search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Clear BD slot on next exception if appropriate.
[qemu/dscho.git] / hw / ide.c
blob1417e2898808788a0267e08b36d3cfb3a11f0e20
1 /*
2 * QEMU IDE disk and CD-ROM Emulator
3 *
4 * Copyright (c) 2003 Fabrice Bellard
5 * Copyright (c) 2006 Openedhand Ltd.
6 *
7 * Permission is hereby granted, free of charge, to any person obtaining a copy
8 * of this software and associated documentation files (the "Software"), to deal
9 * in the Software without restriction, including without limitation the rights
10 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
11 * copies of the Software, and to permit persons to whom the Software is
12 * furnished to do so, subject to the following conditions:
13 *
14 * The above copyright notice and this permission notice shall be included in
15 * all copies or substantial portions of the Software.
16 *
17 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
18 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
19 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
20 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
21 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
22 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
23 * THE SOFTWARE.
24 */
25 #include "vl.h"
26
27 /* debug IDE devices */
28 //#define DEBUG_IDE
29 //#define DEBUG_IDE_ATAPI
30 //#define DEBUG_AIO
31 #define USE_DMA_CDROM
32
33 /* Bits of HD_STATUS */
34 #define ERR_STAT 0x01
35 #define INDEX_STAT 0x02
36 #define ECC_STAT 0x04 /* Corrected error */
37 #define DRQ_STAT 0x08
38 #define SEEK_STAT 0x10
39 #define SRV_STAT 0x10
40 #define WRERR_STAT 0x20
41 #define READY_STAT 0x40
42 #define BUSY_STAT 0x80
43
44 /* Bits for HD_ERROR */
45 #define MARK_ERR 0x01 /* Bad address mark */
46 #define TRK0_ERR 0x02 /* couldn't find track 0 */
47 #define ABRT_ERR 0x04 /* Command aborted */
48 #define MCR_ERR 0x08 /* media change request */
49 #define ID_ERR 0x10 /* ID field not found */
50 #define MC_ERR 0x20 /* media changed */
51 #define ECC_ERR 0x40 /* Uncorrectable ECC error */
52 #define BBD_ERR 0x80 /* pre-EIDE meaning: block marked bad */
53 #define ICRC_ERR 0x80 /* new meaning: CRC error during transfer */
54
55 /* Bits of HD_NSECTOR */
56 #define CD 0x01
57 #define IO 0x02
58 #define REL 0x04
59 #define TAG_MASK 0xf8
60
61 #define IDE_CMD_RESET 0x04
62 #define IDE_CMD_DISABLE_IRQ 0x02
63
64 /* ATA/ATAPI Commands pre T13 Spec */
65 #define WIN_NOP 0x00
66 /*
67 * 0x01->0x02 Reserved
68 */
69 #define CFA_REQ_EXT_ERROR_CODE 0x03 /* CFA Request Extended Error Code */
70 /*
71 * 0x04->0x07 Reserved
72 */
73 #define WIN_SRST 0x08 /* ATAPI soft reset command */
74 #define WIN_DEVICE_RESET 0x08
75 /*
76 * 0x09->0x0F Reserved
77 */
78 #define WIN_RECAL 0x10
79 #define WIN_RESTORE WIN_RECAL
80 /*
81 * 0x10->0x1F Reserved
82 */
83 #define WIN_READ 0x20 /* 28-Bit */
84 #define WIN_READ_ONCE 0x21 /* 28-Bit without retries */
85 #define WIN_READ_LONG 0x22 /* 28-Bit */
86 #define WIN_READ_LONG_ONCE 0x23 /* 28-Bit without retries */
87 #define WIN_READ_EXT 0x24 /* 48-Bit */
88 #define WIN_READDMA_EXT 0x25 /* 48-Bit */
89 #define WIN_READDMA_QUEUED_EXT 0x26 /* 48-Bit */
90 #define WIN_READ_NATIVE_MAX_EXT 0x27 /* 48-Bit */
91 /*
92 * 0x28
93 */
94 #define WIN_MULTREAD_EXT 0x29 /* 48-Bit */
95 /*
96 * 0x2A->0x2F Reserved
97 */
98 #define WIN_WRITE 0x30 /* 28-Bit */
99 #define WIN_WRITE_ONCE 0x31 /* 28-Bit without retries */
100 #define WIN_WRITE_LONG 0x32 /* 28-Bit */
101 #define WIN_WRITE_LONG_ONCE 0x33 /* 28-Bit without retries */
102 #define WIN_WRITE_EXT 0x34 /* 48-Bit */
103 #define WIN_WRITEDMA_EXT 0x35 /* 48-Bit */
104 #define WIN_WRITEDMA_QUEUED_EXT 0x36 /* 48-Bit */
105 #define WIN_SET_MAX_EXT 0x37 /* 48-Bit */
106 #define CFA_WRITE_SECT_WO_ERASE 0x38 /* CFA Write Sectors without erase */
107 #define WIN_MULTWRITE_EXT 0x39 /* 48-Bit */
108 /*
109 * 0x3A->0x3B Reserved
110 */
111 #define WIN_WRITE_VERIFY 0x3C /* 28-Bit */
112 /*
113 * 0x3D->0x3F Reserved
114 */
115 #define WIN_VERIFY 0x40 /* 28-Bit - Read Verify Sectors */
116 #define WIN_VERIFY_ONCE 0x41 /* 28-Bit - without retries */
117 #define WIN_VERIFY_EXT 0x42 /* 48-Bit */
118 /*
119 * 0x43->0x4F Reserved
120 */
121 #define WIN_FORMAT 0x50
122 /*
123 * 0x51->0x5F Reserved
124 */
125 #define WIN_INIT 0x60
126 /*
127 * 0x61->0x5F Reserved
128 */
129 #define WIN_SEEK 0x70 /* 0x70-0x7F Reserved */
130 #define CFA_TRANSLATE_SECTOR 0x87 /* CFA Translate Sector */
131 #define WIN_DIAGNOSE 0x90
132 #define WIN_SPECIFY 0x91 /* set drive geometry translation */
133 #define WIN_DOWNLOAD_MICROCODE 0x92
134 #define WIN_STANDBYNOW2 0x94
135 #define CFA_IDLEIMMEDIATE 0x95 /* force drive to become "ready" */
136 #define WIN_STANDBY2 0x96
137 #define WIN_SETIDLE2 0x97
138 #define WIN_CHECKPOWERMODE2 0x98
139 #define WIN_SLEEPNOW2 0x99
140 /*
141 * 0x9A VENDOR
142 */
143 #define WIN_PACKETCMD 0xA0 /* Send a packet command. */
144 #define WIN_PIDENTIFY 0xA1 /* identify ATAPI device */
145 #define WIN_QUEUED_SERVICE 0xA2
146 #define WIN_SMART 0xB0 /* self-monitoring and reporting */
147 #define CFA_ACCESS_METADATA_STORAGE 0xB8
148 #define CFA_ERASE_SECTORS 0xC0 /* microdrives implement as NOP */
149 #define WIN_MULTREAD 0xC4 /* read sectors using multiple mode*/
150 #define WIN_MULTWRITE 0xC5 /* write sectors using multiple mode */
151 #define WIN_SETMULT 0xC6 /* enable/disable multiple mode */
152 #define WIN_READDMA_QUEUED 0xC7 /* read sectors using Queued DMA transfers */
153 #define WIN_READDMA 0xC8 /* read sectors using DMA transfers */
154 #define WIN_READDMA_ONCE 0xC9 /* 28-Bit - without retries */
155 #define WIN_WRITEDMA 0xCA /* write sectors using DMA transfers */
156 #define WIN_WRITEDMA_ONCE 0xCB /* 28-Bit - without retries */
157 #define WIN_WRITEDMA_QUEUED 0xCC /* write sectors using Queued DMA transfers */
158 #define CFA_WRITE_MULTI_WO_ERASE 0xCD /* CFA Write multiple without erase */
159 #define WIN_GETMEDIASTATUS 0xDA
160 #define WIN_ACKMEDIACHANGE 0xDB /* ATA-1, ATA-2 vendor */
161 #define WIN_POSTBOOT 0xDC
162 #define WIN_PREBOOT 0xDD
163 #define WIN_DOORLOCK 0xDE /* lock door on removable drives */
164 #define WIN_DOORUNLOCK 0xDF /* unlock door on removable drives */
165 #define WIN_STANDBYNOW1 0xE0
166 #define WIN_IDLEIMMEDIATE 0xE1 /* force drive to become "ready" */
167 #define WIN_STANDBY 0xE2 /* Set device in Standby Mode */
168 #define WIN_SETIDLE1 0xE3
169 #define WIN_READ_BUFFER 0xE4 /* force read only 1 sector */
170 #define WIN_CHECKPOWERMODE1 0xE5
171 #define WIN_SLEEPNOW1 0xE6
172 #define WIN_FLUSH_CACHE 0xE7
173 #define WIN_WRITE_BUFFER 0xE8 /* force write only 1 sector */
174 #define WIN_WRITE_SAME 0xE9 /* read ata-2 to use */
175 /* SET_FEATURES 0x22 or 0xDD */
176 #define WIN_FLUSH_CACHE_EXT 0xEA /* 48-Bit */
177 #define WIN_IDENTIFY 0xEC /* ask drive to identify itself */
178 #define WIN_MEDIAEJECT 0xED
179 #define WIN_IDENTIFY_DMA 0xEE /* same as WIN_IDENTIFY, but DMA */
180 #define WIN_SETFEATURES 0xEF /* set special drive features */
181 #define EXABYTE_ENABLE_NEST 0xF0
182 #define IBM_SENSE_CONDITION 0xF0 /* measure disk temperature */
183 #define WIN_SECURITY_SET_PASS 0xF1
184 #define WIN_SECURITY_UNLOCK 0xF2
185 #define WIN_SECURITY_ERASE_PREPARE 0xF3
186 #define WIN_SECURITY_ERASE_UNIT 0xF4
187 #define WIN_SECURITY_FREEZE_LOCK 0xF5
188 #define CFA_WEAR_LEVEL 0xF5 /* microdrives implement as NOP */
189 #define WIN_SECURITY_DISABLE 0xF6
190 #define WIN_READ_NATIVE_MAX 0xF8 /* return the native maximum address */
191 #define WIN_SET_MAX 0xF9
192 #define DISABLE_SEAGATE 0xFB
193
194 /* set to 1 set disable mult support */
195 #define MAX_MULT_SECTORS 16
196
197 /* ATAPI defines */
198
199 #define ATAPI_PACKET_SIZE 12
200
201 /* The generic packet command opcodes for CD/DVD Logical Units,
202 * From Table 57 of the SFF8090 Ver. 3 (Mt. Fuji) draft standard. */
203 #define GPCMD_BLANK 0xa1
204 #define GPCMD_CLOSE_TRACK 0x5b
205 #define GPCMD_FLUSH_CACHE 0x35
206 #define GPCMD_FORMAT_UNIT 0x04
207 #define GPCMD_GET_CONFIGURATION 0x46
208 #define GPCMD_GET_EVENT_STATUS_NOTIFICATION 0x4a
209 #define GPCMD_GET_PERFORMANCE 0xac
210 #define GPCMD_INQUIRY 0x12
211 #define GPCMD_LOAD_UNLOAD 0xa6
212 #define GPCMD_MECHANISM_STATUS 0xbd
213 #define GPCMD_MODE_SELECT_10 0x55
214 #define GPCMD_MODE_SENSE_10 0x5a
215 #define GPCMD_PAUSE_RESUME 0x4b
216 #define GPCMD_PLAY_AUDIO_10 0x45
217 #define GPCMD_PLAY_AUDIO_MSF 0x47
218 #define GPCMD_PLAY_AUDIO_TI 0x48
219 #define GPCMD_PLAY_CD 0xbc
220 #define GPCMD_PREVENT_ALLOW_MEDIUM_REMOVAL 0x1e
221 #define GPCMD_READ_10 0x28
222 #define GPCMD_READ_12 0xa8
223 #define GPCMD_READ_CDVD_CAPACITY 0x25
224 #define GPCMD_READ_CD 0xbe
225 #define GPCMD_READ_CD_MSF 0xb9
226 #define GPCMD_READ_DISC_INFO 0x51
227 #define GPCMD_READ_DVD_STRUCTURE 0xad
228 #define GPCMD_READ_FORMAT_CAPACITIES 0x23
229 #define GPCMD_READ_HEADER 0x44
230 #define GPCMD_READ_TRACK_RZONE_INFO 0x52
231 #define GPCMD_READ_SUBCHANNEL 0x42
232 #define GPCMD_READ_TOC_PMA_ATIP 0x43
233 #define GPCMD_REPAIR_RZONE_TRACK 0x58
234 #define GPCMD_REPORT_KEY 0xa4
235 #define GPCMD_REQUEST_SENSE 0x03
236 #define GPCMD_RESERVE_RZONE_TRACK 0x53
237 #define GPCMD_SCAN 0xba
238 #define GPCMD_SEEK 0x2b
239 #define GPCMD_SEND_DVD_STRUCTURE 0xad
240 #define GPCMD_SEND_EVENT 0xa2
241 #define GPCMD_SEND_KEY 0xa3
242 #define GPCMD_SEND_OPC 0x54
243 #define GPCMD_SET_READ_AHEAD 0xa7
244 #define GPCMD_SET_STREAMING 0xb6
245 #define GPCMD_START_STOP_UNIT 0x1b
246 #define GPCMD_STOP_PLAY_SCAN 0x4e
247 #define GPCMD_TEST_UNIT_READY 0x00
248 #define GPCMD_VERIFY_10 0x2f
249 #define GPCMD_WRITE_10 0x2a
250 #define GPCMD_WRITE_AND_VERIFY_10 0x2e
251 /* This is listed as optional in ATAPI 2.6, but is (curiously)
252 * missing from Mt. Fuji, Table 57. It _is_ mentioned in Mt. Fuji
253 * Table 377 as an MMC command for SCSi devices though... Most ATAPI
254 * drives support it. */
255 #define GPCMD_SET_SPEED 0xbb
256 /* This seems to be a SCSI specific CD-ROM opcode
257 * to play data at track/index */
258 #define GPCMD_PLAYAUDIO_TI 0x48
259 /*
260 * From MS Media Status Notification Support Specification. For
261 * older drives only.
262 */
263 #define GPCMD_GET_MEDIA_STATUS 0xda
264
265 /* Mode page codes for mode sense/set */
266 #define GPMODE_R_W_ERROR_PAGE 0x01
267 #define GPMODE_WRITE_PARMS_PAGE 0x05
268 #define GPMODE_AUDIO_CTL_PAGE 0x0e
269 #define GPMODE_POWER_PAGE 0x1a
270 #define GPMODE_FAULT_FAIL_PAGE 0x1c
271 #define GPMODE_TO_PROTECT_PAGE 0x1d
272 #define GPMODE_CAPABILITIES_PAGE 0x2a
273 #define GPMODE_ALL_PAGES 0x3f
274 /* Not in Mt. Fuji, but in ATAPI 2.6 -- depricated now in favor
275 * of MODE_SENSE_POWER_PAGE */
276 #define GPMODE_CDROM_PAGE 0x0d
277
278 #define ATAPI_INT_REASON_CD 0x01 /* 0 = data transfer */
279 #define ATAPI_INT_REASON_IO 0x02 /* 1 = transfer to the host */
280 #define ATAPI_INT_REASON_REL 0x04
281 #define ATAPI_INT_REASON_TAG 0xf8
282
283 /* same constants as bochs */
284 #define ASC_ILLEGAL_OPCODE 0x20
285 #define ASC_LOGICAL_BLOCK_OOR 0x21
286 #define ASC_INV_FIELD_IN_CMD_PACKET 0x24
287 #define ASC_MEDIUM_NOT_PRESENT 0x3a
288 #define ASC_SAVING_PARAMETERS_NOT_SUPPORTED 0x39
289
290 #define CFA_NO_ERROR 0x00
291 #define CFA_MISC_ERROR 0x09
292 #define CFA_INVALID_COMMAND 0x20
293 #define CFA_INVALID_ADDRESS 0x21
294 #define CFA_ADDRESS_OVERFLOW 0x2f
295
296 #define SENSE_NONE 0
297 #define SENSE_NOT_READY 2
298 #define SENSE_ILLEGAL_REQUEST 5
299 #define SENSE_UNIT_ATTENTION 6
300
301 struct IDEState;
302
303 typedef void EndTransferFunc(struct IDEState *);
304
305 /* NOTE: IDEState represents in fact one drive */
306 typedef struct IDEState {
307 /* ide config */
308 int is_cdrom;
309 int is_cf;
310 int cylinders, heads, sectors;
311 int64_t nb_sectors;
312 int mult_sectors;
313 int identify_set;
314 uint16_t identify_data[256];
315 qemu_irq irq;
316 PCIDevice *pci_dev;
317 struct BMDMAState *bmdma;
318 int drive_serial;
319 /* ide regs */
320 uint8_t feature;
321 uint8_t error;
322 uint32_t nsector;
323 uint8_t sector;
324 uint8_t lcyl;
325 uint8_t hcyl;
326 /* other part of tf for lba48 support */
327 uint8_t hob_feature;
328 uint8_t hob_nsector;
329 uint8_t hob_sector;
330 uint8_t hob_lcyl;
331 uint8_t hob_hcyl;
332
333 uint8_t select;
334 uint8_t status;
335
336 /* 0x3f6 command, only meaningful for drive 0 */
337 uint8_t cmd;
338 /* set for lba48 access */
339 uint8_t lba48;
340 /* depends on bit 4 in select, only meaningful for drive 0 */
341 struct IDEState *cur_drive;
342 BlockDriverState *bs;
343 /* ATAPI specific */
344 uint8_t sense_key;
345 uint8_t asc;
346 int packet_transfer_size;
347 int elementary_transfer_size;
348 int io_buffer_index;
349 int lba;
350 int cd_sector_size;
351 int atapi_dma; /* true if dma is requested for the packet cmd */
352 /* ATA DMA state */
353 int io_buffer_size;
354 /* PIO transfer handling */
355 int req_nb_sectors; /* number of sectors per interrupt */
356 EndTransferFunc *end_transfer_func;
357 uint8_t *data_ptr;
358 uint8_t *data_end;
359 uint8_t io_buffer[MAX_MULT_SECTORS*512 + 4];
360 QEMUTimer *sector_write_timer; /* only used for win2k instal hack */
361 uint32_t irq_count; /* counts IRQs when using win2k install hack */
362 /* CF-ATA extended error */
363 uint8_t ext_error;
364 /* CF-ATA metadata storage */
365 uint32_t mdata_size;
366 uint8_t *mdata_storage;
367 int media_changed;
368 } IDEState;
369
370 #define BM_STATUS_DMAING 0x01
371 #define BM_STATUS_ERROR 0x02
372 #define BM_STATUS_INT 0x04
373
374 #define BM_CMD_START 0x01
375 #define BM_CMD_READ 0x08
376
377 #define IDE_TYPE_PIIX3 0
378 #define IDE_TYPE_CMD646 1
379
380 /* CMD646 specific */
381 #define MRDMODE 0x71
382 #define MRDMODE_INTR_CH0 0x04
383 #define MRDMODE_INTR_CH1 0x08
384 #define MRDMODE_BLK_CH0 0x10
385 #define MRDMODE_BLK_CH1 0x20
386 #define UDIDETCR0 0x73
387 #define UDIDETCR1 0x7B
388
389 typedef struct BMDMAState {
390 uint8_t cmd;
391 uint8_t status;
392 uint32_t addr;
393
394 struct PCIIDEState *pci_dev;
395 /* current transfer state */
396 uint32_t cur_addr;
397 uint32_t cur_prd_last;
398 uint32_t cur_prd_addr;
399 uint32_t cur_prd_len;
400 IDEState *ide_if;
401 BlockDriverCompletionFunc *dma_cb;
402 BlockDriverAIOCB *aiocb;
403 } BMDMAState;
404
405 typedef struct PCIIDEState {
406 PCIDevice dev;
407 IDEState ide_if[4];
408 BMDMAState bmdma[2];
409 int type; /* see IDE_TYPE_xxx */
410 } PCIIDEState;
411
412 static void ide_dma_start(IDEState *s, BlockDriverCompletionFunc *dma_cb);
413 static void ide_atapi_cmd_read_dma_cb(void *opaque, int ret);
414
415 static void padstr(char *str, const char *src, int len)
416 {
417 int i, v;
418 for(i = 0; i < len; i++) {
419 if (*src)
420 v = *src++;
421 else
422 v = ' ';
423 *(char *)((long)str ^ 1) = v;
424 str++;
425 }
426 }
427
428 static void padstr8(uint8_t *buf, int buf_size, const char *src)
429 {
430 int i;
431 for(i = 0; i < buf_size; i++) {
432 if (*src)
433 buf[i] = *src++;
434 else
435 buf[i] = ' ';
436 }
437 }
438
439 static void put_le16(uint16_t *p, unsigned int v)
440 {
441 *p = cpu_to_le16(v);
442 }
443
444 static void ide_identify(IDEState *s)
445 {
446 uint16_t *p;
447 unsigned int oldsize;
448 char buf[20];
449
450 if (s->identify_set) {
451 memcpy(s->io_buffer, s->identify_data, sizeof(s->identify_data));
452 return;
453 }
454
455 memset(s->io_buffer, 0, 512);
456 p = (uint16_t *)s->io_buffer;
457 put_le16(p + 0, 0x0040);
458 put_le16(p + 1, s->cylinders);
459 put_le16(p + 3, s->heads);
460 put_le16(p + 4, 512 * s->sectors); /* XXX: retired, remove ? */
461 put_le16(p + 5, 512); /* XXX: retired, remove ? */
462 put_le16(p + 6, s->sectors);
463 snprintf(buf, sizeof(buf), "QM%05d", s->drive_serial);
464 padstr((uint8_t *)(p + 10), buf, 20); /* serial number */
465 put_le16(p + 20, 3); /* XXX: retired, remove ? */
466 put_le16(p + 21, 512); /* cache size in sectors */
467 put_le16(p + 22, 4); /* ecc bytes */
468 padstr((uint8_t *)(p + 23), QEMU_VERSION, 8); /* firmware version */
469 padstr((uint8_t *)(p + 27), "QEMU HARDDISK", 40); /* model */
470 #if MAX_MULT_SECTORS > 1
471 put_le16(p + 47, 0x8000 | MAX_MULT_SECTORS);
472 #endif
473 put_le16(p + 48, 1); /* dword I/O */
474 put_le16(p + 49, (1 << 11) | (1 << 9) | (1 << 8)); /* DMA and LBA supported */
475 put_le16(p + 51, 0x200); /* PIO transfer cycle */
476 put_le16(p + 52, 0x200); /* DMA transfer cycle */
477 put_le16(p + 53, 1 | (1 << 1) | (1 << 2)); /* words 54-58,64-70,88 are valid */
478 put_le16(p + 54, s->cylinders);
479 put_le16(p + 55, s->heads);
480 put_le16(p + 56, s->sectors);
481 oldsize = s->cylinders * s->heads * s->sectors;
482 put_le16(p + 57, oldsize);
483 put_le16(p + 58, oldsize >> 16);
484 if (s->mult_sectors)
485 put_le16(p + 59, 0x100 | s->mult_sectors);
486 put_le16(p + 60, s->nb_sectors);
487 put_le16(p + 61, s->nb_sectors >> 16);
488 put_le16(p + 63, 0x07); /* mdma0-2 supported */
489 put_le16(p + 65, 120);
490 put_le16(p + 66, 120);
491 put_le16(p + 67, 120);
492 put_le16(p + 68, 120);
493 put_le16(p + 80, 0xf0); /* ata3 -> ata6 supported */
494 put_le16(p + 81, 0x16); /* conforms to ata5 */
495 put_le16(p + 82, (1 << 14));
496 /* 13=flush_cache_ext,12=flush_cache,10=lba48 */
497 put_le16(p + 83, (1 << 14) | (1 << 13) | (1 <<12) | (1 << 10));
498 put_le16(p + 84, (1 << 14));
499 put_le16(p + 85, (1 << 14));
500 /* 13=flush_cache_ext,12=flush_cache,10=lba48 */
501 put_le16(p + 86, (1 << 14) | (1 << 13) | (1 <<12) | (1 << 10));
502 put_le16(p + 87, (1 << 14));
503 put_le16(p + 88, 0x3f | (1 << 13)); /* udma5 set and supported */
504 put_le16(p + 93, 1 | (1 << 14) | 0x2000);
505 put_le16(p + 100, s->nb_sectors);
506 put_le16(p + 101, s->nb_sectors >> 16);
507 put_le16(p + 102, s->nb_sectors >> 32);
508 put_le16(p + 103, s->nb_sectors >> 48);
509
510 memcpy(s->identify_data, p, sizeof(s->identify_data));
511 s->identify_set = 1;
512 }
513
514 static void ide_atapi_identify(IDEState *s)
515 {
516 uint16_t *p;
517 char buf[20];
518
519 if (s->identify_set) {
520 memcpy(s->io_buffer, s->identify_data, sizeof(s->identify_data));
521 return;
522 }
523
524 memset(s->io_buffer, 0, 512);
525 p = (uint16_t *)s->io_buffer;
526 /* Removable CDROM, 50us response, 12 byte packets */
527 put_le16(p + 0, (2 << 14) | (5 << 8) | (1 << 7) | (2 << 5) | (0 << 0));
528 snprintf(buf, sizeof(buf), "QM%05d", s->drive_serial);
529 padstr((uint8_t *)(p + 10), buf, 20); /* serial number */
530 put_le16(p + 20, 3); /* buffer type */
531 put_le16(p + 21, 512); /* cache size in sectors */
532 put_le16(p + 22, 4); /* ecc bytes */
533 padstr((uint8_t *)(p + 23), QEMU_VERSION, 8); /* firmware version */
534 padstr((uint8_t *)(p + 27), "QEMU CD-ROM", 40); /* model */
535 put_le16(p + 48, 1); /* dword I/O (XXX: should not be set on CDROM) */
536 #ifdef USE_DMA_CDROM
537 put_le16(p + 49, 1 << 9 | 1 << 8); /* DMA and LBA supported */
538 put_le16(p + 53, 7); /* words 64-70, 54-58, 88 valid */
539 put_le16(p + 63, 7); /* mdma0-2 supported */
540 put_le16(p + 64, 0x3f); /* PIO modes supported */
541 #else
542 put_le16(p + 49, 1 << 9); /* LBA supported, no DMA */
543 put_le16(p + 53, 3); /* words 64-70, 54-58 valid */
544 put_le16(p + 63, 0x103); /* DMA modes XXX: may be incorrect */
545 put_le16(p + 64, 1); /* PIO modes */
546 #endif
547 put_le16(p + 65, 0xb4); /* minimum DMA multiword tx cycle time */
548 put_le16(p + 66, 0xb4); /* recommended DMA multiword tx cycle time */
549 put_le16(p + 67, 0x12c); /* minimum PIO cycle time without flow control */
550 put_le16(p + 68, 0xb4); /* minimum PIO cycle time with IORDY flow control */
551
552 put_le16(p + 71, 30); /* in ns */
553 put_le16(p + 72, 30); /* in ns */
554
555 put_le16(p + 80, 0x1e); /* support up to ATA/ATAPI-4 */
556 #ifdef USE_DMA_CDROM
557 put_le16(p + 88, 0x3f | (1 << 13)); /* udma5 set and supported */
558 #endif
559 memcpy(s->identify_data, p, sizeof(s->identify_data));
560 s->identify_set = 1;
561 }
562
563 static void ide_cfata_identify(IDEState *s)
564 {
565 uint16_t *p;
566 uint32_t cur_sec;
567 char buf[20];
568
569 p = (uint16_t *) s->identify_data;
570 if (s->identify_set)
571 goto fill_buffer;
572
573 memset(p, 0, sizeof(s->identify_data));
574
575 cur_sec = s->cylinders * s->heads * s->sectors;
576
577 put_le16(p + 0, 0x848a); /* CF Storage Card signature */
578 put_le16(p + 1, s->cylinders); /* Default cylinders */
579 put_le16(p + 3, s->heads); /* Default heads */
580 put_le16(p + 6, s->sectors); /* Default sectors per track */
581 put_le16(p + 7, s->nb_sectors >> 16); /* Sectors per card */
582 put_le16(p + 8, s->nb_sectors); /* Sectors per card */
583 snprintf(buf, sizeof(buf), "QM%05d", s->drive_serial);
584 padstr((uint8_t *)(p + 10), buf, 20); /* Serial number in ASCII */
585 put_le16(p + 22, 0x0004); /* ECC bytes */
586 padstr((uint8_t *) (p + 23), QEMU_VERSION, 8); /* Firmware Revision */
587 padstr((uint8_t *) (p + 27), "QEMU MICRODRIVE", 40);/* Model number */
588 #if MAX_MULT_SECTORS > 1
589 put_le16(p + 47, 0x8000 | MAX_MULT_SECTORS);
590 #else
591 put_le16(p + 47, 0x0000);
592 #endif
593 put_le16(p + 49, 0x0f00); /* Capabilities */
594 put_le16(p + 51, 0x0002); /* PIO cycle timing mode */
595 put_le16(p + 52, 0x0001); /* DMA cycle timing mode */
596 put_le16(p + 53, 0x0003); /* Translation params valid */
597 put_le16(p + 54, s->cylinders); /* Current cylinders */
598 put_le16(p + 55, s->heads); /* Current heads */
599 put_le16(p + 56, s->sectors); /* Current sectors */
600 put_le16(p + 57, cur_sec); /* Current capacity */
601 put_le16(p + 58, cur_sec >> 16); /* Current capacity */
602 if (s->mult_sectors) /* Multiple sector setting */
603 put_le16(p + 59, 0x100 | s->mult_sectors);
604 put_le16(p + 60, s->nb_sectors); /* Total LBA sectors */
605 put_le16(p + 61, s->nb_sectors >> 16); /* Total LBA sectors */
606 put_le16(p + 63, 0x0203); /* Multiword DMA capability */
607 put_le16(p + 64, 0x0001); /* Flow Control PIO support */
608 put_le16(p + 65, 0x0096); /* Min. Multiword DMA cycle */
609 put_le16(p + 66, 0x0096); /* Rec. Multiword DMA cycle */
610 put_le16(p + 68, 0x00b4); /* Min. PIO cycle time */
611 put_le16(p + 82, 0x400c); /* Command Set supported */
612 put_le16(p + 83, 0x7068); /* Command Set supported */
613 put_le16(p + 84, 0x4000); /* Features supported */
614 put_le16(p + 85, 0x000c); /* Command Set enabled */
615 put_le16(p + 86, 0x7044); /* Command Set enabled */
616 put_le16(p + 87, 0x4000); /* Features enabled */
617 put_le16(p + 91, 0x4060); /* Current APM level */
618 put_le16(p + 129, 0x0002); /* Current features option */
619 put_le16(p + 130, 0x0005); /* Reassigned sectors */
620 put_le16(p + 131, 0x0001); /* Initial power mode */
621 put_le16(p + 132, 0x0000); /* User signature */
622 put_le16(p + 160, 0x8100); /* Power requirement */
623 put_le16(p + 161, 0x8001); /* CF command set */
624
625 s->identify_set = 1;
626
627 fill_buffer:
628 memcpy(s->io_buffer, p, sizeof(s->identify_data));
629 }
630
631 static void ide_set_signature(IDEState *s)
632 {
633 s->select &= 0xf0; /* clear head */
634 /* put signature */
635 s->nsector = 1;
636 s->sector = 1;
637 if (s->is_cdrom) {
638 s->lcyl = 0x14;
639 s->hcyl = 0xeb;
640 } else if (s->bs) {
641 s->lcyl = 0;
642 s->hcyl = 0;
643 } else {
644 s->lcyl = 0xff;
645 s->hcyl = 0xff;
646 }
647 }
648
649 static inline void ide_abort_command(IDEState *s)
650 {
651 s->status = READY_STAT | ERR_STAT;
652 s->error = ABRT_ERR;
653 }
654
655 static inline void ide_set_irq(IDEState *s)
656 {
657 BMDMAState *bm = s->bmdma;
658 if (!(s->cmd & IDE_CMD_DISABLE_IRQ)) {
659 if (bm) {
660 bm->status |= BM_STATUS_INT;
661 }
662 qemu_irq_raise(s->irq);
663 }
664 }
665
666 /* prepare data transfer and tell what to do after */
667 static void ide_transfer_start(IDEState *s, uint8_t *buf, int size,
668 EndTransferFunc *end_transfer_func)
669 {
670 s->end_transfer_func = end_transfer_func;
671 s->data_ptr = buf;
672 s->data_end = buf + size;
673 s->status |= DRQ_STAT;
674 }
675
676 static void ide_transfer_stop(IDEState *s)
677 {
678 s->end_transfer_func = ide_transfer_stop;
679 s->data_ptr = s->io_buffer;
680 s->data_end = s->io_buffer;
681 s->status &= ~DRQ_STAT;
682 }
683
684 static int64_t ide_get_sector(IDEState *s)
685 {
686 int64_t sector_num;
687 if (s->select & 0x40) {
688 /* lba */
689 if (!s->lba48) {
690 sector_num = ((s->select & 0x0f) << 24) | (s->hcyl << 16) |
691 (s->lcyl << 8) | s->sector;
692 } else {
693 sector_num = ((int64_t)s->hob_hcyl << 40) |
694 ((int64_t) s->hob_lcyl << 32) |
695 ((int64_t) s->hob_sector << 24) |
696 ((int64_t) s->hcyl << 16) |
697 ((int64_t) s->lcyl << 8) | s->sector;
698 }
699 } else {
700 sector_num = ((s->hcyl << 8) | s->lcyl) * s->heads * s->sectors +
701 (s->select & 0x0f) * s->sectors + (s->sector - 1);
702 }
703 return sector_num;
704 }
705
706 static void ide_set_sector(IDEState *s, int64_t sector_num)
707 {
708 unsigned int cyl, r;
709 if (s->select & 0x40) {
710 if (!s->lba48) {
711 s->select = (s->select & 0xf0) | (sector_num >> 24);
712 s->hcyl = (sector_num >> 16);
713 s->lcyl = (sector_num >> 8);
714 s->sector = (sector_num);
715 } else {
716 s->sector = sector_num;
717 s->lcyl = sector_num >> 8;
718 s->hcyl = sector_num >> 16;
719 s->hob_sector = sector_num >> 24;
720 s->hob_lcyl = sector_num >> 32;
721 s->hob_hcyl = sector_num >> 40;
722 }
723 } else {
724 cyl = sector_num / (s->heads * s->sectors);
725 r = sector_num % (s->heads * s->sectors);
726 s->hcyl = cyl >> 8;
727 s->lcyl = cyl;
728 s->select = (s->select & 0xf0) | ((r / s->sectors) & 0x0f);
729 s->sector = (r % s->sectors) + 1;
730 }
731 }
732
733 static void ide_sector_read(IDEState *s)
734 {
735 int64_t sector_num;
736 int ret, n;
737
738 s->status = READY_STAT | SEEK_STAT;
739 s->error = 0; /* not needed by IDE spec, but needed by Windows */
740 sector_num = ide_get_sector(s);
741 n = s->nsector;
742 if (n == 0) {
743 /* no more sector to read from disk */
744 ide_transfer_stop(s);
745 } else {
746 #if defined(DEBUG_IDE)
747 printf("read sector=%Ld\n", sector_num);
748 #endif
749 if (n > s->req_nb_sectors)
750 n = s->req_nb_sectors;
751 ret = bdrv_read(s->bs, sector_num, s->io_buffer, n);
752 ide_transfer_start(s, s->io_buffer, 512 * n, ide_sector_read);
753 ide_set_irq(s);
754 ide_set_sector(s, sector_num + n);
755 s->nsector -= n;
756 }
757 }
758
759 /* return 0 if buffer completed */
760 static int dma_buf_rw(BMDMAState *bm, int is_write)
761 {
762 IDEState *s = bm->ide_if;
763 struct {
764 uint32_t addr;
765 uint32_t size;
766 } prd;
767 int l, len;
768
769 for(;;) {
770 l = s->io_buffer_size - s->io_buffer_index;
771 if (l <= 0)
772 break;
773 if (bm->cur_prd_len == 0) {
774 /* end of table (with a fail safe of one page) */
775 if (bm->cur_prd_last ||
776 (bm->cur_addr - bm->addr) >= 4096)
777 return 0;
778 cpu_physical_memory_read(bm->cur_addr, (uint8_t *)&prd, 8);
779 bm->cur_addr += 8;
780 prd.addr = le32_to_cpu(prd.addr);
781 prd.size = le32_to_cpu(prd.size);
782 len = prd.size & 0xfffe;
783 if (len == 0)
784 len = 0x10000;
785 bm->cur_prd_len = len;
786 bm->cur_prd_addr = prd.addr;
787 bm->cur_prd_last = (prd.size & 0x80000000);
788 }
789 if (l > bm->cur_prd_len)
790 l = bm->cur_prd_len;
791 if (l > 0) {
792 if (is_write) {
793 cpu_physical_memory_write(bm->cur_prd_addr,
794 s->io_buffer + s->io_buffer_index, l);
795 } else {
796 cpu_physical_memory_read(bm->cur_prd_addr,
797 s->io_buffer + s->io_buffer_index, l);
798 }
799 bm->cur_prd_addr += l;
800 bm->cur_prd_len -= l;
801 s->io_buffer_index += l;
802 }
803 }
804 return 1;
805 }
806
807 /* XXX: handle errors */
808 static void ide_read_dma_cb(void *opaque, int ret)
809 {
810 BMDMAState *bm = opaque;
811 IDEState *s = bm->ide_if;
812 int n;
813 int64_t sector_num;
814
815 n = s->io_buffer_size >> 9;
816 sector_num = ide_get_sector(s);
817 if (n > 0) {
818 sector_num += n;
819 ide_set_sector(s, sector_num);
820 s->nsector -= n;
821 if (dma_buf_rw(bm, 1) == 0)
822 goto eot;
823 }
824
825 /* end of transfer ? */
826 if (s->nsector == 0) {
827 s->status = READY_STAT | SEEK_STAT;
828 ide_set_irq(s);
829 eot:
830 bm->status &= ~BM_STATUS_DMAING;
831 bm->status |= BM_STATUS_INT;
832 bm->dma_cb = NULL;
833 bm->ide_if = NULL;
834 bm->aiocb = NULL;
835 return;
836 }
837
838 /* launch next transfer */
839 n = s->nsector;
840 if (n > MAX_MULT_SECTORS)
841 n = MAX_MULT_SECTORS;
842 s->io_buffer_index = 0;
843 s->io_buffer_size = n * 512;
844 #ifdef DEBUG_AIO
845 printf("aio_read: sector_num=%lld n=%d\n", sector_num, n);
846 #endif
847 bm->aiocb = bdrv_aio_read(s->bs, sector_num, s->io_buffer, n,
848 ide_read_dma_cb, bm);
849 }
850
851 static void ide_sector_read_dma(IDEState *s)
852 {
853 s->status = READY_STAT | SEEK_STAT | DRQ_STAT | BUSY_STAT;
854 s->io_buffer_index = 0;
855 s->io_buffer_size = 0;
856 ide_dma_start(s, ide_read_dma_cb);
857 }
858
859 static void ide_sector_write_timer_cb(void *opaque)
860 {
861 IDEState *s = opaque;
862 ide_set_irq(s);
863 }
864
865 static void ide_sector_write(IDEState *s)
866 {
867 int64_t sector_num;
868 int ret, n, n1;
869
870 s->status = READY_STAT | SEEK_STAT;
871 sector_num = ide_get_sector(s);
872 #if defined(DEBUG_IDE)
873 printf("write sector=%Ld\n", sector_num);
874 #endif
875 n = s->nsector;
876 if (n > s->req_nb_sectors)
877 n = s->req_nb_sectors;
878 ret = bdrv_write(s->bs, sector_num, s->io_buffer, n);
879 s->nsector -= n;
880 if (s->nsector == 0) {
881 /* no more sectors to write */
882 ide_transfer_stop(s);
883 } else {
884 n1 = s->nsector;
885 if (n1 > s->req_nb_sectors)
886 n1 = s->req_nb_sectors;
887 ide_transfer_start(s, s->io_buffer, 512 * n1, ide_sector_write);
888 }
889 ide_set_sector(s, sector_num + n);
890
891 #ifdef TARGET_I386
892 if (win2k_install_hack && ((++s->irq_count % 16) == 0)) {
893 /* It seems there is a bug in the Windows 2000 installer HDD
894 IDE driver which fills the disk with empty logs when the
895 IDE write IRQ comes too early. This hack tries to correct
896 that at the expense of slower write performances. Use this
897 option _only_ to install Windows 2000. You must disable it
898 for normal use. */
899 qemu_mod_timer(s->sector_write_timer,
900 qemu_get_clock(vm_clock) + (ticks_per_sec / 1000));
901 } else
902 #endif
903 {
904 ide_set_irq(s);
905 }
906 }
907
908 /* XXX: handle errors */
909 static void ide_write_dma_cb(void *opaque, int ret)
910 {
911 BMDMAState *bm = opaque;
912 IDEState *s = bm->ide_if;
913 int n;
914 int64_t sector_num;
915
916 n = s->io_buffer_size >> 9;
917 sector_num = ide_get_sector(s);
918 if (n > 0) {
919 sector_num += n;
920 ide_set_sector(s, sector_num);
921 s->nsector -= n;
922 }
923
924 /* end of transfer ? */
925 if (s->nsector == 0) {
926 s->status = READY_STAT | SEEK_STAT;
927 ide_set_irq(s);
928 eot:
929 bm->status &= ~BM_STATUS_DMAING;
930 bm->status |= BM_STATUS_INT;
931 bm->dma_cb = NULL;
932 bm->ide_if = NULL;
933 bm->aiocb = NULL;
934 return;
935 }
936
937 /* launch next transfer */
938 n = s->nsector;
939 if (n > MAX_MULT_SECTORS)
940 n = MAX_MULT_SECTORS;
941 s->io_buffer_index = 0;
942 s->io_buffer_size = n * 512;
943
944 if (dma_buf_rw(bm, 0) == 0)
945 goto eot;
946 #ifdef DEBUG_AIO
947 printf("aio_write: sector_num=%lld n=%d\n", sector_num, n);
948 #endif
949 bm->aiocb = bdrv_aio_write(s->bs, sector_num, s->io_buffer, n,
950 ide_write_dma_cb, bm);
951 }
952
953 static void ide_sector_write_dma(IDEState *s)
954 {
955 s->status = READY_STAT | SEEK_STAT | DRQ_STAT | BUSY_STAT;
956 s->io_buffer_index = 0;
957 s->io_buffer_size = 0;
958 ide_dma_start(s, ide_write_dma_cb);
959 }
960
961 static void ide_atapi_cmd_ok(IDEState *s)
962 {
963 s->error = 0;
964 s->status = READY_STAT;
965 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
966 ide_set_irq(s);
967 }
968
969 static void ide_atapi_cmd_error(IDEState *s, int sense_key, int asc)
970 {
971 #ifdef DEBUG_IDE_ATAPI
972 printf("atapi_cmd_error: sense=0x%x asc=0x%x\n", sense_key, asc);
973 #endif
974 s->error = sense_key << 4;
975 s->status = READY_STAT | ERR_STAT;
976 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
977 s->sense_key = sense_key;
978 s->asc = asc;
979 ide_set_irq(s);
980 }
981
982 static inline void cpu_to_ube16(uint8_t *buf, int val)
983 {
984 buf[0] = val >> 8;
985 buf[1] = val;
986 }
987
988 static inline void cpu_to_ube32(uint8_t *buf, unsigned int val)
989 {
990 buf[0] = val >> 24;
991 buf[1] = val >> 16;
992 buf[2] = val >> 8;
993 buf[3] = val;
994 }
995
996 static inline int ube16_to_cpu(const uint8_t *buf)
997 {
998 return (buf[0] << 8) | buf[1];
999 }
1000
1001 static inline int ube32_to_cpu(const uint8_t *buf)
1002 {
1003 return (buf[0] << 24) | (buf[1] << 16) | (buf[2] << 8) | buf[3];
1004 }
1005
1006 static void lba_to_msf(uint8_t *buf, int lba)
1007 {
1008 lba += 150;
1009 buf[0] = (lba / 75) / 60;
1010 buf[1] = (lba / 75) % 60;
1011 buf[2] = lba % 75;
1012 }
1013
1014 static void cd_data_to_raw(uint8_t *buf, int lba)
1015 {
1016 /* sync bytes */
1017 buf[0] = 0x00;
1018 memset(buf + 1, 0xff, 10);
1019 buf[11] = 0x00;
1020 buf += 12;
1021 /* MSF */
1022 lba_to_msf(buf, lba);
1023 buf[3] = 0x01; /* mode 1 data */
1024 buf += 4;
1025 /* data */
1026 buf += 2048;
1027 /* XXX: ECC not computed */
1028 memset(buf, 0, 288);
1029 }
1030
1031 static int cd_read_sector(BlockDriverState *bs, int lba, uint8_t *buf,
1032 int sector_size)
1033 {
1034 int ret;
1035
1036 switch(sector_size) {
1037 case 2048:
1038 ret = bdrv_read(bs, (int64_t)lba << 2, buf, 4);
1039 break;
1040 case 2352:
1041 ret = bdrv_read(bs, (int64_t)lba << 2, buf + 16, 4);
1042 if (ret < 0)
1043 return ret;
1044 cd_data_to_raw(buf, lba);
1045 break;
1046 default:
1047 ret = -EIO;
1048 break;
1049 }
1050 return ret;
1051 }
1052
1053 static void ide_atapi_io_error(IDEState *s, int ret)
1054 {
1055 /* XXX: handle more errors */
1056 if (ret == -ENOMEDIUM) {
1057 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1058 ASC_MEDIUM_NOT_PRESENT);
1059 } else {
1060 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1061 ASC_LOGICAL_BLOCK_OOR);
1062 }
1063 }
1064
1065 /* The whole ATAPI transfer logic is handled in this function */
1066 static void ide_atapi_cmd_reply_end(IDEState *s)
1067 {
1068 int byte_count_limit, size, ret;
1069 #ifdef DEBUG_IDE_ATAPI
1070 printf("reply: tx_size=%d elem_tx_size=%d index=%d\n",
1071 s->packet_transfer_size,
1072 s->elementary_transfer_size,
1073 s->io_buffer_index);
1074 #endif
1075 if (s->packet_transfer_size <= 0) {
1076 /* end of transfer */
1077 ide_transfer_stop(s);
1078 s->status = READY_STAT;
1079 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
1080 ide_set_irq(s);
1081 #ifdef DEBUG_IDE_ATAPI
1082 printf("status=0x%x\n", s->status);
1083 #endif
1084 } else {
1085 /* see if a new sector must be read */
1086 if (s->lba != -1 && s->io_buffer_index >= s->cd_sector_size) {
1087 ret = cd_read_sector(s->bs, s->lba, s->io_buffer, s->cd_sector_size);
1088 if (ret < 0) {
1089 ide_transfer_stop(s);
1090 ide_atapi_io_error(s, ret);
1091 return;
1092 }
1093 s->lba++;
1094 s->io_buffer_index = 0;
1095 }
1096 if (s->elementary_transfer_size > 0) {
1097 /* there are some data left to transmit in this elementary
1098 transfer */
1099 size = s->cd_sector_size - s->io_buffer_index;
1100 if (size > s->elementary_transfer_size)
1101 size = s->elementary_transfer_size;
1102 ide_transfer_start(s, s->io_buffer + s->io_buffer_index,
1103 size, ide_atapi_cmd_reply_end);
1104 s->packet_transfer_size -= size;
1105 s->elementary_transfer_size -= size;
1106 s->io_buffer_index += size;
1107 } else {
1108 /* a new transfer is needed */
1109 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO;
1110 byte_count_limit = s->lcyl | (s->hcyl << 8);
1111 #ifdef DEBUG_IDE_ATAPI
1112 printf("byte_count_limit=%d\n", byte_count_limit);
1113 #endif
1114 if (byte_count_limit == 0xffff)
1115 byte_count_limit--;
1116 size = s->packet_transfer_size;
1117 if (size > byte_count_limit) {
1118 /* byte count limit must be even if this case */
1119 if (byte_count_limit & 1)
1120 byte_count_limit--;
1121 size = byte_count_limit;
1122 }
1123 s->lcyl = size;
1124 s->hcyl = size >> 8;
1125 s->elementary_transfer_size = size;
1126 /* we cannot transmit more than one sector at a time */
1127 if (s->lba != -1) {
1128 if (size > (s->cd_sector_size - s->io_buffer_index))
1129 size = (s->cd_sector_size - s->io_buffer_index);
1130 }
1131 ide_transfer_start(s, s->io_buffer + s->io_buffer_index,
1132 size, ide_atapi_cmd_reply_end);
1133 s->packet_transfer_size -= size;
1134 s->elementary_transfer_size -= size;
1135 s->io_buffer_index += size;
1136 ide_set_irq(s);
1137 #ifdef DEBUG_IDE_ATAPI
1138 printf("status=0x%x\n", s->status);
1139 #endif
1140 }
1141 }
1142 }
1143
1144 /* send a reply of 'size' bytes in s->io_buffer to an ATAPI command */
1145 static void ide_atapi_cmd_reply(IDEState *s, int size, int max_size)
1146 {
1147 if (size > max_size)
1148 size = max_size;
1149 s->lba = -1; /* no sector read */
1150 s->packet_transfer_size = size;
1151 s->io_buffer_size = size; /* dma: send the reply data as one chunk */
1152 s->elementary_transfer_size = 0;
1153 s->io_buffer_index = 0;
1154
1155 if (s->atapi_dma) {
1156 s->status = READY_STAT | DRQ_STAT;
1157 ide_dma_start(s, ide_atapi_cmd_read_dma_cb);
1158 } else {
1159 s->status = READY_STAT;
1160 ide_atapi_cmd_reply_end(s);
1161 }
1162 }
1163
1164 /* start a CD-CDROM read command */
1165 static void ide_atapi_cmd_read_pio(IDEState *s, int lba, int nb_sectors,
1166 int sector_size)
1167 {
1168 s->lba = lba;
1169 s->packet_transfer_size = nb_sectors * sector_size;
1170 s->elementary_transfer_size = 0;
1171 s->io_buffer_index = sector_size;
1172 s->cd_sector_size = sector_size;
1173
1174 s->status = READY_STAT;
1175 ide_atapi_cmd_reply_end(s);
1176 }
1177
1178 /* ATAPI DMA support */
1179
1180 /* XXX: handle read errors */
1181 static void ide_atapi_cmd_read_dma_cb(void *opaque, int ret)
1182 {
1183 BMDMAState *bm = opaque;
1184 IDEState *s = bm->ide_if;
1185 int data_offset, n;
1186
1187 if (ret < 0) {
1188 ide_atapi_io_error(s, ret);
1189 goto eot;
1190 }
1191
1192 if (s->io_buffer_size > 0) {
1193 /*
1194 * For a cdrom read sector command (s->lba != -1),
1195 * adjust the lba for the next s->io_buffer_size chunk
1196 * and dma the current chunk.
1197 * For a command != read (s->lba == -1), just transfer
1198 * the reply data.
1199 */
1200 if (s->lba != -1) {
1201 if (s->cd_sector_size == 2352) {
1202 n = 1;
1203 cd_data_to_raw(s->io_buffer, s->lba);
1204 } else {
1205 n = s->io_buffer_size >> 11;
1206 }
1207 s->lba += n;
1208 }
1209 s->packet_transfer_size -= s->io_buffer_size;
1210 if (dma_buf_rw(bm, 1) == 0)
1211 goto eot;
1212 }
1213
1214 if (s->packet_transfer_size <= 0) {
1215 s->status = READY_STAT;
1216 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
1217 ide_set_irq(s);
1218 eot:
1219 bm->status &= ~BM_STATUS_DMAING;
1220 bm->status |= BM_STATUS_INT;
1221 bm->dma_cb = NULL;
1222 bm->ide_if = NULL;
1223 bm->aiocb = NULL;
1224 return;
1225 }
1226
1227 s->io_buffer_index = 0;
1228 if (s->cd_sector_size == 2352) {
1229 n = 1;
1230 s->io_buffer_size = s->cd_sector_size;
1231 data_offset = 16;
1232 } else {
1233 n = s->packet_transfer_size >> 11;
1234 if (n > (MAX_MULT_SECTORS / 4))
1235 n = (MAX_MULT_SECTORS / 4);
1236 s->io_buffer_size = n * 2048;
1237 data_offset = 0;
1238 }
1239 #ifdef DEBUG_AIO
1240 printf("aio_read_cd: lba=%u n=%d\n", s->lba, n);
1241 #endif
1242 bm->aiocb = bdrv_aio_read(s->bs, (int64_t)s->lba << 2,
1243 s->io_buffer + data_offset, n * 4,
1244 ide_atapi_cmd_read_dma_cb, bm);
1245 if (!bm->aiocb) {
1246 /* Note: media not present is the most likely case */
1247 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1248 ASC_MEDIUM_NOT_PRESENT);
1249 goto eot;
1250 }
1251 }
1252
1253 /* start a CD-CDROM read command with DMA */
1254 /* XXX: test if DMA is available */
1255 static void ide_atapi_cmd_read_dma(IDEState *s, int lba, int nb_sectors,
1256 int sector_size)
1257 {
1258 s->lba = lba;
1259 s->packet_transfer_size = nb_sectors * sector_size;
1260 s->io_buffer_index = 0;
1261 s->io_buffer_size = 0;
1262 s->cd_sector_size = sector_size;
1263
1264 /* XXX: check if BUSY_STAT should be set */
1265 s->status = READY_STAT | DRQ_STAT | BUSY_STAT;
1266 ide_dma_start(s, ide_atapi_cmd_read_dma_cb);
1267 }
1268
1269 static void ide_atapi_cmd_read(IDEState *s, int lba, int nb_sectors,
1270 int sector_size)
1271 {
1272 #ifdef DEBUG_IDE_ATAPI
1273 printf("read %s: LBA=%d nb_sectors=%d\n", s->atapi_dma ? "dma" : "pio",
1274 lba, nb_sectors);
1275 #endif
1276 if (s->atapi_dma) {
1277 ide_atapi_cmd_read_dma(s, lba, nb_sectors, sector_size);
1278 } else {
1279 ide_atapi_cmd_read_pio(s, lba, nb_sectors, sector_size);
1280 }
1281 }
1282
1283 static void ide_atapi_cmd(IDEState *s)
1284 {
1285 const uint8_t *packet;
1286 uint8_t *buf;
1287 int max_len;
1288
1289 packet = s->io_buffer;
1290 buf = s->io_buffer;
1291 #ifdef DEBUG_IDE_ATAPI
1292 {
1293 int i;
1294 printf("ATAPI limit=0x%x packet:", s->lcyl | (s->hcyl << 8));
1295 for(i = 0; i < ATAPI_PACKET_SIZE; i++) {
1296 printf(" %02x", packet[i]);
1297 }
1298 printf("\n");
1299 }
1300 #endif
1301 switch(s->io_buffer[0]) {
1302 case GPCMD_TEST_UNIT_READY:
1303 if (bdrv_is_inserted(s->bs)) {
1304 ide_atapi_cmd_ok(s);
1305 } else {
1306 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1307 ASC_MEDIUM_NOT_PRESENT);
1308 }
1309 break;
1310 case GPCMD_MODE_SENSE_10:
1311 {
1312 int action, code;
1313 max_len = ube16_to_cpu(packet + 7);
1314 action = packet[2] >> 6;
1315 code = packet[2] & 0x3f;
1316 switch(action) {
1317 case 0: /* current values */
1318 switch(code) {
1319 case 0x01: /* error recovery */
1320 cpu_to_ube16(&buf[0], 16 + 6);
1321 buf[2] = 0x70;
1322 buf[3] = 0;
1323 buf[4] = 0;
1324 buf[5] = 0;
1325 buf[6] = 0;
1326 buf[7] = 0;
1327
1328 buf[8] = 0x01;
1329 buf[9] = 0x06;
1330 buf[10] = 0x00;
1331 buf[11] = 0x05;
1332 buf[12] = 0x00;
1333 buf[13] = 0x00;
1334 buf[14] = 0x00;
1335 buf[15] = 0x00;
1336 ide_atapi_cmd_reply(s, 16, max_len);
1337 break;
1338 case 0x2a:
1339 cpu_to_ube16(&buf[0], 28 + 6);
1340 buf[2] = 0x70;
1341 buf[3] = 0;
1342 buf[4] = 0;
1343 buf[5] = 0;
1344 buf[6] = 0;
1345 buf[7] = 0;
1346
1347 buf[8] = 0x2a;
1348 buf[9] = 0x12;
1349 buf[10] = 0x00;
1350 buf[11] = 0x00;
1351
1352 buf[12] = 0x70;
1353 buf[13] = 3 << 5;
1354 buf[14] = (1 << 0) | (1 << 3) | (1 << 5);
1355 if (bdrv_is_locked(s->bs))
1356 buf[6] |= 1 << 1;
1357 buf[15] = 0x00;
1358 cpu_to_ube16(&buf[16], 706);
1359 buf[18] = 0;
1360 buf[19] = 2;
1361 cpu_to_ube16(&buf[20], 512);
1362 cpu_to_ube16(&buf[22], 706);
1363 buf[24] = 0;
1364 buf[25] = 0;
1365 buf[26] = 0;
1366 buf[27] = 0;
1367 ide_atapi_cmd_reply(s, 28, max_len);
1368 break;
1369 default:
1370 goto error_cmd;
1371 }
1372 break;
1373 case 1: /* changeable values */
1374 goto error_cmd;
1375 case 2: /* default values */
1376 goto error_cmd;
1377 default:
1378 case 3: /* saved values */
1379 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1380 ASC_SAVING_PARAMETERS_NOT_SUPPORTED);
1381 break;
1382 }
1383 }
1384 break;
1385 case GPCMD_REQUEST_SENSE:
1386 max_len = packet[4];
1387 memset(buf, 0, 18);
1388 buf[0] = 0x70 | (1 << 7);
1389 buf[2] = s->sense_key;
1390 buf[7] = 10;
1391 buf[12] = s->asc;
1392 ide_atapi_cmd_reply(s, 18, max_len);
1393 break;
1394 case GPCMD_PREVENT_ALLOW_MEDIUM_REMOVAL:
1395 if (bdrv_is_inserted(s->bs)) {
1396 bdrv_set_locked(s->bs, packet[4] & 1);
1397 ide_atapi_cmd_ok(s);
1398 } else {
1399 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1400 ASC_MEDIUM_NOT_PRESENT);
1401 }
1402 break;
1403 case GPCMD_READ_10:
1404 case GPCMD_READ_12:
1405 {
1406 int nb_sectors, lba;
1407
1408 if (packet[0] == GPCMD_READ_10)
1409 nb_sectors = ube16_to_cpu(packet + 7);
1410 else
1411 nb_sectors = ube32_to_cpu(packet + 6);
1412 lba = ube32_to_cpu(packet + 2);
1413 if (nb_sectors == 0) {
1414 ide_atapi_cmd_ok(s);
1415 break;
1416 }
1417 ide_atapi_cmd_read(s, lba, nb_sectors, 2048);
1418 }
1419 break;
1420 case GPCMD_READ_CD:
1421 {
1422 int nb_sectors, lba, transfer_request;
1423
1424 nb_sectors = (packet[6] << 16) | (packet[7] << 8) | packet[8];
1425 lba = ube32_to_cpu(packet + 2);
1426 if (nb_sectors == 0) {
1427 ide_atapi_cmd_ok(s);
1428 break;
1429 }
1430 transfer_request = packet[9];
1431 switch(transfer_request & 0xf8) {
1432 case 0x00:
1433 /* nothing */
1434 ide_atapi_cmd_ok(s);
1435 break;
1436 case 0x10:
1437 /* normal read */
1438 ide_atapi_cmd_read(s, lba, nb_sectors, 2048);
1439 break;
1440 case 0xf8:
1441 /* read all data */
1442 ide_atapi_cmd_read(s, lba, nb_sectors, 2352);
1443 break;
1444 default:
1445 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1446 ASC_INV_FIELD_IN_CMD_PACKET);
1447 break;
1448 }
1449 }
1450 break;
1451 case GPCMD_SEEK:
1452 {
1453 int lba;
1454 int64_t total_sectors;
1455
1456 bdrv_get_geometry(s->bs, &total_sectors);
1457 total_sectors >>= 2;
1458 if (total_sectors <= 0) {
1459 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1460 ASC_MEDIUM_NOT_PRESENT);
1461 break;
1462 }
1463 lba = ube32_to_cpu(packet + 2);
1464 if (lba >= total_sectors) {
1465 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1466 ASC_LOGICAL_BLOCK_OOR);
1467 break;
1468 }
1469 ide_atapi_cmd_ok(s);
1470 }
1471 break;
1472 case GPCMD_START_STOP_UNIT:
1473 {
1474 int start, eject;
1475 start = packet[4] & 1;
1476 eject = (packet[4] >> 1) & 1;
1477
1478 if (eject && !start) {
1479 /* eject the disk */
1480 bdrv_eject(s->bs, 1);
1481 } else if (eject && start) {
1482 /* close the tray */
1483 bdrv_eject(s->bs, 0);
1484 }
1485 ide_atapi_cmd_ok(s);
1486 }
1487 break;
1488 case GPCMD_MECHANISM_STATUS:
1489 {
1490 max_len = ube16_to_cpu(packet + 8);
1491 cpu_to_ube16(buf, 0);
1492 /* no current LBA */
1493 buf[2] = 0;
1494 buf[3] = 0;
1495 buf[4] = 0;
1496 buf[5] = 1;
1497 cpu_to_ube16(buf + 6, 0);
1498 ide_atapi_cmd_reply(s, 8, max_len);
1499 }
1500 break;
1501 case GPCMD_READ_TOC_PMA_ATIP:
1502 {
1503 int format, msf, start_track, len;
1504 int64_t total_sectors;
1505
1506 bdrv_get_geometry(s->bs, &total_sectors);
1507 total_sectors >>= 2;
1508 if (total_sectors <= 0) {
1509 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1510 ASC_MEDIUM_NOT_PRESENT);
1511 break;
1512 }
1513 max_len = ube16_to_cpu(packet + 7);
1514 format = packet[9] >> 6;
1515 msf = (packet[1] >> 1) & 1;
1516 start_track = packet[6];
1517 switch(format) {
1518 case 0:
1519 len = cdrom_read_toc(total_sectors, buf, msf, start_track);
1520 if (len < 0)
1521 goto error_cmd;
1522 ide_atapi_cmd_reply(s, len, max_len);
1523 break;
1524 case 1:
1525 /* multi session : only a single session defined */
1526 memset(buf, 0, 12);
1527 buf[1] = 0x0a;
1528 buf[2] = 0x01;
1529 buf[3] = 0x01;
1530 ide_atapi_cmd_reply(s, 12, max_len);
1531 break;
1532 case 2:
1533 len = cdrom_read_toc_raw(total_sectors, buf, msf, start_track);
1534 if (len < 0)
1535 goto error_cmd;
1536 ide_atapi_cmd_reply(s, len, max_len);
1537 break;
1538 default:
1539 error_cmd:
1540 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1541 ASC_INV_FIELD_IN_CMD_PACKET);
1542 break;
1543 }
1544 }
1545 break;
1546 case GPCMD_READ_CDVD_CAPACITY:
1547 {
1548 int64_t total_sectors;
1549
1550 bdrv_get_geometry(s->bs, &total_sectors);
1551 total_sectors >>= 2;
1552 if (total_sectors <= 0) {
1553 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1554 ASC_MEDIUM_NOT_PRESENT);
1555 break;
1556 }
1557 /* NOTE: it is really the number of sectors minus 1 */
1558 cpu_to_ube32(buf, total_sectors - 1);
1559 cpu_to_ube32(buf + 4, 2048);
1560 ide_atapi_cmd_reply(s, 8, 8);
1561 }
1562 break;
1563 case GPCMD_INQUIRY:
1564 max_len = packet[4];
1565 buf[0] = 0x05; /* CD-ROM */
1566 buf[1] = 0x80; /* removable */
1567 buf[2] = 0x00; /* ISO */
1568 buf[3] = 0x21; /* ATAPI-2 (XXX: put ATAPI-4 ?) */
1569 buf[4] = 31; /* additionnal length */
1570 buf[5] = 0; /* reserved */
1571 buf[6] = 0; /* reserved */
1572 buf[7] = 0; /* reserved */
1573 padstr8(buf + 8, 8, "QEMU");
1574 padstr8(buf + 16, 16, "QEMU CD-ROM");
1575 padstr8(buf + 32, 4, QEMU_VERSION);
1576 ide_atapi_cmd_reply(s, 36, max_len);
1577 break;
1578 default:
1579 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1580 ASC_ILLEGAL_OPCODE);
1581 break;
1582 }
1583 }
1584
1585 static void ide_cfata_metadata_inquiry(IDEState *s)
1586 {
1587 uint16_t *p;
1588 uint32_t spd;
1589
1590 p = (uint16_t *) s->io_buffer;
1591 memset(p, 0, 0x200);
1592 spd = ((s->mdata_size - 1) >> 9) + 1;
1593
1594 put_le16(p + 0, 0x0001); /* Data format revision */
1595 put_le16(p + 1, 0x0000); /* Media property: silicon */
1596 put_le16(p + 2, s->media_changed); /* Media status */
1597 put_le16(p + 3, s->mdata_size & 0xffff); /* Capacity in bytes (low) */
1598 put_le16(p + 4, s->mdata_size >> 16); /* Capacity in bytes (high) */
1599 put_le16(p + 5, spd & 0xffff); /* Sectors per device (low) */
1600 put_le16(p + 6, spd >> 16); /* Sectors per device (high) */
1601 }
1602
1603 static void ide_cfata_metadata_read(IDEState *s)
1604 {
1605 uint16_t *p;
1606
1607 if (((s->hcyl << 16) | s->lcyl) << 9 > s->mdata_size + 2) {
1608 s->status = ERR_STAT;
1609 s->error = ABRT_ERR;
1610 return;
1611 }
1612
1613 p = (uint16_t *) s->io_buffer;
1614 memset(p, 0, 0x200);
1615
1616 put_le16(p + 0, s->media_changed); /* Media status */
1617 memcpy(p + 1, s->mdata_storage + (((s->hcyl << 16) | s->lcyl) << 9),
1618 MIN(MIN(s->mdata_size - (((s->hcyl << 16) | s->lcyl) << 9),
1619 s->nsector << 9), 0x200 - 2));
1620 }
1621
1622 static void ide_cfata_metadata_write(IDEState *s)
1623 {
1624 if (((s->hcyl << 16) | s->lcyl) << 9 > s->mdata_size + 2) {
1625 s->status = ERR_STAT;
1626 s->error = ABRT_ERR;
1627 return;
1628 }
1629
1630 s->media_changed = 0;
1631
1632 memcpy(s->mdata_storage + (((s->hcyl << 16) | s->lcyl) << 9),
1633 s->io_buffer + 2,
1634 MIN(MIN(s->mdata_size - (((s->hcyl << 16) | s->lcyl) << 9),
1635 s->nsector << 9), 0x200 - 2));
1636 }
1637
1638 /* called when the inserted state of the media has changed */
1639 static void cdrom_change_cb(void *opaque)
1640 {
1641 IDEState *s = opaque;
1642 int64_t nb_sectors;
1643
1644 /* XXX: send interrupt too */
1645 bdrv_get_geometry(s->bs, &nb_sectors);
1646 s->nb_sectors = nb_sectors;
1647 }
1648
1649 static void ide_cmd_lba48_transform(IDEState *s, int lba48)
1650 {
1651 s->lba48 = lba48;
1652
1653 /* handle the 'magic' 0 nsector count conversion here. to avoid
1654 * fiddling with the rest of the read logic, we just store the
1655 * full sector count in ->nsector and ignore ->hob_nsector from now
1656 */
1657 if (!s->lba48) {
1658 if (!s->nsector)
1659 s->nsector = 256;
1660 } else {
1661 if (!s->nsector && !s->hob_nsector)
1662 s->nsector = 65536;
1663 else {
1664 int lo = s->nsector;
1665 int hi = s->hob_nsector;
1666
1667 s->nsector = (hi << 8) | lo;
1668 }
1669 }
1670 }
1671
1672 static void ide_clear_hob(IDEState *ide_if)
1673 {
1674 /* any write clears HOB high bit of device control register */
1675 ide_if[0].select &= ~(1 << 7);
1676 ide_if[1].select &= ~(1 << 7);
1677 }
1678
1679 static void ide_ioport_write(void *opaque, uint32_t addr, uint32_t val)
1680 {
1681 IDEState *ide_if = opaque;
1682 IDEState *s;
1683 int unit, n;
1684 int lba48 = 0;
1685
1686 #ifdef DEBUG_IDE
1687 printf("IDE: write addr=0x%x val=0x%02x\n", addr, val);
1688 #endif
1689
1690 addr &= 7;
1691 switch(addr) {
1692 case 0:
1693 break;
1694 case 1:
1695 ide_clear_hob(ide_if);
1696 /* NOTE: data is written to the two drives */
1697 ide_if[0].hob_feature = ide_if[0].feature;
1698 ide_if[1].hob_feature = ide_if[1].feature;
1699 ide_if[0].feature = val;
1700 ide_if[1].feature = val;
1701 break;
1702 case 2:
1703 ide_clear_hob(ide_if);
1704 ide_if[0].hob_nsector = ide_if[0].nsector;
1705 ide_if[1].hob_nsector = ide_if[1].nsector;
1706 ide_if[0].nsector = val;
1707 ide_if[1].nsector = val;
1708 break;
1709 case 3:
1710 ide_clear_hob(ide_if);
1711 ide_if[0].hob_sector = ide_if[0].sector;
1712 ide_if[1].hob_sector = ide_if[1].sector;
1713 ide_if[0].sector = val;
1714 ide_if[1].sector = val;
1715 break;
1716 case 4:
1717 ide_clear_hob(ide_if);
1718 ide_if[0].hob_lcyl = ide_if[0].lcyl;
1719 ide_if[1].hob_lcyl = ide_if[1].lcyl;
1720 ide_if[0].lcyl = val;
1721 ide_if[1].lcyl = val;
1722 break;
1723 case 5:
1724 ide_clear_hob(ide_if);
1725 ide_if[0].hob_hcyl = ide_if[0].hcyl;
1726 ide_if[1].hob_hcyl = ide_if[1].hcyl;
1727 ide_if[0].hcyl = val;
1728 ide_if[1].hcyl = val;
1729 break;
1730 case 6:
1731 /* FIXME: HOB readback uses bit 7 */
1732 ide_if[0].select = (val & ~0x10) | 0xa0;
1733 ide_if[1].select = (val | 0x10) | 0xa0;
1734 /* select drive */
1735 unit = (val >> 4) & 1;
1736 s = ide_if + unit;
1737 ide_if->cur_drive = s;
1738 break;
1739 default:
1740 case 7:
1741 /* command */
1742 #if defined(DEBUG_IDE)
1743 printf("ide: CMD=%02x\n", val);
1744 #endif
1745 s = ide_if->cur_drive;
1746 /* ignore commands to non existant slave */
1747 if (s != ide_if && !s->bs)
1748 break;
1749
1750 switch(val) {
1751 case WIN_IDENTIFY:
1752 if (s->bs && !s->is_cdrom) {
1753 if (!s->is_cf)
1754 ide_identify(s);
1755 else
1756 ide_cfata_identify(s);
1757 s->status = READY_STAT | SEEK_STAT;
1758 ide_transfer_start(s, s->io_buffer, 512, ide_transfer_stop);
1759 } else {
1760 if (s->is_cdrom) {
1761 ide_set_signature(s);
1762 }
1763 ide_abort_command(s);
1764 }
1765 ide_set_irq(s);
1766 break;
1767 case WIN_SPECIFY:
1768 case WIN_RECAL:
1769 s->error = 0;
1770 s->status = READY_STAT | SEEK_STAT;
1771 ide_set_irq(s);
1772 break;
1773 case WIN_SETMULT:
1774 if (s->is_cf && s->nsector == 0) {
1775 /* Disable Read and Write Multiple */
1776 s->mult_sectors = 0;
1777 s->status = READY_STAT;
1778 } else if ((s->nsector & 0xff) != 0 &&
1779 ((s->nsector & 0xff) > MAX_MULT_SECTORS ||
1780 (s->nsector & (s->nsector - 1)) != 0)) {
1781 ide_abort_command(s);
1782 } else {
1783 s->mult_sectors = s->nsector & 0xff;
1784 s->status = READY_STAT;
1785 }
1786 ide_set_irq(s);
1787 break;
1788 case WIN_VERIFY_EXT:
1789 lba48 = 1;
1790 case WIN_VERIFY:
1791 case WIN_VERIFY_ONCE:
1792 /* do sector number check ? */
1793 ide_cmd_lba48_transform(s, lba48);
1794 s->status = READY_STAT;
1795 ide_set_irq(s);
1796 break;
1797 case WIN_READ_EXT:
1798 lba48 = 1;
1799 case WIN_READ:
1800 case WIN_READ_ONCE:
1801 if (!s->bs)
1802 goto abort_cmd;
1803 ide_cmd_lba48_transform(s, lba48);
1804 s->req_nb_sectors = 1;
1805 ide_sector_read(s);
1806 break;
1807 case WIN_WRITE_EXT:
1808 lba48 = 1;
1809 case WIN_WRITE:
1810 case WIN_WRITE_ONCE:
1811 case CFA_WRITE_SECT_WO_ERASE:
1812 case WIN_WRITE_VERIFY:
1813 ide_cmd_lba48_transform(s, lba48);
1814 s->error = 0;
1815 s->status = SEEK_STAT | READY_STAT;
1816 s->req_nb_sectors = 1;
1817 ide_transfer_start(s, s->io_buffer, 512, ide_sector_write);
1818 s->media_changed = 1;
1819 break;
1820 case WIN_MULTREAD_EXT:
1821 lba48 = 1;
1822 case WIN_MULTREAD:
1823 if (!s->mult_sectors)
1824 goto abort_cmd;
1825 ide_cmd_lba48_transform(s, lba48);
1826 s->req_nb_sectors = s->mult_sectors;
1827 ide_sector_read(s);
1828 break;
1829 case WIN_MULTWRITE_EXT:
1830 lba48 = 1;
1831 case WIN_MULTWRITE:
1832 case CFA_WRITE_MULTI_WO_ERASE:
1833 if (!s->mult_sectors)
1834 goto abort_cmd;
1835 ide_cmd_lba48_transform(s, lba48);
1836 s->error = 0;
1837 s->status = SEEK_STAT | READY_STAT;
1838 s->req_nb_sectors = s->mult_sectors;
1839 n = s->nsector;
1840 if (n > s->req_nb_sectors)
1841 n = s->req_nb_sectors;
1842 ide_transfer_start(s, s->io_buffer, 512 * n, ide_sector_write);
1843 s->media_changed = 1;
1844 break;
1845 case WIN_READDMA_EXT:
1846 lba48 = 1;
1847 case WIN_READDMA:
1848 case WIN_READDMA_ONCE:
1849 if (!s->bs)
1850 goto abort_cmd;
1851 ide_cmd_lba48_transform(s, lba48);
1852 ide_sector_read_dma(s);
1853 break;
1854 case WIN_WRITEDMA_EXT:
1855 lba48 = 1;
1856 case WIN_WRITEDMA:
1857 case WIN_WRITEDMA_ONCE:
1858 if (!s->bs)
1859 goto abort_cmd;
1860 ide_cmd_lba48_transform(s, lba48);
1861 ide_sector_write_dma(s);
1862 s->media_changed = 1;
1863 break;
1864 case WIN_READ_NATIVE_MAX_EXT:
1865 lba48 = 1;
1866 case WIN_READ_NATIVE_MAX:
1867 ide_cmd_lba48_transform(s, lba48);
1868 ide_set_sector(s, s->nb_sectors - 1);
1869 s->status = READY_STAT;
1870 ide_set_irq(s);
1871 break;
1872 case WIN_CHECKPOWERMODE1:
1873 case WIN_CHECKPOWERMODE2:
1874 s->nsector = 0xff; /* device active or idle */
1875 s->status = READY_STAT;
1876 ide_set_irq(s);
1877 break;
1878 case WIN_SETFEATURES:
1879 if (!s->bs)
1880 goto abort_cmd;
1881 /* XXX: valid for CDROM ? */
1882 switch(s->feature) {
1883 case 0xcc: /* reverting to power-on defaults enable */
1884 case 0x66: /* reverting to power-on defaults disable */
1885 case 0x02: /* write cache enable */
1886 case 0x82: /* write cache disable */
1887 case 0xaa: /* read look-ahead enable */
1888 case 0x55: /* read look-ahead disable */
1889 case 0x05: /* set advanced power management mode */
1890 case 0x85: /* disable advanced power management mode */
1891 case 0x69: /* NOP */
1892 case 0x67: /* NOP */
1893 case 0x96: /* NOP */
1894 case 0x9a: /* NOP */
1895 s->status = READY_STAT | SEEK_STAT;
1896 ide_set_irq(s);
1897 break;
1898 case 0x03: { /* set transfer mode */
1899 uint8_t val = s->nsector & 0x07;
1900
1901 switch (s->nsector >> 3) {
1902 case 0x00: /* pio default */
1903 case 0x01: /* pio mode */
1904 put_le16(s->identify_data + 63,0x07);
1905 put_le16(s->identify_data + 88,0x3f);
1906 break;
1907 case 0x04: /* mdma mode */
1908 put_le16(s->identify_data + 63,0x07 | (1 << (val + 8)));
1909 put_le16(s->identify_data + 88,0x3f);
1910 break;
1911 case 0x08: /* udma mode */
1912 put_le16(s->identify_data + 63,0x07);
1913 put_le16(s->identify_data + 88,0x3f | (1 << (val + 8)));
1914 break;
1915 default:
1916 goto abort_cmd;
1917 }
1918 s->status = READY_STAT | SEEK_STAT;
1919 ide_set_irq(s);
1920 break;
1921 }
1922 default:
1923 goto abort_cmd;
1924 }
1925 break;
1926 case WIN_FLUSH_CACHE:
1927 case WIN_FLUSH_CACHE_EXT:
1928 if (s->bs)
1929 bdrv_flush(s->bs);
1930 s->status = READY_STAT;
1931 ide_set_irq(s);
1932 break;
1933 case WIN_STANDBYNOW1:
1934 case WIN_STANDBYNOW2:
1935 case WIN_IDLEIMMEDIATE:
1936 case CFA_IDLEIMMEDIATE:
1937 case WIN_SETIDLE1:
1938 case WIN_SETIDLE2:
1939 s->status = READY_STAT;
1940 ide_set_irq(s);
1941 break;
1942 /* ATAPI commands */
1943 case WIN_PIDENTIFY:
1944 if (s->is_cdrom) {
1945 ide_atapi_identify(s);
1946 s->status = READY_STAT | SEEK_STAT;
1947 ide_transfer_start(s, s->io_buffer, 512, ide_transfer_stop);
1948 } else {
1949 ide_abort_command(s);
1950 }
1951 ide_set_irq(s);
1952 break;
1953 case WIN_DIAGNOSE:
1954 ide_set_signature(s);
1955 s->status = 0x00; /* NOTE: READY is _not_ set */
1956 s->error = 0x01;
1957 break;
1958 case WIN_SRST:
1959 if (!s->is_cdrom)
1960 goto abort_cmd;
1961 ide_set_signature(s);
1962 s->status = 0x00; /* NOTE: READY is _not_ set */
1963 s->error = 0x01;
1964 break;
1965 case WIN_PACKETCMD:
1966 if (!s->is_cdrom)
1967 goto abort_cmd;
1968 /* overlapping commands not supported */
1969 if (s->feature & 0x02)
1970 goto abort_cmd;
1971 s->atapi_dma = s->feature & 1;
1972 s->nsector = 1;
1973 ide_transfer_start(s, s->io_buffer, ATAPI_PACKET_SIZE,
1974 ide_atapi_cmd);
1975 break;
1976 /* CF-ATA commands */
1977 case CFA_REQ_EXT_ERROR_CODE:
1978 if (!s->is_cf)
1979 goto abort_cmd;
1980 s->error = 0x09; /* miscellaneous error */
1981 s->status = READY_STAT;
1982 ide_set_irq(s);
1983 break;
1984 case CFA_ERASE_SECTORS:
1985 case CFA_WEAR_LEVEL:
1986 if (!s->is_cf)
1987 goto abort_cmd;
1988 if (val == CFA_WEAR_LEVEL)
1989 s->nsector = 0;
1990 if (val == CFA_ERASE_SECTORS)
1991 s->media_changed = 1;
1992 s->error = 0x00;
1993 s->status = READY_STAT;
1994 ide_set_irq(s);
1995 break;
1996 case CFA_TRANSLATE_SECTOR:
1997 if (!s->is_cf)
1998 goto abort_cmd;
1999 s->error = 0x00;
2000 s->status = READY_STAT;
2001 memset(s->io_buffer, 0, 0x200);
2002 s->io_buffer[0x00] = s->hcyl; /* Cyl MSB */
2003 s->io_buffer[0x01] = s->lcyl; /* Cyl LSB */
2004 s->io_buffer[0x02] = s->select; /* Head */
2005 s->io_buffer[0x03] = s->sector; /* Sector */
2006 s->io_buffer[0x04] = ide_get_sector(s) >> 16; /* LBA MSB */
2007 s->io_buffer[0x05] = ide_get_sector(s) >> 8; /* LBA */
2008 s->io_buffer[0x06] = ide_get_sector(s) >> 0; /* LBA LSB */
2009 s->io_buffer[0x13] = 0x00; /* Erase flag */
2010 s->io_buffer[0x18] = 0x00; /* Hot count */
2011 s->io_buffer[0x19] = 0x00; /* Hot count */
2012 s->io_buffer[0x1a] = 0x01; /* Hot count */
2013 ide_transfer_start(s, s->io_buffer, 0x200, ide_transfer_stop);
2014 ide_set_irq(s);
2015 break;
2016 case CFA_ACCESS_METADATA_STORAGE:
2017 if (!s->is_cf)
2018 goto abort_cmd;
2019 switch (s->feature) {
2020 case 0x02: /* Inquiry Metadata Storage */
2021 ide_cfata_metadata_inquiry(s);
2022 break;
2023 case 0x03: /* Read Metadata Storage */
2024 ide_cfata_metadata_read(s);
2025 break;
2026 case 0x04: /* Write Metadata Storage */
2027 ide_cfata_metadata_write(s);
2028 break;
2029 default:
2030 goto abort_cmd;
2031 }
2032 ide_transfer_start(s, s->io_buffer, 0x200, ide_transfer_stop);
2033 s->status = 0x00; /* NOTE: READY is _not_ set */
2034 ide_set_irq(s);
2035 break;
2036 case IBM_SENSE_CONDITION:
2037 if (!s->is_cf)
2038 goto abort_cmd;
2039 switch (s->feature) {
2040 case 0x01: /* sense temperature in device */
2041 s->nsector = 0x50; /* +20 C */
2042 break;
2043 default:
2044 goto abort_cmd;
2045 }
2046 s->status = READY_STAT;
2047 ide_set_irq(s);
2048 break;
2049 default:
2050 abort_cmd:
2051 ide_abort_command(s);
2052 ide_set_irq(s);
2053 break;
2054 }
2055 }
2056 }
2057
2058 static uint32_t ide_ioport_read(void *opaque, uint32_t addr1)
2059 {
2060 IDEState *ide_if = opaque;
2061 IDEState *s = ide_if->cur_drive;
2062 uint32_t addr;
2063 int ret, hob;
2064
2065 addr = addr1 & 7;
2066 /* FIXME: HOB readback uses bit 7, but it's always set right now */
2067 //hob = s->select & (1 << 7);
2068 hob = 0;
2069 switch(addr) {
2070 case 0:
2071 ret = 0xff;
2072 break;
2073 case 1:
2074 if (!ide_if[0].bs && !ide_if[1].bs)
2075 ret = 0;
2076 else if (!hob)
2077 ret = s->error;
2078 else
2079 ret = s->hob_feature;
2080 break;
2081 case 2:
2082 if (!ide_if[0].bs && !ide_if[1].bs)
2083 ret = 0;
2084 else if (!hob)
2085 ret = s->nsector & 0xff;
2086 else
2087 ret = s->hob_nsector;
2088 break;
2089 case 3:
2090 if (!ide_if[0].bs && !ide_if[1].bs)
2091 ret = 0;
2092 else if (!hob)
2093 ret = s->sector;
2094 else
2095 ret = s->hob_sector;
2096 break;
2097 case 4:
2098 if (!ide_if[0].bs && !ide_if[1].bs)
2099 ret = 0;
2100 else if (!hob)
2101 ret = s->lcyl;
2102 else
2103 ret = s->hob_lcyl;
2104 break;
2105 case 5:
2106 if (!ide_if[0].bs && !ide_if[1].bs)
2107 ret = 0;
2108 else if (!hob)
2109 ret = s->hcyl;
2110 else
2111 ret = s->hob_hcyl;
2112 break;
2113 case 6:
2114 if (!ide_if[0].bs && !ide_if[1].bs)
2115 ret = 0;
2116 else
2117 ret = s->select;
2118 break;
2119 default:
2120 case 7:
2121 if ((!ide_if[0].bs && !ide_if[1].bs) ||
2122 (s != ide_if && !s->bs))
2123 ret = 0;
2124 else
2125 ret = s->status;
2126 qemu_irq_lower(s->irq);
2127 break;
2128 }
2129 #ifdef DEBUG_IDE
2130 printf("ide: read addr=0x%x val=%02x\n", addr1, ret);
2131 #endif
2132 return ret;
2133 }
2134
2135 static uint32_t ide_status_read(void *opaque, uint32_t addr)
2136 {
2137 IDEState *ide_if = opaque;
2138 IDEState *s = ide_if->cur_drive;
2139 int ret;
2140
2141 if ((!ide_if[0].bs && !ide_if[1].bs) ||
2142 (s != ide_if && !s->bs))
2143 ret = 0;
2144 else
2145 ret = s->status;
2146 #ifdef DEBUG_IDE
2147 printf("ide: read status addr=0x%x val=%02x\n", addr, ret);
2148 #endif
2149 return ret;
2150 }
2151
2152 static void ide_cmd_write(void *opaque, uint32_t addr, uint32_t val)
2153 {
2154 IDEState *ide_if = opaque;
2155 IDEState *s;
2156 int i;
2157
2158 #ifdef DEBUG_IDE
2159 printf("ide: write control addr=0x%x val=%02x\n", addr, val);
2160 #endif
2161 /* common for both drives */
2162 if (!(ide_if[0].cmd & IDE_CMD_RESET) &&
2163 (val & IDE_CMD_RESET)) {
2164 /* reset low to high */
2165 for(i = 0;i < 2; i++) {
2166 s = &ide_if[i];
2167 s->status = BUSY_STAT | SEEK_STAT;
2168 s->error = 0x01;
2169 }
2170 } else if ((ide_if[0].cmd & IDE_CMD_RESET) &&
2171 !(val & IDE_CMD_RESET)) {
2172 /* high to low */
2173 for(i = 0;i < 2; i++) {
2174 s = &ide_if[i];
2175 if (s->is_cdrom)
2176 s->status = 0x00; /* NOTE: READY is _not_ set */
2177 else
2178 s->status = READY_STAT | SEEK_STAT;
2179 ide_set_signature(s);
2180 }
2181 }
2182
2183 ide_if[0].cmd = val;
2184 ide_if[1].cmd = val;
2185 }
2186
2187 static void ide_data_writew(void *opaque, uint32_t addr, uint32_t val)
2188 {
2189 IDEState *s = ((IDEState *)opaque)->cur_drive;
2190 uint8_t *p;
2191
2192 p = s->data_ptr;
2193 *(uint16_t *)p = le16_to_cpu(val);
2194 p += 2;
2195 s->data_ptr = p;
2196 if (p >= s->data_end)
2197 s->end_transfer_func(s);
2198 }
2199
2200 static uint32_t ide_data_readw(void *opaque, uint32_t addr)
2201 {
2202 IDEState *s = ((IDEState *)opaque)->cur_drive;
2203 uint8_t *p;
2204 int ret;
2205 p = s->data_ptr;
2206 ret = cpu_to_le16(*(uint16_t *)p);
2207 p += 2;
2208 s->data_ptr = p;
2209 if (p >= s->data_end)
2210 s->end_transfer_func(s);
2211 return ret;
2212 }
2213
2214 static void ide_data_writel(void *opaque, uint32_t addr, uint32_t val)
2215 {
2216 IDEState *s = ((IDEState *)opaque)->cur_drive;
2217 uint8_t *p;
2218
2219 p = s->data_ptr;
2220 *(uint32_t *)p = le32_to_cpu(val);
2221 p += 4;
2222 s->data_ptr = p;
2223 if (p >= s->data_end)
2224 s->end_transfer_func(s);
2225 }
2226
2227 static uint32_t ide_data_readl(void *opaque, uint32_t addr)
2228 {
2229 IDEState *s = ((IDEState *)opaque)->cur_drive;
2230 uint8_t *p;
2231 int ret;
2232
2233 p = s->data_ptr;
2234 ret = cpu_to_le32(*(uint32_t *)p);
2235 p += 4;
2236 s->data_ptr = p;
2237 if (p >= s->data_end)
2238 s->end_transfer_func(s);
2239 return ret;
2240 }
2241
2242 static void ide_dummy_transfer_stop(IDEState *s)
2243 {
2244 s->data_ptr = s->io_buffer;
2245 s->data_end = s->io_buffer;
2246 s->io_buffer[0] = 0xff;
2247 s->io_buffer[1] = 0xff;
2248 s->io_buffer[2] = 0xff;
2249 s->io_buffer[3] = 0xff;
2250 }
2251
2252 static void ide_reset(IDEState *s)
2253 {
2254 if (s->is_cf)
2255 s->mult_sectors = 0;
2256 else
2257 s->mult_sectors = MAX_MULT_SECTORS;
2258 s->cur_drive = s;
2259 s->select = 0xa0;
2260 s->status = READY_STAT;
2261 ide_set_signature(s);
2262 /* init the transfer handler so that 0xffff is returned on data
2263 accesses */
2264 s->end_transfer_func = ide_dummy_transfer_stop;
2265 ide_dummy_transfer_stop(s);
2266 s->media_changed = 0;
2267 }
2268
2269 struct partition {
2270 uint8_t boot_ind; /* 0x80 - active */
2271 uint8_t head; /* starting head */
2272 uint8_t sector; /* starting sector */
2273 uint8_t cyl; /* starting cylinder */
2274 uint8_t sys_ind; /* What partition type */
2275 uint8_t end_head; /* end head */
2276 uint8_t end_sector; /* end sector */
2277 uint8_t end_cyl; /* end cylinder */
2278 uint32_t start_sect; /* starting sector counting from 0 */
2279 uint32_t nr_sects; /* nr of sectors in partition */
2280 } __attribute__((packed));
2281
2282 /* try to guess the disk logical geometry from the MSDOS partition table. Return 0 if OK, -1 if could not guess */
2283 static int guess_disk_lchs(IDEState *s,
2284 int *pcylinders, int *pheads, int *psectors)
2285 {
2286 uint8_t buf[512];
2287 int ret, i, heads, sectors, cylinders;
2288 struct partition *p;
2289 uint32_t nr_sects;
2290
2291 ret = bdrv_read(s->bs, 0, buf, 1);
2292 if (ret < 0)
2293 return -1;
2294 /* test msdos magic */
2295 if (buf[510] != 0x55 || buf[511] != 0xaa)
2296 return -1;
2297 for(i = 0; i < 4; i++) {
2298 p = ((struct partition *)(buf + 0x1be)) + i;
2299 nr_sects = le32_to_cpu(p->nr_sects);
2300 if (nr_sects && p->end_head) {
2301 /* We make the assumption that the partition terminates on
2302 a cylinder boundary */
2303 heads = p->end_head + 1;
2304 sectors = p->end_sector & 63;
2305 if (sectors == 0)
2306 continue;
2307 cylinders = s->nb_sectors / (heads * sectors);
2308 if (cylinders < 1 || cylinders > 16383)
2309 continue;
2310 *pheads = heads;
2311 *psectors = sectors;
2312 *pcylinders = cylinders;
2313 #if 0
2314 printf("guessed geometry: LCHS=%d %d %d\n",
2315 cylinders, heads, sectors);
2316 #endif
2317 return 0;
2318 }
2319 }
2320 return -1;
2321 }
2322
2323 static void ide_init2(IDEState *ide_state,
2324 BlockDriverState *hd0, BlockDriverState *hd1,
2325 qemu_irq irq)
2326 {
2327 IDEState *s;
2328 static int drive_serial = 1;
2329 int i, cylinders, heads, secs, translation, lba_detected = 0;
2330 int64_t nb_sectors;
2331
2332 for(i = 0; i < 2; i++) {
2333 s = ide_state + i;
2334 if (i == 0)
2335 s->bs = hd0;
2336 else
2337 s->bs = hd1;
2338 if (s->bs) {
2339 bdrv_get_geometry(s->bs, &nb_sectors);
2340 s->nb_sectors = nb_sectors;
2341 /* if a geometry hint is available, use it */
2342 bdrv_get_geometry_hint(s->bs, &cylinders, &heads, &secs);
2343 translation = bdrv_get_translation_hint(s->bs);
2344 if (cylinders != 0) {
2345 s->cylinders = cylinders;
2346 s->heads = heads;
2347 s->sectors = secs;
2348 } else {
2349 if (guess_disk_lchs(s, &cylinders, &heads, &secs) == 0) {
2350 if (heads > 16) {
2351 /* if heads > 16, it means that a BIOS LBA
2352 translation was active, so the default
2353 hardware geometry is OK */
2354 lba_detected = 1;
2355 goto default_geometry;
2356 } else {
2357 s->cylinders = cylinders;
2358 s->heads = heads;
2359 s->sectors = secs;
2360 /* disable any translation to be in sync with
2361 the logical geometry */
2362 if (translation == BIOS_ATA_TRANSLATION_AUTO) {
2363 bdrv_set_translation_hint(s->bs,
2364 BIOS_ATA_TRANSLATION_NONE);
2365 }
2366 }
2367 } else {
2368 default_geometry:
2369 /* if no geometry, use a standard physical disk geometry */
2370 cylinders = nb_sectors / (16 * 63);
2371 if (cylinders > 16383)
2372 cylinders = 16383;
2373 else if (cylinders < 2)
2374 cylinders = 2;
2375 s->cylinders = cylinders;
2376 s->heads = 16;
2377 s->sectors = 63;
2378 if ((lba_detected == 1) && (translation == BIOS_ATA_TRANSLATION_AUTO)) {
2379 if ((s->cylinders * s->heads) <= 131072) {
2380 bdrv_set_translation_hint(s->bs,
2381 BIOS_ATA_TRANSLATION_LARGE);
2382 } else {
2383 bdrv_set_translation_hint(s->bs,
2384 BIOS_ATA_TRANSLATION_LBA);
2385 }
2386 }
2387 }
2388 bdrv_set_geometry_hint(s->bs, s->cylinders, s->heads, s->sectors);
2389 }
2390 if (bdrv_get_type_hint(s->bs) == BDRV_TYPE_CDROM) {
2391 s->is_cdrom = 1;
2392 bdrv_set_change_cb(s->bs, cdrom_change_cb, s);
2393 }
2394 }
2395 s->drive_serial = drive_serial++;
2396 s->irq = irq;
2397 s->sector_write_timer = qemu_new_timer(vm_clock,
2398 ide_sector_write_timer_cb, s);
2399 ide_reset(s);
2400 }
2401 }
2402
2403 static void ide_init_ioport(IDEState *ide_state, int iobase, int iobase2)
2404 {
2405 register_ioport_write(iobase, 8, 1, ide_ioport_write, ide_state);
2406 register_ioport_read(iobase, 8, 1, ide_ioport_read, ide_state);
2407 if (iobase2) {
2408 register_ioport_read(iobase2, 1, 1, ide_status_read, ide_state);
2409 register_ioport_write(iobase2, 1, 1, ide_cmd_write, ide_state);
2410 }
2411
2412 /* data ports */
2413 register_ioport_write(iobase, 2, 2, ide_data_writew, ide_state);
2414 register_ioport_read(iobase, 2, 2, ide_data_readw, ide_state);
2415 register_ioport_write(iobase, 4, 4, ide_data_writel, ide_state);
2416 register_ioport_read(iobase, 4, 4, ide_data_readl, ide_state);
2417 }
2418
2419 /***********************************************************/
2420 /* ISA IDE definitions */
2421
2422 void isa_ide_init(int iobase, int iobase2, qemu_irq irq,
2423 BlockDriverState *hd0, BlockDriverState *hd1)
2424 {
2425 IDEState *ide_state;
2426
2427 ide_state = qemu_mallocz(sizeof(IDEState) * 2);
2428 if (!ide_state)
2429 return;
2430
2431 ide_init2(ide_state, hd0, hd1, irq);
2432 ide_init_ioport(ide_state, iobase, iobase2);
2433 }
2434
2435 /***********************************************************/
2436 /* PCI IDE definitions */
2437
2438 static void cmd646_update_irq(PCIIDEState *d);
2439
2440 static void ide_map(PCIDevice *pci_dev, int region_num,
2441 uint32_t addr, uint32_t size, int type)
2442 {
2443 PCIIDEState *d = (PCIIDEState *)pci_dev;
2444 IDEState *ide_state;
2445
2446 if (region_num <= 3) {
2447 ide_state = &d->ide_if[(region_num >> 1) * 2];
2448 if (region_num & 1) {
2449 register_ioport_read(addr + 2, 1, 1, ide_status_read, ide_state);
2450 register_ioport_write(addr + 2, 1, 1, ide_cmd_write, ide_state);
2451 } else {
2452 register_ioport_write(addr, 8, 1, ide_ioport_write, ide_state);
2453 register_ioport_read(addr, 8, 1, ide_ioport_read, ide_state);
2454
2455 /* data ports */
2456 register_ioport_write(addr, 2, 2, ide_data_writew, ide_state);
2457 register_ioport_read(addr, 2, 2, ide_data_readw, ide_state);
2458 register_ioport_write(addr, 4, 4, ide_data_writel, ide_state);
2459 register_ioport_read(addr, 4, 4, ide_data_readl, ide_state);
2460 }
2461 }
2462 }
2463
2464 static void ide_dma_start(IDEState *s, BlockDriverCompletionFunc *dma_cb)
2465 {
2466 BMDMAState *bm = s->bmdma;
2467 if(!bm)
2468 return;
2469 bm->ide_if = s;
2470 bm->dma_cb = dma_cb;
2471 bm->cur_prd_last = 0;
2472 bm->cur_prd_addr = 0;
2473 bm->cur_prd_len = 0;
2474 if (bm->status & BM_STATUS_DMAING) {
2475 bm->dma_cb(bm, 0);
2476 }
2477 }
2478
2479 static void bmdma_cmd_writeb(void *opaque, uint32_t addr, uint32_t val)
2480 {
2481 BMDMAState *bm = opaque;
2482 #ifdef DEBUG_IDE
2483 printf("%s: 0x%08x\n", __func__, val);
2484 #endif
2485 if (!(val & BM_CMD_START)) {
2486 /* XXX: do it better */
2487 if (bm->status & BM_STATUS_DMAING) {
2488 bm->status &= ~BM_STATUS_DMAING;
2489 /* cancel DMA request */
2490 bm->ide_if = NULL;
2491 bm->dma_cb = NULL;
2492 if (bm->aiocb) {
2493 #ifdef DEBUG_AIO
2494 printf("aio_cancel\n");
2495 #endif
2496 bdrv_aio_cancel(bm->aiocb);
2497 bm->aiocb = NULL;
2498 }
2499 }
2500 bm->cmd = val & 0x09;
2501 } else {
2502 if (!(bm->status & BM_STATUS_DMAING)) {
2503 bm->status |= BM_STATUS_DMAING;
2504 /* start dma transfer if possible */
2505 if (bm->dma_cb)
2506 bm->dma_cb(bm, 0);
2507 }
2508 bm->cmd = val & 0x09;
2509 }
2510 }
2511
2512 static uint32_t bmdma_readb(void *opaque, uint32_t addr)
2513 {
2514 BMDMAState *bm = opaque;
2515 PCIIDEState *pci_dev;
2516 uint32_t val;
2517
2518 switch(addr & 3) {
2519 case 0:
2520 val = bm->cmd;
2521 break;
2522 case 1:
2523 pci_dev = bm->pci_dev;
2524 if (pci_dev->type == IDE_TYPE_CMD646) {
2525 val = pci_dev->dev.config[MRDMODE];
2526 } else {
2527 val = 0xff;
2528 }
2529 break;
2530 case 2:
2531 val = bm->status;
2532 break;
2533 case 3:
2534 pci_dev = bm->pci_dev;
2535 if (pci_dev->type == IDE_TYPE_CMD646) {
2536 if (bm == &pci_dev->bmdma[0])
2537 val = pci_dev->dev.config[UDIDETCR0];
2538 else
2539 val = pci_dev->dev.config[UDIDETCR1];
2540 } else {
2541 val = 0xff;
2542 }
2543 break;
2544 default:
2545 val = 0xff;
2546 break;
2547 }
2548 #ifdef DEBUG_IDE
2549 printf("bmdma: readb 0x%02x : 0x%02x\n", addr, val);
2550 #endif
2551 return val;
2552 }
2553
2554 static void bmdma_writeb(void *opaque, uint32_t addr, uint32_t val)
2555 {
2556 BMDMAState *bm = opaque;
2557 PCIIDEState *pci_dev;
2558 #ifdef DEBUG_IDE
2559 printf("bmdma: writeb 0x%02x : 0x%02x\n", addr, val);
2560 #endif
2561 switch(addr & 3) {
2562 case 1:
2563 pci_dev = bm->pci_dev;
2564 if (pci_dev->type == IDE_TYPE_CMD646) {
2565 pci_dev->dev.config[MRDMODE] =
2566 (pci_dev->dev.config[MRDMODE] & ~0x30) | (val & 0x30);
2567 cmd646_update_irq(pci_dev);
2568 }
2569 break;
2570 case 2:
2571 bm->status = (val & 0x60) | (bm->status & 1) | (bm->status & ~val & 0x06);
2572 break;
2573 case 3:
2574 pci_dev = bm->pci_dev;
2575 if (pci_dev->type == IDE_TYPE_CMD646) {
2576 if (bm == &pci_dev->bmdma[0])
2577 pci_dev->dev.config[UDIDETCR0] = val;
2578 else
2579 pci_dev->dev.config[UDIDETCR1] = val;
2580 }
2581 break;
2582 }
2583 }
2584
2585 static uint32_t bmdma_addr_readl(void *opaque, uint32_t addr)
2586 {
2587 BMDMAState *bm = opaque;
2588 uint32_t val;
2589 val = bm->addr;
2590 #ifdef DEBUG_IDE
2591 printf("%s: 0x%08x\n", __func__, val);
2592 #endif
2593 return val;
2594 }
2595
2596 static void bmdma_addr_writel(void *opaque, uint32_t addr, uint32_t val)
2597 {
2598 BMDMAState *bm = opaque;
2599 #ifdef DEBUG_IDE
2600 printf("%s: 0x%08x\n", __func__, val);
2601 #endif
2602 bm->addr = val & ~3;
2603 bm->cur_addr = bm->addr;
2604 }
2605
2606 static void bmdma_map(PCIDevice *pci_dev, int region_num,
2607 uint32_t addr, uint32_t size, int type)
2608 {
2609 PCIIDEState *d = (PCIIDEState *)pci_dev;
2610 int i;
2611
2612 for(i = 0;i < 2; i++) {
2613 BMDMAState *bm = &d->bmdma[i];
2614 d->ide_if[2 * i].bmdma = bm;
2615 d->ide_if[2 * i + 1].bmdma = bm;
2616 bm->pci_dev = (PCIIDEState *)pci_dev;
2617
2618 register_ioport_write(addr, 1, 1, bmdma_cmd_writeb, bm);
2619
2620 register_ioport_write(addr + 1, 3, 1, bmdma_writeb, bm);
2621 register_ioport_read(addr, 4, 1, bmdma_readb, bm);
2622
2623 register_ioport_write(addr + 4, 4, 4, bmdma_addr_writel, bm);
2624 register_ioport_read(addr + 4, 4, 4, bmdma_addr_readl, bm);
2625 addr += 8;
2626 }
2627 }
2628
2629 /* XXX: call it also when the MRDMODE is changed from the PCI config
2630 registers */
2631 static void cmd646_update_irq(PCIIDEState *d)
2632 {
2633 int pci_level;
2634 pci_level = ((d->dev.config[MRDMODE] & MRDMODE_INTR_CH0) &&
2635 !(d->dev.config[MRDMODE] & MRDMODE_BLK_CH0)) ||
2636 ((d->dev.config[MRDMODE] & MRDMODE_INTR_CH1) &&
2637 !(d->dev.config[MRDMODE] & MRDMODE_BLK_CH1));
2638 qemu_set_irq(d->dev.irq[0], pci_level);
2639 }
2640
2641 /* the PCI irq level is the logical OR of the two channels */
2642 static void cmd646_set_irq(void *opaque, int channel, int level)
2643 {
2644 PCIIDEState *d = opaque;
2645 int irq_mask;
2646
2647 irq_mask = MRDMODE_INTR_CH0 << channel;
2648 if (level)
2649 d->dev.config[MRDMODE] |= irq_mask;
2650 else
2651 d->dev.config[MRDMODE] &= ~irq_mask;
2652 cmd646_update_irq(d);
2653 }
2654
2655 /* CMD646 PCI IDE controller */
2656 void pci_cmd646_ide_init(PCIBus *bus, BlockDriverState **hd_table,
2657 int secondary_ide_enabled)
2658 {
2659 PCIIDEState *d;
2660 uint8_t *pci_conf;
2661 int i;
2662 qemu_irq *irq;
2663
2664 d = (PCIIDEState *)pci_register_device(bus, "CMD646 IDE",
2665 sizeof(PCIIDEState),
2666 -1,
2667 NULL, NULL);
2668 d->type = IDE_TYPE_CMD646;
2669 pci_conf = d->dev.config;
2670 pci_conf[0x00] = 0x95; // CMD646
2671 pci_conf[0x01] = 0x10;
2672 pci_conf[0x02] = 0x46;
2673 pci_conf[0x03] = 0x06;
2674
2675 pci_conf[0x08] = 0x07; // IDE controller revision
2676 pci_conf[0x09] = 0x8f;
2677
2678 pci_conf[0x0a] = 0x01; // class_sub = PCI_IDE
2679 pci_conf[0x0b] = 0x01; // class_base = PCI_mass_storage
2680 pci_conf[0x0e] = 0x00; // header_type
2681
2682 if (secondary_ide_enabled) {
2683 /* XXX: if not enabled, really disable the seconday IDE controller */
2684 pci_conf[0x51] = 0x80; /* enable IDE1 */
2685 }
2686
2687 pci_register_io_region((PCIDevice *)d, 0, 0x8,
2688 PCI_ADDRESS_SPACE_IO, ide_map);
2689 pci_register_io_region((PCIDevice *)d, 1, 0x4,
2690 PCI_ADDRESS_SPACE_IO, ide_map);
2691 pci_register_io_region((PCIDevice *)d, 2, 0x8,
2692 PCI_ADDRESS_SPACE_IO, ide_map);
2693 pci_register_io_region((PCIDevice *)d, 3, 0x4,
2694 PCI_ADDRESS_SPACE_IO, ide_map);
2695 pci_register_io_region((PCIDevice *)d, 4, 0x10,
2696 PCI_ADDRESS_SPACE_IO, bmdma_map);
2697
2698 pci_conf[0x3d] = 0x01; // interrupt on pin 1
2699
2700 for(i = 0; i < 4; i++)
2701 d->ide_if[i].pci_dev = (PCIDevice *)d;
2702
2703 irq = qemu_allocate_irqs(cmd646_set_irq, d, 2);
2704 ide_init2(&d->ide_if[0], hd_table[0], hd_table[1], irq[0]);
2705 ide_init2(&d->ide_if[2], hd_table[2], hd_table[3], irq[1]);
2706 }
2707
2708 static void pci_ide_save(QEMUFile* f, void *opaque)
2709 {
2710 PCIIDEState *d = opaque;
2711 int i;
2712
2713 pci_device_save(&d->dev, f);
2714
2715 for(i = 0; i < 2; i++) {
2716 BMDMAState *bm = &d->bmdma[i];
2717 qemu_put_8s(f, &bm->cmd);
2718 qemu_put_8s(f, &bm->status);
2719 qemu_put_be32s(f, &bm->addr);
2720 /* XXX: if a transfer is pending, we do not save it yet */
2721 }
2722
2723 /* per IDE interface data */
2724 for(i = 0; i < 2; i++) {
2725 IDEState *s = &d->ide_if[i * 2];
2726 uint8_t drive1_selected;
2727 qemu_put_8s(f, &s->cmd);
2728 drive1_selected = (s->cur_drive != s);
2729 qemu_put_8s(f, &drive1_selected);
2730 }
2731
2732 /* per IDE drive data */
2733 for(i = 0; i < 4; i++) {
2734 IDEState *s = &d->ide_if[i];
2735 qemu_put_be32s(f, &s->mult_sectors);
2736 qemu_put_be32s(f, &s->identify_set);
2737 if (s->identify_set) {
2738 qemu_put_buffer(f, (const uint8_t *)s->identify_data, 512);
2739 }
2740 qemu_put_8s(f, &s->feature);
2741 qemu_put_8s(f, &s->error);
2742 qemu_put_be32s(f, &s->nsector);
2743 qemu_put_8s(f, &s->sector);
2744 qemu_put_8s(f, &s->lcyl);
2745 qemu_put_8s(f, &s->hcyl);
2746 qemu_put_8s(f, &s->hob_feature);
2747 qemu_put_8s(f, &s->hob_nsector);
2748 qemu_put_8s(f, &s->hob_sector);
2749 qemu_put_8s(f, &s->hob_lcyl);
2750 qemu_put_8s(f, &s->hob_hcyl);
2751 qemu_put_8s(f, &s->select);
2752 qemu_put_8s(f, &s->status);
2753 qemu_put_8s(f, &s->lba48);
2754
2755 qemu_put_8s(f, &s->sense_key);
2756 qemu_put_8s(f, &s->asc);
2757 /* XXX: if a transfer is pending, we do not save it yet */
2758 }
2759 }
2760
2761 static int pci_ide_load(QEMUFile* f, void *opaque, int version_id)
2762 {
2763 PCIIDEState *d = opaque;
2764 int ret, i;
2765
2766 if (version_id != 1)
2767 return -EINVAL;
2768 ret = pci_device_load(&d->dev, f);
2769 if (ret < 0)
2770 return ret;
2771
2772 for(i = 0; i < 2; i++) {
2773 BMDMAState *bm = &d->bmdma[i];
2774 qemu_get_8s(f, &bm->cmd);
2775 qemu_get_8s(f, &bm->status);
2776 qemu_get_be32s(f, &bm->addr);
2777 /* XXX: if a transfer is pending, we do not save it yet */
2778 }
2779
2780 /* per IDE interface data */
2781 for(i = 0; i < 2; i++) {
2782 IDEState *s = &d->ide_if[i * 2];
2783 uint8_t drive1_selected;
2784 qemu_get_8s(f, &s->cmd);
2785 qemu_get_8s(f, &drive1_selected);
2786 s->cur_drive = &d->ide_if[i * 2 + (drive1_selected != 0)];
2787 }
2788
2789 /* per IDE drive data */
2790 for(i = 0; i < 4; i++) {
2791 IDEState *s = &d->ide_if[i];
2792 qemu_get_be32s(f, &s->mult_sectors);
2793 qemu_get_be32s(f, &s->identify_set);
2794 if (s->identify_set) {
2795 qemu_get_buffer(f, (uint8_t *)s->identify_data, 512);
2796 }
2797 qemu_get_8s(f, &s->feature);
2798 qemu_get_8s(f, &s->error);
2799 qemu_get_be32s(f, &s->nsector);
2800 qemu_get_8s(f, &s->sector);
2801 qemu_get_8s(f, &s->lcyl);
2802 qemu_get_8s(f, &s->hcyl);
2803 qemu_get_8s(f, &s->hob_feature);
2804 qemu_get_8s(f, &s->hob_nsector);
2805 qemu_get_8s(f, &s->hob_sector);
2806 qemu_get_8s(f, &s->hob_lcyl);
2807 qemu_get_8s(f, &s->hob_hcyl);
2808 qemu_get_8s(f, &s->select);
2809 qemu_get_8s(f, &s->status);
2810 qemu_get_8s(f, &s->lba48);
2811
2812 qemu_get_8s(f, &s->sense_key);
2813 qemu_get_8s(f, &s->asc);
2814 /* XXX: if a transfer is pending, we do not save it yet */
2815 }
2816 return 0;
2817 }
2818
2819 static void piix3_reset(PCIIDEState *d)
2820 {
2821 uint8_t *pci_conf = d->dev.config;
2822
2823 pci_conf[0x04] = 0x00;
2824 pci_conf[0x05] = 0x00;
2825 pci_conf[0x06] = 0x80; /* FBC */
2826 pci_conf[0x07] = 0x02; // PCI_status_devsel_medium
2827 pci_conf[0x20] = 0x01; /* BMIBA: 20-23h */
2828 }
2829
2830 /* hd_table must contain 4 block drivers */
2831 /* NOTE: for the PIIX3, the IRQs and IOports are hardcoded */
2832 void pci_piix3_ide_init(PCIBus *bus, BlockDriverState **hd_table, int devfn,
2833 qemu_irq *pic)
2834 {
2835 PCIIDEState *d;
2836 uint8_t *pci_conf;
2837
2838 /* register a function 1 of PIIX3 */
2839 d = (PCIIDEState *)pci_register_device(bus, "PIIX3 IDE",
2840 sizeof(PCIIDEState),
2841 devfn,
2842 NULL, NULL);
2843 d->type = IDE_TYPE_PIIX3;
2844
2845 pci_conf = d->dev.config;
2846 pci_conf[0x00] = 0x86; // Intel
2847 pci_conf[0x01] = 0x80;
2848 pci_conf[0x02] = 0x10;
2849 pci_conf[0x03] = 0x70;
2850 pci_conf[0x09] = 0x80; // legacy ATA mode
2851 pci_conf[0x0a] = 0x01; // class_sub = PCI_IDE
2852 pci_conf[0x0b] = 0x01; // class_base = PCI_mass_storage
2853 pci_conf[0x0e] = 0x00; // header_type
2854
2855 piix3_reset(d);
2856
2857 pci_register_io_region((PCIDevice *)d, 4, 0x10,
2858 PCI_ADDRESS_SPACE_IO, bmdma_map);
2859
2860 ide_init2(&d->ide_if[0], hd_table[0], hd_table[1], pic[14]);
2861 ide_init2(&d->ide_if[2], hd_table[2], hd_table[3], pic[15]);
2862 ide_init_ioport(&d->ide_if[0], 0x1f0, 0x3f6);
2863 ide_init_ioport(&d->ide_if[2], 0x170, 0x376);
2864
2865 register_savevm("ide", 0, 1, pci_ide_save, pci_ide_load, d);
2866 }
2867
2868 /***********************************************************/
2869 /* MacIO based PowerPC IDE */
2870
2871 /* PowerMac IDE memory IO */
2872 static void pmac_ide_writeb (void *opaque,
2873 target_phys_addr_t addr, uint32_t val)
2874 {
2875 addr = (addr & 0xFFF) >> 4;
2876 switch (addr) {
2877 case 1 ... 7:
2878 ide_ioport_write(opaque, addr, val);
2879 break;
2880 case 8:
2881 case 22:
2882 ide_cmd_write(opaque, 0, val);
2883 break;
2884 default:
2885 break;
2886 }
2887 }
2888
2889 static uint32_t pmac_ide_readb (void *opaque,target_phys_addr_t addr)
2890 {
2891 uint8_t retval;
2892
2893 addr = (addr & 0xFFF) >> 4;
2894 switch (addr) {
2895 case 1 ... 7:
2896 retval = ide_ioport_read(opaque, addr);
2897 break;
2898 case 8:
2899 case 22:
2900 retval = ide_status_read(opaque, 0);
2901 break;
2902 default:
2903 retval = 0xFF;
2904 break;
2905 }
2906 return retval;
2907 }
2908
2909 static void pmac_ide_writew (void *opaque,
2910 target_phys_addr_t addr, uint32_t val)
2911 {
2912 addr = (addr & 0xFFF) >> 4;
2913 #ifdef TARGET_WORDS_BIGENDIAN
2914 val = bswap16(val);
2915 #endif
2916 if (addr == 0) {
2917 ide_data_writew(opaque, 0, val);
2918 }
2919 }
2920
2921 static uint32_t pmac_ide_readw (void *opaque,target_phys_addr_t addr)
2922 {
2923 uint16_t retval;
2924
2925 addr = (addr & 0xFFF) >> 4;
2926 if (addr == 0) {
2927 retval = ide_data_readw(opaque, 0);
2928 } else {
2929 retval = 0xFFFF;
2930 }
2931 #ifdef TARGET_WORDS_BIGENDIAN
2932 retval = bswap16(retval);
2933 #endif
2934 return retval;
2935 }
2936
2937 static void pmac_ide_writel (void *opaque,
2938 target_phys_addr_t addr, uint32_t val)
2939 {
2940 addr = (addr & 0xFFF) >> 4;
2941 #ifdef TARGET_WORDS_BIGENDIAN
2942 val = bswap32(val);
2943 #endif
2944 if (addr == 0) {
2945 ide_data_writel(opaque, 0, val);
2946 }
2947 }
2948
2949 static uint32_t pmac_ide_readl (void *opaque,target_phys_addr_t addr)
2950 {
2951 uint32_t retval;
2952
2953 addr = (addr & 0xFFF) >> 4;
2954 if (addr == 0) {
2955 retval = ide_data_readl(opaque, 0);
2956 } else {
2957 retval = 0xFFFFFFFF;
2958 }
2959 #ifdef TARGET_WORDS_BIGENDIAN
2960 retval = bswap32(retval);
2961 #endif
2962 return retval;
2963 }
2964
2965 static CPUWriteMemoryFunc *pmac_ide_write[] = {
2966 pmac_ide_writeb,
2967 pmac_ide_writew,
2968 pmac_ide_writel,
2969 };
2970
2971 static CPUReadMemoryFunc *pmac_ide_read[] = {
2972 pmac_ide_readb,
2973 pmac_ide_readw,
2974 pmac_ide_readl,
2975 };
2976
2977 /* hd_table must contain 4 block drivers */
2978 /* PowerMac uses memory mapped registers, not I/O. Return the memory
2979 I/O index to access the ide. */
2980 int pmac_ide_init (BlockDriverState **hd_table, qemu_irq irq)
2981 {
2982 IDEState *ide_if;
2983 int pmac_ide_memory;
2984
2985 ide_if = qemu_mallocz(sizeof(IDEState) * 2);
2986 ide_init2(&ide_if[0], hd_table[0], hd_table[1], irq);
2987
2988 pmac_ide_memory = cpu_register_io_memory(0, pmac_ide_read,
2989 pmac_ide_write, &ide_if[0]);
2990 return pmac_ide_memory;
2991 }
2992
2993 /***********************************************************/
2994 /* CF-ATA Microdrive */
2995
2996 #define METADATA_SIZE 0x20
2997
2998 /* DSCM-1XXXX Microdrive hard disk with CF+ II / PCMCIA interface. */
2999 struct md_s {
3000 IDEState ide[2];
3001 struct pcmcia_card_s card;
3002 uint32_t attr_base;
3003 uint32_t io_base;
3004
3005 /* Card state */
3006 uint8_t opt;
3007 uint8_t stat;
3008 uint8_t pins;
3009
3010 uint8_t ctrl;
3011 uint16_t io;
3012 int cycle;
3013 };
3014
3015 /* Register bitfields */
3016 enum md_opt {
3017 OPT_MODE_MMAP = 0,
3018 OPT_MODE_IOMAP16 = 1,
3019 OPT_MODE_IOMAP1 = 2,
3020 OPT_MODE_IOMAP2 = 3,
3021 OPT_MODE = 0x3f,
3022 OPT_LEVIREQ = 0x40,
3023 OPT_SRESET = 0x80,
3024 };
3025 enum md_cstat {
3026 STAT_INT = 0x02,
3027 STAT_PWRDWN = 0x04,
3028 STAT_XE = 0x10,
3029 STAT_IOIS8 = 0x20,
3030 STAT_SIGCHG = 0x40,
3031 STAT_CHANGED = 0x80,
3032 };
3033 enum md_pins {
3034 PINS_MRDY = 0x02,
3035 PINS_CRDY = 0x20,
3036 };
3037 enum md_ctrl {
3038 CTRL_IEN = 0x02,
3039 CTRL_SRST = 0x04,
3040 };
3041
3042 static inline void md_interrupt_update(struct md_s *s)
3043 {
3044 if (!s->card.slot)
3045 return;
3046
3047 qemu_set_irq(s->card.slot->irq,
3048 !(s->stat & STAT_INT) && /* Inverted */
3049 !(s->ctrl & (CTRL_IEN | CTRL_SRST)) &&
3050 !(s->opt & OPT_SRESET));
3051 }
3052
3053 static void md_set_irq(void *opaque, int irq, int level)
3054 {
3055 struct md_s *s = (struct md_s *) opaque;
3056 if (level)
3057 s->stat |= STAT_INT;
3058 else
3059 s->stat &= ~STAT_INT;
3060
3061 md_interrupt_update(s);
3062 }
3063
3064 static void md_reset(struct md_s *s)
3065 {
3066 s->opt = OPT_MODE_MMAP;
3067 s->stat = 0;
3068 s->pins = 0;
3069 s->cycle = 0;
3070 s->ctrl = 0;
3071 ide_reset(s->ide);
3072 }
3073
3074 static uint8_t md_attr_read(void *opaque, uint16_t at)
3075 {
3076 struct md_s *s = (struct md_s *) opaque;
3077 if (at < s->attr_base) {
3078 if (at < s->card.cis_len)
3079 return s->card.cis[at];
3080 else
3081 return 0x00;
3082 }
3083
3084 at -= s->attr_base;
3085
3086 switch (at) {
3087 case 0x00: /* Configuration Option Register */
3088 return s->opt;
3089 case 0x02: /* Card Configuration Status Register */
3090 if (s->ctrl & CTRL_IEN)
3091 return s->stat & ~STAT_INT;
3092 else
3093 return s->stat;
3094 case 0x04: /* Pin Replacement Register */
3095 return (s->pins & PINS_CRDY) | 0x0c;
3096 case 0x06: /* Socket and Copy Register */
3097 return 0x00;
3098 #ifdef VERBOSE
3099 default:
3100 printf("%s: Bad attribute space register %02x\n", __FUNCTION__, at);
3101 #endif
3102 }
3103
3104 return 0;
3105 }
3106
3107 static void md_attr_write(void *opaque, uint16_t at, uint8_t value)
3108 {
3109 struct md_s *s = (struct md_s *) opaque;
3110 at -= s->attr_base;
3111
3112 switch (at) {
3113 case 0x00: /* Configuration Option Register */
3114 s->opt = value & 0xcf;
3115 if (value & OPT_SRESET)
3116 md_reset(s);
3117 md_interrupt_update(s);
3118 break;
3119 case 0x02: /* Card Configuration Status Register */
3120 if ((s->stat ^ value) & STAT_PWRDWN)
3121 s->pins |= PINS_CRDY;
3122 s->stat &= 0x82;
3123 s->stat |= value & 0x74;
3124 md_interrupt_update(s);
3125 /* Word 170 in Identify Device must be equal to STAT_XE */
3126 break;
3127 case 0x04: /* Pin Replacement Register */
3128 s->pins &= PINS_CRDY;
3129 s->pins |= value & PINS_MRDY;
3130 break;
3131 case 0x06: /* Socket and Copy Register */
3132 break;
3133 default:
3134 printf("%s: Bad attribute space register %02x\n", __FUNCTION__, at);
3135 }
3136 }
3137
3138 static uint16_t md_common_read(void *opaque, uint16_t at)
3139 {
3140 struct md_s *s = (struct md_s *) opaque;
3141 uint16_t ret;
3142 at -= s->io_base;
3143
3144 switch (s->opt & OPT_MODE) {
3145 case OPT_MODE_MMAP:
3146 if ((at & ~0x3ff) == 0x400)
3147 at = 0;
3148 break;
3149 case OPT_MODE_IOMAP16:
3150 at &= 0xf;
3151 break;
3152 case OPT_MODE_IOMAP1:
3153 if ((at & ~0xf) == 0x3f0)
3154 at -= 0x3e8;
3155 else if ((at & ~0xf) == 0x1f0)
3156 at -= 0x1f0;
3157 break;
3158 case OPT_MODE_IOMAP2:
3159 if ((at & ~0xf) == 0x370)
3160 at -= 0x368;
3161 else if ((at & ~0xf) == 0x170)
3162 at -= 0x170;
3163 }
3164
3165 switch (at) {
3166 case 0x0: /* Even RD Data */
3167 case 0x8:
3168 return ide_data_readw(s->ide, 0);
3169
3170 /* TODO: 8-bit accesses */
3171 if (s->cycle)
3172 ret = s->io >> 8;
3173 else {
3174 s->io = ide_data_readw(s->ide, 0);
3175 ret = s->io & 0xff;
3176 }
3177 s->cycle = !s->cycle;
3178 return ret;
3179 case 0x9: /* Odd RD Data */
3180 return s->io >> 8;
3181 case 0xd: /* Error */
3182 return ide_ioport_read(s->ide, 0x1);
3183 case 0xe: /* Alternate Status */
3184 if (s->ide->cur_drive->bs)
3185 return s->ide->cur_drive->status;
3186 else
3187 return 0;
3188 case 0xf: /* Device Address */
3189 return 0xc2 | ((~s->ide->select << 2) & 0x3c);
3190 default:
3191 return ide_ioport_read(s->ide, at);
3192 }
3193
3194 return 0;
3195 }
3196
3197 static void md_common_write(void *opaque, uint16_t at, uint16_t value)
3198 {
3199 struct md_s *s = (struct md_s *) opaque;
3200 at -= s->io_base;
3201
3202 switch (s->opt & OPT_MODE) {
3203 case OPT_MODE_MMAP:
3204 if ((at & ~0x3ff) == 0x400)
3205 at = 0;
3206 break;
3207 case OPT_MODE_IOMAP16:
3208 at &= 0xf;
3209 break;
3210 case OPT_MODE_IOMAP1:
3211 if ((at & ~0xf) == 0x3f0)
3212 at -= 0x3e8;
3213 else if ((at & ~0xf) == 0x1f0)
3214 at -= 0x1f0;
3215 break;
3216 case OPT_MODE_IOMAP2:
3217 if ((at & ~0xf) == 0x370)
3218 at -= 0x368;
3219 else if ((at & ~0xf) == 0x170)
3220 at -= 0x170;
3221 }
3222
3223 switch (at) {
3224 case 0x0: /* Even WR Data */
3225 case 0x8:
3226 ide_data_writew(s->ide, 0, value);
3227 break;
3228
3229 /* TODO: 8-bit accesses */
3230 if (s->cycle)
3231 ide_data_writew(s->ide, 0, s->io | (value << 8));
3232 else
3233 s->io = value & 0xff;
3234 s->cycle = !s->cycle;
3235 break;
3236 case 0x9:
3237 s->io = value & 0xff;
3238 s->cycle = !s->cycle;
3239 break;
3240 case 0xd: /* Features */
3241 ide_ioport_write(s->ide, 0x1, value);
3242 break;
3243 case 0xe: /* Device Control */
3244 s->ctrl = value;
3245 if (value & CTRL_SRST)
3246 md_reset(s);
3247 md_interrupt_update(s);
3248 break;
3249 default:
3250 if (s->stat & STAT_PWRDWN) {
3251 s->pins |= PINS_CRDY;
3252 s->stat &= ~STAT_PWRDWN;
3253 }
3254 ide_ioport_write(s->ide, at, value);
3255 }
3256 }
3257
3258 static const uint8_t dscm1xxxx_cis[0x14a] = {
3259 [0x000] = CISTPL_DEVICE, /* 5V Device Information */
3260 [0x002] = 0x03, /* Tuple length = 4 bytes */
3261 [0x004] = 0xdb, /* ID: DTYPE_FUNCSPEC, non WP, DSPEED_150NS */
3262 [0x006] = 0x01, /* Size = 2K bytes */
3263 [0x008] = CISTPL_ENDMARK,
3264
3265 [0x00a] = CISTPL_DEVICE_OC, /* Additional Device Information */
3266 [0x00c] = 0x04, /* Tuple length = 4 byest */
3267 [0x00e] = 0x03, /* Conditions: Ext = 0, Vcc 3.3V, MWAIT = 1 */
3268 [0x010] = 0xdb, /* ID: DTYPE_FUNCSPEC, non WP, DSPEED_150NS */
3269 [0x012] = 0x01, /* Size = 2K bytes */
3270 [0x014] = CISTPL_ENDMARK,
3271
3272 [0x016] = CISTPL_JEDEC_C, /* JEDEC ID */
3273 [0x018] = 0x02, /* Tuple length = 2 bytes */
3274 [0x01a] = 0xdf, /* PC Card ATA with no Vpp required */
3275 [0x01c] = 0x01,
3276
3277 [0x01e] = CISTPL_MANFID, /* Manufacture ID */
3278 [0x020] = 0x04, /* Tuple length = 4 bytes */
3279 [0x022] = 0xa4, /* TPLMID_MANF = 00a4 (IBM) */
3280 [0x024] = 0x00,
3281 [0x026] = 0x00, /* PLMID_CARD = 0000 */
3282 [0x028] = 0x00,
3283
3284 [0x02a] = CISTPL_VERS_1, /* Level 1 Version */
3285 [0x02c] = 0x12, /* Tuple length = 23 bytes */
3286 [0x02e] = 0x04, /* Major Version = JEIDA 4.2 / PCMCIA 2.1 */
3287 [0x030] = 0x01, /* Minor Version = 1 */
3288 [0x032] = 'I',
3289 [0x034] = 'B',
3290 [0x036] = 'M',
3291 [0x038] = 0x00,
3292 [0x03a] = 'm',
3293 [0x03c] = 'i',
3294 [0x03e] = 'c',
3295 [0x040] = 'r',
3296 [0x042] = 'o',
3297 [0x044] = 'd',
3298 [0x046] = 'r',
3299 [0x048] = 'i',
3300 [0x04a] = 'v',
3301 [0x04c] = 'e',
3302 [0x04e] = 0x00,
3303 [0x050] = CISTPL_ENDMARK,
3304
3305 [0x052] = CISTPL_FUNCID, /* Function ID */
3306 [0x054] = 0x02, /* Tuple length = 2 bytes */
3307 [0x056] = 0x04, /* TPLFID_FUNCTION = Fixed Disk */
3308 [0x058] = 0x01, /* TPLFID_SYSINIT: POST = 1, ROM = 0 */
3309
3310 [0x05a] = CISTPL_FUNCE, /* Function Extension */
3311 [0x05c] = 0x02, /* Tuple length = 2 bytes */
3312 [0x05e] = 0x01, /* TPLFE_TYPE = Disk Device Interface */
3313 [0x060] = 0x01, /* TPLFE_DATA = PC Card ATA Interface */
3314
3315 [0x062] = CISTPL_FUNCE, /* Function Extension */
3316 [0x064] = 0x03, /* Tuple length = 3 bytes */
3317 [0x066] = 0x02, /* TPLFE_TYPE = Basic PC Card ATA Interface */
3318 [0x068] = 0x08, /* TPLFE_DATA: Rotating, Unique, Single */
3319 [0x06a] = 0x0f, /* TPLFE_DATA: Sleep, Standby, Idle, Auto */
3320
3321 [0x06c] = CISTPL_CONFIG, /* Configuration */
3322 [0x06e] = 0x05, /* Tuple length = 5 bytes */
3323 [0x070] = 0x01, /* TPCC_RASZ = 2 bytes, TPCC_RMSZ = 1 byte */
3324 [0x072] = 0x07, /* TPCC_LAST = 7 */
3325 [0x074] = 0x00, /* TPCC_RADR = 0200 */
3326 [0x076] = 0x02,
3327 [0x078] = 0x0f, /* TPCC_RMSK = 200, 202, 204, 206 */
3328
3329 [0x07a] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
3330 [0x07c] = 0x0b, /* Tuple length = 11 bytes */
3331 [0x07e] = 0xc0, /* TPCE_INDX = Memory Mode, Default, Iface */
3332 [0x080] = 0xc0, /* TPCE_IF = Memory, no BVDs, no WP, READY */
3333 [0x082] = 0xa1, /* TPCE_FS = Vcc only, no I/O, Memory, Misc */
3334 [0x084] = 0x27, /* NomV = 1, MinV = 1, MaxV = 1, Peakl = 1 */
3335 [0x086] = 0x55, /* NomV: 5.0 V */
3336 [0x088] = 0x4d, /* MinV: 4.5 V */
3337 [0x08a] = 0x5d, /* MaxV: 5.5 V */
3338 [0x08c] = 0x4e, /* Peakl: 450 mA */
3339 [0x08e] = 0x08, /* TPCE_MS = 1 window, 1 byte, Host address */
3340 [0x090] = 0x00, /* Window descriptor: Window length = 0 */
3341 [0x092] = 0x20, /* TPCE_MI: support power down mode, RW */
3342
3343 [0x094] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
3344 [0x096] = 0x06, /* Tuple length = 6 bytes */
3345 [0x098] = 0x00, /* TPCE_INDX = Memory Mode, no Default */
3346 [0x09a] = 0x01, /* TPCE_FS = Vcc only, no I/O, no Memory */
3347 [0x09c] = 0x21, /* NomV = 1, MinV = 0, MaxV = 0, Peakl = 1 */
3348 [0x09e] = 0xb5, /* NomV: 3.3 V */
3349 [0x0a0] = 0x1e,
3350 [0x0a2] = 0x3e, /* Peakl: 350 mA */
3351
3352 [0x0a4] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
3353 [0x0a6] = 0x0d, /* Tuple length = 13 bytes */
3354 [0x0a8] = 0xc1, /* TPCE_INDX = I/O and Memory Mode, Default */
3355 [0x0aa] = 0x41, /* TPCE_IF = I/O and Memory, no BVD, no WP */
3356 [0x0ac] = 0x99, /* TPCE_FS = Vcc only, I/O, Interrupt, Misc */
3357 [0x0ae] = 0x27, /* NomV = 1, MinV = 1, MaxV = 1, Peakl = 1 */
3358 [0x0b0] = 0x55, /* NomV: 5.0 V */
3359 [0x0b2] = 0x4d, /* MinV: 4.5 V */
3360 [0x0b4] = 0x5d, /* MaxV: 5.5 V */
3361 [0x0b6] = 0x4e, /* Peakl: 450 mA */
3362 [0x0b8] = 0x64, /* TPCE_IO = 16-byte boundary, 16/8 accesses */
3363 [0x0ba] = 0xf0, /* TPCE_IR = MASK, Level, Pulse, Share */
3364 [0x0bc] = 0xff, /* IRQ0..IRQ7 supported */
3365 [0x0be] = 0xff, /* IRQ8..IRQ15 supported */
3366 [0x0c0] = 0x20, /* TPCE_MI = support power down mode */
3367
3368 [0x0c2] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
3369 [0x0c4] = 0x06, /* Tuple length = 6 bytes */
3370 [0x0c6] = 0x01, /* TPCE_INDX = I/O and Memory Mode */
3371 [0x0c8] = 0x01, /* TPCE_FS = Vcc only, no I/O, no Memory */
3372 [0x0ca] = 0x21, /* NomV = 1, MinV = 0, MaxV = 0, Peakl = 1 */
3373 [0x0cc] = 0xb5, /* NomV: 3.3 V */
3374 [0x0ce] = 0x1e,
3375 [0x0d0] = 0x3e, /* Peakl: 350 mA */
3376
3377 [0x0d2] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
3378 [0x0d4] = 0x12, /* Tuple length = 18 bytes */
3379 [0x0d6] = 0xc2, /* TPCE_INDX = I/O Primary Mode */
3380 [0x0d8] = 0x41, /* TPCE_IF = I/O and Memory, no BVD, no WP */
3381 [0x0da] = 0x99, /* TPCE_FS = Vcc only, I/O, Interrupt, Misc */
3382 [0x0dc] = 0x27, /* NomV = 1, MinV = 1, MaxV = 1, Peakl = 1 */
3383 [0x0de] = 0x55, /* NomV: 5.0 V */
3384 [0x0e0] = 0x4d, /* MinV: 4.5 V */
3385 [0x0e2] = 0x5d, /* MaxV: 5.5 V */
3386 [0x0e4] = 0x4e, /* Peakl: 450 mA */
3387 [0x0e6] = 0xea, /* TPCE_IO = 1K boundary, 16/8 access, Range */
3388 [0x0e8] = 0x61, /* Range: 2 fields, 2 bytes addr, 1 byte len */
3389 [0x0ea] = 0xf0, /* Field 1 address = 0x01f0 */
3390 [0x0ec] = 0x01,
3391 [0x0ee] = 0x07, /* Address block length = 8 */
3392 [0x0f0] = 0xf6, /* Field 2 address = 0x03f6 */
3393 [0x0f2] = 0x03,
3394 [0x0f4] = 0x01, /* Address block length = 2 */
3395 [0x0f6] = 0xee, /* TPCE_IR = IRQ E, Level, Pulse, Share */
3396 [0x0f8] = 0x20, /* TPCE_MI = support power down mode */
3397
3398 [0x0fa] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
3399 [0x0fc] = 0x06, /* Tuple length = 6 bytes */
3400 [0x0fe] = 0x02, /* TPCE_INDX = I/O Primary Mode, no Default */
3401 [0x100] = 0x01, /* TPCE_FS = Vcc only, no I/O, no Memory */
3402 [0x102] = 0x21, /* NomV = 1, MinV = 0, MaxV = 0, Peakl = 1 */
3403 [0x104] = 0xb5, /* NomV: 3.3 V */
3404 [0x106] = 0x1e,
3405 [0x108] = 0x3e, /* Peakl: 350 mA */
3406
3407 [0x10a] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
3408 [0x10c] = 0x12, /* Tuple length = 18 bytes */
3409 [0x10e] = 0xc3, /* TPCE_INDX = I/O Secondary Mode, Default */
3410 [0x110] = 0x41, /* TPCE_IF = I/O and Memory, no BVD, no WP */
3411 [0x112] = 0x99, /* TPCE_FS = Vcc only, I/O, Interrupt, Misc */
3412 [0x114] = 0x27, /* NomV = 1, MinV = 1, MaxV = 1, Peakl = 1 */
3413 [0x116] = 0x55, /* NomV: 5.0 V */
3414 [0x118] = 0x4d, /* MinV: 4.5 V */
3415 [0x11a] = 0x5d, /* MaxV: 5.5 V */
3416 [0x11c] = 0x4e, /* Peakl: 450 mA */
3417 [0x11e] = 0xea, /* TPCE_IO = 1K boundary, 16/8 access, Range */
3418 [0x120] = 0x61, /* Range: 2 fields, 2 byte addr, 1 byte len */
3419 [0x122] = 0x70, /* Field 1 address = 0x0170 */
3420 [0x124] = 0x01,
3421 [0x126] = 0x07, /* Address block length = 8 */
3422 [0x128] = 0x76, /* Field 2 address = 0x0376 */
3423 [0x12a] = 0x03,
3424 [0x12c] = 0x01, /* Address block length = 2 */
3425 [0x12e] = 0xee, /* TPCE_IR = IRQ E, Level, Pulse, Share */
3426 [0x130] = 0x20, /* TPCE_MI = support power down mode */
3427
3428 [0x132] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
3429 [0x134] = 0x06, /* Tuple length = 6 bytes */
3430 [0x136] = 0x03, /* TPCE_INDX = I/O Secondary Mode */
3431 [0x138] = 0x01, /* TPCE_FS = Vcc only, no I/O, no Memory */
3432 [0x13a] = 0x21, /* NomV = 1, MinV = 0, MaxV = 0, Peakl = 1 */
3433 [0x13c] = 0xb5, /* NomV: 3.3 V */
3434 [0x13e] = 0x1e,
3435 [0x140] = 0x3e, /* Peakl: 350 mA */
3436
3437 [0x142] = CISTPL_NO_LINK, /* No Link */
3438 [0x144] = 0x00, /* Tuple length = 0 bytes */
3439
3440 [0x146] = CISTPL_END, /* Tuple End */
3441 };
3442
3443 static int dscm1xxxx_attach(void *opaque)
3444 {
3445 struct md_s *md = (struct md_s *) opaque;
3446 md->card.attr_read = md_attr_read;
3447 md->card.attr_write = md_attr_write;
3448 md->card.common_read = md_common_read;
3449 md->card.common_write = md_common_write;
3450 md->card.io_read = md_common_read;
3451 md->card.io_write = md_common_write;
3452
3453 md->attr_base = md->card.cis[0x74] | (md->card.cis[0x76] << 8);
3454 md->io_base = 0x0;
3455
3456 md_reset(md);
3457 md_interrupt_update(md);
3458
3459 md->card.slot->card_string = "DSCM-1xxxx Hitachi Microdrive";
3460 return 0;
3461 }
3462
3463 static int dscm1xxxx_detach(void *opaque)
3464 {
3465 struct md_s *md = (struct md_s *) opaque;
3466 md_reset(md);
3467 return 0;
3468 }
3469
3470 struct pcmcia_card_s *dscm1xxxx_init(BlockDriverState *bdrv)
3471 {
3472 struct md_s *md = (struct md_s *) qemu_mallocz(sizeof(struct md_s));
3473 md->card.state = md;
3474 md->card.attach = dscm1xxxx_attach;
3475 md->card.detach = dscm1xxxx_detach;
3476 md->card.cis = dscm1xxxx_cis;
3477 md->card.cis_len = sizeof(dscm1xxxx_cis);
3478
3479 ide_init2(md->ide, bdrv, 0, qemu_allocate_irqs(md_set_irq, md, 1)[0]);
3480 md->ide->is_cf = 1;
3481 md->ide->mdata_size = METADATA_SIZE;
3482 md->ide->mdata_storage = (uint8_t *) qemu_mallocz(METADATA_SIZE);
3483 return &md->card;
3484 }
Random branches for QEmu