atapi 0xa8 command

[lama]

hello, i have a very strange problem with my atapi driver.
my 0xa8 command packets are getting ignored when words 6-9 are not zero (transfer length). when they are zero, bochs detects this command properly and ofcourse says, that transfer length is zero.
i'm stucked, no idea whats wrong. here is code that setups that packet and send it.

Code: Select all

mov word [sig0], 0xA8
push ecx
shr ecx, 0x18
and ecx, 0xff
mov byte [sig2], cl
pop ecx
push ecx
shr ecx, 0x10
and ecx, 0xff
mov byte [sig3], cl
pop ecx
push ecx
shr ecx, 8
and ecx, 0xff
mov byte [sig4], cl
pop ecx
push ecx
and ecx, 0xff
mov byte [sig5], cl
pop ecx
call atapi_sendpacket

sig0 db 0  
sig1 db 0  
sig2 db 0  
sig3 db 0  
sig4 db 0   
sig5 db 0  
sig6 db 0  
sig7 db 0
sig8 db 0
sig9 db 1 
siga db 0
sigb db 0
atapi_sendpacket:
mov dx, ATA_DATA
mov esi, sig0
mov ecx, 6
cld
rep outsw
ret

thanks for any help.

[KotuxGuy]

Some comments would help!

[lama]

comments? eh, ecx stands for lba in my code, words 0-1 is command opcode , words 2-5 is lba address, word 6-9 stands for transfer length, all other bytes are reserved.

[KotuxGuy]

I meant inside the code. Code without comments is like a road map without street names or landmarks.

[bewing]

I assume that by "ignored" you mean that you are never receiving an IRQ? Are you ever reading port 0x1f7? Do you have the PIC masked?

Also, you should not be using REP OUTSW -- it will not work on real hardware. You need a tiny delay between each output word.

[lama]

i get irq, i get everything...but bochs does not see this command. when i try to read the returned trasnfer length (from lbas registers) - it will return zero length. (and thanks, i will use something else instead of outsw) here is the complete source:

Code: Select all

atapi_readsec:
;ecx = lba
;bl = drive, 0 = master, 1 = slave
;edi = location, where to put data
cli
mov ecx, eax
mov ds, dx
mov es, dx
mov dx, ATA_DRIVSEL
xchg bx, bx
shl bl, 4
mov al, bl
out dx, al
call ata_wait_not_busy
xor al, al
mov dx, ATA_FEAT
out dx, al
mov ax, ATAPI_SECTOR_SIZE
and ax, 0xff
mov dx, ATA_ADDR2
out dx, ax
mov ax, ATAPI_SECTOR_SIZE
shr ax, 8
;mov dx, ATA_ADDR2
mov dx, ATA_ADDR3 ;?
out dx, ax
mov dx, ATA_COMMAND
mov al, 0xa0 ; packet command
out dx, al
mov dx, ATA_COMMAND
dev_bsy:
in al, dx
and al, 10000000b
cmp al, 10000000b
jz dev_bsy
mov dx, ATA_COMMAND
xchg bx, bx
nodrq:
in al, dx
test al, 1
jnz ata_failure
and al, 00001000b
cmp al, 8
jnz nodrq
mov word [sig0], 0xA8 ; read command
push ecx 
shr ecx, 0x18
and ecx, 0xff
mov byte [sig2], cl
pop ecx
push ecx
shr ecx, 0x10
and ecx, 0xff
mov byte [sig3], cl
pop ecx
push ecx
shr ecx, 8
and ecx, 0xff
mov byte [sig4], cl
pop ecx
push ecx
and ecx, 0xff
mov byte [sig5], cl
pop ecx
call atapi_sendpacket2
mov dx, ATA_FEAT
in al, dx
mov eax, dword [ack1] ; irq
push ds
push word 0x10 ; ack1 address must have base 0
pop ds
sti
noirq:
cmp byte [ds:eax], 1  ; irq received fine
jnz noirq
pop ds
mov dx, ATA_ADDR3
in al, dx
shl al, 8
mov bl, al
mov dx, ATA_ADDR2
in al, dx
or bl, al
xor eax, eax
xor ecx, ecx
mov al, bl
mov bl, 2
div bl
mov cl, al ; returned zero length (because bochs ignored the atapi read command)
mov dx, 0x10
mov es, dx
mov dx, ATA_DATA
rep insw
mov dx, ATA_COMMAND
bsydrq:
in al, dx
and al, 0x88
cmp al, 0x88
jnz bsydrq
clc
ret
ata_failure:
mov esi, error_msg0
call prints
mov dx, ATA_FEAT
in al, dx
stc
ret

[lama]

i have discovered that ABRT bit was set after executing the 0xa8 command with transfer length greater then zero. why?

[lama]

so, nobody can solve this problem?