search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Kill redundant declarion of perror()
[qemu-kvm/fedora.git] / hw / ide.c
blob92ef4a513f8a6efa845f59c10e79ca37d3163c91
1 /*
2 * QEMU IDE disk and CD/DVD-ROM Emulator
3 *
4 * Copyright (c) 2003 Fabrice Bellard
5 * Copyright (c) 2006 Openedhand Ltd.
6 *
7 * Permission is hereby granted, free of charge, to any person obtaining a copy
8 * of this software and associated documentation files (the "Software"), to deal
9 * in the Software without restriction, including without limitation the rights
10 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
11 * copies of the Software, and to permit persons to whom the Software is
12 * furnished to do so, subject to the following conditions:
13 *
14 * The above copyright notice and this permission notice shall be included in
15 * all copies or substantial portions of the Software.
16 *
17 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
18 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
19 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
20 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
21 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
22 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
23 * THE SOFTWARE.
24 */
25 #include "hw.h"
26 #include "pc.h"
27 #include "pci.h"
28 #include "scsi-disk.h"
29 #include "pcmcia.h"
30 #include "block.h"
31 #include "block_int.h"
32 #include "qemu-timer.h"
33 #include "sysemu.h"
34 #include "ppc_mac.h"
35 #include "sh.h"
36
37 /* debug IDE devices */
38 //#define DEBUG_IDE
39 //#define DEBUG_IDE_ATAPI
40 //#define DEBUG_AIO
41 #define USE_DMA_CDROM
42
43 /* Bits of HD_STATUS */
44 #define ERR_STAT 0x01
45 #define INDEX_STAT 0x02
46 #define ECC_STAT 0x04 /* Corrected error */
47 #define DRQ_STAT 0x08
48 #define SEEK_STAT 0x10
49 #define SRV_STAT 0x10
50 #define WRERR_STAT 0x20
51 #define READY_STAT 0x40
52 #define BUSY_STAT 0x80
53
54 /* Bits for HD_ERROR */
55 #define MARK_ERR 0x01 /* Bad address mark */
56 #define TRK0_ERR 0x02 /* couldn't find track 0 */
57 #define ABRT_ERR 0x04 /* Command aborted */
58 #define MCR_ERR 0x08 /* media change request */
59 #define ID_ERR 0x10 /* ID field not found */
60 #define MC_ERR 0x20 /* media changed */
61 #define ECC_ERR 0x40 /* Uncorrectable ECC error */
62 #define BBD_ERR 0x80 /* pre-EIDE meaning: block marked bad */
63 #define ICRC_ERR 0x80 /* new meaning: CRC error during transfer */
64
65 /* Bits of HD_NSECTOR */
66 #define CD 0x01
67 #define IO 0x02
68 #define REL 0x04
69 #define TAG_MASK 0xf8
70
71 #define IDE_CMD_RESET 0x04
72 #define IDE_CMD_DISABLE_IRQ 0x02
73
74 /* ATA/ATAPI Commands pre T13 Spec */
75 #define WIN_NOP 0x00
76 /*
77 * 0x01->0x02 Reserved
78 */
79 #define CFA_REQ_EXT_ERROR_CODE 0x03 /* CFA Request Extended Error Code */
80 /*
81 * 0x04->0x07 Reserved
82 */
83 #define WIN_SRST 0x08 /* ATAPI soft reset command */
84 #define WIN_DEVICE_RESET 0x08
85 /*
86 * 0x09->0x0F Reserved
87 */
88 #define WIN_RECAL 0x10
89 #define WIN_RESTORE WIN_RECAL
90 /*
91 * 0x10->0x1F Reserved
92 */
93 #define WIN_READ 0x20 /* 28-Bit */
94 #define WIN_READ_ONCE 0x21 /* 28-Bit without retries */
95 #define WIN_READ_LONG 0x22 /* 28-Bit */
96 #define WIN_READ_LONG_ONCE 0x23 /* 28-Bit without retries */
97 #define WIN_READ_EXT 0x24 /* 48-Bit */
98 #define WIN_READDMA_EXT 0x25 /* 48-Bit */
99 #define WIN_READDMA_QUEUED_EXT 0x26 /* 48-Bit */
100 #define WIN_READ_NATIVE_MAX_EXT 0x27 /* 48-Bit */
101 /*
102 * 0x28
103 */
104 #define WIN_MULTREAD_EXT 0x29 /* 48-Bit */
105 /*
106 * 0x2A->0x2F Reserved
107 */
108 #define WIN_WRITE 0x30 /* 28-Bit */
109 #define WIN_WRITE_ONCE 0x31 /* 28-Bit without retries */
110 #define WIN_WRITE_LONG 0x32 /* 28-Bit */
111 #define WIN_WRITE_LONG_ONCE 0x33 /* 28-Bit without retries */
112 #define WIN_WRITE_EXT 0x34 /* 48-Bit */
113 #define WIN_WRITEDMA_EXT 0x35 /* 48-Bit */
114 #define WIN_WRITEDMA_QUEUED_EXT 0x36 /* 48-Bit */
115 #define WIN_SET_MAX_EXT 0x37 /* 48-Bit */
116 #define CFA_WRITE_SECT_WO_ERASE 0x38 /* CFA Write Sectors without erase */
117 #define WIN_MULTWRITE_EXT 0x39 /* 48-Bit */
118 /*
119 * 0x3A->0x3B Reserved
120 */
121 #define WIN_WRITE_VERIFY 0x3C /* 28-Bit */
122 /*
123 * 0x3D->0x3F Reserved
124 */
125 #define WIN_VERIFY 0x40 /* 28-Bit - Read Verify Sectors */
126 #define WIN_VERIFY_ONCE 0x41 /* 28-Bit - without retries */
127 #define WIN_VERIFY_EXT 0x42 /* 48-Bit */
128 /*
129 * 0x43->0x4F Reserved
130 */
131 #define WIN_FORMAT 0x50
132 /*
133 * 0x51->0x5F Reserved
134 */
135 #define WIN_INIT 0x60
136 /*
137 * 0x61->0x5F Reserved
138 */
139 #define WIN_SEEK 0x70 /* 0x70-0x7F Reserved */
140 #define CFA_TRANSLATE_SECTOR 0x87 /* CFA Translate Sector */
141 #define WIN_DIAGNOSE 0x90
142 #define WIN_SPECIFY 0x91 /* set drive geometry translation */
143 #define WIN_DOWNLOAD_MICROCODE 0x92
144 #define WIN_STANDBYNOW2 0x94
145 #define CFA_IDLEIMMEDIATE 0x95 /* force drive to become "ready" */
146 #define WIN_STANDBY2 0x96
147 #define WIN_SETIDLE2 0x97
148 #define WIN_CHECKPOWERMODE2 0x98
149 #define WIN_SLEEPNOW2 0x99
150 /*
151 * 0x9A VENDOR
152 */
153 #define WIN_PACKETCMD 0xA0 /* Send a packet command. */
154 #define WIN_PIDENTIFY 0xA1 /* identify ATAPI device */
155 #define WIN_QUEUED_SERVICE 0xA2
156 #define WIN_SMART 0xB0 /* self-monitoring and reporting */
157 #define CFA_ACCESS_METADATA_STORAGE 0xB8
158 #define CFA_ERASE_SECTORS 0xC0 /* microdrives implement as NOP */
159 #define WIN_MULTREAD 0xC4 /* read sectors using multiple mode*/
160 #define WIN_MULTWRITE 0xC5 /* write sectors using multiple mode */
161 #define WIN_SETMULT 0xC6 /* enable/disable multiple mode */
162 #define WIN_READDMA_QUEUED 0xC7 /* read sectors using Queued DMA transfers */
163 #define WIN_READDMA 0xC8 /* read sectors using DMA transfers */
164 #define WIN_READDMA_ONCE 0xC9 /* 28-Bit - without retries */
165 #define WIN_WRITEDMA 0xCA /* write sectors using DMA transfers */
166 #define WIN_WRITEDMA_ONCE 0xCB /* 28-Bit - without retries */
167 #define WIN_WRITEDMA_QUEUED 0xCC /* write sectors using Queued DMA transfers */
168 #define CFA_WRITE_MULTI_WO_ERASE 0xCD /* CFA Write multiple without erase */
169 #define WIN_GETMEDIASTATUS 0xDA
170 #define WIN_ACKMEDIACHANGE 0xDB /* ATA-1, ATA-2 vendor */
171 #define WIN_POSTBOOT 0xDC
172 #define WIN_PREBOOT 0xDD
173 #define WIN_DOORLOCK 0xDE /* lock door on removable drives */
174 #define WIN_DOORUNLOCK 0xDF /* unlock door on removable drives */
175 #define WIN_STANDBYNOW1 0xE0
176 #define WIN_IDLEIMMEDIATE 0xE1 /* force drive to become "ready" */
177 #define WIN_STANDBY 0xE2 /* Set device in Standby Mode */
178 #define WIN_SETIDLE1 0xE3
179 #define WIN_READ_BUFFER 0xE4 /* force read only 1 sector */
180 #define WIN_CHECKPOWERMODE1 0xE5
181 #define WIN_SLEEPNOW1 0xE6
182 #define WIN_FLUSH_CACHE 0xE7
183 #define WIN_WRITE_BUFFER 0xE8 /* force write only 1 sector */
184 #define WIN_WRITE_SAME 0xE9 /* read ata-2 to use */
185 /* SET_FEATURES 0x22 or 0xDD */
186 #define WIN_FLUSH_CACHE_EXT 0xEA /* 48-Bit */
187 #define WIN_IDENTIFY 0xEC /* ask drive to identify itself */
188 #define WIN_MEDIAEJECT 0xED
189 #define WIN_IDENTIFY_DMA 0xEE /* same as WIN_IDENTIFY, but DMA */
190 #define WIN_SETFEATURES 0xEF /* set special drive features */
191 #define EXABYTE_ENABLE_NEST 0xF0
192 #define IBM_SENSE_CONDITION 0xF0 /* measure disk temperature */
193 #define WIN_SECURITY_SET_PASS 0xF1
194 #define WIN_SECURITY_UNLOCK 0xF2
195 #define WIN_SECURITY_ERASE_PREPARE 0xF3
196 #define WIN_SECURITY_ERASE_UNIT 0xF4
197 #define WIN_SECURITY_FREEZE_LOCK 0xF5
198 #define CFA_WEAR_LEVEL 0xF5 /* microdrives implement as NOP */
199 #define WIN_SECURITY_DISABLE 0xF6
200 #define WIN_READ_NATIVE_MAX 0xF8 /* return the native maximum address */
201 #define WIN_SET_MAX 0xF9
202 #define DISABLE_SEAGATE 0xFB
203
204 /* set to 1 set disable mult support */
205 #define MAX_MULT_SECTORS 16
206
207 #define IDE_DMA_BUF_SECTORS 256
208
209 #if (IDE_DMA_BUF_SECTORS < MAX_MULT_SECTORS)
210 #error "IDE_DMA_BUF_SECTORS must be bigger or equal to MAX_MULT_SECTORS"
211 #endif
212
213 /* ATAPI defines */
214
215 #define ATAPI_PACKET_SIZE 12
216
217 /* The generic packet command opcodes for CD/DVD Logical Units,
218 * From Table 57 of the SFF8090 Ver. 3 (Mt. Fuji) draft standard. */
219 #define GPCMD_BLANK 0xa1
220 #define GPCMD_CLOSE_TRACK 0x5b
221 #define GPCMD_FLUSH_CACHE 0x35
222 #define GPCMD_FORMAT_UNIT 0x04
223 #define GPCMD_GET_CONFIGURATION 0x46
224 #define GPCMD_GET_EVENT_STATUS_NOTIFICATION 0x4a
225 #define GPCMD_GET_PERFORMANCE 0xac
226 #define GPCMD_INQUIRY 0x12
227 #define GPCMD_LOAD_UNLOAD 0xa6
228 #define GPCMD_MECHANISM_STATUS 0xbd
229 #define GPCMD_MODE_SELECT_10 0x55
230 #define GPCMD_MODE_SENSE_10 0x5a
231 #define GPCMD_PAUSE_RESUME 0x4b
232 #define GPCMD_PLAY_AUDIO_10 0x45
233 #define GPCMD_PLAY_AUDIO_MSF 0x47
234 #define GPCMD_PLAY_AUDIO_TI 0x48
235 #define GPCMD_PLAY_CD 0xbc
236 #define GPCMD_PREVENT_ALLOW_MEDIUM_REMOVAL 0x1e
237 #define GPCMD_READ_10 0x28
238 #define GPCMD_READ_12 0xa8
239 #define GPCMD_READ_CDVD_CAPACITY 0x25
240 #define GPCMD_READ_CD 0xbe
241 #define GPCMD_READ_CD_MSF 0xb9
242 #define GPCMD_READ_DISC_INFO 0x51
243 #define GPCMD_READ_DVD_STRUCTURE 0xad
244 #define GPCMD_READ_FORMAT_CAPACITIES 0x23
245 #define GPCMD_READ_HEADER 0x44
246 #define GPCMD_READ_TRACK_RZONE_INFO 0x52
247 #define GPCMD_READ_SUBCHANNEL 0x42
248 #define GPCMD_READ_TOC_PMA_ATIP 0x43
249 #define GPCMD_REPAIR_RZONE_TRACK 0x58
250 #define GPCMD_REPORT_KEY 0xa4
251 #define GPCMD_REQUEST_SENSE 0x03
252 #define GPCMD_RESERVE_RZONE_TRACK 0x53
253 #define GPCMD_SCAN 0xba
254 #define GPCMD_SEEK 0x2b
255 #define GPCMD_SEND_DVD_STRUCTURE 0xad
256 #define GPCMD_SEND_EVENT 0xa2
257 #define GPCMD_SEND_KEY 0xa3
258 #define GPCMD_SEND_OPC 0x54
259 #define GPCMD_SET_READ_AHEAD 0xa7
260 #define GPCMD_SET_STREAMING 0xb6
261 #define GPCMD_START_STOP_UNIT 0x1b
262 #define GPCMD_STOP_PLAY_SCAN 0x4e
263 #define GPCMD_TEST_UNIT_READY 0x00
264 #define GPCMD_VERIFY_10 0x2f
265 #define GPCMD_WRITE_10 0x2a
266 #define GPCMD_WRITE_AND_VERIFY_10 0x2e
267 /* This is listed as optional in ATAPI 2.6, but is (curiously)
268 * missing from Mt. Fuji, Table 57. It _is_ mentioned in Mt. Fuji
269 * Table 377 as an MMC command for SCSi devices though... Most ATAPI
270 * drives support it. */
271 #define GPCMD_SET_SPEED 0xbb
272 /* This seems to be a SCSI specific CD-ROM opcode
273 * to play data at track/index */
274 #define GPCMD_PLAYAUDIO_TI 0x48
275 /*
276 * From MS Media Status Notification Support Specification. For
277 * older drives only.
278 */
279 #define GPCMD_GET_MEDIA_STATUS 0xda
280 #define GPCMD_MODE_SENSE_6 0x1a
281
282 /* Mode page codes for mode sense/set */
283 #define GPMODE_R_W_ERROR_PAGE 0x01
284 #define GPMODE_WRITE_PARMS_PAGE 0x05
285 #define GPMODE_AUDIO_CTL_PAGE 0x0e
286 #define GPMODE_POWER_PAGE 0x1a
287 #define GPMODE_FAULT_FAIL_PAGE 0x1c
288 #define GPMODE_TO_PROTECT_PAGE 0x1d
289 #define GPMODE_CAPABILITIES_PAGE 0x2a
290 #define GPMODE_ALL_PAGES 0x3f
291 /* Not in Mt. Fuji, but in ATAPI 2.6 -- depricated now in favor
292 * of MODE_SENSE_POWER_PAGE */
293 #define GPMODE_CDROM_PAGE 0x0d
294
295 /*
296 * Based on values from <linux/cdrom.h> but extending CD_MINS
297 * to the maximum common size allowed by the Orange's Book ATIP
298 *
299 * 90 and 99 min CDs are also available but using them as the
300 * upper limit reduces the effectiveness of the heuristic to
301 * detect DVDs burned to less than 25% of their maximum capacity
302 */
303
304 /* Some generally useful CD-ROM information */
305 #define CD_MINS 80 /* max. minutes per CD */
306 #define CD_SECS 60 /* seconds per minute */
307 #define CD_FRAMES 75 /* frames per second */
308 #define CD_FRAMESIZE 2048 /* bytes per frame, "cooked" mode */
309 #define CD_MAX_BYTES (CD_MINS * CD_SECS * CD_FRAMES * CD_FRAMESIZE)
310 #define CD_MAX_SECTORS (CD_MAX_BYTES / 512)
311
312 /*
313 * The MMC values are not IDE specific and might need to be moved
314 * to a common header if they are also needed for the SCSI emulation
315 */
316
317 /* Profile list from MMC-6 revision 1 table 91 */
318 #define MMC_PROFILE_NONE 0x0000
319 #define MMC_PROFILE_CD_ROM 0x0008
320 #define MMC_PROFILE_CD_R 0x0009
321 #define MMC_PROFILE_CD_RW 0x000A
322 #define MMC_PROFILE_DVD_ROM 0x0010
323 #define MMC_PROFILE_DVD_R_SR 0x0011
324 #define MMC_PROFILE_DVD_RAM 0x0012
325 #define MMC_PROFILE_DVD_RW_RO 0x0013
326 #define MMC_PROFILE_DVD_RW_SR 0x0014
327 #define MMC_PROFILE_DVD_R_DL_SR 0x0015
328 #define MMC_PROFILE_DVD_R_DL_JR 0x0016
329 #define MMC_PROFILE_DVD_RW_DL 0x0017
330 #define MMC_PROFILE_DVD_DDR 0x0018
331 #define MMC_PROFILE_DVD_PLUS_RW 0x001A
332 #define MMC_PROFILE_DVD_PLUS_R 0x001B
333 #define MMC_PROFILE_DVD_PLUS_RW_DL 0x002A
334 #define MMC_PROFILE_DVD_PLUS_R_DL 0x002B
335 #define MMC_PROFILE_BD_ROM 0x0040
336 #define MMC_PROFILE_BD_R_SRM 0x0041
337 #define MMC_PROFILE_BD_R_RRM 0x0042
338 #define MMC_PROFILE_BD_RE 0x0043
339 #define MMC_PROFILE_HDDVD_ROM 0x0050
340 #define MMC_PROFILE_HDDVD_R 0x0051
341 #define MMC_PROFILE_HDDVD_RAM 0x0052
342 #define MMC_PROFILE_HDDVD_RW 0x0053
343 #define MMC_PROFILE_HDDVD_R_DL 0x0058
344 #define MMC_PROFILE_HDDVD_RW_DL 0x005A
345 #define MMC_PROFILE_INVALID 0xFFFF
346
347 #define ATAPI_INT_REASON_CD 0x01 /* 0 = data transfer */
348 #define ATAPI_INT_REASON_IO 0x02 /* 1 = transfer to the host */
349 #define ATAPI_INT_REASON_REL 0x04
350 #define ATAPI_INT_REASON_TAG 0xf8
351
352 /* same constants as bochs */
353 #define ASC_ILLEGAL_OPCODE 0x20
354 #define ASC_LOGICAL_BLOCK_OOR 0x21
355 #define ASC_INV_FIELD_IN_CMD_PACKET 0x24
356 #define ASC_MEDIUM_MAY_HAVE_CHANGED 0x28
357 #define ASC_INCOMPATIBLE_FORMAT 0x30
358 #define ASC_MEDIUM_NOT_PRESENT 0x3a
359 #define ASC_SAVING_PARAMETERS_NOT_SUPPORTED 0x39
360
361 #define CFA_NO_ERROR 0x00
362 #define CFA_MISC_ERROR 0x09
363 #define CFA_INVALID_COMMAND 0x20
364 #define CFA_INVALID_ADDRESS 0x21
365 #define CFA_ADDRESS_OVERFLOW 0x2f
366
367 #define SENSE_NONE 0
368 #define SENSE_NOT_READY 2
369 #define SENSE_ILLEGAL_REQUEST 5
370 #define SENSE_UNIT_ATTENTION 6
371
372 struct IDEState;
373
374 typedef void EndTransferFunc(struct IDEState *);
375
376 /* NOTE: IDEState represents in fact one drive */
377 typedef struct IDEState {
378 /* ide config */
379 int is_cdrom;
380 int is_cf;
381 int cylinders, heads, sectors;
382 int64_t nb_sectors;
383 int mult_sectors;
384 int identify_set;
385 uint16_t identify_data[256];
386 qemu_irq irq;
387 PCIDevice *pci_dev;
388 struct BMDMAState *bmdma;
389 int drive_serial;
390 char drive_serial_str[21];
391 /* ide regs */
392 uint8_t feature;
393 uint8_t error;
394 uint32_t nsector;
395 uint8_t sector;
396 uint8_t lcyl;
397 uint8_t hcyl;
398 /* other part of tf for lba48 support */
399 uint8_t hob_feature;
400 uint8_t hob_nsector;
401 uint8_t hob_sector;
402 uint8_t hob_lcyl;
403 uint8_t hob_hcyl;
404
405 uint8_t select;
406 uint8_t status;
407
408 /* 0x3f6 command, only meaningful for drive 0 */
409 uint8_t cmd;
410 /* set for lba48 access */
411 uint8_t lba48;
412 /* depends on bit 4 in select, only meaningful for drive 0 */
413 struct IDEState *cur_drive;
414 BlockDriverState *bs;
415 /* ATAPI specific */
416 uint8_t sense_key;
417 uint8_t asc;
418 int packet_transfer_size;
419 int elementary_transfer_size;
420 int io_buffer_index;
421 int lba;
422 int cd_sector_size;
423 int atapi_dma; /* true if dma is requested for the packet cmd */
424 /* ATA DMA state */
425 int io_buffer_size;
426 /* PIO transfer handling */
427 int req_nb_sectors; /* number of sectors per interrupt */
428 EndTransferFunc *end_transfer_func;
429 uint8_t *data_ptr;
430 uint8_t *data_end;
431 uint8_t *io_buffer;
432 QEMUTimer *sector_write_timer; /* only used for win2k install hack */
433 uint32_t irq_count; /* counts IRQs when using win2k install hack */
434 /* CF-ATA extended error */
435 uint8_t ext_error;
436 /* CF-ATA metadata storage */
437 uint32_t mdata_size;
438 uint8_t *mdata_storage;
439 int media_changed;
440 } IDEState;
441
442 /* XXX: DVDs that could fit on a CD will be reported as a CD */
443 static inline int media_present(IDEState *s)
444 {
445 return (s->nb_sectors > 0);
446 }
447
448 static inline int media_is_dvd(IDEState *s)
449 {
450 return (media_present(s) && s->nb_sectors > CD_MAX_SECTORS);
451 }
452
453 static inline int media_is_cd(IDEState *s)
454 {
455 return (media_present(s) && s->nb_sectors <= CD_MAX_SECTORS);
456 }
457
458 #define BM_STATUS_DMAING 0x01
459 #define BM_STATUS_ERROR 0x02
460 #define BM_STATUS_INT 0x04
461
462 #define BM_CMD_START 0x01
463 #define BM_CMD_READ 0x08
464
465 #define IDE_TYPE_PIIX3 0
466 #define IDE_TYPE_CMD646 1
467 #define IDE_TYPE_PIIX4 2
468
469 /* CMD646 specific */
470 #define MRDMODE 0x71
471 #define MRDMODE_INTR_CH0 0x04
472 #define MRDMODE_INTR_CH1 0x08
473 #define MRDMODE_BLK_CH0 0x10
474 #define MRDMODE_BLK_CH1 0x20
475 #define UDIDETCR0 0x73
476 #define UDIDETCR1 0x7B
477
478 typedef struct BMDMAState {
479 uint8_t cmd;
480 uint8_t status;
481 uint32_t addr;
482
483 struct PCIIDEState *pci_dev;
484 /* current transfer state */
485 uint32_t cur_addr;
486 uint32_t cur_prd_last;
487 uint32_t cur_prd_addr;
488 uint32_t cur_prd_len;
489 IDEState *ide_if;
490 BlockDriverCompletionFunc *dma_cb;
491 BlockDriverAIOCB *aiocb;
492 } BMDMAState;
493
494 typedef struct PCIIDEState {
495 PCIDevice dev;
496 IDEState ide_if[4];
497 BMDMAState bmdma[2];
498 int type; /* see IDE_TYPE_xxx */
499 } PCIIDEState;
500
501 static void ide_dma_start(IDEState *s, BlockDriverCompletionFunc *dma_cb);
502 static void ide_atapi_cmd_read_dma_cb(void *opaque, int ret);
503
504 static void padstr(char *str, const char *src, int len)
505 {
506 int i, v;
507 for(i = 0; i < len; i++) {
508 if (*src)
509 v = *src++;
510 else
511 v = ' ';
512 str[i^1] = v;
513 }
514 }
515
516 static void padstr8(uint8_t *buf, int buf_size, const char *src)
517 {
518 int i;
519 for(i = 0; i < buf_size; i++) {
520 if (*src)
521 buf[i] = *src++;
522 else
523 buf[i] = ' ';
524 }
525 }
526
527 static void put_le16(uint16_t *p, unsigned int v)
528 {
529 *p = cpu_to_le16(v);
530 }
531
532 static void ide_identify(IDEState *s)
533 {
534 uint16_t *p;
535 unsigned int oldsize;
536
537 if (s->identify_set) {
538 memcpy(s->io_buffer, s->identify_data, sizeof(s->identify_data));
539 return;
540 }
541
542 memset(s->io_buffer, 0, 512);
543 p = (uint16_t *)s->io_buffer;
544 put_le16(p + 0, 0x0040);
545 put_le16(p + 1, s->cylinders);
546 put_le16(p + 3, s->heads);
547 put_le16(p + 4, 512 * s->sectors); /* XXX: retired, remove ? */
548 put_le16(p + 5, 512); /* XXX: retired, remove ? */
549 put_le16(p + 6, s->sectors);
550 padstr((char *)(p + 10), s->drive_serial_str, 20); /* serial number */
551 put_le16(p + 20, 3); /* XXX: retired, remove ? */
552 put_le16(p + 21, 512); /* cache size in sectors */
553 put_le16(p + 22, 4); /* ecc bytes */
554 padstr((char *)(p + 23), QEMU_VERSION, 8); /* firmware version */
555 padstr((char *)(p + 27), "QEMU HARDDISK", 40); /* model */
556 #if MAX_MULT_SECTORS > 1
557 put_le16(p + 47, 0x8000 | MAX_MULT_SECTORS);
558 #endif
559 put_le16(p + 48, 1); /* dword I/O */
560 put_le16(p + 49, (1 << 11) | (1 << 9) | (1 << 8)); /* DMA and LBA supported */
561 put_le16(p + 51, 0x200); /* PIO transfer cycle */
562 put_le16(p + 52, 0x200); /* DMA transfer cycle */
563 put_le16(p + 53, 1 | (1 << 1) | (1 << 2)); /* words 54-58,64-70,88 are valid */
564 put_le16(p + 54, s->cylinders);
565 put_le16(p + 55, s->heads);
566 put_le16(p + 56, s->sectors);
567 oldsize = s->cylinders * s->heads * s->sectors;
568 put_le16(p + 57, oldsize);
569 put_le16(p + 58, oldsize >> 16);
570 if (s->mult_sectors)
571 put_le16(p + 59, 0x100 | s->mult_sectors);
572 put_le16(p + 60, s->nb_sectors);
573 put_le16(p + 61, s->nb_sectors >> 16);
574 put_le16(p + 62, 0x07); /* single word dma0-2 supported */
575 put_le16(p + 63, 0x07); /* mdma0-2 supported */
576 put_le16(p + 65, 120);
577 put_le16(p + 66, 120);
578 put_le16(p + 67, 120);
579 put_le16(p + 68, 120);
580 put_le16(p + 80, 0xf0); /* ata3 -> ata6 supported */
581 put_le16(p + 81, 0x16); /* conforms to ata5 */
582 put_le16(p + 82, (1 << 14));
583 /* 13=flush_cache_ext,12=flush_cache,10=lba48 */
584 put_le16(p + 83, (1 << 14) | (1 << 13) | (1 <<12) | (1 << 10));
585 put_le16(p + 84, (1 << 14));
586 put_le16(p + 85, (1 << 14));
587 /* 13=flush_cache_ext,12=flush_cache,10=lba48 */
588 put_le16(p + 86, (1 << 14) | (1 << 13) | (1 <<12) | (1 << 10));
589 put_le16(p + 87, (1 << 14));
590 put_le16(p + 88, 0x3f | (1 << 13)); /* udma5 set and supported */
591 put_le16(p + 93, 1 | (1 << 14) | 0x2000);
592 put_le16(p + 100, s->nb_sectors);
593 put_le16(p + 101, s->nb_sectors >> 16);
594 put_le16(p + 102, s->nb_sectors >> 32);
595 put_le16(p + 103, s->nb_sectors >> 48);
596
597 memcpy(s->identify_data, p, sizeof(s->identify_data));
598 s->identify_set = 1;
599 }
600
601 static void ide_atapi_identify(IDEState *s)
602 {
603 uint16_t *p;
604
605 if (s->identify_set) {
606 memcpy(s->io_buffer, s->identify_data, sizeof(s->identify_data));
607 return;
608 }
609
610 memset(s->io_buffer, 0, 512);
611 p = (uint16_t *)s->io_buffer;
612 /* Removable CDROM, 50us response, 12 byte packets */
613 put_le16(p + 0, (2 << 14) | (5 << 8) | (1 << 7) | (2 << 5) | (0 << 0));
614 padstr((char *)(p + 10), s->drive_serial_str, 20); /* serial number */
615 put_le16(p + 20, 3); /* buffer type */
616 put_le16(p + 21, 512); /* cache size in sectors */
617 put_le16(p + 22, 4); /* ecc bytes */
618 padstr((char *)(p + 23), QEMU_VERSION, 8); /* firmware version */
619 padstr((char *)(p + 27), "QEMU DVD-ROM", 40); /* model */
620 put_le16(p + 48, 1); /* dword I/O (XXX: should not be set on CDROM) */
621 #ifdef USE_DMA_CDROM
622 put_le16(p + 49, 1 << 9 | 1 << 8); /* DMA and LBA supported */
623 put_le16(p + 53, 7); /* words 64-70, 54-58, 88 valid */
624 put_le16(p + 62, 7); /* single word dma0-2 supported */
625 put_le16(p + 63, 7); /* mdma0-2 supported */
626 put_le16(p + 64, 0x3f); /* PIO modes supported */
627 #else
628 put_le16(p + 49, 1 << 9); /* LBA supported, no DMA */
629 put_le16(p + 53, 3); /* words 64-70, 54-58 valid */
630 put_le16(p + 63, 0x103); /* DMA modes XXX: may be incorrect */
631 put_le16(p + 64, 1); /* PIO modes */
632 #endif
633 put_le16(p + 65, 0xb4); /* minimum DMA multiword tx cycle time */
634 put_le16(p + 66, 0xb4); /* recommended DMA multiword tx cycle time */
635 put_le16(p + 67, 0x12c); /* minimum PIO cycle time without flow control */
636 put_le16(p + 68, 0xb4); /* minimum PIO cycle time with IORDY flow control */
637
638 put_le16(p + 71, 30); /* in ns */
639 put_le16(p + 72, 30); /* in ns */
640
641 put_le16(p + 80, 0x1e); /* support up to ATA/ATAPI-4 */
642 #ifdef USE_DMA_CDROM
643 put_le16(p + 88, 0x3f | (1 << 13)); /* udma5 set and supported */
644 #endif
645 memcpy(s->identify_data, p, sizeof(s->identify_data));
646 s->identify_set = 1;
647 }
648
649 static void ide_cfata_identify(IDEState *s)
650 {
651 uint16_t *p;
652 uint32_t cur_sec;
653
654 p = (uint16_t *) s->identify_data;
655 if (s->identify_set)
656 goto fill_buffer;
657
658 memset(p, 0, sizeof(s->identify_data));
659
660 cur_sec = s->cylinders * s->heads * s->sectors;
661
662 put_le16(p + 0, 0x848a); /* CF Storage Card signature */
663 put_le16(p + 1, s->cylinders); /* Default cylinders */
664 put_le16(p + 3, s->heads); /* Default heads */
665 put_le16(p + 6, s->sectors); /* Default sectors per track */
666 put_le16(p + 7, s->nb_sectors >> 16); /* Sectors per card */
667 put_le16(p + 8, s->nb_sectors); /* Sectors per card */
668 padstr((char *)(p + 10), s->drive_serial_str, 20); /* serial number */
669 put_le16(p + 22, 0x0004); /* ECC bytes */
670 padstr((char *) (p + 23), QEMU_VERSION, 8); /* Firmware Revision */
671 padstr((char *) (p + 27), "QEMU MICRODRIVE", 40);/* Model number */
672 #if MAX_MULT_SECTORS > 1
673 put_le16(p + 47, 0x8000 | MAX_MULT_SECTORS);
674 #else
675 put_le16(p + 47, 0x0000);
676 #endif
677 put_le16(p + 49, 0x0f00); /* Capabilities */
678 put_le16(p + 51, 0x0002); /* PIO cycle timing mode */
679 put_le16(p + 52, 0x0001); /* DMA cycle timing mode */
680 put_le16(p + 53, 0x0003); /* Translation params valid */
681 put_le16(p + 54, s->cylinders); /* Current cylinders */
682 put_le16(p + 55, s->heads); /* Current heads */
683 put_le16(p + 56, s->sectors); /* Current sectors */
684 put_le16(p + 57, cur_sec); /* Current capacity */
685 put_le16(p + 58, cur_sec >> 16); /* Current capacity */
686 if (s->mult_sectors) /* Multiple sector setting */
687 put_le16(p + 59, 0x100 | s->mult_sectors);
688 put_le16(p + 60, s->nb_sectors); /* Total LBA sectors */
689 put_le16(p + 61, s->nb_sectors >> 16); /* Total LBA sectors */
690 put_le16(p + 63, 0x0203); /* Multiword DMA capability */
691 put_le16(p + 64, 0x0001); /* Flow Control PIO support */
692 put_le16(p + 65, 0x0096); /* Min. Multiword DMA cycle */
693 put_le16(p + 66, 0x0096); /* Rec. Multiword DMA cycle */
694 put_le16(p + 68, 0x00b4); /* Min. PIO cycle time */
695 put_le16(p + 82, 0x400c); /* Command Set supported */
696 put_le16(p + 83, 0x7068); /* Command Set supported */
697 put_le16(p + 84, 0x4000); /* Features supported */
698 put_le16(p + 85, 0x000c); /* Command Set enabled */
699 put_le16(p + 86, 0x7044); /* Command Set enabled */
700 put_le16(p + 87, 0x4000); /* Features enabled */
701 put_le16(p + 91, 0x4060); /* Current APM level */
702 put_le16(p + 129, 0x0002); /* Current features option */
703 put_le16(p + 130, 0x0005); /* Reassigned sectors */
704 put_le16(p + 131, 0x0001); /* Initial power mode */
705 put_le16(p + 132, 0x0000); /* User signature */
706 put_le16(p + 160, 0x8100); /* Power requirement */
707 put_le16(p + 161, 0x8001); /* CF command set */
708
709 s->identify_set = 1;
710
711 fill_buffer:
712 memcpy(s->io_buffer, p, sizeof(s->identify_data));
713 }
714
715 static void ide_set_signature(IDEState *s)
716 {
717 s->select &= 0xf0; /* clear head */
718 /* put signature */
719 s->nsector = 1;
720 s->sector = 1;
721 if (s->is_cdrom) {
722 s->lcyl = 0x14;
723 s->hcyl = 0xeb;
724 } else if (s->bs) {
725 s->lcyl = 0;
726 s->hcyl = 0;
727 } else {
728 s->lcyl = 0xff;
729 s->hcyl = 0xff;
730 }
731 }
732
733 static inline void ide_abort_command(IDEState *s)
734 {
735 s->status = READY_STAT | ERR_STAT;
736 s->error = ABRT_ERR;
737 }
738
739 static inline void ide_dma_submit_check(IDEState *s,
740 BlockDriverCompletionFunc *dma_cb, BMDMAState *bm)
741 {
742 if (bm->aiocb)
743 return;
744 dma_cb(bm, -1);
745 }
746
747 static inline void ide_set_irq(IDEState *s)
748 {
749 BMDMAState *bm = s->bmdma;
750 if (!(s->cmd & IDE_CMD_DISABLE_IRQ)) {
751 if (bm) {
752 bm->status |= BM_STATUS_INT;
753 }
754 qemu_irq_raise(s->irq);
755 }
756 }
757
758 /* prepare data transfer and tell what to do after */
759 static void ide_transfer_start(IDEState *s, uint8_t *buf, int size,
760 EndTransferFunc *end_transfer_func)
761 {
762 s->end_transfer_func = end_transfer_func;
763 s->data_ptr = buf;
764 s->data_end = buf + size;
765 if (!(s->status & ERR_STAT))
766 s->status |= DRQ_STAT;
767 }
768
769 static void ide_transfer_stop(IDEState *s)
770 {
771 s->end_transfer_func = ide_transfer_stop;
772 s->data_ptr = s->io_buffer;
773 s->data_end = s->io_buffer;
774 s->status &= ~DRQ_STAT;
775 }
776
777 static int64_t ide_get_sector(IDEState *s)
778 {
779 int64_t sector_num;
780 if (s->select & 0x40) {
781 /* lba */
782 if (!s->lba48) {
783 sector_num = ((s->select & 0x0f) << 24) | (s->hcyl << 16) |
784 (s->lcyl << 8) | s->sector;
785 } else {
786 sector_num = ((int64_t)s->hob_hcyl << 40) |
787 ((int64_t) s->hob_lcyl << 32) |
788 ((int64_t) s->hob_sector << 24) |
789 ((int64_t) s->hcyl << 16) |
790 ((int64_t) s->lcyl << 8) | s->sector;
791 }
792 } else {
793 sector_num = ((s->hcyl << 8) | s->lcyl) * s->heads * s->sectors +
794 (s->select & 0x0f) * s->sectors + (s->sector - 1);
795 }
796 return sector_num;
797 }
798
799 static void ide_set_sector(IDEState *s, int64_t sector_num)
800 {
801 unsigned int cyl, r;
802 if (s->select & 0x40) {
803 if (!s->lba48) {
804 s->select = (s->select & 0xf0) | (sector_num >> 24);
805 s->hcyl = (sector_num >> 16);
806 s->lcyl = (sector_num >> 8);
807 s->sector = (sector_num);
808 } else {
809 s->sector = sector_num;
810 s->lcyl = sector_num >> 8;
811 s->hcyl = sector_num >> 16;
812 s->hob_sector = sector_num >> 24;
813 s->hob_lcyl = sector_num >> 32;
814 s->hob_hcyl = sector_num >> 40;
815 }
816 } else {
817 cyl = sector_num / (s->heads * s->sectors);
818 r = sector_num % (s->heads * s->sectors);
819 s->hcyl = cyl >> 8;
820 s->lcyl = cyl;
821 s->select = (s->select & 0xf0) | ((r / s->sectors) & 0x0f);
822 s->sector = (r % s->sectors) + 1;
823 }
824 }
825
826 static void ide_rw_error(IDEState *s) {
827 ide_abort_command(s);
828 ide_set_irq(s);
829 }
830
831 static void ide_sector_read(IDEState *s)
832 {
833 int64_t sector_num;
834 int ret, n;
835
836 s->status = READY_STAT | SEEK_STAT;
837 s->error = 0; /* not needed by IDE spec, but needed by Windows */
838 sector_num = ide_get_sector(s);
839 n = s->nsector;
840 if (n == 0) {
841 /* no more sector to read from disk */
842 ide_transfer_stop(s);
843 } else {
844 #if defined(DEBUG_IDE)
845 printf("read sector=%" PRId64 "\n", sector_num);
846 #endif
847 if (n > s->req_nb_sectors)
848 n = s->req_nb_sectors;
849 ret = bdrv_read(s->bs, sector_num, s->io_buffer, n);
850 if (ret != 0) {
851 ide_rw_error(s);
852 return;
853 }
854 ide_transfer_start(s, s->io_buffer, 512 * n, ide_sector_read);
855 ide_set_irq(s);
856 ide_set_sector(s, sector_num + n);
857 s->nsector -= n;
858 }
859 }
860
861 static void ide_dma_error(IDEState *s)
862 {
863 ide_transfer_stop(s);
864 s->error = ABRT_ERR;
865 s->status = READY_STAT | ERR_STAT;
866 ide_set_irq(s);
867 }
868
869 /* return 0 if buffer completed */
870 static int dma_buf_rw(BMDMAState *bm, int is_write)
871 {
872 IDEState *s = bm->ide_if;
873 struct {
874 uint32_t addr;
875 uint32_t size;
876 } prd;
877 int l, len;
878
879 for(;;) {
880 l = s->io_buffer_size - s->io_buffer_index;
881 if (l <= 0)
882 break;
883 if (bm->cur_prd_len == 0) {
884 /* end of table (with a fail safe of one page) */
885 if (bm->cur_prd_last ||
886 (bm->cur_addr - bm->addr) >= 4096)
887 return 0;
888 cpu_physical_memory_read(bm->cur_addr, (uint8_t *)&prd, 8);
889 bm->cur_addr += 8;
890 prd.addr = le32_to_cpu(prd.addr);
891 prd.size = le32_to_cpu(prd.size);
892 len = prd.size & 0xfffe;
893 if (len == 0)
894 len = 0x10000;
895 bm->cur_prd_len = len;
896 bm->cur_prd_addr = prd.addr;
897 bm->cur_prd_last = (prd.size & 0x80000000);
898 }
899 if (l > bm->cur_prd_len)
900 l = bm->cur_prd_len;
901 if (l > 0) {
902 if (is_write) {
903 cpu_physical_memory_write(bm->cur_prd_addr,
904 s->io_buffer + s->io_buffer_index, l);
905 } else {
906 cpu_physical_memory_read(bm->cur_prd_addr,
907 s->io_buffer + s->io_buffer_index, l);
908 }
909 bm->cur_prd_addr += l;
910 bm->cur_prd_len -= l;
911 s->io_buffer_index += l;
912 }
913 }
914 return 1;
915 }
916
917 static void ide_read_dma_cb(void *opaque, int ret)
918 {
919 BMDMAState *bm = opaque;
920 IDEState *s = bm->ide_if;
921 int n;
922 int64_t sector_num;
923
924 if (ret < 0) {
925 ide_dma_error(s);
926 return;
927 }
928
929 n = s->io_buffer_size >> 9;
930 sector_num = ide_get_sector(s);
931 if (n > 0) {
932 sector_num += n;
933 ide_set_sector(s, sector_num);
934 s->nsector -= n;
935 if (dma_buf_rw(bm, 1) == 0)
936 goto eot;
937 }
938
939 /* end of transfer ? */
940 if (s->nsector == 0) {
941 s->status = READY_STAT | SEEK_STAT;
942 ide_set_irq(s);
943 eot:
944 bm->status &= ~BM_STATUS_DMAING;
945 bm->status |= BM_STATUS_INT;
946 bm->dma_cb = NULL;
947 bm->ide_if = NULL;
948 bm->aiocb = NULL;
949 return;
950 }
951
952 /* launch next transfer */
953 n = s->nsector;
954 if (n > IDE_DMA_BUF_SECTORS)
955 n = IDE_DMA_BUF_SECTORS;
956 s->io_buffer_index = 0;
957 s->io_buffer_size = n * 512;
958 #ifdef DEBUG_AIO
959 printf("aio_read: sector_num=%" PRId64 " n=%d\n", sector_num, n);
960 #endif
961 bm->aiocb = bdrv_aio_read(s->bs, sector_num, s->io_buffer, n,
962 ide_read_dma_cb, bm);
963 ide_dma_submit_check(s, ide_read_dma_cb, bm);
964 }
965
966 static void ide_sector_read_dma(IDEState *s)
967 {
968 s->status = READY_STAT | SEEK_STAT | DRQ_STAT | BUSY_STAT;
969 s->io_buffer_index = 0;
970 s->io_buffer_size = 0;
971 ide_dma_start(s, ide_read_dma_cb);
972 }
973
974 static void ide_sector_write_timer_cb(void *opaque)
975 {
976 IDEState *s = opaque;
977 ide_set_irq(s);
978 }
979
980 static void ide_sector_write(IDEState *s)
981 {
982 int64_t sector_num;
983 int ret, n, n1;
984
985 s->status = READY_STAT | SEEK_STAT;
986 sector_num = ide_get_sector(s);
987 #if defined(DEBUG_IDE)
988 printf("write sector=%" PRId64 "\n", sector_num);
989 #endif
990 n = s->nsector;
991 if (n > s->req_nb_sectors)
992 n = s->req_nb_sectors;
993 ret = bdrv_write(s->bs, sector_num, s->io_buffer, n);
994 if (ret != 0) {
995 ide_rw_error(s);
996 return;
997 }
998
999 s->nsector -= n;
1000 if (s->nsector == 0) {
1001 /* no more sectors to write */
1002 ide_transfer_stop(s);
1003 } else {
1004 n1 = s->nsector;
1005 if (n1 > s->req_nb_sectors)
1006 n1 = s->req_nb_sectors;
1007 ide_transfer_start(s, s->io_buffer, 512 * n1, ide_sector_write);
1008 }
1009 ide_set_sector(s, sector_num + n);
1010
1011 #ifdef TARGET_I386
1012 if (win2k_install_hack && ((++s->irq_count % 16) == 0)) {
1013 /* It seems there is a bug in the Windows 2000 installer HDD
1014 IDE driver which fills the disk with empty logs when the
1015 IDE write IRQ comes too early. This hack tries to correct
1016 that at the expense of slower write performances. Use this
1017 option _only_ to install Windows 2000. You must disable it
1018 for normal use. */
1019 qemu_mod_timer(s->sector_write_timer,
1020 qemu_get_clock(vm_clock) + (ticks_per_sec / 1000));
1021 } else
1022 #endif
1023 {
1024 ide_set_irq(s);
1025 }
1026 }
1027
1028 static void ide_write_dma_cb(void *opaque, int ret)
1029 {
1030 BMDMAState *bm = opaque;
1031 IDEState *s = bm->ide_if;
1032 int n;
1033 int64_t sector_num;
1034
1035 if (ret < 0) {
1036 ide_dma_error(s);
1037 return;
1038 }
1039
1040 n = s->io_buffer_size >> 9;
1041 sector_num = ide_get_sector(s);
1042 if (n > 0) {
1043 sector_num += n;
1044 ide_set_sector(s, sector_num);
1045 s->nsector -= n;
1046 }
1047
1048 /* end of transfer ? */
1049 if (s->nsector == 0) {
1050 s->status = READY_STAT | SEEK_STAT;
1051 ide_set_irq(s);
1052 eot:
1053 bm->status &= ~BM_STATUS_DMAING;
1054 bm->status |= BM_STATUS_INT;
1055 bm->dma_cb = NULL;
1056 bm->ide_if = NULL;
1057 bm->aiocb = NULL;
1058 return;
1059 }
1060
1061 /* launch next transfer */
1062 n = s->nsector;
1063 if (n > IDE_DMA_BUF_SECTORS)
1064 n = IDE_DMA_BUF_SECTORS;
1065 s->io_buffer_index = 0;
1066 s->io_buffer_size = n * 512;
1067
1068 if (dma_buf_rw(bm, 0) == 0)
1069 goto eot;
1070 #ifdef DEBUG_AIO
1071 printf("aio_write: sector_num=%" PRId64 " n=%d\n", sector_num, n);
1072 #endif
1073 bm->aiocb = bdrv_aio_write(s->bs, sector_num, s->io_buffer, n,
1074 ide_write_dma_cb, bm);
1075 ide_dma_submit_check(s, ide_write_dma_cb, bm);
1076 }
1077
1078 static void ide_sector_write_dma(IDEState *s)
1079 {
1080 s->status = READY_STAT | SEEK_STAT | DRQ_STAT | BUSY_STAT;
1081 s->io_buffer_index = 0;
1082 s->io_buffer_size = 0;
1083 ide_dma_start(s, ide_write_dma_cb);
1084 }
1085
1086 static void ide_atapi_cmd_ok(IDEState *s)
1087 {
1088 s->error = 0;
1089 s->status = READY_STAT | SEEK_STAT;
1090 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
1091 ide_set_irq(s);
1092 }
1093
1094 static void ide_atapi_cmd_error(IDEState *s, int sense_key, int asc)
1095 {
1096 #ifdef DEBUG_IDE_ATAPI
1097 printf("atapi_cmd_error: sense=0x%x asc=0x%x\n", sense_key, asc);
1098 #endif
1099 s->error = sense_key << 4;
1100 s->status = READY_STAT | ERR_STAT;
1101 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
1102 s->sense_key = sense_key;
1103 s->asc = asc;
1104 ide_set_irq(s);
1105 }
1106
1107 static void ide_atapi_cmd_check_status(IDEState *s)
1108 {
1109 #ifdef DEBUG_IDE_ATAPI
1110 printf("atapi_cmd_check_status\n");
1111 #endif
1112 s->error = MC_ERR | (SENSE_UNIT_ATTENTION << 4);
1113 s->status = ERR_STAT;
1114 s->nsector = 0;
1115 ide_set_irq(s);
1116 }
1117
1118 static inline void cpu_to_ube16(uint8_t *buf, int val)
1119 {
1120 buf[0] = val >> 8;
1121 buf[1] = val;
1122 }
1123
1124 static inline void cpu_to_ube32(uint8_t *buf, unsigned int val)
1125 {
1126 buf[0] = val >> 24;
1127 buf[1] = val >> 16;
1128 buf[2] = val >> 8;
1129 buf[3] = val;
1130 }
1131
1132 static inline int ube16_to_cpu(const uint8_t *buf)
1133 {
1134 return (buf[0] << 8) | buf[1];
1135 }
1136
1137 static inline int ube32_to_cpu(const uint8_t *buf)
1138 {
1139 return (buf[0] << 24) | (buf[1] << 16) | (buf[2] << 8) | buf[3];
1140 }
1141
1142 static void lba_to_msf(uint8_t *buf, int lba)
1143 {
1144 lba += 150;
1145 buf[0] = (lba / 75) / 60;
1146 buf[1] = (lba / 75) % 60;
1147 buf[2] = lba % 75;
1148 }
1149
1150 static void cd_data_to_raw(uint8_t *buf, int lba)
1151 {
1152 /* sync bytes */
1153 buf[0] = 0x00;
1154 memset(buf + 1, 0xff, 10);
1155 buf[11] = 0x00;
1156 buf += 12;
1157 /* MSF */
1158 lba_to_msf(buf, lba);
1159 buf[3] = 0x01; /* mode 1 data */
1160 buf += 4;
1161 /* data */
1162 buf += 2048;
1163 /* XXX: ECC not computed */
1164 memset(buf, 0, 288);
1165 }
1166
1167 static int cd_read_sector(BlockDriverState *bs, int lba, uint8_t *buf,
1168 int sector_size)
1169 {
1170 int ret;
1171
1172 switch(sector_size) {
1173 case 2048:
1174 ret = bdrv_read(bs, (int64_t)lba << 2, buf, 4);
1175 break;
1176 case 2352:
1177 ret = bdrv_read(bs, (int64_t)lba << 2, buf + 16, 4);
1178 if (ret < 0)
1179 return ret;
1180 cd_data_to_raw(buf, lba);
1181 break;
1182 default:
1183 ret = -EIO;
1184 break;
1185 }
1186 return ret;
1187 }
1188
1189 static void ide_atapi_io_error(IDEState *s, int ret)
1190 {
1191 /* XXX: handle more errors */
1192 if (ret == -ENOMEDIUM) {
1193 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1194 ASC_MEDIUM_NOT_PRESENT);
1195 } else {
1196 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1197 ASC_LOGICAL_BLOCK_OOR);
1198 }
1199 }
1200
1201 /* The whole ATAPI transfer logic is handled in this function */
1202 static void ide_atapi_cmd_reply_end(IDEState *s)
1203 {
1204 int byte_count_limit, size, ret;
1205 #ifdef DEBUG_IDE_ATAPI
1206 printf("reply: tx_size=%d elem_tx_size=%d index=%d\n",
1207 s->packet_transfer_size,
1208 s->elementary_transfer_size,
1209 s->io_buffer_index);
1210 #endif
1211 if (s->packet_transfer_size <= 0) {
1212 /* end of transfer */
1213 ide_transfer_stop(s);
1214 s->status = READY_STAT | SEEK_STAT;
1215 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
1216 ide_set_irq(s);
1217 #ifdef DEBUG_IDE_ATAPI
1218 printf("status=0x%x\n", s->status);
1219 #endif
1220 } else {
1221 /* see if a new sector must be read */
1222 if (s->lba != -1 && s->io_buffer_index >= s->cd_sector_size) {
1223 ret = cd_read_sector(s->bs, s->lba, s->io_buffer, s->cd_sector_size);
1224 if (ret < 0) {
1225 ide_transfer_stop(s);
1226 ide_atapi_io_error(s, ret);
1227 return;
1228 }
1229 s->lba++;
1230 s->io_buffer_index = 0;
1231 }
1232 if (s->elementary_transfer_size > 0) {
1233 /* there are some data left to transmit in this elementary
1234 transfer */
1235 size = s->cd_sector_size - s->io_buffer_index;
1236 if (size > s->elementary_transfer_size)
1237 size = s->elementary_transfer_size;
1238 ide_transfer_start(s, s->io_buffer + s->io_buffer_index,
1239 size, ide_atapi_cmd_reply_end);
1240 s->packet_transfer_size -= size;
1241 s->elementary_transfer_size -= size;
1242 s->io_buffer_index += size;
1243 } else {
1244 /* a new transfer is needed */
1245 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO;
1246 byte_count_limit = s->lcyl | (s->hcyl << 8);
1247 #ifdef DEBUG_IDE_ATAPI
1248 printf("byte_count_limit=%d\n", byte_count_limit);
1249 #endif
1250 if (byte_count_limit == 0xffff)
1251 byte_count_limit--;
1252 size = s->packet_transfer_size;
1253 if (size > byte_count_limit) {
1254 /* byte count limit must be even if this case */
1255 if (byte_count_limit & 1)
1256 byte_count_limit--;
1257 size = byte_count_limit;
1258 }
1259 s->lcyl = size;
1260 s->hcyl = size >> 8;
1261 s->elementary_transfer_size = size;
1262 /* we cannot transmit more than one sector at a time */
1263 if (s->lba != -1) {
1264 if (size > (s->cd_sector_size - s->io_buffer_index))
1265 size = (s->cd_sector_size - s->io_buffer_index);
1266 }
1267 ide_transfer_start(s, s->io_buffer + s->io_buffer_index,
1268 size, ide_atapi_cmd_reply_end);
1269 s->packet_transfer_size -= size;
1270 s->elementary_transfer_size -= size;
1271 s->io_buffer_index += size;
1272 ide_set_irq(s);
1273 #ifdef DEBUG_IDE_ATAPI
1274 printf("status=0x%x\n", s->status);
1275 #endif
1276 }
1277 }
1278 }
1279
1280 /* send a reply of 'size' bytes in s->io_buffer to an ATAPI command */
1281 static void ide_atapi_cmd_reply(IDEState *s, int size, int max_size)
1282 {
1283 if (size > max_size)
1284 size = max_size;
1285 s->lba = -1; /* no sector read */
1286 s->packet_transfer_size = size;
1287 s->io_buffer_size = size; /* dma: send the reply data as one chunk */
1288 s->elementary_transfer_size = 0;
1289 s->io_buffer_index = 0;
1290
1291 if (s->atapi_dma) {
1292 s->status = READY_STAT | SEEK_STAT | DRQ_STAT;
1293 ide_dma_start(s, ide_atapi_cmd_read_dma_cb);
1294 } else {
1295 s->status = READY_STAT | SEEK_STAT;
1296 ide_atapi_cmd_reply_end(s);
1297 }
1298 }
1299
1300 /* start a CD-CDROM read command */
1301 static void ide_atapi_cmd_read_pio(IDEState *s, int lba, int nb_sectors,
1302 int sector_size)
1303 {
1304 s->lba = lba;
1305 s->packet_transfer_size = nb_sectors * sector_size;
1306 s->elementary_transfer_size = 0;
1307 s->io_buffer_index = sector_size;
1308 s->cd_sector_size = sector_size;
1309
1310 s->status = READY_STAT | SEEK_STAT;
1311 ide_atapi_cmd_reply_end(s);
1312 }
1313
1314 /* ATAPI DMA support */
1315
1316 /* XXX: handle read errors */
1317 static void ide_atapi_cmd_read_dma_cb(void *opaque, int ret)
1318 {
1319 BMDMAState *bm = opaque;
1320 IDEState *s = bm->ide_if;
1321 int data_offset, n;
1322
1323 if (ret < 0) {
1324 ide_atapi_io_error(s, ret);
1325 goto eot;
1326 }
1327
1328 if (s->io_buffer_size > 0) {
1329 /*
1330 * For a cdrom read sector command (s->lba != -1),
1331 * adjust the lba for the next s->io_buffer_size chunk
1332 * and dma the current chunk.
1333 * For a command != read (s->lba == -1), just transfer
1334 * the reply data.
1335 */
1336 if (s->lba != -1) {
1337 if (s->cd_sector_size == 2352) {
1338 n = 1;
1339 cd_data_to_raw(s->io_buffer, s->lba);
1340 } else {
1341 n = s->io_buffer_size >> 11;
1342 }
1343 s->lba += n;
1344 }
1345 s->packet_transfer_size -= s->io_buffer_size;
1346 if (dma_buf_rw(bm, 1) == 0)
1347 goto eot;
1348 }
1349
1350 if (s->packet_transfer_size <= 0) {
1351 s->status = READY_STAT | SEEK_STAT;
1352 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
1353 ide_set_irq(s);
1354 eot:
1355 bm->status &= ~BM_STATUS_DMAING;
1356 bm->status |= BM_STATUS_INT;
1357 bm->dma_cb = NULL;
1358 bm->ide_if = NULL;
1359 bm->aiocb = NULL;
1360 return;
1361 }
1362
1363 s->io_buffer_index = 0;
1364 if (s->cd_sector_size == 2352) {
1365 n = 1;
1366 s->io_buffer_size = s->cd_sector_size;
1367 data_offset = 16;
1368 } else {
1369 n = s->packet_transfer_size >> 11;
1370 if (n > (IDE_DMA_BUF_SECTORS / 4))
1371 n = (IDE_DMA_BUF_SECTORS / 4);
1372 s->io_buffer_size = n * 2048;
1373 data_offset = 0;
1374 }
1375 #ifdef DEBUG_AIO
1376 printf("aio_read_cd: lba=%u n=%d\n", s->lba, n);
1377 #endif
1378 bm->aiocb = bdrv_aio_read(s->bs, (int64_t)s->lba << 2,
1379 s->io_buffer + data_offset, n * 4,
1380 ide_atapi_cmd_read_dma_cb, bm);
1381 if (!bm->aiocb) {
1382 /* Note: media not present is the most likely case */
1383 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1384 ASC_MEDIUM_NOT_PRESENT);
1385 goto eot;
1386 }
1387 }
1388
1389 /* start a CD-CDROM read command with DMA */
1390 /* XXX: test if DMA is available */
1391 static void ide_atapi_cmd_read_dma(IDEState *s, int lba, int nb_sectors,
1392 int sector_size)
1393 {
1394 s->lba = lba;
1395 s->packet_transfer_size = nb_sectors * sector_size;
1396 s->io_buffer_index = 0;
1397 s->io_buffer_size = 0;
1398 s->cd_sector_size = sector_size;
1399
1400 /* XXX: check if BUSY_STAT should be set */
1401 s->status = READY_STAT | SEEK_STAT | DRQ_STAT | BUSY_STAT;
1402 ide_dma_start(s, ide_atapi_cmd_read_dma_cb);
1403 }
1404
1405 static void ide_atapi_cmd_read(IDEState *s, int lba, int nb_sectors,
1406 int sector_size)
1407 {
1408 #ifdef DEBUG_IDE_ATAPI
1409 printf("read %s: LBA=%d nb_sectors=%d\n", s->atapi_dma ? "dma" : "pio",
1410 lba, nb_sectors);
1411 #endif
1412 if (s->atapi_dma) {
1413 ide_atapi_cmd_read_dma(s, lba, nb_sectors, sector_size);
1414 } else {
1415 ide_atapi_cmd_read_pio(s, lba, nb_sectors, sector_size);
1416 }
1417 }
1418
1419 static inline uint8_t ide_atapi_set_profile(uint8_t *buf, uint8_t *index,
1420 uint16_t profile)
1421 {
1422 uint8_t *buf_profile = buf + 12; /* start of profiles */
1423
1424 buf_profile += ((*index) * 4); /* start of indexed profile */
1425 cpu_to_ube16 (buf_profile, profile);
1426 buf_profile[2] = ((buf_profile[0] == buf[6]) && (buf_profile[1] == buf[7]));
1427
1428 /* each profile adds 4 bytes to the response */
1429 (*index)++;
1430 buf[11] += 4; /* Additional Length */
1431
1432 return 4;
1433 }
1434
1435 static int ide_dvd_read_structure(IDEState *s, int format,
1436 const uint8_t *packet, uint8_t *buf)
1437 {
1438 switch (format) {
1439 case 0x0: /* Physical format information */
1440 {
1441 int layer = packet[6];
1442 uint64_t total_sectors;
1443
1444 if (layer != 0)
1445 return -ASC_INV_FIELD_IN_CMD_PACKET;
1446
1447 bdrv_get_geometry(s->bs, &total_sectors);
1448 total_sectors >>= 2;
1449 if (total_sectors == 0)
1450 return -ASC_MEDIUM_NOT_PRESENT;
1451
1452 buf[4] = 1; /* DVD-ROM, part version 1 */
1453 buf[5] = 0xf; /* 120mm disc, minimum rate unspecified */
1454 buf[6] = 1; /* one layer, read-only (per MMC-2 spec) */
1455 buf[7] = 0; /* default densities */
1456
1457 /* FIXME: 0x30000 per spec? */
1458 cpu_to_ube32(buf + 8, 0); /* start sector */
1459 cpu_to_ube32(buf + 12, total_sectors - 1); /* end sector */
1460 cpu_to_ube32(buf + 16, total_sectors - 1); /* l0 end sector */
1461
1462 /* Size of buffer, not including 2 byte size field */
1463 cpu_to_be16wu((uint16_t *)buf, 2048 + 2);
1464
1465 /* 2k data + 4 byte header */
1466 return (2048 + 4);
1467 }
1468
1469 case 0x01: /* DVD copyright information */
1470 buf[4] = 0; /* no copyright data */
1471 buf[5] = 0; /* no region restrictions */
1472
1473 /* Size of buffer, not including 2 byte size field */
1474 cpu_to_be16wu((uint16_t *)buf, 4 + 2);
1475
1476 /* 4 byte header + 4 byte data */
1477 return (4 + 4);
1478
1479 case 0x03: /* BCA information - invalid field for no BCA info */
1480 return -ASC_INV_FIELD_IN_CMD_PACKET;
1481
1482 case 0x04: /* DVD disc manufacturing information */
1483 /* Size of buffer, not including 2 byte size field */
1484 cpu_to_be16wu((uint16_t *)buf, 2048 + 2);
1485
1486 /* 2k data + 4 byte header */
1487 return (2048 + 4);
1488
1489 case 0xff:
1490 /*
1491 * This lists all the command capabilities above. Add new ones
1492 * in order and update the length and buffer return values.
1493 */
1494
1495 buf[4] = 0x00; /* Physical format */
1496 buf[5] = 0x40; /* Not writable, is readable */
1497 cpu_to_be16wu((uint16_t *)(buf + 6), 2048 + 4);
1498
1499 buf[8] = 0x01; /* Copyright info */
1500 buf[9] = 0x40; /* Not writable, is readable */
1501 cpu_to_be16wu((uint16_t *)(buf + 10), 4 + 4);
1502
1503 buf[12] = 0x03; /* BCA info */
1504 buf[13] = 0x40; /* Not writable, is readable */
1505 cpu_to_be16wu((uint16_t *)(buf + 14), 188 + 4);
1506
1507 buf[16] = 0x04; /* Manufacturing info */
1508 buf[17] = 0x40; /* Not writable, is readable */
1509 cpu_to_be16wu((uint16_t *)(buf + 18), 2048 + 4);
1510
1511 /* Size of buffer, not including 2 byte size field */
1512 cpu_to_be16wu((uint16_t *)buf, 16 + 2);
1513
1514 /* data written + 4 byte header */
1515 return (16 + 4);
1516
1517 default: /* TODO: formats beyond DVD-ROM requires */
1518 return -ASC_INV_FIELD_IN_CMD_PACKET;
1519 }
1520 }
1521
1522 static void ide_atapi_cmd(IDEState *s)
1523 {
1524 const uint8_t *packet;
1525 uint8_t *buf;
1526 int max_len;
1527
1528 packet = s->io_buffer;
1529 buf = s->io_buffer;
1530 #ifdef DEBUG_IDE_ATAPI
1531 {
1532 int i;
1533 printf("ATAPI limit=0x%x packet:", s->lcyl | (s->hcyl << 8));
1534 for(i = 0; i < ATAPI_PACKET_SIZE; i++) {
1535 printf(" %02x", packet[i]);
1536 }
1537 printf("\n");
1538 }
1539 #endif
1540 /* If there's a UNIT_ATTENTION condition pending, only
1541 REQUEST_SENSE and INQUIRY commands are allowed to complete. */
1542 if (s->sense_key == SENSE_UNIT_ATTENTION &&
1543 s->io_buffer[0] != GPCMD_REQUEST_SENSE &&
1544 s->io_buffer[0] != GPCMD_INQUIRY) {
1545 ide_atapi_cmd_check_status(s);
1546 return;
1547 }
1548 switch(s->io_buffer[0]) {
1549 case GPCMD_TEST_UNIT_READY:
1550 if (bdrv_is_inserted(s->bs)) {
1551 ide_atapi_cmd_ok(s);
1552 } else {
1553 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1554 ASC_MEDIUM_NOT_PRESENT);
1555 }
1556 break;
1557 case GPCMD_MODE_SENSE_6:
1558 case GPCMD_MODE_SENSE_10:
1559 {
1560 int action, code;
1561 if (packet[0] == GPCMD_MODE_SENSE_10)
1562 max_len = ube16_to_cpu(packet + 7);
1563 else
1564 max_len = packet[4];
1565 action = packet[2] >> 6;
1566 code = packet[2] & 0x3f;
1567 switch(action) {
1568 case 0: /* current values */
1569 switch(code) {
1570 case 0x01: /* error recovery */
1571 cpu_to_ube16(&buf[0], 16 + 6);
1572 buf[2] = 0x70;
1573 buf[3] = 0;
1574 buf[4] = 0;
1575 buf[5] = 0;
1576 buf[6] = 0;
1577 buf[7] = 0;
1578
1579 buf[8] = 0x01;
1580 buf[9] = 0x06;
1581 buf[10] = 0x00;
1582 buf[11] = 0x05;
1583 buf[12] = 0x00;
1584 buf[13] = 0x00;
1585 buf[14] = 0x00;
1586 buf[15] = 0x00;
1587 ide_atapi_cmd_reply(s, 16, max_len);
1588 break;
1589 case 0x2a:
1590 cpu_to_ube16(&buf[0], 28 + 6);
1591 buf[2] = 0x70;
1592 buf[3] = 0;
1593 buf[4] = 0;
1594 buf[5] = 0;
1595 buf[6] = 0;
1596 buf[7] = 0;
1597
1598 buf[8] = 0x2a;
1599 buf[9] = 0x12;
1600 buf[10] = 0x00;
1601 buf[11] = 0x00;
1602
1603 /* Claim PLAY_AUDIO capability (0x01) since some Linux
1604 code checks for this to automount media. */
1605 buf[12] = 0x71;
1606 buf[13] = 3 << 5;
1607 buf[14] = (1 << 0) | (1 << 3) | (1 << 5);
1608 if (bdrv_is_locked(s->bs))
1609 buf[6] |= 1 << 1;
1610 buf[15] = 0x00;
1611 cpu_to_ube16(&buf[16], 706);
1612 buf[18] = 0;
1613 buf[19] = 2;
1614 cpu_to_ube16(&buf[20], 512);
1615 cpu_to_ube16(&buf[22], 706);
1616 buf[24] = 0;
1617 buf[25] = 0;
1618 buf[26] = 0;
1619 buf[27] = 0;
1620 ide_atapi_cmd_reply(s, 28, max_len);
1621 break;
1622 default:
1623 goto error_cmd;
1624 }
1625 break;
1626 case 1: /* changeable values */
1627 goto error_cmd;
1628 case 2: /* default values */
1629 goto error_cmd;
1630 default:
1631 case 3: /* saved values */
1632 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1633 ASC_SAVING_PARAMETERS_NOT_SUPPORTED);
1634 break;
1635 }
1636 }
1637 break;
1638 case GPCMD_REQUEST_SENSE:
1639 max_len = packet[4];
1640 memset(buf, 0, 18);
1641 buf[0] = 0x70 | (1 << 7);
1642 buf[2] = s->sense_key;
1643 buf[7] = 10;
1644 buf[12] = s->asc;
1645 if (s->sense_key == SENSE_UNIT_ATTENTION)
1646 s->sense_key = SENSE_NONE;
1647 ide_atapi_cmd_reply(s, 18, max_len);
1648 break;
1649 case GPCMD_PREVENT_ALLOW_MEDIUM_REMOVAL:
1650 if (bdrv_is_inserted(s->bs)) {
1651 bdrv_set_locked(s->bs, packet[4] & 1);
1652 ide_atapi_cmd_ok(s);
1653 } else {
1654 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1655 ASC_MEDIUM_NOT_PRESENT);
1656 }
1657 break;
1658 case GPCMD_READ_10:
1659 case GPCMD_READ_12:
1660 {
1661 int nb_sectors, lba;
1662
1663 if (packet[0] == GPCMD_READ_10)
1664 nb_sectors = ube16_to_cpu(packet + 7);
1665 else
1666 nb_sectors = ube32_to_cpu(packet + 6);
1667 lba = ube32_to_cpu(packet + 2);
1668 if (nb_sectors == 0) {
1669 ide_atapi_cmd_ok(s);
1670 break;
1671 }
1672 ide_atapi_cmd_read(s, lba, nb_sectors, 2048);
1673 }
1674 break;
1675 case GPCMD_READ_CD:
1676 {
1677 int nb_sectors, lba, transfer_request;
1678
1679 nb_sectors = (packet[6] << 16) | (packet[7] << 8) | packet[8];
1680 lba = ube32_to_cpu(packet + 2);
1681 if (nb_sectors == 0) {
1682 ide_atapi_cmd_ok(s);
1683 break;
1684 }
1685 transfer_request = packet[9];
1686 switch(transfer_request & 0xf8) {
1687 case 0x00:
1688 /* nothing */
1689 ide_atapi_cmd_ok(s);
1690 break;
1691 case 0x10:
1692 /* normal read */
1693 ide_atapi_cmd_read(s, lba, nb_sectors, 2048);
1694 break;
1695 case 0xf8:
1696 /* read all data */
1697 ide_atapi_cmd_read(s, lba, nb_sectors, 2352);
1698 break;
1699 default:
1700 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1701 ASC_INV_FIELD_IN_CMD_PACKET);
1702 break;
1703 }
1704 }
1705 break;
1706 case GPCMD_SEEK:
1707 {
1708 unsigned int lba;
1709 uint64_t total_sectors;
1710
1711 bdrv_get_geometry(s->bs, &total_sectors);
1712 total_sectors >>= 2;
1713 if (total_sectors == 0) {
1714 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1715 ASC_MEDIUM_NOT_PRESENT);
1716 break;
1717 }
1718 lba = ube32_to_cpu(packet + 2);
1719 if (lba >= total_sectors) {
1720 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1721 ASC_LOGICAL_BLOCK_OOR);
1722 break;
1723 }
1724 ide_atapi_cmd_ok(s);
1725 }
1726 break;
1727 case GPCMD_START_STOP_UNIT:
1728 {
1729 int start, eject;
1730 start = packet[4] & 1;
1731 eject = (packet[4] >> 1) & 1;
1732
1733 if (eject && !start) {
1734 /* eject the disk */
1735 bdrv_eject(s->bs, 1);
1736 } else if (eject && start) {
1737 /* close the tray */
1738 bdrv_eject(s->bs, 0);
1739 }
1740 ide_atapi_cmd_ok(s);
1741 }
1742 break;
1743 case GPCMD_MECHANISM_STATUS:
1744 {
1745 max_len = ube16_to_cpu(packet + 8);
1746 cpu_to_ube16(buf, 0);
1747 /* no current LBA */
1748 buf[2] = 0;
1749 buf[3] = 0;
1750 buf[4] = 0;
1751 buf[5] = 1;
1752 cpu_to_ube16(buf + 6, 0);
1753 ide_atapi_cmd_reply(s, 8, max_len);
1754 }
1755 break;
1756 case GPCMD_READ_TOC_PMA_ATIP:
1757 {
1758 int format, msf, start_track, len;
1759 uint64_t total_sectors;
1760
1761 bdrv_get_geometry(s->bs, &total_sectors);
1762 total_sectors >>= 2;
1763 if (total_sectors == 0) {
1764 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1765 ASC_MEDIUM_NOT_PRESENT);
1766 break;
1767 }
1768 max_len = ube16_to_cpu(packet + 7);
1769 format = packet[9] >> 6;
1770 msf = (packet[1] >> 1) & 1;
1771 start_track = packet[6];
1772 switch(format) {
1773 case 0:
1774 len = cdrom_read_toc(total_sectors, buf, msf, start_track);
1775 if (len < 0)
1776 goto error_cmd;
1777 ide_atapi_cmd_reply(s, len, max_len);
1778 break;
1779 case 1:
1780 /* multi session : only a single session defined */
1781 memset(buf, 0, 12);
1782 buf[1] = 0x0a;
1783 buf[2] = 0x01;
1784 buf[3] = 0x01;
1785 ide_atapi_cmd_reply(s, 12, max_len);
1786 break;
1787 case 2:
1788 len = cdrom_read_toc_raw(total_sectors, buf, msf, start_track);
1789 if (len < 0)
1790 goto error_cmd;
1791 ide_atapi_cmd_reply(s, len, max_len);
1792 break;
1793 default:
1794 error_cmd:
1795 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1796 ASC_INV_FIELD_IN_CMD_PACKET);
1797 break;
1798 }
1799 }
1800 break;
1801 case GPCMD_READ_CDVD_CAPACITY:
1802 {
1803 uint64_t total_sectors;
1804
1805 bdrv_get_geometry(s->bs, &total_sectors);
1806 total_sectors >>= 2;
1807 if (total_sectors == 0) {
1808 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1809 ASC_MEDIUM_NOT_PRESENT);
1810 break;
1811 }
1812 /* NOTE: it is really the number of sectors minus 1 */
1813 cpu_to_ube32(buf, total_sectors - 1);
1814 cpu_to_ube32(buf + 4, 2048);
1815 ide_atapi_cmd_reply(s, 8, 8);
1816 }
1817 break;
1818 case GPCMD_READ_DVD_STRUCTURE:
1819 {
1820 int media = packet[1];
1821 int format = packet[7];
1822 int ret;
1823
1824 max_len = ube16_to_cpu(packet + 8);
1825
1826 if (format < 0xff) {
1827 if (media_is_cd(s)) {
1828 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1829 ASC_INCOMPATIBLE_FORMAT);
1830 break;
1831 } else if (!media_present(s)) {
1832 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1833 ASC_INV_FIELD_IN_CMD_PACKET);
1834 break;
1835 }
1836 }
1837
1838 memset(buf, 0, max_len > IDE_DMA_BUF_SECTORS * 512 + 4 ?
1839 IDE_DMA_BUF_SECTORS * 512 + 4 : max_len);
1840
1841 switch (format) {
1842 case 0x00 ... 0x7f:
1843 case 0xff:
1844 if (media == 0) {
1845 ret = ide_dvd_read_structure(s, format, packet, buf);
1846
1847 if (ret < 0)
1848 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST, -ret);
1849 else
1850 ide_atapi_cmd_reply(s, ret, max_len);
1851
1852 break;
1853 }
1854 /* TODO: BD support, fall through for now */
1855
1856 /* Generic disk structures */
1857 case 0x80: /* TODO: AACS volume identifier */
1858 case 0x81: /* TODO: AACS media serial number */
1859 case 0x82: /* TODO: AACS media identifier */
1860 case 0x83: /* TODO: AACS media key block */
1861 case 0x90: /* TODO: List of recognized format layers */
1862 case 0xc0: /* TODO: Write protection status */
1863 default:
1864 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1865 ASC_INV_FIELD_IN_CMD_PACKET);
1866 break;
1867 }
1868 }
1869 break;
1870 case GPCMD_SET_SPEED:
1871 ide_atapi_cmd_ok(s);
1872 break;
1873 case GPCMD_INQUIRY:
1874 max_len = packet[4];
1875 buf[0] = 0x05; /* CD-ROM */
1876 buf[1] = 0x80; /* removable */
1877 buf[2] = 0x00; /* ISO */
1878 buf[3] = 0x21; /* ATAPI-2 (XXX: put ATAPI-4 ?) */
1879 buf[4] = 31; /* additional length */
1880 buf[5] = 0; /* reserved */
1881 buf[6] = 0; /* reserved */
1882 buf[7] = 0; /* reserved */
1883 padstr8(buf + 8, 8, "QEMU");
1884 padstr8(buf + 16, 16, "QEMU DVD-ROM");
1885 padstr8(buf + 32, 4, QEMU_VERSION);
1886 ide_atapi_cmd_reply(s, 36, max_len);
1887 break;
1888 case GPCMD_GET_CONFIGURATION:
1889 {
1890 uint32_t len;
1891 uint8_t index = 0;
1892
1893 /* only feature 0 is supported */
1894 if (packet[2] != 0 || packet[3] != 0) {
1895 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1896 ASC_INV_FIELD_IN_CMD_PACKET);
1897 break;
1898 }
1899
1900 /* XXX: could result in alignment problems in some architectures */
1901 max_len = ube16_to_cpu(packet + 7);
1902
1903 /*
1904 * XXX: avoid overflow for io_buffer if max_len is bigger than
1905 * the size of that buffer (dimensioned to max number of
1906 * sectors to transfer at once)
1907 *
1908 * Only a problem if the feature/profiles grow.
1909 */
1910 if (max_len > 512) /* XXX: assume 1 sector */
1911 max_len = 512;
1912
1913 memset(buf, 0, max_len);
1914 /*
1915 * the number of sectors from the media tells us which profile
1916 * to use as current. 0 means there is no media
1917 */
1918 if (media_is_dvd(s))
1919 cpu_to_ube16(buf + 6, MMC_PROFILE_DVD_ROM);
1920 else if (media_is_cd(s))
1921 cpu_to_ube16(buf + 6, MMC_PROFILE_CD_ROM);
1922
1923 buf[10] = 0x02 | 0x01; /* persistent and current */
1924 len = 12; /* headers: 8 + 4 */
1925 len += ide_atapi_set_profile(buf, &index, MMC_PROFILE_DVD_ROM);
1926 len += ide_atapi_set_profile(buf, &index, MMC_PROFILE_CD_ROM);
1927 cpu_to_ube32(buf, len - 4); /* data length */
1928
1929 ide_atapi_cmd_reply(s, len, max_len);
1930 break;
1931 }
1932 default:
1933 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1934 ASC_ILLEGAL_OPCODE);
1935 break;
1936 }
1937 }
1938
1939 static void ide_cfata_metadata_inquiry(IDEState *s)
1940 {
1941 uint16_t *p;
1942 uint32_t spd;
1943
1944 p = (uint16_t *) s->io_buffer;
1945 memset(p, 0, 0x200);
1946 spd = ((s->mdata_size - 1) >> 9) + 1;
1947
1948 put_le16(p + 0, 0x0001); /* Data format revision */
1949 put_le16(p + 1, 0x0000); /* Media property: silicon */
1950 put_le16(p + 2, s->media_changed); /* Media status */
1951 put_le16(p + 3, s->mdata_size & 0xffff); /* Capacity in bytes (low) */
1952 put_le16(p + 4, s->mdata_size >> 16); /* Capacity in bytes (high) */
1953 put_le16(p + 5, spd & 0xffff); /* Sectors per device (low) */
1954 put_le16(p + 6, spd >> 16); /* Sectors per device (high) */
1955 }
1956
1957 static void ide_cfata_metadata_read(IDEState *s)
1958 {
1959 uint16_t *p;
1960
1961 if (((s->hcyl << 16) | s->lcyl) << 9 > s->mdata_size + 2) {
1962 s->status = ERR_STAT;
1963 s->error = ABRT_ERR;
1964 return;
1965 }
1966
1967 p = (uint16_t *) s->io_buffer;
1968 memset(p, 0, 0x200);
1969
1970 put_le16(p + 0, s->media_changed); /* Media status */
1971 memcpy(p + 1, s->mdata_storage + (((s->hcyl << 16) | s->lcyl) << 9),
1972 MIN(MIN(s->mdata_size - (((s->hcyl << 16) | s->lcyl) << 9),
1973 s->nsector << 9), 0x200 - 2));
1974 }
1975
1976 static void ide_cfata_metadata_write(IDEState *s)
1977 {
1978 if (((s->hcyl << 16) | s->lcyl) << 9 > s->mdata_size + 2) {
1979 s->status = ERR_STAT;
1980 s->error = ABRT_ERR;
1981 return;
1982 }
1983
1984 s->media_changed = 0;
1985
1986 memcpy(s->mdata_storage + (((s->hcyl << 16) | s->lcyl) << 9),
1987 s->io_buffer + 2,
1988 MIN(MIN(s->mdata_size - (((s->hcyl << 16) | s->lcyl) << 9),
1989 s->nsector << 9), 0x200 - 2));
1990 }
1991
1992 /* called when the inserted state of the media has changed */
1993 static void cdrom_change_cb(void *opaque)
1994 {
1995 IDEState *s = opaque;
1996 uint64_t nb_sectors;
1997
1998 bdrv_get_geometry(s->bs, &nb_sectors);
1999 s->nb_sectors = nb_sectors;
2000
2001 s->sense_key = SENSE_UNIT_ATTENTION;
2002 s->asc = ASC_MEDIUM_MAY_HAVE_CHANGED;
2003
2004 ide_set_irq(s);
2005 }
2006
2007 static void ide_cmd_lba48_transform(IDEState *s, int lba48)
2008 {
2009 s->lba48 = lba48;
2010
2011 /* handle the 'magic' 0 nsector count conversion here. to avoid
2012 * fiddling with the rest of the read logic, we just store the
2013 * full sector count in ->nsector and ignore ->hob_nsector from now
2014 */
2015 if (!s->lba48) {
2016 if (!s->nsector)
2017 s->nsector = 256;
2018 } else {
2019 if (!s->nsector && !s->hob_nsector)
2020 s->nsector = 65536;
2021 else {
2022 int lo = s->nsector;
2023 int hi = s->hob_nsector;
2024
2025 s->nsector = (hi << 8) | lo;
2026 }
2027 }
2028 }
2029
2030 static void ide_clear_hob(IDEState *ide_if)
2031 {
2032 /* any write clears HOB high bit of device control register */
2033 ide_if[0].select &= ~(1 << 7);
2034 ide_if[1].select &= ~(1 << 7);
2035 }
2036
2037 static void ide_ioport_write(void *opaque, uint32_t addr, uint32_t val)
2038 {
2039 IDEState *ide_if = opaque;
2040 IDEState *s;
2041 int unit, n;
2042 int lba48 = 0;
2043
2044 #ifdef DEBUG_IDE
2045 printf("IDE: write addr=0x%x val=0x%02x\n", addr, val);
2046 #endif
2047
2048 addr &= 7;
2049
2050 /* ignore writes to command block while busy with previous command */
2051 if (addr != 7 && (ide_if->cur_drive->status & (BUSY_STAT|DRQ_STAT)))
2052 return;
2053
2054 switch(addr) {
2055 case 0:
2056 break;
2057 case 1:
2058 ide_clear_hob(ide_if);
2059 /* NOTE: data is written to the two drives */
2060 ide_if[0].hob_feature = ide_if[0].feature;
2061 ide_if[1].hob_feature = ide_if[1].feature;
2062 ide_if[0].feature = val;
2063 ide_if[1].feature = val;
2064 break;
2065 case 2:
2066 ide_clear_hob(ide_if);
2067 ide_if[0].hob_nsector = ide_if[0].nsector;
2068 ide_if[1].hob_nsector = ide_if[1].nsector;
2069 ide_if[0].nsector = val;
2070 ide_if[1].nsector = val;
2071 break;
2072 case 3:
2073 ide_clear_hob(ide_if);
2074 ide_if[0].hob_sector = ide_if[0].sector;
2075 ide_if[1].hob_sector = ide_if[1].sector;
2076 ide_if[0].sector = val;
2077 ide_if[1].sector = val;
2078 break;
2079 case 4:
2080 ide_clear_hob(ide_if);
2081 ide_if[0].hob_lcyl = ide_if[0].lcyl;
2082 ide_if[1].hob_lcyl = ide_if[1].lcyl;
2083 ide_if[0].lcyl = val;
2084 ide_if[1].lcyl = val;
2085 break;
2086 case 5:
2087 ide_clear_hob(ide_if);
2088 ide_if[0].hob_hcyl = ide_if[0].hcyl;
2089 ide_if[1].hob_hcyl = ide_if[1].hcyl;
2090 ide_if[0].hcyl = val;
2091 ide_if[1].hcyl = val;
2092 break;
2093 case 6:
2094 /* FIXME: HOB readback uses bit 7 */
2095 ide_if[0].select = (val & ~0x10) | 0xa0;
2096 ide_if[1].select = (val | 0x10) | 0xa0;
2097 /* select drive */
2098 unit = (val >> 4) & 1;
2099 s = ide_if + unit;
2100 ide_if->cur_drive = s;
2101 break;
2102 default:
2103 case 7:
2104 /* command */
2105 #if defined(DEBUG_IDE)
2106 printf("ide: CMD=%02x\n", val);
2107 #endif
2108 s = ide_if->cur_drive;
2109 /* ignore commands to non existant slave */
2110 if (s != ide_if && !s->bs)
2111 break;
2112
2113 /* Only DEVICE RESET is allowed while BSY or/and DRQ are set */
2114 if ((s->status & (BUSY_STAT|DRQ_STAT)) && val != WIN_DEVICE_RESET)
2115 break;
2116
2117 switch(val) {
2118 case WIN_IDENTIFY:
2119 if (s->bs && !s->is_cdrom) {
2120 if (!s->is_cf)
2121 ide_identify(s);
2122 else
2123 ide_cfata_identify(s);
2124 s->status = READY_STAT | SEEK_STAT;
2125 ide_transfer_start(s, s->io_buffer, 512, ide_transfer_stop);
2126 } else {
2127 if (s->is_cdrom) {
2128 ide_set_signature(s);
2129 }
2130 ide_abort_command(s);
2131 }
2132 ide_set_irq(s);
2133 break;
2134 case WIN_SPECIFY:
2135 case WIN_RECAL:
2136 s->error = 0;
2137 s->status = READY_STAT | SEEK_STAT;
2138 ide_set_irq(s);
2139 break;
2140 case WIN_SETMULT:
2141 if (s->is_cf && s->nsector == 0) {
2142 /* Disable Read and Write Multiple */
2143 s->mult_sectors = 0;
2144 s->status = READY_STAT | SEEK_STAT;
2145 } else if ((s->nsector & 0xff) != 0 &&
2146 ((s->nsector & 0xff) > MAX_MULT_SECTORS ||
2147 (s->nsector & (s->nsector - 1)) != 0)) {
2148 ide_abort_command(s);
2149 } else {
2150 s->mult_sectors = s->nsector & 0xff;
2151 s->status = READY_STAT | SEEK_STAT;
2152 }
2153 ide_set_irq(s);
2154 break;
2155 case WIN_VERIFY_EXT:
2156 lba48 = 1;
2157 case WIN_VERIFY:
2158 case WIN_VERIFY_ONCE:
2159 /* do sector number check ? */
2160 ide_cmd_lba48_transform(s, lba48);
2161 s->status = READY_STAT | SEEK_STAT;
2162 ide_set_irq(s);
2163 break;
2164 case WIN_READ_EXT:
2165 lba48 = 1;
2166 case WIN_READ:
2167 case WIN_READ_ONCE:
2168 if (!s->bs)
2169 goto abort_cmd;
2170 ide_cmd_lba48_transform(s, lba48);
2171 s->req_nb_sectors = 1;
2172 ide_sector_read(s);
2173 break;
2174 case WIN_WRITE_EXT:
2175 lba48 = 1;
2176 case WIN_WRITE:
2177 case WIN_WRITE_ONCE:
2178 case CFA_WRITE_SECT_WO_ERASE:
2179 case WIN_WRITE_VERIFY:
2180 ide_cmd_lba48_transform(s, lba48);
2181 s->error = 0;
2182 s->status = SEEK_STAT | READY_STAT;
2183 s->req_nb_sectors = 1;
2184 ide_transfer_start(s, s->io_buffer, 512, ide_sector_write);
2185 s->media_changed = 1;
2186 break;
2187 case WIN_MULTREAD_EXT:
2188 lba48 = 1;
2189 case WIN_MULTREAD:
2190 if (!s->mult_sectors)
2191 goto abort_cmd;
2192 ide_cmd_lba48_transform(s, lba48);
2193 s->req_nb_sectors = s->mult_sectors;
2194 ide_sector_read(s);
2195 break;
2196 case WIN_MULTWRITE_EXT:
2197 lba48 = 1;
2198 case WIN_MULTWRITE:
2199 case CFA_WRITE_MULTI_WO_ERASE:
2200 if (!s->mult_sectors)
2201 goto abort_cmd;
2202 ide_cmd_lba48_transform(s, lba48);
2203 s->error = 0;
2204 s->status = SEEK_STAT | READY_STAT;
2205 s->req_nb_sectors = s->mult_sectors;
2206 n = s->nsector;
2207 if (n > s->req_nb_sectors)
2208 n = s->req_nb_sectors;
2209 ide_transfer_start(s, s->io_buffer, 512 * n, ide_sector_write);
2210 s->media_changed = 1;
2211 break;
2212 case WIN_READDMA_EXT:
2213 lba48 = 1;
2214 case WIN_READDMA:
2215 case WIN_READDMA_ONCE:
2216 if (!s->bs)
2217 goto abort_cmd;
2218 ide_cmd_lba48_transform(s, lba48);
2219 ide_sector_read_dma(s);
2220 break;
2221 case WIN_WRITEDMA_EXT:
2222 lba48 = 1;
2223 case WIN_WRITEDMA:
2224 case WIN_WRITEDMA_ONCE:
2225 if (!s->bs)
2226 goto abort_cmd;
2227 ide_cmd_lba48_transform(s, lba48);
2228 ide_sector_write_dma(s);
2229 s->media_changed = 1;
2230 break;
2231 case WIN_READ_NATIVE_MAX_EXT:
2232 lba48 = 1;
2233 case WIN_READ_NATIVE_MAX:
2234 ide_cmd_lba48_transform(s, lba48);
2235 ide_set_sector(s, s->nb_sectors - 1);
2236 s->status = READY_STAT | SEEK_STAT;
2237 ide_set_irq(s);
2238 break;
2239 case WIN_CHECKPOWERMODE1:
2240 case WIN_CHECKPOWERMODE2:
2241 s->nsector = 0xff; /* device active or idle */
2242 s->status = READY_STAT | SEEK_STAT;
2243 ide_set_irq(s);
2244 break;
2245 case WIN_SETFEATURES:
2246 if (!s->bs)
2247 goto abort_cmd;
2248 /* XXX: valid for CDROM ? */
2249 switch(s->feature) {
2250 case 0xcc: /* reverting to power-on defaults enable */
2251 case 0x66: /* reverting to power-on defaults disable */
2252 case 0x02: /* write cache enable */
2253 case 0x82: /* write cache disable */
2254 case 0xaa: /* read look-ahead enable */
2255 case 0x55: /* read look-ahead disable */
2256 case 0x05: /* set advanced power management mode */
2257 case 0x85: /* disable advanced power management mode */
2258 case 0x69: /* NOP */
2259 case 0x67: /* NOP */
2260 case 0x96: /* NOP */
2261 case 0x9a: /* NOP */
2262 case 0x42: /* enable Automatic Acoustic Mode */
2263 case 0xc2: /* disable Automatic Acoustic Mode */
2264 s->status = READY_STAT | SEEK_STAT;
2265 ide_set_irq(s);
2266 break;
2267 case 0x03: { /* set transfer mode */
2268 uint8_t val = s->nsector & 0x07;
2269
2270 switch (s->nsector >> 3) {
2271 case 0x00: /* pio default */
2272 case 0x01: /* pio mode */
2273 put_le16(s->identify_data + 62,0x07);
2274 put_le16(s->identify_data + 63,0x07);
2275 put_le16(s->identify_data + 88,0x3f);
2276 break;
2277 case 0x02: /* sigle word dma mode*/
2278 put_le16(s->identify_data + 62,0x07 | (1 << (val + 8)));
2279 put_le16(s->identify_data + 63,0x07);
2280 put_le16(s->identify_data + 88,0x3f);
2281 break;
2282 case 0x04: /* mdma mode */
2283 put_le16(s->identify_data + 62,0x07);
2284 put_le16(s->identify_data + 63,0x07 | (1 << (val + 8)));
2285 put_le16(s->identify_data + 88,0x3f);
2286 break;
2287 case 0x08: /* udma mode */
2288 put_le16(s->identify_data + 62,0x07);
2289 put_le16(s->identify_data + 63,0x07);
2290 put_le16(s->identify_data + 88,0x3f | (1 << (val + 8)));
2291 break;
2292 default:
2293 goto abort_cmd;
2294 }
2295 s->status = READY_STAT | SEEK_STAT;
2296 ide_set_irq(s);
2297 break;
2298 }
2299 default:
2300 goto abort_cmd;
2301 }
2302 break;
2303 case WIN_FLUSH_CACHE:
2304 case WIN_FLUSH_CACHE_EXT:
2305 if (s->bs)
2306 bdrv_flush(s->bs);
2307 s->status = READY_STAT | SEEK_STAT;
2308 ide_set_irq(s);
2309 break;
2310 case WIN_STANDBY:
2311 case WIN_STANDBY2:
2312 case WIN_STANDBYNOW1:
2313 case WIN_STANDBYNOW2:
2314 case WIN_IDLEIMMEDIATE:
2315 case CFA_IDLEIMMEDIATE:
2316 case WIN_SETIDLE1:
2317 case WIN_SETIDLE2:
2318 case WIN_SLEEPNOW1:
2319 case WIN_SLEEPNOW2:
2320 s->status = READY_STAT;
2321 ide_set_irq(s);
2322 break;
2323 case WIN_SEEK:
2324 if(s->is_cdrom)
2325 goto abort_cmd;
2326 /* XXX: Check that seek is within bounds */
2327 s->status = READY_STAT | SEEK_STAT;
2328 ide_set_irq(s);
2329 break;
2330 /* ATAPI commands */
2331 case WIN_PIDENTIFY:
2332 if (s->is_cdrom) {
2333 ide_atapi_identify(s);
2334 s->status = READY_STAT | SEEK_STAT;
2335 ide_transfer_start(s, s->io_buffer, 512, ide_transfer_stop);
2336 } else {
2337 ide_abort_command(s);
2338 }
2339 ide_set_irq(s);
2340 break;
2341 case WIN_DIAGNOSE:
2342 ide_set_signature(s);
2343 if (s->is_cdrom)
2344 s->status = 0; /* ATAPI spec (v6) section 9.10 defines packet
2345 * devices to return a clear status register
2346 * with READY_STAT *not* set. */
2347 else
2348 s->status = READY_STAT | SEEK_STAT;
2349 s->error = 0x01; /* Device 0 passed, Device 1 passed or not
2350 * present.
2351 */
2352 ide_set_irq(s);
2353 break;
2354 case WIN_SRST:
2355 if (!s->is_cdrom)
2356 goto abort_cmd;
2357 ide_set_signature(s);
2358 s->status = 0x00; /* NOTE: READY is _not_ set */
2359 s->error = 0x01;
2360 break;
2361 case WIN_PACKETCMD:
2362 if (!s->is_cdrom)
2363 goto abort_cmd;
2364 /* overlapping commands not supported */
2365 if (s->feature & 0x02)
2366 goto abort_cmd;
2367 s->status = READY_STAT | SEEK_STAT;
2368 s->atapi_dma = s->feature & 1;
2369 s->nsector = 1;
2370 ide_transfer_start(s, s->io_buffer, ATAPI_PACKET_SIZE,
2371 ide_atapi_cmd);
2372 break;
2373 /* CF-ATA commands */
2374 case CFA_REQ_EXT_ERROR_CODE:
2375 if (!s->is_cf)
2376 goto abort_cmd;
2377 s->error = 0x09; /* miscellaneous error */
2378 s->status = READY_STAT | SEEK_STAT;
2379 ide_set_irq(s);
2380 break;
2381 case CFA_ERASE_SECTORS:
2382 case CFA_WEAR_LEVEL:
2383 if (!s->is_cf)
2384 goto abort_cmd;
2385 if (val == CFA_WEAR_LEVEL)
2386 s->nsector = 0;
2387 if (val == CFA_ERASE_SECTORS)
2388 s->media_changed = 1;
2389 s->error = 0x00;
2390 s->status = READY_STAT | SEEK_STAT;
2391 ide_set_irq(s);
2392 break;
2393 case CFA_TRANSLATE_SECTOR:
2394 if (!s->is_cf)
2395 goto abort_cmd;
2396 s->error = 0x00;
2397 s->status = READY_STAT | SEEK_STAT;
2398 memset(s->io_buffer, 0, 0x200);
2399 s->io_buffer[0x00] = s->hcyl; /* Cyl MSB */
2400 s->io_buffer[0x01] = s->lcyl; /* Cyl LSB */
2401 s->io_buffer[0x02] = s->select; /* Head */
2402 s->io_buffer[0x03] = s->sector; /* Sector */
2403 s->io_buffer[0x04] = ide_get_sector(s) >> 16; /* LBA MSB */
2404 s->io_buffer[0x05] = ide_get_sector(s) >> 8; /* LBA */
2405 s->io_buffer[0x06] = ide_get_sector(s) >> 0; /* LBA LSB */
2406 s->io_buffer[0x13] = 0x00; /* Erase flag */
2407 s->io_buffer[0x18] = 0x00; /* Hot count */
2408 s->io_buffer[0x19] = 0x00; /* Hot count */
2409 s->io_buffer[0x1a] = 0x01; /* Hot count */
2410 ide_transfer_start(s, s->io_buffer, 0x200, ide_transfer_stop);
2411 ide_set_irq(s);
2412 break;
2413 case CFA_ACCESS_METADATA_STORAGE:
2414 if (!s->is_cf)
2415 goto abort_cmd;
2416 switch (s->feature) {
2417 case 0x02: /* Inquiry Metadata Storage */
2418 ide_cfata_metadata_inquiry(s);
2419 break;
2420 case 0x03: /* Read Metadata Storage */
2421 ide_cfata_metadata_read(s);
2422 break;
2423 case 0x04: /* Write Metadata Storage */
2424 ide_cfata_metadata_write(s);
2425 break;
2426 default:
2427 goto abort_cmd;
2428 }
2429 ide_transfer_start(s, s->io_buffer, 0x200, ide_transfer_stop);
2430 s->status = 0x00; /* NOTE: READY is _not_ set */
2431 ide_set_irq(s);
2432 break;
2433 case IBM_SENSE_CONDITION:
2434 if (!s->is_cf)
2435 goto abort_cmd;
2436 switch (s->feature) {
2437 case 0x01: /* sense temperature in device */
2438 s->nsector = 0x50; /* +20 C */
2439 break;
2440 default:
2441 goto abort_cmd;
2442 }
2443 s->status = READY_STAT | SEEK_STAT;
2444 ide_set_irq(s);
2445 break;
2446 default:
2447 abort_cmd:
2448 ide_abort_command(s);
2449 ide_set_irq(s);
2450 break;
2451 }
2452 }
2453 }
2454
2455 static uint32_t ide_ioport_read(void *opaque, uint32_t addr1)
2456 {
2457 IDEState *ide_if = opaque;
2458 IDEState *s = ide_if->cur_drive;
2459 uint32_t addr;
2460 int ret, hob;
2461
2462 addr = addr1 & 7;
2463 /* FIXME: HOB readback uses bit 7, but it's always set right now */
2464 //hob = s->select & (1 << 7);
2465 hob = 0;
2466 switch(addr) {
2467 case 0:
2468 ret = 0xff;
2469 break;
2470 case 1:
2471 if ((!ide_if[0].bs && !ide_if[1].bs) ||
2472 (s != ide_if && !s->bs))
2473 ret = 0;
2474 else if (!hob)
2475 ret = s->error;
2476 else
2477 ret = s->hob_feature;
2478 break;
2479 case 2:
2480 if (!ide_if[0].bs && !ide_if[1].bs)
2481 ret = 0;
2482 else if (!hob)
2483 ret = s->nsector & 0xff;
2484 else
2485 ret = s->hob_nsector;
2486 break;
2487 case 3:
2488 if (!ide_if[0].bs && !ide_if[1].bs)
2489 ret = 0;
2490 else if (!hob)
2491 ret = s->sector;
2492 else
2493 ret = s->hob_sector;
2494 break;
2495 case 4:
2496 if (!ide_if[0].bs && !ide_if[1].bs)
2497 ret = 0;
2498 else if (!hob)
2499 ret = s->lcyl;
2500 else
2501 ret = s->hob_lcyl;
2502 break;
2503 case 5:
2504 if (!ide_if[0].bs && !ide_if[1].bs)
2505 ret = 0;
2506 else if (!hob)
2507 ret = s->hcyl;
2508 else
2509 ret = s->hob_hcyl;
2510 break;
2511 case 6:
2512 if (!ide_if[0].bs && !ide_if[1].bs)
2513 ret = 0;
2514 else
2515 ret = s->select;
2516 break;
2517 default:
2518 case 7:
2519 if ((!ide_if[0].bs && !ide_if[1].bs) ||
2520 (s != ide_if && !s->bs))
2521 ret = 0;
2522 else
2523 ret = s->status;
2524 qemu_irq_lower(s->irq);
2525 break;
2526 }
2527 #ifdef DEBUG_IDE
2528 printf("ide: read addr=0x%x val=%02x\n", addr1, ret);
2529 #endif
2530 return ret;
2531 }
2532
2533 static uint32_t ide_status_read(void *opaque, uint32_t addr)
2534 {
2535 IDEState *ide_if = opaque;
2536 IDEState *s = ide_if->cur_drive;
2537 int ret;
2538
2539 if ((!ide_if[0].bs && !ide_if[1].bs) ||
2540 (s != ide_if && !s->bs))
2541 ret = 0;
2542 else
2543 ret = s->status;
2544 #ifdef DEBUG_IDE
2545 printf("ide: read status addr=0x%x val=%02x\n", addr, ret);
2546 #endif
2547 return ret;
2548 }
2549
2550 static void ide_cmd_write(void *opaque, uint32_t addr, uint32_t val)
2551 {
2552 IDEState *ide_if = opaque;
2553 IDEState *s;
2554 int i;
2555
2556 #ifdef DEBUG_IDE
2557 printf("ide: write control addr=0x%x val=%02x\n", addr, val);
2558 #endif
2559 /* common for both drives */
2560 if (!(ide_if[0].cmd & IDE_CMD_RESET) &&
2561 (val & IDE_CMD_RESET)) {
2562 /* reset low to high */
2563 for(i = 0;i < 2; i++) {
2564 s = &ide_if[i];
2565 s->status = BUSY_STAT | SEEK_STAT;
2566 s->error = 0x01;
2567 }
2568 } else if ((ide_if[0].cmd & IDE_CMD_RESET) &&
2569 !(val & IDE_CMD_RESET)) {
2570 /* high to low */
2571 for(i = 0;i < 2; i++) {
2572 s = &ide_if[i];
2573 if (s->is_cdrom)
2574 s->status = 0x00; /* NOTE: READY is _not_ set */
2575 else
2576 s->status = READY_STAT | SEEK_STAT;
2577 ide_set_signature(s);
2578 }
2579 }
2580
2581 ide_if[0].cmd = val;
2582 ide_if[1].cmd = val;
2583 }
2584
2585 static void ide_data_writew(void *opaque, uint32_t addr, uint32_t val)
2586 {
2587 IDEState *s = ((IDEState *)opaque)->cur_drive;
2588 uint8_t *p;
2589
2590 /* PIO data access allowed only when DRQ bit is set */
2591 if (!(s->status & DRQ_STAT))
2592 return;
2593
2594 p = s->data_ptr;
2595 *(uint16_t *)p = le16_to_cpu(val);
2596 p += 2;
2597 s->data_ptr = p;
2598 if (p >= s->data_end)
2599 s->end_transfer_func(s);
2600 }
2601
2602 static uint32_t ide_data_readw(void *opaque, uint32_t addr)
2603 {
2604 IDEState *s = ((IDEState *)opaque)->cur_drive;
2605 uint8_t *p;
2606 int ret;
2607
2608 /* PIO data access allowed only when DRQ bit is set */
2609 if (!(s->status & DRQ_STAT))
2610 return 0;
2611
2612 p = s->data_ptr;
2613 ret = cpu_to_le16(*(uint16_t *)p);
2614 p += 2;
2615 s->data_ptr = p;
2616 if (p >= s->data_end)
2617 s->end_transfer_func(s);
2618 return ret;
2619 }
2620
2621 static void ide_data_writel(void *opaque, uint32_t addr, uint32_t val)
2622 {
2623 IDEState *s = ((IDEState *)opaque)->cur_drive;
2624 uint8_t *p;
2625
2626 /* PIO data access allowed only when DRQ bit is set */
2627 if (!(s->status & DRQ_STAT))
2628 return;
2629
2630 p = s->data_ptr;
2631 *(uint32_t *)p = le32_to_cpu(val);
2632 p += 4;
2633 s->data_ptr = p;
2634 if (p >= s->data_end)
2635 s->end_transfer_func(s);
2636 }
2637
2638 static uint32_t ide_data_readl(void *opaque, uint32_t addr)
2639 {
2640 IDEState *s = ((IDEState *)opaque)->cur_drive;
2641 uint8_t *p;
2642 int ret;
2643
2644 /* PIO data access allowed only when DRQ bit is set */
2645 if (!(s->status & DRQ_STAT))
2646 return 0;
2647
2648 p = s->data_ptr;
2649 ret = cpu_to_le32(*(uint32_t *)p);
2650 p += 4;
2651 s->data_ptr = p;
2652 if (p >= s->data_end)
2653 s->end_transfer_func(s);
2654 return ret;
2655 }
2656
2657 static void ide_dummy_transfer_stop(IDEState *s)
2658 {
2659 s->data_ptr = s->io_buffer;
2660 s->data_end = s->io_buffer;
2661 s->io_buffer[0] = 0xff;
2662 s->io_buffer[1] = 0xff;
2663 s->io_buffer[2] = 0xff;
2664 s->io_buffer[3] = 0xff;
2665 }
2666
2667 static void ide_reset(IDEState *s)
2668 {
2669 if (s->is_cf)
2670 s->mult_sectors = 0;
2671 else
2672 s->mult_sectors = MAX_MULT_SECTORS;
2673 s->cur_drive = s;
2674 s->select = 0xa0;
2675 s->status = READY_STAT | SEEK_STAT;
2676 ide_set_signature(s);
2677 /* init the transfer handler so that 0xffff is returned on data
2678 accesses */
2679 s->end_transfer_func = ide_dummy_transfer_stop;
2680 ide_dummy_transfer_stop(s);
2681 s->media_changed = 0;
2682 }
2683
2684 static void ide_init2(IDEState *ide_state,
2685 BlockDriverState *hd0, BlockDriverState *hd1,
2686 qemu_irq irq)
2687 {
2688 IDEState *s;
2689 static int drive_serial = 1;
2690 int i, cylinders, heads, secs;
2691 uint64_t nb_sectors;
2692
2693 for(i = 0; i < 2; i++) {
2694 s = ide_state + i;
2695 s->io_buffer = qemu_memalign(512, IDE_DMA_BUF_SECTORS*512 + 4);
2696 if (i == 0)
2697 s->bs = hd0;
2698 else
2699 s->bs = hd1;
2700 if (s->bs) {
2701 bdrv_get_geometry(s->bs, &nb_sectors);
2702 bdrv_guess_geometry(s->bs, &cylinders, &heads, &secs);
2703 s->cylinders = cylinders;
2704 s->heads = heads;
2705 s->sectors = secs;
2706 s->nb_sectors = nb_sectors;
2707
2708 if (bdrv_get_type_hint(s->bs) == BDRV_TYPE_CDROM) {
2709 s->is_cdrom = 1;
2710 bdrv_set_change_cb(s->bs, cdrom_change_cb, s);
2711 }
2712 }
2713 s->drive_serial = drive_serial++;
2714 strncpy(s->drive_serial_str, drive_get_serial(s->bs),
2715 sizeof(s->drive_serial_str));
2716 if (strlen(s->drive_serial_str) == 0)
2717 snprintf(s->drive_serial_str, sizeof(s->drive_serial_str),
2718 "QM%05d", s->drive_serial);
2719 s->irq = irq;
2720 s->sector_write_timer = qemu_new_timer(vm_clock,
2721 ide_sector_write_timer_cb, s);
2722 ide_reset(s);
2723 }
2724 }
2725
2726 static void ide_init_ioport(IDEState *ide_state, int iobase, int iobase2)
2727 {
2728 register_ioport_write(iobase, 8, 1, ide_ioport_write, ide_state);
2729 register_ioport_read(iobase, 8, 1, ide_ioport_read, ide_state);
2730 if (iobase2) {
2731 register_ioport_read(iobase2, 1, 1, ide_status_read, ide_state);
2732 register_ioport_write(iobase2, 1, 1, ide_cmd_write, ide_state);
2733 }
2734
2735 /* data ports */
2736 register_ioport_write(iobase, 2, 2, ide_data_writew, ide_state);
2737 register_ioport_read(iobase, 2, 2, ide_data_readw, ide_state);
2738 register_ioport_write(iobase, 4, 4, ide_data_writel, ide_state);
2739 register_ioport_read(iobase, 4, 4, ide_data_readl, ide_state);
2740 }
2741
2742 /* save per IDE drive data */
2743 static void ide_save(QEMUFile* f, IDEState *s)
2744 {
2745 qemu_put_be32(f, s->mult_sectors);
2746 qemu_put_be32(f, s->identify_set);
2747 if (s->identify_set) {
2748 qemu_put_buffer(f, (const uint8_t *)s->identify_data, 512);
2749 }
2750 qemu_put_8s(f, &s->feature);
2751 qemu_put_8s(f, &s->error);
2752 qemu_put_be32s(f, &s->nsector);
2753 qemu_put_8s(f, &s->sector);
2754 qemu_put_8s(f, &s->lcyl);
2755 qemu_put_8s(f, &s->hcyl);
2756 qemu_put_8s(f, &s->hob_feature);
2757 qemu_put_8s(f, &s->hob_nsector);
2758 qemu_put_8s(f, &s->hob_sector);
2759 qemu_put_8s(f, &s->hob_lcyl);
2760 qemu_put_8s(f, &s->hob_hcyl);
2761 qemu_put_8s(f, &s->select);
2762 qemu_put_8s(f, &s->status);
2763 qemu_put_8s(f, &s->lba48);
2764
2765 qemu_put_8s(f, &s->sense_key);
2766 qemu_put_8s(f, &s->asc);
2767 /* XXX: if a transfer is pending, we do not save it yet */
2768 }
2769
2770 /* load per IDE drive data */
2771 static void ide_load(QEMUFile* f, IDEState *s)
2772 {
2773 s->mult_sectors=qemu_get_be32(f);
2774 s->identify_set=qemu_get_be32(f);
2775 if (s->identify_set) {
2776 qemu_get_buffer(f, (uint8_t *)s->identify_data, 512);
2777 }
2778 qemu_get_8s(f, &s->feature);
2779 qemu_get_8s(f, &s->error);
2780 qemu_get_be32s(f, &s->nsector);
2781 qemu_get_8s(f, &s->sector);
2782 qemu_get_8s(f, &s->lcyl);
2783 qemu_get_8s(f, &s->hcyl);
2784 qemu_get_8s(f, &s->hob_feature);
2785 qemu_get_8s(f, &s->hob_nsector);
2786 qemu_get_8s(f, &s->hob_sector);
2787 qemu_get_8s(f, &s->hob_lcyl);
2788 qemu_get_8s(f, &s->hob_hcyl);
2789 qemu_get_8s(f, &s->select);
2790 qemu_get_8s(f, &s->status);
2791 qemu_get_8s(f, &s->lba48);
2792
2793 qemu_get_8s(f, &s->sense_key);
2794 qemu_get_8s(f, &s->asc);
2795 /* XXX: if a transfer is pending, we do not save it yet */
2796 }
2797
2798 /***********************************************************/
2799 /* ISA IDE definitions */
2800
2801 void isa_ide_init(int iobase, int iobase2, qemu_irq irq,
2802 BlockDriverState *hd0, BlockDriverState *hd1)
2803 {
2804 IDEState *ide_state;
2805
2806 ide_state = qemu_mallocz(sizeof(IDEState) * 2);
2807 if (!ide_state)
2808 return;
2809
2810 ide_init2(ide_state, hd0, hd1, irq);
2811 ide_init_ioport(ide_state, iobase, iobase2);
2812 }
2813
2814 /***********************************************************/
2815 /* PCI IDE definitions */
2816
2817 static void cmd646_update_irq(PCIIDEState *d);
2818
2819 static void ide_map(PCIDevice *pci_dev, int region_num,
2820 uint32_t addr, uint32_t size, int type)
2821 {
2822 PCIIDEState *d = (PCIIDEState *)pci_dev;
2823 IDEState *ide_state;
2824
2825 if (region_num <= 3) {
2826 ide_state = &d->ide_if[(region_num >> 1) * 2];
2827 if (region_num & 1) {
2828 register_ioport_read(addr + 2, 1, 1, ide_status_read, ide_state);
2829 register_ioport_write(addr + 2, 1, 1, ide_cmd_write, ide_state);
2830 } else {
2831 register_ioport_write(addr, 8, 1, ide_ioport_write, ide_state);
2832 register_ioport_read(addr, 8, 1, ide_ioport_read, ide_state);
2833
2834 /* data ports */
2835 register_ioport_write(addr, 2, 2, ide_data_writew, ide_state);
2836 register_ioport_read(addr, 2, 2, ide_data_readw, ide_state);
2837 register_ioport_write(addr, 4, 4, ide_data_writel, ide_state);
2838 register_ioport_read(addr, 4, 4, ide_data_readl, ide_state);
2839 }
2840 }
2841 }
2842
2843 static void ide_dma_start(IDEState *s, BlockDriverCompletionFunc *dma_cb)
2844 {
2845 BMDMAState *bm = s->bmdma;
2846 if(!bm)
2847 return;
2848 bm->ide_if = s;
2849 bm->dma_cb = dma_cb;
2850 bm->cur_prd_last = 0;
2851 bm->cur_prd_addr = 0;
2852 bm->cur_prd_len = 0;
2853 if (bm->status & BM_STATUS_DMAING) {
2854 bm->dma_cb(bm, 0);
2855 }
2856 }
2857
2858 static void ide_dma_cancel(BMDMAState *bm)
2859 {
2860 if (bm->status & BM_STATUS_DMAING) {
2861 bm->status &= ~BM_STATUS_DMAING;
2862 /* cancel DMA request */
2863 bm->ide_if = NULL;
2864 bm->dma_cb = NULL;
2865 if (bm->aiocb) {
2866 #ifdef DEBUG_AIO
2867 printf("aio_cancel\n");
2868 #endif
2869 bdrv_aio_cancel(bm->aiocb);
2870 bm->aiocb = NULL;
2871 }
2872 }
2873 }
2874
2875 static void bmdma_cmd_writeb(void *opaque, uint32_t addr, uint32_t val)
2876 {
2877 BMDMAState *bm = opaque;
2878 #ifdef DEBUG_IDE
2879 printf("%s: 0x%08x\n", __func__, val);
2880 #endif
2881 if (!(val & BM_CMD_START)) {
2882 /* XXX: do it better */
2883 ide_dma_cancel(bm);
2884 bm->cmd = val & 0x09;
2885 } else {
2886 if (!(bm->status & BM_STATUS_DMAING)) {
2887 bm->status |= BM_STATUS_DMAING;
2888 /* start dma transfer if possible */
2889 if (bm->dma_cb)
2890 bm->dma_cb(bm, 0);
2891 }
2892 bm->cmd = val & 0x09;
2893 }
2894 }
2895
2896 static uint32_t bmdma_readb(void *opaque, uint32_t addr)
2897 {
2898 BMDMAState *bm = opaque;
2899 PCIIDEState *pci_dev;
2900 uint32_t val;
2901
2902 switch(addr & 3) {
2903 case 0:
2904 val = bm->cmd;
2905 break;
2906 case 1:
2907 pci_dev = bm->pci_dev;
2908 if (pci_dev->type == IDE_TYPE_CMD646) {
2909 val = pci_dev->dev.config[MRDMODE];
2910 } else {
2911 val = 0xff;
2912 }
2913 break;
2914 case 2:
2915 val = bm->status;
2916 break;
2917 case 3:
2918 pci_dev = bm->pci_dev;
2919 if (pci_dev->type == IDE_TYPE_CMD646) {
2920 if (bm == &pci_dev->bmdma[0])
2921 val = pci_dev->dev.config[UDIDETCR0];
2922 else
2923 val = pci_dev->dev.config[UDIDETCR1];
2924 } else {
2925 val = 0xff;
2926 }
2927 break;
2928 default:
2929 val = 0xff;
2930 break;
2931 }
2932 #ifdef DEBUG_IDE
2933 printf("bmdma: readb 0x%02x : 0x%02x\n", addr, val);
2934 #endif
2935 return val;
2936 }
2937
2938 static void bmdma_writeb(void *opaque, uint32_t addr, uint32_t val)
2939 {
2940 BMDMAState *bm = opaque;
2941 PCIIDEState *pci_dev;
2942 #ifdef DEBUG_IDE
2943 printf("bmdma: writeb 0x%02x : 0x%02x\n", addr, val);
2944 #endif
2945 switch(addr & 3) {
2946 case 1:
2947 pci_dev = bm->pci_dev;
2948 if (pci_dev->type == IDE_TYPE_CMD646) {
2949 pci_dev->dev.config[MRDMODE] =
2950 (pci_dev->dev.config[MRDMODE] & ~0x30) | (val & 0x30);
2951 cmd646_update_irq(pci_dev);
2952 }
2953 break;
2954 case 2:
2955 bm->status = (val & 0x60) | (bm->status & 1) | (bm->status & ~val & 0x06);
2956 break;
2957 case 3:
2958 pci_dev = bm->pci_dev;
2959 if (pci_dev->type == IDE_TYPE_CMD646) {
2960 if (bm == &pci_dev->bmdma[0])
2961 pci_dev->dev.config[UDIDETCR0] = val;
2962 else
2963 pci_dev->dev.config[UDIDETCR1] = val;
2964 }
2965 break;
2966 }
2967 }
2968
2969 static uint32_t bmdma_addr_readb(void *opaque, uint32_t addr)
2970 {
2971 BMDMAState *bm = opaque;
2972 uint32_t val;
2973 val = (bm->addr >> ((addr & 3) * 8)) & 0xff;
2974 #ifdef DEBUG_IDE
2975 printf("%s: 0x%08x\n", __func__, val);
2976 #endif
2977 return val;
2978 }
2979
2980 static void bmdma_addr_writeb(void *opaque, uint32_t addr, uint32_t val)
2981 {
2982 BMDMAState *bm = opaque;
2983 int shift = (addr & 3) * 8;
2984 #ifdef DEBUG_IDE
2985 printf("%s: 0x%08x\n", __func__, val);
2986 #endif
2987 bm->addr &= ~(0xFF << shift);
2988 bm->addr |= ((val & 0xFF) << shift) & ~3;
2989 bm->cur_addr = bm->addr;
2990 }
2991
2992 static uint32_t bmdma_addr_readw(void *opaque, uint32_t addr)
2993 {
2994 BMDMAState *bm = opaque;
2995 uint32_t val;
2996 val = (bm->addr >> ((addr & 3) * 8)) & 0xffff;
2997 #ifdef DEBUG_IDE
2998 printf("%s: 0x%08x\n", __func__, val);
2999 #endif
3000 return val;
3001 }
3002
3003 static void bmdma_addr_writew(void *opaque, uint32_t addr, uint32_t val)
3004 {
3005 BMDMAState *bm = opaque;
3006 int shift = (addr & 3) * 8;
3007 #ifdef DEBUG_IDE
3008 printf("%s: 0x%08x\n", __func__, val);
3009 #endif
3010 bm->addr &= ~(0xFFFF << shift);
3011 bm->addr |= ((val & 0xFFFF) << shift) & ~3;
3012 bm->cur_addr = bm->addr;
3013 }
3014
3015 static uint32_t bmdma_addr_readl(void *opaque, uint32_t addr)
3016 {
3017 BMDMAState *bm = opaque;
3018 uint32_t val;
3019 val = bm->addr;
3020 #ifdef DEBUG_IDE
3021 printf("%s: 0x%08x\n", __func__, val);
3022 #endif
3023 return val;
3024 }
3025
3026 static void bmdma_addr_writel(void *opaque, uint32_t addr, uint32_t val)
3027 {
3028 BMDMAState *bm = opaque;
3029 #ifdef DEBUG_IDE
3030 printf("%s: 0x%08x\n", __func__, val);
3031 #endif
3032 bm->addr = val & ~3;
3033 bm->cur_addr = bm->addr;
3034 }
3035
3036 static void bmdma_map(PCIDevice *pci_dev, int region_num,
3037 uint32_t addr, uint32_t size, int type)
3038 {
3039 PCIIDEState *d = (PCIIDEState *)pci_dev;
3040 int i;
3041
3042 for(i = 0;i < 2; i++) {
3043 BMDMAState *bm = &d->bmdma[i];
3044 d->ide_if[2 * i].bmdma = bm;
3045 d->ide_if[2 * i + 1].bmdma = bm;
3046 bm->pci_dev = (PCIIDEState *)pci_dev;
3047
3048 register_ioport_write(addr, 1, 1, bmdma_cmd_writeb, bm);
3049
3050 register_ioport_write(addr + 1, 3, 1, bmdma_writeb, bm);
3051 register_ioport_read(addr, 4, 1, bmdma_readb, bm);
3052
3053 register_ioport_write(addr + 4, 4, 1, bmdma_addr_writeb, bm);
3054 register_ioport_read(addr + 4, 4, 1, bmdma_addr_readb, bm);
3055 register_ioport_write(addr + 4, 4, 2, bmdma_addr_writew, bm);
3056 register_ioport_read(addr + 4, 4, 2, bmdma_addr_readw, bm);
3057 register_ioport_write(addr + 4, 4, 4, bmdma_addr_writel, bm);
3058 register_ioport_read(addr + 4, 4, 4, bmdma_addr_readl, bm);
3059 addr += 8;
3060 }
3061 }
3062
3063 static void pci_ide_save(QEMUFile* f, void *opaque)
3064 {
3065 PCIIDEState *d = opaque;
3066 int i;
3067
3068 pci_device_save(&d->dev, f);
3069
3070 for(i = 0; i < 2; i++) {
3071 BMDMAState *bm = &d->bmdma[i];
3072 qemu_put_8s(f, &bm->cmd);
3073 qemu_put_8s(f, &bm->status);
3074 qemu_put_be32s(f, &bm->addr);
3075 /* XXX: if a transfer is pending, we do not save it yet */
3076 }
3077
3078 /* per IDE interface data */
3079 for(i = 0; i < 2; i++) {
3080 IDEState *s = &d->ide_if[i * 2];
3081 uint8_t drive1_selected;
3082 qemu_put_8s(f, &s->cmd);
3083 drive1_selected = (s->cur_drive != s);
3084 qemu_put_8s(f, &drive1_selected);
3085 }
3086
3087 /* per IDE drive data */
3088 for(i = 0; i < 4; i++) {
3089 ide_save(f, &d->ide_if[i]);
3090 }
3091 }
3092
3093 static int pci_ide_load(QEMUFile* f, void *opaque, int version_id)
3094 {
3095 PCIIDEState *d = opaque;
3096 int ret, i;
3097
3098 if (version_id != 1)
3099 return -EINVAL;
3100 ret = pci_device_load(&d->dev, f);
3101 if (ret < 0)
3102 return ret;
3103
3104 for(i = 0; i < 2; i++) {
3105 BMDMAState *bm = &d->bmdma[i];
3106 qemu_get_8s(f, &bm->cmd);
3107 qemu_get_8s(f, &bm->status);
3108 qemu_get_be32s(f, &bm->addr);
3109 /* XXX: if a transfer is pending, we do not save it yet */
3110 }
3111
3112 /* per IDE interface data */
3113 for(i = 0; i < 2; i++) {
3114 IDEState *s = &d->ide_if[i * 2];
3115 uint8_t drive1_selected;
3116 qemu_get_8s(f, &s->cmd);
3117 qemu_get_8s(f, &drive1_selected);
3118 s->cur_drive = &d->ide_if[i * 2 + (drive1_selected != 0)];
3119 }
3120
3121 /* per IDE drive data */
3122 for(i = 0; i < 4; i++) {
3123 ide_load(f, &d->ide_if[i]);
3124 }
3125 return 0;
3126 }
3127
3128 /* XXX: call it also when the MRDMODE is changed from the PCI config
3129 registers */
3130 static void cmd646_update_irq(PCIIDEState *d)
3131 {
3132 int pci_level;
3133 pci_level = ((d->dev.config[MRDMODE] & MRDMODE_INTR_CH0) &&
3134 !(d->dev.config[MRDMODE] & MRDMODE_BLK_CH0)) ||
3135 ((d->dev.config[MRDMODE] & MRDMODE_INTR_CH1) &&
3136 !(d->dev.config[MRDMODE] & MRDMODE_BLK_CH1));
3137 qemu_set_irq(d->dev.irq[0], pci_level);
3138 }
3139
3140 /* the PCI irq level is the logical OR of the two channels */
3141 static void cmd646_set_irq(void *opaque, int channel, int level)
3142 {
3143 PCIIDEState *d = opaque;
3144 int irq_mask;
3145
3146 irq_mask = MRDMODE_INTR_CH0 << channel;
3147 if (level)
3148 d->dev.config[MRDMODE] |= irq_mask;
3149 else
3150 d->dev.config[MRDMODE] &= ~irq_mask;
3151 cmd646_update_irq(d);
3152 }
3153
3154 static void cmd646_reset(void *opaque)
3155 {
3156 PCIIDEState *d = opaque;
3157 unsigned int i;
3158
3159 for (i = 0; i < 2; i++)
3160 ide_dma_cancel(&d->bmdma[i]);
3161 }
3162
3163 /* CMD646 PCI IDE controller */
3164 void pci_cmd646_ide_init(PCIBus *bus, BlockDriverState **hd_table,
3165 int secondary_ide_enabled)
3166 {
3167 PCIIDEState *d;
3168 uint8_t *pci_conf;
3169 int i;
3170 qemu_irq *irq;
3171
3172 d = (PCIIDEState *)pci_register_device(bus, "CMD646 IDE",
3173 sizeof(PCIIDEState),
3174 -1,
3175 NULL, NULL);
3176 d->type = IDE_TYPE_CMD646;
3177 pci_conf = d->dev.config;
3178 pci_conf[0x00] = 0x95; // CMD646
3179 pci_conf[0x01] = 0x10;
3180 pci_conf[0x02] = 0x46;
3181 pci_conf[0x03] = 0x06;
3182
3183 pci_conf[0x08] = 0x07; // IDE controller revision
3184 pci_conf[0x09] = 0x8f;
3185
3186 pci_conf[0x0a] = 0x01; // class_sub = PCI_IDE
3187 pci_conf[0x0b] = 0x01; // class_base = PCI_mass_storage
3188 pci_conf[0x0e] = 0x00; // header_type
3189
3190 pci_conf[0x51] = 0x04; // enable IDE0
3191 if (secondary_ide_enabled) {
3192 /* XXX: if not enabled, really disable the seconday IDE controller */
3193 pci_conf[0x51] |= 0x08; /* enable IDE1 */
3194 }
3195
3196 pci_register_io_region((PCIDevice *)d, 0, 0x8,
3197 PCI_ADDRESS_SPACE_IO, ide_map);
3198 pci_register_io_region((PCIDevice *)d, 1, 0x4,
3199 PCI_ADDRESS_SPACE_IO, ide_map);
3200 pci_register_io_region((PCIDevice *)d, 2, 0x8,
3201 PCI_ADDRESS_SPACE_IO, ide_map);
3202 pci_register_io_region((PCIDevice *)d, 3, 0x4,
3203 PCI_ADDRESS_SPACE_IO, ide_map);
3204 pci_register_io_region((PCIDevice *)d, 4, 0x10,
3205 PCI_ADDRESS_SPACE_IO, bmdma_map);
3206
3207 pci_conf[0x3d] = 0x01; // interrupt on pin 1
3208
3209 for(i = 0; i < 4; i++)
3210 d->ide_if[i].pci_dev = (PCIDevice *)d;
3211
3212 irq = qemu_allocate_irqs(cmd646_set_irq, d, 2);
3213 ide_init2(&d->ide_if[0], hd_table[0], hd_table[1], irq[0]);
3214 ide_init2(&d->ide_if[2], hd_table[2], hd_table[3], irq[1]);
3215
3216 register_savevm("ide", 0, 1, pci_ide_save, pci_ide_load, d);
3217 qemu_register_reset(cmd646_reset, d);
3218 cmd646_reset(d);
3219 }
3220
3221 static void piix3_reset(void *opaque)
3222 {
3223 PCIIDEState *d = opaque;
3224 uint8_t *pci_conf = d->dev.config;
3225 int i;
3226
3227 for (i = 0; i < 2; i++)
3228 ide_dma_cancel(&d->bmdma[i]);
3229
3230 pci_conf[0x04] = 0x00;
3231 pci_conf[0x05] = 0x00;
3232 pci_conf[0x06] = 0x80; /* FBC */
3233 pci_conf[0x07] = 0x02; // PCI_status_devsel_medium
3234 pci_conf[0x20] = 0x01; /* BMIBA: 20-23h */
3235 }
3236
3237 /* hd_table must contain 4 block drivers */
3238 /* NOTE: for the PIIX3, the IRQs and IOports are hardcoded */
3239 void pci_piix3_ide_init(PCIBus *bus, BlockDriverState **hd_table, int devfn,
3240 qemu_irq *pic)
3241 {
3242 PCIIDEState *d;
3243 uint8_t *pci_conf;
3244 int i;
3245
3246 /* register a function 1 of PIIX3 */
3247 d = (PCIIDEState *)pci_register_device(bus, "PIIX3 IDE",
3248 sizeof(PCIIDEState),
3249 devfn,
3250 NULL, NULL);
3251 d->type = IDE_TYPE_PIIX3;
3252
3253 pci_conf = d->dev.config;
3254 pci_conf[0x00] = 0x86; // Intel
3255 pci_conf[0x01] = 0x80;
3256 pci_conf[0x02] = 0x10;
3257 pci_conf[0x03] = 0x70;
3258 pci_conf[0x09] = 0x80; // legacy ATA mode
3259 pci_conf[0x0a] = 0x01; // class_sub = PCI_IDE
3260 pci_conf[0x0b] = 0x01; // class_base = PCI_mass_storage
3261 pci_conf[0x0e] = 0x00; // header_type
3262
3263 qemu_register_reset(piix3_reset, d);
3264 piix3_reset(d);
3265
3266 pci_register_io_region((PCIDevice *)d, 4, 0x10,
3267 PCI_ADDRESS_SPACE_IO, bmdma_map);
3268
3269 ide_init2(&d->ide_if[0], hd_table[0], hd_table[1], pic[14]);
3270 ide_init2(&d->ide_if[2], hd_table[2], hd_table[3], pic[15]);
3271 ide_init_ioport(&d->ide_if[0], 0x1f0, 0x3f6);
3272 ide_init_ioport(&d->ide_if[2], 0x170, 0x376);
3273
3274 for (i = 0; i < 4; i++)
3275 if (hd_table[i])
3276 hd_table[i]->devfn = d->dev.devfn;
3277
3278 register_savevm("ide", 0, 1, pci_ide_save, pci_ide_load, d);
3279 }
3280
3281 /* hd_table must contain 4 block drivers */
3282 /* NOTE: for the PIIX4, the IRQs and IOports are hardcoded */
3283 void pci_piix4_ide_init(PCIBus *bus, BlockDriverState **hd_table, int devfn,
3284 qemu_irq *pic)
3285 {
3286 PCIIDEState *d;
3287 uint8_t *pci_conf;
3288
3289 /* register a function 1 of PIIX4 */
3290 d = (PCIIDEState *)pci_register_device(bus, "PIIX4 IDE",
3291 sizeof(PCIIDEState),
3292 devfn,
3293 NULL, NULL);
3294 d->type = IDE_TYPE_PIIX4;
3295
3296 pci_conf = d->dev.config;
3297 pci_conf[0x00] = 0x86; // Intel
3298 pci_conf[0x01] = 0x80;
3299 pci_conf[0x02] = 0x11;
3300 pci_conf[0x03] = 0x71;
3301 pci_conf[0x09] = 0x80; // legacy ATA mode
3302 pci_conf[0x0a] = 0x01; // class_sub = PCI_IDE
3303 pci_conf[0x0b] = 0x01; // class_base = PCI_mass_storage
3304 pci_conf[0x0e] = 0x00; // header_type
3305
3306 qemu_register_reset(piix3_reset, d);
3307 piix3_reset(d);
3308
3309 pci_register_io_region((PCIDevice *)d, 4, 0x10,
3310 PCI_ADDRESS_SPACE_IO, bmdma_map);
3311
3312 ide_init2(&d->ide_if[0], hd_table[0], hd_table[1], pic[14]);
3313 ide_init2(&d->ide_if[2], hd_table[2], hd_table[3], pic[15]);
3314 ide_init_ioport(&d->ide_if[0], 0x1f0, 0x3f6);
3315 ide_init_ioport(&d->ide_if[2], 0x170, 0x376);
3316
3317 register_savevm("ide", 0, 1, pci_ide_save, pci_ide_load, d);
3318 }
3319
3320 /***********************************************************/
3321 /* MacIO based PowerPC IDE */
3322
3323 /* PowerMac IDE memory IO */
3324 static void pmac_ide_writeb (void *opaque,
3325 target_phys_addr_t addr, uint32_t val)
3326 {
3327 addr = (addr & 0xFFF) >> 4;
3328 switch (addr) {
3329 case 1 ... 7:
3330 ide_ioport_write(opaque, addr, val);
3331 break;
3332 case 8:
3333 case 22:
3334 ide_cmd_write(opaque, 0, val);
3335 break;
3336 default:
3337 break;
3338 }
3339 }
3340
3341 static uint32_t pmac_ide_readb (void *opaque,target_phys_addr_t addr)
3342 {
3343 uint8_t retval;
3344
3345 addr = (addr & 0xFFF) >> 4;
3346 switch (addr) {
3347 case 1 ... 7:
3348 retval = ide_ioport_read(opaque, addr);
3349 break;
3350 case 8:
3351 case 22:
3352 retval = ide_status_read(opaque, 0);
3353 break;
3354 default:
3355 retval = 0xFF;
3356 break;
3357 }
3358 return retval;
3359 }
3360
3361 static void pmac_ide_writew (void *opaque,
3362 target_phys_addr_t addr, uint32_t val)
3363 {
3364 addr = (addr & 0xFFF) >> 4;
3365 #ifdef TARGET_WORDS_BIGENDIAN
3366 val = bswap16(val);
3367 #endif
3368 if (addr == 0) {
3369 ide_data_writew(opaque, 0, val);
3370 }
3371 }
3372
3373 static uint32_t pmac_ide_readw (void *opaque,target_phys_addr_t addr)
3374 {
3375 uint16_t retval;
3376
3377 addr = (addr & 0xFFF) >> 4;
3378 if (addr == 0) {
3379 retval = ide_data_readw(opaque, 0);
3380 } else {
3381 retval = 0xFFFF;
3382 }
3383 #ifdef TARGET_WORDS_BIGENDIAN
3384 retval = bswap16(retval);
3385 #endif
3386 return retval;
3387 }
3388
3389 static void pmac_ide_writel (void *opaque,
3390 target_phys_addr_t addr, uint32_t val)
3391 {
3392 addr = (addr & 0xFFF) >> 4;
3393 #ifdef TARGET_WORDS_BIGENDIAN
3394 val = bswap32(val);
3395 #endif
3396 if (addr == 0) {
3397 ide_data_writel(opaque, 0, val);
3398 }
3399 }
3400
3401 static uint32_t pmac_ide_readl (void *opaque,target_phys_addr_t addr)
3402 {
3403 uint32_t retval;
3404
3405 addr = (addr & 0xFFF) >> 4;
3406 if (addr == 0) {
3407 retval = ide_data_readl(opaque, 0);
3408 } else {
3409 retval = 0xFFFFFFFF;
3410 }
3411 #ifdef TARGET_WORDS_BIGENDIAN
3412 retval = bswap32(retval);
3413 #endif
3414 return retval;
3415 }
3416
3417 static CPUWriteMemoryFunc *pmac_ide_write[] = {
3418 pmac_ide_writeb,
3419 pmac_ide_writew,
3420 pmac_ide_writel,
3421 };
3422
3423 static CPUReadMemoryFunc *pmac_ide_read[] = {
3424 pmac_ide_readb,
3425 pmac_ide_readw,
3426 pmac_ide_readl,
3427 };
3428
3429 static void pmac_ide_save(QEMUFile *f, void *opaque)
3430 {
3431 IDEState *s = (IDEState *)opaque;
3432 uint8_t drive1_selected;
3433 unsigned int i;
3434
3435 /* per IDE interface data */
3436 qemu_put_8s(f, &s->cmd);
3437 drive1_selected = (s->cur_drive != s);
3438 qemu_put_8s(f, &drive1_selected);
3439
3440 /* per IDE drive data */
3441 for(i = 0; i < 2; i++) {
3442 ide_save(f, &s[i]);
3443 }
3444 }
3445
3446 static int pmac_ide_load(QEMUFile *f, void *opaque, int version_id)
3447 {
3448 IDEState *s = (IDEState *)opaque;
3449 uint8_t drive1_selected;
3450 unsigned int i;
3451
3452 if (version_id != 1)
3453 return -EINVAL;
3454
3455 /* per IDE interface data */
3456 qemu_get_8s(f, &s->cmd);
3457 qemu_get_8s(f, &drive1_selected);
3458 s->cur_drive = &s[(drive1_selected != 0)];
3459
3460 /* per IDE drive data */
3461 for(i = 0; i < 2; i++) {
3462 ide_load(f, &s[i]);
3463 }
3464 return 0;
3465 }
3466
3467 static void pmac_ide_reset(void *opaque)
3468 {
3469 IDEState *s = (IDEState *)opaque;
3470
3471 ide_reset(&s[0]);
3472 ide_reset(&s[1]);
3473 }
3474
3475 /* hd_table must contain 4 block drivers */
3476 /* PowerMac uses memory mapped registers, not I/O. Return the memory
3477 I/O index to access the ide. */
3478 int pmac_ide_init (BlockDriverState **hd_table, qemu_irq irq)
3479 {
3480 IDEState *ide_if;
3481 int pmac_ide_memory;
3482
3483 ide_if = qemu_mallocz(sizeof(IDEState) * 2);
3484 ide_init2(&ide_if[0], hd_table[0], hd_table[1], irq);
3485
3486 pmac_ide_memory = cpu_register_io_memory(0, pmac_ide_read,
3487 pmac_ide_write, &ide_if[0]);
3488 register_savevm("ide", 0, 1, pmac_ide_save, pmac_ide_load, &ide_if[0]);
3489 qemu_register_reset(pmac_ide_reset, &ide_if[0]);
3490 pmac_ide_reset(&ide_if[0]);
3491 return pmac_ide_memory;
3492 }
3493
3494 /***********************************************************/
3495 /* MMIO based ide port
3496 * This emulates IDE device connected directly to the CPU bus without
3497 * dedicated ide controller, which is often seen on embedded boards.
3498 */
3499
3500 typedef struct {
3501 void *dev;
3502 int shift;
3503 } MMIOState;
3504
3505 static uint32_t mmio_ide_read (void *opaque, target_phys_addr_t addr)
3506 {
3507 MMIOState *s = (MMIOState*)opaque;
3508 IDEState *ide = (IDEState*)s->dev;
3509 addr >>= s->shift;
3510 if (addr & 7)
3511 return ide_ioport_read(ide, addr);
3512 else
3513 return ide_data_readw(ide, 0);
3514 }
3515
3516 static void mmio_ide_write (void *opaque, target_phys_addr_t addr,
3517 uint32_t val)
3518 {
3519 MMIOState *s = (MMIOState*)opaque;
3520 IDEState *ide = (IDEState*)s->dev;
3521 addr >>= s->shift;
3522 if (addr & 7)
3523 ide_ioport_write(ide, addr, val);
3524 else
3525 ide_data_writew(ide, 0, val);
3526 }
3527
3528 static CPUReadMemoryFunc *mmio_ide_reads[] = {
3529 mmio_ide_read,
3530 mmio_ide_read,
3531 mmio_ide_read,
3532 };
3533
3534 static CPUWriteMemoryFunc *mmio_ide_writes[] = {
3535 mmio_ide_write,
3536 mmio_ide_write,
3537 mmio_ide_write,
3538 };
3539
3540 static uint32_t mmio_ide_status_read (void *opaque, target_phys_addr_t addr)
3541 {
3542 MMIOState *s= (MMIOState*)opaque;
3543 IDEState *ide = (IDEState*)s->dev;
3544 return ide_status_read(ide, 0);
3545 }
3546
3547 static void mmio_ide_cmd_write (void *opaque, target_phys_addr_t addr,
3548 uint32_t val)
3549 {
3550 MMIOState *s = (MMIOState*)opaque;
3551 IDEState *ide = (IDEState*)s->dev;
3552 ide_cmd_write(ide, 0, val);
3553 }
3554
3555 static CPUReadMemoryFunc *mmio_ide_status[] = {
3556 mmio_ide_status_read,
3557 mmio_ide_status_read,
3558 mmio_ide_status_read,
3559 };
3560
3561 static CPUWriteMemoryFunc *mmio_ide_cmd[] = {
3562 mmio_ide_cmd_write,
3563 mmio_ide_cmd_write,
3564 mmio_ide_cmd_write,
3565 };
3566
3567 void mmio_ide_init (target_phys_addr_t membase, target_phys_addr_t membase2,
3568 qemu_irq irq, int shift,
3569 BlockDriverState *hd0, BlockDriverState *hd1)
3570 {
3571 MMIOState *s = qemu_mallocz(sizeof(MMIOState));
3572 IDEState *ide = qemu_mallocz(sizeof(IDEState) * 2);
3573 int mem1, mem2;
3574
3575 ide_init2(ide, hd0, hd1, irq);
3576
3577 s->dev = ide;
3578 s->shift = shift;
3579
3580 mem1 = cpu_register_io_memory(0, mmio_ide_reads, mmio_ide_writes, s);
3581 mem2 = cpu_register_io_memory(0, mmio_ide_status, mmio_ide_cmd, s);
3582 cpu_register_physical_memory(membase, 16 << shift, mem1);
3583 cpu_register_physical_memory(membase2, 2 << shift, mem2);
3584 }
3585
3586 /***********************************************************/
3587 /* CF-ATA Microdrive */
3588
3589 #define METADATA_SIZE 0x20
3590
3591 /* DSCM-1XXXX Microdrive hard disk with CF+ II / PCMCIA interface. */
3592 struct md_s {
3593 IDEState ide[2];
3594 struct pcmcia_card_s card;
3595 uint32_t attr_base;
3596 uint32_t io_base;
3597
3598 /* Card state */
3599 uint8_t opt;
3600 uint8_t stat;
3601 uint8_t pins;
3602
3603 uint8_t ctrl;
3604 uint16_t io;
3605 int cycle;
3606 };
3607
3608 /* Register bitfields */
3609 enum md_opt {
3610 OPT_MODE_MMAP = 0,
3611 OPT_MODE_IOMAP16 = 1,
3612 OPT_MODE_IOMAP1 = 2,
3613 OPT_MODE_IOMAP2 = 3,
3614 OPT_MODE = 0x3f,
3615 OPT_LEVIREQ = 0x40,
3616 OPT_SRESET = 0x80,
3617 };
3618 enum md_cstat {
3619 STAT_INT = 0x02,
3620 STAT_PWRDWN = 0x04,
3621 STAT_XE = 0x10,
3622 STAT_IOIS8 = 0x20,
3623 STAT_SIGCHG = 0x40,
3624 STAT_CHANGED = 0x80,
3625 };
3626 enum md_pins {
3627 PINS_MRDY = 0x02,
3628 PINS_CRDY = 0x20,
3629 };
3630 enum md_ctrl {
3631 CTRL_IEN = 0x02,
3632 CTRL_SRST = 0x04,
3633 };
3634
3635 static inline void md_interrupt_update(struct md_s *s)
3636 {
3637 if (!s->card.slot)
3638 return;
3639
3640 qemu_set_irq(s->card.slot->irq,
3641 !(s->stat & STAT_INT) && /* Inverted */
3642 !(s->ctrl & (CTRL_IEN | CTRL_SRST)) &&
3643 !(s->opt & OPT_SRESET));
3644 }
3645
3646 static void md_set_irq(void *opaque, int irq, int level)
3647 {
3648 struct md_s *s = (struct md_s *) opaque;
3649 if (level)
3650 s->stat |= STAT_INT;
3651 else
3652 s->stat &= ~STAT_INT;
3653
3654 md_interrupt_update(s);
3655 }
3656
3657 static void md_reset(struct md_s *s)
3658 {
3659 s->opt = OPT_MODE_MMAP;
3660 s->stat = 0;
3661 s->pins = 0;
3662 s->cycle = 0;
3663 s->ctrl = 0;
3664 ide_reset(s->ide);
3665 }
3666
3667 static uint8_t md_attr_read(void *opaque, uint32_t at)
3668 {
3669 struct md_s *s = (struct md_s *) opaque;
3670 if (at < s->attr_base) {
3671 if (at < s->card.cis_len)
3672 return s->card.cis[at];
3673 else
3674 return 0x00;
3675 }
3676
3677 at -= s->attr_base;
3678
3679 switch (at) {
3680 case 0x00: /* Configuration Option Register */
3681 return s->opt;
3682 case 0x02: /* Card Configuration Status Register */
3683 if (s->ctrl & CTRL_IEN)
3684 return s->stat & ~STAT_INT;
3685 else
3686 return s->stat;
3687 case 0x04: /* Pin Replacement Register */
3688 return (s->pins & PINS_CRDY) | 0x0c;
3689 case 0x06: /* Socket and Copy Register */
3690 return 0x00;
3691 #ifdef VERBOSE
3692 default:
3693 printf("%s: Bad attribute space register %02x\n", __FUNCTION__, at);
3694 #endif
3695 }
3696
3697 return 0;
3698 }
3699
3700 static void md_attr_write(void *opaque, uint32_t at, uint8_t value)
3701 {
3702 struct md_s *s = (struct md_s *) opaque;
3703 at -= s->attr_base;
3704
3705 switch (at) {
3706 case 0x00: /* Configuration Option Register */
3707 s->opt = value & 0xcf;
3708 if (value & OPT_SRESET)
3709 md_reset(s);
3710 md_interrupt_update(s);
3711 break;
3712 case 0x02: /* Card Configuration Status Register */
3713 if ((s->stat ^ value) & STAT_PWRDWN)
3714 s->pins |= PINS_CRDY;
3715 s->stat &= 0x82;
3716 s->stat |= value & 0x74;
3717 md_interrupt_update(s);
3718 /* Word 170 in Identify Device must be equal to STAT_XE */
3719 break;
3720 case 0x04: /* Pin Replacement Register */
3721 s->pins &= PINS_CRDY;
3722 s->pins |= value & PINS_MRDY;
3723 break;
3724 case 0x06: /* Socket and Copy Register */
3725 break;
3726 default:
3727 printf("%s: Bad attribute space register %02x\n", __FUNCTION__, at);
3728 }
3729 }
3730
3731 static uint16_t md_common_read(void *opaque, uint32_t at)
3732 {
3733 struct md_s *s = (struct md_s *) opaque;
3734 uint16_t ret;
3735 at -= s->io_base;
3736
3737 switch (s->opt & OPT_MODE) {
3738 case OPT_MODE_MMAP:
3739 if ((at & ~0x3ff) == 0x400)
3740 at = 0;
3741 break;
3742 case OPT_MODE_IOMAP16:
3743 at &= 0xf;
3744 break;
3745 case OPT_MODE_IOMAP1:
3746 if ((at & ~0xf) == 0x3f0)
3747 at -= 0x3e8;
3748 else if ((at & ~0xf) == 0x1f0)
3749 at -= 0x1f0;
3750 break;
3751 case OPT_MODE_IOMAP2:
3752 if ((at & ~0xf) == 0x370)
3753 at -= 0x368;
3754 else if ((at & ~0xf) == 0x170)
3755 at -= 0x170;
3756 }
3757
3758 switch (at) {
3759 case 0x0: /* Even RD Data */
3760 case 0x8:
3761 return ide_data_readw(s->ide, 0);
3762
3763 /* TODO: 8-bit accesses */
3764 if (s->cycle)
3765 ret = s->io >> 8;
3766 else {
3767 s->io = ide_data_readw(s->ide, 0);
3768 ret = s->io & 0xff;
3769 }
3770 s->cycle = !s->cycle;
3771 return ret;
3772 case 0x9: /* Odd RD Data */
3773 return s->io >> 8;
3774 case 0xd: /* Error */
3775 return ide_ioport_read(s->ide, 0x1);
3776 case 0xe: /* Alternate Status */
3777 if (s->ide->cur_drive->bs)
3778 return s->ide->cur_drive->status;
3779 else
3780 return 0;
3781 case 0xf: /* Device Address */
3782 return 0xc2 | ((~s->ide->select << 2) & 0x3c);
3783 default:
3784 return ide_ioport_read(s->ide, at);
3785 }
3786
3787 return 0;
3788 }
3789
3790 static void md_common_write(void *opaque, uint32_t at, uint16_t value)
3791 {
3792 struct md_s *s = (struct md_s *) opaque;
3793 at -= s->io_base;
3794
3795 switch (s->opt & OPT_MODE) {
3796 case OPT_MODE_MMAP:
3797 if ((at & ~0x3ff) == 0x400)
3798 at = 0;
3799 break;
3800 case OPT_MODE_IOMAP16:
3801 at &= 0xf;
3802 break;
3803 case OPT_MODE_IOMAP1:
3804 if ((at & ~0xf) == 0x3f0)
3805 at -= 0x3e8;
3806 else if ((at & ~0xf) == 0x1f0)
3807 at -= 0x1f0;
3808 break;
3809 case OPT_MODE_IOMAP2:
3810 if ((at & ~0xf) == 0x370)
3811 at -= 0x368;
3812 else if ((at & ~0xf) == 0x170)
3813 at -= 0x170;
3814 }
3815
3816 switch (at) {
3817 case 0x0: /* Even WR Data */
3818 case 0x8:
3819 ide_data_writew(s->ide, 0, value);
3820 break;
3821
3822 /* TODO: 8-bit accesses */
3823 if (s->cycle)
3824 ide_data_writew(s->ide, 0, s->io | (value << 8));
3825 else
3826 s->io = value & 0xff;
3827 s->cycle = !s->cycle;
3828 break;
3829 case 0x9:
3830 s->io = value & 0xff;
3831 s->cycle = !s->cycle;
3832 break;
3833 case 0xd: /* Features */
3834 ide_ioport_write(s->ide, 0x1, value);
3835 break;
3836 case 0xe: /* Device Control */
3837 s->ctrl = value;
3838 if (value & CTRL_SRST)
3839 md_reset(s);
3840 md_interrupt_update(s);
3841 break;
3842 default:
3843 if (s->stat & STAT_PWRDWN) {
3844 s->pins |= PINS_CRDY;
3845 s->stat &= ~STAT_PWRDWN;
3846 }
3847 ide_ioport_write(s->ide, at, value);
3848 }
3849 }
3850
3851 static void md_save(QEMUFile *f, void *opaque)
3852 {
3853 struct md_s *s = (struct md_s *) opaque;
3854 int i;
3855 uint8_t drive1_selected;
3856
3857 qemu_put_8s(f, &s->opt);
3858 qemu_put_8s(f, &s->stat);
3859 qemu_put_8s(f, &s->pins);
3860
3861 qemu_put_8s(f, &s->ctrl);
3862 qemu_put_be16s(f, &s->io);
3863 qemu_put_byte(f, s->cycle);
3864
3865 drive1_selected = (s->ide->cur_drive != s->ide);
3866 qemu_put_8s(f, &s->ide->cmd);
3867 qemu_put_8s(f, &drive1_selected);
3868
3869 for (i = 0; i < 2; i ++)
3870 ide_save(f, &s->ide[i]);
3871 }
3872
3873 static int md_load(QEMUFile *f, void *opaque, int version_id)
3874 {
3875 struct md_s *s = (struct md_s *) opaque;
3876 int i;
3877 uint8_t drive1_selected;
3878
3879 qemu_get_8s(f, &s->opt);
3880 qemu_get_8s(f, &s->stat);
3881 qemu_get_8s(f, &s->pins);
3882
3883 qemu_get_8s(f, &s->ctrl);
3884 qemu_get_be16s(f, &s->io);
3885 s->cycle = qemu_get_byte(f);
3886
3887 qemu_get_8s(f, &s->ide->cmd);
3888 qemu_get_8s(f, &drive1_selected);
3889 s->ide->cur_drive = &s->ide[(drive1_selected != 0)];
3890
3891 for (i = 0; i < 2; i ++)
3892 ide_load(f, &s->ide[i]);
3893
3894 return 0;
3895 }
3896
3897 static const uint8_t dscm1xxxx_cis[0x14a] = {
3898 [0x000] = CISTPL_DEVICE, /* 5V Device Information */
3899 [0x002] = 0x03, /* Tuple length = 4 bytes */
3900 [0x004] = 0xdb, /* ID: DTYPE_FUNCSPEC, non WP, DSPEED_150NS */
3901 [0x006] = 0x01, /* Size = 2K bytes */
3902 [0x008] = CISTPL_ENDMARK,
3903
3904 [0x00a] = CISTPL_DEVICE_OC, /* Additional Device Information */
3905 [0x00c] = 0x04, /* Tuple length = 4 byest */
3906 [0x00e] = 0x03, /* Conditions: Ext = 0, Vcc 3.3V, MWAIT = 1 */
3907 [0x010] = 0xdb, /* ID: DTYPE_FUNCSPEC, non WP, DSPEED_150NS */
3908 [0x012] = 0x01, /* Size = 2K bytes */
3909 [0x014] = CISTPL_ENDMARK,
3910
3911 [0x016] = CISTPL_JEDEC_C, /* JEDEC ID */
3912 [0x018] = 0x02, /* Tuple length = 2 bytes */
3913 [0x01a] = 0xdf, /* PC Card ATA with no Vpp required */
3914 [0x01c] = 0x01,
3915
3916 [0x01e] = CISTPL_MANFID, /* Manufacture ID */
3917 [0x020] = 0x04, /* Tuple length = 4 bytes */
3918 [0x022] = 0xa4, /* TPLMID_MANF = 00a4 (IBM) */
3919 [0x024] = 0x00,
3920 [0x026] = 0x00, /* PLMID_CARD = 0000 */
3921 [0x028] = 0x00,
3922
3923 [0x02a] = CISTPL_VERS_1, /* Level 1 Version */
3924 [0x02c] = 0x12, /* Tuple length = 23 bytes */
3925 [0x02e] = 0x04, /* Major Version = JEIDA 4.2 / PCMCIA 2.1 */
3926 [0x030] = 0x01, /* Minor Version = 1 */
3927 [0x032] = 'I',
3928 [0x034] = 'B',
3929 [0x036] = 'M',
3930 [0x038] = 0x00,
3931 [0x03a] = 'm',
3932 [0x03c] = 'i',
3933 [0x03e] = 'c',
3934 [0x040] = 'r',
3935 [0x042] = 'o',
3936 [0x044] = 'd',
3937 [0x046] = 'r',
3938 [0x048] = 'i',
3939 [0x04a] = 'v',
3940 [0x04c] = 'e',
3941 [0x04e] = 0x00,
3942 [0x050] = CISTPL_ENDMARK,
3943
3944 [0x052] = CISTPL_FUNCID, /* Function ID */
3945 [0x054] = 0x02, /* Tuple length = 2 bytes */
3946 [0x056] = 0x04, /* TPLFID_FUNCTION = Fixed Disk */
3947 [0x058] = 0x01, /* TPLFID_SYSINIT: POST = 1, ROM = 0 */
3948
3949 [0x05a] = CISTPL_FUNCE, /* Function Extension */
3950 [0x05c] = 0x02, /* Tuple length = 2 bytes */
3951 [0x05e] = 0x01, /* TPLFE_TYPE = Disk Device Interface */
3952 [0x060] = 0x01, /* TPLFE_DATA = PC Card ATA Interface */
3953
3954 [0x062] = CISTPL_FUNCE, /* Function Extension */
3955 [0x064] = 0x03, /* Tuple length = 3 bytes */
3956 [0x066] = 0x02, /* TPLFE_TYPE = Basic PC Card ATA Interface */
3957 [0x068] = 0x08, /* TPLFE_DATA: Rotating, Unique, Single */
3958 [0x06a] = 0x0f, /* TPLFE_DATA: Sleep, Standby, Idle, Auto */
3959
3960 [0x06c] = CISTPL_CONFIG, /* Configuration */
3961 [0x06e] = 0x05, /* Tuple length = 5 bytes */
3962 [0x070] = 0x01, /* TPCC_RASZ = 2 bytes, TPCC_RMSZ = 1 byte */
3963 [0x072] = 0x07, /* TPCC_LAST = 7 */
3964 [0x074] = 0x00, /* TPCC_RADR = 0200 */
3965 [0x076] = 0x02,
3966 [0x078] = 0x0f, /* TPCC_RMSK = 200, 202, 204, 206 */
3967
3968 [0x07a] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
3969 [0x07c] = 0x0b, /* Tuple length = 11 bytes */
3970 [0x07e] = 0xc0, /* TPCE_INDX = Memory Mode, Default, Iface */
3971 [0x080] = 0xc0, /* TPCE_IF = Memory, no BVDs, no WP, READY */
3972 [0x082] = 0xa1, /* TPCE_FS = Vcc only, no I/O, Memory, Misc */
3973 [0x084] = 0x27, /* NomV = 1, MinV = 1, MaxV = 1, Peakl = 1 */
3974 [0x086] = 0x55, /* NomV: 5.0 V */
3975 [0x088] = 0x4d, /* MinV: 4.5 V */
3976 [0x08a] = 0x5d, /* MaxV: 5.5 V */
3977 [0x08c] = 0x4e, /* Peakl: 450 mA */
3978 [0x08e] = 0x08, /* TPCE_MS = 1 window, 1 byte, Host address */
3979 [0x090] = 0x00, /* Window descriptor: Window length = 0 */
3980 [0x092] = 0x20, /* TPCE_MI: support power down mode, RW */
3981
3982 [0x094] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
3983 [0x096] = 0x06, /* Tuple length = 6 bytes */
3984 [0x098] = 0x00, /* TPCE_INDX = Memory Mode, no Default */
3985 [0x09a] = 0x01, /* TPCE_FS = Vcc only, no I/O, no Memory */
3986 [0x09c] = 0x21, /* NomV = 1, MinV = 0, MaxV = 0, Peakl = 1 */
3987 [0x09e] = 0xb5, /* NomV: 3.3 V */
3988 [0x0a0] = 0x1e,
3989 [0x0a2] = 0x3e, /* Peakl: 350 mA */
3990
3991 [0x0a4] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
3992 [0x0a6] = 0x0d, /* Tuple length = 13 bytes */
3993 [0x0a8] = 0xc1, /* TPCE_INDX = I/O and Memory Mode, Default */
3994 [0x0aa] = 0x41, /* TPCE_IF = I/O and Memory, no BVD, no WP */
3995 [0x0ac] = 0x99, /* TPCE_FS = Vcc only, I/O, Interrupt, Misc */
3996 [0x0ae] = 0x27, /* NomV = 1, MinV = 1, MaxV = 1, Peakl = 1 */
3997 [0x0b0] = 0x55, /* NomV: 5.0 V */
3998 [0x0b2] = 0x4d, /* MinV: 4.5 V */
3999 [0x0b4] = 0x5d, /* MaxV: 5.5 V */
4000 [0x0b6] = 0x4e, /* Peakl: 450 mA */
4001 [0x0b8] = 0x64, /* TPCE_IO = 16-byte boundary, 16/8 accesses */
4002 [0x0ba] = 0xf0, /* TPCE_IR = MASK, Level, Pulse, Share */
4003 [0x0bc] = 0xff, /* IRQ0..IRQ7 supported */
4004 [0x0be] = 0xff, /* IRQ8..IRQ15 supported */
4005 [0x0c0] = 0x20, /* TPCE_MI = support power down mode */
4006
4007 [0x0c2] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
4008 [0x0c4] = 0x06, /* Tuple length = 6 bytes */
4009 [0x0c6] = 0x01, /* TPCE_INDX = I/O and Memory Mode */
4010 [0x0c8] = 0x01, /* TPCE_FS = Vcc only, no I/O, no Memory */
4011 [0x0ca] = 0x21, /* NomV = 1, MinV = 0, MaxV = 0, Peakl = 1 */
4012 [0x0cc] = 0xb5, /* NomV: 3.3 V */
4013 [0x0ce] = 0x1e,
4014 [0x0d0] = 0x3e, /* Peakl: 350 mA */
4015
4016 [0x0d2] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
4017 [0x0d4] = 0x12, /* Tuple length = 18 bytes */
4018 [0x0d6] = 0xc2, /* TPCE_INDX = I/O Primary Mode */
4019 [0x0d8] = 0x41, /* TPCE_IF = I/O and Memory, no BVD, no WP */
4020 [0x0da] = 0x99, /* TPCE_FS = Vcc only, I/O, Interrupt, Misc */
4021 [0x0dc] = 0x27, /* NomV = 1, MinV = 1, MaxV = 1, Peakl = 1 */
4022 [0x0de] = 0x55, /* NomV: 5.0 V */
4023 [0x0e0] = 0x4d, /* MinV: 4.5 V */
4024 [0x0e2] = 0x5d, /* MaxV: 5.5 V */
4025 [0x0e4] = 0x4e, /* Peakl: 450 mA */
4026 [0x0e6] = 0xea, /* TPCE_IO = 1K boundary, 16/8 access, Range */
4027 [0x0e8] = 0x61, /* Range: 2 fields, 2 bytes addr, 1 byte len */
4028 [0x0ea] = 0xf0, /* Field 1 address = 0x01f0 */
4029 [0x0ec] = 0x01,
4030 [0x0ee] = 0x07, /* Address block length = 8 */
4031 [0x0f0] = 0xf6, /* Field 2 address = 0x03f6 */
4032 [0x0f2] = 0x03,
4033 [0x0f4] = 0x01, /* Address block length = 2 */
4034 [0x0f6] = 0xee, /* TPCE_IR = IRQ E, Level, Pulse, Share */
4035 [0x0f8] = 0x20, /* TPCE_MI = support power down mode */
4036
4037 [0x0fa] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
4038 [0x0fc] = 0x06, /* Tuple length = 6 bytes */
4039 [0x0fe] = 0x02, /* TPCE_INDX = I/O Primary Mode, no Default */
4040 [0x100] = 0x01, /* TPCE_FS = Vcc only, no I/O, no Memory */
4041 [0x102] = 0x21, /* NomV = 1, MinV = 0, MaxV = 0, Peakl = 1 */
4042 [0x104] = 0xb5, /* NomV: 3.3 V */
4043 [0x106] = 0x1e,
4044 [0x108] = 0x3e, /* Peakl: 350 mA */
4045
4046 [0x10a] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
4047 [0x10c] = 0x12, /* Tuple length = 18 bytes */
4048 [0x10e] = 0xc3, /* TPCE_INDX = I/O Secondary Mode, Default */
4049 [0x110] = 0x41, /* TPCE_IF = I/O and Memory, no BVD, no WP */
4050 [0x112] = 0x99, /* TPCE_FS = Vcc only, I/O, Interrupt, Misc */
4051 [0x114] = 0x27, /* NomV = 1, MinV = 1, MaxV = 1, Peakl = 1 */
4052 [0x116] = 0x55, /* NomV: 5.0 V */
4053 [0x118] = 0x4d, /* MinV: 4.5 V */
4054 [0x11a] = 0x5d, /* MaxV: 5.5 V */
4055 [0x11c] = 0x4e, /* Peakl: 450 mA */
4056 [0x11e] = 0xea, /* TPCE_IO = 1K boundary, 16/8 access, Range */
4057 [0x120] = 0x61, /* Range: 2 fields, 2 byte addr, 1 byte len */
4058 [0x122] = 0x70, /* Field 1 address = 0x0170 */
4059 [0x124] = 0x01,
4060 [0x126] = 0x07, /* Address block length = 8 */
4061 [0x128] = 0x76, /* Field 2 address = 0x0376 */
4062 [0x12a] = 0x03,
4063 [0x12c] = 0x01, /* Address block length = 2 */
4064 [0x12e] = 0xee, /* TPCE_IR = IRQ E, Level, Pulse, Share */
4065 [0x130] = 0x20, /* TPCE_MI = support power down mode */
4066
4067 [0x132] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
4068 [0x134] = 0x06, /* Tuple length = 6 bytes */
4069 [0x136] = 0x03, /* TPCE_INDX = I/O Secondary Mode */
4070 [0x138] = 0x01, /* TPCE_FS = Vcc only, no I/O, no Memory */
4071 [0x13a] = 0x21, /* NomV = 1, MinV = 0, MaxV = 0, Peakl = 1 */
4072 [0x13c] = 0xb5, /* NomV: 3.3 V */
4073 [0x13e] = 0x1e,
4074 [0x140] = 0x3e, /* Peakl: 350 mA */
4075
4076 [0x142] = CISTPL_NO_LINK, /* No Link */
4077 [0x144] = 0x00, /* Tuple length = 0 bytes */
4078
4079 [0x146] = CISTPL_END, /* Tuple End */
4080 };
4081
4082 static int dscm1xxxx_attach(void *opaque)
4083 {
4084 struct md_s *md = (struct md_s *) opaque;
4085 md->card.attr_read = md_attr_read;
4086 md->card.attr_write = md_attr_write;
4087 md->card.common_read = md_common_read;
4088 md->card.common_write = md_common_write;
4089 md->card.io_read = md_common_read;
4090 md->card.io_write = md_common_write;
4091
4092 md->attr_base = md->card.cis[0x74] | (md->card.cis[0x76] << 8);
4093 md->io_base = 0x0;
4094
4095 md_reset(md);
4096 md_interrupt_update(md);
4097
4098 md->card.slot->card_string = "DSCM-1xxxx Hitachi Microdrive";
4099 return 0;
4100 }
4101
4102 static int dscm1xxxx_detach(void *opaque)
4103 {
4104 struct md_s *md = (struct md_s *) opaque;
4105 md_reset(md);
4106 return 0;
4107 }
4108
4109 struct pcmcia_card_s *dscm1xxxx_init(BlockDriverState *bdrv)
4110 {
4111 struct md_s *md = (struct md_s *) qemu_mallocz(sizeof(struct md_s));
4112 md->card.state = md;
4113 md->card.attach = dscm1xxxx_attach;
4114 md->card.detach = dscm1xxxx_detach;
4115 md->card.cis = dscm1xxxx_cis;
4116 md->card.cis_len = sizeof(dscm1xxxx_cis);
4117
4118 ide_init2(md->ide, bdrv, 0, qemu_allocate_irqs(md_set_irq, md, 1)[0]);
4119 md->ide->is_cf = 1;
4120 md->ide->mdata_size = METADATA_SIZE;
4121 md->ide->mdata_storage = (uint8_t *) qemu_mallocz(METADATA_SIZE);
4122
4123 register_savevm("microdrive", -1, 0, md_save, md_load, md);
4124
4125 return &md->card;
4126 }
Patches shipped by Fedora