26ba25
From 93623a848fba7757a0840b78d7b3874bab4d7a1b Mon Sep 17 00:00:00 2001
26ba25
From: John Snow <jsnow@redhat.com>
26ba25
Date: Tue, 10 Jul 2018 23:06:15 +0200
26ba25
Subject: [PATCH 206/268] ahci: fix PxCI register race
26ba25
MIME-Version: 1.0
26ba25
Content-Type: text/plain; charset=UTF-8
26ba25
Content-Transfer-Encoding: 8bit
26ba25
26ba25
RH-Author: John Snow <jsnow@redhat.com>
26ba25
Message-id: <20180710230616.11000-3-jsnow@redhat.com>
26ba25
Patchwork-id: 81293
26ba25
O-Subject: [RHEL-7.6 qemu-kvm-rhev PATCH 2/3] ahci: fix PxCI register race
26ba25
Bugzilla: 1584914
26ba25
RH-Acked-by: Laurent Vivier <lvivier@redhat.com>
26ba25
RH-Acked-by: Laszlo Ersek <lersek@redhat.com>
26ba25
RH-Acked-by: Stefan Hajnoczi <stefanha@redhat.com>
26ba25
26ba25
Fixes: https://bugs.launchpad.net/qemu/+bug/1769189
26ba25
26ba25
AHCI presently signals completion prior to the PxCI register being
26ba25
cleared to indicate completion. If a guest driver attempts to issue
26ba25
a new command in its IRQ handler, it might be surprised to learn there
26ba25
is still a command pending.
26ba25
26ba25
In the case of Windows 10's boot driver, it will actually poll the IRQ
26ba25
register hoping to find out when the command is done running -- which
26ba25
will never happen, as there isn't a command running.
26ba25
26ba25
Fix this: clear PxCI in ahci_cmd_done and not in the asynchronous BH.
26ba25
Because it now runs synchronously, we don't need to check if the command
26ba25
is actually done by spying on the ATA registers. We know it's done.
26ba25
26ba25
CC: qemu-stable <qemu-stable@nongnu.org>
26ba25
Reported-by: François Guerraz <kubrick@fgv6.net>
26ba25
Tested-by: Bruce Rogers <brogers@suse.com>
26ba25
Signed-off-by: John Snow <jsnow@redhat.com>
26ba25
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
26ba25
Reviewed-by: Jeff Cody <jcody@redhat.com>
26ba25
Message-id: 20180531004323.4611-3-jsnow@redhat.com
26ba25
Signed-off-by: John Snow <jsnow@redhat.com>
26ba25
(cherry picked from commit 5694c7eacce6b263ad7497cc1bb76aad746cfd4e)
26ba25
Signed-off-by: John Snow <jsnow@redhat.com>
26ba25
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
26ba25
---
26ba25
 hw/ide/ahci.c | 13 ++++++-------
26ba25
 1 file changed, 6 insertions(+), 7 deletions(-)
26ba25
26ba25
diff --git a/hw/ide/ahci.c b/hw/ide/ahci.c
26ba25
index b7a6f68..a9558e4 100644
26ba25
--- a/hw/ide/ahci.c
26ba25
+++ b/hw/ide/ahci.c
26ba25
@@ -532,13 +532,6 @@ static void ahci_check_cmd_bh(void *opaque)
26ba25
     qemu_bh_delete(ad->check_bh);
26ba25
     ad->check_bh = NULL;
26ba25
 
26ba25
-    if ((ad->busy_slot != -1) &&
26ba25
-        !(ad->port.ifs[0].status & (BUSY_STAT|DRQ_STAT))) {
26ba25
-        /* no longer busy */
26ba25
-        ad->port_regs.cmd_issue &= ~(1 << ad->busy_slot);
26ba25
-        ad->busy_slot = -1;
26ba25
-    }
26ba25
-
26ba25
     check_cmd(ad->hba, ad->port_no);
26ba25
 }
26ba25
 
26ba25
@@ -1425,6 +1418,12 @@ static void ahci_cmd_done(IDEDMA *dma)
26ba25
 
26ba25
     trace_ahci_cmd_done(ad->hba, ad->port_no);
26ba25
 
26ba25
+    /* no longer busy */
26ba25
+    if (ad->busy_slot != -1) {
26ba25
+        ad->port_regs.cmd_issue &= ~(1 << ad->busy_slot);
26ba25
+        ad->busy_slot = -1;
26ba25
+    }
26ba25
+
26ba25
     /* update d2h status */
26ba25
     ahci_write_fis_d2h(ad);
26ba25
 
26ba25
-- 
26ba25
1.8.3.1
26ba25