ide-test.c (30713B)
1/* 2 * IDE test cases 3 * 4 * Copyright (c) 2013 Kevin Wolf <kwolf@redhat.com> 5 * 6 * Permission is hereby granted, free of charge, to any person obtaining a copy 7 * of this software and associated documentation files (the "Software"), to deal 8 * in the Software without restriction, including without limitation the rights 9 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 10 * copies of the Software, and to permit persons to whom the Software is 11 * furnished to do so, subject to the following conditions: 12 * 13 * The above copyright notice and this permission notice shall be included in 14 * all copies or substantial portions of the Software. 15 * 16 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 17 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 18 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL 19 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 20 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 21 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 22 * THE SOFTWARE. 23 */ 24 25#include "qemu/osdep.h" 26 27 28#include "libqos/libqtest.h" 29#include "libqos/libqos.h" 30#include "libqos/pci-pc.h" 31#include "libqos/malloc-pc.h" 32#include "qapi/qmp/qdict.h" 33#include "qemu-common.h" 34#include "qemu/bswap.h" 35#include "hw/pci/pci_ids.h" 36#include "hw/pci/pci_regs.h" 37 38/* TODO actually test the results and get rid of this */ 39#define qmp_discard_response(q, ...) qobject_unref(qtest_qmp(q, __VA_ARGS__)) 40 41#define TEST_IMAGE_SIZE 64 * 1024 * 1024 42 43#define IDE_PCI_DEV 1 44#define IDE_PCI_FUNC 1 45 46#define IDE_BASE 0x1f0 47#define IDE_PRIMARY_IRQ 14 48 49#define ATAPI_BLOCK_SIZE 2048 50 51/* How many bytes to receive via ATAPI PIO at one time. 52 * Must be less than 0xFFFF. */ 53#define BYTE_COUNT_LIMIT 5120 54 55enum { 56 reg_data = 0x0, 57 reg_feature = 0x1, 58 reg_error = 0x1, 59 reg_nsectors = 0x2, 60 reg_lba_low = 0x3, 61 reg_lba_middle = 0x4, 62 reg_lba_high = 0x5, 63 reg_device = 0x6, 64 reg_status = 0x7, 65 reg_command = 0x7, 66}; 67 68enum { 69 BSY = 0x80, 70 DRDY = 0x40, 71 DF = 0x20, 72 DRQ = 0x08, 73 ERR = 0x01, 74}; 75 76/* Error field */ 77enum { 78 ABRT = 0x04, 79}; 80 81enum { 82 DEV = 0x10, 83 LBA = 0x40, 84}; 85 86enum { 87 bmreg_cmd = 0x0, 88 bmreg_status = 0x2, 89 bmreg_prdt = 0x4, 90}; 91 92enum { 93 CMD_DSM = 0x06, 94 CMD_READ_DMA = 0xc8, 95 CMD_WRITE_DMA = 0xca, 96 CMD_FLUSH_CACHE = 0xe7, 97 CMD_IDENTIFY = 0xec, 98 CMD_PACKET = 0xa0, 99 100 CMDF_ABORT = 0x100, 101 CMDF_NO_BM = 0x200, 102}; 103 104enum { 105 BM_CMD_START = 0x1, 106 BM_CMD_WRITE = 0x8, /* write = from device to memory */ 107}; 108 109enum { 110 BM_STS_ACTIVE = 0x1, 111 BM_STS_ERROR = 0x2, 112 BM_STS_INTR = 0x4, 113}; 114 115enum { 116 PRDT_EOT = 0x80000000, 117}; 118 119#define assert_bit_set(data, mask) g_assert_cmphex((data) & (mask), ==, (mask)) 120#define assert_bit_clear(data, mask) g_assert_cmphex((data) & (mask), ==, 0) 121 122static QPCIBus *pcibus = NULL; 123static QGuestAllocator guest_malloc; 124 125static char tmp_path[] = "/tmp/qtest.XXXXXX"; 126static char debug_path[] = "/tmp/qtest-blkdebug.XXXXXX"; 127 128static QTestState *ide_test_start(const char *cmdline_fmt, ...) 129{ 130 QTestState *qts; 131 va_list ap; 132 133 va_start(ap, cmdline_fmt); 134 qts = qtest_vinitf(cmdline_fmt, ap); 135 va_end(ap); 136 137 pc_alloc_init(&guest_malloc, qts, 0); 138 139 return qts; 140} 141 142static void ide_test_quit(QTestState *qts) 143{ 144 if (pcibus) { 145 qpci_free_pc(pcibus); 146 pcibus = NULL; 147 } 148 alloc_destroy(&guest_malloc); 149 qtest_quit(qts); 150} 151 152static QPCIDevice *get_pci_device(QTestState *qts, QPCIBar *bmdma_bar, 153 QPCIBar *ide_bar) 154{ 155 QPCIDevice *dev; 156 uint16_t vendor_id, device_id; 157 158 if (!pcibus) { 159 pcibus = qpci_new_pc(qts, NULL); 160 } 161 162 /* Find PCI device and verify it's the right one */ 163 dev = qpci_device_find(pcibus, QPCI_DEVFN(IDE_PCI_DEV, IDE_PCI_FUNC)); 164 g_assert(dev != NULL); 165 166 vendor_id = qpci_config_readw(dev, PCI_VENDOR_ID); 167 device_id = qpci_config_readw(dev, PCI_DEVICE_ID); 168 g_assert(vendor_id == PCI_VENDOR_ID_INTEL); 169 g_assert(device_id == PCI_DEVICE_ID_INTEL_82371SB_1); 170 171 /* Map bmdma BAR */ 172 *bmdma_bar = qpci_iomap(dev, 4, NULL); 173 174 *ide_bar = qpci_legacy_iomap(dev, IDE_BASE); 175 176 qpci_device_enable(dev); 177 178 return dev; 179} 180 181static void free_pci_device(QPCIDevice *dev) 182{ 183 /* libqos doesn't have a function for this, so free it manually */ 184 g_free(dev); 185} 186 187typedef struct PrdtEntry { 188 uint32_t addr; 189 uint32_t size; 190} QEMU_PACKED PrdtEntry; 191 192#define assert_bit_set(data, mask) g_assert_cmphex((data) & (mask), ==, (mask)) 193#define assert_bit_clear(data, mask) g_assert_cmphex((data) & (mask), ==, 0) 194 195static uint64_t trim_range_le(uint64_t sector, uint16_t count) 196{ 197 /* 2-byte range, 6-byte LBA */ 198 return cpu_to_le64(((uint64_t)count << 48) + sector); 199} 200 201static int send_dma_request(QTestState *qts, int cmd, uint64_t sector, 202 int nb_sectors, PrdtEntry *prdt, int prdt_entries, 203 void(*post_exec)(QPCIDevice *dev, QPCIBar ide_bar, 204 uint64_t sector, int nb_sectors)) 205{ 206 QPCIDevice *dev; 207 QPCIBar bmdma_bar, ide_bar; 208 uintptr_t guest_prdt; 209 size_t len; 210 bool from_dev; 211 uint8_t status; 212 int flags; 213 214 dev = get_pci_device(qts, &bmdma_bar, &ide_bar); 215 216 flags = cmd & ~0xff; 217 cmd &= 0xff; 218 219 switch (cmd) { 220 case CMD_READ_DMA: 221 case CMD_PACKET: 222 /* Assuming we only test data reads w/ ATAPI, otherwise we need to know 223 * the SCSI command being sent in the packet, too. */ 224 from_dev = true; 225 break; 226 case CMD_DSM: 227 case CMD_WRITE_DMA: 228 from_dev = false; 229 break; 230 default: 231 g_assert_not_reached(); 232 } 233 234 if (flags & CMDF_NO_BM) { 235 qpci_config_writew(dev, PCI_COMMAND, 236 PCI_COMMAND_IO | PCI_COMMAND_MEMORY); 237 } 238 239 /* Select device 0 */ 240 qpci_io_writeb(dev, ide_bar, reg_device, 0 | LBA); 241 242 /* Stop any running transfer, clear any pending interrupt */ 243 qpci_io_writeb(dev, bmdma_bar, bmreg_cmd, 0); 244 qpci_io_writeb(dev, bmdma_bar, bmreg_status, BM_STS_INTR); 245 246 /* Setup PRDT */ 247 len = sizeof(*prdt) * prdt_entries; 248 guest_prdt = guest_alloc(&guest_malloc, len); 249 qtest_memwrite(qts, guest_prdt, prdt, len); 250 qpci_io_writel(dev, bmdma_bar, bmreg_prdt, guest_prdt); 251 252 /* ATA DMA command */ 253 if (cmd == CMD_PACKET) { 254 /* Enables ATAPI DMA; otherwise PIO is attempted */ 255 qpci_io_writeb(dev, ide_bar, reg_feature, 0x01); 256 } else { 257 if (cmd == CMD_DSM) { 258 /* trim bit */ 259 qpci_io_writeb(dev, ide_bar, reg_feature, 0x01); 260 } 261 qpci_io_writeb(dev, ide_bar, reg_nsectors, nb_sectors); 262 qpci_io_writeb(dev, ide_bar, reg_lba_low, sector & 0xff); 263 qpci_io_writeb(dev, ide_bar, reg_lba_middle, (sector >> 8) & 0xff); 264 qpci_io_writeb(dev, ide_bar, reg_lba_high, (sector >> 16) & 0xff); 265 } 266 267 qpci_io_writeb(dev, ide_bar, reg_command, cmd); 268 269 if (post_exec) { 270 post_exec(dev, ide_bar, sector, nb_sectors); 271 } 272 273 /* Start DMA transfer */ 274 qpci_io_writeb(dev, bmdma_bar, bmreg_cmd, 275 BM_CMD_START | (from_dev ? BM_CMD_WRITE : 0)); 276 277 if (flags & CMDF_ABORT) { 278 qpci_io_writeb(dev, bmdma_bar, bmreg_cmd, 0); 279 } 280 281 /* Wait for the DMA transfer to complete */ 282 do { 283 status = qpci_io_readb(dev, bmdma_bar, bmreg_status); 284 } while ((status & (BM_STS_ACTIVE | BM_STS_INTR)) == BM_STS_ACTIVE); 285 286 g_assert_cmpint(qtest_get_irq(qts, IDE_PRIMARY_IRQ), ==, 287 !!(status & BM_STS_INTR)); 288 289 /* Check IDE status code */ 290 assert_bit_set(qpci_io_readb(dev, ide_bar, reg_status), DRDY); 291 assert_bit_clear(qpci_io_readb(dev, ide_bar, reg_status), BSY | DRQ); 292 293 /* Reading the status register clears the IRQ */ 294 g_assert(!qtest_get_irq(qts, IDE_PRIMARY_IRQ)); 295 296 /* Stop DMA transfer if still active */ 297 if (status & BM_STS_ACTIVE) { 298 qpci_io_writeb(dev, bmdma_bar, bmreg_cmd, 0); 299 } 300 301 free_pci_device(dev); 302 303 return status; 304} 305 306static QTestState *test_bmdma_setup(void) 307{ 308 QTestState *qts; 309 310 qts = ide_test_start( 311 "-drive file=%s,if=ide,cache=writeback,format=raw " 312 "-global ide-hd.serial=%s -global ide-hd.ver=%s", 313 tmp_path, "testdisk", "version"); 314 qtest_irq_intercept_in(qts, "ioapic"); 315 316 return qts; 317} 318 319static void test_bmdma_teardown(QTestState *qts) 320{ 321 ide_test_quit(qts); 322} 323 324static void test_bmdma_simple_rw(void) 325{ 326 QTestState *qts; 327 QPCIDevice *dev; 328 QPCIBar bmdma_bar, ide_bar; 329 uint8_t status; 330 uint8_t *buf; 331 uint8_t *cmpbuf; 332 size_t len = 512; 333 uintptr_t guest_buf; 334 PrdtEntry prdt[1]; 335 336 qts = test_bmdma_setup(); 337 338 guest_buf = guest_alloc(&guest_malloc, len); 339 prdt[0].addr = cpu_to_le32(guest_buf); 340 prdt[0].size = cpu_to_le32(len | PRDT_EOT); 341 342 dev = get_pci_device(qts, &bmdma_bar, &ide_bar); 343 344 buf = g_malloc(len); 345 cmpbuf = g_malloc(len); 346 347 /* Write 0x55 pattern to sector 0 */ 348 memset(buf, 0x55, len); 349 qtest_memwrite(qts, guest_buf, buf, len); 350 351 status = send_dma_request(qts, CMD_WRITE_DMA, 0, 1, prdt, 352 ARRAY_SIZE(prdt), NULL); 353 g_assert_cmphex(status, ==, BM_STS_INTR); 354 assert_bit_clear(qpci_io_readb(dev, ide_bar, reg_status), DF | ERR); 355 356 /* Write 0xaa pattern to sector 1 */ 357 memset(buf, 0xaa, len); 358 qtest_memwrite(qts, guest_buf, buf, len); 359 360 status = send_dma_request(qts, CMD_WRITE_DMA, 1, 1, prdt, 361 ARRAY_SIZE(prdt), NULL); 362 g_assert_cmphex(status, ==, BM_STS_INTR); 363 assert_bit_clear(qpci_io_readb(dev, ide_bar, reg_status), DF | ERR); 364 365 /* Read and verify 0x55 pattern in sector 0 */ 366 memset(cmpbuf, 0x55, len); 367 368 status = send_dma_request(qts, CMD_READ_DMA, 0, 1, prdt, ARRAY_SIZE(prdt), 369 NULL); 370 g_assert_cmphex(status, ==, BM_STS_INTR); 371 assert_bit_clear(qpci_io_readb(dev, ide_bar, reg_status), DF | ERR); 372 373 qtest_memread(qts, guest_buf, buf, len); 374 g_assert(memcmp(buf, cmpbuf, len) == 0); 375 376 /* Read and verify 0xaa pattern in sector 1 */ 377 memset(cmpbuf, 0xaa, len); 378 379 status = send_dma_request(qts, CMD_READ_DMA, 1, 1, prdt, ARRAY_SIZE(prdt), 380 NULL); 381 g_assert_cmphex(status, ==, BM_STS_INTR); 382 assert_bit_clear(qpci_io_readb(dev, ide_bar, reg_status), DF | ERR); 383 384 qtest_memread(qts, guest_buf, buf, len); 385 g_assert(memcmp(buf, cmpbuf, len) == 0); 386 387 free_pci_device(dev); 388 g_free(buf); 389 g_free(cmpbuf); 390 391 test_bmdma_teardown(qts); 392} 393 394static void test_bmdma_trim(void) 395{ 396 QTestState *qts; 397 QPCIDevice *dev; 398 QPCIBar bmdma_bar, ide_bar; 399 uint8_t status; 400 const uint64_t trim_range[] = { trim_range_le(0, 2), 401 trim_range_le(6, 8), 402 trim_range_le(10, 1), 403 }; 404 const uint64_t bad_range = trim_range_le(TEST_IMAGE_SIZE / 512 - 1, 2); 405 size_t len = 512; 406 uint8_t *buf; 407 uintptr_t guest_buf; 408 PrdtEntry prdt[1]; 409 410 qts = test_bmdma_setup(); 411 412 guest_buf = guest_alloc(&guest_malloc, len); 413 prdt[0].addr = cpu_to_le32(guest_buf), 414 prdt[0].size = cpu_to_le32(len | PRDT_EOT), 415 416 dev = get_pci_device(qts, &bmdma_bar, &ide_bar); 417 418 buf = g_malloc(len); 419 420 /* Normal request */ 421 *((uint64_t *)buf) = trim_range[0]; 422 *((uint64_t *)buf + 1) = trim_range[1]; 423 424 qtest_memwrite(qts, guest_buf, buf, 2 * sizeof(uint64_t)); 425 426 status = send_dma_request(qts, CMD_DSM, 0, 1, prdt, 427 ARRAY_SIZE(prdt), NULL); 428 g_assert_cmphex(status, ==, BM_STS_INTR); 429 assert_bit_clear(qpci_io_readb(dev, ide_bar, reg_status), DF | ERR); 430 431 /* Request contains invalid range */ 432 *((uint64_t *)buf) = trim_range[2]; 433 *((uint64_t *)buf + 1) = bad_range; 434 435 qtest_memwrite(qts, guest_buf, buf, 2 * sizeof(uint64_t)); 436 437 status = send_dma_request(qts, CMD_DSM, 0, 1, prdt, 438 ARRAY_SIZE(prdt), NULL); 439 g_assert_cmphex(status, ==, BM_STS_INTR); 440 assert_bit_set(qpci_io_readb(dev, ide_bar, reg_status), ERR); 441 assert_bit_set(qpci_io_readb(dev, ide_bar, reg_error), ABRT); 442 443 free_pci_device(dev); 444 g_free(buf); 445 test_bmdma_teardown(qts); 446} 447 448/* 449 * This test is developed according to the Programming Interface for 450 * Bus Master IDE Controller (Revision 1.0 5/16/94) 451 */ 452static void test_bmdma_various_prdts(void) 453{ 454 int sectors = 0; 455 uint32_t size = 0; 456 457 for (sectors = 1; sectors <= 256; sectors *= 2) { 458 QTestState *qts = NULL; 459 QPCIDevice *dev = NULL; 460 QPCIBar bmdma_bar, ide_bar; 461 462 qts = test_bmdma_setup(); 463 dev = get_pci_device(qts, &bmdma_bar, &ide_bar); 464 465 for (size = 0; size < 65536; size += 256) { 466 uint32_t req_size = sectors * 512; 467 uint32_t prd_size = size & 0xfffe; /* bit 0 is always set to 0 */ 468 uint8_t ret = 0; 469 uint8_t req_status = 0; 470 uint8_t abort_req_status = 0; 471 PrdtEntry prdt[] = { 472 { 473 .addr = 0, 474 .size = cpu_to_le32(size | PRDT_EOT), 475 }, 476 }; 477 478 /* A value of zero in PRD size indicates 64K */ 479 if (prd_size == 0) { 480 prd_size = 65536; 481 } 482 483 /* 484 * 1. If PRDs specified a smaller size than the IDE transfer 485 * size, then the Interrupt and Active bits in the Controller 486 * status register are not set (Error Condition). 487 * 488 * 2. If the size of the physical memory regions was equal to 489 * the IDE device transfer size, the Interrupt bit in the 490 * Controller status register is set to 1, Active bit is set to 0. 491 * 492 * 3. If PRDs specified a larger size than the IDE transfer size, 493 * the Interrupt and Active bits in the Controller status register 494 * are both set to 1. 495 */ 496 if (prd_size < req_size) { 497 req_status = 0; 498 abort_req_status = 0; 499 } else if (prd_size == req_size) { 500 req_status = BM_STS_INTR; 501 abort_req_status = BM_STS_INTR; 502 } else { 503 req_status = BM_STS_ACTIVE | BM_STS_INTR; 504 abort_req_status = BM_STS_INTR; 505 } 506 507 /* Test the request */ 508 ret = send_dma_request(qts, CMD_READ_DMA, 0, sectors, 509 prdt, ARRAY_SIZE(prdt), NULL); 510 g_assert_cmphex(ret, ==, req_status); 511 assert_bit_clear(qpci_io_readb(dev, ide_bar, reg_status), DF | ERR); 512 513 /* Now test aborting the same request */ 514 ret = send_dma_request(qts, CMD_READ_DMA | CMDF_ABORT, 0, 515 sectors, prdt, ARRAY_SIZE(prdt), NULL); 516 g_assert_cmphex(ret, ==, abort_req_status); 517 assert_bit_clear(qpci_io_readb(dev, ide_bar, reg_status), DF | ERR); 518 } 519 520 free_pci_device(dev); 521 test_bmdma_teardown(qts); 522 } 523} 524 525static void test_bmdma_no_busmaster(void) 526{ 527 QTestState *qts; 528 QPCIDevice *dev; 529 QPCIBar bmdma_bar, ide_bar; 530 uint8_t status; 531 532 qts = test_bmdma_setup(); 533 534 dev = get_pci_device(qts, &bmdma_bar, &ide_bar); 535 536 /* No PRDT_EOT, each entry addr 0/size 64k, and in theory qemu shouldn't be 537 * able to access it anyway because the Bus Master bit in the PCI command 538 * register isn't set. This is complete nonsense, but it used to be pretty 539 * good at confusing and occasionally crashing qemu. */ 540 PrdtEntry prdt[4096] = { }; 541 542 status = send_dma_request(qts, CMD_READ_DMA | CMDF_NO_BM, 0, 512, 543 prdt, ARRAY_SIZE(prdt), NULL); 544 545 /* Not entirely clear what the expected result is, but this is what we get 546 * in practice. At least we want to be aware of any changes. */ 547 g_assert_cmphex(status, ==, BM_STS_ACTIVE | BM_STS_INTR); 548 assert_bit_clear(qpci_io_readb(dev, ide_bar, reg_status), DF | ERR); 549 free_pci_device(dev); 550 test_bmdma_teardown(qts); 551} 552 553static void string_cpu_to_be16(uint16_t *s, size_t bytes) 554{ 555 g_assert((bytes & 1) == 0); 556 bytes /= 2; 557 558 while (bytes--) { 559 *s = cpu_to_be16(*s); 560 s++; 561 } 562} 563 564static void test_identify(void) 565{ 566 QTestState *qts; 567 QPCIDevice *dev; 568 QPCIBar bmdma_bar, ide_bar; 569 uint8_t data; 570 uint16_t buf[256]; 571 int i; 572 int ret; 573 574 qts = ide_test_start( 575 "-drive file=%s,if=ide,cache=writeback,format=raw " 576 "-global ide-hd.serial=%s -global ide-hd.ver=%s", 577 tmp_path, "testdisk", "version"); 578 579 dev = get_pci_device(qts, &bmdma_bar, &ide_bar); 580 581 /* IDENTIFY command on device 0*/ 582 qpci_io_writeb(dev, ide_bar, reg_device, 0); 583 qpci_io_writeb(dev, ide_bar, reg_command, CMD_IDENTIFY); 584 585 /* Read in the IDENTIFY buffer and check registers */ 586 data = qpci_io_readb(dev, ide_bar, reg_device); 587 g_assert_cmpint(data & DEV, ==, 0); 588 589 for (i = 0; i < 256; i++) { 590 data = qpci_io_readb(dev, ide_bar, reg_status); 591 assert_bit_set(data, DRDY | DRQ); 592 assert_bit_clear(data, BSY | DF | ERR); 593 594 buf[i] = qpci_io_readw(dev, ide_bar, reg_data); 595 } 596 597 data = qpci_io_readb(dev, ide_bar, reg_status); 598 assert_bit_set(data, DRDY); 599 assert_bit_clear(data, BSY | DF | ERR | DRQ); 600 601 /* Check serial number/version in the buffer */ 602 string_cpu_to_be16(&buf[10], 20); 603 ret = memcmp(&buf[10], "testdisk ", 20); 604 g_assert(ret == 0); 605 606 string_cpu_to_be16(&buf[23], 8); 607 ret = memcmp(&buf[23], "version ", 8); 608 g_assert(ret == 0); 609 610 /* Write cache enabled bit */ 611 assert_bit_set(buf[85], 0x20); 612 613 ide_test_quit(qts); 614 free_pci_device(dev); 615} 616 617/* 618 * Write sector 1 with random data to make IDE storage dirty 619 * Needed for flush tests so that flushes actually go though the block layer 620 */ 621static void make_dirty(QTestState *qts, uint8_t device) 622{ 623 QPCIDevice *dev; 624 QPCIBar bmdma_bar, ide_bar; 625 uint8_t status; 626 size_t len = 512; 627 uintptr_t guest_buf; 628 void* buf; 629 630 dev = get_pci_device(qts, &bmdma_bar, &ide_bar); 631 632 guest_buf = guest_alloc(&guest_malloc, len); 633 buf = g_malloc(len); 634 memset(buf, rand() % 255 + 1, len); 635 g_assert(guest_buf); 636 g_assert(buf); 637 638 qtest_memwrite(qts, guest_buf, buf, len); 639 640 PrdtEntry prdt[] = { 641 { 642 .addr = cpu_to_le32(guest_buf), 643 .size = cpu_to_le32(len | PRDT_EOT), 644 }, 645 }; 646 647 status = send_dma_request(qts, CMD_WRITE_DMA, 1, 1, prdt, 648 ARRAY_SIZE(prdt), NULL); 649 g_assert_cmphex(status, ==, BM_STS_INTR); 650 assert_bit_clear(qpci_io_readb(dev, ide_bar, reg_status), DF | ERR); 651 652 g_free(buf); 653 free_pci_device(dev); 654} 655 656static void test_flush(void) 657{ 658 QTestState *qts; 659 QPCIDevice *dev; 660 QPCIBar bmdma_bar, ide_bar; 661 uint8_t data; 662 663 qts = ide_test_start( 664 "-drive file=blkdebug::%s,if=ide,cache=writeback,format=raw", 665 tmp_path); 666 667 dev = get_pci_device(qts, &bmdma_bar, &ide_bar); 668 669 qtest_irq_intercept_in(qts, "ioapic"); 670 671 /* Dirty media so that CMD_FLUSH_CACHE will actually go to disk */ 672 make_dirty(qts, 0); 673 674 /* Delay the completion of the flush request until we explicitly do it */ 675 g_free(qtest_hmp(qts, "qemu-io ide0-hd0 \"break flush_to_os A\"")); 676 677 /* FLUSH CACHE command on device 0*/ 678 qpci_io_writeb(dev, ide_bar, reg_device, 0); 679 qpci_io_writeb(dev, ide_bar, reg_command, CMD_FLUSH_CACHE); 680 681 /* Check status while request is in flight*/ 682 data = qpci_io_readb(dev, ide_bar, reg_status); 683 assert_bit_set(data, BSY | DRDY); 684 assert_bit_clear(data, DF | ERR | DRQ); 685 686 /* Complete the command */ 687 g_free(qtest_hmp(qts, "qemu-io ide0-hd0 \"resume A\"")); 688 689 /* Check registers */ 690 data = qpci_io_readb(dev, ide_bar, reg_device); 691 g_assert_cmpint(data & DEV, ==, 0); 692 693 do { 694 data = qpci_io_readb(dev, ide_bar, reg_status); 695 } while (data & BSY); 696 697 assert_bit_set(data, DRDY); 698 assert_bit_clear(data, BSY | DF | ERR | DRQ); 699 700 ide_test_quit(qts); 701 free_pci_device(dev); 702} 703 704static void test_retry_flush(const char *machine) 705{ 706 QTestState *qts; 707 QPCIDevice *dev; 708 QPCIBar bmdma_bar, ide_bar; 709 uint8_t data; 710 711 prepare_blkdebug_script(debug_path, "flush_to_disk"); 712 713 qts = ide_test_start( 714 "-drive file=blkdebug:%s:%s,if=ide,cache=writeback,format=raw," 715 "rerror=stop,werror=stop", 716 debug_path, tmp_path); 717 718 dev = get_pci_device(qts, &bmdma_bar, &ide_bar); 719 720 qtest_irq_intercept_in(qts, "ioapic"); 721 722 /* Dirty media so that CMD_FLUSH_CACHE will actually go to disk */ 723 make_dirty(qts, 0); 724 725 /* FLUSH CACHE command on device 0*/ 726 qpci_io_writeb(dev, ide_bar, reg_device, 0); 727 qpci_io_writeb(dev, ide_bar, reg_command, CMD_FLUSH_CACHE); 728 729 /* Check status while request is in flight*/ 730 data = qpci_io_readb(dev, ide_bar, reg_status); 731 assert_bit_set(data, BSY | DRDY); 732 assert_bit_clear(data, DF | ERR | DRQ); 733 734 qtest_qmp_eventwait(qts, "STOP"); 735 736 /* Complete the command */ 737 qmp_discard_response(qts, "{'execute':'cont' }"); 738 739 /* Check registers */ 740 data = qpci_io_readb(dev, ide_bar, reg_device); 741 g_assert_cmpint(data & DEV, ==, 0); 742 743 do { 744 data = qpci_io_readb(dev, ide_bar, reg_status); 745 } while (data & BSY); 746 747 assert_bit_set(data, DRDY); 748 assert_bit_clear(data, BSY | DF | ERR | DRQ); 749 750 ide_test_quit(qts); 751 free_pci_device(dev); 752} 753 754static void test_flush_nodev(void) 755{ 756 QTestState *qts; 757 QPCIDevice *dev; 758 QPCIBar bmdma_bar, ide_bar; 759 760 qts = ide_test_start(""); 761 762 dev = get_pci_device(qts, &bmdma_bar, &ide_bar); 763 764 /* FLUSH CACHE command on device 0*/ 765 qpci_io_writeb(dev, ide_bar, reg_device, 0); 766 qpci_io_writeb(dev, ide_bar, reg_command, CMD_FLUSH_CACHE); 767 768 /* Just testing that qemu doesn't crash... */ 769 770 free_pci_device(dev); 771 ide_test_quit(qts); 772} 773 774static void test_flush_empty_drive(void) 775{ 776 QTestState *qts; 777 QPCIDevice *dev; 778 QPCIBar bmdma_bar, ide_bar; 779 780 qts = ide_test_start("-device ide-cd,bus=ide.0"); 781 dev = get_pci_device(qts, &bmdma_bar, &ide_bar); 782 783 /* FLUSH CACHE command on device 0 */ 784 qpci_io_writeb(dev, ide_bar, reg_device, 0); 785 qpci_io_writeb(dev, ide_bar, reg_command, CMD_FLUSH_CACHE); 786 787 /* Just testing that qemu doesn't crash... */ 788 789 free_pci_device(dev); 790 ide_test_quit(qts); 791} 792 793static void test_pci_retry_flush(void) 794{ 795 test_retry_flush("pc"); 796} 797 798static void test_isa_retry_flush(void) 799{ 800 test_retry_flush("isapc"); 801} 802 803typedef struct Read10CDB { 804 uint8_t opcode; 805 uint8_t flags; 806 uint32_t lba; 807 uint8_t reserved; 808 uint16_t nblocks; 809 uint8_t control; 810 uint16_t padding; 811} __attribute__((__packed__)) Read10CDB; 812 813static void send_scsi_cdb_read10(QPCIDevice *dev, QPCIBar ide_bar, 814 uint64_t lba, int nblocks) 815{ 816 Read10CDB pkt = { .padding = 0 }; 817 int i; 818 819 g_assert_cmpint(lba, <=, UINT32_MAX); 820 g_assert_cmpint(nblocks, <=, UINT16_MAX); 821 g_assert_cmpint(nblocks, >=, 0); 822 823 /* Construct SCSI CDB packet */ 824 pkt.opcode = 0x28; 825 pkt.lba = cpu_to_be32(lba); 826 pkt.nblocks = cpu_to_be16(nblocks); 827 828 /* Send Packet */ 829 for (i = 0; i < sizeof(Read10CDB)/2; i++) { 830 qpci_io_writew(dev, ide_bar, reg_data, 831 le16_to_cpu(((uint16_t *)&pkt)[i])); 832 } 833} 834 835static void nsleep(QTestState *qts, int64_t nsecs) 836{ 837 const struct timespec val = { .tv_nsec = nsecs }; 838 nanosleep(&val, NULL); 839 qtest_clock_set(qts, nsecs); 840} 841 842static uint8_t ide_wait_clear(QTestState *qts, uint8_t flag) 843{ 844 QPCIDevice *dev; 845 QPCIBar bmdma_bar, ide_bar; 846 uint8_t data; 847 time_t st; 848 849 dev = get_pci_device(qts, &bmdma_bar, &ide_bar); 850 851 /* Wait with a 5 second timeout */ 852 time(&st); 853 while (true) { 854 data = qpci_io_readb(dev, ide_bar, reg_status); 855 if (!(data & flag)) { 856 free_pci_device(dev); 857 return data; 858 } 859 if (difftime(time(NULL), st) > 5.0) { 860 break; 861 } 862 nsleep(qts, 400); 863 } 864 g_assert_not_reached(); 865} 866 867static void ide_wait_intr(QTestState *qts, int irq) 868{ 869 time_t st; 870 bool intr; 871 872 time(&st); 873 while (true) { 874 intr = qtest_get_irq(qts, irq); 875 if (intr) { 876 return; 877 } 878 if (difftime(time(NULL), st) > 5.0) { 879 break; 880 } 881 nsleep(qts, 400); 882 } 883 884 g_assert_not_reached(); 885} 886 887static void cdrom_pio_impl(int nblocks) 888{ 889 QTestState *qts; 890 QPCIDevice *dev; 891 QPCIBar bmdma_bar, ide_bar; 892 FILE *fh; 893 int patt_blocks = MAX(16, nblocks); 894 size_t patt_len = ATAPI_BLOCK_SIZE * patt_blocks; 895 char *pattern = g_malloc(patt_len); 896 size_t rxsize = ATAPI_BLOCK_SIZE * nblocks; 897 uint16_t *rx = g_malloc0(rxsize); 898 int i, j; 899 uint8_t data; 900 uint16_t limit; 901 size_t ret; 902 903 /* Prepopulate the CDROM with an interesting pattern */ 904 generate_pattern(pattern, patt_len, ATAPI_BLOCK_SIZE); 905 fh = fopen(tmp_path, "w+"); 906 ret = fwrite(pattern, ATAPI_BLOCK_SIZE, patt_blocks, fh); 907 g_assert_cmpint(ret, ==, patt_blocks); 908 fclose(fh); 909 910 qts = ide_test_start( 911 "-drive if=none,file=%s,media=cdrom,format=raw,id=sr0,index=0 " 912 "-device ide-cd,drive=sr0,bus=ide.0", tmp_path); 913 dev = get_pci_device(qts, &bmdma_bar, &ide_bar); 914 qtest_irq_intercept_in(qts, "ioapic"); 915 916 /* PACKET command on device 0 */ 917 qpci_io_writeb(dev, ide_bar, reg_device, 0); 918 qpci_io_writeb(dev, ide_bar, reg_lba_middle, BYTE_COUNT_LIMIT & 0xFF); 919 qpci_io_writeb(dev, ide_bar, reg_lba_high, (BYTE_COUNT_LIMIT >> 8 & 0xFF)); 920 qpci_io_writeb(dev, ide_bar, reg_command, CMD_PACKET); 921 /* HP0: Check_Status_A State */ 922 nsleep(qts, 400); 923 data = ide_wait_clear(qts, BSY); 924 /* HP1: Send_Packet State */ 925 assert_bit_set(data, DRQ | DRDY); 926 assert_bit_clear(data, ERR | DF | BSY); 927 928 /* SCSI CDB (READ10) -- read n*2048 bytes from block 0 */ 929 send_scsi_cdb_read10(dev, ide_bar, 0, nblocks); 930 931 /* Read data back: occurs in bursts of 'BYTE_COUNT_LIMIT' bytes. 932 * If BYTE_COUNT_LIMIT is odd, we transfer BYTE_COUNT_LIMIT - 1 bytes. 933 * We allow an odd limit only when the remaining transfer size is 934 * less than BYTE_COUNT_LIMIT. However, SCSI's read10 command can only 935 * request n blocks, so our request size is always even. 936 * For this reason, we assume there is never a hanging byte to fetch. */ 937 g_assert(!(rxsize & 1)); 938 limit = BYTE_COUNT_LIMIT & ~1; 939 for (i = 0; i < DIV_ROUND_UP(rxsize, limit); i++) { 940 size_t offset = i * (limit / 2); 941 size_t rem = (rxsize / 2) - offset; 942 943 /* HP3: INTRQ_Wait */ 944 ide_wait_intr(qts, IDE_PRIMARY_IRQ); 945 946 /* HP2: Check_Status_B (and clear IRQ) */ 947 data = ide_wait_clear(qts, BSY); 948 assert_bit_set(data, DRQ | DRDY); 949 assert_bit_clear(data, ERR | DF | BSY); 950 951 /* HP4: Transfer_Data */ 952 for (j = 0; j < MIN((limit / 2), rem); j++) { 953 rx[offset + j] = cpu_to_le16(qpci_io_readw(dev, ide_bar, 954 reg_data)); 955 } 956 } 957 958 /* Check for final completion IRQ */ 959 ide_wait_intr(qts, IDE_PRIMARY_IRQ); 960 961 /* Sanity check final state */ 962 data = ide_wait_clear(qts, DRQ); 963 assert_bit_set(data, DRDY); 964 assert_bit_clear(data, DRQ | ERR | DF | BSY); 965 966 g_assert_cmpint(memcmp(pattern, rx, rxsize), ==, 0); 967 g_free(pattern); 968 g_free(rx); 969 test_bmdma_teardown(qts); 970 free_pci_device(dev); 971} 972 973static void test_cdrom_pio(void) 974{ 975 cdrom_pio_impl(1); 976} 977 978static void test_cdrom_pio_large(void) 979{ 980 /* Test a few loops of the PIO DRQ mechanism. */ 981 cdrom_pio_impl(BYTE_COUNT_LIMIT * 4 / ATAPI_BLOCK_SIZE); 982} 983 984 985static void test_cdrom_dma(void) 986{ 987 QTestState *qts; 988 static const size_t len = ATAPI_BLOCK_SIZE; 989 size_t ret; 990 char *pattern = g_malloc(ATAPI_BLOCK_SIZE * 16); 991 char *rx = g_malloc0(len); 992 uintptr_t guest_buf; 993 PrdtEntry prdt[1]; 994 FILE *fh; 995 996 qts = ide_test_start( 997 "-drive if=none,file=%s,media=cdrom,format=raw,id=sr0,index=0 " 998 "-device ide-cd,drive=sr0,bus=ide.0", tmp_path); 999 qtest_irq_intercept_in(qts, "ioapic"); 1000 1001 guest_buf = guest_alloc(&guest_malloc, len); 1002 prdt[0].addr = cpu_to_le32(guest_buf); 1003 prdt[0].size = cpu_to_le32(len | PRDT_EOT); 1004 1005 generate_pattern(pattern, ATAPI_BLOCK_SIZE * 16, ATAPI_BLOCK_SIZE); 1006 fh = fopen(tmp_path, "w+"); 1007 ret = fwrite(pattern, ATAPI_BLOCK_SIZE, 16, fh); 1008 g_assert_cmpint(ret, ==, 16); 1009 fclose(fh); 1010 1011 send_dma_request(qts, CMD_PACKET, 0, 1, prdt, 1, send_scsi_cdb_read10); 1012 1013 /* Read back data from guest memory into local qtest memory */ 1014 qtest_memread(qts, guest_buf, rx, len); 1015 g_assert_cmpint(memcmp(pattern, rx, len), ==, 0); 1016 1017 g_free(pattern); 1018 g_free(rx); 1019 test_bmdma_teardown(qts); 1020} 1021 1022int main(int argc, char **argv) 1023{ 1024 int fd; 1025 int ret; 1026 1027 /* Create temporary blkdebug instructions */ 1028 fd = mkstemp(debug_path); 1029 g_assert(fd >= 0); 1030 close(fd); 1031 1032 /* Create a temporary raw image */ 1033 fd = mkstemp(tmp_path); 1034 g_assert(fd >= 0); 1035 ret = ftruncate(fd, TEST_IMAGE_SIZE); 1036 g_assert(ret == 0); 1037 close(fd); 1038 1039 /* Run the tests */ 1040 g_test_init(&argc, &argv, NULL); 1041 1042 qtest_add_func("/ide/identify", test_identify); 1043 1044 qtest_add_func("/ide/bmdma/simple_rw", test_bmdma_simple_rw); 1045 qtest_add_func("/ide/bmdma/trim", test_bmdma_trim); 1046 qtest_add_func("/ide/bmdma/various_prdts", test_bmdma_various_prdts); 1047 qtest_add_func("/ide/bmdma/no_busmaster", test_bmdma_no_busmaster); 1048 1049 qtest_add_func("/ide/flush", test_flush); 1050 qtest_add_func("/ide/flush/nodev", test_flush_nodev); 1051 qtest_add_func("/ide/flush/empty_drive", test_flush_empty_drive); 1052 qtest_add_func("/ide/flush/retry_pci", test_pci_retry_flush); 1053 qtest_add_func("/ide/flush/retry_isa", test_isa_retry_flush); 1054 1055 qtest_add_func("/ide/cdrom/pio", test_cdrom_pio); 1056 qtest_add_func("/ide/cdrom/pio_large", test_cdrom_pio_large); 1057 qtest_add_func("/ide/cdrom/dma", test_cdrom_dma); 1058 1059 ret = g_test_run(); 1060 1061 /* Cleanup */ 1062 unlink(tmp_path); 1063 unlink(debug_path); 1064 1065 return ret; 1066}