search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
hw/ide: Rename idebus_active_if() -> ide_bus_active_if()
[qemu/kevin.git] / hw / ide / core.c
blob2d034731cf37bb0f22813ab4c9490ecb36a0550d
1 /*
2 * QEMU IDE disk and CD/DVD-ROM Emulator
3 *
4 * Copyright (c) 2003 Fabrice Bellard
5 * Copyright (c) 2006 Openedhand Ltd.
6 *
7 * Permission is hereby granted, free of charge, to any person obtaining a copy
8 * of this software and associated documentation files (the "Software"), to deal
9 * in the Software without restriction, including without limitation the rights
10 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
11 * copies of the Software, and to permit persons to whom the Software is
12 * furnished to do so, subject to the following conditions:
13 *
14 * The above copyright notice and this permission notice shall be included in
15 * all copies or substantial portions of the Software.
16 *
17 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
18 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
19 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
20 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
21 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
22 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
23 * THE SOFTWARE.
24 */
25
26 #include "qemu/osdep.h"
27 #include "hw/irq.h"
28 #include "hw/isa/isa.h"
29 #include "migration/vmstate.h"
30 #include "qemu/error-report.h"
31 #include "qemu/main-loop.h"
32 #include "qemu/timer.h"
33 #include "qemu/hw-version.h"
34 #include "qemu/memalign.h"
35 #include "sysemu/sysemu.h"
36 #include "sysemu/blockdev.h"
37 #include "sysemu/dma.h"
38 #include "hw/block/block.h"
39 #include "sysemu/block-backend.h"
40 #include "qapi/error.h"
41 #include "qemu/cutils.h"
42 #include "sysemu/replay.h"
43 #include "sysemu/runstate.h"
44 #include "hw/ide/internal.h"
45 #include "trace.h"
46
47 /* These values were based on a Seagate ST3500418AS but have been modified
48 to make more sense in QEMU */
49 static const int smart_attributes[][12] = {
50 /* id, flags, hflags, val, wrst, raw (6 bytes), threshold */
51 /* raw read error rate*/
52 { 0x01, 0x03, 0x00, 0x64, 0x64, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x06},
53 /* spin up */
54 { 0x03, 0x03, 0x00, 0x64, 0x64, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
55 /* start stop count */
56 { 0x04, 0x02, 0x00, 0x64, 0x64, 0x64, 0x00, 0x00, 0x00, 0x00, 0x00, 0x14},
57 /* remapped sectors */
58 { 0x05, 0x03, 0x00, 0x64, 0x64, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x24},
59 /* power on hours */
60 { 0x09, 0x03, 0x00, 0x64, 0x64, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
61 /* power cycle count */
62 { 0x0c, 0x03, 0x00, 0x64, 0x64, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
63 /* airflow-temperature-celsius */
64 { 190, 0x03, 0x00, 0x45, 0x45, 0x1f, 0x00, 0x1f, 0x1f, 0x00, 0x00, 0x32},
65 };
66
67 const char *IDE_DMA_CMD_lookup[IDE_DMA__COUNT] = {
68 [IDE_DMA_READ] = "DMA READ",
69 [IDE_DMA_WRITE] = "DMA WRITE",
70 [IDE_DMA_TRIM] = "DMA TRIM",
71 [IDE_DMA_ATAPI] = "DMA ATAPI"
72 };
73
74 static const char *IDE_DMA_CMD_str(enum ide_dma_cmd enval)
75 {
76 if ((unsigned)enval < IDE_DMA__COUNT) {
77 return IDE_DMA_CMD_lookup[enval];
78 }
79 return "DMA UNKNOWN CMD";
80 }
81
82 static void ide_dummy_transfer_stop(IDEState *s);
83
84 static void padstr(char *str, const char *src, int len)
85 {
86 int i, v;
87 for(i = 0; i < len; i++) {
88 if (*src)
89 v = *src++;
90 else
91 v = ' ';
92 str[i^1] = v;
93 }
94 }
95
96 static void put_le16(uint16_t *p, unsigned int v)
97 {
98 *p = cpu_to_le16(v);
99 }
100
101 static void ide_identify_size(IDEState *s)
102 {
103 uint16_t *p = (uint16_t *)s->identify_data;
104 int64_t nb_sectors_lba28 = s->nb_sectors;
105 if (nb_sectors_lba28 >= 1 << 28) {
106 nb_sectors_lba28 = (1 << 28) - 1;
107 }
108 put_le16(p + 60, nb_sectors_lba28);
109 put_le16(p + 61, nb_sectors_lba28 >> 16);
110 put_le16(p + 100, s->nb_sectors);
111 put_le16(p + 101, s->nb_sectors >> 16);
112 put_le16(p + 102, s->nb_sectors >> 32);
113 put_le16(p + 103, s->nb_sectors >> 48);
114 }
115
116 static void ide_identify(IDEState *s)
117 {
118 uint16_t *p;
119 unsigned int oldsize;
120 IDEDevice *dev = s->unit ? s->bus->slave : s->bus->master;
121
122 p = (uint16_t *)s->identify_data;
123 if (s->identify_set) {
124 goto fill_buffer;
125 }
126 memset(p, 0, sizeof(s->identify_data));
127
128 put_le16(p + 0, 0x0040);
129 put_le16(p + 1, s->cylinders);
130 put_le16(p + 3, s->heads);
131 put_le16(p + 4, 512 * s->sectors); /* XXX: retired, remove ? */
132 put_le16(p + 5, 512); /* XXX: retired, remove ? */
133 put_le16(p + 6, s->sectors);
134 padstr((char *)(p + 10), s->drive_serial_str, 20); /* serial number */
135 put_le16(p + 20, 3); /* XXX: retired, remove ? */
136 put_le16(p + 21, 512); /* cache size in sectors */
137 put_le16(p + 22, 4); /* ecc bytes */
138 padstr((char *)(p + 23), s->version, 8); /* firmware version */
139 padstr((char *)(p + 27), s->drive_model_str, 40); /* model */
140 #if MAX_MULT_SECTORS > 1
141 put_le16(p + 47, 0x8000 | MAX_MULT_SECTORS);
142 #endif
143 put_le16(p + 48, 1); /* dword I/O */
144 put_le16(p + 49, (1 << 11) | (1 << 9) | (1 << 8)); /* DMA and LBA supported */
145 put_le16(p + 51, 0x200); /* PIO transfer cycle */
146 put_le16(p + 52, 0x200); /* DMA transfer cycle */
147 put_le16(p + 53, 1 | (1 << 1) | (1 << 2)); /* words 54-58,64-70,88 are valid */
148 put_le16(p + 54, s->cylinders);
149 put_le16(p + 55, s->heads);
150 put_le16(p + 56, s->sectors);
151 oldsize = s->cylinders * s->heads * s->sectors;
152 put_le16(p + 57, oldsize);
153 put_le16(p + 58, oldsize >> 16);
154 if (s->mult_sectors)
155 put_le16(p + 59, 0x100 | s->mult_sectors);
156 /* *(p + 60) := nb_sectors -- see ide_identify_size */
157 /* *(p + 61) := nb_sectors >> 16 -- see ide_identify_size */
158 put_le16(p + 62, 0x07); /* single word dma0-2 supported */
159 put_le16(p + 63, 0x07); /* mdma0-2 supported */
160 put_le16(p + 64, 0x03); /* pio3-4 supported */
161 put_le16(p + 65, 120);
162 put_le16(p + 66, 120);
163 put_le16(p + 67, 120);
164 put_le16(p + 68, 120);
165 if (dev && dev->conf.discard_granularity) {
166 put_le16(p + 69, (1 << 14)); /* determinate TRIM behavior */
167 }
168
169 if (s->ncq_queues) {
170 put_le16(p + 75, s->ncq_queues - 1);
171 /* NCQ supported */
172 put_le16(p + 76, (1 << 8));
173 }
174
175 put_le16(p + 80, 0xf0); /* ata3 -> ata6 supported */
176 put_le16(p + 81, 0x16); /* conforms to ata5 */
177 /* 14=NOP supported, 5=WCACHE supported, 0=SMART supported */
178 put_le16(p + 82, (1 << 14) | (1 << 5) | 1);
179 /* 13=flush_cache_ext,12=flush_cache,10=lba48 */
180 put_le16(p + 83, (1 << 14) | (1 << 13) | (1 <<12) | (1 << 10));
181 /* 14=set to 1, 8=has WWN, 1=SMART self test, 0=SMART error logging */
182 if (s->wwn) {
183 put_le16(p + 84, (1 << 14) | (1 << 8) | 0);
184 } else {
185 put_le16(p + 84, (1 << 14) | 0);
186 }
187 /* 14 = NOP supported, 5=WCACHE enabled, 0=SMART feature set enabled */
188 if (blk_enable_write_cache(s->blk)) {
189 put_le16(p + 85, (1 << 14) | (1 << 5) | 1);
190 } else {
191 put_le16(p + 85, (1 << 14) | 1);
192 }
193 /* 13=flush_cache_ext,12=flush_cache,10=lba48 */
194 put_le16(p + 86, (1 << 13) | (1 <<12) | (1 << 10));
195 /* 14=set to 1, 8=has WWN, 1=SMART self test, 0=SMART error logging */
196 if (s->wwn) {
197 put_le16(p + 87, (1 << 14) | (1 << 8) | 0);
198 } else {
199 put_le16(p + 87, (1 << 14) | 0);
200 }
201 put_le16(p + 88, 0x3f | (1 << 13)); /* udma5 set and supported */
202 put_le16(p + 93, 1 | (1 << 14) | 0x2000);
203 /* *(p + 100) := nb_sectors -- see ide_identify_size */
204 /* *(p + 101) := nb_sectors >> 16 -- see ide_identify_size */
205 /* *(p + 102) := nb_sectors >> 32 -- see ide_identify_size */
206 /* *(p + 103) := nb_sectors >> 48 -- see ide_identify_size */
207
208 if (dev && dev->conf.physical_block_size)
209 put_le16(p + 106, 0x6000 | get_physical_block_exp(&dev->conf));
210 if (s->wwn) {
211 /* LE 16-bit words 111-108 contain 64-bit World Wide Name */
212 put_le16(p + 108, s->wwn >> 48);
213 put_le16(p + 109, s->wwn >> 32);
214 put_le16(p + 110, s->wwn >> 16);
215 put_le16(p + 111, s->wwn);
216 }
217 if (dev && dev->conf.discard_granularity) {
218 put_le16(p + 169, 1); /* TRIM support */
219 }
220 if (dev) {
221 put_le16(p + 217, dev->rotation_rate); /* Nominal media rotation rate */
222 }
223
224 ide_identify_size(s);
225 s->identify_set = 1;
226
227 fill_buffer:
228 memcpy(s->io_buffer, p, sizeof(s->identify_data));
229 }
230
231 static void ide_atapi_identify(IDEState *s)
232 {
233 uint16_t *p;
234
235 p = (uint16_t *)s->identify_data;
236 if (s->identify_set) {
237 goto fill_buffer;
238 }
239 memset(p, 0, sizeof(s->identify_data));
240
241 /* Removable CDROM, 50us response, 12 byte packets */
242 put_le16(p + 0, (2 << 14) | (5 << 8) | (1 << 7) | (2 << 5) | (0 << 0));
243 padstr((char *)(p + 10), s->drive_serial_str, 20); /* serial number */
244 put_le16(p + 20, 3); /* buffer type */
245 put_le16(p + 21, 512); /* cache size in sectors */
246 put_le16(p + 22, 4); /* ecc bytes */
247 padstr((char *)(p + 23), s->version, 8); /* firmware version */
248 padstr((char *)(p + 27), s->drive_model_str, 40); /* model */
249 put_le16(p + 48, 1); /* dword I/O (XXX: should not be set on CDROM) */
250 #ifdef USE_DMA_CDROM
251 put_le16(p + 49, 1 << 9 | 1 << 8); /* DMA and LBA supported */
252 put_le16(p + 53, 7); /* words 64-70, 54-58, 88 valid */
253 put_le16(p + 62, 7); /* single word dma0-2 supported */
254 put_le16(p + 63, 7); /* mdma0-2 supported */
255 #else
256 put_le16(p + 49, 1 << 9); /* LBA supported, no DMA */
257 put_le16(p + 53, 3); /* words 64-70, 54-58 valid */
258 put_le16(p + 63, 0x103); /* DMA modes XXX: may be incorrect */
259 #endif
260 put_le16(p + 64, 3); /* pio3-4 supported */
261 put_le16(p + 65, 0xb4); /* minimum DMA multiword tx cycle time */
262 put_le16(p + 66, 0xb4); /* recommended DMA multiword tx cycle time */
263 put_le16(p + 67, 0x12c); /* minimum PIO cycle time without flow control */
264 put_le16(p + 68, 0xb4); /* minimum PIO cycle time with IORDY flow control */
265
266 put_le16(p + 71, 30); /* in ns */
267 put_le16(p + 72, 30); /* in ns */
268
269 if (s->ncq_queues) {
270 put_le16(p + 75, s->ncq_queues - 1);
271 /* NCQ supported */
272 put_le16(p + 76, (1 << 8));
273 }
274
275 put_le16(p + 80, 0x1e); /* support up to ATA/ATAPI-4 */
276 if (s->wwn) {
277 put_le16(p + 84, (1 << 8)); /* supports WWN for words 108-111 */
278 put_le16(p + 87, (1 << 8)); /* WWN enabled */
279 }
280
281 #ifdef USE_DMA_CDROM
282 put_le16(p + 88, 0x3f | (1 << 13)); /* udma5 set and supported */
283 #endif
284
285 if (s->wwn) {
286 /* LE 16-bit words 111-108 contain 64-bit World Wide Name */
287 put_le16(p + 108, s->wwn >> 48);
288 put_le16(p + 109, s->wwn >> 32);
289 put_le16(p + 110, s->wwn >> 16);
290 put_le16(p + 111, s->wwn);
291 }
292
293 s->identify_set = 1;
294
295 fill_buffer:
296 memcpy(s->io_buffer, p, sizeof(s->identify_data));
297 }
298
299 static void ide_cfata_identify_size(IDEState *s)
300 {
301 uint16_t *p = (uint16_t *)s->identify_data;
302 put_le16(p + 7, s->nb_sectors >> 16); /* Sectors per card */
303 put_le16(p + 8, s->nb_sectors); /* Sectors per card */
304 put_le16(p + 60, s->nb_sectors); /* Total LBA sectors */
305 put_le16(p + 61, s->nb_sectors >> 16); /* Total LBA sectors */
306 }
307
308 static void ide_cfata_identify(IDEState *s)
309 {
310 uint16_t *p;
311 uint32_t cur_sec;
312
313 p = (uint16_t *)s->identify_data;
314 if (s->identify_set) {
315 goto fill_buffer;
316 }
317 memset(p, 0, sizeof(s->identify_data));
318
319 cur_sec = s->cylinders * s->heads * s->sectors;
320
321 put_le16(p + 0, 0x848a); /* CF Storage Card signature */
322 put_le16(p + 1, s->cylinders); /* Default cylinders */
323 put_le16(p + 3, s->heads); /* Default heads */
324 put_le16(p + 6, s->sectors); /* Default sectors per track */
325 /* *(p + 7) := nb_sectors >> 16 -- see ide_cfata_identify_size */
326 /* *(p + 8) := nb_sectors -- see ide_cfata_identify_size */
327 padstr((char *)(p + 10), s->drive_serial_str, 20); /* serial number */
328 put_le16(p + 22, 0x0004); /* ECC bytes */
329 padstr((char *) (p + 23), s->version, 8); /* Firmware Revision */
330 padstr((char *) (p + 27), s->drive_model_str, 40);/* Model number */
331 #if MAX_MULT_SECTORS > 1
332 put_le16(p + 47, 0x8000 | MAX_MULT_SECTORS);
333 #else
334 put_le16(p + 47, 0x0000);
335 #endif
336 put_le16(p + 49, 0x0f00); /* Capabilities */
337 put_le16(p + 51, 0x0002); /* PIO cycle timing mode */
338 put_le16(p + 52, 0x0001); /* DMA cycle timing mode */
339 put_le16(p + 53, 0x0003); /* Translation params valid */
340 put_le16(p + 54, s->cylinders); /* Current cylinders */
341 put_le16(p + 55, s->heads); /* Current heads */
342 put_le16(p + 56, s->sectors); /* Current sectors */
343 put_le16(p + 57, cur_sec); /* Current capacity */
344 put_le16(p + 58, cur_sec >> 16); /* Current capacity */
345 if (s->mult_sectors) /* Multiple sector setting */
346 put_le16(p + 59, 0x100 | s->mult_sectors);
347 /* *(p + 60) := nb_sectors -- see ide_cfata_identify_size */
348 /* *(p + 61) := nb_sectors >> 16 -- see ide_cfata_identify_size */
349 put_le16(p + 63, 0x0203); /* Multiword DMA capability */
350 put_le16(p + 64, 0x0001); /* Flow Control PIO support */
351 put_le16(p + 65, 0x0096); /* Min. Multiword DMA cycle */
352 put_le16(p + 66, 0x0096); /* Rec. Multiword DMA cycle */
353 put_le16(p + 68, 0x00b4); /* Min. PIO cycle time */
354 put_le16(p + 82, 0x400c); /* Command Set supported */
355 put_le16(p + 83, 0x7068); /* Command Set supported */
356 put_le16(p + 84, 0x4000); /* Features supported */
357 put_le16(p + 85, 0x000c); /* Command Set enabled */
358 put_le16(p + 86, 0x7044); /* Command Set enabled */
359 put_le16(p + 87, 0x4000); /* Features enabled */
360 put_le16(p + 91, 0x4060); /* Current APM level */
361 put_le16(p + 129, 0x0002); /* Current features option */
362 put_le16(p + 130, 0x0005); /* Reassigned sectors */
363 put_le16(p + 131, 0x0001); /* Initial power mode */
364 put_le16(p + 132, 0x0000); /* User signature */
365 put_le16(p + 160, 0x8100); /* Power requirement */
366 put_le16(p + 161, 0x8001); /* CF command set */
367
368 ide_cfata_identify_size(s);
369 s->identify_set = 1;
370
371 fill_buffer:
372 memcpy(s->io_buffer, p, sizeof(s->identify_data));
373 }
374
375 static void ide_set_signature(IDEState *s)
376 {
377 s->select &= ~(ATA_DEV_HS); /* clear head */
378 /* put signature */
379 s->nsector = 1;
380 s->sector = 1;
381 if (s->drive_kind == IDE_CD) {
382 s->lcyl = 0x14;
383 s->hcyl = 0xeb;
384 } else if (s->blk) {
385 s->lcyl = 0;
386 s->hcyl = 0;
387 } else {
388 s->lcyl = 0xff;
389 s->hcyl = 0xff;
390 }
391 }
392
393 static bool ide_sect_range_ok(IDEState *s,
394 uint64_t sector, uint64_t nb_sectors)
395 {
396 uint64_t total_sectors;
397
398 blk_get_geometry(s->blk, &total_sectors);
399 if (sector > total_sectors || nb_sectors > total_sectors - sector) {
400 return false;
401 }
402 return true;
403 }
404
405 typedef struct TrimAIOCB {
406 BlockAIOCB common;
407 IDEState *s;
408 QEMUBH *bh;
409 int ret;
410 QEMUIOVector *qiov;
411 BlockAIOCB *aiocb;
412 int i, j;
413 } TrimAIOCB;
414
415 static void trim_aio_cancel(BlockAIOCB *acb)
416 {
417 TrimAIOCB *iocb = container_of(acb, TrimAIOCB, common);
418
419 /* Exit the loop so ide_issue_trim_cb will not continue */
420 iocb->j = iocb->qiov->niov - 1;
421 iocb->i = (iocb->qiov->iov[iocb->j].iov_len / 8) - 1;
422
423 iocb->ret = -ECANCELED;
424
425 if (iocb->aiocb) {
426 blk_aio_cancel_async(iocb->aiocb);
427 iocb->aiocb = NULL;
428 }
429 }
430
431 static const AIOCBInfo trim_aiocb_info = {
432 .aiocb_size = sizeof(TrimAIOCB),
433 .cancel_async = trim_aio_cancel,
434 };
435
436 static void ide_trim_bh_cb(void *opaque)
437 {
438 TrimAIOCB *iocb = opaque;
439 BlockBackend *blk = iocb->s->blk;
440
441 iocb->common.cb(iocb->common.opaque, iocb->ret);
442
443 qemu_bh_delete(iocb->bh);
444 iocb->bh = NULL;
445 qemu_aio_unref(iocb);
446
447 /* Paired with an increment in ide_issue_trim() */
448 blk_dec_in_flight(blk);
449 }
450
451 static void ide_issue_trim_cb(void *opaque, int ret)
452 {
453 TrimAIOCB *iocb = opaque;
454 IDEState *s = iocb->s;
455
456 if (iocb->i >= 0) {
457 if (ret >= 0) {
458 block_acct_done(blk_get_stats(s->blk), &s->acct);
459 } else {
460 block_acct_failed(blk_get_stats(s->blk), &s->acct);
461 }
462 }
463
464 if (ret >= 0) {
465 while (iocb->j < iocb->qiov->niov) {
466 int j = iocb->j;
467 while (++iocb->i < iocb->qiov->iov[j].iov_len / 8) {
468 int i = iocb->i;
469 uint64_t *buffer = iocb->qiov->iov[j].iov_base;
470
471 /* 6-byte LBA + 2-byte range per entry */
472 uint64_t entry = le64_to_cpu(buffer[i]);
473 uint64_t sector = entry & 0x0000ffffffffffffULL;
474 uint16_t count = entry >> 48;
475
476 if (count == 0) {
477 continue;
478 }
479
480 if (!ide_sect_range_ok(s, sector, count)) {
481 block_acct_invalid(blk_get_stats(s->blk), BLOCK_ACCT_UNMAP);
482 iocb->ret = -EINVAL;
483 goto done;
484 }
485
486 block_acct_start(blk_get_stats(s->blk), &s->acct,
487 count << BDRV_SECTOR_BITS, BLOCK_ACCT_UNMAP);
488
489 /* Got an entry! Submit and exit. */
490 iocb->aiocb = blk_aio_pdiscard(s->blk,
491 sector << BDRV_SECTOR_BITS,
492 count << BDRV_SECTOR_BITS,
493 ide_issue_trim_cb, opaque);
494 return;
495 }
496
497 iocb->j++;
498 iocb->i = -1;
499 }
500 } else {
501 iocb->ret = ret;
502 }
503
504 done:
505 iocb->aiocb = NULL;
506 if (iocb->bh) {
507 replay_bh_schedule_event(iocb->bh);
508 }
509 }
510
511 BlockAIOCB *ide_issue_trim(
512 int64_t offset, QEMUIOVector *qiov,
513 BlockCompletionFunc *cb, void *cb_opaque, void *opaque)
514 {
515 IDEState *s = opaque;
516 TrimAIOCB *iocb;
517
518 /* Paired with a decrement in ide_trim_bh_cb() */
519 blk_inc_in_flight(s->blk);
520
521 iocb = blk_aio_get(&trim_aiocb_info, s->blk, cb, cb_opaque);
522 iocb->s = s;
523 iocb->bh = qemu_bh_new(ide_trim_bh_cb, iocb);
524 iocb->ret = 0;
525 iocb->qiov = qiov;
526 iocb->i = -1;
527 iocb->j = 0;
528 ide_issue_trim_cb(iocb, 0);
529 return &iocb->common;
530 }
531
532 void ide_abort_command(IDEState *s)
533 {
534 ide_transfer_stop(s);
535 s->status = READY_STAT | ERR_STAT;
536 s->error = ABRT_ERR;
537 }
538
539 static void ide_set_retry(IDEState *s)
540 {
541 s->bus->retry_unit = s->unit;
542 s->bus->retry_sector_num = ide_get_sector(s);
543 s->bus->retry_nsector = s->nsector;
544 }
545
546 static void ide_clear_retry(IDEState *s)
547 {
548 s->bus->retry_unit = -1;
549 s->bus->retry_sector_num = 0;
550 s->bus->retry_nsector = 0;
551 }
552
553 /* prepare data transfer and tell what to do after */
554 bool ide_transfer_start_norecurse(IDEState *s, uint8_t *buf, int size,
555 EndTransferFunc *end_transfer_func)
556 {
557 s->data_ptr = buf;
558 s->data_end = buf + size;
559 ide_set_retry(s);
560 if (!(s->status & ERR_STAT)) {
561 s->status |= DRQ_STAT;
562 }
563 if (!s->bus->dma->ops->pio_transfer) {
564 s->end_transfer_func = end_transfer_func;
565 return false;
566 }
567 s->bus->dma->ops->pio_transfer(s->bus->dma);
568 return true;
569 }
570
571 void ide_transfer_start(IDEState *s, uint8_t *buf, int size,
572 EndTransferFunc *end_transfer_func)
573 {
574 if (ide_transfer_start_norecurse(s, buf, size, end_transfer_func)) {
575 end_transfer_func(s);
576 }
577 }
578
579 static void ide_cmd_done(IDEState *s)
580 {
581 if (s->bus->dma->ops->cmd_done) {
582 s->bus->dma->ops->cmd_done(s->bus->dma);
583 }
584 }
585
586 static void ide_transfer_halt(IDEState *s)
587 {
588 s->end_transfer_func = ide_transfer_stop;
589 s->data_ptr = s->io_buffer;
590 s->data_end = s->io_buffer;
591 s->status &= ~DRQ_STAT;
592 }
593
594 void ide_transfer_stop(IDEState *s)
595 {
596 ide_transfer_halt(s);
597 ide_cmd_done(s);
598 }
599
600 int64_t ide_get_sector(IDEState *s)
601 {
602 int64_t sector_num;
603 if (s->select & (ATA_DEV_LBA)) {
604 if (s->lba48) {
605 sector_num = ((int64_t)s->hob_hcyl << 40) |
606 ((int64_t) s->hob_lcyl << 32) |
607 ((int64_t) s->hob_sector << 24) |
608 ((int64_t) s->hcyl << 16) |
609 ((int64_t) s->lcyl << 8) | s->sector;
610 } else {
611 /* LBA28 */
612 sector_num = ((s->select & (ATA_DEV_LBA_MSB)) << 24) |
613 (s->hcyl << 16) | (s->lcyl << 8) | s->sector;
614 }
615 } else {
616 /* CHS */
617 sector_num = ((s->hcyl << 8) | s->lcyl) * s->heads * s->sectors +
618 (s->select & (ATA_DEV_HS)) * s->sectors + (s->sector - 1);
619 }
620
621 return sector_num;
622 }
623
624 void ide_set_sector(IDEState *s, int64_t sector_num)
625 {
626 unsigned int cyl, r;
627 if (s->select & (ATA_DEV_LBA)) {
628 if (s->lba48) {
629 s->sector = sector_num;
630 s->lcyl = sector_num >> 8;
631 s->hcyl = sector_num >> 16;
632 s->hob_sector = sector_num >> 24;
633 s->hob_lcyl = sector_num >> 32;
634 s->hob_hcyl = sector_num >> 40;
635 } else {
636 /* LBA28 */
637 s->select = (s->select & ~(ATA_DEV_LBA_MSB)) |
638 ((sector_num >> 24) & (ATA_DEV_LBA_MSB));
639 s->hcyl = (sector_num >> 16);
640 s->lcyl = (sector_num >> 8);
641 s->sector = (sector_num);
642 }
643 } else {
644 /* CHS */
645 cyl = sector_num / (s->heads * s->sectors);
646 r = sector_num % (s->heads * s->sectors);
647 s->hcyl = cyl >> 8;
648 s->lcyl = cyl;
649 s->select = (s->select & ~(ATA_DEV_HS)) |
650 ((r / s->sectors) & (ATA_DEV_HS));
651 s->sector = (r % s->sectors) + 1;
652 }
653 }
654
655 static void ide_rw_error(IDEState *s) {
656 ide_abort_command(s);
657 ide_bus_set_irq(s->bus);
658 }
659
660 static void ide_buffered_readv_cb(void *opaque, int ret)
661 {
662 IDEBufferedRequest *req = opaque;
663 if (!req->orphaned) {
664 if (!ret) {
665 assert(req->qiov.size == req->original_qiov->size);
666 qemu_iovec_from_buf(req->original_qiov, 0,
667 req->qiov.local_iov.iov_base,
668 req->original_qiov->size);
669 }
670 req->original_cb(req->original_opaque, ret);
671 }
672 QLIST_REMOVE(req, list);
673 qemu_vfree(qemu_iovec_buf(&req->qiov));
674 g_free(req);
675 }
676
677 #define MAX_BUFFERED_REQS 16
678
679 BlockAIOCB *ide_buffered_readv(IDEState *s, int64_t sector_num,
680 QEMUIOVector *iov, int nb_sectors,
681 BlockCompletionFunc *cb, void *opaque)
682 {
683 BlockAIOCB *aioreq;
684 IDEBufferedRequest *req;
685 int c = 0;
686
687 QLIST_FOREACH(req, &s->buffered_requests, list) {
688 c++;
689 }
690 if (c > MAX_BUFFERED_REQS) {
691 return blk_abort_aio_request(s->blk, cb, opaque, -EIO);
692 }
693
694 req = g_new0(IDEBufferedRequest, 1);
695 req->original_qiov = iov;
696 req->original_cb = cb;
697 req->original_opaque = opaque;
698 qemu_iovec_init_buf(&req->qiov, blk_blockalign(s->blk, iov->size),
699 iov->size);
700
701 aioreq = blk_aio_preadv(s->blk, sector_num << BDRV_SECTOR_BITS,
702 &req->qiov, 0, ide_buffered_readv_cb, req);
703
704 QLIST_INSERT_HEAD(&s->buffered_requests, req, list);
705 return aioreq;
706 }
707
708 /**
709 * Cancel all pending DMA requests.
710 * Any buffered DMA requests are instantly canceled,
711 * but any pending unbuffered DMA requests must be waited on.
712 */
713 void ide_cancel_dma_sync(IDEState *s)
714 {
715 IDEBufferedRequest *req;
716
717 /* First invoke the callbacks of all buffered requests
718 * and flag those requests as orphaned. Ideally there
719 * are no unbuffered (Scatter Gather DMA Requests or
720 * write requests) pending and we can avoid to drain. */
721 QLIST_FOREACH(req, &s->buffered_requests, list) {
722 if (!req->orphaned) {
723 trace_ide_cancel_dma_sync_buffered(req->original_cb, req);
724 req->original_cb(req->original_opaque, -ECANCELED);
725 }
726 req->orphaned = true;
727 }
728
729 /*
730 * We can't cancel Scatter Gather DMA in the middle of the
731 * operation or a partial (not full) DMA transfer would reach
732 * the storage so we wait for completion instead (we behave
733 * like if the DMA was completed by the time the guest trying
734 * to cancel dma with bmdma_cmd_writeb with BM_CMD_START not
735 * set).
736 *
737 * In the future we'll be able to safely cancel the I/O if the
738 * whole DMA operation will be submitted to disk with a single
739 * aio operation with preadv/pwritev.
740 */
741 if (s->bus->dma->aiocb) {
742 trace_ide_cancel_dma_sync_remaining();
743 blk_drain(s->blk);
744 assert(s->bus->dma->aiocb == NULL);
745 }
746 }
747
748 static void ide_sector_read(IDEState *s);
749
750 static void ide_sector_read_cb(void *opaque, int ret)
751 {
752 IDEState *s = opaque;
753 int n;
754
755 s->pio_aiocb = NULL;
756 s->status &= ~BUSY_STAT;
757
758 if (ret != 0) {
759 if (ide_handle_rw_error(s, -ret, IDE_RETRY_PIO |
760 IDE_RETRY_READ)) {
761 return;
762 }
763 }
764
765 block_acct_done(blk_get_stats(s->blk), &s->acct);
766
767 n = s->nsector;
768 if (n > s->req_nb_sectors) {
769 n = s->req_nb_sectors;
770 }
771
772 ide_set_sector(s, ide_get_sector(s) + n);
773 s->nsector -= n;
774 /* Allow the guest to read the io_buffer */
775 ide_transfer_start(s, s->io_buffer, n * BDRV_SECTOR_SIZE, ide_sector_read);
776 ide_bus_set_irq(s->bus);
777 }
778
779 static void ide_sector_read(IDEState *s)
780 {
781 int64_t sector_num;
782 int n;
783
784 s->status = READY_STAT | SEEK_STAT;
785 s->error = 0; /* not needed by IDE spec, but needed by Windows */
786 sector_num = ide_get_sector(s);
787 n = s->nsector;
788
789 if (n == 0) {
790 ide_transfer_stop(s);
791 return;
792 }
793
794 s->status |= BUSY_STAT;
795
796 if (n > s->req_nb_sectors) {
797 n = s->req_nb_sectors;
798 }
799
800 trace_ide_sector_read(sector_num, n);
801
802 if (!ide_sect_range_ok(s, sector_num, n)) {
803 ide_rw_error(s);
804 block_acct_invalid(blk_get_stats(s->blk), BLOCK_ACCT_READ);
805 return;
806 }
807
808 qemu_iovec_init_buf(&s->qiov, s->io_buffer, n * BDRV_SECTOR_SIZE);
809
810 block_acct_start(blk_get_stats(s->blk), &s->acct,
811 n * BDRV_SECTOR_SIZE, BLOCK_ACCT_READ);
812 s->pio_aiocb = ide_buffered_readv(s, sector_num, &s->qiov, n,
813 ide_sector_read_cb, s);
814 }
815
816 void dma_buf_commit(IDEState *s, uint32_t tx_bytes)
817 {
818 if (s->bus->dma->ops->commit_buf) {
819 s->bus->dma->ops->commit_buf(s->bus->dma, tx_bytes);
820 }
821 s->io_buffer_offset += tx_bytes;
822 qemu_sglist_destroy(&s->sg);
823 }
824
825 void ide_set_inactive(IDEState *s, bool more)
826 {
827 s->bus->dma->aiocb = NULL;
828 ide_clear_retry(s);
829 if (s->bus->dma->ops->set_inactive) {
830 s->bus->dma->ops->set_inactive(s->bus->dma, more);
831 }
832 ide_cmd_done(s);
833 }
834
835 void ide_dma_error(IDEState *s)
836 {
837 dma_buf_commit(s, 0);
838 ide_abort_command(s);
839 ide_set_inactive(s, false);
840 ide_bus_set_irq(s->bus);
841 }
842
843 int ide_handle_rw_error(IDEState *s, int error, int op)
844 {
845 bool is_read = (op & IDE_RETRY_READ) != 0;
846 BlockErrorAction action = blk_get_error_action(s->blk, is_read, error);
847
848 if (action == BLOCK_ERROR_ACTION_STOP) {
849 assert(s->bus->retry_unit == s->unit);
850 s->bus->error_status = op;
851 } else if (action == BLOCK_ERROR_ACTION_REPORT) {
852 block_acct_failed(blk_get_stats(s->blk), &s->acct);
853 if (IS_IDE_RETRY_DMA(op)) {
854 ide_dma_error(s);
855 } else if (IS_IDE_RETRY_ATAPI(op)) {
856 ide_atapi_io_error(s, -error);
857 } else {
858 ide_rw_error(s);
859 }
860 }
861 blk_error_action(s->blk, action, is_read, error);
862 return action != BLOCK_ERROR_ACTION_IGNORE;
863 }
864
865 static void ide_dma_cb(void *opaque, int ret)
866 {
867 IDEState *s = opaque;
868 int n;
869 int64_t sector_num;
870 uint64_t offset;
871 bool stay_active = false;
872 int32_t prep_size = 0;
873
874 if (ret == -EINVAL) {
875 ide_dma_error(s);
876 return;
877 }
878
879 if (ret < 0) {
880 if (ide_handle_rw_error(s, -ret, ide_dma_cmd_to_retry(s->dma_cmd))) {
881 s->bus->dma->aiocb = NULL;
882 dma_buf_commit(s, 0);
883 return;
884 }
885 }
886
887 if (s->io_buffer_size > s->nsector * 512) {
888 /*
889 * The PRDs were longer than needed for this request.
890 * The Active bit must remain set after the request completes.
891 */
892 n = s->nsector;
893 stay_active = true;
894 } else {
895 n = s->io_buffer_size >> 9;
896 }
897
898 sector_num = ide_get_sector(s);
899 if (n > 0) {
900 assert(n * 512 == s->sg.size);
901 dma_buf_commit(s, s->sg.size);
902 sector_num += n;
903 ide_set_sector(s, sector_num);
904 s->nsector -= n;
905 }
906
907 /* end of transfer ? */
908 if (s->nsector == 0) {
909 s->status = READY_STAT | SEEK_STAT;
910 ide_bus_set_irq(s->bus);
911 goto eot;
912 }
913
914 /* launch next transfer */
915 n = s->nsector;
916 s->io_buffer_index = 0;
917 s->io_buffer_size = n * 512;
918 prep_size = s->bus->dma->ops->prepare_buf(s->bus->dma, s->io_buffer_size);
919 /* prepare_buf() must succeed and respect the limit */
920 assert(prep_size >= 0 && prep_size <= n * 512);
921
922 /*
923 * Now prep_size stores the number of bytes in the sglist, and
924 * s->io_buffer_size stores the number of bytes described by the PRDs.
925 */
926
927 if (prep_size < n * 512) {
928 /*
929 * The PRDs are too short for this request. Error condition!
930 * Reset the Active bit and don't raise the interrupt.
931 */
932 s->status = READY_STAT | SEEK_STAT;
933 dma_buf_commit(s, 0);
934 goto eot;
935 }
936
937 trace_ide_dma_cb(s, sector_num, n, IDE_DMA_CMD_str(s->dma_cmd));
938
939 if ((s->dma_cmd == IDE_DMA_READ || s->dma_cmd == IDE_DMA_WRITE) &&
940 !ide_sect_range_ok(s, sector_num, n)) {
941 ide_dma_error(s);
942 block_acct_invalid(blk_get_stats(s->blk), s->acct.type);
943 return;
944 }
945
946 offset = sector_num << BDRV_SECTOR_BITS;
947 switch (s->dma_cmd) {
948 case IDE_DMA_READ:
949 s->bus->dma->aiocb = dma_blk_read(s->blk, &s->sg, offset,
950 BDRV_SECTOR_SIZE, ide_dma_cb, s);
951 break;
952 case IDE_DMA_WRITE:
953 s->bus->dma->aiocb = dma_blk_write(s->blk, &s->sg, offset,
954 BDRV_SECTOR_SIZE, ide_dma_cb, s);
955 break;
956 case IDE_DMA_TRIM:
957 s->bus->dma->aiocb = dma_blk_io(blk_get_aio_context(s->blk),
958 &s->sg, offset, BDRV_SECTOR_SIZE,
959 ide_issue_trim, s, ide_dma_cb, s,
960 DMA_DIRECTION_TO_DEVICE);
961 break;
962 default:
963 abort();
964 }
965 return;
966
967 eot:
968 if (s->dma_cmd == IDE_DMA_READ || s->dma_cmd == IDE_DMA_WRITE) {
969 block_acct_done(blk_get_stats(s->blk), &s->acct);
970 }
971 ide_set_inactive(s, stay_active);
972 }
973
974 static void ide_sector_start_dma(IDEState *s, enum ide_dma_cmd dma_cmd)
975 {
976 s->status = READY_STAT | SEEK_STAT | DRQ_STAT;
977 s->io_buffer_size = 0;
978 s->dma_cmd = dma_cmd;
979
980 switch (dma_cmd) {
981 case IDE_DMA_READ:
982 block_acct_start(blk_get_stats(s->blk), &s->acct,
983 s->nsector * BDRV_SECTOR_SIZE, BLOCK_ACCT_READ);
984 break;
985 case IDE_DMA_WRITE:
986 block_acct_start(blk_get_stats(s->blk), &s->acct,
987 s->nsector * BDRV_SECTOR_SIZE, BLOCK_ACCT_WRITE);
988 break;
989 default:
990 break;
991 }
992
993 ide_start_dma(s, ide_dma_cb);
994 }
995
996 void ide_start_dma(IDEState *s, BlockCompletionFunc *cb)
997 {
998 s->io_buffer_index = 0;
999 ide_set_retry(s);
1000 if (s->bus->dma->ops->start_dma) {
1001 s->bus->dma->ops->start_dma(s->bus->dma, s, cb);
1002 }
1003 }
1004
1005 static void ide_sector_write(IDEState *s);
1006
1007 static void ide_sector_write_timer_cb(void *opaque)
1008 {
1009 IDEState *s = opaque;
1010 ide_bus_set_irq(s->bus);
1011 }
1012
1013 static void ide_sector_write_cb(void *opaque, int ret)
1014 {
1015 IDEState *s = opaque;
1016 int n;
1017
1018 s->pio_aiocb = NULL;
1019 s->status &= ~BUSY_STAT;
1020
1021 if (ret != 0) {
1022 if (ide_handle_rw_error(s, -ret, IDE_RETRY_PIO)) {
1023 return;
1024 }
1025 }
1026
1027 block_acct_done(blk_get_stats(s->blk), &s->acct);
1028
1029 n = s->nsector;
1030 if (n > s->req_nb_sectors) {
1031 n = s->req_nb_sectors;
1032 }
1033 s->nsector -= n;
1034
1035 ide_set_sector(s, ide_get_sector(s) + n);
1036 if (s->nsector == 0) {
1037 /* no more sectors to write */
1038 ide_transfer_stop(s);
1039 } else {
1040 int n1 = s->nsector;
1041 if (n1 > s->req_nb_sectors) {
1042 n1 = s->req_nb_sectors;
1043 }
1044 ide_transfer_start(s, s->io_buffer, n1 * BDRV_SECTOR_SIZE,
1045 ide_sector_write);
1046 }
1047
1048 if (win2k_install_hack && ((++s->irq_count % 16) == 0)) {
1049 /* It seems there is a bug in the Windows 2000 installer HDD
1050 IDE driver which fills the disk with empty logs when the
1051 IDE write IRQ comes too early. This hack tries to correct
1052 that at the expense of slower write performances. Use this
1053 option _only_ to install Windows 2000. You must disable it
1054 for normal use. */
1055 timer_mod(s->sector_write_timer, qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL) +
1056 (NANOSECONDS_PER_SECOND / 1000));
1057 } else {
1058 ide_bus_set_irq(s->bus);
1059 }
1060 }
1061
1062 static void ide_sector_write(IDEState *s)
1063 {
1064 int64_t sector_num;
1065 int n;
1066
1067 s->status = READY_STAT | SEEK_STAT | BUSY_STAT;
1068 sector_num = ide_get_sector(s);
1069
1070 n = s->nsector;
1071 if (n > s->req_nb_sectors) {
1072 n = s->req_nb_sectors;
1073 }
1074
1075 trace_ide_sector_write(sector_num, n);
1076
1077 if (!ide_sect_range_ok(s, sector_num, n)) {
1078 ide_rw_error(s);
1079 block_acct_invalid(blk_get_stats(s->blk), BLOCK_ACCT_WRITE);
1080 return;
1081 }
1082
1083 qemu_iovec_init_buf(&s->qiov, s->io_buffer, n * BDRV_SECTOR_SIZE);
1084
1085 block_acct_start(blk_get_stats(s->blk), &s->acct,
1086 n * BDRV_SECTOR_SIZE, BLOCK_ACCT_WRITE);
1087 s->pio_aiocb = blk_aio_pwritev(s->blk, sector_num << BDRV_SECTOR_BITS,
1088 &s->qiov, 0, ide_sector_write_cb, s);
1089 }
1090
1091 static void ide_flush_cb(void *opaque, int ret)
1092 {
1093 IDEState *s = opaque;
1094
1095 s->pio_aiocb = NULL;
1096
1097 if (ret < 0) {
1098 /* XXX: What sector number to set here? */
1099 if (ide_handle_rw_error(s, -ret, IDE_RETRY_FLUSH)) {
1100 return;
1101 }
1102 }
1103
1104 if (s->blk) {
1105 block_acct_done(blk_get_stats(s->blk), &s->acct);
1106 }
1107 s->status = READY_STAT | SEEK_STAT;
1108 ide_cmd_done(s);
1109 ide_bus_set_irq(s->bus);
1110 }
1111
1112 static void ide_flush_cache(IDEState *s)
1113 {
1114 if (s->blk == NULL) {
1115 ide_flush_cb(s, 0);
1116 return;
1117 }
1118
1119 s->status |= BUSY_STAT;
1120 ide_set_retry(s);
1121 block_acct_start(blk_get_stats(s->blk), &s->acct, 0, BLOCK_ACCT_FLUSH);
1122 s->pio_aiocb = blk_aio_flush(s->blk, ide_flush_cb, s);
1123 }
1124
1125 static void ide_cfata_metadata_inquiry(IDEState *s)
1126 {
1127 uint16_t *p;
1128 uint32_t spd;
1129
1130 p = (uint16_t *) s->io_buffer;
1131 memset(p, 0, 0x200);
1132 spd = ((s->mdata_size - 1) >> 9) + 1;
1133
1134 put_le16(p + 0, 0x0001); /* Data format revision */
1135 put_le16(p + 1, 0x0000); /* Media property: silicon */
1136 put_le16(p + 2, s->media_changed); /* Media status */
1137 put_le16(p + 3, s->mdata_size & 0xffff); /* Capacity in bytes (low) */
1138 put_le16(p + 4, s->mdata_size >> 16); /* Capacity in bytes (high) */
1139 put_le16(p + 5, spd & 0xffff); /* Sectors per device (low) */
1140 put_le16(p + 6, spd >> 16); /* Sectors per device (high) */
1141 }
1142
1143 static void ide_cfata_metadata_read(IDEState *s)
1144 {
1145 uint16_t *p;
1146
1147 if (((s->hcyl << 16) | s->lcyl) << 9 > s->mdata_size + 2) {
1148 s->status = ERR_STAT;
1149 s->error = ABRT_ERR;
1150 return;
1151 }
1152
1153 p = (uint16_t *) s->io_buffer;
1154 memset(p, 0, 0x200);
1155
1156 put_le16(p + 0, s->media_changed); /* Media status */
1157 memcpy(p + 1, s->mdata_storage + (((s->hcyl << 16) | s->lcyl) << 9),
1158 MIN(MIN(s->mdata_size - (((s->hcyl << 16) | s->lcyl) << 9),
1159 s->nsector << 9), 0x200 - 2));
1160 }
1161
1162 static void ide_cfata_metadata_write(IDEState *s)
1163 {
1164 if (((s->hcyl << 16) | s->lcyl) << 9 > s->mdata_size + 2) {
1165 s->status = ERR_STAT;
1166 s->error = ABRT_ERR;
1167 return;
1168 }
1169
1170 s->media_changed = 0;
1171
1172 memcpy(s->mdata_storage + (((s->hcyl << 16) | s->lcyl) << 9),
1173 s->io_buffer + 2,
1174 MIN(MIN(s->mdata_size - (((s->hcyl << 16) | s->lcyl) << 9),
1175 s->nsector << 9), 0x200 - 2));
1176 }
1177
1178 /* called when the inserted state of the media has changed */
1179 static void ide_cd_change_cb(void *opaque, bool load, Error **errp)
1180 {
1181 IDEState *s = opaque;
1182 uint64_t nb_sectors;
1183
1184 s->tray_open = !load;
1185 blk_get_geometry(s->blk, &nb_sectors);
1186 s->nb_sectors = nb_sectors;
1187
1188 /*
1189 * First indicate to the guest that a CD has been removed. That's
1190 * done on the next command the guest sends us.
1191 *
1192 * Then we set UNIT_ATTENTION, by which the guest will
1193 * detect a new CD in the drive. See ide_atapi_cmd() for details.
1194 */
1195 s->cdrom_changed = 1;
1196 s->events.new_media = true;
1197 s->events.eject_request = false;
1198 ide_bus_set_irq(s->bus);
1199 }
1200
1201 static void ide_cd_eject_request_cb(void *opaque, bool force)
1202 {
1203 IDEState *s = opaque;
1204
1205 s->events.eject_request = true;
1206 if (force) {
1207 s->tray_locked = false;
1208 }
1209 ide_bus_set_irq(s->bus);
1210 }
1211
1212 static void ide_cmd_lba48_transform(IDEState *s, int lba48)
1213 {
1214 s->lba48 = lba48;
1215
1216 /* handle the 'magic' 0 nsector count conversion here. to avoid
1217 * fiddling with the rest of the read logic, we just store the
1218 * full sector count in ->nsector and ignore ->hob_nsector from now
1219 */
1220 if (!s->lba48) {
1221 if (!s->nsector)
1222 s->nsector = 256;
1223 } else {
1224 if (!s->nsector && !s->hob_nsector)
1225 s->nsector = 65536;
1226 else {
1227 int lo = s->nsector;
1228 int hi = s->hob_nsector;
1229
1230 s->nsector = (hi << 8) | lo;
1231 }
1232 }
1233 }
1234
1235 static void ide_clear_hob(IDEBus *bus)
1236 {
1237 /* any write clears HOB high bit of device control register */
1238 bus->cmd &= ~(IDE_CTRL_HOB);
1239 }
1240
1241 /* IOport [W]rite [R]egisters */
1242 enum ATA_IOPORT_WR {
1243 ATA_IOPORT_WR_DATA = 0,
1244 ATA_IOPORT_WR_FEATURES = 1,
1245 ATA_IOPORT_WR_SECTOR_COUNT = 2,
1246 ATA_IOPORT_WR_SECTOR_NUMBER = 3,
1247 ATA_IOPORT_WR_CYLINDER_LOW = 4,
1248 ATA_IOPORT_WR_CYLINDER_HIGH = 5,
1249 ATA_IOPORT_WR_DEVICE_HEAD = 6,
1250 ATA_IOPORT_WR_COMMAND = 7,
1251 ATA_IOPORT_WR_NUM_REGISTERS,
1252 };
1253
1254 const char *ATA_IOPORT_WR_lookup[ATA_IOPORT_WR_NUM_REGISTERS] = {
1255 [ATA_IOPORT_WR_DATA] = "Data",
1256 [ATA_IOPORT_WR_FEATURES] = "Features",
1257 [ATA_IOPORT_WR_SECTOR_COUNT] = "Sector Count",
1258 [ATA_IOPORT_WR_SECTOR_NUMBER] = "Sector Number",
1259 [ATA_IOPORT_WR_CYLINDER_LOW] = "Cylinder Low",
1260 [ATA_IOPORT_WR_CYLINDER_HIGH] = "Cylinder High",
1261 [ATA_IOPORT_WR_DEVICE_HEAD] = "Device/Head",
1262 [ATA_IOPORT_WR_COMMAND] = "Command"
1263 };
1264
1265 void ide_ioport_write(void *opaque, uint32_t addr, uint32_t val)
1266 {
1267 IDEBus *bus = opaque;
1268 IDEState *s = ide_bus_active_if(bus);
1269 int reg_num = addr & 7;
1270
1271 trace_ide_ioport_write(addr, ATA_IOPORT_WR_lookup[reg_num], val, bus, s);
1272
1273 /* ignore writes to command block while busy with previous command */
1274 if (reg_num != 7 && (s->status & (BUSY_STAT|DRQ_STAT))) {
1275 return;
1276 }
1277
1278 /* NOTE: Device0 and Device1 both receive incoming register writes.
1279 * (They're on the same bus! They have to!) */
1280
1281 switch (reg_num) {
1282 case 0:
1283 break;
1284 case ATA_IOPORT_WR_FEATURES:
1285 ide_clear_hob(bus);
1286 bus->ifs[0].hob_feature = bus->ifs[0].feature;
1287 bus->ifs[1].hob_feature = bus->ifs[1].feature;
1288 bus->ifs[0].feature = val;
1289 bus->ifs[1].feature = val;
1290 break;
1291 case ATA_IOPORT_WR_SECTOR_COUNT:
1292 ide_clear_hob(bus);
1293 bus->ifs[0].hob_nsector = bus->ifs[0].nsector;
1294 bus->ifs[1].hob_nsector = bus->ifs[1].nsector;
1295 bus->ifs[0].nsector = val;
1296 bus->ifs[1].nsector = val;
1297 break;
1298 case ATA_IOPORT_WR_SECTOR_NUMBER:
1299 ide_clear_hob(bus);
1300 bus->ifs[0].hob_sector = bus->ifs[0].sector;
1301 bus->ifs[1].hob_sector = bus->ifs[1].sector;
1302 bus->ifs[0].sector = val;
1303 bus->ifs[1].sector = val;
1304 break;
1305 case ATA_IOPORT_WR_CYLINDER_LOW:
1306 ide_clear_hob(bus);
1307 bus->ifs[0].hob_lcyl = bus->ifs[0].lcyl;
1308 bus->ifs[1].hob_lcyl = bus->ifs[1].lcyl;
1309 bus->ifs[0].lcyl = val;
1310 bus->ifs[1].lcyl = val;
1311 break;
1312 case ATA_IOPORT_WR_CYLINDER_HIGH:
1313 ide_clear_hob(bus);
1314 bus->ifs[0].hob_hcyl = bus->ifs[0].hcyl;
1315 bus->ifs[1].hob_hcyl = bus->ifs[1].hcyl;
1316 bus->ifs[0].hcyl = val;
1317 bus->ifs[1].hcyl = val;
1318 break;
1319 case ATA_IOPORT_WR_DEVICE_HEAD:
1320 ide_clear_hob(bus);
1321 bus->ifs[0].select = val | (ATA_DEV_ALWAYS_ON);
1322 bus->ifs[1].select = val | (ATA_DEV_ALWAYS_ON);
1323 /* select drive */
1324 bus->unit = (val & (ATA_DEV_SELECT)) ? 1 : 0;
1325 break;
1326 default:
1327 case ATA_IOPORT_WR_COMMAND:
1328 ide_clear_hob(bus);
1329 qemu_irq_lower(bus->irq);
1330 ide_bus_exec_cmd(bus, val);
1331 break;
1332 }
1333 }
1334
1335 static void ide_reset(IDEState *s)
1336 {
1337 trace_ide_reset(s);
1338
1339 if (s->pio_aiocb) {
1340 blk_aio_cancel(s->pio_aiocb);
1341 s->pio_aiocb = NULL;
1342 }
1343
1344 if (s->reset_reverts) {
1345 s->reset_reverts = false;
1346 s->heads = s->drive_heads;
1347 s->sectors = s->drive_sectors;
1348 }
1349 if (s->drive_kind == IDE_CFATA)
1350 s->mult_sectors = 0;
1351 else
1352 s->mult_sectors = MAX_MULT_SECTORS;
1353 /* ide regs */
1354 s->feature = 0;
1355 s->error = 0;
1356 s->nsector = 0;
1357 s->sector = 0;
1358 s->lcyl = 0;
1359 s->hcyl = 0;
1360
1361 /* lba48 */
1362 s->hob_feature = 0;
1363 s->hob_sector = 0;
1364 s->hob_nsector = 0;
1365 s->hob_lcyl = 0;
1366 s->hob_hcyl = 0;
1367
1368 s->select = (ATA_DEV_ALWAYS_ON);
1369 s->status = READY_STAT | SEEK_STAT;
1370
1371 s->lba48 = 0;
1372
1373 /* ATAPI specific */
1374 s->sense_key = 0;
1375 s->asc = 0;
1376 s->cdrom_changed = 0;
1377 s->packet_transfer_size = 0;
1378 s->elementary_transfer_size = 0;
1379 s->io_buffer_index = 0;
1380 s->cd_sector_size = 0;
1381 s->atapi_dma = 0;
1382 s->tray_locked = 0;
1383 s->tray_open = 0;
1384 /* ATA DMA state */
1385 s->io_buffer_size = 0;
1386 s->req_nb_sectors = 0;
1387
1388 ide_set_signature(s);
1389 /* init the transfer handler so that 0xffff is returned on data
1390 accesses */
1391 s->end_transfer_func = ide_dummy_transfer_stop;
1392 ide_dummy_transfer_stop(s);
1393 s->media_changed = 0;
1394 }
1395
1396 static bool cmd_nop(IDEState *s, uint8_t cmd)
1397 {
1398 return true;
1399 }
1400
1401 static bool cmd_device_reset(IDEState *s, uint8_t cmd)
1402 {
1403 /* Halt PIO (in the DRQ phase), then DMA */
1404 ide_transfer_halt(s);
1405 ide_cancel_dma_sync(s);
1406
1407 /* Reset any PIO commands, reset signature, etc */
1408 ide_reset(s);
1409
1410 /* RESET: ATA8-ACS3 7.10.4 "Normal Outputs";
1411 * ATA8-ACS3 Table 184 "Device Signatures for Normal Output" */
1412 s->status = 0x00;
1413
1414 /* Do not overwrite status register */
1415 return false;
1416 }
1417
1418 static bool cmd_data_set_management(IDEState *s, uint8_t cmd)
1419 {
1420 switch (s->feature) {
1421 case DSM_TRIM:
1422 if (s->blk) {
1423 ide_sector_start_dma(s, IDE_DMA_TRIM);
1424 return false;
1425 }
1426 break;
1427 }
1428
1429 ide_abort_command(s);
1430 return true;
1431 }
1432
1433 static bool cmd_identify(IDEState *s, uint8_t cmd)
1434 {
1435 if (s->blk && s->drive_kind != IDE_CD) {
1436 if (s->drive_kind != IDE_CFATA) {
1437 ide_identify(s);
1438 } else {
1439 ide_cfata_identify(s);
1440 }
1441 s->status = READY_STAT | SEEK_STAT;
1442 ide_transfer_start(s, s->io_buffer, 512, ide_transfer_stop);
1443 ide_bus_set_irq(s->bus);
1444 return false;
1445 } else {
1446 if (s->drive_kind == IDE_CD) {
1447 ide_set_signature(s);
1448 }
1449 ide_abort_command(s);
1450 }
1451
1452 return true;
1453 }
1454
1455 static bool cmd_verify(IDEState *s, uint8_t cmd)
1456 {
1457 bool lba48 = (cmd == WIN_VERIFY_EXT);
1458
1459 /* do sector number check ? */
1460 ide_cmd_lba48_transform(s, lba48);
1461
1462 return true;
1463 }
1464
1465 static bool cmd_set_multiple_mode(IDEState *s, uint8_t cmd)
1466 {
1467 if (s->drive_kind == IDE_CFATA && s->nsector == 0) {
1468 /* Disable Read and Write Multiple */
1469 s->mult_sectors = 0;
1470 } else if ((s->nsector & 0xff) != 0 &&
1471 ((s->nsector & 0xff) > MAX_MULT_SECTORS ||
1472 (s->nsector & (s->nsector - 1)) != 0)) {
1473 ide_abort_command(s);
1474 } else {
1475 s->mult_sectors = s->nsector & 0xff;
1476 }
1477
1478 return true;
1479 }
1480
1481 static bool cmd_read_multiple(IDEState *s, uint8_t cmd)
1482 {
1483 bool lba48 = (cmd == WIN_MULTREAD_EXT);
1484
1485 if (!s->blk || !s->mult_sectors) {
1486 ide_abort_command(s);
1487 return true;
1488 }
1489
1490 ide_cmd_lba48_transform(s, lba48);
1491 s->req_nb_sectors = s->mult_sectors;
1492 ide_sector_read(s);
1493 return false;
1494 }
1495
1496 static bool cmd_write_multiple(IDEState *s, uint8_t cmd)
1497 {
1498 bool lba48 = (cmd == WIN_MULTWRITE_EXT);
1499 int n;
1500
1501 if (!s->blk || !s->mult_sectors) {
1502 ide_abort_command(s);
1503 return true;
1504 }
1505
1506 ide_cmd_lba48_transform(s, lba48);
1507
1508 s->req_nb_sectors = s->mult_sectors;
1509 n = MIN(s->nsector, s->req_nb_sectors);
1510
1511 s->status = SEEK_STAT | READY_STAT;
1512 ide_transfer_start(s, s->io_buffer, 512 * n, ide_sector_write);
1513
1514 s->media_changed = 1;
1515
1516 return false;
1517 }
1518
1519 static bool cmd_read_pio(IDEState *s, uint8_t cmd)
1520 {
1521 bool lba48 = (cmd == WIN_READ_EXT);
1522
1523 if (s->drive_kind == IDE_CD) {
1524 ide_set_signature(s); /* odd, but ATA4 8.27.5.2 requires it */
1525 ide_abort_command(s);
1526 return true;
1527 }
1528
1529 if (!s->blk) {
1530 ide_abort_command(s);
1531 return true;
1532 }
1533
1534 ide_cmd_lba48_transform(s, lba48);
1535 s->req_nb_sectors = 1;
1536 ide_sector_read(s);
1537
1538 return false;
1539 }
1540
1541 static bool cmd_write_pio(IDEState *s, uint8_t cmd)
1542 {
1543 bool lba48 = (cmd == WIN_WRITE_EXT);
1544
1545 if (!s->blk) {
1546 ide_abort_command(s);
1547 return true;
1548 }
1549
1550 ide_cmd_lba48_transform(s, lba48);
1551
1552 s->req_nb_sectors = 1;
1553 s->status = SEEK_STAT | READY_STAT;
1554 ide_transfer_start(s, s->io_buffer, 512, ide_sector_write);
1555
1556 s->media_changed = 1;
1557
1558 return false;
1559 }
1560
1561 static bool cmd_read_dma(IDEState *s, uint8_t cmd)
1562 {
1563 bool lba48 = (cmd == WIN_READDMA_EXT);
1564
1565 if (!s->blk) {
1566 ide_abort_command(s);
1567 return true;
1568 }
1569
1570 ide_cmd_lba48_transform(s, lba48);
1571 ide_sector_start_dma(s, IDE_DMA_READ);
1572
1573 return false;
1574 }
1575
1576 static bool cmd_write_dma(IDEState *s, uint8_t cmd)
1577 {
1578 bool lba48 = (cmd == WIN_WRITEDMA_EXT);
1579
1580 if (!s->blk) {
1581 ide_abort_command(s);
1582 return true;
1583 }
1584
1585 ide_cmd_lba48_transform(s, lba48);
1586 ide_sector_start_dma(s, IDE_DMA_WRITE);
1587
1588 s->media_changed = 1;
1589
1590 return false;
1591 }
1592
1593 static bool cmd_flush_cache(IDEState *s, uint8_t cmd)
1594 {
1595 ide_flush_cache(s);
1596 return false;
1597 }
1598
1599 static bool cmd_seek(IDEState *s, uint8_t cmd)
1600 {
1601 /* XXX: Check that seek is within bounds */
1602 return true;
1603 }
1604
1605 static bool cmd_read_native_max(IDEState *s, uint8_t cmd)
1606 {
1607 bool lba48 = (cmd == WIN_READ_NATIVE_MAX_EXT);
1608
1609 /* Refuse if no sectors are addressable (e.g. medium not inserted) */
1610 if (s->nb_sectors == 0) {
1611 ide_abort_command(s);
1612 return true;
1613 }
1614
1615 ide_cmd_lba48_transform(s, lba48);
1616 ide_set_sector(s, s->nb_sectors - 1);
1617
1618 return true;
1619 }
1620
1621 static bool cmd_check_power_mode(IDEState *s, uint8_t cmd)
1622 {
1623 s->nsector = 0xff; /* device active or idle */
1624 return true;
1625 }
1626
1627 /* INITIALIZE DEVICE PARAMETERS */
1628 static bool cmd_specify(IDEState *s, uint8_t cmd)
1629 {
1630 if (s->blk && s->drive_kind != IDE_CD) {
1631 s->heads = (s->select & (ATA_DEV_HS)) + 1;
1632 s->sectors = s->nsector;
1633 ide_bus_set_irq(s->bus);
1634 } else {
1635 ide_abort_command(s);
1636 }
1637
1638 return true;
1639 }
1640
1641 static bool cmd_set_features(IDEState *s, uint8_t cmd)
1642 {
1643 uint16_t *identify_data;
1644
1645 if (!s->blk) {
1646 ide_abort_command(s);
1647 return true;
1648 }
1649
1650 /* XXX: valid for CDROM ? */
1651 switch (s->feature) {
1652 case 0x01: /* 8-bit I/O enable (CompactFlash) */
1653 case 0x81: /* 8-bit I/O disable (CompactFlash) */
1654 if (s->drive_kind != IDE_CFATA) {
1655 goto abort_cmd;
1656 }
1657 s->io8 = !(s->feature & 0x80);
1658 return true;
1659 case 0x02: /* write cache enable */
1660 blk_set_enable_write_cache(s->blk, true);
1661 identify_data = (uint16_t *)s->identify_data;
1662 put_le16(identify_data + 85, (1 << 14) | (1 << 5) | 1);
1663 return true;
1664 case 0x82: /* write cache disable */
1665 blk_set_enable_write_cache(s->blk, false);
1666 identify_data = (uint16_t *)s->identify_data;
1667 put_le16(identify_data + 85, (1 << 14) | 1);
1668 ide_flush_cache(s);
1669 return false;
1670 case 0xcc: /* reverting to power-on defaults enable */
1671 s->reset_reverts = true;
1672 return true;
1673 case 0x66: /* reverting to power-on defaults disable */
1674 s->reset_reverts = false;
1675 return true;
1676 case 0xaa: /* read look-ahead enable */
1677 case 0x55: /* read look-ahead disable */
1678 case 0x05: /* set advanced power management mode */
1679 case 0x85: /* disable advanced power management mode */
1680 case 0x69: /* NOP */
1681 case 0x67: /* NOP */
1682 case 0x96: /* NOP */
1683 case 0x9a: /* NOP */
1684 case 0x42: /* enable Automatic Acoustic Mode */
1685 case 0xc2: /* disable Automatic Acoustic Mode */
1686 return true;
1687 case 0x03: /* set transfer mode */
1688 {
1689 uint8_t val = s->nsector & 0x07;
1690 identify_data = (uint16_t *)s->identify_data;
1691
1692 switch (s->nsector >> 3) {
1693 case 0x00: /* pio default */
1694 case 0x01: /* pio mode */
1695 put_le16(identify_data + 62, 0x07);
1696 put_le16(identify_data + 63, 0x07);
1697 put_le16(identify_data + 88, 0x3f);
1698 break;
1699 case 0x02: /* sigle word dma mode*/
1700 put_le16(identify_data + 62, 0x07 | (1 << (val + 8)));
1701 put_le16(identify_data + 63, 0x07);
1702 put_le16(identify_data + 88, 0x3f);
1703 break;
1704 case 0x04: /* mdma mode */
1705 put_le16(identify_data + 62, 0x07);
1706 put_le16(identify_data + 63, 0x07 | (1 << (val + 8)));
1707 put_le16(identify_data + 88, 0x3f);
1708 break;
1709 case 0x08: /* udma mode */
1710 put_le16(identify_data + 62, 0x07);
1711 put_le16(identify_data + 63, 0x07);
1712 put_le16(identify_data + 88, 0x3f | (1 << (val + 8)));
1713 break;
1714 default:
1715 goto abort_cmd;
1716 }
1717 return true;
1718 }
1719 }
1720
1721 abort_cmd:
1722 ide_abort_command(s);
1723 return true;
1724 }
1725
1726
1727 /*** ATAPI commands ***/
1728
1729 static bool cmd_identify_packet(IDEState *s, uint8_t cmd)
1730 {
1731 ide_atapi_identify(s);
1732 s->status = READY_STAT | SEEK_STAT;
1733 ide_transfer_start(s, s->io_buffer, 512, ide_transfer_stop);
1734 ide_bus_set_irq(s->bus);
1735 return false;
1736 }
1737
1738 /* EXECUTE DEVICE DIAGNOSTIC */
1739 static bool cmd_exec_dev_diagnostic(IDEState *s, uint8_t cmd)
1740 {
1741 /*
1742 * Clear the device register per the ATA (v6) specification,
1743 * because ide_set_signature does not clear LBA or drive bits.
1744 */
1745 s->select = (ATA_DEV_ALWAYS_ON);
1746 ide_set_signature(s);
1747
1748 if (s->drive_kind == IDE_CD) {
1749 s->status = 0; /* ATAPI spec (v6) section 9.10 defines packet
1750 * devices to return a clear status register
1751 * with READY_STAT *not* set. */
1752 s->error = 0x01;
1753 } else {
1754 s->status = READY_STAT | SEEK_STAT;
1755 /* The bits of the error register are not as usual for this command!
1756 * They are part of the regular output (this is why ERR_STAT isn't set)
1757 * Device 0 passed, Device 1 passed or not present. */
1758 s->error = 0x01;
1759 ide_bus_set_irq(s->bus);
1760 }
1761
1762 return false;
1763 }
1764
1765 static bool cmd_packet(IDEState *s, uint8_t cmd)
1766 {
1767 /* overlapping commands not supported */
1768 if (s->feature & 0x02) {
1769 ide_abort_command(s);
1770 return true;
1771 }
1772
1773 s->status = READY_STAT | SEEK_STAT;
1774 s->atapi_dma = s->feature & 1;
1775 if (s->atapi_dma) {
1776 s->dma_cmd = IDE_DMA_ATAPI;
1777 }
1778 s->nsector = 1;
1779 ide_transfer_start(s, s->io_buffer, ATAPI_PACKET_SIZE,
1780 ide_atapi_cmd);
1781 return false;
1782 }
1783
1784
1785 /*** CF-ATA commands ***/
1786
1787 static bool cmd_cfa_req_ext_error_code(IDEState *s, uint8_t cmd)
1788 {
1789 s->error = 0x09; /* miscellaneous error */
1790 s->status = READY_STAT | SEEK_STAT;
1791 ide_bus_set_irq(s->bus);
1792
1793 return false;
1794 }
1795
1796 static bool cmd_cfa_erase_sectors(IDEState *s, uint8_t cmd)
1797 {
1798 /* WIN_SECURITY_FREEZE_LOCK has the same ID as CFA_WEAR_LEVEL and is
1799 * required for Windows 8 to work with AHCI */
1800
1801 if (cmd == CFA_WEAR_LEVEL) {
1802 s->nsector = 0;
1803 }
1804
1805 if (cmd == CFA_ERASE_SECTORS) {
1806 s->media_changed = 1;
1807 }
1808
1809 return true;
1810 }
1811
1812 static bool cmd_cfa_translate_sector(IDEState *s, uint8_t cmd)
1813 {
1814 s->status = READY_STAT | SEEK_STAT;
1815
1816 memset(s->io_buffer, 0, 0x200);
1817 s->io_buffer[0x00] = s->hcyl; /* Cyl MSB */
1818 s->io_buffer[0x01] = s->lcyl; /* Cyl LSB */
1819 s->io_buffer[0x02] = s->select; /* Head */
1820 s->io_buffer[0x03] = s->sector; /* Sector */
1821 s->io_buffer[0x04] = ide_get_sector(s) >> 16; /* LBA MSB */
1822 s->io_buffer[0x05] = ide_get_sector(s) >> 8; /* LBA */
1823 s->io_buffer[0x06] = ide_get_sector(s) >> 0; /* LBA LSB */
1824 s->io_buffer[0x13] = 0x00; /* Erase flag */
1825 s->io_buffer[0x18] = 0x00; /* Hot count */
1826 s->io_buffer[0x19] = 0x00; /* Hot count */
1827 s->io_buffer[0x1a] = 0x01; /* Hot count */
1828
1829 ide_transfer_start(s, s->io_buffer, 0x200, ide_transfer_stop);
1830 ide_bus_set_irq(s->bus);
1831
1832 return false;
1833 }
1834
1835 static bool cmd_cfa_access_metadata_storage(IDEState *s, uint8_t cmd)
1836 {
1837 switch (s->feature) {
1838 case 0x02: /* Inquiry Metadata Storage */
1839 ide_cfata_metadata_inquiry(s);
1840 break;
1841 case 0x03: /* Read Metadata Storage */
1842 ide_cfata_metadata_read(s);
1843 break;
1844 case 0x04: /* Write Metadata Storage */
1845 ide_cfata_metadata_write(s);
1846 break;
1847 default:
1848 ide_abort_command(s);
1849 return true;
1850 }
1851
1852 ide_transfer_start(s, s->io_buffer, 0x200, ide_transfer_stop);
1853 s->status = 0x00; /* NOTE: READY is _not_ set */
1854 ide_bus_set_irq(s->bus);
1855
1856 return false;
1857 }
1858
1859 static bool cmd_ibm_sense_condition(IDEState *s, uint8_t cmd)
1860 {
1861 switch (s->feature) {
1862 case 0x01: /* sense temperature in device */
1863 s->nsector = 0x50; /* +20 C */
1864 break;
1865 default:
1866 ide_abort_command(s);
1867 return true;
1868 }
1869
1870 return true;
1871 }
1872
1873
1874 /*** SMART commands ***/
1875
1876 static bool cmd_smart(IDEState *s, uint8_t cmd)
1877 {
1878 int n;
1879
1880 if (s->hcyl != 0xc2 || s->lcyl != 0x4f) {
1881 goto abort_cmd;
1882 }
1883
1884 if (!s->smart_enabled && s->feature != SMART_ENABLE) {
1885 goto abort_cmd;
1886 }
1887
1888 switch (s->feature) {
1889 case SMART_DISABLE:
1890 s->smart_enabled = 0;
1891 return true;
1892
1893 case SMART_ENABLE:
1894 s->smart_enabled = 1;
1895 return true;
1896
1897 case SMART_ATTR_AUTOSAVE:
1898 switch (s->sector) {
1899 case 0x00:
1900 s->smart_autosave = 0;
1901 break;
1902 case 0xf1:
1903 s->smart_autosave = 1;
1904 break;
1905 default:
1906 goto abort_cmd;
1907 }
1908 return true;
1909
1910 case SMART_STATUS:
1911 if (!s->smart_errors) {
1912 s->hcyl = 0xc2;
1913 s->lcyl = 0x4f;
1914 } else {
1915 s->hcyl = 0x2c;
1916 s->lcyl = 0xf4;
1917 }
1918 return true;
1919
1920 case SMART_READ_THRESH:
1921 memset(s->io_buffer, 0, 0x200);
1922 s->io_buffer[0] = 0x01; /* smart struct version */
1923
1924 for (n = 0; n < ARRAY_SIZE(smart_attributes); n++) {
1925 s->io_buffer[2 + 0 + (n * 12)] = smart_attributes[n][0];
1926 s->io_buffer[2 + 1 + (n * 12)] = smart_attributes[n][11];
1927 }
1928
1929 /* checksum */
1930 for (n = 0; n < 511; n++) {
1931 s->io_buffer[511] += s->io_buffer[n];
1932 }
1933 s->io_buffer[511] = 0x100 - s->io_buffer[511];
1934
1935 s->status = READY_STAT | SEEK_STAT;
1936 ide_transfer_start(s, s->io_buffer, 0x200, ide_transfer_stop);
1937 ide_bus_set_irq(s->bus);
1938 return false;
1939
1940 case SMART_READ_DATA:
1941 memset(s->io_buffer, 0, 0x200);
1942 s->io_buffer[0] = 0x01; /* smart struct version */
1943
1944 for (n = 0; n < ARRAY_SIZE(smart_attributes); n++) {
1945 int i;
1946 for (i = 0; i < 11; i++) {
1947 s->io_buffer[2 + i + (n * 12)] = smart_attributes[n][i];
1948 }
1949 }
1950
1951 s->io_buffer[362] = 0x02 | (s->smart_autosave ? 0x80 : 0x00);
1952 if (s->smart_selftest_count == 0) {
1953 s->io_buffer[363] = 0;
1954 } else {
1955 s->io_buffer[363] =
1956 s->smart_selftest_data[3 +
1957 (s->smart_selftest_count - 1) *
1958 24];
1959 }
1960 s->io_buffer[364] = 0x20;
1961 s->io_buffer[365] = 0x01;
1962 /* offline data collection capacity: execute + self-test*/
1963 s->io_buffer[367] = (1 << 4 | 1 << 3 | 1);
1964 s->io_buffer[368] = 0x03; /* smart capability (1) */
1965 s->io_buffer[369] = 0x00; /* smart capability (2) */
1966 s->io_buffer[370] = 0x01; /* error logging supported */
1967 s->io_buffer[372] = 0x02; /* minutes for poll short test */
1968 s->io_buffer[373] = 0x36; /* minutes for poll ext test */
1969 s->io_buffer[374] = 0x01; /* minutes for poll conveyance */
1970
1971 for (n = 0; n < 511; n++) {
1972 s->io_buffer[511] += s->io_buffer[n];
1973 }
1974 s->io_buffer[511] = 0x100 - s->io_buffer[511];
1975
1976 s->status = READY_STAT | SEEK_STAT;
1977 ide_transfer_start(s, s->io_buffer, 0x200, ide_transfer_stop);
1978 ide_bus_set_irq(s->bus);
1979 return false;
1980
1981 case SMART_READ_LOG:
1982 switch (s->sector) {
1983 case 0x01: /* summary smart error log */
1984 memset(s->io_buffer, 0, 0x200);
1985 s->io_buffer[0] = 0x01;
1986 s->io_buffer[1] = 0x00; /* no error entries */
1987 s->io_buffer[452] = s->smart_errors & 0xff;
1988 s->io_buffer[453] = (s->smart_errors & 0xff00) >> 8;
1989
1990 for (n = 0; n < 511; n++) {
1991 s->io_buffer[511] += s->io_buffer[n];
1992 }
1993 s->io_buffer[511] = 0x100 - s->io_buffer[511];
1994 break;
1995 case 0x06: /* smart self test log */
1996 memset(s->io_buffer, 0, 0x200);
1997 s->io_buffer[0] = 0x01;
1998 if (s->smart_selftest_count == 0) {
1999 s->io_buffer[508] = 0;
2000 } else {
2001 s->io_buffer[508] = s->smart_selftest_count;
2002 for (n = 2; n < 506; n++) {
2003 s->io_buffer[n] = s->smart_selftest_data[n];
2004 }
2005 }
2006
2007 for (n = 0; n < 511; n++) {
2008 s->io_buffer[511] += s->io_buffer[n];
2009 }
2010 s->io_buffer[511] = 0x100 - s->io_buffer[511];
2011 break;
2012 default:
2013 goto abort_cmd;
2014 }
2015 s->status = READY_STAT | SEEK_STAT;
2016 ide_transfer_start(s, s->io_buffer, 0x200, ide_transfer_stop);
2017 ide_bus_set_irq(s->bus);
2018 return false;
2019
2020 case SMART_EXECUTE_OFFLINE:
2021 switch (s->sector) {
2022 case 0: /* off-line routine */
2023 case 1: /* short self test */
2024 case 2: /* extended self test */
2025 s->smart_selftest_count++;
2026 if (s->smart_selftest_count > 21) {
2027 s->smart_selftest_count = 1;
2028 }
2029 n = 2 + (s->smart_selftest_count - 1) * 24;
2030 s->smart_selftest_data[n] = s->sector;
2031 s->smart_selftest_data[n + 1] = 0x00; /* OK and finished */
2032 s->smart_selftest_data[n + 2] = 0x34; /* hour count lsb */
2033 s->smart_selftest_data[n + 3] = 0x12; /* hour count msb */
2034 break;
2035 default:
2036 goto abort_cmd;
2037 }
2038 return true;
2039 }
2040
2041 abort_cmd:
2042 ide_abort_command(s);
2043 return true;
2044 }
2045
2046 #define HD_OK (1u << IDE_HD)
2047 #define CD_OK (1u << IDE_CD)
2048 #define CFA_OK (1u << IDE_CFATA)
2049 #define HD_CFA_OK (HD_OK | CFA_OK)
2050 #define ALL_OK (HD_OK | CD_OK | CFA_OK)
2051
2052 /* Set the Disk Seek Completed status bit during completion */
2053 #define SET_DSC (1u << 8)
2054
2055 /* See ACS-2 T13/2015-D Table B.2 Command codes */
2056 static const struct {
2057 /* Returns true if the completion code should be run */
2058 bool (*handler)(IDEState *s, uint8_t cmd);
2059 int flags;
2060 } ide_cmd_table[0x100] = {
2061 /* NOP not implemented, mandatory for CD */
2062 [CFA_REQ_EXT_ERROR_CODE] = { cmd_cfa_req_ext_error_code, CFA_OK },
2063 [WIN_DSM] = { cmd_data_set_management, HD_CFA_OK },
2064 [WIN_DEVICE_RESET] = { cmd_device_reset, CD_OK },
2065 [WIN_RECAL] = { cmd_nop, HD_CFA_OK | SET_DSC},
2066 [WIN_READ] = { cmd_read_pio, ALL_OK },
2067 [WIN_READ_ONCE] = { cmd_read_pio, HD_CFA_OK },
2068 [WIN_READ_EXT] = { cmd_read_pio, HD_CFA_OK },
2069 [WIN_READDMA_EXT] = { cmd_read_dma, HD_CFA_OK },
2070 [WIN_READ_NATIVE_MAX_EXT] = { cmd_read_native_max, HD_CFA_OK | SET_DSC },
2071 [WIN_MULTREAD_EXT] = { cmd_read_multiple, HD_CFA_OK },
2072 [WIN_WRITE] = { cmd_write_pio, HD_CFA_OK },
2073 [WIN_WRITE_ONCE] = { cmd_write_pio, HD_CFA_OK },
2074 [WIN_WRITE_EXT] = { cmd_write_pio, HD_CFA_OK },
2075 [WIN_WRITEDMA_EXT] = { cmd_write_dma, HD_CFA_OK },
2076 [CFA_WRITE_SECT_WO_ERASE] = { cmd_write_pio, CFA_OK },
2077 [WIN_MULTWRITE_EXT] = { cmd_write_multiple, HD_CFA_OK },
2078 [WIN_WRITE_VERIFY] = { cmd_write_pio, HD_CFA_OK },
2079 [WIN_VERIFY] = { cmd_verify, HD_CFA_OK | SET_DSC },
2080 [WIN_VERIFY_ONCE] = { cmd_verify, HD_CFA_OK | SET_DSC },
2081 [WIN_VERIFY_EXT] = { cmd_verify, HD_CFA_OK | SET_DSC },
2082 [WIN_SEEK] = { cmd_seek, HD_CFA_OK | SET_DSC },
2083 [CFA_TRANSLATE_SECTOR] = { cmd_cfa_translate_sector, CFA_OK },
2084 [WIN_DIAGNOSE] = { cmd_exec_dev_diagnostic, ALL_OK },
2085 [WIN_SPECIFY] = { cmd_specify, HD_CFA_OK | SET_DSC },
2086 [WIN_STANDBYNOW2] = { cmd_nop, HD_CFA_OK },
2087 [WIN_IDLEIMMEDIATE2] = { cmd_nop, HD_CFA_OK },
2088 [WIN_STANDBY2] = { cmd_nop, HD_CFA_OK },
2089 [WIN_SETIDLE2] = { cmd_nop, HD_CFA_OK },
2090 [WIN_CHECKPOWERMODE2] = { cmd_check_power_mode, HD_CFA_OK | SET_DSC },
2091 [WIN_SLEEPNOW2] = { cmd_nop, HD_CFA_OK },
2092 [WIN_PACKETCMD] = { cmd_packet, CD_OK },
2093 [WIN_PIDENTIFY] = { cmd_identify_packet, CD_OK },
2094 [WIN_SMART] = { cmd_smart, HD_CFA_OK | SET_DSC },
2095 [CFA_ACCESS_METADATA_STORAGE] = { cmd_cfa_access_metadata_storage, CFA_OK },
2096 [CFA_ERASE_SECTORS] = { cmd_cfa_erase_sectors, CFA_OK | SET_DSC },
2097 [WIN_MULTREAD] = { cmd_read_multiple, HD_CFA_OK },
2098 [WIN_MULTWRITE] = { cmd_write_multiple, HD_CFA_OK },
2099 [WIN_SETMULT] = { cmd_set_multiple_mode, HD_CFA_OK | SET_DSC },
2100 [WIN_READDMA] = { cmd_read_dma, HD_CFA_OK },
2101 [WIN_READDMA_ONCE] = { cmd_read_dma, HD_CFA_OK },
2102 [WIN_WRITEDMA] = { cmd_write_dma, HD_CFA_OK },
2103 [WIN_WRITEDMA_ONCE] = { cmd_write_dma, HD_CFA_OK },
2104 [CFA_WRITE_MULTI_WO_ERASE] = { cmd_write_multiple, CFA_OK },
2105 [WIN_STANDBYNOW1] = { cmd_nop, HD_CFA_OK },
2106 [WIN_IDLEIMMEDIATE] = { cmd_nop, HD_CFA_OK },
2107 [WIN_STANDBY] = { cmd_nop, HD_CFA_OK },
2108 [WIN_SETIDLE1] = { cmd_nop, HD_CFA_OK },
2109 [WIN_CHECKPOWERMODE1] = { cmd_check_power_mode, HD_CFA_OK | SET_DSC },
2110 [WIN_SLEEPNOW1] = { cmd_nop, HD_CFA_OK },
2111 [WIN_FLUSH_CACHE] = { cmd_flush_cache, ALL_OK },
2112 [WIN_FLUSH_CACHE_EXT] = { cmd_flush_cache, HD_CFA_OK },
2113 [WIN_IDENTIFY] = { cmd_identify, ALL_OK },
2114 [WIN_SETFEATURES] = { cmd_set_features, ALL_OK | SET_DSC },
2115 [IBM_SENSE_CONDITION] = { cmd_ibm_sense_condition, CFA_OK | SET_DSC },
2116 [CFA_WEAR_LEVEL] = { cmd_cfa_erase_sectors, HD_CFA_OK | SET_DSC },
2117 [WIN_READ_NATIVE_MAX] = { cmd_read_native_max, HD_CFA_OK | SET_DSC },
2118 };
2119
2120 static bool ide_cmd_permitted(IDEState *s, uint32_t cmd)
2121 {
2122 return cmd < ARRAY_SIZE(ide_cmd_table)
2123 && (ide_cmd_table[cmd].flags & (1u << s->drive_kind));
2124 }
2125
2126 void ide_bus_exec_cmd(IDEBus *bus, uint32_t val)
2127 {
2128 IDEState *s;
2129 bool complete;
2130
2131 s = ide_bus_active_if(bus);
2132 trace_ide_bus_exec_cmd(bus, s, val);
2133
2134 /* ignore commands to non existent slave */
2135 if (s != bus->ifs && !s->blk) {
2136 return;
2137 }
2138
2139 /* Only RESET is allowed while BSY and/or DRQ are set,
2140 * and only to ATAPI devices. */
2141 if (s->status & (BUSY_STAT|DRQ_STAT)) {
2142 if (val != WIN_DEVICE_RESET || s->drive_kind != IDE_CD) {
2143 return;
2144 }
2145 }
2146
2147 if (!ide_cmd_permitted(s, val)) {
2148 ide_abort_command(s);
2149 ide_bus_set_irq(s->bus);
2150 return;
2151 }
2152
2153 s->status = READY_STAT | BUSY_STAT;
2154 s->error = 0;
2155 s->io_buffer_offset = 0;
2156
2157 complete = ide_cmd_table[val].handler(s, val);
2158 if (complete) {
2159 s->status &= ~BUSY_STAT;
2160 assert(!!s->error == !!(s->status & ERR_STAT));
2161
2162 if ((ide_cmd_table[val].flags & SET_DSC) && !s->error) {
2163 s->status |= SEEK_STAT;
2164 }
2165
2166 ide_cmd_done(s);
2167 ide_bus_set_irq(s->bus);
2168 }
2169 }
2170
2171 /* IOport [R]ead [R]egisters */
2172 enum ATA_IOPORT_RR {
2173 ATA_IOPORT_RR_DATA = 0,
2174 ATA_IOPORT_RR_ERROR = 1,
2175 ATA_IOPORT_RR_SECTOR_COUNT = 2,
2176 ATA_IOPORT_RR_SECTOR_NUMBER = 3,
2177 ATA_IOPORT_RR_CYLINDER_LOW = 4,
2178 ATA_IOPORT_RR_CYLINDER_HIGH = 5,
2179 ATA_IOPORT_RR_DEVICE_HEAD = 6,
2180 ATA_IOPORT_RR_STATUS = 7,
2181 ATA_IOPORT_RR_NUM_REGISTERS,
2182 };
2183
2184 const char *ATA_IOPORT_RR_lookup[ATA_IOPORT_RR_NUM_REGISTERS] = {
2185 [ATA_IOPORT_RR_DATA] = "Data",
2186 [ATA_IOPORT_RR_ERROR] = "Error",
2187 [ATA_IOPORT_RR_SECTOR_COUNT] = "Sector Count",
2188 [ATA_IOPORT_RR_SECTOR_NUMBER] = "Sector Number",
2189 [ATA_IOPORT_RR_CYLINDER_LOW] = "Cylinder Low",
2190 [ATA_IOPORT_RR_CYLINDER_HIGH] = "Cylinder High",
2191 [ATA_IOPORT_RR_DEVICE_HEAD] = "Device/Head",
2192 [ATA_IOPORT_RR_STATUS] = "Status"
2193 };
2194
2195 uint32_t ide_ioport_read(void *opaque, uint32_t addr)
2196 {
2197 IDEBus *bus = opaque;
2198 IDEState *s = ide_bus_active_if(bus);
2199 uint32_t reg_num;
2200 int ret, hob;
2201
2202 reg_num = addr & 7;
2203 hob = bus->cmd & (IDE_CTRL_HOB);
2204 switch (reg_num) {
2205 case ATA_IOPORT_RR_DATA:
2206 /*
2207 * The pre-GRUB Solaris x86 bootloader relies upon inb
2208 * consuming a word from the drive's sector buffer.
2209 */
2210 ret = ide_data_readw(bus, addr) & 0xff;
2211 break;
2212 case ATA_IOPORT_RR_ERROR:
2213 if ((!bus->ifs[0].blk && !bus->ifs[1].blk) ||
2214 (s != bus->ifs && !s->blk)) {
2215 ret = 0;
2216 } else if (!hob) {
2217 ret = s->error;
2218 } else {
2219 ret = s->hob_feature;
2220 }
2221 break;
2222 case ATA_IOPORT_RR_SECTOR_COUNT:
2223 if (!bus->ifs[0].blk && !bus->ifs[1].blk) {
2224 ret = 0;
2225 } else if (!hob) {
2226 ret = s->nsector & 0xff;
2227 } else {
2228 ret = s->hob_nsector;
2229 }
2230 break;
2231 case ATA_IOPORT_RR_SECTOR_NUMBER:
2232 if (!bus->ifs[0].blk && !bus->ifs[1].blk) {
2233 ret = 0;
2234 } else if (!hob) {
2235 ret = s->sector;
2236 } else {
2237 ret = s->hob_sector;
2238 }
2239 break;
2240 case ATA_IOPORT_RR_CYLINDER_LOW:
2241 if (!bus->ifs[0].blk && !bus->ifs[1].blk) {
2242 ret = 0;
2243 } else if (!hob) {
2244 ret = s->lcyl;
2245 } else {
2246 ret = s->hob_lcyl;
2247 }
2248 break;
2249 case ATA_IOPORT_RR_CYLINDER_HIGH:
2250 if (!bus->ifs[0].blk && !bus->ifs[1].blk) {
2251 ret = 0;
2252 } else if (!hob) {
2253 ret = s->hcyl;
2254 } else {
2255 ret = s->hob_hcyl;
2256 }
2257 break;
2258 case ATA_IOPORT_RR_DEVICE_HEAD:
2259 if (!bus->ifs[0].blk && !bus->ifs[1].blk) {
2260 ret = 0;
2261 } else {
2262 ret = s->select;
2263 }
2264 break;
2265 default:
2266 case ATA_IOPORT_RR_STATUS:
2267 if ((!bus->ifs[0].blk && !bus->ifs[1].blk) ||
2268 (s != bus->ifs && !s->blk)) {
2269 ret = 0;
2270 } else {
2271 ret = s->status;
2272 }
2273 qemu_irq_lower(bus->irq);
2274 break;
2275 }
2276
2277 trace_ide_ioport_read(addr, ATA_IOPORT_RR_lookup[reg_num], ret, bus, s);
2278 return ret;
2279 }
2280
2281 uint32_t ide_status_read(void *opaque, uint32_t addr)
2282 {
2283 IDEBus *bus = opaque;
2284 IDEState *s = ide_bus_active_if(bus);
2285 int ret;
2286
2287 if ((!bus->ifs[0].blk && !bus->ifs[1].blk) ||
2288 (s != bus->ifs && !s->blk)) {
2289 ret = 0;
2290 } else {
2291 ret = s->status;
2292 }
2293
2294 trace_ide_status_read(addr, ret, bus, s);
2295 return ret;
2296 }
2297
2298 static void ide_perform_srst(IDEState *s)
2299 {
2300 s->status |= BUSY_STAT;
2301
2302 /* Halt PIO (Via register state); PIO BH remains scheduled. */
2303 ide_transfer_halt(s);
2304
2305 /* Cancel DMA -- may drain block device and invoke callbacks */
2306 ide_cancel_dma_sync(s);
2307
2308 /* Cancel PIO callback, reset registers/signature, etc */
2309 ide_reset(s);
2310
2311 /* perform diagnostic */
2312 cmd_exec_dev_diagnostic(s, WIN_DIAGNOSE);
2313 }
2314
2315 static void ide_bus_perform_srst(void *opaque)
2316 {
2317 IDEBus *bus = opaque;
2318 IDEState *s;
2319 int i;
2320
2321 for (i = 0; i < 2; i++) {
2322 s = &bus->ifs[i];
2323 ide_perform_srst(s);
2324 }
2325
2326 bus->cmd &= ~IDE_CTRL_RESET;
2327 }
2328
2329 void ide_ctrl_write(void *opaque, uint32_t addr, uint32_t val)
2330 {
2331 IDEBus *bus = opaque;
2332 IDEState *s;
2333 int i;
2334
2335 trace_ide_ctrl_write(addr, val, bus);
2336
2337 /* Device0 and Device1 each have their own control register,
2338 * but QEMU models it as just one register in the controller. */
2339 if (!(bus->cmd & IDE_CTRL_RESET) && (val & IDE_CTRL_RESET)) {
2340 for (i = 0; i < 2; i++) {
2341 s = &bus->ifs[i];
2342 s->status |= BUSY_STAT;
2343 }
2344 replay_bh_schedule_oneshot_event(qemu_get_aio_context(),
2345 ide_bus_perform_srst, bus);
2346 }
2347
2348 bus->cmd = val;
2349 }
2350
2351 /*
2352 * Returns true if the running PIO transfer is a PIO out (i.e. data is
2353 * transferred from the device to the guest), false if it's a PIO in
2354 */
2355 static bool ide_is_pio_out(IDEState *s)
2356 {
2357 if (s->end_transfer_func == ide_sector_write ||
2358 s->end_transfer_func == ide_atapi_cmd) {
2359 return false;
2360 } else if (s->end_transfer_func == ide_sector_read ||
2361 s->end_transfer_func == ide_transfer_stop ||
2362 s->end_transfer_func == ide_atapi_cmd_reply_end ||
2363 s->end_transfer_func == ide_dummy_transfer_stop) {
2364 return true;
2365 }
2366
2367 abort();
2368 }
2369
2370 void ide_data_writew(void *opaque, uint32_t addr, uint32_t val)
2371 {
2372 IDEBus *bus = opaque;
2373 IDEState *s = ide_bus_active_if(bus);
2374 uint8_t *p;
2375
2376 trace_ide_data_writew(addr, val, bus, s);
2377
2378 /* PIO data access allowed only when DRQ bit is set. The result of a write
2379 * during PIO out is indeterminate, just ignore it. */
2380 if (!(s->status & DRQ_STAT) || ide_is_pio_out(s)) {
2381 return;
2382 }
2383
2384 p = s->data_ptr;
2385 if (s->io8) {
2386 if (p + 1 > s->data_end) {
2387 return;
2388 }
2389
2390 *p++ = val;
2391 } else {
2392 if (p + 2 > s->data_end) {
2393 return;
2394 }
2395
2396 *(uint16_t *)p = le16_to_cpu(val);
2397 p += 2;
2398 }
2399 s->data_ptr = p;
2400 if (p >= s->data_end) {
2401 s->status &= ~DRQ_STAT;
2402 s->end_transfer_func(s);
2403 }
2404 }
2405
2406 uint32_t ide_data_readw(void *opaque, uint32_t addr)
2407 {
2408 IDEBus *bus = opaque;
2409 IDEState *s = ide_bus_active_if(bus);
2410 uint8_t *p;
2411 int ret;
2412
2413 /* PIO data access allowed only when DRQ bit is set. The result of a read
2414 * during PIO in is indeterminate, return 0 and don't move forward. */
2415 if (!(s->status & DRQ_STAT) || !ide_is_pio_out(s)) {
2416 return 0;
2417 }
2418
2419 p = s->data_ptr;
2420 if (s->io8) {
2421 if (p + 1 > s->data_end) {
2422 return 0;
2423 }
2424
2425 ret = *p++;
2426 } else {
2427 if (p + 2 > s->data_end) {
2428 return 0;
2429 }
2430
2431 ret = cpu_to_le16(*(uint16_t *)p);
2432 p += 2;
2433 }
2434 s->data_ptr = p;
2435 if (p >= s->data_end) {
2436 s->status &= ~DRQ_STAT;
2437 s->end_transfer_func(s);
2438 }
2439
2440 trace_ide_data_readw(addr, ret, bus, s);
2441 return ret;
2442 }
2443
2444 void ide_data_writel(void *opaque, uint32_t addr, uint32_t val)
2445 {
2446 IDEBus *bus = opaque;
2447 IDEState *s = ide_bus_active_if(bus);
2448 uint8_t *p;
2449
2450 trace_ide_data_writel(addr, val, bus, s);
2451
2452 /* PIO data access allowed only when DRQ bit is set. The result of a write
2453 * during PIO out is indeterminate, just ignore it. */
2454 if (!(s->status & DRQ_STAT) || ide_is_pio_out(s)) {
2455 return;
2456 }
2457
2458 p = s->data_ptr;
2459 if (p + 4 > s->data_end) {
2460 return;
2461 }
2462
2463 *(uint32_t *)p = le32_to_cpu(val);
2464 p += 4;
2465 s->data_ptr = p;
2466 if (p >= s->data_end) {
2467 s->status &= ~DRQ_STAT;
2468 s->end_transfer_func(s);
2469 }
2470 }
2471
2472 uint32_t ide_data_readl(void *opaque, uint32_t addr)
2473 {
2474 IDEBus *bus = opaque;
2475 IDEState *s = ide_bus_active_if(bus);
2476 uint8_t *p;
2477 int ret;
2478
2479 /* PIO data access allowed only when DRQ bit is set. The result of a read
2480 * during PIO in is indeterminate, return 0 and don't move forward. */
2481 if (!(s->status & DRQ_STAT) || !ide_is_pio_out(s)) {
2482 ret = 0;
2483 goto out;
2484 }
2485
2486 p = s->data_ptr;
2487 if (p + 4 > s->data_end) {
2488 return 0;
2489 }
2490
2491 ret = cpu_to_le32(*(uint32_t *)p);
2492 p += 4;
2493 s->data_ptr = p;
2494 if (p >= s->data_end) {
2495 s->status &= ~DRQ_STAT;
2496 s->end_transfer_func(s);
2497 }
2498
2499 out:
2500 trace_ide_data_readl(addr, ret, bus, s);
2501 return ret;
2502 }
2503
2504 static void ide_dummy_transfer_stop(IDEState *s)
2505 {
2506 s->data_ptr = s->io_buffer;
2507 s->data_end = s->io_buffer;
2508 s->io_buffer[0] = 0xff;
2509 s->io_buffer[1] = 0xff;
2510 s->io_buffer[2] = 0xff;
2511 s->io_buffer[3] = 0xff;
2512 }
2513
2514 void ide_bus_reset(IDEBus *bus)
2515 {
2516 bus->unit = 0;
2517 bus->cmd = 0;
2518 ide_reset(&bus->ifs[0]);
2519 ide_reset(&bus->ifs[1]);
2520 ide_clear_hob(bus);
2521
2522 /* pending async DMA */
2523 if (bus->dma->aiocb) {
2524 trace_ide_bus_reset_aio();
2525 blk_aio_cancel(bus->dma->aiocb);
2526 bus->dma->aiocb = NULL;
2527 }
2528
2529 /* reset dma provider too */
2530 if (bus->dma->ops->reset) {
2531 bus->dma->ops->reset(bus->dma);
2532 }
2533 }
2534
2535 static bool ide_cd_is_tray_open(void *opaque)
2536 {
2537 return ((IDEState *)opaque)->tray_open;
2538 }
2539
2540 static bool ide_cd_is_medium_locked(void *opaque)
2541 {
2542 return ((IDEState *)opaque)->tray_locked;
2543 }
2544
2545 static void ide_resize_cb(void *opaque)
2546 {
2547 IDEState *s = opaque;
2548 uint64_t nb_sectors;
2549
2550 if (!s->identify_set) {
2551 return;
2552 }
2553
2554 blk_get_geometry(s->blk, &nb_sectors);
2555 s->nb_sectors = nb_sectors;
2556
2557 /* Update the identify data buffer. */
2558 if (s->drive_kind == IDE_CFATA) {
2559 ide_cfata_identify_size(s);
2560 } else {
2561 /* IDE_CD uses a different set of callbacks entirely. */
2562 assert(s->drive_kind != IDE_CD);
2563 ide_identify_size(s);
2564 }
2565 }
2566
2567 static const BlockDevOps ide_cd_block_ops = {
2568 .change_media_cb = ide_cd_change_cb,
2569 .eject_request_cb = ide_cd_eject_request_cb,
2570 .is_tray_open = ide_cd_is_tray_open,
2571 .is_medium_locked = ide_cd_is_medium_locked,
2572 };
2573
2574 static const BlockDevOps ide_hd_block_ops = {
2575 .resize_cb = ide_resize_cb,
2576 };
2577
2578 int ide_init_drive(IDEState *s, BlockBackend *blk, IDEDriveKind kind,
2579 const char *version, const char *serial, const char *model,
2580 uint64_t wwn,
2581 uint32_t cylinders, uint32_t heads, uint32_t secs,
2582 int chs_trans, Error **errp)
2583 {
2584 uint64_t nb_sectors;
2585
2586 s->blk = blk;
2587 s->drive_kind = kind;
2588
2589 blk_get_geometry(blk, &nb_sectors);
2590 s->cylinders = cylinders;
2591 s->heads = s->drive_heads = heads;
2592 s->sectors = s->drive_sectors = secs;
2593 s->chs_trans = chs_trans;
2594 s->nb_sectors = nb_sectors;
2595 s->wwn = wwn;
2596 /* The SMART values should be preserved across power cycles
2597 but they aren't. */
2598 s->smart_enabled = 1;
2599 s->smart_autosave = 1;
2600 s->smart_errors = 0;
2601 s->smart_selftest_count = 0;
2602 if (kind == IDE_CD) {
2603 blk_set_dev_ops(blk, &ide_cd_block_ops, s);
2604 } else {
2605 if (!blk_is_inserted(s->blk)) {
2606 error_setg(errp, "Device needs media, but drive is empty");
2607 return -1;
2608 }
2609 if (!blk_is_writable(blk)) {
2610 error_setg(errp, "Can't use a read-only drive");
2611 return -1;
2612 }
2613 blk_set_dev_ops(blk, &ide_hd_block_ops, s);
2614 }
2615 if (serial) {
2616 pstrcpy(s->drive_serial_str, sizeof(s->drive_serial_str), serial);
2617 } else {
2618 snprintf(s->drive_serial_str, sizeof(s->drive_serial_str),
2619 "QM%05d", s->drive_serial);
2620 }
2621 if (model) {
2622 pstrcpy(s->drive_model_str, sizeof(s->drive_model_str), model);
2623 } else {
2624 switch (kind) {
2625 case IDE_CD:
2626 strcpy(s->drive_model_str, "QEMU DVD-ROM");
2627 break;
2628 case IDE_CFATA:
2629 strcpy(s->drive_model_str, "QEMU MICRODRIVE");
2630 break;
2631 default:
2632 strcpy(s->drive_model_str, "QEMU HARDDISK");
2633 break;
2634 }
2635 }
2636
2637 if (version) {
2638 pstrcpy(s->version, sizeof(s->version), version);
2639 } else {
2640 pstrcpy(s->version, sizeof(s->version), qemu_hw_version());
2641 }
2642
2643 ide_reset(s);
2644 blk_iostatus_enable(blk);
2645 return 0;
2646 }
2647
2648 static void ide_init1(IDEBus *bus, int unit)
2649 {
2650 static int drive_serial = 1;
2651 IDEState *s = &bus->ifs[unit];
2652
2653 s->bus = bus;
2654 s->unit = unit;
2655 s->drive_serial = drive_serial++;
2656 /* we need at least 2k alignment for accessing CDROMs using O_DIRECT */
2657 s->io_buffer_total_len = IDE_DMA_BUF_SECTORS*512 + 4;
2658 s->io_buffer = qemu_memalign(2048, s->io_buffer_total_len);
2659 memset(s->io_buffer, 0, s->io_buffer_total_len);
2660
2661 s->smart_selftest_data = blk_blockalign(s->blk, 512);
2662 memset(s->smart_selftest_data, 0, 512);
2663
2664 s->sector_write_timer = timer_new_ns(QEMU_CLOCK_VIRTUAL,
2665 ide_sector_write_timer_cb, s);
2666 }
2667
2668 static int ide_nop_int(const IDEDMA *dma, bool is_write)
2669 {
2670 return 0;
2671 }
2672
2673 static void ide_nop(const IDEDMA *dma)
2674 {
2675 }
2676
2677 static int32_t ide_nop_int32(const IDEDMA *dma, int32_t l)
2678 {
2679 return 0;
2680 }
2681
2682 static const IDEDMAOps ide_dma_nop_ops = {
2683 .prepare_buf = ide_nop_int32,
2684 .restart_dma = ide_nop,
2685 .rw_buf = ide_nop_int,
2686 };
2687
2688 static void ide_restart_dma(IDEState *s, enum ide_dma_cmd dma_cmd)
2689 {
2690 s->unit = s->bus->retry_unit;
2691 ide_set_sector(s, s->bus->retry_sector_num);
2692 s->nsector = s->bus->retry_nsector;
2693 s->bus->dma->ops->restart_dma(s->bus->dma);
2694 s->io_buffer_size = 0;
2695 s->dma_cmd = dma_cmd;
2696 ide_start_dma(s, ide_dma_cb);
2697 }
2698
2699 static void ide_restart_bh(void *opaque)
2700 {
2701 IDEBus *bus = opaque;
2702 IDEState *s;
2703 bool is_read;
2704 int error_status;
2705
2706 qemu_bh_delete(bus->bh);
2707 bus->bh = NULL;
2708
2709 error_status = bus->error_status;
2710 if (bus->error_status == 0) {
2711 return;
2712 }
2713
2714 s = ide_bus_active_if(bus);
2715 is_read = (bus->error_status & IDE_RETRY_READ) != 0;
2716
2717 /* The error status must be cleared before resubmitting the request: The
2718 * request may fail again, and this case can only be distinguished if the
2719 * called function can set a new error status. */
2720 bus->error_status = 0;
2721
2722 /* The HBA has generically asked to be kicked on retry */
2723 if (error_status & IDE_RETRY_HBA) {
2724 if (s->bus->dma->ops->restart) {
2725 s->bus->dma->ops->restart(s->bus->dma);
2726 }
2727 } else if (IS_IDE_RETRY_DMA(error_status)) {
2728 if (error_status & IDE_RETRY_TRIM) {
2729 ide_restart_dma(s, IDE_DMA_TRIM);
2730 } else {
2731 ide_restart_dma(s, is_read ? IDE_DMA_READ : IDE_DMA_WRITE);
2732 }
2733 } else if (IS_IDE_RETRY_PIO(error_status)) {
2734 if (is_read) {
2735 ide_sector_read(s);
2736 } else {
2737 ide_sector_write(s);
2738 }
2739 } else if (error_status & IDE_RETRY_FLUSH) {
2740 ide_flush_cache(s);
2741 } else if (IS_IDE_RETRY_ATAPI(error_status)) {
2742 assert(s->end_transfer_func == ide_atapi_cmd);
2743 ide_atapi_dma_restart(s);
2744 } else {
2745 abort();
2746 }
2747 }
2748
2749 static void ide_restart_cb(void *opaque, bool running, RunState state)
2750 {
2751 IDEBus *bus = opaque;
2752
2753 if (!running)
2754 return;
2755
2756 if (!bus->bh) {
2757 bus->bh = qemu_bh_new(ide_restart_bh, bus);
2758 qemu_bh_schedule(bus->bh);
2759 }
2760 }
2761
2762 void ide_bus_register_restart_cb(IDEBus *bus)
2763 {
2764 if (bus->dma->ops->restart_dma) {
2765 bus->vmstate = qemu_add_vm_change_state_handler(ide_restart_cb, bus);
2766 }
2767 }
2768
2769 static IDEDMA ide_dma_nop = {
2770 .ops = &ide_dma_nop_ops,
2771 .aiocb = NULL,
2772 };
2773
2774 void ide_bus_init_output_irq(IDEBus *bus, qemu_irq irq_out)
2775 {
2776 int i;
2777
2778 for(i = 0; i < 2; i++) {
2779 ide_init1(bus, i);
2780 ide_reset(&bus->ifs[i]);
2781 }
2782 bus->irq = irq_out;
2783 bus->dma = &ide_dma_nop;
2784 }
2785
2786 void ide_bus_set_irq(IDEBus *bus)
2787 {
2788 if (!(bus->cmd & IDE_CTRL_DISABLE_IRQ)) {
2789 qemu_irq_raise(bus->irq);
2790 }
2791 }
2792
2793 void ide_exit(IDEState *s)
2794 {
2795 timer_free(s->sector_write_timer);
2796 qemu_vfree(s->smart_selftest_data);
2797 qemu_vfree(s->io_buffer);
2798 }
2799
2800 static bool is_identify_set(void *opaque, int version_id)
2801 {
2802 IDEState *s = opaque;
2803
2804 return s->identify_set != 0;
2805 }
2806
2807 static EndTransferFunc* transfer_end_table[] = {
2808 ide_sector_read,
2809 ide_sector_write,
2810 ide_transfer_stop,
2811 ide_atapi_cmd_reply_end,
2812 ide_atapi_cmd,
2813 ide_dummy_transfer_stop,
2814 };
2815
2816 static int transfer_end_table_idx(EndTransferFunc *fn)
2817 {
2818 int i;
2819
2820 for (i = 0; i < ARRAY_SIZE(transfer_end_table); i++)
2821 if (transfer_end_table[i] == fn)
2822 return i;
2823
2824 return -1;
2825 }
2826
2827 static int ide_drive_post_load(void *opaque, int version_id)
2828 {
2829 IDEState *s = opaque;
2830
2831 if (s->blk && s->identify_set) {
2832 blk_set_enable_write_cache(s->blk, !!(s->identify_data[85] & (1 << 5)));
2833 }
2834 return 0;
2835 }
2836
2837 static int ide_drive_pio_post_load(void *opaque, int version_id)
2838 {
2839 IDEState *s = opaque;
2840
2841 if (s->end_transfer_fn_idx >= ARRAY_SIZE(transfer_end_table)) {
2842 return -EINVAL;
2843 }
2844 s->end_transfer_func = transfer_end_table[s->end_transfer_fn_idx];
2845 s->data_ptr = s->io_buffer + s->cur_io_buffer_offset;
2846 s->data_end = s->data_ptr + s->cur_io_buffer_len;
2847 s->atapi_dma = s->feature & 1; /* as per cmd_packet */
2848
2849 return 0;
2850 }
2851
2852 static int ide_drive_pio_pre_save(void *opaque)
2853 {
2854 IDEState *s = opaque;
2855 int idx;
2856
2857 s->cur_io_buffer_offset = s->data_ptr - s->io_buffer;
2858 s->cur_io_buffer_len = s->data_end - s->data_ptr;
2859
2860 idx = transfer_end_table_idx(s->end_transfer_func);
2861 if (idx == -1) {
2862 fprintf(stderr, "%s: invalid end_transfer_func for DRQ_STAT\n",
2863 __func__);
2864 s->end_transfer_fn_idx = 2;
2865 } else {
2866 s->end_transfer_fn_idx = idx;
2867 }
2868
2869 return 0;
2870 }
2871
2872 static bool ide_drive_pio_state_needed(void *opaque)
2873 {
2874 IDEState *s = opaque;
2875
2876 return ((s->status & DRQ_STAT) != 0)
2877 || (s->bus->error_status & IDE_RETRY_PIO);
2878 }
2879
2880 static bool ide_tray_state_needed(void *opaque)
2881 {
2882 IDEState *s = opaque;
2883
2884 return s->tray_open || s->tray_locked;
2885 }
2886
2887 static bool ide_atapi_gesn_needed(void *opaque)
2888 {
2889 IDEState *s = opaque;
2890
2891 return s->events.new_media || s->events.eject_request;
2892 }
2893
2894 static bool ide_error_needed(void *opaque)
2895 {
2896 IDEBus *bus = opaque;
2897
2898 return (bus->error_status != 0);
2899 }
2900
2901 /* Fields for GET_EVENT_STATUS_NOTIFICATION ATAPI command */
2902 static const VMStateDescription vmstate_ide_atapi_gesn_state = {
2903 .name ="ide_drive/atapi/gesn_state",
2904 .version_id = 1,
2905 .minimum_version_id = 1,
2906 .needed = ide_atapi_gesn_needed,
2907 .fields = (VMStateField[]) {
2908 VMSTATE_BOOL(events.new_media, IDEState),
2909 VMSTATE_BOOL(events.eject_request, IDEState),
2910 VMSTATE_END_OF_LIST()
2911 }
2912 };
2913
2914 static const VMStateDescription vmstate_ide_tray_state = {
2915 .name = "ide_drive/tray_state",
2916 .version_id = 1,
2917 .minimum_version_id = 1,
2918 .needed = ide_tray_state_needed,
2919 .fields = (VMStateField[]) {
2920 VMSTATE_BOOL(tray_open, IDEState),
2921 VMSTATE_BOOL(tray_locked, IDEState),
2922 VMSTATE_END_OF_LIST()
2923 }
2924 };
2925
2926 static const VMStateDescription vmstate_ide_drive_pio_state = {
2927 .name = "ide_drive/pio_state",
2928 .version_id = 1,
2929 .minimum_version_id = 1,
2930 .pre_save = ide_drive_pio_pre_save,
2931 .post_load = ide_drive_pio_post_load,
2932 .needed = ide_drive_pio_state_needed,
2933 .fields = (VMStateField[]) {
2934 VMSTATE_INT32(req_nb_sectors, IDEState),
2935 VMSTATE_VARRAY_INT32(io_buffer, IDEState, io_buffer_total_len, 1,
2936 vmstate_info_uint8, uint8_t),
2937 VMSTATE_INT32(cur_io_buffer_offset, IDEState),
2938 VMSTATE_INT32(cur_io_buffer_len, IDEState),
2939 VMSTATE_UINT8(end_transfer_fn_idx, IDEState),
2940 VMSTATE_INT32(elementary_transfer_size, IDEState),
2941 VMSTATE_INT32(packet_transfer_size, IDEState),
2942 VMSTATE_END_OF_LIST()
2943 }
2944 };
2945
2946 const VMStateDescription vmstate_ide_drive = {
2947 .name = "ide_drive",
2948 .version_id = 3,
2949 .minimum_version_id = 0,
2950 .post_load = ide_drive_post_load,
2951 .fields = (VMStateField[]) {
2952 VMSTATE_INT32(mult_sectors, IDEState),
2953 VMSTATE_INT32(identify_set, IDEState),
2954 VMSTATE_BUFFER_TEST(identify_data, IDEState, is_identify_set),
2955 VMSTATE_UINT8(feature, IDEState),
2956 VMSTATE_UINT8(error, IDEState),
2957 VMSTATE_UINT32(nsector, IDEState),
2958 VMSTATE_UINT8(sector, IDEState),
2959 VMSTATE_UINT8(lcyl, IDEState),
2960 VMSTATE_UINT8(hcyl, IDEState),
2961 VMSTATE_UINT8(hob_feature, IDEState),
2962 VMSTATE_UINT8(hob_sector, IDEState),
2963 VMSTATE_UINT8(hob_nsector, IDEState),
2964 VMSTATE_UINT8(hob_lcyl, IDEState),
2965 VMSTATE_UINT8(hob_hcyl, IDEState),
2966 VMSTATE_UINT8(select, IDEState),
2967 VMSTATE_UINT8(status, IDEState),
2968 VMSTATE_UINT8(lba48, IDEState),
2969 VMSTATE_UINT8(sense_key, IDEState),
2970 VMSTATE_UINT8(asc, IDEState),
2971 VMSTATE_UINT8_V(cdrom_changed, IDEState, 3),
2972 VMSTATE_END_OF_LIST()
2973 },
2974 .subsections = (const VMStateDescription*[]) {
2975 &vmstate_ide_drive_pio_state,
2976 &vmstate_ide_tray_state,
2977 &vmstate_ide_atapi_gesn_state,
2978 NULL
2979 }
2980 };
2981
2982 static const VMStateDescription vmstate_ide_error_status = {
2983 .name ="ide_bus/error",
2984 .version_id = 2,
2985 .minimum_version_id = 1,
2986 .needed = ide_error_needed,
2987 .fields = (VMStateField[]) {
2988 VMSTATE_INT32(error_status, IDEBus),
2989 VMSTATE_INT64_V(retry_sector_num, IDEBus, 2),
2990 VMSTATE_UINT32_V(retry_nsector, IDEBus, 2),
2991 VMSTATE_UINT8_V(retry_unit, IDEBus, 2),
2992 VMSTATE_END_OF_LIST()
2993 }
2994 };
2995
2996 const VMStateDescription vmstate_ide_bus = {
2997 .name = "ide_bus",
2998 .version_id = 1,
2999 .minimum_version_id = 1,
3000 .fields = (VMStateField[]) {
3001 VMSTATE_UINT8(cmd, IDEBus),
3002 VMSTATE_UINT8(unit, IDEBus),
3003 VMSTATE_END_OF_LIST()
3004 },
3005 .subsections = (const VMStateDescription*[]) {
3006 &vmstate_ide_error_status,
3007 NULL
3008 }
3009 };
3010
3011 void ide_drive_get(DriveInfo **hd, int n)
3012 {
3013 int i;
3014
3015 for (i = 0; i < n; i++) {
3016 hd[i] = drive_get_by_index(IF_IDE, i);
3017 }
3018 }
Random patches