hw/ide/core.c

   1 /*
   2  * QEMU IDE disk and CD/DVD-ROM Emulator
   3  *
   4  * Copyright (c) 2003 Fabrice Bellard
   5  * Copyright (c) 2006 Openedhand Ltd.
   6  *
   7  * Permission is hereby granted, free of charge, to any person obtaining a copy
   8  * of this software and associated documentation files (the "Software"), to deal
   9  * in the Software without restriction, including without limitation the rights
  10  * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
  11  * copies of the Software, and to permit persons to whom the Software is
  12  * furnished to do so, subject to the following conditions:
  13  *
  14  * The above copyright notice and this permission notice shall be included in
  15  * all copies or substantial portions of the Software.
  16  *
  17  * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
  18  * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
  19  * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
  20  * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
  21  * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
  22  * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
  23  * THE SOFTWARE.
  24  */
  25 #include <hw/hw.h>
  26 #include <hw/pc.h>
  27 #include <hw/pci.h>
  28 #include "qemu-error.h"
  29 #include "qemu-timer.h"
  30 #include "sysemu.h"
  31 #include "dma.h"
  32 #include "blockdev.h"
  33
  34 #include <hw/ide/internal.h>
  35
  36 /* These values were based on a Seagate ST3500418AS but have been modified
  37    to make more sense in QEMU */
  38 static const int smart_attributes[][12] = {
  39     /* id,  flags, hflags, val, wrst, raw (6 bytes), threshold */
  40     /* raw read error rate*/
  41     { 0x01, 0x03, 0x00, 0x64, 0x64, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x06},
  42     /* spin up */
  43     { 0x03, 0x03, 0x00, 0x64, 0x64, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
  44     /* start stop count */
  45     { 0x04, 0x02, 0x00, 0x64, 0x64, 0x64, 0x00, 0x00, 0x00, 0x00, 0x00, 0x14},
  46     /* remapped sectors */
  47     { 0x05, 0x03, 0x00, 0x64, 0x64, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x24},
  48     /* power on hours */
  49     { 0x09, 0x03, 0x00, 0x64, 0x64, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
  50     /* power cycle count */
  51     { 0x0c, 0x03, 0x00, 0x64, 0x64, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
  52     /* airflow-temperature-celsius */
  53     { 190,  0x03, 0x00, 0x45, 0x45, 0x1f, 0x00, 0x1f, 0x1f, 0x00, 0x00, 0x32},
  54     /* end of list */
  55     { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}
  56 };
  57
  58 static int ide_handle_rw_error(IDEState *s, int error, int op);
  59
  60 static void padstr(char *str, const char *src, int len)
  61 {
  62     int i, v;
  63     for(i = 0; i < len; i++) {
  64         if (*src)
  65             v = *src++;
  66         else
  67             v = ' ';
  68         str[i^1] = v;
  69     }
  70 }
  71
  72 static void put_le16(uint16_t *p, unsigned int v)
  73 {
  74     *p = cpu_to_le16(v);
  75 }
  76
  77 static void ide_identify(IDEState *s)
  78 {
  79     uint16_t *p;
  80     unsigned int oldsize;
  81     IDEDevice *dev;
  82
  83     if (s->identify_set) {
  84         memcpy(s->io_buffer, s->identify_data, sizeof(s->identify_data));
  85         return;
  86     }
  87
  88     memset(s->io_buffer, 0, 512);
  89     p = (uint16_t *)s->io_buffer;
  90     put_le16(p + 0, 0x0040);
  91     put_le16(p + 1, s->cylinders);
  92     put_le16(p + 3, s->heads);
  93     put_le16(p + 4, 512 * s->sectors); /* XXX: retired, remove ? */
  94     put_le16(p + 5, 512); /* XXX: retired, remove ? */
  95     put_le16(p + 6, s->sectors);
  96     padstr((char *)(p + 10), s->drive_serial_str, 20); /* serial number */
  97     put_le16(p + 20, 3); /* XXX: retired, remove ? */
  98     put_le16(p + 21, 512); /* cache size in sectors */
  99     put_le16(p + 22, 4); /* ecc bytes */
 100     padstr((char *)(p + 23), s->version, 8); /* firmware version */
 101     padstr((char *)(p + 27), "QEMU HARDDISK", 40); /* model */
 102 #if MAX_MULT_SECTORS > 1
 103     put_le16(p + 47, 0x8000 | MAX_MULT_SECTORS);
 104 #endif
 105     put_le16(p + 48, 1); /* dword I/O */
 106     put_le16(p + 49, (1 << 11) | (1 << 9) | (1 << 8)); /* DMA and LBA supported */
 107     put_le16(p + 51, 0x200); /* PIO transfer cycle */
 108     put_le16(p + 52, 0x200); /* DMA transfer cycle */
 109     put_le16(p + 53, 1 | (1 << 1) | (1 << 2)); /* words 54-58,64-70,88 are valid */
 110     put_le16(p + 54, s->cylinders);
 111     put_le16(p + 55, s->heads);
 112     put_le16(p + 56, s->sectors);
 113     oldsize = s->cylinders * s->heads * s->sectors;
 114     put_le16(p + 57, oldsize);
 115     put_le16(p + 58, oldsize >> 16);
 116     if (s->mult_sectors)
 117         put_le16(p + 59, 0x100 | s->mult_sectors);
 118     put_le16(p + 60, s->nb_sectors);
 119     put_le16(p + 61, s->nb_sectors >> 16);
 120     put_le16(p + 62, 0x07); /* single word dma0-2 supported */
 121     put_le16(p + 63, 0x07); /* mdma0-2 supported */
 122     put_le16(p + 64, 0x03); /* pio3-4 supported */
 123     put_le16(p + 65, 120);
 124     put_le16(p + 66, 120);
 125     put_le16(p + 67, 120);
 126     put_le16(p + 68, 120);
 127
 128     if (s->ncq_queues) {
 129         put_le16(p + 75, s->ncq_queues - 1);
 130         /* NCQ supported */
 131         put_le16(p + 76, (1 << 8));
 132     }
 133
 134     put_le16(p + 80, 0xf0); /* ata3 -> ata6 supported */
 135     put_le16(p + 81, 0x16); /* conforms to ata5 */
 136     /* 14=NOP supported, 5=WCACHE supported, 0=SMART supported */
 137     put_le16(p + 82, (1 << 14) | (1 << 5) | 1);
 138     /* 13=flush_cache_ext,12=flush_cache,10=lba48 */
 139     put_le16(p + 83, (1 << 14) | (1 << 13) | (1 <<12) | (1 << 10));
 140     /* 14=set to 1, 1=SMART self test, 0=SMART error logging */
 141     put_le16(p + 84, (1 << 14) | 0);
 142     /* 14 = NOP supported, 5=WCACHE enabled, 0=SMART feature set enabled */
 143     if (bdrv_enable_write_cache(s->bs))
 144          put_le16(p + 85, (1 << 14) | (1 << 5) | 1);
 145     else
 146          put_le16(p + 85, (1 << 14) | 1);
 147     /* 13=flush_cache_ext,12=flush_cache,10=lba48 */
 148     put_le16(p + 86, (1 << 14) | (1 << 13) | (1 <<12) | (1 << 10));
 149     /* 14=set to 1, 1=smart self test, 0=smart error logging */
 150     put_le16(p + 87, (1 << 14) | 0);
 151     put_le16(p + 88, 0x3f | (1 << 13)); /* udma5 set and supported */
 152     put_le16(p + 93, 1 | (1 << 14) | 0x2000);
 153     put_le16(p + 100, s->nb_sectors);
 154     put_le16(p + 101, s->nb_sectors >> 16);
 155     put_le16(p + 102, s->nb_sectors >> 32);
 156     put_le16(p + 103, s->nb_sectors >> 48);
 157     dev = s->unit ? s->bus->slave : s->bus->master;
 158     if (dev && dev->conf.physical_block_size)
 159         put_le16(p + 106, 0x6000 | get_physical_block_exp(&dev->conf));
 160
 161     memcpy(s->identify_data, p, sizeof(s->identify_data));
 162     s->identify_set = 1;
 163 }
 164
 165 static void ide_atapi_identify(IDEState *s)
 166 {
 167     uint16_t *p;
 168
 169     if (s->identify_set) {
 170         memcpy(s->io_buffer, s->identify_data, sizeof(s->identify_data));
 171         return;
 172     }
 173
 174     memset(s->io_buffer, 0, 512);
 175     p = (uint16_t *)s->io_buffer;
 176     /* Removable CDROM, 50us response, 12 byte packets */
 177     put_le16(p + 0, (2 << 14) | (5 << 8) | (1 << 7) | (2 << 5) | (0 << 0));
 178     padstr((char *)(p + 10), s->drive_serial_str, 20); /* serial number */
 179     put_le16(p + 20, 3); /* buffer type */
 180     put_le16(p + 21, 512); /* cache size in sectors */
 181     put_le16(p + 22, 4); /* ecc bytes */
 182     padstr((char *)(p + 23), s->version, 8); /* firmware version */
 183     padstr((char *)(p + 27), "QEMU DVD-ROM", 40); /* model */
 184     put_le16(p + 48, 1); /* dword I/O (XXX: should not be set on CDROM) */
 185 #ifdef USE_DMA_CDROM
 186     put_le16(p + 49, 1 << 9 | 1 << 8); /* DMA and LBA supported */
 187     put_le16(p + 53, 7); /* words 64-70, 54-58, 88 valid */
 188     put_le16(p + 62, 7);  /* single word dma0-2 supported */
 189     put_le16(p + 63, 7);  /* mdma0-2 supported */
 190 #else
 191     put_le16(p + 49, 1 << 9); /* LBA supported, no DMA */
 192     put_le16(p + 53, 3); /* words 64-70, 54-58 valid */
 193     put_le16(p + 63, 0x103); /* DMA modes XXX: may be incorrect */
 194 #endif
 195     put_le16(p + 64, 3); /* pio3-4 supported */
 196     put_le16(p + 65, 0xb4); /* minimum DMA multiword tx cycle time */
 197     put_le16(p + 66, 0xb4); /* recommended DMA multiword tx cycle time */
 198     put_le16(p + 67, 0x12c); /* minimum PIO cycle time without flow control */
 199     put_le16(p + 68, 0xb4); /* minimum PIO cycle time with IORDY flow control */
 200
 201     put_le16(p + 71, 30); /* in ns */
 202     put_le16(p + 72, 30); /* in ns */
 203
 204     if (s->ncq_queues) {
 205         put_le16(p + 75, s->ncq_queues - 1);
 206         /* NCQ supported */
 207         put_le16(p + 76, (1 << 8));
 208     }
 209
 210     put_le16(p + 80, 0x1e); /* support up to ATA/ATAPI-4 */
 211 #ifdef USE_DMA_CDROM
 212     put_le16(p + 88, 0x3f | (1 << 13)); /* udma5 set and supported */
 213 #endif
 214     memcpy(s->identify_data, p, sizeof(s->identify_data));
 215     s->identify_set = 1;
 216 }
 217
 218 static void ide_cfata_identify(IDEState *s)
 219 {
 220     uint16_t *p;
 221     uint32_t cur_sec;
 222
 223     p = (uint16_t *) s->identify_data;
 224     if (s->identify_set)
 225         goto fill_buffer;
 226
 227     memset(p, 0, sizeof(s->identify_data));
 228
 229     cur_sec = s->cylinders * s->heads * s->sectors;
 230
 231     put_le16(p + 0, 0x848a);                    /* CF Storage Card signature */
 232     put_le16(p + 1, s->cylinders);              /* Default cylinders */
 233     put_le16(p + 3, s->heads);                  /* Default heads */
 234     put_le16(p + 6, s->sectors);                /* Default sectors per track */
 235     put_le16(p + 7, s->nb_sectors >> 16);       /* Sectors per card */
 236     put_le16(p + 8, s->nb_sectors);             /* Sectors per card */
 237     padstr((char *)(p + 10), s->drive_serial_str, 20); /* serial number */
 238     put_le16(p + 22, 0x0004);                   /* ECC bytes */
 239     padstr((char *) (p + 23), s->version, 8);   /* Firmware Revision */
 240     padstr((char *) (p + 27), "QEMU MICRODRIVE", 40);/* Model number */
 241 #if MAX_MULT_SECTORS > 1
 242     put_le16(p + 47, 0x8000 | MAX_MULT_SECTORS);
 243 #else
 244     put_le16(p + 47, 0x0000);
 245 #endif
 246     put_le16(p + 49, 0x0f00);                   /* Capabilities */
 247     put_le16(p + 51, 0x0002);                   /* PIO cycle timing mode */
 248     put_le16(p + 52, 0x0001);                   /* DMA cycle timing mode */
 249     put_le16(p + 53, 0x0003);                   /* Translation params valid */
 250     put_le16(p + 54, s->cylinders);             /* Current cylinders */
 251     put_le16(p + 55, s->heads);                 /* Current heads */
 252     put_le16(p + 56, s->sectors);               /* Current sectors */
 253     put_le16(p + 57, cur_sec);                  /* Current capacity */
 254     put_le16(p + 58, cur_sec >> 16);            /* Current capacity */
 255     if (s->mult_sectors)                        /* Multiple sector setting */
 256         put_le16(p + 59, 0x100 | s->mult_sectors);
 257     put_le16(p + 60, s->nb_sectors);            /* Total LBA sectors */
 258     put_le16(p + 61, s->nb_sectors >> 16);      /* Total LBA sectors */
 259     put_le16(p + 63, 0x0203);                   /* Multiword DMA capability */
 260     put_le16(p + 64, 0x0001);                   /* Flow Control PIO support */
 261     put_le16(p + 65, 0x0096);                   /* Min. Multiword DMA cycle */
 262     put_le16(p + 66, 0x0096);                   /* Rec. Multiword DMA cycle */
 263     put_le16(p + 68, 0x00b4);                   /* Min. PIO cycle time */
 264     put_le16(p + 82, 0x400c);                   /* Command Set supported */
 265     put_le16(p + 83, 0x7068);                   /* Command Set supported */
 266     put_le16(p + 84, 0x4000);                   /* Features supported */
 267     put_le16(p + 85, 0x000c);                   /* Command Set enabled */
 268     put_le16(p + 86, 0x7044);                   /* Command Set enabled */
 269     put_le16(p + 87, 0x4000);                   /* Features enabled */
 270     put_le16(p + 91, 0x4060);                   /* Current APM level */
 271     put_le16(p + 129, 0x0002);                  /* Current features option */
 272     put_le16(p + 130, 0x0005);                  /* Reassigned sectors */
 273     put_le16(p + 131, 0x0001);                  /* Initial power mode */
 274     put_le16(p + 132, 0x0000);                  /* User signature */
 275     put_le16(p + 160, 0x8100);                  /* Power requirement */
 276     put_le16(p + 161, 0x8001);                  /* CF command set */
 277
 278     s->identify_set = 1;
 279
 280 fill_buffer:
 281     memcpy(s->io_buffer, p, sizeof(s->identify_data));
 282 }
 283
 284 static void ide_set_signature(IDEState *s)
 285 {
 286     s->select &= 0xf0; /* clear head */
 287     /* put signature */
 288     s->nsector = 1;
 289     s->sector = 1;
 290     if (s->drive_kind == IDE_CD) {
 291         s->lcyl = 0x14;
 292         s->hcyl = 0xeb;
 293     } else if (s->bs) {
 294         s->lcyl = 0;
 295         s->hcyl = 0;
 296     } else {
 297         s->lcyl = 0xff;
 298         s->hcyl = 0xff;
 299     }
 300 }
 301
 302 static inline void ide_abort_command(IDEState *s)
 303 {
 304     s->status = READY_STAT | ERR_STAT;
 305     s->error = ABRT_ERR;
 306 }
 307
 308 /* prepare data transfer and tell what to do after */
 309 void ide_transfer_start(IDEState *s, uint8_t *buf, int size,
 310                         EndTransferFunc *end_transfer_func)
 311 {
 312     s->end_transfer_func = end_transfer_func;
 313     s->data_ptr = buf;
 314     s->data_end = buf + size;
 315     if (!(s->status & ERR_STAT)) {
 316         s->status |= DRQ_STAT;
 317     }
 318     s->bus->dma->ops->start_transfer(s->bus->dma);
 319 }
 320
 321 void ide_transfer_stop(IDEState *s)
 322 {
 323     s->end_transfer_func = ide_transfer_stop;
 324     s->data_ptr = s->io_buffer;
 325     s->data_end = s->io_buffer;
 326     s->status &= ~DRQ_STAT;
 327 }
 328
 329 int64_t ide_get_sector(IDEState *s)
 330 {
 331     int64_t sector_num;
 332     if (s->select & 0x40) {
 333         /* lba */
 334         if (!s->lba48) {
 335             sector_num = ((s->select & 0x0f) << 24) | (s->hcyl << 16) |
 336                 (s->lcyl << 8) | s->sector;
 337         } else {
 338             sector_num = ((int64_t)s->hob_hcyl << 40) |
 339                 ((int64_t) s->hob_lcyl << 32) |
 340                 ((int64_t) s->hob_sector << 24) |
 341                 ((int64_t) s->hcyl << 16) |
 342                 ((int64_t) s->lcyl << 8) | s->sector;
 343         }
 344     } else {
 345         sector_num = ((s->hcyl << 8) | s->lcyl) * s->heads * s->sectors +
 346             (s->select & 0x0f) * s->sectors + (s->sector - 1);
 347     }
 348     return sector_num;
 349 }
 350
 351 void ide_set_sector(IDEState *s, int64_t sector_num)
 352 {
 353     unsigned int cyl, r;
 354     if (s->select & 0x40) {
 355         if (!s->lba48) {
 356             s->select = (s->select & 0xf0) | (sector_num >> 24);
 357             s->hcyl = (sector_num >> 16);
 358             s->lcyl = (sector_num >> 8);
 359             s->sector = (sector_num);
 360         } else {
 361             s->sector = sector_num;
 362             s->lcyl = sector_num >> 8;
 363             s->hcyl = sector_num >> 16;
 364             s->hob_sector = sector_num >> 24;
 365             s->hob_lcyl = sector_num >> 32;
 366             s->hob_hcyl = sector_num >> 40;
 367         }
 368     } else {
 369         cyl = sector_num / (s->heads * s->sectors);
 370         r = sector_num % (s->heads * s->sectors);
 371         s->hcyl = cyl >> 8;
 372         s->lcyl = cyl;
 373         s->select = (s->select & 0xf0) | ((r / s->sectors) & 0x0f);
 374         s->sector = (r % s->sectors) + 1;
 375     }
 376 }
 377
 378 static void ide_rw_error(IDEState *s) {
 379     ide_abort_command(s);
 380     ide_set_irq(s->bus);
 381 }
 382
 383 void ide_sector_read(IDEState *s)
 384 {
 385     int64_t sector_num;
 386     int ret, n;
 387
 388     s->status = READY_STAT | SEEK_STAT;
 389     s->error = 0; /* not needed by IDE spec, but needed by Windows */
 390     sector_num = ide_get_sector(s);
 391     n = s->nsector;
 392     if (n == 0) {
 393         /* no more sector to read from disk */
 394         ide_transfer_stop(s);
 395     } else {
 396 #if defined(DEBUG_IDE)
 397         printf("read sector=%" PRId64 "\n", sector_num);
 398 #endif
 399         if (n > s->req_nb_sectors)
 400             n = s->req_nb_sectors;
 401         ret = bdrv_read(s->bs, sector_num, s->io_buffer, n);
 402         if (ret != 0) {
 403             if (ide_handle_rw_error(s, -ret,
 404                 BM_STATUS_PIO_RETRY | BM_STATUS_RETRY_READ))
 405             {
 406                 return;
 407             }
 408         }
 409         ide_transfer_start(s, s->io_buffer, 512 * n, ide_sector_read);
 410         ide_set_irq(s->bus);
 411         ide_set_sector(s, sector_num + n);
 412         s->nsector -= n;
 413     }
 414 }
 415
 416 static void dma_buf_commit(IDEState *s, int is_write)
 417 {
 418     qemu_sglist_destroy(&s->sg);
 419 }
 420
 421 void ide_set_inactive(IDEState *s)
 422 {
 423     s->bus->dma->aiocb = NULL;
 424     s->bus->dma->ops->set_inactive(s->bus->dma);
 425 }
 426
 427 void ide_dma_error(IDEState *s)
 428 {
 429     ide_transfer_stop(s);
 430     s->error = ABRT_ERR;
 431     s->status = READY_STAT | ERR_STAT;
 432     ide_set_inactive(s);
 433     ide_set_irq(s->bus);
 434 }
 435
 436 static int ide_handle_rw_error(IDEState *s, int error, int op)
 437 {
 438     int is_read = (op & BM_STATUS_RETRY_READ);
 439     BlockErrorAction action = bdrv_get_on_error(s->bs, is_read);
 440
 441     if (action == BLOCK_ERR_IGNORE) {
 442         bdrv_mon_event(s->bs, BDRV_ACTION_IGNORE, is_read);
 443         return 0;
 444     }
 445
 446     if ((error == ENOSPC && action == BLOCK_ERR_STOP_ENOSPC)
 447             || action == BLOCK_ERR_STOP_ANY) {
 448         s->bus->dma->ops->set_unit(s->bus->dma, s->unit);
 449         s->bus->dma->ops->add_status(s->bus->dma, op);
 450         bdrv_mon_event(s->bs, BDRV_ACTION_STOP, is_read);
 451         vm_stop(VMSTOP_DISKFULL);
 452     } else {
 453         if (op & BM_STATUS_DMA_RETRY) {
 454             dma_buf_commit(s, 0);
 455             ide_dma_error(s);
 456         } else {
 457             ide_rw_error(s);
 458         }
 459         bdrv_mon_event(s->bs, BDRV_ACTION_REPORT, is_read);
 460     }
 461
 462     return 1;
 463 }
 464
 465 void ide_dma_cb(void *opaque, int ret)
 466 {
 467     IDEState *s = opaque;
 468     int n;
 469     int64_t sector_num;
 470
 471 handle_rw_error:
 472     if (ret < 0) {
 473         int op = BM_STATUS_DMA_RETRY;
 474
 475         if (s->is_read)
 476             op |= BM_STATUS_RETRY_READ;
 477         if (ide_handle_rw_error(s, -ret, op)) {
 478             return;
 479         }
 480     }
 481
 482     n = s->io_buffer_size >> 9;
 483     sector_num = ide_get_sector(s);
 484     if (n > 0) {
 485         dma_buf_commit(s, s->is_read);
 486         sector_num += n;
 487         ide_set_sector(s, sector_num);
 488         s->nsector -= n;
 489     }
 490
 491     /* end of transfer ? */
 492     if (s->nsector == 0) {
 493         s->status = READY_STAT | SEEK_STAT;
 494         ide_set_irq(s->bus);
 495         goto eot;
 496     }
 497
 498     /* launch next transfer */
 499     n = s->nsector;
 500     s->io_buffer_index = 0;
 501     s->io_buffer_size = n * 512;
 502     if (s->bus->dma->ops->prepare_buf(s->bus->dma, s->is_read) == 0) {
 503         /* The PRDs were too short. Reset the Active bit, but don't raise an
 504          * interrupt. */
 505         goto eot;
 506     }
 507
 508 #ifdef DEBUG_AIO
 509     printf("ide_dma_cb: sector_num=%" PRId64 " n=%d, is_read=%d\n",
 510            sector_num, n, s->is_read);
 511 #endif
 512
 513     if (s->is_read) {
 514         s->bus->dma->aiocb = dma_bdrv_read(s->bs, &s->sg, sector_num,
 515                                            ide_dma_cb, s);
 516     } else {
 517         s->bus->dma->aiocb = dma_bdrv_write(s->bs, &s->sg, sector_num,
 518                                             ide_dma_cb, s);
 519     }
 520
 521     if (!s->bus->dma->aiocb) {
 522         ret = -1;
 523         goto handle_rw_error;
 524     }
 525     return;
 526
 527 eot:
 528    ide_set_inactive(s);
 529 }
 530
 531 static void ide_sector_start_dma(IDEState *s, int is_read)
 532 {
 533     s->status = READY_STAT | SEEK_STAT | DRQ_STAT | BUSY_STAT;
 534     s->io_buffer_index = 0;
 535     s->io_buffer_size = 0;
 536     s->is_read = is_read;
 537     s->bus->dma->ops->start_dma(s->bus->dma, s, ide_dma_cb);
 538 }
 539
 540 static void ide_sector_write_timer_cb(void *opaque)
 541 {
 542     IDEState *s = opaque;
 543     ide_set_irq(s->bus);
 544 }
 545
 546 void ide_sector_write(IDEState *s)
 547 {
 548     int64_t sector_num;
 549     int ret, n, n1;
 550
 551     s->status = READY_STAT | SEEK_STAT;
 552     sector_num = ide_get_sector(s);
 553 #if defined(DEBUG_IDE)
 554     printf("write sector=%" PRId64 "\n", sector_num);
 555 #endif
 556     n = s->nsector;
 557     if (n > s->req_nb_sectors)
 558         n = s->req_nb_sectors;
 559     ret = bdrv_write(s->bs, sector_num, s->io_buffer, n);
 560
 561     if (ret != 0) {
 562         if (ide_handle_rw_error(s, -ret, BM_STATUS_PIO_RETRY))
 563             return;
 564     }
 565
 566     s->nsector -= n;
 567     if (s->nsector == 0) {
 568         /* no more sectors to write */
 569         ide_transfer_stop(s);
 570     } else {
 571         n1 = s->nsector;
 572         if (n1 > s->req_nb_sectors)
 573             n1 = s->req_nb_sectors;
 574         ide_transfer_start(s, s->io_buffer, 512 * n1, ide_sector_write);
 575     }
 576     ide_set_sector(s, sector_num + n);
 577
 578     if (win2k_install_hack && ((++s->irq_count % 16) == 0)) {
 579         /* It seems there is a bug in the Windows 2000 installer HDD
 580            IDE driver which fills the disk with empty logs when the
 581            IDE write IRQ comes too early. This hack tries to correct
 582            that at the expense of slower write performances. Use this
 583            option _only_ to install Windows 2000. You must disable it
 584            for normal use. */
 585         qemu_mod_timer(s->sector_write_timer,
 586                        qemu_get_clock_ns(vm_clock) + (get_ticks_per_sec() / 1000));
 587     } else {
 588         ide_set_irq(s->bus);
 589     }
 590 }
 591
 592 static void ide_flush_cb(void *opaque, int ret)
 593 {
 594     IDEState *s = opaque;
 595
 596     if (ret < 0) {
 597         /* XXX: What sector number to set here? */
 598         if (ide_handle_rw_error(s, -ret, BM_STATUS_RETRY_FLUSH)) {
 599             return;
 600         }
 601     }
 602
 603     s->status = READY_STAT | SEEK_STAT;
 604     ide_set_irq(s->bus);
 605 }
 606
 607 void ide_flush_cache(IDEState *s)
 608 {
 609     BlockDriverAIOCB *acb;
 610
 611     if (s->bs == NULL) {
 612         ide_flush_cb(s, 0);
 613         return;
 614     }
 615
 616     acb = bdrv_aio_flush(s->bs, ide_flush_cb, s);
 617     if (acb == NULL) {
 618         ide_flush_cb(s, -EIO);
 619     }
 620 }
 621
 622 static void ide_cfata_metadata_inquiry(IDEState *s)
 623 {
 624     uint16_t *p;
 625     uint32_t spd;
 626
 627     p = (uint16_t *) s->io_buffer;
 628     memset(p, 0, 0x200);
 629     spd = ((s->mdata_size - 1) >> 9) + 1;
 630
 631     put_le16(p + 0, 0x0001);                    /* Data format revision */
 632     put_le16(p + 1, 0x0000);                    /* Media property: silicon */
 633     put_le16(p + 2, s->media_changed);          /* Media status */
 634     put_le16(p + 3, s->mdata_size & 0xffff);    /* Capacity in bytes (low) */
 635     put_le16(p + 4, s->mdata_size >> 16);       /* Capacity in bytes (high) */
 636     put_le16(p + 5, spd & 0xffff);              /* Sectors per device (low) */
 637     put_le16(p + 6, spd >> 16);                 /* Sectors per device (high) */
 638 }
 639
 640 static void ide_cfata_metadata_read(IDEState *s)
 641 {
 642     uint16_t *p;
 643
 644     if (((s->hcyl << 16) | s->lcyl) << 9 > s->mdata_size + 2) {
 645         s->status = ERR_STAT;
 646         s->error = ABRT_ERR;
 647         return;
 648     }
 649
 650     p = (uint16_t *) s->io_buffer;
 651     memset(p, 0, 0x200);
 652
 653     put_le16(p + 0, s->media_changed);          /* Media status */
 654     memcpy(p + 1, s->mdata_storage + (((s->hcyl << 16) | s->lcyl) << 9),
 655                     MIN(MIN(s->mdata_size - (((s->hcyl << 16) | s->lcyl) << 9),
 656                                     s->nsector << 9), 0x200 - 2));
 657 }
 658
 659 static void ide_cfata_metadata_write(IDEState *s)
 660 {
 661     if (((s->hcyl << 16) | s->lcyl) << 9 > s->mdata_size + 2) {
 662         s->status = ERR_STAT;
 663         s->error = ABRT_ERR;
 664         return;
 665     }
 666
 667     s->media_changed = 0;
 668
 669     memcpy(s->mdata_storage + (((s->hcyl << 16) | s->lcyl) << 9),
 670                     s->io_buffer + 2,
 671                     MIN(MIN(s->mdata_size - (((s->hcyl << 16) | s->lcyl) << 9),
 672                                     s->nsector << 9), 0x200 - 2));
 673 }
 674
 675 /* called when the inserted state of the media has changed */
 676 static void cdrom_change_cb(void *opaque, int reason)
 677 {
 678     IDEState *s = opaque;
 679     uint64_t nb_sectors;
 680
 681     if (!(reason & CHANGE_MEDIA)) {
 682         return;
 683     }
 684
 685     bdrv_get_geometry(s->bs, &nb_sectors);
 686     s->nb_sectors = nb_sectors;
 687
 688     /*
 689      * First indicate to the guest that a CD has been removed.  That's
 690      * done on the next command the guest sends us.
 691      *
 692      * Then we set SENSE_UNIT_ATTENTION, by which the guest will
 693      * detect a new CD in the drive.  See ide_atapi_cmd() for details.
 694      */
 695     s->cdrom_changed = 1;
 696     s->events.new_media = true;
 697     ide_set_irq(s->bus);
 698 }
 699
 700 static void ide_cmd_lba48_transform(IDEState *s, int lba48)
 701 {
 702     s->lba48 = lba48;
 703
 704     /* handle the 'magic' 0 nsector count conversion here. to avoid
 705      * fiddling with the rest of the read logic, we just store the
 706      * full sector count in ->nsector and ignore ->hob_nsector from now
 707      */
 708     if (!s->lba48) {
 709         if (!s->nsector)
 710             s->nsector = 256;
 711     } else {
 712         if (!s->nsector && !s->hob_nsector)
 713             s->nsector = 65536;
 714         else {
 715             int lo = s->nsector;
 716             int hi = s->hob_nsector;
 717
 718             s->nsector = (hi << 8) | lo;
 719         }
 720     }
 721 }
 722
 723 static void ide_clear_hob(IDEBus *bus)
 724 {
 725     /* any write clears HOB high bit of device control register */
 726     bus->ifs[0].select &= ~(1 << 7);
 727     bus->ifs[1].select &= ~(1 << 7);
 728 }
 729
 730 void ide_ioport_write(void *opaque, uint32_t addr, uint32_t val)
 731 {
 732     IDEBus *bus = opaque;
 733
 734 #ifdef DEBUG_IDE
 735     printf("IDE: write addr=0x%x val=0x%02x\n", addr, val);
 736 #endif
 737
 738     addr &= 7;
 739
 740     /* ignore writes to command block while busy with previous command */
 741     if (addr != 7 && (idebus_active_if(bus)->status & (BUSY_STAT|DRQ_STAT)))
 742         return;
 743
 744     switch(addr) {
 745     case 0:
 746         break;
 747     case 1:
 748         ide_clear_hob(bus);
 749         /* NOTE: data is written to the two drives */
 750         bus->ifs[0].hob_feature = bus->ifs[0].feature;
 751         bus->ifs[1].hob_feature = bus->ifs[1].feature;
 752         bus->ifs[0].feature = val;
 753         bus->ifs[1].feature = val;
 754         break;
 755     case 2:
 756         ide_clear_hob(bus);
 757         bus->ifs[0].hob_nsector = bus->ifs[0].nsector;
 758         bus->ifs[1].hob_nsector = bus->ifs[1].nsector;
 759         bus->ifs[0].nsector = val;
 760         bus->ifs[1].nsector = val;
 761         break;
 762     case 3:
 763         ide_clear_hob(bus);
 764         bus->ifs[0].hob_sector = bus->ifs[0].sector;
 765         bus->ifs[1].hob_sector = bus->ifs[1].sector;
 766         bus->ifs[0].sector = val;
 767         bus->ifs[1].sector = val;
 768         break;
 769     case 4:
 770         ide_clear_hob(bus);
 771         bus->ifs[0].hob_lcyl = bus->ifs[0].lcyl;
 772         bus->ifs[1].hob_lcyl = bus->ifs[1].lcyl;
 773         bus->ifs[0].lcyl = val;
 774         bus->ifs[1].lcyl = val;
 775         break;
 776     case 5:
 777         ide_clear_hob(bus);
 778         bus->ifs[0].hob_hcyl = bus->ifs[0].hcyl;
 779         bus->ifs[1].hob_hcyl = bus->ifs[1].hcyl;
 780         bus->ifs[0].hcyl = val;
 781         bus->ifs[1].hcyl = val;
 782         break;
 783     case 6:
 784         /* FIXME: HOB readback uses bit 7 */
 785         bus->ifs[0].select = (val & ~0x10) | 0xa0;
 786         bus->ifs[1].select = (val | 0x10) | 0xa0;
 787         /* select drive */
 788         bus->unit = (val >> 4) & 1;
 789         break;
 790     default:
 791     case 7:
 792         /* command */
 793         ide_exec_cmd(bus, val);
 794         break;
 795     }
 796 }
 797
 798
 799 void ide_exec_cmd(IDEBus *bus, uint32_t val)
 800 {
 801     IDEState *s;
 802     int n;
 803     int lba48 = 0;
 804
 805 #if defined(DEBUG_IDE)
 806     printf("ide: CMD=%02x\n", val);
 807 #endif
 808     s = idebus_active_if(bus);
 809     /* ignore commands to non existant slave */
 810     if (s != bus->ifs && !s->bs)
 811         return;
 812
 813     /* Only DEVICE RESET is allowed while BSY or/and DRQ are set */
 814     if ((s->status & (BUSY_STAT|DRQ_STAT)) && val != WIN_DEVICE_RESET)
 815         return;
 816
 817     switch(val) {
 818     case WIN_IDENTIFY:
 819         if (s->bs && s->drive_kind != IDE_CD) {
 820             if (s->drive_kind != IDE_CFATA)
 821                 ide_identify(s);
 822             else
 823                 ide_cfata_identify(s);
 824             s->status = READY_STAT | SEEK_STAT;
 825             ide_transfer_start(s, s->io_buffer, 512, ide_transfer_stop);
 826         } else {
 827             if (s->drive_kind == IDE_CD) {
 828                 ide_set_signature(s);
 829             }
 830             ide_abort_command(s);
 831         }
 832         ide_set_irq(s->bus);
 833         break;
 834     case WIN_SPECIFY:
 835     case WIN_RECAL:
 836         s->error = 0;
 837         s->status = READY_STAT | SEEK_STAT;
 838         ide_set_irq(s->bus);
 839         break;
 840     case WIN_SETMULT:
 841         if (s->drive_kind == IDE_CFATA && s->nsector == 0) {
 842             /* Disable Read and Write Multiple */
 843             s->mult_sectors = 0;
 844             s->status = READY_STAT | SEEK_STAT;
 845         } else if ((s->nsector & 0xff) != 0 &&
 846             ((s->nsector & 0xff) > MAX_MULT_SECTORS ||
 847              (s->nsector & (s->nsector - 1)) != 0)) {
 848             ide_abort_command(s);
 849         } else {
 850             s->mult_sectors = s->nsector & 0xff;
 851             s->status = READY_STAT | SEEK_STAT;
 852         }
 853         ide_set_irq(s->bus);
 854         break;
 855     case WIN_VERIFY_EXT:
 856         lba48 = 1;
 857     case WIN_VERIFY:
 858     case WIN_VERIFY_ONCE:
 859         /* do sector number check ? */
 860         ide_cmd_lba48_transform(s, lba48);
 861         s->status = READY_STAT | SEEK_STAT;
 862         ide_set_irq(s->bus);
 863         break;
 864         case WIN_READ_EXT:
 865         lba48 = 1;
 866     case WIN_READ:
 867     case WIN_READ_ONCE:
 868         if (!s->bs)
 869             goto abort_cmd;
 870         ide_cmd_lba48_transform(s, lba48);
 871         s->req_nb_sectors = 1;
 872         ide_sector_read(s);
 873         break;
 874         case WIN_WRITE_EXT:
 875         lba48 = 1;
 876     case WIN_WRITE:
 877     case WIN_WRITE_ONCE:
 878     case CFA_WRITE_SECT_WO_ERASE:
 879     case WIN_WRITE_VERIFY:
 880         ide_cmd_lba48_transform(s, lba48);
 881         s->error = 0;
 882         s->status = SEEK_STAT | READY_STAT;
 883         s->req_nb_sectors = 1;
 884         ide_transfer_start(s, s->io_buffer, 512, ide_sector_write);
 885         s->media_changed = 1;
 886         break;
 887         case WIN_MULTREAD_EXT:
 888         lba48 = 1;
 889     case WIN_MULTREAD:
 890         if (!s->mult_sectors)
 891             goto abort_cmd;
 892         ide_cmd_lba48_transform(s, lba48);
 893         s->req_nb_sectors = s->mult_sectors;
 894         ide_sector_read(s);
 895         break;
 896     case WIN_MULTWRITE_EXT:
 897         lba48 = 1;
 898     case WIN_MULTWRITE:
 899     case CFA_WRITE_MULTI_WO_ERASE:
 900         if (!s->mult_sectors)
 901             goto abort_cmd;
 902         ide_cmd_lba48_transform(s, lba48);
 903         s->error = 0;
 904         s->status = SEEK_STAT | READY_STAT;
 905         s->req_nb_sectors = s->mult_sectors;
 906         n = s->nsector;
 907         if (n > s->req_nb_sectors)
 908             n = s->req_nb_sectors;
 909         ide_transfer_start(s, s->io_buffer, 512 * n, ide_sector_write);
 910         s->media_changed = 1;
 911         break;
 912         case WIN_READDMA_EXT:
 913         lba48 = 1;
 914     case WIN_READDMA:
 915     case WIN_READDMA_ONCE:
 916         if (!s->bs)
 917             goto abort_cmd;
 918         ide_cmd_lba48_transform(s, lba48);
 919         ide_sector_start_dma(s, 1);
 920         break;
 921         case WIN_WRITEDMA_EXT:
 922         lba48 = 1;
 923     case WIN_WRITEDMA:
 924     case WIN_WRITEDMA_ONCE:
 925         if (!s->bs)
 926             goto abort_cmd;
 927         ide_cmd_lba48_transform(s, lba48);
 928         ide_sector_start_dma(s, 0);
 929         s->media_changed = 1;
 930         break;
 931     case WIN_READ_NATIVE_MAX_EXT:
 932         lba48 = 1;
 933     case WIN_READ_NATIVE_MAX:
 934         ide_cmd_lba48_transform(s, lba48);
 935         ide_set_sector(s, s->nb_sectors - 1);
 936         s->status = READY_STAT | SEEK_STAT;
 937         ide_set_irq(s->bus);
 938         break;
 939     case WIN_CHECKPOWERMODE1:
 940     case WIN_CHECKPOWERMODE2:
 941         s->error = 0;
 942         s->nsector = 0xff; /* device active or idle */
 943         s->status = READY_STAT | SEEK_STAT;
 944         ide_set_irq(s->bus);
 945         break;
 946     case WIN_SETFEATURES:
 947         if (!s->bs)
 948             goto abort_cmd;
 949         /* XXX: valid for CDROM ? */
 950         switch(s->feature) {
 951         case 0xcc: /* reverting to power-on defaults enable */
 952         case 0x66: /* reverting to power-on defaults disable */
 953         case 0x02: /* write cache enable */
 954         case 0x82: /* write cache disable */
 955         case 0xaa: /* read look-ahead enable */
 956         case 0x55: /* read look-ahead disable */
 957         case 0x05: /* set advanced power management mode */
 958         case 0x85: /* disable advanced power management mode */
 959         case 0x69: /* NOP */
 960         case 0x67: /* NOP */
 961         case 0x96: /* NOP */
 962         case 0x9a: /* NOP */
 963         case 0x42: /* enable Automatic Acoustic Mode */
 964         case 0xc2: /* disable Automatic Acoustic Mode */
 965             s->status = READY_STAT | SEEK_STAT;
 966             ide_set_irq(s->bus);
 967             break;
 968         case 0x03: { /* set transfer mode */
 969                 uint8_t val = s->nsector & 0x07;
 970             uint16_t *identify_data = (uint16_t *)s->identify_data;
 971
 972                 switch (s->nsector >> 3) {
 973                 case 0x00: /* pio default */
 974                 case 0x01: /* pio mode */
 975                         put_le16(identify_data + 62,0x07);
 976                         put_le16(identify_data + 63,0x07);
 977                         put_le16(identify_data + 88,0x3f);
 978                         break;
 979                 case 0x02: /* sigle word dma mode*/
 980                         put_le16(identify_data + 62,0x07 | (1 << (val + 8)));
 981                         put_le16(identify_data + 63,0x07);
 982                         put_le16(identify_data + 88,0x3f);
 983                         break;
 984                 case 0x04: /* mdma mode */
 985                         put_le16(identify_data + 62,0x07);
 986                         put_le16(identify_data + 63,0x07 | (1 << (val + 8)));
 987                         put_le16(identify_data + 88,0x3f);
 988                         break;
 989                 case 0x08: /* udma mode */
 990                         put_le16(identify_data + 62,0x07);
 991                         put_le16(identify_data + 63,0x07);
 992                         put_le16(identify_data + 88,0x3f | (1 << (val + 8)));
 993                         break;
 994                 default:
 995                         goto abort_cmd;
 996                 }
 997             s->status = READY_STAT | SEEK_STAT;
 998             ide_set_irq(s->bus);
 999             break;
1000         }
1001         default:
1002             goto abort_cmd;
1003         }
1004         break;
1005     case WIN_FLUSH_CACHE:
1006     case WIN_FLUSH_CACHE_EXT:
1007         ide_flush_cache(s);
1008         break;
1009     case WIN_STANDBY:
1010     case WIN_STANDBY2:
1011     case WIN_STANDBYNOW1:
1012     case WIN_STANDBYNOW2:
1013     case WIN_IDLEIMMEDIATE:
1014     case CFA_IDLEIMMEDIATE:
1015     case WIN_SETIDLE1:
1016     case WIN_SETIDLE2:
1017     case WIN_SLEEPNOW1:
1018     case WIN_SLEEPNOW2:
1019         s->status = READY_STAT;
1020         ide_set_irq(s->bus);
1021         break;
1022     case WIN_SEEK:
1023         if(s->drive_kind == IDE_CD)
1024             goto abort_cmd;
1025         /* XXX: Check that seek is within bounds */
1026         s->status = READY_STAT | SEEK_STAT;
1027         ide_set_irq(s->bus);
1028         break;
1029         /* ATAPI commands */
1030     case WIN_PIDENTIFY:
1031         if (s->drive_kind == IDE_CD) {
1032             ide_atapi_identify(s);
1033             s->status = READY_STAT | SEEK_STAT;
1034             ide_transfer_start(s, s->io_buffer, 512, ide_transfer_stop);
1035         } else {
1036             ide_abort_command(s);
1037         }
1038         ide_set_irq(s->bus);
1039         break;
1040     case WIN_DIAGNOSE:
1041         ide_set_signature(s);
1042         if (s->drive_kind == IDE_CD)
1043             s->status = 0; /* ATAPI spec (v6) section 9.10 defines packet
1044                             * devices to return a clear status register
1045                             * with READY_STAT *not* set. */
1046         else
1047             s->status = READY_STAT | SEEK_STAT;
1048         s->error = 0x01; /* Device 0 passed, Device 1 passed or not
1049                           * present.
1050                           */
1051         ide_set_irq(s->bus);
1052         break;
1053     case WIN_SRST:
1054         if (s->drive_kind != IDE_CD)
1055             goto abort_cmd;
1056         ide_set_signature(s);
1057         s->status = 0x00; /* NOTE: READY is _not_ set */
1058         s->error = 0x01;
1059         break;
1060     case WIN_PACKETCMD:
1061         if (s->drive_kind != IDE_CD)
1062             goto abort_cmd;
1063         /* overlapping commands not supported */
1064         if (s->feature & 0x02)
1065             goto abort_cmd;
1066         s->status = READY_STAT | SEEK_STAT;
1067         s->atapi_dma = s->feature & 1;
1068         s->nsector = 1;
1069         ide_transfer_start(s, s->io_buffer, ATAPI_PACKET_SIZE,
1070                            ide_atapi_cmd);
1071         break;
1072     /* CF-ATA commands */
1073     case CFA_REQ_EXT_ERROR_CODE:
1074         if (s->drive_kind != IDE_CFATA)
1075             goto abort_cmd;
1076         s->error = 0x09;    /* miscellaneous error */
1077         s->status = READY_STAT | SEEK_STAT;
1078         ide_set_irq(s->bus);
1079         break;
1080     case CFA_ERASE_SECTORS:
1081     case CFA_WEAR_LEVEL:
1082         if (s->drive_kind != IDE_CFATA)
1083             goto abort_cmd;
1084         if (val == CFA_WEAR_LEVEL)
1085             s->nsector = 0;
1086         if (val == CFA_ERASE_SECTORS)
1087             s->media_changed = 1;
1088         s->error = 0x00;
1089         s->status = READY_STAT | SEEK_STAT;
1090         ide_set_irq(s->bus);
1091         break;
1092     case CFA_TRANSLATE_SECTOR:
1093         if (s->drive_kind != IDE_CFATA)
1094             goto abort_cmd;
1095         s->error = 0x00;
1096         s->status = READY_STAT | SEEK_STAT;
1097         memset(s->io_buffer, 0, 0x200);
1098         s->io_buffer[0x00] = s->hcyl;                   /* Cyl MSB */
1099         s->io_buffer[0x01] = s->lcyl;                   /* Cyl LSB */
1100         s->io_buffer[0x02] = s->select;                 /* Head */
1101         s->io_buffer[0x03] = s->sector;                 /* Sector */
1102         s->io_buffer[0x04] = ide_get_sector(s) >> 16;   /* LBA MSB */
1103         s->io_buffer[0x05] = ide_get_sector(s) >> 8;    /* LBA */
1104         s->io_buffer[0x06] = ide_get_sector(s) >> 0;    /* LBA LSB */
1105         s->io_buffer[0x13] = 0x00;                              /* Erase flag */
1106         s->io_buffer[0x18] = 0x00;                              /* Hot count */
1107         s->io_buffer[0x19] = 0x00;                              /* Hot count */
1108         s->io_buffer[0x1a] = 0x01;                              /* Hot count */
1109         ide_transfer_start(s, s->io_buffer, 0x200, ide_transfer_stop);
1110         ide_set_irq(s->bus);
1111         break;
1112     case CFA_ACCESS_METADATA_STORAGE:
1113         if (s->drive_kind != IDE_CFATA)
1114             goto abort_cmd;
1115         switch (s->feature) {
1116         case 0x02:      /* Inquiry Metadata Storage */
1117             ide_cfata_metadata_inquiry(s);
1118             break;
1119         case 0x03:      /* Read Metadata Storage */
1120             ide_cfata_metadata_read(s);
1121             break;
1122         case 0x04:      /* Write Metadata Storage */
1123             ide_cfata_metadata_write(s);
1124             break;
1125         default:
1126             goto abort_cmd;
1127         }
1128         ide_transfer_start(s, s->io_buffer, 0x200, ide_transfer_stop);
1129         s->status = 0x00; /* NOTE: READY is _not_ set */
1130         ide_set_irq(s->bus);
1131         break;
1132     case IBM_SENSE_CONDITION:
1133         if (s->drive_kind != IDE_CFATA)
1134             goto abort_cmd;
1135         switch (s->feature) {
1136         case 0x01:  /* sense temperature in device */
1137             s->nsector = 0x50;      /* +20 C */
1138             break;
1139         default:
1140             goto abort_cmd;
1141         }
1142         s->status = READY_STAT | SEEK_STAT;
1143         ide_set_irq(s->bus);
1144         break;
1145
1146         case WIN_SMART:
1147         if (s->drive_kind == IDE_CD)
1148                 goto abort_cmd;
1149         if (s->hcyl != 0xc2 || s->lcyl != 0x4f)
1150                 goto abort_cmd;
1151         if (!s->smart_enabled && s->feature != SMART_ENABLE)
1152                 goto abort_cmd;
1153         switch (s->feature) {
1154         case SMART_DISABLE:
1155                 s->smart_enabled = 0;
1156                 s->status = READY_STAT | SEEK_STAT;
1157                 ide_set_irq(s->bus);
1158                 break;
1159         case SMART_ENABLE:
1160                 s->smart_enabled = 1;
1161                 s->status = READY_STAT | SEEK_STAT;
1162                 ide_set_irq(s->bus);
1163                 break;
1164         case SMART_ATTR_AUTOSAVE:
1165                 switch (s->sector) {
1166                 case 0x00:
1167                 s->smart_autosave = 0;
1168                 break;
1169                 case 0xf1:
1170                 s->smart_autosave = 1;
1171                 break;
1172                 default:
1173                 goto abort_cmd;
1174                 }
1175                 s->status = READY_STAT | SEEK_STAT;
1176                 ide_set_irq(s->bus);
1177                 break;
1178         case SMART_STATUS:
1179                 if (!s->smart_errors) {
1180                 s->hcyl = 0xc2;
1181                 s->lcyl = 0x4f;
1182                 } else {
1183                 s->hcyl = 0x2c;
1184                 s->lcyl = 0xf4;
1185                 }
1186                 s->status = READY_STAT | SEEK_STAT;
1187                 ide_set_irq(s->bus);
1188                 break;
1189         case SMART_READ_THRESH:
1190                 memset(s->io_buffer, 0, 0x200);
1191                 s->io_buffer[0] = 0x01; /* smart struct version */
1192                 for (n=0; n<30; n++) {
1193                 if (smart_attributes[n][0] == 0)
1194                         break;
1195                 s->io_buffer[2+0+(n*12)] = smart_attributes[n][0];
1196                 s->io_buffer[2+1+(n*12)] = smart_attributes[n][11];
1197                 }
1198                 for (n=0; n<511; n++) /* checksum */
1199                 s->io_buffer[511] += s->io_buffer[n];
1200                 s->io_buffer[511] = 0x100 - s->io_buffer[511];
1201                 s->status = READY_STAT | SEEK_STAT;
1202                 ide_transfer_start(s, s->io_buffer, 0x200, ide_transfer_stop);
1203                 ide_set_irq(s->bus);
1204                 break;
1205         case SMART_READ_DATA:
1206                 memset(s->io_buffer, 0, 0x200);
1207                 s->io_buffer[0] = 0x01; /* smart struct version */
1208                 for (n=0; n<30; n++) {
1209                     if (smart_attributes[n][0] == 0) {
1210                         break;
1211                     }
1212                     int i;
1213                     for(i = 0; i < 11; i++) {
1214                         s->io_buffer[2+i+(n*12)] = smart_attributes[n][i];
1215                     }
1216                 }
1217                 s->io_buffer[362] = 0x02 | (s->smart_autosave?0x80:0x00);
1218                 if (s->smart_selftest_count == 0) {
1219                 s->io_buffer[363] = 0;
1220                 } else {
1221                 s->io_buffer[363] =
1222                         s->smart_selftest_data[3 +
1223                                            (s->smart_selftest_count - 1) *
1224                                            24];
1225                 }
1226                 s->io_buffer[364] = 0x20;
1227                 s->io_buffer[365] = 0x01;
1228                 /* offline data collection capacity: execute + self-test*/
1229                 s->io_buffer[367] = (1<<4 | 1<<3 | 1);
1230                 s->io_buffer[368] = 0x03; /* smart capability (1) */
1231                 s->io_buffer[369] = 0x00; /* smart capability (2) */
1232                 s->io_buffer[370] = 0x01; /* error logging supported */
1233                 s->io_buffer[372] = 0x02; /* minutes for poll short test */
1234                 s->io_buffer[373] = 0x36; /* minutes for poll ext test */
1235                 s->io_buffer[374] = 0x01; /* minutes for poll conveyance */
1236
1237                 for (n=0; n<511; n++)
1238                 s->io_buffer[511] += s->io_buffer[n];
1239                 s->io_buffer[511] = 0x100 - s->io_buffer[511];
1240                 s->status = READY_STAT | SEEK_STAT;
1241                 ide_transfer_start(s, s->io_buffer, 0x200, ide_transfer_stop);
1242                 ide_set_irq(s->bus);
1243                 break;
1244         case SMART_READ_LOG:
1245                 switch (s->sector) {
1246                 case 0x01: /* summary smart error log */
1247                 memset(s->io_buffer, 0, 0x200);
1248                 s->io_buffer[0] = 0x01;
1249                 s->io_buffer[1] = 0x00; /* no error entries */
1250                 s->io_buffer[452] = s->smart_errors & 0xff;
1251                 s->io_buffer[453] = (s->smart_errors & 0xff00) >> 8;
1252
1253                 for (n=0; n<511; n++)
1254                         s->io_buffer[511] += s->io_buffer[n];
1255                 s->io_buffer[511] = 0x100 - s->io_buffer[511];
1256                 break;
1257                 case 0x06: /* smart self test log */
1258                 memset(s->io_buffer, 0, 0x200);
1259                 s->io_buffer[0] = 0x01;
1260                 if (s->smart_selftest_count == 0) {
1261                         s->io_buffer[508] = 0;
1262                 } else {
1263                         s->io_buffer[508] = s->smart_selftest_count;
1264                         for (n=2; n<506; n++)
1265                         s->io_buffer[n] = s->smart_selftest_data[n];
1266                 }
1267                 for (n=0; n<511; n++)
1268                         s->io_buffer[511] += s->io_buffer[n];
1269                 s->io_buffer[511] = 0x100 - s->io_buffer[511];
1270                 break;
1271                 default:
1272                 goto abort_cmd;
1273                 }
1274                 s->status = READY_STAT | SEEK_STAT;
1275                 ide_transfer_start(s, s->io_buffer, 0x200, ide_transfer_stop);
1276                 ide_set_irq(s->bus);
1277                 break;
1278         case SMART_EXECUTE_OFFLINE:
1279                 switch (s->sector) {
1280                 case 0: /* off-line routine */
1281                 case 1: /* short self test */
1282                 case 2: /* extended self test */
1283                 s->smart_selftest_count++;
1284                 if(s->smart_selftest_count > 21)
1285                         s->smart_selftest_count = 0;
1286                 n = 2 + (s->smart_selftest_count - 1) * 24;
1287                 s->smart_selftest_data[n] = s->sector;
1288                 s->smart_selftest_data[n+1] = 0x00; /* OK and finished */
1289                 s->smart_selftest_data[n+2] = 0x34; /* hour count lsb */
1290                 s->smart_selftest_data[n+3] = 0x12; /* hour count msb */
1291                 s->status = READY_STAT | SEEK_STAT;
1292                 ide_set_irq(s->bus);
1293                 break;
1294                 default:
1295                 goto abort_cmd;
1296                 }
1297                 break;
1298         default:
1299                 goto abort_cmd;
1300         }
1301         break;
1302     default:
1303     abort_cmd:
1304         ide_abort_command(s);
1305         ide_set_irq(s->bus);
1306         break;
1307     }
1308 }
1309
1310 uint32_t ide_ioport_read(void *opaque, uint32_t addr1)
1311 {
1312     IDEBus *bus = opaque;
1313     IDEState *s = idebus_active_if(bus);
1314     uint32_t addr;
1315     int ret, hob;
1316
1317     addr = addr1 & 7;
1318     /* FIXME: HOB readback uses bit 7, but it's always set right now */
1319     //hob = s->select & (1 << 7);
1320     hob = 0;
1321     switch(addr) {
1322     case 0:
1323         ret = 0xff;
1324         break;
1325     case 1:
1326         if ((!bus->ifs[0].bs && !bus->ifs[1].bs) ||
1327             (s != bus->ifs && !s->bs))
1328             ret = 0;
1329         else if (!hob)
1330             ret = s->error;
1331         else
1332             ret = s->hob_feature;
1333         break;
1334     case 2:
1335         if (!bus->ifs[0].bs && !bus->ifs[1].bs)
1336             ret = 0;
1337         else if (!hob)
1338             ret = s->nsector & 0xff;
1339         else
1340             ret = s->hob_nsector;
1341         break;
1342     case 3:
1343         if (!bus->ifs[0].bs && !bus->ifs[1].bs)
1344             ret = 0;
1345         else if (!hob)
1346             ret = s->sector;
1347         else
1348             ret = s->hob_sector;
1349         break;
1350     case 4:
1351         if (!bus->ifs[0].bs && !bus->ifs[1].bs)
1352             ret = 0;
1353         else if (!hob)
1354             ret = s->lcyl;
1355         else
1356             ret = s->hob_lcyl;
1357         break;
1358     case 5:
1359         if (!bus->ifs[0].bs && !bus->ifs[1].bs)
1360             ret = 0;
1361         else if (!hob)
1362             ret = s->hcyl;
1363         else
1364             ret = s->hob_hcyl;
1365         break;
1366     case 6:
1367         if (!bus->ifs[0].bs && !bus->ifs[1].bs)
1368             ret = 0;
1369         else
1370             ret = s->select;
1371         break;
1372     default:
1373     case 7:
1374         if ((!bus->ifs[0].bs && !bus->ifs[1].bs) ||
1375             (s != bus->ifs && !s->bs))
1376             ret = 0;
1377         else
1378             ret = s->status;
1379         qemu_irq_lower(bus->irq);
1380         break;
1381     }
1382 #ifdef DEBUG_IDE
1383     printf("ide: read addr=0x%x val=%02x\n", addr1, ret);
1384 #endif
1385     return ret;
1386 }
1387
1388 uint32_t ide_status_read(void *opaque, uint32_t addr)
1389 {
1390     IDEBus *bus = opaque;
1391     IDEState *s = idebus_active_if(bus);
1392     int ret;
1393
1394     if ((!bus->ifs[0].bs && !bus->ifs[1].bs) ||
1395         (s != bus->ifs && !s->bs))
1396         ret = 0;
1397     else
1398         ret = s->status;
1399 #ifdef DEBUG_IDE
1400     printf("ide: read status addr=0x%x val=%02x\n", addr, ret);
1401 #endif
1402     return ret;
1403 }
1404
1405 void ide_cmd_write(void *opaque, uint32_t addr, uint32_t val)
1406 {
1407     IDEBus *bus = opaque;
1408     IDEState *s;
1409     int i;
1410
1411 #ifdef DEBUG_IDE
1412     printf("ide: write control addr=0x%x val=%02x\n", addr, val);
1413 #endif
1414     /* common for both drives */
1415     if (!(bus->cmd & IDE_CMD_RESET) &&
1416         (val & IDE_CMD_RESET)) {
1417         /* reset low to high */
1418         for(i = 0;i < 2; i++) {
1419             s = &bus->ifs[i];
1420             s->status = BUSY_STAT | SEEK_STAT;
1421             s->error = 0x01;
1422         }
1423     } else if ((bus->cmd & IDE_CMD_RESET) &&
1424                !(val & IDE_CMD_RESET)) {
1425         /* high to low */
1426         for(i = 0;i < 2; i++) {
1427             s = &bus->ifs[i];
1428             if (s->drive_kind == IDE_CD)
1429                 s->status = 0x00; /* NOTE: READY is _not_ set */
1430             else
1431                 s->status = READY_STAT | SEEK_STAT;
1432             ide_set_signature(s);
1433         }
1434     }
1435
1436     bus->cmd = val;
1437 }
1438
1439 void ide_data_writew(void *opaque, uint32_t addr, uint32_t val)
1440 {
1441     IDEBus *bus = opaque;
1442     IDEState *s = idebus_active_if(bus);
1443     uint8_t *p;
1444
1445     /* PIO data access allowed only when DRQ bit is set */
1446     if (!(s->status & DRQ_STAT))
1447         return;
1448
1449     p = s->data_ptr;
1450     *(uint16_t *)p = le16_to_cpu(val);
1451     p += 2;
1452     s->data_ptr = p;
1453     if (p >= s->data_end)
1454         s->end_transfer_func(s);
1455 }
1456
1457 uint32_t ide_data_readw(void *opaque, uint32_t addr)
1458 {
1459     IDEBus *bus = opaque;
1460     IDEState *s = idebus_active_if(bus);
1461     uint8_t *p;
1462     int ret;
1463
1464     /* PIO data access allowed only when DRQ bit is set */
1465     if (!(s->status & DRQ_STAT))
1466         return 0;
1467
1468     p = s->data_ptr;
1469     ret = cpu_to_le16(*(uint16_t *)p);
1470     p += 2;
1471     s->data_ptr = p;
1472     if (p >= s->data_end)
1473         s->end_transfer_func(s);
1474     return ret;
1475 }
1476
1477 void ide_data_writel(void *opaque, uint32_t addr, uint32_t val)
1478 {
1479     IDEBus *bus = opaque;
1480     IDEState *s = idebus_active_if(bus);
1481     uint8_t *p;
1482
1483     /* PIO data access allowed only when DRQ bit is set */
1484     if (!(s->status & DRQ_STAT))
1485         return;
1486
1487     p = s->data_ptr;
1488     *(uint32_t *)p = le32_to_cpu(val);
1489     p += 4;
1490     s->data_ptr = p;
1491     if (p >= s->data_end)
1492         s->end_transfer_func(s);
1493 }
1494
1495 uint32_t ide_data_readl(void *opaque, uint32_t addr)
1496 {
1497     IDEBus *bus = opaque;
1498     IDEState *s = idebus_active_if(bus);
1499     uint8_t *p;
1500     int ret;
1501
1502     /* PIO data access allowed only when DRQ bit is set */
1503     if (!(s->status & DRQ_STAT))
1504         return 0;
1505
1506     p = s->data_ptr;
1507     ret = cpu_to_le32(*(uint32_t *)p);
1508     p += 4;
1509     s->data_ptr = p;
1510     if (p >= s->data_end)
1511         s->end_transfer_func(s);
1512     return ret;
1513 }
1514
1515 static void ide_dummy_transfer_stop(IDEState *s)
1516 {
1517     s->data_ptr = s->io_buffer;
1518     s->data_end = s->io_buffer;
1519     s->io_buffer[0] = 0xff;
1520     s->io_buffer[1] = 0xff;
1521     s->io_buffer[2] = 0xff;
1522     s->io_buffer[3] = 0xff;
1523 }
1524
1525 static void ide_reset(IDEState *s)
1526 {
1527 #ifdef DEBUG_IDE
1528     printf("ide: reset\n");
1529 #endif
1530     if (s->drive_kind == IDE_CFATA)
1531         s->mult_sectors = 0;
1532     else
1533         s->mult_sectors = MAX_MULT_SECTORS;
1534     /* ide regs */
1535     s->feature = 0;
1536     s->error = 0;
1537     s->nsector = 0;
1538     s->sector = 0;
1539     s->lcyl = 0;
1540     s->hcyl = 0;
1541
1542     /* lba48 */
1543     s->hob_feature = 0;
1544     s->hob_sector = 0;
1545     s->hob_nsector = 0;
1546     s->hob_lcyl = 0;
1547     s->hob_hcyl = 0;
1548
1549     s->select = 0xa0;
1550     s->status = READY_STAT | SEEK_STAT;
1551
1552     s->lba48 = 0;
1553
1554     /* ATAPI specific */
1555     s->sense_key = 0;
1556     s->asc = 0;
1557     s->cdrom_changed = 0;
1558     s->packet_transfer_size = 0;
1559     s->elementary_transfer_size = 0;
1560     s->io_buffer_index = 0;
1561     s->cd_sector_size = 0;
1562     s->atapi_dma = 0;
1563     /* ATA DMA state */
1564     s->io_buffer_size = 0;
1565     s->req_nb_sectors = 0;
1566
1567     ide_set_signature(s);
1568     /* init the transfer handler so that 0xffff is returned on data
1569        accesses */
1570     s->end_transfer_func = ide_dummy_transfer_stop;
1571     ide_dummy_transfer_stop(s);
1572     s->media_changed = 0;
1573 }
1574
1575 void ide_bus_reset(IDEBus *bus)
1576 {
1577     bus->unit = 0;
1578     bus->cmd = 0;
1579     ide_reset(&bus->ifs[0]);
1580     ide_reset(&bus->ifs[1]);
1581     ide_clear_hob(bus);
1582
1583     /* pending async DMA */
1584     if (bus->dma->aiocb) {
1585 #ifdef DEBUG_AIO
1586         printf("aio_cancel\n");
1587 #endif
1588         bdrv_aio_cancel(bus->dma->aiocb);
1589         bus->dma->aiocb = NULL;
1590     }
1591
1592     /* reset dma provider too */
1593     bus->dma->ops->reset(bus->dma);
1594 }
1595
1596 int ide_init_drive(IDEState *s, BlockDriverState *bs, IDEDriveKind kind,
1597                    const char *version, const char *serial)
1598 {
1599     int cylinders, heads, secs;
1600     uint64_t nb_sectors;
1601
1602     s->bs = bs;
1603     s->drive_kind = kind;
1604
1605     bdrv_get_geometry(bs, &nb_sectors);
1606     bdrv_guess_geometry(bs, &cylinders, &heads, &secs);
1607     if (cylinders < 1 || cylinders > 16383) {
1608         error_report("cyls must be between 1 and 16383");
1609         return -1;
1610     }
1611     if (heads < 1 || heads > 16) {
1612         error_report("heads must be between 1 and 16");
1613         return -1;
1614     }
1615     if (secs < 1 || secs > 63) {
1616         error_report("secs must be between 1 and 63");
1617         return -1;
1618     }
1619     s->cylinders = cylinders;
1620     s->heads = heads;
1621     s->sectors = secs;
1622     s->nb_sectors = nb_sectors;
1623     /* The SMART values should be preserved across power cycles
1624        but they aren't.  */
1625     s->smart_enabled = 1;
1626     s->smart_autosave = 1;
1627     s->smart_errors = 0;
1628     s->smart_selftest_count = 0;
1629     if (kind == IDE_CD) {
1630         bdrv_set_change_cb(bs, cdrom_change_cb, s);
1631         bs->buffer_alignment = 2048;
1632     } else {
1633         if (!bdrv_is_inserted(s->bs)) {
1634             error_report("Device needs media, but drive is empty");
1635             return -1;
1636         }
1637         if (bdrv_is_read_only(bs)) {
1638             error_report("Can't use a read-only drive");
1639             return -1;
1640         }
1641     }
1642     if (serial) {
1643         strncpy(s->drive_serial_str, serial, sizeof(s->drive_serial_str));
1644     } else {
1645         snprintf(s->drive_serial_str, sizeof(s->drive_serial_str),
1646                  "QM%05d", s->drive_serial);
1647     }
1648     if (version) {
1649         pstrcpy(s->version, sizeof(s->version), version);
1650     } else {
1651         pstrcpy(s->version, sizeof(s->version), QEMU_VERSION);
1652     }
1653
1654     ide_reset(s);
1655     bdrv_set_removable(bs, s->drive_kind == IDE_CD);
1656     return 0;
1657 }
1658
1659 static void ide_init1(IDEBus *bus, int unit)
1660 {
1661     static int drive_serial = 1;
1662     IDEState *s = &bus->ifs[unit];
1663
1664     s->bus = bus;
1665     s->unit = unit;
1666     s->drive_serial = drive_serial++;
1667     /* we need at least 2k alignment for accessing CDROMs using O_DIRECT */
1668     s->io_buffer = qemu_memalign(2048, IDE_DMA_BUF_SECTORS*512 + 4);
1669     s->io_buffer_total_len = IDE_DMA_BUF_SECTORS*512 + 4;
1670     s->smart_selftest_data = qemu_blockalign(s->bs, 512);
1671     s->sector_write_timer = qemu_new_timer_ns(vm_clock,
1672                                            ide_sector_write_timer_cb, s);
1673 }
1674
1675 static void ide_nop_start(IDEDMA *dma, IDEState *s,
1676                           BlockDriverCompletionFunc *cb)
1677 {
1678 }
1679
1680 static int ide_nop(IDEDMA *dma)
1681 {
1682     return 0;
1683 }
1684
1685 static int ide_nop_int(IDEDMA *dma, int x)
1686 {
1687     return 0;
1688 }
1689
1690 static void ide_nop_restart(void *opaque, int x, int y)
1691 {
1692 }
1693
1694 static const IDEDMAOps ide_dma_nop_ops = {
1695     .start_dma      = ide_nop_start,
1696     .start_transfer = ide_nop,
1697     .prepare_buf    = ide_nop_int,
1698     .rw_buf         = ide_nop_int,
1699     .set_unit       = ide_nop_int,
1700     .add_status     = ide_nop_int,
1701     .set_inactive   = ide_nop,
1702     .restart_cb     = ide_nop_restart,
1703     .reset          = ide_nop,
1704 };
1705
1706 static IDEDMA ide_dma_nop = {
1707     .ops = &ide_dma_nop_ops,
1708     .aiocb = NULL,
1709 };
1710
1711 void ide_init2(IDEBus *bus, qemu_irq irq)
1712 {
1713     int i;
1714
1715     for(i = 0; i < 2; i++) {
1716         ide_init1(bus, i);
1717         ide_reset(&bus->ifs[i]);
1718     }
1719     bus->irq = irq;
1720     bus->dma = &ide_dma_nop;
1721 }
1722
1723 /* TODO convert users to qdev and remove */
1724 void ide_init2_with_non_qdev_drives(IDEBus *bus, DriveInfo *hd0,
1725                                     DriveInfo *hd1, qemu_irq irq)
1726 {
1727     int i;
1728     DriveInfo *dinfo;
1729
1730     for(i = 0; i < 2; i++) {
1731         dinfo = i == 0 ? hd0 : hd1;
1732         ide_init1(bus, i);
1733         if (dinfo) {
1734             if (ide_init_drive(&bus->ifs[i], dinfo->bdrv,
1735                                dinfo->media_cd ? IDE_CD : IDE_HD, NULL,
1736                                *dinfo->serial ? dinfo->serial : NULL) < 0) {
1737                 error_report("Can't set up IDE drive %s", dinfo->id);
1738                 exit(1);
1739             }
1740         } else {
1741             ide_reset(&bus->ifs[i]);
1742         }
1743     }
1744     bus->irq = irq;
1745     bus->dma = &ide_dma_nop;
1746 }
1747
1748 void ide_init_ioport(IDEBus *bus, int iobase, int iobase2)
1749 {
1750     register_ioport_write(iobase, 8, 1, ide_ioport_write, bus);
1751     register_ioport_read(iobase, 8, 1, ide_ioport_read, bus);
1752     if (iobase2) {
1753         register_ioport_read(iobase2, 1, 1, ide_status_read, bus);
1754         register_ioport_write(iobase2, 1, 1, ide_cmd_write, bus);
1755     }
1756
1757     /* data ports */
1758     register_ioport_write(iobase, 2, 2, ide_data_writew, bus);
1759     register_ioport_read(iobase, 2, 2, ide_data_readw, bus);
1760     register_ioport_write(iobase, 4, 4, ide_data_writel, bus);
1761     register_ioport_read(iobase, 4, 4, ide_data_readl, bus);
1762 }
1763
1764 static bool is_identify_set(void *opaque, int version_id)
1765 {
1766     IDEState *s = opaque;
1767
1768     return s->identify_set != 0;
1769 }
1770
1771 static EndTransferFunc* transfer_end_table[] = {
1772         ide_sector_read,
1773         ide_sector_write,
1774         ide_transfer_stop,
1775         ide_atapi_cmd_reply_end,
1776         ide_atapi_cmd,
1777         ide_dummy_transfer_stop,
1778 };
1779
1780 static int transfer_end_table_idx(EndTransferFunc *fn)
1781 {
1782     int i;
1783
1784     for (i = 0; i < ARRAY_SIZE(transfer_end_table); i++)
1785         if (transfer_end_table[i] == fn)
1786             return i;
1787
1788     return -1;
1789 }
1790
1791 static int ide_drive_post_load(void *opaque, int version_id)
1792 {
1793     IDEState *s = opaque;
1794
1795     if (version_id < 3) {
1796         if (s->sense_key == SENSE_UNIT_ATTENTION &&
1797             s->asc == ASC_MEDIUM_MAY_HAVE_CHANGED) {
1798             s->cdrom_changed = 1;
1799         }
1800     }
1801     return 0;
1802 }
1803
1804 static int ide_drive_pio_post_load(void *opaque, int version_id)
1805 {
1806     IDEState *s = opaque;
1807
1808     if (s->end_transfer_fn_idx > ARRAY_SIZE(transfer_end_table)) {
1809         return -EINVAL;
1810     }
1811     s->end_transfer_func = transfer_end_table[s->end_transfer_fn_idx];
1812     s->data_ptr = s->io_buffer + s->cur_io_buffer_offset;
1813     s->data_end = s->data_ptr + s->cur_io_buffer_len;
1814
1815     return 0;
1816 }
1817
1818 static void ide_drive_pio_pre_save(void *opaque)
1819 {
1820     IDEState *s = opaque;
1821     int idx;
1822
1823     s->cur_io_buffer_offset = s->data_ptr - s->io_buffer;
1824     s->cur_io_buffer_len = s->data_end - s->data_ptr;
1825
1826     idx = transfer_end_table_idx(s->end_transfer_func);
1827     if (idx == -1) {
1828         fprintf(stderr, "%s: invalid end_transfer_func for DRQ_STAT\n",
1829                         __func__);
1830         s->end_transfer_fn_idx = 2;
1831     } else {
1832         s->end_transfer_fn_idx = idx;
1833     }
1834 }
1835
1836 static bool ide_drive_pio_state_needed(void *opaque)
1837 {
1838     IDEState *s = opaque;
1839
1840     return (s->status & DRQ_STAT) != 0;
1841 }
1842
1843 static bool ide_atapi_gesn_needed(void *opaque)
1844 {
1845     IDEState *s = opaque;
1846
1847     return s->events.new_media || s->events.eject_request;
1848 }
1849
1850 /* Fields for GET_EVENT_STATUS_NOTIFICATION ATAPI command */
1851 const VMStateDescription vmstate_ide_atapi_gesn_state = {
1852     .name ="ide_drive/atapi/gesn_state",
1853     .version_id = 1,
1854     .minimum_version_id = 1,
1855     .minimum_version_id_old = 1,
1856     .fields = (VMStateField []) {
1857         VMSTATE_BOOL(events.new_media, IDEState),
1858         VMSTATE_BOOL(events.eject_request, IDEState),
1859     }
1860 };
1861
1862 const VMStateDescription vmstate_ide_drive_pio_state = {
1863     .name = "ide_drive/pio_state",
1864     .version_id = 1,
1865     .minimum_version_id = 1,
1866     .minimum_version_id_old = 1,
1867     .pre_save = ide_drive_pio_pre_save,
1868     .post_load = ide_drive_pio_post_load,
1869     .fields      = (VMStateField []) {
1870         VMSTATE_INT32(req_nb_sectors, IDEState),
1871         VMSTATE_VARRAY_INT32(io_buffer, IDEState, io_buffer_total_len, 1,
1872                              vmstate_info_uint8, uint8_t),
1873         VMSTATE_INT32(cur_io_buffer_offset, IDEState),
1874         VMSTATE_INT32(cur_io_buffer_len, IDEState),
1875         VMSTATE_UINT8(end_transfer_fn_idx, IDEState),
1876         VMSTATE_INT32(elementary_transfer_size, IDEState),
1877         VMSTATE_INT32(packet_transfer_size, IDEState),
1878         VMSTATE_END_OF_LIST()
1879     }
1880 };
1881
1882 const VMStateDescription vmstate_ide_drive = {
1883     .name = "ide_drive",
1884     .version_id = 3,
1885     .minimum_version_id = 0,
1886     .minimum_version_id_old = 0,
1887     .post_load = ide_drive_post_load,
1888     .fields      = (VMStateField []) {
1889         VMSTATE_INT32(mult_sectors, IDEState),
1890         VMSTATE_INT32(identify_set, IDEState),
1891         VMSTATE_BUFFER_TEST(identify_data, IDEState, is_identify_set),
1892         VMSTATE_UINT8(feature, IDEState),
1893         VMSTATE_UINT8(error, IDEState),
1894         VMSTATE_UINT32(nsector, IDEState),
1895         VMSTATE_UINT8(sector, IDEState),
1896         VMSTATE_UINT8(lcyl, IDEState),
1897         VMSTATE_UINT8(hcyl, IDEState),
1898         VMSTATE_UINT8(hob_feature, IDEState),
1899         VMSTATE_UINT8(hob_sector, IDEState),
1900         VMSTATE_UINT8(hob_nsector, IDEState),
1901         VMSTATE_UINT8(hob_lcyl, IDEState),
1902         VMSTATE_UINT8(hob_hcyl, IDEState),
1903         VMSTATE_UINT8(select, IDEState),
1904         VMSTATE_UINT8(status, IDEState),
1905         VMSTATE_UINT8(lba48, IDEState),
1906         VMSTATE_UINT8(sense_key, IDEState),
1907         VMSTATE_UINT8(asc, IDEState),
1908         VMSTATE_UINT8_V(cdrom_changed, IDEState, 3),
1909         VMSTATE_END_OF_LIST()
1910     },
1911     .subsections = (VMStateSubsection []) {
1912         {
1913             .vmsd = &vmstate_ide_drive_pio_state,
1914             .needed = ide_drive_pio_state_needed,
1915         }, {
1916             .vmsd = &vmstate_ide_atapi_gesn_state,
1917             .needed = ide_atapi_gesn_needed,
1918         }, {
1919             /* empty */
1920         }
1921     }
1922 };
1923
1924 const VMStateDescription vmstate_ide_bus = {
1925     .name = "ide_bus",
1926     .version_id = 1,
1927     .minimum_version_id = 1,
1928     .minimum_version_id_old = 1,
1929     .fields      = (VMStateField []) {
1930         VMSTATE_UINT8(cmd, IDEBus),
1931         VMSTATE_UINT8(unit, IDEBus),
1932         VMSTATE_END_OF_LIST()
1933     }
1934 };
1935
1936 void ide_drive_get(DriveInfo **hd, int max_bus)
1937 {
1938     int i;
1939
1940     if (drive_get_max_bus(IF_IDE) >= max_bus) {
1941         fprintf(stderr, "qemu: too many IDE bus: %d\n", max_bus);
1942         exit(1);
1943     }
1944
1945     for(i = 0; i < max_bus * MAX_IDE_DEVS; i++) {
1946         hd[i] = drive_get(IF_IDE, i / MAX_IDE_DEVS, i % MAX_IDE_DEVS);
1947     }
1948 }