qemu-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Qemu-devel] [Bug 1608802] Re: READ_DMA (0xC8) command does not work cor


From: Kevin Wolf
Subject: [Qemu-devel] [Bug 1608802] Re: READ_DMA (0xC8) command does not work correctly
Date: Tue, 02 Aug 2016 13:30:01 -0000

Okay, I think there are two parts to this, and both the test case and qemu are
buggy, though perhaps the test case more seriously than qemu.

The ATA spec describes DMA commands as having two phases, preparation and
transfer. During the first phase, BSY=1,DRQ=0 is required. In the second phase,
the device can use the same status (BSY=1,DRQ=0) or switch to BSY=0,DRQ=1.
I couldn't find clear information on which state the device should be in between
receiving the ATA command and enabling the bus master operation, which is what
the test case checks, but it must be one of the two.

So the reason that the test case is buggy is that it waits for DRQ to be set,
while the spec only guarantees that either DRQ or BSY is set during the
transfer. It doesn't work on hardware that sets BSY rather than DRQ. (It also
means that the test expects the device to be in the transfer state before the
bus master is enabled.)

The problem with qemu is that it sets _both_ bits, whereas the spec requires
that only one of them is set. Apparently most drivers don't care about this as
long as any of the bits is set, but technically it's wrong.

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1608802

Title:
  READ_DMA (0xC8) command does not work correctly

Status in QEMU:
  Confirmed

Bug description:
  The QEMU PC emulation of DMA does not behave like real hardware or
  other virtualization software.

  From the original bug report (Benjamin David Lunt):

      Back to the READ_DMA command, it is my conclusion that the
      READ_DMA command, more precisely, the BUS Master part of QEMU is
      in error.  The tests that people have done to see if it works, is
      probably the guest finding out that DMA doesn't work and defaulting
      to PIO, but since the read was successful visually to the user, the
      user assumed the READ_DMA command works, where the guest actually
      defaulted back to PIO transfers without notice.

      My code works on real hardware (numerous machines), Bochs, and Oracle's
      Virtual Box.

      ...

      I have a small test suite, zipped and included at:
      www.fysnet.net/temp/c8bug.zip

      Within this zip file is a.img. This is a freeDOS bootable
      floppy.  Emulate it with QEMU and then at the DOS prompt, run
      c8bug.exe.

      It will say that the drive is not ready.
       "Drive never became ready"
      (along with a few other lines of text)

      The source for this test suite is also included.
       c8bug.c is the c source code
       c8bug.h is the header file
       ctype.h is a quick way to get 'bit8u' type defines
       timer.h is a delay routine from another project I have
      (The base IO addresses are assumed and set at the top of c8bug.c)
      (compiled with DJGPP for DPMI)

      q.bat is my command line for QEMU

      On all other machines and VirtualBox, the controller is ready
      for me to receive the sector data.
       "Drive is ready to transmit data..."

      However, in QEMU, the controller never becomes ready.
       "Drive never became ready"

  The bug was reported for QEMU for Windows, but I can confirm that QEMU
  for Linux also shows that behaviour, while VirtualBox works.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1608802/+subscriptions



reply via email to

[Prev in Thread] Current Thread [Next in Thread]