search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
ide: split away ide-internal.h
[qemu.git] / hw / ide.c
blob654d78bd7d8a2006b3f876be37068008b4ec52eb
1 /*
2 * QEMU IDE disk and CD/DVD-ROM Emulator
3 *
4 * Copyright (c) 2003 Fabrice Bellard
5 * Copyright (c) 2006 Openedhand Ltd.
6 *
7 * Permission is hereby granted, free of charge, to any person obtaining a copy
8 * of this software and associated documentation files (the "Software"), to deal
9 * in the Software without restriction, including without limitation the rights
10 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
11 * copies of the Software, and to permit persons to whom the Software is
12 * furnished to do so, subject to the following conditions:
13 *
14 * The above copyright notice and this permission notice shall be included in
15 * all copies or substantial portions of the Software.
16 *
17 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
18 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
19 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
20 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
21 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
22 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
23 * THE SOFTWARE.
24 */
25 #include "hw.h"
26 #include "pc.h"
27 #include "pci.h"
28 #include "scsi-disk.h"
29 #include "pcmcia.h"
30 #include "block.h"
31 #include "block_int.h"
32 #include "qemu-timer.h"
33 #include "sysemu.h"
34 #include "ppc_mac.h"
35 #include "mac_dbdma.h"
36 #include "sh.h"
37 #include "dma.h"
38 #include "ide-internal.h"
39
40 static int smart_attributes[][5] = {
41 /* id, flags, val, wrst, thrsh */
42 { 0x01, 0x03, 0x64, 0x64, 0x06}, /* raw read */
43 { 0x03, 0x03, 0x64, 0x64, 0x46}, /* spin up */
44 { 0x04, 0x02, 0x64, 0x64, 0x14}, /* start stop count */
45 { 0x05, 0x03, 0x64, 0x64, 0x36}, /* remapped sectors */
46 { 0x00, 0x00, 0x00, 0x00, 0x00}
47 };
48
49 /* XXX: DVDs that could fit on a CD will be reported as a CD */
50 static inline int media_present(IDEState *s)
51 {
52 return (s->nb_sectors > 0);
53 }
54
55 static inline int media_is_dvd(IDEState *s)
56 {
57 return (media_present(s) && s->nb_sectors > CD_MAX_SECTORS);
58 }
59
60 static inline int media_is_cd(IDEState *s)
61 {
62 return (media_present(s) && s->nb_sectors <= CD_MAX_SECTORS);
63 }
64
65 #define IDE_TYPE_PIIX3 0
66 #define IDE_TYPE_CMD646 1
67 #define IDE_TYPE_PIIX4 2
68
69 /* CMD646 specific */
70 #define MRDMODE 0x71
71 #define MRDMODE_INTR_CH0 0x04
72 #define MRDMODE_INTR_CH1 0x08
73 #define MRDMODE_BLK_CH0 0x10
74 #define MRDMODE_BLK_CH1 0x20
75 #define UDIDETCR0 0x73
76 #define UDIDETCR1 0x7B
77
78 typedef struct PCIIDEState {
79 PCIDevice dev;
80 IDEBus bus[2];
81 BMDMAState bmdma[2];
82 int type; /* see IDE_TYPE_xxx */
83 } PCIIDEState;
84
85 static void ide_dma_start(IDEState *s, BlockDriverCompletionFunc *dma_cb);
86 static void ide_dma_restart(IDEState *s);
87 static void ide_atapi_cmd_read_dma_cb(void *opaque, int ret);
88
89 static void padstr(char *str, const char *src, int len)
90 {
91 int i, v;
92 for(i = 0; i < len; i++) {
93 if (*src)
94 v = *src++;
95 else
96 v = ' ';
97 str[i^1] = v;
98 }
99 }
100
101 static void padstr8(uint8_t *buf, int buf_size, const char *src)
102 {
103 int i;
104 for(i = 0; i < buf_size; i++) {
105 if (*src)
106 buf[i] = *src++;
107 else
108 buf[i] = ' ';
109 }
110 }
111
112 static void put_le16(uint16_t *p, unsigned int v)
113 {
114 *p = cpu_to_le16(v);
115 }
116
117 static void ide_identify(IDEState *s)
118 {
119 uint16_t *p;
120 unsigned int oldsize;
121
122 if (s->identify_set) {
123 memcpy(s->io_buffer, s->identify_data, sizeof(s->identify_data));
124 return;
125 }
126
127 memset(s->io_buffer, 0, 512);
128 p = (uint16_t *)s->io_buffer;
129 put_le16(p + 0, 0x0040);
130 put_le16(p + 1, s->cylinders);
131 put_le16(p + 3, s->heads);
132 put_le16(p + 4, 512 * s->sectors); /* XXX: retired, remove ? */
133 put_le16(p + 5, 512); /* XXX: retired, remove ? */
134 put_le16(p + 6, s->sectors);
135 padstr((char *)(p + 10), s->drive_serial_str, 20); /* serial number */
136 put_le16(p + 20, 3); /* XXX: retired, remove ? */
137 put_le16(p + 21, 512); /* cache size in sectors */
138 put_le16(p + 22, 4); /* ecc bytes */
139 padstr((char *)(p + 23), QEMU_VERSION, 8); /* firmware version */
140 padstr((char *)(p + 27), "QEMU HARDDISK", 40); /* model */
141 #if MAX_MULT_SECTORS > 1
142 put_le16(p + 47, 0x8000 | MAX_MULT_SECTORS);
143 #endif
144 put_le16(p + 48, 1); /* dword I/O */
145 put_le16(p + 49, (1 << 11) | (1 << 9) | (1 << 8)); /* DMA and LBA supported */
146 put_le16(p + 51, 0x200); /* PIO transfer cycle */
147 put_le16(p + 52, 0x200); /* DMA transfer cycle */
148 put_le16(p + 53, 1 | (1 << 1) | (1 << 2)); /* words 54-58,64-70,88 are valid */
149 put_le16(p + 54, s->cylinders);
150 put_le16(p + 55, s->heads);
151 put_le16(p + 56, s->sectors);
152 oldsize = s->cylinders * s->heads * s->sectors;
153 put_le16(p + 57, oldsize);
154 put_le16(p + 58, oldsize >> 16);
155 if (s->mult_sectors)
156 put_le16(p + 59, 0x100 | s->mult_sectors);
157 put_le16(p + 60, s->nb_sectors);
158 put_le16(p + 61, s->nb_sectors >> 16);
159 put_le16(p + 62, 0x07); /* single word dma0-2 supported */
160 put_le16(p + 63, 0x07); /* mdma0-2 supported */
161 put_le16(p + 65, 120);
162 put_le16(p + 66, 120);
163 put_le16(p + 67, 120);
164 put_le16(p + 68, 120);
165 put_le16(p + 80, 0xf0); /* ata3 -> ata6 supported */
166 put_le16(p + 81, 0x16); /* conforms to ata5 */
167 /* 14=NOP supported, 0=SMART supported */
168 put_le16(p + 82, (1 << 14) | 1);
169 /* 13=flush_cache_ext,12=flush_cache,10=lba48 */
170 put_le16(p + 83, (1 << 14) | (1 << 13) | (1 <<12) | (1 << 10));
171 /* 14=set to 1, 1=SMART self test, 0=SMART error logging */
172 put_le16(p + 84, (1 << 14) | 0);
173 /* 14 = NOP supported, 0=SMART feature set enabled */
174 put_le16(p + 85, (1 << 14) | 1);
175 /* 13=flush_cache_ext,12=flush_cache,10=lba48 */
176 put_le16(p + 86, (1 << 14) | (1 << 13) | (1 <<12) | (1 << 10));
177 /* 14=set to 1, 1=smart self test, 0=smart error logging */
178 put_le16(p + 87, (1 << 14) | 0);
179 put_le16(p + 88, 0x3f | (1 << 13)); /* udma5 set and supported */
180 put_le16(p + 93, 1 | (1 << 14) | 0x2000);
181 put_le16(p + 100, s->nb_sectors);
182 put_le16(p + 101, s->nb_sectors >> 16);
183 put_le16(p + 102, s->nb_sectors >> 32);
184 put_le16(p + 103, s->nb_sectors >> 48);
185
186 memcpy(s->identify_data, p, sizeof(s->identify_data));
187 s->identify_set = 1;
188 }
189
190 static void ide_atapi_identify(IDEState *s)
191 {
192 uint16_t *p;
193
194 if (s->identify_set) {
195 memcpy(s->io_buffer, s->identify_data, sizeof(s->identify_data));
196 return;
197 }
198
199 memset(s->io_buffer, 0, 512);
200 p = (uint16_t *)s->io_buffer;
201 /* Removable CDROM, 50us response, 12 byte packets */
202 put_le16(p + 0, (2 << 14) | (5 << 8) | (1 << 7) | (2 << 5) | (0 << 0));
203 padstr((char *)(p + 10), s->drive_serial_str, 20); /* serial number */
204 put_le16(p + 20, 3); /* buffer type */
205 put_le16(p + 21, 512); /* cache size in sectors */
206 put_le16(p + 22, 4); /* ecc bytes */
207 padstr((char *)(p + 23), QEMU_VERSION, 8); /* firmware version */
208 padstr((char *)(p + 27), "QEMU DVD-ROM", 40); /* model */
209 put_le16(p + 48, 1); /* dword I/O (XXX: should not be set on CDROM) */
210 #ifdef USE_DMA_CDROM
211 put_le16(p + 49, 1 << 9 | 1 << 8); /* DMA and LBA supported */
212 put_le16(p + 53, 7); /* words 64-70, 54-58, 88 valid */
213 put_le16(p + 62, 7); /* single word dma0-2 supported */
214 put_le16(p + 63, 7); /* mdma0-2 supported */
215 put_le16(p + 64, 0x3f); /* PIO modes supported */
216 #else
217 put_le16(p + 49, 1 << 9); /* LBA supported, no DMA */
218 put_le16(p + 53, 3); /* words 64-70, 54-58 valid */
219 put_le16(p + 63, 0x103); /* DMA modes XXX: may be incorrect */
220 put_le16(p + 64, 1); /* PIO modes */
221 #endif
222 put_le16(p + 65, 0xb4); /* minimum DMA multiword tx cycle time */
223 put_le16(p + 66, 0xb4); /* recommended DMA multiword tx cycle time */
224 put_le16(p + 67, 0x12c); /* minimum PIO cycle time without flow control */
225 put_le16(p + 68, 0xb4); /* minimum PIO cycle time with IORDY flow control */
226
227 put_le16(p + 71, 30); /* in ns */
228 put_le16(p + 72, 30); /* in ns */
229
230 put_le16(p + 80, 0x1e); /* support up to ATA/ATAPI-4 */
231 #ifdef USE_DMA_CDROM
232 put_le16(p + 88, 0x3f | (1 << 13)); /* udma5 set and supported */
233 #endif
234 memcpy(s->identify_data, p, sizeof(s->identify_data));
235 s->identify_set = 1;
236 }
237
238 static void ide_cfata_identify(IDEState *s)
239 {
240 uint16_t *p;
241 uint32_t cur_sec;
242
243 p = (uint16_t *) s->identify_data;
244 if (s->identify_set)
245 goto fill_buffer;
246
247 memset(p, 0, sizeof(s->identify_data));
248
249 cur_sec = s->cylinders * s->heads * s->sectors;
250
251 put_le16(p + 0, 0x848a); /* CF Storage Card signature */
252 put_le16(p + 1, s->cylinders); /* Default cylinders */
253 put_le16(p + 3, s->heads); /* Default heads */
254 put_le16(p + 6, s->sectors); /* Default sectors per track */
255 put_le16(p + 7, s->nb_sectors >> 16); /* Sectors per card */
256 put_le16(p + 8, s->nb_sectors); /* Sectors per card */
257 padstr((char *)(p + 10), s->drive_serial_str, 20); /* serial number */
258 put_le16(p + 22, 0x0004); /* ECC bytes */
259 padstr((char *) (p + 23), QEMU_VERSION, 8); /* Firmware Revision */
260 padstr((char *) (p + 27), "QEMU MICRODRIVE", 40);/* Model number */
261 #if MAX_MULT_SECTORS > 1
262 put_le16(p + 47, 0x8000 | MAX_MULT_SECTORS);
263 #else
264 put_le16(p + 47, 0x0000);
265 #endif
266 put_le16(p + 49, 0x0f00); /* Capabilities */
267 put_le16(p + 51, 0x0002); /* PIO cycle timing mode */
268 put_le16(p + 52, 0x0001); /* DMA cycle timing mode */
269 put_le16(p + 53, 0x0003); /* Translation params valid */
270 put_le16(p + 54, s->cylinders); /* Current cylinders */
271 put_le16(p + 55, s->heads); /* Current heads */
272 put_le16(p + 56, s->sectors); /* Current sectors */
273 put_le16(p + 57, cur_sec); /* Current capacity */
274 put_le16(p + 58, cur_sec >> 16); /* Current capacity */
275 if (s->mult_sectors) /* Multiple sector setting */
276 put_le16(p + 59, 0x100 | s->mult_sectors);
277 put_le16(p + 60, s->nb_sectors); /* Total LBA sectors */
278 put_le16(p + 61, s->nb_sectors >> 16); /* Total LBA sectors */
279 put_le16(p + 63, 0x0203); /* Multiword DMA capability */
280 put_le16(p + 64, 0x0001); /* Flow Control PIO support */
281 put_le16(p + 65, 0x0096); /* Min. Multiword DMA cycle */
282 put_le16(p + 66, 0x0096); /* Rec. Multiword DMA cycle */
283 put_le16(p + 68, 0x00b4); /* Min. PIO cycle time */
284 put_le16(p + 82, 0x400c); /* Command Set supported */
285 put_le16(p + 83, 0x7068); /* Command Set supported */
286 put_le16(p + 84, 0x4000); /* Features supported */
287 put_le16(p + 85, 0x000c); /* Command Set enabled */
288 put_le16(p + 86, 0x7044); /* Command Set enabled */
289 put_le16(p + 87, 0x4000); /* Features enabled */
290 put_le16(p + 91, 0x4060); /* Current APM level */
291 put_le16(p + 129, 0x0002); /* Current features option */
292 put_le16(p + 130, 0x0005); /* Reassigned sectors */
293 put_le16(p + 131, 0x0001); /* Initial power mode */
294 put_le16(p + 132, 0x0000); /* User signature */
295 put_le16(p + 160, 0x8100); /* Power requirement */
296 put_le16(p + 161, 0x8001); /* CF command set */
297
298 s->identify_set = 1;
299
300 fill_buffer:
301 memcpy(s->io_buffer, p, sizeof(s->identify_data));
302 }
303
304 static void ide_set_signature(IDEState *s)
305 {
306 s->select &= 0xf0; /* clear head */
307 /* put signature */
308 s->nsector = 1;
309 s->sector = 1;
310 if (s->is_cdrom) {
311 s->lcyl = 0x14;
312 s->hcyl = 0xeb;
313 } else if (s->bs) {
314 s->lcyl = 0;
315 s->hcyl = 0;
316 } else {
317 s->lcyl = 0xff;
318 s->hcyl = 0xff;
319 }
320 }
321
322 static inline void ide_abort_command(IDEState *s)
323 {
324 s->status = READY_STAT | ERR_STAT;
325 s->error = ABRT_ERR;
326 }
327
328 static inline void ide_dma_submit_check(IDEState *s,
329 BlockDriverCompletionFunc *dma_cb, BMDMAState *bm)
330 {
331 if (bm->aiocb)
332 return;
333 dma_cb(bm, -1);
334 }
335
336 /* prepare data transfer and tell what to do after */
337 static void ide_transfer_start(IDEState *s, uint8_t *buf, int size,
338 EndTransferFunc *end_transfer_func)
339 {
340 s->end_transfer_func = end_transfer_func;
341 s->data_ptr = buf;
342 s->data_end = buf + size;
343 if (!(s->status & ERR_STAT))
344 s->status |= DRQ_STAT;
345 }
346
347 static void ide_transfer_stop(IDEState *s)
348 {
349 s->end_transfer_func = ide_transfer_stop;
350 s->data_ptr = s->io_buffer;
351 s->data_end = s->io_buffer;
352 s->status &= ~DRQ_STAT;
353 }
354
355 int64_t ide_get_sector(IDEState *s)
356 {
357 int64_t sector_num;
358 if (s->select & 0x40) {
359 /* lba */
360 if (!s->lba48) {
361 sector_num = ((s->select & 0x0f) << 24) | (s->hcyl << 16) |
362 (s->lcyl << 8) | s->sector;
363 } else {
364 sector_num = ((int64_t)s->hob_hcyl << 40) |
365 ((int64_t) s->hob_lcyl << 32) |
366 ((int64_t) s->hob_sector << 24) |
367 ((int64_t) s->hcyl << 16) |
368 ((int64_t) s->lcyl << 8) | s->sector;
369 }
370 } else {
371 sector_num = ((s->hcyl << 8) | s->lcyl) * s->heads * s->sectors +
372 (s->select & 0x0f) * s->sectors + (s->sector - 1);
373 }
374 return sector_num;
375 }
376
377 void ide_set_sector(IDEState *s, int64_t sector_num)
378 {
379 unsigned int cyl, r;
380 if (s->select & 0x40) {
381 if (!s->lba48) {
382 s->select = (s->select & 0xf0) | (sector_num >> 24);
383 s->hcyl = (sector_num >> 16);
384 s->lcyl = (sector_num >> 8);
385 s->sector = (sector_num);
386 } else {
387 s->sector = sector_num;
388 s->lcyl = sector_num >> 8;
389 s->hcyl = sector_num >> 16;
390 s->hob_sector = sector_num >> 24;
391 s->hob_lcyl = sector_num >> 32;
392 s->hob_hcyl = sector_num >> 40;
393 }
394 } else {
395 cyl = sector_num / (s->heads * s->sectors);
396 r = sector_num % (s->heads * s->sectors);
397 s->hcyl = cyl >> 8;
398 s->lcyl = cyl;
399 s->select = (s->select & 0xf0) | ((r / s->sectors) & 0x0f);
400 s->sector = (r % s->sectors) + 1;
401 }
402 }
403
404 static void ide_rw_error(IDEState *s) {
405 ide_abort_command(s);
406 ide_set_irq(s);
407 }
408
409 static void ide_sector_read(IDEState *s)
410 {
411 int64_t sector_num;
412 int ret, n;
413
414 s->status = READY_STAT | SEEK_STAT;
415 s->error = 0; /* not needed by IDE spec, but needed by Windows */
416 sector_num = ide_get_sector(s);
417 n = s->nsector;
418 if (n == 0) {
419 /* no more sector to read from disk */
420 ide_transfer_stop(s);
421 } else {
422 #if defined(DEBUG_IDE)
423 printf("read sector=%" PRId64 "\n", sector_num);
424 #endif
425 if (n > s->req_nb_sectors)
426 n = s->req_nb_sectors;
427 ret = bdrv_read(s->bs, sector_num, s->io_buffer, n);
428 if (ret != 0) {
429 ide_rw_error(s);
430 return;
431 }
432 ide_transfer_start(s, s->io_buffer, 512 * n, ide_sector_read);
433 ide_set_irq(s);
434 ide_set_sector(s, sector_num + n);
435 s->nsector -= n;
436 }
437 }
438
439
440 /* return 0 if buffer completed */
441 static int dma_buf_prepare(BMDMAState *bm, int is_write)
442 {
443 IDEState *s = bmdma_active_if(bm);
444 struct {
445 uint32_t addr;
446 uint32_t size;
447 } prd;
448 int l, len;
449
450 qemu_sglist_init(&s->sg, s->nsector / (TARGET_PAGE_SIZE/512) + 1);
451 s->io_buffer_size = 0;
452 for(;;) {
453 if (bm->cur_prd_len == 0) {
454 /* end of table (with a fail safe of one page) */
455 if (bm->cur_prd_last ||
456 (bm->cur_addr - bm->addr) >= 4096)
457 return s->io_buffer_size != 0;
458 cpu_physical_memory_read(bm->cur_addr, (uint8_t *)&prd, 8);
459 bm->cur_addr += 8;
460 prd.addr = le32_to_cpu(prd.addr);
461 prd.size = le32_to_cpu(prd.size);
462 len = prd.size & 0xfffe;
463 if (len == 0)
464 len = 0x10000;
465 bm->cur_prd_len = len;
466 bm->cur_prd_addr = prd.addr;
467 bm->cur_prd_last = (prd.size & 0x80000000);
468 }
469 l = bm->cur_prd_len;
470 if (l > 0) {
471 qemu_sglist_add(&s->sg, bm->cur_prd_addr, l);
472 bm->cur_prd_addr += l;
473 bm->cur_prd_len -= l;
474 s->io_buffer_size += l;
475 }
476 }
477 return 1;
478 }
479
480 static void dma_buf_commit(IDEState *s, int is_write)
481 {
482 qemu_sglist_destroy(&s->sg);
483 }
484
485 void ide_dma_error(IDEState *s)
486 {
487 ide_transfer_stop(s);
488 s->error = ABRT_ERR;
489 s->status = READY_STAT | ERR_STAT;
490 ide_set_irq(s);
491 }
492
493 static int ide_handle_write_error(IDEState *s, int error, int op)
494 {
495 BlockInterfaceErrorAction action = drive_get_onerror(s->bs);
496
497 if (action == BLOCK_ERR_IGNORE)
498 return 0;
499
500 if ((error == ENOSPC && action == BLOCK_ERR_STOP_ENOSPC)
501 || action == BLOCK_ERR_STOP_ANY) {
502 s->bus->bmdma->unit = s->unit;
503 s->bus->bmdma->status |= op;
504 vm_stop(0);
505 } else {
506 if (op == BM_STATUS_DMA_RETRY) {
507 dma_buf_commit(s, 0);
508 ide_dma_error(s);
509 } else {
510 ide_rw_error(s);
511 }
512 }
513
514 return 1;
515 }
516
517 /* return 0 if buffer completed */
518 static int dma_buf_rw(BMDMAState *bm, int is_write)
519 {
520 IDEState *s = bmdma_active_if(bm);
521 struct {
522 uint32_t addr;
523 uint32_t size;
524 } prd;
525 int l, len;
526
527 for(;;) {
528 l = s->io_buffer_size - s->io_buffer_index;
529 if (l <= 0)
530 break;
531 if (bm->cur_prd_len == 0) {
532 /* end of table (with a fail safe of one page) */
533 if (bm->cur_prd_last ||
534 (bm->cur_addr - bm->addr) >= 4096)
535 return 0;
536 cpu_physical_memory_read(bm->cur_addr, (uint8_t *)&prd, 8);
537 bm->cur_addr += 8;
538 prd.addr = le32_to_cpu(prd.addr);
539 prd.size = le32_to_cpu(prd.size);
540 len = prd.size & 0xfffe;
541 if (len == 0)
542 len = 0x10000;
543 bm->cur_prd_len = len;
544 bm->cur_prd_addr = prd.addr;
545 bm->cur_prd_last = (prd.size & 0x80000000);
546 }
547 if (l > bm->cur_prd_len)
548 l = bm->cur_prd_len;
549 if (l > 0) {
550 if (is_write) {
551 cpu_physical_memory_write(bm->cur_prd_addr,
552 s->io_buffer + s->io_buffer_index, l);
553 } else {
554 cpu_physical_memory_read(bm->cur_prd_addr,
555 s->io_buffer + s->io_buffer_index, l);
556 }
557 bm->cur_prd_addr += l;
558 bm->cur_prd_len -= l;
559 s->io_buffer_index += l;
560 }
561 }
562 return 1;
563 }
564
565 static void ide_read_dma_cb(void *opaque, int ret)
566 {
567 BMDMAState *bm = opaque;
568 IDEState *s = bmdma_active_if(bm);
569 int n;
570 int64_t sector_num;
571
572 if (ret < 0) {
573 dma_buf_commit(s, 1);
574 ide_dma_error(s);
575 return;
576 }
577
578 n = s->io_buffer_size >> 9;
579 sector_num = ide_get_sector(s);
580 if (n > 0) {
581 dma_buf_commit(s, 1);
582 sector_num += n;
583 ide_set_sector(s, sector_num);
584 s->nsector -= n;
585 }
586
587 /* end of transfer ? */
588 if (s->nsector == 0) {
589 s->status = READY_STAT | SEEK_STAT;
590 ide_set_irq(s);
591 eot:
592 bm->status &= ~BM_STATUS_DMAING;
593 bm->status |= BM_STATUS_INT;
594 bm->dma_cb = NULL;
595 bm->unit = -1;
596 bm->aiocb = NULL;
597 return;
598 }
599
600 /* launch next transfer */
601 n = s->nsector;
602 s->io_buffer_index = 0;
603 s->io_buffer_size = n * 512;
604 if (dma_buf_prepare(bm, 1) == 0)
605 goto eot;
606 #ifdef DEBUG_AIO
607 printf("aio_read: sector_num=%" PRId64 " n=%d\n", sector_num, n);
608 #endif
609 bm->aiocb = dma_bdrv_read(s->bs, &s->sg, sector_num, ide_read_dma_cb, bm);
610 ide_dma_submit_check(s, ide_read_dma_cb, bm);
611 }
612
613 static void ide_sector_read_dma(IDEState *s)
614 {
615 s->status = READY_STAT | SEEK_STAT | DRQ_STAT | BUSY_STAT;
616 s->io_buffer_index = 0;
617 s->io_buffer_size = 0;
618 s->is_read = 1;
619 ide_dma_start(s, ide_read_dma_cb);
620 }
621
622 static void ide_sector_write_timer_cb(void *opaque)
623 {
624 IDEState *s = opaque;
625 ide_set_irq(s);
626 }
627
628 static void ide_sector_write(IDEState *s)
629 {
630 int64_t sector_num;
631 int ret, n, n1;
632
633 s->status = READY_STAT | SEEK_STAT;
634 sector_num = ide_get_sector(s);
635 #if defined(DEBUG_IDE)
636 printf("write sector=%" PRId64 "\n", sector_num);
637 #endif
638 n = s->nsector;
639 if (n > s->req_nb_sectors)
640 n = s->req_nb_sectors;
641 ret = bdrv_write(s->bs, sector_num, s->io_buffer, n);
642
643 if (ret != 0) {
644 if (ide_handle_write_error(s, -ret, BM_STATUS_PIO_RETRY))
645 return;
646 }
647
648 s->nsector -= n;
649 if (s->nsector == 0) {
650 /* no more sectors to write */
651 ide_transfer_stop(s);
652 } else {
653 n1 = s->nsector;
654 if (n1 > s->req_nb_sectors)
655 n1 = s->req_nb_sectors;
656 ide_transfer_start(s, s->io_buffer, 512 * n1, ide_sector_write);
657 }
658 ide_set_sector(s, sector_num + n);
659
660 #ifdef TARGET_I386
661 if (win2k_install_hack && ((++s->irq_count % 16) == 0)) {
662 /* It seems there is a bug in the Windows 2000 installer HDD
663 IDE driver which fills the disk with empty logs when the
664 IDE write IRQ comes too early. This hack tries to correct
665 that at the expense of slower write performances. Use this
666 option _only_ to install Windows 2000. You must disable it
667 for normal use. */
668 qemu_mod_timer(s->sector_write_timer,
669 qemu_get_clock(vm_clock) + (ticks_per_sec / 1000));
670 } else
671 #endif
672 {
673 ide_set_irq(s);
674 }
675 }
676
677 static void ide_dma_restart_bh(void *opaque)
678 {
679 BMDMAState *bm = opaque;
680
681 qemu_bh_delete(bm->bh);
682 bm->bh = NULL;
683
684 if (bm->status & BM_STATUS_DMA_RETRY) {
685 bm->status &= ~BM_STATUS_DMA_RETRY;
686 ide_dma_restart(bmdma_active_if(bm));
687 } else if (bm->status & BM_STATUS_PIO_RETRY) {
688 bm->status &= ~BM_STATUS_PIO_RETRY;
689 ide_sector_write(bmdma_active_if(bm));
690 }
691 }
692
693 void ide_dma_restart_cb(void *opaque, int running, int reason)
694 {
695 BMDMAState *bm = opaque;
696
697 if (!running)
698 return;
699
700 if (!bm->bh) {
701 bm->bh = qemu_bh_new(ide_dma_restart_bh, bm);
702 qemu_bh_schedule(bm->bh);
703 }
704 }
705
706 static void ide_write_dma_cb(void *opaque, int ret)
707 {
708 BMDMAState *bm = opaque;
709 IDEState *s = bmdma_active_if(bm);
710 int n;
711 int64_t sector_num;
712
713 if (ret < 0) {
714 if (ide_handle_write_error(s, -ret, BM_STATUS_DMA_RETRY))
715 return;
716 }
717
718 n = s->io_buffer_size >> 9;
719 sector_num = ide_get_sector(s);
720 if (n > 0) {
721 dma_buf_commit(s, 0);
722 sector_num += n;
723 ide_set_sector(s, sector_num);
724 s->nsector -= n;
725 }
726
727 /* end of transfer ? */
728 if (s->nsector == 0) {
729 s->status = READY_STAT | SEEK_STAT;
730 ide_set_irq(s);
731 eot:
732 bm->status &= ~BM_STATUS_DMAING;
733 bm->status |= BM_STATUS_INT;
734 bm->dma_cb = NULL;
735 bm->unit = -1;
736 bm->aiocb = NULL;
737 return;
738 }
739
740 n = s->nsector;
741 s->io_buffer_size = n * 512;
742 /* launch next transfer */
743 if (dma_buf_prepare(bm, 0) == 0)
744 goto eot;
745 #ifdef DEBUG_AIO
746 printf("aio_write: sector_num=%" PRId64 " n=%d\n", sector_num, n);
747 #endif
748 bm->aiocb = dma_bdrv_write(s->bs, &s->sg, sector_num, ide_write_dma_cb, bm);
749 ide_dma_submit_check(s, ide_write_dma_cb, bm);
750 }
751
752 static void ide_sector_write_dma(IDEState *s)
753 {
754 s->status = READY_STAT | SEEK_STAT | DRQ_STAT | BUSY_STAT;
755 s->io_buffer_index = 0;
756 s->io_buffer_size = 0;
757 s->is_read = 0;
758 ide_dma_start(s, ide_write_dma_cb);
759 }
760
761 void ide_atapi_cmd_ok(IDEState *s)
762 {
763 s->error = 0;
764 s->status = READY_STAT | SEEK_STAT;
765 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
766 ide_set_irq(s);
767 }
768
769 void ide_atapi_cmd_error(IDEState *s, int sense_key, int asc)
770 {
771 #ifdef DEBUG_IDE_ATAPI
772 printf("atapi_cmd_error: sense=0x%x asc=0x%x\n", sense_key, asc);
773 #endif
774 s->error = sense_key << 4;
775 s->status = READY_STAT | ERR_STAT;
776 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
777 s->sense_key = sense_key;
778 s->asc = asc;
779 ide_set_irq(s);
780 }
781
782 static void ide_atapi_cmd_check_status(IDEState *s)
783 {
784 #ifdef DEBUG_IDE_ATAPI
785 printf("atapi_cmd_check_status\n");
786 #endif
787 s->error = MC_ERR | (SENSE_UNIT_ATTENTION << 4);
788 s->status = ERR_STAT;
789 s->nsector = 0;
790 ide_set_irq(s);
791 }
792
793 static inline void cpu_to_ube16(uint8_t *buf, int val)
794 {
795 buf[0] = val >> 8;
796 buf[1] = val & 0xff;
797 }
798
799 static inline void cpu_to_ube32(uint8_t *buf, unsigned int val)
800 {
801 buf[0] = val >> 24;
802 buf[1] = val >> 16;
803 buf[2] = val >> 8;
804 buf[3] = val & 0xff;
805 }
806
807 static inline int ube16_to_cpu(const uint8_t *buf)
808 {
809 return (buf[0] << 8) | buf[1];
810 }
811
812 static inline int ube32_to_cpu(const uint8_t *buf)
813 {
814 return (buf[0] << 24) | (buf[1] << 16) | (buf[2] << 8) | buf[3];
815 }
816
817 static void lba_to_msf(uint8_t *buf, int lba)
818 {
819 lba += 150;
820 buf[0] = (lba / 75) / 60;
821 buf[1] = (lba / 75) % 60;
822 buf[2] = lba % 75;
823 }
824
825 static void cd_data_to_raw(uint8_t *buf, int lba)
826 {
827 /* sync bytes */
828 buf[0] = 0x00;
829 memset(buf + 1, 0xff, 10);
830 buf[11] = 0x00;
831 buf += 12;
832 /* MSF */
833 lba_to_msf(buf, lba);
834 buf[3] = 0x01; /* mode 1 data */
835 buf += 4;
836 /* data */
837 buf += 2048;
838 /* XXX: ECC not computed */
839 memset(buf, 0, 288);
840 }
841
842 static int cd_read_sector(BlockDriverState *bs, int lba, uint8_t *buf,
843 int sector_size)
844 {
845 int ret;
846
847 switch(sector_size) {
848 case 2048:
849 ret = bdrv_read(bs, (int64_t)lba << 2, buf, 4);
850 break;
851 case 2352:
852 ret = bdrv_read(bs, (int64_t)lba << 2, buf + 16, 4);
853 if (ret < 0)
854 return ret;
855 cd_data_to_raw(buf, lba);
856 break;
857 default:
858 ret = -EIO;
859 break;
860 }
861 return ret;
862 }
863
864 void ide_atapi_io_error(IDEState *s, int ret)
865 {
866 /* XXX: handle more errors */
867 if (ret == -ENOMEDIUM) {
868 ide_atapi_cmd_error(s, SENSE_NOT_READY,
869 ASC_MEDIUM_NOT_PRESENT);
870 } else {
871 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
872 ASC_LOGICAL_BLOCK_OOR);
873 }
874 }
875
876 /* The whole ATAPI transfer logic is handled in this function */
877 static void ide_atapi_cmd_reply_end(IDEState *s)
878 {
879 int byte_count_limit, size, ret;
880 #ifdef DEBUG_IDE_ATAPI
881 printf("reply: tx_size=%d elem_tx_size=%d index=%d\n",
882 s->packet_transfer_size,
883 s->elementary_transfer_size,
884 s->io_buffer_index);
885 #endif
886 if (s->packet_transfer_size <= 0) {
887 /* end of transfer */
888 ide_transfer_stop(s);
889 s->status = READY_STAT | SEEK_STAT;
890 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
891 ide_set_irq(s);
892 #ifdef DEBUG_IDE_ATAPI
893 printf("status=0x%x\n", s->status);
894 #endif
895 } else {
896 /* see if a new sector must be read */
897 if (s->lba != -1 && s->io_buffer_index >= s->cd_sector_size) {
898 ret = cd_read_sector(s->bs, s->lba, s->io_buffer, s->cd_sector_size);
899 if (ret < 0) {
900 ide_transfer_stop(s);
901 ide_atapi_io_error(s, ret);
902 return;
903 }
904 s->lba++;
905 s->io_buffer_index = 0;
906 }
907 if (s->elementary_transfer_size > 0) {
908 /* there are some data left to transmit in this elementary
909 transfer */
910 size = s->cd_sector_size - s->io_buffer_index;
911 if (size > s->elementary_transfer_size)
912 size = s->elementary_transfer_size;
913 ide_transfer_start(s, s->io_buffer + s->io_buffer_index,
914 size, ide_atapi_cmd_reply_end);
915 s->packet_transfer_size -= size;
916 s->elementary_transfer_size -= size;
917 s->io_buffer_index += size;
918 } else {
919 /* a new transfer is needed */
920 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO;
921 byte_count_limit = s->lcyl | (s->hcyl << 8);
922 #ifdef DEBUG_IDE_ATAPI
923 printf("byte_count_limit=%d\n", byte_count_limit);
924 #endif
925 if (byte_count_limit == 0xffff)
926 byte_count_limit--;
927 size = s->packet_transfer_size;
928 if (size > byte_count_limit) {
929 /* byte count limit must be even if this case */
930 if (byte_count_limit & 1)
931 byte_count_limit--;
932 size = byte_count_limit;
933 }
934 s->lcyl = size;
935 s->hcyl = size >> 8;
936 s->elementary_transfer_size = size;
937 /* we cannot transmit more than one sector at a time */
938 if (s->lba != -1) {
939 if (size > (s->cd_sector_size - s->io_buffer_index))
940 size = (s->cd_sector_size - s->io_buffer_index);
941 }
942 ide_transfer_start(s, s->io_buffer + s->io_buffer_index,
943 size, ide_atapi_cmd_reply_end);
944 s->packet_transfer_size -= size;
945 s->elementary_transfer_size -= size;
946 s->io_buffer_index += size;
947 ide_set_irq(s);
948 #ifdef DEBUG_IDE_ATAPI
949 printf("status=0x%x\n", s->status);
950 #endif
951 }
952 }
953 }
954
955 /* send a reply of 'size' bytes in s->io_buffer to an ATAPI command */
956 static void ide_atapi_cmd_reply(IDEState *s, int size, int max_size)
957 {
958 if (size > max_size)
959 size = max_size;
960 s->lba = -1; /* no sector read */
961 s->packet_transfer_size = size;
962 s->io_buffer_size = size; /* dma: send the reply data as one chunk */
963 s->elementary_transfer_size = 0;
964 s->io_buffer_index = 0;
965
966 if (s->atapi_dma) {
967 s->status = READY_STAT | SEEK_STAT | DRQ_STAT;
968 ide_dma_start(s, ide_atapi_cmd_read_dma_cb);
969 } else {
970 s->status = READY_STAT | SEEK_STAT;
971 ide_atapi_cmd_reply_end(s);
972 }
973 }
974
975 /* start a CD-CDROM read command */
976 static void ide_atapi_cmd_read_pio(IDEState *s, int lba, int nb_sectors,
977 int sector_size)
978 {
979 s->lba = lba;
980 s->packet_transfer_size = nb_sectors * sector_size;
981 s->elementary_transfer_size = 0;
982 s->io_buffer_index = sector_size;
983 s->cd_sector_size = sector_size;
984
985 s->status = READY_STAT | SEEK_STAT;
986 ide_atapi_cmd_reply_end(s);
987 }
988
989 /* ATAPI DMA support */
990
991 /* XXX: handle read errors */
992 static void ide_atapi_cmd_read_dma_cb(void *opaque, int ret)
993 {
994 BMDMAState *bm = opaque;
995 IDEState *s = bmdma_active_if(bm);
996 int data_offset, n;
997
998 if (ret < 0) {
999 ide_atapi_io_error(s, ret);
1000 goto eot;
1001 }
1002
1003 if (s->io_buffer_size > 0) {
1004 /*
1005 * For a cdrom read sector command (s->lba != -1),
1006 * adjust the lba for the next s->io_buffer_size chunk
1007 * and dma the current chunk.
1008 * For a command != read (s->lba == -1), just transfer
1009 * the reply data.
1010 */
1011 if (s->lba != -1) {
1012 if (s->cd_sector_size == 2352) {
1013 n = 1;
1014 cd_data_to_raw(s->io_buffer, s->lba);
1015 } else {
1016 n = s->io_buffer_size >> 11;
1017 }
1018 s->lba += n;
1019 }
1020 s->packet_transfer_size -= s->io_buffer_size;
1021 if (dma_buf_rw(bm, 1) == 0)
1022 goto eot;
1023 }
1024
1025 if (s->packet_transfer_size <= 0) {
1026 s->status = READY_STAT | SEEK_STAT;
1027 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
1028 ide_set_irq(s);
1029 eot:
1030 bm->status &= ~BM_STATUS_DMAING;
1031 bm->status |= BM_STATUS_INT;
1032 bm->dma_cb = NULL;
1033 bm->unit = -1;
1034 bm->aiocb = NULL;
1035 return;
1036 }
1037
1038 s->io_buffer_index = 0;
1039 if (s->cd_sector_size == 2352) {
1040 n = 1;
1041 s->io_buffer_size = s->cd_sector_size;
1042 data_offset = 16;
1043 } else {
1044 n = s->packet_transfer_size >> 11;
1045 if (n > (IDE_DMA_BUF_SECTORS / 4))
1046 n = (IDE_DMA_BUF_SECTORS / 4);
1047 s->io_buffer_size = n * 2048;
1048 data_offset = 0;
1049 }
1050 #ifdef DEBUG_AIO
1051 printf("aio_read_cd: lba=%u n=%d\n", s->lba, n);
1052 #endif
1053 bm->iov.iov_base = (void *)(s->io_buffer + data_offset);
1054 bm->iov.iov_len = n * 4 * 512;
1055 qemu_iovec_init_external(&bm->qiov, &bm->iov, 1);
1056 bm->aiocb = bdrv_aio_readv(s->bs, (int64_t)s->lba << 2, &bm->qiov,
1057 n * 4, ide_atapi_cmd_read_dma_cb, bm);
1058 if (!bm->aiocb) {
1059 /* Note: media not present is the most likely case */
1060 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1061 ASC_MEDIUM_NOT_PRESENT);
1062 goto eot;
1063 }
1064 }
1065
1066 /* start a CD-CDROM read command with DMA */
1067 /* XXX: test if DMA is available */
1068 static void ide_atapi_cmd_read_dma(IDEState *s, int lba, int nb_sectors,
1069 int sector_size)
1070 {
1071 s->lba = lba;
1072 s->packet_transfer_size = nb_sectors * sector_size;
1073 s->io_buffer_index = 0;
1074 s->io_buffer_size = 0;
1075 s->cd_sector_size = sector_size;
1076
1077 /* XXX: check if BUSY_STAT should be set */
1078 s->status = READY_STAT | SEEK_STAT | DRQ_STAT | BUSY_STAT;
1079 ide_dma_start(s, ide_atapi_cmd_read_dma_cb);
1080 }
1081
1082 static void ide_atapi_cmd_read(IDEState *s, int lba, int nb_sectors,
1083 int sector_size)
1084 {
1085 #ifdef DEBUG_IDE_ATAPI
1086 printf("read %s: LBA=%d nb_sectors=%d\n", s->atapi_dma ? "dma" : "pio",
1087 lba, nb_sectors);
1088 #endif
1089 if (s->atapi_dma) {
1090 ide_atapi_cmd_read_dma(s, lba, nb_sectors, sector_size);
1091 } else {
1092 ide_atapi_cmd_read_pio(s, lba, nb_sectors, sector_size);
1093 }
1094 }
1095
1096 static inline uint8_t ide_atapi_set_profile(uint8_t *buf, uint8_t *index,
1097 uint16_t profile)
1098 {
1099 uint8_t *buf_profile = buf + 12; /* start of profiles */
1100
1101 buf_profile += ((*index) * 4); /* start of indexed profile */
1102 cpu_to_ube16 (buf_profile, profile);
1103 buf_profile[2] = ((buf_profile[0] == buf[6]) && (buf_profile[1] == buf[7]));
1104
1105 /* each profile adds 4 bytes to the response */
1106 (*index)++;
1107 buf[11] += 4; /* Additional Length */
1108
1109 return 4;
1110 }
1111
1112 static int ide_dvd_read_structure(IDEState *s, int format,
1113 const uint8_t *packet, uint8_t *buf)
1114 {
1115 switch (format) {
1116 case 0x0: /* Physical format information */
1117 {
1118 int layer = packet[6];
1119 uint64_t total_sectors;
1120
1121 if (layer != 0)
1122 return -ASC_INV_FIELD_IN_CMD_PACKET;
1123
1124 bdrv_get_geometry(s->bs, &total_sectors);
1125 total_sectors >>= 2;
1126 if (total_sectors == 0)
1127 return -ASC_MEDIUM_NOT_PRESENT;
1128
1129 buf[4] = 1; /* DVD-ROM, part version 1 */
1130 buf[5] = 0xf; /* 120mm disc, minimum rate unspecified */
1131 buf[6] = 1; /* one layer, read-only (per MMC-2 spec) */
1132 buf[7] = 0; /* default densities */
1133
1134 /* FIXME: 0x30000 per spec? */
1135 cpu_to_ube32(buf + 8, 0); /* start sector */
1136 cpu_to_ube32(buf + 12, total_sectors - 1); /* end sector */
1137 cpu_to_ube32(buf + 16, total_sectors - 1); /* l0 end sector */
1138
1139 /* Size of buffer, not including 2 byte size field */
1140 cpu_to_be16wu((uint16_t *)buf, 2048 + 2);
1141
1142 /* 2k data + 4 byte header */
1143 return (2048 + 4);
1144 }
1145
1146 case 0x01: /* DVD copyright information */
1147 buf[4] = 0; /* no copyright data */
1148 buf[5] = 0; /* no region restrictions */
1149
1150 /* Size of buffer, not including 2 byte size field */
1151 cpu_to_be16wu((uint16_t *)buf, 4 + 2);
1152
1153 /* 4 byte header + 4 byte data */
1154 return (4 + 4);
1155
1156 case 0x03: /* BCA information - invalid field for no BCA info */
1157 return -ASC_INV_FIELD_IN_CMD_PACKET;
1158
1159 case 0x04: /* DVD disc manufacturing information */
1160 /* Size of buffer, not including 2 byte size field */
1161 cpu_to_be16wu((uint16_t *)buf, 2048 + 2);
1162
1163 /* 2k data + 4 byte header */
1164 return (2048 + 4);
1165
1166 case 0xff:
1167 /*
1168 * This lists all the command capabilities above. Add new ones
1169 * in order and update the length and buffer return values.
1170 */
1171
1172 buf[4] = 0x00; /* Physical format */
1173 buf[5] = 0x40; /* Not writable, is readable */
1174 cpu_to_be16wu((uint16_t *)(buf + 6), 2048 + 4);
1175
1176 buf[8] = 0x01; /* Copyright info */
1177 buf[9] = 0x40; /* Not writable, is readable */
1178 cpu_to_be16wu((uint16_t *)(buf + 10), 4 + 4);
1179
1180 buf[12] = 0x03; /* BCA info */
1181 buf[13] = 0x40; /* Not writable, is readable */
1182 cpu_to_be16wu((uint16_t *)(buf + 14), 188 + 4);
1183
1184 buf[16] = 0x04; /* Manufacturing info */
1185 buf[17] = 0x40; /* Not writable, is readable */
1186 cpu_to_be16wu((uint16_t *)(buf + 18), 2048 + 4);
1187
1188 /* Size of buffer, not including 2 byte size field */
1189 cpu_to_be16wu((uint16_t *)buf, 16 + 2);
1190
1191 /* data written + 4 byte header */
1192 return (16 + 4);
1193
1194 default: /* TODO: formats beyond DVD-ROM requires */
1195 return -ASC_INV_FIELD_IN_CMD_PACKET;
1196 }
1197 }
1198
1199 static void ide_atapi_cmd(IDEState *s)
1200 {
1201 const uint8_t *packet;
1202 uint8_t *buf;
1203 int max_len;
1204
1205 packet = s->io_buffer;
1206 buf = s->io_buffer;
1207 #ifdef DEBUG_IDE_ATAPI
1208 {
1209 int i;
1210 printf("ATAPI limit=0x%x packet:", s->lcyl | (s->hcyl << 8));
1211 for(i = 0; i < ATAPI_PACKET_SIZE; i++) {
1212 printf(" %02x", packet[i]);
1213 }
1214 printf("\n");
1215 }
1216 #endif
1217 /* If there's a UNIT_ATTENTION condition pending, only
1218 REQUEST_SENSE and INQUIRY commands are allowed to complete. */
1219 if (s->sense_key == SENSE_UNIT_ATTENTION &&
1220 s->io_buffer[0] != GPCMD_REQUEST_SENSE &&
1221 s->io_buffer[0] != GPCMD_INQUIRY) {
1222 ide_atapi_cmd_check_status(s);
1223 return;
1224 }
1225 switch(s->io_buffer[0]) {
1226 case GPCMD_TEST_UNIT_READY:
1227 if (bdrv_is_inserted(s->bs) && !s->cdrom_changed) {
1228 ide_atapi_cmd_ok(s);
1229 } else {
1230 s->cdrom_changed = 0;
1231 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1232 ASC_MEDIUM_NOT_PRESENT);
1233 }
1234 break;
1235 case GPCMD_MODE_SENSE_6:
1236 case GPCMD_MODE_SENSE_10:
1237 {
1238 int action, code;
1239 if (packet[0] == GPCMD_MODE_SENSE_10)
1240 max_len = ube16_to_cpu(packet + 7);
1241 else
1242 max_len = packet[4];
1243 action = packet[2] >> 6;
1244 code = packet[2] & 0x3f;
1245 switch(action) {
1246 case 0: /* current values */
1247 switch(code) {
1248 case 0x01: /* error recovery */
1249 cpu_to_ube16(&buf[0], 16 + 6);
1250 buf[2] = 0x70;
1251 buf[3] = 0;
1252 buf[4] = 0;
1253 buf[5] = 0;
1254 buf[6] = 0;
1255 buf[7] = 0;
1256
1257 buf[8] = 0x01;
1258 buf[9] = 0x06;
1259 buf[10] = 0x00;
1260 buf[11] = 0x05;
1261 buf[12] = 0x00;
1262 buf[13] = 0x00;
1263 buf[14] = 0x00;
1264 buf[15] = 0x00;
1265 ide_atapi_cmd_reply(s, 16, max_len);
1266 break;
1267 case 0x2a:
1268 cpu_to_ube16(&buf[0], 28 + 6);
1269 buf[2] = 0x70;
1270 buf[3] = 0;
1271 buf[4] = 0;
1272 buf[5] = 0;
1273 buf[6] = 0;
1274 buf[7] = 0;
1275
1276 buf[8] = 0x2a;
1277 buf[9] = 0x12;
1278 buf[10] = 0x00;
1279 buf[11] = 0x00;
1280
1281 /* Claim PLAY_AUDIO capability (0x01) since some Linux
1282 code checks for this to automount media. */
1283 buf[12] = 0x71;
1284 buf[13] = 3 << 5;
1285 buf[14] = (1 << 0) | (1 << 3) | (1 << 5);
1286 if (bdrv_is_locked(s->bs))
1287 buf[6] |= 1 << 1;
1288 buf[15] = 0x00;
1289 cpu_to_ube16(&buf[16], 706);
1290 buf[18] = 0;
1291 buf[19] = 2;
1292 cpu_to_ube16(&buf[20], 512);
1293 cpu_to_ube16(&buf[22], 706);
1294 buf[24] = 0;
1295 buf[25] = 0;
1296 buf[26] = 0;
1297 buf[27] = 0;
1298 ide_atapi_cmd_reply(s, 28, max_len);
1299 break;
1300 default:
1301 goto error_cmd;
1302 }
1303 break;
1304 case 1: /* changeable values */
1305 goto error_cmd;
1306 case 2: /* default values */
1307 goto error_cmd;
1308 default:
1309 case 3: /* saved values */
1310 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1311 ASC_SAVING_PARAMETERS_NOT_SUPPORTED);
1312 break;
1313 }
1314 }
1315 break;
1316 case GPCMD_REQUEST_SENSE:
1317 max_len = packet[4];
1318 memset(buf, 0, 18);
1319 buf[0] = 0x70 | (1 << 7);
1320 buf[2] = s->sense_key;
1321 buf[7] = 10;
1322 buf[12] = s->asc;
1323 if (s->sense_key == SENSE_UNIT_ATTENTION)
1324 s->sense_key = SENSE_NONE;
1325 ide_atapi_cmd_reply(s, 18, max_len);
1326 break;
1327 case GPCMD_PREVENT_ALLOW_MEDIUM_REMOVAL:
1328 if (bdrv_is_inserted(s->bs)) {
1329 bdrv_set_locked(s->bs, packet[4] & 1);
1330 ide_atapi_cmd_ok(s);
1331 } else {
1332 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1333 ASC_MEDIUM_NOT_PRESENT);
1334 }
1335 break;
1336 case GPCMD_READ_10:
1337 case GPCMD_READ_12:
1338 {
1339 int nb_sectors, lba;
1340
1341 if (packet[0] == GPCMD_READ_10)
1342 nb_sectors = ube16_to_cpu(packet + 7);
1343 else
1344 nb_sectors = ube32_to_cpu(packet + 6);
1345 lba = ube32_to_cpu(packet + 2);
1346 if (nb_sectors == 0) {
1347 ide_atapi_cmd_ok(s);
1348 break;
1349 }
1350 ide_atapi_cmd_read(s, lba, nb_sectors, 2048);
1351 }
1352 break;
1353 case GPCMD_READ_CD:
1354 {
1355 int nb_sectors, lba, transfer_request;
1356
1357 nb_sectors = (packet[6] << 16) | (packet[7] << 8) | packet[8];
1358 lba = ube32_to_cpu(packet + 2);
1359 if (nb_sectors == 0) {
1360 ide_atapi_cmd_ok(s);
1361 break;
1362 }
1363 transfer_request = packet[9];
1364 switch(transfer_request & 0xf8) {
1365 case 0x00:
1366 /* nothing */
1367 ide_atapi_cmd_ok(s);
1368 break;
1369 case 0x10:
1370 /* normal read */
1371 ide_atapi_cmd_read(s, lba, nb_sectors, 2048);
1372 break;
1373 case 0xf8:
1374 /* read all data */
1375 ide_atapi_cmd_read(s, lba, nb_sectors, 2352);
1376 break;
1377 default:
1378 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1379 ASC_INV_FIELD_IN_CMD_PACKET);
1380 break;
1381 }
1382 }
1383 break;
1384 case GPCMD_SEEK:
1385 {
1386 unsigned int lba;
1387 uint64_t total_sectors;
1388
1389 bdrv_get_geometry(s->bs, &total_sectors);
1390 total_sectors >>= 2;
1391 if (total_sectors == 0) {
1392 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1393 ASC_MEDIUM_NOT_PRESENT);
1394 break;
1395 }
1396 lba = ube32_to_cpu(packet + 2);
1397 if (lba >= total_sectors) {
1398 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1399 ASC_LOGICAL_BLOCK_OOR);
1400 break;
1401 }
1402 ide_atapi_cmd_ok(s);
1403 }
1404 break;
1405 case GPCMD_START_STOP_UNIT:
1406 {
1407 int start, eject, err = 0;
1408 start = packet[4] & 1;
1409 eject = (packet[4] >> 1) & 1;
1410
1411 if (eject) {
1412 err = bdrv_eject(s->bs, !start);
1413 }
1414
1415 switch (err) {
1416 case 0:
1417 ide_atapi_cmd_ok(s);
1418 break;
1419 case -EBUSY:
1420 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1421 ASC_MEDIA_REMOVAL_PREVENTED);
1422 break;
1423 default:
1424 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1425 ASC_MEDIUM_NOT_PRESENT);
1426 break;
1427 }
1428 }
1429 break;
1430 case GPCMD_MECHANISM_STATUS:
1431 {
1432 max_len = ube16_to_cpu(packet + 8);
1433 cpu_to_ube16(buf, 0);
1434 /* no current LBA */
1435 buf[2] = 0;
1436 buf[3] = 0;
1437 buf[4] = 0;
1438 buf[5] = 1;
1439 cpu_to_ube16(buf + 6, 0);
1440 ide_atapi_cmd_reply(s, 8, max_len);
1441 }
1442 break;
1443 case GPCMD_READ_TOC_PMA_ATIP:
1444 {
1445 int format, msf, start_track, len;
1446 uint64_t total_sectors;
1447
1448 bdrv_get_geometry(s->bs, &total_sectors);
1449 total_sectors >>= 2;
1450 if (total_sectors == 0) {
1451 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1452 ASC_MEDIUM_NOT_PRESENT);
1453 break;
1454 }
1455 max_len = ube16_to_cpu(packet + 7);
1456 format = packet[9] >> 6;
1457 msf = (packet[1] >> 1) & 1;
1458 start_track = packet[6];
1459 switch(format) {
1460 case 0:
1461 len = cdrom_read_toc(total_sectors, buf, msf, start_track);
1462 if (len < 0)
1463 goto error_cmd;
1464 ide_atapi_cmd_reply(s, len, max_len);
1465 break;
1466 case 1:
1467 /* multi session : only a single session defined */
1468 memset(buf, 0, 12);
1469 buf[1] = 0x0a;
1470 buf[2] = 0x01;
1471 buf[3] = 0x01;
1472 ide_atapi_cmd_reply(s, 12, max_len);
1473 break;
1474 case 2:
1475 len = cdrom_read_toc_raw(total_sectors, buf, msf, start_track);
1476 if (len < 0)
1477 goto error_cmd;
1478 ide_atapi_cmd_reply(s, len, max_len);
1479 break;
1480 default:
1481 error_cmd:
1482 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1483 ASC_INV_FIELD_IN_CMD_PACKET);
1484 break;
1485 }
1486 }
1487 break;
1488 case GPCMD_READ_CDVD_CAPACITY:
1489 {
1490 uint64_t total_sectors;
1491
1492 bdrv_get_geometry(s->bs, &total_sectors);
1493 total_sectors >>= 2;
1494 if (total_sectors == 0) {
1495 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1496 ASC_MEDIUM_NOT_PRESENT);
1497 break;
1498 }
1499 /* NOTE: it is really the number of sectors minus 1 */
1500 cpu_to_ube32(buf, total_sectors - 1);
1501 cpu_to_ube32(buf + 4, 2048);
1502 ide_atapi_cmd_reply(s, 8, 8);
1503 }
1504 break;
1505 case GPCMD_READ_DVD_STRUCTURE:
1506 {
1507 int media = packet[1];
1508 int format = packet[7];
1509 int ret;
1510
1511 max_len = ube16_to_cpu(packet + 8);
1512
1513 if (format < 0xff) {
1514 if (media_is_cd(s)) {
1515 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1516 ASC_INCOMPATIBLE_FORMAT);
1517 break;
1518 } else if (!media_present(s)) {
1519 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1520 ASC_INV_FIELD_IN_CMD_PACKET);
1521 break;
1522 }
1523 }
1524
1525 memset(buf, 0, max_len > IDE_DMA_BUF_SECTORS * 512 + 4 ?
1526 IDE_DMA_BUF_SECTORS * 512 + 4 : max_len);
1527
1528 switch (format) {
1529 case 0x00 ... 0x7f:
1530 case 0xff:
1531 if (media == 0) {
1532 ret = ide_dvd_read_structure(s, format, packet, buf);
1533
1534 if (ret < 0)
1535 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST, -ret);
1536 else
1537 ide_atapi_cmd_reply(s, ret, max_len);
1538
1539 break;
1540 }
1541 /* TODO: BD support, fall through for now */
1542
1543 /* Generic disk structures */
1544 case 0x80: /* TODO: AACS volume identifier */
1545 case 0x81: /* TODO: AACS media serial number */
1546 case 0x82: /* TODO: AACS media identifier */
1547 case 0x83: /* TODO: AACS media key block */
1548 case 0x90: /* TODO: List of recognized format layers */
1549 case 0xc0: /* TODO: Write protection status */
1550 default:
1551 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1552 ASC_INV_FIELD_IN_CMD_PACKET);
1553 break;
1554 }
1555 }
1556 break;
1557 case GPCMD_SET_SPEED:
1558 ide_atapi_cmd_ok(s);
1559 break;
1560 case GPCMD_INQUIRY:
1561 max_len = packet[4];
1562 buf[0] = 0x05; /* CD-ROM */
1563 buf[1] = 0x80; /* removable */
1564 buf[2] = 0x00; /* ISO */
1565 buf[3] = 0x21; /* ATAPI-2 (XXX: put ATAPI-4 ?) */
1566 buf[4] = 31; /* additional length */
1567 buf[5] = 0; /* reserved */
1568 buf[6] = 0; /* reserved */
1569 buf[7] = 0; /* reserved */
1570 padstr8(buf + 8, 8, "QEMU");
1571 padstr8(buf + 16, 16, "QEMU DVD-ROM");
1572 padstr8(buf + 32, 4, QEMU_VERSION);
1573 ide_atapi_cmd_reply(s, 36, max_len);
1574 break;
1575 case GPCMD_GET_CONFIGURATION:
1576 {
1577 uint32_t len;
1578 uint8_t index = 0;
1579
1580 /* only feature 0 is supported */
1581 if (packet[2] != 0 || packet[3] != 0) {
1582 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1583 ASC_INV_FIELD_IN_CMD_PACKET);
1584 break;
1585 }
1586
1587 /* XXX: could result in alignment problems in some architectures */
1588 max_len = ube16_to_cpu(packet + 7);
1589
1590 /*
1591 * XXX: avoid overflow for io_buffer if max_len is bigger than
1592 * the size of that buffer (dimensioned to max number of
1593 * sectors to transfer at once)
1594 *
1595 * Only a problem if the feature/profiles grow.
1596 */
1597 if (max_len > 512) /* XXX: assume 1 sector */
1598 max_len = 512;
1599
1600 memset(buf, 0, max_len);
1601 /*
1602 * the number of sectors from the media tells us which profile
1603 * to use as current. 0 means there is no media
1604 */
1605 if (media_is_dvd(s))
1606 cpu_to_ube16(buf + 6, MMC_PROFILE_DVD_ROM);
1607 else if (media_is_cd(s))
1608 cpu_to_ube16(buf + 6, MMC_PROFILE_CD_ROM);
1609
1610 buf[10] = 0x02 | 0x01; /* persistent and current */
1611 len = 12; /* headers: 8 + 4 */
1612 len += ide_atapi_set_profile(buf, &index, MMC_PROFILE_DVD_ROM);
1613 len += ide_atapi_set_profile(buf, &index, MMC_PROFILE_CD_ROM);
1614 cpu_to_ube32(buf, len - 4); /* data length */
1615
1616 ide_atapi_cmd_reply(s, len, max_len);
1617 break;
1618 }
1619 default:
1620 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1621 ASC_ILLEGAL_OPCODE);
1622 break;
1623 }
1624 }
1625
1626 static void ide_cfata_metadata_inquiry(IDEState *s)
1627 {
1628 uint16_t *p;
1629 uint32_t spd;
1630
1631 p = (uint16_t *) s->io_buffer;
1632 memset(p, 0, 0x200);
1633 spd = ((s->mdata_size - 1) >> 9) + 1;
1634
1635 put_le16(p + 0, 0x0001); /* Data format revision */
1636 put_le16(p + 1, 0x0000); /* Media property: silicon */
1637 put_le16(p + 2, s->media_changed); /* Media status */
1638 put_le16(p + 3, s->mdata_size & 0xffff); /* Capacity in bytes (low) */
1639 put_le16(p + 4, s->mdata_size >> 16); /* Capacity in bytes (high) */
1640 put_le16(p + 5, spd & 0xffff); /* Sectors per device (low) */
1641 put_le16(p + 6, spd >> 16); /* Sectors per device (high) */
1642 }
1643
1644 static void ide_cfata_metadata_read(IDEState *s)
1645 {
1646 uint16_t *p;
1647
1648 if (((s->hcyl << 16) | s->lcyl) << 9 > s->mdata_size + 2) {
1649 s->status = ERR_STAT;
1650 s->error = ABRT_ERR;
1651 return;
1652 }
1653
1654 p = (uint16_t *) s->io_buffer;
1655 memset(p, 0, 0x200);
1656
1657 put_le16(p + 0, s->media_changed); /* Media status */
1658 memcpy(p + 1, s->mdata_storage + (((s->hcyl << 16) | s->lcyl) << 9),
1659 MIN(MIN(s->mdata_size - (((s->hcyl << 16) | s->lcyl) << 9),
1660 s->nsector << 9), 0x200 - 2));
1661 }
1662
1663 static void ide_cfata_metadata_write(IDEState *s)
1664 {
1665 if (((s->hcyl << 16) | s->lcyl) << 9 > s->mdata_size + 2) {
1666 s->status = ERR_STAT;
1667 s->error = ABRT_ERR;
1668 return;
1669 }
1670
1671 s->media_changed = 0;
1672
1673 memcpy(s->mdata_storage + (((s->hcyl << 16) | s->lcyl) << 9),
1674 s->io_buffer + 2,
1675 MIN(MIN(s->mdata_size - (((s->hcyl << 16) | s->lcyl) << 9),
1676 s->nsector << 9), 0x200 - 2));
1677 }
1678
1679 /* called when the inserted state of the media has changed */
1680 static void cdrom_change_cb(void *opaque)
1681 {
1682 IDEState *s = opaque;
1683 uint64_t nb_sectors;
1684
1685 bdrv_get_geometry(s->bs, &nb_sectors);
1686 s->nb_sectors = nb_sectors;
1687
1688 s->sense_key = SENSE_UNIT_ATTENTION;
1689 s->asc = ASC_MEDIUM_MAY_HAVE_CHANGED;
1690 s->cdrom_changed = 1;
1691 ide_set_irq(s);
1692 }
1693
1694 static void ide_cmd_lba48_transform(IDEState *s, int lba48)
1695 {
1696 s->lba48 = lba48;
1697
1698 /* handle the 'magic' 0 nsector count conversion here. to avoid
1699 * fiddling with the rest of the read logic, we just store the
1700 * full sector count in ->nsector and ignore ->hob_nsector from now
1701 */
1702 if (!s->lba48) {
1703 if (!s->nsector)
1704 s->nsector = 256;
1705 } else {
1706 if (!s->nsector && !s->hob_nsector)
1707 s->nsector = 65536;
1708 else {
1709 int lo = s->nsector;
1710 int hi = s->hob_nsector;
1711
1712 s->nsector = (hi << 8) | lo;
1713 }
1714 }
1715 }
1716
1717 static void ide_clear_hob(IDEBus *bus)
1718 {
1719 /* any write clears HOB high bit of device control register */
1720 bus->ifs[0].select &= ~(1 << 7);
1721 bus->ifs[1].select &= ~(1 << 7);
1722 }
1723
1724 void ide_ioport_write(void *opaque, uint32_t addr, uint32_t val)
1725 {
1726 IDEBus *bus = opaque;
1727 IDEState *s;
1728 int n;
1729 int lba48 = 0;
1730
1731 #ifdef DEBUG_IDE
1732 printf("IDE: write addr=0x%x val=0x%02x\n", addr, val);
1733 #endif
1734
1735 addr &= 7;
1736
1737 /* ignore writes to command block while busy with previous command */
1738 if (addr != 7 && (idebus_active_if(bus)->status & (BUSY_STAT|DRQ_STAT)))
1739 return;
1740
1741 switch(addr) {
1742 case 0:
1743 break;
1744 case 1:
1745 ide_clear_hob(bus);
1746 /* NOTE: data is written to the two drives */
1747 bus->ifs[0].hob_feature = bus->ifs[0].feature;
1748 bus->ifs[1].hob_feature = bus->ifs[1].feature;
1749 bus->ifs[0].feature = val;
1750 bus->ifs[1].feature = val;
1751 break;
1752 case 2:
1753 ide_clear_hob(bus);
1754 bus->ifs[0].hob_nsector = bus->ifs[0].nsector;
1755 bus->ifs[1].hob_nsector = bus->ifs[1].nsector;
1756 bus->ifs[0].nsector = val;
1757 bus->ifs[1].nsector = val;
1758 break;
1759 case 3:
1760 ide_clear_hob(bus);
1761 bus->ifs[0].hob_sector = bus->ifs[0].sector;
1762 bus->ifs[1].hob_sector = bus->ifs[1].sector;
1763 bus->ifs[0].sector = val;
1764 bus->ifs[1].sector = val;
1765 break;
1766 case 4:
1767 ide_clear_hob(bus);
1768 bus->ifs[0].hob_lcyl = bus->ifs[0].lcyl;
1769 bus->ifs[1].hob_lcyl = bus->ifs[1].lcyl;
1770 bus->ifs[0].lcyl = val;
1771 bus->ifs[1].lcyl = val;
1772 break;
1773 case 5:
1774 ide_clear_hob(bus);
1775 bus->ifs[0].hob_hcyl = bus->ifs[0].hcyl;
1776 bus->ifs[1].hob_hcyl = bus->ifs[1].hcyl;
1777 bus->ifs[0].hcyl = val;
1778 bus->ifs[1].hcyl = val;
1779 break;
1780 case 6:
1781 /* FIXME: HOB readback uses bit 7 */
1782 bus->ifs[0].select = (val & ~0x10) | 0xa0;
1783 bus->ifs[1].select = (val | 0x10) | 0xa0;
1784 /* select drive */
1785 bus->unit = (val >> 4) & 1;
1786 break;
1787 default:
1788 case 7:
1789 /* command */
1790 #if defined(DEBUG_IDE)
1791 printf("ide: CMD=%02x\n", val);
1792 #endif
1793 s = idebus_active_if(bus);
1794 /* ignore commands to non existant slave */
1795 if (s != bus->ifs && !s->bs)
1796 break;
1797
1798 /* Only DEVICE RESET is allowed while BSY or/and DRQ are set */
1799 if ((s->status & (BUSY_STAT|DRQ_STAT)) && val != WIN_DEVICE_RESET)
1800 break;
1801
1802 switch(val) {
1803 case WIN_IDENTIFY:
1804 if (s->bs && !s->is_cdrom) {
1805 if (!s->is_cf)
1806 ide_identify(s);
1807 else
1808 ide_cfata_identify(s);
1809 s->status = READY_STAT | SEEK_STAT;
1810 ide_transfer_start(s, s->io_buffer, 512, ide_transfer_stop);
1811 } else {
1812 if (s->is_cdrom) {
1813 ide_set_signature(s);
1814 }
1815 ide_abort_command(s);
1816 }
1817 ide_set_irq(s);
1818 break;
1819 case WIN_SPECIFY:
1820 case WIN_RECAL:
1821 s->error = 0;
1822 s->status = READY_STAT | SEEK_STAT;
1823 ide_set_irq(s);
1824 break;
1825 case WIN_SETMULT:
1826 if (s->is_cf && s->nsector == 0) {
1827 /* Disable Read and Write Multiple */
1828 s->mult_sectors = 0;
1829 s->status = READY_STAT | SEEK_STAT;
1830 } else if ((s->nsector & 0xff) != 0 &&
1831 ((s->nsector & 0xff) > MAX_MULT_SECTORS ||
1832 (s->nsector & (s->nsector - 1)) != 0)) {
1833 ide_abort_command(s);
1834 } else {
1835 s->mult_sectors = s->nsector & 0xff;
1836 s->status = READY_STAT | SEEK_STAT;
1837 }
1838 ide_set_irq(s);
1839 break;
1840 case WIN_VERIFY_EXT:
1841 lba48 = 1;
1842 case WIN_VERIFY:
1843 case WIN_VERIFY_ONCE:
1844 /* do sector number check ? */
1845 ide_cmd_lba48_transform(s, lba48);
1846 s->status = READY_STAT | SEEK_STAT;
1847 ide_set_irq(s);
1848 break;
1849 case WIN_READ_EXT:
1850 lba48 = 1;
1851 case WIN_READ:
1852 case WIN_READ_ONCE:
1853 if (!s->bs)
1854 goto abort_cmd;
1855 ide_cmd_lba48_transform(s, lba48);
1856 s->req_nb_sectors = 1;
1857 ide_sector_read(s);
1858 break;
1859 case WIN_WRITE_EXT:
1860 lba48 = 1;
1861 case WIN_WRITE:
1862 case WIN_WRITE_ONCE:
1863 case CFA_WRITE_SECT_WO_ERASE:
1864 case WIN_WRITE_VERIFY:
1865 ide_cmd_lba48_transform(s, lba48);
1866 s->error = 0;
1867 s->status = SEEK_STAT | READY_STAT;
1868 s->req_nb_sectors = 1;
1869 ide_transfer_start(s, s->io_buffer, 512, ide_sector_write);
1870 s->media_changed = 1;
1871 break;
1872 case WIN_MULTREAD_EXT:
1873 lba48 = 1;
1874 case WIN_MULTREAD:
1875 if (!s->mult_sectors)
1876 goto abort_cmd;
1877 ide_cmd_lba48_transform(s, lba48);
1878 s->req_nb_sectors = s->mult_sectors;
1879 ide_sector_read(s);
1880 break;
1881 case WIN_MULTWRITE_EXT:
1882 lba48 = 1;
1883 case WIN_MULTWRITE:
1884 case CFA_WRITE_MULTI_WO_ERASE:
1885 if (!s->mult_sectors)
1886 goto abort_cmd;
1887 ide_cmd_lba48_transform(s, lba48);
1888 s->error = 0;
1889 s->status = SEEK_STAT | READY_STAT;
1890 s->req_nb_sectors = s->mult_sectors;
1891 n = s->nsector;
1892 if (n > s->req_nb_sectors)
1893 n = s->req_nb_sectors;
1894 ide_transfer_start(s, s->io_buffer, 512 * n, ide_sector_write);
1895 s->media_changed = 1;
1896 break;
1897 case WIN_READDMA_EXT:
1898 lba48 = 1;
1899 case WIN_READDMA:
1900 case WIN_READDMA_ONCE:
1901 if (!s->bs)
1902 goto abort_cmd;
1903 ide_cmd_lba48_transform(s, lba48);
1904 ide_sector_read_dma(s);
1905 break;
1906 case WIN_WRITEDMA_EXT:
1907 lba48 = 1;
1908 case WIN_WRITEDMA:
1909 case WIN_WRITEDMA_ONCE:
1910 if (!s->bs)
1911 goto abort_cmd;
1912 ide_cmd_lba48_transform(s, lba48);
1913 ide_sector_write_dma(s);
1914 s->media_changed = 1;
1915 break;
1916 case WIN_READ_NATIVE_MAX_EXT:
1917 lba48 = 1;
1918 case WIN_READ_NATIVE_MAX:
1919 ide_cmd_lba48_transform(s, lba48);
1920 ide_set_sector(s, s->nb_sectors - 1);
1921 s->status = READY_STAT | SEEK_STAT;
1922 ide_set_irq(s);
1923 break;
1924 case WIN_CHECKPOWERMODE1:
1925 case WIN_CHECKPOWERMODE2:
1926 s->nsector = 0xff; /* device active or idle */
1927 s->status = READY_STAT | SEEK_STAT;
1928 ide_set_irq(s);
1929 break;
1930 case WIN_SETFEATURES:
1931 if (!s->bs)
1932 goto abort_cmd;
1933 /* XXX: valid for CDROM ? */
1934 switch(s->feature) {
1935 case 0xcc: /* reverting to power-on defaults enable */
1936 case 0x66: /* reverting to power-on defaults disable */
1937 case 0x02: /* write cache enable */
1938 case 0x82: /* write cache disable */
1939 case 0xaa: /* read look-ahead enable */
1940 case 0x55: /* read look-ahead disable */
1941 case 0x05: /* set advanced power management mode */
1942 case 0x85: /* disable advanced power management mode */
1943 case 0x69: /* NOP */
1944 case 0x67: /* NOP */
1945 case 0x96: /* NOP */
1946 case 0x9a: /* NOP */
1947 case 0x42: /* enable Automatic Acoustic Mode */
1948 case 0xc2: /* disable Automatic Acoustic Mode */
1949 s->status = READY_STAT | SEEK_STAT;
1950 ide_set_irq(s);
1951 break;
1952 case 0x03: { /* set transfer mode */
1953 uint8_t val = s->nsector & 0x07;
1954
1955 switch (s->nsector >> 3) {
1956 case 0x00: /* pio default */
1957 case 0x01: /* pio mode */
1958 put_le16(s->identify_data + 62,0x07);
1959 put_le16(s->identify_data + 63,0x07);
1960 put_le16(s->identify_data + 88,0x3f);
1961 break;
1962 case 0x02: /* sigle word dma mode*/
1963 put_le16(s->identify_data + 62,0x07 | (1 << (val + 8)));
1964 put_le16(s->identify_data + 63,0x07);
1965 put_le16(s->identify_data + 88,0x3f);
1966 break;
1967 case 0x04: /* mdma mode */
1968 put_le16(s->identify_data + 62,0x07);
1969 put_le16(s->identify_data + 63,0x07 | (1 << (val + 8)));
1970 put_le16(s->identify_data + 88,0x3f);
1971 break;
1972 case 0x08: /* udma mode */
1973 put_le16(s->identify_data + 62,0x07);
1974 put_le16(s->identify_data + 63,0x07);
1975 put_le16(s->identify_data + 88,0x3f | (1 << (val + 8)));
1976 break;
1977 default:
1978 goto abort_cmd;
1979 }
1980 s->status = READY_STAT | SEEK_STAT;
1981 ide_set_irq(s);
1982 break;
1983 }
1984 default:
1985 goto abort_cmd;
1986 }
1987 break;
1988 case WIN_FLUSH_CACHE:
1989 case WIN_FLUSH_CACHE_EXT:
1990 if (s->bs)
1991 bdrv_flush(s->bs);
1992 s->status = READY_STAT | SEEK_STAT;
1993 ide_set_irq(s);
1994 break;
1995 case WIN_STANDBY:
1996 case WIN_STANDBY2:
1997 case WIN_STANDBYNOW1:
1998 case WIN_STANDBYNOW2:
1999 case WIN_IDLEIMMEDIATE:
2000 case CFA_IDLEIMMEDIATE:
2001 case WIN_SETIDLE1:
2002 case WIN_SETIDLE2:
2003 case WIN_SLEEPNOW1:
2004 case WIN_SLEEPNOW2:
2005 s->status = READY_STAT;
2006 ide_set_irq(s);
2007 break;
2008 case WIN_SEEK:
2009 if(s->is_cdrom)
2010 goto abort_cmd;
2011 /* XXX: Check that seek is within bounds */
2012 s->status = READY_STAT | SEEK_STAT;
2013 ide_set_irq(s);
2014 break;
2015 /* ATAPI commands */
2016 case WIN_PIDENTIFY:
2017 if (s->is_cdrom) {
2018 ide_atapi_identify(s);
2019 s->status = READY_STAT | SEEK_STAT;
2020 ide_transfer_start(s, s->io_buffer, 512, ide_transfer_stop);
2021 } else {
2022 ide_abort_command(s);
2023 }
2024 ide_set_irq(s);
2025 break;
2026 case WIN_DIAGNOSE:
2027 ide_set_signature(s);
2028 if (s->is_cdrom)
2029 s->status = 0; /* ATAPI spec (v6) section 9.10 defines packet
2030 * devices to return a clear status register
2031 * with READY_STAT *not* set. */
2032 else
2033 s->status = READY_STAT | SEEK_STAT;
2034 s->error = 0x01; /* Device 0 passed, Device 1 passed or not
2035 * present.
2036 */
2037 ide_set_irq(s);
2038 break;
2039 case WIN_SRST:
2040 if (!s->is_cdrom)
2041 goto abort_cmd;
2042 ide_set_signature(s);
2043 s->status = 0x00; /* NOTE: READY is _not_ set */
2044 s->error = 0x01;
2045 break;
2046 case WIN_PACKETCMD:
2047 if (!s->is_cdrom)
2048 goto abort_cmd;
2049 /* overlapping commands not supported */
2050 if (s->feature & 0x02)
2051 goto abort_cmd;
2052 s->status = READY_STAT | SEEK_STAT;
2053 s->atapi_dma = s->feature & 1;
2054 s->nsector = 1;
2055 ide_transfer_start(s, s->io_buffer, ATAPI_PACKET_SIZE,
2056 ide_atapi_cmd);
2057 break;
2058 /* CF-ATA commands */
2059 case CFA_REQ_EXT_ERROR_CODE:
2060 if (!s->is_cf)
2061 goto abort_cmd;
2062 s->error = 0x09; /* miscellaneous error */
2063 s->status = READY_STAT | SEEK_STAT;
2064 ide_set_irq(s);
2065 break;
2066 case CFA_ERASE_SECTORS:
2067 case CFA_WEAR_LEVEL:
2068 if (!s->is_cf)
2069 goto abort_cmd;
2070 if (val == CFA_WEAR_LEVEL)
2071 s->nsector = 0;
2072 if (val == CFA_ERASE_SECTORS)
2073 s->media_changed = 1;
2074 s->error = 0x00;
2075 s->status = READY_STAT | SEEK_STAT;
2076 ide_set_irq(s);
2077 break;
2078 case CFA_TRANSLATE_SECTOR:
2079 if (!s->is_cf)
2080 goto abort_cmd;
2081 s->error = 0x00;
2082 s->status = READY_STAT | SEEK_STAT;
2083 memset(s->io_buffer, 0, 0x200);
2084 s->io_buffer[0x00] = s->hcyl; /* Cyl MSB */
2085 s->io_buffer[0x01] = s->lcyl; /* Cyl LSB */
2086 s->io_buffer[0x02] = s->select; /* Head */
2087 s->io_buffer[0x03] = s->sector; /* Sector */
2088 s->io_buffer[0x04] = ide_get_sector(s) >> 16; /* LBA MSB */
2089 s->io_buffer[0x05] = ide_get_sector(s) >> 8; /* LBA */
2090 s->io_buffer[0x06] = ide_get_sector(s) >> 0; /* LBA LSB */
2091 s->io_buffer[0x13] = 0x00; /* Erase flag */
2092 s->io_buffer[0x18] = 0x00; /* Hot count */
2093 s->io_buffer[0x19] = 0x00; /* Hot count */
2094 s->io_buffer[0x1a] = 0x01; /* Hot count */
2095 ide_transfer_start(s, s->io_buffer, 0x200, ide_transfer_stop);
2096 ide_set_irq(s);
2097 break;
2098 case CFA_ACCESS_METADATA_STORAGE:
2099 if (!s->is_cf)
2100 goto abort_cmd;
2101 switch (s->feature) {
2102 case 0x02: /* Inquiry Metadata Storage */
2103 ide_cfata_metadata_inquiry(s);
2104 break;
2105 case 0x03: /* Read Metadata Storage */
2106 ide_cfata_metadata_read(s);
2107 break;
2108 case 0x04: /* Write Metadata Storage */
2109 ide_cfata_metadata_write(s);
2110 break;
2111 default:
2112 goto abort_cmd;
2113 }
2114 ide_transfer_start(s, s->io_buffer, 0x200, ide_transfer_stop);
2115 s->status = 0x00; /* NOTE: READY is _not_ set */
2116 ide_set_irq(s);
2117 break;
2118 case IBM_SENSE_CONDITION:
2119 if (!s->is_cf)
2120 goto abort_cmd;
2121 switch (s->feature) {
2122 case 0x01: /* sense temperature in device */
2123 s->nsector = 0x50; /* +20 C */
2124 break;
2125 default:
2126 goto abort_cmd;
2127 }
2128 s->status = READY_STAT | SEEK_STAT;
2129 ide_set_irq(s);
2130 break;
2131
2132 case WIN_SMART:
2133 if (s->is_cdrom)
2134 goto abort_cmd;
2135 if (s->hcyl != 0xc2 || s->lcyl != 0x4f)
2136 goto abort_cmd;
2137 if (!s->smart_enabled && s->feature != SMART_ENABLE)
2138 goto abort_cmd;
2139 switch (s->feature) {
2140 case SMART_DISABLE:
2141 s->smart_enabled = 0;
2142 s->status = READY_STAT | SEEK_STAT;
2143 ide_set_irq(s);
2144 break;
2145 case SMART_ENABLE:
2146 s->smart_enabled = 1;
2147 s->status = READY_STAT | SEEK_STAT;
2148 ide_set_irq(s);
2149 break;
2150 case SMART_ATTR_AUTOSAVE:
2151 switch (s->sector) {
2152 case 0x00:
2153 s->smart_autosave = 0;
2154 break;
2155 case 0xf1:
2156 s->smart_autosave = 1;
2157 break;
2158 default:
2159 goto abort_cmd;
2160 }
2161 s->status = READY_STAT | SEEK_STAT;
2162 ide_set_irq(s);
2163 break;
2164 case SMART_STATUS:
2165 if (!s->smart_errors) {
2166 s->hcyl = 0xc2;
2167 s->lcyl = 0x4f;
2168 } else {
2169 s->hcyl = 0x2c;
2170 s->lcyl = 0xf4;
2171 }
2172 s->status = READY_STAT | SEEK_STAT;
2173 ide_set_irq(s);
2174 break;
2175 case SMART_READ_THRESH:
2176 memset(s->io_buffer, 0, 0x200);
2177 s->io_buffer[0] = 0x01; /* smart struct version */
2178 for (n=0; n<30; n++) {
2179 if (smart_attributes[n][0] == 0)
2180 break;
2181 s->io_buffer[2+0+(n*12)] = smart_attributes[n][0];
2182 s->io_buffer[2+1+(n*12)] = smart_attributes[n][4];
2183 }
2184 for (n=0; n<511; n++) /* checksum */
2185 s->io_buffer[511] += s->io_buffer[n];
2186 s->io_buffer[511] = 0x100 - s->io_buffer[511];
2187 s->status = READY_STAT | SEEK_STAT;
2188 ide_transfer_start(s, s->io_buffer, 0x200, ide_transfer_stop);
2189 ide_set_irq(s);
2190 break;
2191 case SMART_READ_DATA:
2192 memset(s->io_buffer, 0, 0x200);
2193 s->io_buffer[0] = 0x01; /* smart struct version */
2194 for (n=0; n<30; n++) {
2195 if (smart_attributes[n][0] == 0)
2196 break;
2197 s->io_buffer[2+0+(n*12)] = smart_attributes[n][0];
2198 s->io_buffer[2+1+(n*12)] = smart_attributes[n][1];
2199 s->io_buffer[2+3+(n*12)] = smart_attributes[n][2];
2200 s->io_buffer[2+4+(n*12)] = smart_attributes[n][3];
2201 }
2202 s->io_buffer[362] = 0x02 | (s->smart_autosave?0x80:0x00);
2203 if (s->smart_selftest_count == 0) {
2204 s->io_buffer[363] = 0;
2205 } else {
2206 s->io_buffer[363] =
2207 s->smart_selftest_data[3 +
2208 (s->smart_selftest_count - 1) *
2209 24];
2210 }
2211 s->io_buffer[364] = 0x20;
2212 s->io_buffer[365] = 0x01;
2213 /* offline data collection capacity: execute + self-test*/
2214 s->io_buffer[367] = (1<<4 | 1<<3 | 1);
2215 s->io_buffer[368] = 0x03; /* smart capability (1) */
2216 s->io_buffer[369] = 0x00; /* smart capability (2) */
2217 s->io_buffer[370] = 0x01; /* error logging supported */
2218 s->io_buffer[372] = 0x02; /* minutes for poll short test */
2219 s->io_buffer[373] = 0x36; /* minutes for poll ext test */
2220 s->io_buffer[374] = 0x01; /* minutes for poll conveyance */
2221
2222 for (n=0; n<511; n++)
2223 s->io_buffer[511] += s->io_buffer[n];
2224 s->io_buffer[511] = 0x100 - s->io_buffer[511];
2225 s->status = READY_STAT | SEEK_STAT;
2226 ide_transfer_start(s, s->io_buffer, 0x200, ide_transfer_stop);
2227 ide_set_irq(s);
2228 break;
2229 case SMART_READ_LOG:
2230 switch (s->sector) {
2231 case 0x01: /* summary smart error log */
2232 memset(s->io_buffer, 0, 0x200);
2233 s->io_buffer[0] = 0x01;
2234 s->io_buffer[1] = 0x00; /* no error entries */
2235 s->io_buffer[452] = s->smart_errors & 0xff;
2236 s->io_buffer[453] = (s->smart_errors & 0xff00) >> 8;
2237
2238 for (n=0; n<511; n++)
2239 s->io_buffer[511] += s->io_buffer[n];
2240 s->io_buffer[511] = 0x100 - s->io_buffer[511];
2241 break;
2242 case 0x06: /* smart self test log */
2243 memset(s->io_buffer, 0, 0x200);
2244 s->io_buffer[0] = 0x01;
2245 if (s->smart_selftest_count == 0) {
2246 s->io_buffer[508] = 0;
2247 } else {
2248 s->io_buffer[508] = s->smart_selftest_count;
2249 for (n=2; n<506; n++)
2250 s->io_buffer[n] = s->smart_selftest_data[n];
2251 }
2252 for (n=0; n<511; n++)
2253 s->io_buffer[511] += s->io_buffer[n];
2254 s->io_buffer[511] = 0x100 - s->io_buffer[511];
2255 break;
2256 default:
2257 goto abort_cmd;
2258 }
2259 s->status = READY_STAT | SEEK_STAT;
2260 ide_transfer_start(s, s->io_buffer, 0x200, ide_transfer_stop);
2261 ide_set_irq(s);
2262 break;
2263 case SMART_EXECUTE_OFFLINE:
2264 switch (s->sector) {
2265 case 0: /* off-line routine */
2266 case 1: /* short self test */
2267 case 2: /* extended self test */
2268 s->smart_selftest_count++;
2269 if(s->smart_selftest_count > 21)
2270 s->smart_selftest_count = 0;
2271 n = 2 + (s->smart_selftest_count - 1) * 24;
2272 s->smart_selftest_data[n] = s->sector;
2273 s->smart_selftest_data[n+1] = 0x00; /* OK and finished */
2274 s->smart_selftest_data[n+2] = 0x34; /* hour count lsb */
2275 s->smart_selftest_data[n+3] = 0x12; /* hour count msb */
2276 s->status = READY_STAT | SEEK_STAT;
2277 ide_set_irq(s);
2278 break;
2279 default:
2280 goto abort_cmd;
2281 }
2282 break;
2283 default:
2284 goto abort_cmd;
2285 }
2286 break;
2287 default:
2288 abort_cmd:
2289 ide_abort_command(s);
2290 ide_set_irq(s);
2291 break;
2292 }
2293 }
2294 }
2295
2296 uint32_t ide_ioport_read(void *opaque, uint32_t addr1)
2297 {
2298 IDEBus *bus = opaque;
2299 IDEState *s = idebus_active_if(bus);
2300 uint32_t addr;
2301 int ret, hob;
2302
2303 addr = addr1 & 7;
2304 /* FIXME: HOB readback uses bit 7, but it's always set right now */
2305 //hob = s->select & (1 << 7);
2306 hob = 0;
2307 switch(addr) {
2308 case 0:
2309 ret = 0xff;
2310 break;
2311 case 1:
2312 if ((!bus->ifs[0].bs && !bus->ifs[1].bs) ||
2313 (s != bus->ifs && !s->bs))
2314 ret = 0;
2315 else if (!hob)
2316 ret = s->error;
2317 else
2318 ret = s->hob_feature;
2319 break;
2320 case 2:
2321 if (!bus->ifs[0].bs && !bus->ifs[1].bs)
2322 ret = 0;
2323 else if (!hob)
2324 ret = s->nsector & 0xff;
2325 else
2326 ret = s->hob_nsector;
2327 break;
2328 case 3:
2329 if (!bus->ifs[0].bs && !bus->ifs[1].bs)
2330 ret = 0;
2331 else if (!hob)
2332 ret = s->sector;
2333 else
2334 ret = s->hob_sector;
2335 break;
2336 case 4:
2337 if (!bus->ifs[0].bs && !bus->ifs[1].bs)
2338 ret = 0;
2339 else if (!hob)
2340 ret = s->lcyl;
2341 else
2342 ret = s->hob_lcyl;
2343 break;
2344 case 5:
2345 if (!bus->ifs[0].bs && !bus->ifs[1].bs)
2346 ret = 0;
2347 else if (!hob)
2348 ret = s->hcyl;
2349 else
2350 ret = s->hob_hcyl;
2351 break;
2352 case 6:
2353 if (!bus->ifs[0].bs && !bus->ifs[1].bs)
2354 ret = 0;
2355 else
2356 ret = s->select;
2357 break;
2358 default:
2359 case 7:
2360 if ((!bus->ifs[0].bs && !bus->ifs[1].bs) ||
2361 (s != bus->ifs && !s->bs))
2362 ret = 0;
2363 else
2364 ret = s->status;
2365 qemu_irq_lower(s->irq);
2366 break;
2367 }
2368 #ifdef DEBUG_IDE
2369 printf("ide: read addr=0x%x val=%02x\n", addr1, ret);
2370 #endif
2371 return ret;
2372 }
2373
2374 uint32_t ide_status_read(void *opaque, uint32_t addr)
2375 {
2376 IDEBus *bus = opaque;
2377 IDEState *s = idebus_active_if(bus);
2378 int ret;
2379
2380 if ((!bus->ifs[0].bs && !bus->ifs[1].bs) ||
2381 (s != bus->ifs && !s->bs))
2382 ret = 0;
2383 else
2384 ret = s->status;
2385 #ifdef DEBUG_IDE
2386 printf("ide: read status addr=0x%x val=%02x\n", addr, ret);
2387 #endif
2388 return ret;
2389 }
2390
2391 void ide_cmd_write(void *opaque, uint32_t addr, uint32_t val)
2392 {
2393 IDEBus *bus = opaque;
2394 IDEState *s;
2395 int i;
2396
2397 #ifdef DEBUG_IDE
2398 printf("ide: write control addr=0x%x val=%02x\n", addr, val);
2399 #endif
2400 /* common for both drives */
2401 if (!(bus->ifs[0].cmd & IDE_CMD_RESET) &&
2402 (val & IDE_CMD_RESET)) {
2403 /* reset low to high */
2404 for(i = 0;i < 2; i++) {
2405 s = &bus->ifs[i];
2406 s->status = BUSY_STAT | SEEK_STAT;
2407 s->error = 0x01;
2408 }
2409 } else if ((bus->ifs[0].cmd & IDE_CMD_RESET) &&
2410 !(val & IDE_CMD_RESET)) {
2411 /* high to low */
2412 for(i = 0;i < 2; i++) {
2413 s = &bus->ifs[i];
2414 if (s->is_cdrom)
2415 s->status = 0x00; /* NOTE: READY is _not_ set */
2416 else
2417 s->status = READY_STAT | SEEK_STAT;
2418 ide_set_signature(s);
2419 }
2420 }
2421
2422 bus->ifs[0].cmd = val;
2423 bus->ifs[1].cmd = val;
2424 }
2425
2426 void ide_data_writew(void *opaque, uint32_t addr, uint32_t val)
2427 {
2428 IDEBus *bus = opaque;
2429 IDEState *s = idebus_active_if(bus);
2430 uint8_t *p;
2431
2432 /* PIO data access allowed only when DRQ bit is set */
2433 if (!(s->status & DRQ_STAT))
2434 return;
2435
2436 p = s->data_ptr;
2437 *(uint16_t *)p = le16_to_cpu(val);
2438 p += 2;
2439 s->data_ptr = p;
2440 if (p >= s->data_end)
2441 s->end_transfer_func(s);
2442 }
2443
2444 uint32_t ide_data_readw(void *opaque, uint32_t addr)
2445 {
2446 IDEBus *bus = opaque;
2447 IDEState *s = idebus_active_if(bus);
2448 uint8_t *p;
2449 int ret;
2450
2451 /* PIO data access allowed only when DRQ bit is set */
2452 if (!(s->status & DRQ_STAT))
2453 return 0;
2454
2455 p = s->data_ptr;
2456 ret = cpu_to_le16(*(uint16_t *)p);
2457 p += 2;
2458 s->data_ptr = p;
2459 if (p >= s->data_end)
2460 s->end_transfer_func(s);
2461 return ret;
2462 }
2463
2464 void ide_data_writel(void *opaque, uint32_t addr, uint32_t val)
2465 {
2466 IDEBus *bus = opaque;
2467 IDEState *s = idebus_active_if(bus);
2468 uint8_t *p;
2469
2470 /* PIO data access allowed only when DRQ bit is set */
2471 if (!(s->status & DRQ_STAT))
2472 return;
2473
2474 p = s->data_ptr;
2475 *(uint32_t *)p = le32_to_cpu(val);
2476 p += 4;
2477 s->data_ptr = p;
2478 if (p >= s->data_end)
2479 s->end_transfer_func(s);
2480 }
2481
2482 uint32_t ide_data_readl(void *opaque, uint32_t addr)
2483 {
2484 IDEBus *bus = opaque;
2485 IDEState *s = idebus_active_if(bus);
2486 uint8_t *p;
2487 int ret;
2488
2489 /* PIO data access allowed only when DRQ bit is set */
2490 if (!(s->status & DRQ_STAT))
2491 return 0;
2492
2493 p = s->data_ptr;
2494 ret = cpu_to_le32(*(uint32_t *)p);
2495 p += 4;
2496 s->data_ptr = p;
2497 if (p >= s->data_end)
2498 s->end_transfer_func(s);
2499 return ret;
2500 }
2501
2502 static void ide_dummy_transfer_stop(IDEState *s)
2503 {
2504 s->data_ptr = s->io_buffer;
2505 s->data_end = s->io_buffer;
2506 s->io_buffer[0] = 0xff;
2507 s->io_buffer[1] = 0xff;
2508 s->io_buffer[2] = 0xff;
2509 s->io_buffer[3] = 0xff;
2510 }
2511
2512 void ide_reset(IDEState *s)
2513 {
2514 IDEBus *bus = s->bus;
2515
2516 if (s->is_cf)
2517 s->mult_sectors = 0;
2518 else
2519 s->mult_sectors = MAX_MULT_SECTORS;
2520 bus->unit = s->unit;
2521 s->select = 0xa0;
2522 s->status = READY_STAT | SEEK_STAT;
2523 ide_set_signature(s);
2524 /* init the transfer handler so that 0xffff is returned on data
2525 accesses */
2526 s->end_transfer_func = ide_dummy_transfer_stop;
2527 ide_dummy_transfer_stop(s);
2528 s->media_changed = 0;
2529 }
2530
2531 void ide_init2(IDEBus *bus, BlockDriverState *hd0, BlockDriverState *hd1,
2532 qemu_irq irq)
2533 {
2534 IDEState *s;
2535 static int drive_serial = 1;
2536 int i, cylinders, heads, secs;
2537 uint64_t nb_sectors;
2538
2539 for(i = 0; i < 2; i++) {
2540 s = bus->ifs + i;
2541 s->bus = bus;
2542 s->unit = i;
2543 s->bs = (i == 0) ? hd0 : hd1;
2544 s->io_buffer = qemu_blockalign(s->bs, IDE_DMA_BUF_SECTORS*512 + 4);
2545 if (s->bs) {
2546 bdrv_get_geometry(s->bs, &nb_sectors);
2547 bdrv_guess_geometry(s->bs, &cylinders, &heads, &secs);
2548 s->cylinders = cylinders;
2549 s->heads = heads;
2550 s->sectors = secs;
2551 s->nb_sectors = nb_sectors;
2552 /* The SMART values should be preserved across power cycles
2553 but they aren't. */
2554 s->smart_enabled = 1;
2555 s->smart_autosave = 1;
2556 s->smart_errors = 0;
2557 s->smart_selftest_count = 0;
2558 s->smart_selftest_data = qemu_blockalign(s->bs, 512);
2559 if (bdrv_get_type_hint(s->bs) == BDRV_TYPE_CDROM) {
2560 s->is_cdrom = 1;
2561 bdrv_set_change_cb(s->bs, cdrom_change_cb, s);
2562 }
2563 }
2564 s->drive_serial = drive_serial++;
2565 strncpy(s->drive_serial_str, drive_get_serial(s->bs),
2566 sizeof(s->drive_serial_str));
2567 if (strlen(s->drive_serial_str) == 0)
2568 snprintf(s->drive_serial_str, sizeof(s->drive_serial_str),
2569 "QM%05d", s->drive_serial);
2570 s->irq = irq;
2571 s->sector_write_timer = qemu_new_timer(vm_clock,
2572 ide_sector_write_timer_cb, s);
2573 ide_reset(s);
2574 }
2575 }
2576
2577 void ide_init_ioport(IDEBus *bus, int iobase, int iobase2)
2578 {
2579 register_ioport_write(iobase, 8, 1, ide_ioport_write, bus);
2580 register_ioport_read(iobase, 8, 1, ide_ioport_read, bus);
2581 if (iobase2) {
2582 register_ioport_read(iobase2, 1, 1, ide_status_read, bus);
2583 register_ioport_write(iobase2, 1, 1, ide_cmd_write, bus);
2584 }
2585
2586 /* data ports */
2587 register_ioport_write(iobase, 2, 2, ide_data_writew, bus);
2588 register_ioport_read(iobase, 2, 2, ide_data_readw, bus);
2589 register_ioport_write(iobase, 4, 4, ide_data_writel, bus);
2590 register_ioport_read(iobase, 4, 4, ide_data_readl, bus);
2591 }
2592
2593 /* save per IDE drive data */
2594 void ide_save(QEMUFile* f, IDEState *s)
2595 {
2596 qemu_put_be32(f, s->mult_sectors);
2597 qemu_put_be32(f, s->identify_set);
2598 if (s->identify_set) {
2599 qemu_put_buffer(f, (const uint8_t *)s->identify_data, 512);
2600 }
2601 qemu_put_8s(f, &s->feature);
2602 qemu_put_8s(f, &s->error);
2603 qemu_put_be32s(f, &s->nsector);
2604 qemu_put_8s(f, &s->sector);
2605 qemu_put_8s(f, &s->lcyl);
2606 qemu_put_8s(f, &s->hcyl);
2607 qemu_put_8s(f, &s->hob_feature);
2608 qemu_put_8s(f, &s->hob_nsector);
2609 qemu_put_8s(f, &s->hob_sector);
2610 qemu_put_8s(f, &s->hob_lcyl);
2611 qemu_put_8s(f, &s->hob_hcyl);
2612 qemu_put_8s(f, &s->select);
2613 qemu_put_8s(f, &s->status);
2614 qemu_put_8s(f, &s->lba48);
2615
2616 qemu_put_8s(f, &s->sense_key);
2617 qemu_put_8s(f, &s->asc);
2618 qemu_put_8s(f, &s->cdrom_changed);
2619 /* XXX: if a transfer is pending, we do not save it yet */
2620 }
2621
2622 /* load per IDE drive data */
2623 void ide_load(QEMUFile* f, IDEState *s, int version_id)
2624 {
2625 s->mult_sectors=qemu_get_be32(f);
2626 s->identify_set=qemu_get_be32(f);
2627 if (s->identify_set) {
2628 qemu_get_buffer(f, (uint8_t *)s->identify_data, 512);
2629 }
2630 qemu_get_8s(f, &s->feature);
2631 qemu_get_8s(f, &s->error);
2632 qemu_get_be32s(f, &s->nsector);
2633 qemu_get_8s(f, &s->sector);
2634 qemu_get_8s(f, &s->lcyl);
2635 qemu_get_8s(f, &s->hcyl);
2636 qemu_get_8s(f, &s->hob_feature);
2637 qemu_get_8s(f, &s->hob_nsector);
2638 qemu_get_8s(f, &s->hob_sector);
2639 qemu_get_8s(f, &s->hob_lcyl);
2640 qemu_get_8s(f, &s->hob_hcyl);
2641 qemu_get_8s(f, &s->select);
2642 qemu_get_8s(f, &s->status);
2643 qemu_get_8s(f, &s->lba48);
2644
2645 qemu_get_8s(f, &s->sense_key);
2646 qemu_get_8s(f, &s->asc);
2647 if (version_id == 3) {
2648 qemu_get_8s(f, &s->cdrom_changed);
2649 } else {
2650 if (s->sense_key == SENSE_UNIT_ATTENTION &&
2651 s->asc == ASC_MEDIUM_MAY_HAVE_CHANGED)
2652 s->cdrom_changed = 1;
2653 }
2654 /* XXX: if a transfer is pending, we do not save it yet */
2655 }
2656
2657 void idebus_save(QEMUFile* f, IDEBus *bus)
2658 {
2659 IDEState *s = idebus_active_if(bus);
2660 qemu_put_8s(f, &s->cmd);
2661 qemu_put_8s(f, &bus->unit);
2662 }
2663
2664 void idebus_load(QEMUFile* f, IDEBus *bus, int version_id)
2665 {
2666 IDEState *s;
2667 uint8_t cmd;
2668
2669 qemu_get_8s(f, &cmd);
2670 qemu_get_8s(f, &bus->unit);
2671 s = idebus_active_if(bus);
2672 s->cmd = cmd;
2673 }
2674
2675 /***********************************************************/
2676 /* ISA IDE definitions */
2677
2678 void isa_ide_init(int iobase, int iobase2, qemu_irq irq,
2679 BlockDriverState *hd0, BlockDriverState *hd1)
2680 {
2681 IDEBus *bus;
2682
2683 bus = qemu_mallocz(sizeof(*bus));
2684
2685 ide_init2(bus, hd0, hd1, irq);
2686 ide_init_ioport(bus, iobase, iobase2);
2687 }
2688
2689 /***********************************************************/
2690 /* PCI IDE definitions */
2691
2692 static void cmd646_update_irq(PCIIDEState *d);
2693
2694 static void ide_map(PCIDevice *pci_dev, int region_num,
2695 uint32_t addr, uint32_t size, int type)
2696 {
2697 PCIIDEState *d = (PCIIDEState *)pci_dev;
2698 IDEBus *bus;
2699
2700 if (region_num <= 3) {
2701 bus = &d->bus[(region_num >> 1)];
2702 if (region_num & 1) {
2703 register_ioport_read(addr + 2, 1, 1, ide_status_read, bus);
2704 register_ioport_write(addr + 2, 1, 1, ide_cmd_write, bus);
2705 } else {
2706 register_ioport_write(addr, 8, 1, ide_ioport_write, bus);
2707 register_ioport_read(addr, 8, 1, ide_ioport_read, bus);
2708
2709 /* data ports */
2710 register_ioport_write(addr, 2, 2, ide_data_writew, bus);
2711 register_ioport_read(addr, 2, 2, ide_data_readw, bus);
2712 register_ioport_write(addr, 4, 4, ide_data_writel, bus);
2713 register_ioport_read(addr, 4, 4, ide_data_readl, bus);
2714 }
2715 }
2716 }
2717
2718 static void ide_dma_start(IDEState *s, BlockDriverCompletionFunc *dma_cb)
2719 {
2720 BMDMAState *bm = s->bus->bmdma;
2721 if(!bm)
2722 return;
2723 bm->unit = s->unit;
2724 bm->dma_cb = dma_cb;
2725 bm->cur_prd_last = 0;
2726 bm->cur_prd_addr = 0;
2727 bm->cur_prd_len = 0;
2728 bm->sector_num = ide_get_sector(s);
2729 bm->nsector = s->nsector;
2730 if (bm->status & BM_STATUS_DMAING) {
2731 bm->dma_cb(bm, 0);
2732 }
2733 }
2734
2735 static void ide_dma_restart(IDEState *s)
2736 {
2737 BMDMAState *bm = s->bus->bmdma;
2738 ide_set_sector(s, bm->sector_num);
2739 s->io_buffer_index = 0;
2740 s->io_buffer_size = 0;
2741 s->nsector = bm->nsector;
2742 bm->cur_addr = bm->addr;
2743 bm->dma_cb = ide_write_dma_cb;
2744 ide_dma_start(s, bm->dma_cb);
2745 }
2746
2747 void ide_dma_cancel(BMDMAState *bm)
2748 {
2749 if (bm->status & BM_STATUS_DMAING) {
2750 bm->status &= ~BM_STATUS_DMAING;
2751 /* cancel DMA request */
2752 bm->unit = -1;
2753 bm->dma_cb = NULL;
2754 if (bm->aiocb) {
2755 #ifdef DEBUG_AIO
2756 printf("aio_cancel\n");
2757 #endif
2758 bdrv_aio_cancel(bm->aiocb);
2759 bm->aiocb = NULL;
2760 }
2761 }
2762 }
2763
2764 static void bmdma_cmd_writeb(void *opaque, uint32_t addr, uint32_t val)
2765 {
2766 BMDMAState *bm = opaque;
2767 #ifdef DEBUG_IDE
2768 printf("%s: 0x%08x\n", __func__, val);
2769 #endif
2770 if (!(val & BM_CMD_START)) {
2771 /* XXX: do it better */
2772 ide_dma_cancel(bm);
2773 bm->cmd = val & 0x09;
2774 } else {
2775 if (!(bm->status & BM_STATUS_DMAING)) {
2776 bm->status |= BM_STATUS_DMAING;
2777 /* start dma transfer if possible */
2778 if (bm->dma_cb)
2779 bm->dma_cb(bm, 0);
2780 }
2781 bm->cmd = val & 0x09;
2782 }
2783 }
2784
2785 static uint32_t bmdma_readb(void *opaque, uint32_t addr)
2786 {
2787 BMDMAState *bm = opaque;
2788 PCIIDEState *pci_dev;
2789 uint32_t val;
2790
2791 switch(addr & 3) {
2792 case 0:
2793 val = bm->cmd;
2794 break;
2795 case 1:
2796 pci_dev = bm->pci_dev;
2797 if (pci_dev->type == IDE_TYPE_CMD646) {
2798 val = pci_dev->dev.config[MRDMODE];
2799 } else {
2800 val = 0xff;
2801 }
2802 break;
2803 case 2:
2804 val = bm->status;
2805 break;
2806 case 3:
2807 pci_dev = bm->pci_dev;
2808 if (pci_dev->type == IDE_TYPE_CMD646) {
2809 if (bm == &pci_dev->bmdma[0])
2810 val = pci_dev->dev.config[UDIDETCR0];
2811 else
2812 val = pci_dev->dev.config[UDIDETCR1];
2813 } else {
2814 val = 0xff;
2815 }
2816 break;
2817 default:
2818 val = 0xff;
2819 break;
2820 }
2821 #ifdef DEBUG_IDE
2822 printf("bmdma: readb 0x%02x : 0x%02x\n", addr, val);
2823 #endif
2824 return val;
2825 }
2826
2827 static void bmdma_writeb(void *opaque, uint32_t addr, uint32_t val)
2828 {
2829 BMDMAState *bm = opaque;
2830 PCIIDEState *pci_dev;
2831 #ifdef DEBUG_IDE
2832 printf("bmdma: writeb 0x%02x : 0x%02x\n", addr, val);
2833 #endif
2834 switch(addr & 3) {
2835 case 1:
2836 pci_dev = bm->pci_dev;
2837 if (pci_dev->type == IDE_TYPE_CMD646) {
2838 pci_dev->dev.config[MRDMODE] =
2839 (pci_dev->dev.config[MRDMODE] & ~0x30) | (val & 0x30);
2840 cmd646_update_irq(pci_dev);
2841 }
2842 break;
2843 case 2:
2844 bm->status = (val & 0x60) | (bm->status & 1) | (bm->status & ~val & 0x06);
2845 break;
2846 case 3:
2847 pci_dev = bm->pci_dev;
2848 if (pci_dev->type == IDE_TYPE_CMD646) {
2849 if (bm == &pci_dev->bmdma[0])
2850 pci_dev->dev.config[UDIDETCR0] = val;
2851 else
2852 pci_dev->dev.config[UDIDETCR1] = val;
2853 }
2854 break;
2855 }
2856 }
2857
2858 static uint32_t bmdma_addr_readb(void *opaque, uint32_t addr)
2859 {
2860 BMDMAState *bm = opaque;
2861 uint32_t val;
2862 val = (bm->addr >> ((addr & 3) * 8)) & 0xff;
2863 #ifdef DEBUG_IDE
2864 printf("%s: 0x%08x\n", __func__, val);
2865 #endif
2866 return val;
2867 }
2868
2869 static void bmdma_addr_writeb(void *opaque, uint32_t addr, uint32_t val)
2870 {
2871 BMDMAState *bm = opaque;
2872 int shift = (addr & 3) * 8;
2873 #ifdef DEBUG_IDE
2874 printf("%s: 0x%08x\n", __func__, val);
2875 #endif
2876 bm->addr &= ~(0xFF << shift);
2877 bm->addr |= ((val & 0xFF) << shift) & ~3;
2878 bm->cur_addr = bm->addr;
2879 }
2880
2881 static uint32_t bmdma_addr_readw(void *opaque, uint32_t addr)
2882 {
2883 BMDMAState *bm = opaque;
2884 uint32_t val;
2885 val = (bm->addr >> ((addr & 3) * 8)) & 0xffff;
2886 #ifdef DEBUG_IDE
2887 printf("%s: 0x%08x\n", __func__, val);
2888 #endif
2889 return val;
2890 }
2891
2892 static void bmdma_addr_writew(void *opaque, uint32_t addr, uint32_t val)
2893 {
2894 BMDMAState *bm = opaque;
2895 int shift = (addr & 3) * 8;
2896 #ifdef DEBUG_IDE
2897 printf("%s: 0x%08x\n", __func__, val);
2898 #endif
2899 bm->addr &= ~(0xFFFF << shift);
2900 bm->addr |= ((val & 0xFFFF) << shift) & ~3;
2901 bm->cur_addr = bm->addr;
2902 }
2903
2904 static uint32_t bmdma_addr_readl(void *opaque, uint32_t addr)
2905 {
2906 BMDMAState *bm = opaque;
2907 uint32_t val;
2908 val = bm->addr;
2909 #ifdef DEBUG_IDE
2910 printf("%s: 0x%08x\n", __func__, val);
2911 #endif
2912 return val;
2913 }
2914
2915 static void bmdma_addr_writel(void *opaque, uint32_t addr, uint32_t val)
2916 {
2917 BMDMAState *bm = opaque;
2918 #ifdef DEBUG_IDE
2919 printf("%s: 0x%08x\n", __func__, val);
2920 #endif
2921 bm->addr = val & ~3;
2922 bm->cur_addr = bm->addr;
2923 }
2924
2925 static void bmdma_map(PCIDevice *pci_dev, int region_num,
2926 uint32_t addr, uint32_t size, int type)
2927 {
2928 PCIIDEState *d = (PCIIDEState *)pci_dev;
2929 int i;
2930
2931 for(i = 0;i < 2; i++) {
2932 BMDMAState *bm = &d->bmdma[i];
2933 d->bus[i].bmdma = bm;
2934 bm->pci_dev = DO_UPCAST(PCIIDEState, dev, pci_dev);
2935 bm->bus = d->bus+i;
2936 qemu_add_vm_change_state_handler(ide_dma_restart_cb, bm);
2937
2938 register_ioport_write(addr, 1, 1, bmdma_cmd_writeb, bm);
2939
2940 register_ioport_write(addr + 1, 3, 1, bmdma_writeb, bm);
2941 register_ioport_read(addr, 4, 1, bmdma_readb, bm);
2942
2943 register_ioport_write(addr + 4, 4, 1, bmdma_addr_writeb, bm);
2944 register_ioport_read(addr + 4, 4, 1, bmdma_addr_readb, bm);
2945 register_ioport_write(addr + 4, 4, 2, bmdma_addr_writew, bm);
2946 register_ioport_read(addr + 4, 4, 2, bmdma_addr_readw, bm);
2947 register_ioport_write(addr + 4, 4, 4, bmdma_addr_writel, bm);
2948 register_ioport_read(addr + 4, 4, 4, bmdma_addr_readl, bm);
2949 addr += 8;
2950 }
2951 }
2952
2953 static void pci_ide_save(QEMUFile* f, void *opaque)
2954 {
2955 PCIIDEState *d = opaque;
2956 int i;
2957
2958 pci_device_save(&d->dev, f);
2959
2960 for(i = 0; i < 2; i++) {
2961 BMDMAState *bm = &d->bmdma[i];
2962 uint8_t ifidx;
2963 qemu_put_8s(f, &bm->cmd);
2964 qemu_put_8s(f, &bm->status);
2965 qemu_put_be32s(f, &bm->addr);
2966 qemu_put_sbe64s(f, &bm->sector_num);
2967 qemu_put_be32s(f, &bm->nsector);
2968 ifidx = bm->unit + 2*i;
2969 qemu_put_8s(f, &ifidx);
2970 /* XXX: if a transfer is pending, we do not save it yet */
2971 }
2972
2973 /* per IDE interface data */
2974 for(i = 0; i < 2; i++) {
2975 idebus_save(f, &d->bus[i]);
2976 }
2977
2978 /* per IDE drive data */
2979 for(i = 0; i < 2; i++) {
2980 ide_save(f, &d->bus[i].ifs[0]);
2981 ide_save(f, &d->bus[i].ifs[1]);
2982 }
2983 }
2984
2985 static int pci_ide_load(QEMUFile* f, void *opaque, int version_id)
2986 {
2987 PCIIDEState *d = opaque;
2988 int ret, i;
2989
2990 if (version_id != 2 && version_id != 3)
2991 return -EINVAL;
2992 ret = pci_device_load(&d->dev, f);
2993 if (ret < 0)
2994 return ret;
2995
2996 for(i = 0; i < 2; i++) {
2997 BMDMAState *bm = &d->bmdma[i];
2998 uint8_t ifidx;
2999 qemu_get_8s(f, &bm->cmd);
3000 qemu_get_8s(f, &bm->status);
3001 qemu_get_be32s(f, &bm->addr);
3002 qemu_get_sbe64s(f, &bm->sector_num);
3003 qemu_get_be32s(f, &bm->nsector);
3004 qemu_get_8s(f, &ifidx);
3005 bm->unit = ifidx & 1;
3006 /* XXX: if a transfer is pending, we do not save it yet */
3007 }
3008
3009 /* per IDE interface data */
3010 for(i = 0; i < 2; i++) {
3011 idebus_load(f, &d->bus[i], version_id);
3012 }
3013
3014 /* per IDE drive data */
3015 for(i = 0; i < 2; i++) {
3016 ide_load(f, &d->bus[i].ifs[0], version_id);
3017 ide_load(f, &d->bus[i].ifs[1], version_id);
3018 }
3019 return 0;
3020 }
3021
3022 /* XXX: call it also when the MRDMODE is changed from the PCI config
3023 registers */
3024 static void cmd646_update_irq(PCIIDEState *d)
3025 {
3026 int pci_level;
3027 pci_level = ((d->dev.config[MRDMODE] & MRDMODE_INTR_CH0) &&
3028 !(d->dev.config[MRDMODE] & MRDMODE_BLK_CH0)) ||
3029 ((d->dev.config[MRDMODE] & MRDMODE_INTR_CH1) &&
3030 !(d->dev.config[MRDMODE] & MRDMODE_BLK_CH1));
3031 qemu_set_irq(d->dev.irq[0], pci_level);
3032 }
3033
3034 /* the PCI irq level is the logical OR of the two channels */
3035 static void cmd646_set_irq(void *opaque, int channel, int level)
3036 {
3037 PCIIDEState *d = opaque;
3038 int irq_mask;
3039
3040 irq_mask = MRDMODE_INTR_CH0 << channel;
3041 if (level)
3042 d->dev.config[MRDMODE] |= irq_mask;
3043 else
3044 d->dev.config[MRDMODE] &= ~irq_mask;
3045 cmd646_update_irq(d);
3046 }
3047
3048 static void cmd646_reset(void *opaque)
3049 {
3050 PCIIDEState *d = opaque;
3051 unsigned int i;
3052
3053 for (i = 0; i < 2; i++)
3054 ide_dma_cancel(&d->bmdma[i]);
3055 }
3056
3057 /* CMD646 PCI IDE controller */
3058 void pci_cmd646_ide_init(PCIBus *bus, BlockDriverState **hd_table,
3059 int secondary_ide_enabled)
3060 {
3061 PCIIDEState *d;
3062 uint8_t *pci_conf;
3063 qemu_irq *irq;
3064
3065 d = (PCIIDEState *)pci_register_device(bus, "CMD646 IDE",
3066 sizeof(PCIIDEState),
3067 -1,
3068 NULL, NULL);
3069 d->type = IDE_TYPE_CMD646;
3070 pci_conf = d->dev.config;
3071 pci_config_set_vendor_id(pci_conf, PCI_VENDOR_ID_CMD);
3072 pci_config_set_device_id(pci_conf, PCI_DEVICE_ID_CMD_646);
3073
3074 pci_conf[0x08] = 0x07; // IDE controller revision
3075 pci_conf[0x09] = 0x8f;
3076
3077 pci_config_set_class(pci_conf, PCI_CLASS_STORAGE_IDE);
3078 pci_conf[PCI_HEADER_TYPE] = PCI_HEADER_TYPE_NORMAL; // header_type
3079
3080 pci_conf[0x51] = 0x04; // enable IDE0
3081 if (secondary_ide_enabled) {
3082 /* XXX: if not enabled, really disable the seconday IDE controller */
3083 pci_conf[0x51] |= 0x08; /* enable IDE1 */
3084 }
3085
3086 pci_register_bar((PCIDevice *)d, 0, 0x8,
3087 PCI_ADDRESS_SPACE_IO, ide_map);
3088 pci_register_bar((PCIDevice *)d, 1, 0x4,
3089 PCI_ADDRESS_SPACE_IO, ide_map);
3090 pci_register_bar((PCIDevice *)d, 2, 0x8,
3091 PCI_ADDRESS_SPACE_IO, ide_map);
3092 pci_register_bar((PCIDevice *)d, 3, 0x4,
3093 PCI_ADDRESS_SPACE_IO, ide_map);
3094 pci_register_bar((PCIDevice *)d, 4, 0x10,
3095 PCI_ADDRESS_SPACE_IO, bmdma_map);
3096
3097 pci_conf[0x3d] = 0x01; // interrupt on pin 1
3098
3099 irq = qemu_allocate_irqs(cmd646_set_irq, d, 2);
3100 ide_init2(&d->bus[0], hd_table[0], hd_table[1], irq[0]);
3101 ide_init2(&d->bus[1], hd_table[2], hd_table[3], irq[1]);
3102
3103 register_savevm("ide", 0, 3, pci_ide_save, pci_ide_load, d);
3104 qemu_register_reset(cmd646_reset, d);
3105 cmd646_reset(d);
3106 }
3107
3108 static void piix3_reset(void *opaque)
3109 {
3110 PCIIDEState *d = opaque;
3111 uint8_t *pci_conf = d->dev.config;
3112 int i;
3113
3114 for (i = 0; i < 2; i++)
3115 ide_dma_cancel(&d->bmdma[i]);
3116
3117 pci_conf[0x04] = 0x00;
3118 pci_conf[0x05] = 0x00;
3119 pci_conf[0x06] = 0x80; /* FBC */
3120 pci_conf[0x07] = 0x02; // PCI_status_devsel_medium
3121 pci_conf[0x20] = 0x01; /* BMIBA: 20-23h */
3122 }
3123
3124 /* hd_table must contain 4 block drivers */
3125 /* NOTE: for the PIIX3, the IRQs and IOports are hardcoded */
3126 void pci_piix3_ide_init(PCIBus *bus, BlockDriverState **hd_table, int devfn,
3127 qemu_irq *pic)
3128 {
3129 PCIIDEState *d;
3130 uint8_t *pci_conf;
3131 int i;
3132
3133 /* register a function 1 of PIIX3 */
3134 d = (PCIIDEState *)pci_register_device(bus, "PIIX3 IDE",
3135 sizeof(PCIIDEState),
3136 devfn,
3137 NULL, NULL);
3138 d->type = IDE_TYPE_PIIX3;
3139
3140 pci_conf = d->dev.config;
3141 pci_config_set_vendor_id(pci_conf, PCI_VENDOR_ID_INTEL);
3142 pci_config_set_device_id(pci_conf, PCI_DEVICE_ID_INTEL_82371SB_1);
3143 pci_conf[0x09] = 0x80; // legacy ATA mode
3144 pci_config_set_class(pci_conf, PCI_CLASS_STORAGE_IDE);
3145 pci_conf[PCI_HEADER_TYPE] = PCI_HEADER_TYPE_NORMAL; // header_type
3146
3147 qemu_register_reset(piix3_reset, d);
3148 piix3_reset(d);
3149
3150 pci_register_bar((PCIDevice *)d, 4, 0x10,
3151 PCI_ADDRESS_SPACE_IO, bmdma_map);
3152
3153 ide_init2(&d->bus[0], hd_table[0], hd_table[1], isa_reserve_irq(14));
3154 ide_init2(&d->bus[1], hd_table[2], hd_table[3], isa_reserve_irq(15));
3155 ide_init_ioport(&d->bus[0], 0x1f0, 0x3f6);
3156 ide_init_ioport(&d->bus[1], 0x170, 0x376);
3157
3158 for (i = 0; i < 4; i++)
3159 if (hd_table[i])
3160 hd_table[i]->private = &d->dev;
3161
3162 register_savevm("ide", 0, 3, pci_ide_save, pci_ide_load, d);
3163 }
3164
3165 /* hd_table must contain 4 block drivers */
3166 /* NOTE: for the PIIX4, the IRQs and IOports are hardcoded */
3167 void pci_piix4_ide_init(PCIBus *bus, BlockDriverState **hd_table, int devfn,
3168 qemu_irq *pic)
3169 {
3170 PCIIDEState *d;
3171 uint8_t *pci_conf;
3172
3173 /* register a function 1 of PIIX4 */
3174 d = (PCIIDEState *)pci_register_device(bus, "PIIX4 IDE",
3175 sizeof(PCIIDEState),
3176 devfn,
3177 NULL, NULL);
3178 d->type = IDE_TYPE_PIIX4;
3179
3180 pci_conf = d->dev.config;
3181 pci_config_set_vendor_id(pci_conf, PCI_VENDOR_ID_INTEL);
3182 pci_config_set_device_id(pci_conf, PCI_DEVICE_ID_INTEL_82371AB);
3183 pci_conf[0x09] = 0x80; // legacy ATA mode
3184 pci_config_set_class(pci_conf, PCI_CLASS_STORAGE_IDE);
3185 pci_conf[PCI_HEADER_TYPE] = PCI_HEADER_TYPE_NORMAL; // header_type
3186
3187 qemu_register_reset(piix3_reset, d);
3188 piix3_reset(d);
3189
3190 pci_register_bar((PCIDevice *)d, 4, 0x10,
3191 PCI_ADDRESS_SPACE_IO, bmdma_map);
3192
3193 /*
3194 * These should call isa_reserve_irq() instead when MIPS supports it
3195 */
3196 ide_init2(&d->bus[0], hd_table[0], hd_table[1], pic[14]);
3197 ide_init2(&d->bus[1], hd_table[2], hd_table[3], pic[15]);
3198 ide_init_ioport(&d->bus[0], 0x1f0, 0x3f6);
3199 ide_init_ioport(&d->bus[1], 0x170, 0x376);
3200
3201 register_savevm("ide", 0, 3, pci_ide_save, pci_ide_load, d);
3202 }
3203
3204 #if defined(TARGET_PPC)
3205 /***********************************************************/
3206 /* MacIO based PowerPC IDE */
3207
3208 typedef struct MACIOIDEState {
3209 IDEBus bus;
3210 BlockDriverAIOCB *aiocb;
3211 } MACIOIDEState;
3212
3213 static void pmac_ide_atapi_transfer_cb(void *opaque, int ret)
3214 {
3215 DBDMA_io *io = opaque;
3216 MACIOIDEState *m = io->opaque;
3217 IDEState *s = idebus_active_if(&m->bus);
3218
3219 if (ret < 0) {
3220 m->aiocb = NULL;
3221 qemu_sglist_destroy(&s->sg);
3222 ide_atapi_io_error(s, ret);
3223 io->dma_end(opaque);
3224 return;
3225 }
3226
3227 if (s->io_buffer_size > 0) {
3228 m->aiocb = NULL;
3229 qemu_sglist_destroy(&s->sg);
3230
3231 s->packet_transfer_size -= s->io_buffer_size;
3232
3233 s->io_buffer_index += s->io_buffer_size;
3234 s->lba += s->io_buffer_index >> 11;
3235 s->io_buffer_index &= 0x7ff;
3236 }
3237
3238 if (s->packet_transfer_size <= 0)
3239 ide_atapi_cmd_ok(s);
3240
3241 if (io->len == 0) {
3242 io->dma_end(opaque);
3243 return;
3244 }
3245
3246 /* launch next transfer */
3247
3248 s->io_buffer_size = io->len;
3249
3250 qemu_sglist_init(&s->sg, io->len / TARGET_PAGE_SIZE + 1);
3251 qemu_sglist_add(&s->sg, io->addr, io->len);
3252 io->addr += io->len;
3253 io->len = 0;
3254
3255 m->aiocb = dma_bdrv_read(s->bs, &s->sg,
3256 (int64_t)(s->lba << 2) + (s->io_buffer_index >> 9),
3257 pmac_ide_atapi_transfer_cb, io);
3258 if (!m->aiocb) {
3259 qemu_sglist_destroy(&s->sg);
3260 /* Note: media not present is the most likely case */
3261 ide_atapi_cmd_error(s, SENSE_NOT_READY,
3262 ASC_MEDIUM_NOT_PRESENT);
3263 io->dma_end(opaque);
3264 return;
3265 }
3266 }
3267
3268 static void pmac_ide_transfer_cb(void *opaque, int ret)
3269 {
3270 DBDMA_io *io = opaque;
3271 MACIOIDEState *m = io->opaque;
3272 IDEState *s = idebus_active_if(&m->bus);
3273 int n;
3274 int64_t sector_num;
3275
3276 if (ret < 0) {
3277 m->aiocb = NULL;
3278 qemu_sglist_destroy(&s->sg);
3279 ide_dma_error(s);
3280 io->dma_end(io);
3281 return;
3282 }
3283
3284 sector_num = ide_get_sector(s);
3285 if (s->io_buffer_size > 0) {
3286 m->aiocb = NULL;
3287 qemu_sglist_destroy(&s->sg);
3288 n = (s->io_buffer_size + 0x1ff) >> 9;
3289 sector_num += n;
3290 ide_set_sector(s, sector_num);
3291 s->nsector -= n;
3292 }
3293
3294 /* end of transfer ? */
3295 if (s->nsector == 0) {
3296 s->status = READY_STAT | SEEK_STAT;
3297 ide_set_irq(s);
3298 }
3299
3300 /* end of DMA ? */
3301
3302 if (io->len == 0) {
3303 io->dma_end(io);
3304 return;
3305 }
3306
3307 /* launch next transfer */
3308
3309 s->io_buffer_index = 0;
3310 s->io_buffer_size = io->len;
3311
3312 qemu_sglist_init(&s->sg, io->len / TARGET_PAGE_SIZE + 1);
3313 qemu_sglist_add(&s->sg, io->addr, io->len);
3314 io->addr += io->len;
3315 io->len = 0;
3316
3317 if (s->is_read)
3318 m->aiocb = dma_bdrv_read(s->bs, &s->sg, sector_num,
3319 pmac_ide_transfer_cb, io);
3320 else
3321 m->aiocb = dma_bdrv_write(s->bs, &s->sg, sector_num,
3322 pmac_ide_transfer_cb, io);
3323 if (!m->aiocb)
3324 pmac_ide_transfer_cb(io, -1);
3325 }
3326
3327 static void pmac_ide_transfer(DBDMA_io *io)
3328 {
3329 MACIOIDEState *m = io->opaque;
3330 IDEState *s = idebus_active_if(&m->bus);
3331
3332 s->io_buffer_size = 0;
3333 if (s->is_cdrom) {
3334 pmac_ide_atapi_transfer_cb(io, 0);
3335 return;
3336 }
3337
3338 pmac_ide_transfer_cb(io, 0);
3339 }
3340
3341 static void pmac_ide_flush(DBDMA_io *io)
3342 {
3343 MACIOIDEState *m = io->opaque;
3344
3345 if (m->aiocb)
3346 qemu_aio_flush();
3347 }
3348
3349 /* PowerMac IDE memory IO */
3350 static void pmac_ide_writeb (void *opaque,
3351 target_phys_addr_t addr, uint32_t val)
3352 {
3353 MACIOIDEState *d = opaque;
3354
3355 addr = (addr & 0xFFF) >> 4;
3356 switch (addr) {
3357 case 1 ... 7:
3358 ide_ioport_write(&d->bus, addr, val);
3359 break;
3360 case 8:
3361 case 22:
3362 ide_cmd_write(&d->bus, 0, val);
3363 break;
3364 default:
3365 break;
3366 }
3367 }
3368
3369 static uint32_t pmac_ide_readb (void *opaque,target_phys_addr_t addr)
3370 {
3371 uint8_t retval;
3372 MACIOIDEState *d = opaque;
3373
3374 addr = (addr & 0xFFF) >> 4;
3375 switch (addr) {
3376 case 1 ... 7:
3377 retval = ide_ioport_read(&d->bus, addr);
3378 break;
3379 case 8:
3380 case 22:
3381 retval = ide_status_read(&d->bus, 0);
3382 break;
3383 default:
3384 retval = 0xFF;
3385 break;
3386 }
3387 return retval;
3388 }
3389
3390 static void pmac_ide_writew (void *opaque,
3391 target_phys_addr_t addr, uint32_t val)
3392 {
3393 MACIOIDEState *d = opaque;
3394
3395 addr = (addr & 0xFFF) >> 4;
3396 #ifdef TARGET_WORDS_BIGENDIAN
3397 val = bswap16(val);
3398 #endif
3399 if (addr == 0) {
3400 ide_data_writew(&d->bus, 0, val);
3401 }
3402 }
3403
3404 static uint32_t pmac_ide_readw (void *opaque,target_phys_addr_t addr)
3405 {
3406 uint16_t retval;
3407 MACIOIDEState *d = opaque;
3408
3409 addr = (addr & 0xFFF) >> 4;
3410 if (addr == 0) {
3411 retval = ide_data_readw(&d->bus, 0);
3412 } else {
3413 retval = 0xFFFF;
3414 }
3415 #ifdef TARGET_WORDS_BIGENDIAN
3416 retval = bswap16(retval);
3417 #endif
3418 return retval;
3419 }
3420
3421 static void pmac_ide_writel (void *opaque,
3422 target_phys_addr_t addr, uint32_t val)
3423 {
3424 MACIOIDEState *d = opaque;
3425
3426 addr = (addr & 0xFFF) >> 4;
3427 #ifdef TARGET_WORDS_BIGENDIAN
3428 val = bswap32(val);
3429 #endif
3430 if (addr == 0) {
3431 ide_data_writel(&d->bus, 0, val);
3432 }
3433 }
3434
3435 static uint32_t pmac_ide_readl (void *opaque,target_phys_addr_t addr)
3436 {
3437 uint32_t retval;
3438 MACIOIDEState *d = opaque;
3439
3440 addr = (addr & 0xFFF) >> 4;
3441 if (addr == 0) {
3442 retval = ide_data_readl(&d->bus, 0);
3443 } else {
3444 retval = 0xFFFFFFFF;
3445 }
3446 #ifdef TARGET_WORDS_BIGENDIAN
3447 retval = bswap32(retval);
3448 #endif
3449 return retval;
3450 }
3451
3452 static CPUWriteMemoryFunc * const pmac_ide_write[] = {
3453 pmac_ide_writeb,
3454 pmac_ide_writew,
3455 pmac_ide_writel,
3456 };
3457
3458 static CPUReadMemoryFunc * const pmac_ide_read[] = {
3459 pmac_ide_readb,
3460 pmac_ide_readw,
3461 pmac_ide_readl,
3462 };
3463
3464 static void pmac_ide_save(QEMUFile *f, void *opaque)
3465 {
3466 MACIOIDEState *d = opaque;
3467 unsigned int i;
3468
3469 /* per IDE interface data */
3470 idebus_save(f, &d->bus);
3471
3472 /* per IDE drive data */
3473 for(i = 0; i < 2; i++) {
3474 ide_save(f, &d->bus.ifs[i]);
3475 }
3476 }
3477
3478 static int pmac_ide_load(QEMUFile *f, void *opaque, int version_id)
3479 {
3480 MACIOIDEState *d = opaque;
3481 unsigned int i;
3482
3483 if (version_id != 1 && version_id != 3)
3484 return -EINVAL;
3485
3486 /* per IDE interface data */
3487 idebus_load(f, &d->bus, version_id);
3488
3489 /* per IDE drive data */
3490 for(i = 0; i < 2; i++) {
3491 ide_load(f, &d->bus.ifs[i], version_id);
3492 }
3493 return 0;
3494 }
3495
3496 static void pmac_ide_reset(void *opaque)
3497 {
3498 MACIOIDEState *d = opaque;
3499
3500 ide_reset(d->bus.ifs +0);
3501 ide_reset(d->bus.ifs +1);
3502 }
3503
3504 /* hd_table must contain 4 block drivers */
3505 /* PowerMac uses memory mapped registers, not I/O. Return the memory
3506 I/O index to access the ide. */
3507 int pmac_ide_init (BlockDriverState **hd_table, qemu_irq irq,
3508 void *dbdma, int channel, qemu_irq dma_irq)
3509 {
3510 MACIOIDEState *d;
3511 int pmac_ide_memory;
3512
3513 d = qemu_mallocz(sizeof(MACIOIDEState));
3514 ide_init2(&d->bus, hd_table[0], hd_table[1], irq);
3515
3516 if (dbdma)
3517 DBDMA_register_channel(dbdma, channel, dma_irq, pmac_ide_transfer, pmac_ide_flush, d);
3518
3519 pmac_ide_memory = cpu_register_io_memory(pmac_ide_read,
3520 pmac_ide_write, d);
3521 register_savevm("ide", 0, 3, pmac_ide_save, pmac_ide_load, d);
3522 qemu_register_reset(pmac_ide_reset, d);
3523 pmac_ide_reset(d);
3524
3525 return pmac_ide_memory;
3526 }
3527 #endif /* TARGET_PPC */
3528
3529 /***********************************************************/
3530 /* MMIO based ide port
3531 * This emulates IDE device connected directly to the CPU bus without
3532 * dedicated ide controller, which is often seen on embedded boards.
3533 */
3534
3535 typedef struct {
3536 IDEBus *bus;
3537 int shift;
3538 } MMIOState;
3539
3540 static uint32_t mmio_ide_read (void *opaque, target_phys_addr_t addr)
3541 {
3542 MMIOState *s = (MMIOState*)opaque;
3543 IDEBus *bus = s->bus;
3544 addr >>= s->shift;
3545 if (addr & 7)
3546 return ide_ioport_read(bus, addr);
3547 else
3548 return ide_data_readw(bus, 0);
3549 }
3550
3551 static void mmio_ide_write (void *opaque, target_phys_addr_t addr,
3552 uint32_t val)
3553 {
3554 MMIOState *s = (MMIOState*)opaque;
3555 IDEBus *bus = s->bus;
3556 addr >>= s->shift;
3557 if (addr & 7)
3558 ide_ioport_write(bus, addr, val);
3559 else
3560 ide_data_writew(bus, 0, val);
3561 }
3562
3563 static CPUReadMemoryFunc * const mmio_ide_reads[] = {
3564 mmio_ide_read,
3565 mmio_ide_read,
3566 mmio_ide_read,
3567 };
3568
3569 static CPUWriteMemoryFunc * const mmio_ide_writes[] = {
3570 mmio_ide_write,
3571 mmio_ide_write,
3572 mmio_ide_write,
3573 };
3574
3575 static uint32_t mmio_ide_status_read (void *opaque, target_phys_addr_t addr)
3576 {
3577 MMIOState *s= (MMIOState*)opaque;
3578 IDEBus *bus = s->bus;
3579 return ide_status_read(bus, 0);
3580 }
3581
3582 static void mmio_ide_cmd_write (void *opaque, target_phys_addr_t addr,
3583 uint32_t val)
3584 {
3585 MMIOState *s = (MMIOState*)opaque;
3586 IDEBus *bus = s->bus;
3587 ide_cmd_write(bus, 0, val);
3588 }
3589
3590 static CPUReadMemoryFunc * const mmio_ide_status[] = {
3591 mmio_ide_status_read,
3592 mmio_ide_status_read,
3593 mmio_ide_status_read,
3594 };
3595
3596 static CPUWriteMemoryFunc * const mmio_ide_cmd[] = {
3597 mmio_ide_cmd_write,
3598 mmio_ide_cmd_write,
3599 mmio_ide_cmd_write,
3600 };
3601
3602 void mmio_ide_init (target_phys_addr_t membase, target_phys_addr_t membase2,
3603 qemu_irq irq, int shift,
3604 BlockDriverState *hd0, BlockDriverState *hd1)
3605 {
3606 MMIOState *s = qemu_mallocz(sizeof(MMIOState));
3607 IDEBus *bus = qemu_mallocz(sizeof(*bus));
3608 int mem1, mem2;
3609
3610 ide_init2(bus, hd0, hd1, irq);
3611
3612 s->bus = bus;
3613 s->shift = shift;
3614
3615 mem1 = cpu_register_io_memory(mmio_ide_reads, mmio_ide_writes, s);
3616 mem2 = cpu_register_io_memory(mmio_ide_status, mmio_ide_cmd, s);
3617 cpu_register_physical_memory(membase, 16 << shift, mem1);
3618 cpu_register_physical_memory(membase2, 2 << shift, mem2);
3619 }
3620
3621 /***********************************************************/
3622 /* CF-ATA Microdrive */
3623
3624 #define METADATA_SIZE 0x20
3625
3626 /* DSCM-1XXXX Microdrive hard disk with CF+ II / PCMCIA interface. */
3627 typedef struct {
3628 IDEBus bus;
3629 PCMCIACardState card;
3630 uint32_t attr_base;
3631 uint32_t io_base;
3632
3633 /* Card state */
3634 uint8_t opt;
3635 uint8_t stat;
3636 uint8_t pins;
3637
3638 uint8_t ctrl;
3639 uint16_t io;
3640 int cycle;
3641 } MicroDriveState;
3642
3643 /* Register bitfields */
3644 enum md_opt {
3645 OPT_MODE_MMAP = 0,
3646 OPT_MODE_IOMAP16 = 1,
3647 OPT_MODE_IOMAP1 = 2,
3648 OPT_MODE_IOMAP2 = 3,
3649 OPT_MODE = 0x3f,
3650 OPT_LEVIREQ = 0x40,
3651 OPT_SRESET = 0x80,
3652 };
3653 enum md_cstat {
3654 STAT_INT = 0x02,
3655 STAT_PWRDWN = 0x04,
3656 STAT_XE = 0x10,
3657 STAT_IOIS8 = 0x20,
3658 STAT_SIGCHG = 0x40,
3659 STAT_CHANGED = 0x80,
3660 };
3661 enum md_pins {
3662 PINS_MRDY = 0x02,
3663 PINS_CRDY = 0x20,
3664 };
3665 enum md_ctrl {
3666 CTRL_IEN = 0x02,
3667 CTRL_SRST = 0x04,
3668 };
3669
3670 static inline void md_interrupt_update(MicroDriveState *s)
3671 {
3672 if (!s->card.slot)
3673 return;
3674
3675 qemu_set_irq(s->card.slot->irq,
3676 !(s->stat & STAT_INT) && /* Inverted */
3677 !(s->ctrl & (CTRL_IEN | CTRL_SRST)) &&
3678 !(s->opt & OPT_SRESET));
3679 }
3680
3681 static void md_set_irq(void *opaque, int irq, int level)
3682 {
3683 MicroDriveState *s = (MicroDriveState *) opaque;
3684 if (level)
3685 s->stat |= STAT_INT;
3686 else
3687 s->stat &= ~STAT_INT;
3688
3689 md_interrupt_update(s);
3690 }
3691
3692 static void md_reset(MicroDriveState *s)
3693 {
3694 s->opt = OPT_MODE_MMAP;
3695 s->stat = 0;
3696 s->pins = 0;
3697 s->cycle = 0;
3698 s->ctrl = 0;
3699 ide_reset(s->bus.ifs);
3700 }
3701
3702 static uint8_t md_attr_read(void *opaque, uint32_t at)
3703 {
3704 MicroDriveState *s = (MicroDriveState *) opaque;
3705 if (at < s->attr_base) {
3706 if (at < s->card.cis_len)
3707 return s->card.cis[at];
3708 else
3709 return 0x00;
3710 }
3711
3712 at -= s->attr_base;
3713
3714 switch (at) {
3715 case 0x00: /* Configuration Option Register */
3716 return s->opt;
3717 case 0x02: /* Card Configuration Status Register */
3718 if (s->ctrl & CTRL_IEN)
3719 return s->stat & ~STAT_INT;
3720 else
3721 return s->stat;
3722 case 0x04: /* Pin Replacement Register */
3723 return (s->pins & PINS_CRDY) | 0x0c;
3724 case 0x06: /* Socket and Copy Register */
3725 return 0x00;
3726 #ifdef VERBOSE
3727 default:
3728 printf("%s: Bad attribute space register %02x\n", __FUNCTION__, at);
3729 #endif
3730 }
3731
3732 return 0;
3733 }
3734
3735 static void md_attr_write(void *opaque, uint32_t at, uint8_t value)
3736 {
3737 MicroDriveState *s = (MicroDriveState *) opaque;
3738 at -= s->attr_base;
3739
3740 switch (at) {
3741 case 0x00: /* Configuration Option Register */
3742 s->opt = value & 0xcf;
3743 if (value & OPT_SRESET)
3744 md_reset(s);
3745 md_interrupt_update(s);
3746 break;
3747 case 0x02: /* Card Configuration Status Register */
3748 if ((s->stat ^ value) & STAT_PWRDWN)
3749 s->pins |= PINS_CRDY;
3750 s->stat &= 0x82;
3751 s->stat |= value & 0x74;
3752 md_interrupt_update(s);
3753 /* Word 170 in Identify Device must be equal to STAT_XE */
3754 break;
3755 case 0x04: /* Pin Replacement Register */
3756 s->pins &= PINS_CRDY;
3757 s->pins |= value & PINS_MRDY;
3758 break;
3759 case 0x06: /* Socket and Copy Register */
3760 break;
3761 default:
3762 printf("%s: Bad attribute space register %02x\n", __FUNCTION__, at);
3763 }
3764 }
3765
3766 static uint16_t md_common_read(void *opaque, uint32_t at)
3767 {
3768 MicroDriveState *s = (MicroDriveState *) opaque;
3769 IDEState *ifs;
3770 uint16_t ret;
3771 at -= s->io_base;
3772
3773 switch (s->opt & OPT_MODE) {
3774 case OPT_MODE_MMAP:
3775 if ((at & ~0x3ff) == 0x400)
3776 at = 0;
3777 break;
3778 case OPT_MODE_IOMAP16:
3779 at &= 0xf;
3780 break;
3781 case OPT_MODE_IOMAP1:
3782 if ((at & ~0xf) == 0x3f0)
3783 at -= 0x3e8;
3784 else if ((at & ~0xf) == 0x1f0)
3785 at -= 0x1f0;
3786 break;
3787 case OPT_MODE_IOMAP2:
3788 if ((at & ~0xf) == 0x370)
3789 at -= 0x368;
3790 else if ((at & ~0xf) == 0x170)
3791 at -= 0x170;
3792 }
3793
3794 switch (at) {
3795 case 0x0: /* Even RD Data */
3796 case 0x8:
3797 return ide_data_readw(&s->bus, 0);
3798
3799 /* TODO: 8-bit accesses */
3800 if (s->cycle)
3801 ret = s->io >> 8;
3802 else {
3803 s->io = ide_data_readw(&s->bus, 0);
3804 ret = s->io & 0xff;
3805 }
3806 s->cycle = !s->cycle;
3807 return ret;
3808 case 0x9: /* Odd RD Data */
3809 return s->io >> 8;
3810 case 0xd: /* Error */
3811 return ide_ioport_read(&s->bus, 0x1);
3812 case 0xe: /* Alternate Status */
3813 ifs = idebus_active_if(&s->bus);
3814 if (ifs->bs)
3815 return ifs->status;
3816 else
3817 return 0;
3818 case 0xf: /* Device Address */
3819 ifs = idebus_active_if(&s->bus);
3820 return 0xc2 | ((~ifs->select << 2) & 0x3c);
3821 default:
3822 return ide_ioport_read(&s->bus, at);
3823 }
3824
3825 return 0;
3826 }
3827
3828 static void md_common_write(void *opaque, uint32_t at, uint16_t value)
3829 {
3830 MicroDriveState *s = (MicroDriveState *) opaque;
3831 at -= s->io_base;
3832
3833 switch (s->opt & OPT_MODE) {
3834 case OPT_MODE_MMAP:
3835 if ((at & ~0x3ff) == 0x400)
3836 at = 0;
3837 break;
3838 case OPT_MODE_IOMAP16:
3839 at &= 0xf;
3840 break;
3841 case OPT_MODE_IOMAP1:
3842 if ((at & ~0xf) == 0x3f0)
3843 at -= 0x3e8;
3844 else if ((at & ~0xf) == 0x1f0)
3845 at -= 0x1f0;
3846 break;
3847 case OPT_MODE_IOMAP2:
3848 if ((at & ~0xf) == 0x370)
3849 at -= 0x368;
3850 else if ((at & ~0xf) == 0x170)
3851 at -= 0x170;
3852 }
3853
3854 switch (at) {
3855 case 0x0: /* Even WR Data */
3856 case 0x8:
3857 ide_data_writew(&s->bus, 0, value);
3858 break;
3859
3860 /* TODO: 8-bit accesses */
3861 if (s->cycle)
3862 ide_data_writew(&s->bus, 0, s->io | (value << 8));
3863 else
3864 s->io = value & 0xff;
3865 s->cycle = !s->cycle;
3866 break;
3867 case 0x9:
3868 s->io = value & 0xff;
3869 s->cycle = !s->cycle;
3870 break;
3871 case 0xd: /* Features */
3872 ide_ioport_write(&s->bus, 0x1, value);
3873 break;
3874 case 0xe: /* Device Control */
3875 s->ctrl = value;
3876 if (value & CTRL_SRST)
3877 md_reset(s);
3878 md_interrupt_update(s);
3879 break;
3880 default:
3881 if (s->stat & STAT_PWRDWN) {
3882 s->pins |= PINS_CRDY;
3883 s->stat &= ~STAT_PWRDWN;
3884 }
3885 ide_ioport_write(&s->bus, at, value);
3886 }
3887 }
3888
3889 static void md_save(QEMUFile *f, void *opaque)
3890 {
3891 MicroDriveState *s = (MicroDriveState *) opaque;
3892 int i;
3893
3894 qemu_put_8s(f, &s->opt);
3895 qemu_put_8s(f, &s->stat);
3896 qemu_put_8s(f, &s->pins);
3897
3898 qemu_put_8s(f, &s->ctrl);
3899 qemu_put_be16s(f, &s->io);
3900 qemu_put_byte(f, s->cycle);
3901
3902 idebus_save(f, &s->bus);
3903
3904 for (i = 0; i < 2; i ++)
3905 ide_save(f, &s->bus.ifs[i]);
3906 }
3907
3908 static int md_load(QEMUFile *f, void *opaque, int version_id)
3909 {
3910 MicroDriveState *s = (MicroDriveState *) opaque;
3911 int i;
3912
3913 if (version_id != 0 && version_id != 3)
3914 return -EINVAL;
3915
3916 qemu_get_8s(f, &s->opt);
3917 qemu_get_8s(f, &s->stat);
3918 qemu_get_8s(f, &s->pins);
3919
3920 qemu_get_8s(f, &s->ctrl);
3921 qemu_get_be16s(f, &s->io);
3922 s->cycle = qemu_get_byte(f);
3923
3924 idebus_load(f, &s->bus, version_id);
3925
3926 for (i = 0; i < 2; i ++)
3927 ide_load(f, &s->bus.ifs[i], version_id);
3928
3929 return 0;
3930 }
3931
3932 static const uint8_t dscm1xxxx_cis[0x14a] = {
3933 [0x000] = CISTPL_DEVICE, /* 5V Device Information */
3934 [0x002] = 0x03, /* Tuple length = 4 bytes */
3935 [0x004] = 0xdb, /* ID: DTYPE_FUNCSPEC, non WP, DSPEED_150NS */
3936 [0x006] = 0x01, /* Size = 2K bytes */
3937 [0x008] = CISTPL_ENDMARK,
3938
3939 [0x00a] = CISTPL_DEVICE_OC, /* Additional Device Information */
3940 [0x00c] = 0x04, /* Tuple length = 4 byest */
3941 [0x00e] = 0x03, /* Conditions: Ext = 0, Vcc 3.3V, MWAIT = 1 */
3942 [0x010] = 0xdb, /* ID: DTYPE_FUNCSPEC, non WP, DSPEED_150NS */
3943 [0x012] = 0x01, /* Size = 2K bytes */
3944 [0x014] = CISTPL_ENDMARK,
3945
3946 [0x016] = CISTPL_JEDEC_C, /* JEDEC ID */
3947 [0x018] = 0x02, /* Tuple length = 2 bytes */
3948 [0x01a] = 0xdf, /* PC Card ATA with no Vpp required */
3949 [0x01c] = 0x01,
3950
3951 [0x01e] = CISTPL_MANFID, /* Manufacture ID */
3952 [0x020] = 0x04, /* Tuple length = 4 bytes */
3953 [0x022] = 0xa4, /* TPLMID_MANF = 00a4 (IBM) */
3954 [0x024] = 0x00,
3955 [0x026] = 0x00, /* PLMID_CARD = 0000 */
3956 [0x028] = 0x00,
3957
3958 [0x02a] = CISTPL_VERS_1, /* Level 1 Version */
3959 [0x02c] = 0x12, /* Tuple length = 23 bytes */
3960 [0x02e] = 0x04, /* Major Version = JEIDA 4.2 / PCMCIA 2.1 */
3961 [0x030] = 0x01, /* Minor Version = 1 */
3962 [0x032] = 'I',
3963 [0x034] = 'B',
3964 [0x036] = 'M',
3965 [0x038] = 0x00,
3966 [0x03a] = 'm',
3967 [0x03c] = 'i',
3968 [0x03e] = 'c',
3969 [0x040] = 'r',
3970 [0x042] = 'o',
3971 [0x044] = 'd',
3972 [0x046] = 'r',
3973 [0x048] = 'i',
3974 [0x04a] = 'v',
3975 [0x04c] = 'e',
3976 [0x04e] = 0x00,
3977 [0x050] = CISTPL_ENDMARK,
3978
3979 [0x052] = CISTPL_FUNCID, /* Function ID */
3980 [0x054] = 0x02, /* Tuple length = 2 bytes */
3981 [0x056] = 0x04, /* TPLFID_FUNCTION = Fixed Disk */
3982 [0x058] = 0x01, /* TPLFID_SYSINIT: POST = 1, ROM = 0 */
3983
3984 [0x05a] = CISTPL_FUNCE, /* Function Extension */
3985 [0x05c] = 0x02, /* Tuple length = 2 bytes */
3986 [0x05e] = 0x01, /* TPLFE_TYPE = Disk Device Interface */
3987 [0x060] = 0x01, /* TPLFE_DATA = PC Card ATA Interface */
3988
3989 [0x062] = CISTPL_FUNCE, /* Function Extension */
3990 [0x064] = 0x03, /* Tuple length = 3 bytes */
3991 [0x066] = 0x02, /* TPLFE_TYPE = Basic PC Card ATA Interface */
3992 [0x068] = 0x08, /* TPLFE_DATA: Rotating, Unique, Single */
3993 [0x06a] = 0x0f, /* TPLFE_DATA: Sleep, Standby, Idle, Auto */
3994
3995 [0x06c] = CISTPL_CONFIG, /* Configuration */
3996 [0x06e] = 0x05, /* Tuple length = 5 bytes */
3997 [0x070] = 0x01, /* TPCC_RASZ = 2 bytes, TPCC_RMSZ = 1 byte */
3998 [0x072] = 0x07, /* TPCC_LAST = 7 */
3999 [0x074] = 0x00, /* TPCC_RADR = 0200 */
4000 [0x076] = 0x02,
4001 [0x078] = 0x0f, /* TPCC_RMSK = 200, 202, 204, 206 */
4002
4003 [0x07a] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
4004 [0x07c] = 0x0b, /* Tuple length = 11 bytes */
4005 [0x07e] = 0xc0, /* TPCE_INDX = Memory Mode, Default, Iface */
4006 [0x080] = 0xc0, /* TPCE_IF = Memory, no BVDs, no WP, READY */
4007 [0x082] = 0xa1, /* TPCE_FS = Vcc only, no I/O, Memory, Misc */
4008 [0x084] = 0x27, /* NomV = 1, MinV = 1, MaxV = 1, Peakl = 1 */
4009 [0x086] = 0x55, /* NomV: 5.0 V */
4010 [0x088] = 0x4d, /* MinV: 4.5 V */
4011 [0x08a] = 0x5d, /* MaxV: 5.5 V */
4012 [0x08c] = 0x4e, /* Peakl: 450 mA */
4013 [0x08e] = 0x08, /* TPCE_MS = 1 window, 1 byte, Host address */
4014 [0x090] = 0x00, /* Window descriptor: Window length = 0 */
4015 [0x092] = 0x20, /* TPCE_MI: support power down mode, RW */
4016
4017 [0x094] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
4018 [0x096] = 0x06, /* Tuple length = 6 bytes */
4019 [0x098] = 0x00, /* TPCE_INDX = Memory Mode, no Default */
4020 [0x09a] = 0x01, /* TPCE_FS = Vcc only, no I/O, no Memory */
4021 [0x09c] = 0x21, /* NomV = 1, MinV = 0, MaxV = 0, Peakl = 1 */
4022 [0x09e] = 0xb5, /* NomV: 3.3 V */
4023 [0x0a0] = 0x1e,
4024 [0x0a2] = 0x3e, /* Peakl: 350 mA */
4025
4026 [0x0a4] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
4027 [0x0a6] = 0x0d, /* Tuple length = 13 bytes */
4028 [0x0a8] = 0xc1, /* TPCE_INDX = I/O and Memory Mode, Default */
4029 [0x0aa] = 0x41, /* TPCE_IF = I/O and Memory, no BVD, no WP */
4030 [0x0ac] = 0x99, /* TPCE_FS = Vcc only, I/O, Interrupt, Misc */
4031 [0x0ae] = 0x27, /* NomV = 1, MinV = 1, MaxV = 1, Peakl = 1 */
4032 [0x0b0] = 0x55, /* NomV: 5.0 V */
4033 [0x0b2] = 0x4d, /* MinV: 4.5 V */
4034 [0x0b4] = 0x5d, /* MaxV: 5.5 V */
4035 [0x0b6] = 0x4e, /* Peakl: 450 mA */
4036 [0x0b8] = 0x64, /* TPCE_IO = 16-byte boundary, 16/8 accesses */
4037 [0x0ba] = 0xf0, /* TPCE_IR = MASK, Level, Pulse, Share */
4038 [0x0bc] = 0xff, /* IRQ0..IRQ7 supported */
4039 [0x0be] = 0xff, /* IRQ8..IRQ15 supported */
4040 [0x0c0] = 0x20, /* TPCE_MI = support power down mode */
4041
4042 [0x0c2] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
4043 [0x0c4] = 0x06, /* Tuple length = 6 bytes */
4044 [0x0c6] = 0x01, /* TPCE_INDX = I/O and Memory Mode */
4045 [0x0c8] = 0x01, /* TPCE_FS = Vcc only, no I/O, no Memory */
4046 [0x0ca] = 0x21, /* NomV = 1, MinV = 0, MaxV = 0, Peakl = 1 */
4047 [0x0cc] = 0xb5, /* NomV: 3.3 V */
4048 [0x0ce] = 0x1e,
4049 [0x0d0] = 0x3e, /* Peakl: 350 mA */
4050
4051 [0x0d2] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
4052 [0x0d4] = 0x12, /* Tuple length = 18 bytes */
4053 [0x0d6] = 0xc2, /* TPCE_INDX = I/O Primary Mode */
4054 [0x0d8] = 0x41, /* TPCE_IF = I/O and Memory, no BVD, no WP */
4055 [0x0da] = 0x99, /* TPCE_FS = Vcc only, I/O, Interrupt, Misc */
4056 [0x0dc] = 0x27, /* NomV = 1, MinV = 1, MaxV = 1, Peakl = 1 */
4057 [0x0de] = 0x55, /* NomV: 5.0 V */
4058 [0x0e0] = 0x4d, /* MinV: 4.5 V */
4059 [0x0e2] = 0x5d, /* MaxV: 5.5 V */
4060 [0x0e4] = 0x4e, /* Peakl: 450 mA */
4061 [0x0e6] = 0xea, /* TPCE_IO = 1K boundary, 16/8 access, Range */
4062 [0x0e8] = 0x61, /* Range: 2 fields, 2 bytes addr, 1 byte len */
4063 [0x0ea] = 0xf0, /* Field 1 address = 0x01f0 */
4064 [0x0ec] = 0x01,
4065 [0x0ee] = 0x07, /* Address block length = 8 */
4066 [0x0f0] = 0xf6, /* Field 2 address = 0x03f6 */
4067 [0x0f2] = 0x03,
4068 [0x0f4] = 0x01, /* Address block length = 2 */
4069 [0x0f6] = 0xee, /* TPCE_IR = IRQ E, Level, Pulse, Share */
4070 [0x0f8] = 0x20, /* TPCE_MI = support power down mode */
4071
4072 [0x0fa] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
4073 [0x0fc] = 0x06, /* Tuple length = 6 bytes */
4074 [0x0fe] = 0x02, /* TPCE_INDX = I/O Primary Mode, no Default */
4075 [0x100] = 0x01, /* TPCE_FS = Vcc only, no I/O, no Memory */
4076 [0x102] = 0x21, /* NomV = 1, MinV = 0, MaxV = 0, Peakl = 1 */
4077 [0x104] = 0xb5, /* NomV: 3.3 V */
4078 [0x106] = 0x1e,
4079 [0x108] = 0x3e, /* Peakl: 350 mA */
4080
4081 [0x10a] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
4082 [0x10c] = 0x12, /* Tuple length = 18 bytes */
4083 [0x10e] = 0xc3, /* TPCE_INDX = I/O Secondary Mode, Default */
4084 [0x110] = 0x41, /* TPCE_IF = I/O and Memory, no BVD, no WP */
4085 [0x112] = 0x99, /* TPCE_FS = Vcc only, I/O, Interrupt, Misc */
4086 [0x114] = 0x27, /* NomV = 1, MinV = 1, MaxV = 1, Peakl = 1 */
4087 [0x116] = 0x55, /* NomV: 5.0 V */
4088 [0x118] = 0x4d, /* MinV: 4.5 V */
4089 [0x11a] = 0x5d, /* MaxV: 5.5 V */
4090 [0x11c] = 0x4e, /* Peakl: 450 mA */
4091 [0x11e] = 0xea, /* TPCE_IO = 1K boundary, 16/8 access, Range */
4092 [0x120] = 0x61, /* Range: 2 fields, 2 byte addr, 1 byte len */
4093 [0x122] = 0x70, /* Field 1 address = 0x0170 */
4094 [0x124] = 0x01,
4095 [0x126] = 0x07, /* Address block length = 8 */
4096 [0x128] = 0x76, /* Field 2 address = 0x0376 */
4097 [0x12a] = 0x03,
4098 [0x12c] = 0x01, /* Address block length = 2 */
4099 [0x12e] = 0xee, /* TPCE_IR = IRQ E, Level, Pulse, Share */
4100 [0x130] = 0x20, /* TPCE_MI = support power down mode */
4101
4102 [0x132] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
4103 [0x134] = 0x06, /* Tuple length = 6 bytes */
4104 [0x136] = 0x03, /* TPCE_INDX = I/O Secondary Mode */
4105 [0x138] = 0x01, /* TPCE_FS = Vcc only, no I/O, no Memory */
4106 [0x13a] = 0x21, /* NomV = 1, MinV = 0, MaxV = 0, Peakl = 1 */
4107 [0x13c] = 0xb5, /* NomV: 3.3 V */
4108 [0x13e] = 0x1e,
4109 [0x140] = 0x3e, /* Peakl: 350 mA */
4110
4111 [0x142] = CISTPL_NO_LINK, /* No Link */
4112 [0x144] = 0x00, /* Tuple length = 0 bytes */
4113
4114 [0x146] = CISTPL_END, /* Tuple End */
4115 };
4116
4117 static int dscm1xxxx_attach(void *opaque)
4118 {
4119 MicroDriveState *md = (MicroDriveState *) opaque;
4120 md->card.attr_read = md_attr_read;
4121 md->card.attr_write = md_attr_write;
4122 md->card.common_read = md_common_read;
4123 md->card.common_write = md_common_write;
4124 md->card.io_read = md_common_read;
4125 md->card.io_write = md_common_write;
4126
4127 md->attr_base = md->card.cis[0x74] | (md->card.cis[0x76] << 8);
4128 md->io_base = 0x0;
4129
4130 md_reset(md);
4131 md_interrupt_update(md);
4132
4133 md->card.slot->card_string = "DSCM-1xxxx Hitachi Microdrive";
4134 return 0;
4135 }
4136
4137 static int dscm1xxxx_detach(void *opaque)
4138 {
4139 MicroDriveState *md = (MicroDriveState *) opaque;
4140 md_reset(md);
4141 return 0;
4142 }
4143
4144 PCMCIACardState *dscm1xxxx_init(BlockDriverState *bdrv)
4145 {
4146 MicroDriveState *md = (MicroDriveState *) qemu_mallocz(sizeof(MicroDriveState));
4147 md->card.state = md;
4148 md->card.attach = dscm1xxxx_attach;
4149 md->card.detach = dscm1xxxx_detach;
4150 md->card.cis = dscm1xxxx_cis;
4151 md->card.cis_len = sizeof(dscm1xxxx_cis);
4152
4153 ide_init2(&md->bus, bdrv, NULL, qemu_allocate_irqs(md_set_irq, md, 1)[0]);
4154 md->bus.ifs[0].is_cf = 1;
4155 md->bus.ifs[0].mdata_size = METADATA_SIZE;
4156 md->bus.ifs[0].mdata_storage = (uint8_t *) qemu_mallocz(METADATA_SIZE);
4157
4158 register_savevm("microdrive", -1, 3, md_save, md_load, md);
4159
4160 return &md->card;
4161 }
QEmu