1 <?xml version="1.0" encoding="UTF-8"?>
2 <!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.1.2//EN"
3 "http://www.oasis-open.org/docbook/xml/4.1.2/docbookx.dtd" []>
5 <book id="libataDevGuide">
7 <title>libATA Developer's Guide</title>
11 <firstname>Jeff</firstname>
12 <surname>Garzik</surname>
17 <year>2003-2006</year>
18 <holder>Jeff Garzik</holder>
23 The contents of this file are subject to the Open
24 Software License version 1.1 that can be found at
25 <ulink url="http://fedoraproject.org/wiki/Licensing:OSL1.1">http://fedoraproject.org/wiki/Licensing:OSL1.1</ulink>
26 and is included herein by reference.
30 Alternatively, the contents of this file may be used under the terms
31 of the GNU General Public License version 2 (the "GPL") as distributed
32 in the kernel source COPYING file, in which case the provisions of
33 the GPL are applicable instead of the above. If you wish to allow
34 the use of your version of this file only under the terms of the
35 GPL and not to allow others to use your version of this file under
36 the OSL, indicate your decision by deleting the provisions above and
37 replace them with the notice and other provisions required by the GPL.
38 If you do not delete the provisions above, a recipient may use your
39 version of this file under either the OSL or the GPL.
47 <chapter id="libataIntroduction">
48 <title>Introduction</title>
50 libATA is a library used inside the Linux kernel to support ATA host
51 controllers and devices. libATA provides an ATA driver API, class
52 transports for ATA and ATAPI devices, and SCSI<->ATA translation
53 for ATA devices according to the T10 SAT specification.
56 This Guide documents the libATA driver API, library functions, library
57 internals, and a couple sample ATA low-level drivers.
61 <chapter id="libataDriverApi">
62 <title>libata Driver API</title>
64 struct ata_port_operations is defined for every low-level libata
65 hardware driver, and it controls how the low-level driver
66 interfaces with the ATA and SCSI layers.
69 FIS-based drivers will hook into the system with ->qc_prep() and
70 ->qc_issue() high-level hooks. Hardware which behaves in a manner
71 similar to PCI IDE hardware may utilize several generic helpers,
72 defining at a bare minimum the bus I/O addresses of the ATA shadow
76 <title>struct ata_port_operations</title>
78 <sect2><title>Disable ATA port</title>
80 void (*port_disable) (struct ata_port *);
84 Called from ata_bus_probe() error path, as well as when
85 unregistering from the SCSI module (rmmod, hot unplug).
86 This function should do whatever needs to be done to take the
87 port out of use. In most cases, ata_port_disable() can be used
91 Called from ata_bus_probe() on a failed probe.
92 Called from ata_scsi_release().
97 <sect2><title>Post-IDENTIFY device configuration</title>
99 void (*dev_config) (struct ata_port *, struct ata_device *);
103 Called after IDENTIFY [PACKET] DEVICE is issued to each device
104 found. Typically used to apply device-specific fixups prior to
105 issue of SET FEATURES - XFER MODE, and prior to operation.
108 This entry may be specified as NULL in ata_port_operations.
113 <sect2><title>Set PIO/DMA mode</title>
115 void (*set_piomode) (struct ata_port *, struct ata_device *);
116 void (*set_dmamode) (struct ata_port *, struct ata_device *);
117 void (*post_set_mode) (struct ata_port *);
118 unsigned int (*mode_filter) (struct ata_port *, struct ata_device *, unsigned int);
122 Hooks called prior to the issue of SET FEATURES - XFER MODE
123 command. The optional ->mode_filter() hook is called when libata
124 has built a mask of the possible modes. This is passed to the
125 ->mode_filter() function which should return a mask of valid modes
126 after filtering those unsuitable due to hardware limits. It is not
127 valid to use this interface to add modes.
130 dev->pio_mode and dev->dma_mode are guaranteed to be valid when
131 ->set_piomode() and when ->set_dmamode() is called. The timings for
132 any other drive sharing the cable will also be valid at this point.
133 That is the library records the decisions for the modes of each
134 drive on a channel before it attempts to set any of them.
138 called unconditionally, after the SET FEATURES - XFER MODE
139 command completes successfully.
143 ->set_piomode() is always called (if present), but
144 ->set_dma_mode() is only called if DMA is possible.
149 <sect2><title>Taskfile read/write</title>
151 void (*sff_tf_load) (struct ata_port *ap, struct ata_taskfile *tf);
152 void (*sff_tf_read) (struct ata_port *ap, struct ata_taskfile *tf);
156 ->tf_load() is called to load the given taskfile into hardware
157 registers / DMA buffers. ->tf_read() is called to read the
158 hardware registers / DMA buffers, to obtain the current set of
159 taskfile register values.
160 Most drivers for taskfile-based hardware (PIO or MMIO) use
161 ata_sff_tf_load() and ata_sff_tf_read() for these hooks.
166 <sect2><title>PIO data read/write</title>
168 void (*sff_data_xfer) (struct ata_device *, unsigned char *, unsigned int, int);
172 All bmdma-style drivers must implement this hook. This is the low-level
173 operation that actually copies the data bytes during a PIO data
175 Typically the driver will choose one of ata_sff_data_xfer_noirq(),
176 ata_sff_data_xfer(), or ata_sff_data_xfer32().
181 <sect2><title>ATA command execute</title>
183 void (*sff_exec_command)(struct ata_port *ap, struct ata_taskfile *tf);
187 causes an ATA command, previously loaded with
188 ->tf_load(), to be initiated in hardware.
189 Most drivers for taskfile-based hardware use ata_sff_exec_command()
195 <sect2><title>Per-cmd ATAPI DMA capabilities filter</title>
197 int (*check_atapi_dma) (struct ata_queued_cmd *qc);
201 Allow low-level driver to filter ATA PACKET commands, returning a status
202 indicating whether or not it is OK to use DMA for the supplied PACKET
206 This hook may be specified as NULL, in which case libata will
207 assume that atapi dma can be supported.
212 <sect2><title>Read specific ATA shadow registers</title>
214 u8 (*sff_check_status)(struct ata_port *ap);
215 u8 (*sff_check_altstatus)(struct ata_port *ap);
219 Reads the Status/AltStatus ATA shadow register from
220 hardware. On some hardware, reading the Status register has
221 the side effect of clearing the interrupt condition.
222 Most drivers for taskfile-based hardware use
223 ata_sff_check_status() for this hook.
228 <sect2><title>Write specific ATA shadow register</title>
230 void (*sff_set_devctl)(struct ata_port *ap, u8 ctl);
234 Write the device control ATA shadow register to the hardware.
235 Most drivers don't need to define this.
240 <sect2><title>Select ATA device on bus</title>
242 void (*sff_dev_select)(struct ata_port *ap, unsigned int device);
246 Issues the low-level hardware command(s) that causes one of N
247 hardware devices to be considered 'selected' (active and
248 available for use) on the ATA bus. This generally has no
249 meaning on FIS-based devices.
252 Most drivers for taskfile-based hardware use
253 ata_sff_dev_select() for this hook.
258 <sect2><title>Private tuning method</title>
260 void (*set_mode) (struct ata_port *ap);
264 By default libata performs drive and controller tuning in
265 accordance with the ATA timing rules and also applies blacklists
266 and cable limits. Some controllers need special handling and have
267 custom tuning rules, typically raid controllers that use ATA
268 commands but do not actually do drive timing.
273 This hook should not be used to replace the standard controller
274 tuning logic when a controller has quirks. Replacing the default
275 tuning logic in that case would bypass handling for drive and
276 bridge quirks that may be important to data reliability. If a
277 controller needs to filter the mode selection it should use the
278 mode_filter hook instead.
284 <sect2><title>Control PCI IDE BMDMA engine</title>
286 void (*bmdma_setup) (struct ata_queued_cmd *qc);
287 void (*bmdma_start) (struct ata_queued_cmd *qc);
288 void (*bmdma_stop) (struct ata_port *ap);
289 u8 (*bmdma_status) (struct ata_port *ap);
293 When setting up an IDE BMDMA transaction, these hooks arm
294 (->bmdma_setup), fire (->bmdma_start), and halt (->bmdma_stop)
295 the hardware's DMA engine. ->bmdma_status is used to read the standard
296 PCI IDE DMA Status register.
300 These hooks are typically either no-ops, or simply not implemented, in
304 Most legacy IDE drivers use ata_bmdma_setup() for the bmdma_setup()
305 hook. ata_bmdma_setup() will write the pointer to the PRD table to
306 the IDE PRD Table Address register, enable DMA in the DMA Command
307 register, and call exec_command() to begin the transfer.
310 Most legacy IDE drivers use ata_bmdma_start() for the bmdma_start()
311 hook. ata_bmdma_start() will write the ATA_DMA_START flag to the DMA
315 Many legacy IDE drivers use ata_bmdma_stop() for the bmdma_stop()
316 hook. ata_bmdma_stop() clears the ATA_DMA_START flag in the DMA
320 Many legacy IDE drivers use ata_bmdma_status() as the bmdma_status() hook.
325 <sect2><title>High-level taskfile hooks</title>
327 void (*qc_prep) (struct ata_queued_cmd *qc);
328 int (*qc_issue) (struct ata_queued_cmd *qc);
332 Higher-level hooks, these two hooks can potentially supercede
333 several of the above taskfile/DMA engine hooks. ->qc_prep is
334 called after the buffers have been DMA-mapped, and is typically
335 used to populate the hardware's DMA scatter-gather table.
336 Most drivers use the standard ata_qc_prep() helper function, but
337 more advanced drivers roll their own.
340 ->qc_issue is used to make a command active, once the hardware
341 and S/G tables have been prepared. IDE BMDMA drivers use the
342 helper function ata_qc_issue_prot() for taskfile protocol-based
343 dispatch. More advanced drivers implement their own ->qc_issue.
346 ata_qc_issue_prot() calls ->tf_load(), ->bmdma_setup(), and
347 ->bmdma_start() as necessary to initiate a transfer.
352 <sect2><title>Exception and probe handling (EH)</title>
354 void (*eng_timeout) (struct ata_port *ap);
355 void (*phy_reset) (struct ata_port *ap);
359 Deprecated. Use ->error_handler() instead.
363 void (*freeze) (struct ata_port *ap);
364 void (*thaw) (struct ata_port *ap);
368 ata_port_freeze() is called when HSM violations or some other
369 condition disrupts normal operation of the port. A frozen port
370 is not allowed to perform any operation until the port is
371 thawed, which usually follows a successful reset.
375 The optional ->freeze() callback can be used for freezing the port
376 hardware-wise (e.g. mask interrupt and stop DMA engine). If a
377 port cannot be frozen hardware-wise, the interrupt handler
378 must ack and clear interrupts unconditionally while the port
382 The optional ->thaw() callback is called to perform the opposite of ->freeze():
383 prepare the port for normal operation once again. Unmask interrupts,
384 start DMA engine, etc.
388 void (*error_handler) (struct ata_port *ap);
392 ->error_handler() is a driver's hook into probe, hotplug, and recovery
393 and other exceptional conditions. The primary responsibility of an
394 implementation is to call ata_do_eh() or ata_bmdma_drive_eh() with a set
395 of EH hooks as arguments:
399 'prereset' hook (may be NULL) is called during an EH reset, before any other actions
404 'postreset' hook (may be NULL) is called after the EH reset is performed. Based on
405 existing conditions, severity of the problem, and hardware capabilities,
409 Either 'softreset' (may be NULL) or 'hardreset' (may be NULL) will be
410 called to perform the low-level EH reset.
414 void (*post_internal_cmd) (struct ata_queued_cmd *qc);
418 Perform any hardware-specific actions necessary to finish processing
419 after executing a probe-time or EH-time command via ata_exec_internal().
424 <sect2><title>Hardware interrupt handling</title>
426 irqreturn_t (*irq_handler)(int, void *, struct pt_regs *);
427 void (*irq_clear) (struct ata_port *);
431 ->irq_handler is the interrupt handling routine registered with
432 the system, by libata. ->irq_clear is called during probe just
433 before the interrupt handler is registered, to be sure hardware
437 The second argument, dev_instance, should be cast to a pointer
438 to struct ata_host_set.
441 Most legacy IDE drivers use ata_sff_interrupt() for the
442 irq_handler hook, which scans all ports in the host_set,
443 determines which queued command was active (if any), and calls
444 ata_sff_host_intr(ap,qc).
447 Most legacy IDE drivers use ata_sff_irq_clear() for the
448 irq_clear() hook, which simply clears the interrupt and error
449 flags in the DMA status register.
454 <sect2><title>SATA phy read/write</title>
456 int (*scr_read) (struct ata_port *ap, unsigned int sc_reg,
458 int (*scr_write) (struct ata_port *ap, unsigned int sc_reg,
463 Read and write standard SATA phy registers. Currently only used
464 if ->phy_reset hook called the sata_phy_reset() helper function.
465 sc_reg is one of SCR_STATUS, SCR_CONTROL, SCR_ERROR, or SCR_ACTIVE.
470 <sect2><title>Init and shutdown</title>
472 int (*port_start) (struct ata_port *ap);
473 void (*port_stop) (struct ata_port *ap);
474 void (*host_stop) (struct ata_host_set *host_set);
478 ->port_start() is called just after the data structures for each
479 port are initialized. Typically this is used to alloc per-port
480 DMA buffers / tables / rings, enable DMA engines, and similar
481 tasks. Some drivers also use this entry point as a chance to
482 allocate driver-private memory for ap->private_data.
485 Many drivers use ata_port_start() as this hook or call
486 it from their own port_start() hooks. ata_port_start()
487 allocates space for a legacy IDE PRD table and returns.
490 ->port_stop() is called after ->host_stop(). Its sole function
491 is to release DMA/memory resources, now that they are no longer
492 actively being used. Many drivers also free driver-private
493 data from port at this time.
496 ->host_stop() is called after all ->port_stop() calls
497 have completed. The hook must finalize hardware shutdown, release DMA
498 and other resources, etc.
499 This hook may be specified as NULL, in which case it is not called.
507 <chapter id="libataEH">
508 <title>Error handling</title>
511 This chapter describes how errors are handled under libata.
512 Readers are advised to read SCSI EH
513 (Documentation/scsi/scsi_eh.txt) and ATA exceptions doc first.
516 <sect1><title>Origins of commands</title>
518 In libata, a command is represented with struct ata_queued_cmd
519 or qc. qc's are preallocated during port initialization and
520 repetitively used for command executions. Currently only one
521 qc is allocated per port but yet-to-be-merged NCQ branch
522 allocates one for each tag and maps each qc to NCQ tag 1-to-1.
525 libata commands can originate from two sources - libata itself
526 and SCSI midlayer. libata internal commands are used for
527 initialization and error handling. All normal blk requests
528 and commands for SCSI emulation are passed as SCSI commands
529 through queuecommand callback of SCSI host template.
533 <sect1><title>How commands are issued</title>
537 <varlistentry><term>Internal commands</term>
540 First, qc is allocated and initialized using
541 ata_qc_new_init(). Although ata_qc_new_init() doesn't
542 implement any wait or retry mechanism when qc is not
543 available, internal commands are currently issued only during
544 initialization and error recovery, so no other command is
545 active and allocation is guaranteed to succeed.
548 Once allocated qc's taskfile is initialized for the command to
549 be executed. qc currently has two mechanisms to notify
550 completion. One is via qc->complete_fn() callback and the
551 other is completion qc->waiting. qc->complete_fn() callback
552 is the asynchronous path used by normal SCSI translated
553 commands and qc->waiting is the synchronous (issuer sleeps in
554 process context) path used by internal commands.
557 Once initialization is complete, host_set lock is acquired
558 and the qc is issued.
563 <varlistentry><term>SCSI commands</term>
566 All libata drivers use ata_scsi_queuecmd() as
567 hostt->queuecommand callback. scmds can either be simulated
568 or translated. No qc is involved in processing a simulated
569 scmd. The result is computed right away and the scmd is
573 For a translated scmd, ata_qc_new_init() is invoked to
574 allocate a qc and the scmd is translated into the qc. SCSI
575 midlayer's completion notification function pointer is stored
579 qc->complete_fn() callback is used for completion
580 notification. ATA commands use ata_scsi_qc_complete() while
581 ATAPI commands use atapi_qc_complete(). Both functions end up
582 calling qc->scsidone to notify upper layer when the qc is
583 finished. After translation is completed, the qc is issued
587 Note that SCSI midlayer invokes hostt->queuecommand while
588 holding host_set lock, so all above occur while holding
597 <sect1><title>How commands are processed</title>
599 Depending on which protocol and which controller are used,
600 commands are processed differently. For the purpose of
601 discussion, a controller which uses taskfile interface and all
602 standard callbacks is assumed.
605 Currently 6 ATA command protocols are used. They can be
606 sorted into the following four categories according to how
611 <varlistentry><term>ATA NO DATA or DMA</term>
614 ATA_PROT_NODATA and ATA_PROT_DMA fall into this category.
615 These types of commands don't require any software
616 intervention once issued. Device will raise interrupt on
622 <varlistentry><term>ATA PIO</term>
625 ATA_PROT_PIO is in this category. libata currently
626 implements PIO with polling. ATA_NIEN bit is set to turn
627 off interrupt and pio_task on ata_wq performs polling and
633 <varlistentry><term>ATAPI NODATA or DMA</term>
636 ATA_PROT_ATAPI_NODATA and ATA_PROT_ATAPI_DMA are in this
637 category. packet_task is used to poll BSY bit after
638 issuing PACKET command. Once BSY is turned off by the
639 device, packet_task transfers CDB and hands off processing
640 to interrupt handler.
645 <varlistentry><term>ATAPI PIO</term>
648 ATA_PROT_ATAPI is in this category. ATA_NIEN bit is set
649 and, as in ATAPI NODATA or DMA, packet_task submits cdb.
650 However, after submitting cdb, further processing (data
651 transfer) is handed off to pio_task.
658 <sect1><title>How commands are completed</title>
660 Once issued, all qc's are either completed with
661 ata_qc_complete() or time out. For commands which are handled
662 by interrupts, ata_host_intr() invokes ata_qc_complete(), and,
663 for PIO tasks, pio_task invokes ata_qc_complete(). In error
664 cases, packet_task may also complete commands.
667 ata_qc_complete() does the following.
674 DMA memory is unmapped.
680 ATA_QCFLAG_ACTIVE is clared from qc->flags.
686 qc->complete_fn() callback is invoked. If the return value of
687 the callback is not zero. Completion is short circuited and
688 ata_qc_complete() returns.
694 __ata_qc_complete() is called, which does
699 qc->flags is cleared to zero.
705 ap->active_tag and qc->tag are poisoned.
711 qc->waiting is claread & completed (in that order).
717 qc is deallocated by clearing appropriate bit in ap->qactive.
728 So, it basically notifies upper layer and deallocates qc. One
729 exception is short-circuit path in #3 which is used by
733 For all non-ATAPI commands, whether it fails or not, almost
734 the same code path is taken and very little error handling
735 takes place. A qc is completed with success status if it
736 succeeded, with failed status otherwise.
739 However, failed ATAPI commands require more handling as
740 REQUEST SENSE is needed to acquire sense data. If an ATAPI
741 command fails, ata_qc_complete() is invoked with error status,
742 which in turn invokes atapi_qc_complete() via
743 qc->complete_fn() callback.
746 This makes atapi_qc_complete() set scmd->result to
747 SAM_STAT_CHECK_CONDITION, complete the scmd and return 1. As
748 the sense data is empty but scmd->result is CHECK CONDITION,
749 SCSI midlayer will invoke EH for the scmd, and returning 1
750 makes ata_qc_complete() to return without deallocating the qc.
751 This leads us to ata_scsi_error() with partially completed qc.
756 <sect1><title>ata_scsi_error()</title>
758 ata_scsi_error() is the current transportt->eh_strategy_handler()
759 for libata. As discussed above, this will be entered in two
760 cases - timeout and ATAPI error completion. This function
761 calls low level libata driver's eng_timeout() callback, the
762 standard callback for which is ata_eng_timeout(). It checks
763 if a qc is active and calls ata_qc_timeout() on the qc if so.
764 Actual error handling occurs in ata_qc_timeout().
767 If EH is invoked for timeout, ata_qc_timeout() stops BMDMA and
768 completes the qc. Note that as we're currently in EH, we
769 cannot call scsi_done. As described in SCSI EH doc, a
770 recovered scmd should be either retried with
771 scsi_queue_insert() or finished with scsi_finish_command().
772 Here, we override qc->scsidone with scsi_finish_command() and
773 calls ata_qc_complete().
776 If EH is invoked due to a failed ATAPI qc, the qc here is
777 completed but not deallocated. The purpose of this
778 half-completion is to use the qc as place holder to make EH
779 code reach this place. This is a bit hackish, but it works.
782 Once control reaches here, the qc is deallocated by invoking
783 __ata_qc_complete() explicitly. Then, internal qc for REQUEST
784 SENSE is issued. Once sense data is acquired, scmd is
785 finished by directly invoking scsi_finish_command() on the
786 scmd. Note that as we already have completed and deallocated
787 the qc which was associated with the scmd, we don't need
788 to/cannot call ata_qc_complete() again.
793 <sect1><title>Problems with the current EH</title>
799 Error representation is too crude. Currently any and all
800 error conditions are represented with ATA STATUS and ERROR
801 registers. Errors which aren't ATA device errors are treated
802 as ATA device errors by setting ATA_ERR bit. Better error
803 descriptor which can properly represent ATA and other
804 errors/exceptions is needed.
810 When handling timeouts, no action is taken to make device
811 forget about the timed out command and ready for new commands.
817 EH handling via ata_scsi_error() is not properly protected
818 from usual command processing. On EH entrance, the device is
819 not in quiescent state. Timed out commands may succeed or
820 fail any time. pio_task and atapi_task may still be running.
826 Too weak error recovery. Devices / controllers causing HSM
827 mismatch errors and other errors quite often require reset to
828 return to known state. Also, advanced error handling is
829 necessary to support features like NCQ and hotplug.
835 ATA errors are directly handled in the interrupt handler and
836 PIO errors in pio_task. This is problematic for advanced
837 error handling for the following reasons.
840 First, advanced error handling often requires context and
841 internal qc execution.
844 Second, even a simple failure (say, CRC error) needs
845 information gathering and could trigger complex error handling
846 (say, resetting & reconfiguring). Having multiple code
847 paths to gather information, enter EH and trigger actions
851 Third, scattered EH code makes implementing low level drivers
852 difficult. Low level drivers override libata callbacks. If
853 EH is scattered over several places, each affected callbacks
854 should perform its part of error handling. This can be error
863 <chapter id="libataExt">
864 <title>libata Library</title>
865 !Edrivers/ata/libata-core.c
868 <chapter id="libataInt">
869 <title>libata Core Internals</title>
870 !Idrivers/ata/libata-core.c
873 <chapter id="libataScsiInt">
874 <title>libata SCSI translation/emulation</title>
875 !Edrivers/ata/libata-scsi.c
876 !Idrivers/ata/libata-scsi.c
879 <chapter id="ataExceptions">
880 <title>ATA errors and exceptions</title>
883 This chapter tries to identify what error/exception conditions exist
884 for ATA/ATAPI devices and describe how they should be handled in
885 implementation-neutral way.
889 The term 'error' is used to describe conditions where either an
890 explicit error condition is reported from device or a command has
895 The term 'exception' is either used to describe exceptional
896 conditions which are not errors (say, power or hotplug events), or
897 to describe both errors and non-error exceptional conditions. Where
898 explicit distinction between error and exception is necessary, the
899 term 'non-error exception' is used.
903 <title>Exception categories</title>
905 Exceptions are described primarily with respect to legacy
906 taskfile + bus master IDE interface. If a controller provides
907 other better mechanism for error reporting, mapping those into
908 categories described below shouldn't be difficult.
912 In the following sections, two recovery actions - reset and
913 reconfiguring transport - are mentioned. These are described
914 further in <xref linkend="exrec"/>.
917 <sect2 id="excatHSMviolation">
918 <title>HSM violation</title>
920 This error is indicated when STATUS value doesn't match HSM
921 requirement during issuing or excution any ATA/ATAPI command.
925 <title>Examples</title>
929 ATA_STATUS doesn't contain !BSY && DRDY && !DRQ while trying
936 !BSY && !DRQ during PIO data transfer.
942 DRQ on command completion.
948 !BSY && ERR after CDB transfer starts but before the
949 last byte of CDB is transferred. ATA/ATAPI standard states
950 that "The device shall not terminate the PACKET command
951 with an error before the last byte of the command packet has
952 been written" in the error outputs description of PACKET
953 command and the state diagram doesn't include such
961 In these cases, HSM is violated and not much information
962 regarding the error can be acquired from STATUS or ERROR
963 register. IOW, this error can be anything - driver bug,
964 faulty device, controller and/or cable.
968 As HSM is violated, reset is necessary to restore known state.
969 Reconfiguring transport for lower speed might be helpful too
970 as transmission errors sometimes cause this kind of errors.
974 <sect2 id="excatDevErr">
975 <title>ATA/ATAPI device error (non-NCQ / non-CHECK CONDITION)</title>
978 These are errors detected and reported by ATA/ATAPI devices
979 indicating device problems. For this type of errors, STATUS
980 and ERROR register values are valid and describe error
981 condition. Note that some of ATA bus errors are detected by
982 ATA/ATAPI devices and reported using the same mechanism as
983 device errors. Those cases are described later in this
988 For ATA commands, this type of errors are indicated by !BSY
989 && ERR during command execution and on completion.
992 <para>For ATAPI commands,</para>
998 !BSY && ERR && ABRT right after issuing PACKET
999 indicates that PACKET command is not supported and falls in
1006 !BSY && ERR(==CHK) && !ABRT after the last
1007 byte of CDB is transferred indicates CHECK CONDITION and
1008 doesn't fall in this category.
1014 !BSY && ERR(==CHK) && ABRT after the last byte
1015 of CDB is transferred *probably* indicates CHECK CONDITION and
1016 doesn't fall in this category.
1023 Of errors detected as above, the followings are not ATA/ATAPI
1024 device errors but ATA bus errors and should be handled
1025 according to <xref linkend="excatATAbusErr"/>.
1031 <term>CRC error during data transfer</term>
1034 This is indicated by ICRC bit in the ERROR register and
1035 means that corruption occurred during data transfer. Up to
1036 ATA/ATAPI-7, the standard specifies that this bit is only
1037 applicable to UDMA transfers but ATA/ATAPI-8 draft revision
1038 1f says that the bit may be applicable to multiword DMA and
1045 <term>ABRT error during data transfer or on completion</term>
1048 Up to ATA/ATAPI-7, the standard specifies that ABRT could be
1049 set on ICRC errors and on cases where a device is not able
1050 to complete a command. Combined with the fact that MWDMA
1051 and PIO transfer errors aren't allowed to use ICRC bit up to
1052 ATA/ATAPI-7, it seems to imply that ABRT bit alone could
1053 indicate transfer errors.
1056 However, ATA/ATAPI-8 draft revision 1f removes the part
1057 that ICRC errors can turn on ABRT. So, this is kind of
1058 gray area. Some heuristics are needed here.
1066 ATA/ATAPI device errors can be further categorized as follows.
1072 <term>Media errors</term>
1075 This is indicated by UNC bit in the ERROR register. ATA
1076 devices reports UNC error only after certain number of
1077 retries cannot recover the data, so there's nothing much
1078 else to do other than notifying upper layer.
1081 READ and WRITE commands report CHS or LBA of the first
1082 failed sector but ATA/ATAPI standard specifies that the
1083 amount of transferred data on error completion is
1084 indeterminate, so we cannot assume that sectors preceding
1085 the failed sector have been transferred and thus cannot
1086 complete those sectors successfully as SCSI does.
1092 <term>Media changed / media change requested error</term>
1095 <<TODO: fill here>>
1100 <varlistentry><term>Address error</term>
1103 This is indicated by IDNF bit in the ERROR register.
1104 Report to upper layer.
1109 <varlistentry><term>Other errors</term>
1112 This can be invalid command or parameter indicated by ABRT
1113 ERROR bit or some other error condition. Note that ABRT
1114 bit can indicate a lot of things including ICRC and Address
1115 errors. Heuristics needed.
1123 Depending on commands, not all STATUS/ERROR bits are
1124 applicable. These non-applicable bits are marked with
1125 "na" in the output descriptions but up to ATA/ATAPI-7
1126 no definition of "na" can be found. However,
1127 ATA/ATAPI-8 draft revision 1f describes "N/A" as
1133 <varlistentry><term>3.2.3.3a N/A</term>
1136 A keyword the indicates a field has no defined value in
1137 this standard and should not be checked by the host or
1138 device. N/A fields should be cleared to zero.
1146 So, it seems reasonable to assume that "na" bits are
1147 cleared to zero by devices and thus need no explicit masking.
1152 <sect2 id="excatATAPIcc">
1153 <title>ATAPI device CHECK CONDITION</title>
1156 ATAPI device CHECK CONDITION error is indicated by set CHK bit
1157 (ERR bit) in the STATUS register after the last byte of CDB is
1158 transferred for a PACKET command. For this kind of errors,
1159 sense data should be acquired to gather information regarding
1160 the errors. REQUEST SENSE packet command should be used to
1165 Once sense data is acquired, this type of errors can be
1166 handled similary to other SCSI errors. Note that sense data
1167 may indicate ATA bus error (e.g. Sense Key 04h HARDWARE ERROR
1168 && ASC/ASCQ 47h/00h SCSI PARITY ERROR). In such
1169 cases, the error should be considered as an ATA bus error and
1170 handled according to <xref linkend="excatATAbusErr"/>.
1175 <sect2 id="excatNCQerr">
1176 <title>ATA device error (NCQ)</title>
1179 NCQ command error is indicated by cleared BSY and set ERR bit
1180 during NCQ command phase (one or more NCQ commands
1181 outstanding). Although STATUS and ERROR registers will
1182 contain valid values describing the error, READ LOG EXT is
1183 required to clear the error condition, determine which command
1184 has failed and acquire more information.
1188 READ LOG EXT Log Page 10h reports which tag has failed and
1189 taskfile register values describing the error. With this
1190 information the failed command can be handled as a normal ATA
1191 command error as in <xref linkend="excatDevErr"/> and all
1192 other in-flight commands must be retried. Note that this
1193 retry should not be counted - it's likely that commands
1194 retried this way would have completed normally if it were not
1195 for the failed command.
1199 Note that ATA bus errors can be reported as ATA device NCQ
1200 errors. This should be handled as described in <xref
1201 linkend="excatATAbusErr"/>.
1205 If READ LOG EXT Log Page 10h fails or reports NQ, we're
1206 thoroughly screwed. This condition should be treated
1207 according to <xref linkend="excatHSMviolation"/>.
1212 <sect2 id="excatATAbusErr">
1213 <title>ATA bus error</title>
1216 ATA bus error means that data corruption occurred during
1217 transmission over ATA bus (SATA or PATA). This type of errors
1225 ICRC or ABRT error as described in <xref linkend="excatDevErr"/>.
1231 Controller-specific error completion with error information
1232 indicating transmission error.
1238 On some controllers, command timeout. In this case, there may
1239 be a mechanism to determine that the timeout is due to
1246 Unknown/random errors, timeouts and all sorts of weirdities.
1253 As described above, transmission errors can cause wide variety
1254 of symptoms ranging from device ICRC error to random device
1255 lockup, and, for many cases, there is no way to tell if an
1256 error condition is due to transmission error or not;
1257 therefore, it's necessary to employ some kind of heuristic
1258 when dealing with errors and timeouts. For example,
1259 encountering repetitive ABRT errors for known supported
1260 command is likely to indicate ATA bus error.
1264 Once it's determined that ATA bus errors have possibly
1265 occurred, lowering ATA bus transmission speed is one of
1266 actions which may alleviate the problem. See <xref
1267 linkend="exrecReconf"/> for more information.
1272 <sect2 id="excatPCIbusErr">
1273 <title>PCI bus error</title>
1276 Data corruption or other failures during transmission over PCI
1277 (or other system bus). For standard BMDMA, this is indicated
1278 by Error bit in the BMDMA Status register. This type of
1279 errors must be logged as it indicates something is very wrong
1280 with the system. Resetting host controller is recommended.
1285 <sect2 id="excatLateCompletion">
1286 <title>Late completion</title>
1289 This occurs when timeout occurs and the timeout handler finds
1290 out that the timed out command has completed successfully or
1291 with error. This is usually caused by lost interrupts. This
1292 type of errors must be logged. Resetting host controller is
1298 <sect2 id="excatUnknown">
1299 <title>Unknown error (timeout)</title>
1302 This is when timeout occurs and the command is still
1303 processing or the host and device are in unknown state. When
1304 this occurs, HSM could be in any valid or invalid state. To
1305 bring the device to known state and make it forget about the
1306 timed out command, resetting is necessary. The timed out
1307 command may be retried.
1311 Timeouts can also be caused by transmission errors. Refer to
1312 <xref linkend="excatATAbusErr"/> for more details.
1317 <sect2 id="excatHoplugPM">
1318 <title>Hotplug and power management exceptions</title>
1321 <<TODO: fill here>>
1329 <title>EH recovery actions</title>
1332 This section discusses several important recovery actions.
1335 <sect2 id="exrecClr">
1336 <title>Clearing error condition</title>
1339 Many controllers require its error registers to be cleared by
1340 error handler. Different controllers may have different
1345 For SATA, it's strongly recommended to clear at least SError
1346 register during error handling.
1350 <sect2 id="exrecRst">
1351 <title>Reset</title>
1354 During EH, resetting is necessary in the following cases.
1361 HSM is in unknown or invalid state
1367 HBA is in unknown or invalid state
1373 EH needs to make HBA/device forget about in-flight commands
1379 HBA/device behaves weirdly
1386 Resetting during EH might be a good idea regardless of error
1387 condition to improve EH robustness. Whether to reset both or
1388 either one of HBA and device depends on situation but the
1389 following scheme is recommended.
1396 When it's known that HBA is in ready state but ATA/ATAPI
1397 device is in unknown state, reset only device.
1403 If HBA is in unknown state, reset both HBA and device.
1410 HBA resetting is implementation specific. For a controller
1411 complying to taskfile/BMDMA PCI IDE, stopping active DMA
1412 transaction may be sufficient iff BMDMA state is the only HBA
1413 context. But even mostly taskfile/BMDMA PCI IDE complying
1414 controllers may have implementation specific requirements and
1415 mechanism to reset themselves. This must be addressed by
1420 OTOH, ATA/ATAPI standard describes in detail ways to reset
1426 <varlistentry><term>PATA hardware reset</term>
1429 This is hardware initiated device reset signalled with
1430 asserted PATA RESET- signal. There is no standard way to
1431 initiate hardware reset from software although some
1432 hardware provides registers that allow driver to directly
1433 tweak the RESET- signal.
1438 <varlistentry><term>Software reset</term>
1441 This is achieved by turning CONTROL SRST bit on for at
1442 least 5us. Both PATA and SATA support it but, in case of
1443 SATA, this may require controller-specific support as the
1444 second Register FIS to clear SRST should be transmitted
1445 while BSY bit is still set. Note that on PATA, this resets
1446 both master and slave devices on a channel.
1451 <varlistentry><term>EXECUTE DEVICE DIAGNOSTIC command</term>
1454 Although ATA/ATAPI standard doesn't describe exactly, EDD
1455 implies some level of resetting, possibly similar level
1456 with software reset. Host-side EDD protocol can be handled
1457 with normal command processing and most SATA controllers
1458 should be able to handle EDD's just like other commands.
1459 As in software reset, EDD affects both devices on a PATA
1463 Although EDD does reset devices, this doesn't suit error
1464 handling as EDD cannot be issued while BSY is set and it's
1465 unclear how it will act when device is in unknown/weird
1471 <varlistentry><term>ATAPI DEVICE RESET command</term>
1474 This is very similar to software reset except that reset
1475 can be restricted to the selected device without affecting
1476 the other device sharing the cable.
1481 <varlistentry><term>SATA phy reset</term>
1484 This is the preferred way of resetting a SATA device. In
1485 effect, it's identical to PATA hardware reset. Note that
1486 this can be done with the standard SCR Control register.
1487 As such, it's usually easier to implement than software
1496 One more thing to consider when resetting devices is that
1497 resetting clears certain configuration parameters and they
1498 need to be set to their previous or newly adjusted values
1503 Parameters affected are.
1510 CHS set up with INITIALIZE DEVICE PARAMETERS (seldom used)
1516 Parameters set with SET FEATURES including transfer mode setting
1522 Block count set with SET MULTIPLE MODE
1528 Other parameters (SET MAX, MEDIA LOCK...)
1535 ATA/ATAPI standard specifies that some parameters must be
1536 maintained across hardware or software reset, but doesn't
1537 strictly specify all of them. Always reconfiguring needed
1538 parameters after reset is required for robustness. Note that
1539 this also applies when resuming from deep sleep (power-off).
1543 Also, ATA/ATAPI standard requires that IDENTIFY DEVICE /
1544 IDENTIFY PACKET DEVICE is issued after any configuration
1545 parameter is updated or a hardware reset and the result used
1546 for further operation. OS driver is required to implement
1547 revalidation mechanism to support this.
1552 <sect2 id="exrecReconf">
1553 <title>Reconfigure transport</title>
1556 For both PATA and SATA, a lot of corners are cut for cheap
1557 connectors, cables or controllers and it's quite common to see
1558 high transmission error rate. This can be mitigated by
1559 lowering transmission speed.
1563 The following is a possible scheme Jeff Garzik suggested.
1568 If more than $N (3?) transmission errors happen in 15 minutes,
1573 if SATA, decrease SATA PHY speed. if speed cannot be decreased,
1578 decrease UDMA xfer speed. if at UDMA0, switch to PIO4,
1583 decrease PIO xfer speed. if at PIO3, complain, but continue
1595 <chapter id="PiixInt">
1596 <title>ata_piix Internals</title>
1597 !Idrivers/ata/ata_piix.c
1600 <chapter id="SILInt">
1601 <title>sata_sil Internals</title>
1602 !Idrivers/ata/sata_sil.c
1605 <chapter id="libataThanks">
1606 <title>Thanks</title>
1608 The bulk of the ATA knowledge comes thanks to long conversations with
1609 Andre Hedrick (www.linux-ide.org), and long hours pondering the ATA
1610 and SCSI specifications.
1613 Thanks to Alan Cox for pointing out similarities
1614 between SATA and SCSI, and in general for motivation to hack on
1618 libata's device detection
1619 method, ata_pio_devchk, and in general all the early probing was
1620 based on extensive study of Hale Landis's probe/reset code in his
1621 ATADRVR driver (www.ata-atapi.com).