]> Git Repo - qemu.git/blame - hw/ide.c
projects / qemu.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
update from latest Bochs BIOS
[qemu.git] / hw / ide.c
CommitLineData
5391d806 1/*
38cdea7c 2 * QEMU IDE disk and CD/DVD-ROM Emulator
5fafdf24 3 *
5391d806 4 * Copyright (c) 2003 Fabrice Bellard
201a51fc 5 * Copyright (c) 2006 Openedhand Ltd.
5fafdf24 6 *
5391d806
FB		 7 * Permission is hereby granted, free of charge, to any person obtaining a copy
8 * of this software and associated documentation files (the "Software"), to deal
9 * in the Software without restriction, including without limitation the rights
10 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
11 * copies of the Software, and to permit persons to whom the Software is
12 * furnished to do so, subject to the following conditions:
13 *
14 * The above copyright notice and this permission notice shall be included in
15 * all copies or substantial portions of the Software.
16 *
17 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
18 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
19 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
20 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
21 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
22 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
23 * THE SOFTWARE.
24 */
87ecb68b
PB		 25#include "hw.h"
26#include "pc.h"
27#include "pci.h"
28#include "scsi-disk.h"
29#include "pcmcia.h"
30#include "block.h"
31#include "qemu-timer.h"
32#include "sysemu.h"
9596ebb7 33#include "ppc_mac.h"
5391d806 34
5391d806
FB		 35/* debug IDE devices */
36//#define DEBUG_IDE
37//#define DEBUG_IDE_ATAPI
8ccad811
FB		 38//#define DEBUG_AIO
39#define USE_DMA_CDROM
5391d806
FB		 40
41/* Bits of HD_STATUS */
42#define ERR_STAT 0x01
43#define INDEX_STAT 0x02
44#define ECC_STAT 0x04 /* Corrected error */
45#define DRQ_STAT 0x08
46#define SEEK_STAT 0x10
47#define SRV_STAT 0x10
48#define WRERR_STAT 0x20
49#define READY_STAT 0x40
50#define BUSY_STAT 0x80
51
52/* Bits for HD_ERROR */
53#define MARK_ERR 0x01 /* Bad address mark */
54#define TRK0_ERR 0x02 /* couldn't find track 0 */
55#define ABRT_ERR 0x04 /* Command aborted */
56#define MCR_ERR 0x08 /* media change request */
57#define ID_ERR 0x10 /* ID field not found */
58#define MC_ERR 0x20 /* media changed */
59#define ECC_ERR 0x40 /* Uncorrectable ECC error */
60#define BBD_ERR 0x80 /* pre-EIDE meaning: block marked bad */
61#define ICRC_ERR 0x80 /* new meaning: CRC error during transfer */
62
63/* Bits of HD_NSECTOR */
64#define CD 0x01
65#define IO 0x02
66#define REL 0x04
67#define TAG_MASK 0xf8
68
69#define IDE_CMD_RESET 0x04
70#define IDE_CMD_DISABLE_IRQ 0x02
71
72/* ATA/ATAPI Commands pre T13 Spec */
73#define WIN_NOP 0x00
74/*
75 * 0x01->0x02 Reserved
76 */
77#define CFA_REQ_EXT_ERROR_CODE 0x03 /* CFA Request Extended Error Code */
78/*
79 * 0x04->0x07 Reserved
80 */
81#define WIN_SRST 0x08 /* ATAPI soft reset command */
82#define WIN_DEVICE_RESET 0x08
83/*
84 * 0x09->0x0F Reserved
85 */
86#define WIN_RECAL 0x10
87#define WIN_RESTORE WIN_RECAL
88/*
89 * 0x10->0x1F Reserved
90 */
91#define WIN_READ 0x20 /* 28-Bit */
92#define WIN_READ_ONCE 0x21 /* 28-Bit without retries */
93#define WIN_READ_LONG 0x22 /* 28-Bit */
94#define WIN_READ_LONG_ONCE 0x23 /* 28-Bit without retries */
95#define WIN_READ_EXT 0x24 /* 48-Bit */
96#define WIN_READDMA_EXT 0x25 /* 48-Bit */
97#define WIN_READDMA_QUEUED_EXT 0x26 /* 48-Bit */
98#define WIN_READ_NATIVE_MAX_EXT 0x27 /* 48-Bit */
99/*
100 * 0x28
101 */
102#define WIN_MULTREAD_EXT 0x29 /* 48-Bit */
103/*
104 * 0x2A->0x2F Reserved
105 */
106#define WIN_WRITE 0x30 /* 28-Bit */
107#define WIN_WRITE_ONCE 0x31 /* 28-Bit without retries */
108#define WIN_WRITE_LONG 0x32 /* 28-Bit */
109#define WIN_WRITE_LONG_ONCE 0x33 /* 28-Bit without retries */
110#define WIN_WRITE_EXT 0x34 /* 48-Bit */
111#define WIN_WRITEDMA_EXT 0x35 /* 48-Bit */
112#define WIN_WRITEDMA_QUEUED_EXT 0x36 /* 48-Bit */
113#define WIN_SET_MAX_EXT 0x37 /* 48-Bit */
114#define CFA_WRITE_SECT_WO_ERASE 0x38 /* CFA Write Sectors without erase */
115#define WIN_MULTWRITE_EXT 0x39 /* 48-Bit */
116/*
117 * 0x3A->0x3B Reserved
118 */
119#define WIN_WRITE_VERIFY 0x3C /* 28-Bit */
120/*
121 * 0x3D->0x3F Reserved
122 */
123#define WIN_VERIFY 0x40 /* 28-Bit - Read Verify Sectors */
124#define WIN_VERIFY_ONCE 0x41 /* 28-Bit - without retries */
125#define WIN_VERIFY_EXT 0x42 /* 48-Bit */
126/*
127 * 0x43->0x4F Reserved
128 */
129#define WIN_FORMAT 0x50
130/*
131 * 0x51->0x5F Reserved
132 */
133#define WIN_INIT 0x60
134/*
135 * 0x61->0x5F Reserved
136 */
137#define WIN_SEEK 0x70 /* 0x70-0x7F Reserved */
138#define CFA_TRANSLATE_SECTOR 0x87 /* CFA Translate Sector */
139#define WIN_DIAGNOSE 0x90
140#define WIN_SPECIFY 0x91 /* set drive geometry translation */
141#define WIN_DOWNLOAD_MICROCODE 0x92
142#define WIN_STANDBYNOW2 0x94
201a51fc 143#define CFA_IDLEIMMEDIATE 0x95 /* force drive to become "ready" */
5391d806
FB		 144#define WIN_STANDBY2 0x96
145#define WIN_SETIDLE2 0x97
146#define WIN_CHECKPOWERMODE2 0x98
147#define WIN_SLEEPNOW2 0x99
148/*
149 * 0x9A VENDOR
150 */
151#define WIN_PACKETCMD 0xA0 /* Send a packet command. */
152#define WIN_PIDENTIFY 0xA1 /* identify ATAPI device */
153#define WIN_QUEUED_SERVICE 0xA2
154#define WIN_SMART 0xB0 /* self-monitoring and reporting */
201a51fc
AZ		 155#define CFA_ACCESS_METADATA_STORAGE 0xB8
156#define CFA_ERASE_SECTORS 0xC0 /* microdrives implement as NOP */
5391d806
FB		 157#define WIN_MULTREAD 0xC4 /* read sectors using multiple mode*/
158#define WIN_MULTWRITE 0xC5 /* write sectors using multiple mode */
159#define WIN_SETMULT 0xC6 /* enable/disable multiple mode */
160#define WIN_READDMA_QUEUED 0xC7 /* read sectors using Queued DMA transfers */
161#define WIN_READDMA 0xC8 /* read sectors using DMA transfers */
162#define WIN_READDMA_ONCE 0xC9 /* 28-Bit - without retries */
163#define WIN_WRITEDMA 0xCA /* write sectors using DMA transfers */
164#define WIN_WRITEDMA_ONCE 0xCB /* 28-Bit - without retries */
165#define WIN_WRITEDMA_QUEUED 0xCC /* write sectors using Queued DMA transfers */
166#define CFA_WRITE_MULTI_WO_ERASE 0xCD /* CFA Write multiple without erase */
5fafdf24 167#define WIN_GETMEDIASTATUS 0xDA
5391d806
FB		 168#define WIN_ACKMEDIACHANGE 0xDB /* ATA-1, ATA-2 vendor */
169#define WIN_POSTBOOT 0xDC
170#define WIN_PREBOOT 0xDD
171#define WIN_DOORLOCK 0xDE /* lock door on removable drives */
172#define WIN_DOORUNLOCK 0xDF /* unlock door on removable drives */
173#define WIN_STANDBYNOW1 0xE0
174#define WIN_IDLEIMMEDIATE 0xE1 /* force drive to become "ready" */
175#define WIN_STANDBY 0xE2 /* Set device in Standby Mode */
176#define WIN_SETIDLE1 0xE3
177#define WIN_READ_BUFFER 0xE4 /* force read only 1 sector */
178#define WIN_CHECKPOWERMODE1 0xE5
179#define WIN_SLEEPNOW1 0xE6
180#define WIN_FLUSH_CACHE 0xE7
181#define WIN_WRITE_BUFFER 0xE8 /* force write only 1 sector */
182#define WIN_WRITE_SAME 0xE9 /* read ata-2 to use */
183 /* SET_FEATURES 0x22 or 0xDD */
184#define WIN_FLUSH_CACHE_EXT 0xEA /* 48-Bit */
185#define WIN_IDENTIFY 0xEC /* ask drive to identify itself */
186#define WIN_MEDIAEJECT 0xED
187#define WIN_IDENTIFY_DMA 0xEE /* same as WIN_IDENTIFY, but DMA */
188#define WIN_SETFEATURES 0xEF /* set special drive features */
189#define EXABYTE_ENABLE_NEST 0xF0
201a51fc 190#define IBM_SENSE_CONDITION 0xF0 /* measure disk temperature */
5391d806
FB		 191#define WIN_SECURITY_SET_PASS 0xF1
192#define WIN_SECURITY_UNLOCK 0xF2
193#define WIN_SECURITY_ERASE_PREPARE 0xF3
194#define WIN_SECURITY_ERASE_UNIT 0xF4
195#define WIN_SECURITY_FREEZE_LOCK 0xF5
201a51fc 196#define CFA_WEAR_LEVEL 0xF5 /* microdrives implement as NOP */
5391d806
FB		 197#define WIN_SECURITY_DISABLE 0xF6
198#define WIN_READ_NATIVE_MAX 0xF8 /* return the native maximum address */
199#define WIN_SET_MAX 0xF9
200#define DISABLE_SEAGATE 0xFB
201
202/* set to 1 set disable mult support */
f66723fa 203#define MAX_MULT_SECTORS 16
5391d806
FB		 204
205/* ATAPI defines */
206
207#define ATAPI_PACKET_SIZE 12
208
209/* The generic packet command opcodes for CD/DVD Logical Units,
210 * From Table 57 of the SFF8090 Ver. 3 (Mt. Fuji) draft standard. */
211#define GPCMD_BLANK 0xa1
212#define GPCMD_CLOSE_TRACK 0x5b
213#define GPCMD_FLUSH_CACHE 0x35
214#define GPCMD_FORMAT_UNIT 0x04
215#define GPCMD_GET_CONFIGURATION 0x46
216#define GPCMD_GET_EVENT_STATUS_NOTIFICATION 0x4a
217#define GPCMD_GET_PERFORMANCE 0xac
218#define GPCMD_INQUIRY 0x12
219#define GPCMD_LOAD_UNLOAD 0xa6
220#define GPCMD_MECHANISM_STATUS 0xbd
221#define GPCMD_MODE_SELECT_10 0x55
222#define GPCMD_MODE_SENSE_10 0x5a
223#define GPCMD_PAUSE_RESUME 0x4b
224#define GPCMD_PLAY_AUDIO_10 0x45
225#define GPCMD_PLAY_AUDIO_MSF 0x47
226#define GPCMD_PLAY_AUDIO_TI 0x48
227#define GPCMD_PLAY_CD 0xbc
228#define GPCMD_PREVENT_ALLOW_MEDIUM_REMOVAL 0x1e
229#define GPCMD_READ_10 0x28
230#define GPCMD_READ_12 0xa8
231#define GPCMD_READ_CDVD_CAPACITY 0x25
232#define GPCMD_READ_CD 0xbe
233#define GPCMD_READ_CD_MSF 0xb9
234#define GPCMD_READ_DISC_INFO 0x51
235#define GPCMD_READ_DVD_STRUCTURE 0xad
236#define GPCMD_READ_FORMAT_CAPACITIES 0x23
237#define GPCMD_READ_HEADER 0x44
238#define GPCMD_READ_TRACK_RZONE_INFO 0x52
239#define GPCMD_READ_SUBCHANNEL 0x42
240#define GPCMD_READ_TOC_PMA_ATIP 0x43
241#define GPCMD_REPAIR_RZONE_TRACK 0x58
242#define GPCMD_REPORT_KEY 0xa4
243#define GPCMD_REQUEST_SENSE 0x03
244#define GPCMD_RESERVE_RZONE_TRACK 0x53
245#define GPCMD_SCAN 0xba
246#define GPCMD_SEEK 0x2b
247#define GPCMD_SEND_DVD_STRUCTURE 0xad
248#define GPCMD_SEND_EVENT 0xa2
249#define GPCMD_SEND_KEY 0xa3
250#define GPCMD_SEND_OPC 0x54
251#define GPCMD_SET_READ_AHEAD 0xa7
252#define GPCMD_SET_STREAMING 0xb6
253#define GPCMD_START_STOP_UNIT 0x1b
254#define GPCMD_STOP_PLAY_SCAN 0x4e
255#define GPCMD_TEST_UNIT_READY 0x00
256#define GPCMD_VERIFY_10 0x2f
257#define GPCMD_WRITE_10 0x2a
258#define GPCMD_WRITE_AND_VERIFY_10 0x2e
5fafdf24 259/* This is listed as optional in ATAPI 2.6, but is (curiously)
5391d806
FB		 260 * missing from Mt. Fuji, Table 57. It _is_ mentioned in Mt. Fuji
261 * Table 377 as an MMC command for SCSi devices though... Most ATAPI
262 * drives support it. */
263#define GPCMD_SET_SPEED 0xbb
5fafdf24 264/* This seems to be a SCSI specific CD-ROM opcode
5391d806
FB		 265 * to play data at track/index */
266#define GPCMD_PLAYAUDIO_TI 0x48
267/*
268 * From MS Media Status Notification Support Specification. For
269 * older drives only.
270 */
271#define GPCMD_GET_MEDIA_STATUS 0xda
d14049ea 272#define GPCMD_MODE_SENSE_6 0x1a
5391d806
FB		 273
274/* Mode page codes for mode sense/set */
275#define GPMODE_R_W_ERROR_PAGE 0x01
276#define GPMODE_WRITE_PARMS_PAGE 0x05
277#define GPMODE_AUDIO_CTL_PAGE 0x0e
278#define GPMODE_POWER_PAGE 0x1a
279#define GPMODE_FAULT_FAIL_PAGE 0x1c
280#define GPMODE_TO_PROTECT_PAGE 0x1d
281#define GPMODE_CAPABILITIES_PAGE 0x2a
282#define GPMODE_ALL_PAGES 0x3f
283/* Not in Mt. Fuji, but in ATAPI 2.6 -- depricated now in favor
284 * of MODE_SENSE_POWER_PAGE */
285#define GPMODE_CDROM_PAGE 0x0d
286
38cdea7c
AZ		 287/*
288 * Based on values from <linux/cdrom.h> but extending CD_MINS
289 * to the maximum common size allowed by the Orange's Book ATIP
290 *
291 * 90 and 99 min CDs are also available but using them as the
292 * upper limit reduces the effectiveness of the heuristic to
293 * detect DVDs burned to less than 25% of their maximum capacity
294 */
295
296/* Some generally useful CD-ROM information */
297#define CD_MINS 80 /* max. minutes per CD */
298#define CD_SECS 60 /* seconds per minute */
299#define CD_FRAMES 75 /* frames per second */
300#define CD_FRAMESIZE 2048 /* bytes per frame, "cooked" mode */
301#define CD_MAX_BYTES (CD_MINS * CD_SECS * CD_FRAMES * CD_FRAMESIZE)
302#define CD_MAX_SECTORS (CD_MAX_BYTES / 512)
303
304/*
305 * The MMC values are not IDE specific and might need to be moved
306 * to a common header if they are also needed for the SCSI emulation
307 */
308
309/* Profile list from MMC-6 revision 1 table 91 */
310#define MMC_PROFILE_NONE 0x0000
311#define MMC_PROFILE_CD_ROM 0x0008
312#define MMC_PROFILE_CD_R 0x0009
313#define MMC_PROFILE_CD_RW 0x000A
314#define MMC_PROFILE_DVD_ROM 0x0010
315#define MMC_PROFILE_DVD_R_SR 0x0011
316#define MMC_PROFILE_DVD_RAM 0x0012
317#define MMC_PROFILE_DVD_RW_RO 0x0013
318#define MMC_PROFILE_DVD_RW_SR 0x0014
319#define MMC_PROFILE_DVD_R_DL_SR 0x0015
320#define MMC_PROFILE_DVD_R_DL_JR 0x0016
321#define MMC_PROFILE_DVD_RW_DL 0x0017
322#define MMC_PROFILE_DVD_DDR 0x0018
323#define MMC_PROFILE_DVD_PLUS_RW 0x001A
324#define MMC_PROFILE_DVD_PLUS_R 0x001B
325#define MMC_PROFILE_DVD_PLUS_RW_DL 0x002A
326#define MMC_PROFILE_DVD_PLUS_R_DL 0x002B
327#define MMC_PROFILE_BD_ROM 0x0040
328#define MMC_PROFILE_BD_R_SRM 0x0041
329#define MMC_PROFILE_BD_R_RRM 0x0042
330#define MMC_PROFILE_BD_RE 0x0043
331#define MMC_PROFILE_HDDVD_ROM 0x0050
332#define MMC_PROFILE_HDDVD_R 0x0051
333#define MMC_PROFILE_HDDVD_RAM 0x0052
334#define MMC_PROFILE_HDDVD_RW 0x0053
335#define MMC_PROFILE_HDDVD_R_DL 0x0058
336#define MMC_PROFILE_HDDVD_RW_DL 0x005A
337#define MMC_PROFILE_INVALID 0xFFFF
338
5391d806
FB		 339#define ATAPI_INT_REASON_CD 0x01 /* 0 = data transfer */
340#define ATAPI_INT_REASON_IO 0x02 /* 1 = transfer to the host */
341#define ATAPI_INT_REASON_REL 0x04
342#define ATAPI_INT_REASON_TAG 0xf8
343
344/* same constants as bochs */
7f777bf3 345#define ASC_ILLEGAL_OPCODE 0x20
5391d806
FB		 346#define ASC_LOGICAL_BLOCK_OOR 0x21
347#define ASC_INV_FIELD_IN_CMD_PACKET 0x24
348#define ASC_MEDIUM_NOT_PRESENT 0x3a
349#define ASC_SAVING_PARAMETERS_NOT_SUPPORTED 0x39
350
201a51fc
AZ		 351#define CFA_NO_ERROR 0x00
352#define CFA_MISC_ERROR 0x09
353#define CFA_INVALID_COMMAND 0x20
354#define CFA_INVALID_ADDRESS 0x21
355#define CFA_ADDRESS_OVERFLOW 0x2f
356
5391d806
FB		 357#define SENSE_NONE 0
358#define SENSE_NOT_READY 2
359#define SENSE_ILLEGAL_REQUEST 5
360#define SENSE_UNIT_ATTENTION 6
361
362struct IDEState;
363
364typedef void EndTransferFunc(struct IDEState *);
365
caed8802 366/* NOTE: IDEState represents in fact one drive */
5391d806
FB		 367typedef struct IDEState {
368 /* ide config */
369 int is_cdrom;
201a51fc 370 int is_cf;
5391d806
FB		 371 int cylinders, heads, sectors;
372 int64_t nb_sectors;
373 int mult_sectors;
94458802
FB		 374 int identify_set;
375 uint16_t identify_data[256];
d537cf6c 376 qemu_irq irq;
34e538ae 377 PCIDevice *pci_dev;
98087450 378 struct BMDMAState *bmdma;
aedf5382 379 int drive_serial;
5391d806
FB		 380 /* ide regs */
381 uint8_t feature;
382 uint8_t error;
c2ff060f 383 uint32_t nsector;
5391d806
FB		 384 uint8_t sector;
385 uint8_t lcyl;
386 uint8_t hcyl;
c2ff060f
FB		 387 /* other part of tf for lba48 support */
388 uint8_t hob_feature;
389 uint8_t hob_nsector;
390 uint8_t hob_sector;
391 uint8_t hob_lcyl;
392 uint8_t hob_hcyl;
393
5391d806
FB		 394 uint8_t select;
395 uint8_t status;
c2ff060f 396
5391d806
FB		 397 /* 0x3f6 command, only meaningful for drive 0 */
398 uint8_t cmd;
c2ff060f
FB		 399 /* set for lba48 access */
400 uint8_t lba48;
5391d806 401 /* depends on bit 4 in select, only meaningful for drive 0 */
5fafdf24 402 struct IDEState *cur_drive;
5391d806
FB		 403 BlockDriverState *bs;
404 /* ATAPI specific */
405 uint8_t sense_key;
406 uint8_t asc;
407 int packet_transfer_size;
408 int elementary_transfer_size;
409 int io_buffer_index;
410 int lba;
98087450
FB		 411 int cd_sector_size;
412 int atapi_dma; /* true if dma is requested for the packet cmd */
413 /* ATA DMA state */
414 int io_buffer_size;
415 /* PIO transfer handling */
5391d806
FB		 416 int req_nb_sectors; /* number of sectors per interrupt */
417 EndTransferFunc *end_transfer_func;
418 uint8_t *data_ptr;
419 uint8_t *data_end;
33f00271 420 uint8_t *io_buffer;
31c2a146 421 QEMUTimer *sector_write_timer; /* only used for win2k install hack */
e774a278 422 uint32_t irq_count; /* counts IRQs when using win2k install hack */
201a51fc
AZ		 423 /* CF-ATA extended error */
424 uint8_t ext_error;
425 /* CF-ATA metadata storage */
426 uint32_t mdata_size;
427 uint8_t *mdata_storage;
428 int media_changed;
5391d806
FB		 429} IDEState;
430
98087450
FB		 431#define BM_STATUS_DMAING 0x01
432#define BM_STATUS_ERROR 0x02
433#define BM_STATUS_INT 0x04
434
435#define BM_CMD_START 0x01
436#define BM_CMD_READ 0x08
437
5457c8ce
FB		 438#define IDE_TYPE_PIIX3 0
439#define IDE_TYPE_CMD646 1
afcc3cdf 440#define IDE_TYPE_PIIX4 2
5457c8ce
FB		 441
442/* CMD646 specific */
443#define MRDMODE 0x71
444#define MRDMODE_INTR_CH0 0x04
445#define MRDMODE_INTR_CH1 0x08
446#define MRDMODE_BLK_CH0 0x10
447#define MRDMODE_BLK_CH1 0x20
448#define UDIDETCR0 0x73
449#define UDIDETCR1 0x7B
450
98087450
FB		 451typedef struct BMDMAState {
452 uint8_t cmd;
453 uint8_t status;
454 uint32_t addr;
3b46e624 455
5457c8ce 456 struct PCIIDEState *pci_dev;
98087450 457 /* current transfer state */
8ccad811
FB		 458 uint32_t cur_addr;
459 uint32_t cur_prd_last;
460 uint32_t cur_prd_addr;
461 uint32_t cur_prd_len;
98087450 462 IDEState *ide_if;
8ccad811
FB		 463 BlockDriverCompletionFunc *dma_cb;
464 BlockDriverAIOCB *aiocb;
98087450
FB		 465} BMDMAState;
466
467typedef struct PCIIDEState {
468 PCIDevice dev;
469 IDEState ide_if[4];
470 BMDMAState bmdma[2];
5457c8ce 471 int type; /* see IDE_TYPE_xxx */
98087450
FB		 472} PCIIDEState;
473
8ccad811 474static void ide_dma_start(IDEState *s, BlockDriverCompletionFunc *dma_cb);
5f12ab4b 475static void ide_atapi_cmd_read_dma_cb(void *opaque, int ret);
98087450 476
5391d806
FB		 477static void padstr(char *str, const char *src, int len)
478{
479 int i, v;
480 for(i = 0; i < len; i++) {
481 if (*src)
482 v = *src++;
483 else
484 v = ' ';
69b34976 485 str[i^1] = v;
5391d806
FB		 486 }
487}
488
bd0d90b2
FB		 489static void padstr8(uint8_t *buf, int buf_size, const char *src)
490{
491 int i;
492 for(i = 0; i < buf_size; i++) {
493 if (*src)
494 buf[i] = *src++;
495 else
496 buf[i] = ' ';
497 }
498}
499
67b915a5
FB		 500static void put_le16(uint16_t *p, unsigned int v)
501{
0c4ad8dc 502 *p = cpu_to_le16(v);
67b915a5
FB		 503}
504
5391d806
FB		 505static void ide_identify(IDEState *s)
506{
507 uint16_t *p;
508 unsigned int oldsize;
aedf5382 509 char buf[20];
5391d806 510
94458802
FB		 511 if (s->identify_set) {
512 memcpy(s->io_buffer, s->identify_data, sizeof(s->identify_data));
513 return;
514 }
515
5391d806
FB		 516 memset(s->io_buffer, 0, 512);
517 p = (uint16_t *)s->io_buffer;
67b915a5 518 put_le16(p + 0, 0x0040);
5fafdf24 519 put_le16(p + 1, s->cylinders);
67b915a5
FB		 520 put_le16(p + 3, s->heads);
521 put_le16(p + 4, 512 * s->sectors); /* XXX: retired, remove ? */
522 put_le16(p + 5, 512); /* XXX: retired, remove ? */
5fafdf24 523 put_le16(p + 6, s->sectors);
aedf5382 524 snprintf(buf, sizeof(buf), "QM%05d", s->drive_serial);
60fe76f3 525 padstr((char *)(p + 10), buf, 20); /* serial number */
67b915a5
FB		 526 put_le16(p + 20, 3); /* XXX: retired, remove ? */
527 put_le16(p + 21, 512); /* cache size in sectors */
528 put_le16(p + 22, 4); /* ecc bytes */
60fe76f3
TS		 529 padstr((char *)(p + 23), QEMU_VERSION, 8); /* firmware version */
530 padstr((char *)(p + 27), "QEMU HARDDISK", 40); /* model */
3b46e624 531#if MAX_MULT_SECTORS > 1
67b915a5 532 put_le16(p + 47, 0x8000 | MAX_MULT_SECTORS);
5391d806 533#endif
67b915a5 534 put_le16(p + 48, 1); /* dword I/O */
94458802 535 put_le16(p + 49, (1 << 11) | (1 << 9) | (1 << 8)); /* DMA and LBA supported */
67b915a5
FB		 536 put_le16(p + 51, 0x200); /* PIO transfer cycle */
537 put_le16(p + 52, 0x200); /* DMA transfer cycle */
94458802 538 put_le16(p + 53, 1 | (1 << 1) | (1 << 2)); /* words 54-58,64-70,88 are valid */
67b915a5
FB		 539 put_le16(p + 54, s->cylinders);
540 put_le16(p + 55, s->heads);
541 put_le16(p + 56, s->sectors);
5391d806 542 oldsize = s->cylinders * s->heads * s->sectors;
67b915a5
FB		 543 put_le16(p + 57, oldsize);
544 put_le16(p + 58, oldsize >> 16);
5391d806 545 if (s->mult_sectors)
67b915a5
FB		 546 put_le16(p + 59, 0x100 | s->mult_sectors);
547 put_le16(p + 60, s->nb_sectors);
548 put_le16(p + 61, s->nb_sectors >> 16);
94458802
FB		 549 put_le16(p + 63, 0x07); /* mdma0-2 supported */
550 put_le16(p + 65, 120);
551 put_le16(p + 66, 120);
552 put_le16(p + 67, 120);
553 put_le16(p + 68, 120);
554 put_le16(p + 80, 0xf0); /* ata3 -> ata6 supported */
555 put_le16(p + 81, 0x16); /* conforms to ata5 */
67b915a5 556 put_le16(p + 82, (1 << 14));
c2ff060f
FB		 557 /* 13=flush_cache_ext,12=flush_cache,10=lba48 */
558 put_le16(p + 83, (1 << 14) | (1 << 13) | (1 <<12) | (1 << 10));
67b915a5
FB		 559 put_le16(p + 84, (1 << 14));
560 put_le16(p + 85, (1 << 14));
c2ff060f
FB		 561 /* 13=flush_cache_ext,12=flush_cache,10=lba48 */
562 put_le16(p + 86, (1 << 14) | (1 << 13) | (1 <<12) | (1 << 10));
67b915a5 563 put_le16(p + 87, (1 << 14));
94458802
FB		 564 put_le16(p + 88, 0x3f | (1 << 13)); /* udma5 set and supported */
565 put_le16(p + 93, 1 | (1 << 14) | 0x2000);
c2ff060f
FB		 566 put_le16(p + 100, s->nb_sectors);
567 put_le16(p + 101, s->nb_sectors >> 16);
568 put_le16(p + 102, s->nb_sectors >> 32);
569 put_le16(p + 103, s->nb_sectors >> 48);
94458802
FB		 570
571 memcpy(s->identify_data, p, sizeof(s->identify_data));
572 s->identify_set = 1;
5391d806
FB		 573}
574
575static void ide_atapi_identify(IDEState *s)
576{
577 uint16_t *p;
aedf5382 578 char buf[20];
5391d806 579
94458802
FB		 580 if (s->identify_set) {
581 memcpy(s->io_buffer, s->identify_data, sizeof(s->identify_data));
582 return;
583 }
584
5391d806
FB		 585 memset(s->io_buffer, 0, 512);
586 p = (uint16_t *)s->io_buffer;
587 /* Removable CDROM, 50us response, 12 byte packets */
67b915a5 588 put_le16(p + 0, (2 << 14) | (5 << 8) | (1 << 7) | (2 << 5) | (0 << 0));
aedf5382 589 snprintf(buf, sizeof(buf), "QM%05d", s->drive_serial);
60fe76f3 590 padstr((char *)(p + 10), buf, 20); /* serial number */
67b915a5
FB		 591 put_le16(p + 20, 3); /* buffer type */
592 put_le16(p + 21, 512); /* cache size in sectors */
593 put_le16(p + 22, 4); /* ecc bytes */
60fe76f3 594 padstr((char *)(p + 23), QEMU_VERSION, 8); /* firmware version */
38cdea7c 595 padstr((char *)(p + 27), "QEMU DVD-ROM", 40); /* model */
67b915a5 596 put_le16(p + 48, 1); /* dword I/O (XXX: should not be set on CDROM) */
8ccad811
FB		 597#ifdef USE_DMA_CDROM
598 put_le16(p + 49, 1 << 9 | 1 << 8); /* DMA and LBA supported */
599 put_le16(p + 53, 7); /* words 64-70, 54-58, 88 valid */
600 put_le16(p + 63, 7); /* mdma0-2 supported */
601 put_le16(p + 64, 0x3f); /* PIO modes supported */
602#else
67b915a5
FB		 603 put_le16(p + 49, 1 << 9); /* LBA supported, no DMA */
604 put_le16(p + 53, 3); /* words 64-70, 54-58 valid */
605 put_le16(p + 63, 0x103); /* DMA modes XXX: may be incorrect */
606 put_le16(p + 64, 1); /* PIO modes */
8ccad811 607#endif
67b915a5
FB		 608 put_le16(p + 65, 0xb4); /* minimum DMA multiword tx cycle time */
609 put_le16(p + 66, 0xb4); /* recommended DMA multiword tx cycle time */
610 put_le16(p + 67, 0x12c); /* minimum PIO cycle time without flow control */
611 put_le16(p + 68, 0xb4); /* minimum PIO cycle time with IORDY flow control */
94458802 612
67b915a5
FB		 613 put_le16(p + 71, 30); /* in ns */
614 put_le16(p + 72, 30); /* in ns */
5391d806 615
67b915a5 616 put_le16(p + 80, 0x1e); /* support up to ATA/ATAPI-4 */
8ccad811
FB		 617#ifdef USE_DMA_CDROM
618 put_le16(p + 88, 0x3f | (1 << 13)); /* udma5 set and supported */
619#endif
94458802
FB		 620 memcpy(s->identify_data, p, sizeof(s->identify_data));
621 s->identify_set = 1;
5391d806
FB		 622}
623
201a51fc
AZ		 624static void ide_cfata_identify(IDEState *s)
625{
626 uint16_t *p;
627 uint32_t cur_sec;
628 char buf[20];
629
630 p = (uint16_t *) s->identify_data;
631 if (s->identify_set)
632 goto fill_buffer;
633
634 memset(p, 0, sizeof(s->identify_data));
635
636 cur_sec = s->cylinders * s->heads * s->sectors;
637
638 put_le16(p + 0, 0x848a); /* CF Storage Card signature */
639 put_le16(p + 1, s->cylinders); /* Default cylinders */
640 put_le16(p + 3, s->heads); /* Default heads */
641 put_le16(p + 6, s->sectors); /* Default sectors per track */
642 put_le16(p + 7, s->nb_sectors >> 16); /* Sectors per card */
643 put_le16(p + 8, s->nb_sectors); /* Sectors per card */
644 snprintf(buf, sizeof(buf), "QM%05d", s->drive_serial);
60fe76f3 645 padstr((char *)(p + 10), buf, 20); /* Serial number in ASCII */
201a51fc 646 put_le16(p + 22, 0x0004); /* ECC bytes */
60fe76f3
TS		 647 padstr((char *) (p + 23), QEMU_VERSION, 8); /* Firmware Revision */
648 padstr((char *) (p + 27), "QEMU MICRODRIVE", 40);/* Model number */
201a51fc
AZ		 649#if MAX_MULT_SECTORS > 1
650 put_le16(p + 47, 0x8000 | MAX_MULT_SECTORS);
651#else
652 put_le16(p + 47, 0x0000);
653#endif
654 put_le16(p + 49, 0x0f00); /* Capabilities */
655 put_le16(p + 51, 0x0002); /* PIO cycle timing mode */
656 put_le16(p + 52, 0x0001); /* DMA cycle timing mode */
657 put_le16(p + 53, 0x0003); /* Translation params valid */
658 put_le16(p + 54, s->cylinders); /* Current cylinders */
659 put_le16(p + 55, s->heads); /* Current heads */
660 put_le16(p + 56, s->sectors); /* Current sectors */
661 put_le16(p + 57, cur_sec); /* Current capacity */
662 put_le16(p + 58, cur_sec >> 16); /* Current capacity */
663 if (s->mult_sectors) /* Multiple sector setting */
664 put_le16(p + 59, 0x100 | s->mult_sectors);
665 put_le16(p + 60, s->nb_sectors); /* Total LBA sectors */
666 put_le16(p + 61, s->nb_sectors >> 16); /* Total LBA sectors */
667 put_le16(p + 63, 0x0203); /* Multiword DMA capability */
668 put_le16(p + 64, 0x0001); /* Flow Control PIO support */
669 put_le16(p + 65, 0x0096); /* Min. Multiword DMA cycle */
670 put_le16(p + 66, 0x0096); /* Rec. Multiword DMA cycle */
671 put_le16(p + 68, 0x00b4); /* Min. PIO cycle time */
672 put_le16(p + 82, 0x400c); /* Command Set supported */
673 put_le16(p + 83, 0x7068); /* Command Set supported */
674 put_le16(p + 84, 0x4000); /* Features supported */
675 put_le16(p + 85, 0x000c); /* Command Set enabled */
676 put_le16(p + 86, 0x7044); /* Command Set enabled */
677 put_le16(p + 87, 0x4000); /* Features enabled */
678 put_le16(p + 91, 0x4060); /* Current APM level */
679 put_le16(p + 129, 0x0002); /* Current features option */
680 put_le16(p + 130, 0x0005); /* Reassigned sectors */
681 put_le16(p + 131, 0x0001); /* Initial power mode */
682 put_le16(p + 132, 0x0000); /* User signature */
683 put_le16(p + 160, 0x8100); /* Power requirement */
684 put_le16(p + 161, 0x8001); /* CF command set */
685
686 s->identify_set = 1;
687
688fill_buffer:
689 memcpy(s->io_buffer, p, sizeof(s->identify_data));
690}
691
5391d806
FB		 692static void ide_set_signature(IDEState *s)
693{
694 s->select &= 0xf0; /* clear head */
695 /* put signature */
696 s->nsector = 1;
697 s->sector = 1;
698 if (s->is_cdrom) {
699 s->lcyl = 0x14;
700 s->hcyl = 0xeb;
701 } else if (s->bs) {
702 s->lcyl = 0;
703 s->hcyl = 0;
704 } else {
705 s->lcyl = 0xff;
706 s->hcyl = 0xff;
707 }
708}
709
710static inline void ide_abort_command(IDEState *s)
711{
712 s->status = READY_STAT | ERR_STAT;
713 s->error = ABRT_ERR;
714}
715
716static inline void ide_set_irq(IDEState *s)
717{
98ff7d30 718 BMDMAState *bm = s->bmdma;
5391d806 719 if (!(s->cmd & IDE_CMD_DISABLE_IRQ)) {
5457c8ce 720 if (bm) {
98ff7d30 721 bm->status |= BM_STATUS_INT;
5457c8ce 722 }
d537cf6c 723 qemu_irq_raise(s->irq);
5391d806
FB		 724 }
725}
726
727/* prepare data transfer and tell what to do after */
5fafdf24 728static void ide_transfer_start(IDEState *s, uint8_t *buf, int size,
5391d806
FB		 729 EndTransferFunc *end_transfer_func)
730{
731 s->end_transfer_func = end_transfer_func;
732 s->data_ptr = buf;
733 s->data_end = buf + size;
7603d156
TS		 734 if (!(s->status & ERR_STAT))
735 s->status |= DRQ_STAT;
5391d806
FB		 736}
737
738static void ide_transfer_stop(IDEState *s)
739{
740 s->end_transfer_func = ide_transfer_stop;
741 s->data_ptr = s->io_buffer;
742 s->data_end = s->io_buffer;
743 s->status &= ~DRQ_STAT;
744}
745
746static int64_t ide_get_sector(IDEState *s)
747{
748 int64_t sector_num;
749 if (s->select & 0x40) {
750 /* lba */
c2ff060f
FB		 751 if (!s->lba48) {
752 sector_num = ((s->select & 0x0f) << 24) | (s->hcyl << 16) |
753 (s->lcyl << 8) | s->sector;
754 } else {
755 sector_num = ((int64_t)s->hob_hcyl << 40) |
756 ((int64_t) s->hob_lcyl << 32) |
757 ((int64_t) s->hob_sector << 24) |
758 ((int64_t) s->hcyl << 16) |
759 ((int64_t) s->lcyl << 8) | s->sector;
760 }
5391d806
FB		 761 } else {
762 sector_num = ((s->hcyl << 8) | s->lcyl) * s->heads * s->sectors +
c2ff060f 763 (s->select & 0x0f) * s->sectors + (s->sector - 1);
5391d806
FB		 764 }
765 return sector_num;
766}
767
768static void ide_set_sector(IDEState *s, int64_t sector_num)
769{
770 unsigned int cyl, r;
771 if (s->select & 0x40) {
c2ff060f
FB		 772 if (!s->lba48) {
773 s->select = (s->select & 0xf0) | (sector_num >> 24);
774 s->hcyl = (sector_num >> 16);
775 s->lcyl = (sector_num >> 8);
776 s->sector = (sector_num);
777 } else {
778 s->sector = sector_num;
779 s->lcyl = sector_num >> 8;
780 s->hcyl = sector_num >> 16;
781 s->hob_sector = sector_num >> 24;
782 s->hob_lcyl = sector_num >> 32;
783 s->hob_hcyl = sector_num >> 40;
784 }
5391d806
FB		 785 } else {
786 cyl = sector_num / (s->heads * s->sectors);
787 r = sector_num % (s->heads * s->sectors);
788 s->hcyl = cyl >> 8;
789 s->lcyl = cyl;
1b8eb456 790 s->select = (s->select & 0xf0) | ((r / s->sectors) & 0x0f);
5391d806
FB		 791 s->sector = (r % s->sectors) + 1;
792 }
793}
794
795static void ide_sector_read(IDEState *s)
796{
797 int64_t sector_num;
798 int ret, n;
799
800 s->status = READY_STAT | SEEK_STAT;
a136e5a8 801 s->error = 0; /* not needed by IDE spec, but needed by Windows */
5391d806
FB		 802 sector_num = ide_get_sector(s);
803 n = s->nsector;
804 if (n == 0) {
805 /* no more sector to read from disk */
806 ide_transfer_stop(s);
807 } else {
808#if defined(DEBUG_IDE)
809 printf("read sector=%Ld\n", sector_num);
810#endif
811 if (n > s->req_nb_sectors)
812 n = s->req_nb_sectors;
813 ret = bdrv_read(s->bs, sector_num, s->io_buffer, n);
814 ide_transfer_start(s, s->io_buffer, 512 * n, ide_sector_read);
815 ide_set_irq(s);
816 ide_set_sector(s, sector_num + n);
817 s->nsector -= n;
818 }
819}
820
8ccad811
FB		 821/* return 0 if buffer completed */
822static int dma_buf_rw(BMDMAState *bm, int is_write)
98087450 823{
8ccad811
FB		 824 IDEState *s = bm->ide_if;
825 struct {
826 uint32_t addr;
827 uint32_t size;
828 } prd;
829 int l, len;
98087450 830
8ccad811
FB		 831 for(;;) {
832 l = s->io_buffer_size - s->io_buffer_index;
5fafdf24 833 if (l <= 0)
8ccad811
FB		 834 break;
835 if (bm->cur_prd_len == 0) {
836 /* end of table (with a fail safe of one page) */
837 if (bm->cur_prd_last ||
838 (bm->cur_addr - bm->addr) >= 4096)
839 return 0;
840 cpu_physical_memory_read(bm->cur_addr, (uint8_t *)&prd, 8);
841 bm->cur_addr += 8;
842 prd.addr = le32_to_cpu(prd.addr);
843 prd.size = le32_to_cpu(prd.size);
844 len = prd.size & 0xfffe;
845 if (len == 0)
846 len = 0x10000;
847 bm->cur_prd_len = len;
848 bm->cur_prd_addr = prd.addr;
849 bm->cur_prd_last = (prd.size & 0x80000000);
850 }
851 if (l > bm->cur_prd_len)
852 l = bm->cur_prd_len;
853 if (l > 0) {
854 if (is_write) {
5fafdf24 855 cpu_physical_memory_write(bm->cur_prd_addr,
8ccad811
FB		 856 s->io_buffer + s->io_buffer_index, l);
857 } else {
5fafdf24 858 cpu_physical_memory_read(bm->cur_prd_addr,
8ccad811
FB		 859 s->io_buffer + s->io_buffer_index, l);
860 }
861 bm->cur_prd_addr += l;
862 bm->cur_prd_len -= l;
863 s->io_buffer_index += l;
98087450 864 }
98087450 865 }
8ccad811
FB		 866 return 1;
867}
868
869/* XXX: handle errors */
870static void ide_read_dma_cb(void *opaque, int ret)
871{
872 BMDMAState *bm = opaque;
873 IDEState *s = bm->ide_if;
874 int n;
875 int64_t sector_num;
876
877 n = s->io_buffer_size >> 9;
878 sector_num = ide_get_sector(s);
879 if (n > 0) {
880 sector_num += n;
881 ide_set_sector(s, sector_num);
882 s->nsector -= n;
883 if (dma_buf_rw(bm, 1) == 0)
884 goto eot;
885 }
886
887 /* end of transfer ? */
888 if (s->nsector == 0) {
98087450
FB		 889 s->status = READY_STAT | SEEK_STAT;
890 ide_set_irq(s);
8ccad811
FB		 891 eot:
892 bm->status &= ~BM_STATUS_DMAING;
893 bm->status |= BM_STATUS_INT;
894 bm->dma_cb = NULL;
895 bm->ide_if = NULL;
896 bm->aiocb = NULL;
897 return;
98087450 898 }
8ccad811
FB		 899
900 /* launch next transfer */
901 n = s->nsector;
902 if (n > MAX_MULT_SECTORS)
903 n = MAX_MULT_SECTORS;
904 s->io_buffer_index = 0;
905 s->io_buffer_size = n * 512;
906#ifdef DEBUG_AIO
907 printf("aio_read: sector_num=%lld n=%d\n", sector_num, n);
908#endif
5fafdf24 909 bm->aiocb = bdrv_aio_read(s->bs, sector_num, s->io_buffer, n,
8ccad811 910 ide_read_dma_cb, bm);
98087450
FB		 911}
912
913static void ide_sector_read_dma(IDEState *s)
914{
8ccad811 915 s->status = READY_STAT | SEEK_STAT | DRQ_STAT | BUSY_STAT;
98087450
FB		 916 s->io_buffer_index = 0;
917 s->io_buffer_size = 0;
918 ide_dma_start(s, ide_read_dma_cb);
919}
920
a09db21f
FB		 921static void ide_sector_write_timer_cb(void *opaque)
922{
923 IDEState *s = opaque;
924 ide_set_irq(s);
925}
926
5391d806
FB		 927static void ide_sector_write(IDEState *s)
928{
929 int64_t sector_num;
31c2a146 930 int ret, n, n1;
5391d806
FB		 931
932 s->status = READY_STAT | SEEK_STAT;
933 sector_num = ide_get_sector(s);
934#if defined(DEBUG_IDE)
935 printf("write sector=%Ld\n", sector_num);
936#endif
937 n = s->nsector;
938 if (n > s->req_nb_sectors)
939 n = s->req_nb_sectors;
31c2a146 940 ret = bdrv_write(s->bs, sector_num, s->io_buffer, n);
5391d806
FB		 941 s->nsector -= n;
942 if (s->nsector == 0) {
292eef5a 943 /* no more sectors to write */
5391d806
FB		 944 ide_transfer_stop(s);
945 } else {
946 n1 = s->nsector;
947 if (n1 > s->req_nb_sectors)
948 n1 = s->req_nb_sectors;
949 ide_transfer_start(s, s->io_buffer, 512 * n1, ide_sector_write);
950 }
951 ide_set_sector(s, sector_num + n);
3b46e624 952
31c2a146
TS		 953#ifdef TARGET_I386
954 if (win2k_install_hack && ((++s->irq_count % 16) == 0)) {
955 /* It seems there is a bug in the Windows 2000 installer HDD
956 IDE driver which fills the disk with empty logs when the
957 IDE write IRQ comes too early. This hack tries to correct
958 that at the expense of slower write performances. Use this
959 option _only_ to install Windows 2000. You must disable it
960 for normal use. */
961 qemu_mod_timer(s->sector_write_timer,
962 qemu_get_clock(vm_clock) + (ticks_per_sec / 1000));
963 } else
964#endif
965 {
966 ide_set_irq(s);
967 }
5391d806
FB		 968}
969
8ccad811
FB		 970/* XXX: handle errors */
971static void ide_write_dma_cb(void *opaque, int ret)
98087450 972{
8ccad811
FB		 973 BMDMAState *bm = opaque;
974 IDEState *s = bm->ide_if;
975 int n;
98087450
FB		 976 int64_t sector_num;
977
8ccad811
FB		 978 n = s->io_buffer_size >> 9;
979 sector_num = ide_get_sector(s);
980 if (n > 0) {
981 sector_num += n;
982 ide_set_sector(s, sector_num);
983 s->nsector -= n;
98087450 984 }
98087450 985
8ccad811
FB		 986 /* end of transfer ? */
987 if (s->nsector == 0) {
988 s->status = READY_STAT | SEEK_STAT;
989 ide_set_irq(s);
990 eot:
991 bm->status &= ~BM_STATUS_DMAING;
992 bm->status |= BM_STATUS_INT;
993 bm->dma_cb = NULL;
994 bm->ide_if = NULL;
995 bm->aiocb = NULL;
996 return;
997 }
998
999 /* launch next transfer */
98087450
FB		 1000 n = s->nsector;
1001 if (n > MAX_MULT_SECTORS)
1002 n = MAX_MULT_SECTORS;
1003 s->io_buffer_index = 0;
1004 s->io_buffer_size = n * 512;
8ccad811
FB		 1005
1006 if (dma_buf_rw(bm, 0) == 0)
1007 goto eot;
1008#ifdef DEBUG_AIO
1009 printf("aio_write: sector_num=%lld n=%d\n", sector_num, n);
1010#endif
5fafdf24 1011 bm->aiocb = bdrv_aio_write(s->bs, sector_num, s->io_buffer, n,
8ccad811
FB		 1012 ide_write_dma_cb, bm);
1013}
1014
1015static void ide_sector_write_dma(IDEState *s)
1016{
1017 s->status = READY_STAT | SEEK_STAT | DRQ_STAT | BUSY_STAT;
1018 s->io_buffer_index = 0;
1019 s->io_buffer_size = 0;
98087450
FB		 1020 ide_dma_start(s, ide_write_dma_cb);
1021}
1022
5391d806
FB		 1023static void ide_atapi_cmd_ok(IDEState *s)
1024{
1025 s->error = 0;
1026 s->status = READY_STAT;
1027 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
1028 ide_set_irq(s);
1029}
1030
1031static void ide_atapi_cmd_error(IDEState *s, int sense_key, int asc)
1032{
1033#ifdef DEBUG_IDE_ATAPI
1034 printf("atapi_cmd_error: sense=0x%x asc=0x%x\n", sense_key, asc);
1035#endif
1036 s->error = sense_key << 4;
1037 s->status = READY_STAT | ERR_STAT;
1038 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
1039 s->sense_key = sense_key;
1040 s->asc = asc;
1041 ide_set_irq(s);
1042}
1043
1044static inline void cpu_to_ube16(uint8_t *buf, int val)
1045{
1046 buf[0] = val >> 8;
1047 buf[1] = val;
1048}
1049
1050static inline void cpu_to_ube32(uint8_t *buf, unsigned int val)
1051{
1052 buf[0] = val >> 24;
1053 buf[1] = val >> 16;
1054 buf[2] = val >> 8;
1055 buf[3] = val;
1056}
1057
1058static inline int ube16_to_cpu(const uint8_t *buf)
1059{
1060 return (buf[0] << 8) | buf[1];
1061}
1062
1063static inline int ube32_to_cpu(const uint8_t *buf)
1064{
1065 return (buf[0] << 24) | (buf[1] << 16) | (buf[2] << 8) | buf[3];
1066}
1067
98087450
FB		 1068static void lba_to_msf(uint8_t *buf, int lba)
1069{
1070 lba += 150;
1071 buf[0] = (lba / 75) / 60;
1072 buf[1] = (lba / 75) % 60;
1073 buf[2] = lba % 75;
1074}
1075
8ccad811
FB		 1076static void cd_data_to_raw(uint8_t *buf, int lba)
1077{
1078 /* sync bytes */
1079 buf[0] = 0x00;
1080 memset(buf + 1, 0xff, 10);
1081 buf[11] = 0x00;
1082 buf += 12;
1083 /* MSF */
1084 lba_to_msf(buf, lba);
1085 buf[3] = 0x01; /* mode 1 data */
1086 buf += 4;
1087 /* data */
1088 buf += 2048;
1089 /* XXX: ECC not computed */
1090 memset(buf, 0, 288);
1091}
1092
5fafdf24 1093static int cd_read_sector(BlockDriverState *bs, int lba, uint8_t *buf,
98087450
FB		 1094 int sector_size)
1095{
66c6ef76
FB		 1096 int ret;
1097
98087450
FB		 1098 switch(sector_size) {
1099 case 2048:
66c6ef76 1100 ret = bdrv_read(bs, (int64_t)lba << 2, buf, 4);
98087450
FB		 1101 break;
1102 case 2352:
66c6ef76
FB		 1103 ret = bdrv_read(bs, (int64_t)lba << 2, buf + 16, 4);
1104 if (ret < 0)
1105 return ret;
8ccad811 1106 cd_data_to_raw(buf, lba);
98087450
FB		 1107 break;
1108 default:
66c6ef76 1109 ret = -EIO;
98087450
FB		 1110 break;
1111 }
66c6ef76
FB		 1112 return ret;
1113}
1114
1115static void ide_atapi_io_error(IDEState *s, int ret)
1116{
1117 /* XXX: handle more errors */
1118 if (ret == -ENOMEDIUM) {
5fafdf24 1119 ide_atapi_cmd_error(s, SENSE_NOT_READY,
66c6ef76
FB		 1120 ASC_MEDIUM_NOT_PRESENT);
1121 } else {
5fafdf24 1122 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
66c6ef76
FB		 1123 ASC_LOGICAL_BLOCK_OOR);
1124 }
98087450
FB		 1125}
1126
5391d806
FB		 1127/* The whole ATAPI transfer logic is handled in this function */
1128static void ide_atapi_cmd_reply_end(IDEState *s)
1129{
66c6ef76 1130 int byte_count_limit, size, ret;
5391d806 1131#ifdef DEBUG_IDE_ATAPI
5fafdf24 1132 printf("reply: tx_size=%d elem_tx_size=%d index=%d\n",
5391d806
FB		 1133 s->packet_transfer_size,
1134 s->elementary_transfer_size,
1135 s->io_buffer_index);
1136#endif
1137 if (s->packet_transfer_size <= 0) {
1138 /* end of transfer */
1139 ide_transfer_stop(s);
1140 s->status = READY_STAT;
1141 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
1142 ide_set_irq(s);
1143#ifdef DEBUG_IDE_ATAPI
1144 printf("status=0x%x\n", s->status);
1145#endif
1146 } else {
1147 /* see if a new sector must be read */
98087450 1148 if (s->lba != -1 && s->io_buffer_index >= s->cd_sector_size) {
66c6ef76
FB		 1149 ret = cd_read_sector(s->bs, s->lba, s->io_buffer, s->cd_sector_size);
1150 if (ret < 0) {
1151 ide_transfer_stop(s);
1152 ide_atapi_io_error(s, ret);
1153 return;
1154 }
5391d806
FB		 1155 s->lba++;
1156 s->io_buffer_index = 0;
1157 }
1158 if (s->elementary_transfer_size > 0) {
1159 /* there are some data left to transmit in this elementary
1160 transfer */
98087450 1161 size = s->cd_sector_size - s->io_buffer_index;
5391d806
FB		 1162 if (size > s->elementary_transfer_size)
1163 size = s->elementary_transfer_size;
5fafdf24 1164 ide_transfer_start(s, s->io_buffer + s->io_buffer_index,
5391d806
FB		 1165 size, ide_atapi_cmd_reply_end);
1166 s->packet_transfer_size -= size;
1167 s->elementary_transfer_size -= size;
1168 s->io_buffer_index += size;
1169 } else {
1170 /* a new transfer is needed */
1171 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO;
1172 byte_count_limit = s->lcyl | (s->hcyl << 8);
1173#ifdef DEBUG_IDE_ATAPI
1174 printf("byte_count_limit=%d\n", byte_count_limit);
1175#endif
1176 if (byte_count_limit == 0xffff)
1177 byte_count_limit--;
1178 size = s->packet_transfer_size;
1179 if (size > byte_count_limit) {
1180 /* byte count limit must be even if this case */
1181 if (byte_count_limit & 1)
1182 byte_count_limit--;
1183 size = byte_count_limit;
5391d806 1184 }
a136e5a8
FB		 1185 s->lcyl = size;
1186 s->hcyl = size >> 8;
5391d806
FB		 1187 s->elementary_transfer_size = size;
1188 /* we cannot transmit more than one sector at a time */
1189 if (s->lba != -1) {
98087450
FB		 1190 if (size > (s->cd_sector_size - s->io_buffer_index))
1191 size = (s->cd_sector_size - s->io_buffer_index);
5391d806 1192 }
5fafdf24 1193 ide_transfer_start(s, s->io_buffer + s->io_buffer_index,
5391d806
FB		 1194 size, ide_atapi_cmd_reply_end);
1195 s->packet_transfer_size -= size;
1196 s->elementary_transfer_size -= size;
1197 s->io_buffer_index += size;
1198 ide_set_irq(s);
1199#ifdef DEBUG_IDE_ATAPI
1200 printf("status=0x%x\n", s->status);
1201#endif
1202 }
1203 }
1204}
1205
1206/* send a reply of 'size' bytes in s->io_buffer to an ATAPI command */
1207static void ide_atapi_cmd_reply(IDEState *s, int size, int max_size)
1208{
1209 if (size > max_size)
1210 size = max_size;
1211 s->lba = -1; /* no sector read */
1212 s->packet_transfer_size = size;
5f12ab4b 1213 s->io_buffer_size = size; /* dma: send the reply data as one chunk */
5391d806
FB		 1214 s->elementary_transfer_size = 0;
1215 s->io_buffer_index = 0;
1216
5f12ab4b
TS		 1217 if (s->atapi_dma) {
1218 s->status = READY_STAT | DRQ_STAT;
1219 ide_dma_start(s, ide_atapi_cmd_read_dma_cb);
1220 } else {
1221 s->status = READY_STAT;
1222 ide_atapi_cmd_reply_end(s);
1223 }
5391d806
FB		 1224}
1225
1226/* start a CD-CDROM read command */
98087450
FB		 1227static void ide_atapi_cmd_read_pio(IDEState *s, int lba, int nb_sectors,
1228 int sector_size)
5391d806 1229{
5391d806 1230 s->lba = lba;
98087450 1231 s->packet_transfer_size = nb_sectors * sector_size;
5391d806 1232 s->elementary_transfer_size = 0;
98087450
FB		 1233 s->io_buffer_index = sector_size;
1234 s->cd_sector_size = sector_size;
5391d806
FB		 1235
1236 s->status = READY_STAT;
1237 ide_atapi_cmd_reply_end(s);
1238}
1239
98087450 1240/* ATAPI DMA support */
8ccad811
FB		 1241
1242/* XXX: handle read errors */
1243static void ide_atapi_cmd_read_dma_cb(void *opaque, int ret)
98087450 1244{
8ccad811
FB		 1245 BMDMAState *bm = opaque;
1246 IDEState *s = bm->ide_if;
1247 int data_offset, n;
1248
66c6ef76
FB		 1249 if (ret < 0) {
1250 ide_atapi_io_error(s, ret);
1251 goto eot;
1252 }
1253
8ccad811 1254 if (s->io_buffer_size > 0) {
5f12ab4b
TS		 1255 /*
1256 * For a cdrom read sector command (s->lba != -1),
1257 * adjust the lba for the next s->io_buffer_size chunk
1258 * and dma the current chunk.
1259 * For a command != read (s->lba == -1), just transfer
1260 * the reply data.
1261 */
1262 if (s->lba != -1) {
1263 if (s->cd_sector_size == 2352) {
1264 n = 1;
1265 cd_data_to_raw(s->io_buffer, s->lba);
1266 } else {
1267 n = s->io_buffer_size >> 11;
1268 }
1269 s->lba += n;
1270 }
8ccad811 1271 s->packet_transfer_size -= s->io_buffer_size;
8ccad811
FB		 1272 if (dma_buf_rw(bm, 1) == 0)
1273 goto eot;
98087450 1274 }
8ccad811 1275
98087450
FB		 1276 if (s->packet_transfer_size <= 0) {
1277 s->status = READY_STAT;
1278 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
1279 ide_set_irq(s);
8ccad811
FB		 1280 eot:
1281 bm->status &= ~BM_STATUS_DMAING;
1282 bm->status |= BM_STATUS_INT;
1283 bm->dma_cb = NULL;
1284 bm->ide_if = NULL;
1285 bm->aiocb = NULL;
1286 return;
1287 }
3b46e624 1288
8ccad811
FB		 1289 s->io_buffer_index = 0;
1290 if (s->cd_sector_size == 2352) {
1291 n = 1;
1292 s->io_buffer_size = s->cd_sector_size;
1293 data_offset = 16;
1294 } else {
1295 n = s->packet_transfer_size >> 11;
1296 if (n > (MAX_MULT_SECTORS / 4))
1297 n = (MAX_MULT_SECTORS / 4);
1298 s->io_buffer_size = n * 2048;
1299 data_offset = 0;
98087450 1300 }
8ccad811
FB		 1301#ifdef DEBUG_AIO
1302 printf("aio_read_cd: lba=%u n=%d\n", s->lba, n);
1303#endif
5fafdf24
TS		 1304 bm->aiocb = bdrv_aio_read(s->bs, (int64_t)s->lba << 2,
1305 s->io_buffer + data_offset, n * 4,
8ccad811 1306 ide_atapi_cmd_read_dma_cb, bm);
66c6ef76
FB		 1307 if (!bm->aiocb) {
1308 /* Note: media not present is the most likely case */
5fafdf24 1309 ide_atapi_cmd_error(s, SENSE_NOT_READY,
66c6ef76
FB		 1310 ASC_MEDIUM_NOT_PRESENT);
1311 goto eot;
1312 }
98087450
FB		 1313}
1314
1315/* start a CD-CDROM read command with DMA */
1316/* XXX: test if DMA is available */
1317static void ide_atapi_cmd_read_dma(IDEState *s, int lba, int nb_sectors,
1318 int sector_size)
1319{
1320 s->lba = lba;
1321 s->packet_transfer_size = nb_sectors * sector_size;
8ccad811
FB		 1322 s->io_buffer_index = 0;
1323 s->io_buffer_size = 0;
98087450
FB		 1324 s->cd_sector_size = sector_size;
1325
8ccad811
FB		 1326 /* XXX: check if BUSY_STAT should be set */
1327 s->status = READY_STAT | DRQ_STAT | BUSY_STAT;
98087450
FB		 1328 ide_dma_start(s, ide_atapi_cmd_read_dma_cb);
1329}
1330
5fafdf24 1331static void ide_atapi_cmd_read(IDEState *s, int lba, int nb_sectors,
98087450
FB		 1332 int sector_size)
1333{
1334#ifdef DEBUG_IDE_ATAPI
5f12ab4b
TS		 1335 printf("read %s: LBA=%d nb_sectors=%d\n", s->atapi_dma ? "dma" : "pio",
1336 lba, nb_sectors);
98087450
FB		 1337#endif
1338 if (s->atapi_dma) {
1339 ide_atapi_cmd_read_dma(s, lba, nb_sectors, sector_size);
1340 } else {
1341 ide_atapi_cmd_read_pio(s, lba, nb_sectors, sector_size);
1342 }
1343}
1344
38cdea7c
AZ		 1345static inline uint8_t ide_atapi_set_profile(uint8_t *buf, uint8_t *index,
1346 uint16_t profile)
1347{
1348 uint8_t *buf_profile = buf + 12; /* start of profiles */
1349
1350 buf_profile += ((*index) * 4); /* start of indexed profile */
1351 cpu_to_ube16 (buf_profile, profile);
1352 buf_profile[2] = ((buf_profile[0] == buf[6]) && (buf_profile[1] == buf[7]));
1353
1354 /* each profile adds 4 bytes to the response */
1355 (*index)++;
1356 buf[11] += 4; /* Additional Length */
1357
1358 return 4;
1359}
1360
5391d806
FB		 1361static void ide_atapi_cmd(IDEState *s)
1362{
1363 const uint8_t *packet;
1364 uint8_t *buf;
1365 int max_len;
1366
1367 packet = s->io_buffer;
1368 buf = s->io_buffer;
1369#ifdef DEBUG_IDE_ATAPI
1370 {
1371 int i;
1372 printf("ATAPI limit=0x%x packet:", s->lcyl | (s->hcyl << 8));
1373 for(i = 0; i < ATAPI_PACKET_SIZE; i++) {
1374 printf(" %02x", packet[i]);
1375 }
1376 printf("\n");
1377 }
1378#endif
1379 switch(s->io_buffer[0]) {
1380 case GPCMD_TEST_UNIT_READY:
caed8802 1381 if (bdrv_is_inserted(s->bs)) {
5391d806
FB		 1382 ide_atapi_cmd_ok(s);
1383 } else {
5fafdf24 1384 ide_atapi_cmd_error(s, SENSE_NOT_READY,
5391d806
FB		 1385 ASC_MEDIUM_NOT_PRESENT);
1386 }
1387 break;
d14049ea 1388 case GPCMD_MODE_SENSE_6:
5391d806
FB		 1389 case GPCMD_MODE_SENSE_10:
1390 {
1391 int action, code;
d14049ea
TS		 1392 if (packet[0] == GPCMD_MODE_SENSE_10)
1393 max_len = ube16_to_cpu(packet + 7);
1394 else
1395 max_len = packet[4];
5391d806
FB		 1396 action = packet[2] >> 6;
1397 code = packet[2] & 0x3f;
1398 switch(action) {
1399 case 0: /* current values */
1400 switch(code) {
1401 case 0x01: /* error recovery */
1402 cpu_to_ube16(&buf[0], 16 + 6);
1403 buf[2] = 0x70;
1404 buf[3] = 0;
1405 buf[4] = 0;
1406 buf[5] = 0;
1407 buf[6] = 0;
1408 buf[7] = 0;
1409
1410 buf[8] = 0x01;
1411 buf[9] = 0x06;
1412 buf[10] = 0x00;
1413 buf[11] = 0x05;
1414 buf[12] = 0x00;
1415 buf[13] = 0x00;
1416 buf[14] = 0x00;
1417 buf[15] = 0x00;
1418 ide_atapi_cmd_reply(s, 16, max_len);
1419 break;
1420 case 0x2a:
1421 cpu_to_ube16(&buf[0], 28 + 6);
1422 buf[2] = 0x70;
1423 buf[3] = 0;
1424 buf[4] = 0;
1425 buf[5] = 0;
1426 buf[6] = 0;
1427 buf[7] = 0;
1428
1429 buf[8] = 0x2a;
1430 buf[9] = 0x12;
0d4a05a1 1431 buf[10] = 0x00;
5391d806 1432 buf[11] = 0x00;
3b46e624 1433
5391d806
FB		 1434 buf[12] = 0x70;
1435 buf[13] = 3 << 5;
1436 buf[14] = (1 << 0) | (1 << 3) | (1 << 5);
caed8802 1437 if (bdrv_is_locked(s->bs))
5391d806
FB		 1438 buf[6] |= 1 << 1;
1439 buf[15] = 0x00;
1440 cpu_to_ube16(&buf[16], 706);
1441 buf[18] = 0;
1442 buf[19] = 2;
1443 cpu_to_ube16(&buf[20], 512);
1444 cpu_to_ube16(&buf[22], 706);
1445 buf[24] = 0;
1446 buf[25] = 0;
1447 buf[26] = 0;
1448 buf[27] = 0;
1449 ide_atapi_cmd_reply(s, 28, max_len);
1450 break;
1451 default:
1452 goto error_cmd;
1453 }
1454 break;
1455 case 1: /* changeable values */
1456 goto error_cmd;
1457 case 2: /* default values */
1458 goto error_cmd;
1459 default:
1460 case 3: /* saved values */
5fafdf24 1461 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
5391d806
FB		 1462 ASC_SAVING_PARAMETERS_NOT_SUPPORTED);
1463 break;
1464 }
1465 }
1466 break;
1467 case GPCMD_REQUEST_SENSE:
1468 max_len = packet[4];
1469 memset(buf, 0, 18);
1470 buf[0] = 0x70 | (1 << 7);
1471 buf[2] = s->sense_key;
1472 buf[7] = 10;
1473 buf[12] = s->asc;
1474 ide_atapi_cmd_reply(s, 18, max_len);
1475 break;
1476 case GPCMD_PREVENT_ALLOW_MEDIUM_REMOVAL:
caed8802
FB		 1477 if (bdrv_is_inserted(s->bs)) {
1478 bdrv_set_locked(s->bs, packet[4] & 1);
5391d806
FB		 1479 ide_atapi_cmd_ok(s);
1480 } else {
5fafdf24 1481 ide_atapi_cmd_error(s, SENSE_NOT_READY,
5391d806
FB		 1482 ASC_MEDIUM_NOT_PRESENT);
1483 }
1484 break;
1485 case GPCMD_READ_10:
1486 case GPCMD_READ_12:
1487 {
1488 int nb_sectors, lba;
1489
5391d806
FB		 1490 if (packet[0] == GPCMD_READ_10)
1491 nb_sectors = ube16_to_cpu(packet + 7);
1492 else
1493 nb_sectors = ube32_to_cpu(packet + 6);
1494 lba = ube32_to_cpu(packet + 2);
1495 if (nb_sectors == 0) {
1496 ide_atapi_cmd_ok(s);
1497 break;
1498 }
98087450
FB		 1499 ide_atapi_cmd_read(s, lba, nb_sectors, 2048);
1500 }
1501 break;
1502 case GPCMD_READ_CD:
1503 {
1504 int nb_sectors, lba, transfer_request;
1505
98087450
FB		 1506 nb_sectors = (packet[6] << 16) | (packet[7] << 8) | packet[8];
1507 lba = ube32_to_cpu(packet + 2);
1508 if (nb_sectors == 0) {
1509 ide_atapi_cmd_ok(s);
1510 break;
1511 }
98087450
FB		 1512 transfer_request = packet[9];
1513 switch(transfer_request & 0xf8) {
1514 case 0x00:
1515 /* nothing */
1516 ide_atapi_cmd_ok(s);
1517 break;
1518 case 0x10:
1519 /* normal read */
1520 ide_atapi_cmd_read(s, lba, nb_sectors, 2048);
1521 break;
1522 case 0xf8:
1523 /* read all data */
1524 ide_atapi_cmd_read(s, lba, nb_sectors, 2352);
1525 break;
1526 default:
5fafdf24 1527 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
98087450
FB		 1528 ASC_INV_FIELD_IN_CMD_PACKET);
1529 break;
1530 }
5391d806
FB		 1531 }
1532 break;
1533 case GPCMD_SEEK:
1534 {
96b8f136
TS		 1535 unsigned int lba;
1536 uint64_t total_sectors;
66c6ef76
FB		 1537
1538 bdrv_get_geometry(s->bs, &total_sectors);
1539 total_sectors >>= 2;
96b8f136 1540 if (total_sectors == 0) {
5fafdf24 1541 ide_atapi_cmd_error(s, SENSE_NOT_READY,
5391d806
FB		 1542 ASC_MEDIUM_NOT_PRESENT);
1543 break;
1544 }
1545 lba = ube32_to_cpu(packet + 2);
66c6ef76 1546 if (lba >= total_sectors) {
5fafdf24 1547 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
5391d806
FB		 1548 ASC_LOGICAL_BLOCK_OOR);
1549 break;
1550 }
1551 ide_atapi_cmd_ok(s);
1552 }
1553 break;
1554 case GPCMD_START_STOP_UNIT:
1555 {
1556 int start, eject;
1557 start = packet[4] & 1;
1558 eject = (packet[4] >> 1) & 1;
3b46e624 1559
caed8802
FB		 1560 if (eject && !start) {
1561 /* eject the disk */
66c6ef76
FB		 1562 bdrv_eject(s->bs, 1);
1563 } else if (eject && start) {
1564 /* close the tray */
1565 bdrv_eject(s->bs, 0);
caed8802 1566 }
5391d806
FB		 1567 ide_atapi_cmd_ok(s);
1568 }
1569 break;
1570 case GPCMD_MECHANISM_STATUS:
1571 {
1572 max_len = ube16_to_cpu(packet + 8);
1573 cpu_to_ube16(buf, 0);
1574 /* no current LBA */
1575 buf[2] = 0;
1576 buf[3] = 0;
1577 buf[4] = 0;
1578 buf[5] = 1;
1579 cpu_to_ube16(buf + 6, 0);
1580 ide_atapi_cmd_reply(s, 8, max_len);
1581 }
1582 break;
1583 case GPCMD_READ_TOC_PMA_ATIP:
1584 {
1585 int format, msf, start_track, len;
96b8f136 1586 uint64_t total_sectors;
5391d806 1587
66c6ef76
FB		 1588 bdrv_get_geometry(s->bs, &total_sectors);
1589 total_sectors >>= 2;
96b8f136 1590 if (total_sectors == 0) {
5fafdf24 1591 ide_atapi_cmd_error(s, SENSE_NOT_READY,
5391d806
FB		 1592 ASC_MEDIUM_NOT_PRESENT);
1593 break;
1594 }
1595 max_len = ube16_to_cpu(packet + 7);
1596 format = packet[9] >> 6;
1597 msf = (packet[1] >> 1) & 1;
1598 start_track = packet[6];
1599 switch(format) {
1600 case 0:
66c6ef76 1601 len = cdrom_read_toc(total_sectors, buf, msf, start_track);
5391d806
FB		 1602 if (len < 0)
1603 goto error_cmd;
1604 ide_atapi_cmd_reply(s, len, max_len);
1605 break;
1606 case 1:
1607 /* multi session : only a single session defined */
1608 memset(buf, 0, 12);
1609 buf[1] = 0x0a;
1610 buf[2] = 0x01;
1611 buf[3] = 0x01;
1612 ide_atapi_cmd_reply(s, 12, max_len);
1613 break;
98087450 1614 case 2:
66c6ef76 1615 len = cdrom_read_toc_raw(total_sectors, buf, msf, start_track);
98087450
FB		 1616 if (len < 0)
1617 goto error_cmd;
1618 ide_atapi_cmd_reply(s, len, max_len);
1619 break;
5391d806 1620 default:
7f777bf3 1621 error_cmd:
5fafdf24 1622 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
7f777bf3
FB		 1623 ASC_INV_FIELD_IN_CMD_PACKET);
1624 break;
5391d806
FB		 1625 }
1626 }
1627 break;
1628 case GPCMD_READ_CDVD_CAPACITY:
66c6ef76 1629 {
96b8f136 1630 uint64_t total_sectors;
66c6ef76
FB		 1631
1632 bdrv_get_geometry(s->bs, &total_sectors);
1633 total_sectors >>= 2;
96b8f136 1634 if (total_sectors == 0) {
5fafdf24 1635 ide_atapi_cmd_error(s, SENSE_NOT_READY,
66c6ef76
FB		 1636 ASC_MEDIUM_NOT_PRESENT);
1637 break;
1638 }
1639 /* NOTE: it is really the number of sectors minus 1 */
1640 cpu_to_ube32(buf, total_sectors - 1);
1641 cpu_to_ube32(buf + 4, 2048);
1642 ide_atapi_cmd_reply(s, 8, 8);
5391d806 1643 }
5391d806 1644 break;
d14049ea
TS		 1645 case GPCMD_READ_DVD_STRUCTURE:
1646 {
1647 int media = packet[1];
1648 int layer = packet[6];
1649 int format = packet[2];
96b8f136 1650 uint64_t total_sectors;
d14049ea
TS		 1651
1652 if (media != 0 || layer != 0)
1653 {
1654 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1655 ASC_INV_FIELD_IN_CMD_PACKET);
1656 }
1657
1658 switch (format) {
1659 case 0:
1660 bdrv_get_geometry(s->bs, &total_sectors);
1661 total_sectors >>= 2;
96b8f136
TS		 1662 if (total_sectors == 0) {
1663 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1664 ASC_MEDIUM_NOT_PRESENT);
1665 break;
1666 }
d14049ea
TS		 1667
1668 memset(buf, 0, 2052);
1669
1670 buf[4] = 1; // DVD-ROM, part version 1
1671 buf[5] = 0xf; // 120mm disc, maximum rate unspecified
1672 buf[6] = 0; // one layer, embossed data
1673 buf[7] = 0;
1674
1675 cpu_to_ube32(buf + 8, 0);
1676 cpu_to_ube32(buf + 12, total_sectors - 1);
1677 cpu_to_ube32(buf + 16, total_sectors - 1);
1678
1679 cpu_to_be16wu((uint16_t *)buf, 2048 + 4);
1680
1681 ide_atapi_cmd_reply(s, 2048 + 3, 2048 + 4);
1682 break;
1683
1684 default:
1685 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1686 ASC_INV_FIELD_IN_CMD_PACKET);
1687 break;
1688 }
1689 }
1690 break;
1691 case GPCMD_SET_SPEED:
1692 ide_atapi_cmd_ok(s);
1693 break;
bd0d90b2
FB		 1694 case GPCMD_INQUIRY:
1695 max_len = packet[4];
1696 buf[0] = 0x05; /* CD-ROM */
1697 buf[1] = 0x80; /* removable */
1698 buf[2] = 0x00; /* ISO */
1699 buf[3] = 0x21; /* ATAPI-2 (XXX: put ATAPI-4 ?) */
aa1f17c1 1700 buf[4] = 31; /* additional length */
bd0d90b2
FB		 1701 buf[5] = 0; /* reserved */
1702 buf[6] = 0; /* reserved */
1703 buf[7] = 0; /* reserved */
1704 padstr8(buf + 8, 8, "QEMU");
38cdea7c 1705 padstr8(buf + 16, 16, "QEMU DVD-ROM");
bd0d90b2
FB		 1706 padstr8(buf + 32, 4, QEMU_VERSION);
1707 ide_atapi_cmd_reply(s, 36, max_len);
1708 break;
d14049ea
TS		 1709 case GPCMD_GET_CONFIGURATION:
1710 {
38cdea7c 1711 uint32_t len;
d14049ea
TS		 1712
1713 /* only feature 0 is supported */
1714 if (packet[2] != 0 || packet[3] != 0) {
1715 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1716 ASC_INV_FIELD_IN_CMD_PACKET);
1717 break;
1718 }
38cdea7c
AZ		 1719
1720 /* XXX: could result in alignment problems in some architectures */
1721 max_len = ube16_to_cpu(packet + 7);
1722 /*
1723 * XXX: avoid overflow for io_buffer if max_len is bigger than the
1724 * size of that buffer (dimensioned to max number of sectors
1725 * to transfer at once)
1726 *
1727 * Only a problem if the feature/profiles grow exponentially.
1728 */
1729 if (max_len > 512) /* XXX: assume 1 sector */
1730 max_len = 512;
1731
1732 memset(buf, 0, max_len);
1733 /*
1734 * the number of sectors from the media tells us which profile
1735 * to use as current. 0 means there is no media
1736 *
1737 * XXX: fails to detect correctly DVDs with less data burned
1738 * than what a CD can hold
1739 */
1740 if ((s -> nb_sectors)) {
1741 if ((s -> nb_sectors > CD_MAX_SECTORS))
1742 cpu_to_ube16(buf + 6, MMC_PROFILE_DVD_ROM);
1743 else
1744 cpu_to_ube16(buf + 6, MMC_PROFILE_CD_ROM);
1745 }
1746
1747 len = 8; /* header completed */
1748 if (max_len > len) {
1749 uint8_t index = 0;
1750
1751 buf[10] = 0x02 | 0x01; /* persistent and current */
1752 len += 4; /* header */
1753 len += ide_atapi_set_profile(buf, &index, MMC_PROFILE_DVD_ROM);
1754 len += ide_atapi_set_profile(buf, &index, MMC_PROFILE_CD_ROM);
1755 }
1756 cpu_to_ube32(buf, len - 4); /* data length */
1757
1758 ide_atapi_cmd_reply(s, len, max_len);
d14049ea
TS		 1759 break;
1760 }
5391d806 1761 default:
5fafdf24 1762 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
7f777bf3 1763 ASC_ILLEGAL_OPCODE);
5391d806
FB		 1764 break;
1765 }
1766}
1767
201a51fc
AZ		 1768static void ide_cfata_metadata_inquiry(IDEState *s)
1769{
1770 uint16_t *p;
1771 uint32_t spd;
1772
1773 p = (uint16_t *) s->io_buffer;
1774 memset(p, 0, 0x200);
1775 spd = ((s->mdata_size - 1) >> 9) + 1;
1776
1777 put_le16(p + 0, 0x0001); /* Data format revision */
1778 put_le16(p + 1, 0x0000); /* Media property: silicon */
1779 put_le16(p + 2, s->media_changed); /* Media status */
1780 put_le16(p + 3, s->mdata_size & 0xffff); /* Capacity in bytes (low) */
1781 put_le16(p + 4, s->mdata_size >> 16); /* Capacity in bytes (high) */
1782 put_le16(p + 5, spd & 0xffff); /* Sectors per device (low) */
1783 put_le16(p + 6, spd >> 16); /* Sectors per device (high) */
1784}
1785
1786static void ide_cfata_metadata_read(IDEState *s)
1787{
1788 uint16_t *p;
1789
1790 if (((s->hcyl << 16) | s->lcyl) << 9 > s->mdata_size + 2) {
1791 s->status = ERR_STAT;
1792 s->error = ABRT_ERR;
1793 return;
1794 }
1795
1796 p = (uint16_t *) s->io_buffer;
1797 memset(p, 0, 0x200);
1798
1799 put_le16(p + 0, s->media_changed); /* Media status */
1800 memcpy(p + 1, s->mdata_storage + (((s->hcyl << 16) | s->lcyl) << 9),
1801 MIN(MIN(s->mdata_size - (((s->hcyl << 16) | s->lcyl) << 9),
1802 s->nsector << 9), 0x200 - 2));
1803}
1804
1805static void ide_cfata_metadata_write(IDEState *s)
1806{
1807 if (((s->hcyl << 16) | s->lcyl) << 9 > s->mdata_size + 2) {
1808 s->status = ERR_STAT;
1809 s->error = ABRT_ERR;
1810 return;
1811 }
1812
1813 s->media_changed = 0;
1814
1815 memcpy(s->mdata_storage + (((s->hcyl << 16) | s->lcyl) << 9),
1816 s->io_buffer + 2,
1817 MIN(MIN(s->mdata_size - (((s->hcyl << 16) | s->lcyl) << 9),
1818 s->nsector << 9), 0x200 - 2));
1819}
1820
bd491d6a
TS		 1821/* called when the inserted state of the media has changed */
1822static void cdrom_change_cb(void *opaque)
1823{
1824 IDEState *s = opaque;
96b8f136 1825 uint64_t nb_sectors;
bd491d6a
TS		 1826
1827 /* XXX: send interrupt too */
1828 bdrv_get_geometry(s->bs, &nb_sectors);
1829 s->nb_sectors = nb_sectors;
1830}
1831
c2ff060f
FB		 1832static void ide_cmd_lba48_transform(IDEState *s, int lba48)
1833{
1834 s->lba48 = lba48;
1835
1836 /* handle the 'magic' 0 nsector count conversion here. to avoid
1837 * fiddling with the rest of the read logic, we just store the
1838 * full sector count in ->nsector and ignore ->hob_nsector from now
1839 */
1840 if (!s->lba48) {
1841 if (!s->nsector)
1842 s->nsector = 256;
1843 } else {
1844 if (!s->nsector && !s->hob_nsector)
1845 s->nsector = 65536;
1846 else {
1847 int lo = s->nsector;
1848 int hi = s->hob_nsector;
1849
1850 s->nsector = (hi << 8) | lo;
1851 }
1852 }
1853}
1854
1855static void ide_clear_hob(IDEState *ide_if)
1856{
1857 /* any write clears HOB high bit of device control register */
1858 ide_if[0].select &= ~(1 << 7);
1859 ide_if[1].select &= ~(1 << 7);
1860}
1861
caed8802
FB		 1862static void ide_ioport_write(void *opaque, uint32_t addr, uint32_t val)
1863{
1864 IDEState *ide_if = opaque;
c45c3d00 1865 IDEState *s;
5391d806 1866 int unit, n;
c2ff060f 1867 int lba48 = 0;
5391d806
FB		 1868
1869#ifdef DEBUG_IDE
1870 printf("IDE: write addr=0x%x val=0x%02x\n", addr, val);
1871#endif
c2ff060f 1872
5391d806
FB		 1873 addr &= 7;
1874 switch(addr) {
1875 case 0:
1876 break;
1877 case 1:
c2ff060f 1878 ide_clear_hob(ide_if);
c45c3d00 1879 /* NOTE: data is written to the two drives */
c2ff060f
FB		 1880 ide_if[0].hob_feature = ide_if[0].feature;
1881 ide_if[1].hob_feature = ide_if[1].feature;
c45c3d00
FB		 1882 ide_if[0].feature = val;
1883 ide_if[1].feature = val;
5391d806
FB		 1884 break;
1885 case 2:
c2ff060f
FB		 1886 ide_clear_hob(ide_if);
1887 ide_if[0].hob_nsector = ide_if[0].nsector;
1888 ide_if[1].hob_nsector = ide_if[1].nsector;
c45c3d00
FB		 1889 ide_if[0].nsector = val;
1890 ide_if[1].nsector = val;
5391d806
FB		 1891 break;
1892 case 3:
c2ff060f
FB		 1893 ide_clear_hob(ide_if);
1894 ide_if[0].hob_sector = ide_if[0].sector;
1895 ide_if[1].hob_sector = ide_if[1].sector;
c45c3d00
FB		 1896 ide_if[0].sector = val;
1897 ide_if[1].sector = val;
5391d806
FB		 1898 break;
1899 case 4:
c2ff060f
FB		 1900 ide_clear_hob(ide_if);
1901 ide_if[0].hob_lcyl = ide_if[0].lcyl;
1902 ide_if[1].hob_lcyl = ide_if[1].lcyl;
c45c3d00
FB		 1903 ide_if[0].lcyl = val;
1904 ide_if[1].lcyl = val;
5391d806
FB		 1905 break;
1906 case 5:
c2ff060f
FB		 1907 ide_clear_hob(ide_if);
1908 ide_if[0].hob_hcyl = ide_if[0].hcyl;
1909 ide_if[1].hob_hcyl = ide_if[1].hcyl;
c45c3d00
FB		 1910 ide_if[0].hcyl = val;
1911 ide_if[1].hcyl = val;
5391d806
FB		 1912 break;
1913 case 6:
c2ff060f 1914 /* FIXME: HOB readback uses bit 7 */
7ae98627
FB		 1915 ide_if[0].select = (val & ~0x10) | 0xa0;
1916 ide_if[1].select = (val | 0x10) | 0xa0;
5391d806
FB		 1917 /* select drive */
1918 unit = (val >> 4) & 1;
1919 s = ide_if + unit;
1920 ide_if->cur_drive = s;
5391d806
FB		 1921 break;
1922 default:
1923 case 7:
1924 /* command */
1925#if defined(DEBUG_IDE)
1926 printf("ide: CMD=%02x\n", val);
1927#endif
c45c3d00 1928 s = ide_if->cur_drive;
66201e2d 1929 /* ignore commands to non existant slave */
5fafdf24 1930 if (s != ide_if && !s->bs)
66201e2d 1931 break;
c2ff060f 1932
5391d806
FB		 1933 switch(val) {
1934 case WIN_IDENTIFY:
1935 if (s->bs && !s->is_cdrom) {
201a51fc
AZ		 1936 if (!s->is_cf)
1937 ide_identify(s);
1938 else
1939 ide_cfata_identify(s);
2a282056 1940 s->status = READY_STAT | SEEK_STAT;
5391d806
FB		 1941 ide_transfer_start(s, s->io_buffer, 512, ide_transfer_stop);
1942 } else {
1943 if (s->is_cdrom) {
1944 ide_set_signature(s);
1945 }
1946 ide_abort_command(s);
1947 }
1948 ide_set_irq(s);
1949 break;
1950 case WIN_SPECIFY:
1951 case WIN_RECAL:
a136e5a8 1952 s->error = 0;
769bec72 1953 s->status = READY_STAT | SEEK_STAT;
5391d806
FB		 1954 ide_set_irq(s);
1955 break;
1956 case WIN_SETMULT:
201a51fc
AZ		 1957 if (s->is_cf && s->nsector == 0) {
1958 /* Disable Read and Write Multiple */
1959 s->mult_sectors = 0;
1960 s->status = READY_STAT;
1961 } else if ((s->nsector & 0xff) != 0 &&
39dfc926
TS		 1962 ((s->nsector & 0xff) > MAX_MULT_SECTORS ||
1963 (s->nsector & (s->nsector - 1)) != 0)) {
5391d806
FB		 1964 ide_abort_command(s);
1965 } else {
292eef5a 1966 s->mult_sectors = s->nsector & 0xff;
5391d806
FB		 1967 s->status = READY_STAT;
1968 }
1969 ide_set_irq(s);
1970 break;
c2ff060f
FB		 1971 case WIN_VERIFY_EXT:
1972 lba48 = 1;
4ce900b4
FB		 1973 case WIN_VERIFY:
1974 case WIN_VERIFY_ONCE:
1975 /* do sector number check ? */
c2ff060f 1976 ide_cmd_lba48_transform(s, lba48);
4ce900b4
FB		 1977 s->status = READY_STAT;
1978 ide_set_irq(s);
1979 break;
c2ff060f
FB		 1980 case WIN_READ_EXT:
1981 lba48 = 1;
5391d806
FB		 1982 case WIN_READ:
1983 case WIN_READ_ONCE:
5fafdf24 1984 if (!s->bs)
6b136f9e 1985 goto abort_cmd;
c2ff060f 1986 ide_cmd_lba48_transform(s, lba48);
5391d806
FB		 1987 s->req_nb_sectors = 1;
1988 ide_sector_read(s);
1989 break;
c2ff060f
FB		 1990 case WIN_WRITE_EXT:
1991 lba48 = 1;
5391d806
FB		 1992 case WIN_WRITE:
1993 case WIN_WRITE_ONCE:
201a51fc
AZ		 1994 case CFA_WRITE_SECT_WO_ERASE:
1995 case WIN_WRITE_VERIFY:
c2ff060f 1996 ide_cmd_lba48_transform(s, lba48);
a136e5a8 1997 s->error = 0;
f66723fa 1998 s->status = SEEK_STAT | READY_STAT;
5391d806
FB		 1999 s->req_nb_sectors = 1;
2000 ide_transfer_start(s, s->io_buffer, 512, ide_sector_write);
201a51fc 2001 s->media_changed = 1;
5391d806 2002 break;
c2ff060f
FB		 2003 case WIN_MULTREAD_EXT:
2004 lba48 = 1;
5391d806
FB		 2005 case WIN_MULTREAD:
2006 if (!s->mult_sectors)
2007 goto abort_cmd;
c2ff060f 2008 ide_cmd_lba48_transform(s, lba48);
5391d806
FB		 2009 s->req_nb_sectors = s->mult_sectors;
2010 ide_sector_read(s);
2011 break;
c2ff060f
FB		 2012 case WIN_MULTWRITE_EXT:
2013 lba48 = 1;
5391d806 2014 case WIN_MULTWRITE:
201a51fc 2015 case CFA_WRITE_MULTI_WO_ERASE:
5391d806
FB		 2016 if (!s->mult_sectors)
2017 goto abort_cmd;
c2ff060f 2018 ide_cmd_lba48_transform(s, lba48);
a136e5a8 2019 s->error = 0;
f66723fa 2020 s->status = SEEK_STAT | READY_STAT;
5391d806
FB		 2021 s->req_nb_sectors = s->mult_sectors;
2022 n = s->nsector;
2023 if (n > s->req_nb_sectors)
2024 n = s->req_nb_sectors;
2025 ide_transfer_start(s, s->io_buffer, 512 * n, ide_sector_write);
201a51fc 2026 s->media_changed = 1;
5391d806 2027 break;
c2ff060f
FB		 2028 case WIN_READDMA_EXT:
2029 lba48 = 1;
98087450
FB		 2030 case WIN_READDMA:
2031 case WIN_READDMA_ONCE:
5fafdf24 2032 if (!s->bs)
98087450 2033 goto abort_cmd;
c2ff060f 2034 ide_cmd_lba48_transform(s, lba48);
98087450
FB		 2035 ide_sector_read_dma(s);
2036 break;
c2ff060f
FB		 2037 case WIN_WRITEDMA_EXT:
2038 lba48 = 1;
98087450
FB		 2039 case WIN_WRITEDMA:
2040 case WIN_WRITEDMA_ONCE:
5fafdf24 2041 if (!s->bs)
98087450 2042 goto abort_cmd;
c2ff060f 2043 ide_cmd_lba48_transform(s, lba48);
98087450 2044 ide_sector_write_dma(s);
201a51fc 2045 s->media_changed = 1;
98087450 2046 break;
c2ff060f
FB		 2047 case WIN_READ_NATIVE_MAX_EXT:
2048 lba48 = 1;
5391d806 2049 case WIN_READ_NATIVE_MAX:
c2ff060f 2050 ide_cmd_lba48_transform(s, lba48);
5391d806
FB		 2051 ide_set_sector(s, s->nb_sectors - 1);
2052 s->status = READY_STAT;
2053 ide_set_irq(s);
2054 break;
a136e5a8 2055 case WIN_CHECKPOWERMODE1:
201a51fc 2056 case WIN_CHECKPOWERMODE2:
a136e5a8
FB		 2057 s->nsector = 0xff; /* device active or idle */
2058 s->status = READY_STAT;
2059 ide_set_irq(s);
2060 break;
34e538ae
FB		 2061 case WIN_SETFEATURES:
2062 if (!s->bs)
2063 goto abort_cmd;
2064 /* XXX: valid for CDROM ? */
2065 switch(s->feature) {
e1f63470
TS		 2066 case 0xcc: /* reverting to power-on defaults enable */
2067 case 0x66: /* reverting to power-on defaults disable */
34e538ae
FB		 2068 case 0x02: /* write cache enable */
2069 case 0x82: /* write cache disable */
2070 case 0xaa: /* read look-ahead enable */
2071 case 0x55: /* read look-ahead disable */
201a51fc
AZ		 2072 case 0x05: /* set advanced power management mode */
2073 case 0x85: /* disable advanced power management mode */
2074 case 0x69: /* NOP */
2075 case 0x67: /* NOP */
2076 case 0x96: /* NOP */
2077 case 0x9a: /* NOP */
c3e88d8c
TS		 2078 case 0x42: /* enable Automatic Acoustic Mode */
2079 case 0xc2: /* disable Automatic Acoustic Mode */
e0fe67aa 2080 s->status = READY_STAT | SEEK_STAT;
34e538ae
FB		 2081 ide_set_irq(s);
2082 break;
94458802
FB		 2083 case 0x03: { /* set transfer mode */
2084 uint8_t val = s->nsector & 0x07;
2085
2086 switch (s->nsector >> 3) {
2087 case 0x00: /* pio default */
2088 case 0x01: /* pio mode */
2089 put_le16(s->identify_data + 63,0x07);
2090 put_le16(s->identify_data + 88,0x3f);
2091 break;
2092 case 0x04: /* mdma mode */
2093 put_le16(s->identify_data + 63,0x07 | (1 << (val + 8)));
2094 put_le16(s->identify_data + 88,0x3f);
2095 break;
2096 case 0x08: /* udma mode */
2097 put_le16(s->identify_data + 63,0x07);
2098 put_le16(s->identify_data + 88,0x3f | (1 << (val + 8)));
2099 break;
2100 default:
2101 goto abort_cmd;
2102 }
2103 s->status = READY_STAT | SEEK_STAT;
2104 ide_set_irq(s);
2105 break;
2106 }
34e538ae
FB		 2107 default:
2108 goto abort_cmd;
2109 }
2110 break;
c2ff060f
FB		 2111 case WIN_FLUSH_CACHE:
2112 case WIN_FLUSH_CACHE_EXT:
7a6cba61
PB		 2113 if (s->bs)
2114 bdrv_flush(s->bs);
2115 s->status = READY_STAT;
2116 ide_set_irq(s);
2117 break;
c3e88d8c
TS		 2118 case WIN_STANDBY:
2119 case WIN_STANDBY2:
2120 case WIN_STANDBYNOW1:
201a51fc 2121 case WIN_STANDBYNOW2:
c451ee71 2122 case WIN_IDLEIMMEDIATE:
201a51fc
AZ		 2123 case CFA_IDLEIMMEDIATE:
2124 case WIN_SETIDLE1:
2125 case WIN_SETIDLE2:
c3e88d8c
TS		 2126 case WIN_SLEEPNOW1:
2127 case WIN_SLEEPNOW2:
2128 s->status = READY_STAT;
a7dfe172
FB		 2129 ide_set_irq(s);
2130 break;
5391d806
FB		 2131 /* ATAPI commands */
2132 case WIN_PIDENTIFY:
2133 if (s->is_cdrom) {
2134 ide_atapi_identify(s);
1298fe63 2135 s->status = READY_STAT | SEEK_STAT;
5391d806
FB		 2136 ide_transfer_start(s, s->io_buffer, 512, ide_transfer_stop);
2137 } else {
2138 ide_abort_command(s);
2139 }
2140 ide_set_irq(s);
2141 break;
c451ee71
FB		 2142 case WIN_DIAGNOSE:
2143 ide_set_signature(s);
38453b93 2144 s->status = READY_STAT;
c451ee71 2145 s->error = 0x01;
f5fdd0a8 2146 ide_set_irq(s);
c451ee71 2147 break;
5391d806
FB		 2148 case WIN_SRST:
2149 if (!s->is_cdrom)
2150 goto abort_cmd;
2151 ide_set_signature(s);
6b136f9e 2152 s->status = 0x00; /* NOTE: READY is _not_ set */
5391d806
FB		 2153 s->error = 0x01;
2154 break;
2155 case WIN_PACKETCMD:
2156 if (!s->is_cdrom)
2157 goto abort_cmd;
98087450
FB		 2158 /* overlapping commands not supported */
2159 if (s->feature & 0x02)
5391d806 2160 goto abort_cmd;
7603d156 2161 s->status = READY_STAT;
98087450 2162 s->atapi_dma = s->feature & 1;
5391d806 2163 s->nsector = 1;
5fafdf24 2164 ide_transfer_start(s, s->io_buffer, ATAPI_PACKET_SIZE,
5391d806
FB		 2165 ide_atapi_cmd);
2166 break;
201a51fc
AZ		 2167 /* CF-ATA commands */
2168 case CFA_REQ_EXT_ERROR_CODE:
2169 if (!s->is_cf)
2170 goto abort_cmd;
2171 s->error = 0x09; /* miscellaneous error */
2172 s->status = READY_STAT;
2173 ide_set_irq(s);
2174 break;
2175 case CFA_ERASE_SECTORS:
2176 case CFA_WEAR_LEVEL:
2177 if (!s->is_cf)
2178 goto abort_cmd;
2179 if (val == CFA_WEAR_LEVEL)
2180 s->nsector = 0;
2181 if (val == CFA_ERASE_SECTORS)
2182 s->media_changed = 1;
2183 s->error = 0x00;
2184 s->status = READY_STAT;
2185 ide_set_irq(s);
2186 break;
2187 case CFA_TRANSLATE_SECTOR:
2188 if (!s->is_cf)
2189 goto abort_cmd;
2190 s->error = 0x00;
2191 s->status = READY_STAT;
2192 memset(s->io_buffer, 0, 0x200);
2193 s->io_buffer[0x00] = s->hcyl; /* Cyl MSB */
2194 s->io_buffer[0x01] = s->lcyl; /* Cyl LSB */
2195 s->io_buffer[0x02] = s->select; /* Head */
2196 s->io_buffer[0x03] = s->sector; /* Sector */
2197 s->io_buffer[0x04] = ide_get_sector(s) >> 16; /* LBA MSB */
2198 s->io_buffer[0x05] = ide_get_sector(s) >> 8; /* LBA */
2199 s->io_buffer[0x06] = ide_get_sector(s) >> 0; /* LBA LSB */
2200 s->io_buffer[0x13] = 0x00; /* Erase flag */
2201 s->io_buffer[0x18] = 0x00; /* Hot count */
2202 s->io_buffer[0x19] = 0x00; /* Hot count */
2203 s->io_buffer[0x1a] = 0x01; /* Hot count */
2204 ide_transfer_start(s, s->io_buffer, 0x200, ide_transfer_stop);
2205 ide_set_irq(s);
2206 break;
2207 case CFA_ACCESS_METADATA_STORAGE:
2208 if (!s->is_cf)
2209 goto abort_cmd;
2210 switch (s->feature) {
2211 case 0x02: /* Inquiry Metadata Storage */
2212 ide_cfata_metadata_inquiry(s);
2213 break;
2214 case 0x03: /* Read Metadata Storage */
2215 ide_cfata_metadata_read(s);
2216 break;
2217 case 0x04: /* Write Metadata Storage */
2218 ide_cfata_metadata_write(s);
2219 break;
2220 default:
2221 goto abort_cmd;
2222 }
2223 ide_transfer_start(s, s->io_buffer, 0x200, ide_transfer_stop);
2224 s->status = 0x00; /* NOTE: READY is _not_ set */
2225 ide_set_irq(s);
2226 break;
2227 case IBM_SENSE_CONDITION:
2228 if (!s->is_cf)
2229 goto abort_cmd;
2230 switch (s->feature) {
2231 case 0x01: /* sense temperature in device */
2232 s->nsector = 0x50; /* +20 C */
2233 break;
2234 default:
2235 goto abort_cmd;
2236 }
2237 s->status = READY_STAT;
2238 ide_set_irq(s);
2239 break;
5391d806
FB		 2240 default:
2241 abort_cmd:
2242 ide_abort_command(s);
2243 ide_set_irq(s);
2244 break;
2245 }
2246 }
2247}
2248
caed8802 2249static uint32_t ide_ioport_read(void *opaque, uint32_t addr1)
5391d806 2250{
7ae98627
FB		 2251 IDEState *ide_if = opaque;
2252 IDEState *s = ide_if->cur_drive;
5391d806 2253 uint32_t addr;
c2ff060f 2254 int ret, hob;
5391d806
FB		 2255
2256 addr = addr1 & 7;
c2ff060f
FB		 2257 /* FIXME: HOB readback uses bit 7, but it's always set right now */
2258 //hob = s->select & (1 << 7);
2259 hob = 0;
5391d806
FB		 2260 switch(addr) {
2261 case 0:
2262 ret = 0xff;
2263 break;
2264 case 1:
7ae98627 2265 if (!ide_if[0].bs && !ide_if[1].bs)
c45c3d00 2266 ret = 0;
c2ff060f 2267 else if (!hob)
c45c3d00 2268 ret = s->error;
c2ff060f
FB		 2269 else
2270 ret = s->hob_feature;
5391d806
FB		 2271 break;
2272 case 2:
7ae98627 2273 if (!ide_if[0].bs && !ide_if[1].bs)
c45c3d00 2274 ret = 0;
c2ff060f 2275 else if (!hob)
c45c3d00 2276 ret = s->nsector & 0xff;
c2ff060f
FB		 2277 else
2278 ret = s->hob_nsector;
5391d806
FB		 2279 break;
2280 case 3:
7ae98627 2281 if (!ide_if[0].bs && !ide_if[1].bs)
c45c3d00 2282 ret = 0;
c2ff060f 2283 else if (!hob)
c45c3d00 2284 ret = s->sector;
c2ff060f
FB		 2285 else
2286 ret = s->hob_sector;
5391d806
FB		 2287 break;
2288 case 4:
7ae98627 2289 if (!ide_if[0].bs && !ide_if[1].bs)
c45c3d00 2290 ret = 0;
c2ff060f 2291 else if (!hob)
c45c3d00 2292 ret = s->lcyl;
c2ff060f
FB		 2293 else
2294 ret = s->hob_lcyl;
5391d806
FB		 2295 break;
2296 case 5:
7ae98627 2297 if (!ide_if[0].bs && !ide_if[1].bs)
c45c3d00 2298 ret = 0;
c2ff060f 2299 else if (!hob)
c45c3d00 2300 ret = s->hcyl;
c2ff060f
FB		 2301 else
2302 ret = s->hob_hcyl;
5391d806
FB		 2303 break;
2304 case 6:
7ae98627 2305 if (!ide_if[0].bs && !ide_if[1].bs)
c45c3d00
FB		 2306 ret = 0;
2307 else
7ae98627 2308 ret = s->select;
5391d806
FB		 2309 break;
2310 default:
2311 case 7:
66201e2d
FB		 2312 if ((!ide_if[0].bs && !ide_if[1].bs) ||
2313 (s != ide_if && !s->bs))
c45c3d00
FB		 2314 ret = 0;
2315 else
2316 ret = s->status;
d537cf6c 2317 qemu_irq_lower(s->irq);
5391d806
FB		 2318 break;
2319 }
2320#ifdef DEBUG_IDE
2321 printf("ide: read addr=0x%x val=%02x\n", addr1, ret);
2322#endif
2323 return ret;
2324}
2325
caed8802 2326static uint32_t ide_status_read(void *opaque, uint32_t addr)
5391d806 2327{
7ae98627
FB		 2328 IDEState *ide_if = opaque;
2329 IDEState *s = ide_if->cur_drive;
5391d806 2330 int ret;
7ae98627 2331
66201e2d
FB		 2332 if ((!ide_if[0].bs && !ide_if[1].bs) ||
2333 (s != ide_if && !s->bs))
7ae98627
FB		 2334 ret = 0;
2335 else
2336 ret = s->status;
5391d806
FB		 2337#ifdef DEBUG_IDE
2338 printf("ide: read status addr=0x%x val=%02x\n", addr, ret);
2339#endif
2340 return ret;
2341}
2342
caed8802 2343static void ide_cmd_write(void *opaque, uint32_t addr, uint32_t val)
5391d806 2344{
caed8802 2345 IDEState *ide_if = opaque;
5391d806
FB		 2346 IDEState *s;
2347 int i;
2348
2349#ifdef DEBUG_IDE
2350 printf("ide: write control addr=0x%x val=%02x\n", addr, val);
2351#endif
2352 /* common for both drives */
2353 if (!(ide_if[0].cmd & IDE_CMD_RESET) &&
2354 (val & IDE_CMD_RESET)) {
2355 /* reset low to high */
2356 for(i = 0;i < 2; i++) {
2357 s = &ide_if[i];
2358 s->status = BUSY_STAT | SEEK_STAT;
2359 s->error = 0x01;
2360 }
2361 } else if ((ide_if[0].cmd & IDE_CMD_RESET) &&
2362 !(val & IDE_CMD_RESET)) {
2363 /* high to low */
2364 for(i = 0;i < 2; i++) {
2365 s = &ide_if[i];
6b136f9e
FB		 2366 if (s->is_cdrom)
2367 s->status = 0x00; /* NOTE: READY is _not_ set */
2368 else
56bf1d37 2369 s->status = READY_STAT | SEEK_STAT;
5391d806
FB		 2370 ide_set_signature(s);
2371 }
2372 }
2373
2374 ide_if[0].cmd = val;
2375 ide_if[1].cmd = val;
2376}
2377
caed8802 2378static void ide_data_writew(void *opaque, uint32_t addr, uint32_t val)
5391d806 2379{
caed8802 2380 IDEState *s = ((IDEState *)opaque)->cur_drive;
5391d806
FB		 2381 uint8_t *p;
2382
2383 p = s->data_ptr;
0c4ad8dc 2384 *(uint16_t *)p = le16_to_cpu(val);
5391d806
FB		 2385 p += 2;
2386 s->data_ptr = p;
2387 if (p >= s->data_end)
2388 s->end_transfer_func(s);
2389}
2390
caed8802 2391static uint32_t ide_data_readw(void *opaque, uint32_t addr)
5391d806 2392{
caed8802 2393 IDEState *s = ((IDEState *)opaque)->cur_drive;
5391d806
FB		 2394 uint8_t *p;
2395 int ret;
2396 p = s->data_ptr;
0c4ad8dc 2397 ret = cpu_to_le16(*(uint16_t *)p);
5391d806
FB		 2398 p += 2;
2399 s->data_ptr = p;
2400 if (p >= s->data_end)
2401 s->end_transfer_func(s);
2402 return ret;
2403}
2404
caed8802 2405static void ide_data_writel(void *opaque, uint32_t addr, uint32_t val)
5391d806 2406{
caed8802 2407 IDEState *s = ((IDEState *)opaque)->cur_drive;
5391d806
FB		 2408 uint8_t *p;
2409
2410 p = s->data_ptr;
0c4ad8dc 2411 *(uint32_t *)p = le32_to_cpu(val);
5391d806
FB		 2412 p += 4;
2413 s->data_ptr = p;
2414 if (p >= s->data_end)
2415 s->end_transfer_func(s);
2416}
2417
caed8802 2418static uint32_t ide_data_readl(void *opaque, uint32_t addr)
5391d806 2419{
caed8802 2420 IDEState *s = ((IDEState *)opaque)->cur_drive;
5391d806
FB		 2421 uint8_t *p;
2422 int ret;
3b46e624 2423
5391d806 2424 p = s->data_ptr;
0c4ad8dc 2425 ret = cpu_to_le32(*(uint32_t *)p);
5391d806
FB		 2426 p += 4;
2427 s->data_ptr = p;
2428 if (p >= s->data_end)
2429 s->end_transfer_func(s);
2430 return ret;
2431}
2432
a7dfe172
FB		 2433static void ide_dummy_transfer_stop(IDEState *s)
2434{
2435 s->data_ptr = s->io_buffer;
2436 s->data_end = s->io_buffer;
2437 s->io_buffer[0] = 0xff;
2438 s->io_buffer[1] = 0xff;
2439 s->io_buffer[2] = 0xff;
2440 s->io_buffer[3] = 0xff;
2441}
2442
5391d806
FB		 2443static void ide_reset(IDEState *s)
2444{
201a51fc
AZ		 2445 if (s->is_cf)
2446 s->mult_sectors = 0;
2447 else
2448 s->mult_sectors = MAX_MULT_SECTORS;
5391d806
FB		 2449 s->cur_drive = s;
2450 s->select = 0xa0;
2451 s->status = READY_STAT;
2452 ide_set_signature(s);
a7dfe172
FB		 2453 /* init the transfer handler so that 0xffff is returned on data
2454 accesses */
2455 s->end_transfer_func = ide_dummy_transfer_stop;
2456 ide_dummy_transfer_stop(s);
201a51fc 2457 s->media_changed = 0;
5391d806
FB		 2458}
2459
2460struct partition {
2461 uint8_t boot_ind; /* 0x80 - active */
2462 uint8_t head; /* starting head */
2463 uint8_t sector; /* starting sector */
2464 uint8_t cyl; /* starting cylinder */
2465 uint8_t sys_ind; /* What partition type */
2466 uint8_t end_head; /* end head */
2467 uint8_t end_sector; /* end sector */
2468 uint8_t end_cyl; /* end cylinder */
2469 uint32_t start_sect; /* starting sector counting from 0 */
2470 uint32_t nr_sects; /* nr of sectors in partition */
2471} __attribute__((packed));
2472
bf1b938f 2473/* try to guess the disk logical geometry from the MSDOS partition table. Return 0 if OK, -1 if could not guess */
5fafdf24 2474static int guess_disk_lchs(IDEState *s,
bf1b938f 2475 int *pcylinders, int *pheads, int *psectors)
5391d806 2476{
c717d8bf 2477 uint8_t *buf = s->io_buffer;
46d4767d 2478 int ret, i, heads, sectors, cylinders;
5391d806
FB		 2479 struct partition *p;
2480 uint32_t nr_sects;
2481
5391d806 2482 ret = bdrv_read(s->bs, 0, buf, 1);
33f00271 2483 if (ret < 0) {
bf1b938f 2484 return -1;
33f00271 2485 }
5391d806 2486 /* test msdos magic */
33f00271 2487 if (buf[510] != 0x55 || buf[511] != 0xaa) {
bf1b938f 2488 return -1;
33f00271 2489 }
5391d806
FB		 2490 for(i = 0; i < 4; i++) {
2491 p = ((struct partition *)(buf + 0x1be)) + i;
0c4ad8dc 2492 nr_sects = le32_to_cpu(p->nr_sects);
5391d806
FB		 2493 if (nr_sects && p->end_head) {
2494 /* We make the assumption that the partition terminates on
2495 a cylinder boundary */
46d4767d 2496 heads = p->end_head + 1;
46d4767d
FB		 2497 sectors = p->end_sector & 63;
2498 if (sectors == 0)
2499 continue;
2500 cylinders = s->nb_sectors / (heads * sectors);
2501 if (cylinders < 1 || cylinders > 16383)
2502 continue;
bf1b938f
FB		 2503 *pheads = heads;
2504 *psectors = sectors;
2505 *pcylinders = cylinders;
5391d806 2506#if 0
5fafdf24 2507 printf("guessed geometry: LCHS=%d %d %d\n",
bf1b938f 2508 cylinders, heads, sectors);
5391d806 2509#endif
bf1b938f 2510 return 0;
5391d806
FB		 2511 }
2512 }
bf1b938f 2513 return -1;
5391d806
FB		 2514}
2515
5457c8ce
FB		 2516static void ide_init2(IDEState *ide_state,
2517 BlockDriverState *hd0, BlockDriverState *hd1,
d537cf6c 2518 qemu_irq irq)
5391d806 2519{
69b91039 2520 IDEState *s;
aedf5382 2521 static int drive_serial = 1;
4dbb0f50 2522 int i, cylinders, heads, secs, translation, lba_detected = 0;
96b8f136 2523 uint64_t nb_sectors;
5391d806 2524
caed8802
FB		 2525 for(i = 0; i < 2; i++) {
2526 s = ide_state + i;
33f00271 2527 s->io_buffer = qemu_memalign(512, MAX_MULT_SECTORS*512 + 4);
caed8802
FB		 2528 if (i == 0)
2529 s->bs = hd0;
2530 else
2531 s->bs = hd1;
5391d806
FB		 2532 if (s->bs) {
2533 bdrv_get_geometry(s->bs, &nb_sectors);
2534 s->nb_sectors = nb_sectors;
caed8802
FB		 2535 /* if a geometry hint is available, use it */
2536 bdrv_get_geometry_hint(s->bs, &cylinders, &heads, &secs);
4dbb0f50 2537 translation = bdrv_get_translation_hint(s->bs);
caed8802 2538 if (cylinders != 0) {
5391d806 2539 s->cylinders = cylinders;
caed8802
FB		 2540 s->heads = heads;
2541 s->sectors = secs;
2542 } else {
bf1b938f
FB		 2543 if (guess_disk_lchs(s, &cylinders, &heads, &secs) == 0) {
2544 if (heads > 16) {
2545 /* if heads > 16, it means that a BIOS LBA
2546 translation was active, so the default
2547 hardware geometry is OK */
4dbb0f50 2548 lba_detected = 1;
bf1b938f
FB		 2549 goto default_geometry;
2550 } else {
2551 s->cylinders = cylinders;
2552 s->heads = heads;
2553 s->sectors = secs;
2554 /* disable any translation to be in sync with
2555 the logical geometry */
bf1b938f
FB		 2556 if (translation == BIOS_ATA_TRANSLATION_AUTO) {
2557 bdrv_set_translation_hint(s->bs,
2558 BIOS_ATA_TRANSLATION_NONE);
2559 }
2560 }
2561 } else {
2562 default_geometry:
46d4767d 2563 /* if no geometry, use a standard physical disk geometry */
caed8802
FB		 2564 cylinders = nb_sectors / (16 * 63);
2565 if (cylinders > 16383)
2566 cylinders = 16383;
2567 else if (cylinders < 2)
2568 cylinders = 2;
2569 s->cylinders = cylinders;
2570 s->heads = 16;
2571 s->sectors = 63;
4dbb0f50
TS		 2572 if ((lba_detected == 1) && (translation == BIOS_ATA_TRANSLATION_AUTO)) {
2573 if ((s->cylinders * s->heads) <= 131072) {
2574 bdrv_set_translation_hint(s->bs,
2575 BIOS_ATA_TRANSLATION_LARGE);
2576 } else {
2577 bdrv_set_translation_hint(s->bs,
2578 BIOS_ATA_TRANSLATION_LBA);
2579 }
2580 }
caed8802 2581 }
769bec72 2582 bdrv_set_geometry_hint(s->bs, s->cylinders, s->heads, s->sectors);
caed8802
FB		 2583 }
2584 if (bdrv_get_type_hint(s->bs) == BDRV_TYPE_CDROM) {
2585 s->is_cdrom = 1;
bd491d6a 2586 bdrv_set_change_cb(s->bs, cdrom_change_cb, s);
5391d806
FB		 2587 }
2588 }
aedf5382 2589 s->drive_serial = drive_serial++;
caed8802 2590 s->irq = irq;
5fafdf24 2591 s->sector_write_timer = qemu_new_timer(vm_clock,
a09db21f 2592 ide_sector_write_timer_cb, s);
5391d806
FB		 2593 ide_reset(s);
2594 }
69b91039
FB		 2595}
2596
34e538ae 2597static void ide_init_ioport(IDEState *ide_state, int iobase, int iobase2)
69b91039 2598{
caed8802
FB		 2599 register_ioport_write(iobase, 8, 1, ide_ioport_write, ide_state);
2600 register_ioport_read(iobase, 8, 1, ide_ioport_read, ide_state);
2601 if (iobase2) {
2602 register_ioport_read(iobase2, 1, 1, ide_status_read, ide_state);
2603 register_ioport_write(iobase2, 1, 1, ide_cmd_write, ide_state);
5391d806 2604 }
3b46e624 2605
caed8802
FB		 2606 /* data ports */
2607 register_ioport_write(iobase, 2, 2, ide_data_writew, ide_state);
2608 register_ioport_read(iobase, 2, 2, ide_data_readw, ide_state);
2609 register_ioport_write(iobase, 4, 4, ide_data_writel, ide_state);
2610 register_ioport_read(iobase, 4, 4, ide_data_readl, ide_state);
5391d806 2611}
69b91039 2612
aa941b94
AZ		 2613/* save per IDE drive data */
2614static void ide_save(QEMUFile* f, IDEState *s)
2615{
bee8d684
TS		 2616 qemu_put_be32(f, s->mult_sectors);
2617 qemu_put_be32(f, s->identify_set);
aa941b94
AZ		 2618 if (s->identify_set) {
2619 qemu_put_buffer(f, (const uint8_t *)s->identify_data, 512);
2620 }
2621 qemu_put_8s(f, &s->feature);
2622 qemu_put_8s(f, &s->error);
2623 qemu_put_be32s(f, &s->nsector);
2624 qemu_put_8s(f, &s->sector);
2625 qemu_put_8s(f, &s->lcyl);
2626 qemu_put_8s(f, &s->hcyl);
2627 qemu_put_8s(f, &s->hob_feature);
2628 qemu_put_8s(f, &s->hob_nsector);
2629 qemu_put_8s(f, &s->hob_sector);
2630 qemu_put_8s(f, &s->hob_lcyl);
2631 qemu_put_8s(f, &s->hob_hcyl);
2632 qemu_put_8s(f, &s->select);
2633 qemu_put_8s(f, &s->status);
2634 qemu_put_8s(f, &s->lba48);
2635
2636 qemu_put_8s(f, &s->sense_key);
2637 qemu_put_8s(f, &s->asc);
2638 /* XXX: if a transfer is pending, we do not save it yet */
2639}
2640
2641/* load per IDE drive data */
2642static void ide_load(QEMUFile* f, IDEState *s)
2643{
bee8d684
TS		 2644 s->mult_sectors=qemu_get_be32(f);
2645 s->identify_set=qemu_get_be32(f);
aa941b94
AZ		 2646 if (s->identify_set) {
2647 qemu_get_buffer(f, (uint8_t *)s->identify_data, 512);
2648 }
2649 qemu_get_8s(f, &s->feature);
2650 qemu_get_8s(f, &s->error);
2651 qemu_get_be32s(f, &s->nsector);
2652 qemu_get_8s(f, &s->sector);
2653 qemu_get_8s(f, &s->lcyl);
2654 qemu_get_8s(f, &s->hcyl);
2655 qemu_get_8s(f, &s->hob_feature);
2656 qemu_get_8s(f, &s->hob_nsector);
2657 qemu_get_8s(f, &s->hob_sector);
2658 qemu_get_8s(f, &s->hob_lcyl);
2659 qemu_get_8s(f, &s->hob_hcyl);
2660 qemu_get_8s(f, &s->select);
2661 qemu_get_8s(f, &s->status);
2662 qemu_get_8s(f, &s->lba48);
2663
2664 qemu_get_8s(f, &s->sense_key);
2665 qemu_get_8s(f, &s->asc);
2666 /* XXX: if a transfer is pending, we do not save it yet */
2667}
2668
34e538ae
FB		 2669/***********************************************************/
2670/* ISA IDE definitions */
2671
d537cf6c 2672void isa_ide_init(int iobase, int iobase2, qemu_irq irq,
34e538ae
FB		 2673 BlockDriverState *hd0, BlockDriverState *hd1)
2674{
2675 IDEState *ide_state;
2676
2677 ide_state = qemu_mallocz(sizeof(IDEState) * 2);
2678 if (!ide_state)
2679 return;
3b46e624 2680
d537cf6c 2681 ide_init2(ide_state, hd0, hd1, irq);
34e538ae
FB		 2682 ide_init_ioport(ide_state, iobase, iobase2);
2683}
2684
69b91039
FB		 2685/***********************************************************/
2686/* PCI IDE definitions */
2687
5457c8ce
FB		 2688static void cmd646_update_irq(PCIIDEState *d);
2689
5fafdf24 2690static void ide_map(PCIDevice *pci_dev, int region_num,
69b91039
FB		 2691 uint32_t addr, uint32_t size, int type)
2692{
2693 PCIIDEState *d = (PCIIDEState *)pci_dev;
2694 IDEState *ide_state;
2695
2696 if (region_num <= 3) {
2697 ide_state = &d->ide_if[(region_num >> 1) * 2];
2698 if (region_num & 1) {
2699 register_ioport_read(addr + 2, 1, 1, ide_status_read, ide_state);
2700 register_ioport_write(addr + 2, 1, 1, ide_cmd_write, ide_state);
2701 } else {
2702 register_ioport_write(addr, 8, 1, ide_ioport_write, ide_state);
2703 register_ioport_read(addr, 8, 1, ide_ioport_read, ide_state);
2704
2705 /* data ports */
2706 register_ioport_write(addr, 2, 2, ide_data_writew, ide_state);
2707 register_ioport_read(addr, 2, 2, ide_data_readw, ide_state);
2708 register_ioport_write(addr, 4, 4, ide_data_writel, ide_state);
2709 register_ioport_read(addr, 4, 4, ide_data_readl, ide_state);
2710 }
2711 }
2712}
2713
8ccad811 2714static void ide_dma_start(IDEState *s, BlockDriverCompletionFunc *dma_cb)
98087450
FB		 2715{
2716 BMDMAState *bm = s->bmdma;
2717 if(!bm)
2718 return;
2719 bm->ide_if = s;
2720 bm->dma_cb = dma_cb;
8ccad811
FB		 2721 bm->cur_prd_last = 0;
2722 bm->cur_prd_addr = 0;
2723 bm->cur_prd_len = 0;
98087450 2724 if (bm->status & BM_STATUS_DMAING) {
8ccad811 2725 bm->dma_cb(bm, 0);
98087450
FB		 2726 }
2727}
2728
98087450
FB		 2729static void bmdma_cmd_writeb(void *opaque, uint32_t addr, uint32_t val)
2730{
2731 BMDMAState *bm = opaque;
2732#ifdef DEBUG_IDE
2733 printf("%s: 0x%08x\n", __func__, val);
2734#endif
2735 if (!(val & BM_CMD_START)) {
2736 /* XXX: do it better */
8ccad811
FB		 2737 if (bm->status & BM_STATUS_DMAING) {
2738 bm->status &= ~BM_STATUS_DMAING;
2739 /* cancel DMA request */
2740 bm->ide_if = NULL;
2741 bm->dma_cb = NULL;
2742 if (bm->aiocb) {
2743#ifdef DEBUG_AIO
2744 printf("aio_cancel\n");
2745#endif
2746 bdrv_aio_cancel(bm->aiocb);
2747 bm->aiocb = NULL;
2748 }
2749 }
98087450
FB		 2750 bm->cmd = val & 0x09;
2751 } else {
8ccad811
FB		 2752 if (!(bm->status & BM_STATUS_DMAING)) {
2753 bm->status |= BM_STATUS_DMAING;
2754 /* start dma transfer if possible */
2755 if (bm->dma_cb)
2756 bm->dma_cb(bm, 0);
2757 }
98087450 2758 bm->cmd = val & 0x09;
98087450
FB		 2759 }
2760}
2761
5457c8ce 2762static uint32_t bmdma_readb(void *opaque, uint32_t addr)
98087450
FB		 2763{
2764 BMDMAState *bm = opaque;
5457c8ce 2765 PCIIDEState *pci_dev;
98087450 2766 uint32_t val;
3b46e624 2767
5457c8ce 2768 switch(addr & 3) {
5fafdf24 2769 case 0:
5457c8ce
FB		 2770 val = bm->cmd;
2771 break;
2772 case 1:
2773 pci_dev = bm->pci_dev;
2774 if (pci_dev->type == IDE_TYPE_CMD646) {
2775 val = pci_dev->dev.config[MRDMODE];
2776 } else {
2777 val = 0xff;
2778 }
2779 break;
2780 case 2:
2781 val = bm->status;
2782 break;
2783 case 3:
2784 pci_dev = bm->pci_dev;
2785 if (pci_dev->type == IDE_TYPE_CMD646) {
2786 if (bm == &pci_dev->bmdma[0])
2787 val = pci_dev->dev.config[UDIDETCR0];
2788 else
2789 val = pci_dev->dev.config[UDIDETCR1];
2790 } else {
2791 val = 0xff;
2792 }
2793 break;
2794 default:
2795 val = 0xff;
2796 break;
2797 }
98087450 2798#ifdef DEBUG_IDE
5457c8ce 2799 printf("bmdma: readb 0x%02x : 0x%02x\n", addr, val);
98087450
FB		 2800#endif
2801 return val;
2802}
2803
5457c8ce 2804static void bmdma_writeb(void *opaque, uint32_t addr, uint32_t val)
98087450
FB		 2805{
2806 BMDMAState *bm = opaque;
5457c8ce 2807 PCIIDEState *pci_dev;
98087450 2808#ifdef DEBUG_IDE
5457c8ce 2809 printf("bmdma: writeb 0x%02x : 0x%02x\n", addr, val);
98087450 2810#endif
5457c8ce
FB		 2811 switch(addr & 3) {
2812 case 1:
2813 pci_dev = bm->pci_dev;
2814 if (pci_dev->type == IDE_TYPE_CMD646) {
5fafdf24 2815 pci_dev->dev.config[MRDMODE] =
5457c8ce
FB		 2816 (pci_dev->dev.config[MRDMODE] & ~0x30) | (val & 0x30);
2817 cmd646_update_irq(pci_dev);
2818 }
2819 break;
2820 case 2:
2821 bm->status = (val & 0x60) | (bm->status & 1) | (bm->status & ~val & 0x06);
2822 break;
2823 case 3:
2824 pci_dev = bm->pci_dev;
2825 if (pci_dev->type == IDE_TYPE_CMD646) {
2826 if (bm == &pci_dev->bmdma[0])
2827 pci_dev->dev.config[UDIDETCR0] = val;
2828 else
2829 pci_dev->dev.config[UDIDETCR1] = val;
2830 }
2831 break;
2832 }
98087450
FB		 2833}
2834
2835static uint32_t bmdma_addr_readl(void *opaque, uint32_t addr)
2836{
2837 BMDMAState *bm = opaque;
2838 uint32_t val;
2839 val = bm->addr;
2840#ifdef DEBUG_IDE
2841 printf("%s: 0x%08x\n", __func__, val);
2842#endif
2843 return val;
2844}
2845
2846static void bmdma_addr_writel(void *opaque, uint32_t addr, uint32_t val)
2847{
2848 BMDMAState *bm = opaque;
2849#ifdef DEBUG_IDE
2850 printf("%s: 0x%08x\n", __func__, val);
2851#endif
2852 bm->addr = val & ~3;
30c4bbac 2853 bm->cur_addr = bm->addr;
98087450
FB		 2854}
2855
5fafdf24 2856static void bmdma_map(PCIDevice *pci_dev, int region_num,
98087450
FB		 2857 uint32_t addr, uint32_t size, int type)
2858{
2859 PCIIDEState *d = (PCIIDEState *)pci_dev;
2860 int i;
2861
2862 for(i = 0;i < 2; i++) {
2863 BMDMAState *bm = &d->bmdma[i];
2864 d->ide_if[2 * i].bmdma = bm;
2865 d->ide_if[2 * i + 1].bmdma = bm;
5457c8ce
FB		 2866 bm->pci_dev = (PCIIDEState *)pci_dev;
2867
98087450 2868 register_ioport_write(addr, 1, 1, bmdma_cmd_writeb, bm);
98087450 2869
5457c8ce
FB		 2870 register_ioport_write(addr + 1, 3, 1, bmdma_writeb, bm);
2871 register_ioport_read(addr, 4, 1, bmdma_readb, bm);
98087450
FB		 2872
2873 register_ioport_write(addr + 4, 4, 4, bmdma_addr_writel, bm);
2874 register_ioport_read(addr + 4, 4, 4, bmdma_addr_readl, bm);
2875 addr += 8;
2876 }
2877}
2878
5457c8ce
FB		 2879/* XXX: call it also when the MRDMODE is changed from the PCI config
2880 registers */
2881static void cmd646_update_irq(PCIIDEState *d)
2882{
2883 int pci_level;
2884 pci_level = ((d->dev.config[MRDMODE] & MRDMODE_INTR_CH0) &&
2885 !(d->dev.config[MRDMODE] & MRDMODE_BLK_CH0)) ||
2886 ((d->dev.config[MRDMODE] & MRDMODE_INTR_CH1) &&
2887 !(d->dev.config[MRDMODE] & MRDMODE_BLK_CH1));
d537cf6c 2888 qemu_set_irq(d->dev.irq[0], pci_level);
5457c8ce
FB		 2889}
2890
2891/* the PCI irq level is the logical OR of the two channels */
2892static void cmd646_set_irq(void *opaque, int channel, int level)
2893{
2894 PCIIDEState *d = opaque;
2895 int irq_mask;
2896
2897 irq_mask = MRDMODE_INTR_CH0 << channel;
2898 if (level)
2899 d->dev.config[MRDMODE] |= irq_mask;
2900 else
2901 d->dev.config[MRDMODE] &= ~irq_mask;
2902 cmd646_update_irq(d);
2903}
2904
2905/* CMD646 PCI IDE controller */
2906void pci_cmd646_ide_init(PCIBus *bus, BlockDriverState **hd_table,
2907 int secondary_ide_enabled)
69b91039
FB		 2908{
2909 PCIIDEState *d;
2910 uint8_t *pci_conf;
34e538ae 2911 int i;
d537cf6c 2912 qemu_irq *irq;
34e538ae 2913
5fafdf24 2914 d = (PCIIDEState *)pci_register_device(bus, "CMD646 IDE",
5457c8ce 2915 sizeof(PCIIDEState),
5fafdf24 2916 -1,
73c11f63 2917 NULL, NULL);
5457c8ce 2918 d->type = IDE_TYPE_CMD646;
69b91039 2919 pci_conf = d->dev.config;
5457c8ce
FB		 2920 pci_conf[0x00] = 0x95; // CMD646
2921 pci_conf[0x01] = 0x10;
2922 pci_conf[0x02] = 0x46;
2923 pci_conf[0x03] = 0x06;
2924
2925 pci_conf[0x08] = 0x07; // IDE controller revision
5fafdf24 2926 pci_conf[0x09] = 0x8f;
5457c8ce 2927
69b91039
FB		 2928 pci_conf[0x0a] = 0x01; // class_sub = PCI_IDE
2929 pci_conf[0x0b] = 0x01; // class_base = PCI_mass_storage
5457c8ce 2930 pci_conf[0x0e] = 0x00; // header_type
3b46e624 2931
5457c8ce
FB		 2932 if (secondary_ide_enabled) {
2933 /* XXX: if not enabled, really disable the seconday IDE controller */
2934 pci_conf[0x51] = 0x80; /* enable IDE1 */
2935 }
69b91039 2936
5fafdf24 2937 pci_register_io_region((PCIDevice *)d, 0, 0x8,
69b91039 2938 PCI_ADDRESS_SPACE_IO, ide_map);
5fafdf24 2939 pci_register_io_region((PCIDevice *)d, 1, 0x4,
69b91039 2940 PCI_ADDRESS_SPACE_IO, ide_map);
5fafdf24 2941 pci_register_io_region((PCIDevice *)d, 2, 0x8,
69b91039 2942 PCI_ADDRESS_SPACE_IO, ide_map);
5fafdf24 2943 pci_register_io_region((PCIDevice *)d, 3, 0x4,
69b91039 2944 PCI_ADDRESS_SPACE_IO, ide_map);
5fafdf24 2945 pci_register_io_region((PCIDevice *)d, 4, 0x10,
98087450 2946 PCI_ADDRESS_SPACE_IO, bmdma_map);
69b91039 2947
34e538ae 2948 pci_conf[0x3d] = 0x01; // interrupt on pin 1
3b46e624 2949
34e538ae
FB		 2950 for(i = 0; i < 4; i++)
2951 d->ide_if[i].pci_dev = (PCIDevice *)d;
d537cf6c
PB		 2952
2953 irq = qemu_allocate_irqs(cmd646_set_irq, d, 2);
2954 ide_init2(&d->ide_if[0], hd_table[0], hd_table[1], irq[0]);
2955 ide_init2(&d->ide_if[2], hd_table[2], hd_table[3], irq[1]);
34e538ae
FB		 2956}
2957
c3d78997
FB		 2958static void pci_ide_save(QEMUFile* f, void *opaque)
2959{
2960 PCIIDEState *d = opaque;
2961 int i;
2962
2963 pci_device_save(&d->dev, f);
2964
2965 for(i = 0; i < 2; i++) {
2966 BMDMAState *bm = &d->bmdma[i];
2967 qemu_put_8s(f, &bm->cmd);
2968 qemu_put_8s(f, &bm->status);
2969 qemu_put_be32s(f, &bm->addr);
2970 /* XXX: if a transfer is pending, we do not save it yet */
2971 }
2972
2973 /* per IDE interface data */
2974 for(i = 0; i < 2; i++) {
2975 IDEState *s = &d->ide_if[i * 2];
2976 uint8_t drive1_selected;
2977 qemu_put_8s(f, &s->cmd);
2978 drive1_selected = (s->cur_drive != s);
2979 qemu_put_8s(f, &drive1_selected);
2980 }
2981
2982 /* per IDE drive data */
2983 for(i = 0; i < 4; i++) {
aa941b94 2984 ide_save(f, &d->ide_if[i]);
c3d78997
FB		 2985 }
2986}
2987
2988static int pci_ide_load(QEMUFile* f, void *opaque, int version_id)
2989{
2990 PCIIDEState *d = opaque;
2991 int ret, i;
2992
2993 if (version_id != 1)
2994 return -EINVAL;
2995 ret = pci_device_load(&d->dev, f);
2996 if (ret < 0)
2997 return ret;
2998
2999 for(i = 0; i < 2; i++) {
3000 BMDMAState *bm = &d->bmdma[i];
3001 qemu_get_8s(f, &bm->cmd);
3002 qemu_get_8s(f, &bm->status);
3003 qemu_get_be32s(f, &bm->addr);
3004 /* XXX: if a transfer is pending, we do not save it yet */
3005 }
3006
3007 /* per IDE interface data */
3008 for(i = 0; i < 2; i++) {
3009 IDEState *s = &d->ide_if[i * 2];
3010 uint8_t drive1_selected;
3011 qemu_get_8s(f, &s->cmd);
3012 qemu_get_8s(f, &drive1_selected);
3013 s->cur_drive = &d->ide_if[i * 2 + (drive1_selected != 0)];
3014 }
3015
3016 /* per IDE drive data */
3017 for(i = 0; i < 4; i++) {
aa941b94 3018 ide_load(f, &d->ide_if[i]);
c3d78997
FB		 3019 }
3020 return 0;
3021}
3022
e6a71ae3
TS		 3023static void piix3_reset(PCIIDEState *d)
3024{
3025 uint8_t *pci_conf = d->dev.config;
3026
3027 pci_conf[0x04] = 0x00;
3028 pci_conf[0x05] = 0x00;
3029 pci_conf[0x06] = 0x80; /* FBC */
3030 pci_conf[0x07] = 0x02; // PCI_status_devsel_medium
3031 pci_conf[0x20] = 0x01; /* BMIBA: 20-23h */
3032}
3033
34e538ae
FB		 3034/* hd_table must contain 4 block drivers */
3035/* NOTE: for the PIIX3, the IRQs and IOports are hardcoded */
d537cf6c
PB		 3036void pci_piix3_ide_init(PCIBus *bus, BlockDriverState **hd_table, int devfn,
3037 qemu_irq *pic)
34e538ae
FB		 3038{
3039 PCIIDEState *d;
3040 uint8_t *pci_conf;
3b46e624 3041
34e538ae 3042 /* register a function 1 of PIIX3 */
5fafdf24 3043 d = (PCIIDEState *)pci_register_device(bus, "PIIX3 IDE",
46e50e9d 3044 sizeof(PCIIDEState),
502a5395 3045 devfn,
34e538ae 3046 NULL, NULL);
5457c8ce
FB		 3047 d->type = IDE_TYPE_PIIX3;
3048
34e538ae
FB		 3049 pci_conf = d->dev.config;
3050 pci_conf[0x00] = 0x86; // Intel
3051 pci_conf[0x01] = 0x80;
3052 pci_conf[0x02] = 0x10;
3053 pci_conf[0x03] = 0x70;
92510b8c 3054 pci_conf[0x09] = 0x80; // legacy ATA mode
34e538ae
FB		 3055 pci_conf[0x0a] = 0x01; // class_sub = PCI_IDE
3056 pci_conf[0x0b] = 0x01; // class_base = PCI_mass_storage
3057 pci_conf[0x0e] = 0x00; // header_type
3058
e6a71ae3
TS		 3059 piix3_reset(d);
3060
5fafdf24 3061 pci_register_io_region((PCIDevice *)d, 4, 0x10,
98087450 3062 PCI_ADDRESS_SPACE_IO, bmdma_map);
34e538ae 3063
d537cf6c
PB		 3064 ide_init2(&d->ide_if[0], hd_table[0], hd_table[1], pic[14]);
3065 ide_init2(&d->ide_if[2], hd_table[2], hd_table[3], pic[15]);
34e538ae
FB		 3066 ide_init_ioport(&d->ide_if[0], 0x1f0, 0x3f6);
3067 ide_init_ioport(&d->ide_if[2], 0x170, 0x376);
c3d78997
FB		 3068
3069 register_savevm("ide", 0, 1, pci_ide_save, pci_ide_load, d);
69b91039 3070}
1ade1de2 3071
afcc3cdf
TS		 3072/* hd_table must contain 4 block drivers */
3073/* NOTE: for the PIIX4, the IRQs and IOports are hardcoded */
3074void pci_piix4_ide_init(PCIBus *bus, BlockDriverState **hd_table, int devfn,
3075 qemu_irq *pic)
3076{
3077 PCIIDEState *d;
3078 uint8_t *pci_conf;
3079
3080 /* register a function 1 of PIIX4 */
3081 d = (PCIIDEState *)pci_register_device(bus, "PIIX4 IDE",
3082 sizeof(PCIIDEState),
3083 devfn,
3084 NULL, NULL);
3085 d->type = IDE_TYPE_PIIX4;
3086
3087 pci_conf = d->dev.config;
3088 pci_conf[0x00] = 0x86; // Intel
3089 pci_conf[0x01] = 0x80;
3090 pci_conf[0x02] = 0x11;
3091 pci_conf[0x03] = 0x71;
3092 pci_conf[0x09] = 0x80; // legacy ATA mode
3093 pci_conf[0x0a] = 0x01; // class_sub = PCI_IDE
3094 pci_conf[0x0b] = 0x01; // class_base = PCI_mass_storage
3095 pci_conf[0x0e] = 0x00; // header_type
3096
3097 piix3_reset(d);
3098
3099 pci_register_io_region((PCIDevice *)d, 4, 0x10,
3100 PCI_ADDRESS_SPACE_IO, bmdma_map);
3101
3102 ide_init2(&d->ide_if[0], hd_table[0], hd_table[1], pic[14]);
3103 ide_init2(&d->ide_if[2], hd_table[2], hd_table[3], pic[15]);
3104 ide_init_ioport(&d->ide_if[0], 0x1f0, 0x3f6);
3105 ide_init_ioport(&d->ide_if[2], 0x170, 0x376);
3106
3107 register_savevm("ide", 0, 1, pci_ide_save, pci_ide_load, d);
3108}
3109
1ade1de2
FB		 3110/***********************************************************/
3111/* MacIO based PowerPC IDE */
3112
3113/* PowerMac IDE memory IO */
3114static void pmac_ide_writeb (void *opaque,
3115 target_phys_addr_t addr, uint32_t val)
3116{
5fafdf24 3117 addr = (addr & 0xFFF) >> 4;
1ade1de2
FB		 3118 switch (addr) {
3119 case 1 ... 7:
3120 ide_ioport_write(opaque, addr, val);
3121 break;
3122 case 8:
3123 case 22:
3124 ide_cmd_write(opaque, 0, val);
3125 break;
3126 default:
3127 break;
3128 }
3129}
3130
3131static uint32_t pmac_ide_readb (void *opaque,target_phys_addr_t addr)
3132{
3133 uint8_t retval;
3134
3135 addr = (addr & 0xFFF) >> 4;
3136 switch (addr) {
3137 case 1 ... 7:
3138 retval = ide_ioport_read(opaque, addr);
3139 break;
3140 case 8:
3141 case 22:
3142 retval = ide_status_read(opaque, 0);
3143 break;
3144 default:
3145 retval = 0xFF;
3146 break;
3147 }
3148 return retval;
3149}
3150
3151static void pmac_ide_writew (void *opaque,
3152 target_phys_addr_t addr, uint32_t val)
3153{
5fafdf24 3154 addr = (addr & 0xFFF) >> 4;
1ade1de2
FB		 3155#ifdef TARGET_WORDS_BIGENDIAN
3156 val = bswap16(val);
3157#endif
3158 if (addr == 0) {
3159 ide_data_writew(opaque, 0, val);
3160 }
3161}
3162
3163static uint32_t pmac_ide_readw (void *opaque,target_phys_addr_t addr)
3164{
3165 uint16_t retval;
3166
5fafdf24 3167 addr = (addr & 0xFFF) >> 4;
1ade1de2
FB		 3168 if (addr == 0) {
3169 retval = ide_data_readw(opaque, 0);
3170 } else {
3171 retval = 0xFFFF;
3172 }
3173#ifdef TARGET_WORDS_BIGENDIAN
3174 retval = bswap16(retval);
3175#endif
3176 return retval;
3177}
3178
3179static void pmac_ide_writel (void *opaque,
3180 target_phys_addr_t addr, uint32_t val)
3181{
5fafdf24 3182 addr = (addr & 0xFFF) >> 4;
1ade1de2
FB		 3183#ifdef TARGET_WORDS_BIGENDIAN
3184 val = bswap32(val);
3185#endif
3186 if (addr == 0) {
3187 ide_data_writel(opaque, 0, val);
3188 }
3189}
3190
3191static uint32_t pmac_ide_readl (void *opaque,target_phys_addr_t addr)
3192{
3193 uint32_t retval;
3194
5fafdf24 3195 addr = (addr & 0xFFF) >> 4;
1ade1de2
FB		 3196 if (addr == 0) {
3197 retval = ide_data_readl(opaque, 0);
3198 } else {
3199 retval = 0xFFFFFFFF;
3200 }
3201#ifdef TARGET_WORDS_BIGENDIAN
3202 retval = bswap32(retval);
3203#endif
3204 return retval;
3205}
3206
3207static CPUWriteMemoryFunc *pmac_ide_write[] = {
3208 pmac_ide_writeb,
3209 pmac_ide_writew,
3210 pmac_ide_writel,
3211};
3212
3213static CPUReadMemoryFunc *pmac_ide_read[] = {
3214 pmac_ide_readb,
3215 pmac_ide_readw,
3216 pmac_ide_readl,
3217};
3218
3219/* hd_table must contain 4 block drivers */
3220/* PowerMac uses memory mapped registers, not I/O. Return the memory
3221 I/O index to access the ide. */
d537cf6c 3222int pmac_ide_init (BlockDriverState **hd_table, qemu_irq irq)
1ade1de2
FB		 3223{
3224 IDEState *ide_if;
3225 int pmac_ide_memory;
3226
3227 ide_if = qemu_mallocz(sizeof(IDEState) * 2);
d537cf6c 3228 ide_init2(&ide_if[0], hd_table[0], hd_table[1], irq);
3b46e624 3229
1ade1de2
FB		 3230 pmac_ide_memory = cpu_register_io_memory(0, pmac_ide_read,
3231 pmac_ide_write, &ide_if[0]);
3232 return pmac_ide_memory;
3233}
201a51fc
AZ		 3234
3235/***********************************************************/
3236/* CF-ATA Microdrive */
3237
3238#define METADATA_SIZE 0x20
3239
3240/* DSCM-1XXXX Microdrive hard disk with CF+ II / PCMCIA interface. */
3241struct md_s {
3242 IDEState ide[2];
3243 struct pcmcia_card_s card;
3244 uint32_t attr_base;
3245 uint32_t io_base;
3246
3247 /* Card state */
3248 uint8_t opt;
3249 uint8_t stat;
3250 uint8_t pins;
3251
3252 uint8_t ctrl;
3253 uint16_t io;
3254 int cycle;
3255};
3256
3257/* Register bitfields */
3258enum md_opt {
3259 OPT_MODE_MMAP = 0,
3260 OPT_MODE_IOMAP16 = 1,
3261 OPT_MODE_IOMAP1 = 2,
3262 OPT_MODE_IOMAP2 = 3,
3263 OPT_MODE = 0x3f,
3264 OPT_LEVIREQ = 0x40,
3265 OPT_SRESET = 0x80,
3266};
3267enum md_cstat {
3268 STAT_INT = 0x02,
3269 STAT_PWRDWN = 0x04,
3270 STAT_XE = 0x10,
3271 STAT_IOIS8 = 0x20,
3272 STAT_SIGCHG = 0x40,
3273 STAT_CHANGED = 0x80,
3274};
3275enum md_pins {
3276 PINS_MRDY = 0x02,
3277 PINS_CRDY = 0x20,
3278};
3279enum md_ctrl {
3280 CTRL_IEN = 0x02,
3281 CTRL_SRST = 0x04,
3282};
3283
3284static inline void md_interrupt_update(struct md_s *s)
3285{
3286 if (!s->card.slot)
3287 return;
3288
3289 qemu_set_irq(s->card.slot->irq,
3290 !(s->stat & STAT_INT) && /* Inverted */
3291 !(s->ctrl & (CTRL_IEN | CTRL_SRST)) &&
3292 !(s->opt & OPT_SRESET));
3293}
3294
3295static void md_set_irq(void *opaque, int irq, int level)
3296{
3297 struct md_s *s = (struct md_s *) opaque;
3298 if (level)
3299 s->stat |= STAT_INT;
3300 else
3301 s->stat &= ~STAT_INT;
3302
3303 md_interrupt_update(s);
3304}
3305
3306static void md_reset(struct md_s *s)
3307{
3308 s->opt = OPT_MODE_MMAP;
3309 s->stat = 0;
3310 s->pins = 0;
3311 s->cycle = 0;
3312 s->ctrl = 0;
3313 ide_reset(s->ide);
3314}
3315
9e315fa9 3316static uint8_t md_attr_read(void *opaque, uint32_t at)
201a51fc
AZ		 3317{
3318 struct md_s *s = (struct md_s *) opaque;
3319 if (at < s->attr_base) {
3320 if (at < s->card.cis_len)
3321 return s->card.cis[at];
3322 else
3323 return 0x00;
3324 }
3325
3326 at -= s->attr_base;
3327
3328 switch (at) {
3329 case 0x00: /* Configuration Option Register */
3330 return s->opt;
3331 case 0x02: /* Card Configuration Status Register */
3332 if (s->ctrl & CTRL_IEN)
3333 return s->stat & ~STAT_INT;
3334 else
3335 return s->stat;
3336 case 0x04: /* Pin Replacement Register */
3337 return (s->pins & PINS_CRDY) | 0x0c;
3338 case 0x06: /* Socket and Copy Register */
3339 return 0x00;
3340#ifdef VERBOSE
3341 default:
3342 printf("%s: Bad attribute space register %02x\n", __FUNCTION__, at);
3343#endif
3344 }
3345
3346 return 0;
3347}
3348
9e315fa9 3349static void md_attr_write(void *opaque, uint32_t at, uint8_t value)
201a51fc
AZ		 3350{
3351 struct md_s *s = (struct md_s *) opaque;
3352 at -= s->attr_base;
3353
3354 switch (at) {
3355 case 0x00: /* Configuration Option Register */
3356 s->opt = value & 0xcf;
3357 if (value & OPT_SRESET)
3358 md_reset(s);
3359 md_interrupt_update(s);
3360 break;
3361 case 0x02: /* Card Configuration Status Register */
3362 if ((s->stat ^ value) & STAT_PWRDWN)
3363 s->pins |= PINS_CRDY;
3364 s->stat &= 0x82;
3365 s->stat |= value & 0x74;
3366 md_interrupt_update(s);
3367 /* Word 170 in Identify Device must be equal to STAT_XE */
3368 break;
3369 case 0x04: /* Pin Replacement Register */
3370 s->pins &= PINS_CRDY;
3371 s->pins |= value & PINS_MRDY;
3372 break;
3373 case 0x06: /* Socket and Copy Register */
3374 break;
3375 default:
3376 printf("%s: Bad attribute space register %02x\n", __FUNCTION__, at);
3377 }
3378}
3379
9e315fa9 3380static uint16_t md_common_read(void *opaque, uint32_t at)
201a51fc
AZ		 3381{
3382 struct md_s *s = (struct md_s *) opaque;
3383 uint16_t ret;
3384 at -= s->io_base;
3385
3386 switch (s->opt & OPT_MODE) {
3387 case OPT_MODE_MMAP:
3388 if ((at & ~0x3ff) == 0x400)
3389 at = 0;
3390 break;
3391 case OPT_MODE_IOMAP16:
3392 at &= 0xf;
3393 break;
3394 case OPT_MODE_IOMAP1:
3395 if ((at & ~0xf) == 0x3f0)
3396 at -= 0x3e8;
3397 else if ((at & ~0xf) == 0x1f0)
3398 at -= 0x1f0;
3399 break;
3400 case OPT_MODE_IOMAP2:
3401 if ((at & ~0xf) == 0x370)
3402 at -= 0x368;
3403 else if ((at & ~0xf) == 0x170)
3404 at -= 0x170;
3405 }
3406
3407 switch (at) {
3408 case 0x0: /* Even RD Data */
3409 case 0x8:
3410 return ide_data_readw(s->ide, 0);
3411
3412 /* TODO: 8-bit accesses */
3413 if (s->cycle)
3414 ret = s->io >> 8;
3415 else {
3416 s->io = ide_data_readw(s->ide, 0);
3417 ret = s->io & 0xff;
3418 }
3419 s->cycle = !s->cycle;
3420 return ret;
3421 case 0x9: /* Odd RD Data */
3422 return s->io >> 8;
3423 case 0xd: /* Error */
3424 return ide_ioport_read(s->ide, 0x1);
3425 case 0xe: /* Alternate Status */
3426 if (s->ide->cur_drive->bs)
3427 return s->ide->cur_drive->status;
3428 else
3429 return 0;
3430 case 0xf: /* Device Address */
3431 return 0xc2 | ((~s->ide->select << 2) & 0x3c);
3432 default:
3433 return ide_ioport_read(s->ide, at);
3434 }
3435
3436 return 0;
3437}
3438
9e315fa9 3439static void md_common_write(void *opaque, uint32_t at, uint16_t value)
201a51fc
AZ		 3440{
3441 struct md_s *s = (struct md_s *) opaque;
3442 at -= s->io_base;
3443
3444 switch (s->opt & OPT_MODE) {
3445 case OPT_MODE_MMAP:
3446 if ((at & ~0x3ff) == 0x400)
3447 at = 0;
3448 break;
3449 case OPT_MODE_IOMAP16:
3450 at &= 0xf;
3451 break;
3452 case OPT_MODE_IOMAP1:
3453 if ((at & ~0xf) == 0x3f0)
3454 at -= 0x3e8;
3455 else if ((at & ~0xf) == 0x1f0)
3456 at -= 0x1f0;
3457 break;
3458 case OPT_MODE_IOMAP2:
3459 if ((at & ~0xf) == 0x370)
3460 at -= 0x368;
3461 else if ((at & ~0xf) == 0x170)
3462 at -= 0x170;
3463 }
3464
3465 switch (at) {
3466 case 0x0: /* Even WR Data */
3467 case 0x8:
3468 ide_data_writew(s->ide, 0, value);
3469 break;
3470
3471 /* TODO: 8-bit accesses */
3472 if (s->cycle)
3473 ide_data_writew(s->ide, 0, s->io | (value << 8));
3474 else
3475 s->io = value & 0xff;
3476 s->cycle = !s->cycle;
3477 break;
3478 case 0x9:
3479 s->io = value & 0xff;
3480 s->cycle = !s->cycle;
3481 break;
3482 case 0xd: /* Features */
3483 ide_ioport_write(s->ide, 0x1, value);
3484 break;
3485 case 0xe: /* Device Control */
3486 s->ctrl = value;
3487 if (value & CTRL_SRST)
3488 md_reset(s);
3489 md_interrupt_update(s);
3490 break;
3491 default:
3492 if (s->stat & STAT_PWRDWN) {
3493 s->pins |= PINS_CRDY;
3494 s->stat &= ~STAT_PWRDWN;
3495 }
3496 ide_ioport_write(s->ide, at, value);
3497 }
3498}
3499
aa941b94
AZ		 3500static void md_save(QEMUFile *f, void *opaque)
3501{
3502 struct md_s *s = (struct md_s *) opaque;
3503 int i;
3504 uint8_t drive1_selected;
3505
3506 qemu_put_8s(f, &s->opt);
3507 qemu_put_8s(f, &s->stat);
3508 qemu_put_8s(f, &s->pins);
3509
3510 qemu_put_8s(f, &s->ctrl);
3511 qemu_put_be16s(f, &s->io);
3512 qemu_put_byte(f, s->cycle);
3513
3514 drive1_selected = (s->ide->cur_drive != s->ide);
3515 qemu_put_8s(f, &s->ide->cmd);
3516 qemu_put_8s(f, &drive1_selected);
3517
3518 for (i = 0; i < 2; i ++)
3519 ide_save(f, &s->ide[i]);
3520}
3521
3522static int md_load(QEMUFile *f, void *opaque, int version_id)
3523{
3524 struct md_s *s = (struct md_s *) opaque;
3525 int i;
3526 uint8_t drive1_selected;
3527
3528 qemu_get_8s(f, &s->opt);
3529 qemu_get_8s(f, &s->stat);
3530 qemu_get_8s(f, &s->pins);
3531
3532 qemu_get_8s(f, &s->ctrl);
3533 qemu_get_be16s(f, &s->io);
3534 s->cycle = qemu_get_byte(f);
3535
3536 qemu_get_8s(f, &s->ide->cmd);
3537 qemu_get_8s(f, &drive1_selected);
3538 s->ide->cur_drive = &s->ide[(drive1_selected != 0)];
3539
3540 for (i = 0; i < 2; i ++)
3541 ide_load(f, &s->ide[i]);
3542
3543 return 0;
3544}
3545
3546static int md_iid = 0;
3547
201a51fc
AZ		 3548static const uint8_t dscm1xxxx_cis[0x14a] = {
3549 [0x000] = CISTPL_DEVICE, /* 5V Device Information */
3550 [0x002] = 0x03, /* Tuple length = 4 bytes */
3551 [0x004] = 0xdb, /* ID: DTYPE_FUNCSPEC, non WP, DSPEED_150NS */
3552 [0x006] = 0x01, /* Size = 2K bytes */
3553 [0x008] = CISTPL_ENDMARK,
3554
3555 [0x00a] = CISTPL_DEVICE_OC, /* Additional Device Information */
3556 [0x00c] = 0x04, /* Tuple length = 4 byest */
3557 [0x00e] = 0x03, /* Conditions: Ext = 0, Vcc 3.3V, MWAIT = 1 */
3558 [0x010] = 0xdb, /* ID: DTYPE_FUNCSPEC, non WP, DSPEED_150NS */
3559 [0x012] = 0x01, /* Size = 2K bytes */
3560 [0x014] = CISTPL_ENDMARK,
3561
3562 [0x016] = CISTPL_JEDEC_C, /* JEDEC ID */
3563 [0x018] = 0x02, /* Tuple length = 2 bytes */
3564 [0x01a] = 0xdf, /* PC Card ATA with no Vpp required */
3565 [0x01c] = 0x01,
3566
3567 [0x01e] = CISTPL_MANFID, /* Manufacture ID */
3568 [0x020] = 0x04, /* Tuple length = 4 bytes */
3569 [0x022] = 0xa4, /* TPLMID_MANF = 00a4 (IBM) */
3570 [0x024] = 0x00,
3571 [0x026] = 0x00, /* PLMID_CARD = 0000 */
3572 [0x028] = 0x00,
3573
3574 [0x02a] = CISTPL_VERS_1, /* Level 1 Version */
3575 [0x02c] = 0x12, /* Tuple length = 23 bytes */
3576 [0x02e] = 0x04, /* Major Version = JEIDA 4.2 / PCMCIA 2.1 */
3577 [0x030] = 0x01, /* Minor Version = 1 */
3578 [0x032] = 'I',
3579 [0x034] = 'B',
3580 [0x036] = 'M',
3581 [0x038] = 0x00,
3582 [0x03a] = 'm',
3583 [0x03c] = 'i',
3584 [0x03e] = 'c',
3585 [0x040] = 'r',
3586 [0x042] = 'o',
3587 [0x044] = 'd',
3588 [0x046] = 'r',
3589 [0x048] = 'i',
3590 [0x04a] = 'v',
3591 [0x04c] = 'e',
3592 [0x04e] = 0x00,
3593 [0x050] = CISTPL_ENDMARK,
3594
3595 [0x052] = CISTPL_FUNCID, /* Function ID */
3596 [0x054] = 0x02, /* Tuple length = 2 bytes */
3597 [0x056] = 0x04, /* TPLFID_FUNCTION = Fixed Disk */
3598 [0x058] = 0x01, /* TPLFID_SYSINIT: POST = 1, ROM = 0 */
3599
3600 [0x05a] = CISTPL_FUNCE, /* Function Extension */
3601 [0x05c] = 0x02, /* Tuple length = 2 bytes */
3602 [0x05e] = 0x01, /* TPLFE_TYPE = Disk Device Interface */
3603 [0x060] = 0x01, /* TPLFE_DATA = PC Card ATA Interface */
3604
3605 [0x062] = CISTPL_FUNCE, /* Function Extension */
3606 [0x064] = 0x03, /* Tuple length = 3 bytes */
3607 [0x066] = 0x02, /* TPLFE_TYPE = Basic PC Card ATA Interface */
3608 [0x068] = 0x08, /* TPLFE_DATA: Rotating, Unique, Single */
3609 [0x06a] = 0x0f, /* TPLFE_DATA: Sleep, Standby, Idle, Auto */
3610
3611 [0x06c] = CISTPL_CONFIG, /* Configuration */
3612 [0x06e] = 0x05, /* Tuple length = 5 bytes */
3613 [0x070] = 0x01, /* TPCC_RASZ = 2 bytes, TPCC_RMSZ = 1 byte */
3614 [0x072] = 0x07, /* TPCC_LAST = 7 */
3615 [0x074] = 0x00, /* TPCC_RADR = 0200 */
3616 [0x076] = 0x02,
3617 [0x078] = 0x0f, /* TPCC_RMSK = 200, 202, 204, 206 */
3618
3619 [0x07a] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
3620 [0x07c] = 0x0b, /* Tuple length = 11 bytes */
3621 [0x07e] = 0xc0, /* TPCE_INDX = Memory Mode, Default, Iface */
3622 [0x080] = 0xc0, /* TPCE_IF = Memory, no BVDs, no WP, READY */
3623 [0x082] = 0xa1, /* TPCE_FS = Vcc only, no I/O, Memory, Misc */
3624 [0x084] = 0x27, /* NomV = 1, MinV = 1, MaxV = 1, Peakl = 1 */
3625 [0x086] = 0x55, /* NomV: 5.0 V */
3626 [0x088] = 0x4d, /* MinV: 4.5 V */
3627 [0x08a] = 0x5d, /* MaxV: 5.5 V */
3628 [0x08c] = 0x4e, /* Peakl: 450 mA */
3629 [0x08e] = 0x08, /* TPCE_MS = 1 window, 1 byte, Host address */
3630 [0x090] = 0x00, /* Window descriptor: Window length = 0 */
3631 [0x092] = 0x20, /* TPCE_MI: support power down mode, RW */
3632
3633 [0x094] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
3634 [0x096] = 0x06, /* Tuple length = 6 bytes */
3635 [0x098] = 0x00, /* TPCE_INDX = Memory Mode, no Default */
3636 [0x09a] = 0x01, /* TPCE_FS = Vcc only, no I/O, no Memory */
3637 [0x09c] = 0x21, /* NomV = 1, MinV = 0, MaxV = 0, Peakl = 1 */
3638 [0x09e] = 0xb5, /* NomV: 3.3 V */
3639 [0x0a0] = 0x1e,
3640 [0x0a2] = 0x3e, /* Peakl: 350 mA */
3641
3642 [0x0a4] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
3643 [0x0a6] = 0x0d, /* Tuple length = 13 bytes */
3644 [0x0a8] = 0xc1, /* TPCE_INDX = I/O and Memory Mode, Default */
3645 [0x0aa] = 0x41, /* TPCE_IF = I/O and Memory, no BVD, no WP */
3646 [0x0ac] = 0x99, /* TPCE_FS = Vcc only, I/O, Interrupt, Misc */
3647 [0x0ae] = 0x27, /* NomV = 1, MinV = 1, MaxV = 1, Peakl = 1 */
3648 [0x0b0] = 0x55, /* NomV: 5.0 V */
3649 [0x0b2] = 0x4d, /* MinV: 4.5 V */
3650 [0x0b4] = 0x5d, /* MaxV: 5.5 V */
3651 [0x0b6] = 0x4e, /* Peakl: 450 mA */
3652 [0x0b8] = 0x64, /* TPCE_IO = 16-byte boundary, 16/8 accesses */
3653 [0x0ba] = 0xf0, /* TPCE_IR = MASK, Level, Pulse, Share */
3654 [0x0bc] = 0xff, /* IRQ0..IRQ7 supported */
3655 [0x0be] = 0xff, /* IRQ8..IRQ15 supported */
3656 [0x0c0] = 0x20, /* TPCE_MI = support power down mode */
3657
3658 [0x0c2] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
3659 [0x0c4] = 0x06, /* Tuple length = 6 bytes */
3660 [0x0c6] = 0x01, /* TPCE_INDX = I/O and Memory Mode */
3661 [0x0c8] = 0x01, /* TPCE_FS = Vcc only, no I/O, no Memory */
3662 [0x0ca] = 0x21, /* NomV = 1, MinV = 0, MaxV = 0, Peakl = 1 */
3663 [0x0cc] = 0xb5, /* NomV: 3.3 V */
3664 [0x0ce] = 0x1e,
3665 [0x0d0] = 0x3e, /* Peakl: 350 mA */
3666
3667 [0x0d2] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
3668 [0x0d4] = 0x12, /* Tuple length = 18 bytes */
3669 [0x0d6] = 0xc2, /* TPCE_INDX = I/O Primary Mode */
3670 [0x0d8] = 0x41, /* TPCE_IF = I/O and Memory, no BVD, no WP */
3671 [0x0da] = 0x99, /* TPCE_FS = Vcc only, I/O, Interrupt, Misc */
3672 [0x0dc] = 0x27, /* NomV = 1, MinV = 1, MaxV = 1, Peakl = 1 */
3673 [0x0de] = 0x55, /* NomV: 5.0 V */
3674 [0x0e0] = 0x4d, /* MinV: 4.5 V */
3675 [0x0e2] = 0x5d, /* MaxV: 5.5 V */
3676 [0x0e4] = 0x4e, /* Peakl: 450 mA */
3677 [0x0e6] = 0xea, /* TPCE_IO = 1K boundary, 16/8 access, Range */
3678 [0x0e8] = 0x61, /* Range: 2 fields, 2 bytes addr, 1 byte len */
3679 [0x0ea] = 0xf0, /* Field 1 address = 0x01f0 */
3680 [0x0ec] = 0x01,
3681 [0x0ee] = 0x07, /* Address block length = 8 */
3682 [0x0f0] = 0xf6, /* Field 2 address = 0x03f6 */
3683 [0x0f2] = 0x03,
3684 [0x0f4] = 0x01, /* Address block length = 2 */
3685 [0x0f6] = 0xee, /* TPCE_IR = IRQ E, Level, Pulse, Share */
3686 [0x0f8] = 0x20, /* TPCE_MI = support power down mode */
3687
3688 [0x0fa] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
3689 [0x0fc] = 0x06, /* Tuple length = 6 bytes */
3690 [0x0fe] = 0x02, /* TPCE_INDX = I/O Primary Mode, no Default */
3691 [0x100] = 0x01, /* TPCE_FS = Vcc only, no I/O, no Memory */
3692 [0x102] = 0x21, /* NomV = 1, MinV = 0, MaxV = 0, Peakl = 1 */
3693 [0x104] = 0xb5, /* NomV: 3.3 V */
3694 [0x106] = 0x1e,
3695 [0x108] = 0x3e, /* Peakl: 350 mA */
3696
3697 [0x10a] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
3698 [0x10c] = 0x12, /* Tuple length = 18 bytes */
3699 [0x10e] = 0xc3, /* TPCE_INDX = I/O Secondary Mode, Default */
3700 [0x110] = 0x41, /* TPCE_IF = I/O and Memory, no BVD, no WP */
3701 [0x112] = 0x99, /* TPCE_FS = Vcc only, I/O, Interrupt, Misc */
3702 [0x114] = 0x27, /* NomV = 1, MinV = 1, MaxV = 1, Peakl = 1 */
3703 [0x116] = 0x55, /* NomV: 5.0 V */
3704 [0x118] = 0x4d, /* MinV: 4.5 V */
3705 [0x11a] = 0x5d, /* MaxV: 5.5 V */
3706 [0x11c] = 0x4e, /* Peakl: 450 mA */
3707 [0x11e] = 0xea, /* TPCE_IO = 1K boundary, 16/8 access, Range */
3708 [0x120] = 0x61, /* Range: 2 fields, 2 byte addr, 1 byte len */
3709 [0x122] = 0x70, /* Field 1 address = 0x0170 */
3710 [0x124] = 0x01,
3711 [0x126] = 0x07, /* Address block length = 8 */
3712 [0x128] = 0x76, /* Field 2 address = 0x0376 */
3713 [0x12a] = 0x03,
3714 [0x12c] = 0x01, /* Address block length = 2 */
3715 [0x12e] = 0xee, /* TPCE_IR = IRQ E, Level, Pulse, Share */
3716 [0x130] = 0x20, /* TPCE_MI = support power down mode */
3717
3718 [0x132] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
3719 [0x134] = 0x06, /* Tuple length = 6 bytes */
3720 [0x136] = 0x03, /* TPCE_INDX = I/O Secondary Mode */
3721 [0x138] = 0x01, /* TPCE_FS = Vcc only, no I/O, no Memory */
3722 [0x13a] = 0x21, /* NomV = 1, MinV = 0, MaxV = 0, Peakl = 1 */
3723 [0x13c] = 0xb5, /* NomV: 3.3 V */
3724 [0x13e] = 0x1e,
3725 [0x140] = 0x3e, /* Peakl: 350 mA */
3726
3727 [0x142] = CISTPL_NO_LINK, /* No Link */
3728 [0x144] = 0x00, /* Tuple length = 0 bytes */
3729
3730 [0x146] = CISTPL_END, /* Tuple End */
3731};
3732
3733static int dscm1xxxx_attach(void *opaque)
3734{
3735 struct md_s *md = (struct md_s *) opaque;
3736 md->card.attr_read = md_attr_read;
3737 md->card.attr_write = md_attr_write;
3738 md->card.common_read = md_common_read;
3739 md->card.common_write = md_common_write;
3740 md->card.io_read = md_common_read;
3741 md->card.io_write = md_common_write;
3742
3743 md->attr_base = md->card.cis[0x74] | (md->card.cis[0x76] << 8);
3744 md->io_base = 0x0;
3745
3746 md_reset(md);
3747 md_interrupt_update(md);
3748
3749 md->card.slot->card_string = "DSCM-1xxxx Hitachi Microdrive";
3750 return 0;
3751}
3752
3753static int dscm1xxxx_detach(void *opaque)
3754{
3755 struct md_s *md = (struct md_s *) opaque;
3756 md_reset(md);
3757 return 0;
3758}
3759
3760struct pcmcia_card_s *dscm1xxxx_init(BlockDriverState *bdrv)
3761{
3762 struct md_s *md = (struct md_s *) qemu_mallocz(sizeof(struct md_s));
3763 md->card.state = md;
3764 md->card.attach = dscm1xxxx_attach;
3765 md->card.detach = dscm1xxxx_detach;
3766 md->card.cis = dscm1xxxx_cis;
3767 md->card.cis_len = sizeof(dscm1xxxx_cis);
3768
3769 ide_init2(md->ide, bdrv, 0, qemu_allocate_irqs(md_set_irq, md, 1)[0]);
3770 md->ide->is_cf = 1;
3771 md->ide->mdata_size = METADATA_SIZE;
3772 md->ide->mdata_storage = (uint8_t *) qemu_mallocz(METADATA_SIZE);
aa941b94
AZ		 3773
3774 register_savevm("microdrive", md_iid ++, 0, md_save, md_load, md);
3775
201a51fc
AZ		 3776 return &md->card;
3777}
Empty description
This page took 0.603314 seconds and 4 git commands to generate.