2 * QEMU IDE disk and CD/DVD-ROM Emulator
4 * Copyright (c) 2003 Fabrice Bellard
5 * Copyright (c) 2006 Openedhand Ltd.
7 * Permission is hereby granted, free of charge, to any person obtaining a copy
8 * of this software and associated documentation files (the "Software"), to deal
9 * in the Software without restriction, including without limitation the rights
10 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
11 * copies of the Software, and to permit persons to whom the Software is
12 * furnished to do so, subject to the following conditions:
14 * The above copyright notice and this permission notice shall be included in
15 * all copies or substantial portions of the Software.
17 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
18 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
19 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
20 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
21 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
22 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
28 #include "scsi-disk.h"
31 #include "block_int.h"
32 #include "qemu-timer.h"
35 #include "mac_dbdma.h"
39 /* debug IDE devices */
41 //#define DEBUG_IDE_ATAPI
45 /* Bits of HD_STATUS */
47 #define INDEX_STAT 0x02
48 #define ECC_STAT 0x04 /* Corrected error */
50 #define SEEK_STAT 0x10
52 #define WRERR_STAT 0x20
53 #define READY_STAT 0x40
54 #define BUSY_STAT 0x80
56 /* Bits for HD_ERROR */
57 #define MARK_ERR 0x01 /* Bad address mark */
58 #define TRK0_ERR 0x02 /* couldn't find track 0 */
59 #define ABRT_ERR 0x04 /* Command aborted */
60 #define MCR_ERR 0x08 /* media change request */
61 #define ID_ERR 0x10 /* ID field not found */
62 #define MC_ERR 0x20 /* media changed */
63 #define ECC_ERR 0x40 /* Uncorrectable ECC error */
64 #define BBD_ERR 0x80 /* pre-EIDE meaning: block marked bad */
65 #define ICRC_ERR 0x80 /* new meaning: CRC error during transfer */
67 /* Bits of HD_NSECTOR */
73 #define IDE_CMD_RESET 0x04
74 #define IDE_CMD_DISABLE_IRQ 0x02
76 /* ATA/ATAPI Commands pre T13 Spec */
81 #define CFA_REQ_EXT_ERROR_CODE 0x03 /* CFA Request Extended Error Code */
85 #define WIN_SRST 0x08 /* ATAPI soft reset command */
86 #define WIN_DEVICE_RESET 0x08
90 #define WIN_RECAL 0x10
91 #define WIN_RESTORE WIN_RECAL
95 #define WIN_READ 0x20 /* 28-Bit */
96 #define WIN_READ_ONCE 0x21 /* 28-Bit without retries */
97 #define WIN_READ_LONG 0x22 /* 28-Bit */
98 #define WIN_READ_LONG_ONCE 0x23 /* 28-Bit without retries */
99 #define WIN_READ_EXT 0x24 /* 48-Bit */
100 #define WIN_READDMA_EXT 0x25 /* 48-Bit */
101 #define WIN_READDMA_QUEUED_EXT 0x26 /* 48-Bit */
102 #define WIN_READ_NATIVE_MAX_EXT 0x27 /* 48-Bit */
106 #define WIN_MULTREAD_EXT 0x29 /* 48-Bit */
108 * 0x2A->0x2F Reserved
110 #define WIN_WRITE 0x30 /* 28-Bit */
111 #define WIN_WRITE_ONCE 0x31 /* 28-Bit without retries */
112 #define WIN_WRITE_LONG 0x32 /* 28-Bit */
113 #define WIN_WRITE_LONG_ONCE 0x33 /* 28-Bit without retries */
114 #define WIN_WRITE_EXT 0x34 /* 48-Bit */
115 #define WIN_WRITEDMA_EXT 0x35 /* 48-Bit */
116 #define WIN_WRITEDMA_QUEUED_EXT 0x36 /* 48-Bit */
117 #define WIN_SET_MAX_EXT 0x37 /* 48-Bit */
118 #define CFA_WRITE_SECT_WO_ERASE 0x38 /* CFA Write Sectors without erase */
119 #define WIN_MULTWRITE_EXT 0x39 /* 48-Bit */
121 * 0x3A->0x3B Reserved
123 #define WIN_WRITE_VERIFY 0x3C /* 28-Bit */
125 * 0x3D->0x3F Reserved
127 #define WIN_VERIFY 0x40 /* 28-Bit - Read Verify Sectors */
128 #define WIN_VERIFY_ONCE 0x41 /* 28-Bit - without retries */
129 #define WIN_VERIFY_EXT 0x42 /* 48-Bit */
131 * 0x43->0x4F Reserved
133 #define WIN_FORMAT 0x50
135 * 0x51->0x5F Reserved
137 #define WIN_INIT 0x60
139 * 0x61->0x5F Reserved
141 #define WIN_SEEK 0x70 /* 0x70-0x7F Reserved */
142 #define CFA_TRANSLATE_SECTOR 0x87 /* CFA Translate Sector */
143 #define WIN_DIAGNOSE 0x90
144 #define WIN_SPECIFY 0x91 /* set drive geometry translation */
145 #define WIN_DOWNLOAD_MICROCODE 0x92
146 #define WIN_STANDBYNOW2 0x94
147 #define CFA_IDLEIMMEDIATE 0x95 /* force drive to become "ready" */
148 #define WIN_STANDBY2 0x96
149 #define WIN_SETIDLE2 0x97
150 #define WIN_CHECKPOWERMODE2 0x98
151 #define WIN_SLEEPNOW2 0x99
155 #define WIN_PACKETCMD 0xA0 /* Send a packet command. */
156 #define WIN_PIDENTIFY 0xA1 /* identify ATAPI device */
157 #define WIN_QUEUED_SERVICE 0xA2
158 #define WIN_SMART 0xB0 /* self-monitoring and reporting */
159 #define CFA_ACCESS_METADATA_STORAGE 0xB8
160 #define CFA_ERASE_SECTORS 0xC0 /* microdrives implement as NOP */
161 #define WIN_MULTREAD 0xC4 /* read sectors using multiple mode*/
162 #define WIN_MULTWRITE 0xC5 /* write sectors using multiple mode */
163 #define WIN_SETMULT 0xC6 /* enable/disable multiple mode */
164 #define WIN_READDMA_QUEUED 0xC7 /* read sectors using Queued DMA transfers */
165 #define WIN_READDMA 0xC8 /* read sectors using DMA transfers */
166 #define WIN_READDMA_ONCE 0xC9 /* 28-Bit - without retries */
167 #define WIN_WRITEDMA 0xCA /* write sectors using DMA transfers */
168 #define WIN_WRITEDMA_ONCE 0xCB /* 28-Bit - without retries */
169 #define WIN_WRITEDMA_QUEUED 0xCC /* write sectors using Queued DMA transfers */
170 #define CFA_WRITE_MULTI_WO_ERASE 0xCD /* CFA Write multiple without erase */
171 #define WIN_GETMEDIASTATUS 0xDA
172 #define WIN_ACKMEDIACHANGE 0xDB /* ATA-1, ATA-2 vendor */
173 #define WIN_POSTBOOT 0xDC
174 #define WIN_PREBOOT 0xDD
175 #define WIN_DOORLOCK 0xDE /* lock door on removable drives */
176 #define WIN_DOORUNLOCK 0xDF /* unlock door on removable drives */
177 #define WIN_STANDBYNOW1 0xE0
178 #define WIN_IDLEIMMEDIATE 0xE1 /* force drive to become "ready" */
179 #define WIN_STANDBY 0xE2 /* Set device in Standby Mode */
180 #define WIN_SETIDLE1 0xE3
181 #define WIN_READ_BUFFER 0xE4 /* force read only 1 sector */
182 #define WIN_CHECKPOWERMODE1 0xE5
183 #define WIN_SLEEPNOW1 0xE6
184 #define WIN_FLUSH_CACHE 0xE7
185 #define WIN_WRITE_BUFFER 0xE8 /* force write only 1 sector */
186 #define WIN_WRITE_SAME 0xE9 /* read ata-2 to use */
187 /* SET_FEATURES 0x22 or 0xDD */
188 #define WIN_FLUSH_CACHE_EXT 0xEA /* 48-Bit */
189 #define WIN_IDENTIFY 0xEC /* ask drive to identify itself */
190 #define WIN_MEDIAEJECT 0xED
191 #define WIN_IDENTIFY_DMA 0xEE /* same as WIN_IDENTIFY, but DMA */
192 #define WIN_SETFEATURES 0xEF /* set special drive features */
193 #define EXABYTE_ENABLE_NEST 0xF0
194 #define IBM_SENSE_CONDITION 0xF0 /* measure disk temperature */
195 #define WIN_SECURITY_SET_PASS 0xF1
196 #define WIN_SECURITY_UNLOCK 0xF2
197 #define WIN_SECURITY_ERASE_PREPARE 0xF3
198 #define WIN_SECURITY_ERASE_UNIT 0xF4
199 #define WIN_SECURITY_FREEZE_LOCK 0xF5
200 #define CFA_WEAR_LEVEL 0xF5 /* microdrives implement as NOP */
201 #define WIN_SECURITY_DISABLE 0xF6
202 #define WIN_READ_NATIVE_MAX 0xF8 /* return the native maximum address */
203 #define WIN_SET_MAX 0xF9
204 #define DISABLE_SEAGATE 0xFB
206 /* set to 1 set disable mult support */
207 #define MAX_MULT_SECTORS 16
209 #define IDE_DMA_BUF_SECTORS 256
211 #if (IDE_DMA_BUF_SECTORS < MAX_MULT_SECTORS)
212 #error "IDE_DMA_BUF_SECTORS must be bigger or equal to MAX_MULT_SECTORS"
217 #define ATAPI_PACKET_SIZE 12
219 /* The generic packet command opcodes for CD/DVD Logical Units,
220 * From Table 57 of the SFF8090 Ver. 3 (Mt. Fuji) draft standard. */
221 #define GPCMD_BLANK 0xa1
222 #define GPCMD_CLOSE_TRACK 0x5b
223 #define GPCMD_FLUSH_CACHE 0x35
224 #define GPCMD_FORMAT_UNIT 0x04
225 #define GPCMD_GET_CONFIGURATION 0x46
226 #define GPCMD_GET_EVENT_STATUS_NOTIFICATION 0x4a
227 #define GPCMD_GET_PERFORMANCE 0xac
228 #define GPCMD_INQUIRY 0x12
229 #define GPCMD_LOAD_UNLOAD 0xa6
230 #define GPCMD_MECHANISM_STATUS 0xbd
231 #define GPCMD_MODE_SELECT_10 0x55
232 #define GPCMD_MODE_SENSE_10 0x5a
233 #define GPCMD_PAUSE_RESUME 0x4b
234 #define GPCMD_PLAY_AUDIO_10 0x45
235 #define GPCMD_PLAY_AUDIO_MSF 0x47
236 #define GPCMD_PLAY_AUDIO_TI 0x48
237 #define GPCMD_PLAY_CD 0xbc
238 #define GPCMD_PREVENT_ALLOW_MEDIUM_REMOVAL 0x1e
239 #define GPCMD_READ_10 0x28
240 #define GPCMD_READ_12 0xa8
241 #define GPCMD_READ_CDVD_CAPACITY 0x25
242 #define GPCMD_READ_CD 0xbe
243 #define GPCMD_READ_CD_MSF 0xb9
244 #define GPCMD_READ_DISC_INFO 0x51
245 #define GPCMD_READ_DVD_STRUCTURE 0xad
246 #define GPCMD_READ_FORMAT_CAPACITIES 0x23
247 #define GPCMD_READ_HEADER 0x44
248 #define GPCMD_READ_TRACK_RZONE_INFO 0x52
249 #define GPCMD_READ_SUBCHANNEL 0x42
250 #define GPCMD_READ_TOC_PMA_ATIP 0x43
251 #define GPCMD_REPAIR_RZONE_TRACK 0x58
252 #define GPCMD_REPORT_KEY 0xa4
253 #define GPCMD_REQUEST_SENSE 0x03
254 #define GPCMD_RESERVE_RZONE_TRACK 0x53
255 #define GPCMD_SCAN 0xba
256 #define GPCMD_SEEK 0x2b
257 #define GPCMD_SEND_DVD_STRUCTURE 0xad
258 #define GPCMD_SEND_EVENT 0xa2
259 #define GPCMD_SEND_KEY 0xa3
260 #define GPCMD_SEND_OPC 0x54
261 #define GPCMD_SET_READ_AHEAD 0xa7
262 #define GPCMD_SET_STREAMING 0xb6
263 #define GPCMD_START_STOP_UNIT 0x1b
264 #define GPCMD_STOP_PLAY_SCAN 0x4e
265 #define GPCMD_TEST_UNIT_READY 0x00
266 #define GPCMD_VERIFY_10 0x2f
267 #define GPCMD_WRITE_10 0x2a
268 #define GPCMD_WRITE_AND_VERIFY_10 0x2e
269 /* This is listed as optional in ATAPI 2.6, but is (curiously)
270 * missing from Mt. Fuji, Table 57. It _is_ mentioned in Mt. Fuji
271 * Table 377 as an MMC command for SCSi devices though... Most ATAPI
272 * drives support it. */
273 #define GPCMD_SET_SPEED 0xbb
274 /* This seems to be a SCSI specific CD-ROM opcode
275 * to play data at track/index */
276 #define GPCMD_PLAYAUDIO_TI 0x48
278 * From MS Media Status Notification Support Specification. For
281 #define GPCMD_GET_MEDIA_STATUS 0xda
282 #define GPCMD_MODE_SENSE_6 0x1a
284 /* Mode page codes for mode sense/set */
285 #define GPMODE_R_W_ERROR_PAGE 0x01
286 #define GPMODE_WRITE_PARMS_PAGE 0x05
287 #define GPMODE_AUDIO_CTL_PAGE 0x0e
288 #define GPMODE_POWER_PAGE 0x1a
289 #define GPMODE_FAULT_FAIL_PAGE 0x1c
290 #define GPMODE_TO_PROTECT_PAGE 0x1d
291 #define GPMODE_CAPABILITIES_PAGE 0x2a
292 #define GPMODE_ALL_PAGES 0x3f
293 /* Not in Mt. Fuji, but in ATAPI 2.6 -- depricated now in favor
294 * of MODE_SENSE_POWER_PAGE */
295 #define GPMODE_CDROM_PAGE 0x0d
298 * Based on values from <linux/cdrom.h> but extending CD_MINS
299 * to the maximum common size allowed by the Orange's Book ATIP
301 * 90 and 99 min CDs are also available but using them as the
302 * upper limit reduces the effectiveness of the heuristic to
303 * detect DVDs burned to less than 25% of their maximum capacity
306 /* Some generally useful CD-ROM information */
307 #define CD_MINS 80 /* max. minutes per CD */
308 #define CD_SECS 60 /* seconds per minute */
309 #define CD_FRAMES 75 /* frames per second */
310 #define CD_FRAMESIZE 2048 /* bytes per frame, "cooked" mode */
311 #define CD_MAX_BYTES (CD_MINS * CD_SECS * CD_FRAMES * CD_FRAMESIZE)
312 #define CD_MAX_SECTORS (CD_MAX_BYTES / 512)
315 * The MMC values are not IDE specific and might need to be moved
316 * to a common header if they are also needed for the SCSI emulation
319 /* Profile list from MMC-6 revision 1 table 91 */
320 #define MMC_PROFILE_NONE 0x0000
321 #define MMC_PROFILE_CD_ROM 0x0008
322 #define MMC_PROFILE_CD_R 0x0009
323 #define MMC_PROFILE_CD_RW 0x000A
324 #define MMC_PROFILE_DVD_ROM 0x0010
325 #define MMC_PROFILE_DVD_R_SR 0x0011
326 #define MMC_PROFILE_DVD_RAM 0x0012
327 #define MMC_PROFILE_DVD_RW_RO 0x0013
328 #define MMC_PROFILE_DVD_RW_SR 0x0014
329 #define MMC_PROFILE_DVD_R_DL_SR 0x0015
330 #define MMC_PROFILE_DVD_R_DL_JR 0x0016
331 #define MMC_PROFILE_DVD_RW_DL 0x0017
332 #define MMC_PROFILE_DVD_DDR 0x0018
333 #define MMC_PROFILE_DVD_PLUS_RW 0x001A
334 #define MMC_PROFILE_DVD_PLUS_R 0x001B
335 #define MMC_PROFILE_DVD_PLUS_RW_DL 0x002A
336 #define MMC_PROFILE_DVD_PLUS_R_DL 0x002B
337 #define MMC_PROFILE_BD_ROM 0x0040
338 #define MMC_PROFILE_BD_R_SRM 0x0041
339 #define MMC_PROFILE_BD_R_RRM 0x0042
340 #define MMC_PROFILE_BD_RE 0x0043
341 #define MMC_PROFILE_HDDVD_ROM 0x0050
342 #define MMC_PROFILE_HDDVD_R 0x0051
343 #define MMC_PROFILE_HDDVD_RAM 0x0052
344 #define MMC_PROFILE_HDDVD_RW 0x0053
345 #define MMC_PROFILE_HDDVD_R_DL 0x0058
346 #define MMC_PROFILE_HDDVD_RW_DL 0x005A
347 #define MMC_PROFILE_INVALID 0xFFFF
349 #define ATAPI_INT_REASON_CD 0x01 /* 0 = data transfer */
350 #define ATAPI_INT_REASON_IO 0x02 /* 1 = transfer to the host */
351 #define ATAPI_INT_REASON_REL 0x04
352 #define ATAPI_INT_REASON_TAG 0xf8
354 /* same constants as bochs */
355 #define ASC_ILLEGAL_OPCODE 0x20
356 #define ASC_LOGICAL_BLOCK_OOR 0x21
357 #define ASC_INV_FIELD_IN_CMD_PACKET 0x24
358 #define ASC_MEDIUM_MAY_HAVE_CHANGED 0x28
359 #define ASC_INCOMPATIBLE_FORMAT 0x30
360 #define ASC_MEDIUM_NOT_PRESENT 0x3a
361 #define ASC_SAVING_PARAMETERS_NOT_SUPPORTED 0x39
362 #define ASC_MEDIA_REMOVAL_PREVENTED 0x53
364 #define CFA_NO_ERROR 0x00
365 #define CFA_MISC_ERROR 0x09
366 #define CFA_INVALID_COMMAND 0x20
367 #define CFA_INVALID_ADDRESS 0x21
368 #define CFA_ADDRESS_OVERFLOW 0x2f
371 #define SENSE_NOT_READY 2
372 #define SENSE_ILLEGAL_REQUEST 5
373 #define SENSE_UNIT_ATTENTION 6
377 typedef void EndTransferFunc(struct IDEState *);
379 /* NOTE: IDEState represents in fact one drive */
380 typedef struct IDEState {
384 int cylinders, heads, sectors;
388 uint16_t identify_data[256];
391 struct BMDMAState *bmdma;
393 char drive_serial_str[21];
401 /* other part of tf for lba48 support */
411 /* 0x3f6 command, only meaningful for drive 0 */
413 /* set for lba48 access */
415 /* depends on bit 4 in select, only meaningful for drive 0 */
416 struct IDEState *cur_drive;
417 BlockDriverState *bs;
421 int packet_transfer_size;
422 int elementary_transfer_size;
426 int atapi_dma; /* true if dma is requested for the packet cmd */
430 /* PIO transfer handling */
431 int req_nb_sectors; /* number of sectors per interrupt */
432 EndTransferFunc *end_transfer_func;
436 QEMUTimer *sector_write_timer; /* only used for win2k install hack */
437 uint32_t irq_count; /* counts IRQs when using win2k install hack */
438 /* CF-ATA extended error */
440 /* CF-ATA metadata storage */
442 uint8_t *mdata_storage;
448 /* XXX: DVDs that could fit on a CD will be reported as a CD */
449 static inline int media_present(IDEState *s)
451 return (s->nb_sectors > 0);
454 static inline int media_is_dvd(IDEState *s)
456 return (media_present(s) && s->nb_sectors > CD_MAX_SECTORS);
459 static inline int media_is_cd(IDEState *s)
461 return (media_present(s) && s->nb_sectors <= CD_MAX_SECTORS);
464 #define BM_STATUS_DMAING 0x01
465 #define BM_STATUS_ERROR 0x02
466 #define BM_STATUS_INT 0x04
467 #define BM_STATUS_DMA_RETRY 0x08
468 #define BM_STATUS_PIO_RETRY 0x10
470 #define BM_CMD_START 0x01
471 #define BM_CMD_READ 0x08
473 #define IDE_TYPE_PIIX3 0
474 #define IDE_TYPE_CMD646 1
475 #define IDE_TYPE_PIIX4 2
477 /* CMD646 specific */
479 #define MRDMODE_INTR_CH0 0x04
480 #define MRDMODE_INTR_CH1 0x08
481 #define MRDMODE_BLK_CH0 0x10
482 #define MRDMODE_BLK_CH1 0x20
483 #define UDIDETCR0 0x73
484 #define UDIDETCR1 0x7B
486 typedef struct BMDMAState {
491 struct PCIIDEState *pci_dev;
492 /* current transfer state */
494 uint32_t cur_prd_last;
495 uint32_t cur_prd_addr;
496 uint32_t cur_prd_len;
498 BlockDriverCompletionFunc *dma_cb;
499 BlockDriverAIOCB *aiocb;
507 typedef struct PCIIDEState {
511 int type; /* see IDE_TYPE_xxx */
514 static void ide_dma_start(IDEState *s, BlockDriverCompletionFunc *dma_cb);
515 static void ide_dma_restart(IDEState *s);
516 static void ide_atapi_cmd_read_dma_cb(void *opaque, int ret);
518 static void padstr(char *str, const char *src, int len)
521 for(i = 0; i < len; i++) {
530 static void padstr8(uint8_t *buf, int buf_size, const char *src)
533 for(i = 0; i < buf_size; i++) {
541 static void put_le16(uint16_t *p, unsigned int v)
546 static void ide_identify(IDEState *s)
549 unsigned int oldsize;
551 if (s->identify_set) {
552 memcpy(s->io_buffer, s->identify_data, sizeof(s->identify_data));
556 memset(s->io_buffer, 0, 512);
557 p = (uint16_t *)s->io_buffer;
558 put_le16(p + 0, 0x0040);
559 put_le16(p + 1, s->cylinders);
560 put_le16(p + 3, s->heads);
561 put_le16(p + 4, 512 * s->sectors); /* XXX: retired, remove ? */
562 put_le16(p + 5, 512); /* XXX: retired, remove ? */
563 put_le16(p + 6, s->sectors);
564 padstr((char *)(p + 10), s->drive_serial_str, 20); /* serial number */
565 put_le16(p + 20, 3); /* XXX: retired, remove ? */
566 put_le16(p + 21, 512); /* cache size in sectors */
567 put_le16(p + 22, 4); /* ecc bytes */
568 padstr((char *)(p + 23), QEMU_VERSION, 8); /* firmware version */
569 padstr((char *)(p + 27), "QEMU HARDDISK", 40); /* model */
570 #if MAX_MULT_SECTORS > 1
571 put_le16(p + 47, 0x8000 | MAX_MULT_SECTORS);
573 put_le16(p + 48, 1); /* dword I/O */
574 put_le16(p + 49, (1 << 11) | (1 << 9) | (1 << 8)); /* DMA and LBA supported */
575 put_le16(p + 51, 0x200); /* PIO transfer cycle */
576 put_le16(p + 52, 0x200); /* DMA transfer cycle */
577 put_le16(p + 53, 1 | (1 << 1) | (1 << 2)); /* words 54-58,64-70,88 are valid */
578 put_le16(p + 54, s->cylinders);
579 put_le16(p + 55, s->heads);
580 put_le16(p + 56, s->sectors);
581 oldsize = s->cylinders * s->heads * s->sectors;
582 put_le16(p + 57, oldsize);
583 put_le16(p + 58, oldsize >> 16);
585 put_le16(p + 59, 0x100 | s->mult_sectors);
586 put_le16(p + 60, s->nb_sectors);
587 put_le16(p + 61, s->nb_sectors >> 16);
588 put_le16(p + 62, 0x07); /* single word dma0-2 supported */
589 put_le16(p + 63, 0x07); /* mdma0-2 supported */
590 put_le16(p + 65, 120);
591 put_le16(p + 66, 120);
592 put_le16(p + 67, 120);
593 put_le16(p + 68, 120);
594 put_le16(p + 80, 0xf0); /* ata3 -> ata6 supported */
595 put_le16(p + 81, 0x16); /* conforms to ata5 */
596 put_le16(p + 82, (1 << 14));
597 /* 13=flush_cache_ext,12=flush_cache,10=lba48 */
598 put_le16(p + 83, (1 << 14) | (1 << 13) | (1 <<12) | (1 << 10));
599 put_le16(p + 84, (1 << 14));
600 put_le16(p + 85, (1 << 14));
601 /* 13=flush_cache_ext,12=flush_cache,10=lba48 */
602 put_le16(p + 86, (1 << 14) | (1 << 13) | (1 <<12) | (1 << 10));
603 put_le16(p + 87, (1 << 14));
604 put_le16(p + 88, 0x3f | (1 << 13)); /* udma5 set and supported */
605 put_le16(p + 93, 1 | (1 << 14) | 0x2000);
606 put_le16(p + 100, s->nb_sectors);
607 put_le16(p + 101, s->nb_sectors >> 16);
608 put_le16(p + 102, s->nb_sectors >> 32);
609 put_le16(p + 103, s->nb_sectors >> 48);
611 memcpy(s->identify_data, p, sizeof(s->identify_data));
615 static void ide_atapi_identify(IDEState *s)
619 if (s->identify_set) {
620 memcpy(s->io_buffer, s->identify_data, sizeof(s->identify_data));
624 memset(s->io_buffer, 0, 512);
625 p = (uint16_t *)s->io_buffer;
626 /* Removable CDROM, 50us response, 12 byte packets */
627 put_le16(p + 0, (2 << 14) | (5 << 8) | (1 << 7) | (2 << 5) | (0 << 0));
628 padstr((char *)(p + 10), s->drive_serial_str, 20); /* serial number */
629 put_le16(p + 20, 3); /* buffer type */
630 put_le16(p + 21, 512); /* cache size in sectors */
631 put_le16(p + 22, 4); /* ecc bytes */
632 padstr((char *)(p + 23), QEMU_VERSION, 8); /* firmware version */
633 padstr((char *)(p + 27), "QEMU DVD-ROM", 40); /* model */
634 put_le16(p + 48, 1); /* dword I/O (XXX: should not be set on CDROM) */
636 put_le16(p + 49, 1 << 9 | 1 << 8); /* DMA and LBA supported */
637 put_le16(p + 53, 7); /* words 64-70, 54-58, 88 valid */
638 put_le16(p + 62, 7); /* single word dma0-2 supported */
639 put_le16(p + 63, 7); /* mdma0-2 supported */
640 put_le16(p + 64, 0x3f); /* PIO modes supported */
642 put_le16(p + 49, 1 << 9); /* LBA supported, no DMA */
643 put_le16(p + 53, 3); /* words 64-70, 54-58 valid */
644 put_le16(p + 63, 0x103); /* DMA modes XXX: may be incorrect */
645 put_le16(p + 64, 1); /* PIO modes */
647 put_le16(p + 65, 0xb4); /* minimum DMA multiword tx cycle time */
648 put_le16(p + 66, 0xb4); /* recommended DMA multiword tx cycle time */
649 put_le16(p + 67, 0x12c); /* minimum PIO cycle time without flow control */
650 put_le16(p + 68, 0xb4); /* minimum PIO cycle time with IORDY flow control */
652 put_le16(p + 71, 30); /* in ns */
653 put_le16(p + 72, 30); /* in ns */
655 put_le16(p + 80, 0x1e); /* support up to ATA/ATAPI-4 */
657 put_le16(p + 88, 0x3f | (1 << 13)); /* udma5 set and supported */
659 memcpy(s->identify_data, p, sizeof(s->identify_data));
663 static void ide_cfata_identify(IDEState *s)
668 p = (uint16_t *) s->identify_data;
672 memset(p, 0, sizeof(s->identify_data));
674 cur_sec = s->cylinders * s->heads * s->sectors;
676 put_le16(p + 0, 0x848a); /* CF Storage Card signature */
677 put_le16(p + 1, s->cylinders); /* Default cylinders */
678 put_le16(p + 3, s->heads); /* Default heads */
679 put_le16(p + 6, s->sectors); /* Default sectors per track */
680 put_le16(p + 7, s->nb_sectors >> 16); /* Sectors per card */
681 put_le16(p + 8, s->nb_sectors); /* Sectors per card */
682 padstr((char *)(p + 10), s->drive_serial_str, 20); /* serial number */
683 put_le16(p + 22, 0x0004); /* ECC bytes */
684 padstr((char *) (p + 23), QEMU_VERSION, 8); /* Firmware Revision */
685 padstr((char *) (p + 27), "QEMU MICRODRIVE", 40);/* Model number */
686 #if MAX_MULT_SECTORS > 1
687 put_le16(p + 47, 0x8000 | MAX_MULT_SECTORS);
689 put_le16(p + 47, 0x0000);
691 put_le16(p + 49, 0x0f00); /* Capabilities */
692 put_le16(p + 51, 0x0002); /* PIO cycle timing mode */
693 put_le16(p + 52, 0x0001); /* DMA cycle timing mode */
694 put_le16(p + 53, 0x0003); /* Translation params valid */
695 put_le16(p + 54, s->cylinders); /* Current cylinders */
696 put_le16(p + 55, s->heads); /* Current heads */
697 put_le16(p + 56, s->sectors); /* Current sectors */
698 put_le16(p + 57, cur_sec); /* Current capacity */
699 put_le16(p + 58, cur_sec >> 16); /* Current capacity */
700 if (s->mult_sectors) /* Multiple sector setting */
701 put_le16(p + 59, 0x100 | s->mult_sectors);
702 put_le16(p + 60, s->nb_sectors); /* Total LBA sectors */
703 put_le16(p + 61, s->nb_sectors >> 16); /* Total LBA sectors */
704 put_le16(p + 63, 0x0203); /* Multiword DMA capability */
705 put_le16(p + 64, 0x0001); /* Flow Control PIO support */
706 put_le16(p + 65, 0x0096); /* Min. Multiword DMA cycle */
707 put_le16(p + 66, 0x0096); /* Rec. Multiword DMA cycle */
708 put_le16(p + 68, 0x00b4); /* Min. PIO cycle time */
709 put_le16(p + 82, 0x400c); /* Command Set supported */
710 put_le16(p + 83, 0x7068); /* Command Set supported */
711 put_le16(p + 84, 0x4000); /* Features supported */
712 put_le16(p + 85, 0x000c); /* Command Set enabled */
713 put_le16(p + 86, 0x7044); /* Command Set enabled */
714 put_le16(p + 87, 0x4000); /* Features enabled */
715 put_le16(p + 91, 0x4060); /* Current APM level */
716 put_le16(p + 129, 0x0002); /* Current features option */
717 put_le16(p + 130, 0x0005); /* Reassigned sectors */
718 put_le16(p + 131, 0x0001); /* Initial power mode */
719 put_le16(p + 132, 0x0000); /* User signature */
720 put_le16(p + 160, 0x8100); /* Power requirement */
721 put_le16(p + 161, 0x8001); /* CF command set */
726 memcpy(s->io_buffer, p, sizeof(s->identify_data));
729 static void ide_set_signature(IDEState *s)
731 s->select &= 0xf0; /* clear head */
747 static inline void ide_abort_command(IDEState *s)
749 s->status = READY_STAT | ERR_STAT;
753 static inline void ide_dma_submit_check(IDEState *s,
754 BlockDriverCompletionFunc *dma_cb, BMDMAState *bm)
761 static inline void ide_set_irq(IDEState *s)
763 BMDMAState *bm = s->bmdma;
764 if (!(s->cmd & IDE_CMD_DISABLE_IRQ)) {
766 bm->status |= BM_STATUS_INT;
768 qemu_irq_raise(s->irq);
772 /* prepare data transfer and tell what to do after */
773 static void ide_transfer_start(IDEState *s, uint8_t *buf, int size,
774 EndTransferFunc *end_transfer_func)
776 s->end_transfer_func = end_transfer_func;
778 s->data_end = buf + size;
779 if (!(s->status & ERR_STAT))
780 s->status |= DRQ_STAT;
783 static void ide_transfer_stop(IDEState *s)
785 s->end_transfer_func = ide_transfer_stop;
786 s->data_ptr = s->io_buffer;
787 s->data_end = s->io_buffer;
788 s->status &= ~DRQ_STAT;
791 static int64_t ide_get_sector(IDEState *s)
794 if (s->select & 0x40) {
797 sector_num = ((s->select & 0x0f) << 24) | (s->hcyl << 16) |
798 (s->lcyl << 8) | s->sector;
800 sector_num = ((int64_t)s->hob_hcyl << 40) |
801 ((int64_t) s->hob_lcyl << 32) |
802 ((int64_t) s->hob_sector << 24) |
803 ((int64_t) s->hcyl << 16) |
804 ((int64_t) s->lcyl << 8) | s->sector;
807 sector_num = ((s->hcyl << 8) | s->lcyl) * s->heads * s->sectors +
808 (s->select & 0x0f) * s->sectors + (s->sector - 1);
813 static void ide_set_sector(IDEState *s, int64_t sector_num)
816 if (s->select & 0x40) {
818 s->select = (s->select & 0xf0) | (sector_num >> 24);
819 s->hcyl = (sector_num >> 16);
820 s->lcyl = (sector_num >> 8);
821 s->sector = (sector_num);
823 s->sector = sector_num;
824 s->lcyl = sector_num >> 8;
825 s->hcyl = sector_num >> 16;
826 s->hob_sector = sector_num >> 24;
827 s->hob_lcyl = sector_num >> 32;
828 s->hob_hcyl = sector_num >> 40;
831 cyl = sector_num / (s->heads * s->sectors);
832 r = sector_num % (s->heads * s->sectors);
835 s->select = (s->select & 0xf0) | ((r / s->sectors) & 0x0f);
836 s->sector = (r % s->sectors) + 1;
840 static void ide_rw_error(IDEState *s) {
841 ide_abort_command(s);
845 static void ide_sector_read(IDEState *s)
850 s->status = READY_STAT | SEEK_STAT;
851 s->error = 0; /* not needed by IDE spec, but needed by Windows */
852 sector_num = ide_get_sector(s);
855 /* no more sector to read from disk */
856 ide_transfer_stop(s);
858 #if defined(DEBUG_IDE)
859 printf("read sector=%" PRId64 "\n", sector_num);
861 if (n > s->req_nb_sectors)
862 n = s->req_nb_sectors;
863 ret = bdrv_read(s->bs, sector_num, s->io_buffer, n);
868 ide_transfer_start(s, s->io_buffer, 512 * n, ide_sector_read);
870 ide_set_sector(s, sector_num + n);
876 /* return 0 if buffer completed */
877 static int dma_buf_prepare(BMDMAState *bm, int is_write)
879 IDEState *s = bm->ide_if;
886 qemu_sglist_init(&s->sg, s->nsector / (TARGET_PAGE_SIZE/512) + 1);
887 s->io_buffer_size = 0;
889 if (bm->cur_prd_len == 0) {
890 /* end of table (with a fail safe of one page) */
891 if (bm->cur_prd_last ||
892 (bm->cur_addr - bm->addr) >= 4096)
893 return s->io_buffer_size != 0;
894 cpu_physical_memory_read(bm->cur_addr, (uint8_t *)&prd, 8);
896 prd.addr = le32_to_cpu(prd.addr);
897 prd.size = le32_to_cpu(prd.size);
898 len = prd.size & 0xfffe;
901 bm->cur_prd_len = len;
902 bm->cur_prd_addr = prd.addr;
903 bm->cur_prd_last = (prd.size & 0x80000000);
907 qemu_sglist_add(&s->sg, bm->cur_prd_addr, l);
908 bm->cur_prd_addr += l;
909 bm->cur_prd_len -= l;
910 s->io_buffer_size += l;
916 static void dma_buf_commit(IDEState *s, int is_write)
918 qemu_sglist_destroy(&s->sg);
921 static void ide_dma_error(IDEState *s)
923 ide_transfer_stop(s);
925 s->status = READY_STAT | ERR_STAT;
929 static int ide_handle_write_error(IDEState *s, int error, int op)
931 BlockInterfaceErrorAction action = drive_get_onerror(s->bs);
933 if (action == BLOCK_ERR_IGNORE)
936 if ((error == ENOSPC && action == BLOCK_ERR_STOP_ENOSPC)
937 || action == BLOCK_ERR_STOP_ANY) {
938 s->bmdma->ide_if = s;
939 s->bmdma->status |= op;
942 if (op == BM_STATUS_DMA_RETRY) {
943 dma_buf_commit(s, 0);
953 /* return 0 if buffer completed */
954 static int dma_buf_rw(BMDMAState *bm, int is_write)
956 IDEState *s = bm->ide_if;
964 l = s->io_buffer_size - s->io_buffer_index;
967 if (bm->cur_prd_len == 0) {
968 /* end of table (with a fail safe of one page) */
969 if (bm->cur_prd_last ||
970 (bm->cur_addr - bm->addr) >= 4096)
972 cpu_physical_memory_read(bm->cur_addr, (uint8_t *)&prd, 8);
974 prd.addr = le32_to_cpu(prd.addr);
975 prd.size = le32_to_cpu(prd.size);
976 len = prd.size & 0xfffe;
979 bm->cur_prd_len = len;
980 bm->cur_prd_addr = prd.addr;
981 bm->cur_prd_last = (prd.size & 0x80000000);
983 if (l > bm->cur_prd_len)
987 cpu_physical_memory_write(bm->cur_prd_addr,
988 s->io_buffer + s->io_buffer_index, l);
990 cpu_physical_memory_read(bm->cur_prd_addr,
991 s->io_buffer + s->io_buffer_index, l);
993 bm->cur_prd_addr += l;
994 bm->cur_prd_len -= l;
995 s->io_buffer_index += l;
1001 static void ide_read_dma_cb(void *opaque, int ret)
1003 BMDMAState *bm = opaque;
1004 IDEState *s = bm->ide_if;
1009 dma_buf_commit(s, 1);
1014 n = s->io_buffer_size >> 9;
1015 sector_num = ide_get_sector(s);
1017 dma_buf_commit(s, 1);
1019 ide_set_sector(s, sector_num);
1023 /* end of transfer ? */
1024 if (s->nsector == 0) {
1025 s->status = READY_STAT | SEEK_STAT;
1028 bm->status &= ~BM_STATUS_DMAING;
1029 bm->status |= BM_STATUS_INT;
1036 /* launch next transfer */
1038 s->io_buffer_index = 0;
1039 s->io_buffer_size = n * 512;
1040 if (dma_buf_prepare(bm, 1) == 0)
1043 printf("aio_read: sector_num=%" PRId64 " n=%d\n", sector_num, n);
1045 bm->aiocb = dma_bdrv_read(s->bs, &s->sg, sector_num, ide_read_dma_cb, bm);
1046 ide_dma_submit_check(s, ide_read_dma_cb, bm);
1049 static void ide_sector_read_dma(IDEState *s)
1051 s->status = READY_STAT | SEEK_STAT | DRQ_STAT | BUSY_STAT;
1052 s->io_buffer_index = 0;
1053 s->io_buffer_size = 0;
1055 ide_dma_start(s, ide_read_dma_cb);
1058 static void ide_sector_write_timer_cb(void *opaque)
1060 IDEState *s = opaque;
1064 static void ide_sector_write(IDEState *s)
1069 s->status = READY_STAT | SEEK_STAT;
1070 sector_num = ide_get_sector(s);
1071 #if defined(DEBUG_IDE)
1072 printf("write sector=%" PRId64 "\n", sector_num);
1075 if (n > s->req_nb_sectors)
1076 n = s->req_nb_sectors;
1077 ret = bdrv_write(s->bs, sector_num, s->io_buffer, n);
1080 if (ide_handle_write_error(s, -ret, BM_STATUS_PIO_RETRY))
1085 if (s->nsector == 0) {
1086 /* no more sectors to write */
1087 ide_transfer_stop(s);
1090 if (n1 > s->req_nb_sectors)
1091 n1 = s->req_nb_sectors;
1092 ide_transfer_start(s, s->io_buffer, 512 * n1, ide_sector_write);
1094 ide_set_sector(s, sector_num + n);
1097 if (win2k_install_hack && ((++s->irq_count % 16) == 0)) {
1098 /* It seems there is a bug in the Windows 2000 installer HDD
1099 IDE driver which fills the disk with empty logs when the
1100 IDE write IRQ comes too early. This hack tries to correct
1101 that at the expense of slower write performances. Use this
1102 option _only_ to install Windows 2000. You must disable it
1104 qemu_mod_timer(s->sector_write_timer,
1105 qemu_get_clock(vm_clock) + (ticks_per_sec / 1000));
1113 static void ide_dma_restart_bh(void *opaque)
1115 BMDMAState *bm = opaque;
1117 qemu_bh_delete(bm->bh);
1120 if (bm->status & BM_STATUS_DMA_RETRY) {
1121 bm->status &= ~BM_STATUS_DMA_RETRY;
1122 ide_dma_restart(bm->ide_if);
1123 } else if (bm->status & BM_STATUS_PIO_RETRY) {
1124 bm->status &= ~BM_STATUS_PIO_RETRY;
1125 ide_sector_write(bm->ide_if);
1129 static void ide_dma_restart_cb(void *opaque, int running, int reason)
1131 BMDMAState *bm = opaque;
1137 bm->bh = qemu_bh_new(ide_dma_restart_bh, bm);
1138 qemu_bh_schedule(bm->bh);
1142 static void ide_write_dma_cb(void *opaque, int ret)
1144 BMDMAState *bm = opaque;
1145 IDEState *s = bm->ide_if;
1150 if (ide_handle_write_error(s, -ret, BM_STATUS_DMA_RETRY))
1154 n = s->io_buffer_size >> 9;
1155 sector_num = ide_get_sector(s);
1157 dma_buf_commit(s, 0);
1159 ide_set_sector(s, sector_num);
1163 /* end of transfer ? */
1164 if (s->nsector == 0) {
1165 s->status = READY_STAT | SEEK_STAT;
1168 bm->status &= ~BM_STATUS_DMAING;
1169 bm->status |= BM_STATUS_INT;
1177 s->io_buffer_size = n * 512;
1178 /* launch next transfer */
1179 if (dma_buf_prepare(bm, 0) == 0)
1182 printf("aio_write: sector_num=%" PRId64 " n=%d\n", sector_num, n);
1184 bm->aiocb = dma_bdrv_write(s->bs, &s->sg, sector_num, ide_write_dma_cb, bm);
1185 ide_dma_submit_check(s, ide_write_dma_cb, bm);
1188 static void ide_sector_write_dma(IDEState *s)
1190 s->status = READY_STAT | SEEK_STAT | DRQ_STAT | BUSY_STAT;
1191 s->io_buffer_index = 0;
1192 s->io_buffer_size = 0;
1194 ide_dma_start(s, ide_write_dma_cb);
1197 static void ide_atapi_cmd_ok(IDEState *s)
1200 s->status = READY_STAT | SEEK_STAT;
1201 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
1205 static void ide_atapi_cmd_error(IDEState *s, int sense_key, int asc)
1207 #ifdef DEBUG_IDE_ATAPI
1208 printf("atapi_cmd_error: sense=0x%x asc=0x%x\n", sense_key, asc);
1210 s->error = sense_key << 4;
1211 s->status = READY_STAT | ERR_STAT;
1212 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
1213 s->sense_key = sense_key;
1218 static void ide_atapi_cmd_check_status(IDEState *s)
1220 #ifdef DEBUG_IDE_ATAPI
1221 printf("atapi_cmd_check_status\n");
1223 s->error = MC_ERR | (SENSE_UNIT_ATTENTION << 4);
1224 s->status = ERR_STAT;
1229 static inline void cpu_to_ube16(uint8_t *buf, int val)
1232 buf[1] = val & 0xff;
1235 static inline void cpu_to_ube32(uint8_t *buf, unsigned int val)
1240 buf[3] = val & 0xff;
1243 static inline int ube16_to_cpu(const uint8_t *buf)
1245 return (buf[0] << 8) | buf[1];
1248 static inline int ube32_to_cpu(const uint8_t *buf)
1250 return (buf[0] << 24) | (buf[1] << 16) | (buf[2] << 8) | buf[3];
1253 static void lba_to_msf(uint8_t *buf, int lba)
1256 buf[0] = (lba / 75) / 60;
1257 buf[1] = (lba / 75) % 60;
1261 static void cd_data_to_raw(uint8_t *buf, int lba)
1265 memset(buf + 1, 0xff, 10);
1269 lba_to_msf(buf, lba);
1270 buf[3] = 0x01; /* mode 1 data */
1274 /* XXX: ECC not computed */
1275 memset(buf, 0, 288);
1278 static int cd_read_sector(BlockDriverState *bs, int lba, uint8_t *buf,
1283 switch(sector_size) {
1285 ret = bdrv_read(bs, (int64_t)lba << 2, buf, 4);
1288 ret = bdrv_read(bs, (int64_t)lba << 2, buf + 16, 4);
1291 cd_data_to_raw(buf, lba);
1300 static void ide_atapi_io_error(IDEState *s, int ret)
1302 /* XXX: handle more errors */
1303 if (ret == -ENOMEDIUM) {
1304 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1305 ASC_MEDIUM_NOT_PRESENT);
1307 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1308 ASC_LOGICAL_BLOCK_OOR);
1312 /* The whole ATAPI transfer logic is handled in this function */
1313 static void ide_atapi_cmd_reply_end(IDEState *s)
1315 int byte_count_limit, size, ret;
1316 #ifdef DEBUG_IDE_ATAPI
1317 printf("reply: tx_size=%d elem_tx_size=%d index=%d\n",
1318 s->packet_transfer_size,
1319 s->elementary_transfer_size,
1320 s->io_buffer_index);
1322 if (s->packet_transfer_size <= 0) {
1323 /* end of transfer */
1324 ide_transfer_stop(s);
1325 s->status = READY_STAT | SEEK_STAT;
1326 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
1328 #ifdef DEBUG_IDE_ATAPI
1329 printf("status=0x%x\n", s->status);
1332 /* see if a new sector must be read */
1333 if (s->lba != -1 && s->io_buffer_index >= s->cd_sector_size) {
1334 ret = cd_read_sector(s->bs, s->lba, s->io_buffer, s->cd_sector_size);
1336 ide_transfer_stop(s);
1337 ide_atapi_io_error(s, ret);
1341 s->io_buffer_index = 0;
1343 if (s->elementary_transfer_size > 0) {
1344 /* there are some data left to transmit in this elementary
1346 size = s->cd_sector_size - s->io_buffer_index;
1347 if (size > s->elementary_transfer_size)
1348 size = s->elementary_transfer_size;
1349 ide_transfer_start(s, s->io_buffer + s->io_buffer_index,
1350 size, ide_atapi_cmd_reply_end);
1351 s->packet_transfer_size -= size;
1352 s->elementary_transfer_size -= size;
1353 s->io_buffer_index += size;
1355 /* a new transfer is needed */
1356 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO;
1357 byte_count_limit = s->lcyl | (s->hcyl << 8);
1358 #ifdef DEBUG_IDE_ATAPI
1359 printf("byte_count_limit=%d\n", byte_count_limit);
1361 if (byte_count_limit == 0xffff)
1363 size = s->packet_transfer_size;
1364 if (size > byte_count_limit) {
1365 /* byte count limit must be even if this case */
1366 if (byte_count_limit & 1)
1368 size = byte_count_limit;
1371 s->hcyl = size >> 8;
1372 s->elementary_transfer_size = size;
1373 /* we cannot transmit more than one sector at a time */
1375 if (size > (s->cd_sector_size - s->io_buffer_index))
1376 size = (s->cd_sector_size - s->io_buffer_index);
1378 ide_transfer_start(s, s->io_buffer + s->io_buffer_index,
1379 size, ide_atapi_cmd_reply_end);
1380 s->packet_transfer_size -= size;
1381 s->elementary_transfer_size -= size;
1382 s->io_buffer_index += size;
1384 #ifdef DEBUG_IDE_ATAPI
1385 printf("status=0x%x\n", s->status);
1391 /* send a reply of 'size' bytes in s->io_buffer to an ATAPI command */
1392 static void ide_atapi_cmd_reply(IDEState *s, int size, int max_size)
1394 if (size > max_size)
1396 s->lba = -1; /* no sector read */
1397 s->packet_transfer_size = size;
1398 s->io_buffer_size = size; /* dma: send the reply data as one chunk */
1399 s->elementary_transfer_size = 0;
1400 s->io_buffer_index = 0;
1403 s->status = READY_STAT | SEEK_STAT | DRQ_STAT;
1404 ide_dma_start(s, ide_atapi_cmd_read_dma_cb);
1406 s->status = READY_STAT | SEEK_STAT;
1407 ide_atapi_cmd_reply_end(s);
1411 /* start a CD-CDROM read command */
1412 static void ide_atapi_cmd_read_pio(IDEState *s, int lba, int nb_sectors,
1416 s->packet_transfer_size = nb_sectors * sector_size;
1417 s->elementary_transfer_size = 0;
1418 s->io_buffer_index = sector_size;
1419 s->cd_sector_size = sector_size;
1421 s->status = READY_STAT | SEEK_STAT;
1422 ide_atapi_cmd_reply_end(s);
1425 /* ATAPI DMA support */
1427 /* XXX: handle read errors */
1428 static void ide_atapi_cmd_read_dma_cb(void *opaque, int ret)
1430 BMDMAState *bm = opaque;
1431 IDEState *s = bm->ide_if;
1435 ide_atapi_io_error(s, ret);
1439 if (s->io_buffer_size > 0) {
1441 * For a cdrom read sector command (s->lba != -1),
1442 * adjust the lba for the next s->io_buffer_size chunk
1443 * and dma the current chunk.
1444 * For a command != read (s->lba == -1), just transfer
1448 if (s->cd_sector_size == 2352) {
1450 cd_data_to_raw(s->io_buffer, s->lba);
1452 n = s->io_buffer_size >> 11;
1456 s->packet_transfer_size -= s->io_buffer_size;
1457 if (dma_buf_rw(bm, 1) == 0)
1461 if (s->packet_transfer_size <= 0) {
1462 s->status = READY_STAT | SEEK_STAT;
1463 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
1466 bm->status &= ~BM_STATUS_DMAING;
1467 bm->status |= BM_STATUS_INT;
1474 s->io_buffer_index = 0;
1475 if (s->cd_sector_size == 2352) {
1477 s->io_buffer_size = s->cd_sector_size;
1480 n = s->packet_transfer_size >> 11;
1481 if (n > (IDE_DMA_BUF_SECTORS / 4))
1482 n = (IDE_DMA_BUF_SECTORS / 4);
1483 s->io_buffer_size = n * 2048;
1487 printf("aio_read_cd: lba=%u n=%d\n", s->lba, n);
1489 bm->iov.iov_base = (void *)(s->io_buffer + data_offset);
1490 bm->iov.iov_len = n * 4 * 512;
1491 qemu_iovec_init_external(&bm->qiov, &bm->iov, 1);
1492 bm->aiocb = bdrv_aio_readv(s->bs, (int64_t)s->lba << 2, &bm->qiov,
1493 n * 4, ide_atapi_cmd_read_dma_cb, bm);
1495 /* Note: media not present is the most likely case */
1496 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1497 ASC_MEDIUM_NOT_PRESENT);
1502 /* start a CD-CDROM read command with DMA */
1503 /* XXX: test if DMA is available */
1504 static void ide_atapi_cmd_read_dma(IDEState *s, int lba, int nb_sectors,
1508 s->packet_transfer_size = nb_sectors * sector_size;
1509 s->io_buffer_index = 0;
1510 s->io_buffer_size = 0;
1511 s->cd_sector_size = sector_size;
1513 /* XXX: check if BUSY_STAT should be set */
1514 s->status = READY_STAT | SEEK_STAT | DRQ_STAT | BUSY_STAT;
1515 ide_dma_start(s, ide_atapi_cmd_read_dma_cb);
1518 static void ide_atapi_cmd_read(IDEState *s, int lba, int nb_sectors,
1521 #ifdef DEBUG_IDE_ATAPI
1522 printf("read %s: LBA=%d nb_sectors=%d\n", s->atapi_dma ? "dma" : "pio",
1526 ide_atapi_cmd_read_dma(s, lba, nb_sectors, sector_size);
1528 ide_atapi_cmd_read_pio(s, lba, nb_sectors, sector_size);
1532 static inline uint8_t ide_atapi_set_profile(uint8_t *buf, uint8_t *index,
1535 uint8_t *buf_profile = buf + 12; /* start of profiles */
1537 buf_profile += ((*index) * 4); /* start of indexed profile */
1538 cpu_to_ube16 (buf_profile, profile);
1539 buf_profile[2] = ((buf_profile[0] == buf[6]) && (buf_profile[1] == buf[7]));
1541 /* each profile adds 4 bytes to the response */
1543 buf[11] += 4; /* Additional Length */
1548 static int ide_dvd_read_structure(IDEState *s, int format,
1549 const uint8_t *packet, uint8_t *buf)
1552 case 0x0: /* Physical format information */
1554 int layer = packet[6];
1555 uint64_t total_sectors;
1558 return -ASC_INV_FIELD_IN_CMD_PACKET;
1560 bdrv_get_geometry(s->bs, &total_sectors);
1561 total_sectors >>= 2;
1562 if (total_sectors == 0)
1563 return -ASC_MEDIUM_NOT_PRESENT;
1565 buf[4] = 1; /* DVD-ROM, part version 1 */
1566 buf[5] = 0xf; /* 120mm disc, minimum rate unspecified */
1567 buf[6] = 1; /* one layer, read-only (per MMC-2 spec) */
1568 buf[7] = 0; /* default densities */
1570 /* FIXME: 0x30000 per spec? */
1571 cpu_to_ube32(buf + 8, 0); /* start sector */
1572 cpu_to_ube32(buf + 12, total_sectors - 1); /* end sector */
1573 cpu_to_ube32(buf + 16, total_sectors - 1); /* l0 end sector */
1575 /* Size of buffer, not including 2 byte size field */
1576 cpu_to_be16wu((uint16_t *)buf, 2048 + 2);
1578 /* 2k data + 4 byte header */
1582 case 0x01: /* DVD copyright information */
1583 buf[4] = 0; /* no copyright data */
1584 buf[5] = 0; /* no region restrictions */
1586 /* Size of buffer, not including 2 byte size field */
1587 cpu_to_be16wu((uint16_t *)buf, 4 + 2);
1589 /* 4 byte header + 4 byte data */
1592 case 0x03: /* BCA information - invalid field for no BCA info */
1593 return -ASC_INV_FIELD_IN_CMD_PACKET;
1595 case 0x04: /* DVD disc manufacturing information */
1596 /* Size of buffer, not including 2 byte size field */
1597 cpu_to_be16wu((uint16_t *)buf, 2048 + 2);
1599 /* 2k data + 4 byte header */
1604 * This lists all the command capabilities above. Add new ones
1605 * in order and update the length and buffer return values.
1608 buf[4] = 0x00; /* Physical format */
1609 buf[5] = 0x40; /* Not writable, is readable */
1610 cpu_to_be16wu((uint16_t *)(buf + 6), 2048 + 4);
1612 buf[8] = 0x01; /* Copyright info */
1613 buf[9] = 0x40; /* Not writable, is readable */
1614 cpu_to_be16wu((uint16_t *)(buf + 10), 4 + 4);
1616 buf[12] = 0x03; /* BCA info */
1617 buf[13] = 0x40; /* Not writable, is readable */
1618 cpu_to_be16wu((uint16_t *)(buf + 14), 188 + 4);
1620 buf[16] = 0x04; /* Manufacturing info */
1621 buf[17] = 0x40; /* Not writable, is readable */
1622 cpu_to_be16wu((uint16_t *)(buf + 18), 2048 + 4);
1624 /* Size of buffer, not including 2 byte size field */
1625 cpu_to_be16wu((uint16_t *)buf, 16 + 2);
1627 /* data written + 4 byte header */
1630 default: /* TODO: formats beyond DVD-ROM requires */
1631 return -ASC_INV_FIELD_IN_CMD_PACKET;
1635 static void ide_atapi_cmd(IDEState *s)
1637 const uint8_t *packet;
1641 packet = s->io_buffer;
1643 #ifdef DEBUG_IDE_ATAPI
1646 printf("ATAPI limit=0x%x packet:", s->lcyl | (s->hcyl << 8));
1647 for(i = 0; i < ATAPI_PACKET_SIZE; i++) {
1648 printf(" %02x", packet[i]);
1653 /* If there's a UNIT_ATTENTION condition pending, only
1654 REQUEST_SENSE and INQUIRY commands are allowed to complete. */
1655 if (s->sense_key == SENSE_UNIT_ATTENTION &&
1656 s->io_buffer[0] != GPCMD_REQUEST_SENSE &&
1657 s->io_buffer[0] != GPCMD_INQUIRY) {
1658 ide_atapi_cmd_check_status(s);
1661 switch(s->io_buffer[0]) {
1662 case GPCMD_TEST_UNIT_READY:
1663 if (bdrv_is_inserted(s->bs)) {
1664 ide_atapi_cmd_ok(s);
1666 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1667 ASC_MEDIUM_NOT_PRESENT);
1670 case GPCMD_MODE_SENSE_6:
1671 case GPCMD_MODE_SENSE_10:
1674 if (packet[0] == GPCMD_MODE_SENSE_10)
1675 max_len = ube16_to_cpu(packet + 7);
1677 max_len = packet[4];
1678 action = packet[2] >> 6;
1679 code = packet[2] & 0x3f;
1681 case 0: /* current values */
1683 case 0x01: /* error recovery */
1684 cpu_to_ube16(&buf[0], 16 + 6);
1700 ide_atapi_cmd_reply(s, 16, max_len);
1703 cpu_to_ube16(&buf[0], 28 + 6);
1716 /* Claim PLAY_AUDIO capability (0x01) since some Linux
1717 code checks for this to automount media. */
1720 buf[14] = (1 << 0) | (1 << 3) | (1 << 5);
1721 if (bdrv_is_locked(s->bs))
1724 cpu_to_ube16(&buf[16], 706);
1727 cpu_to_ube16(&buf[20], 512);
1728 cpu_to_ube16(&buf[22], 706);
1733 ide_atapi_cmd_reply(s, 28, max_len);
1739 case 1: /* changeable values */
1741 case 2: /* default values */
1744 case 3: /* saved values */
1745 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1746 ASC_SAVING_PARAMETERS_NOT_SUPPORTED);
1751 case GPCMD_REQUEST_SENSE:
1752 max_len = packet[4];
1754 buf[0] = 0x70 | (1 << 7);
1755 buf[2] = s->sense_key;
1758 if (s->sense_key == SENSE_UNIT_ATTENTION)
1759 s->sense_key = SENSE_NONE;
1760 ide_atapi_cmd_reply(s, 18, max_len);
1762 case GPCMD_PREVENT_ALLOW_MEDIUM_REMOVAL:
1763 if (bdrv_is_inserted(s->bs)) {
1764 bdrv_set_locked(s->bs, packet[4] & 1);
1765 ide_atapi_cmd_ok(s);
1767 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1768 ASC_MEDIUM_NOT_PRESENT);
1774 int nb_sectors, lba;
1776 if (packet[0] == GPCMD_READ_10)
1777 nb_sectors = ube16_to_cpu(packet + 7);
1779 nb_sectors = ube32_to_cpu(packet + 6);
1780 lba = ube32_to_cpu(packet + 2);
1781 if (nb_sectors == 0) {
1782 ide_atapi_cmd_ok(s);
1785 ide_atapi_cmd_read(s, lba, nb_sectors, 2048);
1790 int nb_sectors, lba, transfer_request;
1792 nb_sectors = (packet[6] << 16) | (packet[7] << 8) | packet[8];
1793 lba = ube32_to_cpu(packet + 2);
1794 if (nb_sectors == 0) {
1795 ide_atapi_cmd_ok(s);
1798 transfer_request = packet[9];
1799 switch(transfer_request & 0xf8) {
1802 ide_atapi_cmd_ok(s);
1806 ide_atapi_cmd_read(s, lba, nb_sectors, 2048);
1810 ide_atapi_cmd_read(s, lba, nb_sectors, 2352);
1813 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1814 ASC_INV_FIELD_IN_CMD_PACKET);
1822 uint64_t total_sectors;
1824 bdrv_get_geometry(s->bs, &total_sectors);
1825 total_sectors >>= 2;
1826 if (total_sectors == 0) {
1827 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1828 ASC_MEDIUM_NOT_PRESENT);
1831 lba = ube32_to_cpu(packet + 2);
1832 if (lba >= total_sectors) {
1833 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1834 ASC_LOGICAL_BLOCK_OOR);
1837 ide_atapi_cmd_ok(s);
1840 case GPCMD_START_STOP_UNIT:
1842 int start, eject, err = 0;
1843 start = packet[4] & 1;
1844 eject = (packet[4] >> 1) & 1;
1847 err = bdrv_eject(s->bs, !start);
1852 ide_atapi_cmd_ok(s);
1855 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1856 ASC_MEDIA_REMOVAL_PREVENTED);
1859 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1860 ASC_MEDIUM_NOT_PRESENT);
1865 case GPCMD_MECHANISM_STATUS:
1867 max_len = ube16_to_cpu(packet + 8);
1868 cpu_to_ube16(buf, 0);
1869 /* no current LBA */
1874 cpu_to_ube16(buf + 6, 0);
1875 ide_atapi_cmd_reply(s, 8, max_len);
1878 case GPCMD_READ_TOC_PMA_ATIP:
1880 int format, msf, start_track, len;
1881 uint64_t total_sectors;
1883 bdrv_get_geometry(s->bs, &total_sectors);
1884 total_sectors >>= 2;
1885 if (total_sectors == 0) {
1886 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1887 ASC_MEDIUM_NOT_PRESENT);
1890 max_len = ube16_to_cpu(packet + 7);
1891 format = packet[9] >> 6;
1892 msf = (packet[1] >> 1) & 1;
1893 start_track = packet[6];
1896 len = cdrom_read_toc(total_sectors, buf, msf, start_track);
1899 ide_atapi_cmd_reply(s, len, max_len);
1902 /* multi session : only a single session defined */
1907 ide_atapi_cmd_reply(s, 12, max_len);
1910 len = cdrom_read_toc_raw(total_sectors, buf, msf, start_track);
1913 ide_atapi_cmd_reply(s, len, max_len);
1917 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1918 ASC_INV_FIELD_IN_CMD_PACKET);
1923 case GPCMD_READ_CDVD_CAPACITY:
1925 uint64_t total_sectors;
1927 bdrv_get_geometry(s->bs, &total_sectors);
1928 total_sectors >>= 2;
1929 if (total_sectors == 0) {
1930 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1931 ASC_MEDIUM_NOT_PRESENT);
1934 /* NOTE: it is really the number of sectors minus 1 */
1935 cpu_to_ube32(buf, total_sectors - 1);
1936 cpu_to_ube32(buf + 4, 2048);
1937 ide_atapi_cmd_reply(s, 8, 8);
1940 case GPCMD_READ_DVD_STRUCTURE:
1942 int media = packet[1];
1943 int format = packet[7];
1946 max_len = ube16_to_cpu(packet + 8);
1948 if (format < 0xff) {
1949 if (media_is_cd(s)) {
1950 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1951 ASC_INCOMPATIBLE_FORMAT);
1953 } else if (!media_present(s)) {
1954 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1955 ASC_INV_FIELD_IN_CMD_PACKET);
1960 memset(buf, 0, max_len > IDE_DMA_BUF_SECTORS * 512 + 4 ?
1961 IDE_DMA_BUF_SECTORS * 512 + 4 : max_len);
1967 ret = ide_dvd_read_structure(s, format, packet, buf);
1970 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST, -ret);
1972 ide_atapi_cmd_reply(s, ret, max_len);
1976 /* TODO: BD support, fall through for now */
1978 /* Generic disk structures */
1979 case 0x80: /* TODO: AACS volume identifier */
1980 case 0x81: /* TODO: AACS media serial number */
1981 case 0x82: /* TODO: AACS media identifier */
1982 case 0x83: /* TODO: AACS media key block */
1983 case 0x90: /* TODO: List of recognized format layers */
1984 case 0xc0: /* TODO: Write protection status */
1986 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1987 ASC_INV_FIELD_IN_CMD_PACKET);
1992 case GPCMD_SET_SPEED:
1993 ide_atapi_cmd_ok(s);
1996 max_len = packet[4];
1997 buf[0] = 0x05; /* CD-ROM */
1998 buf[1] = 0x80; /* removable */
1999 buf[2] = 0x00; /* ISO */
2000 buf[3] = 0x21; /* ATAPI-2 (XXX: put ATAPI-4 ?) */
2001 buf[4] = 31; /* additional length */
2002 buf[5] = 0; /* reserved */
2003 buf[6] = 0; /* reserved */
2004 buf[7] = 0; /* reserved */
2005 padstr8(buf + 8, 8, "QEMU");
2006 padstr8(buf + 16, 16, "QEMU DVD-ROM");
2007 padstr8(buf + 32, 4, QEMU_VERSION);
2008 ide_atapi_cmd_reply(s, 36, max_len);
2010 case GPCMD_GET_CONFIGURATION:
2015 /* only feature 0 is supported */
2016 if (packet[2] != 0 || packet[3] != 0) {
2017 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
2018 ASC_INV_FIELD_IN_CMD_PACKET);
2022 /* XXX: could result in alignment problems in some architectures */
2023 max_len = ube16_to_cpu(packet + 7);
2026 * XXX: avoid overflow for io_buffer if max_len is bigger than
2027 * the size of that buffer (dimensioned to max number of
2028 * sectors to transfer at once)
2030 * Only a problem if the feature/profiles grow.
2032 if (max_len > 512) /* XXX: assume 1 sector */
2035 memset(buf, 0, max_len);
2037 * the number of sectors from the media tells us which profile
2038 * to use as current. 0 means there is no media
2040 if (media_is_dvd(s))
2041 cpu_to_ube16(buf + 6, MMC_PROFILE_DVD_ROM);
2042 else if (media_is_cd(s))
2043 cpu_to_ube16(buf + 6, MMC_PROFILE_CD_ROM);
2045 buf[10] = 0x02 | 0x01; /* persistent and current */
2046 len = 12; /* headers: 8 + 4 */
2047 len += ide_atapi_set_profile(buf, &index, MMC_PROFILE_DVD_ROM);
2048 len += ide_atapi_set_profile(buf, &index, MMC_PROFILE_CD_ROM);
2049 cpu_to_ube32(buf, len - 4); /* data length */
2051 ide_atapi_cmd_reply(s, len, max_len);
2055 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
2056 ASC_ILLEGAL_OPCODE);
2061 static void ide_cfata_metadata_inquiry(IDEState *s)
2066 p = (uint16_t *) s->io_buffer;
2067 memset(p, 0, 0x200);
2068 spd = ((s->mdata_size - 1) >> 9) + 1;
2070 put_le16(p + 0, 0x0001); /* Data format revision */
2071 put_le16(p + 1, 0x0000); /* Media property: silicon */
2072 put_le16(p + 2, s->media_changed); /* Media status */
2073 put_le16(p + 3, s->mdata_size & 0xffff); /* Capacity in bytes (low) */
2074 put_le16(p + 4, s->mdata_size >> 16); /* Capacity in bytes (high) */
2075 put_le16(p + 5, spd & 0xffff); /* Sectors per device (low) */
2076 put_le16(p + 6, spd >> 16); /* Sectors per device (high) */
2079 static void ide_cfata_metadata_read(IDEState *s)
2083 if (((s->hcyl << 16) | s->lcyl) << 9 > s->mdata_size + 2) {
2084 s->status = ERR_STAT;
2085 s->error = ABRT_ERR;
2089 p = (uint16_t *) s->io_buffer;
2090 memset(p, 0, 0x200);
2092 put_le16(p + 0, s->media_changed); /* Media status */
2093 memcpy(p + 1, s->mdata_storage + (((s->hcyl << 16) | s->lcyl) << 9),
2094 MIN(MIN(s->mdata_size - (((s->hcyl << 16) | s->lcyl) << 9),
2095 s->nsector << 9), 0x200 - 2));
2098 static void ide_cfata_metadata_write(IDEState *s)
2100 if (((s->hcyl << 16) | s->lcyl) << 9 > s->mdata_size + 2) {
2101 s->status = ERR_STAT;
2102 s->error = ABRT_ERR;
2106 s->media_changed = 0;
2108 memcpy(s->mdata_storage + (((s->hcyl << 16) | s->lcyl) << 9),
2110 MIN(MIN(s->mdata_size - (((s->hcyl << 16) | s->lcyl) << 9),
2111 s->nsector << 9), 0x200 - 2));
2114 /* called when the inserted state of the media has changed */
2115 static void cdrom_change_cb(void *opaque)
2117 IDEState *s = opaque;
2118 uint64_t nb_sectors;
2120 bdrv_get_geometry(s->bs, &nb_sectors);
2121 s->nb_sectors = nb_sectors;
2123 s->sense_key = SENSE_UNIT_ATTENTION;
2124 s->asc = ASC_MEDIUM_MAY_HAVE_CHANGED;
2129 static void ide_cmd_lba48_transform(IDEState *s, int lba48)
2133 /* handle the 'magic' 0 nsector count conversion here. to avoid
2134 * fiddling with the rest of the read logic, we just store the
2135 * full sector count in ->nsector and ignore ->hob_nsector from now
2141 if (!s->nsector && !s->hob_nsector)
2144 int lo = s->nsector;
2145 int hi = s->hob_nsector;
2147 s->nsector = (hi << 8) | lo;
2152 static void ide_clear_hob(IDEState *ide_if)
2154 /* any write clears HOB high bit of device control register */
2155 ide_if[0].select &= ~(1 << 7);
2156 ide_if[1].select &= ~(1 << 7);
2159 static void ide_ioport_write(void *opaque, uint32_t addr, uint32_t val)
2161 IDEState *ide_if = opaque;
2167 printf("IDE: write addr=0x%x val=0x%02x\n", addr, val);
2172 /* ignore writes to command block while busy with previous command */
2173 if (addr != 7 && (ide_if->cur_drive->status & (BUSY_STAT|DRQ_STAT)))
2180 ide_clear_hob(ide_if);
2181 /* NOTE: data is written to the two drives */
2182 ide_if[0].hob_feature = ide_if[0].feature;
2183 ide_if[1].hob_feature = ide_if[1].feature;
2184 ide_if[0].feature = val;
2185 ide_if[1].feature = val;
2188 ide_clear_hob(ide_if);
2189 ide_if[0].hob_nsector = ide_if[0].nsector;
2190 ide_if[1].hob_nsector = ide_if[1].nsector;
2191 ide_if[0].nsector = val;
2192 ide_if[1].nsector = val;
2195 ide_clear_hob(ide_if);
2196 ide_if[0].hob_sector = ide_if[0].sector;
2197 ide_if[1].hob_sector = ide_if[1].sector;
2198 ide_if[0].sector = val;
2199 ide_if[1].sector = val;
2202 ide_clear_hob(ide_if);
2203 ide_if[0].hob_lcyl = ide_if[0].lcyl;
2204 ide_if[1].hob_lcyl = ide_if[1].lcyl;
2205 ide_if[0].lcyl = val;
2206 ide_if[1].lcyl = val;
2209 ide_clear_hob(ide_if);
2210 ide_if[0].hob_hcyl = ide_if[0].hcyl;
2211 ide_if[1].hob_hcyl = ide_if[1].hcyl;
2212 ide_if[0].hcyl = val;
2213 ide_if[1].hcyl = val;
2216 /* FIXME: HOB readback uses bit 7 */
2217 ide_if[0].select = (val & ~0x10) | 0xa0;
2218 ide_if[1].select = (val | 0x10) | 0xa0;
2220 unit = (val >> 4) & 1;
2222 ide_if->cur_drive = s;
2227 #if defined(DEBUG_IDE)
2228 printf("ide: CMD=%02x\n", val);
2230 s = ide_if->cur_drive;
2231 /* ignore commands to non existant slave */
2232 if (s != ide_if && !s->bs)
2235 /* Only DEVICE RESET is allowed while BSY or/and DRQ are set */
2236 if ((s->status & (BUSY_STAT|DRQ_STAT)) && val != WIN_DEVICE_RESET)
2241 if (s->bs && !s->is_cdrom) {
2245 ide_cfata_identify(s);
2246 s->status = READY_STAT | SEEK_STAT;
2247 ide_transfer_start(s, s->io_buffer, 512, ide_transfer_stop);
2250 ide_set_signature(s);
2252 ide_abort_command(s);
2259 s->status = READY_STAT | SEEK_STAT;
2263 if (s->is_cf && s->nsector == 0) {
2264 /* Disable Read and Write Multiple */
2265 s->mult_sectors = 0;
2266 s->status = READY_STAT | SEEK_STAT;
2267 } else if ((s->nsector & 0xff) != 0 &&
2268 ((s->nsector & 0xff) > MAX_MULT_SECTORS ||
2269 (s->nsector & (s->nsector - 1)) != 0)) {
2270 ide_abort_command(s);
2272 s->mult_sectors = s->nsector & 0xff;
2273 s->status = READY_STAT | SEEK_STAT;
2277 case WIN_VERIFY_EXT:
2280 case WIN_VERIFY_ONCE:
2281 /* do sector number check ? */
2282 ide_cmd_lba48_transform(s, lba48);
2283 s->status = READY_STAT | SEEK_STAT;
2292 ide_cmd_lba48_transform(s, lba48);
2293 s->req_nb_sectors = 1;
2299 case WIN_WRITE_ONCE:
2300 case CFA_WRITE_SECT_WO_ERASE:
2301 case WIN_WRITE_VERIFY:
2302 ide_cmd_lba48_transform(s, lba48);
2304 s->status = SEEK_STAT | READY_STAT;
2305 s->req_nb_sectors = 1;
2306 ide_transfer_start(s, s->io_buffer, 512, ide_sector_write);
2307 s->media_changed = 1;
2309 case WIN_MULTREAD_EXT:
2312 if (!s->mult_sectors)
2314 ide_cmd_lba48_transform(s, lba48);
2315 s->req_nb_sectors = s->mult_sectors;
2318 case WIN_MULTWRITE_EXT:
2321 case CFA_WRITE_MULTI_WO_ERASE:
2322 if (!s->mult_sectors)
2324 ide_cmd_lba48_transform(s, lba48);
2326 s->status = SEEK_STAT | READY_STAT;
2327 s->req_nb_sectors = s->mult_sectors;
2329 if (n > s->req_nb_sectors)
2330 n = s->req_nb_sectors;
2331 ide_transfer_start(s, s->io_buffer, 512 * n, ide_sector_write);
2332 s->media_changed = 1;
2334 case WIN_READDMA_EXT:
2337 case WIN_READDMA_ONCE:
2340 ide_cmd_lba48_transform(s, lba48);
2341 ide_sector_read_dma(s);
2343 case WIN_WRITEDMA_EXT:
2346 case WIN_WRITEDMA_ONCE:
2349 ide_cmd_lba48_transform(s, lba48);
2350 ide_sector_write_dma(s);
2351 s->media_changed = 1;
2353 case WIN_READ_NATIVE_MAX_EXT:
2355 case WIN_READ_NATIVE_MAX:
2356 ide_cmd_lba48_transform(s, lba48);
2357 ide_set_sector(s, s->nb_sectors - 1);
2358 s->status = READY_STAT | SEEK_STAT;
2361 case WIN_CHECKPOWERMODE1:
2362 case WIN_CHECKPOWERMODE2:
2363 s->nsector = 0xff; /* device active or idle */
2364 s->status = READY_STAT | SEEK_STAT;
2367 case WIN_SETFEATURES:
2370 /* XXX: valid for CDROM ? */
2371 switch(s->feature) {
2372 case 0xcc: /* reverting to power-on defaults enable */
2373 case 0x66: /* reverting to power-on defaults disable */
2374 case 0x02: /* write cache enable */
2375 case 0x82: /* write cache disable */
2376 case 0xaa: /* read look-ahead enable */
2377 case 0x55: /* read look-ahead disable */
2378 case 0x05: /* set advanced power management mode */
2379 case 0x85: /* disable advanced power management mode */
2380 case 0x69: /* NOP */
2381 case 0x67: /* NOP */
2382 case 0x96: /* NOP */
2383 case 0x9a: /* NOP */
2384 case 0x42: /* enable Automatic Acoustic Mode */
2385 case 0xc2: /* disable Automatic Acoustic Mode */
2386 s->status = READY_STAT | SEEK_STAT;
2389 case 0x03: { /* set transfer mode */
2390 uint8_t val = s->nsector & 0x07;
2392 switch (s->nsector >> 3) {
2393 case 0x00: /* pio default */
2394 case 0x01: /* pio mode */
2395 put_le16(s->identify_data + 62,0x07);
2396 put_le16(s->identify_data + 63,0x07);
2397 put_le16(s->identify_data + 88,0x3f);
2399 case 0x02: /* sigle word dma mode*/
2400 put_le16(s->identify_data + 62,0x07 | (1 << (val + 8)));
2401 put_le16(s->identify_data + 63,0x07);
2402 put_le16(s->identify_data + 88,0x3f);
2404 case 0x04: /* mdma mode */
2405 put_le16(s->identify_data + 62,0x07);
2406 put_le16(s->identify_data + 63,0x07 | (1 << (val + 8)));
2407 put_le16(s->identify_data + 88,0x3f);
2409 case 0x08: /* udma mode */
2410 put_le16(s->identify_data + 62,0x07);
2411 put_le16(s->identify_data + 63,0x07);
2412 put_le16(s->identify_data + 88,0x3f | (1 << (val + 8)));
2417 s->status = READY_STAT | SEEK_STAT;
2425 case WIN_FLUSH_CACHE:
2426 case WIN_FLUSH_CACHE_EXT:
2429 s->status = READY_STAT | SEEK_STAT;
2434 case WIN_STANDBYNOW1:
2435 case WIN_STANDBYNOW2:
2436 case WIN_IDLEIMMEDIATE:
2437 case CFA_IDLEIMMEDIATE:
2442 s->status = READY_STAT;
2448 /* XXX: Check that seek is within bounds */
2449 s->status = READY_STAT | SEEK_STAT;
2452 /* ATAPI commands */
2455 ide_atapi_identify(s);
2456 s->status = READY_STAT | SEEK_STAT;
2457 ide_transfer_start(s, s->io_buffer, 512, ide_transfer_stop);
2459 ide_abort_command(s);
2464 ide_set_signature(s);
2466 s->status = 0; /* ATAPI spec (v6) section 9.10 defines packet
2467 * devices to return a clear status register
2468 * with READY_STAT *not* set. */
2470 s->status = READY_STAT | SEEK_STAT;
2471 s->error = 0x01; /* Device 0 passed, Device 1 passed or not
2479 ide_set_signature(s);
2480 s->status = 0x00; /* NOTE: READY is _not_ set */
2486 /* overlapping commands not supported */
2487 if (s->feature & 0x02)
2489 s->status = READY_STAT | SEEK_STAT;
2490 s->atapi_dma = s->feature & 1;
2492 ide_transfer_start(s, s->io_buffer, ATAPI_PACKET_SIZE,
2495 /* CF-ATA commands */
2496 case CFA_REQ_EXT_ERROR_CODE:
2499 s->error = 0x09; /* miscellaneous error */
2500 s->status = READY_STAT | SEEK_STAT;
2503 case CFA_ERASE_SECTORS:
2504 case CFA_WEAR_LEVEL:
2507 if (val == CFA_WEAR_LEVEL)
2509 if (val == CFA_ERASE_SECTORS)
2510 s->media_changed = 1;
2512 s->status = READY_STAT | SEEK_STAT;
2515 case CFA_TRANSLATE_SECTOR:
2519 s->status = READY_STAT | SEEK_STAT;
2520 memset(s->io_buffer, 0, 0x200);
2521 s->io_buffer[0x00] = s->hcyl; /* Cyl MSB */
2522 s->io_buffer[0x01] = s->lcyl; /* Cyl LSB */
2523 s->io_buffer[0x02] = s->select; /* Head */
2524 s->io_buffer[0x03] = s->sector; /* Sector */
2525 s->io_buffer[0x04] = ide_get_sector(s) >> 16; /* LBA MSB */
2526 s->io_buffer[0x05] = ide_get_sector(s) >> 8; /* LBA */
2527 s->io_buffer[0x06] = ide_get_sector(s) >> 0; /* LBA LSB */
2528 s->io_buffer[0x13] = 0x00; /* Erase flag */
2529 s->io_buffer[0x18] = 0x00; /* Hot count */
2530 s->io_buffer[0x19] = 0x00; /* Hot count */
2531 s->io_buffer[0x1a] = 0x01; /* Hot count */
2532 ide_transfer_start(s, s->io_buffer, 0x200, ide_transfer_stop);
2535 case CFA_ACCESS_METADATA_STORAGE:
2538 switch (s->feature) {
2539 case 0x02: /* Inquiry Metadata Storage */
2540 ide_cfata_metadata_inquiry(s);
2542 case 0x03: /* Read Metadata Storage */
2543 ide_cfata_metadata_read(s);
2545 case 0x04: /* Write Metadata Storage */
2546 ide_cfata_metadata_write(s);
2551 ide_transfer_start(s, s->io_buffer, 0x200, ide_transfer_stop);
2552 s->status = 0x00; /* NOTE: READY is _not_ set */
2555 case IBM_SENSE_CONDITION:
2558 switch (s->feature) {
2559 case 0x01: /* sense temperature in device */
2560 s->nsector = 0x50; /* +20 C */
2565 s->status = READY_STAT | SEEK_STAT;
2570 ide_abort_command(s);
2577 static uint32_t ide_ioport_read(void *opaque, uint32_t addr1)
2579 IDEState *ide_if = opaque;
2580 IDEState *s = ide_if->cur_drive;
2585 /* FIXME: HOB readback uses bit 7, but it's always set right now */
2586 //hob = s->select & (1 << 7);
2593 if ((!ide_if[0].bs && !ide_if[1].bs) ||
2594 (s != ide_if && !s->bs))
2599 ret = s->hob_feature;
2602 if (!ide_if[0].bs && !ide_if[1].bs)
2605 ret = s->nsector & 0xff;
2607 ret = s->hob_nsector;
2610 if (!ide_if[0].bs && !ide_if[1].bs)
2615 ret = s->hob_sector;
2618 if (!ide_if[0].bs && !ide_if[1].bs)
2626 if (!ide_if[0].bs && !ide_if[1].bs)
2634 if (!ide_if[0].bs && !ide_if[1].bs)
2641 if ((!ide_if[0].bs && !ide_if[1].bs) ||
2642 (s != ide_if && !s->bs))
2646 qemu_irq_lower(s->irq);
2650 printf("ide: read addr=0x%x val=%02x\n", addr1, ret);
2655 static uint32_t ide_status_read(void *opaque, uint32_t addr)
2657 IDEState *ide_if = opaque;
2658 IDEState *s = ide_if->cur_drive;
2661 if ((!ide_if[0].bs && !ide_if[1].bs) ||
2662 (s != ide_if && !s->bs))
2667 printf("ide: read status addr=0x%x val=%02x\n", addr, ret);
2672 static void ide_cmd_write(void *opaque, uint32_t addr, uint32_t val)
2674 IDEState *ide_if = opaque;
2679 printf("ide: write control addr=0x%x val=%02x\n", addr, val);
2681 /* common for both drives */
2682 if (!(ide_if[0].cmd & IDE_CMD_RESET) &&
2683 (val & IDE_CMD_RESET)) {
2684 /* reset low to high */
2685 for(i = 0;i < 2; i++) {
2687 s->status = BUSY_STAT | SEEK_STAT;
2690 } else if ((ide_if[0].cmd & IDE_CMD_RESET) &&
2691 !(val & IDE_CMD_RESET)) {
2693 for(i = 0;i < 2; i++) {
2696 s->status = 0x00; /* NOTE: READY is _not_ set */
2698 s->status = READY_STAT | SEEK_STAT;
2699 ide_set_signature(s);
2703 ide_if[0].cmd = val;
2704 ide_if[1].cmd = val;
2707 static void ide_data_writew(void *opaque, uint32_t addr, uint32_t val)
2709 IDEState *s = ((IDEState *)opaque)->cur_drive;
2712 /* PIO data access allowed only when DRQ bit is set */
2713 if (!(s->status & DRQ_STAT))
2717 *(uint16_t *)p = le16_to_cpu(val);
2720 if (p >= s->data_end)
2721 s->end_transfer_func(s);
2724 static uint32_t ide_data_readw(void *opaque, uint32_t addr)
2726 IDEState *s = ((IDEState *)opaque)->cur_drive;
2730 /* PIO data access allowed only when DRQ bit is set */
2731 if (!(s->status & DRQ_STAT))
2735 ret = cpu_to_le16(*(uint16_t *)p);
2738 if (p >= s->data_end)
2739 s->end_transfer_func(s);
2743 static void ide_data_writel(void *opaque, uint32_t addr, uint32_t val)
2745 IDEState *s = ((IDEState *)opaque)->cur_drive;
2748 /* PIO data access allowed only when DRQ bit is set */
2749 if (!(s->status & DRQ_STAT))
2753 *(uint32_t *)p = le32_to_cpu(val);
2756 if (p >= s->data_end)
2757 s->end_transfer_func(s);
2760 static uint32_t ide_data_readl(void *opaque, uint32_t addr)
2762 IDEState *s = ((IDEState *)opaque)->cur_drive;
2766 /* PIO data access allowed only when DRQ bit is set */
2767 if (!(s->status & DRQ_STAT))
2771 ret = cpu_to_le32(*(uint32_t *)p);
2774 if (p >= s->data_end)
2775 s->end_transfer_func(s);
2779 static void ide_dummy_transfer_stop(IDEState *s)
2781 s->data_ptr = s->io_buffer;
2782 s->data_end = s->io_buffer;
2783 s->io_buffer[0] = 0xff;
2784 s->io_buffer[1] = 0xff;
2785 s->io_buffer[2] = 0xff;
2786 s->io_buffer[3] = 0xff;
2789 static void ide_reset(IDEState *s)
2792 s->mult_sectors = 0;
2794 s->mult_sectors = MAX_MULT_SECTORS;
2797 s->status = READY_STAT | SEEK_STAT;
2798 ide_set_signature(s);
2799 /* init the transfer handler so that 0xffff is returned on data
2801 s->end_transfer_func = ide_dummy_transfer_stop;
2802 ide_dummy_transfer_stop(s);
2803 s->media_changed = 0;
2806 static void ide_init2(IDEState *ide_state,
2807 BlockDriverState *hd0, BlockDriverState *hd1,
2811 static int drive_serial = 1;
2812 int i, cylinders, heads, secs;
2813 uint64_t nb_sectors;
2815 for(i = 0; i < 2; i++) {
2821 s->io_buffer = qemu_blockalign(s->bs, IDE_DMA_BUF_SECTORS*512 + 4);
2823 bdrv_get_geometry(s->bs, &nb_sectors);
2824 bdrv_guess_geometry(s->bs, &cylinders, &heads, &secs);
2825 s->cylinders = cylinders;
2828 s->nb_sectors = nb_sectors;
2830 if (bdrv_get_type_hint(s->bs) == BDRV_TYPE_CDROM) {
2832 bdrv_set_change_cb(s->bs, cdrom_change_cb, s);
2835 s->drive_serial = drive_serial++;
2836 strncpy(s->drive_serial_str, drive_get_serial(s->bs),
2837 sizeof(s->drive_serial_str));
2838 if (strlen(s->drive_serial_str) == 0)
2839 snprintf(s->drive_serial_str, sizeof(s->drive_serial_str),
2840 "QM%05d", s->drive_serial);
2842 s->sector_write_timer = qemu_new_timer(vm_clock,
2843 ide_sector_write_timer_cb, s);
2848 static void ide_init_ioport(IDEState *ide_state, int iobase, int iobase2)
2850 register_ioport_write(iobase, 8, 1, ide_ioport_write, ide_state);
2851 register_ioport_read(iobase, 8, 1, ide_ioport_read, ide_state);
2853 register_ioport_read(iobase2, 1, 1, ide_status_read, ide_state);
2854 register_ioport_write(iobase2, 1, 1, ide_cmd_write, ide_state);
2858 register_ioport_write(iobase, 2, 2, ide_data_writew, ide_state);
2859 register_ioport_read(iobase, 2, 2, ide_data_readw, ide_state);
2860 register_ioport_write(iobase, 4, 4, ide_data_writel, ide_state);
2861 register_ioport_read(iobase, 4, 4, ide_data_readl, ide_state);
2864 /* save per IDE drive data */
2865 static void ide_save(QEMUFile* f, IDEState *s)
2867 qemu_put_be32(f, s->mult_sectors);
2868 qemu_put_be32(f, s->identify_set);
2869 if (s->identify_set) {
2870 qemu_put_buffer(f, (const uint8_t *)s->identify_data, 512);
2872 qemu_put_8s(f, &s->feature);
2873 qemu_put_8s(f, &s->error);
2874 qemu_put_be32s(f, &s->nsector);
2875 qemu_put_8s(f, &s->sector);
2876 qemu_put_8s(f, &s->lcyl);
2877 qemu_put_8s(f, &s->hcyl);
2878 qemu_put_8s(f, &s->hob_feature);
2879 qemu_put_8s(f, &s->hob_nsector);
2880 qemu_put_8s(f, &s->hob_sector);
2881 qemu_put_8s(f, &s->hob_lcyl);
2882 qemu_put_8s(f, &s->hob_hcyl);
2883 qemu_put_8s(f, &s->select);
2884 qemu_put_8s(f, &s->status);
2885 qemu_put_8s(f, &s->lba48);
2887 qemu_put_8s(f, &s->sense_key);
2888 qemu_put_8s(f, &s->asc);
2889 /* XXX: if a transfer is pending, we do not save it yet */
2892 /* load per IDE drive data */
2893 static void ide_load(QEMUFile* f, IDEState *s)
2895 s->mult_sectors=qemu_get_be32(f);
2896 s->identify_set=qemu_get_be32(f);
2897 if (s->identify_set) {
2898 qemu_get_buffer(f, (uint8_t *)s->identify_data, 512);
2900 qemu_get_8s(f, &s->feature);
2901 qemu_get_8s(f, &s->error);
2902 qemu_get_be32s(f, &s->nsector);
2903 qemu_get_8s(f, &s->sector);
2904 qemu_get_8s(f, &s->lcyl);
2905 qemu_get_8s(f, &s->hcyl);
2906 qemu_get_8s(f, &s->hob_feature);
2907 qemu_get_8s(f, &s->hob_nsector);
2908 qemu_get_8s(f, &s->hob_sector);
2909 qemu_get_8s(f, &s->hob_lcyl);
2910 qemu_get_8s(f, &s->hob_hcyl);
2911 qemu_get_8s(f, &s->select);
2912 qemu_get_8s(f, &s->status);
2913 qemu_get_8s(f, &s->lba48);
2915 qemu_get_8s(f, &s->sense_key);
2916 qemu_get_8s(f, &s->asc);
2917 /* XXX: if a transfer is pending, we do not save it yet */
2920 /***********************************************************/
2921 /* ISA IDE definitions */
2923 void isa_ide_init(int iobase, int iobase2, qemu_irq irq,
2924 BlockDriverState *hd0, BlockDriverState *hd1)
2926 IDEState *ide_state;
2928 ide_state = qemu_mallocz(sizeof(IDEState) * 2);
2930 ide_init2(ide_state, hd0, hd1, irq);
2931 ide_init_ioport(ide_state, iobase, iobase2);
2934 /***********************************************************/
2935 /* PCI IDE definitions */
2937 static void cmd646_update_irq(PCIIDEState *d);
2939 static void ide_map(PCIDevice *pci_dev, int region_num,
2940 uint32_t addr, uint32_t size, int type)
2942 PCIIDEState *d = (PCIIDEState *)pci_dev;
2943 IDEState *ide_state;
2945 if (region_num <= 3) {
2946 ide_state = &d->ide_if[(region_num >> 1) * 2];
2947 if (region_num & 1) {
2948 register_ioport_read(addr + 2, 1, 1, ide_status_read, ide_state);
2949 register_ioport_write(addr + 2, 1, 1, ide_cmd_write, ide_state);
2951 register_ioport_write(addr, 8, 1, ide_ioport_write, ide_state);
2952 register_ioport_read(addr, 8, 1, ide_ioport_read, ide_state);
2955 register_ioport_write(addr, 2, 2, ide_data_writew, ide_state);
2956 register_ioport_read(addr, 2, 2, ide_data_readw, ide_state);
2957 register_ioport_write(addr, 4, 4, ide_data_writel, ide_state);
2958 register_ioport_read(addr, 4, 4, ide_data_readl, ide_state);
2963 static void ide_dma_start(IDEState *s, BlockDriverCompletionFunc *dma_cb)
2965 BMDMAState *bm = s->bmdma;
2969 bm->dma_cb = dma_cb;
2970 bm->cur_prd_last = 0;
2971 bm->cur_prd_addr = 0;
2972 bm->cur_prd_len = 0;
2973 bm->sector_num = ide_get_sector(s);
2974 bm->nsector = s->nsector;
2975 if (bm->status & BM_STATUS_DMAING) {
2980 static void ide_dma_restart(IDEState *s)
2982 BMDMAState *bm = s->bmdma;
2983 ide_set_sector(s, bm->sector_num);
2984 s->io_buffer_index = 0;
2985 s->io_buffer_size = 0;
2986 s->nsector = bm->nsector;
2987 bm->cur_addr = bm->addr;
2988 bm->dma_cb = ide_write_dma_cb;
2989 ide_dma_start(s, bm->dma_cb);
2992 static void ide_dma_cancel(BMDMAState *bm)
2994 if (bm->status & BM_STATUS_DMAING) {
2995 bm->status &= ~BM_STATUS_DMAING;
2996 /* cancel DMA request */
3001 printf("aio_cancel\n");
3003 bdrv_aio_cancel(bm->aiocb);
3009 static void bmdma_cmd_writeb(void *opaque, uint32_t addr, uint32_t val)
3011 BMDMAState *bm = opaque;
3013 printf("%s: 0x%08x\n", __func__, val);
3015 if (!(val & BM_CMD_START)) {
3016 /* XXX: do it better */
3018 bm->cmd = val & 0x09;
3020 if (!(bm->status & BM_STATUS_DMAING)) {
3021 bm->status |= BM_STATUS_DMAING;
3022 /* start dma transfer if possible */
3026 bm->cmd = val & 0x09;
3030 static uint32_t bmdma_readb(void *opaque, uint32_t addr)
3032 BMDMAState *bm = opaque;
3033 PCIIDEState *pci_dev;
3041 pci_dev = bm->pci_dev;
3042 if (pci_dev->type == IDE_TYPE_CMD646) {
3043 val = pci_dev->dev.config[MRDMODE];
3052 pci_dev = bm->pci_dev;
3053 if (pci_dev->type == IDE_TYPE_CMD646) {
3054 if (bm == &pci_dev->bmdma[0])
3055 val = pci_dev->dev.config[UDIDETCR0];
3057 val = pci_dev->dev.config[UDIDETCR1];
3067 printf("bmdma: readb 0x%02x : 0x%02x\n", addr, val);
3072 static void bmdma_writeb(void *opaque, uint32_t addr, uint32_t val)
3074 BMDMAState *bm = opaque;
3075 PCIIDEState *pci_dev;
3077 printf("bmdma: writeb 0x%02x : 0x%02x\n", addr, val);
3081 pci_dev = bm->pci_dev;
3082 if (pci_dev->type == IDE_TYPE_CMD646) {
3083 pci_dev->dev.config[MRDMODE] =
3084 (pci_dev->dev.config[MRDMODE] & ~0x30) | (val & 0x30);
3085 cmd646_update_irq(pci_dev);
3089 bm->status = (val & 0x60) | (bm->status & 1) | (bm->status & ~val & 0x06);
3092 pci_dev = bm->pci_dev;
3093 if (pci_dev->type == IDE_TYPE_CMD646) {
3094 if (bm == &pci_dev->bmdma[0])
3095 pci_dev->dev.config[UDIDETCR0] = val;
3097 pci_dev->dev.config[UDIDETCR1] = val;
3103 static uint32_t bmdma_addr_readb(void *opaque, uint32_t addr)
3105 BMDMAState *bm = opaque;
3107 val = (bm->addr >> ((addr & 3) * 8)) & 0xff;
3109 printf("%s: 0x%08x\n", __func__, val);
3114 static void bmdma_addr_writeb(void *opaque, uint32_t addr, uint32_t val)
3116 BMDMAState *bm = opaque;
3117 int shift = (addr & 3) * 8;
3119 printf("%s: 0x%08x\n", __func__, val);
3121 bm->addr &= ~(0xFF << shift);
3122 bm->addr |= ((val & 0xFF) << shift) & ~3;
3123 bm->cur_addr = bm->addr;
3126 static uint32_t bmdma_addr_readw(void *opaque, uint32_t addr)
3128 BMDMAState *bm = opaque;
3130 val = (bm->addr >> ((addr & 3) * 8)) & 0xffff;
3132 printf("%s: 0x%08x\n", __func__, val);
3137 static void bmdma_addr_writew(void *opaque, uint32_t addr, uint32_t val)
3139 BMDMAState *bm = opaque;
3140 int shift = (addr & 3) * 8;
3142 printf("%s: 0x%08x\n", __func__, val);
3144 bm->addr &= ~(0xFFFF << shift);
3145 bm->addr |= ((val & 0xFFFF) << shift) & ~3;
3146 bm->cur_addr = bm->addr;
3149 static uint32_t bmdma_addr_readl(void *opaque, uint32_t addr)
3151 BMDMAState *bm = opaque;
3155 printf("%s: 0x%08x\n", __func__, val);
3160 static void bmdma_addr_writel(void *opaque, uint32_t addr, uint32_t val)
3162 BMDMAState *bm = opaque;
3164 printf("%s: 0x%08x\n", __func__, val);
3166 bm->addr = val & ~3;
3167 bm->cur_addr = bm->addr;
3170 static void bmdma_map(PCIDevice *pci_dev, int region_num,
3171 uint32_t addr, uint32_t size, int type)
3173 PCIIDEState *d = (PCIIDEState *)pci_dev;
3176 for(i = 0;i < 2; i++) {
3177 BMDMAState *bm = &d->bmdma[i];
3178 d->ide_if[2 * i].bmdma = bm;
3179 d->ide_if[2 * i + 1].bmdma = bm;
3180 bm->pci_dev = (PCIIDEState *)pci_dev;
3181 qemu_add_vm_change_state_handler(ide_dma_restart_cb, bm);
3183 register_ioport_write(addr, 1, 1, bmdma_cmd_writeb, bm);
3185 register_ioport_write(addr + 1, 3, 1, bmdma_writeb, bm);
3186 register_ioport_read(addr, 4, 1, bmdma_readb, bm);
3188 register_ioport_write(addr + 4, 4, 1, bmdma_addr_writeb, bm);
3189 register_ioport_read(addr + 4, 4, 1, bmdma_addr_readb, bm);
3190 register_ioport_write(addr + 4, 4, 2, bmdma_addr_writew, bm);
3191 register_ioport_read(addr + 4, 4, 2, bmdma_addr_readw, bm);
3192 register_ioport_write(addr + 4, 4, 4, bmdma_addr_writel, bm);
3193 register_ioport_read(addr + 4, 4, 4, bmdma_addr_readl, bm);
3198 static void pci_ide_save(QEMUFile* f, void *opaque)
3200 PCIIDEState *d = opaque;
3203 pci_device_save(&d->dev, f);
3205 for(i = 0; i < 2; i++) {
3206 BMDMAState *bm = &d->bmdma[i];
3208 qemu_put_8s(f, &bm->cmd);
3209 qemu_put_8s(f, &bm->status);
3210 qemu_put_be32s(f, &bm->addr);
3211 qemu_put_sbe64s(f, &bm->sector_num);
3212 qemu_put_be32s(f, &bm->nsector);
3213 ifidx = bm->ide_if ? bm->ide_if - d->ide_if : 0;
3214 qemu_put_8s(f, &ifidx);
3215 /* XXX: if a transfer is pending, we do not save it yet */
3218 /* per IDE interface data */
3219 for(i = 0; i < 2; i++) {
3220 IDEState *s = &d->ide_if[i * 2];
3221 uint8_t drive1_selected;
3222 qemu_put_8s(f, &s->cmd);
3223 drive1_selected = (s->cur_drive != s);
3224 qemu_put_8s(f, &drive1_selected);
3227 /* per IDE drive data */
3228 for(i = 0; i < 4; i++) {
3229 ide_save(f, &d->ide_if[i]);
3233 static int pci_ide_load(QEMUFile* f, void *opaque, int version_id)
3235 PCIIDEState *d = opaque;
3238 if (version_id != 2)
3240 ret = pci_device_load(&d->dev, f);
3244 for(i = 0; i < 2; i++) {
3245 BMDMAState *bm = &d->bmdma[i];
3247 qemu_get_8s(f, &bm->cmd);
3248 qemu_get_8s(f, &bm->status);
3249 qemu_get_be32s(f, &bm->addr);
3250 qemu_get_sbe64s(f, &bm->sector_num);
3251 qemu_get_be32s(f, &bm->nsector);
3252 qemu_get_8s(f, &ifidx);
3253 bm->ide_if = &d->ide_if[ifidx];
3254 /* XXX: if a transfer is pending, we do not save it yet */
3257 /* per IDE interface data */
3258 for(i = 0; i < 2; i++) {
3259 IDEState *s = &d->ide_if[i * 2];
3260 uint8_t drive1_selected;
3261 qemu_get_8s(f, &s->cmd);
3262 qemu_get_8s(f, &drive1_selected);
3263 s->cur_drive = &d->ide_if[i * 2 + (drive1_selected != 0)];
3266 /* per IDE drive data */
3267 for(i = 0; i < 4; i++) {
3268 ide_load(f, &d->ide_if[i]);
3273 /* XXX: call it also when the MRDMODE is changed from the PCI config
3275 static void cmd646_update_irq(PCIIDEState *d)
3278 pci_level = ((d->dev.config[MRDMODE] & MRDMODE_INTR_CH0) &&
3279 !(d->dev.config[MRDMODE] & MRDMODE_BLK_CH0)) ||
3280 ((d->dev.config[MRDMODE] & MRDMODE_INTR_CH1) &&
3281 !(d->dev.config[MRDMODE] & MRDMODE_BLK_CH1));
3282 qemu_set_irq(d->dev.irq[0], pci_level);
3285 /* the PCI irq level is the logical OR of the two channels */
3286 static void cmd646_set_irq(void *opaque, int channel, int level)
3288 PCIIDEState *d = opaque;
3291 irq_mask = MRDMODE_INTR_CH0 << channel;
3293 d->dev.config[MRDMODE] |= irq_mask;
3295 d->dev.config[MRDMODE] &= ~irq_mask;
3296 cmd646_update_irq(d);
3299 static void cmd646_reset(void *opaque)
3301 PCIIDEState *d = opaque;
3304 for (i = 0; i < 2; i++)
3305 ide_dma_cancel(&d->bmdma[i]);
3308 /* CMD646 PCI IDE controller */
3309 void pci_cmd646_ide_init(PCIBus *bus, BlockDriverState **hd_table,
3310 int secondary_ide_enabled)
3317 d = (PCIIDEState *)pci_register_device(bus, "CMD646 IDE",
3318 sizeof(PCIIDEState),
3321 d->type = IDE_TYPE_CMD646;
3322 pci_conf = d->dev.config;
3323 pci_config_set_vendor_id(pci_conf, PCI_VENDOR_ID_CMD);
3324 pci_config_set_device_id(pci_conf, PCI_DEVICE_ID_CMD_646);
3326 pci_conf[0x08] = 0x07; // IDE controller revision
3327 pci_conf[0x09] = 0x8f;
3329 pci_config_set_class(pci_conf, PCI_CLASS_STORAGE_IDE);
3330 pci_conf[PCI_HEADER_TYPE] = PCI_HEADER_TYPE_NORMAL; // header_type
3332 pci_conf[0x51] = 0x04; // enable IDE0
3333 if (secondary_ide_enabled) {
3334 /* XXX: if not enabled, really disable the seconday IDE controller */
3335 pci_conf[0x51] |= 0x08; /* enable IDE1 */
3338 pci_register_bar((PCIDevice *)d, 0, 0x8,
3339 PCI_ADDRESS_SPACE_IO, ide_map);
3340 pci_register_bar((PCIDevice *)d, 1, 0x4,
3341 PCI_ADDRESS_SPACE_IO, ide_map);
3342 pci_register_bar((PCIDevice *)d, 2, 0x8,
3343 PCI_ADDRESS_SPACE_IO, ide_map);
3344 pci_register_bar((PCIDevice *)d, 3, 0x4,
3345 PCI_ADDRESS_SPACE_IO, ide_map);
3346 pci_register_bar((PCIDevice *)d, 4, 0x10,
3347 PCI_ADDRESS_SPACE_IO, bmdma_map);
3349 pci_conf[0x3d] = 0x01; // interrupt on pin 1
3351 for(i = 0; i < 4; i++)
3352 d->ide_if[i].pci_dev = (PCIDevice *)d;
3354 irq = qemu_allocate_irqs(cmd646_set_irq, d, 2);
3355 ide_init2(&d->ide_if[0], hd_table[0], hd_table[1], irq[0]);
3356 ide_init2(&d->ide_if[2], hd_table[2], hd_table[3], irq[1]);
3358 register_savevm("ide", 0, 2, pci_ide_save, pci_ide_load, d);
3359 qemu_register_reset(cmd646_reset, d);
3363 static void piix3_reset(void *opaque)
3365 PCIIDEState *d = opaque;
3366 uint8_t *pci_conf = d->dev.config;
3369 for (i = 0; i < 2; i++)
3370 ide_dma_cancel(&d->bmdma[i]);
3372 pci_conf[0x04] = 0x00;
3373 pci_conf[0x05] = 0x00;
3374 pci_conf[0x06] = 0x80; /* FBC */
3375 pci_conf[0x07] = 0x02; // PCI_status_devsel_medium
3376 pci_conf[0x20] = 0x01; /* BMIBA: 20-23h */
3379 /* hd_table must contain 4 block drivers */
3380 /* NOTE: for the PIIX3, the IRQs and IOports are hardcoded */
3381 void pci_piix3_ide_init(PCIBus *bus, BlockDriverState **hd_table, int devfn,
3388 /* register a function 1 of PIIX3 */
3389 d = (PCIIDEState *)pci_register_device(bus, "PIIX3 IDE",
3390 sizeof(PCIIDEState),
3393 d->type = IDE_TYPE_PIIX3;
3395 pci_conf = d->dev.config;
3396 pci_config_set_vendor_id(pci_conf, PCI_VENDOR_ID_INTEL);
3397 pci_config_set_device_id(pci_conf, PCI_DEVICE_ID_INTEL_82371SB_1);
3398 pci_conf[0x09] = 0x80; // legacy ATA mode
3399 pci_config_set_class(pci_conf, PCI_CLASS_STORAGE_IDE);
3400 pci_conf[PCI_HEADER_TYPE] = PCI_HEADER_TYPE_NORMAL; // header_type
3402 qemu_register_reset(piix3_reset, d);
3405 pci_register_bar((PCIDevice *)d, 4, 0x10,
3406 PCI_ADDRESS_SPACE_IO, bmdma_map);
3408 ide_init2(&d->ide_if[0], hd_table[0], hd_table[1], pic[14]);
3409 ide_init2(&d->ide_if[2], hd_table[2], hd_table[3], pic[15]);
3410 ide_init_ioport(&d->ide_if[0], 0x1f0, 0x3f6);
3411 ide_init_ioport(&d->ide_if[2], 0x170, 0x376);
3413 for (i = 0; i < 4; i++)
3415 hd_table[i]->private = &d->dev;
3417 register_savevm("ide", 0, 2, pci_ide_save, pci_ide_load, d);
3420 /* hd_table must contain 4 block drivers */
3421 /* NOTE: for the PIIX4, the IRQs and IOports are hardcoded */
3422 void pci_piix4_ide_init(PCIBus *bus, BlockDriverState **hd_table, int devfn,
3428 /* register a function 1 of PIIX4 */
3429 d = (PCIIDEState *)pci_register_device(bus, "PIIX4 IDE",
3430 sizeof(PCIIDEState),
3433 d->type = IDE_TYPE_PIIX4;
3435 pci_conf = d->dev.config;
3436 pci_config_set_vendor_id(pci_conf, PCI_VENDOR_ID_INTEL);
3437 pci_config_set_device_id(pci_conf, PCI_DEVICE_ID_INTEL_82371AB);
3438 pci_conf[0x09] = 0x80; // legacy ATA mode
3439 pci_config_set_class(pci_conf, PCI_CLASS_STORAGE_IDE);
3440 pci_conf[PCI_HEADER_TYPE] = PCI_HEADER_TYPE_NORMAL; // header_type
3442 qemu_register_reset(piix3_reset, d);
3445 pci_register_bar((PCIDevice *)d, 4, 0x10,
3446 PCI_ADDRESS_SPACE_IO, bmdma_map);
3448 ide_init2(&d->ide_if[0], hd_table[0], hd_table[1], pic[14]);
3449 ide_init2(&d->ide_if[2], hd_table[2], hd_table[3], pic[15]);
3450 ide_init_ioport(&d->ide_if[0], 0x1f0, 0x3f6);
3451 ide_init_ioport(&d->ide_if[2], 0x170, 0x376);
3453 register_savevm("ide", 0, 2, pci_ide_save, pci_ide_load, d);
3456 #if defined(TARGET_PPC)
3457 /***********************************************************/
3458 /* MacIO based PowerPC IDE */
3460 typedef struct MACIOIDEState {
3462 BlockDriverAIOCB *aiocb;
3465 static void pmac_ide_atapi_transfer_cb(void *opaque, int ret)
3467 DBDMA_io *io = opaque;
3468 MACIOIDEState *m = io->opaque;
3469 IDEState *s = m->ide_if->cur_drive;
3473 qemu_sglist_destroy(&s->sg);
3474 ide_atapi_io_error(s, ret);
3475 io->dma_end(opaque);
3479 if (s->io_buffer_size > 0) {
3481 qemu_sglist_destroy(&s->sg);
3483 s->packet_transfer_size -= s->io_buffer_size;
3485 s->io_buffer_index += s->io_buffer_size;
3486 s->lba += s->io_buffer_index >> 11;
3487 s->io_buffer_index &= 0x7ff;
3490 if (s->packet_transfer_size <= 0)
3491 ide_atapi_cmd_ok(s);
3494 io->dma_end(opaque);
3498 /* launch next transfer */
3500 s->io_buffer_size = io->len;
3502 qemu_sglist_init(&s->sg, io->len / TARGET_PAGE_SIZE + 1);
3503 qemu_sglist_add(&s->sg, io->addr, io->len);
3504 io->addr += io->len;
3507 m->aiocb = dma_bdrv_read(s->bs, &s->sg,
3508 (int64_t)(s->lba << 2) + (s->io_buffer_index >> 9),
3509 pmac_ide_atapi_transfer_cb, io);
3511 qemu_sglist_destroy(&s->sg);
3512 /* Note: media not present is the most likely case */
3513 ide_atapi_cmd_error(s, SENSE_NOT_READY,
3514 ASC_MEDIUM_NOT_PRESENT);
3515 io->dma_end(opaque);
3520 static void pmac_ide_transfer_cb(void *opaque, int ret)
3522 DBDMA_io *io = opaque;
3523 MACIOIDEState *m = io->opaque;
3524 IDEState *s = m->ide_if->cur_drive;
3530 qemu_sglist_destroy(&s->sg);
3536 sector_num = ide_get_sector(s);
3537 if (s->io_buffer_size > 0) {
3539 qemu_sglist_destroy(&s->sg);
3540 n = (s->io_buffer_size + 0x1ff) >> 9;
3542 ide_set_sector(s, sector_num);
3546 /* end of transfer ? */
3547 if (s->nsector == 0) {
3548 s->status = READY_STAT | SEEK_STAT;
3559 /* launch next transfer */
3561 s->io_buffer_index = 0;
3562 s->io_buffer_size = io->len;
3564 qemu_sglist_init(&s->sg, io->len / TARGET_PAGE_SIZE + 1);
3565 qemu_sglist_add(&s->sg, io->addr, io->len);
3566 io->addr += io->len;
3570 m->aiocb = dma_bdrv_read(s->bs, &s->sg, sector_num,
3571 pmac_ide_transfer_cb, io);
3573 m->aiocb = dma_bdrv_write(s->bs, &s->sg, sector_num,
3574 pmac_ide_transfer_cb, io);
3576 pmac_ide_transfer_cb(io, -1);
3579 static void pmac_ide_transfer(DBDMA_io *io)
3581 MACIOIDEState *m = io->opaque;
3582 IDEState *s = m->ide_if->cur_drive;
3584 s->io_buffer_size = 0;
3586 pmac_ide_atapi_transfer_cb(io, 0);
3590 pmac_ide_transfer_cb(io, 0);
3593 static void pmac_ide_flush(DBDMA_io *io)
3595 MACIOIDEState *m = io->opaque;
3601 /* PowerMac IDE memory IO */
3602 static void pmac_ide_writeb (void *opaque,
3603 target_phys_addr_t addr, uint32_t val)
3605 MACIOIDEState *d = opaque;
3607 addr = (addr & 0xFFF) >> 4;
3610 ide_ioport_write(d->ide_if, addr, val);
3614 ide_cmd_write(d->ide_if, 0, val);
3621 static uint32_t pmac_ide_readb (void *opaque,target_phys_addr_t addr)
3624 MACIOIDEState *d = opaque;
3626 addr = (addr & 0xFFF) >> 4;
3629 retval = ide_ioport_read(d->ide_if, addr);
3633 retval = ide_status_read(d->ide_if, 0);
3642 static void pmac_ide_writew (void *opaque,
3643 target_phys_addr_t addr, uint32_t val)
3645 MACIOIDEState *d = opaque;
3647 addr = (addr & 0xFFF) >> 4;
3648 #ifdef TARGET_WORDS_BIGENDIAN
3652 ide_data_writew(d->ide_if, 0, val);
3656 static uint32_t pmac_ide_readw (void *opaque,target_phys_addr_t addr)
3659 MACIOIDEState *d = opaque;
3661 addr = (addr & 0xFFF) >> 4;
3663 retval = ide_data_readw(d->ide_if, 0);
3667 #ifdef TARGET_WORDS_BIGENDIAN
3668 retval = bswap16(retval);
3673 static void pmac_ide_writel (void *opaque,
3674 target_phys_addr_t addr, uint32_t val)
3676 MACIOIDEState *d = opaque;
3678 addr = (addr & 0xFFF) >> 4;
3679 #ifdef TARGET_WORDS_BIGENDIAN
3683 ide_data_writel(d->ide_if, 0, val);
3687 static uint32_t pmac_ide_readl (void *opaque,target_phys_addr_t addr)
3690 MACIOIDEState *d = opaque;
3692 addr = (addr & 0xFFF) >> 4;
3694 retval = ide_data_readl(d->ide_if, 0);
3696 retval = 0xFFFFFFFF;
3698 #ifdef TARGET_WORDS_BIGENDIAN
3699 retval = bswap32(retval);
3704 static CPUWriteMemoryFunc *pmac_ide_write[] = {
3710 static CPUReadMemoryFunc *pmac_ide_read[] = {
3716 static void pmac_ide_save(QEMUFile *f, void *opaque)
3718 MACIOIDEState *d = opaque;
3719 IDEState *s = d->ide_if;
3720 uint8_t drive1_selected;
3723 /* per IDE interface data */
3724 qemu_put_8s(f, &s->cmd);
3725 drive1_selected = (s->cur_drive != s);
3726 qemu_put_8s(f, &drive1_selected);
3728 /* per IDE drive data */
3729 for(i = 0; i < 2; i++) {
3734 static int pmac_ide_load(QEMUFile *f, void *opaque, int version_id)
3736 MACIOIDEState *d = opaque;
3737 IDEState *s = d->ide_if;
3738 uint8_t drive1_selected;
3741 if (version_id != 1)
3744 /* per IDE interface data */
3745 qemu_get_8s(f, &s->cmd);
3746 qemu_get_8s(f, &drive1_selected);
3747 s->cur_drive = &s[(drive1_selected != 0)];
3749 /* per IDE drive data */
3750 for(i = 0; i < 2; i++) {
3756 static void pmac_ide_reset(void *opaque)
3758 MACIOIDEState *d = opaque;
3759 IDEState *s = d->ide_if;
3765 /* hd_table must contain 4 block drivers */
3766 /* PowerMac uses memory mapped registers, not I/O. Return the memory
3767 I/O index to access the ide. */
3768 int pmac_ide_init (BlockDriverState **hd_table, qemu_irq irq,
3769 void *dbdma, int channel, qemu_irq dma_irq)
3772 int pmac_ide_memory;
3774 d = qemu_mallocz(sizeof(MACIOIDEState));
3775 ide_init2(d->ide_if, hd_table[0], hd_table[1], irq);
3778 DBDMA_register_channel(dbdma, channel, dma_irq, pmac_ide_transfer, pmac_ide_flush, d);
3780 pmac_ide_memory = cpu_register_io_memory(pmac_ide_read,
3782 register_savevm("ide", 0, 1, pmac_ide_save, pmac_ide_load, d);
3783 qemu_register_reset(pmac_ide_reset, d);
3786 return pmac_ide_memory;
3788 #endif /* TARGET_PPC */
3790 /***********************************************************/
3791 /* MMIO based ide port
3792 * This emulates IDE device connected directly to the CPU bus without
3793 * dedicated ide controller, which is often seen on embedded boards.
3801 static uint32_t mmio_ide_read (void *opaque, target_phys_addr_t addr)
3803 MMIOState *s = (MMIOState*)opaque;
3804 IDEState *ide = (IDEState*)s->dev;
3807 return ide_ioport_read(ide, addr);
3809 return ide_data_readw(ide, 0);
3812 static void mmio_ide_write (void *opaque, target_phys_addr_t addr,
3815 MMIOState *s = (MMIOState*)opaque;
3816 IDEState *ide = (IDEState*)s->dev;
3819 ide_ioport_write(ide, addr, val);
3821 ide_data_writew(ide, 0, val);
3824 static CPUReadMemoryFunc *mmio_ide_reads[] = {
3830 static CPUWriteMemoryFunc *mmio_ide_writes[] = {
3836 static uint32_t mmio_ide_status_read (void *opaque, target_phys_addr_t addr)
3838 MMIOState *s= (MMIOState*)opaque;
3839 IDEState *ide = (IDEState*)s->dev;
3840 return ide_status_read(ide, 0);
3843 static void mmio_ide_cmd_write (void *opaque, target_phys_addr_t addr,
3846 MMIOState *s = (MMIOState*)opaque;
3847 IDEState *ide = (IDEState*)s->dev;
3848 ide_cmd_write(ide, 0, val);
3851 static CPUReadMemoryFunc *mmio_ide_status[] = {
3852 mmio_ide_status_read,
3853 mmio_ide_status_read,
3854 mmio_ide_status_read,
3857 static CPUWriteMemoryFunc *mmio_ide_cmd[] = {
3863 void mmio_ide_init (target_phys_addr_t membase, target_phys_addr_t membase2,
3864 qemu_irq irq, int shift,
3865 BlockDriverState *hd0, BlockDriverState *hd1)
3867 MMIOState *s = qemu_mallocz(sizeof(MMIOState));
3868 IDEState *ide = qemu_mallocz(sizeof(IDEState) * 2);
3871 ide_init2(ide, hd0, hd1, irq);
3876 mem1 = cpu_register_io_memory(mmio_ide_reads, mmio_ide_writes, s);
3877 mem2 = cpu_register_io_memory(mmio_ide_status, mmio_ide_cmd, s);
3878 cpu_register_physical_memory(membase, 16 << shift, mem1);
3879 cpu_register_physical_memory(membase2, 2 << shift, mem2);
3882 /***********************************************************/
3883 /* CF-ATA Microdrive */
3885 #define METADATA_SIZE 0x20
3887 /* DSCM-1XXXX Microdrive hard disk with CF+ II / PCMCIA interface. */
3890 PCMCIACardState card;
3904 /* Register bitfields */
3907 OPT_MODE_IOMAP16 = 1,
3908 OPT_MODE_IOMAP1 = 2,
3909 OPT_MODE_IOMAP2 = 3,
3920 STAT_CHANGED = 0x80,
3931 static inline void md_interrupt_update(MicroDriveState *s)
3936 qemu_set_irq(s->card.slot->irq,
3937 !(s->stat & STAT_INT) && /* Inverted */
3938 !(s->ctrl & (CTRL_IEN | CTRL_SRST)) &&
3939 !(s->opt & OPT_SRESET));
3942 static void md_set_irq(void *opaque, int irq, int level)
3944 MicroDriveState *s = (MicroDriveState *) opaque;
3946 s->stat |= STAT_INT;
3948 s->stat &= ~STAT_INT;
3950 md_interrupt_update(s);
3953 static void md_reset(MicroDriveState *s)
3955 s->opt = OPT_MODE_MMAP;
3963 static uint8_t md_attr_read(void *opaque, uint32_t at)
3965 MicroDriveState *s = (MicroDriveState *) opaque;
3966 if (at < s->attr_base) {
3967 if (at < s->card.cis_len)
3968 return s->card.cis[at];
3976 case 0x00: /* Configuration Option Register */
3978 case 0x02: /* Card Configuration Status Register */
3979 if (s->ctrl & CTRL_IEN)
3980 return s->stat & ~STAT_INT;
3983 case 0x04: /* Pin Replacement Register */
3984 return (s->pins & PINS_CRDY) | 0x0c;
3985 case 0x06: /* Socket and Copy Register */
3989 printf("%s: Bad attribute space register %02x\n", __FUNCTION__, at);
3996 static void md_attr_write(void *opaque, uint32_t at, uint8_t value)
3998 MicroDriveState *s = (MicroDriveState *) opaque;
4002 case 0x00: /* Configuration Option Register */
4003 s->opt = value & 0xcf;
4004 if (value & OPT_SRESET)
4006 md_interrupt_update(s);
4008 case 0x02: /* Card Configuration Status Register */
4009 if ((s->stat ^ value) & STAT_PWRDWN)
4010 s->pins |= PINS_CRDY;
4012 s->stat |= value & 0x74;
4013 md_interrupt_update(s);
4014 /* Word 170 in Identify Device must be equal to STAT_XE */
4016 case 0x04: /* Pin Replacement Register */
4017 s->pins &= PINS_CRDY;
4018 s->pins |= value & PINS_MRDY;
4020 case 0x06: /* Socket and Copy Register */
4023 printf("%s: Bad attribute space register %02x\n", __FUNCTION__, at);
4027 static uint16_t md_common_read(void *opaque, uint32_t at)
4029 MicroDriveState *s = (MicroDriveState *) opaque;
4033 switch (s->opt & OPT_MODE) {
4035 if ((at & ~0x3ff) == 0x400)
4038 case OPT_MODE_IOMAP16:
4041 case OPT_MODE_IOMAP1:
4042 if ((at & ~0xf) == 0x3f0)
4044 else if ((at & ~0xf) == 0x1f0)
4047 case OPT_MODE_IOMAP2:
4048 if ((at & ~0xf) == 0x370)
4050 else if ((at & ~0xf) == 0x170)
4055 case 0x0: /* Even RD Data */
4057 return ide_data_readw(s->ide, 0);
4059 /* TODO: 8-bit accesses */
4063 s->io = ide_data_readw(s->ide, 0);
4066 s->cycle = !s->cycle;
4068 case 0x9: /* Odd RD Data */
4070 case 0xd: /* Error */
4071 return ide_ioport_read(s->ide, 0x1);
4072 case 0xe: /* Alternate Status */
4073 if (s->ide->cur_drive->bs)
4074 return s->ide->cur_drive->status;
4077 case 0xf: /* Device Address */
4078 return 0xc2 | ((~s->ide->select << 2) & 0x3c);
4080 return ide_ioport_read(s->ide, at);
4086 static void md_common_write(void *opaque, uint32_t at, uint16_t value)
4088 MicroDriveState *s = (MicroDriveState *) opaque;
4091 switch (s->opt & OPT_MODE) {
4093 if ((at & ~0x3ff) == 0x400)
4096 case OPT_MODE_IOMAP16:
4099 case OPT_MODE_IOMAP1:
4100 if ((at & ~0xf) == 0x3f0)
4102 else if ((at & ~0xf) == 0x1f0)
4105 case OPT_MODE_IOMAP2:
4106 if ((at & ~0xf) == 0x370)
4108 else if ((at & ~0xf) == 0x170)
4113 case 0x0: /* Even WR Data */
4115 ide_data_writew(s->ide, 0, value);
4118 /* TODO: 8-bit accesses */
4120 ide_data_writew(s->ide, 0, s->io | (value << 8));
4122 s->io = value & 0xff;
4123 s->cycle = !s->cycle;
4126 s->io = value & 0xff;
4127 s->cycle = !s->cycle;
4129 case 0xd: /* Features */
4130 ide_ioport_write(s->ide, 0x1, value);
4132 case 0xe: /* Device Control */
4134 if (value & CTRL_SRST)
4136 md_interrupt_update(s);
4139 if (s->stat & STAT_PWRDWN) {
4140 s->pins |= PINS_CRDY;
4141 s->stat &= ~STAT_PWRDWN;
4143 ide_ioport_write(s->ide, at, value);
4147 static void md_save(QEMUFile *f, void *opaque)
4149 MicroDriveState *s = (MicroDriveState *) opaque;
4151 uint8_t drive1_selected;
4153 qemu_put_8s(f, &s->opt);
4154 qemu_put_8s(f, &s->stat);
4155 qemu_put_8s(f, &s->pins);
4157 qemu_put_8s(f, &s->ctrl);
4158 qemu_put_be16s(f, &s->io);
4159 qemu_put_byte(f, s->cycle);
4161 drive1_selected = (s->ide->cur_drive != s->ide);
4162 qemu_put_8s(f, &s->ide->cmd);
4163 qemu_put_8s(f, &drive1_selected);
4165 for (i = 0; i < 2; i ++)
4166 ide_save(f, &s->ide[i]);
4169 static int md_load(QEMUFile *f, void *opaque, int version_id)
4171 MicroDriveState *s = (MicroDriveState *) opaque;
4173 uint8_t drive1_selected;
4175 qemu_get_8s(f, &s->opt);
4176 qemu_get_8s(f, &s->stat);
4177 qemu_get_8s(f, &s->pins);
4179 qemu_get_8s(f, &s->ctrl);
4180 qemu_get_be16s(f, &s->io);
4181 s->cycle = qemu_get_byte(f);
4183 qemu_get_8s(f, &s->ide->cmd);
4184 qemu_get_8s(f, &drive1_selected);
4185 s->ide->cur_drive = &s->ide[(drive1_selected != 0)];
4187 for (i = 0; i < 2; i ++)
4188 ide_load(f, &s->ide[i]);
4193 static const uint8_t dscm1xxxx_cis[0x14a] = {
4194 [0x000] = CISTPL_DEVICE, /* 5V Device Information */
4195 [0x002] = 0x03, /* Tuple length = 4 bytes */
4196 [0x004] = 0xdb, /* ID: DTYPE_FUNCSPEC, non WP, DSPEED_150NS */
4197 [0x006] = 0x01, /* Size = 2K bytes */
4198 [0x008] = CISTPL_ENDMARK,
4200 [0x00a] = CISTPL_DEVICE_OC, /* Additional Device Information */
4201 [0x00c] = 0x04, /* Tuple length = 4 byest */
4202 [0x00e] = 0x03, /* Conditions: Ext = 0, Vcc 3.3V, MWAIT = 1 */
4203 [0x010] = 0xdb, /* ID: DTYPE_FUNCSPEC, non WP, DSPEED_150NS */
4204 [0x012] = 0x01, /* Size = 2K bytes */
4205 [0x014] = CISTPL_ENDMARK,
4207 [0x016] = CISTPL_JEDEC_C, /* JEDEC ID */
4208 [0x018] = 0x02, /* Tuple length = 2 bytes */
4209 [0x01a] = 0xdf, /* PC Card ATA with no Vpp required */
4212 [0x01e] = CISTPL_MANFID, /* Manufacture ID */
4213 [0x020] = 0x04, /* Tuple length = 4 bytes */
4214 [0x022] = 0xa4, /* TPLMID_MANF = 00a4 (IBM) */
4216 [0x026] = 0x00, /* PLMID_CARD = 0000 */
4219 [0x02a] = CISTPL_VERS_1, /* Level 1 Version */
4220 [0x02c] = 0x12, /* Tuple length = 23 bytes */
4221 [0x02e] = 0x04, /* Major Version = JEIDA 4.2 / PCMCIA 2.1 */
4222 [0x030] = 0x01, /* Minor Version = 1 */
4238 [0x050] = CISTPL_ENDMARK,
4240 [0x052] = CISTPL_FUNCID, /* Function ID */
4241 [0x054] = 0x02, /* Tuple length = 2 bytes */
4242 [0x056] = 0x04, /* TPLFID_FUNCTION = Fixed Disk */
4243 [0x058] = 0x01, /* TPLFID_SYSINIT: POST = 1, ROM = 0 */
4245 [0x05a] = CISTPL_FUNCE, /* Function Extension */
4246 [0x05c] = 0x02, /* Tuple length = 2 bytes */
4247 [0x05e] = 0x01, /* TPLFE_TYPE = Disk Device Interface */
4248 [0x060] = 0x01, /* TPLFE_DATA = PC Card ATA Interface */
4250 [0x062] = CISTPL_FUNCE, /* Function Extension */
4251 [0x064] = 0x03, /* Tuple length = 3 bytes */
4252 [0x066] = 0x02, /* TPLFE_TYPE = Basic PC Card ATA Interface */
4253 [0x068] = 0x08, /* TPLFE_DATA: Rotating, Unique, Single */
4254 [0x06a] = 0x0f, /* TPLFE_DATA: Sleep, Standby, Idle, Auto */
4256 [0x06c] = CISTPL_CONFIG, /* Configuration */
4257 [0x06e] = 0x05, /* Tuple length = 5 bytes */
4258 [0x070] = 0x01, /* TPCC_RASZ = 2 bytes, TPCC_RMSZ = 1 byte */
4259 [0x072] = 0x07, /* TPCC_LAST = 7 */
4260 [0x074] = 0x00, /* TPCC_RADR = 0200 */
4262 [0x078] = 0x0f, /* TPCC_RMSK = 200, 202, 204, 206 */
4264 [0x07a] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
4265 [0x07c] = 0x0b, /* Tuple length = 11 bytes */
4266 [0x07e] = 0xc0, /* TPCE_INDX = Memory Mode, Default, Iface */
4267 [0x080] = 0xc0, /* TPCE_IF = Memory, no BVDs, no WP, READY */
4268 [0x082] = 0xa1, /* TPCE_FS = Vcc only, no I/O, Memory, Misc */
4269 [0x084] = 0x27, /* NomV = 1, MinV = 1, MaxV = 1, Peakl = 1 */
4270 [0x086] = 0x55, /* NomV: 5.0 V */
4271 [0x088] = 0x4d, /* MinV: 4.5 V */
4272 [0x08a] = 0x5d, /* MaxV: 5.5 V */
4273 [0x08c] = 0x4e, /* Peakl: 450 mA */
4274 [0x08e] = 0x08, /* TPCE_MS = 1 window, 1 byte, Host address */
4275 [0x090] = 0x00, /* Window descriptor: Window length = 0 */
4276 [0x092] = 0x20, /* TPCE_MI: support power down mode, RW */
4278 [0x094] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
4279 [0x096] = 0x06, /* Tuple length = 6 bytes */
4280 [0x098] = 0x00, /* TPCE_INDX = Memory Mode, no Default */
4281 [0x09a] = 0x01, /* TPCE_FS = Vcc only, no I/O, no Memory */
4282 [0x09c] = 0x21, /* NomV = 1, MinV = 0, MaxV = 0, Peakl = 1 */
4283 [0x09e] = 0xb5, /* NomV: 3.3 V */
4285 [0x0a2] = 0x3e, /* Peakl: 350 mA */
4287 [0x0a4] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
4288 [0x0a6] = 0x0d, /* Tuple length = 13 bytes */
4289 [0x0a8] = 0xc1, /* TPCE_INDX = I/O and Memory Mode, Default */
4290 [0x0aa] = 0x41, /* TPCE_IF = I/O and Memory, no BVD, no WP */
4291 [0x0ac] = 0x99, /* TPCE_FS = Vcc only, I/O, Interrupt, Misc */
4292 [0x0ae] = 0x27, /* NomV = 1, MinV = 1, MaxV = 1, Peakl = 1 */
4293 [0x0b0] = 0x55, /* NomV: 5.0 V */
4294 [0x0b2] = 0x4d, /* MinV: 4.5 V */
4295 [0x0b4] = 0x5d, /* MaxV: 5.5 V */
4296 [0x0b6] = 0x4e, /* Peakl: 450 mA */
4297 [0x0b8] = 0x64, /* TPCE_IO = 16-byte boundary, 16/8 accesses */
4298 [0x0ba] = 0xf0, /* TPCE_IR = MASK, Level, Pulse, Share */
4299 [0x0bc] = 0xff, /* IRQ0..IRQ7 supported */
4300 [0x0be] = 0xff, /* IRQ8..IRQ15 supported */
4301 [0x0c0] = 0x20, /* TPCE_MI = support power down mode */
4303 [0x0c2] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
4304 [0x0c4] = 0x06, /* Tuple length = 6 bytes */
4305 [0x0c6] = 0x01, /* TPCE_INDX = I/O and Memory Mode */
4306 [0x0c8] = 0x01, /* TPCE_FS = Vcc only, no I/O, no Memory */
4307 [0x0ca] = 0x21, /* NomV = 1, MinV = 0, MaxV = 0, Peakl = 1 */
4308 [0x0cc] = 0xb5, /* NomV: 3.3 V */
4310 [0x0d0] = 0x3e, /* Peakl: 350 mA */
4312 [0x0d2] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
4313 [0x0d4] = 0x12, /* Tuple length = 18 bytes */
4314 [0x0d6] = 0xc2, /* TPCE_INDX = I/O Primary Mode */
4315 [0x0d8] = 0x41, /* TPCE_IF = I/O and Memory, no BVD, no WP */
4316 [0x0da] = 0x99, /* TPCE_FS = Vcc only, I/O, Interrupt, Misc */
4317 [0x0dc] = 0x27, /* NomV = 1, MinV = 1, MaxV = 1, Peakl = 1 */
4318 [0x0de] = 0x55, /* NomV: 5.0 V */
4319 [0x0e0] = 0x4d, /* MinV: 4.5 V */
4320 [0x0e2] = 0x5d, /* MaxV: 5.5 V */
4321 [0x0e4] = 0x4e, /* Peakl: 450 mA */
4322 [0x0e6] = 0xea, /* TPCE_IO = 1K boundary, 16/8 access, Range */
4323 [0x0e8] = 0x61, /* Range: 2 fields, 2 bytes addr, 1 byte len */
4324 [0x0ea] = 0xf0, /* Field 1 address = 0x01f0 */
4326 [0x0ee] = 0x07, /* Address block length = 8 */
4327 [0x0f0] = 0xf6, /* Field 2 address = 0x03f6 */
4329 [0x0f4] = 0x01, /* Address block length = 2 */
4330 [0x0f6] = 0xee, /* TPCE_IR = IRQ E, Level, Pulse, Share */
4331 [0x0f8] = 0x20, /* TPCE_MI = support power down mode */
4333 [0x0fa] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
4334 [0x0fc] = 0x06, /* Tuple length = 6 bytes */
4335 [0x0fe] = 0x02, /* TPCE_INDX = I/O Primary Mode, no Default */
4336 [0x100] = 0x01, /* TPCE_FS = Vcc only, no I/O, no Memory */
4337 [0x102] = 0x21, /* NomV = 1, MinV = 0, MaxV = 0, Peakl = 1 */
4338 [0x104] = 0xb5, /* NomV: 3.3 V */
4340 [0x108] = 0x3e, /* Peakl: 350 mA */
4342 [0x10a] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
4343 [0x10c] = 0x12, /* Tuple length = 18 bytes */
4344 [0x10e] = 0xc3, /* TPCE_INDX = I/O Secondary Mode, Default */
4345 [0x110] = 0x41, /* TPCE_IF = I/O and Memory, no BVD, no WP */
4346 [0x112] = 0x99, /* TPCE_FS = Vcc only, I/O, Interrupt, Misc */
4347 [0x114] = 0x27, /* NomV = 1, MinV = 1, MaxV = 1, Peakl = 1 */
4348 [0x116] = 0x55, /* NomV: 5.0 V */
4349 [0x118] = 0x4d, /* MinV: 4.5 V */
4350 [0x11a] = 0x5d, /* MaxV: 5.5 V */
4351 [0x11c] = 0x4e, /* Peakl: 450 mA */
4352 [0x11e] = 0xea, /* TPCE_IO = 1K boundary, 16/8 access, Range */
4353 [0x120] = 0x61, /* Range: 2 fields, 2 byte addr, 1 byte len */
4354 [0x122] = 0x70, /* Field 1 address = 0x0170 */
4356 [0x126] = 0x07, /* Address block length = 8 */
4357 [0x128] = 0x76, /* Field 2 address = 0x0376 */
4359 [0x12c] = 0x01, /* Address block length = 2 */
4360 [0x12e] = 0xee, /* TPCE_IR = IRQ E, Level, Pulse, Share */
4361 [0x130] = 0x20, /* TPCE_MI = support power down mode */
4363 [0x132] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
4364 [0x134] = 0x06, /* Tuple length = 6 bytes */
4365 [0x136] = 0x03, /* TPCE_INDX = I/O Secondary Mode */
4366 [0x138] = 0x01, /* TPCE_FS = Vcc only, no I/O, no Memory */
4367 [0x13a] = 0x21, /* NomV = 1, MinV = 0, MaxV = 0, Peakl = 1 */
4368 [0x13c] = 0xb5, /* NomV: 3.3 V */
4370 [0x140] = 0x3e, /* Peakl: 350 mA */
4372 [0x142] = CISTPL_NO_LINK, /* No Link */
4373 [0x144] = 0x00, /* Tuple length = 0 bytes */
4375 [0x146] = CISTPL_END, /* Tuple End */
4378 static int dscm1xxxx_attach(void *opaque)
4380 MicroDriveState *md = (MicroDriveState *) opaque;
4381 md->card.attr_read = md_attr_read;
4382 md->card.attr_write = md_attr_write;
4383 md->card.common_read = md_common_read;
4384 md->card.common_write = md_common_write;
4385 md->card.io_read = md_common_read;
4386 md->card.io_write = md_common_write;
4388 md->attr_base = md->card.cis[0x74] | (md->card.cis[0x76] << 8);
4392 md_interrupt_update(md);
4394 md->card.slot->card_string = "DSCM-1xxxx Hitachi Microdrive";
4398 static int dscm1xxxx_detach(void *opaque)
4400 MicroDriveState *md = (MicroDriveState *) opaque;
4405 PCMCIACardState *dscm1xxxx_init(BlockDriverState *bdrv)
4407 MicroDriveState *md = (MicroDriveState *) qemu_mallocz(sizeof(MicroDriveState));
4408 md->card.state = md;
4409 md->card.attach = dscm1xxxx_attach;
4410 md->card.detach = dscm1xxxx_detach;
4411 md->card.cis = dscm1xxxx_cis;
4412 md->card.cis_len = sizeof(dscm1xxxx_cis);
4414 ide_init2(md->ide, bdrv, 0, qemu_allocate_irqs(md_set_irq, md, 1)[0]);
4416 md->ide->mdata_size = METADATA_SIZE;
4417 md->ide->mdata_storage = (uint8_t *) qemu_mallocz(METADATA_SIZE);
4419 register_savevm("microdrive", -1, 0, md_save, md_load, md);
projects / qemu.git / blob