search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
atapi: Add 'medium ready' to 'medium not ready' transition on cd change
[qemu/ar7.git] / hw / ide / core.c
blobd8c613ae0dcf06390ff51da51f83ac9fd33240fb
1 /*
2 * QEMU IDE disk and CD/DVD-ROM Emulator
3 *
4 * Copyright (c) 2003 Fabrice Bellard
5 * Copyright (c) 2006 Openedhand Ltd.
6 *
7 * Permission is hereby granted, free of charge, to any person obtaining a copy
8 * of this software and associated documentation files (the "Software"), to deal
9 * in the Software without restriction, including without limitation the rights
10 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
11 * copies of the Software, and to permit persons to whom the Software is
12 * furnished to do so, subject to the following conditions:
13 *
14 * The above copyright notice and this permission notice shall be included in
15 * all copies or substantial portions of the Software.
16 *
17 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
18 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
19 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
20 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
21 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
22 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
23 * THE SOFTWARE.
24 */
25 #include <hw/hw.h>
26 #include <hw/pc.h>
27 #include <hw/pci.h>
28 #include <hw/scsi.h>
29 #include "qemu-error.h"
30 #include "qemu-timer.h"
31 #include "sysemu.h"
32 #include "dma.h"
33 #include "blockdev.h"
34
35 #include <hw/ide/internal.h>
36
37 /* These values were based on a Seagate ST3500418AS but have been modified
38 to make more sense in QEMU */
39 static const int smart_attributes[][12] = {
40 /* id, flags, hflags, val, wrst, raw (6 bytes), threshold */
41 /* raw read error rate*/
42 { 0x01, 0x03, 0x00, 0x64, 0x64, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x06},
43 /* spin up */
44 { 0x03, 0x03, 0x00, 0x64, 0x64, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
45 /* start stop count */
46 { 0x04, 0x02, 0x00, 0x64, 0x64, 0x64, 0x00, 0x00, 0x00, 0x00, 0x00, 0x14},
47 /* remapped sectors */
48 { 0x05, 0x03, 0x00, 0x64, 0x64, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x24},
49 /* power on hours */
50 { 0x09, 0x03, 0x00, 0x64, 0x64, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
51 /* power cycle count */
52 { 0x0c, 0x03, 0x00, 0x64, 0x64, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
53 /* airflow-temperature-celsius */
54 { 190, 0x03, 0x00, 0x45, 0x45, 0x1f, 0x00, 0x1f, 0x1f, 0x00, 0x00, 0x32},
55 /* end of list */
56 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}
57 };
58
59 /* XXX: DVDs that could fit on a CD will be reported as a CD */
60 static inline int media_present(IDEState *s)
61 {
62 return (s->nb_sectors > 0);
63 }
64
65 static inline int media_is_dvd(IDEState *s)
66 {
67 return (media_present(s) && s->nb_sectors > CD_MAX_SECTORS);
68 }
69
70 static inline int media_is_cd(IDEState *s)
71 {
72 return (media_present(s) && s->nb_sectors <= CD_MAX_SECTORS);
73 }
74
75 static void ide_atapi_cmd_read_dma_cb(void *opaque, int ret);
76 static int ide_handle_rw_error(IDEState *s, int error, int op);
77
78 static void padstr(char *str, const char *src, int len)
79 {
80 int i, v;
81 for(i = 0; i < len; i++) {
82 if (*src)
83 v = *src++;
84 else
85 v = ' ';
86 str[i^1] = v;
87 }
88 }
89
90 static void padstr8(uint8_t *buf, int buf_size, const char *src)
91 {
92 int i;
93 for(i = 0; i < buf_size; i++) {
94 if (*src)
95 buf[i] = *src++;
96 else
97 buf[i] = ' ';
98 }
99 }
100
101 static void put_le16(uint16_t *p, unsigned int v)
102 {
103 *p = cpu_to_le16(v);
104 }
105
106 static void ide_identify(IDEState *s)
107 {
108 uint16_t *p;
109 unsigned int oldsize;
110 IDEDevice *dev;
111
112 if (s->identify_set) {
113 memcpy(s->io_buffer, s->identify_data, sizeof(s->identify_data));
114 return;
115 }
116
117 memset(s->io_buffer, 0, 512);
118 p = (uint16_t *)s->io_buffer;
119 put_le16(p + 0, 0x0040);
120 put_le16(p + 1, s->cylinders);
121 put_le16(p + 3, s->heads);
122 put_le16(p + 4, 512 * s->sectors); /* XXX: retired, remove ? */
123 put_le16(p + 5, 512); /* XXX: retired, remove ? */
124 put_le16(p + 6, s->sectors);
125 padstr((char *)(p + 10), s->drive_serial_str, 20); /* serial number */
126 put_le16(p + 20, 3); /* XXX: retired, remove ? */
127 put_le16(p + 21, 512); /* cache size in sectors */
128 put_le16(p + 22, 4); /* ecc bytes */
129 padstr((char *)(p + 23), s->version, 8); /* firmware version */
130 padstr((char *)(p + 27), "QEMU HARDDISK", 40); /* model */
131 #if MAX_MULT_SECTORS > 1
132 put_le16(p + 47, 0x8000 | MAX_MULT_SECTORS);
133 #endif
134 put_le16(p + 48, 1); /* dword I/O */
135 put_le16(p + 49, (1 << 11) | (1 << 9) | (1 << 8)); /* DMA and LBA supported */
136 put_le16(p + 51, 0x200); /* PIO transfer cycle */
137 put_le16(p + 52, 0x200); /* DMA transfer cycle */
138 put_le16(p + 53, 1 | (1 << 1) | (1 << 2)); /* words 54-58,64-70,88 are valid */
139 put_le16(p + 54, s->cylinders);
140 put_le16(p + 55, s->heads);
141 put_le16(p + 56, s->sectors);
142 oldsize = s->cylinders * s->heads * s->sectors;
143 put_le16(p + 57, oldsize);
144 put_le16(p + 58, oldsize >> 16);
145 if (s->mult_sectors)
146 put_le16(p + 59, 0x100 | s->mult_sectors);
147 put_le16(p + 60, s->nb_sectors);
148 put_le16(p + 61, s->nb_sectors >> 16);
149 put_le16(p + 62, 0x07); /* single word dma0-2 supported */
150 put_le16(p + 63, 0x07); /* mdma0-2 supported */
151 put_le16(p + 64, 0x03); /* pio3-4 supported */
152 put_le16(p + 65, 120);
153 put_le16(p + 66, 120);
154 put_le16(p + 67, 120);
155 put_le16(p + 68, 120);
156
157 if (s->ncq_queues) {
158 put_le16(p + 75, s->ncq_queues - 1);
159 /* NCQ supported */
160 put_le16(p + 76, (1 << 8));
161 }
162
163 put_le16(p + 80, 0xf0); /* ata3 -> ata6 supported */
164 put_le16(p + 81, 0x16); /* conforms to ata5 */
165 /* 14=NOP supported, 5=WCACHE supported, 0=SMART supported */
166 put_le16(p + 82, (1 << 14) | (1 << 5) | 1);
167 /* 13=flush_cache_ext,12=flush_cache,10=lba48 */
168 put_le16(p + 83, (1 << 14) | (1 << 13) | (1 <<12) | (1 << 10));
169 /* 14=set to 1, 1=SMART self test, 0=SMART error logging */
170 put_le16(p + 84, (1 << 14) | 0);
171 /* 14 = NOP supported, 5=WCACHE enabled, 0=SMART feature set enabled */
172 if (bdrv_enable_write_cache(s->bs))
173 put_le16(p + 85, (1 << 14) | (1 << 5) | 1);
174 else
175 put_le16(p + 85, (1 << 14) | 1);
176 /* 13=flush_cache_ext,12=flush_cache,10=lba48 */
177 put_le16(p + 86, (1 << 14) | (1 << 13) | (1 <<12) | (1 << 10));
178 /* 14=set to 1, 1=smart self test, 0=smart error logging */
179 put_le16(p + 87, (1 << 14) | 0);
180 put_le16(p + 88, 0x3f | (1 << 13)); /* udma5 set and supported */
181 put_le16(p + 93, 1 | (1 << 14) | 0x2000);
182 put_le16(p + 100, s->nb_sectors);
183 put_le16(p + 101, s->nb_sectors >> 16);
184 put_le16(p + 102, s->nb_sectors >> 32);
185 put_le16(p + 103, s->nb_sectors >> 48);
186 dev = s->unit ? s->bus->slave : s->bus->master;
187 if (dev && dev->conf.physical_block_size)
188 put_le16(p + 106, 0x6000 | get_physical_block_exp(&dev->conf));
189
190 memcpy(s->identify_data, p, sizeof(s->identify_data));
191 s->identify_set = 1;
192 }
193
194 static void ide_atapi_identify(IDEState *s)
195 {
196 uint16_t *p;
197
198 if (s->identify_set) {
199 memcpy(s->io_buffer, s->identify_data, sizeof(s->identify_data));
200 return;
201 }
202
203 memset(s->io_buffer, 0, 512);
204 p = (uint16_t *)s->io_buffer;
205 /* Removable CDROM, 50us response, 12 byte packets */
206 put_le16(p + 0, (2 << 14) | (5 << 8) | (1 << 7) | (2 << 5) | (0 << 0));
207 padstr((char *)(p + 10), s->drive_serial_str, 20); /* serial number */
208 put_le16(p + 20, 3); /* buffer type */
209 put_le16(p + 21, 512); /* cache size in sectors */
210 put_le16(p + 22, 4); /* ecc bytes */
211 padstr((char *)(p + 23), s->version, 8); /* firmware version */
212 padstr((char *)(p + 27), "QEMU DVD-ROM", 40); /* model */
213 put_le16(p + 48, 1); /* dword I/O (XXX: should not be set on CDROM) */
214 #ifdef USE_DMA_CDROM
215 put_le16(p + 49, 1 << 9 | 1 << 8); /* DMA and LBA supported */
216 put_le16(p + 53, 7); /* words 64-70, 54-58, 88 valid */
217 put_le16(p + 62, 7); /* single word dma0-2 supported */
218 put_le16(p + 63, 7); /* mdma0-2 supported */
219 #else
220 put_le16(p + 49, 1 << 9); /* LBA supported, no DMA */
221 put_le16(p + 53, 3); /* words 64-70, 54-58 valid */
222 put_le16(p + 63, 0x103); /* DMA modes XXX: may be incorrect */
223 #endif
224 put_le16(p + 64, 3); /* pio3-4 supported */
225 put_le16(p + 65, 0xb4); /* minimum DMA multiword tx cycle time */
226 put_le16(p + 66, 0xb4); /* recommended DMA multiword tx cycle time */
227 put_le16(p + 67, 0x12c); /* minimum PIO cycle time without flow control */
228 put_le16(p + 68, 0xb4); /* minimum PIO cycle time with IORDY flow control */
229
230 put_le16(p + 71, 30); /* in ns */
231 put_le16(p + 72, 30); /* in ns */
232
233 if (s->ncq_queues) {
234 put_le16(p + 75, s->ncq_queues - 1);
235 /* NCQ supported */
236 put_le16(p + 76, (1 << 8));
237 }
238
239 put_le16(p + 80, 0x1e); /* support up to ATA/ATAPI-4 */
240 #ifdef USE_DMA_CDROM
241 put_le16(p + 88, 0x3f | (1 << 13)); /* udma5 set and supported */
242 #endif
243 memcpy(s->identify_data, p, sizeof(s->identify_data));
244 s->identify_set = 1;
245 }
246
247 static void ide_cfata_identify(IDEState *s)
248 {
249 uint16_t *p;
250 uint32_t cur_sec;
251
252 p = (uint16_t *) s->identify_data;
253 if (s->identify_set)
254 goto fill_buffer;
255
256 memset(p, 0, sizeof(s->identify_data));
257
258 cur_sec = s->cylinders * s->heads * s->sectors;
259
260 put_le16(p + 0, 0x848a); /* CF Storage Card signature */
261 put_le16(p + 1, s->cylinders); /* Default cylinders */
262 put_le16(p + 3, s->heads); /* Default heads */
263 put_le16(p + 6, s->sectors); /* Default sectors per track */
264 put_le16(p + 7, s->nb_sectors >> 16); /* Sectors per card */
265 put_le16(p + 8, s->nb_sectors); /* Sectors per card */
266 padstr((char *)(p + 10), s->drive_serial_str, 20); /* serial number */
267 put_le16(p + 22, 0x0004); /* ECC bytes */
268 padstr((char *) (p + 23), s->version, 8); /* Firmware Revision */
269 padstr((char *) (p + 27), "QEMU MICRODRIVE", 40);/* Model number */
270 #if MAX_MULT_SECTORS > 1
271 put_le16(p + 47, 0x8000 | MAX_MULT_SECTORS);
272 #else
273 put_le16(p + 47, 0x0000);
274 #endif
275 put_le16(p + 49, 0x0f00); /* Capabilities */
276 put_le16(p + 51, 0x0002); /* PIO cycle timing mode */
277 put_le16(p + 52, 0x0001); /* DMA cycle timing mode */
278 put_le16(p + 53, 0x0003); /* Translation params valid */
279 put_le16(p + 54, s->cylinders); /* Current cylinders */
280 put_le16(p + 55, s->heads); /* Current heads */
281 put_le16(p + 56, s->sectors); /* Current sectors */
282 put_le16(p + 57, cur_sec); /* Current capacity */
283 put_le16(p + 58, cur_sec >> 16); /* Current capacity */
284 if (s->mult_sectors) /* Multiple sector setting */
285 put_le16(p + 59, 0x100 | s->mult_sectors);
286 put_le16(p + 60, s->nb_sectors); /* Total LBA sectors */
287 put_le16(p + 61, s->nb_sectors >> 16); /* Total LBA sectors */
288 put_le16(p + 63, 0x0203); /* Multiword DMA capability */
289 put_le16(p + 64, 0x0001); /* Flow Control PIO support */
290 put_le16(p + 65, 0x0096); /* Min. Multiword DMA cycle */
291 put_le16(p + 66, 0x0096); /* Rec. Multiword DMA cycle */
292 put_le16(p + 68, 0x00b4); /* Min. PIO cycle time */
293 put_le16(p + 82, 0x400c); /* Command Set supported */
294 put_le16(p + 83, 0x7068); /* Command Set supported */
295 put_le16(p + 84, 0x4000); /* Features supported */
296 put_le16(p + 85, 0x000c); /* Command Set enabled */
297 put_le16(p + 86, 0x7044); /* Command Set enabled */
298 put_le16(p + 87, 0x4000); /* Features enabled */
299 put_le16(p + 91, 0x4060); /* Current APM level */
300 put_le16(p + 129, 0x0002); /* Current features option */
301 put_le16(p + 130, 0x0005); /* Reassigned sectors */
302 put_le16(p + 131, 0x0001); /* Initial power mode */
303 put_le16(p + 132, 0x0000); /* User signature */
304 put_le16(p + 160, 0x8100); /* Power requirement */
305 put_le16(p + 161, 0x8001); /* CF command set */
306
307 s->identify_set = 1;
308
309 fill_buffer:
310 memcpy(s->io_buffer, p, sizeof(s->identify_data));
311 }
312
313 static void ide_set_signature(IDEState *s)
314 {
315 s->select &= 0xf0; /* clear head */
316 /* put signature */
317 s->nsector = 1;
318 s->sector = 1;
319 if (s->drive_kind == IDE_CD) {
320 s->lcyl = 0x14;
321 s->hcyl = 0xeb;
322 } else if (s->bs) {
323 s->lcyl = 0;
324 s->hcyl = 0;
325 } else {
326 s->lcyl = 0xff;
327 s->hcyl = 0xff;
328 }
329 }
330
331 static inline void ide_abort_command(IDEState *s)
332 {
333 s->status = READY_STAT | ERR_STAT;
334 s->error = ABRT_ERR;
335 }
336
337 /* prepare data transfer and tell what to do after */
338 static void ide_transfer_start(IDEState *s, uint8_t *buf, int size,
339 EndTransferFunc *end_transfer_func)
340 {
341 s->end_transfer_func = end_transfer_func;
342 s->data_ptr = buf;
343 s->data_end = buf + size;
344 if (!(s->status & ERR_STAT)) {
345 s->status |= DRQ_STAT;
346 }
347 s->bus->dma->ops->start_transfer(s->bus->dma);
348 }
349
350 static void ide_transfer_stop(IDEState *s)
351 {
352 s->end_transfer_func = ide_transfer_stop;
353 s->data_ptr = s->io_buffer;
354 s->data_end = s->io_buffer;
355 s->status &= ~DRQ_STAT;
356 }
357
358 int64_t ide_get_sector(IDEState *s)
359 {
360 int64_t sector_num;
361 if (s->select & 0x40) {
362 /* lba */
363 if (!s->lba48) {
364 sector_num = ((s->select & 0x0f) << 24) | (s->hcyl << 16) |
365 (s->lcyl << 8) | s->sector;
366 } else {
367 sector_num = ((int64_t)s->hob_hcyl << 40) |
368 ((int64_t) s->hob_lcyl << 32) |
369 ((int64_t) s->hob_sector << 24) |
370 ((int64_t) s->hcyl << 16) |
371 ((int64_t) s->lcyl << 8) | s->sector;
372 }
373 } else {
374 sector_num = ((s->hcyl << 8) | s->lcyl) * s->heads * s->sectors +
375 (s->select & 0x0f) * s->sectors + (s->sector - 1);
376 }
377 return sector_num;
378 }
379
380 void ide_set_sector(IDEState *s, int64_t sector_num)
381 {
382 unsigned int cyl, r;
383 if (s->select & 0x40) {
384 if (!s->lba48) {
385 s->select = (s->select & 0xf0) | (sector_num >> 24);
386 s->hcyl = (sector_num >> 16);
387 s->lcyl = (sector_num >> 8);
388 s->sector = (sector_num);
389 } else {
390 s->sector = sector_num;
391 s->lcyl = sector_num >> 8;
392 s->hcyl = sector_num >> 16;
393 s->hob_sector = sector_num >> 24;
394 s->hob_lcyl = sector_num >> 32;
395 s->hob_hcyl = sector_num >> 40;
396 }
397 } else {
398 cyl = sector_num / (s->heads * s->sectors);
399 r = sector_num % (s->heads * s->sectors);
400 s->hcyl = cyl >> 8;
401 s->lcyl = cyl;
402 s->select = (s->select & 0xf0) | ((r / s->sectors) & 0x0f);
403 s->sector = (r % s->sectors) + 1;
404 }
405 }
406
407 static void ide_rw_error(IDEState *s) {
408 ide_abort_command(s);
409 ide_set_irq(s->bus);
410 }
411
412 void ide_sector_read(IDEState *s)
413 {
414 int64_t sector_num;
415 int ret, n;
416
417 s->status = READY_STAT | SEEK_STAT;
418 s->error = 0; /* not needed by IDE spec, but needed by Windows */
419 sector_num = ide_get_sector(s);
420 n = s->nsector;
421 if (n == 0) {
422 /* no more sector to read from disk */
423 ide_transfer_stop(s);
424 } else {
425 #if defined(DEBUG_IDE)
426 printf("read sector=%" PRId64 "\n", sector_num);
427 #endif
428 if (n > s->req_nb_sectors)
429 n = s->req_nb_sectors;
430 ret = bdrv_read(s->bs, sector_num, s->io_buffer, n);
431 if (ret != 0) {
432 if (ide_handle_rw_error(s, -ret,
433 BM_STATUS_PIO_RETRY | BM_STATUS_RETRY_READ))
434 {
435 return;
436 }
437 }
438 ide_transfer_start(s, s->io_buffer, 512 * n, ide_sector_read);
439 ide_set_irq(s->bus);
440 ide_set_sector(s, sector_num + n);
441 s->nsector -= n;
442 }
443 }
444
445 static void dma_buf_commit(IDEState *s, int is_write)
446 {
447 qemu_sglist_destroy(&s->sg);
448 }
449
450 static void ide_set_inactive(IDEState *s)
451 {
452 s->bus->dma->aiocb = NULL;
453 s->bus->dma->ops->set_inactive(s->bus->dma);
454 }
455
456 void ide_dma_error(IDEState *s)
457 {
458 ide_transfer_stop(s);
459 s->error = ABRT_ERR;
460 s->status = READY_STAT | ERR_STAT;
461 ide_set_inactive(s);
462 s->bus->dma->ops->add_status(s->bus->dma, BM_STATUS_INT);
463 ide_set_irq(s->bus);
464 }
465
466 static int ide_handle_rw_error(IDEState *s, int error, int op)
467 {
468 int is_read = (op & BM_STATUS_RETRY_READ);
469 BlockErrorAction action = bdrv_get_on_error(s->bs, is_read);
470
471 if (action == BLOCK_ERR_IGNORE) {
472 bdrv_mon_event(s->bs, BDRV_ACTION_IGNORE, is_read);
473 return 0;
474 }
475
476 if ((error == ENOSPC && action == BLOCK_ERR_STOP_ENOSPC)
477 || action == BLOCK_ERR_STOP_ANY) {
478 s->bus->dma->ops->set_unit(s->bus->dma, s->unit);
479 s->bus->dma->ops->add_status(s->bus->dma, op);
480 bdrv_mon_event(s->bs, BDRV_ACTION_STOP, is_read);
481 vm_stop(VMSTOP_DISKFULL);
482 } else {
483 if (op & BM_STATUS_DMA_RETRY) {
484 dma_buf_commit(s, 0);
485 ide_dma_error(s);
486 } else {
487 ide_rw_error(s);
488 }
489 bdrv_mon_event(s->bs, BDRV_ACTION_REPORT, is_read);
490 }
491
492 return 1;
493 }
494
495 void ide_dma_cb(void *opaque, int ret)
496 {
497 IDEState *s = opaque;
498 int n;
499 int64_t sector_num;
500
501 handle_rw_error:
502 if (ret < 0) {
503 int op = BM_STATUS_DMA_RETRY;
504
505 if (s->is_read)
506 op |= BM_STATUS_RETRY_READ;
507 if (ide_handle_rw_error(s, -ret, op)) {
508 return;
509 }
510 }
511
512 n = s->io_buffer_size >> 9;
513 sector_num = ide_get_sector(s);
514 if (n > 0) {
515 dma_buf_commit(s, s->is_read);
516 sector_num += n;
517 ide_set_sector(s, sector_num);
518 s->nsector -= n;
519 }
520
521 /* end of transfer ? */
522 if (s->nsector == 0) {
523 s->status = READY_STAT | SEEK_STAT;
524 ide_set_irq(s->bus);
525 goto eot;
526 }
527
528 /* launch next transfer */
529 n = s->nsector;
530 s->io_buffer_index = 0;
531 s->io_buffer_size = n * 512;
532 if (s->bus->dma->ops->prepare_buf(s->bus->dma, s->is_read) == 0)
533 goto eot;
534
535 #ifdef DEBUG_AIO
536 printf("ide_dma_cb: sector_num=%" PRId64 " n=%d, is_read=%d\n",
537 sector_num, n, s->is_read);
538 #endif
539
540 if (s->is_read) {
541 s->bus->dma->aiocb = dma_bdrv_read(s->bs, &s->sg, sector_num,
542 ide_dma_cb, s);
543 } else {
544 s->bus->dma->aiocb = dma_bdrv_write(s->bs, &s->sg, sector_num,
545 ide_dma_cb, s);
546 }
547
548 if (!s->bus->dma->aiocb) {
549 ret = -1;
550 goto handle_rw_error;
551 }
552 return;
553
554 eot:
555 s->bus->dma->ops->add_status(s->bus->dma, BM_STATUS_INT);
556 ide_set_inactive(s);
557 }
558
559 static void ide_sector_start_dma(IDEState *s, int is_read)
560 {
561 s->status = READY_STAT | SEEK_STAT | DRQ_STAT | BUSY_STAT;
562 s->io_buffer_index = 0;
563 s->io_buffer_size = 0;
564 s->is_read = is_read;
565 s->bus->dma->ops->start_dma(s->bus->dma, s, ide_dma_cb);
566 }
567
568 static void ide_sector_write_timer_cb(void *opaque)
569 {
570 IDEState *s = opaque;
571 ide_set_irq(s->bus);
572 }
573
574 void ide_sector_write(IDEState *s)
575 {
576 int64_t sector_num;
577 int ret, n, n1;
578
579 s->status = READY_STAT | SEEK_STAT;
580 sector_num = ide_get_sector(s);
581 #if defined(DEBUG_IDE)
582 printf("write sector=%" PRId64 "\n", sector_num);
583 #endif
584 n = s->nsector;
585 if (n > s->req_nb_sectors)
586 n = s->req_nb_sectors;
587 ret = bdrv_write(s->bs, sector_num, s->io_buffer, n);
588
589 if (ret != 0) {
590 if (ide_handle_rw_error(s, -ret, BM_STATUS_PIO_RETRY))
591 return;
592 }
593
594 s->nsector -= n;
595 if (s->nsector == 0) {
596 /* no more sectors to write */
597 ide_transfer_stop(s);
598 } else {
599 n1 = s->nsector;
600 if (n1 > s->req_nb_sectors)
601 n1 = s->req_nb_sectors;
602 ide_transfer_start(s, s->io_buffer, 512 * n1, ide_sector_write);
603 }
604 ide_set_sector(s, sector_num + n);
605
606 if (win2k_install_hack && ((++s->irq_count % 16) == 0)) {
607 /* It seems there is a bug in the Windows 2000 installer HDD
608 IDE driver which fills the disk with empty logs when the
609 IDE write IRQ comes too early. This hack tries to correct
610 that at the expense of slower write performances. Use this
611 option _only_ to install Windows 2000. You must disable it
612 for normal use. */
613 qemu_mod_timer(s->sector_write_timer,
614 qemu_get_clock_ns(vm_clock) + (get_ticks_per_sec() / 1000));
615 } else {
616 ide_set_irq(s->bus);
617 }
618 }
619
620 void ide_atapi_cmd_ok(IDEState *s)
621 {
622 s->error = 0;
623 s->status = READY_STAT | SEEK_STAT;
624 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
625 ide_set_irq(s->bus);
626 }
627
628 void ide_atapi_cmd_error(IDEState *s, int sense_key, int asc)
629 {
630 #ifdef DEBUG_IDE_ATAPI
631 printf("atapi_cmd_error: sense=0x%x asc=0x%x\n", sense_key, asc);
632 #endif
633 s->error = sense_key << 4;
634 s->status = READY_STAT | ERR_STAT;
635 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
636 s->sense_key = sense_key;
637 s->asc = asc;
638 ide_set_irq(s->bus);
639 }
640
641 static void ide_atapi_cmd_check_status(IDEState *s)
642 {
643 #ifdef DEBUG_IDE_ATAPI
644 printf("atapi_cmd_check_status\n");
645 #endif
646 s->error = MC_ERR | (SENSE_UNIT_ATTENTION << 4);
647 s->status = ERR_STAT;
648 s->nsector = 0;
649 ide_set_irq(s->bus);
650 }
651
652 static void ide_flush_cb(void *opaque, int ret)
653 {
654 IDEState *s = opaque;
655
656 if (ret < 0) {
657 /* XXX: What sector number to set here? */
658 if (ide_handle_rw_error(s, -ret, BM_STATUS_RETRY_FLUSH)) {
659 return;
660 }
661 }
662
663 s->status = READY_STAT | SEEK_STAT;
664 ide_set_irq(s->bus);
665 }
666
667 void ide_flush_cache(IDEState *s)
668 {
669 BlockDriverAIOCB *acb;
670
671 if (s->bs == NULL) {
672 ide_flush_cb(s, 0);
673 return;
674 }
675
676 acb = bdrv_aio_flush(s->bs, ide_flush_cb, s);
677 if (acb == NULL) {
678 ide_flush_cb(s, -EIO);
679 }
680 }
681
682 static inline void cpu_to_ube16(uint8_t *buf, int val)
683 {
684 buf[0] = val >> 8;
685 buf[1] = val & 0xff;
686 }
687
688 static inline void cpu_to_ube32(uint8_t *buf, unsigned int val)
689 {
690 buf[0] = val >> 24;
691 buf[1] = val >> 16;
692 buf[2] = val >> 8;
693 buf[3] = val & 0xff;
694 }
695
696 static inline int ube16_to_cpu(const uint8_t *buf)
697 {
698 return (buf[0] << 8) | buf[1];
699 }
700
701 static inline int ube32_to_cpu(const uint8_t *buf)
702 {
703 return (buf[0] << 24) | (buf[1] << 16) | (buf[2] << 8) | buf[3];
704 }
705
706 static void lba_to_msf(uint8_t *buf, int lba)
707 {
708 lba += 150;
709 buf[0] = (lba / 75) / 60;
710 buf[1] = (lba / 75) % 60;
711 buf[2] = lba % 75;
712 }
713
714 static void cd_data_to_raw(uint8_t *buf, int lba)
715 {
716 /* sync bytes */
717 buf[0] = 0x00;
718 memset(buf + 1, 0xff, 10);
719 buf[11] = 0x00;
720 buf += 12;
721 /* MSF */
722 lba_to_msf(buf, lba);
723 buf[3] = 0x01; /* mode 1 data */
724 buf += 4;
725 /* data */
726 buf += 2048;
727 /* XXX: ECC not computed */
728 memset(buf, 0, 288);
729 }
730
731 static int cd_read_sector(BlockDriverState *bs, int lba, uint8_t *buf,
732 int sector_size)
733 {
734 int ret;
735
736 switch(sector_size) {
737 case 2048:
738 ret = bdrv_read(bs, (int64_t)lba << 2, buf, 4);
739 break;
740 case 2352:
741 ret = bdrv_read(bs, (int64_t)lba << 2, buf + 16, 4);
742 if (ret < 0)
743 return ret;
744 cd_data_to_raw(buf, lba);
745 break;
746 default:
747 ret = -EIO;
748 break;
749 }
750 return ret;
751 }
752
753 void ide_atapi_io_error(IDEState *s, int ret)
754 {
755 /* XXX: handle more errors */
756 if (ret == -ENOMEDIUM) {
757 ide_atapi_cmd_error(s, SENSE_NOT_READY,
758 ASC_MEDIUM_NOT_PRESENT);
759 } else {
760 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
761 ASC_LOGICAL_BLOCK_OOR);
762 }
763 }
764
765 /* The whole ATAPI transfer logic is handled in this function */
766 static void ide_atapi_cmd_reply_end(IDEState *s)
767 {
768 int byte_count_limit, size, ret;
769 #ifdef DEBUG_IDE_ATAPI
770 printf("reply: tx_size=%d elem_tx_size=%d index=%d\n",
771 s->packet_transfer_size,
772 s->elementary_transfer_size,
773 s->io_buffer_index);
774 #endif
775 if (s->packet_transfer_size <= 0) {
776 /* end of transfer */
777 ide_transfer_stop(s);
778 s->status = READY_STAT | SEEK_STAT;
779 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
780 ide_set_irq(s->bus);
781 #ifdef DEBUG_IDE_ATAPI
782 printf("status=0x%x\n", s->status);
783 #endif
784 } else {
785 /* see if a new sector must be read */
786 if (s->lba != -1 && s->io_buffer_index >= s->cd_sector_size) {
787 ret = cd_read_sector(s->bs, s->lba, s->io_buffer, s->cd_sector_size);
788 if (ret < 0) {
789 ide_transfer_stop(s);
790 ide_atapi_io_error(s, ret);
791 return;
792 }
793 s->lba++;
794 s->io_buffer_index = 0;
795 }
796 if (s->elementary_transfer_size > 0) {
797 /* there are some data left to transmit in this elementary
798 transfer */
799 size = s->cd_sector_size - s->io_buffer_index;
800 if (size > s->elementary_transfer_size)
801 size = s->elementary_transfer_size;
802 s->packet_transfer_size -= size;
803 s->elementary_transfer_size -= size;
804 s->io_buffer_index += size;
805 ide_transfer_start(s, s->io_buffer + s->io_buffer_index - size,
806 size, ide_atapi_cmd_reply_end);
807 } else {
808 /* a new transfer is needed */
809 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO;
810 byte_count_limit = s->lcyl | (s->hcyl << 8);
811 #ifdef DEBUG_IDE_ATAPI
812 printf("byte_count_limit=%d\n", byte_count_limit);
813 #endif
814 if (byte_count_limit == 0xffff)
815 byte_count_limit--;
816 size = s->packet_transfer_size;
817 if (size > byte_count_limit) {
818 /* byte count limit must be even if this case */
819 if (byte_count_limit & 1)
820 byte_count_limit--;
821 size = byte_count_limit;
822 }
823 s->lcyl = size;
824 s->hcyl = size >> 8;
825 s->elementary_transfer_size = size;
826 /* we cannot transmit more than one sector at a time */
827 if (s->lba != -1) {
828 if (size > (s->cd_sector_size - s->io_buffer_index))
829 size = (s->cd_sector_size - s->io_buffer_index);
830 }
831 s->packet_transfer_size -= size;
832 s->elementary_transfer_size -= size;
833 s->io_buffer_index += size;
834 ide_transfer_start(s, s->io_buffer + s->io_buffer_index - size,
835 size, ide_atapi_cmd_reply_end);
836 ide_set_irq(s->bus);
837 #ifdef DEBUG_IDE_ATAPI
838 printf("status=0x%x\n", s->status);
839 #endif
840 }
841 }
842 }
843
844 /* send a reply of 'size' bytes in s->io_buffer to an ATAPI command */
845 static void ide_atapi_cmd_reply(IDEState *s, int size, int max_size)
846 {
847 if (size > max_size)
848 size = max_size;
849 s->lba = -1; /* no sector read */
850 s->packet_transfer_size = size;
851 s->io_buffer_size = size; /* dma: send the reply data as one chunk */
852 s->elementary_transfer_size = 0;
853 s->io_buffer_index = 0;
854
855 if (s->atapi_dma) {
856 s->status = READY_STAT | SEEK_STAT | DRQ_STAT;
857 s->bus->dma->ops->start_dma(s->bus->dma, s,
858 ide_atapi_cmd_read_dma_cb);
859 } else {
860 s->status = READY_STAT | SEEK_STAT;
861 ide_atapi_cmd_reply_end(s);
862 }
863 }
864
865 /* start a CD-CDROM read command */
866 static void ide_atapi_cmd_read_pio(IDEState *s, int lba, int nb_sectors,
867 int sector_size)
868 {
869 s->lba = lba;
870 s->packet_transfer_size = nb_sectors * sector_size;
871 s->elementary_transfer_size = 0;
872 s->io_buffer_index = sector_size;
873 s->cd_sector_size = sector_size;
874
875 s->status = READY_STAT | SEEK_STAT;
876 ide_atapi_cmd_reply_end(s);
877 }
878
879 /* ATAPI DMA support */
880
881 /* XXX: handle read errors */
882 static void ide_atapi_cmd_read_dma_cb(void *opaque, int ret)
883 {
884 IDEState *s = opaque;
885 int data_offset, n;
886
887 if (ret < 0) {
888 ide_atapi_io_error(s, ret);
889 goto eot;
890 }
891
892 if (s->io_buffer_size > 0) {
893 /*
894 * For a cdrom read sector command (s->lba != -1),
895 * adjust the lba for the next s->io_buffer_size chunk
896 * and dma the current chunk.
897 * For a command != read (s->lba == -1), just transfer
898 * the reply data.
899 */
900 if (s->lba != -1) {
901 if (s->cd_sector_size == 2352) {
902 n = 1;
903 cd_data_to_raw(s->io_buffer, s->lba);
904 } else {
905 n = s->io_buffer_size >> 11;
906 }
907 s->lba += n;
908 }
909 s->packet_transfer_size -= s->io_buffer_size;
910 if (s->bus->dma->ops->rw_buf(s->bus->dma, 1) == 0)
911 goto eot;
912 }
913
914 if (s->packet_transfer_size <= 0) {
915 s->status = READY_STAT | SEEK_STAT;
916 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
917 ide_set_irq(s->bus);
918 eot:
919 s->bus->dma->ops->add_status(s->bus->dma, BM_STATUS_INT);
920 ide_set_inactive(s);
921 return;
922 }
923
924 s->io_buffer_index = 0;
925 if (s->cd_sector_size == 2352) {
926 n = 1;
927 s->io_buffer_size = s->cd_sector_size;
928 data_offset = 16;
929 } else {
930 n = s->packet_transfer_size >> 11;
931 if (n > (IDE_DMA_BUF_SECTORS / 4))
932 n = (IDE_DMA_BUF_SECTORS / 4);
933 s->io_buffer_size = n * 2048;
934 data_offset = 0;
935 }
936 #ifdef DEBUG_AIO
937 printf("aio_read_cd: lba=%u n=%d\n", s->lba, n);
938 #endif
939 s->bus->dma->iov.iov_base = (void *)(s->io_buffer + data_offset);
940 s->bus->dma->iov.iov_len = n * 4 * 512;
941 qemu_iovec_init_external(&s->bus->dma->qiov, &s->bus->dma->iov, 1);
942 s->bus->dma->aiocb = bdrv_aio_readv(s->bs, (int64_t)s->lba << 2,
943 &s->bus->dma->qiov, n * 4,
944 ide_atapi_cmd_read_dma_cb, s);
945 if (!s->bus->dma->aiocb) {
946 /* Note: media not present is the most likely case */
947 ide_atapi_cmd_error(s, SENSE_NOT_READY,
948 ASC_MEDIUM_NOT_PRESENT);
949 goto eot;
950 }
951 }
952
953 /* start a CD-CDROM read command with DMA */
954 /* XXX: test if DMA is available */
955 static void ide_atapi_cmd_read_dma(IDEState *s, int lba, int nb_sectors,
956 int sector_size)
957 {
958 s->lba = lba;
959 s->packet_transfer_size = nb_sectors * sector_size;
960 s->io_buffer_index = 0;
961 s->io_buffer_size = 0;
962 s->cd_sector_size = sector_size;
963
964 /* XXX: check if BUSY_STAT should be set */
965 s->status = READY_STAT | SEEK_STAT | DRQ_STAT | BUSY_STAT;
966 s->bus->dma->ops->start_dma(s->bus->dma, s,
967 ide_atapi_cmd_read_dma_cb);
968 }
969
970 static void ide_atapi_cmd_read(IDEState *s, int lba, int nb_sectors,
971 int sector_size)
972 {
973 #ifdef DEBUG_IDE_ATAPI
974 printf("read %s: LBA=%d nb_sectors=%d\n", s->atapi_dma ? "dma" : "pio",
975 lba, nb_sectors);
976 #endif
977 if (s->atapi_dma) {
978 ide_atapi_cmd_read_dma(s, lba, nb_sectors, sector_size);
979 } else {
980 ide_atapi_cmd_read_pio(s, lba, nb_sectors, sector_size);
981 }
982 }
983
984 static inline uint8_t ide_atapi_set_profile(uint8_t *buf, uint8_t *index,
985 uint16_t profile)
986 {
987 uint8_t *buf_profile = buf + 12; /* start of profiles */
988
989 buf_profile += ((*index) * 4); /* start of indexed profile */
990 cpu_to_ube16 (buf_profile, profile);
991 buf_profile[2] = ((buf_profile[0] == buf[6]) && (buf_profile[1] == buf[7]));
992
993 /* each profile adds 4 bytes to the response */
994 (*index)++;
995 buf[11] += 4; /* Additional Length */
996
997 return 4;
998 }
999
1000 static int ide_dvd_read_structure(IDEState *s, int format,
1001 const uint8_t *packet, uint8_t *buf)
1002 {
1003 switch (format) {
1004 case 0x0: /* Physical format information */
1005 {
1006 int layer = packet[6];
1007 uint64_t total_sectors;
1008
1009 if (layer != 0)
1010 return -ASC_INV_FIELD_IN_CMD_PACKET;
1011
1012 bdrv_get_geometry(s->bs, &total_sectors);
1013 total_sectors >>= 2;
1014 if (total_sectors == 0)
1015 return -ASC_MEDIUM_NOT_PRESENT;
1016
1017 buf[4] = 1; /* DVD-ROM, part version 1 */
1018 buf[5] = 0xf; /* 120mm disc, minimum rate unspecified */
1019 buf[6] = 1; /* one layer, read-only (per MMC-2 spec) */
1020 buf[7] = 0; /* default densities */
1021
1022 /* FIXME: 0x30000 per spec? */
1023 cpu_to_ube32(buf + 8, 0); /* start sector */
1024 cpu_to_ube32(buf + 12, total_sectors - 1); /* end sector */
1025 cpu_to_ube32(buf + 16, total_sectors - 1); /* l0 end sector */
1026
1027 /* Size of buffer, not including 2 byte size field */
1028 cpu_to_be16wu((uint16_t *)buf, 2048 + 2);
1029
1030 /* 2k data + 4 byte header */
1031 return (2048 + 4);
1032 }
1033
1034 case 0x01: /* DVD copyright information */
1035 buf[4] = 0; /* no copyright data */
1036 buf[5] = 0; /* no region restrictions */
1037
1038 /* Size of buffer, not including 2 byte size field */
1039 cpu_to_be16wu((uint16_t *)buf, 4 + 2);
1040
1041 /* 4 byte header + 4 byte data */
1042 return (4 + 4);
1043
1044 case 0x03: /* BCA information - invalid field for no BCA info */
1045 return -ASC_INV_FIELD_IN_CMD_PACKET;
1046
1047 case 0x04: /* DVD disc manufacturing information */
1048 /* Size of buffer, not including 2 byte size field */
1049 cpu_to_be16wu((uint16_t *)buf, 2048 + 2);
1050
1051 /* 2k data + 4 byte header */
1052 return (2048 + 4);
1053
1054 case 0xff:
1055 /*
1056 * This lists all the command capabilities above. Add new ones
1057 * in order and update the length and buffer return values.
1058 */
1059
1060 buf[4] = 0x00; /* Physical format */
1061 buf[5] = 0x40; /* Not writable, is readable */
1062 cpu_to_be16wu((uint16_t *)(buf + 6), 2048 + 4);
1063
1064 buf[8] = 0x01; /* Copyright info */
1065 buf[9] = 0x40; /* Not writable, is readable */
1066 cpu_to_be16wu((uint16_t *)(buf + 10), 4 + 4);
1067
1068 buf[12] = 0x03; /* BCA info */
1069 buf[13] = 0x40; /* Not writable, is readable */
1070 cpu_to_be16wu((uint16_t *)(buf + 14), 188 + 4);
1071
1072 buf[16] = 0x04; /* Manufacturing info */
1073 buf[17] = 0x40; /* Not writable, is readable */
1074 cpu_to_be16wu((uint16_t *)(buf + 18), 2048 + 4);
1075
1076 /* Size of buffer, not including 2 byte size field */
1077 cpu_to_be16wu((uint16_t *)buf, 16 + 2);
1078
1079 /* data written + 4 byte header */
1080 return (16 + 4);
1081
1082 default: /* TODO: formats beyond DVD-ROM requires */
1083 return -ASC_INV_FIELD_IN_CMD_PACKET;
1084 }
1085 }
1086
1087 static unsigned int event_status_media(IDEState *s,
1088 uint8_t *buf)
1089 {
1090 enum media_event_code {
1091 MEC_NO_CHANGE = 0, /* Status unchanged */
1092 MEC_EJECT_REQUESTED, /* received a request from user to eject */
1093 MEC_NEW_MEDIA, /* new media inserted and ready for access */
1094 MEC_MEDIA_REMOVAL, /* only for media changers */
1095 MEC_MEDIA_CHANGED, /* only for media changers */
1096 MEC_BG_FORMAT_COMPLETED, /* MRW or DVD+RW b/g format completed */
1097 MEC_BG_FORMAT_RESTARTED, /* MRW or DVD+RW b/g format restarted */
1098 };
1099 enum media_status {
1100 MS_TRAY_OPEN = 1,
1101 MS_MEDIA_PRESENT = 2,
1102 };
1103 uint8_t event_code, media_status;
1104
1105 media_status = 0;
1106 if (s->bs->tray_open) {
1107 media_status = MS_TRAY_OPEN;
1108 } else if (bdrv_is_inserted(s->bs)) {
1109 media_status = MS_MEDIA_PRESENT;
1110 }
1111
1112 /* Event notification descriptor */
1113 event_code = MEC_NO_CHANGE;
1114 if (media_status != MS_TRAY_OPEN && s->events.new_media) {
1115 event_code = MEC_NEW_MEDIA;
1116 s->events.new_media = false;
1117 }
1118
1119 buf[4] = event_code;
1120 buf[5] = media_status;
1121
1122 /* These fields are reserved, just clear them. */
1123 buf[6] = 0;
1124 buf[7] = 0;
1125
1126 return 8; /* We wrote to 4 extra bytes from the header */
1127 }
1128
1129 static void handle_get_event_status_notification(IDEState *s,
1130 uint8_t *buf,
1131 const uint8_t *packet)
1132 {
1133 struct {
1134 uint8_t opcode;
1135 uint8_t polled; /* lsb bit is polled; others are reserved */
1136 uint8_t reserved2[2];
1137 uint8_t class;
1138 uint8_t reserved3[2];
1139 uint16_t len;
1140 uint8_t control;
1141 } __attribute__((packed)) *gesn_cdb;
1142
1143 struct {
1144 uint16_t len;
1145 uint8_t notification_class;
1146 uint8_t supported_events;
1147 } __attribute((packed)) *gesn_event_header;
1148
1149 enum notification_class_request_type {
1150 NCR_RESERVED1 = 1 << 0,
1151 NCR_OPERATIONAL_CHANGE = 1 << 1,
1152 NCR_POWER_MANAGEMENT = 1 << 2,
1153 NCR_EXTERNAL_REQUEST = 1 << 3,
1154 NCR_MEDIA = 1 << 4,
1155 NCR_MULTI_HOST = 1 << 5,
1156 NCR_DEVICE_BUSY = 1 << 6,
1157 NCR_RESERVED2 = 1 << 7,
1158 };
1159 enum event_notification_class_field {
1160 ENC_NO_EVENTS = 0,
1161 ENC_OPERATIONAL_CHANGE,
1162 ENC_POWER_MANAGEMENT,
1163 ENC_EXTERNAL_REQUEST,
1164 ENC_MEDIA,
1165 ENC_MULTIPLE_HOSTS,
1166 ENC_DEVICE_BUSY,
1167 ENC_RESERVED,
1168 };
1169 unsigned int max_len, used_len;
1170
1171 gesn_cdb = (void *)packet;
1172 gesn_event_header = (void *)buf;
1173
1174 max_len = be16_to_cpu(gesn_cdb->len);
1175
1176 /* It is fine by the MMC spec to not support async mode operations */
1177 if (!(gesn_cdb->polled & 0x01)) { /* asynchronous mode */
1178 /* Only polling is supported, asynchronous mode is not. */
1179 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1180 ASC_INV_FIELD_IN_CMD_PACKET);
1181 return;
1182 }
1183
1184 /* polling mode operation */
1185
1186 /*
1187 * These are the supported events.
1188 *
1189 * We currently only support requests of the 'media' type.
1190 */
1191 gesn_event_header->supported_events = NCR_MEDIA;
1192
1193 /*
1194 * We use |= below to set the class field; other bits in this byte
1195 * are reserved now but this is useful to do if we have to use the
1196 * reserved fields later.
1197 */
1198 gesn_event_header->notification_class = 0;
1199
1200 /*
1201 * Responses to requests are to be based on request priority. The
1202 * notification_class_request_type enum above specifies the
1203 * priority: upper elements are higher prio than lower ones.
1204 */
1205 if (gesn_cdb->class & NCR_MEDIA) {
1206 gesn_event_header->notification_class |= ENC_MEDIA;
1207 used_len = event_status_media(s, buf);
1208 } else {
1209 gesn_event_header->notification_class = 0x80; /* No event available */
1210 used_len = sizeof(*gesn_event_header);
1211 }
1212 gesn_event_header->len = cpu_to_be16(used_len
1213 - sizeof(*gesn_event_header));
1214 ide_atapi_cmd_reply(s, used_len, max_len);
1215 }
1216
1217 static void ide_atapi_cmd(IDEState *s)
1218 {
1219 const uint8_t *packet;
1220 uint8_t *buf;
1221 int max_len;
1222
1223 packet = s->io_buffer;
1224 buf = s->io_buffer;
1225 #ifdef DEBUG_IDE_ATAPI
1226 {
1227 int i;
1228 printf("ATAPI limit=0x%x packet:", s->lcyl | (s->hcyl << 8));
1229 for(i = 0; i < ATAPI_PACKET_SIZE; i++) {
1230 printf(" %02x", packet[i]);
1231 }
1232 printf("\n");
1233 }
1234 #endif
1235 /*
1236 * If there's a UNIT_ATTENTION condition pending, only
1237 * REQUEST_SENSE, INQUIRY, GET_CONFIGURATION and
1238 * GET_EVENT_STATUS_NOTIFICATION commands are allowed to complete.
1239 * MMC-5, section 4.1.6.1 lists only these commands being allowed
1240 * to complete, with other commands getting a CHECK condition
1241 * response unless a higher priority status, defined by the drive
1242 * here, is pending.
1243 */
1244 if (s->sense_key == SENSE_UNIT_ATTENTION &&
1245 s->io_buffer[0] != GPCMD_REQUEST_SENSE &&
1246 s->io_buffer[0] != GPCMD_INQUIRY &&
1247 s->io_buffer[0] != GPCMD_GET_EVENT_STATUS_NOTIFICATION) {
1248 ide_atapi_cmd_check_status(s);
1249 return;
1250 }
1251 if (bdrv_is_inserted(s->bs) && s->cdrom_changed) {
1252 ide_atapi_cmd_error(s, SENSE_NOT_READY, ASC_MEDIUM_NOT_PRESENT);
1253
1254 s->cdrom_changed = 0;
1255 s->sense_key = SENSE_UNIT_ATTENTION;
1256 s->asc = ASC_MEDIUM_MAY_HAVE_CHANGED;
1257 return;
1258 }
1259 switch(s->io_buffer[0]) {
1260 case GPCMD_TEST_UNIT_READY:
1261 if (bdrv_is_inserted(s->bs)) {
1262 ide_atapi_cmd_ok(s);
1263 } else {
1264 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1265 ASC_MEDIUM_NOT_PRESENT);
1266 }
1267 break;
1268 case GPCMD_MODE_SENSE_6:
1269 case GPCMD_MODE_SENSE_10:
1270 {
1271 int action, code;
1272 if (packet[0] == GPCMD_MODE_SENSE_10)
1273 max_len = ube16_to_cpu(packet + 7);
1274 else
1275 max_len = packet[4];
1276 action = packet[2] >> 6;
1277 code = packet[2] & 0x3f;
1278 switch(action) {
1279 case 0: /* current values */
1280 switch(code) {
1281 case GPMODE_R_W_ERROR_PAGE: /* error recovery */
1282 cpu_to_ube16(&buf[0], 16 + 6);
1283 buf[2] = 0x70;
1284 buf[3] = 0;
1285 buf[4] = 0;
1286 buf[5] = 0;
1287 buf[6] = 0;
1288 buf[7] = 0;
1289
1290 buf[8] = 0x01;
1291 buf[9] = 0x06;
1292 buf[10] = 0x00;
1293 buf[11] = 0x05;
1294 buf[12] = 0x00;
1295 buf[13] = 0x00;
1296 buf[14] = 0x00;
1297 buf[15] = 0x00;
1298 ide_atapi_cmd_reply(s, 16, max_len);
1299 break;
1300 case GPMODE_AUDIO_CTL_PAGE:
1301 cpu_to_ube16(&buf[0], 24 + 6);
1302 buf[2] = 0x70;
1303 buf[3] = 0;
1304 buf[4] = 0;
1305 buf[5] = 0;
1306 buf[6] = 0;
1307 buf[7] = 0;
1308
1309 /* Fill with CDROM audio volume */
1310 buf[17] = 0;
1311 buf[19] = 0;
1312 buf[21] = 0;
1313 buf[23] = 0;
1314
1315 ide_atapi_cmd_reply(s, 24, max_len);
1316 break;
1317 case GPMODE_CAPABILITIES_PAGE:
1318 cpu_to_ube16(&buf[0], 28 + 6);
1319 buf[2] = 0x70;
1320 buf[3] = 0;
1321 buf[4] = 0;
1322 buf[5] = 0;
1323 buf[6] = 0;
1324 buf[7] = 0;
1325
1326 buf[8] = 0x2a;
1327 buf[9] = 0x12;
1328 buf[10] = 0x00;
1329 buf[11] = 0x00;
1330
1331 /* Claim PLAY_AUDIO capability (0x01) since some Linux
1332 code checks for this to automount media. */
1333 buf[12] = 0x71;
1334 buf[13] = 3 << 5;
1335 buf[14] = (1 << 0) | (1 << 3) | (1 << 5);
1336 if (bdrv_is_locked(s->bs))
1337 buf[6] |= 1 << 1;
1338 buf[15] = 0x00;
1339 cpu_to_ube16(&buf[16], 706);
1340 buf[18] = 0;
1341 buf[19] = 2;
1342 cpu_to_ube16(&buf[20], 512);
1343 cpu_to_ube16(&buf[22], 706);
1344 buf[24] = 0;
1345 buf[25] = 0;
1346 buf[26] = 0;
1347 buf[27] = 0;
1348 ide_atapi_cmd_reply(s, 28, max_len);
1349 break;
1350 default:
1351 goto error_cmd;
1352 }
1353 break;
1354 case 1: /* changeable values */
1355 goto error_cmd;
1356 case 2: /* default values */
1357 goto error_cmd;
1358 default:
1359 case 3: /* saved values */
1360 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1361 ASC_SAVING_PARAMETERS_NOT_SUPPORTED);
1362 break;
1363 }
1364 }
1365 break;
1366 case GPCMD_REQUEST_SENSE:
1367 max_len = packet[4];
1368 memset(buf, 0, 18);
1369 buf[0] = 0x70 | (1 << 7);
1370 buf[2] = s->sense_key;
1371 buf[7] = 10;
1372 buf[12] = s->asc;
1373 if (s->sense_key == SENSE_UNIT_ATTENTION)
1374 s->sense_key = SENSE_NONE;
1375 ide_atapi_cmd_reply(s, 18, max_len);
1376 break;
1377 case GPCMD_PREVENT_ALLOW_MEDIUM_REMOVAL:
1378 bdrv_set_locked(s->bs, packet[4] & 1);
1379 ide_atapi_cmd_ok(s);
1380 break;
1381 case GPCMD_READ_10:
1382 case GPCMD_READ_12:
1383 {
1384 int nb_sectors, lba;
1385
1386 if (packet[0] == GPCMD_READ_10)
1387 nb_sectors = ube16_to_cpu(packet + 7);
1388 else
1389 nb_sectors = ube32_to_cpu(packet + 6);
1390 lba = ube32_to_cpu(packet + 2);
1391 if (nb_sectors == 0) {
1392 ide_atapi_cmd_ok(s);
1393 break;
1394 }
1395 ide_atapi_cmd_read(s, lba, nb_sectors, 2048);
1396 }
1397 break;
1398 case GPCMD_READ_CD:
1399 {
1400 int nb_sectors, lba, transfer_request;
1401
1402 nb_sectors = (packet[6] << 16) | (packet[7] << 8) | packet[8];
1403 lba = ube32_to_cpu(packet + 2);
1404 if (nb_sectors == 0) {
1405 ide_atapi_cmd_ok(s);
1406 break;
1407 }
1408 transfer_request = packet[9];
1409 switch(transfer_request & 0xf8) {
1410 case 0x00:
1411 /* nothing */
1412 ide_atapi_cmd_ok(s);
1413 break;
1414 case 0x10:
1415 /* normal read */
1416 ide_atapi_cmd_read(s, lba, nb_sectors, 2048);
1417 break;
1418 case 0xf8:
1419 /* read all data */
1420 ide_atapi_cmd_read(s, lba, nb_sectors, 2352);
1421 break;
1422 default:
1423 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1424 ASC_INV_FIELD_IN_CMD_PACKET);
1425 break;
1426 }
1427 }
1428 break;
1429 case GPCMD_SEEK:
1430 {
1431 unsigned int lba;
1432 uint64_t total_sectors;
1433
1434 bdrv_get_geometry(s->bs, &total_sectors);
1435 total_sectors >>= 2;
1436 if (total_sectors == 0) {
1437 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1438 ASC_MEDIUM_NOT_PRESENT);
1439 break;
1440 }
1441 lba = ube32_to_cpu(packet + 2);
1442 if (lba >= total_sectors) {
1443 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1444 ASC_LOGICAL_BLOCK_OOR);
1445 break;
1446 }
1447 ide_atapi_cmd_ok(s);
1448 }
1449 break;
1450 case GPCMD_START_STOP_UNIT:
1451 {
1452 int start, eject, sense, err = 0;
1453 start = packet[4] & 1;
1454 eject = (packet[4] >> 1) & 1;
1455
1456 if (eject) {
1457 err = bdrv_eject(s->bs, !start);
1458 }
1459
1460 switch (err) {
1461 case 0:
1462 ide_atapi_cmd_ok(s);
1463 break;
1464 case -EBUSY:
1465 sense = SENSE_NOT_READY;
1466 if (bdrv_is_inserted(s->bs)) {
1467 sense = SENSE_ILLEGAL_REQUEST;
1468 }
1469 ide_atapi_cmd_error(s, sense,
1470 ASC_MEDIA_REMOVAL_PREVENTED);
1471 break;
1472 default:
1473 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1474 ASC_MEDIUM_NOT_PRESENT);
1475 break;
1476 }
1477 }
1478 break;
1479 case GPCMD_MECHANISM_STATUS:
1480 {
1481 max_len = ube16_to_cpu(packet + 8);
1482 cpu_to_ube16(buf, 0);
1483 /* no current LBA */
1484 buf[2] = 0;
1485 buf[3] = 0;
1486 buf[4] = 0;
1487 buf[5] = 1;
1488 cpu_to_ube16(buf + 6, 0);
1489 ide_atapi_cmd_reply(s, 8, max_len);
1490 }
1491 break;
1492 case GPCMD_READ_TOC_PMA_ATIP:
1493 {
1494 int format, msf, start_track, len;
1495 uint64_t total_sectors;
1496
1497 bdrv_get_geometry(s->bs, &total_sectors);
1498 total_sectors >>= 2;
1499 if (total_sectors == 0) {
1500 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1501 ASC_MEDIUM_NOT_PRESENT);
1502 break;
1503 }
1504 max_len = ube16_to_cpu(packet + 7);
1505 format = packet[9] >> 6;
1506 msf = (packet[1] >> 1) & 1;
1507 start_track = packet[6];
1508 switch(format) {
1509 case 0:
1510 len = cdrom_read_toc(total_sectors, buf, msf, start_track);
1511 if (len < 0)
1512 goto error_cmd;
1513 ide_atapi_cmd_reply(s, len, max_len);
1514 break;
1515 case 1:
1516 /* multi session : only a single session defined */
1517 memset(buf, 0, 12);
1518 buf[1] = 0x0a;
1519 buf[2] = 0x01;
1520 buf[3] = 0x01;
1521 ide_atapi_cmd_reply(s, 12, max_len);
1522 break;
1523 case 2:
1524 len = cdrom_read_toc_raw(total_sectors, buf, msf, start_track);
1525 if (len < 0)
1526 goto error_cmd;
1527 ide_atapi_cmd_reply(s, len, max_len);
1528 break;
1529 default:
1530 error_cmd:
1531 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1532 ASC_INV_FIELD_IN_CMD_PACKET);
1533 break;
1534 }
1535 }
1536 break;
1537 case GPCMD_READ_CDVD_CAPACITY:
1538 {
1539 uint64_t total_sectors;
1540
1541 bdrv_get_geometry(s->bs, &total_sectors);
1542 total_sectors >>= 2;
1543 if (total_sectors == 0) {
1544 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1545 ASC_MEDIUM_NOT_PRESENT);
1546 break;
1547 }
1548 /* NOTE: it is really the number of sectors minus 1 */
1549 cpu_to_ube32(buf, total_sectors - 1);
1550 cpu_to_ube32(buf + 4, 2048);
1551 ide_atapi_cmd_reply(s, 8, 8);
1552 }
1553 break;
1554 case GPCMD_READ_DVD_STRUCTURE:
1555 {
1556 int media = packet[1];
1557 int format = packet[7];
1558 int ret;
1559
1560 max_len = ube16_to_cpu(packet + 8);
1561
1562 if (format < 0xff) {
1563 if (media_is_cd(s)) {
1564 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1565 ASC_INCOMPATIBLE_FORMAT);
1566 break;
1567 } else if (!media_present(s)) {
1568 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1569 ASC_INV_FIELD_IN_CMD_PACKET);
1570 break;
1571 }
1572 }
1573
1574 memset(buf, 0, max_len > IDE_DMA_BUF_SECTORS * 512 + 4 ?
1575 IDE_DMA_BUF_SECTORS * 512 + 4 : max_len);
1576
1577 switch (format) {
1578 case 0x00 ... 0x7f:
1579 case 0xff:
1580 if (media == 0) {
1581 ret = ide_dvd_read_structure(s, format, packet, buf);
1582
1583 if (ret < 0)
1584 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST, -ret);
1585 else
1586 ide_atapi_cmd_reply(s, ret, max_len);
1587
1588 break;
1589 }
1590 /* TODO: BD support, fall through for now */
1591
1592 /* Generic disk structures */
1593 case 0x80: /* TODO: AACS volume identifier */
1594 case 0x81: /* TODO: AACS media serial number */
1595 case 0x82: /* TODO: AACS media identifier */
1596 case 0x83: /* TODO: AACS media key block */
1597 case 0x90: /* TODO: List of recognized format layers */
1598 case 0xc0: /* TODO: Write protection status */
1599 default:
1600 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1601 ASC_INV_FIELD_IN_CMD_PACKET);
1602 break;
1603 }
1604 }
1605 break;
1606 case GPCMD_SET_SPEED:
1607 ide_atapi_cmd_ok(s);
1608 break;
1609 case GPCMD_INQUIRY:
1610 max_len = packet[4];
1611 buf[0] = 0x05; /* CD-ROM */
1612 buf[1] = 0x80; /* removable */
1613 buf[2] = 0x00; /* ISO */
1614 buf[3] = 0x21; /* ATAPI-2 (XXX: put ATAPI-4 ?) */
1615 buf[4] = 31; /* additional length */
1616 buf[5] = 0; /* reserved */
1617 buf[6] = 0; /* reserved */
1618 buf[7] = 0; /* reserved */
1619 padstr8(buf + 8, 8, "QEMU");
1620 padstr8(buf + 16, 16, "QEMU DVD-ROM");
1621 padstr8(buf + 32, 4, s->version);
1622 ide_atapi_cmd_reply(s, 36, max_len);
1623 break;
1624 case GPCMD_GET_CONFIGURATION:
1625 {
1626 uint32_t len;
1627 uint8_t index = 0;
1628
1629 /* only feature 0 is supported */
1630 if (packet[2] != 0 || packet[3] != 0) {
1631 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1632 ASC_INV_FIELD_IN_CMD_PACKET);
1633 break;
1634 }
1635
1636 /* XXX: could result in alignment problems in some architectures */
1637 max_len = ube16_to_cpu(packet + 7);
1638
1639 /*
1640 * XXX: avoid overflow for io_buffer if max_len is bigger than
1641 * the size of that buffer (dimensioned to max number of
1642 * sectors to transfer at once)
1643 *
1644 * Only a problem if the feature/profiles grow.
1645 */
1646 if (max_len > 512) /* XXX: assume 1 sector */
1647 max_len = 512;
1648
1649 memset(buf, 0, max_len);
1650 /*
1651 * the number of sectors from the media tells us which profile
1652 * to use as current. 0 means there is no media
1653 */
1654 if (media_is_dvd(s))
1655 cpu_to_ube16(buf + 6, MMC_PROFILE_DVD_ROM);
1656 else if (media_is_cd(s))
1657 cpu_to_ube16(buf + 6, MMC_PROFILE_CD_ROM);
1658
1659 buf[10] = 0x02 | 0x01; /* persistent and current */
1660 len = 12; /* headers: 8 + 4 */
1661 len += ide_atapi_set_profile(buf, &index, MMC_PROFILE_DVD_ROM);
1662 len += ide_atapi_set_profile(buf, &index, MMC_PROFILE_CD_ROM);
1663 cpu_to_ube32(buf, len - 4); /* data length */
1664
1665 ide_atapi_cmd_reply(s, len, max_len);
1666 break;
1667 }
1668 case GPCMD_GET_EVENT_STATUS_NOTIFICATION:
1669 handle_get_event_status_notification(s, buf, packet);
1670 break;
1671 default:
1672 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1673 ASC_ILLEGAL_OPCODE);
1674 break;
1675 }
1676 }
1677
1678 static void ide_cfata_metadata_inquiry(IDEState *s)
1679 {
1680 uint16_t *p;
1681 uint32_t spd;
1682
1683 p = (uint16_t *) s->io_buffer;
1684 memset(p, 0, 0x200);
1685 spd = ((s->mdata_size - 1) >> 9) + 1;
1686
1687 put_le16(p + 0, 0x0001); /* Data format revision */
1688 put_le16(p + 1, 0x0000); /* Media property: silicon */
1689 put_le16(p + 2, s->media_changed); /* Media status */
1690 put_le16(p + 3, s->mdata_size & 0xffff); /* Capacity in bytes (low) */
1691 put_le16(p + 4, s->mdata_size >> 16); /* Capacity in bytes (high) */
1692 put_le16(p + 5, spd & 0xffff); /* Sectors per device (low) */
1693 put_le16(p + 6, spd >> 16); /* Sectors per device (high) */
1694 }
1695
1696 static void ide_cfata_metadata_read(IDEState *s)
1697 {
1698 uint16_t *p;
1699
1700 if (((s->hcyl << 16) | s->lcyl) << 9 > s->mdata_size + 2) {
1701 s->status = ERR_STAT;
1702 s->error = ABRT_ERR;
1703 return;
1704 }
1705
1706 p = (uint16_t *) s->io_buffer;
1707 memset(p, 0, 0x200);
1708
1709 put_le16(p + 0, s->media_changed); /* Media status */
1710 memcpy(p + 1, s->mdata_storage + (((s->hcyl << 16) | s->lcyl) << 9),
1711 MIN(MIN(s->mdata_size - (((s->hcyl << 16) | s->lcyl) << 9),
1712 s->nsector << 9), 0x200 - 2));
1713 }
1714
1715 static void ide_cfata_metadata_write(IDEState *s)
1716 {
1717 if (((s->hcyl << 16) | s->lcyl) << 9 > s->mdata_size + 2) {
1718 s->status = ERR_STAT;
1719 s->error = ABRT_ERR;
1720 return;
1721 }
1722
1723 s->media_changed = 0;
1724
1725 memcpy(s->mdata_storage + (((s->hcyl << 16) | s->lcyl) << 9),
1726 s->io_buffer + 2,
1727 MIN(MIN(s->mdata_size - (((s->hcyl << 16) | s->lcyl) << 9),
1728 s->nsector << 9), 0x200 - 2));
1729 }
1730
1731 /* called when the inserted state of the media has changed */
1732 static void cdrom_change_cb(void *opaque, int reason)
1733 {
1734 IDEState *s = opaque;
1735 uint64_t nb_sectors;
1736
1737 if (!(reason & CHANGE_MEDIA)) {
1738 return;
1739 }
1740
1741 bdrv_get_geometry(s->bs, &nb_sectors);
1742 s->nb_sectors = nb_sectors;
1743
1744 /*
1745 * First indicate to the guest that a CD has been removed. That's
1746 * done on the next command the guest sends us.
1747 *
1748 * Then we set SENSE_UNIT_ATTENTION, by which the guest will
1749 * detect a new CD in the drive. See ide_atapi_cmd() for details.
1750 */
1751 s->cdrom_changed = 1;
1752 s->events.new_media = true;
1753 ide_set_irq(s->bus);
1754 }
1755
1756 static void ide_cmd_lba48_transform(IDEState *s, int lba48)
1757 {
1758 s->lba48 = lba48;
1759
1760 /* handle the 'magic' 0 nsector count conversion here. to avoid
1761 * fiddling with the rest of the read logic, we just store the
1762 * full sector count in ->nsector and ignore ->hob_nsector from now
1763 */
1764 if (!s->lba48) {
1765 if (!s->nsector)
1766 s->nsector = 256;
1767 } else {
1768 if (!s->nsector && !s->hob_nsector)
1769 s->nsector = 65536;
1770 else {
1771 int lo = s->nsector;
1772 int hi = s->hob_nsector;
1773
1774 s->nsector = (hi << 8) | lo;
1775 }
1776 }
1777 }
1778
1779 static void ide_clear_hob(IDEBus *bus)
1780 {
1781 /* any write clears HOB high bit of device control register */
1782 bus->ifs[0].select &= ~(1 << 7);
1783 bus->ifs[1].select &= ~(1 << 7);
1784 }
1785
1786 void ide_ioport_write(void *opaque, uint32_t addr, uint32_t val)
1787 {
1788 IDEBus *bus = opaque;
1789
1790 #ifdef DEBUG_IDE
1791 printf("IDE: write addr=0x%x val=0x%02x\n", addr, val);
1792 #endif
1793
1794 addr &= 7;
1795
1796 /* ignore writes to command block while busy with previous command */
1797 if (addr != 7 && (idebus_active_if(bus)->status & (BUSY_STAT|DRQ_STAT)))
1798 return;
1799
1800 switch(addr) {
1801 case 0:
1802 break;
1803 case 1:
1804 ide_clear_hob(bus);
1805 /* NOTE: data is written to the two drives */
1806 bus->ifs[0].hob_feature = bus->ifs[0].feature;
1807 bus->ifs[1].hob_feature = bus->ifs[1].feature;
1808 bus->ifs[0].feature = val;
1809 bus->ifs[1].feature = val;
1810 break;
1811 case 2:
1812 ide_clear_hob(bus);
1813 bus->ifs[0].hob_nsector = bus->ifs[0].nsector;
1814 bus->ifs[1].hob_nsector = bus->ifs[1].nsector;
1815 bus->ifs[0].nsector = val;
1816 bus->ifs[1].nsector = val;
1817 break;
1818 case 3:
1819 ide_clear_hob(bus);
1820 bus->ifs[0].hob_sector = bus->ifs[0].sector;
1821 bus->ifs[1].hob_sector = bus->ifs[1].sector;
1822 bus->ifs[0].sector = val;
1823 bus->ifs[1].sector = val;
1824 break;
1825 case 4:
1826 ide_clear_hob(bus);
1827 bus->ifs[0].hob_lcyl = bus->ifs[0].lcyl;
1828 bus->ifs[1].hob_lcyl = bus->ifs[1].lcyl;
1829 bus->ifs[0].lcyl = val;
1830 bus->ifs[1].lcyl = val;
1831 break;
1832 case 5:
1833 ide_clear_hob(bus);
1834 bus->ifs[0].hob_hcyl = bus->ifs[0].hcyl;
1835 bus->ifs[1].hob_hcyl = bus->ifs[1].hcyl;
1836 bus->ifs[0].hcyl = val;
1837 bus->ifs[1].hcyl = val;
1838 break;
1839 case 6:
1840 /* FIXME: HOB readback uses bit 7 */
1841 bus->ifs[0].select = (val & ~0x10) | 0xa0;
1842 bus->ifs[1].select = (val | 0x10) | 0xa0;
1843 /* select drive */
1844 bus->unit = (val >> 4) & 1;
1845 break;
1846 default:
1847 case 7:
1848 /* command */
1849 ide_exec_cmd(bus, val);
1850 break;
1851 }
1852 }
1853
1854
1855 void ide_exec_cmd(IDEBus *bus, uint32_t val)
1856 {
1857 IDEState *s;
1858 int n;
1859 int lba48 = 0;
1860
1861 #if defined(DEBUG_IDE)
1862 printf("ide: CMD=%02x\n", val);
1863 #endif
1864 s = idebus_active_if(bus);
1865 /* ignore commands to non existant slave */
1866 if (s != bus->ifs && !s->bs)
1867 return;
1868
1869 /* Only DEVICE RESET is allowed while BSY or/and DRQ are set */
1870 if ((s->status & (BUSY_STAT|DRQ_STAT)) && val != WIN_DEVICE_RESET)
1871 return;
1872
1873 switch(val) {
1874 case WIN_IDENTIFY:
1875 if (s->bs && s->drive_kind != IDE_CD) {
1876 if (s->drive_kind != IDE_CFATA)
1877 ide_identify(s);
1878 else
1879 ide_cfata_identify(s);
1880 s->status = READY_STAT | SEEK_STAT;
1881 ide_transfer_start(s, s->io_buffer, 512, ide_transfer_stop);
1882 } else {
1883 if (s->drive_kind == IDE_CD) {
1884 ide_set_signature(s);
1885 }
1886 ide_abort_command(s);
1887 }
1888 ide_set_irq(s->bus);
1889 break;
1890 case WIN_SPECIFY:
1891 case WIN_RECAL:
1892 s->error = 0;
1893 s->status = READY_STAT | SEEK_STAT;
1894 ide_set_irq(s->bus);
1895 break;
1896 case WIN_SETMULT:
1897 if (s->drive_kind == IDE_CFATA && s->nsector == 0) {
1898 /* Disable Read and Write Multiple */
1899 s->mult_sectors = 0;
1900 s->status = READY_STAT | SEEK_STAT;
1901 } else if ((s->nsector & 0xff) != 0 &&
1902 ((s->nsector & 0xff) > MAX_MULT_SECTORS ||
1903 (s->nsector & (s->nsector - 1)) != 0)) {
1904 ide_abort_command(s);
1905 } else {
1906 s->mult_sectors = s->nsector & 0xff;
1907 s->status = READY_STAT | SEEK_STAT;
1908 }
1909 ide_set_irq(s->bus);
1910 break;
1911 case WIN_VERIFY_EXT:
1912 lba48 = 1;
1913 case WIN_VERIFY:
1914 case WIN_VERIFY_ONCE:
1915 /* do sector number check ? */
1916 ide_cmd_lba48_transform(s, lba48);
1917 s->status = READY_STAT | SEEK_STAT;
1918 ide_set_irq(s->bus);
1919 break;
1920 case WIN_READ_EXT:
1921 lba48 = 1;
1922 case WIN_READ:
1923 case WIN_READ_ONCE:
1924 if (!s->bs)
1925 goto abort_cmd;
1926 ide_cmd_lba48_transform(s, lba48);
1927 s->req_nb_sectors = 1;
1928 ide_sector_read(s);
1929 break;
1930 case WIN_WRITE_EXT:
1931 lba48 = 1;
1932 case WIN_WRITE:
1933 case WIN_WRITE_ONCE:
1934 case CFA_WRITE_SECT_WO_ERASE:
1935 case WIN_WRITE_VERIFY:
1936 ide_cmd_lba48_transform(s, lba48);
1937 s->error = 0;
1938 s->status = SEEK_STAT | READY_STAT;
1939 s->req_nb_sectors = 1;
1940 ide_transfer_start(s, s->io_buffer, 512, ide_sector_write);
1941 s->media_changed = 1;
1942 break;
1943 case WIN_MULTREAD_EXT:
1944 lba48 = 1;
1945 case WIN_MULTREAD:
1946 if (!s->mult_sectors)
1947 goto abort_cmd;
1948 ide_cmd_lba48_transform(s, lba48);
1949 s->req_nb_sectors = s->mult_sectors;
1950 ide_sector_read(s);
1951 break;
1952 case WIN_MULTWRITE_EXT:
1953 lba48 = 1;
1954 case WIN_MULTWRITE:
1955 case CFA_WRITE_MULTI_WO_ERASE:
1956 if (!s->mult_sectors)
1957 goto abort_cmd;
1958 ide_cmd_lba48_transform(s, lba48);
1959 s->error = 0;
1960 s->status = SEEK_STAT | READY_STAT;
1961 s->req_nb_sectors = s->mult_sectors;
1962 n = s->nsector;
1963 if (n > s->req_nb_sectors)
1964 n = s->req_nb_sectors;
1965 ide_transfer_start(s, s->io_buffer, 512 * n, ide_sector_write);
1966 s->media_changed = 1;
1967 break;
1968 case WIN_READDMA_EXT:
1969 lba48 = 1;
1970 case WIN_READDMA:
1971 case WIN_READDMA_ONCE:
1972 if (!s->bs)
1973 goto abort_cmd;
1974 ide_cmd_lba48_transform(s, lba48);
1975 ide_sector_start_dma(s, 1);
1976 break;
1977 case WIN_WRITEDMA_EXT:
1978 lba48 = 1;
1979 case WIN_WRITEDMA:
1980 case WIN_WRITEDMA_ONCE:
1981 if (!s->bs)
1982 goto abort_cmd;
1983 ide_cmd_lba48_transform(s, lba48);
1984 ide_sector_start_dma(s, 0);
1985 s->media_changed = 1;
1986 break;
1987 case WIN_READ_NATIVE_MAX_EXT:
1988 lba48 = 1;
1989 case WIN_READ_NATIVE_MAX:
1990 ide_cmd_lba48_transform(s, lba48);
1991 ide_set_sector(s, s->nb_sectors - 1);
1992 s->status = READY_STAT | SEEK_STAT;
1993 ide_set_irq(s->bus);
1994 break;
1995 case WIN_CHECKPOWERMODE1:
1996 case WIN_CHECKPOWERMODE2:
1997 s->error = 0;
1998 s->nsector = 0xff; /* device active or idle */
1999 s->status = READY_STAT | SEEK_STAT;
2000 ide_set_irq(s->bus);
2001 break;
2002 case WIN_SETFEATURES:
2003 if (!s->bs)
2004 goto abort_cmd;
2005 /* XXX: valid for CDROM ? */
2006 switch(s->feature) {
2007 case 0xcc: /* reverting to power-on defaults enable */
2008 case 0x66: /* reverting to power-on defaults disable */
2009 case 0x02: /* write cache enable */
2010 case 0x82: /* write cache disable */
2011 case 0xaa: /* read look-ahead enable */
2012 case 0x55: /* read look-ahead disable */
2013 case 0x05: /* set advanced power management mode */
2014 case 0x85: /* disable advanced power management mode */
2015 case 0x69: /* NOP */
2016 case 0x67: /* NOP */
2017 case 0x96: /* NOP */
2018 case 0x9a: /* NOP */
2019 case 0x42: /* enable Automatic Acoustic Mode */
2020 case 0xc2: /* disable Automatic Acoustic Mode */
2021 s->status = READY_STAT | SEEK_STAT;
2022 ide_set_irq(s->bus);
2023 break;
2024 case 0x03: { /* set transfer mode */
2025 uint8_t val = s->nsector & 0x07;
2026 uint16_t *identify_data = (uint16_t *)s->identify_data;
2027
2028 switch (s->nsector >> 3) {
2029 case 0x00: /* pio default */
2030 case 0x01: /* pio mode */
2031 put_le16(identify_data + 62,0x07);
2032 put_le16(identify_data + 63,0x07);
2033 put_le16(identify_data + 88,0x3f);
2034 break;
2035 case 0x02: /* sigle word dma mode*/
2036 put_le16(identify_data + 62,0x07 | (1 << (val + 8)));
2037 put_le16(identify_data + 63,0x07);
2038 put_le16(identify_data + 88,0x3f);
2039 break;
2040 case 0x04: /* mdma mode */
2041 put_le16(identify_data + 62,0x07);
2042 put_le16(identify_data + 63,0x07 | (1 << (val + 8)));
2043 put_le16(identify_data + 88,0x3f);
2044 break;
2045 case 0x08: /* udma mode */
2046 put_le16(identify_data + 62,0x07);
2047 put_le16(identify_data + 63,0x07);
2048 put_le16(identify_data + 88,0x3f | (1 << (val + 8)));
2049 break;
2050 default:
2051 goto abort_cmd;
2052 }
2053 s->status = READY_STAT | SEEK_STAT;
2054 ide_set_irq(s->bus);
2055 break;
2056 }
2057 default:
2058 goto abort_cmd;
2059 }
2060 break;
2061 case WIN_FLUSH_CACHE:
2062 case WIN_FLUSH_CACHE_EXT:
2063 ide_flush_cache(s);
2064 break;
2065 case WIN_STANDBY:
2066 case WIN_STANDBY2:
2067 case WIN_STANDBYNOW1:
2068 case WIN_STANDBYNOW2:
2069 case WIN_IDLEIMMEDIATE:
2070 case CFA_IDLEIMMEDIATE:
2071 case WIN_SETIDLE1:
2072 case WIN_SETIDLE2:
2073 case WIN_SLEEPNOW1:
2074 case WIN_SLEEPNOW2:
2075 s->status = READY_STAT;
2076 ide_set_irq(s->bus);
2077 break;
2078 case WIN_SEEK:
2079 if(s->drive_kind == IDE_CD)
2080 goto abort_cmd;
2081 /* XXX: Check that seek is within bounds */
2082 s->status = READY_STAT | SEEK_STAT;
2083 ide_set_irq(s->bus);
2084 break;
2085 /* ATAPI commands */
2086 case WIN_PIDENTIFY:
2087 if (s->drive_kind == IDE_CD) {
2088 ide_atapi_identify(s);
2089 s->status = READY_STAT | SEEK_STAT;
2090 ide_transfer_start(s, s->io_buffer, 512, ide_transfer_stop);
2091 } else {
2092 ide_abort_command(s);
2093 }
2094 ide_set_irq(s->bus);
2095 break;
2096 case WIN_DIAGNOSE:
2097 ide_set_signature(s);
2098 if (s->drive_kind == IDE_CD)
2099 s->status = 0; /* ATAPI spec (v6) section 9.10 defines packet
2100 * devices to return a clear status register
2101 * with READY_STAT *not* set. */
2102 else
2103 s->status = READY_STAT | SEEK_STAT;
2104 s->error = 0x01; /* Device 0 passed, Device 1 passed or not
2105 * present.
2106 */
2107 ide_set_irq(s->bus);
2108 break;
2109 case WIN_SRST:
2110 if (s->drive_kind != IDE_CD)
2111 goto abort_cmd;
2112 ide_set_signature(s);
2113 s->status = 0x00; /* NOTE: READY is _not_ set */
2114 s->error = 0x01;
2115 break;
2116 case WIN_PACKETCMD:
2117 if (s->drive_kind != IDE_CD)
2118 goto abort_cmd;
2119 /* overlapping commands not supported */
2120 if (s->feature & 0x02)
2121 goto abort_cmd;
2122 s->status = READY_STAT | SEEK_STAT;
2123 s->atapi_dma = s->feature & 1;
2124 s->nsector = 1;
2125 ide_transfer_start(s, s->io_buffer, ATAPI_PACKET_SIZE,
2126 ide_atapi_cmd);
2127 break;
2128 /* CF-ATA commands */
2129 case CFA_REQ_EXT_ERROR_CODE:
2130 if (s->drive_kind != IDE_CFATA)
2131 goto abort_cmd;
2132 s->error = 0x09; /* miscellaneous error */
2133 s->status = READY_STAT | SEEK_STAT;
2134 ide_set_irq(s->bus);
2135 break;
2136 case CFA_ERASE_SECTORS:
2137 case CFA_WEAR_LEVEL:
2138 if (s->drive_kind != IDE_CFATA)
2139 goto abort_cmd;
2140 if (val == CFA_WEAR_LEVEL)
2141 s->nsector = 0;
2142 if (val == CFA_ERASE_SECTORS)
2143 s->media_changed = 1;
2144 s->error = 0x00;
2145 s->status = READY_STAT | SEEK_STAT;
2146 ide_set_irq(s->bus);
2147 break;
2148 case CFA_TRANSLATE_SECTOR:
2149 if (s->drive_kind != IDE_CFATA)
2150 goto abort_cmd;
2151 s->error = 0x00;
2152 s->status = READY_STAT | SEEK_STAT;
2153 memset(s->io_buffer, 0, 0x200);
2154 s->io_buffer[0x00] = s->hcyl; /* Cyl MSB */
2155 s->io_buffer[0x01] = s->lcyl; /* Cyl LSB */
2156 s->io_buffer[0x02] = s->select; /* Head */
2157 s->io_buffer[0x03] = s->sector; /* Sector */
2158 s->io_buffer[0x04] = ide_get_sector(s) >> 16; /* LBA MSB */
2159 s->io_buffer[0x05] = ide_get_sector(s) >> 8; /* LBA */
2160 s->io_buffer[0x06] = ide_get_sector(s) >> 0; /* LBA LSB */
2161 s->io_buffer[0x13] = 0x00; /* Erase flag */
2162 s->io_buffer[0x18] = 0x00; /* Hot count */
2163 s->io_buffer[0x19] = 0x00; /* Hot count */
2164 s->io_buffer[0x1a] = 0x01; /* Hot count */
2165 ide_transfer_start(s, s->io_buffer, 0x200, ide_transfer_stop);
2166 ide_set_irq(s->bus);
2167 break;
2168 case CFA_ACCESS_METADATA_STORAGE:
2169 if (s->drive_kind != IDE_CFATA)
2170 goto abort_cmd;
2171 switch (s->feature) {
2172 case 0x02: /* Inquiry Metadata Storage */
2173 ide_cfata_metadata_inquiry(s);
2174 break;
2175 case 0x03: /* Read Metadata Storage */
2176 ide_cfata_metadata_read(s);
2177 break;
2178 case 0x04: /* Write Metadata Storage */
2179 ide_cfata_metadata_write(s);
2180 break;
2181 default:
2182 goto abort_cmd;
2183 }
2184 ide_transfer_start(s, s->io_buffer, 0x200, ide_transfer_stop);
2185 s->status = 0x00; /* NOTE: READY is _not_ set */
2186 ide_set_irq(s->bus);
2187 break;
2188 case IBM_SENSE_CONDITION:
2189 if (s->drive_kind != IDE_CFATA)
2190 goto abort_cmd;
2191 switch (s->feature) {
2192 case 0x01: /* sense temperature in device */
2193 s->nsector = 0x50; /* +20 C */
2194 break;
2195 default:
2196 goto abort_cmd;
2197 }
2198 s->status = READY_STAT | SEEK_STAT;
2199 ide_set_irq(s->bus);
2200 break;
2201
2202 case WIN_SMART:
2203 if (s->drive_kind == IDE_CD)
2204 goto abort_cmd;
2205 if (s->hcyl != 0xc2 || s->lcyl != 0x4f)
2206 goto abort_cmd;
2207 if (!s->smart_enabled && s->feature != SMART_ENABLE)
2208 goto abort_cmd;
2209 switch (s->feature) {
2210 case SMART_DISABLE:
2211 s->smart_enabled = 0;
2212 s->status = READY_STAT | SEEK_STAT;
2213 ide_set_irq(s->bus);
2214 break;
2215 case SMART_ENABLE:
2216 s->smart_enabled = 1;
2217 s->status = READY_STAT | SEEK_STAT;
2218 ide_set_irq(s->bus);
2219 break;
2220 case SMART_ATTR_AUTOSAVE:
2221 switch (s->sector) {
2222 case 0x00:
2223 s->smart_autosave = 0;
2224 break;
2225 case 0xf1:
2226 s->smart_autosave = 1;
2227 break;
2228 default:
2229 goto abort_cmd;
2230 }
2231 s->status = READY_STAT | SEEK_STAT;
2232 ide_set_irq(s->bus);
2233 break;
2234 case SMART_STATUS:
2235 if (!s->smart_errors) {
2236 s->hcyl = 0xc2;
2237 s->lcyl = 0x4f;
2238 } else {
2239 s->hcyl = 0x2c;
2240 s->lcyl = 0xf4;
2241 }
2242 s->status = READY_STAT | SEEK_STAT;
2243 ide_set_irq(s->bus);
2244 break;
2245 case SMART_READ_THRESH:
2246 memset(s->io_buffer, 0, 0x200);
2247 s->io_buffer[0] = 0x01; /* smart struct version */
2248 for (n=0; n<30; n++) {
2249 if (smart_attributes[n][0] == 0)
2250 break;
2251 s->io_buffer[2+0+(n*12)] = smart_attributes[n][0];
2252 s->io_buffer[2+1+(n*12)] = smart_attributes[n][11];
2253 }
2254 for (n=0; n<511; n++) /* checksum */
2255 s->io_buffer[511] += s->io_buffer[n];
2256 s->io_buffer[511] = 0x100 - s->io_buffer[511];
2257 s->status = READY_STAT | SEEK_STAT;
2258 ide_transfer_start(s, s->io_buffer, 0x200, ide_transfer_stop);
2259 ide_set_irq(s->bus);
2260 break;
2261 case SMART_READ_DATA:
2262 memset(s->io_buffer, 0, 0x200);
2263 s->io_buffer[0] = 0x01; /* smart struct version */
2264 for (n=0; n<30; n++) {
2265 if (smart_attributes[n][0] == 0) {
2266 break;
2267 }
2268 int i;
2269 for(i = 0; i < 11; i++) {
2270 s->io_buffer[2+i+(n*12)] = smart_attributes[n][i];
2271 }
2272 }
2273 s->io_buffer[362] = 0x02 | (s->smart_autosave?0x80:0x00);
2274 if (s->smart_selftest_count == 0) {
2275 s->io_buffer[363] = 0;
2276 } else {
2277 s->io_buffer[363] =
2278 s->smart_selftest_data[3 +
2279 (s->smart_selftest_count - 1) *
2280 24];
2281 }
2282 s->io_buffer[364] = 0x20;
2283 s->io_buffer[365] = 0x01;
2284 /* offline data collection capacity: execute + self-test*/
2285 s->io_buffer[367] = (1<<4 | 1<<3 | 1);
2286 s->io_buffer[368] = 0x03; /* smart capability (1) */
2287 s->io_buffer[369] = 0x00; /* smart capability (2) */
2288 s->io_buffer[370] = 0x01; /* error logging supported */
2289 s->io_buffer[372] = 0x02; /* minutes for poll short test */
2290 s->io_buffer[373] = 0x36; /* minutes for poll ext test */
2291 s->io_buffer[374] = 0x01; /* minutes for poll conveyance */
2292
2293 for (n=0; n<511; n++)
2294 s->io_buffer[511] += s->io_buffer[n];
2295 s->io_buffer[511] = 0x100 - s->io_buffer[511];
2296 s->status = READY_STAT | SEEK_STAT;
2297 ide_transfer_start(s, s->io_buffer, 0x200, ide_transfer_stop);
2298 ide_set_irq(s->bus);
2299 break;
2300 case SMART_READ_LOG:
2301 switch (s->sector) {
2302 case 0x01: /* summary smart error log */
2303 memset(s->io_buffer, 0, 0x200);
2304 s->io_buffer[0] = 0x01;
2305 s->io_buffer[1] = 0x00; /* no error entries */
2306 s->io_buffer[452] = s->smart_errors & 0xff;
2307 s->io_buffer[453] = (s->smart_errors & 0xff00) >> 8;
2308
2309 for (n=0; n<511; n++)
2310 s->io_buffer[511] += s->io_buffer[n];
2311 s->io_buffer[511] = 0x100 - s->io_buffer[511];
2312 break;
2313 case 0x06: /* smart self test log */
2314 memset(s->io_buffer, 0, 0x200);
2315 s->io_buffer[0] = 0x01;
2316 if (s->smart_selftest_count == 0) {
2317 s->io_buffer[508] = 0;
2318 } else {
2319 s->io_buffer[508] = s->smart_selftest_count;
2320 for (n=2; n<506; n++)
2321 s->io_buffer[n] = s->smart_selftest_data[n];
2322 }
2323 for (n=0; n<511; n++)
2324 s->io_buffer[511] += s->io_buffer[n];
2325 s->io_buffer[511] = 0x100 - s->io_buffer[511];
2326 break;
2327 default:
2328 goto abort_cmd;
2329 }
2330 s->status = READY_STAT | SEEK_STAT;
2331 ide_transfer_start(s, s->io_buffer, 0x200, ide_transfer_stop);
2332 ide_set_irq(s->bus);
2333 break;
2334 case SMART_EXECUTE_OFFLINE:
2335 switch (s->sector) {
2336 case 0: /* off-line routine */
2337 case 1: /* short self test */
2338 case 2: /* extended self test */
2339 s->smart_selftest_count++;
2340 if(s->smart_selftest_count > 21)
2341 s->smart_selftest_count = 0;
2342 n = 2 + (s->smart_selftest_count - 1) * 24;
2343 s->smart_selftest_data[n] = s->sector;
2344 s->smart_selftest_data[n+1] = 0x00; /* OK and finished */
2345 s->smart_selftest_data[n+2] = 0x34; /* hour count lsb */
2346 s->smart_selftest_data[n+3] = 0x12; /* hour count msb */
2347 s->status = READY_STAT | SEEK_STAT;
2348 ide_set_irq(s->bus);
2349 break;
2350 default:
2351 goto abort_cmd;
2352 }
2353 break;
2354 default:
2355 goto abort_cmd;
2356 }
2357 break;
2358 default:
2359 abort_cmd:
2360 ide_abort_command(s);
2361 ide_set_irq(s->bus);
2362 break;
2363 }
2364 }
2365
2366 uint32_t ide_ioport_read(void *opaque, uint32_t addr1)
2367 {
2368 IDEBus *bus = opaque;
2369 IDEState *s = idebus_active_if(bus);
2370 uint32_t addr;
2371 int ret, hob;
2372
2373 addr = addr1 & 7;
2374 /* FIXME: HOB readback uses bit 7, but it's always set right now */
2375 //hob = s->select & (1 << 7);
2376 hob = 0;
2377 switch(addr) {
2378 case 0:
2379 ret = 0xff;
2380 break;
2381 case 1:
2382 if ((!bus->ifs[0].bs && !bus->ifs[1].bs) ||
2383 (s != bus->ifs && !s->bs))
2384 ret = 0;
2385 else if (!hob)
2386 ret = s->error;
2387 else
2388 ret = s->hob_feature;
2389 break;
2390 case 2:
2391 if (!bus->ifs[0].bs && !bus->ifs[1].bs)
2392 ret = 0;
2393 else if (!hob)
2394 ret = s->nsector & 0xff;
2395 else
2396 ret = s->hob_nsector;
2397 break;
2398 case 3:
2399 if (!bus->ifs[0].bs && !bus->ifs[1].bs)
2400 ret = 0;
2401 else if (!hob)
2402 ret = s->sector;
2403 else
2404 ret = s->hob_sector;
2405 break;
2406 case 4:
2407 if (!bus->ifs[0].bs && !bus->ifs[1].bs)
2408 ret = 0;
2409 else if (!hob)
2410 ret = s->lcyl;
2411 else
2412 ret = s->hob_lcyl;
2413 break;
2414 case 5:
2415 if (!bus->ifs[0].bs && !bus->ifs[1].bs)
2416 ret = 0;
2417 else if (!hob)
2418 ret = s->hcyl;
2419 else
2420 ret = s->hob_hcyl;
2421 break;
2422 case 6:
2423 if (!bus->ifs[0].bs && !bus->ifs[1].bs)
2424 ret = 0;
2425 else
2426 ret = s->select;
2427 break;
2428 default:
2429 case 7:
2430 if ((!bus->ifs[0].bs && !bus->ifs[1].bs) ||
2431 (s != bus->ifs && !s->bs))
2432 ret = 0;
2433 else
2434 ret = s->status;
2435 qemu_irq_lower(bus->irq);
2436 break;
2437 }
2438 #ifdef DEBUG_IDE
2439 printf("ide: read addr=0x%x val=%02x\n", addr1, ret);
2440 #endif
2441 return ret;
2442 }
2443
2444 uint32_t ide_status_read(void *opaque, uint32_t addr)
2445 {
2446 IDEBus *bus = opaque;
2447 IDEState *s = idebus_active_if(bus);
2448 int ret;
2449
2450 if ((!bus->ifs[0].bs && !bus->ifs[1].bs) ||
2451 (s != bus->ifs && !s->bs))
2452 ret = 0;
2453 else
2454 ret = s->status;
2455 #ifdef DEBUG_IDE
2456 printf("ide: read status addr=0x%x val=%02x\n", addr, ret);
2457 #endif
2458 return ret;
2459 }
2460
2461 void ide_cmd_write(void *opaque, uint32_t addr, uint32_t val)
2462 {
2463 IDEBus *bus = opaque;
2464 IDEState *s;
2465 int i;
2466
2467 #ifdef DEBUG_IDE
2468 printf("ide: write control addr=0x%x val=%02x\n", addr, val);
2469 #endif
2470 /* common for both drives */
2471 if (!(bus->cmd & IDE_CMD_RESET) &&
2472 (val & IDE_CMD_RESET)) {
2473 /* reset low to high */
2474 for(i = 0;i < 2; i++) {
2475 s = &bus->ifs[i];
2476 s->status = BUSY_STAT | SEEK_STAT;
2477 s->error = 0x01;
2478 }
2479 } else if ((bus->cmd & IDE_CMD_RESET) &&
2480 !(val & IDE_CMD_RESET)) {
2481 /* high to low */
2482 for(i = 0;i < 2; i++) {
2483 s = &bus->ifs[i];
2484 if (s->drive_kind == IDE_CD)
2485 s->status = 0x00; /* NOTE: READY is _not_ set */
2486 else
2487 s->status = READY_STAT | SEEK_STAT;
2488 ide_set_signature(s);
2489 }
2490 }
2491
2492 bus->cmd = val;
2493 }
2494
2495 void ide_data_writew(void *opaque, uint32_t addr, uint32_t val)
2496 {
2497 IDEBus *bus = opaque;
2498 IDEState *s = idebus_active_if(bus);
2499 uint8_t *p;
2500
2501 /* PIO data access allowed only when DRQ bit is set */
2502 if (!(s->status & DRQ_STAT))
2503 return;
2504
2505 p = s->data_ptr;
2506 *(uint16_t *)p = le16_to_cpu(val);
2507 p += 2;
2508 s->data_ptr = p;
2509 if (p >= s->data_end)
2510 s->end_transfer_func(s);
2511 }
2512
2513 uint32_t ide_data_readw(void *opaque, uint32_t addr)
2514 {
2515 IDEBus *bus = opaque;
2516 IDEState *s = idebus_active_if(bus);
2517 uint8_t *p;
2518 int ret;
2519
2520 /* PIO data access allowed only when DRQ bit is set */
2521 if (!(s->status & DRQ_STAT))
2522 return 0;
2523
2524 p = s->data_ptr;
2525 ret = cpu_to_le16(*(uint16_t *)p);
2526 p += 2;
2527 s->data_ptr = p;
2528 if (p >= s->data_end)
2529 s->end_transfer_func(s);
2530 return ret;
2531 }
2532
2533 void ide_data_writel(void *opaque, uint32_t addr, uint32_t val)
2534 {
2535 IDEBus *bus = opaque;
2536 IDEState *s = idebus_active_if(bus);
2537 uint8_t *p;
2538
2539 /* PIO data access allowed only when DRQ bit is set */
2540 if (!(s->status & DRQ_STAT))
2541 return;
2542
2543 p = s->data_ptr;
2544 *(uint32_t *)p = le32_to_cpu(val);
2545 p += 4;
2546 s->data_ptr = p;
2547 if (p >= s->data_end)
2548 s->end_transfer_func(s);
2549 }
2550
2551 uint32_t ide_data_readl(void *opaque, uint32_t addr)
2552 {
2553 IDEBus *bus = opaque;
2554 IDEState *s = idebus_active_if(bus);
2555 uint8_t *p;
2556 int ret;
2557
2558 /* PIO data access allowed only when DRQ bit is set */
2559 if (!(s->status & DRQ_STAT))
2560 return 0;
2561
2562 p = s->data_ptr;
2563 ret = cpu_to_le32(*(uint32_t *)p);
2564 p += 4;
2565 s->data_ptr = p;
2566 if (p >= s->data_end)
2567 s->end_transfer_func(s);
2568 return ret;
2569 }
2570
2571 static void ide_dummy_transfer_stop(IDEState *s)
2572 {
2573 s->data_ptr = s->io_buffer;
2574 s->data_end = s->io_buffer;
2575 s->io_buffer[0] = 0xff;
2576 s->io_buffer[1] = 0xff;
2577 s->io_buffer[2] = 0xff;
2578 s->io_buffer[3] = 0xff;
2579 }
2580
2581 static void ide_reset(IDEState *s)
2582 {
2583 #ifdef DEBUG_IDE
2584 printf("ide: reset\n");
2585 #endif
2586 if (s->drive_kind == IDE_CFATA)
2587 s->mult_sectors = 0;
2588 else
2589 s->mult_sectors = MAX_MULT_SECTORS;
2590 /* ide regs */
2591 s->feature = 0;
2592 s->error = 0;
2593 s->nsector = 0;
2594 s->sector = 0;
2595 s->lcyl = 0;
2596 s->hcyl = 0;
2597
2598 /* lba48 */
2599 s->hob_feature = 0;
2600 s->hob_sector = 0;
2601 s->hob_nsector = 0;
2602 s->hob_lcyl = 0;
2603 s->hob_hcyl = 0;
2604
2605 s->select = 0xa0;
2606 s->status = READY_STAT | SEEK_STAT;
2607
2608 s->lba48 = 0;
2609
2610 /* ATAPI specific */
2611 s->sense_key = 0;
2612 s->asc = 0;
2613 s->cdrom_changed = 0;
2614 s->packet_transfer_size = 0;
2615 s->elementary_transfer_size = 0;
2616 s->io_buffer_index = 0;
2617 s->cd_sector_size = 0;
2618 s->atapi_dma = 0;
2619 /* ATA DMA state */
2620 s->io_buffer_size = 0;
2621 s->req_nb_sectors = 0;
2622
2623 ide_set_signature(s);
2624 /* init the transfer handler so that 0xffff is returned on data
2625 accesses */
2626 s->end_transfer_func = ide_dummy_transfer_stop;
2627 ide_dummy_transfer_stop(s);
2628 s->media_changed = 0;
2629 }
2630
2631 void ide_bus_reset(IDEBus *bus)
2632 {
2633 bus->unit = 0;
2634 bus->cmd = 0;
2635 ide_reset(&bus->ifs[0]);
2636 ide_reset(&bus->ifs[1]);
2637 ide_clear_hob(bus);
2638
2639 /* pending async DMA */
2640 if (bus->dma->aiocb) {
2641 #ifdef DEBUG_AIO
2642 printf("aio_cancel\n");
2643 #endif
2644 bdrv_aio_cancel(bus->dma->aiocb);
2645 bus->dma->aiocb = NULL;
2646 }
2647
2648 /* reset dma provider too */
2649 bus->dma->ops->reset(bus->dma);
2650 }
2651
2652 int ide_init_drive(IDEState *s, BlockDriverState *bs,
2653 const char *version, const char *serial)
2654 {
2655 int cylinders, heads, secs;
2656 uint64_t nb_sectors;
2657
2658 s->bs = bs;
2659 bdrv_get_geometry(bs, &nb_sectors);
2660 bdrv_guess_geometry(bs, &cylinders, &heads, &secs);
2661 if (cylinders < 1 || cylinders > 16383) {
2662 error_report("cyls must be between 1 and 16383");
2663 return -1;
2664 }
2665 if (heads < 1 || heads > 16) {
2666 error_report("heads must be between 1 and 16");
2667 return -1;
2668 }
2669 if (secs < 1 || secs > 63) {
2670 error_report("secs must be between 1 and 63");
2671 return -1;
2672 }
2673 s->cylinders = cylinders;
2674 s->heads = heads;
2675 s->sectors = secs;
2676 s->nb_sectors = nb_sectors;
2677 /* The SMART values should be preserved across power cycles
2678 but they aren't. */
2679 s->smart_enabled = 1;
2680 s->smart_autosave = 1;
2681 s->smart_errors = 0;
2682 s->smart_selftest_count = 0;
2683 if (bdrv_get_type_hint(bs) == BDRV_TYPE_CDROM) {
2684 s->drive_kind = IDE_CD;
2685 bdrv_set_change_cb(bs, cdrom_change_cb, s);
2686 bs->buffer_alignment = 2048;
2687 } else {
2688 if (!bdrv_is_inserted(s->bs)) {
2689 error_report("Device needs media, but drive is empty");
2690 return -1;
2691 }
2692 if (bdrv_is_read_only(bs)) {
2693 error_report("Can't use a read-only drive");
2694 return -1;
2695 }
2696 }
2697 if (serial) {
2698 strncpy(s->drive_serial_str, serial, sizeof(s->drive_serial_str));
2699 } else {
2700 snprintf(s->drive_serial_str, sizeof(s->drive_serial_str),
2701 "QM%05d", s->drive_serial);
2702 }
2703 if (version) {
2704 pstrcpy(s->version, sizeof(s->version), version);
2705 } else {
2706 pstrcpy(s->version, sizeof(s->version), QEMU_VERSION);
2707 }
2708
2709 ide_reset(s);
2710 bdrv_set_removable(bs, s->drive_kind == IDE_CD);
2711 return 0;
2712 }
2713
2714 static void ide_init1(IDEBus *bus, int unit)
2715 {
2716 static int drive_serial = 1;
2717 IDEState *s = &bus->ifs[unit];
2718
2719 s->bus = bus;
2720 s->unit = unit;
2721 s->drive_serial = drive_serial++;
2722 /* we need at least 2k alignment for accessing CDROMs using O_DIRECT */
2723 s->io_buffer = qemu_memalign(2048, IDE_DMA_BUF_SECTORS*512 + 4);
2724 s->io_buffer_total_len = IDE_DMA_BUF_SECTORS*512 + 4;
2725 s->smart_selftest_data = qemu_blockalign(s->bs, 512);
2726 s->sector_write_timer = qemu_new_timer_ns(vm_clock,
2727 ide_sector_write_timer_cb, s);
2728 }
2729
2730 static void ide_nop_start(IDEDMA *dma, IDEState *s,
2731 BlockDriverCompletionFunc *cb)
2732 {
2733 }
2734
2735 static int ide_nop(IDEDMA *dma)
2736 {
2737 return 0;
2738 }
2739
2740 static int ide_nop_int(IDEDMA *dma, int x)
2741 {
2742 return 0;
2743 }
2744
2745 static void ide_nop_restart(void *opaque, int x, int y)
2746 {
2747 }
2748
2749 static const IDEDMAOps ide_dma_nop_ops = {
2750 .start_dma = ide_nop_start,
2751 .start_transfer = ide_nop,
2752 .prepare_buf = ide_nop_int,
2753 .rw_buf = ide_nop_int,
2754 .set_unit = ide_nop_int,
2755 .add_status = ide_nop_int,
2756 .set_inactive = ide_nop,
2757 .restart_cb = ide_nop_restart,
2758 .reset = ide_nop,
2759 };
2760
2761 static IDEDMA ide_dma_nop = {
2762 .ops = &ide_dma_nop_ops,
2763 .aiocb = NULL,
2764 };
2765
2766 void ide_init2(IDEBus *bus, qemu_irq irq)
2767 {
2768 int i;
2769
2770 for(i = 0; i < 2; i++) {
2771 ide_init1(bus, i);
2772 ide_reset(&bus->ifs[i]);
2773 }
2774 bus->irq = irq;
2775 bus->dma = &ide_dma_nop;
2776 }
2777
2778 /* TODO convert users to qdev and remove */
2779 void ide_init2_with_non_qdev_drives(IDEBus *bus, DriveInfo *hd0,
2780 DriveInfo *hd1, qemu_irq irq)
2781 {
2782 int i;
2783 DriveInfo *dinfo;
2784
2785 for(i = 0; i < 2; i++) {
2786 dinfo = i == 0 ? hd0 : hd1;
2787 ide_init1(bus, i);
2788 if (dinfo) {
2789 if (ide_init_drive(&bus->ifs[i], dinfo->bdrv, NULL,
2790 *dinfo->serial ? dinfo->serial : NULL) < 0) {
2791 error_report("Can't set up IDE drive %s", dinfo->id);
2792 exit(1);
2793 }
2794 } else {
2795 ide_reset(&bus->ifs[i]);
2796 }
2797 }
2798 bus->irq = irq;
2799 bus->dma = &ide_dma_nop;
2800 }
2801
2802 void ide_init_ioport(IDEBus *bus, int iobase, int iobase2)
2803 {
2804 register_ioport_write(iobase, 8, 1, ide_ioport_write, bus);
2805 register_ioport_read(iobase, 8, 1, ide_ioport_read, bus);
2806 if (iobase2) {
2807 register_ioport_read(iobase2, 1, 1, ide_status_read, bus);
2808 register_ioport_write(iobase2, 1, 1, ide_cmd_write, bus);
2809 }
2810
2811 /* data ports */
2812 register_ioport_write(iobase, 2, 2, ide_data_writew, bus);
2813 register_ioport_read(iobase, 2, 2, ide_data_readw, bus);
2814 register_ioport_write(iobase, 4, 4, ide_data_writel, bus);
2815 register_ioport_read(iobase, 4, 4, ide_data_readl, bus);
2816 }
2817
2818 static bool is_identify_set(void *opaque, int version_id)
2819 {
2820 IDEState *s = opaque;
2821
2822 return s->identify_set != 0;
2823 }
2824
2825 static EndTransferFunc* transfer_end_table[] = {
2826 ide_sector_read,
2827 ide_sector_write,
2828 ide_transfer_stop,
2829 ide_atapi_cmd_reply_end,
2830 ide_atapi_cmd,
2831 ide_dummy_transfer_stop,
2832 };
2833
2834 static int transfer_end_table_idx(EndTransferFunc *fn)
2835 {
2836 int i;
2837
2838 for (i = 0; i < ARRAY_SIZE(transfer_end_table); i++)
2839 if (transfer_end_table[i] == fn)
2840 return i;
2841
2842 return -1;
2843 }
2844
2845 static int ide_drive_post_load(void *opaque, int version_id)
2846 {
2847 IDEState *s = opaque;
2848
2849 if (version_id < 3) {
2850 if (s->sense_key == SENSE_UNIT_ATTENTION &&
2851 s->asc == ASC_MEDIUM_MAY_HAVE_CHANGED) {
2852 s->cdrom_changed = 1;
2853 }
2854 }
2855 return 0;
2856 }
2857
2858 static int ide_drive_pio_post_load(void *opaque, int version_id)
2859 {
2860 IDEState *s = opaque;
2861
2862 if (s->end_transfer_fn_idx > ARRAY_SIZE(transfer_end_table)) {
2863 return -EINVAL;
2864 }
2865 s->end_transfer_func = transfer_end_table[s->end_transfer_fn_idx];
2866 s->data_ptr = s->io_buffer + s->cur_io_buffer_offset;
2867 s->data_end = s->data_ptr + s->cur_io_buffer_len;
2868
2869 return 0;
2870 }
2871
2872 static void ide_drive_pio_pre_save(void *opaque)
2873 {
2874 IDEState *s = opaque;
2875 int idx;
2876
2877 s->cur_io_buffer_offset = s->data_ptr - s->io_buffer;
2878 s->cur_io_buffer_len = s->data_end - s->data_ptr;
2879
2880 idx = transfer_end_table_idx(s->end_transfer_func);
2881 if (idx == -1) {
2882 fprintf(stderr, "%s: invalid end_transfer_func for DRQ_STAT\n",
2883 __func__);
2884 s->end_transfer_fn_idx = 2;
2885 } else {
2886 s->end_transfer_fn_idx = idx;
2887 }
2888 }
2889
2890 static bool ide_drive_pio_state_needed(void *opaque)
2891 {
2892 IDEState *s = opaque;
2893
2894 return (s->status & DRQ_STAT) != 0;
2895 }
2896
2897 static bool ide_atapi_gesn_needed(void *opaque)
2898 {
2899 IDEState *s = opaque;
2900
2901 return s->events.new_media || s->events.eject_request;
2902 }
2903
2904 /* Fields for GET_EVENT_STATUS_NOTIFICATION ATAPI command */
2905 const VMStateDescription vmstate_ide_atapi_gesn_state = {
2906 .name ="ide_drive/atapi/gesn_state",
2907 .version_id = 1,
2908 .minimum_version_id = 1,
2909 .minimum_version_id_old = 1,
2910 .fields = (VMStateField []) {
2911 VMSTATE_BOOL(events.new_media, IDEState),
2912 VMSTATE_BOOL(events.eject_request, IDEState),
2913 }
2914 };
2915
2916 const VMStateDescription vmstate_ide_drive_pio_state = {
2917 .name = "ide_drive/pio_state",
2918 .version_id = 1,
2919 .minimum_version_id = 1,
2920 .minimum_version_id_old = 1,
2921 .pre_save = ide_drive_pio_pre_save,
2922 .post_load = ide_drive_pio_post_load,
2923 .fields = (VMStateField []) {
2924 VMSTATE_INT32(req_nb_sectors, IDEState),
2925 VMSTATE_VARRAY_INT32(io_buffer, IDEState, io_buffer_total_len, 1,
2926 vmstate_info_uint8, uint8_t),
2927 VMSTATE_INT32(cur_io_buffer_offset, IDEState),
2928 VMSTATE_INT32(cur_io_buffer_len, IDEState),
2929 VMSTATE_UINT8(end_transfer_fn_idx, IDEState),
2930 VMSTATE_INT32(elementary_transfer_size, IDEState),
2931 VMSTATE_INT32(packet_transfer_size, IDEState),
2932 VMSTATE_END_OF_LIST()
2933 }
2934 };
2935
2936 const VMStateDescription vmstate_ide_drive = {
2937 .name = "ide_drive",
2938 .version_id = 3,
2939 .minimum_version_id = 0,
2940 .minimum_version_id_old = 0,
2941 .post_load = ide_drive_post_load,
2942 .fields = (VMStateField []) {
2943 VMSTATE_INT32(mult_sectors, IDEState),
2944 VMSTATE_INT32(identify_set, IDEState),
2945 VMSTATE_BUFFER_TEST(identify_data, IDEState, is_identify_set),
2946 VMSTATE_UINT8(feature, IDEState),
2947 VMSTATE_UINT8(error, IDEState),
2948 VMSTATE_UINT32(nsector, IDEState),
2949 VMSTATE_UINT8(sector, IDEState),
2950 VMSTATE_UINT8(lcyl, IDEState),
2951 VMSTATE_UINT8(hcyl, IDEState),
2952 VMSTATE_UINT8(hob_feature, IDEState),
2953 VMSTATE_UINT8(hob_sector, IDEState),
2954 VMSTATE_UINT8(hob_nsector, IDEState),
2955 VMSTATE_UINT8(hob_lcyl, IDEState),
2956 VMSTATE_UINT8(hob_hcyl, IDEState),
2957 VMSTATE_UINT8(select, IDEState),
2958 VMSTATE_UINT8(status, IDEState),
2959 VMSTATE_UINT8(lba48, IDEState),
2960 VMSTATE_UINT8(sense_key, IDEState),
2961 VMSTATE_UINT8(asc, IDEState),
2962 VMSTATE_UINT8_V(cdrom_changed, IDEState, 3),
2963 VMSTATE_END_OF_LIST()
2964 },
2965 .subsections = (VMStateSubsection []) {
2966 {
2967 .vmsd = &vmstate_ide_drive_pio_state,
2968 .needed = ide_drive_pio_state_needed,
2969 }, {
2970 .vmsd = &vmstate_ide_atapi_gesn_state,
2971 .needed = ide_atapi_gesn_needed,
2972 }, {
2973 /* empty */
2974 }
2975 }
2976 };
2977
2978 const VMStateDescription vmstate_ide_bus = {
2979 .name = "ide_bus",
2980 .version_id = 1,
2981 .minimum_version_id = 1,
2982 .minimum_version_id_old = 1,
2983 .fields = (VMStateField []) {
2984 VMSTATE_UINT8(cmd, IDEBus),
2985 VMSTATE_UINT8(unit, IDEBus),
2986 VMSTATE_END_OF_LIST()
2987 }
2988 };
2989
2990 void ide_drive_get(DriveInfo **hd, int max_bus)
2991 {
2992 int i;
2993
2994 if (drive_get_max_bus(IF_IDE) >= max_bus) {
2995 fprintf(stderr, "qemu: too many IDE bus: %d\n", max_bus);
2996 exit(1);
2997 }
2998
2999 for(i = 0; i < max_bus * MAX_IDE_DEVS; i++) {
3000 hd[i] = drive_get(IF_IDE, i / MAX_IDE_DEVS, i % MAX_IDE_DEVS);
3001 }
3002 }
AR7 emulation for QEMU