copyright notice and this permission notice shall be included in
14 * all copies or substantial portions of the Software.
15 *
16 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
17 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
18 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
19 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
20 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
21 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
22 * THE SOFTWARE.
23 */
24
25 #include "qemu/osdep.h"
26
27
28 #include "libqtest.h"
29 #include "libqos/libqos.h"
30 #include "libqos/pci-pc.h"
31 #include "libqos/malloc-pc.h"
32 #include "qapi/qmp/qdict.h"
33 #include "qemu/bswap.h"
34 #include "hw/pci/pci_ids.h"
35 #include "hw/pci/pci_regs.h"
36
37 /* Specified by ATA (physical) CHS geometry for ~64 MiB device. */
38 #define TEST_IMAGE_SIZE ((130 * 16 * 63) * 512)
39
40 #define IDE_PCI_DEV 1
41 #define IDE_PCI_FUNC 1
42
43 #define IDE_BASE 0x1f0
44 #define IDE_PRIMARY_IRQ 14
45
46 #define ATAPI_BLOCK_SIZE 2048
47
48 /* How many bytes to receive via ATAPI PIO at one time.
49 * Must be less than 0xFFFF. */
50 #define BYTE_COUNT_LIMIT 5120
51
52 enum {
53 reg_data = 0x0,
54 reg_feature = 0x1,
55 reg_error = 0x1,
56 reg_nsectors = 0x2,
57 reg_lba_low = 0x3,
58 reg_lba_middle = 0x4,
59 reg_lba_high = 0x5,
60 reg_device = 0x6,
61 reg_status = 0x7,
62 reg_command = 0x7,
63 };
64
65 enum {
66 BSY = 0x80,
67 DRDY = 0x40,
68 DF = 0x20,
69 DRQ = 0x08,
70 ERR = 0x01,
71 };
72
73 /* Error field */
74 enum {
75 ABRT = 0x04,
76 };
77
78 enum {
79 DEV = 0x10,
80 LBA = 0x40,
81 };
82
83 enum {
84 bmreg_cmd = 0x0,
85 bmreg_status = 0x2,
86 bmreg_prdt = 0x4,
87 };
88
89 enum {
90 CMD_DSM = 0x06,
91 CMD_DIAGNOSE = 0x90,
92 CMD_INIT_DP = 0x91, /* INITIALIZE DEVICE PARAMETERS */
93 CMD_READ_DMA = 0xc8,
94 CMD_WRITE_DMA = 0xca,
95 CMD_FLUSH_CACHE = 0xe7,
96 CMD_IDENTIFY = 0xec,
97 CMD_PACKET = 0xa0,
98 CMD_READ_NATIVE = 0xf8, /* READ NATIVE MAX ADDRESS */
99
100 CMDF_ABORT = 0x100,
101 CMDF_NO_BM = 0x200,
102 };
103
104 enum {
105 BM_CMD_START = 0x1,
106 BM_CMD_WRITE = 0x8, /* write = from device to memory */
107 };
108
109 enum {
110 BM_STS_ACTIVE = 0x1,
111 BM_STS_ERROR = 0x2,
112 BM_STS_INTR = 0x4,
113 };
114
115 enum {
116 PRDT_EOT = 0x80000000,
117 };
118
119 #define assert_bit_set(data, mask) g_assert_cmphex((data) & (mask), ==, (mask))
120 #define assert_bit_clear(data, mask) g_assert_cmphex((data) & (mask), ==, 0)
121
122 static QPCIBus *pcibus = NULL;
123 static QGuestAllocator guest_malloc;
124
125 static char *tmp_path[2];
126 static char *debug_path;
127
128 G_GNUC_PRINTF(1, 2)
ide_test_start(const char * cmdline_fmt,...)129 static QTestState *ide_test_start(const char *cmdline_fmt, ...)
130 {
131 QTestState *qts;
132 g_autofree char *full_fmt = g_strdup_printf("-machine pc %s", cmdline_fmt);
133 va_list ap;
134
135 va_start(ap, cmdline_fmt);
136 qts = qtest_vinitf(full_fmt, ap);
137 va_end(ap);
138
139 pc_alloc_init(&guest_malloc, qts, 0);
140
141 return qts;
142 }
143
ide_test_quit(QTestState * qts)144 static void ide_test_quit(QTestState *qts)
145 {
146 if (pcibus) {
147 qpci_free_pc(pcibus);
148 pcibus = NULL;
149 }
150 alloc_destroy(&guest_malloc);
151 qtest_quit(qts);
152 }
153
get_pci_device(QTestState * qts,QPCIBar * bmdma_bar,QPCIBar * ide_bar)154 static QPCIDevice *get_pci_device(QTestState *qts, QPCIBar *bmdma_bar,
155 QPCIBar *ide_bar)
156 {
157 QPCIDevice *dev;
158 uint16_t vendor_id, device_id;
159
160 if (!pcibus) {
161 pcibus = qpci_new_pc(qts, NULL);
162 }
163
164 /* Find PCI device and verify it's the right one */
165 dev = qpci_device_find(pcibus, QPCI_DEVFN(IDE_PCI_DEV, IDE_PCI_FUNC));
166 g_assert(dev != NULL);
167
168 vendor_id = qpci_config_readw(dev, PCI_VENDOR_ID);
169 device_id = qpci_config_readw(dev, PCI_DEVICE_ID);
170 g_assert(vendor_id == PCI_VENDOR_ID_INTEL);
171 g_assert(device_id == PCI_DEVICE_ID_INTEL_82371SB_1);
172
173 /* Map bmdma BAR */
174 *bmdma_bar = qpci_iomap(dev, 4, NULL);
175
176 *ide_bar = qpci_legacy_iomap(dev, IDE_BASE);
177
178 qpci_device_enable(dev);
179
180 return dev;
181 }
182
free_pci_device(QPCIDevice * dev)183 static void free_pci_device(QPCIDevice *dev)
184 {
185 /* libqos doesn't have a function for this, so free it manually */
186 g_free(dev);
187 }
188
189 typedef struct PrdtEntry {
190 uint32_t addr;
191 uint32_t size;
192 } QEMU_PACKED PrdtEntry;
193
194 #define assert_bit_set(data, mask) g_assert_cmphex((data) & (mask), ==, (mask))
195 #define assert_bit_clear(data, mask) g_assert_cmphex((data) & (mask), ==, 0)
196
trim_range_le(uint64_t sector,uint16_t count)197 static uint64_t trim_range_le(uint64_t sector, uint16_t count)
198 {
199 /* 2-byte range, 6-byte LBA */
200 return cpu_to_le64(((uint64_t)count << 48) + sector);
201 }
202
send_dma_request(QTestState * qts,int cmd,uint64_t sector,int nb_sectors,PrdtEntry * prdt,int prdt_entries,void (* post_exec)(QPCIDevice * dev,QPCIBar ide_bar,uint64_t sector,int nb_sectors))203 static int send_dma_request(QTestState *qts, int cmd, uint64_t sector,
204 int nb_sectors, PrdtEntry *prdt, int prdt_entries,
205 void(*post_exec)(QPCIDevice *dev, QPCIBar ide_bar,
206 uint64_t sector, int nb_sectors))
207 {
208 QPCIDevice *dev;
209 QPCIBar bmdma_bar, ide_bar;
210 uintptr_t guest_prdt;
211 size_t len;
212 bool from_dev;
213 uint8_t status;
214 int flags;
215
216 dev = get_pci_device(qts, &bmdma_bar, &ide_bar);
217
218 flags = cmd & ~0xff;
219 cmd &= 0xff;
220
221 switch (cmd) {
222 case CMD_READ_DMA:
223 case CMD_PACKET:
224 /* Assuming we only test data reads w/ ATAPI, otherwise we need to know
225 * the SCSI command being sent in the packet, too. */
226 from_dev = true;
227 break;
228 case CMD_DSM:
229 case CMD_WRITE_DMA:
230 from_dev = false;
231 break;
232 default:
233 g_assert_not_reached();
234 }
235
236 if (flags & CMDF_NO_BM) {
237 qpci_config_writew(dev, PCI_COMMAND,
238 PCI_COMMAND_IO | PCI_COMMAND_MEMORY);
239 }
240
241 /* Select device 0 */
242 qpci_io_writeb(dev, ide_bar, reg_device, 0 | LBA);
243
244 /* Stop any running transfer, clear any pending interrupt */
245 qpci_io_writeb(dev, bmdma_bar, bmreg_cmd, 0);
246 qpci_io_writeb(dev, bmdma_bar, bmreg_status, BM_STS_INTR);
247
248 /* Setup PRDT */
249 len = sizeof(*prdt) * prdt_entries;
250 guest_prdt = guest_alloc(&guest_malloc, len);
251 qtest_memwrite(qts, guest_prdt, prdt, len);
252 qpci_io_writel(dev, bmdma_bar, bmreg_prdt, guest_prdt);
253
254 /* ATA DMA command */
255 if (cmd == CMD_PACKET) {
256 /* Enables ATAPI DMA; otherwise PIO is attempted */
257 qpci_io_writeb(dev, ide_bar, reg_feature, 0x01);
258 } else {
259 if (cmd == CMD_DSM) {
260 /* trim bit */
261 qpci_io_writeb(dev, ide_bar, reg_feature, 0x01);
262 }
263 qpci_io_writeb(dev, ide_bar, reg_nsectors, nb_sectors);
264 qpci_io_writeb(dev, ide_bar, reg_lba_low, sector & 0xff);
265 qpci_io_writeb(dev, ide_bar, reg_lba_middle, (sector >> 8) & 0xff);
266 qpci_io_writeb(dev, ide_bar, reg_lba_high, (sector >> 16) & 0xff);
267 }
268
269 qpci_io_writeb(dev, ide_bar, reg_command, cmd);
270
271 if (post_exec) {
272 post_exec(dev, ide_bar, sector, nb_sectors);
273 }
274
275 /* Start DMA transfer */
276 qpci_io_writeb(dev, bmdma_bar, bmreg_cmd,
277 BM_CMD_START | (from_dev ? BM_CMD_WRITE : 0));
278
279 if (flags & CMDF_ABORT) {
280 qpci_io_writeb(dev, bmdma_bar, bmreg_cmd, 0);
281 }
282
283 /* Wait for the DMA transfer to complete */
284 do {
285 status = qpci_io_readb(dev, bmdma_bar, bmreg_status);
286 } while ((status & (BM_STS_ACTIVE | BM_STS_INTR)) == BM_STS_ACTIVE);
287
288 g_assert_cmpint(qtest_get_irq(qts, IDE_PRIMARY_IRQ), ==,
289 !!(status & BM_STS_INTR));
290
291 /* Check IDE status code */
292 assert_bit_set(qpci_io_readb(dev, ide_bar, reg_status), DRDY);
293 assert_bit_clear(qpci_io_readb(dev, ide_bar, reg_status), BSY | DRQ);
294
295 /* Reading the status register clears the IRQ */
296 g_assert(!qtest_get_irq(qts, IDE_PRIMARY_IRQ));
297
298 /* Stop DMA transfer if still active */
299 if (status & BM_STS_ACTIVE) {
300 qpci_io_writeb(dev, bmdma_bar, bmreg_cmd, 0);
301 }
302
303 free_pci_device(dev);
304
305 return status;
306 }
307
test_bmdma_setup(void)308 static QTestState *test_bmdma_setup(void)
309 {
310 QTestState *qts;
311
312 qts = ide_test_start(
313 "-drive file=%s,if=ide,cache=writeback,format=raw "
314 "-global ide-hd.serial=%s -global ide-hd.ver=%s",
315 tmp_path[0], "testdisk", "version");
316 qtest_irq_intercept_in(qts, "ioapic");
317
318 return qts;
319 }
320
test_bmdma_teardown(QTestState * qts)321 static void test_bmdma_teardown(QTestState *qts)
322 {
323 ide_test_quit(qts);
324 }
325
test_bmdma_simple_rw(void)326 static void test_bmdma_simple_rw(void)
327 {
328 QTestState *qts;
329 QPCIDevice *dev;
330 QPCIBar bmdma_bar, ide_bar;
331 uint8_t status;
332 uint8_t *buf;
333 uint8_t *cmpbuf;
334 size_t len = 512;
335 uintptr_t guest_buf;
336 PrdtEntry prdt[1];
337
338 qts = test_bmdma_setup();
339
340 guest_buf = guest_alloc(&guest_malloc, len);
341 prdt[0].addr = cpu_to_le32(guest_buf);
342 prdt[0].size = cpu_to_le32(len | PRDT_EOT);
343
344 dev = get_pci_device(qts, &bmdma_bar, &ide_bar);
345
346 buf = g_malloc(len);
347 cmpbuf = g_malloc(len);
348
349 /* Write 0x55 pattern to sector 0 */
350 memset(buf, 0x55, len);
351 qtest_memwrite(qts, guest_buf, buf, len);
352
353 status = send_dma_request(qts, CMD_WRITE_DMA, 0, 1, prdt,
354 ARRAY_SIZE(prdt), NULL);
355 g_assert_cmphex(status, ==, BM_STS_INTR);
356 assert_bit_clear(qpci_io_readb(dev, ide_bar, reg_status), DF | ERR);
357
358 /* Write 0xaa pattern to sector 1 */
359 memset(buf, 0xaa, len);
360 qtest_memwrite(qts, guest_buf, buf, len);
361
362 status = send_dma_request(qts, CMD_WRITE_DMA, 1, 1, prdt,
363 ARRAY_SIZE(prdt), NULL);
364 g_assert_cmphex(status, ==, BM_STS_INTR);
365 assert_bit_clear(qpci_io_readb(dev, ide_bar, reg_status), DF | ERR);
366
367 /* Read and verify 0x55 pattern in sector 0 */
368 memset(cmpbuf, 0x55, len);
369
370 status = send_dma_request(qts, CMD_READ_DMA, 0, 1, prdt, ARRAY_SIZE(prdt),
371 NULL);
372 g_assert_cmphex(status, ==, BM_STS_INTR);
373 assert_bit_clear(qpci_io_readb(dev, ide_bar, reg_status), DF | ERR);
374
375 qtest_memread(qts, guest_buf, buf, len);
376 g_assert(memcmp(buf, cmpbuf, len) == 0);
377
378 /* Read and verify 0xaa pattern in sector 1 */
379 memset(cmpbuf, 0xaa, len);
380
381 status = send_dma_request(qts, CMD_READ_DMA, 1, 1, prdt, ARRAY_SIZE(prdt),
382 NULL);
383 g_assert_cmphex(status, ==, BM_STS_INTR);
384 assert_bit_clear(qpci_io_readb(dev, ide_bar, reg_status), DF | ERR);
385
386 qtest_memread(qts, guest_buf, buf, len);
387 g_assert(memcmp(buf, cmpbuf, len) == 0);
388
389 free_pci_device(dev);
390 g_free(buf);
391 g_free(cmpbuf);
392
393 test_bmdma_teardown(qts);
394 }
395
test_bmdma_trim(void)396 static void test_bmdma_trim(void)
397 {
398 QTestState *qts;
399 QPCIDevice *dev;
400 QPCIBar bmdma_bar, ide_bar;
401 uint8_t status;
402 const uint64_t trim_range[] = { trim_range_le(0, 2),
403 trim_range_le(6, 8),
404 trim_range_le(10, 1),
405 };
406 const uint64_t bad_range = trim_range_le(TEST_IMAGE_SIZE / 512 - 1, 2);
407 size_t len = 512;
408 uint8_t *buf;
409 uintptr_t guest_buf;
410 PrdtEntry prdt[1];
411
412 qts = test_bmdma_setup();
413
414 guest_buf = guest_alloc(&guest_malloc, len);
415 prdt[0].addr = cpu_to_le32(guest_buf),
416 prdt[0].size = cpu_to_le32(len | PRDT_EOT),
417
418 dev = get_pci_device(qts, &bmdma_bar, &ide_bar);
419
420 buf = g_malloc(len);
421
422 /* Normal request */
423 *((uint64_t *)buf) = trim_range[0];
424 *((uint64_t *)buf + 1) = trim_range[1];
425
426 qtest_memwrite(qts, guest_buf, buf, 2 * sizeof(uint64_t));
427
428 status = send_dma_request(qts, CMD_DSM, 0, 1, prdt,
429 ARRAY_SIZE(prdt), NULL);
430 g_assert_cmphex(status, ==, BM_STS_INTR);
431 assert_bit_clear(qpci_io_readb(dev, ide_bar, reg_status), DF | ERR);
432
433 /* Request contains invalid range */
434 *((uint64_t *)buf) = trim_range[2];
435 *((uint64_t *)buf + 1) = bad_range;
436
437 qtest_memwrite(qts, guest_buf, buf, 2 * sizeof(uint64_t));
438
439 status = send_dma_request(qts, CMD_DSM, 0, 1, prdt,
440 ARRAY_SIZE(prdt), NULL);
441 g_assert_cmphex(status, ==, BM_STS_INTR);
442 assert_bit_set(qpci_io_readb(dev, ide_bar, reg_status), ERR);
443 assert_bit_set(qpci_io_readb(dev, ide_bar, reg_error), ABRT);
444
445 free_pci_device(dev);
446 g_free(buf);
447 test_bmdma_teardown(qts);
448 }
449
450 /*
451 * This test is developed according to the Programming Interface for
452 * Bus Master IDE Controller (Revision 1.0 5/16/94)
453 */
test_bmdma_various_prdts(void)454 static void test_bmdma_various_prdts(void)
455 {
456 int sectors = 0;
457 uint32_t size = 0;
458
459 for (sectors = 1; sectors <= 256; sectors *= 2) {
460 QTestState *qts = NULL;
461 QPCIDevice *dev = NULL;
462 QPCIBar bmdma_bar, ide_bar;
463
464 qts = test_bmdma_setup();
465 dev = get_pci_device(qts, &bmdma_bar, &ide_bar);
466
467 for (size = 0; size < 65536; size += 256) {
468 uint32_t req_size = sectors * 512;
469 uint32_t prd_size = size & 0xfffe; /* bit 0 is always set to 0 */
470 uint8_t ret = 0;
471 uint8_t req_status = 0;
472 uint8_t abort_req_status = 0;
473 PrdtEntry prdt[] = {
474 {
475 .addr = 0,
476 .size = cpu_to_le32(size | PRDT_EOT),
477 },
478 };
479
480 /* A value of zero in PRD size indicates 64K */
481 if (prd_size == 0) {
482 prd_size = 65536;
483 }
484
485 /*
486 * 1. If PRDs specified a smaller size than the IDE transfer
487 * size, then the Interrupt and Active bits in the Controller
488 * status register are not set (Error Condition).
489 *
490 * 2. If the size of the physical memory regions was equal to
491 * the IDE device transfer size, the Interrupt bit in the
492 * Controller status register is set to 1, Active bit is set to 0.
493 *
494 * 3. If PRDs specified a larger size than the IDE transfer size,
495 * the Interrupt and Active bits in the Controller status register
496 * are both set to 1.
497 */
498 if (prd_size < req_size) {
499 req_status = 0;
500 abort_req_status = 0;
501 } else if (prd_size == req_size) {
502 req_status = BM_STS_INTR;
503 abort_req_status = BM_STS_INTR;
504 } else {
505 req_status = BM_STS_ACTIVE | BM_STS_INTR;
506 abort_req_status = BM_STS_INTR;
507 }
508
509 /* Test the request */
510 ret = send_dma_request(qts, CMD_READ_DMA, 0, sectors,
511 prdt, ARRAY_SIZE(prdt), NULL);
512 g_assert_cmphex(ret, ==, req_status);
513 assert_bit_clear(qpci_io_readb(dev, ide_bar, reg_status), DF | ERR);
514
515 /* Now test aborting the same request */
516 ret = send_dma_request(qts, CMD_READ_DMA | CMDF_ABORT, 0,
517 sectors, prdt, ARRAY_SIZE(prdt), NULL);
518 g_assert_cmphex(ret, ==, abort_req_status);
519 assert_bit_clear(qpci_io_readb(dev, ide_bar, reg_status), DF | ERR);
520 }
521
522 free_pci_device(dev);
523 test_bmdma_teardown(qts);
524 }
525 }
526
test_bmdma_no_busmaster(void)527 static void test_bmdma_no_busmaster(void)
528 {
529 QTestState *qts;
530 QPCIDevice *dev;
531 QPCIBar bmdma_bar, ide_bar;
532 uint8_t status;
533
534 qts = test_bmdma_setup();
535
536 dev = get_pci_device(qts, &bmdma_bar, &ide_bar);
537
538 /* No PRDT_EOT, each entry addr 0/size 64k, and in theory qemu shouldn't be
539 * able to access it anyway because the Bus Master bit in the PCI command
540 * register isn't set. This is complete nonsense, but it used to be pretty
541 * good at confusing and occasionally crashing qemu. */
542 PrdtEntry prdt[4096] = { };
543
544 status = send_dma_request(qts, CMD_READ_DMA | CMDF_NO_BM, 0, 512,
545 prdt, ARRAY_SIZE(prdt), NULL);
546
547 /* Not entirely clear what the expected result is, but this is what we get
548 * in practice. At least we want to be aware of any changes. */
549 g_assert_cmphex(status, ==, BM_STS_ACTIVE | BM_STS_INTR);
550 assert_bit_clear(qpci_io_readb(dev, ide_bar, reg_status), DF | ERR);
551 free_pci_device(dev);
552 test_bmdma_teardown(qts);
553 }
554
string_cpu_to_be16(uint16_t * s,size_t bytes)555 static void string_cpu_to_be16(uint16_t *s, size_t bytes)
556 {
557 g_assert((bytes & 1) == 0);
558 bytes /= 2;
559
560 while (bytes--) {
561 *s = cpu_to_be16(*s);
562 s++;
563 }
564 }
565
test_specify(void)566 static void test_specify(void)
567 {
568 QTestState *qts;
569 QPCIDevice *dev;
570 QPCIBar bmdma_bar, ide_bar;
571 uint16_t cyls;
572 uint8_t heads, spt;
573
574 qts = ide_test_start(
575 "-blockdev driver=file,node-name=hda,filename=%s "
576 "-device ide-hd,drive=hda,bus=ide.0,unit=0 ",
577 tmp_path[0]);
578
579 dev = get_pci_device(qts, &bmdma_bar, &ide_bar);
580
581 /* Initialize drive with zero sectors per track and one head. */
582 qpci_io_writeb(dev, ide_bar, reg_nsectors, 0);
583 qpci_io_writeb(dev, ide_bar, reg_device, 0);
584 qpci_io_writeb(dev, ide_bar, reg_command, CMD_INIT_DP);
585
586 /* READ NATIVE MAX ADDRESS (CHS mode). */
587 qpci_io_writeb(dev, ide_bar, reg_device, 0xa0);
588 qpci_io_writeb(dev, ide_bar, reg_command, CMD_READ_NATIVE);
589
590 heads = qpci_io_readb(dev, ide_bar, reg_device) & 0xf;
591 ++heads;
592 g_assert_cmpint(heads, ==, 16);
593
594 cyls = qpci_io_readb(dev, ide_bar, reg_lba_high) << 8;
595 cyls |= qpci_io_readb(dev, ide_bar, reg_lba_middle);
596 ++cyls;
597 g_assert_cmpint(cyls, ==, 130);
598
599 spt = qpci_io_readb(dev, ide_bar, reg_lba_low);
600 g_assert_cmpint(spt, ==, 63);
601
602 ide_test_quit(qts);
603 free_pci_device(dev);
604 }
605
test_identify(void)606 static void test_identify(void)
607 {
608 QTestState *qts;
609 QPCIDevice *dev;
610 QPCIBar bmdma_bar, ide_bar;
611 uint8_t data;
612 uint16_t buf[256];
613 int i;
614 int ret;
615
616 qts = ide_test_start(
617 "-drive file=%s,if=ide,cache=writeback,format=raw "
618 "-global ide-hd.serial=%s -global ide-hd.ver=%s",
619 tmp_path[0], "testdisk", "version");
620
621 dev = get_pci_device(qts, &bmdma_bar, &ide_bar);
622
623 /* IDENTIFY command on device 0*/
624 qpci_io_writeb(dev, ide_bar, reg_device, 0);
625 qpci_io_writeb(dev, ide_bar, reg_command, CMD_IDENTIFY);
626
627 /* Read in the IDENTIFY buffer and check registers */
628 data = qpci_io_readb(dev, ide_bar, reg_device);
629 g_assert_cmpint(data & DEV, ==, 0);
630
631 for (i = 0; i < 256; i++) {
632 data = qpci_io_readb(dev, ide_bar, reg_status);
633 assert_bit_set(data, DRDY | DRQ);
634 assert_bit_clear(data, BSY | DF | ERR);
635
636 buf[i] = qpci_io_readw(dev, ide_bar, reg_data);
637 }
638
639 data = qpci_io_readb(dev, ide_bar, reg_status);
640 assert_bit_set(data, DRDY);
641 assert_bit_clear(data, BSY | DF | ERR | DRQ);
642
643 /* Check serial number/version in the buffer */
644 string_cpu_to_be16(&buf[10], 20);
645 ret = memcmp(&buf[10], "testdisk ", 20);
646 g_assert(ret == 0);
647
648 string_cpu_to_be16(&buf[23], 8);
649 ret = memcmp(&buf[23], "version ", 8);
650 g_assert(ret == 0);
651
652 /* Write cache enabled bit */
653 assert_bit_set(buf[85], 0x20);
654
655 ide_test_quit(qts);
656 free_pci_device(dev);
657 }
658
test_diagnostic(void)659 static void test_diagnostic(void)
660 {
661 QTestState *qts;
662 QPCIDevice *dev;
663 QPCIBar bmdma_bar, ide_bar;
664 uint8_t data;
665
666 qts = ide_test_start(
667 "-blockdev driver=file,node-name=hda,filename=%s "
668 "-blockdev driver=file,node-name=hdb,filename=%s "
669 "-device ide-hd,drive=hda,bus=ide.0,unit=0 "
670 "-device ide-hd,drive=hdb,bus=ide.0,unit=1 ",
671 tmp_path[0], tmp_path[1]);
672
673 dev = get_pci_device(qts, &bmdma_bar, &ide_bar);
674
675 /* DIAGNOSE command on device 1 */
676 qpci_io_writeb(dev, ide_bar, reg_device, DEV);
677 data = qpci_io_readb(dev, ide_bar, reg_device);
678 g_assert_cmphex(data & DEV, ==, DEV);
679 qpci_io_writeb(dev, ide_bar, reg_command, CMD_DIAGNOSE);
680
681 /* Verify that DEVICE is now 0 */
682 data = qpci_io_readb(dev, ide_bar, reg_device);
683 g_assert_cmphex(data & DEV, ==, 0);
684
685 ide_test_quit(qts);
686 free_pci_device(dev);
687 }
688
689 /*
690 * Write sector 1 with random data to make IDE storage dirty
691 * Needed for flush tests so that flushes actually go though the block layer
692 */
make_dirty(QTestState * qts,uint8_t device)693 static void make_dirty(QTestState *qts, uint8_t device)
694 {
695 QPCIDevice *dev;
696 QPCIBar bmdma_bar, ide_bar;
697 uint8_t status;
698 size_t len = 512;
699 uintptr_t guest_buf;
700 void* buf;
701
702 dev = get_pci_device(qts, &bmdma_bar, &ide_bar);
703
704 guest_buf = guest_alloc(&guest_malloc, len);
705 buf = g_malloc(len);
706 memset(buf, rand() % 255 + 1, len);
707 g_assert(guest_buf);
708 g_assert(buf);
709
710 qtest_memwrite(qts, guest_buf, buf, len);
711
712 PrdtEntry prdt[] = {
713 {
714 .addr = cpu_to_le32(guest_buf),
715 .size = cpu_to_le32(len | PRDT_EOT),
716 },
717 };
718
719 status = send_dma_request(qts, CMD_WRITE_DMA, 1, 1, prdt,
720 ARRAY_SIZE(prdt), NULL);
721 g_assert_cmphex(status, ==, BM_STS_INTR);
722 assert_bit_clear(qpci_io_readb(dev, ide_bar, reg_status), DF | ERR);
723
724 g_free(buf);
725 free_pci_device(dev);
726 }
727
test_flush(void)728 static void test_flush(void)
729 {
730 QTestState *qts;
731 QPCIDevice *dev;
732 QPCIBar bmdma_bar, ide_bar;
733 uint8_t data;
734
735 qts = ide_test_start(
736 "-drive file=blkdebug::%s,if=ide,cache=writeback,format=raw",
737 tmp_path[0]);
738
739 dev = get_pci_device(qts, &bmdma_bar, &ide_bar);
740
741 qtest_irq_intercept_in(qts, "ioapic");
742
743 /* Dirty media so that CMD_FLUSH_CACHE will actually go to disk */
744 make_dirty(qts, 0);
745
746 /* Delay the completion of the flush request until we explicitly do it */
747 g_free(qtest_hmp(qts, "qemu-io ide0-hd0 \"break flush_to_os A\""));
748
749 /* FLUSH CACHE command on device 0*/
750 qpci_io_writeb(dev, ide_bar, reg_device, 0);
751 qpci_io_writeb(dev, ide_bar, reg_command, CMD_FLUSH_CACHE);
752
753 /* Check status while request is in flight*/
754 data = qpci_io_readb(dev, ide_bar, reg_status);
755 assert_bit_set(data, BSY | DRDY);
756 assert_bit_clear(data, DF | ERR | DRQ);
757
758 /* Complete the command */
759 g_free(qtest_hmp(qts, "qemu-io ide0-hd0 \"resume A\""));
760
761 /* Check registers */
762 data = qpci_io_readb(dev, ide_bar, reg_device);
763 g_assert_cmpint(data & DEV, ==, 0);
764
765 do {
766 data = qpci_io_readb(dev, ide_bar, reg_status);
767 } while (data & BSY);
768
769 assert_bit_set(data, DRDY);
770 assert_bit_clear(data, BSY | DF | ERR | DRQ);
771
772 ide_test_quit(qts);
773 free_pci_device(dev);
774 }
775
test_pci_retry_flush(void)776 static void test_pci_retry_flush(void)
777 {
778 QTestState *qts;
779 QPCIDevice *dev;
780 QPCIBar bmdma_bar, ide_bar;
781 uint8_t data;
782
783 prepare_blkdebug_script(debug_path, "flush_to_disk");
784
785 qts = ide_test_start(
786 "-drive file=blkdebug:%s:%s,if=ide,cache=writeback,format=raw,"
787 "rerror=stop,werror=stop",
788 debug_path, tmp_path[0]);
789
790 dev = get_pci_device(qts, &bmdma_bar, &ide_bar);
791
792 qtest_irq_intercept_in(qts, "ioapic");
793
794 /* Dirty media so that CMD_FLUSH_CACHE will actually go to disk */
795 make_dirty(qts, 0);
796
797 /* FLUSH CACHE command on device 0*/
798 qpci_io_writeb(dev, ide_bar, reg_device, 0);
799 qpci_io_writeb(dev, ide_bar, reg_command, CMD_FLUSH_CACHE);
800
801 /* Check status while request is in flight*/
802 data = qpci_io_readb(dev, ide_bar, reg_status);
803 assert_bit_set(data, BSY | DRDY);
804 assert_bit_clear(data, DF | ERR | DRQ);
805
806 qtest_qmp_eventwait(qts, "STOP");
807
808 /* Complete the command */
809 qtest_qmp_assert_success(qts, "{'execute':'cont' }");
810
811 /* Check registers */
812 data = qpci_io_readb(dev, ide_bar, reg_device);
813 g_assert_cmpint(data & DEV, ==, 0);
814
815 do {
816 data = qpci_io_readb(dev, ide_bar, reg_status);
817 } while (data & BSY);
818
819 assert_bit_set(data, DRDY);
820 assert_bit_clear(data, BSY | DF | ERR | DRQ);
821
822 ide_test_quit(qts);
823 free_pci_device(dev);
824 }
825
test_flush_nodev(void)826 static void test_flush_nodev(void)
827 {
828 QTestState *qts;
829 QPCIDevice *dev;
830 QPCIBar bmdma_bar, ide_bar;
831
832 qts = ide_test_start("%s", "");
833
834 dev = get_pci_device(qts, &bmdma_bar, &ide_bar);
835
836 /* FLUSH CACHE command on device 0*/
837 qpci_io_writeb(dev, ide_bar, reg_device, 0);
838 qpci_io_writeb(dev, ide_bar, reg_command, CMD_FLUSH_CACHE);
839
840 /* Just testing that qemu doesn't crash... */
841
842 free_pci_device(dev);
843 ide_test_quit(qts);
844 }
845
test_flush_empty_drive(void)846 static void test_flush_empty_drive(void)
847 {
848 QTestState *qts;
849 QPCIDevice *dev;
850 QPCIBar bmdma_bar, ide_bar;
851
852 qts = ide_test_start("-device ide-cd,bus=ide.0");
853 dev = get_pci_device(qts, &bmdma_bar, &ide_bar);
854
855 /* FLUSH CACHE command on device 0 */
856 qpci_io_writeb(dev, ide_bar, reg_device, 0);
857 qpci_io_writeb(dev, ide_bar, reg_command, CMD_FLUSH_CACHE);
858
859 /* Just testing that qemu doesn't crash... */
860
861 free_pci_device(dev);
862 ide_test_quit(qts);
863 }
864
865 typedef struct Read10CDB {
866 uint8_t opcode;
867 uint8_t flags;
868 uint32_t lba;
869 uint8_t reserved;
870 uint16_t nblocks;
871 uint8_t control;
872 uint16_t padding;
873 } __attribute__((__packed__)) Read10CDB;
874
send_scsi_cdb_read10(QPCIDevice * dev,QPCIBar ide_bar,uint64_t lba,int nblocks)875 static void send_scsi_cdb_read10(QPCIDevice *dev, QPCIBar ide_bar,
876 uint64_t lba, int nblocks)
877 {
878 Read10CDB pkt = { .padding = 0 };
879 int i;
880
881 g_assert_cmpint(lba, <=, UINT32_MAX);
882 g_assert_cmpint(nblocks, <=, UINT16_MAX);
883 g_assert_cmpint(nblocks, >=, 0);
884
885 /* Construct SCSI CDB packet */
886 pkt.opcode = 0x28;
887 pkt.lba = cpu_to_be32(lba);
888 pkt.nblocks = cpu_to_be16(nblocks);
889
890 /* Send Packet */
891 for (i = 0; i < sizeof(Read10CDB)/2; i++) {
892 qpci_io_writew(dev, ide_bar, reg_data,
893 le16_to_cpu(((uint16_t *)&pkt)[i]));
894 }
895 }
896
nsleep(QTestState * qts,int64_t nsecs)897 static void nsleep(QTestState *qts, int64_t nsecs)
898 {
899 const struct timespec val = { .tv_nsec = nsecs };
900 nanosleep(&val, NULL);
901 qtest_clock_set(qts, nsecs);
902 }
903
ide_wait_clear(QTestState * qts,uint8_t flag)904 static uint8_t ide_wait_clear(QTestState *qts, uint8_t flag)
905 {
906 QPCIDevice *dev;
907 QPCIBar bmdma_bar, ide_bar;
908 uint8_t data;
909 time_t st;
910
911 dev = get_pci_device(qts, &bmdma_bar, &ide_bar);
912
913 /* Wait with a 5 second timeout */
914 time(&st);
915 while (true) {
916 data = qpci_io_readb(dev, ide_bar, reg_status);
917 if (!(data & flag)) {
918 free_pci_device(dev);
919 return data;
920 }
921 if (difftime(time(NULL), st) > 5.0) {
922 break;
923 }
924 nsleep(qts, 400);
925 }
926 g_assert_not_reached();
927 }
928
ide_wait_intr(QTestState * qts,int irq)929 static void ide_wait_intr(QTestState *qts, int irq)
930 {
931 time_t st;
932 bool intr;
933
934 time(&st);
935 while (true) {
936 intr = qtest_get_irq(qts, irq);
937 if (intr) {
938 return;
939 }
940 if (difftime(time(NULL), st) > 5.0) {
941 break;
942 }
943 nsleep(qts, 400);
944 }
945
946 g_assert_not_reached();
947 }
948
cdrom_pio_impl(int nblocks)949 static void cdrom_pio_impl(int nblocks)
950 {
951 QTestState *qts;
952 QPCIDevice *dev;
953 QPCIBar bmdma_bar, ide_bar;
954 FILE *fh;
955 int patt_blocks = MAX(16, nblocks);
956 size_t patt_len = ATAPI_BLOCK_SIZE * patt_blocks;
957 char *pattern = g_malloc(patt_len);
958 size_t rxsize = ATAPI_BLOCK_SIZE * nblocks;
959 uint16_t *rx = g_malloc0(rxsize);
960 int i, j;
961 uint8_t data;
962 uint16_t limit;
963 size_t ret;
964
965 /* Prepopulate the CDROM with an interesting pattern */
966 generate_pattern(pattern, patt_len, ATAPI_BLOCK_SIZE);
967 fh = fopen(tmp_path[0], "wb+");
968 ret = fwrite(pattern, ATAPI_BLOCK_SIZE, patt_blocks, fh);
969 g_assert_cmpint(ret, ==, patt_blocks);
970 fclose(fh);
971
972 qts = ide_test_start(
973 "-drive if=none,file=%s,media=cdrom,format=raw,id=sr0,index=0 "
974 "-device ide-cd,drive=sr0,bus=ide.0", tmp_path[0]);
975 dev = get_pci_device(qts, &bmdma_bar, &ide_bar);
976 qtest_irq_intercept_in(qts, "ioapic");
977
978 /* PACKET command on device 0 */
979 qpci_io_writeb(dev, ide_bar, reg_device, 0);
980 qpci_io_writeb(dev, ide_bar, reg_lba_middle, BYTE_COUNT_LIMIT & 0xFF);
981 qpci_io_writeb(dev, ide_bar, reg_lba_high, (BYTE_COUNT_LIMIT >> 8 & 0xFF));
982 qpci_io_writeb(dev, ide_bar, reg_command, CMD_PACKET);
983 /* HP0: Check_Status_A State */
984 nsleep(qts, 400);
985 data = ide_wait_clear(qts, BSY);
986 /* HP1: Send_Packet State */
987 assert_bit_set(data, DRQ | DRDY);
988 assert_bit_clear(data, ERR | DF | BSY);
989
990 /* SCSI CDB (READ10) -- read n*2048 bytes from block 0 */
991 send_scsi_cdb_read10(dev, ide_bar, 0, nblocks);
992
993 /* Read data back: occurs in bursts of 'BYTE_COUNT_LIMIT' bytes.
994 * If BYTE_COUNT_LIMIT is odd, we transfer BYTE_COUNT_LIMIT - 1 bytes.
995 * We allow an odd limit only when the remaining transfer size is
996 * less than BYTE_COUNT_LIMIT. However, SCSI's read10 command can only
997 * request n blocks, so our request size is always even.
998 * For this reason, we assume there is never a hanging byte to fetch. */
999 g_assert(!(rxsize & 1));
1000 limit = BYTE_COUNT_LIMIT & ~1;
1001 for (i = 0; i < DIV_ROUND_UP(rxsize, limit); i++) {
1002 size_t offset = i * (limit / 2);
1003 size_t rem = (rxsize / 2) - offset;
1004
1005 /* HP3: INTRQ_Wait */
1006 ide_wait_intr(qts, IDE_PRIMARY_IRQ);
1007
1008 /* HP2: Check_Status_B (and clear IRQ) */
1009 data = ide_wait_clear(qts, BSY);
1010 assert_bit_set(data, DRQ | DRDY);
1011 assert_bit_clear(data, ERR | DF | BSY);
1012
1013 /* HP4: Transfer_Data */
1014 for (j = 0; j < MIN((limit / 2), rem); j++) {
1015 rx[offset + j] = cpu_to_le16(qpci_io_readw(dev, ide_bar,
1016 reg_data));
1017 }
1018 }
1019
1020 /* Check for final completion IRQ */
1021 ide_wait_intr(qts, IDE_PRIMARY_IRQ);
1022
1023 /* Sanity check final state */
1024 data = ide_wait_clear(qts, DRQ);
1025 assert_bit_set(data, DRDY);
1026 assert_bit_clear(data, DRQ | ERR | DF | BSY);
1027
1028 g_assert_cmpint(memcmp(pattern, rx, rxsize), ==, 0);
1029 g_free(pattern);
1030 g_free(rx);
1031 test_bmdma_teardown(qts);
1032 free_pci_device(dev);
1033 }
1034
test_cdrom_pio(void)1035 static void test_cdrom_pio(void)
1036 {
1037 cdrom_pio_impl(1);
1038 }
1039
test_cdrom_pio_large(void)1040 static void test_cdrom_pio_large(void)
1041 {
1042 /* Test a few loops of the PIO DRQ mechanism. */
1043 cdrom_pio_impl(BYTE_COUNT_LIMIT * 4 / ATAPI_BLOCK_SIZE);
1044 }
1045
1046
test_cdrom_dma(void)1047 static void test_cdrom_dma(void)
1048 {
1049 QTestState *qts;
1050 static const size_t len = ATAPI_BLOCK_SIZE;
1051 size_t ret;
1052 char *pattern = g_malloc(ATAPI_BLOCK_SIZE * 16);
1053 char *rx = g_malloc0(len);
1054 uintptr_t guest_buf;
1055 PrdtEntry prdt[1];
1056 FILE *fh;
1057
1058 qts = ide_test_start(
1059 "-drive if=none,file=%s,media=cdrom,format=raw,id=sr0,index=0 "
1060 "-device ide-cd,drive=sr0,bus=ide.0", tmp_path[0]);
1061 qtest_irq_intercept_in(qts, "ioapic");
1062
1063 guest_buf = guest_alloc(&guest_malloc, len);
1064 prdt[0].addr = cpu_to_le32(guest_buf);
1065 prdt[0].size = cpu_to_le32(len | PRDT_EOT);
1066
1067 generate_pattern(pattern, ATAPI_BLOCK_SIZE * 16, ATAPI_BLOCK_SIZE);
1068 fh = fopen(tmp_path[0], "wb+");
1069 ret = fwrite(pattern, ATAPI_BLOCK_SIZE, 16, fh);
1070 g_assert_cmpint(ret, ==, 16);
1071 fclose(fh);
1072
1073 send_dma_request(qts, CMD_PACKET, 0, 1, prdt, 1, send_scsi_cdb_read10);
1074
1075 /* Read back data from guest memory into local qtest memory */
1076 qtest_memread(qts, guest_buf, rx, len);
1077 g_assert_cmpint(memcmp(pattern, rx, len), ==, 0);
1078
1079 g_free(pattern);
1080 g_free(rx);
1081 test_bmdma_teardown(qts);
1082 }
1083
main(int argc,char ** argv)1084 int main(int argc, char **argv)
1085 {
1086 const char *base;
1087 int i;
1088 int fd;
1089 int ret;
1090
1091 /*
1092 * "base" stores the starting point where we create temporary files.
1093 *
1094 * On Windows, this is set to the relative path of current working
1095 * directory, because the absolute path causes the blkdebug filename
1096 * parser fail to parse "blkdebug:path/to/config:path/to/image".
1097 */
1098 #ifndef _WIN32
1099 base = g_get_tmp_dir();
1100 #else
1101 base = ".";
1102 #endif
1103
1104 /* Create temporary blkdebug instructions */
1105 debug_path = g_strdup_printf("%s/qtest-blkdebug.XXXXXX", base);
1106 fd = g_mkstemp(debug_path);
1107 g_assert(fd >= 0);
1108 close(fd);
1109
1110 /* Create a temporary raw image */
1111 for (i = 0; i < 2; ++i) {
1112 tmp_path[i] = g_strdup_printf("%s/qtest.XXXXXX", base);
1113 fd = g_mkstemp(tmp_path[i]);
1114 g_assert(fd >= 0);
1115 ret = ftruncate(fd, TEST_IMAGE_SIZE);
1116 g_assert(ret == 0);
1117 close(fd);
1118 }
1119
1120 /* Run the tests */
1121 g_test_init(&argc, &argv, NULL);
1122
1123 qtest_add_func("/ide/read_native", test_specify);
1124
1125 qtest_add_func("/ide/identify", test_identify);
1126
1127 qtest_add_func("/ide/diagnostic", test_diagnostic);
1128
1129 qtest_add_func("/ide/bmdma/simple_rw", test_bmdma_simple_rw);
1130 qtest_add_func("/ide/bmdma/trim", test_bmdma_trim);
1131 qtest_add_func("/ide/bmdma/various_prdts", test_bmdma_various_prdts);
1132 qtest_add_func("/ide/bmdma/no_busmaster", test_bmdma_no_busmaster);
1133
1134 qtest_add_func("/ide/flush", test_flush);
1135 qtest_add_func("/ide/flush/nodev", test_flush_nodev);
1136 qtest_add_func("/ide/flush/empty_drive", test_flush_empty_drive);
1137 qtest_add_func("/ide/flush/retry_pci", test_pci_retry_flush);
1138
1139 qtest_add_func("/ide/cdrom/pio", test_cdrom_pio);
1140 qtest_add_func("/ide/cdrom/pio_large", test_cdrom_pio_large);
1141 qtest_add_func("/ide/cdrom/dma", test_cdrom_dma);
1142
1143 ret = g_test_run();
1144
1145 /* Cleanup */
1146 for (i = 0; i < 2; ++i) {
1147 unlink(tmp_path[i]);
1148 g_free(tmp_path[i]);
1149 }
1150 unlink(debug_path);
1151 g_free(debug_path);
1152
1153 return ret;
1154 }
1155