search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
PowerPC improvments:
[qemu/mini2440.git] / hw / ide.c
blob0cd2521737fa542dfa783839d7b7694d23db7546
1 /*
2 * QEMU IDE disk and CD-ROM Emulator
3 *
4 * Copyright (c) 2003 Fabrice Bellard
5 *
6 * Permission is hereby granted, free of charge, to any person obtaining a copy
7 * of this software and associated documentation files (the "Software"), to deal
8 * in the Software without restriction, including without limitation the rights
9 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
10 * copies of the Software, and to permit persons to whom the Software is
11 * furnished to do so, subject to the following conditions:
12 *
13 * The above copyright notice and this permission notice shall be included in
14 * all copies or substantial portions of the Software.
15 *
16 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
17 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
18 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
19 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
20 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
21 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
22 * THE SOFTWARE.
23 */
24 #include "vl.h"
25
26 /* debug IDE devices */
27 //#define DEBUG_IDE
28 //#define DEBUG_IDE_ATAPI
29 //#define DEBUG_AIO
30 #define USE_DMA_CDROM
31
32 /* Bits of HD_STATUS */
33 #define ERR_STAT 0x01
34 #define INDEX_STAT 0x02
35 #define ECC_STAT 0x04 /* Corrected error */
36 #define DRQ_STAT 0x08
37 #define SEEK_STAT 0x10
38 #define SRV_STAT 0x10
39 #define WRERR_STAT 0x20
40 #define READY_STAT 0x40
41 #define BUSY_STAT 0x80
42
43 /* Bits for HD_ERROR */
44 #define MARK_ERR 0x01 /* Bad address mark */
45 #define TRK0_ERR 0x02 /* couldn't find track 0 */
46 #define ABRT_ERR 0x04 /* Command aborted */
47 #define MCR_ERR 0x08 /* media change request */
48 #define ID_ERR 0x10 /* ID field not found */
49 #define MC_ERR 0x20 /* media changed */
50 #define ECC_ERR 0x40 /* Uncorrectable ECC error */
51 #define BBD_ERR 0x80 /* pre-EIDE meaning: block marked bad */
52 #define ICRC_ERR 0x80 /* new meaning: CRC error during transfer */
53
54 /* Bits of HD_NSECTOR */
55 #define CD 0x01
56 #define IO 0x02
57 #define REL 0x04
58 #define TAG_MASK 0xf8
59
60 #define IDE_CMD_RESET 0x04
61 #define IDE_CMD_DISABLE_IRQ 0x02
62
63 /* ATA/ATAPI Commands pre T13 Spec */
64 #define WIN_NOP 0x00
65 /*
66 * 0x01->0x02 Reserved
67 */
68 #define CFA_REQ_EXT_ERROR_CODE 0x03 /* CFA Request Extended Error Code */
69 /*
70 * 0x04->0x07 Reserved
71 */
72 #define WIN_SRST 0x08 /* ATAPI soft reset command */
73 #define WIN_DEVICE_RESET 0x08
74 /*
75 * 0x09->0x0F Reserved
76 */
77 #define WIN_RECAL 0x10
78 #define WIN_RESTORE WIN_RECAL
79 /*
80 * 0x10->0x1F Reserved
81 */
82 #define WIN_READ 0x20 /* 28-Bit */
83 #define WIN_READ_ONCE 0x21 /* 28-Bit without retries */
84 #define WIN_READ_LONG 0x22 /* 28-Bit */
85 #define WIN_READ_LONG_ONCE 0x23 /* 28-Bit without retries */
86 #define WIN_READ_EXT 0x24 /* 48-Bit */
87 #define WIN_READDMA_EXT 0x25 /* 48-Bit */
88 #define WIN_READDMA_QUEUED_EXT 0x26 /* 48-Bit */
89 #define WIN_READ_NATIVE_MAX_EXT 0x27 /* 48-Bit */
90 /*
91 * 0x28
92 */
93 #define WIN_MULTREAD_EXT 0x29 /* 48-Bit */
94 /*
95 * 0x2A->0x2F Reserved
96 */
97 #define WIN_WRITE 0x30 /* 28-Bit */
98 #define WIN_WRITE_ONCE 0x31 /* 28-Bit without retries */
99 #define WIN_WRITE_LONG 0x32 /* 28-Bit */
100 #define WIN_WRITE_LONG_ONCE 0x33 /* 28-Bit without retries */
101 #define WIN_WRITE_EXT 0x34 /* 48-Bit */
102 #define WIN_WRITEDMA_EXT 0x35 /* 48-Bit */
103 #define WIN_WRITEDMA_QUEUED_EXT 0x36 /* 48-Bit */
104 #define WIN_SET_MAX_EXT 0x37 /* 48-Bit */
105 #define CFA_WRITE_SECT_WO_ERASE 0x38 /* CFA Write Sectors without erase */
106 #define WIN_MULTWRITE_EXT 0x39 /* 48-Bit */
107 /*
108 * 0x3A->0x3B Reserved
109 */
110 #define WIN_WRITE_VERIFY 0x3C /* 28-Bit */
111 /*
112 * 0x3D->0x3F Reserved
113 */
114 #define WIN_VERIFY 0x40 /* 28-Bit - Read Verify Sectors */
115 #define WIN_VERIFY_ONCE 0x41 /* 28-Bit - without retries */
116 #define WIN_VERIFY_EXT 0x42 /* 48-Bit */
117 /*
118 * 0x43->0x4F Reserved
119 */
120 #define WIN_FORMAT 0x50
121 /*
122 * 0x51->0x5F Reserved
123 */
124 #define WIN_INIT 0x60
125 /*
126 * 0x61->0x5F Reserved
127 */
128 #define WIN_SEEK 0x70 /* 0x70-0x7F Reserved */
129 #define CFA_TRANSLATE_SECTOR 0x87 /* CFA Translate Sector */
130 #define WIN_DIAGNOSE 0x90
131 #define WIN_SPECIFY 0x91 /* set drive geometry translation */
132 #define WIN_DOWNLOAD_MICROCODE 0x92
133 #define WIN_STANDBYNOW2 0x94
134 #define WIN_STANDBY2 0x96
135 #define WIN_SETIDLE2 0x97
136 #define WIN_CHECKPOWERMODE2 0x98
137 #define WIN_SLEEPNOW2 0x99
138 /*
139 * 0x9A VENDOR
140 */
141 #define WIN_PACKETCMD 0xA0 /* Send a packet command. */
142 #define WIN_PIDENTIFY 0xA1 /* identify ATAPI device */
143 #define WIN_QUEUED_SERVICE 0xA2
144 #define WIN_SMART 0xB0 /* self-monitoring and reporting */
145 #define CFA_ERASE_SECTORS 0xC0
146 #define WIN_MULTREAD 0xC4 /* read sectors using multiple mode*/
147 #define WIN_MULTWRITE 0xC5 /* write sectors using multiple mode */
148 #define WIN_SETMULT 0xC6 /* enable/disable multiple mode */
149 #define WIN_READDMA_QUEUED 0xC7 /* read sectors using Queued DMA transfers */
150 #define WIN_READDMA 0xC8 /* read sectors using DMA transfers */
151 #define WIN_READDMA_ONCE 0xC9 /* 28-Bit - without retries */
152 #define WIN_WRITEDMA 0xCA /* write sectors using DMA transfers */
153 #define WIN_WRITEDMA_ONCE 0xCB /* 28-Bit - without retries */
154 #define WIN_WRITEDMA_QUEUED 0xCC /* write sectors using Queued DMA transfers */
155 #define CFA_WRITE_MULTI_WO_ERASE 0xCD /* CFA Write multiple without erase */
156 #define WIN_GETMEDIASTATUS 0xDA
157 #define WIN_ACKMEDIACHANGE 0xDB /* ATA-1, ATA-2 vendor */
158 #define WIN_POSTBOOT 0xDC
159 #define WIN_PREBOOT 0xDD
160 #define WIN_DOORLOCK 0xDE /* lock door on removable drives */
161 #define WIN_DOORUNLOCK 0xDF /* unlock door on removable drives */
162 #define WIN_STANDBYNOW1 0xE0
163 #define WIN_IDLEIMMEDIATE 0xE1 /* force drive to become "ready" */
164 #define WIN_STANDBY 0xE2 /* Set device in Standby Mode */
165 #define WIN_SETIDLE1 0xE3
166 #define WIN_READ_BUFFER 0xE4 /* force read only 1 sector */
167 #define WIN_CHECKPOWERMODE1 0xE5
168 #define WIN_SLEEPNOW1 0xE6
169 #define WIN_FLUSH_CACHE 0xE7
170 #define WIN_WRITE_BUFFER 0xE8 /* force write only 1 sector */
171 #define WIN_WRITE_SAME 0xE9 /* read ata-2 to use */
172 /* SET_FEATURES 0x22 or 0xDD */
173 #define WIN_FLUSH_CACHE_EXT 0xEA /* 48-Bit */
174 #define WIN_IDENTIFY 0xEC /* ask drive to identify itself */
175 #define WIN_MEDIAEJECT 0xED
176 #define WIN_IDENTIFY_DMA 0xEE /* same as WIN_IDENTIFY, but DMA */
177 #define WIN_SETFEATURES 0xEF /* set special drive features */
178 #define EXABYTE_ENABLE_NEST 0xF0
179 #define WIN_SECURITY_SET_PASS 0xF1
180 #define WIN_SECURITY_UNLOCK 0xF2
181 #define WIN_SECURITY_ERASE_PREPARE 0xF3
182 #define WIN_SECURITY_ERASE_UNIT 0xF4
183 #define WIN_SECURITY_FREEZE_LOCK 0xF5
184 #define WIN_SECURITY_DISABLE 0xF6
185 #define WIN_READ_NATIVE_MAX 0xF8 /* return the native maximum address */
186 #define WIN_SET_MAX 0xF9
187 #define DISABLE_SEAGATE 0xFB
188
189 /* set to 1 set disable mult support */
190 #define MAX_MULT_SECTORS 16
191
192 /* ATAPI defines */
193
194 #define ATAPI_PACKET_SIZE 12
195
196 /* The generic packet command opcodes for CD/DVD Logical Units,
197 * From Table 57 of the SFF8090 Ver. 3 (Mt. Fuji) draft standard. */
198 #define GPCMD_BLANK 0xa1
199 #define GPCMD_CLOSE_TRACK 0x5b
200 #define GPCMD_FLUSH_CACHE 0x35
201 #define GPCMD_FORMAT_UNIT 0x04
202 #define GPCMD_GET_CONFIGURATION 0x46
203 #define GPCMD_GET_EVENT_STATUS_NOTIFICATION 0x4a
204 #define GPCMD_GET_PERFORMANCE 0xac
205 #define GPCMD_INQUIRY 0x12
206 #define GPCMD_LOAD_UNLOAD 0xa6
207 #define GPCMD_MECHANISM_STATUS 0xbd
208 #define GPCMD_MODE_SELECT_10 0x55
209 #define GPCMD_MODE_SENSE_10 0x5a
210 #define GPCMD_PAUSE_RESUME 0x4b
211 #define GPCMD_PLAY_AUDIO_10 0x45
212 #define GPCMD_PLAY_AUDIO_MSF 0x47
213 #define GPCMD_PLAY_AUDIO_TI 0x48
214 #define GPCMD_PLAY_CD 0xbc
215 #define GPCMD_PREVENT_ALLOW_MEDIUM_REMOVAL 0x1e
216 #define GPCMD_READ_10 0x28
217 #define GPCMD_READ_12 0xa8
218 #define GPCMD_READ_CDVD_CAPACITY 0x25
219 #define GPCMD_READ_CD 0xbe
220 #define GPCMD_READ_CD_MSF 0xb9
221 #define GPCMD_READ_DISC_INFO 0x51
222 #define GPCMD_READ_DVD_STRUCTURE 0xad
223 #define GPCMD_READ_FORMAT_CAPACITIES 0x23
224 #define GPCMD_READ_HEADER 0x44
225 #define GPCMD_READ_TRACK_RZONE_INFO 0x52
226 #define GPCMD_READ_SUBCHANNEL 0x42
227 #define GPCMD_READ_TOC_PMA_ATIP 0x43
228 #define GPCMD_REPAIR_RZONE_TRACK 0x58
229 #define GPCMD_REPORT_KEY 0xa4
230 #define GPCMD_REQUEST_SENSE 0x03
231 #define GPCMD_RESERVE_RZONE_TRACK 0x53
232 #define GPCMD_SCAN 0xba
233 #define GPCMD_SEEK 0x2b
234 #define GPCMD_SEND_DVD_STRUCTURE 0xad
235 #define GPCMD_SEND_EVENT 0xa2
236 #define GPCMD_SEND_KEY 0xa3
237 #define GPCMD_SEND_OPC 0x54
238 #define GPCMD_SET_READ_AHEAD 0xa7
239 #define GPCMD_SET_STREAMING 0xb6
240 #define GPCMD_START_STOP_UNIT 0x1b
241 #define GPCMD_STOP_PLAY_SCAN 0x4e
242 #define GPCMD_TEST_UNIT_READY 0x00
243 #define GPCMD_VERIFY_10 0x2f
244 #define GPCMD_WRITE_10 0x2a
245 #define GPCMD_WRITE_AND_VERIFY_10 0x2e
246 /* This is listed as optional in ATAPI 2.6, but is (curiously)
247 * missing from Mt. Fuji, Table 57. It _is_ mentioned in Mt. Fuji
248 * Table 377 as an MMC command for SCSi devices though... Most ATAPI
249 * drives support it. */
250 #define GPCMD_SET_SPEED 0xbb
251 /* This seems to be a SCSI specific CD-ROM opcode
252 * to play data at track/index */
253 #define GPCMD_PLAYAUDIO_TI 0x48
254 /*
255 * From MS Media Status Notification Support Specification. For
256 * older drives only.
257 */
258 #define GPCMD_GET_MEDIA_STATUS 0xda
259
260 /* Mode page codes for mode sense/set */
261 #define GPMODE_R_W_ERROR_PAGE 0x01
262 #define GPMODE_WRITE_PARMS_PAGE 0x05
263 #define GPMODE_AUDIO_CTL_PAGE 0x0e
264 #define GPMODE_POWER_PAGE 0x1a
265 #define GPMODE_FAULT_FAIL_PAGE 0x1c
266 #define GPMODE_TO_PROTECT_PAGE 0x1d
267 #define GPMODE_CAPABILITIES_PAGE 0x2a
268 #define GPMODE_ALL_PAGES 0x3f
269 /* Not in Mt. Fuji, but in ATAPI 2.6 -- depricated now in favor
270 * of MODE_SENSE_POWER_PAGE */
271 #define GPMODE_CDROM_PAGE 0x0d
272
273 #define ATAPI_INT_REASON_CD 0x01 /* 0 = data transfer */
274 #define ATAPI_INT_REASON_IO 0x02 /* 1 = transfer to the host */
275 #define ATAPI_INT_REASON_REL 0x04
276 #define ATAPI_INT_REASON_TAG 0xf8
277
278 /* same constants as bochs */
279 #define ASC_ILLEGAL_OPCODE 0x20
280 #define ASC_LOGICAL_BLOCK_OOR 0x21
281 #define ASC_INV_FIELD_IN_CMD_PACKET 0x24
282 #define ASC_MEDIUM_NOT_PRESENT 0x3a
283 #define ASC_SAVING_PARAMETERS_NOT_SUPPORTED 0x39
284
285 #define SENSE_NONE 0
286 #define SENSE_NOT_READY 2
287 #define SENSE_ILLEGAL_REQUEST 5
288 #define SENSE_UNIT_ATTENTION 6
289
290 struct IDEState;
291
292 typedef void EndTransferFunc(struct IDEState *);
293
294 /* NOTE: IDEState represents in fact one drive */
295 typedef struct IDEState {
296 /* ide config */
297 int is_cdrom;
298 int cylinders, heads, sectors;
299 int64_t nb_sectors;
300 int mult_sectors;
301 int identify_set;
302 uint16_t identify_data[256];
303 SetIRQFunc *set_irq;
304 void *irq_opaque;
305 int irq;
306 PCIDevice *pci_dev;
307 struct BMDMAState *bmdma;
308 int drive_serial;
309 /* ide regs */
310 uint8_t feature;
311 uint8_t error;
312 uint32_t nsector;
313 uint8_t sector;
314 uint8_t lcyl;
315 uint8_t hcyl;
316 /* other part of tf for lba48 support */
317 uint8_t hob_feature;
318 uint8_t hob_nsector;
319 uint8_t hob_sector;
320 uint8_t hob_lcyl;
321 uint8_t hob_hcyl;
322
323 uint8_t select;
324 uint8_t status;
325
326 /* 0x3f6 command, only meaningful for drive 0 */
327 uint8_t cmd;
328 /* set for lba48 access */
329 uint8_t lba48;
330 /* depends on bit 4 in select, only meaningful for drive 0 */
331 struct IDEState *cur_drive;
332 BlockDriverState *bs;
333 /* ATAPI specific */
334 uint8_t sense_key;
335 uint8_t asc;
336 int packet_transfer_size;
337 int elementary_transfer_size;
338 int io_buffer_index;
339 int lba;
340 int cd_sector_size;
341 int atapi_dma; /* true if dma is requested for the packet cmd */
342 /* ATA DMA state */
343 int io_buffer_size;
344 /* PIO transfer handling */
345 int req_nb_sectors; /* number of sectors per interrupt */
346 EndTransferFunc *end_transfer_func;
347 uint8_t *data_ptr;
348 uint8_t *data_end;
349 uint8_t io_buffer[MAX_MULT_SECTORS*512 + 4];
350 QEMUTimer *sector_write_timer; /* only used for win2k instal hack */
351 uint32_t irq_count; /* counts IRQs when using win2k install hack */
352 } IDEState;
353
354 #define BM_STATUS_DMAING 0x01
355 #define BM_STATUS_ERROR 0x02
356 #define BM_STATUS_INT 0x04
357
358 #define BM_CMD_START 0x01
359 #define BM_CMD_READ 0x08
360
361 #define IDE_TYPE_PIIX3 0
362 #define IDE_TYPE_CMD646 1
363
364 /* CMD646 specific */
365 #define MRDMODE 0x71
366 #define MRDMODE_INTR_CH0 0x04
367 #define MRDMODE_INTR_CH1 0x08
368 #define MRDMODE_BLK_CH0 0x10
369 #define MRDMODE_BLK_CH1 0x20
370 #define UDIDETCR0 0x73
371 #define UDIDETCR1 0x7B
372
373 typedef struct BMDMAState {
374 uint8_t cmd;
375 uint8_t status;
376 uint32_t addr;
377
378 struct PCIIDEState *pci_dev;
379 /* current transfer state */
380 uint32_t cur_addr;
381 uint32_t cur_prd_last;
382 uint32_t cur_prd_addr;
383 uint32_t cur_prd_len;
384 IDEState *ide_if;
385 BlockDriverCompletionFunc *dma_cb;
386 BlockDriverAIOCB *aiocb;
387 } BMDMAState;
388
389 typedef struct PCIIDEState {
390 PCIDevice dev;
391 IDEState ide_if[4];
392 BMDMAState bmdma[2];
393 int type; /* see IDE_TYPE_xxx */
394 } PCIIDEState;
395
396 static void ide_dma_start(IDEState *s, BlockDriverCompletionFunc *dma_cb);
397 static void ide_atapi_cmd_read_dma_cb(void *opaque, int ret);
398
399 static void padstr(char *str, const char *src, int len)
400 {
401 int i, v;
402 for(i = 0; i < len; i++) {
403 if (*src)
404 v = *src++;
405 else
406 v = ' ';
407 *(char *)((long)str ^ 1) = v;
408 str++;
409 }
410 }
411
412 static void padstr8(uint8_t *buf, int buf_size, const char *src)
413 {
414 int i;
415 for(i = 0; i < buf_size; i++) {
416 if (*src)
417 buf[i] = *src++;
418 else
419 buf[i] = ' ';
420 }
421 }
422
423 static void put_le16(uint16_t *p, unsigned int v)
424 {
425 *p = cpu_to_le16(v);
426 }
427
428 static void ide_identify(IDEState *s)
429 {
430 uint16_t *p;
431 unsigned int oldsize;
432 char buf[20];
433
434 if (s->identify_set) {
435 memcpy(s->io_buffer, s->identify_data, sizeof(s->identify_data));
436 return;
437 }
438
439 memset(s->io_buffer, 0, 512);
440 p = (uint16_t *)s->io_buffer;
441 put_le16(p + 0, 0x0040);
442 put_le16(p + 1, s->cylinders);
443 put_le16(p + 3, s->heads);
444 put_le16(p + 4, 512 * s->sectors); /* XXX: retired, remove ? */
445 put_le16(p + 5, 512); /* XXX: retired, remove ? */
446 put_le16(p + 6, s->sectors);
447 snprintf(buf, sizeof(buf), "QM%05d", s->drive_serial);
448 padstr((uint8_t *)(p + 10), buf, 20); /* serial number */
449 put_le16(p + 20, 3); /* XXX: retired, remove ? */
450 put_le16(p + 21, 512); /* cache size in sectors */
451 put_le16(p + 22, 4); /* ecc bytes */
452 padstr((uint8_t *)(p + 23), QEMU_VERSION, 8); /* firmware version */
453 padstr((uint8_t *)(p + 27), "QEMU HARDDISK", 40); /* model */
454 #if MAX_MULT_SECTORS > 1
455 put_le16(p + 47, 0x8000 | MAX_MULT_SECTORS);
456 #endif
457 put_le16(p + 48, 1); /* dword I/O */
458 put_le16(p + 49, (1 << 11) | (1 << 9) | (1 << 8)); /* DMA and LBA supported */
459 put_le16(p + 51, 0x200); /* PIO transfer cycle */
460 put_le16(p + 52, 0x200); /* DMA transfer cycle */
461 put_le16(p + 53, 1 | (1 << 1) | (1 << 2)); /* words 54-58,64-70,88 are valid */
462 put_le16(p + 54, s->cylinders);
463 put_le16(p + 55, s->heads);
464 put_le16(p + 56, s->sectors);
465 oldsize = s->cylinders * s->heads * s->sectors;
466 put_le16(p + 57, oldsize);
467 put_le16(p + 58, oldsize >> 16);
468 if (s->mult_sectors)
469 put_le16(p + 59, 0x100 | s->mult_sectors);
470 put_le16(p + 60, s->nb_sectors);
471 put_le16(p + 61, s->nb_sectors >> 16);
472 put_le16(p + 63, 0x07); /* mdma0-2 supported */
473 put_le16(p + 65, 120);
474 put_le16(p + 66, 120);
475 put_le16(p + 67, 120);
476 put_le16(p + 68, 120);
477 put_le16(p + 80, 0xf0); /* ata3 -> ata6 supported */
478 put_le16(p + 81, 0x16); /* conforms to ata5 */
479 put_le16(p + 82, (1 << 14));
480 /* 13=flush_cache_ext,12=flush_cache,10=lba48 */
481 put_le16(p + 83, (1 << 14) | (1 << 13) | (1 <<12) | (1 << 10));
482 put_le16(p + 84, (1 << 14));
483 put_le16(p + 85, (1 << 14));
484 /* 13=flush_cache_ext,12=flush_cache,10=lba48 */
485 put_le16(p + 86, (1 << 14) | (1 << 13) | (1 <<12) | (1 << 10));
486 put_le16(p + 87, (1 << 14));
487 put_le16(p + 88, 0x3f | (1 << 13)); /* udma5 set and supported */
488 put_le16(p + 93, 1 | (1 << 14) | 0x2000);
489 put_le16(p + 100, s->nb_sectors);
490 put_le16(p + 101, s->nb_sectors >> 16);
491 put_le16(p + 102, s->nb_sectors >> 32);
492 put_le16(p + 103, s->nb_sectors >> 48);
493
494 memcpy(s->identify_data, p, sizeof(s->identify_data));
495 s->identify_set = 1;
496 }
497
498 static void ide_atapi_identify(IDEState *s)
499 {
500 uint16_t *p;
501 char buf[20];
502
503 if (s->identify_set) {
504 memcpy(s->io_buffer, s->identify_data, sizeof(s->identify_data));
505 return;
506 }
507
508 memset(s->io_buffer, 0, 512);
509 p = (uint16_t *)s->io_buffer;
510 /* Removable CDROM, 50us response, 12 byte packets */
511 put_le16(p + 0, (2 << 14) | (5 << 8) | (1 << 7) | (2 << 5) | (0 << 0));
512 snprintf(buf, sizeof(buf), "QM%05d", s->drive_serial);
513 padstr((uint8_t *)(p + 10), buf, 20); /* serial number */
514 put_le16(p + 20, 3); /* buffer type */
515 put_le16(p + 21, 512); /* cache size in sectors */
516 put_le16(p + 22, 4); /* ecc bytes */
517 padstr((uint8_t *)(p + 23), QEMU_VERSION, 8); /* firmware version */
518 padstr((uint8_t *)(p + 27), "QEMU CD-ROM", 40); /* model */
519 put_le16(p + 48, 1); /* dword I/O (XXX: should not be set on CDROM) */
520 #ifdef USE_DMA_CDROM
521 put_le16(p + 49, 1 << 9 | 1 << 8); /* DMA and LBA supported */
522 put_le16(p + 53, 7); /* words 64-70, 54-58, 88 valid */
523 put_le16(p + 63, 7); /* mdma0-2 supported */
524 put_le16(p + 64, 0x3f); /* PIO modes supported */
525 #else
526 put_le16(p + 49, 1 << 9); /* LBA supported, no DMA */
527 put_le16(p + 53, 3); /* words 64-70, 54-58 valid */
528 put_le16(p + 63, 0x103); /* DMA modes XXX: may be incorrect */
529 put_le16(p + 64, 1); /* PIO modes */
530 #endif
531 put_le16(p + 65, 0xb4); /* minimum DMA multiword tx cycle time */
532 put_le16(p + 66, 0xb4); /* recommended DMA multiword tx cycle time */
533 put_le16(p + 67, 0x12c); /* minimum PIO cycle time without flow control */
534 put_le16(p + 68, 0xb4); /* minimum PIO cycle time with IORDY flow control */
535
536 put_le16(p + 71, 30); /* in ns */
537 put_le16(p + 72, 30); /* in ns */
538
539 put_le16(p + 80, 0x1e); /* support up to ATA/ATAPI-4 */
540 #ifdef USE_DMA_CDROM
541 put_le16(p + 88, 0x3f | (1 << 13)); /* udma5 set and supported */
542 #endif
543 memcpy(s->identify_data, p, sizeof(s->identify_data));
544 s->identify_set = 1;
545 }
546
547 static void ide_set_signature(IDEState *s)
548 {
549 s->select &= 0xf0; /* clear head */
550 /* put signature */
551 s->nsector = 1;
552 s->sector = 1;
553 if (s->is_cdrom) {
554 s->lcyl = 0x14;
555 s->hcyl = 0xeb;
556 } else if (s->bs) {
557 s->lcyl = 0;
558 s->hcyl = 0;
559 } else {
560 s->lcyl = 0xff;
561 s->hcyl = 0xff;
562 }
563 }
564
565 static inline void ide_abort_command(IDEState *s)
566 {
567 s->status = READY_STAT | ERR_STAT;
568 s->error = ABRT_ERR;
569 }
570
571 static inline void ide_set_irq(IDEState *s)
572 {
573 BMDMAState *bm = s->bmdma;
574 if (!(s->cmd & IDE_CMD_DISABLE_IRQ)) {
575 if (bm) {
576 bm->status |= BM_STATUS_INT;
577 }
578 s->set_irq(s->irq_opaque, s->irq, 1);
579 }
580 }
581
582 /* prepare data transfer and tell what to do after */
583 static void ide_transfer_start(IDEState *s, uint8_t *buf, int size,
584 EndTransferFunc *end_transfer_func)
585 {
586 s->end_transfer_func = end_transfer_func;
587 s->data_ptr = buf;
588 s->data_end = buf + size;
589 s->status |= DRQ_STAT;
590 }
591
592 static void ide_transfer_stop(IDEState *s)
593 {
594 s->end_transfer_func = ide_transfer_stop;
595 s->data_ptr = s->io_buffer;
596 s->data_end = s->io_buffer;
597 s->status &= ~DRQ_STAT;
598 }
599
600 static int64_t ide_get_sector(IDEState *s)
601 {
602 int64_t sector_num;
603 if (s->select & 0x40) {
604 /* lba */
605 if (!s->lba48) {
606 sector_num = ((s->select & 0x0f) << 24) | (s->hcyl << 16) |
607 (s->lcyl << 8) | s->sector;
608 } else {
609 sector_num = ((int64_t)s->hob_hcyl << 40) |
610 ((int64_t) s->hob_lcyl << 32) |
611 ((int64_t) s->hob_sector << 24) |
612 ((int64_t) s->hcyl << 16) |
613 ((int64_t) s->lcyl << 8) | s->sector;
614 }
615 } else {
616 sector_num = ((s->hcyl << 8) | s->lcyl) * s->heads * s->sectors +
617 (s->select & 0x0f) * s->sectors + (s->sector - 1);
618 }
619 return sector_num;
620 }
621
622 static void ide_set_sector(IDEState *s, int64_t sector_num)
623 {
624 unsigned int cyl, r;
625 if (s->select & 0x40) {
626 if (!s->lba48) {
627 s->select = (s->select & 0xf0) | (sector_num >> 24);
628 s->hcyl = (sector_num >> 16);
629 s->lcyl = (sector_num >> 8);
630 s->sector = (sector_num);
631 } else {
632 s->sector = sector_num;
633 s->lcyl = sector_num >> 8;
634 s->hcyl = sector_num >> 16;
635 s->hob_sector = sector_num >> 24;
636 s->hob_lcyl = sector_num >> 32;
637 s->hob_hcyl = sector_num >> 40;
638 }
639 } else {
640 cyl = sector_num / (s->heads * s->sectors);
641 r = sector_num % (s->heads * s->sectors);
642 s->hcyl = cyl >> 8;
643 s->lcyl = cyl;
644 s->select = (s->select & 0xf0) | ((r / s->sectors) & 0x0f);
645 s->sector = (r % s->sectors) + 1;
646 }
647 }
648
649 static void ide_sector_read(IDEState *s)
650 {
651 int64_t sector_num;
652 int ret, n;
653
654 s->status = READY_STAT | SEEK_STAT;
655 s->error = 0; /* not needed by IDE spec, but needed by Windows */
656 sector_num = ide_get_sector(s);
657 n = s->nsector;
658 if (n == 0) {
659 /* no more sector to read from disk */
660 ide_transfer_stop(s);
661 } else {
662 #if defined(DEBUG_IDE)
663 printf("read sector=%Ld\n", sector_num);
664 #endif
665 if (n > s->req_nb_sectors)
666 n = s->req_nb_sectors;
667 ret = bdrv_read(s->bs, sector_num, s->io_buffer, n);
668 ide_transfer_start(s, s->io_buffer, 512 * n, ide_sector_read);
669 ide_set_irq(s);
670 ide_set_sector(s, sector_num + n);
671 s->nsector -= n;
672 }
673 }
674
675 /* return 0 if buffer completed */
676 static int dma_buf_rw(BMDMAState *bm, int is_write)
677 {
678 IDEState *s = bm->ide_if;
679 struct {
680 uint32_t addr;
681 uint32_t size;
682 } prd;
683 int l, len;
684
685 for(;;) {
686 l = s->io_buffer_size - s->io_buffer_index;
687 if (l <= 0)
688 break;
689 if (bm->cur_prd_len == 0) {
690 /* end of table (with a fail safe of one page) */
691 if (bm->cur_prd_last ||
692 (bm->cur_addr - bm->addr) >= 4096)
693 return 0;
694 cpu_physical_memory_read(bm->cur_addr, (uint8_t *)&prd, 8);
695 bm->cur_addr += 8;
696 prd.addr = le32_to_cpu(prd.addr);
697 prd.size = le32_to_cpu(prd.size);
698 len = prd.size & 0xfffe;
699 if (len == 0)
700 len = 0x10000;
701 bm->cur_prd_len = len;
702 bm->cur_prd_addr = prd.addr;
703 bm->cur_prd_last = (prd.size & 0x80000000);
704 }
705 if (l > bm->cur_prd_len)
706 l = bm->cur_prd_len;
707 if (l > 0) {
708 if (is_write) {
709 cpu_physical_memory_write(bm->cur_prd_addr,
710 s->io_buffer + s->io_buffer_index, l);
711 } else {
712 cpu_physical_memory_read(bm->cur_prd_addr,
713 s->io_buffer + s->io_buffer_index, l);
714 }
715 bm->cur_prd_addr += l;
716 bm->cur_prd_len -= l;
717 s->io_buffer_index += l;
718 }
719 }
720 return 1;
721 }
722
723 /* XXX: handle errors */
724 static void ide_read_dma_cb(void *opaque, int ret)
725 {
726 BMDMAState *bm = opaque;
727 IDEState *s = bm->ide_if;
728 int n;
729 int64_t sector_num;
730
731 n = s->io_buffer_size >> 9;
732 sector_num = ide_get_sector(s);
733 if (n > 0) {
734 sector_num += n;
735 ide_set_sector(s, sector_num);
736 s->nsector -= n;
737 if (dma_buf_rw(bm, 1) == 0)
738 goto eot;
739 }
740
741 /* end of transfer ? */
742 if (s->nsector == 0) {
743 s->status = READY_STAT | SEEK_STAT;
744 ide_set_irq(s);
745 eot:
746 bm->status &= ~BM_STATUS_DMAING;
747 bm->status |= BM_STATUS_INT;
748 bm->dma_cb = NULL;
749 bm->ide_if = NULL;
750 bm->aiocb = NULL;
751 return;
752 }
753
754 /* launch next transfer */
755 n = s->nsector;
756 if (n > MAX_MULT_SECTORS)
757 n = MAX_MULT_SECTORS;
758 s->io_buffer_index = 0;
759 s->io_buffer_size = n * 512;
760 #ifdef DEBUG_AIO
761 printf("aio_read: sector_num=%lld n=%d\n", sector_num, n);
762 #endif
763 bm->aiocb = bdrv_aio_read(s->bs, sector_num, s->io_buffer, n,
764 ide_read_dma_cb, bm);
765 }
766
767 static void ide_sector_read_dma(IDEState *s)
768 {
769 s->status = READY_STAT | SEEK_STAT | DRQ_STAT | BUSY_STAT;
770 s->io_buffer_index = 0;
771 s->io_buffer_size = 0;
772 ide_dma_start(s, ide_read_dma_cb);
773 }
774
775 static void ide_sector_write_timer_cb(void *opaque)
776 {
777 IDEState *s = opaque;
778 ide_set_irq(s);
779 }
780
781 static void ide_sector_write(IDEState *s)
782 {
783 int64_t sector_num;
784 int ret, n, n1;
785
786 s->status = READY_STAT | SEEK_STAT;
787 sector_num = ide_get_sector(s);
788 #if defined(DEBUG_IDE)
789 printf("write sector=%Ld\n", sector_num);
790 #endif
791 n = s->nsector;
792 if (n > s->req_nb_sectors)
793 n = s->req_nb_sectors;
794 ret = bdrv_write(s->bs, sector_num, s->io_buffer, n);
795 s->nsector -= n;
796 if (s->nsector == 0) {
797 /* no more sectors to write */
798 ide_transfer_stop(s);
799 } else {
800 n1 = s->nsector;
801 if (n1 > s->req_nb_sectors)
802 n1 = s->req_nb_sectors;
803 ide_transfer_start(s, s->io_buffer, 512 * n1, ide_sector_write);
804 }
805 ide_set_sector(s, sector_num + n);
806
807 #ifdef TARGET_I386
808 if (win2k_install_hack && ((++s->irq_count % 16) == 0)) {
809 /* It seems there is a bug in the Windows 2000 installer HDD
810 IDE driver which fills the disk with empty logs when the
811 IDE write IRQ comes too early. This hack tries to correct
812 that at the expense of slower write performances. Use this
813 option _only_ to install Windows 2000. You must disable it
814 for normal use. */
815 qemu_mod_timer(s->sector_write_timer,
816 qemu_get_clock(vm_clock) + (ticks_per_sec / 1000));
817 } else
818 #endif
819 {
820 ide_set_irq(s);
821 }
822 }
823
824 /* XXX: handle errors */
825 static void ide_write_dma_cb(void *opaque, int ret)
826 {
827 BMDMAState *bm = opaque;
828 IDEState *s = bm->ide_if;
829 int n;
830 int64_t sector_num;
831
832 n = s->io_buffer_size >> 9;
833 sector_num = ide_get_sector(s);
834 if (n > 0) {
835 sector_num += n;
836 ide_set_sector(s, sector_num);
837 s->nsector -= n;
838 }
839
840 /* end of transfer ? */
841 if (s->nsector == 0) {
842 s->status = READY_STAT | SEEK_STAT;
843 ide_set_irq(s);
844 eot:
845 bm->status &= ~BM_STATUS_DMAING;
846 bm->status |= BM_STATUS_INT;
847 bm->dma_cb = NULL;
848 bm->ide_if = NULL;
849 bm->aiocb = NULL;
850 return;
851 }
852
853 /* launch next transfer */
854 n = s->nsector;
855 if (n > MAX_MULT_SECTORS)
856 n = MAX_MULT_SECTORS;
857 s->io_buffer_index = 0;
858 s->io_buffer_size = n * 512;
859
860 if (dma_buf_rw(bm, 0) == 0)
861 goto eot;
862 #ifdef DEBUG_AIO
863 printf("aio_write: sector_num=%lld n=%d\n", sector_num, n);
864 #endif
865 bm->aiocb = bdrv_aio_write(s->bs, sector_num, s->io_buffer, n,
866 ide_write_dma_cb, bm);
867 }
868
869 static void ide_sector_write_dma(IDEState *s)
870 {
871 s->status = READY_STAT | SEEK_STAT | DRQ_STAT | BUSY_STAT;
872 s->io_buffer_index = 0;
873 s->io_buffer_size = 0;
874 ide_dma_start(s, ide_write_dma_cb);
875 }
876
877 static void ide_atapi_cmd_ok(IDEState *s)
878 {
879 s->error = 0;
880 s->status = READY_STAT;
881 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
882 ide_set_irq(s);
883 }
884
885 static void ide_atapi_cmd_error(IDEState *s, int sense_key, int asc)
886 {
887 #ifdef DEBUG_IDE_ATAPI
888 printf("atapi_cmd_error: sense=0x%x asc=0x%x\n", sense_key, asc);
889 #endif
890 s->error = sense_key << 4;
891 s->status = READY_STAT | ERR_STAT;
892 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
893 s->sense_key = sense_key;
894 s->asc = asc;
895 ide_set_irq(s);
896 }
897
898 static inline void cpu_to_ube16(uint8_t *buf, int val)
899 {
900 buf[0] = val >> 8;
901 buf[1] = val;
902 }
903
904 static inline void cpu_to_ube32(uint8_t *buf, unsigned int val)
905 {
906 buf[0] = val >> 24;
907 buf[1] = val >> 16;
908 buf[2] = val >> 8;
909 buf[3] = val;
910 }
911
912 static inline int ube16_to_cpu(const uint8_t *buf)
913 {
914 return (buf[0] << 8) | buf[1];
915 }
916
917 static inline int ube32_to_cpu(const uint8_t *buf)
918 {
919 return (buf[0] << 24) | (buf[1] << 16) | (buf[2] << 8) | buf[3];
920 }
921
922 static void lba_to_msf(uint8_t *buf, int lba)
923 {
924 lba += 150;
925 buf[0] = (lba / 75) / 60;
926 buf[1] = (lba / 75) % 60;
927 buf[2] = lba % 75;
928 }
929
930 static void cd_data_to_raw(uint8_t *buf, int lba)
931 {
932 /* sync bytes */
933 buf[0] = 0x00;
934 memset(buf + 1, 0xff, 10);
935 buf[11] = 0x00;
936 buf += 12;
937 /* MSF */
938 lba_to_msf(buf, lba);
939 buf[3] = 0x01; /* mode 1 data */
940 buf += 4;
941 /* data */
942 buf += 2048;
943 /* XXX: ECC not computed */
944 memset(buf, 0, 288);
945 }
946
947 static int cd_read_sector(BlockDriverState *bs, int lba, uint8_t *buf,
948 int sector_size)
949 {
950 int ret;
951
952 switch(sector_size) {
953 case 2048:
954 ret = bdrv_read(bs, (int64_t)lba << 2, buf, 4);
955 break;
956 case 2352:
957 ret = bdrv_read(bs, (int64_t)lba << 2, buf + 16, 4);
958 if (ret < 0)
959 return ret;
960 cd_data_to_raw(buf, lba);
961 break;
962 default:
963 ret = -EIO;
964 break;
965 }
966 return ret;
967 }
968
969 static void ide_atapi_io_error(IDEState *s, int ret)
970 {
971 /* XXX: handle more errors */
972 if (ret == -ENOMEDIUM) {
973 ide_atapi_cmd_error(s, SENSE_NOT_READY,
974 ASC_MEDIUM_NOT_PRESENT);
975 } else {
976 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
977 ASC_LOGICAL_BLOCK_OOR);
978 }
979 }
980
981 /* The whole ATAPI transfer logic is handled in this function */
982 static void ide_atapi_cmd_reply_end(IDEState *s)
983 {
984 int byte_count_limit, size, ret;
985 #ifdef DEBUG_IDE_ATAPI
986 printf("reply: tx_size=%d elem_tx_size=%d index=%d\n",
987 s->packet_transfer_size,
988 s->elementary_transfer_size,
989 s->io_buffer_index);
990 #endif
991 if (s->packet_transfer_size <= 0) {
992 /* end of transfer */
993 ide_transfer_stop(s);
994 s->status = READY_STAT;
995 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
996 ide_set_irq(s);
997 #ifdef DEBUG_IDE_ATAPI
998 printf("status=0x%x\n", s->status);
999 #endif
1000 } else {
1001 /* see if a new sector must be read */
1002 if (s->lba != -1 && s->io_buffer_index >= s->cd_sector_size) {
1003 ret = cd_read_sector(s->bs, s->lba, s->io_buffer, s->cd_sector_size);
1004 if (ret < 0) {
1005 ide_transfer_stop(s);
1006 ide_atapi_io_error(s, ret);
1007 return;
1008 }
1009 s->lba++;
1010 s->io_buffer_index = 0;
1011 }
1012 if (s->elementary_transfer_size > 0) {
1013 /* there are some data left to transmit in this elementary
1014 transfer */
1015 size = s->cd_sector_size - s->io_buffer_index;
1016 if (size > s->elementary_transfer_size)
1017 size = s->elementary_transfer_size;
1018 ide_transfer_start(s, s->io_buffer + s->io_buffer_index,
1019 size, ide_atapi_cmd_reply_end);
1020 s->packet_transfer_size -= size;
1021 s->elementary_transfer_size -= size;
1022 s->io_buffer_index += size;
1023 } else {
1024 /* a new transfer is needed */
1025 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO;
1026 byte_count_limit = s->lcyl | (s->hcyl << 8);
1027 #ifdef DEBUG_IDE_ATAPI
1028 printf("byte_count_limit=%d\n", byte_count_limit);
1029 #endif
1030 if (byte_count_limit == 0xffff)
1031 byte_count_limit--;
1032 size = s->packet_transfer_size;
1033 if (size > byte_count_limit) {
1034 /* byte count limit must be even if this case */
1035 if (byte_count_limit & 1)
1036 byte_count_limit--;
1037 size = byte_count_limit;
1038 }
1039 s->lcyl = size;
1040 s->hcyl = size >> 8;
1041 s->elementary_transfer_size = size;
1042 /* we cannot transmit more than one sector at a time */
1043 if (s->lba != -1) {
1044 if (size > (s->cd_sector_size - s->io_buffer_index))
1045 size = (s->cd_sector_size - s->io_buffer_index);
1046 }
1047 ide_transfer_start(s, s->io_buffer + s->io_buffer_index,
1048 size, ide_atapi_cmd_reply_end);
1049 s->packet_transfer_size -= size;
1050 s->elementary_transfer_size -= size;
1051 s->io_buffer_index += size;
1052 ide_set_irq(s);
1053 #ifdef DEBUG_IDE_ATAPI
1054 printf("status=0x%x\n", s->status);
1055 #endif
1056 }
1057 }
1058 }
1059
1060 /* send a reply of 'size' bytes in s->io_buffer to an ATAPI command */
1061 static void ide_atapi_cmd_reply(IDEState *s, int size, int max_size)
1062 {
1063 if (size > max_size)
1064 size = max_size;
1065 s->lba = -1; /* no sector read */
1066 s->packet_transfer_size = size;
1067 s->io_buffer_size = size; /* dma: send the reply data as one chunk */
1068 s->elementary_transfer_size = 0;
1069 s->io_buffer_index = 0;
1070
1071 if (s->atapi_dma) {
1072 s->status = READY_STAT | DRQ_STAT;
1073 ide_dma_start(s, ide_atapi_cmd_read_dma_cb);
1074 } else {
1075 s->status = READY_STAT;
1076 ide_atapi_cmd_reply_end(s);
1077 }
1078 }
1079
1080 /* start a CD-CDROM read command */
1081 static void ide_atapi_cmd_read_pio(IDEState *s, int lba, int nb_sectors,
1082 int sector_size)
1083 {
1084 s->lba = lba;
1085 s->packet_transfer_size = nb_sectors * sector_size;
1086 s->elementary_transfer_size = 0;
1087 s->io_buffer_index = sector_size;
1088 s->cd_sector_size = sector_size;
1089
1090 s->status = READY_STAT;
1091 ide_atapi_cmd_reply_end(s);
1092 }
1093
1094 /* ATAPI DMA support */
1095
1096 /* XXX: handle read errors */
1097 static void ide_atapi_cmd_read_dma_cb(void *opaque, int ret)
1098 {
1099 BMDMAState *bm = opaque;
1100 IDEState *s = bm->ide_if;
1101 int data_offset, n;
1102
1103 if (ret < 0) {
1104 ide_atapi_io_error(s, ret);
1105 goto eot;
1106 }
1107
1108 if (s->io_buffer_size > 0) {
1109 /*
1110 * For a cdrom read sector command (s->lba != -1),
1111 * adjust the lba for the next s->io_buffer_size chunk
1112 * and dma the current chunk.
1113 * For a command != read (s->lba == -1), just transfer
1114 * the reply data.
1115 */
1116 if (s->lba != -1) {
1117 if (s->cd_sector_size == 2352) {
1118 n = 1;
1119 cd_data_to_raw(s->io_buffer, s->lba);
1120 } else {
1121 n = s->io_buffer_size >> 11;
1122 }
1123 s->lba += n;
1124 }
1125 s->packet_transfer_size -= s->io_buffer_size;
1126 if (dma_buf_rw(bm, 1) == 0)
1127 goto eot;
1128 }
1129
1130 if (s->packet_transfer_size <= 0) {
1131 s->status = READY_STAT;
1132 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
1133 ide_set_irq(s);
1134 eot:
1135 bm->status &= ~BM_STATUS_DMAING;
1136 bm->status |= BM_STATUS_INT;
1137 bm->dma_cb = NULL;
1138 bm->ide_if = NULL;
1139 bm->aiocb = NULL;
1140 return;
1141 }
1142
1143 s->io_buffer_index = 0;
1144 if (s->cd_sector_size == 2352) {
1145 n = 1;
1146 s->io_buffer_size = s->cd_sector_size;
1147 data_offset = 16;
1148 } else {
1149 n = s->packet_transfer_size >> 11;
1150 if (n > (MAX_MULT_SECTORS / 4))
1151 n = (MAX_MULT_SECTORS / 4);
1152 s->io_buffer_size = n * 2048;
1153 data_offset = 0;
1154 }
1155 #ifdef DEBUG_AIO
1156 printf("aio_read_cd: lba=%u n=%d\n", s->lba, n);
1157 #endif
1158 bm->aiocb = bdrv_aio_read(s->bs, (int64_t)s->lba << 2,
1159 s->io_buffer + data_offset, n * 4,
1160 ide_atapi_cmd_read_dma_cb, bm);
1161 if (!bm->aiocb) {
1162 /* Note: media not present is the most likely case */
1163 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1164 ASC_MEDIUM_NOT_PRESENT);
1165 goto eot;
1166 }
1167 }
1168
1169 /* start a CD-CDROM read command with DMA */
1170 /* XXX: test if DMA is available */
1171 static void ide_atapi_cmd_read_dma(IDEState *s, int lba, int nb_sectors,
1172 int sector_size)
1173 {
1174 s->lba = lba;
1175 s->packet_transfer_size = nb_sectors * sector_size;
1176 s->io_buffer_index = 0;
1177 s->io_buffer_size = 0;
1178 s->cd_sector_size = sector_size;
1179
1180 /* XXX: check if BUSY_STAT should be set */
1181 s->status = READY_STAT | DRQ_STAT | BUSY_STAT;
1182 ide_dma_start(s, ide_atapi_cmd_read_dma_cb);
1183 }
1184
1185 static void ide_atapi_cmd_read(IDEState *s, int lba, int nb_sectors,
1186 int sector_size)
1187 {
1188 #ifdef DEBUG_IDE_ATAPI
1189 printf("read %s: LBA=%d nb_sectors=%d\n", s->atapi_dma ? "dma" : "pio",
1190 lba, nb_sectors);
1191 #endif
1192 if (s->atapi_dma) {
1193 ide_atapi_cmd_read_dma(s, lba, nb_sectors, sector_size);
1194 } else {
1195 ide_atapi_cmd_read_pio(s, lba, nb_sectors, sector_size);
1196 }
1197 }
1198
1199 static void ide_atapi_cmd(IDEState *s)
1200 {
1201 const uint8_t *packet;
1202 uint8_t *buf;
1203 int max_len;
1204
1205 packet = s->io_buffer;
1206 buf = s->io_buffer;
1207 #ifdef DEBUG_IDE_ATAPI
1208 {
1209 int i;
1210 printf("ATAPI limit=0x%x packet:", s->lcyl | (s->hcyl << 8));
1211 for(i = 0; i < ATAPI_PACKET_SIZE; i++) {
1212 printf(" %02x", packet[i]);
1213 }
1214 printf("\n");
1215 }
1216 #endif
1217 switch(s->io_buffer[0]) {
1218 case GPCMD_TEST_UNIT_READY:
1219 if (bdrv_is_inserted(s->bs)) {
1220 ide_atapi_cmd_ok(s);
1221 } else {
1222 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1223 ASC_MEDIUM_NOT_PRESENT);
1224 }
1225 break;
1226 case GPCMD_MODE_SENSE_10:
1227 {
1228 int action, code;
1229 max_len = ube16_to_cpu(packet + 7);
1230 action = packet[2] >> 6;
1231 code = packet[2] & 0x3f;
1232 switch(action) {
1233 case 0: /* current values */
1234 switch(code) {
1235 case 0x01: /* error recovery */
1236 cpu_to_ube16(&buf[0], 16 + 6);
1237 buf[2] = 0x70;
1238 buf[3] = 0;
1239 buf[4] = 0;
1240 buf[5] = 0;
1241 buf[6] = 0;
1242 buf[7] = 0;
1243
1244 buf[8] = 0x01;
1245 buf[9] = 0x06;
1246 buf[10] = 0x00;
1247 buf[11] = 0x05;
1248 buf[12] = 0x00;
1249 buf[13] = 0x00;
1250 buf[14] = 0x00;
1251 buf[15] = 0x00;
1252 ide_atapi_cmd_reply(s, 16, max_len);
1253 break;
1254 case 0x2a:
1255 cpu_to_ube16(&buf[0], 28 + 6);
1256 buf[2] = 0x70;
1257 buf[3] = 0;
1258 buf[4] = 0;
1259 buf[5] = 0;
1260 buf[6] = 0;
1261 buf[7] = 0;
1262
1263 buf[8] = 0x2a;
1264 buf[9] = 0x12;
1265 buf[10] = 0x00;
1266 buf[11] = 0x00;
1267
1268 buf[12] = 0x70;
1269 buf[13] = 3 << 5;
1270 buf[14] = (1 << 0) | (1 << 3) | (1 << 5);
1271 if (bdrv_is_locked(s->bs))
1272 buf[6] |= 1 << 1;
1273 buf[15] = 0x00;
1274 cpu_to_ube16(&buf[16], 706);
1275 buf[18] = 0;
1276 buf[19] = 2;
1277 cpu_to_ube16(&buf[20], 512);
1278 cpu_to_ube16(&buf[22], 706);
1279 buf[24] = 0;
1280 buf[25] = 0;
1281 buf[26] = 0;
1282 buf[27] = 0;
1283 ide_atapi_cmd_reply(s, 28, max_len);
1284 break;
1285 default:
1286 goto error_cmd;
1287 }
1288 break;
1289 case 1: /* changeable values */
1290 goto error_cmd;
1291 case 2: /* default values */
1292 goto error_cmd;
1293 default:
1294 case 3: /* saved values */
1295 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1296 ASC_SAVING_PARAMETERS_NOT_SUPPORTED);
1297 break;
1298 }
1299 }
1300 break;
1301 case GPCMD_REQUEST_SENSE:
1302 max_len = packet[4];
1303 memset(buf, 0, 18);
1304 buf[0] = 0x70 | (1 << 7);
1305 buf[2] = s->sense_key;
1306 buf[7] = 10;
1307 buf[12] = s->asc;
1308 ide_atapi_cmd_reply(s, 18, max_len);
1309 break;
1310 case GPCMD_PREVENT_ALLOW_MEDIUM_REMOVAL:
1311 if (bdrv_is_inserted(s->bs)) {
1312 bdrv_set_locked(s->bs, packet[4] & 1);
1313 ide_atapi_cmd_ok(s);
1314 } else {
1315 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1316 ASC_MEDIUM_NOT_PRESENT);
1317 }
1318 break;
1319 case GPCMD_READ_10:
1320 case GPCMD_READ_12:
1321 {
1322 int nb_sectors, lba;
1323
1324 if (packet[0] == GPCMD_READ_10)
1325 nb_sectors = ube16_to_cpu(packet + 7);
1326 else
1327 nb_sectors = ube32_to_cpu(packet + 6);
1328 lba = ube32_to_cpu(packet + 2);
1329 if (nb_sectors == 0) {
1330 ide_atapi_cmd_ok(s);
1331 break;
1332 }
1333 ide_atapi_cmd_read(s, lba, nb_sectors, 2048);
1334 }
1335 break;
1336 case GPCMD_READ_CD:
1337 {
1338 int nb_sectors, lba, transfer_request;
1339
1340 nb_sectors = (packet[6] << 16) | (packet[7] << 8) | packet[8];
1341 lba = ube32_to_cpu(packet + 2);
1342 if (nb_sectors == 0) {
1343 ide_atapi_cmd_ok(s);
1344 break;
1345 }
1346 transfer_request = packet[9];
1347 switch(transfer_request & 0xf8) {
1348 case 0x00:
1349 /* nothing */
1350 ide_atapi_cmd_ok(s);
1351 break;
1352 case 0x10:
1353 /* normal read */
1354 ide_atapi_cmd_read(s, lba, nb_sectors, 2048);
1355 break;
1356 case 0xf8:
1357 /* read all data */
1358 ide_atapi_cmd_read(s, lba, nb_sectors, 2352);
1359 break;
1360 default:
1361 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1362 ASC_INV_FIELD_IN_CMD_PACKET);
1363 break;
1364 }
1365 }
1366 break;
1367 case GPCMD_SEEK:
1368 {
1369 int lba;
1370 int64_t total_sectors;
1371
1372 bdrv_get_geometry(s->bs, &total_sectors);
1373 total_sectors >>= 2;
1374 if (total_sectors <= 0) {
1375 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1376 ASC_MEDIUM_NOT_PRESENT);
1377 break;
1378 }
1379 lba = ube32_to_cpu(packet + 2);
1380 if (lba >= total_sectors) {
1381 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1382 ASC_LOGICAL_BLOCK_OOR);
1383 break;
1384 }
1385 ide_atapi_cmd_ok(s);
1386 }
1387 break;
1388 case GPCMD_START_STOP_UNIT:
1389 {
1390 int start, eject;
1391 start = packet[4] & 1;
1392 eject = (packet[4] >> 1) & 1;
1393
1394 if (eject && !start) {
1395 /* eject the disk */
1396 bdrv_eject(s->bs, 1);
1397 } else if (eject && start) {
1398 /* close the tray */
1399 bdrv_eject(s->bs, 0);
1400 }
1401 ide_atapi_cmd_ok(s);
1402 }
1403 break;
1404 case GPCMD_MECHANISM_STATUS:
1405 {
1406 max_len = ube16_to_cpu(packet + 8);
1407 cpu_to_ube16(buf, 0);
1408 /* no current LBA */
1409 buf[2] = 0;
1410 buf[3] = 0;
1411 buf[4] = 0;
1412 buf[5] = 1;
1413 cpu_to_ube16(buf + 6, 0);
1414 ide_atapi_cmd_reply(s, 8, max_len);
1415 }
1416 break;
1417 case GPCMD_READ_TOC_PMA_ATIP:
1418 {
1419 int format, msf, start_track, len;
1420 int64_t total_sectors;
1421
1422 bdrv_get_geometry(s->bs, &total_sectors);
1423 total_sectors >>= 2;
1424 if (total_sectors <= 0) {
1425 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1426 ASC_MEDIUM_NOT_PRESENT);
1427 break;
1428 }
1429 max_len = ube16_to_cpu(packet + 7);
1430 format = packet[9] >> 6;
1431 msf = (packet[1] >> 1) & 1;
1432 start_track = packet[6];
1433 switch(format) {
1434 case 0:
1435 len = cdrom_read_toc(total_sectors, buf, msf, start_track);
1436 if (len < 0)
1437 goto error_cmd;
1438 ide_atapi_cmd_reply(s, len, max_len);
1439 break;
1440 case 1:
1441 /* multi session : only a single session defined */
1442 memset(buf, 0, 12);
1443 buf[1] = 0x0a;
1444 buf[2] = 0x01;
1445 buf[3] = 0x01;
1446 ide_atapi_cmd_reply(s, 12, max_len);
1447 break;
1448 case 2:
1449 len = cdrom_read_toc_raw(total_sectors, buf, msf, start_track);
1450 if (len < 0)
1451 goto error_cmd;
1452 ide_atapi_cmd_reply(s, len, max_len);
1453 break;
1454 default:
1455 error_cmd:
1456 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1457 ASC_INV_FIELD_IN_CMD_PACKET);
1458 break;
1459 }
1460 }
1461 break;
1462 case GPCMD_READ_CDVD_CAPACITY:
1463 {
1464 int64_t total_sectors;
1465
1466 bdrv_get_geometry(s->bs, &total_sectors);
1467 total_sectors >>= 2;
1468 if (total_sectors <= 0) {
1469 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1470 ASC_MEDIUM_NOT_PRESENT);
1471 break;
1472 }
1473 /* NOTE: it is really the number of sectors minus 1 */
1474 cpu_to_ube32(buf, total_sectors - 1);
1475 cpu_to_ube32(buf + 4, 2048);
1476 ide_atapi_cmd_reply(s, 8, 8);
1477 }
1478 break;
1479 case GPCMD_INQUIRY:
1480 max_len = packet[4];
1481 buf[0] = 0x05; /* CD-ROM */
1482 buf[1] = 0x80; /* removable */
1483 buf[2] = 0x00; /* ISO */
1484 buf[3] = 0x21; /* ATAPI-2 (XXX: put ATAPI-4 ?) */
1485 buf[4] = 31; /* additionnal length */
1486 buf[5] = 0; /* reserved */
1487 buf[6] = 0; /* reserved */
1488 buf[7] = 0; /* reserved */
1489 padstr8(buf + 8, 8, "QEMU");
1490 padstr8(buf + 16, 16, "QEMU CD-ROM");
1491 padstr8(buf + 32, 4, QEMU_VERSION);
1492 ide_atapi_cmd_reply(s, 36, max_len);
1493 break;
1494 default:
1495 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1496 ASC_ILLEGAL_OPCODE);
1497 break;
1498 }
1499 }
1500
1501 /* called when the inserted state of the media has changed */
1502 static void cdrom_change_cb(void *opaque)
1503 {
1504 IDEState *s = opaque;
1505 int64_t nb_sectors;
1506
1507 /* XXX: send interrupt too */
1508 bdrv_get_geometry(s->bs, &nb_sectors);
1509 s->nb_sectors = nb_sectors;
1510 }
1511
1512 static void ide_cmd_lba48_transform(IDEState *s, int lba48)
1513 {
1514 s->lba48 = lba48;
1515
1516 /* handle the 'magic' 0 nsector count conversion here. to avoid
1517 * fiddling with the rest of the read logic, we just store the
1518 * full sector count in ->nsector and ignore ->hob_nsector from now
1519 */
1520 if (!s->lba48) {
1521 if (!s->nsector)
1522 s->nsector = 256;
1523 } else {
1524 if (!s->nsector && !s->hob_nsector)
1525 s->nsector = 65536;
1526 else {
1527 int lo = s->nsector;
1528 int hi = s->hob_nsector;
1529
1530 s->nsector = (hi << 8) | lo;
1531 }
1532 }
1533 }
1534
1535 static void ide_clear_hob(IDEState *ide_if)
1536 {
1537 /* any write clears HOB high bit of device control register */
1538 ide_if[0].select &= ~(1 << 7);
1539 ide_if[1].select &= ~(1 << 7);
1540 }
1541
1542 static void ide_ioport_write(void *opaque, uint32_t addr, uint32_t val)
1543 {
1544 IDEState *ide_if = opaque;
1545 IDEState *s;
1546 int unit, n;
1547 int lba48 = 0;
1548
1549 #ifdef DEBUG_IDE
1550 printf("IDE: write addr=0x%x val=0x%02x\n", addr, val);
1551 #endif
1552
1553 addr &= 7;
1554 switch(addr) {
1555 case 0:
1556 break;
1557 case 1:
1558 ide_clear_hob(ide_if);
1559 /* NOTE: data is written to the two drives */
1560 ide_if[0].hob_feature = ide_if[0].feature;
1561 ide_if[1].hob_feature = ide_if[1].feature;
1562 ide_if[0].feature = val;
1563 ide_if[1].feature = val;
1564 break;
1565 case 2:
1566 ide_clear_hob(ide_if);
1567 ide_if[0].hob_nsector = ide_if[0].nsector;
1568 ide_if[1].hob_nsector = ide_if[1].nsector;
1569 ide_if[0].nsector = val;
1570 ide_if[1].nsector = val;
1571 break;
1572 case 3:
1573 ide_clear_hob(ide_if);
1574 ide_if[0].hob_sector = ide_if[0].sector;
1575 ide_if[1].hob_sector = ide_if[1].sector;
1576 ide_if[0].sector = val;
1577 ide_if[1].sector = val;
1578 break;
1579 case 4:
1580 ide_clear_hob(ide_if);
1581 ide_if[0].hob_lcyl = ide_if[0].lcyl;
1582 ide_if[1].hob_lcyl = ide_if[1].lcyl;
1583 ide_if[0].lcyl = val;
1584 ide_if[1].lcyl = val;
1585 break;
1586 case 5:
1587 ide_clear_hob(ide_if);
1588 ide_if[0].hob_hcyl = ide_if[0].hcyl;
1589 ide_if[1].hob_hcyl = ide_if[1].hcyl;
1590 ide_if[0].hcyl = val;
1591 ide_if[1].hcyl = val;
1592 break;
1593 case 6:
1594 /* FIXME: HOB readback uses bit 7 */
1595 ide_if[0].select = (val & ~0x10) | 0xa0;
1596 ide_if[1].select = (val | 0x10) | 0xa0;
1597 /* select drive */
1598 unit = (val >> 4) & 1;
1599 s = ide_if + unit;
1600 ide_if->cur_drive = s;
1601 break;
1602 default:
1603 case 7:
1604 /* command */
1605 #if defined(DEBUG_IDE)
1606 printf("ide: CMD=%02x\n", val);
1607 #endif
1608 s = ide_if->cur_drive;
1609 /* ignore commands to non existant slave */
1610 if (s != ide_if && !s->bs)
1611 break;
1612
1613 switch(val) {
1614 case WIN_IDENTIFY:
1615 if (s->bs && !s->is_cdrom) {
1616 ide_identify(s);
1617 s->status = READY_STAT | SEEK_STAT;
1618 ide_transfer_start(s, s->io_buffer, 512, ide_transfer_stop);
1619 } else {
1620 if (s->is_cdrom) {
1621 ide_set_signature(s);
1622 }
1623 ide_abort_command(s);
1624 }
1625 ide_set_irq(s);
1626 break;
1627 case WIN_SPECIFY:
1628 case WIN_RECAL:
1629 s->error = 0;
1630 s->status = READY_STAT | SEEK_STAT;
1631 ide_set_irq(s);
1632 break;
1633 case WIN_SETMULT:
1634 if ((s->nsector & 0xff) != 0 &&
1635 ((s->nsector & 0xff) > MAX_MULT_SECTORS ||
1636 (s->nsector & (s->nsector - 1)) != 0)) {
1637 ide_abort_command(s);
1638 } else {
1639 s->mult_sectors = s->nsector & 0xff;
1640 s->status = READY_STAT;
1641 }
1642 ide_set_irq(s);
1643 break;
1644 case WIN_VERIFY_EXT:
1645 lba48 = 1;
1646 case WIN_VERIFY:
1647 case WIN_VERIFY_ONCE:
1648 /* do sector number check ? */
1649 ide_cmd_lba48_transform(s, lba48);
1650 s->status = READY_STAT;
1651 ide_set_irq(s);
1652 break;
1653 case WIN_READ_EXT:
1654 lba48 = 1;
1655 case WIN_READ:
1656 case WIN_READ_ONCE:
1657 if (!s->bs)
1658 goto abort_cmd;
1659 ide_cmd_lba48_transform(s, lba48);
1660 s->req_nb_sectors = 1;
1661 ide_sector_read(s);
1662 break;
1663 case WIN_WRITE_EXT:
1664 lba48 = 1;
1665 case WIN_WRITE:
1666 case WIN_WRITE_ONCE:
1667 ide_cmd_lba48_transform(s, lba48);
1668 s->error = 0;
1669 s->status = SEEK_STAT | READY_STAT;
1670 s->req_nb_sectors = 1;
1671 ide_transfer_start(s, s->io_buffer, 512, ide_sector_write);
1672 break;
1673 case WIN_MULTREAD_EXT:
1674 lba48 = 1;
1675 case WIN_MULTREAD:
1676 if (!s->mult_sectors)
1677 goto abort_cmd;
1678 ide_cmd_lba48_transform(s, lba48);
1679 s->req_nb_sectors = s->mult_sectors;
1680 ide_sector_read(s);
1681 break;
1682 case WIN_MULTWRITE_EXT:
1683 lba48 = 1;
1684 case WIN_MULTWRITE:
1685 if (!s->mult_sectors)
1686 goto abort_cmd;
1687 ide_cmd_lba48_transform(s, lba48);
1688 s->error = 0;
1689 s->status = SEEK_STAT | READY_STAT;
1690 s->req_nb_sectors = s->mult_sectors;
1691 n = s->nsector;
1692 if (n > s->req_nb_sectors)
1693 n = s->req_nb_sectors;
1694 ide_transfer_start(s, s->io_buffer, 512 * n, ide_sector_write);
1695 break;
1696 case WIN_READDMA_EXT:
1697 lba48 = 1;
1698 case WIN_READDMA:
1699 case WIN_READDMA_ONCE:
1700 if (!s->bs)
1701 goto abort_cmd;
1702 ide_cmd_lba48_transform(s, lba48);
1703 ide_sector_read_dma(s);
1704 break;
1705 case WIN_WRITEDMA_EXT:
1706 lba48 = 1;
1707 case WIN_WRITEDMA:
1708 case WIN_WRITEDMA_ONCE:
1709 if (!s->bs)
1710 goto abort_cmd;
1711 ide_cmd_lba48_transform(s, lba48);
1712 ide_sector_write_dma(s);
1713 break;
1714 case WIN_READ_NATIVE_MAX_EXT:
1715 lba48 = 1;
1716 case WIN_READ_NATIVE_MAX:
1717 ide_cmd_lba48_transform(s, lba48);
1718 ide_set_sector(s, s->nb_sectors - 1);
1719 s->status = READY_STAT;
1720 ide_set_irq(s);
1721 break;
1722 case WIN_CHECKPOWERMODE1:
1723 s->nsector = 0xff; /* device active or idle */
1724 s->status = READY_STAT;
1725 ide_set_irq(s);
1726 break;
1727 case WIN_SETFEATURES:
1728 if (!s->bs)
1729 goto abort_cmd;
1730 /* XXX: valid for CDROM ? */
1731 switch(s->feature) {
1732 case 0xcc: /* reverting to power-on defaults enable */
1733 case 0x66: /* reverting to power-on defaults disable */
1734 case 0x02: /* write cache enable */
1735 case 0x82: /* write cache disable */
1736 case 0xaa: /* read look-ahead enable */
1737 case 0x55: /* read look-ahead disable */
1738 s->status = READY_STAT | SEEK_STAT;
1739 ide_set_irq(s);
1740 break;
1741 case 0x03: { /* set transfer mode */
1742 uint8_t val = s->nsector & 0x07;
1743
1744 switch (s->nsector >> 3) {
1745 case 0x00: /* pio default */
1746 case 0x01: /* pio mode */
1747 put_le16(s->identify_data + 63,0x07);
1748 put_le16(s->identify_data + 88,0x3f);
1749 break;
1750 case 0x04: /* mdma mode */
1751 put_le16(s->identify_data + 63,0x07 | (1 << (val + 8)));
1752 put_le16(s->identify_data + 88,0x3f);
1753 break;
1754 case 0x08: /* udma mode */
1755 put_le16(s->identify_data + 63,0x07);
1756 put_le16(s->identify_data + 88,0x3f | (1 << (val + 8)));
1757 break;
1758 default:
1759 goto abort_cmd;
1760 }
1761 s->status = READY_STAT | SEEK_STAT;
1762 ide_set_irq(s);
1763 break;
1764 }
1765 default:
1766 goto abort_cmd;
1767 }
1768 break;
1769 case WIN_FLUSH_CACHE:
1770 case WIN_FLUSH_CACHE_EXT:
1771 if (s->bs)
1772 bdrv_flush(s->bs);
1773 s->status = READY_STAT;
1774 ide_set_irq(s);
1775 break;
1776 case WIN_STANDBYNOW1:
1777 case WIN_IDLEIMMEDIATE:
1778 s->status = READY_STAT;
1779 ide_set_irq(s);
1780 break;
1781 /* ATAPI commands */
1782 case WIN_PIDENTIFY:
1783 if (s->is_cdrom) {
1784 ide_atapi_identify(s);
1785 s->status = READY_STAT | SEEK_STAT;
1786 ide_transfer_start(s, s->io_buffer, 512, ide_transfer_stop);
1787 } else {
1788 ide_abort_command(s);
1789 }
1790 ide_set_irq(s);
1791 break;
1792 case WIN_DIAGNOSE:
1793 ide_set_signature(s);
1794 s->status = 0x00; /* NOTE: READY is _not_ set */
1795 s->error = 0x01;
1796 break;
1797 case WIN_SRST:
1798 if (!s->is_cdrom)
1799 goto abort_cmd;
1800 ide_set_signature(s);
1801 s->status = 0x00; /* NOTE: READY is _not_ set */
1802 s->error = 0x01;
1803 break;
1804 case WIN_PACKETCMD:
1805 if (!s->is_cdrom)
1806 goto abort_cmd;
1807 /* overlapping commands not supported */
1808 if (s->feature & 0x02)
1809 goto abort_cmd;
1810 s->atapi_dma = s->feature & 1;
1811 s->nsector = 1;
1812 ide_transfer_start(s, s->io_buffer, ATAPI_PACKET_SIZE,
1813 ide_atapi_cmd);
1814 break;
1815 default:
1816 abort_cmd:
1817 ide_abort_command(s);
1818 ide_set_irq(s);
1819 break;
1820 }
1821 }
1822 }
1823
1824 static uint32_t ide_ioport_read(void *opaque, uint32_t addr1)
1825 {
1826 IDEState *ide_if = opaque;
1827 IDEState *s = ide_if->cur_drive;
1828 uint32_t addr;
1829 int ret, hob;
1830
1831 addr = addr1 & 7;
1832 /* FIXME: HOB readback uses bit 7, but it's always set right now */
1833 //hob = s->select & (1 << 7);
1834 hob = 0;
1835 switch(addr) {
1836 case 0:
1837 ret = 0xff;
1838 break;
1839 case 1:
1840 if (!ide_if[0].bs && !ide_if[1].bs)
1841 ret = 0;
1842 else if (!hob)
1843 ret = s->error;
1844 else
1845 ret = s->hob_feature;
1846 break;
1847 case 2:
1848 if (!ide_if[0].bs && !ide_if[1].bs)
1849 ret = 0;
1850 else if (!hob)
1851 ret = s->nsector & 0xff;
1852 else
1853 ret = s->hob_nsector;
1854 break;
1855 case 3:
1856 if (!ide_if[0].bs && !ide_if[1].bs)
1857 ret = 0;
1858 else if (!hob)
1859 ret = s->sector;
1860 else
1861 ret = s->hob_sector;
1862 break;
1863 case 4:
1864 if (!ide_if[0].bs && !ide_if[1].bs)
1865 ret = 0;
1866 else if (!hob)
1867 ret = s->lcyl;
1868 else
1869 ret = s->hob_lcyl;
1870 break;
1871 case 5:
1872 if (!ide_if[0].bs && !ide_if[1].bs)
1873 ret = 0;
1874 else if (!hob)
1875 ret = s->hcyl;
1876 else
1877 ret = s->hob_hcyl;
1878 break;
1879 case 6:
1880 if (!ide_if[0].bs && !ide_if[1].bs)
1881 ret = 0;
1882 else
1883 ret = s->select;
1884 break;
1885 default:
1886 case 7:
1887 if ((!ide_if[0].bs && !ide_if[1].bs) ||
1888 (s != ide_if && !s->bs))
1889 ret = 0;
1890 else
1891 ret = s->status;
1892 s->set_irq(s->irq_opaque, s->irq, 0);
1893 break;
1894 }
1895 #ifdef DEBUG_IDE
1896 printf("ide: read addr=0x%x val=%02x\n", addr1, ret);
1897 #endif
1898 return ret;
1899 }
1900
1901 static uint32_t ide_status_read(void *opaque, uint32_t addr)
1902 {
1903 IDEState *ide_if = opaque;
1904 IDEState *s = ide_if->cur_drive;
1905 int ret;
1906
1907 if ((!ide_if[0].bs && !ide_if[1].bs) ||
1908 (s != ide_if && !s->bs))
1909 ret = 0;
1910 else
1911 ret = s->status;
1912 #ifdef DEBUG_IDE
1913 printf("ide: read status addr=0x%x val=%02x\n", addr, ret);
1914 #endif
1915 return ret;
1916 }
1917
1918 static void ide_cmd_write(void *opaque, uint32_t addr, uint32_t val)
1919 {
1920 IDEState *ide_if = opaque;
1921 IDEState *s;
1922 int i;
1923
1924 #ifdef DEBUG_IDE
1925 printf("ide: write control addr=0x%x val=%02x\n", addr, val);
1926 #endif
1927 /* common for both drives */
1928 if (!(ide_if[0].cmd & IDE_CMD_RESET) &&
1929 (val & IDE_CMD_RESET)) {
1930 /* reset low to high */
1931 for(i = 0;i < 2; i++) {
1932 s = &ide_if[i];
1933 s->status = BUSY_STAT | SEEK_STAT;
1934 s->error = 0x01;
1935 }
1936 } else if ((ide_if[0].cmd & IDE_CMD_RESET) &&
1937 !(val & IDE_CMD_RESET)) {
1938 /* high to low */
1939 for(i = 0;i < 2; i++) {
1940 s = &ide_if[i];
1941 if (s->is_cdrom)
1942 s->status = 0x00; /* NOTE: READY is _not_ set */
1943 else
1944 s->status = READY_STAT | SEEK_STAT;
1945 ide_set_signature(s);
1946 }
1947 }
1948
1949 ide_if[0].cmd = val;
1950 ide_if[1].cmd = val;
1951 }
1952
1953 static void ide_data_writew(void *opaque, uint32_t addr, uint32_t val)
1954 {
1955 IDEState *s = ((IDEState *)opaque)->cur_drive;
1956 uint8_t *p;
1957
1958 p = s->data_ptr;
1959 *(uint16_t *)p = le16_to_cpu(val);
1960 p += 2;
1961 s->data_ptr = p;
1962 if (p >= s->data_end)
1963 s->end_transfer_func(s);
1964 }
1965
1966 static uint32_t ide_data_readw(void *opaque, uint32_t addr)
1967 {
1968 IDEState *s = ((IDEState *)opaque)->cur_drive;
1969 uint8_t *p;
1970 int ret;
1971 p = s->data_ptr;
1972 ret = cpu_to_le16(*(uint16_t *)p);
1973 p += 2;
1974 s->data_ptr = p;
1975 if (p >= s->data_end)
1976 s->end_transfer_func(s);
1977 return ret;
1978 }
1979
1980 static void ide_data_writel(void *opaque, uint32_t addr, uint32_t val)
1981 {
1982 IDEState *s = ((IDEState *)opaque)->cur_drive;
1983 uint8_t *p;
1984
1985 p = s->data_ptr;
1986 *(uint32_t *)p = le32_to_cpu(val);
1987 p += 4;
1988 s->data_ptr = p;
1989 if (p >= s->data_end)
1990 s->end_transfer_func(s);
1991 }
1992
1993 static uint32_t ide_data_readl(void *opaque, uint32_t addr)
1994 {
1995 IDEState *s = ((IDEState *)opaque)->cur_drive;
1996 uint8_t *p;
1997 int ret;
1998
1999 p = s->data_ptr;
2000 ret = cpu_to_le32(*(uint32_t *)p);
2001 p += 4;
2002 s->data_ptr = p;
2003 if (p >= s->data_end)
2004 s->end_transfer_func(s);
2005 return ret;
2006 }
2007
2008 static void ide_dummy_transfer_stop(IDEState *s)
2009 {
2010 s->data_ptr = s->io_buffer;
2011 s->data_end = s->io_buffer;
2012 s->io_buffer[0] = 0xff;
2013 s->io_buffer[1] = 0xff;
2014 s->io_buffer[2] = 0xff;
2015 s->io_buffer[3] = 0xff;
2016 }
2017
2018 static void ide_reset(IDEState *s)
2019 {
2020 s->mult_sectors = MAX_MULT_SECTORS;
2021 s->cur_drive = s;
2022 s->select = 0xa0;
2023 s->status = READY_STAT;
2024 ide_set_signature(s);
2025 /* init the transfer handler so that 0xffff is returned on data
2026 accesses */
2027 s->end_transfer_func = ide_dummy_transfer_stop;
2028 ide_dummy_transfer_stop(s);
2029 }
2030
2031 struct partition {
2032 uint8_t boot_ind; /* 0x80 - active */
2033 uint8_t head; /* starting head */
2034 uint8_t sector; /* starting sector */
2035 uint8_t cyl; /* starting cylinder */
2036 uint8_t sys_ind; /* What partition type */
2037 uint8_t end_head; /* end head */
2038 uint8_t end_sector; /* end sector */
2039 uint8_t end_cyl; /* end cylinder */
2040 uint32_t start_sect; /* starting sector counting from 0 */
2041 uint32_t nr_sects; /* nr of sectors in partition */
2042 } __attribute__((packed));
2043
2044 /* try to guess the disk logical geometry from the MSDOS partition table. Return 0 if OK, -1 if could not guess */
2045 static int guess_disk_lchs(IDEState *s,
2046 int *pcylinders, int *pheads, int *psectors)
2047 {
2048 uint8_t buf[512];
2049 int ret, i, heads, sectors, cylinders;
2050 struct partition *p;
2051 uint32_t nr_sects;
2052
2053 ret = bdrv_read(s->bs, 0, buf, 1);
2054 if (ret < 0)
2055 return -1;
2056 /* test msdos magic */
2057 if (buf[510] != 0x55 || buf[511] != 0xaa)
2058 return -1;
2059 for(i = 0; i < 4; i++) {
2060 p = ((struct partition *)(buf + 0x1be)) + i;
2061 nr_sects = le32_to_cpu(p->nr_sects);
2062 if (nr_sects && p->end_head) {
2063 /* We make the assumption that the partition terminates on
2064 a cylinder boundary */
2065 heads = p->end_head + 1;
2066 sectors = p->end_sector & 63;
2067 if (sectors == 0)
2068 continue;
2069 cylinders = s->nb_sectors / (heads * sectors);
2070 if (cylinders < 1 || cylinders > 16383)
2071 continue;
2072 *pheads = heads;
2073 *psectors = sectors;
2074 *pcylinders = cylinders;
2075 #if 0
2076 printf("guessed geometry: LCHS=%d %d %d\n",
2077 cylinders, heads, sectors);
2078 #endif
2079 return 0;
2080 }
2081 }
2082 return -1;
2083 }
2084
2085 static void ide_init2(IDEState *ide_state,
2086 BlockDriverState *hd0, BlockDriverState *hd1,
2087 SetIRQFunc *set_irq, void *irq_opaque, int irq)
2088 {
2089 IDEState *s;
2090 static int drive_serial = 1;
2091 int i, cylinders, heads, secs, translation, lba_detected = 0;
2092 int64_t nb_sectors;
2093
2094 for(i = 0; i < 2; i++) {
2095 s = ide_state + i;
2096 if (i == 0)
2097 s->bs = hd0;
2098 else
2099 s->bs = hd1;
2100 if (s->bs) {
2101 bdrv_get_geometry(s->bs, &nb_sectors);
2102 s->nb_sectors = nb_sectors;
2103 /* if a geometry hint is available, use it */
2104 bdrv_get_geometry_hint(s->bs, &cylinders, &heads, &secs);
2105 translation = bdrv_get_translation_hint(s->bs);
2106 if (cylinders != 0) {
2107 s->cylinders = cylinders;
2108 s->heads = heads;
2109 s->sectors = secs;
2110 } else {
2111 if (guess_disk_lchs(s, &cylinders, &heads, &secs) == 0) {
2112 if (heads > 16) {
2113 /* if heads > 16, it means that a BIOS LBA
2114 translation was active, so the default
2115 hardware geometry is OK */
2116 lba_detected = 1;
2117 goto default_geometry;
2118 } else {
2119 s->cylinders = cylinders;
2120 s->heads = heads;
2121 s->sectors = secs;
2122 /* disable any translation to be in sync with
2123 the logical geometry */
2124 if (translation == BIOS_ATA_TRANSLATION_AUTO) {
2125 bdrv_set_translation_hint(s->bs,
2126 BIOS_ATA_TRANSLATION_NONE);
2127 }
2128 }
2129 } else {
2130 default_geometry:
2131 /* if no geometry, use a standard physical disk geometry */
2132 cylinders = nb_sectors / (16 * 63);
2133 if (cylinders > 16383)
2134 cylinders = 16383;
2135 else if (cylinders < 2)
2136 cylinders = 2;
2137 s->cylinders = cylinders;
2138 s->heads = 16;
2139 s->sectors = 63;
2140 if ((lba_detected == 1) && (translation == BIOS_ATA_TRANSLATION_AUTO)) {
2141 if ((s->cylinders * s->heads) <= 131072) {
2142 bdrv_set_translation_hint(s->bs,
2143 BIOS_ATA_TRANSLATION_LARGE);
2144 } else {
2145 bdrv_set_translation_hint(s->bs,
2146 BIOS_ATA_TRANSLATION_LBA);
2147 }
2148 }
2149 }
2150 bdrv_set_geometry_hint(s->bs, s->cylinders, s->heads, s->sectors);
2151 }
2152 if (bdrv_get_type_hint(s->bs) == BDRV_TYPE_CDROM) {
2153 s->is_cdrom = 1;
2154 bdrv_set_change_cb(s->bs, cdrom_change_cb, s);
2155 }
2156 }
2157 s->drive_serial = drive_serial++;
2158 s->set_irq = set_irq;
2159 s->irq_opaque = irq_opaque;
2160 s->irq = irq;
2161 s->sector_write_timer = qemu_new_timer(vm_clock,
2162 ide_sector_write_timer_cb, s);
2163 ide_reset(s);
2164 }
2165 }
2166
2167 static void ide_init_ioport(IDEState *ide_state, int iobase, int iobase2)
2168 {
2169 register_ioport_write(iobase, 8, 1, ide_ioport_write, ide_state);
2170 register_ioport_read(iobase, 8, 1, ide_ioport_read, ide_state);
2171 if (iobase2) {
2172 register_ioport_read(iobase2, 1, 1, ide_status_read, ide_state);
2173 register_ioport_write(iobase2, 1, 1, ide_cmd_write, ide_state);
2174 }
2175
2176 /* data ports */
2177 register_ioport_write(iobase, 2, 2, ide_data_writew, ide_state);
2178 register_ioport_read(iobase, 2, 2, ide_data_readw, ide_state);
2179 register_ioport_write(iobase, 4, 4, ide_data_writel, ide_state);
2180 register_ioport_read(iobase, 4, 4, ide_data_readl, ide_state);
2181 }
2182
2183 /***********************************************************/
2184 /* ISA IDE definitions */
2185
2186 void isa_ide_init(int iobase, int iobase2, int irq,
2187 BlockDriverState *hd0, BlockDriverState *hd1)
2188 {
2189 IDEState *ide_state;
2190
2191 ide_state = qemu_mallocz(sizeof(IDEState) * 2);
2192 if (!ide_state)
2193 return;
2194
2195 ide_init2(ide_state, hd0, hd1, pic_set_irq_new, isa_pic, irq);
2196 ide_init_ioport(ide_state, iobase, iobase2);
2197 }
2198
2199 /***********************************************************/
2200 /* PCI IDE definitions */
2201
2202 static void cmd646_update_irq(PCIIDEState *d);
2203
2204 static void ide_map(PCIDevice *pci_dev, int region_num,
2205 uint32_t addr, uint32_t size, int type)
2206 {
2207 PCIIDEState *d = (PCIIDEState *)pci_dev;
2208 IDEState *ide_state;
2209
2210 if (region_num <= 3) {
2211 ide_state = &d->ide_if[(region_num >> 1) * 2];
2212 if (region_num & 1) {
2213 register_ioport_read(addr + 2, 1, 1, ide_status_read, ide_state);
2214 register_ioport_write(addr + 2, 1, 1, ide_cmd_write, ide_state);
2215 } else {
2216 register_ioport_write(addr, 8, 1, ide_ioport_write, ide_state);
2217 register_ioport_read(addr, 8, 1, ide_ioport_read, ide_state);
2218
2219 /* data ports */
2220 register_ioport_write(addr, 2, 2, ide_data_writew, ide_state);
2221 register_ioport_read(addr, 2, 2, ide_data_readw, ide_state);
2222 register_ioport_write(addr, 4, 4, ide_data_writel, ide_state);
2223 register_ioport_read(addr, 4, 4, ide_data_readl, ide_state);
2224 }
2225 }
2226 }
2227
2228 static void ide_dma_start(IDEState *s, BlockDriverCompletionFunc *dma_cb)
2229 {
2230 BMDMAState *bm = s->bmdma;
2231 if(!bm)
2232 return;
2233 bm->ide_if = s;
2234 bm->dma_cb = dma_cb;
2235 bm->cur_prd_last = 0;
2236 bm->cur_prd_addr = 0;
2237 bm->cur_prd_len = 0;
2238 if (bm->status & BM_STATUS_DMAING) {
2239 bm->dma_cb(bm, 0);
2240 }
2241 }
2242
2243 static void bmdma_cmd_writeb(void *opaque, uint32_t addr, uint32_t val)
2244 {
2245 BMDMAState *bm = opaque;
2246 #ifdef DEBUG_IDE
2247 printf("%s: 0x%08x\n", __func__, val);
2248 #endif
2249 if (!(val & BM_CMD_START)) {
2250 /* XXX: do it better */
2251 if (bm->status & BM_STATUS_DMAING) {
2252 bm->status &= ~BM_STATUS_DMAING;
2253 /* cancel DMA request */
2254 bm->ide_if = NULL;
2255 bm->dma_cb = NULL;
2256 if (bm->aiocb) {
2257 #ifdef DEBUG_AIO
2258 printf("aio_cancel\n");
2259 #endif
2260 bdrv_aio_cancel(bm->aiocb);
2261 bm->aiocb = NULL;
2262 }
2263 }
2264 bm->cmd = val & 0x09;
2265 } else {
2266 if (!(bm->status & BM_STATUS_DMAING)) {
2267 bm->status |= BM_STATUS_DMAING;
2268 /* start dma transfer if possible */
2269 if (bm->dma_cb)
2270 bm->dma_cb(bm, 0);
2271 }
2272 bm->cmd = val & 0x09;
2273 }
2274 }
2275
2276 static uint32_t bmdma_readb(void *opaque, uint32_t addr)
2277 {
2278 BMDMAState *bm = opaque;
2279 PCIIDEState *pci_dev;
2280 uint32_t val;
2281
2282 switch(addr & 3) {
2283 case 0:
2284 val = bm->cmd;
2285 break;
2286 case 1:
2287 pci_dev = bm->pci_dev;
2288 if (pci_dev->type == IDE_TYPE_CMD646) {
2289 val = pci_dev->dev.config[MRDMODE];
2290 } else {
2291 val = 0xff;
2292 }
2293 break;
2294 case 2:
2295 val = bm->status;
2296 break;
2297 case 3:
2298 pci_dev = bm->pci_dev;
2299 if (pci_dev->type == IDE_TYPE_CMD646) {
2300 if (bm == &pci_dev->bmdma[0])
2301 val = pci_dev->dev.config[UDIDETCR0];
2302 else
2303 val = pci_dev->dev.config[UDIDETCR1];
2304 } else {
2305 val = 0xff;
2306 }
2307 break;
2308 default:
2309 val = 0xff;
2310 break;
2311 }
2312 #ifdef DEBUG_IDE
2313 printf("bmdma: readb 0x%02x : 0x%02x\n", addr, val);
2314 #endif
2315 return val;
2316 }
2317
2318 static void bmdma_writeb(void *opaque, uint32_t addr, uint32_t val)
2319 {
2320 BMDMAState *bm = opaque;
2321 PCIIDEState *pci_dev;
2322 #ifdef DEBUG_IDE
2323 printf("bmdma: writeb 0x%02x : 0x%02x\n", addr, val);
2324 #endif
2325 switch(addr & 3) {
2326 case 1:
2327 pci_dev = bm->pci_dev;
2328 if (pci_dev->type == IDE_TYPE_CMD646) {
2329 pci_dev->dev.config[MRDMODE] =
2330 (pci_dev->dev.config[MRDMODE] & ~0x30) | (val & 0x30);
2331 cmd646_update_irq(pci_dev);
2332 }
2333 break;
2334 case 2:
2335 bm->status = (val & 0x60) | (bm->status & 1) | (bm->status & ~val & 0x06);
2336 break;
2337 case 3:
2338 pci_dev = bm->pci_dev;
2339 if (pci_dev->type == IDE_TYPE_CMD646) {
2340 if (bm == &pci_dev->bmdma[0])
2341 pci_dev->dev.config[UDIDETCR0] = val;
2342 else
2343 pci_dev->dev.config[UDIDETCR1] = val;
2344 }
2345 break;
2346 }
2347 }
2348
2349 static uint32_t bmdma_addr_readl(void *opaque, uint32_t addr)
2350 {
2351 BMDMAState *bm = opaque;
2352 uint32_t val;
2353 val = bm->addr;
2354 #ifdef DEBUG_IDE
2355 printf("%s: 0x%08x\n", __func__, val);
2356 #endif
2357 return val;
2358 }
2359
2360 static void bmdma_addr_writel(void *opaque, uint32_t addr, uint32_t val)
2361 {
2362 BMDMAState *bm = opaque;
2363 #ifdef DEBUG_IDE
2364 printf("%s: 0x%08x\n", __func__, val);
2365 #endif
2366 bm->addr = val & ~3;
2367 bm->cur_addr = bm->addr;
2368 }
2369
2370 static void bmdma_map(PCIDevice *pci_dev, int region_num,
2371 uint32_t addr, uint32_t size, int type)
2372 {
2373 PCIIDEState *d = (PCIIDEState *)pci_dev;
2374 int i;
2375
2376 for(i = 0;i < 2; i++) {
2377 BMDMAState *bm = &d->bmdma[i];
2378 d->ide_if[2 * i].bmdma = bm;
2379 d->ide_if[2 * i + 1].bmdma = bm;
2380 bm->pci_dev = (PCIIDEState *)pci_dev;
2381
2382 register_ioport_write(addr, 1, 1, bmdma_cmd_writeb, bm);
2383
2384 register_ioport_write(addr + 1, 3, 1, bmdma_writeb, bm);
2385 register_ioport_read(addr, 4, 1, bmdma_readb, bm);
2386
2387 register_ioport_write(addr + 4, 4, 4, bmdma_addr_writel, bm);
2388 register_ioport_read(addr + 4, 4, 4, bmdma_addr_readl, bm);
2389 addr += 8;
2390 }
2391 }
2392
2393 /* XXX: call it also when the MRDMODE is changed from the PCI config
2394 registers */
2395 static void cmd646_update_irq(PCIIDEState *d)
2396 {
2397 int pci_level;
2398 pci_level = ((d->dev.config[MRDMODE] & MRDMODE_INTR_CH0) &&
2399 !(d->dev.config[MRDMODE] & MRDMODE_BLK_CH0)) ||
2400 ((d->dev.config[MRDMODE] & MRDMODE_INTR_CH1) &&
2401 !(d->dev.config[MRDMODE] & MRDMODE_BLK_CH1));
2402 pci_set_irq((PCIDevice *)d, 0, pci_level);
2403 }
2404
2405 /* the PCI irq level is the logical OR of the two channels */
2406 static void cmd646_set_irq(void *opaque, int channel, int level)
2407 {
2408 PCIIDEState *d = opaque;
2409 int irq_mask;
2410
2411 irq_mask = MRDMODE_INTR_CH0 << channel;
2412 if (level)
2413 d->dev.config[MRDMODE] |= irq_mask;
2414 else
2415 d->dev.config[MRDMODE] &= ~irq_mask;
2416 cmd646_update_irq(d);
2417 }
2418
2419 /* CMD646 PCI IDE controller */
2420 void pci_cmd646_ide_init(PCIBus *bus, BlockDriverState **hd_table,
2421 int secondary_ide_enabled)
2422 {
2423 PCIIDEState *d;
2424 uint8_t *pci_conf;
2425 int i;
2426
2427 d = (PCIIDEState *)pci_register_device(bus, "CMD646 IDE",
2428 sizeof(PCIIDEState),
2429 -1,
2430 NULL, NULL);
2431 d->type = IDE_TYPE_CMD646;
2432 pci_conf = d->dev.config;
2433 pci_conf[0x00] = 0x95; // CMD646
2434 pci_conf[0x01] = 0x10;
2435 pci_conf[0x02] = 0x46;
2436 pci_conf[0x03] = 0x06;
2437
2438 pci_conf[0x08] = 0x07; // IDE controller revision
2439 pci_conf[0x09] = 0x8f;
2440
2441 pci_conf[0x0a] = 0x01; // class_sub = PCI_IDE
2442 pci_conf[0x0b] = 0x01; // class_base = PCI_mass_storage
2443 pci_conf[0x0e] = 0x00; // header_type
2444
2445 if (secondary_ide_enabled) {
2446 /* XXX: if not enabled, really disable the seconday IDE controller */
2447 pci_conf[0x51] = 0x80; /* enable IDE1 */
2448 }
2449
2450 pci_register_io_region((PCIDevice *)d, 0, 0x8,
2451 PCI_ADDRESS_SPACE_IO, ide_map);
2452 pci_register_io_region((PCIDevice *)d, 1, 0x4,
2453 PCI_ADDRESS_SPACE_IO, ide_map);
2454 pci_register_io_region((PCIDevice *)d, 2, 0x8,
2455 PCI_ADDRESS_SPACE_IO, ide_map);
2456 pci_register_io_region((PCIDevice *)d, 3, 0x4,
2457 PCI_ADDRESS_SPACE_IO, ide_map);
2458 pci_register_io_region((PCIDevice *)d, 4, 0x10,
2459 PCI_ADDRESS_SPACE_IO, bmdma_map);
2460
2461 pci_conf[0x3d] = 0x01; // interrupt on pin 1
2462
2463 for(i = 0; i < 4; i++)
2464 d->ide_if[i].pci_dev = (PCIDevice *)d;
2465 ide_init2(&d->ide_if[0], hd_table[0], hd_table[1],
2466 cmd646_set_irq, d, 0);
2467 ide_init2(&d->ide_if[2], hd_table[2], hd_table[3],
2468 cmd646_set_irq, d, 1);
2469 }
2470
2471 static void pci_ide_save(QEMUFile* f, void *opaque)
2472 {
2473 PCIIDEState *d = opaque;
2474 int i;
2475
2476 pci_device_save(&d->dev, f);
2477
2478 for(i = 0; i < 2; i++) {
2479 BMDMAState *bm = &d->bmdma[i];
2480 qemu_put_8s(f, &bm->cmd);
2481 qemu_put_8s(f, &bm->status);
2482 qemu_put_be32s(f, &bm->addr);
2483 /* XXX: if a transfer is pending, we do not save it yet */
2484 }
2485
2486 /* per IDE interface data */
2487 for(i = 0; i < 2; i++) {
2488 IDEState *s = &d->ide_if[i * 2];
2489 uint8_t drive1_selected;
2490 qemu_put_8s(f, &s->cmd);
2491 drive1_selected = (s->cur_drive != s);
2492 qemu_put_8s(f, &drive1_selected);
2493 }
2494
2495 /* per IDE drive data */
2496 for(i = 0; i < 4; i++) {
2497 IDEState *s = &d->ide_if[i];
2498 qemu_put_be32s(f, &s->mult_sectors);
2499 qemu_put_be32s(f, &s->identify_set);
2500 if (s->identify_set) {
2501 qemu_put_buffer(f, (const uint8_t *)s->identify_data, 512);
2502 }
2503 qemu_put_8s(f, &s->feature);
2504 qemu_put_8s(f, &s->error);
2505 qemu_put_be32s(f, &s->nsector);
2506 qemu_put_8s(f, &s->sector);
2507 qemu_put_8s(f, &s->lcyl);
2508 qemu_put_8s(f, &s->hcyl);
2509 qemu_put_8s(f, &s->hob_feature);
2510 qemu_put_8s(f, &s->hob_nsector);
2511 qemu_put_8s(f, &s->hob_sector);
2512 qemu_put_8s(f, &s->hob_lcyl);
2513 qemu_put_8s(f, &s->hob_hcyl);
2514 qemu_put_8s(f, &s->select);
2515 qemu_put_8s(f, &s->status);
2516 qemu_put_8s(f, &s->lba48);
2517
2518 qemu_put_8s(f, &s->sense_key);
2519 qemu_put_8s(f, &s->asc);
2520 /* XXX: if a transfer is pending, we do not save it yet */
2521 }
2522 }
2523
2524 static int pci_ide_load(QEMUFile* f, void *opaque, int version_id)
2525 {
2526 PCIIDEState *d = opaque;
2527 int ret, i;
2528
2529 if (version_id != 1)
2530 return -EINVAL;
2531 ret = pci_device_load(&d->dev, f);
2532 if (ret < 0)
2533 return ret;
2534
2535 for(i = 0; i < 2; i++) {
2536 BMDMAState *bm = &d->bmdma[i];
2537 qemu_get_8s(f, &bm->cmd);
2538 qemu_get_8s(f, &bm->status);
2539 qemu_get_be32s(f, &bm->addr);
2540 /* XXX: if a transfer is pending, we do not save it yet */
2541 }
2542
2543 /* per IDE interface data */
2544 for(i = 0; i < 2; i++) {
2545 IDEState *s = &d->ide_if[i * 2];
2546 uint8_t drive1_selected;
2547 qemu_get_8s(f, &s->cmd);
2548 qemu_get_8s(f, &drive1_selected);
2549 s->cur_drive = &d->ide_if[i * 2 + (drive1_selected != 0)];
2550 }
2551
2552 /* per IDE drive data */
2553 for(i = 0; i < 4; i++) {
2554 IDEState *s = &d->ide_if[i];
2555 qemu_get_be32s(f, &s->mult_sectors);
2556 qemu_get_be32s(f, &s->identify_set);
2557 if (s->identify_set) {
2558 qemu_get_buffer(f, (uint8_t *)s->identify_data, 512);
2559 }
2560 qemu_get_8s(f, &s->feature);
2561 qemu_get_8s(f, &s->error);
2562 qemu_get_be32s(f, &s->nsector);
2563 qemu_get_8s(f, &s->sector);
2564 qemu_get_8s(f, &s->lcyl);
2565 qemu_get_8s(f, &s->hcyl);
2566 qemu_get_8s(f, &s->hob_feature);
2567 qemu_get_8s(f, &s->hob_nsector);
2568 qemu_get_8s(f, &s->hob_sector);
2569 qemu_get_8s(f, &s->hob_lcyl);
2570 qemu_get_8s(f, &s->hob_hcyl);
2571 qemu_get_8s(f, &s->select);
2572 qemu_get_8s(f, &s->status);
2573 qemu_get_8s(f, &s->lba48);
2574
2575 qemu_get_8s(f, &s->sense_key);
2576 qemu_get_8s(f, &s->asc);
2577 /* XXX: if a transfer is pending, we do not save it yet */
2578 }
2579 return 0;
2580 }
2581
2582 static void piix3_reset(PCIIDEState *d)
2583 {
2584 uint8_t *pci_conf = d->dev.config;
2585
2586 pci_conf[0x04] = 0x00;
2587 pci_conf[0x05] = 0x00;
2588 pci_conf[0x06] = 0x80; /* FBC */
2589 pci_conf[0x07] = 0x02; // PCI_status_devsel_medium
2590 pci_conf[0x20] = 0x01; /* BMIBA: 20-23h */
2591 }
2592
2593 void pci_piix_ide_init(PCIBus *bus, BlockDriverState **hd_table, int devfn)
2594 {
2595 PCIIDEState *d;
2596 uint8_t *pci_conf;
2597
2598 /* register a function 1 of PIIX */
2599 d = (PCIIDEState *)pci_register_device(bus, "PIIX IDE",
2600 sizeof(PCIIDEState),
2601 devfn,
2602 NULL, NULL);
2603 d->type = IDE_TYPE_PIIX3;
2604
2605 pci_conf = d->dev.config;
2606 pci_conf[0x00] = 0x86; // Intel
2607 pci_conf[0x01] = 0x80;
2608 pci_conf[0x02] = 0x30;
2609 pci_conf[0x03] = 0x12;
2610 pci_conf[0x08] = 0x02; // Step A1
2611 pci_conf[0x09] = 0x80; // legacy ATA mode
2612 pci_conf[0x0a] = 0x01; // class_sub = PCI_IDE
2613 pci_conf[0x0b] = 0x01; // class_base = PCI_mass_storage
2614 pci_conf[0x0e] = 0x00; // header_type
2615
2616 piix3_reset(d);
2617
2618 pci_register_io_region((PCIDevice *)d, 4, 0x10,
2619 PCI_ADDRESS_SPACE_IO, bmdma_map);
2620
2621 ide_init2(&d->ide_if[0], hd_table[0], hd_table[1],
2622 pic_set_irq_new, isa_pic, 14);
2623 ide_init2(&d->ide_if[2], hd_table[2], hd_table[3],
2624 pic_set_irq_new, isa_pic, 15);
2625 ide_init_ioport(&d->ide_if[0], 0x1f0, 0x3f6);
2626 ide_init_ioport(&d->ide_if[2], 0x170, 0x376);
2627
2628 register_savevm("ide", 0, 1, pci_ide_save, pci_ide_load, d);
2629 }
2630
2631 /* hd_table must contain 4 block drivers */
2632 /* NOTE: for the PIIX3, the IRQs and IOports are hardcoded */
2633 void pci_piix3_ide_init(PCIBus *bus, BlockDriverState **hd_table, int devfn)
2634 {
2635 PCIIDEState *d;
2636 uint8_t *pci_conf;
2637
2638 /* register a function 1 of PIIX3 */
2639 d = (PCIIDEState *)pci_register_device(bus, "PIIX3 IDE",
2640 sizeof(PCIIDEState),
2641 devfn,
2642 NULL, NULL);
2643 d->type = IDE_TYPE_PIIX3;
2644
2645 pci_conf = d->dev.config;
2646 pci_conf[0x00] = 0x86; // Intel
2647 pci_conf[0x01] = 0x80;
2648 pci_conf[0x02] = 0x10;
2649 pci_conf[0x03] = 0x70;
2650 pci_conf[0x09] = 0x80; // legacy ATA mode
2651 pci_conf[0x0a] = 0x01; // class_sub = PCI_IDE
2652 pci_conf[0x0b] = 0x01; // class_base = PCI_mass_storage
2653 pci_conf[0x0e] = 0x00; // header_type
2654
2655 piix3_reset(d);
2656
2657 pci_register_io_region((PCIDevice *)d, 4, 0x10,
2658 PCI_ADDRESS_SPACE_IO, bmdma_map);
2659
2660 ide_init2(&d->ide_if[0], hd_table[0], hd_table[1],
2661 pic_set_irq_new, isa_pic, 14);
2662 ide_init2(&d->ide_if[2], hd_table[2], hd_table[3],
2663 pic_set_irq_new, isa_pic, 15);
2664 ide_init_ioport(&d->ide_if[0], 0x1f0, 0x3f6);
2665 ide_init_ioport(&d->ide_if[2], 0x170, 0x376);
2666
2667 register_savevm("ide", 0, 1, pci_ide_save, pci_ide_load, d);
2668 }
2669
2670 /***********************************************************/
2671 /* MacIO based PowerPC IDE */
2672
2673 /* PowerMac IDE memory IO */
2674 static void pmac_ide_writeb (void *opaque,
2675 target_phys_addr_t addr, uint32_t val)
2676 {
2677 addr = (addr & 0xFFF) >> 4;
2678 switch (addr) {
2679 case 1 ... 7:
2680 ide_ioport_write(opaque, addr, val);
2681 break;
2682 case 8:
2683 case 22:
2684 ide_cmd_write(opaque, 0, val);
2685 break;
2686 default:
2687 break;
2688 }
2689 }
2690
2691 static uint32_t pmac_ide_readb (void *opaque,target_phys_addr_t addr)
2692 {
2693 uint8_t retval;
2694
2695 addr = (addr & 0xFFF) >> 4;
2696 switch (addr) {
2697 case 1 ... 7:
2698 retval = ide_ioport_read(opaque, addr);
2699 break;
2700 case 8:
2701 case 22:
2702 retval = ide_status_read(opaque, 0);
2703 break;
2704 default:
2705 retval = 0xFF;
2706 break;
2707 }
2708 return retval;
2709 }
2710
2711 static void pmac_ide_writew (void *opaque,
2712 target_phys_addr_t addr, uint32_t val)
2713 {
2714 addr = (addr & 0xFFF) >> 4;
2715 #ifdef TARGET_WORDS_BIGENDIAN
2716 val = bswap16(val);
2717 #endif
2718 if (addr == 0) {
2719 ide_data_writew(opaque, 0, val);
2720 }
2721 }
2722
2723 static uint32_t pmac_ide_readw (void *opaque,target_phys_addr_t addr)
2724 {
2725 uint16_t retval;
2726
2727 addr = (addr & 0xFFF) >> 4;
2728 if (addr == 0) {
2729 retval = ide_data_readw(opaque, 0);
2730 } else {
2731 retval = 0xFFFF;
2732 }
2733 #ifdef TARGET_WORDS_BIGENDIAN
2734 retval = bswap16(retval);
2735 #endif
2736 return retval;
2737 }
2738
2739 static void pmac_ide_writel (void *opaque,
2740 target_phys_addr_t addr, uint32_t val)
2741 {
2742 addr = (addr & 0xFFF) >> 4;
2743 #ifdef TARGET_WORDS_BIGENDIAN
2744 val = bswap32(val);
2745 #endif
2746 if (addr == 0) {
2747 ide_data_writel(opaque, 0, val);
2748 }
2749 }
2750
2751 static uint32_t pmac_ide_readl (void *opaque,target_phys_addr_t addr)
2752 {
2753 uint32_t retval;
2754
2755 addr = (addr & 0xFFF) >> 4;
2756 if (addr == 0) {
2757 retval = ide_data_readl(opaque, 0);
2758 } else {
2759 retval = 0xFFFFFFFF;
2760 }
2761 #ifdef TARGET_WORDS_BIGENDIAN
2762 retval = bswap32(retval);
2763 #endif
2764 return retval;
2765 }
2766
2767 static CPUWriteMemoryFunc *pmac_ide_write[] = {
2768 pmac_ide_writeb,
2769 pmac_ide_writew,
2770 pmac_ide_writel,
2771 };
2772
2773 static CPUReadMemoryFunc *pmac_ide_read[] = {
2774 pmac_ide_readb,
2775 pmac_ide_readw,
2776 pmac_ide_readl,
2777 };
2778
2779 /* hd_table must contain 4 block drivers */
2780 /* PowerMac uses memory mapped registers, not I/O. Return the memory
2781 I/O index to access the ide. */
2782 int pmac_ide_init (BlockDriverState **hd_table,
2783 SetIRQFunc *set_irq, void *irq_opaque, int irq)
2784 {
2785 IDEState *ide_if;
2786 int pmac_ide_memory;
2787
2788 ide_if = qemu_mallocz(sizeof(IDEState) * 2);
2789 ide_init2(&ide_if[0], hd_table[0], hd_table[1],
2790 set_irq, irq_opaque, irq);
2791
2792 pmac_ide_memory = cpu_register_io_memory(0, pmac_ide_read,
2793 pmac_ide_write, &ide_if[0]);
2794 return pmac_ide_memory;
2795 }
Samsung s3c2440 and arm920t support for the mini2440 dev board