search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Add vcf{u,s}x instructions
[qemu/mini2440/sniper_sniper_test.git] / hw / ide.c
blobbcaee46a7e142fa3410fce27bd32a7668667508e
1 /*
2 * QEMU IDE disk and CD/DVD-ROM Emulator
3 *
4 * Copyright (c) 2003 Fabrice Bellard
5 * Copyright (c) 2006 Openedhand Ltd.
6 *
7 * Permission is hereby granted, free of charge, to any person obtaining a copy
8 * of this software and associated documentation files (the "Software"), to deal
9 * in the Software without restriction, including without limitation the rights
10 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
11 * copies of the Software, and to permit persons to whom the Software is
12 * furnished to do so, subject to the following conditions:
13 *
14 * The above copyright notice and this permission notice shall be included in
15 * all copies or substantial portions of the Software.
16 *
17 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
18 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
19 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
20 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
21 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
22 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
23 * THE SOFTWARE.
24 */
25 #include "hw.h"
26 #include "pc.h"
27 #include "pci.h"
28 #include "scsi-disk.h"
29 #include "pcmcia.h"
30 #include "block.h"
31 #include "qemu-timer.h"
32 #include "sysemu.h"
33 #include "ppc_mac.h"
34 #include "mac_dbdma.h"
35 #include "sh.h"
36
37 /* debug IDE devices */
38 //#define DEBUG_IDE
39 //#define DEBUG_IDE_ATAPI
40 //#define DEBUG_AIO
41 #define USE_DMA_CDROM
42
43 /* Bits of HD_STATUS */
44 #define ERR_STAT 0x01
45 #define INDEX_STAT 0x02
46 #define ECC_STAT 0x04 /* Corrected error */
47 #define DRQ_STAT 0x08
48 #define SEEK_STAT 0x10
49 #define SRV_STAT 0x10
50 #define WRERR_STAT 0x20
51 #define READY_STAT 0x40
52 #define BUSY_STAT 0x80
53
54 /* Bits for HD_ERROR */
55 #define MARK_ERR 0x01 /* Bad address mark */
56 #define TRK0_ERR 0x02 /* couldn't find track 0 */
57 #define ABRT_ERR 0x04 /* Command aborted */
58 #define MCR_ERR 0x08 /* media change request */
59 #define ID_ERR 0x10 /* ID field not found */
60 #define MC_ERR 0x20 /* media changed */
61 #define ECC_ERR 0x40 /* Uncorrectable ECC error */
62 #define BBD_ERR 0x80 /* pre-EIDE meaning: block marked bad */
63 #define ICRC_ERR 0x80 /* new meaning: CRC error during transfer */
64
65 /* Bits of HD_NSECTOR */
66 #define CD 0x01
67 #define IO 0x02
68 #define REL 0x04
69 #define TAG_MASK 0xf8
70
71 #define IDE_CMD_RESET 0x04
72 #define IDE_CMD_DISABLE_IRQ 0x02
73
74 /* ATA/ATAPI Commands pre T13 Spec */
75 #define WIN_NOP 0x00
76 /*
77 * 0x01->0x02 Reserved
78 */
79 #define CFA_REQ_EXT_ERROR_CODE 0x03 /* CFA Request Extended Error Code */
80 /*
81 * 0x04->0x07 Reserved
82 */
83 #define WIN_SRST 0x08 /* ATAPI soft reset command */
84 #define WIN_DEVICE_RESET 0x08
85 /*
86 * 0x09->0x0F Reserved
87 */
88 #define WIN_RECAL 0x10
89 #define WIN_RESTORE WIN_RECAL
90 /*
91 * 0x10->0x1F Reserved
92 */
93 #define WIN_READ 0x20 /* 28-Bit */
94 #define WIN_READ_ONCE 0x21 /* 28-Bit without retries */
95 #define WIN_READ_LONG 0x22 /* 28-Bit */
96 #define WIN_READ_LONG_ONCE 0x23 /* 28-Bit without retries */
97 #define WIN_READ_EXT 0x24 /* 48-Bit */
98 #define WIN_READDMA_EXT 0x25 /* 48-Bit */
99 #define WIN_READDMA_QUEUED_EXT 0x26 /* 48-Bit */
100 #define WIN_READ_NATIVE_MAX_EXT 0x27 /* 48-Bit */
101 /*
102 * 0x28
103 */
104 #define WIN_MULTREAD_EXT 0x29 /* 48-Bit */
105 /*
106 * 0x2A->0x2F Reserved
107 */
108 #define WIN_WRITE 0x30 /* 28-Bit */
109 #define WIN_WRITE_ONCE 0x31 /* 28-Bit without retries */
110 #define WIN_WRITE_LONG 0x32 /* 28-Bit */
111 #define WIN_WRITE_LONG_ONCE 0x33 /* 28-Bit without retries */
112 #define WIN_WRITE_EXT 0x34 /* 48-Bit */
113 #define WIN_WRITEDMA_EXT 0x35 /* 48-Bit */
114 #define WIN_WRITEDMA_QUEUED_EXT 0x36 /* 48-Bit */
115 #define WIN_SET_MAX_EXT 0x37 /* 48-Bit */
116 #define CFA_WRITE_SECT_WO_ERASE 0x38 /* CFA Write Sectors without erase */
117 #define WIN_MULTWRITE_EXT 0x39 /* 48-Bit */
118 /*
119 * 0x3A->0x3B Reserved
120 */
121 #define WIN_WRITE_VERIFY 0x3C /* 28-Bit */
122 /*
123 * 0x3D->0x3F Reserved
124 */
125 #define WIN_VERIFY 0x40 /* 28-Bit - Read Verify Sectors */
126 #define WIN_VERIFY_ONCE 0x41 /* 28-Bit - without retries */
127 #define WIN_VERIFY_EXT 0x42 /* 48-Bit */
128 /*
129 * 0x43->0x4F Reserved
130 */
131 #define WIN_FORMAT 0x50
132 /*
133 * 0x51->0x5F Reserved
134 */
135 #define WIN_INIT 0x60
136 /*
137 * 0x61->0x5F Reserved
138 */
139 #define WIN_SEEK 0x70 /* 0x70-0x7F Reserved */
140 #define CFA_TRANSLATE_SECTOR 0x87 /* CFA Translate Sector */
141 #define WIN_DIAGNOSE 0x90
142 #define WIN_SPECIFY 0x91 /* set drive geometry translation */
143 #define WIN_DOWNLOAD_MICROCODE 0x92
144 #define WIN_STANDBYNOW2 0x94
145 #define CFA_IDLEIMMEDIATE 0x95 /* force drive to become "ready" */
146 #define WIN_STANDBY2 0x96
147 #define WIN_SETIDLE2 0x97
148 #define WIN_CHECKPOWERMODE2 0x98
149 #define WIN_SLEEPNOW2 0x99
150 /*
151 * 0x9A VENDOR
152 */
153 #define WIN_PACKETCMD 0xA0 /* Send a packet command. */
154 #define WIN_PIDENTIFY 0xA1 /* identify ATAPI device */
155 #define WIN_QUEUED_SERVICE 0xA2
156 #define WIN_SMART 0xB0 /* self-monitoring and reporting */
157 #define CFA_ACCESS_METADATA_STORAGE 0xB8
158 #define CFA_ERASE_SECTORS 0xC0 /* microdrives implement as NOP */
159 #define WIN_MULTREAD 0xC4 /* read sectors using multiple mode*/
160 #define WIN_MULTWRITE 0xC5 /* write sectors using multiple mode */
161 #define WIN_SETMULT 0xC6 /* enable/disable multiple mode */
162 #define WIN_READDMA_QUEUED 0xC7 /* read sectors using Queued DMA transfers */
163 #define WIN_READDMA 0xC8 /* read sectors using DMA transfers */
164 #define WIN_READDMA_ONCE 0xC9 /* 28-Bit - without retries */
165 #define WIN_WRITEDMA 0xCA /* write sectors using DMA transfers */
166 #define WIN_WRITEDMA_ONCE 0xCB /* 28-Bit - without retries */
167 #define WIN_WRITEDMA_QUEUED 0xCC /* write sectors using Queued DMA transfers */
168 #define CFA_WRITE_MULTI_WO_ERASE 0xCD /* CFA Write multiple without erase */
169 #define WIN_GETMEDIASTATUS 0xDA
170 #define WIN_ACKMEDIACHANGE 0xDB /* ATA-1, ATA-2 vendor */
171 #define WIN_POSTBOOT 0xDC
172 #define WIN_PREBOOT 0xDD
173 #define WIN_DOORLOCK 0xDE /* lock door on removable drives */
174 #define WIN_DOORUNLOCK 0xDF /* unlock door on removable drives */
175 #define WIN_STANDBYNOW1 0xE0
176 #define WIN_IDLEIMMEDIATE 0xE1 /* force drive to become "ready" */
177 #define WIN_STANDBY 0xE2 /* Set device in Standby Mode */
178 #define WIN_SETIDLE1 0xE3
179 #define WIN_READ_BUFFER 0xE4 /* force read only 1 sector */
180 #define WIN_CHECKPOWERMODE1 0xE5
181 #define WIN_SLEEPNOW1 0xE6
182 #define WIN_FLUSH_CACHE 0xE7
183 #define WIN_WRITE_BUFFER 0xE8 /* force write only 1 sector */
184 #define WIN_WRITE_SAME 0xE9 /* read ata-2 to use */
185 /* SET_FEATURES 0x22 or 0xDD */
186 #define WIN_FLUSH_CACHE_EXT 0xEA /* 48-Bit */
187 #define WIN_IDENTIFY 0xEC /* ask drive to identify itself */
188 #define WIN_MEDIAEJECT 0xED
189 #define WIN_IDENTIFY_DMA 0xEE /* same as WIN_IDENTIFY, but DMA */
190 #define WIN_SETFEATURES 0xEF /* set special drive features */
191 #define EXABYTE_ENABLE_NEST 0xF0
192 #define IBM_SENSE_CONDITION 0xF0 /* measure disk temperature */
193 #define WIN_SECURITY_SET_PASS 0xF1
194 #define WIN_SECURITY_UNLOCK 0xF2
195 #define WIN_SECURITY_ERASE_PREPARE 0xF3
196 #define WIN_SECURITY_ERASE_UNIT 0xF4
197 #define WIN_SECURITY_FREEZE_LOCK 0xF5
198 #define CFA_WEAR_LEVEL 0xF5 /* microdrives implement as NOP */
199 #define WIN_SECURITY_DISABLE 0xF6
200 #define WIN_READ_NATIVE_MAX 0xF8 /* return the native maximum address */
201 #define WIN_SET_MAX 0xF9
202 #define DISABLE_SEAGATE 0xFB
203
204 /* set to 1 set disable mult support */
205 #define MAX_MULT_SECTORS 16
206
207 #define IDE_DMA_BUF_SECTORS 256
208
209 #if (IDE_DMA_BUF_SECTORS < MAX_MULT_SECTORS)
210 #error "IDE_DMA_BUF_SECTORS must be bigger or equal to MAX_MULT_SECTORS"
211 #endif
212
213 /* ATAPI defines */
214
215 #define ATAPI_PACKET_SIZE 12
216
217 /* The generic packet command opcodes for CD/DVD Logical Units,
218 * From Table 57 of the SFF8090 Ver. 3 (Mt. Fuji) draft standard. */
219 #define GPCMD_BLANK 0xa1
220 #define GPCMD_CLOSE_TRACK 0x5b
221 #define GPCMD_FLUSH_CACHE 0x35
222 #define GPCMD_FORMAT_UNIT 0x04
223 #define GPCMD_GET_CONFIGURATION 0x46
224 #define GPCMD_GET_EVENT_STATUS_NOTIFICATION 0x4a
225 #define GPCMD_GET_PERFORMANCE 0xac
226 #define GPCMD_INQUIRY 0x12
227 #define GPCMD_LOAD_UNLOAD 0xa6
228 #define GPCMD_MECHANISM_STATUS 0xbd
229 #define GPCMD_MODE_SELECT_10 0x55
230 #define GPCMD_MODE_SENSE_10 0x5a
231 #define GPCMD_PAUSE_RESUME 0x4b
232 #define GPCMD_PLAY_AUDIO_10 0x45
233 #define GPCMD_PLAY_AUDIO_MSF 0x47
234 #define GPCMD_PLAY_AUDIO_TI 0x48
235 #define GPCMD_PLAY_CD 0xbc
236 #define GPCMD_PREVENT_ALLOW_MEDIUM_REMOVAL 0x1e
237 #define GPCMD_READ_10 0x28
238 #define GPCMD_READ_12 0xa8
239 #define GPCMD_READ_CDVD_CAPACITY 0x25
240 #define GPCMD_READ_CD 0xbe
241 #define GPCMD_READ_CD_MSF 0xb9
242 #define GPCMD_READ_DISC_INFO 0x51
243 #define GPCMD_READ_DVD_STRUCTURE 0xad
244 #define GPCMD_READ_FORMAT_CAPACITIES 0x23
245 #define GPCMD_READ_HEADER 0x44
246 #define GPCMD_READ_TRACK_RZONE_INFO 0x52
247 #define GPCMD_READ_SUBCHANNEL 0x42
248 #define GPCMD_READ_TOC_PMA_ATIP 0x43
249 #define GPCMD_REPAIR_RZONE_TRACK 0x58
250 #define GPCMD_REPORT_KEY 0xa4
251 #define GPCMD_REQUEST_SENSE 0x03
252 #define GPCMD_RESERVE_RZONE_TRACK 0x53
253 #define GPCMD_SCAN 0xba
254 #define GPCMD_SEEK 0x2b
255 #define GPCMD_SEND_DVD_STRUCTURE 0xad
256 #define GPCMD_SEND_EVENT 0xa2
257 #define GPCMD_SEND_KEY 0xa3
258 #define GPCMD_SEND_OPC 0x54
259 #define GPCMD_SET_READ_AHEAD 0xa7
260 #define GPCMD_SET_STREAMING 0xb6
261 #define GPCMD_START_STOP_UNIT 0x1b
262 #define GPCMD_STOP_PLAY_SCAN 0x4e
263 #define GPCMD_TEST_UNIT_READY 0x00
264 #define GPCMD_VERIFY_10 0x2f
265 #define GPCMD_WRITE_10 0x2a
266 #define GPCMD_WRITE_AND_VERIFY_10 0x2e
267 /* This is listed as optional in ATAPI 2.6, but is (curiously)
268 * missing from Mt. Fuji, Table 57. It _is_ mentioned in Mt. Fuji
269 * Table 377 as an MMC command for SCSi devices though... Most ATAPI
270 * drives support it. */
271 #define GPCMD_SET_SPEED 0xbb
272 /* This seems to be a SCSI specific CD-ROM opcode
273 * to play data at track/index */
274 #define GPCMD_PLAYAUDIO_TI 0x48
275 /*
276 * From MS Media Status Notification Support Specification. For
277 * older drives only.
278 */
279 #define GPCMD_GET_MEDIA_STATUS 0xda
280 #define GPCMD_MODE_SENSE_6 0x1a
281
282 /* Mode page codes for mode sense/set */
283 #define GPMODE_R_W_ERROR_PAGE 0x01
284 #define GPMODE_WRITE_PARMS_PAGE 0x05
285 #define GPMODE_AUDIO_CTL_PAGE 0x0e
286 #define GPMODE_POWER_PAGE 0x1a
287 #define GPMODE_FAULT_FAIL_PAGE 0x1c
288 #define GPMODE_TO_PROTECT_PAGE 0x1d
289 #define GPMODE_CAPABILITIES_PAGE 0x2a
290 #define GPMODE_ALL_PAGES 0x3f
291 /* Not in Mt. Fuji, but in ATAPI 2.6 -- depricated now in favor
292 * of MODE_SENSE_POWER_PAGE */
293 #define GPMODE_CDROM_PAGE 0x0d
294
295 /*
296 * Based on values from <linux/cdrom.h> but extending CD_MINS
297 * to the maximum common size allowed by the Orange's Book ATIP
298 *
299 * 90 and 99 min CDs are also available but using them as the
300 * upper limit reduces the effectiveness of the heuristic to
301 * detect DVDs burned to less than 25% of their maximum capacity
302 */
303
304 /* Some generally useful CD-ROM information */
305 #define CD_MINS 80 /* max. minutes per CD */
306 #define CD_SECS 60 /* seconds per minute */
307 #define CD_FRAMES 75 /* frames per second */
308 #define CD_FRAMESIZE 2048 /* bytes per frame, "cooked" mode */
309 #define CD_MAX_BYTES (CD_MINS * CD_SECS * CD_FRAMES * CD_FRAMESIZE)
310 #define CD_MAX_SECTORS (CD_MAX_BYTES / 512)
311
312 /*
313 * The MMC values are not IDE specific and might need to be moved
314 * to a common header if they are also needed for the SCSI emulation
315 */
316
317 /* Profile list from MMC-6 revision 1 table 91 */
318 #define MMC_PROFILE_NONE 0x0000
319 #define MMC_PROFILE_CD_ROM 0x0008
320 #define MMC_PROFILE_CD_R 0x0009
321 #define MMC_PROFILE_CD_RW 0x000A
322 #define MMC_PROFILE_DVD_ROM 0x0010
323 #define MMC_PROFILE_DVD_R_SR 0x0011
324 #define MMC_PROFILE_DVD_RAM 0x0012
325 #define MMC_PROFILE_DVD_RW_RO 0x0013
326 #define MMC_PROFILE_DVD_RW_SR 0x0014
327 #define MMC_PROFILE_DVD_R_DL_SR 0x0015
328 #define MMC_PROFILE_DVD_R_DL_JR 0x0016
329 #define MMC_PROFILE_DVD_RW_DL 0x0017
330 #define MMC_PROFILE_DVD_DDR 0x0018
331 #define MMC_PROFILE_DVD_PLUS_RW 0x001A
332 #define MMC_PROFILE_DVD_PLUS_R 0x001B
333 #define MMC_PROFILE_DVD_PLUS_RW_DL 0x002A
334 #define MMC_PROFILE_DVD_PLUS_R_DL 0x002B
335 #define MMC_PROFILE_BD_ROM 0x0040
336 #define MMC_PROFILE_BD_R_SRM 0x0041
337 #define MMC_PROFILE_BD_R_RRM 0x0042
338 #define MMC_PROFILE_BD_RE 0x0043
339 #define MMC_PROFILE_HDDVD_ROM 0x0050
340 #define MMC_PROFILE_HDDVD_R 0x0051
341 #define MMC_PROFILE_HDDVD_RAM 0x0052
342 #define MMC_PROFILE_HDDVD_RW 0x0053
343 #define MMC_PROFILE_HDDVD_R_DL 0x0058
344 #define MMC_PROFILE_HDDVD_RW_DL 0x005A
345 #define MMC_PROFILE_INVALID 0xFFFF
346
347 #define ATAPI_INT_REASON_CD 0x01 /* 0 = data transfer */
348 #define ATAPI_INT_REASON_IO 0x02 /* 1 = transfer to the host */
349 #define ATAPI_INT_REASON_REL 0x04
350 #define ATAPI_INT_REASON_TAG 0xf8
351
352 /* same constants as bochs */
353 #define ASC_ILLEGAL_OPCODE 0x20
354 #define ASC_LOGICAL_BLOCK_OOR 0x21
355 #define ASC_INV_FIELD_IN_CMD_PACKET 0x24
356 #define ASC_MEDIUM_MAY_HAVE_CHANGED 0x28
357 #define ASC_INCOMPATIBLE_FORMAT 0x30
358 #define ASC_MEDIUM_NOT_PRESENT 0x3a
359 #define ASC_SAVING_PARAMETERS_NOT_SUPPORTED 0x39
360
361 #define CFA_NO_ERROR 0x00
362 #define CFA_MISC_ERROR 0x09
363 #define CFA_INVALID_COMMAND 0x20
364 #define CFA_INVALID_ADDRESS 0x21
365 #define CFA_ADDRESS_OVERFLOW 0x2f
366
367 #define SENSE_NONE 0
368 #define SENSE_NOT_READY 2
369 #define SENSE_ILLEGAL_REQUEST 5
370 #define SENSE_UNIT_ATTENTION 6
371
372 struct IDEState;
373
374 typedef void EndTransferFunc(struct IDEState *);
375
376 /* NOTE: IDEState represents in fact one drive */
377 typedef struct IDEState {
378 /* ide config */
379 int is_cdrom;
380 int is_cf;
381 int cylinders, heads, sectors;
382 int64_t nb_sectors;
383 int mult_sectors;
384 int identify_set;
385 uint16_t identify_data[256];
386 qemu_irq irq;
387 PCIDevice *pci_dev;
388 struct BMDMAState *bmdma;
389 int drive_serial;
390 char drive_serial_str[21];
391 /* ide regs */
392 uint8_t feature;
393 uint8_t error;
394 uint32_t nsector;
395 uint8_t sector;
396 uint8_t lcyl;
397 uint8_t hcyl;
398 /* other part of tf for lba48 support */
399 uint8_t hob_feature;
400 uint8_t hob_nsector;
401 uint8_t hob_sector;
402 uint8_t hob_lcyl;
403 uint8_t hob_hcyl;
404
405 uint8_t select;
406 uint8_t status;
407
408 /* 0x3f6 command, only meaningful for drive 0 */
409 uint8_t cmd;
410 /* set for lba48 access */
411 uint8_t lba48;
412 /* depends on bit 4 in select, only meaningful for drive 0 */
413 struct IDEState *cur_drive;
414 BlockDriverState *bs;
415 /* ATAPI specific */
416 uint8_t sense_key;
417 uint8_t asc;
418 int packet_transfer_size;
419 int elementary_transfer_size;
420 int io_buffer_index;
421 int lba;
422 int cd_sector_size;
423 int atapi_dma; /* true if dma is requested for the packet cmd */
424 /* ATA DMA state */
425 int io_buffer_size;
426 QEMUIOVector iovec;
427 /* PIO transfer handling */
428 int req_nb_sectors; /* number of sectors per interrupt */
429 EndTransferFunc *end_transfer_func;
430 uint8_t *data_ptr;
431 uint8_t *data_end;
432 uint8_t *io_buffer;
433 QEMUTimer *sector_write_timer; /* only used for win2k install hack */
434 uint32_t irq_count; /* counts IRQs when using win2k install hack */
435 /* CF-ATA extended error */
436 uint8_t ext_error;
437 /* CF-ATA metadata storage */
438 uint32_t mdata_size;
439 uint8_t *mdata_storage;
440 int media_changed;
441 /* for pmac */
442 int is_read;
443 } IDEState;
444
445 /* XXX: DVDs that could fit on a CD will be reported as a CD */
446 static inline int media_present(IDEState *s)
447 {
448 return (s->nb_sectors > 0);
449 }
450
451 static inline int media_is_dvd(IDEState *s)
452 {
453 return (media_present(s) && s->nb_sectors > CD_MAX_SECTORS);
454 }
455
456 static inline int media_is_cd(IDEState *s)
457 {
458 return (media_present(s) && s->nb_sectors <= CD_MAX_SECTORS);
459 }
460
461 #define BM_STATUS_DMAING 0x01
462 #define BM_STATUS_ERROR 0x02
463 #define BM_STATUS_INT 0x04
464 #define BM_STATUS_DMA_RETRY 0x08
465 #define BM_STATUS_PIO_RETRY 0x10
466
467 #define BM_CMD_START 0x01
468 #define BM_CMD_READ 0x08
469
470 #define IDE_TYPE_PIIX3 0
471 #define IDE_TYPE_CMD646 1
472 #define IDE_TYPE_PIIX4 2
473
474 /* CMD646 specific */
475 #define MRDMODE 0x71
476 #define MRDMODE_INTR_CH0 0x04
477 #define MRDMODE_INTR_CH1 0x08
478 #define MRDMODE_BLK_CH0 0x10
479 #define MRDMODE_BLK_CH1 0x20
480 #define UDIDETCR0 0x73
481 #define UDIDETCR1 0x7B
482
483 typedef struct BMDMAState {
484 uint8_t cmd;
485 uint8_t status;
486 uint32_t addr;
487
488 struct PCIIDEState *pci_dev;
489 /* current transfer state */
490 uint32_t cur_addr;
491 uint32_t cur_prd_last;
492 uint32_t cur_prd_addr;
493 uint32_t cur_prd_len;
494 IDEState *ide_if;
495 BlockDriverCompletionFunc *dma_cb;
496 BlockDriverAIOCB *aiocb;
497 int64_t sector_num;
498 uint32_t nsector;
499 } BMDMAState;
500
501 typedef struct PCIIDEState {
502 PCIDevice dev;
503 IDEState ide_if[4];
504 BMDMAState bmdma[2];
505 int type; /* see IDE_TYPE_xxx */
506 } PCIIDEState;
507
508 static void ide_dma_start(IDEState *s, BlockDriverCompletionFunc *dma_cb);
509 static void ide_dma_restart(IDEState *s);
510 static void ide_atapi_cmd_read_dma_cb(void *opaque, int ret);
511
512 static void padstr(char *str, const char *src, int len)
513 {
514 int i, v;
515 for(i = 0; i < len; i++) {
516 if (*src)
517 v = *src++;
518 else
519 v = ' ';
520 str[i^1] = v;
521 }
522 }
523
524 static void padstr8(uint8_t *buf, int buf_size, const char *src)
525 {
526 int i;
527 for(i = 0; i < buf_size; i++) {
528 if (*src)
529 buf[i] = *src++;
530 else
531 buf[i] = ' ';
532 }
533 }
534
535 static void put_le16(uint16_t *p, unsigned int v)
536 {
537 *p = cpu_to_le16(v);
538 }
539
540 static void ide_identify(IDEState *s)
541 {
542 uint16_t *p;
543 unsigned int oldsize;
544
545 if (s->identify_set) {
546 memcpy(s->io_buffer, s->identify_data, sizeof(s->identify_data));
547 return;
548 }
549
550 memset(s->io_buffer, 0, 512);
551 p = (uint16_t *)s->io_buffer;
552 put_le16(p + 0, 0x0040);
553 put_le16(p + 1, s->cylinders);
554 put_le16(p + 3, s->heads);
555 put_le16(p + 4, 512 * s->sectors); /* XXX: retired, remove ? */
556 put_le16(p + 5, 512); /* XXX: retired, remove ? */
557 put_le16(p + 6, s->sectors);
558 padstr((char *)(p + 10), s->drive_serial_str, 20); /* serial number */
559 put_le16(p + 20, 3); /* XXX: retired, remove ? */
560 put_le16(p + 21, 512); /* cache size in sectors */
561 put_le16(p + 22, 4); /* ecc bytes */
562 padstr((char *)(p + 23), QEMU_VERSION, 8); /* firmware version */
563 padstr((char *)(p + 27), "QEMU HARDDISK", 40); /* model */
564 #if MAX_MULT_SECTORS > 1
565 put_le16(p + 47, 0x8000 | MAX_MULT_SECTORS);
566 #endif
567 put_le16(p + 48, 1); /* dword I/O */
568 put_le16(p + 49, (1 << 11) | (1 << 9) | (1 << 8)); /* DMA and LBA supported */
569 put_le16(p + 51, 0x200); /* PIO transfer cycle */
570 put_le16(p + 52, 0x200); /* DMA transfer cycle */
571 put_le16(p + 53, 1 | (1 << 1) | (1 << 2)); /* words 54-58,64-70,88 are valid */
572 put_le16(p + 54, s->cylinders);
573 put_le16(p + 55, s->heads);
574 put_le16(p + 56, s->sectors);
575 oldsize = s->cylinders * s->heads * s->sectors;
576 put_le16(p + 57, oldsize);
577 put_le16(p + 58, oldsize >> 16);
578 if (s->mult_sectors)
579 put_le16(p + 59, 0x100 | s->mult_sectors);
580 put_le16(p + 60, s->nb_sectors);
581 put_le16(p + 61, s->nb_sectors >> 16);
582 put_le16(p + 62, 0x07); /* single word dma0-2 supported */
583 put_le16(p + 63, 0x07); /* mdma0-2 supported */
584 put_le16(p + 65, 120);
585 put_le16(p + 66, 120);
586 put_le16(p + 67, 120);
587 put_le16(p + 68, 120);
588 put_le16(p + 80, 0xf0); /* ata3 -> ata6 supported */
589 put_le16(p + 81, 0x16); /* conforms to ata5 */
590 put_le16(p + 82, (1 << 14));
591 /* 13=flush_cache_ext,12=flush_cache,10=lba48 */
592 put_le16(p + 83, (1 << 14) | (1 << 13) | (1 <<12) | (1 << 10));
593 put_le16(p + 84, (1 << 14));
594 put_le16(p + 85, (1 << 14));
595 /* 13=flush_cache_ext,12=flush_cache,10=lba48 */
596 put_le16(p + 86, (1 << 14) | (1 << 13) | (1 <<12) | (1 << 10));
597 put_le16(p + 87, (1 << 14));
598 put_le16(p + 88, 0x3f | (1 << 13)); /* udma5 set and supported */
599 put_le16(p + 93, 1 | (1 << 14) | 0x2000);
600 put_le16(p + 100, s->nb_sectors);
601 put_le16(p + 101, s->nb_sectors >> 16);
602 put_le16(p + 102, s->nb_sectors >> 32);
603 put_le16(p + 103, s->nb_sectors >> 48);
604
605 memcpy(s->identify_data, p, sizeof(s->identify_data));
606 s->identify_set = 1;
607 }
608
609 static void ide_atapi_identify(IDEState *s)
610 {
611 uint16_t *p;
612
613 if (s->identify_set) {
614 memcpy(s->io_buffer, s->identify_data, sizeof(s->identify_data));
615 return;
616 }
617
618 memset(s->io_buffer, 0, 512);
619 p = (uint16_t *)s->io_buffer;
620 /* Removable CDROM, 50us response, 12 byte packets */
621 put_le16(p + 0, (2 << 14) | (5 << 8) | (1 << 7) | (2 << 5) | (0 << 0));
622 padstr((char *)(p + 10), s->drive_serial_str, 20); /* serial number */
623 put_le16(p + 20, 3); /* buffer type */
624 put_le16(p + 21, 512); /* cache size in sectors */
625 put_le16(p + 22, 4); /* ecc bytes */
626 padstr((char *)(p + 23), QEMU_VERSION, 8); /* firmware version */
627 padstr((char *)(p + 27), "QEMU DVD-ROM", 40); /* model */
628 put_le16(p + 48, 1); /* dword I/O (XXX: should not be set on CDROM) */
629 #ifdef USE_DMA_CDROM
630 put_le16(p + 49, 1 << 9 | 1 << 8); /* DMA and LBA supported */
631 put_le16(p + 53, 7); /* words 64-70, 54-58, 88 valid */
632 put_le16(p + 62, 7); /* single word dma0-2 supported */
633 put_le16(p + 63, 7); /* mdma0-2 supported */
634 put_le16(p + 64, 0x3f); /* PIO modes supported */
635 #else
636 put_le16(p + 49, 1 << 9); /* LBA supported, no DMA */
637 put_le16(p + 53, 3); /* words 64-70, 54-58 valid */
638 put_le16(p + 63, 0x103); /* DMA modes XXX: may be incorrect */
639 put_le16(p + 64, 1); /* PIO modes */
640 #endif
641 put_le16(p + 65, 0xb4); /* minimum DMA multiword tx cycle time */
642 put_le16(p + 66, 0xb4); /* recommended DMA multiword tx cycle time */
643 put_le16(p + 67, 0x12c); /* minimum PIO cycle time without flow control */
644 put_le16(p + 68, 0xb4); /* minimum PIO cycle time with IORDY flow control */
645
646 put_le16(p + 71, 30); /* in ns */
647 put_le16(p + 72, 30); /* in ns */
648
649 put_le16(p + 80, 0x1e); /* support up to ATA/ATAPI-4 */
650 #ifdef USE_DMA_CDROM
651 put_le16(p + 88, 0x3f | (1 << 13)); /* udma5 set and supported */
652 #endif
653 memcpy(s->identify_data, p, sizeof(s->identify_data));
654 s->identify_set = 1;
655 }
656
657 static void ide_cfata_identify(IDEState *s)
658 {
659 uint16_t *p;
660 uint32_t cur_sec;
661
662 p = (uint16_t *) s->identify_data;
663 if (s->identify_set)
664 goto fill_buffer;
665
666 memset(p, 0, sizeof(s->identify_data));
667
668 cur_sec = s->cylinders * s->heads * s->sectors;
669
670 put_le16(p + 0, 0x848a); /* CF Storage Card signature */
671 put_le16(p + 1, s->cylinders); /* Default cylinders */
672 put_le16(p + 3, s->heads); /* Default heads */
673 put_le16(p + 6, s->sectors); /* Default sectors per track */
674 put_le16(p + 7, s->nb_sectors >> 16); /* Sectors per card */
675 put_le16(p + 8, s->nb_sectors); /* Sectors per card */
676 padstr((char *)(p + 10), s->drive_serial_str, 20); /* serial number */
677 put_le16(p + 22, 0x0004); /* ECC bytes */
678 padstr((char *) (p + 23), QEMU_VERSION, 8); /* Firmware Revision */
679 padstr((char *) (p + 27), "QEMU MICRODRIVE", 40);/* Model number */
680 #if MAX_MULT_SECTORS > 1
681 put_le16(p + 47, 0x8000 | MAX_MULT_SECTORS);
682 #else
683 put_le16(p + 47, 0x0000);
684 #endif
685 put_le16(p + 49, 0x0f00); /* Capabilities */
686 put_le16(p + 51, 0x0002); /* PIO cycle timing mode */
687 put_le16(p + 52, 0x0001); /* DMA cycle timing mode */
688 put_le16(p + 53, 0x0003); /* Translation params valid */
689 put_le16(p + 54, s->cylinders); /* Current cylinders */
690 put_le16(p + 55, s->heads); /* Current heads */
691 put_le16(p + 56, s->sectors); /* Current sectors */
692 put_le16(p + 57, cur_sec); /* Current capacity */
693 put_le16(p + 58, cur_sec >> 16); /* Current capacity */
694 if (s->mult_sectors) /* Multiple sector setting */
695 put_le16(p + 59, 0x100 | s->mult_sectors);
696 put_le16(p + 60, s->nb_sectors); /* Total LBA sectors */
697 put_le16(p + 61, s->nb_sectors >> 16); /* Total LBA sectors */
698 put_le16(p + 63, 0x0203); /* Multiword DMA capability */
699 put_le16(p + 64, 0x0001); /* Flow Control PIO support */
700 put_le16(p + 65, 0x0096); /* Min. Multiword DMA cycle */
701 put_le16(p + 66, 0x0096); /* Rec. Multiword DMA cycle */
702 put_le16(p + 68, 0x00b4); /* Min. PIO cycle time */
703 put_le16(p + 82, 0x400c); /* Command Set supported */
704 put_le16(p + 83, 0x7068); /* Command Set supported */
705 put_le16(p + 84, 0x4000); /* Features supported */
706 put_le16(p + 85, 0x000c); /* Command Set enabled */
707 put_le16(p + 86, 0x7044); /* Command Set enabled */
708 put_le16(p + 87, 0x4000); /* Features enabled */
709 put_le16(p + 91, 0x4060); /* Current APM level */
710 put_le16(p + 129, 0x0002); /* Current features option */
711 put_le16(p + 130, 0x0005); /* Reassigned sectors */
712 put_le16(p + 131, 0x0001); /* Initial power mode */
713 put_le16(p + 132, 0x0000); /* User signature */
714 put_le16(p + 160, 0x8100); /* Power requirement */
715 put_le16(p + 161, 0x8001); /* CF command set */
716
717 s->identify_set = 1;
718
719 fill_buffer:
720 memcpy(s->io_buffer, p, sizeof(s->identify_data));
721 }
722
723 static void ide_set_signature(IDEState *s)
724 {
725 s->select &= 0xf0; /* clear head */
726 /* put signature */
727 s->nsector = 1;
728 s->sector = 1;
729 if (s->is_cdrom) {
730 s->lcyl = 0x14;
731 s->hcyl = 0xeb;
732 } else if (s->bs) {
733 s->lcyl = 0;
734 s->hcyl = 0;
735 } else {
736 s->lcyl = 0xff;
737 s->hcyl = 0xff;
738 }
739 }
740
741 static inline void ide_abort_command(IDEState *s)
742 {
743 s->status = READY_STAT | ERR_STAT;
744 s->error = ABRT_ERR;
745 }
746
747 static inline void ide_dma_submit_check(IDEState *s,
748 BlockDriverCompletionFunc *dma_cb, BMDMAState *bm)
749 {
750 if (bm->aiocb)
751 return;
752 dma_cb(bm, -1);
753 }
754
755 static inline void ide_set_irq(IDEState *s)
756 {
757 BMDMAState *bm = s->bmdma;
758 if (!(s->cmd & IDE_CMD_DISABLE_IRQ)) {
759 if (bm) {
760 bm->status |= BM_STATUS_INT;
761 }
762 qemu_irq_raise(s->irq);
763 }
764 }
765
766 /* prepare data transfer and tell what to do after */
767 static void ide_transfer_start(IDEState *s, uint8_t *buf, int size,
768 EndTransferFunc *end_transfer_func)
769 {
770 s->end_transfer_func = end_transfer_func;
771 s->data_ptr = buf;
772 s->data_end = buf + size;
773 if (!(s->status & ERR_STAT))
774 s->status |= DRQ_STAT;
775 }
776
777 static void ide_transfer_stop(IDEState *s)
778 {
779 s->end_transfer_func = ide_transfer_stop;
780 s->data_ptr = s->io_buffer;
781 s->data_end = s->io_buffer;
782 s->status &= ~DRQ_STAT;
783 }
784
785 static int64_t ide_get_sector(IDEState *s)
786 {
787 int64_t sector_num;
788 if (s->select & 0x40) {
789 /* lba */
790 if (!s->lba48) {
791 sector_num = ((s->select & 0x0f) << 24) | (s->hcyl << 16) |
792 (s->lcyl << 8) | s->sector;
793 } else {
794 sector_num = ((int64_t)s->hob_hcyl << 40) |
795 ((int64_t) s->hob_lcyl << 32) |
796 ((int64_t) s->hob_sector << 24) |
797 ((int64_t) s->hcyl << 16) |
798 ((int64_t) s->lcyl << 8) | s->sector;
799 }
800 } else {
801 sector_num = ((s->hcyl << 8) | s->lcyl) * s->heads * s->sectors +
802 (s->select & 0x0f) * s->sectors + (s->sector - 1);
803 }
804 return sector_num;
805 }
806
807 static void ide_set_sector(IDEState *s, int64_t sector_num)
808 {
809 unsigned int cyl, r;
810 if (s->select & 0x40) {
811 if (!s->lba48) {
812 s->select = (s->select & 0xf0) | (sector_num >> 24);
813 s->hcyl = (sector_num >> 16);
814 s->lcyl = (sector_num >> 8);
815 s->sector = (sector_num);
816 } else {
817 s->sector = sector_num;
818 s->lcyl = sector_num >> 8;
819 s->hcyl = sector_num >> 16;
820 s->hob_sector = sector_num >> 24;
821 s->hob_lcyl = sector_num >> 32;
822 s->hob_hcyl = sector_num >> 40;
823 }
824 } else {
825 cyl = sector_num / (s->heads * s->sectors);
826 r = sector_num % (s->heads * s->sectors);
827 s->hcyl = cyl >> 8;
828 s->lcyl = cyl;
829 s->select = (s->select & 0xf0) | ((r / s->sectors) & 0x0f);
830 s->sector = (r % s->sectors) + 1;
831 }
832 }
833
834 static void ide_rw_error(IDEState *s) {
835 ide_abort_command(s);
836 ide_set_irq(s);
837 }
838
839 static void ide_sector_read(IDEState *s)
840 {
841 int64_t sector_num;
842 int ret, n;
843
844 s->status = READY_STAT | SEEK_STAT;
845 s->error = 0; /* not needed by IDE spec, but needed by Windows */
846 sector_num = ide_get_sector(s);
847 n = s->nsector;
848 if (n == 0) {
849 /* no more sector to read from disk */
850 ide_transfer_stop(s);
851 } else {
852 #if defined(DEBUG_IDE)
853 printf("read sector=%" PRId64 "\n", sector_num);
854 #endif
855 if (n > s->req_nb_sectors)
856 n = s->req_nb_sectors;
857 ret = bdrv_read(s->bs, sector_num, s->io_buffer, n);
858 if (ret != 0) {
859 ide_rw_error(s);
860 return;
861 }
862 ide_transfer_start(s, s->io_buffer, 512 * n, ide_sector_read);
863 ide_set_irq(s);
864 ide_set_sector(s, sector_num + n);
865 s->nsector -= n;
866 }
867 }
868
869
870 /* return 0 if buffer completed */
871 static int dma_buf_prepare(BMDMAState *bm, int is_write)
872 {
873 IDEState *s = bm->ide_if;
874 struct {
875 uint32_t addr;
876 uint32_t size;
877 } prd;
878 int l, len;
879 void *mem;
880 target_phys_addr_t l1;
881
882 qemu_iovec_init(&s->iovec, s->nsector / (TARGET_PAGE_SIZE/512) + 1);
883 s->io_buffer_size = 0;
884 for(;;) {
885 if (bm->cur_prd_len == 0) {
886 /* end of table (with a fail safe of one page) */
887 if (bm->cur_prd_last ||
888 (bm->cur_addr - bm->addr) >= 4096)
889 return s->io_buffer_size != 0;
890 cpu_physical_memory_read(bm->cur_addr, (uint8_t *)&prd, 8);
891 bm->cur_addr += 8;
892 prd.addr = le32_to_cpu(prd.addr);
893 prd.size = le32_to_cpu(prd.size);
894 len = prd.size & 0xfffe;
895 if (len == 0)
896 len = 0x10000;
897 bm->cur_prd_len = len;
898 bm->cur_prd_addr = prd.addr;
899 bm->cur_prd_last = (prd.size & 0x80000000);
900 }
901 l = bm->cur_prd_len;
902 if (l > 0) {
903 l1 = l;
904 mem = cpu_physical_memory_map(bm->cur_prd_addr, &l1, is_write);
905 if (!mem) {
906 break;
907 }
908 qemu_iovec_add(&s->iovec, mem, l1);
909 bm->cur_prd_addr += l1;
910 bm->cur_prd_len -= l1;
911 s->io_buffer_size += l1;
912 }
913 }
914 return 1;
915 }
916
917 static void dma_buf_commit(IDEState *s, int is_write)
918 {
919 int i;
920
921 for (i = 0; i < s->iovec.niov; ++i) {
922 cpu_physical_memory_unmap(s->iovec.iov[i].iov_base,
923 s->iovec.iov[i].iov_len, is_write,
924 s->iovec.iov[i].iov_len);
925 }
926 qemu_iovec_destroy(&s->iovec);
927 }
928
929 static void ide_dma_error(IDEState *s)
930 {
931 ide_transfer_stop(s);
932 s->error = ABRT_ERR;
933 s->status = READY_STAT | ERR_STAT;
934 ide_set_irq(s);
935 }
936
937 static int ide_handle_write_error(IDEState *s, int error, int op)
938 {
939 BlockInterfaceErrorAction action = drive_get_onerror(s->bs);
940
941 if (action == BLOCK_ERR_IGNORE)
942 return 0;
943
944 if ((error == ENOSPC && action == BLOCK_ERR_STOP_ENOSPC)
945 || action == BLOCK_ERR_STOP_ANY) {
946 s->bmdma->ide_if = s;
947 s->bmdma->status |= op;
948 vm_stop(0);
949 } else {
950 if (op == BM_STATUS_DMA_RETRY) {
951 dma_buf_commit(s, 0);
952 ide_dma_error(s);
953 } else {
954 ide_rw_error(s);
955 }
956 }
957
958 return 1;
959 }
960
961 /* return 0 if buffer completed */
962 static int dma_buf_rw(BMDMAState *bm, int is_write)
963 {
964 IDEState *s = bm->ide_if;
965 struct {
966 uint32_t addr;
967 uint32_t size;
968 } prd;
969 int l, len;
970
971 for(;;) {
972 l = s->io_buffer_size - s->io_buffer_index;
973 if (l <= 0)
974 break;
975 if (bm->cur_prd_len == 0) {
976 /* end of table (with a fail safe of one page) */
977 if (bm->cur_prd_last ||
978 (bm->cur_addr - bm->addr) >= 4096)
979 return 0;
980 cpu_physical_memory_read(bm->cur_addr, (uint8_t *)&prd, 8);
981 bm->cur_addr += 8;
982 prd.addr = le32_to_cpu(prd.addr);
983 prd.size = le32_to_cpu(prd.size);
984 len = prd.size & 0xfffe;
985 if (len == 0)
986 len = 0x10000;
987 bm->cur_prd_len = len;
988 bm->cur_prd_addr = prd.addr;
989 bm->cur_prd_last = (prd.size & 0x80000000);
990 }
991 if (l > bm->cur_prd_len)
992 l = bm->cur_prd_len;
993 if (l > 0) {
994 if (is_write) {
995 cpu_physical_memory_write(bm->cur_prd_addr,
996 s->io_buffer + s->io_buffer_index, l);
997 } else {
998 cpu_physical_memory_read(bm->cur_prd_addr,
999 s->io_buffer + s->io_buffer_index, l);
1000 }
1001 bm->cur_prd_addr += l;
1002 bm->cur_prd_len -= l;
1003 s->io_buffer_index += l;
1004 }
1005 }
1006 return 1;
1007 }
1008
1009 typedef struct {
1010 BMDMAState *bm;
1011 void (*cb)(void *opaque, int ret);
1012 QEMUBH *bh;
1013 } MapFailureContinuation;
1014
1015 static void reschedule_dma(void *opaque)
1016 {
1017 MapFailureContinuation *cont = opaque;
1018
1019 cont->cb(cont->bm, 0);
1020 qemu_bh_delete(cont->bh);
1021 qemu_free(cont);
1022 }
1023
1024 static void continue_after_map_failure(void *opaque)
1025 {
1026 MapFailureContinuation *cont = opaque;
1027
1028 cont->bh = qemu_bh_new(reschedule_dma, opaque);
1029 qemu_bh_schedule(cont->bh);
1030 }
1031
1032 static void wait_for_bounce_buffer(BMDMAState *bmdma,
1033 void (*cb)(void *opaque, int ret))
1034 {
1035 MapFailureContinuation *cont = qemu_malloc(sizeof(*cont));
1036
1037 cont->bm = bmdma;
1038 cont->cb = cb;
1039 cpu_register_map_client(cont, continue_after_map_failure);
1040 }
1041
1042 static void ide_read_dma_cb(void *opaque, int ret)
1043 {
1044 BMDMAState *bm = opaque;
1045 IDEState *s = bm->ide_if;
1046 int n;
1047 int64_t sector_num;
1048
1049 if (ret < 0) {
1050 dma_buf_commit(s, 1);
1051 ide_dma_error(s);
1052 return;
1053 }
1054
1055 n = s->io_buffer_size >> 9;
1056 sector_num = ide_get_sector(s);
1057 if (n > 0) {
1058 dma_buf_commit(s, 1);
1059 sector_num += n;
1060 ide_set_sector(s, sector_num);
1061 s->nsector -= n;
1062 }
1063
1064 /* end of transfer ? */
1065 if (s->nsector == 0) {
1066 s->status = READY_STAT | SEEK_STAT;
1067 ide_set_irq(s);
1068 eot:
1069 bm->status &= ~BM_STATUS_DMAING;
1070 bm->status |= BM_STATUS_INT;
1071 bm->dma_cb = NULL;
1072 bm->ide_if = NULL;
1073 bm->aiocb = NULL;
1074 return;
1075 }
1076
1077 /* launch next transfer */
1078 n = s->nsector;
1079 s->io_buffer_index = 0;
1080 s->io_buffer_size = n * 512;
1081 if (dma_buf_prepare(bm, 1) == 0)
1082 goto eot;
1083 if (!s->iovec.niov) {
1084 wait_for_bounce_buffer(bm, ide_read_dma_cb);
1085 return;
1086 }
1087 #ifdef DEBUG_AIO
1088 printf("aio_read: sector_num=%" PRId64 " n=%d\n", sector_num, n);
1089 #endif
1090 bm->aiocb = bdrv_aio_readv(s->bs, sector_num, &s->iovec, n,
1091 ide_read_dma_cb, bm);
1092 ide_dma_submit_check(s, ide_read_dma_cb, bm);
1093 }
1094
1095 static void ide_sector_read_dma(IDEState *s)
1096 {
1097 s->status = READY_STAT | SEEK_STAT | DRQ_STAT | BUSY_STAT;
1098 s->io_buffer_index = 0;
1099 s->io_buffer_size = 0;
1100 s->is_read = 1;
1101 ide_dma_start(s, ide_read_dma_cb);
1102 }
1103
1104 static void ide_sector_write_timer_cb(void *opaque)
1105 {
1106 IDEState *s = opaque;
1107 ide_set_irq(s);
1108 }
1109
1110 static void ide_sector_write(IDEState *s)
1111 {
1112 int64_t sector_num;
1113 int ret, n, n1;
1114
1115 s->status = READY_STAT | SEEK_STAT;
1116 sector_num = ide_get_sector(s);
1117 #if defined(DEBUG_IDE)
1118 printf("write sector=%" PRId64 "\n", sector_num);
1119 #endif
1120 n = s->nsector;
1121 if (n > s->req_nb_sectors)
1122 n = s->req_nb_sectors;
1123 ret = bdrv_write(s->bs, sector_num, s->io_buffer, n);
1124
1125 if (ret != 0) {
1126 if (ide_handle_write_error(s, -ret, BM_STATUS_PIO_RETRY))
1127 return;
1128 }
1129
1130 s->nsector -= n;
1131 if (s->nsector == 0) {
1132 /* no more sectors to write */
1133 ide_transfer_stop(s);
1134 } else {
1135 n1 = s->nsector;
1136 if (n1 > s->req_nb_sectors)
1137 n1 = s->req_nb_sectors;
1138 ide_transfer_start(s, s->io_buffer, 512 * n1, ide_sector_write);
1139 }
1140 ide_set_sector(s, sector_num + n);
1141
1142 #ifdef TARGET_I386
1143 if (win2k_install_hack && ((++s->irq_count % 16) == 0)) {
1144 /* It seems there is a bug in the Windows 2000 installer HDD
1145 IDE driver which fills the disk with empty logs when the
1146 IDE write IRQ comes too early. This hack tries to correct
1147 that at the expense of slower write performances. Use this
1148 option _only_ to install Windows 2000. You must disable it
1149 for normal use. */
1150 qemu_mod_timer(s->sector_write_timer,
1151 qemu_get_clock(vm_clock) + (ticks_per_sec / 1000));
1152 } else
1153 #endif
1154 {
1155 ide_set_irq(s);
1156 }
1157 }
1158
1159 static void ide_dma_restart_cb(void *opaque, int running, int reason)
1160 {
1161 BMDMAState *bm = opaque;
1162 if (!running)
1163 return;
1164 if (bm->status & BM_STATUS_DMA_RETRY) {
1165 bm->status &= ~BM_STATUS_DMA_RETRY;
1166 ide_dma_restart(bm->ide_if);
1167 } else if (bm->status & BM_STATUS_PIO_RETRY) {
1168 bm->status &= ~BM_STATUS_PIO_RETRY;
1169 ide_sector_write(bm->ide_if);
1170 }
1171 }
1172
1173 static void ide_write_dma_cb(void *opaque, int ret)
1174 {
1175 BMDMAState *bm = opaque;
1176 IDEState *s = bm->ide_if;
1177 int n;
1178 int64_t sector_num;
1179
1180 if (ret < 0) {
1181 if (ide_handle_write_error(s, -ret, BM_STATUS_DMA_RETRY))
1182 return;
1183 }
1184
1185 n = s->io_buffer_size >> 9;
1186 sector_num = ide_get_sector(s);
1187 if (n > 0) {
1188 dma_buf_commit(s, 0);
1189 sector_num += n;
1190 ide_set_sector(s, sector_num);
1191 s->nsector -= n;
1192 }
1193
1194 /* end of transfer ? */
1195 if (s->nsector == 0) {
1196 s->status = READY_STAT | SEEK_STAT;
1197 ide_set_irq(s);
1198 eot:
1199 bm->status &= ~BM_STATUS_DMAING;
1200 bm->status |= BM_STATUS_INT;
1201 bm->dma_cb = NULL;
1202 bm->ide_if = NULL;
1203 bm->aiocb = NULL;
1204 return;
1205 }
1206
1207 n = s->nsector;
1208 s->io_buffer_size = n * 512;
1209 /* launch next transfer */
1210 if (dma_buf_prepare(bm, 0) == 0)
1211 goto eot;
1212 if (!s->iovec.niov) {
1213 wait_for_bounce_buffer(bm, ide_write_dma_cb);
1214 return;
1215 }
1216 #ifdef DEBUG_AIO
1217 printf("aio_write: sector_num=%" PRId64 " n=%d\n", sector_num, n);
1218 #endif
1219 bm->aiocb = bdrv_aio_writev(s->bs, sector_num, &s->iovec, n,
1220 ide_write_dma_cb, bm);
1221 ide_dma_submit_check(s, ide_write_dma_cb, bm);
1222 }
1223
1224 static void ide_sector_write_dma(IDEState *s)
1225 {
1226 s->status = READY_STAT | SEEK_STAT | DRQ_STAT | BUSY_STAT;
1227 s->io_buffer_index = 0;
1228 s->io_buffer_size = 0;
1229 s->is_read = 0;
1230 ide_dma_start(s, ide_write_dma_cb);
1231 }
1232
1233 static void ide_atapi_cmd_ok(IDEState *s)
1234 {
1235 s->error = 0;
1236 s->status = READY_STAT | SEEK_STAT;
1237 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
1238 ide_set_irq(s);
1239 }
1240
1241 static void ide_atapi_cmd_error(IDEState *s, int sense_key, int asc)
1242 {
1243 #ifdef DEBUG_IDE_ATAPI
1244 printf("atapi_cmd_error: sense=0x%x asc=0x%x\n", sense_key, asc);
1245 #endif
1246 s->error = sense_key << 4;
1247 s->status = READY_STAT | ERR_STAT;
1248 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
1249 s->sense_key = sense_key;
1250 s->asc = asc;
1251 ide_set_irq(s);
1252 }
1253
1254 static void ide_atapi_cmd_check_status(IDEState *s)
1255 {
1256 #ifdef DEBUG_IDE_ATAPI
1257 printf("atapi_cmd_check_status\n");
1258 #endif
1259 s->error = MC_ERR | (SENSE_UNIT_ATTENTION << 4);
1260 s->status = ERR_STAT;
1261 s->nsector = 0;
1262 ide_set_irq(s);
1263 }
1264
1265 static inline void cpu_to_ube16(uint8_t *buf, int val)
1266 {
1267 buf[0] = val >> 8;
1268 buf[1] = val;
1269 }
1270
1271 static inline void cpu_to_ube32(uint8_t *buf, unsigned int val)
1272 {
1273 buf[0] = val >> 24;
1274 buf[1] = val >> 16;
1275 buf[2] = val >> 8;
1276 buf[3] = val;
1277 }
1278
1279 static inline int ube16_to_cpu(const uint8_t *buf)
1280 {
1281 return (buf[0] << 8) | buf[1];
1282 }
1283
1284 static inline int ube32_to_cpu(const uint8_t *buf)
1285 {
1286 return (buf[0] << 24) | (buf[1] << 16) | (buf[2] << 8) | buf[3];
1287 }
1288
1289 static void lba_to_msf(uint8_t *buf, int lba)
1290 {
1291 lba += 150;
1292 buf[0] = (lba / 75) / 60;
1293 buf[1] = (lba / 75) % 60;
1294 buf[2] = lba % 75;
1295 }
1296
1297 static void cd_data_to_raw(uint8_t *buf, int lba)
1298 {
1299 /* sync bytes */
1300 buf[0] = 0x00;
1301 memset(buf + 1, 0xff, 10);
1302 buf[11] = 0x00;
1303 buf += 12;
1304 /* MSF */
1305 lba_to_msf(buf, lba);
1306 buf[3] = 0x01; /* mode 1 data */
1307 buf += 4;
1308 /* data */
1309 buf += 2048;
1310 /* XXX: ECC not computed */
1311 memset(buf, 0, 288);
1312 }
1313
1314 static int cd_read_sector(BlockDriverState *bs, int lba, uint8_t *buf,
1315 int sector_size)
1316 {
1317 int ret;
1318
1319 switch(sector_size) {
1320 case 2048:
1321 ret = bdrv_read(bs, (int64_t)lba << 2, buf, 4);
1322 break;
1323 case 2352:
1324 ret = bdrv_read(bs, (int64_t)lba << 2, buf + 16, 4);
1325 if (ret < 0)
1326 return ret;
1327 cd_data_to_raw(buf, lba);
1328 break;
1329 default:
1330 ret = -EIO;
1331 break;
1332 }
1333 return ret;
1334 }
1335
1336 static void ide_atapi_io_error(IDEState *s, int ret)
1337 {
1338 /* XXX: handle more errors */
1339 if (ret == -ENOMEDIUM) {
1340 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1341 ASC_MEDIUM_NOT_PRESENT);
1342 } else {
1343 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1344 ASC_LOGICAL_BLOCK_OOR);
1345 }
1346 }
1347
1348 /* The whole ATAPI transfer logic is handled in this function */
1349 static void ide_atapi_cmd_reply_end(IDEState *s)
1350 {
1351 int byte_count_limit, size, ret;
1352 #ifdef DEBUG_IDE_ATAPI
1353 printf("reply: tx_size=%d elem_tx_size=%d index=%d\n",
1354 s->packet_transfer_size,
1355 s->elementary_transfer_size,
1356 s->io_buffer_index);
1357 #endif
1358 if (s->packet_transfer_size <= 0) {
1359 /* end of transfer */
1360 ide_transfer_stop(s);
1361 s->status = READY_STAT | SEEK_STAT;
1362 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
1363 ide_set_irq(s);
1364 #ifdef DEBUG_IDE_ATAPI
1365 printf("status=0x%x\n", s->status);
1366 #endif
1367 } else {
1368 /* see if a new sector must be read */
1369 if (s->lba != -1 && s->io_buffer_index >= s->cd_sector_size) {
1370 ret = cd_read_sector(s->bs, s->lba, s->io_buffer, s->cd_sector_size);
1371 if (ret < 0) {
1372 ide_transfer_stop(s);
1373 ide_atapi_io_error(s, ret);
1374 return;
1375 }
1376 s->lba++;
1377 s->io_buffer_index = 0;
1378 }
1379 if (s->elementary_transfer_size > 0) {
1380 /* there are some data left to transmit in this elementary
1381 transfer */
1382 size = s->cd_sector_size - s->io_buffer_index;
1383 if (size > s->elementary_transfer_size)
1384 size = s->elementary_transfer_size;
1385 ide_transfer_start(s, s->io_buffer + s->io_buffer_index,
1386 size, ide_atapi_cmd_reply_end);
1387 s->packet_transfer_size -= size;
1388 s->elementary_transfer_size -= size;
1389 s->io_buffer_index += size;
1390 } else {
1391 /* a new transfer is needed */
1392 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO;
1393 byte_count_limit = s->lcyl | (s->hcyl << 8);
1394 #ifdef DEBUG_IDE_ATAPI
1395 printf("byte_count_limit=%d\n", byte_count_limit);
1396 #endif
1397 if (byte_count_limit == 0xffff)
1398 byte_count_limit--;
1399 size = s->packet_transfer_size;
1400 if (size > byte_count_limit) {
1401 /* byte count limit must be even if this case */
1402 if (byte_count_limit & 1)
1403 byte_count_limit--;
1404 size = byte_count_limit;
1405 }
1406 s->lcyl = size;
1407 s->hcyl = size >> 8;
1408 s->elementary_transfer_size = size;
1409 /* we cannot transmit more than one sector at a time */
1410 if (s->lba != -1) {
1411 if (size > (s->cd_sector_size - s->io_buffer_index))
1412 size = (s->cd_sector_size - s->io_buffer_index);
1413 }
1414 ide_transfer_start(s, s->io_buffer + s->io_buffer_index,
1415 size, ide_atapi_cmd_reply_end);
1416 s->packet_transfer_size -= size;
1417 s->elementary_transfer_size -= size;
1418 s->io_buffer_index += size;
1419 ide_set_irq(s);
1420 #ifdef DEBUG_IDE_ATAPI
1421 printf("status=0x%x\n", s->status);
1422 #endif
1423 }
1424 }
1425 }
1426
1427 /* send a reply of 'size' bytes in s->io_buffer to an ATAPI command */
1428 static void ide_atapi_cmd_reply(IDEState *s, int size, int max_size)
1429 {
1430 if (size > max_size)
1431 size = max_size;
1432 s->lba = -1; /* no sector read */
1433 s->packet_transfer_size = size;
1434 s->io_buffer_size = size; /* dma: send the reply data as one chunk */
1435 s->elementary_transfer_size = 0;
1436 s->io_buffer_index = 0;
1437
1438 if (s->atapi_dma) {
1439 s->status = READY_STAT | SEEK_STAT | DRQ_STAT;
1440 ide_dma_start(s, ide_atapi_cmd_read_dma_cb);
1441 } else {
1442 s->status = READY_STAT | SEEK_STAT;
1443 ide_atapi_cmd_reply_end(s);
1444 }
1445 }
1446
1447 /* start a CD-CDROM read command */
1448 static void ide_atapi_cmd_read_pio(IDEState *s, int lba, int nb_sectors,
1449 int sector_size)
1450 {
1451 s->lba = lba;
1452 s->packet_transfer_size = nb_sectors * sector_size;
1453 s->elementary_transfer_size = 0;
1454 s->io_buffer_index = sector_size;
1455 s->cd_sector_size = sector_size;
1456
1457 s->status = READY_STAT | SEEK_STAT;
1458 ide_atapi_cmd_reply_end(s);
1459 }
1460
1461 /* ATAPI DMA support */
1462
1463 /* XXX: handle read errors */
1464 static void ide_atapi_cmd_read_dma_cb(void *opaque, int ret)
1465 {
1466 BMDMAState *bm = opaque;
1467 IDEState *s = bm->ide_if;
1468 int data_offset, n;
1469
1470 if (ret < 0) {
1471 ide_atapi_io_error(s, ret);
1472 goto eot;
1473 }
1474
1475 if (s->io_buffer_size > 0) {
1476 /*
1477 * For a cdrom read sector command (s->lba != -1),
1478 * adjust the lba for the next s->io_buffer_size chunk
1479 * and dma the current chunk.
1480 * For a command != read (s->lba == -1), just transfer
1481 * the reply data.
1482 */
1483 if (s->lba != -1) {
1484 if (s->cd_sector_size == 2352) {
1485 n = 1;
1486 cd_data_to_raw(s->io_buffer, s->lba);
1487 } else {
1488 n = s->io_buffer_size >> 11;
1489 }
1490 s->lba += n;
1491 }
1492 s->packet_transfer_size -= s->io_buffer_size;
1493 if (dma_buf_rw(bm, 1) == 0)
1494 goto eot;
1495 }
1496
1497 if (s->packet_transfer_size <= 0) {
1498 s->status = READY_STAT | SEEK_STAT;
1499 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
1500 ide_set_irq(s);
1501 eot:
1502 bm->status &= ~BM_STATUS_DMAING;
1503 bm->status |= BM_STATUS_INT;
1504 bm->dma_cb = NULL;
1505 bm->ide_if = NULL;
1506 bm->aiocb = NULL;
1507 return;
1508 }
1509
1510 s->io_buffer_index = 0;
1511 if (s->cd_sector_size == 2352) {
1512 n = 1;
1513 s->io_buffer_size = s->cd_sector_size;
1514 data_offset = 16;
1515 } else {
1516 n = s->packet_transfer_size >> 11;
1517 if (n > (IDE_DMA_BUF_SECTORS / 4))
1518 n = (IDE_DMA_BUF_SECTORS / 4);
1519 s->io_buffer_size = n * 2048;
1520 data_offset = 0;
1521 }
1522 #ifdef DEBUG_AIO
1523 printf("aio_read_cd: lba=%u n=%d\n", s->lba, n);
1524 #endif
1525 bm->aiocb = bdrv_aio_read(s->bs, (int64_t)s->lba << 2,
1526 s->io_buffer + data_offset, n * 4,
1527 ide_atapi_cmd_read_dma_cb, bm);
1528 if (!bm->aiocb) {
1529 /* Note: media not present is the most likely case */
1530 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1531 ASC_MEDIUM_NOT_PRESENT);
1532 goto eot;
1533 }
1534 }
1535
1536 /* start a CD-CDROM read command with DMA */
1537 /* XXX: test if DMA is available */
1538 static void ide_atapi_cmd_read_dma(IDEState *s, int lba, int nb_sectors,
1539 int sector_size)
1540 {
1541 s->lba = lba;
1542 s->packet_transfer_size = nb_sectors * sector_size;
1543 s->io_buffer_index = 0;
1544 s->io_buffer_size = 0;
1545 s->cd_sector_size = sector_size;
1546
1547 /* XXX: check if BUSY_STAT should be set */
1548 s->status = READY_STAT | SEEK_STAT | DRQ_STAT | BUSY_STAT;
1549 ide_dma_start(s, ide_atapi_cmd_read_dma_cb);
1550 }
1551
1552 static void ide_atapi_cmd_read(IDEState *s, int lba, int nb_sectors,
1553 int sector_size)
1554 {
1555 #ifdef DEBUG_IDE_ATAPI
1556 printf("read %s: LBA=%d nb_sectors=%d\n", s->atapi_dma ? "dma" : "pio",
1557 lba, nb_sectors);
1558 #endif
1559 if (s->atapi_dma) {
1560 ide_atapi_cmd_read_dma(s, lba, nb_sectors, sector_size);
1561 } else {
1562 ide_atapi_cmd_read_pio(s, lba, nb_sectors, sector_size);
1563 }
1564 }
1565
1566 static inline uint8_t ide_atapi_set_profile(uint8_t *buf, uint8_t *index,
1567 uint16_t profile)
1568 {
1569 uint8_t *buf_profile = buf + 12; /* start of profiles */
1570
1571 buf_profile += ((*index) * 4); /* start of indexed profile */
1572 cpu_to_ube16 (buf_profile, profile);
1573 buf_profile[2] = ((buf_profile[0] == buf[6]) && (buf_profile[1] == buf[7]));
1574
1575 /* each profile adds 4 bytes to the response */
1576 (*index)++;
1577 buf[11] += 4; /* Additional Length */
1578
1579 return 4;
1580 }
1581
1582 static int ide_dvd_read_structure(IDEState *s, int format,
1583 const uint8_t *packet, uint8_t *buf)
1584 {
1585 switch (format) {
1586 case 0x0: /* Physical format information */
1587 {
1588 int layer = packet[6];
1589 uint64_t total_sectors;
1590
1591 if (layer != 0)
1592 return -ASC_INV_FIELD_IN_CMD_PACKET;
1593
1594 bdrv_get_geometry(s->bs, &total_sectors);
1595 total_sectors >>= 2;
1596 if (total_sectors == 0)
1597 return -ASC_MEDIUM_NOT_PRESENT;
1598
1599 buf[4] = 1; /* DVD-ROM, part version 1 */
1600 buf[5] = 0xf; /* 120mm disc, minimum rate unspecified */
1601 buf[6] = 1; /* one layer, read-only (per MMC-2 spec) */
1602 buf[7] = 0; /* default densities */
1603
1604 /* FIXME: 0x30000 per spec? */
1605 cpu_to_ube32(buf + 8, 0); /* start sector */
1606 cpu_to_ube32(buf + 12, total_sectors - 1); /* end sector */
1607 cpu_to_ube32(buf + 16, total_sectors - 1); /* l0 end sector */
1608
1609 /* Size of buffer, not including 2 byte size field */
1610 cpu_to_be16wu((uint16_t *)buf, 2048 + 2);
1611
1612 /* 2k data + 4 byte header */
1613 return (2048 + 4);
1614 }
1615
1616 case 0x01: /* DVD copyright information */
1617 buf[4] = 0; /* no copyright data */
1618 buf[5] = 0; /* no region restrictions */
1619
1620 /* Size of buffer, not including 2 byte size field */
1621 cpu_to_be16wu((uint16_t *)buf, 4 + 2);
1622
1623 /* 4 byte header + 4 byte data */
1624 return (4 + 4);
1625
1626 case 0x03: /* BCA information - invalid field for no BCA info */
1627 return -ASC_INV_FIELD_IN_CMD_PACKET;
1628
1629 case 0x04: /* DVD disc manufacturing information */
1630 /* Size of buffer, not including 2 byte size field */
1631 cpu_to_be16wu((uint16_t *)buf, 2048 + 2);
1632
1633 /* 2k data + 4 byte header */
1634 return (2048 + 4);
1635
1636 case 0xff:
1637 /*
1638 * This lists all the command capabilities above. Add new ones
1639 * in order and update the length and buffer return values.
1640 */
1641
1642 buf[4] = 0x00; /* Physical format */
1643 buf[5] = 0x40; /* Not writable, is readable */
1644 cpu_to_be16wu((uint16_t *)(buf + 6), 2048 + 4);
1645
1646 buf[8] = 0x01; /* Copyright info */
1647 buf[9] = 0x40; /* Not writable, is readable */
1648 cpu_to_be16wu((uint16_t *)(buf + 10), 4 + 4);
1649
1650 buf[12] = 0x03; /* BCA info */
1651 buf[13] = 0x40; /* Not writable, is readable */
1652 cpu_to_be16wu((uint16_t *)(buf + 14), 188 + 4);
1653
1654 buf[16] = 0x04; /* Manufacturing info */
1655 buf[17] = 0x40; /* Not writable, is readable */
1656 cpu_to_be16wu((uint16_t *)(buf + 18), 2048 + 4);
1657
1658 /* Size of buffer, not including 2 byte size field */
1659 cpu_to_be16wu((uint16_t *)buf, 16 + 2);
1660
1661 /* data written + 4 byte header */
1662 return (16 + 4);
1663
1664 default: /* TODO: formats beyond DVD-ROM requires */
1665 return -ASC_INV_FIELD_IN_CMD_PACKET;
1666 }
1667 }
1668
1669 static void ide_atapi_cmd(IDEState *s)
1670 {
1671 const uint8_t *packet;
1672 uint8_t *buf;
1673 int max_len;
1674
1675 packet = s->io_buffer;
1676 buf = s->io_buffer;
1677 #ifdef DEBUG_IDE_ATAPI
1678 {
1679 int i;
1680 printf("ATAPI limit=0x%x packet:", s->lcyl | (s->hcyl << 8));
1681 for(i = 0; i < ATAPI_PACKET_SIZE; i++) {
1682 printf(" %02x", packet[i]);
1683 }
1684 printf("\n");
1685 }
1686 #endif
1687 /* If there's a UNIT_ATTENTION condition pending, only
1688 REQUEST_SENSE and INQUIRY commands are allowed to complete. */
1689 if (s->sense_key == SENSE_UNIT_ATTENTION &&
1690 s->io_buffer[0] != GPCMD_REQUEST_SENSE &&
1691 s->io_buffer[0] != GPCMD_INQUIRY) {
1692 ide_atapi_cmd_check_status(s);
1693 return;
1694 }
1695 switch(s->io_buffer[0]) {
1696 case GPCMD_TEST_UNIT_READY:
1697 if (bdrv_is_inserted(s->bs)) {
1698 ide_atapi_cmd_ok(s);
1699 } else {
1700 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1701 ASC_MEDIUM_NOT_PRESENT);
1702 }
1703 break;
1704 case GPCMD_MODE_SENSE_6:
1705 case GPCMD_MODE_SENSE_10:
1706 {
1707 int action, code;
1708 if (packet[0] == GPCMD_MODE_SENSE_10)
1709 max_len = ube16_to_cpu(packet + 7);
1710 else
1711 max_len = packet[4];
1712 action = packet[2] >> 6;
1713 code = packet[2] & 0x3f;
1714 switch(action) {
1715 case 0: /* current values */
1716 switch(code) {
1717 case 0x01: /* error recovery */
1718 cpu_to_ube16(&buf[0], 16 + 6);
1719 buf[2] = 0x70;
1720 buf[3] = 0;
1721 buf[4] = 0;
1722 buf[5] = 0;
1723 buf[6] = 0;
1724 buf[7] = 0;
1725
1726 buf[8] = 0x01;
1727 buf[9] = 0x06;
1728 buf[10] = 0x00;
1729 buf[11] = 0x05;
1730 buf[12] = 0x00;
1731 buf[13] = 0x00;
1732 buf[14] = 0x00;
1733 buf[15] = 0x00;
1734 ide_atapi_cmd_reply(s, 16, max_len);
1735 break;
1736 case 0x2a:
1737 cpu_to_ube16(&buf[0], 28 + 6);
1738 buf[2] = 0x70;
1739 buf[3] = 0;
1740 buf[4] = 0;
1741 buf[5] = 0;
1742 buf[6] = 0;
1743 buf[7] = 0;
1744
1745 buf[8] = 0x2a;
1746 buf[9] = 0x12;
1747 buf[10] = 0x00;
1748 buf[11] = 0x00;
1749
1750 /* Claim PLAY_AUDIO capability (0x01) since some Linux
1751 code checks for this to automount media. */
1752 buf[12] = 0x71;
1753 buf[13] = 3 << 5;
1754 buf[14] = (1 << 0) | (1 << 3) | (1 << 5);
1755 if (bdrv_is_locked(s->bs))
1756 buf[6] |= 1 << 1;
1757 buf[15] = 0x00;
1758 cpu_to_ube16(&buf[16], 706);
1759 buf[18] = 0;
1760 buf[19] = 2;
1761 cpu_to_ube16(&buf[20], 512);
1762 cpu_to_ube16(&buf[22], 706);
1763 buf[24] = 0;
1764 buf[25] = 0;
1765 buf[26] = 0;
1766 buf[27] = 0;
1767 ide_atapi_cmd_reply(s, 28, max_len);
1768 break;
1769 default:
1770 goto error_cmd;
1771 }
1772 break;
1773 case 1: /* changeable values */
1774 goto error_cmd;
1775 case 2: /* default values */
1776 goto error_cmd;
1777 default:
1778 case 3: /* saved values */
1779 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1780 ASC_SAVING_PARAMETERS_NOT_SUPPORTED);
1781 break;
1782 }
1783 }
1784 break;
1785 case GPCMD_REQUEST_SENSE:
1786 max_len = packet[4];
1787 memset(buf, 0, 18);
1788 buf[0] = 0x70 | (1 << 7);
1789 buf[2] = s->sense_key;
1790 buf[7] = 10;
1791 buf[12] = s->asc;
1792 if (s->sense_key == SENSE_UNIT_ATTENTION)
1793 s->sense_key = SENSE_NONE;
1794 ide_atapi_cmd_reply(s, 18, max_len);
1795 break;
1796 case GPCMD_PREVENT_ALLOW_MEDIUM_REMOVAL:
1797 if (bdrv_is_inserted(s->bs)) {
1798 bdrv_set_locked(s->bs, packet[4] & 1);
1799 ide_atapi_cmd_ok(s);
1800 } else {
1801 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1802 ASC_MEDIUM_NOT_PRESENT);
1803 }
1804 break;
1805 case GPCMD_READ_10:
1806 case GPCMD_READ_12:
1807 {
1808 int nb_sectors, lba;
1809
1810 if (packet[0] == GPCMD_READ_10)
1811 nb_sectors = ube16_to_cpu(packet + 7);
1812 else
1813 nb_sectors = ube32_to_cpu(packet + 6);
1814 lba = ube32_to_cpu(packet + 2);
1815 if (nb_sectors == 0) {
1816 ide_atapi_cmd_ok(s);
1817 break;
1818 }
1819 ide_atapi_cmd_read(s, lba, nb_sectors, 2048);
1820 }
1821 break;
1822 case GPCMD_READ_CD:
1823 {
1824 int nb_sectors, lba, transfer_request;
1825
1826 nb_sectors = (packet[6] << 16) | (packet[7] << 8) | packet[8];
1827 lba = ube32_to_cpu(packet + 2);
1828 if (nb_sectors == 0) {
1829 ide_atapi_cmd_ok(s);
1830 break;
1831 }
1832 transfer_request = packet[9];
1833 switch(transfer_request & 0xf8) {
1834 case 0x00:
1835 /* nothing */
1836 ide_atapi_cmd_ok(s);
1837 break;
1838 case 0x10:
1839 /* normal read */
1840 ide_atapi_cmd_read(s, lba, nb_sectors, 2048);
1841 break;
1842 case 0xf8:
1843 /* read all data */
1844 ide_atapi_cmd_read(s, lba, nb_sectors, 2352);
1845 break;
1846 default:
1847 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1848 ASC_INV_FIELD_IN_CMD_PACKET);
1849 break;
1850 }
1851 }
1852 break;
1853 case GPCMD_SEEK:
1854 {
1855 unsigned int lba;
1856 uint64_t total_sectors;
1857
1858 bdrv_get_geometry(s->bs, &total_sectors);
1859 total_sectors >>= 2;
1860 if (total_sectors == 0) {
1861 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1862 ASC_MEDIUM_NOT_PRESENT);
1863 break;
1864 }
1865 lba = ube32_to_cpu(packet + 2);
1866 if (lba >= total_sectors) {
1867 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1868 ASC_LOGICAL_BLOCK_OOR);
1869 break;
1870 }
1871 ide_atapi_cmd_ok(s);
1872 }
1873 break;
1874 case GPCMD_START_STOP_UNIT:
1875 {
1876 int start, eject;
1877 start = packet[4] & 1;
1878 eject = (packet[4] >> 1) & 1;
1879
1880 if (eject && !start) {
1881 /* eject the disk */
1882 bdrv_eject(s->bs, 1);
1883 } else if (eject && start) {
1884 /* close the tray */
1885 bdrv_eject(s->bs, 0);
1886 }
1887 ide_atapi_cmd_ok(s);
1888 }
1889 break;
1890 case GPCMD_MECHANISM_STATUS:
1891 {
1892 max_len = ube16_to_cpu(packet + 8);
1893 cpu_to_ube16(buf, 0);
1894 /* no current LBA */
1895 buf[2] = 0;
1896 buf[3] = 0;
1897 buf[4] = 0;
1898 buf[5] = 1;
1899 cpu_to_ube16(buf + 6, 0);
1900 ide_atapi_cmd_reply(s, 8, max_len);
1901 }
1902 break;
1903 case GPCMD_READ_TOC_PMA_ATIP:
1904 {
1905 int format, msf, start_track, len;
1906 uint64_t total_sectors;
1907
1908 bdrv_get_geometry(s->bs, &total_sectors);
1909 total_sectors >>= 2;
1910 if (total_sectors == 0) {
1911 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1912 ASC_MEDIUM_NOT_PRESENT);
1913 break;
1914 }
1915 max_len = ube16_to_cpu(packet + 7);
1916 format = packet[9] >> 6;
1917 msf = (packet[1] >> 1) & 1;
1918 start_track = packet[6];
1919 switch(format) {
1920 case 0:
1921 len = cdrom_read_toc(total_sectors, buf, msf, start_track);
1922 if (len < 0)
1923 goto error_cmd;
1924 ide_atapi_cmd_reply(s, len, max_len);
1925 break;
1926 case 1:
1927 /* multi session : only a single session defined */
1928 memset(buf, 0, 12);
1929 buf[1] = 0x0a;
1930 buf[2] = 0x01;
1931 buf[3] = 0x01;
1932 ide_atapi_cmd_reply(s, 12, max_len);
1933 break;
1934 case 2:
1935 len = cdrom_read_toc_raw(total_sectors, buf, msf, start_track);
1936 if (len < 0)
1937 goto error_cmd;
1938 ide_atapi_cmd_reply(s, len, max_len);
1939 break;
1940 default:
1941 error_cmd:
1942 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1943 ASC_INV_FIELD_IN_CMD_PACKET);
1944 break;
1945 }
1946 }
1947 break;
1948 case GPCMD_READ_CDVD_CAPACITY:
1949 {
1950 uint64_t total_sectors;
1951
1952 bdrv_get_geometry(s->bs, &total_sectors);
1953 total_sectors >>= 2;
1954 if (total_sectors == 0) {
1955 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1956 ASC_MEDIUM_NOT_PRESENT);
1957 break;
1958 }
1959 /* NOTE: it is really the number of sectors minus 1 */
1960 cpu_to_ube32(buf, total_sectors - 1);
1961 cpu_to_ube32(buf + 4, 2048);
1962 ide_atapi_cmd_reply(s, 8, 8);
1963 }
1964 break;
1965 case GPCMD_READ_DVD_STRUCTURE:
1966 {
1967 int media = packet[1];
1968 int format = packet[7];
1969 int ret;
1970
1971 max_len = ube16_to_cpu(packet + 8);
1972
1973 if (format < 0xff) {
1974 if (media_is_cd(s)) {
1975 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1976 ASC_INCOMPATIBLE_FORMAT);
1977 break;
1978 } else if (!media_present(s)) {
1979 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1980 ASC_INV_FIELD_IN_CMD_PACKET);
1981 break;
1982 }
1983 }
1984
1985 memset(buf, 0, max_len > IDE_DMA_BUF_SECTORS * 512 + 4 ?
1986 IDE_DMA_BUF_SECTORS * 512 + 4 : max_len);
1987
1988 switch (format) {
1989 case 0x00 ... 0x7f:
1990 case 0xff:
1991 if (media == 0) {
1992 ret = ide_dvd_read_structure(s, format, packet, buf);
1993
1994 if (ret < 0)
1995 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST, -ret);
1996 else
1997 ide_atapi_cmd_reply(s, ret, max_len);
1998
1999 break;
2000 }
2001 /* TODO: BD support, fall through for now */
2002
2003 /* Generic disk structures */
2004 case 0x80: /* TODO: AACS volume identifier */
2005 case 0x81: /* TODO: AACS media serial number */
2006 case 0x82: /* TODO: AACS media identifier */
2007 case 0x83: /* TODO: AACS media key block */
2008 case 0x90: /* TODO: List of recognized format layers */
2009 case 0xc0: /* TODO: Write protection status */
2010 default:
2011 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
2012 ASC_INV_FIELD_IN_CMD_PACKET);
2013 break;
2014 }
2015 }
2016 break;
2017 case GPCMD_SET_SPEED:
2018 ide_atapi_cmd_ok(s);
2019 break;
2020 case GPCMD_INQUIRY:
2021 max_len = packet[4];
2022 buf[0] = 0x05; /* CD-ROM */
2023 buf[1] = 0x80; /* removable */
2024 buf[2] = 0x00; /* ISO */
2025 buf[3] = 0x21; /* ATAPI-2 (XXX: put ATAPI-4 ?) */
2026 buf[4] = 31; /* additional length */
2027 buf[5] = 0; /* reserved */
2028 buf[6] = 0; /* reserved */
2029 buf[7] = 0; /* reserved */
2030 padstr8(buf + 8, 8, "QEMU");
2031 padstr8(buf + 16, 16, "QEMU DVD-ROM");
2032 padstr8(buf + 32, 4, QEMU_VERSION);
2033 ide_atapi_cmd_reply(s, 36, max_len);
2034 break;
2035 case GPCMD_GET_CONFIGURATION:
2036 {
2037 uint32_t len;
2038 uint8_t index = 0;
2039
2040 /* only feature 0 is supported */
2041 if (packet[2] != 0 || packet[3] != 0) {
2042 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
2043 ASC_INV_FIELD_IN_CMD_PACKET);
2044 break;
2045 }
2046
2047 /* XXX: could result in alignment problems in some architectures */
2048 max_len = ube16_to_cpu(packet + 7);
2049
2050 /*
2051 * XXX: avoid overflow for io_buffer if max_len is bigger than
2052 * the size of that buffer (dimensioned to max number of
2053 * sectors to transfer at once)
2054 *
2055 * Only a problem if the feature/profiles grow.
2056 */
2057 if (max_len > 512) /* XXX: assume 1 sector */
2058 max_len = 512;
2059
2060 memset(buf, 0, max_len);
2061 /*
2062 * the number of sectors from the media tells us which profile
2063 * to use as current. 0 means there is no media
2064 */
2065 if (media_is_dvd(s))
2066 cpu_to_ube16(buf + 6, MMC_PROFILE_DVD_ROM);
2067 else if (media_is_cd(s))
2068 cpu_to_ube16(buf + 6, MMC_PROFILE_CD_ROM);
2069
2070 buf[10] = 0x02 | 0x01; /* persistent and current */
2071 len = 12; /* headers: 8 + 4 */
2072 len += ide_atapi_set_profile(buf, &index, MMC_PROFILE_DVD_ROM);
2073 len += ide_atapi_set_profile(buf, &index, MMC_PROFILE_CD_ROM);
2074 cpu_to_ube32(buf, len - 4); /* data length */
2075
2076 ide_atapi_cmd_reply(s, len, max_len);
2077 break;
2078 }
2079 default:
2080 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
2081 ASC_ILLEGAL_OPCODE);
2082 break;
2083 }
2084 }
2085
2086 static void ide_cfata_metadata_inquiry(IDEState *s)
2087 {
2088 uint16_t *p;
2089 uint32_t spd;
2090
2091 p = (uint16_t *) s->io_buffer;
2092 memset(p, 0, 0x200);
2093 spd = ((s->mdata_size - 1) >> 9) + 1;
2094
2095 put_le16(p + 0, 0x0001); /* Data format revision */
2096 put_le16(p + 1, 0x0000); /* Media property: silicon */
2097 put_le16(p + 2, s->media_changed); /* Media status */
2098 put_le16(p + 3, s->mdata_size & 0xffff); /* Capacity in bytes (low) */
2099 put_le16(p + 4, s->mdata_size >> 16); /* Capacity in bytes (high) */
2100 put_le16(p + 5, spd & 0xffff); /* Sectors per device (low) */
2101 put_le16(p + 6, spd >> 16); /* Sectors per device (high) */
2102 }
2103
2104 static void ide_cfata_metadata_read(IDEState *s)
2105 {
2106 uint16_t *p;
2107
2108 if (((s->hcyl << 16) | s->lcyl) << 9 > s->mdata_size + 2) {
2109 s->status = ERR_STAT;
2110 s->error = ABRT_ERR;
2111 return;
2112 }
2113
2114 p = (uint16_t *) s->io_buffer;
2115 memset(p, 0, 0x200);
2116
2117 put_le16(p + 0, s->media_changed); /* Media status */
2118 memcpy(p + 1, s->mdata_storage + (((s->hcyl << 16) | s->lcyl) << 9),
2119 MIN(MIN(s->mdata_size - (((s->hcyl << 16) | s->lcyl) << 9),
2120 s->nsector << 9), 0x200 - 2));
2121 }
2122
2123 static void ide_cfata_metadata_write(IDEState *s)
2124 {
2125 if (((s->hcyl << 16) | s->lcyl) << 9 > s->mdata_size + 2) {
2126 s->status = ERR_STAT;
2127 s->error = ABRT_ERR;
2128 return;
2129 }
2130
2131 s->media_changed = 0;
2132
2133 memcpy(s->mdata_storage + (((s->hcyl << 16) | s->lcyl) << 9),
2134 s->io_buffer + 2,
2135 MIN(MIN(s->mdata_size - (((s->hcyl << 16) | s->lcyl) << 9),
2136 s->nsector << 9), 0x200 - 2));
2137 }
2138
2139 /* called when the inserted state of the media has changed */
2140 static void cdrom_change_cb(void *opaque)
2141 {
2142 IDEState *s = opaque;
2143 uint64_t nb_sectors;
2144
2145 bdrv_get_geometry(s->bs, &nb_sectors);
2146 s->nb_sectors = nb_sectors;
2147
2148 s->sense_key = SENSE_UNIT_ATTENTION;
2149 s->asc = ASC_MEDIUM_MAY_HAVE_CHANGED;
2150
2151 ide_set_irq(s);
2152 }
2153
2154 static void ide_cmd_lba48_transform(IDEState *s, int lba48)
2155 {
2156 s->lba48 = lba48;
2157
2158 /* handle the 'magic' 0 nsector count conversion here. to avoid
2159 * fiddling with the rest of the read logic, we just store the
2160 * full sector count in ->nsector and ignore ->hob_nsector from now
2161 */
2162 if (!s->lba48) {
2163 if (!s->nsector)
2164 s->nsector = 256;
2165 } else {
2166 if (!s->nsector && !s->hob_nsector)
2167 s->nsector = 65536;
2168 else {
2169 int lo = s->nsector;
2170 int hi = s->hob_nsector;
2171
2172 s->nsector = (hi << 8) | lo;
2173 }
2174 }
2175 }
2176
2177 static void ide_clear_hob(IDEState *ide_if)
2178 {
2179 /* any write clears HOB high bit of device control register */
2180 ide_if[0].select &= ~(1 << 7);
2181 ide_if[1].select &= ~(1 << 7);
2182 }
2183
2184 static void ide_ioport_write(void *opaque, uint32_t addr, uint32_t val)
2185 {
2186 IDEState *ide_if = opaque;
2187 IDEState *s;
2188 int unit, n;
2189 int lba48 = 0;
2190
2191 #ifdef DEBUG_IDE
2192 printf("IDE: write addr=0x%x val=0x%02x\n", addr, val);
2193 #endif
2194
2195 addr &= 7;
2196
2197 /* ignore writes to command block while busy with previous command */
2198 if (addr != 7 && (ide_if->cur_drive->status & (BUSY_STAT|DRQ_STAT)))
2199 return;
2200
2201 switch(addr) {
2202 case 0:
2203 break;
2204 case 1:
2205 ide_clear_hob(ide_if);
2206 /* NOTE: data is written to the two drives */
2207 ide_if[0].hob_feature = ide_if[0].feature;
2208 ide_if[1].hob_feature = ide_if[1].feature;
2209 ide_if[0].feature = val;
2210 ide_if[1].feature = val;
2211 break;
2212 case 2:
2213 ide_clear_hob(ide_if);
2214 ide_if[0].hob_nsector = ide_if[0].nsector;
2215 ide_if[1].hob_nsector = ide_if[1].nsector;
2216 ide_if[0].nsector = val;
2217 ide_if[1].nsector = val;
2218 break;
2219 case 3:
2220 ide_clear_hob(ide_if);
2221 ide_if[0].hob_sector = ide_if[0].sector;
2222 ide_if[1].hob_sector = ide_if[1].sector;
2223 ide_if[0].sector = val;
2224 ide_if[1].sector = val;
2225 break;
2226 case 4:
2227 ide_clear_hob(ide_if);
2228 ide_if[0].hob_lcyl = ide_if[0].lcyl;
2229 ide_if[1].hob_lcyl = ide_if[1].lcyl;
2230 ide_if[0].lcyl = val;
2231 ide_if[1].lcyl = val;
2232 break;
2233 case 5:
2234 ide_clear_hob(ide_if);
2235 ide_if[0].hob_hcyl = ide_if[0].hcyl;
2236 ide_if[1].hob_hcyl = ide_if[1].hcyl;
2237 ide_if[0].hcyl = val;
2238 ide_if[1].hcyl = val;
2239 break;
2240 case 6:
2241 /* FIXME: HOB readback uses bit 7 */
2242 ide_if[0].select = (val & ~0x10) | 0xa0;
2243 ide_if[1].select = (val | 0x10) | 0xa0;
2244 /* select drive */
2245 unit = (val >> 4) & 1;
2246 s = ide_if + unit;
2247 ide_if->cur_drive = s;
2248 break;
2249 default:
2250 case 7:
2251 /* command */
2252 #if defined(DEBUG_IDE)
2253 printf("ide: CMD=%02x\n", val);
2254 #endif
2255 s = ide_if->cur_drive;
2256 /* ignore commands to non existant slave */
2257 if (s != ide_if && !s->bs)
2258 break;
2259
2260 /* Only DEVICE RESET is allowed while BSY or/and DRQ are set */
2261 if ((s->status & (BUSY_STAT|DRQ_STAT)) && val != WIN_DEVICE_RESET)
2262 break;
2263
2264 switch(val) {
2265 case WIN_IDENTIFY:
2266 if (s->bs && !s->is_cdrom) {
2267 if (!s->is_cf)
2268 ide_identify(s);
2269 else
2270 ide_cfata_identify(s);
2271 s->status = READY_STAT | SEEK_STAT;
2272 ide_transfer_start(s, s->io_buffer, 512, ide_transfer_stop);
2273 } else {
2274 if (s->is_cdrom) {
2275 ide_set_signature(s);
2276 }
2277 ide_abort_command(s);
2278 }
2279 ide_set_irq(s);
2280 break;
2281 case WIN_SPECIFY:
2282 case WIN_RECAL:
2283 s->error = 0;
2284 s->status = READY_STAT | SEEK_STAT;
2285 ide_set_irq(s);
2286 break;
2287 case WIN_SETMULT:
2288 if (s->is_cf && s->nsector == 0) {
2289 /* Disable Read and Write Multiple */
2290 s->mult_sectors = 0;
2291 s->status = READY_STAT | SEEK_STAT;
2292 } else if ((s->nsector & 0xff) != 0 &&
2293 ((s->nsector & 0xff) > MAX_MULT_SECTORS ||
2294 (s->nsector & (s->nsector - 1)) != 0)) {
2295 ide_abort_command(s);
2296 } else {
2297 s->mult_sectors = s->nsector & 0xff;
2298 s->status = READY_STAT | SEEK_STAT;
2299 }
2300 ide_set_irq(s);
2301 break;
2302 case WIN_VERIFY_EXT:
2303 lba48 = 1;
2304 case WIN_VERIFY:
2305 case WIN_VERIFY_ONCE:
2306 /* do sector number check ? */
2307 ide_cmd_lba48_transform(s, lba48);
2308 s->status = READY_STAT | SEEK_STAT;
2309 ide_set_irq(s);
2310 break;
2311 case WIN_READ_EXT:
2312 lba48 = 1;
2313 case WIN_READ:
2314 case WIN_READ_ONCE:
2315 if (!s->bs)
2316 goto abort_cmd;
2317 ide_cmd_lba48_transform(s, lba48);
2318 s->req_nb_sectors = 1;
2319 ide_sector_read(s);
2320 break;
2321 case WIN_WRITE_EXT:
2322 lba48 = 1;
2323 case WIN_WRITE:
2324 case WIN_WRITE_ONCE:
2325 case CFA_WRITE_SECT_WO_ERASE:
2326 case WIN_WRITE_VERIFY:
2327 ide_cmd_lba48_transform(s, lba48);
2328 s->error = 0;
2329 s->status = SEEK_STAT | READY_STAT;
2330 s->req_nb_sectors = 1;
2331 ide_transfer_start(s, s->io_buffer, 512, ide_sector_write);
2332 s->media_changed = 1;
2333 break;
2334 case WIN_MULTREAD_EXT:
2335 lba48 = 1;
2336 case WIN_MULTREAD:
2337 if (!s->mult_sectors)
2338 goto abort_cmd;
2339 ide_cmd_lba48_transform(s, lba48);
2340 s->req_nb_sectors = s->mult_sectors;
2341 ide_sector_read(s);
2342 break;
2343 case WIN_MULTWRITE_EXT:
2344 lba48 = 1;
2345 case WIN_MULTWRITE:
2346 case CFA_WRITE_MULTI_WO_ERASE:
2347 if (!s->mult_sectors)
2348 goto abort_cmd;
2349 ide_cmd_lba48_transform(s, lba48);
2350 s->error = 0;
2351 s->status = SEEK_STAT | READY_STAT;
2352 s->req_nb_sectors = s->mult_sectors;
2353 n = s->nsector;
2354 if (n > s->req_nb_sectors)
2355 n = s->req_nb_sectors;
2356 ide_transfer_start(s, s->io_buffer, 512 * n, ide_sector_write);
2357 s->media_changed = 1;
2358 break;
2359 case WIN_READDMA_EXT:
2360 lba48 = 1;
2361 case WIN_READDMA:
2362 case WIN_READDMA_ONCE:
2363 if (!s->bs)
2364 goto abort_cmd;
2365 ide_cmd_lba48_transform(s, lba48);
2366 ide_sector_read_dma(s);
2367 break;
2368 case WIN_WRITEDMA_EXT:
2369 lba48 = 1;
2370 case WIN_WRITEDMA:
2371 case WIN_WRITEDMA_ONCE:
2372 if (!s->bs)
2373 goto abort_cmd;
2374 ide_cmd_lba48_transform(s, lba48);
2375 ide_sector_write_dma(s);
2376 s->media_changed = 1;
2377 break;
2378 case WIN_READ_NATIVE_MAX_EXT:
2379 lba48 = 1;
2380 case WIN_READ_NATIVE_MAX:
2381 ide_cmd_lba48_transform(s, lba48);
2382 ide_set_sector(s, s->nb_sectors - 1);
2383 s->status = READY_STAT | SEEK_STAT;
2384 ide_set_irq(s);
2385 break;
2386 case WIN_CHECKPOWERMODE1:
2387 case WIN_CHECKPOWERMODE2:
2388 s->nsector = 0xff; /* device active or idle */
2389 s->status = READY_STAT | SEEK_STAT;
2390 ide_set_irq(s);
2391 break;
2392 case WIN_SETFEATURES:
2393 if (!s->bs)
2394 goto abort_cmd;
2395 /* XXX: valid for CDROM ? */
2396 switch(s->feature) {
2397 case 0xcc: /* reverting to power-on defaults enable */
2398 case 0x66: /* reverting to power-on defaults disable */
2399 case 0x02: /* write cache enable */
2400 case 0x82: /* write cache disable */
2401 case 0xaa: /* read look-ahead enable */
2402 case 0x55: /* read look-ahead disable */
2403 case 0x05: /* set advanced power management mode */
2404 case 0x85: /* disable advanced power management mode */
2405 case 0x69: /* NOP */
2406 case 0x67: /* NOP */
2407 case 0x96: /* NOP */
2408 case 0x9a: /* NOP */
2409 case 0x42: /* enable Automatic Acoustic Mode */
2410 case 0xc2: /* disable Automatic Acoustic Mode */
2411 s->status = READY_STAT | SEEK_STAT;
2412 ide_set_irq(s);
2413 break;
2414 case 0x03: { /* set transfer mode */
2415 uint8_t val = s->nsector & 0x07;
2416
2417 switch (s->nsector >> 3) {
2418 case 0x00: /* pio default */
2419 case 0x01: /* pio mode */
2420 put_le16(s->identify_data + 62,0x07);
2421 put_le16(s->identify_data + 63,0x07);
2422 put_le16(s->identify_data + 88,0x3f);
2423 break;
2424 case 0x02: /* sigle word dma mode*/
2425 put_le16(s->identify_data + 62,0x07 | (1 << (val + 8)));
2426 put_le16(s->identify_data + 63,0x07);
2427 put_le16(s->identify_data + 88,0x3f);
2428 break;
2429 case 0x04: /* mdma mode */
2430 put_le16(s->identify_data + 62,0x07);
2431 put_le16(s->identify_data + 63,0x07 | (1 << (val + 8)));
2432 put_le16(s->identify_data + 88,0x3f);
2433 break;
2434 case 0x08: /* udma mode */
2435 put_le16(s->identify_data + 62,0x07);
2436 put_le16(s->identify_data + 63,0x07);
2437 put_le16(s->identify_data + 88,0x3f | (1 << (val + 8)));
2438 break;
2439 default:
2440 goto abort_cmd;
2441 }
2442 s->status = READY_STAT | SEEK_STAT;
2443 ide_set_irq(s);
2444 break;
2445 }
2446 default:
2447 goto abort_cmd;
2448 }
2449 break;
2450 case WIN_FLUSH_CACHE:
2451 case WIN_FLUSH_CACHE_EXT:
2452 if (s->bs)
2453 bdrv_flush(s->bs);
2454 s->status = READY_STAT | SEEK_STAT;
2455 ide_set_irq(s);
2456 break;
2457 case WIN_STANDBY:
2458 case WIN_STANDBY2:
2459 case WIN_STANDBYNOW1:
2460 case WIN_STANDBYNOW2:
2461 case WIN_IDLEIMMEDIATE:
2462 case CFA_IDLEIMMEDIATE:
2463 case WIN_SETIDLE1:
2464 case WIN_SETIDLE2:
2465 case WIN_SLEEPNOW1:
2466 case WIN_SLEEPNOW2:
2467 s->status = READY_STAT;
2468 ide_set_irq(s);
2469 break;
2470 case WIN_SEEK:
2471 if(s->is_cdrom)
2472 goto abort_cmd;
2473 /* XXX: Check that seek is within bounds */
2474 s->status = READY_STAT | SEEK_STAT;
2475 ide_set_irq(s);
2476 break;
2477 /* ATAPI commands */
2478 case WIN_PIDENTIFY:
2479 if (s->is_cdrom) {
2480 ide_atapi_identify(s);
2481 s->status = READY_STAT | SEEK_STAT;
2482 ide_transfer_start(s, s->io_buffer, 512, ide_transfer_stop);
2483 } else {
2484 ide_abort_command(s);
2485 }
2486 ide_set_irq(s);
2487 break;
2488 case WIN_DIAGNOSE:
2489 ide_set_signature(s);
2490 if (s->is_cdrom)
2491 s->status = 0; /* ATAPI spec (v6) section 9.10 defines packet
2492 * devices to return a clear status register
2493 * with READY_STAT *not* set. */
2494 else
2495 s->status = READY_STAT | SEEK_STAT;
2496 s->error = 0x01; /* Device 0 passed, Device 1 passed or not
2497 * present.
2498 */
2499 ide_set_irq(s);
2500 break;
2501 case WIN_SRST:
2502 if (!s->is_cdrom)
2503 goto abort_cmd;
2504 ide_set_signature(s);
2505 s->status = 0x00; /* NOTE: READY is _not_ set */
2506 s->error = 0x01;
2507 break;
2508 case WIN_PACKETCMD:
2509 if (!s->is_cdrom)
2510 goto abort_cmd;
2511 /* overlapping commands not supported */
2512 if (s->feature & 0x02)
2513 goto abort_cmd;
2514 s->status = READY_STAT | SEEK_STAT;
2515 s->atapi_dma = s->feature & 1;
2516 s->nsector = 1;
2517 ide_transfer_start(s, s->io_buffer, ATAPI_PACKET_SIZE,
2518 ide_atapi_cmd);
2519 break;
2520 /* CF-ATA commands */
2521 case CFA_REQ_EXT_ERROR_CODE:
2522 if (!s->is_cf)
2523 goto abort_cmd;
2524 s->error = 0x09; /* miscellaneous error */
2525 s->status = READY_STAT | SEEK_STAT;
2526 ide_set_irq(s);
2527 break;
2528 case CFA_ERASE_SECTORS:
2529 case CFA_WEAR_LEVEL:
2530 if (!s->is_cf)
2531 goto abort_cmd;
2532 if (val == CFA_WEAR_LEVEL)
2533 s->nsector = 0;
2534 if (val == CFA_ERASE_SECTORS)
2535 s->media_changed = 1;
2536 s->error = 0x00;
2537 s->status = READY_STAT | SEEK_STAT;
2538 ide_set_irq(s);
2539 break;
2540 case CFA_TRANSLATE_SECTOR:
2541 if (!s->is_cf)
2542 goto abort_cmd;
2543 s->error = 0x00;
2544 s->status = READY_STAT | SEEK_STAT;
2545 memset(s->io_buffer, 0, 0x200);
2546 s->io_buffer[0x00] = s->hcyl; /* Cyl MSB */
2547 s->io_buffer[0x01] = s->lcyl; /* Cyl LSB */
2548 s->io_buffer[0x02] = s->select; /* Head */
2549 s->io_buffer[0x03] = s->sector; /* Sector */
2550 s->io_buffer[0x04] = ide_get_sector(s) >> 16; /* LBA MSB */
2551 s->io_buffer[0x05] = ide_get_sector(s) >> 8; /* LBA */
2552 s->io_buffer[0x06] = ide_get_sector(s) >> 0; /* LBA LSB */
2553 s->io_buffer[0x13] = 0x00; /* Erase flag */
2554 s->io_buffer[0x18] = 0x00; /* Hot count */
2555 s->io_buffer[0x19] = 0x00; /* Hot count */
2556 s->io_buffer[0x1a] = 0x01; /* Hot count */
2557 ide_transfer_start(s, s->io_buffer, 0x200, ide_transfer_stop);
2558 ide_set_irq(s);
2559 break;
2560 case CFA_ACCESS_METADATA_STORAGE:
2561 if (!s->is_cf)
2562 goto abort_cmd;
2563 switch (s->feature) {
2564 case 0x02: /* Inquiry Metadata Storage */
2565 ide_cfata_metadata_inquiry(s);
2566 break;
2567 case 0x03: /* Read Metadata Storage */
2568 ide_cfata_metadata_read(s);
2569 break;
2570 case 0x04: /* Write Metadata Storage */
2571 ide_cfata_metadata_write(s);
2572 break;
2573 default:
2574 goto abort_cmd;
2575 }
2576 ide_transfer_start(s, s->io_buffer, 0x200, ide_transfer_stop);
2577 s->status = 0x00; /* NOTE: READY is _not_ set */
2578 ide_set_irq(s);
2579 break;
2580 case IBM_SENSE_CONDITION:
2581 if (!s->is_cf)
2582 goto abort_cmd;
2583 switch (s->feature) {
2584 case 0x01: /* sense temperature in device */
2585 s->nsector = 0x50; /* +20 C */
2586 break;
2587 default:
2588 goto abort_cmd;
2589 }
2590 s->status = READY_STAT | SEEK_STAT;
2591 ide_set_irq(s);
2592 break;
2593 default:
2594 abort_cmd:
2595 ide_abort_command(s);
2596 ide_set_irq(s);
2597 break;
2598 }
2599 }
2600 }
2601
2602 static uint32_t ide_ioport_read(void *opaque, uint32_t addr1)
2603 {
2604 IDEState *ide_if = opaque;
2605 IDEState *s = ide_if->cur_drive;
2606 uint32_t addr;
2607 int ret, hob;
2608
2609 addr = addr1 & 7;
2610 /* FIXME: HOB readback uses bit 7, but it's always set right now */
2611 //hob = s->select & (1 << 7);
2612 hob = 0;
2613 switch(addr) {
2614 case 0:
2615 ret = 0xff;
2616 break;
2617 case 1:
2618 if ((!ide_if[0].bs && !ide_if[1].bs) ||
2619 (s != ide_if && !s->bs))
2620 ret = 0;
2621 else if (!hob)
2622 ret = s->error;
2623 else
2624 ret = s->hob_feature;
2625 break;
2626 case 2:
2627 if (!ide_if[0].bs && !ide_if[1].bs)
2628 ret = 0;
2629 else if (!hob)
2630 ret = s->nsector & 0xff;
2631 else
2632 ret = s->hob_nsector;
2633 break;
2634 case 3:
2635 if (!ide_if[0].bs && !ide_if[1].bs)
2636 ret = 0;
2637 else if (!hob)
2638 ret = s->sector;
2639 else
2640 ret = s->hob_sector;
2641 break;
2642 case 4:
2643 if (!ide_if[0].bs && !ide_if[1].bs)
2644 ret = 0;
2645 else if (!hob)
2646 ret = s->lcyl;
2647 else
2648 ret = s->hob_lcyl;
2649 break;
2650 case 5:
2651 if (!ide_if[0].bs && !ide_if[1].bs)
2652 ret = 0;
2653 else if (!hob)
2654 ret = s->hcyl;
2655 else
2656 ret = s->hob_hcyl;
2657 break;
2658 case 6:
2659 if (!ide_if[0].bs && !ide_if[1].bs)
2660 ret = 0;
2661 else
2662 ret = s->select;
2663 break;
2664 default:
2665 case 7:
2666 if ((!ide_if[0].bs && !ide_if[1].bs) ||
2667 (s != ide_if && !s->bs))
2668 ret = 0;
2669 else
2670 ret = s->status;
2671 qemu_irq_lower(s->irq);
2672 break;
2673 }
2674 #ifdef DEBUG_IDE
2675 printf("ide: read addr=0x%x val=%02x\n", addr1, ret);
2676 #endif
2677 return ret;
2678 }
2679
2680 static uint32_t ide_status_read(void *opaque, uint32_t addr)
2681 {
2682 IDEState *ide_if = opaque;
2683 IDEState *s = ide_if->cur_drive;
2684 int ret;
2685
2686 if ((!ide_if[0].bs && !ide_if[1].bs) ||
2687 (s != ide_if && !s->bs))
2688 ret = 0;
2689 else
2690 ret = s->status;
2691 #ifdef DEBUG_IDE
2692 printf("ide: read status addr=0x%x val=%02x\n", addr, ret);
2693 #endif
2694 return ret;
2695 }
2696
2697 static void ide_cmd_write(void *opaque, uint32_t addr, uint32_t val)
2698 {
2699 IDEState *ide_if = opaque;
2700 IDEState *s;
2701 int i;
2702
2703 #ifdef DEBUG_IDE
2704 printf("ide: write control addr=0x%x val=%02x\n", addr, val);
2705 #endif
2706 /* common for both drives */
2707 if (!(ide_if[0].cmd & IDE_CMD_RESET) &&
2708 (val & IDE_CMD_RESET)) {
2709 /* reset low to high */
2710 for(i = 0;i < 2; i++) {
2711 s = &ide_if[i];
2712 s->status = BUSY_STAT | SEEK_STAT;
2713 s->error = 0x01;
2714 }
2715 } else if ((ide_if[0].cmd & IDE_CMD_RESET) &&
2716 !(val & IDE_CMD_RESET)) {
2717 /* high to low */
2718 for(i = 0;i < 2; i++) {
2719 s = &ide_if[i];
2720 if (s->is_cdrom)
2721 s->status = 0x00; /* NOTE: READY is _not_ set */
2722 else
2723 s->status = READY_STAT | SEEK_STAT;
2724 ide_set_signature(s);
2725 }
2726 }
2727
2728 ide_if[0].cmd = val;
2729 ide_if[1].cmd = val;
2730 }
2731
2732 static void ide_data_writew(void *opaque, uint32_t addr, uint32_t val)
2733 {
2734 IDEState *s = ((IDEState *)opaque)->cur_drive;
2735 uint8_t *p;
2736
2737 /* PIO data access allowed only when DRQ bit is set */
2738 if (!(s->status & DRQ_STAT))
2739 return;
2740
2741 p = s->data_ptr;
2742 *(uint16_t *)p = le16_to_cpu(val);
2743 p += 2;
2744 s->data_ptr = p;
2745 if (p >= s->data_end)
2746 s->end_transfer_func(s);
2747 }
2748
2749 static uint32_t ide_data_readw(void *opaque, uint32_t addr)
2750 {
2751 IDEState *s = ((IDEState *)opaque)->cur_drive;
2752 uint8_t *p;
2753 int ret;
2754
2755 /* PIO data access allowed only when DRQ bit is set */
2756 if (!(s->status & DRQ_STAT))
2757 return 0;
2758
2759 p = s->data_ptr;
2760 ret = cpu_to_le16(*(uint16_t *)p);
2761 p += 2;
2762 s->data_ptr = p;
2763 if (p >= s->data_end)
2764 s->end_transfer_func(s);
2765 return ret;
2766 }
2767
2768 static void ide_data_writel(void *opaque, uint32_t addr, uint32_t val)
2769 {
2770 IDEState *s = ((IDEState *)opaque)->cur_drive;
2771 uint8_t *p;
2772
2773 /* PIO data access allowed only when DRQ bit is set */
2774 if (!(s->status & DRQ_STAT))
2775 return;
2776
2777 p = s->data_ptr;
2778 *(uint32_t *)p = le32_to_cpu(val);
2779 p += 4;
2780 s->data_ptr = p;
2781 if (p >= s->data_end)
2782 s->end_transfer_func(s);
2783 }
2784
2785 static uint32_t ide_data_readl(void *opaque, uint32_t addr)
2786 {
2787 IDEState *s = ((IDEState *)opaque)->cur_drive;
2788 uint8_t *p;
2789 int ret;
2790
2791 /* PIO data access allowed only when DRQ bit is set */
2792 if (!(s->status & DRQ_STAT))
2793 return 0;
2794
2795 p = s->data_ptr;
2796 ret = cpu_to_le32(*(uint32_t *)p);
2797 p += 4;
2798 s->data_ptr = p;
2799 if (p >= s->data_end)
2800 s->end_transfer_func(s);
2801 return ret;
2802 }
2803
2804 static void ide_dummy_transfer_stop(IDEState *s)
2805 {
2806 s->data_ptr = s->io_buffer;
2807 s->data_end = s->io_buffer;
2808 s->io_buffer[0] = 0xff;
2809 s->io_buffer[1] = 0xff;
2810 s->io_buffer[2] = 0xff;
2811 s->io_buffer[3] = 0xff;
2812 }
2813
2814 static void ide_reset(IDEState *s)
2815 {
2816 if (s->is_cf)
2817 s->mult_sectors = 0;
2818 else
2819 s->mult_sectors = MAX_MULT_SECTORS;
2820 s->cur_drive = s;
2821 s->select = 0xa0;
2822 s->status = READY_STAT | SEEK_STAT;
2823 ide_set_signature(s);
2824 /* init the transfer handler so that 0xffff is returned on data
2825 accesses */
2826 s->end_transfer_func = ide_dummy_transfer_stop;
2827 ide_dummy_transfer_stop(s);
2828 s->media_changed = 0;
2829 }
2830
2831 static void ide_init2(IDEState *ide_state,
2832 BlockDriverState *hd0, BlockDriverState *hd1,
2833 qemu_irq irq)
2834 {
2835 IDEState *s;
2836 static int drive_serial = 1;
2837 int i, cylinders, heads, secs;
2838 uint64_t nb_sectors;
2839
2840 for(i = 0; i < 2; i++) {
2841 s = ide_state + i;
2842 s->io_buffer = qemu_memalign(512, IDE_DMA_BUF_SECTORS*512 + 4);
2843 if (i == 0)
2844 s->bs = hd0;
2845 else
2846 s->bs = hd1;
2847 if (s->bs) {
2848 bdrv_get_geometry(s->bs, &nb_sectors);
2849 bdrv_guess_geometry(s->bs, &cylinders, &heads, &secs);
2850 s->cylinders = cylinders;
2851 s->heads = heads;
2852 s->sectors = secs;
2853 s->nb_sectors = nb_sectors;
2854
2855 if (bdrv_get_type_hint(s->bs) == BDRV_TYPE_CDROM) {
2856 s->is_cdrom = 1;
2857 bdrv_set_change_cb(s->bs, cdrom_change_cb, s);
2858 }
2859 }
2860 s->drive_serial = drive_serial++;
2861 strncpy(s->drive_serial_str, drive_get_serial(s->bs),
2862 sizeof(s->drive_serial_str));
2863 if (strlen(s->drive_serial_str) == 0)
2864 snprintf(s->drive_serial_str, sizeof(s->drive_serial_str),
2865 "QM%05d", s->drive_serial);
2866 s->irq = irq;
2867 s->sector_write_timer = qemu_new_timer(vm_clock,
2868 ide_sector_write_timer_cb, s);
2869 ide_reset(s);
2870 }
2871 }
2872
2873 static void ide_init_ioport(IDEState *ide_state, int iobase, int iobase2)
2874 {
2875 register_ioport_write(iobase, 8, 1, ide_ioport_write, ide_state);
2876 register_ioport_read(iobase, 8, 1, ide_ioport_read, ide_state);
2877 if (iobase2) {
2878 register_ioport_read(iobase2, 1, 1, ide_status_read, ide_state);
2879 register_ioport_write(iobase2, 1, 1, ide_cmd_write, ide_state);
2880 }
2881
2882 /* data ports */
2883 register_ioport_write(iobase, 2, 2, ide_data_writew, ide_state);
2884 register_ioport_read(iobase, 2, 2, ide_data_readw, ide_state);
2885 register_ioport_write(iobase, 4, 4, ide_data_writel, ide_state);
2886 register_ioport_read(iobase, 4, 4, ide_data_readl, ide_state);
2887 }
2888
2889 /* save per IDE drive data */
2890 static void ide_save(QEMUFile* f, IDEState *s)
2891 {
2892 qemu_put_be32(f, s->mult_sectors);
2893 qemu_put_be32(f, s->identify_set);
2894 if (s->identify_set) {
2895 qemu_put_buffer(f, (const uint8_t *)s->identify_data, 512);
2896 }
2897 qemu_put_8s(f, &s->feature);
2898 qemu_put_8s(f, &s->error);
2899 qemu_put_be32s(f, &s->nsector);
2900 qemu_put_8s(f, &s->sector);
2901 qemu_put_8s(f, &s->lcyl);
2902 qemu_put_8s(f, &s->hcyl);
2903 qemu_put_8s(f, &s->hob_feature);
2904 qemu_put_8s(f, &s->hob_nsector);
2905 qemu_put_8s(f, &s->hob_sector);
2906 qemu_put_8s(f, &s->hob_lcyl);
2907 qemu_put_8s(f, &s->hob_hcyl);
2908 qemu_put_8s(f, &s->select);
2909 qemu_put_8s(f, &s->status);
2910 qemu_put_8s(f, &s->lba48);
2911
2912 qemu_put_8s(f, &s->sense_key);
2913 qemu_put_8s(f, &s->asc);
2914 /* XXX: if a transfer is pending, we do not save it yet */
2915 }
2916
2917 /* load per IDE drive data */
2918 static void ide_load(QEMUFile* f, IDEState *s)
2919 {
2920 s->mult_sectors=qemu_get_be32(f);
2921 s->identify_set=qemu_get_be32(f);
2922 if (s->identify_set) {
2923 qemu_get_buffer(f, (uint8_t *)s->identify_data, 512);
2924 }
2925 qemu_get_8s(f, &s->feature);
2926 qemu_get_8s(f, &s->error);
2927 qemu_get_be32s(f, &s->nsector);
2928 qemu_get_8s(f, &s->sector);
2929 qemu_get_8s(f, &s->lcyl);
2930 qemu_get_8s(f, &s->hcyl);
2931 qemu_get_8s(f, &s->hob_feature);
2932 qemu_get_8s(f, &s->hob_nsector);
2933 qemu_get_8s(f, &s->hob_sector);
2934 qemu_get_8s(f, &s->hob_lcyl);
2935 qemu_get_8s(f, &s->hob_hcyl);
2936 qemu_get_8s(f, &s->select);
2937 qemu_get_8s(f, &s->status);
2938 qemu_get_8s(f, &s->lba48);
2939
2940 qemu_get_8s(f, &s->sense_key);
2941 qemu_get_8s(f, &s->asc);
2942 /* XXX: if a transfer is pending, we do not save it yet */
2943 }
2944
2945 /***********************************************************/
2946 /* ISA IDE definitions */
2947
2948 void isa_ide_init(int iobase, int iobase2, qemu_irq irq,
2949 BlockDriverState *hd0, BlockDriverState *hd1)
2950 {
2951 IDEState *ide_state;
2952
2953 ide_state = qemu_mallocz(sizeof(IDEState) * 2);
2954 if (!ide_state)
2955 return;
2956
2957 ide_init2(ide_state, hd0, hd1, irq);
2958 ide_init_ioport(ide_state, iobase, iobase2);
2959 }
2960
2961 /***********************************************************/
2962 /* PCI IDE definitions */
2963
2964 static void cmd646_update_irq(PCIIDEState *d);
2965
2966 static void ide_map(PCIDevice *pci_dev, int region_num,
2967 uint32_t addr, uint32_t size, int type)
2968 {
2969 PCIIDEState *d = (PCIIDEState *)pci_dev;
2970 IDEState *ide_state;
2971
2972 if (region_num <= 3) {
2973 ide_state = &d->ide_if[(region_num >> 1) * 2];
2974 if (region_num & 1) {
2975 register_ioport_read(addr + 2, 1, 1, ide_status_read, ide_state);
2976 register_ioport_write(addr + 2, 1, 1, ide_cmd_write, ide_state);
2977 } else {
2978 register_ioport_write(addr, 8, 1, ide_ioport_write, ide_state);
2979 register_ioport_read(addr, 8, 1, ide_ioport_read, ide_state);
2980
2981 /* data ports */
2982 register_ioport_write(addr, 2, 2, ide_data_writew, ide_state);
2983 register_ioport_read(addr, 2, 2, ide_data_readw, ide_state);
2984 register_ioport_write(addr, 4, 4, ide_data_writel, ide_state);
2985 register_ioport_read(addr, 4, 4, ide_data_readl, ide_state);
2986 }
2987 }
2988 }
2989
2990 static void ide_dma_start(IDEState *s, BlockDriverCompletionFunc *dma_cb)
2991 {
2992 BMDMAState *bm = s->bmdma;
2993 if(!bm)
2994 return;
2995 bm->ide_if = s;
2996 bm->dma_cb = dma_cb;
2997 bm->cur_prd_last = 0;
2998 bm->cur_prd_addr = 0;
2999 bm->cur_prd_len = 0;
3000 bm->sector_num = ide_get_sector(s);
3001 bm->nsector = s->nsector;
3002 if (bm->status & BM_STATUS_DMAING) {
3003 bm->dma_cb(bm, 0);
3004 }
3005 }
3006
3007 static void ide_dma_restart(IDEState *s)
3008 {
3009 BMDMAState *bm = s->bmdma;
3010 ide_set_sector(s, bm->sector_num);
3011 s->io_buffer_index = 0;
3012 s->io_buffer_size = 0;
3013 s->nsector = bm->nsector;
3014 bm->cur_addr = bm->addr;
3015 bm->dma_cb = ide_write_dma_cb;
3016 ide_dma_start(s, bm->dma_cb);
3017 }
3018
3019 static void ide_dma_cancel(BMDMAState *bm)
3020 {
3021 if (bm->status & BM_STATUS_DMAING) {
3022 bm->status &= ~BM_STATUS_DMAING;
3023 /* cancel DMA request */
3024 bm->ide_if = NULL;
3025 bm->dma_cb = NULL;
3026 if (bm->aiocb) {
3027 #ifdef DEBUG_AIO
3028 printf("aio_cancel\n");
3029 #endif
3030 bdrv_aio_cancel(bm->aiocb);
3031 bm->aiocb = NULL;
3032 }
3033 }
3034 }
3035
3036 static void bmdma_cmd_writeb(void *opaque, uint32_t addr, uint32_t val)
3037 {
3038 BMDMAState *bm = opaque;
3039 #ifdef DEBUG_IDE
3040 printf("%s: 0x%08x\n", __func__, val);
3041 #endif
3042 if (!(val & BM_CMD_START)) {
3043 /* XXX: do it better */
3044 ide_dma_cancel(bm);
3045 bm->cmd = val & 0x09;
3046 } else {
3047 if (!(bm->status & BM_STATUS_DMAING)) {
3048 bm->status |= BM_STATUS_DMAING;
3049 /* start dma transfer if possible */
3050 if (bm->dma_cb)
3051 bm->dma_cb(bm, 0);
3052 }
3053 bm->cmd = val & 0x09;
3054 }
3055 }
3056
3057 static uint32_t bmdma_readb(void *opaque, uint32_t addr)
3058 {
3059 BMDMAState *bm = opaque;
3060 PCIIDEState *pci_dev;
3061 uint32_t val;
3062
3063 switch(addr & 3) {
3064 case 0:
3065 val = bm->cmd;
3066 break;
3067 case 1:
3068 pci_dev = bm->pci_dev;
3069 if (pci_dev->type == IDE_TYPE_CMD646) {
3070 val = pci_dev->dev.config[MRDMODE];
3071 } else {
3072 val = 0xff;
3073 }
3074 break;
3075 case 2:
3076 val = bm->status;
3077 break;
3078 case 3:
3079 pci_dev = bm->pci_dev;
3080 if (pci_dev->type == IDE_TYPE_CMD646) {
3081 if (bm == &pci_dev->bmdma[0])
3082 val = pci_dev->dev.config[UDIDETCR0];
3083 else
3084 val = pci_dev->dev.config[UDIDETCR1];
3085 } else {
3086 val = 0xff;
3087 }
3088 break;
3089 default:
3090 val = 0xff;
3091 break;
3092 }
3093 #ifdef DEBUG_IDE
3094 printf("bmdma: readb 0x%02x : 0x%02x\n", addr, val);
3095 #endif
3096 return val;
3097 }
3098
3099 static void bmdma_writeb(void *opaque, uint32_t addr, uint32_t val)
3100 {
3101 BMDMAState *bm = opaque;
3102 PCIIDEState *pci_dev;
3103 #ifdef DEBUG_IDE
3104 printf("bmdma: writeb 0x%02x : 0x%02x\n", addr, val);
3105 #endif
3106 switch(addr & 3) {
3107 case 1:
3108 pci_dev = bm->pci_dev;
3109 if (pci_dev->type == IDE_TYPE_CMD646) {
3110 pci_dev->dev.config[MRDMODE] =
3111 (pci_dev->dev.config[MRDMODE] & ~0x30) | (val & 0x30);
3112 cmd646_update_irq(pci_dev);
3113 }
3114 break;
3115 case 2:
3116 bm->status = (val & 0x60) | (bm->status & 1) | (bm->status & ~val & 0x06);
3117 break;
3118 case 3:
3119 pci_dev = bm->pci_dev;
3120 if (pci_dev->type == IDE_TYPE_CMD646) {
3121 if (bm == &pci_dev->bmdma[0])
3122 pci_dev->dev.config[UDIDETCR0] = val;
3123 else
3124 pci_dev->dev.config[UDIDETCR1] = val;
3125 }
3126 break;
3127 }
3128 }
3129
3130 static uint32_t bmdma_addr_readb(void *opaque, uint32_t addr)
3131 {
3132 BMDMAState *bm = opaque;
3133 uint32_t val;
3134 val = (bm->addr >> ((addr & 3) * 8)) & 0xff;
3135 #ifdef DEBUG_IDE
3136 printf("%s: 0x%08x\n", __func__, val);
3137 #endif
3138 return val;
3139 }
3140
3141 static void bmdma_addr_writeb(void *opaque, uint32_t addr, uint32_t val)
3142 {
3143 BMDMAState *bm = opaque;
3144 int shift = (addr & 3) * 8;
3145 #ifdef DEBUG_IDE
3146 printf("%s: 0x%08x\n", __func__, val);
3147 #endif
3148 bm->addr &= ~(0xFF << shift);
3149 bm->addr |= ((val & 0xFF) << shift) & ~3;
3150 bm->cur_addr = bm->addr;
3151 }
3152
3153 static uint32_t bmdma_addr_readw(void *opaque, uint32_t addr)
3154 {
3155 BMDMAState *bm = opaque;
3156 uint32_t val;
3157 val = (bm->addr >> ((addr & 3) * 8)) & 0xffff;
3158 #ifdef DEBUG_IDE
3159 printf("%s: 0x%08x\n", __func__, val);
3160 #endif
3161 return val;
3162 }
3163
3164 static void bmdma_addr_writew(void *opaque, uint32_t addr, uint32_t val)
3165 {
3166 BMDMAState *bm = opaque;
3167 int shift = (addr & 3) * 8;
3168 #ifdef DEBUG_IDE
3169 printf("%s: 0x%08x\n", __func__, val);
3170 #endif
3171 bm->addr &= ~(0xFFFF << shift);
3172 bm->addr |= ((val & 0xFFFF) << shift) & ~3;
3173 bm->cur_addr = bm->addr;
3174 }
3175
3176 static uint32_t bmdma_addr_readl(void *opaque, uint32_t addr)
3177 {
3178 BMDMAState *bm = opaque;
3179 uint32_t val;
3180 val = bm->addr;
3181 #ifdef DEBUG_IDE
3182 printf("%s: 0x%08x\n", __func__, val);
3183 #endif
3184 return val;
3185 }
3186
3187 static void bmdma_addr_writel(void *opaque, uint32_t addr, uint32_t val)
3188 {
3189 BMDMAState *bm = opaque;
3190 #ifdef DEBUG_IDE
3191 printf("%s: 0x%08x\n", __func__, val);
3192 #endif
3193 bm->addr = val & ~3;
3194 bm->cur_addr = bm->addr;
3195 }
3196
3197 static void bmdma_map(PCIDevice *pci_dev, int region_num,
3198 uint32_t addr, uint32_t size, int type)
3199 {
3200 PCIIDEState *d = (PCIIDEState *)pci_dev;
3201 int i;
3202
3203 for(i = 0;i < 2; i++) {
3204 BMDMAState *bm = &d->bmdma[i];
3205 d->ide_if[2 * i].bmdma = bm;
3206 d->ide_if[2 * i + 1].bmdma = bm;
3207 bm->pci_dev = (PCIIDEState *)pci_dev;
3208 qemu_add_vm_change_state_handler(ide_dma_restart_cb, bm);
3209
3210 register_ioport_write(addr, 1, 1, bmdma_cmd_writeb, bm);
3211
3212 register_ioport_write(addr + 1, 3, 1, bmdma_writeb, bm);
3213 register_ioport_read(addr, 4, 1, bmdma_readb, bm);
3214
3215 register_ioport_write(addr + 4, 4, 1, bmdma_addr_writeb, bm);
3216 register_ioport_read(addr + 4, 4, 1, bmdma_addr_readb, bm);
3217 register_ioport_write(addr + 4, 4, 2, bmdma_addr_writew, bm);
3218 register_ioport_read(addr + 4, 4, 2, bmdma_addr_readw, bm);
3219 register_ioport_write(addr + 4, 4, 4, bmdma_addr_writel, bm);
3220 register_ioport_read(addr + 4, 4, 4, bmdma_addr_readl, bm);
3221 addr += 8;
3222 }
3223 }
3224
3225 static void pci_ide_save(QEMUFile* f, void *opaque)
3226 {
3227 PCIIDEState *d = opaque;
3228 int i;
3229
3230 pci_device_save(&d->dev, f);
3231
3232 for(i = 0; i < 2; i++) {
3233 BMDMAState *bm = &d->bmdma[i];
3234 uint8_t ifidx;
3235 qemu_put_8s(f, &bm->cmd);
3236 qemu_put_8s(f, &bm->status);
3237 qemu_put_be32s(f, &bm->addr);
3238 qemu_put_sbe64s(f, &bm->sector_num);
3239 qemu_put_be32s(f, &bm->nsector);
3240 ifidx = bm->ide_if ? bm->ide_if - d->ide_if : 0;
3241 qemu_put_8s(f, &ifidx);
3242 /* XXX: if a transfer is pending, we do not save it yet */
3243 }
3244
3245 /* per IDE interface data */
3246 for(i = 0; i < 2; i++) {
3247 IDEState *s = &d->ide_if[i * 2];
3248 uint8_t drive1_selected;
3249 qemu_put_8s(f, &s->cmd);
3250 drive1_selected = (s->cur_drive != s);
3251 qemu_put_8s(f, &drive1_selected);
3252 }
3253
3254 /* per IDE drive data */
3255 for(i = 0; i < 4; i++) {
3256 ide_save(f, &d->ide_if[i]);
3257 }
3258 }
3259
3260 static int pci_ide_load(QEMUFile* f, void *opaque, int version_id)
3261 {
3262 PCIIDEState *d = opaque;
3263 int ret, i;
3264
3265 if (version_id != 2)
3266 return -EINVAL;
3267 ret = pci_device_load(&d->dev, f);
3268 if (ret < 0)
3269 return ret;
3270
3271 for(i = 0; i < 2; i++) {
3272 BMDMAState *bm = &d->bmdma[i];
3273 uint8_t ifidx;
3274 qemu_get_8s(f, &bm->cmd);
3275 qemu_get_8s(f, &bm->status);
3276 qemu_get_be32s(f, &bm->addr);
3277 qemu_get_sbe64s(f, &bm->sector_num);
3278 qemu_get_be32s(f, &bm->nsector);
3279 qemu_get_8s(f, &ifidx);
3280 bm->ide_if = &d->ide_if[ifidx];
3281 /* XXX: if a transfer is pending, we do not save it yet */
3282 }
3283
3284 /* per IDE interface data */
3285 for(i = 0; i < 2; i++) {
3286 IDEState *s = &d->ide_if[i * 2];
3287 uint8_t drive1_selected;
3288 qemu_get_8s(f, &s->cmd);
3289 qemu_get_8s(f, &drive1_selected);
3290 s->cur_drive = &d->ide_if[i * 2 + (drive1_selected != 0)];
3291 }
3292
3293 /* per IDE drive data */
3294 for(i = 0; i < 4; i++) {
3295 ide_load(f, &d->ide_if[i]);
3296 }
3297 return 0;
3298 }
3299
3300 /* XXX: call it also when the MRDMODE is changed from the PCI config
3301 registers */
3302 static void cmd646_update_irq(PCIIDEState *d)
3303 {
3304 int pci_level;
3305 pci_level = ((d->dev.config[MRDMODE] & MRDMODE_INTR_CH0) &&
3306 !(d->dev.config[MRDMODE] & MRDMODE_BLK_CH0)) ||
3307 ((d->dev.config[MRDMODE] & MRDMODE_INTR_CH1) &&
3308 !(d->dev.config[MRDMODE] & MRDMODE_BLK_CH1));
3309 qemu_set_irq(d->dev.irq[0], pci_level);
3310 }
3311
3312 /* the PCI irq level is the logical OR of the two channels */
3313 static void cmd646_set_irq(void *opaque, int channel, int level)
3314 {
3315 PCIIDEState *d = opaque;
3316 int irq_mask;
3317
3318 irq_mask = MRDMODE_INTR_CH0 << channel;
3319 if (level)
3320 d->dev.config[MRDMODE] |= irq_mask;
3321 else
3322 d->dev.config[MRDMODE] &= ~irq_mask;
3323 cmd646_update_irq(d);
3324 }
3325
3326 static void cmd646_reset(void *opaque)
3327 {
3328 PCIIDEState *d = opaque;
3329 unsigned int i;
3330
3331 for (i = 0; i < 2; i++)
3332 ide_dma_cancel(&d->bmdma[i]);
3333 }
3334
3335 /* CMD646 PCI IDE controller */
3336 void pci_cmd646_ide_init(PCIBus *bus, BlockDriverState **hd_table,
3337 int secondary_ide_enabled)
3338 {
3339 PCIIDEState *d;
3340 uint8_t *pci_conf;
3341 int i;
3342 qemu_irq *irq;
3343
3344 d = (PCIIDEState *)pci_register_device(bus, "CMD646 IDE",
3345 sizeof(PCIIDEState),
3346 -1,
3347 NULL, NULL);
3348 d->type = IDE_TYPE_CMD646;
3349 pci_conf = d->dev.config;
3350 pci_config_set_vendor_id(pci_conf, PCI_VENDOR_ID_CMD);
3351 pci_config_set_device_id(pci_conf, PCI_DEVICE_ID_CMD_646);
3352
3353 pci_conf[0x08] = 0x07; // IDE controller revision
3354 pci_conf[0x09] = 0x8f;
3355
3356 pci_config_set_class(pci_conf, PCI_CLASS_STORAGE_IDE);
3357 pci_conf[0x0e] = 0x00; // header_type
3358
3359 pci_conf[0x51] = 0x04; // enable IDE0
3360 if (secondary_ide_enabled) {
3361 /* XXX: if not enabled, really disable the seconday IDE controller */
3362 pci_conf[0x51] |= 0x08; /* enable IDE1 */
3363 }
3364
3365 pci_register_io_region((PCIDevice *)d, 0, 0x8,
3366 PCI_ADDRESS_SPACE_IO, ide_map);
3367 pci_register_io_region((PCIDevice *)d, 1, 0x4,
3368 PCI_ADDRESS_SPACE_IO, ide_map);
3369 pci_register_io_region((PCIDevice *)d, 2, 0x8,
3370 PCI_ADDRESS_SPACE_IO, ide_map);
3371 pci_register_io_region((PCIDevice *)d, 3, 0x4,
3372 PCI_ADDRESS_SPACE_IO, ide_map);
3373 pci_register_io_region((PCIDevice *)d, 4, 0x10,
3374 PCI_ADDRESS_SPACE_IO, bmdma_map);
3375
3376 pci_conf[0x3d] = 0x01; // interrupt on pin 1
3377
3378 for(i = 0; i < 4; i++)
3379 d->ide_if[i].pci_dev = (PCIDevice *)d;
3380
3381 irq = qemu_allocate_irqs(cmd646_set_irq, d, 2);
3382 ide_init2(&d->ide_if[0], hd_table[0], hd_table[1], irq[0]);
3383 ide_init2(&d->ide_if[2], hd_table[2], hd_table[3], irq[1]);
3384
3385 register_savevm("ide", 0, 2, pci_ide_save, pci_ide_load, d);
3386 qemu_register_reset(cmd646_reset, d);
3387 cmd646_reset(d);
3388 }
3389
3390 static void piix3_reset(void *opaque)
3391 {
3392 PCIIDEState *d = opaque;
3393 uint8_t *pci_conf = d->dev.config;
3394 int i;
3395
3396 for (i = 0; i < 2; i++)
3397 ide_dma_cancel(&d->bmdma[i]);
3398
3399 pci_conf[0x04] = 0x00;
3400 pci_conf[0x05] = 0x00;
3401 pci_conf[0x06] = 0x80; /* FBC */
3402 pci_conf[0x07] = 0x02; // PCI_status_devsel_medium
3403 pci_conf[0x20] = 0x01; /* BMIBA: 20-23h */
3404 }
3405
3406 /* hd_table must contain 4 block drivers */
3407 /* NOTE: for the PIIX3, the IRQs and IOports are hardcoded */
3408 void pci_piix3_ide_init(PCIBus *bus, BlockDriverState **hd_table, int devfn,
3409 qemu_irq *pic)
3410 {
3411 PCIIDEState *d;
3412 uint8_t *pci_conf;
3413
3414 /* register a function 1 of PIIX3 */
3415 d = (PCIIDEState *)pci_register_device(bus, "PIIX3 IDE",
3416 sizeof(PCIIDEState),
3417 devfn,
3418 NULL, NULL);
3419 d->type = IDE_TYPE_PIIX3;
3420
3421 pci_conf = d->dev.config;
3422 pci_config_set_vendor_id(pci_conf, PCI_VENDOR_ID_INTEL);
3423 pci_config_set_device_id(pci_conf, PCI_DEVICE_ID_INTEL_82371SB_1);
3424 pci_conf[0x09] = 0x80; // legacy ATA mode
3425 pci_config_set_class(pci_conf, PCI_CLASS_STORAGE_IDE);
3426 pci_conf[0x0e] = 0x00; // header_type
3427
3428 qemu_register_reset(piix3_reset, d);
3429 piix3_reset(d);
3430
3431 pci_register_io_region((PCIDevice *)d, 4, 0x10,
3432 PCI_ADDRESS_SPACE_IO, bmdma_map);
3433
3434 ide_init2(&d->ide_if[0], hd_table[0], hd_table[1], pic[14]);
3435 ide_init2(&d->ide_if[2], hd_table[2], hd_table[3], pic[15]);
3436 ide_init_ioport(&d->ide_if[0], 0x1f0, 0x3f6);
3437 ide_init_ioport(&d->ide_if[2], 0x170, 0x376);
3438
3439 register_savevm("ide", 0, 2, pci_ide_save, pci_ide_load, d);
3440 }
3441
3442 /* hd_table must contain 4 block drivers */
3443 /* NOTE: for the PIIX4, the IRQs and IOports are hardcoded */
3444 void pci_piix4_ide_init(PCIBus *bus, BlockDriverState **hd_table, int devfn,
3445 qemu_irq *pic)
3446 {
3447 PCIIDEState *d;
3448 uint8_t *pci_conf;
3449
3450 /* register a function 1 of PIIX4 */
3451 d = (PCIIDEState *)pci_register_device(bus, "PIIX4 IDE",
3452 sizeof(PCIIDEState),
3453 devfn,
3454 NULL, NULL);
3455 d->type = IDE_TYPE_PIIX4;
3456
3457 pci_conf = d->dev.config;
3458 pci_config_set_vendor_id(pci_conf, PCI_VENDOR_ID_INTEL);
3459 pci_config_set_device_id(pci_conf, PCI_DEVICE_ID_INTEL_82371AB);
3460 pci_conf[0x09] = 0x80; // legacy ATA mode
3461 pci_config_set_class(pci_conf, PCI_CLASS_STORAGE_IDE);
3462 pci_conf[0x0e] = 0x00; // header_type
3463
3464 qemu_register_reset(piix3_reset, d);
3465 piix3_reset(d);
3466
3467 pci_register_io_region((PCIDevice *)d, 4, 0x10,
3468 PCI_ADDRESS_SPACE_IO, bmdma_map);
3469
3470 ide_init2(&d->ide_if[0], hd_table[0], hd_table[1], pic[14]);
3471 ide_init2(&d->ide_if[2], hd_table[2], hd_table[3], pic[15]);
3472 ide_init_ioport(&d->ide_if[0], 0x1f0, 0x3f6);
3473 ide_init_ioport(&d->ide_if[2], 0x170, 0x376);
3474
3475 register_savevm("ide", 0, 2, pci_ide_save, pci_ide_load, d);
3476 }
3477
3478 #if defined(TARGET_PPC)
3479 /***********************************************************/
3480 /* MacIO based PowerPC IDE */
3481
3482 typedef struct MACIOIDEState {
3483 IDEState ide_if[2];
3484 void *dbdma;
3485 int stream_index;
3486 } MACIOIDEState;
3487
3488 static int pmac_atapi_read(DBDMA_transfer *info, DBDMA_transfer_cb cb)
3489 {
3490 MACIOIDEState *m = info->opaque;
3491 IDEState *s = m->ide_if->cur_drive;
3492 int ret;
3493
3494 if (s->lba == -1)
3495 return 0;
3496
3497 info->buf_pos = 0;
3498
3499 while (info->buf_pos < info->len && s->packet_transfer_size > 0) {
3500
3501 ret = cd_read_sector(s->bs, s->lba, s->io_buffer, s->cd_sector_size);
3502 if (ret < 0) {
3503 ide_transfer_stop(s);
3504 ide_atapi_io_error(s, ret);
3505 return info->buf_pos;
3506 }
3507
3508 info->buf = s->io_buffer + m->stream_index;
3509
3510 info->buf_len = s->cd_sector_size;
3511 if (info->buf_pos + info->buf_len > info->len)
3512 info->buf_len = info->len - info->buf_pos;
3513
3514 cb(info);
3515
3516 /* db-dma can ask for 512 bytes whereas block size is 2048... */
3517
3518 m->stream_index += info->buf_len;
3519 s->lba += m->stream_index / s->cd_sector_size;
3520 m->stream_index %= s->cd_sector_size;
3521
3522 info->buf_pos += info->buf_len;
3523 s->packet_transfer_size -= info->buf_len;
3524 }
3525 if (s->packet_transfer_size <= 0) {
3526 s->status = READY_STAT | SEEK_STAT;
3527 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO
3528 | ATAPI_INT_REASON_CD;
3529 ide_set_irq(s);
3530 }
3531
3532 return info->buf_pos;
3533 }
3534
3535 static int pmac_ide_transfer(DBDMA_transfer *info,
3536 DBDMA_transfer_cb cb)
3537 {
3538 MACIOIDEState *m = info->opaque;
3539 IDEState *s = m->ide_if->cur_drive;
3540 int64_t sector_num;
3541 int ret, n;
3542
3543 if (s->is_cdrom)
3544 return pmac_atapi_read(info, cb);
3545
3546 info->buf = s->io_buffer;
3547 info->buf_pos = 0;
3548 while (info->buf_pos < info->len && s->nsector > 0) {
3549
3550 sector_num = ide_get_sector(s);
3551
3552 n = s->nsector;
3553 if (n > IDE_DMA_BUF_SECTORS)
3554 n = IDE_DMA_BUF_SECTORS;
3555
3556 info->buf_len = n << 9;
3557 if (info->buf_pos + info->buf_len > info->len)
3558 info->buf_len = info->len - info->buf_pos;
3559 n = info->buf_len >> 9;
3560
3561 if (s->is_read) {
3562 ret = bdrv_read(s->bs, sector_num, s->io_buffer, n);
3563 if (ret == 0)
3564 cb(info);
3565 } else {
3566 cb(info);
3567 ret = bdrv_write(s->bs, sector_num, s->io_buffer, n);
3568 }
3569
3570 if (ret != 0) {
3571 ide_rw_error(s);
3572 return info->buf_pos;
3573 }
3574
3575 info->buf_pos += n << 9;
3576 ide_set_sector(s, sector_num + n);
3577 s->nsector -= n;
3578 }
3579
3580 if (s->nsector <= 0) {
3581 s->status = READY_STAT | SEEK_STAT;
3582 ide_set_irq(s);
3583 }
3584
3585 return info->buf_pos;
3586 }
3587
3588 /* PowerMac IDE memory IO */
3589 static void pmac_ide_writeb (void *opaque,
3590 target_phys_addr_t addr, uint32_t val)
3591 {
3592 MACIOIDEState *d = opaque;
3593
3594 addr = (addr & 0xFFF) >> 4;
3595 switch (addr) {
3596 case 1 ... 7:
3597 ide_ioport_write(d->ide_if, addr, val);
3598 break;
3599 case 8:
3600 case 22:
3601 ide_cmd_write(d->ide_if, 0, val);
3602 break;
3603 default:
3604 break;
3605 }
3606 }
3607
3608 static uint32_t pmac_ide_readb (void *opaque,target_phys_addr_t addr)
3609 {
3610 uint8_t retval;
3611 MACIOIDEState *d = opaque;
3612
3613 addr = (addr & 0xFFF) >> 4;
3614 switch (addr) {
3615 case 1 ... 7:
3616 retval = ide_ioport_read(d->ide_if, addr);
3617 break;
3618 case 8:
3619 case 22:
3620 retval = ide_status_read(d->ide_if, 0);
3621 break;
3622 default:
3623 retval = 0xFF;
3624 break;
3625 }
3626 return retval;
3627 }
3628
3629 static void pmac_ide_writew (void *opaque,
3630 target_phys_addr_t addr, uint32_t val)
3631 {
3632 MACIOIDEState *d = opaque;
3633
3634 addr = (addr & 0xFFF) >> 4;
3635 #ifdef TARGET_WORDS_BIGENDIAN
3636 val = bswap16(val);
3637 #endif
3638 if (addr == 0) {
3639 ide_data_writew(d->ide_if, 0, val);
3640 }
3641 }
3642
3643 static uint32_t pmac_ide_readw (void *opaque,target_phys_addr_t addr)
3644 {
3645 uint16_t retval;
3646 MACIOIDEState *d = opaque;
3647
3648 addr = (addr & 0xFFF) >> 4;
3649 if (addr == 0) {
3650 retval = ide_data_readw(d->ide_if, 0);
3651 } else {
3652 retval = 0xFFFF;
3653 }
3654 #ifdef TARGET_WORDS_BIGENDIAN
3655 retval = bswap16(retval);
3656 #endif
3657 return retval;
3658 }
3659
3660 static void pmac_ide_writel (void *opaque,
3661 target_phys_addr_t addr, uint32_t val)
3662 {
3663 MACIOIDEState *d = opaque;
3664
3665 addr = (addr & 0xFFF) >> 4;
3666 #ifdef TARGET_WORDS_BIGENDIAN
3667 val = bswap32(val);
3668 #endif
3669 if (addr == 0) {
3670 ide_data_writel(d->ide_if, 0, val);
3671 }
3672 }
3673
3674 static uint32_t pmac_ide_readl (void *opaque,target_phys_addr_t addr)
3675 {
3676 uint32_t retval;
3677 MACIOIDEState *d = opaque;
3678
3679 addr = (addr & 0xFFF) >> 4;
3680 if (addr == 0) {
3681 retval = ide_data_readl(d->ide_if, 0);
3682 } else {
3683 retval = 0xFFFFFFFF;
3684 }
3685 #ifdef TARGET_WORDS_BIGENDIAN
3686 retval = bswap32(retval);
3687 #endif
3688 return retval;
3689 }
3690
3691 static CPUWriteMemoryFunc *pmac_ide_write[] = {
3692 pmac_ide_writeb,
3693 pmac_ide_writew,
3694 pmac_ide_writel,
3695 };
3696
3697 static CPUReadMemoryFunc *pmac_ide_read[] = {
3698 pmac_ide_readb,
3699 pmac_ide_readw,
3700 pmac_ide_readl,
3701 };
3702
3703 static void pmac_ide_save(QEMUFile *f, void *opaque)
3704 {
3705 MACIOIDEState *d = opaque;
3706 IDEState *s = d->ide_if;
3707 uint8_t drive1_selected;
3708 unsigned int i;
3709
3710 /* per IDE interface data */
3711 qemu_put_8s(f, &s->cmd);
3712 drive1_selected = (s->cur_drive != s);
3713 qemu_put_8s(f, &drive1_selected);
3714
3715 /* per IDE drive data */
3716 for(i = 0; i < 2; i++) {
3717 ide_save(f, &s[i]);
3718 }
3719 }
3720
3721 static int pmac_ide_load(QEMUFile *f, void *opaque, int version_id)
3722 {
3723 MACIOIDEState *d = opaque;
3724 IDEState *s = d->ide_if;
3725 uint8_t drive1_selected;
3726 unsigned int i;
3727
3728 if (version_id != 1)
3729 return -EINVAL;
3730
3731 /* per IDE interface data */
3732 qemu_get_8s(f, &s->cmd);
3733 qemu_get_8s(f, &drive1_selected);
3734 s->cur_drive = &s[(drive1_selected != 0)];
3735
3736 /* per IDE drive data */
3737 for(i = 0; i < 2; i++) {
3738 ide_load(f, &s[i]);
3739 }
3740 return 0;
3741 }
3742
3743 static void pmac_ide_reset(void *opaque)
3744 {
3745 MACIOIDEState *d = opaque;
3746 IDEState *s = d->ide_if;
3747
3748 ide_reset(&s[0]);
3749 ide_reset(&s[1]);
3750 }
3751
3752 /* hd_table must contain 4 block drivers */
3753 /* PowerMac uses memory mapped registers, not I/O. Return the memory
3754 I/O index to access the ide. */
3755 int pmac_ide_init (BlockDriverState **hd_table, qemu_irq irq,
3756 void *dbdma, int channel, qemu_irq dma_irq)
3757 {
3758 MACIOIDEState *d;
3759 int pmac_ide_memory;
3760
3761 d = qemu_mallocz(sizeof(MACIOIDEState));
3762 ide_init2(d->ide_if, hd_table[0], hd_table[1], irq);
3763
3764 if (dbdma) {
3765 d->dbdma = dbdma;
3766 DBDMA_register_channel(dbdma, channel, dma_irq, pmac_ide_transfer, d);
3767 }
3768
3769 pmac_ide_memory = cpu_register_io_memory(0, pmac_ide_read,
3770 pmac_ide_write, d);
3771 register_savevm("ide", 0, 1, pmac_ide_save, pmac_ide_load, d);
3772 qemu_register_reset(pmac_ide_reset, d);
3773 pmac_ide_reset(d);
3774
3775 return pmac_ide_memory;
3776 }
3777 #endif /* TARGET_PPC */
3778
3779 /***********************************************************/
3780 /* MMIO based ide port
3781 * This emulates IDE device connected directly to the CPU bus without
3782 * dedicated ide controller, which is often seen on embedded boards.
3783 */
3784
3785 typedef struct {
3786 void *dev;
3787 int shift;
3788 } MMIOState;
3789
3790 static uint32_t mmio_ide_read (void *opaque, target_phys_addr_t addr)
3791 {
3792 MMIOState *s = (MMIOState*)opaque;
3793 IDEState *ide = (IDEState*)s->dev;
3794 addr >>= s->shift;
3795 if (addr & 7)
3796 return ide_ioport_read(ide, addr);
3797 else
3798 return ide_data_readw(ide, 0);
3799 }
3800
3801 static void mmio_ide_write (void *opaque, target_phys_addr_t addr,
3802 uint32_t val)
3803 {
3804 MMIOState *s = (MMIOState*)opaque;
3805 IDEState *ide = (IDEState*)s->dev;
3806 addr >>= s->shift;
3807 if (addr & 7)
3808 ide_ioport_write(ide, addr, val);
3809 else
3810 ide_data_writew(ide, 0, val);
3811 }
3812
3813 static CPUReadMemoryFunc *mmio_ide_reads[] = {
3814 mmio_ide_read,
3815 mmio_ide_read,
3816 mmio_ide_read,
3817 };
3818
3819 static CPUWriteMemoryFunc *mmio_ide_writes[] = {
3820 mmio_ide_write,
3821 mmio_ide_write,
3822 mmio_ide_write,
3823 };
3824
3825 static uint32_t mmio_ide_status_read (void *opaque, target_phys_addr_t addr)
3826 {
3827 MMIOState *s= (MMIOState*)opaque;
3828 IDEState *ide = (IDEState*)s->dev;
3829 return ide_status_read(ide, 0);
3830 }
3831
3832 static void mmio_ide_cmd_write (void *opaque, target_phys_addr_t addr,
3833 uint32_t val)
3834 {
3835 MMIOState *s = (MMIOState*)opaque;
3836 IDEState *ide = (IDEState*)s->dev;
3837 ide_cmd_write(ide, 0, val);
3838 }
3839
3840 static CPUReadMemoryFunc *mmio_ide_status[] = {
3841 mmio_ide_status_read,
3842 mmio_ide_status_read,
3843 mmio_ide_status_read,
3844 };
3845
3846 static CPUWriteMemoryFunc *mmio_ide_cmd[] = {
3847 mmio_ide_cmd_write,
3848 mmio_ide_cmd_write,
3849 mmio_ide_cmd_write,
3850 };
3851
3852 void mmio_ide_init (target_phys_addr_t membase, target_phys_addr_t membase2,
3853 qemu_irq irq, int shift,
3854 BlockDriverState *hd0, BlockDriverState *hd1)
3855 {
3856 MMIOState *s = qemu_mallocz(sizeof(MMIOState));
3857 IDEState *ide = qemu_mallocz(sizeof(IDEState) * 2);
3858 int mem1, mem2;
3859
3860 ide_init2(ide, hd0, hd1, irq);
3861
3862 s->dev = ide;
3863 s->shift = shift;
3864
3865 mem1 = cpu_register_io_memory(0, mmio_ide_reads, mmio_ide_writes, s);
3866 mem2 = cpu_register_io_memory(0, mmio_ide_status, mmio_ide_cmd, s);
3867 cpu_register_physical_memory(membase, 16 << shift, mem1);
3868 cpu_register_physical_memory(membase2, 2 << shift, mem2);
3869 }
3870
3871 /***********************************************************/
3872 /* CF-ATA Microdrive */
3873
3874 #define METADATA_SIZE 0x20
3875
3876 /* DSCM-1XXXX Microdrive hard disk with CF+ II / PCMCIA interface. */
3877 struct md_s {
3878 IDEState ide[2];
3879 struct pcmcia_card_s card;
3880 uint32_t attr_base;
3881 uint32_t io_base;
3882
3883 /* Card state */
3884 uint8_t opt;
3885 uint8_t stat;
3886 uint8_t pins;
3887
3888 uint8_t ctrl;
3889 uint16_t io;
3890 int cycle;
3891 };
3892
3893 /* Register bitfields */
3894 enum md_opt {
3895 OPT_MODE_MMAP = 0,
3896 OPT_MODE_IOMAP16 = 1,
3897 OPT_MODE_IOMAP1 = 2,
3898 OPT_MODE_IOMAP2 = 3,
3899 OPT_MODE = 0x3f,
3900 OPT_LEVIREQ = 0x40,
3901 OPT_SRESET = 0x80,
3902 };
3903 enum md_cstat {
3904 STAT_INT = 0x02,
3905 STAT_PWRDWN = 0x04,
3906 STAT_XE = 0x10,
3907 STAT_IOIS8 = 0x20,
3908 STAT_SIGCHG = 0x40,
3909 STAT_CHANGED = 0x80,
3910 };
3911 enum md_pins {
3912 PINS_MRDY = 0x02,
3913 PINS_CRDY = 0x20,
3914 };
3915 enum md_ctrl {
3916 CTRL_IEN = 0x02,
3917 CTRL_SRST = 0x04,
3918 };
3919
3920 static inline void md_interrupt_update(struct md_s *s)
3921 {
3922 if (!s->card.slot)
3923 return;
3924
3925 qemu_set_irq(s->card.slot->irq,
3926 !(s->stat & STAT_INT) && /* Inverted */
3927 !(s->ctrl & (CTRL_IEN | CTRL_SRST)) &&
3928 !(s->opt & OPT_SRESET));
3929 }
3930
3931 static void md_set_irq(void *opaque, int irq, int level)
3932 {
3933 struct md_s *s = (struct md_s *) opaque;
3934 if (level)
3935 s->stat |= STAT_INT;
3936 else
3937 s->stat &= ~STAT_INT;
3938
3939 md_interrupt_update(s);
3940 }
3941
3942 static void md_reset(struct md_s *s)
3943 {
3944 s->opt = OPT_MODE_MMAP;
3945 s->stat = 0;
3946 s->pins = 0;
3947 s->cycle = 0;
3948 s->ctrl = 0;
3949 ide_reset(s->ide);
3950 }
3951
3952 static uint8_t md_attr_read(void *opaque, uint32_t at)
3953 {
3954 struct md_s *s = (struct md_s *) opaque;
3955 if (at < s->attr_base) {
3956 if (at < s->card.cis_len)
3957 return s->card.cis[at];
3958 else
3959 return 0x00;
3960 }
3961
3962 at -= s->attr_base;
3963
3964 switch (at) {
3965 case 0x00: /* Configuration Option Register */
3966 return s->opt;
3967 case 0x02: /* Card Configuration Status Register */
3968 if (s->ctrl & CTRL_IEN)
3969 return s->stat & ~STAT_INT;
3970 else
3971 return s->stat;
3972 case 0x04: /* Pin Replacement Register */
3973 return (s->pins & PINS_CRDY) | 0x0c;
3974 case 0x06: /* Socket and Copy Register */
3975 return 0x00;
3976 #ifdef VERBOSE
3977 default:
3978 printf("%s: Bad attribute space register %02x\n", __FUNCTION__, at);
3979 #endif
3980 }
3981
3982 return 0;
3983 }
3984
3985 static void md_attr_write(void *opaque, uint32_t at, uint8_t value)
3986 {
3987 struct md_s *s = (struct md_s *) opaque;
3988 at -= s->attr_base;
3989
3990 switch (at) {
3991 case 0x00: /* Configuration Option Register */
3992 s->opt = value & 0xcf;
3993 if (value & OPT_SRESET)
3994 md_reset(s);
3995 md_interrupt_update(s);
3996 break;
3997 case 0x02: /* Card Configuration Status Register */
3998 if ((s->stat ^ value) & STAT_PWRDWN)
3999 s->pins |= PINS_CRDY;
4000 s->stat &= 0x82;
4001 s->stat |= value & 0x74;
4002 md_interrupt_update(s);
4003 /* Word 170 in Identify Device must be equal to STAT_XE */
4004 break;
4005 case 0x04: /* Pin Replacement Register */
4006 s->pins &= PINS_CRDY;
4007 s->pins |= value & PINS_MRDY;
4008 break;
4009 case 0x06: /* Socket and Copy Register */
4010 break;
4011 default:
4012 printf("%s: Bad attribute space register %02x\n", __FUNCTION__, at);
4013 }
4014 }
4015
4016 static uint16_t md_common_read(void *opaque, uint32_t at)
4017 {
4018 struct md_s *s = (struct md_s *) opaque;
4019 uint16_t ret;
4020 at -= s->io_base;
4021
4022 switch (s->opt & OPT_MODE) {
4023 case OPT_MODE_MMAP:
4024 if ((at & ~0x3ff) == 0x400)
4025 at = 0;
4026 break;
4027 case OPT_MODE_IOMAP16:
4028 at &= 0xf;
4029 break;
4030 case OPT_MODE_IOMAP1:
4031 if ((at & ~0xf) == 0x3f0)
4032 at -= 0x3e8;
4033 else if ((at & ~0xf) == 0x1f0)
4034 at -= 0x1f0;
4035 break;
4036 case OPT_MODE_IOMAP2:
4037 if ((at & ~0xf) == 0x370)
4038 at -= 0x368;
4039 else if ((at & ~0xf) == 0x170)
4040 at -= 0x170;
4041 }
4042
4043 switch (at) {
4044 case 0x0: /* Even RD Data */
4045 case 0x8:
4046 return ide_data_readw(s->ide, 0);
4047
4048 /* TODO: 8-bit accesses */
4049 if (s->cycle)
4050 ret = s->io >> 8;
4051 else {
4052 s->io = ide_data_readw(s->ide, 0);
4053 ret = s->io & 0xff;
4054 }
4055 s->cycle = !s->cycle;
4056 return ret;
4057 case 0x9: /* Odd RD Data */
4058 return s->io >> 8;
4059 case 0xd: /* Error */
4060 return ide_ioport_read(s->ide, 0x1);
4061 case 0xe: /* Alternate Status */
4062 if (s->ide->cur_drive->bs)
4063 return s->ide->cur_drive->status;
4064 else
4065 return 0;
4066 case 0xf: /* Device Address */
4067 return 0xc2 | ((~s->ide->select << 2) & 0x3c);
4068 default:
4069 return ide_ioport_read(s->ide, at);
4070 }
4071
4072 return 0;
4073 }
4074
4075 static void md_common_write(void *opaque, uint32_t at, uint16_t value)
4076 {
4077 struct md_s *s = (struct md_s *) opaque;
4078 at -= s->io_base;
4079
4080 switch (s->opt & OPT_MODE) {
4081 case OPT_MODE_MMAP:
4082 if ((at & ~0x3ff) == 0x400)
4083 at = 0;
4084 break;
4085 case OPT_MODE_IOMAP16:
4086 at &= 0xf;
4087 break;
4088 case OPT_MODE_IOMAP1:
4089 if ((at & ~0xf) == 0x3f0)
4090 at -= 0x3e8;
4091 else if ((at & ~0xf) == 0x1f0)
4092 at -= 0x1f0;
4093 break;
4094 case OPT_MODE_IOMAP2:
4095 if ((at & ~0xf) == 0x370)
4096 at -= 0x368;
4097 else if ((at & ~0xf) == 0x170)
4098 at -= 0x170;
4099 }
4100
4101 switch (at) {
4102 case 0x0: /* Even WR Data */
4103 case 0x8:
4104 ide_data_writew(s->ide, 0, value);
4105 break;
4106
4107 /* TODO: 8-bit accesses */
4108 if (s->cycle)
4109 ide_data_writew(s->ide, 0, s->io | (value << 8));
4110 else
4111 s->io = value & 0xff;
4112 s->cycle = !s->cycle;
4113 break;
4114 case 0x9:
4115 s->io = value & 0xff;
4116 s->cycle = !s->cycle;
4117 break;
4118 case 0xd: /* Features */
4119 ide_ioport_write(s->ide, 0x1, value);
4120 break;
4121 case 0xe: /* Device Control */
4122 s->ctrl = value;
4123 if (value & CTRL_SRST)
4124 md_reset(s);
4125 md_interrupt_update(s);
4126 break;
4127 default:
4128 if (s->stat & STAT_PWRDWN) {
4129 s->pins |= PINS_CRDY;
4130 s->stat &= ~STAT_PWRDWN;
4131 }
4132 ide_ioport_write(s->ide, at, value);
4133 }
4134 }
4135
4136 static void md_save(QEMUFile *f, void *opaque)
4137 {
4138 struct md_s *s = (struct md_s *) opaque;
4139 int i;
4140 uint8_t drive1_selected;
4141
4142 qemu_put_8s(f, &s->opt);
4143 qemu_put_8s(f, &s->stat);
4144 qemu_put_8s(f, &s->pins);
4145
4146 qemu_put_8s(f, &s->ctrl);
4147 qemu_put_be16s(f, &s->io);
4148 qemu_put_byte(f, s->cycle);
4149
4150 drive1_selected = (s->ide->cur_drive != s->ide);
4151 qemu_put_8s(f, &s->ide->cmd);
4152 qemu_put_8s(f, &drive1_selected);
4153
4154 for (i = 0; i < 2; i ++)
4155 ide_save(f, &s->ide[i]);
4156 }
4157
4158 static int md_load(QEMUFile *f, void *opaque, int version_id)
4159 {
4160 struct md_s *s = (struct md_s *) opaque;
4161 int i;
4162 uint8_t drive1_selected;
4163
4164 qemu_get_8s(f, &s->opt);
4165 qemu_get_8s(f, &s->stat);
4166 qemu_get_8s(f, &s->pins);
4167
4168 qemu_get_8s(f, &s->ctrl);
4169 qemu_get_be16s(f, &s->io);
4170 s->cycle = qemu_get_byte(f);
4171
4172 qemu_get_8s(f, &s->ide->cmd);
4173 qemu_get_8s(f, &drive1_selected);
4174 s->ide->cur_drive = &s->ide[(drive1_selected != 0)];
4175
4176 for (i = 0; i < 2; i ++)
4177 ide_load(f, &s->ide[i]);
4178
4179 return 0;
4180 }
4181
4182 static const uint8_t dscm1xxxx_cis[0x14a] = {
4183 [0x000] = CISTPL_DEVICE, /* 5V Device Information */
4184 [0x002] = 0x03, /* Tuple length = 4 bytes */
4185 [0x004] = 0xdb, /* ID: DTYPE_FUNCSPEC, non WP, DSPEED_150NS */
4186 [0x006] = 0x01, /* Size = 2K bytes */
4187 [0x008] = CISTPL_ENDMARK,
4188
4189 [0x00a] = CISTPL_DEVICE_OC, /* Additional Device Information */
4190 [0x00c] = 0x04, /* Tuple length = 4 byest */
4191 [0x00e] = 0x03, /* Conditions: Ext = 0, Vcc 3.3V, MWAIT = 1 */
4192 [0x010] = 0xdb, /* ID: DTYPE_FUNCSPEC, non WP, DSPEED_150NS */
4193 [0x012] = 0x01, /* Size = 2K bytes */
4194 [0x014] = CISTPL_ENDMARK,
4195
4196 [0x016] = CISTPL_JEDEC_C, /* JEDEC ID */
4197 [0x018] = 0x02, /* Tuple length = 2 bytes */
4198 [0x01a] = 0xdf, /* PC Card ATA with no Vpp required */
4199 [0x01c] = 0x01,
4200
4201 [0x01e] = CISTPL_MANFID, /* Manufacture ID */
4202 [0x020] = 0x04, /* Tuple length = 4 bytes */
4203 [0x022] = 0xa4, /* TPLMID_MANF = 00a4 (IBM) */
4204 [0x024] = 0x00,
4205 [0x026] = 0x00, /* PLMID_CARD = 0000 */
4206 [0x028] = 0x00,
4207
4208 [0x02a] = CISTPL_VERS_1, /* Level 1 Version */
4209 [0x02c] = 0x12, /* Tuple length = 23 bytes */
4210 [0x02e] = 0x04, /* Major Version = JEIDA 4.2 / PCMCIA 2.1 */
4211 [0x030] = 0x01, /* Minor Version = 1 */
4212 [0x032] = 'I',
4213 [0x034] = 'B',
4214 [0x036] = 'M',
4215 [0x038] = 0x00,
4216 [0x03a] = 'm',
4217 [0x03c] = 'i',
4218 [0x03e] = 'c',
4219 [0x040] = 'r',
4220 [0x042] = 'o',
4221 [0x044] = 'd',
4222 [0x046] = 'r',
4223 [0x048] = 'i',
4224 [0x04a] = 'v',
4225 [0x04c] = 'e',
4226 [0x04e] = 0x00,
4227 [0x050] = CISTPL_ENDMARK,
4228
4229 [0x052] = CISTPL_FUNCID, /* Function ID */
4230 [0x054] = 0x02, /* Tuple length = 2 bytes */
4231 [0x056] = 0x04, /* TPLFID_FUNCTION = Fixed Disk */
4232 [0x058] = 0x01, /* TPLFID_SYSINIT: POST = 1, ROM = 0 */
4233
4234 [0x05a] = CISTPL_FUNCE, /* Function Extension */
4235 [0x05c] = 0x02, /* Tuple length = 2 bytes */
4236 [0x05e] = 0x01, /* TPLFE_TYPE = Disk Device Interface */
4237 [0x060] = 0x01, /* TPLFE_DATA = PC Card ATA Interface */
4238
4239 [0x062] = CISTPL_FUNCE, /* Function Extension */
4240 [0x064] = 0x03, /* Tuple length = 3 bytes */
4241 [0x066] = 0x02, /* TPLFE_TYPE = Basic PC Card ATA Interface */
4242 [0x068] = 0x08, /* TPLFE_DATA: Rotating, Unique, Single */
4243 [0x06a] = 0x0f, /* TPLFE_DATA: Sleep, Standby, Idle, Auto */
4244
4245 [0x06c] = CISTPL_CONFIG, /* Configuration */
4246 [0x06e] = 0x05, /* Tuple length = 5 bytes */
4247 [0x070] = 0x01, /* TPCC_RASZ = 2 bytes, TPCC_RMSZ = 1 byte */
4248 [0x072] = 0x07, /* TPCC_LAST = 7 */
4249 [0x074] = 0x00, /* TPCC_RADR = 0200 */
4250 [0x076] = 0x02,
4251 [0x078] = 0x0f, /* TPCC_RMSK = 200, 202, 204, 206 */
4252
4253 [0x07a] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
4254 [0x07c] = 0x0b, /* Tuple length = 11 bytes */
4255 [0x07e] = 0xc0, /* TPCE_INDX = Memory Mode, Default, Iface */
4256 [0x080] = 0xc0, /* TPCE_IF = Memory, no BVDs, no WP, READY */
4257 [0x082] = 0xa1, /* TPCE_FS = Vcc only, no I/O, Memory, Misc */
4258 [0x084] = 0x27, /* NomV = 1, MinV = 1, MaxV = 1, Peakl = 1 */
4259 [0x086] = 0x55, /* NomV: 5.0 V */
4260 [0x088] = 0x4d, /* MinV: 4.5 V */
4261 [0x08a] = 0x5d, /* MaxV: 5.5 V */
4262 [0x08c] = 0x4e, /* Peakl: 450 mA */
4263 [0x08e] = 0x08, /* TPCE_MS = 1 window, 1 byte, Host address */
4264 [0x090] = 0x00, /* Window descriptor: Window length = 0 */
4265 [0x092] = 0x20, /* TPCE_MI: support power down mode, RW */
4266
4267 [0x094] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
4268 [0x096] = 0x06, /* Tuple length = 6 bytes */
4269 [0x098] = 0x00, /* TPCE_INDX = Memory Mode, no Default */
4270 [0x09a] = 0x01, /* TPCE_FS = Vcc only, no I/O, no Memory */
4271 [0x09c] = 0x21, /* NomV = 1, MinV = 0, MaxV = 0, Peakl = 1 */
4272 [0x09e] = 0xb5, /* NomV: 3.3 V */
4273 [0x0a0] = 0x1e,
4274 [0x0a2] = 0x3e, /* Peakl: 350 mA */
4275
4276 [0x0a4] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
4277 [0x0a6] = 0x0d, /* Tuple length = 13 bytes */
4278 [0x0a8] = 0xc1, /* TPCE_INDX = I/O and Memory Mode, Default */
4279 [0x0aa] = 0x41, /* TPCE_IF = I/O and Memory, no BVD, no WP */
4280 [0x0ac] = 0x99, /* TPCE_FS = Vcc only, I/O, Interrupt, Misc */
4281 [0x0ae] = 0x27, /* NomV = 1, MinV = 1, MaxV = 1, Peakl = 1 */
4282 [0x0b0] = 0x55, /* NomV: 5.0 V */
4283 [0x0b2] = 0x4d, /* MinV: 4.5 V */
4284 [0x0b4] = 0x5d, /* MaxV: 5.5 V */
4285 [0x0b6] = 0x4e, /* Peakl: 450 mA */
4286 [0x0b8] = 0x64, /* TPCE_IO = 16-byte boundary, 16/8 accesses */
4287 [0x0ba] = 0xf0, /* TPCE_IR = MASK, Level, Pulse, Share */
4288 [0x0bc] = 0xff, /* IRQ0..IRQ7 supported */
4289 [0x0be] = 0xff, /* IRQ8..IRQ15 supported */
4290 [0x0c0] = 0x20, /* TPCE_MI = support power down mode */
4291
4292 [0x0c2] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
4293 [0x0c4] = 0x06, /* Tuple length = 6 bytes */
4294 [0x0c6] = 0x01, /* TPCE_INDX = I/O and Memory Mode */
4295 [0x0c8] = 0x01, /* TPCE_FS = Vcc only, no I/O, no Memory */
4296 [0x0ca] = 0x21, /* NomV = 1, MinV = 0, MaxV = 0, Peakl = 1 */
4297 [0x0cc] = 0xb5, /* NomV: 3.3 V */
4298 [0x0ce] = 0x1e,
4299 [0x0d0] = 0x3e, /* Peakl: 350 mA */
4300
4301 [0x0d2] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
4302 [0x0d4] = 0x12, /* Tuple length = 18 bytes */
4303 [0x0d6] = 0xc2, /* TPCE_INDX = I/O Primary Mode */
4304 [0x0d8] = 0x41, /* TPCE_IF = I/O and Memory, no BVD, no WP */
4305 [0x0da] = 0x99, /* TPCE_FS = Vcc only, I/O, Interrupt, Misc */
4306 [0x0dc] = 0x27, /* NomV = 1, MinV = 1, MaxV = 1, Peakl = 1 */
4307 [0x0de] = 0x55, /* NomV: 5.0 V */
4308 [0x0e0] = 0x4d, /* MinV: 4.5 V */
4309 [0x0e2] = 0x5d, /* MaxV: 5.5 V */
4310 [0x0e4] = 0x4e, /* Peakl: 450 mA */
4311 [0x0e6] = 0xea, /* TPCE_IO = 1K boundary, 16/8 access, Range */
4312 [0x0e8] = 0x61, /* Range: 2 fields, 2 bytes addr, 1 byte len */
4313 [0x0ea] = 0xf0, /* Field 1 address = 0x01f0 */
4314 [0x0ec] = 0x01,
4315 [0x0ee] = 0x07, /* Address block length = 8 */
4316 [0x0f0] = 0xf6, /* Field 2 address = 0x03f6 */
4317 [0x0f2] = 0x03,
4318 [0x0f4] = 0x01, /* Address block length = 2 */
4319 [0x0f6] = 0xee, /* TPCE_IR = IRQ E, Level, Pulse, Share */
4320 [0x0f8] = 0x20, /* TPCE_MI = support power down mode */
4321
4322 [0x0fa] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
4323 [0x0fc] = 0x06, /* Tuple length = 6 bytes */
4324 [0x0fe] = 0x02, /* TPCE_INDX = I/O Primary Mode, no Default */
4325 [0x100] = 0x01, /* TPCE_FS = Vcc only, no I/O, no Memory */
4326 [0x102] = 0x21, /* NomV = 1, MinV = 0, MaxV = 0, Peakl = 1 */
4327 [0x104] = 0xb5, /* NomV: 3.3 V */
4328 [0x106] = 0x1e,
4329 [0x108] = 0x3e, /* Peakl: 350 mA */
4330
4331 [0x10a] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
4332 [0x10c] = 0x12, /* Tuple length = 18 bytes */
4333 [0x10e] = 0xc3, /* TPCE_INDX = I/O Secondary Mode, Default */
4334 [0x110] = 0x41, /* TPCE_IF = I/O and Memory, no BVD, no WP */
4335 [0x112] = 0x99, /* TPCE_FS = Vcc only, I/O, Interrupt, Misc */
4336 [0x114] = 0x27, /* NomV = 1, MinV = 1, MaxV = 1, Peakl = 1 */
4337 [0x116] = 0x55, /* NomV: 5.0 V */
4338 [0x118] = 0x4d, /* MinV: 4.5 V */
4339 [0x11a] = 0x5d, /* MaxV: 5.5 V */
4340 [0x11c] = 0x4e, /* Peakl: 450 mA */
4341 [0x11e] = 0xea, /* TPCE_IO = 1K boundary, 16/8 access, Range */
4342 [0x120] = 0x61, /* Range: 2 fields, 2 byte addr, 1 byte len */
4343 [0x122] = 0x70, /* Field 1 address = 0x0170 */
4344 [0x124] = 0x01,
4345 [0x126] = 0x07, /* Address block length = 8 */
4346 [0x128] = 0x76, /* Field 2 address = 0x0376 */
4347 [0x12a] = 0x03,
4348 [0x12c] = 0x01, /* Address block length = 2 */
4349 [0x12e] = 0xee, /* TPCE_IR = IRQ E, Level, Pulse, Share */
4350 [0x130] = 0x20, /* TPCE_MI = support power down mode */
4351
4352 [0x132] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
4353 [0x134] = 0x06, /* Tuple length = 6 bytes */
4354 [0x136] = 0x03, /* TPCE_INDX = I/O Secondary Mode */
4355 [0x138] = 0x01, /* TPCE_FS = Vcc only, no I/O, no Memory */
4356 [0x13a] = 0x21, /* NomV = 1, MinV = 0, MaxV = 0, Peakl = 1 */
4357 [0x13c] = 0xb5, /* NomV: 3.3 V */
4358 [0x13e] = 0x1e,
4359 [0x140] = 0x3e, /* Peakl: 350 mA */
4360
4361 [0x142] = CISTPL_NO_LINK, /* No Link */
4362 [0x144] = 0x00, /* Tuple length = 0 bytes */
4363
4364 [0x146] = CISTPL_END, /* Tuple End */
4365 };
4366
4367 static int dscm1xxxx_attach(void *opaque)
4368 {
4369 struct md_s *md = (struct md_s *) opaque;
4370 md->card.attr_read = md_attr_read;
4371 md->card.attr_write = md_attr_write;
4372 md->card.common_read = md_common_read;
4373 md->card.common_write = md_common_write;
4374 md->card.io_read = md_common_read;
4375 md->card.io_write = md_common_write;
4376
4377 md->attr_base = md->card.cis[0x74] | (md->card.cis[0x76] << 8);
4378 md->io_base = 0x0;
4379
4380 md_reset(md);
4381 md_interrupt_update(md);
4382
4383 md->card.slot->card_string = "DSCM-1xxxx Hitachi Microdrive";
4384 return 0;
4385 }
4386
4387 static int dscm1xxxx_detach(void *opaque)
4388 {
4389 struct md_s *md = (struct md_s *) opaque;
4390 md_reset(md);
4391 return 0;
4392 }
4393
4394 struct pcmcia_card_s *dscm1xxxx_init(BlockDriverState *bdrv)
4395 {
4396 struct md_s *md = (struct md_s *) qemu_mallocz(sizeof(struct md_s));
4397 md->card.state = md;
4398 md->card.attach = dscm1xxxx_attach;
4399 md->card.detach = dscm1xxxx_detach;
4400 md->card.cis = dscm1xxxx_cis;
4401 md->card.cis_len = sizeof(dscm1xxxx_cis);
4402
4403 ide_init2(md->ide, bdrv, 0, qemu_allocate_irqs(md_set_irq, md, 1)[0]);
4404 md->ide->is_cf = 1;
4405 md->ide->mdata_size = METADATA_SIZE;
4406 md->ide->mdata_storage = (uint8_t *) qemu_mallocz(METADATA_SIZE);
4407
4408 register_savevm("microdrive", -1, 0, md_save, md_load, md);
4409
4410 return &md->card;
4411 }