search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
ide: split ide command interpretation off
[qemu.git] / hw / ide / core.c
blobac4ee7162dedf522a845b2767732df2e3c39ecd2
1 /*
2 * QEMU IDE disk and CD/DVD-ROM Emulator
3 *
4 * Copyright (c) 2003 Fabrice Bellard
5 * Copyright (c) 2006 Openedhand Ltd.
6 *
7 * Permission is hereby granted, free of charge, to any person obtaining a copy
8 * of this software and associated documentation files (the "Software"), to deal
9 * in the Software without restriction, including without limitation the rights
10 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
11 * copies of the Software, and to permit persons to whom the Software is
12 * furnished to do so, subject to the following conditions:
13 *
14 * The above copyright notice and this permission notice shall be included in
15 * all copies or substantial portions of the Software.
16 *
17 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
18 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
19 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
20 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
21 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
22 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
23 * THE SOFTWARE.
24 */
25 #include <hw/hw.h>
26 #include <hw/pc.h>
27 #include <hw/pci.h>
28 #include <hw/scsi.h>
29 #include "qemu-error.h"
30 #include "qemu-timer.h"
31 #include "sysemu.h"
32 #include "dma.h"
33 #include "blockdev.h"
34
35 #include <hw/ide/internal.h>
36
37 #define IDE_PAGE_SIZE 4096
38
39 static const int smart_attributes[][5] = {
40 /* id, flags, val, wrst, thrsh */
41 { 0x01, 0x03, 0x64, 0x64, 0x06}, /* raw read */
42 { 0x03, 0x03, 0x64, 0x64, 0x46}, /* spin up */
43 { 0x04, 0x02, 0x64, 0x64, 0x14}, /* start stop count */
44 { 0x05, 0x03, 0x64, 0x64, 0x36}, /* remapped sectors */
45 { 0x00, 0x00, 0x00, 0x00, 0x00}
46 };
47
48 /* XXX: DVDs that could fit on a CD will be reported as a CD */
49 static inline int media_present(IDEState *s)
50 {
51 return (s->nb_sectors > 0);
52 }
53
54 static inline int media_is_dvd(IDEState *s)
55 {
56 return (media_present(s) && s->nb_sectors > CD_MAX_SECTORS);
57 }
58
59 static inline int media_is_cd(IDEState *s)
60 {
61 return (media_present(s) && s->nb_sectors <= CD_MAX_SECTORS);
62 }
63
64 static void ide_dma_start(IDEState *s, BlockDriverCompletionFunc *dma_cb);
65 static void ide_dma_restart(IDEState *s, int is_read);
66 static void ide_atapi_cmd_read_dma_cb(void *opaque, int ret);
67 static int ide_handle_rw_error(IDEState *s, int error, int op);
68 static void ide_flush_cache(IDEState *s);
69
70 static void padstr(char *str, const char *src, int len)
71 {
72 int i, v;
73 for(i = 0; i < len; i++) {
74 if (*src)
75 v = *src++;
76 else
77 v = ' ';
78 str[i^1] = v;
79 }
80 }
81
82 static void padstr8(uint8_t *buf, int buf_size, const char *src)
83 {
84 int i;
85 for(i = 0; i < buf_size; i++) {
86 if (*src)
87 buf[i] = *src++;
88 else
89 buf[i] = ' ';
90 }
91 }
92
93 static void put_le16(uint16_t *p, unsigned int v)
94 {
95 *p = cpu_to_le16(v);
96 }
97
98 static void ide_identify(IDEState *s)
99 {
100 uint16_t *p;
101 unsigned int oldsize;
102 IDEDevice *dev;
103
104 if (s->identify_set) {
105 memcpy(s->io_buffer, s->identify_data, sizeof(s->identify_data));
106 return;
107 }
108
109 memset(s->io_buffer, 0, 512);
110 p = (uint16_t *)s->io_buffer;
111 put_le16(p + 0, 0x0040);
112 put_le16(p + 1, s->cylinders);
113 put_le16(p + 3, s->heads);
114 put_le16(p + 4, 512 * s->sectors); /* XXX: retired, remove ? */
115 put_le16(p + 5, 512); /* XXX: retired, remove ? */
116 put_le16(p + 6, s->sectors);
117 padstr((char *)(p + 10), s->drive_serial_str, 20); /* serial number */
118 put_le16(p + 20, 3); /* XXX: retired, remove ? */
119 put_le16(p + 21, 512); /* cache size in sectors */
120 put_le16(p + 22, 4); /* ecc bytes */
121 padstr((char *)(p + 23), s->version, 8); /* firmware version */
122 padstr((char *)(p + 27), "QEMU HARDDISK", 40); /* model */
123 #if MAX_MULT_SECTORS > 1
124 put_le16(p + 47, 0x8000 | MAX_MULT_SECTORS);
125 #endif
126 put_le16(p + 48, 1); /* dword I/O */
127 put_le16(p + 49, (1 << 11) | (1 << 9) | (1 << 8)); /* DMA and LBA supported */
128 put_le16(p + 51, 0x200); /* PIO transfer cycle */
129 put_le16(p + 52, 0x200); /* DMA transfer cycle */
130 put_le16(p + 53, 1 | (1 << 1) | (1 << 2)); /* words 54-58,64-70,88 are valid */
131 put_le16(p + 54, s->cylinders);
132 put_le16(p + 55, s->heads);
133 put_le16(p + 56, s->sectors);
134 oldsize = s->cylinders * s->heads * s->sectors;
135 put_le16(p + 57, oldsize);
136 put_le16(p + 58, oldsize >> 16);
137 if (s->mult_sectors)
138 put_le16(p + 59, 0x100 | s->mult_sectors);
139 put_le16(p + 60, s->nb_sectors);
140 put_le16(p + 61, s->nb_sectors >> 16);
141 put_le16(p + 62, 0x07); /* single word dma0-2 supported */
142 put_le16(p + 63, 0x07); /* mdma0-2 supported */
143 put_le16(p + 64, 0x03); /* pio3-4 supported */
144 put_le16(p + 65, 120);
145 put_le16(p + 66, 120);
146 put_le16(p + 67, 120);
147 put_le16(p + 68, 120);
148 put_le16(p + 80, 0xf0); /* ata3 -> ata6 supported */
149 put_le16(p + 81, 0x16); /* conforms to ata5 */
150 /* 14=NOP supported, 5=WCACHE supported, 0=SMART supported */
151 put_le16(p + 82, (1 << 14) | (1 << 5) | 1);
152 /* 13=flush_cache_ext,12=flush_cache,10=lba48 */
153 put_le16(p + 83, (1 << 14) | (1 << 13) | (1 <<12) | (1 << 10));
154 /* 14=set to 1, 1=SMART self test, 0=SMART error logging */
155 put_le16(p + 84, (1 << 14) | 0);
156 /* 14 = NOP supported, 5=WCACHE enabled, 0=SMART feature set enabled */
157 if (bdrv_enable_write_cache(s->bs))
158 put_le16(p + 85, (1 << 14) | (1 << 5) | 1);
159 else
160 put_le16(p + 85, (1 << 14) | 1);
161 /* 13=flush_cache_ext,12=flush_cache,10=lba48 */
162 put_le16(p + 86, (1 << 14) | (1 << 13) | (1 <<12) | (1 << 10));
163 /* 14=set to 1, 1=smart self test, 0=smart error logging */
164 put_le16(p + 87, (1 << 14) | 0);
165 put_le16(p + 88, 0x3f | (1 << 13)); /* udma5 set and supported */
166 put_le16(p + 93, 1 | (1 << 14) | 0x2000);
167 put_le16(p + 100, s->nb_sectors);
168 put_le16(p + 101, s->nb_sectors >> 16);
169 put_le16(p + 102, s->nb_sectors >> 32);
170 put_le16(p + 103, s->nb_sectors >> 48);
171 dev = s->unit ? s->bus->slave : s->bus->master;
172 if (dev && dev->conf.physical_block_size)
173 put_le16(p + 106, 0x6000 | get_physical_block_exp(&dev->conf));
174
175 memcpy(s->identify_data, p, sizeof(s->identify_data));
176 s->identify_set = 1;
177 }
178
179 static void ide_atapi_identify(IDEState *s)
180 {
181 uint16_t *p;
182
183 if (s->identify_set) {
184 memcpy(s->io_buffer, s->identify_data, sizeof(s->identify_data));
185 return;
186 }
187
188 memset(s->io_buffer, 0, 512);
189 p = (uint16_t *)s->io_buffer;
190 /* Removable CDROM, 50us response, 12 byte packets */
191 put_le16(p + 0, (2 << 14) | (5 << 8) | (1 << 7) | (2 << 5) | (0 << 0));
192 padstr((char *)(p + 10), s->drive_serial_str, 20); /* serial number */
193 put_le16(p + 20, 3); /* buffer type */
194 put_le16(p + 21, 512); /* cache size in sectors */
195 put_le16(p + 22, 4); /* ecc bytes */
196 padstr((char *)(p + 23), s->version, 8); /* firmware version */
197 padstr((char *)(p + 27), "QEMU DVD-ROM", 40); /* model */
198 put_le16(p + 48, 1); /* dword I/O (XXX: should not be set on CDROM) */
199 #ifdef USE_DMA_CDROM
200 put_le16(p + 49, 1 << 9 | 1 << 8); /* DMA and LBA supported */
201 put_le16(p + 53, 7); /* words 64-70, 54-58, 88 valid */
202 put_le16(p + 62, 7); /* single word dma0-2 supported */
203 put_le16(p + 63, 7); /* mdma0-2 supported */
204 #else
205 put_le16(p + 49, 1 << 9); /* LBA supported, no DMA */
206 put_le16(p + 53, 3); /* words 64-70, 54-58 valid */
207 put_le16(p + 63, 0x103); /* DMA modes XXX: may be incorrect */
208 #endif
209 put_le16(p + 64, 3); /* pio3-4 supported */
210 put_le16(p + 65, 0xb4); /* minimum DMA multiword tx cycle time */
211 put_le16(p + 66, 0xb4); /* recommended DMA multiword tx cycle time */
212 put_le16(p + 67, 0x12c); /* minimum PIO cycle time without flow control */
213 put_le16(p + 68, 0xb4); /* minimum PIO cycle time with IORDY flow control */
214
215 put_le16(p + 71, 30); /* in ns */
216 put_le16(p + 72, 30); /* in ns */
217
218 put_le16(p + 80, 0x1e); /* support up to ATA/ATAPI-4 */
219 #ifdef USE_DMA_CDROM
220 put_le16(p + 88, 0x3f | (1 << 13)); /* udma5 set and supported */
221 #endif
222 memcpy(s->identify_data, p, sizeof(s->identify_data));
223 s->identify_set = 1;
224 }
225
226 static void ide_cfata_identify(IDEState *s)
227 {
228 uint16_t *p;
229 uint32_t cur_sec;
230
231 p = (uint16_t *) s->identify_data;
232 if (s->identify_set)
233 goto fill_buffer;
234
235 memset(p, 0, sizeof(s->identify_data));
236
237 cur_sec = s->cylinders * s->heads * s->sectors;
238
239 put_le16(p + 0, 0x848a); /* CF Storage Card signature */
240 put_le16(p + 1, s->cylinders); /* Default cylinders */
241 put_le16(p + 3, s->heads); /* Default heads */
242 put_le16(p + 6, s->sectors); /* Default sectors per track */
243 put_le16(p + 7, s->nb_sectors >> 16); /* Sectors per card */
244 put_le16(p + 8, s->nb_sectors); /* Sectors per card */
245 padstr((char *)(p + 10), s->drive_serial_str, 20); /* serial number */
246 put_le16(p + 22, 0x0004); /* ECC bytes */
247 padstr((char *) (p + 23), s->version, 8); /* Firmware Revision */
248 padstr((char *) (p + 27), "QEMU MICRODRIVE", 40);/* Model number */
249 #if MAX_MULT_SECTORS > 1
250 put_le16(p + 47, 0x8000 | MAX_MULT_SECTORS);
251 #else
252 put_le16(p + 47, 0x0000);
253 #endif
254 put_le16(p + 49, 0x0f00); /* Capabilities */
255 put_le16(p + 51, 0x0002); /* PIO cycle timing mode */
256 put_le16(p + 52, 0x0001); /* DMA cycle timing mode */
257 put_le16(p + 53, 0x0003); /* Translation params valid */
258 put_le16(p + 54, s->cylinders); /* Current cylinders */
259 put_le16(p + 55, s->heads); /* Current heads */
260 put_le16(p + 56, s->sectors); /* Current sectors */
261 put_le16(p + 57, cur_sec); /* Current capacity */
262 put_le16(p + 58, cur_sec >> 16); /* Current capacity */
263 if (s->mult_sectors) /* Multiple sector setting */
264 put_le16(p + 59, 0x100 | s->mult_sectors);
265 put_le16(p + 60, s->nb_sectors); /* Total LBA sectors */
266 put_le16(p + 61, s->nb_sectors >> 16); /* Total LBA sectors */
267 put_le16(p + 63, 0x0203); /* Multiword DMA capability */
268 put_le16(p + 64, 0x0001); /* Flow Control PIO support */
269 put_le16(p + 65, 0x0096); /* Min. Multiword DMA cycle */
270 put_le16(p + 66, 0x0096); /* Rec. Multiword DMA cycle */
271 put_le16(p + 68, 0x00b4); /* Min. PIO cycle time */
272 put_le16(p + 82, 0x400c); /* Command Set supported */
273 put_le16(p + 83, 0x7068); /* Command Set supported */
274 put_le16(p + 84, 0x4000); /* Features supported */
275 put_le16(p + 85, 0x000c); /* Command Set enabled */
276 put_le16(p + 86, 0x7044); /* Command Set enabled */
277 put_le16(p + 87, 0x4000); /* Features enabled */
278 put_le16(p + 91, 0x4060); /* Current APM level */
279 put_le16(p + 129, 0x0002); /* Current features option */
280 put_le16(p + 130, 0x0005); /* Reassigned sectors */
281 put_le16(p + 131, 0x0001); /* Initial power mode */
282 put_le16(p + 132, 0x0000); /* User signature */
283 put_le16(p + 160, 0x8100); /* Power requirement */
284 put_le16(p + 161, 0x8001); /* CF command set */
285
286 s->identify_set = 1;
287
288 fill_buffer:
289 memcpy(s->io_buffer, p, sizeof(s->identify_data));
290 }
291
292 static void ide_set_signature(IDEState *s)
293 {
294 s->select &= 0xf0; /* clear head */
295 /* put signature */
296 s->nsector = 1;
297 s->sector = 1;
298 if (s->drive_kind == IDE_CD) {
299 s->lcyl = 0x14;
300 s->hcyl = 0xeb;
301 } else if (s->bs) {
302 s->lcyl = 0;
303 s->hcyl = 0;
304 } else {
305 s->lcyl = 0xff;
306 s->hcyl = 0xff;
307 }
308 }
309
310 static inline void ide_abort_command(IDEState *s)
311 {
312 s->status = READY_STAT | ERR_STAT;
313 s->error = ABRT_ERR;
314 }
315
316 static inline void ide_dma_submit_check(IDEState *s,
317 BlockDriverCompletionFunc *dma_cb, BMDMAState *bm)
318 {
319 if (bm->aiocb)
320 return;
321 dma_cb(bm, -1);
322 }
323
324 /* prepare data transfer and tell what to do after */
325 static void ide_transfer_start(IDEState *s, uint8_t *buf, int size,
326 EndTransferFunc *end_transfer_func)
327 {
328 s->end_transfer_func = end_transfer_func;
329 s->data_ptr = buf;
330 s->data_end = buf + size;
331 if (!(s->status & ERR_STAT))
332 s->status |= DRQ_STAT;
333 }
334
335 static void ide_transfer_stop(IDEState *s)
336 {
337 s->end_transfer_func = ide_transfer_stop;
338 s->data_ptr = s->io_buffer;
339 s->data_end = s->io_buffer;
340 s->status &= ~DRQ_STAT;
341 }
342
343 int64_t ide_get_sector(IDEState *s)
344 {
345 int64_t sector_num;
346 if (s->select & 0x40) {
347 /* lba */
348 if (!s->lba48) {
349 sector_num = ((s->select & 0x0f) << 24) | (s->hcyl << 16) |
350 (s->lcyl << 8) | s->sector;
351 } else {
352 sector_num = ((int64_t)s->hob_hcyl << 40) |
353 ((int64_t) s->hob_lcyl << 32) |
354 ((int64_t) s->hob_sector << 24) |
355 ((int64_t) s->hcyl << 16) |
356 ((int64_t) s->lcyl << 8) | s->sector;
357 }
358 } else {
359 sector_num = ((s->hcyl << 8) | s->lcyl) * s->heads * s->sectors +
360 (s->select & 0x0f) * s->sectors + (s->sector - 1);
361 }
362 return sector_num;
363 }
364
365 void ide_set_sector(IDEState *s, int64_t sector_num)
366 {
367 unsigned int cyl, r;
368 if (s->select & 0x40) {
369 if (!s->lba48) {
370 s->select = (s->select & 0xf0) | (sector_num >> 24);
371 s->hcyl = (sector_num >> 16);
372 s->lcyl = (sector_num >> 8);
373 s->sector = (sector_num);
374 } else {
375 s->sector = sector_num;
376 s->lcyl = sector_num >> 8;
377 s->hcyl = sector_num >> 16;
378 s->hob_sector = sector_num >> 24;
379 s->hob_lcyl = sector_num >> 32;
380 s->hob_hcyl = sector_num >> 40;
381 }
382 } else {
383 cyl = sector_num / (s->heads * s->sectors);
384 r = sector_num % (s->heads * s->sectors);
385 s->hcyl = cyl >> 8;
386 s->lcyl = cyl;
387 s->select = (s->select & 0xf0) | ((r / s->sectors) & 0x0f);
388 s->sector = (r % s->sectors) + 1;
389 }
390 }
391
392 static void ide_rw_error(IDEState *s) {
393 ide_abort_command(s);
394 ide_set_irq(s->bus);
395 }
396
397 static void ide_sector_read(IDEState *s)
398 {
399 int64_t sector_num;
400 int ret, n;
401
402 s->status = READY_STAT | SEEK_STAT;
403 s->error = 0; /* not needed by IDE spec, but needed by Windows */
404 sector_num = ide_get_sector(s);
405 n = s->nsector;
406 if (n == 0) {
407 /* no more sector to read from disk */
408 ide_transfer_stop(s);
409 } else {
410 #if defined(DEBUG_IDE)
411 printf("read sector=%" PRId64 "\n", sector_num);
412 #endif
413 if (n > s->req_nb_sectors)
414 n = s->req_nb_sectors;
415 ret = bdrv_read(s->bs, sector_num, s->io_buffer, n);
416 if (ret != 0) {
417 if (ide_handle_rw_error(s, -ret,
418 BM_STATUS_PIO_RETRY | BM_STATUS_RETRY_READ))
419 {
420 return;
421 }
422 }
423 ide_transfer_start(s, s->io_buffer, 512 * n, ide_sector_read);
424 ide_set_irq(s->bus);
425 ide_set_sector(s, sector_num + n);
426 s->nsector -= n;
427 }
428 }
429
430
431 /* return 0 if buffer completed */
432 static int dma_buf_prepare(BMDMAState *bm, int is_write)
433 {
434 IDEState *s = bmdma_active_if(bm);
435 struct {
436 uint32_t addr;
437 uint32_t size;
438 } prd;
439 int l, len;
440
441 qemu_sglist_init(&s->sg, s->nsector / (IDE_PAGE_SIZE / 512) + 1);
442 s->io_buffer_size = 0;
443 for(;;) {
444 if (bm->cur_prd_len == 0) {
445 /* end of table (with a fail safe of one page) */
446 if (bm->cur_prd_last ||
447 (bm->cur_addr - bm->addr) >= IDE_PAGE_SIZE)
448 return s->io_buffer_size != 0;
449 cpu_physical_memory_read(bm->cur_addr, (uint8_t *)&prd, 8);
450 bm->cur_addr += 8;
451 prd.addr = le32_to_cpu(prd.addr);
452 prd.size = le32_to_cpu(prd.size);
453 len = prd.size & 0xfffe;
454 if (len == 0)
455 len = 0x10000;
456 bm->cur_prd_len = len;
457 bm->cur_prd_addr = prd.addr;
458 bm->cur_prd_last = (prd.size & 0x80000000);
459 }
460 l = bm->cur_prd_len;
461 if (l > 0) {
462 qemu_sglist_add(&s->sg, bm->cur_prd_addr, l);
463 bm->cur_prd_addr += l;
464 bm->cur_prd_len -= l;
465 s->io_buffer_size += l;
466 }
467 }
468 return 1;
469 }
470
471 static void dma_buf_commit(IDEState *s, int is_write)
472 {
473 qemu_sglist_destroy(&s->sg);
474 }
475
476 static void ide_dma_set_inactive(BMDMAState *bm)
477 {
478 bm->status &= ~BM_STATUS_DMAING;
479 bm->dma_cb = NULL;
480 bm->unit = -1;
481 bm->aiocb = NULL;
482 }
483
484 void ide_dma_error(IDEState *s)
485 {
486 ide_transfer_stop(s);
487 s->error = ABRT_ERR;
488 s->status = READY_STAT | ERR_STAT;
489 ide_dma_set_inactive(s->bus->bmdma);
490 s->bus->bmdma->status |= BM_STATUS_INT;
491 ide_set_irq(s->bus);
492 }
493
494 static int ide_handle_rw_error(IDEState *s, int error, int op)
495 {
496 int is_read = (op & BM_STATUS_RETRY_READ);
497 BlockErrorAction action = bdrv_get_on_error(s->bs, is_read);
498
499 if (action == BLOCK_ERR_IGNORE) {
500 bdrv_mon_event(s->bs, BDRV_ACTION_IGNORE, is_read);
501 return 0;
502 }
503
504 if ((error == ENOSPC && action == BLOCK_ERR_STOP_ENOSPC)
505 || action == BLOCK_ERR_STOP_ANY) {
506 s->bus->bmdma->unit = s->unit;
507 s->bus->bmdma->status |= op;
508 bdrv_mon_event(s->bs, BDRV_ACTION_STOP, is_read);
509 vm_stop(0);
510 } else {
511 if (op & BM_STATUS_DMA_RETRY) {
512 dma_buf_commit(s, 0);
513 ide_dma_error(s);
514 } else {
515 ide_rw_error(s);
516 }
517 bdrv_mon_event(s->bs, BDRV_ACTION_REPORT, is_read);
518 }
519
520 return 1;
521 }
522
523 /* return 0 if buffer completed */
524 static int dma_buf_rw(BMDMAState *bm, int is_write)
525 {
526 IDEState *s = bmdma_active_if(bm);
527 struct {
528 uint32_t addr;
529 uint32_t size;
530 } prd;
531 int l, len;
532
533 for(;;) {
534 l = s->io_buffer_size - s->io_buffer_index;
535 if (l <= 0)
536 break;
537 if (bm->cur_prd_len == 0) {
538 /* end of table (with a fail safe of one page) */
539 if (bm->cur_prd_last ||
540 (bm->cur_addr - bm->addr) >= IDE_PAGE_SIZE)
541 return 0;
542 cpu_physical_memory_read(bm->cur_addr, (uint8_t *)&prd, 8);
543 bm->cur_addr += 8;
544 prd.addr = le32_to_cpu(prd.addr);
545 prd.size = le32_to_cpu(prd.size);
546 len = prd.size & 0xfffe;
547 if (len == 0)
548 len = 0x10000;
549 bm->cur_prd_len = len;
550 bm->cur_prd_addr = prd.addr;
551 bm->cur_prd_last = (prd.size & 0x80000000);
552 }
553 if (l > bm->cur_prd_len)
554 l = bm->cur_prd_len;
555 if (l > 0) {
556 if (is_write) {
557 cpu_physical_memory_write(bm->cur_prd_addr,
558 s->io_buffer + s->io_buffer_index, l);
559 } else {
560 cpu_physical_memory_read(bm->cur_prd_addr,
561 s->io_buffer + s->io_buffer_index, l);
562 }
563 bm->cur_prd_addr += l;
564 bm->cur_prd_len -= l;
565 s->io_buffer_index += l;
566 }
567 }
568 return 1;
569 }
570
571 static void ide_read_dma_cb(void *opaque, int ret)
572 {
573 BMDMAState *bm = opaque;
574 IDEState *s = bmdma_active_if(bm);
575 int n;
576 int64_t sector_num;
577
578 if (ret < 0) {
579 if (ide_handle_rw_error(s, -ret,
580 BM_STATUS_DMA_RETRY | BM_STATUS_RETRY_READ))
581 {
582 return;
583 }
584 }
585
586 n = s->io_buffer_size >> 9;
587 sector_num = ide_get_sector(s);
588 if (n > 0) {
589 dma_buf_commit(s, 1);
590 sector_num += n;
591 ide_set_sector(s, sector_num);
592 s->nsector -= n;
593 }
594
595 /* end of transfer ? */
596 if (s->nsector == 0) {
597 s->status = READY_STAT | SEEK_STAT;
598 ide_set_irq(s->bus);
599 eot:
600 bm->status |= BM_STATUS_INT;
601 ide_dma_set_inactive(bm);
602 return;
603 }
604
605 /* launch next transfer */
606 n = s->nsector;
607 s->io_buffer_index = 0;
608 s->io_buffer_size = n * 512;
609 if (dma_buf_prepare(bm, 1) == 0)
610 goto eot;
611 #ifdef DEBUG_AIO
612 printf("aio_read: sector_num=%" PRId64 " n=%d\n", sector_num, n);
613 #endif
614 bm->aiocb = dma_bdrv_read(s->bs, &s->sg, sector_num, ide_read_dma_cb, bm);
615 ide_dma_submit_check(s, ide_read_dma_cb, bm);
616 }
617
618 static void ide_sector_read_dma(IDEState *s)
619 {
620 s->status = READY_STAT | SEEK_STAT | DRQ_STAT | BUSY_STAT;
621 s->io_buffer_index = 0;
622 s->io_buffer_size = 0;
623 s->is_read = 1;
624 ide_dma_start(s, ide_read_dma_cb);
625 }
626
627 static void ide_sector_write_timer_cb(void *opaque)
628 {
629 IDEState *s = opaque;
630 ide_set_irq(s->bus);
631 }
632
633 static void ide_sector_write(IDEState *s)
634 {
635 int64_t sector_num;
636 int ret, n, n1;
637
638 s->status = READY_STAT | SEEK_STAT;
639 sector_num = ide_get_sector(s);
640 #if defined(DEBUG_IDE)
641 printf("write sector=%" PRId64 "\n", sector_num);
642 #endif
643 n = s->nsector;
644 if (n > s->req_nb_sectors)
645 n = s->req_nb_sectors;
646 ret = bdrv_write(s->bs, sector_num, s->io_buffer, n);
647
648 if (ret != 0) {
649 if (ide_handle_rw_error(s, -ret, BM_STATUS_PIO_RETRY))
650 return;
651 }
652
653 s->nsector -= n;
654 if (s->nsector == 0) {
655 /* no more sectors to write */
656 ide_transfer_stop(s);
657 } else {
658 n1 = s->nsector;
659 if (n1 > s->req_nb_sectors)
660 n1 = s->req_nb_sectors;
661 ide_transfer_start(s, s->io_buffer, 512 * n1, ide_sector_write);
662 }
663 ide_set_sector(s, sector_num + n);
664
665 if (win2k_install_hack && ((++s->irq_count % 16) == 0)) {
666 /* It seems there is a bug in the Windows 2000 installer HDD
667 IDE driver which fills the disk with empty logs when the
668 IDE write IRQ comes too early. This hack tries to correct
669 that at the expense of slower write performances. Use this
670 option _only_ to install Windows 2000. You must disable it
671 for normal use. */
672 qemu_mod_timer(s->sector_write_timer,
673 qemu_get_clock(vm_clock) + (get_ticks_per_sec() / 1000));
674 } else {
675 ide_set_irq(s->bus);
676 }
677 }
678
679 static void ide_dma_restart_bh(void *opaque)
680 {
681 BMDMAState *bm = opaque;
682 int is_read;
683
684 qemu_bh_delete(bm->bh);
685 bm->bh = NULL;
686
687 is_read = !!(bm->status & BM_STATUS_RETRY_READ);
688
689 if (bm->status & BM_STATUS_DMA_RETRY) {
690 bm->status &= ~(BM_STATUS_DMA_RETRY | BM_STATUS_RETRY_READ);
691 ide_dma_restart(bmdma_active_if(bm), is_read);
692 } else if (bm->status & BM_STATUS_PIO_RETRY) {
693 bm->status &= ~(BM_STATUS_PIO_RETRY | BM_STATUS_RETRY_READ);
694 if (is_read) {
695 ide_sector_read(bmdma_active_if(bm));
696 } else {
697 ide_sector_write(bmdma_active_if(bm));
698 }
699 } else if (bm->status & BM_STATUS_RETRY_FLUSH) {
700 ide_flush_cache(bmdma_active_if(bm));
701 }
702 }
703
704 void ide_dma_restart_cb(void *opaque, int running, int reason)
705 {
706 BMDMAState *bm = opaque;
707
708 if (!running)
709 return;
710
711 if (!bm->bh) {
712 bm->bh = qemu_bh_new(ide_dma_restart_bh, bm);
713 qemu_bh_schedule(bm->bh);
714 }
715 }
716
717 static void ide_write_dma_cb(void *opaque, int ret)
718 {
719 BMDMAState *bm = opaque;
720 IDEState *s = bmdma_active_if(bm);
721 int n;
722 int64_t sector_num;
723
724 if (ret < 0) {
725 if (ide_handle_rw_error(s, -ret, BM_STATUS_DMA_RETRY))
726 return;
727 }
728
729 n = s->io_buffer_size >> 9;
730 sector_num = ide_get_sector(s);
731 if (n > 0) {
732 dma_buf_commit(s, 0);
733 sector_num += n;
734 ide_set_sector(s, sector_num);
735 s->nsector -= n;
736 }
737
738 /* end of transfer ? */
739 if (s->nsector == 0) {
740 s->status = READY_STAT | SEEK_STAT;
741 ide_set_irq(s->bus);
742 eot:
743 bm->status |= BM_STATUS_INT;
744 ide_dma_set_inactive(bm);
745 return;
746 }
747
748 n = s->nsector;
749 s->io_buffer_size = n * 512;
750 /* launch next transfer */
751 if (dma_buf_prepare(bm, 0) == 0)
752 goto eot;
753 #ifdef DEBUG_AIO
754 printf("aio_write: sector_num=%" PRId64 " n=%d\n", sector_num, n);
755 #endif
756 bm->aiocb = dma_bdrv_write(s->bs, &s->sg, sector_num, ide_write_dma_cb, bm);
757 ide_dma_submit_check(s, ide_write_dma_cb, bm);
758 }
759
760 static void ide_sector_write_dma(IDEState *s)
761 {
762 s->status = READY_STAT | SEEK_STAT | DRQ_STAT | BUSY_STAT;
763 s->io_buffer_index = 0;
764 s->io_buffer_size = 0;
765 s->is_read = 0;
766 ide_dma_start(s, ide_write_dma_cb);
767 }
768
769 void ide_atapi_cmd_ok(IDEState *s)
770 {
771 s->error = 0;
772 s->status = READY_STAT | SEEK_STAT;
773 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
774 ide_set_irq(s->bus);
775 }
776
777 void ide_atapi_cmd_error(IDEState *s, int sense_key, int asc)
778 {
779 #ifdef DEBUG_IDE_ATAPI
780 printf("atapi_cmd_error: sense=0x%x asc=0x%x\n", sense_key, asc);
781 #endif
782 s->error = sense_key << 4;
783 s->status = READY_STAT | ERR_STAT;
784 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
785 s->sense_key = sense_key;
786 s->asc = asc;
787 ide_set_irq(s->bus);
788 }
789
790 static void ide_atapi_cmd_check_status(IDEState *s)
791 {
792 #ifdef DEBUG_IDE_ATAPI
793 printf("atapi_cmd_check_status\n");
794 #endif
795 s->error = MC_ERR | (SENSE_UNIT_ATTENTION << 4);
796 s->status = ERR_STAT;
797 s->nsector = 0;
798 ide_set_irq(s->bus);
799 }
800
801 static void ide_flush_cb(void *opaque, int ret)
802 {
803 IDEState *s = opaque;
804
805 if (ret < 0) {
806 /* XXX: What sector number to set here? */
807 if (ide_handle_rw_error(s, -ret, BM_STATUS_RETRY_FLUSH)) {
808 return;
809 }
810 }
811
812 s->status = READY_STAT | SEEK_STAT;
813 ide_set_irq(s->bus);
814 }
815
816 static void ide_flush_cache(IDEState *s)
817 {
818 BlockDriverAIOCB *acb;
819
820 if (s->bs == NULL) {
821 ide_flush_cb(s, 0);
822 return;
823 }
824
825 acb = bdrv_aio_flush(s->bs, ide_flush_cb, s);
826 if (acb == NULL) {
827 ide_flush_cb(s, -EIO);
828 }
829 }
830
831 static inline void cpu_to_ube16(uint8_t *buf, int val)
832 {
833 buf[0] = val >> 8;
834 buf[1] = val & 0xff;
835 }
836
837 static inline void cpu_to_ube32(uint8_t *buf, unsigned int val)
838 {
839 buf[0] = val >> 24;
840 buf[1] = val >> 16;
841 buf[2] = val >> 8;
842 buf[3] = val & 0xff;
843 }
844
845 static inline int ube16_to_cpu(const uint8_t *buf)
846 {
847 return (buf[0] << 8) | buf[1];
848 }
849
850 static inline int ube32_to_cpu(const uint8_t *buf)
851 {
852 return (buf[0] << 24) | (buf[1] << 16) | (buf[2] << 8) | buf[3];
853 }
854
855 static void lba_to_msf(uint8_t *buf, int lba)
856 {
857 lba += 150;
858 buf[0] = (lba / 75) / 60;
859 buf[1] = (lba / 75) % 60;
860 buf[2] = lba % 75;
861 }
862
863 static void cd_data_to_raw(uint8_t *buf, int lba)
864 {
865 /* sync bytes */
866 buf[0] = 0x00;
867 memset(buf + 1, 0xff, 10);
868 buf[11] = 0x00;
869 buf += 12;
870 /* MSF */
871 lba_to_msf(buf, lba);
872 buf[3] = 0x01; /* mode 1 data */
873 buf += 4;
874 /* data */
875 buf += 2048;
876 /* XXX: ECC not computed */
877 memset(buf, 0, 288);
878 }
879
880 static int cd_read_sector(BlockDriverState *bs, int lba, uint8_t *buf,
881 int sector_size)
882 {
883 int ret;
884
885 switch(sector_size) {
886 case 2048:
887 ret = bdrv_read(bs, (int64_t)lba << 2, buf, 4);
888 break;
889 case 2352:
890 ret = bdrv_read(bs, (int64_t)lba << 2, buf + 16, 4);
891 if (ret < 0)
892 return ret;
893 cd_data_to_raw(buf, lba);
894 break;
895 default:
896 ret = -EIO;
897 break;
898 }
899 return ret;
900 }
901
902 void ide_atapi_io_error(IDEState *s, int ret)
903 {
904 /* XXX: handle more errors */
905 if (ret == -ENOMEDIUM) {
906 ide_atapi_cmd_error(s, SENSE_NOT_READY,
907 ASC_MEDIUM_NOT_PRESENT);
908 } else {
909 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
910 ASC_LOGICAL_BLOCK_OOR);
911 }
912 }
913
914 /* The whole ATAPI transfer logic is handled in this function */
915 static void ide_atapi_cmd_reply_end(IDEState *s)
916 {
917 int byte_count_limit, size, ret;
918 #ifdef DEBUG_IDE_ATAPI
919 printf("reply: tx_size=%d elem_tx_size=%d index=%d\n",
920 s->packet_transfer_size,
921 s->elementary_transfer_size,
922 s->io_buffer_index);
923 #endif
924 if (s->packet_transfer_size <= 0) {
925 /* end of transfer */
926 ide_transfer_stop(s);
927 s->status = READY_STAT | SEEK_STAT;
928 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
929 ide_set_irq(s->bus);
930 #ifdef DEBUG_IDE_ATAPI
931 printf("status=0x%x\n", s->status);
932 #endif
933 } else {
934 /* see if a new sector must be read */
935 if (s->lba != -1 && s->io_buffer_index >= s->cd_sector_size) {
936 ret = cd_read_sector(s->bs, s->lba, s->io_buffer, s->cd_sector_size);
937 if (ret < 0) {
938 ide_transfer_stop(s);
939 ide_atapi_io_error(s, ret);
940 return;
941 }
942 s->lba++;
943 s->io_buffer_index = 0;
944 }
945 if (s->elementary_transfer_size > 0) {
946 /* there are some data left to transmit in this elementary
947 transfer */
948 size = s->cd_sector_size - s->io_buffer_index;
949 if (size > s->elementary_transfer_size)
950 size = s->elementary_transfer_size;
951 ide_transfer_start(s, s->io_buffer + s->io_buffer_index,
952 size, ide_atapi_cmd_reply_end);
953 s->packet_transfer_size -= size;
954 s->elementary_transfer_size -= size;
955 s->io_buffer_index += size;
956 } else {
957 /* a new transfer is needed */
958 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO;
959 byte_count_limit = s->lcyl | (s->hcyl << 8);
960 #ifdef DEBUG_IDE_ATAPI
961 printf("byte_count_limit=%d\n", byte_count_limit);
962 #endif
963 if (byte_count_limit == 0xffff)
964 byte_count_limit--;
965 size = s->packet_transfer_size;
966 if (size > byte_count_limit) {
967 /* byte count limit must be even if this case */
968 if (byte_count_limit & 1)
969 byte_count_limit--;
970 size = byte_count_limit;
971 }
972 s->lcyl = size;
973 s->hcyl = size >> 8;
974 s->elementary_transfer_size = size;
975 /* we cannot transmit more than one sector at a time */
976 if (s->lba != -1) {
977 if (size > (s->cd_sector_size - s->io_buffer_index))
978 size = (s->cd_sector_size - s->io_buffer_index);
979 }
980 ide_transfer_start(s, s->io_buffer + s->io_buffer_index,
981 size, ide_atapi_cmd_reply_end);
982 s->packet_transfer_size -= size;
983 s->elementary_transfer_size -= size;
984 s->io_buffer_index += size;
985 ide_set_irq(s->bus);
986 #ifdef DEBUG_IDE_ATAPI
987 printf("status=0x%x\n", s->status);
988 #endif
989 }
990 }
991 }
992
993 /* send a reply of 'size' bytes in s->io_buffer to an ATAPI command */
994 static void ide_atapi_cmd_reply(IDEState *s, int size, int max_size)
995 {
996 if (size > max_size)
997 size = max_size;
998 s->lba = -1; /* no sector read */
999 s->packet_transfer_size = size;
1000 s->io_buffer_size = size; /* dma: send the reply data as one chunk */
1001 s->elementary_transfer_size = 0;
1002 s->io_buffer_index = 0;
1003
1004 if (s->atapi_dma) {
1005 s->status = READY_STAT | SEEK_STAT | DRQ_STAT;
1006 ide_dma_start(s, ide_atapi_cmd_read_dma_cb);
1007 } else {
1008 s->status = READY_STAT | SEEK_STAT;
1009 ide_atapi_cmd_reply_end(s);
1010 }
1011 }
1012
1013 /* start a CD-CDROM read command */
1014 static void ide_atapi_cmd_read_pio(IDEState *s, int lba, int nb_sectors,
1015 int sector_size)
1016 {
1017 s->lba = lba;
1018 s->packet_transfer_size = nb_sectors * sector_size;
1019 s->elementary_transfer_size = 0;
1020 s->io_buffer_index = sector_size;
1021 s->cd_sector_size = sector_size;
1022
1023 s->status = READY_STAT | SEEK_STAT;
1024 ide_atapi_cmd_reply_end(s);
1025 }
1026
1027 /* ATAPI DMA support */
1028
1029 /* XXX: handle read errors */
1030 static void ide_atapi_cmd_read_dma_cb(void *opaque, int ret)
1031 {
1032 BMDMAState *bm = opaque;
1033 IDEState *s = bmdma_active_if(bm);
1034 int data_offset, n;
1035
1036 if (ret < 0) {
1037 ide_atapi_io_error(s, ret);
1038 goto eot;
1039 }
1040
1041 if (s->io_buffer_size > 0) {
1042 /*
1043 * For a cdrom read sector command (s->lba != -1),
1044 * adjust the lba for the next s->io_buffer_size chunk
1045 * and dma the current chunk.
1046 * For a command != read (s->lba == -1), just transfer
1047 * the reply data.
1048 */
1049 if (s->lba != -1) {
1050 if (s->cd_sector_size == 2352) {
1051 n = 1;
1052 cd_data_to_raw(s->io_buffer, s->lba);
1053 } else {
1054 n = s->io_buffer_size >> 11;
1055 }
1056 s->lba += n;
1057 }
1058 s->packet_transfer_size -= s->io_buffer_size;
1059 if (dma_buf_rw(bm, 1) == 0)
1060 goto eot;
1061 }
1062
1063 if (s->packet_transfer_size <= 0) {
1064 s->status = READY_STAT | SEEK_STAT;
1065 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
1066 ide_set_irq(s->bus);
1067 eot:
1068 bm->status |= BM_STATUS_INT;
1069 ide_dma_set_inactive(bm);
1070 return;
1071 }
1072
1073 s->io_buffer_index = 0;
1074 if (s->cd_sector_size == 2352) {
1075 n = 1;
1076 s->io_buffer_size = s->cd_sector_size;
1077 data_offset = 16;
1078 } else {
1079 n = s->packet_transfer_size >> 11;
1080 if (n > (IDE_DMA_BUF_SECTORS / 4))
1081 n = (IDE_DMA_BUF_SECTORS / 4);
1082 s->io_buffer_size = n * 2048;
1083 data_offset = 0;
1084 }
1085 #ifdef DEBUG_AIO
1086 printf("aio_read_cd: lba=%u n=%d\n", s->lba, n);
1087 #endif
1088 bm->iov.iov_base = (void *)(s->io_buffer + data_offset);
1089 bm->iov.iov_len = n * 4 * 512;
1090 qemu_iovec_init_external(&bm->qiov, &bm->iov, 1);
1091 bm->aiocb = bdrv_aio_readv(s->bs, (int64_t)s->lba << 2, &bm->qiov,
1092 n * 4, ide_atapi_cmd_read_dma_cb, bm);
1093 if (!bm->aiocb) {
1094 /* Note: media not present is the most likely case */
1095 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1096 ASC_MEDIUM_NOT_PRESENT);
1097 goto eot;
1098 }
1099 }
1100
1101 /* start a CD-CDROM read command with DMA */
1102 /* XXX: test if DMA is available */
1103 static void ide_atapi_cmd_read_dma(IDEState *s, int lba, int nb_sectors,
1104 int sector_size)
1105 {
1106 s->lba = lba;
1107 s->packet_transfer_size = nb_sectors * sector_size;
1108 s->io_buffer_index = 0;
1109 s->io_buffer_size = 0;
1110 s->cd_sector_size = sector_size;
1111
1112 /* XXX: check if BUSY_STAT should be set */
1113 s->status = READY_STAT | SEEK_STAT | DRQ_STAT | BUSY_STAT;
1114 ide_dma_start(s, ide_atapi_cmd_read_dma_cb);
1115 }
1116
1117 static void ide_atapi_cmd_read(IDEState *s, int lba, int nb_sectors,
1118 int sector_size)
1119 {
1120 #ifdef DEBUG_IDE_ATAPI
1121 printf("read %s: LBA=%d nb_sectors=%d\n", s->atapi_dma ? "dma" : "pio",
1122 lba, nb_sectors);
1123 #endif
1124 if (s->atapi_dma) {
1125 ide_atapi_cmd_read_dma(s, lba, nb_sectors, sector_size);
1126 } else {
1127 ide_atapi_cmd_read_pio(s, lba, nb_sectors, sector_size);
1128 }
1129 }
1130
1131 static inline uint8_t ide_atapi_set_profile(uint8_t *buf, uint8_t *index,
1132 uint16_t profile)
1133 {
1134 uint8_t *buf_profile = buf + 12; /* start of profiles */
1135
1136 buf_profile += ((*index) * 4); /* start of indexed profile */
1137 cpu_to_ube16 (buf_profile, profile);
1138 buf_profile[2] = ((buf_profile[0] == buf[6]) && (buf_profile[1] == buf[7]));
1139
1140 /* each profile adds 4 bytes to the response */
1141 (*index)++;
1142 buf[11] += 4; /* Additional Length */
1143
1144 return 4;
1145 }
1146
1147 static int ide_dvd_read_structure(IDEState *s, int format,
1148 const uint8_t *packet, uint8_t *buf)
1149 {
1150 switch (format) {
1151 case 0x0: /* Physical format information */
1152 {
1153 int layer = packet[6];
1154 uint64_t total_sectors;
1155
1156 if (layer != 0)
1157 return -ASC_INV_FIELD_IN_CMD_PACKET;
1158
1159 bdrv_get_geometry(s->bs, &total_sectors);
1160 total_sectors >>= 2;
1161 if (total_sectors == 0)
1162 return -ASC_MEDIUM_NOT_PRESENT;
1163
1164 buf[4] = 1; /* DVD-ROM, part version 1 */
1165 buf[5] = 0xf; /* 120mm disc, minimum rate unspecified */
1166 buf[6] = 1; /* one layer, read-only (per MMC-2 spec) */
1167 buf[7] = 0; /* default densities */
1168
1169 /* FIXME: 0x30000 per spec? */
1170 cpu_to_ube32(buf + 8, 0); /* start sector */
1171 cpu_to_ube32(buf + 12, total_sectors - 1); /* end sector */
1172 cpu_to_ube32(buf + 16, total_sectors - 1); /* l0 end sector */
1173
1174 /* Size of buffer, not including 2 byte size field */
1175 cpu_to_be16wu((uint16_t *)buf, 2048 + 2);
1176
1177 /* 2k data + 4 byte header */
1178 return (2048 + 4);
1179 }
1180
1181 case 0x01: /* DVD copyright information */
1182 buf[4] = 0; /* no copyright data */
1183 buf[5] = 0; /* no region restrictions */
1184
1185 /* Size of buffer, not including 2 byte size field */
1186 cpu_to_be16wu((uint16_t *)buf, 4 + 2);
1187
1188 /* 4 byte header + 4 byte data */
1189 return (4 + 4);
1190
1191 case 0x03: /* BCA information - invalid field for no BCA info */
1192 return -ASC_INV_FIELD_IN_CMD_PACKET;
1193
1194 case 0x04: /* DVD disc manufacturing information */
1195 /* Size of buffer, not including 2 byte size field */
1196 cpu_to_be16wu((uint16_t *)buf, 2048 + 2);
1197
1198 /* 2k data + 4 byte header */
1199 return (2048 + 4);
1200
1201 case 0xff:
1202 /*
1203 * This lists all the command capabilities above. Add new ones
1204 * in order and update the length and buffer return values.
1205 */
1206
1207 buf[4] = 0x00; /* Physical format */
1208 buf[5] = 0x40; /* Not writable, is readable */
1209 cpu_to_be16wu((uint16_t *)(buf + 6), 2048 + 4);
1210
1211 buf[8] = 0x01; /* Copyright info */
1212 buf[9] = 0x40; /* Not writable, is readable */
1213 cpu_to_be16wu((uint16_t *)(buf + 10), 4 + 4);
1214
1215 buf[12] = 0x03; /* BCA info */
1216 buf[13] = 0x40; /* Not writable, is readable */
1217 cpu_to_be16wu((uint16_t *)(buf + 14), 188 + 4);
1218
1219 buf[16] = 0x04; /* Manufacturing info */
1220 buf[17] = 0x40; /* Not writable, is readable */
1221 cpu_to_be16wu((uint16_t *)(buf + 18), 2048 + 4);
1222
1223 /* Size of buffer, not including 2 byte size field */
1224 cpu_to_be16wu((uint16_t *)buf, 16 + 2);
1225
1226 /* data written + 4 byte header */
1227 return (16 + 4);
1228
1229 default: /* TODO: formats beyond DVD-ROM requires */
1230 return -ASC_INV_FIELD_IN_CMD_PACKET;
1231 }
1232 }
1233
1234 static void ide_atapi_cmd(IDEState *s)
1235 {
1236 const uint8_t *packet;
1237 uint8_t *buf;
1238 int max_len;
1239
1240 packet = s->io_buffer;
1241 buf = s->io_buffer;
1242 #ifdef DEBUG_IDE_ATAPI
1243 {
1244 int i;
1245 printf("ATAPI limit=0x%x packet:", s->lcyl | (s->hcyl << 8));
1246 for(i = 0; i < ATAPI_PACKET_SIZE; i++) {
1247 printf(" %02x", packet[i]);
1248 }
1249 printf("\n");
1250 }
1251 #endif
1252 /* If there's a UNIT_ATTENTION condition pending, only
1253 REQUEST_SENSE and INQUIRY commands are allowed to complete. */
1254 if (s->sense_key == SENSE_UNIT_ATTENTION &&
1255 s->io_buffer[0] != GPCMD_REQUEST_SENSE &&
1256 s->io_buffer[0] != GPCMD_INQUIRY) {
1257 ide_atapi_cmd_check_status(s);
1258 return;
1259 }
1260 switch(s->io_buffer[0]) {
1261 case GPCMD_TEST_UNIT_READY:
1262 if (bdrv_is_inserted(s->bs) && !s->cdrom_changed) {
1263 ide_atapi_cmd_ok(s);
1264 } else {
1265 s->cdrom_changed = 0;
1266 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1267 ASC_MEDIUM_NOT_PRESENT);
1268 }
1269 break;
1270 case GPCMD_MODE_SENSE_6:
1271 case GPCMD_MODE_SENSE_10:
1272 {
1273 int action, code;
1274 if (packet[0] == GPCMD_MODE_SENSE_10)
1275 max_len = ube16_to_cpu(packet + 7);
1276 else
1277 max_len = packet[4];
1278 action = packet[2] >> 6;
1279 code = packet[2] & 0x3f;
1280 switch(action) {
1281 case 0: /* current values */
1282 switch(code) {
1283 case GPMODE_R_W_ERROR_PAGE: /* error recovery */
1284 cpu_to_ube16(&buf[0], 16 + 6);
1285 buf[2] = 0x70;
1286 buf[3] = 0;
1287 buf[4] = 0;
1288 buf[5] = 0;
1289 buf[6] = 0;
1290 buf[7] = 0;
1291
1292 buf[8] = 0x01;
1293 buf[9] = 0x06;
1294 buf[10] = 0x00;
1295 buf[11] = 0x05;
1296 buf[12] = 0x00;
1297 buf[13] = 0x00;
1298 buf[14] = 0x00;
1299 buf[15] = 0x00;
1300 ide_atapi_cmd_reply(s, 16, max_len);
1301 break;
1302 case GPMODE_AUDIO_CTL_PAGE:
1303 cpu_to_ube16(&buf[0], 24 + 6);
1304 buf[2] = 0x70;
1305 buf[3] = 0;
1306 buf[4] = 0;
1307 buf[5] = 0;
1308 buf[6] = 0;
1309 buf[7] = 0;
1310
1311 /* Fill with CDROM audio volume */
1312 buf[17] = 0;
1313 buf[19] = 0;
1314 buf[21] = 0;
1315 buf[23] = 0;
1316
1317 ide_atapi_cmd_reply(s, 24, max_len);
1318 break;
1319 case GPMODE_CAPABILITIES_PAGE:
1320 cpu_to_ube16(&buf[0], 28 + 6);
1321 buf[2] = 0x70;
1322 buf[3] = 0;
1323 buf[4] = 0;
1324 buf[5] = 0;
1325 buf[6] = 0;
1326 buf[7] = 0;
1327
1328 buf[8] = 0x2a;
1329 buf[9] = 0x12;
1330 buf[10] = 0x00;
1331 buf[11] = 0x00;
1332
1333 /* Claim PLAY_AUDIO capability (0x01) since some Linux
1334 code checks for this to automount media. */
1335 buf[12] = 0x71;
1336 buf[13] = 3 << 5;
1337 buf[14] = (1 << 0) | (1 << 3) | (1 << 5);
1338 if (bdrv_is_locked(s->bs))
1339 buf[6] |= 1 << 1;
1340 buf[15] = 0x00;
1341 cpu_to_ube16(&buf[16], 706);
1342 buf[18] = 0;
1343 buf[19] = 2;
1344 cpu_to_ube16(&buf[20], 512);
1345 cpu_to_ube16(&buf[22], 706);
1346 buf[24] = 0;
1347 buf[25] = 0;
1348 buf[26] = 0;
1349 buf[27] = 0;
1350 ide_atapi_cmd_reply(s, 28, max_len);
1351 break;
1352 default:
1353 goto error_cmd;
1354 }
1355 break;
1356 case 1: /* changeable values */
1357 goto error_cmd;
1358 case 2: /* default values */
1359 goto error_cmd;
1360 default:
1361 case 3: /* saved values */
1362 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1363 ASC_SAVING_PARAMETERS_NOT_SUPPORTED);
1364 break;
1365 }
1366 }
1367 break;
1368 case GPCMD_REQUEST_SENSE:
1369 max_len = packet[4];
1370 memset(buf, 0, 18);
1371 buf[0] = 0x70 | (1 << 7);
1372 buf[2] = s->sense_key;
1373 buf[7] = 10;
1374 buf[12] = s->asc;
1375 if (s->sense_key == SENSE_UNIT_ATTENTION)
1376 s->sense_key = SENSE_NONE;
1377 ide_atapi_cmd_reply(s, 18, max_len);
1378 break;
1379 case GPCMD_PREVENT_ALLOW_MEDIUM_REMOVAL:
1380 if (bdrv_is_inserted(s->bs)) {
1381 bdrv_set_locked(s->bs, packet[4] & 1);
1382 ide_atapi_cmd_ok(s);
1383 } else {
1384 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1385 ASC_MEDIUM_NOT_PRESENT);
1386 }
1387 break;
1388 case GPCMD_READ_10:
1389 case GPCMD_READ_12:
1390 {
1391 int nb_sectors, lba;
1392
1393 if (packet[0] == GPCMD_READ_10)
1394 nb_sectors = ube16_to_cpu(packet + 7);
1395 else
1396 nb_sectors = ube32_to_cpu(packet + 6);
1397 lba = ube32_to_cpu(packet + 2);
1398 if (nb_sectors == 0) {
1399 ide_atapi_cmd_ok(s);
1400 break;
1401 }
1402 ide_atapi_cmd_read(s, lba, nb_sectors, 2048);
1403 }
1404 break;
1405 case GPCMD_READ_CD:
1406 {
1407 int nb_sectors, lba, transfer_request;
1408
1409 nb_sectors = (packet[6] << 16) | (packet[7] << 8) | packet[8];
1410 lba = ube32_to_cpu(packet + 2);
1411 if (nb_sectors == 0) {
1412 ide_atapi_cmd_ok(s);
1413 break;
1414 }
1415 transfer_request = packet[9];
1416 switch(transfer_request & 0xf8) {
1417 case 0x00:
1418 /* nothing */
1419 ide_atapi_cmd_ok(s);
1420 break;
1421 case 0x10:
1422 /* normal read */
1423 ide_atapi_cmd_read(s, lba, nb_sectors, 2048);
1424 break;
1425 case 0xf8:
1426 /* read all data */
1427 ide_atapi_cmd_read(s, lba, nb_sectors, 2352);
1428 break;
1429 default:
1430 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1431 ASC_INV_FIELD_IN_CMD_PACKET);
1432 break;
1433 }
1434 }
1435 break;
1436 case GPCMD_SEEK:
1437 {
1438 unsigned int lba;
1439 uint64_t total_sectors;
1440
1441 bdrv_get_geometry(s->bs, &total_sectors);
1442 total_sectors >>= 2;
1443 if (total_sectors == 0) {
1444 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1445 ASC_MEDIUM_NOT_PRESENT);
1446 break;
1447 }
1448 lba = ube32_to_cpu(packet + 2);
1449 if (lba >= total_sectors) {
1450 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1451 ASC_LOGICAL_BLOCK_OOR);
1452 break;
1453 }
1454 ide_atapi_cmd_ok(s);
1455 }
1456 break;
1457 case GPCMD_START_STOP_UNIT:
1458 {
1459 int start, eject, err = 0;
1460 start = packet[4] & 1;
1461 eject = (packet[4] >> 1) & 1;
1462
1463 if (eject) {
1464 err = bdrv_eject(s->bs, !start);
1465 }
1466
1467 switch (err) {
1468 case 0:
1469 ide_atapi_cmd_ok(s);
1470 break;
1471 case -EBUSY:
1472 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1473 ASC_MEDIA_REMOVAL_PREVENTED);
1474 break;
1475 default:
1476 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1477 ASC_MEDIUM_NOT_PRESENT);
1478 break;
1479 }
1480 }
1481 break;
1482 case GPCMD_MECHANISM_STATUS:
1483 {
1484 max_len = ube16_to_cpu(packet + 8);
1485 cpu_to_ube16(buf, 0);
1486 /* no current LBA */
1487 buf[2] = 0;
1488 buf[3] = 0;
1489 buf[4] = 0;
1490 buf[5] = 1;
1491 cpu_to_ube16(buf + 6, 0);
1492 ide_atapi_cmd_reply(s, 8, max_len);
1493 }
1494 break;
1495 case GPCMD_READ_TOC_PMA_ATIP:
1496 {
1497 int format, msf, start_track, len;
1498 uint64_t total_sectors;
1499
1500 bdrv_get_geometry(s->bs, &total_sectors);
1501 total_sectors >>= 2;
1502 if (total_sectors == 0) {
1503 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1504 ASC_MEDIUM_NOT_PRESENT);
1505 break;
1506 }
1507 max_len = ube16_to_cpu(packet + 7);
1508 format = packet[9] >> 6;
1509 msf = (packet[1] >> 1) & 1;
1510 start_track = packet[6];
1511 switch(format) {
1512 case 0:
1513 len = cdrom_read_toc(total_sectors, buf, msf, start_track);
1514 if (len < 0)
1515 goto error_cmd;
1516 ide_atapi_cmd_reply(s, len, max_len);
1517 break;
1518 case 1:
1519 /* multi session : only a single session defined */
1520 memset(buf, 0, 12);
1521 buf[1] = 0x0a;
1522 buf[2] = 0x01;
1523 buf[3] = 0x01;
1524 ide_atapi_cmd_reply(s, 12, max_len);
1525 break;
1526 case 2:
1527 len = cdrom_read_toc_raw(total_sectors, buf, msf, start_track);
1528 if (len < 0)
1529 goto error_cmd;
1530 ide_atapi_cmd_reply(s, len, max_len);
1531 break;
1532 default:
1533 error_cmd:
1534 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1535 ASC_INV_FIELD_IN_CMD_PACKET);
1536 break;
1537 }
1538 }
1539 break;
1540 case GPCMD_READ_CDVD_CAPACITY:
1541 {
1542 uint64_t total_sectors;
1543
1544 bdrv_get_geometry(s->bs, &total_sectors);
1545 total_sectors >>= 2;
1546 if (total_sectors == 0) {
1547 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1548 ASC_MEDIUM_NOT_PRESENT);
1549 break;
1550 }
1551 /* NOTE: it is really the number of sectors minus 1 */
1552 cpu_to_ube32(buf, total_sectors - 1);
1553 cpu_to_ube32(buf + 4, 2048);
1554 ide_atapi_cmd_reply(s, 8, 8);
1555 }
1556 break;
1557 case GPCMD_READ_DVD_STRUCTURE:
1558 {
1559 int media = packet[1];
1560 int format = packet[7];
1561 int ret;
1562
1563 max_len = ube16_to_cpu(packet + 8);
1564
1565 if (format < 0xff) {
1566 if (media_is_cd(s)) {
1567 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1568 ASC_INCOMPATIBLE_FORMAT);
1569 break;
1570 } else if (!media_present(s)) {
1571 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1572 ASC_INV_FIELD_IN_CMD_PACKET);
1573 break;
1574 }
1575 }
1576
1577 memset(buf, 0, max_len > IDE_DMA_BUF_SECTORS * 512 + 4 ?
1578 IDE_DMA_BUF_SECTORS * 512 + 4 : max_len);
1579
1580 switch (format) {
1581 case 0x00 ... 0x7f:
1582 case 0xff:
1583 if (media == 0) {
1584 ret = ide_dvd_read_structure(s, format, packet, buf);
1585
1586 if (ret < 0)
1587 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST, -ret);
1588 else
1589 ide_atapi_cmd_reply(s, ret, max_len);
1590
1591 break;
1592 }
1593 /* TODO: BD support, fall through for now */
1594
1595 /* Generic disk structures */
1596 case 0x80: /* TODO: AACS volume identifier */
1597 case 0x81: /* TODO: AACS media serial number */
1598 case 0x82: /* TODO: AACS media identifier */
1599 case 0x83: /* TODO: AACS media key block */
1600 case 0x90: /* TODO: List of recognized format layers */
1601 case 0xc0: /* TODO: Write protection status */
1602 default:
1603 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1604 ASC_INV_FIELD_IN_CMD_PACKET);
1605 break;
1606 }
1607 }
1608 break;
1609 case GPCMD_SET_SPEED:
1610 ide_atapi_cmd_ok(s);
1611 break;
1612 case GPCMD_INQUIRY:
1613 max_len = packet[4];
1614 buf[0] = 0x05; /* CD-ROM */
1615 buf[1] = 0x80; /* removable */
1616 buf[2] = 0x00; /* ISO */
1617 buf[3] = 0x21; /* ATAPI-2 (XXX: put ATAPI-4 ?) */
1618 buf[4] = 31; /* additional length */
1619 buf[5] = 0; /* reserved */
1620 buf[6] = 0; /* reserved */
1621 buf[7] = 0; /* reserved */
1622 padstr8(buf + 8, 8, "QEMU");
1623 padstr8(buf + 16, 16, "QEMU DVD-ROM");
1624 padstr8(buf + 32, 4, s->version);
1625 ide_atapi_cmd_reply(s, 36, max_len);
1626 break;
1627 case GPCMD_GET_CONFIGURATION:
1628 {
1629 uint32_t len;
1630 uint8_t index = 0;
1631
1632 /* only feature 0 is supported */
1633 if (packet[2] != 0 || packet[3] != 0) {
1634 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1635 ASC_INV_FIELD_IN_CMD_PACKET);
1636 break;
1637 }
1638
1639 /* XXX: could result in alignment problems in some architectures */
1640 max_len = ube16_to_cpu(packet + 7);
1641
1642 /*
1643 * XXX: avoid overflow for io_buffer if max_len is bigger than
1644 * the size of that buffer (dimensioned to max number of
1645 * sectors to transfer at once)
1646 *
1647 * Only a problem if the feature/profiles grow.
1648 */
1649 if (max_len > 512) /* XXX: assume 1 sector */
1650 max_len = 512;
1651
1652 memset(buf, 0, max_len);
1653 /*
1654 * the number of sectors from the media tells us which profile
1655 * to use as current. 0 means there is no media
1656 */
1657 if (media_is_dvd(s))
1658 cpu_to_ube16(buf + 6, MMC_PROFILE_DVD_ROM);
1659 else if (media_is_cd(s))
1660 cpu_to_ube16(buf + 6, MMC_PROFILE_CD_ROM);
1661
1662 buf[10] = 0x02 | 0x01; /* persistent and current */
1663 len = 12; /* headers: 8 + 4 */
1664 len += ide_atapi_set_profile(buf, &index, MMC_PROFILE_DVD_ROM);
1665 len += ide_atapi_set_profile(buf, &index, MMC_PROFILE_CD_ROM);
1666 cpu_to_ube32(buf, len - 4); /* data length */
1667
1668 ide_atapi_cmd_reply(s, len, max_len);
1669 break;
1670 }
1671 case GPCMD_GET_EVENT_STATUS_NOTIFICATION:
1672 max_len = ube16_to_cpu(packet + 7);
1673
1674 if (packet[1] & 0x01) { /* polling */
1675 /* We don't support any event class (yet). */
1676 cpu_to_ube16(buf, 0x00); /* No event descriptor returned */
1677 buf[2] = 0x80; /* No Event Available (NEA) */
1678 buf[3] = 0x00; /* Empty supported event classes */
1679 ide_atapi_cmd_reply(s, 4, max_len);
1680 } else { /* asynchronous mode */
1681 /* Only polling is supported, asynchronous mode is not. */
1682 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1683 ASC_INV_FIELD_IN_CMD_PACKET);
1684 }
1685 break;
1686 default:
1687 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1688 ASC_ILLEGAL_OPCODE);
1689 break;
1690 }
1691 }
1692
1693 static void ide_cfata_metadata_inquiry(IDEState *s)
1694 {
1695 uint16_t *p;
1696 uint32_t spd;
1697
1698 p = (uint16_t *) s->io_buffer;
1699 memset(p, 0, 0x200);
1700 spd = ((s->mdata_size - 1) >> 9) + 1;
1701
1702 put_le16(p + 0, 0x0001); /* Data format revision */
1703 put_le16(p + 1, 0x0000); /* Media property: silicon */
1704 put_le16(p + 2, s->media_changed); /* Media status */
1705 put_le16(p + 3, s->mdata_size & 0xffff); /* Capacity in bytes (low) */
1706 put_le16(p + 4, s->mdata_size >> 16); /* Capacity in bytes (high) */
1707 put_le16(p + 5, spd & 0xffff); /* Sectors per device (low) */
1708 put_le16(p + 6, spd >> 16); /* Sectors per device (high) */
1709 }
1710
1711 static void ide_cfata_metadata_read(IDEState *s)
1712 {
1713 uint16_t *p;
1714
1715 if (((s->hcyl << 16) | s->lcyl) << 9 > s->mdata_size + 2) {
1716 s->status = ERR_STAT;
1717 s->error = ABRT_ERR;
1718 return;
1719 }
1720
1721 p = (uint16_t *) s->io_buffer;
1722 memset(p, 0, 0x200);
1723
1724 put_le16(p + 0, s->media_changed); /* Media status */
1725 memcpy(p + 1, s->mdata_storage + (((s->hcyl << 16) | s->lcyl) << 9),
1726 MIN(MIN(s->mdata_size - (((s->hcyl << 16) | s->lcyl) << 9),
1727 s->nsector << 9), 0x200 - 2));
1728 }
1729
1730 static void ide_cfata_metadata_write(IDEState *s)
1731 {
1732 if (((s->hcyl << 16) | s->lcyl) << 9 > s->mdata_size + 2) {
1733 s->status = ERR_STAT;
1734 s->error = ABRT_ERR;
1735 return;
1736 }
1737
1738 s->media_changed = 0;
1739
1740 memcpy(s->mdata_storage + (((s->hcyl << 16) | s->lcyl) << 9),
1741 s->io_buffer + 2,
1742 MIN(MIN(s->mdata_size - (((s->hcyl << 16) | s->lcyl) << 9),
1743 s->nsector << 9), 0x200 - 2));
1744 }
1745
1746 /* called when the inserted state of the media has changed */
1747 static void cdrom_change_cb(void *opaque)
1748 {
1749 IDEState *s = opaque;
1750 uint64_t nb_sectors;
1751
1752 bdrv_get_geometry(s->bs, &nb_sectors);
1753 s->nb_sectors = nb_sectors;
1754
1755 s->sense_key = SENSE_UNIT_ATTENTION;
1756 s->asc = ASC_MEDIUM_MAY_HAVE_CHANGED;
1757 s->cdrom_changed = 1;
1758 ide_set_irq(s->bus);
1759 }
1760
1761 static void ide_cmd_lba48_transform(IDEState *s, int lba48)
1762 {
1763 s->lba48 = lba48;
1764
1765 /* handle the 'magic' 0 nsector count conversion here. to avoid
1766 * fiddling with the rest of the read logic, we just store the
1767 * full sector count in ->nsector and ignore ->hob_nsector from now
1768 */
1769 if (!s->lba48) {
1770 if (!s->nsector)
1771 s->nsector = 256;
1772 } else {
1773 if (!s->nsector && !s->hob_nsector)
1774 s->nsector = 65536;
1775 else {
1776 int lo = s->nsector;
1777 int hi = s->hob_nsector;
1778
1779 s->nsector = (hi << 8) | lo;
1780 }
1781 }
1782 }
1783
1784 static void ide_clear_hob(IDEBus *bus)
1785 {
1786 /* any write clears HOB high bit of device control register */
1787 bus->ifs[0].select &= ~(1 << 7);
1788 bus->ifs[1].select &= ~(1 << 7);
1789 }
1790
1791 void ide_ioport_write(void *opaque, uint32_t addr, uint32_t val)
1792 {
1793 IDEBus *bus = opaque;
1794
1795 #ifdef DEBUG_IDE
1796 printf("IDE: write addr=0x%x val=0x%02x\n", addr, val);
1797 #endif
1798
1799 addr &= 7;
1800
1801 /* ignore writes to command block while busy with previous command */
1802 if (addr != 7 && (idebus_active_if(bus)->status & (BUSY_STAT|DRQ_STAT)))
1803 return;
1804
1805 switch(addr) {
1806 case 0:
1807 break;
1808 case 1:
1809 ide_clear_hob(bus);
1810 /* NOTE: data is written to the two drives */
1811 bus->ifs[0].hob_feature = bus->ifs[0].feature;
1812 bus->ifs[1].hob_feature = bus->ifs[1].feature;
1813 bus->ifs[0].feature = val;
1814 bus->ifs[1].feature = val;
1815 break;
1816 case 2:
1817 ide_clear_hob(bus);
1818 bus->ifs[0].hob_nsector = bus->ifs[0].nsector;
1819 bus->ifs[1].hob_nsector = bus->ifs[1].nsector;
1820 bus->ifs[0].nsector = val;
1821 bus->ifs[1].nsector = val;
1822 break;
1823 case 3:
1824 ide_clear_hob(bus);
1825 bus->ifs[0].hob_sector = bus->ifs[0].sector;
1826 bus->ifs[1].hob_sector = bus->ifs[1].sector;
1827 bus->ifs[0].sector = val;
1828 bus->ifs[1].sector = val;
1829 break;
1830 case 4:
1831 ide_clear_hob(bus);
1832 bus->ifs[0].hob_lcyl = bus->ifs[0].lcyl;
1833 bus->ifs[1].hob_lcyl = bus->ifs[1].lcyl;
1834 bus->ifs[0].lcyl = val;
1835 bus->ifs[1].lcyl = val;
1836 break;
1837 case 5:
1838 ide_clear_hob(bus);
1839 bus->ifs[0].hob_hcyl = bus->ifs[0].hcyl;
1840 bus->ifs[1].hob_hcyl = bus->ifs[1].hcyl;
1841 bus->ifs[0].hcyl = val;
1842 bus->ifs[1].hcyl = val;
1843 break;
1844 case 6:
1845 /* FIXME: HOB readback uses bit 7 */
1846 bus->ifs[0].select = (val & ~0x10) | 0xa0;
1847 bus->ifs[1].select = (val | 0x10) | 0xa0;
1848 /* select drive */
1849 bus->unit = (val >> 4) & 1;
1850 break;
1851 default:
1852 case 7:
1853 /* command */
1854 ide_exec_cmd(bus, val);
1855 break;
1856 }
1857 }
1858
1859
1860 void ide_exec_cmd(IDEBus *bus, uint32_t val)
1861 {
1862 IDEState *s;
1863 int n;
1864 int lba48 = 0;
1865
1866 #if defined(DEBUG_IDE)
1867 printf("ide: CMD=%02x\n", val);
1868 #endif
1869 s = idebus_active_if(bus);
1870 /* ignore commands to non existant slave */
1871 if (s != bus->ifs && !s->bs)
1872 return;
1873
1874 /* Only DEVICE RESET is allowed while BSY or/and DRQ are set */
1875 if ((s->status & (BUSY_STAT|DRQ_STAT)) && val != WIN_DEVICE_RESET)
1876 return;
1877
1878 switch(val) {
1879 case WIN_IDENTIFY:
1880 if (s->bs && s->drive_kind != IDE_CD) {
1881 if (s->drive_kind != IDE_CFATA)
1882 ide_identify(s);
1883 else
1884 ide_cfata_identify(s);
1885 s->status = READY_STAT | SEEK_STAT;
1886 ide_transfer_start(s, s->io_buffer, 512, ide_transfer_stop);
1887 } else {
1888 if (s->drive_kind == IDE_CD) {
1889 ide_set_signature(s);
1890 }
1891 ide_abort_command(s);
1892 }
1893 ide_set_irq(s->bus);
1894 break;
1895 case WIN_SPECIFY:
1896 case WIN_RECAL:
1897 s->error = 0;
1898 s->status = READY_STAT | SEEK_STAT;
1899 ide_set_irq(s->bus);
1900 break;
1901 case WIN_SETMULT:
1902 if (s->drive_kind == IDE_CFATA && s->nsector == 0) {
1903 /* Disable Read and Write Multiple */
1904 s->mult_sectors = 0;
1905 s->status = READY_STAT | SEEK_STAT;
1906 } else if ((s->nsector & 0xff) != 0 &&
1907 ((s->nsector & 0xff) > MAX_MULT_SECTORS ||
1908 (s->nsector & (s->nsector - 1)) != 0)) {
1909 ide_abort_command(s);
1910 } else {
1911 s->mult_sectors = s->nsector & 0xff;
1912 s->status = READY_STAT | SEEK_STAT;
1913 }
1914 ide_set_irq(s->bus);
1915 break;
1916 case WIN_VERIFY_EXT:
1917 lba48 = 1;
1918 case WIN_VERIFY:
1919 case WIN_VERIFY_ONCE:
1920 /* do sector number check ? */
1921 ide_cmd_lba48_transform(s, lba48);
1922 s->status = READY_STAT | SEEK_STAT;
1923 ide_set_irq(s->bus);
1924 break;
1925 case WIN_READ_EXT:
1926 lba48 = 1;
1927 case WIN_READ:
1928 case WIN_READ_ONCE:
1929 if (!s->bs)
1930 goto abort_cmd;
1931 ide_cmd_lba48_transform(s, lba48);
1932 s->req_nb_sectors = 1;
1933 ide_sector_read(s);
1934 break;
1935 case WIN_WRITE_EXT:
1936 lba48 = 1;
1937 case WIN_WRITE:
1938 case WIN_WRITE_ONCE:
1939 case CFA_WRITE_SECT_WO_ERASE:
1940 case WIN_WRITE_VERIFY:
1941 ide_cmd_lba48_transform(s, lba48);
1942 s->error = 0;
1943 s->status = SEEK_STAT | READY_STAT;
1944 s->req_nb_sectors = 1;
1945 ide_transfer_start(s, s->io_buffer, 512, ide_sector_write);
1946 s->media_changed = 1;
1947 break;
1948 case WIN_MULTREAD_EXT:
1949 lba48 = 1;
1950 case WIN_MULTREAD:
1951 if (!s->mult_sectors)
1952 goto abort_cmd;
1953 ide_cmd_lba48_transform(s, lba48);
1954 s->req_nb_sectors = s->mult_sectors;
1955 ide_sector_read(s);
1956 break;
1957 case WIN_MULTWRITE_EXT:
1958 lba48 = 1;
1959 case WIN_MULTWRITE:
1960 case CFA_WRITE_MULTI_WO_ERASE:
1961 if (!s->mult_sectors)
1962 goto abort_cmd;
1963 ide_cmd_lba48_transform(s, lba48);
1964 s->error = 0;
1965 s->status = SEEK_STAT | READY_STAT;
1966 s->req_nb_sectors = s->mult_sectors;
1967 n = s->nsector;
1968 if (n > s->req_nb_sectors)
1969 n = s->req_nb_sectors;
1970 ide_transfer_start(s, s->io_buffer, 512 * n, ide_sector_write);
1971 s->media_changed = 1;
1972 break;
1973 case WIN_READDMA_EXT:
1974 lba48 = 1;
1975 case WIN_READDMA:
1976 case WIN_READDMA_ONCE:
1977 if (!s->bs)
1978 goto abort_cmd;
1979 ide_cmd_lba48_transform(s, lba48);
1980 ide_sector_read_dma(s);
1981 break;
1982 case WIN_WRITEDMA_EXT:
1983 lba48 = 1;
1984 case WIN_WRITEDMA:
1985 case WIN_WRITEDMA_ONCE:
1986 if (!s->bs)
1987 goto abort_cmd;
1988 ide_cmd_lba48_transform(s, lba48);
1989 ide_sector_write_dma(s);
1990 s->media_changed = 1;
1991 break;
1992 case WIN_READ_NATIVE_MAX_EXT:
1993 lba48 = 1;
1994 case WIN_READ_NATIVE_MAX:
1995 ide_cmd_lba48_transform(s, lba48);
1996 ide_set_sector(s, s->nb_sectors - 1);
1997 s->status = READY_STAT | SEEK_STAT;
1998 ide_set_irq(s->bus);
1999 break;
2000 case WIN_CHECKPOWERMODE1:
2001 case WIN_CHECKPOWERMODE2:
2002 s->nsector = 0xff; /* device active or idle */
2003 s->status = READY_STAT | SEEK_STAT;
2004 ide_set_irq(s->bus);
2005 break;
2006 case WIN_SETFEATURES:
2007 if (!s->bs)
2008 goto abort_cmd;
2009 /* XXX: valid for CDROM ? */
2010 switch(s->feature) {
2011 case 0xcc: /* reverting to power-on defaults enable */
2012 case 0x66: /* reverting to power-on defaults disable */
2013 case 0x02: /* write cache enable */
2014 case 0x82: /* write cache disable */
2015 case 0xaa: /* read look-ahead enable */
2016 case 0x55: /* read look-ahead disable */
2017 case 0x05: /* set advanced power management mode */
2018 case 0x85: /* disable advanced power management mode */
2019 case 0x69: /* NOP */
2020 case 0x67: /* NOP */
2021 case 0x96: /* NOP */
2022 case 0x9a: /* NOP */
2023 case 0x42: /* enable Automatic Acoustic Mode */
2024 case 0xc2: /* disable Automatic Acoustic Mode */
2025 s->status = READY_STAT | SEEK_STAT;
2026 ide_set_irq(s->bus);
2027 break;
2028 case 0x03: { /* set transfer mode */
2029 uint8_t val = s->nsector & 0x07;
2030 uint16_t *identify_data = (uint16_t *)s->identify_data;
2031
2032 switch (s->nsector >> 3) {
2033 case 0x00: /* pio default */
2034 case 0x01: /* pio mode */
2035 put_le16(identify_data + 62,0x07);
2036 put_le16(identify_data + 63,0x07);
2037 put_le16(identify_data + 88,0x3f);
2038 break;
2039 case 0x02: /* sigle word dma mode*/
2040 put_le16(identify_data + 62,0x07 | (1 << (val + 8)));
2041 put_le16(identify_data + 63,0x07);
2042 put_le16(identify_data + 88,0x3f);
2043 break;
2044 case 0x04: /* mdma mode */
2045 put_le16(identify_data + 62,0x07);
2046 put_le16(identify_data + 63,0x07 | (1 << (val + 8)));
2047 put_le16(identify_data + 88,0x3f);
2048 break;
2049 case 0x08: /* udma mode */
2050 put_le16(identify_data + 62,0x07);
2051 put_le16(identify_data + 63,0x07);
2052 put_le16(identify_data + 88,0x3f | (1 << (val + 8)));
2053 break;
2054 default:
2055 goto abort_cmd;
2056 }
2057 s->status = READY_STAT | SEEK_STAT;
2058 ide_set_irq(s->bus);
2059 break;
2060 }
2061 default:
2062 goto abort_cmd;
2063 }
2064 break;
2065 case WIN_FLUSH_CACHE:
2066 case WIN_FLUSH_CACHE_EXT:
2067 ide_flush_cache(s);
2068 break;
2069 case WIN_STANDBY:
2070 case WIN_STANDBY2:
2071 case WIN_STANDBYNOW1:
2072 case WIN_STANDBYNOW2:
2073 case WIN_IDLEIMMEDIATE:
2074 case CFA_IDLEIMMEDIATE:
2075 case WIN_SETIDLE1:
2076 case WIN_SETIDLE2:
2077 case WIN_SLEEPNOW1:
2078 case WIN_SLEEPNOW2:
2079 s->status = READY_STAT;
2080 ide_set_irq(s->bus);
2081 break;
2082 case WIN_SEEK:
2083 if(s->drive_kind == IDE_CD)
2084 goto abort_cmd;
2085 /* XXX: Check that seek is within bounds */
2086 s->status = READY_STAT | SEEK_STAT;
2087 ide_set_irq(s->bus);
2088 break;
2089 /* ATAPI commands */
2090 case WIN_PIDENTIFY:
2091 if (s->drive_kind == IDE_CD) {
2092 ide_atapi_identify(s);
2093 s->status = READY_STAT | SEEK_STAT;
2094 ide_transfer_start(s, s->io_buffer, 512, ide_transfer_stop);
2095 } else {
2096 ide_abort_command(s);
2097 }
2098 ide_set_irq(s->bus);
2099 break;
2100 case WIN_DIAGNOSE:
2101 ide_set_signature(s);
2102 if (s->drive_kind == IDE_CD)
2103 s->status = 0; /* ATAPI spec (v6) section 9.10 defines packet
2104 * devices to return a clear status register
2105 * with READY_STAT *not* set. */
2106 else
2107 s->status = READY_STAT | SEEK_STAT;
2108 s->error = 0x01; /* Device 0 passed, Device 1 passed or not
2109 * present.
2110 */
2111 ide_set_irq(s->bus);
2112 break;
2113 case WIN_SRST:
2114 if (s->drive_kind != IDE_CD)
2115 goto abort_cmd;
2116 ide_set_signature(s);
2117 s->status = 0x00; /* NOTE: READY is _not_ set */
2118 s->error = 0x01;
2119 break;
2120 case WIN_PACKETCMD:
2121 if (s->drive_kind != IDE_CD)
2122 goto abort_cmd;
2123 /* overlapping commands not supported */
2124 if (s->feature & 0x02)
2125 goto abort_cmd;
2126 s->status = READY_STAT | SEEK_STAT;
2127 s->atapi_dma = s->feature & 1;
2128 s->nsector = 1;
2129 ide_transfer_start(s, s->io_buffer, ATAPI_PACKET_SIZE,
2130 ide_atapi_cmd);
2131 break;
2132 /* CF-ATA commands */
2133 case CFA_REQ_EXT_ERROR_CODE:
2134 if (s->drive_kind != IDE_CFATA)
2135 goto abort_cmd;
2136 s->error = 0x09; /* miscellaneous error */
2137 s->status = READY_STAT | SEEK_STAT;
2138 ide_set_irq(s->bus);
2139 break;
2140 case CFA_ERASE_SECTORS:
2141 case CFA_WEAR_LEVEL:
2142 if (s->drive_kind != IDE_CFATA)
2143 goto abort_cmd;
2144 if (val == CFA_WEAR_LEVEL)
2145 s->nsector = 0;
2146 if (val == CFA_ERASE_SECTORS)
2147 s->media_changed = 1;
2148 s->error = 0x00;
2149 s->status = READY_STAT | SEEK_STAT;
2150 ide_set_irq(s->bus);
2151 break;
2152 case CFA_TRANSLATE_SECTOR:
2153 if (s->drive_kind != IDE_CFATA)
2154 goto abort_cmd;
2155 s->error = 0x00;
2156 s->status = READY_STAT | SEEK_STAT;
2157 memset(s->io_buffer, 0, 0x200);
2158 s->io_buffer[0x00] = s->hcyl; /* Cyl MSB */
2159 s->io_buffer[0x01] = s->lcyl; /* Cyl LSB */
2160 s->io_buffer[0x02] = s->select; /* Head */
2161 s->io_buffer[0x03] = s->sector; /* Sector */
2162 s->io_buffer[0x04] = ide_get_sector(s) >> 16; /* LBA MSB */
2163 s->io_buffer[0x05] = ide_get_sector(s) >> 8; /* LBA */
2164 s->io_buffer[0x06] = ide_get_sector(s) >> 0; /* LBA LSB */
2165 s->io_buffer[0x13] = 0x00; /* Erase flag */
2166 s->io_buffer[0x18] = 0x00; /* Hot count */
2167 s->io_buffer[0x19] = 0x00; /* Hot count */
2168 s->io_buffer[0x1a] = 0x01; /* Hot count */
2169 ide_transfer_start(s, s->io_buffer, 0x200, ide_transfer_stop);
2170 ide_set_irq(s->bus);
2171 break;
2172 case CFA_ACCESS_METADATA_STORAGE:
2173 if (s->drive_kind != IDE_CFATA)
2174 goto abort_cmd;
2175 switch (s->feature) {
2176 case 0x02: /* Inquiry Metadata Storage */
2177 ide_cfata_metadata_inquiry(s);
2178 break;
2179 case 0x03: /* Read Metadata Storage */
2180 ide_cfata_metadata_read(s);
2181 break;
2182 case 0x04: /* Write Metadata Storage */
2183 ide_cfata_metadata_write(s);
2184 break;
2185 default:
2186 goto abort_cmd;
2187 }
2188 ide_transfer_start(s, s->io_buffer, 0x200, ide_transfer_stop);
2189 s->status = 0x00; /* NOTE: READY is _not_ set */
2190 ide_set_irq(s->bus);
2191 break;
2192 case IBM_SENSE_CONDITION:
2193 if (s->drive_kind != IDE_CFATA)
2194 goto abort_cmd;
2195 switch (s->feature) {
2196 case 0x01: /* sense temperature in device */
2197 s->nsector = 0x50; /* +20 C */
2198 break;
2199 default:
2200 goto abort_cmd;
2201 }
2202 s->status = READY_STAT | SEEK_STAT;
2203 ide_set_irq(s->bus);
2204 break;
2205
2206 case WIN_SMART:
2207 if (s->drive_kind == IDE_CD)
2208 goto abort_cmd;
2209 if (s->hcyl != 0xc2 || s->lcyl != 0x4f)
2210 goto abort_cmd;
2211 if (!s->smart_enabled && s->feature != SMART_ENABLE)
2212 goto abort_cmd;
2213 switch (s->feature) {
2214 case SMART_DISABLE:
2215 s->smart_enabled = 0;
2216 s->status = READY_STAT | SEEK_STAT;
2217 ide_set_irq(s->bus);
2218 break;
2219 case SMART_ENABLE:
2220 s->smart_enabled = 1;
2221 s->status = READY_STAT | SEEK_STAT;
2222 ide_set_irq(s->bus);
2223 break;
2224 case SMART_ATTR_AUTOSAVE:
2225 switch (s->sector) {
2226 case 0x00:
2227 s->smart_autosave = 0;
2228 break;
2229 case 0xf1:
2230 s->smart_autosave = 1;
2231 break;
2232 default:
2233 goto abort_cmd;
2234 }
2235 s->status = READY_STAT | SEEK_STAT;
2236 ide_set_irq(s->bus);
2237 break;
2238 case SMART_STATUS:
2239 if (!s->smart_errors) {
2240 s->hcyl = 0xc2;
2241 s->lcyl = 0x4f;
2242 } else {
2243 s->hcyl = 0x2c;
2244 s->lcyl = 0xf4;
2245 }
2246 s->status = READY_STAT | SEEK_STAT;
2247 ide_set_irq(s->bus);
2248 break;
2249 case SMART_READ_THRESH:
2250 memset(s->io_buffer, 0, 0x200);
2251 s->io_buffer[0] = 0x01; /* smart struct version */
2252 for (n=0; n<30; n++) {
2253 if (smart_attributes[n][0] == 0)
2254 break;
2255 s->io_buffer[2+0+(n*12)] = smart_attributes[n][0];
2256 s->io_buffer[2+1+(n*12)] = smart_attributes[n][4];
2257 }
2258 for (n=0; n<511; n++) /* checksum */
2259 s->io_buffer[511] += s->io_buffer[n];
2260 s->io_buffer[511] = 0x100 - s->io_buffer[511];
2261 s->status = READY_STAT | SEEK_STAT;
2262 ide_transfer_start(s, s->io_buffer, 0x200, ide_transfer_stop);
2263 ide_set_irq(s->bus);
2264 break;
2265 case SMART_READ_DATA:
2266 memset(s->io_buffer, 0, 0x200);
2267 s->io_buffer[0] = 0x01; /* smart struct version */
2268 for (n=0; n<30; n++) {
2269 if (smart_attributes[n][0] == 0)
2270 break;
2271 s->io_buffer[2+0+(n*12)] = smart_attributes[n][0];
2272 s->io_buffer[2+1+(n*12)] = smart_attributes[n][1];
2273 s->io_buffer[2+3+(n*12)] = smart_attributes[n][2];
2274 s->io_buffer[2+4+(n*12)] = smart_attributes[n][3];
2275 }
2276 s->io_buffer[362] = 0x02 | (s->smart_autosave?0x80:0x00);
2277 if (s->smart_selftest_count == 0) {
2278 s->io_buffer[363] = 0;
2279 } else {
2280 s->io_buffer[363] =
2281 s->smart_selftest_data[3 +
2282 (s->smart_selftest_count - 1) *
2283 24];
2284 }
2285 s->io_buffer[364] = 0x20;
2286 s->io_buffer[365] = 0x01;
2287 /* offline data collection capacity: execute + self-test*/
2288 s->io_buffer[367] = (1<<4 | 1<<3 | 1);
2289 s->io_buffer[368] = 0x03; /* smart capability (1) */
2290 s->io_buffer[369] = 0x00; /* smart capability (2) */
2291 s->io_buffer[370] = 0x01; /* error logging supported */
2292 s->io_buffer[372] = 0x02; /* minutes for poll short test */
2293 s->io_buffer[373] = 0x36; /* minutes for poll ext test */
2294 s->io_buffer[374] = 0x01; /* minutes for poll conveyance */
2295
2296 for (n=0; n<511; n++)
2297 s->io_buffer[511] += s->io_buffer[n];
2298 s->io_buffer[511] = 0x100 - s->io_buffer[511];
2299 s->status = READY_STAT | SEEK_STAT;
2300 ide_transfer_start(s, s->io_buffer, 0x200, ide_transfer_stop);
2301 ide_set_irq(s->bus);
2302 break;
2303 case SMART_READ_LOG:
2304 switch (s->sector) {
2305 case 0x01: /* summary smart error log */
2306 memset(s->io_buffer, 0, 0x200);
2307 s->io_buffer[0] = 0x01;
2308 s->io_buffer[1] = 0x00; /* no error entries */
2309 s->io_buffer[452] = s->smart_errors & 0xff;
2310 s->io_buffer[453] = (s->smart_errors & 0xff00) >> 8;
2311
2312 for (n=0; n<511; n++)
2313 s->io_buffer[511] += s->io_buffer[n];
2314 s->io_buffer[511] = 0x100 - s->io_buffer[511];
2315 break;
2316 case 0x06: /* smart self test log */
2317 memset(s->io_buffer, 0, 0x200);
2318 s->io_buffer[0] = 0x01;
2319 if (s->smart_selftest_count == 0) {
2320 s->io_buffer[508] = 0;
2321 } else {
2322 s->io_buffer[508] = s->smart_selftest_count;
2323 for (n=2; n<506; n++)
2324 s->io_buffer[n] = s->smart_selftest_data[n];
2325 }
2326 for (n=0; n<511; n++)
2327 s->io_buffer[511] += s->io_buffer[n];
2328 s->io_buffer[511] = 0x100 - s->io_buffer[511];
2329 break;
2330 default:
2331 goto abort_cmd;
2332 }
2333 s->status = READY_STAT | SEEK_STAT;
2334 ide_transfer_start(s, s->io_buffer, 0x200, ide_transfer_stop);
2335 ide_set_irq(s->bus);
2336 break;
2337 case SMART_EXECUTE_OFFLINE:
2338 switch (s->sector) {
2339 case 0: /* off-line routine */
2340 case 1: /* short self test */
2341 case 2: /* extended self test */
2342 s->smart_selftest_count++;
2343 if(s->smart_selftest_count > 21)
2344 s->smart_selftest_count = 0;
2345 n = 2 + (s->smart_selftest_count - 1) * 24;
2346 s->smart_selftest_data[n] = s->sector;
2347 s->smart_selftest_data[n+1] = 0x00; /* OK and finished */
2348 s->smart_selftest_data[n+2] = 0x34; /* hour count lsb */
2349 s->smart_selftest_data[n+3] = 0x12; /* hour count msb */
2350 s->status = READY_STAT | SEEK_STAT;
2351 ide_set_irq(s->bus);
2352 break;
2353 default:
2354 goto abort_cmd;
2355 }
2356 break;
2357 default:
2358 goto abort_cmd;
2359 }
2360 break;
2361 default:
2362 abort_cmd:
2363 ide_abort_command(s);
2364 ide_set_irq(s->bus);
2365 break;
2366 }
2367 }
2368
2369 uint32_t ide_ioport_read(void *opaque, uint32_t addr1)
2370 {
2371 IDEBus *bus = opaque;
2372 IDEState *s = idebus_active_if(bus);
2373 uint32_t addr;
2374 int ret, hob;
2375
2376 addr = addr1 & 7;
2377 /* FIXME: HOB readback uses bit 7, but it's always set right now */
2378 //hob = s->select & (1 << 7);
2379 hob = 0;
2380 switch(addr) {
2381 case 0:
2382 ret = 0xff;
2383 break;
2384 case 1:
2385 if ((!bus->ifs[0].bs && !bus->ifs[1].bs) ||
2386 (s != bus->ifs && !s->bs))
2387 ret = 0;
2388 else if (!hob)
2389 ret = s->error;
2390 else
2391 ret = s->hob_feature;
2392 break;
2393 case 2:
2394 if (!bus->ifs[0].bs && !bus->ifs[1].bs)
2395 ret = 0;
2396 else if (!hob)
2397 ret = s->nsector & 0xff;
2398 else
2399 ret = s->hob_nsector;
2400 break;
2401 case 3:
2402 if (!bus->ifs[0].bs && !bus->ifs[1].bs)
2403 ret = 0;
2404 else if (!hob)
2405 ret = s->sector;
2406 else
2407 ret = s->hob_sector;
2408 break;
2409 case 4:
2410 if (!bus->ifs[0].bs && !bus->ifs[1].bs)
2411 ret = 0;
2412 else if (!hob)
2413 ret = s->lcyl;
2414 else
2415 ret = s->hob_lcyl;
2416 break;
2417 case 5:
2418 if (!bus->ifs[0].bs && !bus->ifs[1].bs)
2419 ret = 0;
2420 else if (!hob)
2421 ret = s->hcyl;
2422 else
2423 ret = s->hob_hcyl;
2424 break;
2425 case 6:
2426 if (!bus->ifs[0].bs && !bus->ifs[1].bs)
2427 ret = 0;
2428 else
2429 ret = s->select;
2430 break;
2431 default:
2432 case 7:
2433 if ((!bus->ifs[0].bs && !bus->ifs[1].bs) ||
2434 (s != bus->ifs && !s->bs))
2435 ret = 0;
2436 else
2437 ret = s->status;
2438 qemu_irq_lower(bus->irq);
2439 break;
2440 }
2441 #ifdef DEBUG_IDE
2442 printf("ide: read addr=0x%x val=%02x\n", addr1, ret);
2443 #endif
2444 return ret;
2445 }
2446
2447 uint32_t ide_status_read(void *opaque, uint32_t addr)
2448 {
2449 IDEBus *bus = opaque;
2450 IDEState *s = idebus_active_if(bus);
2451 int ret;
2452
2453 if ((!bus->ifs[0].bs && !bus->ifs[1].bs) ||
2454 (s != bus->ifs && !s->bs))
2455 ret = 0;
2456 else
2457 ret = s->status;
2458 #ifdef DEBUG_IDE
2459 printf("ide: read status addr=0x%x val=%02x\n", addr, ret);
2460 #endif
2461 return ret;
2462 }
2463
2464 void ide_cmd_write(void *opaque, uint32_t addr, uint32_t val)
2465 {
2466 IDEBus *bus = opaque;
2467 IDEState *s;
2468 int i;
2469
2470 #ifdef DEBUG_IDE
2471 printf("ide: write control addr=0x%x val=%02x\n", addr, val);
2472 #endif
2473 /* common for both drives */
2474 if (!(bus->cmd & IDE_CMD_RESET) &&
2475 (val & IDE_CMD_RESET)) {
2476 /* reset low to high */
2477 for(i = 0;i < 2; i++) {
2478 s = &bus->ifs[i];
2479 s->status = BUSY_STAT | SEEK_STAT;
2480 s->error = 0x01;
2481 }
2482 } else if ((bus->cmd & IDE_CMD_RESET) &&
2483 !(val & IDE_CMD_RESET)) {
2484 /* high to low */
2485 for(i = 0;i < 2; i++) {
2486 s = &bus->ifs[i];
2487 if (s->drive_kind == IDE_CD)
2488 s->status = 0x00; /* NOTE: READY is _not_ set */
2489 else
2490 s->status = READY_STAT | SEEK_STAT;
2491 ide_set_signature(s);
2492 }
2493 }
2494
2495 bus->cmd = val;
2496 }
2497
2498 void ide_data_writew(void *opaque, uint32_t addr, uint32_t val)
2499 {
2500 IDEBus *bus = opaque;
2501 IDEState *s = idebus_active_if(bus);
2502 uint8_t *p;
2503
2504 /* PIO data access allowed only when DRQ bit is set */
2505 if (!(s->status & DRQ_STAT))
2506 return;
2507
2508 p = s->data_ptr;
2509 *(uint16_t *)p = le16_to_cpu(val);
2510 p += 2;
2511 s->data_ptr = p;
2512 if (p >= s->data_end)
2513 s->end_transfer_func(s);
2514 }
2515
2516 uint32_t ide_data_readw(void *opaque, uint32_t addr)
2517 {
2518 IDEBus *bus = opaque;
2519 IDEState *s = idebus_active_if(bus);
2520 uint8_t *p;
2521 int ret;
2522
2523 /* PIO data access allowed only when DRQ bit is set */
2524 if (!(s->status & DRQ_STAT))
2525 return 0;
2526
2527 p = s->data_ptr;
2528 ret = cpu_to_le16(*(uint16_t *)p);
2529 p += 2;
2530 s->data_ptr = p;
2531 if (p >= s->data_end)
2532 s->end_transfer_func(s);
2533 return ret;
2534 }
2535
2536 void ide_data_writel(void *opaque, uint32_t addr, uint32_t val)
2537 {
2538 IDEBus *bus = opaque;
2539 IDEState *s = idebus_active_if(bus);
2540 uint8_t *p;
2541
2542 /* PIO data access allowed only when DRQ bit is set */
2543 if (!(s->status & DRQ_STAT))
2544 return;
2545
2546 p = s->data_ptr;
2547 *(uint32_t *)p = le32_to_cpu(val);
2548 p += 4;
2549 s->data_ptr = p;
2550 if (p >= s->data_end)
2551 s->end_transfer_func(s);
2552 }
2553
2554 uint32_t ide_data_readl(void *opaque, uint32_t addr)
2555 {
2556 IDEBus *bus = opaque;
2557 IDEState *s = idebus_active_if(bus);
2558 uint8_t *p;
2559 int ret;
2560
2561 /* PIO data access allowed only when DRQ bit is set */
2562 if (!(s->status & DRQ_STAT))
2563 return 0;
2564
2565 p = s->data_ptr;
2566 ret = cpu_to_le32(*(uint32_t *)p);
2567 p += 4;
2568 s->data_ptr = p;
2569 if (p >= s->data_end)
2570 s->end_transfer_func(s);
2571 return ret;
2572 }
2573
2574 static void ide_dummy_transfer_stop(IDEState *s)
2575 {
2576 s->data_ptr = s->io_buffer;
2577 s->data_end = s->io_buffer;
2578 s->io_buffer[0] = 0xff;
2579 s->io_buffer[1] = 0xff;
2580 s->io_buffer[2] = 0xff;
2581 s->io_buffer[3] = 0xff;
2582 }
2583
2584 static void ide_reset(IDEState *s)
2585 {
2586 #ifdef DEBUG_IDE
2587 printf("ide: reset\n");
2588 #endif
2589 if (s->drive_kind == IDE_CFATA)
2590 s->mult_sectors = 0;
2591 else
2592 s->mult_sectors = MAX_MULT_SECTORS;
2593 /* ide regs */
2594 s->feature = 0;
2595 s->error = 0;
2596 s->nsector = 0;
2597 s->sector = 0;
2598 s->lcyl = 0;
2599 s->hcyl = 0;
2600
2601 /* lba48 */
2602 s->hob_feature = 0;
2603 s->hob_sector = 0;
2604 s->hob_nsector = 0;
2605 s->hob_lcyl = 0;
2606 s->hob_hcyl = 0;
2607
2608 s->select = 0xa0;
2609 s->status = READY_STAT | SEEK_STAT;
2610
2611 s->lba48 = 0;
2612
2613 /* ATAPI specific */
2614 s->sense_key = 0;
2615 s->asc = 0;
2616 s->cdrom_changed = 0;
2617 s->packet_transfer_size = 0;
2618 s->elementary_transfer_size = 0;
2619 s->io_buffer_index = 0;
2620 s->cd_sector_size = 0;
2621 s->atapi_dma = 0;
2622 /* ATA DMA state */
2623 s->io_buffer_size = 0;
2624 s->req_nb_sectors = 0;
2625
2626 ide_set_signature(s);
2627 /* init the transfer handler so that 0xffff is returned on data
2628 accesses */
2629 s->end_transfer_func = ide_dummy_transfer_stop;
2630 ide_dummy_transfer_stop(s);
2631 s->media_changed = 0;
2632 }
2633
2634 void ide_bus_reset(IDEBus *bus)
2635 {
2636 bus->unit = 0;
2637 bus->cmd = 0;
2638 ide_reset(&bus->ifs[0]);
2639 ide_reset(&bus->ifs[1]);
2640 ide_clear_hob(bus);
2641 }
2642
2643 int ide_init_drive(IDEState *s, BlockDriverState *bs,
2644 const char *version, const char *serial)
2645 {
2646 int cylinders, heads, secs;
2647 uint64_t nb_sectors;
2648
2649 s->bs = bs;
2650 bdrv_get_geometry(bs, &nb_sectors);
2651 bdrv_guess_geometry(bs, &cylinders, &heads, &secs);
2652 if (cylinders < 1 || cylinders > 16383) {
2653 error_report("cyls must be between 1 and 16383");
2654 return -1;
2655 }
2656 if (heads < 1 || heads > 16) {
2657 error_report("heads must be between 1 and 16");
2658 return -1;
2659 }
2660 if (secs < 1 || secs > 63) {
2661 error_report("secs must be between 1 and 63");
2662 return -1;
2663 }
2664 s->cylinders = cylinders;
2665 s->heads = heads;
2666 s->sectors = secs;
2667 s->nb_sectors = nb_sectors;
2668 /* The SMART values should be preserved across power cycles
2669 but they aren't. */
2670 s->smart_enabled = 1;
2671 s->smart_autosave = 1;
2672 s->smart_errors = 0;
2673 s->smart_selftest_count = 0;
2674 if (bdrv_get_type_hint(bs) == BDRV_TYPE_CDROM) {
2675 s->drive_kind = IDE_CD;
2676 bdrv_set_change_cb(bs, cdrom_change_cb, s);
2677 bs->buffer_alignment = 2048;
2678 } else {
2679 if (!bdrv_is_inserted(s->bs)) {
2680 error_report("Device needs media, but drive is empty");
2681 return -1;
2682 }
2683 if (bdrv_is_read_only(bs)) {
2684 error_report("Can't use a read-only drive");
2685 return -1;
2686 }
2687 }
2688 if (serial) {
2689 strncpy(s->drive_serial_str, serial, sizeof(s->drive_serial_str));
2690 } else {
2691 snprintf(s->drive_serial_str, sizeof(s->drive_serial_str),
2692 "QM%05d", s->drive_serial);
2693 }
2694 if (version) {
2695 pstrcpy(s->version, sizeof(s->version), version);
2696 } else {
2697 pstrcpy(s->version, sizeof(s->version), QEMU_VERSION);
2698 }
2699 ide_reset(s);
2700 bdrv_set_removable(bs, s->drive_kind == IDE_CD);
2701 return 0;
2702 }
2703
2704 static void ide_init1(IDEBus *bus, int unit)
2705 {
2706 static int drive_serial = 1;
2707 IDEState *s = &bus->ifs[unit];
2708
2709 s->bus = bus;
2710 s->unit = unit;
2711 s->drive_serial = drive_serial++;
2712 /* we need at least 2k alignment for accessing CDROMs using O_DIRECT */
2713 s->io_buffer = qemu_memalign(2048, IDE_DMA_BUF_SECTORS*512 + 4);
2714 s->io_buffer_total_len = IDE_DMA_BUF_SECTORS*512 + 4;
2715 s->smart_selftest_data = qemu_blockalign(s->bs, 512);
2716 s->sector_write_timer = qemu_new_timer(vm_clock,
2717 ide_sector_write_timer_cb, s);
2718 }
2719
2720 void ide_init2(IDEBus *bus, qemu_irq irq)
2721 {
2722 int i;
2723
2724 for(i = 0; i < 2; i++) {
2725 ide_init1(bus, i);
2726 ide_reset(&bus->ifs[i]);
2727 }
2728 bus->irq = irq;
2729 }
2730
2731 /* TODO convert users to qdev and remove */
2732 void ide_init2_with_non_qdev_drives(IDEBus *bus, DriveInfo *hd0,
2733 DriveInfo *hd1, qemu_irq irq)
2734 {
2735 int i;
2736 DriveInfo *dinfo;
2737
2738 for(i = 0; i < 2; i++) {
2739 dinfo = i == 0 ? hd0 : hd1;
2740 ide_init1(bus, i);
2741 if (dinfo) {
2742 if (ide_init_drive(&bus->ifs[i], dinfo->bdrv, NULL,
2743 *dinfo->serial ? dinfo->serial : NULL) < 0) {
2744 error_report("Can't set up IDE drive %s", dinfo->id);
2745 exit(1);
2746 }
2747 } else {
2748 ide_reset(&bus->ifs[i]);
2749 }
2750 }
2751 bus->irq = irq;
2752 }
2753
2754 void ide_init_ioport(IDEBus *bus, int iobase, int iobase2)
2755 {
2756 register_ioport_write(iobase, 8, 1, ide_ioport_write, bus);
2757 register_ioport_read(iobase, 8, 1, ide_ioport_read, bus);
2758 if (iobase2) {
2759 register_ioport_read(iobase2, 1, 1, ide_status_read, bus);
2760 register_ioport_write(iobase2, 1, 1, ide_cmd_write, bus);
2761 }
2762
2763 /* data ports */
2764 register_ioport_write(iobase, 2, 2, ide_data_writew, bus);
2765 register_ioport_read(iobase, 2, 2, ide_data_readw, bus);
2766 register_ioport_write(iobase, 4, 4, ide_data_writel, bus);
2767 register_ioport_read(iobase, 4, 4, ide_data_readl, bus);
2768 }
2769
2770 static bool is_identify_set(void *opaque, int version_id)
2771 {
2772 IDEState *s = opaque;
2773
2774 return s->identify_set != 0;
2775 }
2776
2777 static EndTransferFunc* transfer_end_table[] = {
2778 ide_sector_read,
2779 ide_sector_write,
2780 ide_transfer_stop,
2781 ide_atapi_cmd_reply_end,
2782 ide_atapi_cmd,
2783 ide_dummy_transfer_stop,
2784 };
2785
2786 static int transfer_end_table_idx(EndTransferFunc *fn)
2787 {
2788 int i;
2789
2790 for (i = 0; i < ARRAY_SIZE(transfer_end_table); i++)
2791 if (transfer_end_table[i] == fn)
2792 return i;
2793
2794 return -1;
2795 }
2796
2797 static int ide_drive_post_load(void *opaque, int version_id)
2798 {
2799 IDEState *s = opaque;
2800
2801 if (version_id < 3) {
2802 if (s->sense_key == SENSE_UNIT_ATTENTION &&
2803 s->asc == ASC_MEDIUM_MAY_HAVE_CHANGED) {
2804 s->cdrom_changed = 1;
2805 }
2806 }
2807 return 0;
2808 }
2809
2810 static int ide_drive_pio_post_load(void *opaque, int version_id)
2811 {
2812 IDEState *s = opaque;
2813
2814 if (s->end_transfer_fn_idx > ARRAY_SIZE(transfer_end_table)) {
2815 return -EINVAL;
2816 }
2817 s->end_transfer_func = transfer_end_table[s->end_transfer_fn_idx];
2818 s->data_ptr = s->io_buffer + s->cur_io_buffer_offset;
2819 s->data_end = s->data_ptr + s->cur_io_buffer_len;
2820
2821 return 0;
2822 }
2823
2824 static void ide_drive_pio_pre_save(void *opaque)
2825 {
2826 IDEState *s = opaque;
2827 int idx;
2828
2829 s->cur_io_buffer_offset = s->data_ptr - s->io_buffer;
2830 s->cur_io_buffer_len = s->data_end - s->data_ptr;
2831
2832 idx = transfer_end_table_idx(s->end_transfer_func);
2833 if (idx == -1) {
2834 fprintf(stderr, "%s: invalid end_transfer_func for DRQ_STAT\n",
2835 __func__);
2836 s->end_transfer_fn_idx = 2;
2837 } else {
2838 s->end_transfer_fn_idx = idx;
2839 }
2840 }
2841
2842 static bool ide_drive_pio_state_needed(void *opaque)
2843 {
2844 IDEState *s = opaque;
2845
2846 return (s->status & DRQ_STAT) != 0;
2847 }
2848
2849 const VMStateDescription vmstate_ide_drive_pio_state = {
2850 .name = "ide_drive/pio_state",
2851 .version_id = 1,
2852 .minimum_version_id = 1,
2853 .minimum_version_id_old = 1,
2854 .pre_save = ide_drive_pio_pre_save,
2855 .post_load = ide_drive_pio_post_load,
2856 .fields = (VMStateField []) {
2857 VMSTATE_INT32(req_nb_sectors, IDEState),
2858 VMSTATE_VARRAY_INT32(io_buffer, IDEState, io_buffer_total_len, 1,
2859 vmstate_info_uint8, uint8_t),
2860 VMSTATE_INT32(cur_io_buffer_offset, IDEState),
2861 VMSTATE_INT32(cur_io_buffer_len, IDEState),
2862 VMSTATE_UINT8(end_transfer_fn_idx, IDEState),
2863 VMSTATE_INT32(elementary_transfer_size, IDEState),
2864 VMSTATE_INT32(packet_transfer_size, IDEState),
2865 VMSTATE_END_OF_LIST()
2866 }
2867 };
2868
2869 const VMStateDescription vmstate_ide_drive = {
2870 .name = "ide_drive",
2871 .version_id = 3,
2872 .minimum_version_id = 0,
2873 .minimum_version_id_old = 0,
2874 .post_load = ide_drive_post_load,
2875 .fields = (VMStateField []) {
2876 VMSTATE_INT32(mult_sectors, IDEState),
2877 VMSTATE_INT32(identify_set, IDEState),
2878 VMSTATE_BUFFER_TEST(identify_data, IDEState, is_identify_set),
2879 VMSTATE_UINT8(feature, IDEState),
2880 VMSTATE_UINT8(error, IDEState),
2881 VMSTATE_UINT32(nsector, IDEState),
2882 VMSTATE_UINT8(sector, IDEState),
2883 VMSTATE_UINT8(lcyl, IDEState),
2884 VMSTATE_UINT8(hcyl, IDEState),
2885 VMSTATE_UINT8(hob_feature, IDEState),
2886 VMSTATE_UINT8(hob_sector, IDEState),
2887 VMSTATE_UINT8(hob_nsector, IDEState),
2888 VMSTATE_UINT8(hob_lcyl, IDEState),
2889 VMSTATE_UINT8(hob_hcyl, IDEState),
2890 VMSTATE_UINT8(select, IDEState),
2891 VMSTATE_UINT8(status, IDEState),
2892 VMSTATE_UINT8(lba48, IDEState),
2893 VMSTATE_UINT8(sense_key, IDEState),
2894 VMSTATE_UINT8(asc, IDEState),
2895 VMSTATE_UINT8_V(cdrom_changed, IDEState, 3),
2896 VMSTATE_END_OF_LIST()
2897 },
2898 .subsections = (VMStateSubsection []) {
2899 {
2900 .vmsd = &vmstate_ide_drive_pio_state,
2901 .needed = ide_drive_pio_state_needed,
2902 }, {
2903 /* empty */
2904 }
2905 }
2906 };
2907
2908 const VMStateDescription vmstate_ide_bus = {
2909 .name = "ide_bus",
2910 .version_id = 1,
2911 .minimum_version_id = 1,
2912 .minimum_version_id_old = 1,
2913 .fields = (VMStateField []) {
2914 VMSTATE_UINT8(cmd, IDEBus),
2915 VMSTATE_UINT8(unit, IDEBus),
2916 VMSTATE_END_OF_LIST()
2917 }
2918 };
2919
2920 /***********************************************************/
2921 /* PCI IDE definitions */
2922
2923 static void ide_dma_start(IDEState *s, BlockDriverCompletionFunc *dma_cb)
2924 {
2925 BMDMAState *bm = s->bus->bmdma;
2926 if(!bm)
2927 return;
2928 bm->unit = s->unit;
2929 bm->dma_cb = dma_cb;
2930 bm->cur_prd_last = 0;
2931 bm->cur_prd_addr = 0;
2932 bm->cur_prd_len = 0;
2933 bm->sector_num = ide_get_sector(s);
2934 bm->nsector = s->nsector;
2935 if (bm->status & BM_STATUS_DMAING) {
2936 bm->dma_cb(bm, 0);
2937 }
2938 }
2939
2940 static void ide_dma_restart(IDEState *s, int is_read)
2941 {
2942 BMDMAState *bm = s->bus->bmdma;
2943 ide_set_sector(s, bm->sector_num);
2944 s->io_buffer_index = 0;
2945 s->io_buffer_size = 0;
2946 s->nsector = bm->nsector;
2947 bm->cur_addr = bm->addr;
2948
2949 if (is_read) {
2950 bm->dma_cb = ide_read_dma_cb;
2951 } else {
2952 bm->dma_cb = ide_write_dma_cb;
2953 }
2954
2955 ide_dma_start(s, bm->dma_cb);
2956 }
2957
2958 void ide_dma_cancel(BMDMAState *bm)
2959 {
2960 if (bm->status & BM_STATUS_DMAING) {
2961 if (bm->aiocb) {
2962 #ifdef DEBUG_AIO
2963 printf("aio_cancel\n");
2964 #endif
2965 bdrv_aio_cancel(bm->aiocb);
2966 }
2967
2968 /* cancel DMA request */
2969 ide_dma_set_inactive(bm);
2970 }
2971 }
2972
2973 void ide_dma_reset(BMDMAState *bm)
2974 {
2975 #ifdef DEBUG_IDE
2976 printf("ide: dma_reset\n");
2977 #endif
2978 ide_dma_cancel(bm);
2979 bm->cmd = 0;
2980 bm->status = 0;
2981 bm->addr = 0;
2982 bm->cur_addr = 0;
2983 bm->cur_prd_last = 0;
2984 bm->cur_prd_addr = 0;
2985 bm->cur_prd_len = 0;
2986 bm->sector_num = 0;
2987 bm->nsector = 0;
2988 }
QEmu