search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Do not allow AIO to be inited multiple times
[qemu-kvm/fedora.git] / hw / ide.c
blob1ffa11cc1729e70a9219b76bffb88a3913a1e088
1 /*
2 * QEMU IDE disk and CD/DVD-ROM Emulator
3 *
4 * Copyright (c) 2003 Fabrice Bellard
5 * Copyright (c) 2006 Openedhand Ltd.
6 *
7 * Permission is hereby granted, free of charge, to any person obtaining a copy
8 * of this software and associated documentation files (the "Software"), to deal
9 * in the Software without restriction, including without limitation the rights
10 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
11 * copies of the Software, and to permit persons to whom the Software is
12 * furnished to do so, subject to the following conditions:
13 *
14 * The above copyright notice and this permission notice shall be included in
15 * all copies or substantial portions of the Software.
16 *
17 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
18 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
19 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
20 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
21 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
22 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
23 * THE SOFTWARE.
24 */
25 #include "hw.h"
26 #include "pc.h"
27 #include "pci.h"
28 #include "scsi-disk.h"
29 #include "pcmcia.h"
30 #include "block.h"
31 #include "block_int.h"
32 #include "qemu-timer.h"
33 #include "sysemu.h"
34 #include "ppc_mac.h"
35
36 /* debug IDE devices */
37 //#define DEBUG_IDE
38 //#define DEBUG_IDE_ATAPI
39 //#define DEBUG_AIO
40 #define USE_DMA_CDROM
41
42 /* Bits of HD_STATUS */
43 #define ERR_STAT 0x01
44 #define INDEX_STAT 0x02
45 #define ECC_STAT 0x04 /* Corrected error */
46 #define DRQ_STAT 0x08
47 #define SEEK_STAT 0x10
48 #define SRV_STAT 0x10
49 #define WRERR_STAT 0x20
50 #define READY_STAT 0x40
51 #define BUSY_STAT 0x80
52
53 /* Bits for HD_ERROR */
54 #define MARK_ERR 0x01 /* Bad address mark */
55 #define TRK0_ERR 0x02 /* couldn't find track 0 */
56 #define ABRT_ERR 0x04 /* Command aborted */
57 #define MCR_ERR 0x08 /* media change request */
58 #define ID_ERR 0x10 /* ID field not found */
59 #define MC_ERR 0x20 /* media changed */
60 #define ECC_ERR 0x40 /* Uncorrectable ECC error */
61 #define BBD_ERR 0x80 /* pre-EIDE meaning: block marked bad */
62 #define ICRC_ERR 0x80 /* new meaning: CRC error during transfer */
63
64 /* Bits of HD_NSECTOR */
65 #define CD 0x01
66 #define IO 0x02
67 #define REL 0x04
68 #define TAG_MASK 0xf8
69
70 #define IDE_CMD_RESET 0x04
71 #define IDE_CMD_DISABLE_IRQ 0x02
72
73 /* ATA/ATAPI Commands pre T13 Spec */
74 #define WIN_NOP 0x00
75 /*
76 * 0x01->0x02 Reserved
77 */
78 #define CFA_REQ_EXT_ERROR_CODE 0x03 /* CFA Request Extended Error Code */
79 /*
80 * 0x04->0x07 Reserved
81 */
82 #define WIN_SRST 0x08 /* ATAPI soft reset command */
83 #define WIN_DEVICE_RESET 0x08
84 /*
85 * 0x09->0x0F Reserved
86 */
87 #define WIN_RECAL 0x10
88 #define WIN_RESTORE WIN_RECAL
89 /*
90 * 0x10->0x1F Reserved
91 */
92 #define WIN_READ 0x20 /* 28-Bit */
93 #define WIN_READ_ONCE 0x21 /* 28-Bit without retries */
94 #define WIN_READ_LONG 0x22 /* 28-Bit */
95 #define WIN_READ_LONG_ONCE 0x23 /* 28-Bit without retries */
96 #define WIN_READ_EXT 0x24 /* 48-Bit */
97 #define WIN_READDMA_EXT 0x25 /* 48-Bit */
98 #define WIN_READDMA_QUEUED_EXT 0x26 /* 48-Bit */
99 #define WIN_READ_NATIVE_MAX_EXT 0x27 /* 48-Bit */
100 /*
101 * 0x28
102 */
103 #define WIN_MULTREAD_EXT 0x29 /* 48-Bit */
104 /*
105 * 0x2A->0x2F Reserved
106 */
107 #define WIN_WRITE 0x30 /* 28-Bit */
108 #define WIN_WRITE_ONCE 0x31 /* 28-Bit without retries */
109 #define WIN_WRITE_LONG 0x32 /* 28-Bit */
110 #define WIN_WRITE_LONG_ONCE 0x33 /* 28-Bit without retries */
111 #define WIN_WRITE_EXT 0x34 /* 48-Bit */
112 #define WIN_WRITEDMA_EXT 0x35 /* 48-Bit */
113 #define WIN_WRITEDMA_QUEUED_EXT 0x36 /* 48-Bit */
114 #define WIN_SET_MAX_EXT 0x37 /* 48-Bit */
115 #define CFA_WRITE_SECT_WO_ERASE 0x38 /* CFA Write Sectors without erase */
116 #define WIN_MULTWRITE_EXT 0x39 /* 48-Bit */
117 /*
118 * 0x3A->0x3B Reserved
119 */
120 #define WIN_WRITE_VERIFY 0x3C /* 28-Bit */
121 /*
122 * 0x3D->0x3F Reserved
123 */
124 #define WIN_VERIFY 0x40 /* 28-Bit - Read Verify Sectors */
125 #define WIN_VERIFY_ONCE 0x41 /* 28-Bit - without retries */
126 #define WIN_VERIFY_EXT 0x42 /* 48-Bit */
127 /*
128 * 0x43->0x4F Reserved
129 */
130 #define WIN_FORMAT 0x50
131 /*
132 * 0x51->0x5F Reserved
133 */
134 #define WIN_INIT 0x60
135 /*
136 * 0x61->0x5F Reserved
137 */
138 #define WIN_SEEK 0x70 /* 0x70-0x7F Reserved */
139 #define CFA_TRANSLATE_SECTOR 0x87 /* CFA Translate Sector */
140 #define WIN_DIAGNOSE 0x90
141 #define WIN_SPECIFY 0x91 /* set drive geometry translation */
142 #define WIN_DOWNLOAD_MICROCODE 0x92
143 #define WIN_STANDBYNOW2 0x94
144 #define CFA_IDLEIMMEDIATE 0x95 /* force drive to become "ready" */
145 #define WIN_STANDBY2 0x96
146 #define WIN_SETIDLE2 0x97
147 #define WIN_CHECKPOWERMODE2 0x98
148 #define WIN_SLEEPNOW2 0x99
149 /*
150 * 0x9A VENDOR
151 */
152 #define WIN_PACKETCMD 0xA0 /* Send a packet command. */
153 #define WIN_PIDENTIFY 0xA1 /* identify ATAPI device */
154 #define WIN_QUEUED_SERVICE 0xA2
155 #define WIN_SMART 0xB0 /* self-monitoring and reporting */
156 #define CFA_ACCESS_METADATA_STORAGE 0xB8
157 #define CFA_ERASE_SECTORS 0xC0 /* microdrives implement as NOP */
158 #define WIN_MULTREAD 0xC4 /* read sectors using multiple mode*/
159 #define WIN_MULTWRITE 0xC5 /* write sectors using multiple mode */
160 #define WIN_SETMULT 0xC6 /* enable/disable multiple mode */
161 #define WIN_READDMA_QUEUED 0xC7 /* read sectors using Queued DMA transfers */
162 #define WIN_READDMA 0xC8 /* read sectors using DMA transfers */
163 #define WIN_READDMA_ONCE 0xC9 /* 28-Bit - without retries */
164 #define WIN_WRITEDMA 0xCA /* write sectors using DMA transfers */
165 #define WIN_WRITEDMA_ONCE 0xCB /* 28-Bit - without retries */
166 #define WIN_WRITEDMA_QUEUED 0xCC /* write sectors using Queued DMA transfers */
167 #define CFA_WRITE_MULTI_WO_ERASE 0xCD /* CFA Write multiple without erase */
168 #define WIN_GETMEDIASTATUS 0xDA
169 #define WIN_ACKMEDIACHANGE 0xDB /* ATA-1, ATA-2 vendor */
170 #define WIN_POSTBOOT 0xDC
171 #define WIN_PREBOOT 0xDD
172 #define WIN_DOORLOCK 0xDE /* lock door on removable drives */
173 #define WIN_DOORUNLOCK 0xDF /* unlock door on removable drives */
174 #define WIN_STANDBYNOW1 0xE0
175 #define WIN_IDLEIMMEDIATE 0xE1 /* force drive to become "ready" */
176 #define WIN_STANDBY 0xE2 /* Set device in Standby Mode */
177 #define WIN_SETIDLE1 0xE3
178 #define WIN_READ_BUFFER 0xE4 /* force read only 1 sector */
179 #define WIN_CHECKPOWERMODE1 0xE5
180 #define WIN_SLEEPNOW1 0xE6
181 #define WIN_FLUSH_CACHE 0xE7
182 #define WIN_WRITE_BUFFER 0xE8 /* force write only 1 sector */
183 #define WIN_WRITE_SAME 0xE9 /* read ata-2 to use */
184 /* SET_FEATURES 0x22 or 0xDD */
185 #define WIN_FLUSH_CACHE_EXT 0xEA /* 48-Bit */
186 #define WIN_IDENTIFY 0xEC /* ask drive to identify itself */
187 #define WIN_MEDIAEJECT 0xED
188 #define WIN_IDENTIFY_DMA 0xEE /* same as WIN_IDENTIFY, but DMA */
189 #define WIN_SETFEATURES 0xEF /* set special drive features */
190 #define EXABYTE_ENABLE_NEST 0xF0
191 #define IBM_SENSE_CONDITION 0xF0 /* measure disk temperature */
192 #define WIN_SECURITY_SET_PASS 0xF1
193 #define WIN_SECURITY_UNLOCK 0xF2
194 #define WIN_SECURITY_ERASE_PREPARE 0xF3
195 #define WIN_SECURITY_ERASE_UNIT 0xF4
196 #define WIN_SECURITY_FREEZE_LOCK 0xF5
197 #define CFA_WEAR_LEVEL 0xF5 /* microdrives implement as NOP */
198 #define WIN_SECURITY_DISABLE 0xF6
199 #define WIN_READ_NATIVE_MAX 0xF8 /* return the native maximum address */
200 #define WIN_SET_MAX 0xF9
201 #define DISABLE_SEAGATE 0xFB
202
203 /* set to 1 set disable mult support */
204 #define MAX_MULT_SECTORS 16
205
206 #define IDE_DMA_BUF_SECTORS 256
207
208 #if (IDE_DMA_BUF_SECTORS < MAX_MULT_SECTORS)
209 #error "IDE_DMA_BUF_SECTORS must be bigger or equal to MAX_MULT_SECTORS"
210 #endif
211
212 /* ATAPI defines */
213
214 #define ATAPI_PACKET_SIZE 12
215
216 /* The generic packet command opcodes for CD/DVD Logical Units,
217 * From Table 57 of the SFF8090 Ver. 3 (Mt. Fuji) draft standard. */
218 #define GPCMD_BLANK 0xa1
219 #define GPCMD_CLOSE_TRACK 0x5b
220 #define GPCMD_FLUSH_CACHE 0x35
221 #define GPCMD_FORMAT_UNIT 0x04
222 #define GPCMD_GET_CONFIGURATION 0x46
223 #define GPCMD_GET_EVENT_STATUS_NOTIFICATION 0x4a
224 #define GPCMD_GET_PERFORMANCE 0xac
225 #define GPCMD_INQUIRY 0x12
226 #define GPCMD_LOAD_UNLOAD 0xa6
227 #define GPCMD_MECHANISM_STATUS 0xbd
228 #define GPCMD_MODE_SELECT_10 0x55
229 #define GPCMD_MODE_SENSE_10 0x5a
230 #define GPCMD_PAUSE_RESUME 0x4b
231 #define GPCMD_PLAY_AUDIO_10 0x45
232 #define GPCMD_PLAY_AUDIO_MSF 0x47
233 #define GPCMD_PLAY_AUDIO_TI 0x48
234 #define GPCMD_PLAY_CD 0xbc
235 #define GPCMD_PREVENT_ALLOW_MEDIUM_REMOVAL 0x1e
236 #define GPCMD_READ_10 0x28
237 #define GPCMD_READ_12 0xa8
238 #define GPCMD_READ_CDVD_CAPACITY 0x25
239 #define GPCMD_READ_CD 0xbe
240 #define GPCMD_READ_CD_MSF 0xb9
241 #define GPCMD_READ_DISC_INFO 0x51
242 #define GPCMD_READ_DVD_STRUCTURE 0xad
243 #define GPCMD_READ_FORMAT_CAPACITIES 0x23
244 #define GPCMD_READ_HEADER 0x44
245 #define GPCMD_READ_TRACK_RZONE_INFO 0x52
246 #define GPCMD_READ_SUBCHANNEL 0x42
247 #define GPCMD_READ_TOC_PMA_ATIP 0x43
248 #define GPCMD_REPAIR_RZONE_TRACK 0x58
249 #define GPCMD_REPORT_KEY 0xa4
250 #define GPCMD_REQUEST_SENSE 0x03
251 #define GPCMD_RESERVE_RZONE_TRACK 0x53
252 #define GPCMD_SCAN 0xba
253 #define GPCMD_SEEK 0x2b
254 #define GPCMD_SEND_DVD_STRUCTURE 0xad
255 #define GPCMD_SEND_EVENT 0xa2
256 #define GPCMD_SEND_KEY 0xa3
257 #define GPCMD_SEND_OPC 0x54
258 #define GPCMD_SET_READ_AHEAD 0xa7
259 #define GPCMD_SET_STREAMING 0xb6
260 #define GPCMD_START_STOP_UNIT 0x1b
261 #define GPCMD_STOP_PLAY_SCAN 0x4e
262 #define GPCMD_TEST_UNIT_READY 0x00
263 #define GPCMD_VERIFY_10 0x2f
264 #define GPCMD_WRITE_10 0x2a
265 #define GPCMD_WRITE_AND_VERIFY_10 0x2e
266 /* This is listed as optional in ATAPI 2.6, but is (curiously)
267 * missing from Mt. Fuji, Table 57. It _is_ mentioned in Mt. Fuji
268 * Table 377 as an MMC command for SCSi devices though... Most ATAPI
269 * drives support it. */
270 #define GPCMD_SET_SPEED 0xbb
271 /* This seems to be a SCSI specific CD-ROM opcode
272 * to play data at track/index */
273 #define GPCMD_PLAYAUDIO_TI 0x48
274 /*
275 * From MS Media Status Notification Support Specification. For
276 * older drives only.
277 */
278 #define GPCMD_GET_MEDIA_STATUS 0xda
279 #define GPCMD_MODE_SENSE_6 0x1a
280
281 /* Mode page codes for mode sense/set */
282 #define GPMODE_R_W_ERROR_PAGE 0x01
283 #define GPMODE_WRITE_PARMS_PAGE 0x05
284 #define GPMODE_AUDIO_CTL_PAGE 0x0e
285 #define GPMODE_POWER_PAGE 0x1a
286 #define GPMODE_FAULT_FAIL_PAGE 0x1c
287 #define GPMODE_TO_PROTECT_PAGE 0x1d
288 #define GPMODE_CAPABILITIES_PAGE 0x2a
289 #define GPMODE_ALL_PAGES 0x3f
290 /* Not in Mt. Fuji, but in ATAPI 2.6 -- depricated now in favor
291 * of MODE_SENSE_POWER_PAGE */
292 #define GPMODE_CDROM_PAGE 0x0d
293
294 /*
295 * Based on values from <linux/cdrom.h> but extending CD_MINS
296 * to the maximum common size allowed by the Orange's Book ATIP
297 *
298 * 90 and 99 min CDs are also available but using them as the
299 * upper limit reduces the effectiveness of the heuristic to
300 * detect DVDs burned to less than 25% of their maximum capacity
301 */
302
303 /* Some generally useful CD-ROM information */
304 #define CD_MINS 80 /* max. minutes per CD */
305 #define CD_SECS 60 /* seconds per minute */
306 #define CD_FRAMES 75 /* frames per second */
307 #define CD_FRAMESIZE 2048 /* bytes per frame, "cooked" mode */
308 #define CD_MAX_BYTES (CD_MINS * CD_SECS * CD_FRAMES * CD_FRAMESIZE)
309 #define CD_MAX_SECTORS (CD_MAX_BYTES / 512)
310
311 /*
312 * The MMC values are not IDE specific and might need to be moved
313 * to a common header if they are also needed for the SCSI emulation
314 */
315
316 /* Profile list from MMC-6 revision 1 table 91 */
317 #define MMC_PROFILE_NONE 0x0000
318 #define MMC_PROFILE_CD_ROM 0x0008
319 #define MMC_PROFILE_CD_R 0x0009
320 #define MMC_PROFILE_CD_RW 0x000A
321 #define MMC_PROFILE_DVD_ROM 0x0010
322 #define MMC_PROFILE_DVD_R_SR 0x0011
323 #define MMC_PROFILE_DVD_RAM 0x0012
324 #define MMC_PROFILE_DVD_RW_RO 0x0013
325 #define MMC_PROFILE_DVD_RW_SR 0x0014
326 #define MMC_PROFILE_DVD_R_DL_SR 0x0015
327 #define MMC_PROFILE_DVD_R_DL_JR 0x0016
328 #define MMC_PROFILE_DVD_RW_DL 0x0017
329 #define MMC_PROFILE_DVD_DDR 0x0018
330 #define MMC_PROFILE_DVD_PLUS_RW 0x001A
331 #define MMC_PROFILE_DVD_PLUS_R 0x001B
332 #define MMC_PROFILE_DVD_PLUS_RW_DL 0x002A
333 #define MMC_PROFILE_DVD_PLUS_R_DL 0x002B
334 #define MMC_PROFILE_BD_ROM 0x0040
335 #define MMC_PROFILE_BD_R_SRM 0x0041
336 #define MMC_PROFILE_BD_R_RRM 0x0042
337 #define MMC_PROFILE_BD_RE 0x0043
338 #define MMC_PROFILE_HDDVD_ROM 0x0050
339 #define MMC_PROFILE_HDDVD_R 0x0051
340 #define MMC_PROFILE_HDDVD_RAM 0x0052
341 #define MMC_PROFILE_HDDVD_RW 0x0053
342 #define MMC_PROFILE_HDDVD_R_DL 0x0058
343 #define MMC_PROFILE_HDDVD_RW_DL 0x005A
344 #define MMC_PROFILE_INVALID 0xFFFF
345
346 #define ATAPI_INT_REASON_CD 0x01 /* 0 = data transfer */
347 #define ATAPI_INT_REASON_IO 0x02 /* 1 = transfer to the host */
348 #define ATAPI_INT_REASON_REL 0x04
349 #define ATAPI_INT_REASON_TAG 0xf8
350
351 /* same constants as bochs */
352 #define ASC_ILLEGAL_OPCODE 0x20
353 #define ASC_LOGICAL_BLOCK_OOR 0x21
354 #define ASC_INV_FIELD_IN_CMD_PACKET 0x24
355 #define ASC_INCOMPATIBLE_FORMAT 0x30
356 #define ASC_MEDIUM_NOT_PRESENT 0x3a
357 #define ASC_SAVING_PARAMETERS_NOT_SUPPORTED 0x39
358
359 #define CFA_NO_ERROR 0x00
360 #define CFA_MISC_ERROR 0x09
361 #define CFA_INVALID_COMMAND 0x20
362 #define CFA_INVALID_ADDRESS 0x21
363 #define CFA_ADDRESS_OVERFLOW 0x2f
364
365 #define SENSE_NONE 0
366 #define SENSE_NOT_READY 2
367 #define SENSE_ILLEGAL_REQUEST 5
368 #define SENSE_UNIT_ATTENTION 6
369
370 struct IDEState;
371
372 typedef void EndTransferFunc(struct IDEState *);
373
374 /* NOTE: IDEState represents in fact one drive */
375 typedef struct IDEState {
376 /* ide config */
377 int is_cdrom;
378 int is_cf;
379 int cylinders, heads, sectors;
380 int64_t nb_sectors;
381 int mult_sectors;
382 int identify_set;
383 uint16_t identify_data[256];
384 qemu_irq irq;
385 PCIDevice *pci_dev;
386 struct BMDMAState *bmdma;
387 int drive_serial;
388 /* ide regs */
389 uint8_t feature;
390 uint8_t error;
391 uint32_t nsector;
392 uint8_t sector;
393 uint8_t lcyl;
394 uint8_t hcyl;
395 /* other part of tf for lba48 support */
396 uint8_t hob_feature;
397 uint8_t hob_nsector;
398 uint8_t hob_sector;
399 uint8_t hob_lcyl;
400 uint8_t hob_hcyl;
401
402 uint8_t select;
403 uint8_t status;
404
405 /* 0x3f6 command, only meaningful for drive 0 */
406 uint8_t cmd;
407 /* set for lba48 access */
408 uint8_t lba48;
409 /* depends on bit 4 in select, only meaningful for drive 0 */
410 struct IDEState *cur_drive;
411 BlockDriverState *bs;
412 /* ATAPI specific */
413 uint8_t sense_key;
414 uint8_t asc;
415 int packet_transfer_size;
416 int elementary_transfer_size;
417 int io_buffer_index;
418 int lba;
419 int cd_sector_size;
420 int atapi_dma; /* true if dma is requested for the packet cmd */
421 /* ATA DMA state */
422 int io_buffer_size;
423 /* PIO transfer handling */
424 int req_nb_sectors; /* number of sectors per interrupt */
425 EndTransferFunc *end_transfer_func;
426 uint8_t *data_ptr;
427 uint8_t *data_end;
428 uint8_t *io_buffer;
429 QEMUTimer *sector_write_timer; /* only used for win2k install hack */
430 uint32_t irq_count; /* counts IRQs when using win2k install hack */
431 /* CF-ATA extended error */
432 uint8_t ext_error;
433 /* CF-ATA metadata storage */
434 uint32_t mdata_size;
435 uint8_t *mdata_storage;
436 int media_changed;
437 } IDEState;
438
439 /* XXX: DVDs that could fit on a CD will be reported as a CD */
440 static inline int media_present(IDEState *s)
441 {
442 return (s->nb_sectors > 0);
443 }
444
445 static inline int media_is_dvd(IDEState *s)
446 {
447 return (media_present(s) && s->nb_sectors > CD_MAX_SECTORS);
448 }
449
450 static inline int media_is_cd(IDEState *s)
451 {
452 return (media_present(s) && s->nb_sectors <= CD_MAX_SECTORS);
453 }
454
455 #define BM_STATUS_DMAING 0x01
456 #define BM_STATUS_ERROR 0x02
457 #define BM_STATUS_INT 0x04
458
459 #define BM_CMD_START 0x01
460 #define BM_CMD_READ 0x08
461
462 #define IDE_TYPE_PIIX3 0
463 #define IDE_TYPE_CMD646 1
464 #define IDE_TYPE_PIIX4 2
465
466 /* CMD646 specific */
467 #define MRDMODE 0x71
468 #define MRDMODE_INTR_CH0 0x04
469 #define MRDMODE_INTR_CH1 0x08
470 #define MRDMODE_BLK_CH0 0x10
471 #define MRDMODE_BLK_CH1 0x20
472 #define UDIDETCR0 0x73
473 #define UDIDETCR1 0x7B
474
475 typedef struct BMDMAState {
476 uint8_t cmd;
477 uint8_t status;
478 uint32_t addr;
479
480 struct PCIIDEState *pci_dev;
481 /* current transfer state */
482 uint32_t cur_addr;
483 uint32_t cur_prd_last;
484 uint32_t cur_prd_addr;
485 uint32_t cur_prd_len;
486 IDEState *ide_if;
487 BlockDriverCompletionFunc *dma_cb;
488 BlockDriverAIOCB *aiocb;
489 } BMDMAState;
490
491 typedef struct PCIIDEState {
492 PCIDevice dev;
493 IDEState ide_if[4];
494 BMDMAState bmdma[2];
495 int type; /* see IDE_TYPE_xxx */
496 } PCIIDEState;
497
498 static void ide_dma_start(IDEState *s, BlockDriverCompletionFunc *dma_cb);
499 static void ide_atapi_cmd_read_dma_cb(void *opaque, int ret);
500
501 static void padstr(char *str, const char *src, int len)
502 {
503 int i, v;
504 for(i = 0; i < len; i++) {
505 if (*src)
506 v = *src++;
507 else
508 v = ' ';
509 str[i^1] = v;
510 }
511 }
512
513 static void padstr8(uint8_t *buf, int buf_size, const char *src)
514 {
515 int i;
516 for(i = 0; i < buf_size; i++) {
517 if (*src)
518 buf[i] = *src++;
519 else
520 buf[i] = ' ';
521 }
522 }
523
524 static void put_le16(uint16_t *p, unsigned int v)
525 {
526 *p = cpu_to_le16(v);
527 }
528
529 static void ide_identify(IDEState *s)
530 {
531 uint16_t *p;
532 unsigned int oldsize;
533 char buf[20];
534
535 if (s->identify_set) {
536 memcpy(s->io_buffer, s->identify_data, sizeof(s->identify_data));
537 return;
538 }
539
540 memset(s->io_buffer, 0, 512);
541 p = (uint16_t *)s->io_buffer;
542 put_le16(p + 0, 0x0040);
543 put_le16(p + 1, s->cylinders);
544 put_le16(p + 3, s->heads);
545 put_le16(p + 4, 512 * s->sectors); /* XXX: retired, remove ? */
546 put_le16(p + 5, 512); /* XXX: retired, remove ? */
547 put_le16(p + 6, s->sectors);
548 snprintf(buf, sizeof(buf), "QM%05d", s->drive_serial);
549 padstr((char *)(p + 10), buf, 20); /* serial number */
550 put_le16(p + 20, 3); /* XXX: retired, remove ? */
551 put_le16(p + 21, 512); /* cache size in sectors */
552 put_le16(p + 22, 4); /* ecc bytes */
553 padstr((char *)(p + 23), QEMU_VERSION, 8); /* firmware version */
554 padstr((char *)(p + 27), "QEMU HARDDISK", 40); /* model */
555 #if MAX_MULT_SECTORS > 1
556 put_le16(p + 47, 0x8000 | MAX_MULT_SECTORS);
557 #endif
558 put_le16(p + 48, 1); /* dword I/O */
559 put_le16(p + 49, (1 << 11) | (1 << 9) | (1 << 8)); /* DMA and LBA supported */
560 put_le16(p + 51, 0x200); /* PIO transfer cycle */
561 put_le16(p + 52, 0x200); /* DMA transfer cycle */
562 put_le16(p + 53, 1 | (1 << 1) | (1 << 2)); /* words 54-58,64-70,88 are valid */
563 put_le16(p + 54, s->cylinders);
564 put_le16(p + 55, s->heads);
565 put_le16(p + 56, s->sectors);
566 oldsize = s->cylinders * s->heads * s->sectors;
567 put_le16(p + 57, oldsize);
568 put_le16(p + 58, oldsize >> 16);
569 if (s->mult_sectors)
570 put_le16(p + 59, 0x100 | s->mult_sectors);
571 put_le16(p + 60, s->nb_sectors);
572 put_le16(p + 61, s->nb_sectors >> 16);
573 put_le16(p + 62, 0x07); /* single word dma0-2 supported */
574 put_le16(p + 63, 0x07); /* mdma0-2 supported */
575 put_le16(p + 65, 120);
576 put_le16(p + 66, 120);
577 put_le16(p + 67, 120);
578 put_le16(p + 68, 120);
579 put_le16(p + 80, 0xf0); /* ata3 -> ata6 supported */
580 put_le16(p + 81, 0x16); /* conforms to ata5 */
581 put_le16(p + 82, (1 << 14));
582 /* 13=flush_cache_ext,12=flush_cache,10=lba48 */
583 put_le16(p + 83, (1 << 14) | (1 << 13) | (1 <<12) | (1 << 10));
584 put_le16(p + 84, (1 << 14));
585 put_le16(p + 85, (1 << 14));
586 /* 13=flush_cache_ext,12=flush_cache,10=lba48 */
587 put_le16(p + 86, (1 << 14) | (1 << 13) | (1 <<12) | (1 << 10));
588 put_le16(p + 87, (1 << 14));
589 put_le16(p + 88, 0x3f | (1 << 13)); /* udma5 set and supported */
590 put_le16(p + 93, 1 | (1 << 14) | 0x2000);
591 put_le16(p + 100, s->nb_sectors);
592 put_le16(p + 101, s->nb_sectors >> 16);
593 put_le16(p + 102, s->nb_sectors >> 32);
594 put_le16(p + 103, s->nb_sectors >> 48);
595
596 memcpy(s->identify_data, p, sizeof(s->identify_data));
597 s->identify_set = 1;
598 }
599
600 static void ide_atapi_identify(IDEState *s)
601 {
602 uint16_t *p;
603 char buf[20];
604
605 if (s->identify_set) {
606 memcpy(s->io_buffer, s->identify_data, sizeof(s->identify_data));
607 return;
608 }
609
610 memset(s->io_buffer, 0, 512);
611 p = (uint16_t *)s->io_buffer;
612 /* Removable CDROM, 50us response, 12 byte packets */
613 put_le16(p + 0, (2 << 14) | (5 << 8) | (1 << 7) | (2 << 5) | (0 << 0));
614 snprintf(buf, sizeof(buf), "QM%05d", s->drive_serial);
615 padstr((char *)(p + 10), buf, 20); /* serial number */
616 put_le16(p + 20, 3); /* buffer type */
617 put_le16(p + 21, 512); /* cache size in sectors */
618 put_le16(p + 22, 4); /* ecc bytes */
619 padstr((char *)(p + 23), QEMU_VERSION, 8); /* firmware version */
620 padstr((char *)(p + 27), "QEMU DVD-ROM", 40); /* model */
621 put_le16(p + 48, 1); /* dword I/O (XXX: should not be set on CDROM) */
622 #ifdef USE_DMA_CDROM
623 put_le16(p + 49, 1 << 9 | 1 << 8); /* DMA and LBA supported */
624 put_le16(p + 53, 7); /* words 64-70, 54-58, 88 valid */
625 put_le16(p + 62, 7); /* single word dma0-2 supported */
626 put_le16(p + 63, 7); /* mdma0-2 supported */
627 put_le16(p + 64, 0x3f); /* PIO modes supported */
628 #else
629 put_le16(p + 49, 1 << 9); /* LBA supported, no DMA */
630 put_le16(p + 53, 3); /* words 64-70, 54-58 valid */
631 put_le16(p + 63, 0x103); /* DMA modes XXX: may be incorrect */
632 put_le16(p + 64, 1); /* PIO modes */
633 #endif
634 put_le16(p + 65, 0xb4); /* minimum DMA multiword tx cycle time */
635 put_le16(p + 66, 0xb4); /* recommended DMA multiword tx cycle time */
636 put_le16(p + 67, 0x12c); /* minimum PIO cycle time without flow control */
637 put_le16(p + 68, 0xb4); /* minimum PIO cycle time with IORDY flow control */
638
639 put_le16(p + 71, 30); /* in ns */
640 put_le16(p + 72, 30); /* in ns */
641
642 put_le16(p + 80, 0x1e); /* support up to ATA/ATAPI-4 */
643 #ifdef USE_DMA_CDROM
644 put_le16(p + 88, 0x3f | (1 << 13)); /* udma5 set and supported */
645 #endif
646 memcpy(s->identify_data, p, sizeof(s->identify_data));
647 s->identify_set = 1;
648 }
649
650 static void ide_cfata_identify(IDEState *s)
651 {
652 uint16_t *p;
653 uint32_t cur_sec;
654 char buf[20];
655
656 p = (uint16_t *) s->identify_data;
657 if (s->identify_set)
658 goto fill_buffer;
659
660 memset(p, 0, sizeof(s->identify_data));
661
662 cur_sec = s->cylinders * s->heads * s->sectors;
663
664 put_le16(p + 0, 0x848a); /* CF Storage Card signature */
665 put_le16(p + 1, s->cylinders); /* Default cylinders */
666 put_le16(p + 3, s->heads); /* Default heads */
667 put_le16(p + 6, s->sectors); /* Default sectors per track */
668 put_le16(p + 7, s->nb_sectors >> 16); /* Sectors per card */
669 put_le16(p + 8, s->nb_sectors); /* Sectors per card */
670 snprintf(buf, sizeof(buf), "QM%05d", s->drive_serial);
671 padstr((char *)(p + 10), buf, 20); /* Serial number in ASCII */
672 put_le16(p + 22, 0x0004); /* ECC bytes */
673 padstr((char *) (p + 23), QEMU_VERSION, 8); /* Firmware Revision */
674 padstr((char *) (p + 27), "QEMU MICRODRIVE", 40);/* Model number */
675 #if MAX_MULT_SECTORS > 1
676 put_le16(p + 47, 0x8000 | MAX_MULT_SECTORS);
677 #else
678 put_le16(p + 47, 0x0000);
679 #endif
680 put_le16(p + 49, 0x0f00); /* Capabilities */
681 put_le16(p + 51, 0x0002); /* PIO cycle timing mode */
682 put_le16(p + 52, 0x0001); /* DMA cycle timing mode */
683 put_le16(p + 53, 0x0003); /* Translation params valid */
684 put_le16(p + 54, s->cylinders); /* Current cylinders */
685 put_le16(p + 55, s->heads); /* Current heads */
686 put_le16(p + 56, s->sectors); /* Current sectors */
687 put_le16(p + 57, cur_sec); /* Current capacity */
688 put_le16(p + 58, cur_sec >> 16); /* Current capacity */
689 if (s->mult_sectors) /* Multiple sector setting */
690 put_le16(p + 59, 0x100 | s->mult_sectors);
691 put_le16(p + 60, s->nb_sectors); /* Total LBA sectors */
692 put_le16(p + 61, s->nb_sectors >> 16); /* Total LBA sectors */
693 put_le16(p + 63, 0x0203); /* Multiword DMA capability */
694 put_le16(p + 64, 0x0001); /* Flow Control PIO support */
695 put_le16(p + 65, 0x0096); /* Min. Multiword DMA cycle */
696 put_le16(p + 66, 0x0096); /* Rec. Multiword DMA cycle */
697 put_le16(p + 68, 0x00b4); /* Min. PIO cycle time */
698 put_le16(p + 82, 0x400c); /* Command Set supported */
699 put_le16(p + 83, 0x7068); /* Command Set supported */
700 put_le16(p + 84, 0x4000); /* Features supported */
701 put_le16(p + 85, 0x000c); /* Command Set enabled */
702 put_le16(p + 86, 0x7044); /* Command Set enabled */
703 put_le16(p + 87, 0x4000); /* Features enabled */
704 put_le16(p + 91, 0x4060); /* Current APM level */
705 put_le16(p + 129, 0x0002); /* Current features option */
706 put_le16(p + 130, 0x0005); /* Reassigned sectors */
707 put_le16(p + 131, 0x0001); /* Initial power mode */
708 put_le16(p + 132, 0x0000); /* User signature */
709 put_le16(p + 160, 0x8100); /* Power requirement */
710 put_le16(p + 161, 0x8001); /* CF command set */
711
712 s->identify_set = 1;
713
714 fill_buffer:
715 memcpy(s->io_buffer, p, sizeof(s->identify_data));
716 }
717
718 static void ide_set_signature(IDEState *s)
719 {
720 s->select &= 0xf0; /* clear head */
721 /* put signature */
722 s->nsector = 1;
723 s->sector = 1;
724 if (s->is_cdrom) {
725 s->lcyl = 0x14;
726 s->hcyl = 0xeb;
727 } else if (s->bs) {
728 s->lcyl = 0;
729 s->hcyl = 0;
730 } else {
731 s->lcyl = 0xff;
732 s->hcyl = 0xff;
733 }
734 }
735
736 static inline void ide_abort_command(IDEState *s)
737 {
738 s->status = READY_STAT | ERR_STAT;
739 s->error = ABRT_ERR;
740 }
741
742 static inline void ide_set_irq(IDEState *s)
743 {
744 BMDMAState *bm = s->bmdma;
745 if (!(s->cmd & IDE_CMD_DISABLE_IRQ)) {
746 if (bm) {
747 bm->status |= BM_STATUS_INT;
748 }
749 qemu_irq_raise(s->irq);
750 }
751 }
752
753 /* prepare data transfer and tell what to do after */
754 static void ide_transfer_start(IDEState *s, uint8_t *buf, int size,
755 EndTransferFunc *end_transfer_func)
756 {
757 s->end_transfer_func = end_transfer_func;
758 s->data_ptr = buf;
759 s->data_end = buf + size;
760 if (!(s->status & ERR_STAT))
761 s->status |= DRQ_STAT;
762 }
763
764 static void ide_transfer_stop(IDEState *s)
765 {
766 s->end_transfer_func = ide_transfer_stop;
767 s->data_ptr = s->io_buffer;
768 s->data_end = s->io_buffer;
769 s->status &= ~DRQ_STAT;
770 }
771
772 static int64_t ide_get_sector(IDEState *s)
773 {
774 int64_t sector_num;
775 if (s->select & 0x40) {
776 /* lba */
777 if (!s->lba48) {
778 sector_num = ((s->select & 0x0f) << 24) | (s->hcyl << 16) |
779 (s->lcyl << 8) | s->sector;
780 } else {
781 sector_num = ((int64_t)s->hob_hcyl << 40) |
782 ((int64_t) s->hob_lcyl << 32) |
783 ((int64_t) s->hob_sector << 24) |
784 ((int64_t) s->hcyl << 16) |
785 ((int64_t) s->lcyl << 8) | s->sector;
786 }
787 } else {
788 sector_num = ((s->hcyl << 8) | s->lcyl) * s->heads * s->sectors +
789 (s->select & 0x0f) * s->sectors + (s->sector - 1);
790 }
791 return sector_num;
792 }
793
794 static void ide_set_sector(IDEState *s, int64_t sector_num)
795 {
796 unsigned int cyl, r;
797 if (s->select & 0x40) {
798 if (!s->lba48) {
799 s->select = (s->select & 0xf0) | (sector_num >> 24);
800 s->hcyl = (sector_num >> 16);
801 s->lcyl = (sector_num >> 8);
802 s->sector = (sector_num);
803 } else {
804 s->sector = sector_num;
805 s->lcyl = sector_num >> 8;
806 s->hcyl = sector_num >> 16;
807 s->hob_sector = sector_num >> 24;
808 s->hob_lcyl = sector_num >> 32;
809 s->hob_hcyl = sector_num >> 40;
810 }
811 } else {
812 cyl = sector_num / (s->heads * s->sectors);
813 r = sector_num % (s->heads * s->sectors);
814 s->hcyl = cyl >> 8;
815 s->lcyl = cyl;
816 s->select = (s->select & 0xf0) | ((r / s->sectors) & 0x0f);
817 s->sector = (r % s->sectors) + 1;
818 }
819 }
820
821 static void ide_sector_read(IDEState *s)
822 {
823 int64_t sector_num;
824 int ret, n;
825
826 s->status = READY_STAT | SEEK_STAT;
827 s->error = 0; /* not needed by IDE spec, but needed by Windows */
828 sector_num = ide_get_sector(s);
829 n = s->nsector;
830 if (n == 0) {
831 /* no more sector to read from disk */
832 ide_transfer_stop(s);
833 } else {
834 #if defined(DEBUG_IDE)
835 printf("read sector=%Ld\n", sector_num);
836 #endif
837 if (n > s->req_nb_sectors)
838 n = s->req_nb_sectors;
839 ret = bdrv_read(s->bs, sector_num, s->io_buffer, n);
840 ide_transfer_start(s, s->io_buffer, 512 * n, ide_sector_read);
841 ide_set_irq(s);
842 ide_set_sector(s, sector_num + n);
843 s->nsector -= n;
844 }
845 }
846
847 /* return 0 if buffer completed */
848 static int dma_buf_rw(BMDMAState *bm, int is_write)
849 {
850 IDEState *s = bm->ide_if;
851 struct {
852 uint32_t addr;
853 uint32_t size;
854 } prd;
855 int l, len;
856
857 for(;;) {
858 l = s->io_buffer_size - s->io_buffer_index;
859 if (l <= 0)
860 break;
861 if (bm->cur_prd_len == 0) {
862 /* end of table (with a fail safe of one page) */
863 if (bm->cur_prd_last ||
864 (bm->cur_addr - bm->addr) >= 4096)
865 return 0;
866 cpu_physical_memory_read(bm->cur_addr, (uint8_t *)&prd, 8);
867 bm->cur_addr += 8;
868 prd.addr = le32_to_cpu(prd.addr);
869 prd.size = le32_to_cpu(prd.size);
870 len = prd.size & 0xfffe;
871 if (len == 0)
872 len = 0x10000;
873 bm->cur_prd_len = len;
874 bm->cur_prd_addr = prd.addr;
875 bm->cur_prd_last = (prd.size & 0x80000000);
876 }
877 if (l > bm->cur_prd_len)
878 l = bm->cur_prd_len;
879 if (l > 0) {
880 if (is_write) {
881 cpu_physical_memory_write(bm->cur_prd_addr,
882 s->io_buffer + s->io_buffer_index, l);
883 } else {
884 cpu_physical_memory_read(bm->cur_prd_addr,
885 s->io_buffer + s->io_buffer_index, l);
886 }
887 bm->cur_prd_addr += l;
888 bm->cur_prd_len -= l;
889 s->io_buffer_index += l;
890 }
891 }
892 return 1;
893 }
894
895 /* XXX: handle errors */
896 static void ide_read_dma_cb(void *opaque, int ret)
897 {
898 BMDMAState *bm = opaque;
899 IDEState *s = bm->ide_if;
900 int n;
901 int64_t sector_num;
902
903 n = s->io_buffer_size >> 9;
904 sector_num = ide_get_sector(s);
905 if (n > 0) {
906 sector_num += n;
907 ide_set_sector(s, sector_num);
908 s->nsector -= n;
909 if (dma_buf_rw(bm, 1) == 0)
910 goto eot;
911 }
912
913 /* end of transfer ? */
914 if (s->nsector == 0) {
915 s->status = READY_STAT | SEEK_STAT;
916 ide_set_irq(s);
917 eot:
918 bm->status &= ~BM_STATUS_DMAING;
919 bm->status |= BM_STATUS_INT;
920 bm->dma_cb = NULL;
921 bm->ide_if = NULL;
922 bm->aiocb = NULL;
923 return;
924 }
925
926 /* launch next transfer */
927 n = s->nsector;
928 if (n > IDE_DMA_BUF_SECTORS)
929 n = IDE_DMA_BUF_SECTORS;
930 s->io_buffer_index = 0;
931 s->io_buffer_size = n * 512;
932 #ifdef DEBUG_AIO
933 printf("aio_read: sector_num=%lld n=%d\n", sector_num, n);
934 #endif
935 bm->aiocb = bdrv_aio_read(s->bs, sector_num, s->io_buffer, n,
936 ide_read_dma_cb, bm);
937 }
938
939 static void ide_sector_read_dma(IDEState *s)
940 {
941 s->status = READY_STAT | SEEK_STAT | DRQ_STAT | BUSY_STAT;
942 s->io_buffer_index = 0;
943 s->io_buffer_size = 0;
944 ide_dma_start(s, ide_read_dma_cb);
945 }
946
947 static void ide_sector_write_timer_cb(void *opaque)
948 {
949 IDEState *s = opaque;
950 ide_set_irq(s);
951 }
952
953 static void ide_sector_write(IDEState *s)
954 {
955 int64_t sector_num;
956 int ret, n, n1;
957
958 s->status = READY_STAT | SEEK_STAT;
959 sector_num = ide_get_sector(s);
960 #if defined(DEBUG_IDE)
961 printf("write sector=%Ld\n", sector_num);
962 #endif
963 n = s->nsector;
964 if (n > s->req_nb_sectors)
965 n = s->req_nb_sectors;
966 ret = bdrv_write(s->bs, sector_num, s->io_buffer, n);
967 s->nsector -= n;
968 if (s->nsector == 0) {
969 /* no more sectors to write */
970 ide_transfer_stop(s);
971 } else {
972 n1 = s->nsector;
973 if (n1 > s->req_nb_sectors)
974 n1 = s->req_nb_sectors;
975 ide_transfer_start(s, s->io_buffer, 512 * n1, ide_sector_write);
976 }
977 ide_set_sector(s, sector_num + n);
978
979 #ifdef TARGET_I386
980 if (win2k_install_hack && ((++s->irq_count % 16) == 0)) {
981 /* It seems there is a bug in the Windows 2000 installer HDD
982 IDE driver which fills the disk with empty logs when the
983 IDE write IRQ comes too early. This hack tries to correct
984 that at the expense of slower write performances. Use this
985 option _only_ to install Windows 2000. You must disable it
986 for normal use. */
987 qemu_mod_timer(s->sector_write_timer,
988 qemu_get_clock(vm_clock) + (ticks_per_sec / 1000));
989 } else
990 #endif
991 {
992 ide_set_irq(s);
993 }
994 }
995
996 /* XXX: handle errors */
997 static void ide_write_dma_cb(void *opaque, int ret)
998 {
999 BMDMAState *bm = opaque;
1000 IDEState *s = bm->ide_if;
1001 int n;
1002 int64_t sector_num;
1003
1004 n = s->io_buffer_size >> 9;
1005 sector_num = ide_get_sector(s);
1006 if (n > 0) {
1007 sector_num += n;
1008 ide_set_sector(s, sector_num);
1009 s->nsector -= n;
1010 }
1011
1012 /* end of transfer ? */
1013 if (s->nsector == 0) {
1014 s->status = READY_STAT | SEEK_STAT;
1015 ide_set_irq(s);
1016 eot:
1017 bm->status &= ~BM_STATUS_DMAING;
1018 bm->status |= BM_STATUS_INT;
1019 bm->dma_cb = NULL;
1020 bm->ide_if = NULL;
1021 bm->aiocb = NULL;
1022 return;
1023 }
1024
1025 /* launch next transfer */
1026 n = s->nsector;
1027 if (n > IDE_DMA_BUF_SECTORS)
1028 n = IDE_DMA_BUF_SECTORS;
1029 s->io_buffer_index = 0;
1030 s->io_buffer_size = n * 512;
1031
1032 if (dma_buf_rw(bm, 0) == 0)
1033 goto eot;
1034 #ifdef DEBUG_AIO
1035 printf("aio_write: sector_num=%lld n=%d\n", sector_num, n);
1036 #endif
1037 bm->aiocb = bdrv_aio_write(s->bs, sector_num, s->io_buffer, n,
1038 ide_write_dma_cb, bm);
1039 }
1040
1041 static void ide_sector_write_dma(IDEState *s)
1042 {
1043 s->status = READY_STAT | SEEK_STAT | DRQ_STAT | BUSY_STAT;
1044 s->io_buffer_index = 0;
1045 s->io_buffer_size = 0;
1046 ide_dma_start(s, ide_write_dma_cb);
1047 }
1048
1049 static void ide_atapi_cmd_ok(IDEState *s)
1050 {
1051 s->error = 0;
1052 s->status = READY_STAT | SEEK_STAT;
1053 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
1054 ide_set_irq(s);
1055 }
1056
1057 static void ide_atapi_cmd_error(IDEState *s, int sense_key, int asc)
1058 {
1059 #ifdef DEBUG_IDE_ATAPI
1060 printf("atapi_cmd_error: sense=0x%x asc=0x%x\n", sense_key, asc);
1061 #endif
1062 s->error = sense_key << 4;
1063 s->status = READY_STAT | ERR_STAT;
1064 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
1065 s->sense_key = sense_key;
1066 s->asc = asc;
1067 ide_set_irq(s);
1068 }
1069
1070 static inline void cpu_to_ube16(uint8_t *buf, int val)
1071 {
1072 buf[0] = val >> 8;
1073 buf[1] = val;
1074 }
1075
1076 static inline void cpu_to_ube32(uint8_t *buf, unsigned int val)
1077 {
1078 buf[0] = val >> 24;
1079 buf[1] = val >> 16;
1080 buf[2] = val >> 8;
1081 buf[3] = val;
1082 }
1083
1084 static inline int ube16_to_cpu(const uint8_t *buf)
1085 {
1086 return (buf[0] << 8) | buf[1];
1087 }
1088
1089 static inline int ube32_to_cpu(const uint8_t *buf)
1090 {
1091 return (buf[0] << 24) | (buf[1] << 16) | (buf[2] << 8) | buf[3];
1092 }
1093
1094 static void lba_to_msf(uint8_t *buf, int lba)
1095 {
1096 lba += 150;
1097 buf[0] = (lba / 75) / 60;
1098 buf[1] = (lba / 75) % 60;
1099 buf[2] = lba % 75;
1100 }
1101
1102 static void cd_data_to_raw(uint8_t *buf, int lba)
1103 {
1104 /* sync bytes */
1105 buf[0] = 0x00;
1106 memset(buf + 1, 0xff, 10);
1107 buf[11] = 0x00;
1108 buf += 12;
1109 /* MSF */
1110 lba_to_msf(buf, lba);
1111 buf[3] = 0x01; /* mode 1 data */
1112 buf += 4;
1113 /* data */
1114 buf += 2048;
1115 /* XXX: ECC not computed */
1116 memset(buf, 0, 288);
1117 }
1118
1119 static int cd_read_sector(BlockDriverState *bs, int lba, uint8_t *buf,
1120 int sector_size)
1121 {
1122 int ret;
1123
1124 switch(sector_size) {
1125 case 2048:
1126 ret = bdrv_read(bs, (int64_t)lba << 2, buf, 4);
1127 break;
1128 case 2352:
1129 ret = bdrv_read(bs, (int64_t)lba << 2, buf + 16, 4);
1130 if (ret < 0)
1131 return ret;
1132 cd_data_to_raw(buf, lba);
1133 break;
1134 default:
1135 ret = -EIO;
1136 break;
1137 }
1138 return ret;
1139 }
1140
1141 static void ide_atapi_io_error(IDEState *s, int ret)
1142 {
1143 /* XXX: handle more errors */
1144 if (ret == -ENOMEDIUM) {
1145 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1146 ASC_MEDIUM_NOT_PRESENT);
1147 } else {
1148 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1149 ASC_LOGICAL_BLOCK_OOR);
1150 }
1151 }
1152
1153 /* The whole ATAPI transfer logic is handled in this function */
1154 static void ide_atapi_cmd_reply_end(IDEState *s)
1155 {
1156 int byte_count_limit, size, ret;
1157 #ifdef DEBUG_IDE_ATAPI
1158 printf("reply: tx_size=%d elem_tx_size=%d index=%d\n",
1159 s->packet_transfer_size,
1160 s->elementary_transfer_size,
1161 s->io_buffer_index);
1162 #endif
1163 if (s->packet_transfer_size <= 0) {
1164 /* end of transfer */
1165 ide_transfer_stop(s);
1166 s->status = READY_STAT | SEEK_STAT;
1167 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
1168 ide_set_irq(s);
1169 #ifdef DEBUG_IDE_ATAPI
1170 printf("status=0x%x\n", s->status);
1171 #endif
1172 } else {
1173 /* see if a new sector must be read */
1174 if (s->lba != -1 && s->io_buffer_index >= s->cd_sector_size) {
1175 ret = cd_read_sector(s->bs, s->lba, s->io_buffer, s->cd_sector_size);
1176 if (ret < 0) {
1177 ide_transfer_stop(s);
1178 ide_atapi_io_error(s, ret);
1179 return;
1180 }
1181 s->lba++;
1182 s->io_buffer_index = 0;
1183 }
1184 if (s->elementary_transfer_size > 0) {
1185 /* there are some data left to transmit in this elementary
1186 transfer */
1187 size = s->cd_sector_size - s->io_buffer_index;
1188 if (size > s->elementary_transfer_size)
1189 size = s->elementary_transfer_size;
1190 ide_transfer_start(s, s->io_buffer + s->io_buffer_index,
1191 size, ide_atapi_cmd_reply_end);
1192 s->packet_transfer_size -= size;
1193 s->elementary_transfer_size -= size;
1194 s->io_buffer_index += size;
1195 } else {
1196 /* a new transfer is needed */
1197 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO;
1198 byte_count_limit = s->lcyl | (s->hcyl << 8);
1199 #ifdef DEBUG_IDE_ATAPI
1200 printf("byte_count_limit=%d\n", byte_count_limit);
1201 #endif
1202 if (byte_count_limit == 0xffff)
1203 byte_count_limit--;
1204 size = s->packet_transfer_size;
1205 if (size > byte_count_limit) {
1206 /* byte count limit must be even if this case */
1207 if (byte_count_limit & 1)
1208 byte_count_limit--;
1209 size = byte_count_limit;
1210 }
1211 s->lcyl = size;
1212 s->hcyl = size >> 8;
1213 s->elementary_transfer_size = size;
1214 /* we cannot transmit more than one sector at a time */
1215 if (s->lba != -1) {
1216 if (size > (s->cd_sector_size - s->io_buffer_index))
1217 size = (s->cd_sector_size - s->io_buffer_index);
1218 }
1219 ide_transfer_start(s, s->io_buffer + s->io_buffer_index,
1220 size, ide_atapi_cmd_reply_end);
1221 s->packet_transfer_size -= size;
1222 s->elementary_transfer_size -= size;
1223 s->io_buffer_index += size;
1224 ide_set_irq(s);
1225 #ifdef DEBUG_IDE_ATAPI
1226 printf("status=0x%x\n", s->status);
1227 #endif
1228 }
1229 }
1230 }
1231
1232 /* send a reply of 'size' bytes in s->io_buffer to an ATAPI command */
1233 static void ide_atapi_cmd_reply(IDEState *s, int size, int max_size)
1234 {
1235 if (size > max_size)
1236 size = max_size;
1237 s->lba = -1; /* no sector read */
1238 s->packet_transfer_size = size;
1239 s->io_buffer_size = size; /* dma: send the reply data as one chunk */
1240 s->elementary_transfer_size = 0;
1241 s->io_buffer_index = 0;
1242
1243 if (s->atapi_dma) {
1244 s->status = READY_STAT | SEEK_STAT | DRQ_STAT;
1245 ide_dma_start(s, ide_atapi_cmd_read_dma_cb);
1246 } else {
1247 s->status = READY_STAT | SEEK_STAT;
1248 ide_atapi_cmd_reply_end(s);
1249 }
1250 }
1251
1252 /* start a CD-CDROM read command */
1253 static void ide_atapi_cmd_read_pio(IDEState *s, int lba, int nb_sectors,
1254 int sector_size)
1255 {
1256 s->lba = lba;
1257 s->packet_transfer_size = nb_sectors * sector_size;
1258 s->elementary_transfer_size = 0;
1259 s->io_buffer_index = sector_size;
1260 s->cd_sector_size = sector_size;
1261
1262 s->status = READY_STAT | SEEK_STAT;
1263 ide_atapi_cmd_reply_end(s);
1264 }
1265
1266 /* ATAPI DMA support */
1267
1268 /* XXX: handle read errors */
1269 static void ide_atapi_cmd_read_dma_cb(void *opaque, int ret)
1270 {
1271 BMDMAState *bm = opaque;
1272 IDEState *s = bm->ide_if;
1273 int data_offset, n;
1274
1275 if (ret < 0) {
1276 ide_atapi_io_error(s, ret);
1277 goto eot;
1278 }
1279
1280 if (s->io_buffer_size > 0) {
1281 /*
1282 * For a cdrom read sector command (s->lba != -1),
1283 * adjust the lba for the next s->io_buffer_size chunk
1284 * and dma the current chunk.
1285 * For a command != read (s->lba == -1), just transfer
1286 * the reply data.
1287 */
1288 if (s->lba != -1) {
1289 if (s->cd_sector_size == 2352) {
1290 n = 1;
1291 cd_data_to_raw(s->io_buffer, s->lba);
1292 } else {
1293 n = s->io_buffer_size >> 11;
1294 }
1295 s->lba += n;
1296 }
1297 s->packet_transfer_size -= s->io_buffer_size;
1298 if (dma_buf_rw(bm, 1) == 0)
1299 goto eot;
1300 }
1301
1302 if (s->packet_transfer_size <= 0) {
1303 s->status = READY_STAT | SEEK_STAT;
1304 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
1305 ide_set_irq(s);
1306 eot:
1307 bm->status &= ~BM_STATUS_DMAING;
1308 bm->status |= BM_STATUS_INT;
1309 bm->dma_cb = NULL;
1310 bm->ide_if = NULL;
1311 bm->aiocb = NULL;
1312 return;
1313 }
1314
1315 s->io_buffer_index = 0;
1316 if (s->cd_sector_size == 2352) {
1317 n = 1;
1318 s->io_buffer_size = s->cd_sector_size;
1319 data_offset = 16;
1320 } else {
1321 n = s->packet_transfer_size >> 11;
1322 if (n > (IDE_DMA_BUF_SECTORS / 4))
1323 n = (IDE_DMA_BUF_SECTORS / 4);
1324 s->io_buffer_size = n * 2048;
1325 data_offset = 0;
1326 }
1327 #ifdef DEBUG_AIO
1328 printf("aio_read_cd: lba=%u n=%d\n", s->lba, n);
1329 #endif
1330 bm->aiocb = bdrv_aio_read(s->bs, (int64_t)s->lba << 2,
1331 s->io_buffer + data_offset, n * 4,
1332 ide_atapi_cmd_read_dma_cb, bm);
1333 if (!bm->aiocb) {
1334 /* Note: media not present is the most likely case */
1335 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1336 ASC_MEDIUM_NOT_PRESENT);
1337 goto eot;
1338 }
1339 }
1340
1341 /* start a CD-CDROM read command with DMA */
1342 /* XXX: test if DMA is available */
1343 static void ide_atapi_cmd_read_dma(IDEState *s, int lba, int nb_sectors,
1344 int sector_size)
1345 {
1346 s->lba = lba;
1347 s->packet_transfer_size = nb_sectors * sector_size;
1348 s->io_buffer_index = 0;
1349 s->io_buffer_size = 0;
1350 s->cd_sector_size = sector_size;
1351
1352 /* XXX: check if BUSY_STAT should be set */
1353 s->status = READY_STAT | SEEK_STAT | DRQ_STAT | BUSY_STAT;
1354 ide_dma_start(s, ide_atapi_cmd_read_dma_cb);
1355 }
1356
1357 static void ide_atapi_cmd_read(IDEState *s, int lba, int nb_sectors,
1358 int sector_size)
1359 {
1360 #ifdef DEBUG_IDE_ATAPI
1361 printf("read %s: LBA=%d nb_sectors=%d\n", s->atapi_dma ? "dma" : "pio",
1362 lba, nb_sectors);
1363 #endif
1364 if (s->atapi_dma) {
1365 ide_atapi_cmd_read_dma(s, lba, nb_sectors, sector_size);
1366 } else {
1367 ide_atapi_cmd_read_pio(s, lba, nb_sectors, sector_size);
1368 }
1369 }
1370
1371 static inline uint8_t ide_atapi_set_profile(uint8_t *buf, uint8_t *index,
1372 uint16_t profile)
1373 {
1374 uint8_t *buf_profile = buf + 12; /* start of profiles */
1375
1376 buf_profile += ((*index) * 4); /* start of indexed profile */
1377 cpu_to_ube16 (buf_profile, profile);
1378 buf_profile[2] = ((buf_profile[0] == buf[6]) && (buf_profile[1] == buf[7]));
1379
1380 /* each profile adds 4 bytes to the response */
1381 (*index)++;
1382 buf[11] += 4; /* Additional Length */
1383
1384 return 4;
1385 }
1386
1387 static int ide_dvd_read_structure(IDEState *s, int format,
1388 const uint8_t *packet, uint8_t *buf)
1389 {
1390 switch (format) {
1391 case 0x0: /* Physical format information */
1392 {
1393 int layer = packet[6];
1394 uint64_t total_sectors;
1395
1396 if (layer != 0)
1397 return -ASC_INV_FIELD_IN_CMD_PACKET;
1398
1399 bdrv_get_geometry(s->bs, &total_sectors);
1400 total_sectors >>= 2;
1401 if (total_sectors == 0)
1402 return -ASC_MEDIUM_NOT_PRESENT;
1403
1404 buf[4] = 1; /* DVD-ROM, part version 1 */
1405 buf[5] = 0xf; /* 120mm disc, minimum rate unspecified */
1406 buf[6] = 1; /* one layer, read-only (per MMC-2 spec) */
1407 buf[7] = 0; /* default densities */
1408
1409 /* FIXME: 0x30000 per spec? */
1410 cpu_to_ube32(buf + 8, 0); /* start sector */
1411 cpu_to_ube32(buf + 12, total_sectors - 1); /* end sector */
1412 cpu_to_ube32(buf + 16, total_sectors - 1); /* l0 end sector */
1413
1414 /* Size of buffer, not including 2 byte size field */
1415 cpu_to_be16wu((uint16_t *)buf, 2048 + 2);
1416
1417 /* 2k data + 4 byte header */
1418 return (2048 + 4);
1419 }
1420
1421 case 0x01: /* DVD copyright information */
1422 buf[4] = 0; /* no copyright data */
1423 buf[5] = 0; /* no region restrictions */
1424
1425 /* Size of buffer, not including 2 byte size field */
1426 cpu_to_be16wu((uint16_t *)buf, 4 + 2);
1427
1428 /* 4 byte header + 4 byte data */
1429 return (4 + 4);
1430
1431 case 0x03: /* BCA information - invalid field for no BCA info */
1432 return -ASC_INV_FIELD_IN_CMD_PACKET;
1433
1434 case 0x04: /* DVD disc manufacturing information */
1435 /* Size of buffer, not including 2 byte size field */
1436 cpu_to_be16wu((uint16_t *)buf, 2048 + 2);
1437
1438 /* 2k data + 4 byte header */
1439 return (2048 + 4);
1440
1441 case 0xff:
1442 /*
1443 * This lists all the command capabilities above. Add new ones
1444 * in order and update the length and buffer return values.
1445 */
1446
1447 buf[4] = 0x00; /* Physical format */
1448 buf[5] = 0x40; /* Not writable, is readable */
1449 cpu_to_be16wu((uint16_t *)(buf + 6), 2048 + 4);
1450
1451 buf[8] = 0x01; /* Copyright info */
1452 buf[9] = 0x40; /* Not writable, is readable */
1453 cpu_to_be16wu((uint16_t *)(buf + 10), 4 + 4);
1454
1455 buf[12] = 0x03; /* BCA info */
1456 buf[13] = 0x40; /* Not writable, is readable */
1457 cpu_to_be16wu((uint16_t *)(buf + 14), 188 + 4);
1458
1459 buf[16] = 0x04; /* Manufacturing info */
1460 buf[17] = 0x40; /* Not writable, is readable */
1461 cpu_to_be16wu((uint16_t *)(buf + 18), 2048 + 4);
1462
1463 /* Size of buffer, not including 2 byte size field */
1464 cpu_to_be16wu((uint16_t *)buf, 16 + 2);
1465
1466 /* data written + 4 byte header */
1467 return (16 + 4);
1468
1469 default: /* TODO: formats beyond DVD-ROM requires */
1470 return -ASC_INV_FIELD_IN_CMD_PACKET;
1471 }
1472 }
1473
1474 static void ide_atapi_cmd(IDEState *s)
1475 {
1476 const uint8_t *packet;
1477 uint8_t *buf;
1478 int max_len;
1479
1480 packet = s->io_buffer;
1481 buf = s->io_buffer;
1482 #ifdef DEBUG_IDE_ATAPI
1483 {
1484 int i;
1485 printf("ATAPI limit=0x%x packet:", s->lcyl | (s->hcyl << 8));
1486 for(i = 0; i < ATAPI_PACKET_SIZE; i++) {
1487 printf(" %02x", packet[i]);
1488 }
1489 printf("\n");
1490 }
1491 #endif
1492 switch(s->io_buffer[0]) {
1493 case GPCMD_TEST_UNIT_READY:
1494 if (bdrv_is_inserted(s->bs)) {
1495 ide_atapi_cmd_ok(s);
1496 } else {
1497 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1498 ASC_MEDIUM_NOT_PRESENT);
1499 }
1500 break;
1501 case GPCMD_MODE_SENSE_6:
1502 case GPCMD_MODE_SENSE_10:
1503 {
1504 int action, code;
1505 if (packet[0] == GPCMD_MODE_SENSE_10)
1506 max_len = ube16_to_cpu(packet + 7);
1507 else
1508 max_len = packet[4];
1509 action = packet[2] >> 6;
1510 code = packet[2] & 0x3f;
1511 switch(action) {
1512 case 0: /* current values */
1513 switch(code) {
1514 case 0x01: /* error recovery */
1515 cpu_to_ube16(&buf[0], 16 + 6);
1516 buf[2] = 0x70;
1517 buf[3] = 0;
1518 buf[4] = 0;
1519 buf[5] = 0;
1520 buf[6] = 0;
1521 buf[7] = 0;
1522
1523 buf[8] = 0x01;
1524 buf[9] = 0x06;
1525 buf[10] = 0x00;
1526 buf[11] = 0x05;
1527 buf[12] = 0x00;
1528 buf[13] = 0x00;
1529 buf[14] = 0x00;
1530 buf[15] = 0x00;
1531 ide_atapi_cmd_reply(s, 16, max_len);
1532 break;
1533 case 0x2a:
1534 cpu_to_ube16(&buf[0], 28 + 6);
1535 buf[2] = 0x70;
1536 buf[3] = 0;
1537 buf[4] = 0;
1538 buf[5] = 0;
1539 buf[6] = 0;
1540 buf[7] = 0;
1541
1542 buf[8] = 0x2a;
1543 buf[9] = 0x12;
1544 buf[10] = 0x00;
1545 buf[11] = 0x00;
1546
1547 buf[12] = 0x70;
1548 buf[13] = 3 << 5;
1549 buf[14] = (1 << 0) | (1 << 3) | (1 << 5);
1550 if (bdrv_is_locked(s->bs))
1551 buf[6] |= 1 << 1;
1552 buf[15] = 0x00;
1553 cpu_to_ube16(&buf[16], 706);
1554 buf[18] = 0;
1555 buf[19] = 2;
1556 cpu_to_ube16(&buf[20], 512);
1557 cpu_to_ube16(&buf[22], 706);
1558 buf[24] = 0;
1559 buf[25] = 0;
1560 buf[26] = 0;
1561 buf[27] = 0;
1562 ide_atapi_cmd_reply(s, 28, max_len);
1563 break;
1564 default:
1565 goto error_cmd;
1566 }
1567 break;
1568 case 1: /* changeable values */
1569 goto error_cmd;
1570 case 2: /* default values */
1571 goto error_cmd;
1572 default:
1573 case 3: /* saved values */
1574 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1575 ASC_SAVING_PARAMETERS_NOT_SUPPORTED);
1576 break;
1577 }
1578 }
1579 break;
1580 case GPCMD_REQUEST_SENSE:
1581 max_len = packet[4];
1582 memset(buf, 0, 18);
1583 buf[0] = 0x70 | (1 << 7);
1584 buf[2] = s->sense_key;
1585 buf[7] = 10;
1586 buf[12] = s->asc;
1587 ide_atapi_cmd_reply(s, 18, max_len);
1588 break;
1589 case GPCMD_PREVENT_ALLOW_MEDIUM_REMOVAL:
1590 if (bdrv_is_inserted(s->bs)) {
1591 bdrv_set_locked(s->bs, packet[4] & 1);
1592 ide_atapi_cmd_ok(s);
1593 } else {
1594 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1595 ASC_MEDIUM_NOT_PRESENT);
1596 }
1597 break;
1598 case GPCMD_READ_10:
1599 case GPCMD_READ_12:
1600 {
1601 int nb_sectors, lba;
1602
1603 if (packet[0] == GPCMD_READ_10)
1604 nb_sectors = ube16_to_cpu(packet + 7);
1605 else
1606 nb_sectors = ube32_to_cpu(packet + 6);
1607 lba = ube32_to_cpu(packet + 2);
1608 if (nb_sectors == 0) {
1609 ide_atapi_cmd_ok(s);
1610 break;
1611 }
1612 ide_atapi_cmd_read(s, lba, nb_sectors, 2048);
1613 }
1614 break;
1615 case GPCMD_READ_CD:
1616 {
1617 int nb_sectors, lba, transfer_request;
1618
1619 nb_sectors = (packet[6] << 16) | (packet[7] << 8) | packet[8];
1620 lba = ube32_to_cpu(packet + 2);
1621 if (nb_sectors == 0) {
1622 ide_atapi_cmd_ok(s);
1623 break;
1624 }
1625 transfer_request = packet[9];
1626 switch(transfer_request & 0xf8) {
1627 case 0x00:
1628 /* nothing */
1629 ide_atapi_cmd_ok(s);
1630 break;
1631 case 0x10:
1632 /* normal read */
1633 ide_atapi_cmd_read(s, lba, nb_sectors, 2048);
1634 break;
1635 case 0xf8:
1636 /* read all data */
1637 ide_atapi_cmd_read(s, lba, nb_sectors, 2352);
1638 break;
1639 default:
1640 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1641 ASC_INV_FIELD_IN_CMD_PACKET);
1642 break;
1643 }
1644 }
1645 break;
1646 case GPCMD_SEEK:
1647 {
1648 unsigned int lba;
1649 uint64_t total_sectors;
1650
1651 bdrv_get_geometry(s->bs, &total_sectors);
1652 total_sectors >>= 2;
1653 if (total_sectors == 0) {
1654 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1655 ASC_MEDIUM_NOT_PRESENT);
1656 break;
1657 }
1658 lba = ube32_to_cpu(packet + 2);
1659 if (lba >= total_sectors) {
1660 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1661 ASC_LOGICAL_BLOCK_OOR);
1662 break;
1663 }
1664 ide_atapi_cmd_ok(s);
1665 }
1666 break;
1667 case GPCMD_START_STOP_UNIT:
1668 {
1669 int start, eject;
1670 start = packet[4] & 1;
1671 eject = (packet[4] >> 1) & 1;
1672
1673 if (eject && !start) {
1674 /* eject the disk */
1675 bdrv_eject(s->bs, 1);
1676 } else if (eject && start) {
1677 /* close the tray */
1678 bdrv_eject(s->bs, 0);
1679 }
1680 ide_atapi_cmd_ok(s);
1681 }
1682 break;
1683 case GPCMD_MECHANISM_STATUS:
1684 {
1685 max_len = ube16_to_cpu(packet + 8);
1686 cpu_to_ube16(buf, 0);
1687 /* no current LBA */
1688 buf[2] = 0;
1689 buf[3] = 0;
1690 buf[4] = 0;
1691 buf[5] = 1;
1692 cpu_to_ube16(buf + 6, 0);
1693 ide_atapi_cmd_reply(s, 8, max_len);
1694 }
1695 break;
1696 case GPCMD_READ_TOC_PMA_ATIP:
1697 {
1698 int format, msf, start_track, len;
1699 uint64_t total_sectors;
1700
1701 bdrv_get_geometry(s->bs, &total_sectors);
1702 total_sectors >>= 2;
1703 if (total_sectors == 0) {
1704 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1705 ASC_MEDIUM_NOT_PRESENT);
1706 break;
1707 }
1708 max_len = ube16_to_cpu(packet + 7);
1709 format = packet[9] >> 6;
1710 msf = (packet[1] >> 1) & 1;
1711 start_track = packet[6];
1712 switch(format) {
1713 case 0:
1714 len = cdrom_read_toc(total_sectors, buf, msf, start_track);
1715 if (len < 0)
1716 goto error_cmd;
1717 ide_atapi_cmd_reply(s, len, max_len);
1718 break;
1719 case 1:
1720 /* multi session : only a single session defined */
1721 memset(buf, 0, 12);
1722 buf[1] = 0x0a;
1723 buf[2] = 0x01;
1724 buf[3] = 0x01;
1725 ide_atapi_cmd_reply(s, 12, max_len);
1726 break;
1727 case 2:
1728 len = cdrom_read_toc_raw(total_sectors, buf, msf, start_track);
1729 if (len < 0)
1730 goto error_cmd;
1731 ide_atapi_cmd_reply(s, len, max_len);
1732 break;
1733 default:
1734 error_cmd:
1735 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1736 ASC_INV_FIELD_IN_CMD_PACKET);
1737 break;
1738 }
1739 }
1740 break;
1741 case GPCMD_READ_CDVD_CAPACITY:
1742 {
1743 uint64_t total_sectors;
1744
1745 bdrv_get_geometry(s->bs, &total_sectors);
1746 total_sectors >>= 2;
1747 if (total_sectors == 0) {
1748 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1749 ASC_MEDIUM_NOT_PRESENT);
1750 break;
1751 }
1752 /* NOTE: it is really the number of sectors minus 1 */
1753 cpu_to_ube32(buf, total_sectors - 1);
1754 cpu_to_ube32(buf + 4, 2048);
1755 ide_atapi_cmd_reply(s, 8, 8);
1756 }
1757 break;
1758 case GPCMD_READ_DVD_STRUCTURE:
1759 {
1760 int media = packet[1];
1761 int format = packet[7];
1762 int ret;
1763
1764 max_len = ube16_to_cpu(packet + 8);
1765
1766 if (format < 0xff) {
1767 if (media_is_cd(s)) {
1768 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1769 ASC_INCOMPATIBLE_FORMAT);
1770 break;
1771 } else if (!media_present(s)) {
1772 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1773 ASC_INV_FIELD_IN_CMD_PACKET);
1774 break;
1775 }
1776 }
1777
1778 memset(buf, 0, max_len > IDE_DMA_BUF_SECTORS * 512 + 4 ?
1779 IDE_DMA_BUF_SECTORS * 512 + 4 : max_len);
1780
1781 switch (format) {
1782 case 0x00 ... 0x7f:
1783 case 0xff:
1784 if (media == 0) {
1785 ret = ide_dvd_read_structure(s, format, packet, buf);
1786
1787 if (ret < 0)
1788 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST, -ret);
1789 else
1790 ide_atapi_cmd_reply(s, ret, max_len);
1791
1792 break;
1793 }
1794 /* TODO: BD support, fall through for now */
1795
1796 /* Generic disk structures */
1797 case 0x80: /* TODO: AACS volume identifier */
1798 case 0x81: /* TODO: AACS media serial number */
1799 case 0x82: /* TODO: AACS media identifier */
1800 case 0x83: /* TODO: AACS media key block */
1801 case 0x90: /* TODO: List of recognized format layers */
1802 case 0xc0: /* TODO: Write protection status */
1803 default:
1804 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1805 ASC_INV_FIELD_IN_CMD_PACKET);
1806 break;
1807 }
1808 }
1809 break;
1810 case GPCMD_SET_SPEED:
1811 ide_atapi_cmd_ok(s);
1812 break;
1813 case GPCMD_INQUIRY:
1814 max_len = packet[4];
1815 buf[0] = 0x05; /* CD-ROM */
1816 buf[1] = 0x80; /* removable */
1817 buf[2] = 0x00; /* ISO */
1818 buf[3] = 0x21; /* ATAPI-2 (XXX: put ATAPI-4 ?) */
1819 buf[4] = 31; /* additional length */
1820 buf[5] = 0; /* reserved */
1821 buf[6] = 0; /* reserved */
1822 buf[7] = 0; /* reserved */
1823 padstr8(buf + 8, 8, "QEMU");
1824 padstr8(buf + 16, 16, "QEMU DVD-ROM");
1825 padstr8(buf + 32, 4, QEMU_VERSION);
1826 ide_atapi_cmd_reply(s, 36, max_len);
1827 break;
1828 case GPCMD_GET_CONFIGURATION:
1829 {
1830 uint32_t len;
1831 uint8_t index = 0;
1832
1833 /* only feature 0 is supported */
1834 if (packet[2] != 0 || packet[3] != 0) {
1835 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1836 ASC_INV_FIELD_IN_CMD_PACKET);
1837 break;
1838 }
1839
1840 /* XXX: could result in alignment problems in some architectures */
1841 max_len = ube16_to_cpu(packet + 7);
1842
1843 /*
1844 * XXX: avoid overflow for io_buffer if max_len is bigger than
1845 * the size of that buffer (dimensioned to max number of
1846 * sectors to transfer at once)
1847 *
1848 * Only a problem if the feature/profiles grow.
1849 */
1850 if (max_len > 512) /* XXX: assume 1 sector */
1851 max_len = 512;
1852
1853 memset(buf, 0, max_len);
1854 /*
1855 * the number of sectors from the media tells us which profile
1856 * to use as current. 0 means there is no media
1857 */
1858 if (media_is_dvd(s))
1859 cpu_to_ube16(buf + 6, MMC_PROFILE_DVD_ROM);
1860 else if (media_is_cd(s))
1861 cpu_to_ube16(buf + 6, MMC_PROFILE_CD_ROM);
1862
1863 buf[10] = 0x02 | 0x01; /* persistent and current */
1864 len = 12; /* headers: 8 + 4 */
1865 len += ide_atapi_set_profile(buf, &index, MMC_PROFILE_DVD_ROM);
1866 len += ide_atapi_set_profile(buf, &index, MMC_PROFILE_CD_ROM);
1867 cpu_to_ube32(buf, len - 4); /* data length */
1868
1869 ide_atapi_cmd_reply(s, len, max_len);
1870 break;
1871 }
1872 default:
1873 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1874 ASC_ILLEGAL_OPCODE);
1875 break;
1876 }
1877 }
1878
1879 static void ide_cfata_metadata_inquiry(IDEState *s)
1880 {
1881 uint16_t *p;
1882 uint32_t spd;
1883
1884 p = (uint16_t *) s->io_buffer;
1885 memset(p, 0, 0x200);
1886 spd = ((s->mdata_size - 1) >> 9) + 1;
1887
1888 put_le16(p + 0, 0x0001); /* Data format revision */
1889 put_le16(p + 1, 0x0000); /* Media property: silicon */
1890 put_le16(p + 2, s->media_changed); /* Media status */
1891 put_le16(p + 3, s->mdata_size & 0xffff); /* Capacity in bytes (low) */
1892 put_le16(p + 4, s->mdata_size >> 16); /* Capacity in bytes (high) */
1893 put_le16(p + 5, spd & 0xffff); /* Sectors per device (low) */
1894 put_le16(p + 6, spd >> 16); /* Sectors per device (high) */
1895 }
1896
1897 static void ide_cfata_metadata_read(IDEState *s)
1898 {
1899 uint16_t *p;
1900
1901 if (((s->hcyl << 16) | s->lcyl) << 9 > s->mdata_size + 2) {
1902 s->status = ERR_STAT;
1903 s->error = ABRT_ERR;
1904 return;
1905 }
1906
1907 p = (uint16_t *) s->io_buffer;
1908 memset(p, 0, 0x200);
1909
1910 put_le16(p + 0, s->media_changed); /* Media status */
1911 memcpy(p + 1, s->mdata_storage + (((s->hcyl << 16) | s->lcyl) << 9),
1912 MIN(MIN(s->mdata_size - (((s->hcyl << 16) | s->lcyl) << 9),
1913 s->nsector << 9), 0x200 - 2));
1914 }
1915
1916 static void ide_cfata_metadata_write(IDEState *s)
1917 {
1918 if (((s->hcyl << 16) | s->lcyl) << 9 > s->mdata_size + 2) {
1919 s->status = ERR_STAT;
1920 s->error = ABRT_ERR;
1921 return;
1922 }
1923
1924 s->media_changed = 0;
1925
1926 memcpy(s->mdata_storage + (((s->hcyl << 16) | s->lcyl) << 9),
1927 s->io_buffer + 2,
1928 MIN(MIN(s->mdata_size - (((s->hcyl << 16) | s->lcyl) << 9),
1929 s->nsector << 9), 0x200 - 2));
1930 }
1931
1932 /* called when the inserted state of the media has changed */
1933 static void cdrom_change_cb(void *opaque)
1934 {
1935 IDEState *s = opaque;
1936 uint64_t nb_sectors;
1937
1938 /* XXX: send interrupt too */
1939 bdrv_get_geometry(s->bs, &nb_sectors);
1940 s->nb_sectors = nb_sectors;
1941 }
1942
1943 static void ide_cmd_lba48_transform(IDEState *s, int lba48)
1944 {
1945 s->lba48 = lba48;
1946
1947 /* handle the 'magic' 0 nsector count conversion here. to avoid
1948 * fiddling with the rest of the read logic, we just store the
1949 * full sector count in ->nsector and ignore ->hob_nsector from now
1950 */
1951 if (!s->lba48) {
1952 if (!s->nsector)
1953 s->nsector = 256;
1954 } else {
1955 if (!s->nsector && !s->hob_nsector)
1956 s->nsector = 65536;
1957 else {
1958 int lo = s->nsector;
1959 int hi = s->hob_nsector;
1960
1961 s->nsector = (hi << 8) | lo;
1962 }
1963 }
1964 }
1965
1966 static void ide_clear_hob(IDEState *ide_if)
1967 {
1968 /* any write clears HOB high bit of device control register */
1969 ide_if[0].select &= ~(1 << 7);
1970 ide_if[1].select &= ~(1 << 7);
1971 }
1972
1973 static void ide_ioport_write(void *opaque, uint32_t addr, uint32_t val)
1974 {
1975 IDEState *ide_if = opaque;
1976 IDEState *s;
1977 int unit, n;
1978 int lba48 = 0;
1979
1980 #ifdef DEBUG_IDE
1981 printf("IDE: write addr=0x%x val=0x%02x\n", addr, val);
1982 #endif
1983
1984 addr &= 7;
1985
1986 /* ignore writes to command block while busy with previous command */
1987 if (addr != 7 && (ide_if->cur_drive->status & (BUSY_STAT|DRQ_STAT)))
1988 return;
1989
1990 switch(addr) {
1991 case 0:
1992 break;
1993 case 1:
1994 ide_clear_hob(ide_if);
1995 /* NOTE: data is written to the two drives */
1996 ide_if[0].hob_feature = ide_if[0].feature;
1997 ide_if[1].hob_feature = ide_if[1].feature;
1998 ide_if[0].feature = val;
1999 ide_if[1].feature = val;
2000 break;
2001 case 2:
2002 ide_clear_hob(ide_if);
2003 ide_if[0].hob_nsector = ide_if[0].nsector;
2004 ide_if[1].hob_nsector = ide_if[1].nsector;
2005 ide_if[0].nsector = val;
2006 ide_if[1].nsector = val;
2007 break;
2008 case 3:
2009 ide_clear_hob(ide_if);
2010 ide_if[0].hob_sector = ide_if[0].sector;
2011 ide_if[1].hob_sector = ide_if[1].sector;
2012 ide_if[0].sector = val;
2013 ide_if[1].sector = val;
2014 break;
2015 case 4:
2016 ide_clear_hob(ide_if);
2017 ide_if[0].hob_lcyl = ide_if[0].lcyl;
2018 ide_if[1].hob_lcyl = ide_if[1].lcyl;
2019 ide_if[0].lcyl = val;
2020 ide_if[1].lcyl = val;
2021 break;
2022 case 5:
2023 ide_clear_hob(ide_if);
2024 ide_if[0].hob_hcyl = ide_if[0].hcyl;
2025 ide_if[1].hob_hcyl = ide_if[1].hcyl;
2026 ide_if[0].hcyl = val;
2027 ide_if[1].hcyl = val;
2028 break;
2029 case 6:
2030 /* FIXME: HOB readback uses bit 7 */
2031 ide_if[0].select = (val & ~0x10) | 0xa0;
2032 ide_if[1].select = (val | 0x10) | 0xa0;
2033 /* select drive */
2034 unit = (val >> 4) & 1;
2035 s = ide_if + unit;
2036 ide_if->cur_drive = s;
2037 break;
2038 default:
2039 case 7:
2040 /* command */
2041 #if defined(DEBUG_IDE)
2042 printf("ide: CMD=%02x\n", val);
2043 #endif
2044 s = ide_if->cur_drive;
2045 /* ignore commands to non existant slave */
2046 if (s != ide_if && !s->bs)
2047 break;
2048
2049 /* Only DEVICE RESET is allowed while BSY or/and DRQ are set */
2050 if ((s->status & (BUSY_STAT|DRQ_STAT)) && val != WIN_DEVICE_RESET)
2051 break;
2052
2053 switch(val) {
2054 case WIN_IDENTIFY:
2055 if (s->bs && !s->is_cdrom) {
2056 if (!s->is_cf)
2057 ide_identify(s);
2058 else
2059 ide_cfata_identify(s);
2060 s->status = READY_STAT | SEEK_STAT;
2061 ide_transfer_start(s, s->io_buffer, 512, ide_transfer_stop);
2062 } else {
2063 if (s->is_cdrom) {
2064 ide_set_signature(s);
2065 }
2066 ide_abort_command(s);
2067 }
2068 ide_set_irq(s);
2069 break;
2070 case WIN_SPECIFY:
2071 case WIN_RECAL:
2072 s->error = 0;
2073 s->status = READY_STAT | SEEK_STAT;
2074 ide_set_irq(s);
2075 break;
2076 case WIN_SETMULT:
2077 if (s->is_cf && s->nsector == 0) {
2078 /* Disable Read and Write Multiple */
2079 s->mult_sectors = 0;
2080 s->status = READY_STAT | SEEK_STAT;
2081 } else if ((s->nsector & 0xff) != 0 &&
2082 ((s->nsector & 0xff) > MAX_MULT_SECTORS ||
2083 (s->nsector & (s->nsector - 1)) != 0)) {
2084 ide_abort_command(s);
2085 } else {
2086 s->mult_sectors = s->nsector & 0xff;
2087 s->status = READY_STAT | SEEK_STAT;
2088 }
2089 ide_set_irq(s);
2090 break;
2091 case WIN_VERIFY_EXT:
2092 lba48 = 1;
2093 case WIN_VERIFY:
2094 case WIN_VERIFY_ONCE:
2095 /* do sector number check ? */
2096 ide_cmd_lba48_transform(s, lba48);
2097 s->status = READY_STAT | SEEK_STAT;
2098 ide_set_irq(s);
2099 break;
2100 case WIN_READ_EXT:
2101 lba48 = 1;
2102 case WIN_READ:
2103 case WIN_READ_ONCE:
2104 if (!s->bs)
2105 goto abort_cmd;
2106 ide_cmd_lba48_transform(s, lba48);
2107 s->req_nb_sectors = 1;
2108 ide_sector_read(s);
2109 break;
2110 case WIN_WRITE_EXT:
2111 lba48 = 1;
2112 case WIN_WRITE:
2113 case WIN_WRITE_ONCE:
2114 case CFA_WRITE_SECT_WO_ERASE:
2115 case WIN_WRITE_VERIFY:
2116 ide_cmd_lba48_transform(s, lba48);
2117 s->error = 0;
2118 s->status = SEEK_STAT | READY_STAT;
2119 s->req_nb_sectors = 1;
2120 ide_transfer_start(s, s->io_buffer, 512, ide_sector_write);
2121 s->media_changed = 1;
2122 break;
2123 case WIN_MULTREAD_EXT:
2124 lba48 = 1;
2125 case WIN_MULTREAD:
2126 if (!s->mult_sectors)
2127 goto abort_cmd;
2128 ide_cmd_lba48_transform(s, lba48);
2129 s->req_nb_sectors = s->mult_sectors;
2130 ide_sector_read(s);
2131 break;
2132 case WIN_MULTWRITE_EXT:
2133 lba48 = 1;
2134 case WIN_MULTWRITE:
2135 case CFA_WRITE_MULTI_WO_ERASE:
2136 if (!s->mult_sectors)
2137 goto abort_cmd;
2138 ide_cmd_lba48_transform(s, lba48);
2139 s->error = 0;
2140 s->status = SEEK_STAT | READY_STAT;
2141 s->req_nb_sectors = s->mult_sectors;
2142 n = s->nsector;
2143 if (n > s->req_nb_sectors)
2144 n = s->req_nb_sectors;
2145 ide_transfer_start(s, s->io_buffer, 512 * n, ide_sector_write);
2146 s->media_changed = 1;
2147 break;
2148 case WIN_READDMA_EXT:
2149 lba48 = 1;
2150 case WIN_READDMA:
2151 case WIN_READDMA_ONCE:
2152 if (!s->bs)
2153 goto abort_cmd;
2154 ide_cmd_lba48_transform(s, lba48);
2155 ide_sector_read_dma(s);
2156 break;
2157 case WIN_WRITEDMA_EXT:
2158 lba48 = 1;
2159 case WIN_WRITEDMA:
2160 case WIN_WRITEDMA_ONCE:
2161 if (!s->bs)
2162 goto abort_cmd;
2163 ide_cmd_lba48_transform(s, lba48);
2164 ide_sector_write_dma(s);
2165 s->media_changed = 1;
2166 break;
2167 case WIN_READ_NATIVE_MAX_EXT:
2168 lba48 = 1;
2169 case WIN_READ_NATIVE_MAX:
2170 ide_cmd_lba48_transform(s, lba48);
2171 ide_set_sector(s, s->nb_sectors - 1);
2172 s->status = READY_STAT | SEEK_STAT;
2173 ide_set_irq(s);
2174 break;
2175 case WIN_CHECKPOWERMODE1:
2176 case WIN_CHECKPOWERMODE2:
2177 s->nsector = 0xff; /* device active or idle */
2178 s->status = READY_STAT | SEEK_STAT;
2179 ide_set_irq(s);
2180 break;
2181 case WIN_SETFEATURES:
2182 if (!s->bs)
2183 goto abort_cmd;
2184 /* XXX: valid for CDROM ? */
2185 switch(s->feature) {
2186 case 0xcc: /* reverting to power-on defaults enable */
2187 case 0x66: /* reverting to power-on defaults disable */
2188 case 0x02: /* write cache enable */
2189 case 0x82: /* write cache disable */
2190 case 0xaa: /* read look-ahead enable */
2191 case 0x55: /* read look-ahead disable */
2192 case 0x05: /* set advanced power management mode */
2193 case 0x85: /* disable advanced power management mode */
2194 case 0x69: /* NOP */
2195 case 0x67: /* NOP */
2196 case 0x96: /* NOP */
2197 case 0x9a: /* NOP */
2198 case 0x42: /* enable Automatic Acoustic Mode */
2199 case 0xc2: /* disable Automatic Acoustic Mode */
2200 s->status = READY_STAT | SEEK_STAT;
2201 ide_set_irq(s);
2202 break;
2203 case 0x03: { /* set transfer mode */
2204 uint8_t val = s->nsector & 0x07;
2205
2206 switch (s->nsector >> 3) {
2207 case 0x00: /* pio default */
2208 case 0x01: /* pio mode */
2209 put_le16(s->identify_data + 62,0x07);
2210 put_le16(s->identify_data + 63,0x07);
2211 put_le16(s->identify_data + 88,0x3f);
2212 break;
2213 case 0x02: /* sigle word dma mode*/
2214 put_le16(s->identify_data + 62,0x07 | (1 << (val + 8)));
2215 put_le16(s->identify_data + 63,0x07);
2216 put_le16(s->identify_data + 88,0x3f);
2217 break;
2218 case 0x04: /* mdma mode */
2219 put_le16(s->identify_data + 62,0x07);
2220 put_le16(s->identify_data + 63,0x07 | (1 << (val + 8)));
2221 put_le16(s->identify_data + 88,0x3f);
2222 break;
2223 case 0x08: /* udma mode */
2224 put_le16(s->identify_data + 62,0x07);
2225 put_le16(s->identify_data + 63,0x07);
2226 put_le16(s->identify_data + 88,0x3f | (1 << (val + 8)));
2227 break;
2228 default:
2229 goto abort_cmd;
2230 }
2231 s->status = READY_STAT | SEEK_STAT;
2232 ide_set_irq(s);
2233 break;
2234 }
2235 default:
2236 goto abort_cmd;
2237 }
2238 break;
2239 case WIN_FLUSH_CACHE:
2240 case WIN_FLUSH_CACHE_EXT:
2241 if (s->bs)
2242 bdrv_flush(s->bs);
2243 s->status = READY_STAT | SEEK_STAT;
2244 ide_set_irq(s);
2245 break;
2246 case WIN_STANDBY:
2247 case WIN_STANDBY2:
2248 case WIN_STANDBYNOW1:
2249 case WIN_STANDBYNOW2:
2250 case WIN_IDLEIMMEDIATE:
2251 case CFA_IDLEIMMEDIATE:
2252 case WIN_SETIDLE1:
2253 case WIN_SETIDLE2:
2254 case WIN_SLEEPNOW1:
2255 case WIN_SLEEPNOW2:
2256 s->status = READY_STAT;
2257 ide_set_irq(s);
2258 break;
2259 /* ATAPI commands */
2260 case WIN_PIDENTIFY:
2261 if (s->is_cdrom) {
2262 ide_atapi_identify(s);
2263 s->status = READY_STAT | SEEK_STAT;
2264 ide_transfer_start(s, s->io_buffer, 512, ide_transfer_stop);
2265 } else {
2266 ide_abort_command(s);
2267 }
2268 ide_set_irq(s);
2269 break;
2270 case WIN_DIAGNOSE:
2271 ide_set_signature(s);
2272 s->status = READY_STAT | SEEK_STAT;
2273 s->error = 0x01;
2274 ide_set_irq(s);
2275 break;
2276 case WIN_SRST:
2277 if (!s->is_cdrom)
2278 goto abort_cmd;
2279 ide_set_signature(s);
2280 s->status = 0x00; /* NOTE: READY is _not_ set */
2281 s->error = 0x01;
2282 break;
2283 case WIN_PACKETCMD:
2284 if (!s->is_cdrom)
2285 goto abort_cmd;
2286 /* overlapping commands not supported */
2287 if (s->feature & 0x02)
2288 goto abort_cmd;
2289 s->status = READY_STAT | SEEK_STAT;
2290 s->atapi_dma = s->feature & 1;
2291 s->nsector = 1;
2292 ide_transfer_start(s, s->io_buffer, ATAPI_PACKET_SIZE,
2293 ide_atapi_cmd);
2294 break;
2295 /* CF-ATA commands */
2296 case CFA_REQ_EXT_ERROR_CODE:
2297 if (!s->is_cf)
2298 goto abort_cmd;
2299 s->error = 0x09; /* miscellaneous error */
2300 s->status = READY_STAT | SEEK_STAT;
2301 ide_set_irq(s);
2302 break;
2303 case CFA_ERASE_SECTORS:
2304 case CFA_WEAR_LEVEL:
2305 if (!s->is_cf)
2306 goto abort_cmd;
2307 if (val == CFA_WEAR_LEVEL)
2308 s->nsector = 0;
2309 if (val == CFA_ERASE_SECTORS)
2310 s->media_changed = 1;
2311 s->error = 0x00;
2312 s->status = READY_STAT | SEEK_STAT;
2313 ide_set_irq(s);
2314 break;
2315 case CFA_TRANSLATE_SECTOR:
2316 if (!s->is_cf)
2317 goto abort_cmd;
2318 s->error = 0x00;
2319 s->status = READY_STAT | SEEK_STAT;
2320 memset(s->io_buffer, 0, 0x200);
2321 s->io_buffer[0x00] = s->hcyl; /* Cyl MSB */
2322 s->io_buffer[0x01] = s->lcyl; /* Cyl LSB */
2323 s->io_buffer[0x02] = s->select; /* Head */
2324 s->io_buffer[0x03] = s->sector; /* Sector */
2325 s->io_buffer[0x04] = ide_get_sector(s) >> 16; /* LBA MSB */
2326 s->io_buffer[0x05] = ide_get_sector(s) >> 8; /* LBA */
2327 s->io_buffer[0x06] = ide_get_sector(s) >> 0; /* LBA LSB */
2328 s->io_buffer[0x13] = 0x00; /* Erase flag */
2329 s->io_buffer[0x18] = 0x00; /* Hot count */
2330 s->io_buffer[0x19] = 0x00; /* Hot count */
2331 s->io_buffer[0x1a] = 0x01; /* Hot count */
2332 ide_transfer_start(s, s->io_buffer, 0x200, ide_transfer_stop);
2333 ide_set_irq(s);
2334 break;
2335 case CFA_ACCESS_METADATA_STORAGE:
2336 if (!s->is_cf)
2337 goto abort_cmd;
2338 switch (s->feature) {
2339 case 0x02: /* Inquiry Metadata Storage */
2340 ide_cfata_metadata_inquiry(s);
2341 break;
2342 case 0x03: /* Read Metadata Storage */
2343 ide_cfata_metadata_read(s);
2344 break;
2345 case 0x04: /* Write Metadata Storage */
2346 ide_cfata_metadata_write(s);
2347 break;
2348 default:
2349 goto abort_cmd;
2350 }
2351 ide_transfer_start(s, s->io_buffer, 0x200, ide_transfer_stop);
2352 s->status = 0x00; /* NOTE: READY is _not_ set */
2353 ide_set_irq(s);
2354 break;
2355 case IBM_SENSE_CONDITION:
2356 if (!s->is_cf)
2357 goto abort_cmd;
2358 switch (s->feature) {
2359 case 0x01: /* sense temperature in device */
2360 s->nsector = 0x50; /* +20 C */
2361 break;
2362 default:
2363 goto abort_cmd;
2364 }
2365 s->status = READY_STAT | SEEK_STAT;
2366 ide_set_irq(s);
2367 break;
2368 default:
2369 abort_cmd:
2370 ide_abort_command(s);
2371 ide_set_irq(s);
2372 break;
2373 }
2374 }
2375 }
2376
2377 static uint32_t ide_ioport_read(void *opaque, uint32_t addr1)
2378 {
2379 IDEState *ide_if = opaque;
2380 IDEState *s = ide_if->cur_drive;
2381 uint32_t addr;
2382 int ret, hob;
2383
2384 addr = addr1 & 7;
2385 /* FIXME: HOB readback uses bit 7, but it's always set right now */
2386 //hob = s->select & (1 << 7);
2387 hob = 0;
2388 switch(addr) {
2389 case 0:
2390 ret = 0xff;
2391 break;
2392 case 1:
2393 if (!ide_if[0].bs && !ide_if[1].bs)
2394 ret = 0;
2395 else if (!hob)
2396 ret = s->error;
2397 else
2398 ret = s->hob_feature;
2399 break;
2400 case 2:
2401 if (!ide_if[0].bs && !ide_if[1].bs)
2402 ret = 0;
2403 else if (!hob)
2404 ret = s->nsector & 0xff;
2405 else
2406 ret = s->hob_nsector;
2407 break;
2408 case 3:
2409 if (!ide_if[0].bs && !ide_if[1].bs)
2410 ret = 0;
2411 else if (!hob)
2412 ret = s->sector;
2413 else
2414 ret = s->hob_sector;
2415 break;
2416 case 4:
2417 if (!ide_if[0].bs && !ide_if[1].bs)
2418 ret = 0;
2419 else if (!hob)
2420 ret = s->lcyl;
2421 else
2422 ret = s->hob_lcyl;
2423 break;
2424 case 5:
2425 if (!ide_if[0].bs && !ide_if[1].bs)
2426 ret = 0;
2427 else if (!hob)
2428 ret = s->hcyl;
2429 else
2430 ret = s->hob_hcyl;
2431 break;
2432 case 6:
2433 if (!ide_if[0].bs && !ide_if[1].bs)
2434 ret = 0;
2435 else
2436 ret = s->select;
2437 break;
2438 default:
2439 case 7:
2440 if ((!ide_if[0].bs && !ide_if[1].bs) ||
2441 (s != ide_if && !s->bs))
2442 ret = 0;
2443 else
2444 ret = s->status;
2445 qemu_irq_lower(s->irq);
2446 break;
2447 }
2448 #ifdef DEBUG_IDE
2449 printf("ide: read addr=0x%x val=%02x\n", addr1, ret);
2450 #endif
2451 return ret;
2452 }
2453
2454 static uint32_t ide_status_read(void *opaque, uint32_t addr)
2455 {
2456 IDEState *ide_if = opaque;
2457 IDEState *s = ide_if->cur_drive;
2458 int ret;
2459
2460 if ((!ide_if[0].bs && !ide_if[1].bs) ||
2461 (s != ide_if && !s->bs))
2462 ret = 0;
2463 else
2464 ret = s->status;
2465 #ifdef DEBUG_IDE
2466 printf("ide: read status addr=0x%x val=%02x\n", addr, ret);
2467 #endif
2468 return ret;
2469 }
2470
2471 static void ide_cmd_write(void *opaque, uint32_t addr, uint32_t val)
2472 {
2473 IDEState *ide_if = opaque;
2474 IDEState *s;
2475 int i;
2476
2477 #ifdef DEBUG_IDE
2478 printf("ide: write control addr=0x%x val=%02x\n", addr, val);
2479 #endif
2480 /* common for both drives */
2481 if (!(ide_if[0].cmd & IDE_CMD_RESET) &&
2482 (val & IDE_CMD_RESET)) {
2483 /* reset low to high */
2484 for(i = 0;i < 2; i++) {
2485 s = &ide_if[i];
2486 s->status = BUSY_STAT | SEEK_STAT;
2487 s->error = 0x01;
2488 }
2489 } else if ((ide_if[0].cmd & IDE_CMD_RESET) &&
2490 !(val & IDE_CMD_RESET)) {
2491 /* high to low */
2492 for(i = 0;i < 2; i++) {
2493 s = &ide_if[i];
2494 if (s->is_cdrom)
2495 s->status = 0x00; /* NOTE: READY is _not_ set */
2496 else
2497 s->status = READY_STAT | SEEK_STAT;
2498 ide_set_signature(s);
2499 }
2500 }
2501
2502 ide_if[0].cmd = val;
2503 ide_if[1].cmd = val;
2504 }
2505
2506 static void ide_data_writew(void *opaque, uint32_t addr, uint32_t val)
2507 {
2508 IDEState *s = ((IDEState *)opaque)->cur_drive;
2509 uint8_t *p;
2510
2511 /* PIO data access allowed only when DRQ bit is set */
2512 if (!(s->status & DRQ_STAT))
2513 return;
2514
2515 p = s->data_ptr;
2516 *(uint16_t *)p = le16_to_cpu(val);
2517 p += 2;
2518 s->data_ptr = p;
2519 if (p >= s->data_end)
2520 s->end_transfer_func(s);
2521 }
2522
2523 static uint32_t ide_data_readw(void *opaque, uint32_t addr)
2524 {
2525 IDEState *s = ((IDEState *)opaque)->cur_drive;
2526 uint8_t *p;
2527 int ret;
2528
2529 /* PIO data access allowed only when DRQ bit is set */
2530 if (!(s->status & DRQ_STAT))
2531 return 0;
2532
2533 p = s->data_ptr;
2534 ret = cpu_to_le16(*(uint16_t *)p);
2535 p += 2;
2536 s->data_ptr = p;
2537 if (p >= s->data_end)
2538 s->end_transfer_func(s);
2539 return ret;
2540 }
2541
2542 static void ide_data_writel(void *opaque, uint32_t addr, uint32_t val)
2543 {
2544 IDEState *s = ((IDEState *)opaque)->cur_drive;
2545 uint8_t *p;
2546
2547 /* PIO data access allowed only when DRQ bit is set */
2548 if (!(s->status & DRQ_STAT))
2549 return;
2550
2551 p = s->data_ptr;
2552 *(uint32_t *)p = le32_to_cpu(val);
2553 p += 4;
2554 s->data_ptr = p;
2555 if (p >= s->data_end)
2556 s->end_transfer_func(s);
2557 }
2558
2559 static uint32_t ide_data_readl(void *opaque, uint32_t addr)
2560 {
2561 IDEState *s = ((IDEState *)opaque)->cur_drive;
2562 uint8_t *p;
2563 int ret;
2564
2565 /* PIO data access allowed only when DRQ bit is set */
2566 if (!(s->status & DRQ_STAT))
2567 return 0;
2568
2569 p = s->data_ptr;
2570 ret = cpu_to_le32(*(uint32_t *)p);
2571 p += 4;
2572 s->data_ptr = p;
2573 if (p >= s->data_end)
2574 s->end_transfer_func(s);
2575 return ret;
2576 }
2577
2578 static void ide_dummy_transfer_stop(IDEState *s)
2579 {
2580 s->data_ptr = s->io_buffer;
2581 s->data_end = s->io_buffer;
2582 s->io_buffer[0] = 0xff;
2583 s->io_buffer[1] = 0xff;
2584 s->io_buffer[2] = 0xff;
2585 s->io_buffer[3] = 0xff;
2586 }
2587
2588 static void ide_reset(IDEState *s)
2589 {
2590 if (s->is_cf)
2591 s->mult_sectors = 0;
2592 else
2593 s->mult_sectors = MAX_MULT_SECTORS;
2594 s->cur_drive = s;
2595 s->select = 0xa0;
2596 s->status = READY_STAT | SEEK_STAT;
2597 ide_set_signature(s);
2598 /* init the transfer handler so that 0xffff is returned on data
2599 accesses */
2600 s->end_transfer_func = ide_dummy_transfer_stop;
2601 ide_dummy_transfer_stop(s);
2602 s->media_changed = 0;
2603 }
2604
2605 static void ide_init2(IDEState *ide_state,
2606 BlockDriverState *hd0, BlockDriverState *hd1,
2607 qemu_irq irq)
2608 {
2609 IDEState *s;
2610 static int drive_serial = 1;
2611 int i, cylinders, heads, secs;
2612 uint64_t nb_sectors;
2613
2614 for(i = 0; i < 2; i++) {
2615 s = ide_state + i;
2616 s->io_buffer = qemu_memalign(512, IDE_DMA_BUF_SECTORS*512 + 4);
2617 if (i == 0)
2618 s->bs = hd0;
2619 else
2620 s->bs = hd1;
2621 if (s->bs) {
2622 bdrv_get_geometry(s->bs, &nb_sectors);
2623 bdrv_guess_geometry(s->bs, &cylinders, &heads, &secs);
2624 s->cylinders = cylinders;
2625 s->heads = heads;
2626 s->sectors = secs;
2627 s->nb_sectors = nb_sectors;
2628
2629 if (bdrv_get_type_hint(s->bs) == BDRV_TYPE_CDROM) {
2630 s->is_cdrom = 1;
2631 bdrv_set_change_cb(s->bs, cdrom_change_cb, s);
2632 }
2633 }
2634 s->drive_serial = drive_serial++;
2635 s->irq = irq;
2636 s->sector_write_timer = qemu_new_timer(vm_clock,
2637 ide_sector_write_timer_cb, s);
2638 ide_reset(s);
2639 }
2640 }
2641
2642 static void ide_init_ioport(IDEState *ide_state, int iobase, int iobase2)
2643 {
2644 register_ioport_write(iobase, 8, 1, ide_ioport_write, ide_state);
2645 register_ioport_read(iobase, 8, 1, ide_ioport_read, ide_state);
2646 if (iobase2) {
2647 register_ioport_read(iobase2, 1, 1, ide_status_read, ide_state);
2648 register_ioport_write(iobase2, 1, 1, ide_cmd_write, ide_state);
2649 }
2650
2651 /* data ports */
2652 register_ioport_write(iobase, 2, 2, ide_data_writew, ide_state);
2653 register_ioport_read(iobase, 2, 2, ide_data_readw, ide_state);
2654 register_ioport_write(iobase, 4, 4, ide_data_writel, ide_state);
2655 register_ioport_read(iobase, 4, 4, ide_data_readl, ide_state);
2656 }
2657
2658 /* save per IDE drive data */
2659 static void ide_save(QEMUFile* f, IDEState *s)
2660 {
2661 qemu_put_be32(f, s->mult_sectors);
2662 qemu_put_be32(f, s->identify_set);
2663 if (s->identify_set) {
2664 qemu_put_buffer(f, (const uint8_t *)s->identify_data, 512);
2665 }
2666 qemu_put_8s(f, &s->feature);
2667 qemu_put_8s(f, &s->error);
2668 qemu_put_be32s(f, &s->nsector);
2669 qemu_put_8s(f, &s->sector);
2670 qemu_put_8s(f, &s->lcyl);
2671 qemu_put_8s(f, &s->hcyl);
2672 qemu_put_8s(f, &s->hob_feature);
2673 qemu_put_8s(f, &s->hob_nsector);
2674 qemu_put_8s(f, &s->hob_sector);
2675 qemu_put_8s(f, &s->hob_lcyl);
2676 qemu_put_8s(f, &s->hob_hcyl);
2677 qemu_put_8s(f, &s->select);
2678 qemu_put_8s(f, &s->status);
2679 qemu_put_8s(f, &s->lba48);
2680
2681 qemu_put_8s(f, &s->sense_key);
2682 qemu_put_8s(f, &s->asc);
2683 /* XXX: if a transfer is pending, we do not save it yet */
2684 }
2685
2686 /* load per IDE drive data */
2687 static void ide_load(QEMUFile* f, IDEState *s)
2688 {
2689 s->mult_sectors=qemu_get_be32(f);
2690 s->identify_set=qemu_get_be32(f);
2691 if (s->identify_set) {
2692 qemu_get_buffer(f, (uint8_t *)s->identify_data, 512);
2693 }
2694 qemu_get_8s(f, &s->feature);
2695 qemu_get_8s(f, &s->error);
2696 qemu_get_be32s(f, &s->nsector);
2697 qemu_get_8s(f, &s->sector);
2698 qemu_get_8s(f, &s->lcyl);
2699 qemu_get_8s(f, &s->hcyl);
2700 qemu_get_8s(f, &s->hob_feature);
2701 qemu_get_8s(f, &s->hob_nsector);
2702 qemu_get_8s(f, &s->hob_sector);
2703 qemu_get_8s(f, &s->hob_lcyl);
2704 qemu_get_8s(f, &s->hob_hcyl);
2705 qemu_get_8s(f, &s->select);
2706 qemu_get_8s(f, &s->status);
2707 qemu_get_8s(f, &s->lba48);
2708
2709 qemu_get_8s(f, &s->sense_key);
2710 qemu_get_8s(f, &s->asc);
2711 /* XXX: if a transfer is pending, we do not save it yet */
2712 }
2713
2714 /***********************************************************/
2715 /* ISA IDE definitions */
2716
2717 void isa_ide_init(int iobase, int iobase2, qemu_irq irq,
2718 BlockDriverState *hd0, BlockDriverState *hd1)
2719 {
2720 IDEState *ide_state;
2721
2722 ide_state = qemu_mallocz(sizeof(IDEState) * 2);
2723 if (!ide_state)
2724 return;
2725
2726 ide_init2(ide_state, hd0, hd1, irq);
2727 ide_init_ioport(ide_state, iobase, iobase2);
2728 }
2729
2730 /***********************************************************/
2731 /* PCI IDE definitions */
2732
2733 static void cmd646_update_irq(PCIIDEState *d);
2734
2735 static void ide_map(PCIDevice *pci_dev, int region_num,
2736 uint32_t addr, uint32_t size, int type)
2737 {
2738 PCIIDEState *d = (PCIIDEState *)pci_dev;
2739 IDEState *ide_state;
2740
2741 if (region_num <= 3) {
2742 ide_state = &d->ide_if[(region_num >> 1) * 2];
2743 if (region_num & 1) {
2744 register_ioport_read(addr + 2, 1, 1, ide_status_read, ide_state);
2745 register_ioport_write(addr + 2, 1, 1, ide_cmd_write, ide_state);
2746 } else {
2747 register_ioport_write(addr, 8, 1, ide_ioport_write, ide_state);
2748 register_ioport_read(addr, 8, 1, ide_ioport_read, ide_state);
2749
2750 /* data ports */
2751 register_ioport_write(addr, 2, 2, ide_data_writew, ide_state);
2752 register_ioport_read(addr, 2, 2, ide_data_readw, ide_state);
2753 register_ioport_write(addr, 4, 4, ide_data_writel, ide_state);
2754 register_ioport_read(addr, 4, 4, ide_data_readl, ide_state);
2755 }
2756 }
2757 }
2758
2759 static void ide_dma_start(IDEState *s, BlockDriverCompletionFunc *dma_cb)
2760 {
2761 BMDMAState *bm = s->bmdma;
2762 if(!bm)
2763 return;
2764 bm->ide_if = s;
2765 bm->dma_cb = dma_cb;
2766 bm->cur_prd_last = 0;
2767 bm->cur_prd_addr = 0;
2768 bm->cur_prd_len = 0;
2769 if (bm->status & BM_STATUS_DMAING) {
2770 bm->dma_cb(bm, 0);
2771 }
2772 }
2773
2774 static void ide_dma_cancel(BMDMAState *bm)
2775 {
2776 if (bm->status & BM_STATUS_DMAING) {
2777 bm->status &= ~BM_STATUS_DMAING;
2778 /* cancel DMA request */
2779 bm->ide_if = NULL;
2780 bm->dma_cb = NULL;
2781 if (bm->aiocb) {
2782 #ifdef DEBUG_AIO
2783 printf("aio_cancel\n");
2784 #endif
2785 bdrv_aio_cancel(bm->aiocb);
2786 bm->aiocb = NULL;
2787 }
2788 }
2789 }
2790
2791 static void bmdma_cmd_writeb(void *opaque, uint32_t addr, uint32_t val)
2792 {
2793 BMDMAState *bm = opaque;
2794 #ifdef DEBUG_IDE
2795 printf("%s: 0x%08x\n", __func__, val);
2796 #endif
2797 if (!(val & BM_CMD_START)) {
2798 /* XXX: do it better */
2799 ide_dma_cancel(bm);
2800 bm->cmd = val & 0x09;
2801 } else {
2802 if (!(bm->status & BM_STATUS_DMAING)) {
2803 bm->status |= BM_STATUS_DMAING;
2804 /* start dma transfer if possible */
2805 if (bm->dma_cb)
2806 bm->dma_cb(bm, 0);
2807 }
2808 bm->cmd = val & 0x09;
2809 }
2810 }
2811
2812 static uint32_t bmdma_readb(void *opaque, uint32_t addr)
2813 {
2814 BMDMAState *bm = opaque;
2815 PCIIDEState *pci_dev;
2816 uint32_t val;
2817
2818 switch(addr & 3) {
2819 case 0:
2820 val = bm->cmd;
2821 break;
2822 case 1:
2823 pci_dev = bm->pci_dev;
2824 if (pci_dev->type == IDE_TYPE_CMD646) {
2825 val = pci_dev->dev.config[MRDMODE];
2826 } else {
2827 val = 0xff;
2828 }
2829 break;
2830 case 2:
2831 val = bm->status;
2832 break;
2833 case 3:
2834 pci_dev = bm->pci_dev;
2835 if (pci_dev->type == IDE_TYPE_CMD646) {
2836 if (bm == &pci_dev->bmdma[0])
2837 val = pci_dev->dev.config[UDIDETCR0];
2838 else
2839 val = pci_dev->dev.config[UDIDETCR1];
2840 } else {
2841 val = 0xff;
2842 }
2843 break;
2844 default:
2845 val = 0xff;
2846 break;
2847 }
2848 #ifdef DEBUG_IDE
2849 printf("bmdma: readb 0x%02x : 0x%02x\n", addr, val);
2850 #endif
2851 return val;
2852 }
2853
2854 static void bmdma_writeb(void *opaque, uint32_t addr, uint32_t val)
2855 {
2856 BMDMAState *bm = opaque;
2857 PCIIDEState *pci_dev;
2858 #ifdef DEBUG_IDE
2859 printf("bmdma: writeb 0x%02x : 0x%02x\n", addr, val);
2860 #endif
2861 switch(addr & 3) {
2862 case 1:
2863 pci_dev = bm->pci_dev;
2864 if (pci_dev->type == IDE_TYPE_CMD646) {
2865 pci_dev->dev.config[MRDMODE] =
2866 (pci_dev->dev.config[MRDMODE] & ~0x30) | (val & 0x30);
2867 cmd646_update_irq(pci_dev);
2868 }
2869 break;
2870 case 2:
2871 bm->status = (val & 0x60) | (bm->status & 1) | (bm->status & ~val & 0x06);
2872 break;
2873 case 3:
2874 pci_dev = bm->pci_dev;
2875 if (pci_dev->type == IDE_TYPE_CMD646) {
2876 if (bm == &pci_dev->bmdma[0])
2877 pci_dev->dev.config[UDIDETCR0] = val;
2878 else
2879 pci_dev->dev.config[UDIDETCR1] = val;
2880 }
2881 break;
2882 }
2883 }
2884
2885 static uint32_t bmdma_addr_readb(void *opaque, uint32_t addr)
2886 {
2887 BMDMAState *bm = opaque;
2888 uint32_t val;
2889 val = (bm->addr >> ((addr & 3) * 8)) & 0xff;
2890 #ifdef DEBUG_IDE
2891 printf("%s: 0x%08x\n", __func__, val);
2892 #endif
2893 return val;
2894 }
2895
2896 static void bmdma_addr_writeb(void *opaque, uint32_t addr, uint32_t val)
2897 {
2898 BMDMAState *bm = opaque;
2899 int shift = (addr & 3) * 8;
2900 #ifdef DEBUG_IDE
2901 printf("%s: 0x%08x\n", __func__, val);
2902 #endif
2903 bm->addr &= ~(0xFF << shift);
2904 bm->addr |= ((val & 0xFF) << shift) & ~3;
2905 bm->cur_addr = bm->addr;
2906 }
2907
2908 static uint32_t bmdma_addr_readw(void *opaque, uint32_t addr)
2909 {
2910 BMDMAState *bm = opaque;
2911 uint32_t val;
2912 val = (bm->addr >> ((addr & 3) * 8)) & 0xffff;
2913 #ifdef DEBUG_IDE
2914 printf("%s: 0x%08x\n", __func__, val);
2915 #endif
2916 return val;
2917 }
2918
2919 static void bmdma_addr_writew(void *opaque, uint32_t addr, uint32_t val)
2920 {
2921 BMDMAState *bm = opaque;
2922 int shift = (addr & 3) * 8;
2923 #ifdef DEBUG_IDE
2924 printf("%s: 0x%08x\n", __func__, val);
2925 #endif
2926 bm->addr &= ~(0xFFFF << shift);
2927 bm->addr |= ((val & 0xFFFF) << shift) & ~3;
2928 bm->cur_addr = bm->addr;
2929 }
2930
2931 static uint32_t bmdma_addr_readl(void *opaque, uint32_t addr)
2932 {
2933 BMDMAState *bm = opaque;
2934 uint32_t val;
2935 val = bm->addr;
2936 #ifdef DEBUG_IDE
2937 printf("%s: 0x%08x\n", __func__, val);
2938 #endif
2939 return val;
2940 }
2941
2942 static void bmdma_addr_writel(void *opaque, uint32_t addr, uint32_t val)
2943 {
2944 BMDMAState *bm = opaque;
2945 #ifdef DEBUG_IDE
2946 printf("%s: 0x%08x\n", __func__, val);
2947 #endif
2948 bm->addr = val & ~3;
2949 bm->cur_addr = bm->addr;
2950 }
2951
2952 static void bmdma_map(PCIDevice *pci_dev, int region_num,
2953 uint32_t addr, uint32_t size, int type)
2954 {
2955 PCIIDEState *d = (PCIIDEState *)pci_dev;
2956 int i;
2957
2958 for(i = 0;i < 2; i++) {
2959 BMDMAState *bm = &d->bmdma[i];
2960 d->ide_if[2 * i].bmdma = bm;
2961 d->ide_if[2 * i + 1].bmdma = bm;
2962 bm->pci_dev = (PCIIDEState *)pci_dev;
2963
2964 register_ioport_write(addr, 1, 1, bmdma_cmd_writeb, bm);
2965
2966 register_ioport_write(addr + 1, 3, 1, bmdma_writeb, bm);
2967 register_ioport_read(addr, 4, 1, bmdma_readb, bm);
2968
2969 register_ioport_write(addr + 4, 4, 1, bmdma_addr_writeb, bm);
2970 register_ioport_read(addr + 4, 4, 1, bmdma_addr_readb, bm);
2971 register_ioport_write(addr + 4, 4, 2, bmdma_addr_writew, bm);
2972 register_ioport_read(addr + 4, 4, 2, bmdma_addr_readw, bm);
2973 register_ioport_write(addr + 4, 4, 4, bmdma_addr_writel, bm);
2974 register_ioport_read(addr + 4, 4, 4, bmdma_addr_readl, bm);
2975 addr += 8;
2976 }
2977 }
2978
2979 /* XXX: call it also when the MRDMODE is changed from the PCI config
2980 registers */
2981 static void cmd646_update_irq(PCIIDEState *d)
2982 {
2983 int pci_level;
2984 pci_level = ((d->dev.config[MRDMODE] & MRDMODE_INTR_CH0) &&
2985 !(d->dev.config[MRDMODE] & MRDMODE_BLK_CH0)) ||
2986 ((d->dev.config[MRDMODE] & MRDMODE_INTR_CH1) &&
2987 !(d->dev.config[MRDMODE] & MRDMODE_BLK_CH1));
2988 qemu_set_irq(d->dev.irq[0], pci_level);
2989 }
2990
2991 /* the PCI irq level is the logical OR of the two channels */
2992 static void cmd646_set_irq(void *opaque, int channel, int level)
2993 {
2994 PCIIDEState *d = opaque;
2995 int irq_mask;
2996
2997 irq_mask = MRDMODE_INTR_CH0 << channel;
2998 if (level)
2999 d->dev.config[MRDMODE] |= irq_mask;
3000 else
3001 d->dev.config[MRDMODE] &= ~irq_mask;
3002 cmd646_update_irq(d);
3003 }
3004
3005 /* CMD646 PCI IDE controller */
3006 void pci_cmd646_ide_init(PCIBus *bus, BlockDriverState **hd_table,
3007 int secondary_ide_enabled)
3008 {
3009 PCIIDEState *d;
3010 uint8_t *pci_conf;
3011 int i;
3012 qemu_irq *irq;
3013
3014 d = (PCIIDEState *)pci_register_device(bus, "CMD646 IDE",
3015 sizeof(PCIIDEState),
3016 -1,
3017 NULL, NULL);
3018 d->type = IDE_TYPE_CMD646;
3019 pci_conf = d->dev.config;
3020 pci_conf[0x00] = 0x95; // CMD646
3021 pci_conf[0x01] = 0x10;
3022 pci_conf[0x02] = 0x46;
3023 pci_conf[0x03] = 0x06;
3024
3025 pci_conf[0x08] = 0x07; // IDE controller revision
3026 pci_conf[0x09] = 0x8f;
3027
3028 pci_conf[0x0a] = 0x01; // class_sub = PCI_IDE
3029 pci_conf[0x0b] = 0x01; // class_base = PCI_mass_storage
3030 pci_conf[0x0e] = 0x00; // header_type
3031
3032 if (secondary_ide_enabled) {
3033 /* XXX: if not enabled, really disable the seconday IDE controller */
3034 pci_conf[0x51] = 0x80; /* enable IDE1 */
3035 }
3036
3037 pci_register_io_region((PCIDevice *)d, 0, 0x8,
3038 PCI_ADDRESS_SPACE_IO, ide_map);
3039 pci_register_io_region((PCIDevice *)d, 1, 0x4,
3040 PCI_ADDRESS_SPACE_IO, ide_map);
3041 pci_register_io_region((PCIDevice *)d, 2, 0x8,
3042 PCI_ADDRESS_SPACE_IO, ide_map);
3043 pci_register_io_region((PCIDevice *)d, 3, 0x4,
3044 PCI_ADDRESS_SPACE_IO, ide_map);
3045 pci_register_io_region((PCIDevice *)d, 4, 0x10,
3046 PCI_ADDRESS_SPACE_IO, bmdma_map);
3047
3048 pci_conf[0x3d] = 0x01; // interrupt on pin 1
3049
3050 for(i = 0; i < 4; i++)
3051 d->ide_if[i].pci_dev = (PCIDevice *)d;
3052
3053 irq = qemu_allocate_irqs(cmd646_set_irq, d, 2);
3054 ide_init2(&d->ide_if[0], hd_table[0], hd_table[1], irq[0]);
3055 ide_init2(&d->ide_if[2], hd_table[2], hd_table[3], irq[1]);
3056 }
3057
3058 static void pci_ide_save(QEMUFile* f, void *opaque)
3059 {
3060 PCIIDEState *d = opaque;
3061 int i;
3062
3063 pci_device_save(&d->dev, f);
3064
3065 for(i = 0; i < 2; i++) {
3066 BMDMAState *bm = &d->bmdma[i];
3067 qemu_put_8s(f, &bm->cmd);
3068 qemu_put_8s(f, &bm->status);
3069 qemu_put_be32s(f, &bm->addr);
3070 /* XXX: if a transfer is pending, we do not save it yet */
3071 }
3072
3073 /* per IDE interface data */
3074 for(i = 0; i < 2; i++) {
3075 IDEState *s = &d->ide_if[i * 2];
3076 uint8_t drive1_selected;
3077 qemu_put_8s(f, &s->cmd);
3078 drive1_selected = (s->cur_drive != s);
3079 qemu_put_8s(f, &drive1_selected);
3080 }
3081
3082 /* per IDE drive data */
3083 for(i = 0; i < 4; i++) {
3084 ide_save(f, &d->ide_if[i]);
3085 }
3086 }
3087
3088 static int pci_ide_load(QEMUFile* f, void *opaque, int version_id)
3089 {
3090 PCIIDEState *d = opaque;
3091 int ret, i;
3092
3093 if (version_id != 1)
3094 return -EINVAL;
3095 ret = pci_device_load(&d->dev, f);
3096 if (ret < 0)
3097 return ret;
3098
3099 for(i = 0; i < 2; i++) {
3100 BMDMAState *bm = &d->bmdma[i];
3101 qemu_get_8s(f, &bm->cmd);
3102 qemu_get_8s(f, &bm->status);
3103 qemu_get_be32s(f, &bm->addr);
3104 /* XXX: if a transfer is pending, we do not save it yet */
3105 }
3106
3107 /* per IDE interface data */
3108 for(i = 0; i < 2; i++) {
3109 IDEState *s = &d->ide_if[i * 2];
3110 uint8_t drive1_selected;
3111 qemu_get_8s(f, &s->cmd);
3112 qemu_get_8s(f, &drive1_selected);
3113 s->cur_drive = &d->ide_if[i * 2 + (drive1_selected != 0)];
3114 }
3115
3116 /* per IDE drive data */
3117 for(i = 0; i < 4; i++) {
3118 ide_load(f, &d->ide_if[i]);
3119 }
3120 return 0;
3121 }
3122
3123 static void piix3_reset(void *opaque)
3124 {
3125 PCIIDEState *d = opaque;
3126 uint8_t *pci_conf = d->dev.config;
3127 int i;
3128
3129 for (i = 0; i < 2; i++)
3130 ide_dma_cancel(&d->bmdma[i]);
3131
3132 pci_conf[0x04] = 0x00;
3133 pci_conf[0x05] = 0x00;
3134 pci_conf[0x06] = 0x80; /* FBC */
3135 pci_conf[0x07] = 0x02; // PCI_status_devsel_medium
3136 pci_conf[0x20] = 0x01; /* BMIBA: 20-23h */
3137 }
3138
3139 /* hd_table must contain 4 block drivers */
3140 /* NOTE: for the PIIX3, the IRQs and IOports are hardcoded */
3141 void pci_piix3_ide_init(PCIBus *bus, BlockDriverState **hd_table, int devfn,
3142 qemu_irq *pic)
3143 {
3144 PCIIDEState *d;
3145 uint8_t *pci_conf;
3146 int i;
3147
3148 /* register a function 1 of PIIX3 */
3149 d = (PCIIDEState *)pci_register_device(bus, "PIIX3 IDE",
3150 sizeof(PCIIDEState),
3151 devfn,
3152 NULL, NULL);
3153 d->type = IDE_TYPE_PIIX3;
3154
3155 pci_conf = d->dev.config;
3156 pci_conf[0x00] = 0x86; // Intel
3157 pci_conf[0x01] = 0x80;
3158 pci_conf[0x02] = 0x10;
3159 pci_conf[0x03] = 0x70;
3160 pci_conf[0x09] = 0x80; // legacy ATA mode
3161 pci_conf[0x0a] = 0x01; // class_sub = PCI_IDE
3162 pci_conf[0x0b] = 0x01; // class_base = PCI_mass_storage
3163 pci_conf[0x0e] = 0x00; // header_type
3164
3165 qemu_register_reset(piix3_reset, d);
3166 piix3_reset(d);
3167
3168 pci_register_io_region((PCIDevice *)d, 4, 0x10,
3169 PCI_ADDRESS_SPACE_IO, bmdma_map);
3170
3171 ide_init2(&d->ide_if[0], hd_table[0], hd_table[1], pic[14]);
3172 ide_init2(&d->ide_if[2], hd_table[2], hd_table[3], pic[15]);
3173 ide_init_ioport(&d->ide_if[0], 0x1f0, 0x3f6);
3174 ide_init_ioport(&d->ide_if[2], 0x170, 0x376);
3175
3176 for (i = 0; i < 4; i++)
3177 if (hd_table[i])
3178 hd_table[i]->devfn = d->dev.devfn;
3179
3180 register_savevm("ide", 0, 1, pci_ide_save, pci_ide_load, d);
3181 }
3182
3183 /* hd_table must contain 4 block drivers */
3184 /* NOTE: for the PIIX4, the IRQs and IOports are hardcoded */
3185 void pci_piix4_ide_init(PCIBus *bus, BlockDriverState **hd_table, int devfn,
3186 qemu_irq *pic)
3187 {
3188 PCIIDEState *d;
3189 uint8_t *pci_conf;
3190
3191 /* register a function 1 of PIIX4 */
3192 d = (PCIIDEState *)pci_register_device(bus, "PIIX4 IDE",
3193 sizeof(PCIIDEState),
3194 devfn,
3195 NULL, NULL);
3196 d->type = IDE_TYPE_PIIX4;
3197
3198 pci_conf = d->dev.config;
3199 pci_conf[0x00] = 0x86; // Intel
3200 pci_conf[0x01] = 0x80;
3201 pci_conf[0x02] = 0x11;
3202 pci_conf[0x03] = 0x71;
3203 pci_conf[0x09] = 0x80; // legacy ATA mode
3204 pci_conf[0x0a] = 0x01; // class_sub = PCI_IDE
3205 pci_conf[0x0b] = 0x01; // class_base = PCI_mass_storage
3206 pci_conf[0x0e] = 0x00; // header_type
3207
3208 qemu_register_reset(piix3_reset, d);
3209 piix3_reset(d);
3210
3211 pci_register_io_region((PCIDevice *)d, 4, 0x10,
3212 PCI_ADDRESS_SPACE_IO, bmdma_map);
3213
3214 ide_init2(&d->ide_if[0], hd_table[0], hd_table[1], pic[14]);
3215 ide_init2(&d->ide_if[2], hd_table[2], hd_table[3], pic[15]);
3216 ide_init_ioport(&d->ide_if[0], 0x1f0, 0x3f6);
3217 ide_init_ioport(&d->ide_if[2], 0x170, 0x376);
3218
3219 register_savevm("ide", 0, 1, pci_ide_save, pci_ide_load, d);
3220 }
3221
3222 /***********************************************************/
3223 /* MacIO based PowerPC IDE */
3224
3225 /* PowerMac IDE memory IO */
3226 static void pmac_ide_writeb (void *opaque,
3227 target_phys_addr_t addr, uint32_t val)
3228 {
3229 addr = (addr & 0xFFF) >> 4;
3230 switch (addr) {
3231 case 1 ... 7:
3232 ide_ioport_write(opaque, addr, val);
3233 break;
3234 case 8:
3235 case 22:
3236 ide_cmd_write(opaque, 0, val);
3237 break;
3238 default:
3239 break;
3240 }
3241 }
3242
3243 static uint32_t pmac_ide_readb (void *opaque,target_phys_addr_t addr)
3244 {
3245 uint8_t retval;
3246
3247 addr = (addr & 0xFFF) >> 4;
3248 switch (addr) {
3249 case 1 ... 7:
3250 retval = ide_ioport_read(opaque, addr);
3251 break;
3252 case 8:
3253 case 22:
3254 retval = ide_status_read(opaque, 0);
3255 break;
3256 default:
3257 retval = 0xFF;
3258 break;
3259 }
3260 return retval;
3261 }
3262
3263 static void pmac_ide_writew (void *opaque,
3264 target_phys_addr_t addr, uint32_t val)
3265 {
3266 addr = (addr & 0xFFF) >> 4;
3267 #ifdef TARGET_WORDS_BIGENDIAN
3268 val = bswap16(val);
3269 #endif
3270 if (addr == 0) {
3271 ide_data_writew(opaque, 0, val);
3272 }
3273 }
3274
3275 static uint32_t pmac_ide_readw (void *opaque,target_phys_addr_t addr)
3276 {
3277 uint16_t retval;
3278
3279 addr = (addr & 0xFFF) >> 4;
3280 if (addr == 0) {
3281 retval = ide_data_readw(opaque, 0);
3282 } else {
3283 retval = 0xFFFF;
3284 }
3285 #ifdef TARGET_WORDS_BIGENDIAN
3286 retval = bswap16(retval);
3287 #endif
3288 return retval;
3289 }
3290
3291 static void pmac_ide_writel (void *opaque,
3292 target_phys_addr_t addr, uint32_t val)
3293 {
3294 addr = (addr & 0xFFF) >> 4;
3295 #ifdef TARGET_WORDS_BIGENDIAN
3296 val = bswap32(val);
3297 #endif
3298 if (addr == 0) {
3299 ide_data_writel(opaque, 0, val);
3300 }
3301 }
3302
3303 static uint32_t pmac_ide_readl (void *opaque,target_phys_addr_t addr)
3304 {
3305 uint32_t retval;
3306
3307 addr = (addr & 0xFFF) >> 4;
3308 if (addr == 0) {
3309 retval = ide_data_readl(opaque, 0);
3310 } else {
3311 retval = 0xFFFFFFFF;
3312 }
3313 #ifdef TARGET_WORDS_BIGENDIAN
3314 retval = bswap32(retval);
3315 #endif
3316 return retval;
3317 }
3318
3319 static CPUWriteMemoryFunc *pmac_ide_write[] = {
3320 pmac_ide_writeb,
3321 pmac_ide_writew,
3322 pmac_ide_writel,
3323 };
3324
3325 static CPUReadMemoryFunc *pmac_ide_read[] = {
3326 pmac_ide_readb,
3327 pmac_ide_readw,
3328 pmac_ide_readl,
3329 };
3330
3331 /* hd_table must contain 4 block drivers */
3332 /* PowerMac uses memory mapped registers, not I/O. Return the memory
3333 I/O index to access the ide. */
3334 int pmac_ide_init (BlockDriverState **hd_table, qemu_irq irq)
3335 {
3336 IDEState *ide_if;
3337 int pmac_ide_memory;
3338
3339 ide_if = qemu_mallocz(sizeof(IDEState) * 2);
3340 ide_init2(&ide_if[0], hd_table[0], hd_table[1], irq);
3341
3342 pmac_ide_memory = cpu_register_io_memory(0, pmac_ide_read,
3343 pmac_ide_write, &ide_if[0]);
3344 return pmac_ide_memory;
3345 }
3346
3347 /***********************************************************/
3348 /* CF-ATA Microdrive */
3349
3350 #define METADATA_SIZE 0x20
3351
3352 /* DSCM-1XXXX Microdrive hard disk with CF+ II / PCMCIA interface. */
3353 struct md_s {
3354 IDEState ide[2];
3355 struct pcmcia_card_s card;
3356 uint32_t attr_base;
3357 uint32_t io_base;
3358
3359 /* Card state */
3360 uint8_t opt;
3361 uint8_t stat;
3362 uint8_t pins;
3363
3364 uint8_t ctrl;
3365 uint16_t io;
3366 int cycle;
3367 };
3368
3369 /* Register bitfields */
3370 enum md_opt {
3371 OPT_MODE_MMAP = 0,
3372 OPT_MODE_IOMAP16 = 1,
3373 OPT_MODE_IOMAP1 = 2,
3374 OPT_MODE_IOMAP2 = 3,
3375 OPT_MODE = 0x3f,
3376 OPT_LEVIREQ = 0x40,
3377 OPT_SRESET = 0x80,
3378 };
3379 enum md_cstat {
3380 STAT_INT = 0x02,
3381 STAT_PWRDWN = 0x04,
3382 STAT_XE = 0x10,
3383 STAT_IOIS8 = 0x20,
3384 STAT_SIGCHG = 0x40,
3385 STAT_CHANGED = 0x80,
3386 };
3387 enum md_pins {
3388 PINS_MRDY = 0x02,
3389 PINS_CRDY = 0x20,
3390 };
3391 enum md_ctrl {
3392 CTRL_IEN = 0x02,
3393 CTRL_SRST = 0x04,
3394 };
3395
3396 static inline void md_interrupt_update(struct md_s *s)
3397 {
3398 if (!s->card.slot)
3399 return;
3400
3401 qemu_set_irq(s->card.slot->irq,
3402 !(s->stat & STAT_INT) && /* Inverted */
3403 !(s->ctrl & (CTRL_IEN | CTRL_SRST)) &&
3404 !(s->opt & OPT_SRESET));
3405 }
3406
3407 static void md_set_irq(void *opaque, int irq, int level)
3408 {
3409 struct md_s *s = (struct md_s *) opaque;
3410 if (level)
3411 s->stat |= STAT_INT;
3412 else
3413 s->stat &= ~STAT_INT;
3414
3415 md_interrupt_update(s);
3416 }
3417
3418 static void md_reset(struct md_s *s)
3419 {
3420 s->opt = OPT_MODE_MMAP;
3421 s->stat = 0;
3422 s->pins = 0;
3423 s->cycle = 0;
3424 s->ctrl = 0;
3425 ide_reset(s->ide);
3426 }
3427
3428 static uint8_t md_attr_read(void *opaque, uint32_t at)
3429 {
3430 struct md_s *s = (struct md_s *) opaque;
3431 if (at < s->attr_base) {
3432 if (at < s->card.cis_len)
3433 return s->card.cis[at];
3434 else
3435 return 0x00;
3436 }
3437
3438 at -= s->attr_base;
3439
3440 switch (at) {
3441 case 0x00: /* Configuration Option Register */
3442 return s->opt;
3443 case 0x02: /* Card Configuration Status Register */
3444 if (s->ctrl & CTRL_IEN)
3445 return s->stat & ~STAT_INT;
3446 else
3447 return s->stat;
3448 case 0x04: /* Pin Replacement Register */
3449 return (s->pins & PINS_CRDY) | 0x0c;
3450 case 0x06: /* Socket and Copy Register */
3451 return 0x00;
3452 #ifdef VERBOSE
3453 default:
3454 printf("%s: Bad attribute space register %02x\n", __FUNCTION__, at);
3455 #endif
3456 }
3457
3458 return 0;
3459 }
3460
3461 static void md_attr_write(void *opaque, uint32_t at, uint8_t value)
3462 {
3463 struct md_s *s = (struct md_s *) opaque;
3464 at -= s->attr_base;
3465
3466 switch (at) {
3467 case 0x00: /* Configuration Option Register */
3468 s->opt = value & 0xcf;
3469 if (value & OPT_SRESET)
3470 md_reset(s);
3471 md_interrupt_update(s);
3472 break;
3473 case 0x02: /* Card Configuration Status Register */
3474 if ((s->stat ^ value) & STAT_PWRDWN)
3475 s->pins |= PINS_CRDY;
3476 s->stat &= 0x82;
3477 s->stat |= value & 0x74;
3478 md_interrupt_update(s);
3479 /* Word 170 in Identify Device must be equal to STAT_XE */
3480 break;
3481 case 0x04: /* Pin Replacement Register */
3482 s->pins &= PINS_CRDY;
3483 s->pins |= value & PINS_MRDY;
3484 break;
3485 case 0x06: /* Socket and Copy Register */
3486 break;
3487 default:
3488 printf("%s: Bad attribute space register %02x\n", __FUNCTION__, at);
3489 }
3490 }
3491
3492 static uint16_t md_common_read(void *opaque, uint32_t at)
3493 {
3494 struct md_s *s = (struct md_s *) opaque;
3495 uint16_t ret;
3496 at -= s->io_base;
3497
3498 switch (s->opt & OPT_MODE) {
3499 case OPT_MODE_MMAP:
3500 if ((at & ~0x3ff) == 0x400)
3501 at = 0;
3502 break;
3503 case OPT_MODE_IOMAP16:
3504 at &= 0xf;
3505 break;
3506 case OPT_MODE_IOMAP1:
3507 if ((at & ~0xf) == 0x3f0)
3508 at -= 0x3e8;
3509 else if ((at & ~0xf) == 0x1f0)
3510 at -= 0x1f0;
3511 break;
3512 case OPT_MODE_IOMAP2:
3513 if ((at & ~0xf) == 0x370)
3514 at -= 0x368;
3515 else if ((at & ~0xf) == 0x170)
3516 at -= 0x170;
3517 }
3518
3519 switch (at) {
3520 case 0x0: /* Even RD Data */
3521 case 0x8:
3522 return ide_data_readw(s->ide, 0);
3523
3524 /* TODO: 8-bit accesses */
3525 if (s->cycle)
3526 ret = s->io >> 8;
3527 else {
3528 s->io = ide_data_readw(s->ide, 0);
3529 ret = s->io & 0xff;
3530 }
3531 s->cycle = !s->cycle;
3532 return ret;
3533 case 0x9: /* Odd RD Data */
3534 return s->io >> 8;
3535 case 0xd: /* Error */
3536 return ide_ioport_read(s->ide, 0x1);
3537 case 0xe: /* Alternate Status */
3538 if (s->ide->cur_drive->bs)
3539 return s->ide->cur_drive->status;
3540 else
3541 return 0;
3542 case 0xf: /* Device Address */
3543 return 0xc2 | ((~s->ide->select << 2) & 0x3c);
3544 default:
3545 return ide_ioport_read(s->ide, at);
3546 }
3547
3548 return 0;
3549 }
3550
3551 static void md_common_write(void *opaque, uint32_t at, uint16_t value)
3552 {
3553 struct md_s *s = (struct md_s *) opaque;
3554 at -= s->io_base;
3555
3556 switch (s->opt & OPT_MODE) {
3557 case OPT_MODE_MMAP:
3558 if ((at & ~0x3ff) == 0x400)
3559 at = 0;
3560 break;
3561 case OPT_MODE_IOMAP16:
3562 at &= 0xf;
3563 break;
3564 case OPT_MODE_IOMAP1:
3565 if ((at & ~0xf) == 0x3f0)
3566 at -= 0x3e8;
3567 else if ((at & ~0xf) == 0x1f0)
3568 at -= 0x1f0;
3569 break;
3570 case OPT_MODE_IOMAP2:
3571 if ((at & ~0xf) == 0x370)
3572 at -= 0x368;
3573 else if ((at & ~0xf) == 0x170)
3574 at -= 0x170;
3575 }
3576
3577 switch (at) {
3578 case 0x0: /* Even WR Data */
3579 case 0x8:
3580 ide_data_writew(s->ide, 0, value);
3581 break;
3582
3583 /* TODO: 8-bit accesses */
3584 if (s->cycle)
3585 ide_data_writew(s->ide, 0, s->io | (value << 8));
3586 else
3587 s->io = value & 0xff;
3588 s->cycle = !s->cycle;
3589 break;
3590 case 0x9:
3591 s->io = value & 0xff;
3592 s->cycle = !s->cycle;
3593 break;
3594 case 0xd: /* Features */
3595 ide_ioport_write(s->ide, 0x1, value);
3596 break;
3597 case 0xe: /* Device Control */
3598 s->ctrl = value;
3599 if (value & CTRL_SRST)
3600 md_reset(s);
3601 md_interrupt_update(s);
3602 break;
3603 default:
3604 if (s->stat & STAT_PWRDWN) {
3605 s->pins |= PINS_CRDY;
3606 s->stat &= ~STAT_PWRDWN;
3607 }
3608 ide_ioport_write(s->ide, at, value);
3609 }
3610 }
3611
3612 static void md_save(QEMUFile *f, void *opaque)
3613 {
3614 struct md_s *s = (struct md_s *) opaque;
3615 int i;
3616 uint8_t drive1_selected;
3617
3618 qemu_put_8s(f, &s->opt);
3619 qemu_put_8s(f, &s->stat);
3620 qemu_put_8s(f, &s->pins);
3621
3622 qemu_put_8s(f, &s->ctrl);
3623 qemu_put_be16s(f, &s->io);
3624 qemu_put_byte(f, s->cycle);
3625
3626 drive1_selected = (s->ide->cur_drive != s->ide);
3627 qemu_put_8s(f, &s->ide->cmd);
3628 qemu_put_8s(f, &drive1_selected);
3629
3630 for (i = 0; i < 2; i ++)
3631 ide_save(f, &s->ide[i]);
3632 }
3633
3634 static int md_load(QEMUFile *f, void *opaque, int version_id)
3635 {
3636 struct md_s *s = (struct md_s *) opaque;
3637 int i;
3638 uint8_t drive1_selected;
3639
3640 qemu_get_8s(f, &s->opt);
3641 qemu_get_8s(f, &s->stat);
3642 qemu_get_8s(f, &s->pins);
3643
3644 qemu_get_8s(f, &s->ctrl);
3645 qemu_get_be16s(f, &s->io);
3646 s->cycle = qemu_get_byte(f);
3647
3648 qemu_get_8s(f, &s->ide->cmd);
3649 qemu_get_8s(f, &drive1_selected);
3650 s->ide->cur_drive = &s->ide[(drive1_selected != 0)];
3651
3652 for (i = 0; i < 2; i ++)
3653 ide_load(f, &s->ide[i]);
3654
3655 return 0;
3656 }
3657
3658 static const uint8_t dscm1xxxx_cis[0x14a] = {
3659 [0x000] = CISTPL_DEVICE, /* 5V Device Information */
3660 [0x002] = 0x03, /* Tuple length = 4 bytes */
3661 [0x004] = 0xdb, /* ID: DTYPE_FUNCSPEC, non WP, DSPEED_150NS */
3662 [0x006] = 0x01, /* Size = 2K bytes */
3663 [0x008] = CISTPL_ENDMARK,
3664
3665 [0x00a] = CISTPL_DEVICE_OC, /* Additional Device Information */
3666 [0x00c] = 0x04, /* Tuple length = 4 byest */
3667 [0x00e] = 0x03, /* Conditions: Ext = 0, Vcc 3.3V, MWAIT = 1 */
3668 [0x010] = 0xdb, /* ID: DTYPE_FUNCSPEC, non WP, DSPEED_150NS */
3669 [0x012] = 0x01, /* Size = 2K bytes */
3670 [0x014] = CISTPL_ENDMARK,
3671
3672 [0x016] = CISTPL_JEDEC_C, /* JEDEC ID */
3673 [0x018] = 0x02, /* Tuple length = 2 bytes */
3674 [0x01a] = 0xdf, /* PC Card ATA with no Vpp required */
3675 [0x01c] = 0x01,
3676
3677 [0x01e] = CISTPL_MANFID, /* Manufacture ID */
3678 [0x020] = 0x04, /* Tuple length = 4 bytes */
3679 [0x022] = 0xa4, /* TPLMID_MANF = 00a4 (IBM) */
3680 [0x024] = 0x00,
3681 [0x026] = 0x00, /* PLMID_CARD = 0000 */
3682 [0x028] = 0x00,
3683
3684 [0x02a] = CISTPL_VERS_1, /* Level 1 Version */
3685 [0x02c] = 0x12, /* Tuple length = 23 bytes */
3686 [0x02e] = 0x04, /* Major Version = JEIDA 4.2 / PCMCIA 2.1 */
3687 [0x030] = 0x01, /* Minor Version = 1 */
3688 [0x032] = 'I',
3689 [0x034] = 'B',
3690 [0x036] = 'M',
3691 [0x038] = 0x00,
3692 [0x03a] = 'm',
3693 [0x03c] = 'i',
3694 [0x03e] = 'c',
3695 [0x040] = 'r',
3696 [0x042] = 'o',
3697 [0x044] = 'd',
3698 [0x046] = 'r',
3699 [0x048] = 'i',
3700 [0x04a] = 'v',
3701 [0x04c] = 'e',
3702 [0x04e] = 0x00,
3703 [0x050] = CISTPL_ENDMARK,
3704
3705 [0x052] = CISTPL_FUNCID, /* Function ID */
3706 [0x054] = 0x02, /* Tuple length = 2 bytes */
3707 [0x056] = 0x04, /* TPLFID_FUNCTION = Fixed Disk */
3708 [0x058] = 0x01, /* TPLFID_SYSINIT: POST = 1, ROM = 0 */
3709
3710 [0x05a] = CISTPL_FUNCE, /* Function Extension */
3711 [0x05c] = 0x02, /* Tuple length = 2 bytes */
3712 [0x05e] = 0x01, /* TPLFE_TYPE = Disk Device Interface */
3713 [0x060] = 0x01, /* TPLFE_DATA = PC Card ATA Interface */
3714
3715 [0x062] = CISTPL_FUNCE, /* Function Extension */
3716 [0x064] = 0x03, /* Tuple length = 3 bytes */
3717 [0x066] = 0x02, /* TPLFE_TYPE = Basic PC Card ATA Interface */
3718 [0x068] = 0x08, /* TPLFE_DATA: Rotating, Unique, Single */
3719 [0x06a] = 0x0f, /* TPLFE_DATA: Sleep, Standby, Idle, Auto */
3720
3721 [0x06c] = CISTPL_CONFIG, /* Configuration */
3722 [0x06e] = 0x05, /* Tuple length = 5 bytes */
3723 [0x070] = 0x01, /* TPCC_RASZ = 2 bytes, TPCC_RMSZ = 1 byte */
3724 [0x072] = 0x07, /* TPCC_LAST = 7 */
3725 [0x074] = 0x00, /* TPCC_RADR = 0200 */
3726 [0x076] = 0x02,
3727 [0x078] = 0x0f, /* TPCC_RMSK = 200, 202, 204, 206 */
3728
3729 [0x07a] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
3730 [0x07c] = 0x0b, /* Tuple length = 11 bytes */
3731 [0x07e] = 0xc0, /* TPCE_INDX = Memory Mode, Default, Iface */
3732 [0x080] = 0xc0, /* TPCE_IF = Memory, no BVDs, no WP, READY */
3733 [0x082] = 0xa1, /* TPCE_FS = Vcc only, no I/O, Memory, Misc */
3734 [0x084] = 0x27, /* NomV = 1, MinV = 1, MaxV = 1, Peakl = 1 */
3735 [0x086] = 0x55, /* NomV: 5.0 V */
3736 [0x088] = 0x4d, /* MinV: 4.5 V */
3737 [0x08a] = 0x5d, /* MaxV: 5.5 V */
3738 [0x08c] = 0x4e, /* Peakl: 450 mA */
3739 [0x08e] = 0x08, /* TPCE_MS = 1 window, 1 byte, Host address */
3740 [0x090] = 0x00, /* Window descriptor: Window length = 0 */
3741 [0x092] = 0x20, /* TPCE_MI: support power down mode, RW */
3742
3743 [0x094] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
3744 [0x096] = 0x06, /* Tuple length = 6 bytes */
3745 [0x098] = 0x00, /* TPCE_INDX = Memory Mode, no Default */
3746 [0x09a] = 0x01, /* TPCE_FS = Vcc only, no I/O, no Memory */
3747 [0x09c] = 0x21, /* NomV = 1, MinV = 0, MaxV = 0, Peakl = 1 */
3748 [0x09e] = 0xb5, /* NomV: 3.3 V */
3749 [0x0a0] = 0x1e,
3750 [0x0a2] = 0x3e, /* Peakl: 350 mA */
3751
3752 [0x0a4] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
3753 [0x0a6] = 0x0d, /* Tuple length = 13 bytes */
3754 [0x0a8] = 0xc1, /* TPCE_INDX = I/O and Memory Mode, Default */
3755 [0x0aa] = 0x41, /* TPCE_IF = I/O and Memory, no BVD, no WP */
3756 [0x0ac] = 0x99, /* TPCE_FS = Vcc only, I/O, Interrupt, Misc */
3757 [0x0ae] = 0x27, /* NomV = 1, MinV = 1, MaxV = 1, Peakl = 1 */
3758 [0x0b0] = 0x55, /* NomV: 5.0 V */
3759 [0x0b2] = 0x4d, /* MinV: 4.5 V */
3760 [0x0b4] = 0x5d, /* MaxV: 5.5 V */
3761 [0x0b6] = 0x4e, /* Peakl: 450 mA */
3762 [0x0b8] = 0x64, /* TPCE_IO = 16-byte boundary, 16/8 accesses */
3763 [0x0ba] = 0xf0, /* TPCE_IR = MASK, Level, Pulse, Share */
3764 [0x0bc] = 0xff, /* IRQ0..IRQ7 supported */
3765 [0x0be] = 0xff, /* IRQ8..IRQ15 supported */
3766 [0x0c0] = 0x20, /* TPCE_MI = support power down mode */
3767
3768 [0x0c2] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
3769 [0x0c4] = 0x06, /* Tuple length = 6 bytes */
3770 [0x0c6] = 0x01, /* TPCE_INDX = I/O and Memory Mode */
3771 [0x0c8] = 0x01, /* TPCE_FS = Vcc only, no I/O, no Memory */
3772 [0x0ca] = 0x21, /* NomV = 1, MinV = 0, MaxV = 0, Peakl = 1 */
3773 [0x0cc] = 0xb5, /* NomV: 3.3 V */
3774 [0x0ce] = 0x1e,
3775 [0x0d0] = 0x3e, /* Peakl: 350 mA */
3776
3777 [0x0d2] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
3778 [0x0d4] = 0x12, /* Tuple length = 18 bytes */
3779 [0x0d6] = 0xc2, /* TPCE_INDX = I/O Primary Mode */
3780 [0x0d8] = 0x41, /* TPCE_IF = I/O and Memory, no BVD, no WP */
3781 [0x0da] = 0x99, /* TPCE_FS = Vcc only, I/O, Interrupt, Misc */
3782 [0x0dc] = 0x27, /* NomV = 1, MinV = 1, MaxV = 1, Peakl = 1 */
3783 [0x0de] = 0x55, /* NomV: 5.0 V */
3784 [0x0e0] = 0x4d, /* MinV: 4.5 V */
3785 [0x0e2] = 0x5d, /* MaxV: 5.5 V */
3786 [0x0e4] = 0x4e, /* Peakl: 450 mA */
3787 [0x0e6] = 0xea, /* TPCE_IO = 1K boundary, 16/8 access, Range */
3788 [0x0e8] = 0x61, /* Range: 2 fields, 2 bytes addr, 1 byte len */
3789 [0x0ea] = 0xf0, /* Field 1 address = 0x01f0 */
3790 [0x0ec] = 0x01,
3791 [0x0ee] = 0x07, /* Address block length = 8 */
3792 [0x0f0] = 0xf6, /* Field 2 address = 0x03f6 */
3793 [0x0f2] = 0x03,
3794 [0x0f4] = 0x01, /* Address block length = 2 */
3795 [0x0f6] = 0xee, /* TPCE_IR = IRQ E, Level, Pulse, Share */
3796 [0x0f8] = 0x20, /* TPCE_MI = support power down mode */
3797
3798 [0x0fa] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
3799 [0x0fc] = 0x06, /* Tuple length = 6 bytes */
3800 [0x0fe] = 0x02, /* TPCE_INDX = I/O Primary Mode, no Default */
3801 [0x100] = 0x01, /* TPCE_FS = Vcc only, no I/O, no Memory */
3802 [0x102] = 0x21, /* NomV = 1, MinV = 0, MaxV = 0, Peakl = 1 */
3803 [0x104] = 0xb5, /* NomV: 3.3 V */
3804 [0x106] = 0x1e,
3805 [0x108] = 0x3e, /* Peakl: 350 mA */
3806
3807 [0x10a] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
3808 [0x10c] = 0x12, /* Tuple length = 18 bytes */
3809 [0x10e] = 0xc3, /* TPCE_INDX = I/O Secondary Mode, Default */
3810 [0x110] = 0x41, /* TPCE_IF = I/O and Memory, no BVD, no WP */
3811 [0x112] = 0x99, /* TPCE_FS = Vcc only, I/O, Interrupt, Misc */
3812 [0x114] = 0x27, /* NomV = 1, MinV = 1, MaxV = 1, Peakl = 1 */
3813 [0x116] = 0x55, /* NomV: 5.0 V */
3814 [0x118] = 0x4d, /* MinV: 4.5 V */
3815 [0x11a] = 0x5d, /* MaxV: 5.5 V */
3816 [0x11c] = 0x4e, /* Peakl: 450 mA */
3817 [0x11e] = 0xea, /* TPCE_IO = 1K boundary, 16/8 access, Range */
3818 [0x120] = 0x61, /* Range: 2 fields, 2 byte addr, 1 byte len */
3819 [0x122] = 0x70, /* Field 1 address = 0x0170 */
3820 [0x124] = 0x01,
3821 [0x126] = 0x07, /* Address block length = 8 */
3822 [0x128] = 0x76, /* Field 2 address = 0x0376 */
3823 [0x12a] = 0x03,
3824 [0x12c] = 0x01, /* Address block length = 2 */
3825 [0x12e] = 0xee, /* TPCE_IR = IRQ E, Level, Pulse, Share */
3826 [0x130] = 0x20, /* TPCE_MI = support power down mode */
3827
3828 [0x132] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
3829 [0x134] = 0x06, /* Tuple length = 6 bytes */
3830 [0x136] = 0x03, /* TPCE_INDX = I/O Secondary Mode */
3831 [0x138] = 0x01, /* TPCE_FS = Vcc only, no I/O, no Memory */
3832 [0x13a] = 0x21, /* NomV = 1, MinV = 0, MaxV = 0, Peakl = 1 */
3833 [0x13c] = 0xb5, /* NomV: 3.3 V */
3834 [0x13e] = 0x1e,
3835 [0x140] = 0x3e, /* Peakl: 350 mA */
3836
3837 [0x142] = CISTPL_NO_LINK, /* No Link */
3838 [0x144] = 0x00, /* Tuple length = 0 bytes */
3839
3840 [0x146] = CISTPL_END, /* Tuple End */
3841 };
3842
3843 static int dscm1xxxx_attach(void *opaque)
3844 {
3845 struct md_s *md = (struct md_s *) opaque;
3846 md->card.attr_read = md_attr_read;
3847 md->card.attr_write = md_attr_write;
3848 md->card.common_read = md_common_read;
3849 md->card.common_write = md_common_write;
3850 md->card.io_read = md_common_read;
3851 md->card.io_write = md_common_write;
3852
3853 md->attr_base = md->card.cis[0x74] | (md->card.cis[0x76] << 8);
3854 md->io_base = 0x0;
3855
3856 md_reset(md);
3857 md_interrupt_update(md);
3858
3859 md->card.slot->card_string = "DSCM-1xxxx Hitachi Microdrive";
3860 return 0;
3861 }
3862
3863 static int dscm1xxxx_detach(void *opaque)
3864 {
3865 struct md_s *md = (struct md_s *) opaque;
3866 md_reset(md);
3867 return 0;
3868 }
3869
3870 struct pcmcia_card_s *dscm1xxxx_init(BlockDriverState *bdrv)
3871 {
3872 struct md_s *md = (struct md_s *) qemu_mallocz(sizeof(struct md_s));
3873 md->card.state = md;
3874 md->card.attach = dscm1xxxx_attach;
3875 md->card.detach = dscm1xxxx_detach;
3876 md->card.cis = dscm1xxxx_cis;
3877 md->card.cis_len = sizeof(dscm1xxxx_cis);
3878
3879 ide_init2(md->ide, bdrv, 0, qemu_allocate_irqs(md_set_irq, md, 1)[0]);
3880 md->ide->is_cf = 1;
3881 md->ide->mdata_size = METADATA_SIZE;
3882 md->ide->mdata_storage = (uint8_t *) qemu_mallocz(METADATA_SIZE);
3883
3884 register_savevm("microdrive", -1, 0, md_save, md_load, md);
3885
3886 return &md->card;
3887 }
Patches shipped by Fedora