search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Merge branch 'qemu-cvs'
[qemu-kvm/fedora.git] / hw / ide.c
blobd5f4403e59eed9f818a30d4053d51f5512d05918
1 /*
2 * QEMU IDE disk and CD/DVD-ROM Emulator
3 *
4 * Copyright (c) 2003 Fabrice Bellard
5 * Copyright (c) 2006 Openedhand Ltd.
6 *
7 * Permission is hereby granted, free of charge, to any person obtaining a copy
8 * of this software and associated documentation files (the "Software"), to deal
9 * in the Software without restriction, including without limitation the rights
10 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
11 * copies of the Software, and to permit persons to whom the Software is
12 * furnished to do so, subject to the following conditions:
13 *
14 * The above copyright notice and this permission notice shall be included in
15 * all copies or substantial portions of the Software.
16 *
17 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
18 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
19 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
20 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
21 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
22 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
23 * THE SOFTWARE.
24 */
25 #include "hw.h"
26 #include "pc.h"
27 #include "pci.h"
28 #include "scsi-disk.h"
29 #include "pcmcia.h"
30 #include "block.h"
31 #include "block_int.h"
32 #include "qemu-timer.h"
33 #include "sysemu.h"
34 #include "ppc_mac.h"
35 #include "mac_dbdma.h"
36 #include "sh.h"
37
38 /* debug IDE devices */
39 //#define DEBUG_IDE
40 //#define DEBUG_IDE_ATAPI
41 //#define DEBUG_AIO
42 #define USE_DMA_CDROM
43
44 /* Bits of HD_STATUS */
45 #define ERR_STAT 0x01
46 #define INDEX_STAT 0x02
47 #define ECC_STAT 0x04 /* Corrected error */
48 #define DRQ_STAT 0x08
49 #define SEEK_STAT 0x10
50 #define SRV_STAT 0x10
51 #define WRERR_STAT 0x20
52 #define READY_STAT 0x40
53 #define BUSY_STAT 0x80
54
55 /* Bits for HD_ERROR */
56 #define MARK_ERR 0x01 /* Bad address mark */
57 #define TRK0_ERR 0x02 /* couldn't find track 0 */
58 #define ABRT_ERR 0x04 /* Command aborted */
59 #define MCR_ERR 0x08 /* media change request */
60 #define ID_ERR 0x10 /* ID field not found */
61 #define MC_ERR 0x20 /* media changed */
62 #define ECC_ERR 0x40 /* Uncorrectable ECC error */
63 #define BBD_ERR 0x80 /* pre-EIDE meaning: block marked bad */
64 #define ICRC_ERR 0x80 /* new meaning: CRC error during transfer */
65
66 /* Bits of HD_NSECTOR */
67 #define CD 0x01
68 #define IO 0x02
69 #define REL 0x04
70 #define TAG_MASK 0xf8
71
72 #define IDE_CMD_RESET 0x04
73 #define IDE_CMD_DISABLE_IRQ 0x02
74
75 /* ATA/ATAPI Commands pre T13 Spec */
76 #define WIN_NOP 0x00
77 /*
78 * 0x01->0x02 Reserved
79 */
80 #define CFA_REQ_EXT_ERROR_CODE 0x03 /* CFA Request Extended Error Code */
81 /*
82 * 0x04->0x07 Reserved
83 */
84 #define WIN_SRST 0x08 /* ATAPI soft reset command */
85 #define WIN_DEVICE_RESET 0x08
86 /*
87 * 0x09->0x0F Reserved
88 */
89 #define WIN_RECAL 0x10
90 #define WIN_RESTORE WIN_RECAL
91 /*
92 * 0x10->0x1F Reserved
93 */
94 #define WIN_READ 0x20 /* 28-Bit */
95 #define WIN_READ_ONCE 0x21 /* 28-Bit without retries */
96 #define WIN_READ_LONG 0x22 /* 28-Bit */
97 #define WIN_READ_LONG_ONCE 0x23 /* 28-Bit without retries */
98 #define WIN_READ_EXT 0x24 /* 48-Bit */
99 #define WIN_READDMA_EXT 0x25 /* 48-Bit */
100 #define WIN_READDMA_QUEUED_EXT 0x26 /* 48-Bit */
101 #define WIN_READ_NATIVE_MAX_EXT 0x27 /* 48-Bit */
102 /*
103 * 0x28
104 */
105 #define WIN_MULTREAD_EXT 0x29 /* 48-Bit */
106 /*
107 * 0x2A->0x2F Reserved
108 */
109 #define WIN_WRITE 0x30 /* 28-Bit */
110 #define WIN_WRITE_ONCE 0x31 /* 28-Bit without retries */
111 #define WIN_WRITE_LONG 0x32 /* 28-Bit */
112 #define WIN_WRITE_LONG_ONCE 0x33 /* 28-Bit without retries */
113 #define WIN_WRITE_EXT 0x34 /* 48-Bit */
114 #define WIN_WRITEDMA_EXT 0x35 /* 48-Bit */
115 #define WIN_WRITEDMA_QUEUED_EXT 0x36 /* 48-Bit */
116 #define WIN_SET_MAX_EXT 0x37 /* 48-Bit */
117 #define CFA_WRITE_SECT_WO_ERASE 0x38 /* CFA Write Sectors without erase */
118 #define WIN_MULTWRITE_EXT 0x39 /* 48-Bit */
119 /*
120 * 0x3A->0x3B Reserved
121 */
122 #define WIN_WRITE_VERIFY 0x3C /* 28-Bit */
123 /*
124 * 0x3D->0x3F Reserved
125 */
126 #define WIN_VERIFY 0x40 /* 28-Bit - Read Verify Sectors */
127 #define WIN_VERIFY_ONCE 0x41 /* 28-Bit - without retries */
128 #define WIN_VERIFY_EXT 0x42 /* 48-Bit */
129 /*
130 * 0x43->0x4F Reserved
131 */
132 #define WIN_FORMAT 0x50
133 /*
134 * 0x51->0x5F Reserved
135 */
136 #define WIN_INIT 0x60
137 /*
138 * 0x61->0x5F Reserved
139 */
140 #define WIN_SEEK 0x70 /* 0x70-0x7F Reserved */
141 #define CFA_TRANSLATE_SECTOR 0x87 /* CFA Translate Sector */
142 #define WIN_DIAGNOSE 0x90
143 #define WIN_SPECIFY 0x91 /* set drive geometry translation */
144 #define WIN_DOWNLOAD_MICROCODE 0x92
145 #define WIN_STANDBYNOW2 0x94
146 #define CFA_IDLEIMMEDIATE 0x95 /* force drive to become "ready" */
147 #define WIN_STANDBY2 0x96
148 #define WIN_SETIDLE2 0x97
149 #define WIN_CHECKPOWERMODE2 0x98
150 #define WIN_SLEEPNOW2 0x99
151 /*
152 * 0x9A VENDOR
153 */
154 #define WIN_PACKETCMD 0xA0 /* Send a packet command. */
155 #define WIN_PIDENTIFY 0xA1 /* identify ATAPI device */
156 #define WIN_QUEUED_SERVICE 0xA2
157 #define WIN_SMART 0xB0 /* self-monitoring and reporting */
158 #define CFA_ACCESS_METADATA_STORAGE 0xB8
159 #define CFA_ERASE_SECTORS 0xC0 /* microdrives implement as NOP */
160 #define WIN_MULTREAD 0xC4 /* read sectors using multiple mode*/
161 #define WIN_MULTWRITE 0xC5 /* write sectors using multiple mode */
162 #define WIN_SETMULT 0xC6 /* enable/disable multiple mode */
163 #define WIN_READDMA_QUEUED 0xC7 /* read sectors using Queued DMA transfers */
164 #define WIN_READDMA 0xC8 /* read sectors using DMA transfers */
165 #define WIN_READDMA_ONCE 0xC9 /* 28-Bit - without retries */
166 #define WIN_WRITEDMA 0xCA /* write sectors using DMA transfers */
167 #define WIN_WRITEDMA_ONCE 0xCB /* 28-Bit - without retries */
168 #define WIN_WRITEDMA_QUEUED 0xCC /* write sectors using Queued DMA transfers */
169 #define CFA_WRITE_MULTI_WO_ERASE 0xCD /* CFA Write multiple without erase */
170 #define WIN_GETMEDIASTATUS 0xDA
171 #define WIN_ACKMEDIACHANGE 0xDB /* ATA-1, ATA-2 vendor */
172 #define WIN_POSTBOOT 0xDC
173 #define WIN_PREBOOT 0xDD
174 #define WIN_DOORLOCK 0xDE /* lock door on removable drives */
175 #define WIN_DOORUNLOCK 0xDF /* unlock door on removable drives */
176 #define WIN_STANDBYNOW1 0xE0
177 #define WIN_IDLEIMMEDIATE 0xE1 /* force drive to become "ready" */
178 #define WIN_STANDBY 0xE2 /* Set device in Standby Mode */
179 #define WIN_SETIDLE1 0xE3
180 #define WIN_READ_BUFFER 0xE4 /* force read only 1 sector */
181 #define WIN_CHECKPOWERMODE1 0xE5
182 #define WIN_SLEEPNOW1 0xE6
183 #define WIN_FLUSH_CACHE 0xE7
184 #define WIN_WRITE_BUFFER 0xE8 /* force write only 1 sector */
185 #define WIN_WRITE_SAME 0xE9 /* read ata-2 to use */
186 /* SET_FEATURES 0x22 or 0xDD */
187 #define WIN_FLUSH_CACHE_EXT 0xEA /* 48-Bit */
188 #define WIN_IDENTIFY 0xEC /* ask drive to identify itself */
189 #define WIN_MEDIAEJECT 0xED
190 #define WIN_IDENTIFY_DMA 0xEE /* same as WIN_IDENTIFY, but DMA */
191 #define WIN_SETFEATURES 0xEF /* set special drive features */
192 #define EXABYTE_ENABLE_NEST 0xF0
193 #define IBM_SENSE_CONDITION 0xF0 /* measure disk temperature */
194 #define WIN_SECURITY_SET_PASS 0xF1
195 #define WIN_SECURITY_UNLOCK 0xF2
196 #define WIN_SECURITY_ERASE_PREPARE 0xF3
197 #define WIN_SECURITY_ERASE_UNIT 0xF4
198 #define WIN_SECURITY_FREEZE_LOCK 0xF5
199 #define CFA_WEAR_LEVEL 0xF5 /* microdrives implement as NOP */
200 #define WIN_SECURITY_DISABLE 0xF6
201 #define WIN_READ_NATIVE_MAX 0xF8 /* return the native maximum address */
202 #define WIN_SET_MAX 0xF9
203 #define DISABLE_SEAGATE 0xFB
204
205 /* set to 1 set disable mult support */
206 #define MAX_MULT_SECTORS 16
207
208 #define IDE_DMA_BUF_SECTORS 256
209
210 #if (IDE_DMA_BUF_SECTORS < MAX_MULT_SECTORS)
211 #error "IDE_DMA_BUF_SECTORS must be bigger or equal to MAX_MULT_SECTORS"
212 #endif
213
214 /* ATAPI defines */
215
216 #define ATAPI_PACKET_SIZE 12
217
218 /* The generic packet command opcodes for CD/DVD Logical Units,
219 * From Table 57 of the SFF8090 Ver. 3 (Mt. Fuji) draft standard. */
220 #define GPCMD_BLANK 0xa1
221 #define GPCMD_CLOSE_TRACK 0x5b
222 #define GPCMD_FLUSH_CACHE 0x35
223 #define GPCMD_FORMAT_UNIT 0x04
224 #define GPCMD_GET_CONFIGURATION 0x46
225 #define GPCMD_GET_EVENT_STATUS_NOTIFICATION 0x4a
226 #define GPCMD_GET_PERFORMANCE 0xac
227 #define GPCMD_INQUIRY 0x12
228 #define GPCMD_LOAD_UNLOAD 0xa6
229 #define GPCMD_MECHANISM_STATUS 0xbd
230 #define GPCMD_MODE_SELECT_10 0x55
231 #define GPCMD_MODE_SENSE_10 0x5a
232 #define GPCMD_PAUSE_RESUME 0x4b
233 #define GPCMD_PLAY_AUDIO_10 0x45
234 #define GPCMD_PLAY_AUDIO_MSF 0x47
235 #define GPCMD_PLAY_AUDIO_TI 0x48
236 #define GPCMD_PLAY_CD 0xbc
237 #define GPCMD_PREVENT_ALLOW_MEDIUM_REMOVAL 0x1e
238 #define GPCMD_READ_10 0x28
239 #define GPCMD_READ_12 0xa8
240 #define GPCMD_READ_CDVD_CAPACITY 0x25
241 #define GPCMD_READ_CD 0xbe
242 #define GPCMD_READ_CD_MSF 0xb9
243 #define GPCMD_READ_DISC_INFO 0x51
244 #define GPCMD_READ_DVD_STRUCTURE 0xad
245 #define GPCMD_READ_FORMAT_CAPACITIES 0x23
246 #define GPCMD_READ_HEADER 0x44
247 #define GPCMD_READ_TRACK_RZONE_INFO 0x52
248 #define GPCMD_READ_SUBCHANNEL 0x42
249 #define GPCMD_READ_TOC_PMA_ATIP 0x43
250 #define GPCMD_REPAIR_RZONE_TRACK 0x58
251 #define GPCMD_REPORT_KEY 0xa4
252 #define GPCMD_REQUEST_SENSE 0x03
253 #define GPCMD_RESERVE_RZONE_TRACK 0x53
254 #define GPCMD_SCAN 0xba
255 #define GPCMD_SEEK 0x2b
256 #define GPCMD_SEND_DVD_STRUCTURE 0xad
257 #define GPCMD_SEND_EVENT 0xa2
258 #define GPCMD_SEND_KEY 0xa3
259 #define GPCMD_SEND_OPC 0x54
260 #define GPCMD_SET_READ_AHEAD 0xa7
261 #define GPCMD_SET_STREAMING 0xb6
262 #define GPCMD_START_STOP_UNIT 0x1b
263 #define GPCMD_STOP_PLAY_SCAN 0x4e
264 #define GPCMD_TEST_UNIT_READY 0x00
265 #define GPCMD_VERIFY_10 0x2f
266 #define GPCMD_WRITE_10 0x2a
267 #define GPCMD_WRITE_AND_VERIFY_10 0x2e
268 /* This is listed as optional in ATAPI 2.6, but is (curiously)
269 * missing from Mt. Fuji, Table 57. It _is_ mentioned in Mt. Fuji
270 * Table 377 as an MMC command for SCSi devices though... Most ATAPI
271 * drives support it. */
272 #define GPCMD_SET_SPEED 0xbb
273 /* This seems to be a SCSI specific CD-ROM opcode
274 * to play data at track/index */
275 #define GPCMD_PLAYAUDIO_TI 0x48
276 /*
277 * From MS Media Status Notification Support Specification. For
278 * older drives only.
279 */
280 #define GPCMD_GET_MEDIA_STATUS 0xda
281 #define GPCMD_MODE_SENSE_6 0x1a
282
283 /* Mode page codes for mode sense/set */
284 #define GPMODE_R_W_ERROR_PAGE 0x01
285 #define GPMODE_WRITE_PARMS_PAGE 0x05
286 #define GPMODE_AUDIO_CTL_PAGE 0x0e
287 #define GPMODE_POWER_PAGE 0x1a
288 #define GPMODE_FAULT_FAIL_PAGE 0x1c
289 #define GPMODE_TO_PROTECT_PAGE 0x1d
290 #define GPMODE_CAPABILITIES_PAGE 0x2a
291 #define GPMODE_ALL_PAGES 0x3f
292 /* Not in Mt. Fuji, but in ATAPI 2.6 -- depricated now in favor
293 * of MODE_SENSE_POWER_PAGE */
294 #define GPMODE_CDROM_PAGE 0x0d
295
296 /*
297 * Based on values from <linux/cdrom.h> but extending CD_MINS
298 * to the maximum common size allowed by the Orange's Book ATIP
299 *
300 * 90 and 99 min CDs are also available but using them as the
301 * upper limit reduces the effectiveness of the heuristic to
302 * detect DVDs burned to less than 25% of their maximum capacity
303 */
304
305 /* Some generally useful CD-ROM information */
306 #define CD_MINS 80 /* max. minutes per CD */
307 #define CD_SECS 60 /* seconds per minute */
308 #define CD_FRAMES 75 /* frames per second */
309 #define CD_FRAMESIZE 2048 /* bytes per frame, "cooked" mode */
310 #define CD_MAX_BYTES (CD_MINS * CD_SECS * CD_FRAMES * CD_FRAMESIZE)
311 #define CD_MAX_SECTORS (CD_MAX_BYTES / 512)
312
313 /*
314 * The MMC values are not IDE specific and might need to be moved
315 * to a common header if they are also needed for the SCSI emulation
316 */
317
318 /* Profile list from MMC-6 revision 1 table 91 */
319 #define MMC_PROFILE_NONE 0x0000
320 #define MMC_PROFILE_CD_ROM 0x0008
321 #define MMC_PROFILE_CD_R 0x0009
322 #define MMC_PROFILE_CD_RW 0x000A
323 #define MMC_PROFILE_DVD_ROM 0x0010
324 #define MMC_PROFILE_DVD_R_SR 0x0011
325 #define MMC_PROFILE_DVD_RAM 0x0012
326 #define MMC_PROFILE_DVD_RW_RO 0x0013
327 #define MMC_PROFILE_DVD_RW_SR 0x0014
328 #define MMC_PROFILE_DVD_R_DL_SR 0x0015
329 #define MMC_PROFILE_DVD_R_DL_JR 0x0016
330 #define MMC_PROFILE_DVD_RW_DL 0x0017
331 #define MMC_PROFILE_DVD_DDR 0x0018
332 #define MMC_PROFILE_DVD_PLUS_RW 0x001A
333 #define MMC_PROFILE_DVD_PLUS_R 0x001B
334 #define MMC_PROFILE_DVD_PLUS_RW_DL 0x002A
335 #define MMC_PROFILE_DVD_PLUS_R_DL 0x002B
336 #define MMC_PROFILE_BD_ROM 0x0040
337 #define MMC_PROFILE_BD_R_SRM 0x0041
338 #define MMC_PROFILE_BD_R_RRM 0x0042
339 #define MMC_PROFILE_BD_RE 0x0043
340 #define MMC_PROFILE_HDDVD_ROM 0x0050
341 #define MMC_PROFILE_HDDVD_R 0x0051
342 #define MMC_PROFILE_HDDVD_RAM 0x0052
343 #define MMC_PROFILE_HDDVD_RW 0x0053
344 #define MMC_PROFILE_HDDVD_R_DL 0x0058
345 #define MMC_PROFILE_HDDVD_RW_DL 0x005A
346 #define MMC_PROFILE_INVALID 0xFFFF
347
348 #define ATAPI_INT_REASON_CD 0x01 /* 0 = data transfer */
349 #define ATAPI_INT_REASON_IO 0x02 /* 1 = transfer to the host */
350 #define ATAPI_INT_REASON_REL 0x04
351 #define ATAPI_INT_REASON_TAG 0xf8
352
353 /* same constants as bochs */
354 #define ASC_ILLEGAL_OPCODE 0x20
355 #define ASC_LOGICAL_BLOCK_OOR 0x21
356 #define ASC_INV_FIELD_IN_CMD_PACKET 0x24
357 #define ASC_MEDIUM_MAY_HAVE_CHANGED 0x28
358 #define ASC_INCOMPATIBLE_FORMAT 0x30
359 #define ASC_MEDIUM_NOT_PRESENT 0x3a
360 #define ASC_SAVING_PARAMETERS_NOT_SUPPORTED 0x39
361
362 #define CFA_NO_ERROR 0x00
363 #define CFA_MISC_ERROR 0x09
364 #define CFA_INVALID_COMMAND 0x20
365 #define CFA_INVALID_ADDRESS 0x21
366 #define CFA_ADDRESS_OVERFLOW 0x2f
367
368 #define SENSE_NONE 0
369 #define SENSE_NOT_READY 2
370 #define SENSE_ILLEGAL_REQUEST 5
371 #define SENSE_UNIT_ATTENTION 6
372
373 struct IDEState;
374
375 typedef void EndTransferFunc(struct IDEState *);
376
377 /* NOTE: IDEState represents in fact one drive */
378 typedef struct IDEState {
379 /* ide config */
380 int is_cdrom;
381 int is_cf;
382 int cylinders, heads, sectors;
383 int64_t nb_sectors;
384 int mult_sectors;
385 int identify_set;
386 uint16_t identify_data[256];
387 qemu_irq irq;
388 PCIDevice *pci_dev;
389 struct BMDMAState *bmdma;
390 int drive_serial;
391 char drive_serial_str[21];
392 /* ide regs */
393 uint8_t feature;
394 uint8_t error;
395 uint32_t nsector;
396 uint8_t sector;
397 uint8_t lcyl;
398 uint8_t hcyl;
399 /* other part of tf for lba48 support */
400 uint8_t hob_feature;
401 uint8_t hob_nsector;
402 uint8_t hob_sector;
403 uint8_t hob_lcyl;
404 uint8_t hob_hcyl;
405
406 uint8_t select;
407 uint8_t status;
408
409 /* 0x3f6 command, only meaningful for drive 0 */
410 uint8_t cmd;
411 /* set for lba48 access */
412 uint8_t lba48;
413 /* depends on bit 4 in select, only meaningful for drive 0 */
414 struct IDEState *cur_drive;
415 BlockDriverState *bs;
416 /* ATAPI specific */
417 uint8_t sense_key;
418 uint8_t asc;
419 int packet_transfer_size;
420 int elementary_transfer_size;
421 int io_buffer_index;
422 int lba;
423 int cd_sector_size;
424 int atapi_dma; /* true if dma is requested for the packet cmd */
425 /* ATA DMA state */
426 int io_buffer_size;
427 QEMUIOVector iovec;
428 /* PIO transfer handling */
429 int req_nb_sectors; /* number of sectors per interrupt */
430 EndTransferFunc *end_transfer_func;
431 uint8_t *data_ptr;
432 uint8_t *data_end;
433 uint8_t *io_buffer;
434 QEMUTimer *sector_write_timer; /* only used for win2k install hack */
435 uint32_t irq_count; /* counts IRQs when using win2k install hack */
436 /* CF-ATA extended error */
437 uint8_t ext_error;
438 /* CF-ATA metadata storage */
439 uint32_t mdata_size;
440 uint8_t *mdata_storage;
441 int media_changed;
442 /* for pmac */
443 int is_read;
444 } IDEState;
445
446 /* XXX: DVDs that could fit on a CD will be reported as a CD */
447 static inline int media_present(IDEState *s)
448 {
449 return (s->nb_sectors > 0);
450 }
451
452 static inline int media_is_dvd(IDEState *s)
453 {
454 return (media_present(s) && s->nb_sectors > CD_MAX_SECTORS);
455 }
456
457 static inline int media_is_cd(IDEState *s)
458 {
459 return (media_present(s) && s->nb_sectors <= CD_MAX_SECTORS);
460 }
461
462 #define BM_STATUS_DMAING 0x01
463 #define BM_STATUS_ERROR 0x02
464 #define BM_STATUS_INT 0x04
465 #define BM_STATUS_DMA_RETRY 0x08
466 #define BM_STATUS_PIO_RETRY 0x10
467
468 #define BM_CMD_START 0x01
469 #define BM_CMD_READ 0x08
470
471 #define IDE_TYPE_PIIX3 0
472 #define IDE_TYPE_CMD646 1
473 #define IDE_TYPE_PIIX4 2
474
475 /* CMD646 specific */
476 #define MRDMODE 0x71
477 #define MRDMODE_INTR_CH0 0x04
478 #define MRDMODE_INTR_CH1 0x08
479 #define MRDMODE_BLK_CH0 0x10
480 #define MRDMODE_BLK_CH1 0x20
481 #define UDIDETCR0 0x73
482 #define UDIDETCR1 0x7B
483
484 typedef struct BMDMAState {
485 uint8_t cmd;
486 uint8_t status;
487 uint32_t addr;
488
489 struct PCIIDEState *pci_dev;
490 /* current transfer state */
491 uint32_t cur_addr;
492 uint32_t cur_prd_last;
493 uint32_t cur_prd_addr;
494 uint32_t cur_prd_len;
495 IDEState *ide_if;
496 BlockDriverCompletionFunc *dma_cb;
497 BlockDriverAIOCB *aiocb;
498 int64_t sector_num;
499 uint32_t nsector;
500 } BMDMAState;
501
502 typedef struct PCIIDEState {
503 PCIDevice dev;
504 IDEState ide_if[4];
505 BMDMAState bmdma[2];
506 int type; /* see IDE_TYPE_xxx */
507 } PCIIDEState;
508
509 static void ide_dma_start(IDEState *s, BlockDriverCompletionFunc *dma_cb);
510 static void ide_dma_restart(IDEState *s);
511 static void ide_atapi_cmd_read_dma_cb(void *opaque, int ret);
512
513 static void padstr(char *str, const char *src, int len)
514 {
515 int i, v;
516 for(i = 0; i < len; i++) {
517 if (*src)
518 v = *src++;
519 else
520 v = ' ';
521 str[i^1] = v;
522 }
523 }
524
525 static void padstr8(uint8_t *buf, int buf_size, const char *src)
526 {
527 int i;
528 for(i = 0; i < buf_size; i++) {
529 if (*src)
530 buf[i] = *src++;
531 else
532 buf[i] = ' ';
533 }
534 }
535
536 static void put_le16(uint16_t *p, unsigned int v)
537 {
538 *p = cpu_to_le16(v);
539 }
540
541 static void ide_identify(IDEState *s)
542 {
543 uint16_t *p;
544 unsigned int oldsize;
545
546 if (s->identify_set) {
547 memcpy(s->io_buffer, s->identify_data, sizeof(s->identify_data));
548 return;
549 }
550
551 memset(s->io_buffer, 0, 512);
552 p = (uint16_t *)s->io_buffer;
553 put_le16(p + 0, 0x0040);
554 put_le16(p + 1, s->cylinders);
555 put_le16(p + 3, s->heads);
556 put_le16(p + 4, 512 * s->sectors); /* XXX: retired, remove ? */
557 put_le16(p + 5, 512); /* XXX: retired, remove ? */
558 put_le16(p + 6, s->sectors);
559 padstr((char *)(p + 10), s->drive_serial_str, 20); /* serial number */
560 put_le16(p + 20, 3); /* XXX: retired, remove ? */
561 put_le16(p + 21, 512); /* cache size in sectors */
562 put_le16(p + 22, 4); /* ecc bytes */
563 padstr((char *)(p + 23), QEMU_VERSION, 8); /* firmware version */
564 padstr((char *)(p + 27), "QEMU HARDDISK", 40); /* model */
565 #if MAX_MULT_SECTORS > 1
566 put_le16(p + 47, 0x8000 | MAX_MULT_SECTORS);
567 #endif
568 put_le16(p + 48, 1); /* dword I/O */
569 put_le16(p + 49, (1 << 11) | (1 << 9) | (1 << 8)); /* DMA and LBA supported */
570 put_le16(p + 51, 0x200); /* PIO transfer cycle */
571 put_le16(p + 52, 0x200); /* DMA transfer cycle */
572 put_le16(p + 53, 1 | (1 << 1) | (1 << 2)); /* words 54-58,64-70,88 are valid */
573 put_le16(p + 54, s->cylinders);
574 put_le16(p + 55, s->heads);
575 put_le16(p + 56, s->sectors);
576 oldsize = s->cylinders * s->heads * s->sectors;
577 put_le16(p + 57, oldsize);
578 put_le16(p + 58, oldsize >> 16);
579 if (s->mult_sectors)
580 put_le16(p + 59, 0x100 | s->mult_sectors);
581 put_le16(p + 60, s->nb_sectors);
582 put_le16(p + 61, s->nb_sectors >> 16);
583 put_le16(p + 62, 0x07); /* single word dma0-2 supported */
584 put_le16(p + 63, 0x07); /* mdma0-2 supported */
585 put_le16(p + 65, 120);
586 put_le16(p + 66, 120);
587 put_le16(p + 67, 120);
588 put_le16(p + 68, 120);
589 put_le16(p + 80, 0xf0); /* ata3 -> ata6 supported */
590 put_le16(p + 81, 0x16); /* conforms to ata5 */
591 put_le16(p + 82, (1 << 14));
592 /* 13=flush_cache_ext,12=flush_cache,10=lba48 */
593 put_le16(p + 83, (1 << 14) | (1 << 13) | (1 <<12) | (1 << 10));
594 put_le16(p + 84, (1 << 14));
595 put_le16(p + 85, (1 << 14));
596 /* 13=flush_cache_ext,12=flush_cache,10=lba48 */
597 put_le16(p + 86, (1 << 14) | (1 << 13) | (1 <<12) | (1 << 10));
598 put_le16(p + 87, (1 << 14));
599 put_le16(p + 88, 0x3f | (1 << 13)); /* udma5 set and supported */
600 put_le16(p + 93, 1 | (1 << 14) | 0x2000);
601 put_le16(p + 100, s->nb_sectors);
602 put_le16(p + 101, s->nb_sectors >> 16);
603 put_le16(p + 102, s->nb_sectors >> 32);
604 put_le16(p + 103, s->nb_sectors >> 48);
605
606 memcpy(s->identify_data, p, sizeof(s->identify_data));
607 s->identify_set = 1;
608 }
609
610 static void ide_atapi_identify(IDEState *s)
611 {
612 uint16_t *p;
613
614 if (s->identify_set) {
615 memcpy(s->io_buffer, s->identify_data, sizeof(s->identify_data));
616 return;
617 }
618
619 memset(s->io_buffer, 0, 512);
620 p = (uint16_t *)s->io_buffer;
621 /* Removable CDROM, 50us response, 12 byte packets */
622 put_le16(p + 0, (2 << 14) | (5 << 8) | (1 << 7) | (2 << 5) | (0 << 0));
623 padstr((char *)(p + 10), s->drive_serial_str, 20); /* serial number */
624 put_le16(p + 20, 3); /* buffer type */
625 put_le16(p + 21, 512); /* cache size in sectors */
626 put_le16(p + 22, 4); /* ecc bytes */
627 padstr((char *)(p + 23), QEMU_VERSION, 8); /* firmware version */
628 padstr((char *)(p + 27), "QEMU DVD-ROM", 40); /* model */
629 put_le16(p + 48, 1); /* dword I/O (XXX: should not be set on CDROM) */
630 #ifdef USE_DMA_CDROM
631 put_le16(p + 49, 1 << 9 | 1 << 8); /* DMA and LBA supported */
632 put_le16(p + 53, 7); /* words 64-70, 54-58, 88 valid */
633 put_le16(p + 62, 7); /* single word dma0-2 supported */
634 put_le16(p + 63, 7); /* mdma0-2 supported */
635 put_le16(p + 64, 0x3f); /* PIO modes supported */
636 #else
637 put_le16(p + 49, 1 << 9); /* LBA supported, no DMA */
638 put_le16(p + 53, 3); /* words 64-70, 54-58 valid */
639 put_le16(p + 63, 0x103); /* DMA modes XXX: may be incorrect */
640 put_le16(p + 64, 1); /* PIO modes */
641 #endif
642 put_le16(p + 65, 0xb4); /* minimum DMA multiword tx cycle time */
643 put_le16(p + 66, 0xb4); /* recommended DMA multiword tx cycle time */
644 put_le16(p + 67, 0x12c); /* minimum PIO cycle time without flow control */
645 put_le16(p + 68, 0xb4); /* minimum PIO cycle time with IORDY flow control */
646
647 put_le16(p + 71, 30); /* in ns */
648 put_le16(p + 72, 30); /* in ns */
649
650 put_le16(p + 80, 0x1e); /* support up to ATA/ATAPI-4 */
651 #ifdef USE_DMA_CDROM
652 put_le16(p + 88, 0x3f | (1 << 13)); /* udma5 set and supported */
653 #endif
654 memcpy(s->identify_data, p, sizeof(s->identify_data));
655 s->identify_set = 1;
656 }
657
658 static void ide_cfata_identify(IDEState *s)
659 {
660 uint16_t *p;
661 uint32_t cur_sec;
662
663 p = (uint16_t *) s->identify_data;
664 if (s->identify_set)
665 goto fill_buffer;
666
667 memset(p, 0, sizeof(s->identify_data));
668
669 cur_sec = s->cylinders * s->heads * s->sectors;
670
671 put_le16(p + 0, 0x848a); /* CF Storage Card signature */
672 put_le16(p + 1, s->cylinders); /* Default cylinders */
673 put_le16(p + 3, s->heads); /* Default heads */
674 put_le16(p + 6, s->sectors); /* Default sectors per track */
675 put_le16(p + 7, s->nb_sectors >> 16); /* Sectors per card */
676 put_le16(p + 8, s->nb_sectors); /* Sectors per card */
677 padstr((char *)(p + 10), s->drive_serial_str, 20); /* serial number */
678 put_le16(p + 22, 0x0004); /* ECC bytes */
679 padstr((char *) (p + 23), QEMU_VERSION, 8); /* Firmware Revision */
680 padstr((char *) (p + 27), "QEMU MICRODRIVE", 40);/* Model number */
681 #if MAX_MULT_SECTORS > 1
682 put_le16(p + 47, 0x8000 | MAX_MULT_SECTORS);
683 #else
684 put_le16(p + 47, 0x0000);
685 #endif
686 put_le16(p + 49, 0x0f00); /* Capabilities */
687 put_le16(p + 51, 0x0002); /* PIO cycle timing mode */
688 put_le16(p + 52, 0x0001); /* DMA cycle timing mode */
689 put_le16(p + 53, 0x0003); /* Translation params valid */
690 put_le16(p + 54, s->cylinders); /* Current cylinders */
691 put_le16(p + 55, s->heads); /* Current heads */
692 put_le16(p + 56, s->sectors); /* Current sectors */
693 put_le16(p + 57, cur_sec); /* Current capacity */
694 put_le16(p + 58, cur_sec >> 16); /* Current capacity */
695 if (s->mult_sectors) /* Multiple sector setting */
696 put_le16(p + 59, 0x100 | s->mult_sectors);
697 put_le16(p + 60, s->nb_sectors); /* Total LBA sectors */
698 put_le16(p + 61, s->nb_sectors >> 16); /* Total LBA sectors */
699 put_le16(p + 63, 0x0203); /* Multiword DMA capability */
700 put_le16(p + 64, 0x0001); /* Flow Control PIO support */
701 put_le16(p + 65, 0x0096); /* Min. Multiword DMA cycle */
702 put_le16(p + 66, 0x0096); /* Rec. Multiword DMA cycle */
703 put_le16(p + 68, 0x00b4); /* Min. PIO cycle time */
704 put_le16(p + 82, 0x400c); /* Command Set supported */
705 put_le16(p + 83, 0x7068); /* Command Set supported */
706 put_le16(p + 84, 0x4000); /* Features supported */
707 put_le16(p + 85, 0x000c); /* Command Set enabled */
708 put_le16(p + 86, 0x7044); /* Command Set enabled */
709 put_le16(p + 87, 0x4000); /* Features enabled */
710 put_le16(p + 91, 0x4060); /* Current APM level */
711 put_le16(p + 129, 0x0002); /* Current features option */
712 put_le16(p + 130, 0x0005); /* Reassigned sectors */
713 put_le16(p + 131, 0x0001); /* Initial power mode */
714 put_le16(p + 132, 0x0000); /* User signature */
715 put_le16(p + 160, 0x8100); /* Power requirement */
716 put_le16(p + 161, 0x8001); /* CF command set */
717
718 s->identify_set = 1;
719
720 fill_buffer:
721 memcpy(s->io_buffer, p, sizeof(s->identify_data));
722 }
723
724 static void ide_set_signature(IDEState *s)
725 {
726 s->select &= 0xf0; /* clear head */
727 /* put signature */
728 s->nsector = 1;
729 s->sector = 1;
730 if (s->is_cdrom) {
731 s->lcyl = 0x14;
732 s->hcyl = 0xeb;
733 } else if (s->bs) {
734 s->lcyl = 0;
735 s->hcyl = 0;
736 } else {
737 s->lcyl = 0xff;
738 s->hcyl = 0xff;
739 }
740 }
741
742 static inline void ide_abort_command(IDEState *s)
743 {
744 s->status = READY_STAT | ERR_STAT;
745 s->error = ABRT_ERR;
746 }
747
748 static inline void ide_dma_submit_check(IDEState *s,
749 BlockDriverCompletionFunc *dma_cb, BMDMAState *bm)
750 {
751 if (bm->aiocb)
752 return;
753 dma_cb(bm, -1);
754 }
755
756 static inline void ide_set_irq(IDEState *s)
757 {
758 BMDMAState *bm = s->bmdma;
759 if (!(s->cmd & IDE_CMD_DISABLE_IRQ)) {
760 if (bm) {
761 bm->status |= BM_STATUS_INT;
762 }
763 qemu_irq_raise(s->irq);
764 }
765 }
766
767 /* prepare data transfer and tell what to do after */
768 static void ide_transfer_start(IDEState *s, uint8_t *buf, int size,
769 EndTransferFunc *end_transfer_func)
770 {
771 s->end_transfer_func = end_transfer_func;
772 s->data_ptr = buf;
773 s->data_end = buf + size;
774 if (!(s->status & ERR_STAT))
775 s->status |= DRQ_STAT;
776 }
777
778 static void ide_transfer_stop(IDEState *s)
779 {
780 s->end_transfer_func = ide_transfer_stop;
781 s->data_ptr = s->io_buffer;
782 s->data_end = s->io_buffer;
783 s->status &= ~DRQ_STAT;
784 }
785
786 static int64_t ide_get_sector(IDEState *s)
787 {
788 int64_t sector_num;
789 if (s->select & 0x40) {
790 /* lba */
791 if (!s->lba48) {
792 sector_num = ((s->select & 0x0f) << 24) | (s->hcyl << 16) |
793 (s->lcyl << 8) | s->sector;
794 } else {
795 sector_num = ((int64_t)s->hob_hcyl << 40) |
796 ((int64_t) s->hob_lcyl << 32) |
797 ((int64_t) s->hob_sector << 24) |
798 ((int64_t) s->hcyl << 16) |
799 ((int64_t) s->lcyl << 8) | s->sector;
800 }
801 } else {
802 sector_num = ((s->hcyl << 8) | s->lcyl) * s->heads * s->sectors +
803 (s->select & 0x0f) * s->sectors + (s->sector - 1);
804 }
805 return sector_num;
806 }
807
808 static void ide_set_sector(IDEState *s, int64_t sector_num)
809 {
810 unsigned int cyl, r;
811 if (s->select & 0x40) {
812 if (!s->lba48) {
813 s->select = (s->select & 0xf0) | (sector_num >> 24);
814 s->hcyl = (sector_num >> 16);
815 s->lcyl = (sector_num >> 8);
816 s->sector = (sector_num);
817 } else {
818 s->sector = sector_num;
819 s->lcyl = sector_num >> 8;
820 s->hcyl = sector_num >> 16;
821 s->hob_sector = sector_num >> 24;
822 s->hob_lcyl = sector_num >> 32;
823 s->hob_hcyl = sector_num >> 40;
824 }
825 } else {
826 cyl = sector_num / (s->heads * s->sectors);
827 r = sector_num % (s->heads * s->sectors);
828 s->hcyl = cyl >> 8;
829 s->lcyl = cyl;
830 s->select = (s->select & 0xf0) | ((r / s->sectors) & 0x0f);
831 s->sector = (r % s->sectors) + 1;
832 }
833 }
834
835 static void ide_rw_error(IDEState *s) {
836 ide_abort_command(s);
837 ide_set_irq(s);
838 }
839
840 static void ide_sector_read(IDEState *s)
841 {
842 int64_t sector_num;
843 int ret, n;
844
845 s->status = READY_STAT | SEEK_STAT;
846 s->error = 0; /* not needed by IDE spec, but needed by Windows */
847 sector_num = ide_get_sector(s);
848 n = s->nsector;
849 if (n == 0) {
850 /* no more sector to read from disk */
851 ide_transfer_stop(s);
852 } else {
853 #if defined(DEBUG_IDE)
854 printf("read sector=%" PRId64 "\n", sector_num);
855 #endif
856 if (n > s->req_nb_sectors)
857 n = s->req_nb_sectors;
858 ret = bdrv_read(s->bs, sector_num, s->io_buffer, n);
859 if (ret != 0) {
860 ide_rw_error(s);
861 return;
862 }
863 ide_transfer_start(s, s->io_buffer, 512 * n, ide_sector_read);
864 ide_set_irq(s);
865 ide_set_sector(s, sector_num + n);
866 s->nsector -= n;
867 }
868 }
869
870
871 /* return 0 if buffer completed */
872 static int dma_buf_prepare(BMDMAState *bm, int is_write)
873 {
874 IDEState *s = bm->ide_if;
875 struct {
876 uint32_t addr;
877 uint32_t size;
878 } prd;
879 int l, len;
880 void *mem;
881 target_phys_addr_t l1;
882
883 qemu_iovec_init(&s->iovec, s->nsector / (TARGET_PAGE_SIZE/512) + 1);
884 s->io_buffer_size = 0;
885 for(;;) {
886 if (bm->cur_prd_len == 0) {
887 /* end of table (with a fail safe of one page) */
888 if (bm->cur_prd_last ||
889 (bm->cur_addr - bm->addr) >= 4096)
890 return s->io_buffer_size != 0;
891 cpu_physical_memory_read(bm->cur_addr, (uint8_t *)&prd, 8);
892 bm->cur_addr += 8;
893 prd.addr = le32_to_cpu(prd.addr);
894 prd.size = le32_to_cpu(prd.size);
895 len = prd.size & 0xfffe;
896 if (len == 0)
897 len = 0x10000;
898 bm->cur_prd_len = len;
899 bm->cur_prd_addr = prd.addr;
900 bm->cur_prd_last = (prd.size & 0x80000000);
901 }
902 l = bm->cur_prd_len;
903 if (l > 0) {
904 l1 = l;
905 mem = cpu_physical_memory_map(bm->cur_prd_addr, &l1, is_write);
906 if (!mem) {
907 break;
908 }
909 qemu_iovec_add(&s->iovec, mem, l1);
910 bm->cur_prd_addr += l1;
911 bm->cur_prd_len -= l1;
912 s->io_buffer_size += l1;
913 }
914 }
915 return 1;
916 }
917
918 static void dma_buf_commit(IDEState *s, int is_write)
919 {
920 int i;
921
922 for (i = 0; i < s->iovec.niov; ++i) {
923 cpu_physical_memory_unmap(s->iovec.iov[i].iov_base,
924 s->iovec.iov[i].iov_len, is_write,
925 s->iovec.iov[i].iov_len);
926 }
927 qemu_iovec_destroy(&s->iovec);
928 }
929
930 static void ide_dma_error(IDEState *s)
931 {
932 ide_transfer_stop(s);
933 s->error = ABRT_ERR;
934 s->status = READY_STAT | ERR_STAT;
935 ide_set_irq(s);
936 }
937
938 static int ide_handle_write_error(IDEState *s, int error, int op)
939 {
940 BlockInterfaceErrorAction action = drive_get_onerror(s->bs);
941
942 if (action == BLOCK_ERR_IGNORE)
943 return 0;
944
945 if ((error == ENOSPC && action == BLOCK_ERR_STOP_ENOSPC)
946 || action == BLOCK_ERR_STOP_ANY) {
947 s->bmdma->ide_if = s;
948 s->bmdma->status |= op;
949 vm_stop(0);
950 } else {
951 if (op == BM_STATUS_DMA_RETRY) {
952 dma_buf_commit(s, 0);
953 ide_dma_error(s);
954 } else {
955 ide_rw_error(s);
956 }
957 }
958
959 return 1;
960 }
961
962 /* return 0 if buffer completed */
963 static int dma_buf_rw(BMDMAState *bm, int is_write)
964 {
965 IDEState *s = bm->ide_if;
966 struct {
967 uint32_t addr;
968 uint32_t size;
969 } prd;
970 int l, len;
971
972 for(;;) {
973 l = s->io_buffer_size - s->io_buffer_index;
974 if (l <= 0)
975 break;
976 if (bm->cur_prd_len == 0) {
977 /* end of table (with a fail safe of one page) */
978 if (bm->cur_prd_last ||
979 (bm->cur_addr - bm->addr) >= 4096)
980 return 0;
981 cpu_physical_memory_read(bm->cur_addr, (uint8_t *)&prd, 8);
982 bm->cur_addr += 8;
983 prd.addr = le32_to_cpu(prd.addr);
984 prd.size = le32_to_cpu(prd.size);
985 len = prd.size & 0xfffe;
986 if (len == 0)
987 len = 0x10000;
988 bm->cur_prd_len = len;
989 bm->cur_prd_addr = prd.addr;
990 bm->cur_prd_last = (prd.size & 0x80000000);
991 }
992 if (l > bm->cur_prd_len)
993 l = bm->cur_prd_len;
994 if (l > 0) {
995 if (is_write) {
996 cpu_physical_memory_write(bm->cur_prd_addr,
997 s->io_buffer + s->io_buffer_index, l);
998 } else {
999 cpu_physical_memory_read(bm->cur_prd_addr,
1000 s->io_buffer + s->io_buffer_index, l);
1001 }
1002 bm->cur_prd_addr += l;
1003 bm->cur_prd_len -= l;
1004 s->io_buffer_index += l;
1005 }
1006 }
1007 return 1;
1008 }
1009
1010 typedef struct {
1011 BMDMAState *bm;
1012 void (*cb)(void *opaque, int ret);
1013 QEMUBH *bh;
1014 } MapFailureContinuation;
1015
1016 static void reschedule_dma(void *opaque)
1017 {
1018 MapFailureContinuation *cont = opaque;
1019
1020 cont->cb(cont->bm, 0);
1021 qemu_bh_delete(cont->bh);
1022 qemu_free(cont);
1023 }
1024
1025 static void continue_after_map_failure(void *opaque)
1026 {
1027 MapFailureContinuation *cont = opaque;
1028
1029 cont->bh = qemu_bh_new(reschedule_dma, opaque);
1030 qemu_bh_schedule(cont->bh);
1031 }
1032
1033 static void wait_for_bounce_buffer(BMDMAState *bmdma,
1034 void (*cb)(void *opaque, int ret))
1035 {
1036 MapFailureContinuation *cont = qemu_malloc(sizeof(*cont));
1037
1038 cont->bm = bmdma;
1039 cont->cb = cb;
1040 cpu_register_map_client(cont, continue_after_map_failure);
1041 }
1042
1043 static void ide_read_dma_cb(void *opaque, int ret)
1044 {
1045 BMDMAState *bm = opaque;
1046 IDEState *s = bm->ide_if;
1047 int n;
1048 int64_t sector_num;
1049
1050 if (ret < 0) {
1051 dma_buf_commit(s, 1);
1052 ide_dma_error(s);
1053 return;
1054 }
1055
1056 n = s->io_buffer_size >> 9;
1057 sector_num = ide_get_sector(s);
1058 if (n > 0) {
1059 dma_buf_commit(s, 1);
1060 sector_num += n;
1061 ide_set_sector(s, sector_num);
1062 s->nsector -= n;
1063 }
1064
1065 /* end of transfer ? */
1066 if (s->nsector == 0) {
1067 s->status = READY_STAT | SEEK_STAT;
1068 ide_set_irq(s);
1069 eot:
1070 bm->status &= ~BM_STATUS_DMAING;
1071 bm->status |= BM_STATUS_INT;
1072 bm->dma_cb = NULL;
1073 bm->ide_if = NULL;
1074 bm->aiocb = NULL;
1075 return;
1076 }
1077
1078 /* launch next transfer */
1079 n = s->nsector;
1080 s->io_buffer_index = 0;
1081 s->io_buffer_size = n * 512;
1082 if (dma_buf_prepare(bm, 1) == 0)
1083 goto eot;
1084 if (!s->iovec.niov) {
1085 wait_for_bounce_buffer(bm, ide_read_dma_cb);
1086 return;
1087 }
1088 #ifdef DEBUG_AIO
1089 printf("aio_read: sector_num=%" PRId64 " n=%d\n", sector_num, n);
1090 #endif
1091 bm->aiocb = bdrv_aio_readv(s->bs, sector_num, &s->iovec, n,
1092 ide_read_dma_cb, bm);
1093 ide_dma_submit_check(s, ide_read_dma_cb, bm);
1094 }
1095
1096 static void ide_sector_read_dma(IDEState *s)
1097 {
1098 s->status = READY_STAT | SEEK_STAT | DRQ_STAT | BUSY_STAT;
1099 s->io_buffer_index = 0;
1100 s->io_buffer_size = 0;
1101 s->is_read = 1;
1102 ide_dma_start(s, ide_read_dma_cb);
1103 }
1104
1105 static void ide_sector_write_timer_cb(void *opaque)
1106 {
1107 IDEState *s = opaque;
1108 ide_set_irq(s);
1109 }
1110
1111 static void ide_sector_write(IDEState *s)
1112 {
1113 int64_t sector_num;
1114 int ret, n, n1;
1115
1116 s->status = READY_STAT | SEEK_STAT;
1117 sector_num = ide_get_sector(s);
1118 #if defined(DEBUG_IDE)
1119 printf("write sector=%" PRId64 "\n", sector_num);
1120 #endif
1121 n = s->nsector;
1122 if (n > s->req_nb_sectors)
1123 n = s->req_nb_sectors;
1124 ret = bdrv_write(s->bs, sector_num, s->io_buffer, n);
1125
1126 if (ret != 0) {
1127 if (ide_handle_write_error(s, -ret, BM_STATUS_PIO_RETRY))
1128 return;
1129 }
1130
1131 s->nsector -= n;
1132 if (s->nsector == 0) {
1133 /* no more sectors to write */
1134 ide_transfer_stop(s);
1135 } else {
1136 n1 = s->nsector;
1137 if (n1 > s->req_nb_sectors)
1138 n1 = s->req_nb_sectors;
1139 ide_transfer_start(s, s->io_buffer, 512 * n1, ide_sector_write);
1140 }
1141 ide_set_sector(s, sector_num + n);
1142
1143 #ifdef TARGET_I386
1144 if (win2k_install_hack && ((++s->irq_count % 16) == 0)) {
1145 /* It seems there is a bug in the Windows 2000 installer HDD
1146 IDE driver which fills the disk with empty logs when the
1147 IDE write IRQ comes too early. This hack tries to correct
1148 that at the expense of slower write performances. Use this
1149 option _only_ to install Windows 2000. You must disable it
1150 for normal use. */
1151 qemu_mod_timer(s->sector_write_timer,
1152 qemu_get_clock(vm_clock) + (ticks_per_sec / 1000));
1153 } else
1154 #endif
1155 {
1156 ide_set_irq(s);
1157 }
1158 }
1159
1160 static void ide_dma_restart_cb(void *opaque, int running, int reason)
1161 {
1162 BMDMAState *bm = opaque;
1163 if (!running)
1164 return;
1165 if (bm->status & BM_STATUS_DMA_RETRY) {
1166 bm->status &= ~BM_STATUS_DMA_RETRY;
1167 ide_dma_restart(bm->ide_if);
1168 } else if (bm->status & BM_STATUS_PIO_RETRY) {
1169 bm->status &= ~BM_STATUS_PIO_RETRY;
1170 ide_sector_write(bm->ide_if);
1171 }
1172 }
1173
1174 static void ide_write_dma_cb(void *opaque, int ret)
1175 {
1176 BMDMAState *bm = opaque;
1177 IDEState *s = bm->ide_if;
1178 int n;
1179 int64_t sector_num;
1180
1181 if (ret < 0) {
1182 if (ide_handle_write_error(s, -ret, BM_STATUS_DMA_RETRY))
1183 return;
1184 }
1185
1186 n = s->io_buffer_size >> 9;
1187 sector_num = ide_get_sector(s);
1188 if (n > 0) {
1189 dma_buf_commit(s, 0);
1190 sector_num += n;
1191 ide_set_sector(s, sector_num);
1192 s->nsector -= n;
1193 }
1194
1195 /* end of transfer ? */
1196 if (s->nsector == 0) {
1197 s->status = READY_STAT | SEEK_STAT;
1198 ide_set_irq(s);
1199 eot:
1200 bm->status &= ~BM_STATUS_DMAING;
1201 bm->status |= BM_STATUS_INT;
1202 bm->dma_cb = NULL;
1203 bm->ide_if = NULL;
1204 bm->aiocb = NULL;
1205 return;
1206 }
1207
1208 n = s->nsector;
1209 s->io_buffer_size = n * 512;
1210 /* launch next transfer */
1211 if (dma_buf_prepare(bm, 0) == 0)
1212 goto eot;
1213 if (!s->iovec.niov) {
1214 wait_for_bounce_buffer(bm, ide_write_dma_cb);
1215 return;
1216 }
1217 #ifdef DEBUG_AIO
1218 printf("aio_write: sector_num=%" PRId64 " n=%d\n", sector_num, n);
1219 #endif
1220 bm->aiocb = bdrv_aio_writev(s->bs, sector_num, &s->iovec, n,
1221 ide_write_dma_cb, bm);
1222 ide_dma_submit_check(s, ide_write_dma_cb, bm);
1223 }
1224
1225 static void ide_sector_write_dma(IDEState *s)
1226 {
1227 s->status = READY_STAT | SEEK_STAT | DRQ_STAT | BUSY_STAT;
1228 s->io_buffer_index = 0;
1229 s->io_buffer_size = 0;
1230 s->is_read = 0;
1231 ide_dma_start(s, ide_write_dma_cb);
1232 }
1233
1234 static void ide_atapi_cmd_ok(IDEState *s)
1235 {
1236 s->error = 0;
1237 s->status = READY_STAT | SEEK_STAT;
1238 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
1239 ide_set_irq(s);
1240 }
1241
1242 static void ide_atapi_cmd_error(IDEState *s, int sense_key, int asc)
1243 {
1244 #ifdef DEBUG_IDE_ATAPI
1245 printf("atapi_cmd_error: sense=0x%x asc=0x%x\n", sense_key, asc);
1246 #endif
1247 s->error = sense_key << 4;
1248 s->status = READY_STAT | ERR_STAT;
1249 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
1250 s->sense_key = sense_key;
1251 s->asc = asc;
1252 ide_set_irq(s);
1253 }
1254
1255 static void ide_atapi_cmd_check_status(IDEState *s)
1256 {
1257 #ifdef DEBUG_IDE_ATAPI
1258 printf("atapi_cmd_check_status\n");
1259 #endif
1260 s->error = MC_ERR | (SENSE_UNIT_ATTENTION << 4);
1261 s->status = ERR_STAT;
1262 s->nsector = 0;
1263 ide_set_irq(s);
1264 }
1265
1266 static inline void cpu_to_ube16(uint8_t *buf, int val)
1267 {
1268 buf[0] = val >> 8;
1269 buf[1] = val;
1270 }
1271
1272 static inline void cpu_to_ube32(uint8_t *buf, unsigned int val)
1273 {
1274 buf[0] = val >> 24;
1275 buf[1] = val >> 16;
1276 buf[2] = val >> 8;
1277 buf[3] = val;
1278 }
1279
1280 static inline int ube16_to_cpu(const uint8_t *buf)
1281 {
1282 return (buf[0] << 8) | buf[1];
1283 }
1284
1285 static inline int ube32_to_cpu(const uint8_t *buf)
1286 {
1287 return (buf[0] << 24) | (buf[1] << 16) | (buf[2] << 8) | buf[3];
1288 }
1289
1290 static void lba_to_msf(uint8_t *buf, int lba)
1291 {
1292 lba += 150;
1293 buf[0] = (lba / 75) / 60;
1294 buf[1] = (lba / 75) % 60;
1295 buf[2] = lba % 75;
1296 }
1297
1298 static void cd_data_to_raw(uint8_t *buf, int lba)
1299 {
1300 /* sync bytes */
1301 buf[0] = 0x00;
1302 memset(buf + 1, 0xff, 10);
1303 buf[11] = 0x00;
1304 buf += 12;
1305 /* MSF */
1306 lba_to_msf(buf, lba);
1307 buf[3] = 0x01; /* mode 1 data */
1308 buf += 4;
1309 /* data */
1310 buf += 2048;
1311 /* XXX: ECC not computed */
1312 memset(buf, 0, 288);
1313 }
1314
1315 static int cd_read_sector(BlockDriverState *bs, int lba, uint8_t *buf,
1316 int sector_size)
1317 {
1318 int ret;
1319
1320 switch(sector_size) {
1321 case 2048:
1322 ret = bdrv_read(bs, (int64_t)lba << 2, buf, 4);
1323 break;
1324 case 2352:
1325 ret = bdrv_read(bs, (int64_t)lba << 2, buf + 16, 4);
1326 if (ret < 0)
1327 return ret;
1328 cd_data_to_raw(buf, lba);
1329 break;
1330 default:
1331 ret = -EIO;
1332 break;
1333 }
1334 return ret;
1335 }
1336
1337 static void ide_atapi_io_error(IDEState *s, int ret)
1338 {
1339 /* XXX: handle more errors */
1340 if (ret == -ENOMEDIUM) {
1341 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1342 ASC_MEDIUM_NOT_PRESENT);
1343 } else {
1344 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1345 ASC_LOGICAL_BLOCK_OOR);
1346 }
1347 }
1348
1349 /* The whole ATAPI transfer logic is handled in this function */
1350 static void ide_atapi_cmd_reply_end(IDEState *s)
1351 {
1352 int byte_count_limit, size, ret;
1353 #ifdef DEBUG_IDE_ATAPI
1354 printf("reply: tx_size=%d elem_tx_size=%d index=%d\n",
1355 s->packet_transfer_size,
1356 s->elementary_transfer_size,
1357 s->io_buffer_index);
1358 #endif
1359 if (s->packet_transfer_size <= 0) {
1360 /* end of transfer */
1361 ide_transfer_stop(s);
1362 s->status = READY_STAT | SEEK_STAT;
1363 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
1364 ide_set_irq(s);
1365 #ifdef DEBUG_IDE_ATAPI
1366 printf("status=0x%x\n", s->status);
1367 #endif
1368 } else {
1369 /* see if a new sector must be read */
1370 if (s->lba != -1 && s->io_buffer_index >= s->cd_sector_size) {
1371 ret = cd_read_sector(s->bs, s->lba, s->io_buffer, s->cd_sector_size);
1372 if (ret < 0) {
1373 ide_transfer_stop(s);
1374 ide_atapi_io_error(s, ret);
1375 return;
1376 }
1377 s->lba++;
1378 s->io_buffer_index = 0;
1379 }
1380 if (s->elementary_transfer_size > 0) {
1381 /* there are some data left to transmit in this elementary
1382 transfer */
1383 size = s->cd_sector_size - s->io_buffer_index;
1384 if (size > s->elementary_transfer_size)
1385 size = s->elementary_transfer_size;
1386 ide_transfer_start(s, s->io_buffer + s->io_buffer_index,
1387 size, ide_atapi_cmd_reply_end);
1388 s->packet_transfer_size -= size;
1389 s->elementary_transfer_size -= size;
1390 s->io_buffer_index += size;
1391 } else {
1392 /* a new transfer is needed */
1393 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO;
1394 byte_count_limit = s->lcyl | (s->hcyl << 8);
1395 #ifdef DEBUG_IDE_ATAPI
1396 printf("byte_count_limit=%d\n", byte_count_limit);
1397 #endif
1398 if (byte_count_limit == 0xffff)
1399 byte_count_limit--;
1400 size = s->packet_transfer_size;
1401 if (size > byte_count_limit) {
1402 /* byte count limit must be even if this case */
1403 if (byte_count_limit & 1)
1404 byte_count_limit--;
1405 size = byte_count_limit;
1406 }
1407 s->lcyl = size;
1408 s->hcyl = size >> 8;
1409 s->elementary_transfer_size = size;
1410 /* we cannot transmit more than one sector at a time */
1411 if (s->lba != -1) {
1412 if (size > (s->cd_sector_size - s->io_buffer_index))
1413 size = (s->cd_sector_size - s->io_buffer_index);
1414 }
1415 ide_transfer_start(s, s->io_buffer + s->io_buffer_index,
1416 size, ide_atapi_cmd_reply_end);
1417 s->packet_transfer_size -= size;
1418 s->elementary_transfer_size -= size;
1419 s->io_buffer_index += size;
1420 ide_set_irq(s);
1421 #ifdef DEBUG_IDE_ATAPI
1422 printf("status=0x%x\n", s->status);
1423 #endif
1424 }
1425 }
1426 }
1427
1428 /* send a reply of 'size' bytes in s->io_buffer to an ATAPI command */
1429 static void ide_atapi_cmd_reply(IDEState *s, int size, int max_size)
1430 {
1431 if (size > max_size)
1432 size = max_size;
1433 s->lba = -1; /* no sector read */
1434 s->packet_transfer_size = size;
1435 s->io_buffer_size = size; /* dma: send the reply data as one chunk */
1436 s->elementary_transfer_size = 0;
1437 s->io_buffer_index = 0;
1438
1439 if (s->atapi_dma) {
1440 s->status = READY_STAT | SEEK_STAT | DRQ_STAT;
1441 ide_dma_start(s, ide_atapi_cmd_read_dma_cb);
1442 } else {
1443 s->status = READY_STAT | SEEK_STAT;
1444 ide_atapi_cmd_reply_end(s);
1445 }
1446 }
1447
1448 /* start a CD-CDROM read command */
1449 static void ide_atapi_cmd_read_pio(IDEState *s, int lba, int nb_sectors,
1450 int sector_size)
1451 {
1452 s->lba = lba;
1453 s->packet_transfer_size = nb_sectors * sector_size;
1454 s->elementary_transfer_size = 0;
1455 s->io_buffer_index = sector_size;
1456 s->cd_sector_size = sector_size;
1457
1458 s->status = READY_STAT | SEEK_STAT;
1459 ide_atapi_cmd_reply_end(s);
1460 }
1461
1462 /* ATAPI DMA support */
1463
1464 /* XXX: handle read errors */
1465 static void ide_atapi_cmd_read_dma_cb(void *opaque, int ret)
1466 {
1467 BMDMAState *bm = opaque;
1468 IDEState *s = bm->ide_if;
1469 int data_offset, n;
1470
1471 if (ret < 0) {
1472 ide_atapi_io_error(s, ret);
1473 goto eot;
1474 }
1475
1476 if (s->io_buffer_size > 0) {
1477 /*
1478 * For a cdrom read sector command (s->lba != -1),
1479 * adjust the lba for the next s->io_buffer_size chunk
1480 * and dma the current chunk.
1481 * For a command != read (s->lba == -1), just transfer
1482 * the reply data.
1483 */
1484 if (s->lba != -1) {
1485 if (s->cd_sector_size == 2352) {
1486 n = 1;
1487 cd_data_to_raw(s->io_buffer, s->lba);
1488 } else {
1489 n = s->io_buffer_size >> 11;
1490 }
1491 s->lba += n;
1492 }
1493 s->packet_transfer_size -= s->io_buffer_size;
1494 if (dma_buf_rw(bm, 1) == 0)
1495 goto eot;
1496 }
1497
1498 if (s->packet_transfer_size <= 0) {
1499 s->status = READY_STAT | SEEK_STAT;
1500 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
1501 ide_set_irq(s);
1502 eot:
1503 bm->status &= ~BM_STATUS_DMAING;
1504 bm->status |= BM_STATUS_INT;
1505 bm->dma_cb = NULL;
1506 bm->ide_if = NULL;
1507 bm->aiocb = NULL;
1508 return;
1509 }
1510
1511 s->io_buffer_index = 0;
1512 if (s->cd_sector_size == 2352) {
1513 n = 1;
1514 s->io_buffer_size = s->cd_sector_size;
1515 data_offset = 16;
1516 } else {
1517 n = s->packet_transfer_size >> 11;
1518 if (n > (IDE_DMA_BUF_SECTORS / 4))
1519 n = (IDE_DMA_BUF_SECTORS / 4);
1520 s->io_buffer_size = n * 2048;
1521 data_offset = 0;
1522 }
1523 #ifdef DEBUG_AIO
1524 printf("aio_read_cd: lba=%u n=%d\n", s->lba, n);
1525 #endif
1526 bm->aiocb = bdrv_aio_read(s->bs, (int64_t)s->lba << 2,
1527 s->io_buffer + data_offset, n * 4,
1528 ide_atapi_cmd_read_dma_cb, bm);
1529 if (!bm->aiocb) {
1530 /* Note: media not present is the most likely case */
1531 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1532 ASC_MEDIUM_NOT_PRESENT);
1533 goto eot;
1534 }
1535 }
1536
1537 /* start a CD-CDROM read command with DMA */
1538 /* XXX: test if DMA is available */
1539 static void ide_atapi_cmd_read_dma(IDEState *s, int lba, int nb_sectors,
1540 int sector_size)
1541 {
1542 s->lba = lba;
1543 s->packet_transfer_size = nb_sectors * sector_size;
1544 s->io_buffer_index = 0;
1545 s->io_buffer_size = 0;
1546 s->cd_sector_size = sector_size;
1547
1548 /* XXX: check if BUSY_STAT should be set */
1549 s->status = READY_STAT | SEEK_STAT | DRQ_STAT | BUSY_STAT;
1550 ide_dma_start(s, ide_atapi_cmd_read_dma_cb);
1551 }
1552
1553 static void ide_atapi_cmd_read(IDEState *s, int lba, int nb_sectors,
1554 int sector_size)
1555 {
1556 #ifdef DEBUG_IDE_ATAPI
1557 printf("read %s: LBA=%d nb_sectors=%d\n", s->atapi_dma ? "dma" : "pio",
1558 lba, nb_sectors);
1559 #endif
1560 if (s->atapi_dma) {
1561 ide_atapi_cmd_read_dma(s, lba, nb_sectors, sector_size);
1562 } else {
1563 ide_atapi_cmd_read_pio(s, lba, nb_sectors, sector_size);
1564 }
1565 }
1566
1567 static inline uint8_t ide_atapi_set_profile(uint8_t *buf, uint8_t *index,
1568 uint16_t profile)
1569 {
1570 uint8_t *buf_profile = buf + 12; /* start of profiles */
1571
1572 buf_profile += ((*index) * 4); /* start of indexed profile */
1573 cpu_to_ube16 (buf_profile, profile);
1574 buf_profile[2] = ((buf_profile[0] == buf[6]) && (buf_profile[1] == buf[7]));
1575
1576 /* each profile adds 4 bytes to the response */
1577 (*index)++;
1578 buf[11] += 4; /* Additional Length */
1579
1580 return 4;
1581 }
1582
1583 static int ide_dvd_read_structure(IDEState *s, int format,
1584 const uint8_t *packet, uint8_t *buf)
1585 {
1586 switch (format) {
1587 case 0x0: /* Physical format information */
1588 {
1589 int layer = packet[6];
1590 uint64_t total_sectors;
1591
1592 if (layer != 0)
1593 return -ASC_INV_FIELD_IN_CMD_PACKET;
1594
1595 bdrv_get_geometry(s->bs, &total_sectors);
1596 total_sectors >>= 2;
1597 if (total_sectors == 0)
1598 return -ASC_MEDIUM_NOT_PRESENT;
1599
1600 buf[4] = 1; /* DVD-ROM, part version 1 */
1601 buf[5] = 0xf; /* 120mm disc, minimum rate unspecified */
1602 buf[6] = 1; /* one layer, read-only (per MMC-2 spec) */
1603 buf[7] = 0; /* default densities */
1604
1605 /* FIXME: 0x30000 per spec? */
1606 cpu_to_ube32(buf + 8, 0); /* start sector */
1607 cpu_to_ube32(buf + 12, total_sectors - 1); /* end sector */
1608 cpu_to_ube32(buf + 16, total_sectors - 1); /* l0 end sector */
1609
1610 /* Size of buffer, not including 2 byte size field */
1611 cpu_to_be16wu((uint16_t *)buf, 2048 + 2);
1612
1613 /* 2k data + 4 byte header */
1614 return (2048 + 4);
1615 }
1616
1617 case 0x01: /* DVD copyright information */
1618 buf[4] = 0; /* no copyright data */
1619 buf[5] = 0; /* no region restrictions */
1620
1621 /* Size of buffer, not including 2 byte size field */
1622 cpu_to_be16wu((uint16_t *)buf, 4 + 2);
1623
1624 /* 4 byte header + 4 byte data */
1625 return (4 + 4);
1626
1627 case 0x03: /* BCA information - invalid field for no BCA info */
1628 return -ASC_INV_FIELD_IN_CMD_PACKET;
1629
1630 case 0x04: /* DVD disc manufacturing information */
1631 /* Size of buffer, not including 2 byte size field */
1632 cpu_to_be16wu((uint16_t *)buf, 2048 + 2);
1633
1634 /* 2k data + 4 byte header */
1635 return (2048 + 4);
1636
1637 case 0xff:
1638 /*
1639 * This lists all the command capabilities above. Add new ones
1640 * in order and update the length and buffer return values.
1641 */
1642
1643 buf[4] = 0x00; /* Physical format */
1644 buf[5] = 0x40; /* Not writable, is readable */
1645 cpu_to_be16wu((uint16_t *)(buf + 6), 2048 + 4);
1646
1647 buf[8] = 0x01; /* Copyright info */
1648 buf[9] = 0x40; /* Not writable, is readable */
1649 cpu_to_be16wu((uint16_t *)(buf + 10), 4 + 4);
1650
1651 buf[12] = 0x03; /* BCA info */
1652 buf[13] = 0x40; /* Not writable, is readable */
1653 cpu_to_be16wu((uint16_t *)(buf + 14), 188 + 4);
1654
1655 buf[16] = 0x04; /* Manufacturing info */
1656 buf[17] = 0x40; /* Not writable, is readable */
1657 cpu_to_be16wu((uint16_t *)(buf + 18), 2048 + 4);
1658
1659 /* Size of buffer, not including 2 byte size field */
1660 cpu_to_be16wu((uint16_t *)buf, 16 + 2);
1661
1662 /* data written + 4 byte header */
1663 return (16 + 4);
1664
1665 default: /* TODO: formats beyond DVD-ROM requires */
1666 return -ASC_INV_FIELD_IN_CMD_PACKET;
1667 }
1668 }
1669
1670 static void ide_atapi_cmd(IDEState *s)
1671 {
1672 const uint8_t *packet;
1673 uint8_t *buf;
1674 int max_len;
1675
1676 packet = s->io_buffer;
1677 buf = s->io_buffer;
1678 #ifdef DEBUG_IDE_ATAPI
1679 {
1680 int i;
1681 printf("ATAPI limit=0x%x packet:", s->lcyl | (s->hcyl << 8));
1682 for(i = 0; i < ATAPI_PACKET_SIZE; i++) {
1683 printf(" %02x", packet[i]);
1684 }
1685 printf("\n");
1686 }
1687 #endif
1688 /* If there's a UNIT_ATTENTION condition pending, only
1689 REQUEST_SENSE and INQUIRY commands are allowed to complete. */
1690 if (s->sense_key == SENSE_UNIT_ATTENTION &&
1691 s->io_buffer[0] != GPCMD_REQUEST_SENSE &&
1692 s->io_buffer[0] != GPCMD_INQUIRY) {
1693 ide_atapi_cmd_check_status(s);
1694 return;
1695 }
1696 switch(s->io_buffer[0]) {
1697 case GPCMD_TEST_UNIT_READY:
1698 if (bdrv_is_inserted(s->bs)) {
1699 ide_atapi_cmd_ok(s);
1700 } else {
1701 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1702 ASC_MEDIUM_NOT_PRESENT);
1703 }
1704 break;
1705 case GPCMD_MODE_SENSE_6:
1706 case GPCMD_MODE_SENSE_10:
1707 {
1708 int action, code;
1709 if (packet[0] == GPCMD_MODE_SENSE_10)
1710 max_len = ube16_to_cpu(packet + 7);
1711 else
1712 max_len = packet[4];
1713 action = packet[2] >> 6;
1714 code = packet[2] & 0x3f;
1715 switch(action) {
1716 case 0: /* current values */
1717 switch(code) {
1718 case 0x01: /* error recovery */
1719 cpu_to_ube16(&buf[0], 16 + 6);
1720 buf[2] = 0x70;
1721 buf[3] = 0;
1722 buf[4] = 0;
1723 buf[5] = 0;
1724 buf[6] = 0;
1725 buf[7] = 0;
1726
1727 buf[8] = 0x01;
1728 buf[9] = 0x06;
1729 buf[10] = 0x00;
1730 buf[11] = 0x05;
1731 buf[12] = 0x00;
1732 buf[13] = 0x00;
1733 buf[14] = 0x00;
1734 buf[15] = 0x00;
1735 ide_atapi_cmd_reply(s, 16, max_len);
1736 break;
1737 case 0x2a:
1738 cpu_to_ube16(&buf[0], 28 + 6);
1739 buf[2] = 0x70;
1740 buf[3] = 0;
1741 buf[4] = 0;
1742 buf[5] = 0;
1743 buf[6] = 0;
1744 buf[7] = 0;
1745
1746 buf[8] = 0x2a;
1747 buf[9] = 0x12;
1748 buf[10] = 0x00;
1749 buf[11] = 0x00;
1750
1751 /* Claim PLAY_AUDIO capability (0x01) since some Linux
1752 code checks for this to automount media. */
1753 buf[12] = 0x71;
1754 buf[13] = 3 << 5;
1755 buf[14] = (1 << 0) | (1 << 3) | (1 << 5);
1756 if (bdrv_is_locked(s->bs))
1757 buf[6] |= 1 << 1;
1758 buf[15] = 0x00;
1759 cpu_to_ube16(&buf[16], 706);
1760 buf[18] = 0;
1761 buf[19] = 2;
1762 cpu_to_ube16(&buf[20], 512);
1763 cpu_to_ube16(&buf[22], 706);
1764 buf[24] = 0;
1765 buf[25] = 0;
1766 buf[26] = 0;
1767 buf[27] = 0;
1768 ide_atapi_cmd_reply(s, 28, max_len);
1769 break;
1770 default:
1771 goto error_cmd;
1772 }
1773 break;
1774 case 1: /* changeable values */
1775 goto error_cmd;
1776 case 2: /* default values */
1777 goto error_cmd;
1778 default:
1779 case 3: /* saved values */
1780 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1781 ASC_SAVING_PARAMETERS_NOT_SUPPORTED);
1782 break;
1783 }
1784 }
1785 break;
1786 case GPCMD_REQUEST_SENSE:
1787 max_len = packet[4];
1788 memset(buf, 0, 18);
1789 buf[0] = 0x70 | (1 << 7);
1790 buf[2] = s->sense_key;
1791 buf[7] = 10;
1792 buf[12] = s->asc;
1793 if (s->sense_key == SENSE_UNIT_ATTENTION)
1794 s->sense_key = SENSE_NONE;
1795 ide_atapi_cmd_reply(s, 18, max_len);
1796 break;
1797 case GPCMD_PREVENT_ALLOW_MEDIUM_REMOVAL:
1798 if (bdrv_is_inserted(s->bs)) {
1799 bdrv_set_locked(s->bs, packet[4] & 1);
1800 ide_atapi_cmd_ok(s);
1801 } else {
1802 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1803 ASC_MEDIUM_NOT_PRESENT);
1804 }
1805 break;
1806 case GPCMD_READ_10:
1807 case GPCMD_READ_12:
1808 {
1809 int nb_sectors, lba;
1810
1811 if (packet[0] == GPCMD_READ_10)
1812 nb_sectors = ube16_to_cpu(packet + 7);
1813 else
1814 nb_sectors = ube32_to_cpu(packet + 6);
1815 lba = ube32_to_cpu(packet + 2);
1816 if (nb_sectors == 0) {
1817 ide_atapi_cmd_ok(s);
1818 break;
1819 }
1820 ide_atapi_cmd_read(s, lba, nb_sectors, 2048);
1821 }
1822 break;
1823 case GPCMD_READ_CD:
1824 {
1825 int nb_sectors, lba, transfer_request;
1826
1827 nb_sectors = (packet[6] << 16) | (packet[7] << 8) | packet[8];
1828 lba = ube32_to_cpu(packet + 2);
1829 if (nb_sectors == 0) {
1830 ide_atapi_cmd_ok(s);
1831 break;
1832 }
1833 transfer_request = packet[9];
1834 switch(transfer_request & 0xf8) {
1835 case 0x00:
1836 /* nothing */
1837 ide_atapi_cmd_ok(s);
1838 break;
1839 case 0x10:
1840 /* normal read */
1841 ide_atapi_cmd_read(s, lba, nb_sectors, 2048);
1842 break;
1843 case 0xf8:
1844 /* read all data */
1845 ide_atapi_cmd_read(s, lba, nb_sectors, 2352);
1846 break;
1847 default:
1848 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1849 ASC_INV_FIELD_IN_CMD_PACKET);
1850 break;
1851 }
1852 }
1853 break;
1854 case GPCMD_SEEK:
1855 {
1856 unsigned int lba;
1857 uint64_t total_sectors;
1858
1859 bdrv_get_geometry(s->bs, &total_sectors);
1860 total_sectors >>= 2;
1861 if (total_sectors == 0) {
1862 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1863 ASC_MEDIUM_NOT_PRESENT);
1864 break;
1865 }
1866 lba = ube32_to_cpu(packet + 2);
1867 if (lba >= total_sectors) {
1868 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1869 ASC_LOGICAL_BLOCK_OOR);
1870 break;
1871 }
1872 ide_atapi_cmd_ok(s);
1873 }
1874 break;
1875 case GPCMD_START_STOP_UNIT:
1876 {
1877 int start, eject;
1878 start = packet[4] & 1;
1879 eject = (packet[4] >> 1) & 1;
1880
1881 if (eject && !start) {
1882 /* eject the disk */
1883 bdrv_eject(s->bs, 1);
1884 } else if (eject && start) {
1885 /* close the tray */
1886 bdrv_eject(s->bs, 0);
1887 }
1888 ide_atapi_cmd_ok(s);
1889 }
1890 break;
1891 case GPCMD_MECHANISM_STATUS:
1892 {
1893 max_len = ube16_to_cpu(packet + 8);
1894 cpu_to_ube16(buf, 0);
1895 /* no current LBA */
1896 buf[2] = 0;
1897 buf[3] = 0;
1898 buf[4] = 0;
1899 buf[5] = 1;
1900 cpu_to_ube16(buf + 6, 0);
1901 ide_atapi_cmd_reply(s, 8, max_len);
1902 }
1903 break;
1904 case GPCMD_READ_TOC_PMA_ATIP:
1905 {
1906 int format, msf, start_track, len;
1907 uint64_t total_sectors;
1908
1909 bdrv_get_geometry(s->bs, &total_sectors);
1910 total_sectors >>= 2;
1911 if (total_sectors == 0) {
1912 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1913 ASC_MEDIUM_NOT_PRESENT);
1914 break;
1915 }
1916 max_len = ube16_to_cpu(packet + 7);
1917 format = packet[9] >> 6;
1918 msf = (packet[1] >> 1) & 1;
1919 start_track = packet[6];
1920 switch(format) {
1921 case 0:
1922 len = cdrom_read_toc(total_sectors, buf, msf, start_track);
1923 if (len < 0)
1924 goto error_cmd;
1925 ide_atapi_cmd_reply(s, len, max_len);
1926 break;
1927 case 1:
1928 /* multi session : only a single session defined */
1929 memset(buf, 0, 12);
1930 buf[1] = 0x0a;
1931 buf[2] = 0x01;
1932 buf[3] = 0x01;
1933 ide_atapi_cmd_reply(s, 12, max_len);
1934 break;
1935 case 2:
1936 len = cdrom_read_toc_raw(total_sectors, buf, msf, start_track);
1937 if (len < 0)
1938 goto error_cmd;
1939 ide_atapi_cmd_reply(s, len, max_len);
1940 break;
1941 default:
1942 error_cmd:
1943 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1944 ASC_INV_FIELD_IN_CMD_PACKET);
1945 break;
1946 }
1947 }
1948 break;
1949 case GPCMD_READ_CDVD_CAPACITY:
1950 {
1951 uint64_t total_sectors;
1952
1953 bdrv_get_geometry(s->bs, &total_sectors);
1954 total_sectors >>= 2;
1955 if (total_sectors == 0) {
1956 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1957 ASC_MEDIUM_NOT_PRESENT);
1958 break;
1959 }
1960 /* NOTE: it is really the number of sectors minus 1 */
1961 cpu_to_ube32(buf, total_sectors - 1);
1962 cpu_to_ube32(buf + 4, 2048);
1963 ide_atapi_cmd_reply(s, 8, 8);
1964 }
1965 break;
1966 case GPCMD_READ_DVD_STRUCTURE:
1967 {
1968 int media = packet[1];
1969 int format = packet[7];
1970 int ret;
1971
1972 max_len = ube16_to_cpu(packet + 8);
1973
1974 if (format < 0xff) {
1975 if (media_is_cd(s)) {
1976 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1977 ASC_INCOMPATIBLE_FORMAT);
1978 break;
1979 } else if (!media_present(s)) {
1980 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1981 ASC_INV_FIELD_IN_CMD_PACKET);
1982 break;
1983 }
1984 }
1985
1986 memset(buf, 0, max_len > IDE_DMA_BUF_SECTORS * 512 + 4 ?
1987 IDE_DMA_BUF_SECTORS * 512 + 4 : max_len);
1988
1989 switch (format) {
1990 case 0x00 ... 0x7f:
1991 case 0xff:
1992 if (media == 0) {
1993 ret = ide_dvd_read_structure(s, format, packet, buf);
1994
1995 if (ret < 0)
1996 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST, -ret);
1997 else
1998 ide_atapi_cmd_reply(s, ret, max_len);
1999
2000 break;
2001 }
2002 /* TODO: BD support, fall through for now */
2003
2004 /* Generic disk structures */
2005 case 0x80: /* TODO: AACS volume identifier */
2006 case 0x81: /* TODO: AACS media serial number */
2007 case 0x82: /* TODO: AACS media identifier */
2008 case 0x83: /* TODO: AACS media key block */
2009 case 0x90: /* TODO: List of recognized format layers */
2010 case 0xc0: /* TODO: Write protection status */
2011 default:
2012 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
2013 ASC_INV_FIELD_IN_CMD_PACKET);
2014 break;
2015 }
2016 }
2017 break;
2018 case GPCMD_SET_SPEED:
2019 ide_atapi_cmd_ok(s);
2020 break;
2021 case GPCMD_INQUIRY:
2022 max_len = packet[4];
2023 buf[0] = 0x05; /* CD-ROM */
2024 buf[1] = 0x80; /* removable */
2025 buf[2] = 0x00; /* ISO */
2026 buf[3] = 0x21; /* ATAPI-2 (XXX: put ATAPI-4 ?) */
2027 buf[4] = 31; /* additional length */
2028 buf[5] = 0; /* reserved */
2029 buf[6] = 0; /* reserved */
2030 buf[7] = 0; /* reserved */
2031 padstr8(buf + 8, 8, "QEMU");
2032 padstr8(buf + 16, 16, "QEMU DVD-ROM");
2033 padstr8(buf + 32, 4, QEMU_VERSION);
2034 ide_atapi_cmd_reply(s, 36, max_len);
2035 break;
2036 case GPCMD_GET_CONFIGURATION:
2037 {
2038 uint32_t len;
2039 uint8_t index = 0;
2040
2041 /* only feature 0 is supported */
2042 if (packet[2] != 0 || packet[3] != 0) {
2043 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
2044 ASC_INV_FIELD_IN_CMD_PACKET);
2045 break;
2046 }
2047
2048 /* XXX: could result in alignment problems in some architectures */
2049 max_len = ube16_to_cpu(packet + 7);
2050
2051 /*
2052 * XXX: avoid overflow for io_buffer if max_len is bigger than
2053 * the size of that buffer (dimensioned to max number of
2054 * sectors to transfer at once)
2055 *
2056 * Only a problem if the feature/profiles grow.
2057 */
2058 if (max_len > 512) /* XXX: assume 1 sector */
2059 max_len = 512;
2060
2061 memset(buf, 0, max_len);
2062 /*
2063 * the number of sectors from the media tells us which profile
2064 * to use as current. 0 means there is no media
2065 */
2066 if (media_is_dvd(s))
2067 cpu_to_ube16(buf + 6, MMC_PROFILE_DVD_ROM);
2068 else if (media_is_cd(s))
2069 cpu_to_ube16(buf + 6, MMC_PROFILE_CD_ROM);
2070
2071 buf[10] = 0x02 | 0x01; /* persistent and current */
2072 len = 12; /* headers: 8 + 4 */
2073 len += ide_atapi_set_profile(buf, &index, MMC_PROFILE_DVD_ROM);
2074 len += ide_atapi_set_profile(buf, &index, MMC_PROFILE_CD_ROM);
2075 cpu_to_ube32(buf, len - 4); /* data length */
2076
2077 ide_atapi_cmd_reply(s, len, max_len);
2078 break;
2079 }
2080 default:
2081 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
2082 ASC_ILLEGAL_OPCODE);
2083 break;
2084 }
2085 }
2086
2087 static void ide_cfata_metadata_inquiry(IDEState *s)
2088 {
2089 uint16_t *p;
2090 uint32_t spd;
2091
2092 p = (uint16_t *) s->io_buffer;
2093 memset(p, 0, 0x200);
2094 spd = ((s->mdata_size - 1) >> 9) + 1;
2095
2096 put_le16(p + 0, 0x0001); /* Data format revision */
2097 put_le16(p + 1, 0x0000); /* Media property: silicon */
2098 put_le16(p + 2, s->media_changed); /* Media status */
2099 put_le16(p + 3, s->mdata_size & 0xffff); /* Capacity in bytes (low) */
2100 put_le16(p + 4, s->mdata_size >> 16); /* Capacity in bytes (high) */
2101 put_le16(p + 5, spd & 0xffff); /* Sectors per device (low) */
2102 put_le16(p + 6, spd >> 16); /* Sectors per device (high) */
2103 }
2104
2105 static void ide_cfata_metadata_read(IDEState *s)
2106 {
2107 uint16_t *p;
2108
2109 if (((s->hcyl << 16) | s->lcyl) << 9 > s->mdata_size + 2) {
2110 s->status = ERR_STAT;
2111 s->error = ABRT_ERR;
2112 return;
2113 }
2114
2115 p = (uint16_t *) s->io_buffer;
2116 memset(p, 0, 0x200);
2117
2118 put_le16(p + 0, s->media_changed); /* Media status */
2119 memcpy(p + 1, s->mdata_storage + (((s->hcyl << 16) | s->lcyl) << 9),
2120 MIN(MIN(s->mdata_size - (((s->hcyl << 16) | s->lcyl) << 9),
2121 s->nsector << 9), 0x200 - 2));
2122 }
2123
2124 static void ide_cfata_metadata_write(IDEState *s)
2125 {
2126 if (((s->hcyl << 16) | s->lcyl) << 9 > s->mdata_size + 2) {
2127 s->status = ERR_STAT;
2128 s->error = ABRT_ERR;
2129 return;
2130 }
2131
2132 s->media_changed = 0;
2133
2134 memcpy(s->mdata_storage + (((s->hcyl << 16) | s->lcyl) << 9),
2135 s->io_buffer + 2,
2136 MIN(MIN(s->mdata_size - (((s->hcyl << 16) | s->lcyl) << 9),
2137 s->nsector << 9), 0x200 - 2));
2138 }
2139
2140 /* called when the inserted state of the media has changed */
2141 static void cdrom_change_cb(void *opaque)
2142 {
2143 IDEState *s = opaque;
2144 uint64_t nb_sectors;
2145
2146 bdrv_get_geometry(s->bs, &nb_sectors);
2147 s->nb_sectors = nb_sectors;
2148
2149 s->sense_key = SENSE_UNIT_ATTENTION;
2150 s->asc = ASC_MEDIUM_MAY_HAVE_CHANGED;
2151
2152 ide_set_irq(s);
2153 }
2154
2155 static void ide_cmd_lba48_transform(IDEState *s, int lba48)
2156 {
2157 s->lba48 = lba48;
2158
2159 /* handle the 'magic' 0 nsector count conversion here. to avoid
2160 * fiddling with the rest of the read logic, we just store the
2161 * full sector count in ->nsector and ignore ->hob_nsector from now
2162 */
2163 if (!s->lba48) {
2164 if (!s->nsector)
2165 s->nsector = 256;
2166 } else {
2167 if (!s->nsector && !s->hob_nsector)
2168 s->nsector = 65536;
2169 else {
2170 int lo = s->nsector;
2171 int hi = s->hob_nsector;
2172
2173 s->nsector = (hi << 8) | lo;
2174 }
2175 }
2176 }
2177
2178 static void ide_clear_hob(IDEState *ide_if)
2179 {
2180 /* any write clears HOB high bit of device control register */
2181 ide_if[0].select &= ~(1 << 7);
2182 ide_if[1].select &= ~(1 << 7);
2183 }
2184
2185 static void ide_ioport_write(void *opaque, uint32_t addr, uint32_t val)
2186 {
2187 IDEState *ide_if = opaque;
2188 IDEState *s;
2189 int unit, n;
2190 int lba48 = 0;
2191
2192 #ifdef DEBUG_IDE
2193 printf("IDE: write addr=0x%x val=0x%02x\n", addr, val);
2194 #endif
2195
2196 addr &= 7;
2197
2198 /* ignore writes to command block while busy with previous command */
2199 if (addr != 7 && (ide_if->cur_drive->status & (BUSY_STAT|DRQ_STAT)))
2200 return;
2201
2202 switch(addr) {
2203 case 0:
2204 break;
2205 case 1:
2206 ide_clear_hob(ide_if);
2207 /* NOTE: data is written to the two drives */
2208 ide_if[0].hob_feature = ide_if[0].feature;
2209 ide_if[1].hob_feature = ide_if[1].feature;
2210 ide_if[0].feature = val;
2211 ide_if[1].feature = val;
2212 break;
2213 case 2:
2214 ide_clear_hob(ide_if);
2215 ide_if[0].hob_nsector = ide_if[0].nsector;
2216 ide_if[1].hob_nsector = ide_if[1].nsector;
2217 ide_if[0].nsector = val;
2218 ide_if[1].nsector = val;
2219 break;
2220 case 3:
2221 ide_clear_hob(ide_if);
2222 ide_if[0].hob_sector = ide_if[0].sector;
2223 ide_if[1].hob_sector = ide_if[1].sector;
2224 ide_if[0].sector = val;
2225 ide_if[1].sector = val;
2226 break;
2227 case 4:
2228 ide_clear_hob(ide_if);
2229 ide_if[0].hob_lcyl = ide_if[0].lcyl;
2230 ide_if[1].hob_lcyl = ide_if[1].lcyl;
2231 ide_if[0].lcyl = val;
2232 ide_if[1].lcyl = val;
2233 break;
2234 case 5:
2235 ide_clear_hob(ide_if);
2236 ide_if[0].hob_hcyl = ide_if[0].hcyl;
2237 ide_if[1].hob_hcyl = ide_if[1].hcyl;
2238 ide_if[0].hcyl = val;
2239 ide_if[1].hcyl = val;
2240 break;
2241 case 6:
2242 /* FIXME: HOB readback uses bit 7 */
2243 ide_if[0].select = (val & ~0x10) | 0xa0;
2244 ide_if[1].select = (val | 0x10) | 0xa0;
2245 /* select drive */
2246 unit = (val >> 4) & 1;
2247 s = ide_if + unit;
2248 ide_if->cur_drive = s;
2249 break;
2250 default:
2251 case 7:
2252 /* command */
2253 #if defined(DEBUG_IDE)
2254 printf("ide: CMD=%02x\n", val);
2255 #endif
2256 s = ide_if->cur_drive;
2257 /* ignore commands to non existant slave */
2258 if (s != ide_if && !s->bs)
2259 break;
2260
2261 /* Only DEVICE RESET is allowed while BSY or/and DRQ are set */
2262 if ((s->status & (BUSY_STAT|DRQ_STAT)) && val != WIN_DEVICE_RESET)
2263 break;
2264
2265 switch(val) {
2266 case WIN_IDENTIFY:
2267 if (s->bs && !s->is_cdrom) {
2268 if (!s->is_cf)
2269 ide_identify(s);
2270 else
2271 ide_cfata_identify(s);
2272 s->status = READY_STAT | SEEK_STAT;
2273 ide_transfer_start(s, s->io_buffer, 512, ide_transfer_stop);
2274 } else {
2275 if (s->is_cdrom) {
2276 ide_set_signature(s);
2277 }
2278 ide_abort_command(s);
2279 }
2280 ide_set_irq(s);
2281 break;
2282 case WIN_SPECIFY:
2283 case WIN_RECAL:
2284 s->error = 0;
2285 s->status = READY_STAT | SEEK_STAT;
2286 ide_set_irq(s);
2287 break;
2288 case WIN_SETMULT:
2289 if (s->is_cf && s->nsector == 0) {
2290 /* Disable Read and Write Multiple */
2291 s->mult_sectors = 0;
2292 s->status = READY_STAT | SEEK_STAT;
2293 } else if ((s->nsector & 0xff) != 0 &&
2294 ((s->nsector & 0xff) > MAX_MULT_SECTORS ||
2295 (s->nsector & (s->nsector - 1)) != 0)) {
2296 ide_abort_command(s);
2297 } else {
2298 s->mult_sectors = s->nsector & 0xff;
2299 s->status = READY_STAT | SEEK_STAT;
2300 }
2301 ide_set_irq(s);
2302 break;
2303 case WIN_VERIFY_EXT:
2304 lba48 = 1;
2305 case WIN_VERIFY:
2306 case WIN_VERIFY_ONCE:
2307 /* do sector number check ? */
2308 ide_cmd_lba48_transform(s, lba48);
2309 s->status = READY_STAT | SEEK_STAT;
2310 ide_set_irq(s);
2311 break;
2312 case WIN_READ_EXT:
2313 lba48 = 1;
2314 case WIN_READ:
2315 case WIN_READ_ONCE:
2316 if (!s->bs)
2317 goto abort_cmd;
2318 ide_cmd_lba48_transform(s, lba48);
2319 s->req_nb_sectors = 1;
2320 ide_sector_read(s);
2321 break;
2322 case WIN_WRITE_EXT:
2323 lba48 = 1;
2324 case WIN_WRITE:
2325 case WIN_WRITE_ONCE:
2326 case CFA_WRITE_SECT_WO_ERASE:
2327 case WIN_WRITE_VERIFY:
2328 ide_cmd_lba48_transform(s, lba48);
2329 s->error = 0;
2330 s->status = SEEK_STAT | READY_STAT;
2331 s->req_nb_sectors = 1;
2332 ide_transfer_start(s, s->io_buffer, 512, ide_sector_write);
2333 s->media_changed = 1;
2334 break;
2335 case WIN_MULTREAD_EXT:
2336 lba48 = 1;
2337 case WIN_MULTREAD:
2338 if (!s->mult_sectors)
2339 goto abort_cmd;
2340 ide_cmd_lba48_transform(s, lba48);
2341 s->req_nb_sectors = s->mult_sectors;
2342 ide_sector_read(s);
2343 break;
2344 case WIN_MULTWRITE_EXT:
2345 lba48 = 1;
2346 case WIN_MULTWRITE:
2347 case CFA_WRITE_MULTI_WO_ERASE:
2348 if (!s->mult_sectors)
2349 goto abort_cmd;
2350 ide_cmd_lba48_transform(s, lba48);
2351 s->error = 0;
2352 s->status = SEEK_STAT | READY_STAT;
2353 s->req_nb_sectors = s->mult_sectors;
2354 n = s->nsector;
2355 if (n > s->req_nb_sectors)
2356 n = s->req_nb_sectors;
2357 ide_transfer_start(s, s->io_buffer, 512 * n, ide_sector_write);
2358 s->media_changed = 1;
2359 break;
2360 case WIN_READDMA_EXT:
2361 lba48 = 1;
2362 case WIN_READDMA:
2363 case WIN_READDMA_ONCE:
2364 if (!s->bs)
2365 goto abort_cmd;
2366 ide_cmd_lba48_transform(s, lba48);
2367 ide_sector_read_dma(s);
2368 break;
2369 case WIN_WRITEDMA_EXT:
2370 lba48 = 1;
2371 case WIN_WRITEDMA:
2372 case WIN_WRITEDMA_ONCE:
2373 if (!s->bs)
2374 goto abort_cmd;
2375 ide_cmd_lba48_transform(s, lba48);
2376 ide_sector_write_dma(s);
2377 s->media_changed = 1;
2378 break;
2379 case WIN_READ_NATIVE_MAX_EXT:
2380 lba48 = 1;
2381 case WIN_READ_NATIVE_MAX:
2382 ide_cmd_lba48_transform(s, lba48);
2383 ide_set_sector(s, s->nb_sectors - 1);
2384 s->status = READY_STAT | SEEK_STAT;
2385 ide_set_irq(s);
2386 break;
2387 case WIN_CHECKPOWERMODE1:
2388 case WIN_CHECKPOWERMODE2:
2389 s->nsector = 0xff; /* device active or idle */
2390 s->status = READY_STAT | SEEK_STAT;
2391 ide_set_irq(s);
2392 break;
2393 case WIN_SETFEATURES:
2394 if (!s->bs)
2395 goto abort_cmd;
2396 /* XXX: valid for CDROM ? */
2397 switch(s->feature) {
2398 case 0xcc: /* reverting to power-on defaults enable */
2399 case 0x66: /* reverting to power-on defaults disable */
2400 case 0x02: /* write cache enable */
2401 case 0x82: /* write cache disable */
2402 case 0xaa: /* read look-ahead enable */
2403 case 0x55: /* read look-ahead disable */
2404 case 0x05: /* set advanced power management mode */
2405 case 0x85: /* disable advanced power management mode */
2406 case 0x69: /* NOP */
2407 case 0x67: /* NOP */
2408 case 0x96: /* NOP */
2409 case 0x9a: /* NOP */
2410 case 0x42: /* enable Automatic Acoustic Mode */
2411 case 0xc2: /* disable Automatic Acoustic Mode */
2412 s->status = READY_STAT | SEEK_STAT;
2413 ide_set_irq(s);
2414 break;
2415 case 0x03: { /* set transfer mode */
2416 uint8_t val = s->nsector & 0x07;
2417
2418 switch (s->nsector >> 3) {
2419 case 0x00: /* pio default */
2420 case 0x01: /* pio mode */
2421 put_le16(s->identify_data + 62,0x07);
2422 put_le16(s->identify_data + 63,0x07);
2423 put_le16(s->identify_data + 88,0x3f);
2424 break;
2425 case 0x02: /* sigle word dma mode*/
2426 put_le16(s->identify_data + 62,0x07 | (1 << (val + 8)));
2427 put_le16(s->identify_data + 63,0x07);
2428 put_le16(s->identify_data + 88,0x3f);
2429 break;
2430 case 0x04: /* mdma mode */
2431 put_le16(s->identify_data + 62,0x07);
2432 put_le16(s->identify_data + 63,0x07 | (1 << (val + 8)));
2433 put_le16(s->identify_data + 88,0x3f);
2434 break;
2435 case 0x08: /* udma mode */
2436 put_le16(s->identify_data + 62,0x07);
2437 put_le16(s->identify_data + 63,0x07);
2438 put_le16(s->identify_data + 88,0x3f | (1 << (val + 8)));
2439 break;
2440 default:
2441 goto abort_cmd;
2442 }
2443 s->status = READY_STAT | SEEK_STAT;
2444 ide_set_irq(s);
2445 break;
2446 }
2447 default:
2448 goto abort_cmd;
2449 }
2450 break;
2451 case WIN_FLUSH_CACHE:
2452 case WIN_FLUSH_CACHE_EXT:
2453 if (s->bs)
2454 bdrv_flush(s->bs);
2455 s->status = READY_STAT | SEEK_STAT;
2456 ide_set_irq(s);
2457 break;
2458 case WIN_STANDBY:
2459 case WIN_STANDBY2:
2460 case WIN_STANDBYNOW1:
2461 case WIN_STANDBYNOW2:
2462 case WIN_IDLEIMMEDIATE:
2463 case CFA_IDLEIMMEDIATE:
2464 case WIN_SETIDLE1:
2465 case WIN_SETIDLE2:
2466 case WIN_SLEEPNOW1:
2467 case WIN_SLEEPNOW2:
2468 s->status = READY_STAT;
2469 ide_set_irq(s);
2470 break;
2471 case WIN_SEEK:
2472 if(s->is_cdrom)
2473 goto abort_cmd;
2474 /* XXX: Check that seek is within bounds */
2475 s->status = READY_STAT | SEEK_STAT;
2476 ide_set_irq(s);
2477 break;
2478 /* ATAPI commands */
2479 case WIN_PIDENTIFY:
2480 if (s->is_cdrom) {
2481 ide_atapi_identify(s);
2482 s->status = READY_STAT | SEEK_STAT;
2483 ide_transfer_start(s, s->io_buffer, 512, ide_transfer_stop);
2484 } else {
2485 ide_abort_command(s);
2486 }
2487 ide_set_irq(s);
2488 break;
2489 case WIN_DIAGNOSE:
2490 ide_set_signature(s);
2491 if (s->is_cdrom)
2492 s->status = 0; /* ATAPI spec (v6) section 9.10 defines packet
2493 * devices to return a clear status register
2494 * with READY_STAT *not* set. */
2495 else
2496 s->status = READY_STAT | SEEK_STAT;
2497 s->error = 0x01; /* Device 0 passed, Device 1 passed or not
2498 * present.
2499 */
2500 ide_set_irq(s);
2501 break;
2502 case WIN_SRST:
2503 if (!s->is_cdrom)
2504 goto abort_cmd;
2505 ide_set_signature(s);
2506 s->status = 0x00; /* NOTE: READY is _not_ set */
2507 s->error = 0x01;
2508 break;
2509 case WIN_PACKETCMD:
2510 if (!s->is_cdrom)
2511 goto abort_cmd;
2512 /* overlapping commands not supported */
2513 if (s->feature & 0x02)
2514 goto abort_cmd;
2515 s->status = READY_STAT | SEEK_STAT;
2516 s->atapi_dma = s->feature & 1;
2517 s->nsector = 1;
2518 ide_transfer_start(s, s->io_buffer, ATAPI_PACKET_SIZE,
2519 ide_atapi_cmd);
2520 break;
2521 /* CF-ATA commands */
2522 case CFA_REQ_EXT_ERROR_CODE:
2523 if (!s->is_cf)
2524 goto abort_cmd;
2525 s->error = 0x09; /* miscellaneous error */
2526 s->status = READY_STAT | SEEK_STAT;
2527 ide_set_irq(s);
2528 break;
2529 case CFA_ERASE_SECTORS:
2530 case CFA_WEAR_LEVEL:
2531 if (!s->is_cf)
2532 goto abort_cmd;
2533 if (val == CFA_WEAR_LEVEL)
2534 s->nsector = 0;
2535 if (val == CFA_ERASE_SECTORS)
2536 s->media_changed = 1;
2537 s->error = 0x00;
2538 s->status = READY_STAT | SEEK_STAT;
2539 ide_set_irq(s);
2540 break;
2541 case CFA_TRANSLATE_SECTOR:
2542 if (!s->is_cf)
2543 goto abort_cmd;
2544 s->error = 0x00;
2545 s->status = READY_STAT | SEEK_STAT;
2546 memset(s->io_buffer, 0, 0x200);
2547 s->io_buffer[0x00] = s->hcyl; /* Cyl MSB */
2548 s->io_buffer[0x01] = s->lcyl; /* Cyl LSB */
2549 s->io_buffer[0x02] = s->select; /* Head */
2550 s->io_buffer[0x03] = s->sector; /* Sector */
2551 s->io_buffer[0x04] = ide_get_sector(s) >> 16; /* LBA MSB */
2552 s->io_buffer[0x05] = ide_get_sector(s) >> 8; /* LBA */
2553 s->io_buffer[0x06] = ide_get_sector(s) >> 0; /* LBA LSB */
2554 s->io_buffer[0x13] = 0x00; /* Erase flag */
2555 s->io_buffer[0x18] = 0x00; /* Hot count */
2556 s->io_buffer[0x19] = 0x00; /* Hot count */
2557 s->io_buffer[0x1a] = 0x01; /* Hot count */
2558 ide_transfer_start(s, s->io_buffer, 0x200, ide_transfer_stop);
2559 ide_set_irq(s);
2560 break;
2561 case CFA_ACCESS_METADATA_STORAGE:
2562 if (!s->is_cf)
2563 goto abort_cmd;
2564 switch (s->feature) {
2565 case 0x02: /* Inquiry Metadata Storage */
2566 ide_cfata_metadata_inquiry(s);
2567 break;
2568 case 0x03: /* Read Metadata Storage */
2569 ide_cfata_metadata_read(s);
2570 break;
2571 case 0x04: /* Write Metadata Storage */
2572 ide_cfata_metadata_write(s);
2573 break;
2574 default:
2575 goto abort_cmd;
2576 }
2577 ide_transfer_start(s, s->io_buffer, 0x200, ide_transfer_stop);
2578 s->status = 0x00; /* NOTE: READY is _not_ set */
2579 ide_set_irq(s);
2580 break;
2581 case IBM_SENSE_CONDITION:
2582 if (!s->is_cf)
2583 goto abort_cmd;
2584 switch (s->feature) {
2585 case 0x01: /* sense temperature in device */
2586 s->nsector = 0x50; /* +20 C */
2587 break;
2588 default:
2589 goto abort_cmd;
2590 }
2591 s->status = READY_STAT | SEEK_STAT;
2592 ide_set_irq(s);
2593 break;
2594 default:
2595 abort_cmd:
2596 ide_abort_command(s);
2597 ide_set_irq(s);
2598 break;
2599 }
2600 }
2601 }
2602
2603 static uint32_t ide_ioport_read(void *opaque, uint32_t addr1)
2604 {
2605 IDEState *ide_if = opaque;
2606 IDEState *s = ide_if->cur_drive;
2607 uint32_t addr;
2608 int ret, hob;
2609
2610 addr = addr1 & 7;
2611 /* FIXME: HOB readback uses bit 7, but it's always set right now */
2612 //hob = s->select & (1 << 7);
2613 hob = 0;
2614 switch(addr) {
2615 case 0:
2616 ret = 0xff;
2617 break;
2618 case 1:
2619 if ((!ide_if[0].bs && !ide_if[1].bs) ||
2620 (s != ide_if && !s->bs))
2621 ret = 0;
2622 else if (!hob)
2623 ret = s->error;
2624 else
2625 ret = s->hob_feature;
2626 break;
2627 case 2:
2628 if (!ide_if[0].bs && !ide_if[1].bs)
2629 ret = 0;
2630 else if (!hob)
2631 ret = s->nsector & 0xff;
2632 else
2633 ret = s->hob_nsector;
2634 break;
2635 case 3:
2636 if (!ide_if[0].bs && !ide_if[1].bs)
2637 ret = 0;
2638 else if (!hob)
2639 ret = s->sector;
2640 else
2641 ret = s->hob_sector;
2642 break;
2643 case 4:
2644 if (!ide_if[0].bs && !ide_if[1].bs)
2645 ret = 0;
2646 else if (!hob)
2647 ret = s->lcyl;
2648 else
2649 ret = s->hob_lcyl;
2650 break;
2651 case 5:
2652 if (!ide_if[0].bs && !ide_if[1].bs)
2653 ret = 0;
2654 else if (!hob)
2655 ret = s->hcyl;
2656 else
2657 ret = s->hob_hcyl;
2658 break;
2659 case 6:
2660 if (!ide_if[0].bs && !ide_if[1].bs)
2661 ret = 0;
2662 else
2663 ret = s->select;
2664 break;
2665 default:
2666 case 7:
2667 if ((!ide_if[0].bs && !ide_if[1].bs) ||
2668 (s != ide_if && !s->bs))
2669 ret = 0;
2670 else
2671 ret = s->status;
2672 qemu_irq_lower(s->irq);
2673 break;
2674 }
2675 #ifdef DEBUG_IDE
2676 printf("ide: read addr=0x%x val=%02x\n", addr1, ret);
2677 #endif
2678 return ret;
2679 }
2680
2681 static uint32_t ide_status_read(void *opaque, uint32_t addr)
2682 {
2683 IDEState *ide_if = opaque;
2684 IDEState *s = ide_if->cur_drive;
2685 int ret;
2686
2687 if ((!ide_if[0].bs && !ide_if[1].bs) ||
2688 (s != ide_if && !s->bs))
2689 ret = 0;
2690 else
2691 ret = s->status;
2692 #ifdef DEBUG_IDE
2693 printf("ide: read status addr=0x%x val=%02x\n", addr, ret);
2694 #endif
2695 return ret;
2696 }
2697
2698 static void ide_cmd_write(void *opaque, uint32_t addr, uint32_t val)
2699 {
2700 IDEState *ide_if = opaque;
2701 IDEState *s;
2702 int i;
2703
2704 #ifdef DEBUG_IDE
2705 printf("ide: write control addr=0x%x val=%02x\n", addr, val);
2706 #endif
2707 /* common for both drives */
2708 if (!(ide_if[0].cmd & IDE_CMD_RESET) &&
2709 (val & IDE_CMD_RESET)) {
2710 /* reset low to high */
2711 for(i = 0;i < 2; i++) {
2712 s = &ide_if[i];
2713 s->status = BUSY_STAT | SEEK_STAT;
2714 s->error = 0x01;
2715 }
2716 } else if ((ide_if[0].cmd & IDE_CMD_RESET) &&
2717 !(val & IDE_CMD_RESET)) {
2718 /* high to low */
2719 for(i = 0;i < 2; i++) {
2720 s = &ide_if[i];
2721 if (s->is_cdrom)
2722 s->status = 0x00; /* NOTE: READY is _not_ set */
2723 else
2724 s->status = READY_STAT | SEEK_STAT;
2725 ide_set_signature(s);
2726 }
2727 }
2728
2729 ide_if[0].cmd = val;
2730 ide_if[1].cmd = val;
2731 }
2732
2733 static void ide_data_writew(void *opaque, uint32_t addr, uint32_t val)
2734 {
2735 IDEState *s = ((IDEState *)opaque)->cur_drive;
2736 uint8_t *p;
2737
2738 /* PIO data access allowed only when DRQ bit is set */
2739 if (!(s->status & DRQ_STAT))
2740 return;
2741
2742 p = s->data_ptr;
2743 *(uint16_t *)p = le16_to_cpu(val);
2744 p += 2;
2745 s->data_ptr = p;
2746 if (p >= s->data_end)
2747 s->end_transfer_func(s);
2748 }
2749
2750 static uint32_t ide_data_readw(void *opaque, uint32_t addr)
2751 {
2752 IDEState *s = ((IDEState *)opaque)->cur_drive;
2753 uint8_t *p;
2754 int ret;
2755
2756 /* PIO data access allowed only when DRQ bit is set */
2757 if (!(s->status & DRQ_STAT))
2758 return 0;
2759
2760 p = s->data_ptr;
2761 ret = cpu_to_le16(*(uint16_t *)p);
2762 p += 2;
2763 s->data_ptr = p;
2764 if (p >= s->data_end)
2765 s->end_transfer_func(s);
2766 return ret;
2767 }
2768
2769 static void ide_data_writel(void *opaque, uint32_t addr, uint32_t val)
2770 {
2771 IDEState *s = ((IDEState *)opaque)->cur_drive;
2772 uint8_t *p;
2773
2774 /* PIO data access allowed only when DRQ bit is set */
2775 if (!(s->status & DRQ_STAT))
2776 return;
2777
2778 p = s->data_ptr;
2779 *(uint32_t *)p = le32_to_cpu(val);
2780 p += 4;
2781 s->data_ptr = p;
2782 if (p >= s->data_end)
2783 s->end_transfer_func(s);
2784 }
2785
2786 static uint32_t ide_data_readl(void *opaque, uint32_t addr)
2787 {
2788 IDEState *s = ((IDEState *)opaque)->cur_drive;
2789 uint8_t *p;
2790 int ret;
2791
2792 /* PIO data access allowed only when DRQ bit is set */
2793 if (!(s->status & DRQ_STAT))
2794 return 0;
2795
2796 p = s->data_ptr;
2797 ret = cpu_to_le32(*(uint32_t *)p);
2798 p += 4;
2799 s->data_ptr = p;
2800 if (p >= s->data_end)
2801 s->end_transfer_func(s);
2802 return ret;
2803 }
2804
2805 static void ide_dummy_transfer_stop(IDEState *s)
2806 {
2807 s->data_ptr = s->io_buffer;
2808 s->data_end = s->io_buffer;
2809 s->io_buffer[0] = 0xff;
2810 s->io_buffer[1] = 0xff;
2811 s->io_buffer[2] = 0xff;
2812 s->io_buffer[3] = 0xff;
2813 }
2814
2815 static void ide_reset(IDEState *s)
2816 {
2817 if (s->is_cf)
2818 s->mult_sectors = 0;
2819 else
2820 s->mult_sectors = MAX_MULT_SECTORS;
2821 s->cur_drive = s;
2822 s->select = 0xa0;
2823 s->status = READY_STAT | SEEK_STAT;
2824 ide_set_signature(s);
2825 /* init the transfer handler so that 0xffff is returned on data
2826 accesses */
2827 s->end_transfer_func = ide_dummy_transfer_stop;
2828 ide_dummy_transfer_stop(s);
2829 s->media_changed = 0;
2830 }
2831
2832 static void ide_init2(IDEState *ide_state,
2833 BlockDriverState *hd0, BlockDriverState *hd1,
2834 qemu_irq irq)
2835 {
2836 IDEState *s;
2837 static int drive_serial = 1;
2838 int i, cylinders, heads, secs;
2839 uint64_t nb_sectors;
2840
2841 for(i = 0; i < 2; i++) {
2842 s = ide_state + i;
2843 s->io_buffer = qemu_memalign(512, IDE_DMA_BUF_SECTORS*512 + 4);
2844 if (i == 0)
2845 s->bs = hd0;
2846 else
2847 s->bs = hd1;
2848 if (s->bs) {
2849 bdrv_get_geometry(s->bs, &nb_sectors);
2850 bdrv_guess_geometry(s->bs, &cylinders, &heads, &secs);
2851 s->cylinders = cylinders;
2852 s->heads = heads;
2853 s->sectors = secs;
2854 s->nb_sectors = nb_sectors;
2855
2856 if (bdrv_get_type_hint(s->bs) == BDRV_TYPE_CDROM) {
2857 s->is_cdrom = 1;
2858 bdrv_set_change_cb(s->bs, cdrom_change_cb, s);
2859 }
2860 }
2861 s->drive_serial = drive_serial++;
2862 strncpy(s->drive_serial_str, drive_get_serial(s->bs),
2863 sizeof(s->drive_serial_str));
2864 if (strlen(s->drive_serial_str) == 0)
2865 snprintf(s->drive_serial_str, sizeof(s->drive_serial_str),
2866 "QM%05d", s->drive_serial);
2867 s->irq = irq;
2868 s->sector_write_timer = qemu_new_timer(vm_clock,
2869 ide_sector_write_timer_cb, s);
2870 ide_reset(s);
2871 }
2872 }
2873
2874 static void ide_init_ioport(IDEState *ide_state, int iobase, int iobase2)
2875 {
2876 register_ioport_write(iobase, 8, 1, ide_ioport_write, ide_state);
2877 register_ioport_read(iobase, 8, 1, ide_ioport_read, ide_state);
2878 if (iobase2) {
2879 register_ioport_read(iobase2, 1, 1, ide_status_read, ide_state);
2880 register_ioport_write(iobase2, 1, 1, ide_cmd_write, ide_state);
2881 }
2882
2883 /* data ports */
2884 register_ioport_write(iobase, 2, 2, ide_data_writew, ide_state);
2885 register_ioport_read(iobase, 2, 2, ide_data_readw, ide_state);
2886 register_ioport_write(iobase, 4, 4, ide_data_writel, ide_state);
2887 register_ioport_read(iobase, 4, 4, ide_data_readl, ide_state);
2888 }
2889
2890 /* save per IDE drive data */
2891 static void ide_save(QEMUFile* f, IDEState *s)
2892 {
2893 qemu_put_be32(f, s->mult_sectors);
2894 qemu_put_be32(f, s->identify_set);
2895 if (s->identify_set) {
2896 qemu_put_buffer(f, (const uint8_t *)s->identify_data, 512);
2897 }
2898 qemu_put_8s(f, &s->feature);
2899 qemu_put_8s(f, &s->error);
2900 qemu_put_be32s(f, &s->nsector);
2901 qemu_put_8s(f, &s->sector);
2902 qemu_put_8s(f, &s->lcyl);
2903 qemu_put_8s(f, &s->hcyl);
2904 qemu_put_8s(f, &s->hob_feature);
2905 qemu_put_8s(f, &s->hob_nsector);
2906 qemu_put_8s(f, &s->hob_sector);
2907 qemu_put_8s(f, &s->hob_lcyl);
2908 qemu_put_8s(f, &s->hob_hcyl);
2909 qemu_put_8s(f, &s->select);
2910 qemu_put_8s(f, &s->status);
2911 qemu_put_8s(f, &s->lba48);
2912
2913 qemu_put_8s(f, &s->sense_key);
2914 qemu_put_8s(f, &s->asc);
2915 /* XXX: if a transfer is pending, we do not save it yet */
2916 }
2917
2918 /* load per IDE drive data */
2919 static void ide_load(QEMUFile* f, IDEState *s)
2920 {
2921 s->mult_sectors=qemu_get_be32(f);
2922 s->identify_set=qemu_get_be32(f);
2923 if (s->identify_set) {
2924 qemu_get_buffer(f, (uint8_t *)s->identify_data, 512);
2925 }
2926 qemu_get_8s(f, &s->feature);
2927 qemu_get_8s(f, &s->error);
2928 qemu_get_be32s(f, &s->nsector);
2929 qemu_get_8s(f, &s->sector);
2930 qemu_get_8s(f, &s->lcyl);
2931 qemu_get_8s(f, &s->hcyl);
2932 qemu_get_8s(f, &s->hob_feature);
2933 qemu_get_8s(f, &s->hob_nsector);
2934 qemu_get_8s(f, &s->hob_sector);
2935 qemu_get_8s(f, &s->hob_lcyl);
2936 qemu_get_8s(f, &s->hob_hcyl);
2937 qemu_get_8s(f, &s->select);
2938 qemu_get_8s(f, &s->status);
2939 qemu_get_8s(f, &s->lba48);
2940
2941 qemu_get_8s(f, &s->sense_key);
2942 qemu_get_8s(f, &s->asc);
2943 /* XXX: if a transfer is pending, we do not save it yet */
2944 }
2945
2946 /***********************************************************/
2947 /* ISA IDE definitions */
2948
2949 void isa_ide_init(int iobase, int iobase2, qemu_irq irq,
2950 BlockDriverState *hd0, BlockDriverState *hd1)
2951 {
2952 IDEState *ide_state;
2953
2954 ide_state = qemu_mallocz(sizeof(IDEState) * 2);
2955 if (!ide_state)
2956 return;
2957
2958 ide_init2(ide_state, hd0, hd1, irq);
2959 ide_init_ioport(ide_state, iobase, iobase2);
2960 }
2961
2962 /***********************************************************/
2963 /* PCI IDE definitions */
2964
2965 static void cmd646_update_irq(PCIIDEState *d);
2966
2967 static void ide_map(PCIDevice *pci_dev, int region_num,
2968 uint32_t addr, uint32_t size, int type)
2969 {
2970 PCIIDEState *d = (PCIIDEState *)pci_dev;
2971 IDEState *ide_state;
2972
2973 if (region_num <= 3) {
2974 ide_state = &d->ide_if[(region_num >> 1) * 2];
2975 if (region_num & 1) {
2976 register_ioport_read(addr + 2, 1, 1, ide_status_read, ide_state);
2977 register_ioport_write(addr + 2, 1, 1, ide_cmd_write, ide_state);
2978 } else {
2979 register_ioport_write(addr, 8, 1, ide_ioport_write, ide_state);
2980 register_ioport_read(addr, 8, 1, ide_ioport_read, ide_state);
2981
2982 /* data ports */
2983 register_ioport_write(addr, 2, 2, ide_data_writew, ide_state);
2984 register_ioport_read(addr, 2, 2, ide_data_readw, ide_state);
2985 register_ioport_write(addr, 4, 4, ide_data_writel, ide_state);
2986 register_ioport_read(addr, 4, 4, ide_data_readl, ide_state);
2987 }
2988 }
2989 }
2990
2991 static void ide_dma_start(IDEState *s, BlockDriverCompletionFunc *dma_cb)
2992 {
2993 BMDMAState *bm = s->bmdma;
2994 if(!bm)
2995 return;
2996 bm->ide_if = s;
2997 bm->dma_cb = dma_cb;
2998 bm->cur_prd_last = 0;
2999 bm->cur_prd_addr = 0;
3000 bm->cur_prd_len = 0;
3001 bm->sector_num = ide_get_sector(s);
3002 bm->nsector = s->nsector;
3003 if (bm->status & BM_STATUS_DMAING) {
3004 bm->dma_cb(bm, 0);
3005 }
3006 }
3007
3008 static void ide_dma_restart(IDEState *s)
3009 {
3010 BMDMAState *bm = s->bmdma;
3011 ide_set_sector(s, bm->sector_num);
3012 s->io_buffer_index = 0;
3013 s->io_buffer_size = 0;
3014 s->nsector = bm->nsector;
3015 bm->cur_addr = bm->addr;
3016 bm->dma_cb = ide_write_dma_cb;
3017 ide_dma_start(s, bm->dma_cb);
3018 }
3019
3020 static void ide_dma_cancel(BMDMAState *bm)
3021 {
3022 if (bm->status & BM_STATUS_DMAING) {
3023 bm->status &= ~BM_STATUS_DMAING;
3024 /* cancel DMA request */
3025 bm->ide_if = NULL;
3026 bm->dma_cb = NULL;
3027 if (bm->aiocb) {
3028 #ifdef DEBUG_AIO
3029 printf("aio_cancel\n");
3030 #endif
3031 bdrv_aio_cancel(bm->aiocb);
3032 bm->aiocb = NULL;
3033 }
3034 }
3035 }
3036
3037 static void bmdma_cmd_writeb(void *opaque, uint32_t addr, uint32_t val)
3038 {
3039 BMDMAState *bm = opaque;
3040 #ifdef DEBUG_IDE
3041 printf("%s: 0x%08x\n", __func__, val);
3042 #endif
3043 if (!(val & BM_CMD_START)) {
3044 /* XXX: do it better */
3045 ide_dma_cancel(bm);
3046 bm->cmd = val & 0x09;
3047 } else {
3048 if (!(bm->status & BM_STATUS_DMAING)) {
3049 bm->status |= BM_STATUS_DMAING;
3050 /* start dma transfer if possible */
3051 if (bm->dma_cb)
3052 bm->dma_cb(bm, 0);
3053 }
3054 bm->cmd = val & 0x09;
3055 }
3056 }
3057
3058 static uint32_t bmdma_readb(void *opaque, uint32_t addr)
3059 {
3060 BMDMAState *bm = opaque;
3061 PCIIDEState *pci_dev;
3062 uint32_t val;
3063
3064 switch(addr & 3) {
3065 case 0:
3066 val = bm->cmd;
3067 break;
3068 case 1:
3069 pci_dev = bm->pci_dev;
3070 if (pci_dev->type == IDE_TYPE_CMD646) {
3071 val = pci_dev->dev.config[MRDMODE];
3072 } else {
3073 val = 0xff;
3074 }
3075 break;
3076 case 2:
3077 val = bm->status;
3078 break;
3079 case 3:
3080 pci_dev = bm->pci_dev;
3081 if (pci_dev->type == IDE_TYPE_CMD646) {
3082 if (bm == &pci_dev->bmdma[0])
3083 val = pci_dev->dev.config[UDIDETCR0];
3084 else
3085 val = pci_dev->dev.config[UDIDETCR1];
3086 } else {
3087 val = 0xff;
3088 }
3089 break;
3090 default:
3091 val = 0xff;
3092 break;
3093 }
3094 #ifdef DEBUG_IDE
3095 printf("bmdma: readb 0x%02x : 0x%02x\n", addr, val);
3096 #endif
3097 return val;
3098 }
3099
3100 static void bmdma_writeb(void *opaque, uint32_t addr, uint32_t val)
3101 {
3102 BMDMAState *bm = opaque;
3103 PCIIDEState *pci_dev;
3104 #ifdef DEBUG_IDE
3105 printf("bmdma: writeb 0x%02x : 0x%02x\n", addr, val);
3106 #endif
3107 switch(addr & 3) {
3108 case 1:
3109 pci_dev = bm->pci_dev;
3110 if (pci_dev->type == IDE_TYPE_CMD646) {
3111 pci_dev->dev.config[MRDMODE] =
3112 (pci_dev->dev.config[MRDMODE] & ~0x30) | (val & 0x30);
3113 cmd646_update_irq(pci_dev);
3114 }
3115 break;
3116 case 2:
3117 bm->status = (val & 0x60) | (bm->status & 1) | (bm->status & ~val & 0x06);
3118 break;
3119 case 3:
3120 pci_dev = bm->pci_dev;
3121 if (pci_dev->type == IDE_TYPE_CMD646) {
3122 if (bm == &pci_dev->bmdma[0])
3123 pci_dev->dev.config[UDIDETCR0] = val;
3124 else
3125 pci_dev->dev.config[UDIDETCR1] = val;
3126 }
3127 break;
3128 }
3129 }
3130
3131 static uint32_t bmdma_addr_readb(void *opaque, uint32_t addr)
3132 {
3133 BMDMAState *bm = opaque;
3134 uint32_t val;
3135 val = (bm->addr >> ((addr & 3) * 8)) & 0xff;
3136 #ifdef DEBUG_IDE
3137 printf("%s: 0x%08x\n", __func__, val);
3138 #endif
3139 return val;
3140 }
3141
3142 static void bmdma_addr_writeb(void *opaque, uint32_t addr, uint32_t val)
3143 {
3144 BMDMAState *bm = opaque;
3145 int shift = (addr & 3) * 8;
3146 #ifdef DEBUG_IDE
3147 printf("%s: 0x%08x\n", __func__, val);
3148 #endif
3149 bm->addr &= ~(0xFF << shift);
3150 bm->addr |= ((val & 0xFF) << shift) & ~3;
3151 bm->cur_addr = bm->addr;
3152 }
3153
3154 static uint32_t bmdma_addr_readw(void *opaque, uint32_t addr)
3155 {
3156 BMDMAState *bm = opaque;
3157 uint32_t val;
3158 val = (bm->addr >> ((addr & 3) * 8)) & 0xffff;
3159 #ifdef DEBUG_IDE
3160 printf("%s: 0x%08x\n", __func__, val);
3161 #endif
3162 return val;
3163 }
3164
3165 static void bmdma_addr_writew(void *opaque, uint32_t addr, uint32_t val)
3166 {
3167 BMDMAState *bm = opaque;
3168 int shift = (addr & 3) * 8;
3169 #ifdef DEBUG_IDE
3170 printf("%s: 0x%08x\n", __func__, val);
3171 #endif
3172 bm->addr &= ~(0xFFFF << shift);
3173 bm->addr |= ((val & 0xFFFF) << shift) & ~3;
3174 bm->cur_addr = bm->addr;
3175 }
3176
3177 static uint32_t bmdma_addr_readl(void *opaque, uint32_t addr)
3178 {
3179 BMDMAState *bm = opaque;
3180 uint32_t val;
3181 val = bm->addr;
3182 #ifdef DEBUG_IDE
3183 printf("%s: 0x%08x\n", __func__, val);
3184 #endif
3185 return val;
3186 }
3187
3188 static void bmdma_addr_writel(void *opaque, uint32_t addr, uint32_t val)
3189 {
3190 BMDMAState *bm = opaque;
3191 #ifdef DEBUG_IDE
3192 printf("%s: 0x%08x\n", __func__, val);
3193 #endif
3194 bm->addr = val & ~3;
3195 bm->cur_addr = bm->addr;
3196 }
3197
3198 static void bmdma_map(PCIDevice *pci_dev, int region_num,
3199 uint32_t addr, uint32_t size, int type)
3200 {
3201 PCIIDEState *d = (PCIIDEState *)pci_dev;
3202 int i;
3203
3204 for(i = 0;i < 2; i++) {
3205 BMDMAState *bm = &d->bmdma[i];
3206 d->ide_if[2 * i].bmdma = bm;
3207 d->ide_if[2 * i + 1].bmdma = bm;
3208 bm->pci_dev = (PCIIDEState *)pci_dev;
3209 qemu_add_vm_change_state_handler(ide_dma_restart_cb, bm);
3210
3211 register_ioport_write(addr, 1, 1, bmdma_cmd_writeb, bm);
3212
3213 register_ioport_write(addr + 1, 3, 1, bmdma_writeb, bm);
3214 register_ioport_read(addr, 4, 1, bmdma_readb, bm);
3215
3216 register_ioport_write(addr + 4, 4, 1, bmdma_addr_writeb, bm);
3217 register_ioport_read(addr + 4, 4, 1, bmdma_addr_readb, bm);
3218 register_ioport_write(addr + 4, 4, 2, bmdma_addr_writew, bm);
3219 register_ioport_read(addr + 4, 4, 2, bmdma_addr_readw, bm);
3220 register_ioport_write(addr + 4, 4, 4, bmdma_addr_writel, bm);
3221 register_ioport_read(addr + 4, 4, 4, bmdma_addr_readl, bm);
3222 addr += 8;
3223 }
3224 }
3225
3226 static void pci_ide_save(QEMUFile* f, void *opaque)
3227 {
3228 PCIIDEState *d = opaque;
3229 int i;
3230
3231 pci_device_save(&d->dev, f);
3232
3233 for(i = 0; i < 2; i++) {
3234 BMDMAState *bm = &d->bmdma[i];
3235 uint8_t ifidx;
3236 qemu_put_8s(f, &bm->cmd);
3237 qemu_put_8s(f, &bm->status);
3238 qemu_put_be32s(f, &bm->addr);
3239 qemu_put_sbe64s(f, &bm->sector_num);
3240 qemu_put_be32s(f, &bm->nsector);
3241 ifidx = bm->ide_if ? bm->ide_if - d->ide_if : 0;
3242 qemu_put_8s(f, &ifidx);
3243 /* XXX: if a transfer is pending, we do not save it yet */
3244 }
3245
3246 /* per IDE interface data */
3247 for(i = 0; i < 2; i++) {
3248 IDEState *s = &d->ide_if[i * 2];
3249 uint8_t drive1_selected;
3250 qemu_put_8s(f, &s->cmd);
3251 drive1_selected = (s->cur_drive != s);
3252 qemu_put_8s(f, &drive1_selected);
3253 }
3254
3255 /* per IDE drive data */
3256 for(i = 0; i < 4; i++) {
3257 ide_save(f, &d->ide_if[i]);
3258 }
3259 }
3260
3261 static int pci_ide_load(QEMUFile* f, void *opaque, int version_id)
3262 {
3263 PCIIDEState *d = opaque;
3264 int ret, i;
3265
3266 if (version_id != 2)
3267 return -EINVAL;
3268 ret = pci_device_load(&d->dev, f);
3269 if (ret < 0)
3270 return ret;
3271
3272 for(i = 0; i < 2; i++) {
3273 BMDMAState *bm = &d->bmdma[i];
3274 uint8_t ifidx;
3275 qemu_get_8s(f, &bm->cmd);
3276 qemu_get_8s(f, &bm->status);
3277 qemu_get_be32s(f, &bm->addr);
3278 qemu_get_sbe64s(f, &bm->sector_num);
3279 qemu_get_be32s(f, &bm->nsector);
3280 qemu_get_8s(f, &ifidx);
3281 bm->ide_if = &d->ide_if[ifidx];
3282 /* XXX: if a transfer is pending, we do not save it yet */
3283 }
3284
3285 /* per IDE interface data */
3286 for(i = 0; i < 2; i++) {
3287 IDEState *s = &d->ide_if[i * 2];
3288 uint8_t drive1_selected;
3289 qemu_get_8s(f, &s->cmd);
3290 qemu_get_8s(f, &drive1_selected);
3291 s->cur_drive = &d->ide_if[i * 2 + (drive1_selected != 0)];
3292 }
3293
3294 /* per IDE drive data */
3295 for(i = 0; i < 4; i++) {
3296 ide_load(f, &d->ide_if[i]);
3297 }
3298 return 0;
3299 }
3300
3301 /* XXX: call it also when the MRDMODE is changed from the PCI config
3302 registers */
3303 static void cmd646_update_irq(PCIIDEState *d)
3304 {
3305 int pci_level;
3306 pci_level = ((d->dev.config[MRDMODE] & MRDMODE_INTR_CH0) &&
3307 !(d->dev.config[MRDMODE] & MRDMODE_BLK_CH0)) ||
3308 ((d->dev.config[MRDMODE] & MRDMODE_INTR_CH1) &&
3309 !(d->dev.config[MRDMODE] & MRDMODE_BLK_CH1));
3310 qemu_set_irq(d->dev.irq[0], pci_level);
3311 }
3312
3313 /* the PCI irq level is the logical OR of the two channels */
3314 static void cmd646_set_irq(void *opaque, int channel, int level)
3315 {
3316 PCIIDEState *d = opaque;
3317 int irq_mask;
3318
3319 irq_mask = MRDMODE_INTR_CH0 << channel;
3320 if (level)
3321 d->dev.config[MRDMODE] |= irq_mask;
3322 else
3323 d->dev.config[MRDMODE] &= ~irq_mask;
3324 cmd646_update_irq(d);
3325 }
3326
3327 static void cmd646_reset(void *opaque)
3328 {
3329 PCIIDEState *d = opaque;
3330 unsigned int i;
3331
3332 for (i = 0; i < 2; i++)
3333 ide_dma_cancel(&d->bmdma[i]);
3334 }
3335
3336 /* CMD646 PCI IDE controller */
3337 void pci_cmd646_ide_init(PCIBus *bus, BlockDriverState **hd_table,
3338 int secondary_ide_enabled)
3339 {
3340 PCIIDEState *d;
3341 uint8_t *pci_conf;
3342 int i;
3343 qemu_irq *irq;
3344
3345 d = (PCIIDEState *)pci_register_device(bus, "CMD646 IDE",
3346 sizeof(PCIIDEState),
3347 -1,
3348 NULL, NULL);
3349 d->type = IDE_TYPE_CMD646;
3350 pci_conf = d->dev.config;
3351 pci_config_set_vendor_id(pci_conf, PCI_VENDOR_ID_CMD);
3352 pci_config_set_device_id(pci_conf, PCI_DEVICE_ID_CMD_646);
3353
3354 pci_conf[0x08] = 0x07; // IDE controller revision
3355 pci_conf[0x09] = 0x8f;
3356
3357 pci_config_set_class(pci_conf, PCI_CLASS_STORAGE_IDE);
3358 pci_conf[0x0e] = 0x00; // header_type
3359
3360 pci_conf[0x51] = 0x04; // enable IDE0
3361 if (secondary_ide_enabled) {
3362 /* XXX: if not enabled, really disable the seconday IDE controller */
3363 pci_conf[0x51] |= 0x08; /* enable IDE1 */
3364 }
3365
3366 pci_register_io_region((PCIDevice *)d, 0, 0x8,
3367 PCI_ADDRESS_SPACE_IO, ide_map);
3368 pci_register_io_region((PCIDevice *)d, 1, 0x4,
3369 PCI_ADDRESS_SPACE_IO, ide_map);
3370 pci_register_io_region((PCIDevice *)d, 2, 0x8,
3371 PCI_ADDRESS_SPACE_IO, ide_map);
3372 pci_register_io_region((PCIDevice *)d, 3, 0x4,
3373 PCI_ADDRESS_SPACE_IO, ide_map);
3374 pci_register_io_region((PCIDevice *)d, 4, 0x10,
3375 PCI_ADDRESS_SPACE_IO, bmdma_map);
3376
3377 pci_conf[0x3d] = 0x01; // interrupt on pin 1
3378
3379 for(i = 0; i < 4; i++)
3380 d->ide_if[i].pci_dev = (PCIDevice *)d;
3381
3382 irq = qemu_allocate_irqs(cmd646_set_irq, d, 2);
3383 ide_init2(&d->ide_if[0], hd_table[0], hd_table[1], irq[0]);
3384 ide_init2(&d->ide_if[2], hd_table[2], hd_table[3], irq[1]);
3385
3386 register_savevm("ide", 0, 2, pci_ide_save, pci_ide_load, d);
3387 qemu_register_reset(cmd646_reset, d);
3388 cmd646_reset(d);
3389 }
3390
3391 static void piix3_reset(void *opaque)
3392 {
3393 PCIIDEState *d = opaque;
3394 uint8_t *pci_conf = d->dev.config;
3395 int i;
3396
3397 for (i = 0; i < 2; i++)
3398 ide_dma_cancel(&d->bmdma[i]);
3399
3400 pci_conf[0x04] = 0x00;
3401 pci_conf[0x05] = 0x00;
3402 pci_conf[0x06] = 0x80; /* FBC */
3403 pci_conf[0x07] = 0x02; // PCI_status_devsel_medium
3404 pci_conf[0x20] = 0x01; /* BMIBA: 20-23h */
3405 }
3406
3407 /* hd_table must contain 4 block drivers */
3408 /* NOTE: for the PIIX3, the IRQs and IOports are hardcoded */
3409 void pci_piix3_ide_init(PCIBus *bus, BlockDriverState **hd_table, int devfn,
3410 qemu_irq *pic)
3411 {
3412 PCIIDEState *d;
3413 uint8_t *pci_conf;
3414 int i;
3415
3416 /* register a function 1 of PIIX3 */
3417 d = (PCIIDEState *)pci_register_device(bus, "PIIX3 IDE",
3418 sizeof(PCIIDEState),
3419 devfn,
3420 NULL, NULL);
3421 d->type = IDE_TYPE_PIIX3;
3422
3423 pci_conf = d->dev.config;
3424 pci_config_set_vendor_id(pci_conf, PCI_VENDOR_ID_INTEL);
3425 pci_config_set_device_id(pci_conf, PCI_DEVICE_ID_INTEL_82371SB_1);
3426 pci_conf[0x09] = 0x80; // legacy ATA mode
3427 pci_config_set_class(pci_conf, PCI_CLASS_STORAGE_IDE);
3428 pci_conf[0x0e] = 0x00; // header_type
3429
3430 qemu_register_reset(piix3_reset, d);
3431 piix3_reset(d);
3432
3433 pci_register_io_region((PCIDevice *)d, 4, 0x10,
3434 PCI_ADDRESS_SPACE_IO, bmdma_map);
3435
3436 ide_init2(&d->ide_if[0], hd_table[0], hd_table[1], pic[14]);
3437 ide_init2(&d->ide_if[2], hd_table[2], hd_table[3], pic[15]);
3438 ide_init_ioport(&d->ide_if[0], 0x1f0, 0x3f6);
3439 ide_init_ioport(&d->ide_if[2], 0x170, 0x376);
3440
3441 for (i = 0; i < 4; i++)
3442 if (hd_table[i])
3443 hd_table[i]->devfn = d->dev.devfn;
3444
3445 register_savevm("ide", 0, 2, pci_ide_save, pci_ide_load, d);
3446 }
3447
3448 /* hd_table must contain 4 block drivers */
3449 /* NOTE: for the PIIX4, the IRQs and IOports are hardcoded */
3450 void pci_piix4_ide_init(PCIBus *bus, BlockDriverState **hd_table, int devfn,
3451 qemu_irq *pic)
3452 {
3453 PCIIDEState *d;
3454 uint8_t *pci_conf;
3455
3456 /* register a function 1 of PIIX4 */
3457 d = (PCIIDEState *)pci_register_device(bus, "PIIX4 IDE",
3458 sizeof(PCIIDEState),
3459 devfn,
3460 NULL, NULL);
3461 d->type = IDE_TYPE_PIIX4;
3462
3463 pci_conf = d->dev.config;
3464 pci_config_set_vendor_id(pci_conf, PCI_VENDOR_ID_INTEL);
3465 pci_config_set_device_id(pci_conf, PCI_DEVICE_ID_INTEL_82371AB);
3466 pci_conf[0x09] = 0x80; // legacy ATA mode
3467 pci_config_set_class(pci_conf, PCI_CLASS_STORAGE_IDE);
3468 pci_conf[0x0e] = 0x00; // header_type
3469
3470 qemu_register_reset(piix3_reset, d);
3471 piix3_reset(d);
3472
3473 pci_register_io_region((PCIDevice *)d, 4, 0x10,
3474 PCI_ADDRESS_SPACE_IO, bmdma_map);
3475
3476 ide_init2(&d->ide_if[0], hd_table[0], hd_table[1], pic[14]);
3477 ide_init2(&d->ide_if[2], hd_table[2], hd_table[3], pic[15]);
3478 ide_init_ioport(&d->ide_if[0], 0x1f0, 0x3f6);
3479 ide_init_ioport(&d->ide_if[2], 0x170, 0x376);
3480
3481 register_savevm("ide", 0, 2, pci_ide_save, pci_ide_load, d);
3482 }
3483
3484 #if defined(TARGET_PPC)
3485 /***********************************************************/
3486 /* MacIO based PowerPC IDE */
3487
3488 typedef struct MACIOIDEState {
3489 IDEState ide_if[2];
3490 void *dbdma;
3491 int stream_index;
3492 } MACIOIDEState;
3493
3494 static int pmac_atapi_read(DBDMA_transfer *info, DBDMA_transfer_cb cb)
3495 {
3496 MACIOIDEState *m = info->opaque;
3497 IDEState *s = m->ide_if->cur_drive;
3498 int ret;
3499
3500 if (s->lba == -1)
3501 return 0;
3502
3503 info->buf_pos = 0;
3504
3505 while (info->buf_pos < info->len && s->packet_transfer_size > 0) {
3506
3507 ret = cd_read_sector(s->bs, s->lba, s->io_buffer, s->cd_sector_size);
3508 if (ret < 0) {
3509 ide_transfer_stop(s);
3510 ide_atapi_io_error(s, ret);
3511 return info->buf_pos;
3512 }
3513
3514 info->buf = s->io_buffer + m->stream_index;
3515
3516 info->buf_len = s->cd_sector_size;
3517 if (info->buf_pos + info->buf_len > info->len)
3518 info->buf_len = info->len - info->buf_pos;
3519
3520 cb(info);
3521
3522 /* db-dma can ask for 512 bytes whereas block size is 2048... */
3523
3524 m->stream_index += info->buf_len;
3525 s->lba += m->stream_index / s->cd_sector_size;
3526 m->stream_index %= s->cd_sector_size;
3527
3528 info->buf_pos += info->buf_len;
3529 s->packet_transfer_size -= info->buf_len;
3530 }
3531 if (s->packet_transfer_size <= 0) {
3532 s->status = READY_STAT | SEEK_STAT;
3533 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO
3534 | ATAPI_INT_REASON_CD;
3535 ide_set_irq(s);
3536 }
3537
3538 return info->buf_pos;
3539 }
3540
3541 static int pmac_ide_transfer(DBDMA_transfer *info,
3542 DBDMA_transfer_cb cb)
3543 {
3544 MACIOIDEState *m = info->opaque;
3545 IDEState *s = m->ide_if->cur_drive;
3546 int64_t sector_num;
3547 int ret, n;
3548
3549 if (s->is_cdrom)
3550 return pmac_atapi_read(info, cb);
3551
3552 info->buf = s->io_buffer;
3553 info->buf_pos = 0;
3554 while (info->buf_pos < info->len && s->nsector > 0) {
3555
3556 sector_num = ide_get_sector(s);
3557
3558 n = s->nsector;
3559 if (n > IDE_DMA_BUF_SECTORS)
3560 n = IDE_DMA_BUF_SECTORS;
3561
3562 info->buf_len = n << 9;
3563 if (info->buf_pos + info->buf_len > info->len)
3564 info->buf_len = info->len - info->buf_pos;
3565 n = info->buf_len >> 9;
3566
3567 if (s->is_read) {
3568 ret = bdrv_read(s->bs, sector_num, s->io_buffer, n);
3569 if (ret == 0)
3570 cb(info);
3571 } else {
3572 cb(info);
3573 ret = bdrv_write(s->bs, sector_num, s->io_buffer, n);
3574 }
3575
3576 if (ret != 0) {
3577 ide_rw_error(s);
3578 return info->buf_pos;
3579 }
3580
3581 info->buf_pos += n << 9;
3582 ide_set_sector(s, sector_num + n);
3583 s->nsector -= n;
3584 }
3585
3586 if (s->nsector <= 0) {
3587 s->status = READY_STAT | SEEK_STAT;
3588 ide_set_irq(s);
3589 }
3590
3591 return info->buf_pos;
3592 }
3593
3594 /* PowerMac IDE memory IO */
3595 static void pmac_ide_writeb (void *opaque,
3596 target_phys_addr_t addr, uint32_t val)
3597 {
3598 MACIOIDEState *d = opaque;
3599
3600 addr = (addr & 0xFFF) >> 4;
3601 switch (addr) {
3602 case 1 ... 7:
3603 ide_ioport_write(d->ide_if, addr, val);
3604 break;
3605 case 8:
3606 case 22:
3607 ide_cmd_write(d->ide_if, 0, val);
3608 break;
3609 default:
3610 break;
3611 }
3612 }
3613
3614 static uint32_t pmac_ide_readb (void *opaque,target_phys_addr_t addr)
3615 {
3616 uint8_t retval;
3617 MACIOIDEState *d = opaque;
3618
3619 addr = (addr & 0xFFF) >> 4;
3620 switch (addr) {
3621 case 1 ... 7:
3622 retval = ide_ioport_read(d->ide_if, addr);
3623 break;
3624 case 8:
3625 case 22:
3626 retval = ide_status_read(d->ide_if, 0);
3627 break;
3628 default:
3629 retval = 0xFF;
3630 break;
3631 }
3632 return retval;
3633 }
3634
3635 static void pmac_ide_writew (void *opaque,
3636 target_phys_addr_t addr, uint32_t val)
3637 {
3638 MACIOIDEState *d = opaque;
3639
3640 addr = (addr & 0xFFF) >> 4;
3641 #ifdef TARGET_WORDS_BIGENDIAN
3642 val = bswap16(val);
3643 #endif
3644 if (addr == 0) {
3645 ide_data_writew(d->ide_if, 0, val);
3646 }
3647 }
3648
3649 static uint32_t pmac_ide_readw (void *opaque,target_phys_addr_t addr)
3650 {
3651 uint16_t retval;
3652 MACIOIDEState *d = opaque;
3653
3654 addr = (addr & 0xFFF) >> 4;
3655 if (addr == 0) {
3656 retval = ide_data_readw(d->ide_if, 0);
3657 } else {
3658 retval = 0xFFFF;
3659 }
3660 #ifdef TARGET_WORDS_BIGENDIAN
3661 retval = bswap16(retval);
3662 #endif
3663 return retval;
3664 }
3665
3666 static void pmac_ide_writel (void *opaque,
3667 target_phys_addr_t addr, uint32_t val)
3668 {
3669 MACIOIDEState *d = opaque;
3670
3671 addr = (addr & 0xFFF) >> 4;
3672 #ifdef TARGET_WORDS_BIGENDIAN
3673 val = bswap32(val);
3674 #endif
3675 if (addr == 0) {
3676 ide_data_writel(d->ide_if, 0, val);
3677 }
3678 }
3679
3680 static uint32_t pmac_ide_readl (void *opaque,target_phys_addr_t addr)
3681 {
3682 uint32_t retval;
3683 MACIOIDEState *d = opaque;
3684
3685 addr = (addr & 0xFFF) >> 4;
3686 if (addr == 0) {
3687 retval = ide_data_readl(d->ide_if, 0);
3688 } else {
3689 retval = 0xFFFFFFFF;
3690 }
3691 #ifdef TARGET_WORDS_BIGENDIAN
3692 retval = bswap32(retval);
3693 #endif
3694 return retval;
3695 }
3696
3697 static CPUWriteMemoryFunc *pmac_ide_write[] = {
3698 pmac_ide_writeb,
3699 pmac_ide_writew,
3700 pmac_ide_writel,
3701 };
3702
3703 static CPUReadMemoryFunc *pmac_ide_read[] = {
3704 pmac_ide_readb,
3705 pmac_ide_readw,
3706 pmac_ide_readl,
3707 };
3708
3709 static void pmac_ide_save(QEMUFile *f, void *opaque)
3710 {
3711 MACIOIDEState *d = opaque;
3712 IDEState *s = d->ide_if;
3713 uint8_t drive1_selected;
3714 unsigned int i;
3715
3716 /* per IDE interface data */
3717 qemu_put_8s(f, &s->cmd);
3718 drive1_selected = (s->cur_drive != s);
3719 qemu_put_8s(f, &drive1_selected);
3720
3721 /* per IDE drive data */
3722 for(i = 0; i < 2; i++) {
3723 ide_save(f, &s[i]);
3724 }
3725 }
3726
3727 static int pmac_ide_load(QEMUFile *f, void *opaque, int version_id)
3728 {
3729 MACIOIDEState *d = opaque;
3730 IDEState *s = d->ide_if;
3731 uint8_t drive1_selected;
3732 unsigned int i;
3733
3734 if (version_id != 1)
3735 return -EINVAL;
3736
3737 /* per IDE interface data */
3738 qemu_get_8s(f, &s->cmd);
3739 qemu_get_8s(f, &drive1_selected);
3740 s->cur_drive = &s[(drive1_selected != 0)];
3741
3742 /* per IDE drive data */
3743 for(i = 0; i < 2; i++) {
3744 ide_load(f, &s[i]);
3745 }
3746 return 0;
3747 }
3748
3749 static void pmac_ide_reset(void *opaque)
3750 {
3751 MACIOIDEState *d = opaque;
3752 IDEState *s = d->ide_if;
3753
3754 ide_reset(&s[0]);
3755 ide_reset(&s[1]);
3756 }
3757
3758 /* hd_table must contain 4 block drivers */
3759 /* PowerMac uses memory mapped registers, not I/O. Return the memory
3760 I/O index to access the ide. */
3761 int pmac_ide_init (BlockDriverState **hd_table, qemu_irq irq,
3762 void *dbdma, int channel, qemu_irq dma_irq)
3763 {
3764 MACIOIDEState *d;
3765 int pmac_ide_memory;
3766
3767 d = qemu_mallocz(sizeof(MACIOIDEState));
3768 ide_init2(d->ide_if, hd_table[0], hd_table[1], irq);
3769
3770 if (dbdma) {
3771 d->dbdma = dbdma;
3772 DBDMA_register_channel(dbdma, channel, dma_irq, pmac_ide_transfer, d);
3773 }
3774
3775 pmac_ide_memory = cpu_register_io_memory(0, pmac_ide_read,
3776 pmac_ide_write, d);
3777 register_savevm("ide", 0, 1, pmac_ide_save, pmac_ide_load, d);
3778 qemu_register_reset(pmac_ide_reset, d);
3779 pmac_ide_reset(d);
3780
3781 return pmac_ide_memory;
3782 }
3783 #endif /* TARGET_PPC */
3784
3785 /***********************************************************/
3786 /* MMIO based ide port
3787 * This emulates IDE device connected directly to the CPU bus without
3788 * dedicated ide controller, which is often seen on embedded boards.
3789 */
3790
3791 typedef struct {
3792 void *dev;
3793 int shift;
3794 } MMIOState;
3795
3796 static uint32_t mmio_ide_read (void *opaque, target_phys_addr_t addr)
3797 {
3798 MMIOState *s = (MMIOState*)opaque;
3799 IDEState *ide = (IDEState*)s->dev;
3800 addr >>= s->shift;
3801 if (addr & 7)
3802 return ide_ioport_read(ide, addr);
3803 else
3804 return ide_data_readw(ide, 0);
3805 }
3806
3807 static void mmio_ide_write (void *opaque, target_phys_addr_t addr,
3808 uint32_t val)
3809 {
3810 MMIOState *s = (MMIOState*)opaque;
3811 IDEState *ide = (IDEState*)s->dev;
3812 addr >>= s->shift;
3813 if (addr & 7)
3814 ide_ioport_write(ide, addr, val);
3815 else
3816 ide_data_writew(ide, 0, val);
3817 }
3818
3819 static CPUReadMemoryFunc *mmio_ide_reads[] = {
3820 mmio_ide_read,
3821 mmio_ide_read,
3822 mmio_ide_read,
3823 };
3824
3825 static CPUWriteMemoryFunc *mmio_ide_writes[] = {
3826 mmio_ide_write,
3827 mmio_ide_write,
3828 mmio_ide_write,
3829 };
3830
3831 static uint32_t mmio_ide_status_read (void *opaque, target_phys_addr_t addr)
3832 {
3833 MMIOState *s= (MMIOState*)opaque;
3834 IDEState *ide = (IDEState*)s->dev;
3835 return ide_status_read(ide, 0);
3836 }
3837
3838 static void mmio_ide_cmd_write (void *opaque, target_phys_addr_t addr,
3839 uint32_t val)
3840 {
3841 MMIOState *s = (MMIOState*)opaque;
3842 IDEState *ide = (IDEState*)s->dev;
3843 ide_cmd_write(ide, 0, val);
3844 }
3845
3846 static CPUReadMemoryFunc *mmio_ide_status[] = {
3847 mmio_ide_status_read,
3848 mmio_ide_status_read,
3849 mmio_ide_status_read,
3850 };
3851
3852 static CPUWriteMemoryFunc *mmio_ide_cmd[] = {
3853 mmio_ide_cmd_write,
3854 mmio_ide_cmd_write,
3855 mmio_ide_cmd_write,
3856 };
3857
3858 void mmio_ide_init (target_phys_addr_t membase, target_phys_addr_t membase2,
3859 qemu_irq irq, int shift,
3860 BlockDriverState *hd0, BlockDriverState *hd1)
3861 {
3862 MMIOState *s = qemu_mallocz(sizeof(MMIOState));
3863 IDEState *ide = qemu_mallocz(sizeof(IDEState) * 2);
3864 int mem1, mem2;
3865
3866 ide_init2(ide, hd0, hd1, irq);
3867
3868 s->dev = ide;
3869 s->shift = shift;
3870
3871 mem1 = cpu_register_io_memory(0, mmio_ide_reads, mmio_ide_writes, s);
3872 mem2 = cpu_register_io_memory(0, mmio_ide_status, mmio_ide_cmd, s);
3873 cpu_register_physical_memory(membase, 16 << shift, mem1);
3874 cpu_register_physical_memory(membase2, 2 << shift, mem2);
3875 }
3876
3877 /***********************************************************/
3878 /* CF-ATA Microdrive */
3879
3880 #define METADATA_SIZE 0x20
3881
3882 /* DSCM-1XXXX Microdrive hard disk with CF+ II / PCMCIA interface. */
3883 struct md_s {
3884 IDEState ide[2];
3885 struct pcmcia_card_s card;
3886 uint32_t attr_base;
3887 uint32_t io_base;
3888
3889 /* Card state */
3890 uint8_t opt;
3891 uint8_t stat;
3892 uint8_t pins;
3893
3894 uint8_t ctrl;
3895 uint16_t io;
3896 int cycle;
3897 };
3898
3899 /* Register bitfields */
3900 enum md_opt {
3901 OPT_MODE_MMAP = 0,
3902 OPT_MODE_IOMAP16 = 1,
3903 OPT_MODE_IOMAP1 = 2,
3904 OPT_MODE_IOMAP2 = 3,
3905 OPT_MODE = 0x3f,
3906 OPT_LEVIREQ = 0x40,
3907 OPT_SRESET = 0x80,
3908 };
3909 enum md_cstat {
3910 STAT_INT = 0x02,
3911 STAT_PWRDWN = 0x04,
3912 STAT_XE = 0x10,
3913 STAT_IOIS8 = 0x20,
3914 STAT_SIGCHG = 0x40,
3915 STAT_CHANGED = 0x80,
3916 };
3917 enum md_pins {
3918 PINS_MRDY = 0x02,
3919 PINS_CRDY = 0x20,
3920 };
3921 enum md_ctrl {
3922 CTRL_IEN = 0x02,
3923 CTRL_SRST = 0x04,
3924 };
3925
3926 static inline void md_interrupt_update(struct md_s *s)
3927 {
3928 if (!s->card.slot)
3929 return;
3930
3931 qemu_set_irq(s->card.slot->irq,
3932 !(s->stat & STAT_INT) && /* Inverted */
3933 !(s->ctrl & (CTRL_IEN | CTRL_SRST)) &&
3934 !(s->opt & OPT_SRESET));
3935 }
3936
3937 static void md_set_irq(void *opaque, int irq, int level)
3938 {
3939 struct md_s *s = (struct md_s *) opaque;
3940 if (level)
3941 s->stat |= STAT_INT;
3942 else
3943 s->stat &= ~STAT_INT;
3944
3945 md_interrupt_update(s);
3946 }
3947
3948 static void md_reset(struct md_s *s)
3949 {
3950 s->opt = OPT_MODE_MMAP;
3951 s->stat = 0;
3952 s->pins = 0;
3953 s->cycle = 0;
3954 s->ctrl = 0;
3955 ide_reset(s->ide);
3956 }
3957
3958 static uint8_t md_attr_read(void *opaque, uint32_t at)
3959 {
3960 struct md_s *s = (struct md_s *) opaque;
3961 if (at < s->attr_base) {
3962 if (at < s->card.cis_len)
3963 return s->card.cis[at];
3964 else
3965 return 0x00;
3966 }
3967
3968 at -= s->attr_base;
3969
3970 switch (at) {
3971 case 0x00: /* Configuration Option Register */
3972 return s->opt;
3973 case 0x02: /* Card Configuration Status Register */
3974 if (s->ctrl & CTRL_IEN)
3975 return s->stat & ~STAT_INT;
3976 else
3977 return s->stat;
3978 case 0x04: /* Pin Replacement Register */
3979 return (s->pins & PINS_CRDY) | 0x0c;
3980 case 0x06: /* Socket and Copy Register */
3981 return 0x00;
3982 #ifdef VERBOSE
3983 default:
3984 printf("%s: Bad attribute space register %02x\n", __FUNCTION__, at);
3985 #endif
3986 }
3987
3988 return 0;
3989 }
3990
3991 static void md_attr_write(void *opaque, uint32_t at, uint8_t value)
3992 {
3993 struct md_s *s = (struct md_s *) opaque;
3994 at -= s->attr_base;
3995
3996 switch (at) {
3997 case 0x00: /* Configuration Option Register */
3998 s->opt = value & 0xcf;
3999 if (value & OPT_SRESET)
4000 md_reset(s);
4001 md_interrupt_update(s);
4002 break;
4003 case 0x02: /* Card Configuration Status Register */
4004 if ((s->stat ^ value) & STAT_PWRDWN)
4005 s->pins |= PINS_CRDY;
4006 s->stat &= 0x82;
4007 s->stat |= value & 0x74;
4008 md_interrupt_update(s);
4009 /* Word 170 in Identify Device must be equal to STAT_XE */
4010 break;
4011 case 0x04: /* Pin Replacement Register */
4012 s->pins &= PINS_CRDY;
4013 s->pins |= value & PINS_MRDY;
4014 break;
4015 case 0x06: /* Socket and Copy Register */
4016 break;
4017 default:
4018 printf("%s: Bad attribute space register %02x\n", __FUNCTION__, at);
4019 }
4020 }
4021
4022 static uint16_t md_common_read(void *opaque, uint32_t at)
4023 {
4024 struct md_s *s = (struct md_s *) opaque;
4025 uint16_t ret;
4026 at -= s->io_base;
4027
4028 switch (s->opt & OPT_MODE) {
4029 case OPT_MODE_MMAP:
4030 if ((at & ~0x3ff) == 0x400)
4031 at = 0;
4032 break;
4033 case OPT_MODE_IOMAP16:
4034 at &= 0xf;
4035 break;
4036 case OPT_MODE_IOMAP1:
4037 if ((at & ~0xf) == 0x3f0)
4038 at -= 0x3e8;
4039 else if ((at & ~0xf) == 0x1f0)
4040 at -= 0x1f0;
4041 break;
4042 case OPT_MODE_IOMAP2:
4043 if ((at & ~0xf) == 0x370)
4044 at -= 0x368;
4045 else if ((at & ~0xf) == 0x170)
4046 at -= 0x170;
4047 }
4048
4049 switch (at) {
4050 case 0x0: /* Even RD Data */
4051 case 0x8:
4052 return ide_data_readw(s->ide, 0);
4053
4054 /* TODO: 8-bit accesses */
4055 if (s->cycle)
4056 ret = s->io >> 8;
4057 else {
4058 s->io = ide_data_readw(s->ide, 0);
4059 ret = s->io & 0xff;
4060 }
4061 s->cycle = !s->cycle;
4062 return ret;
4063 case 0x9: /* Odd RD Data */
4064 return s->io >> 8;
4065 case 0xd: /* Error */
4066 return ide_ioport_read(s->ide, 0x1);
4067 case 0xe: /* Alternate Status */
4068 if (s->ide->cur_drive->bs)
4069 return s->ide->cur_drive->status;
4070 else
4071 return 0;
4072 case 0xf: /* Device Address */
4073 return 0xc2 | ((~s->ide->select << 2) & 0x3c);
4074 default:
4075 return ide_ioport_read(s->ide, at);
4076 }
4077
4078 return 0;
4079 }
4080
4081 static void md_common_write(void *opaque, uint32_t at, uint16_t value)
4082 {
4083 struct md_s *s = (struct md_s *) opaque;
4084 at -= s->io_base;
4085
4086 switch (s->opt & OPT_MODE) {
4087 case OPT_MODE_MMAP:
4088 if ((at & ~0x3ff) == 0x400)
4089 at = 0;
4090 break;
4091 case OPT_MODE_IOMAP16:
4092 at &= 0xf;
4093 break;
4094 case OPT_MODE_IOMAP1:
4095 if ((at & ~0xf) == 0x3f0)
4096 at -= 0x3e8;
4097 else if ((at & ~0xf) == 0x1f0)
4098 at -= 0x1f0;
4099 break;
4100 case OPT_MODE_IOMAP2:
4101 if ((at & ~0xf) == 0x370)
4102 at -= 0x368;
4103 else if ((at & ~0xf) == 0x170)
4104 at -= 0x170;
4105 }
4106
4107 switch (at) {
4108 case 0x0: /* Even WR Data */
4109 case 0x8:
4110 ide_data_writew(s->ide, 0, value);
4111 break;
4112
4113 /* TODO: 8-bit accesses */
4114 if (s->cycle)
4115 ide_data_writew(s->ide, 0, s->io | (value << 8));
4116 else
4117 s->io = value & 0xff;
4118 s->cycle = !s->cycle;
4119 break;
4120 case 0x9:
4121 s->io = value & 0xff;
4122 s->cycle = !s->cycle;
4123 break;
4124 case 0xd: /* Features */
4125 ide_ioport_write(s->ide, 0x1, value);
4126 break;
4127 case 0xe: /* Device Control */
4128 s->ctrl = value;
4129 if (value & CTRL_SRST)
4130 md_reset(s);
4131 md_interrupt_update(s);
4132 break;
4133 default:
4134 if (s->stat & STAT_PWRDWN) {
4135 s->pins |= PINS_CRDY;
4136 s->stat &= ~STAT_PWRDWN;
4137 }
4138 ide_ioport_write(s->ide, at, value);
4139 }
4140 }
4141
4142 static void md_save(QEMUFile *f, void *opaque)
4143 {
4144 struct md_s *s = (struct md_s *) opaque;
4145 int i;
4146 uint8_t drive1_selected;
4147
4148 qemu_put_8s(f, &s->opt);
4149 qemu_put_8s(f, &s->stat);
4150 qemu_put_8s(f, &s->pins);
4151
4152 qemu_put_8s(f, &s->ctrl);
4153 qemu_put_be16s(f, &s->io);
4154 qemu_put_byte(f, s->cycle);
4155
4156 drive1_selected = (s->ide->cur_drive != s->ide);
4157 qemu_put_8s(f, &s->ide->cmd);
4158 qemu_put_8s(f, &drive1_selected);
4159
4160 for (i = 0; i < 2; i ++)
4161 ide_save(f, &s->ide[i]);
4162 }
4163
4164 static int md_load(QEMUFile *f, void *opaque, int version_id)
4165 {
4166 struct md_s *s = (struct md_s *) opaque;
4167 int i;
4168 uint8_t drive1_selected;
4169
4170 qemu_get_8s(f, &s->opt);
4171 qemu_get_8s(f, &s->stat);
4172 qemu_get_8s(f, &s->pins);
4173
4174 qemu_get_8s(f, &s->ctrl);
4175 qemu_get_be16s(f, &s->io);
4176 s->cycle = qemu_get_byte(f);
4177
4178 qemu_get_8s(f, &s->ide->cmd);
4179 qemu_get_8s(f, &drive1_selected);
4180 s->ide->cur_drive = &s->ide[(drive1_selected != 0)];
4181
4182 for (i = 0; i < 2; i ++)
4183 ide_load(f, &s->ide[i]);
4184
4185 return 0;
4186 }
4187
4188 static const uint8_t dscm1xxxx_cis[0x14a] = {
4189 [0x000] = CISTPL_DEVICE, /* 5V Device Information */
4190 [0x002] = 0x03, /* Tuple length = 4 bytes */
4191 [0x004] = 0xdb, /* ID: DTYPE_FUNCSPEC, non WP, DSPEED_150NS */
4192 [0x006] = 0x01, /* Size = 2K bytes */
4193 [0x008] = CISTPL_ENDMARK,
4194
4195 [0x00a] = CISTPL_DEVICE_OC, /* Additional Device Information */
4196 [0x00c] = 0x04, /* Tuple length = 4 byest */
4197 [0x00e] = 0x03, /* Conditions: Ext = 0, Vcc 3.3V, MWAIT = 1 */
4198 [0x010] = 0xdb, /* ID: DTYPE_FUNCSPEC, non WP, DSPEED_150NS */
4199 [0x012] = 0x01, /* Size = 2K bytes */
4200 [0x014] = CISTPL_ENDMARK,
4201
4202 [0x016] = CISTPL_JEDEC_C, /* JEDEC ID */
4203 [0x018] = 0x02, /* Tuple length = 2 bytes */
4204 [0x01a] = 0xdf, /* PC Card ATA with no Vpp required */
4205 [0x01c] = 0x01,
4206
4207 [0x01e] = CISTPL_MANFID, /* Manufacture ID */
4208 [0x020] = 0x04, /* Tuple length = 4 bytes */
4209 [0x022] = 0xa4, /* TPLMID_MANF = 00a4 (IBM) */
4210 [0x024] = 0x00,
4211 [0x026] = 0x00, /* PLMID_CARD = 0000 */
4212 [0x028] = 0x00,
4213
4214 [0x02a] = CISTPL_VERS_1, /* Level 1 Version */
4215 [0x02c] = 0x12, /* Tuple length = 23 bytes */
4216 [0x02e] = 0x04, /* Major Version = JEIDA 4.2 / PCMCIA 2.1 */
4217 [0x030] = 0x01, /* Minor Version = 1 */
4218 [0x032] = 'I',
4219 [0x034] = 'B',
4220 [0x036] = 'M',
4221 [0x038] = 0x00,
4222 [0x03a] = 'm',
4223 [0x03c] = 'i',
4224 [0x03e] = 'c',
4225 [0x040] = 'r',
4226 [0x042] = 'o',
4227 [0x044] = 'd',
4228 [0x046] = 'r',
4229 [0x048] = 'i',
4230 [0x04a] = 'v',
4231 [0x04c] = 'e',
4232 [0x04e] = 0x00,
4233 [0x050] = CISTPL_ENDMARK,
4234
4235 [0x052] = CISTPL_FUNCID, /* Function ID */
4236 [0x054] = 0x02, /* Tuple length = 2 bytes */
4237 [0x056] = 0x04, /* TPLFID_FUNCTION = Fixed Disk */
4238 [0x058] = 0x01, /* TPLFID_SYSINIT: POST = 1, ROM = 0 */
4239
4240 [0x05a] = CISTPL_FUNCE, /* Function Extension */
4241 [0x05c] = 0x02, /* Tuple length = 2 bytes */
4242 [0x05e] = 0x01, /* TPLFE_TYPE = Disk Device Interface */
4243 [0x060] = 0x01, /* TPLFE_DATA = PC Card ATA Interface */
4244
4245 [0x062] = CISTPL_FUNCE, /* Function Extension */
4246 [0x064] = 0x03, /* Tuple length = 3 bytes */
4247 [0x066] = 0x02, /* TPLFE_TYPE = Basic PC Card ATA Interface */
4248 [0x068] = 0x08, /* TPLFE_DATA: Rotating, Unique, Single */
4249 [0x06a] = 0x0f, /* TPLFE_DATA: Sleep, Standby, Idle, Auto */
4250
4251 [0x06c] = CISTPL_CONFIG, /* Configuration */
4252 [0x06e] = 0x05, /* Tuple length = 5 bytes */
4253 [0x070] = 0x01, /* TPCC_RASZ = 2 bytes, TPCC_RMSZ = 1 byte */
4254 [0x072] = 0x07, /* TPCC_LAST = 7 */
4255 [0x074] = 0x00, /* TPCC_RADR = 0200 */
4256 [0x076] = 0x02,
4257 [0x078] = 0x0f, /* TPCC_RMSK = 200, 202, 204, 206 */
4258
4259 [0x07a] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
4260 [0x07c] = 0x0b, /* Tuple length = 11 bytes */
4261 [0x07e] = 0xc0, /* TPCE_INDX = Memory Mode, Default, Iface */
4262 [0x080] = 0xc0, /* TPCE_IF = Memory, no BVDs, no WP, READY */
4263 [0x082] = 0xa1, /* TPCE_FS = Vcc only, no I/O, Memory, Misc */
4264 [0x084] = 0x27, /* NomV = 1, MinV = 1, MaxV = 1, Peakl = 1 */
4265 [0x086] = 0x55, /* NomV: 5.0 V */
4266 [0x088] = 0x4d, /* MinV: 4.5 V */
4267 [0x08a] = 0x5d, /* MaxV: 5.5 V */
4268 [0x08c] = 0x4e, /* Peakl: 450 mA */
4269 [0x08e] = 0x08, /* TPCE_MS = 1 window, 1 byte, Host address */
4270 [0x090] = 0x00, /* Window descriptor: Window length = 0 */
4271 [0x092] = 0x20, /* TPCE_MI: support power down mode, RW */
4272
4273 [0x094] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
4274 [0x096] = 0x06, /* Tuple length = 6 bytes */
4275 [0x098] = 0x00, /* TPCE_INDX = Memory Mode, no Default */
4276 [0x09a] = 0x01, /* TPCE_FS = Vcc only, no I/O, no Memory */
4277 [0x09c] = 0x21, /* NomV = 1, MinV = 0, MaxV = 0, Peakl = 1 */
4278 [0x09e] = 0xb5, /* NomV: 3.3 V */
4279 [0x0a0] = 0x1e,
4280 [0x0a2] = 0x3e, /* Peakl: 350 mA */
4281
4282 [0x0a4] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
4283 [0x0a6] = 0x0d, /* Tuple length = 13 bytes */
4284 [0x0a8] = 0xc1, /* TPCE_INDX = I/O and Memory Mode, Default */
4285 [0x0aa] = 0x41, /* TPCE_IF = I/O and Memory, no BVD, no WP */
4286 [0x0ac] = 0x99, /* TPCE_FS = Vcc only, I/O, Interrupt, Misc */
4287 [0x0ae] = 0x27, /* NomV = 1, MinV = 1, MaxV = 1, Peakl = 1 */
4288 [0x0b0] = 0x55, /* NomV: 5.0 V */
4289 [0x0b2] = 0x4d, /* MinV: 4.5 V */
4290 [0x0b4] = 0x5d, /* MaxV: 5.5 V */
4291 [0x0b6] = 0x4e, /* Peakl: 450 mA */
4292 [0x0b8] = 0x64, /* TPCE_IO = 16-byte boundary, 16/8 accesses */
4293 [0x0ba] = 0xf0, /* TPCE_IR = MASK, Level, Pulse, Share */
4294 [0x0bc] = 0xff, /* IRQ0..IRQ7 supported */
4295 [0x0be] = 0xff, /* IRQ8..IRQ15 supported */
4296 [0x0c0] = 0x20, /* TPCE_MI = support power down mode */
4297
4298 [0x0c2] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
4299 [0x0c4] = 0x06, /* Tuple length = 6 bytes */
4300 [0x0c6] = 0x01, /* TPCE_INDX = I/O and Memory Mode */
4301 [0x0c8] = 0x01, /* TPCE_FS = Vcc only, no I/O, no Memory */
4302 [0x0ca] = 0x21, /* NomV = 1, MinV = 0, MaxV = 0, Peakl = 1 */
4303 [0x0cc] = 0xb5, /* NomV: 3.3 V */
4304 [0x0ce] = 0x1e,
4305 [0x0d0] = 0x3e, /* Peakl: 350 mA */
4306
4307 [0x0d2] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
4308 [0x0d4] = 0x12, /* Tuple length = 18 bytes */
4309 [0x0d6] = 0xc2, /* TPCE_INDX = I/O Primary Mode */
4310 [0x0d8] = 0x41, /* TPCE_IF = I/O and Memory, no BVD, no WP */
4311 [0x0da] = 0x99, /* TPCE_FS = Vcc only, I/O, Interrupt, Misc */
4312 [0x0dc] = 0x27, /* NomV = 1, MinV = 1, MaxV = 1, Peakl = 1 */
4313 [0x0de] = 0x55, /* NomV: 5.0 V */
4314 [0x0e0] = 0x4d, /* MinV: 4.5 V */
4315 [0x0e2] = 0x5d, /* MaxV: 5.5 V */
4316 [0x0e4] = 0x4e, /* Peakl: 450 mA */
4317 [0x0e6] = 0xea, /* TPCE_IO = 1K boundary, 16/8 access, Range */
4318 [0x0e8] = 0x61, /* Range: 2 fields, 2 bytes addr, 1 byte len */
4319 [0x0ea] = 0xf0, /* Field 1 address = 0x01f0 */
4320 [0x0ec] = 0x01,
4321 [0x0ee] = 0x07, /* Address block length = 8 */
4322 [0x0f0] = 0xf6, /* Field 2 address = 0x03f6 */
4323 [0x0f2] = 0x03,
4324 [0x0f4] = 0x01, /* Address block length = 2 */
4325 [0x0f6] = 0xee, /* TPCE_IR = IRQ E, Level, Pulse, Share */
4326 [0x0f8] = 0x20, /* TPCE_MI = support power down mode */
4327
4328 [0x0fa] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
4329 [0x0fc] = 0x06, /* Tuple length = 6 bytes */
4330 [0x0fe] = 0x02, /* TPCE_INDX = I/O Primary Mode, no Default */
4331 [0x100] = 0x01, /* TPCE_FS = Vcc only, no I/O, no Memory */
4332 [0x102] = 0x21, /* NomV = 1, MinV = 0, MaxV = 0, Peakl = 1 */
4333 [0x104] = 0xb5, /* NomV: 3.3 V */
4334 [0x106] = 0x1e,
4335 [0x108] = 0x3e, /* Peakl: 350 mA */
4336
4337 [0x10a] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
4338 [0x10c] = 0x12, /* Tuple length = 18 bytes */
4339 [0x10e] = 0xc3, /* TPCE_INDX = I/O Secondary Mode, Default */
4340 [0x110] = 0x41, /* TPCE_IF = I/O and Memory, no BVD, no WP */
4341 [0x112] = 0x99, /* TPCE_FS = Vcc only, I/O, Interrupt, Misc */
4342 [0x114] = 0x27, /* NomV = 1, MinV = 1, MaxV = 1, Peakl = 1 */
4343 [0x116] = 0x55, /* NomV: 5.0 V */
4344 [0x118] = 0x4d, /* MinV: 4.5 V */
4345 [0x11a] = 0x5d, /* MaxV: 5.5 V */
4346 [0x11c] = 0x4e, /* Peakl: 450 mA */
4347 [0x11e] = 0xea, /* TPCE_IO = 1K boundary, 16/8 access, Range */
4348 [0x120] = 0x61, /* Range: 2 fields, 2 byte addr, 1 byte len */
4349 [0x122] = 0x70, /* Field 1 address = 0x0170 */
4350 [0x124] = 0x01,
4351 [0x126] = 0x07, /* Address block length = 8 */
4352 [0x128] = 0x76, /* Field 2 address = 0x0376 */
4353 [0x12a] = 0x03,
4354 [0x12c] = 0x01, /* Address block length = 2 */
4355 [0x12e] = 0xee, /* TPCE_IR = IRQ E, Level, Pulse, Share */
4356 [0x130] = 0x20, /* TPCE_MI = support power down mode */
4357
4358 [0x132] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
4359 [0x134] = 0x06, /* Tuple length = 6 bytes */
4360 [0x136] = 0x03, /* TPCE_INDX = I/O Secondary Mode */
4361 [0x138] = 0x01, /* TPCE_FS = Vcc only, no I/O, no Memory */
4362 [0x13a] = 0x21, /* NomV = 1, MinV = 0, MaxV = 0, Peakl = 1 */
4363 [0x13c] = 0xb5, /* NomV: 3.3 V */
4364 [0x13e] = 0x1e,
4365 [0x140] = 0x3e, /* Peakl: 350 mA */
4366
4367 [0x142] = CISTPL_NO_LINK, /* No Link */
4368 [0x144] = 0x00, /* Tuple length = 0 bytes */
4369
4370 [0x146] = CISTPL_END, /* Tuple End */
4371 };
4372
4373 static int dscm1xxxx_attach(void *opaque)
4374 {
4375 struct md_s *md = (struct md_s *) opaque;
4376 md->card.attr_read = md_attr_read;
4377 md->card.attr_write = md_attr_write;
4378 md->card.common_read = md_common_read;
4379 md->card.common_write = md_common_write;
4380 md->card.io_read = md_common_read;
4381 md->card.io_write = md_common_write;
4382
4383 md->attr_base = md->card.cis[0x74] | (md->card.cis[0x76] << 8);
4384 md->io_base = 0x0;
4385
4386 md_reset(md);
4387 md_interrupt_update(md);
4388
4389 md->card.slot->card_string = "DSCM-1xxxx Hitachi Microdrive";
4390 return 0;
4391 }
4392
4393 static int dscm1xxxx_detach(void *opaque)
4394 {
4395 struct md_s *md = (struct md_s *) opaque;
4396 md_reset(md);
4397 return 0;
4398 }
4399
4400 struct pcmcia_card_s *dscm1xxxx_init(BlockDriverState *bdrv)
4401 {
4402 struct md_s *md = (struct md_s *) qemu_mallocz(sizeof(struct md_s));
4403 md->card.state = md;
4404 md->card.attach = dscm1xxxx_attach;
4405 md->card.detach = dscm1xxxx_detach;
4406 md->card.cis = dscm1xxxx_cis;
4407 md->card.cis_len = sizeof(dscm1xxxx_cis);
4408
4409 ide_init2(md->ide, bdrv, 0, qemu_allocate_irqs(md_set_irq, md, 1)[0]);
4410 md->ide->is_cf = 1;
4411 md->ide->mdata_size = METADATA_SIZE;
4412 md->ide->mdata_storage = (uint8_t *) qemu_mallocz(METADATA_SIZE);
4413
4414 register_savevm("microdrive", -1, 0, md_save, md_load, md);
4415
4416 return &md->card;
4417 }
Patches shipped by Fedora