LXR qemu/tests/ide-test.c

   1/*
   2 * IDE test cases
   3 *
   4 * Copyright (c) 2013 Kevin Wolf <kwolf@redhat.com>
   5 *
   6 * Permission is hereby granted, free of charge, to any person obtaining a copy
   7 * of this software and associated documentation files (the "Software"), to deal
   8 * in the Software without restriction, including without limitation the rights
   9 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
  10 * copies of the Software, and to permit persons to whom the Software is
  11 * furnished to do so, subject to the following conditions:
  12 *
  13 * The above copyright notice and this permission notice shall be included in
  14 * all copies or substantial portions of the Software.
  15 *
  16 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
  17 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
  18 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
  19 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
  20 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
  21 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
  22 * THE SOFTWARE.
  23 */
  24
  25#include <stdint.h>
  26#include <string.h>
  27#include <stdio.h>
  28
  29#include <glib.h>
  30
  31#include "libqtest.h"
  32#include "libqos/libqos.h"
  33#include "libqos/pci-pc.h"
  34#include "libqos/malloc-pc.h"
  35
  36#include "qemu-common.h"
  37#include "hw/pci/pci_ids.h"
  38#include "hw/pci/pci_regs.h"
  39
  40#define TEST_IMAGE_SIZE 64 * 1024 * 1024
  41
  42#define IDE_PCI_DEV     1
  43#define IDE_PCI_FUNC    1
  44
  45#define IDE_BASE 0x1f0
  46#define IDE_PRIMARY_IRQ 14
  47
  48enum {
  49    reg_data        = 0x0,
  50    reg_nsectors    = 0x2,
  51    reg_lba_low     = 0x3,
  52    reg_lba_middle  = 0x4,
  53    reg_lba_high    = 0x5,
  54    reg_device      = 0x6,
  55    reg_status      = 0x7,
  56    reg_command     = 0x7,
  57};
  58
  59enum {
  60    BSY     = 0x80,
  61    DRDY    = 0x40,
  62    DF      = 0x20,
  63    DRQ     = 0x08,
  64    ERR     = 0x01,
  65};
  66
  67enum {
  68    DEV     = 0x10,
  69    LBA     = 0x40,
  70};
  71
  72enum {
  73    bmreg_cmd       = 0x0,
  74    bmreg_status    = 0x2,
  75    bmreg_prdt      = 0x4,
  76};
  77
  78enum {
  79    CMD_READ_DMA    = 0xc8,
  80    CMD_WRITE_DMA   = 0xca,
  81    CMD_FLUSH_CACHE = 0xe7,
  82    CMD_IDENTIFY    = 0xec,
  83
  84    CMDF_ABORT      = 0x100,
  85    CMDF_NO_BM      = 0x200,
  86};
  87
  88enum {
  89    BM_CMD_START    =  0x1,
  90    BM_CMD_WRITE    =  0x8, /* write = from device to memory */
  91};
  92
  93enum {
  94    BM_STS_ACTIVE   =  0x1,
  95    BM_STS_ERROR    =  0x2,
  96    BM_STS_INTR     =  0x4,
  97};
  98
  99enum {
 100    PRDT_EOT        = 0x80000000,
 101};
 102
 103#define assert_bit_set(data, mask) g_assert_cmphex((data) & (mask), ==, (mask))
 104#define assert_bit_clear(data, mask) g_assert_cmphex((data) & (mask), ==, 0)
 105
 106static QPCIBus *pcibus = NULL;
 107static QGuestAllocator *guest_malloc;
 108
 109static char tmp_path[] = "/tmp/qtest.XXXXXX";
 110static char debug_path[] = "/tmp/qtest-blkdebug.XXXXXX";
 111
 112static void ide_test_start(const char *cmdline_fmt, ...)
 113{
 114    va_list ap;
 115    char *cmdline;
 116
 117    va_start(ap, cmdline_fmt);
 118    cmdline = g_strdup_vprintf(cmdline_fmt, ap);
 119    va_end(ap);
 120
 121    qtest_start(cmdline);
 122    guest_malloc = pc_alloc_init();
 123
 124    g_free(cmdline);
 125}
 126
 127static void ide_test_quit(void)
 128{
 129    pc_alloc_uninit(guest_malloc);
 130    guest_malloc = NULL;
 131    qtest_end();
 132}
 133
 134static QPCIDevice *get_pci_device(uint16_t *bmdma_base)
 135{
 136    QPCIDevice *dev;
 137    uint16_t vendor_id, device_id;
 138
 139    if (!pcibus) {
 140        pcibus = qpci_init_pc();
 141    }
 142
 143    /* Find PCI device and verify it's the right one */
 144    dev = qpci_device_find(pcibus, QPCI_DEVFN(IDE_PCI_DEV, IDE_PCI_FUNC));
 145    g_assert(dev != NULL);
 146
 147    vendor_id = qpci_config_readw(dev, PCI_VENDOR_ID);
 148    device_id = qpci_config_readw(dev, PCI_DEVICE_ID);
 149    g_assert(vendor_id == PCI_VENDOR_ID_INTEL);
 150    g_assert(device_id == PCI_DEVICE_ID_INTEL_82371SB_1);
 151
 152    /* Map bmdma BAR */
 153    *bmdma_base = (uint16_t)(uintptr_t) qpci_iomap(dev, 4, NULL);
 154
 155    qpci_device_enable(dev);
 156
 157    return dev;
 158}
 159
 160static void free_pci_device(QPCIDevice *dev)
 161{
 162    /* libqos doesn't have a function for this, so free it manually */
 163    g_free(dev);
 164}
 165
 166typedef struct PrdtEntry {
 167    uint32_t addr;
 168    uint32_t size;
 169} QEMU_PACKED PrdtEntry;
 170
 171#define assert_bit_set(data, mask) g_assert_cmphex((data) & (mask), ==, (mask))
 172#define assert_bit_clear(data, mask) g_assert_cmphex((data) & (mask), ==, 0)
 173
 174static int send_dma_request(int cmd, uint64_t sector, int nb_sectors,
 175                            PrdtEntry *prdt, int prdt_entries)
 176{
 177    QPCIDevice *dev;
 178    uint16_t bmdma_base;
 179    uintptr_t guest_prdt;
 180    size_t len;
 181    bool from_dev;
 182    uint8_t status;
 183    int flags;
 184
 185    dev = get_pci_device(&bmdma_base);
 186
 187    flags = cmd & ~0xff;
 188    cmd &= 0xff;
 189
 190    switch (cmd) {
 191    case CMD_READ_DMA:
 192        from_dev = true;
 193        break;
 194    case CMD_WRITE_DMA:
 195        from_dev = false;
 196        break;
 197    default:
 198        g_assert_not_reached();
 199    }
 200
 201    if (flags & CMDF_NO_BM) {
 202        qpci_config_writew(dev, PCI_COMMAND,
 203                           PCI_COMMAND_IO | PCI_COMMAND_MEMORY);
 204    }
 205
 206    /* Select device 0 */
 207    outb(IDE_BASE + reg_device, 0 | LBA);
 208
 209    /* Stop any running transfer, clear any pending interrupt */
 210    outb(bmdma_base + bmreg_cmd, 0);
 211    outb(bmdma_base + bmreg_status, BM_STS_INTR);
 212
 213    /* Setup PRDT */
 214    len = sizeof(*prdt) * prdt_entries;
 215    guest_prdt = guest_alloc(guest_malloc, len);
 216    memwrite(guest_prdt, prdt, len);
 217    outl(bmdma_base + bmreg_prdt, guest_prdt);
 218
 219    /* ATA DMA command */
 220    outb(IDE_BASE + reg_nsectors, nb_sectors);
 221
 222    outb(IDE_BASE + reg_lba_low,    sector & 0xff);
 223    outb(IDE_BASE + reg_lba_middle, (sector >> 8) & 0xff);
 224    outb(IDE_BASE + reg_lba_high,   (sector >> 16) & 0xff);
 225
 226    outb(IDE_BASE + reg_command, cmd);
 227
 228    /* Start DMA transfer */
 229    outb(bmdma_base + bmreg_cmd, BM_CMD_START | (from_dev ? BM_CMD_WRITE : 0));
 230
 231    if (flags & CMDF_ABORT) {
 232        outb(bmdma_base + bmreg_cmd, 0);
 233    }
 234
 235    /* Wait for the DMA transfer to complete */
 236    do {
 237        status = inb(bmdma_base + bmreg_status);
 238    } while ((status & (BM_STS_ACTIVE | BM_STS_INTR)) == BM_STS_ACTIVE);
 239
 240    g_assert_cmpint(get_irq(IDE_PRIMARY_IRQ), ==, !!(status & BM_STS_INTR));
 241
 242    /* Check IDE status code */
 243    assert_bit_set(inb(IDE_BASE + reg_status), DRDY);
 244    assert_bit_clear(inb(IDE_BASE + reg_status), BSY | DRQ);
 245
 246    /* Reading the status register clears the IRQ */
 247    g_assert(!get_irq(IDE_PRIMARY_IRQ));
 248
 249    /* Stop DMA transfer if still active */
 250    if (status & BM_STS_ACTIVE) {
 251        outb(bmdma_base + bmreg_cmd, 0);
 252    }
 253
 254    free_pci_device(dev);
 255
 256    return status;
 257}
 258
 259static void test_bmdma_simple_rw(void)
 260{
 261    uint8_t status;
 262    uint8_t *buf;
 263    uint8_t *cmpbuf;
 264    size_t len = 512;
 265    uintptr_t guest_buf = guest_alloc(guest_malloc, len);
 266
 267    PrdtEntry prdt[] = {
 268        {
 269            .addr = cpu_to_le32(guest_buf),
 270            .size = cpu_to_le32(len | PRDT_EOT),
 271        },
 272    };
 273
 274    buf = g_malloc(len);
 275    cmpbuf = g_malloc(len);
 276
 277    /* Write 0x55 pattern to sector 0 */
 278    memset(buf, 0x55, len);
 279    memwrite(guest_buf, buf, len);
 280
 281    status = send_dma_request(CMD_WRITE_DMA, 0, 1, prdt, ARRAY_SIZE(prdt));
 282    g_assert_cmphex(status, ==, BM_STS_INTR);
 283    assert_bit_clear(inb(IDE_BASE + reg_status), DF | ERR);
 284
 285    /* Write 0xaa pattern to sector 1 */
 286    memset(buf, 0xaa, len);
 287    memwrite(guest_buf, buf, len);
 288
 289    status = send_dma_request(CMD_WRITE_DMA, 1, 1, prdt, ARRAY_SIZE(prdt));
 290    g_assert_cmphex(status, ==, BM_STS_INTR);
 291    assert_bit_clear(inb(IDE_BASE + reg_status), DF | ERR);
 292
 293    /* Read and verify 0x55 pattern in sector 0 */
 294    memset(cmpbuf, 0x55, len);
 295
 296    status = send_dma_request(CMD_READ_DMA, 0, 1, prdt, ARRAY_SIZE(prdt));
 297    g_assert_cmphex(status, ==, BM_STS_INTR);
 298    assert_bit_clear(inb(IDE_BASE + reg_status), DF | ERR);
 299
 300    memread(guest_buf, buf, len);
 301    g_assert(memcmp(buf, cmpbuf, len) == 0);
 302
 303    /* Read and verify 0xaa pattern in sector 1 */
 304    memset(cmpbuf, 0xaa, len);
 305
 306    status = send_dma_request(CMD_READ_DMA, 1, 1, prdt, ARRAY_SIZE(prdt));
 307    g_assert_cmphex(status, ==, BM_STS_INTR);
 308    assert_bit_clear(inb(IDE_BASE + reg_status), DF | ERR);
 309
 310    memread(guest_buf, buf, len);
 311    g_assert(memcmp(buf, cmpbuf, len) == 0);
 312
 313
 314    g_free(buf);
 315    g_free(cmpbuf);
 316}
 317
 318static void test_bmdma_short_prdt(void)
 319{
 320    uint8_t status;
 321
 322    PrdtEntry prdt[] = {
 323        {
 324            .addr = 0,
 325            .size = cpu_to_le32(0x10 | PRDT_EOT),
 326        },
 327    };
 328
 329    /* Normal request */
 330    status = send_dma_request(CMD_READ_DMA, 0, 1,
 331                              prdt, ARRAY_SIZE(prdt));
 332    g_assert_cmphex(status, ==, 0);
 333    assert_bit_clear(inb(IDE_BASE + reg_status), DF | ERR);
 334
 335    /* Abort the request before it completes */
 336    status = send_dma_request(CMD_READ_DMA | CMDF_ABORT, 0, 1,
 337                              prdt, ARRAY_SIZE(prdt));
 338    g_assert_cmphex(status, ==, 0);
 339    assert_bit_clear(inb(IDE_BASE + reg_status), DF | ERR);
 340}
 341
 342static void test_bmdma_one_sector_short_prdt(void)
 343{
 344    uint8_t status;
 345
 346    /* Read 2 sectors but only give 1 sector in PRDT */
 347    PrdtEntry prdt[] = {
 348        {
 349            .addr = 0,
 350            .size = cpu_to_le32(0x200 | PRDT_EOT),
 351        },
 352    };
 353
 354    /* Normal request */
 355    status = send_dma_request(CMD_READ_DMA, 0, 2,
 356                              prdt, ARRAY_SIZE(prdt));
 357    g_assert_cmphex(status, ==, 0);
 358    assert_bit_clear(inb(IDE_BASE + reg_status), DF | ERR);
 359
 360    /* Abort the request before it completes */
 361    status = send_dma_request(CMD_READ_DMA | CMDF_ABORT, 0, 2,
 362                              prdt, ARRAY_SIZE(prdt));
 363    g_assert_cmphex(status, ==, 0);
 364    assert_bit_clear(inb(IDE_BASE + reg_status), DF | ERR);
 365}
 366
 367static void test_bmdma_long_prdt(void)
 368{
 369    uint8_t status;
 370
 371    PrdtEntry prdt[] = {
 372        {
 373            .addr = 0,
 374            .size = cpu_to_le32(0x1000 | PRDT_EOT),
 375        },
 376    };
 377
 378    /* Normal request */
 379    status = send_dma_request(CMD_READ_DMA, 0, 1,
 380                              prdt, ARRAY_SIZE(prdt));
 381    g_assert_cmphex(status, ==, BM_STS_ACTIVE | BM_STS_INTR);
 382    assert_bit_clear(inb(IDE_BASE + reg_status), DF | ERR);
 383
 384    /* Abort the request before it completes */
 385    status = send_dma_request(CMD_READ_DMA | CMDF_ABORT, 0, 1,
 386                              prdt, ARRAY_SIZE(prdt));
 387    g_assert_cmphex(status, ==, BM_STS_INTR);
 388    assert_bit_clear(inb(IDE_BASE + reg_status), DF | ERR);
 389}
 390
 391static void test_bmdma_no_busmaster(void)
 392{
 393    uint8_t status;
 394
 395    /* No PRDT_EOT, each entry addr 0/size 64k, and in theory qemu shouldn't be
 396     * able to access it anyway because the Bus Master bit in the PCI command
 397     * register isn't set. This is complete nonsense, but it used to be pretty
 398     * good at confusing and occasionally crashing qemu. */
 399    PrdtEntry prdt[4096] = { };
 400
 401    status = send_dma_request(CMD_READ_DMA | CMDF_NO_BM, 0, 512,
 402                              prdt, ARRAY_SIZE(prdt));
 403
 404    /* Not entirely clear what the expected result is, but this is what we get
 405     * in practice. At least we want to be aware of any changes. */
 406    g_assert_cmphex(status, ==, BM_STS_ACTIVE | BM_STS_INTR);
 407    assert_bit_clear(inb(IDE_BASE + reg_status), DF | ERR);
 408}
 409
 410static void test_bmdma_setup(void)
 411{
 412    ide_test_start(
 413        "-drive file=%s,if=ide,serial=%s,cache=writeback,format=raw "
 414        "-global ide-hd.ver=%s",
 415        tmp_path, "testdisk", "version");
 416    qtest_irq_intercept_in(global_qtest, "ioapic");
 417}
 418
 419static void test_bmdma_teardown(void)
 420{
 421    ide_test_quit();
 422}
 423
 424static void string_cpu_to_be16(uint16_t *s, size_t bytes)
 425{
 426    g_assert((bytes & 1) == 0);
 427    bytes /= 2;
 428
 429    while (bytes--) {
 430        *s = cpu_to_be16(*s);
 431        s++;
 432    }
 433}
 434
 435static void test_identify(void)
 436{
 437    uint8_t data;
 438    uint16_t buf[256];
 439    int i;
 440    int ret;
 441
 442    ide_test_start(
 443        "-drive file=%s,if=ide,serial=%s,cache=writeback,format=raw "
 444        "-global ide-hd.ver=%s",
 445        tmp_path, "testdisk", "version");
 446
 447    /* IDENTIFY command on device 0*/
 448    outb(IDE_BASE + reg_device, 0);
 449    outb(IDE_BASE + reg_command, CMD_IDENTIFY);
 450
 451    /* Read in the IDENTIFY buffer and check registers */
 452    data = inb(IDE_BASE + reg_device);
 453    g_assert_cmpint(data & DEV, ==, 0);
 454
 455    for (i = 0; i < 256; i++) {
 456        data = inb(IDE_BASE + reg_status);
 457        assert_bit_set(data, DRDY | DRQ);
 458        assert_bit_clear(data, BSY | DF | ERR);
 459
 460        ((uint16_t*) buf)[i] = inw(IDE_BASE + reg_data);
 461    }
 462
 463    data = inb(IDE_BASE + reg_status);
 464    assert_bit_set(data, DRDY);
 465    assert_bit_clear(data, BSY | DF | ERR | DRQ);
 466
 467    /* Check serial number/version in the buffer */
 468    string_cpu_to_be16(&buf[10], 20);
 469    ret = memcmp(&buf[10], "testdisk            ", 20);
 470    g_assert(ret == 0);
 471
 472    string_cpu_to_be16(&buf[23], 8);
 473    ret = memcmp(&buf[23], "version ", 8);
 474    g_assert(ret == 0);
 475
 476    /* Write cache enabled bit */
 477    assert_bit_set(buf[85], 0x20);
 478
 479    ide_test_quit();
 480}
 481
 482static void test_flush(void)
 483{
 484    uint8_t data;
 485
 486    ide_test_start(
 487        "-drive file=blkdebug::%s,if=ide,cache=writeback,format=raw",
 488        tmp_path);
 489
 490    /* Delay the completion of the flush request until we explicitly do it */
 491    qmp_discard_response("{'execute':'human-monitor-command', 'arguments': {"
 492                         " 'command-line':"
 493                         " 'qemu-io ide0-hd0 \"break flush_to_os A\"'} }");
 494
 495    /* FLUSH CACHE command on device 0*/
 496    outb(IDE_BASE + reg_device, 0);
 497    outb(IDE_BASE + reg_command, CMD_FLUSH_CACHE);
 498
 499    /* Check status while request is in flight*/
 500    data = inb(IDE_BASE + reg_status);
 501    assert_bit_set(data, BSY | DRDY);
 502    assert_bit_clear(data, DF | ERR | DRQ);
 503
 504    /* Complete the command */
 505    qmp_discard_response("{'execute':'human-monitor-command', 'arguments': {"
 506                         " 'command-line':"
 507                         " 'qemu-io ide0-hd0 \"resume A\"'} }");
 508
 509    /* Check registers */
 510    data = inb(IDE_BASE + reg_device);
 511    g_assert_cmpint(data & DEV, ==, 0);
 512
 513    do {
 514        data = inb(IDE_BASE + reg_status);
 515    } while (data & BSY);
 516
 517    assert_bit_set(data, DRDY);
 518    assert_bit_clear(data, BSY | DF | ERR | DRQ);
 519
 520    ide_test_quit();
 521}
 522
 523static void test_retry_flush(const char *machine)
 524{
 525    uint8_t data;
 526    const char *s;
 527
 528    prepare_blkdebug_script(debug_path, "flush_to_disk");
 529
 530    ide_test_start(
 531        "-vnc none "
 532        "-drive file=blkdebug:%s:%s,if=ide,cache=writeback,format=raw,"
 533        "rerror=stop,werror=stop",
 534        debug_path, tmp_path);
 535
 536    /* FLUSH CACHE command on device 0*/
 537    outb(IDE_BASE + reg_device, 0);
 538    outb(IDE_BASE + reg_command, CMD_FLUSH_CACHE);
 539
 540    /* Check status while request is in flight*/
 541    data = inb(IDE_BASE + reg_status);
 542    assert_bit_set(data, BSY | DRDY);
 543    assert_bit_clear(data, DF | ERR | DRQ);
 544
 545    qmp_eventwait("STOP");
 546
 547    /* Complete the command */
 548    s = "{'execute':'cont' }";
 549    qmp_discard_response(s);
 550
 551    /* Check registers */
 552    data = inb(IDE_BASE + reg_device);
 553    g_assert_cmpint(data & DEV, ==, 0);
 554
 555    do {
 556        data = inb(IDE_BASE + reg_status);
 557    } while (data & BSY);
 558
 559    assert_bit_set(data, DRDY);
 560    assert_bit_clear(data, BSY | DF | ERR | DRQ);
 561
 562    ide_test_quit();
 563}
 564
 565static void test_flush_nodev(void)
 566{
 567    ide_test_start("");
 568
 569    /* FLUSH CACHE command on device 0*/
 570    outb(IDE_BASE + reg_device, 0);
 571    outb(IDE_BASE + reg_command, CMD_FLUSH_CACHE);
 572
 573    /* Just testing that qemu doesn't crash... */
 574
 575    ide_test_quit();
 576}
 577
 578static void test_pci_retry_flush(const char *machine)
 579{
 580    test_retry_flush("pc");
 581}
 582
 583static void test_isa_retry_flush(const char *machine)
 584{
 585    test_retry_flush("isapc");
 586}
 587
 588int main(int argc, char **argv)
 589{
 590    const char *arch = qtest_get_arch();
 591    int fd;
 592    int ret;
 593
 594    /* Check architecture */
 595    if (strcmp(arch, "i386") && strcmp(arch, "x86_64")) {
 596        g_test_message("Skipping test for non-x86\n");
 597        return 0;
 598    }
 599
 600    /* Create temporary blkdebug instructions */
 601    fd = mkstemp(debug_path);
 602    g_assert(fd >= 0);
 603    close(fd);
 604
 605    /* Create a temporary raw image */
 606    fd = mkstemp(tmp_path);
 607    g_assert(fd >= 0);
 608    ret = ftruncate(fd, TEST_IMAGE_SIZE);
 609    g_assert(ret == 0);
 610    close(fd);
 611
 612    /* Run the tests */
 613    g_test_init(&argc, &argv, NULL);
 614
 615    qtest_add_func("/ide/identify", test_identify);
 616
 617    qtest_add_func("/ide/bmdma/setup", test_bmdma_setup);
 618    qtest_add_func("/ide/bmdma/simple_rw", test_bmdma_simple_rw);
 619    qtest_add_func("/ide/bmdma/short_prdt", test_bmdma_short_prdt);
 620    qtest_add_func("/ide/bmdma/one_sector_short_prdt",
 621                   test_bmdma_one_sector_short_prdt);
 622    qtest_add_func("/ide/bmdma/long_prdt", test_bmdma_long_prdt);
 623    qtest_add_func("/ide/bmdma/no_busmaster", test_bmdma_no_busmaster);
 624    qtest_add_func("/ide/bmdma/teardown", test_bmdma_teardown);
 625
 626    qtest_add_func("/ide/flush", test_flush);
 627    qtest_add_func("/ide/flush/nodev", test_flush_nodev);
 628    qtest_add_func("/ide/flush/retry_pci", test_pci_retry_flush);
 629    qtest_add_func("/ide/flush/retry_isa", test_isa_retry_flush);
 630
 631    ret = g_test_run();
 632
 633    /* Cleanup */
 634    unlink(tmp_path);
 635    unlink(debug_path);
 636
 637    return ret;
 638}
 639