search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
linux-user: fadvise64 implementation
[qemu.git] / hw / ide.c
blob637b0821a306f2758df56baa312a645f9b1865df
1 /*
2 * QEMU IDE disk and CD/DVD-ROM Emulator
3 *
4 * Copyright (c) 2003 Fabrice Bellard
5 * Copyright (c) 2006 Openedhand Ltd.
6 *
7 * Permission is hereby granted, free of charge, to any person obtaining a copy
8 * of this software and associated documentation files (the "Software"), to deal
9 * in the Software without restriction, including without limitation the rights
10 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
11 * copies of the Software, and to permit persons to whom the Software is
12 * furnished to do so, subject to the following conditions:
13 *
14 * The above copyright notice and this permission notice shall be included in
15 * all copies or substantial portions of the Software.
16 *
17 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
18 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
19 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
20 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
21 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
22 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
23 * THE SOFTWARE.
24 */
25 #include "hw.h"
26 #include "pc.h"
27 #include "pci.h"
28 #include "scsi-disk.h"
29 #include "pcmcia.h"
30 #include "block.h"
31 #include "block_int.h"
32 #include "qemu-timer.h"
33 #include "sysemu.h"
34 #include "ppc_mac.h"
35 #include "mac_dbdma.h"
36 #include "sh.h"
37 #include "dma.h"
38
39 /* debug IDE devices */
40 //#define DEBUG_IDE
41 //#define DEBUG_IDE_ATAPI
42 //#define DEBUG_AIO
43 #define USE_DMA_CDROM
44
45 /* Bits of HD_STATUS */
46 #define ERR_STAT 0x01
47 #define INDEX_STAT 0x02
48 #define ECC_STAT 0x04 /* Corrected error */
49 #define DRQ_STAT 0x08
50 #define SEEK_STAT 0x10
51 #define SRV_STAT 0x10
52 #define WRERR_STAT 0x20
53 #define READY_STAT 0x40
54 #define BUSY_STAT 0x80
55
56 /* Bits for HD_ERROR */
57 #define MARK_ERR 0x01 /* Bad address mark */
58 #define TRK0_ERR 0x02 /* couldn't find track 0 */
59 #define ABRT_ERR 0x04 /* Command aborted */
60 #define MCR_ERR 0x08 /* media change request */
61 #define ID_ERR 0x10 /* ID field not found */
62 #define MC_ERR 0x20 /* media changed */
63 #define ECC_ERR 0x40 /* Uncorrectable ECC error */
64 #define BBD_ERR 0x80 /* pre-EIDE meaning: block marked bad */
65 #define ICRC_ERR 0x80 /* new meaning: CRC error during transfer */
66
67 /* Bits of HD_NSECTOR */
68 #define CD 0x01
69 #define IO 0x02
70 #define REL 0x04
71 #define TAG_MASK 0xf8
72
73 #define IDE_CMD_RESET 0x04
74 #define IDE_CMD_DISABLE_IRQ 0x02
75
76 /* ATA/ATAPI Commands pre T13 Spec */
77 #define WIN_NOP 0x00
78 /*
79 * 0x01->0x02 Reserved
80 */
81 #define CFA_REQ_EXT_ERROR_CODE 0x03 /* CFA Request Extended Error Code */
82 /*
83 * 0x04->0x07 Reserved
84 */
85 #define WIN_SRST 0x08 /* ATAPI soft reset command */
86 #define WIN_DEVICE_RESET 0x08
87 /*
88 * 0x09->0x0F Reserved
89 */
90 #define WIN_RECAL 0x10
91 #define WIN_RESTORE WIN_RECAL
92 /*
93 * 0x10->0x1F Reserved
94 */
95 #define WIN_READ 0x20 /* 28-Bit */
96 #define WIN_READ_ONCE 0x21 /* 28-Bit without retries */
97 #define WIN_READ_LONG 0x22 /* 28-Bit */
98 #define WIN_READ_LONG_ONCE 0x23 /* 28-Bit without retries */
99 #define WIN_READ_EXT 0x24 /* 48-Bit */
100 #define WIN_READDMA_EXT 0x25 /* 48-Bit */
101 #define WIN_READDMA_QUEUED_EXT 0x26 /* 48-Bit */
102 #define WIN_READ_NATIVE_MAX_EXT 0x27 /* 48-Bit */
103 /*
104 * 0x28
105 */
106 #define WIN_MULTREAD_EXT 0x29 /* 48-Bit */
107 /*
108 * 0x2A->0x2F Reserved
109 */
110 #define WIN_WRITE 0x30 /* 28-Bit */
111 #define WIN_WRITE_ONCE 0x31 /* 28-Bit without retries */
112 #define WIN_WRITE_LONG 0x32 /* 28-Bit */
113 #define WIN_WRITE_LONG_ONCE 0x33 /* 28-Bit without retries */
114 #define WIN_WRITE_EXT 0x34 /* 48-Bit */
115 #define WIN_WRITEDMA_EXT 0x35 /* 48-Bit */
116 #define WIN_WRITEDMA_QUEUED_EXT 0x36 /* 48-Bit */
117 #define WIN_SET_MAX_EXT 0x37 /* 48-Bit */
118 #define CFA_WRITE_SECT_WO_ERASE 0x38 /* CFA Write Sectors without erase */
119 #define WIN_MULTWRITE_EXT 0x39 /* 48-Bit */
120 /*
121 * 0x3A->0x3B Reserved
122 */
123 #define WIN_WRITE_VERIFY 0x3C /* 28-Bit */
124 /*
125 * 0x3D->0x3F Reserved
126 */
127 #define WIN_VERIFY 0x40 /* 28-Bit - Read Verify Sectors */
128 #define WIN_VERIFY_ONCE 0x41 /* 28-Bit - without retries */
129 #define WIN_VERIFY_EXT 0x42 /* 48-Bit */
130 /*
131 * 0x43->0x4F Reserved
132 */
133 #define WIN_FORMAT 0x50
134 /*
135 * 0x51->0x5F Reserved
136 */
137 #define WIN_INIT 0x60
138 /*
139 * 0x61->0x5F Reserved
140 */
141 #define WIN_SEEK 0x70 /* 0x70-0x7F Reserved */
142 #define CFA_TRANSLATE_SECTOR 0x87 /* CFA Translate Sector */
143 #define WIN_DIAGNOSE 0x90
144 #define WIN_SPECIFY 0x91 /* set drive geometry translation */
145 #define WIN_DOWNLOAD_MICROCODE 0x92
146 #define WIN_STANDBYNOW2 0x94
147 #define CFA_IDLEIMMEDIATE 0x95 /* force drive to become "ready" */
148 #define WIN_STANDBY2 0x96
149 #define WIN_SETIDLE2 0x97
150 #define WIN_CHECKPOWERMODE2 0x98
151 #define WIN_SLEEPNOW2 0x99
152 /*
153 * 0x9A VENDOR
154 */
155 #define WIN_PACKETCMD 0xA0 /* Send a packet command. */
156 #define WIN_PIDENTIFY 0xA1 /* identify ATAPI device */
157 #define WIN_QUEUED_SERVICE 0xA2
158 #define WIN_SMART 0xB0 /* self-monitoring and reporting */
159 #define CFA_ACCESS_METADATA_STORAGE 0xB8
160 #define CFA_ERASE_SECTORS 0xC0 /* microdrives implement as NOP */
161 #define WIN_MULTREAD 0xC4 /* read sectors using multiple mode*/
162 #define WIN_MULTWRITE 0xC5 /* write sectors using multiple mode */
163 #define WIN_SETMULT 0xC6 /* enable/disable multiple mode */
164 #define WIN_READDMA_QUEUED 0xC7 /* read sectors using Queued DMA transfers */
165 #define WIN_READDMA 0xC8 /* read sectors using DMA transfers */
166 #define WIN_READDMA_ONCE 0xC9 /* 28-Bit - without retries */
167 #define WIN_WRITEDMA 0xCA /* write sectors using DMA transfers */
168 #define WIN_WRITEDMA_ONCE 0xCB /* 28-Bit - without retries */
169 #define WIN_WRITEDMA_QUEUED 0xCC /* write sectors using Queued DMA transfers */
170 #define CFA_WRITE_MULTI_WO_ERASE 0xCD /* CFA Write multiple without erase */
171 #define WIN_GETMEDIASTATUS 0xDA
172 #define WIN_ACKMEDIACHANGE 0xDB /* ATA-1, ATA-2 vendor */
173 #define WIN_POSTBOOT 0xDC
174 #define WIN_PREBOOT 0xDD
175 #define WIN_DOORLOCK 0xDE /* lock door on removable drives */
176 #define WIN_DOORUNLOCK 0xDF /* unlock door on removable drives */
177 #define WIN_STANDBYNOW1 0xE0
178 #define WIN_IDLEIMMEDIATE 0xE1 /* force drive to become "ready" */
179 #define WIN_STANDBY 0xE2 /* Set device in Standby Mode */
180 #define WIN_SETIDLE1 0xE3
181 #define WIN_READ_BUFFER 0xE4 /* force read only 1 sector */
182 #define WIN_CHECKPOWERMODE1 0xE5
183 #define WIN_SLEEPNOW1 0xE6
184 #define WIN_FLUSH_CACHE 0xE7
185 #define WIN_WRITE_BUFFER 0xE8 /* force write only 1 sector */
186 #define WIN_WRITE_SAME 0xE9 /* read ata-2 to use */
187 /* SET_FEATURES 0x22 or 0xDD */
188 #define WIN_FLUSH_CACHE_EXT 0xEA /* 48-Bit */
189 #define WIN_IDENTIFY 0xEC /* ask drive to identify itself */
190 #define WIN_MEDIAEJECT 0xED
191 #define WIN_IDENTIFY_DMA 0xEE /* same as WIN_IDENTIFY, but DMA */
192 #define WIN_SETFEATURES 0xEF /* set special drive features */
193 #define EXABYTE_ENABLE_NEST 0xF0
194 #define IBM_SENSE_CONDITION 0xF0 /* measure disk temperature */
195 #define WIN_SECURITY_SET_PASS 0xF1
196 #define WIN_SECURITY_UNLOCK 0xF2
197 #define WIN_SECURITY_ERASE_PREPARE 0xF3
198 #define WIN_SECURITY_ERASE_UNIT 0xF4
199 #define WIN_SECURITY_FREEZE_LOCK 0xF5
200 #define CFA_WEAR_LEVEL 0xF5 /* microdrives implement as NOP */
201 #define WIN_SECURITY_DISABLE 0xF6
202 #define WIN_READ_NATIVE_MAX 0xF8 /* return the native maximum address */
203 #define WIN_SET_MAX 0xF9
204 #define DISABLE_SEAGATE 0xFB
205
206 /* set to 1 set disable mult support */
207 #define MAX_MULT_SECTORS 16
208
209 #define IDE_DMA_BUF_SECTORS 256
210
211 #if (IDE_DMA_BUF_SECTORS < MAX_MULT_SECTORS)
212 #error "IDE_DMA_BUF_SECTORS must be bigger or equal to MAX_MULT_SECTORS"
213 #endif
214
215 /* ATAPI defines */
216
217 #define ATAPI_PACKET_SIZE 12
218
219 /* The generic packet command opcodes for CD/DVD Logical Units,
220 * From Table 57 of the SFF8090 Ver. 3 (Mt. Fuji) draft standard. */
221 #define GPCMD_BLANK 0xa1
222 #define GPCMD_CLOSE_TRACK 0x5b
223 #define GPCMD_FLUSH_CACHE 0x35
224 #define GPCMD_FORMAT_UNIT 0x04
225 #define GPCMD_GET_CONFIGURATION 0x46
226 #define GPCMD_GET_EVENT_STATUS_NOTIFICATION 0x4a
227 #define GPCMD_GET_PERFORMANCE 0xac
228 #define GPCMD_INQUIRY 0x12
229 #define GPCMD_LOAD_UNLOAD 0xa6
230 #define GPCMD_MECHANISM_STATUS 0xbd
231 #define GPCMD_MODE_SELECT_10 0x55
232 #define GPCMD_MODE_SENSE_10 0x5a
233 #define GPCMD_PAUSE_RESUME 0x4b
234 #define GPCMD_PLAY_AUDIO_10 0x45
235 #define GPCMD_PLAY_AUDIO_MSF 0x47
236 #define GPCMD_PLAY_AUDIO_TI 0x48
237 #define GPCMD_PLAY_CD 0xbc
238 #define GPCMD_PREVENT_ALLOW_MEDIUM_REMOVAL 0x1e
239 #define GPCMD_READ_10 0x28
240 #define GPCMD_READ_12 0xa8
241 #define GPCMD_READ_CDVD_CAPACITY 0x25
242 #define GPCMD_READ_CD 0xbe
243 #define GPCMD_READ_CD_MSF 0xb9
244 #define GPCMD_READ_DISC_INFO 0x51
245 #define GPCMD_READ_DVD_STRUCTURE 0xad
246 #define GPCMD_READ_FORMAT_CAPACITIES 0x23
247 #define GPCMD_READ_HEADER 0x44
248 #define GPCMD_READ_TRACK_RZONE_INFO 0x52
249 #define GPCMD_READ_SUBCHANNEL 0x42
250 #define GPCMD_READ_TOC_PMA_ATIP 0x43
251 #define GPCMD_REPAIR_RZONE_TRACK 0x58
252 #define GPCMD_REPORT_KEY 0xa4
253 #define GPCMD_REQUEST_SENSE 0x03
254 #define GPCMD_RESERVE_RZONE_TRACK 0x53
255 #define GPCMD_SCAN 0xba
256 #define GPCMD_SEEK 0x2b
257 #define GPCMD_SEND_DVD_STRUCTURE 0xad
258 #define GPCMD_SEND_EVENT 0xa2
259 #define GPCMD_SEND_KEY 0xa3
260 #define GPCMD_SEND_OPC 0x54
261 #define GPCMD_SET_READ_AHEAD 0xa7
262 #define GPCMD_SET_STREAMING 0xb6
263 #define GPCMD_START_STOP_UNIT 0x1b
264 #define GPCMD_STOP_PLAY_SCAN 0x4e
265 #define GPCMD_TEST_UNIT_READY 0x00
266 #define GPCMD_VERIFY_10 0x2f
267 #define GPCMD_WRITE_10 0x2a
268 #define GPCMD_WRITE_AND_VERIFY_10 0x2e
269 /* This is listed as optional in ATAPI 2.6, but is (curiously)
270 * missing from Mt. Fuji, Table 57. It _is_ mentioned in Mt. Fuji
271 * Table 377 as an MMC command for SCSi devices though... Most ATAPI
272 * drives support it. */
273 #define GPCMD_SET_SPEED 0xbb
274 /* This seems to be a SCSI specific CD-ROM opcode
275 * to play data at track/index */
276 #define GPCMD_PLAYAUDIO_TI 0x48
277 /*
278 * From MS Media Status Notification Support Specification. For
279 * older drives only.
280 */
281 #define GPCMD_GET_MEDIA_STATUS 0xda
282 #define GPCMD_MODE_SENSE_6 0x1a
283
284 /* Mode page codes for mode sense/set */
285 #define GPMODE_R_W_ERROR_PAGE 0x01
286 #define GPMODE_WRITE_PARMS_PAGE 0x05
287 #define GPMODE_AUDIO_CTL_PAGE 0x0e
288 #define GPMODE_POWER_PAGE 0x1a
289 #define GPMODE_FAULT_FAIL_PAGE 0x1c
290 #define GPMODE_TO_PROTECT_PAGE 0x1d
291 #define GPMODE_CAPABILITIES_PAGE 0x2a
292 #define GPMODE_ALL_PAGES 0x3f
293 /* Not in Mt. Fuji, but in ATAPI 2.6 -- depricated now in favor
294 * of MODE_SENSE_POWER_PAGE */
295 #define GPMODE_CDROM_PAGE 0x0d
296
297 /*
298 * Based on values from <linux/cdrom.h> but extending CD_MINS
299 * to the maximum common size allowed by the Orange's Book ATIP
300 *
301 * 90 and 99 min CDs are also available but using them as the
302 * upper limit reduces the effectiveness of the heuristic to
303 * detect DVDs burned to less than 25% of their maximum capacity
304 */
305
306 /* Some generally useful CD-ROM information */
307 #define CD_MINS 80 /* max. minutes per CD */
308 #define CD_SECS 60 /* seconds per minute */
309 #define CD_FRAMES 75 /* frames per second */
310 #define CD_FRAMESIZE 2048 /* bytes per frame, "cooked" mode */
311 #define CD_MAX_BYTES (CD_MINS * CD_SECS * CD_FRAMES * CD_FRAMESIZE)
312 #define CD_MAX_SECTORS (CD_MAX_BYTES / 512)
313
314 /*
315 * The MMC values are not IDE specific and might need to be moved
316 * to a common header if they are also needed for the SCSI emulation
317 */
318
319 /* Profile list from MMC-6 revision 1 table 91 */
320 #define MMC_PROFILE_NONE 0x0000
321 #define MMC_PROFILE_CD_ROM 0x0008
322 #define MMC_PROFILE_CD_R 0x0009
323 #define MMC_PROFILE_CD_RW 0x000A
324 #define MMC_PROFILE_DVD_ROM 0x0010
325 #define MMC_PROFILE_DVD_R_SR 0x0011
326 #define MMC_PROFILE_DVD_RAM 0x0012
327 #define MMC_PROFILE_DVD_RW_RO 0x0013
328 #define MMC_PROFILE_DVD_RW_SR 0x0014
329 #define MMC_PROFILE_DVD_R_DL_SR 0x0015
330 #define MMC_PROFILE_DVD_R_DL_JR 0x0016
331 #define MMC_PROFILE_DVD_RW_DL 0x0017
332 #define MMC_PROFILE_DVD_DDR 0x0018
333 #define MMC_PROFILE_DVD_PLUS_RW 0x001A
334 #define MMC_PROFILE_DVD_PLUS_R 0x001B
335 #define MMC_PROFILE_DVD_PLUS_RW_DL 0x002A
336 #define MMC_PROFILE_DVD_PLUS_R_DL 0x002B
337 #define MMC_PROFILE_BD_ROM 0x0040
338 #define MMC_PROFILE_BD_R_SRM 0x0041
339 #define MMC_PROFILE_BD_R_RRM 0x0042
340 #define MMC_PROFILE_BD_RE 0x0043
341 #define MMC_PROFILE_HDDVD_ROM 0x0050
342 #define MMC_PROFILE_HDDVD_R 0x0051
343 #define MMC_PROFILE_HDDVD_RAM 0x0052
344 #define MMC_PROFILE_HDDVD_RW 0x0053
345 #define MMC_PROFILE_HDDVD_R_DL 0x0058
346 #define MMC_PROFILE_HDDVD_RW_DL 0x005A
347 #define MMC_PROFILE_INVALID 0xFFFF
348
349 #define ATAPI_INT_REASON_CD 0x01 /* 0 = data transfer */
350 #define ATAPI_INT_REASON_IO 0x02 /* 1 = transfer to the host */
351 #define ATAPI_INT_REASON_REL 0x04
352 #define ATAPI_INT_REASON_TAG 0xf8
353
354 /* same constants as bochs */
355 #define ASC_ILLEGAL_OPCODE 0x20
356 #define ASC_LOGICAL_BLOCK_OOR 0x21
357 #define ASC_INV_FIELD_IN_CMD_PACKET 0x24
358 #define ASC_MEDIUM_MAY_HAVE_CHANGED 0x28
359 #define ASC_INCOMPATIBLE_FORMAT 0x30
360 #define ASC_MEDIUM_NOT_PRESENT 0x3a
361 #define ASC_SAVING_PARAMETERS_NOT_SUPPORTED 0x39
362 #define ASC_MEDIA_REMOVAL_PREVENTED 0x53
363
364 #define CFA_NO_ERROR 0x00
365 #define CFA_MISC_ERROR 0x09
366 #define CFA_INVALID_COMMAND 0x20
367 #define CFA_INVALID_ADDRESS 0x21
368 #define CFA_ADDRESS_OVERFLOW 0x2f
369
370 #define SENSE_NONE 0
371 #define SENSE_NOT_READY 2
372 #define SENSE_ILLEGAL_REQUEST 5
373 #define SENSE_UNIT_ATTENTION 6
374
375 #define SMART_READ_DATA 0xd0
376 #define SMART_READ_THRESH 0xd1
377 #define SMART_ATTR_AUTOSAVE 0xd2
378 #define SMART_SAVE_ATTR 0xd3
379 #define SMART_EXECUTE_OFFLINE 0xd4
380 #define SMART_READ_LOG 0xd5
381 #define SMART_WRITE_LOG 0xd6
382 #define SMART_ENABLE 0xd8
383 #define SMART_DISABLE 0xd9
384 #define SMART_STATUS 0xda
385
386 static int smart_attributes[][5] = {
387 /* id, flags, val, wrst, thrsh */
388 { 0x01, 0x03, 0x64, 0x64, 0x06}, /* raw read */
389 { 0x03, 0x03, 0x64, 0x64, 0x46}, /* spin up */
390 { 0x04, 0x02, 0x64, 0x64, 0x14}, /* start stop count */
391 { 0x05, 0x03, 0x64, 0x64, 0x36}, /* remapped sectors */
392 { 0x00, 0x00, 0x00, 0x00, 0x00}
393 };
394
395
396
397 struct IDEState;
398
399 typedef void EndTransferFunc(struct IDEState *);
400
401 /* NOTE: IDEState represents in fact one drive */
402 typedef struct IDEState {
403 /* ide config */
404 int is_cdrom;
405 int is_cf;
406 int cylinders, heads, sectors;
407 int64_t nb_sectors;
408 int mult_sectors;
409 int identify_set;
410 uint16_t identify_data[256];
411 qemu_irq irq;
412 PCIDevice *pci_dev;
413 struct BMDMAState *bmdma;
414 int drive_serial;
415 char drive_serial_str[21];
416 /* ide regs */
417 uint8_t feature;
418 uint8_t error;
419 uint32_t nsector;
420 uint8_t sector;
421 uint8_t lcyl;
422 uint8_t hcyl;
423 /* other part of tf for lba48 support */
424 uint8_t hob_feature;
425 uint8_t hob_nsector;
426 uint8_t hob_sector;
427 uint8_t hob_lcyl;
428 uint8_t hob_hcyl;
429
430 uint8_t select;
431 uint8_t status;
432
433 /* 0x3f6 command, only meaningful for drive 0 */
434 uint8_t cmd;
435 /* set for lba48 access */
436 uint8_t lba48;
437 /* depends on bit 4 in select, only meaningful for drive 0 */
438 struct IDEState *cur_drive;
439 BlockDriverState *bs;
440 /* ATAPI specific */
441 uint8_t sense_key;
442 uint8_t asc;
443 uint8_t cdrom_changed;
444 int packet_transfer_size;
445 int elementary_transfer_size;
446 int io_buffer_index;
447 int lba;
448 int cd_sector_size;
449 int atapi_dma; /* true if dma is requested for the packet cmd */
450 /* ATA DMA state */
451 int io_buffer_size;
452 QEMUSGList sg;
453 /* PIO transfer handling */
454 int req_nb_sectors; /* number of sectors per interrupt */
455 EndTransferFunc *end_transfer_func;
456 uint8_t *data_ptr;
457 uint8_t *data_end;
458 uint8_t *io_buffer;
459 QEMUTimer *sector_write_timer; /* only used for win2k install hack */
460 uint32_t irq_count; /* counts IRQs when using win2k install hack */
461 /* CF-ATA extended error */
462 uint8_t ext_error;
463 /* CF-ATA metadata storage */
464 uint32_t mdata_size;
465 uint8_t *mdata_storage;
466 int media_changed;
467 /* for pmac */
468 int is_read;
469 /* SMART */
470 uint8_t smart_enabled;
471 uint8_t smart_autosave;
472 int smart_errors;
473 uint8_t smart_selftest_count;
474 uint8_t *smart_selftest_data;
475
476 } IDEState;
477
478 /* XXX: DVDs that could fit on a CD will be reported as a CD */
479 static inline int media_present(IDEState *s)
480 {
481 return (s->nb_sectors > 0);
482 }
483
484 static inline int media_is_dvd(IDEState *s)
485 {
486 return (media_present(s) && s->nb_sectors > CD_MAX_SECTORS);
487 }
488
489 static inline int media_is_cd(IDEState *s)
490 {
491 return (media_present(s) && s->nb_sectors <= CD_MAX_SECTORS);
492 }
493
494 #define BM_STATUS_DMAING 0x01
495 #define BM_STATUS_ERROR 0x02
496 #define BM_STATUS_INT 0x04
497 #define BM_STATUS_DMA_RETRY 0x08
498 #define BM_STATUS_PIO_RETRY 0x10
499
500 #define BM_CMD_START 0x01
501 #define BM_CMD_READ 0x08
502
503 #define IDE_TYPE_PIIX3 0
504 #define IDE_TYPE_CMD646 1
505 #define IDE_TYPE_PIIX4 2
506
507 /* CMD646 specific */
508 #define MRDMODE 0x71
509 #define MRDMODE_INTR_CH0 0x04
510 #define MRDMODE_INTR_CH1 0x08
511 #define MRDMODE_BLK_CH0 0x10
512 #define MRDMODE_BLK_CH1 0x20
513 #define UDIDETCR0 0x73
514 #define UDIDETCR1 0x7B
515
516 typedef struct BMDMAState {
517 uint8_t cmd;
518 uint8_t status;
519 uint32_t addr;
520
521 struct PCIIDEState *pci_dev;
522 /* current transfer state */
523 uint32_t cur_addr;
524 uint32_t cur_prd_last;
525 uint32_t cur_prd_addr;
526 uint32_t cur_prd_len;
527 IDEState *ide_if;
528 BlockDriverCompletionFunc *dma_cb;
529 BlockDriverAIOCB *aiocb;
530 struct iovec iov;
531 QEMUIOVector qiov;
532 int64_t sector_num;
533 uint32_t nsector;
534 QEMUBH *bh;
535 } BMDMAState;
536
537 typedef struct PCIIDEState {
538 PCIDevice dev;
539 IDEState ide_if[4];
540 BMDMAState bmdma[2];
541 int type; /* see IDE_TYPE_xxx */
542 } PCIIDEState;
543
544 static void ide_dma_start(IDEState *s, BlockDriverCompletionFunc *dma_cb);
545 static void ide_dma_restart(IDEState *s);
546 static void ide_atapi_cmd_read_dma_cb(void *opaque, int ret);
547
548 static void padstr(char *str, const char *src, int len)
549 {
550 int i, v;
551 for(i = 0; i < len; i++) {
552 if (*src)
553 v = *src++;
554 else
555 v = ' ';
556 str[i^1] = v;
557 }
558 }
559
560 static void padstr8(uint8_t *buf, int buf_size, const char *src)
561 {
562 int i;
563 for(i = 0; i < buf_size; i++) {
564 if (*src)
565 buf[i] = *src++;
566 else
567 buf[i] = ' ';
568 }
569 }
570
571 static void put_le16(uint16_t *p, unsigned int v)
572 {
573 *p = cpu_to_le16(v);
574 }
575
576 static void ide_identify(IDEState *s)
577 {
578 uint16_t *p;
579 unsigned int oldsize;
580
581 if (s->identify_set) {
582 memcpy(s->io_buffer, s->identify_data, sizeof(s->identify_data));
583 return;
584 }
585
586 memset(s->io_buffer, 0, 512);
587 p = (uint16_t *)s->io_buffer;
588 put_le16(p + 0, 0x0040);
589 put_le16(p + 1, s->cylinders);
590 put_le16(p + 3, s->heads);
591 put_le16(p + 4, 512 * s->sectors); /* XXX: retired, remove ? */
592 put_le16(p + 5, 512); /* XXX: retired, remove ? */
593 put_le16(p + 6, s->sectors);
594 padstr((char *)(p + 10), s->drive_serial_str, 20); /* serial number */
595 put_le16(p + 20, 3); /* XXX: retired, remove ? */
596 put_le16(p + 21, 512); /* cache size in sectors */
597 put_le16(p + 22, 4); /* ecc bytes */
598 padstr((char *)(p + 23), QEMU_VERSION, 8); /* firmware version */
599 padstr((char *)(p + 27), "QEMU HARDDISK", 40); /* model */
600 #if MAX_MULT_SECTORS > 1
601 put_le16(p + 47, 0x8000 | MAX_MULT_SECTORS);
602 #endif
603 put_le16(p + 48, 1); /* dword I/O */
604 put_le16(p + 49, (1 << 11) | (1 << 9) | (1 << 8)); /* DMA and LBA supported */
605 put_le16(p + 51, 0x200); /* PIO transfer cycle */
606 put_le16(p + 52, 0x200); /* DMA transfer cycle */
607 put_le16(p + 53, 1 | (1 << 1) | (1 << 2)); /* words 54-58,64-70,88 are valid */
608 put_le16(p + 54, s->cylinders);
609 put_le16(p + 55, s->heads);
610 put_le16(p + 56, s->sectors);
611 oldsize = s->cylinders * s->heads * s->sectors;
612 put_le16(p + 57, oldsize);
613 put_le16(p + 58, oldsize >> 16);
614 if (s->mult_sectors)
615 put_le16(p + 59, 0x100 | s->mult_sectors);
616 put_le16(p + 60, s->nb_sectors);
617 put_le16(p + 61, s->nb_sectors >> 16);
618 put_le16(p + 62, 0x07); /* single word dma0-2 supported */
619 put_le16(p + 63, 0x07); /* mdma0-2 supported */
620 put_le16(p + 65, 120);
621 put_le16(p + 66, 120);
622 put_le16(p + 67, 120);
623 put_le16(p + 68, 120);
624 put_le16(p + 80, 0xf0); /* ata3 -> ata6 supported */
625 put_le16(p + 81, 0x16); /* conforms to ata5 */
626 /* 14=NOP supported, 0=SMART supported */
627 put_le16(p + 82, (1 << 14) | 1);
628 /* 13=flush_cache_ext,12=flush_cache,10=lba48 */
629 put_le16(p + 83, (1 << 14) | (1 << 13) | (1 <<12) | (1 << 10));
630 /* 14=set to 1, 1=SMART self test, 0=SMART error logging */
631 put_le16(p + 84, (1 << 14) | 0);
632 /* 14 = NOP supported, 0=SMART feature set enabled */
633 put_le16(p + 85, (1 << 14) | 1);
634 /* 13=flush_cache_ext,12=flush_cache,10=lba48 */
635 put_le16(p + 86, (1 << 14) | (1 << 13) | (1 <<12) | (1 << 10));
636 /* 14=set to 1, 1=smart self test, 0=smart error logging */
637 put_le16(p + 87, (1 << 14) | 0);
638 put_le16(p + 88, 0x3f | (1 << 13)); /* udma5 set and supported */
639 put_le16(p + 93, 1 | (1 << 14) | 0x2000);
640 put_le16(p + 100, s->nb_sectors);
641 put_le16(p + 101, s->nb_sectors >> 16);
642 put_le16(p + 102, s->nb_sectors >> 32);
643 put_le16(p + 103, s->nb_sectors >> 48);
644
645 memcpy(s->identify_data, p, sizeof(s->identify_data));
646 s->identify_set = 1;
647 }
648
649 static void ide_atapi_identify(IDEState *s)
650 {
651 uint16_t *p;
652
653 if (s->identify_set) {
654 memcpy(s->io_buffer, s->identify_data, sizeof(s->identify_data));
655 return;
656 }
657
658 memset(s->io_buffer, 0, 512);
659 p = (uint16_t *)s->io_buffer;
660 /* Removable CDROM, 50us response, 12 byte packets */
661 put_le16(p + 0, (2 << 14) | (5 << 8) | (1 << 7) | (2 << 5) | (0 << 0));
662 padstr((char *)(p + 10), s->drive_serial_str, 20); /* serial number */
663 put_le16(p + 20, 3); /* buffer type */
664 put_le16(p + 21, 512); /* cache size in sectors */
665 put_le16(p + 22, 4); /* ecc bytes */
666 padstr((char *)(p + 23), QEMU_VERSION, 8); /* firmware version */
667 padstr((char *)(p + 27), "QEMU DVD-ROM", 40); /* model */
668 put_le16(p + 48, 1); /* dword I/O (XXX: should not be set on CDROM) */
669 #ifdef USE_DMA_CDROM
670 put_le16(p + 49, 1 << 9 | 1 << 8); /* DMA and LBA supported */
671 put_le16(p + 53, 7); /* words 64-70, 54-58, 88 valid */
672 put_le16(p + 62, 7); /* single word dma0-2 supported */
673 put_le16(p + 63, 7); /* mdma0-2 supported */
674 put_le16(p + 64, 0x3f); /* PIO modes supported */
675 #else
676 put_le16(p + 49, 1 << 9); /* LBA supported, no DMA */
677 put_le16(p + 53, 3); /* words 64-70, 54-58 valid */
678 put_le16(p + 63, 0x103); /* DMA modes XXX: may be incorrect */
679 put_le16(p + 64, 1); /* PIO modes */
680 #endif
681 put_le16(p + 65, 0xb4); /* minimum DMA multiword tx cycle time */
682 put_le16(p + 66, 0xb4); /* recommended DMA multiword tx cycle time */
683 put_le16(p + 67, 0x12c); /* minimum PIO cycle time without flow control */
684 put_le16(p + 68, 0xb4); /* minimum PIO cycle time with IORDY flow control */
685
686 put_le16(p + 71, 30); /* in ns */
687 put_le16(p + 72, 30); /* in ns */
688
689 put_le16(p + 80, 0x1e); /* support up to ATA/ATAPI-4 */
690 #ifdef USE_DMA_CDROM
691 put_le16(p + 88, 0x3f | (1 << 13)); /* udma5 set and supported */
692 #endif
693 memcpy(s->identify_data, p, sizeof(s->identify_data));
694 s->identify_set = 1;
695 }
696
697 static void ide_cfata_identify(IDEState *s)
698 {
699 uint16_t *p;
700 uint32_t cur_sec;
701
702 p = (uint16_t *) s->identify_data;
703 if (s->identify_set)
704 goto fill_buffer;
705
706 memset(p, 0, sizeof(s->identify_data));
707
708 cur_sec = s->cylinders * s->heads * s->sectors;
709
710 put_le16(p + 0, 0x848a); /* CF Storage Card signature */
711 put_le16(p + 1, s->cylinders); /* Default cylinders */
712 put_le16(p + 3, s->heads); /* Default heads */
713 put_le16(p + 6, s->sectors); /* Default sectors per track */
714 put_le16(p + 7, s->nb_sectors >> 16); /* Sectors per card */
715 put_le16(p + 8, s->nb_sectors); /* Sectors per card */
716 padstr((char *)(p + 10), s->drive_serial_str, 20); /* serial number */
717 put_le16(p + 22, 0x0004); /* ECC bytes */
718 padstr((char *) (p + 23), QEMU_VERSION, 8); /* Firmware Revision */
719 padstr((char *) (p + 27), "QEMU MICRODRIVE", 40);/* Model number */
720 #if MAX_MULT_SECTORS > 1
721 put_le16(p + 47, 0x8000 | MAX_MULT_SECTORS);
722 #else
723 put_le16(p + 47, 0x0000);
724 #endif
725 put_le16(p + 49, 0x0f00); /* Capabilities */
726 put_le16(p + 51, 0x0002); /* PIO cycle timing mode */
727 put_le16(p + 52, 0x0001); /* DMA cycle timing mode */
728 put_le16(p + 53, 0x0003); /* Translation params valid */
729 put_le16(p + 54, s->cylinders); /* Current cylinders */
730 put_le16(p + 55, s->heads); /* Current heads */
731 put_le16(p + 56, s->sectors); /* Current sectors */
732 put_le16(p + 57, cur_sec); /* Current capacity */
733 put_le16(p + 58, cur_sec >> 16); /* Current capacity */
734 if (s->mult_sectors) /* Multiple sector setting */
735 put_le16(p + 59, 0x100 | s->mult_sectors);
736 put_le16(p + 60, s->nb_sectors); /* Total LBA sectors */
737 put_le16(p + 61, s->nb_sectors >> 16); /* Total LBA sectors */
738 put_le16(p + 63, 0x0203); /* Multiword DMA capability */
739 put_le16(p + 64, 0x0001); /* Flow Control PIO support */
740 put_le16(p + 65, 0x0096); /* Min. Multiword DMA cycle */
741 put_le16(p + 66, 0x0096); /* Rec. Multiword DMA cycle */
742 put_le16(p + 68, 0x00b4); /* Min. PIO cycle time */
743 put_le16(p + 82, 0x400c); /* Command Set supported */
744 put_le16(p + 83, 0x7068); /* Command Set supported */
745 put_le16(p + 84, 0x4000); /* Features supported */
746 put_le16(p + 85, 0x000c); /* Command Set enabled */
747 put_le16(p + 86, 0x7044); /* Command Set enabled */
748 put_le16(p + 87, 0x4000); /* Features enabled */
749 put_le16(p + 91, 0x4060); /* Current APM level */
750 put_le16(p + 129, 0x0002); /* Current features option */
751 put_le16(p + 130, 0x0005); /* Reassigned sectors */
752 put_le16(p + 131, 0x0001); /* Initial power mode */
753 put_le16(p + 132, 0x0000); /* User signature */
754 put_le16(p + 160, 0x8100); /* Power requirement */
755 put_le16(p + 161, 0x8001); /* CF command set */
756
757 s->identify_set = 1;
758
759 fill_buffer:
760 memcpy(s->io_buffer, p, sizeof(s->identify_data));
761 }
762
763 static void ide_set_signature(IDEState *s)
764 {
765 s->select &= 0xf0; /* clear head */
766 /* put signature */
767 s->nsector = 1;
768 s->sector = 1;
769 if (s->is_cdrom) {
770 s->lcyl = 0x14;
771 s->hcyl = 0xeb;
772 } else if (s->bs) {
773 s->lcyl = 0;
774 s->hcyl = 0;
775 } else {
776 s->lcyl = 0xff;
777 s->hcyl = 0xff;
778 }
779 }
780
781 static inline void ide_abort_command(IDEState *s)
782 {
783 s->status = READY_STAT | ERR_STAT;
784 s->error = ABRT_ERR;
785 }
786
787 static inline void ide_dma_submit_check(IDEState *s,
788 BlockDriverCompletionFunc *dma_cb, BMDMAState *bm)
789 {
790 if (bm->aiocb)
791 return;
792 dma_cb(bm, -1);
793 }
794
795 static inline void ide_set_irq(IDEState *s)
796 {
797 BMDMAState *bm = s->bmdma;
798 if (!(s->cmd & IDE_CMD_DISABLE_IRQ)) {
799 if (bm) {
800 bm->status |= BM_STATUS_INT;
801 }
802 qemu_irq_raise(s->irq);
803 }
804 }
805
806 /* prepare data transfer and tell what to do after */
807 static void ide_transfer_start(IDEState *s, uint8_t *buf, int size,
808 EndTransferFunc *end_transfer_func)
809 {
810 s->end_transfer_func = end_transfer_func;
811 s->data_ptr = buf;
812 s->data_end = buf + size;
813 if (!(s->status & ERR_STAT))
814 s->status |= DRQ_STAT;
815 }
816
817 static void ide_transfer_stop(IDEState *s)
818 {
819 s->end_transfer_func = ide_transfer_stop;
820 s->data_ptr = s->io_buffer;
821 s->data_end = s->io_buffer;
822 s->status &= ~DRQ_STAT;
823 }
824
825 static int64_t ide_get_sector(IDEState *s)
826 {
827 int64_t sector_num;
828 if (s->select & 0x40) {
829 /* lba */
830 if (!s->lba48) {
831 sector_num = ((s->select & 0x0f) << 24) | (s->hcyl << 16) |
832 (s->lcyl << 8) | s->sector;
833 } else {
834 sector_num = ((int64_t)s->hob_hcyl << 40) |
835 ((int64_t) s->hob_lcyl << 32) |
836 ((int64_t) s->hob_sector << 24) |
837 ((int64_t) s->hcyl << 16) |
838 ((int64_t) s->lcyl << 8) | s->sector;
839 }
840 } else {
841 sector_num = ((s->hcyl << 8) | s->lcyl) * s->heads * s->sectors +
842 (s->select & 0x0f) * s->sectors + (s->sector - 1);
843 }
844 return sector_num;
845 }
846
847 static void ide_set_sector(IDEState *s, int64_t sector_num)
848 {
849 unsigned int cyl, r;
850 if (s->select & 0x40) {
851 if (!s->lba48) {
852 s->select = (s->select & 0xf0) | (sector_num >> 24);
853 s->hcyl = (sector_num >> 16);
854 s->lcyl = (sector_num >> 8);
855 s->sector = (sector_num);
856 } else {
857 s->sector = sector_num;
858 s->lcyl = sector_num >> 8;
859 s->hcyl = sector_num >> 16;
860 s->hob_sector = sector_num >> 24;
861 s->hob_lcyl = sector_num >> 32;
862 s->hob_hcyl = sector_num >> 40;
863 }
864 } else {
865 cyl = sector_num / (s->heads * s->sectors);
866 r = sector_num % (s->heads * s->sectors);
867 s->hcyl = cyl >> 8;
868 s->lcyl = cyl;
869 s->select = (s->select & 0xf0) | ((r / s->sectors) & 0x0f);
870 s->sector = (r % s->sectors) + 1;
871 }
872 }
873
874 static void ide_rw_error(IDEState *s) {
875 ide_abort_command(s);
876 ide_set_irq(s);
877 }
878
879 static void ide_sector_read(IDEState *s)
880 {
881 int64_t sector_num;
882 int ret, n;
883
884 s->status = READY_STAT | SEEK_STAT;
885 s->error = 0; /* not needed by IDE spec, but needed by Windows */
886 sector_num = ide_get_sector(s);
887 n = s->nsector;
888 if (n == 0) {
889 /* no more sector to read from disk */
890 ide_transfer_stop(s);
891 } else {
892 #if defined(DEBUG_IDE)
893 printf("read sector=%" PRId64 "\n", sector_num);
894 #endif
895 if (n > s->req_nb_sectors)
896 n = s->req_nb_sectors;
897 ret = bdrv_read(s->bs, sector_num, s->io_buffer, n);
898 if (ret != 0) {
899 ide_rw_error(s);
900 return;
901 }
902 ide_transfer_start(s, s->io_buffer, 512 * n, ide_sector_read);
903 ide_set_irq(s);
904 ide_set_sector(s, sector_num + n);
905 s->nsector -= n;
906 }
907 }
908
909
910 /* return 0 if buffer completed */
911 static int dma_buf_prepare(BMDMAState *bm, int is_write)
912 {
913 IDEState *s = bm->ide_if;
914 struct {
915 uint32_t addr;
916 uint32_t size;
917 } prd;
918 int l, len;
919
920 qemu_sglist_init(&s->sg, s->nsector / (TARGET_PAGE_SIZE/512) + 1);
921 s->io_buffer_size = 0;
922 for(;;) {
923 if (bm->cur_prd_len == 0) {
924 /* end of table (with a fail safe of one page) */
925 if (bm->cur_prd_last ||
926 (bm->cur_addr - bm->addr) >= 4096)
927 return s->io_buffer_size != 0;
928 cpu_physical_memory_read(bm->cur_addr, (uint8_t *)&prd, 8);
929 bm->cur_addr += 8;
930 prd.addr = le32_to_cpu(prd.addr);
931 prd.size = le32_to_cpu(prd.size);
932 len = prd.size & 0xfffe;
933 if (len == 0)
934 len = 0x10000;
935 bm->cur_prd_len = len;
936 bm->cur_prd_addr = prd.addr;
937 bm->cur_prd_last = (prd.size & 0x80000000);
938 }
939 l = bm->cur_prd_len;
940 if (l > 0) {
941 qemu_sglist_add(&s->sg, bm->cur_prd_addr, l);
942 bm->cur_prd_addr += l;
943 bm->cur_prd_len -= l;
944 s->io_buffer_size += l;
945 }
946 }
947 return 1;
948 }
949
950 static void dma_buf_commit(IDEState *s, int is_write)
951 {
952 qemu_sglist_destroy(&s->sg);
953 }
954
955 static void ide_dma_error(IDEState *s)
956 {
957 ide_transfer_stop(s);
958 s->error = ABRT_ERR;
959 s->status = READY_STAT | ERR_STAT;
960 ide_set_irq(s);
961 }
962
963 static int ide_handle_write_error(IDEState *s, int error, int op)
964 {
965 BlockInterfaceErrorAction action = drive_get_onerror(s->bs);
966
967 if (action == BLOCK_ERR_IGNORE)
968 return 0;
969
970 if ((error == ENOSPC && action == BLOCK_ERR_STOP_ENOSPC)
971 || action == BLOCK_ERR_STOP_ANY) {
972 s->bmdma->ide_if = s;
973 s->bmdma->status |= op;
974 vm_stop(0);
975 } else {
976 if (op == BM_STATUS_DMA_RETRY) {
977 dma_buf_commit(s, 0);
978 ide_dma_error(s);
979 } else {
980 ide_rw_error(s);
981 }
982 }
983
984 return 1;
985 }
986
987 /* return 0 if buffer completed */
988 static int dma_buf_rw(BMDMAState *bm, int is_write)
989 {
990 IDEState *s = bm->ide_if;
991 struct {
992 uint32_t addr;
993 uint32_t size;
994 } prd;
995 int l, len;
996
997 for(;;) {
998 l = s->io_buffer_size - s->io_buffer_index;
999 if (l <= 0)
1000 break;
1001 if (bm->cur_prd_len == 0) {
1002 /* end of table (with a fail safe of one page) */
1003 if (bm->cur_prd_last ||
1004 (bm->cur_addr - bm->addr) >= 4096)
1005 return 0;
1006 cpu_physical_memory_read(bm->cur_addr, (uint8_t *)&prd, 8);
1007 bm->cur_addr += 8;
1008 prd.addr = le32_to_cpu(prd.addr);
1009 prd.size = le32_to_cpu(prd.size);
1010 len = prd.size & 0xfffe;
1011 if (len == 0)
1012 len = 0x10000;
1013 bm->cur_prd_len = len;
1014 bm->cur_prd_addr = prd.addr;
1015 bm->cur_prd_last = (prd.size & 0x80000000);
1016 }
1017 if (l > bm->cur_prd_len)
1018 l = bm->cur_prd_len;
1019 if (l > 0) {
1020 if (is_write) {
1021 cpu_physical_memory_write(bm->cur_prd_addr,
1022 s->io_buffer + s->io_buffer_index, l);
1023 } else {
1024 cpu_physical_memory_read(bm->cur_prd_addr,
1025 s->io_buffer + s->io_buffer_index, l);
1026 }
1027 bm->cur_prd_addr += l;
1028 bm->cur_prd_len -= l;
1029 s->io_buffer_index += l;
1030 }
1031 }
1032 return 1;
1033 }
1034
1035 static void ide_read_dma_cb(void *opaque, int ret)
1036 {
1037 BMDMAState *bm = opaque;
1038 IDEState *s = bm->ide_if;
1039 int n;
1040 int64_t sector_num;
1041
1042 if (ret < 0) {
1043 dma_buf_commit(s, 1);
1044 ide_dma_error(s);
1045 return;
1046 }
1047
1048 n = s->io_buffer_size >> 9;
1049 sector_num = ide_get_sector(s);
1050 if (n > 0) {
1051 dma_buf_commit(s, 1);
1052 sector_num += n;
1053 ide_set_sector(s, sector_num);
1054 s->nsector -= n;
1055 }
1056
1057 /* end of transfer ? */
1058 if (s->nsector == 0) {
1059 s->status = READY_STAT | SEEK_STAT;
1060 ide_set_irq(s);
1061 eot:
1062 bm->status &= ~BM_STATUS_DMAING;
1063 bm->status |= BM_STATUS_INT;
1064 bm->dma_cb = NULL;
1065 bm->ide_if = NULL;
1066 bm->aiocb = NULL;
1067 return;
1068 }
1069
1070 /* launch next transfer */
1071 n = s->nsector;
1072 s->io_buffer_index = 0;
1073 s->io_buffer_size = n * 512;
1074 if (dma_buf_prepare(bm, 1) == 0)
1075 goto eot;
1076 #ifdef DEBUG_AIO
1077 printf("aio_read: sector_num=%" PRId64 " n=%d\n", sector_num, n);
1078 #endif
1079 bm->aiocb = dma_bdrv_read(s->bs, &s->sg, sector_num, ide_read_dma_cb, bm);
1080 ide_dma_submit_check(s, ide_read_dma_cb, bm);
1081 }
1082
1083 static void ide_sector_read_dma(IDEState *s)
1084 {
1085 s->status = READY_STAT | SEEK_STAT | DRQ_STAT | BUSY_STAT;
1086 s->io_buffer_index = 0;
1087 s->io_buffer_size = 0;
1088 s->is_read = 1;
1089 ide_dma_start(s, ide_read_dma_cb);
1090 }
1091
1092 static void ide_sector_write_timer_cb(void *opaque)
1093 {
1094 IDEState *s = opaque;
1095 ide_set_irq(s);
1096 }
1097
1098 static void ide_sector_write(IDEState *s)
1099 {
1100 int64_t sector_num;
1101 int ret, n, n1;
1102
1103 s->status = READY_STAT | SEEK_STAT;
1104 sector_num = ide_get_sector(s);
1105 #if defined(DEBUG_IDE)
1106 printf("write sector=%" PRId64 "\n", sector_num);
1107 #endif
1108 n = s->nsector;
1109 if (n > s->req_nb_sectors)
1110 n = s->req_nb_sectors;
1111 ret = bdrv_write(s->bs, sector_num, s->io_buffer, n);
1112
1113 if (ret != 0) {
1114 if (ide_handle_write_error(s, -ret, BM_STATUS_PIO_RETRY))
1115 return;
1116 }
1117
1118 s->nsector -= n;
1119 if (s->nsector == 0) {
1120 /* no more sectors to write */
1121 ide_transfer_stop(s);
1122 } else {
1123 n1 = s->nsector;
1124 if (n1 > s->req_nb_sectors)
1125 n1 = s->req_nb_sectors;
1126 ide_transfer_start(s, s->io_buffer, 512 * n1, ide_sector_write);
1127 }
1128 ide_set_sector(s, sector_num + n);
1129
1130 #ifdef TARGET_I386
1131 if (win2k_install_hack && ((++s->irq_count % 16) == 0)) {
1132 /* It seems there is a bug in the Windows 2000 installer HDD
1133 IDE driver which fills the disk with empty logs when the
1134 IDE write IRQ comes too early. This hack tries to correct
1135 that at the expense of slower write performances. Use this
1136 option _only_ to install Windows 2000. You must disable it
1137 for normal use. */
1138 qemu_mod_timer(s->sector_write_timer,
1139 qemu_get_clock(vm_clock) + (ticks_per_sec / 1000));
1140 } else
1141 #endif
1142 {
1143 ide_set_irq(s);
1144 }
1145 }
1146
1147 static void ide_dma_restart_bh(void *opaque)
1148 {
1149 BMDMAState *bm = opaque;
1150
1151 qemu_bh_delete(bm->bh);
1152 bm->bh = NULL;
1153
1154 if (bm->status & BM_STATUS_DMA_RETRY) {
1155 bm->status &= ~BM_STATUS_DMA_RETRY;
1156 ide_dma_restart(bm->ide_if);
1157 } else if (bm->status & BM_STATUS_PIO_RETRY) {
1158 bm->status &= ~BM_STATUS_PIO_RETRY;
1159 ide_sector_write(bm->ide_if);
1160 }
1161 }
1162
1163 static void ide_dma_restart_cb(void *opaque, int running, int reason)
1164 {
1165 BMDMAState *bm = opaque;
1166
1167 if (!running)
1168 return;
1169
1170 if (!bm->bh) {
1171 bm->bh = qemu_bh_new(ide_dma_restart_bh, bm);
1172 qemu_bh_schedule(bm->bh);
1173 }
1174 }
1175
1176 static void ide_write_dma_cb(void *opaque, int ret)
1177 {
1178 BMDMAState *bm = opaque;
1179 IDEState *s = bm->ide_if;
1180 int n;
1181 int64_t sector_num;
1182
1183 if (ret < 0) {
1184 if (ide_handle_write_error(s, -ret, BM_STATUS_DMA_RETRY))
1185 return;
1186 }
1187
1188 n = s->io_buffer_size >> 9;
1189 sector_num = ide_get_sector(s);
1190 if (n > 0) {
1191 dma_buf_commit(s, 0);
1192 sector_num += n;
1193 ide_set_sector(s, sector_num);
1194 s->nsector -= n;
1195 }
1196
1197 /* end of transfer ? */
1198 if (s->nsector == 0) {
1199 s->status = READY_STAT | SEEK_STAT;
1200 ide_set_irq(s);
1201 eot:
1202 bm->status &= ~BM_STATUS_DMAING;
1203 bm->status |= BM_STATUS_INT;
1204 bm->dma_cb = NULL;
1205 bm->ide_if = NULL;
1206 bm->aiocb = NULL;
1207 return;
1208 }
1209
1210 n = s->nsector;
1211 s->io_buffer_size = n * 512;
1212 /* launch next transfer */
1213 if (dma_buf_prepare(bm, 0) == 0)
1214 goto eot;
1215 #ifdef DEBUG_AIO
1216 printf("aio_write: sector_num=%" PRId64 " n=%d\n", sector_num, n);
1217 #endif
1218 bm->aiocb = dma_bdrv_write(s->bs, &s->sg, sector_num, ide_write_dma_cb, bm);
1219 ide_dma_submit_check(s, ide_write_dma_cb, bm);
1220 }
1221
1222 static void ide_sector_write_dma(IDEState *s)
1223 {
1224 s->status = READY_STAT | SEEK_STAT | DRQ_STAT | BUSY_STAT;
1225 s->io_buffer_index = 0;
1226 s->io_buffer_size = 0;
1227 s->is_read = 0;
1228 ide_dma_start(s, ide_write_dma_cb);
1229 }
1230
1231 static void ide_atapi_cmd_ok(IDEState *s)
1232 {
1233 s->error = 0;
1234 s->status = READY_STAT | SEEK_STAT;
1235 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
1236 ide_set_irq(s);
1237 }
1238
1239 static void ide_atapi_cmd_error(IDEState *s, int sense_key, int asc)
1240 {
1241 #ifdef DEBUG_IDE_ATAPI
1242 printf("atapi_cmd_error: sense=0x%x asc=0x%x\n", sense_key, asc);
1243 #endif
1244 s->error = sense_key << 4;
1245 s->status = READY_STAT | ERR_STAT;
1246 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
1247 s->sense_key = sense_key;
1248 s->asc = asc;
1249 ide_set_irq(s);
1250 }
1251
1252 static void ide_atapi_cmd_check_status(IDEState *s)
1253 {
1254 #ifdef DEBUG_IDE_ATAPI
1255 printf("atapi_cmd_check_status\n");
1256 #endif
1257 s->error = MC_ERR | (SENSE_UNIT_ATTENTION << 4);
1258 s->status = ERR_STAT;
1259 s->nsector = 0;
1260 ide_set_irq(s);
1261 }
1262
1263 static inline void cpu_to_ube16(uint8_t *buf, int val)
1264 {
1265 buf[0] = val >> 8;
1266 buf[1] = val & 0xff;
1267 }
1268
1269 static inline void cpu_to_ube32(uint8_t *buf, unsigned int val)
1270 {
1271 buf[0] = val >> 24;
1272 buf[1] = val >> 16;
1273 buf[2] = val >> 8;
1274 buf[3] = val & 0xff;
1275 }
1276
1277 static inline int ube16_to_cpu(const uint8_t *buf)
1278 {
1279 return (buf[0] << 8) | buf[1];
1280 }
1281
1282 static inline int ube32_to_cpu(const uint8_t *buf)
1283 {
1284 return (buf[0] << 24) | (buf[1] << 16) | (buf[2] << 8) | buf[3];
1285 }
1286
1287 static void lba_to_msf(uint8_t *buf, int lba)
1288 {
1289 lba += 150;
1290 buf[0] = (lba / 75) / 60;
1291 buf[1] = (lba / 75) % 60;
1292 buf[2] = lba % 75;
1293 }
1294
1295 static void cd_data_to_raw(uint8_t *buf, int lba)
1296 {
1297 /* sync bytes */
1298 buf[0] = 0x00;
1299 memset(buf + 1, 0xff, 10);
1300 buf[11] = 0x00;
1301 buf += 12;
1302 /* MSF */
1303 lba_to_msf(buf, lba);
1304 buf[3] = 0x01; /* mode 1 data */
1305 buf += 4;
1306 /* data */
1307 buf += 2048;
1308 /* XXX: ECC not computed */
1309 memset(buf, 0, 288);
1310 }
1311
1312 static int cd_read_sector(BlockDriverState *bs, int lba, uint8_t *buf,
1313 int sector_size)
1314 {
1315 int ret;
1316
1317 switch(sector_size) {
1318 case 2048:
1319 ret = bdrv_read(bs, (int64_t)lba << 2, buf, 4);
1320 break;
1321 case 2352:
1322 ret = bdrv_read(bs, (int64_t)lba << 2, buf + 16, 4);
1323 if (ret < 0)
1324 return ret;
1325 cd_data_to_raw(buf, lba);
1326 break;
1327 default:
1328 ret = -EIO;
1329 break;
1330 }
1331 return ret;
1332 }
1333
1334 static void ide_atapi_io_error(IDEState *s, int ret)
1335 {
1336 /* XXX: handle more errors */
1337 if (ret == -ENOMEDIUM) {
1338 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1339 ASC_MEDIUM_NOT_PRESENT);
1340 } else {
1341 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1342 ASC_LOGICAL_BLOCK_OOR);
1343 }
1344 }
1345
1346 /* The whole ATAPI transfer logic is handled in this function */
1347 static void ide_atapi_cmd_reply_end(IDEState *s)
1348 {
1349 int byte_count_limit, size, ret;
1350 #ifdef DEBUG_IDE_ATAPI
1351 printf("reply: tx_size=%d elem_tx_size=%d index=%d\n",
1352 s->packet_transfer_size,
1353 s->elementary_transfer_size,
1354 s->io_buffer_index);
1355 #endif
1356 if (s->packet_transfer_size <= 0) {
1357 /* end of transfer */
1358 ide_transfer_stop(s);
1359 s->status = READY_STAT | SEEK_STAT;
1360 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
1361 ide_set_irq(s);
1362 #ifdef DEBUG_IDE_ATAPI
1363 printf("status=0x%x\n", s->status);
1364 #endif
1365 } else {
1366 /* see if a new sector must be read */
1367 if (s->lba != -1 && s->io_buffer_index >= s->cd_sector_size) {
1368 ret = cd_read_sector(s->bs, s->lba, s->io_buffer, s->cd_sector_size);
1369 if (ret < 0) {
1370 ide_transfer_stop(s);
1371 ide_atapi_io_error(s, ret);
1372 return;
1373 }
1374 s->lba++;
1375 s->io_buffer_index = 0;
1376 }
1377 if (s->elementary_transfer_size > 0) {
1378 /* there are some data left to transmit in this elementary
1379 transfer */
1380 size = s->cd_sector_size - s->io_buffer_index;
1381 if (size > s->elementary_transfer_size)
1382 size = s->elementary_transfer_size;
1383 ide_transfer_start(s, s->io_buffer + s->io_buffer_index,
1384 size, ide_atapi_cmd_reply_end);
1385 s->packet_transfer_size -= size;
1386 s->elementary_transfer_size -= size;
1387 s->io_buffer_index += size;
1388 } else {
1389 /* a new transfer is needed */
1390 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO;
1391 byte_count_limit = s->lcyl | (s->hcyl << 8);
1392 #ifdef DEBUG_IDE_ATAPI
1393 printf("byte_count_limit=%d\n", byte_count_limit);
1394 #endif
1395 if (byte_count_limit == 0xffff)
1396 byte_count_limit--;
1397 size = s->packet_transfer_size;
1398 if (size > byte_count_limit) {
1399 /* byte count limit must be even if this case */
1400 if (byte_count_limit & 1)
1401 byte_count_limit--;
1402 size = byte_count_limit;
1403 }
1404 s->lcyl = size;
1405 s->hcyl = size >> 8;
1406 s->elementary_transfer_size = size;
1407 /* we cannot transmit more than one sector at a time */
1408 if (s->lba != -1) {
1409 if (size > (s->cd_sector_size - s->io_buffer_index))
1410 size = (s->cd_sector_size - s->io_buffer_index);
1411 }
1412 ide_transfer_start(s, s->io_buffer + s->io_buffer_index,
1413 size, ide_atapi_cmd_reply_end);
1414 s->packet_transfer_size -= size;
1415 s->elementary_transfer_size -= size;
1416 s->io_buffer_index += size;
1417 ide_set_irq(s);
1418 #ifdef DEBUG_IDE_ATAPI
1419 printf("status=0x%x\n", s->status);
1420 #endif
1421 }
1422 }
1423 }
1424
1425 /* send a reply of 'size' bytes in s->io_buffer to an ATAPI command */
1426 static void ide_atapi_cmd_reply(IDEState *s, int size, int max_size)
1427 {
1428 if (size > max_size)
1429 size = max_size;
1430 s->lba = -1; /* no sector read */
1431 s->packet_transfer_size = size;
1432 s->io_buffer_size = size; /* dma: send the reply data as one chunk */
1433 s->elementary_transfer_size = 0;
1434 s->io_buffer_index = 0;
1435
1436 if (s->atapi_dma) {
1437 s->status = READY_STAT | SEEK_STAT | DRQ_STAT;
1438 ide_dma_start(s, ide_atapi_cmd_read_dma_cb);
1439 } else {
1440 s->status = READY_STAT | SEEK_STAT;
1441 ide_atapi_cmd_reply_end(s);
1442 }
1443 }
1444
1445 /* start a CD-CDROM read command */
1446 static void ide_atapi_cmd_read_pio(IDEState *s, int lba, int nb_sectors,
1447 int sector_size)
1448 {
1449 s->lba = lba;
1450 s->packet_transfer_size = nb_sectors * sector_size;
1451 s->elementary_transfer_size = 0;
1452 s->io_buffer_index = sector_size;
1453 s->cd_sector_size = sector_size;
1454
1455 s->status = READY_STAT | SEEK_STAT;
1456 ide_atapi_cmd_reply_end(s);
1457 }
1458
1459 /* ATAPI DMA support */
1460
1461 /* XXX: handle read errors */
1462 static void ide_atapi_cmd_read_dma_cb(void *opaque, int ret)
1463 {
1464 BMDMAState *bm = opaque;
1465 IDEState *s = bm->ide_if;
1466 int data_offset, n;
1467
1468 if (ret < 0) {
1469 ide_atapi_io_error(s, ret);
1470 goto eot;
1471 }
1472
1473 if (s->io_buffer_size > 0) {
1474 /*
1475 * For a cdrom read sector command (s->lba != -1),
1476 * adjust the lba for the next s->io_buffer_size chunk
1477 * and dma the current chunk.
1478 * For a command != read (s->lba == -1), just transfer
1479 * the reply data.
1480 */
1481 if (s->lba != -1) {
1482 if (s->cd_sector_size == 2352) {
1483 n = 1;
1484 cd_data_to_raw(s->io_buffer, s->lba);
1485 } else {
1486 n = s->io_buffer_size >> 11;
1487 }
1488 s->lba += n;
1489 }
1490 s->packet_transfer_size -= s->io_buffer_size;
1491 if (dma_buf_rw(bm, 1) == 0)
1492 goto eot;
1493 }
1494
1495 if (s->packet_transfer_size <= 0) {
1496 s->status = READY_STAT | SEEK_STAT;
1497 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
1498 ide_set_irq(s);
1499 eot:
1500 bm->status &= ~BM_STATUS_DMAING;
1501 bm->status |= BM_STATUS_INT;
1502 bm->dma_cb = NULL;
1503 bm->ide_if = NULL;
1504 bm->aiocb = NULL;
1505 return;
1506 }
1507
1508 s->io_buffer_index = 0;
1509 if (s->cd_sector_size == 2352) {
1510 n = 1;
1511 s->io_buffer_size = s->cd_sector_size;
1512 data_offset = 16;
1513 } else {
1514 n = s->packet_transfer_size >> 11;
1515 if (n > (IDE_DMA_BUF_SECTORS / 4))
1516 n = (IDE_DMA_BUF_SECTORS / 4);
1517 s->io_buffer_size = n * 2048;
1518 data_offset = 0;
1519 }
1520 #ifdef DEBUG_AIO
1521 printf("aio_read_cd: lba=%u n=%d\n", s->lba, n);
1522 #endif
1523 bm->iov.iov_base = (void *)(s->io_buffer + data_offset);
1524 bm->iov.iov_len = n * 4 * 512;
1525 qemu_iovec_init_external(&bm->qiov, &bm->iov, 1);
1526 bm->aiocb = bdrv_aio_readv(s->bs, (int64_t)s->lba << 2, &bm->qiov,
1527 n * 4, ide_atapi_cmd_read_dma_cb, bm);
1528 if (!bm->aiocb) {
1529 /* Note: media not present is the most likely case */
1530 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1531 ASC_MEDIUM_NOT_PRESENT);
1532 goto eot;
1533 }
1534 }
1535
1536 /* start a CD-CDROM read command with DMA */
1537 /* XXX: test if DMA is available */
1538 static void ide_atapi_cmd_read_dma(IDEState *s, int lba, int nb_sectors,
1539 int sector_size)
1540 {
1541 s->lba = lba;
1542 s->packet_transfer_size = nb_sectors * sector_size;
1543 s->io_buffer_index = 0;
1544 s->io_buffer_size = 0;
1545 s->cd_sector_size = sector_size;
1546
1547 /* XXX: check if BUSY_STAT should be set */
1548 s->status = READY_STAT | SEEK_STAT | DRQ_STAT | BUSY_STAT;
1549 ide_dma_start(s, ide_atapi_cmd_read_dma_cb);
1550 }
1551
1552 static void ide_atapi_cmd_read(IDEState *s, int lba, int nb_sectors,
1553 int sector_size)
1554 {
1555 #ifdef DEBUG_IDE_ATAPI
1556 printf("read %s: LBA=%d nb_sectors=%d\n", s->atapi_dma ? "dma" : "pio",
1557 lba, nb_sectors);
1558 #endif
1559 if (s->atapi_dma) {
1560 ide_atapi_cmd_read_dma(s, lba, nb_sectors, sector_size);
1561 } else {
1562 ide_atapi_cmd_read_pio(s, lba, nb_sectors, sector_size);
1563 }
1564 }
1565
1566 static inline uint8_t ide_atapi_set_profile(uint8_t *buf, uint8_t *index,
1567 uint16_t profile)
1568 {
1569 uint8_t *buf_profile = buf + 12; /* start of profiles */
1570
1571 buf_profile += ((*index) * 4); /* start of indexed profile */
1572 cpu_to_ube16 (buf_profile, profile);
1573 buf_profile[2] = ((buf_profile[0] == buf[6]) && (buf_profile[1] == buf[7]));
1574
1575 /* each profile adds 4 bytes to the response */
1576 (*index)++;
1577 buf[11] += 4; /* Additional Length */
1578
1579 return 4;
1580 }
1581
1582 static int ide_dvd_read_structure(IDEState *s, int format,
1583 const uint8_t *packet, uint8_t *buf)
1584 {
1585 switch (format) {
1586 case 0x0: /* Physical format information */
1587 {
1588 int layer = packet[6];
1589 uint64_t total_sectors;
1590
1591 if (layer != 0)
1592 return -ASC_INV_FIELD_IN_CMD_PACKET;
1593
1594 bdrv_get_geometry(s->bs, &total_sectors);
1595 total_sectors >>= 2;
1596 if (total_sectors == 0)
1597 return -ASC_MEDIUM_NOT_PRESENT;
1598
1599 buf[4] = 1; /* DVD-ROM, part version 1 */
1600 buf[5] = 0xf; /* 120mm disc, minimum rate unspecified */
1601 buf[6] = 1; /* one layer, read-only (per MMC-2 spec) */
1602 buf[7] = 0; /* default densities */
1603
1604 /* FIXME: 0x30000 per spec? */
1605 cpu_to_ube32(buf + 8, 0); /* start sector */
1606 cpu_to_ube32(buf + 12, total_sectors - 1); /* end sector */
1607 cpu_to_ube32(buf + 16, total_sectors - 1); /* l0 end sector */
1608
1609 /* Size of buffer, not including 2 byte size field */
1610 cpu_to_be16wu((uint16_t *)buf, 2048 + 2);
1611
1612 /* 2k data + 4 byte header */
1613 return (2048 + 4);
1614 }
1615
1616 case 0x01: /* DVD copyright information */
1617 buf[4] = 0; /* no copyright data */
1618 buf[5] = 0; /* no region restrictions */
1619
1620 /* Size of buffer, not including 2 byte size field */
1621 cpu_to_be16wu((uint16_t *)buf, 4 + 2);
1622
1623 /* 4 byte header + 4 byte data */
1624 return (4 + 4);
1625
1626 case 0x03: /* BCA information - invalid field for no BCA info */
1627 return -ASC_INV_FIELD_IN_CMD_PACKET;
1628
1629 case 0x04: /* DVD disc manufacturing information */
1630 /* Size of buffer, not including 2 byte size field */
1631 cpu_to_be16wu((uint16_t *)buf, 2048 + 2);
1632
1633 /* 2k data + 4 byte header */
1634 return (2048 + 4);
1635
1636 case 0xff:
1637 /*
1638 * This lists all the command capabilities above. Add new ones
1639 * in order and update the length and buffer return values.
1640 */
1641
1642 buf[4] = 0x00; /* Physical format */
1643 buf[5] = 0x40; /* Not writable, is readable */
1644 cpu_to_be16wu((uint16_t *)(buf + 6), 2048 + 4);
1645
1646 buf[8] = 0x01; /* Copyright info */
1647 buf[9] = 0x40; /* Not writable, is readable */
1648 cpu_to_be16wu((uint16_t *)(buf + 10), 4 + 4);
1649
1650 buf[12] = 0x03; /* BCA info */
1651 buf[13] = 0x40; /* Not writable, is readable */
1652 cpu_to_be16wu((uint16_t *)(buf + 14), 188 + 4);
1653
1654 buf[16] = 0x04; /* Manufacturing info */
1655 buf[17] = 0x40; /* Not writable, is readable */
1656 cpu_to_be16wu((uint16_t *)(buf + 18), 2048 + 4);
1657
1658 /* Size of buffer, not including 2 byte size field */
1659 cpu_to_be16wu((uint16_t *)buf, 16 + 2);
1660
1661 /* data written + 4 byte header */
1662 return (16 + 4);
1663
1664 default: /* TODO: formats beyond DVD-ROM requires */
1665 return -ASC_INV_FIELD_IN_CMD_PACKET;
1666 }
1667 }
1668
1669 static void ide_atapi_cmd(IDEState *s)
1670 {
1671 const uint8_t *packet;
1672 uint8_t *buf;
1673 int max_len;
1674
1675 packet = s->io_buffer;
1676 buf = s->io_buffer;
1677 #ifdef DEBUG_IDE_ATAPI
1678 {
1679 int i;
1680 printf("ATAPI limit=0x%x packet:", s->lcyl | (s->hcyl << 8));
1681 for(i = 0; i < ATAPI_PACKET_SIZE; i++) {
1682 printf(" %02x", packet[i]);
1683 }
1684 printf("\n");
1685 }
1686 #endif
1687 /* If there's a UNIT_ATTENTION condition pending, only
1688 REQUEST_SENSE and INQUIRY commands are allowed to complete. */
1689 if (s->sense_key == SENSE_UNIT_ATTENTION &&
1690 s->io_buffer[0] != GPCMD_REQUEST_SENSE &&
1691 s->io_buffer[0] != GPCMD_INQUIRY) {
1692 ide_atapi_cmd_check_status(s);
1693 return;
1694 }
1695 switch(s->io_buffer[0]) {
1696 case GPCMD_TEST_UNIT_READY:
1697 if (bdrv_is_inserted(s->bs) && !s->cdrom_changed) {
1698 ide_atapi_cmd_ok(s);
1699 } else {
1700 s->cdrom_changed = 0;
1701 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1702 ASC_MEDIUM_NOT_PRESENT);
1703 }
1704 break;
1705 case GPCMD_MODE_SENSE_6:
1706 case GPCMD_MODE_SENSE_10:
1707 {
1708 int action, code;
1709 if (packet[0] == GPCMD_MODE_SENSE_10)
1710 max_len = ube16_to_cpu(packet + 7);
1711 else
1712 max_len = packet[4];
1713 action = packet[2] >> 6;
1714 code = packet[2] & 0x3f;
1715 switch(action) {
1716 case 0: /* current values */
1717 switch(code) {
1718 case 0x01: /* error recovery */
1719 cpu_to_ube16(&buf[0], 16 + 6);
1720 buf[2] = 0x70;
1721 buf[3] = 0;
1722 buf[4] = 0;
1723 buf[5] = 0;
1724 buf[6] = 0;
1725 buf[7] = 0;
1726
1727 buf[8] = 0x01;
1728 buf[9] = 0x06;
1729 buf[10] = 0x00;
1730 buf[11] = 0x05;
1731 buf[12] = 0x00;
1732 buf[13] = 0x00;
1733 buf[14] = 0x00;
1734 buf[15] = 0x00;
1735 ide_atapi_cmd_reply(s, 16, max_len);
1736 break;
1737 case 0x2a:
1738 cpu_to_ube16(&buf[0], 28 + 6);
1739 buf[2] = 0x70;
1740 buf[3] = 0;
1741 buf[4] = 0;
1742 buf[5] = 0;
1743 buf[6] = 0;
1744 buf[7] = 0;
1745
1746 buf[8] = 0x2a;
1747 buf[9] = 0x12;
1748 buf[10] = 0x00;
1749 buf[11] = 0x00;
1750
1751 /* Claim PLAY_AUDIO capability (0x01) since some Linux
1752 code checks for this to automount media. */
1753 buf[12] = 0x71;
1754 buf[13] = 3 << 5;
1755 buf[14] = (1 << 0) | (1 << 3) | (1 << 5);
1756 if (bdrv_is_locked(s->bs))
1757 buf[6] |= 1 << 1;
1758 buf[15] = 0x00;
1759 cpu_to_ube16(&buf[16], 706);
1760 buf[18] = 0;
1761 buf[19] = 2;
1762 cpu_to_ube16(&buf[20], 512);
1763 cpu_to_ube16(&buf[22], 706);
1764 buf[24] = 0;
1765 buf[25] = 0;
1766 buf[26] = 0;
1767 buf[27] = 0;
1768 ide_atapi_cmd_reply(s, 28, max_len);
1769 break;
1770 default:
1771 goto error_cmd;
1772 }
1773 break;
1774 case 1: /* changeable values */
1775 goto error_cmd;
1776 case 2: /* default values */
1777 goto error_cmd;
1778 default:
1779 case 3: /* saved values */
1780 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1781 ASC_SAVING_PARAMETERS_NOT_SUPPORTED);
1782 break;
1783 }
1784 }
1785 break;
1786 case GPCMD_REQUEST_SENSE:
1787 max_len = packet[4];
1788 memset(buf, 0, 18);
1789 buf[0] = 0x70 | (1 << 7);
1790 buf[2] = s->sense_key;
1791 buf[7] = 10;
1792 buf[12] = s->asc;
1793 if (s->sense_key == SENSE_UNIT_ATTENTION)
1794 s->sense_key = SENSE_NONE;
1795 ide_atapi_cmd_reply(s, 18, max_len);
1796 break;
1797 case GPCMD_PREVENT_ALLOW_MEDIUM_REMOVAL:
1798 if (bdrv_is_inserted(s->bs)) {
1799 bdrv_set_locked(s->bs, packet[4] & 1);
1800 ide_atapi_cmd_ok(s);
1801 } else {
1802 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1803 ASC_MEDIUM_NOT_PRESENT);
1804 }
1805 break;
1806 case GPCMD_READ_10:
1807 case GPCMD_READ_12:
1808 {
1809 int nb_sectors, lba;
1810
1811 if (packet[0] == GPCMD_READ_10)
1812 nb_sectors = ube16_to_cpu(packet + 7);
1813 else
1814 nb_sectors = ube32_to_cpu(packet + 6);
1815 lba = ube32_to_cpu(packet + 2);
1816 if (nb_sectors == 0) {
1817 ide_atapi_cmd_ok(s);
1818 break;
1819 }
1820 ide_atapi_cmd_read(s, lba, nb_sectors, 2048);
1821 }
1822 break;
1823 case GPCMD_READ_CD:
1824 {
1825 int nb_sectors, lba, transfer_request;
1826
1827 nb_sectors = (packet[6] << 16) | (packet[7] << 8) | packet[8];
1828 lba = ube32_to_cpu(packet + 2);
1829 if (nb_sectors == 0) {
1830 ide_atapi_cmd_ok(s);
1831 break;
1832 }
1833 transfer_request = packet[9];
1834 switch(transfer_request & 0xf8) {
1835 case 0x00:
1836 /* nothing */
1837 ide_atapi_cmd_ok(s);
1838 break;
1839 case 0x10:
1840 /* normal read */
1841 ide_atapi_cmd_read(s, lba, nb_sectors, 2048);
1842 break;
1843 case 0xf8:
1844 /* read all data */
1845 ide_atapi_cmd_read(s, lba, nb_sectors, 2352);
1846 break;
1847 default:
1848 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1849 ASC_INV_FIELD_IN_CMD_PACKET);
1850 break;
1851 }
1852 }
1853 break;
1854 case GPCMD_SEEK:
1855 {
1856 unsigned int lba;
1857 uint64_t total_sectors;
1858
1859 bdrv_get_geometry(s->bs, &total_sectors);
1860 total_sectors >>= 2;
1861 if (total_sectors == 0) {
1862 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1863 ASC_MEDIUM_NOT_PRESENT);
1864 break;
1865 }
1866 lba = ube32_to_cpu(packet + 2);
1867 if (lba >= total_sectors) {
1868 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1869 ASC_LOGICAL_BLOCK_OOR);
1870 break;
1871 }
1872 ide_atapi_cmd_ok(s);
1873 }
1874 break;
1875 case GPCMD_START_STOP_UNIT:
1876 {
1877 int start, eject, err = 0;
1878 start = packet[4] & 1;
1879 eject = (packet[4] >> 1) & 1;
1880
1881 if (eject) {
1882 err = bdrv_eject(s->bs, !start);
1883 }
1884
1885 switch (err) {
1886 case 0:
1887 ide_atapi_cmd_ok(s);
1888 break;
1889 case -EBUSY:
1890 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1891 ASC_MEDIA_REMOVAL_PREVENTED);
1892 break;
1893 default:
1894 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1895 ASC_MEDIUM_NOT_PRESENT);
1896 break;
1897 }
1898 }
1899 break;
1900 case GPCMD_MECHANISM_STATUS:
1901 {
1902 max_len = ube16_to_cpu(packet + 8);
1903 cpu_to_ube16(buf, 0);
1904 /* no current LBA */
1905 buf[2] = 0;
1906 buf[3] = 0;
1907 buf[4] = 0;
1908 buf[5] = 1;
1909 cpu_to_ube16(buf + 6, 0);
1910 ide_atapi_cmd_reply(s, 8, max_len);
1911 }
1912 break;
1913 case GPCMD_READ_TOC_PMA_ATIP:
1914 {
1915 int format, msf, start_track, len;
1916 uint64_t total_sectors;
1917
1918 bdrv_get_geometry(s->bs, &total_sectors);
1919 total_sectors >>= 2;
1920 if (total_sectors == 0) {
1921 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1922 ASC_MEDIUM_NOT_PRESENT);
1923 break;
1924 }
1925 max_len = ube16_to_cpu(packet + 7);
1926 format = packet[9] >> 6;
1927 msf = (packet[1] >> 1) & 1;
1928 start_track = packet[6];
1929 switch(format) {
1930 case 0:
1931 len = cdrom_read_toc(total_sectors, buf, msf, start_track);
1932 if (len < 0)
1933 goto error_cmd;
1934 ide_atapi_cmd_reply(s, len, max_len);
1935 break;
1936 case 1:
1937 /* multi session : only a single session defined */
1938 memset(buf, 0, 12);
1939 buf[1] = 0x0a;
1940 buf[2] = 0x01;
1941 buf[3] = 0x01;
1942 ide_atapi_cmd_reply(s, 12, max_len);
1943 break;
1944 case 2:
1945 len = cdrom_read_toc_raw(total_sectors, buf, msf, start_track);
1946 if (len < 0)
1947 goto error_cmd;
1948 ide_atapi_cmd_reply(s, len, max_len);
1949 break;
1950 default:
1951 error_cmd:
1952 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1953 ASC_INV_FIELD_IN_CMD_PACKET);
1954 break;
1955 }
1956 }
1957 break;
1958 case GPCMD_READ_CDVD_CAPACITY:
1959 {
1960 uint64_t total_sectors;
1961
1962 bdrv_get_geometry(s->bs, &total_sectors);
1963 total_sectors >>= 2;
1964 if (total_sectors == 0) {
1965 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1966 ASC_MEDIUM_NOT_PRESENT);
1967 break;
1968 }
1969 /* NOTE: it is really the number of sectors minus 1 */
1970 cpu_to_ube32(buf, total_sectors - 1);
1971 cpu_to_ube32(buf + 4, 2048);
1972 ide_atapi_cmd_reply(s, 8, 8);
1973 }
1974 break;
1975 case GPCMD_READ_DVD_STRUCTURE:
1976 {
1977 int media = packet[1];
1978 int format = packet[7];
1979 int ret;
1980
1981 max_len = ube16_to_cpu(packet + 8);
1982
1983 if (format < 0xff) {
1984 if (media_is_cd(s)) {
1985 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1986 ASC_INCOMPATIBLE_FORMAT);
1987 break;
1988 } else if (!media_present(s)) {
1989 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1990 ASC_INV_FIELD_IN_CMD_PACKET);
1991 break;
1992 }
1993 }
1994
1995 memset(buf, 0, max_len > IDE_DMA_BUF_SECTORS * 512 + 4 ?
1996 IDE_DMA_BUF_SECTORS * 512 + 4 : max_len);
1997
1998 switch (format) {
1999 case 0x00 ... 0x7f:
2000 case 0xff:
2001 if (media == 0) {
2002 ret = ide_dvd_read_structure(s, format, packet, buf);
2003
2004 if (ret < 0)
2005 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST, -ret);
2006 else
2007 ide_atapi_cmd_reply(s, ret, max_len);
2008
2009 break;
2010 }
2011 /* TODO: BD support, fall through for now */
2012
2013 /* Generic disk structures */
2014 case 0x80: /* TODO: AACS volume identifier */
2015 case 0x81: /* TODO: AACS media serial number */
2016 case 0x82: /* TODO: AACS media identifier */
2017 case 0x83: /* TODO: AACS media key block */
2018 case 0x90: /* TODO: List of recognized format layers */
2019 case 0xc0: /* TODO: Write protection status */
2020 default:
2021 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
2022 ASC_INV_FIELD_IN_CMD_PACKET);
2023 break;
2024 }
2025 }
2026 break;
2027 case GPCMD_SET_SPEED:
2028 ide_atapi_cmd_ok(s);
2029 break;
2030 case GPCMD_INQUIRY:
2031 max_len = packet[4];
2032 buf[0] = 0x05; /* CD-ROM */
2033 buf[1] = 0x80; /* removable */
2034 buf[2] = 0x00; /* ISO */
2035 buf[3] = 0x21; /* ATAPI-2 (XXX: put ATAPI-4 ?) */
2036 buf[4] = 31; /* additional length */
2037 buf[5] = 0; /* reserved */
2038 buf[6] = 0; /* reserved */
2039 buf[7] = 0; /* reserved */
2040 padstr8(buf + 8, 8, "QEMU");
2041 padstr8(buf + 16, 16, "QEMU DVD-ROM");
2042 padstr8(buf + 32, 4, QEMU_VERSION);
2043 ide_atapi_cmd_reply(s, 36, max_len);
2044 break;
2045 case GPCMD_GET_CONFIGURATION:
2046 {
2047 uint32_t len;
2048 uint8_t index = 0;
2049
2050 /* only feature 0 is supported */
2051 if (packet[2] != 0 || packet[3] != 0) {
2052 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
2053 ASC_INV_FIELD_IN_CMD_PACKET);
2054 break;
2055 }
2056
2057 /* XXX: could result in alignment problems in some architectures */
2058 max_len = ube16_to_cpu(packet + 7);
2059
2060 /*
2061 * XXX: avoid overflow for io_buffer if max_len is bigger than
2062 * the size of that buffer (dimensioned to max number of
2063 * sectors to transfer at once)
2064 *
2065 * Only a problem if the feature/profiles grow.
2066 */
2067 if (max_len > 512) /* XXX: assume 1 sector */
2068 max_len = 512;
2069
2070 memset(buf, 0, max_len);
2071 /*
2072 * the number of sectors from the media tells us which profile
2073 * to use as current. 0 means there is no media
2074 */
2075 if (media_is_dvd(s))
2076 cpu_to_ube16(buf + 6, MMC_PROFILE_DVD_ROM);
2077 else if (media_is_cd(s))
2078 cpu_to_ube16(buf + 6, MMC_PROFILE_CD_ROM);
2079
2080 buf[10] = 0x02 | 0x01; /* persistent and current */
2081 len = 12; /* headers: 8 + 4 */
2082 len += ide_atapi_set_profile(buf, &index, MMC_PROFILE_DVD_ROM);
2083 len += ide_atapi_set_profile(buf, &index, MMC_PROFILE_CD_ROM);
2084 cpu_to_ube32(buf, len - 4); /* data length */
2085
2086 ide_atapi_cmd_reply(s, len, max_len);
2087 break;
2088 }
2089 default:
2090 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
2091 ASC_ILLEGAL_OPCODE);
2092 break;
2093 }
2094 }
2095
2096 static void ide_cfata_metadata_inquiry(IDEState *s)
2097 {
2098 uint16_t *p;
2099 uint32_t spd;
2100
2101 p = (uint16_t *) s->io_buffer;
2102 memset(p, 0, 0x200);
2103 spd = ((s->mdata_size - 1) >> 9) + 1;
2104
2105 put_le16(p + 0, 0x0001); /* Data format revision */
2106 put_le16(p + 1, 0x0000); /* Media property: silicon */
2107 put_le16(p + 2, s->media_changed); /* Media status */
2108 put_le16(p + 3, s->mdata_size & 0xffff); /* Capacity in bytes (low) */
2109 put_le16(p + 4, s->mdata_size >> 16); /* Capacity in bytes (high) */
2110 put_le16(p + 5, spd & 0xffff); /* Sectors per device (low) */
2111 put_le16(p + 6, spd >> 16); /* Sectors per device (high) */
2112 }
2113
2114 static void ide_cfata_metadata_read(IDEState *s)
2115 {
2116 uint16_t *p;
2117
2118 if (((s->hcyl << 16) | s->lcyl) << 9 > s->mdata_size + 2) {
2119 s->status = ERR_STAT;
2120 s->error = ABRT_ERR;
2121 return;
2122 }
2123
2124 p = (uint16_t *) s->io_buffer;
2125 memset(p, 0, 0x200);
2126
2127 put_le16(p + 0, s->media_changed); /* Media status */
2128 memcpy(p + 1, s->mdata_storage + (((s->hcyl << 16) | s->lcyl) << 9),
2129 MIN(MIN(s->mdata_size - (((s->hcyl << 16) | s->lcyl) << 9),
2130 s->nsector << 9), 0x200 - 2));
2131 }
2132
2133 static void ide_cfata_metadata_write(IDEState *s)
2134 {
2135 if (((s->hcyl << 16) | s->lcyl) << 9 > s->mdata_size + 2) {
2136 s->status = ERR_STAT;
2137 s->error = ABRT_ERR;
2138 return;
2139 }
2140
2141 s->media_changed = 0;
2142
2143 memcpy(s->mdata_storage + (((s->hcyl << 16) | s->lcyl) << 9),
2144 s->io_buffer + 2,
2145 MIN(MIN(s->mdata_size - (((s->hcyl << 16) | s->lcyl) << 9),
2146 s->nsector << 9), 0x200 - 2));
2147 }
2148
2149 /* called when the inserted state of the media has changed */
2150 static void cdrom_change_cb(void *opaque)
2151 {
2152 IDEState *s = opaque;
2153 uint64_t nb_sectors;
2154
2155 bdrv_get_geometry(s->bs, &nb_sectors);
2156 s->nb_sectors = nb_sectors;
2157
2158 s->sense_key = SENSE_UNIT_ATTENTION;
2159 s->asc = ASC_MEDIUM_MAY_HAVE_CHANGED;
2160 s->cdrom_changed = 1;
2161 ide_set_irq(s);
2162 }
2163
2164 static void ide_cmd_lba48_transform(IDEState *s, int lba48)
2165 {
2166 s->lba48 = lba48;
2167
2168 /* handle the 'magic' 0 nsector count conversion here. to avoid
2169 * fiddling with the rest of the read logic, we just store the
2170 * full sector count in ->nsector and ignore ->hob_nsector from now
2171 */
2172 if (!s->lba48) {
2173 if (!s->nsector)
2174 s->nsector = 256;
2175 } else {
2176 if (!s->nsector && !s->hob_nsector)
2177 s->nsector = 65536;
2178 else {
2179 int lo = s->nsector;
2180 int hi = s->hob_nsector;
2181
2182 s->nsector = (hi << 8) | lo;
2183 }
2184 }
2185 }
2186
2187 static void ide_clear_hob(IDEState *ide_if)
2188 {
2189 /* any write clears HOB high bit of device control register */
2190 ide_if[0].select &= ~(1 << 7);
2191 ide_if[1].select &= ~(1 << 7);
2192 }
2193
2194 static void ide_ioport_write(void *opaque, uint32_t addr, uint32_t val)
2195 {
2196 IDEState *ide_if = opaque;
2197 IDEState *s;
2198 int unit, n;
2199 int lba48 = 0;
2200
2201 #ifdef DEBUG_IDE
2202 printf("IDE: write addr=0x%x val=0x%02x\n", addr, val);
2203 #endif
2204
2205 addr &= 7;
2206
2207 /* ignore writes to command block while busy with previous command */
2208 if (addr != 7 && (ide_if->cur_drive->status & (BUSY_STAT|DRQ_STAT)))
2209 return;
2210
2211 switch(addr) {
2212 case 0:
2213 break;
2214 case 1:
2215 ide_clear_hob(ide_if);
2216 /* NOTE: data is written to the two drives */
2217 ide_if[0].hob_feature = ide_if[0].feature;
2218 ide_if[1].hob_feature = ide_if[1].feature;
2219 ide_if[0].feature = val;
2220 ide_if[1].feature = val;
2221 break;
2222 case 2:
2223 ide_clear_hob(ide_if);
2224 ide_if[0].hob_nsector = ide_if[0].nsector;
2225 ide_if[1].hob_nsector = ide_if[1].nsector;
2226 ide_if[0].nsector = val;
2227 ide_if[1].nsector = val;
2228 break;
2229 case 3:
2230 ide_clear_hob(ide_if);
2231 ide_if[0].hob_sector = ide_if[0].sector;
2232 ide_if[1].hob_sector = ide_if[1].sector;
2233 ide_if[0].sector = val;
2234 ide_if[1].sector = val;
2235 break;
2236 case 4:
2237 ide_clear_hob(ide_if);
2238 ide_if[0].hob_lcyl = ide_if[0].lcyl;
2239 ide_if[1].hob_lcyl = ide_if[1].lcyl;
2240 ide_if[0].lcyl = val;
2241 ide_if[1].lcyl = val;
2242 break;
2243 case 5:
2244 ide_clear_hob(ide_if);
2245 ide_if[0].hob_hcyl = ide_if[0].hcyl;
2246 ide_if[1].hob_hcyl = ide_if[1].hcyl;
2247 ide_if[0].hcyl = val;
2248 ide_if[1].hcyl = val;
2249 break;
2250 case 6:
2251 /* FIXME: HOB readback uses bit 7 */
2252 ide_if[0].select = (val & ~0x10) | 0xa0;
2253 ide_if[1].select = (val | 0x10) | 0xa0;
2254 /* select drive */
2255 unit = (val >> 4) & 1;
2256 s = ide_if + unit;
2257 ide_if->cur_drive = s;
2258 break;
2259 default:
2260 case 7:
2261 /* command */
2262 #if defined(DEBUG_IDE)
2263 printf("ide: CMD=%02x\n", val);
2264 #endif
2265 s = ide_if->cur_drive;
2266 /* ignore commands to non existant slave */
2267 if (s != ide_if && !s->bs)
2268 break;
2269
2270 /* Only DEVICE RESET is allowed while BSY or/and DRQ are set */
2271 if ((s->status & (BUSY_STAT|DRQ_STAT)) && val != WIN_DEVICE_RESET)
2272 break;
2273
2274 switch(val) {
2275 case WIN_IDENTIFY:
2276 if (s->bs && !s->is_cdrom) {
2277 if (!s->is_cf)
2278 ide_identify(s);
2279 else
2280 ide_cfata_identify(s);
2281 s->status = READY_STAT | SEEK_STAT;
2282 ide_transfer_start(s, s->io_buffer, 512, ide_transfer_stop);
2283 } else {
2284 if (s->is_cdrom) {
2285 ide_set_signature(s);
2286 }
2287 ide_abort_command(s);
2288 }
2289 ide_set_irq(s);
2290 break;
2291 case WIN_SPECIFY:
2292 case WIN_RECAL:
2293 s->error = 0;
2294 s->status = READY_STAT | SEEK_STAT;
2295 ide_set_irq(s);
2296 break;
2297 case WIN_SETMULT:
2298 if (s->is_cf && s->nsector == 0) {
2299 /* Disable Read and Write Multiple */
2300 s->mult_sectors = 0;
2301 s->status = READY_STAT | SEEK_STAT;
2302 } else if ((s->nsector & 0xff) != 0 &&
2303 ((s->nsector & 0xff) > MAX_MULT_SECTORS ||
2304 (s->nsector & (s->nsector - 1)) != 0)) {
2305 ide_abort_command(s);
2306 } else {
2307 s->mult_sectors = s->nsector & 0xff;
2308 s->status = READY_STAT | SEEK_STAT;
2309 }
2310 ide_set_irq(s);
2311 break;
2312 case WIN_VERIFY_EXT:
2313 lba48 = 1;
2314 case WIN_VERIFY:
2315 case WIN_VERIFY_ONCE:
2316 /* do sector number check ? */
2317 ide_cmd_lba48_transform(s, lba48);
2318 s->status = READY_STAT | SEEK_STAT;
2319 ide_set_irq(s);
2320 break;
2321 case WIN_READ_EXT:
2322 lba48 = 1;
2323 case WIN_READ:
2324 case WIN_READ_ONCE:
2325 if (!s->bs)
2326 goto abort_cmd;
2327 ide_cmd_lba48_transform(s, lba48);
2328 s->req_nb_sectors = 1;
2329 ide_sector_read(s);
2330 break;
2331 case WIN_WRITE_EXT:
2332 lba48 = 1;
2333 case WIN_WRITE:
2334 case WIN_WRITE_ONCE:
2335 case CFA_WRITE_SECT_WO_ERASE:
2336 case WIN_WRITE_VERIFY:
2337 ide_cmd_lba48_transform(s, lba48);
2338 s->error = 0;
2339 s->status = SEEK_STAT | READY_STAT;
2340 s->req_nb_sectors = 1;
2341 ide_transfer_start(s, s->io_buffer, 512, ide_sector_write);
2342 s->media_changed = 1;
2343 break;
2344 case WIN_MULTREAD_EXT:
2345 lba48 = 1;
2346 case WIN_MULTREAD:
2347 if (!s->mult_sectors)
2348 goto abort_cmd;
2349 ide_cmd_lba48_transform(s, lba48);
2350 s->req_nb_sectors = s->mult_sectors;
2351 ide_sector_read(s);
2352 break;
2353 case WIN_MULTWRITE_EXT:
2354 lba48 = 1;
2355 case WIN_MULTWRITE:
2356 case CFA_WRITE_MULTI_WO_ERASE:
2357 if (!s->mult_sectors)
2358 goto abort_cmd;
2359 ide_cmd_lba48_transform(s, lba48);
2360 s->error = 0;
2361 s->status = SEEK_STAT | READY_STAT;
2362 s->req_nb_sectors = s->mult_sectors;
2363 n = s->nsector;
2364 if (n > s->req_nb_sectors)
2365 n = s->req_nb_sectors;
2366 ide_transfer_start(s, s->io_buffer, 512 * n, ide_sector_write);
2367 s->media_changed = 1;
2368 break;
2369 case WIN_READDMA_EXT:
2370 lba48 = 1;
2371 case WIN_READDMA:
2372 case WIN_READDMA_ONCE:
2373 if (!s->bs)
2374 goto abort_cmd;
2375 ide_cmd_lba48_transform(s, lba48);
2376 ide_sector_read_dma(s);
2377 break;
2378 case WIN_WRITEDMA_EXT:
2379 lba48 = 1;
2380 case WIN_WRITEDMA:
2381 case WIN_WRITEDMA_ONCE:
2382 if (!s->bs)
2383 goto abort_cmd;
2384 ide_cmd_lba48_transform(s, lba48);
2385 ide_sector_write_dma(s);
2386 s->media_changed = 1;
2387 break;
2388 case WIN_READ_NATIVE_MAX_EXT:
2389 lba48 = 1;
2390 case WIN_READ_NATIVE_MAX:
2391 ide_cmd_lba48_transform(s, lba48);
2392 ide_set_sector(s, s->nb_sectors - 1);
2393 s->status = READY_STAT | SEEK_STAT;
2394 ide_set_irq(s);
2395 break;
2396 case WIN_CHECKPOWERMODE1:
2397 case WIN_CHECKPOWERMODE2:
2398 s->nsector = 0xff; /* device active or idle */
2399 s->status = READY_STAT | SEEK_STAT;
2400 ide_set_irq(s);
2401 break;
2402 case WIN_SETFEATURES:
2403 if (!s->bs)
2404 goto abort_cmd;
2405 /* XXX: valid for CDROM ? */
2406 switch(s->feature) {
2407 case 0xcc: /* reverting to power-on defaults enable */
2408 case 0x66: /* reverting to power-on defaults disable */
2409 case 0x02: /* write cache enable */
2410 case 0x82: /* write cache disable */
2411 case 0xaa: /* read look-ahead enable */
2412 case 0x55: /* read look-ahead disable */
2413 case 0x05: /* set advanced power management mode */
2414 case 0x85: /* disable advanced power management mode */
2415 case 0x69: /* NOP */
2416 case 0x67: /* NOP */
2417 case 0x96: /* NOP */
2418 case 0x9a: /* NOP */
2419 case 0x42: /* enable Automatic Acoustic Mode */
2420 case 0xc2: /* disable Automatic Acoustic Mode */
2421 s->status = READY_STAT | SEEK_STAT;
2422 ide_set_irq(s);
2423 break;
2424 case 0x03: { /* set transfer mode */
2425 uint8_t val = s->nsector & 0x07;
2426
2427 switch (s->nsector >> 3) {
2428 case 0x00: /* pio default */
2429 case 0x01: /* pio mode */
2430 put_le16(s->identify_data + 62,0x07);
2431 put_le16(s->identify_data + 63,0x07);
2432 put_le16(s->identify_data + 88,0x3f);
2433 break;
2434 case 0x02: /* sigle word dma mode*/
2435 put_le16(s->identify_data + 62,0x07 | (1 << (val + 8)));
2436 put_le16(s->identify_data + 63,0x07);
2437 put_le16(s->identify_data + 88,0x3f);
2438 break;
2439 case 0x04: /* mdma mode */
2440 put_le16(s->identify_data + 62,0x07);
2441 put_le16(s->identify_data + 63,0x07 | (1 << (val + 8)));
2442 put_le16(s->identify_data + 88,0x3f);
2443 break;
2444 case 0x08: /* udma mode */
2445 put_le16(s->identify_data + 62,0x07);
2446 put_le16(s->identify_data + 63,0x07);
2447 put_le16(s->identify_data + 88,0x3f | (1 << (val + 8)));
2448 break;
2449 default:
2450 goto abort_cmd;
2451 }
2452 s->status = READY_STAT | SEEK_STAT;
2453 ide_set_irq(s);
2454 break;
2455 }
2456 default:
2457 goto abort_cmd;
2458 }
2459 break;
2460 case WIN_FLUSH_CACHE:
2461 case WIN_FLUSH_CACHE_EXT:
2462 if (s->bs)
2463 bdrv_flush(s->bs);
2464 s->status = READY_STAT | SEEK_STAT;
2465 ide_set_irq(s);
2466 break;
2467 case WIN_STANDBY:
2468 case WIN_STANDBY2:
2469 case WIN_STANDBYNOW1:
2470 case WIN_STANDBYNOW2:
2471 case WIN_IDLEIMMEDIATE:
2472 case CFA_IDLEIMMEDIATE:
2473 case WIN_SETIDLE1:
2474 case WIN_SETIDLE2:
2475 case WIN_SLEEPNOW1:
2476 case WIN_SLEEPNOW2:
2477 s->status = READY_STAT;
2478 ide_set_irq(s);
2479 break;
2480 case WIN_SEEK:
2481 if(s->is_cdrom)
2482 goto abort_cmd;
2483 /* XXX: Check that seek is within bounds */
2484 s->status = READY_STAT | SEEK_STAT;
2485 ide_set_irq(s);
2486 break;
2487 /* ATAPI commands */
2488 case WIN_PIDENTIFY:
2489 if (s->is_cdrom) {
2490 ide_atapi_identify(s);
2491 s->status = READY_STAT | SEEK_STAT;
2492 ide_transfer_start(s, s->io_buffer, 512, ide_transfer_stop);
2493 } else {
2494 ide_abort_command(s);
2495 }
2496 ide_set_irq(s);
2497 break;
2498 case WIN_DIAGNOSE:
2499 ide_set_signature(s);
2500 if (s->is_cdrom)
2501 s->status = 0; /* ATAPI spec (v6) section 9.10 defines packet
2502 * devices to return a clear status register
2503 * with READY_STAT *not* set. */
2504 else
2505 s->status = READY_STAT | SEEK_STAT;
2506 s->error = 0x01; /* Device 0 passed, Device 1 passed or not
2507 * present.
2508 */
2509 ide_set_irq(s);
2510 break;
2511 case WIN_SRST:
2512 if (!s->is_cdrom)
2513 goto abort_cmd;
2514 ide_set_signature(s);
2515 s->status = 0x00; /* NOTE: READY is _not_ set */
2516 s->error = 0x01;
2517 break;
2518 case WIN_PACKETCMD:
2519 if (!s->is_cdrom)
2520 goto abort_cmd;
2521 /* overlapping commands not supported */
2522 if (s->feature & 0x02)
2523 goto abort_cmd;
2524 s->status = READY_STAT | SEEK_STAT;
2525 s->atapi_dma = s->feature & 1;
2526 s->nsector = 1;
2527 ide_transfer_start(s, s->io_buffer, ATAPI_PACKET_SIZE,
2528 ide_atapi_cmd);
2529 break;
2530 /* CF-ATA commands */
2531 case CFA_REQ_EXT_ERROR_CODE:
2532 if (!s->is_cf)
2533 goto abort_cmd;
2534 s->error = 0x09; /* miscellaneous error */
2535 s->status = READY_STAT | SEEK_STAT;
2536 ide_set_irq(s);
2537 break;
2538 case CFA_ERASE_SECTORS:
2539 case CFA_WEAR_LEVEL:
2540 if (!s->is_cf)
2541 goto abort_cmd;
2542 if (val == CFA_WEAR_LEVEL)
2543 s->nsector = 0;
2544 if (val == CFA_ERASE_SECTORS)
2545 s->media_changed = 1;
2546 s->error = 0x00;
2547 s->status = READY_STAT | SEEK_STAT;
2548 ide_set_irq(s);
2549 break;
2550 case CFA_TRANSLATE_SECTOR:
2551 if (!s->is_cf)
2552 goto abort_cmd;
2553 s->error = 0x00;
2554 s->status = READY_STAT | SEEK_STAT;
2555 memset(s->io_buffer, 0, 0x200);
2556 s->io_buffer[0x00] = s->hcyl; /* Cyl MSB */
2557 s->io_buffer[0x01] = s->lcyl; /* Cyl LSB */
2558 s->io_buffer[0x02] = s->select; /* Head */
2559 s->io_buffer[0x03] = s->sector; /* Sector */
2560 s->io_buffer[0x04] = ide_get_sector(s) >> 16; /* LBA MSB */
2561 s->io_buffer[0x05] = ide_get_sector(s) >> 8; /* LBA */
2562 s->io_buffer[0x06] = ide_get_sector(s) >> 0; /* LBA LSB */
2563 s->io_buffer[0x13] = 0x00; /* Erase flag */
2564 s->io_buffer[0x18] = 0x00; /* Hot count */
2565 s->io_buffer[0x19] = 0x00; /* Hot count */
2566 s->io_buffer[0x1a] = 0x01; /* Hot count */
2567 ide_transfer_start(s, s->io_buffer, 0x200, ide_transfer_stop);
2568 ide_set_irq(s);
2569 break;
2570 case CFA_ACCESS_METADATA_STORAGE:
2571 if (!s->is_cf)
2572 goto abort_cmd;
2573 switch (s->feature) {
2574 case 0x02: /* Inquiry Metadata Storage */
2575 ide_cfata_metadata_inquiry(s);
2576 break;
2577 case 0x03: /* Read Metadata Storage */
2578 ide_cfata_metadata_read(s);
2579 break;
2580 case 0x04: /* Write Metadata Storage */
2581 ide_cfata_metadata_write(s);
2582 break;
2583 default:
2584 goto abort_cmd;
2585 }
2586 ide_transfer_start(s, s->io_buffer, 0x200, ide_transfer_stop);
2587 s->status = 0x00; /* NOTE: READY is _not_ set */
2588 ide_set_irq(s);
2589 break;
2590 case IBM_SENSE_CONDITION:
2591 if (!s->is_cf)
2592 goto abort_cmd;
2593 switch (s->feature) {
2594 case 0x01: /* sense temperature in device */
2595 s->nsector = 0x50; /* +20 C */
2596 break;
2597 default:
2598 goto abort_cmd;
2599 }
2600 s->status = READY_STAT | SEEK_STAT;
2601 ide_set_irq(s);
2602 break;
2603
2604 case WIN_SMART:
2605 if (s->is_cdrom)
2606 goto abort_cmd;
2607 if (s->hcyl != 0xc2 || s->lcyl != 0x4f)
2608 goto abort_cmd;
2609 if (!s->smart_enabled && s->feature != SMART_ENABLE)
2610 goto abort_cmd;
2611 switch (s->feature) {
2612 case SMART_DISABLE:
2613 s->smart_enabled = 0;
2614 s->status = READY_STAT | SEEK_STAT;
2615 ide_set_irq(s);
2616 break;
2617 case SMART_ENABLE:
2618 s->smart_enabled = 1;
2619 s->status = READY_STAT | SEEK_STAT;
2620 ide_set_irq(s);
2621 break;
2622 case SMART_ATTR_AUTOSAVE:
2623 switch (s->sector) {
2624 case 0x00:
2625 s->smart_autosave = 0;
2626 break;
2627 case 0xf1:
2628 s->smart_autosave = 1;
2629 break;
2630 default:
2631 goto abort_cmd;
2632 }
2633 s->status = READY_STAT | SEEK_STAT;
2634 ide_set_irq(s);
2635 break;
2636 case SMART_STATUS:
2637 if (!s->smart_errors) {
2638 s->hcyl = 0xc2;
2639 s->lcyl = 0x4f;
2640 } else {
2641 s->hcyl = 0x2c;
2642 s->lcyl = 0xf4;
2643 }
2644 s->status = READY_STAT | SEEK_STAT;
2645 ide_set_irq(s);
2646 break;
2647 case SMART_READ_THRESH:
2648 memset(s->io_buffer, 0, 0x200);
2649 s->io_buffer[0] = 0x01; /* smart struct version */
2650 for (n=0; n<30; n++) {
2651 if (smart_attributes[n][0] == 0)
2652 break;
2653 s->io_buffer[2+0+(n*12)] = smart_attributes[n][0];
2654 s->io_buffer[2+1+(n*12)] = smart_attributes[n][4];
2655 }
2656 for (n=0; n<511; n++) /* checksum */
2657 s->io_buffer[511] += s->io_buffer[n];
2658 s->io_buffer[511] = 0x100 - s->io_buffer[511];
2659 s->status = READY_STAT | SEEK_STAT;
2660 ide_transfer_start(s, s->io_buffer, 0x200, ide_transfer_stop);
2661 ide_set_irq(s);
2662 break;
2663 case SMART_READ_DATA:
2664 memset(s->io_buffer, 0, 0x200);
2665 s->io_buffer[0] = 0x01; /* smart struct version */
2666 for (n=0; n<30; n++) {
2667 if (smart_attributes[n][0] == 0)
2668 break;
2669 s->io_buffer[2+0+(n*12)] = smart_attributes[n][0];
2670 s->io_buffer[2+1+(n*12)] = smart_attributes[n][1];
2671 s->io_buffer[2+3+(n*12)] = smart_attributes[n][2];
2672 s->io_buffer[2+4+(n*12)] = smart_attributes[n][3];
2673 }
2674 s->io_buffer[362] = 0x02 | (s->smart_autosave?0x80:0x00);
2675 if (s->smart_selftest_count == 0) {
2676 s->io_buffer[363] = 0;
2677 } else {
2678 s->io_buffer[363] =
2679 s->smart_selftest_data[3 +
2680 (s->smart_selftest_count - 1) *
2681 24];
2682 }
2683 s->io_buffer[364] = 0x20;
2684 s->io_buffer[365] = 0x01;
2685 /* offline data collection capacity: execute + self-test*/
2686 s->io_buffer[367] = (1<<4 | 1<<3 | 1);
2687 s->io_buffer[368] = 0x03; /* smart capability (1) */
2688 s->io_buffer[369] = 0x00; /* smart capability (2) */
2689 s->io_buffer[370] = 0x01; /* error logging supported */
2690 s->io_buffer[372] = 0x02; /* minutes for poll short test */
2691 s->io_buffer[373] = 0x36; /* minutes for poll ext test */
2692 s->io_buffer[374] = 0x01; /* minutes for poll conveyance */
2693
2694 for (n=0; n<511; n++)
2695 s->io_buffer[511] += s->io_buffer[n];
2696 s->io_buffer[511] = 0x100 - s->io_buffer[511];
2697 s->status = READY_STAT | SEEK_STAT;
2698 ide_transfer_start(s, s->io_buffer, 0x200, ide_transfer_stop);
2699 ide_set_irq(s);
2700 break;
2701 case SMART_READ_LOG:
2702 switch (s->sector) {
2703 case 0x01: /* summary smart error log */
2704 memset(s->io_buffer, 0, 0x200);
2705 s->io_buffer[0] = 0x01;
2706 s->io_buffer[1] = 0x00; /* no error entries */
2707 s->io_buffer[452] = s->smart_errors & 0xff;
2708 s->io_buffer[453] = (s->smart_errors & 0xff00) >> 8;
2709
2710 for (n=0; n<511; n++)
2711 s->io_buffer[511] += s->io_buffer[n];
2712 s->io_buffer[511] = 0x100 - s->io_buffer[511];
2713 break;
2714 case 0x06: /* smart self test log */
2715 memset(s->io_buffer, 0, 0x200);
2716 s->io_buffer[0] = 0x01;
2717 if (s->smart_selftest_count == 0) {
2718 s->io_buffer[508] = 0;
2719 } else {
2720 s->io_buffer[508] = s->smart_selftest_count;
2721 for (n=2; n<506; n++)
2722 s->io_buffer[n] = s->smart_selftest_data[n];
2723 }
2724 for (n=0; n<511; n++)
2725 s->io_buffer[511] += s->io_buffer[n];
2726 s->io_buffer[511] = 0x100 - s->io_buffer[511];
2727 break;
2728 default:
2729 goto abort_cmd;
2730 }
2731 s->status = READY_STAT | SEEK_STAT;
2732 ide_transfer_start(s, s->io_buffer, 0x200, ide_transfer_stop);
2733 ide_set_irq(s);
2734 break;
2735 case SMART_EXECUTE_OFFLINE:
2736 switch (s->sector) {
2737 case 0: /* off-line routine */
2738 case 1: /* short self test */
2739 case 2: /* extended self test */
2740 s->smart_selftest_count++;
2741 if(s->smart_selftest_count > 21)
2742 s->smart_selftest_count = 0;
2743 n = 2 + (s->smart_selftest_count - 1) * 24;
2744 s->smart_selftest_data[n] = s->sector;
2745 s->smart_selftest_data[n+1] = 0x00; /* OK and finished */
2746 s->smart_selftest_data[n+2] = 0x34; /* hour count lsb */
2747 s->smart_selftest_data[n+3] = 0x12; /* hour count msb */
2748 s->status = READY_STAT | SEEK_STAT;
2749 ide_set_irq(s);
2750 break;
2751 default:
2752 goto abort_cmd;
2753 }
2754 break;
2755 default:
2756 goto abort_cmd;
2757 }
2758 break;
2759 default:
2760 abort_cmd:
2761 ide_abort_command(s);
2762 ide_set_irq(s);
2763 break;
2764 }
2765 }
2766 }
2767
2768 static uint32_t ide_ioport_read(void *opaque, uint32_t addr1)
2769 {
2770 IDEState *ide_if = opaque;
2771 IDEState *s = ide_if->cur_drive;
2772 uint32_t addr;
2773 int ret, hob;
2774
2775 addr = addr1 & 7;
2776 /* FIXME: HOB readback uses bit 7, but it's always set right now */
2777 //hob = s->select & (1 << 7);
2778 hob = 0;
2779 switch(addr) {
2780 case 0:
2781 ret = 0xff;
2782 break;
2783 case 1:
2784 if ((!ide_if[0].bs && !ide_if[1].bs) ||
2785 (s != ide_if && !s->bs))
2786 ret = 0;
2787 else if (!hob)
2788 ret = s->error;
2789 else
2790 ret = s->hob_feature;
2791 break;
2792 case 2:
2793 if (!ide_if[0].bs && !ide_if[1].bs)
2794 ret = 0;
2795 else if (!hob)
2796 ret = s->nsector & 0xff;
2797 else
2798 ret = s->hob_nsector;
2799 break;
2800 case 3:
2801 if (!ide_if[0].bs && !ide_if[1].bs)
2802 ret = 0;
2803 else if (!hob)
2804 ret = s->sector;
2805 else
2806 ret = s->hob_sector;
2807 break;
2808 case 4:
2809 if (!ide_if[0].bs && !ide_if[1].bs)
2810 ret = 0;
2811 else if (!hob)
2812 ret = s->lcyl;
2813 else
2814 ret = s->hob_lcyl;
2815 break;
2816 case 5:
2817 if (!ide_if[0].bs && !ide_if[1].bs)
2818 ret = 0;
2819 else if (!hob)
2820 ret = s->hcyl;
2821 else
2822 ret = s->hob_hcyl;
2823 break;
2824 case 6:
2825 if (!ide_if[0].bs && !ide_if[1].bs)
2826 ret = 0;
2827 else
2828 ret = s->select;
2829 break;
2830 default:
2831 case 7:
2832 if ((!ide_if[0].bs && !ide_if[1].bs) ||
2833 (s != ide_if && !s->bs))
2834 ret = 0;
2835 else
2836 ret = s->status;
2837 qemu_irq_lower(s->irq);
2838 break;
2839 }
2840 #ifdef DEBUG_IDE
2841 printf("ide: read addr=0x%x val=%02x\n", addr1, ret);
2842 #endif
2843 return ret;
2844 }
2845
2846 static uint32_t ide_status_read(void *opaque, uint32_t addr)
2847 {
2848 IDEState *ide_if = opaque;
2849 IDEState *s = ide_if->cur_drive;
2850 int ret;
2851
2852 if ((!ide_if[0].bs && !ide_if[1].bs) ||
2853 (s != ide_if && !s->bs))
2854 ret = 0;
2855 else
2856 ret = s->status;
2857 #ifdef DEBUG_IDE
2858 printf("ide: read status addr=0x%x val=%02x\n", addr, ret);
2859 #endif
2860 return ret;
2861 }
2862
2863 static void ide_cmd_write(void *opaque, uint32_t addr, uint32_t val)
2864 {
2865 IDEState *ide_if = opaque;
2866 IDEState *s;
2867 int i;
2868
2869 #ifdef DEBUG_IDE
2870 printf("ide: write control addr=0x%x val=%02x\n", addr, val);
2871 #endif
2872 /* common for both drives */
2873 if (!(ide_if[0].cmd & IDE_CMD_RESET) &&
2874 (val & IDE_CMD_RESET)) {
2875 /* reset low to high */
2876 for(i = 0;i < 2; i++) {
2877 s = &ide_if[i];
2878 s->status = BUSY_STAT | SEEK_STAT;
2879 s->error = 0x01;
2880 }
2881 } else if ((ide_if[0].cmd & IDE_CMD_RESET) &&
2882 !(val & IDE_CMD_RESET)) {
2883 /* high to low */
2884 for(i = 0;i < 2; i++) {
2885 s = &ide_if[i];
2886 if (s->is_cdrom)
2887 s->status = 0x00; /* NOTE: READY is _not_ set */
2888 else
2889 s->status = READY_STAT | SEEK_STAT;
2890 ide_set_signature(s);
2891 }
2892 }
2893
2894 ide_if[0].cmd = val;
2895 ide_if[1].cmd = val;
2896 }
2897
2898 static void ide_data_writew(void *opaque, uint32_t addr, uint32_t val)
2899 {
2900 IDEState *s = ((IDEState *)opaque)->cur_drive;
2901 uint8_t *p;
2902
2903 /* PIO data access allowed only when DRQ bit is set */
2904 if (!(s->status & DRQ_STAT))
2905 return;
2906
2907 p = s->data_ptr;
2908 *(uint16_t *)p = le16_to_cpu(val);
2909 p += 2;
2910 s->data_ptr = p;
2911 if (p >= s->data_end)
2912 s->end_transfer_func(s);
2913 }
2914
2915 static uint32_t ide_data_readw(void *opaque, uint32_t addr)
2916 {
2917 IDEState *s = ((IDEState *)opaque)->cur_drive;
2918 uint8_t *p;
2919 int ret;
2920
2921 /* PIO data access allowed only when DRQ bit is set */
2922 if (!(s->status & DRQ_STAT))
2923 return 0;
2924
2925 p = s->data_ptr;
2926 ret = cpu_to_le16(*(uint16_t *)p);
2927 p += 2;
2928 s->data_ptr = p;
2929 if (p >= s->data_end)
2930 s->end_transfer_func(s);
2931 return ret;
2932 }
2933
2934 static void ide_data_writel(void *opaque, uint32_t addr, uint32_t val)
2935 {
2936 IDEState *s = ((IDEState *)opaque)->cur_drive;
2937 uint8_t *p;
2938
2939 /* PIO data access allowed only when DRQ bit is set */
2940 if (!(s->status & DRQ_STAT))
2941 return;
2942
2943 p = s->data_ptr;
2944 *(uint32_t *)p = le32_to_cpu(val);
2945 p += 4;
2946 s->data_ptr = p;
2947 if (p >= s->data_end)
2948 s->end_transfer_func(s);
2949 }
2950
2951 static uint32_t ide_data_readl(void *opaque, uint32_t addr)
2952 {
2953 IDEState *s = ((IDEState *)opaque)->cur_drive;
2954 uint8_t *p;
2955 int ret;
2956
2957 /* PIO data access allowed only when DRQ bit is set */
2958 if (!(s->status & DRQ_STAT))
2959 return 0;
2960
2961 p = s->data_ptr;
2962 ret = cpu_to_le32(*(uint32_t *)p);
2963 p += 4;
2964 s->data_ptr = p;
2965 if (p >= s->data_end)
2966 s->end_transfer_func(s);
2967 return ret;
2968 }
2969
2970 static void ide_dummy_transfer_stop(IDEState *s)
2971 {
2972 s->data_ptr = s->io_buffer;
2973 s->data_end = s->io_buffer;
2974 s->io_buffer[0] = 0xff;
2975 s->io_buffer[1] = 0xff;
2976 s->io_buffer[2] = 0xff;
2977 s->io_buffer[3] = 0xff;
2978 }
2979
2980 static void ide_reset(IDEState *s)
2981 {
2982 if (s->is_cf)
2983 s->mult_sectors = 0;
2984 else
2985 s->mult_sectors = MAX_MULT_SECTORS;
2986 s->cur_drive = s;
2987 s->select = 0xa0;
2988 s->status = READY_STAT | SEEK_STAT;
2989 ide_set_signature(s);
2990 /* init the transfer handler so that 0xffff is returned on data
2991 accesses */
2992 s->end_transfer_func = ide_dummy_transfer_stop;
2993 ide_dummy_transfer_stop(s);
2994 s->media_changed = 0;
2995 }
2996
2997 static void ide_init2(IDEState *ide_state,
2998 BlockDriverState *hd0, BlockDriverState *hd1,
2999 qemu_irq irq)
3000 {
3001 IDEState *s;
3002 static int drive_serial = 1;
3003 int i, cylinders, heads, secs;
3004 uint64_t nb_sectors;
3005
3006 for(i = 0; i < 2; i++) {
3007 s = ide_state + i;
3008 if (i == 0)
3009 s->bs = hd0;
3010 else
3011 s->bs = hd1;
3012 s->io_buffer = qemu_blockalign(s->bs, IDE_DMA_BUF_SECTORS*512 + 4);
3013 if (s->bs) {
3014 bdrv_get_geometry(s->bs, &nb_sectors);
3015 bdrv_guess_geometry(s->bs, &cylinders, &heads, &secs);
3016 s->cylinders = cylinders;
3017 s->heads = heads;
3018 s->sectors = secs;
3019 s->nb_sectors = nb_sectors;
3020 /* The SMART values should be preserved across power cycles
3021 but they aren't. */
3022 s->smart_enabled = 1;
3023 s->smart_autosave = 1;
3024 s->smart_errors = 0;
3025 s->smart_selftest_count = 0;
3026 s->smart_selftest_data = qemu_blockalign(s->bs, 512);
3027 if (bdrv_get_type_hint(s->bs) == BDRV_TYPE_CDROM) {
3028 s->is_cdrom = 1;
3029 bdrv_set_change_cb(s->bs, cdrom_change_cb, s);
3030 }
3031 }
3032 s->drive_serial = drive_serial++;
3033 strncpy(s->drive_serial_str, drive_get_serial(s->bs),
3034 sizeof(s->drive_serial_str));
3035 if (strlen(s->drive_serial_str) == 0)
3036 snprintf(s->drive_serial_str, sizeof(s->drive_serial_str),
3037 "QM%05d", s->drive_serial);
3038 s->irq = irq;
3039 s->sector_write_timer = qemu_new_timer(vm_clock,
3040 ide_sector_write_timer_cb, s);
3041 ide_reset(s);
3042 }
3043 }
3044
3045 static void ide_init_ioport(IDEState *ide_state, int iobase, int iobase2)
3046 {
3047 register_ioport_write(iobase, 8, 1, ide_ioport_write, ide_state);
3048 register_ioport_read(iobase, 8, 1, ide_ioport_read, ide_state);
3049 if (iobase2) {
3050 register_ioport_read(iobase2, 1, 1, ide_status_read, ide_state);
3051 register_ioport_write(iobase2, 1, 1, ide_cmd_write, ide_state);
3052 }
3053
3054 /* data ports */
3055 register_ioport_write(iobase, 2, 2, ide_data_writew, ide_state);
3056 register_ioport_read(iobase, 2, 2, ide_data_readw, ide_state);
3057 register_ioport_write(iobase, 4, 4, ide_data_writel, ide_state);
3058 register_ioport_read(iobase, 4, 4, ide_data_readl, ide_state);
3059 }
3060
3061 /* save per IDE drive data */
3062 static void ide_save(QEMUFile* f, IDEState *s)
3063 {
3064 qemu_put_be32(f, s->mult_sectors);
3065 qemu_put_be32(f, s->identify_set);
3066 if (s->identify_set) {
3067 qemu_put_buffer(f, (const uint8_t *)s->identify_data, 512);
3068 }
3069 qemu_put_8s(f, &s->feature);
3070 qemu_put_8s(f, &s->error);
3071 qemu_put_be32s(f, &s->nsector);
3072 qemu_put_8s(f, &s->sector);
3073 qemu_put_8s(f, &s->lcyl);
3074 qemu_put_8s(f, &s->hcyl);
3075 qemu_put_8s(f, &s->hob_feature);
3076 qemu_put_8s(f, &s->hob_nsector);
3077 qemu_put_8s(f, &s->hob_sector);
3078 qemu_put_8s(f, &s->hob_lcyl);
3079 qemu_put_8s(f, &s->hob_hcyl);
3080 qemu_put_8s(f, &s->select);
3081 qemu_put_8s(f, &s->status);
3082 qemu_put_8s(f, &s->lba48);
3083
3084 qemu_put_8s(f, &s->sense_key);
3085 qemu_put_8s(f, &s->asc);
3086 qemu_put_8s(f, &s->cdrom_changed);
3087 /* XXX: if a transfer is pending, we do not save it yet */
3088 }
3089
3090 /* load per IDE drive data */
3091 static void ide_load(QEMUFile* f, IDEState *s, int version_id)
3092 {
3093 s->mult_sectors=qemu_get_be32(f);
3094 s->identify_set=qemu_get_be32(f);
3095 if (s->identify_set) {
3096 qemu_get_buffer(f, (uint8_t *)s->identify_data, 512);
3097 }
3098 qemu_get_8s(f, &s->feature);
3099 qemu_get_8s(f, &s->error);
3100 qemu_get_be32s(f, &s->nsector);
3101 qemu_get_8s(f, &s->sector);
3102 qemu_get_8s(f, &s->lcyl);
3103 qemu_get_8s(f, &s->hcyl);
3104 qemu_get_8s(f, &s->hob_feature);
3105 qemu_get_8s(f, &s->hob_nsector);
3106 qemu_get_8s(f, &s->hob_sector);
3107 qemu_get_8s(f, &s->hob_lcyl);
3108 qemu_get_8s(f, &s->hob_hcyl);
3109 qemu_get_8s(f, &s->select);
3110 qemu_get_8s(f, &s->status);
3111 qemu_get_8s(f, &s->lba48);
3112
3113 qemu_get_8s(f, &s->sense_key);
3114 qemu_get_8s(f, &s->asc);
3115 if (version_id == 3) {
3116 qemu_get_8s(f, &s->cdrom_changed);
3117 } else {
3118 if (s->sense_key == SENSE_UNIT_ATTENTION &&
3119 s->asc == ASC_MEDIUM_MAY_HAVE_CHANGED)
3120 s->cdrom_changed = 1;
3121 }
3122 /* XXX: if a transfer is pending, we do not save it yet */
3123 }
3124
3125 /***********************************************************/
3126 /* ISA IDE definitions */
3127
3128 void isa_ide_init(int iobase, int iobase2, qemu_irq irq,
3129 BlockDriverState *hd0, BlockDriverState *hd1)
3130 {
3131 IDEState *ide_state;
3132
3133 ide_state = qemu_mallocz(sizeof(IDEState) * 2);
3134
3135 ide_init2(ide_state, hd0, hd1, irq);
3136 ide_init_ioport(ide_state, iobase, iobase2);
3137 }
3138
3139 /***********************************************************/
3140 /* PCI IDE definitions */
3141
3142 static void cmd646_update_irq(PCIIDEState *d);
3143
3144 static void ide_map(PCIDevice *pci_dev, int region_num,
3145 uint32_t addr, uint32_t size, int type)
3146 {
3147 PCIIDEState *d = (PCIIDEState *)pci_dev;
3148 IDEState *ide_state;
3149
3150 if (region_num <= 3) {
3151 ide_state = &d->ide_if[(region_num >> 1) * 2];
3152 if (region_num & 1) {
3153 register_ioport_read(addr + 2, 1, 1, ide_status_read, ide_state);
3154 register_ioport_write(addr + 2, 1, 1, ide_cmd_write, ide_state);
3155 } else {
3156 register_ioport_write(addr, 8, 1, ide_ioport_write, ide_state);
3157 register_ioport_read(addr, 8, 1, ide_ioport_read, ide_state);
3158
3159 /* data ports */
3160 register_ioport_write(addr, 2, 2, ide_data_writew, ide_state);
3161 register_ioport_read(addr, 2, 2, ide_data_readw, ide_state);
3162 register_ioport_write(addr, 4, 4, ide_data_writel, ide_state);
3163 register_ioport_read(addr, 4, 4, ide_data_readl, ide_state);
3164 }
3165 }
3166 }
3167
3168 static void ide_dma_start(IDEState *s, BlockDriverCompletionFunc *dma_cb)
3169 {
3170 BMDMAState *bm = s->bmdma;
3171 if(!bm)
3172 return;
3173 bm->ide_if = s;
3174 bm->dma_cb = dma_cb;
3175 bm->cur_prd_last = 0;
3176 bm->cur_prd_addr = 0;
3177 bm->cur_prd_len = 0;
3178 bm->sector_num = ide_get_sector(s);
3179 bm->nsector = s->nsector;
3180 if (bm->status & BM_STATUS_DMAING) {
3181 bm->dma_cb(bm, 0);
3182 }
3183 }
3184
3185 static void ide_dma_restart(IDEState *s)
3186 {
3187 BMDMAState *bm = s->bmdma;
3188 ide_set_sector(s, bm->sector_num);
3189 s->io_buffer_index = 0;
3190 s->io_buffer_size = 0;
3191 s->nsector = bm->nsector;
3192 bm->cur_addr = bm->addr;
3193 bm->dma_cb = ide_write_dma_cb;
3194 ide_dma_start(s, bm->dma_cb);
3195 }
3196
3197 static void ide_dma_cancel(BMDMAState *bm)
3198 {
3199 if (bm->status & BM_STATUS_DMAING) {
3200 bm->status &= ~BM_STATUS_DMAING;
3201 /* cancel DMA request */
3202 bm->ide_if = NULL;
3203 bm->dma_cb = NULL;
3204 if (bm->aiocb) {
3205 #ifdef DEBUG_AIO
3206 printf("aio_cancel\n");
3207 #endif
3208 bdrv_aio_cancel(bm->aiocb);
3209 bm->aiocb = NULL;
3210 }
3211 }
3212 }
3213
3214 static void bmdma_cmd_writeb(void *opaque, uint32_t addr, uint32_t val)
3215 {
3216 BMDMAState *bm = opaque;
3217 #ifdef DEBUG_IDE
3218 printf("%s: 0x%08x\n", __func__, val);
3219 #endif
3220 if (!(val & BM_CMD_START)) {
3221 /* XXX: do it better */
3222 ide_dma_cancel(bm);
3223 bm->cmd = val & 0x09;
3224 } else {
3225 if (!(bm->status & BM_STATUS_DMAING)) {
3226 bm->status |= BM_STATUS_DMAING;
3227 /* start dma transfer if possible */
3228 if (bm->dma_cb)
3229 bm->dma_cb(bm, 0);
3230 }
3231 bm->cmd = val & 0x09;
3232 }
3233 }
3234
3235 static uint32_t bmdma_readb(void *opaque, uint32_t addr)
3236 {
3237 BMDMAState *bm = opaque;
3238 PCIIDEState *pci_dev;
3239 uint32_t val;
3240
3241 switch(addr & 3) {
3242 case 0:
3243 val = bm->cmd;
3244 break;
3245 case 1:
3246 pci_dev = bm->pci_dev;
3247 if (pci_dev->type == IDE_TYPE_CMD646) {
3248 val = pci_dev->dev.config[MRDMODE];
3249 } else {
3250 val = 0xff;
3251 }
3252 break;
3253 case 2:
3254 val = bm->status;
3255 break;
3256 case 3:
3257 pci_dev = bm->pci_dev;
3258 if (pci_dev->type == IDE_TYPE_CMD646) {
3259 if (bm == &pci_dev->bmdma[0])
3260 val = pci_dev->dev.config[UDIDETCR0];
3261 else
3262 val = pci_dev->dev.config[UDIDETCR1];
3263 } else {
3264 val = 0xff;
3265 }
3266 break;
3267 default:
3268 val = 0xff;
3269 break;
3270 }
3271 #ifdef DEBUG_IDE
3272 printf("bmdma: readb 0x%02x : 0x%02x\n", addr, val);
3273 #endif
3274 return val;
3275 }
3276
3277 static void bmdma_writeb(void *opaque, uint32_t addr, uint32_t val)
3278 {
3279 BMDMAState *bm = opaque;
3280 PCIIDEState *pci_dev;
3281 #ifdef DEBUG_IDE
3282 printf("bmdma: writeb 0x%02x : 0x%02x\n", addr, val);
3283 #endif
3284 switch(addr & 3) {
3285 case 1:
3286 pci_dev = bm->pci_dev;
3287 if (pci_dev->type == IDE_TYPE_CMD646) {
3288 pci_dev->dev.config[MRDMODE] =
3289 (pci_dev->dev.config[MRDMODE] & ~0x30) | (val & 0x30);
3290 cmd646_update_irq(pci_dev);
3291 }
3292 break;
3293 case 2:
3294 bm->status = (val & 0x60) | (bm->status & 1) | (bm->status & ~val & 0x06);
3295 break;
3296 case 3:
3297 pci_dev = bm->pci_dev;
3298 if (pci_dev->type == IDE_TYPE_CMD646) {
3299 if (bm == &pci_dev->bmdma[0])
3300 pci_dev->dev.config[UDIDETCR0] = val;
3301 else
3302 pci_dev->dev.config[UDIDETCR1] = val;
3303 }
3304 break;
3305 }
3306 }
3307
3308 static uint32_t bmdma_addr_readb(void *opaque, uint32_t addr)
3309 {
3310 BMDMAState *bm = opaque;
3311 uint32_t val;
3312 val = (bm->addr >> ((addr & 3) * 8)) & 0xff;
3313 #ifdef DEBUG_IDE
3314 printf("%s: 0x%08x\n", __func__, val);
3315 #endif
3316 return val;
3317 }
3318
3319 static void bmdma_addr_writeb(void *opaque, uint32_t addr, uint32_t val)
3320 {
3321 BMDMAState *bm = opaque;
3322 int shift = (addr & 3) * 8;
3323 #ifdef DEBUG_IDE
3324 printf("%s: 0x%08x\n", __func__, val);
3325 #endif
3326 bm->addr &= ~(0xFF << shift);
3327 bm->addr |= ((val & 0xFF) << shift) & ~3;
3328 bm->cur_addr = bm->addr;
3329 }
3330
3331 static uint32_t bmdma_addr_readw(void *opaque, uint32_t addr)
3332 {
3333 BMDMAState *bm = opaque;
3334 uint32_t val;
3335 val = (bm->addr >> ((addr & 3) * 8)) & 0xffff;
3336 #ifdef DEBUG_IDE
3337 printf("%s: 0x%08x\n", __func__, val);
3338 #endif
3339 return val;
3340 }
3341
3342 static void bmdma_addr_writew(void *opaque, uint32_t addr, uint32_t val)
3343 {
3344 BMDMAState *bm = opaque;
3345 int shift = (addr & 3) * 8;
3346 #ifdef DEBUG_IDE
3347 printf("%s: 0x%08x\n", __func__, val);
3348 #endif
3349 bm->addr &= ~(0xFFFF << shift);
3350 bm->addr |= ((val & 0xFFFF) << shift) & ~3;
3351 bm->cur_addr = bm->addr;
3352 }
3353
3354 static uint32_t bmdma_addr_readl(void *opaque, uint32_t addr)
3355 {
3356 BMDMAState *bm = opaque;
3357 uint32_t val;
3358 val = bm->addr;
3359 #ifdef DEBUG_IDE
3360 printf("%s: 0x%08x\n", __func__, val);
3361 #endif
3362 return val;
3363 }
3364
3365 static void bmdma_addr_writel(void *opaque, uint32_t addr, uint32_t val)
3366 {
3367 BMDMAState *bm = opaque;
3368 #ifdef DEBUG_IDE
3369 printf("%s: 0x%08x\n", __func__, val);
3370 #endif
3371 bm->addr = val & ~3;
3372 bm->cur_addr = bm->addr;
3373 }
3374
3375 static void bmdma_map(PCIDevice *pci_dev, int region_num,
3376 uint32_t addr, uint32_t size, int type)
3377 {
3378 PCIIDEState *d = (PCIIDEState *)pci_dev;
3379 int i;
3380
3381 for(i = 0;i < 2; i++) {
3382 BMDMAState *bm = &d->bmdma[i];
3383 d->ide_if[2 * i].bmdma = bm;
3384 d->ide_if[2 * i + 1].bmdma = bm;
3385 bm->pci_dev = (PCIIDEState *)pci_dev;
3386 qemu_add_vm_change_state_handler(ide_dma_restart_cb, bm);
3387
3388 register_ioport_write(addr, 1, 1, bmdma_cmd_writeb, bm);
3389
3390 register_ioport_write(addr + 1, 3, 1, bmdma_writeb, bm);
3391 register_ioport_read(addr, 4, 1, bmdma_readb, bm);
3392
3393 register_ioport_write(addr + 4, 4, 1, bmdma_addr_writeb, bm);
3394 register_ioport_read(addr + 4, 4, 1, bmdma_addr_readb, bm);
3395 register_ioport_write(addr + 4, 4, 2, bmdma_addr_writew, bm);
3396 register_ioport_read(addr + 4, 4, 2, bmdma_addr_readw, bm);
3397 register_ioport_write(addr + 4, 4, 4, bmdma_addr_writel, bm);
3398 register_ioport_read(addr + 4, 4, 4, bmdma_addr_readl, bm);
3399 addr += 8;
3400 }
3401 }
3402
3403 static void pci_ide_save(QEMUFile* f, void *opaque)
3404 {
3405 PCIIDEState *d = opaque;
3406 int i;
3407
3408 pci_device_save(&d->dev, f);
3409
3410 for(i = 0; i < 2; i++) {
3411 BMDMAState *bm = &d->bmdma[i];
3412 uint8_t ifidx;
3413 qemu_put_8s(f, &bm->cmd);
3414 qemu_put_8s(f, &bm->status);
3415 qemu_put_be32s(f, &bm->addr);
3416 qemu_put_sbe64s(f, &bm->sector_num);
3417 qemu_put_be32s(f, &bm->nsector);
3418 ifidx = bm->ide_if ? bm->ide_if - d->ide_if : 0;
3419 qemu_put_8s(f, &ifidx);
3420 /* XXX: if a transfer is pending, we do not save it yet */
3421 }
3422
3423 /* per IDE interface data */
3424 for(i = 0; i < 2; i++) {
3425 IDEState *s = &d->ide_if[i * 2];
3426 uint8_t drive1_selected;
3427 qemu_put_8s(f, &s->cmd);
3428 drive1_selected = (s->cur_drive != s);
3429 qemu_put_8s(f, &drive1_selected);
3430 }
3431
3432 /* per IDE drive data */
3433 for(i = 0; i < 4; i++) {
3434 ide_save(f, &d->ide_if[i]);
3435 }
3436 }
3437
3438 static int pci_ide_load(QEMUFile* f, void *opaque, int version_id)
3439 {
3440 PCIIDEState *d = opaque;
3441 int ret, i;
3442
3443 if (version_id != 2 && version_id != 3)
3444 return -EINVAL;
3445 ret = pci_device_load(&d->dev, f);
3446 if (ret < 0)
3447 return ret;
3448
3449 for(i = 0; i < 2; i++) {
3450 BMDMAState *bm = &d->bmdma[i];
3451 uint8_t ifidx;
3452 qemu_get_8s(f, &bm->cmd);
3453 qemu_get_8s(f, &bm->status);
3454 qemu_get_be32s(f, &bm->addr);
3455 qemu_get_sbe64s(f, &bm->sector_num);
3456 qemu_get_be32s(f, &bm->nsector);
3457 qemu_get_8s(f, &ifidx);
3458 bm->ide_if = &d->ide_if[ifidx];
3459 /* XXX: if a transfer is pending, we do not save it yet */
3460 }
3461
3462 /* per IDE interface data */
3463 for(i = 0; i < 2; i++) {
3464 IDEState *s = &d->ide_if[i * 2];
3465 uint8_t drive1_selected;
3466 qemu_get_8s(f, &s->cmd);
3467 qemu_get_8s(f, &drive1_selected);
3468 s->cur_drive = &d->ide_if[i * 2 + (drive1_selected != 0)];
3469 }
3470
3471 /* per IDE drive data */
3472 for(i = 0; i < 4; i++) {
3473 ide_load(f, &d->ide_if[i], version_id);
3474 }
3475 return 0;
3476 }
3477
3478 /* XXX: call it also when the MRDMODE is changed from the PCI config
3479 registers */
3480 static void cmd646_update_irq(PCIIDEState *d)
3481 {
3482 int pci_level;
3483 pci_level = ((d->dev.config[MRDMODE] & MRDMODE_INTR_CH0) &&
3484 !(d->dev.config[MRDMODE] & MRDMODE_BLK_CH0)) ||
3485 ((d->dev.config[MRDMODE] & MRDMODE_INTR_CH1) &&
3486 !(d->dev.config[MRDMODE] & MRDMODE_BLK_CH1));
3487 qemu_set_irq(d->dev.irq[0], pci_level);
3488 }
3489
3490 /* the PCI irq level is the logical OR of the two channels */
3491 static void cmd646_set_irq(void *opaque, int channel, int level)
3492 {
3493 PCIIDEState *d = opaque;
3494 int irq_mask;
3495
3496 irq_mask = MRDMODE_INTR_CH0 << channel;
3497 if (level)
3498 d->dev.config[MRDMODE] |= irq_mask;
3499 else
3500 d->dev.config[MRDMODE] &= ~irq_mask;
3501 cmd646_update_irq(d);
3502 }
3503
3504 static void cmd646_reset(void *opaque)
3505 {
3506 PCIIDEState *d = opaque;
3507 unsigned int i;
3508
3509 for (i = 0; i < 2; i++)
3510 ide_dma_cancel(&d->bmdma[i]);
3511 }
3512
3513 /* CMD646 PCI IDE controller */
3514 void pci_cmd646_ide_init(PCIBus *bus, BlockDriverState **hd_table,
3515 int secondary_ide_enabled)
3516 {
3517 PCIIDEState *d;
3518 uint8_t *pci_conf;
3519 int i;
3520 qemu_irq *irq;
3521
3522 d = (PCIIDEState *)pci_register_device(bus, "CMD646 IDE",
3523 sizeof(PCIIDEState),
3524 -1,
3525 NULL, NULL);
3526 d->type = IDE_TYPE_CMD646;
3527 pci_conf = d->dev.config;
3528 pci_config_set_vendor_id(pci_conf, PCI_VENDOR_ID_CMD);
3529 pci_config_set_device_id(pci_conf, PCI_DEVICE_ID_CMD_646);
3530
3531 pci_conf[0x08] = 0x07; // IDE controller revision
3532 pci_conf[0x09] = 0x8f;
3533
3534 pci_config_set_class(pci_conf, PCI_CLASS_STORAGE_IDE);
3535 pci_conf[PCI_HEADER_TYPE] = PCI_HEADER_TYPE_NORMAL; // header_type
3536
3537 pci_conf[0x51] = 0x04; // enable IDE0
3538 if (secondary_ide_enabled) {
3539 /* XXX: if not enabled, really disable the seconday IDE controller */
3540 pci_conf[0x51] |= 0x08; /* enable IDE1 */
3541 }
3542
3543 pci_register_bar((PCIDevice *)d, 0, 0x8,
3544 PCI_ADDRESS_SPACE_IO, ide_map);
3545 pci_register_bar((PCIDevice *)d, 1, 0x4,
3546 PCI_ADDRESS_SPACE_IO, ide_map);
3547 pci_register_bar((PCIDevice *)d, 2, 0x8,
3548 PCI_ADDRESS_SPACE_IO, ide_map);
3549 pci_register_bar((PCIDevice *)d, 3, 0x4,
3550 PCI_ADDRESS_SPACE_IO, ide_map);
3551 pci_register_bar((PCIDevice *)d, 4, 0x10,
3552 PCI_ADDRESS_SPACE_IO, bmdma_map);
3553
3554 pci_conf[0x3d] = 0x01; // interrupt on pin 1
3555
3556 for(i = 0; i < 4; i++)
3557 d->ide_if[i].pci_dev = (PCIDevice *)d;
3558
3559 irq = qemu_allocate_irqs(cmd646_set_irq, d, 2);
3560 ide_init2(&d->ide_if[0], hd_table[0], hd_table[1], irq[0]);
3561 ide_init2(&d->ide_if[2], hd_table[2], hd_table[3], irq[1]);
3562
3563 register_savevm("ide", 0, 3, pci_ide_save, pci_ide_load, d);
3564 qemu_register_reset(cmd646_reset, d);
3565 cmd646_reset(d);
3566 }
3567
3568 static void piix3_reset(void *opaque)
3569 {
3570 PCIIDEState *d = opaque;
3571 uint8_t *pci_conf = d->dev.config;
3572 int i;
3573
3574 for (i = 0; i < 2; i++)
3575 ide_dma_cancel(&d->bmdma[i]);
3576
3577 pci_conf[0x04] = 0x00;
3578 pci_conf[0x05] = 0x00;
3579 pci_conf[0x06] = 0x80; /* FBC */
3580 pci_conf[0x07] = 0x02; // PCI_status_devsel_medium
3581 pci_conf[0x20] = 0x01; /* BMIBA: 20-23h */
3582 }
3583
3584 /* hd_table must contain 4 block drivers */
3585 /* NOTE: for the PIIX3, the IRQs and IOports are hardcoded */
3586 void pci_piix3_ide_init(PCIBus *bus, BlockDriverState **hd_table, int devfn,
3587 qemu_irq *pic)
3588 {
3589 PCIIDEState *d;
3590 uint8_t *pci_conf;
3591 int i;
3592
3593 /* register a function 1 of PIIX3 */
3594 d = (PCIIDEState *)pci_register_device(bus, "PIIX3 IDE",
3595 sizeof(PCIIDEState),
3596 devfn,
3597 NULL, NULL);
3598 d->type = IDE_TYPE_PIIX3;
3599
3600 pci_conf = d->dev.config;
3601 pci_config_set_vendor_id(pci_conf, PCI_VENDOR_ID_INTEL);
3602 pci_config_set_device_id(pci_conf, PCI_DEVICE_ID_INTEL_82371SB_1);
3603 pci_conf[0x09] = 0x80; // legacy ATA mode
3604 pci_config_set_class(pci_conf, PCI_CLASS_STORAGE_IDE);
3605 pci_conf[PCI_HEADER_TYPE] = PCI_HEADER_TYPE_NORMAL; // header_type
3606
3607 qemu_register_reset(piix3_reset, d);
3608 piix3_reset(d);
3609
3610 pci_register_bar((PCIDevice *)d, 4, 0x10,
3611 PCI_ADDRESS_SPACE_IO, bmdma_map);
3612
3613 ide_init2(&d->ide_if[0], hd_table[0], hd_table[1], pic[14]);
3614 ide_init2(&d->ide_if[2], hd_table[2], hd_table[3], pic[15]);
3615 ide_init_ioport(&d->ide_if[0], 0x1f0, 0x3f6);
3616 ide_init_ioport(&d->ide_if[2], 0x170, 0x376);
3617
3618 for (i = 0; i < 4; i++)
3619 if (hd_table[i])
3620 hd_table[i]->private = &d->dev;
3621
3622 register_savevm("ide", 0, 3, pci_ide_save, pci_ide_load, d);
3623 }
3624
3625 /* hd_table must contain 4 block drivers */
3626 /* NOTE: for the PIIX4, the IRQs and IOports are hardcoded */
3627 void pci_piix4_ide_init(PCIBus *bus, BlockDriverState **hd_table, int devfn,
3628 qemu_irq *pic)
3629 {
3630 PCIIDEState *d;
3631 uint8_t *pci_conf;
3632
3633 /* register a function 1 of PIIX4 */
3634 d = (PCIIDEState *)pci_register_device(bus, "PIIX4 IDE",
3635 sizeof(PCIIDEState),
3636 devfn,
3637 NULL, NULL);
3638 d->type = IDE_TYPE_PIIX4;
3639
3640 pci_conf = d->dev.config;
3641 pci_config_set_vendor_id(pci_conf, PCI_VENDOR_ID_INTEL);
3642 pci_config_set_device_id(pci_conf, PCI_DEVICE_ID_INTEL_82371AB);
3643 pci_conf[0x09] = 0x80; // legacy ATA mode
3644 pci_config_set_class(pci_conf, PCI_CLASS_STORAGE_IDE);
3645 pci_conf[PCI_HEADER_TYPE] = PCI_HEADER_TYPE_NORMAL; // header_type
3646
3647 qemu_register_reset(piix3_reset, d);
3648 piix3_reset(d);
3649
3650 pci_register_bar((PCIDevice *)d, 4, 0x10,
3651 PCI_ADDRESS_SPACE_IO, bmdma_map);
3652
3653 ide_init2(&d->ide_if[0], hd_table[0], hd_table[1], pic[14]);
3654 ide_init2(&d->ide_if[2], hd_table[2], hd_table[3], pic[15]);
3655 ide_init_ioport(&d->ide_if[0], 0x1f0, 0x3f6);
3656 ide_init_ioport(&d->ide_if[2], 0x170, 0x376);
3657
3658 register_savevm("ide", 0, 3, pci_ide_save, pci_ide_load, d);
3659 }
3660
3661 #if defined(TARGET_PPC)
3662 /***********************************************************/
3663 /* MacIO based PowerPC IDE */
3664
3665 typedef struct MACIOIDEState {
3666 IDEState ide_if[2];
3667 BlockDriverAIOCB *aiocb;
3668 } MACIOIDEState;
3669
3670 static void pmac_ide_atapi_transfer_cb(void *opaque, int ret)
3671 {
3672 DBDMA_io *io = opaque;
3673 MACIOIDEState *m = io->opaque;
3674 IDEState *s = m->ide_if->cur_drive;
3675
3676 if (ret < 0) {
3677 m->aiocb = NULL;
3678 qemu_sglist_destroy(&s->sg);
3679 ide_atapi_io_error(s, ret);
3680 io->dma_end(opaque);
3681 return;
3682 }
3683
3684 if (s->io_buffer_size > 0) {
3685 m->aiocb = NULL;
3686 qemu_sglist_destroy(&s->sg);
3687
3688 s->packet_transfer_size -= s->io_buffer_size;
3689
3690 s->io_buffer_index += s->io_buffer_size;
3691 s->lba += s->io_buffer_index >> 11;
3692 s->io_buffer_index &= 0x7ff;
3693 }
3694
3695 if (s->packet_transfer_size <= 0)
3696 ide_atapi_cmd_ok(s);
3697
3698 if (io->len == 0) {
3699 io->dma_end(opaque);
3700 return;
3701 }
3702
3703 /* launch next transfer */
3704
3705 s->io_buffer_size = io->len;
3706
3707 qemu_sglist_init(&s->sg, io->len / TARGET_PAGE_SIZE + 1);
3708 qemu_sglist_add(&s->sg, io->addr, io->len);
3709 io->addr += io->len;
3710 io->len = 0;
3711
3712 m->aiocb = dma_bdrv_read(s->bs, &s->sg,
3713 (int64_t)(s->lba << 2) + (s->io_buffer_index >> 9),
3714 pmac_ide_atapi_transfer_cb, io);
3715 if (!m->aiocb) {
3716 qemu_sglist_destroy(&s->sg);
3717 /* Note: media not present is the most likely case */
3718 ide_atapi_cmd_error(s, SENSE_NOT_READY,
3719 ASC_MEDIUM_NOT_PRESENT);
3720 io->dma_end(opaque);
3721 return;
3722 }
3723 }
3724
3725 static void pmac_ide_transfer_cb(void *opaque, int ret)
3726 {
3727 DBDMA_io *io = opaque;
3728 MACIOIDEState *m = io->opaque;
3729 IDEState *s = m->ide_if->cur_drive;
3730 int n;
3731 int64_t sector_num;
3732
3733 if (ret < 0) {
3734 m->aiocb = NULL;
3735 qemu_sglist_destroy(&s->sg);
3736 ide_dma_error(s);
3737 io->dma_end(io);
3738 return;
3739 }
3740
3741 sector_num = ide_get_sector(s);
3742 if (s->io_buffer_size > 0) {
3743 m->aiocb = NULL;
3744 qemu_sglist_destroy(&s->sg);
3745 n = (s->io_buffer_size + 0x1ff) >> 9;
3746 sector_num += n;
3747 ide_set_sector(s, sector_num);
3748 s->nsector -= n;
3749 }
3750
3751 /* end of transfer ? */
3752 if (s->nsector == 0) {
3753 s->status = READY_STAT | SEEK_STAT;
3754 ide_set_irq(s);
3755 }
3756
3757 /* end of DMA ? */
3758
3759 if (io->len == 0) {
3760 io->dma_end(io);
3761 return;
3762 }
3763
3764 /* launch next transfer */
3765
3766 s->io_buffer_index = 0;
3767 s->io_buffer_size = io->len;
3768
3769 qemu_sglist_init(&s->sg, io->len / TARGET_PAGE_SIZE + 1);
3770 qemu_sglist_add(&s->sg, io->addr, io->len);
3771 io->addr += io->len;
3772 io->len = 0;
3773
3774 if (s->is_read)
3775 m->aiocb = dma_bdrv_read(s->bs, &s->sg, sector_num,
3776 pmac_ide_transfer_cb, io);
3777 else
3778 m->aiocb = dma_bdrv_write(s->bs, &s->sg, sector_num,
3779 pmac_ide_transfer_cb, io);
3780 if (!m->aiocb)
3781 pmac_ide_transfer_cb(io, -1);
3782 }
3783
3784 static void pmac_ide_transfer(DBDMA_io *io)
3785 {
3786 MACIOIDEState *m = io->opaque;
3787 IDEState *s = m->ide_if->cur_drive;
3788
3789 s->io_buffer_size = 0;
3790 if (s->is_cdrom) {
3791 pmac_ide_atapi_transfer_cb(io, 0);
3792 return;
3793 }
3794
3795 pmac_ide_transfer_cb(io, 0);
3796 }
3797
3798 static void pmac_ide_flush(DBDMA_io *io)
3799 {
3800 MACIOIDEState *m = io->opaque;
3801
3802 if (m->aiocb)
3803 qemu_aio_flush();
3804 }
3805
3806 /* PowerMac IDE memory IO */
3807 static void pmac_ide_writeb (void *opaque,
3808 target_phys_addr_t addr, uint32_t val)
3809 {
3810 MACIOIDEState *d = opaque;
3811
3812 addr = (addr & 0xFFF) >> 4;
3813 switch (addr) {
3814 case 1 ... 7:
3815 ide_ioport_write(d->ide_if, addr, val);
3816 break;
3817 case 8:
3818 case 22:
3819 ide_cmd_write(d->ide_if, 0, val);
3820 break;
3821 default:
3822 break;
3823 }
3824 }
3825
3826 static uint32_t pmac_ide_readb (void *opaque,target_phys_addr_t addr)
3827 {
3828 uint8_t retval;
3829 MACIOIDEState *d = opaque;
3830
3831 addr = (addr & 0xFFF) >> 4;
3832 switch (addr) {
3833 case 1 ... 7:
3834 retval = ide_ioport_read(d->ide_if, addr);
3835 break;
3836 case 8:
3837 case 22:
3838 retval = ide_status_read(d->ide_if, 0);
3839 break;
3840 default:
3841 retval = 0xFF;
3842 break;
3843 }
3844 return retval;
3845 }
3846
3847 static void pmac_ide_writew (void *opaque,
3848 target_phys_addr_t addr, uint32_t val)
3849 {
3850 MACIOIDEState *d = opaque;
3851
3852 addr = (addr & 0xFFF) >> 4;
3853 #ifdef TARGET_WORDS_BIGENDIAN
3854 val = bswap16(val);
3855 #endif
3856 if (addr == 0) {
3857 ide_data_writew(d->ide_if, 0, val);
3858 }
3859 }
3860
3861 static uint32_t pmac_ide_readw (void *opaque,target_phys_addr_t addr)
3862 {
3863 uint16_t retval;
3864 MACIOIDEState *d = opaque;
3865
3866 addr = (addr & 0xFFF) >> 4;
3867 if (addr == 0) {
3868 retval = ide_data_readw(d->ide_if, 0);
3869 } else {
3870 retval = 0xFFFF;
3871 }
3872 #ifdef TARGET_WORDS_BIGENDIAN
3873 retval = bswap16(retval);
3874 #endif
3875 return retval;
3876 }
3877
3878 static void pmac_ide_writel (void *opaque,
3879 target_phys_addr_t addr, uint32_t val)
3880 {
3881 MACIOIDEState *d = opaque;
3882
3883 addr = (addr & 0xFFF) >> 4;
3884 #ifdef TARGET_WORDS_BIGENDIAN
3885 val = bswap32(val);
3886 #endif
3887 if (addr == 0) {
3888 ide_data_writel(d->ide_if, 0, val);
3889 }
3890 }
3891
3892 static uint32_t pmac_ide_readl (void *opaque,target_phys_addr_t addr)
3893 {
3894 uint32_t retval;
3895 MACIOIDEState *d = opaque;
3896
3897 addr = (addr & 0xFFF) >> 4;
3898 if (addr == 0) {
3899 retval = ide_data_readl(d->ide_if, 0);
3900 } else {
3901 retval = 0xFFFFFFFF;
3902 }
3903 #ifdef TARGET_WORDS_BIGENDIAN
3904 retval = bswap32(retval);
3905 #endif
3906 return retval;
3907 }
3908
3909 static CPUWriteMemoryFunc *pmac_ide_write[] = {
3910 pmac_ide_writeb,
3911 pmac_ide_writew,
3912 pmac_ide_writel,
3913 };
3914
3915 static CPUReadMemoryFunc *pmac_ide_read[] = {
3916 pmac_ide_readb,
3917 pmac_ide_readw,
3918 pmac_ide_readl,
3919 };
3920
3921 static void pmac_ide_save(QEMUFile *f, void *opaque)
3922 {
3923 MACIOIDEState *d = opaque;
3924 IDEState *s = d->ide_if;
3925 uint8_t drive1_selected;
3926 unsigned int i;
3927
3928 /* per IDE interface data */
3929 qemu_put_8s(f, &s->cmd);
3930 drive1_selected = (s->cur_drive != s);
3931 qemu_put_8s(f, &drive1_selected);
3932
3933 /* per IDE drive data */
3934 for(i = 0; i < 2; i++) {
3935 ide_save(f, &s[i]);
3936 }
3937 }
3938
3939 static int pmac_ide_load(QEMUFile *f, void *opaque, int version_id)
3940 {
3941 MACIOIDEState *d = opaque;
3942 IDEState *s = d->ide_if;
3943 uint8_t drive1_selected;
3944 unsigned int i;
3945
3946 if (version_id != 1 && version_id != 3)
3947 return -EINVAL;
3948
3949 /* per IDE interface data */
3950 qemu_get_8s(f, &s->cmd);
3951 qemu_get_8s(f, &drive1_selected);
3952 s->cur_drive = &s[(drive1_selected != 0)];
3953
3954 /* per IDE drive data */
3955 for(i = 0; i < 2; i++) {
3956 ide_load(f, &s[i], version_id);
3957 }
3958 return 0;
3959 }
3960
3961 static void pmac_ide_reset(void *opaque)
3962 {
3963 MACIOIDEState *d = opaque;
3964 IDEState *s = d->ide_if;
3965
3966 ide_reset(&s[0]);
3967 ide_reset(&s[1]);
3968 }
3969
3970 /* hd_table must contain 4 block drivers */
3971 /* PowerMac uses memory mapped registers, not I/O. Return the memory
3972 I/O index to access the ide. */
3973 int pmac_ide_init (BlockDriverState **hd_table, qemu_irq irq,
3974 void *dbdma, int channel, qemu_irq dma_irq)
3975 {
3976 MACIOIDEState *d;
3977 int pmac_ide_memory;
3978
3979 d = qemu_mallocz(sizeof(MACIOIDEState));
3980 ide_init2(d->ide_if, hd_table[0], hd_table[1], irq);
3981
3982 if (dbdma)
3983 DBDMA_register_channel(dbdma, channel, dma_irq, pmac_ide_transfer, pmac_ide_flush, d);
3984
3985 pmac_ide_memory = cpu_register_io_memory(pmac_ide_read,
3986 pmac_ide_write, d);
3987 register_savevm("ide", 0, 3, pmac_ide_save, pmac_ide_load, d);
3988 qemu_register_reset(pmac_ide_reset, d);
3989 pmac_ide_reset(d);
3990
3991 return pmac_ide_memory;
3992 }
3993 #endif /* TARGET_PPC */
3994
3995 /***********************************************************/
3996 /* MMIO based ide port
3997 * This emulates IDE device connected directly to the CPU bus without
3998 * dedicated ide controller, which is often seen on embedded boards.
3999 */
4000
4001 typedef struct {
4002 void *dev;
4003 int shift;
4004 } MMIOState;
4005
4006 static uint32_t mmio_ide_read (void *opaque, target_phys_addr_t addr)
4007 {
4008 MMIOState *s = (MMIOState*)opaque;
4009 IDEState *ide = (IDEState*)s->dev;
4010 addr >>= s->shift;
4011 if (addr & 7)
4012 return ide_ioport_read(ide, addr);
4013 else
4014 return ide_data_readw(ide, 0);
4015 }
4016
4017 static void mmio_ide_write (void *opaque, target_phys_addr_t addr,
4018 uint32_t val)
4019 {
4020 MMIOState *s = (MMIOState*)opaque;
4021 IDEState *ide = (IDEState*)s->dev;
4022 addr >>= s->shift;
4023 if (addr & 7)
4024 ide_ioport_write(ide, addr, val);
4025 else
4026 ide_data_writew(ide, 0, val);
4027 }
4028
4029 static CPUReadMemoryFunc *mmio_ide_reads[] = {
4030 mmio_ide_read,
4031 mmio_ide_read,
4032 mmio_ide_read,
4033 };
4034
4035 static CPUWriteMemoryFunc *mmio_ide_writes[] = {
4036 mmio_ide_write,
4037 mmio_ide_write,
4038 mmio_ide_write,
4039 };
4040
4041 static uint32_t mmio_ide_status_read (void *opaque, target_phys_addr_t addr)
4042 {
4043 MMIOState *s= (MMIOState*)opaque;
4044 IDEState *ide = (IDEState*)s->dev;
4045 return ide_status_read(ide, 0);
4046 }
4047
4048 static void mmio_ide_cmd_write (void *opaque, target_phys_addr_t addr,
4049 uint32_t val)
4050 {
4051 MMIOState *s = (MMIOState*)opaque;
4052 IDEState *ide = (IDEState*)s->dev;
4053 ide_cmd_write(ide, 0, val);
4054 }
4055
4056 static CPUReadMemoryFunc *mmio_ide_status[] = {
4057 mmio_ide_status_read,
4058 mmio_ide_status_read,
4059 mmio_ide_status_read,
4060 };
4061
4062 static CPUWriteMemoryFunc *mmio_ide_cmd[] = {
4063 mmio_ide_cmd_write,
4064 mmio_ide_cmd_write,
4065 mmio_ide_cmd_write,
4066 };
4067
4068 void mmio_ide_init (target_phys_addr_t membase, target_phys_addr_t membase2,
4069 qemu_irq irq, int shift,
4070 BlockDriverState *hd0, BlockDriverState *hd1)
4071 {
4072 MMIOState *s = qemu_mallocz(sizeof(MMIOState));
4073 IDEState *ide = qemu_mallocz(sizeof(IDEState) * 2);
4074 int mem1, mem2;
4075
4076 ide_init2(ide, hd0, hd1, irq);
4077
4078 s->dev = ide;
4079 s->shift = shift;
4080
4081 mem1 = cpu_register_io_memory(mmio_ide_reads, mmio_ide_writes, s);
4082 mem2 = cpu_register_io_memory(mmio_ide_status, mmio_ide_cmd, s);
4083 cpu_register_physical_memory(membase, 16 << shift, mem1);
4084 cpu_register_physical_memory(membase2, 2 << shift, mem2);
4085 }
4086
4087 /***********************************************************/
4088 /* CF-ATA Microdrive */
4089
4090 #define METADATA_SIZE 0x20
4091
4092 /* DSCM-1XXXX Microdrive hard disk with CF+ II / PCMCIA interface. */
4093 typedef struct {
4094 IDEState ide[2];
4095 PCMCIACardState card;
4096 uint32_t attr_base;
4097 uint32_t io_base;
4098
4099 /* Card state */
4100 uint8_t opt;
4101 uint8_t stat;
4102 uint8_t pins;
4103
4104 uint8_t ctrl;
4105 uint16_t io;
4106 int cycle;
4107 } MicroDriveState;
4108
4109 /* Register bitfields */
4110 enum md_opt {
4111 OPT_MODE_MMAP = 0,
4112 OPT_MODE_IOMAP16 = 1,
4113 OPT_MODE_IOMAP1 = 2,
4114 OPT_MODE_IOMAP2 = 3,
4115 OPT_MODE = 0x3f,
4116 OPT_LEVIREQ = 0x40,
4117 OPT_SRESET = 0x80,
4118 };
4119 enum md_cstat {
4120 STAT_INT = 0x02,
4121 STAT_PWRDWN = 0x04,
4122 STAT_XE = 0x10,
4123 STAT_IOIS8 = 0x20,
4124 STAT_SIGCHG = 0x40,
4125 STAT_CHANGED = 0x80,
4126 };
4127 enum md_pins {
4128 PINS_MRDY = 0x02,
4129 PINS_CRDY = 0x20,
4130 };
4131 enum md_ctrl {
4132 CTRL_IEN = 0x02,
4133 CTRL_SRST = 0x04,
4134 };
4135
4136 static inline void md_interrupt_update(MicroDriveState *s)
4137 {
4138 if (!s->card.slot)
4139 return;
4140
4141 qemu_set_irq(s->card.slot->irq,
4142 !(s->stat & STAT_INT) && /* Inverted */
4143 !(s->ctrl & (CTRL_IEN | CTRL_SRST)) &&
4144 !(s->opt & OPT_SRESET));
4145 }
4146
4147 static void md_set_irq(void *opaque, int irq, int level)
4148 {
4149 MicroDriveState *s = (MicroDriveState *) opaque;
4150 if (level)
4151 s->stat |= STAT_INT;
4152 else
4153 s->stat &= ~STAT_INT;
4154
4155 md_interrupt_update(s);
4156 }
4157
4158 static void md_reset(MicroDriveState *s)
4159 {
4160 s->opt = OPT_MODE_MMAP;
4161 s->stat = 0;
4162 s->pins = 0;
4163 s->cycle = 0;
4164 s->ctrl = 0;
4165 ide_reset(s->ide);
4166 }
4167
4168 static uint8_t md_attr_read(void *opaque, uint32_t at)
4169 {
4170 MicroDriveState *s = (MicroDriveState *) opaque;
4171 if (at < s->attr_base) {
4172 if (at < s->card.cis_len)
4173 return s->card.cis[at];
4174 else
4175 return 0x00;
4176 }
4177
4178 at -= s->attr_base;
4179
4180 switch (at) {
4181 case 0x00: /* Configuration Option Register */
4182 return s->opt;
4183 case 0x02: /* Card Configuration Status Register */
4184 if (s->ctrl & CTRL_IEN)
4185 return s->stat & ~STAT_INT;
4186 else
4187 return s->stat;
4188 case 0x04: /* Pin Replacement Register */
4189 return (s->pins & PINS_CRDY) | 0x0c;
4190 case 0x06: /* Socket and Copy Register */
4191 return 0x00;
4192 #ifdef VERBOSE
4193 default:
4194 printf("%s: Bad attribute space register %02x\n", __FUNCTION__, at);
4195 #endif
4196 }
4197
4198 return 0;
4199 }
4200
4201 static void md_attr_write(void *opaque, uint32_t at, uint8_t value)
4202 {
4203 MicroDriveState *s = (MicroDriveState *) opaque;
4204 at -= s->attr_base;
4205
4206 switch (at) {
4207 case 0x00: /* Configuration Option Register */
4208 s->opt = value & 0xcf;
4209 if (value & OPT_SRESET)
4210 md_reset(s);
4211 md_interrupt_update(s);
4212 break;
4213 case 0x02: /* Card Configuration Status Register */
4214 if ((s->stat ^ value) & STAT_PWRDWN)
4215 s->pins |= PINS_CRDY;
4216 s->stat &= 0x82;
4217 s->stat |= value & 0x74;
4218 md_interrupt_update(s);
4219 /* Word 170 in Identify Device must be equal to STAT_XE */
4220 break;
4221 case 0x04: /* Pin Replacement Register */
4222 s->pins &= PINS_CRDY;
4223 s->pins |= value & PINS_MRDY;
4224 break;
4225 case 0x06: /* Socket and Copy Register */
4226 break;
4227 default:
4228 printf("%s: Bad attribute space register %02x\n", __FUNCTION__, at);
4229 }
4230 }
4231
4232 static uint16_t md_common_read(void *opaque, uint32_t at)
4233 {
4234 MicroDriveState *s = (MicroDriveState *) opaque;
4235 uint16_t ret;
4236 at -= s->io_base;
4237
4238 switch (s->opt & OPT_MODE) {
4239 case OPT_MODE_MMAP:
4240 if ((at & ~0x3ff) == 0x400)
4241 at = 0;
4242 break;
4243 case OPT_MODE_IOMAP16:
4244 at &= 0xf;
4245 break;
4246 case OPT_MODE_IOMAP1:
4247 if ((at & ~0xf) == 0x3f0)
4248 at -= 0x3e8;
4249 else if ((at & ~0xf) == 0x1f0)
4250 at -= 0x1f0;
4251 break;
4252 case OPT_MODE_IOMAP2:
4253 if ((at & ~0xf) == 0x370)
4254 at -= 0x368;
4255 else if ((at & ~0xf) == 0x170)
4256 at -= 0x170;
4257 }
4258
4259 switch (at) {
4260 case 0x0: /* Even RD Data */
4261 case 0x8:
4262 return ide_data_readw(s->ide, 0);
4263
4264 /* TODO: 8-bit accesses */
4265 if (s->cycle)
4266 ret = s->io >> 8;
4267 else {
4268 s->io = ide_data_readw(s->ide, 0);
4269 ret = s->io & 0xff;
4270 }
4271 s->cycle = !s->cycle;
4272 return ret;
4273 case 0x9: /* Odd RD Data */
4274 return s->io >> 8;
4275 case 0xd: /* Error */
4276 return ide_ioport_read(s->ide, 0x1);
4277 case 0xe: /* Alternate Status */
4278 if (s->ide->cur_drive->bs)
4279 return s->ide->cur_drive->status;
4280 else
4281 return 0;
4282 case 0xf: /* Device Address */
4283 return 0xc2 | ((~s->ide->select << 2) & 0x3c);
4284 default:
4285 return ide_ioport_read(s->ide, at);
4286 }
4287
4288 return 0;
4289 }
4290
4291 static void md_common_write(void *opaque, uint32_t at, uint16_t value)
4292 {
4293 MicroDriveState *s = (MicroDriveState *) opaque;
4294 at -= s->io_base;
4295
4296 switch (s->opt & OPT_MODE) {
4297 case OPT_MODE_MMAP:
4298 if ((at & ~0x3ff) == 0x400)
4299 at = 0;
4300 break;
4301 case OPT_MODE_IOMAP16:
4302 at &= 0xf;
4303 break;
4304 case OPT_MODE_IOMAP1:
4305 if ((at & ~0xf) == 0x3f0)
4306 at -= 0x3e8;
4307 else if ((at & ~0xf) == 0x1f0)
4308 at -= 0x1f0;
4309 break;
4310 case OPT_MODE_IOMAP2:
4311 if ((at & ~0xf) == 0x370)
4312 at -= 0x368;
4313 else if ((at & ~0xf) == 0x170)
4314 at -= 0x170;
4315 }
4316
4317 switch (at) {
4318 case 0x0: /* Even WR Data */
4319 case 0x8:
4320 ide_data_writew(s->ide, 0, value);
4321 break;
4322
4323 /* TODO: 8-bit accesses */
4324 if (s->cycle)
4325 ide_data_writew(s->ide, 0, s->io | (value << 8));
4326 else
4327 s->io = value & 0xff;
4328 s->cycle = !s->cycle;
4329 break;
4330 case 0x9:
4331 s->io = value & 0xff;
4332 s->cycle = !s->cycle;
4333 break;
4334 case 0xd: /* Features */
4335 ide_ioport_write(s->ide, 0x1, value);
4336 break;
4337 case 0xe: /* Device Control */
4338 s->ctrl = value;
4339 if (value & CTRL_SRST)
4340 md_reset(s);
4341 md_interrupt_update(s);
4342 break;
4343 default:
4344 if (s->stat & STAT_PWRDWN) {
4345 s->pins |= PINS_CRDY;
4346 s->stat &= ~STAT_PWRDWN;
4347 }
4348 ide_ioport_write(s->ide, at, value);
4349 }
4350 }
4351
4352 static void md_save(QEMUFile *f, void *opaque)
4353 {
4354 MicroDriveState *s = (MicroDriveState *) opaque;
4355 int i;
4356 uint8_t drive1_selected;
4357
4358 qemu_put_8s(f, &s->opt);
4359 qemu_put_8s(f, &s->stat);
4360 qemu_put_8s(f, &s->pins);
4361
4362 qemu_put_8s(f, &s->ctrl);
4363 qemu_put_be16s(f, &s->io);
4364 qemu_put_byte(f, s->cycle);
4365
4366 drive1_selected = (s->ide->cur_drive != s->ide);
4367 qemu_put_8s(f, &s->ide->cmd);
4368 qemu_put_8s(f, &drive1_selected);
4369
4370 for (i = 0; i < 2; i ++)
4371 ide_save(f, &s->ide[i]);
4372 }
4373
4374 static int md_load(QEMUFile *f, void *opaque, int version_id)
4375 {
4376 MicroDriveState *s = (MicroDriveState *) opaque;
4377 int i;
4378 uint8_t drive1_selected;
4379
4380 if (version_id != 0 && version_id != 3)
4381 return -EINVAL;
4382
4383 qemu_get_8s(f, &s->opt);
4384 qemu_get_8s(f, &s->stat);
4385 qemu_get_8s(f, &s->pins);
4386
4387 qemu_get_8s(f, &s->ctrl);
4388 qemu_get_be16s(f, &s->io);
4389 s->cycle = qemu_get_byte(f);
4390
4391 qemu_get_8s(f, &s->ide->cmd);
4392 qemu_get_8s(f, &drive1_selected);
4393 s->ide->cur_drive = &s->ide[(drive1_selected != 0)];
4394
4395 for (i = 0; i < 2; i ++)
4396 ide_load(f, &s->ide[i], version_id);
4397
4398 return 0;
4399 }
4400
4401 static const uint8_t dscm1xxxx_cis[0x14a] = {
4402 [0x000] = CISTPL_DEVICE, /* 5V Device Information */
4403 [0x002] = 0x03, /* Tuple length = 4 bytes */
4404 [0x004] = 0xdb, /* ID: DTYPE_FUNCSPEC, non WP, DSPEED_150NS */
4405 [0x006] = 0x01, /* Size = 2K bytes */
4406 [0x008] = CISTPL_ENDMARK,
4407
4408 [0x00a] = CISTPL_DEVICE_OC, /* Additional Device Information */
4409 [0x00c] = 0x04, /* Tuple length = 4 byest */
4410 [0x00e] = 0x03, /* Conditions: Ext = 0, Vcc 3.3V, MWAIT = 1 */
4411 [0x010] = 0xdb, /* ID: DTYPE_FUNCSPEC, non WP, DSPEED_150NS */
4412 [0x012] = 0x01, /* Size = 2K bytes */
4413 [0x014] = CISTPL_ENDMARK,
4414
4415 [0x016] = CISTPL_JEDEC_C, /* JEDEC ID */
4416 [0x018] = 0x02, /* Tuple length = 2 bytes */
4417 [0x01a] = 0xdf, /* PC Card ATA with no Vpp required */
4418 [0x01c] = 0x01,
4419
4420 [0x01e] = CISTPL_MANFID, /* Manufacture ID */
4421 [0x020] = 0x04, /* Tuple length = 4 bytes */
4422 [0x022] = 0xa4, /* TPLMID_MANF = 00a4 (IBM) */
4423 [0x024] = 0x00,
4424 [0x026] = 0x00, /* PLMID_CARD = 0000 */
4425 [0x028] = 0x00,
4426
4427 [0x02a] = CISTPL_VERS_1, /* Level 1 Version */
4428 [0x02c] = 0x12, /* Tuple length = 23 bytes */
4429 [0x02e] = 0x04, /* Major Version = JEIDA 4.2 / PCMCIA 2.1 */
4430 [0x030] = 0x01, /* Minor Version = 1 */
4431 [0x032] = 'I',
4432 [0x034] = 'B',
4433 [0x036] = 'M',
4434 [0x038] = 0x00,
4435 [0x03a] = 'm',
4436 [0x03c] = 'i',
4437 [0x03e] = 'c',
4438 [0x040] = 'r',
4439 [0x042] = 'o',
4440 [0x044] = 'd',
4441 [0x046] = 'r',
4442 [0x048] = 'i',
4443 [0x04a] = 'v',
4444 [0x04c] = 'e',
4445 [0x04e] = 0x00,
4446 [0x050] = CISTPL_ENDMARK,
4447
4448 [0x052] = CISTPL_FUNCID, /* Function ID */
4449 [0x054] = 0x02, /* Tuple length = 2 bytes */
4450 [0x056] = 0x04, /* TPLFID_FUNCTION = Fixed Disk */
4451 [0x058] = 0x01, /* TPLFID_SYSINIT: POST = 1, ROM = 0 */
4452
4453 [0x05a] = CISTPL_FUNCE, /* Function Extension */
4454 [0x05c] = 0x02, /* Tuple length = 2 bytes */
4455 [0x05e] = 0x01, /* TPLFE_TYPE = Disk Device Interface */
4456 [0x060] = 0x01, /* TPLFE_DATA = PC Card ATA Interface */
4457
4458 [0x062] = CISTPL_FUNCE, /* Function Extension */
4459 [0x064] = 0x03, /* Tuple length = 3 bytes */
4460 [0x066] = 0x02, /* TPLFE_TYPE = Basic PC Card ATA Interface */
4461 [0x068] = 0x08, /* TPLFE_DATA: Rotating, Unique, Single */
4462 [0x06a] = 0x0f, /* TPLFE_DATA: Sleep, Standby, Idle, Auto */
4463
4464 [0x06c] = CISTPL_CONFIG, /* Configuration */
4465 [0x06e] = 0x05, /* Tuple length = 5 bytes */
4466 [0x070] = 0x01, /* TPCC_RASZ = 2 bytes, TPCC_RMSZ = 1 byte */
4467 [0x072] = 0x07, /* TPCC_LAST = 7 */
4468 [0x074] = 0x00, /* TPCC_RADR = 0200 */
4469 [0x076] = 0x02,
4470 [0x078] = 0x0f, /* TPCC_RMSK = 200, 202, 204, 206 */
4471
4472 [0x07a] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
4473 [0x07c] = 0x0b, /* Tuple length = 11 bytes */
4474 [0x07e] = 0xc0, /* TPCE_INDX = Memory Mode, Default, Iface */
4475 [0x080] = 0xc0, /* TPCE_IF = Memory, no BVDs, no WP, READY */
4476 [0x082] = 0xa1, /* TPCE_FS = Vcc only, no I/O, Memory, Misc */
4477 [0x084] = 0x27, /* NomV = 1, MinV = 1, MaxV = 1, Peakl = 1 */
4478 [0x086] = 0x55, /* NomV: 5.0 V */
4479 [0x088] = 0x4d, /* MinV: 4.5 V */
4480 [0x08a] = 0x5d, /* MaxV: 5.5 V */
4481 [0x08c] = 0x4e, /* Peakl: 450 mA */
4482 [0x08e] = 0x08, /* TPCE_MS = 1 window, 1 byte, Host address */
4483 [0x090] = 0x00, /* Window descriptor: Window length = 0 */
4484 [0x092] = 0x20, /* TPCE_MI: support power down mode, RW */
4485
4486 [0x094] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
4487 [0x096] = 0x06, /* Tuple length = 6 bytes */
4488 [0x098] = 0x00, /* TPCE_INDX = Memory Mode, no Default */
4489 [0x09a] = 0x01, /* TPCE_FS = Vcc only, no I/O, no Memory */
4490 [0x09c] = 0x21, /* NomV = 1, MinV = 0, MaxV = 0, Peakl = 1 */
4491 [0x09e] = 0xb5, /* NomV: 3.3 V */
4492 [0x0a0] = 0x1e,
4493 [0x0a2] = 0x3e, /* Peakl: 350 mA */
4494
4495 [0x0a4] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
4496 [0x0a6] = 0x0d, /* Tuple length = 13 bytes */
4497 [0x0a8] = 0xc1, /* TPCE_INDX = I/O and Memory Mode, Default */
4498 [0x0aa] = 0x41, /* TPCE_IF = I/O and Memory, no BVD, no WP */
4499 [0x0ac] = 0x99, /* TPCE_FS = Vcc only, I/O, Interrupt, Misc */
4500 [0x0ae] = 0x27, /* NomV = 1, MinV = 1, MaxV = 1, Peakl = 1 */
4501 [0x0b0] = 0x55, /* NomV: 5.0 V */
4502 [0x0b2] = 0x4d, /* MinV: 4.5 V */
4503 [0x0b4] = 0x5d, /* MaxV: 5.5 V */
4504 [0x0b6] = 0x4e, /* Peakl: 450 mA */
4505 [0x0b8] = 0x64, /* TPCE_IO = 16-byte boundary, 16/8 accesses */
4506 [0x0ba] = 0xf0, /* TPCE_IR = MASK, Level, Pulse, Share */
4507 [0x0bc] = 0xff, /* IRQ0..IRQ7 supported */
4508 [0x0be] = 0xff, /* IRQ8..IRQ15 supported */
4509 [0x0c0] = 0x20, /* TPCE_MI = support power down mode */
4510
4511 [0x0c2] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
4512 [0x0c4] = 0x06, /* Tuple length = 6 bytes */
4513 [0x0c6] = 0x01, /* TPCE_INDX = I/O and Memory Mode */
4514 [0x0c8] = 0x01, /* TPCE_FS = Vcc only, no I/O, no Memory */
4515 [0x0ca] = 0x21, /* NomV = 1, MinV = 0, MaxV = 0, Peakl = 1 */
4516 [0x0cc] = 0xb5, /* NomV: 3.3 V */
4517 [0x0ce] = 0x1e,
4518 [0x0d0] = 0x3e, /* Peakl: 350 mA */
4519
4520 [0x0d2] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
4521 [0x0d4] = 0x12, /* Tuple length = 18 bytes */
4522 [0x0d6] = 0xc2, /* TPCE_INDX = I/O Primary Mode */
4523 [0x0d8] = 0x41, /* TPCE_IF = I/O and Memory, no BVD, no WP */
4524 [0x0da] = 0x99, /* TPCE_FS = Vcc only, I/O, Interrupt, Misc */
4525 [0x0dc] = 0x27, /* NomV = 1, MinV = 1, MaxV = 1, Peakl = 1 */
4526 [0x0de] = 0x55, /* NomV: 5.0 V */
4527 [0x0e0] = 0x4d, /* MinV: 4.5 V */
4528 [0x0e2] = 0x5d, /* MaxV: 5.5 V */
4529 [0x0e4] = 0x4e, /* Peakl: 450 mA */
4530 [0x0e6] = 0xea, /* TPCE_IO = 1K boundary, 16/8 access, Range */
4531 [0x0e8] = 0x61, /* Range: 2 fields, 2 bytes addr, 1 byte len */
4532 [0x0ea] = 0xf0, /* Field 1 address = 0x01f0 */
4533 [0x0ec] = 0x01,
4534 [0x0ee] = 0x07, /* Address block length = 8 */
4535 [0x0f0] = 0xf6, /* Field 2 address = 0x03f6 */
4536 [0x0f2] = 0x03,
4537 [0x0f4] = 0x01, /* Address block length = 2 */
4538 [0x0f6] = 0xee, /* TPCE_IR = IRQ E, Level, Pulse, Share */
4539 [0x0f8] = 0x20, /* TPCE_MI = support power down mode */
4540
4541 [0x0fa] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
4542 [0x0fc] = 0x06, /* Tuple length = 6 bytes */
4543 [0x0fe] = 0x02, /* TPCE_INDX = I/O Primary Mode, no Default */
4544 [0x100] = 0x01, /* TPCE_FS = Vcc only, no I/O, no Memory */
4545 [0x102] = 0x21, /* NomV = 1, MinV = 0, MaxV = 0, Peakl = 1 */
4546 [0x104] = 0xb5, /* NomV: 3.3 V */
4547 [0x106] = 0x1e,
4548 [0x108] = 0x3e, /* Peakl: 350 mA */
4549
4550 [0x10a] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
4551 [0x10c] = 0x12, /* Tuple length = 18 bytes */
4552 [0x10e] = 0xc3, /* TPCE_INDX = I/O Secondary Mode, Default */
4553 [0x110] = 0x41, /* TPCE_IF = I/O and Memory, no BVD, no WP */
4554 [0x112] = 0x99, /* TPCE_FS = Vcc only, I/O, Interrupt, Misc */
4555 [0x114] = 0x27, /* NomV = 1, MinV = 1, MaxV = 1, Peakl = 1 */
4556 [0x116] = 0x55, /* NomV: 5.0 V */
4557 [0x118] = 0x4d, /* MinV: 4.5 V */
4558 [0x11a] = 0x5d, /* MaxV: 5.5 V */
4559 [0x11c] = 0x4e, /* Peakl: 450 mA */
4560 [0x11e] = 0xea, /* TPCE_IO = 1K boundary, 16/8 access, Range */
4561 [0x120] = 0x61, /* Range: 2 fields, 2 byte addr, 1 byte len */
4562 [0x122] = 0x70, /* Field 1 address = 0x0170 */
4563 [0x124] = 0x01,
4564 [0x126] = 0x07, /* Address block length = 8 */
4565 [0x128] = 0x76, /* Field 2 address = 0x0376 */
4566 [0x12a] = 0x03,
4567 [0x12c] = 0x01, /* Address block length = 2 */
4568 [0x12e] = 0xee, /* TPCE_IR = IRQ E, Level, Pulse, Share */
4569 [0x130] = 0x20, /* TPCE_MI = support power down mode */
4570
4571 [0x132] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
4572 [0x134] = 0x06, /* Tuple length = 6 bytes */
4573 [0x136] = 0x03, /* TPCE_INDX = I/O Secondary Mode */
4574 [0x138] = 0x01, /* TPCE_FS = Vcc only, no I/O, no Memory */
4575 [0x13a] = 0x21, /* NomV = 1, MinV = 0, MaxV = 0, Peakl = 1 */
4576 [0x13c] = 0xb5, /* NomV: 3.3 V */
4577 [0x13e] = 0x1e,
4578 [0x140] = 0x3e, /* Peakl: 350 mA */
4579
4580 [0x142] = CISTPL_NO_LINK, /* No Link */
4581 [0x144] = 0x00, /* Tuple length = 0 bytes */
4582
4583 [0x146] = CISTPL_END, /* Tuple End */
4584 };
4585
4586 static int dscm1xxxx_attach(void *opaque)
4587 {
4588 MicroDriveState *md = (MicroDriveState *) opaque;
4589 md->card.attr_read = md_attr_read;
4590 md->card.attr_write = md_attr_write;
4591 md->card.common_read = md_common_read;
4592 md->card.common_write = md_common_write;
4593 md->card.io_read = md_common_read;
4594 md->card.io_write = md_common_write;
4595
4596 md->attr_base = md->card.cis[0x74] | (md->card.cis[0x76] << 8);
4597 md->io_base = 0x0;
4598
4599 md_reset(md);
4600 md_interrupt_update(md);
4601
4602 md->card.slot->card_string = "DSCM-1xxxx Hitachi Microdrive";
4603 return 0;
4604 }
4605
4606 static int dscm1xxxx_detach(void *opaque)
4607 {
4608 MicroDriveState *md = (MicroDriveState *) opaque;
4609 md_reset(md);
4610 return 0;
4611 }
4612
4613 PCMCIACardState *dscm1xxxx_init(BlockDriverState *bdrv)
4614 {
4615 MicroDriveState *md = (MicroDriveState *) qemu_mallocz(sizeof(MicroDriveState));
4616 md->card.state = md;
4617 md->card.attach = dscm1xxxx_attach;
4618 md->card.detach = dscm1xxxx_detach;
4619 md->card.cis = dscm1xxxx_cis;
4620 md->card.cis_len = sizeof(dscm1xxxx_cis);
4621
4622 ide_init2(md->ide, bdrv, NULL, qemu_allocate_irqs(md_set_irq, md, 1)[0]);
4623 md->ide->is_cf = 1;
4624 md->ide->mdata_size = METADATA_SIZE;
4625 md->ide->mdata_storage = (uint8_t *) qemu_mallocz(METADATA_SIZE);
4626
4627 register_savevm("microdrive", -1, 3, md_save, md_load, md);
4628
4629 return &md->card;
4630 }
QEmu