Il 01/08/2012 11:05, Cong Meng ha scritto:
> + case ATA_PASSTHROUGH_12:
> + if (dev->type != TYPE_ROM) {
> + if ((buf[2] & 0x3) == 2) {
> + cmd->xfer = buf[4] * dev->blocksize;
> + }
> + }
> + break;
> + case ATA_PASSTHROUGH_16:
> + if ((buf[2] & 0x3) == 2) {
> + cmd->xfer = ((buf[5] << 8) | buf[6]) * dev->blocksize;
> + }
> + break;
Hmm, I think you're only handling this partially.
Four bits of buf[2] count; bits 0..1 are T_LENGTH, bit 2 is BYTE_BLOCK,
bit 4 is T_TYPE:
If buf[2] is xxxxxx00, cmd->xfer = 0
else
if buf[2] is xxxxx0xx, xfer_unit = 1
else if buf[2] is xxx0x1xx, xfer_unit = 512
else xfer_unit = dev->blocksize (this is when buf[2] is xxx1x1xx)
if buf[2] is xxxxxx01, set cmd->xfer to the FEATURES field
if buf[2] is xxxxxx10, set cmd->xfer to the SECTOR_COUNT
for ATA_PASSTHROUGH_16, if buf[1] bit 0 is 0, then cmd->xfer &= 255;
cmd->xfer *= xfer_unit;
Also we cannot support buf[2] is xxxxxx11. Please add a check to
hw/scsi-generic.c, so that the request is failed in this case.
This is better encapsulated in a separate function, of course.
On top of this, the direction is not necessarily TO_DEV (as in the
current code for scsi_cmd_xfer_mode). It is TO_DEV if buf[2] bit 3
(T_DIR) is zero; it is FROM_DEV if buf[2] bit 3 is one.
Do you have a copy of the SAT (SCSI/ATA translation) standard? This is
all in paragraph 12.2.2.2 in my copy.
Paolo
