dfaggioli/qemu
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
9b139d24f00faaed1fae3d69b38d261cf49c3e66
qemu/hw/ide/piix.c
Olaf Hering 928d87c0e0 hw/ide/piix: properly initialize the BMIBA register 
According to the 82371FB documentation (82371FB.pdf, 2.3.9. BMIBA-BUS
MASTER INTERFACE BASE ADDRESS REGISTER, April 1997), the register is
32bit wide. To properly reset it to default values, all 32bit need to be
cleared. Bit #0 "Resource Type Indicator (RTE)" needs to be enabled.

The initial change wrote just the lower 8 bit, leaving parts of the "Bus
Master Interface Base Address" address at bit 15:4 unchanged.

This bug went unnoticed until commit ee358e919e ("hw/ide/piix: Convert
reset handler to DeviceReset"). After this change, piix_ide_reset is
exercised after the "unplug" command from a Xen HVM domU, which was not
the case prior that commit. This function resets the command register.
As a result the ata_piix driver inside the domU will see a disabled PCI
device. The generic PCI code will reenable the PCI device. On the qemu
side, this runs pci_default_write_config/pci_update_mappings. Here a
changed address is returned by pci_bar_address, this is the address
which was truncated in piix_ide_reset. In case of a Xen HVM domU, the
address changes from 0xc120 to 0xc100.

While the unplug is supposed to hide the IDE disks, the changed BMIBA
address broke the UHCI device. In case the domU has an USB tablet
configured, to recive absolute pointer coordinates for the GUI, it will
cause a hang during device discovery of the partly discovered USB hid
device. Reading the USBSTS word size register will fail. The access ends
up in the QEMU piix-bmdma device, instead of the expected uhci device.
Here a byte size request is expected, and a value of ~0 is returned. As
a result the UCHI driver sees an error state in the register, and turns
off the UHCI controller.

Fixes: e6a71ae327 ("Add support for 82371FB (Step A1) and Improved support for 82371SB (Function 1)")

Signed-off-by: Olaf Hering <olaf@aepfle.de>
Reviewed-by: Bernhard Beschow <shentey@gmail.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-ID: <20230712074721.14728-1-olaf@aepfle.de>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
(cherry picked from commit 230dfd9257)
Resolves: bsc#1179993, bsc#1181740
Signed-off-by: Olaf Hering <olaf@aepfle.de>
Signed-off-by: Dario Faggioli <dfaggioli@suse.com>
2023-07-26 15:34:39 +02:00

238 lines
6.7 KiB
C
Raw Blame History

/*
* QEMU IDE Emulation: PCI PIIX3/4 support.
*
* Copyright (c) 2003 Fabrice Bellard
* Copyright (c) 2006 Openedhand Ltd.
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in
* all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
* THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
* THE SOFTWARE.
*/
#include "qemu/osdep.h"
#include "hw/pci/pci.h"
#include "migration/vmstate.h"
#include "qapi/error.h"
#include "qemu/module.h"
#include "sysemu/block-backend.h"
#include "sysemu/blockdev.h"
#include "sysemu/dma.h"
#include "hw/ide/pci.h"
#include "trace.h"
static uint64_t bmdma_read(void *opaque, hwaddr addr, unsigned size)
{
BMDMAState *bm = opaque;
uint32_t val;
if (size != 1) {
return ((uint64_t)1 << (size * 8)) - 1;
}
switch(addr & 3) {
case 0:
val = bm->cmd;
break;
case 2:
val = bm->status;
break;
default:
val = 0xff;
break;
}
trace_bmdma_read(addr, val);
return val;
}
static void bmdma_write(void *opaque, hwaddr addr,
uint64_t val, unsigned size)
{
BMDMAState *bm = opaque;
if (size != 1) {
return;
}
trace_bmdma_write(addr, val);
switch(addr & 3) {
case 0:
bmdma_cmd_writeb(bm, val);
break;
case 2:
bm->status = (val & 0x60) | (bm->status & 1) | (bm->status & ~val & 0x06);
break;
}
}
static const MemoryRegionOps piix_bmdma_ops = {
.read = bmdma_read,
.write = bmdma_write,
};
static void bmdma_setup_bar(PCIIDEState *d)
{
int i;
memory_region_init(&d->bmdma_bar, OBJECT(d), "piix-bmdma-container", 16);
for(i = 0;i < 2; i++) {
BMDMAState *bm = &d->bmdma[i];
memory_region_init_io(&bm->extra_io, OBJECT(d), &piix_bmdma_ops, bm,
"piix-bmdma", 4);
memory_region_add_subregion(&d->bmdma_bar, i * 8, &bm->extra_io);
memory_region_init_io(&bm->addr_ioport, OBJECT(d),
&bmdma_addr_ioport_ops, bm, "bmdma", 4);
memory_region_add_subregion(&d->bmdma_bar, i * 8 + 4, &bm->addr_ioport);
}
}
static void piix_ide_reset(DeviceState *dev)
{
PCIIDEState *d = PCI_IDE(dev);
PCIDevice *pd = PCI_DEVICE(d);
uint8_t *pci_conf = pd->config;
int i;
for (i = 0; i < 2; i++) {
ide_bus_reset(&d->bus[i]);
}
/* TODO: this is the default. do not override. */
pci_conf[PCI_COMMAND] = 0x00;
/* TODO: this is the default. do not override. */
pci_conf[PCI_COMMAND + 1] = 0x00;
/* TODO: use pci_set_word */
pci_conf[PCI_STATUS] = PCI_STATUS_FAST_BACK;
pci_conf[PCI_STATUS + 1] = PCI_STATUS_DEVSEL_MEDIUM >> 8;
pci_set_long(pci_conf + 0x20, 0x1); /* BMIBA: 20-23h */
}
static int pci_piix_init_ports(PCIIDEState *d)
{
static const struct {
int iobase;
int iobase2;
int isairq;
} port_info[] = {
{0x1f0, 0x3f6, 14},
{0x170, 0x376, 15},
};
int i, ret;
for (i = 0; i < 2; i++) {
ide_bus_init(&d->bus[i], sizeof(d->bus[i]), DEVICE(d), i, 2);
ret = ide_init_ioport(&d->bus[i], NULL, port_info[i].iobase,
port_info[i].iobase2);
if (ret) {
return ret;
}
ide_init2(&d->bus[i], isa_get_irq(NULL, port_info[i].isairq));
bmdma_init(&d->bus[i], &d->bmdma[i], d);
d->bmdma[i].bus = &d->bus[i];
ide_register_restart_cb(&d->bus[i]);
}
return 0;
}
static void pci_piix_ide_realize(PCIDevice *dev, Error **errp)
{
PCIIDEState *d = PCI_IDE(dev);
uint8_t *pci_conf = dev->config;
int rc;
pci_conf[PCI_CLASS_PROG] = 0x80; // legacy ATA mode
bmdma_setup_bar(d);
pci_register_bar(dev, 4, PCI_BASE_ADDRESS_SPACE_IO, &d->bmdma_bar);
vmstate_register(VMSTATE_IF(dev), 0, &vmstate_ide_pci, d);
rc = pci_piix_init_ports(d);
if (rc) {
error_setg_errno(errp, -rc, "Failed to realize %s",
object_get_typename(OBJECT(dev)));
}
}
static void pci_piix_ide_exitfn(PCIDevice *dev)
{
PCIIDEState *d = PCI_IDE(dev);
unsigned i;
for (i = 0; i < 2; ++i) {
memory_region_del_subregion(&d->bmdma_bar, &d->bmdma[i].extra_io);
memory_region_del_subregion(&d->bmdma_bar, &d->bmdma[i].addr_ioport);
}
}
/* NOTE: for the PIIX3, the IRQs and IOports are hardcoded */
static void piix3_ide_class_init(ObjectClass *klass, void *data)
{
DeviceClass *dc = DEVICE_CLASS(klass);
PCIDeviceClass *k = PCI_DEVICE_CLASS(klass);
dc->reset = piix_ide_reset;
k->realize = pci_piix_ide_realize;
k->exit = pci_piix_ide_exitfn;
k->vendor_id = PCI_VENDOR_ID_INTEL;
k->device_id = PCI_DEVICE_ID_INTEL_82371SB_1;
k->class_id = PCI_CLASS_STORAGE_IDE;
set_bit(DEVICE_CATEGORY_STORAGE, dc->categories);
dc->hotpluggable = false;
}
static const TypeInfo piix3_ide_info = {
.name = "piix3-ide",
.parent = TYPE_PCI_IDE,
.class_init = piix3_ide_class_init,
};
/* NOTE: for the PIIX4, the IRQs and IOports are hardcoded */
static void piix4_ide_class_init(ObjectClass *klass, void *data)
{
DeviceClass *dc = DEVICE_CLASS(klass);
PCIDeviceClass *k = PCI_DEVICE_CLASS(klass);
dc->reset = piix_ide_reset;
k->realize = pci_piix_ide_realize;
k->exit = pci_piix_ide_exitfn;
k->vendor_id = PCI_VENDOR_ID_INTEL;
k->device_id = PCI_DEVICE_ID_INTEL_82371AB;
k->class_id = PCI_CLASS_STORAGE_IDE;
set_bit(DEVICE_CATEGORY_STORAGE, dc->categories);
dc->hotpluggable = false;
}
static const TypeInfo piix4_ide_info = {
.name = "piix4-ide",
.parent = TYPE_PCI_IDE,
.class_init = piix4_ide_class_init,
};
static void piix_ide_register_types(void)
{
type_register_static(&piix3_ide_info);
type_register_static(&piix4_ide_info);
}
type_init(piix_ide_register_types)
Reference in New Issue View Git Blame Copy Permalink