search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
hw/ppc/spapr.c: use g_autofree in spapr_dt_chosen()
[qemu.git] / hw / ide / core.c
blob33463d9b8f2e652e8c6ec8bdae9b404233db8232
1 /*
2 * QEMU IDE disk and CD/DVD-ROM Emulator
3 *
4 * Copyright (c) 2003 Fabrice Bellard
5 * Copyright (c) 2006 Openedhand Ltd.
6 *
7 * Permission is hereby granted, free of charge, to any person obtaining a copy
8 * of this software and associated documentation files (the "Software"), to deal
9 * in the Software without restriction, including without limitation the rights
10 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
11 * copies of the Software, and to permit persons to whom the Software is
12 * furnished to do so, subject to the following conditions:
13 *
14 * The above copyright notice and this permission notice shall be included in
15 * all copies or substantial portions of the Software.
16 *
17 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
18 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
19 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
20 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
21 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
22 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
23 * THE SOFTWARE.
24 */
25
26 #include "qemu/osdep.h"
27 #include "hw/isa/isa.h"
28 #include "migration/vmstate.h"
29 #include "qemu/error-report.h"
30 #include "qemu/main-loop.h"
31 #include "qemu/timer.h"
32 #include "qemu/hw-version.h"
33 #include "sysemu/sysemu.h"
34 #include "sysemu/blockdev.h"
35 #include "sysemu/dma.h"
36 #include "hw/block/block.h"
37 #include "sysemu/block-backend.h"
38 #include "qapi/error.h"
39 #include "qemu/cutils.h"
40 #include "sysemu/replay.h"
41 #include "sysemu/runstate.h"
42 #include "hw/ide/internal.h"
43 #include "trace.h"
44
45 /* These values were based on a Seagate ST3500418AS but have been modified
46 to make more sense in QEMU */
47 static const int smart_attributes[][12] = {
48 /* id, flags, hflags, val, wrst, raw (6 bytes), threshold */
49 /* raw read error rate*/
50 { 0x01, 0x03, 0x00, 0x64, 0x64, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x06},
51 /* spin up */
52 { 0x03, 0x03, 0x00, 0x64, 0x64, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
53 /* start stop count */
54 { 0x04, 0x02, 0x00, 0x64, 0x64, 0x64, 0x00, 0x00, 0x00, 0x00, 0x00, 0x14},
55 /* remapped sectors */
56 { 0x05, 0x03, 0x00, 0x64, 0x64, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x24},
57 /* power on hours */
58 { 0x09, 0x03, 0x00, 0x64, 0x64, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
59 /* power cycle count */
60 { 0x0c, 0x03, 0x00, 0x64, 0x64, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
61 /* airflow-temperature-celsius */
62 { 190, 0x03, 0x00, 0x45, 0x45, 0x1f, 0x00, 0x1f, 0x1f, 0x00, 0x00, 0x32},
63 };
64
65 const char *IDE_DMA_CMD_lookup[IDE_DMA__COUNT] = {
66 [IDE_DMA_READ] = "DMA READ",
67 [IDE_DMA_WRITE] = "DMA WRITE",
68 [IDE_DMA_TRIM] = "DMA TRIM",
69 [IDE_DMA_ATAPI] = "DMA ATAPI"
70 };
71
72 static const char *IDE_DMA_CMD_str(enum ide_dma_cmd enval)
73 {
74 if ((unsigned)enval < IDE_DMA__COUNT) {
75 return IDE_DMA_CMD_lookup[enval];
76 }
77 return "DMA UNKNOWN CMD";
78 }
79
80 static void ide_dummy_transfer_stop(IDEState *s);
81
82 static void padstr(char *str, const char *src, int len)
83 {
84 int i, v;
85 for(i = 0; i < len; i++) {
86 if (*src)
87 v = *src++;
88 else
89 v = ' ';
90 str[i^1] = v;
91 }
92 }
93
94 static void put_le16(uint16_t *p, unsigned int v)
95 {
96 *p = cpu_to_le16(v);
97 }
98
99 static void ide_identify_size(IDEState *s)
100 {
101 uint16_t *p = (uint16_t *)s->identify_data;
102 int64_t nb_sectors_lba28 = s->nb_sectors;
103 if (nb_sectors_lba28 >= 1 << 28) {
104 nb_sectors_lba28 = (1 << 28) - 1;
105 }
106 put_le16(p + 60, nb_sectors_lba28);
107 put_le16(p + 61, nb_sectors_lba28 >> 16);
108 put_le16(p + 100, s->nb_sectors);
109 put_le16(p + 101, s->nb_sectors >> 16);
110 put_le16(p + 102, s->nb_sectors >> 32);
111 put_le16(p + 103, s->nb_sectors >> 48);
112 }
113
114 static void ide_identify(IDEState *s)
115 {
116 uint16_t *p;
117 unsigned int oldsize;
118 IDEDevice *dev = s->unit ? s->bus->slave : s->bus->master;
119
120 p = (uint16_t *)s->identify_data;
121 if (s->identify_set) {
122 goto fill_buffer;
123 }
124 memset(p, 0, sizeof(s->identify_data));
125
126 put_le16(p + 0, 0x0040);
127 put_le16(p + 1, s->cylinders);
128 put_le16(p + 3, s->heads);
129 put_le16(p + 4, 512 * s->sectors); /* XXX: retired, remove ? */
130 put_le16(p + 5, 512); /* XXX: retired, remove ? */
131 put_le16(p + 6, s->sectors);
132 padstr((char *)(p + 10), s->drive_serial_str, 20); /* serial number */
133 put_le16(p + 20, 3); /* XXX: retired, remove ? */
134 put_le16(p + 21, 512); /* cache size in sectors */
135 put_le16(p + 22, 4); /* ecc bytes */
136 padstr((char *)(p + 23), s->version, 8); /* firmware version */
137 padstr((char *)(p + 27), s->drive_model_str, 40); /* model */
138 #if MAX_MULT_SECTORS > 1
139 put_le16(p + 47, 0x8000 | MAX_MULT_SECTORS);
140 #endif
141 put_le16(p + 48, 1); /* dword I/O */
142 put_le16(p + 49, (1 << 11) | (1 << 9) | (1 << 8)); /* DMA and LBA supported */
143 put_le16(p + 51, 0x200); /* PIO transfer cycle */
144 put_le16(p + 52, 0x200); /* DMA transfer cycle */
145 put_le16(p + 53, 1 | (1 << 1) | (1 << 2)); /* words 54-58,64-70,88 are valid */
146 put_le16(p + 54, s->cylinders);
147 put_le16(p + 55, s->heads);
148 put_le16(p + 56, s->sectors);
149 oldsize = s->cylinders * s->heads * s->sectors;
150 put_le16(p + 57, oldsize);
151 put_le16(p + 58, oldsize >> 16);
152 if (s->mult_sectors)
153 put_le16(p + 59, 0x100 | s->mult_sectors);
154 /* *(p + 60) := nb_sectors -- see ide_identify_size */
155 /* *(p + 61) := nb_sectors >> 16 -- see ide_identify_size */
156 put_le16(p + 62, 0x07); /* single word dma0-2 supported */
157 put_le16(p + 63, 0x07); /* mdma0-2 supported */
158 put_le16(p + 64, 0x03); /* pio3-4 supported */
159 put_le16(p + 65, 120);
160 put_le16(p + 66, 120);
161 put_le16(p + 67, 120);
162 put_le16(p + 68, 120);
163 if (dev && dev->conf.discard_granularity) {
164 put_le16(p + 69, (1 << 14)); /* determinate TRIM behavior */
165 }
166
167 if (s->ncq_queues) {
168 put_le16(p + 75, s->ncq_queues - 1);
169 /* NCQ supported */
170 put_le16(p + 76, (1 << 8));
171 }
172
173 put_le16(p + 80, 0xf0); /* ata3 -> ata6 supported */
174 put_le16(p + 81, 0x16); /* conforms to ata5 */
175 /* 14=NOP supported, 5=WCACHE supported, 0=SMART supported */
176 put_le16(p + 82, (1 << 14) | (1 << 5) | 1);
177 /* 13=flush_cache_ext,12=flush_cache,10=lba48 */
178 put_le16(p + 83, (1 << 14) | (1 << 13) | (1 <<12) | (1 << 10));
179 /* 14=set to 1, 8=has WWN, 1=SMART self test, 0=SMART error logging */
180 if (s->wwn) {
181 put_le16(p + 84, (1 << 14) | (1 << 8) | 0);
182 } else {
183 put_le16(p + 84, (1 << 14) | 0);
184 }
185 /* 14 = NOP supported, 5=WCACHE enabled, 0=SMART feature set enabled */
186 if (blk_enable_write_cache(s->blk)) {
187 put_le16(p + 85, (1 << 14) | (1 << 5) | 1);
188 } else {
189 put_le16(p + 85, (1 << 14) | 1);
190 }
191 /* 13=flush_cache_ext,12=flush_cache,10=lba48 */
192 put_le16(p + 86, (1 << 13) | (1 <<12) | (1 << 10));
193 /* 14=set to 1, 8=has WWN, 1=SMART self test, 0=SMART error logging */
194 if (s->wwn) {
195 put_le16(p + 87, (1 << 14) | (1 << 8) | 0);
196 } else {
197 put_le16(p + 87, (1 << 14) | 0);
198 }
199 put_le16(p + 88, 0x3f | (1 << 13)); /* udma5 set and supported */
200 put_le16(p + 93, 1 | (1 << 14) | 0x2000);
201 /* *(p + 100) := nb_sectors -- see ide_identify_size */
202 /* *(p + 101) := nb_sectors >> 16 -- see ide_identify_size */
203 /* *(p + 102) := nb_sectors >> 32 -- see ide_identify_size */
204 /* *(p + 103) := nb_sectors >> 48 -- see ide_identify_size */
205
206 if (dev && dev->conf.physical_block_size)
207 put_le16(p + 106, 0x6000 | get_physical_block_exp(&dev->conf));
208 if (s->wwn) {
209 /* LE 16-bit words 111-108 contain 64-bit World Wide Name */
210 put_le16(p + 108, s->wwn >> 48);
211 put_le16(p + 109, s->wwn >> 32);
212 put_le16(p + 110, s->wwn >> 16);
213 put_le16(p + 111, s->wwn);
214 }
215 if (dev && dev->conf.discard_granularity) {
216 put_le16(p + 169, 1); /* TRIM support */
217 }
218 if (dev) {
219 put_le16(p + 217, dev->rotation_rate); /* Nominal media rotation rate */
220 }
221
222 ide_identify_size(s);
223 s->identify_set = 1;
224
225 fill_buffer:
226 memcpy(s->io_buffer, p, sizeof(s->identify_data));
227 }
228
229 static void ide_atapi_identify(IDEState *s)
230 {
231 uint16_t *p;
232
233 p = (uint16_t *)s->identify_data;
234 if (s->identify_set) {
235 goto fill_buffer;
236 }
237 memset(p, 0, sizeof(s->identify_data));
238
239 /* Removable CDROM, 50us response, 12 byte packets */
240 put_le16(p + 0, (2 << 14) | (5 << 8) | (1 << 7) | (2 << 5) | (0 << 0));
241 padstr((char *)(p + 10), s->drive_serial_str, 20); /* serial number */
242 put_le16(p + 20, 3); /* buffer type */
243 put_le16(p + 21, 512); /* cache size in sectors */
244 put_le16(p + 22, 4); /* ecc bytes */
245 padstr((char *)(p + 23), s->version, 8); /* firmware version */
246 padstr((char *)(p + 27), s->drive_model_str, 40); /* model */
247 put_le16(p + 48, 1); /* dword I/O (XXX: should not be set on CDROM) */
248 #ifdef USE_DMA_CDROM
249 put_le16(p + 49, 1 << 9 | 1 << 8); /* DMA and LBA supported */
250 put_le16(p + 53, 7); /* words 64-70, 54-58, 88 valid */
251 put_le16(p + 62, 7); /* single word dma0-2 supported */
252 put_le16(p + 63, 7); /* mdma0-2 supported */
253 #else
254 put_le16(p + 49, 1 << 9); /* LBA supported, no DMA */
255 put_le16(p + 53, 3); /* words 64-70, 54-58 valid */
256 put_le16(p + 63, 0x103); /* DMA modes XXX: may be incorrect */
257 #endif
258 put_le16(p + 64, 3); /* pio3-4 supported */
259 put_le16(p + 65, 0xb4); /* minimum DMA multiword tx cycle time */
260 put_le16(p + 66, 0xb4); /* recommended DMA multiword tx cycle time */
261 put_le16(p + 67, 0x12c); /* minimum PIO cycle time without flow control */
262 put_le16(p + 68, 0xb4); /* minimum PIO cycle time with IORDY flow control */
263
264 put_le16(p + 71, 30); /* in ns */
265 put_le16(p + 72, 30); /* in ns */
266
267 if (s->ncq_queues) {
268 put_le16(p + 75, s->ncq_queues - 1);
269 /* NCQ supported */
270 put_le16(p + 76, (1 << 8));
271 }
272
273 put_le16(p + 80, 0x1e); /* support up to ATA/ATAPI-4 */
274 if (s->wwn) {
275 put_le16(p + 84, (1 << 8)); /* supports WWN for words 108-111 */
276 put_le16(p + 87, (1 << 8)); /* WWN enabled */
277 }
278
279 #ifdef USE_DMA_CDROM
280 put_le16(p + 88, 0x3f | (1 << 13)); /* udma5 set and supported */
281 #endif
282
283 if (s->wwn) {
284 /* LE 16-bit words 111-108 contain 64-bit World Wide Name */
285 put_le16(p + 108, s->wwn >> 48);
286 put_le16(p + 109, s->wwn >> 32);
287 put_le16(p + 110, s->wwn >> 16);
288 put_le16(p + 111, s->wwn);
289 }
290
291 s->identify_set = 1;
292
293 fill_buffer:
294 memcpy(s->io_buffer, p, sizeof(s->identify_data));
295 }
296
297 static void ide_cfata_identify_size(IDEState *s)
298 {
299 uint16_t *p = (uint16_t *)s->identify_data;
300 put_le16(p + 7, s->nb_sectors >> 16); /* Sectors per card */
301 put_le16(p + 8, s->nb_sectors); /* Sectors per card */
302 put_le16(p + 60, s->nb_sectors); /* Total LBA sectors */
303 put_le16(p + 61, s->nb_sectors >> 16); /* Total LBA sectors */
304 }
305
306 static void ide_cfata_identify(IDEState *s)
307 {
308 uint16_t *p;
309 uint32_t cur_sec;
310
311 p = (uint16_t *)s->identify_data;
312 if (s->identify_set) {
313 goto fill_buffer;
314 }
315 memset(p, 0, sizeof(s->identify_data));
316
317 cur_sec = s->cylinders * s->heads * s->sectors;
318
319 put_le16(p + 0, 0x848a); /* CF Storage Card signature */
320 put_le16(p + 1, s->cylinders); /* Default cylinders */
321 put_le16(p + 3, s->heads); /* Default heads */
322 put_le16(p + 6, s->sectors); /* Default sectors per track */
323 /* *(p + 7) := nb_sectors >> 16 -- see ide_cfata_identify_size */
324 /* *(p + 8) := nb_sectors -- see ide_cfata_identify_size */
325 padstr((char *)(p + 10), s->drive_serial_str, 20); /* serial number */
326 put_le16(p + 22, 0x0004); /* ECC bytes */
327 padstr((char *) (p + 23), s->version, 8); /* Firmware Revision */
328 padstr((char *) (p + 27), s->drive_model_str, 40);/* Model number */
329 #if MAX_MULT_SECTORS > 1
330 put_le16(p + 47, 0x8000 | MAX_MULT_SECTORS);
331 #else
332 put_le16(p + 47, 0x0000);
333 #endif
334 put_le16(p + 49, 0x0f00); /* Capabilities */
335 put_le16(p + 51, 0x0002); /* PIO cycle timing mode */
336 put_le16(p + 52, 0x0001); /* DMA cycle timing mode */
337 put_le16(p + 53, 0x0003); /* Translation params valid */
338 put_le16(p + 54, s->cylinders); /* Current cylinders */
339 put_le16(p + 55, s->heads); /* Current heads */
340 put_le16(p + 56, s->sectors); /* Current sectors */
341 put_le16(p + 57, cur_sec); /* Current capacity */
342 put_le16(p + 58, cur_sec >> 16); /* Current capacity */
343 if (s->mult_sectors) /* Multiple sector setting */
344 put_le16(p + 59, 0x100 | s->mult_sectors);
345 /* *(p + 60) := nb_sectors -- see ide_cfata_identify_size */
346 /* *(p + 61) := nb_sectors >> 16 -- see ide_cfata_identify_size */
347 put_le16(p + 63, 0x0203); /* Multiword DMA capability */
348 put_le16(p + 64, 0x0001); /* Flow Control PIO support */
349 put_le16(p + 65, 0x0096); /* Min. Multiword DMA cycle */
350 put_le16(p + 66, 0x0096); /* Rec. Multiword DMA cycle */
351 put_le16(p + 68, 0x00b4); /* Min. PIO cycle time */
352 put_le16(p + 82, 0x400c); /* Command Set supported */
353 put_le16(p + 83, 0x7068); /* Command Set supported */
354 put_le16(p + 84, 0x4000); /* Features supported */
355 put_le16(p + 85, 0x000c); /* Command Set enabled */
356 put_le16(p + 86, 0x7044); /* Command Set enabled */
357 put_le16(p + 87, 0x4000); /* Features enabled */
358 put_le16(p + 91, 0x4060); /* Current APM level */
359 put_le16(p + 129, 0x0002); /* Current features option */
360 put_le16(p + 130, 0x0005); /* Reassigned sectors */
361 put_le16(p + 131, 0x0001); /* Initial power mode */
362 put_le16(p + 132, 0x0000); /* User signature */
363 put_le16(p + 160, 0x8100); /* Power requirement */
364 put_le16(p + 161, 0x8001); /* CF command set */
365
366 ide_cfata_identify_size(s);
367 s->identify_set = 1;
368
369 fill_buffer:
370 memcpy(s->io_buffer, p, sizeof(s->identify_data));
371 }
372
373 static void ide_set_signature(IDEState *s)
374 {
375 s->select &= ~(ATA_DEV_HS); /* clear head */
376 /* put signature */
377 s->nsector = 1;
378 s->sector = 1;
379 if (s->drive_kind == IDE_CD) {
380 s->lcyl = 0x14;
381 s->hcyl = 0xeb;
382 } else if (s->blk) {
383 s->lcyl = 0;
384 s->hcyl = 0;
385 } else {
386 s->lcyl = 0xff;
387 s->hcyl = 0xff;
388 }
389 }
390
391 static bool ide_sect_range_ok(IDEState *s,
392 uint64_t sector, uint64_t nb_sectors)
393 {
394 uint64_t total_sectors;
395
396 blk_get_geometry(s->blk, &total_sectors);
397 if (sector > total_sectors || nb_sectors > total_sectors - sector) {
398 return false;
399 }
400 return true;
401 }
402
403 typedef struct TrimAIOCB {
404 BlockAIOCB common;
405 IDEState *s;
406 QEMUBH *bh;
407 int ret;
408 QEMUIOVector *qiov;
409 BlockAIOCB *aiocb;
410 int i, j;
411 } TrimAIOCB;
412
413 static void trim_aio_cancel(BlockAIOCB *acb)
414 {
415 TrimAIOCB *iocb = container_of(acb, TrimAIOCB, common);
416
417 /* Exit the loop so ide_issue_trim_cb will not continue */
418 iocb->j = iocb->qiov->niov - 1;
419 iocb->i = (iocb->qiov->iov[iocb->j].iov_len / 8) - 1;
420
421 iocb->ret = -ECANCELED;
422
423 if (iocb->aiocb) {
424 blk_aio_cancel_async(iocb->aiocb);
425 iocb->aiocb = NULL;
426 }
427 }
428
429 static const AIOCBInfo trim_aiocb_info = {
430 .aiocb_size = sizeof(TrimAIOCB),
431 .cancel_async = trim_aio_cancel,
432 };
433
434 static void ide_trim_bh_cb(void *opaque)
435 {
436 TrimAIOCB *iocb = opaque;
437
438 iocb->common.cb(iocb->common.opaque, iocb->ret);
439
440 qemu_bh_delete(iocb->bh);
441 iocb->bh = NULL;
442 qemu_aio_unref(iocb);
443 }
444
445 static void ide_issue_trim_cb(void *opaque, int ret)
446 {
447 TrimAIOCB *iocb = opaque;
448 IDEState *s = iocb->s;
449
450 if (iocb->i >= 0) {
451 if (ret >= 0) {
452 block_acct_done(blk_get_stats(s->blk), &s->acct);
453 } else {
454 block_acct_failed(blk_get_stats(s->blk), &s->acct);
455 }
456 }
457
458 if (ret >= 0) {
459 while (iocb->j < iocb->qiov->niov) {
460 int j = iocb->j;
461 while (++iocb->i < iocb->qiov->iov[j].iov_len / 8) {
462 int i = iocb->i;
463 uint64_t *buffer = iocb->qiov->iov[j].iov_base;
464
465 /* 6-byte LBA + 2-byte range per entry */
466 uint64_t entry = le64_to_cpu(buffer[i]);
467 uint64_t sector = entry & 0x0000ffffffffffffULL;
468 uint16_t count = entry >> 48;
469
470 if (count == 0) {
471 continue;
472 }
473
474 if (!ide_sect_range_ok(s, sector, count)) {
475 block_acct_invalid(blk_get_stats(s->blk), BLOCK_ACCT_UNMAP);
476 iocb->ret = -EINVAL;
477 goto done;
478 }
479
480 block_acct_start(blk_get_stats(s->blk), &s->acct,
481 count << BDRV_SECTOR_BITS, BLOCK_ACCT_UNMAP);
482
483 /* Got an entry! Submit and exit. */
484 iocb->aiocb = blk_aio_pdiscard(s->blk,
485 sector << BDRV_SECTOR_BITS,
486 count << BDRV_SECTOR_BITS,
487 ide_issue_trim_cb, opaque);
488 return;
489 }
490
491 iocb->j++;
492 iocb->i = -1;
493 }
494 } else {
495 iocb->ret = ret;
496 }
497
498 done:
499 iocb->aiocb = NULL;
500 if (iocb->bh) {
501 replay_bh_schedule_event(iocb->bh);
502 }
503 }
504
505 BlockAIOCB *ide_issue_trim(
506 int64_t offset, QEMUIOVector *qiov,
507 BlockCompletionFunc *cb, void *cb_opaque, void *opaque)
508 {
509 IDEState *s = opaque;
510 TrimAIOCB *iocb;
511
512 iocb = blk_aio_get(&trim_aiocb_info, s->blk, cb, cb_opaque);
513 iocb->s = s;
514 iocb->bh = qemu_bh_new(ide_trim_bh_cb, iocb);
515 iocb->ret = 0;
516 iocb->qiov = qiov;
517 iocb->i = -1;
518 iocb->j = 0;
519 ide_issue_trim_cb(iocb, 0);
520 return &iocb->common;
521 }
522
523 void ide_abort_command(IDEState *s)
524 {
525 ide_transfer_stop(s);
526 s->status = READY_STAT | ERR_STAT;
527 s->error = ABRT_ERR;
528 }
529
530 static void ide_set_retry(IDEState *s)
531 {
532 s->bus->retry_unit = s->unit;
533 s->bus->retry_sector_num = ide_get_sector(s);
534 s->bus->retry_nsector = s->nsector;
535 }
536
537 static void ide_clear_retry(IDEState *s)
538 {
539 s->bus->retry_unit = -1;
540 s->bus->retry_sector_num = 0;
541 s->bus->retry_nsector = 0;
542 }
543
544 /* prepare data transfer and tell what to do after */
545 bool ide_transfer_start_norecurse(IDEState *s, uint8_t *buf, int size,
546 EndTransferFunc *end_transfer_func)
547 {
548 s->data_ptr = buf;
549 s->data_end = buf + size;
550 ide_set_retry(s);
551 if (!(s->status & ERR_STAT)) {
552 s->status |= DRQ_STAT;
553 }
554 if (!s->bus->dma->ops->pio_transfer) {
555 s->end_transfer_func = end_transfer_func;
556 return false;
557 }
558 s->bus->dma->ops->pio_transfer(s->bus->dma);
559 return true;
560 }
561
562 void ide_transfer_start(IDEState *s, uint8_t *buf, int size,
563 EndTransferFunc *end_transfer_func)
564 {
565 if (ide_transfer_start_norecurse(s, buf, size, end_transfer_func)) {
566 end_transfer_func(s);
567 }
568 }
569
570 static void ide_cmd_done(IDEState *s)
571 {
572 if (s->bus->dma->ops->cmd_done) {
573 s->bus->dma->ops->cmd_done(s->bus->dma);
574 }
575 }
576
577 static void ide_transfer_halt(IDEState *s)
578 {
579 s->end_transfer_func = ide_transfer_stop;
580 s->data_ptr = s->io_buffer;
581 s->data_end = s->io_buffer;
582 s->status &= ~DRQ_STAT;
583 }
584
585 void ide_transfer_stop(IDEState *s)
586 {
587 ide_transfer_halt(s);
588 ide_cmd_done(s);
589 }
590
591 int64_t ide_get_sector(IDEState *s)
592 {
593 int64_t sector_num;
594 if (s->select & (ATA_DEV_LBA)) {
595 if (s->lba48) {
596 sector_num = ((int64_t)s->hob_hcyl << 40) |
597 ((int64_t) s->hob_lcyl << 32) |
598 ((int64_t) s->hob_sector << 24) |
599 ((int64_t) s->hcyl << 16) |
600 ((int64_t) s->lcyl << 8) | s->sector;
601 } else {
602 /* LBA28 */
603 sector_num = ((s->select & (ATA_DEV_LBA_MSB)) << 24) |
604 (s->hcyl << 16) | (s->lcyl << 8) | s->sector;
605 }
606 } else {
607 /* CHS */
608 sector_num = ((s->hcyl << 8) | s->lcyl) * s->heads * s->sectors +
609 (s->select & (ATA_DEV_HS)) * s->sectors + (s->sector - 1);
610 }
611
612 return sector_num;
613 }
614
615 void ide_set_sector(IDEState *s, int64_t sector_num)
616 {
617 unsigned int cyl, r;
618 if (s->select & (ATA_DEV_LBA)) {
619 if (s->lba48) {
620 s->sector = sector_num;
621 s->lcyl = sector_num >> 8;
622 s->hcyl = sector_num >> 16;
623 s->hob_sector = sector_num >> 24;
624 s->hob_lcyl = sector_num >> 32;
625 s->hob_hcyl = sector_num >> 40;
626 } else {
627 /* LBA28 */
628 s->select = (s->select & ~(ATA_DEV_LBA_MSB)) |
629 ((sector_num >> 24) & (ATA_DEV_LBA_MSB));
630 s->hcyl = (sector_num >> 16);
631 s->lcyl = (sector_num >> 8);
632 s->sector = (sector_num);
633 }
634 } else {
635 /* CHS */
636 cyl = sector_num / (s->heads * s->sectors);
637 r = sector_num % (s->heads * s->sectors);
638 s->hcyl = cyl >> 8;
639 s->lcyl = cyl;
640 s->select = (s->select & ~(ATA_DEV_HS)) |
641 ((r / s->sectors) & (ATA_DEV_HS));
642 s->sector = (r % s->sectors) + 1;
643 }
644 }
645
646 static void ide_rw_error(IDEState *s) {
647 ide_abort_command(s);
648 ide_set_irq(s->bus);
649 }
650
651 static void ide_buffered_readv_cb(void *opaque, int ret)
652 {
653 IDEBufferedRequest *req = opaque;
654 if (!req->orphaned) {
655 if (!ret) {
656 assert(req->qiov.size == req->original_qiov->size);
657 qemu_iovec_from_buf(req->original_qiov, 0,
658 req->qiov.local_iov.iov_base,
659 req->original_qiov->size);
660 }
661 req->original_cb(req->original_opaque, ret);
662 }
663 QLIST_REMOVE(req, list);
664 qemu_vfree(qemu_iovec_buf(&req->qiov));
665 g_free(req);
666 }
667
668 #define MAX_BUFFERED_REQS 16
669
670 BlockAIOCB *ide_buffered_readv(IDEState *s, int64_t sector_num,
671 QEMUIOVector *iov, int nb_sectors,
672 BlockCompletionFunc *cb, void *opaque)
673 {
674 BlockAIOCB *aioreq;
675 IDEBufferedRequest *req;
676 int c = 0;
677
678 QLIST_FOREACH(req, &s->buffered_requests, list) {
679 c++;
680 }
681 if (c > MAX_BUFFERED_REQS) {
682 return blk_abort_aio_request(s->blk, cb, opaque, -EIO);
683 }
684
685 req = g_new0(IDEBufferedRequest, 1);
686 req->original_qiov = iov;
687 req->original_cb = cb;
688 req->original_opaque = opaque;
689 qemu_iovec_init_buf(&req->qiov, blk_blockalign(s->blk, iov->size),
690 iov->size);
691
692 aioreq = blk_aio_preadv(s->blk, sector_num << BDRV_SECTOR_BITS,
693 &req->qiov, 0, ide_buffered_readv_cb, req);
694
695 QLIST_INSERT_HEAD(&s->buffered_requests, req, list);
696 return aioreq;
697 }
698
699 /**
700 * Cancel all pending DMA requests.
701 * Any buffered DMA requests are instantly canceled,
702 * but any pending unbuffered DMA requests must be waited on.
703 */
704 void ide_cancel_dma_sync(IDEState *s)
705 {
706 IDEBufferedRequest *req;
707
708 /* First invoke the callbacks of all buffered requests
709 * and flag those requests as orphaned. Ideally there
710 * are no unbuffered (Scatter Gather DMA Requests or
711 * write requests) pending and we can avoid to drain. */
712 QLIST_FOREACH(req, &s->buffered_requests, list) {
713 if (!req->orphaned) {
714 trace_ide_cancel_dma_sync_buffered(req->original_cb, req);
715 req->original_cb(req->original_opaque, -ECANCELED);
716 }
717 req->orphaned = true;
718 }
719
720 /*
721 * We can't cancel Scatter Gather DMA in the middle of the
722 * operation or a partial (not full) DMA transfer would reach
723 * the storage so we wait for completion instead (we behave
724 * like if the DMA was completed by the time the guest trying
725 * to cancel dma with bmdma_cmd_writeb with BM_CMD_START not
726 * set).
727 *
728 * In the future we'll be able to safely cancel the I/O if the
729 * whole DMA operation will be submitted to disk with a single
730 * aio operation with preadv/pwritev.
731 */
732 if (s->bus->dma->aiocb) {
733 trace_ide_cancel_dma_sync_remaining();
734 blk_drain(s->blk);
735 assert(s->bus->dma->aiocb == NULL);
736 }
737 }
738
739 static void ide_sector_read(IDEState *s);
740
741 static void ide_sector_read_cb(void *opaque, int ret)
742 {
743 IDEState *s = opaque;
744 int n;
745
746 s->pio_aiocb = NULL;
747 s->status &= ~BUSY_STAT;
748
749 if (ret != 0) {
750 if (ide_handle_rw_error(s, -ret, IDE_RETRY_PIO |
751 IDE_RETRY_READ)) {
752 return;
753 }
754 }
755
756 block_acct_done(blk_get_stats(s->blk), &s->acct);
757
758 n = s->nsector;
759 if (n > s->req_nb_sectors) {
760 n = s->req_nb_sectors;
761 }
762
763 ide_set_sector(s, ide_get_sector(s) + n);
764 s->nsector -= n;
765 /* Allow the guest to read the io_buffer */
766 ide_transfer_start(s, s->io_buffer, n * BDRV_SECTOR_SIZE, ide_sector_read);
767 ide_set_irq(s->bus);
768 }
769
770 static void ide_sector_read(IDEState *s)
771 {
772 int64_t sector_num;
773 int n;
774
775 s->status = READY_STAT | SEEK_STAT;
776 s->error = 0; /* not needed by IDE spec, but needed by Windows */
777 sector_num = ide_get_sector(s);
778 n = s->nsector;
779
780 if (n == 0) {
781 ide_transfer_stop(s);
782 return;
783 }
784
785 s->status |= BUSY_STAT;
786
787 if (n > s->req_nb_sectors) {
788 n = s->req_nb_sectors;
789 }
790
791 trace_ide_sector_read(sector_num, n);
792
793 if (!ide_sect_range_ok(s, sector_num, n)) {
794 ide_rw_error(s);
795 block_acct_invalid(blk_get_stats(s->blk), BLOCK_ACCT_READ);
796 return;
797 }
798
799 qemu_iovec_init_buf(&s->qiov, s->io_buffer, n * BDRV_SECTOR_SIZE);
800
801 block_acct_start(blk_get_stats(s->blk), &s->acct,
802 n * BDRV_SECTOR_SIZE, BLOCK_ACCT_READ);
803 s->pio_aiocb = ide_buffered_readv(s, sector_num, &s->qiov, n,
804 ide_sector_read_cb, s);
805 }
806
807 void dma_buf_commit(IDEState *s, uint32_t tx_bytes)
808 {
809 if (s->bus->dma->ops->commit_buf) {
810 s->bus->dma->ops->commit_buf(s->bus->dma, tx_bytes);
811 }
812 s->io_buffer_offset += tx_bytes;
813 qemu_sglist_destroy(&s->sg);
814 }
815
816 void ide_set_inactive(IDEState *s, bool more)
817 {
818 s->bus->dma->aiocb = NULL;
819 ide_clear_retry(s);
820 if (s->bus->dma->ops->set_inactive) {
821 s->bus->dma->ops->set_inactive(s->bus->dma, more);
822 }
823 ide_cmd_done(s);
824 }
825
826 void ide_dma_error(IDEState *s)
827 {
828 dma_buf_commit(s, 0);
829 ide_abort_command(s);
830 ide_set_inactive(s, false);
831 ide_set_irq(s->bus);
832 }
833
834 int ide_handle_rw_error(IDEState *s, int error, int op)
835 {
836 bool is_read = (op & IDE_RETRY_READ) != 0;
837 BlockErrorAction action = blk_get_error_action(s->blk, is_read, error);
838
839 if (action == BLOCK_ERROR_ACTION_STOP) {
840 assert(s->bus->retry_unit == s->unit);
841 s->bus->error_status = op;
842 } else if (action == BLOCK_ERROR_ACTION_REPORT) {
843 block_acct_failed(blk_get_stats(s->blk), &s->acct);
844 if (IS_IDE_RETRY_DMA(op)) {
845 ide_dma_error(s);
846 } else if (IS_IDE_RETRY_ATAPI(op)) {
847 ide_atapi_io_error(s, -error);
848 } else {
849 ide_rw_error(s);
850 }
851 }
852 blk_error_action(s->blk, action, is_read, error);
853 return action != BLOCK_ERROR_ACTION_IGNORE;
854 }
855
856 static void ide_dma_cb(void *opaque, int ret)
857 {
858 IDEState *s = opaque;
859 int n;
860 int64_t sector_num;
861 uint64_t offset;
862 bool stay_active = false;
863 int32_t prep_size = 0;
864
865 if (ret == -EINVAL) {
866 ide_dma_error(s);
867 return;
868 }
869
870 if (ret < 0) {
871 if (ide_handle_rw_error(s, -ret, ide_dma_cmd_to_retry(s->dma_cmd))) {
872 s->bus->dma->aiocb = NULL;
873 dma_buf_commit(s, 0);
874 return;
875 }
876 }
877
878 if (s->io_buffer_size > s->nsector * 512) {
879 /*
880 * The PRDs were longer than needed for this request.
881 * The Active bit must remain set after the request completes.
882 */
883 n = s->nsector;
884 stay_active = true;
885 } else {
886 n = s->io_buffer_size >> 9;
887 }
888
889 sector_num = ide_get_sector(s);
890 if (n > 0) {
891 assert(n * 512 == s->sg.size);
892 dma_buf_commit(s, s->sg.size);
893 sector_num += n;
894 ide_set_sector(s, sector_num);
895 s->nsector -= n;
896 }
897
898 /* end of transfer ? */
899 if (s->nsector == 0) {
900 s->status = READY_STAT | SEEK_STAT;
901 ide_set_irq(s->bus);
902 goto eot;
903 }
904
905 /* launch next transfer */
906 n = s->nsector;
907 s->io_buffer_index = 0;
908 s->io_buffer_size = n * 512;
909 prep_size = s->bus->dma->ops->prepare_buf(s->bus->dma, s->io_buffer_size);
910 /* prepare_buf() must succeed and respect the limit */
911 assert(prep_size >= 0 && prep_size <= n * 512);
912
913 /*
914 * Now prep_size stores the number of bytes in the sglist, and
915 * s->io_buffer_size stores the number of bytes described by the PRDs.
916 */
917
918 if (prep_size < n * 512) {
919 /*
920 * The PRDs are too short for this request. Error condition!
921 * Reset the Active bit and don't raise the interrupt.
922 */
923 s->status = READY_STAT | SEEK_STAT;
924 dma_buf_commit(s, 0);
925 goto eot;
926 }
927
928 trace_ide_dma_cb(s, sector_num, n, IDE_DMA_CMD_str(s->dma_cmd));
929
930 if ((s->dma_cmd == IDE_DMA_READ || s->dma_cmd == IDE_DMA_WRITE) &&
931 !ide_sect_range_ok(s, sector_num, n)) {
932 ide_dma_error(s);
933 block_acct_invalid(blk_get_stats(s->blk), s->acct.type);
934 return;
935 }
936
937 offset = sector_num << BDRV_SECTOR_BITS;
938 switch (s->dma_cmd) {
939 case IDE_DMA_READ:
940 s->bus->dma->aiocb = dma_blk_read(s->blk, &s->sg, offset,
941 BDRV_SECTOR_SIZE, ide_dma_cb, s);
942 break;
943 case IDE_DMA_WRITE:
944 s->bus->dma->aiocb = dma_blk_write(s->blk, &s->sg, offset,
945 BDRV_SECTOR_SIZE, ide_dma_cb, s);
946 break;
947 case IDE_DMA_TRIM:
948 s->bus->dma->aiocb = dma_blk_io(blk_get_aio_context(s->blk),
949 &s->sg, offset, BDRV_SECTOR_SIZE,
950 ide_issue_trim, s, ide_dma_cb, s,
951 DMA_DIRECTION_TO_DEVICE);
952 break;
953 default:
954 abort();
955 }
956 return;
957
958 eot:
959 if (s->dma_cmd == IDE_DMA_READ || s->dma_cmd == IDE_DMA_WRITE) {
960 block_acct_done(blk_get_stats(s->blk), &s->acct);
961 }
962 ide_set_inactive(s, stay_active);
963 }
964
965 static void ide_sector_start_dma(IDEState *s, enum ide_dma_cmd dma_cmd)
966 {
967 s->status = READY_STAT | SEEK_STAT | DRQ_STAT;
968 s->io_buffer_size = 0;
969 s->dma_cmd = dma_cmd;
970
971 switch (dma_cmd) {
972 case IDE_DMA_READ:
973 block_acct_start(blk_get_stats(s->blk), &s->acct,
974 s->nsector * BDRV_SECTOR_SIZE, BLOCK_ACCT_READ);
975 break;
976 case IDE_DMA_WRITE:
977 block_acct_start(blk_get_stats(s->blk), &s->acct,
978 s->nsector * BDRV_SECTOR_SIZE, BLOCK_ACCT_WRITE);
979 break;
980 default:
981 break;
982 }
983
984 ide_start_dma(s, ide_dma_cb);
985 }
986
987 void ide_start_dma(IDEState *s, BlockCompletionFunc *cb)
988 {
989 s->io_buffer_index = 0;
990 ide_set_retry(s);
991 if (s->bus->dma->ops->start_dma) {
992 s->bus->dma->ops->start_dma(s->bus->dma, s, cb);
993 }
994 }
995
996 static void ide_sector_write(IDEState *s);
997
998 static void ide_sector_write_timer_cb(void *opaque)
999 {
1000 IDEState *s = opaque;
1001 ide_set_irq(s->bus);
1002 }
1003
1004 static void ide_sector_write_cb(void *opaque, int ret)
1005 {
1006 IDEState *s = opaque;
1007 int n;
1008
1009 s->pio_aiocb = NULL;
1010 s->status &= ~BUSY_STAT;
1011
1012 if (ret != 0) {
1013 if (ide_handle_rw_error(s, -ret, IDE_RETRY_PIO)) {
1014 return;
1015 }
1016 }
1017
1018 block_acct_done(blk_get_stats(s->blk), &s->acct);
1019
1020 n = s->nsector;
1021 if (n > s->req_nb_sectors) {
1022 n = s->req_nb_sectors;
1023 }
1024 s->nsector -= n;
1025
1026 ide_set_sector(s, ide_get_sector(s) + n);
1027 if (s->nsector == 0) {
1028 /* no more sectors to write */
1029 ide_transfer_stop(s);
1030 } else {
1031 int n1 = s->nsector;
1032 if (n1 > s->req_nb_sectors) {
1033 n1 = s->req_nb_sectors;
1034 }
1035 ide_transfer_start(s, s->io_buffer, n1 * BDRV_SECTOR_SIZE,
1036 ide_sector_write);
1037 }
1038
1039 if (win2k_install_hack && ((++s->irq_count % 16) == 0)) {
1040 /* It seems there is a bug in the Windows 2000 installer HDD
1041 IDE driver which fills the disk with empty logs when the
1042 IDE write IRQ comes too early. This hack tries to correct
1043 that at the expense of slower write performances. Use this
1044 option _only_ to install Windows 2000. You must disable it
1045 for normal use. */
1046 timer_mod(s->sector_write_timer, qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL) +
1047 (NANOSECONDS_PER_SECOND / 1000));
1048 } else {
1049 ide_set_irq(s->bus);
1050 }
1051 }
1052
1053 static void ide_sector_write(IDEState *s)
1054 {
1055 int64_t sector_num;
1056 int n;
1057
1058 s->status = READY_STAT | SEEK_STAT | BUSY_STAT;
1059 sector_num = ide_get_sector(s);
1060
1061 n = s->nsector;
1062 if (n > s->req_nb_sectors) {
1063 n = s->req_nb_sectors;
1064 }
1065
1066 trace_ide_sector_write(sector_num, n);
1067
1068 if (!ide_sect_range_ok(s, sector_num, n)) {
1069 ide_rw_error(s);
1070 block_acct_invalid(blk_get_stats(s->blk), BLOCK_ACCT_WRITE);
1071 return;
1072 }
1073
1074 qemu_iovec_init_buf(&s->qiov, s->io_buffer, n * BDRV_SECTOR_SIZE);
1075
1076 block_acct_start(blk_get_stats(s->blk), &s->acct,
1077 n * BDRV_SECTOR_SIZE, BLOCK_ACCT_WRITE);
1078 s->pio_aiocb = blk_aio_pwritev(s->blk, sector_num << BDRV_SECTOR_BITS,
1079 &s->qiov, 0, ide_sector_write_cb, s);
1080 }
1081
1082 static void ide_flush_cb(void *opaque, int ret)
1083 {
1084 IDEState *s = opaque;
1085
1086 s->pio_aiocb = NULL;
1087
1088 if (ret < 0) {
1089 /* XXX: What sector number to set here? */
1090 if (ide_handle_rw_error(s, -ret, IDE_RETRY_FLUSH)) {
1091 return;
1092 }
1093 }
1094
1095 if (s->blk) {
1096 block_acct_done(blk_get_stats(s->blk), &s->acct);
1097 }
1098 s->status = READY_STAT | SEEK_STAT;
1099 ide_cmd_done(s);
1100 ide_set_irq(s->bus);
1101 }
1102
1103 static void ide_flush_cache(IDEState *s)
1104 {
1105 if (s->blk == NULL) {
1106 ide_flush_cb(s, 0);
1107 return;
1108 }
1109
1110 s->status |= BUSY_STAT;
1111 ide_set_retry(s);
1112 block_acct_start(blk_get_stats(s->blk), &s->acct, 0, BLOCK_ACCT_FLUSH);
1113 s->pio_aiocb = blk_aio_flush(s->blk, ide_flush_cb, s);
1114 }
1115
1116 static void ide_cfata_metadata_inquiry(IDEState *s)
1117 {
1118 uint16_t *p;
1119 uint32_t spd;
1120
1121 p = (uint16_t *) s->io_buffer;
1122 memset(p, 0, 0x200);
1123 spd = ((s->mdata_size - 1) >> 9) + 1;
1124
1125 put_le16(p + 0, 0x0001); /* Data format revision */
1126 put_le16(p + 1, 0x0000); /* Media property: silicon */
1127 put_le16(p + 2, s->media_changed); /* Media status */
1128 put_le16(p + 3, s->mdata_size & 0xffff); /* Capacity in bytes (low) */
1129 put_le16(p + 4, s->mdata_size >> 16); /* Capacity in bytes (high) */
1130 put_le16(p + 5, spd & 0xffff); /* Sectors per device (low) */
1131 put_le16(p + 6, spd >> 16); /* Sectors per device (high) */
1132 }
1133
1134 static void ide_cfata_metadata_read(IDEState *s)
1135 {
1136 uint16_t *p;
1137
1138 if (((s->hcyl << 16) | s->lcyl) << 9 > s->mdata_size + 2) {
1139 s->status = ERR_STAT;
1140 s->error = ABRT_ERR;
1141 return;
1142 }
1143
1144 p = (uint16_t *) s->io_buffer;
1145 memset(p, 0, 0x200);
1146
1147 put_le16(p + 0, s->media_changed); /* Media status */
1148 memcpy(p + 1, s->mdata_storage + (((s->hcyl << 16) | s->lcyl) << 9),
1149 MIN(MIN(s->mdata_size - (((s->hcyl << 16) | s->lcyl) << 9),
1150 s->nsector << 9), 0x200 - 2));
1151 }
1152
1153 static void ide_cfata_metadata_write(IDEState *s)
1154 {
1155 if (((s->hcyl << 16) | s->lcyl) << 9 > s->mdata_size + 2) {
1156 s->status = ERR_STAT;
1157 s->error = ABRT_ERR;
1158 return;
1159 }
1160
1161 s->media_changed = 0;
1162
1163 memcpy(s->mdata_storage + (((s->hcyl << 16) | s->lcyl) << 9),
1164 s->io_buffer + 2,
1165 MIN(MIN(s->mdata_size - (((s->hcyl << 16) | s->lcyl) << 9),
1166 s->nsector << 9), 0x200 - 2));
1167 }
1168
1169 /* called when the inserted state of the media has changed */
1170 static void ide_cd_change_cb(void *opaque, bool load, Error **errp)
1171 {
1172 IDEState *s = opaque;
1173 uint64_t nb_sectors;
1174
1175 s->tray_open = !load;
1176 blk_get_geometry(s->blk, &nb_sectors);
1177 s->nb_sectors = nb_sectors;
1178
1179 /*
1180 * First indicate to the guest that a CD has been removed. That's
1181 * done on the next command the guest sends us.
1182 *
1183 * Then we set UNIT_ATTENTION, by which the guest will
1184 * detect a new CD in the drive. See ide_atapi_cmd() for details.
1185 */
1186 s->cdrom_changed = 1;
1187 s->events.new_media = true;
1188 s->events.eject_request = false;
1189 ide_set_irq(s->bus);
1190 }
1191
1192 static void ide_cd_eject_request_cb(void *opaque, bool force)
1193 {
1194 IDEState *s = opaque;
1195
1196 s->events.eject_request = true;
1197 if (force) {
1198 s->tray_locked = false;
1199 }
1200 ide_set_irq(s->bus);
1201 }
1202
1203 static void ide_cmd_lba48_transform(IDEState *s, int lba48)
1204 {
1205 s->lba48 = lba48;
1206
1207 /* handle the 'magic' 0 nsector count conversion here. to avoid
1208 * fiddling with the rest of the read logic, we just store the
1209 * full sector count in ->nsector and ignore ->hob_nsector from now
1210 */
1211 if (!s->lba48) {
1212 if (!s->nsector)
1213 s->nsector = 256;
1214 } else {
1215 if (!s->nsector && !s->hob_nsector)
1216 s->nsector = 65536;
1217 else {
1218 int lo = s->nsector;
1219 int hi = s->hob_nsector;
1220
1221 s->nsector = (hi << 8) | lo;
1222 }
1223 }
1224 }
1225
1226 static void ide_clear_hob(IDEBus *bus)
1227 {
1228 /* any write clears HOB high bit of device control register */
1229 bus->cmd &= ~(IDE_CTRL_HOB);
1230 }
1231
1232 /* IOport [W]rite [R]egisters */
1233 enum ATA_IOPORT_WR {
1234 ATA_IOPORT_WR_DATA = 0,
1235 ATA_IOPORT_WR_FEATURES = 1,
1236 ATA_IOPORT_WR_SECTOR_COUNT = 2,
1237 ATA_IOPORT_WR_SECTOR_NUMBER = 3,
1238 ATA_IOPORT_WR_CYLINDER_LOW = 4,
1239 ATA_IOPORT_WR_CYLINDER_HIGH = 5,
1240 ATA_IOPORT_WR_DEVICE_HEAD = 6,
1241 ATA_IOPORT_WR_COMMAND = 7,
1242 ATA_IOPORT_WR_NUM_REGISTERS,
1243 };
1244
1245 const char *ATA_IOPORT_WR_lookup[ATA_IOPORT_WR_NUM_REGISTERS] = {
1246 [ATA_IOPORT_WR_DATA] = "Data",
1247 [ATA_IOPORT_WR_FEATURES] = "Features",
1248 [ATA_IOPORT_WR_SECTOR_COUNT] = "Sector Count",
1249 [ATA_IOPORT_WR_SECTOR_NUMBER] = "Sector Number",
1250 [ATA_IOPORT_WR_CYLINDER_LOW] = "Cylinder Low",
1251 [ATA_IOPORT_WR_CYLINDER_HIGH] = "Cylinder High",
1252 [ATA_IOPORT_WR_DEVICE_HEAD] = "Device/Head",
1253 [ATA_IOPORT_WR_COMMAND] = "Command"
1254 };
1255
1256 void ide_ioport_write(void *opaque, uint32_t addr, uint32_t val)
1257 {
1258 IDEBus *bus = opaque;
1259 IDEState *s = idebus_active_if(bus);
1260 int reg_num = addr & 7;
1261
1262 trace_ide_ioport_write(addr, ATA_IOPORT_WR_lookup[reg_num], val, bus, s);
1263
1264 /* ignore writes to command block while busy with previous command */
1265 if (reg_num != 7 && (s->status & (BUSY_STAT|DRQ_STAT))) {
1266 return;
1267 }
1268
1269 /* NOTE: Device0 and Device1 both receive incoming register writes.
1270 * (They're on the same bus! They have to!) */
1271
1272 switch (reg_num) {
1273 case 0:
1274 break;
1275 case ATA_IOPORT_WR_FEATURES:
1276 ide_clear_hob(bus);
1277 bus->ifs[0].hob_feature = bus->ifs[0].feature;
1278 bus->ifs[1].hob_feature = bus->ifs[1].feature;
1279 bus->ifs[0].feature = val;
1280 bus->ifs[1].feature = val;
1281 break;
1282 case ATA_IOPORT_WR_SECTOR_COUNT:
1283 ide_clear_hob(bus);
1284 bus->ifs[0].hob_nsector = bus->ifs[0].nsector;
1285 bus->ifs[1].hob_nsector = bus->ifs[1].nsector;
1286 bus->ifs[0].nsector = val;
1287 bus->ifs[1].nsector = val;
1288 break;
1289 case ATA_IOPORT_WR_SECTOR_NUMBER:
1290 ide_clear_hob(bus);
1291 bus->ifs[0].hob_sector = bus->ifs[0].sector;
1292 bus->ifs[1].hob_sector = bus->ifs[1].sector;
1293 bus->ifs[0].sector = val;
1294 bus->ifs[1].sector = val;
1295 break;
1296 case ATA_IOPORT_WR_CYLINDER_LOW:
1297 ide_clear_hob(bus);
1298 bus->ifs[0].hob_lcyl = bus->ifs[0].lcyl;
1299 bus->ifs[1].hob_lcyl = bus->ifs[1].lcyl;
1300 bus->ifs[0].lcyl = val;
1301 bus->ifs[1].lcyl = val;
1302 break;
1303 case ATA_IOPORT_WR_CYLINDER_HIGH:
1304 ide_clear_hob(bus);
1305 bus->ifs[0].hob_hcyl = bus->ifs[0].hcyl;
1306 bus->ifs[1].hob_hcyl = bus->ifs[1].hcyl;
1307 bus->ifs[0].hcyl = val;
1308 bus->ifs[1].hcyl = val;
1309 break;
1310 case ATA_IOPORT_WR_DEVICE_HEAD:
1311 ide_clear_hob(bus);
1312 bus->ifs[0].select = val | (ATA_DEV_ALWAYS_ON);
1313 bus->ifs[1].select = val | (ATA_DEV_ALWAYS_ON);
1314 /* select drive */
1315 bus->unit = (val & (ATA_DEV_SELECT)) ? 1 : 0;
1316 break;
1317 default:
1318 case ATA_IOPORT_WR_COMMAND:
1319 ide_clear_hob(bus);
1320 qemu_irq_lower(bus->irq);
1321 ide_exec_cmd(bus, val);
1322 break;
1323 }
1324 }
1325
1326 static void ide_reset(IDEState *s)
1327 {
1328 trace_ide_reset(s);
1329
1330 if (s->pio_aiocb) {
1331 blk_aio_cancel(s->pio_aiocb);
1332 s->pio_aiocb = NULL;
1333 }
1334
1335 if (s->drive_kind == IDE_CFATA)
1336 s->mult_sectors = 0;
1337 else
1338 s->mult_sectors = MAX_MULT_SECTORS;
1339 /* ide regs */
1340 s->feature = 0;
1341 s->error = 0;
1342 s->nsector = 0;
1343 s->sector = 0;
1344 s->lcyl = 0;
1345 s->hcyl = 0;
1346
1347 /* lba48 */
1348 s->hob_feature = 0;
1349 s->hob_sector = 0;
1350 s->hob_nsector = 0;
1351 s->hob_lcyl = 0;
1352 s->hob_hcyl = 0;
1353
1354 s->select = (ATA_DEV_ALWAYS_ON);
1355 s->status = READY_STAT | SEEK_STAT;
1356
1357 s->lba48 = 0;
1358
1359 /* ATAPI specific */
1360 s->sense_key = 0;
1361 s->asc = 0;
1362 s->cdrom_changed = 0;
1363 s->packet_transfer_size = 0;
1364 s->elementary_transfer_size = 0;
1365 s->io_buffer_index = 0;
1366 s->cd_sector_size = 0;
1367 s->atapi_dma = 0;
1368 s->tray_locked = 0;
1369 s->tray_open = 0;
1370 /* ATA DMA state */
1371 s->io_buffer_size = 0;
1372 s->req_nb_sectors = 0;
1373
1374 ide_set_signature(s);
1375 /* init the transfer handler so that 0xffff is returned on data
1376 accesses */
1377 s->end_transfer_func = ide_dummy_transfer_stop;
1378 ide_dummy_transfer_stop(s);
1379 s->media_changed = 0;
1380 }
1381
1382 static bool cmd_nop(IDEState *s, uint8_t cmd)
1383 {
1384 return true;
1385 }
1386
1387 static bool cmd_device_reset(IDEState *s, uint8_t cmd)
1388 {
1389 /* Halt PIO (in the DRQ phase), then DMA */
1390 ide_transfer_halt(s);
1391 ide_cancel_dma_sync(s);
1392
1393 /* Reset any PIO commands, reset signature, etc */
1394 ide_reset(s);
1395
1396 /* RESET: ATA8-ACS3 7.10.4 "Normal Outputs";
1397 * ATA8-ACS3 Table 184 "Device Signatures for Normal Output" */
1398 s->status = 0x00;
1399
1400 /* Do not overwrite status register */
1401 return false;
1402 }
1403
1404 static bool cmd_data_set_management(IDEState *s, uint8_t cmd)
1405 {
1406 switch (s->feature) {
1407 case DSM_TRIM:
1408 if (s->blk) {
1409 ide_sector_start_dma(s, IDE_DMA_TRIM);
1410 return false;
1411 }
1412 break;
1413 }
1414
1415 ide_abort_command(s);
1416 return true;
1417 }
1418
1419 static bool cmd_identify(IDEState *s, uint8_t cmd)
1420 {
1421 if (s->blk && s->drive_kind != IDE_CD) {
1422 if (s->drive_kind != IDE_CFATA) {
1423 ide_identify(s);
1424 } else {
1425 ide_cfata_identify(s);
1426 }
1427 s->status = READY_STAT | SEEK_STAT;
1428 ide_transfer_start(s, s->io_buffer, 512, ide_transfer_stop);
1429 ide_set_irq(s->bus);
1430 return false;
1431 } else {
1432 if (s->drive_kind == IDE_CD) {
1433 ide_set_signature(s);
1434 }
1435 ide_abort_command(s);
1436 }
1437
1438 return true;
1439 }
1440
1441 static bool cmd_verify(IDEState *s, uint8_t cmd)
1442 {
1443 bool lba48 = (cmd == WIN_VERIFY_EXT);
1444
1445 /* do sector number check ? */
1446 ide_cmd_lba48_transform(s, lba48);
1447
1448 return true;
1449 }
1450
1451 static bool cmd_set_multiple_mode(IDEState *s, uint8_t cmd)
1452 {
1453 if (s->drive_kind == IDE_CFATA && s->nsector == 0) {
1454 /* Disable Read and Write Multiple */
1455 s->mult_sectors = 0;
1456 } else if ((s->nsector & 0xff) != 0 &&
1457 ((s->nsector & 0xff) > MAX_MULT_SECTORS ||
1458 (s->nsector & (s->nsector - 1)) != 0)) {
1459 ide_abort_command(s);
1460 } else {
1461 s->mult_sectors = s->nsector & 0xff;
1462 }
1463
1464 return true;
1465 }
1466
1467 static bool cmd_read_multiple(IDEState *s, uint8_t cmd)
1468 {
1469 bool lba48 = (cmd == WIN_MULTREAD_EXT);
1470
1471 if (!s->blk || !s->mult_sectors) {
1472 ide_abort_command(s);
1473 return true;
1474 }
1475
1476 ide_cmd_lba48_transform(s, lba48);
1477 s->req_nb_sectors = s->mult_sectors;
1478 ide_sector_read(s);
1479 return false;
1480 }
1481
1482 static bool cmd_write_multiple(IDEState *s, uint8_t cmd)
1483 {
1484 bool lba48 = (cmd == WIN_MULTWRITE_EXT);
1485 int n;
1486
1487 if (!s->blk || !s->mult_sectors) {
1488 ide_abort_command(s);
1489 return true;
1490 }
1491
1492 ide_cmd_lba48_transform(s, lba48);
1493
1494 s->req_nb_sectors = s->mult_sectors;
1495 n = MIN(s->nsector, s->req_nb_sectors);
1496
1497 s->status = SEEK_STAT | READY_STAT;
1498 ide_transfer_start(s, s->io_buffer, 512 * n, ide_sector_write);
1499
1500 s->media_changed = 1;
1501
1502 return false;
1503 }
1504
1505 static bool cmd_read_pio(IDEState *s, uint8_t cmd)
1506 {
1507 bool lba48 = (cmd == WIN_READ_EXT);
1508
1509 if (s->drive_kind == IDE_CD) {
1510 ide_set_signature(s); /* odd, but ATA4 8.27.5.2 requires it */
1511 ide_abort_command(s);
1512 return true;
1513 }
1514
1515 if (!s->blk) {
1516 ide_abort_command(s);
1517 return true;
1518 }
1519
1520 ide_cmd_lba48_transform(s, lba48);
1521 s->req_nb_sectors = 1;
1522 ide_sector_read(s);
1523
1524 return false;
1525 }
1526
1527 static bool cmd_write_pio(IDEState *s, uint8_t cmd)
1528 {
1529 bool lba48 = (cmd == WIN_WRITE_EXT);
1530
1531 if (!s->blk) {
1532 ide_abort_command(s);
1533 return true;
1534 }
1535
1536 ide_cmd_lba48_transform(s, lba48);
1537
1538 s->req_nb_sectors = 1;
1539 s->status = SEEK_STAT | READY_STAT;
1540 ide_transfer_start(s, s->io_buffer, 512, ide_sector_write);
1541
1542 s->media_changed = 1;
1543
1544 return false;
1545 }
1546
1547 static bool cmd_read_dma(IDEState *s, uint8_t cmd)
1548 {
1549 bool lba48 = (cmd == WIN_READDMA_EXT);
1550
1551 if (!s->blk) {
1552 ide_abort_command(s);
1553 return true;
1554 }
1555
1556 ide_cmd_lba48_transform(s, lba48);
1557 ide_sector_start_dma(s, IDE_DMA_READ);
1558
1559 return false;
1560 }
1561
1562 static bool cmd_write_dma(IDEState *s, uint8_t cmd)
1563 {
1564 bool lba48 = (cmd == WIN_WRITEDMA_EXT);
1565
1566 if (!s->blk) {
1567 ide_abort_command(s);
1568 return true;
1569 }
1570
1571 ide_cmd_lba48_transform(s, lba48);
1572 ide_sector_start_dma(s, IDE_DMA_WRITE);
1573
1574 s->media_changed = 1;
1575
1576 return false;
1577 }
1578
1579 static bool cmd_flush_cache(IDEState *s, uint8_t cmd)
1580 {
1581 ide_flush_cache(s);
1582 return false;
1583 }
1584
1585 static bool cmd_seek(IDEState *s, uint8_t cmd)
1586 {
1587 /* XXX: Check that seek is within bounds */
1588 return true;
1589 }
1590
1591 static bool cmd_read_native_max(IDEState *s, uint8_t cmd)
1592 {
1593 bool lba48 = (cmd == WIN_READ_NATIVE_MAX_EXT);
1594
1595 /* Refuse if no sectors are addressable (e.g. medium not inserted) */
1596 if (s->nb_sectors == 0) {
1597 ide_abort_command(s);
1598 return true;
1599 }
1600
1601 ide_cmd_lba48_transform(s, lba48);
1602 ide_set_sector(s, s->nb_sectors - 1);
1603
1604 return true;
1605 }
1606
1607 static bool cmd_check_power_mode(IDEState *s, uint8_t cmd)
1608 {
1609 s->nsector = 0xff; /* device active or idle */
1610 return true;
1611 }
1612
1613 static bool cmd_set_features(IDEState *s, uint8_t cmd)
1614 {
1615 uint16_t *identify_data;
1616
1617 if (!s->blk) {
1618 ide_abort_command(s);
1619 return true;
1620 }
1621
1622 /* XXX: valid for CDROM ? */
1623 switch (s->feature) {
1624 case 0x02: /* write cache enable */
1625 blk_set_enable_write_cache(s->blk, true);
1626 identify_data = (uint16_t *)s->identify_data;
1627 put_le16(identify_data + 85, (1 << 14) | (1 << 5) | 1);
1628 return true;
1629 case 0x82: /* write cache disable */
1630 blk_set_enable_write_cache(s->blk, false);
1631 identify_data = (uint16_t *)s->identify_data;
1632 put_le16(identify_data + 85, (1 << 14) | 1);
1633 ide_flush_cache(s);
1634 return false;
1635 case 0xcc: /* reverting to power-on defaults enable */
1636 case 0x66: /* reverting to power-on defaults disable */
1637 case 0xaa: /* read look-ahead enable */
1638 case 0x55: /* read look-ahead disable */
1639 case 0x05: /* set advanced power management mode */
1640 case 0x85: /* disable advanced power management mode */
1641 case 0x69: /* NOP */
1642 case 0x67: /* NOP */
1643 case 0x96: /* NOP */
1644 case 0x9a: /* NOP */
1645 case 0x42: /* enable Automatic Acoustic Mode */
1646 case 0xc2: /* disable Automatic Acoustic Mode */
1647 return true;
1648 case 0x03: /* set transfer mode */
1649 {
1650 uint8_t val = s->nsector & 0x07;
1651 identify_data = (uint16_t *)s->identify_data;
1652
1653 switch (s->nsector >> 3) {
1654 case 0x00: /* pio default */
1655 case 0x01: /* pio mode */
1656 put_le16(identify_data + 62, 0x07);
1657 put_le16(identify_data + 63, 0x07);
1658 put_le16(identify_data + 88, 0x3f);
1659 break;
1660 case 0x02: /* sigle word dma mode*/
1661 put_le16(identify_data + 62, 0x07 | (1 << (val + 8)));
1662 put_le16(identify_data + 63, 0x07);
1663 put_le16(identify_data + 88, 0x3f);
1664 break;
1665 case 0x04: /* mdma mode */
1666 put_le16(identify_data + 62, 0x07);
1667 put_le16(identify_data + 63, 0x07 | (1 << (val + 8)));
1668 put_le16(identify_data + 88, 0x3f);
1669 break;
1670 case 0x08: /* udma mode */
1671 put_le16(identify_data + 62, 0x07);
1672 put_le16(identify_data + 63, 0x07);
1673 put_le16(identify_data + 88, 0x3f | (1 << (val + 8)));
1674 break;
1675 default:
1676 goto abort_cmd;
1677 }
1678 return true;
1679 }
1680 }
1681
1682 abort_cmd:
1683 ide_abort_command(s);
1684 return true;
1685 }
1686
1687
1688 /*** ATAPI commands ***/
1689
1690 static bool cmd_identify_packet(IDEState *s, uint8_t cmd)
1691 {
1692 ide_atapi_identify(s);
1693 s->status = READY_STAT | SEEK_STAT;
1694 ide_transfer_start(s, s->io_buffer, 512, ide_transfer_stop);
1695 ide_set_irq(s->bus);
1696 return false;
1697 }
1698
1699 static bool cmd_exec_dev_diagnostic(IDEState *s, uint8_t cmd)
1700 {
1701 ide_set_signature(s);
1702
1703 if (s->drive_kind == IDE_CD) {
1704 s->status = 0; /* ATAPI spec (v6) section 9.10 defines packet
1705 * devices to return a clear status register
1706 * with READY_STAT *not* set. */
1707 s->error = 0x01;
1708 } else {
1709 s->status = READY_STAT | SEEK_STAT;
1710 /* The bits of the error register are not as usual for this command!
1711 * They are part of the regular output (this is why ERR_STAT isn't set)
1712 * Device 0 passed, Device 1 passed or not present. */
1713 s->error = 0x01;
1714 ide_set_irq(s->bus);
1715 }
1716
1717 return false;
1718 }
1719
1720 static bool cmd_packet(IDEState *s, uint8_t cmd)
1721 {
1722 /* overlapping commands not supported */
1723 if (s->feature & 0x02) {
1724 ide_abort_command(s);
1725 return true;
1726 }
1727
1728 s->status = READY_STAT | SEEK_STAT;
1729 s->atapi_dma = s->feature & 1;
1730 if (s->atapi_dma) {
1731 s->dma_cmd = IDE_DMA_ATAPI;
1732 }
1733 s->nsector = 1;
1734 ide_transfer_start(s, s->io_buffer, ATAPI_PACKET_SIZE,
1735 ide_atapi_cmd);
1736 return false;
1737 }
1738
1739
1740 /*** CF-ATA commands ***/
1741
1742 static bool cmd_cfa_req_ext_error_code(IDEState *s, uint8_t cmd)
1743 {
1744 s->error = 0x09; /* miscellaneous error */
1745 s->status = READY_STAT | SEEK_STAT;
1746 ide_set_irq(s->bus);
1747
1748 return false;
1749 }
1750
1751 static bool cmd_cfa_erase_sectors(IDEState *s, uint8_t cmd)
1752 {
1753 /* WIN_SECURITY_FREEZE_LOCK has the same ID as CFA_WEAR_LEVEL and is
1754 * required for Windows 8 to work with AHCI */
1755
1756 if (cmd == CFA_WEAR_LEVEL) {
1757 s->nsector = 0;
1758 }
1759
1760 if (cmd == CFA_ERASE_SECTORS) {
1761 s->media_changed = 1;
1762 }
1763
1764 return true;
1765 }
1766
1767 static bool cmd_cfa_translate_sector(IDEState *s, uint8_t cmd)
1768 {
1769 s->status = READY_STAT | SEEK_STAT;
1770
1771 memset(s->io_buffer, 0, 0x200);
1772 s->io_buffer[0x00] = s->hcyl; /* Cyl MSB */
1773 s->io_buffer[0x01] = s->lcyl; /* Cyl LSB */
1774 s->io_buffer[0x02] = s->select; /* Head */
1775 s->io_buffer[0x03] = s->sector; /* Sector */
1776 s->io_buffer[0x04] = ide_get_sector(s) >> 16; /* LBA MSB */
1777 s->io_buffer[0x05] = ide_get_sector(s) >> 8; /* LBA */
1778 s->io_buffer[0x06] = ide_get_sector(s) >> 0; /* LBA LSB */
1779 s->io_buffer[0x13] = 0x00; /* Erase flag */
1780 s->io_buffer[0x18] = 0x00; /* Hot count */
1781 s->io_buffer[0x19] = 0x00; /* Hot count */
1782 s->io_buffer[0x1a] = 0x01; /* Hot count */
1783
1784 ide_transfer_start(s, s->io_buffer, 0x200, ide_transfer_stop);
1785 ide_set_irq(s->bus);
1786
1787 return false;
1788 }
1789
1790 static bool cmd_cfa_access_metadata_storage(IDEState *s, uint8_t cmd)
1791 {
1792 switch (s->feature) {
1793 case 0x02: /* Inquiry Metadata Storage */
1794 ide_cfata_metadata_inquiry(s);
1795 break;
1796 case 0x03: /* Read Metadata Storage */
1797 ide_cfata_metadata_read(s);
1798 break;
1799 case 0x04: /* Write Metadata Storage */
1800 ide_cfata_metadata_write(s);
1801 break;
1802 default:
1803 ide_abort_command(s);
1804 return true;
1805 }
1806
1807 ide_transfer_start(s, s->io_buffer, 0x200, ide_transfer_stop);
1808 s->status = 0x00; /* NOTE: READY is _not_ set */
1809 ide_set_irq(s->bus);
1810
1811 return false;
1812 }
1813
1814 static bool cmd_ibm_sense_condition(IDEState *s, uint8_t cmd)
1815 {
1816 switch (s->feature) {
1817 case 0x01: /* sense temperature in device */
1818 s->nsector = 0x50; /* +20 C */
1819 break;
1820 default:
1821 ide_abort_command(s);
1822 return true;
1823 }
1824
1825 return true;
1826 }
1827
1828
1829 /*** SMART commands ***/
1830
1831 static bool cmd_smart(IDEState *s, uint8_t cmd)
1832 {
1833 int n;
1834
1835 if (s->hcyl != 0xc2 || s->lcyl != 0x4f) {
1836 goto abort_cmd;
1837 }
1838
1839 if (!s->smart_enabled && s->feature != SMART_ENABLE) {
1840 goto abort_cmd;
1841 }
1842
1843 switch (s->feature) {
1844 case SMART_DISABLE:
1845 s->smart_enabled = 0;
1846 return true;
1847
1848 case SMART_ENABLE:
1849 s->smart_enabled = 1;
1850 return true;
1851
1852 case SMART_ATTR_AUTOSAVE:
1853 switch (s->sector) {
1854 case 0x00:
1855 s->smart_autosave = 0;
1856 break;
1857 case 0xf1:
1858 s->smart_autosave = 1;
1859 break;
1860 default:
1861 goto abort_cmd;
1862 }
1863 return true;
1864
1865 case SMART_STATUS:
1866 if (!s->smart_errors) {
1867 s->hcyl = 0xc2;
1868 s->lcyl = 0x4f;
1869 } else {
1870 s->hcyl = 0x2c;
1871 s->lcyl = 0xf4;
1872 }
1873 return true;
1874
1875 case SMART_READ_THRESH:
1876 memset(s->io_buffer, 0, 0x200);
1877 s->io_buffer[0] = 0x01; /* smart struct version */
1878
1879 for (n = 0; n < ARRAY_SIZE(smart_attributes); n++) {
1880 s->io_buffer[2 + 0 + (n * 12)] = smart_attributes[n][0];
1881 s->io_buffer[2 + 1 + (n * 12)] = smart_attributes[n][11];
1882 }
1883
1884 /* checksum */
1885 for (n = 0; n < 511; n++) {
1886 s->io_buffer[511] += s->io_buffer[n];
1887 }
1888 s->io_buffer[511] = 0x100 - s->io_buffer[511];
1889
1890 s->status = READY_STAT | SEEK_STAT;
1891 ide_transfer_start(s, s->io_buffer, 0x200, ide_transfer_stop);
1892 ide_set_irq(s->bus);
1893 return false;
1894
1895 case SMART_READ_DATA:
1896 memset(s->io_buffer, 0, 0x200);
1897 s->io_buffer[0] = 0x01; /* smart struct version */
1898
1899 for (n = 0; n < ARRAY_SIZE(smart_attributes); n++) {
1900 int i;
1901 for (i = 0; i < 11; i++) {
1902 s->io_buffer[2 + i + (n * 12)] = smart_attributes[n][i];
1903 }
1904 }
1905
1906 s->io_buffer[362] = 0x02 | (s->smart_autosave ? 0x80 : 0x00);
1907 if (s->smart_selftest_count == 0) {
1908 s->io_buffer[363] = 0;
1909 } else {
1910 s->io_buffer[363] =
1911 s->smart_selftest_data[3 +
1912 (s->smart_selftest_count - 1) *
1913 24];
1914 }
1915 s->io_buffer[364] = 0x20;
1916 s->io_buffer[365] = 0x01;
1917 /* offline data collection capacity: execute + self-test*/
1918 s->io_buffer[367] = (1 << 4 | 1 << 3 | 1);
1919 s->io_buffer[368] = 0x03; /* smart capability (1) */
1920 s->io_buffer[369] = 0x00; /* smart capability (2) */
1921 s->io_buffer[370] = 0x01; /* error logging supported */
1922 s->io_buffer[372] = 0x02; /* minutes for poll short test */
1923 s->io_buffer[373] = 0x36; /* minutes for poll ext test */
1924 s->io_buffer[374] = 0x01; /* minutes for poll conveyance */
1925
1926 for (n = 0; n < 511; n++) {
1927 s->io_buffer[511] += s->io_buffer[n];
1928 }
1929 s->io_buffer[511] = 0x100 - s->io_buffer[511];
1930
1931 s->status = READY_STAT | SEEK_STAT;
1932 ide_transfer_start(s, s->io_buffer, 0x200, ide_transfer_stop);
1933 ide_set_irq(s->bus);
1934 return false;
1935
1936 case SMART_READ_LOG:
1937 switch (s->sector) {
1938 case 0x01: /* summary smart error log */
1939 memset(s->io_buffer, 0, 0x200);
1940 s->io_buffer[0] = 0x01;
1941 s->io_buffer[1] = 0x00; /* no error entries */
1942 s->io_buffer[452] = s->smart_errors & 0xff;
1943 s->io_buffer[453] = (s->smart_errors & 0xff00) >> 8;
1944
1945 for (n = 0; n < 511; n++) {
1946 s->io_buffer[511] += s->io_buffer[n];
1947 }
1948 s->io_buffer[511] = 0x100 - s->io_buffer[511];
1949 break;
1950 case 0x06: /* smart self test log */
1951 memset(s->io_buffer, 0, 0x200);
1952 s->io_buffer[0] = 0x01;
1953 if (s->smart_selftest_count == 0) {
1954 s->io_buffer[508] = 0;
1955 } else {
1956 s->io_buffer[508] = s->smart_selftest_count;
1957 for (n = 2; n < 506; n++) {
1958 s->io_buffer[n] = s->smart_selftest_data[n];
1959 }
1960 }
1961
1962 for (n = 0; n < 511; n++) {
1963 s->io_buffer[511] += s->io_buffer[n];
1964 }
1965 s->io_buffer[511] = 0x100 - s->io_buffer[511];
1966 break;
1967 default:
1968 goto abort_cmd;
1969 }
1970 s->status = READY_STAT | SEEK_STAT;
1971 ide_transfer_start(s, s->io_buffer, 0x200, ide_transfer_stop);
1972 ide_set_irq(s->bus);
1973 return false;
1974
1975 case SMART_EXECUTE_OFFLINE:
1976 switch (s->sector) {
1977 case 0: /* off-line routine */
1978 case 1: /* short self test */
1979 case 2: /* extended self test */
1980 s->smart_selftest_count++;
1981 if (s->smart_selftest_count > 21) {
1982 s->smart_selftest_count = 1;
1983 }
1984 n = 2 + (s->smart_selftest_count - 1) * 24;
1985 s->smart_selftest_data[n] = s->sector;
1986 s->smart_selftest_data[n + 1] = 0x00; /* OK and finished */
1987 s->smart_selftest_data[n + 2] = 0x34; /* hour count lsb */
1988 s->smart_selftest_data[n + 3] = 0x12; /* hour count msb */
1989 break;
1990 default:
1991 goto abort_cmd;
1992 }
1993 return true;
1994 }
1995
1996 abort_cmd:
1997 ide_abort_command(s);
1998 return true;
1999 }
2000
2001 #define HD_OK (1u << IDE_HD)
2002 #define CD_OK (1u << IDE_CD)
2003 #define CFA_OK (1u << IDE_CFATA)
2004 #define HD_CFA_OK (HD_OK | CFA_OK)
2005 #define ALL_OK (HD_OK | CD_OK | CFA_OK)
2006
2007 /* Set the Disk Seek Completed status bit during completion */
2008 #define SET_DSC (1u << 8)
2009
2010 /* See ACS-2 T13/2015-D Table B.2 Command codes */
2011 static const struct {
2012 /* Returns true if the completion code should be run */
2013 bool (*handler)(IDEState *s, uint8_t cmd);
2014 int flags;
2015 } ide_cmd_table[0x100] = {
2016 /* NOP not implemented, mandatory for CD */
2017 [CFA_REQ_EXT_ERROR_CODE] = { cmd_cfa_req_ext_error_code, CFA_OK },
2018 [WIN_DSM] = { cmd_data_set_management, HD_CFA_OK },
2019 [WIN_DEVICE_RESET] = { cmd_device_reset, CD_OK },
2020 [WIN_RECAL] = { cmd_nop, HD_CFA_OK | SET_DSC},
2021 [WIN_READ] = { cmd_read_pio, ALL_OK },
2022 [WIN_READ_ONCE] = { cmd_read_pio, HD_CFA_OK },
2023 [WIN_READ_EXT] = { cmd_read_pio, HD_CFA_OK },
2024 [WIN_READDMA_EXT] = { cmd_read_dma, HD_CFA_OK },
2025 [WIN_READ_NATIVE_MAX_EXT] = { cmd_read_native_max, HD_CFA_OK | SET_DSC },
2026 [WIN_MULTREAD_EXT] = { cmd_read_multiple, HD_CFA_OK },
2027 [WIN_WRITE] = { cmd_write_pio, HD_CFA_OK },
2028 [WIN_WRITE_ONCE] = { cmd_write_pio, HD_CFA_OK },
2029 [WIN_WRITE_EXT] = { cmd_write_pio, HD_CFA_OK },
2030 [WIN_WRITEDMA_EXT] = { cmd_write_dma, HD_CFA_OK },
2031 [CFA_WRITE_SECT_WO_ERASE] = { cmd_write_pio, CFA_OK },
2032 [WIN_MULTWRITE_EXT] = { cmd_write_multiple, HD_CFA_OK },
2033 [WIN_WRITE_VERIFY] = { cmd_write_pio, HD_CFA_OK },
2034 [WIN_VERIFY] = { cmd_verify, HD_CFA_OK | SET_DSC },
2035 [WIN_VERIFY_ONCE] = { cmd_verify, HD_CFA_OK | SET_DSC },
2036 [WIN_VERIFY_EXT] = { cmd_verify, HD_CFA_OK | SET_DSC },
2037 [WIN_SEEK] = { cmd_seek, HD_CFA_OK | SET_DSC },
2038 [CFA_TRANSLATE_SECTOR] = { cmd_cfa_translate_sector, CFA_OK },
2039 [WIN_DIAGNOSE] = { cmd_exec_dev_diagnostic, ALL_OK },
2040 [WIN_SPECIFY] = { cmd_nop, HD_CFA_OK | SET_DSC },
2041 [WIN_STANDBYNOW2] = { cmd_nop, HD_CFA_OK },
2042 [WIN_IDLEIMMEDIATE2] = { cmd_nop, HD_CFA_OK },
2043 [WIN_STANDBY2] = { cmd_nop, HD_CFA_OK },
2044 [WIN_SETIDLE2] = { cmd_nop, HD_CFA_OK },
2045 [WIN_CHECKPOWERMODE2] = { cmd_check_power_mode, HD_CFA_OK | SET_DSC },
2046 [WIN_SLEEPNOW2] = { cmd_nop, HD_CFA_OK },
2047 [WIN_PACKETCMD] = { cmd_packet, CD_OK },
2048 [WIN_PIDENTIFY] = { cmd_identify_packet, CD_OK },
2049 [WIN_SMART] = { cmd_smart, HD_CFA_OK | SET_DSC },
2050 [CFA_ACCESS_METADATA_STORAGE] = { cmd_cfa_access_metadata_storage, CFA_OK },
2051 [CFA_ERASE_SECTORS] = { cmd_cfa_erase_sectors, CFA_OK | SET_DSC },
2052 [WIN_MULTREAD] = { cmd_read_multiple, HD_CFA_OK },
2053 [WIN_MULTWRITE] = { cmd_write_multiple, HD_CFA_OK },
2054 [WIN_SETMULT] = { cmd_set_multiple_mode, HD_CFA_OK | SET_DSC },
2055 [WIN_READDMA] = { cmd_read_dma, HD_CFA_OK },
2056 [WIN_READDMA_ONCE] = { cmd_read_dma, HD_CFA_OK },
2057 [WIN_WRITEDMA] = { cmd_write_dma, HD_CFA_OK },
2058 [WIN_WRITEDMA_ONCE] = { cmd_write_dma, HD_CFA_OK },
2059 [CFA_WRITE_MULTI_WO_ERASE] = { cmd_write_multiple, CFA_OK },
2060 [WIN_STANDBYNOW1] = { cmd_nop, HD_CFA_OK },
2061 [WIN_IDLEIMMEDIATE] = { cmd_nop, HD_CFA_OK },
2062 [WIN_STANDBY] = { cmd_nop, HD_CFA_OK },
2063 [WIN_SETIDLE1] = { cmd_nop, HD_CFA_OK },
2064 [WIN_CHECKPOWERMODE1] = { cmd_check_power_mode, HD_CFA_OK | SET_DSC },
2065 [WIN_SLEEPNOW1] = { cmd_nop, HD_CFA_OK },
2066 [WIN_FLUSH_CACHE] = { cmd_flush_cache, ALL_OK },
2067 [WIN_FLUSH_CACHE_EXT] = { cmd_flush_cache, HD_CFA_OK },
2068 [WIN_IDENTIFY] = { cmd_identify, ALL_OK },
2069 [WIN_SETFEATURES] = { cmd_set_features, ALL_OK | SET_DSC },
2070 [IBM_SENSE_CONDITION] = { cmd_ibm_sense_condition, CFA_OK | SET_DSC },
2071 [CFA_WEAR_LEVEL] = { cmd_cfa_erase_sectors, HD_CFA_OK | SET_DSC },
2072 [WIN_READ_NATIVE_MAX] = { cmd_read_native_max, HD_CFA_OK | SET_DSC },
2073 };
2074
2075 static bool ide_cmd_permitted(IDEState *s, uint32_t cmd)
2076 {
2077 return cmd < ARRAY_SIZE(ide_cmd_table)
2078 && (ide_cmd_table[cmd].flags & (1u << s->drive_kind));
2079 }
2080
2081 void ide_exec_cmd(IDEBus *bus, uint32_t val)
2082 {
2083 IDEState *s;
2084 bool complete;
2085
2086 s = idebus_active_if(bus);
2087 trace_ide_exec_cmd(bus, s, val);
2088
2089 /* ignore commands to non existent slave */
2090 if (s != bus->ifs && !s->blk) {
2091 return;
2092 }
2093
2094 /* Only RESET is allowed while BSY and/or DRQ are set,
2095 * and only to ATAPI devices. */
2096 if (s->status & (BUSY_STAT|DRQ_STAT)) {
2097 if (val != WIN_DEVICE_RESET || s->drive_kind != IDE_CD) {
2098 return;
2099 }
2100 }
2101
2102 if (!ide_cmd_permitted(s, val)) {
2103 ide_abort_command(s);
2104 ide_set_irq(s->bus);
2105 return;
2106 }
2107
2108 s->status = READY_STAT | BUSY_STAT;
2109 s->error = 0;
2110 s->io_buffer_offset = 0;
2111
2112 complete = ide_cmd_table[val].handler(s, val);
2113 if (complete) {
2114 s->status &= ~BUSY_STAT;
2115 assert(!!s->error == !!(s->status & ERR_STAT));
2116
2117 if ((ide_cmd_table[val].flags & SET_DSC) && !s->error) {
2118 s->status |= SEEK_STAT;
2119 }
2120
2121 ide_cmd_done(s);
2122 ide_set_irq(s->bus);
2123 }
2124 }
2125
2126 /* IOport [R]ead [R]egisters */
2127 enum ATA_IOPORT_RR {
2128 ATA_IOPORT_RR_DATA = 0,
2129 ATA_IOPORT_RR_ERROR = 1,
2130 ATA_IOPORT_RR_SECTOR_COUNT = 2,
2131 ATA_IOPORT_RR_SECTOR_NUMBER = 3,
2132 ATA_IOPORT_RR_CYLINDER_LOW = 4,
2133 ATA_IOPORT_RR_CYLINDER_HIGH = 5,
2134 ATA_IOPORT_RR_DEVICE_HEAD = 6,
2135 ATA_IOPORT_RR_STATUS = 7,
2136 ATA_IOPORT_RR_NUM_REGISTERS,
2137 };
2138
2139 const char *ATA_IOPORT_RR_lookup[ATA_IOPORT_RR_NUM_REGISTERS] = {
2140 [ATA_IOPORT_RR_DATA] = "Data",
2141 [ATA_IOPORT_RR_ERROR] = "Error",
2142 [ATA_IOPORT_RR_SECTOR_COUNT] = "Sector Count",
2143 [ATA_IOPORT_RR_SECTOR_NUMBER] = "Sector Number",
2144 [ATA_IOPORT_RR_CYLINDER_LOW] = "Cylinder Low",
2145 [ATA_IOPORT_RR_CYLINDER_HIGH] = "Cylinder High",
2146 [ATA_IOPORT_RR_DEVICE_HEAD] = "Device/Head",
2147 [ATA_IOPORT_RR_STATUS] = "Status"
2148 };
2149
2150 uint32_t ide_ioport_read(void *opaque, uint32_t addr)
2151 {
2152 IDEBus *bus = opaque;
2153 IDEState *s = idebus_active_if(bus);
2154 uint32_t reg_num;
2155 int ret, hob;
2156
2157 reg_num = addr & 7;
2158 hob = bus->cmd & (IDE_CTRL_HOB);
2159 switch (reg_num) {
2160 case ATA_IOPORT_RR_DATA:
2161 ret = 0xff;
2162 break;
2163 case ATA_IOPORT_RR_ERROR:
2164 if ((!bus->ifs[0].blk && !bus->ifs[1].blk) ||
2165 (s != bus->ifs && !s->blk)) {
2166 ret = 0;
2167 } else if (!hob) {
2168 ret = s->error;
2169 } else {
2170 ret = s->hob_feature;
2171 }
2172 break;
2173 case ATA_IOPORT_RR_SECTOR_COUNT:
2174 if (!bus->ifs[0].blk && !bus->ifs[1].blk) {
2175 ret = 0;
2176 } else if (!hob) {
2177 ret = s->nsector & 0xff;
2178 } else {
2179 ret = s->hob_nsector;
2180 }
2181 break;
2182 case ATA_IOPORT_RR_SECTOR_NUMBER:
2183 if (!bus->ifs[0].blk && !bus->ifs[1].blk) {
2184 ret = 0;
2185 } else if (!hob) {
2186 ret = s->sector;
2187 } else {
2188 ret = s->hob_sector;
2189 }
2190 break;
2191 case ATA_IOPORT_RR_CYLINDER_LOW:
2192 if (!bus->ifs[0].blk && !bus->ifs[1].blk) {
2193 ret = 0;
2194 } else if (!hob) {
2195 ret = s->lcyl;
2196 } else {
2197 ret = s->hob_lcyl;
2198 }
2199 break;
2200 case ATA_IOPORT_RR_CYLINDER_HIGH:
2201 if (!bus->ifs[0].blk && !bus->ifs[1].blk) {
2202 ret = 0;
2203 } else if (!hob) {
2204 ret = s->hcyl;
2205 } else {
2206 ret = s->hob_hcyl;
2207 }
2208 break;
2209 case ATA_IOPORT_RR_DEVICE_HEAD:
2210 if (!bus->ifs[0].blk && !bus->ifs[1].blk) {
2211 ret = 0;
2212 } else {
2213 ret = s->select;
2214 }
2215 break;
2216 default:
2217 case ATA_IOPORT_RR_STATUS:
2218 if ((!bus->ifs[0].blk && !bus->ifs[1].blk) ||
2219 (s != bus->ifs && !s->blk)) {
2220 ret = 0;
2221 } else {
2222 ret = s->status;
2223 }
2224 qemu_irq_lower(bus->irq);
2225 break;
2226 }
2227
2228 trace_ide_ioport_read(addr, ATA_IOPORT_RR_lookup[reg_num], ret, bus, s);
2229 return ret;
2230 }
2231
2232 uint32_t ide_status_read(void *opaque, uint32_t addr)
2233 {
2234 IDEBus *bus = opaque;
2235 IDEState *s = idebus_active_if(bus);
2236 int ret;
2237
2238 if ((!bus->ifs[0].blk && !bus->ifs[1].blk) ||
2239 (s != bus->ifs && !s->blk)) {
2240 ret = 0;
2241 } else {
2242 ret = s->status;
2243 }
2244
2245 trace_ide_status_read(addr, ret, bus, s);
2246 return ret;
2247 }
2248
2249 static void ide_perform_srst(IDEState *s)
2250 {
2251 s->status |= BUSY_STAT;
2252
2253 /* Halt PIO (Via register state); PIO BH remains scheduled. */
2254 ide_transfer_halt(s);
2255
2256 /* Cancel DMA -- may drain block device and invoke callbacks */
2257 ide_cancel_dma_sync(s);
2258
2259 /* Cancel PIO callback, reset registers/signature, etc */
2260 ide_reset(s);
2261
2262 /* perform diagnostic */
2263 cmd_exec_dev_diagnostic(s, WIN_DIAGNOSE);
2264 }
2265
2266 static void ide_bus_perform_srst(void *opaque)
2267 {
2268 IDEBus *bus = opaque;
2269 IDEState *s;
2270 int i;
2271
2272 for (i = 0; i < 2; i++) {
2273 s = &bus->ifs[i];
2274 ide_perform_srst(s);
2275 }
2276
2277 bus->cmd &= ~IDE_CTRL_RESET;
2278 }
2279
2280 void ide_ctrl_write(void *opaque, uint32_t addr, uint32_t val)
2281 {
2282 IDEBus *bus = opaque;
2283 IDEState *s;
2284 int i;
2285
2286 trace_ide_ctrl_write(addr, val, bus);
2287
2288 /* Device0 and Device1 each have their own control register,
2289 * but QEMU models it as just one register in the controller. */
2290 if (!(bus->cmd & IDE_CTRL_RESET) && (val & IDE_CTRL_RESET)) {
2291 for (i = 0; i < 2; i++) {
2292 s = &bus->ifs[i];
2293 s->status |= BUSY_STAT;
2294 }
2295 replay_bh_schedule_oneshot_event(qemu_get_aio_context(),
2296 ide_bus_perform_srst, bus);
2297 }
2298
2299 bus->cmd = val;
2300 }
2301
2302 /*
2303 * Returns true if the running PIO transfer is a PIO out (i.e. data is
2304 * transferred from the device to the guest), false if it's a PIO in
2305 */
2306 static bool ide_is_pio_out(IDEState *s)
2307 {
2308 if (s->end_transfer_func == ide_sector_write ||
2309 s->end_transfer_func == ide_atapi_cmd) {
2310 return false;
2311 } else if (s->end_transfer_func == ide_sector_read ||
2312 s->end_transfer_func == ide_transfer_stop ||
2313 s->end_transfer_func == ide_atapi_cmd_reply_end ||
2314 s->end_transfer_func == ide_dummy_transfer_stop) {
2315 return true;
2316 }
2317
2318 abort();
2319 }
2320
2321 void ide_data_writew(void *opaque, uint32_t addr, uint32_t val)
2322 {
2323 IDEBus *bus = opaque;
2324 IDEState *s = idebus_active_if(bus);
2325 uint8_t *p;
2326
2327 trace_ide_data_writew(addr, val, bus, s);
2328
2329 /* PIO data access allowed only when DRQ bit is set. The result of a write
2330 * during PIO out is indeterminate, just ignore it. */
2331 if (!(s->status & DRQ_STAT) || ide_is_pio_out(s)) {
2332 return;
2333 }
2334
2335 p = s->data_ptr;
2336 if (p + 2 > s->data_end) {
2337 return;
2338 }
2339
2340 *(uint16_t *)p = le16_to_cpu(val);
2341 p += 2;
2342 s->data_ptr = p;
2343 if (p >= s->data_end) {
2344 s->status &= ~DRQ_STAT;
2345 s->end_transfer_func(s);
2346 }
2347 }
2348
2349 uint32_t ide_data_readw(void *opaque, uint32_t addr)
2350 {
2351 IDEBus *bus = opaque;
2352 IDEState *s = idebus_active_if(bus);
2353 uint8_t *p;
2354 int ret;
2355
2356 /* PIO data access allowed only when DRQ bit is set. The result of a read
2357 * during PIO in is indeterminate, return 0 and don't move forward. */
2358 if (!(s->status & DRQ_STAT) || !ide_is_pio_out(s)) {
2359 return 0;
2360 }
2361
2362 p = s->data_ptr;
2363 if (p + 2 > s->data_end) {
2364 return 0;
2365 }
2366
2367 ret = cpu_to_le16(*(uint16_t *)p);
2368 p += 2;
2369 s->data_ptr = p;
2370 if (p >= s->data_end) {
2371 s->status &= ~DRQ_STAT;
2372 s->end_transfer_func(s);
2373 }
2374
2375 trace_ide_data_readw(addr, ret, bus, s);
2376 return ret;
2377 }
2378
2379 void ide_data_writel(void *opaque, uint32_t addr, uint32_t val)
2380 {
2381 IDEBus *bus = opaque;
2382 IDEState *s = idebus_active_if(bus);
2383 uint8_t *p;
2384
2385 trace_ide_data_writel(addr, val, bus, s);
2386
2387 /* PIO data access allowed only when DRQ bit is set. The result of a write
2388 * during PIO out is indeterminate, just ignore it. */
2389 if (!(s->status & DRQ_STAT) || ide_is_pio_out(s)) {
2390 return;
2391 }
2392
2393 p = s->data_ptr;
2394 if (p + 4 > s->data_end) {
2395 return;
2396 }
2397
2398 *(uint32_t *)p = le32_to_cpu(val);
2399 p += 4;
2400 s->data_ptr = p;
2401 if (p >= s->data_end) {
2402 s->status &= ~DRQ_STAT;
2403 s->end_transfer_func(s);
2404 }
2405 }
2406
2407 uint32_t ide_data_readl(void *opaque, uint32_t addr)
2408 {
2409 IDEBus *bus = opaque;
2410 IDEState *s = idebus_active_if(bus);
2411 uint8_t *p;
2412 int ret;
2413
2414 /* PIO data access allowed only when DRQ bit is set. The result of a read
2415 * during PIO in is indeterminate, return 0 and don't move forward. */
2416 if (!(s->status & DRQ_STAT) || !ide_is_pio_out(s)) {
2417 ret = 0;
2418 goto out;
2419 }
2420
2421 p = s->data_ptr;
2422 if (p + 4 > s->data_end) {
2423 return 0;
2424 }
2425
2426 ret = cpu_to_le32(*(uint32_t *)p);
2427 p += 4;
2428 s->data_ptr = p;
2429 if (p >= s->data_end) {
2430 s->status &= ~DRQ_STAT;
2431 s->end_transfer_func(s);
2432 }
2433
2434 out:
2435 trace_ide_data_readl(addr, ret, bus, s);
2436 return ret;
2437 }
2438
2439 static void ide_dummy_transfer_stop(IDEState *s)
2440 {
2441 s->data_ptr = s->io_buffer;
2442 s->data_end = s->io_buffer;
2443 s->io_buffer[0] = 0xff;
2444 s->io_buffer[1] = 0xff;
2445 s->io_buffer[2] = 0xff;
2446 s->io_buffer[3] = 0xff;
2447 }
2448
2449 void ide_bus_reset(IDEBus *bus)
2450 {
2451 bus->unit = 0;
2452 bus->cmd = 0;
2453 ide_reset(&bus->ifs[0]);
2454 ide_reset(&bus->ifs[1]);
2455 ide_clear_hob(bus);
2456
2457 /* pending async DMA */
2458 if (bus->dma->aiocb) {
2459 trace_ide_bus_reset_aio();
2460 blk_aio_cancel(bus->dma->aiocb);
2461 bus->dma->aiocb = NULL;
2462 }
2463
2464 /* reset dma provider too */
2465 if (bus->dma->ops->reset) {
2466 bus->dma->ops->reset(bus->dma);
2467 }
2468 }
2469
2470 static bool ide_cd_is_tray_open(void *opaque)
2471 {
2472 return ((IDEState *)opaque)->tray_open;
2473 }
2474
2475 static bool ide_cd_is_medium_locked(void *opaque)
2476 {
2477 return ((IDEState *)opaque)->tray_locked;
2478 }
2479
2480 static void ide_resize_cb(void *opaque)
2481 {
2482 IDEState *s = opaque;
2483 uint64_t nb_sectors;
2484
2485 if (!s->identify_set) {
2486 return;
2487 }
2488
2489 blk_get_geometry(s->blk, &nb_sectors);
2490 s->nb_sectors = nb_sectors;
2491
2492 /* Update the identify data buffer. */
2493 if (s->drive_kind == IDE_CFATA) {
2494 ide_cfata_identify_size(s);
2495 } else {
2496 /* IDE_CD uses a different set of callbacks entirely. */
2497 assert(s->drive_kind != IDE_CD);
2498 ide_identify_size(s);
2499 }
2500 }
2501
2502 static const BlockDevOps ide_cd_block_ops = {
2503 .change_media_cb = ide_cd_change_cb,
2504 .eject_request_cb = ide_cd_eject_request_cb,
2505 .is_tray_open = ide_cd_is_tray_open,
2506 .is_medium_locked = ide_cd_is_medium_locked,
2507 };
2508
2509 static const BlockDevOps ide_hd_block_ops = {
2510 .resize_cb = ide_resize_cb,
2511 };
2512
2513 int ide_init_drive(IDEState *s, BlockBackend *blk, IDEDriveKind kind,
2514 const char *version, const char *serial, const char *model,
2515 uint64_t wwn,
2516 uint32_t cylinders, uint32_t heads, uint32_t secs,
2517 int chs_trans, Error **errp)
2518 {
2519 uint64_t nb_sectors;
2520
2521 s->blk = blk;
2522 s->drive_kind = kind;
2523
2524 blk_get_geometry(blk, &nb_sectors);
2525 s->cylinders = cylinders;
2526 s->heads = heads;
2527 s->sectors = secs;
2528 s->chs_trans = chs_trans;
2529 s->nb_sectors = nb_sectors;
2530 s->wwn = wwn;
2531 /* The SMART values should be preserved across power cycles
2532 but they aren't. */
2533 s->smart_enabled = 1;
2534 s->smart_autosave = 1;
2535 s->smart_errors = 0;
2536 s->smart_selftest_count = 0;
2537 if (kind == IDE_CD) {
2538 blk_set_dev_ops(blk, &ide_cd_block_ops, s);
2539 blk_set_guest_block_size(blk, 2048);
2540 } else {
2541 if (!blk_is_inserted(s->blk)) {
2542 error_setg(errp, "Device needs media, but drive is empty");
2543 return -1;
2544 }
2545 if (!blk_is_writable(blk)) {
2546 error_setg(errp, "Can't use a read-only drive");
2547 return -1;
2548 }
2549 blk_set_dev_ops(blk, &ide_hd_block_ops, s);
2550 }
2551 if (serial) {
2552 pstrcpy(s->drive_serial_str, sizeof(s->drive_serial_str), serial);
2553 } else {
2554 snprintf(s->drive_serial_str, sizeof(s->drive_serial_str),
2555 "QM%05d", s->drive_serial);
2556 }
2557 if (model) {
2558 pstrcpy(s->drive_model_str, sizeof(s->drive_model_str), model);
2559 } else {
2560 switch (kind) {
2561 case IDE_CD:
2562 strcpy(s->drive_model_str, "QEMU DVD-ROM");
2563 break;
2564 case IDE_CFATA:
2565 strcpy(s->drive_model_str, "QEMU MICRODRIVE");
2566 break;
2567 default:
2568 strcpy(s->drive_model_str, "QEMU HARDDISK");
2569 break;
2570 }
2571 }
2572
2573 if (version) {
2574 pstrcpy(s->version, sizeof(s->version), version);
2575 } else {
2576 pstrcpy(s->version, sizeof(s->version), qemu_hw_version());
2577 }
2578
2579 ide_reset(s);
2580 blk_iostatus_enable(blk);
2581 return 0;
2582 }
2583
2584 static void ide_init1(IDEBus *bus, int unit)
2585 {
2586 static int drive_serial = 1;
2587 IDEState *s = &bus->ifs[unit];
2588
2589 s->bus = bus;
2590 s->unit = unit;
2591 s->drive_serial = drive_serial++;
2592 /* we need at least 2k alignment for accessing CDROMs using O_DIRECT */
2593 s->io_buffer_total_len = IDE_DMA_BUF_SECTORS*512 + 4;
2594 s->io_buffer = qemu_memalign(2048, s->io_buffer_total_len);
2595 memset(s->io_buffer, 0, s->io_buffer_total_len);
2596
2597 s->smart_selftest_data = blk_blockalign(s->blk, 512);
2598 memset(s->smart_selftest_data, 0, 512);
2599
2600 s->sector_write_timer = timer_new_ns(QEMU_CLOCK_VIRTUAL,
2601 ide_sector_write_timer_cb, s);
2602 }
2603
2604 static int ide_nop_int(const IDEDMA *dma, bool is_write)
2605 {
2606 return 0;
2607 }
2608
2609 static void ide_nop(const IDEDMA *dma)
2610 {
2611 }
2612
2613 static int32_t ide_nop_int32(const IDEDMA *dma, int32_t l)
2614 {
2615 return 0;
2616 }
2617
2618 static const IDEDMAOps ide_dma_nop_ops = {
2619 .prepare_buf = ide_nop_int32,
2620 .restart_dma = ide_nop,
2621 .rw_buf = ide_nop_int,
2622 };
2623
2624 static void ide_restart_dma(IDEState *s, enum ide_dma_cmd dma_cmd)
2625 {
2626 s->unit = s->bus->retry_unit;
2627 ide_set_sector(s, s->bus->retry_sector_num);
2628 s->nsector = s->bus->retry_nsector;
2629 s->bus->dma->ops->restart_dma(s->bus->dma);
2630 s->io_buffer_size = 0;
2631 s->dma_cmd = dma_cmd;
2632 ide_start_dma(s, ide_dma_cb);
2633 }
2634
2635 static void ide_restart_bh(void *opaque)
2636 {
2637 IDEBus *bus = opaque;
2638 IDEState *s;
2639 bool is_read;
2640 int error_status;
2641
2642 qemu_bh_delete(bus->bh);
2643 bus->bh = NULL;
2644
2645 error_status = bus->error_status;
2646 if (bus->error_status == 0) {
2647 return;
2648 }
2649
2650 s = idebus_active_if(bus);
2651 is_read = (bus->error_status & IDE_RETRY_READ) != 0;
2652
2653 /* The error status must be cleared before resubmitting the request: The
2654 * request may fail again, and this case can only be distinguished if the
2655 * called function can set a new error status. */
2656 bus->error_status = 0;
2657
2658 /* The HBA has generically asked to be kicked on retry */
2659 if (error_status & IDE_RETRY_HBA) {
2660 if (s->bus->dma->ops->restart) {
2661 s->bus->dma->ops->restart(s->bus->dma);
2662 }
2663 } else if (IS_IDE_RETRY_DMA(error_status)) {
2664 if (error_status & IDE_RETRY_TRIM) {
2665 ide_restart_dma(s, IDE_DMA_TRIM);
2666 } else {
2667 ide_restart_dma(s, is_read ? IDE_DMA_READ : IDE_DMA_WRITE);
2668 }
2669 } else if (IS_IDE_RETRY_PIO(error_status)) {
2670 if (is_read) {
2671 ide_sector_read(s);
2672 } else {
2673 ide_sector_write(s);
2674 }
2675 } else if (error_status & IDE_RETRY_FLUSH) {
2676 ide_flush_cache(s);
2677 } else if (IS_IDE_RETRY_ATAPI(error_status)) {
2678 assert(s->end_transfer_func == ide_atapi_cmd);
2679 ide_atapi_dma_restart(s);
2680 } else {
2681 abort();
2682 }
2683 }
2684
2685 static void ide_restart_cb(void *opaque, bool running, RunState state)
2686 {
2687 IDEBus *bus = opaque;
2688
2689 if (!running)
2690 return;
2691
2692 if (!bus->bh) {
2693 bus->bh = qemu_bh_new(ide_restart_bh, bus);
2694 qemu_bh_schedule(bus->bh);
2695 }
2696 }
2697
2698 void ide_register_restart_cb(IDEBus *bus)
2699 {
2700 if (bus->dma->ops->restart_dma) {
2701 bus->vmstate = qemu_add_vm_change_state_handler(ide_restart_cb, bus);
2702 }
2703 }
2704
2705 static IDEDMA ide_dma_nop = {
2706 .ops = &ide_dma_nop_ops,
2707 .aiocb = NULL,
2708 };
2709
2710 void ide_init2(IDEBus *bus, qemu_irq irq)
2711 {
2712 int i;
2713
2714 for(i = 0; i < 2; i++) {
2715 ide_init1(bus, i);
2716 ide_reset(&bus->ifs[i]);
2717 }
2718 bus->irq = irq;
2719 bus->dma = &ide_dma_nop;
2720 }
2721
2722 void ide_exit(IDEState *s)
2723 {
2724 timer_free(s->sector_write_timer);
2725 qemu_vfree(s->smart_selftest_data);
2726 qemu_vfree(s->io_buffer);
2727 }
2728
2729 static bool is_identify_set(void *opaque, int version_id)
2730 {
2731 IDEState *s = opaque;
2732
2733 return s->identify_set != 0;
2734 }
2735
2736 static EndTransferFunc* transfer_end_table[] = {
2737 ide_sector_read,
2738 ide_sector_write,
2739 ide_transfer_stop,
2740 ide_atapi_cmd_reply_end,
2741 ide_atapi_cmd,
2742 ide_dummy_transfer_stop,
2743 };
2744
2745 static int transfer_end_table_idx(EndTransferFunc *fn)
2746 {
2747 int i;
2748
2749 for (i = 0; i < ARRAY_SIZE(transfer_end_table); i++)
2750 if (transfer_end_table[i] == fn)
2751 return i;
2752
2753 return -1;
2754 }
2755
2756 static int ide_drive_post_load(void *opaque, int version_id)
2757 {
2758 IDEState *s = opaque;
2759
2760 if (s->blk && s->identify_set) {
2761 blk_set_enable_write_cache(s->blk, !!(s->identify_data[85] & (1 << 5)));
2762 }
2763 return 0;
2764 }
2765
2766 static int ide_drive_pio_post_load(void *opaque, int version_id)
2767 {
2768 IDEState *s = opaque;
2769
2770 if (s->end_transfer_fn_idx >= ARRAY_SIZE(transfer_end_table)) {
2771 return -EINVAL;
2772 }
2773 s->end_transfer_func = transfer_end_table[s->end_transfer_fn_idx];
2774 s->data_ptr = s->io_buffer + s->cur_io_buffer_offset;
2775 s->data_end = s->data_ptr + s->cur_io_buffer_len;
2776 s->atapi_dma = s->feature & 1; /* as per cmd_packet */
2777
2778 return 0;
2779 }
2780
2781 static int ide_drive_pio_pre_save(void *opaque)
2782 {
2783 IDEState *s = opaque;
2784 int idx;
2785
2786 s->cur_io_buffer_offset = s->data_ptr - s->io_buffer;
2787 s->cur_io_buffer_len = s->data_end - s->data_ptr;
2788
2789 idx = transfer_end_table_idx(s->end_transfer_func);
2790 if (idx == -1) {
2791 fprintf(stderr, "%s: invalid end_transfer_func for DRQ_STAT\n",
2792 __func__);
2793 s->end_transfer_fn_idx = 2;
2794 } else {
2795 s->end_transfer_fn_idx = idx;
2796 }
2797
2798 return 0;
2799 }
2800
2801 static bool ide_drive_pio_state_needed(void *opaque)
2802 {
2803 IDEState *s = opaque;
2804
2805 return ((s->status & DRQ_STAT) != 0)
2806 || (s->bus->error_status & IDE_RETRY_PIO);
2807 }
2808
2809 static bool ide_tray_state_needed(void *opaque)
2810 {
2811 IDEState *s = opaque;
2812
2813 return s->tray_open || s->tray_locked;
2814 }
2815
2816 static bool ide_atapi_gesn_needed(void *opaque)
2817 {
2818 IDEState *s = opaque;
2819
2820 return s->events.new_media || s->events.eject_request;
2821 }
2822
2823 static bool ide_error_needed(void *opaque)
2824 {
2825 IDEBus *bus = opaque;
2826
2827 return (bus->error_status != 0);
2828 }
2829
2830 /* Fields for GET_EVENT_STATUS_NOTIFICATION ATAPI command */
2831 static const VMStateDescription vmstate_ide_atapi_gesn_state = {
2832 .name ="ide_drive/atapi/gesn_state",
2833 .version_id = 1,
2834 .minimum_version_id = 1,
2835 .needed = ide_atapi_gesn_needed,
2836 .fields = (VMStateField[]) {
2837 VMSTATE_BOOL(events.new_media, IDEState),
2838 VMSTATE_BOOL(events.eject_request, IDEState),
2839 VMSTATE_END_OF_LIST()
2840 }
2841 };
2842
2843 static const VMStateDescription vmstate_ide_tray_state = {
2844 .name = "ide_drive/tray_state",
2845 .version_id = 1,
2846 .minimum_version_id = 1,
2847 .needed = ide_tray_state_needed,
2848 .fields = (VMStateField[]) {
2849 VMSTATE_BOOL(tray_open, IDEState),
2850 VMSTATE_BOOL(tray_locked, IDEState),
2851 VMSTATE_END_OF_LIST()
2852 }
2853 };
2854
2855 static const VMStateDescription vmstate_ide_drive_pio_state = {
2856 .name = "ide_drive/pio_state",
2857 .version_id = 1,
2858 .minimum_version_id = 1,
2859 .pre_save = ide_drive_pio_pre_save,
2860 .post_load = ide_drive_pio_post_load,
2861 .needed = ide_drive_pio_state_needed,
2862 .fields = (VMStateField[]) {
2863 VMSTATE_INT32(req_nb_sectors, IDEState),
2864 VMSTATE_VARRAY_INT32(io_buffer, IDEState, io_buffer_total_len, 1,
2865 vmstate_info_uint8, uint8_t),
2866 VMSTATE_INT32(cur_io_buffer_offset, IDEState),
2867 VMSTATE_INT32(cur_io_buffer_len, IDEState),
2868 VMSTATE_UINT8(end_transfer_fn_idx, IDEState),
2869 VMSTATE_INT32(elementary_transfer_size, IDEState),
2870 VMSTATE_INT32(packet_transfer_size, IDEState),
2871 VMSTATE_END_OF_LIST()
2872 }
2873 };
2874
2875 const VMStateDescription vmstate_ide_drive = {
2876 .name = "ide_drive",
2877 .version_id = 3,
2878 .minimum_version_id = 0,
2879 .post_load = ide_drive_post_load,
2880 .fields = (VMStateField[]) {
2881 VMSTATE_INT32(mult_sectors, IDEState),
2882 VMSTATE_INT32(identify_set, IDEState),
2883 VMSTATE_BUFFER_TEST(identify_data, IDEState, is_identify_set),
2884 VMSTATE_UINT8(feature, IDEState),
2885 VMSTATE_UINT8(error, IDEState),
2886 VMSTATE_UINT32(nsector, IDEState),
2887 VMSTATE_UINT8(sector, IDEState),
2888 VMSTATE_UINT8(lcyl, IDEState),
2889 VMSTATE_UINT8(hcyl, IDEState),
2890 VMSTATE_UINT8(hob_feature, IDEState),
2891 VMSTATE_UINT8(hob_sector, IDEState),
2892 VMSTATE_UINT8(hob_nsector, IDEState),
2893 VMSTATE_UINT8(hob_lcyl, IDEState),
2894 VMSTATE_UINT8(hob_hcyl, IDEState),
2895 VMSTATE_UINT8(select, IDEState),
2896 VMSTATE_UINT8(status, IDEState),
2897 VMSTATE_UINT8(lba48, IDEState),
2898 VMSTATE_UINT8(sense_key, IDEState),
2899 VMSTATE_UINT8(asc, IDEState),
2900 VMSTATE_UINT8_V(cdrom_changed, IDEState, 3),
2901 VMSTATE_END_OF_LIST()
2902 },
2903 .subsections = (const VMStateDescription*[]) {
2904 &vmstate_ide_drive_pio_state,
2905 &vmstate_ide_tray_state,
2906 &vmstate_ide_atapi_gesn_state,
2907 NULL
2908 }
2909 };
2910
2911 static const VMStateDescription vmstate_ide_error_status = {
2912 .name ="ide_bus/error",
2913 .version_id = 2,
2914 .minimum_version_id = 1,
2915 .needed = ide_error_needed,
2916 .fields = (VMStateField[]) {
2917 VMSTATE_INT32(error_status, IDEBus),
2918 VMSTATE_INT64_V(retry_sector_num, IDEBus, 2),
2919 VMSTATE_UINT32_V(retry_nsector, IDEBus, 2),
2920 VMSTATE_UINT8_V(retry_unit, IDEBus, 2),
2921 VMSTATE_END_OF_LIST()
2922 }
2923 };
2924
2925 const VMStateDescription vmstate_ide_bus = {
2926 .name = "ide_bus",
2927 .version_id = 1,
2928 .minimum_version_id = 1,
2929 .fields = (VMStateField[]) {
2930 VMSTATE_UINT8(cmd, IDEBus),
2931 VMSTATE_UINT8(unit, IDEBus),
2932 VMSTATE_END_OF_LIST()
2933 },
2934 .subsections = (const VMStateDescription*[]) {
2935 &vmstate_ide_error_status,
2936 NULL
2937 }
2938 };
2939
2940 void ide_drive_get(DriveInfo **hd, int n)
2941 {
2942 int i;
2943
2944 for (i = 0; i < n; i++) {
2945 hd[i] = drive_get_by_index(IF_IDE, i);
2946 }
2947 }
QEmu