qemu/tests/ide-test.c
<<
>>
Prefs 
   1/*
   2 * IDE test cases
   3 *
   4 * Copyright (c) 2013 Kevin Wolf <kwolf@redhat.com>
   5 *
   6 * Permission is hereby granted, free of charge, to any person obtaining a copy
   7 * of this software and associated documentation files (the "Software"), to deal
   8 * in the Software without restriction, including without limitation the rights
   9 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
  10 * copies of the Software, and to permit persons to whom the Software is
  11 * furnished to do so, subject to the following conditions:
  12 *
  13 * The above copyright notice and this permission notice shall be included in
  14 * all copies or substantial portions of the Software.
  15 *
  16 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
  17 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
  18 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
  19 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
  20 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
  21 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
  22 * THE SOFTWARE.
  23 */
  24
  25#include <stdint.h>
  26#include <string.h>
  27#include <stdio.h>
  28
  29#include <glib.h>
  30
  31#include "libqtest.h"
  32#include "libqos/pci-pc.h"
  33#include "libqos/malloc-pc.h"
  34
  35#include "qemu-common.h"
  36#include "hw/pci/pci_ids.h"
  37#include "hw/pci/pci_regs.h"
  38
  39#define TEST_IMAGE_SIZE 64 * 1024 * 1024
  40
  41#define IDE_PCI_DEV     1
  42#define IDE_PCI_FUNC    1
  43
  44#define IDE_BASE 0x1f0
  45#define IDE_PRIMARY_IRQ 14
  46
  47enum {
  48    reg_data        = 0x0,
  49    reg_nsectors    = 0x2,
  50    reg_lba_low     = 0x3,
  51    reg_lba_middle  = 0x4,
  52    reg_lba_high    = 0x5,
  53    reg_device      = 0x6,
  54    reg_status      = 0x7,
  55    reg_command     = 0x7,
  56};
  57
  58enum {
  59    BSY     = 0x80,
  60    DRDY    = 0x40,
  61    DF      = 0x20,
  62    DRQ     = 0x08,
  63    ERR     = 0x01,
  64};
  65
  66enum {
  67    DEV     = 0x10,
  68    LBA     = 0x40,
  69};
  70
  71enum {
  72    bmreg_cmd       = 0x0,
  73    bmreg_status    = 0x2,
  74    bmreg_prdt      = 0x4,
  75};
  76
  77enum {
  78    CMD_READ_DMA    = 0xc8,
  79    CMD_WRITE_DMA   = 0xca,
  80    CMD_FLUSH_CACHE = 0xe7,
  81    CMD_IDENTIFY    = 0xec,
  82
  83    CMDF_ABORT      = 0x100,
  84    CMDF_NO_BM      = 0x200,
  85};
  86
  87enum {
  88    BM_CMD_START    =  0x1,
  89    BM_CMD_WRITE    =  0x8, /* write = from device to memory */
  90};
  91
  92enum {
  93    BM_STS_ACTIVE   =  0x1,
  94    BM_STS_ERROR    =  0x2,
  95    BM_STS_INTR     =  0x4,
  96};
  97
  98enum {
  99    PRDT_EOT        = 0x80000000,
 100};
 101
 102#define assert_bit_set(data, mask) g_assert_cmphex((data) & (mask), ==, (mask))
 103#define assert_bit_clear(data, mask) g_assert_cmphex((data) & (mask), ==, 0)
 104
 105static QPCIBus *pcibus = NULL;
 106static QGuestAllocator *guest_malloc;
 107
 108static char tmp_path[] = "/tmp/qtest.XXXXXX";
 109static char debug_path[] = "/tmp/qtest-blkdebug.XXXXXX";
 110
 111static void ide_test_start(const char *cmdline_fmt, ...)
 112{
 113    va_list ap;
 114    char *cmdline;
 115
 116    va_start(ap, cmdline_fmt);
 117    cmdline = g_strdup_vprintf(cmdline_fmt, ap);
 118    va_end(ap);
 119
 120    qtest_start(cmdline);
 121    qtest_irq_intercept_in(global_qtest, "ioapic");
 122    guest_malloc = pc_alloc_init();
 123
 124    g_free(cmdline);
 125}
 126
 127static void ide_test_quit(void)
 128{
 129    pc_alloc_uninit(guest_malloc);
 130    guest_malloc = NULL;
 131    qtest_end();
 132}
 133
 134static QPCIDevice *get_pci_device(uint16_t *bmdma_base)
 135{
 136    QPCIDevice *dev;
 137    uint16_t vendor_id, device_id;
 138
 139    if (!pcibus) {
 140        pcibus = qpci_init_pc();
 141    }
 142
 143    /* Find PCI device and verify it's the right one */
 144    dev = qpci_device_find(pcibus, QPCI_DEVFN(IDE_PCI_DEV, IDE_PCI_FUNC));
 145    g_assert(dev != NULL);
 146
 147    vendor_id = qpci_config_readw(dev, PCI_VENDOR_ID);
 148    device_id = qpci_config_readw(dev, PCI_DEVICE_ID);
 149    g_assert(vendor_id == PCI_VENDOR_ID_INTEL);
 150    g_assert(device_id == PCI_DEVICE_ID_INTEL_82371SB_1);
 151
 152    /* Map bmdma BAR */
 153    *bmdma_base = (uint16_t)(uintptr_t) qpci_iomap(dev, 4, NULL);
 154
 155    qpci_device_enable(dev);
 156
 157    return dev;
 158}
 159
 160static void free_pci_device(QPCIDevice *dev)
 161{
 162    /* libqos doesn't have a function for this, so free it manually */
 163    g_free(dev);
 164}
 165
 166typedef struct PrdtEntry {
 167    uint32_t addr;
 168    uint32_t size;
 169} QEMU_PACKED PrdtEntry;
 170
 171#define assert_bit_set(data, mask) g_assert_cmphex((data) & (mask), ==, (mask))
 172#define assert_bit_clear(data, mask) g_assert_cmphex((data) & (mask), ==, 0)
 173
 174static int send_dma_request(int cmd, uint64_t sector, int nb_sectors,
 175                            PrdtEntry *prdt, int prdt_entries)
 176{
 177    QPCIDevice *dev;
 178    uint16_t bmdma_base;
 179    uintptr_t guest_prdt;
 180    size_t len;
 181    bool from_dev;
 182    uint8_t status;
 183    int flags;
 184
 185    dev = get_pci_device(&bmdma_base);
 186
 187    flags = cmd & ~0xff;
 188    cmd &= 0xff;
 189
 190    switch (cmd) {
 191    case CMD_READ_DMA:
 192        from_dev = true;
 193        break;
 194    case CMD_WRITE_DMA:
 195        from_dev = false;
 196        break;
 197    default:
 198        g_assert_not_reached();
 199    }
 200
 201    if (flags & CMDF_NO_BM) {
 202        qpci_config_writew(dev, PCI_COMMAND,
 203                           PCI_COMMAND_IO | PCI_COMMAND_MEMORY);
 204    }
 205
 206    /* Select device 0 */
 207    outb(IDE_BASE + reg_device, 0 | LBA);
 208
 209    /* Stop any running transfer, clear any pending interrupt */
 210    outb(bmdma_base + bmreg_cmd, 0);
 211    outb(bmdma_base + bmreg_status, BM_STS_INTR);
 212
 213    /* Setup PRDT */
 214    len = sizeof(*prdt) * prdt_entries;
 215    guest_prdt = guest_alloc(guest_malloc, len);
 216    memwrite(guest_prdt, prdt, len);
 217    outl(bmdma_base + bmreg_prdt, guest_prdt);
 218
 219    /* ATA DMA command */
 220    outb(IDE_BASE + reg_nsectors, nb_sectors);
 221
 222    outb(IDE_BASE + reg_lba_low,    sector & 0xff);
 223    outb(IDE_BASE + reg_lba_middle, (sector >> 8) & 0xff);
 224    outb(IDE_BASE + reg_lba_high,   (sector >> 16) & 0xff);
 225
 226    outb(IDE_BASE + reg_command, cmd);
 227
 228    /* Start DMA transfer */
 229    outb(bmdma_base + bmreg_cmd, BM_CMD_START | (from_dev ? BM_CMD_WRITE : 0));
 230
 231    if (flags & CMDF_ABORT) {
 232        outb(bmdma_base + bmreg_cmd, 0);
 233    }
 234
 235    /* Wait for the DMA transfer to complete */
 236    do {
 237        status = inb(bmdma_base + bmreg_status);
 238    } while ((status & (BM_STS_ACTIVE | BM_STS_INTR)) == BM_STS_ACTIVE);
 239
 240    g_assert_cmpint(get_irq(IDE_PRIMARY_IRQ), ==, !!(status & BM_STS_INTR));
 241
 242    /* Check IDE status code */
 243    assert_bit_set(inb(IDE_BASE + reg_status), DRDY);
 244    assert_bit_clear(inb(IDE_BASE + reg_status), BSY | DRQ);
 245
 246    /* Reading the status register clears the IRQ */
 247    g_assert(!get_irq(IDE_PRIMARY_IRQ));
 248
 249    /* Stop DMA transfer if still active */
 250    if (status & BM_STS_ACTIVE) {
 251        outb(bmdma_base + bmreg_cmd, 0);
 252    }
 253
 254    free_pci_device(dev);
 255
 256    return status;
 257}
 258
 259static void test_bmdma_simple_rw(void)
 260{
 261    uint8_t status;
 262    uint8_t *buf;
 263    uint8_t *cmpbuf;
 264    size_t len = 512;
 265    uintptr_t guest_buf = guest_alloc(guest_malloc, len);
 266
 267    PrdtEntry prdt[] = {
 268        {
 269            .addr = cpu_to_le32(guest_buf),
 270            .size = cpu_to_le32(len | PRDT_EOT),
 271        },
 272    };
 273
 274    buf = g_malloc(len);
 275    cmpbuf = g_malloc(len);
 276
 277    /* Write 0x55 pattern to sector 0 */
 278    memset(buf, 0x55, len);
 279    memwrite(guest_buf, buf, len);
 280
 281    status = send_dma_request(CMD_WRITE_DMA, 0, 1, prdt, ARRAY_SIZE(prdt));
 282    g_assert_cmphex(status, ==, BM_STS_INTR);
 283    assert_bit_clear(inb(IDE_BASE + reg_status), DF | ERR);
 284
 285    /* Write 0xaa pattern to sector 1 */
 286    memset(buf, 0xaa, len);
 287    memwrite(guest_buf, buf, len);
 288
 289    status = send_dma_request(CMD_WRITE_DMA, 1, 1, prdt, ARRAY_SIZE(prdt));
 290    g_assert_cmphex(status, ==, BM_STS_INTR);
 291    assert_bit_clear(inb(IDE_BASE + reg_status), DF | ERR);
 292
 293    /* Read and verify 0x55 pattern in sector 0 */
 294    memset(cmpbuf, 0x55, len);
 295
 296    status = send_dma_request(CMD_READ_DMA, 0, 1, prdt, ARRAY_SIZE(prdt));
 297    g_assert_cmphex(status, ==, BM_STS_INTR);
 298    assert_bit_clear(inb(IDE_BASE + reg_status), DF | ERR);
 299
 300    memread(guest_buf, buf, len);
 301    g_assert(memcmp(buf, cmpbuf, len) == 0);
 302
 303    /* Read and verify 0xaa pattern in sector 1 */
 304    memset(cmpbuf, 0xaa, len);
 305
 306    status = send_dma_request(CMD_READ_DMA, 1, 1, prdt, ARRAY_SIZE(prdt));
 307    g_assert_cmphex(status, ==, BM_STS_INTR);
 308    assert_bit_clear(inb(IDE_BASE + reg_status), DF | ERR);
 309
 310    memread(guest_buf, buf, len);
 311    g_assert(memcmp(buf, cmpbuf, len) == 0);
 312
 313
 314    g_free(buf);
 315    g_free(cmpbuf);
 316}
 317
 318static void test_bmdma_short_prdt(void)
 319{
 320    uint8_t status;
 321
 322    PrdtEntry prdt[] = {
 323        {
 324            .addr = 0,
 325            .size = cpu_to_le32(0x10 | PRDT_EOT),
 326        },
 327    };
 328
 329    /* Normal request */
 330    status = send_dma_request(CMD_READ_DMA, 0, 1,
 331                              prdt, ARRAY_SIZE(prdt));
 332    g_assert_cmphex(status, ==, 0);
 333    assert_bit_clear(inb(IDE_BASE + reg_status), DF | ERR);
 334
 335    /* Abort the request before it completes */
 336    status = send_dma_request(CMD_READ_DMA | CMDF_ABORT, 0, 1,
 337                              prdt, ARRAY_SIZE(prdt));
 338    g_assert_cmphex(status, ==, 0);
 339    assert_bit_clear(inb(IDE_BASE + reg_status), DF | ERR);
 340}
 341
 342static void test_bmdma_long_prdt(void)
 343{
 344    uint8_t status;
 345
 346    PrdtEntry prdt[] = {
 347        {
 348            .addr = 0,
 349            .size = cpu_to_le32(0x1000 | PRDT_EOT),
 350        },
 351    };
 352
 353    /* Normal request */
 354    status = send_dma_request(CMD_READ_DMA, 0, 1,
 355                              prdt, ARRAY_SIZE(prdt));
 356    g_assert_cmphex(status, ==, BM_STS_ACTIVE | BM_STS_INTR);
 357    assert_bit_clear(inb(IDE_BASE + reg_status), DF | ERR);
 358
 359    /* Abort the request before it completes */
 360    status = send_dma_request(CMD_READ_DMA | CMDF_ABORT, 0, 1,
 361                              prdt, ARRAY_SIZE(prdt));
 362    g_assert_cmphex(status, ==, BM_STS_INTR);
 363    assert_bit_clear(inb(IDE_BASE + reg_status), DF | ERR);
 364}
 365
 366static void test_bmdma_no_busmaster(void)
 367{
 368    uint8_t status;
 369
 370    /* No PRDT_EOT, each entry addr 0/size 64k, and in theory qemu shouldn't be
 371     * able to access it anyway because the Bus Master bit in the PCI command
 372     * register isn't set. This is complete nonsense, but it used to be pretty
 373     * good at confusing and occasionally crashing qemu. */
 374    PrdtEntry prdt[4096] = { };
 375
 376    status = send_dma_request(CMD_READ_DMA | CMDF_NO_BM, 0, 512,
 377                              prdt, ARRAY_SIZE(prdt));
 378
 379    /* Not entirely clear what the expected result is, but this is what we get
 380     * in practice. At least we want to be aware of any changes. */
 381    g_assert_cmphex(status, ==, BM_STS_ACTIVE | BM_STS_INTR);
 382    assert_bit_clear(inb(IDE_BASE + reg_status), DF | ERR);
 383}
 384
 385static void test_bmdma_setup(void)
 386{
 387    ide_test_start(
 388        "-drive file=%s,if=ide,serial=%s,cache=writeback "
 389        "-global ide-hd.ver=%s",
 390        tmp_path, "testdisk", "version");
 391}
 392
 393static void test_bmdma_teardown(void)
 394{
 395    ide_test_quit();
 396}
 397
 398static void string_cpu_to_be16(uint16_t *s, size_t bytes)
 399{
 400    g_assert((bytes & 1) == 0);
 401    bytes /= 2;
 402
 403    while (bytes--) {
 404        *s = cpu_to_be16(*s);
 405        s++;
 406    }
 407}
 408
 409static void test_identify(void)
 410{
 411    uint8_t data;
 412    uint16_t buf[256];
 413    int i;
 414    int ret;
 415
 416    ide_test_start(
 417        "-drive file=%s,if=ide,serial=%s,cache=writeback "
 418        "-global ide-hd.ver=%s",
 419        tmp_path, "testdisk", "version");
 420
 421    /* IDENTIFY command on device 0*/
 422    outb(IDE_BASE + reg_device, 0);
 423    outb(IDE_BASE + reg_command, CMD_IDENTIFY);
 424
 425    /* Read in the IDENTIFY buffer and check registers */
 426    data = inb(IDE_BASE + reg_device);
 427    g_assert_cmpint(data & DEV, ==, 0);
 428
 429    for (i = 0; i < 256; i++) {
 430        data = inb(IDE_BASE + reg_status);
 431        assert_bit_set(data, DRDY | DRQ);
 432        assert_bit_clear(data, BSY | DF | ERR);
 433
 434        ((uint16_t*) buf)[i] = inw(IDE_BASE + reg_data);
 435    }
 436
 437    data = inb(IDE_BASE + reg_status);
 438    assert_bit_set(data, DRDY);
 439    assert_bit_clear(data, BSY | DF | ERR | DRQ);
 440
 441    /* Check serial number/version in the buffer */
 442    string_cpu_to_be16(&buf[10], 20);
 443    ret = memcmp(&buf[10], "testdisk            ", 20);
 444    g_assert(ret == 0);
 445
 446    string_cpu_to_be16(&buf[23], 8);
 447    ret = memcmp(&buf[23], "version ", 8);
 448    g_assert(ret == 0);
 449
 450    /* Write cache enabled bit */
 451    assert_bit_set(buf[85], 0x20);
 452
 453    ide_test_quit();
 454}
 455
 456static void test_flush(void)
 457{
 458    uint8_t data;
 459
 460    ide_test_start(
 461        "-drive file=blkdebug::%s,if=ide,cache=writeback",
 462        tmp_path);
 463
 464    /* Delay the completion of the flush request until we explicitly do it */
 465    qmp_discard_response("{'execute':'human-monitor-command', 'arguments': {"
 466                         " 'command-line':"
 467                         " 'qemu-io ide0-hd0 \"break flush_to_os A\"'} }");
 468
 469    /* FLUSH CACHE command on device 0*/
 470    outb(IDE_BASE + reg_device, 0);
 471    outb(IDE_BASE + reg_command, CMD_FLUSH_CACHE);
 472
 473    /* Check status while request is in flight*/
 474    data = inb(IDE_BASE + reg_status);
 475    assert_bit_set(data, BSY | DRDY);
 476    assert_bit_clear(data, DF | ERR | DRQ);
 477
 478    /* Complete the command */
 479    qmp_discard_response("{'execute':'human-monitor-command', 'arguments': {"
 480                         " 'command-line':"
 481                         " 'qemu-io ide0-hd0 \"resume A\"'} }");
 482
 483    /* Check registers */
 484    data = inb(IDE_BASE + reg_device);
 485    g_assert_cmpint(data & DEV, ==, 0);
 486
 487    do {
 488        data = inb(IDE_BASE + reg_status);
 489    } while (data & BSY);
 490
 491    assert_bit_set(data, DRDY);
 492    assert_bit_clear(data, BSY | DF | ERR | DRQ);
 493
 494    ide_test_quit();
 495}
 496
 497static void prepare_blkdebug_script(const char *debug_fn, const char *event)
 498{
 499    FILE *debug_file = fopen(debug_fn, "w");
 500    int ret;
 501
 502    fprintf(debug_file, "[inject-error]\n");
 503    fprintf(debug_file, "event = \"%s\"\n", event);
 504    fprintf(debug_file, "errno = \"5\"\n");
 505    fprintf(debug_file, "state = \"1\"\n");
 506    fprintf(debug_file, "immediately = \"off\"\n");
 507    fprintf(debug_file, "once = \"on\"\n");
 508
 509    fprintf(debug_file, "[set-state]\n");
 510    fprintf(debug_file, "event = \"%s\"\n", event);
 511    fprintf(debug_file, "new_state = \"2\"\n");
 512    fflush(debug_file);
 513    g_assert(!ferror(debug_file));
 514
 515    ret = fclose(debug_file);
 516    g_assert(ret == 0);
 517}
 518
 519static void test_retry_flush(void)
 520{
 521    uint8_t data;
 522    const char *s;
 523    QDict *response;
 524
 525    prepare_blkdebug_script(debug_path, "flush_to_disk");
 526
 527    ide_test_start(
 528        "-vnc none "
 529        "-drive file=blkdebug:%s:%s,if=ide,cache=writeback,rerror=stop,werror=stop",
 530        debug_path, tmp_path);
 531
 532    /* FLUSH CACHE command on device 0*/
 533    outb(IDE_BASE + reg_device, 0);
 534    outb(IDE_BASE + reg_command, CMD_FLUSH_CACHE);
 535
 536    /* Check status while request is in flight*/
 537    data = inb(IDE_BASE + reg_status);
 538    assert_bit_set(data, BSY | DRDY);
 539    assert_bit_clear(data, DF | ERR | DRQ);
 540
 541    for (;; response = NULL) {
 542        response = qmp_receive();
 543        if ((qdict_haskey(response, "event")) &&
 544            (strcmp(qdict_get_str(response, "event"), "STOP") == 0)) {
 545            QDECREF(response);
 546            break;
 547        }
 548        QDECREF(response);
 549    }
 550
 551    /* Complete the command */
 552    s = "{'execute':'cont' }";
 553    qmp_discard_response(s);
 554
 555    /* Check registers */
 556    data = inb(IDE_BASE + reg_device);
 557    g_assert_cmpint(data & DEV, ==, 0);
 558
 559    do {
 560        data = inb(IDE_BASE + reg_status);
 561    } while (data & BSY);
 562
 563    assert_bit_set(data, DRDY);
 564    assert_bit_clear(data, BSY | DF | ERR | DRQ);
 565
 566    ide_test_quit();
 567}
 568
 569static void test_flush_nodev(void)
 570{
 571    ide_test_start("");
 572
 573    /* FLUSH CACHE command on device 0*/
 574    outb(IDE_BASE + reg_device, 0);
 575    outb(IDE_BASE + reg_command, CMD_FLUSH_CACHE);
 576
 577    /* Just testing that qemu doesn't crash... */
 578
 579    ide_test_quit();
 580}
 581
 582int main(int argc, char **argv)
 583{
 584    const char *arch = qtest_get_arch();
 585    int fd;
 586    int ret;
 587
 588    /* Check architecture */
 589    if (strcmp(arch, "i386") && strcmp(arch, "x86_64")) {
 590        g_test_message("Skipping test for non-x86\n");
 591        return 0;
 592    }
 593
 594    /* Create temporary blkdebug instructions */
 595    fd = mkstemp(debug_path);
 596    g_assert(fd >= 0);
 597    close(fd);
 598
 599    /* Create a temporary raw image */
 600    fd = mkstemp(tmp_path);
 601    g_assert(fd >= 0);
 602    ret = ftruncate(fd, TEST_IMAGE_SIZE);
 603    g_assert(ret == 0);
 604    close(fd);
 605
 606    /* Run the tests */
 607    g_test_init(&argc, &argv, NULL);
 608
 609    qtest_add_func("/ide/identify", test_identify);
 610
 611    qtest_add_func("/ide/bmdma/setup", test_bmdma_setup);
 612    qtest_add_func("/ide/bmdma/simple_rw", test_bmdma_simple_rw);
 613    qtest_add_func("/ide/bmdma/short_prdt", test_bmdma_short_prdt);
 614    qtest_add_func("/ide/bmdma/long_prdt", test_bmdma_long_prdt);
 615    qtest_add_func("/ide/bmdma/no_busmaster", test_bmdma_no_busmaster);
 616    qtest_add_func("/ide/bmdma/teardown", test_bmdma_teardown);
 617
 618    qtest_add_func("/ide/flush", test_flush);
 619    qtest_add_func("/ide/flush_nodev", test_flush_nodev);
 620
 621    qtest_add_func("/ide/retry/flush", test_retry_flush);
 622
 623    ret = g_test_run();
 624
 625    /* Cleanup */
 626    unlink(tmp_path);
 627    unlink(debug_path);
 628
 629    return ret;
 630}
 631
Hosted by Missing Link Electronics. The original LXR software by the LXR community, this experimental version by lxr@linux.no.