search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Convert IDE to use new dma helpers (Avi Kivity)
[qemu.git] / hw / ide.c
blob1db0bcdf58435dcc2bb2adfd9d100d529f184f2e
1 /*
2 * QEMU IDE disk and CD/DVD-ROM Emulator
3 *
4 * Copyright (c) 2003 Fabrice Bellard
5 * Copyright (c) 2006 Openedhand Ltd.
6 *
7 * Permission is hereby granted, free of charge, to any person obtaining a copy
8 * of this software and associated documentation files (the "Software"), to deal
9 * in the Software without restriction, including without limitation the rights
10 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
11 * copies of the Software, and to permit persons to whom the Software is
12 * furnished to do so, subject to the following conditions:
13 *
14 * The above copyright notice and this permission notice shall be included in
15 * all copies or substantial portions of the Software.
16 *
17 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
18 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
19 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
20 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
21 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
22 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
23 * THE SOFTWARE.
24 */
25 #include "hw.h"
26 #include "pc.h"
27 #include "pci.h"
28 #include "scsi-disk.h"
29 #include "pcmcia.h"
30 #include "block.h"
31 #include "qemu-timer.h"
32 #include "sysemu.h"
33 #include "ppc_mac.h"
34 #include "mac_dbdma.h"
35 #include "sh.h"
36 #include "dma.h"
37
38 /* debug IDE devices */
39 //#define DEBUG_IDE
40 //#define DEBUG_IDE_ATAPI
41 //#define DEBUG_AIO
42 #define USE_DMA_CDROM
43
44 /* Bits of HD_STATUS */
45 #define ERR_STAT 0x01
46 #define INDEX_STAT 0x02
47 #define ECC_STAT 0x04 /* Corrected error */
48 #define DRQ_STAT 0x08
49 #define SEEK_STAT 0x10
50 #define SRV_STAT 0x10
51 #define WRERR_STAT 0x20
52 #define READY_STAT 0x40
53 #define BUSY_STAT 0x80
54
55 /* Bits for HD_ERROR */
56 #define MARK_ERR 0x01 /* Bad address mark */
57 #define TRK0_ERR 0x02 /* couldn't find track 0 */
58 #define ABRT_ERR 0x04 /* Command aborted */
59 #define MCR_ERR 0x08 /* media change request */
60 #define ID_ERR 0x10 /* ID field not found */
61 #define MC_ERR 0x20 /* media changed */
62 #define ECC_ERR 0x40 /* Uncorrectable ECC error */
63 #define BBD_ERR 0x80 /* pre-EIDE meaning: block marked bad */
64 #define ICRC_ERR 0x80 /* new meaning: CRC error during transfer */
65
66 /* Bits of HD_NSECTOR */
67 #define CD 0x01
68 #define IO 0x02
69 #define REL 0x04
70 #define TAG_MASK 0xf8
71
72 #define IDE_CMD_RESET 0x04
73 #define IDE_CMD_DISABLE_IRQ 0x02
74
75 /* ATA/ATAPI Commands pre T13 Spec */
76 #define WIN_NOP 0x00
77 /*
78 * 0x01->0x02 Reserved
79 */
80 #define CFA_REQ_EXT_ERROR_CODE 0x03 /* CFA Request Extended Error Code */
81 /*
82 * 0x04->0x07 Reserved
83 */
84 #define WIN_SRST 0x08 /* ATAPI soft reset command */
85 #define WIN_DEVICE_RESET 0x08
86 /*
87 * 0x09->0x0F Reserved
88 */
89 #define WIN_RECAL 0x10
90 #define WIN_RESTORE WIN_RECAL
91 /*
92 * 0x10->0x1F Reserved
93 */
94 #define WIN_READ 0x20 /* 28-Bit */
95 #define WIN_READ_ONCE 0x21 /* 28-Bit without retries */
96 #define WIN_READ_LONG 0x22 /* 28-Bit */
97 #define WIN_READ_LONG_ONCE 0x23 /* 28-Bit without retries */
98 #define WIN_READ_EXT 0x24 /* 48-Bit */
99 #define WIN_READDMA_EXT 0x25 /* 48-Bit */
100 #define WIN_READDMA_QUEUED_EXT 0x26 /* 48-Bit */
101 #define WIN_READ_NATIVE_MAX_EXT 0x27 /* 48-Bit */
102 /*
103 * 0x28
104 */
105 #define WIN_MULTREAD_EXT 0x29 /* 48-Bit */
106 /*
107 * 0x2A->0x2F Reserved
108 */
109 #define WIN_WRITE 0x30 /* 28-Bit */
110 #define WIN_WRITE_ONCE 0x31 /* 28-Bit without retries */
111 #define WIN_WRITE_LONG 0x32 /* 28-Bit */
112 #define WIN_WRITE_LONG_ONCE 0x33 /* 28-Bit without retries */
113 #define WIN_WRITE_EXT 0x34 /* 48-Bit */
114 #define WIN_WRITEDMA_EXT 0x35 /* 48-Bit */
115 #define WIN_WRITEDMA_QUEUED_EXT 0x36 /* 48-Bit */
116 #define WIN_SET_MAX_EXT 0x37 /* 48-Bit */
117 #define CFA_WRITE_SECT_WO_ERASE 0x38 /* CFA Write Sectors without erase */
118 #define WIN_MULTWRITE_EXT 0x39 /* 48-Bit */
119 /*
120 * 0x3A->0x3B Reserved
121 */
122 #define WIN_WRITE_VERIFY 0x3C /* 28-Bit */
123 /*
124 * 0x3D->0x3F Reserved
125 */
126 #define WIN_VERIFY 0x40 /* 28-Bit - Read Verify Sectors */
127 #define WIN_VERIFY_ONCE 0x41 /* 28-Bit - without retries */
128 #define WIN_VERIFY_EXT 0x42 /* 48-Bit */
129 /*
130 * 0x43->0x4F Reserved
131 */
132 #define WIN_FORMAT 0x50
133 /*
134 * 0x51->0x5F Reserved
135 */
136 #define WIN_INIT 0x60
137 /*
138 * 0x61->0x5F Reserved
139 */
140 #define WIN_SEEK 0x70 /* 0x70-0x7F Reserved */
141 #define CFA_TRANSLATE_SECTOR 0x87 /* CFA Translate Sector */
142 #define WIN_DIAGNOSE 0x90
143 #define WIN_SPECIFY 0x91 /* set drive geometry translation */
144 #define WIN_DOWNLOAD_MICROCODE 0x92
145 #define WIN_STANDBYNOW2 0x94
146 #define CFA_IDLEIMMEDIATE 0x95 /* force drive to become "ready" */
147 #define WIN_STANDBY2 0x96
148 #define WIN_SETIDLE2 0x97
149 #define WIN_CHECKPOWERMODE2 0x98
150 #define WIN_SLEEPNOW2 0x99
151 /*
152 * 0x9A VENDOR
153 */
154 #define WIN_PACKETCMD 0xA0 /* Send a packet command. */
155 #define WIN_PIDENTIFY 0xA1 /* identify ATAPI device */
156 #define WIN_QUEUED_SERVICE 0xA2
157 #define WIN_SMART 0xB0 /* self-monitoring and reporting */
158 #define CFA_ACCESS_METADATA_STORAGE 0xB8
159 #define CFA_ERASE_SECTORS 0xC0 /* microdrives implement as NOP */
160 #define WIN_MULTREAD 0xC4 /* read sectors using multiple mode*/
161 #define WIN_MULTWRITE 0xC5 /* write sectors using multiple mode */
162 #define WIN_SETMULT 0xC6 /* enable/disable multiple mode */
163 #define WIN_READDMA_QUEUED 0xC7 /* read sectors using Queued DMA transfers */
164 #define WIN_READDMA 0xC8 /* read sectors using DMA transfers */
165 #define WIN_READDMA_ONCE 0xC9 /* 28-Bit - without retries */
166 #define WIN_WRITEDMA 0xCA /* write sectors using DMA transfers */
167 #define WIN_WRITEDMA_ONCE 0xCB /* 28-Bit - without retries */
168 #define WIN_WRITEDMA_QUEUED 0xCC /* write sectors using Queued DMA transfers */
169 #define CFA_WRITE_MULTI_WO_ERASE 0xCD /* CFA Write multiple without erase */
170 #define WIN_GETMEDIASTATUS 0xDA
171 #define WIN_ACKMEDIACHANGE 0xDB /* ATA-1, ATA-2 vendor */
172 #define WIN_POSTBOOT 0xDC
173 #define WIN_PREBOOT 0xDD
174 #define WIN_DOORLOCK 0xDE /* lock door on removable drives */
175 #define WIN_DOORUNLOCK 0xDF /* unlock door on removable drives */
176 #define WIN_STANDBYNOW1 0xE0
177 #define WIN_IDLEIMMEDIATE 0xE1 /* force drive to become "ready" */
178 #define WIN_STANDBY 0xE2 /* Set device in Standby Mode */
179 #define WIN_SETIDLE1 0xE3
180 #define WIN_READ_BUFFER 0xE4 /* force read only 1 sector */
181 #define WIN_CHECKPOWERMODE1 0xE5
182 #define WIN_SLEEPNOW1 0xE6
183 #define WIN_FLUSH_CACHE 0xE7
184 #define WIN_WRITE_BUFFER 0xE8 /* force write only 1 sector */
185 #define WIN_WRITE_SAME 0xE9 /* read ata-2 to use */
186 /* SET_FEATURES 0x22 or 0xDD */
187 #define WIN_FLUSH_CACHE_EXT 0xEA /* 48-Bit */
188 #define WIN_IDENTIFY 0xEC /* ask drive to identify itself */
189 #define WIN_MEDIAEJECT 0xED
190 #define WIN_IDENTIFY_DMA 0xEE /* same as WIN_IDENTIFY, but DMA */
191 #define WIN_SETFEATURES 0xEF /* set special drive features */
192 #define EXABYTE_ENABLE_NEST 0xF0
193 #define IBM_SENSE_CONDITION 0xF0 /* measure disk temperature */
194 #define WIN_SECURITY_SET_PASS 0xF1
195 #define WIN_SECURITY_UNLOCK 0xF2
196 #define WIN_SECURITY_ERASE_PREPARE 0xF3
197 #define WIN_SECURITY_ERASE_UNIT 0xF4
198 #define WIN_SECURITY_FREEZE_LOCK 0xF5
199 #define CFA_WEAR_LEVEL 0xF5 /* microdrives implement as NOP */
200 #define WIN_SECURITY_DISABLE 0xF6
201 #define WIN_READ_NATIVE_MAX 0xF8 /* return the native maximum address */
202 #define WIN_SET_MAX 0xF9
203 #define DISABLE_SEAGATE 0xFB
204
205 /* set to 1 set disable mult support */
206 #define MAX_MULT_SECTORS 16
207
208 #define IDE_DMA_BUF_SECTORS 256
209
210 #if (IDE_DMA_BUF_SECTORS < MAX_MULT_SECTORS)
211 #error "IDE_DMA_BUF_SECTORS must be bigger or equal to MAX_MULT_SECTORS"
212 #endif
213
214 /* ATAPI defines */
215
216 #define ATAPI_PACKET_SIZE 12
217
218 /* The generic packet command opcodes for CD/DVD Logical Units,
219 * From Table 57 of the SFF8090 Ver. 3 (Mt. Fuji) draft standard. */
220 #define GPCMD_BLANK 0xa1
221 #define GPCMD_CLOSE_TRACK 0x5b
222 #define GPCMD_FLUSH_CACHE 0x35
223 #define GPCMD_FORMAT_UNIT 0x04
224 #define GPCMD_GET_CONFIGURATION 0x46
225 #define GPCMD_GET_EVENT_STATUS_NOTIFICATION 0x4a
226 #define GPCMD_GET_PERFORMANCE 0xac
227 #define GPCMD_INQUIRY 0x12
228 #define GPCMD_LOAD_UNLOAD 0xa6
229 #define GPCMD_MECHANISM_STATUS 0xbd
230 #define GPCMD_MODE_SELECT_10 0x55
231 #define GPCMD_MODE_SENSE_10 0x5a
232 #define GPCMD_PAUSE_RESUME 0x4b
233 #define GPCMD_PLAY_AUDIO_10 0x45
234 #define GPCMD_PLAY_AUDIO_MSF 0x47
235 #define GPCMD_PLAY_AUDIO_TI 0x48
236 #define GPCMD_PLAY_CD 0xbc
237 #define GPCMD_PREVENT_ALLOW_MEDIUM_REMOVAL 0x1e
238 #define GPCMD_READ_10 0x28
239 #define GPCMD_READ_12 0xa8
240 #define GPCMD_READ_CDVD_CAPACITY 0x25
241 #define GPCMD_READ_CD 0xbe
242 #define GPCMD_READ_CD_MSF 0xb9
243 #define GPCMD_READ_DISC_INFO 0x51
244 #define GPCMD_READ_DVD_STRUCTURE 0xad
245 #define GPCMD_READ_FORMAT_CAPACITIES 0x23
246 #define GPCMD_READ_HEADER 0x44
247 #define GPCMD_READ_TRACK_RZONE_INFO 0x52
248 #define GPCMD_READ_SUBCHANNEL 0x42
249 #define GPCMD_READ_TOC_PMA_ATIP 0x43
250 #define GPCMD_REPAIR_RZONE_TRACK 0x58
251 #define GPCMD_REPORT_KEY 0xa4
252 #define GPCMD_REQUEST_SENSE 0x03
253 #define GPCMD_RESERVE_RZONE_TRACK 0x53
254 #define GPCMD_SCAN 0xba
255 #define GPCMD_SEEK 0x2b
256 #define GPCMD_SEND_DVD_STRUCTURE 0xad
257 #define GPCMD_SEND_EVENT 0xa2
258 #define GPCMD_SEND_KEY 0xa3
259 #define GPCMD_SEND_OPC 0x54
260 #define GPCMD_SET_READ_AHEAD 0xa7
261 #define GPCMD_SET_STREAMING 0xb6
262 #define GPCMD_START_STOP_UNIT 0x1b
263 #define GPCMD_STOP_PLAY_SCAN 0x4e
264 #define GPCMD_TEST_UNIT_READY 0x00
265 #define GPCMD_VERIFY_10 0x2f
266 #define GPCMD_WRITE_10 0x2a
267 #define GPCMD_WRITE_AND_VERIFY_10 0x2e
268 /* This is listed as optional in ATAPI 2.6, but is (curiously)
269 * missing from Mt. Fuji, Table 57. It _is_ mentioned in Mt. Fuji
270 * Table 377 as an MMC command for SCSi devices though... Most ATAPI
271 * drives support it. */
272 #define GPCMD_SET_SPEED 0xbb
273 /* This seems to be a SCSI specific CD-ROM opcode
274 * to play data at track/index */
275 #define GPCMD_PLAYAUDIO_TI 0x48
276 /*
277 * From MS Media Status Notification Support Specification. For
278 * older drives only.
279 */
280 #define GPCMD_GET_MEDIA_STATUS 0xda
281 #define GPCMD_MODE_SENSE_6 0x1a
282
283 /* Mode page codes for mode sense/set */
284 #define GPMODE_R_W_ERROR_PAGE 0x01
285 #define GPMODE_WRITE_PARMS_PAGE 0x05
286 #define GPMODE_AUDIO_CTL_PAGE 0x0e
287 #define GPMODE_POWER_PAGE 0x1a
288 #define GPMODE_FAULT_FAIL_PAGE 0x1c
289 #define GPMODE_TO_PROTECT_PAGE 0x1d
290 #define GPMODE_CAPABILITIES_PAGE 0x2a
291 #define GPMODE_ALL_PAGES 0x3f
292 /* Not in Mt. Fuji, but in ATAPI 2.6 -- depricated now in favor
293 * of MODE_SENSE_POWER_PAGE */
294 #define GPMODE_CDROM_PAGE 0x0d
295
296 /*
297 * Based on values from <linux/cdrom.h> but extending CD_MINS
298 * to the maximum common size allowed by the Orange's Book ATIP
299 *
300 * 90 and 99 min CDs are also available but using them as the
301 * upper limit reduces the effectiveness of the heuristic to
302 * detect DVDs burned to less than 25% of their maximum capacity
303 */
304
305 /* Some generally useful CD-ROM information */
306 #define CD_MINS 80 /* max. minutes per CD */
307 #define CD_SECS 60 /* seconds per minute */
308 #define CD_FRAMES 75 /* frames per second */
309 #define CD_FRAMESIZE 2048 /* bytes per frame, "cooked" mode */
310 #define CD_MAX_BYTES (CD_MINS * CD_SECS * CD_FRAMES * CD_FRAMESIZE)
311 #define CD_MAX_SECTORS (CD_MAX_BYTES / 512)
312
313 /*
314 * The MMC values are not IDE specific and might need to be moved
315 * to a common header if they are also needed for the SCSI emulation
316 */
317
318 /* Profile list from MMC-6 revision 1 table 91 */
319 #define MMC_PROFILE_NONE 0x0000
320 #define MMC_PROFILE_CD_ROM 0x0008
321 #define MMC_PROFILE_CD_R 0x0009
322 #define MMC_PROFILE_CD_RW 0x000A
323 #define MMC_PROFILE_DVD_ROM 0x0010
324 #define MMC_PROFILE_DVD_R_SR 0x0011
325 #define MMC_PROFILE_DVD_RAM 0x0012
326 #define MMC_PROFILE_DVD_RW_RO 0x0013
327 #define MMC_PROFILE_DVD_RW_SR 0x0014
328 #define MMC_PROFILE_DVD_R_DL_SR 0x0015
329 #define MMC_PROFILE_DVD_R_DL_JR 0x0016
330 #define MMC_PROFILE_DVD_RW_DL 0x0017
331 #define MMC_PROFILE_DVD_DDR 0x0018
332 #define MMC_PROFILE_DVD_PLUS_RW 0x001A
333 #define MMC_PROFILE_DVD_PLUS_R 0x001B
334 #define MMC_PROFILE_DVD_PLUS_RW_DL 0x002A
335 #define MMC_PROFILE_DVD_PLUS_R_DL 0x002B
336 #define MMC_PROFILE_BD_ROM 0x0040
337 #define MMC_PROFILE_BD_R_SRM 0x0041
338 #define MMC_PROFILE_BD_R_RRM 0x0042
339 #define MMC_PROFILE_BD_RE 0x0043
340 #define MMC_PROFILE_HDDVD_ROM 0x0050
341 #define MMC_PROFILE_HDDVD_R 0x0051
342 #define MMC_PROFILE_HDDVD_RAM 0x0052
343 #define MMC_PROFILE_HDDVD_RW 0x0053
344 #define MMC_PROFILE_HDDVD_R_DL 0x0058
345 #define MMC_PROFILE_HDDVD_RW_DL 0x005A
346 #define MMC_PROFILE_INVALID 0xFFFF
347
348 #define ATAPI_INT_REASON_CD 0x01 /* 0 = data transfer */
349 #define ATAPI_INT_REASON_IO 0x02 /* 1 = transfer to the host */
350 #define ATAPI_INT_REASON_REL 0x04
351 #define ATAPI_INT_REASON_TAG 0xf8
352
353 /* same constants as bochs */
354 #define ASC_ILLEGAL_OPCODE 0x20
355 #define ASC_LOGICAL_BLOCK_OOR 0x21
356 #define ASC_INV_FIELD_IN_CMD_PACKET 0x24
357 #define ASC_MEDIUM_MAY_HAVE_CHANGED 0x28
358 #define ASC_INCOMPATIBLE_FORMAT 0x30
359 #define ASC_MEDIUM_NOT_PRESENT 0x3a
360 #define ASC_SAVING_PARAMETERS_NOT_SUPPORTED 0x39
361
362 #define CFA_NO_ERROR 0x00
363 #define CFA_MISC_ERROR 0x09
364 #define CFA_INVALID_COMMAND 0x20
365 #define CFA_INVALID_ADDRESS 0x21
366 #define CFA_ADDRESS_OVERFLOW 0x2f
367
368 #define SENSE_NONE 0
369 #define SENSE_NOT_READY 2
370 #define SENSE_ILLEGAL_REQUEST 5
371 #define SENSE_UNIT_ATTENTION 6
372
373 struct IDEState;
374
375 typedef void EndTransferFunc(struct IDEState *);
376
377 /* NOTE: IDEState represents in fact one drive */
378 typedef struct IDEState {
379 /* ide config */
380 int is_cdrom;
381 int is_cf;
382 int cylinders, heads, sectors;
383 int64_t nb_sectors;
384 int mult_sectors;
385 int identify_set;
386 uint16_t identify_data[256];
387 qemu_irq irq;
388 PCIDevice *pci_dev;
389 struct BMDMAState *bmdma;
390 int drive_serial;
391 char drive_serial_str[21];
392 /* ide regs */
393 uint8_t feature;
394 uint8_t error;
395 uint32_t nsector;
396 uint8_t sector;
397 uint8_t lcyl;
398 uint8_t hcyl;
399 /* other part of tf for lba48 support */
400 uint8_t hob_feature;
401 uint8_t hob_nsector;
402 uint8_t hob_sector;
403 uint8_t hob_lcyl;
404 uint8_t hob_hcyl;
405
406 uint8_t select;
407 uint8_t status;
408
409 /* 0x3f6 command, only meaningful for drive 0 */
410 uint8_t cmd;
411 /* set for lba48 access */
412 uint8_t lba48;
413 /* depends on bit 4 in select, only meaningful for drive 0 */
414 struct IDEState *cur_drive;
415 BlockDriverState *bs;
416 /* ATAPI specific */
417 uint8_t sense_key;
418 uint8_t asc;
419 int packet_transfer_size;
420 int elementary_transfer_size;
421 int io_buffer_index;
422 int lba;
423 int cd_sector_size;
424 int atapi_dma; /* true if dma is requested for the packet cmd */
425 /* ATA DMA state */
426 int io_buffer_size;
427 QEMUSGList sg;
428 /* PIO transfer handling */
429 int req_nb_sectors; /* number of sectors per interrupt */
430 EndTransferFunc *end_transfer_func;
431 uint8_t *data_ptr;
432 uint8_t *data_end;
433 uint8_t *io_buffer;
434 QEMUTimer *sector_write_timer; /* only used for win2k install hack */
435 uint32_t irq_count; /* counts IRQs when using win2k install hack */
436 /* CF-ATA extended error */
437 uint8_t ext_error;
438 /* CF-ATA metadata storage */
439 uint32_t mdata_size;
440 uint8_t *mdata_storage;
441 int media_changed;
442 /* for pmac */
443 int is_read;
444 } IDEState;
445
446 /* XXX: DVDs that could fit on a CD will be reported as a CD */
447 static inline int media_present(IDEState *s)
448 {
449 return (s->nb_sectors > 0);
450 }
451
452 static inline int media_is_dvd(IDEState *s)
453 {
454 return (media_present(s) && s->nb_sectors > CD_MAX_SECTORS);
455 }
456
457 static inline int media_is_cd(IDEState *s)
458 {
459 return (media_present(s) && s->nb_sectors <= CD_MAX_SECTORS);
460 }
461
462 #define BM_STATUS_DMAING 0x01
463 #define BM_STATUS_ERROR 0x02
464 #define BM_STATUS_INT 0x04
465 #define BM_STATUS_DMA_RETRY 0x08
466 #define BM_STATUS_PIO_RETRY 0x10
467
468 #define BM_CMD_START 0x01
469 #define BM_CMD_READ 0x08
470
471 #define IDE_TYPE_PIIX3 0
472 #define IDE_TYPE_CMD646 1
473 #define IDE_TYPE_PIIX4 2
474
475 /* CMD646 specific */
476 #define MRDMODE 0x71
477 #define MRDMODE_INTR_CH0 0x04
478 #define MRDMODE_INTR_CH1 0x08
479 #define MRDMODE_BLK_CH0 0x10
480 #define MRDMODE_BLK_CH1 0x20
481 #define UDIDETCR0 0x73
482 #define UDIDETCR1 0x7B
483
484 typedef struct BMDMAState {
485 uint8_t cmd;
486 uint8_t status;
487 uint32_t addr;
488
489 struct PCIIDEState *pci_dev;
490 /* current transfer state */
491 uint32_t cur_addr;
492 uint32_t cur_prd_last;
493 uint32_t cur_prd_addr;
494 uint32_t cur_prd_len;
495 IDEState *ide_if;
496 BlockDriverCompletionFunc *dma_cb;
497 BlockDriverAIOCB *aiocb;
498 int64_t sector_num;
499 uint32_t nsector;
500 } BMDMAState;
501
502 typedef struct PCIIDEState {
503 PCIDevice dev;
504 IDEState ide_if[4];
505 BMDMAState bmdma[2];
506 int type; /* see IDE_TYPE_xxx */
507 } PCIIDEState;
508
509 static void ide_dma_start(IDEState *s, BlockDriverCompletionFunc *dma_cb);
510 static void ide_dma_restart(IDEState *s);
511 static void ide_atapi_cmd_read_dma_cb(void *opaque, int ret);
512
513 static void padstr(char *str, const char *src, int len)
514 {
515 int i, v;
516 for(i = 0; i < len; i++) {
517 if (*src)
518 v = *src++;
519 else
520 v = ' ';
521 str[i^1] = v;
522 }
523 }
524
525 static void padstr8(uint8_t *buf, int buf_size, const char *src)
526 {
527 int i;
528 for(i = 0; i < buf_size; i++) {
529 if (*src)
530 buf[i] = *src++;
531 else
532 buf[i] = ' ';
533 }
534 }
535
536 static void put_le16(uint16_t *p, unsigned int v)
537 {
538 *p = cpu_to_le16(v);
539 }
540
541 static void ide_identify(IDEState *s)
542 {
543 uint16_t *p;
544 unsigned int oldsize;
545
546 if (s->identify_set) {
547 memcpy(s->io_buffer, s->identify_data, sizeof(s->identify_data));
548 return;
549 }
550
551 memset(s->io_buffer, 0, 512);
552 p = (uint16_t *)s->io_buffer;
553 put_le16(p + 0, 0x0040);
554 put_le16(p + 1, s->cylinders);
555 put_le16(p + 3, s->heads);
556 put_le16(p + 4, 512 * s->sectors); /* XXX: retired, remove ? */
557 put_le16(p + 5, 512); /* XXX: retired, remove ? */
558 put_le16(p + 6, s->sectors);
559 padstr((char *)(p + 10), s->drive_serial_str, 20); /* serial number */
560 put_le16(p + 20, 3); /* XXX: retired, remove ? */
561 put_le16(p + 21, 512); /* cache size in sectors */
562 put_le16(p + 22, 4); /* ecc bytes */
563 padstr((char *)(p + 23), QEMU_VERSION, 8); /* firmware version */
564 padstr((char *)(p + 27), "QEMU HARDDISK", 40); /* model */
565 #if MAX_MULT_SECTORS > 1
566 put_le16(p + 47, 0x8000 | MAX_MULT_SECTORS);
567 #endif
568 put_le16(p + 48, 1); /* dword I/O */
569 put_le16(p + 49, (1 << 11) | (1 << 9) | (1 << 8)); /* DMA and LBA supported */
570 put_le16(p + 51, 0x200); /* PIO transfer cycle */
571 put_le16(p + 52, 0x200); /* DMA transfer cycle */
572 put_le16(p + 53, 1 | (1 << 1) | (1 << 2)); /* words 54-58,64-70,88 are valid */
573 put_le16(p + 54, s->cylinders);
574 put_le16(p + 55, s->heads);
575 put_le16(p + 56, s->sectors);
576 oldsize = s->cylinders * s->heads * s->sectors;
577 put_le16(p + 57, oldsize);
578 put_le16(p + 58, oldsize >> 16);
579 if (s->mult_sectors)
580 put_le16(p + 59, 0x100 | s->mult_sectors);
581 put_le16(p + 60, s->nb_sectors);
582 put_le16(p + 61, s->nb_sectors >> 16);
583 put_le16(p + 62, 0x07); /* single word dma0-2 supported */
584 put_le16(p + 63, 0x07); /* mdma0-2 supported */
585 put_le16(p + 65, 120);
586 put_le16(p + 66, 120);
587 put_le16(p + 67, 120);
588 put_le16(p + 68, 120);
589 put_le16(p + 80, 0xf0); /* ata3 -> ata6 supported */
590 put_le16(p + 81, 0x16); /* conforms to ata5 */
591 put_le16(p + 82, (1 << 14));
592 /* 13=flush_cache_ext,12=flush_cache,10=lba48 */
593 put_le16(p + 83, (1 << 14) | (1 << 13) | (1 <<12) | (1 << 10));
594 put_le16(p + 84, (1 << 14));
595 put_le16(p + 85, (1 << 14));
596 /* 13=flush_cache_ext,12=flush_cache,10=lba48 */
597 put_le16(p + 86, (1 << 14) | (1 << 13) | (1 <<12) | (1 << 10));
598 put_le16(p + 87, (1 << 14));
599 put_le16(p + 88, 0x3f | (1 << 13)); /* udma5 set and supported */
600 put_le16(p + 93, 1 | (1 << 14) | 0x2000);
601 put_le16(p + 100, s->nb_sectors);
602 put_le16(p + 101, s->nb_sectors >> 16);
603 put_le16(p + 102, s->nb_sectors >> 32);
604 put_le16(p + 103, s->nb_sectors >> 48);
605
606 memcpy(s->identify_data, p, sizeof(s->identify_data));
607 s->identify_set = 1;
608 }
609
610 static void ide_atapi_identify(IDEState *s)
611 {
612 uint16_t *p;
613
614 if (s->identify_set) {
615 memcpy(s->io_buffer, s->identify_data, sizeof(s->identify_data));
616 return;
617 }
618
619 memset(s->io_buffer, 0, 512);
620 p = (uint16_t *)s->io_buffer;
621 /* Removable CDROM, 50us response, 12 byte packets */
622 put_le16(p + 0, (2 << 14) | (5 << 8) | (1 << 7) | (2 << 5) | (0 << 0));
623 padstr((char *)(p + 10), s->drive_serial_str, 20); /* serial number */
624 put_le16(p + 20, 3); /* buffer type */
625 put_le16(p + 21, 512); /* cache size in sectors */
626 put_le16(p + 22, 4); /* ecc bytes */
627 padstr((char *)(p + 23), QEMU_VERSION, 8); /* firmware version */
628 padstr((char *)(p + 27), "QEMU DVD-ROM", 40); /* model */
629 put_le16(p + 48, 1); /* dword I/O (XXX: should not be set on CDROM) */
630 #ifdef USE_DMA_CDROM
631 put_le16(p + 49, 1 << 9 | 1 << 8); /* DMA and LBA supported */
632 put_le16(p + 53, 7); /* words 64-70, 54-58, 88 valid */
633 put_le16(p + 62, 7); /* single word dma0-2 supported */
634 put_le16(p + 63, 7); /* mdma0-2 supported */
635 put_le16(p + 64, 0x3f); /* PIO modes supported */
636 #else
637 put_le16(p + 49, 1 << 9); /* LBA supported, no DMA */
638 put_le16(p + 53, 3); /* words 64-70, 54-58 valid */
639 put_le16(p + 63, 0x103); /* DMA modes XXX: may be incorrect */
640 put_le16(p + 64, 1); /* PIO modes */
641 #endif
642 put_le16(p + 65, 0xb4); /* minimum DMA multiword tx cycle time */
643 put_le16(p + 66, 0xb4); /* recommended DMA multiword tx cycle time */
644 put_le16(p + 67, 0x12c); /* minimum PIO cycle time without flow control */
645 put_le16(p + 68, 0xb4); /* minimum PIO cycle time with IORDY flow control */
646
647 put_le16(p + 71, 30); /* in ns */
648 put_le16(p + 72, 30); /* in ns */
649
650 put_le16(p + 80, 0x1e); /* support up to ATA/ATAPI-4 */
651 #ifdef USE_DMA_CDROM
652 put_le16(p + 88, 0x3f | (1 << 13)); /* udma5 set and supported */
653 #endif
654 memcpy(s->identify_data, p, sizeof(s->identify_data));
655 s->identify_set = 1;
656 }
657
658 static void ide_cfata_identify(IDEState *s)
659 {
660 uint16_t *p;
661 uint32_t cur_sec;
662
663 p = (uint16_t *) s->identify_data;
664 if (s->identify_set)
665 goto fill_buffer;
666
667 memset(p, 0, sizeof(s->identify_data));
668
669 cur_sec = s->cylinders * s->heads * s->sectors;
670
671 put_le16(p + 0, 0x848a); /* CF Storage Card signature */
672 put_le16(p + 1, s->cylinders); /* Default cylinders */
673 put_le16(p + 3, s->heads); /* Default heads */
674 put_le16(p + 6, s->sectors); /* Default sectors per track */
675 put_le16(p + 7, s->nb_sectors >> 16); /* Sectors per card */
676 put_le16(p + 8, s->nb_sectors); /* Sectors per card */
677 padstr((char *)(p + 10), s->drive_serial_str, 20); /* serial number */
678 put_le16(p + 22, 0x0004); /* ECC bytes */
679 padstr((char *) (p + 23), QEMU_VERSION, 8); /* Firmware Revision */
680 padstr((char *) (p + 27), "QEMU MICRODRIVE", 40);/* Model number */
681 #if MAX_MULT_SECTORS > 1
682 put_le16(p + 47, 0x8000 | MAX_MULT_SECTORS);
683 #else
684 put_le16(p + 47, 0x0000);
685 #endif
686 put_le16(p + 49, 0x0f00); /* Capabilities */
687 put_le16(p + 51, 0x0002); /* PIO cycle timing mode */
688 put_le16(p + 52, 0x0001); /* DMA cycle timing mode */
689 put_le16(p + 53, 0x0003); /* Translation params valid */
690 put_le16(p + 54, s->cylinders); /* Current cylinders */
691 put_le16(p + 55, s->heads); /* Current heads */
692 put_le16(p + 56, s->sectors); /* Current sectors */
693 put_le16(p + 57, cur_sec); /* Current capacity */
694 put_le16(p + 58, cur_sec >> 16); /* Current capacity */
695 if (s->mult_sectors) /* Multiple sector setting */
696 put_le16(p + 59, 0x100 | s->mult_sectors);
697 put_le16(p + 60, s->nb_sectors); /* Total LBA sectors */
698 put_le16(p + 61, s->nb_sectors >> 16); /* Total LBA sectors */
699 put_le16(p + 63, 0x0203); /* Multiword DMA capability */
700 put_le16(p + 64, 0x0001); /* Flow Control PIO support */
701 put_le16(p + 65, 0x0096); /* Min. Multiword DMA cycle */
702 put_le16(p + 66, 0x0096); /* Rec. Multiword DMA cycle */
703 put_le16(p + 68, 0x00b4); /* Min. PIO cycle time */
704 put_le16(p + 82, 0x400c); /* Command Set supported */
705 put_le16(p + 83, 0x7068); /* Command Set supported */
706 put_le16(p + 84, 0x4000); /* Features supported */
707 put_le16(p + 85, 0x000c); /* Command Set enabled */
708 put_le16(p + 86, 0x7044); /* Command Set enabled */
709 put_le16(p + 87, 0x4000); /* Features enabled */
710 put_le16(p + 91, 0x4060); /* Current APM level */
711 put_le16(p + 129, 0x0002); /* Current features option */
712 put_le16(p + 130, 0x0005); /* Reassigned sectors */
713 put_le16(p + 131, 0x0001); /* Initial power mode */
714 put_le16(p + 132, 0x0000); /* User signature */
715 put_le16(p + 160, 0x8100); /* Power requirement */
716 put_le16(p + 161, 0x8001); /* CF command set */
717
718 s->identify_set = 1;
719
720 fill_buffer:
721 memcpy(s->io_buffer, p, sizeof(s->identify_data));
722 }
723
724 static void ide_set_signature(IDEState *s)
725 {
726 s->select &= 0xf0; /* clear head */
727 /* put signature */
728 s->nsector = 1;
729 s->sector = 1;
730 if (s->is_cdrom) {
731 s->lcyl = 0x14;
732 s->hcyl = 0xeb;
733 } else if (s->bs) {
734 s->lcyl = 0;
735 s->hcyl = 0;
736 } else {
737 s->lcyl = 0xff;
738 s->hcyl = 0xff;
739 }
740 }
741
742 static inline void ide_abort_command(IDEState *s)
743 {
744 s->status = READY_STAT | ERR_STAT;
745 s->error = ABRT_ERR;
746 }
747
748 static inline void ide_dma_submit_check(IDEState *s,
749 BlockDriverCompletionFunc *dma_cb, BMDMAState *bm)
750 {
751 if (bm->aiocb)
752 return;
753 dma_cb(bm, -1);
754 }
755
756 static inline void ide_set_irq(IDEState *s)
757 {
758 BMDMAState *bm = s->bmdma;
759 if (!(s->cmd & IDE_CMD_DISABLE_IRQ)) {
760 if (bm) {
761 bm->status |= BM_STATUS_INT;
762 }
763 qemu_irq_raise(s->irq);
764 }
765 }
766
767 /* prepare data transfer and tell what to do after */
768 static void ide_transfer_start(IDEState *s, uint8_t *buf, int size,
769 EndTransferFunc *end_transfer_func)
770 {
771 s->end_transfer_func = end_transfer_func;
772 s->data_ptr = buf;
773 s->data_end = buf + size;
774 if (!(s->status & ERR_STAT))
775 s->status |= DRQ_STAT;
776 }
777
778 static void ide_transfer_stop(IDEState *s)
779 {
780 s->end_transfer_func = ide_transfer_stop;
781 s->data_ptr = s->io_buffer;
782 s->data_end = s->io_buffer;
783 s->status &= ~DRQ_STAT;
784 }
785
786 static int64_t ide_get_sector(IDEState *s)
787 {
788 int64_t sector_num;
789 if (s->select & 0x40) {
790 /* lba */
791 if (!s->lba48) {
792 sector_num = ((s->select & 0x0f) << 24) | (s->hcyl << 16) |
793 (s->lcyl << 8) | s->sector;
794 } else {
795 sector_num = ((int64_t)s->hob_hcyl << 40) |
796 ((int64_t) s->hob_lcyl << 32) |
797 ((int64_t) s->hob_sector << 24) |
798 ((int64_t) s->hcyl << 16) |
799 ((int64_t) s->lcyl << 8) | s->sector;
800 }
801 } else {
802 sector_num = ((s->hcyl << 8) | s->lcyl) * s->heads * s->sectors +
803 (s->select & 0x0f) * s->sectors + (s->sector - 1);
804 }
805 return sector_num;
806 }
807
808 static void ide_set_sector(IDEState *s, int64_t sector_num)
809 {
810 unsigned int cyl, r;
811 if (s->select & 0x40) {
812 if (!s->lba48) {
813 s->select = (s->select & 0xf0) | (sector_num >> 24);
814 s->hcyl = (sector_num >> 16);
815 s->lcyl = (sector_num >> 8);
816 s->sector = (sector_num);
817 } else {
818 s->sector = sector_num;
819 s->lcyl = sector_num >> 8;
820 s->hcyl = sector_num >> 16;
821 s->hob_sector = sector_num >> 24;
822 s->hob_lcyl = sector_num >> 32;
823 s->hob_hcyl = sector_num >> 40;
824 }
825 } else {
826 cyl = sector_num / (s->heads * s->sectors);
827 r = sector_num % (s->heads * s->sectors);
828 s->hcyl = cyl >> 8;
829 s->lcyl = cyl;
830 s->select = (s->select & 0xf0) | ((r / s->sectors) & 0x0f);
831 s->sector = (r % s->sectors) + 1;
832 }
833 }
834
835 static void ide_rw_error(IDEState *s) {
836 ide_abort_command(s);
837 ide_set_irq(s);
838 }
839
840 static void ide_sector_read(IDEState *s)
841 {
842 int64_t sector_num;
843 int ret, n;
844
845 s->status = READY_STAT | SEEK_STAT;
846 s->error = 0; /* not needed by IDE spec, but needed by Windows */
847 sector_num = ide_get_sector(s);
848 n = s->nsector;
849 if (n == 0) {
850 /* no more sector to read from disk */
851 ide_transfer_stop(s);
852 } else {
853 #if defined(DEBUG_IDE)
854 printf("read sector=%" PRId64 "\n", sector_num);
855 #endif
856 if (n > s->req_nb_sectors)
857 n = s->req_nb_sectors;
858 ret = bdrv_read(s->bs, sector_num, s->io_buffer, n);
859 if (ret != 0) {
860 ide_rw_error(s);
861 return;
862 }
863 ide_transfer_start(s, s->io_buffer, 512 * n, ide_sector_read);
864 ide_set_irq(s);
865 ide_set_sector(s, sector_num + n);
866 s->nsector -= n;
867 }
868 }
869
870
871 /* return 0 if buffer completed */
872 static int dma_buf_prepare(BMDMAState *bm, int is_write)
873 {
874 IDEState *s = bm->ide_if;
875 struct {
876 uint32_t addr;
877 uint32_t size;
878 } prd;
879 int l, len;
880
881 qemu_sglist_init(&s->sg, s->nsector / (TARGET_PAGE_SIZE/512) + 1);
882 s->io_buffer_size = 0;
883 for(;;) {
884 if (bm->cur_prd_len == 0) {
885 /* end of table (with a fail safe of one page) */
886 if (bm->cur_prd_last ||
887 (bm->cur_addr - bm->addr) >= 4096)
888 return s->io_buffer_size != 0;
889 cpu_physical_memory_read(bm->cur_addr, (uint8_t *)&prd, 8);
890 bm->cur_addr += 8;
891 prd.addr = le32_to_cpu(prd.addr);
892 prd.size = le32_to_cpu(prd.size);
893 len = prd.size & 0xfffe;
894 if (len == 0)
895 len = 0x10000;
896 bm->cur_prd_len = len;
897 bm->cur_prd_addr = prd.addr;
898 bm->cur_prd_last = (prd.size & 0x80000000);
899 }
900 l = bm->cur_prd_len;
901 if (l > 0) {
902 qemu_sglist_add(&s->sg, bm->cur_prd_addr, l);
903 bm->cur_prd_addr += l;
904 bm->cur_prd_len -= l;
905 s->io_buffer_size += l;
906 }
907 }
908 return 1;
909 }
910
911 static void dma_buf_commit(IDEState *s, int is_write)
912 {
913 qemu_sglist_destroy(&s->sg);
914 }
915
916 static void ide_dma_error(IDEState *s)
917 {
918 ide_transfer_stop(s);
919 s->error = ABRT_ERR;
920 s->status = READY_STAT | ERR_STAT;
921 ide_set_irq(s);
922 }
923
924 static int ide_handle_write_error(IDEState *s, int error, int op)
925 {
926 BlockInterfaceErrorAction action = drive_get_onerror(s->bs);
927
928 if (action == BLOCK_ERR_IGNORE)
929 return 0;
930
931 if ((error == ENOSPC && action == BLOCK_ERR_STOP_ENOSPC)
932 || action == BLOCK_ERR_STOP_ANY) {
933 s->bmdma->ide_if = s;
934 s->bmdma->status |= op;
935 vm_stop(0);
936 } else {
937 if (op == BM_STATUS_DMA_RETRY) {
938 dma_buf_commit(s, 0);
939 ide_dma_error(s);
940 } else {
941 ide_rw_error(s);
942 }
943 }
944
945 return 1;
946 }
947
948 /* return 0 if buffer completed */
949 static int dma_buf_rw(BMDMAState *bm, int is_write)
950 {
951 IDEState *s = bm->ide_if;
952 struct {
953 uint32_t addr;
954 uint32_t size;
955 } prd;
956 int l, len;
957
958 for(;;) {
959 l = s->io_buffer_size - s->io_buffer_index;
960 if (l <= 0)
961 break;
962 if (bm->cur_prd_len == 0) {
963 /* end of table (with a fail safe of one page) */
964 if (bm->cur_prd_last ||
965 (bm->cur_addr - bm->addr) >= 4096)
966 return 0;
967 cpu_physical_memory_read(bm->cur_addr, (uint8_t *)&prd, 8);
968 bm->cur_addr += 8;
969 prd.addr = le32_to_cpu(prd.addr);
970 prd.size = le32_to_cpu(prd.size);
971 len = prd.size & 0xfffe;
972 if (len == 0)
973 len = 0x10000;
974 bm->cur_prd_len = len;
975 bm->cur_prd_addr = prd.addr;
976 bm->cur_prd_last = (prd.size & 0x80000000);
977 }
978 if (l > bm->cur_prd_len)
979 l = bm->cur_prd_len;
980 if (l > 0) {
981 if (is_write) {
982 cpu_physical_memory_write(bm->cur_prd_addr,
983 s->io_buffer + s->io_buffer_index, l);
984 } else {
985 cpu_physical_memory_read(bm->cur_prd_addr,
986 s->io_buffer + s->io_buffer_index, l);
987 }
988 bm->cur_prd_addr += l;
989 bm->cur_prd_len -= l;
990 s->io_buffer_index += l;
991 }
992 }
993 return 1;
994 }
995
996 static void ide_read_dma_cb(void *opaque, int ret)
997 {
998 BMDMAState *bm = opaque;
999 IDEState *s = bm->ide_if;
1000 int n;
1001 int64_t sector_num;
1002
1003 if (ret < 0) {
1004 dma_buf_commit(s, 1);
1005 ide_dma_error(s);
1006 return;
1007 }
1008
1009 n = s->io_buffer_size >> 9;
1010 sector_num = ide_get_sector(s);
1011 if (n > 0) {
1012 dma_buf_commit(s, 1);
1013 sector_num += n;
1014 ide_set_sector(s, sector_num);
1015 s->nsector -= n;
1016 }
1017
1018 /* end of transfer ? */
1019 if (s->nsector == 0) {
1020 s->status = READY_STAT | SEEK_STAT;
1021 ide_set_irq(s);
1022 eot:
1023 bm->status &= ~BM_STATUS_DMAING;
1024 bm->status |= BM_STATUS_INT;
1025 bm->dma_cb = NULL;
1026 bm->ide_if = NULL;
1027 bm->aiocb = NULL;
1028 return;
1029 }
1030
1031 /* launch next transfer */
1032 n = s->nsector;
1033 s->io_buffer_index = 0;
1034 s->io_buffer_size = n * 512;
1035 if (dma_buf_prepare(bm, 1) == 0)
1036 goto eot;
1037 #ifdef DEBUG_AIO
1038 printf("aio_read: sector_num=%" PRId64 " n=%d\n", sector_num, n);
1039 #endif
1040 bm->aiocb = dma_bdrv_read(s->bs, &s->sg, sector_num, ide_read_dma_cb, bm);
1041 ide_dma_submit_check(s, ide_read_dma_cb, bm);
1042 }
1043
1044 static void ide_sector_read_dma(IDEState *s)
1045 {
1046 s->status = READY_STAT | SEEK_STAT | DRQ_STAT | BUSY_STAT;
1047 s->io_buffer_index = 0;
1048 s->io_buffer_size = 0;
1049 s->is_read = 1;
1050 ide_dma_start(s, ide_read_dma_cb);
1051 }
1052
1053 static void ide_sector_write_timer_cb(void *opaque)
1054 {
1055 IDEState *s = opaque;
1056 ide_set_irq(s);
1057 }
1058
1059 static void ide_sector_write(IDEState *s)
1060 {
1061 int64_t sector_num;
1062 int ret, n, n1;
1063
1064 s->status = READY_STAT | SEEK_STAT;
1065 sector_num = ide_get_sector(s);
1066 #if defined(DEBUG_IDE)
1067 printf("write sector=%" PRId64 "\n", sector_num);
1068 #endif
1069 n = s->nsector;
1070 if (n > s->req_nb_sectors)
1071 n = s->req_nb_sectors;
1072 ret = bdrv_write(s->bs, sector_num, s->io_buffer, n);
1073
1074 if (ret != 0) {
1075 if (ide_handle_write_error(s, -ret, BM_STATUS_PIO_RETRY))
1076 return;
1077 }
1078
1079 s->nsector -= n;
1080 if (s->nsector == 0) {
1081 /* no more sectors to write */
1082 ide_transfer_stop(s);
1083 } else {
1084 n1 = s->nsector;
1085 if (n1 > s->req_nb_sectors)
1086 n1 = s->req_nb_sectors;
1087 ide_transfer_start(s, s->io_buffer, 512 * n1, ide_sector_write);
1088 }
1089 ide_set_sector(s, sector_num + n);
1090
1091 #ifdef TARGET_I386
1092 if (win2k_install_hack && ((++s->irq_count % 16) == 0)) {
1093 /* It seems there is a bug in the Windows 2000 installer HDD
1094 IDE driver which fills the disk with empty logs when the
1095 IDE write IRQ comes too early. This hack tries to correct
1096 that at the expense of slower write performances. Use this
1097 option _only_ to install Windows 2000. You must disable it
1098 for normal use. */
1099 qemu_mod_timer(s->sector_write_timer,
1100 qemu_get_clock(vm_clock) + (ticks_per_sec / 1000));
1101 } else
1102 #endif
1103 {
1104 ide_set_irq(s);
1105 }
1106 }
1107
1108 static void ide_dma_restart_cb(void *opaque, int running, int reason)
1109 {
1110 BMDMAState *bm = opaque;
1111 if (!running)
1112 return;
1113 if (bm->status & BM_STATUS_DMA_RETRY) {
1114 bm->status &= ~BM_STATUS_DMA_RETRY;
1115 ide_dma_restart(bm->ide_if);
1116 } else if (bm->status & BM_STATUS_PIO_RETRY) {
1117 bm->status &= ~BM_STATUS_PIO_RETRY;
1118 ide_sector_write(bm->ide_if);
1119 }
1120 }
1121
1122 static void ide_write_dma_cb(void *opaque, int ret)
1123 {
1124 BMDMAState *bm = opaque;
1125 IDEState *s = bm->ide_if;
1126 int n;
1127 int64_t sector_num;
1128
1129 if (ret < 0) {
1130 if (ide_handle_write_error(s, -ret, BM_STATUS_DMA_RETRY))
1131 return;
1132 }
1133
1134 n = s->io_buffer_size >> 9;
1135 sector_num = ide_get_sector(s);
1136 if (n > 0) {
1137 dma_buf_commit(s, 0);
1138 sector_num += n;
1139 ide_set_sector(s, sector_num);
1140 s->nsector -= n;
1141 }
1142
1143 /* end of transfer ? */
1144 if (s->nsector == 0) {
1145 s->status = READY_STAT | SEEK_STAT;
1146 ide_set_irq(s);
1147 eot:
1148 bm->status &= ~BM_STATUS_DMAING;
1149 bm->status |= BM_STATUS_INT;
1150 bm->dma_cb = NULL;
1151 bm->ide_if = NULL;
1152 bm->aiocb = NULL;
1153 return;
1154 }
1155
1156 n = s->nsector;
1157 s->io_buffer_size = n * 512;
1158 /* launch next transfer */
1159 if (dma_buf_prepare(bm, 0) == 0)
1160 goto eot;
1161 #ifdef DEBUG_AIO
1162 printf("aio_write: sector_num=%" PRId64 " n=%d\n", sector_num, n);
1163 #endif
1164 bm->aiocb = dma_bdrv_write(s->bs, &s->sg, sector_num, ide_write_dma_cb, bm);
1165 ide_dma_submit_check(s, ide_write_dma_cb, bm);
1166 }
1167
1168 static void ide_sector_write_dma(IDEState *s)
1169 {
1170 s->status = READY_STAT | SEEK_STAT | DRQ_STAT | BUSY_STAT;
1171 s->io_buffer_index = 0;
1172 s->io_buffer_size = 0;
1173 s->is_read = 0;
1174 ide_dma_start(s, ide_write_dma_cb);
1175 }
1176
1177 static void ide_atapi_cmd_ok(IDEState *s)
1178 {
1179 s->error = 0;
1180 s->status = READY_STAT | SEEK_STAT;
1181 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
1182 ide_set_irq(s);
1183 }
1184
1185 static void ide_atapi_cmd_error(IDEState *s, int sense_key, int asc)
1186 {
1187 #ifdef DEBUG_IDE_ATAPI
1188 printf("atapi_cmd_error: sense=0x%x asc=0x%x\n", sense_key, asc);
1189 #endif
1190 s->error = sense_key << 4;
1191 s->status = READY_STAT | ERR_STAT;
1192 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
1193 s->sense_key = sense_key;
1194 s->asc = asc;
1195 ide_set_irq(s);
1196 }
1197
1198 static void ide_atapi_cmd_check_status(IDEState *s)
1199 {
1200 #ifdef DEBUG_IDE_ATAPI
1201 printf("atapi_cmd_check_status\n");
1202 #endif
1203 s->error = MC_ERR | (SENSE_UNIT_ATTENTION << 4);
1204 s->status = ERR_STAT;
1205 s->nsector = 0;
1206 ide_set_irq(s);
1207 }
1208
1209 static inline void cpu_to_ube16(uint8_t *buf, int val)
1210 {
1211 buf[0] = val >> 8;
1212 buf[1] = val;
1213 }
1214
1215 static inline void cpu_to_ube32(uint8_t *buf, unsigned int val)
1216 {
1217 buf[0] = val >> 24;
1218 buf[1] = val >> 16;
1219 buf[2] = val >> 8;
1220 buf[3] = val;
1221 }
1222
1223 static inline int ube16_to_cpu(const uint8_t *buf)
1224 {
1225 return (buf[0] << 8) | buf[1];
1226 }
1227
1228 static inline int ube32_to_cpu(const uint8_t *buf)
1229 {
1230 return (buf[0] << 24) | (buf[1] << 16) | (buf[2] << 8) | buf[3];
1231 }
1232
1233 static void lba_to_msf(uint8_t *buf, int lba)
1234 {
1235 lba += 150;
1236 buf[0] = (lba / 75) / 60;
1237 buf[1] = (lba / 75) % 60;
1238 buf[2] = lba % 75;
1239 }
1240
1241 static void cd_data_to_raw(uint8_t *buf, int lba)
1242 {
1243 /* sync bytes */
1244 buf[0] = 0x00;
1245 memset(buf + 1, 0xff, 10);
1246 buf[11] = 0x00;
1247 buf += 12;
1248 /* MSF */
1249 lba_to_msf(buf, lba);
1250 buf[3] = 0x01; /* mode 1 data */
1251 buf += 4;
1252 /* data */
1253 buf += 2048;
1254 /* XXX: ECC not computed */
1255 memset(buf, 0, 288);
1256 }
1257
1258 static int cd_read_sector(BlockDriverState *bs, int lba, uint8_t *buf,
1259 int sector_size)
1260 {
1261 int ret;
1262
1263 switch(sector_size) {
1264 case 2048:
1265 ret = bdrv_read(bs, (int64_t)lba << 2, buf, 4);
1266 break;
1267 case 2352:
1268 ret = bdrv_read(bs, (int64_t)lba << 2, buf + 16, 4);
1269 if (ret < 0)
1270 return ret;
1271 cd_data_to_raw(buf, lba);
1272 break;
1273 default:
1274 ret = -EIO;
1275 break;
1276 }
1277 return ret;
1278 }
1279
1280 static void ide_atapi_io_error(IDEState *s, int ret)
1281 {
1282 /* XXX: handle more errors */
1283 if (ret == -ENOMEDIUM) {
1284 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1285 ASC_MEDIUM_NOT_PRESENT);
1286 } else {
1287 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1288 ASC_LOGICAL_BLOCK_OOR);
1289 }
1290 }
1291
1292 /* The whole ATAPI transfer logic is handled in this function */
1293 static void ide_atapi_cmd_reply_end(IDEState *s)
1294 {
1295 int byte_count_limit, size, ret;
1296 #ifdef DEBUG_IDE_ATAPI
1297 printf("reply: tx_size=%d elem_tx_size=%d index=%d\n",
1298 s->packet_transfer_size,
1299 s->elementary_transfer_size,
1300 s->io_buffer_index);
1301 #endif
1302 if (s->packet_transfer_size <= 0) {
1303 /* end of transfer */
1304 ide_transfer_stop(s);
1305 s->status = READY_STAT | SEEK_STAT;
1306 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
1307 ide_set_irq(s);
1308 #ifdef DEBUG_IDE_ATAPI
1309 printf("status=0x%x\n", s->status);
1310 #endif
1311 } else {
1312 /* see if a new sector must be read */
1313 if (s->lba != -1 && s->io_buffer_index >= s->cd_sector_size) {
1314 ret = cd_read_sector(s->bs, s->lba, s->io_buffer, s->cd_sector_size);
1315 if (ret < 0) {
1316 ide_transfer_stop(s);
1317 ide_atapi_io_error(s, ret);
1318 return;
1319 }
1320 s->lba++;
1321 s->io_buffer_index = 0;
1322 }
1323 if (s->elementary_transfer_size > 0) {
1324 /* there are some data left to transmit in this elementary
1325 transfer */
1326 size = s->cd_sector_size - s->io_buffer_index;
1327 if (size > s->elementary_transfer_size)
1328 size = s->elementary_transfer_size;
1329 ide_transfer_start(s, s->io_buffer + s->io_buffer_index,
1330 size, ide_atapi_cmd_reply_end);
1331 s->packet_transfer_size -= size;
1332 s->elementary_transfer_size -= size;
1333 s->io_buffer_index += size;
1334 } else {
1335 /* a new transfer is needed */
1336 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO;
1337 byte_count_limit = s->lcyl | (s->hcyl << 8);
1338 #ifdef DEBUG_IDE_ATAPI
1339 printf("byte_count_limit=%d\n", byte_count_limit);
1340 #endif
1341 if (byte_count_limit == 0xffff)
1342 byte_count_limit--;
1343 size = s->packet_transfer_size;
1344 if (size > byte_count_limit) {
1345 /* byte count limit must be even if this case */
1346 if (byte_count_limit & 1)
1347 byte_count_limit--;
1348 size = byte_count_limit;
1349 }
1350 s->lcyl = size;
1351 s->hcyl = size >> 8;
1352 s->elementary_transfer_size = size;
1353 /* we cannot transmit more than one sector at a time */
1354 if (s->lba != -1) {
1355 if (size > (s->cd_sector_size - s->io_buffer_index))
1356 size = (s->cd_sector_size - s->io_buffer_index);
1357 }
1358 ide_transfer_start(s, s->io_buffer + s->io_buffer_index,
1359 size, ide_atapi_cmd_reply_end);
1360 s->packet_transfer_size -= size;
1361 s->elementary_transfer_size -= size;
1362 s->io_buffer_index += size;
1363 ide_set_irq(s);
1364 #ifdef DEBUG_IDE_ATAPI
1365 printf("status=0x%x\n", s->status);
1366 #endif
1367 }
1368 }
1369 }
1370
1371 /* send a reply of 'size' bytes in s->io_buffer to an ATAPI command */
1372 static void ide_atapi_cmd_reply(IDEState *s, int size, int max_size)
1373 {
1374 if (size > max_size)
1375 size = max_size;
1376 s->lba = -1; /* no sector read */
1377 s->packet_transfer_size = size;
1378 s->io_buffer_size = size; /* dma: send the reply data as one chunk */
1379 s->elementary_transfer_size = 0;
1380 s->io_buffer_index = 0;
1381
1382 if (s->atapi_dma) {
1383 s->status = READY_STAT | SEEK_STAT | DRQ_STAT;
1384 ide_dma_start(s, ide_atapi_cmd_read_dma_cb);
1385 } else {
1386 s->status = READY_STAT | SEEK_STAT;
1387 ide_atapi_cmd_reply_end(s);
1388 }
1389 }
1390
1391 /* start a CD-CDROM read command */
1392 static void ide_atapi_cmd_read_pio(IDEState *s, int lba, int nb_sectors,
1393 int sector_size)
1394 {
1395 s->lba = lba;
1396 s->packet_transfer_size = nb_sectors * sector_size;
1397 s->elementary_transfer_size = 0;
1398 s->io_buffer_index = sector_size;
1399 s->cd_sector_size = sector_size;
1400
1401 s->status = READY_STAT | SEEK_STAT;
1402 ide_atapi_cmd_reply_end(s);
1403 }
1404
1405 /* ATAPI DMA support */
1406
1407 /* XXX: handle read errors */
1408 static void ide_atapi_cmd_read_dma_cb(void *opaque, int ret)
1409 {
1410 BMDMAState *bm = opaque;
1411 IDEState *s = bm->ide_if;
1412 int data_offset, n;
1413
1414 if (ret < 0) {
1415 ide_atapi_io_error(s, ret);
1416 goto eot;
1417 }
1418
1419 if (s->io_buffer_size > 0) {
1420 /*
1421 * For a cdrom read sector command (s->lba != -1),
1422 * adjust the lba for the next s->io_buffer_size chunk
1423 * and dma the current chunk.
1424 * For a command != read (s->lba == -1), just transfer
1425 * the reply data.
1426 */
1427 if (s->lba != -1) {
1428 if (s->cd_sector_size == 2352) {
1429 n = 1;
1430 cd_data_to_raw(s->io_buffer, s->lba);
1431 } else {
1432 n = s->io_buffer_size >> 11;
1433 }
1434 s->lba += n;
1435 }
1436 s->packet_transfer_size -= s->io_buffer_size;
1437 if (dma_buf_rw(bm, 1) == 0)
1438 goto eot;
1439 }
1440
1441 if (s->packet_transfer_size <= 0) {
1442 s->status = READY_STAT | SEEK_STAT;
1443 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
1444 ide_set_irq(s);
1445 eot:
1446 bm->status &= ~BM_STATUS_DMAING;
1447 bm->status |= BM_STATUS_INT;
1448 bm->dma_cb = NULL;
1449 bm->ide_if = NULL;
1450 bm->aiocb = NULL;
1451 return;
1452 }
1453
1454 s->io_buffer_index = 0;
1455 if (s->cd_sector_size == 2352) {
1456 n = 1;
1457 s->io_buffer_size = s->cd_sector_size;
1458 data_offset = 16;
1459 } else {
1460 n = s->packet_transfer_size >> 11;
1461 if (n > (IDE_DMA_BUF_SECTORS / 4))
1462 n = (IDE_DMA_BUF_SECTORS / 4);
1463 s->io_buffer_size = n * 2048;
1464 data_offset = 0;
1465 }
1466 #ifdef DEBUG_AIO
1467 printf("aio_read_cd: lba=%u n=%d\n", s->lba, n);
1468 #endif
1469 bm->aiocb = bdrv_aio_read(s->bs, (int64_t)s->lba << 2,
1470 s->io_buffer + data_offset, n * 4,
1471 ide_atapi_cmd_read_dma_cb, bm);
1472 if (!bm->aiocb) {
1473 /* Note: media not present is the most likely case */
1474 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1475 ASC_MEDIUM_NOT_PRESENT);
1476 goto eot;
1477 }
1478 }
1479
1480 /* start a CD-CDROM read command with DMA */
1481 /* XXX: test if DMA is available */
1482 static void ide_atapi_cmd_read_dma(IDEState *s, int lba, int nb_sectors,
1483 int sector_size)
1484 {
1485 s->lba = lba;
1486 s->packet_transfer_size = nb_sectors * sector_size;
1487 s->io_buffer_index = 0;
1488 s->io_buffer_size = 0;
1489 s->cd_sector_size = sector_size;
1490
1491 /* XXX: check if BUSY_STAT should be set */
1492 s->status = READY_STAT | SEEK_STAT | DRQ_STAT | BUSY_STAT;
1493 ide_dma_start(s, ide_atapi_cmd_read_dma_cb);
1494 }
1495
1496 static void ide_atapi_cmd_read(IDEState *s, int lba, int nb_sectors,
1497 int sector_size)
1498 {
1499 #ifdef DEBUG_IDE_ATAPI
1500 printf("read %s: LBA=%d nb_sectors=%d\n", s->atapi_dma ? "dma" : "pio",
1501 lba, nb_sectors);
1502 #endif
1503 if (s->atapi_dma) {
1504 ide_atapi_cmd_read_dma(s, lba, nb_sectors, sector_size);
1505 } else {
1506 ide_atapi_cmd_read_pio(s, lba, nb_sectors, sector_size);
1507 }
1508 }
1509
1510 static inline uint8_t ide_atapi_set_profile(uint8_t *buf, uint8_t *index,
1511 uint16_t profile)
1512 {
1513 uint8_t *buf_profile = buf + 12; /* start of profiles */
1514
1515 buf_profile += ((*index) * 4); /* start of indexed profile */
1516 cpu_to_ube16 (buf_profile, profile);
1517 buf_profile[2] = ((buf_profile[0] == buf[6]) && (buf_profile[1] == buf[7]));
1518
1519 /* each profile adds 4 bytes to the response */
1520 (*index)++;
1521 buf[11] += 4; /* Additional Length */
1522
1523 return 4;
1524 }
1525
1526 static int ide_dvd_read_structure(IDEState *s, int format,
1527 const uint8_t *packet, uint8_t *buf)
1528 {
1529 switch (format) {
1530 case 0x0: /* Physical format information */
1531 {
1532 int layer = packet[6];
1533 uint64_t total_sectors;
1534
1535 if (layer != 0)
1536 return -ASC_INV_FIELD_IN_CMD_PACKET;
1537
1538 bdrv_get_geometry(s->bs, &total_sectors);
1539 total_sectors >>= 2;
1540 if (total_sectors == 0)
1541 return -ASC_MEDIUM_NOT_PRESENT;
1542
1543 buf[4] = 1; /* DVD-ROM, part version 1 */
1544 buf[5] = 0xf; /* 120mm disc, minimum rate unspecified */
1545 buf[6] = 1; /* one layer, read-only (per MMC-2 spec) */
1546 buf[7] = 0; /* default densities */
1547
1548 /* FIXME: 0x30000 per spec? */
1549 cpu_to_ube32(buf + 8, 0); /* start sector */
1550 cpu_to_ube32(buf + 12, total_sectors - 1); /* end sector */
1551 cpu_to_ube32(buf + 16, total_sectors - 1); /* l0 end sector */
1552
1553 /* Size of buffer, not including 2 byte size field */
1554 cpu_to_be16wu((uint16_t *)buf, 2048 + 2);
1555
1556 /* 2k data + 4 byte header */
1557 return (2048 + 4);
1558 }
1559
1560 case 0x01: /* DVD copyright information */
1561 buf[4] = 0; /* no copyright data */
1562 buf[5] = 0; /* no region restrictions */
1563
1564 /* Size of buffer, not including 2 byte size field */
1565 cpu_to_be16wu((uint16_t *)buf, 4 + 2);
1566
1567 /* 4 byte header + 4 byte data */
1568 return (4 + 4);
1569
1570 case 0x03: /* BCA information - invalid field for no BCA info */
1571 return -ASC_INV_FIELD_IN_CMD_PACKET;
1572
1573 case 0x04: /* DVD disc manufacturing information */
1574 /* Size of buffer, not including 2 byte size field */
1575 cpu_to_be16wu((uint16_t *)buf, 2048 + 2);
1576
1577 /* 2k data + 4 byte header */
1578 return (2048 + 4);
1579
1580 case 0xff:
1581 /*
1582 * This lists all the command capabilities above. Add new ones
1583 * in order and update the length and buffer return values.
1584 */
1585
1586 buf[4] = 0x00; /* Physical format */
1587 buf[5] = 0x40; /* Not writable, is readable */
1588 cpu_to_be16wu((uint16_t *)(buf + 6), 2048 + 4);
1589
1590 buf[8] = 0x01; /* Copyright info */
1591 buf[9] = 0x40; /* Not writable, is readable */
1592 cpu_to_be16wu((uint16_t *)(buf + 10), 4 + 4);
1593
1594 buf[12] = 0x03; /* BCA info */
1595 buf[13] = 0x40; /* Not writable, is readable */
1596 cpu_to_be16wu((uint16_t *)(buf + 14), 188 + 4);
1597
1598 buf[16] = 0x04; /* Manufacturing info */
1599 buf[17] = 0x40; /* Not writable, is readable */
1600 cpu_to_be16wu((uint16_t *)(buf + 18), 2048 + 4);
1601
1602 /* Size of buffer, not including 2 byte size field */
1603 cpu_to_be16wu((uint16_t *)buf, 16 + 2);
1604
1605 /* data written + 4 byte header */
1606 return (16 + 4);
1607
1608 default: /* TODO: formats beyond DVD-ROM requires */
1609 return -ASC_INV_FIELD_IN_CMD_PACKET;
1610 }
1611 }
1612
1613 static void ide_atapi_cmd(IDEState *s)
1614 {
1615 const uint8_t *packet;
1616 uint8_t *buf;
1617 int max_len;
1618
1619 packet = s->io_buffer;
1620 buf = s->io_buffer;
1621 #ifdef DEBUG_IDE_ATAPI
1622 {
1623 int i;
1624 printf("ATAPI limit=0x%x packet:", s->lcyl | (s->hcyl << 8));
1625 for(i = 0; i < ATAPI_PACKET_SIZE; i++) {
1626 printf(" %02x", packet[i]);
1627 }
1628 printf("\n");
1629 }
1630 #endif
1631 /* If there's a UNIT_ATTENTION condition pending, only
1632 REQUEST_SENSE and INQUIRY commands are allowed to complete. */
1633 if (s->sense_key == SENSE_UNIT_ATTENTION &&
1634 s->io_buffer[0] != GPCMD_REQUEST_SENSE &&
1635 s->io_buffer[0] != GPCMD_INQUIRY) {
1636 ide_atapi_cmd_check_status(s);
1637 return;
1638 }
1639 switch(s->io_buffer[0]) {
1640 case GPCMD_TEST_UNIT_READY:
1641 if (bdrv_is_inserted(s->bs)) {
1642 ide_atapi_cmd_ok(s);
1643 } else {
1644 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1645 ASC_MEDIUM_NOT_PRESENT);
1646 }
1647 break;
1648 case GPCMD_MODE_SENSE_6:
1649 case GPCMD_MODE_SENSE_10:
1650 {
1651 int action, code;
1652 if (packet[0] == GPCMD_MODE_SENSE_10)
1653 max_len = ube16_to_cpu(packet + 7);
1654 else
1655 max_len = packet[4];
1656 action = packet[2] >> 6;
1657 code = packet[2] & 0x3f;
1658 switch(action) {
1659 case 0: /* current values */
1660 switch(code) {
1661 case 0x01: /* error recovery */
1662 cpu_to_ube16(&buf[0], 16 + 6);
1663 buf[2] = 0x70;
1664 buf[3] = 0;
1665 buf[4] = 0;
1666 buf[5] = 0;
1667 buf[6] = 0;
1668 buf[7] = 0;
1669
1670 buf[8] = 0x01;
1671 buf[9] = 0x06;
1672 buf[10] = 0x00;
1673 buf[11] = 0x05;
1674 buf[12] = 0x00;
1675 buf[13] = 0x00;
1676 buf[14] = 0x00;
1677 buf[15] = 0x00;
1678 ide_atapi_cmd_reply(s, 16, max_len);
1679 break;
1680 case 0x2a:
1681 cpu_to_ube16(&buf[0], 28 + 6);
1682 buf[2] = 0x70;
1683 buf[3] = 0;
1684 buf[4] = 0;
1685 buf[5] = 0;
1686 buf[6] = 0;
1687 buf[7] = 0;
1688
1689 buf[8] = 0x2a;
1690 buf[9] = 0x12;
1691 buf[10] = 0x00;
1692 buf[11] = 0x00;
1693
1694 /* Claim PLAY_AUDIO capability (0x01) since some Linux
1695 code checks for this to automount media. */
1696 buf[12] = 0x71;
1697 buf[13] = 3 << 5;
1698 buf[14] = (1 << 0) | (1 << 3) | (1 << 5);
1699 if (bdrv_is_locked(s->bs))
1700 buf[6] |= 1 << 1;
1701 buf[15] = 0x00;
1702 cpu_to_ube16(&buf[16], 706);
1703 buf[18] = 0;
1704 buf[19] = 2;
1705 cpu_to_ube16(&buf[20], 512);
1706 cpu_to_ube16(&buf[22], 706);
1707 buf[24] = 0;
1708 buf[25] = 0;
1709 buf[26] = 0;
1710 buf[27] = 0;
1711 ide_atapi_cmd_reply(s, 28, max_len);
1712 break;
1713 default:
1714 goto error_cmd;
1715 }
1716 break;
1717 case 1: /* changeable values */
1718 goto error_cmd;
1719 case 2: /* default values */
1720 goto error_cmd;
1721 default:
1722 case 3: /* saved values */
1723 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1724 ASC_SAVING_PARAMETERS_NOT_SUPPORTED);
1725 break;
1726 }
1727 }
1728 break;
1729 case GPCMD_REQUEST_SENSE:
1730 max_len = packet[4];
1731 memset(buf, 0, 18);
1732 buf[0] = 0x70 | (1 << 7);
1733 buf[2] = s->sense_key;
1734 buf[7] = 10;
1735 buf[12] = s->asc;
1736 if (s->sense_key == SENSE_UNIT_ATTENTION)
1737 s->sense_key = SENSE_NONE;
1738 ide_atapi_cmd_reply(s, 18, max_len);
1739 break;
1740 case GPCMD_PREVENT_ALLOW_MEDIUM_REMOVAL:
1741 if (bdrv_is_inserted(s->bs)) {
1742 bdrv_set_locked(s->bs, packet[4] & 1);
1743 ide_atapi_cmd_ok(s);
1744 } else {
1745 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1746 ASC_MEDIUM_NOT_PRESENT);
1747 }
1748 break;
1749 case GPCMD_READ_10:
1750 case GPCMD_READ_12:
1751 {
1752 int nb_sectors, lba;
1753
1754 if (packet[0] == GPCMD_READ_10)
1755 nb_sectors = ube16_to_cpu(packet + 7);
1756 else
1757 nb_sectors = ube32_to_cpu(packet + 6);
1758 lba = ube32_to_cpu(packet + 2);
1759 if (nb_sectors == 0) {
1760 ide_atapi_cmd_ok(s);
1761 break;
1762 }
1763 ide_atapi_cmd_read(s, lba, nb_sectors, 2048);
1764 }
1765 break;
1766 case GPCMD_READ_CD:
1767 {
1768 int nb_sectors, lba, transfer_request;
1769
1770 nb_sectors = (packet[6] << 16) | (packet[7] << 8) | packet[8];
1771 lba = ube32_to_cpu(packet + 2);
1772 if (nb_sectors == 0) {
1773 ide_atapi_cmd_ok(s);
1774 break;
1775 }
1776 transfer_request = packet[9];
1777 switch(transfer_request & 0xf8) {
1778 case 0x00:
1779 /* nothing */
1780 ide_atapi_cmd_ok(s);
1781 break;
1782 case 0x10:
1783 /* normal read */
1784 ide_atapi_cmd_read(s, lba, nb_sectors, 2048);
1785 break;
1786 case 0xf8:
1787 /* read all data */
1788 ide_atapi_cmd_read(s, lba, nb_sectors, 2352);
1789 break;
1790 default:
1791 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1792 ASC_INV_FIELD_IN_CMD_PACKET);
1793 break;
1794 }
1795 }
1796 break;
1797 case GPCMD_SEEK:
1798 {
1799 unsigned int lba;
1800 uint64_t total_sectors;
1801
1802 bdrv_get_geometry(s->bs, &total_sectors);
1803 total_sectors >>= 2;
1804 if (total_sectors == 0) {
1805 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1806 ASC_MEDIUM_NOT_PRESENT);
1807 break;
1808 }
1809 lba = ube32_to_cpu(packet + 2);
1810 if (lba >= total_sectors) {
1811 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1812 ASC_LOGICAL_BLOCK_OOR);
1813 break;
1814 }
1815 ide_atapi_cmd_ok(s);
1816 }
1817 break;
1818 case GPCMD_START_STOP_UNIT:
1819 {
1820 int start, eject;
1821 start = packet[4] & 1;
1822 eject = (packet[4] >> 1) & 1;
1823
1824 if (eject && !start) {
1825 /* eject the disk */
1826 bdrv_eject(s->bs, 1);
1827 } else if (eject && start) {
1828 /* close the tray */
1829 bdrv_eject(s->bs, 0);
1830 }
1831 ide_atapi_cmd_ok(s);
1832 }
1833 break;
1834 case GPCMD_MECHANISM_STATUS:
1835 {
1836 max_len = ube16_to_cpu(packet + 8);
1837 cpu_to_ube16(buf, 0);
1838 /* no current LBA */
1839 buf[2] = 0;
1840 buf[3] = 0;
1841 buf[4] = 0;
1842 buf[5] = 1;
1843 cpu_to_ube16(buf + 6, 0);
1844 ide_atapi_cmd_reply(s, 8, max_len);
1845 }
1846 break;
1847 case GPCMD_READ_TOC_PMA_ATIP:
1848 {
1849 int format, msf, start_track, len;
1850 uint64_t total_sectors;
1851
1852 bdrv_get_geometry(s->bs, &total_sectors);
1853 total_sectors >>= 2;
1854 if (total_sectors == 0) {
1855 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1856 ASC_MEDIUM_NOT_PRESENT);
1857 break;
1858 }
1859 max_len = ube16_to_cpu(packet + 7);
1860 format = packet[9] >> 6;
1861 msf = (packet[1] >> 1) & 1;
1862 start_track = packet[6];
1863 switch(format) {
1864 case 0:
1865 len = cdrom_read_toc(total_sectors, buf, msf, start_track);
1866 if (len < 0)
1867 goto error_cmd;
1868 ide_atapi_cmd_reply(s, len, max_len);
1869 break;
1870 case 1:
1871 /* multi session : only a single session defined */
1872 memset(buf, 0, 12);
1873 buf[1] = 0x0a;
1874 buf[2] = 0x01;
1875 buf[3] = 0x01;
1876 ide_atapi_cmd_reply(s, 12, max_len);
1877 break;
1878 case 2:
1879 len = cdrom_read_toc_raw(total_sectors, buf, msf, start_track);
1880 if (len < 0)
1881 goto error_cmd;
1882 ide_atapi_cmd_reply(s, len, max_len);
1883 break;
1884 default:
1885 error_cmd:
1886 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1887 ASC_INV_FIELD_IN_CMD_PACKET);
1888 break;
1889 }
1890 }
1891 break;
1892 case GPCMD_READ_CDVD_CAPACITY:
1893 {
1894 uint64_t total_sectors;
1895
1896 bdrv_get_geometry(s->bs, &total_sectors);
1897 total_sectors >>= 2;
1898 if (total_sectors == 0) {
1899 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1900 ASC_MEDIUM_NOT_PRESENT);
1901 break;
1902 }
1903 /* NOTE: it is really the number of sectors minus 1 */
1904 cpu_to_ube32(buf, total_sectors - 1);
1905 cpu_to_ube32(buf + 4, 2048);
1906 ide_atapi_cmd_reply(s, 8, 8);
1907 }
1908 break;
1909 case GPCMD_READ_DVD_STRUCTURE:
1910 {
1911 int media = packet[1];
1912 int format = packet[7];
1913 int ret;
1914
1915 max_len = ube16_to_cpu(packet + 8);
1916
1917 if (format < 0xff) {
1918 if (media_is_cd(s)) {
1919 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1920 ASC_INCOMPATIBLE_FORMAT);
1921 break;
1922 } else if (!media_present(s)) {
1923 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1924 ASC_INV_FIELD_IN_CMD_PACKET);
1925 break;
1926 }
1927 }
1928
1929 memset(buf, 0, max_len > IDE_DMA_BUF_SECTORS * 512 + 4 ?
1930 IDE_DMA_BUF_SECTORS * 512 + 4 : max_len);
1931
1932 switch (format) {
1933 case 0x00 ... 0x7f:
1934 case 0xff:
1935 if (media == 0) {
1936 ret = ide_dvd_read_structure(s, format, packet, buf);
1937
1938 if (ret < 0)
1939 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST, -ret);
1940 else
1941 ide_atapi_cmd_reply(s, ret, max_len);
1942
1943 break;
1944 }
1945 /* TODO: BD support, fall through for now */
1946
1947 /* Generic disk structures */
1948 case 0x80: /* TODO: AACS volume identifier */
1949 case 0x81: /* TODO: AACS media serial number */
1950 case 0x82: /* TODO: AACS media identifier */
1951 case 0x83: /* TODO: AACS media key block */
1952 case 0x90: /* TODO: List of recognized format layers */
1953 case 0xc0: /* TODO: Write protection status */
1954 default:
1955 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1956 ASC_INV_FIELD_IN_CMD_PACKET);
1957 break;
1958 }
1959 }
1960 break;
1961 case GPCMD_SET_SPEED:
1962 ide_atapi_cmd_ok(s);
1963 break;
1964 case GPCMD_INQUIRY:
1965 max_len = packet[4];
1966 buf[0] = 0x05; /* CD-ROM */
1967 buf[1] = 0x80; /* removable */
1968 buf[2] = 0x00; /* ISO */
1969 buf[3] = 0x21; /* ATAPI-2 (XXX: put ATAPI-4 ?) */
1970 buf[4] = 31; /* additional length */
1971 buf[5] = 0; /* reserved */
1972 buf[6] = 0; /* reserved */
1973 buf[7] = 0; /* reserved */
1974 padstr8(buf + 8, 8, "QEMU");
1975 padstr8(buf + 16, 16, "QEMU DVD-ROM");
1976 padstr8(buf + 32, 4, QEMU_VERSION);
1977 ide_atapi_cmd_reply(s, 36, max_len);
1978 break;
1979 case GPCMD_GET_CONFIGURATION:
1980 {
1981 uint32_t len;
1982 uint8_t index = 0;
1983
1984 /* only feature 0 is supported */
1985 if (packet[2] != 0 || packet[3] != 0) {
1986 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1987 ASC_INV_FIELD_IN_CMD_PACKET);
1988 break;
1989 }
1990
1991 /* XXX: could result in alignment problems in some architectures */
1992 max_len = ube16_to_cpu(packet + 7);
1993
1994 /*
1995 * XXX: avoid overflow for io_buffer if max_len is bigger than
1996 * the size of that buffer (dimensioned to max number of
1997 * sectors to transfer at once)
1998 *
1999 * Only a problem if the feature/profiles grow.
2000 */
2001 if (max_len > 512) /* XXX: assume 1 sector */
2002 max_len = 512;
2003
2004 memset(buf, 0, max_len);
2005 /*
2006 * the number of sectors from the media tells us which profile
2007 * to use as current. 0 means there is no media
2008 */
2009 if (media_is_dvd(s))
2010 cpu_to_ube16(buf + 6, MMC_PROFILE_DVD_ROM);
2011 else if (media_is_cd(s))
2012 cpu_to_ube16(buf + 6, MMC_PROFILE_CD_ROM);
2013
2014 buf[10] = 0x02 | 0x01; /* persistent and current */
2015 len = 12; /* headers: 8 + 4 */
2016 len += ide_atapi_set_profile(buf, &index, MMC_PROFILE_DVD_ROM);
2017 len += ide_atapi_set_profile(buf, &index, MMC_PROFILE_CD_ROM);
2018 cpu_to_ube32(buf, len - 4); /* data length */
2019
2020 ide_atapi_cmd_reply(s, len, max_len);
2021 break;
2022 }
2023 default:
2024 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
2025 ASC_ILLEGAL_OPCODE);
2026 break;
2027 }
2028 }
2029
2030 static void ide_cfata_metadata_inquiry(IDEState *s)
2031 {
2032 uint16_t *p;
2033 uint32_t spd;
2034
2035 p = (uint16_t *) s->io_buffer;
2036 memset(p, 0, 0x200);
2037 spd = ((s->mdata_size - 1) >> 9) + 1;
2038
2039 put_le16(p + 0, 0x0001); /* Data format revision */
2040 put_le16(p + 1, 0x0000); /* Media property: silicon */
2041 put_le16(p + 2, s->media_changed); /* Media status */
2042 put_le16(p + 3, s->mdata_size & 0xffff); /* Capacity in bytes (low) */
2043 put_le16(p + 4, s->mdata_size >> 16); /* Capacity in bytes (high) */
2044 put_le16(p + 5, spd & 0xffff); /* Sectors per device (low) */
2045 put_le16(p + 6, spd >> 16); /* Sectors per device (high) */
2046 }
2047
2048 static void ide_cfata_metadata_read(IDEState *s)
2049 {
2050 uint16_t *p;
2051
2052 if (((s->hcyl << 16) | s->lcyl) << 9 > s->mdata_size + 2) {
2053 s->status = ERR_STAT;
2054 s->error = ABRT_ERR;
2055 return;
2056 }
2057
2058 p = (uint16_t *) s->io_buffer;
2059 memset(p, 0, 0x200);
2060
2061 put_le16(p + 0, s->media_changed); /* Media status */
2062 memcpy(p + 1, s->mdata_storage + (((s->hcyl << 16) | s->lcyl) << 9),
2063 MIN(MIN(s->mdata_size - (((s->hcyl << 16) | s->lcyl) << 9),
2064 s->nsector << 9), 0x200 - 2));
2065 }
2066
2067 static void ide_cfata_metadata_write(IDEState *s)
2068 {
2069 if (((s->hcyl << 16) | s->lcyl) << 9 > s->mdata_size + 2) {
2070 s->status = ERR_STAT;
2071 s->error = ABRT_ERR;
2072 return;
2073 }
2074
2075 s->media_changed = 0;
2076
2077 memcpy(s->mdata_storage + (((s->hcyl << 16) | s->lcyl) << 9),
2078 s->io_buffer + 2,
2079 MIN(MIN(s->mdata_size - (((s->hcyl << 16) | s->lcyl) << 9),
2080 s->nsector << 9), 0x200 - 2));
2081 }
2082
2083 /* called when the inserted state of the media has changed */
2084 static void cdrom_change_cb(void *opaque)
2085 {
2086 IDEState *s = opaque;
2087 uint64_t nb_sectors;
2088
2089 bdrv_get_geometry(s->bs, &nb_sectors);
2090 s->nb_sectors = nb_sectors;
2091
2092 s->sense_key = SENSE_UNIT_ATTENTION;
2093 s->asc = ASC_MEDIUM_MAY_HAVE_CHANGED;
2094
2095 ide_set_irq(s);
2096 }
2097
2098 static void ide_cmd_lba48_transform(IDEState *s, int lba48)
2099 {
2100 s->lba48 = lba48;
2101
2102 /* handle the 'magic' 0 nsector count conversion here. to avoid
2103 * fiddling with the rest of the read logic, we just store the
2104 * full sector count in ->nsector and ignore ->hob_nsector from now
2105 */
2106 if (!s->lba48) {
2107 if (!s->nsector)
2108 s->nsector = 256;
2109 } else {
2110 if (!s->nsector && !s->hob_nsector)
2111 s->nsector = 65536;
2112 else {
2113 int lo = s->nsector;
2114 int hi = s->hob_nsector;
2115
2116 s->nsector = (hi << 8) | lo;
2117 }
2118 }
2119 }
2120
2121 static void ide_clear_hob(IDEState *ide_if)
2122 {
2123 /* any write clears HOB high bit of device control register */
2124 ide_if[0].select &= ~(1 << 7);
2125 ide_if[1].select &= ~(1 << 7);
2126 }
2127
2128 static void ide_ioport_write(void *opaque, uint32_t addr, uint32_t val)
2129 {
2130 IDEState *ide_if = opaque;
2131 IDEState *s;
2132 int unit, n;
2133 int lba48 = 0;
2134
2135 #ifdef DEBUG_IDE
2136 printf("IDE: write addr=0x%x val=0x%02x\n", addr, val);
2137 #endif
2138
2139 addr &= 7;
2140
2141 /* ignore writes to command block while busy with previous command */
2142 if (addr != 7 && (ide_if->cur_drive->status & (BUSY_STAT|DRQ_STAT)))
2143 return;
2144
2145 switch(addr) {
2146 case 0:
2147 break;
2148 case 1:
2149 ide_clear_hob(ide_if);
2150 /* NOTE: data is written to the two drives */
2151 ide_if[0].hob_feature = ide_if[0].feature;
2152 ide_if[1].hob_feature = ide_if[1].feature;
2153 ide_if[0].feature = val;
2154 ide_if[1].feature = val;
2155 break;
2156 case 2:
2157 ide_clear_hob(ide_if);
2158 ide_if[0].hob_nsector = ide_if[0].nsector;
2159 ide_if[1].hob_nsector = ide_if[1].nsector;
2160 ide_if[0].nsector = val;
2161 ide_if[1].nsector = val;
2162 break;
2163 case 3:
2164 ide_clear_hob(ide_if);
2165 ide_if[0].hob_sector = ide_if[0].sector;
2166 ide_if[1].hob_sector = ide_if[1].sector;
2167 ide_if[0].sector = val;
2168 ide_if[1].sector = val;
2169 break;
2170 case 4:
2171 ide_clear_hob(ide_if);
2172 ide_if[0].hob_lcyl = ide_if[0].lcyl;
2173 ide_if[1].hob_lcyl = ide_if[1].lcyl;
2174 ide_if[0].lcyl = val;
2175 ide_if[1].lcyl = val;
2176 break;
2177 case 5:
2178 ide_clear_hob(ide_if);
2179 ide_if[0].hob_hcyl = ide_if[0].hcyl;
2180 ide_if[1].hob_hcyl = ide_if[1].hcyl;
2181 ide_if[0].hcyl = val;
2182 ide_if[1].hcyl = val;
2183 break;
2184 case 6:
2185 /* FIXME: HOB readback uses bit 7 */
2186 ide_if[0].select = (val & ~0x10) | 0xa0;
2187 ide_if[1].select = (val | 0x10) | 0xa0;
2188 /* select drive */
2189 unit = (val >> 4) & 1;
2190 s = ide_if + unit;
2191 ide_if->cur_drive = s;
2192 break;
2193 default:
2194 case 7:
2195 /* command */
2196 #if defined(DEBUG_IDE)
2197 printf("ide: CMD=%02x\n", val);
2198 #endif
2199 s = ide_if->cur_drive;
2200 /* ignore commands to non existant slave */
2201 if (s != ide_if && !s->bs)
2202 break;
2203
2204 /* Only DEVICE RESET is allowed while BSY or/and DRQ are set */
2205 if ((s->status & (BUSY_STAT|DRQ_STAT)) && val != WIN_DEVICE_RESET)
2206 break;
2207
2208 switch(val) {
2209 case WIN_IDENTIFY:
2210 if (s->bs && !s->is_cdrom) {
2211 if (!s->is_cf)
2212 ide_identify(s);
2213 else
2214 ide_cfata_identify(s);
2215 s->status = READY_STAT | SEEK_STAT;
2216 ide_transfer_start(s, s->io_buffer, 512, ide_transfer_stop);
2217 } else {
2218 if (s->is_cdrom) {
2219 ide_set_signature(s);
2220 }
2221 ide_abort_command(s);
2222 }
2223 ide_set_irq(s);
2224 break;
2225 case WIN_SPECIFY:
2226 case WIN_RECAL:
2227 s->error = 0;
2228 s->status = READY_STAT | SEEK_STAT;
2229 ide_set_irq(s);
2230 break;
2231 case WIN_SETMULT:
2232 if (s->is_cf && s->nsector == 0) {
2233 /* Disable Read and Write Multiple */
2234 s->mult_sectors = 0;
2235 s->status = READY_STAT | SEEK_STAT;
2236 } else if ((s->nsector & 0xff) != 0 &&
2237 ((s->nsector & 0xff) > MAX_MULT_SECTORS ||
2238 (s->nsector & (s->nsector - 1)) != 0)) {
2239 ide_abort_command(s);
2240 } else {
2241 s->mult_sectors = s->nsector & 0xff;
2242 s->status = READY_STAT | SEEK_STAT;
2243 }
2244 ide_set_irq(s);
2245 break;
2246 case WIN_VERIFY_EXT:
2247 lba48 = 1;
2248 case WIN_VERIFY:
2249 case WIN_VERIFY_ONCE:
2250 /* do sector number check ? */
2251 ide_cmd_lba48_transform(s, lba48);
2252 s->status = READY_STAT | SEEK_STAT;
2253 ide_set_irq(s);
2254 break;
2255 case WIN_READ_EXT:
2256 lba48 = 1;
2257 case WIN_READ:
2258 case WIN_READ_ONCE:
2259 if (!s->bs)
2260 goto abort_cmd;
2261 ide_cmd_lba48_transform(s, lba48);
2262 s->req_nb_sectors = 1;
2263 ide_sector_read(s);
2264 break;
2265 case WIN_WRITE_EXT:
2266 lba48 = 1;
2267 case WIN_WRITE:
2268 case WIN_WRITE_ONCE:
2269 case CFA_WRITE_SECT_WO_ERASE:
2270 case WIN_WRITE_VERIFY:
2271 ide_cmd_lba48_transform(s, lba48);
2272 s->error = 0;
2273 s->status = SEEK_STAT | READY_STAT;
2274 s->req_nb_sectors = 1;
2275 ide_transfer_start(s, s->io_buffer, 512, ide_sector_write);
2276 s->media_changed = 1;
2277 break;
2278 case WIN_MULTREAD_EXT:
2279 lba48 = 1;
2280 case WIN_MULTREAD:
2281 if (!s->mult_sectors)
2282 goto abort_cmd;
2283 ide_cmd_lba48_transform(s, lba48);
2284 s->req_nb_sectors = s->mult_sectors;
2285 ide_sector_read(s);
2286 break;
2287 case WIN_MULTWRITE_EXT:
2288 lba48 = 1;
2289 case WIN_MULTWRITE:
2290 case CFA_WRITE_MULTI_WO_ERASE:
2291 if (!s->mult_sectors)
2292 goto abort_cmd;
2293 ide_cmd_lba48_transform(s, lba48);
2294 s->error = 0;
2295 s->status = SEEK_STAT | READY_STAT;
2296 s->req_nb_sectors = s->mult_sectors;
2297 n = s->nsector;
2298 if (n > s->req_nb_sectors)
2299 n = s->req_nb_sectors;
2300 ide_transfer_start(s, s->io_buffer, 512 * n, ide_sector_write);
2301 s->media_changed = 1;
2302 break;
2303 case WIN_READDMA_EXT:
2304 lba48 = 1;
2305 case WIN_READDMA:
2306 case WIN_READDMA_ONCE:
2307 if (!s->bs)
2308 goto abort_cmd;
2309 ide_cmd_lba48_transform(s, lba48);
2310 ide_sector_read_dma(s);
2311 break;
2312 case WIN_WRITEDMA_EXT:
2313 lba48 = 1;
2314 case WIN_WRITEDMA:
2315 case WIN_WRITEDMA_ONCE:
2316 if (!s->bs)
2317 goto abort_cmd;
2318 ide_cmd_lba48_transform(s, lba48);
2319 ide_sector_write_dma(s);
2320 s->media_changed = 1;
2321 break;
2322 case WIN_READ_NATIVE_MAX_EXT:
2323 lba48 = 1;
2324 case WIN_READ_NATIVE_MAX:
2325 ide_cmd_lba48_transform(s, lba48);
2326 ide_set_sector(s, s->nb_sectors - 1);
2327 s->status = READY_STAT | SEEK_STAT;
2328 ide_set_irq(s);
2329 break;
2330 case WIN_CHECKPOWERMODE1:
2331 case WIN_CHECKPOWERMODE2:
2332 s->nsector = 0xff; /* device active or idle */
2333 s->status = READY_STAT | SEEK_STAT;
2334 ide_set_irq(s);
2335 break;
2336 case WIN_SETFEATURES:
2337 if (!s->bs)
2338 goto abort_cmd;
2339 /* XXX: valid for CDROM ? */
2340 switch(s->feature) {
2341 case 0xcc: /* reverting to power-on defaults enable */
2342 case 0x66: /* reverting to power-on defaults disable */
2343 case 0x02: /* write cache enable */
2344 case 0x82: /* write cache disable */
2345 case 0xaa: /* read look-ahead enable */
2346 case 0x55: /* read look-ahead disable */
2347 case 0x05: /* set advanced power management mode */
2348 case 0x85: /* disable advanced power management mode */
2349 case 0x69: /* NOP */
2350 case 0x67: /* NOP */
2351 case 0x96: /* NOP */
2352 case 0x9a: /* NOP */
2353 case 0x42: /* enable Automatic Acoustic Mode */
2354 case 0xc2: /* disable Automatic Acoustic Mode */
2355 s->status = READY_STAT | SEEK_STAT;
2356 ide_set_irq(s);
2357 break;
2358 case 0x03: { /* set transfer mode */
2359 uint8_t val = s->nsector & 0x07;
2360
2361 switch (s->nsector >> 3) {
2362 case 0x00: /* pio default */
2363 case 0x01: /* pio mode */
2364 put_le16(s->identify_data + 62,0x07);
2365 put_le16(s->identify_data + 63,0x07);
2366 put_le16(s->identify_data + 88,0x3f);
2367 break;
2368 case 0x02: /* sigle word dma mode*/
2369 put_le16(s->identify_data + 62,0x07 | (1 << (val + 8)));
2370 put_le16(s->identify_data + 63,0x07);
2371 put_le16(s->identify_data + 88,0x3f);
2372 break;
2373 case 0x04: /* mdma mode */
2374 put_le16(s->identify_data + 62,0x07);
2375 put_le16(s->identify_data + 63,0x07 | (1 << (val + 8)));
2376 put_le16(s->identify_data + 88,0x3f);
2377 break;
2378 case 0x08: /* udma mode */
2379 put_le16(s->identify_data + 62,0x07);
2380 put_le16(s->identify_data + 63,0x07);
2381 put_le16(s->identify_data + 88,0x3f | (1 << (val + 8)));
2382 break;
2383 default:
2384 goto abort_cmd;
2385 }
2386 s->status = READY_STAT | SEEK_STAT;
2387 ide_set_irq(s);
2388 break;
2389 }
2390 default:
2391 goto abort_cmd;
2392 }
2393 break;
2394 case WIN_FLUSH_CACHE:
2395 case WIN_FLUSH_CACHE_EXT:
2396 if (s->bs)
2397 bdrv_flush(s->bs);
2398 s->status = READY_STAT | SEEK_STAT;
2399 ide_set_irq(s);
2400 break;
2401 case WIN_STANDBY:
2402 case WIN_STANDBY2:
2403 case WIN_STANDBYNOW1:
2404 case WIN_STANDBYNOW2:
2405 case WIN_IDLEIMMEDIATE:
2406 case CFA_IDLEIMMEDIATE:
2407 case WIN_SETIDLE1:
2408 case WIN_SETIDLE2:
2409 case WIN_SLEEPNOW1:
2410 case WIN_SLEEPNOW2:
2411 s->status = READY_STAT;
2412 ide_set_irq(s);
2413 break;
2414 case WIN_SEEK:
2415 if(s->is_cdrom)
2416 goto abort_cmd;
2417 /* XXX: Check that seek is within bounds */
2418 s->status = READY_STAT | SEEK_STAT;
2419 ide_set_irq(s);
2420 break;
2421 /* ATAPI commands */
2422 case WIN_PIDENTIFY:
2423 if (s->is_cdrom) {
2424 ide_atapi_identify(s);
2425 s->status = READY_STAT | SEEK_STAT;
2426 ide_transfer_start(s, s->io_buffer, 512, ide_transfer_stop);
2427 } else {
2428 ide_abort_command(s);
2429 }
2430 ide_set_irq(s);
2431 break;
2432 case WIN_DIAGNOSE:
2433 ide_set_signature(s);
2434 if (s->is_cdrom)
2435 s->status = 0; /* ATAPI spec (v6) section 9.10 defines packet
2436 * devices to return a clear status register
2437 * with READY_STAT *not* set. */
2438 else
2439 s->status = READY_STAT | SEEK_STAT;
2440 s->error = 0x01; /* Device 0 passed, Device 1 passed or not
2441 * present.
2442 */
2443 ide_set_irq(s);
2444 break;
2445 case WIN_SRST:
2446 if (!s->is_cdrom)
2447 goto abort_cmd;
2448 ide_set_signature(s);
2449 s->status = 0x00; /* NOTE: READY is _not_ set */
2450 s->error = 0x01;
2451 break;
2452 case WIN_PACKETCMD:
2453 if (!s->is_cdrom)
2454 goto abort_cmd;
2455 /* overlapping commands not supported */
2456 if (s->feature & 0x02)
2457 goto abort_cmd;
2458 s->status = READY_STAT | SEEK_STAT;
2459 s->atapi_dma = s->feature & 1;
2460 s->nsector = 1;
2461 ide_transfer_start(s, s->io_buffer, ATAPI_PACKET_SIZE,
2462 ide_atapi_cmd);
2463 break;
2464 /* CF-ATA commands */
2465 case CFA_REQ_EXT_ERROR_CODE:
2466 if (!s->is_cf)
2467 goto abort_cmd;
2468 s->error = 0x09; /* miscellaneous error */
2469 s->status = READY_STAT | SEEK_STAT;
2470 ide_set_irq(s);
2471 break;
2472 case CFA_ERASE_SECTORS:
2473 case CFA_WEAR_LEVEL:
2474 if (!s->is_cf)
2475 goto abort_cmd;
2476 if (val == CFA_WEAR_LEVEL)
2477 s->nsector = 0;
2478 if (val == CFA_ERASE_SECTORS)
2479 s->media_changed = 1;
2480 s->error = 0x00;
2481 s->status = READY_STAT | SEEK_STAT;
2482 ide_set_irq(s);
2483 break;
2484 case CFA_TRANSLATE_SECTOR:
2485 if (!s->is_cf)
2486 goto abort_cmd;
2487 s->error = 0x00;
2488 s->status = READY_STAT | SEEK_STAT;
2489 memset(s->io_buffer, 0, 0x200);
2490 s->io_buffer[0x00] = s->hcyl; /* Cyl MSB */
2491 s->io_buffer[0x01] = s->lcyl; /* Cyl LSB */
2492 s->io_buffer[0x02] = s->select; /* Head */
2493 s->io_buffer[0x03] = s->sector; /* Sector */
2494 s->io_buffer[0x04] = ide_get_sector(s) >> 16; /* LBA MSB */
2495 s->io_buffer[0x05] = ide_get_sector(s) >> 8; /* LBA */
2496 s->io_buffer[0x06] = ide_get_sector(s) >> 0; /* LBA LSB */
2497 s->io_buffer[0x13] = 0x00; /* Erase flag */
2498 s->io_buffer[0x18] = 0x00; /* Hot count */
2499 s->io_buffer[0x19] = 0x00; /* Hot count */
2500 s->io_buffer[0x1a] = 0x01; /* Hot count */
2501 ide_transfer_start(s, s->io_buffer, 0x200, ide_transfer_stop);
2502 ide_set_irq(s);
2503 break;
2504 case CFA_ACCESS_METADATA_STORAGE:
2505 if (!s->is_cf)
2506 goto abort_cmd;
2507 switch (s->feature) {
2508 case 0x02: /* Inquiry Metadata Storage */
2509 ide_cfata_metadata_inquiry(s);
2510 break;
2511 case 0x03: /* Read Metadata Storage */
2512 ide_cfata_metadata_read(s);
2513 break;
2514 case 0x04: /* Write Metadata Storage */
2515 ide_cfata_metadata_write(s);
2516 break;
2517 default:
2518 goto abort_cmd;
2519 }
2520 ide_transfer_start(s, s->io_buffer, 0x200, ide_transfer_stop);
2521 s->status = 0x00; /* NOTE: READY is _not_ set */
2522 ide_set_irq(s);
2523 break;
2524 case IBM_SENSE_CONDITION:
2525 if (!s->is_cf)
2526 goto abort_cmd;
2527 switch (s->feature) {
2528 case 0x01: /* sense temperature in device */
2529 s->nsector = 0x50; /* +20 C */
2530 break;
2531 default:
2532 goto abort_cmd;
2533 }
2534 s->status = READY_STAT | SEEK_STAT;
2535 ide_set_irq(s);
2536 break;
2537 default:
2538 abort_cmd:
2539 ide_abort_command(s);
2540 ide_set_irq(s);
2541 break;
2542 }
2543 }
2544 }
2545
2546 static uint32_t ide_ioport_read(void *opaque, uint32_t addr1)
2547 {
2548 IDEState *ide_if = opaque;
2549 IDEState *s = ide_if->cur_drive;
2550 uint32_t addr;
2551 int ret, hob;
2552
2553 addr = addr1 & 7;
2554 /* FIXME: HOB readback uses bit 7, but it's always set right now */
2555 //hob = s->select & (1 << 7);
2556 hob = 0;
2557 switch(addr) {
2558 case 0:
2559 ret = 0xff;
2560 break;
2561 case 1:
2562 if ((!ide_if[0].bs && !ide_if[1].bs) ||
2563 (s != ide_if && !s->bs))
2564 ret = 0;
2565 else if (!hob)
2566 ret = s->error;
2567 else
2568 ret = s->hob_feature;
2569 break;
2570 case 2:
2571 if (!ide_if[0].bs && !ide_if[1].bs)
2572 ret = 0;
2573 else if (!hob)
2574 ret = s->nsector & 0xff;
2575 else
2576 ret = s->hob_nsector;
2577 break;
2578 case 3:
2579 if (!ide_if[0].bs && !ide_if[1].bs)
2580 ret = 0;
2581 else if (!hob)
2582 ret = s->sector;
2583 else
2584 ret = s->hob_sector;
2585 break;
2586 case 4:
2587 if (!ide_if[0].bs && !ide_if[1].bs)
2588 ret = 0;
2589 else if (!hob)
2590 ret = s->lcyl;
2591 else
2592 ret = s->hob_lcyl;
2593 break;
2594 case 5:
2595 if (!ide_if[0].bs && !ide_if[1].bs)
2596 ret = 0;
2597 else if (!hob)
2598 ret = s->hcyl;
2599 else
2600 ret = s->hob_hcyl;
2601 break;
2602 case 6:
2603 if (!ide_if[0].bs && !ide_if[1].bs)
2604 ret = 0;
2605 else
2606 ret = s->select;
2607 break;
2608 default:
2609 case 7:
2610 if ((!ide_if[0].bs && !ide_if[1].bs) ||
2611 (s != ide_if && !s->bs))
2612 ret = 0;
2613 else
2614 ret = s->status;
2615 qemu_irq_lower(s->irq);
2616 break;
2617 }
2618 #ifdef DEBUG_IDE
2619 printf("ide: read addr=0x%x val=%02x\n", addr1, ret);
2620 #endif
2621 return ret;
2622 }
2623
2624 static uint32_t ide_status_read(void *opaque, uint32_t addr)
2625 {
2626 IDEState *ide_if = opaque;
2627 IDEState *s = ide_if->cur_drive;
2628 int ret;
2629
2630 if ((!ide_if[0].bs && !ide_if[1].bs) ||
2631 (s != ide_if && !s->bs))
2632 ret = 0;
2633 else
2634 ret = s->status;
2635 #ifdef DEBUG_IDE
2636 printf("ide: read status addr=0x%x val=%02x\n", addr, ret);
2637 #endif
2638 return ret;
2639 }
2640
2641 static void ide_cmd_write(void *opaque, uint32_t addr, uint32_t val)
2642 {
2643 IDEState *ide_if = opaque;
2644 IDEState *s;
2645 int i;
2646
2647 #ifdef DEBUG_IDE
2648 printf("ide: write control addr=0x%x val=%02x\n", addr, val);
2649 #endif
2650 /* common for both drives */
2651 if (!(ide_if[0].cmd & IDE_CMD_RESET) &&
2652 (val & IDE_CMD_RESET)) {
2653 /* reset low to high */
2654 for(i = 0;i < 2; i++) {
2655 s = &ide_if[i];
2656 s->status = BUSY_STAT | SEEK_STAT;
2657 s->error = 0x01;
2658 }
2659 } else if ((ide_if[0].cmd & IDE_CMD_RESET) &&
2660 !(val & IDE_CMD_RESET)) {
2661 /* high to low */
2662 for(i = 0;i < 2; i++) {
2663 s = &ide_if[i];
2664 if (s->is_cdrom)
2665 s->status = 0x00; /* NOTE: READY is _not_ set */
2666 else
2667 s->status = READY_STAT | SEEK_STAT;
2668 ide_set_signature(s);
2669 }
2670 }
2671
2672 ide_if[0].cmd = val;
2673 ide_if[1].cmd = val;
2674 }
2675
2676 static void ide_data_writew(void *opaque, uint32_t addr, uint32_t val)
2677 {
2678 IDEState *s = ((IDEState *)opaque)->cur_drive;
2679 uint8_t *p;
2680
2681 /* PIO data access allowed only when DRQ bit is set */
2682 if (!(s->status & DRQ_STAT))
2683 return;
2684
2685 p = s->data_ptr;
2686 *(uint16_t *)p = le16_to_cpu(val);
2687 p += 2;
2688 s->data_ptr = p;
2689 if (p >= s->data_end)
2690 s->end_transfer_func(s);
2691 }
2692
2693 static uint32_t ide_data_readw(void *opaque, uint32_t addr)
2694 {
2695 IDEState *s = ((IDEState *)opaque)->cur_drive;
2696 uint8_t *p;
2697 int ret;
2698
2699 /* PIO data access allowed only when DRQ bit is set */
2700 if (!(s->status & DRQ_STAT))
2701 return 0;
2702
2703 p = s->data_ptr;
2704 ret = cpu_to_le16(*(uint16_t *)p);
2705 p += 2;
2706 s->data_ptr = p;
2707 if (p >= s->data_end)
2708 s->end_transfer_func(s);
2709 return ret;
2710 }
2711
2712 static void ide_data_writel(void *opaque, uint32_t addr, uint32_t val)
2713 {
2714 IDEState *s = ((IDEState *)opaque)->cur_drive;
2715 uint8_t *p;
2716
2717 /* PIO data access allowed only when DRQ bit is set */
2718 if (!(s->status & DRQ_STAT))
2719 return;
2720
2721 p = s->data_ptr;
2722 *(uint32_t *)p = le32_to_cpu(val);
2723 p += 4;
2724 s->data_ptr = p;
2725 if (p >= s->data_end)
2726 s->end_transfer_func(s);
2727 }
2728
2729 static uint32_t ide_data_readl(void *opaque, uint32_t addr)
2730 {
2731 IDEState *s = ((IDEState *)opaque)->cur_drive;
2732 uint8_t *p;
2733 int ret;
2734
2735 /* PIO data access allowed only when DRQ bit is set */
2736 if (!(s->status & DRQ_STAT))
2737 return 0;
2738
2739 p = s->data_ptr;
2740 ret = cpu_to_le32(*(uint32_t *)p);
2741 p += 4;
2742 s->data_ptr = p;
2743 if (p >= s->data_end)
2744 s->end_transfer_func(s);
2745 return ret;
2746 }
2747
2748 static void ide_dummy_transfer_stop(IDEState *s)
2749 {
2750 s->data_ptr = s->io_buffer;
2751 s->data_end = s->io_buffer;
2752 s->io_buffer[0] = 0xff;
2753 s->io_buffer[1] = 0xff;
2754 s->io_buffer[2] = 0xff;
2755 s->io_buffer[3] = 0xff;
2756 }
2757
2758 static void ide_reset(IDEState *s)
2759 {
2760 if (s->is_cf)
2761 s->mult_sectors = 0;
2762 else
2763 s->mult_sectors = MAX_MULT_SECTORS;
2764 s->cur_drive = s;
2765 s->select = 0xa0;
2766 s->status = READY_STAT | SEEK_STAT;
2767 ide_set_signature(s);
2768 /* init the transfer handler so that 0xffff is returned on data
2769 accesses */
2770 s->end_transfer_func = ide_dummy_transfer_stop;
2771 ide_dummy_transfer_stop(s);
2772 s->media_changed = 0;
2773 }
2774
2775 static void ide_init2(IDEState *ide_state,
2776 BlockDriverState *hd0, BlockDriverState *hd1,
2777 qemu_irq irq)
2778 {
2779 IDEState *s;
2780 static int drive_serial = 1;
2781 int i, cylinders, heads, secs;
2782 uint64_t nb_sectors;
2783
2784 for(i = 0; i < 2; i++) {
2785 s = ide_state + i;
2786 s->io_buffer = qemu_memalign(512, IDE_DMA_BUF_SECTORS*512 + 4);
2787 if (i == 0)
2788 s->bs = hd0;
2789 else
2790 s->bs = hd1;
2791 if (s->bs) {
2792 bdrv_get_geometry(s->bs, &nb_sectors);
2793 bdrv_guess_geometry(s->bs, &cylinders, &heads, &secs);
2794 s->cylinders = cylinders;
2795 s->heads = heads;
2796 s->sectors = secs;
2797 s->nb_sectors = nb_sectors;
2798
2799 if (bdrv_get_type_hint(s->bs) == BDRV_TYPE_CDROM) {
2800 s->is_cdrom = 1;
2801 bdrv_set_change_cb(s->bs, cdrom_change_cb, s);
2802 }
2803 }
2804 s->drive_serial = drive_serial++;
2805 strncpy(s->drive_serial_str, drive_get_serial(s->bs),
2806 sizeof(s->drive_serial_str));
2807 if (strlen(s->drive_serial_str) == 0)
2808 snprintf(s->drive_serial_str, sizeof(s->drive_serial_str),
2809 "QM%05d", s->drive_serial);
2810 s->irq = irq;
2811 s->sector_write_timer = qemu_new_timer(vm_clock,
2812 ide_sector_write_timer_cb, s);
2813 ide_reset(s);
2814 }
2815 }
2816
2817 static void ide_init_ioport(IDEState *ide_state, int iobase, int iobase2)
2818 {
2819 register_ioport_write(iobase, 8, 1, ide_ioport_write, ide_state);
2820 register_ioport_read(iobase, 8, 1, ide_ioport_read, ide_state);
2821 if (iobase2) {
2822 register_ioport_read(iobase2, 1, 1, ide_status_read, ide_state);
2823 register_ioport_write(iobase2, 1, 1, ide_cmd_write, ide_state);
2824 }
2825
2826 /* data ports */
2827 register_ioport_write(iobase, 2, 2, ide_data_writew, ide_state);
2828 register_ioport_read(iobase, 2, 2, ide_data_readw, ide_state);
2829 register_ioport_write(iobase, 4, 4, ide_data_writel, ide_state);
2830 register_ioport_read(iobase, 4, 4, ide_data_readl, ide_state);
2831 }
2832
2833 /* save per IDE drive data */
2834 static void ide_save(QEMUFile* f, IDEState *s)
2835 {
2836 qemu_put_be32(f, s->mult_sectors);
2837 qemu_put_be32(f, s->identify_set);
2838 if (s->identify_set) {
2839 qemu_put_buffer(f, (const uint8_t *)s->identify_data, 512);
2840 }
2841 qemu_put_8s(f, &s->feature);
2842 qemu_put_8s(f, &s->error);
2843 qemu_put_be32s(f, &s->nsector);
2844 qemu_put_8s(f, &s->sector);
2845 qemu_put_8s(f, &s->lcyl);
2846 qemu_put_8s(f, &s->hcyl);
2847 qemu_put_8s(f, &s->hob_feature);
2848 qemu_put_8s(f, &s->hob_nsector);
2849 qemu_put_8s(f, &s->hob_sector);
2850 qemu_put_8s(f, &s->hob_lcyl);
2851 qemu_put_8s(f, &s->hob_hcyl);
2852 qemu_put_8s(f, &s->select);
2853 qemu_put_8s(f, &s->status);
2854 qemu_put_8s(f, &s->lba48);
2855
2856 qemu_put_8s(f, &s->sense_key);
2857 qemu_put_8s(f, &s->asc);
2858 /* XXX: if a transfer is pending, we do not save it yet */
2859 }
2860
2861 /* load per IDE drive data */
2862 static void ide_load(QEMUFile* f, IDEState *s)
2863 {
2864 s->mult_sectors=qemu_get_be32(f);
2865 s->identify_set=qemu_get_be32(f);
2866 if (s->identify_set) {
2867 qemu_get_buffer(f, (uint8_t *)s->identify_data, 512);
2868 }
2869 qemu_get_8s(f, &s->feature);
2870 qemu_get_8s(f, &s->error);
2871 qemu_get_be32s(f, &s->nsector);
2872 qemu_get_8s(f, &s->sector);
2873 qemu_get_8s(f, &s->lcyl);
2874 qemu_get_8s(f, &s->hcyl);
2875 qemu_get_8s(f, &s->hob_feature);
2876 qemu_get_8s(f, &s->hob_nsector);
2877 qemu_get_8s(f, &s->hob_sector);
2878 qemu_get_8s(f, &s->hob_lcyl);
2879 qemu_get_8s(f, &s->hob_hcyl);
2880 qemu_get_8s(f, &s->select);
2881 qemu_get_8s(f, &s->status);
2882 qemu_get_8s(f, &s->lba48);
2883
2884 qemu_get_8s(f, &s->sense_key);
2885 qemu_get_8s(f, &s->asc);
2886 /* XXX: if a transfer is pending, we do not save it yet */
2887 }
2888
2889 /***********************************************************/
2890 /* ISA IDE definitions */
2891
2892 void isa_ide_init(int iobase, int iobase2, qemu_irq irq,
2893 BlockDriverState *hd0, BlockDriverState *hd1)
2894 {
2895 IDEState *ide_state;
2896
2897 ide_state = qemu_mallocz(sizeof(IDEState) * 2);
2898 if (!ide_state)
2899 return;
2900
2901 ide_init2(ide_state, hd0, hd1, irq);
2902 ide_init_ioport(ide_state, iobase, iobase2);
2903 }
2904
2905 /***********************************************************/
2906 /* PCI IDE definitions */
2907
2908 static void cmd646_update_irq(PCIIDEState *d);
2909
2910 static void ide_map(PCIDevice *pci_dev, int region_num,
2911 uint32_t addr, uint32_t size, int type)
2912 {
2913 PCIIDEState *d = (PCIIDEState *)pci_dev;
2914 IDEState *ide_state;
2915
2916 if (region_num <= 3) {
2917 ide_state = &d->ide_if[(region_num >> 1) * 2];
2918 if (region_num & 1) {
2919 register_ioport_read(addr + 2, 1, 1, ide_status_read, ide_state);
2920 register_ioport_write(addr + 2, 1, 1, ide_cmd_write, ide_state);
2921 } else {
2922 register_ioport_write(addr, 8, 1, ide_ioport_write, ide_state);
2923 register_ioport_read(addr, 8, 1, ide_ioport_read, ide_state);
2924
2925 /* data ports */
2926 register_ioport_write(addr, 2, 2, ide_data_writew, ide_state);
2927 register_ioport_read(addr, 2, 2, ide_data_readw, ide_state);
2928 register_ioport_write(addr, 4, 4, ide_data_writel, ide_state);
2929 register_ioport_read(addr, 4, 4, ide_data_readl, ide_state);
2930 }
2931 }
2932 }
2933
2934 static void ide_dma_start(IDEState *s, BlockDriverCompletionFunc *dma_cb)
2935 {
2936 BMDMAState *bm = s->bmdma;
2937 if(!bm)
2938 return;
2939 bm->ide_if = s;
2940 bm->dma_cb = dma_cb;
2941 bm->cur_prd_last = 0;
2942 bm->cur_prd_addr = 0;
2943 bm->cur_prd_len = 0;
2944 bm->sector_num = ide_get_sector(s);
2945 bm->nsector = s->nsector;
2946 if (bm->status & BM_STATUS_DMAING) {
2947 bm->dma_cb(bm, 0);
2948 }
2949 }
2950
2951 static void ide_dma_restart(IDEState *s)
2952 {
2953 BMDMAState *bm = s->bmdma;
2954 ide_set_sector(s, bm->sector_num);
2955 s->io_buffer_index = 0;
2956 s->io_buffer_size = 0;
2957 s->nsector = bm->nsector;
2958 bm->cur_addr = bm->addr;
2959 bm->dma_cb = ide_write_dma_cb;
2960 ide_dma_start(s, bm->dma_cb);
2961 }
2962
2963 static void ide_dma_cancel(BMDMAState *bm)
2964 {
2965 if (bm->status & BM_STATUS_DMAING) {
2966 bm->status &= ~BM_STATUS_DMAING;
2967 /* cancel DMA request */
2968 bm->ide_if = NULL;
2969 bm->dma_cb = NULL;
2970 if (bm->aiocb) {
2971 #ifdef DEBUG_AIO
2972 printf("aio_cancel\n");
2973 #endif
2974 bdrv_aio_cancel(bm->aiocb);
2975 bm->aiocb = NULL;
2976 }
2977 }
2978 }
2979
2980 static void bmdma_cmd_writeb(void *opaque, uint32_t addr, uint32_t val)
2981 {
2982 BMDMAState *bm = opaque;
2983 #ifdef DEBUG_IDE
2984 printf("%s: 0x%08x\n", __func__, val);
2985 #endif
2986 if (!(val & BM_CMD_START)) {
2987 /* XXX: do it better */
2988 ide_dma_cancel(bm);
2989 bm->cmd = val & 0x09;
2990 } else {
2991 if (!(bm->status & BM_STATUS_DMAING)) {
2992 bm->status |= BM_STATUS_DMAING;
2993 /* start dma transfer if possible */
2994 if (bm->dma_cb)
2995 bm->dma_cb(bm, 0);
2996 }
2997 bm->cmd = val & 0x09;
2998 }
2999 }
3000
3001 static uint32_t bmdma_readb(void *opaque, uint32_t addr)
3002 {
3003 BMDMAState *bm = opaque;
3004 PCIIDEState *pci_dev;
3005 uint32_t val;
3006
3007 switch(addr & 3) {
3008 case 0:
3009 val = bm->cmd;
3010 break;
3011 case 1:
3012 pci_dev = bm->pci_dev;
3013 if (pci_dev->type == IDE_TYPE_CMD646) {
3014 val = pci_dev->dev.config[MRDMODE];
3015 } else {
3016 val = 0xff;
3017 }
3018 break;
3019 case 2:
3020 val = bm->status;
3021 break;
3022 case 3:
3023 pci_dev = bm->pci_dev;
3024 if (pci_dev->type == IDE_TYPE_CMD646) {
3025 if (bm == &pci_dev->bmdma[0])
3026 val = pci_dev->dev.config[UDIDETCR0];
3027 else
3028 val = pci_dev->dev.config[UDIDETCR1];
3029 } else {
3030 val = 0xff;
3031 }
3032 break;
3033 default:
3034 val = 0xff;
3035 break;
3036 }
3037 #ifdef DEBUG_IDE
3038 printf("bmdma: readb 0x%02x : 0x%02x\n", addr, val);
3039 #endif
3040 return val;
3041 }
3042
3043 static void bmdma_writeb(void *opaque, uint32_t addr, uint32_t val)
3044 {
3045 BMDMAState *bm = opaque;
3046 PCIIDEState *pci_dev;
3047 #ifdef DEBUG_IDE
3048 printf("bmdma: writeb 0x%02x : 0x%02x\n", addr, val);
3049 #endif
3050 switch(addr & 3) {
3051 case 1:
3052 pci_dev = bm->pci_dev;
3053 if (pci_dev->type == IDE_TYPE_CMD646) {
3054 pci_dev->dev.config[MRDMODE] =
3055 (pci_dev->dev.config[MRDMODE] & ~0x30) | (val & 0x30);
3056 cmd646_update_irq(pci_dev);
3057 }
3058 break;
3059 case 2:
3060 bm->status = (val & 0x60) | (bm->status & 1) | (bm->status & ~val & 0x06);
3061 break;
3062 case 3:
3063 pci_dev = bm->pci_dev;
3064 if (pci_dev->type == IDE_TYPE_CMD646) {
3065 if (bm == &pci_dev->bmdma[0])
3066 pci_dev->dev.config[UDIDETCR0] = val;
3067 else
3068 pci_dev->dev.config[UDIDETCR1] = val;
3069 }
3070 break;
3071 }
3072 }
3073
3074 static uint32_t bmdma_addr_readb(void *opaque, uint32_t addr)
3075 {
3076 BMDMAState *bm = opaque;
3077 uint32_t val;
3078 val = (bm->addr >> ((addr & 3) * 8)) & 0xff;
3079 #ifdef DEBUG_IDE
3080 printf("%s: 0x%08x\n", __func__, val);
3081 #endif
3082 return val;
3083 }
3084
3085 static void bmdma_addr_writeb(void *opaque, uint32_t addr, uint32_t val)
3086 {
3087 BMDMAState *bm = opaque;
3088 int shift = (addr & 3) * 8;
3089 #ifdef DEBUG_IDE
3090 printf("%s: 0x%08x\n", __func__, val);
3091 #endif
3092 bm->addr &= ~(0xFF << shift);
3093 bm->addr |= ((val & 0xFF) << shift) & ~3;
3094 bm->cur_addr = bm->addr;
3095 }
3096
3097 static uint32_t bmdma_addr_readw(void *opaque, uint32_t addr)
3098 {
3099 BMDMAState *bm = opaque;
3100 uint32_t val;
3101 val = (bm->addr >> ((addr & 3) * 8)) & 0xffff;
3102 #ifdef DEBUG_IDE
3103 printf("%s: 0x%08x\n", __func__, val);
3104 #endif
3105 return val;
3106 }
3107
3108 static void bmdma_addr_writew(void *opaque, uint32_t addr, uint32_t val)
3109 {
3110 BMDMAState *bm = opaque;
3111 int shift = (addr & 3) * 8;
3112 #ifdef DEBUG_IDE
3113 printf("%s: 0x%08x\n", __func__, val);
3114 #endif
3115 bm->addr &= ~(0xFFFF << shift);
3116 bm->addr |= ((val & 0xFFFF) << shift) & ~3;
3117 bm->cur_addr = bm->addr;
3118 }
3119
3120 static uint32_t bmdma_addr_readl(void *opaque, uint32_t addr)
3121 {
3122 BMDMAState *bm = opaque;
3123 uint32_t val;
3124 val = bm->addr;
3125 #ifdef DEBUG_IDE
3126 printf("%s: 0x%08x\n", __func__, val);
3127 #endif
3128 return val;
3129 }
3130
3131 static void bmdma_addr_writel(void *opaque, uint32_t addr, uint32_t val)
3132 {
3133 BMDMAState *bm = opaque;
3134 #ifdef DEBUG_IDE
3135 printf("%s: 0x%08x\n", __func__, val);
3136 #endif
3137 bm->addr = val & ~3;
3138 bm->cur_addr = bm->addr;
3139 }
3140
3141 static void bmdma_map(PCIDevice *pci_dev, int region_num,
3142 uint32_t addr, uint32_t size, int type)
3143 {
3144 PCIIDEState *d = (PCIIDEState *)pci_dev;
3145 int i;
3146
3147 for(i = 0;i < 2; i++) {
3148 BMDMAState *bm = &d->bmdma[i];
3149 d->ide_if[2 * i].bmdma = bm;
3150 d->ide_if[2 * i + 1].bmdma = bm;
3151 bm->pci_dev = (PCIIDEState *)pci_dev;
3152 qemu_add_vm_change_state_handler(ide_dma_restart_cb, bm);
3153
3154 register_ioport_write(addr, 1, 1, bmdma_cmd_writeb, bm);
3155
3156 register_ioport_write(addr + 1, 3, 1, bmdma_writeb, bm);
3157 register_ioport_read(addr, 4, 1, bmdma_readb, bm);
3158
3159 register_ioport_write(addr + 4, 4, 1, bmdma_addr_writeb, bm);
3160 register_ioport_read(addr + 4, 4, 1, bmdma_addr_readb, bm);
3161 register_ioport_write(addr + 4, 4, 2, bmdma_addr_writew, bm);
3162 register_ioport_read(addr + 4, 4, 2, bmdma_addr_readw, bm);
3163 register_ioport_write(addr + 4, 4, 4, bmdma_addr_writel, bm);
3164 register_ioport_read(addr + 4, 4, 4, bmdma_addr_readl, bm);
3165 addr += 8;
3166 }
3167 }
3168
3169 static void pci_ide_save(QEMUFile* f, void *opaque)
3170 {
3171 PCIIDEState *d = opaque;
3172 int i;
3173
3174 pci_device_save(&d->dev, f);
3175
3176 for(i = 0; i < 2; i++) {
3177 BMDMAState *bm = &d->bmdma[i];
3178 uint8_t ifidx;
3179 qemu_put_8s(f, &bm->cmd);
3180 qemu_put_8s(f, &bm->status);
3181 qemu_put_be32s(f, &bm->addr);
3182 qemu_put_sbe64s(f, &bm->sector_num);
3183 qemu_put_be32s(f, &bm->nsector);
3184 ifidx = bm->ide_if ? bm->ide_if - d->ide_if : 0;
3185 qemu_put_8s(f, &ifidx);
3186 /* XXX: if a transfer is pending, we do not save it yet */
3187 }
3188
3189 /* per IDE interface data */
3190 for(i = 0; i < 2; i++) {
3191 IDEState *s = &d->ide_if[i * 2];
3192 uint8_t drive1_selected;
3193 qemu_put_8s(f, &s->cmd);
3194 drive1_selected = (s->cur_drive != s);
3195 qemu_put_8s(f, &drive1_selected);
3196 }
3197
3198 /* per IDE drive data */
3199 for(i = 0; i < 4; i++) {
3200 ide_save(f, &d->ide_if[i]);
3201 }
3202 }
3203
3204 static int pci_ide_load(QEMUFile* f, void *opaque, int version_id)
3205 {
3206 PCIIDEState *d = opaque;
3207 int ret, i;
3208
3209 if (version_id != 2)
3210 return -EINVAL;
3211 ret = pci_device_load(&d->dev, f);
3212 if (ret < 0)
3213 return ret;
3214
3215 for(i = 0; i < 2; i++) {
3216 BMDMAState *bm = &d->bmdma[i];
3217 uint8_t ifidx;
3218 qemu_get_8s(f, &bm->cmd);
3219 qemu_get_8s(f, &bm->status);
3220 qemu_get_be32s(f, &bm->addr);
3221 qemu_get_sbe64s(f, &bm->sector_num);
3222 qemu_get_be32s(f, &bm->nsector);
3223 qemu_get_8s(f, &ifidx);
3224 bm->ide_if = &d->ide_if[ifidx];
3225 /* XXX: if a transfer is pending, we do not save it yet */
3226 }
3227
3228 /* per IDE interface data */
3229 for(i = 0; i < 2; i++) {
3230 IDEState *s = &d->ide_if[i * 2];
3231 uint8_t drive1_selected;
3232 qemu_get_8s(f, &s->cmd);
3233 qemu_get_8s(f, &drive1_selected);
3234 s->cur_drive = &d->ide_if[i * 2 + (drive1_selected != 0)];
3235 }
3236
3237 /* per IDE drive data */
3238 for(i = 0; i < 4; i++) {
3239 ide_load(f, &d->ide_if[i]);
3240 }
3241 return 0;
3242 }
3243
3244 /* XXX: call it also when the MRDMODE is changed from the PCI config
3245 registers */
3246 static void cmd646_update_irq(PCIIDEState *d)
3247 {
3248 int pci_level;
3249 pci_level = ((d->dev.config[MRDMODE] & MRDMODE_INTR_CH0) &&
3250 !(d->dev.config[MRDMODE] & MRDMODE_BLK_CH0)) ||
3251 ((d->dev.config[MRDMODE] & MRDMODE_INTR_CH1) &&
3252 !(d->dev.config[MRDMODE] & MRDMODE_BLK_CH1));
3253 qemu_set_irq(d->dev.irq[0], pci_level);
3254 }
3255
3256 /* the PCI irq level is the logical OR of the two channels */
3257 static void cmd646_set_irq(void *opaque, int channel, int level)
3258 {
3259 PCIIDEState *d = opaque;
3260 int irq_mask;
3261
3262 irq_mask = MRDMODE_INTR_CH0 << channel;
3263 if (level)
3264 d->dev.config[MRDMODE] |= irq_mask;
3265 else
3266 d->dev.config[MRDMODE] &= ~irq_mask;
3267 cmd646_update_irq(d);
3268 }
3269
3270 static void cmd646_reset(void *opaque)
3271 {
3272 PCIIDEState *d = opaque;
3273 unsigned int i;
3274
3275 for (i = 0; i < 2; i++)
3276 ide_dma_cancel(&d->bmdma[i]);
3277 }
3278
3279 /* CMD646 PCI IDE controller */
3280 void pci_cmd646_ide_init(PCIBus *bus, BlockDriverState **hd_table,
3281 int secondary_ide_enabled)
3282 {
3283 PCIIDEState *d;
3284 uint8_t *pci_conf;
3285 int i;
3286 qemu_irq *irq;
3287
3288 d = (PCIIDEState *)pci_register_device(bus, "CMD646 IDE",
3289 sizeof(PCIIDEState),
3290 -1,
3291 NULL, NULL);
3292 d->type = IDE_TYPE_CMD646;
3293 pci_conf = d->dev.config;
3294 pci_config_set_vendor_id(pci_conf, PCI_VENDOR_ID_CMD);
3295 pci_config_set_device_id(pci_conf, PCI_DEVICE_ID_CMD_646);
3296
3297 pci_conf[0x08] = 0x07; // IDE controller revision
3298 pci_conf[0x09] = 0x8f;
3299
3300 pci_config_set_class(pci_conf, PCI_CLASS_STORAGE_IDE);
3301 pci_conf[0x0e] = 0x00; // header_type
3302
3303 pci_conf[0x51] = 0x04; // enable IDE0
3304 if (secondary_ide_enabled) {
3305 /* XXX: if not enabled, really disable the seconday IDE controller */
3306 pci_conf[0x51] |= 0x08; /* enable IDE1 */
3307 }
3308
3309 pci_register_io_region((PCIDevice *)d, 0, 0x8,
3310 PCI_ADDRESS_SPACE_IO, ide_map);
3311 pci_register_io_region((PCIDevice *)d, 1, 0x4,
3312 PCI_ADDRESS_SPACE_IO, ide_map);
3313 pci_register_io_region((PCIDevice *)d, 2, 0x8,
3314 PCI_ADDRESS_SPACE_IO, ide_map);
3315 pci_register_io_region((PCIDevice *)d, 3, 0x4,
3316 PCI_ADDRESS_SPACE_IO, ide_map);
3317 pci_register_io_region((PCIDevice *)d, 4, 0x10,
3318 PCI_ADDRESS_SPACE_IO, bmdma_map);
3319
3320 pci_conf[0x3d] = 0x01; // interrupt on pin 1
3321
3322 for(i = 0; i < 4; i++)
3323 d->ide_if[i].pci_dev = (PCIDevice *)d;
3324
3325 irq = qemu_allocate_irqs(cmd646_set_irq, d, 2);
3326 ide_init2(&d->ide_if[0], hd_table[0], hd_table[1], irq[0]);
3327 ide_init2(&d->ide_if[2], hd_table[2], hd_table[3], irq[1]);
3328
3329 register_savevm("ide", 0, 2, pci_ide_save, pci_ide_load, d);
3330 qemu_register_reset(cmd646_reset, d);
3331 cmd646_reset(d);
3332 }
3333
3334 static void piix3_reset(void *opaque)
3335 {
3336 PCIIDEState *d = opaque;
3337 uint8_t *pci_conf = d->dev.config;
3338 int i;
3339
3340 for (i = 0; i < 2; i++)
3341 ide_dma_cancel(&d->bmdma[i]);
3342
3343 pci_conf[0x04] = 0x00;
3344 pci_conf[0x05] = 0x00;
3345 pci_conf[0x06] = 0x80; /* FBC */
3346 pci_conf[0x07] = 0x02; // PCI_status_devsel_medium
3347 pci_conf[0x20] = 0x01; /* BMIBA: 20-23h */
3348 }
3349
3350 /* hd_table must contain 4 block drivers */
3351 /* NOTE: for the PIIX3, the IRQs and IOports are hardcoded */
3352 void pci_piix3_ide_init(PCIBus *bus, BlockDriverState **hd_table, int devfn,
3353 qemu_irq *pic)
3354 {
3355 PCIIDEState *d;
3356 uint8_t *pci_conf;
3357
3358 /* register a function 1 of PIIX3 */
3359 d = (PCIIDEState *)pci_register_device(bus, "PIIX3 IDE",
3360 sizeof(PCIIDEState),
3361 devfn,
3362 NULL, NULL);
3363 d->type = IDE_TYPE_PIIX3;
3364
3365 pci_conf = d->dev.config;
3366 pci_config_set_vendor_id(pci_conf, PCI_VENDOR_ID_INTEL);
3367 pci_config_set_device_id(pci_conf, PCI_DEVICE_ID_INTEL_82371SB_1);
3368 pci_conf[0x09] = 0x80; // legacy ATA mode
3369 pci_config_set_class(pci_conf, PCI_CLASS_STORAGE_IDE);
3370 pci_conf[0x0e] = 0x00; // header_type
3371
3372 qemu_register_reset(piix3_reset, d);
3373 piix3_reset(d);
3374
3375 pci_register_io_region((PCIDevice *)d, 4, 0x10,
3376 PCI_ADDRESS_SPACE_IO, bmdma_map);
3377
3378 ide_init2(&d->ide_if[0], hd_table[0], hd_table[1], pic[14]);
3379 ide_init2(&d->ide_if[2], hd_table[2], hd_table[3], pic[15]);
3380 ide_init_ioport(&d->ide_if[0], 0x1f0, 0x3f6);
3381 ide_init_ioport(&d->ide_if[2], 0x170, 0x376);
3382
3383 register_savevm("ide", 0, 2, pci_ide_save, pci_ide_load, d);
3384 }
3385
3386 /* hd_table must contain 4 block drivers */
3387 /* NOTE: for the PIIX4, the IRQs and IOports are hardcoded */
3388 void pci_piix4_ide_init(PCIBus *bus, BlockDriverState **hd_table, int devfn,
3389 qemu_irq *pic)
3390 {
3391 PCIIDEState *d;
3392 uint8_t *pci_conf;
3393
3394 /* register a function 1 of PIIX4 */
3395 d = (PCIIDEState *)pci_register_device(bus, "PIIX4 IDE",
3396 sizeof(PCIIDEState),
3397 devfn,
3398 NULL, NULL);
3399 d->type = IDE_TYPE_PIIX4;
3400
3401 pci_conf = d->dev.config;
3402 pci_config_set_vendor_id(pci_conf, PCI_VENDOR_ID_INTEL);
3403 pci_config_set_device_id(pci_conf, PCI_DEVICE_ID_INTEL_82371AB);
3404 pci_conf[0x09] = 0x80; // legacy ATA mode
3405 pci_config_set_class(pci_conf, PCI_CLASS_STORAGE_IDE);
3406 pci_conf[0x0e] = 0x00; // header_type
3407
3408 qemu_register_reset(piix3_reset, d);
3409 piix3_reset(d);
3410
3411 pci_register_io_region((PCIDevice *)d, 4, 0x10,
3412 PCI_ADDRESS_SPACE_IO, bmdma_map);
3413
3414 ide_init2(&d->ide_if[0], hd_table[0], hd_table[1], pic[14]);
3415 ide_init2(&d->ide_if[2], hd_table[2], hd_table[3], pic[15]);
3416 ide_init_ioport(&d->ide_if[0], 0x1f0, 0x3f6);
3417 ide_init_ioport(&d->ide_if[2], 0x170, 0x376);
3418
3419 register_savevm("ide", 0, 2, pci_ide_save, pci_ide_load, d);
3420 }
3421
3422 #if defined(TARGET_PPC)
3423 /***********************************************************/
3424 /* MacIO based PowerPC IDE */
3425
3426 typedef struct MACIOIDEState {
3427 IDEState ide_if[2];
3428 void *dbdma;
3429 int stream_index;
3430 } MACIOIDEState;
3431
3432 static int pmac_atapi_read(DBDMA_transfer *info, DBDMA_transfer_cb cb)
3433 {
3434 MACIOIDEState *m = info->opaque;
3435 IDEState *s = m->ide_if->cur_drive;
3436 int ret;
3437
3438 if (s->lba == -1)
3439 return 0;
3440
3441 info->buf_pos = 0;
3442
3443 while (info->buf_pos < info->len && s->packet_transfer_size > 0) {
3444
3445 ret = cd_read_sector(s->bs, s->lba, s->io_buffer, s->cd_sector_size);
3446 if (ret < 0) {
3447 ide_transfer_stop(s);
3448 ide_atapi_io_error(s, ret);
3449 return info->buf_pos;
3450 }
3451
3452 info->buf = s->io_buffer + m->stream_index;
3453
3454 info->buf_len = s->cd_sector_size;
3455 if (info->buf_pos + info->buf_len > info->len)
3456 info->buf_len = info->len - info->buf_pos;
3457
3458 cb(info);
3459
3460 /* db-dma can ask for 512 bytes whereas block size is 2048... */
3461
3462 m->stream_index += info->buf_len;
3463 s->lba += m->stream_index / s->cd_sector_size;
3464 m->stream_index %= s->cd_sector_size;
3465
3466 info->buf_pos += info->buf_len;
3467 s->packet_transfer_size -= info->buf_len;
3468 }
3469 if (s->packet_transfer_size <= 0) {
3470 s->status = READY_STAT | SEEK_STAT;
3471 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO
3472 | ATAPI_INT_REASON_CD;
3473 ide_set_irq(s);
3474 }
3475
3476 return info->buf_pos;
3477 }
3478
3479 static int pmac_ide_transfer(DBDMA_transfer *info,
3480 DBDMA_transfer_cb cb)
3481 {
3482 MACIOIDEState *m = info->opaque;
3483 IDEState *s = m->ide_if->cur_drive;
3484 int64_t sector_num;
3485 int ret, n;
3486
3487 if (s->is_cdrom)
3488 return pmac_atapi_read(info, cb);
3489
3490 info->buf = s->io_buffer;
3491 info->buf_pos = 0;
3492 while (info->buf_pos < info->len && s->nsector > 0) {
3493
3494 sector_num = ide_get_sector(s);
3495
3496 n = s->nsector;
3497 if (n > IDE_DMA_BUF_SECTORS)
3498 n = IDE_DMA_BUF_SECTORS;
3499
3500 info->buf_len = n << 9;
3501 if (info->buf_pos + info->buf_len > info->len)
3502 info->buf_len = info->len - info->buf_pos;
3503 n = info->buf_len >> 9;
3504
3505 if (s->is_read) {
3506 ret = bdrv_read(s->bs, sector_num, s->io_buffer, n);
3507 if (ret == 0)
3508 cb(info);
3509 } else {
3510 cb(info);
3511 ret = bdrv_write(s->bs, sector_num, s->io_buffer, n);
3512 }
3513
3514 if (ret != 0) {
3515 ide_rw_error(s);
3516 return info->buf_pos;
3517 }
3518
3519 info->buf_pos += n << 9;
3520 ide_set_sector(s, sector_num + n);
3521 s->nsector -= n;
3522 }
3523
3524 if (s->nsector <= 0) {
3525 s->status = READY_STAT | SEEK_STAT;
3526 ide_set_irq(s);
3527 }
3528
3529 return info->buf_pos;
3530 }
3531
3532 /* PowerMac IDE memory IO */
3533 static void pmac_ide_writeb (void *opaque,
3534 target_phys_addr_t addr, uint32_t val)
3535 {
3536 MACIOIDEState *d = opaque;
3537
3538 addr = (addr & 0xFFF) >> 4;
3539 switch (addr) {
3540 case 1 ... 7:
3541 ide_ioport_write(d->ide_if, addr, val);
3542 break;
3543 case 8:
3544 case 22:
3545 ide_cmd_write(d->ide_if, 0, val);
3546 break;
3547 default:
3548 break;
3549 }
3550 }
3551
3552 static uint32_t pmac_ide_readb (void *opaque,target_phys_addr_t addr)
3553 {
3554 uint8_t retval;
3555 MACIOIDEState *d = opaque;
3556
3557 addr = (addr & 0xFFF) >> 4;
3558 switch (addr) {
3559 case 1 ... 7:
3560 retval = ide_ioport_read(d->ide_if, addr);
3561 break;
3562 case 8:
3563 case 22:
3564 retval = ide_status_read(d->ide_if, 0);
3565 break;
3566 default:
3567 retval = 0xFF;
3568 break;
3569 }
3570 return retval;
3571 }
3572
3573 static void pmac_ide_writew (void *opaque,
3574 target_phys_addr_t addr, uint32_t val)
3575 {
3576 MACIOIDEState *d = opaque;
3577
3578 addr = (addr & 0xFFF) >> 4;
3579 #ifdef TARGET_WORDS_BIGENDIAN
3580 val = bswap16(val);
3581 #endif
3582 if (addr == 0) {
3583 ide_data_writew(d->ide_if, 0, val);
3584 }
3585 }
3586
3587 static uint32_t pmac_ide_readw (void *opaque,target_phys_addr_t addr)
3588 {
3589 uint16_t retval;
3590 MACIOIDEState *d = opaque;
3591
3592 addr = (addr & 0xFFF) >> 4;
3593 if (addr == 0) {
3594 retval = ide_data_readw(d->ide_if, 0);
3595 } else {
3596 retval = 0xFFFF;
3597 }
3598 #ifdef TARGET_WORDS_BIGENDIAN
3599 retval = bswap16(retval);
3600 #endif
3601 return retval;
3602 }
3603
3604 static void pmac_ide_writel (void *opaque,
3605 target_phys_addr_t addr, uint32_t val)
3606 {
3607 MACIOIDEState *d = opaque;
3608
3609 addr = (addr & 0xFFF) >> 4;
3610 #ifdef TARGET_WORDS_BIGENDIAN
3611 val = bswap32(val);
3612 #endif
3613 if (addr == 0) {
3614 ide_data_writel(d->ide_if, 0, val);
3615 }
3616 }
3617
3618 static uint32_t pmac_ide_readl (void *opaque,target_phys_addr_t addr)
3619 {
3620 uint32_t retval;
3621 MACIOIDEState *d = opaque;
3622
3623 addr = (addr & 0xFFF) >> 4;
3624 if (addr == 0) {
3625 retval = ide_data_readl(d->ide_if, 0);
3626 } else {
3627 retval = 0xFFFFFFFF;
3628 }
3629 #ifdef TARGET_WORDS_BIGENDIAN
3630 retval = bswap32(retval);
3631 #endif
3632 return retval;
3633 }
3634
3635 static CPUWriteMemoryFunc *pmac_ide_write[] = {
3636 pmac_ide_writeb,
3637 pmac_ide_writew,
3638 pmac_ide_writel,
3639 };
3640
3641 static CPUReadMemoryFunc *pmac_ide_read[] = {
3642 pmac_ide_readb,
3643 pmac_ide_readw,
3644 pmac_ide_readl,
3645 };
3646
3647 static void pmac_ide_save(QEMUFile *f, void *opaque)
3648 {
3649 MACIOIDEState *d = opaque;
3650 IDEState *s = d->ide_if;
3651 uint8_t drive1_selected;
3652 unsigned int i;
3653
3654 /* per IDE interface data */
3655 qemu_put_8s(f, &s->cmd);
3656 drive1_selected = (s->cur_drive != s);
3657 qemu_put_8s(f, &drive1_selected);
3658
3659 /* per IDE drive data */
3660 for(i = 0; i < 2; i++) {
3661 ide_save(f, &s[i]);
3662 }
3663 }
3664
3665 static int pmac_ide_load(QEMUFile *f, void *opaque, int version_id)
3666 {
3667 MACIOIDEState *d = opaque;
3668 IDEState *s = d->ide_if;
3669 uint8_t drive1_selected;
3670 unsigned int i;
3671
3672 if (version_id != 1)
3673 return -EINVAL;
3674
3675 /* per IDE interface data */
3676 qemu_get_8s(f, &s->cmd);
3677 qemu_get_8s(f, &drive1_selected);
3678 s->cur_drive = &s[(drive1_selected != 0)];
3679
3680 /* per IDE drive data */
3681 for(i = 0; i < 2; i++) {
3682 ide_load(f, &s[i]);
3683 }
3684 return 0;
3685 }
3686
3687 static void pmac_ide_reset(void *opaque)
3688 {
3689 MACIOIDEState *d = opaque;
3690 IDEState *s = d->ide_if;
3691
3692 ide_reset(&s[0]);
3693 ide_reset(&s[1]);
3694 }
3695
3696 /* hd_table must contain 4 block drivers */
3697 /* PowerMac uses memory mapped registers, not I/O. Return the memory
3698 I/O index to access the ide. */
3699 int pmac_ide_init (BlockDriverState **hd_table, qemu_irq irq,
3700 void *dbdma, int channel, qemu_irq dma_irq)
3701 {
3702 MACIOIDEState *d;
3703 int pmac_ide_memory;
3704
3705 d = qemu_mallocz(sizeof(MACIOIDEState));
3706 ide_init2(d->ide_if, hd_table[0], hd_table[1], irq);
3707
3708 if (dbdma) {
3709 d->dbdma = dbdma;
3710 DBDMA_register_channel(dbdma, channel, dma_irq, pmac_ide_transfer, d);
3711 }
3712
3713 pmac_ide_memory = cpu_register_io_memory(0, pmac_ide_read,
3714 pmac_ide_write, d);
3715 register_savevm("ide", 0, 1, pmac_ide_save, pmac_ide_load, d);
3716 qemu_register_reset(pmac_ide_reset, d);
3717 pmac_ide_reset(d);
3718
3719 return pmac_ide_memory;
3720 }
3721 #endif /* TARGET_PPC */
3722
3723 /***********************************************************/
3724 /* MMIO based ide port
3725 * This emulates IDE device connected directly to the CPU bus without
3726 * dedicated ide controller, which is often seen on embedded boards.
3727 */
3728
3729 typedef struct {
3730 void *dev;
3731 int shift;
3732 } MMIOState;
3733
3734 static uint32_t mmio_ide_read (void *opaque, target_phys_addr_t addr)
3735 {
3736 MMIOState *s = (MMIOState*)opaque;
3737 IDEState *ide = (IDEState*)s->dev;
3738 addr >>= s->shift;
3739 if (addr & 7)
3740 return ide_ioport_read(ide, addr);
3741 else
3742 return ide_data_readw(ide, 0);
3743 }
3744
3745 static void mmio_ide_write (void *opaque, target_phys_addr_t addr,
3746 uint32_t val)
3747 {
3748 MMIOState *s = (MMIOState*)opaque;
3749 IDEState *ide = (IDEState*)s->dev;
3750 addr >>= s->shift;
3751 if (addr & 7)
3752 ide_ioport_write(ide, addr, val);
3753 else
3754 ide_data_writew(ide, 0, val);
3755 }
3756
3757 static CPUReadMemoryFunc *mmio_ide_reads[] = {
3758 mmio_ide_read,
3759 mmio_ide_read,
3760 mmio_ide_read,
3761 };
3762
3763 static CPUWriteMemoryFunc *mmio_ide_writes[] = {
3764 mmio_ide_write,
3765 mmio_ide_write,
3766 mmio_ide_write,
3767 };
3768
3769 static uint32_t mmio_ide_status_read (void *opaque, target_phys_addr_t addr)
3770 {
3771 MMIOState *s= (MMIOState*)opaque;
3772 IDEState *ide = (IDEState*)s->dev;
3773 return ide_status_read(ide, 0);
3774 }
3775
3776 static void mmio_ide_cmd_write (void *opaque, target_phys_addr_t addr,
3777 uint32_t val)
3778 {
3779 MMIOState *s = (MMIOState*)opaque;
3780 IDEState *ide = (IDEState*)s->dev;
3781 ide_cmd_write(ide, 0, val);
3782 }
3783
3784 static CPUReadMemoryFunc *mmio_ide_status[] = {
3785 mmio_ide_status_read,
3786 mmio_ide_status_read,
3787 mmio_ide_status_read,
3788 };
3789
3790 static CPUWriteMemoryFunc *mmio_ide_cmd[] = {
3791 mmio_ide_cmd_write,
3792 mmio_ide_cmd_write,
3793 mmio_ide_cmd_write,
3794 };
3795
3796 void mmio_ide_init (target_phys_addr_t membase, target_phys_addr_t membase2,
3797 qemu_irq irq, int shift,
3798 BlockDriverState *hd0, BlockDriverState *hd1)
3799 {
3800 MMIOState *s = qemu_mallocz(sizeof(MMIOState));
3801 IDEState *ide = qemu_mallocz(sizeof(IDEState) * 2);
3802 int mem1, mem2;
3803
3804 ide_init2(ide, hd0, hd1, irq);
3805
3806 s->dev = ide;
3807 s->shift = shift;
3808
3809 mem1 = cpu_register_io_memory(0, mmio_ide_reads, mmio_ide_writes, s);
3810 mem2 = cpu_register_io_memory(0, mmio_ide_status, mmio_ide_cmd, s);
3811 cpu_register_physical_memory(membase, 16 << shift, mem1);
3812 cpu_register_physical_memory(membase2, 2 << shift, mem2);
3813 }
3814
3815 /***********************************************************/
3816 /* CF-ATA Microdrive */
3817
3818 #define METADATA_SIZE 0x20
3819
3820 /* DSCM-1XXXX Microdrive hard disk with CF+ II / PCMCIA interface. */
3821 struct md_s {
3822 IDEState ide[2];
3823 struct pcmcia_card_s card;
3824 uint32_t attr_base;
3825 uint32_t io_base;
3826
3827 /* Card state */
3828 uint8_t opt;
3829 uint8_t stat;
3830 uint8_t pins;
3831
3832 uint8_t ctrl;
3833 uint16_t io;
3834 int cycle;
3835 };
3836
3837 /* Register bitfields */
3838 enum md_opt {
3839 OPT_MODE_MMAP = 0,
3840 OPT_MODE_IOMAP16 = 1,
3841 OPT_MODE_IOMAP1 = 2,
3842 OPT_MODE_IOMAP2 = 3,
3843 OPT_MODE = 0x3f,
3844 OPT_LEVIREQ = 0x40,
3845 OPT_SRESET = 0x80,
3846 };
3847 enum md_cstat {
3848 STAT_INT = 0x02,
3849 STAT_PWRDWN = 0x04,
3850 STAT_XE = 0x10,
3851 STAT_IOIS8 = 0x20,
3852 STAT_SIGCHG = 0x40,
3853 STAT_CHANGED = 0x80,
3854 };
3855 enum md_pins {
3856 PINS_MRDY = 0x02,
3857 PINS_CRDY = 0x20,
3858 };
3859 enum md_ctrl {
3860 CTRL_IEN = 0x02,
3861 CTRL_SRST = 0x04,
3862 };
3863
3864 static inline void md_interrupt_update(struct md_s *s)
3865 {
3866 if (!s->card.slot)
3867 return;
3868
3869 qemu_set_irq(s->card.slot->irq,
3870 !(s->stat & STAT_INT) && /* Inverted */
3871 !(s->ctrl & (CTRL_IEN | CTRL_SRST)) &&
3872 !(s->opt & OPT_SRESET));
3873 }
3874
3875 static void md_set_irq(void *opaque, int irq, int level)
3876 {
3877 struct md_s *s = (struct md_s *) opaque;
3878 if (level)
3879 s->stat |= STAT_INT;
3880 else
3881 s->stat &= ~STAT_INT;
3882
3883 md_interrupt_update(s);
3884 }
3885
3886 static void md_reset(struct md_s *s)
3887 {
3888 s->opt = OPT_MODE_MMAP;
3889 s->stat = 0;
3890 s->pins = 0;
3891 s->cycle = 0;
3892 s->ctrl = 0;
3893 ide_reset(s->ide);
3894 }
3895
3896 static uint8_t md_attr_read(void *opaque, uint32_t at)
3897 {
3898 struct md_s *s = (struct md_s *) opaque;
3899 if (at < s->attr_base) {
3900 if (at < s->card.cis_len)
3901 return s->card.cis[at];
3902 else
3903 return 0x00;
3904 }
3905
3906 at -= s->attr_base;
3907
3908 switch (at) {
3909 case 0x00: /* Configuration Option Register */
3910 return s->opt;
3911 case 0x02: /* Card Configuration Status Register */
3912 if (s->ctrl & CTRL_IEN)
3913 return s->stat & ~STAT_INT;
3914 else
3915 return s->stat;
3916 case 0x04: /* Pin Replacement Register */
3917 return (s->pins & PINS_CRDY) | 0x0c;
3918 case 0x06: /* Socket and Copy Register */
3919 return 0x00;
3920 #ifdef VERBOSE
3921 default:
3922 printf("%s: Bad attribute space register %02x\n", __FUNCTION__, at);
3923 #endif
3924 }
3925
3926 return 0;
3927 }
3928
3929 static void md_attr_write(void *opaque, uint32_t at, uint8_t value)
3930 {
3931 struct md_s *s = (struct md_s *) opaque;
3932 at -= s->attr_base;
3933
3934 switch (at) {
3935 case 0x00: /* Configuration Option Register */
3936 s->opt = value & 0xcf;
3937 if (value & OPT_SRESET)
3938 md_reset(s);
3939 md_interrupt_update(s);
3940 break;
3941 case 0x02: /* Card Configuration Status Register */
3942 if ((s->stat ^ value) & STAT_PWRDWN)
3943 s->pins |= PINS_CRDY;
3944 s->stat &= 0x82;
3945 s->stat |= value & 0x74;
3946 md_interrupt_update(s);
3947 /* Word 170 in Identify Device must be equal to STAT_XE */
3948 break;
3949 case 0x04: /* Pin Replacement Register */
3950 s->pins &= PINS_CRDY;
3951 s->pins |= value & PINS_MRDY;
3952 break;
3953 case 0x06: /* Socket and Copy Register */
3954 break;
3955 default:
3956 printf("%s: Bad attribute space register %02x\n", __FUNCTION__, at);
3957 }
3958 }
3959
3960 static uint16_t md_common_read(void *opaque, uint32_t at)
3961 {
3962 struct md_s *s = (struct md_s *) opaque;
3963 uint16_t ret;
3964 at -= s->io_base;
3965
3966 switch (s->opt & OPT_MODE) {
3967 case OPT_MODE_MMAP:
3968 if ((at & ~0x3ff) == 0x400)
3969 at = 0;
3970 break;
3971 case OPT_MODE_IOMAP16:
3972 at &= 0xf;
3973 break;
3974 case OPT_MODE_IOMAP1:
3975 if ((at & ~0xf) == 0x3f0)
3976 at -= 0x3e8;
3977 else if ((at & ~0xf) == 0x1f0)
3978 at -= 0x1f0;
3979 break;
3980 case OPT_MODE_IOMAP2:
3981 if ((at & ~0xf) == 0x370)
3982 at -= 0x368;
3983 else if ((at & ~0xf) == 0x170)
3984 at -= 0x170;
3985 }
3986
3987 switch (at) {
3988 case 0x0: /* Even RD Data */
3989 case 0x8:
3990 return ide_data_readw(s->ide, 0);
3991
3992 /* TODO: 8-bit accesses */
3993 if (s->cycle)
3994 ret = s->io >> 8;
3995 else {
3996 s->io = ide_data_readw(s->ide, 0);
3997 ret = s->io & 0xff;
3998 }
3999 s->cycle = !s->cycle;
4000 return ret;
4001 case 0x9: /* Odd RD Data */
4002 return s->io >> 8;
4003 case 0xd: /* Error */
4004 return ide_ioport_read(s->ide, 0x1);
4005 case 0xe: /* Alternate Status */
4006 if (s->ide->cur_drive->bs)
4007 return s->ide->cur_drive->status;
4008 else
4009 return 0;
4010 case 0xf: /* Device Address */
4011 return 0xc2 | ((~s->ide->select << 2) & 0x3c);
4012 default:
4013 return ide_ioport_read(s->ide, at);
4014 }
4015
4016 return 0;
4017 }
4018
4019 static void md_common_write(void *opaque, uint32_t at, uint16_t value)
4020 {
4021 struct md_s *s = (struct md_s *) opaque;
4022 at -= s->io_base;
4023
4024 switch (s->opt & OPT_MODE) {
4025 case OPT_MODE_MMAP:
4026 if ((at & ~0x3ff) == 0x400)
4027 at = 0;
4028 break;
4029 case OPT_MODE_IOMAP16:
4030 at &= 0xf;
4031 break;
4032 case OPT_MODE_IOMAP1:
4033 if ((at & ~0xf) == 0x3f0)
4034 at -= 0x3e8;
4035 else if ((at & ~0xf) == 0x1f0)
4036 at -= 0x1f0;
4037 break;
4038 case OPT_MODE_IOMAP2:
4039 if ((at & ~0xf) == 0x370)
4040 at -= 0x368;
4041 else if ((at & ~0xf) == 0x170)
4042 at -= 0x170;
4043 }
4044
4045 switch (at) {
4046 case 0x0: /* Even WR Data */
4047 case 0x8:
4048 ide_data_writew(s->ide, 0, value);
4049 break;
4050
4051 /* TODO: 8-bit accesses */
4052 if (s->cycle)
4053 ide_data_writew(s->ide, 0, s->io | (value << 8));
4054 else
4055 s->io = value & 0xff;
4056 s->cycle = !s->cycle;
4057 break;
4058 case 0x9:
4059 s->io = value & 0xff;
4060 s->cycle = !s->cycle;
4061 break;
4062 case 0xd: /* Features */
4063 ide_ioport_write(s->ide, 0x1, value);
4064 break;
4065 case 0xe: /* Device Control */
4066 s->ctrl = value;
4067 if (value & CTRL_SRST)
4068 md_reset(s);
4069 md_interrupt_update(s);
4070 break;
4071 default:
4072 if (s->stat & STAT_PWRDWN) {
4073 s->pins |= PINS_CRDY;
4074 s->stat &= ~STAT_PWRDWN;
4075 }
4076 ide_ioport_write(s->ide, at, value);
4077 }
4078 }
4079
4080 static void md_save(QEMUFile *f, void *opaque)
4081 {
4082 struct md_s *s = (struct md_s *) opaque;
4083 int i;
4084 uint8_t drive1_selected;
4085
4086 qemu_put_8s(f, &s->opt);
4087 qemu_put_8s(f, &s->stat);
4088 qemu_put_8s(f, &s->pins);
4089
4090 qemu_put_8s(f, &s->ctrl);
4091 qemu_put_be16s(f, &s->io);
4092 qemu_put_byte(f, s->cycle);
4093
4094 drive1_selected = (s->ide->cur_drive != s->ide);
4095 qemu_put_8s(f, &s->ide->cmd);
4096 qemu_put_8s(f, &drive1_selected);
4097
4098 for (i = 0; i < 2; i ++)
4099 ide_save(f, &s->ide[i]);
4100 }
4101
4102 static int md_load(QEMUFile *f, void *opaque, int version_id)
4103 {
4104 struct md_s *s = (struct md_s *) opaque;
4105 int i;
4106 uint8_t drive1_selected;
4107
4108 qemu_get_8s(f, &s->opt);
4109 qemu_get_8s(f, &s->stat);
4110 qemu_get_8s(f, &s->pins);
4111
4112 qemu_get_8s(f, &s->ctrl);
4113 qemu_get_be16s(f, &s->io);
4114 s->cycle = qemu_get_byte(f);
4115
4116 qemu_get_8s(f, &s->ide->cmd);
4117 qemu_get_8s(f, &drive1_selected);
4118 s->ide->cur_drive = &s->ide[(drive1_selected != 0)];
4119
4120 for (i = 0; i < 2; i ++)
4121 ide_load(f, &s->ide[i]);
4122
4123 return 0;
4124 }
4125
4126 static const uint8_t dscm1xxxx_cis[0x14a] = {
4127 [0x000] = CISTPL_DEVICE, /* 5V Device Information */
4128 [0x002] = 0x03, /* Tuple length = 4 bytes */
4129 [0x004] = 0xdb, /* ID: DTYPE_FUNCSPEC, non WP, DSPEED_150NS */
4130 [0x006] = 0x01, /* Size = 2K bytes */
4131 [0x008] = CISTPL_ENDMARK,
4132
4133 [0x00a] = CISTPL_DEVICE_OC, /* Additional Device Information */
4134 [0x00c] = 0x04, /* Tuple length = 4 byest */
4135 [0x00e] = 0x03, /* Conditions: Ext = 0, Vcc 3.3V, MWAIT = 1 */
4136 [0x010] = 0xdb, /* ID: DTYPE_FUNCSPEC, non WP, DSPEED_150NS */
4137 [0x012] = 0x01, /* Size = 2K bytes */
4138 [0x014] = CISTPL_ENDMARK,
4139
4140 [0x016] = CISTPL_JEDEC_C, /* JEDEC ID */
4141 [0x018] = 0x02, /* Tuple length = 2 bytes */
4142 [0x01a] = 0xdf, /* PC Card ATA with no Vpp required */
4143 [0x01c] = 0x01,
4144
4145 [0x01e] = CISTPL_MANFID, /* Manufacture ID */
4146 [0x020] = 0x04, /* Tuple length = 4 bytes */
4147 [0x022] = 0xa4, /* TPLMID_MANF = 00a4 (IBM) */
4148 [0x024] = 0x00,
4149 [0x026] = 0x00, /* PLMID_CARD = 0000 */
4150 [0x028] = 0x00,
4151
4152 [0x02a] = CISTPL_VERS_1, /* Level 1 Version */
4153 [0x02c] = 0x12, /* Tuple length = 23 bytes */
4154 [0x02e] = 0x04, /* Major Version = JEIDA 4.2 / PCMCIA 2.1 */
4155 [0x030] = 0x01, /* Minor Version = 1 */
4156 [0x032] = 'I',
4157 [0x034] = 'B',
4158 [0x036] = 'M',
4159 [0x038] = 0x00,
4160 [0x03a] = 'm',
4161 [0x03c] = 'i',
4162 [0x03e] = 'c',
4163 [0x040] = 'r',
4164 [0x042] = 'o',
4165 [0x044] = 'd',
4166 [0x046] = 'r',
4167 [0x048] = 'i',
4168 [0x04a] = 'v',
4169 [0x04c] = 'e',
4170 [0x04e] = 0x00,
4171 [0x050] = CISTPL_ENDMARK,
4172
4173 [0x052] = CISTPL_FUNCID, /* Function ID */
4174 [0x054] = 0x02, /* Tuple length = 2 bytes */
4175 [0x056] = 0x04, /* TPLFID_FUNCTION = Fixed Disk */
4176 [0x058] = 0x01, /* TPLFID_SYSINIT: POST = 1, ROM = 0 */
4177
4178 [0x05a] = CISTPL_FUNCE, /* Function Extension */
4179 [0x05c] = 0x02, /* Tuple length = 2 bytes */
4180 [0x05e] = 0x01, /* TPLFE_TYPE = Disk Device Interface */
4181 [0x060] = 0x01, /* TPLFE_DATA = PC Card ATA Interface */
4182
4183 [0x062] = CISTPL_FUNCE, /* Function Extension */
4184 [0x064] = 0x03, /* Tuple length = 3 bytes */
4185 [0x066] = 0x02, /* TPLFE_TYPE = Basic PC Card ATA Interface */
4186 [0x068] = 0x08, /* TPLFE_DATA: Rotating, Unique, Single */
4187 [0x06a] = 0x0f, /* TPLFE_DATA: Sleep, Standby, Idle, Auto */
4188
4189 [0x06c] = CISTPL_CONFIG, /* Configuration */
4190 [0x06e] = 0x05, /* Tuple length = 5 bytes */
4191 [0x070] = 0x01, /* TPCC_RASZ = 2 bytes, TPCC_RMSZ = 1 byte */
4192 [0x072] = 0x07, /* TPCC_LAST = 7 */
4193 [0x074] = 0x00, /* TPCC_RADR = 0200 */
4194 [0x076] = 0x02,
4195 [0x078] = 0x0f, /* TPCC_RMSK = 200, 202, 204, 206 */
4196
4197 [0x07a] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
4198 [0x07c] = 0x0b, /* Tuple length = 11 bytes */
4199 [0x07e] = 0xc0, /* TPCE_INDX = Memory Mode, Default, Iface */
4200 [0x080] = 0xc0, /* TPCE_IF = Memory, no BVDs, no WP, READY */
4201 [0x082] = 0xa1, /* TPCE_FS = Vcc only, no I/O, Memory, Misc */
4202 [0x084] = 0x27, /* NomV = 1, MinV = 1, MaxV = 1, Peakl = 1 */
4203 [0x086] = 0x55, /* NomV: 5.0 V */
4204 [0x088] = 0x4d, /* MinV: 4.5 V */
4205 [0x08a] = 0x5d, /* MaxV: 5.5 V */
4206 [0x08c] = 0x4e, /* Peakl: 450 mA */
4207 [0x08e] = 0x08, /* TPCE_MS = 1 window, 1 byte, Host address */
4208 [0x090] = 0x00, /* Window descriptor: Window length = 0 */
4209 [0x092] = 0x20, /* TPCE_MI: support power down mode, RW */
4210
4211 [0x094] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
4212 [0x096] = 0x06, /* Tuple length = 6 bytes */
4213 [0x098] = 0x00, /* TPCE_INDX = Memory Mode, no Default */
4214 [0x09a] = 0x01, /* TPCE_FS = Vcc only, no I/O, no Memory */
4215 [0x09c] = 0x21, /* NomV = 1, MinV = 0, MaxV = 0, Peakl = 1 */
4216 [0x09e] = 0xb5, /* NomV: 3.3 V */
4217 [0x0a0] = 0x1e,
4218 [0x0a2] = 0x3e, /* Peakl: 350 mA */
4219
4220 [0x0a4] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
4221 [0x0a6] = 0x0d, /* Tuple length = 13 bytes */
4222 [0x0a8] = 0xc1, /* TPCE_INDX = I/O and Memory Mode, Default */
4223 [0x0aa] = 0x41, /* TPCE_IF = I/O and Memory, no BVD, no WP */
4224 [0x0ac] = 0x99, /* TPCE_FS = Vcc only, I/O, Interrupt, Misc */
4225 [0x0ae] = 0x27, /* NomV = 1, MinV = 1, MaxV = 1, Peakl = 1 */
4226 [0x0b0] = 0x55, /* NomV: 5.0 V */
4227 [0x0b2] = 0x4d, /* MinV: 4.5 V */
4228 [0x0b4] = 0x5d, /* MaxV: 5.5 V */
4229 [0x0b6] = 0x4e, /* Peakl: 450 mA */
4230 [0x0b8] = 0x64, /* TPCE_IO = 16-byte boundary, 16/8 accesses */
4231 [0x0ba] = 0xf0, /* TPCE_IR = MASK, Level, Pulse, Share */
4232 [0x0bc] = 0xff, /* IRQ0..IRQ7 supported */
4233 [0x0be] = 0xff, /* IRQ8..IRQ15 supported */
4234 [0x0c0] = 0x20, /* TPCE_MI = support power down mode */
4235
4236 [0x0c2] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
4237 [0x0c4] = 0x06, /* Tuple length = 6 bytes */
4238 [0x0c6] = 0x01, /* TPCE_INDX = I/O and Memory Mode */
4239 [0x0c8] = 0x01, /* TPCE_FS = Vcc only, no I/O, no Memory */
4240 [0x0ca] = 0x21, /* NomV = 1, MinV = 0, MaxV = 0, Peakl = 1 */
4241 [0x0cc] = 0xb5, /* NomV: 3.3 V */
4242 [0x0ce] = 0x1e,
4243 [0x0d0] = 0x3e, /* Peakl: 350 mA */
4244
4245 [0x0d2] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
4246 [0x0d4] = 0x12, /* Tuple length = 18 bytes */
4247 [0x0d6] = 0xc2, /* TPCE_INDX = I/O Primary Mode */
4248 [0x0d8] = 0x41, /* TPCE_IF = I/O and Memory, no BVD, no WP */
4249 [0x0da] = 0x99, /* TPCE_FS = Vcc only, I/O, Interrupt, Misc */
4250 [0x0dc] = 0x27, /* NomV = 1, MinV = 1, MaxV = 1, Peakl = 1 */
4251 [0x0de] = 0x55, /* NomV: 5.0 V */
4252 [0x0e0] = 0x4d, /* MinV: 4.5 V */
4253 [0x0e2] = 0x5d, /* MaxV: 5.5 V */
4254 [0x0e4] = 0x4e, /* Peakl: 450 mA */
4255 [0x0e6] = 0xea, /* TPCE_IO = 1K boundary, 16/8 access, Range */
4256 [0x0e8] = 0x61, /* Range: 2 fields, 2 bytes addr, 1 byte len */
4257 [0x0ea] = 0xf0, /* Field 1 address = 0x01f0 */
4258 [0x0ec] = 0x01,
4259 [0x0ee] = 0x07, /* Address block length = 8 */
4260 [0x0f0] = 0xf6, /* Field 2 address = 0x03f6 */
4261 [0x0f2] = 0x03,
4262 [0x0f4] = 0x01, /* Address block length = 2 */
4263 [0x0f6] = 0xee, /* TPCE_IR = IRQ E, Level, Pulse, Share */
4264 [0x0f8] = 0x20, /* TPCE_MI = support power down mode */
4265
4266 [0x0fa] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
4267 [0x0fc] = 0x06, /* Tuple length = 6 bytes */
4268 [0x0fe] = 0x02, /* TPCE_INDX = I/O Primary Mode, no Default */
4269 [0x100] = 0x01, /* TPCE_FS = Vcc only, no I/O, no Memory */
4270 [0x102] = 0x21, /* NomV = 1, MinV = 0, MaxV = 0, Peakl = 1 */
4271 [0x104] = 0xb5, /* NomV: 3.3 V */
4272 [0x106] = 0x1e,
4273 [0x108] = 0x3e, /* Peakl: 350 mA */
4274
4275 [0x10a] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
4276 [0x10c] = 0x12, /* Tuple length = 18 bytes */
4277 [0x10e] = 0xc3, /* TPCE_INDX = I/O Secondary Mode, Default */
4278 [0x110] = 0x41, /* TPCE_IF = I/O and Memory, no BVD, no WP */
4279 [0x112] = 0x99, /* TPCE_FS = Vcc only, I/O, Interrupt, Misc */
4280 [0x114] = 0x27, /* NomV = 1, MinV = 1, MaxV = 1, Peakl = 1 */
4281 [0x116] = 0x55, /* NomV: 5.0 V */
4282 [0x118] = 0x4d, /* MinV: 4.5 V */
4283 [0x11a] = 0x5d, /* MaxV: 5.5 V */
4284 [0x11c] = 0x4e, /* Peakl: 450 mA */
4285 [0x11e] = 0xea, /* TPCE_IO = 1K boundary, 16/8 access, Range */
4286 [0x120] = 0x61, /* Range: 2 fields, 2 byte addr, 1 byte len */
4287 [0x122] = 0x70, /* Field 1 address = 0x0170 */
4288 [0x124] = 0x01,
4289 [0x126] = 0x07, /* Address block length = 8 */
4290 [0x128] = 0x76, /* Field 2 address = 0x0376 */
4291 [0x12a] = 0x03,
4292 [0x12c] = 0x01, /* Address block length = 2 */
4293 [0x12e] = 0xee, /* TPCE_IR = IRQ E, Level, Pulse, Share */
4294 [0x130] = 0x20, /* TPCE_MI = support power down mode */
4295
4296 [0x132] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
4297 [0x134] = 0x06, /* Tuple length = 6 bytes */
4298 [0x136] = 0x03, /* TPCE_INDX = I/O Secondary Mode */
4299 [0x138] = 0x01, /* TPCE_FS = Vcc only, no I/O, no Memory */
4300 [0x13a] = 0x21, /* NomV = 1, MinV = 0, MaxV = 0, Peakl = 1 */
4301 [0x13c] = 0xb5, /* NomV: 3.3 V */
4302 [0x13e] = 0x1e,
4303 [0x140] = 0x3e, /* Peakl: 350 mA */
4304
4305 [0x142] = CISTPL_NO_LINK, /* No Link */
4306 [0x144] = 0x00, /* Tuple length = 0 bytes */
4307
4308 [0x146] = CISTPL_END, /* Tuple End */
4309 };
4310
4311 static int dscm1xxxx_attach(void *opaque)
4312 {
4313 struct md_s *md = (struct md_s *) opaque;
4314 md->card.attr_read = md_attr_read;
4315 md->card.attr_write = md_attr_write;
4316 md->card.common_read = md_common_read;
4317 md->card.common_write = md_common_write;
4318 md->card.io_read = md_common_read;
4319 md->card.io_write = md_common_write;
4320
4321 md->attr_base = md->card.cis[0x74] | (md->card.cis[0x76] << 8);
4322 md->io_base = 0x0;
4323
4324 md_reset(md);
4325 md_interrupt_update(md);
4326
4327 md->card.slot->card_string = "DSCM-1xxxx Hitachi Microdrive";
4328 return 0;
4329 }
4330
4331 static int dscm1xxxx_detach(void *opaque)
4332 {
4333 struct md_s *md = (struct md_s *) opaque;
4334 md_reset(md);
4335 return 0;
4336 }
4337
4338 struct pcmcia_card_s *dscm1xxxx_init(BlockDriverState *bdrv)
4339 {
4340 struct md_s *md = (struct md_s *) qemu_mallocz(sizeof(struct md_s));
4341 md->card.state = md;
4342 md->card.attach = dscm1xxxx_attach;
4343 md->card.detach = dscm1xxxx_detach;
4344 md->card.cis = dscm1xxxx_cis;
4345 md->card.cis_len = sizeof(dscm1xxxx_cis);
4346
4347 ide_init2(md->ide, bdrv, 0, qemu_allocate_irqs(md_set_irq, md, 1)[0]);
4348 md->ide->is_cf = 1;
4349 md->ide->mdata_size = METADATA_SIZE;
4350 md->ide->mdata_storage = (uint8_t *) qemu_mallocz(METADATA_SIZE);
4351
4352 register_savevm("microdrive", -1, 0, md_save, md_load, md);
4353
4354 return &md->card;
4355 }
QEmu