#include <glib.h>
#include "libqtest.h"
+#include "libqos/libqos.h"
+#include "libqos/pci-pc.h"
+#include "libqos/malloc-pc.h"
#include "qemu-common.h"
+#include "hw/pci/pci_ids.h"
+#include "hw/pci/pci_regs.h"
#define TEST_IMAGE_SIZE 64 * 1024 * 1024
};
enum {
+ DEV = 0x10,
+ LBA = 0x40,
+};
+
+enum {
+ bmreg_cmd = 0x0,
+ bmreg_status = 0x2,
+ bmreg_prdt = 0x4,
+};
+
+enum {
+ CMD_READ_DMA = 0xc8,
+ CMD_WRITE_DMA = 0xca,
+ CMD_FLUSH_CACHE = 0xe7,
CMD_IDENTIFY = 0xec,
+
+ CMDF_ABORT = 0x100,
+ CMDF_NO_BM = 0x200,
+};
+
+enum {
+ BM_CMD_START = 0x1,
+ BM_CMD_WRITE = 0x8, /* write = from device to memory */
+};
+
+enum {
+ BM_STS_ACTIVE = 0x1,
+ BM_STS_ERROR = 0x2,
+ BM_STS_INTR = 0x4,
+};
+
+enum {
+ PRDT_EOT = 0x80000000,
};
#define assert_bit_set(data, mask) g_assert_cmphex((data) & (mask), ==, (mask))
#define assert_bit_clear(data, mask) g_assert_cmphex((data) & (mask), ==, 0)
+static QPCIBus *pcibus = NULL;
+static QGuestAllocator *guest_malloc;
+
static char tmp_path[] = "/tmp/qtest.XXXXXX";
+static char debug_path[] = "/tmp/qtest-blkdebug.XXXXXX";
static void ide_test_start(const char *cmdline_fmt, ...)
{
va_end(ap);
qtest_start(cmdline);
- qtest_irq_intercept_in(global_qtest, "ioapic");
+ guest_malloc = pc_alloc_init();
+
+ g_free(cmdline);
}
static void ide_test_quit(void)
{
- qtest_quit(global_qtest);
+ pc_alloc_uninit(guest_malloc);
+ guest_malloc = NULL;
+ qtest_end();
+}
+
+static QPCIDevice *get_pci_device(uint16_t *bmdma_base)
+{
+ QPCIDevice *dev;
+ uint16_t vendor_id, device_id;
+
+ if (!pcibus) {
+ pcibus = qpci_init_pc();
+ }
+
+ /* Find PCI device and verify it's the right one */
+ dev = qpci_device_find(pcibus, QPCI_DEVFN(IDE_PCI_DEV, IDE_PCI_FUNC));
+ g_assert(dev != NULL);
+
+ vendor_id = qpci_config_readw(dev, PCI_VENDOR_ID);
+ device_id = qpci_config_readw(dev, PCI_DEVICE_ID);
+ g_assert(vendor_id == PCI_VENDOR_ID_INTEL);
+ g_assert(device_id == PCI_DEVICE_ID_INTEL_82371SB_1);
+
+ /* Map bmdma BAR */
+ *bmdma_base = (uint16_t)(uintptr_t) qpci_iomap(dev, 4, NULL);
+
+ qpci_device_enable(dev);
+
+ return dev;
+}
+
+static void free_pci_device(QPCIDevice *dev)
+{
+ /* libqos doesn't have a function for this, so free it manually */
+ g_free(dev);
+}
+
+typedef struct PrdtEntry {
+ uint32_t addr;
+ uint32_t size;
+} QEMU_PACKED PrdtEntry;
+
+#define assert_bit_set(data, mask) g_assert_cmphex((data) & (mask), ==, (mask))
+#define assert_bit_clear(data, mask) g_assert_cmphex((data) & (mask), ==, 0)
+
+static int send_dma_request(int cmd, uint64_t sector, int nb_sectors,
+ PrdtEntry *prdt, int prdt_entries)
+{
+ QPCIDevice *dev;
+ uint16_t bmdma_base;
+ uintptr_t guest_prdt;
+ size_t len;
+ bool from_dev;
+ uint8_t status;
+ int flags;
+
+ dev = get_pci_device(&bmdma_base);
+
+ flags = cmd & ~0xff;
+ cmd &= 0xff;
+
+ switch (cmd) {
+ case CMD_READ_DMA:
+ from_dev = true;
+ break;
+ case CMD_WRITE_DMA:
+ from_dev = false;
+ break;
+ default:
+ g_assert_not_reached();
+ }
+
+ if (flags & CMDF_NO_BM) {
+ qpci_config_writew(dev, PCI_COMMAND,
+ PCI_COMMAND_IO | PCI_COMMAND_MEMORY);
+ }
+
+ /* Select device 0 */
+ outb(IDE_BASE + reg_device, 0 | LBA);
+
+ /* Stop any running transfer, clear any pending interrupt */
+ outb(bmdma_base + bmreg_cmd, 0);
+ outb(bmdma_base + bmreg_status, BM_STS_INTR);
+
+ /* Setup PRDT */
+ len = sizeof(*prdt) * prdt_entries;
+ guest_prdt = guest_alloc(guest_malloc, len);
+ memwrite(guest_prdt, prdt, len);
+ outl(bmdma_base + bmreg_prdt, guest_prdt);
+
+ /* ATA DMA command */
+ outb(IDE_BASE + reg_nsectors, nb_sectors);
+
+ outb(IDE_BASE + reg_lba_low, sector & 0xff);
+ outb(IDE_BASE + reg_lba_middle, (sector >> 8) & 0xff);
+ outb(IDE_BASE + reg_lba_high, (sector >> 16) & 0xff);
+
+ outb(IDE_BASE + reg_command, cmd);
+
+ /* Start DMA transfer */
+ outb(bmdma_base + bmreg_cmd, BM_CMD_START | (from_dev ? BM_CMD_WRITE : 0));
+
+ if (flags & CMDF_ABORT) {
+ outb(bmdma_base + bmreg_cmd, 0);
+ }
+
+ /* Wait for the DMA transfer to complete */
+ do {
+ status = inb(bmdma_base + bmreg_status);
+ } while ((status & (BM_STS_ACTIVE | BM_STS_INTR)) == BM_STS_ACTIVE);
+
+ g_assert_cmpint(get_irq(IDE_PRIMARY_IRQ), ==, !!(status & BM_STS_INTR));
+
+ /* Check IDE status code */
+ assert_bit_set(inb(IDE_BASE + reg_status), DRDY);
+ assert_bit_clear(inb(IDE_BASE + reg_status), BSY | DRQ);
+
+ /* Reading the status register clears the IRQ */
+ g_assert(!get_irq(IDE_PRIMARY_IRQ));
+
+ /* Stop DMA transfer if still active */
+ if (status & BM_STS_ACTIVE) {
+ outb(bmdma_base + bmreg_cmd, 0);
+ }
+
+ free_pci_device(dev);
+
+ return status;
+}
+
+static void test_bmdma_simple_rw(void)
+{
+ uint8_t status;
+ uint8_t *buf;
+ uint8_t *cmpbuf;
+ size_t len = 512;
+ uintptr_t guest_buf = guest_alloc(guest_malloc, len);
+
+ PrdtEntry prdt[] = {
+ {
+ .addr = cpu_to_le32(guest_buf),
+ .size = cpu_to_le32(len | PRDT_EOT),
+ },
+ };
+
+ buf = g_malloc(len);
+ cmpbuf = g_malloc(len);
+
+ /* Write 0x55 pattern to sector 0 */
+ memset(buf, 0x55, len);
+ memwrite(guest_buf, buf, len);
+
+ status = send_dma_request(CMD_WRITE_DMA, 0, 1, prdt, ARRAY_SIZE(prdt));
+ g_assert_cmphex(status, ==, BM_STS_INTR);
+ assert_bit_clear(inb(IDE_BASE + reg_status), DF | ERR);
+
+ /* Write 0xaa pattern to sector 1 */
+ memset(buf, 0xaa, len);
+ memwrite(guest_buf, buf, len);
+
+ status = send_dma_request(CMD_WRITE_DMA, 1, 1, prdt, ARRAY_SIZE(prdt));
+ g_assert_cmphex(status, ==, BM_STS_INTR);
+ assert_bit_clear(inb(IDE_BASE + reg_status), DF | ERR);
+
+ /* Read and verify 0x55 pattern in sector 0 */
+ memset(cmpbuf, 0x55, len);
+
+ status = send_dma_request(CMD_READ_DMA, 0, 1, prdt, ARRAY_SIZE(prdt));
+ g_assert_cmphex(status, ==, BM_STS_INTR);
+ assert_bit_clear(inb(IDE_BASE + reg_status), DF | ERR);
+
+ memread(guest_buf, buf, len);
+ g_assert(memcmp(buf, cmpbuf, len) == 0);
+
+ /* Read and verify 0xaa pattern in sector 1 */
+ memset(cmpbuf, 0xaa, len);
+
+ status = send_dma_request(CMD_READ_DMA, 1, 1, prdt, ARRAY_SIZE(prdt));
+ g_assert_cmphex(status, ==, BM_STS_INTR);
+ assert_bit_clear(inb(IDE_BASE + reg_status), DF | ERR);
+
+ memread(guest_buf, buf, len);
+ g_assert(memcmp(buf, cmpbuf, len) == 0);
+
+
+ g_free(buf);
+ g_free(cmpbuf);
+}
+
+static void test_bmdma_short_prdt(void)
+{
+ uint8_t status;
+
+ PrdtEntry prdt[] = {
+ {
+ .addr = 0,
+ .size = cpu_to_le32(0x10 | PRDT_EOT),
+ },
+ };
+
+ /* Normal request */
+ status = send_dma_request(CMD_READ_DMA, 0, 1,
+ prdt, ARRAY_SIZE(prdt));
+ g_assert_cmphex(status, ==, 0);
+ assert_bit_clear(inb(IDE_BASE + reg_status), DF | ERR);
+
+ /* Abort the request before it completes */
+ status = send_dma_request(CMD_READ_DMA | CMDF_ABORT, 0, 1,
+ prdt, ARRAY_SIZE(prdt));
+ g_assert_cmphex(status, ==, 0);
+ assert_bit_clear(inb(IDE_BASE + reg_status), DF | ERR);
+}
+
+static void test_bmdma_one_sector_short_prdt(void)
+{
+ uint8_t status;
+
+ /* Read 2 sectors but only give 1 sector in PRDT */
+ PrdtEntry prdt[] = {
+ {
+ .addr = 0,
+ .size = cpu_to_le32(0x200 | PRDT_EOT),
+ },
+ };
+
+ /* Normal request */
+ status = send_dma_request(CMD_READ_DMA, 0, 2,
+ prdt, ARRAY_SIZE(prdt));
+ g_assert_cmphex(status, ==, 0);
+ assert_bit_clear(inb(IDE_BASE + reg_status), DF | ERR);
+
+ /* Abort the request before it completes */
+ status = send_dma_request(CMD_READ_DMA | CMDF_ABORT, 0, 2,
+ prdt, ARRAY_SIZE(prdt));
+ g_assert_cmphex(status, ==, 0);
+ assert_bit_clear(inb(IDE_BASE + reg_status), DF | ERR);
+}
+
+static void test_bmdma_long_prdt(void)
+{
+ uint8_t status;
+
+ PrdtEntry prdt[] = {
+ {
+ .addr = 0,
+ .size = cpu_to_le32(0x1000 | PRDT_EOT),
+ },
+ };
+
+ /* Normal request */
+ status = send_dma_request(CMD_READ_DMA, 0, 1,
+ prdt, ARRAY_SIZE(prdt));
+ g_assert_cmphex(status, ==, BM_STS_ACTIVE | BM_STS_INTR);
+ assert_bit_clear(inb(IDE_BASE + reg_status), DF | ERR);
+
+ /* Abort the request before it completes */
+ status = send_dma_request(CMD_READ_DMA | CMDF_ABORT, 0, 1,
+ prdt, ARRAY_SIZE(prdt));
+ g_assert_cmphex(status, ==, BM_STS_INTR);
+ assert_bit_clear(inb(IDE_BASE + reg_status), DF | ERR);
+}
+
+static void test_bmdma_no_busmaster(void)
+{
+ uint8_t status;
+
+ /* No PRDT_EOT, each entry addr 0/size 64k, and in theory qemu shouldn't be
+ * able to access it anyway because the Bus Master bit in the PCI command
+ * register isn't set. This is complete nonsense, but it used to be pretty
+ * good at confusing and occasionally crashing qemu. */
+ PrdtEntry prdt[4096] = { };
+
+ status = send_dma_request(CMD_READ_DMA | CMDF_NO_BM, 0, 512,
+ prdt, ARRAY_SIZE(prdt));
+
+ /* Not entirely clear what the expected result is, but this is what we get
+ * in practice. At least we want to be aware of any changes. */
+ g_assert_cmphex(status, ==, BM_STS_ACTIVE | BM_STS_INTR);
+ assert_bit_clear(inb(IDE_BASE + reg_status), DF | ERR);
+}
+
+static void test_bmdma_setup(void)
+{
+ ide_test_start(
+ "-drive file=%s,if=ide,serial=%s,cache=writeback,format=raw "
+ "-global ide-hd.ver=%s",
+ tmp_path, "testdisk", "version");
+ qtest_irq_intercept_in(global_qtest, "ioapic");
+}
+
+static void test_bmdma_teardown(void)
+{
+ ide_test_quit();
+}
+
+static void string_cpu_to_be16(uint16_t *s, size_t bytes)
+{
+ g_assert((bytes & 1) == 0);
+ bytes /= 2;
+
+ while (bytes--) {
+ *s = cpu_to_be16(*s);
+ s++;
+ }
}
static void test_identify(void)
int ret;
ide_test_start(
- "-vnc none "
- "-drive file=%s,if=ide,serial=%s,cache=writeback "
+ "-drive file=%s,if=ide,serial=%s,cache=writeback,format=raw "
"-global ide-hd.ver=%s",
tmp_path, "testdisk", "version");
/* Read in the IDENTIFY buffer and check registers */
data = inb(IDE_BASE + reg_device);
- g_assert_cmpint(data & 0x10, ==, 0);
+ g_assert_cmpint(data & DEV, ==, 0);
for (i = 0; i < 256; i++) {
data = inb(IDE_BASE + reg_status);
assert_bit_clear(data, BSY | DF | ERR | DRQ);
/* Check serial number/version in the buffer */
- ret = memcmp(&buf[10], "ettsidks ", 20);
+ string_cpu_to_be16(&buf[10], 20);
+ ret = memcmp(&buf[10], "testdisk ", 20);
g_assert(ret == 0);
- ret = memcmp(&buf[23], "evsroi n", 8);
+ string_cpu_to_be16(&buf[23], 8);
+ ret = memcmp(&buf[23], "version ", 8);
g_assert(ret == 0);
/* Write cache enabled bit */
ide_test_quit();
}
+static void test_flush(void)
+{
+ uint8_t data;
+
+ ide_test_start(
+ "-drive file=blkdebug::%s,if=ide,cache=writeback,format=raw",
+ tmp_path);
+
+ /* Delay the completion of the flush request until we explicitly do it */
+ qmp_discard_response("{'execute':'human-monitor-command', 'arguments': {"
+ " 'command-line':"
+ " 'qemu-io ide0-hd0 \"break flush_to_os A\"'} }");
+
+ /* FLUSH CACHE command on device 0*/
+ outb(IDE_BASE + reg_device, 0);
+ outb(IDE_BASE + reg_command, CMD_FLUSH_CACHE);
+
+ /* Check status while request is in flight*/
+ data = inb(IDE_BASE + reg_status);
+ assert_bit_set(data, BSY | DRDY);
+ assert_bit_clear(data, DF | ERR | DRQ);
+
+ /* Complete the command */
+ qmp_discard_response("{'execute':'human-monitor-command', 'arguments': {"
+ " 'command-line':"
+ " 'qemu-io ide0-hd0 \"resume A\"'} }");
+
+ /* Check registers */
+ data = inb(IDE_BASE + reg_device);
+ g_assert_cmpint(data & DEV, ==, 0);
+
+ do {
+ data = inb(IDE_BASE + reg_status);
+ } while (data & BSY);
+
+ assert_bit_set(data, DRDY);
+ assert_bit_clear(data, BSY | DF | ERR | DRQ);
+
+ ide_test_quit();
+}
+
+static void test_retry_flush(const char *machine)
+{
+ uint8_t data;
+ const char *s;
+
+ prepare_blkdebug_script(debug_path, "flush_to_disk");
+
+ ide_test_start(
+ "-vnc none "
+ "-drive file=blkdebug:%s:%s,if=ide,cache=writeback,format=raw,"
+ "rerror=stop,werror=stop",
+ debug_path, tmp_path);
+
+ /* FLUSH CACHE command on device 0*/
+ outb(IDE_BASE + reg_device, 0);
+ outb(IDE_BASE + reg_command, CMD_FLUSH_CACHE);
+
+ /* Check status while request is in flight*/
+ data = inb(IDE_BASE + reg_status);
+ assert_bit_set(data, BSY | DRDY);
+ assert_bit_clear(data, DF | ERR | DRQ);
+
+ qmp_eventwait("STOP");
+
+ /* Complete the command */
+ s = "{'execute':'cont' }";
+ qmp_discard_response(s);
+
+ /* Check registers */
+ data = inb(IDE_BASE + reg_device);
+ g_assert_cmpint(data & DEV, ==, 0);
+
+ do {
+ data = inb(IDE_BASE + reg_status);
+ } while (data & BSY);
+
+ assert_bit_set(data, DRDY);
+ assert_bit_clear(data, BSY | DF | ERR | DRQ);
+
+ ide_test_quit();
+}
+
+static void test_flush_nodev(void)
+{
+ ide_test_start("");
+
+ /* FLUSH CACHE command on device 0*/
+ outb(IDE_BASE + reg_device, 0);
+ outb(IDE_BASE + reg_command, CMD_FLUSH_CACHE);
+
+ /* Just testing that qemu doesn't crash... */
+
+ ide_test_quit();
+}
+
+static void test_pci_retry_flush(const char *machine)
+{
+ test_retry_flush("pc");
+}
+
+static void test_isa_retry_flush(const char *machine)
+{
+ test_retry_flush("isapc");
+}
+
int main(int argc, char **argv)
{
const char *arch = qtest_get_arch();
return 0;
}
+ /* Create temporary blkdebug instructions */
+ fd = mkstemp(debug_path);
+ g_assert(fd >= 0);
+ close(fd);
+
/* Create a temporary raw image */
fd = mkstemp(tmp_path);
g_assert(fd >= 0);
qtest_add_func("/ide/identify", test_identify);
+ qtest_add_func("/ide/bmdma/setup", test_bmdma_setup);
+ qtest_add_func("/ide/bmdma/simple_rw", test_bmdma_simple_rw);
+ qtest_add_func("/ide/bmdma/short_prdt", test_bmdma_short_prdt);
+ qtest_add_func("/ide/bmdma/one_sector_short_prdt",
+ test_bmdma_one_sector_short_prdt);
+ qtest_add_func("/ide/bmdma/long_prdt", test_bmdma_long_prdt);
+ qtest_add_func("/ide/bmdma/no_busmaster", test_bmdma_no_busmaster);
+ qtest_add_func("/ide/bmdma/teardown", test_bmdma_teardown);
+
+ qtest_add_func("/ide/flush", test_flush);
+ qtest_add_func("/ide/flush/nodev", test_flush_nodev);
+ qtest_add_func("/ide/flush/retry_pci", test_pci_retry_flush);
+ qtest_add_func("/ide/flush/retry_isa", test_isa_retry_flush);
+
ret = g_test_run();
/* Cleanup */
unlink(tmp_path);
+ unlink(debug_path);
return ret;
}
projects / qemu.git / blobdiff