|
|
|
|
|
|
This short white paper describes how data can become corrupted when using the RZ1000 PCI IDE disk drive controller, and how a motherboard BIOS and IDE disk device drivers can be written to avoid any chance of data corruption due to the RZ1000 PCI IDE disk drive controller. Further references to IDE disk device drivers will apply to a motherboard BIOS as well.
The RZ1000 has a single internal data path which is used for reading both data and status from the drive. If its Read-Ahead mode is enabled and a read of any of the RZ1000s task file registers occurs during the IDE device driver�s date transfer phase data corruption will occur. The remainder of this paper will provide the context to understand how this could happen and examine all factors which must be taken into account when writing a device driver to prevent this from happening.
To understand the failure mechanisms one must first understand how the RZ1000 and an IDE disk drive fit into a PCI system and interact with the IDE device driver.
Figure 1 is a block diagram showing the RZ1000 and IDE disk drive's place in the computer system. The RZ1000 is a PCI to IDE interface which operates in Programmed I/O (PIO) mode only. The RZ1000 does not support a Bus Mastering DMA mode. The RZ1000 has a 32-bit PCI interface through which it communicates with the CPU and a 16-bit IDE interface through which it communicates with an IDE disk drive(s).
The CPU interacts with the IDE disk drive by reading and writing commands, status, and data from a set of I/O registers called task file registers which reside on the IDE disk drive. When reading data the RZ1000 can operate in either of two modes:
The RZ1000 is only susceptible to data corruption when operated in Read-Ahead mode.
When an IDE device driver reads data from the disk drive it first writes the address of the initial sector and the number of sectors to be transferred into the appropriate task file registers. The IDE device driver then issues a read command via the Command Task File Register. The disk drive's internal controller electronics will position the drive's head over the appropriate track, and begin transferring data into the drive's IDE bus interface buffer. As soon as data is available to be read from the IDE interface the drive will issue an interrupt. Note that the interrupt precedes the transfer of data between the drive and system memory .
A typical disk drive actually contains multiple buffers to allow data from sequential sectors to be transferred from the rotating media to the drive without missing revolutions. The drive manages these as ping-pong buffers, allowing the IDE device driver to efficiently read sequential data. When performing multi-sector reads a disk will generally have one of its ping-pong buffers filled with data as soon as the IDE device driver finishes reading data from the previous sector. This means that as soon as the last of the previous sector is read from one ping-pong buffer an interrupt will occur to indicate that another sector can be read from the next ping-pong buffer.
There are two types of read commands which can be issued to an IDE drive:
Once the interrupt is received from the disk drive the IDE device driver will read the Status Task File Register to check if data was successfully transferred from the disk platter to the disk buffer. If the status indicates a successful read into the drive's IDE buffers the device driver will transfer data between the drive's Data Task File Register and system memory. Most, if not all, IDE disk device drivers utilize the String Move command which is the most efficient way to move data from an I/O port into memory.
The ATA specification upon which IDE drives are based mapped the floppy disk controller�s Digital Input Register into the same I/O space as the IDE Digital Input Register (I/O address 03F7h of the primary IDE channel). The Digital Input Register contains the Diskette Change Flag, used by the floppy disk device driver to determine if media has been removed and re-inserted since the last access to the diskette.
To accommodate this architectural requirement the RZ1000 takes as one of its inputs the floppy disk drive interface�s Disk Change signal (The PCI Subtractive Decoding functionality ensures that accesses to I/O port 03F7h are directed to the RZ1000 and are not propagated through to the floppy controller which resides across the PCI-to-ISA bridge).
Data becomes corrupted if any IDE disk drive task file register other than the Data Task File Register is read before the host has transferred an entire sector from the RZ1000. During the course of normal computer operation there are two ways in which this scenario can occur:
Scenario 1: An access is made by the floppy device driver to the Digital Input Task File Register.
The conditions under which various OS�s floppy disk device drivers poll the Digital Input Task File Register to examine the media are unknown by the author at this time, but it is assumed that any floppy disk device driver would poll this register before the start of any new floppy I/O operation.
If the RZ1000 is operating in Read-Ahead Mode and an access is made to this register after the start of and before the finish of the IDE disk driver�s reading of the sector data, data corruption will occur. Note that this is only possible if Read-Ahead Mode is enabled and the floppy device driver is allowed to execute during the execution of the IDE disk device driver�s data transfer routine. Disabling Read-Ahead Mode will prevent any chance of data corruption due to the RZ1000. The "Solutions" subsection of this document will describe the mechanisms employed by IDE device drivers which prevent any access to the IDE drive�s task file registers during the IDE device driver�s data transfer routine.
Scenario 2: Data becomes corrupted if the IDE device driver issues a multi-sector read (using either the Read Sector or Read Multiple command) and a disk drive interrupt causes the Status Task File Register to be read before the device driver finishes reading the data from the previous sector.
This can only occur if all the following conditions are true:
As in the case of Scenario 1, disabling the RZ1000�s Read-Ahead Mode will prevent any chance of data corruption due to the RZ1000, as will the techniques described in the following section.
As described in the previous section, there are two mechanisms which will ensure the prevention of data corruption. This section will provide information on each of these mechanisms.
Solution 1: Disabling the RZ1000�s Read-Ahead Mode
Disabling the RZ1000�s Read-Ahead Mode effectively ensures that every access to the disk drive�s Data Task File Register results in the transfer of that data into system memory without the opportunity of interceding accesses into the other task file registers.
Intel is currently characterizing any performance impact of this approach and will provide information as soon as characterization is complete.
Solution 2: Preventing interrupts during the IDE device driver�s data transfer routine.
Although there are many ways to implement an IDE device driver, it is useful to consider all implementations as falling into one of two scenarios:
The code that reads the Status Task File Register can execute independently from the code which performs the String Move command.
The code that reads the Status Task File Register can�t execute independently from the code which performs the String Move command.
Both of these techniques ensure that the CPU can not be interrupted during the IDE device driver�s data transfer routine.
* Legal Information and Privacy Policy © 2001 Intel Corporation