search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Merge branch 'qemu-cvs'
[qemu-kvm/fedora.git] / hw / ide.c
blob5c21a8b032f9b3250393022ea2b967527e911460
1 /*
2 * QEMU IDE disk and CD/DVD-ROM Emulator
3 *
4 * Copyright (c) 2003 Fabrice Bellard
5 * Copyright (c) 2006 Openedhand Ltd.
6 *
7 * Permission is hereby granted, free of charge, to any person obtaining a copy
8 * of this software and associated documentation files (the "Software"), to deal
9 * in the Software without restriction, including without limitation the rights
10 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
11 * copies of the Software, and to permit persons to whom the Software is
12 * furnished to do so, subject to the following conditions:
13 *
14 * The above copyright notice and this permission notice shall be included in
15 * all copies or substantial portions of the Software.
16 *
17 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
18 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
19 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
20 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
21 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
22 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
23 * THE SOFTWARE.
24 */
25 #include "hw.h"
26 #include "pc.h"
27 #include "pci.h"
28 #include "scsi-disk.h"
29 #include "pcmcia.h"
30 #include "block.h"
31 #include "qemu-timer.h"
32 #include "sysemu.h"
33 #include "ppc_mac.h"
34
35 /* debug IDE devices */
36 //#define DEBUG_IDE
37 //#define DEBUG_IDE_ATAPI
38 //#define DEBUG_AIO
39 #define USE_DMA_CDROM
40
41 /* Bits of HD_STATUS */
42 #define ERR_STAT 0x01
43 #define INDEX_STAT 0x02
44 #define ECC_STAT 0x04 /* Corrected error */
45 #define DRQ_STAT 0x08
46 #define SEEK_STAT 0x10
47 #define SRV_STAT 0x10
48 #define WRERR_STAT 0x20
49 #define READY_STAT 0x40
50 #define BUSY_STAT 0x80
51
52 /* Bits for HD_ERROR */
53 #define MARK_ERR 0x01 /* Bad address mark */
54 #define TRK0_ERR 0x02 /* couldn't find track 0 */
55 #define ABRT_ERR 0x04 /* Command aborted */
56 #define MCR_ERR 0x08 /* media change request */
57 #define ID_ERR 0x10 /* ID field not found */
58 #define MC_ERR 0x20 /* media changed */
59 #define ECC_ERR 0x40 /* Uncorrectable ECC error */
60 #define BBD_ERR 0x80 /* pre-EIDE meaning: block marked bad */
61 #define ICRC_ERR 0x80 /* new meaning: CRC error during transfer */
62
63 /* Bits of HD_NSECTOR */
64 #define CD 0x01
65 #define IO 0x02
66 #define REL 0x04
67 #define TAG_MASK 0xf8
68
69 #define IDE_CMD_RESET 0x04
70 #define IDE_CMD_DISABLE_IRQ 0x02
71
72 /* ATA/ATAPI Commands pre T13 Spec */
73 #define WIN_NOP 0x00
74 /*
75 * 0x01->0x02 Reserved
76 */
77 #define CFA_REQ_EXT_ERROR_CODE 0x03 /* CFA Request Extended Error Code */
78 /*
79 * 0x04->0x07 Reserved
80 */
81 #define WIN_SRST 0x08 /* ATAPI soft reset command */
82 #define WIN_DEVICE_RESET 0x08
83 /*
84 * 0x09->0x0F Reserved
85 */
86 #define WIN_RECAL 0x10
87 #define WIN_RESTORE WIN_RECAL
88 /*
89 * 0x10->0x1F Reserved
90 */
91 #define WIN_READ 0x20 /* 28-Bit */
92 #define WIN_READ_ONCE 0x21 /* 28-Bit without retries */
93 #define WIN_READ_LONG 0x22 /* 28-Bit */
94 #define WIN_READ_LONG_ONCE 0x23 /* 28-Bit without retries */
95 #define WIN_READ_EXT 0x24 /* 48-Bit */
96 #define WIN_READDMA_EXT 0x25 /* 48-Bit */
97 #define WIN_READDMA_QUEUED_EXT 0x26 /* 48-Bit */
98 #define WIN_READ_NATIVE_MAX_EXT 0x27 /* 48-Bit */
99 /*
100 * 0x28
101 */
102 #define WIN_MULTREAD_EXT 0x29 /* 48-Bit */
103 /*
104 * 0x2A->0x2F Reserved
105 */
106 #define WIN_WRITE 0x30 /* 28-Bit */
107 #define WIN_WRITE_ONCE 0x31 /* 28-Bit without retries */
108 #define WIN_WRITE_LONG 0x32 /* 28-Bit */
109 #define WIN_WRITE_LONG_ONCE 0x33 /* 28-Bit without retries */
110 #define WIN_WRITE_EXT 0x34 /* 48-Bit */
111 #define WIN_WRITEDMA_EXT 0x35 /* 48-Bit */
112 #define WIN_WRITEDMA_QUEUED_EXT 0x36 /* 48-Bit */
113 #define WIN_SET_MAX_EXT 0x37 /* 48-Bit */
114 #define CFA_WRITE_SECT_WO_ERASE 0x38 /* CFA Write Sectors without erase */
115 #define WIN_MULTWRITE_EXT 0x39 /* 48-Bit */
116 /*
117 * 0x3A->0x3B Reserved
118 */
119 #define WIN_WRITE_VERIFY 0x3C /* 28-Bit */
120 /*
121 * 0x3D->0x3F Reserved
122 */
123 #define WIN_VERIFY 0x40 /* 28-Bit - Read Verify Sectors */
124 #define WIN_VERIFY_ONCE 0x41 /* 28-Bit - without retries */
125 #define WIN_VERIFY_EXT 0x42 /* 48-Bit */
126 /*
127 * 0x43->0x4F Reserved
128 */
129 #define WIN_FORMAT 0x50
130 /*
131 * 0x51->0x5F Reserved
132 */
133 #define WIN_INIT 0x60
134 /*
135 * 0x61->0x5F Reserved
136 */
137 #define WIN_SEEK 0x70 /* 0x70-0x7F Reserved */
138 #define CFA_TRANSLATE_SECTOR 0x87 /* CFA Translate Sector */
139 #define WIN_DIAGNOSE 0x90
140 #define WIN_SPECIFY 0x91 /* set drive geometry translation */
141 #define WIN_DOWNLOAD_MICROCODE 0x92
142 #define WIN_STANDBYNOW2 0x94
143 #define CFA_IDLEIMMEDIATE 0x95 /* force drive to become "ready" */
144 #define WIN_STANDBY2 0x96
145 #define WIN_SETIDLE2 0x97
146 #define WIN_CHECKPOWERMODE2 0x98
147 #define WIN_SLEEPNOW2 0x99
148 /*
149 * 0x9A VENDOR
150 */
151 #define WIN_PACKETCMD 0xA0 /* Send a packet command. */
152 #define WIN_PIDENTIFY 0xA1 /* identify ATAPI device */
153 #define WIN_QUEUED_SERVICE 0xA2
154 #define WIN_SMART 0xB0 /* self-monitoring and reporting */
155 #define CFA_ACCESS_METADATA_STORAGE 0xB8
156 #define CFA_ERASE_SECTORS 0xC0 /* microdrives implement as NOP */
157 #define WIN_MULTREAD 0xC4 /* read sectors using multiple mode*/
158 #define WIN_MULTWRITE 0xC5 /* write sectors using multiple mode */
159 #define WIN_SETMULT 0xC6 /* enable/disable multiple mode */
160 #define WIN_READDMA_QUEUED 0xC7 /* read sectors using Queued DMA transfers */
161 #define WIN_READDMA 0xC8 /* read sectors using DMA transfers */
162 #define WIN_READDMA_ONCE 0xC9 /* 28-Bit - without retries */
163 #define WIN_WRITEDMA 0xCA /* write sectors using DMA transfers */
164 #define WIN_WRITEDMA_ONCE 0xCB /* 28-Bit - without retries */
165 #define WIN_WRITEDMA_QUEUED 0xCC /* write sectors using Queued DMA transfers */
166 #define CFA_WRITE_MULTI_WO_ERASE 0xCD /* CFA Write multiple without erase */
167 #define WIN_GETMEDIASTATUS 0xDA
168 #define WIN_ACKMEDIACHANGE 0xDB /* ATA-1, ATA-2 vendor */
169 #define WIN_POSTBOOT 0xDC
170 #define WIN_PREBOOT 0xDD
171 #define WIN_DOORLOCK 0xDE /* lock door on removable drives */
172 #define WIN_DOORUNLOCK 0xDF /* unlock door on removable drives */
173 #define WIN_STANDBYNOW1 0xE0
174 #define WIN_IDLEIMMEDIATE 0xE1 /* force drive to become "ready" */
175 #define WIN_STANDBY 0xE2 /* Set device in Standby Mode */
176 #define WIN_SETIDLE1 0xE3
177 #define WIN_READ_BUFFER 0xE4 /* force read only 1 sector */
178 #define WIN_CHECKPOWERMODE1 0xE5
179 #define WIN_SLEEPNOW1 0xE6
180 #define WIN_FLUSH_CACHE 0xE7
181 #define WIN_WRITE_BUFFER 0xE8 /* force write only 1 sector */
182 #define WIN_WRITE_SAME 0xE9 /* read ata-2 to use */
183 /* SET_FEATURES 0x22 or 0xDD */
184 #define WIN_FLUSH_CACHE_EXT 0xEA /* 48-Bit */
185 #define WIN_IDENTIFY 0xEC /* ask drive to identify itself */
186 #define WIN_MEDIAEJECT 0xED
187 #define WIN_IDENTIFY_DMA 0xEE /* same as WIN_IDENTIFY, but DMA */
188 #define WIN_SETFEATURES 0xEF /* set special drive features */
189 #define EXABYTE_ENABLE_NEST 0xF0
190 #define IBM_SENSE_CONDITION 0xF0 /* measure disk temperature */
191 #define WIN_SECURITY_SET_PASS 0xF1
192 #define WIN_SECURITY_UNLOCK 0xF2
193 #define WIN_SECURITY_ERASE_PREPARE 0xF3
194 #define WIN_SECURITY_ERASE_UNIT 0xF4
195 #define WIN_SECURITY_FREEZE_LOCK 0xF5
196 #define CFA_WEAR_LEVEL 0xF5 /* microdrives implement as NOP */
197 #define WIN_SECURITY_DISABLE 0xF6
198 #define WIN_READ_NATIVE_MAX 0xF8 /* return the native maximum address */
199 #define WIN_SET_MAX 0xF9
200 #define DISABLE_SEAGATE 0xFB
201
202 /* set to 1 set disable mult support */
203 #define MAX_MULT_SECTORS 16
204
205 /* ATAPI defines */
206
207 #define ATAPI_PACKET_SIZE 12
208
209 /* The generic packet command opcodes for CD/DVD Logical Units,
210 * From Table 57 of the SFF8090 Ver. 3 (Mt. Fuji) draft standard. */
211 #define GPCMD_BLANK 0xa1
212 #define GPCMD_CLOSE_TRACK 0x5b
213 #define GPCMD_FLUSH_CACHE 0x35
214 #define GPCMD_FORMAT_UNIT 0x04
215 #define GPCMD_GET_CONFIGURATION 0x46
216 #define GPCMD_GET_EVENT_STATUS_NOTIFICATION 0x4a
217 #define GPCMD_GET_PERFORMANCE 0xac
218 #define GPCMD_INQUIRY 0x12
219 #define GPCMD_LOAD_UNLOAD 0xa6
220 #define GPCMD_MECHANISM_STATUS 0xbd
221 #define GPCMD_MODE_SELECT_10 0x55
222 #define GPCMD_MODE_SENSE_10 0x5a
223 #define GPCMD_PAUSE_RESUME 0x4b
224 #define GPCMD_PLAY_AUDIO_10 0x45
225 #define GPCMD_PLAY_AUDIO_MSF 0x47
226 #define GPCMD_PLAY_AUDIO_TI 0x48
227 #define GPCMD_PLAY_CD 0xbc
228 #define GPCMD_PREVENT_ALLOW_MEDIUM_REMOVAL 0x1e
229 #define GPCMD_READ_10 0x28
230 #define GPCMD_READ_12 0xa8
231 #define GPCMD_READ_CDVD_CAPACITY 0x25
232 #define GPCMD_READ_CD 0xbe
233 #define GPCMD_READ_CD_MSF 0xb9
234 #define GPCMD_READ_DISC_INFO 0x51
235 #define GPCMD_READ_DVD_STRUCTURE 0xad
236 #define GPCMD_READ_FORMAT_CAPACITIES 0x23
237 #define GPCMD_READ_HEADER 0x44
238 #define GPCMD_READ_TRACK_RZONE_INFO 0x52
239 #define GPCMD_READ_SUBCHANNEL 0x42
240 #define GPCMD_READ_TOC_PMA_ATIP 0x43
241 #define GPCMD_REPAIR_RZONE_TRACK 0x58
242 #define GPCMD_REPORT_KEY 0xa4
243 #define GPCMD_REQUEST_SENSE 0x03
244 #define GPCMD_RESERVE_RZONE_TRACK 0x53
245 #define GPCMD_SCAN 0xba
246 #define GPCMD_SEEK 0x2b
247 #define GPCMD_SEND_DVD_STRUCTURE 0xad
248 #define GPCMD_SEND_EVENT 0xa2
249 #define GPCMD_SEND_KEY 0xa3
250 #define GPCMD_SEND_OPC 0x54
251 #define GPCMD_SET_READ_AHEAD 0xa7
252 #define GPCMD_SET_STREAMING 0xb6
253 #define GPCMD_START_STOP_UNIT 0x1b
254 #define GPCMD_STOP_PLAY_SCAN 0x4e
255 #define GPCMD_TEST_UNIT_READY 0x00
256 #define GPCMD_VERIFY_10 0x2f
257 #define GPCMD_WRITE_10 0x2a
258 #define GPCMD_WRITE_AND_VERIFY_10 0x2e
259 /* This is listed as optional in ATAPI 2.6, but is (curiously)
260 * missing from Mt. Fuji, Table 57. It _is_ mentioned in Mt. Fuji
261 * Table 377 as an MMC command for SCSi devices though... Most ATAPI
262 * drives support it. */
263 #define GPCMD_SET_SPEED 0xbb
264 /* This seems to be a SCSI specific CD-ROM opcode
265 * to play data at track/index */
266 #define GPCMD_PLAYAUDIO_TI 0x48
267 /*
268 * From MS Media Status Notification Support Specification. For
269 * older drives only.
270 */
271 #define GPCMD_GET_MEDIA_STATUS 0xda
272 #define GPCMD_MODE_SENSE_6 0x1a
273
274 /* Mode page codes for mode sense/set */
275 #define GPMODE_R_W_ERROR_PAGE 0x01
276 #define GPMODE_WRITE_PARMS_PAGE 0x05
277 #define GPMODE_AUDIO_CTL_PAGE 0x0e
278 #define GPMODE_POWER_PAGE 0x1a
279 #define GPMODE_FAULT_FAIL_PAGE 0x1c
280 #define GPMODE_TO_PROTECT_PAGE 0x1d
281 #define GPMODE_CAPABILITIES_PAGE 0x2a
282 #define GPMODE_ALL_PAGES 0x3f
283 /* Not in Mt. Fuji, but in ATAPI 2.6 -- depricated now in favor
284 * of MODE_SENSE_POWER_PAGE */
285 #define GPMODE_CDROM_PAGE 0x0d
286
287 /*
288 * Based on values from <linux/cdrom.h> but extending CD_MINS
289 * to the maximum common size allowed by the Orange's Book ATIP
290 *
291 * 90 and 99 min CDs are also available but using them as the
292 * upper limit reduces the effectiveness of the heuristic to
293 * detect DVDs burned to less than 25% of their maximum capacity
294 */
295
296 /* Some generally useful CD-ROM information */
297 #define CD_MINS 80 /* max. minutes per CD */
298 #define CD_SECS 60 /* seconds per minute */
299 #define CD_FRAMES 75 /* frames per second */
300 #define CD_FRAMESIZE 2048 /* bytes per frame, "cooked" mode */
301 #define CD_MAX_BYTES (CD_MINS * CD_SECS * CD_FRAMES * CD_FRAMESIZE)
302 #define CD_MAX_SECTORS (CD_MAX_BYTES / 512)
303
304 /*
305 * The MMC values are not IDE specific and might need to be moved
306 * to a common header if they are also needed for the SCSI emulation
307 */
308
309 /* Profile list from MMC-6 revision 1 table 91 */
310 #define MMC_PROFILE_NONE 0x0000
311 #define MMC_PROFILE_CD_ROM 0x0008
312 #define MMC_PROFILE_CD_R 0x0009
313 #define MMC_PROFILE_CD_RW 0x000A
314 #define MMC_PROFILE_DVD_ROM 0x0010
315 #define MMC_PROFILE_DVD_R_SR 0x0011
316 #define MMC_PROFILE_DVD_RAM 0x0012
317 #define MMC_PROFILE_DVD_RW_RO 0x0013
318 #define MMC_PROFILE_DVD_RW_SR 0x0014
319 #define MMC_PROFILE_DVD_R_DL_SR 0x0015
320 #define MMC_PROFILE_DVD_R_DL_JR 0x0016
321 #define MMC_PROFILE_DVD_RW_DL 0x0017
322 #define MMC_PROFILE_DVD_DDR 0x0018
323 #define MMC_PROFILE_DVD_PLUS_RW 0x001A
324 #define MMC_PROFILE_DVD_PLUS_R 0x001B
325 #define MMC_PROFILE_DVD_PLUS_RW_DL 0x002A
326 #define MMC_PROFILE_DVD_PLUS_R_DL 0x002B
327 #define MMC_PROFILE_BD_ROM 0x0040
328 #define MMC_PROFILE_BD_R_SRM 0x0041
329 #define MMC_PROFILE_BD_R_RRM 0x0042
330 #define MMC_PROFILE_BD_RE 0x0043
331 #define MMC_PROFILE_HDDVD_ROM 0x0050
332 #define MMC_PROFILE_HDDVD_R 0x0051
333 #define MMC_PROFILE_HDDVD_RAM 0x0052
334 #define MMC_PROFILE_HDDVD_RW 0x0053
335 #define MMC_PROFILE_HDDVD_R_DL 0x0058
336 #define MMC_PROFILE_HDDVD_RW_DL 0x005A
337 #define MMC_PROFILE_INVALID 0xFFFF
338
339 #define ATAPI_INT_REASON_CD 0x01 /* 0 = data transfer */
340 #define ATAPI_INT_REASON_IO 0x02 /* 1 = transfer to the host */
341 #define ATAPI_INT_REASON_REL 0x04
342 #define ATAPI_INT_REASON_TAG 0xf8
343
344 /* same constants as bochs */
345 #define ASC_ILLEGAL_OPCODE 0x20
346 #define ASC_LOGICAL_BLOCK_OOR 0x21
347 #define ASC_INV_FIELD_IN_CMD_PACKET 0x24
348 #define ASC_MEDIUM_NOT_PRESENT 0x3a
349 #define ASC_SAVING_PARAMETERS_NOT_SUPPORTED 0x39
350
351 #define CFA_NO_ERROR 0x00
352 #define CFA_MISC_ERROR 0x09
353 #define CFA_INVALID_COMMAND 0x20
354 #define CFA_INVALID_ADDRESS 0x21
355 #define CFA_ADDRESS_OVERFLOW 0x2f
356
357 #define SENSE_NONE 0
358 #define SENSE_NOT_READY 2
359 #define SENSE_ILLEGAL_REQUEST 5
360 #define SENSE_UNIT_ATTENTION 6
361
362 struct IDEState;
363
364 typedef void EndTransferFunc(struct IDEState *);
365
366 /* NOTE: IDEState represents in fact one drive */
367 typedef struct IDEState {
368 /* ide config */
369 int is_cdrom;
370 int is_cf;
371 int cylinders, heads, sectors;
372 int64_t nb_sectors;
373 int mult_sectors;
374 int identify_set;
375 uint16_t identify_data[256];
376 qemu_irq irq;
377 PCIDevice *pci_dev;
378 struct BMDMAState *bmdma;
379 int drive_serial;
380 /* ide regs */
381 uint8_t feature;
382 uint8_t error;
383 uint32_t nsector;
384 uint8_t sector;
385 uint8_t lcyl;
386 uint8_t hcyl;
387 /* other part of tf for lba48 support */
388 uint8_t hob_feature;
389 uint8_t hob_nsector;
390 uint8_t hob_sector;
391 uint8_t hob_lcyl;
392 uint8_t hob_hcyl;
393
394 uint8_t select;
395 uint8_t status;
396
397 /* 0x3f6 command, only meaningful for drive 0 */
398 uint8_t cmd;
399 /* set for lba48 access */
400 uint8_t lba48;
401 /* depends on bit 4 in select, only meaningful for drive 0 */
402 struct IDEState *cur_drive;
403 BlockDriverState *bs;
404 /* ATAPI specific */
405 uint8_t sense_key;
406 uint8_t asc;
407 int packet_transfer_size;
408 int elementary_transfer_size;
409 int io_buffer_index;
410 int lba;
411 int cd_sector_size;
412 int atapi_dma; /* true if dma is requested for the packet cmd */
413 /* ATA DMA state */
414 int io_buffer_size;
415 /* PIO transfer handling */
416 int req_nb_sectors; /* number of sectors per interrupt */
417 EndTransferFunc *end_transfer_func;
418 uint8_t *data_ptr;
419 uint8_t *data_end;
420 uint8_t *io_buffer;
421 QEMUTimer *sector_write_timer; /* only used for win2k install hack */
422 uint32_t irq_count; /* counts IRQs when using win2k install hack */
423 /* CF-ATA extended error */
424 uint8_t ext_error;
425 /* CF-ATA metadata storage */
426 uint32_t mdata_size;
427 uint8_t *mdata_storage;
428 int media_changed;
429 } IDEState;
430
431 #define BM_STATUS_DMAING 0x01
432 #define BM_STATUS_ERROR 0x02
433 #define BM_STATUS_INT 0x04
434
435 #define BM_CMD_START 0x01
436 #define BM_CMD_READ 0x08
437
438 #define IDE_TYPE_PIIX3 0
439 #define IDE_TYPE_CMD646 1
440 #define IDE_TYPE_PIIX4 2
441
442 /* CMD646 specific */
443 #define MRDMODE 0x71
444 #define MRDMODE_INTR_CH0 0x04
445 #define MRDMODE_INTR_CH1 0x08
446 #define MRDMODE_BLK_CH0 0x10
447 #define MRDMODE_BLK_CH1 0x20
448 #define UDIDETCR0 0x73
449 #define UDIDETCR1 0x7B
450
451 typedef struct BMDMAState {
452 uint8_t cmd;
453 uint8_t status;
454 uint32_t addr;
455
456 struct PCIIDEState *pci_dev;
457 /* current transfer state */
458 uint32_t cur_addr;
459 uint32_t cur_prd_last;
460 uint32_t cur_prd_addr;
461 uint32_t cur_prd_len;
462 IDEState *ide_if;
463 BlockDriverCompletionFunc *dma_cb;
464 BlockDriverAIOCB *aiocb;
465 } BMDMAState;
466
467 typedef struct PCIIDEState {
468 PCIDevice dev;
469 IDEState ide_if[4];
470 BMDMAState bmdma[2];
471 int type; /* see IDE_TYPE_xxx */
472 } PCIIDEState;
473
474 static void ide_dma_start(IDEState *s, BlockDriverCompletionFunc *dma_cb);
475 static void ide_atapi_cmd_read_dma_cb(void *opaque, int ret);
476
477 static void padstr(char *str, const char *src, int len)
478 {
479 int i, v;
480 for(i = 0; i < len; i++) {
481 if (*src)
482 v = *src++;
483 else
484 v = ' ';
485 str[i^1] = v;
486 }
487 }
488
489 static void padstr8(uint8_t *buf, int buf_size, const char *src)
490 {
491 int i;
492 for(i = 0; i < buf_size; i++) {
493 if (*src)
494 buf[i] = *src++;
495 else
496 buf[i] = ' ';
497 }
498 }
499
500 static void put_le16(uint16_t *p, unsigned int v)
501 {
502 *p = cpu_to_le16(v);
503 }
504
505 static void ide_identify(IDEState *s)
506 {
507 uint16_t *p;
508 unsigned int oldsize;
509 char buf[20];
510
511 if (s->identify_set) {
512 memcpy(s->io_buffer, s->identify_data, sizeof(s->identify_data));
513 return;
514 }
515
516 memset(s->io_buffer, 0, 512);
517 p = (uint16_t *)s->io_buffer;
518 put_le16(p + 0, 0x0040);
519 put_le16(p + 1, s->cylinders);
520 put_le16(p + 3, s->heads);
521 put_le16(p + 4, 512 * s->sectors); /* XXX: retired, remove ? */
522 put_le16(p + 5, 512); /* XXX: retired, remove ? */
523 put_le16(p + 6, s->sectors);
524 snprintf(buf, sizeof(buf), "QM%05d", s->drive_serial);
525 padstr((char *)(p + 10), buf, 20); /* serial number */
526 put_le16(p + 20, 3); /* XXX: retired, remove ? */
527 put_le16(p + 21, 512); /* cache size in sectors */
528 put_le16(p + 22, 4); /* ecc bytes */
529 padstr((char *)(p + 23), QEMU_VERSION, 8); /* firmware version */
530 padstr((char *)(p + 27), "QEMU HARDDISK", 40); /* model */
531 #if MAX_MULT_SECTORS > 1
532 put_le16(p + 47, 0x8000 | MAX_MULT_SECTORS);
533 #endif
534 put_le16(p + 48, 1); /* dword I/O */
535 put_le16(p + 49, (1 << 11) | (1 << 9) | (1 << 8)); /* DMA and LBA supported */
536 put_le16(p + 51, 0x200); /* PIO transfer cycle */
537 put_le16(p + 52, 0x200); /* DMA transfer cycle */
538 put_le16(p + 53, 1 | (1 << 1) | (1 << 2)); /* words 54-58,64-70,88 are valid */
539 put_le16(p + 54, s->cylinders);
540 put_le16(p + 55, s->heads);
541 put_le16(p + 56, s->sectors);
542 oldsize = s->cylinders * s->heads * s->sectors;
543 put_le16(p + 57, oldsize);
544 put_le16(p + 58, oldsize >> 16);
545 if (s->mult_sectors)
546 put_le16(p + 59, 0x100 | s->mult_sectors);
547 put_le16(p + 60, s->nb_sectors);
548 put_le16(p + 61, s->nb_sectors >> 16);
549 put_le16(p + 63, 0x07); /* mdma0-2 supported */
550 put_le16(p + 65, 120);
551 put_le16(p + 66, 120);
552 put_le16(p + 67, 120);
553 put_le16(p + 68, 120);
554 put_le16(p + 80, 0xf0); /* ata3 -> ata6 supported */
555 put_le16(p + 81, 0x16); /* conforms to ata5 */
556 put_le16(p + 82, (1 << 14));
557 /* 13=flush_cache_ext,12=flush_cache,10=lba48 */
558 put_le16(p + 83, (1 << 14) | (1 << 13) | (1 <<12) | (1 << 10));
559 put_le16(p + 84, (1 << 14));
560 put_le16(p + 85, (1 << 14));
561 /* 13=flush_cache_ext,12=flush_cache,10=lba48 */
562 put_le16(p + 86, (1 << 14) | (1 << 13) | (1 <<12) | (1 << 10));
563 put_le16(p + 87, (1 << 14));
564 put_le16(p + 88, 0x3f | (1 << 13)); /* udma5 set and supported */
565 put_le16(p + 93, 1 | (1 << 14) | 0x2000);
566 put_le16(p + 100, s->nb_sectors);
567 put_le16(p + 101, s->nb_sectors >> 16);
568 put_le16(p + 102, s->nb_sectors >> 32);
569 put_le16(p + 103, s->nb_sectors >> 48);
570
571 memcpy(s->identify_data, p, sizeof(s->identify_data));
572 s->identify_set = 1;
573 }
574
575 static void ide_atapi_identify(IDEState *s)
576 {
577 uint16_t *p;
578 char buf[20];
579
580 if (s->identify_set) {
581 memcpy(s->io_buffer, s->identify_data, sizeof(s->identify_data));
582 return;
583 }
584
585 memset(s->io_buffer, 0, 512);
586 p = (uint16_t *)s->io_buffer;
587 /* Removable CDROM, 50us response, 12 byte packets */
588 put_le16(p + 0, (2 << 14) | (5 << 8) | (1 << 7) | (2 << 5) | (0 << 0));
589 snprintf(buf, sizeof(buf), "QM%05d", s->drive_serial);
590 padstr((char *)(p + 10), buf, 20); /* serial number */
591 put_le16(p + 20, 3); /* buffer type */
592 put_le16(p + 21, 512); /* cache size in sectors */
593 put_le16(p + 22, 4); /* ecc bytes */
594 padstr((char *)(p + 23), QEMU_VERSION, 8); /* firmware version */
595 padstr((char *)(p + 27), "QEMU DVD-ROM", 40); /* model */
596 put_le16(p + 48, 1); /* dword I/O (XXX: should not be set on CDROM) */
597 #ifdef USE_DMA_CDROM
598 put_le16(p + 49, 1 << 9 | 1 << 8); /* DMA and LBA supported */
599 put_le16(p + 53, 7); /* words 64-70, 54-58, 88 valid */
600 put_le16(p + 63, 7); /* mdma0-2 supported */
601 put_le16(p + 64, 0x3f); /* PIO modes supported */
602 #else
603 put_le16(p + 49, 1 << 9); /* LBA supported, no DMA */
604 put_le16(p + 53, 3); /* words 64-70, 54-58 valid */
605 put_le16(p + 63, 0x103); /* DMA modes XXX: may be incorrect */
606 put_le16(p + 64, 1); /* PIO modes */
607 #endif
608 put_le16(p + 65, 0xb4); /* minimum DMA multiword tx cycle time */
609 put_le16(p + 66, 0xb4); /* recommended DMA multiword tx cycle time */
610 put_le16(p + 67, 0x12c); /* minimum PIO cycle time without flow control */
611 put_le16(p + 68, 0xb4); /* minimum PIO cycle time with IORDY flow control */
612
613 put_le16(p + 71, 30); /* in ns */
614 put_le16(p + 72, 30); /* in ns */
615
616 put_le16(p + 80, 0x1e); /* support up to ATA/ATAPI-4 */
617 #ifdef USE_DMA_CDROM
618 put_le16(p + 88, 0x3f | (1 << 13)); /* udma5 set and supported */
619 #endif
620 memcpy(s->identify_data, p, sizeof(s->identify_data));
621 s->identify_set = 1;
622 }
623
624 static void ide_cfata_identify(IDEState *s)
625 {
626 uint16_t *p;
627 uint32_t cur_sec;
628 char buf[20];
629
630 p = (uint16_t *) s->identify_data;
631 if (s->identify_set)
632 goto fill_buffer;
633
634 memset(p, 0, sizeof(s->identify_data));
635
636 cur_sec = s->cylinders * s->heads * s->sectors;
637
638 put_le16(p + 0, 0x848a); /* CF Storage Card signature */
639 put_le16(p + 1, s->cylinders); /* Default cylinders */
640 put_le16(p + 3, s->heads); /* Default heads */
641 put_le16(p + 6, s->sectors); /* Default sectors per track */
642 put_le16(p + 7, s->nb_sectors >> 16); /* Sectors per card */
643 put_le16(p + 8, s->nb_sectors); /* Sectors per card */
644 snprintf(buf, sizeof(buf), "QM%05d", s->drive_serial);
645 padstr((char *)(p + 10), buf, 20); /* Serial number in ASCII */
646 put_le16(p + 22, 0x0004); /* ECC bytes */
647 padstr((char *) (p + 23), QEMU_VERSION, 8); /* Firmware Revision */
648 padstr((char *) (p + 27), "QEMU MICRODRIVE", 40);/* Model number */
649 #if MAX_MULT_SECTORS > 1
650 put_le16(p + 47, 0x8000 | MAX_MULT_SECTORS);
651 #else
652 put_le16(p + 47, 0x0000);
653 #endif
654 put_le16(p + 49, 0x0f00); /* Capabilities */
655 put_le16(p + 51, 0x0002); /* PIO cycle timing mode */
656 put_le16(p + 52, 0x0001); /* DMA cycle timing mode */
657 put_le16(p + 53, 0x0003); /* Translation params valid */
658 put_le16(p + 54, s->cylinders); /* Current cylinders */
659 put_le16(p + 55, s->heads); /* Current heads */
660 put_le16(p + 56, s->sectors); /* Current sectors */
661 put_le16(p + 57, cur_sec); /* Current capacity */
662 put_le16(p + 58, cur_sec >> 16); /* Current capacity */
663 if (s->mult_sectors) /* Multiple sector setting */
664 put_le16(p + 59, 0x100 | s->mult_sectors);
665 put_le16(p + 60, s->nb_sectors); /* Total LBA sectors */
666 put_le16(p + 61, s->nb_sectors >> 16); /* Total LBA sectors */
667 put_le16(p + 63, 0x0203); /* Multiword DMA capability */
668 put_le16(p + 64, 0x0001); /* Flow Control PIO support */
669 put_le16(p + 65, 0x0096); /* Min. Multiword DMA cycle */
670 put_le16(p + 66, 0x0096); /* Rec. Multiword DMA cycle */
671 put_le16(p + 68, 0x00b4); /* Min. PIO cycle time */
672 put_le16(p + 82, 0x400c); /* Command Set supported */
673 put_le16(p + 83, 0x7068); /* Command Set supported */
674 put_le16(p + 84, 0x4000); /* Features supported */
675 put_le16(p + 85, 0x000c); /* Command Set enabled */
676 put_le16(p + 86, 0x7044); /* Command Set enabled */
677 put_le16(p + 87, 0x4000); /* Features enabled */
678 put_le16(p + 91, 0x4060); /* Current APM level */
679 put_le16(p + 129, 0x0002); /* Current features option */
680 put_le16(p + 130, 0x0005); /* Reassigned sectors */
681 put_le16(p + 131, 0x0001); /* Initial power mode */
682 put_le16(p + 132, 0x0000); /* User signature */
683 put_le16(p + 160, 0x8100); /* Power requirement */
684 put_le16(p + 161, 0x8001); /* CF command set */
685
686 s->identify_set = 1;
687
688 fill_buffer:
689 memcpy(s->io_buffer, p, sizeof(s->identify_data));
690 }
691
692 static void ide_set_signature(IDEState *s)
693 {
694 s->select &= 0xf0; /* clear head */
695 /* put signature */
696 s->nsector = 1;
697 s->sector = 1;
698 if (s->is_cdrom) {
699 s->lcyl = 0x14;
700 s->hcyl = 0xeb;
701 } else if (s->bs) {
702 s->lcyl = 0;
703 s->hcyl = 0;
704 } else {
705 s->lcyl = 0xff;
706 s->hcyl = 0xff;
707 }
708 }
709
710 static inline void ide_abort_command(IDEState *s)
711 {
712 s->status = READY_STAT | ERR_STAT;
713 s->error = ABRT_ERR;
714 }
715
716 static inline void ide_set_irq(IDEState *s)
717 {
718 BMDMAState *bm = s->bmdma;
719 if (!(s->cmd & IDE_CMD_DISABLE_IRQ)) {
720 if (bm) {
721 bm->status |= BM_STATUS_INT;
722 }
723 qemu_irq_raise(s->irq);
724 }
725 }
726
727 /* prepare data transfer and tell what to do after */
728 static void ide_transfer_start(IDEState *s, uint8_t *buf, int size,
729 EndTransferFunc *end_transfer_func)
730 {
731 s->end_transfer_func = end_transfer_func;
732 s->data_ptr = buf;
733 s->data_end = buf + size;
734 if (!(s->status & ERR_STAT))
735 s->status |= DRQ_STAT;
736 }
737
738 static void ide_transfer_stop(IDEState *s)
739 {
740 s->end_transfer_func = ide_transfer_stop;
741 s->data_ptr = s->io_buffer;
742 s->data_end = s->io_buffer;
743 s->status &= ~DRQ_STAT;
744 }
745
746 static int64_t ide_get_sector(IDEState *s)
747 {
748 int64_t sector_num;
749 if (s->select & 0x40) {
750 /* lba */
751 if (!s->lba48) {
752 sector_num = ((s->select & 0x0f) << 24) | (s->hcyl << 16) |
753 (s->lcyl << 8) | s->sector;
754 } else {
755 sector_num = ((int64_t)s->hob_hcyl << 40) |
756 ((int64_t) s->hob_lcyl << 32) |
757 ((int64_t) s->hob_sector << 24) |
758 ((int64_t) s->hcyl << 16) |
759 ((int64_t) s->lcyl << 8) | s->sector;
760 }
761 } else {
762 sector_num = ((s->hcyl << 8) | s->lcyl) * s->heads * s->sectors +
763 (s->select & 0x0f) * s->sectors + (s->sector - 1);
764 }
765 return sector_num;
766 }
767
768 static void ide_set_sector(IDEState *s, int64_t sector_num)
769 {
770 unsigned int cyl, r;
771 if (s->select & 0x40) {
772 if (!s->lba48) {
773 s->select = (s->select & 0xf0) | (sector_num >> 24);
774 s->hcyl = (sector_num >> 16);
775 s->lcyl = (sector_num >> 8);
776 s->sector = (sector_num);
777 } else {
778 s->sector = sector_num;
779 s->lcyl = sector_num >> 8;
780 s->hcyl = sector_num >> 16;
781 s->hob_sector = sector_num >> 24;
782 s->hob_lcyl = sector_num >> 32;
783 s->hob_hcyl = sector_num >> 40;
784 }
785 } else {
786 cyl = sector_num / (s->heads * s->sectors);
787 r = sector_num % (s->heads * s->sectors);
788 s->hcyl = cyl >> 8;
789 s->lcyl = cyl;
790 s->select = (s->select & 0xf0) | ((r / s->sectors) & 0x0f);
791 s->sector = (r % s->sectors) + 1;
792 }
793 }
794
795 static void ide_sector_read(IDEState *s)
796 {
797 int64_t sector_num;
798 int ret, n;
799
800 s->status = READY_STAT | SEEK_STAT;
801 s->error = 0; /* not needed by IDE spec, but needed by Windows */
802 sector_num = ide_get_sector(s);
803 n = s->nsector;
804 if (n == 0) {
805 /* no more sector to read from disk */
806 ide_transfer_stop(s);
807 } else {
808 #if defined(DEBUG_IDE)
809 printf("read sector=%Ld\n", sector_num);
810 #endif
811 if (n > s->req_nb_sectors)
812 n = s->req_nb_sectors;
813 ret = bdrv_read(s->bs, sector_num, s->io_buffer, n);
814 ide_transfer_start(s, s->io_buffer, 512 * n, ide_sector_read);
815 ide_set_irq(s);
816 ide_set_sector(s, sector_num + n);
817 s->nsector -= n;
818 }
819 }
820
821 /* return 0 if buffer completed */
822 static int dma_buf_rw(BMDMAState *bm, int is_write)
823 {
824 IDEState *s = bm->ide_if;
825 struct {
826 uint32_t addr;
827 uint32_t size;
828 } prd;
829 int l, len;
830
831 for(;;) {
832 l = s->io_buffer_size - s->io_buffer_index;
833 if (l <= 0)
834 break;
835 if (bm->cur_prd_len == 0) {
836 /* end of table (with a fail safe of one page) */
837 if (bm->cur_prd_last ||
838 (bm->cur_addr - bm->addr) >= 4096)
839 return 0;
840 cpu_physical_memory_read(bm->cur_addr, (uint8_t *)&prd, 8);
841 bm->cur_addr += 8;
842 prd.addr = le32_to_cpu(prd.addr);
843 prd.size = le32_to_cpu(prd.size);
844 len = prd.size & 0xfffe;
845 if (len == 0)
846 len = 0x10000;
847 bm->cur_prd_len = len;
848 bm->cur_prd_addr = prd.addr;
849 bm->cur_prd_last = (prd.size & 0x80000000);
850 }
851 if (l > bm->cur_prd_len)
852 l = bm->cur_prd_len;
853 if (l > 0) {
854 if (is_write) {
855 cpu_physical_memory_write(bm->cur_prd_addr,
856 s->io_buffer + s->io_buffer_index, l);
857 } else {
858 cpu_physical_memory_read(bm->cur_prd_addr,
859 s->io_buffer + s->io_buffer_index, l);
860 }
861 bm->cur_prd_addr += l;
862 bm->cur_prd_len -= l;
863 s->io_buffer_index += l;
864 }
865 }
866 return 1;
867 }
868
869 /* XXX: handle errors */
870 static void ide_read_dma_cb(void *opaque, int ret)
871 {
872 BMDMAState *bm = opaque;
873 IDEState *s = bm->ide_if;
874 int n;
875 int64_t sector_num;
876
877 n = s->io_buffer_size >> 9;
878 sector_num = ide_get_sector(s);
879 if (n > 0) {
880 sector_num += n;
881 ide_set_sector(s, sector_num);
882 s->nsector -= n;
883 if (dma_buf_rw(bm, 1) == 0)
884 goto eot;
885 }
886
887 /* end of transfer ? */
888 if (s->nsector == 0) {
889 s->status = READY_STAT | SEEK_STAT;
890 ide_set_irq(s);
891 eot:
892 bm->status &= ~BM_STATUS_DMAING;
893 bm->status |= BM_STATUS_INT;
894 bm->dma_cb = NULL;
895 bm->ide_if = NULL;
896 bm->aiocb = NULL;
897 return;
898 }
899
900 /* launch next transfer */
901 n = s->nsector;
902 if (n > MAX_MULT_SECTORS)
903 n = MAX_MULT_SECTORS;
904 s->io_buffer_index = 0;
905 s->io_buffer_size = n * 512;
906 #ifdef DEBUG_AIO
907 printf("aio_read: sector_num=%lld n=%d\n", sector_num, n);
908 #endif
909 bm->aiocb = bdrv_aio_read(s->bs, sector_num, s->io_buffer, n,
910 ide_read_dma_cb, bm);
911 }
912
913 static void ide_sector_read_dma(IDEState *s)
914 {
915 s->status = READY_STAT | SEEK_STAT | DRQ_STAT | BUSY_STAT;
916 s->io_buffer_index = 0;
917 s->io_buffer_size = 0;
918 ide_dma_start(s, ide_read_dma_cb);
919 }
920
921 static void ide_sector_write_timer_cb(void *opaque)
922 {
923 IDEState *s = opaque;
924 ide_set_irq(s);
925 }
926
927 static void ide_sector_write(IDEState *s)
928 {
929 int64_t sector_num;
930 int ret, n, n1;
931
932 s->status = READY_STAT | SEEK_STAT;
933 sector_num = ide_get_sector(s);
934 #if defined(DEBUG_IDE)
935 printf("write sector=%Ld\n", sector_num);
936 #endif
937 n = s->nsector;
938 if (n > s->req_nb_sectors)
939 n = s->req_nb_sectors;
940 ret = bdrv_write(s->bs, sector_num, s->io_buffer, n);
941 s->nsector -= n;
942 if (s->nsector == 0) {
943 /* no more sectors to write */
944 ide_transfer_stop(s);
945 } else {
946 n1 = s->nsector;
947 if (n1 > s->req_nb_sectors)
948 n1 = s->req_nb_sectors;
949 ide_transfer_start(s, s->io_buffer, 512 * n1, ide_sector_write);
950 }
951 ide_set_sector(s, sector_num + n);
952
953 #ifdef TARGET_I386
954 if (win2k_install_hack && ((++s->irq_count % 16) == 0)) {
955 /* It seems there is a bug in the Windows 2000 installer HDD
956 IDE driver which fills the disk with empty logs when the
957 IDE write IRQ comes too early. This hack tries to correct
958 that at the expense of slower write performances. Use this
959 option _only_ to install Windows 2000. You must disable it
960 for normal use. */
961 qemu_mod_timer(s->sector_write_timer,
962 qemu_get_clock(vm_clock) + (ticks_per_sec / 1000));
963 } else
964 #endif
965 {
966 ide_set_irq(s);
967 }
968 }
969
970 /* XXX: handle errors */
971 static void ide_write_dma_cb(void *opaque, int ret)
972 {
973 BMDMAState *bm = opaque;
974 IDEState *s = bm->ide_if;
975 int n;
976 int64_t sector_num;
977
978 n = s->io_buffer_size >> 9;
979 sector_num = ide_get_sector(s);
980 if (n > 0) {
981 sector_num += n;
982 ide_set_sector(s, sector_num);
983 s->nsector -= n;
984 }
985
986 /* end of transfer ? */
987 if (s->nsector == 0) {
988 s->status = READY_STAT | SEEK_STAT;
989 ide_set_irq(s);
990 eot:
991 bm->status &= ~BM_STATUS_DMAING;
992 bm->status |= BM_STATUS_INT;
993 bm->dma_cb = NULL;
994 bm->ide_if = NULL;
995 bm->aiocb = NULL;
996 return;
997 }
998
999 /* launch next transfer */
1000 n = s->nsector;
1001 if (n > MAX_MULT_SECTORS)
1002 n = MAX_MULT_SECTORS;
1003 s->io_buffer_index = 0;
1004 s->io_buffer_size = n * 512;
1005
1006 if (dma_buf_rw(bm, 0) == 0)
1007 goto eot;
1008 #ifdef DEBUG_AIO
1009 printf("aio_write: sector_num=%lld n=%d\n", sector_num, n);
1010 #endif
1011 bm->aiocb = bdrv_aio_write(s->bs, sector_num, s->io_buffer, n,
1012 ide_write_dma_cb, bm);
1013 }
1014
1015 static void ide_sector_write_dma(IDEState *s)
1016 {
1017 s->status = READY_STAT | SEEK_STAT | DRQ_STAT | BUSY_STAT;
1018 s->io_buffer_index = 0;
1019 s->io_buffer_size = 0;
1020 ide_dma_start(s, ide_write_dma_cb);
1021 }
1022
1023 static void ide_atapi_cmd_ok(IDEState *s)
1024 {
1025 s->error = 0;
1026 s->status = READY_STAT;
1027 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
1028 ide_set_irq(s);
1029 }
1030
1031 static void ide_atapi_cmd_error(IDEState *s, int sense_key, int asc)
1032 {
1033 #ifdef DEBUG_IDE_ATAPI
1034 printf("atapi_cmd_error: sense=0x%x asc=0x%x\n", sense_key, asc);
1035 #endif
1036 s->error = sense_key << 4;
1037 s->status = READY_STAT | ERR_STAT;
1038 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
1039 s->sense_key = sense_key;
1040 s->asc = asc;
1041 ide_set_irq(s);
1042 }
1043
1044 static inline void cpu_to_ube16(uint8_t *buf, int val)
1045 {
1046 buf[0] = val >> 8;
1047 buf[1] = val;
1048 }
1049
1050 static inline void cpu_to_ube32(uint8_t *buf, unsigned int val)
1051 {
1052 buf[0] = val >> 24;
1053 buf[1] = val >> 16;
1054 buf[2] = val >> 8;
1055 buf[3] = val;
1056 }
1057
1058 static inline int ube16_to_cpu(const uint8_t *buf)
1059 {
1060 return (buf[0] << 8) | buf[1];
1061 }
1062
1063 static inline int ube32_to_cpu(const uint8_t *buf)
1064 {
1065 return (buf[0] << 24) | (buf[1] << 16) | (buf[2] << 8) | buf[3];
1066 }
1067
1068 static void lba_to_msf(uint8_t *buf, int lba)
1069 {
1070 lba += 150;
1071 buf[0] = (lba / 75) / 60;
1072 buf[1] = (lba / 75) % 60;
1073 buf[2] = lba % 75;
1074 }
1075
1076 static void cd_data_to_raw(uint8_t *buf, int lba)
1077 {
1078 /* sync bytes */
1079 buf[0] = 0x00;
1080 memset(buf + 1, 0xff, 10);
1081 buf[11] = 0x00;
1082 buf += 12;
1083 /* MSF */
1084 lba_to_msf(buf, lba);
1085 buf[3] = 0x01; /* mode 1 data */
1086 buf += 4;
1087 /* data */
1088 buf += 2048;
1089 /* XXX: ECC not computed */
1090 memset(buf, 0, 288);
1091 }
1092
1093 static int cd_read_sector(BlockDriverState *bs, int lba, uint8_t *buf,
1094 int sector_size)
1095 {
1096 int ret;
1097
1098 switch(sector_size) {
1099 case 2048:
1100 ret = bdrv_read(bs, (int64_t)lba << 2, buf, 4);
1101 break;
1102 case 2352:
1103 ret = bdrv_read(bs, (int64_t)lba << 2, buf + 16, 4);
1104 if (ret < 0)
1105 return ret;
1106 cd_data_to_raw(buf, lba);
1107 break;
1108 default:
1109 ret = -EIO;
1110 break;
1111 }
1112 return ret;
1113 }
1114
1115 static void ide_atapi_io_error(IDEState *s, int ret)
1116 {
1117 /* XXX: handle more errors */
1118 if (ret == -ENOMEDIUM) {
1119 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1120 ASC_MEDIUM_NOT_PRESENT);
1121 } else {
1122 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1123 ASC_LOGICAL_BLOCK_OOR);
1124 }
1125 }
1126
1127 /* The whole ATAPI transfer logic is handled in this function */
1128 static void ide_atapi_cmd_reply_end(IDEState *s)
1129 {
1130 int byte_count_limit, size, ret;
1131 #ifdef DEBUG_IDE_ATAPI
1132 printf("reply: tx_size=%d elem_tx_size=%d index=%d\n",
1133 s->packet_transfer_size,
1134 s->elementary_transfer_size,
1135 s->io_buffer_index);
1136 #endif
1137 if (s->packet_transfer_size <= 0) {
1138 /* end of transfer */
1139 ide_transfer_stop(s);
1140 s->status = READY_STAT;
1141 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
1142 ide_set_irq(s);
1143 #ifdef DEBUG_IDE_ATAPI
1144 printf("status=0x%x\n", s->status);
1145 #endif
1146 } else {
1147 /* see if a new sector must be read */
1148 if (s->lba != -1 && s->io_buffer_index >= s->cd_sector_size) {
1149 ret = cd_read_sector(s->bs, s->lba, s->io_buffer, s->cd_sector_size);
1150 if (ret < 0) {
1151 ide_transfer_stop(s);
1152 ide_atapi_io_error(s, ret);
1153 return;
1154 }
1155 s->lba++;
1156 s->io_buffer_index = 0;
1157 }
1158 if (s->elementary_transfer_size > 0) {
1159 /* there are some data left to transmit in this elementary
1160 transfer */
1161 size = s->cd_sector_size - s->io_buffer_index;
1162 if (size > s->elementary_transfer_size)
1163 size = s->elementary_transfer_size;
1164 ide_transfer_start(s, s->io_buffer + s->io_buffer_index,
1165 size, ide_atapi_cmd_reply_end);
1166 s->packet_transfer_size -= size;
1167 s->elementary_transfer_size -= size;
1168 s->io_buffer_index += size;
1169 } else {
1170 /* a new transfer is needed */
1171 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO;
1172 byte_count_limit = s->lcyl | (s->hcyl << 8);
1173 #ifdef DEBUG_IDE_ATAPI
1174 printf("byte_count_limit=%d\n", byte_count_limit);
1175 #endif
1176 if (byte_count_limit == 0xffff)
1177 byte_count_limit--;
1178 size = s->packet_transfer_size;
1179 if (size > byte_count_limit) {
1180 /* byte count limit must be even if this case */
1181 if (byte_count_limit & 1)
1182 byte_count_limit--;
1183 size = byte_count_limit;
1184 }
1185 s->lcyl = size;
1186 s->hcyl = size >> 8;
1187 s->elementary_transfer_size = size;
1188 /* we cannot transmit more than one sector at a time */
1189 if (s->lba != -1) {
1190 if (size > (s->cd_sector_size - s->io_buffer_index))
1191 size = (s->cd_sector_size - s->io_buffer_index);
1192 }
1193 ide_transfer_start(s, s->io_buffer + s->io_buffer_index,
1194 size, ide_atapi_cmd_reply_end);
1195 s->packet_transfer_size -= size;
1196 s->elementary_transfer_size -= size;
1197 s->io_buffer_index += size;
1198 ide_set_irq(s);
1199 #ifdef DEBUG_IDE_ATAPI
1200 printf("status=0x%x\n", s->status);
1201 #endif
1202 }
1203 }
1204 }
1205
1206 /* send a reply of 'size' bytes in s->io_buffer to an ATAPI command */
1207 static void ide_atapi_cmd_reply(IDEState *s, int size, int max_size)
1208 {
1209 if (size > max_size)
1210 size = max_size;
1211 s->lba = -1; /* no sector read */
1212 s->packet_transfer_size = size;
1213 s->io_buffer_size = size; /* dma: send the reply data as one chunk */
1214 s->elementary_transfer_size = 0;
1215 s->io_buffer_index = 0;
1216
1217 if (s->atapi_dma) {
1218 s->status = READY_STAT | DRQ_STAT;
1219 ide_dma_start(s, ide_atapi_cmd_read_dma_cb);
1220 } else {
1221 s->status = READY_STAT;
1222 ide_atapi_cmd_reply_end(s);
1223 }
1224 }
1225
1226 /* start a CD-CDROM read command */
1227 static void ide_atapi_cmd_read_pio(IDEState *s, int lba, int nb_sectors,
1228 int sector_size)
1229 {
1230 s->lba = lba;
1231 s->packet_transfer_size = nb_sectors * sector_size;
1232 s->elementary_transfer_size = 0;
1233 s->io_buffer_index = sector_size;
1234 s->cd_sector_size = sector_size;
1235
1236 s->status = READY_STAT;
1237 ide_atapi_cmd_reply_end(s);
1238 }
1239
1240 /* ATAPI DMA support */
1241
1242 /* XXX: handle read errors */
1243 static void ide_atapi_cmd_read_dma_cb(void *opaque, int ret)
1244 {
1245 BMDMAState *bm = opaque;
1246 IDEState *s = bm->ide_if;
1247 int data_offset, n;
1248
1249 if (ret < 0) {
1250 ide_atapi_io_error(s, ret);
1251 goto eot;
1252 }
1253
1254 if (s->io_buffer_size > 0) {
1255 /*
1256 * For a cdrom read sector command (s->lba != -1),
1257 * adjust the lba for the next s->io_buffer_size chunk
1258 * and dma the current chunk.
1259 * For a command != read (s->lba == -1), just transfer
1260 * the reply data.
1261 */
1262 if (s->lba != -1) {
1263 if (s->cd_sector_size == 2352) {
1264 n = 1;
1265 cd_data_to_raw(s->io_buffer, s->lba);
1266 } else {
1267 n = s->io_buffer_size >> 11;
1268 }
1269 s->lba += n;
1270 }
1271 s->packet_transfer_size -= s->io_buffer_size;
1272 if (dma_buf_rw(bm, 1) == 0)
1273 goto eot;
1274 }
1275
1276 if (s->packet_transfer_size <= 0) {
1277 s->status = READY_STAT;
1278 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
1279 ide_set_irq(s);
1280 eot:
1281 bm->status &= ~BM_STATUS_DMAING;
1282 bm->status |= BM_STATUS_INT;
1283 bm->dma_cb = NULL;
1284 bm->ide_if = NULL;
1285 bm->aiocb = NULL;
1286 return;
1287 }
1288
1289 s->io_buffer_index = 0;
1290 if (s->cd_sector_size == 2352) {
1291 n = 1;
1292 s->io_buffer_size = s->cd_sector_size;
1293 data_offset = 16;
1294 } else {
1295 n = s->packet_transfer_size >> 11;
1296 if (n > (MAX_MULT_SECTORS / 4))
1297 n = (MAX_MULT_SECTORS / 4);
1298 s->io_buffer_size = n * 2048;
1299 data_offset = 0;
1300 }
1301 #ifdef DEBUG_AIO
1302 printf("aio_read_cd: lba=%u n=%d\n", s->lba, n);
1303 #endif
1304 bm->aiocb = bdrv_aio_read(s->bs, (int64_t)s->lba << 2,
1305 s->io_buffer + data_offset, n * 4,
1306 ide_atapi_cmd_read_dma_cb, bm);
1307 if (!bm->aiocb) {
1308 /* Note: media not present is the most likely case */
1309 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1310 ASC_MEDIUM_NOT_PRESENT);
1311 goto eot;
1312 }
1313 }
1314
1315 /* start a CD-CDROM read command with DMA */
1316 /* XXX: test if DMA is available */
1317 static void ide_atapi_cmd_read_dma(IDEState *s, int lba, int nb_sectors,
1318 int sector_size)
1319 {
1320 s->lba = lba;
1321 s->packet_transfer_size = nb_sectors * sector_size;
1322 s->io_buffer_index = 0;
1323 s->io_buffer_size = 0;
1324 s->cd_sector_size = sector_size;
1325
1326 /* XXX: check if BUSY_STAT should be set */
1327 s->status = READY_STAT | DRQ_STAT | BUSY_STAT;
1328 ide_dma_start(s, ide_atapi_cmd_read_dma_cb);
1329 }
1330
1331 static void ide_atapi_cmd_read(IDEState *s, int lba, int nb_sectors,
1332 int sector_size)
1333 {
1334 #ifdef DEBUG_IDE_ATAPI
1335 printf("read %s: LBA=%d nb_sectors=%d\n", s->atapi_dma ? "dma" : "pio",
1336 lba, nb_sectors);
1337 #endif
1338 if (s->atapi_dma) {
1339 ide_atapi_cmd_read_dma(s, lba, nb_sectors, sector_size);
1340 } else {
1341 ide_atapi_cmd_read_pio(s, lba, nb_sectors, sector_size);
1342 }
1343 }
1344
1345 static inline uint8_t ide_atapi_set_profile(uint8_t *buf, uint8_t *index,
1346 uint16_t profile)
1347 {
1348 uint8_t *buf_profile = buf + 12; /* start of profiles */
1349
1350 buf_profile += ((*index) * 4); /* start of indexed profile */
1351 cpu_to_ube16 (buf_profile, profile);
1352 buf_profile[2] = ((buf_profile[0] == buf[6]) && (buf_profile[1] == buf[7]));
1353
1354 /* each profile adds 4 bytes to the response */
1355 (*index)++;
1356 buf[11] += 4; /* Additional Length */
1357
1358 return 4;
1359 }
1360
1361 static void ide_atapi_cmd(IDEState *s)
1362 {
1363 const uint8_t *packet;
1364 uint8_t *buf;
1365 int max_len;
1366
1367 packet = s->io_buffer;
1368 buf = s->io_buffer;
1369 #ifdef DEBUG_IDE_ATAPI
1370 {
1371 int i;
1372 printf("ATAPI limit=0x%x packet:", s->lcyl | (s->hcyl << 8));
1373 for(i = 0; i < ATAPI_PACKET_SIZE; i++) {
1374 printf(" %02x", packet[i]);
1375 }
1376 printf("\n");
1377 }
1378 #endif
1379 switch(s->io_buffer[0]) {
1380 case GPCMD_TEST_UNIT_READY:
1381 if (bdrv_is_inserted(s->bs)) {
1382 ide_atapi_cmd_ok(s);
1383 } else {
1384 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1385 ASC_MEDIUM_NOT_PRESENT);
1386 }
1387 break;
1388 case GPCMD_MODE_SENSE_6:
1389 case GPCMD_MODE_SENSE_10:
1390 {
1391 int action, code;
1392 if (packet[0] == GPCMD_MODE_SENSE_10)
1393 max_len = ube16_to_cpu(packet + 7);
1394 else
1395 max_len = packet[4];
1396 action = packet[2] >> 6;
1397 code = packet[2] & 0x3f;
1398 switch(action) {
1399 case 0: /* current values */
1400 switch(code) {
1401 case 0x01: /* error recovery */
1402 cpu_to_ube16(&buf[0], 16 + 6);
1403 buf[2] = 0x70;
1404 buf[3] = 0;
1405 buf[4] = 0;
1406 buf[5] = 0;
1407 buf[6] = 0;
1408 buf[7] = 0;
1409
1410 buf[8] = 0x01;
1411 buf[9] = 0x06;
1412 buf[10] = 0x00;
1413 buf[11] = 0x05;
1414 buf[12] = 0x00;
1415 buf[13] = 0x00;
1416 buf[14] = 0x00;
1417 buf[15] = 0x00;
1418 ide_atapi_cmd_reply(s, 16, max_len);
1419 break;
1420 case 0x2a:
1421 cpu_to_ube16(&buf[0], 28 + 6);
1422 buf[2] = 0x70;
1423 buf[3] = 0;
1424 buf[4] = 0;
1425 buf[5] = 0;
1426 buf[6] = 0;
1427 buf[7] = 0;
1428
1429 buf[8] = 0x2a;
1430 buf[9] = 0x12;
1431 buf[10] = 0x00;
1432 buf[11] = 0x00;
1433
1434 buf[12] = 0x70;
1435 buf[13] = 3 << 5;
1436 buf[14] = (1 << 0) | (1 << 3) | (1 << 5);
1437 if (bdrv_is_locked(s->bs))
1438 buf[6] |= 1 << 1;
1439 buf[15] = 0x00;
1440 cpu_to_ube16(&buf[16], 706);
1441 buf[18] = 0;
1442 buf[19] = 2;
1443 cpu_to_ube16(&buf[20], 512);
1444 cpu_to_ube16(&buf[22], 706);
1445 buf[24] = 0;
1446 buf[25] = 0;
1447 buf[26] = 0;
1448 buf[27] = 0;
1449 ide_atapi_cmd_reply(s, 28, max_len);
1450 break;
1451 default:
1452 goto error_cmd;
1453 }
1454 break;
1455 case 1: /* changeable values */
1456 goto error_cmd;
1457 case 2: /* default values */
1458 goto error_cmd;
1459 default:
1460 case 3: /* saved values */
1461 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1462 ASC_SAVING_PARAMETERS_NOT_SUPPORTED);
1463 break;
1464 }
1465 }
1466 break;
1467 case GPCMD_REQUEST_SENSE:
1468 max_len = packet[4];
1469 memset(buf, 0, 18);
1470 buf[0] = 0x70 | (1 << 7);
1471 buf[2] = s->sense_key;
1472 buf[7] = 10;
1473 buf[12] = s->asc;
1474 ide_atapi_cmd_reply(s, 18, max_len);
1475 break;
1476 case GPCMD_PREVENT_ALLOW_MEDIUM_REMOVAL:
1477 if (bdrv_is_inserted(s->bs)) {
1478 bdrv_set_locked(s->bs, packet[4] & 1);
1479 ide_atapi_cmd_ok(s);
1480 } else {
1481 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1482 ASC_MEDIUM_NOT_PRESENT);
1483 }
1484 break;
1485 case GPCMD_READ_10:
1486 case GPCMD_READ_12:
1487 {
1488 int nb_sectors, lba;
1489
1490 if (packet[0] == GPCMD_READ_10)
1491 nb_sectors = ube16_to_cpu(packet + 7);
1492 else
1493 nb_sectors = ube32_to_cpu(packet + 6);
1494 lba = ube32_to_cpu(packet + 2);
1495 if (nb_sectors == 0) {
1496 ide_atapi_cmd_ok(s);
1497 break;
1498 }
1499 ide_atapi_cmd_read(s, lba, nb_sectors, 2048);
1500 }
1501 break;
1502 case GPCMD_READ_CD:
1503 {
1504 int nb_sectors, lba, transfer_request;
1505
1506 nb_sectors = (packet[6] << 16) | (packet[7] << 8) | packet[8];
1507 lba = ube32_to_cpu(packet + 2);
1508 if (nb_sectors == 0) {
1509 ide_atapi_cmd_ok(s);
1510 break;
1511 }
1512 transfer_request = packet[9];
1513 switch(transfer_request & 0xf8) {
1514 case 0x00:
1515 /* nothing */
1516 ide_atapi_cmd_ok(s);
1517 break;
1518 case 0x10:
1519 /* normal read */
1520 ide_atapi_cmd_read(s, lba, nb_sectors, 2048);
1521 break;
1522 case 0xf8:
1523 /* read all data */
1524 ide_atapi_cmd_read(s, lba, nb_sectors, 2352);
1525 break;
1526 default:
1527 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1528 ASC_INV_FIELD_IN_CMD_PACKET);
1529 break;
1530 }
1531 }
1532 break;
1533 case GPCMD_SEEK:
1534 {
1535 unsigned int lba;
1536 uint64_t total_sectors;
1537
1538 bdrv_get_geometry(s->bs, &total_sectors);
1539 total_sectors >>= 2;
1540 if (total_sectors == 0) {
1541 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1542 ASC_MEDIUM_NOT_PRESENT);
1543 break;
1544 }
1545 lba = ube32_to_cpu(packet + 2);
1546 if (lba >= total_sectors) {
1547 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1548 ASC_LOGICAL_BLOCK_OOR);
1549 break;
1550 }
1551 ide_atapi_cmd_ok(s);
1552 }
1553 break;
1554 case GPCMD_START_STOP_UNIT:
1555 {
1556 int start, eject;
1557 start = packet[4] & 1;
1558 eject = (packet[4] >> 1) & 1;
1559
1560 if (eject && !start) {
1561 /* eject the disk */
1562 bdrv_eject(s->bs, 1);
1563 } else if (eject && start) {
1564 /* close the tray */
1565 bdrv_eject(s->bs, 0);
1566 }
1567 ide_atapi_cmd_ok(s);
1568 }
1569 break;
1570 case GPCMD_MECHANISM_STATUS:
1571 {
1572 max_len = ube16_to_cpu(packet + 8);
1573 cpu_to_ube16(buf, 0);
1574 /* no current LBA */
1575 buf[2] = 0;
1576 buf[3] = 0;
1577 buf[4] = 0;
1578 buf[5] = 1;
1579 cpu_to_ube16(buf + 6, 0);
1580 ide_atapi_cmd_reply(s, 8, max_len);
1581 }
1582 break;
1583 case GPCMD_READ_TOC_PMA_ATIP:
1584 {
1585 int format, msf, start_track, len;
1586 uint64_t total_sectors;
1587
1588 bdrv_get_geometry(s->bs, &total_sectors);
1589 total_sectors >>= 2;
1590 if (total_sectors == 0) {
1591 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1592 ASC_MEDIUM_NOT_PRESENT);
1593 break;
1594 }
1595 max_len = ube16_to_cpu(packet + 7);
1596 format = packet[9] >> 6;
1597 msf = (packet[1] >> 1) & 1;
1598 start_track = packet[6];
1599 switch(format) {
1600 case 0:
1601 len = cdrom_read_toc(total_sectors, buf, msf, start_track);
1602 if (len < 0)
1603 goto error_cmd;
1604 ide_atapi_cmd_reply(s, len, max_len);
1605 break;
1606 case 1:
1607 /* multi session : only a single session defined */
1608 memset(buf, 0, 12);
1609 buf[1] = 0x0a;
1610 buf[2] = 0x01;
1611 buf[3] = 0x01;
1612 ide_atapi_cmd_reply(s, 12, max_len);
1613 break;
1614 case 2:
1615 len = cdrom_read_toc_raw(total_sectors, buf, msf, start_track);
1616 if (len < 0)
1617 goto error_cmd;
1618 ide_atapi_cmd_reply(s, len, max_len);
1619 break;
1620 default:
1621 error_cmd:
1622 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1623 ASC_INV_FIELD_IN_CMD_PACKET);
1624 break;
1625 }
1626 }
1627 break;
1628 case GPCMD_READ_CDVD_CAPACITY:
1629 {
1630 uint64_t total_sectors;
1631
1632 bdrv_get_geometry(s->bs, &total_sectors);
1633 total_sectors >>= 2;
1634 if (total_sectors == 0) {
1635 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1636 ASC_MEDIUM_NOT_PRESENT);
1637 break;
1638 }
1639 /* NOTE: it is really the number of sectors minus 1 */
1640 cpu_to_ube32(buf, total_sectors - 1);
1641 cpu_to_ube32(buf + 4, 2048);
1642 ide_atapi_cmd_reply(s, 8, 8);
1643 }
1644 break;
1645 case GPCMD_READ_DVD_STRUCTURE:
1646 {
1647 int media = packet[1];
1648 int layer = packet[6];
1649 int format = packet[2];
1650 uint64_t total_sectors;
1651
1652 if (media != 0 || layer != 0)
1653 {
1654 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1655 ASC_INV_FIELD_IN_CMD_PACKET);
1656 }
1657
1658 switch (format) {
1659 case 0:
1660 bdrv_get_geometry(s->bs, &total_sectors);
1661 total_sectors >>= 2;
1662 if (total_sectors == 0) {
1663 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1664 ASC_MEDIUM_NOT_PRESENT);
1665 break;
1666 }
1667
1668 memset(buf, 0, 2052);
1669
1670 buf[4] = 1; // DVD-ROM, part version 1
1671 buf[5] = 0xf; // 120mm disc, maximum rate unspecified
1672 buf[6] = 0; // one layer, embossed data
1673 buf[7] = 0;
1674
1675 cpu_to_ube32(buf + 8, 0);
1676 cpu_to_ube32(buf + 12, total_sectors - 1);
1677 cpu_to_ube32(buf + 16, total_sectors - 1);
1678
1679 cpu_to_be16wu((uint16_t *)buf, 2048 + 4);
1680
1681 ide_atapi_cmd_reply(s, 2048 + 3, 2048 + 4);
1682 break;
1683
1684 default:
1685 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1686 ASC_INV_FIELD_IN_CMD_PACKET);
1687 break;
1688 }
1689 }
1690 break;
1691 case GPCMD_SET_SPEED:
1692 ide_atapi_cmd_ok(s);
1693 break;
1694 case GPCMD_INQUIRY:
1695 max_len = packet[4];
1696 buf[0] = 0x05; /* CD-ROM */
1697 buf[1] = 0x80; /* removable */
1698 buf[2] = 0x00; /* ISO */
1699 buf[3] = 0x21; /* ATAPI-2 (XXX: put ATAPI-4 ?) */
1700 buf[4] = 31; /* additional length */
1701 buf[5] = 0; /* reserved */
1702 buf[6] = 0; /* reserved */
1703 buf[7] = 0; /* reserved */
1704 padstr8(buf + 8, 8, "QEMU");
1705 padstr8(buf + 16, 16, "QEMU DVD-ROM");
1706 padstr8(buf + 32, 4, QEMU_VERSION);
1707 ide_atapi_cmd_reply(s, 36, max_len);
1708 break;
1709 case GPCMD_GET_CONFIGURATION:
1710 {
1711 uint32_t len;
1712
1713 /* only feature 0 is supported */
1714 if (packet[2] != 0 || packet[3] != 0) {
1715 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1716 ASC_INV_FIELD_IN_CMD_PACKET);
1717 break;
1718 }
1719
1720 /* XXX: could result in alignment problems in some architectures */
1721 max_len = ube16_to_cpu(packet + 7);
1722 /*
1723 * XXX: avoid overflow for io_buffer if max_len is bigger than the
1724 * size of that buffer (dimensioned to max number of sectors
1725 * to transfer at once)
1726 *
1727 * Only a problem if the feature/profiles grow exponentially.
1728 */
1729 if (max_len > 512) /* XXX: assume 1 sector */
1730 max_len = 512;
1731
1732 memset(buf, 0, max_len);
1733 /*
1734 * the number of sectors from the media tells us which profile
1735 * to use as current. 0 means there is no media
1736 *
1737 * XXX: fails to detect correctly DVDs with less data burned
1738 * than what a CD can hold
1739 */
1740 if ((s -> nb_sectors)) {
1741 if ((s -> nb_sectors > CD_MAX_SECTORS))
1742 cpu_to_ube16(buf + 6, MMC_PROFILE_DVD_ROM);
1743 else
1744 cpu_to_ube16(buf + 6, MMC_PROFILE_CD_ROM);
1745 }
1746
1747 len = 8; /* header completed */
1748 if (max_len > len) {
1749 uint8_t index = 0;
1750
1751 buf[10] = 0x02 | 0x01; /* persistent and current */
1752 len += 4; /* header */
1753 len += ide_atapi_set_profile(buf, &index, MMC_PROFILE_DVD_ROM);
1754 len += ide_atapi_set_profile(buf, &index, MMC_PROFILE_CD_ROM);
1755 }
1756 cpu_to_ube32(buf, len - 4); /* data length */
1757
1758 ide_atapi_cmd_reply(s, len, max_len);
1759 break;
1760 }
1761 default:
1762 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1763 ASC_ILLEGAL_OPCODE);
1764 break;
1765 }
1766 }
1767
1768 static void ide_cfata_metadata_inquiry(IDEState *s)
1769 {
1770 uint16_t *p;
1771 uint32_t spd;
1772
1773 p = (uint16_t *) s->io_buffer;
1774 memset(p, 0, 0x200);
1775 spd = ((s->mdata_size - 1) >> 9) + 1;
1776
1777 put_le16(p + 0, 0x0001); /* Data format revision */
1778 put_le16(p + 1, 0x0000); /* Media property: silicon */
1779 put_le16(p + 2, s->media_changed); /* Media status */
1780 put_le16(p + 3, s->mdata_size & 0xffff); /* Capacity in bytes (low) */
1781 put_le16(p + 4, s->mdata_size >> 16); /* Capacity in bytes (high) */
1782 put_le16(p + 5, spd & 0xffff); /* Sectors per device (low) */
1783 put_le16(p + 6, spd >> 16); /* Sectors per device (high) */
1784 }
1785
1786 static void ide_cfata_metadata_read(IDEState *s)
1787 {
1788 uint16_t *p;
1789
1790 if (((s->hcyl << 16) | s->lcyl) << 9 > s->mdata_size + 2) {
1791 s->status = ERR_STAT;
1792 s->error = ABRT_ERR;
1793 return;
1794 }
1795
1796 p = (uint16_t *) s->io_buffer;
1797 memset(p, 0, 0x200);
1798
1799 put_le16(p + 0, s->media_changed); /* Media status */
1800 memcpy(p + 1, s->mdata_storage + (((s->hcyl << 16) | s->lcyl) << 9),
1801 MIN(MIN(s->mdata_size - (((s->hcyl << 16) | s->lcyl) << 9),
1802 s->nsector << 9), 0x200 - 2));
1803 }
1804
1805 static void ide_cfata_metadata_write(IDEState *s)
1806 {
1807 if (((s->hcyl << 16) | s->lcyl) << 9 > s->mdata_size + 2) {
1808 s->status = ERR_STAT;
1809 s->error = ABRT_ERR;
1810 return;
1811 }
1812
1813 s->media_changed = 0;
1814
1815 memcpy(s->mdata_storage + (((s->hcyl << 16) | s->lcyl) << 9),
1816 s->io_buffer + 2,
1817 MIN(MIN(s->mdata_size - (((s->hcyl << 16) | s->lcyl) << 9),
1818 s->nsector << 9), 0x200 - 2));
1819 }
1820
1821 /* called when the inserted state of the media has changed */
1822 static void cdrom_change_cb(void *opaque)
1823 {
1824 IDEState *s = opaque;
1825 uint64_t nb_sectors;
1826
1827 /* XXX: send interrupt too */
1828 bdrv_get_geometry(s->bs, &nb_sectors);
1829 s->nb_sectors = nb_sectors;
1830 }
1831
1832 static void ide_cmd_lba48_transform(IDEState *s, int lba48)
1833 {
1834 s->lba48 = lba48;
1835
1836 /* handle the 'magic' 0 nsector count conversion here. to avoid
1837 * fiddling with the rest of the read logic, we just store the
1838 * full sector count in ->nsector and ignore ->hob_nsector from now
1839 */
1840 if (!s->lba48) {
1841 if (!s->nsector)
1842 s->nsector = 256;
1843 } else {
1844 if (!s->nsector && !s->hob_nsector)
1845 s->nsector = 65536;
1846 else {
1847 int lo = s->nsector;
1848 int hi = s->hob_nsector;
1849
1850 s->nsector = (hi << 8) | lo;
1851 }
1852 }
1853 }
1854
1855 static void ide_clear_hob(IDEState *ide_if)
1856 {
1857 /* any write clears HOB high bit of device control register */
1858 ide_if[0].select &= ~(1 << 7);
1859 ide_if[1].select &= ~(1 << 7);
1860 }
1861
1862 static void ide_ioport_write(void *opaque, uint32_t addr, uint32_t val)
1863 {
1864 IDEState *ide_if = opaque;
1865 IDEState *s;
1866 int unit, n;
1867 int lba48 = 0;
1868
1869 #ifdef DEBUG_IDE
1870 printf("IDE: write addr=0x%x val=0x%02x\n", addr, val);
1871 #endif
1872
1873 addr &= 7;
1874 switch(addr) {
1875 case 0:
1876 break;
1877 case 1:
1878 ide_clear_hob(ide_if);
1879 /* NOTE: data is written to the two drives */
1880 ide_if[0].hob_feature = ide_if[0].feature;
1881 ide_if[1].hob_feature = ide_if[1].feature;
1882 ide_if[0].feature = val;
1883 ide_if[1].feature = val;
1884 break;
1885 case 2:
1886 ide_clear_hob(ide_if);
1887 ide_if[0].hob_nsector = ide_if[0].nsector;
1888 ide_if[1].hob_nsector = ide_if[1].nsector;
1889 ide_if[0].nsector = val;
1890 ide_if[1].nsector = val;
1891 break;
1892 case 3:
1893 ide_clear_hob(ide_if);
1894 ide_if[0].hob_sector = ide_if[0].sector;
1895 ide_if[1].hob_sector = ide_if[1].sector;
1896 ide_if[0].sector = val;
1897 ide_if[1].sector = val;
1898 break;
1899 case 4:
1900 ide_clear_hob(ide_if);
1901 ide_if[0].hob_lcyl = ide_if[0].lcyl;
1902 ide_if[1].hob_lcyl = ide_if[1].lcyl;
1903 ide_if[0].lcyl = val;
1904 ide_if[1].lcyl = val;
1905 break;
1906 case 5:
1907 ide_clear_hob(ide_if);
1908 ide_if[0].hob_hcyl = ide_if[0].hcyl;
1909 ide_if[1].hob_hcyl = ide_if[1].hcyl;
1910 ide_if[0].hcyl = val;
1911 ide_if[1].hcyl = val;
1912 break;
1913 case 6:
1914 /* FIXME: HOB readback uses bit 7 */
1915 ide_if[0].select = (val & ~0x10) | 0xa0;
1916 ide_if[1].select = (val | 0x10) | 0xa0;
1917 /* select drive */
1918 unit = (val >> 4) & 1;
1919 s = ide_if + unit;
1920 ide_if->cur_drive = s;
1921 break;
1922 default:
1923 case 7:
1924 /* command */
1925 #if defined(DEBUG_IDE)
1926 printf("ide: CMD=%02x\n", val);
1927 #endif
1928 s = ide_if->cur_drive;
1929 /* ignore commands to non existant slave */
1930 if (s != ide_if && !s->bs)
1931 break;
1932
1933 switch(val) {
1934 case WIN_IDENTIFY:
1935 if (s->bs && !s->is_cdrom) {
1936 if (!s->is_cf)
1937 ide_identify(s);
1938 else
1939 ide_cfata_identify(s);
1940 s->status = READY_STAT | SEEK_STAT;
1941 ide_transfer_start(s, s->io_buffer, 512, ide_transfer_stop);
1942 } else {
1943 if (s->is_cdrom) {
1944 ide_set_signature(s);
1945 }
1946 ide_abort_command(s);
1947 }
1948 ide_set_irq(s);
1949 break;
1950 case WIN_SPECIFY:
1951 case WIN_RECAL:
1952 s->error = 0;
1953 s->status = READY_STAT | SEEK_STAT;
1954 ide_set_irq(s);
1955 break;
1956 case WIN_SETMULT:
1957 if (s->is_cf && s->nsector == 0) {
1958 /* Disable Read and Write Multiple */
1959 s->mult_sectors = 0;
1960 s->status = READY_STAT;
1961 } else if ((s->nsector & 0xff) != 0 &&
1962 ((s->nsector & 0xff) > MAX_MULT_SECTORS ||
1963 (s->nsector & (s->nsector - 1)) != 0)) {
1964 ide_abort_command(s);
1965 } else {
1966 s->mult_sectors = s->nsector & 0xff;
1967 s->status = READY_STAT;
1968 }
1969 ide_set_irq(s);
1970 break;
1971 case WIN_VERIFY_EXT:
1972 lba48 = 1;
1973 case WIN_VERIFY:
1974 case WIN_VERIFY_ONCE:
1975 /* do sector number check ? */
1976 ide_cmd_lba48_transform(s, lba48);
1977 s->status = READY_STAT;
1978 ide_set_irq(s);
1979 break;
1980 case WIN_READ_EXT:
1981 lba48 = 1;
1982 case WIN_READ:
1983 case WIN_READ_ONCE:
1984 if (!s->bs)
1985 goto abort_cmd;
1986 ide_cmd_lba48_transform(s, lba48);
1987 s->req_nb_sectors = 1;
1988 ide_sector_read(s);
1989 break;
1990 case WIN_WRITE_EXT:
1991 lba48 = 1;
1992 case WIN_WRITE:
1993 case WIN_WRITE_ONCE:
1994 case CFA_WRITE_SECT_WO_ERASE:
1995 case WIN_WRITE_VERIFY:
1996 ide_cmd_lba48_transform(s, lba48);
1997 s->error = 0;
1998 s->status = SEEK_STAT | READY_STAT;
1999 s->req_nb_sectors = 1;
2000 ide_transfer_start(s, s->io_buffer, 512, ide_sector_write);
2001 s->media_changed = 1;
2002 break;
2003 case WIN_MULTREAD_EXT:
2004 lba48 = 1;
2005 case WIN_MULTREAD:
2006 if (!s->mult_sectors)
2007 goto abort_cmd;
2008 ide_cmd_lba48_transform(s, lba48);
2009 s->req_nb_sectors = s->mult_sectors;
2010 ide_sector_read(s);
2011 break;
2012 case WIN_MULTWRITE_EXT:
2013 lba48 = 1;
2014 case WIN_MULTWRITE:
2015 case CFA_WRITE_MULTI_WO_ERASE:
2016 if (!s->mult_sectors)
2017 goto abort_cmd;
2018 ide_cmd_lba48_transform(s, lba48);
2019 s->error = 0;
2020 s->status = SEEK_STAT | READY_STAT;
2021 s->req_nb_sectors = s->mult_sectors;
2022 n = s->nsector;
2023 if (n > s->req_nb_sectors)
2024 n = s->req_nb_sectors;
2025 ide_transfer_start(s, s->io_buffer, 512 * n, ide_sector_write);
2026 s->media_changed = 1;
2027 break;
2028 case WIN_READDMA_EXT:
2029 lba48 = 1;
2030 case WIN_READDMA:
2031 case WIN_READDMA_ONCE:
2032 if (!s->bs)
2033 goto abort_cmd;
2034 ide_cmd_lba48_transform(s, lba48);
2035 ide_sector_read_dma(s);
2036 break;
2037 case WIN_WRITEDMA_EXT:
2038 lba48 = 1;
2039 case WIN_WRITEDMA:
2040 case WIN_WRITEDMA_ONCE:
2041 if (!s->bs)
2042 goto abort_cmd;
2043 ide_cmd_lba48_transform(s, lba48);
2044 ide_sector_write_dma(s);
2045 s->media_changed = 1;
2046 break;
2047 case WIN_READ_NATIVE_MAX_EXT:
2048 lba48 = 1;
2049 case WIN_READ_NATIVE_MAX:
2050 ide_cmd_lba48_transform(s, lba48);
2051 ide_set_sector(s, s->nb_sectors - 1);
2052 s->status = READY_STAT;
2053 ide_set_irq(s);
2054 break;
2055 case WIN_CHECKPOWERMODE1:
2056 case WIN_CHECKPOWERMODE2:
2057 s->nsector = 0xff; /* device active or idle */
2058 s->status = READY_STAT;
2059 ide_set_irq(s);
2060 break;
2061 case WIN_SETFEATURES:
2062 if (!s->bs)
2063 goto abort_cmd;
2064 /* XXX: valid for CDROM ? */
2065 switch(s->feature) {
2066 case 0xcc: /* reverting to power-on defaults enable */
2067 case 0x66: /* reverting to power-on defaults disable */
2068 case 0x02: /* write cache enable */
2069 case 0x82: /* write cache disable */
2070 case 0xaa: /* read look-ahead enable */
2071 case 0x55: /* read look-ahead disable */
2072 case 0x05: /* set advanced power management mode */
2073 case 0x85: /* disable advanced power management mode */
2074 case 0x69: /* NOP */
2075 case 0x67: /* NOP */
2076 case 0x96: /* NOP */
2077 case 0x9a: /* NOP */
2078 case 0x42: /* enable Automatic Acoustic Mode */
2079 case 0xc2: /* disable Automatic Acoustic Mode */
2080 s->status = READY_STAT | SEEK_STAT;
2081 ide_set_irq(s);
2082 break;
2083 case 0x03: { /* set transfer mode */
2084 uint8_t val = s->nsector & 0x07;
2085
2086 switch (s->nsector >> 3) {
2087 case 0x00: /* pio default */
2088 case 0x01: /* pio mode */
2089 put_le16(s->identify_data + 63,0x07);
2090 put_le16(s->identify_data + 88,0x3f);
2091 break;
2092 case 0x04: /* mdma mode */
2093 put_le16(s->identify_data + 63,0x07 | (1 << (val + 8)));
2094 put_le16(s->identify_data + 88,0x3f);
2095 break;
2096 case 0x08: /* udma mode */
2097 put_le16(s->identify_data + 63,0x07);
2098 put_le16(s->identify_data + 88,0x3f | (1 << (val + 8)));
2099 break;
2100 default:
2101 goto abort_cmd;
2102 }
2103 s->status = READY_STAT | SEEK_STAT;
2104 ide_set_irq(s);
2105 break;
2106 }
2107 default:
2108 goto abort_cmd;
2109 }
2110 break;
2111 case WIN_FLUSH_CACHE:
2112 case WIN_FLUSH_CACHE_EXT:
2113 if (s->bs)
2114 bdrv_flush(s->bs);
2115 s->status = READY_STAT;
2116 ide_set_irq(s);
2117 break;
2118 case WIN_STANDBY:
2119 case WIN_STANDBY2:
2120 case WIN_STANDBYNOW1:
2121 case WIN_STANDBYNOW2:
2122 case WIN_IDLEIMMEDIATE:
2123 case CFA_IDLEIMMEDIATE:
2124 case WIN_SETIDLE1:
2125 case WIN_SETIDLE2:
2126 case WIN_SLEEPNOW1:
2127 case WIN_SLEEPNOW2:
2128 s->status = READY_STAT;
2129 ide_set_irq(s);
2130 break;
2131 /* ATAPI commands */
2132 case WIN_PIDENTIFY:
2133 if (s->is_cdrom) {
2134 ide_atapi_identify(s);
2135 s->status = READY_STAT | SEEK_STAT;
2136 ide_transfer_start(s, s->io_buffer, 512, ide_transfer_stop);
2137 } else {
2138 ide_abort_command(s);
2139 }
2140 ide_set_irq(s);
2141 break;
2142 case WIN_DIAGNOSE:
2143 ide_set_signature(s);
2144 s->status = READY_STAT;
2145 s->error = 0x01;
2146 ide_set_irq(s);
2147 break;
2148 case WIN_SRST:
2149 if (!s->is_cdrom)
2150 goto abort_cmd;
2151 ide_set_signature(s);
2152 s->status = 0x00; /* NOTE: READY is _not_ set */
2153 s->error = 0x01;
2154 break;
2155 case WIN_PACKETCMD:
2156 if (!s->is_cdrom)
2157 goto abort_cmd;
2158 /* overlapping commands not supported */
2159 if (s->feature & 0x02)
2160 goto abort_cmd;
2161 s->status = READY_STAT;
2162 s->atapi_dma = s->feature & 1;
2163 s->nsector = 1;
2164 ide_transfer_start(s, s->io_buffer, ATAPI_PACKET_SIZE,
2165 ide_atapi_cmd);
2166 break;
2167 /* CF-ATA commands */
2168 case CFA_REQ_EXT_ERROR_CODE:
2169 if (!s->is_cf)
2170 goto abort_cmd;
2171 s->error = 0x09; /* miscellaneous error */
2172 s->status = READY_STAT;
2173 ide_set_irq(s);
2174 break;
2175 case CFA_ERASE_SECTORS:
2176 case CFA_WEAR_LEVEL:
2177 if (!s->is_cf)
2178 goto abort_cmd;
2179 if (val == CFA_WEAR_LEVEL)
2180 s->nsector = 0;
2181 if (val == CFA_ERASE_SECTORS)
2182 s->media_changed = 1;
2183 s->error = 0x00;
2184 s->status = READY_STAT;
2185 ide_set_irq(s);
2186 break;
2187 case CFA_TRANSLATE_SECTOR:
2188 if (!s->is_cf)
2189 goto abort_cmd;
2190 s->error = 0x00;
2191 s->status = READY_STAT;
2192 memset(s->io_buffer, 0, 0x200);
2193 s->io_buffer[0x00] = s->hcyl; /* Cyl MSB */
2194 s->io_buffer[0x01] = s->lcyl; /* Cyl LSB */
2195 s->io_buffer[0x02] = s->select; /* Head */
2196 s->io_buffer[0x03] = s->sector; /* Sector */
2197 s->io_buffer[0x04] = ide_get_sector(s) >> 16; /* LBA MSB */
2198 s->io_buffer[0x05] = ide_get_sector(s) >> 8; /* LBA */
2199 s->io_buffer[0x06] = ide_get_sector(s) >> 0; /* LBA LSB */
2200 s->io_buffer[0x13] = 0x00; /* Erase flag */
2201 s->io_buffer[0x18] = 0x00; /* Hot count */
2202 s->io_buffer[0x19] = 0x00; /* Hot count */
2203 s->io_buffer[0x1a] = 0x01; /* Hot count */
2204 ide_transfer_start(s, s->io_buffer, 0x200, ide_transfer_stop);
2205 ide_set_irq(s);
2206 break;
2207 case CFA_ACCESS_METADATA_STORAGE:
2208 if (!s->is_cf)
2209 goto abort_cmd;
2210 switch (s->feature) {
2211 case 0x02: /* Inquiry Metadata Storage */
2212 ide_cfata_metadata_inquiry(s);
2213 break;
2214 case 0x03: /* Read Metadata Storage */
2215 ide_cfata_metadata_read(s);
2216 break;
2217 case 0x04: /* Write Metadata Storage */
2218 ide_cfata_metadata_write(s);
2219 break;
2220 default:
2221 goto abort_cmd;
2222 }
2223 ide_transfer_start(s, s->io_buffer, 0x200, ide_transfer_stop);
2224 s->status = 0x00; /* NOTE: READY is _not_ set */
2225 ide_set_irq(s);
2226 break;
2227 case IBM_SENSE_CONDITION:
2228 if (!s->is_cf)
2229 goto abort_cmd;
2230 switch (s->feature) {
2231 case 0x01: /* sense temperature in device */
2232 s->nsector = 0x50; /* +20 C */
2233 break;
2234 default:
2235 goto abort_cmd;
2236 }
2237 s->status = READY_STAT;
2238 ide_set_irq(s);
2239 break;
2240 default:
2241 abort_cmd:
2242 ide_abort_command(s);
2243 ide_set_irq(s);
2244 break;
2245 }
2246 }
2247 }
2248
2249 static uint32_t ide_ioport_read(void *opaque, uint32_t addr1)
2250 {
2251 IDEState *ide_if = opaque;
2252 IDEState *s = ide_if->cur_drive;
2253 uint32_t addr;
2254 int ret, hob;
2255
2256 addr = addr1 & 7;
2257 /* FIXME: HOB readback uses bit 7, but it's always set right now */
2258 //hob = s->select & (1 << 7);
2259 hob = 0;
2260 switch(addr) {
2261 case 0:
2262 ret = 0xff;
2263 break;
2264 case 1:
2265 if (!ide_if[0].bs && !ide_if[1].bs)
2266 ret = 0;
2267 else if (!hob)
2268 ret = s->error;
2269 else
2270 ret = s->hob_feature;
2271 break;
2272 case 2:
2273 if (!ide_if[0].bs && !ide_if[1].bs)
2274 ret = 0;
2275 else if (!hob)
2276 ret = s->nsector & 0xff;
2277 else
2278 ret = s->hob_nsector;
2279 break;
2280 case 3:
2281 if (!ide_if[0].bs && !ide_if[1].bs)
2282 ret = 0;
2283 else if (!hob)
2284 ret = s->sector;
2285 else
2286 ret = s->hob_sector;
2287 break;
2288 case 4:
2289 if (!ide_if[0].bs && !ide_if[1].bs)
2290 ret = 0;
2291 else if (!hob)
2292 ret = s->lcyl;
2293 else
2294 ret = s->hob_lcyl;
2295 break;
2296 case 5:
2297 if (!ide_if[0].bs && !ide_if[1].bs)
2298 ret = 0;
2299 else if (!hob)
2300 ret = s->hcyl;
2301 else
2302 ret = s->hob_hcyl;
2303 break;
2304 case 6:
2305 if (!ide_if[0].bs && !ide_if[1].bs)
2306 ret = 0;
2307 else
2308 ret = s->select;
2309 break;
2310 default:
2311 case 7:
2312 if ((!ide_if[0].bs && !ide_if[1].bs) ||
2313 (s != ide_if && !s->bs))
2314 ret = 0;
2315 else
2316 ret = s->status;
2317 qemu_irq_lower(s->irq);
2318 break;
2319 }
2320 #ifdef DEBUG_IDE
2321 printf("ide: read addr=0x%x val=%02x\n", addr1, ret);
2322 #endif
2323 return ret;
2324 }
2325
2326 static uint32_t ide_status_read(void *opaque, uint32_t addr)
2327 {
2328 IDEState *ide_if = opaque;
2329 IDEState *s = ide_if->cur_drive;
2330 int ret;
2331
2332 if ((!ide_if[0].bs && !ide_if[1].bs) ||
2333 (s != ide_if && !s->bs))
2334 ret = 0;
2335 else
2336 ret = s->status;
2337 #ifdef DEBUG_IDE
2338 printf("ide: read status addr=0x%x val=%02x\n", addr, ret);
2339 #endif
2340 return ret;
2341 }
2342
2343 static void ide_cmd_write(void *opaque, uint32_t addr, uint32_t val)
2344 {
2345 IDEState *ide_if = opaque;
2346 IDEState *s;
2347 int i;
2348
2349 #ifdef DEBUG_IDE
2350 printf("ide: write control addr=0x%x val=%02x\n", addr, val);
2351 #endif
2352 /* common for both drives */
2353 if (!(ide_if[0].cmd & IDE_CMD_RESET) &&
2354 (val & IDE_CMD_RESET)) {
2355 /* reset low to high */
2356 for(i = 0;i < 2; i++) {
2357 s = &ide_if[i];
2358 s->status = BUSY_STAT | SEEK_STAT;
2359 s->error = 0x01;
2360 }
2361 } else if ((ide_if[0].cmd & IDE_CMD_RESET) &&
2362 !(val & IDE_CMD_RESET)) {
2363 /* high to low */
2364 for(i = 0;i < 2; i++) {
2365 s = &ide_if[i];
2366 if (s->is_cdrom)
2367 s->status = 0x00; /* NOTE: READY is _not_ set */
2368 else
2369 s->status = READY_STAT | SEEK_STAT;
2370 ide_set_signature(s);
2371 }
2372 }
2373
2374 ide_if[0].cmd = val;
2375 ide_if[1].cmd = val;
2376 }
2377
2378 static void ide_data_writew(void *opaque, uint32_t addr, uint32_t val)
2379 {
2380 IDEState *s = ((IDEState *)opaque)->cur_drive;
2381 uint8_t *p;
2382
2383 p = s->data_ptr;
2384 *(uint16_t *)p = le16_to_cpu(val);
2385 p += 2;
2386 s->data_ptr = p;
2387 if (p >= s->data_end)
2388 s->end_transfer_func(s);
2389 }
2390
2391 static uint32_t ide_data_readw(void *opaque, uint32_t addr)
2392 {
2393 IDEState *s = ((IDEState *)opaque)->cur_drive;
2394 uint8_t *p;
2395 int ret;
2396 p = s->data_ptr;
2397 ret = cpu_to_le16(*(uint16_t *)p);
2398 p += 2;
2399 s->data_ptr = p;
2400 if (p >= s->data_end)
2401 s->end_transfer_func(s);
2402 return ret;
2403 }
2404
2405 static void ide_data_writel(void *opaque, uint32_t addr, uint32_t val)
2406 {
2407 IDEState *s = ((IDEState *)opaque)->cur_drive;
2408 uint8_t *p;
2409
2410 p = s->data_ptr;
2411 *(uint32_t *)p = le32_to_cpu(val);
2412 p += 4;
2413 s->data_ptr = p;
2414 if (p >= s->data_end)
2415 s->end_transfer_func(s);
2416 }
2417
2418 static uint32_t ide_data_readl(void *opaque, uint32_t addr)
2419 {
2420 IDEState *s = ((IDEState *)opaque)->cur_drive;
2421 uint8_t *p;
2422 int ret;
2423
2424 p = s->data_ptr;
2425 ret = cpu_to_le32(*(uint32_t *)p);
2426 p += 4;
2427 s->data_ptr = p;
2428 if (p >= s->data_end)
2429 s->end_transfer_func(s);
2430 return ret;
2431 }
2432
2433 static void ide_dummy_transfer_stop(IDEState *s)
2434 {
2435 s->data_ptr = s->io_buffer;
2436 s->data_end = s->io_buffer;
2437 s->io_buffer[0] = 0xff;
2438 s->io_buffer[1] = 0xff;
2439 s->io_buffer[2] = 0xff;
2440 s->io_buffer[3] = 0xff;
2441 }
2442
2443 static void ide_reset(IDEState *s)
2444 {
2445 if (s->is_cf)
2446 s->mult_sectors = 0;
2447 else
2448 s->mult_sectors = MAX_MULT_SECTORS;
2449 s->cur_drive = s;
2450 s->select = 0xa0;
2451 s->status = READY_STAT;
2452 ide_set_signature(s);
2453 /* init the transfer handler so that 0xffff is returned on data
2454 accesses */
2455 s->end_transfer_func = ide_dummy_transfer_stop;
2456 ide_dummy_transfer_stop(s);
2457 s->media_changed = 0;
2458 }
2459
2460 static void ide_init2(IDEState *ide_state,
2461 BlockDriverState *hd0, BlockDriverState *hd1,
2462 qemu_irq irq)
2463 {
2464 IDEState *s;
2465 static int drive_serial = 1;
2466 int i, cylinders, heads, secs;
2467 uint64_t nb_sectors;
2468
2469 for(i = 0; i < 2; i++) {
2470 s = ide_state + i;
2471 s->io_buffer = qemu_memalign(512, MAX_MULT_SECTORS*512 + 4);
2472 if (i == 0)
2473 s->bs = hd0;
2474 else
2475 s->bs = hd1;
2476 if (s->bs) {
2477 bdrv_get_geometry(s->bs, &nb_sectors);
2478 bdrv_guess_geometry(s->bs, &cylinders, &heads, &secs);
2479 s->cylinders = cylinders;
2480 s->heads = heads;
2481 s->sectors = secs;
2482 s->nb_sectors = nb_sectors;
2483
2484 if (bdrv_get_type_hint(s->bs) == BDRV_TYPE_CDROM) {
2485 s->is_cdrom = 1;
2486 bdrv_set_change_cb(s->bs, cdrom_change_cb, s);
2487 }
2488 }
2489 s->drive_serial = drive_serial++;
2490 s->irq = irq;
2491 s->sector_write_timer = qemu_new_timer(vm_clock,
2492 ide_sector_write_timer_cb, s);
2493 ide_reset(s);
2494 }
2495 }
2496
2497 static void ide_init_ioport(IDEState *ide_state, int iobase, int iobase2)
2498 {
2499 register_ioport_write(iobase, 8, 1, ide_ioport_write, ide_state);
2500 register_ioport_read(iobase, 8, 1, ide_ioport_read, ide_state);
2501 if (iobase2) {
2502 register_ioport_read(iobase2, 1, 1, ide_status_read, ide_state);
2503 register_ioport_write(iobase2, 1, 1, ide_cmd_write, ide_state);
2504 }
2505
2506 /* data ports */
2507 register_ioport_write(iobase, 2, 2, ide_data_writew, ide_state);
2508 register_ioport_read(iobase, 2, 2, ide_data_readw, ide_state);
2509 register_ioport_write(iobase, 4, 4, ide_data_writel, ide_state);
2510 register_ioport_read(iobase, 4, 4, ide_data_readl, ide_state);
2511 }
2512
2513 /* save per IDE drive data */
2514 static void ide_save(QEMUFile* f, IDEState *s)
2515 {
2516 qemu_put_be32(f, s->mult_sectors);
2517 qemu_put_be32(f, s->identify_set);
2518 if (s->identify_set) {
2519 qemu_put_buffer(f, (const uint8_t *)s->identify_data, 512);
2520 }
2521 qemu_put_8s(f, &s->feature);
2522 qemu_put_8s(f, &s->error);
2523 qemu_put_be32s(f, &s->nsector);
2524 qemu_put_8s(f, &s->sector);
2525 qemu_put_8s(f, &s->lcyl);
2526 qemu_put_8s(f, &s->hcyl);
2527 qemu_put_8s(f, &s->hob_feature);
2528 qemu_put_8s(f, &s->hob_nsector);
2529 qemu_put_8s(f, &s->hob_sector);
2530 qemu_put_8s(f, &s->hob_lcyl);
2531 qemu_put_8s(f, &s->hob_hcyl);
2532 qemu_put_8s(f, &s->select);
2533 qemu_put_8s(f, &s->status);
2534 qemu_put_8s(f, &s->lba48);
2535
2536 qemu_put_8s(f, &s->sense_key);
2537 qemu_put_8s(f, &s->asc);
2538 /* XXX: if a transfer is pending, we do not save it yet */
2539 }
2540
2541 /* load per IDE drive data */
2542 static void ide_load(QEMUFile* f, IDEState *s)
2543 {
2544 s->mult_sectors=qemu_get_be32(f);
2545 s->identify_set=qemu_get_be32(f);
2546 if (s->identify_set) {
2547 qemu_get_buffer(f, (uint8_t *)s->identify_data, 512);
2548 }
2549 qemu_get_8s(f, &s->feature);
2550 qemu_get_8s(f, &s->error);
2551 qemu_get_be32s(f, &s->nsector);
2552 qemu_get_8s(f, &s->sector);
2553 qemu_get_8s(f, &s->lcyl);
2554 qemu_get_8s(f, &s->hcyl);
2555 qemu_get_8s(f, &s->hob_feature);
2556 qemu_get_8s(f, &s->hob_nsector);
2557 qemu_get_8s(f, &s->hob_sector);
2558 qemu_get_8s(f, &s->hob_lcyl);
2559 qemu_get_8s(f, &s->hob_hcyl);
2560 qemu_get_8s(f, &s->select);
2561 qemu_get_8s(f, &s->status);
2562 qemu_get_8s(f, &s->lba48);
2563
2564 qemu_get_8s(f, &s->sense_key);
2565 qemu_get_8s(f, &s->asc);
2566 /* XXX: if a transfer is pending, we do not save it yet */
2567 }
2568
2569 /***********************************************************/
2570 /* ISA IDE definitions */
2571
2572 void isa_ide_init(int iobase, int iobase2, qemu_irq irq,
2573 BlockDriverState *hd0, BlockDriverState *hd1)
2574 {
2575 IDEState *ide_state;
2576
2577 ide_state = qemu_mallocz(sizeof(IDEState) * 2);
2578 if (!ide_state)
2579 return;
2580
2581 ide_init2(ide_state, hd0, hd1, irq);
2582 ide_init_ioport(ide_state, iobase, iobase2);
2583 }
2584
2585 /***********************************************************/
2586 /* PCI IDE definitions */
2587
2588 static void cmd646_update_irq(PCIIDEState *d);
2589
2590 static void ide_map(PCIDevice *pci_dev, int region_num,
2591 uint32_t addr, uint32_t size, int type)
2592 {
2593 PCIIDEState *d = (PCIIDEState *)pci_dev;
2594 IDEState *ide_state;
2595
2596 if (region_num <= 3) {
2597 ide_state = &d->ide_if[(region_num >> 1) * 2];
2598 if (region_num & 1) {
2599 register_ioport_read(addr + 2, 1, 1, ide_status_read, ide_state);
2600 register_ioport_write(addr + 2, 1, 1, ide_cmd_write, ide_state);
2601 } else {
2602 register_ioport_write(addr, 8, 1, ide_ioport_write, ide_state);
2603 register_ioport_read(addr, 8, 1, ide_ioport_read, ide_state);
2604
2605 /* data ports */
2606 register_ioport_write(addr, 2, 2, ide_data_writew, ide_state);
2607 register_ioport_read(addr, 2, 2, ide_data_readw, ide_state);
2608 register_ioport_write(addr, 4, 4, ide_data_writel, ide_state);
2609 register_ioport_read(addr, 4, 4, ide_data_readl, ide_state);
2610 }
2611 }
2612 }
2613
2614 static void ide_dma_start(IDEState *s, BlockDriverCompletionFunc *dma_cb)
2615 {
2616 BMDMAState *bm = s->bmdma;
2617 if(!bm)
2618 return;
2619 bm->ide_if = s;
2620 bm->dma_cb = dma_cb;
2621 bm->cur_prd_last = 0;
2622 bm->cur_prd_addr = 0;
2623 bm->cur_prd_len = 0;
2624 if (bm->status & BM_STATUS_DMAING) {
2625 bm->dma_cb(bm, 0);
2626 }
2627 }
2628
2629 static void bmdma_cmd_writeb(void *opaque, uint32_t addr, uint32_t val)
2630 {
2631 BMDMAState *bm = opaque;
2632 #ifdef DEBUG_IDE
2633 printf("%s: 0x%08x\n", __func__, val);
2634 #endif
2635 if (!(val & BM_CMD_START)) {
2636 /* XXX: do it better */
2637 if (bm->status & BM_STATUS_DMAING) {
2638 bm->status &= ~BM_STATUS_DMAING;
2639 /* cancel DMA request */
2640 bm->ide_if = NULL;
2641 bm->dma_cb = NULL;
2642 if (bm->aiocb) {
2643 #ifdef DEBUG_AIO
2644 printf("aio_cancel\n");
2645 #endif
2646 bdrv_aio_cancel(bm->aiocb);
2647 bm->aiocb = NULL;
2648 }
2649 }
2650 bm->cmd = val & 0x09;
2651 } else {
2652 if (!(bm->status & BM_STATUS_DMAING)) {
2653 bm->status |= BM_STATUS_DMAING;
2654 /* start dma transfer if possible */
2655 if (bm->dma_cb)
2656 bm->dma_cb(bm, 0);
2657 }
2658 bm->cmd = val & 0x09;
2659 }
2660 }
2661
2662 static uint32_t bmdma_readb(void *opaque, uint32_t addr)
2663 {
2664 BMDMAState *bm = opaque;
2665 PCIIDEState *pci_dev;
2666 uint32_t val;
2667
2668 switch(addr & 3) {
2669 case 0:
2670 val = bm->cmd;
2671 break;
2672 case 1:
2673 pci_dev = bm->pci_dev;
2674 if (pci_dev->type == IDE_TYPE_CMD646) {
2675 val = pci_dev->dev.config[MRDMODE];
2676 } else {
2677 val = 0xff;
2678 }
2679 break;
2680 case 2:
2681 val = bm->status;
2682 break;
2683 case 3:
2684 pci_dev = bm->pci_dev;
2685 if (pci_dev->type == IDE_TYPE_CMD646) {
2686 if (bm == &pci_dev->bmdma[0])
2687 val = pci_dev->dev.config[UDIDETCR0];
2688 else
2689 val = pci_dev->dev.config[UDIDETCR1];
2690 } else {
2691 val = 0xff;
2692 }
2693 break;
2694 default:
2695 val = 0xff;
2696 break;
2697 }
2698 #ifdef DEBUG_IDE
2699 printf("bmdma: readb 0x%02x : 0x%02x\n", addr, val);
2700 #endif
2701 return val;
2702 }
2703
2704 static void bmdma_writeb(void *opaque, uint32_t addr, uint32_t val)
2705 {
2706 BMDMAState *bm = opaque;
2707 PCIIDEState *pci_dev;
2708 #ifdef DEBUG_IDE
2709 printf("bmdma: writeb 0x%02x : 0x%02x\n", addr, val);
2710 #endif
2711 switch(addr & 3) {
2712 case 1:
2713 pci_dev = bm->pci_dev;
2714 if (pci_dev->type == IDE_TYPE_CMD646) {
2715 pci_dev->dev.config[MRDMODE] =
2716 (pci_dev->dev.config[MRDMODE] & ~0x30) | (val & 0x30);
2717 cmd646_update_irq(pci_dev);
2718 }
2719 break;
2720 case 2:
2721 bm->status = (val & 0x60) | (bm->status & 1) | (bm->status & ~val & 0x06);
2722 break;
2723 case 3:
2724 pci_dev = bm->pci_dev;
2725 if (pci_dev->type == IDE_TYPE_CMD646) {
2726 if (bm == &pci_dev->bmdma[0])
2727 pci_dev->dev.config[UDIDETCR0] = val;
2728 else
2729 pci_dev->dev.config[UDIDETCR1] = val;
2730 }
2731 break;
2732 }
2733 }
2734
2735 static uint32_t bmdma_addr_readl(void *opaque, uint32_t addr)
2736 {
2737 BMDMAState *bm = opaque;
2738 uint32_t val;
2739 val = bm->addr;
2740 #ifdef DEBUG_IDE
2741 printf("%s: 0x%08x\n", __func__, val);
2742 #endif
2743 return val;
2744 }
2745
2746 static void bmdma_addr_writel(void *opaque, uint32_t addr, uint32_t val)
2747 {
2748 BMDMAState *bm = opaque;
2749 #ifdef DEBUG_IDE
2750 printf("%s: 0x%08x\n", __func__, val);
2751 #endif
2752 bm->addr = val & ~3;
2753 bm->cur_addr = bm->addr;
2754 }
2755
2756 static void bmdma_map(PCIDevice *pci_dev, int region_num,
2757 uint32_t addr, uint32_t size, int type)
2758 {
2759 PCIIDEState *d = (PCIIDEState *)pci_dev;
2760 int i;
2761
2762 for(i = 0;i < 2; i++) {
2763 BMDMAState *bm = &d->bmdma[i];
2764 d->ide_if[2 * i].bmdma = bm;
2765 d->ide_if[2 * i + 1].bmdma = bm;
2766 bm->pci_dev = (PCIIDEState *)pci_dev;
2767
2768 register_ioport_write(addr, 1, 1, bmdma_cmd_writeb, bm);
2769
2770 register_ioport_write(addr + 1, 3, 1, bmdma_writeb, bm);
2771 register_ioport_read(addr, 4, 1, bmdma_readb, bm);
2772
2773 register_ioport_write(addr + 4, 4, 4, bmdma_addr_writel, bm);
2774 register_ioport_read(addr + 4, 4, 4, bmdma_addr_readl, bm);
2775 addr += 8;
2776 }
2777 }
2778
2779 /* XXX: call it also when the MRDMODE is changed from the PCI config
2780 registers */
2781 static void cmd646_update_irq(PCIIDEState *d)
2782 {
2783 int pci_level;
2784 pci_level = ((d->dev.config[MRDMODE] & MRDMODE_INTR_CH0) &&
2785 !(d->dev.config[MRDMODE] & MRDMODE_BLK_CH0)) ||
2786 ((d->dev.config[MRDMODE] & MRDMODE_INTR_CH1) &&
2787 !(d->dev.config[MRDMODE] & MRDMODE_BLK_CH1));
2788 qemu_set_irq(d->dev.irq[0], pci_level);
2789 }
2790
2791 /* the PCI irq level is the logical OR of the two channels */
2792 static void cmd646_set_irq(void *opaque, int channel, int level)
2793 {
2794 PCIIDEState *d = opaque;
2795 int irq_mask;
2796
2797 irq_mask = MRDMODE_INTR_CH0 << channel;
2798 if (level)
2799 d->dev.config[MRDMODE] |= irq_mask;
2800 else
2801 d->dev.config[MRDMODE] &= ~irq_mask;
2802 cmd646_update_irq(d);
2803 }
2804
2805 /* CMD646 PCI IDE controller */
2806 void pci_cmd646_ide_init(PCIBus *bus, BlockDriverState **hd_table,
2807 int secondary_ide_enabled)
2808 {
2809 PCIIDEState *d;
2810 uint8_t *pci_conf;
2811 int i;
2812 qemu_irq *irq;
2813
2814 d = (PCIIDEState *)pci_register_device(bus, "CMD646 IDE",
2815 sizeof(PCIIDEState),
2816 -1,
2817 NULL, NULL);
2818 d->type = IDE_TYPE_CMD646;
2819 pci_conf = d->dev.config;
2820 pci_conf[0x00] = 0x95; // CMD646
2821 pci_conf[0x01] = 0x10;
2822 pci_conf[0x02] = 0x46;
2823 pci_conf[0x03] = 0x06;
2824
2825 pci_conf[0x08] = 0x07; // IDE controller revision
2826 pci_conf[0x09] = 0x8f;
2827
2828 pci_conf[0x0a] = 0x01; // class_sub = PCI_IDE
2829 pci_conf[0x0b] = 0x01; // class_base = PCI_mass_storage
2830 pci_conf[0x0e] = 0x00; // header_type
2831
2832 if (secondary_ide_enabled) {
2833 /* XXX: if not enabled, really disable the seconday IDE controller */
2834 pci_conf[0x51] = 0x80; /* enable IDE1 */
2835 }
2836
2837 pci_register_io_region((PCIDevice *)d, 0, 0x8,
2838 PCI_ADDRESS_SPACE_IO, ide_map);
2839 pci_register_io_region((PCIDevice *)d, 1, 0x4,
2840 PCI_ADDRESS_SPACE_IO, ide_map);
2841 pci_register_io_region((PCIDevice *)d, 2, 0x8,
2842 PCI_ADDRESS_SPACE_IO, ide_map);
2843 pci_register_io_region((PCIDevice *)d, 3, 0x4,
2844 PCI_ADDRESS_SPACE_IO, ide_map);
2845 pci_register_io_region((PCIDevice *)d, 4, 0x10,
2846 PCI_ADDRESS_SPACE_IO, bmdma_map);
2847
2848 pci_conf[0x3d] = 0x01; // interrupt on pin 1
2849
2850 for(i = 0; i < 4; i++)
2851 d->ide_if[i].pci_dev = (PCIDevice *)d;
2852
2853 irq = qemu_allocate_irqs(cmd646_set_irq, d, 2);
2854 ide_init2(&d->ide_if[0], hd_table[0], hd_table[1], irq[0]);
2855 ide_init2(&d->ide_if[2], hd_table[2], hd_table[3], irq[1]);
2856 }
2857
2858 static void pci_ide_save(QEMUFile* f, void *opaque)
2859 {
2860 PCIIDEState *d = opaque;
2861 int i;
2862
2863 pci_device_save(&d->dev, f);
2864
2865 for(i = 0; i < 2; i++) {
2866 BMDMAState *bm = &d->bmdma[i];
2867 qemu_put_8s(f, &bm->cmd);
2868 qemu_put_8s(f, &bm->status);
2869 qemu_put_be32s(f, &bm->addr);
2870 /* XXX: if a transfer is pending, we do not save it yet */
2871 }
2872
2873 /* per IDE interface data */
2874 for(i = 0; i < 2; i++) {
2875 IDEState *s = &d->ide_if[i * 2];
2876 uint8_t drive1_selected;
2877 qemu_put_8s(f, &s->cmd);
2878 drive1_selected = (s->cur_drive != s);
2879 qemu_put_8s(f, &drive1_selected);
2880 }
2881
2882 /* per IDE drive data */
2883 for(i = 0; i < 4; i++) {
2884 ide_save(f, &d->ide_if[i]);
2885 }
2886 }
2887
2888 static int pci_ide_load(QEMUFile* f, void *opaque, int version_id)
2889 {
2890 PCIIDEState *d = opaque;
2891 int ret, i;
2892
2893 if (version_id != 1)
2894 return -EINVAL;
2895 ret = pci_device_load(&d->dev, f);
2896 if (ret < 0)
2897 return ret;
2898
2899 for(i = 0; i < 2; i++) {
2900 BMDMAState *bm = &d->bmdma[i];
2901 qemu_get_8s(f, &bm->cmd);
2902 qemu_get_8s(f, &bm->status);
2903 qemu_get_be32s(f, &bm->addr);
2904 /* XXX: if a transfer is pending, we do not save it yet */
2905 }
2906
2907 /* per IDE interface data */
2908 for(i = 0; i < 2; i++) {
2909 IDEState *s = &d->ide_if[i * 2];
2910 uint8_t drive1_selected;
2911 qemu_get_8s(f, &s->cmd);
2912 qemu_get_8s(f, &drive1_selected);
2913 s->cur_drive = &d->ide_if[i * 2 + (drive1_selected != 0)];
2914 }
2915
2916 /* per IDE drive data */
2917 for(i = 0; i < 4; i++) {
2918 ide_load(f, &d->ide_if[i]);
2919 }
2920 return 0;
2921 }
2922
2923 static void piix3_reset(PCIIDEState *d)
2924 {
2925 uint8_t *pci_conf = d->dev.config;
2926
2927 pci_conf[0x04] = 0x00;
2928 pci_conf[0x05] = 0x00;
2929 pci_conf[0x06] = 0x80; /* FBC */
2930 pci_conf[0x07] = 0x02; // PCI_status_devsel_medium
2931 pci_conf[0x20] = 0x01; /* BMIBA: 20-23h */
2932 }
2933
2934 /* hd_table must contain 4 block drivers */
2935 /* NOTE: for the PIIX3, the IRQs and IOports are hardcoded */
2936 void pci_piix3_ide_init(PCIBus *bus, BlockDriverState **hd_table, int devfn,
2937 qemu_irq *pic)
2938 {
2939 PCIIDEState *d;
2940 uint8_t *pci_conf;
2941
2942 /* register a function 1 of PIIX3 */
2943 d = (PCIIDEState *)pci_register_device(bus, "PIIX3 IDE",
2944 sizeof(PCIIDEState),
2945 devfn,
2946 NULL, NULL);
2947 d->type = IDE_TYPE_PIIX3;
2948
2949 pci_conf = d->dev.config;
2950 pci_conf[0x00] = 0x86; // Intel
2951 pci_conf[0x01] = 0x80;
2952 pci_conf[0x02] = 0x10;
2953 pci_conf[0x03] = 0x70;
2954 pci_conf[0x09] = 0x80; // legacy ATA mode
2955 pci_conf[0x0a] = 0x01; // class_sub = PCI_IDE
2956 pci_conf[0x0b] = 0x01; // class_base = PCI_mass_storage
2957 pci_conf[0x0e] = 0x00; // header_type
2958
2959 piix3_reset(d);
2960
2961 pci_register_io_region((PCIDevice *)d, 4, 0x10,
2962 PCI_ADDRESS_SPACE_IO, bmdma_map);
2963
2964 ide_init2(&d->ide_if[0], hd_table[0], hd_table[1], pic[14]);
2965 ide_init2(&d->ide_if[2], hd_table[2], hd_table[3], pic[15]);
2966 ide_init_ioport(&d->ide_if[0], 0x1f0, 0x3f6);
2967 ide_init_ioport(&d->ide_if[2], 0x170, 0x376);
2968
2969 register_savevm("ide", 0, 1, pci_ide_save, pci_ide_load, d);
2970 }
2971
2972 /* hd_table must contain 4 block drivers */
2973 /* NOTE: for the PIIX4, the IRQs and IOports are hardcoded */
2974 void pci_piix4_ide_init(PCIBus *bus, BlockDriverState **hd_table, int devfn,
2975 qemu_irq *pic)
2976 {
2977 PCIIDEState *d;
2978 uint8_t *pci_conf;
2979
2980 /* register a function 1 of PIIX4 */
2981 d = (PCIIDEState *)pci_register_device(bus, "PIIX4 IDE",
2982 sizeof(PCIIDEState),
2983 devfn,
2984 NULL, NULL);
2985 d->type = IDE_TYPE_PIIX4;
2986
2987 pci_conf = d->dev.config;
2988 pci_conf[0x00] = 0x86; // Intel
2989 pci_conf[0x01] = 0x80;
2990 pci_conf[0x02] = 0x11;
2991 pci_conf[0x03] = 0x71;
2992 pci_conf[0x09] = 0x80; // legacy ATA mode
2993 pci_conf[0x0a] = 0x01; // class_sub = PCI_IDE
2994 pci_conf[0x0b] = 0x01; // class_base = PCI_mass_storage
2995 pci_conf[0x0e] = 0x00; // header_type
2996
2997 piix3_reset(d);
2998
2999 pci_register_io_region((PCIDevice *)d, 4, 0x10,
3000 PCI_ADDRESS_SPACE_IO, bmdma_map);
3001
3002 ide_init2(&d->ide_if[0], hd_table[0], hd_table[1], pic[14]);
3003 ide_init2(&d->ide_if[2], hd_table[2], hd_table[3], pic[15]);
3004 ide_init_ioport(&d->ide_if[0], 0x1f0, 0x3f6);
3005 ide_init_ioport(&d->ide_if[2], 0x170, 0x376);
3006
3007 register_savevm("ide", 0, 1, pci_ide_save, pci_ide_load, d);
3008 }
3009
3010 /***********************************************************/
3011 /* MacIO based PowerPC IDE */
3012
3013 /* PowerMac IDE memory IO */
3014 static void pmac_ide_writeb (void *opaque,
3015 target_phys_addr_t addr, uint32_t val)
3016 {
3017 addr = (addr & 0xFFF) >> 4;
3018 switch (addr) {
3019 case 1 ... 7:
3020 ide_ioport_write(opaque, addr, val);
3021 break;
3022 case 8:
3023 case 22:
3024 ide_cmd_write(opaque, 0, val);
3025 break;
3026 default:
3027 break;
3028 }
3029 }
3030
3031 static uint32_t pmac_ide_readb (void *opaque,target_phys_addr_t addr)
3032 {
3033 uint8_t retval;
3034
3035 addr = (addr & 0xFFF) >> 4;
3036 switch (addr) {
3037 case 1 ... 7:
3038 retval = ide_ioport_read(opaque, addr);
3039 break;
3040 case 8:
3041 case 22:
3042 retval = ide_status_read(opaque, 0);
3043 break;
3044 default:
3045 retval = 0xFF;
3046 break;
3047 }
3048 return retval;
3049 }
3050
3051 static void pmac_ide_writew (void *opaque,
3052 target_phys_addr_t addr, uint32_t val)
3053 {
3054 addr = (addr & 0xFFF) >> 4;
3055 #ifdef TARGET_WORDS_BIGENDIAN
3056 val = bswap16(val);
3057 #endif
3058 if (addr == 0) {
3059 ide_data_writew(opaque, 0, val);
3060 }
3061 }
3062
3063 static uint32_t pmac_ide_readw (void *opaque,target_phys_addr_t addr)
3064 {
3065 uint16_t retval;
3066
3067 addr = (addr & 0xFFF) >> 4;
3068 if (addr == 0) {
3069 retval = ide_data_readw(opaque, 0);
3070 } else {
3071 retval = 0xFFFF;
3072 }
3073 #ifdef TARGET_WORDS_BIGENDIAN
3074 retval = bswap16(retval);
3075 #endif
3076 return retval;
3077 }
3078
3079 static void pmac_ide_writel (void *opaque,
3080 target_phys_addr_t addr, uint32_t val)
3081 {
3082 addr = (addr & 0xFFF) >> 4;
3083 #ifdef TARGET_WORDS_BIGENDIAN
3084 val = bswap32(val);
3085 #endif
3086 if (addr == 0) {
3087 ide_data_writel(opaque, 0, val);
3088 }
3089 }
3090
3091 static uint32_t pmac_ide_readl (void *opaque,target_phys_addr_t addr)
3092 {
3093 uint32_t retval;
3094
3095 addr = (addr & 0xFFF) >> 4;
3096 if (addr == 0) {
3097 retval = ide_data_readl(opaque, 0);
3098 } else {
3099 retval = 0xFFFFFFFF;
3100 }
3101 #ifdef TARGET_WORDS_BIGENDIAN
3102 retval = bswap32(retval);
3103 #endif
3104 return retval;
3105 }
3106
3107 static CPUWriteMemoryFunc *pmac_ide_write[] = {
3108 pmac_ide_writeb,
3109 pmac_ide_writew,
3110 pmac_ide_writel,
3111 };
3112
3113 static CPUReadMemoryFunc *pmac_ide_read[] = {
3114 pmac_ide_readb,
3115 pmac_ide_readw,
3116 pmac_ide_readl,
3117 };
3118
3119 /* hd_table must contain 4 block drivers */
3120 /* PowerMac uses memory mapped registers, not I/O. Return the memory
3121 I/O index to access the ide. */
3122 int pmac_ide_init (BlockDriverState **hd_table, qemu_irq irq)
3123 {
3124 IDEState *ide_if;
3125 int pmac_ide_memory;
3126
3127 ide_if = qemu_mallocz(sizeof(IDEState) * 2);
3128 ide_init2(&ide_if[0], hd_table[0], hd_table[1], irq);
3129
3130 pmac_ide_memory = cpu_register_io_memory(0, pmac_ide_read,
3131 pmac_ide_write, &ide_if[0]);
3132 return pmac_ide_memory;
3133 }
3134
3135 /***********************************************************/
3136 /* CF-ATA Microdrive */
3137
3138 #define METADATA_SIZE 0x20
3139
3140 /* DSCM-1XXXX Microdrive hard disk with CF+ II / PCMCIA interface. */
3141 struct md_s {
3142 IDEState ide[2];
3143 struct pcmcia_card_s card;
3144 uint32_t attr_base;
3145 uint32_t io_base;
3146
3147 /* Card state */
3148 uint8_t opt;
3149 uint8_t stat;
3150 uint8_t pins;
3151
3152 uint8_t ctrl;
3153 uint16_t io;
3154 int cycle;
3155 };
3156
3157 /* Register bitfields */
3158 enum md_opt {
3159 OPT_MODE_MMAP = 0,
3160 OPT_MODE_IOMAP16 = 1,
3161 OPT_MODE_IOMAP1 = 2,
3162 OPT_MODE_IOMAP2 = 3,
3163 OPT_MODE = 0x3f,
3164 OPT_LEVIREQ = 0x40,
3165 OPT_SRESET = 0x80,
3166 };
3167 enum md_cstat {
3168 STAT_INT = 0x02,
3169 STAT_PWRDWN = 0x04,
3170 STAT_XE = 0x10,
3171 STAT_IOIS8 = 0x20,
3172 STAT_SIGCHG = 0x40,
3173 STAT_CHANGED = 0x80,
3174 };
3175 enum md_pins {
3176 PINS_MRDY = 0x02,
3177 PINS_CRDY = 0x20,
3178 };
3179 enum md_ctrl {
3180 CTRL_IEN = 0x02,
3181 CTRL_SRST = 0x04,
3182 };
3183
3184 static inline void md_interrupt_update(struct md_s *s)
3185 {
3186 if (!s->card.slot)
3187 return;
3188
3189 qemu_set_irq(s->card.slot->irq,
3190 !(s->stat & STAT_INT) && /* Inverted */
3191 !(s->ctrl & (CTRL_IEN | CTRL_SRST)) &&
3192 !(s->opt & OPT_SRESET));
3193 }
3194
3195 static void md_set_irq(void *opaque, int irq, int level)
3196 {
3197 struct md_s *s = (struct md_s *) opaque;
3198 if (level)
3199 s->stat |= STAT_INT;
3200 else
3201 s->stat &= ~STAT_INT;
3202
3203 md_interrupt_update(s);
3204 }
3205
3206 static void md_reset(struct md_s *s)
3207 {
3208 s->opt = OPT_MODE_MMAP;
3209 s->stat = 0;
3210 s->pins = 0;
3211 s->cycle = 0;
3212 s->ctrl = 0;
3213 ide_reset(s->ide);
3214 }
3215
3216 static uint8_t md_attr_read(void *opaque, uint32_t at)
3217 {
3218 struct md_s *s = (struct md_s *) opaque;
3219 if (at < s->attr_base) {
3220 if (at < s->card.cis_len)
3221 return s->card.cis[at];
3222 else
3223 return 0x00;
3224 }
3225
3226 at -= s->attr_base;
3227
3228 switch (at) {
3229 case 0x00: /* Configuration Option Register */
3230 return s->opt;
3231 case 0x02: /* Card Configuration Status Register */
3232 if (s->ctrl & CTRL_IEN)
3233 return s->stat & ~STAT_INT;
3234 else
3235 return s->stat;
3236 case 0x04: /* Pin Replacement Register */
3237 return (s->pins & PINS_CRDY) | 0x0c;
3238 case 0x06: /* Socket and Copy Register */
3239 return 0x00;
3240 #ifdef VERBOSE
3241 default:
3242 printf("%s: Bad attribute space register %02x\n", __FUNCTION__, at);
3243 #endif
3244 }
3245
3246 return 0;
3247 }
3248
3249 static void md_attr_write(void *opaque, uint32_t at, uint8_t value)
3250 {
3251 struct md_s *s = (struct md_s *) opaque;
3252 at -= s->attr_base;
3253
3254 switch (at) {
3255 case 0x00: /* Configuration Option Register */
3256 s->opt = value & 0xcf;
3257 if (value & OPT_SRESET)
3258 md_reset(s);
3259 md_interrupt_update(s);
3260 break;
3261 case 0x02: /* Card Configuration Status Register */
3262 if ((s->stat ^ value) & STAT_PWRDWN)
3263 s->pins |= PINS_CRDY;
3264 s->stat &= 0x82;
3265 s->stat |= value & 0x74;
3266 md_interrupt_update(s);
3267 /* Word 170 in Identify Device must be equal to STAT_XE */
3268 break;
3269 case 0x04: /* Pin Replacement Register */
3270 s->pins &= PINS_CRDY;
3271 s->pins |= value & PINS_MRDY;
3272 break;
3273 case 0x06: /* Socket and Copy Register */
3274 break;
3275 default:
3276 printf("%s: Bad attribute space register %02x\n", __FUNCTION__, at);
3277 }
3278 }
3279
3280 static uint16_t md_common_read(void *opaque, uint32_t at)
3281 {
3282 struct md_s *s = (struct md_s *) opaque;
3283 uint16_t ret;
3284 at -= s->io_base;
3285
3286 switch (s->opt & OPT_MODE) {
3287 case OPT_MODE_MMAP:
3288 if ((at & ~0x3ff) == 0x400)
3289 at = 0;
3290 break;
3291 case OPT_MODE_IOMAP16:
3292 at &= 0xf;
3293 break;
3294 case OPT_MODE_IOMAP1:
3295 if ((at & ~0xf) == 0x3f0)
3296 at -= 0x3e8;
3297 else if ((at & ~0xf) == 0x1f0)
3298 at -= 0x1f0;
3299 break;
3300 case OPT_MODE_IOMAP2:
3301 if ((at & ~0xf) == 0x370)
3302 at -= 0x368;
3303 else if ((at & ~0xf) == 0x170)
3304 at -= 0x170;
3305 }
3306
3307 switch (at) {
3308 case 0x0: /* Even RD Data */
3309 case 0x8:
3310 return ide_data_readw(s->ide, 0);
3311
3312 /* TODO: 8-bit accesses */
3313 if (s->cycle)
3314 ret = s->io >> 8;
3315 else {
3316 s->io = ide_data_readw(s->ide, 0);
3317 ret = s->io & 0xff;
3318 }
3319 s->cycle = !s->cycle;
3320 return ret;
3321 case 0x9: /* Odd RD Data */
3322 return s->io >> 8;
3323 case 0xd: /* Error */
3324 return ide_ioport_read(s->ide, 0x1);
3325 case 0xe: /* Alternate Status */
3326 if (s->ide->cur_drive->bs)
3327 return s->ide->cur_drive->status;
3328 else
3329 return 0;
3330 case 0xf: /* Device Address */
3331 return 0xc2 | ((~s->ide->select << 2) & 0x3c);
3332 default:
3333 return ide_ioport_read(s->ide, at);
3334 }
3335
3336 return 0;
3337 }
3338
3339 static void md_common_write(void *opaque, uint32_t at, uint16_t value)
3340 {
3341 struct md_s *s = (struct md_s *) opaque;
3342 at -= s->io_base;
3343
3344 switch (s->opt & OPT_MODE) {
3345 case OPT_MODE_MMAP:
3346 if ((at & ~0x3ff) == 0x400)
3347 at = 0;
3348 break;
3349 case OPT_MODE_IOMAP16:
3350 at &= 0xf;
3351 break;
3352 case OPT_MODE_IOMAP1:
3353 if ((at & ~0xf) == 0x3f0)
3354 at -= 0x3e8;
3355 else if ((at & ~0xf) == 0x1f0)
3356 at -= 0x1f0;
3357 break;
3358 case OPT_MODE_IOMAP2:
3359 if ((at & ~0xf) == 0x370)
3360 at -= 0x368;
3361 else if ((at & ~0xf) == 0x170)
3362 at -= 0x170;
3363 }
3364
3365 switch (at) {
3366 case 0x0: /* Even WR Data */
3367 case 0x8:
3368 ide_data_writew(s->ide, 0, value);
3369 break;
3370
3371 /* TODO: 8-bit accesses */
3372 if (s->cycle)
3373 ide_data_writew(s->ide, 0, s->io | (value << 8));
3374 else
3375 s->io = value & 0xff;
3376 s->cycle = !s->cycle;
3377 break;
3378 case 0x9:
3379 s->io = value & 0xff;
3380 s->cycle = !s->cycle;
3381 break;
3382 case 0xd: /* Features */
3383 ide_ioport_write(s->ide, 0x1, value);
3384 break;
3385 case 0xe: /* Device Control */
3386 s->ctrl = value;
3387 if (value & CTRL_SRST)
3388 md_reset(s);
3389 md_interrupt_update(s);
3390 break;
3391 default:
3392 if (s->stat & STAT_PWRDWN) {
3393 s->pins |= PINS_CRDY;
3394 s->stat &= ~STAT_PWRDWN;
3395 }
3396 ide_ioport_write(s->ide, at, value);
3397 }
3398 }
3399
3400 static void md_save(QEMUFile *f, void *opaque)
3401 {
3402 struct md_s *s = (struct md_s *) opaque;
3403 int i;
3404 uint8_t drive1_selected;
3405
3406 qemu_put_8s(f, &s->opt);
3407 qemu_put_8s(f, &s->stat);
3408 qemu_put_8s(f, &s->pins);
3409
3410 qemu_put_8s(f, &s->ctrl);
3411 qemu_put_be16s(f, &s->io);
3412 qemu_put_byte(f, s->cycle);
3413
3414 drive1_selected = (s->ide->cur_drive != s->ide);
3415 qemu_put_8s(f, &s->ide->cmd);
3416 qemu_put_8s(f, &drive1_selected);
3417
3418 for (i = 0; i < 2; i ++)
3419 ide_save(f, &s->ide[i]);
3420 }
3421
3422 static int md_load(QEMUFile *f, void *opaque, int version_id)
3423 {
3424 struct md_s *s = (struct md_s *) opaque;
3425 int i;
3426 uint8_t drive1_selected;
3427
3428 qemu_get_8s(f, &s->opt);
3429 qemu_get_8s(f, &s->stat);
3430 qemu_get_8s(f, &s->pins);
3431
3432 qemu_get_8s(f, &s->ctrl);
3433 qemu_get_be16s(f, &s->io);
3434 s->cycle = qemu_get_byte(f);
3435
3436 qemu_get_8s(f, &s->ide->cmd);
3437 qemu_get_8s(f, &drive1_selected);
3438 s->ide->cur_drive = &s->ide[(drive1_selected != 0)];
3439
3440 for (i = 0; i < 2; i ++)
3441 ide_load(f, &s->ide[i]);
3442
3443 return 0;
3444 }
3445
3446 static int md_iid = 0;
3447
3448 static const uint8_t dscm1xxxx_cis[0x14a] = {
3449 [0x000] = CISTPL_DEVICE, /* 5V Device Information */
3450 [0x002] = 0x03, /* Tuple length = 4 bytes */
3451 [0x004] = 0xdb, /* ID: DTYPE_FUNCSPEC, non WP, DSPEED_150NS */
3452 [0x006] = 0x01, /* Size = 2K bytes */
3453 [0x008] = CISTPL_ENDMARK,
3454
3455 [0x00a] = CISTPL_DEVICE_OC, /* Additional Device Information */
3456 [0x00c] = 0x04, /* Tuple length = 4 byest */
3457 [0x00e] = 0x03, /* Conditions: Ext = 0, Vcc 3.3V, MWAIT = 1 */
3458 [0x010] = 0xdb, /* ID: DTYPE_FUNCSPEC, non WP, DSPEED_150NS */
3459 [0x012] = 0x01, /* Size = 2K bytes */
3460 [0x014] = CISTPL_ENDMARK,
3461
3462 [0x016] = CISTPL_JEDEC_C, /* JEDEC ID */
3463 [0x018] = 0x02, /* Tuple length = 2 bytes */
3464 [0x01a] = 0xdf, /* PC Card ATA with no Vpp required */
3465 [0x01c] = 0x01,
3466
3467 [0x01e] = CISTPL_MANFID, /* Manufacture ID */
3468 [0x020] = 0x04, /* Tuple length = 4 bytes */
3469 [0x022] = 0xa4, /* TPLMID_MANF = 00a4 (IBM) */
3470 [0x024] = 0x00,
3471 [0x026] = 0x00, /* PLMID_CARD = 0000 */
3472 [0x028] = 0x00,
3473
3474 [0x02a] = CISTPL_VERS_1, /* Level 1 Version */
3475 [0x02c] = 0x12, /* Tuple length = 23 bytes */
3476 [0x02e] = 0x04, /* Major Version = JEIDA 4.2 / PCMCIA 2.1 */
3477 [0x030] = 0x01, /* Minor Version = 1 */
3478 [0x032] = 'I',
3479 [0x034] = 'B',
3480 [0x036] = 'M',
3481 [0x038] = 0x00,
3482 [0x03a] = 'm',
3483 [0x03c] = 'i',
3484 [0x03e] = 'c',
3485 [0x040] = 'r',
3486 [0x042] = 'o',
3487 [0x044] = 'd',
3488 [0x046] = 'r',
3489 [0x048] = 'i',
3490 [0x04a] = 'v',
3491 [0x04c] = 'e',
3492 [0x04e] = 0x00,
3493 [0x050] = CISTPL_ENDMARK,
3494
3495 [0x052] = CISTPL_FUNCID, /* Function ID */
3496 [0x054] = 0x02, /* Tuple length = 2 bytes */
3497 [0x056] = 0x04, /* TPLFID_FUNCTION = Fixed Disk */
3498 [0x058] = 0x01, /* TPLFID_SYSINIT: POST = 1, ROM = 0 */
3499
3500 [0x05a] = CISTPL_FUNCE, /* Function Extension */
3501 [0x05c] = 0x02, /* Tuple length = 2 bytes */
3502 [0x05e] = 0x01, /* TPLFE_TYPE = Disk Device Interface */
3503 [0x060] = 0x01, /* TPLFE_DATA = PC Card ATA Interface */
3504
3505 [0x062] = CISTPL_FUNCE, /* Function Extension */
3506 [0x064] = 0x03, /* Tuple length = 3 bytes */
3507 [0x066] = 0x02, /* TPLFE_TYPE = Basic PC Card ATA Interface */
3508 [0x068] = 0x08, /* TPLFE_DATA: Rotating, Unique, Single */
3509 [0x06a] = 0x0f, /* TPLFE_DATA: Sleep, Standby, Idle, Auto */
3510
3511 [0x06c] = CISTPL_CONFIG, /* Configuration */
3512 [0x06e] = 0x05, /* Tuple length = 5 bytes */
3513 [0x070] = 0x01, /* TPCC_RASZ = 2 bytes, TPCC_RMSZ = 1 byte */
3514 [0x072] = 0x07, /* TPCC_LAST = 7 */
3515 [0x074] = 0x00, /* TPCC_RADR = 0200 */
3516 [0x076] = 0x02,
3517 [0x078] = 0x0f, /* TPCC_RMSK = 200, 202, 204, 206 */
3518
3519 [0x07a] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
3520 [0x07c] = 0x0b, /* Tuple length = 11 bytes */
3521 [0x07e] = 0xc0, /* TPCE_INDX = Memory Mode, Default, Iface */
3522 [0x080] = 0xc0, /* TPCE_IF = Memory, no BVDs, no WP, READY */
3523 [0x082] = 0xa1, /* TPCE_FS = Vcc only, no I/O, Memory, Misc */
3524 [0x084] = 0x27, /* NomV = 1, MinV = 1, MaxV = 1, Peakl = 1 */
3525 [0x086] = 0x55, /* NomV: 5.0 V */
3526 [0x088] = 0x4d, /* MinV: 4.5 V */
3527 [0x08a] = 0x5d, /* MaxV: 5.5 V */
3528 [0x08c] = 0x4e, /* Peakl: 450 mA */
3529 [0x08e] = 0x08, /* TPCE_MS = 1 window, 1 byte, Host address */
3530 [0x090] = 0x00, /* Window descriptor: Window length = 0 */
3531 [0x092] = 0x20, /* TPCE_MI: support power down mode, RW */
3532
3533 [0x094] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
3534 [0x096] = 0x06, /* Tuple length = 6 bytes */
3535 [0x098] = 0x00, /* TPCE_INDX = Memory Mode, no Default */
3536 [0x09a] = 0x01, /* TPCE_FS = Vcc only, no I/O, no Memory */
3537 [0x09c] = 0x21, /* NomV = 1, MinV = 0, MaxV = 0, Peakl = 1 */
3538 [0x09e] = 0xb5, /* NomV: 3.3 V */
3539 [0x0a0] = 0x1e,
3540 [0x0a2] = 0x3e, /* Peakl: 350 mA */
3541
3542 [0x0a4] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
3543 [0x0a6] = 0x0d, /* Tuple length = 13 bytes */
3544 [0x0a8] = 0xc1, /* TPCE_INDX = I/O and Memory Mode, Default */
3545 [0x0aa] = 0x41, /* TPCE_IF = I/O and Memory, no BVD, no WP */
3546 [0x0ac] = 0x99, /* TPCE_FS = Vcc only, I/O, Interrupt, Misc */
3547 [0x0ae] = 0x27, /* NomV = 1, MinV = 1, MaxV = 1, Peakl = 1 */
3548 [0x0b0] = 0x55, /* NomV: 5.0 V */
3549 [0x0b2] = 0x4d, /* MinV: 4.5 V */
3550 [0x0b4] = 0x5d, /* MaxV: 5.5 V */
3551 [0x0b6] = 0x4e, /* Peakl: 450 mA */
3552 [0x0b8] = 0x64, /* TPCE_IO = 16-byte boundary, 16/8 accesses */
3553 [0x0ba] = 0xf0, /* TPCE_IR = MASK, Level, Pulse, Share */
3554 [0x0bc] = 0xff, /* IRQ0..IRQ7 supported */
3555 [0x0be] = 0xff, /* IRQ8..IRQ15 supported */
3556 [0x0c0] = 0x20, /* TPCE_MI = support power down mode */
3557
3558 [0x0c2] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
3559 [0x0c4] = 0x06, /* Tuple length = 6 bytes */
3560 [0x0c6] = 0x01, /* TPCE_INDX = I/O and Memory Mode */
3561 [0x0c8] = 0x01, /* TPCE_FS = Vcc only, no I/O, no Memory */
3562 [0x0ca] = 0x21, /* NomV = 1, MinV = 0, MaxV = 0, Peakl = 1 */
3563 [0x0cc] = 0xb5, /* NomV: 3.3 V */
3564 [0x0ce] = 0x1e,
3565 [0x0d0] = 0x3e, /* Peakl: 350 mA */
3566
3567 [0x0d2] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
3568 [0x0d4] = 0x12, /* Tuple length = 18 bytes */
3569 [0x0d6] = 0xc2, /* TPCE_INDX = I/O Primary Mode */
3570 [0x0d8] = 0x41, /* TPCE_IF = I/O and Memory, no BVD, no WP */
3571 [0x0da] = 0x99, /* TPCE_FS = Vcc only, I/O, Interrupt, Misc */
3572 [0x0dc] = 0x27, /* NomV = 1, MinV = 1, MaxV = 1, Peakl = 1 */
3573 [0x0de] = 0x55, /* NomV: 5.0 V */
3574 [0x0e0] = 0x4d, /* MinV: 4.5 V */
3575 [0x0e2] = 0x5d, /* MaxV: 5.5 V */
3576 [0x0e4] = 0x4e, /* Peakl: 450 mA */
3577 [0x0e6] = 0xea, /* TPCE_IO = 1K boundary, 16/8 access, Range */
3578 [0x0e8] = 0x61, /* Range: 2 fields, 2 bytes addr, 1 byte len */
3579 [0x0ea] = 0xf0, /* Field 1 address = 0x01f0 */
3580 [0x0ec] = 0x01,
3581 [0x0ee] = 0x07, /* Address block length = 8 */
3582 [0x0f0] = 0xf6, /* Field 2 address = 0x03f6 */
3583 [0x0f2] = 0x03,
3584 [0x0f4] = 0x01, /* Address block length = 2 */
3585 [0x0f6] = 0xee, /* TPCE_IR = IRQ E, Level, Pulse, Share */
3586 [0x0f8] = 0x20, /* TPCE_MI = support power down mode */
3587
3588 [0x0fa] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
3589 [0x0fc] = 0x06, /* Tuple length = 6 bytes */
3590 [0x0fe] = 0x02, /* TPCE_INDX = I/O Primary Mode, no Default */
3591 [0x100] = 0x01, /* TPCE_FS = Vcc only, no I/O, no Memory */
3592 [0x102] = 0x21, /* NomV = 1, MinV = 0, MaxV = 0, Peakl = 1 */
3593 [0x104] = 0xb5, /* NomV: 3.3 V */
3594 [0x106] = 0x1e,
3595 [0x108] = 0x3e, /* Peakl: 350 mA */
3596
3597 [0x10a] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
3598 [0x10c] = 0x12, /* Tuple length = 18 bytes */
3599 [0x10e] = 0xc3, /* TPCE_INDX = I/O Secondary Mode, Default */
3600 [0x110] = 0x41, /* TPCE_IF = I/O and Memory, no BVD, no WP */
3601 [0x112] = 0x99, /* TPCE_FS = Vcc only, I/O, Interrupt, Misc */
3602 [0x114] = 0x27, /* NomV = 1, MinV = 1, MaxV = 1, Peakl = 1 */
3603 [0x116] = 0x55, /* NomV: 5.0 V */
3604 [0x118] = 0x4d, /* MinV: 4.5 V */
3605 [0x11a] = 0x5d, /* MaxV: 5.5 V */
3606 [0x11c] = 0x4e, /* Peakl: 450 mA */
3607 [0x11e] = 0xea, /* TPCE_IO = 1K boundary, 16/8 access, Range */
3608 [0x120] = 0x61, /* Range: 2 fields, 2 byte addr, 1 byte len */
3609 [0x122] = 0x70, /* Field 1 address = 0x0170 */
3610 [0x124] = 0x01,
3611 [0x126] = 0x07, /* Address block length = 8 */
3612 [0x128] = 0x76, /* Field 2 address = 0x0376 */
3613 [0x12a] = 0x03,
3614 [0x12c] = 0x01, /* Address block length = 2 */
3615 [0x12e] = 0xee, /* TPCE_IR = IRQ E, Level, Pulse, Share */
3616 [0x130] = 0x20, /* TPCE_MI = support power down mode */
3617
3618 [0x132] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
3619 [0x134] = 0x06, /* Tuple length = 6 bytes */
3620 [0x136] = 0x03, /* TPCE_INDX = I/O Secondary Mode */
3621 [0x138] = 0x01, /* TPCE_FS = Vcc only, no I/O, no Memory */
3622 [0x13a] = 0x21, /* NomV = 1, MinV = 0, MaxV = 0, Peakl = 1 */
3623 [0x13c] = 0xb5, /* NomV: 3.3 V */
3624 [0x13e] = 0x1e,
3625 [0x140] = 0x3e, /* Peakl: 350 mA */
3626
3627 [0x142] = CISTPL_NO_LINK, /* No Link */
3628 [0x144] = 0x00, /* Tuple length = 0 bytes */
3629
3630 [0x146] = CISTPL_END, /* Tuple End */
3631 };
3632
3633 static int dscm1xxxx_attach(void *opaque)
3634 {
3635 struct md_s *md = (struct md_s *) opaque;
3636 md->card.attr_read = md_attr_read;
3637 md->card.attr_write = md_attr_write;
3638 md->card.common_read = md_common_read;
3639 md->card.common_write = md_common_write;
3640 md->card.io_read = md_common_read;
3641 md->card.io_write = md_common_write;
3642
3643 md->attr_base = md->card.cis[0x74] | (md->card.cis[0x76] << 8);
3644 md->io_base = 0x0;
3645
3646 md_reset(md);
3647 md_interrupt_update(md);
3648
3649 md->card.slot->card_string = "DSCM-1xxxx Hitachi Microdrive";
3650 return 0;
3651 }
3652
3653 static int dscm1xxxx_detach(void *opaque)
3654 {
3655 struct md_s *md = (struct md_s *) opaque;
3656 md_reset(md);
3657 return 0;
3658 }
3659
3660 struct pcmcia_card_s *dscm1xxxx_init(BlockDriverState *bdrv)
3661 {
3662 struct md_s *md = (struct md_s *) qemu_mallocz(sizeof(struct md_s));
3663 md->card.state = md;
3664 md->card.attach = dscm1xxxx_attach;
3665 md->card.detach = dscm1xxxx_detach;
3666 md->card.cis = dscm1xxxx_cis;
3667 md->card.cis_len = sizeof(dscm1xxxx_cis);
3668
3669 ide_init2(md->ide, bdrv, 0, qemu_allocate_irqs(md_set_irq, md, 1)[0]);
3670 md->ide->is_cf = 1;
3671 md->ide->mdata_size = METADATA_SIZE;
3672 md->ide->mdata_storage = (uint8_t *) qemu_mallocz(METADATA_SIZE);
3673
3674 register_savevm("microdrive", md_iid ++, 0, md_save, md_load, md);
3675
3676 return &md->card;
3677 }
Patches shipped by Fedora