diff options
| author | Peter Maydell <peter.maydell@linaro.org> | 2015-03-28 10:10:04 +0000 |
|---|---|---|
| committer | Peter Maydell <peter.maydell@linaro.org> | 2015-03-28 10:10:04 +0000 |
| commit | 627f91b1f80fecc73d00727181a9ddb6162cc30e (patch) | |
| tree | 574c1e3c0687d8379ea17dc95aa0316cdab2dc36 | |
| parent | b27e767e8c8d56cb7c9d0b78eadd89521bdf836c (diff) | |
| parent | fc3d8e1138cd0c843d6fd75272633a31be6554ef (diff) | |
| download | qemu-627f91b1f80fecc73d00727181a9ddb6162cc30e.zip qemu-627f91b1f80fecc73d00727181a9ddb6162cc30e.tar.gz qemu-627f91b1f80fecc73d00727181a9ddb6162cc30e.tar.bz2 | |
Merge remote-tracking branch 'remotes/jnsnow/tags/ide-pull-request' into staging
# gpg: Signature made Fri Mar 27 22:19:31 2015 GMT using RSA key ID AAFC390E
# gpg: Good signature from "John Snow (John Huston) <jsnow@redhat.com>"
# gpg: WARNING: This key is not certified with sufficiently trusted signatures!
# gpg: It is not certain that the signature belongs to the owner.
# Primary key fingerprint: FAEB 9711 A12C F475 812F 18F2 88A9 064D 1835 61EB
# Subkey fingerprint: F9B7 ABDB BCAC DF95 BE76 CBD0 7DEF 8106 AAFC 390E
* remotes/jnsnow/tags/ide-pull-request:
AHCI: Protect cmd register
AHCI: Do not (re)map FB/CLB buffers while not running
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
| -rw-r--r-- | hw/ide/ahci.c | 76 | ||||
| -rw-r--r-- | hw/ide/ahci.h | 2 |
2 files changed, 60 insertions, 18 deletions
diff --git a/hw/ide/ahci.c b/hw/ide/ahci.c index 7a223be..833fd45 100644 --- a/hw/ide/ahci.c +++ b/hw/ide/ahci.c @@ -51,6 +51,10 @@ static void ahci_write_fis_d2h(AHCIDevice *ad, uint8_t *cmd_fis); static void ahci_init_d2h(AHCIDevice *ad); static int ahci_dma_prepare_buf(IDEDMA *dma, int is_write); static void ahci_commit_buf(IDEDMA *dma, uint32_t tx_bytes); +static bool ahci_map_clb_address(AHCIDevice *ad); +static bool ahci_map_fis_address(AHCIDevice *ad); +static void ahci_unmap_clb_address(AHCIDevice *ad); +static void ahci_unmap_fis_address(AHCIDevice *ad); static uint32_t ahci_port_read(AHCIState *s, int port, int offset) @@ -202,25 +206,15 @@ static void ahci_port_write(AHCIState *s, int port, int offset, uint32_t val) switch (offset) { case PORT_LST_ADDR: pr->lst_addr = val; - map_page(s->as, &s->dev[port].lst, - ((uint64_t)pr->lst_addr_hi << 32) | pr->lst_addr, 1024); - s->dev[port].cur_cmd = NULL; break; case PORT_LST_ADDR_HI: pr->lst_addr_hi = val; - map_page(s->as, &s->dev[port].lst, - ((uint64_t)pr->lst_addr_hi << 32) | pr->lst_addr, 1024); - s->dev[port].cur_cmd = NULL; break; case PORT_FIS_ADDR: pr->fis_addr = val; - map_page(s->as, &s->dev[port].res_fis, - ((uint64_t)pr->fis_addr_hi << 32) | pr->fis_addr, 256); break; case PORT_FIS_ADDR_HI: pr->fis_addr_hi = val; - map_page(s->as, &s->dev[port].res_fis, - ((uint64_t)pr->fis_addr_hi << 32) | pr->fis_addr, 256); break; case PORT_IRQ_STAT: pr->irq_stat &= ~val; @@ -231,14 +225,32 @@ static void ahci_port_write(AHCIState *s, int port, int offset, uint32_t val) ahci_check_irq(s); break; case PORT_CMD: - pr->cmd = val & ~(PORT_CMD_LIST_ON | PORT_CMD_FIS_ON); + /* Block any Read-only fields from being set; + * including LIST_ON and FIS_ON. */ + pr->cmd = (pr->cmd & PORT_CMD_RO_MASK) | (val & ~PORT_CMD_RO_MASK); if (pr->cmd & PORT_CMD_START) { - pr->cmd |= PORT_CMD_LIST_ON; + if (ahci_map_clb_address(&s->dev[port])) { + pr->cmd |= PORT_CMD_LIST_ON; + } else { + error_report("AHCI: Failed to start DMA engine: " + "bad command list buffer address"); + } + } else if (pr->cmd & PORT_CMD_LIST_ON) { + ahci_unmap_clb_address(&s->dev[port]); + pr->cmd = pr->cmd & ~(PORT_CMD_LIST_ON); } if (pr->cmd & PORT_CMD_FIS_RX) { - pr->cmd |= PORT_CMD_FIS_ON; + if (ahci_map_fis_address(&s->dev[port])) { + pr->cmd |= PORT_CMD_FIS_ON; + } else { + error_report("AHCI: Failed to start FIS receive engine: " + "bad FIS receive buffer address"); + } + } else if (pr->cmd & PORT_CMD_FIS_ON) { + ahci_unmap_fis_address(&s->dev[port]); + pr->cmd = pr->cmd & ~(PORT_CMD_FIS_ON); } /* XXX usually the FIS would be pending on the bus here and @@ -565,6 +577,37 @@ static void debug_print_fis(uint8_t *fis, int cmd_len) #endif } +static bool ahci_map_fis_address(AHCIDevice *ad) +{ + AHCIPortRegs *pr = &ad->port_regs; + map_page(ad->hba->as, &ad->res_fis, + ((uint64_t)pr->fis_addr_hi << 32) | pr->fis_addr, 256); + return ad->res_fis != NULL; +} + +static void ahci_unmap_fis_address(AHCIDevice *ad) +{ + dma_memory_unmap(ad->hba->as, ad->res_fis, 256, + DMA_DIRECTION_FROM_DEVICE, 256); + ad->res_fis = NULL; +} + +static bool ahci_map_clb_address(AHCIDevice *ad) +{ + AHCIPortRegs *pr = &ad->port_regs; + ad->cur_cmd = NULL; + map_page(ad->hba->as, &ad->lst, + ((uint64_t)pr->lst_addr_hi << 32) | pr->lst_addr, 1024); + return ad->lst != NULL; +} + +static void ahci_unmap_clb_address(AHCIDevice *ad) +{ + dma_memory_unmap(ad->hba->as, ad->lst, 1024, + DMA_DIRECTION_FROM_DEVICE, 1024); + ad->lst = NULL; +} + static void ahci_write_fis_sdb(AHCIState *s, int port, uint32_t finished) { AHCIDevice *ad = &s->dev[port]; @@ -1360,12 +1403,9 @@ static int ahci_state_post_load(void *opaque, int version_id) for (i = 0; i < s->ports; i++) { ad = &s->dev[i]; - AHCIPortRegs *pr = &ad->port_regs; - map_page(s->as, &ad->lst, - ((uint64_t)pr->lst_addr_hi << 32) | pr->lst_addr, 1024); - map_page(s->as, &ad->res_fis, - ((uint64_t)pr->fis_addr_hi << 32) | pr->fis_addr, 256); + ahci_map_clb_address(ad); + ahci_map_fis_address(ad); /* * If an error is present, ad->busy_slot will be valid and not -1. * In this case, an operation is waiting to resume and will re-check diff --git a/hw/ide/ahci.h b/hw/ide/ahci.h index 99aa0c9..501c002 100644 --- a/hw/ide/ahci.h +++ b/hw/ide/ahci.h @@ -132,6 +132,8 @@ #define PORT_CMD_ICC_PARTIAL (0x2 << 28) /* Put i/f in partial state */ #define PORT_CMD_ICC_SLUMBER (0x6 << 28) /* Put i/f in slumber state */ +#define PORT_CMD_RO_MASK 0x007dffe0 /* Which CMD bits are read only? */ + /* ap->flags bits */ #define AHCI_FLAG_NO_NCQ (1 << 24) #define AHCI_FLAG_IGN_IRQ_IF_ERR (1 << 25) /* ignore IRQ_IF_ERR */ |