LXR qemu/tests/ide-test.c

   1/*
   2 * IDE test cases
   3 *
   4 * Copyright (c) 2013 Kevin Wolf <kwolf@redhat.com>
   5 *
   6 * Permission is hereby granted, free of charge, to any person obtaining a copy
   7 * of this software and associated documentation files (the "Software"), to deal
   8 * in the Software without restriction, including without limitation the rights
   9 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
  10 * copies of the Software, and to permit persons to whom the Software is
  11 * furnished to do so, subject to the following conditions:
  12 *
  13 * The above copyright notice and this permission notice shall be included in
  14 * all copies or substantial portions of the Software.
  15 *
  16 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
  17 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
  18 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
  19 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
  20 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
  21 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
  22 * THE SOFTWARE.
  23 */
  24
  25#include <stdint.h>
  26#include <string.h>
  27#include <stdio.h>
  28
  29#include <glib.h>
  30
  31#include "libqtest.h"
  32#include "libqos/pci-pc.h"
  33#include "libqos/malloc-pc.h"
  34
  35#include "qemu-common.h"
  36#include "hw/pci/pci_ids.h"
  37#include "hw/pci/pci_regs.h"
  38
  39#define TEST_IMAGE_SIZE 64 * 1024 * 1024
  40
  41#define IDE_PCI_DEV     1
  42#define IDE_PCI_FUNC    1
  43
  44#define IDE_BASE 0x1f0
  45#define IDE_PRIMARY_IRQ 14
  46
  47enum {
  48    reg_data        = 0x0,
  49    reg_nsectors    = 0x2,
  50    reg_lba_low     = 0x3,
  51    reg_lba_middle  = 0x4,
  52    reg_lba_high    = 0x5,
  53    reg_device      = 0x6,
  54    reg_status      = 0x7,
  55    reg_command     = 0x7,
  56};
  57
  58enum {
  59    BSY     = 0x80,
  60    DRDY    = 0x40,
  61    DF      = 0x20,
  62    DRQ     = 0x08,
  63    ERR     = 0x01,
  64};
  65
  66enum {
  67    DEV     = 0x10,
  68    LBA     = 0x40,
  69};
  70
  71enum {
  72    bmreg_cmd       = 0x0,
  73    bmreg_status    = 0x2,
  74    bmreg_prdt      = 0x4,
  75};
  76
  77enum {
  78    CMD_READ_DMA    = 0xc8,
  79    CMD_WRITE_DMA   = 0xca,
  80    CMD_FLUSH_CACHE = 0xe7,
  81    CMD_IDENTIFY    = 0xec,
  82
  83    CMDF_ABORT      = 0x100,
  84    CMDF_NO_BM      = 0x200,
  85};
  86
  87enum {
  88    BM_CMD_START    =  0x1,
  89    BM_CMD_WRITE    =  0x8, /* write = from device to memory */
  90};
  91
  92enum {
  93    BM_STS_ACTIVE   =  0x1,
  94    BM_STS_ERROR    =  0x2,
  95    BM_STS_INTR     =  0x4,
  96};
  97
  98enum {
  99    PRDT_EOT        = 0x80000000,
 100};
 101
 102#define assert_bit_set(data, mask) g_assert_cmphex((data) & (mask), ==, (mask))
 103#define assert_bit_clear(data, mask) g_assert_cmphex((data) & (mask), ==, 0)
 104
 105static QPCIBus *pcibus = NULL;
 106static QGuestAllocator *guest_malloc;
 107
 108static char tmp_path[] = "/tmp/qtest.XXXXXX";
 109
 110static void ide_test_start(const char *cmdline_fmt, ...)
 111{
 112    va_list ap;
 113    char *cmdline;
 114
 115    va_start(ap, cmdline_fmt);
 116    cmdline = g_strdup_vprintf(cmdline_fmt, ap);
 117    va_end(ap);
 118
 119    qtest_start(cmdline);
 120    qtest_irq_intercept_in(global_qtest, "ioapic");
 121    guest_malloc = pc_alloc_init();
 122}
 123
 124static void ide_test_quit(void)
 125{
 126    qtest_end();
 127}
 128
 129static QPCIDevice *get_pci_device(uint16_t *bmdma_base)
 130{
 131    QPCIDevice *dev;
 132    uint16_t vendor_id, device_id;
 133
 134    if (!pcibus) {
 135        pcibus = qpci_init_pc();
 136    }
 137
 138    /* Find PCI device and verify it's the right one */
 139    dev = qpci_device_find(pcibus, QPCI_DEVFN(IDE_PCI_DEV, IDE_PCI_FUNC));
 140    g_assert(dev != NULL);
 141
 142    vendor_id = qpci_config_readw(dev, PCI_VENDOR_ID);
 143    device_id = qpci_config_readw(dev, PCI_DEVICE_ID);
 144    g_assert(vendor_id == PCI_VENDOR_ID_INTEL);
 145    g_assert(device_id == PCI_DEVICE_ID_INTEL_82371SB_1);
 146
 147    /* Map bmdma BAR */
 148    *bmdma_base = (uint16_t)(uintptr_t) qpci_iomap(dev, 4);
 149
 150    qpci_device_enable(dev);
 151
 152    return dev;
 153}
 154
 155static void free_pci_device(QPCIDevice *dev)
 156{
 157    /* libqos doesn't have a function for this, so free it manually */
 158    g_free(dev);
 159}
 160
 161typedef struct PrdtEntry {
 162    uint32_t addr;
 163    uint32_t size;
 164} QEMU_PACKED PrdtEntry;
 165
 166#define assert_bit_set(data, mask) g_assert_cmphex((data) & (mask), ==, (mask))
 167#define assert_bit_clear(data, mask) g_assert_cmphex((data) & (mask), ==, 0)
 168
 169static int send_dma_request(int cmd, uint64_t sector, int nb_sectors,
 170                            PrdtEntry *prdt, int prdt_entries)
 171{
 172    QPCIDevice *dev;
 173    uint16_t bmdma_base;
 174    uintptr_t guest_prdt;
 175    size_t len;
 176    bool from_dev;
 177    uint8_t status;
 178    int flags;
 179
 180    dev = get_pci_device(&bmdma_base);
 181
 182    flags = cmd & ~0xff;
 183    cmd &= 0xff;
 184
 185    switch (cmd) {
 186    case CMD_READ_DMA:
 187        from_dev = true;
 188        break;
 189    case CMD_WRITE_DMA:
 190        from_dev = false;
 191        break;
 192    default:
 193        g_assert_not_reached();
 194    }
 195
 196    if (flags & CMDF_NO_BM) {
 197        qpci_config_writew(dev, PCI_COMMAND,
 198                           PCI_COMMAND_IO | PCI_COMMAND_MEMORY);
 199    }
 200
 201    /* Select device 0 */
 202    outb(IDE_BASE + reg_device, 0 | LBA);
 203
 204    /* Stop any running transfer, clear any pending interrupt */
 205    outb(bmdma_base + bmreg_cmd, 0);
 206    outb(bmdma_base + bmreg_status, BM_STS_INTR);
 207
 208    /* Setup PRDT */
 209    len = sizeof(*prdt) * prdt_entries;
 210    guest_prdt = guest_alloc(guest_malloc, len);
 211    memwrite(guest_prdt, prdt, len);
 212    outl(bmdma_base + bmreg_prdt, guest_prdt);
 213
 214    /* ATA DMA command */
 215    outb(IDE_BASE + reg_nsectors, nb_sectors);
 216
 217    outb(IDE_BASE + reg_lba_low,    sector & 0xff);
 218    outb(IDE_BASE + reg_lba_middle, (sector >> 8) & 0xff);
 219    outb(IDE_BASE + reg_lba_high,   (sector >> 16) & 0xff);
 220
 221    outb(IDE_BASE + reg_command, cmd);
 222
 223    /* Start DMA transfer */
 224    outb(bmdma_base + bmreg_cmd, BM_CMD_START | (from_dev ? BM_CMD_WRITE : 0));
 225
 226    if (flags & CMDF_ABORT) {
 227        outb(bmdma_base + bmreg_cmd, 0);
 228    }
 229
 230    /* Wait for the DMA transfer to complete */
 231    do {
 232        status = inb(bmdma_base + bmreg_status);
 233    } while ((status & (BM_STS_ACTIVE | BM_STS_INTR)) == BM_STS_ACTIVE);
 234
 235    g_assert_cmpint(get_irq(IDE_PRIMARY_IRQ), ==, !!(status & BM_STS_INTR));
 236
 237    /* Check IDE status code */
 238    assert_bit_set(inb(IDE_BASE + reg_status), DRDY);
 239    assert_bit_clear(inb(IDE_BASE + reg_status), BSY | DRQ);
 240
 241    /* Reading the status register clears the IRQ */
 242    g_assert(!get_irq(IDE_PRIMARY_IRQ));
 243
 244    /* Stop DMA transfer if still active */
 245    if (status & BM_STS_ACTIVE) {
 246        outb(bmdma_base + bmreg_cmd, 0);
 247    }
 248
 249    free_pci_device(dev);
 250
 251    return status;
 252}
 253
 254static void test_bmdma_simple_rw(void)
 255{
 256    uint8_t status;
 257    uint8_t *buf;
 258    uint8_t *cmpbuf;
 259    size_t len = 512;
 260    uintptr_t guest_buf = guest_alloc(guest_malloc, len);
 261
 262    PrdtEntry prdt[] = {
 263        {
 264            .addr = cpu_to_le32(guest_buf),
 265            .size = cpu_to_le32(len | PRDT_EOT),
 266        },
 267    };
 268
 269    buf = g_malloc(len);
 270    cmpbuf = g_malloc(len);
 271
 272    /* Write 0x55 pattern to sector 0 */
 273    memset(buf, 0x55, len);
 274    memwrite(guest_buf, buf, len);
 275
 276    status = send_dma_request(CMD_WRITE_DMA, 0, 1, prdt, ARRAY_SIZE(prdt));
 277    g_assert_cmphex(status, ==, BM_STS_INTR);
 278    assert_bit_clear(inb(IDE_BASE + reg_status), DF | ERR);
 279
 280    /* Write 0xaa pattern to sector 1 */
 281    memset(buf, 0xaa, len);
 282    memwrite(guest_buf, buf, len);
 283
 284    status = send_dma_request(CMD_WRITE_DMA, 1, 1, prdt, ARRAY_SIZE(prdt));
 285    g_assert_cmphex(status, ==, BM_STS_INTR);
 286    assert_bit_clear(inb(IDE_BASE + reg_status), DF | ERR);
 287
 288    /* Read and verify 0x55 pattern in sector 0 */
 289    memset(cmpbuf, 0x55, len);
 290
 291    status = send_dma_request(CMD_READ_DMA, 0, 1, prdt, ARRAY_SIZE(prdt));
 292    g_assert_cmphex(status, ==, BM_STS_INTR);
 293    assert_bit_clear(inb(IDE_BASE + reg_status), DF | ERR);
 294
 295    memread(guest_buf, buf, len);
 296    g_assert(memcmp(buf, cmpbuf, len) == 0);
 297
 298    /* Read and verify 0xaa pattern in sector 1 */
 299    memset(cmpbuf, 0xaa, len);
 300
 301    status = send_dma_request(CMD_READ_DMA, 1, 1, prdt, ARRAY_SIZE(prdt));
 302    g_assert_cmphex(status, ==, BM_STS_INTR);
 303    assert_bit_clear(inb(IDE_BASE + reg_status), DF | ERR);
 304
 305    memread(guest_buf, buf, len);
 306    g_assert(memcmp(buf, cmpbuf, len) == 0);
 307
 308
 309    g_free(buf);
 310    g_free(cmpbuf);
 311}
 312
 313static void test_bmdma_short_prdt(void)
 314{
 315    uint8_t status;
 316
 317    PrdtEntry prdt[] = {
 318        {
 319            .addr = 0,
 320            .size = cpu_to_le32(0x10 | PRDT_EOT),
 321        },
 322    };
 323
 324    /* Normal request */
 325    status = send_dma_request(CMD_READ_DMA, 0, 1,
 326                              prdt, ARRAY_SIZE(prdt));
 327    g_assert_cmphex(status, ==, 0);
 328    assert_bit_clear(inb(IDE_BASE + reg_status), DF | ERR);
 329
 330    /* Abort the request before it completes */
 331    status = send_dma_request(CMD_READ_DMA | CMDF_ABORT, 0, 1,
 332                              prdt, ARRAY_SIZE(prdt));
 333    g_assert_cmphex(status, ==, 0);
 334    assert_bit_clear(inb(IDE_BASE + reg_status), DF | ERR);
 335}
 336
 337static void test_bmdma_long_prdt(void)
 338{
 339    uint8_t status;
 340
 341    PrdtEntry prdt[] = {
 342        {
 343            .addr = 0,
 344            .size = cpu_to_le32(0x1000 | PRDT_EOT),
 345        },
 346    };
 347
 348    /* Normal request */
 349    status = send_dma_request(CMD_READ_DMA, 0, 1,
 350                              prdt, ARRAY_SIZE(prdt));
 351    g_assert_cmphex(status, ==, BM_STS_ACTIVE | BM_STS_INTR);
 352    assert_bit_clear(inb(IDE_BASE + reg_status), DF | ERR);
 353
 354    /* Abort the request before it completes */
 355    status = send_dma_request(CMD_READ_DMA | CMDF_ABORT, 0, 1,
 356                              prdt, ARRAY_SIZE(prdt));
 357    g_assert_cmphex(status, ==, BM_STS_INTR);
 358    assert_bit_clear(inb(IDE_BASE + reg_status), DF | ERR);
 359}
 360
 361static void test_bmdma_no_busmaster(void)
 362{
 363    uint8_t status;
 364
 365    /* No PRDT_EOT, each entry addr 0/size 64k, and in theory qemu shouldn't be
 366     * able to access it anyway because the Bus Master bit in the PCI command
 367     * register isn't set. This is complete nonsense, but it used to be pretty
 368     * good at confusing and occasionally crashing qemu. */
 369    PrdtEntry prdt[4096] = { };
 370
 371    status = send_dma_request(CMD_READ_DMA | CMDF_NO_BM, 0, 512,
 372                              prdt, ARRAY_SIZE(prdt));
 373
 374    /* Not entirely clear what the expected result is, but this is what we get
 375     * in practice. At least we want to be aware of any changes. */
 376    g_assert_cmphex(status, ==, BM_STS_ACTIVE | BM_STS_INTR);
 377    assert_bit_clear(inb(IDE_BASE + reg_status), DF | ERR);
 378}
 379
 380static void test_bmdma_setup(void)
 381{
 382    ide_test_start(
 383        "-drive file=%s,if=ide,serial=%s,cache=writeback "
 384        "-global ide-hd.ver=%s",
 385        tmp_path, "testdisk", "version");
 386}
 387
 388static void test_bmdma_teardown(void)
 389{
 390    ide_test_quit();
 391}
 392
 393static void string_cpu_to_be16(uint16_t *s, size_t bytes)
 394{
 395    g_assert((bytes & 1) == 0);
 396    bytes /= 2;
 397
 398    while (bytes--) {
 399        *s = cpu_to_be16(*s);
 400        s++;
 401    }
 402}
 403
 404static void test_identify(void)
 405{
 406    uint8_t data;
 407    uint16_t buf[256];
 408    int i;
 409    int ret;
 410
 411    ide_test_start(
 412        "-drive file=%s,if=ide,serial=%s,cache=writeback "
 413        "-global ide-hd.ver=%s",
 414        tmp_path, "testdisk", "version");
 415
 416    /* IDENTIFY command on device 0*/
 417    outb(IDE_BASE + reg_device, 0);
 418    outb(IDE_BASE + reg_command, CMD_IDENTIFY);
 419
 420    /* Read in the IDENTIFY buffer and check registers */
 421    data = inb(IDE_BASE + reg_device);
 422    g_assert_cmpint(data & DEV, ==, 0);
 423
 424    for (i = 0; i < 256; i++) {
 425        data = inb(IDE_BASE + reg_status);
 426        assert_bit_set(data, DRDY | DRQ);
 427        assert_bit_clear(data, BSY | DF | ERR);
 428
 429        ((uint16_t*) buf)[i] = inw(IDE_BASE + reg_data);
 430    }
 431
 432    data = inb(IDE_BASE + reg_status);
 433    assert_bit_set(data, DRDY);
 434    assert_bit_clear(data, BSY | DF | ERR | DRQ);
 435
 436    /* Check serial number/version in the buffer */
 437    string_cpu_to_be16(&buf[10], 20);
 438    ret = memcmp(&buf[10], "testdisk            ", 20);
 439    g_assert(ret == 0);
 440
 441    string_cpu_to_be16(&buf[23], 8);
 442    ret = memcmp(&buf[23], "version ", 8);
 443    g_assert(ret == 0);
 444
 445    /* Write cache enabled bit */
 446    assert_bit_set(buf[85], 0x20);
 447
 448    ide_test_quit();
 449}
 450
 451static void test_flush(void)
 452{
 453    uint8_t data;
 454
 455    ide_test_start(
 456        "-drive file=blkdebug::%s,if=ide,cache=writeback",
 457        tmp_path);
 458
 459    /* Delay the completion of the flush request until we explicitly do it */
 460    qmp_discard_response("{'execute':'human-monitor-command', 'arguments': {"
 461                         " 'command-line':"
 462                         " 'qemu-io ide0-hd0 \"break flush_to_os A\"'} }");
 463
 464    /* FLUSH CACHE command on device 0*/
 465    outb(IDE_BASE + reg_device, 0);
 466    outb(IDE_BASE + reg_command, CMD_FLUSH_CACHE);
 467
 468    /* Check status while request is in flight*/
 469    data = inb(IDE_BASE + reg_status);
 470    assert_bit_set(data, BSY | DRDY);
 471    assert_bit_clear(data, DF | ERR | DRQ);
 472
 473    /* Complete the command */
 474    qmp_discard_response("{'execute':'human-monitor-command', 'arguments': {"
 475                         " 'command-line':"
 476                         " 'qemu-io ide0-hd0 \"resume A\"'} }");
 477
 478    /* Check registers */
 479    data = inb(IDE_BASE + reg_device);
 480    g_assert_cmpint(data & DEV, ==, 0);
 481
 482    do {
 483        data = inb(IDE_BASE + reg_status);
 484    } while (data & BSY);
 485
 486    assert_bit_set(data, DRDY);
 487    assert_bit_clear(data, BSY | DF | ERR | DRQ);
 488
 489    ide_test_quit();
 490}
 491
 492int main(int argc, char **argv)
 493{
 494    const char *arch = qtest_get_arch();
 495    int fd;
 496    int ret;
 497
 498    /* Check architecture */
 499    if (strcmp(arch, "i386") && strcmp(arch, "x86_64")) {
 500        g_test_message("Skipping test for non-x86\n");
 501        return 0;
 502    }
 503
 504    /* Create a temporary raw image */
 505    fd = mkstemp(tmp_path);
 506    g_assert(fd >= 0);
 507    ret = ftruncate(fd, TEST_IMAGE_SIZE);
 508    g_assert(ret == 0);
 509    close(fd);
 510
 511    /* Run the tests */
 512    g_test_init(&argc, &argv, NULL);
 513
 514    qtest_add_func("/ide/identify", test_identify);
 515
 516    qtest_add_func("/ide/bmdma/setup", test_bmdma_setup);
 517    qtest_add_func("/ide/bmdma/simple_rw", test_bmdma_simple_rw);
 518    qtest_add_func("/ide/bmdma/short_prdt", test_bmdma_short_prdt);
 519    qtest_add_func("/ide/bmdma/long_prdt", test_bmdma_long_prdt);
 520    qtest_add_func("/ide/bmdma/no_busmaster", test_bmdma_no_busmaster);
 521    qtest_add_func("/ide/bmdma/teardown", test_bmdma_teardown);
 522
 523    qtest_add_func("/ide/flush", test_flush);
 524
 525    ret = g_test_run();
 526
 527    /* Cleanup */
 528    unlink(tmp_path);
 529
 530    return ret;
 531}
 532