1 /* 2 * IDE test cases 3 * 4 * Copyright (c) 2013 Kevin Wolf <kwolf@redhat.com> 5 * 6 * Permission is hereby granted, free of charge, to any person obtaining a copy 7 * of this software and associated documentation files (the "Software"), to deal 8 * in the Software without restriction, including without limitation the rights 9 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 10 * copies of the Software, and to permit persons to whom the Software is 11 * furnished to do so, subject to the following conditions: 12 * 13 * The above copyright notice and this permission notice shall be included in 14 * all copies or substantial portions of the Software. 15 * 16 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 17 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 18 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL 19 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 20 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 21 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 22 * THE SOFTWARE. 23 */ 24 25 #include "qemu/osdep.h" 26 27 28 #include "libqtest.h" 29 #include "libqos/libqos.h" 30 #include "libqos/pci-pc.h" 31 #include "libqos/malloc-pc.h" 32 #include "qapi/qmp/qdict.h" 33 #include "qemu/bswap.h" 34 #include "hw/pci/pci_ids.h" 35 #include "hw/pci/pci_regs.h" 36 37 /* TODO actually test the results and get rid of this */ 38 #define qmp_discard_response(q, ...) qobject_unref(qtest_qmp(q, __VA_ARGS__)) 39 40 #define TEST_IMAGE_SIZE 64 * 1024 * 1024 41 42 #define IDE_PCI_DEV 1 43 #define IDE_PCI_FUNC 1 44 45 #define IDE_BASE 0x1f0 46 #define IDE_PRIMARY_IRQ 14 47 48 #define ATAPI_BLOCK_SIZE 2048 49 50 /* How many bytes to receive via ATAPI PIO at one time. 51 * Must be less than 0xFFFF. */ 52 #define BYTE_COUNT_LIMIT 5120 53 54 enum { 55 reg_data = 0x0, 56 reg_feature = 0x1, 57 reg_error = 0x1, 58 reg_nsectors = 0x2, 59 reg_lba_low = 0x3, 60 reg_lba_middle = 0x4, 61 reg_lba_high = 0x5, 62 reg_device = 0x6, 63 reg_status = 0x7, 64 reg_command = 0x7, 65 }; 66 67 enum { 68 BSY = 0x80, 69 DRDY = 0x40, 70 DF = 0x20, 71 DRQ = 0x08, 72 ERR = 0x01, 73 }; 74 75 /* Error field */ 76 enum { 77 ABRT = 0x04, 78 }; 79 80 enum { 81 DEV = 0x10, 82 LBA = 0x40, 83 }; 84 85 enum { 86 bmreg_cmd = 0x0, 87 bmreg_status = 0x2, 88 bmreg_prdt = 0x4, 89 }; 90 91 enum { 92 CMD_DSM = 0x06, 93 CMD_DIAGNOSE = 0x90, 94 CMD_READ_DMA = 0xc8, 95 CMD_WRITE_DMA = 0xca, 96 CMD_FLUSH_CACHE = 0xe7, 97 CMD_IDENTIFY = 0xec, 98 CMD_PACKET = 0xa0, 99 100 CMDF_ABORT = 0x100, 101 CMDF_NO_BM = 0x200, 102 }; 103 104 enum { 105 BM_CMD_START = 0x1, 106 BM_CMD_WRITE = 0x8, /* write = from device to memory */ 107 }; 108 109 enum { 110 BM_STS_ACTIVE = 0x1, 111 BM_STS_ERROR = 0x2, 112 BM_STS_INTR = 0x4, 113 }; 114 115 enum { 116 PRDT_EOT = 0x80000000, 117 }; 118 119 #define assert_bit_set(data, mask) g_assert_cmphex((data) & (mask), ==, (mask)) 120 #define assert_bit_clear(data, mask) g_assert_cmphex((data) & (mask), ==, 0) 121 122 static QPCIBus *pcibus = NULL; 123 static QGuestAllocator guest_malloc; 124 125 static char *tmp_path[2]; 126 static char *debug_path; 127 128 static QTestState *ide_test_start(const char *cmdline_fmt, ...) 129 { 130 QTestState *qts; 131 g_autofree char *full_fmt = g_strdup_printf("-machine pc %s", cmdline_fmt); 132 va_list ap; 133 134 va_start(ap, cmdline_fmt); 135 qts = qtest_vinitf(full_fmt, ap); 136 va_end(ap); 137 138 pc_alloc_init(&guest_malloc, qts, 0); 139 140 return qts; 141 } 142 143 static void ide_test_quit(QTestState *qts) 144 { 145 if (pcibus) { 146 qpci_free_pc(pcibus); 147 pcibus = NULL; 148 } 149 alloc_destroy(&guest_malloc); 150 qtest_quit(qts); 151 } 152 153 static QPCIDevice *get_pci_device(QTestState *qts, QPCIBar *bmdma_bar, 154 QPCIBar *ide_bar) 155 { 156 QPCIDevice *dev; 157 uint16_t vendor_id, device_id; 158 159 if (!pcibus) { 160 pcibus = qpci_new_pc(qts, NULL); 161 } 162 163 /* Find PCI device and verify it's the right one */ 164 dev = qpci_device_find(pcibus, QPCI_DEVFN(IDE_PCI_DEV, IDE_PCI_FUNC)); 165 g_assert(dev != NULL); 166 167 vendor_id = qpci_config_readw(dev, PCI_VENDOR_ID); 168 device_id = qpci_config_readw(dev, PCI_DEVICE_ID); 169 g_assert(vendor_id == PCI_VENDOR_ID_INTEL); 170 g_assert(device_id == PCI_DEVICE_ID_INTEL_82371SB_1); 171 172 /* Map bmdma BAR */ 173 *bmdma_bar = qpci_iomap(dev, 4, NULL); 174 175 *ide_bar = qpci_legacy_iomap(dev, IDE_BASE); 176 177 qpci_device_enable(dev); 178 179 return dev; 180 } 181 182 static void free_pci_device(QPCIDevice *dev) 183 { 184 /* libqos doesn't have a function for this, so free it manually */ 185 g_free(dev); 186 } 187 188 typedef struct PrdtEntry { 189 uint32_t addr; 190 uint32_t size; 191 } QEMU_PACKED PrdtEntry; 192 193 #define assert_bit_set(data, mask) g_assert_cmphex((data) & (mask), ==, (mask)) 194 #define assert_bit_clear(data, mask) g_assert_cmphex((data) & (mask), ==, 0) 195 196 static uint64_t trim_range_le(uint64_t sector, uint16_t count) 197 { 198 /* 2-byte range, 6-byte LBA */ 199 return cpu_to_le64(((uint64_t)count << 48) + sector); 200 } 201 202 static int send_dma_request(QTestState *qts, int cmd, uint64_t sector, 203 int nb_sectors, PrdtEntry *prdt, int prdt_entries, 204 void(*post_exec)(QPCIDevice *dev, QPCIBar ide_bar, 205 uint64_t sector, int nb_sectors)) 206 { 207 QPCIDevice *dev; 208 QPCIBar bmdma_bar, ide_bar; 209 uintptr_t guest_prdt; 210 size_t len; 211 bool from_dev; 212 uint8_t status; 213 int flags; 214 215 dev = get_pci_device(qts, &bmdma_bar, &ide_bar); 216 217 flags = cmd & ~0xff; 218 cmd &= 0xff; 219 220 switch (cmd) { 221 case CMD_READ_DMA: 222 case CMD_PACKET: 223 /* Assuming we only test data reads w/ ATAPI, otherwise we need to know 224 * the SCSI command being sent in the packet, too. */ 225 from_dev = true; 226 break; 227 case CMD_DSM: 228 case CMD_WRITE_DMA: 229 from_dev = false; 230 break; 231 default: 232 g_assert_not_reached(); 233 } 234 235 if (flags & CMDF_NO_BM) { 236 qpci_config_writew(dev, PCI_COMMAND, 237 PCI_COMMAND_IO | PCI_COMMAND_MEMORY); 238 } 239 240 /* Select device 0 */ 241 qpci_io_writeb(dev, ide_bar, reg_device, 0 | LBA); 242 243 /* Stop any running transfer, clear any pending interrupt */ 244 qpci_io_writeb(dev, bmdma_bar, bmreg_cmd, 0); 245 qpci_io_writeb(dev, bmdma_bar, bmreg_status, BM_STS_INTR); 246 247 /* Setup PRDT */ 248 len = sizeof(*prdt) * prdt_entries; 249 guest_prdt = guest_alloc(&guest_malloc, len); 250 qtest_memwrite(qts, guest_prdt, prdt, len); 251 qpci_io_writel(dev, bmdma_bar, bmreg_prdt, guest_prdt); 252 253 /* ATA DMA command */ 254 if (cmd == CMD_PACKET) { 255 /* Enables ATAPI DMA; otherwise PIO is attempted */ 256 qpci_io_writeb(dev, ide_bar, reg_feature, 0x01); 257 } else { 258 if (cmd == CMD_DSM) { 259 /* trim bit */ 260 qpci_io_writeb(dev, ide_bar, reg_feature, 0x01); 261 } 262 qpci_io_writeb(dev, ide_bar, reg_nsectors, nb_sectors); 263 qpci_io_writeb(dev, ide_bar, reg_lba_low, sector & 0xff); 264 qpci_io_writeb(dev, ide_bar, reg_lba_middle, (sector >> 8) & 0xff); 265 qpci_io_writeb(dev, ide_bar, reg_lba_high, (sector >> 16) & 0xff); 266 } 267 268 qpci_io_writeb(dev, ide_bar, reg_command, cmd); 269 270 if (post_exec) { 271 post_exec(dev, ide_bar, sector, nb_sectors); 272 } 273 274 /* Start DMA transfer */ 275 qpci_io_writeb(dev, bmdma_bar, bmreg_cmd, 276 BM_CMD_START | (from_dev ? BM_CMD_WRITE : 0)); 277 278 if (flags & CMDF_ABORT) { 279 qpci_io_writeb(dev, bmdma_bar, bmreg_cmd, 0); 280 } 281 282 /* Wait for the DMA transfer to complete */ 283 do { 284 status = qpci_io_readb(dev, bmdma_bar, bmreg_status); 285 } while ((status & (BM_STS_ACTIVE | BM_STS_INTR)) == BM_STS_ACTIVE); 286 287 g_assert_cmpint(qtest_get_irq(qts, IDE_PRIMARY_IRQ), ==, 288 !!(status & BM_STS_INTR)); 289 290 /* Check IDE status code */ 291 assert_bit_set(qpci_io_readb(dev, ide_bar, reg_status), DRDY); 292 assert_bit_clear(qpci_io_readb(dev, ide_bar, reg_status), BSY | DRQ); 293 294 /* Reading the status register clears the IRQ */ 295 g_assert(!qtest_get_irq(qts, IDE_PRIMARY_IRQ)); 296 297 /* Stop DMA transfer if still active */ 298 if (status & BM_STS_ACTIVE) { 299 qpci_io_writeb(dev, bmdma_bar, bmreg_cmd, 0); 300 } 301 302 free_pci_device(dev); 303 304 return status; 305 } 306 307 static QTestState *test_bmdma_setup(void) 308 { 309 QTestState *qts; 310 311 qts = ide_test_start( 312 "-drive file=%s,if=ide,cache=writeback,format=raw " 313 "-global ide-hd.serial=%s -global ide-hd.ver=%s", 314 tmp_path[0], "testdisk", "version"); 315 qtest_irq_intercept_in(qts, "ioapic"); 316 317 return qts; 318 } 319 320 static void test_bmdma_teardown(QTestState *qts) 321 { 322 ide_test_quit(qts); 323 } 324 325 static void test_bmdma_simple_rw(void) 326 { 327 QTestState *qts; 328 QPCIDevice *dev; 329 QPCIBar bmdma_bar, ide_bar; 330 uint8_t status; 331 uint8_t *buf; 332 uint8_t *cmpbuf; 333 size_t len = 512; 334 uintptr_t guest_buf; 335 PrdtEntry prdt[1]; 336 337 qts = test_bmdma_setup(); 338 339 guest_buf = guest_alloc(&guest_malloc, len); 340 prdt[0].addr = cpu_to_le32(guest_buf); 341 prdt[0].size = cpu_to_le32(len | PRDT_EOT); 342 343 dev = get_pci_device(qts, &bmdma_bar, &ide_bar); 344 345 buf = g_malloc(len); 346 cmpbuf = g_malloc(len); 347 348 /* Write 0x55 pattern to sector 0 */ 349 memset(buf, 0x55, len); 350 qtest_memwrite(qts, guest_buf, buf, len); 351 352 status = send_dma_request(qts, CMD_WRITE_DMA, 0, 1, prdt, 353 ARRAY_SIZE(prdt), NULL); 354 g_assert_cmphex(status, ==, BM_STS_INTR); 355 assert_bit_clear(qpci_io_readb(dev, ide_bar, reg_status), DF | ERR); 356 357 /* Write 0xaa pattern to sector 1 */ 358 memset(buf, 0xaa, len); 359 qtest_memwrite(qts, guest_buf, buf, len); 360 361 status = send_dma_request(qts, CMD_WRITE_DMA, 1, 1, prdt, 362 ARRAY_SIZE(prdt), NULL); 363 g_assert_cmphex(status, ==, BM_STS_INTR); 364 assert_bit_clear(qpci_io_readb(dev, ide_bar, reg_status), DF | ERR); 365 366 /* Read and verify 0x55 pattern in sector 0 */ 367 memset(cmpbuf, 0x55, len); 368 369 status = send_dma_request(qts, CMD_READ_DMA, 0, 1, prdt, ARRAY_SIZE(prdt), 370 NULL); 371 g_assert_cmphex(status, ==, BM_STS_INTR); 372 assert_bit_clear(qpci_io_readb(dev, ide_bar, reg_status), DF | ERR); 373 374 qtest_memread(qts, guest_buf, buf, len); 375 g_assert(memcmp(buf, cmpbuf, len) == 0); 376 377 /* Read and verify 0xaa pattern in sector 1 */ 378 memset(cmpbuf, 0xaa, len); 379 380 status = send_dma_request(qts, CMD_READ_DMA, 1, 1, prdt, ARRAY_SIZE(prdt), 381 NULL); 382 g_assert_cmphex(status, ==, BM_STS_INTR); 383 assert_bit_clear(qpci_io_readb(dev, ide_bar, reg_status), DF | ERR); 384 385 qtest_memread(qts, guest_buf, buf, len); 386 g_assert(memcmp(buf, cmpbuf, len) == 0); 387 388 free_pci_device(dev); 389 g_free(buf); 390 g_free(cmpbuf); 391 392 test_bmdma_teardown(qts); 393 } 394 395 static void test_bmdma_trim(void) 396 { 397 QTestState *qts; 398 QPCIDevice *dev; 399 QPCIBar bmdma_bar, ide_bar; 400 uint8_t status; 401 const uint64_t trim_range[] = { trim_range_le(0, 2), 402 trim_range_le(6, 8), 403 trim_range_le(10, 1), 404 }; 405 const uint64_t bad_range = trim_range_le(TEST_IMAGE_SIZE / 512 - 1, 2); 406 size_t len = 512; 407 uint8_t *buf; 408 uintptr_t guest_buf; 409 PrdtEntry prdt[1]; 410 411 qts = test_bmdma_setup(); 412 413 guest_buf = guest_alloc(&guest_malloc, len); 414 prdt[0].addr = cpu_to_le32(guest_buf), 415 prdt[0].size = cpu_to_le32(len | PRDT_EOT), 416 417 dev = get_pci_device(qts, &bmdma_bar, &ide_bar); 418 419 buf = g_malloc(len); 420 421 /* Normal request */ 422 *((uint64_t *)buf) = trim_range[0]; 423 *((uint64_t *)buf + 1) = trim_range[1]; 424 425 qtest_memwrite(qts, guest_buf, buf, 2 * sizeof(uint64_t)); 426 427 status = send_dma_request(qts, CMD_DSM, 0, 1, prdt, 428 ARRAY_SIZE(prdt), NULL); 429 g_assert_cmphex(status, ==, BM_STS_INTR); 430 assert_bit_clear(qpci_io_readb(dev, ide_bar, reg_status), DF | ERR); 431 432 /* Request contains invalid range */ 433 *((uint64_t *)buf) = trim_range[2]; 434 *((uint64_t *)buf + 1) = bad_range; 435 436 qtest_memwrite(qts, guest_buf, buf, 2 * sizeof(uint64_t)); 437 438 status = send_dma_request(qts, CMD_DSM, 0, 1, prdt, 439 ARRAY_SIZE(prdt), NULL); 440 g_assert_cmphex(status, ==, BM_STS_INTR); 441 assert_bit_set(qpci_io_readb(dev, ide_bar, reg_status), ERR); 442 assert_bit_set(qpci_io_readb(dev, ide_bar, reg_error), ABRT); 443 444 free_pci_device(dev); 445 g_free(buf); 446 test_bmdma_teardown(qts); 447 } 448 449 /* 450 * This test is developed according to the Programming Interface for 451 * Bus Master IDE Controller (Revision 1.0 5/16/94) 452 */ 453 static void test_bmdma_various_prdts(void) 454 { 455 int sectors = 0; 456 uint32_t size = 0; 457 458 for (sectors = 1; sectors <= 256; sectors *= 2) { 459 QTestState *qts = NULL; 460 QPCIDevice *dev = NULL; 461 QPCIBar bmdma_bar, ide_bar; 462 463 qts = test_bmdma_setup(); 464 dev = get_pci_device(qts, &bmdma_bar, &ide_bar); 465 466 for (size = 0; size < 65536; size += 256) { 467 uint32_t req_size = sectors * 512; 468 uint32_t prd_size = size & 0xfffe; /* bit 0 is always set to 0 */ 469 uint8_t ret = 0; 470 uint8_t req_status = 0; 471 uint8_t abort_req_status = 0; 472 PrdtEntry prdt[] = { 473 { 474 .addr = 0, 475 .size = cpu_to_le32(size | PRDT_EOT), 476 }, 477 }; 478 479 /* A value of zero in PRD size indicates 64K */ 480 if (prd_size == 0) { 481 prd_size = 65536; 482 } 483 484 /* 485 * 1. If PRDs specified a smaller size than the IDE transfer 486 * size, then the Interrupt and Active bits in the Controller 487 * status register are not set (Error Condition). 488 * 489 * 2. If the size of the physical memory regions was equal to 490 * the IDE device transfer size, the Interrupt bit in the 491 * Controller status register is set to 1, Active bit is set to 0. 492 * 493 * 3. If PRDs specified a larger size than the IDE transfer size, 494 * the Interrupt and Active bits in the Controller status register 495 * are both set to 1. 496 */ 497 if (prd_size < req_size) { 498 req_status = 0; 499 abort_req_status = 0; 500 } else if (prd_size == req_size) { 501 req_status = BM_STS_INTR; 502 abort_req_status = BM_STS_INTR; 503 } else { 504 req_status = BM_STS_ACTIVE | BM_STS_INTR; 505 abort_req_status = BM_STS_INTR; 506 } 507 508 /* Test the request */ 509 ret = send_dma_request(qts, CMD_READ_DMA, 0, sectors, 510 prdt, ARRAY_SIZE(prdt), NULL); 511 g_assert_cmphex(ret, ==, req_status); 512 assert_bit_clear(qpci_io_readb(dev, ide_bar, reg_status), DF | ERR); 513 514 /* Now test aborting the same request */ 515 ret = send_dma_request(qts, CMD_READ_DMA | CMDF_ABORT, 0, 516 sectors, prdt, ARRAY_SIZE(prdt), NULL); 517 g_assert_cmphex(ret, ==, abort_req_status); 518 assert_bit_clear(qpci_io_readb(dev, ide_bar, reg_status), DF | ERR); 519 } 520 521 free_pci_device(dev); 522 test_bmdma_teardown(qts); 523 } 524 } 525 526 static void test_bmdma_no_busmaster(void) 527 { 528 QTestState *qts; 529 QPCIDevice *dev; 530 QPCIBar bmdma_bar, ide_bar; 531 uint8_t status; 532 533 qts = test_bmdma_setup(); 534 535 dev = get_pci_device(qts, &bmdma_bar, &ide_bar); 536 537 /* No PRDT_EOT, each entry addr 0/size 64k, and in theory qemu shouldn't be 538 * able to access it anyway because the Bus Master bit in the PCI command 539 * register isn't set. This is complete nonsense, but it used to be pretty 540 * good at confusing and occasionally crashing qemu. */ 541 PrdtEntry prdt[4096] = { }; 542 543 status = send_dma_request(qts, CMD_READ_DMA | CMDF_NO_BM, 0, 512, 544 prdt, ARRAY_SIZE(prdt), NULL); 545 546 /* Not entirely clear what the expected result is, but this is what we get 547 * in practice. At least we want to be aware of any changes. */ 548 g_assert_cmphex(status, ==, BM_STS_ACTIVE | BM_STS_INTR); 549 assert_bit_clear(qpci_io_readb(dev, ide_bar, reg_status), DF | ERR); 550 free_pci_device(dev); 551 test_bmdma_teardown(qts); 552 } 553 554 static void string_cpu_to_be16(uint16_t *s, size_t bytes) 555 { 556 g_assert((bytes & 1) == 0); 557 bytes /= 2; 558 559 while (bytes--) { 560 *s = cpu_to_be16(*s); 561 s++; 562 } 563 } 564 565 static void test_identify(void) 566 { 567 QTestState *qts; 568 QPCIDevice *dev; 569 QPCIBar bmdma_bar, ide_bar; 570 uint8_t data; 571 uint16_t buf[256]; 572 int i; 573 int ret; 574 575 qts = ide_test_start( 576 "-drive file=%s,if=ide,cache=writeback,format=raw " 577 "-global ide-hd.serial=%s -global ide-hd.ver=%s", 578 tmp_path[0], "testdisk", "version"); 579 580 dev = get_pci_device(qts, &bmdma_bar, &ide_bar); 581 582 /* IDENTIFY command on device 0*/ 583 qpci_io_writeb(dev, ide_bar, reg_device, 0); 584 qpci_io_writeb(dev, ide_bar, reg_command, CMD_IDENTIFY); 585 586 /* Read in the IDENTIFY buffer and check registers */ 587 data = qpci_io_readb(dev, ide_bar, reg_device); 588 g_assert_cmpint(data & DEV, ==, 0); 589 590 for (i = 0; i < 256; i++) { 591 data = qpci_io_readb(dev, ide_bar, reg_status); 592 assert_bit_set(data, DRDY | DRQ); 593 assert_bit_clear(data, BSY | DF | ERR); 594 595 buf[i] = qpci_io_readw(dev, ide_bar, reg_data); 596 } 597 598 data = qpci_io_readb(dev, ide_bar, reg_status); 599 assert_bit_set(data, DRDY); 600 assert_bit_clear(data, BSY | DF | ERR | DRQ); 601 602 /* Check serial number/version in the buffer */ 603 string_cpu_to_be16(&buf[10], 20); 604 ret = memcmp(&buf[10], "testdisk ", 20); 605 g_assert(ret == 0); 606 607 string_cpu_to_be16(&buf[23], 8); 608 ret = memcmp(&buf[23], "version ", 8); 609 g_assert(ret == 0); 610 611 /* Write cache enabled bit */ 612 assert_bit_set(buf[85], 0x20); 613 614 ide_test_quit(qts); 615 free_pci_device(dev); 616 } 617 618 static void test_diagnostic(void) 619 { 620 QTestState *qts; 621 QPCIDevice *dev; 622 QPCIBar bmdma_bar, ide_bar; 623 uint8_t data; 624 625 qts = ide_test_start( 626 "-blockdev driver=file,node-name=hda,filename=%s " 627 "-blockdev driver=file,node-name=hdb,filename=%s " 628 "-device ide-hd,drive=hda,bus=ide.0,unit=0 " 629 "-device ide-hd,drive=hdb,bus=ide.0,unit=1 ", 630 tmp_path[0], tmp_path[1]); 631 632 dev = get_pci_device(qts, &bmdma_bar, &ide_bar); 633 634 /* DIAGNOSE command on device 1 */ 635 qpci_io_writeb(dev, ide_bar, reg_device, DEV); 636 data = qpci_io_readb(dev, ide_bar, reg_device); 637 g_assert_cmphex(data & DEV, ==, DEV); 638 qpci_io_writeb(dev, ide_bar, reg_command, CMD_DIAGNOSE); 639 640 /* Verify that DEVICE is now 0 */ 641 data = qpci_io_readb(dev, ide_bar, reg_device); 642 g_assert_cmphex(data & DEV, ==, 0); 643 644 ide_test_quit(qts); 645 free_pci_device(dev); 646 } 647 648 /* 649 * Write sector 1 with random data to make IDE storage dirty 650 * Needed for flush tests so that flushes actually go though the block layer 651 */ 652 static void make_dirty(QTestState *qts, uint8_t device) 653 { 654 QPCIDevice *dev; 655 QPCIBar bmdma_bar, ide_bar; 656 uint8_t status; 657 size_t len = 512; 658 uintptr_t guest_buf; 659 void* buf; 660 661 dev = get_pci_device(qts, &bmdma_bar, &ide_bar); 662 663 guest_buf = guest_alloc(&guest_malloc, len); 664 buf = g_malloc(len); 665 memset(buf, rand() % 255 + 1, len); 666 g_assert(guest_buf); 667 g_assert(buf); 668 669 qtest_memwrite(qts, guest_buf, buf, len); 670 671 PrdtEntry prdt[] = { 672 { 673 .addr = cpu_to_le32(guest_buf), 674 .size = cpu_to_le32(len | PRDT_EOT), 675 }, 676 }; 677 678 status = send_dma_request(qts, CMD_WRITE_DMA, 1, 1, prdt, 679 ARRAY_SIZE(prdt), NULL); 680 g_assert_cmphex(status, ==, BM_STS_INTR); 681 assert_bit_clear(qpci_io_readb(dev, ide_bar, reg_status), DF | ERR); 682 683 g_free(buf); 684 free_pci_device(dev); 685 } 686 687 static void test_flush(void) 688 { 689 QTestState *qts; 690 QPCIDevice *dev; 691 QPCIBar bmdma_bar, ide_bar; 692 uint8_t data; 693 694 qts = ide_test_start( 695 "-drive file=blkdebug::%s,if=ide,cache=writeback,format=raw", 696 tmp_path[0]); 697 698 dev = get_pci_device(qts, &bmdma_bar, &ide_bar); 699 700 qtest_irq_intercept_in(qts, "ioapic"); 701 702 /* Dirty media so that CMD_FLUSH_CACHE will actually go to disk */ 703 make_dirty(qts, 0); 704 705 /* Delay the completion of the flush request until we explicitly do it */ 706 g_free(qtest_hmp(qts, "qemu-io ide0-hd0 \"break flush_to_os A\"")); 707 708 /* FLUSH CACHE command on device 0*/ 709 qpci_io_writeb(dev, ide_bar, reg_device, 0); 710 qpci_io_writeb(dev, ide_bar, reg_command, CMD_FLUSH_CACHE); 711 712 /* Check status while request is in flight*/ 713 data = qpci_io_readb(dev, ide_bar, reg_status); 714 assert_bit_set(data, BSY | DRDY); 715 assert_bit_clear(data, DF | ERR | DRQ); 716 717 /* Complete the command */ 718 g_free(qtest_hmp(qts, "qemu-io ide0-hd0 \"resume A\"")); 719 720 /* Check registers */ 721 data = qpci_io_readb(dev, ide_bar, reg_device); 722 g_assert_cmpint(data & DEV, ==, 0); 723 724 do { 725 data = qpci_io_readb(dev, ide_bar, reg_status); 726 } while (data & BSY); 727 728 assert_bit_set(data, DRDY); 729 assert_bit_clear(data, BSY | DF | ERR | DRQ); 730 731 ide_test_quit(qts); 732 free_pci_device(dev); 733 } 734 735 static void test_pci_retry_flush(void) 736 { 737 QTestState *qts; 738 QPCIDevice *dev; 739 QPCIBar bmdma_bar, ide_bar; 740 uint8_t data; 741 742 prepare_blkdebug_script(debug_path, "flush_to_disk"); 743 744 qts = ide_test_start( 745 "-drive file=blkdebug:%s:%s,if=ide,cache=writeback,format=raw," 746 "rerror=stop,werror=stop", 747 debug_path, tmp_path[0]); 748 749 dev = get_pci_device(qts, &bmdma_bar, &ide_bar); 750 751 qtest_irq_intercept_in(qts, "ioapic"); 752 753 /* Dirty media so that CMD_FLUSH_CACHE will actually go to disk */ 754 make_dirty(qts, 0); 755 756 /* FLUSH CACHE command on device 0*/ 757 qpci_io_writeb(dev, ide_bar, reg_device, 0); 758 qpci_io_writeb(dev, ide_bar, reg_command, CMD_FLUSH_CACHE); 759 760 /* Check status while request is in flight*/ 761 data = qpci_io_readb(dev, ide_bar, reg_status); 762 assert_bit_set(data, BSY | DRDY); 763 assert_bit_clear(data, DF | ERR | DRQ); 764 765 qtest_qmp_eventwait(qts, "STOP"); 766 767 /* Complete the command */ 768 qmp_discard_response(qts, "{'execute':'cont' }"); 769 770 /* Check registers */ 771 data = qpci_io_readb(dev, ide_bar, reg_device); 772 g_assert_cmpint(data & DEV, ==, 0); 773 774 do { 775 data = qpci_io_readb(dev, ide_bar, reg_status); 776 } while (data & BSY); 777 778 assert_bit_set(data, DRDY); 779 assert_bit_clear(data, BSY | DF | ERR | DRQ); 780 781 ide_test_quit(qts); 782 free_pci_device(dev); 783 } 784 785 static void test_flush_nodev(void) 786 { 787 QTestState *qts; 788 QPCIDevice *dev; 789 QPCIBar bmdma_bar, ide_bar; 790 791 qts = ide_test_start(""); 792 793 dev = get_pci_device(qts, &bmdma_bar, &ide_bar); 794 795 /* FLUSH CACHE command on device 0*/ 796 qpci_io_writeb(dev, ide_bar, reg_device, 0); 797 qpci_io_writeb(dev, ide_bar, reg_command, CMD_FLUSH_CACHE); 798 799 /* Just testing that qemu doesn't crash... */ 800 801 free_pci_device(dev); 802 ide_test_quit(qts); 803 } 804 805 static void test_flush_empty_drive(void) 806 { 807 QTestState *qts; 808 QPCIDevice *dev; 809 QPCIBar bmdma_bar, ide_bar; 810 811 qts = ide_test_start("-device ide-cd,bus=ide.0"); 812 dev = get_pci_device(qts, &bmdma_bar, &ide_bar); 813 814 /* FLUSH CACHE command on device 0 */ 815 qpci_io_writeb(dev, ide_bar, reg_device, 0); 816 qpci_io_writeb(dev, ide_bar, reg_command, CMD_FLUSH_CACHE); 817 818 /* Just testing that qemu doesn't crash... */ 819 820 free_pci_device(dev); 821 ide_test_quit(qts); 822 } 823 824 typedef struct Read10CDB { 825 uint8_t opcode; 826 uint8_t flags; 827 uint32_t lba; 828 uint8_t reserved; 829 uint16_t nblocks; 830 uint8_t control; 831 uint16_t padding; 832 } __attribute__((__packed__)) Read10CDB; 833 834 static void send_scsi_cdb_read10(QPCIDevice *dev, QPCIBar ide_bar, 835 uint64_t lba, int nblocks) 836 { 837 Read10CDB pkt = { .padding = 0 }; 838 int i; 839 840 g_assert_cmpint(lba, <=, UINT32_MAX); 841 g_assert_cmpint(nblocks, <=, UINT16_MAX); 842 g_assert_cmpint(nblocks, >=, 0); 843 844 /* Construct SCSI CDB packet */ 845 pkt.opcode = 0x28; 846 pkt.lba = cpu_to_be32(lba); 847 pkt.nblocks = cpu_to_be16(nblocks); 848 849 /* Send Packet */ 850 for (i = 0; i < sizeof(Read10CDB)/2; i++) { 851 qpci_io_writew(dev, ide_bar, reg_data, 852 le16_to_cpu(((uint16_t *)&pkt)[i])); 853 } 854 } 855 856 static void nsleep(QTestState *qts, int64_t nsecs) 857 { 858 const struct timespec val = { .tv_nsec = nsecs }; 859 nanosleep(&val, NULL); 860 qtest_clock_set(qts, nsecs); 861 } 862 863 static uint8_t ide_wait_clear(QTestState *qts, uint8_t flag) 864 { 865 QPCIDevice *dev; 866 QPCIBar bmdma_bar, ide_bar; 867 uint8_t data; 868 time_t st; 869 870 dev = get_pci_device(qts, &bmdma_bar, &ide_bar); 871 872 /* Wait with a 5 second timeout */ 873 time(&st); 874 while (true) { 875 data = qpci_io_readb(dev, ide_bar, reg_status); 876 if (!(data & flag)) { 877 free_pci_device(dev); 878 return data; 879 } 880 if (difftime(time(NULL), st) > 5.0) { 881 break; 882 } 883 nsleep(qts, 400); 884 } 885 g_assert_not_reached(); 886 } 887 888 static void ide_wait_intr(QTestState *qts, int irq) 889 { 890 time_t st; 891 bool intr; 892 893 time(&st); 894 while (true) { 895 intr = qtest_get_irq(qts, irq); 896 if (intr) { 897 return; 898 } 899 if (difftime(time(NULL), st) > 5.0) { 900 break; 901 } 902 nsleep(qts, 400); 903 } 904 905 g_assert_not_reached(); 906 } 907 908 static void cdrom_pio_impl(int nblocks) 909 { 910 QTestState *qts; 911 QPCIDevice *dev; 912 QPCIBar bmdma_bar, ide_bar; 913 FILE *fh; 914 int patt_blocks = MAX(16, nblocks); 915 size_t patt_len = ATAPI_BLOCK_SIZE * patt_blocks; 916 char *pattern = g_malloc(patt_len); 917 size_t rxsize = ATAPI_BLOCK_SIZE * nblocks; 918 uint16_t *rx = g_malloc0(rxsize); 919 int i, j; 920 uint8_t data; 921 uint16_t limit; 922 size_t ret; 923 924 /* Prepopulate the CDROM with an interesting pattern */ 925 generate_pattern(pattern, patt_len, ATAPI_BLOCK_SIZE); 926 fh = fopen(tmp_path[0], "wb+"); 927 ret = fwrite(pattern, ATAPI_BLOCK_SIZE, patt_blocks, fh); 928 g_assert_cmpint(ret, ==, patt_blocks); 929 fclose(fh); 930 931 qts = ide_test_start( 932 "-drive if=none,file=%s,media=cdrom,format=raw,id=sr0,index=0 " 933 "-device ide-cd,drive=sr0,bus=ide.0", tmp_path[0]); 934 dev = get_pci_device(qts, &bmdma_bar, &ide_bar); 935 qtest_irq_intercept_in(qts, "ioapic"); 936 937 /* PACKET command on device 0 */ 938 qpci_io_writeb(dev, ide_bar, reg_device, 0); 939 qpci_io_writeb(dev, ide_bar, reg_lba_middle, BYTE_COUNT_LIMIT & 0xFF); 940 qpci_io_writeb(dev, ide_bar, reg_lba_high, (BYTE_COUNT_LIMIT >> 8 & 0xFF)); 941 qpci_io_writeb(dev, ide_bar, reg_command, CMD_PACKET); 942 /* HP0: Check_Status_A State */ 943 nsleep(qts, 400); 944 data = ide_wait_clear(qts, BSY); 945 /* HP1: Send_Packet State */ 946 assert_bit_set(data, DRQ | DRDY); 947 assert_bit_clear(data, ERR | DF | BSY); 948 949 /* SCSI CDB (READ10) -- read n*2048 bytes from block 0 */ 950 send_scsi_cdb_read10(dev, ide_bar, 0, nblocks); 951 952 /* Read data back: occurs in bursts of 'BYTE_COUNT_LIMIT' bytes. 953 * If BYTE_COUNT_LIMIT is odd, we transfer BYTE_COUNT_LIMIT - 1 bytes. 954 * We allow an odd limit only when the remaining transfer size is 955 * less than BYTE_COUNT_LIMIT. However, SCSI's read10 command can only 956 * request n blocks, so our request size is always even. 957 * For this reason, we assume there is never a hanging byte to fetch. */ 958 g_assert(!(rxsize & 1)); 959 limit = BYTE_COUNT_LIMIT & ~1; 960 for (i = 0; i < DIV_ROUND_UP(rxsize, limit); i++) { 961 size_t offset = i * (limit / 2); 962 size_t rem = (rxsize / 2) - offset; 963 964 /* HP3: INTRQ_Wait */ 965 ide_wait_intr(qts, IDE_PRIMARY_IRQ); 966 967 /* HP2: Check_Status_B (and clear IRQ) */ 968 data = ide_wait_clear(qts, BSY); 969 assert_bit_set(data, DRQ | DRDY); 970 assert_bit_clear(data, ERR | DF | BSY); 971 972 /* HP4: Transfer_Data */ 973 for (j = 0; j < MIN((limit / 2), rem); j++) { 974 rx[offset + j] = cpu_to_le16(qpci_io_readw(dev, ide_bar, 975 reg_data)); 976 } 977 } 978 979 /* Check for final completion IRQ */ 980 ide_wait_intr(qts, IDE_PRIMARY_IRQ); 981 982 /* Sanity check final state */ 983 data = ide_wait_clear(qts, DRQ); 984 assert_bit_set(data, DRDY); 985 assert_bit_clear(data, DRQ | ERR | DF | BSY); 986 987 g_assert_cmpint(memcmp(pattern, rx, rxsize), ==, 0); 988 g_free(pattern); 989 g_free(rx); 990 test_bmdma_teardown(qts); 991 free_pci_device(dev); 992 } 993 994 static void test_cdrom_pio(void) 995 { 996 cdrom_pio_impl(1); 997 } 998 999 static void test_cdrom_pio_large(void) 1000 { 1001 /* Test a few loops of the PIO DRQ mechanism. */ 1002 cdrom_pio_impl(BYTE_COUNT_LIMIT * 4 / ATAPI_BLOCK_SIZE); 1003 } 1004 1005 1006 static void test_cdrom_dma(void) 1007 { 1008 QTestState *qts; 1009 static const size_t len = ATAPI_BLOCK_SIZE; 1010 size_t ret; 1011 char *pattern = g_malloc(ATAPI_BLOCK_SIZE * 16); 1012 char *rx = g_malloc0(len); 1013 uintptr_t guest_buf; 1014 PrdtEntry prdt[1]; 1015 FILE *fh; 1016 1017 qts = ide_test_start( 1018 "-drive if=none,file=%s,media=cdrom,format=raw,id=sr0,index=0 " 1019 "-device ide-cd,drive=sr0,bus=ide.0", tmp_path[0]); 1020 qtest_irq_intercept_in(qts, "ioapic"); 1021 1022 guest_buf = guest_alloc(&guest_malloc, len); 1023 prdt[0].addr = cpu_to_le32(guest_buf); 1024 prdt[0].size = cpu_to_le32(len | PRDT_EOT); 1025 1026 generate_pattern(pattern, ATAPI_BLOCK_SIZE * 16, ATAPI_BLOCK_SIZE); 1027 fh = fopen(tmp_path[0], "wb+"); 1028 ret = fwrite(pattern, ATAPI_BLOCK_SIZE, 16, fh); 1029 g_assert_cmpint(ret, ==, 16); 1030 fclose(fh); 1031 1032 send_dma_request(qts, CMD_PACKET, 0, 1, prdt, 1, send_scsi_cdb_read10); 1033 1034 /* Read back data from guest memory into local qtest memory */ 1035 qtest_memread(qts, guest_buf, rx, len); 1036 g_assert_cmpint(memcmp(pattern, rx, len), ==, 0); 1037 1038 g_free(pattern); 1039 g_free(rx); 1040 test_bmdma_teardown(qts); 1041 } 1042 1043 int main(int argc, char **argv) 1044 { 1045 const char *base; 1046 int i; 1047 int fd; 1048 int ret; 1049 1050 /* 1051 * "base" stores the starting point where we create temporary files. 1052 * 1053 * On Windows, this is set to the relative path of current working 1054 * directory, because the absolute path causes the blkdebug filename 1055 * parser fail to parse "blkdebug:path/to/config:path/to/image". 1056 */ 1057 #ifndef _WIN32 1058 base = g_get_tmp_dir(); 1059 #else 1060 base = "."; 1061 #endif 1062 1063 /* Create temporary blkdebug instructions */ 1064 debug_path = g_strdup_printf("%s/qtest-blkdebug.XXXXXX", base); 1065 fd = g_mkstemp(debug_path); 1066 g_assert(fd >= 0); 1067 close(fd); 1068 1069 /* Create a temporary raw image */ 1070 for (i = 0; i < 2; ++i) { 1071 tmp_path[i] = g_strdup_printf("%s/qtest.XXXXXX", base); 1072 fd = g_mkstemp(tmp_path[i]); 1073 g_assert(fd >= 0); 1074 ret = ftruncate(fd, TEST_IMAGE_SIZE); 1075 g_assert(ret == 0); 1076 close(fd); 1077 } 1078 1079 /* Run the tests */ 1080 g_test_init(&argc, &argv, NULL); 1081 1082 qtest_add_func("/ide/identify", test_identify); 1083 1084 qtest_add_func("/ide/diagnostic", test_diagnostic); 1085 1086 qtest_add_func("/ide/bmdma/simple_rw", test_bmdma_simple_rw); 1087 qtest_add_func("/ide/bmdma/trim", test_bmdma_trim); 1088 qtest_add_func("/ide/bmdma/various_prdts", test_bmdma_various_prdts); 1089 qtest_add_func("/ide/bmdma/no_busmaster", test_bmdma_no_busmaster); 1090 1091 qtest_add_func("/ide/flush", test_flush); 1092 qtest_add_func("/ide/flush/nodev", test_flush_nodev); 1093 qtest_add_func("/ide/flush/empty_drive", test_flush_empty_drive); 1094 qtest_add_func("/ide/flush/retry_pci", test_pci_retry_flush); 1095 1096 qtest_add_func("/ide/cdrom/pio", test_cdrom_pio); 1097 qtest_add_func("/ide/cdrom/pio_large", test_cdrom_pio_large); 1098 qtest_add_func("/ide/cdrom/dma", test_cdrom_dma); 1099 1100 ret = g_test_run(); 1101 1102 /* Cleanup */ 1103 for (i = 0; i < 2; ++i) { 1104 unlink(tmp_path[i]); 1105 g_free(tmp_path[i]); 1106 } 1107 unlink(debug_path); 1108 g_free(debug_path); 1109 1110 return ret; 1111 } 1112