]> Git Repo - qemu.git/blame - hw/ide.c
projects / qemu.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Define PCI vendor and device IDs in pci.h (Stuart Brady)
[qemu.git] / hw / ide.c
CommitLineData
5391d806 1/*
38cdea7c 2 * QEMU IDE disk and CD/DVD-ROM Emulator
5fafdf24 3 *
5391d806 4 * Copyright (c) 2003 Fabrice Bellard
201a51fc 5 * Copyright (c) 2006 Openedhand Ltd.
5fafdf24 6 *
5391d806
FB		 7 * Permission is hereby granted, free of charge, to any person obtaining a copy
8 * of this software and associated documentation files (the "Software"), to deal
9 * in the Software without restriction, including without limitation the rights
10 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
11 * copies of the Software, and to permit persons to whom the Software is
12 * furnished to do so, subject to the following conditions:
13 *
14 * The above copyright notice and this permission notice shall be included in
15 * all copies or substantial portions of the Software.
16 *
17 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
18 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
19 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
20 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
21 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
22 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
23 * THE SOFTWARE.
24 */
87ecb68b
PB		 25#include "hw.h"
26#include "pc.h"
27#include "pci.h"
28#include "scsi-disk.h"
29#include "pcmcia.h"
30#include "block.h"
31#include "qemu-timer.h"
32#include "sysemu.h"
9596ebb7 33#include "ppc_mac.h"
b79e1752 34#include "sh.h"
5391d806 35
5391d806
FB		 36/* debug IDE devices */
37//#define DEBUG_IDE
38//#define DEBUG_IDE_ATAPI
8ccad811
FB		 39//#define DEBUG_AIO
40#define USE_DMA_CDROM
5391d806
FB		 41
42/* Bits of HD_STATUS */
43#define ERR_STAT 0x01
44#define INDEX_STAT 0x02
45#define ECC_STAT 0x04 /* Corrected error */
46#define DRQ_STAT 0x08
47#define SEEK_STAT 0x10
48#define SRV_STAT 0x10
49#define WRERR_STAT 0x20
50#define READY_STAT 0x40
51#define BUSY_STAT 0x80
52
53/* Bits for HD_ERROR */
54#define MARK_ERR 0x01 /* Bad address mark */
55#define TRK0_ERR 0x02 /* couldn't find track 0 */
56#define ABRT_ERR 0x04 /* Command aborted */
57#define MCR_ERR 0x08 /* media change request */
58#define ID_ERR 0x10 /* ID field not found */
59#define MC_ERR 0x20 /* media changed */
60#define ECC_ERR 0x40 /* Uncorrectable ECC error */
61#define BBD_ERR 0x80 /* pre-EIDE meaning: block marked bad */
62#define ICRC_ERR 0x80 /* new meaning: CRC error during transfer */
63
64/* Bits of HD_NSECTOR */
65#define CD 0x01
66#define IO 0x02
67#define REL 0x04
68#define TAG_MASK 0xf8
69
70#define IDE_CMD_RESET 0x04
71#define IDE_CMD_DISABLE_IRQ 0x02
72
73/* ATA/ATAPI Commands pre T13 Spec */
74#define WIN_NOP 0x00
75/*
76 * 0x01->0x02 Reserved
77 */
78#define CFA_REQ_EXT_ERROR_CODE 0x03 /* CFA Request Extended Error Code */
79/*
80 * 0x04->0x07 Reserved
81 */
82#define WIN_SRST 0x08 /* ATAPI soft reset command */
83#define WIN_DEVICE_RESET 0x08
84/*
85 * 0x09->0x0F Reserved
86 */
87#define WIN_RECAL 0x10
88#define WIN_RESTORE WIN_RECAL
89/*
90 * 0x10->0x1F Reserved
91 */
92#define WIN_READ 0x20 /* 28-Bit */
93#define WIN_READ_ONCE 0x21 /* 28-Bit without retries */
94#define WIN_READ_LONG 0x22 /* 28-Bit */
95#define WIN_READ_LONG_ONCE 0x23 /* 28-Bit without retries */
96#define WIN_READ_EXT 0x24 /* 48-Bit */
97#define WIN_READDMA_EXT 0x25 /* 48-Bit */
98#define WIN_READDMA_QUEUED_EXT 0x26 /* 48-Bit */
99#define WIN_READ_NATIVE_MAX_EXT 0x27 /* 48-Bit */
100/*
101 * 0x28
102 */
103#define WIN_MULTREAD_EXT 0x29 /* 48-Bit */
104/*
105 * 0x2A->0x2F Reserved
106 */
107#define WIN_WRITE 0x30 /* 28-Bit */
108#define WIN_WRITE_ONCE 0x31 /* 28-Bit without retries */
109#define WIN_WRITE_LONG 0x32 /* 28-Bit */
110#define WIN_WRITE_LONG_ONCE 0x33 /* 28-Bit without retries */
111#define WIN_WRITE_EXT 0x34 /* 48-Bit */
112#define WIN_WRITEDMA_EXT 0x35 /* 48-Bit */
113#define WIN_WRITEDMA_QUEUED_EXT 0x36 /* 48-Bit */
114#define WIN_SET_MAX_EXT 0x37 /* 48-Bit */
115#define CFA_WRITE_SECT_WO_ERASE 0x38 /* CFA Write Sectors without erase */
116#define WIN_MULTWRITE_EXT 0x39 /* 48-Bit */
117/*
118 * 0x3A->0x3B Reserved
119 */
120#define WIN_WRITE_VERIFY 0x3C /* 28-Bit */
121/*
122 * 0x3D->0x3F Reserved
123 */
124#define WIN_VERIFY 0x40 /* 28-Bit - Read Verify Sectors */
125#define WIN_VERIFY_ONCE 0x41 /* 28-Bit - without retries */
126#define WIN_VERIFY_EXT 0x42 /* 48-Bit */
127/*
128 * 0x43->0x4F Reserved
129 */
130#define WIN_FORMAT 0x50
131/*
132 * 0x51->0x5F Reserved
133 */
134#define WIN_INIT 0x60
135/*
136 * 0x61->0x5F Reserved
137 */
138#define WIN_SEEK 0x70 /* 0x70-0x7F Reserved */
139#define CFA_TRANSLATE_SECTOR 0x87 /* CFA Translate Sector */
140#define WIN_DIAGNOSE 0x90
141#define WIN_SPECIFY 0x91 /* set drive geometry translation */
142#define WIN_DOWNLOAD_MICROCODE 0x92
143#define WIN_STANDBYNOW2 0x94
201a51fc 144#define CFA_IDLEIMMEDIATE 0x95 /* force drive to become "ready" */
5391d806
FB		 145#define WIN_STANDBY2 0x96
146#define WIN_SETIDLE2 0x97
147#define WIN_CHECKPOWERMODE2 0x98
148#define WIN_SLEEPNOW2 0x99
149/*
150 * 0x9A VENDOR
151 */
152#define WIN_PACKETCMD 0xA0 /* Send a packet command. */
153#define WIN_PIDENTIFY 0xA1 /* identify ATAPI device */
154#define WIN_QUEUED_SERVICE 0xA2
155#define WIN_SMART 0xB0 /* self-monitoring and reporting */
201a51fc
AZ		 156#define CFA_ACCESS_METADATA_STORAGE 0xB8
157#define CFA_ERASE_SECTORS 0xC0 /* microdrives implement as NOP */
5391d806
FB		 158#define WIN_MULTREAD 0xC4 /* read sectors using multiple mode*/
159#define WIN_MULTWRITE 0xC5 /* write sectors using multiple mode */
160#define WIN_SETMULT 0xC6 /* enable/disable multiple mode */
161#define WIN_READDMA_QUEUED 0xC7 /* read sectors using Queued DMA transfers */
162#define WIN_READDMA 0xC8 /* read sectors using DMA transfers */
163#define WIN_READDMA_ONCE 0xC9 /* 28-Bit - without retries */
164#define WIN_WRITEDMA 0xCA /* write sectors using DMA transfers */
165#define WIN_WRITEDMA_ONCE 0xCB /* 28-Bit - without retries */
166#define WIN_WRITEDMA_QUEUED 0xCC /* write sectors using Queued DMA transfers */
167#define CFA_WRITE_MULTI_WO_ERASE 0xCD /* CFA Write multiple without erase */
5fafdf24 168#define WIN_GETMEDIASTATUS 0xDA
5391d806
FB		 169#define WIN_ACKMEDIACHANGE 0xDB /* ATA-1, ATA-2 vendor */
170#define WIN_POSTBOOT 0xDC
171#define WIN_PREBOOT 0xDD
172#define WIN_DOORLOCK 0xDE /* lock door on removable drives */
173#define WIN_DOORUNLOCK 0xDF /* unlock door on removable drives */
174#define WIN_STANDBYNOW1 0xE0
175#define WIN_IDLEIMMEDIATE 0xE1 /* force drive to become "ready" */
176#define WIN_STANDBY 0xE2 /* Set device in Standby Mode */
177#define WIN_SETIDLE1 0xE3
178#define WIN_READ_BUFFER 0xE4 /* force read only 1 sector */
179#define WIN_CHECKPOWERMODE1 0xE5
180#define WIN_SLEEPNOW1 0xE6
181#define WIN_FLUSH_CACHE 0xE7
182#define WIN_WRITE_BUFFER 0xE8 /* force write only 1 sector */
183#define WIN_WRITE_SAME 0xE9 /* read ata-2 to use */
184 /* SET_FEATURES 0x22 or 0xDD */
185#define WIN_FLUSH_CACHE_EXT 0xEA /* 48-Bit */
186#define WIN_IDENTIFY 0xEC /* ask drive to identify itself */
187#define WIN_MEDIAEJECT 0xED
188#define WIN_IDENTIFY_DMA 0xEE /* same as WIN_IDENTIFY, but DMA */
189#define WIN_SETFEATURES 0xEF /* set special drive features */
190#define EXABYTE_ENABLE_NEST 0xF0
201a51fc 191#define IBM_SENSE_CONDITION 0xF0 /* measure disk temperature */
5391d806
FB		 192#define WIN_SECURITY_SET_PASS 0xF1
193#define WIN_SECURITY_UNLOCK 0xF2
194#define WIN_SECURITY_ERASE_PREPARE 0xF3
195#define WIN_SECURITY_ERASE_UNIT 0xF4
196#define WIN_SECURITY_FREEZE_LOCK 0xF5
201a51fc 197#define CFA_WEAR_LEVEL 0xF5 /* microdrives implement as NOP */
5391d806
FB		 198#define WIN_SECURITY_DISABLE 0xF6
199#define WIN_READ_NATIVE_MAX 0xF8 /* return the native maximum address */
200#define WIN_SET_MAX 0xF9
201#define DISABLE_SEAGATE 0xFB
202
203/* set to 1 set disable mult support */
f66723fa 204#define MAX_MULT_SECTORS 16
5391d806 205
1d8cde5b
AJ		 206#define IDE_DMA_BUF_SECTORS 256
207
208#if (IDE_DMA_BUF_SECTORS < MAX_MULT_SECTORS)
209#error "IDE_DMA_BUF_SECTORS must be bigger or equal to MAX_MULT_SECTORS"
210#endif
211
5391d806
FB		 212/* ATAPI defines */
213
214#define ATAPI_PACKET_SIZE 12
215
216/* The generic packet command opcodes for CD/DVD Logical Units,
217 * From Table 57 of the SFF8090 Ver. 3 (Mt. Fuji) draft standard. */
218#define GPCMD_BLANK 0xa1
219#define GPCMD_CLOSE_TRACK 0x5b
220#define GPCMD_FLUSH_CACHE 0x35
221#define GPCMD_FORMAT_UNIT 0x04
222#define GPCMD_GET_CONFIGURATION 0x46
223#define GPCMD_GET_EVENT_STATUS_NOTIFICATION 0x4a
224#define GPCMD_GET_PERFORMANCE 0xac
225#define GPCMD_INQUIRY 0x12
226#define GPCMD_LOAD_UNLOAD 0xa6
227#define GPCMD_MECHANISM_STATUS 0xbd
228#define GPCMD_MODE_SELECT_10 0x55
229#define GPCMD_MODE_SENSE_10 0x5a
230#define GPCMD_PAUSE_RESUME 0x4b
231#define GPCMD_PLAY_AUDIO_10 0x45
232#define GPCMD_PLAY_AUDIO_MSF 0x47
233#define GPCMD_PLAY_AUDIO_TI 0x48
234#define GPCMD_PLAY_CD 0xbc
235#define GPCMD_PREVENT_ALLOW_MEDIUM_REMOVAL 0x1e
236#define GPCMD_READ_10 0x28
237#define GPCMD_READ_12 0xa8
238#define GPCMD_READ_CDVD_CAPACITY 0x25
239#define GPCMD_READ_CD 0xbe
240#define GPCMD_READ_CD_MSF 0xb9
241#define GPCMD_READ_DISC_INFO 0x51
242#define GPCMD_READ_DVD_STRUCTURE 0xad
243#define GPCMD_READ_FORMAT_CAPACITIES 0x23
244#define GPCMD_READ_HEADER 0x44
245#define GPCMD_READ_TRACK_RZONE_INFO 0x52
246#define GPCMD_READ_SUBCHANNEL 0x42
247#define GPCMD_READ_TOC_PMA_ATIP 0x43
248#define GPCMD_REPAIR_RZONE_TRACK 0x58
249#define GPCMD_REPORT_KEY 0xa4
250#define GPCMD_REQUEST_SENSE 0x03
251#define GPCMD_RESERVE_RZONE_TRACK 0x53
252#define GPCMD_SCAN 0xba
253#define GPCMD_SEEK 0x2b
254#define GPCMD_SEND_DVD_STRUCTURE 0xad
255#define GPCMD_SEND_EVENT 0xa2
256#define GPCMD_SEND_KEY 0xa3
257#define GPCMD_SEND_OPC 0x54
258#define GPCMD_SET_READ_AHEAD 0xa7
259#define GPCMD_SET_STREAMING 0xb6
260#define GPCMD_START_STOP_UNIT 0x1b
261#define GPCMD_STOP_PLAY_SCAN 0x4e
262#define GPCMD_TEST_UNIT_READY 0x00
263#define GPCMD_VERIFY_10 0x2f
264#define GPCMD_WRITE_10 0x2a
265#define GPCMD_WRITE_AND_VERIFY_10 0x2e
5fafdf24 266/* This is listed as optional in ATAPI 2.6, but is (curiously)
5391d806
FB		 267 * missing from Mt. Fuji, Table 57. It _is_ mentioned in Mt. Fuji
268 * Table 377 as an MMC command for SCSi devices though... Most ATAPI
269 * drives support it. */
270#define GPCMD_SET_SPEED 0xbb
5fafdf24 271/* This seems to be a SCSI specific CD-ROM opcode
5391d806
FB		 272 * to play data at track/index */
273#define GPCMD_PLAYAUDIO_TI 0x48
274/*
275 * From MS Media Status Notification Support Specification. For
276 * older drives only.
277 */
278#define GPCMD_GET_MEDIA_STATUS 0xda
d14049ea 279#define GPCMD_MODE_SENSE_6 0x1a
5391d806
FB		 280
281/* Mode page codes for mode sense/set */
282#define GPMODE_R_W_ERROR_PAGE 0x01
283#define GPMODE_WRITE_PARMS_PAGE 0x05
284#define GPMODE_AUDIO_CTL_PAGE 0x0e
285#define GPMODE_POWER_PAGE 0x1a
286#define GPMODE_FAULT_FAIL_PAGE 0x1c
287#define GPMODE_TO_PROTECT_PAGE 0x1d
288#define GPMODE_CAPABILITIES_PAGE 0x2a
289#define GPMODE_ALL_PAGES 0x3f
290/* Not in Mt. Fuji, but in ATAPI 2.6 -- depricated now in favor
291 * of MODE_SENSE_POWER_PAGE */
292#define GPMODE_CDROM_PAGE 0x0d
293
38cdea7c
AZ		 294/*
295 * Based on values from <linux/cdrom.h> but extending CD_MINS
296 * to the maximum common size allowed by the Orange's Book ATIP
297 *
298 * 90 and 99 min CDs are also available but using them as the
299 * upper limit reduces the effectiveness of the heuristic to
300 * detect DVDs burned to less than 25% of their maximum capacity
301 */
302
303/* Some generally useful CD-ROM information */
304#define CD_MINS 80 /* max. minutes per CD */
305#define CD_SECS 60 /* seconds per minute */
306#define CD_FRAMES 75 /* frames per second */
307#define CD_FRAMESIZE 2048 /* bytes per frame, "cooked" mode */
308#define CD_MAX_BYTES (CD_MINS * CD_SECS * CD_FRAMES * CD_FRAMESIZE)
309#define CD_MAX_SECTORS (CD_MAX_BYTES / 512)
310
311/*
312 * The MMC values are not IDE specific and might need to be moved
313 * to a common header if they are also needed for the SCSI emulation
314 */
315
316/* Profile list from MMC-6 revision 1 table 91 */
317#define MMC_PROFILE_NONE 0x0000
318#define MMC_PROFILE_CD_ROM 0x0008
319#define MMC_PROFILE_CD_R 0x0009
320#define MMC_PROFILE_CD_RW 0x000A
321#define MMC_PROFILE_DVD_ROM 0x0010
322#define MMC_PROFILE_DVD_R_SR 0x0011
323#define MMC_PROFILE_DVD_RAM 0x0012
324#define MMC_PROFILE_DVD_RW_RO 0x0013
325#define MMC_PROFILE_DVD_RW_SR 0x0014
326#define MMC_PROFILE_DVD_R_DL_SR 0x0015
327#define MMC_PROFILE_DVD_R_DL_JR 0x0016
328#define MMC_PROFILE_DVD_RW_DL 0x0017
329#define MMC_PROFILE_DVD_DDR 0x0018
330#define MMC_PROFILE_DVD_PLUS_RW 0x001A
331#define MMC_PROFILE_DVD_PLUS_R 0x001B
332#define MMC_PROFILE_DVD_PLUS_RW_DL 0x002A
333#define MMC_PROFILE_DVD_PLUS_R_DL 0x002B
334#define MMC_PROFILE_BD_ROM 0x0040
335#define MMC_PROFILE_BD_R_SRM 0x0041
336#define MMC_PROFILE_BD_R_RRM 0x0042
337#define MMC_PROFILE_BD_RE 0x0043
338#define MMC_PROFILE_HDDVD_ROM 0x0050
339#define MMC_PROFILE_HDDVD_R 0x0051
340#define MMC_PROFILE_HDDVD_RAM 0x0052
341#define MMC_PROFILE_HDDVD_RW 0x0053
342#define MMC_PROFILE_HDDVD_R_DL 0x0058
343#define MMC_PROFILE_HDDVD_RW_DL 0x005A
344#define MMC_PROFILE_INVALID 0xFFFF
345
5391d806
FB		 346#define ATAPI_INT_REASON_CD 0x01 /* 0 = data transfer */
347#define ATAPI_INT_REASON_IO 0x02 /* 1 = transfer to the host */
348#define ATAPI_INT_REASON_REL 0x04
349#define ATAPI_INT_REASON_TAG 0xf8
350
351/* same constants as bochs */
7f777bf3 352#define ASC_ILLEGAL_OPCODE 0x20
5391d806
FB		 353#define ASC_LOGICAL_BLOCK_OOR 0x21
354#define ASC_INV_FIELD_IN_CMD_PACKET 0x24
9118e7f0 355#define ASC_MEDIUM_MAY_HAVE_CHANGED 0x28
8114e9e8 356#define ASC_INCOMPATIBLE_FORMAT 0x30
5391d806
FB		 357#define ASC_MEDIUM_NOT_PRESENT 0x3a
358#define ASC_SAVING_PARAMETERS_NOT_SUPPORTED 0x39
359
201a51fc
AZ		 360#define CFA_NO_ERROR 0x00
361#define CFA_MISC_ERROR 0x09
362#define CFA_INVALID_COMMAND 0x20
363#define CFA_INVALID_ADDRESS 0x21
364#define CFA_ADDRESS_OVERFLOW 0x2f
365
5391d806
FB		 366#define SENSE_NONE 0
367#define SENSE_NOT_READY 2
368#define SENSE_ILLEGAL_REQUEST 5
369#define SENSE_UNIT_ATTENTION 6
370
371struct IDEState;
372
373typedef void EndTransferFunc(struct IDEState *);
374
caed8802 375/* NOTE: IDEState represents in fact one drive */
5391d806
FB		 376typedef struct IDEState {
377 /* ide config */
378 int is_cdrom;
201a51fc 379 int is_cf;
5391d806
FB		 380 int cylinders, heads, sectors;
381 int64_t nb_sectors;
382 int mult_sectors;
94458802
FB		 383 int identify_set;
384 uint16_t identify_data[256];
d537cf6c 385 qemu_irq irq;
34e538ae 386 PCIDevice *pci_dev;
98087450 387 struct BMDMAState *bmdma;
aedf5382 388 int drive_serial;
fa879c64 389 char drive_serial_str[21];
5391d806
FB		 390 /* ide regs */
391 uint8_t feature;
392 uint8_t error;
c2ff060f 393 uint32_t nsector;
5391d806
FB		 394 uint8_t sector;
395 uint8_t lcyl;
396 uint8_t hcyl;
c2ff060f
FB		 397 /* other part of tf for lba48 support */
398 uint8_t hob_feature;
399 uint8_t hob_nsector;
400 uint8_t hob_sector;
401 uint8_t hob_lcyl;
402 uint8_t hob_hcyl;
403
5391d806
FB		 404 uint8_t select;
405 uint8_t status;
c2ff060f 406
5391d806
FB		 407 /* 0x3f6 command, only meaningful for drive 0 */
408 uint8_t cmd;
c2ff060f
FB		 409 /* set for lba48 access */
410 uint8_t lba48;
5391d806 411 /* depends on bit 4 in select, only meaningful for drive 0 */
5fafdf24 412 struct IDEState *cur_drive;
5391d806
FB		 413 BlockDriverState *bs;
414 /* ATAPI specific */
415 uint8_t sense_key;
416 uint8_t asc;
417 int packet_transfer_size;
418 int elementary_transfer_size;
419 int io_buffer_index;
420 int lba;
98087450
FB		 421 int cd_sector_size;
422 int atapi_dma; /* true if dma is requested for the packet cmd */
423 /* ATA DMA state */
424 int io_buffer_size;
7aea4412 425 QEMUIOVector iovec;
98087450 426 /* PIO transfer handling */
5391d806
FB		 427 int req_nb_sectors; /* number of sectors per interrupt */
428 EndTransferFunc *end_transfer_func;
429 uint8_t *data_ptr;
430 uint8_t *data_end;
33f00271 431 uint8_t *io_buffer;
31c2a146 432 QEMUTimer *sector_write_timer; /* only used for win2k install hack */
e774a278 433 uint32_t irq_count; /* counts IRQs when using win2k install hack */
201a51fc
AZ		 434 /* CF-ATA extended error */
435 uint8_t ext_error;
436 /* CF-ATA metadata storage */
437 uint32_t mdata_size;
438 uint8_t *mdata_storage;
439 int media_changed;
5391d806
FB		 440} IDEState;
441
8114e9e8
TS		 442/* XXX: DVDs that could fit on a CD will be reported as a CD */
443static inline int media_present(IDEState *s)
444{
445 return (s->nb_sectors > 0);
446}
447
448static inline int media_is_dvd(IDEState *s)
449{
450 return (media_present(s) && s->nb_sectors > CD_MAX_SECTORS);
451}
452
453static inline int media_is_cd(IDEState *s)
454{
455 return (media_present(s) && s->nb_sectors <= CD_MAX_SECTORS);
456}
457
98087450
FB		 458#define BM_STATUS_DMAING 0x01
459#define BM_STATUS_ERROR 0x02
460#define BM_STATUS_INT 0x04
428c5705
AL		 461#define BM_STATUS_DMA_RETRY 0x08
462#define BM_STATUS_PIO_RETRY 0x10
98087450
FB		 463
464#define BM_CMD_START 0x01
465#define BM_CMD_READ 0x08
466
5457c8ce
FB		 467#define IDE_TYPE_PIIX3 0
468#define IDE_TYPE_CMD646 1
afcc3cdf 469#define IDE_TYPE_PIIX4 2
5457c8ce
FB		 470
471/* CMD646 specific */
472#define MRDMODE 0x71
473#define MRDMODE_INTR_CH0 0x04
474#define MRDMODE_INTR_CH1 0x08
475#define MRDMODE_BLK_CH0 0x10
476#define MRDMODE_BLK_CH1 0x20
477#define UDIDETCR0 0x73
478#define UDIDETCR1 0x7B
479
98087450
FB		 480typedef struct BMDMAState {
481 uint8_t cmd;
482 uint8_t status;
483 uint32_t addr;
3b46e624 484
5457c8ce 485 struct PCIIDEState *pci_dev;
98087450 486 /* current transfer state */
8ccad811
FB		 487 uint32_t cur_addr;
488 uint32_t cur_prd_last;
489 uint32_t cur_prd_addr;
490 uint32_t cur_prd_len;
98087450 491 IDEState *ide_if;
8ccad811
FB		 492 BlockDriverCompletionFunc *dma_cb;
493 BlockDriverAIOCB *aiocb;
428c5705
AL		 494 int64_t sector_num;
495 uint32_t nsector;
98087450
FB		 496} BMDMAState;
497
498typedef struct PCIIDEState {
499 PCIDevice dev;
500 IDEState ide_if[4];
501 BMDMAState bmdma[2];
5457c8ce 502 int type; /* see IDE_TYPE_xxx */
98087450
FB		 503} PCIIDEState;
504
8ccad811 505static void ide_dma_start(IDEState *s, BlockDriverCompletionFunc *dma_cb);
428c5705 506static void ide_dma_restart(IDEState *s);
5f12ab4b 507static void ide_atapi_cmd_read_dma_cb(void *opaque, int ret);
98087450 508
5391d806
FB		 509static void padstr(char *str, const char *src, int len)
510{
511 int i, v;
512 for(i = 0; i < len; i++) {
513 if (*src)
514 v = *src++;
515 else
516 v = ' ';
69b34976 517 str[i^1] = v;
5391d806
FB		 518 }
519}
520
bd0d90b2
FB		 521static void padstr8(uint8_t *buf, int buf_size, const char *src)
522{
523 int i;
524 for(i = 0; i < buf_size; i++) {
525 if (*src)
526 buf[i] = *src++;
527 else
528 buf[i] = ' ';
529 }
530}
531
67b915a5
FB		 532static void put_le16(uint16_t *p, unsigned int v)
533{
0c4ad8dc 534 *p = cpu_to_le16(v);
67b915a5
FB		 535}
536
5391d806
FB		 537static void ide_identify(IDEState *s)
538{
539 uint16_t *p;
540 unsigned int oldsize;
541
94458802
FB		 542 if (s->identify_set) {
543 memcpy(s->io_buffer, s->identify_data, sizeof(s->identify_data));
544 return;
545 }
546
5391d806
FB		 547 memset(s->io_buffer, 0, 512);
548 p = (uint16_t *)s->io_buffer;
67b915a5 549 put_le16(p + 0, 0x0040);
5fafdf24 550 put_le16(p + 1, s->cylinders);
67b915a5
FB		 551 put_le16(p + 3, s->heads);
552 put_le16(p + 4, 512 * s->sectors); /* XXX: retired, remove ? */
553 put_le16(p + 5, 512); /* XXX: retired, remove ? */
5fafdf24 554 put_le16(p + 6, s->sectors);
fa879c64 555 padstr((char *)(p + 10), s->drive_serial_str, 20); /* serial number */
67b915a5
FB		 556 put_le16(p + 20, 3); /* XXX: retired, remove ? */
557 put_le16(p + 21, 512); /* cache size in sectors */
558 put_le16(p + 22, 4); /* ecc bytes */
60fe76f3
TS		 559 padstr((char *)(p + 23), QEMU_VERSION, 8); /* firmware version */
560 padstr((char *)(p + 27), "QEMU HARDDISK", 40); /* model */
3b46e624 561#if MAX_MULT_SECTORS > 1
67b915a5 562 put_le16(p + 47, 0x8000 | MAX_MULT_SECTORS);
5391d806 563#endif
67b915a5 564 put_le16(p + 48, 1); /* dword I/O */
94458802 565 put_le16(p + 49, (1 << 11) | (1 << 9) | (1 << 8)); /* DMA and LBA supported */
67b915a5
FB		 566 put_le16(p + 51, 0x200); /* PIO transfer cycle */
567 put_le16(p + 52, 0x200); /* DMA transfer cycle */
94458802 568 put_le16(p + 53, 1 | (1 << 1) | (1 << 2)); /* words 54-58,64-70,88 are valid */
67b915a5
FB		 569 put_le16(p + 54, s->cylinders);
570 put_le16(p + 55, s->heads);
571 put_le16(p + 56, s->sectors);
5391d806 572 oldsize = s->cylinders * s->heads * s->sectors;
67b915a5
FB		 573 put_le16(p + 57, oldsize);
574 put_le16(p + 58, oldsize >> 16);
5391d806 575 if (s->mult_sectors)
67b915a5
FB		 576 put_le16(p + 59, 0x100 | s->mult_sectors);
577 put_le16(p + 60, s->nb_sectors);
578 put_le16(p + 61, s->nb_sectors >> 16);
d1b5c20d 579 put_le16(p + 62, 0x07); /* single word dma0-2 supported */
94458802
FB		 580 put_le16(p + 63, 0x07); /* mdma0-2 supported */
581 put_le16(p + 65, 120);
582 put_le16(p + 66, 120);
583 put_le16(p + 67, 120);
584 put_le16(p + 68, 120);
585 put_le16(p + 80, 0xf0); /* ata3 -> ata6 supported */
586 put_le16(p + 81, 0x16); /* conforms to ata5 */
67b915a5 587 put_le16(p + 82, (1 << 14));
c2ff060f
FB		 588 /* 13=flush_cache_ext,12=flush_cache,10=lba48 */
589 put_le16(p + 83, (1 << 14) | (1 << 13) | (1 <<12) | (1 << 10));
67b915a5
FB		 590 put_le16(p + 84, (1 << 14));
591 put_le16(p + 85, (1 << 14));
c2ff060f
FB		 592 /* 13=flush_cache_ext,12=flush_cache,10=lba48 */
593 put_le16(p + 86, (1 << 14) | (1 << 13) | (1 <<12) | (1 << 10));
67b915a5 594 put_le16(p + 87, (1 << 14));
94458802
FB		 595 put_le16(p + 88, 0x3f | (1 << 13)); /* udma5 set and supported */
596 put_le16(p + 93, 1 | (1 << 14) | 0x2000);
c2ff060f
FB		 597 put_le16(p + 100, s->nb_sectors);
598 put_le16(p + 101, s->nb_sectors >> 16);
599 put_le16(p + 102, s->nb_sectors >> 32);
600 put_le16(p + 103, s->nb_sectors >> 48);
94458802
FB		 601
602 memcpy(s->identify_data, p, sizeof(s->identify_data));
603 s->identify_set = 1;
5391d806
FB		 604}
605
606static void ide_atapi_identify(IDEState *s)
607{
608 uint16_t *p;
609
94458802
FB		 610 if (s->identify_set) {
611 memcpy(s->io_buffer, s->identify_data, sizeof(s->identify_data));
612 return;
613 }
614
5391d806
FB		 615 memset(s->io_buffer, 0, 512);
616 p = (uint16_t *)s->io_buffer;
617 /* Removable CDROM, 50us response, 12 byte packets */
67b915a5 618 put_le16(p + 0, (2 << 14) | (5 << 8) | (1 << 7) | (2 << 5) | (0 << 0));
fa879c64 619 padstr((char *)(p + 10), s->drive_serial_str, 20); /* serial number */
67b915a5
FB		 620 put_le16(p + 20, 3); /* buffer type */
621 put_le16(p + 21, 512); /* cache size in sectors */
622 put_le16(p + 22, 4); /* ecc bytes */
60fe76f3 623 padstr((char *)(p + 23), QEMU_VERSION, 8); /* firmware version */
38cdea7c 624 padstr((char *)(p + 27), "QEMU DVD-ROM", 40); /* model */
67b915a5 625 put_le16(p + 48, 1); /* dword I/O (XXX: should not be set on CDROM) */
8ccad811
FB		 626#ifdef USE_DMA_CDROM
627 put_le16(p + 49, 1 << 9 | 1 << 8); /* DMA and LBA supported */
628 put_le16(p + 53, 7); /* words 64-70, 54-58, 88 valid */
d1b5c20d 629 put_le16(p + 62, 7); /* single word dma0-2 supported */
8ccad811
FB		 630 put_le16(p + 63, 7); /* mdma0-2 supported */
631 put_le16(p + 64, 0x3f); /* PIO modes supported */
632#else
67b915a5
FB		 633 put_le16(p + 49, 1 << 9); /* LBA supported, no DMA */
634 put_le16(p + 53, 3); /* words 64-70, 54-58 valid */
635 put_le16(p + 63, 0x103); /* DMA modes XXX: may be incorrect */
636 put_le16(p + 64, 1); /* PIO modes */
8ccad811 637#endif
67b915a5
FB		 638 put_le16(p + 65, 0xb4); /* minimum DMA multiword tx cycle time */
639 put_le16(p + 66, 0xb4); /* recommended DMA multiword tx cycle time */
640 put_le16(p + 67, 0x12c); /* minimum PIO cycle time without flow control */
641 put_le16(p + 68, 0xb4); /* minimum PIO cycle time with IORDY flow control */
94458802 642
67b915a5
FB		 643 put_le16(p + 71, 30); /* in ns */
644 put_le16(p + 72, 30); /* in ns */
5391d806 645
67b915a5 646 put_le16(p + 80, 0x1e); /* support up to ATA/ATAPI-4 */
8ccad811
FB		 647#ifdef USE_DMA_CDROM
648 put_le16(p + 88, 0x3f | (1 << 13)); /* udma5 set and supported */
649#endif
94458802
FB		 650 memcpy(s->identify_data, p, sizeof(s->identify_data));
651 s->identify_set = 1;
5391d806
FB		 652}
653
201a51fc
AZ		 654static void ide_cfata_identify(IDEState *s)
655{
656 uint16_t *p;
657 uint32_t cur_sec;
201a51fc
AZ		 658
659 p = (uint16_t *) s->identify_data;
660 if (s->identify_set)
661 goto fill_buffer;
662
663 memset(p, 0, sizeof(s->identify_data));
664
665 cur_sec = s->cylinders * s->heads * s->sectors;
666
667 put_le16(p + 0, 0x848a); /* CF Storage Card signature */
668 put_le16(p + 1, s->cylinders); /* Default cylinders */
669 put_le16(p + 3, s->heads); /* Default heads */
670 put_le16(p + 6, s->sectors); /* Default sectors per track */
671 put_le16(p + 7, s->nb_sectors >> 16); /* Sectors per card */
672 put_le16(p + 8, s->nb_sectors); /* Sectors per card */
fa879c64 673 padstr((char *)(p + 10), s->drive_serial_str, 20); /* serial number */
201a51fc 674 put_le16(p + 22, 0x0004); /* ECC bytes */
60fe76f3
TS		 675 padstr((char *) (p + 23), QEMU_VERSION, 8); /* Firmware Revision */
676 padstr((char *) (p + 27), "QEMU MICRODRIVE", 40);/* Model number */
201a51fc
AZ		 677#if MAX_MULT_SECTORS > 1
678 put_le16(p + 47, 0x8000 | MAX_MULT_SECTORS);
679#else
680 put_le16(p + 47, 0x0000);
681#endif
682 put_le16(p + 49, 0x0f00); /* Capabilities */
683 put_le16(p + 51, 0x0002); /* PIO cycle timing mode */
684 put_le16(p + 52, 0x0001); /* DMA cycle timing mode */
685 put_le16(p + 53, 0x0003); /* Translation params valid */
686 put_le16(p + 54, s->cylinders); /* Current cylinders */
687 put_le16(p + 55, s->heads); /* Current heads */
688 put_le16(p + 56, s->sectors); /* Current sectors */
689 put_le16(p + 57, cur_sec); /* Current capacity */
690 put_le16(p + 58, cur_sec >> 16); /* Current capacity */
691 if (s->mult_sectors) /* Multiple sector setting */
692 put_le16(p + 59, 0x100 | s->mult_sectors);
693 put_le16(p + 60, s->nb_sectors); /* Total LBA sectors */
694 put_le16(p + 61, s->nb_sectors >> 16); /* Total LBA sectors */
695 put_le16(p + 63, 0x0203); /* Multiword DMA capability */
696 put_le16(p + 64, 0x0001); /* Flow Control PIO support */
697 put_le16(p + 65, 0x0096); /* Min. Multiword DMA cycle */
698 put_le16(p + 66, 0x0096); /* Rec. Multiword DMA cycle */
699 put_le16(p + 68, 0x00b4); /* Min. PIO cycle time */
700 put_le16(p + 82, 0x400c); /* Command Set supported */
701 put_le16(p + 83, 0x7068); /* Command Set supported */
702 put_le16(p + 84, 0x4000); /* Features supported */
703 put_le16(p + 85, 0x000c); /* Command Set enabled */
704 put_le16(p + 86, 0x7044); /* Command Set enabled */
705 put_le16(p + 87, 0x4000); /* Features enabled */
706 put_le16(p + 91, 0x4060); /* Current APM level */
707 put_le16(p + 129, 0x0002); /* Current features option */
708 put_le16(p + 130, 0x0005); /* Reassigned sectors */
709 put_le16(p + 131, 0x0001); /* Initial power mode */
710 put_le16(p + 132, 0x0000); /* User signature */
711 put_le16(p + 160, 0x8100); /* Power requirement */
712 put_le16(p + 161, 0x8001); /* CF command set */
713
714 s->identify_set = 1;
715
716fill_buffer:
717 memcpy(s->io_buffer, p, sizeof(s->identify_data));
718}
719
5391d806
FB		 720static void ide_set_signature(IDEState *s)
721{
722 s->select &= 0xf0; /* clear head */
723 /* put signature */
724 s->nsector = 1;
725 s->sector = 1;
726 if (s->is_cdrom) {
727 s->lcyl = 0x14;
728 s->hcyl = 0xeb;
729 } else if (s->bs) {
730 s->lcyl = 0;
731 s->hcyl = 0;
732 } else {
733 s->lcyl = 0xff;
734 s->hcyl = 0xff;
735 }
736}
737
738static inline void ide_abort_command(IDEState *s)
739{
740 s->status = READY_STAT | ERR_STAT;
741 s->error = ABRT_ERR;
742}
743
5604e090
AZ		 744static inline void ide_dma_submit_check(IDEState *s,
745 BlockDriverCompletionFunc *dma_cb, BMDMAState *bm)
746{
747 if (bm->aiocb)
748 return;
749 dma_cb(bm, -1);
750}
751
5391d806
FB		 752static inline void ide_set_irq(IDEState *s)
753{
98ff7d30 754 BMDMAState *bm = s->bmdma;
5391d806 755 if (!(s->cmd & IDE_CMD_DISABLE_IRQ)) {
5457c8ce 756 if (bm) {
98ff7d30 757 bm->status |= BM_STATUS_INT;
5457c8ce 758 }
d537cf6c 759 qemu_irq_raise(s->irq);
5391d806
FB		 760 }
761}
762
763/* prepare data transfer and tell what to do after */
5fafdf24 764static void ide_transfer_start(IDEState *s, uint8_t *buf, int size,
5391d806
FB		 765 EndTransferFunc *end_transfer_func)
766{
767 s->end_transfer_func = end_transfer_func;
768 s->data_ptr = buf;
769 s->data_end = buf + size;
7603d156
TS		 770 if (!(s->status & ERR_STAT))
771 s->status |= DRQ_STAT;
5391d806
FB		 772}
773
774static void ide_transfer_stop(IDEState *s)
775{
776 s->end_transfer_func = ide_transfer_stop;
777 s->data_ptr = s->io_buffer;
778 s->data_end = s->io_buffer;
779 s->status &= ~DRQ_STAT;
780}
781
782static int64_t ide_get_sector(IDEState *s)
783{
784 int64_t sector_num;
785 if (s->select & 0x40) {
786 /* lba */
c2ff060f
FB		 787 if (!s->lba48) {
788 sector_num = ((s->select & 0x0f) << 24) | (s->hcyl << 16) |
789 (s->lcyl << 8) | s->sector;
790 } else {
791 sector_num = ((int64_t)s->hob_hcyl << 40) |
792 ((int64_t) s->hob_lcyl << 32) |
793 ((int64_t) s->hob_sector << 24) |
794 ((int64_t) s->hcyl << 16) |
795 ((int64_t) s->lcyl << 8) | s->sector;
796 }
5391d806
FB		 797 } else {
798 sector_num = ((s->hcyl << 8) | s->lcyl) * s->heads * s->sectors +
c2ff060f 799 (s->select & 0x0f) * s->sectors + (s->sector - 1);
5391d806
FB		 800 }
801 return sector_num;
802}
803
804static void ide_set_sector(IDEState *s, int64_t sector_num)
805{
806 unsigned int cyl, r;
807 if (s->select & 0x40) {
c2ff060f
FB		 808 if (!s->lba48) {
809 s->select = (s->select & 0xf0) | (sector_num >> 24);
810 s->hcyl = (sector_num >> 16);
811 s->lcyl = (sector_num >> 8);
812 s->sector = (sector_num);
813 } else {
814 s->sector = sector_num;
815 s->lcyl = sector_num >> 8;
816 s->hcyl = sector_num >> 16;
817 s->hob_sector = sector_num >> 24;
818 s->hob_lcyl = sector_num >> 32;
819 s->hob_hcyl = sector_num >> 40;
820 }
5391d806
FB		 821 } else {
822 cyl = sector_num / (s->heads * s->sectors);
823 r = sector_num % (s->heads * s->sectors);
824 s->hcyl = cyl >> 8;
825 s->lcyl = cyl;
1b8eb456 826 s->select = (s->select & 0xf0) | ((r / s->sectors) & 0x0f);
5391d806
FB		 827 s->sector = (r % s->sectors) + 1;
828 }
829}
830
e162cfb0
AZ		 831static void ide_rw_error(IDEState *s) {
832 ide_abort_command(s);
833 ide_set_irq(s);
834}
835
5391d806
FB		 836static void ide_sector_read(IDEState *s)
837{
838 int64_t sector_num;
839 int ret, n;
840
841 s->status = READY_STAT | SEEK_STAT;
a136e5a8 842 s->error = 0; /* not needed by IDE spec, but needed by Windows */
5391d806
FB		 843 sector_num = ide_get_sector(s);
844 n = s->nsector;
845 if (n == 0) {
846 /* no more sector to read from disk */
847 ide_transfer_stop(s);
848 } else {
849#if defined(DEBUG_IDE)
18c5f8ea 850 printf("read sector=%" PRId64 "\n", sector_num);
5391d806
FB		 851#endif
852 if (n > s->req_nb_sectors)
853 n = s->req_nb_sectors;
854 ret = bdrv_read(s->bs, sector_num, s->io_buffer, n);
e162cfb0
AZ		 855 if (ret != 0) {
856 ide_rw_error(s);
857 return;
858 }
5391d806
FB		 859 ide_transfer_start(s, s->io_buffer, 512 * n, ide_sector_read);
860 ide_set_irq(s);
861 ide_set_sector(s, sector_num + n);
862 s->nsector -= n;
863 }
864}
865
7aea4412
AL		 866
867/* return 0 if buffer completed */
868static int dma_buf_prepare(BMDMAState *bm, int is_write)
869{
870 IDEState *s = bm->ide_if;
871 struct {
872 uint32_t addr;
873 uint32_t size;
874 } prd;
875 int l, len;
876 void *mem;
877 target_phys_addr_t l1;
878
879 qemu_iovec_init(&s->iovec, s->nsector / (TARGET_PAGE_SIZE/512) + 1);
880 s->io_buffer_size = 0;
881 for(;;) {
882 if (bm->cur_prd_len == 0) {
883 /* end of table (with a fail safe of one page) */
884 if (bm->cur_prd_last ||
885 (bm->cur_addr - bm->addr) >= 4096)
886 return s->io_buffer_size != 0;
887 cpu_physical_memory_read(bm->cur_addr, (uint8_t *)&prd, 8);
888 bm->cur_addr += 8;
889 prd.addr = le32_to_cpu(prd.addr);
890 prd.size = le32_to_cpu(prd.size);
891 len = prd.size & 0xfffe;
892 if (len == 0)
893 len = 0x10000;
894 bm->cur_prd_len = len;
895 bm->cur_prd_addr = prd.addr;
896 bm->cur_prd_last = (prd.size & 0x80000000);
897 }
898 l = bm->cur_prd_len;
899 if (l > 0) {
900 l1 = l;
901 mem = cpu_physical_memory_map(bm->cur_prd_addr, &l1, is_write);
902 if (!mem) {
903 break;
904 }
905 qemu_iovec_add(&s->iovec, mem, l1);
906 bm->cur_prd_addr += l1;
907 bm->cur_prd_len -= l1;
908 s->io_buffer_size += l1;
909 }
910 }
911 return 1;
912}
913
914static void dma_buf_commit(IDEState *s, int is_write)
915{
916 int i;
917
918 for (i = 0; i < s->iovec.niov; ++i) {
919 cpu_physical_memory_unmap(s->iovec.iov[i].iov_base,
920 s->iovec.iov[i].iov_len, is_write,
921 s->iovec.iov[i].iov_len);
922 }
923 qemu_iovec_destroy(&s->iovec);
924}
925
e162cfb0
AZ		 926static void ide_dma_error(IDEState *s)
927{
928 ide_transfer_stop(s);
929 s->error = ABRT_ERR;
930 s->status = READY_STAT | ERR_STAT;
931 ide_set_irq(s);
932}
933
428c5705
AL		 934static int ide_handle_write_error(IDEState *s, int error, int op)
935{
936 BlockInterfaceErrorAction action = drive_get_onerror(s->bs);
937
938 if (action == BLOCK_ERR_IGNORE)
939 return 0;
940
941 if ((error == ENOSPC && action == BLOCK_ERR_STOP_ENOSPC)
942 || action == BLOCK_ERR_STOP_ANY) {
943 s->bmdma->ide_if = s;
944 s->bmdma->status |= op;
945 vm_stop(0);
946 } else {
7aea4412
AL		 947 if (op == BM_STATUS_DMA_RETRY) {
948 dma_buf_commit(s, 0);
428c5705 949 ide_dma_error(s);
7aea4412 950 } else {
428c5705 951 ide_rw_error(s);
7aea4412 952 }
428c5705
AL		 953 }
954
955 return 1;
956}
957
8ccad811
FB		 958/* return 0 if buffer completed */
959static int dma_buf_rw(BMDMAState *bm, int is_write)
98087450 960{
8ccad811
FB		 961 IDEState *s = bm->ide_if;
962 struct {
963 uint32_t addr;
964 uint32_t size;
965 } prd;
966 int l, len;
98087450 967
8ccad811
FB		 968 for(;;) {
969 l = s->io_buffer_size - s->io_buffer_index;
5fafdf24 970 if (l <= 0)
8ccad811
FB		 971 break;
972 if (bm->cur_prd_len == 0) {
973 /* end of table (with a fail safe of one page) */
974 if (bm->cur_prd_last ||
975 (bm->cur_addr - bm->addr) >= 4096)
976 return 0;
977 cpu_physical_memory_read(bm->cur_addr, (uint8_t *)&prd, 8);
978 bm->cur_addr += 8;
979 prd.addr = le32_to_cpu(prd.addr);
980 prd.size = le32_to_cpu(prd.size);
981 len = prd.size & 0xfffe;
982 if (len == 0)
983 len = 0x10000;
984 bm->cur_prd_len = len;
985 bm->cur_prd_addr = prd.addr;
986 bm->cur_prd_last = (prd.size & 0x80000000);
987 }
988 if (l > bm->cur_prd_len)
989 l = bm->cur_prd_len;
990 if (l > 0) {
991 if (is_write) {
5fafdf24 992 cpu_physical_memory_write(bm->cur_prd_addr,
8ccad811
FB		 993 s->io_buffer + s->io_buffer_index, l);
994 } else {
5fafdf24 995 cpu_physical_memory_read(bm->cur_prd_addr,
8ccad811
FB		 996 s->io_buffer + s->io_buffer_index, l);
997 }
998 bm->cur_prd_addr += l;
999 bm->cur_prd_len -= l;
1000 s->io_buffer_index += l;
98087450 1001 }
98087450 1002 }
8ccad811
FB		 1003 return 1;
1004}
1005
7aea4412
AL		 1006typedef struct {
1007 BMDMAState *bm;
1008 void (*cb)(void *opaque, int ret);
1009 QEMUBH *bh;
1010} MapFailureContinuation;
1011
1012static void reschedule_dma(void *opaque)
1013{
1014 MapFailureContinuation *cont = opaque;
1015
1016 cont->cb(cont->bm, 0);
1017 qemu_bh_delete(cont->bh);
1018 qemu_free(cont);
1019}
1020
1021static void continue_after_map_failure(void *opaque)
1022{
1023 MapFailureContinuation *cont = opaque;
1024
1025 cont->bh = qemu_bh_new(reschedule_dma, opaque);
1026 qemu_bh_schedule(cont->bh);
1027}
1028
1029static void wait_for_bounce_buffer(BMDMAState *bmdma,
1030 void (*cb)(void *opaque, int ret))
1031{
1032 MapFailureContinuation *cont = qemu_malloc(sizeof(*cont));
1033
1034 cont->bm = bmdma;
1035 cont->cb = cb;
1036 cpu_register_map_client(cont, continue_after_map_failure);
1037}
1038
8ccad811
FB		 1039static void ide_read_dma_cb(void *opaque, int ret)
1040{
1041 BMDMAState *bm = opaque;
1042 IDEState *s = bm->ide_if;
1043 int n;
1044 int64_t sector_num;
1045
e162cfb0 1046 if (ret < 0) {
7aea4412 1047 dma_buf_commit(s, 1);
e162cfb0
AZ		 1048 ide_dma_error(s);
1049 return;
1050 }
1051
8ccad811
FB		 1052 n = s->io_buffer_size >> 9;
1053 sector_num = ide_get_sector(s);
1054 if (n > 0) {
7aea4412 1055 dma_buf_commit(s, 1);
8ccad811
FB		 1056 sector_num += n;
1057 ide_set_sector(s, sector_num);
1058 s->nsector -= n;
8ccad811
FB		 1059 }
1060
1061 /* end of transfer ? */
1062 if (s->nsector == 0) {
98087450
FB		 1063 s->status = READY_STAT | SEEK_STAT;
1064 ide_set_irq(s);
8ccad811
FB		 1065 eot:
1066 bm->status &= ~BM_STATUS_DMAING;
1067 bm->status |= BM_STATUS_INT;
1068 bm->dma_cb = NULL;
1069 bm->ide_if = NULL;
1070 bm->aiocb = NULL;
1071 return;
98087450 1072 }
8ccad811
FB		 1073
1074 /* launch next transfer */
1075 n = s->nsector;
8ccad811
FB		 1076 s->io_buffer_index = 0;
1077 s->io_buffer_size = n * 512;
7aea4412
AL		 1078 if (dma_buf_prepare(bm, 1) == 0)
1079 goto eot;
1080 if (!s->iovec.niov) {
1081 wait_for_bounce_buffer(bm, ide_read_dma_cb);
1082 return;
1083 }
8ccad811 1084#ifdef DEBUG_AIO
5df23f53 1085 printf("aio_read: sector_num=%" PRId64 " n=%d\n", sector_num, n);
8ccad811 1086#endif
7aea4412
AL		 1087 bm->aiocb = bdrv_aio_readv(s->bs, sector_num, &s->iovec, n,
1088 ide_read_dma_cb, bm);
5604e090 1089 ide_dma_submit_check(s, ide_read_dma_cb, bm);
98087450
FB		 1090}
1091
1092static void ide_sector_read_dma(IDEState *s)
1093{
8ccad811 1094 s->status = READY_STAT | SEEK_STAT | DRQ_STAT | BUSY_STAT;
98087450
FB		 1095 s->io_buffer_index = 0;
1096 s->io_buffer_size = 0;
1097 ide_dma_start(s, ide_read_dma_cb);
1098}
1099
a09db21f
FB		 1100static void ide_sector_write_timer_cb(void *opaque)
1101{
1102 IDEState *s = opaque;
1103 ide_set_irq(s);
1104}
1105
5391d806
FB		 1106static void ide_sector_write(IDEState *s)
1107{
1108 int64_t sector_num;
31c2a146 1109 int ret, n, n1;
5391d806
FB		 1110
1111 s->status = READY_STAT | SEEK_STAT;
1112 sector_num = ide_get_sector(s);
1113#if defined(DEBUG_IDE)
18c5f8ea 1114 printf("write sector=%" PRId64 "\n", sector_num);
5391d806
FB		 1115#endif
1116 n = s->nsector;
1117 if (n > s->req_nb_sectors)
1118 n = s->req_nb_sectors;
31c2a146 1119 ret = bdrv_write(s->bs, sector_num, s->io_buffer, n);
428c5705 1120
e162cfb0 1121 if (ret != 0) {
428c5705
AL		 1122 if (ide_handle_write_error(s, -ret, BM_STATUS_PIO_RETRY))
1123 return;
e162cfb0
AZ		 1124 }
1125
5391d806
FB		 1126 s->nsector -= n;
1127 if (s->nsector == 0) {
292eef5a 1128 /* no more sectors to write */
5391d806
FB		 1129 ide_transfer_stop(s);
1130 } else {
1131 n1 = s->nsector;
1132 if (n1 > s->req_nb_sectors)
1133 n1 = s->req_nb_sectors;
1134 ide_transfer_start(s, s->io_buffer, 512 * n1, ide_sector_write);
1135 }
1136 ide_set_sector(s, sector_num + n);
3b46e624 1137
31c2a146
TS		 1138#ifdef TARGET_I386
1139 if (win2k_install_hack && ((++s->irq_count % 16) == 0)) {
1140 /* It seems there is a bug in the Windows 2000 installer HDD
1141 IDE driver which fills the disk with empty logs when the
1142 IDE write IRQ comes too early. This hack tries to correct
1143 that at the expense of slower write performances. Use this
1144 option _only_ to install Windows 2000. You must disable it
1145 for normal use. */
1146 qemu_mod_timer(s->sector_write_timer,
1147 qemu_get_clock(vm_clock) + (ticks_per_sec / 1000));
1148 } else
1149#endif
1150 {
1151 ide_set_irq(s);
1152 }
5391d806
FB		 1153}
1154
f18be901 1155static void ide_dma_restart_cb(void *opaque, int running, int reason)
428c5705
AL		 1156{
1157 BMDMAState *bm = opaque;
1158 if (!running)
1159 return;
1160 if (bm->status & BM_STATUS_DMA_RETRY) {
1161 bm->status &= ~BM_STATUS_DMA_RETRY;
1162 ide_dma_restart(bm->ide_if);
1163 } else if (bm->status & BM_STATUS_PIO_RETRY) {
1164 bm->status &= ~BM_STATUS_PIO_RETRY;
1165 ide_sector_write(bm->ide_if);
1166 }
1167}
1168
8ccad811 1169static void ide_write_dma_cb(void *opaque, int ret)
98087450 1170{
8ccad811
FB		 1171 BMDMAState *bm = opaque;
1172 IDEState *s = bm->ide_if;
1173 int n;
98087450
FB		 1174 int64_t sector_num;
1175
e162cfb0 1176 if (ret < 0) {
428c5705
AL		 1177 if (ide_handle_write_error(s, -ret, BM_STATUS_DMA_RETRY))
1178 return;
e162cfb0
AZ		 1179 }
1180
8ccad811
FB		 1181 n = s->io_buffer_size >> 9;
1182 sector_num = ide_get_sector(s);
1183 if (n > 0) {
7aea4412 1184 dma_buf_commit(s, 0);
8ccad811
FB		 1185 sector_num += n;
1186 ide_set_sector(s, sector_num);
1187 s->nsector -= n;
98087450 1188 }
98087450 1189
8ccad811
FB		 1190 /* end of transfer ? */
1191 if (s->nsector == 0) {
1192 s->status = READY_STAT | SEEK_STAT;
1193 ide_set_irq(s);
1194 eot:
1195 bm->status &= ~BM_STATUS_DMAING;
1196 bm->status |= BM_STATUS_INT;
1197 bm->dma_cb = NULL;
1198 bm->ide_if = NULL;
1199 bm->aiocb = NULL;
1200 return;
1201 }
1202
98087450 1203 n = s->nsector;
98087450 1204 s->io_buffer_size = n * 512;
7aea4412
AL		 1205 /* launch next transfer */
1206 if (dma_buf_prepare(bm, 0) == 0)
8ccad811 1207 goto eot;
7aea4412
AL		 1208 if (!s->iovec.niov) {
1209 wait_for_bounce_buffer(bm, ide_write_dma_cb);
1210 return;
1211 }
8ccad811 1212#ifdef DEBUG_AIO
5df23f53 1213 printf("aio_write: sector_num=%" PRId64 " n=%d\n", sector_num, n);
8ccad811 1214#endif
7aea4412
AL		 1215 bm->aiocb = bdrv_aio_writev(s->bs, sector_num, &s->iovec, n,
1216 ide_write_dma_cb, bm);
5604e090 1217 ide_dma_submit_check(s, ide_write_dma_cb, bm);
8ccad811
FB		 1218}
1219
1220static void ide_sector_write_dma(IDEState *s)
1221{
1222 s->status = READY_STAT | SEEK_STAT | DRQ_STAT | BUSY_STAT;
1223 s->io_buffer_index = 0;
1224 s->io_buffer_size = 0;
98087450
FB		 1225 ide_dma_start(s, ide_write_dma_cb);
1226}
1227
5391d806
FB		 1228static void ide_atapi_cmd_ok(IDEState *s)
1229{
1230 s->error = 0;
41a2b959 1231 s->status = READY_STAT | SEEK_STAT;
5391d806
FB		 1232 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
1233 ide_set_irq(s);
1234}
1235
1236static void ide_atapi_cmd_error(IDEState *s, int sense_key, int asc)
1237{
1238#ifdef DEBUG_IDE_ATAPI
1239 printf("atapi_cmd_error: sense=0x%x asc=0x%x\n", sense_key, asc);
1240#endif
1241 s->error = sense_key << 4;
1242 s->status = READY_STAT | ERR_STAT;
1243 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
1244 s->sense_key = sense_key;
1245 s->asc = asc;
1246 ide_set_irq(s);
1247}
1248
9118e7f0
AL		 1249static void ide_atapi_cmd_check_status(IDEState *s)
1250{
1251#ifdef DEBUG_IDE_ATAPI
1252 printf("atapi_cmd_check_status\n");
1253#endif
1254 s->error = MC_ERR | (SENSE_UNIT_ATTENTION << 4);
1255 s->status = ERR_STAT;
1256 s->nsector = 0;
1257 ide_set_irq(s);
1258}
1259
5391d806
FB		 1260static inline void cpu_to_ube16(uint8_t *buf, int val)
1261{
1262 buf[0] = val >> 8;
1263 buf[1] = val;
1264}
1265
1266static inline void cpu_to_ube32(uint8_t *buf, unsigned int val)
1267{
1268 buf[0] = val >> 24;
1269 buf[1] = val >> 16;
1270 buf[2] = val >> 8;
1271 buf[3] = val;
1272}
1273
1274static inline int ube16_to_cpu(const uint8_t *buf)
1275{
1276 return (buf[0] << 8) | buf[1];
1277}
1278
1279static inline int ube32_to_cpu(const uint8_t *buf)
1280{
1281 return (buf[0] << 24) | (buf[1] << 16) | (buf[2] << 8) | buf[3];
1282}
1283
98087450
FB		 1284static void lba_to_msf(uint8_t *buf, int lba)
1285{
1286 lba += 150;
1287 buf[0] = (lba / 75) / 60;
1288 buf[1] = (lba / 75) % 60;
1289 buf[2] = lba % 75;
1290}
1291
8ccad811
FB		 1292static void cd_data_to_raw(uint8_t *buf, int lba)
1293{
1294 /* sync bytes */
1295 buf[0] = 0x00;
1296 memset(buf + 1, 0xff, 10);
1297 buf[11] = 0x00;
1298 buf += 12;
1299 /* MSF */
1300 lba_to_msf(buf, lba);
1301 buf[3] = 0x01; /* mode 1 data */
1302 buf += 4;
1303 /* data */
1304 buf += 2048;
1305 /* XXX: ECC not computed */
1306 memset(buf, 0, 288);
1307}
1308
5fafdf24 1309static int cd_read_sector(BlockDriverState *bs, int lba, uint8_t *buf,
98087450
FB		 1310 int sector_size)
1311{
66c6ef76
FB		 1312 int ret;
1313
98087450
FB		 1314 switch(sector_size) {
1315 case 2048:
66c6ef76 1316 ret = bdrv_read(bs, (int64_t)lba << 2, buf, 4);
98087450
FB		 1317 break;
1318 case 2352:
66c6ef76
FB		 1319 ret = bdrv_read(bs, (int64_t)lba << 2, buf + 16, 4);
1320 if (ret < 0)
1321 return ret;
8ccad811 1322 cd_data_to_raw(buf, lba);
98087450
FB		 1323 break;
1324 default:
66c6ef76 1325 ret = -EIO;
98087450
FB		 1326 break;
1327 }
66c6ef76
FB		 1328 return ret;
1329}
1330
1331static void ide_atapi_io_error(IDEState *s, int ret)
1332{
1333 /* XXX: handle more errors */
1334 if (ret == -ENOMEDIUM) {
5fafdf24 1335 ide_atapi_cmd_error(s, SENSE_NOT_READY,
66c6ef76
FB		 1336 ASC_MEDIUM_NOT_PRESENT);
1337 } else {
5fafdf24 1338 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
66c6ef76
FB		 1339 ASC_LOGICAL_BLOCK_OOR);
1340 }
98087450
FB		 1341}
1342
5391d806
FB		 1343/* The whole ATAPI transfer logic is handled in this function */
1344static void ide_atapi_cmd_reply_end(IDEState *s)
1345{
66c6ef76 1346 int byte_count_limit, size, ret;
5391d806 1347#ifdef DEBUG_IDE_ATAPI
5fafdf24 1348 printf("reply: tx_size=%d elem_tx_size=%d index=%d\n",
5391d806
FB		 1349 s->packet_transfer_size,
1350 s->elementary_transfer_size,
1351 s->io_buffer_index);
1352#endif
1353 if (s->packet_transfer_size <= 0) {
1354 /* end of transfer */
1355 ide_transfer_stop(s);
41a2b959 1356 s->status = READY_STAT | SEEK_STAT;
5391d806
FB		 1357 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
1358 ide_set_irq(s);
1359#ifdef DEBUG_IDE_ATAPI
1360 printf("status=0x%x\n", s->status);
1361#endif
1362 } else {
1363 /* see if a new sector must be read */
98087450 1364 if (s->lba != -1 && s->io_buffer_index >= s->cd_sector_size) {
66c6ef76
FB		 1365 ret = cd_read_sector(s->bs, s->lba, s->io_buffer, s->cd_sector_size);
1366 if (ret < 0) {
1367 ide_transfer_stop(s);
1368 ide_atapi_io_error(s, ret);
1369 return;
1370 }
5391d806
FB		 1371 s->lba++;
1372 s->io_buffer_index = 0;
1373 }
1374 if (s->elementary_transfer_size > 0) {
1375 /* there are some data left to transmit in this elementary
1376 transfer */
98087450 1377 size = s->cd_sector_size - s->io_buffer_index;
5391d806
FB		 1378 if (size > s->elementary_transfer_size)
1379 size = s->elementary_transfer_size;
5fafdf24 1380 ide_transfer_start(s, s->io_buffer + s->io_buffer_index,
5391d806
FB		 1381 size, ide_atapi_cmd_reply_end);
1382 s->packet_transfer_size -= size;
1383 s->elementary_transfer_size -= size;
1384 s->io_buffer_index += size;
1385 } else {
1386 /* a new transfer is needed */
1387 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO;
1388 byte_count_limit = s->lcyl | (s->hcyl << 8);
1389#ifdef DEBUG_IDE_ATAPI
1390 printf("byte_count_limit=%d\n", byte_count_limit);
1391#endif
1392 if (byte_count_limit == 0xffff)
1393 byte_count_limit--;
1394 size = s->packet_transfer_size;
1395 if (size > byte_count_limit) {
1396 /* byte count limit must be even if this case */
1397 if (byte_count_limit & 1)
1398 byte_count_limit--;
1399 size = byte_count_limit;
5391d806 1400 }
a136e5a8
FB		 1401 s->lcyl = size;
1402 s->hcyl = size >> 8;
5391d806
FB		 1403 s->elementary_transfer_size = size;
1404 /* we cannot transmit more than one sector at a time */
1405 if (s->lba != -1) {
98087450
FB		 1406 if (size > (s->cd_sector_size - s->io_buffer_index))
1407 size = (s->cd_sector_size - s->io_buffer_index);
5391d806 1408 }
5fafdf24 1409 ide_transfer_start(s, s->io_buffer + s->io_buffer_index,
5391d806
FB		 1410 size, ide_atapi_cmd_reply_end);
1411 s->packet_transfer_size -= size;
1412 s->elementary_transfer_size -= size;
1413 s->io_buffer_index += size;
1414 ide_set_irq(s);
1415#ifdef DEBUG_IDE_ATAPI
1416 printf("status=0x%x\n", s->status);
1417#endif
1418 }
1419 }
1420}
1421
1422/* send a reply of 'size' bytes in s->io_buffer to an ATAPI command */
1423static void ide_atapi_cmd_reply(IDEState *s, int size, int max_size)
1424{
1425 if (size > max_size)
1426 size = max_size;
1427 s->lba = -1; /* no sector read */
1428 s->packet_transfer_size = size;
5f12ab4b 1429 s->io_buffer_size = size; /* dma: send the reply data as one chunk */
5391d806
FB		 1430 s->elementary_transfer_size = 0;
1431 s->io_buffer_index = 0;
1432
5f12ab4b 1433 if (s->atapi_dma) {
41a2b959 1434 s->status = READY_STAT | SEEK_STAT | DRQ_STAT;
5f12ab4b
TS		 1435 ide_dma_start(s, ide_atapi_cmd_read_dma_cb);
1436 } else {
41a2b959 1437 s->status = READY_STAT | SEEK_STAT;
5f12ab4b
TS		 1438 ide_atapi_cmd_reply_end(s);
1439 }
5391d806
FB		 1440}
1441
1442/* start a CD-CDROM read command */
98087450
FB		 1443static void ide_atapi_cmd_read_pio(IDEState *s, int lba, int nb_sectors,
1444 int sector_size)
5391d806 1445{
5391d806 1446 s->lba = lba;
98087450 1447 s->packet_transfer_size = nb_sectors * sector_size;
5391d806 1448 s->elementary_transfer_size = 0;
98087450
FB		 1449 s->io_buffer_index = sector_size;
1450 s->cd_sector_size = sector_size;
5391d806 1451
41a2b959 1452 s->status = READY_STAT | SEEK_STAT;
5391d806
FB		 1453 ide_atapi_cmd_reply_end(s);
1454}
1455
98087450 1456/* ATAPI DMA support */
8ccad811
FB		 1457
1458/* XXX: handle read errors */
1459static void ide_atapi_cmd_read_dma_cb(void *opaque, int ret)
98087450 1460{
8ccad811
FB		 1461 BMDMAState *bm = opaque;
1462 IDEState *s = bm->ide_if;
1463 int data_offset, n;
1464
66c6ef76
FB		 1465 if (ret < 0) {
1466 ide_atapi_io_error(s, ret);
1467 goto eot;
1468 }
1469
8ccad811 1470 if (s->io_buffer_size > 0) {
5f12ab4b
TS		 1471 /*
1472 * For a cdrom read sector command (s->lba != -1),
1473 * adjust the lba for the next s->io_buffer_size chunk
1474 * and dma the current chunk.
1475 * For a command != read (s->lba == -1), just transfer
1476 * the reply data.
1477 */
1478 if (s->lba != -1) {
1479 if (s->cd_sector_size == 2352) {
1480 n = 1;
1481 cd_data_to_raw(s->io_buffer, s->lba);
1482 } else {
1483 n = s->io_buffer_size >> 11;
1484 }
1485 s->lba += n;
1486 }
8ccad811 1487 s->packet_transfer_size -= s->io_buffer_size;
8ccad811
FB		 1488 if (dma_buf_rw(bm, 1) == 0)
1489 goto eot;
98087450 1490 }
8ccad811 1491
98087450 1492 if (s->packet_transfer_size <= 0) {
41a2b959 1493 s->status = READY_STAT | SEEK_STAT;
98087450
FB		 1494 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
1495 ide_set_irq(s);
8ccad811
FB		 1496 eot:
1497 bm->status &= ~BM_STATUS_DMAING;
1498 bm->status |= BM_STATUS_INT;
1499 bm->dma_cb = NULL;
1500 bm->ide_if = NULL;
1501 bm->aiocb = NULL;
1502 return;
1503 }
3b46e624 1504
8ccad811
FB		 1505 s->io_buffer_index = 0;
1506 if (s->cd_sector_size == 2352) {
1507 n = 1;
1508 s->io_buffer_size = s->cd_sector_size;
1509 data_offset = 16;
1510 } else {
1511 n = s->packet_transfer_size >> 11;
1d8cde5b
AJ		 1512 if (n > (IDE_DMA_BUF_SECTORS / 4))
1513 n = (IDE_DMA_BUF_SECTORS / 4);
8ccad811
FB		 1514 s->io_buffer_size = n * 2048;
1515 data_offset = 0;
98087450 1516 }
8ccad811
FB		 1517#ifdef DEBUG_AIO
1518 printf("aio_read_cd: lba=%u n=%d\n", s->lba, n);
1519#endif
5fafdf24
TS		 1520 bm->aiocb = bdrv_aio_read(s->bs, (int64_t)s->lba << 2,
1521 s->io_buffer + data_offset, n * 4,
8ccad811 1522 ide_atapi_cmd_read_dma_cb, bm);
66c6ef76
FB		 1523 if (!bm->aiocb) {
1524 /* Note: media not present is the most likely case */
5fafdf24 1525 ide_atapi_cmd_error(s, SENSE_NOT_READY,
66c6ef76
FB		 1526 ASC_MEDIUM_NOT_PRESENT);
1527 goto eot;
1528 }
98087450
FB		 1529}
1530
1531/* start a CD-CDROM read command with DMA */
1532/* XXX: test if DMA is available */
1533static void ide_atapi_cmd_read_dma(IDEState *s, int lba, int nb_sectors,
1534 int sector_size)
1535{
1536 s->lba = lba;
1537 s->packet_transfer_size = nb_sectors * sector_size;
8ccad811
FB		 1538 s->io_buffer_index = 0;
1539 s->io_buffer_size = 0;
98087450
FB		 1540 s->cd_sector_size = sector_size;
1541
8ccad811 1542 /* XXX: check if BUSY_STAT should be set */
41a2b959 1543 s->status = READY_STAT | SEEK_STAT | DRQ_STAT | BUSY_STAT;
98087450
FB		 1544 ide_dma_start(s, ide_atapi_cmd_read_dma_cb);
1545}
1546
5fafdf24 1547static void ide_atapi_cmd_read(IDEState *s, int lba, int nb_sectors,
98087450
FB		 1548 int sector_size)
1549{
1550#ifdef DEBUG_IDE_ATAPI
5f12ab4b
TS		 1551 printf("read %s: LBA=%d nb_sectors=%d\n", s->atapi_dma ? "dma" : "pio",
1552 lba, nb_sectors);
98087450
FB		 1553#endif
1554 if (s->atapi_dma) {
1555 ide_atapi_cmd_read_dma(s, lba, nb_sectors, sector_size);
1556 } else {
1557 ide_atapi_cmd_read_pio(s, lba, nb_sectors, sector_size);
1558 }
1559}
1560
38cdea7c
AZ		 1561static inline uint8_t ide_atapi_set_profile(uint8_t *buf, uint8_t *index,
1562 uint16_t profile)
1563{
1564 uint8_t *buf_profile = buf + 12; /* start of profiles */
1565
1566 buf_profile += ((*index) * 4); /* start of indexed profile */
1567 cpu_to_ube16 (buf_profile, profile);
1568 buf_profile[2] = ((buf_profile[0] == buf[6]) && (buf_profile[1] == buf[7]));
1569
1570 /* each profile adds 4 bytes to the response */
1571 (*index)++;
1572 buf[11] += 4; /* Additional Length */
1573
1574 return 4;
1575}
1576
8114e9e8
TS		 1577static int ide_dvd_read_structure(IDEState *s, int format,
1578 const uint8_t *packet, uint8_t *buf)
1579{
1580 switch (format) {
1581 case 0x0: /* Physical format information */
1582 {
1583 int layer = packet[6];
1584 uint64_t total_sectors;
1585
1586 if (layer != 0)
1587 return -ASC_INV_FIELD_IN_CMD_PACKET;
1588
1589 bdrv_get_geometry(s->bs, &total_sectors);
1590 total_sectors >>= 2;
1591 if (total_sectors == 0)
1592 return -ASC_MEDIUM_NOT_PRESENT;
1593
1594 buf[4] = 1; /* DVD-ROM, part version 1 */
1595 buf[5] = 0xf; /* 120mm disc, minimum rate unspecified */
1596 buf[6] = 1; /* one layer, read-only (per MMC-2 spec) */
1597 buf[7] = 0; /* default densities */
1598
1599 /* FIXME: 0x30000 per spec? */
1600 cpu_to_ube32(buf + 8, 0); /* start sector */
1601 cpu_to_ube32(buf + 12, total_sectors - 1); /* end sector */
1602 cpu_to_ube32(buf + 16, total_sectors - 1); /* l0 end sector */
1603
1604 /* Size of buffer, not including 2 byte size field */
1605 cpu_to_be16wu((uint16_t *)buf, 2048 + 2);
1606
1607 /* 2k data + 4 byte header */
1608 return (2048 + 4);
1609 }
1610
1611 case 0x01: /* DVD copyright information */
1612 buf[4] = 0; /* no copyright data */
1613 buf[5] = 0; /* no region restrictions */
1614
1615 /* Size of buffer, not including 2 byte size field */
1616 cpu_to_be16wu((uint16_t *)buf, 4 + 2);
1617
1618 /* 4 byte header + 4 byte data */
1619 return (4 + 4);
1620
1621 case 0x03: /* BCA information - invalid field for no BCA info */
1622 return -ASC_INV_FIELD_IN_CMD_PACKET;
1623
1624 case 0x04: /* DVD disc manufacturing information */
1625 /* Size of buffer, not including 2 byte size field */
1626 cpu_to_be16wu((uint16_t *)buf, 2048 + 2);
1627
1628 /* 2k data + 4 byte header */
1629 return (2048 + 4);
1630
1631 case 0xff:
1632 /*
1633 * This lists all the command capabilities above. Add new ones
1634 * in order and update the length and buffer return values.
1635 */
1636
1637 buf[4] = 0x00; /* Physical format */
1638 buf[5] = 0x40; /* Not writable, is readable */
1639 cpu_to_be16wu((uint16_t *)(buf + 6), 2048 + 4);
1640
1641 buf[8] = 0x01; /* Copyright info */
1642 buf[9] = 0x40; /* Not writable, is readable */
1643 cpu_to_be16wu((uint16_t *)(buf + 10), 4 + 4);
1644
1645 buf[12] = 0x03; /* BCA info */
1646 buf[13] = 0x40; /* Not writable, is readable */
1647 cpu_to_be16wu((uint16_t *)(buf + 14), 188 + 4);
1648
1649 buf[16] = 0x04; /* Manufacturing info */
1650 buf[17] = 0x40; /* Not writable, is readable */
1651 cpu_to_be16wu((uint16_t *)(buf + 18), 2048 + 4);
1652
1653 /* Size of buffer, not including 2 byte size field */
1654 cpu_to_be16wu((uint16_t *)buf, 16 + 2);
1655
1656 /* data written + 4 byte header */
1657 return (16 + 4);
1658
1659 default: /* TODO: formats beyond DVD-ROM requires */
1660 return -ASC_INV_FIELD_IN_CMD_PACKET;
1661 }
1662}
1663
5391d806
FB		 1664static void ide_atapi_cmd(IDEState *s)
1665{
1666 const uint8_t *packet;
1667 uint8_t *buf;
1668 int max_len;
1669
1670 packet = s->io_buffer;
1671 buf = s->io_buffer;
1672#ifdef DEBUG_IDE_ATAPI
1673 {
1674 int i;
1675 printf("ATAPI limit=0x%x packet:", s->lcyl | (s->hcyl << 8));
1676 for(i = 0; i < ATAPI_PACKET_SIZE; i++) {
1677 printf(" %02x", packet[i]);
1678 }
1679 printf("\n");
1680 }
1681#endif
9118e7f0
AL		 1682 /* If there's a UNIT_ATTENTION condition pending, only
1683 REQUEST_SENSE and INQUIRY commands are allowed to complete. */
1684 if (s->sense_key == SENSE_UNIT_ATTENTION &&
1685 s->io_buffer[0] != GPCMD_REQUEST_SENSE &&
1686 s->io_buffer[0] != GPCMD_INQUIRY) {
1687 ide_atapi_cmd_check_status(s);
1688 return;
1689 }
5391d806
FB		 1690 switch(s->io_buffer[0]) {
1691 case GPCMD_TEST_UNIT_READY:
caed8802 1692 if (bdrv_is_inserted(s->bs)) {
5391d806
FB		 1693 ide_atapi_cmd_ok(s);
1694 } else {
5fafdf24 1695 ide_atapi_cmd_error(s, SENSE_NOT_READY,
5391d806
FB		 1696 ASC_MEDIUM_NOT_PRESENT);
1697 }
1698 break;
d14049ea 1699 case GPCMD_MODE_SENSE_6:
5391d806
FB		 1700 case GPCMD_MODE_SENSE_10:
1701 {
1702 int action, code;
d14049ea
TS		 1703 if (packet[0] == GPCMD_MODE_SENSE_10)
1704 max_len = ube16_to_cpu(packet + 7);
1705 else
1706 max_len = packet[4];
5391d806
FB		 1707 action = packet[2] >> 6;
1708 code = packet[2] & 0x3f;
1709 switch(action) {
1710 case 0: /* current values */
1711 switch(code) {
1712 case 0x01: /* error recovery */
1713 cpu_to_ube16(&buf[0], 16 + 6);
1714 buf[2] = 0x70;
1715 buf[3] = 0;
1716 buf[4] = 0;
1717 buf[5] = 0;
1718 buf[6] = 0;
1719 buf[7] = 0;
1720
1721 buf[8] = 0x01;
1722 buf[9] = 0x06;
1723 buf[10] = 0x00;
1724 buf[11] = 0x05;
1725 buf[12] = 0x00;
1726 buf[13] = 0x00;
1727 buf[14] = 0x00;
1728 buf[15] = 0x00;
1729 ide_atapi_cmd_reply(s, 16, max_len);
1730 break;
1731 case 0x2a:
1732 cpu_to_ube16(&buf[0], 28 + 6);
1733 buf[2] = 0x70;
1734 buf[3] = 0;
1735 buf[4] = 0;
1736 buf[5] = 0;
1737 buf[6] = 0;
1738 buf[7] = 0;
1739
1740 buf[8] = 0x2a;
1741 buf[9] = 0x12;
0d4a05a1 1742 buf[10] = 0x00;
5391d806 1743 buf[11] = 0x00;
3b46e624 1744
d5b4eb40
AL		 1745 /* Claim PLAY_AUDIO capability (0x01) since some Linux
1746 code checks for this to automount media. */
1747 buf[12] = 0x71;
5391d806
FB		 1748 buf[13] = 3 << 5;
1749 buf[14] = (1 << 0) | (1 << 3) | (1 << 5);
caed8802 1750 if (bdrv_is_locked(s->bs))
5391d806
FB		 1751 buf[6] |= 1 << 1;
1752 buf[15] = 0x00;
1753 cpu_to_ube16(&buf[16], 706);
1754 buf[18] = 0;
1755 buf[19] = 2;
1756 cpu_to_ube16(&buf[20], 512);
1757 cpu_to_ube16(&buf[22], 706);
1758 buf[24] = 0;
1759 buf[25] = 0;
1760 buf[26] = 0;
1761 buf[27] = 0;
1762 ide_atapi_cmd_reply(s, 28, max_len);
1763 break;
1764 default:
1765 goto error_cmd;
1766 }
1767 break;
1768 case 1: /* changeable values */
1769 goto error_cmd;
1770 case 2: /* default values */
1771 goto error_cmd;
1772 default:
1773 case 3: /* saved values */
5fafdf24 1774 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
5391d806
FB		 1775 ASC_SAVING_PARAMETERS_NOT_SUPPORTED);
1776 break;
1777 }
1778 }
1779 break;
1780 case GPCMD_REQUEST_SENSE:
1781 max_len = packet[4];
1782 memset(buf, 0, 18);
1783 buf[0] = 0x70 | (1 << 7);
1784 buf[2] = s->sense_key;
1785 buf[7] = 10;
1786 buf[12] = s->asc;
9118e7f0
AL		 1787 if (s->sense_key == SENSE_UNIT_ATTENTION)
1788 s->sense_key = SENSE_NONE;
5391d806
FB		 1789 ide_atapi_cmd_reply(s, 18, max_len);
1790 break;
1791 case GPCMD_PREVENT_ALLOW_MEDIUM_REMOVAL:
caed8802
FB		 1792 if (bdrv_is_inserted(s->bs)) {
1793 bdrv_set_locked(s->bs, packet[4] & 1);
5391d806
FB		 1794 ide_atapi_cmd_ok(s);
1795 } else {
5fafdf24 1796 ide_atapi_cmd_error(s, SENSE_NOT_READY,
5391d806
FB		 1797 ASC_MEDIUM_NOT_PRESENT);
1798 }
1799 break;
1800 case GPCMD_READ_10:
1801 case GPCMD_READ_12:
1802 {
1803 int nb_sectors, lba;
1804
5391d806
FB		 1805 if (packet[0] == GPCMD_READ_10)
1806 nb_sectors = ube16_to_cpu(packet + 7);
1807 else
1808 nb_sectors = ube32_to_cpu(packet + 6);
1809 lba = ube32_to_cpu(packet + 2);
1810 if (nb_sectors == 0) {
1811 ide_atapi_cmd_ok(s);
1812 break;
1813 }
98087450
FB		 1814 ide_atapi_cmd_read(s, lba, nb_sectors, 2048);
1815 }
1816 break;
1817 case GPCMD_READ_CD:
1818 {
1819 int nb_sectors, lba, transfer_request;
1820
98087450
FB		 1821 nb_sectors = (packet[6] << 16) | (packet[7] << 8) | packet[8];
1822 lba = ube32_to_cpu(packet + 2);
1823 if (nb_sectors == 0) {
1824 ide_atapi_cmd_ok(s);
1825 break;
1826 }
98087450
FB		 1827 transfer_request = packet[9];
1828 switch(transfer_request & 0xf8) {
1829 case 0x00:
1830 /* nothing */
1831 ide_atapi_cmd_ok(s);
1832 break;
1833 case 0x10:
1834 /* normal read */
1835 ide_atapi_cmd_read(s, lba, nb_sectors, 2048);
1836 break;
1837 case 0xf8:
1838 /* read all data */
1839 ide_atapi_cmd_read(s, lba, nb_sectors, 2352);
1840 break;
1841 default:
5fafdf24 1842 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
98087450
FB		 1843 ASC_INV_FIELD_IN_CMD_PACKET);
1844 break;
1845 }
5391d806
FB		 1846 }
1847 break;
1848 case GPCMD_SEEK:
1849 {
96b8f136
TS		 1850 unsigned int lba;
1851 uint64_t total_sectors;
66c6ef76
FB		 1852
1853 bdrv_get_geometry(s->bs, &total_sectors);
1854 total_sectors >>= 2;
96b8f136 1855 if (total_sectors == 0) {
5fafdf24 1856 ide_atapi_cmd_error(s, SENSE_NOT_READY,
5391d806
FB		 1857 ASC_MEDIUM_NOT_PRESENT);
1858 break;
1859 }
1860 lba = ube32_to_cpu(packet + 2);
66c6ef76 1861 if (lba >= total_sectors) {
5fafdf24 1862 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
5391d806
FB		 1863 ASC_LOGICAL_BLOCK_OOR);
1864 break;
1865 }
1866 ide_atapi_cmd_ok(s);
1867 }
1868 break;
1869 case GPCMD_START_STOP_UNIT:
1870 {
1871 int start, eject;
1872 start = packet[4] & 1;
1873 eject = (packet[4] >> 1) & 1;
3b46e624 1874
caed8802
FB		 1875 if (eject && !start) {
1876 /* eject the disk */
66c6ef76
FB		 1877 bdrv_eject(s->bs, 1);
1878 } else if (eject && start) {
1879 /* close the tray */
1880 bdrv_eject(s->bs, 0);
caed8802 1881 }
5391d806
FB		 1882 ide_atapi_cmd_ok(s);
1883 }
1884 break;
1885 case GPCMD_MECHANISM_STATUS:
1886 {
1887 max_len = ube16_to_cpu(packet + 8);
1888 cpu_to_ube16(buf, 0);
1889 /* no current LBA */
1890 buf[2] = 0;
1891 buf[3] = 0;
1892 buf[4] = 0;
1893 buf[5] = 1;
1894 cpu_to_ube16(buf + 6, 0);
1895 ide_atapi_cmd_reply(s, 8, max_len);
1896 }
1897 break;
1898 case GPCMD_READ_TOC_PMA_ATIP:
1899 {
1900 int format, msf, start_track, len;
96b8f136 1901 uint64_t total_sectors;
5391d806 1902
66c6ef76
FB		 1903 bdrv_get_geometry(s->bs, &total_sectors);
1904 total_sectors >>= 2;
96b8f136 1905 if (total_sectors == 0) {
5fafdf24 1906 ide_atapi_cmd_error(s, SENSE_NOT_READY,
5391d806
FB		 1907 ASC_MEDIUM_NOT_PRESENT);
1908 break;
1909 }
1910 max_len = ube16_to_cpu(packet + 7);
1911 format = packet[9] >> 6;
1912 msf = (packet[1] >> 1) & 1;
1913 start_track = packet[6];
1914 switch(format) {
1915 case 0:
66c6ef76 1916 len = cdrom_read_toc(total_sectors, buf, msf, start_track);
5391d806
FB		 1917 if (len < 0)
1918 goto error_cmd;
1919 ide_atapi_cmd_reply(s, len, max_len);
1920 break;
1921 case 1:
1922 /* multi session : only a single session defined */
1923 memset(buf, 0, 12);
1924 buf[1] = 0x0a;
1925 buf[2] = 0x01;
1926 buf[3] = 0x01;
1927 ide_atapi_cmd_reply(s, 12, max_len);
1928 break;
98087450 1929 case 2:
66c6ef76 1930 len = cdrom_read_toc_raw(total_sectors, buf, msf, start_track);
98087450
FB		 1931 if (len < 0)
1932 goto error_cmd;
1933 ide_atapi_cmd_reply(s, len, max_len);
1934 break;
5391d806 1935 default:
7f777bf3 1936 error_cmd:
5fafdf24 1937 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
7f777bf3
FB		 1938 ASC_INV_FIELD_IN_CMD_PACKET);
1939 break;
5391d806
FB		 1940 }
1941 }
1942 break;
1943 case GPCMD_READ_CDVD_CAPACITY:
66c6ef76 1944 {
96b8f136 1945 uint64_t total_sectors;
66c6ef76
FB		 1946
1947 bdrv_get_geometry(s->bs, &total_sectors);
1948 total_sectors >>= 2;
96b8f136 1949 if (total_sectors == 0) {
5fafdf24 1950 ide_atapi_cmd_error(s, SENSE_NOT_READY,
66c6ef76
FB		 1951 ASC_MEDIUM_NOT_PRESENT);
1952 break;
1953 }
1954 /* NOTE: it is really the number of sectors minus 1 */
1955 cpu_to_ube32(buf, total_sectors - 1);
1956 cpu_to_ube32(buf + 4, 2048);
1957 ide_atapi_cmd_reply(s, 8, 8);
5391d806 1958 }
5391d806 1959 break;
d14049ea
TS		 1960 case GPCMD_READ_DVD_STRUCTURE:
1961 {
1962 int media = packet[1];
8114e9e8
TS		 1963 int format = packet[7];
1964 int ret;
d14049ea 1965
8114e9e8 1966 max_len = ube16_to_cpu(packet + 8);
d14049ea 1967
8114e9e8
TS		 1968 if (format < 0xff) {
1969 if (media_is_cd(s)) {
1970 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1971 ASC_INCOMPATIBLE_FORMAT);
1972 break;
1973 } else if (!media_present(s)) {
1974 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1975 ASC_INV_FIELD_IN_CMD_PACKET);
1976 break;
1977 }
1978 }
d14049ea 1979
8114e9e8
TS		 1980 memset(buf, 0, max_len > IDE_DMA_BUF_SECTORS * 512 + 4 ?
1981 IDE_DMA_BUF_SECTORS * 512 + 4 : max_len);
d14049ea 1982
8114e9e8
TS		 1983 switch (format) {
1984 case 0x00 ... 0x7f:
1985 case 0xff:
1986 if (media == 0) {
1987 ret = ide_dvd_read_structure(s, format, packet, buf);
d14049ea 1988
8114e9e8
TS		 1989 if (ret < 0)
1990 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST, -ret);
1991 else
1992 ide_atapi_cmd_reply(s, ret, max_len);
d14049ea 1993
8114e9e8
TS		 1994 break;
1995 }
1996 /* TODO: BD support, fall through for now */
1997
1998 /* Generic disk structures */
1999 case 0x80: /* TODO: AACS volume identifier */
2000 case 0x81: /* TODO: AACS media serial number */
2001 case 0x82: /* TODO: AACS media identifier */
2002 case 0x83: /* TODO: AACS media key block */
2003 case 0x90: /* TODO: List of recognized format layers */
2004 case 0xc0: /* TODO: Write protection status */
d14049ea
TS		 2005 default:
2006 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
2007 ASC_INV_FIELD_IN_CMD_PACKET);
2008 break;
2009 }
2010 }
2011 break;
2012 case GPCMD_SET_SPEED:
2013 ide_atapi_cmd_ok(s);
2014 break;
bd0d90b2
FB		 2015 case GPCMD_INQUIRY:
2016 max_len = packet[4];
2017 buf[0] = 0x05; /* CD-ROM */
2018 buf[1] = 0x80; /* removable */
2019 buf[2] = 0x00; /* ISO */
2020 buf[3] = 0x21; /* ATAPI-2 (XXX: put ATAPI-4 ?) */
aa1f17c1 2021 buf[4] = 31; /* additional length */
bd0d90b2
FB		 2022 buf[5] = 0; /* reserved */
2023 buf[6] = 0; /* reserved */
2024 buf[7] = 0; /* reserved */
2025 padstr8(buf + 8, 8, "QEMU");
38cdea7c 2026 padstr8(buf + 16, 16, "QEMU DVD-ROM");
bd0d90b2
FB		 2027 padstr8(buf + 32, 4, QEMU_VERSION);
2028 ide_atapi_cmd_reply(s, 36, max_len);
2029 break;
d14049ea
TS		 2030 case GPCMD_GET_CONFIGURATION:
2031 {
38cdea7c 2032 uint32_t len;
091d055b 2033 uint8_t index = 0;
d14049ea
TS		 2034
2035 /* only feature 0 is supported */
2036 if (packet[2] != 0 || packet[3] != 0) {
2037 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
2038 ASC_INV_FIELD_IN_CMD_PACKET);
2039 break;
2040 }
38cdea7c
AZ		 2041
2042 /* XXX: could result in alignment problems in some architectures */
2043 max_len = ube16_to_cpu(packet + 7);
091d055b 2044
38cdea7c 2045 /*
091d055b
AZ		 2046 * XXX: avoid overflow for io_buffer if max_len is bigger than
2047 * the size of that buffer (dimensioned to max number of
2048 * sectors to transfer at once)
38cdea7c 2049 *
091d055b 2050 * Only a problem if the feature/profiles grow.
38cdea7c
AZ		 2051 */
2052 if (max_len > 512) /* XXX: assume 1 sector */
2053 max_len = 512;
2054
2055 memset(buf, 0, max_len);
2056 /*
2057 * the number of sectors from the media tells us which profile
2058 * to use as current. 0 means there is no media
38cdea7c 2059 */
8114e9e8
TS		 2060 if (media_is_dvd(s))
2061 cpu_to_ube16(buf + 6, MMC_PROFILE_DVD_ROM);
2062 else if (media_is_cd(s))
2063 cpu_to_ube16(buf + 6, MMC_PROFILE_CD_ROM);
38cdea7c 2064
091d055b
AZ		 2065 buf[10] = 0x02 | 0x01; /* persistent and current */
2066 len = 12; /* headers: 8 + 4 */
2067 len += ide_atapi_set_profile(buf, &index, MMC_PROFILE_DVD_ROM);
2068 len += ide_atapi_set_profile(buf, &index, MMC_PROFILE_CD_ROM);
38cdea7c
AZ		 2069 cpu_to_ube32(buf, len - 4); /* data length */
2070
2071 ide_atapi_cmd_reply(s, len, max_len);
d14049ea
TS		 2072 break;
2073 }
5391d806 2074 default:
5fafdf24 2075 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
7f777bf3 2076 ASC_ILLEGAL_OPCODE);
5391d806
FB		 2077 break;
2078 }
2079}
2080
201a51fc
AZ		 2081static void ide_cfata_metadata_inquiry(IDEState *s)
2082{
2083 uint16_t *p;
2084 uint32_t spd;
2085
2086 p = (uint16_t *) s->io_buffer;
2087 memset(p, 0, 0x200);
2088 spd = ((s->mdata_size - 1) >> 9) + 1;
2089
2090 put_le16(p + 0, 0x0001); /* Data format revision */
2091 put_le16(p + 1, 0x0000); /* Media property: silicon */
2092 put_le16(p + 2, s->media_changed); /* Media status */
2093 put_le16(p + 3, s->mdata_size & 0xffff); /* Capacity in bytes (low) */
2094 put_le16(p + 4, s->mdata_size >> 16); /* Capacity in bytes (high) */
2095 put_le16(p + 5, spd & 0xffff); /* Sectors per device (low) */
2096 put_le16(p + 6, spd >> 16); /* Sectors per device (high) */
2097}
2098
2099static void ide_cfata_metadata_read(IDEState *s)
2100{
2101 uint16_t *p;
2102
2103 if (((s->hcyl << 16) | s->lcyl) << 9 > s->mdata_size + 2) {
2104 s->status = ERR_STAT;
2105 s->error = ABRT_ERR;
2106 return;
2107 }
2108
2109 p = (uint16_t *) s->io_buffer;
2110 memset(p, 0, 0x200);
2111
2112 put_le16(p + 0, s->media_changed); /* Media status */
2113 memcpy(p + 1, s->mdata_storage + (((s->hcyl << 16) | s->lcyl) << 9),
2114 MIN(MIN(s->mdata_size - (((s->hcyl << 16) | s->lcyl) << 9),
2115 s->nsector << 9), 0x200 - 2));
2116}
2117
2118static void ide_cfata_metadata_write(IDEState *s)
2119{
2120 if (((s->hcyl << 16) | s->lcyl) << 9 > s->mdata_size + 2) {
2121 s->status = ERR_STAT;
2122 s->error = ABRT_ERR;
2123 return;
2124 }
2125
2126 s->media_changed = 0;
2127
2128 memcpy(s->mdata_storage + (((s->hcyl << 16) | s->lcyl) << 9),
2129 s->io_buffer + 2,
2130 MIN(MIN(s->mdata_size - (((s->hcyl << 16) | s->lcyl) << 9),
2131 s->nsector << 9), 0x200 - 2));
2132}
2133
bd491d6a
TS		 2134/* called when the inserted state of the media has changed */
2135static void cdrom_change_cb(void *opaque)
2136{
2137 IDEState *s = opaque;
96b8f136 2138 uint64_t nb_sectors;
bd491d6a 2139
bd491d6a
TS		 2140 bdrv_get_geometry(s->bs, &nb_sectors);
2141 s->nb_sectors = nb_sectors;
9118e7f0
AL		 2142
2143 s->sense_key = SENSE_UNIT_ATTENTION;
2144 s->asc = ASC_MEDIUM_MAY_HAVE_CHANGED;
2145
2146 ide_set_irq(s);
bd491d6a
TS		 2147}
2148
c2ff060f
FB		 2149static void ide_cmd_lba48_transform(IDEState *s, int lba48)
2150{
2151 s->lba48 = lba48;
2152
2153 /* handle the 'magic' 0 nsector count conversion here. to avoid
2154 * fiddling with the rest of the read logic, we just store the
2155 * full sector count in ->nsector and ignore ->hob_nsector from now
2156 */
2157 if (!s->lba48) {
2158 if (!s->nsector)
2159 s->nsector = 256;
2160 } else {
2161 if (!s->nsector && !s->hob_nsector)
2162 s->nsector = 65536;
2163 else {
2164 int lo = s->nsector;
2165 int hi = s->hob_nsector;
2166
2167 s->nsector = (hi << 8) | lo;
2168 }
2169 }
2170}
2171
2172static void ide_clear_hob(IDEState *ide_if)
2173{
2174 /* any write clears HOB high bit of device control register */
2175 ide_if[0].select &= ~(1 << 7);
2176 ide_if[1].select &= ~(1 << 7);
2177}
2178
caed8802
FB		 2179static void ide_ioport_write(void *opaque, uint32_t addr, uint32_t val)
2180{
2181 IDEState *ide_if = opaque;
c45c3d00 2182 IDEState *s;
5391d806 2183 int unit, n;
c2ff060f 2184 int lba48 = 0;
5391d806
FB		 2185
2186#ifdef DEBUG_IDE
2187 printf("IDE: write addr=0x%x val=0x%02x\n", addr, val);
2188#endif
c2ff060f 2189
5391d806 2190 addr &= 7;
fcdd25ab
AL		 2191
2192 /* ignore writes to command block while busy with previous command */
2193 if (addr != 7 && (ide_if->cur_drive->status & (BUSY_STAT|DRQ_STAT)))
2194 return;
2195
5391d806
FB		 2196 switch(addr) {
2197 case 0:
2198 break;
2199 case 1:
c2ff060f 2200 ide_clear_hob(ide_if);
c45c3d00 2201 /* NOTE: data is written to the two drives */
c2ff060f
FB		 2202 ide_if[0].hob_feature = ide_if[0].feature;
2203 ide_if[1].hob_feature = ide_if[1].feature;
c45c3d00
FB		 2204 ide_if[0].feature = val;
2205 ide_if[1].feature = val;
5391d806
FB		 2206 break;
2207 case 2:
c2ff060f
FB		 2208 ide_clear_hob(ide_if);
2209 ide_if[0].hob_nsector = ide_if[0].nsector;
2210 ide_if[1].hob_nsector = ide_if[1].nsector;
c45c3d00
FB		 2211 ide_if[0].nsector = val;
2212 ide_if[1].nsector = val;
5391d806
FB		 2213 break;
2214 case 3:
c2ff060f
FB		 2215 ide_clear_hob(ide_if);
2216 ide_if[0].hob_sector = ide_if[0].sector;
2217 ide_if[1].hob_sector = ide_if[1].sector;
c45c3d00
FB		 2218 ide_if[0].sector = val;
2219 ide_if[1].sector = val;
5391d806
FB		 2220 break;
2221 case 4:
c2ff060f
FB		 2222 ide_clear_hob(ide_if);
2223 ide_if[0].hob_lcyl = ide_if[0].lcyl;
2224 ide_if[1].hob_lcyl = ide_if[1].lcyl;
c45c3d00
FB		 2225 ide_if[0].lcyl = val;
2226 ide_if[1].lcyl = val;
5391d806
FB		 2227 break;
2228 case 5:
c2ff060f
FB		 2229 ide_clear_hob(ide_if);
2230 ide_if[0].hob_hcyl = ide_if[0].hcyl;
2231 ide_if[1].hob_hcyl = ide_if[1].hcyl;
c45c3d00
FB		 2232 ide_if[0].hcyl = val;
2233 ide_if[1].hcyl = val;
5391d806
FB		 2234 break;
2235 case 6:
c2ff060f 2236 /* FIXME: HOB readback uses bit 7 */
7ae98627
FB		 2237 ide_if[0].select = (val & ~0x10) | 0xa0;
2238 ide_if[1].select = (val | 0x10) | 0xa0;
5391d806
FB		 2239 /* select drive */
2240 unit = (val >> 4) & 1;
2241 s = ide_if + unit;
2242 ide_if->cur_drive = s;
5391d806
FB		 2243 break;
2244 default:
2245 case 7:
2246 /* command */
2247#if defined(DEBUG_IDE)
2248 printf("ide: CMD=%02x\n", val);
2249#endif
c45c3d00 2250 s = ide_if->cur_drive;
66201e2d 2251 /* ignore commands to non existant slave */
5fafdf24 2252 if (s != ide_if && !s->bs)
66201e2d 2253 break;
c2ff060f 2254
fcdd25ab
AL		 2255 /* Only DEVICE RESET is allowed while BSY or/and DRQ are set */
2256 if ((s->status & (BUSY_STAT|DRQ_STAT)) && val != WIN_DEVICE_RESET)
2257 break;
2258
5391d806
FB		 2259 switch(val) {
2260 case WIN_IDENTIFY:
2261 if (s->bs && !s->is_cdrom) {
201a51fc
AZ		 2262 if (!s->is_cf)
2263 ide_identify(s);
2264 else
2265 ide_cfata_identify(s);
2a282056 2266 s->status = READY_STAT | SEEK_STAT;
5391d806
FB		 2267 ide_transfer_start(s, s->io_buffer, 512, ide_transfer_stop);
2268 } else {
2269 if (s->is_cdrom) {
2270 ide_set_signature(s);
2271 }
2272 ide_abort_command(s);
2273 }
2274 ide_set_irq(s);
2275 break;
2276 case WIN_SPECIFY:
2277 case WIN_RECAL:
a136e5a8 2278 s->error = 0;
769bec72 2279 s->status = READY_STAT | SEEK_STAT;
5391d806
FB		 2280 ide_set_irq(s);
2281 break;
2282 case WIN_SETMULT:
201a51fc
AZ		 2283 if (s->is_cf && s->nsector == 0) {
2284 /* Disable Read and Write Multiple */
2285 s->mult_sectors = 0;
41a2b959 2286 s->status = READY_STAT | SEEK_STAT;
201a51fc 2287 } else if ((s->nsector & 0xff) != 0 &&
39dfc926
TS		 2288 ((s->nsector & 0xff) > MAX_MULT_SECTORS ||
2289 (s->nsector & (s->nsector - 1)) != 0)) {
5391d806
FB		 2290 ide_abort_command(s);
2291 } else {
292eef5a 2292 s->mult_sectors = s->nsector & 0xff;
41a2b959 2293 s->status = READY_STAT | SEEK_STAT;
5391d806
FB		 2294 }
2295 ide_set_irq(s);
2296 break;
c2ff060f
FB		 2297 case WIN_VERIFY_EXT:
2298 lba48 = 1;
4ce900b4
FB		 2299 case WIN_VERIFY:
2300 case WIN_VERIFY_ONCE:
2301 /* do sector number check ? */
c2ff060f 2302 ide_cmd_lba48_transform(s, lba48);
41a2b959 2303 s->status = READY_STAT | SEEK_STAT;
4ce900b4
FB		 2304 ide_set_irq(s);
2305 break;
c2ff060f
FB		 2306 case WIN_READ_EXT:
2307 lba48 = 1;
5391d806
FB		 2308 case WIN_READ:
2309 case WIN_READ_ONCE:
5fafdf24 2310 if (!s->bs)
6b136f9e 2311 goto abort_cmd;
c2ff060f 2312 ide_cmd_lba48_transform(s, lba48);
5391d806
FB		 2313 s->req_nb_sectors = 1;
2314 ide_sector_read(s);
2315 break;
c2ff060f
FB		 2316 case WIN_WRITE_EXT:
2317 lba48 = 1;
5391d806
FB		 2318 case WIN_WRITE:
2319 case WIN_WRITE_ONCE:
201a51fc
AZ		 2320 case CFA_WRITE_SECT_WO_ERASE:
2321 case WIN_WRITE_VERIFY:
c2ff060f 2322 ide_cmd_lba48_transform(s, lba48);
a136e5a8 2323 s->error = 0;
f66723fa 2324 s->status = SEEK_STAT | READY_STAT;
5391d806
FB		 2325 s->req_nb_sectors = 1;
2326 ide_transfer_start(s, s->io_buffer, 512, ide_sector_write);
201a51fc 2327 s->media_changed = 1;
5391d806 2328 break;
c2ff060f
FB		 2329 case WIN_MULTREAD_EXT:
2330 lba48 = 1;
5391d806
FB		 2331 case WIN_MULTREAD:
2332 if (!s->mult_sectors)
2333 goto abort_cmd;
c2ff060f 2334 ide_cmd_lba48_transform(s, lba48);
5391d806
FB		 2335 s->req_nb_sectors = s->mult_sectors;
2336 ide_sector_read(s);
2337 break;
c2ff060f
FB		 2338 case WIN_MULTWRITE_EXT:
2339 lba48 = 1;
5391d806 2340 case WIN_MULTWRITE:
201a51fc 2341 case CFA_WRITE_MULTI_WO_ERASE:
5391d806
FB		 2342 if (!s->mult_sectors)
2343 goto abort_cmd;
c2ff060f 2344 ide_cmd_lba48_transform(s, lba48);
a136e5a8 2345 s->error = 0;
f66723fa 2346 s->status = SEEK_STAT | READY_STAT;
5391d806
FB		 2347 s->req_nb_sectors = s->mult_sectors;
2348 n = s->nsector;
2349 if (n > s->req_nb_sectors)
2350 n = s->req_nb_sectors;
2351 ide_transfer_start(s, s->io_buffer, 512 * n, ide_sector_write);
201a51fc 2352 s->media_changed = 1;
5391d806 2353 break;
c2ff060f
FB		 2354 case WIN_READDMA_EXT:
2355 lba48 = 1;
98087450
FB		 2356 case WIN_READDMA:
2357 case WIN_READDMA_ONCE:
5fafdf24 2358 if (!s->bs)
98087450 2359 goto abort_cmd;
c2ff060f 2360 ide_cmd_lba48_transform(s, lba48);
98087450
FB		 2361 ide_sector_read_dma(s);
2362 break;
c2ff060f
FB		 2363 case WIN_WRITEDMA_EXT:
2364 lba48 = 1;
98087450
FB		 2365 case WIN_WRITEDMA:
2366 case WIN_WRITEDMA_ONCE:
5fafdf24 2367 if (!s->bs)
98087450 2368 goto abort_cmd;
c2ff060f 2369 ide_cmd_lba48_transform(s, lba48);
98087450 2370 ide_sector_write_dma(s);
201a51fc 2371 s->media_changed = 1;
98087450 2372 break;
c2ff060f
FB		 2373 case WIN_READ_NATIVE_MAX_EXT:
2374 lba48 = 1;
5391d806 2375 case WIN_READ_NATIVE_MAX:
c2ff060f 2376 ide_cmd_lba48_transform(s, lba48);
5391d806 2377 ide_set_sector(s, s->nb_sectors - 1);
41a2b959 2378 s->status = READY_STAT | SEEK_STAT;
5391d806
FB		 2379 ide_set_irq(s);
2380 break;
a136e5a8 2381 case WIN_CHECKPOWERMODE1:
201a51fc 2382 case WIN_CHECKPOWERMODE2:
a136e5a8 2383 s->nsector = 0xff; /* device active or idle */
41a2b959 2384 s->status = READY_STAT | SEEK_STAT;
a136e5a8
FB		 2385 ide_set_irq(s);
2386 break;
34e538ae
FB		 2387 case WIN_SETFEATURES:
2388 if (!s->bs)
2389 goto abort_cmd;
2390 /* XXX: valid for CDROM ? */
2391 switch(s->feature) {
e1f63470
TS		 2392 case 0xcc: /* reverting to power-on defaults enable */
2393 case 0x66: /* reverting to power-on defaults disable */
34e538ae
FB		 2394 case 0x02: /* write cache enable */
2395 case 0x82: /* write cache disable */
2396 case 0xaa: /* read look-ahead enable */
2397 case 0x55: /* read look-ahead disable */
201a51fc
AZ		 2398 case 0x05: /* set advanced power management mode */
2399 case 0x85: /* disable advanced power management mode */
2400 case 0x69: /* NOP */
2401 case 0x67: /* NOP */
2402 case 0x96: /* NOP */
2403 case 0x9a: /* NOP */
c3e88d8c
TS		 2404 case 0x42: /* enable Automatic Acoustic Mode */
2405 case 0xc2: /* disable Automatic Acoustic Mode */
e0fe67aa 2406 s->status = READY_STAT | SEEK_STAT;
34e538ae
FB		 2407 ide_set_irq(s);
2408 break;
94458802
FB		 2409 case 0x03: { /* set transfer mode */
2410 uint8_t val = s->nsector & 0x07;
2411
2412 switch (s->nsector >> 3) {
2413 case 0x00: /* pio default */
2414 case 0x01: /* pio mode */
d1b5c20d
TS		 2415 put_le16(s->identify_data + 62,0x07);
2416 put_le16(s->identify_data + 63,0x07);
2417 put_le16(s->identify_data + 88,0x3f);
2418 break;
2419 case 0x02: /* sigle word dma mode*/
2420 put_le16(s->identify_data + 62,0x07 | (1 << (val + 8)));
94458802
FB		 2421 put_le16(s->identify_data + 63,0x07);
2422 put_le16(s->identify_data + 88,0x3f);
2423 break;
2424 case 0x04: /* mdma mode */
d1b5c20d 2425 put_le16(s->identify_data + 62,0x07);
94458802
FB		 2426 put_le16(s->identify_data + 63,0x07 | (1 << (val + 8)));
2427 put_le16(s->identify_data + 88,0x3f);
2428 break;
2429 case 0x08: /* udma mode */
d1b5c20d 2430 put_le16(s->identify_data + 62,0x07);
94458802
FB		 2431 put_le16(s->identify_data + 63,0x07);
2432 put_le16(s->identify_data + 88,0x3f | (1 << (val + 8)));
2433 break;
2434 default:
2435 goto abort_cmd;
2436 }
2437 s->status = READY_STAT | SEEK_STAT;
2438 ide_set_irq(s);
2439 break;
2440 }
34e538ae
FB		 2441 default:
2442 goto abort_cmd;
2443 }
2444 break;
c2ff060f
FB		 2445 case WIN_FLUSH_CACHE:
2446 case WIN_FLUSH_CACHE_EXT:
7a6cba61
PB		 2447 if (s->bs)
2448 bdrv_flush(s->bs);
41a2b959 2449 s->status = READY_STAT | SEEK_STAT;
7a6cba61
PB		 2450 ide_set_irq(s);
2451 break;
c3e88d8c
TS		 2452 case WIN_STANDBY:
2453 case WIN_STANDBY2:
2454 case WIN_STANDBYNOW1:
201a51fc 2455 case WIN_STANDBYNOW2:
c451ee71 2456 case WIN_IDLEIMMEDIATE:
201a51fc
AZ		 2457 case CFA_IDLEIMMEDIATE:
2458 case WIN_SETIDLE1:
2459 case WIN_SETIDLE2:
c3e88d8c
TS		 2460 case WIN_SLEEPNOW1:
2461 case WIN_SLEEPNOW2:
2462 s->status = READY_STAT;
a7dfe172
FB		 2463 ide_set_irq(s);
2464 break;
4fbfcd6d
AJ		 2465 case WIN_SEEK:
2466 if(s->is_cdrom)
2467 goto abort_cmd;
2468 /* XXX: Check that seek is within bounds */
2469 s->status = READY_STAT | SEEK_STAT;
2470 ide_set_irq(s);
2471 break;
5391d806
FB		 2472 /* ATAPI commands */
2473 case WIN_PIDENTIFY:
2474 if (s->is_cdrom) {
2475 ide_atapi_identify(s);
1298fe63 2476 s->status = READY_STAT | SEEK_STAT;
5391d806
FB		 2477 ide_transfer_start(s, s->io_buffer, 512, ide_transfer_stop);
2478 } else {
2479 ide_abort_command(s);
2480 }
2481 ide_set_irq(s);
2482 break;
c451ee71
FB		 2483 case WIN_DIAGNOSE:
2484 ide_set_signature(s);
33256a25
AL		 2485 if (s->is_cdrom)
2486 s->status = 0; /* ATAPI spec (v6) section 9.10 defines packet
2487 * devices to return a clear status register
2488 * with READY_STAT *not* set. */
2489 else
2490 s->status = READY_STAT | SEEK_STAT;
2491 s->error = 0x01; /* Device 0 passed, Device 1 passed or not
2492 * present.
2493 */
f5fdd0a8 2494 ide_set_irq(s);
c451ee71 2495 break;
5391d806
FB		 2496 case WIN_SRST:
2497 if (!s->is_cdrom)
2498 goto abort_cmd;
2499 ide_set_signature(s);
6b136f9e 2500 s->status = 0x00; /* NOTE: READY is _not_ set */
5391d806
FB		 2501 s->error = 0x01;
2502 break;
2503 case WIN_PACKETCMD:
2504 if (!s->is_cdrom)
2505 goto abort_cmd;
98087450
FB		 2506 /* overlapping commands not supported */
2507 if (s->feature & 0x02)
5391d806 2508 goto abort_cmd;
41a2b959 2509 s->status = READY_STAT | SEEK_STAT;
98087450 2510 s->atapi_dma = s->feature & 1;
5391d806 2511 s->nsector = 1;
5fafdf24 2512 ide_transfer_start(s, s->io_buffer, ATAPI_PACKET_SIZE,
5391d806
FB		 2513 ide_atapi_cmd);
2514 break;
201a51fc
AZ		 2515 /* CF-ATA commands */
2516 case CFA_REQ_EXT_ERROR_CODE:
2517 if (!s->is_cf)
2518 goto abort_cmd;
2519 s->error = 0x09; /* miscellaneous error */
41a2b959 2520 s->status = READY_STAT | SEEK_STAT;
201a51fc
AZ		 2521 ide_set_irq(s);
2522 break;
2523 case CFA_ERASE_SECTORS:
2524 case CFA_WEAR_LEVEL:
2525 if (!s->is_cf)
2526 goto abort_cmd;
2527 if (val == CFA_WEAR_LEVEL)
2528 s->nsector = 0;
2529 if (val == CFA_ERASE_SECTORS)
2530 s->media_changed = 1;
2531 s->error = 0x00;
41a2b959 2532 s->status = READY_STAT | SEEK_STAT;
201a51fc
AZ		 2533 ide_set_irq(s);
2534 break;
2535 case CFA_TRANSLATE_SECTOR:
2536 if (!s->is_cf)
2537 goto abort_cmd;
2538 s->error = 0x00;
41a2b959 2539 s->status = READY_STAT | SEEK_STAT;
201a51fc
AZ		 2540 memset(s->io_buffer, 0, 0x200);
2541 s->io_buffer[0x00] = s->hcyl; /* Cyl MSB */
2542 s->io_buffer[0x01] = s->lcyl; /* Cyl LSB */
2543 s->io_buffer[0x02] = s->select; /* Head */
2544 s->io_buffer[0x03] = s->sector; /* Sector */
2545 s->io_buffer[0x04] = ide_get_sector(s) >> 16; /* LBA MSB */
2546 s->io_buffer[0x05] = ide_get_sector(s) >> 8; /* LBA */
2547 s->io_buffer[0x06] = ide_get_sector(s) >> 0; /* LBA LSB */
2548 s->io_buffer[0x13] = 0x00; /* Erase flag */
2549 s->io_buffer[0x18] = 0x00; /* Hot count */
2550 s->io_buffer[0x19] = 0x00; /* Hot count */
2551 s->io_buffer[0x1a] = 0x01; /* Hot count */
2552 ide_transfer_start(s, s->io_buffer, 0x200, ide_transfer_stop);
2553 ide_set_irq(s);
2554 break;
2555 case CFA_ACCESS_METADATA_STORAGE:
2556 if (!s->is_cf)
2557 goto abort_cmd;
2558 switch (s->feature) {
2559 case 0x02: /* Inquiry Metadata Storage */
2560 ide_cfata_metadata_inquiry(s);
2561 break;
2562 case 0x03: /* Read Metadata Storage */
2563 ide_cfata_metadata_read(s);
2564 break;
2565 case 0x04: /* Write Metadata Storage */
2566 ide_cfata_metadata_write(s);
2567 break;
2568 default:
2569 goto abort_cmd;
2570 }
2571 ide_transfer_start(s, s->io_buffer, 0x200, ide_transfer_stop);
2572 s->status = 0x00; /* NOTE: READY is _not_ set */
2573 ide_set_irq(s);
2574 break;
2575 case IBM_SENSE_CONDITION:
2576 if (!s->is_cf)
2577 goto abort_cmd;
2578 switch (s->feature) {
2579 case 0x01: /* sense temperature in device */
2580 s->nsector = 0x50; /* +20 C */
2581 break;
2582 default:
2583 goto abort_cmd;
2584 }
41a2b959 2585 s->status = READY_STAT | SEEK_STAT;
201a51fc
AZ		 2586 ide_set_irq(s);
2587 break;
5391d806
FB		 2588 default:
2589 abort_cmd:
2590 ide_abort_command(s);
2591 ide_set_irq(s);
2592 break;
2593 }
2594 }
2595}
2596
caed8802 2597static uint32_t ide_ioport_read(void *opaque, uint32_t addr1)
5391d806 2598{
7ae98627
FB		 2599 IDEState *ide_if = opaque;
2600 IDEState *s = ide_if->cur_drive;
5391d806 2601 uint32_t addr;
c2ff060f 2602 int ret, hob;
5391d806
FB		 2603
2604 addr = addr1 & 7;
c2ff060f
FB		 2605 /* FIXME: HOB readback uses bit 7, but it's always set right now */
2606 //hob = s->select & (1 << 7);
2607 hob = 0;
5391d806
FB		 2608 switch(addr) {
2609 case 0:
2610 ret = 0xff;
2611 break;
2612 case 1:
c45ca54f
AL		 2613 if ((!ide_if[0].bs && !ide_if[1].bs) ||
2614 (s != ide_if && !s->bs))
c45c3d00 2615 ret = 0;
c2ff060f 2616 else if (!hob)
c45c3d00 2617 ret = s->error;
c2ff060f
FB		 2618 else
2619 ret = s->hob_feature;
5391d806
FB		 2620 break;
2621 case 2:
7ae98627 2622 if (!ide_if[0].bs && !ide_if[1].bs)
c45c3d00 2623 ret = 0;
c2ff060f 2624 else if (!hob)
c45c3d00 2625 ret = s->nsector & 0xff;
c2ff060f
FB		 2626 else
2627 ret = s->hob_nsector;
5391d806
FB		 2628 break;
2629 case 3:
7ae98627 2630 if (!ide_if[0].bs && !ide_if[1].bs)
c45c3d00 2631 ret = 0;
c2ff060f 2632 else if (!hob)
c45c3d00 2633 ret = s->sector;
c2ff060f
FB		 2634 else
2635 ret = s->hob_sector;
5391d806
FB		 2636 break;
2637 case 4:
7ae98627 2638 if (!ide_if[0].bs && !ide_if[1].bs)
c45c3d00 2639 ret = 0;
c2ff060f 2640 else if (!hob)
c45c3d00 2641 ret = s->lcyl;
c2ff060f
FB		 2642 else
2643 ret = s->hob_lcyl;
5391d806
FB		 2644 break;
2645 case 5:
7ae98627 2646 if (!ide_if[0].bs && !ide_if[1].bs)
c45c3d00 2647 ret = 0;
c2ff060f 2648 else if (!hob)
c45c3d00 2649 ret = s->hcyl;
c2ff060f
FB		 2650 else
2651 ret = s->hob_hcyl;
5391d806
FB		 2652 break;
2653 case 6:
7ae98627 2654 if (!ide_if[0].bs && !ide_if[1].bs)
c45c3d00
FB		 2655 ret = 0;
2656 else
7ae98627 2657 ret = s->select;
5391d806
FB		 2658 break;
2659 default:
2660 case 7:
66201e2d
FB		 2661 if ((!ide_if[0].bs && !ide_if[1].bs) ||
2662 (s != ide_if && !s->bs))
c45c3d00
FB		 2663 ret = 0;
2664 else
2665 ret = s->status;
d537cf6c 2666 qemu_irq_lower(s->irq);
5391d806
FB		 2667 break;
2668 }
2669#ifdef DEBUG_IDE
2670 printf("ide: read addr=0x%x val=%02x\n", addr1, ret);
2671#endif
2672 return ret;
2673}
2674
caed8802 2675static uint32_t ide_status_read(void *opaque, uint32_t addr)
5391d806 2676{
7ae98627
FB		 2677 IDEState *ide_if = opaque;
2678 IDEState *s = ide_if->cur_drive;
5391d806 2679 int ret;
7ae98627 2680
66201e2d
FB		 2681 if ((!ide_if[0].bs && !ide_if[1].bs) ||
2682 (s != ide_if && !s->bs))
7ae98627
FB		 2683 ret = 0;
2684 else
2685 ret = s->status;
5391d806
FB		 2686#ifdef DEBUG_IDE
2687 printf("ide: read status addr=0x%x val=%02x\n", addr, ret);
2688#endif
2689 return ret;
2690}
2691
caed8802 2692static void ide_cmd_write(void *opaque, uint32_t addr, uint32_t val)
5391d806 2693{
caed8802 2694 IDEState *ide_if = opaque;
5391d806
FB		 2695 IDEState *s;
2696 int i;
2697
2698#ifdef DEBUG_IDE
2699 printf("ide: write control addr=0x%x val=%02x\n", addr, val);
2700#endif
2701 /* common for both drives */
2702 if (!(ide_if[0].cmd & IDE_CMD_RESET) &&
2703 (val & IDE_CMD_RESET)) {
2704 /* reset low to high */
2705 for(i = 0;i < 2; i++) {
2706 s = &ide_if[i];
2707 s->status = BUSY_STAT | SEEK_STAT;
2708 s->error = 0x01;
2709 }
2710 } else if ((ide_if[0].cmd & IDE_CMD_RESET) &&
2711 !(val & IDE_CMD_RESET)) {
2712 /* high to low */
2713 for(i = 0;i < 2; i++) {
2714 s = &ide_if[i];
6b136f9e
FB		 2715 if (s->is_cdrom)
2716 s->status = 0x00; /* NOTE: READY is _not_ set */
2717 else
56bf1d37 2718 s->status = READY_STAT | SEEK_STAT;
5391d806
FB		 2719 ide_set_signature(s);
2720 }
2721 }
2722
2723 ide_if[0].cmd = val;
2724 ide_if[1].cmd = val;
2725}
2726
caed8802 2727static void ide_data_writew(void *opaque, uint32_t addr, uint32_t val)
5391d806 2728{
caed8802 2729 IDEState *s = ((IDEState *)opaque)->cur_drive;
5391d806
FB		 2730 uint8_t *p;
2731
fcdd25ab
AL		 2732 /* PIO data access allowed only when DRQ bit is set */
2733 if (!(s->status & DRQ_STAT))
2734 return;
2735
5391d806 2736 p = s->data_ptr;
0c4ad8dc 2737 *(uint16_t *)p = le16_to_cpu(val);
5391d806
FB		 2738 p += 2;
2739 s->data_ptr = p;
2740 if (p >= s->data_end)
2741 s->end_transfer_func(s);
2742}
2743
caed8802 2744static uint32_t ide_data_readw(void *opaque, uint32_t addr)
5391d806 2745{
caed8802 2746 IDEState *s = ((IDEState *)opaque)->cur_drive;
5391d806
FB		 2747 uint8_t *p;
2748 int ret;
fcdd25ab
AL		 2749
2750 /* PIO data access allowed only when DRQ bit is set */
2751 if (!(s->status & DRQ_STAT))
2752 return 0;
2753
5391d806 2754 p = s->data_ptr;
0c4ad8dc 2755 ret = cpu_to_le16(*(uint16_t *)p);
5391d806
FB		 2756 p += 2;
2757 s->data_ptr = p;
2758 if (p >= s->data_end)
2759 s->end_transfer_func(s);
2760 return ret;
2761}
2762
caed8802 2763static void ide_data_writel(void *opaque, uint32_t addr, uint32_t val)
5391d806 2764{
caed8802 2765 IDEState *s = ((IDEState *)opaque)->cur_drive;
5391d806
FB		 2766 uint8_t *p;
2767
fcdd25ab
AL		 2768 /* PIO data access allowed only when DRQ bit is set */
2769 if (!(s->status & DRQ_STAT))
2770 return;
2771
5391d806 2772 p = s->data_ptr;
0c4ad8dc 2773 *(uint32_t *)p = le32_to_cpu(val);
5391d806
FB		 2774 p += 4;
2775 s->data_ptr = p;
2776 if (p >= s->data_end)
2777 s->end_transfer_func(s);
2778}
2779
caed8802 2780static uint32_t ide_data_readl(void *opaque, uint32_t addr)
5391d806 2781{
caed8802 2782 IDEState *s = ((IDEState *)opaque)->cur_drive;
5391d806
FB		 2783 uint8_t *p;
2784 int ret;
3b46e624 2785
fcdd25ab
AL		 2786 /* PIO data access allowed only when DRQ bit is set */
2787 if (!(s->status & DRQ_STAT))
2788 return 0;
2789
5391d806 2790 p = s->data_ptr;
0c4ad8dc 2791 ret = cpu_to_le32(*(uint32_t *)p);
5391d806
FB		 2792 p += 4;
2793 s->data_ptr = p;
2794 if (p >= s->data_end)
2795 s->end_transfer_func(s);
2796 return ret;
2797}
2798
a7dfe172
FB		 2799static void ide_dummy_transfer_stop(IDEState *s)
2800{
2801 s->data_ptr = s->io_buffer;
2802 s->data_end = s->io_buffer;
2803 s->io_buffer[0] = 0xff;
2804 s->io_buffer[1] = 0xff;
2805 s->io_buffer[2] = 0xff;
2806 s->io_buffer[3] = 0xff;
2807}
2808
5391d806
FB		 2809static void ide_reset(IDEState *s)
2810{
201a51fc
AZ		 2811 if (s->is_cf)
2812 s->mult_sectors = 0;
2813 else
2814 s->mult_sectors = MAX_MULT_SECTORS;
5391d806
FB		 2815 s->cur_drive = s;
2816 s->select = 0xa0;
41a2b959 2817 s->status = READY_STAT | SEEK_STAT;
5391d806 2818 ide_set_signature(s);
a7dfe172
FB		 2819 /* init the transfer handler so that 0xffff is returned on data
2820 accesses */
2821 s->end_transfer_func = ide_dummy_transfer_stop;
2822 ide_dummy_transfer_stop(s);
201a51fc 2823 s->media_changed = 0;
5391d806
FB		 2824}
2825
5457c8ce
FB		 2826static void ide_init2(IDEState *ide_state,
2827 BlockDriverState *hd0, BlockDriverState *hd1,
d537cf6c 2828 qemu_irq irq)
5391d806 2829{
69b91039 2830 IDEState *s;
aedf5382 2831 static int drive_serial = 1;
f3d54fc4 2832 int i, cylinders, heads, secs;
96b8f136 2833 uint64_t nb_sectors;
5391d806 2834
caed8802
FB		 2835 for(i = 0; i < 2; i++) {
2836 s = ide_state + i;
1d8cde5b 2837 s->io_buffer = qemu_memalign(512, IDE_DMA_BUF_SECTORS*512 + 4);
caed8802
FB		 2838 if (i == 0)
2839 s->bs = hd0;
2840 else
2841 s->bs = hd1;
5391d806
FB		 2842 if (s->bs) {
2843 bdrv_get_geometry(s->bs, &nb_sectors);
f3d54fc4
AL		 2844 bdrv_guess_geometry(s->bs, &cylinders, &heads, &secs);
2845 s->cylinders = cylinders;
2846 s->heads = heads;
2847 s->sectors = secs;
5391d806 2848 s->nb_sectors = nb_sectors;
f3d54fc4 2849
caed8802
FB		 2850 if (bdrv_get_type_hint(s->bs) == BDRV_TYPE_CDROM) {
2851 s->is_cdrom = 1;
bd491d6a 2852 bdrv_set_change_cb(s->bs, cdrom_change_cb, s);
5391d806
FB		 2853 }
2854 }
aedf5382 2855 s->drive_serial = drive_serial++;
fa879c64
AL		 2856 strncpy(s->drive_serial_str, drive_get_serial(s->bs),
2857 sizeof(s->drive_serial_str));
2858 if (strlen(s->drive_serial_str) == 0)
2859 snprintf(s->drive_serial_str, sizeof(s->drive_serial_str),
2860 "QM%05d", s->drive_serial);
caed8802 2861 s->irq = irq;
5fafdf24 2862 s->sector_write_timer = qemu_new_timer(vm_clock,
a09db21f 2863 ide_sector_write_timer_cb, s);
5391d806
FB		 2864 ide_reset(s);
2865 }
69b91039
FB		 2866}
2867
34e538ae 2868static void ide_init_ioport(IDEState *ide_state, int iobase, int iobase2)
69b91039 2869{
caed8802
FB		 2870 register_ioport_write(iobase, 8, 1, ide_ioport_write, ide_state);
2871 register_ioport_read(iobase, 8, 1, ide_ioport_read, ide_state);
2872 if (iobase2) {
2873 register_ioport_read(iobase2, 1, 1, ide_status_read, ide_state);
2874 register_ioport_write(iobase2, 1, 1, ide_cmd_write, ide_state);
5391d806 2875 }
3b46e624 2876
caed8802
FB		 2877 /* data ports */
2878 register_ioport_write(iobase, 2, 2, ide_data_writew, ide_state);
2879 register_ioport_read(iobase, 2, 2, ide_data_readw, ide_state);
2880 register_ioport_write(iobase, 4, 4, ide_data_writel, ide_state);
2881 register_ioport_read(iobase, 4, 4, ide_data_readl, ide_state);
5391d806 2882}
69b91039 2883
aa941b94
AZ		 2884/* save per IDE drive data */
2885static void ide_save(QEMUFile* f, IDEState *s)
2886{
bee8d684
TS		 2887 qemu_put_be32(f, s->mult_sectors);
2888 qemu_put_be32(f, s->identify_set);
aa941b94
AZ		 2889 if (s->identify_set) {
2890 qemu_put_buffer(f, (const uint8_t *)s->identify_data, 512);
2891 }
2892 qemu_put_8s(f, &s->feature);
2893 qemu_put_8s(f, &s->error);
2894 qemu_put_be32s(f, &s->nsector);
2895 qemu_put_8s(f, &s->sector);
2896 qemu_put_8s(f, &s->lcyl);
2897 qemu_put_8s(f, &s->hcyl);
2898 qemu_put_8s(f, &s->hob_feature);
2899 qemu_put_8s(f, &s->hob_nsector);
2900 qemu_put_8s(f, &s->hob_sector);
2901 qemu_put_8s(f, &s->hob_lcyl);
2902 qemu_put_8s(f, &s->hob_hcyl);
2903 qemu_put_8s(f, &s->select);
2904 qemu_put_8s(f, &s->status);
2905 qemu_put_8s(f, &s->lba48);
2906
2907 qemu_put_8s(f, &s->sense_key);
2908 qemu_put_8s(f, &s->asc);
2909 /* XXX: if a transfer is pending, we do not save it yet */
2910}
2911
2912/* load per IDE drive data */
2913static void ide_load(QEMUFile* f, IDEState *s)
2914{
bee8d684
TS		 2915 s->mult_sectors=qemu_get_be32(f);
2916 s->identify_set=qemu_get_be32(f);
aa941b94
AZ		 2917 if (s->identify_set) {
2918 qemu_get_buffer(f, (uint8_t *)s->identify_data, 512);
2919 }
2920 qemu_get_8s(f, &s->feature);
2921 qemu_get_8s(f, &s->error);
2922 qemu_get_be32s(f, &s->nsector);
2923 qemu_get_8s(f, &s->sector);
2924 qemu_get_8s(f, &s->lcyl);
2925 qemu_get_8s(f, &s->hcyl);
2926 qemu_get_8s(f, &s->hob_feature);
2927 qemu_get_8s(f, &s->hob_nsector);
2928 qemu_get_8s(f, &s->hob_sector);
2929 qemu_get_8s(f, &s->hob_lcyl);
2930 qemu_get_8s(f, &s->hob_hcyl);
2931 qemu_get_8s(f, &s->select);
2932 qemu_get_8s(f, &s->status);
2933 qemu_get_8s(f, &s->lba48);
2934
2935 qemu_get_8s(f, &s->sense_key);
2936 qemu_get_8s(f, &s->asc);
2937 /* XXX: if a transfer is pending, we do not save it yet */
2938}
2939
34e538ae
FB		 2940/***********************************************************/
2941/* ISA IDE definitions */
2942
d537cf6c 2943void isa_ide_init(int iobase, int iobase2, qemu_irq irq,
34e538ae
FB		 2944 BlockDriverState *hd0, BlockDriverState *hd1)
2945{
2946 IDEState *ide_state;
2947
2948 ide_state = qemu_mallocz(sizeof(IDEState) * 2);
2949 if (!ide_state)
2950 return;
3b46e624 2951
d537cf6c 2952 ide_init2(ide_state, hd0, hd1, irq);
34e538ae
FB		 2953 ide_init_ioport(ide_state, iobase, iobase2);
2954}
2955
69b91039
FB		 2956/***********************************************************/
2957/* PCI IDE definitions */
2958
5457c8ce
FB		 2959static void cmd646_update_irq(PCIIDEState *d);
2960
5fafdf24 2961static void ide_map(PCIDevice *pci_dev, int region_num,
69b91039
FB		 2962 uint32_t addr, uint32_t size, int type)
2963{
2964 PCIIDEState *d = (PCIIDEState *)pci_dev;
2965 IDEState *ide_state;
2966
2967 if (region_num <= 3) {
2968 ide_state = &d->ide_if[(region_num >> 1) * 2];
2969 if (region_num & 1) {
2970 register_ioport_read(addr + 2, 1, 1, ide_status_read, ide_state);
2971 register_ioport_write(addr + 2, 1, 1, ide_cmd_write, ide_state);
2972 } else {
2973 register_ioport_write(addr, 8, 1, ide_ioport_write, ide_state);
2974 register_ioport_read(addr, 8, 1, ide_ioport_read, ide_state);
2975
2976 /* data ports */
2977 register_ioport_write(addr, 2, 2, ide_data_writew, ide_state);
2978 register_ioport_read(addr, 2, 2, ide_data_readw, ide_state);
2979 register_ioport_write(addr, 4, 4, ide_data_writel, ide_state);
2980 register_ioport_read(addr, 4, 4, ide_data_readl, ide_state);
2981 }
2982 }
2983}
2984
8ccad811 2985static void ide_dma_start(IDEState *s, BlockDriverCompletionFunc *dma_cb)
98087450
FB		 2986{
2987 BMDMAState *bm = s->bmdma;
2988 if(!bm)
2989 return;
2990 bm->ide_if = s;
2991 bm->dma_cb = dma_cb;
8ccad811
FB		 2992 bm->cur_prd_last = 0;
2993 bm->cur_prd_addr = 0;
2994 bm->cur_prd_len = 0;
428c5705
AL		 2995 bm->sector_num = ide_get_sector(s);
2996 bm->nsector = s->nsector;
98087450 2997 if (bm->status & BM_STATUS_DMAING) {
8ccad811 2998 bm->dma_cb(bm, 0);
98087450
FB		 2999 }
3000}
3001
428c5705
AL		 3002static void ide_dma_restart(IDEState *s)
3003{
3004 BMDMAState *bm = s->bmdma;
3005 ide_set_sector(s, bm->sector_num);
3006 s->io_buffer_index = 0;
3007 s->io_buffer_size = 0;
3008 s->nsector = bm->nsector;
3009 bm->cur_addr = bm->addr;
3010 bm->dma_cb = ide_write_dma_cb;
3011 ide_dma_start(s, bm->dma_cb);
3012}
3013
72c7b06c
AL		 3014static void ide_dma_cancel(BMDMAState *bm)
3015{
3016 if (bm->status & BM_STATUS_DMAING) {
3017 bm->status &= ~BM_STATUS_DMAING;
3018 /* cancel DMA request */
3019 bm->ide_if = NULL;
3020 bm->dma_cb = NULL;
3021 if (bm->aiocb) {
3022#ifdef DEBUG_AIO
3023 printf("aio_cancel\n");
3024#endif
3025 bdrv_aio_cancel(bm->aiocb);
3026 bm->aiocb = NULL;
3027 }
3028 }
3029}
3030
98087450
FB		 3031static void bmdma_cmd_writeb(void *opaque, uint32_t addr, uint32_t val)
3032{
3033 BMDMAState *bm = opaque;
3034#ifdef DEBUG_IDE
3035 printf("%s: 0x%08x\n", __func__, val);
3036#endif
3037 if (!(val & BM_CMD_START)) {
3038 /* XXX: do it better */
72c7b06c 3039 ide_dma_cancel(bm);
98087450
FB		 3040 bm->cmd = val & 0x09;
3041 } else {
8ccad811
FB		 3042 if (!(bm->status & BM_STATUS_DMAING)) {
3043 bm->status |= BM_STATUS_DMAING;
3044 /* start dma transfer if possible */
3045 if (bm->dma_cb)
3046 bm->dma_cb(bm, 0);
3047 }
98087450 3048 bm->cmd = val & 0x09;
98087450
FB		 3049 }
3050}
3051
5457c8ce 3052static uint32_t bmdma_readb(void *opaque, uint32_t addr)
98087450
FB		 3053{
3054 BMDMAState *bm = opaque;
5457c8ce 3055 PCIIDEState *pci_dev;
98087450 3056 uint32_t val;
3b46e624 3057
5457c8ce 3058 switch(addr & 3) {
5fafdf24 3059 case 0:
5457c8ce
FB		 3060 val = bm->cmd;
3061 break;
3062 case 1:
3063 pci_dev = bm->pci_dev;
3064 if (pci_dev->type == IDE_TYPE_CMD646) {
3065 val = pci_dev->dev.config[MRDMODE];
3066 } else {
3067 val = 0xff;
3068 }
3069 break;
3070 case 2:
3071 val = bm->status;
3072 break;
3073 case 3:
3074 pci_dev = bm->pci_dev;
3075 if (pci_dev->type == IDE_TYPE_CMD646) {
3076 if (bm == &pci_dev->bmdma[0])
3077 val = pci_dev->dev.config[UDIDETCR0];
3078 else
3079 val = pci_dev->dev.config[UDIDETCR1];
3080 } else {
3081 val = 0xff;
3082 }
3083 break;
3084 default:
3085 val = 0xff;
3086 break;
3087 }
98087450 3088#ifdef DEBUG_IDE
5457c8ce 3089 printf("bmdma: readb 0x%02x : 0x%02x\n", addr, val);
98087450
FB		 3090#endif
3091 return val;
3092}
3093
5457c8ce 3094static void bmdma_writeb(void *opaque, uint32_t addr, uint32_t val)
98087450
FB		 3095{
3096 BMDMAState *bm = opaque;
5457c8ce 3097 PCIIDEState *pci_dev;
98087450 3098#ifdef DEBUG_IDE
5457c8ce 3099 printf("bmdma: writeb 0x%02x : 0x%02x\n", addr, val);
98087450 3100#endif
5457c8ce
FB		 3101 switch(addr & 3) {
3102 case 1:
3103 pci_dev = bm->pci_dev;
3104 if (pci_dev->type == IDE_TYPE_CMD646) {
5fafdf24 3105 pci_dev->dev.config[MRDMODE] =
5457c8ce
FB		 3106 (pci_dev->dev.config[MRDMODE] & ~0x30) | (val & 0x30);
3107 cmd646_update_irq(pci_dev);
3108 }
3109 break;
3110 case 2:
3111 bm->status = (val & 0x60) | (bm->status & 1) | (bm->status & ~val & 0x06);
3112 break;
3113 case 3:
3114 pci_dev = bm->pci_dev;
3115 if (pci_dev->type == IDE_TYPE_CMD646) {
3116 if (bm == &pci_dev->bmdma[0])
3117 pci_dev->dev.config[UDIDETCR0] = val;
3118 else
3119 pci_dev->dev.config[UDIDETCR1] = val;
3120 }
3121 break;
3122 }
98087450
FB		 3123}
3124
5b9a1293
AJ		 3125static uint32_t bmdma_addr_readb(void *opaque, uint32_t addr)
3126{
3127 BMDMAState *bm = opaque;
3128 uint32_t val;
3129 val = (bm->addr >> ((addr & 3) * 8)) & 0xff;
3130#ifdef DEBUG_IDE
3131 printf("%s: 0x%08x\n", __func__, val);
3132#endif
3133 return val;
3134}
3135
3136static void bmdma_addr_writeb(void *opaque, uint32_t addr, uint32_t val)
3137{
3138 BMDMAState *bm = opaque;
3139 int shift = (addr & 3) * 8;
3140#ifdef DEBUG_IDE
3141 printf("%s: 0x%08x\n", __func__, val);
3142#endif
3143 bm->addr &= ~(0xFF << shift);
3144 bm->addr |= ((val & 0xFF) << shift) & ~3;
3145 bm->cur_addr = bm->addr;
3146}
3147
3148static uint32_t bmdma_addr_readw(void *opaque, uint32_t addr)
3149{
3150 BMDMAState *bm = opaque;
3151 uint32_t val;
3152 val = (bm->addr >> ((addr & 3) * 8)) & 0xffff;
3153#ifdef DEBUG_IDE
3154 printf("%s: 0x%08x\n", __func__, val);
3155#endif
3156 return val;
3157}
3158
3159static void bmdma_addr_writew(void *opaque, uint32_t addr, uint32_t val)
3160{
3161 BMDMAState *bm = opaque;
3162 int shift = (addr & 3) * 8;
3163#ifdef DEBUG_IDE
3164 printf("%s: 0x%08x\n", __func__, val);
3165#endif
3166 bm->addr &= ~(0xFFFF << shift);
3167 bm->addr |= ((val & 0xFFFF) << shift) & ~3;
3168 bm->cur_addr = bm->addr;
3169}
3170
98087450
FB		 3171static uint32_t bmdma_addr_readl(void *opaque, uint32_t addr)
3172{
3173 BMDMAState *bm = opaque;
3174 uint32_t val;
3175 val = bm->addr;
3176#ifdef DEBUG_IDE
3177 printf("%s: 0x%08x\n", __func__, val);
3178#endif
3179 return val;
3180}
3181
3182static void bmdma_addr_writel(void *opaque, uint32_t addr, uint32_t val)
3183{
3184 BMDMAState *bm = opaque;
3185#ifdef DEBUG_IDE
3186 printf("%s: 0x%08x\n", __func__, val);
3187#endif
3188 bm->addr = val & ~3;
30c4bbac 3189 bm->cur_addr = bm->addr;
98087450
FB		 3190}
3191
5fafdf24 3192static void bmdma_map(PCIDevice *pci_dev, int region_num,
98087450
FB		 3193 uint32_t addr, uint32_t size, int type)
3194{
3195 PCIIDEState *d = (PCIIDEState *)pci_dev;
3196 int i;
3197
3198 for(i = 0;i < 2; i++) {
3199 BMDMAState *bm = &d->bmdma[i];
3200 d->ide_if[2 * i].bmdma = bm;
3201 d->ide_if[2 * i + 1].bmdma = bm;
5457c8ce 3202 bm->pci_dev = (PCIIDEState *)pci_dev;
428c5705 3203 qemu_add_vm_change_state_handler(ide_dma_restart_cb, bm);
5457c8ce 3204
98087450 3205 register_ioport_write(addr, 1, 1, bmdma_cmd_writeb, bm);
98087450 3206
5457c8ce
FB		 3207 register_ioport_write(addr + 1, 3, 1, bmdma_writeb, bm);
3208 register_ioport_read(addr, 4, 1, bmdma_readb, bm);
98087450 3209
5b9a1293
AJ		 3210 register_ioport_write(addr + 4, 4, 1, bmdma_addr_writeb, bm);
3211 register_ioport_read(addr + 4, 4, 1, bmdma_addr_readb, bm);
3212 register_ioport_write(addr + 4, 4, 2, bmdma_addr_writew, bm);
3213 register_ioport_read(addr + 4, 4, 2, bmdma_addr_readw, bm);
98087450
FB		 3214 register_ioport_write(addr + 4, 4, 4, bmdma_addr_writel, bm);
3215 register_ioport_read(addr + 4, 4, 4, bmdma_addr_readl, bm);
3216 addr += 8;
3217 }
3218}
3219
9b64997f
BS		 3220static void pci_ide_save(QEMUFile* f, void *opaque)
3221{
3222 PCIIDEState *d = opaque;
3223 int i;
3224
3225 pci_device_save(&d->dev, f);
3226
3227 for(i = 0; i < 2; i++) {
3228 BMDMAState *bm = &d->bmdma[i];
428c5705 3229 uint8_t ifidx;
9b64997f
BS		 3230 qemu_put_8s(f, &bm->cmd);
3231 qemu_put_8s(f, &bm->status);
3232 qemu_put_be32s(f, &bm->addr);
428c5705
AL		 3233 qemu_put_sbe64s(f, &bm->sector_num);
3234 qemu_put_be32s(f, &bm->nsector);
3235 ifidx = bm->ide_if ? bm->ide_if - d->ide_if : 0;
3236 qemu_put_8s(f, &ifidx);
9b64997f
BS		 3237 /* XXX: if a transfer is pending, we do not save it yet */
3238 }
3239
3240 /* per IDE interface data */
3241 for(i = 0; i < 2; i++) {
3242 IDEState *s = &d->ide_if[i * 2];
3243 uint8_t drive1_selected;
3244 qemu_put_8s(f, &s->cmd);
3245 drive1_selected = (s->cur_drive != s);
3246 qemu_put_8s(f, &drive1_selected);
3247 }
3248
3249 /* per IDE drive data */
3250 for(i = 0; i < 4; i++) {
3251 ide_save(f, &d->ide_if[i]);
3252 }
3253}
3254
3255static int pci_ide_load(QEMUFile* f, void *opaque, int version_id)
3256{
3257 PCIIDEState *d = opaque;
3258 int ret, i;
3259
428c5705 3260 if (version_id != 2)
9b64997f
BS		 3261 return -EINVAL;
3262 ret = pci_device_load(&d->dev, f);
3263 if (ret < 0)
3264 return ret;
3265
3266 for(i = 0; i < 2; i++) {
3267 BMDMAState *bm = &d->bmdma[i];
428c5705 3268 uint8_t ifidx;
9b64997f
BS		 3269 qemu_get_8s(f, &bm->cmd);
3270 qemu_get_8s(f, &bm->status);
3271 qemu_get_be32s(f, &bm->addr);
428c5705
AL		 3272 qemu_get_sbe64s(f, &bm->sector_num);
3273 qemu_get_be32s(f, &bm->nsector);
3274 qemu_get_8s(f, &ifidx);
3275 bm->ide_if = &d->ide_if[ifidx];
9b64997f
BS		 3276 /* XXX: if a transfer is pending, we do not save it yet */
3277 }
3278
3279 /* per IDE interface data */
3280 for(i = 0; i < 2; i++) {
3281 IDEState *s = &d->ide_if[i * 2];
3282 uint8_t drive1_selected;
3283 qemu_get_8s(f, &s->cmd);
3284 qemu_get_8s(f, &drive1_selected);
3285 s->cur_drive = &d->ide_if[i * 2 + (drive1_selected != 0)];
3286 }
3287
3288 /* per IDE drive data */
3289 for(i = 0; i < 4; i++) {
3290 ide_load(f, &d->ide_if[i]);
3291 }
3292 return 0;
3293}
3294
5457c8ce
FB		 3295/* XXX: call it also when the MRDMODE is changed from the PCI config
3296 registers */
3297static void cmd646_update_irq(PCIIDEState *d)
3298{
3299 int pci_level;
3300 pci_level = ((d->dev.config[MRDMODE] & MRDMODE_INTR_CH0) &&
3301 !(d->dev.config[MRDMODE] & MRDMODE_BLK_CH0)) ||
3302 ((d->dev.config[MRDMODE] & MRDMODE_INTR_CH1) &&
3303 !(d->dev.config[MRDMODE] & MRDMODE_BLK_CH1));
d537cf6c 3304 qemu_set_irq(d->dev.irq[0], pci_level);
5457c8ce
FB		 3305}
3306
3307/* the PCI irq level is the logical OR of the two channels */
3308static void cmd646_set_irq(void *opaque, int channel, int level)
3309{
3310 PCIIDEState *d = opaque;
3311 int irq_mask;
3312
3313 irq_mask = MRDMODE_INTR_CH0 << channel;
3314 if (level)
3315 d->dev.config[MRDMODE] |= irq_mask;
3316 else
3317 d->dev.config[MRDMODE] &= ~irq_mask;
3318 cmd646_update_irq(d);
3319}
3320
6e6b7363
BS		 3321static void cmd646_reset(void *opaque)
3322{
3323 PCIIDEState *d = opaque;
3324 unsigned int i;
3325
3326 for (i = 0; i < 2; i++)
3327 ide_dma_cancel(&d->bmdma[i]);
3328}
3329
5457c8ce
FB		 3330/* CMD646 PCI IDE controller */
3331void pci_cmd646_ide_init(PCIBus *bus, BlockDriverState **hd_table,
3332 int secondary_ide_enabled)
69b91039
FB		 3333{
3334 PCIIDEState *d;
3335 uint8_t *pci_conf;
34e538ae 3336 int i;
d537cf6c 3337 qemu_irq *irq;
34e538ae 3338
5fafdf24 3339 d = (PCIIDEState *)pci_register_device(bus, "CMD646 IDE",
5457c8ce 3340 sizeof(PCIIDEState),
5fafdf24 3341 -1,
73c11f63 3342 NULL, NULL);
5457c8ce 3343 d->type = IDE_TYPE_CMD646;
69b91039 3344 pci_conf = d->dev.config;
deb54399
AL		 3345 pci_config_set_vendor_id(pci_conf, PCI_VENDOR_ID_CMD);
3346 pci_config_set_device_id(pci_conf, PCI_DEVICE_ID_CMD_646);
5457c8ce
FB		 3347
3348 pci_conf[0x08] = 0x07; // IDE controller revision
5fafdf24 3349 pci_conf[0x09] = 0x8f;
5457c8ce 3350
69b91039
FB		 3351 pci_conf[0x0a] = 0x01; // class_sub = PCI_IDE
3352 pci_conf[0x0b] = 0x01; // class_base = PCI_mass_storage
5457c8ce 3353 pci_conf[0x0e] = 0x00; // header_type
3b46e624 3354
0516ede0 3355 pci_conf[0x51] = 0x04; // enable IDE0
5457c8ce
FB		 3356 if (secondary_ide_enabled) {
3357 /* XXX: if not enabled, really disable the seconday IDE controller */
0516ede0 3358 pci_conf[0x51] |= 0x08; /* enable IDE1 */
5457c8ce 3359 }
69b91039 3360
5fafdf24 3361 pci_register_io_region((PCIDevice *)d, 0, 0x8,
69b91039 3362 PCI_ADDRESS_SPACE_IO, ide_map);
5fafdf24 3363 pci_register_io_region((PCIDevice *)d, 1, 0x4,
69b91039 3364 PCI_ADDRESS_SPACE_IO, ide_map);
5fafdf24 3365 pci_register_io_region((PCIDevice *)d, 2, 0x8,
69b91039 3366 PCI_ADDRESS_SPACE_IO, ide_map);
5fafdf24 3367 pci_register_io_region((PCIDevice *)d, 3, 0x4,
69b91039 3368 PCI_ADDRESS_SPACE_IO, ide_map);
5fafdf24 3369 pci_register_io_region((PCIDevice *)d, 4, 0x10,
98087450 3370 PCI_ADDRESS_SPACE_IO, bmdma_map);
69b91039 3371
34e538ae 3372 pci_conf[0x3d] = 0x01; // interrupt on pin 1
3b46e624 3373
34e538ae
FB		 3374 for(i = 0; i < 4; i++)
3375 d->ide_if[i].pci_dev = (PCIDevice *)d;
d537cf6c
PB		 3376
3377 irq = qemu_allocate_irqs(cmd646_set_irq, d, 2);
3378 ide_init2(&d->ide_if[0], hd_table[0], hd_table[1], irq[0]);
3379 ide_init2(&d->ide_if[2], hd_table[2], hd_table[3], irq[1]);
6e6b7363 3380
428c5705 3381 register_savevm("ide", 0, 2, pci_ide_save, pci_ide_load, d);
6e6b7363
BS		 3382 qemu_register_reset(cmd646_reset, d);
3383 cmd646_reset(d);
34e538ae
FB		 3384}
3385
72c7b06c 3386static void piix3_reset(void *opaque)
e6a71ae3 3387{
72c7b06c 3388 PCIIDEState *d = opaque;
e6a71ae3 3389 uint8_t *pci_conf = d->dev.config;
72c7b06c
AL		 3390 int i;
3391
3392 for (i = 0; i < 2; i++)
3393 ide_dma_cancel(&d->bmdma[i]);
e6a71ae3
TS		 3394
3395 pci_conf[0x04] = 0x00;
3396 pci_conf[0x05] = 0x00;
3397 pci_conf[0x06] = 0x80; /* FBC */
3398 pci_conf[0x07] = 0x02; // PCI_status_devsel_medium
3399 pci_conf[0x20] = 0x01; /* BMIBA: 20-23h */
3400}
3401
34e538ae
FB		 3402/* hd_table must contain 4 block drivers */
3403/* NOTE: for the PIIX3, the IRQs and IOports are hardcoded */
d537cf6c
PB		 3404void pci_piix3_ide_init(PCIBus *bus, BlockDriverState **hd_table, int devfn,
3405 qemu_irq *pic)
34e538ae
FB		 3406{
3407 PCIIDEState *d;
3408 uint8_t *pci_conf;
3b46e624 3409
34e538ae 3410 /* register a function 1 of PIIX3 */
5fafdf24 3411 d = (PCIIDEState *)pci_register_device(bus, "PIIX3 IDE",
46e50e9d 3412 sizeof(PCIIDEState),
502a5395 3413 devfn,
34e538ae 3414 NULL, NULL);
5457c8ce
FB		 3415 d->type = IDE_TYPE_PIIX3;
3416
34e538ae 3417 pci_conf = d->dev.config;
deb54399
AL		 3418 pci_config_set_vendor_id(pci_conf, PCI_VENDOR_ID_INTEL);
3419 pci_config_set_device_id(pci_conf, PCI_DEVICE_ID_INTEL_82371SB_1);
92510b8c 3420 pci_conf[0x09] = 0x80; // legacy ATA mode
34e538ae
FB		 3421 pci_conf[0x0a] = 0x01; // class_sub = PCI_IDE
3422 pci_conf[0x0b] = 0x01; // class_base = PCI_mass_storage
3423 pci_conf[0x0e] = 0x00; // header_type
3424
72c7b06c 3425 qemu_register_reset(piix3_reset, d);
e6a71ae3
TS		 3426 piix3_reset(d);
3427
5fafdf24 3428 pci_register_io_region((PCIDevice *)d, 4, 0x10,
98087450 3429 PCI_ADDRESS_SPACE_IO, bmdma_map);
34e538ae 3430
d537cf6c
PB		 3431 ide_init2(&d->ide_if[0], hd_table[0], hd_table[1], pic[14]);
3432 ide_init2(&d->ide_if[2], hd_table[2], hd_table[3], pic[15]);
34e538ae
FB		 3433 ide_init_ioport(&d->ide_if[0], 0x1f0, 0x3f6);
3434 ide_init_ioport(&d->ide_if[2], 0x170, 0x376);
c3d78997 3435
428c5705 3436 register_savevm("ide", 0, 2, pci_ide_save, pci_ide_load, d);
69b91039 3437}
1ade1de2 3438
afcc3cdf
TS		 3439/* hd_table must contain 4 block drivers */
3440/* NOTE: for the PIIX4, the IRQs and IOports are hardcoded */
3441void pci_piix4_ide_init(PCIBus *bus, BlockDriverState **hd_table, int devfn,
3442 qemu_irq *pic)
3443{
3444 PCIIDEState *d;
3445 uint8_t *pci_conf;
3446
3447 /* register a function 1 of PIIX4 */
3448 d = (PCIIDEState *)pci_register_device(bus, "PIIX4 IDE",
3449 sizeof(PCIIDEState),
3450 devfn,
3451 NULL, NULL);
3452 d->type = IDE_TYPE_PIIX4;
3453
3454 pci_conf = d->dev.config;
deb54399
AL		 3455 pci_config_set_vendor_id(pci_conf, PCI_VENDOR_ID_INTEL);
3456 pci_config_set_device_id(pci_conf, PCI_DEVICE_ID_INTEL_82371AB);
afcc3cdf
TS		 3457 pci_conf[0x09] = 0x80; // legacy ATA mode
3458 pci_conf[0x0a] = 0x01; // class_sub = PCI_IDE
3459 pci_conf[0x0b] = 0x01; // class_base = PCI_mass_storage
3460 pci_conf[0x0e] = 0x00; // header_type
3461
72c7b06c 3462 qemu_register_reset(piix3_reset, d);
afcc3cdf
TS		 3463 piix3_reset(d);
3464
3465 pci_register_io_region((PCIDevice *)d, 4, 0x10,
3466 PCI_ADDRESS_SPACE_IO, bmdma_map);
3467
3468 ide_init2(&d->ide_if[0], hd_table[0], hd_table[1], pic[14]);
3469 ide_init2(&d->ide_if[2], hd_table[2], hd_table[3], pic[15]);
3470 ide_init_ioport(&d->ide_if[0], 0x1f0, 0x3f6);
3471 ide_init_ioport(&d->ide_if[2], 0x170, 0x376);
3472
428c5705 3473 register_savevm("ide", 0, 2, pci_ide_save, pci_ide_load, d);
afcc3cdf
TS		 3474}
3475
1ade1de2
FB		 3476/***********************************************************/
3477/* MacIO based PowerPC IDE */
3478
3479/* PowerMac IDE memory IO */
3480static void pmac_ide_writeb (void *opaque,
3481 target_phys_addr_t addr, uint32_t val)
3482{
5fafdf24 3483 addr = (addr & 0xFFF) >> 4;
1ade1de2
FB		 3484 switch (addr) {
3485 case 1 ... 7:
3486 ide_ioport_write(opaque, addr, val);
3487 break;
3488 case 8:
3489 case 22:
3490 ide_cmd_write(opaque, 0, val);
3491 break;
3492 default:
3493 break;
3494 }
3495}
3496
3497static uint32_t pmac_ide_readb (void *opaque,target_phys_addr_t addr)
3498{
3499 uint8_t retval;
3500
3501 addr = (addr & 0xFFF) >> 4;
3502 switch (addr) {
3503 case 1 ... 7:
3504 retval = ide_ioport_read(opaque, addr);
3505 break;
3506 case 8:
3507 case 22:
3508 retval = ide_status_read(opaque, 0);
3509 break;
3510 default:
3511 retval = 0xFF;
3512 break;
3513 }
3514 return retval;
3515}
3516
3517static void pmac_ide_writew (void *opaque,
3518 target_phys_addr_t addr, uint32_t val)
3519{
5fafdf24 3520 addr = (addr & 0xFFF) >> 4;
1ade1de2
FB		 3521#ifdef TARGET_WORDS_BIGENDIAN
3522 val = bswap16(val);
3523#endif
3524 if (addr == 0) {
3525 ide_data_writew(opaque, 0, val);
3526 }
3527}
3528
3529static uint32_t pmac_ide_readw (void *opaque,target_phys_addr_t addr)
3530{
3531 uint16_t retval;
3532
5fafdf24 3533 addr = (addr & 0xFFF) >> 4;
1ade1de2
FB		 3534 if (addr == 0) {
3535 retval = ide_data_readw(opaque, 0);
3536 } else {
3537 retval = 0xFFFF;
3538 }
3539#ifdef TARGET_WORDS_BIGENDIAN
3540 retval = bswap16(retval);
3541#endif
3542 return retval;
3543}
3544
3545static void pmac_ide_writel (void *opaque,
3546 target_phys_addr_t addr, uint32_t val)
3547{
5fafdf24 3548 addr = (addr & 0xFFF) >> 4;
1ade1de2
FB		 3549#ifdef TARGET_WORDS_BIGENDIAN
3550 val = bswap32(val);
3551#endif
3552 if (addr == 0) {
3553 ide_data_writel(opaque, 0, val);
3554 }
3555}
3556
3557static uint32_t pmac_ide_readl (void *opaque,target_phys_addr_t addr)
3558{
3559 uint32_t retval;
3560
5fafdf24 3561 addr = (addr & 0xFFF) >> 4;
1ade1de2
FB		 3562 if (addr == 0) {
3563 retval = ide_data_readl(opaque, 0);
3564 } else {
3565 retval = 0xFFFFFFFF;
3566 }
3567#ifdef TARGET_WORDS_BIGENDIAN
3568 retval = bswap32(retval);
3569#endif
3570 return retval;
3571}
3572
3573static CPUWriteMemoryFunc *pmac_ide_write[] = {
3574 pmac_ide_writeb,
3575 pmac_ide_writew,
3576 pmac_ide_writel,
3577};
3578
3579static CPUReadMemoryFunc *pmac_ide_read[] = {
3580 pmac_ide_readb,
3581 pmac_ide_readw,
3582 pmac_ide_readl,
3583};
3584
9b64997f
BS		 3585static void pmac_ide_save(QEMUFile *f, void *opaque)
3586{
3587 IDEState *s = (IDEState *)opaque;
3588 uint8_t drive1_selected;
3589 unsigned int i;
3590
3591 /* per IDE interface data */
3592 qemu_put_8s(f, &s->cmd);
3593 drive1_selected = (s->cur_drive != s);
3594 qemu_put_8s(f, &drive1_selected);
3595
3596 /* per IDE drive data */
3597 for(i = 0; i < 2; i++) {
3598 ide_save(f, &s[i]);
3599 }
3600}
3601
3602static int pmac_ide_load(QEMUFile *f, void *opaque, int version_id)
3603{
3604 IDEState *s = (IDEState *)opaque;
3605 uint8_t drive1_selected;
3606 unsigned int i;
3607
3608 if (version_id != 1)
3609 return -EINVAL;
3610
3611 /* per IDE interface data */
3612 qemu_get_8s(f, &s->cmd);
3613 qemu_get_8s(f, &drive1_selected);
3614 s->cur_drive = &s[(drive1_selected != 0)];
3615
3616 /* per IDE drive data */
3617 for(i = 0; i < 2; i++) {
3618 ide_load(f, &s[i]);
3619 }
3620 return 0;
3621}
3622
6e6b7363
BS		 3623static void pmac_ide_reset(void *opaque)
3624{
3625 IDEState *s = (IDEState *)opaque;
3626
3627 ide_reset(&s[0]);
3628 ide_reset(&s[1]);
3629}
3630
1ade1de2
FB		 3631/* hd_table must contain 4 block drivers */
3632/* PowerMac uses memory mapped registers, not I/O. Return the memory
3633 I/O index to access the ide. */
d537cf6c 3634int pmac_ide_init (BlockDriverState **hd_table, qemu_irq irq)
1ade1de2
FB		 3635{
3636 IDEState *ide_if;
3637 int pmac_ide_memory;
3638
3639 ide_if = qemu_mallocz(sizeof(IDEState) * 2);
d537cf6c 3640 ide_init2(&ide_if[0], hd_table[0], hd_table[1], irq);
3b46e624 3641
1ade1de2
FB		 3642 pmac_ide_memory = cpu_register_io_memory(0, pmac_ide_read,
3643 pmac_ide_write, &ide_if[0]);
9b64997f 3644 register_savevm("ide", 0, 1, pmac_ide_save, pmac_ide_load, &ide_if[0]);
6e6b7363
BS		 3645 qemu_register_reset(pmac_ide_reset, &ide_if[0]);
3646 pmac_ide_reset(&ide_if[0]);
1ade1de2
FB		 3647 return pmac_ide_memory;
3648}
201a51fc 3649
a4a771c0
AZ		 3650/***********************************************************/
3651/* MMIO based ide port
3652 * This emulates IDE device connected directly to the CPU bus without
3653 * dedicated ide controller, which is often seen on embedded boards.
3654 */
3655
3656typedef struct {
3657 void *dev;
3658 int shift;
3659} MMIOState;
3660
3661static uint32_t mmio_ide_read (void *opaque, target_phys_addr_t addr)
3662{
3663 MMIOState *s = (MMIOState*)opaque;
3664 IDEState *ide = (IDEState*)s->dev;
3665 addr >>= s->shift;
3666 if (addr & 7)
3667 return ide_ioport_read(ide, addr);
3668 else
3669 return ide_data_readw(ide, 0);
3670}
3671
3672static void mmio_ide_write (void *opaque, target_phys_addr_t addr,
3673 uint32_t val)
3674{
3675 MMIOState *s = (MMIOState*)opaque;
3676 IDEState *ide = (IDEState*)s->dev;
3677 addr >>= s->shift;
3678 if (addr & 7)
3679 ide_ioport_write(ide, addr, val);
3680 else
3681 ide_data_writew(ide, 0, val);
3682}
3683
3684static CPUReadMemoryFunc *mmio_ide_reads[] = {
3685 mmio_ide_read,
3686 mmio_ide_read,
3687 mmio_ide_read,
3688};
3689
3690static CPUWriteMemoryFunc *mmio_ide_writes[] = {
3691 mmio_ide_write,
3692 mmio_ide_write,
3693 mmio_ide_write,
3694};
3695
3696static uint32_t mmio_ide_status_read (void *opaque, target_phys_addr_t addr)
3697{
3698 MMIOState *s= (MMIOState*)opaque;
3699 IDEState *ide = (IDEState*)s->dev;
3700 return ide_status_read(ide, 0);
3701}
3702
3703static void mmio_ide_cmd_write (void *opaque, target_phys_addr_t addr,
3704 uint32_t val)
3705{
3706 MMIOState *s = (MMIOState*)opaque;
3707 IDEState *ide = (IDEState*)s->dev;
3708 ide_cmd_write(ide, 0, val);
3709}
3710
3711static CPUReadMemoryFunc *mmio_ide_status[] = {
3712 mmio_ide_status_read,
3713 mmio_ide_status_read,
3714 mmio_ide_status_read,
3715};
3716
3717static CPUWriteMemoryFunc *mmio_ide_cmd[] = {
3718 mmio_ide_cmd_write,
3719 mmio_ide_cmd_write,
3720 mmio_ide_cmd_write,
3721};
3722
3723void mmio_ide_init (target_phys_addr_t membase, target_phys_addr_t membase2,
3724 qemu_irq irq, int shift,
3725 BlockDriverState *hd0, BlockDriverState *hd1)
3726{
3727 MMIOState *s = qemu_mallocz(sizeof(MMIOState));
3728 IDEState *ide = qemu_mallocz(sizeof(IDEState) * 2);
3729 int mem1, mem2;
3730
3731 ide_init2(ide, hd0, hd1, irq);
3732
3733 s->dev = ide;
3734 s->shift = shift;
3735
3736 mem1 = cpu_register_io_memory(0, mmio_ide_reads, mmio_ide_writes, s);
3737 mem2 = cpu_register_io_memory(0, mmio_ide_status, mmio_ide_cmd, s);
3738 cpu_register_physical_memory(membase, 16 << shift, mem1);
3739 cpu_register_physical_memory(membase2, 2 << shift, mem2);
3740}
3741
201a51fc
AZ		 3742/***********************************************************/
3743/* CF-ATA Microdrive */
3744
3745#define METADATA_SIZE 0x20
3746
3747/* DSCM-1XXXX Microdrive hard disk with CF+ II / PCMCIA interface. */
3748struct md_s {
3749 IDEState ide[2];
3750 struct pcmcia_card_s card;
3751 uint32_t attr_base;
3752 uint32_t io_base;
3753
3754 /* Card state */
3755 uint8_t opt;
3756 uint8_t stat;
3757 uint8_t pins;
3758
3759 uint8_t ctrl;
3760 uint16_t io;
3761 int cycle;
3762};
3763
3764/* Register bitfields */
3765enum md_opt {
3766 OPT_MODE_MMAP = 0,
3767 OPT_MODE_IOMAP16 = 1,
3768 OPT_MODE_IOMAP1 = 2,
3769 OPT_MODE_IOMAP2 = 3,
3770 OPT_MODE = 0x3f,
3771 OPT_LEVIREQ = 0x40,
3772 OPT_SRESET = 0x80,
3773};
3774enum md_cstat {
3775 STAT_INT = 0x02,
3776 STAT_PWRDWN = 0x04,
3777 STAT_XE = 0x10,
3778 STAT_IOIS8 = 0x20,
3779 STAT_SIGCHG = 0x40,
3780 STAT_CHANGED = 0x80,
3781};
3782enum md_pins {
3783 PINS_MRDY = 0x02,
3784 PINS_CRDY = 0x20,
3785};
3786enum md_ctrl {
3787 CTRL_IEN = 0x02,
3788 CTRL_SRST = 0x04,
3789};
3790
3791static inline void md_interrupt_update(struct md_s *s)
3792{
3793 if (!s->card.slot)
3794 return;
3795
3796 qemu_set_irq(s->card.slot->irq,
3797 !(s->stat & STAT_INT) && /* Inverted */
3798 !(s->ctrl & (CTRL_IEN | CTRL_SRST)) &&
3799 !(s->opt & OPT_SRESET));
3800}
3801
3802static void md_set_irq(void *opaque, int irq, int level)
3803{
3804 struct md_s *s = (struct md_s *) opaque;
3805 if (level)
3806 s->stat |= STAT_INT;
3807 else
3808 s->stat &= ~STAT_INT;
3809
3810 md_interrupt_update(s);
3811}
3812
3813static void md_reset(struct md_s *s)
3814{
3815 s->opt = OPT_MODE_MMAP;
3816 s->stat = 0;
3817 s->pins = 0;
3818 s->cycle = 0;
3819 s->ctrl = 0;
3820 ide_reset(s->ide);
3821}
3822
9e315fa9 3823static uint8_t md_attr_read(void *opaque, uint32_t at)
201a51fc
AZ		 3824{
3825 struct md_s *s = (struct md_s *) opaque;
3826 if (at < s->attr_base) {
3827 if (at < s->card.cis_len)
3828 return s->card.cis[at];
3829 else
3830 return 0x00;
3831 }
3832
3833 at -= s->attr_base;
3834
3835 switch (at) {
3836 case 0x00: /* Configuration Option Register */
3837 return s->opt;
3838 case 0x02: /* Card Configuration Status Register */
3839 if (s->ctrl & CTRL_IEN)
3840 return s->stat & ~STAT_INT;
3841 else
3842 return s->stat;
3843 case 0x04: /* Pin Replacement Register */
3844 return (s->pins & PINS_CRDY) | 0x0c;
3845 case 0x06: /* Socket and Copy Register */
3846 return 0x00;
3847#ifdef VERBOSE
3848 default:
3849 printf("%s: Bad attribute space register %02x\n", __FUNCTION__, at);
3850#endif
3851 }
3852
3853 return 0;
3854}
3855
9e315fa9 3856static void md_attr_write(void *opaque, uint32_t at, uint8_t value)
201a51fc
AZ		 3857{
3858 struct md_s *s = (struct md_s *) opaque;
3859 at -= s->attr_base;
3860
3861 switch (at) {
3862 case 0x00: /* Configuration Option Register */
3863 s->opt = value & 0xcf;
3864 if (value & OPT_SRESET)
3865 md_reset(s);
3866 md_interrupt_update(s);
3867 break;
3868 case 0x02: /* Card Configuration Status Register */
3869 if ((s->stat ^ value) & STAT_PWRDWN)
3870 s->pins |= PINS_CRDY;
3871 s->stat &= 0x82;
3872 s->stat |= value & 0x74;
3873 md_interrupt_update(s);
3874 /* Word 170 in Identify Device must be equal to STAT_XE */
3875 break;
3876 case 0x04: /* Pin Replacement Register */
3877 s->pins &= PINS_CRDY;
3878 s->pins |= value & PINS_MRDY;
3879 break;
3880 case 0x06: /* Socket and Copy Register */
3881 break;
3882 default:
3883 printf("%s: Bad attribute space register %02x\n", __FUNCTION__, at);
3884 }
3885}
3886
9e315fa9 3887static uint16_t md_common_read(void *opaque, uint32_t at)
201a51fc
AZ		 3888{
3889 struct md_s *s = (struct md_s *) opaque;
3890 uint16_t ret;
3891 at -= s->io_base;
3892
3893 switch (s->opt & OPT_MODE) {
3894 case OPT_MODE_MMAP:
3895 if ((at & ~0x3ff) == 0x400)
3896 at = 0;
3897 break;
3898 case OPT_MODE_IOMAP16:
3899 at &= 0xf;
3900 break;
3901 case OPT_MODE_IOMAP1:
3902 if ((at & ~0xf) == 0x3f0)
3903 at -= 0x3e8;
3904 else if ((at & ~0xf) == 0x1f0)
3905 at -= 0x1f0;
3906 break;
3907 case OPT_MODE_IOMAP2:
3908 if ((at & ~0xf) == 0x370)
3909 at -= 0x368;
3910 else if ((at & ~0xf) == 0x170)
3911 at -= 0x170;
3912 }
3913
3914 switch (at) {
3915 case 0x0: /* Even RD Data */
3916 case 0x8:
3917 return ide_data_readw(s->ide, 0);
3918
3919 /* TODO: 8-bit accesses */
3920 if (s->cycle)
3921 ret = s->io >> 8;
3922 else {
3923 s->io = ide_data_readw(s->ide, 0);
3924 ret = s->io & 0xff;
3925 }
3926 s->cycle = !s->cycle;
3927 return ret;
3928 case 0x9: /* Odd RD Data */
3929 return s->io >> 8;
3930 case 0xd: /* Error */
3931 return ide_ioport_read(s->ide, 0x1);
3932 case 0xe: /* Alternate Status */
3933 if (s->ide->cur_drive->bs)
3934 return s->ide->cur_drive->status;
3935 else
3936 return 0;
3937 case 0xf: /* Device Address */
3938 return 0xc2 | ((~s->ide->select << 2) & 0x3c);
3939 default:
3940 return ide_ioport_read(s->ide, at);
3941 }
3942
3943 return 0;
3944}
3945
9e315fa9 3946static void md_common_write(void *opaque, uint32_t at, uint16_t value)
201a51fc
AZ		 3947{
3948 struct md_s *s = (struct md_s *) opaque;
3949 at -= s->io_base;
3950
3951 switch (s->opt & OPT_MODE) {
3952 case OPT_MODE_MMAP:
3953 if ((at & ~0x3ff) == 0x400)
3954 at = 0;
3955 break;
3956 case OPT_MODE_IOMAP16:
3957 at &= 0xf;
3958 break;
3959 case OPT_MODE_IOMAP1:
3960 if ((at & ~0xf) == 0x3f0)
3961 at -= 0x3e8;
3962 else if ((at & ~0xf) == 0x1f0)
3963 at -= 0x1f0;
3964 break;
3965 case OPT_MODE_IOMAP2:
3966 if ((at & ~0xf) == 0x370)
3967 at -= 0x368;
3968 else if ((at & ~0xf) == 0x170)
3969 at -= 0x170;
3970 }
3971
3972 switch (at) {
3973 case 0x0: /* Even WR Data */
3974 case 0x8:
3975 ide_data_writew(s->ide, 0, value);
3976 break;
3977
3978 /* TODO: 8-bit accesses */
3979 if (s->cycle)
3980 ide_data_writew(s->ide, 0, s->io | (value << 8));
3981 else
3982 s->io = value & 0xff;
3983 s->cycle = !s->cycle;
3984 break;
3985 case 0x9:
3986 s->io = value & 0xff;
3987 s->cycle = !s->cycle;
3988 break;
3989 case 0xd: /* Features */
3990 ide_ioport_write(s->ide, 0x1, value);
3991 break;
3992 case 0xe: /* Device Control */
3993 s->ctrl = value;
3994 if (value & CTRL_SRST)
3995 md_reset(s);
3996 md_interrupt_update(s);
3997 break;
3998 default:
3999 if (s->stat & STAT_PWRDWN) {
4000 s->pins |= PINS_CRDY;
4001 s->stat &= ~STAT_PWRDWN;
4002 }
4003 ide_ioport_write(s->ide, at, value);
4004 }
4005}
4006
aa941b94
AZ		 4007static void md_save(QEMUFile *f, void *opaque)
4008{
4009 struct md_s *s = (struct md_s *) opaque;
4010 int i;
4011 uint8_t drive1_selected;
4012
4013 qemu_put_8s(f, &s->opt);
4014 qemu_put_8s(f, &s->stat);
4015 qemu_put_8s(f, &s->pins);
4016
4017 qemu_put_8s(f, &s->ctrl);
4018 qemu_put_be16s(f, &s->io);
4019 qemu_put_byte(f, s->cycle);
4020
4021 drive1_selected = (s->ide->cur_drive != s->ide);
4022 qemu_put_8s(f, &s->ide->cmd);
4023 qemu_put_8s(f, &drive1_selected);
4024
4025 for (i = 0; i < 2; i ++)
4026 ide_save(f, &s->ide[i]);
4027}
4028
4029static int md_load(QEMUFile *f, void *opaque, int version_id)
4030{
4031 struct md_s *s = (struct md_s *) opaque;
4032 int i;
4033 uint8_t drive1_selected;
4034
4035 qemu_get_8s(f, &s->opt);
4036 qemu_get_8s(f, &s->stat);
4037 qemu_get_8s(f, &s->pins);
4038
4039 qemu_get_8s(f, &s->ctrl);
4040 qemu_get_be16s(f, &s->io);
4041 s->cycle = qemu_get_byte(f);
4042
4043 qemu_get_8s(f, &s->ide->cmd);
4044 qemu_get_8s(f, &drive1_selected);
4045 s->ide->cur_drive = &s->ide[(drive1_selected != 0)];
4046
4047 for (i = 0; i < 2; i ++)
4048 ide_load(f, &s->ide[i]);
4049
4050 return 0;
4051}
4052
201a51fc
AZ		 4053static const uint8_t dscm1xxxx_cis[0x14a] = {
4054 [0x000] = CISTPL_DEVICE, /* 5V Device Information */
4055 [0x002] = 0x03, /* Tuple length = 4 bytes */
4056 [0x004] = 0xdb, /* ID: DTYPE_FUNCSPEC, non WP, DSPEED_150NS */
4057 [0x006] = 0x01, /* Size = 2K bytes */
4058 [0x008] = CISTPL_ENDMARK,
4059
4060 [0x00a] = CISTPL_DEVICE_OC, /* Additional Device Information */
4061 [0x00c] = 0x04, /* Tuple length = 4 byest */
4062 [0x00e] = 0x03, /* Conditions: Ext = 0, Vcc 3.3V, MWAIT = 1 */
4063 [0x010] = 0xdb, /* ID: DTYPE_FUNCSPEC, non WP, DSPEED_150NS */
4064 [0x012] = 0x01, /* Size = 2K bytes */
4065 [0x014] = CISTPL_ENDMARK,
4066
4067 [0x016] = CISTPL_JEDEC_C, /* JEDEC ID */
4068 [0x018] = 0x02, /* Tuple length = 2 bytes */
4069 [0x01a] = 0xdf, /* PC Card ATA with no Vpp required */
4070 [0x01c] = 0x01,
4071
4072 [0x01e] = CISTPL_MANFID, /* Manufacture ID */
4073 [0x020] = 0x04, /* Tuple length = 4 bytes */
4074 [0x022] = 0xa4, /* TPLMID_MANF = 00a4 (IBM) */
4075 [0x024] = 0x00,
4076 [0x026] = 0x00, /* PLMID_CARD = 0000 */
4077 [0x028] = 0x00,
4078
4079 [0x02a] = CISTPL_VERS_1, /* Level 1 Version */
4080 [0x02c] = 0x12, /* Tuple length = 23 bytes */
4081 [0x02e] = 0x04, /* Major Version = JEIDA 4.2 / PCMCIA 2.1 */
4082 [0x030] = 0x01, /* Minor Version = 1 */
4083 [0x032] = 'I',
4084 [0x034] = 'B',
4085 [0x036] = 'M',
4086 [0x038] = 0x00,
4087 [0x03a] = 'm',
4088 [0x03c] = 'i',
4089 [0x03e] = 'c',
4090 [0x040] = 'r',
4091 [0x042] = 'o',
4092 [0x044] = 'd',
4093 [0x046] = 'r',
4094 [0x048] = 'i',
4095 [0x04a] = 'v',
4096 [0x04c] = 'e',
4097 [0x04e] = 0x00,
4098 [0x050] = CISTPL_ENDMARK,
4099
4100 [0x052] = CISTPL_FUNCID, /* Function ID */
4101 [0x054] = 0x02, /* Tuple length = 2 bytes */
4102 [0x056] = 0x04, /* TPLFID_FUNCTION = Fixed Disk */
4103 [0x058] = 0x01, /* TPLFID_SYSINIT: POST = 1, ROM = 0 */
4104
4105 [0x05a] = CISTPL_FUNCE, /* Function Extension */
4106 [0x05c] = 0x02, /* Tuple length = 2 bytes */
4107 [0x05e] = 0x01, /* TPLFE_TYPE = Disk Device Interface */
4108 [0x060] = 0x01, /* TPLFE_DATA = PC Card ATA Interface */
4109
4110 [0x062] = CISTPL_FUNCE, /* Function Extension */
4111 [0x064] = 0x03, /* Tuple length = 3 bytes */
4112 [0x066] = 0x02, /* TPLFE_TYPE = Basic PC Card ATA Interface */
4113 [0x068] = 0x08, /* TPLFE_DATA: Rotating, Unique, Single */
4114 [0x06a] = 0x0f, /* TPLFE_DATA: Sleep, Standby, Idle, Auto */
4115
4116 [0x06c] = CISTPL_CONFIG, /* Configuration */
4117 [0x06e] = 0x05, /* Tuple length = 5 bytes */
4118 [0x070] = 0x01, /* TPCC_RASZ = 2 bytes, TPCC_RMSZ = 1 byte */
4119 [0x072] = 0x07, /* TPCC_LAST = 7 */
4120 [0x074] = 0x00, /* TPCC_RADR = 0200 */
4121 [0x076] = 0x02,
4122 [0x078] = 0x0f, /* TPCC_RMSK = 200, 202, 204, 206 */
4123
4124 [0x07a] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
4125 [0x07c] = 0x0b, /* Tuple length = 11 bytes */
4126 [0x07e] = 0xc0, /* TPCE_INDX = Memory Mode, Default, Iface */
4127 [0x080] = 0xc0, /* TPCE_IF = Memory, no BVDs, no WP, READY */
4128 [0x082] = 0xa1, /* TPCE_FS = Vcc only, no I/O, Memory, Misc */
4129 [0x084] = 0x27, /* NomV = 1, MinV = 1, MaxV = 1, Peakl = 1 */
4130 [0x086] = 0x55, /* NomV: 5.0 V */
4131 [0x088] = 0x4d, /* MinV: 4.5 V */
4132 [0x08a] = 0x5d, /* MaxV: 5.5 V */
4133 [0x08c] = 0x4e, /* Peakl: 450 mA */
4134 [0x08e] = 0x08, /* TPCE_MS = 1 window, 1 byte, Host address */
4135 [0x090] = 0x00, /* Window descriptor: Window length = 0 */
4136 [0x092] = 0x20, /* TPCE_MI: support power down mode, RW */
4137
4138 [0x094] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
4139 [0x096] = 0x06, /* Tuple length = 6 bytes */
4140 [0x098] = 0x00, /* TPCE_INDX = Memory Mode, no Default */
4141 [0x09a] = 0x01, /* TPCE_FS = Vcc only, no I/O, no Memory */
4142 [0x09c] = 0x21, /* NomV = 1, MinV = 0, MaxV = 0, Peakl = 1 */
4143 [0x09e] = 0xb5, /* NomV: 3.3 V */
4144 [0x0a0] = 0x1e,
4145 [0x0a2] = 0x3e, /* Peakl: 350 mA */
4146
4147 [0x0a4] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
4148 [0x0a6] = 0x0d, /* Tuple length = 13 bytes */
4149 [0x0a8] = 0xc1, /* TPCE_INDX = I/O and Memory Mode, Default */
4150 [0x0aa] = 0x41, /* TPCE_IF = I/O and Memory, no BVD, no WP */
4151 [0x0ac] = 0x99, /* TPCE_FS = Vcc only, I/O, Interrupt, Misc */
4152 [0x0ae] = 0x27, /* NomV = 1, MinV = 1, MaxV = 1, Peakl = 1 */
4153 [0x0b0] = 0x55, /* NomV: 5.0 V */
4154 [0x0b2] = 0x4d, /* MinV: 4.5 V */
4155 [0x0b4] = 0x5d, /* MaxV: 5.5 V */
4156 [0x0b6] = 0x4e, /* Peakl: 450 mA */
4157 [0x0b8] = 0x64, /* TPCE_IO = 16-byte boundary, 16/8 accesses */
4158 [0x0ba] = 0xf0, /* TPCE_IR = MASK, Level, Pulse, Share */
4159 [0x0bc] = 0xff, /* IRQ0..IRQ7 supported */
4160 [0x0be] = 0xff, /* IRQ8..IRQ15 supported */
4161 [0x0c0] = 0x20, /* TPCE_MI = support power down mode */
4162
4163 [0x0c2] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
4164 [0x0c4] = 0x06, /* Tuple length = 6 bytes */
4165 [0x0c6] = 0x01, /* TPCE_INDX = I/O and Memory Mode */
4166 [0x0c8] = 0x01, /* TPCE_FS = Vcc only, no I/O, no Memory */
4167 [0x0ca] = 0x21, /* NomV = 1, MinV = 0, MaxV = 0, Peakl = 1 */
4168 [0x0cc] = 0xb5, /* NomV: 3.3 V */
4169 [0x0ce] = 0x1e,
4170 [0x0d0] = 0x3e, /* Peakl: 350 mA */
4171
4172 [0x0d2] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
4173 [0x0d4] = 0x12, /* Tuple length = 18 bytes */
4174 [0x0d6] = 0xc2, /* TPCE_INDX = I/O Primary Mode */
4175 [0x0d8] = 0x41, /* TPCE_IF = I/O and Memory, no BVD, no WP */
4176 [0x0da] = 0x99, /* TPCE_FS = Vcc only, I/O, Interrupt, Misc */
4177 [0x0dc] = 0x27, /* NomV = 1, MinV = 1, MaxV = 1, Peakl = 1 */
4178 [0x0de] = 0x55, /* NomV: 5.0 V */
4179 [0x0e0] = 0x4d, /* MinV: 4.5 V */
4180 [0x0e2] = 0x5d, /* MaxV: 5.5 V */
4181 [0x0e4] = 0x4e, /* Peakl: 450 mA */
4182 [0x0e6] = 0xea, /* TPCE_IO = 1K boundary, 16/8 access, Range */
4183 [0x0e8] = 0x61, /* Range: 2 fields, 2 bytes addr, 1 byte len */
4184 [0x0ea] = 0xf0, /* Field 1 address = 0x01f0 */
4185 [0x0ec] = 0x01,
4186 [0x0ee] = 0x07, /* Address block length = 8 */
4187 [0x0f0] = 0xf6, /* Field 2 address = 0x03f6 */
4188 [0x0f2] = 0x03,
4189 [0x0f4] = 0x01, /* Address block length = 2 */
4190 [0x0f6] = 0xee, /* TPCE_IR = IRQ E, Level, Pulse, Share */
4191 [0x0f8] = 0x20, /* TPCE_MI = support power down mode */
4192
4193 [0x0fa] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
4194 [0x0fc] = 0x06, /* Tuple length = 6 bytes */
4195 [0x0fe] = 0x02, /* TPCE_INDX = I/O Primary Mode, no Default */
4196 [0x100] = 0x01, /* TPCE_FS = Vcc only, no I/O, no Memory */
4197 [0x102] = 0x21, /* NomV = 1, MinV = 0, MaxV = 0, Peakl = 1 */
4198 [0x104] = 0xb5, /* NomV: 3.3 V */
4199 [0x106] = 0x1e,
4200 [0x108] = 0x3e, /* Peakl: 350 mA */
4201
4202 [0x10a] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
4203 [0x10c] = 0x12, /* Tuple length = 18 bytes */
4204 [0x10e] = 0xc3, /* TPCE_INDX = I/O Secondary Mode, Default */
4205 [0x110] = 0x41, /* TPCE_IF = I/O and Memory, no BVD, no WP */
4206 [0x112] = 0x99, /* TPCE_FS = Vcc only, I/O, Interrupt, Misc */
4207 [0x114] = 0x27, /* NomV = 1, MinV = 1, MaxV = 1, Peakl = 1 */
4208 [0x116] = 0x55, /* NomV: 5.0 V */
4209 [0x118] = 0x4d, /* MinV: 4.5 V */
4210 [0x11a] = 0x5d, /* MaxV: 5.5 V */
4211 [0x11c] = 0x4e, /* Peakl: 450 mA */
4212 [0x11e] = 0xea, /* TPCE_IO = 1K boundary, 16/8 access, Range */
4213 [0x120] = 0x61, /* Range: 2 fields, 2 byte addr, 1 byte len */
4214 [0x122] = 0x70, /* Field 1 address = 0x0170 */
4215 [0x124] = 0x01,
4216 [0x126] = 0x07, /* Address block length = 8 */
4217 [0x128] = 0x76, /* Field 2 address = 0x0376 */
4218 [0x12a] = 0x03,
4219 [0x12c] = 0x01, /* Address block length = 2 */
4220 [0x12e] = 0xee, /* TPCE_IR = IRQ E, Level, Pulse, Share */
4221 [0x130] = 0x20, /* TPCE_MI = support power down mode */
4222
4223 [0x132] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
4224 [0x134] = 0x06, /* Tuple length = 6 bytes */
4225 [0x136] = 0x03, /* TPCE_INDX = I/O Secondary Mode */
4226 [0x138] = 0x01, /* TPCE_FS = Vcc only, no I/O, no Memory */
4227 [0x13a] = 0x21, /* NomV = 1, MinV = 0, MaxV = 0, Peakl = 1 */
4228 [0x13c] = 0xb5, /* NomV: 3.3 V */
4229 [0x13e] = 0x1e,
4230 [0x140] = 0x3e, /* Peakl: 350 mA */
4231
4232 [0x142] = CISTPL_NO_LINK, /* No Link */
4233 [0x144] = 0x00, /* Tuple length = 0 bytes */
4234
4235 [0x146] = CISTPL_END, /* Tuple End */
4236};
4237
4238static int dscm1xxxx_attach(void *opaque)
4239{
4240 struct md_s *md = (struct md_s *) opaque;
4241 md->card.attr_read = md_attr_read;
4242 md->card.attr_write = md_attr_write;
4243 md->card.common_read = md_common_read;
4244 md->card.common_write = md_common_write;
4245 md->card.io_read = md_common_read;
4246 md->card.io_write = md_common_write;
4247
4248 md->attr_base = md->card.cis[0x74] | (md->card.cis[0x76] << 8);
4249 md->io_base = 0x0;
4250
4251 md_reset(md);
4252 md_interrupt_update(md);
4253
4254 md->card.slot->card_string = "DSCM-1xxxx Hitachi Microdrive";
4255 return 0;
4256}
4257
4258static int dscm1xxxx_detach(void *opaque)
4259{
4260 struct md_s *md = (struct md_s *) opaque;
4261 md_reset(md);
4262 return 0;
4263}
4264
4265struct pcmcia_card_s *dscm1xxxx_init(BlockDriverState *bdrv)
4266{
4267 struct md_s *md = (struct md_s *) qemu_mallocz(sizeof(struct md_s));
4268 md->card.state = md;
4269 md->card.attach = dscm1xxxx_attach;
4270 md->card.detach = dscm1xxxx_detach;
4271 md->card.cis = dscm1xxxx_cis;
4272 md->card.cis_len = sizeof(dscm1xxxx_cis);
4273
4274 ide_init2(md->ide, bdrv, 0, qemu_allocate_irqs(md_set_irq, md, 1)[0]);
4275 md->ide->is_cf = 1;
4276 md->ide->mdata_size = METADATA_SIZE;
4277 md->ide->mdata_storage = (uint8_t *) qemu_mallocz(METADATA_SIZE);
aa941b94 4278
18be5187 4279 register_savevm("microdrive", -1, 0, md_save, md_load, md);
aa941b94 4280
201a51fc
AZ		 4281 return &md->card;
4282}
Empty description
This page took 0.805434 seconds and 4 git commands to generate.