From 4d29b50a41810684ad34e44352a630eb1dd94b58 Mon Sep 17 00:00:00 2001 From: Jan Kiszka Date: Mon, 9 May 2011 17:48:19 +0200 Subject: ahci: Fix crashes on duplicate BH registration If ahci_dma_set_inactive is called a while there is still a pending BH from a previous run, we will crash on the second run of ahci_check_cmd_bh as it overwrites AHCIDevice::check_bh. Avoid this broken and redundant duplicate registration. Signed-off-by: Jan Kiszka Signed-off-by: Kevin Wolf --- hw/ide/ahci.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) (limited to 'hw/ide/ahci.c') diff --git a/hw/ide/ahci.c b/hw/ide/ahci.c index c6e0c7767e..744d19d6db 100644 --- a/hw/ide/ahci.c +++ b/hw/ide/ahci.c @@ -1066,9 +1066,11 @@ static int ahci_dma_set_inactive(IDEDMA *dma) ad->dma_cb = NULL; - /* maybe we still have something to process, check later */ - ad->check_bh = qemu_bh_new(ahci_check_cmd_bh, ad); - qemu_bh_schedule(ad->check_bh); + if (!ad->check_bh) { + /* maybe we still have something to process, check later */ + ad->check_bh = qemu_bh_new(ahci_check_cmd_bh, ad); + qemu_bh_schedule(ad->check_bh); + } return 0; } -- cgit 1.4.1 From 1fddfba129f5435c80eda14e8bc23fdb888c7187 Mon Sep 17 00:00:00 2001 From: Alexander Graf Date: Thu, 19 May 2011 11:57:09 +0200 Subject: ahci: Fix non-NCQ accesses for LBA > 16bits AHCI provides two ways of reading/writing data: 1) NCQ 2) ATA commands with the LBA in the command FIS In the second code path, we didn't handle any LBAs that were bigger than 16 bits, so whenever a guest that used high LBA numbers wanted to access data, the LBA got truncated down to 16 bits, giving the guest garbage. This patch adds support for LBAs higher than 16 bits. I've tested that it works just fine with SeaBIOS and Linux guests. This patch also unbreaks the often reported grub errors people have seen with AHCI. Signed-off-by: Alexander Graf Signed-off-by: Kevin Wolf --- hw/ide/ahci.c | 27 +++++++++++++++++++++++++-- 1 file changed, 25 insertions(+), 2 deletions(-) (limited to 'hw/ide/ahci.c') diff --git a/hw/ide/ahci.c b/hw/ide/ahci.c index 744d19d6db..1f008a3dda 100644 --- a/hw/ide/ahci.c +++ b/hw/ide/ahci.c @@ -884,8 +884,31 @@ static int handle_cmd(AHCIState *s, int port, int slot) } if (ide_state->drive_kind != IDE_CD) { - ide_set_sector(ide_state, (cmd_fis[6] << 16) | (cmd_fis[5] << 8) | - cmd_fis[4]); + /* + * We set the sector depending on the sector defined in the FIS. + * Unfortunately, the spec isn't exactly obvious on this one. + * + * Apparently LBA48 commands set fis bytes 10,9,8,6,5,4 to the + * 48 bit sector number. ATA_CMD_READ_DMA_EXT is an example for + * such a command. + * + * Non-LBA48 commands however use 7[lower 4 bits],6,5,4 to define a + * 28-bit sector number. ATA_CMD_READ_DMA is an example for such + * a command. + * + * Since the spec doesn't explicitly state what each field should + * do, I simply assume non-used fields as reserved and OR everything + * together, independent of the command. + */ + ide_set_sector(ide_state, ((uint64_t)cmd_fis[10] << 40) + | ((uint64_t)cmd_fis[9] << 32) + /* This is used for LBA48 commands */ + | ((uint64_t)cmd_fis[8] << 24) + /* This is used for non-LBA48 commands */ + | ((uint64_t)(cmd_fis[7] & 0xf) << 24) + | ((uint64_t)cmd_fis[6] << 16) + | ((uint64_t)cmd_fis[5] << 8) + | cmd_fis[4]); } /* Copy the ACMD field (ATAPI packet, if any) from the AHCI command -- cgit 1.4.1