]> git.proxmox.com Git - qemu.git/blame - hw/ide/core.c
projects / qemu.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
ide: pass down DriveInfo instead of BlockDriverState
[qemu.git] / hw / ide / core.c
CommitLineData
5391d806 1/*
38cdea7c 2 * QEMU IDE disk and CD/DVD-ROM Emulator
5fafdf24 3 *
5391d806 4 * Copyright (c) 2003 Fabrice Bellard
201a51fc 5 * Copyright (c) 2006 Openedhand Ltd.
5fafdf24 6 *
5391d806
FB		 7 * Permission is hereby granted, free of charge, to any person obtaining a copy
8 * of this software and associated documentation files (the "Software"), to deal
9 * in the Software without restriction, including without limitation the rights
10 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
11 * copies of the Software, and to permit persons to whom the Software is
12 * furnished to do so, subject to the following conditions:
13 *
14 * The above copyright notice and this permission notice shall be included in
15 * all copies or substantial portions of the Software.
16 *
17 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
18 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
19 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
20 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
21 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
22 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
23 * THE SOFTWARE.
24 */
59f2a787
GH		 25#include <hw/hw.h>
26#include <hw/pc.h>
27#include <hw/pci.h>
28#include <hw/scsi-disk.h>
29#include <hw/sh.h>
87ecb68b 30#include "block.h"
b0a7b120 31#include "block_int.h"
87ecb68b
PB		 32#include "qemu-timer.h"
33#include "sysemu.h"
1fb8648d 34#include "dma.h"
59f2a787
GH		 35
36#include <hw/ide/internal.h>
e8b54394
BW		 37
38static int smart_attributes[][5] = {
39 /* id, flags, val, wrst, thrsh */
40 { 0x01, 0x03, 0x64, 0x64, 0x06}, /* raw read */
41 { 0x03, 0x03, 0x64, 0x64, 0x46}, /* spin up */
42 { 0x04, 0x02, 0x64, 0x64, 0x14}, /* start stop count */
43 { 0x05, 0x03, 0x64, 0x64, 0x36}, /* remapped sectors */
44 { 0x00, 0x00, 0x00, 0x00, 0x00}
45};
46
8114e9e8
TS		 47/* XXX: DVDs that could fit on a CD will be reported as a CD */
48static inline int media_present(IDEState *s)
49{
50 return (s->nb_sectors > 0);
51}
52
53static inline int media_is_dvd(IDEState *s)
54{
55 return (media_present(s) && s->nb_sectors > CD_MAX_SECTORS);
56}
57
58static inline int media_is_cd(IDEState *s)
59{
60 return (media_present(s) && s->nb_sectors <= CD_MAX_SECTORS);
61}
62
8ccad811 63static void ide_dma_start(IDEState *s, BlockDriverCompletionFunc *dma_cb);
428c5705 64static void ide_dma_restart(IDEState *s);
5f12ab4b 65static void ide_atapi_cmd_read_dma_cb(void *opaque, int ret);
98087450 66
5391d806
FB		 67static void padstr(char *str, const char *src, int len)
68{
69 int i, v;
70 for(i = 0; i < len; i++) {
71 if (*src)
72 v = *src++;
73 else
74 v = ' ';
69b34976 75 str[i^1] = v;
5391d806
FB		 76 }
77}
78
bd0d90b2
FB		 79static void padstr8(uint8_t *buf, int buf_size, const char *src)
80{
81 int i;
82 for(i = 0; i < buf_size; i++) {
83 if (*src)
84 buf[i] = *src++;
85 else
86 buf[i] = ' ';
87 }
88}
89
67b915a5
FB		 90static void put_le16(uint16_t *p, unsigned int v)
91{
0c4ad8dc 92 *p = cpu_to_le16(v);
67b915a5
FB		 93}
94
5391d806
FB		 95static void ide_identify(IDEState *s)
96{
97 uint16_t *p;
98 unsigned int oldsize;
99
94458802
FB		 100 if (s->identify_set) {
101 memcpy(s->io_buffer, s->identify_data, sizeof(s->identify_data));
102 return;
103 }
104
5391d806
FB		 105 memset(s->io_buffer, 0, 512);
106 p = (uint16_t *)s->io_buffer;
67b915a5 107 put_le16(p + 0, 0x0040);
5fafdf24 108 put_le16(p + 1, s->cylinders);
67b915a5
FB		 109 put_le16(p + 3, s->heads);
110 put_le16(p + 4, 512 * s->sectors); /* XXX: retired, remove ? */
111 put_le16(p + 5, 512); /* XXX: retired, remove ? */
5fafdf24 112 put_le16(p + 6, s->sectors);
fa879c64 113 padstr((char *)(p + 10), s->drive_serial_str, 20); /* serial number */
67b915a5
FB		 114 put_le16(p + 20, 3); /* XXX: retired, remove ? */
115 put_le16(p + 21, 512); /* cache size in sectors */
116 put_le16(p + 22, 4); /* ecc bytes */
60fe76f3
TS		 117 padstr((char *)(p + 23), QEMU_VERSION, 8); /* firmware version */
118 padstr((char *)(p + 27), "QEMU HARDDISK", 40); /* model */
3b46e624 119#if MAX_MULT_SECTORS > 1
67b915a5 120 put_le16(p + 47, 0x8000 | MAX_MULT_SECTORS);
5391d806 121#endif
67b915a5 122 put_le16(p + 48, 1); /* dword I/O */
94458802 123 put_le16(p + 49, (1 << 11) | (1 << 9) | (1 << 8)); /* DMA and LBA supported */
67b915a5
FB		 124 put_le16(p + 51, 0x200); /* PIO transfer cycle */
125 put_le16(p + 52, 0x200); /* DMA transfer cycle */
94458802 126 put_le16(p + 53, 1 | (1 << 1) | (1 << 2)); /* words 54-58,64-70,88 are valid */
67b915a5
FB		 127 put_le16(p + 54, s->cylinders);
128 put_le16(p + 55, s->heads);
129 put_le16(p + 56, s->sectors);
5391d806 130 oldsize = s->cylinders * s->heads * s->sectors;
67b915a5
FB		 131 put_le16(p + 57, oldsize);
132 put_le16(p + 58, oldsize >> 16);
5391d806 133 if (s->mult_sectors)
67b915a5
FB		 134 put_le16(p + 59, 0x100 | s->mult_sectors);
135 put_le16(p + 60, s->nb_sectors);
136 put_le16(p + 61, s->nb_sectors >> 16);
d1b5c20d 137 put_le16(p + 62, 0x07); /* single word dma0-2 supported */
94458802
FB		 138 put_le16(p + 63, 0x07); /* mdma0-2 supported */
139 put_le16(p + 65, 120);
140 put_le16(p + 66, 120);
141 put_le16(p + 67, 120);
142 put_le16(p + 68, 120);
143 put_le16(p + 80, 0xf0); /* ata3 -> ata6 supported */
144 put_le16(p + 81, 0x16); /* conforms to ata5 */
e8b54394
BW		 145 /* 14=NOP supported, 0=SMART supported */
146 put_le16(p + 82, (1 << 14) | 1);
c2ff060f
FB		 147 /* 13=flush_cache_ext,12=flush_cache,10=lba48 */
148 put_le16(p + 83, (1 << 14) | (1 << 13) | (1 <<12) | (1 << 10));
e8b54394
BW		 149 /* 14=set to 1, 1=SMART self test, 0=SMART error logging */
150 put_le16(p + 84, (1 << 14) | 0);
151 /* 14 = NOP supported, 0=SMART feature set enabled */
152 put_le16(p + 85, (1 << 14) | 1);
c2ff060f
FB		 153 /* 13=flush_cache_ext,12=flush_cache,10=lba48 */
154 put_le16(p + 86, (1 << 14) | (1 << 13) | (1 <<12) | (1 << 10));
e8b54394
BW		 155 /* 14=set to 1, 1=smart self test, 0=smart error logging */
156 put_le16(p + 87, (1 << 14) | 0);
94458802
FB		 157 put_le16(p + 88, 0x3f | (1 << 13)); /* udma5 set and supported */
158 put_le16(p + 93, 1 | (1 << 14) | 0x2000);
c2ff060f
FB		 159 put_le16(p + 100, s->nb_sectors);
160 put_le16(p + 101, s->nb_sectors >> 16);
161 put_le16(p + 102, s->nb_sectors >> 32);
162 put_le16(p + 103, s->nb_sectors >> 48);
94458802
FB		 163
164 memcpy(s->identify_data, p, sizeof(s->identify_data));
165 s->identify_set = 1;
5391d806
FB		 166}
167
168static void ide_atapi_identify(IDEState *s)
169{
170 uint16_t *p;
171
94458802
FB		 172 if (s->identify_set) {
173 memcpy(s->io_buffer, s->identify_data, sizeof(s->identify_data));
174 return;
175 }
176
5391d806
FB		 177 memset(s->io_buffer, 0, 512);
178 p = (uint16_t *)s->io_buffer;
179 /* Removable CDROM, 50us response, 12 byte packets */
67b915a5 180 put_le16(p + 0, (2 << 14) | (5 << 8) | (1 << 7) | (2 << 5) | (0 << 0));
fa879c64 181 padstr((char *)(p + 10), s->drive_serial_str, 20); /* serial number */
67b915a5
FB		 182 put_le16(p + 20, 3); /* buffer type */
183 put_le16(p + 21, 512); /* cache size in sectors */
184 put_le16(p + 22, 4); /* ecc bytes */
60fe76f3 185 padstr((char *)(p + 23), QEMU_VERSION, 8); /* firmware version */
38cdea7c 186 padstr((char *)(p + 27), "QEMU DVD-ROM", 40); /* model */
67b915a5 187 put_le16(p + 48, 1); /* dword I/O (XXX: should not be set on CDROM) */
8ccad811
FB		 188#ifdef USE_DMA_CDROM
189 put_le16(p + 49, 1 << 9 | 1 << 8); /* DMA and LBA supported */
190 put_le16(p + 53, 7); /* words 64-70, 54-58, 88 valid */
d1b5c20d 191 put_le16(p + 62, 7); /* single word dma0-2 supported */
8ccad811
FB		 192 put_le16(p + 63, 7); /* mdma0-2 supported */
193 put_le16(p + 64, 0x3f); /* PIO modes supported */
194#else
67b915a5
FB		 195 put_le16(p + 49, 1 << 9); /* LBA supported, no DMA */
196 put_le16(p + 53, 3); /* words 64-70, 54-58 valid */
197 put_le16(p + 63, 0x103); /* DMA modes XXX: may be incorrect */
198 put_le16(p + 64, 1); /* PIO modes */
8ccad811 199#endif
67b915a5
FB		 200 put_le16(p + 65, 0xb4); /* minimum DMA multiword tx cycle time */
201 put_le16(p + 66, 0xb4); /* recommended DMA multiword tx cycle time */
202 put_le16(p + 67, 0x12c); /* minimum PIO cycle time without flow control */
203 put_le16(p + 68, 0xb4); /* minimum PIO cycle time with IORDY flow control */
94458802 204
67b915a5
FB		 205 put_le16(p + 71, 30); /* in ns */
206 put_le16(p + 72, 30); /* in ns */
5391d806 207
67b915a5 208 put_le16(p + 80, 0x1e); /* support up to ATA/ATAPI-4 */
8ccad811
FB		 209#ifdef USE_DMA_CDROM
210 put_le16(p + 88, 0x3f | (1 << 13)); /* udma5 set and supported */
211#endif
94458802
FB		 212 memcpy(s->identify_data, p, sizeof(s->identify_data));
213 s->identify_set = 1;
5391d806
FB		 214}
215
201a51fc
AZ		 216static void ide_cfata_identify(IDEState *s)
217{
218 uint16_t *p;
219 uint32_t cur_sec;
201a51fc
AZ		 220
221 p = (uint16_t *) s->identify_data;
222 if (s->identify_set)
223 goto fill_buffer;
224
225 memset(p, 0, sizeof(s->identify_data));
226
227 cur_sec = s->cylinders * s->heads * s->sectors;
228
229 put_le16(p + 0, 0x848a); /* CF Storage Card signature */
230 put_le16(p + 1, s->cylinders); /* Default cylinders */
231 put_le16(p + 3, s->heads); /* Default heads */
232 put_le16(p + 6, s->sectors); /* Default sectors per track */
233 put_le16(p + 7, s->nb_sectors >> 16); /* Sectors per card */
234 put_le16(p + 8, s->nb_sectors); /* Sectors per card */
fa879c64 235 padstr((char *)(p + 10), s->drive_serial_str, 20); /* serial number */
201a51fc 236 put_le16(p + 22, 0x0004); /* ECC bytes */
60fe76f3
TS		 237 padstr((char *) (p + 23), QEMU_VERSION, 8); /* Firmware Revision */
238 padstr((char *) (p + 27), "QEMU MICRODRIVE", 40);/* Model number */
201a51fc
AZ		 239#if MAX_MULT_SECTORS > 1
240 put_le16(p + 47, 0x8000 | MAX_MULT_SECTORS);
241#else
242 put_le16(p + 47, 0x0000);
243#endif
244 put_le16(p + 49, 0x0f00); /* Capabilities */
245 put_le16(p + 51, 0x0002); /* PIO cycle timing mode */
246 put_le16(p + 52, 0x0001); /* DMA cycle timing mode */
247 put_le16(p + 53, 0x0003); /* Translation params valid */
248 put_le16(p + 54, s->cylinders); /* Current cylinders */
249 put_le16(p + 55, s->heads); /* Current heads */
250 put_le16(p + 56, s->sectors); /* Current sectors */
251 put_le16(p + 57, cur_sec); /* Current capacity */
252 put_le16(p + 58, cur_sec >> 16); /* Current capacity */
253 if (s->mult_sectors) /* Multiple sector setting */
254 put_le16(p + 59, 0x100 | s->mult_sectors);
255 put_le16(p + 60, s->nb_sectors); /* Total LBA sectors */
256 put_le16(p + 61, s->nb_sectors >> 16); /* Total LBA sectors */
257 put_le16(p + 63, 0x0203); /* Multiword DMA capability */
258 put_le16(p + 64, 0x0001); /* Flow Control PIO support */
259 put_le16(p + 65, 0x0096); /* Min. Multiword DMA cycle */
260 put_le16(p + 66, 0x0096); /* Rec. Multiword DMA cycle */
261 put_le16(p + 68, 0x00b4); /* Min. PIO cycle time */
262 put_le16(p + 82, 0x400c); /* Command Set supported */
263 put_le16(p + 83, 0x7068); /* Command Set supported */
264 put_le16(p + 84, 0x4000); /* Features supported */
265 put_le16(p + 85, 0x000c); /* Command Set enabled */
266 put_le16(p + 86, 0x7044); /* Command Set enabled */
267 put_le16(p + 87, 0x4000); /* Features enabled */
268 put_le16(p + 91, 0x4060); /* Current APM level */
269 put_le16(p + 129, 0x0002); /* Current features option */
270 put_le16(p + 130, 0x0005); /* Reassigned sectors */
271 put_le16(p + 131, 0x0001); /* Initial power mode */
272 put_le16(p + 132, 0x0000); /* User signature */
273 put_le16(p + 160, 0x8100); /* Power requirement */
274 put_le16(p + 161, 0x8001); /* CF command set */
275
276 s->identify_set = 1;
277
278fill_buffer:
279 memcpy(s->io_buffer, p, sizeof(s->identify_data));
280}
281
5391d806
FB		 282static void ide_set_signature(IDEState *s)
283{
284 s->select &= 0xf0; /* clear head */
285 /* put signature */
286 s->nsector = 1;
287 s->sector = 1;
288 if (s->is_cdrom) {
289 s->lcyl = 0x14;
290 s->hcyl = 0xeb;
291 } else if (s->bs) {
292 s->lcyl = 0;
293 s->hcyl = 0;
294 } else {
295 s->lcyl = 0xff;
296 s->hcyl = 0xff;
297 }
298}
299
300static inline void ide_abort_command(IDEState *s)
301{
302 s->status = READY_STAT | ERR_STAT;
303 s->error = ABRT_ERR;
304}
305
5604e090
AZ		 306static inline void ide_dma_submit_check(IDEState *s,
307 BlockDriverCompletionFunc *dma_cb, BMDMAState *bm)
308{
309 if (bm->aiocb)
310 return;
311 dma_cb(bm, -1);
312}
313
5391d806 314/* prepare data transfer and tell what to do after */
5fafdf24 315static void ide_transfer_start(IDEState *s, uint8_t *buf, int size,
5391d806
FB		 316 EndTransferFunc *end_transfer_func)
317{
318 s->end_transfer_func = end_transfer_func;
319 s->data_ptr = buf;
320 s->data_end = buf + size;
7603d156
TS		 321 if (!(s->status & ERR_STAT))
322 s->status |= DRQ_STAT;
5391d806
FB		 323}
324
325static void ide_transfer_stop(IDEState *s)
326{
327 s->end_transfer_func = ide_transfer_stop;
328 s->data_ptr = s->io_buffer;
329 s->data_end = s->io_buffer;
330 s->status &= ~DRQ_STAT;
331}
332
356721ae 333int64_t ide_get_sector(IDEState *s)
5391d806
FB		 334{
335 int64_t sector_num;
336 if (s->select & 0x40) {
337 /* lba */
c2ff060f
FB		 338 if (!s->lba48) {
339 sector_num = ((s->select & 0x0f) << 24) | (s->hcyl << 16) |
340 (s->lcyl << 8) | s->sector;
341 } else {
342 sector_num = ((int64_t)s->hob_hcyl << 40) |
343 ((int64_t) s->hob_lcyl << 32) |
344 ((int64_t) s->hob_sector << 24) |
345 ((int64_t) s->hcyl << 16) |
346 ((int64_t) s->lcyl << 8) | s->sector;
347 }
5391d806
FB		 348 } else {
349 sector_num = ((s->hcyl << 8) | s->lcyl) * s->heads * s->sectors +
c2ff060f 350 (s->select & 0x0f) * s->sectors + (s->sector - 1);
5391d806
FB		 351 }
352 return sector_num;
353}
354
356721ae 355void ide_set_sector(IDEState *s, int64_t sector_num)
5391d806
FB		 356{
357 unsigned int cyl, r;
358 if (s->select & 0x40) {
c2ff060f
FB		 359 if (!s->lba48) {
360 s->select = (s->select & 0xf0) | (sector_num >> 24);
361 s->hcyl = (sector_num >> 16);
362 s->lcyl = (sector_num >> 8);
363 s->sector = (sector_num);
364 } else {
365 s->sector = sector_num;
366 s->lcyl = sector_num >> 8;
367 s->hcyl = sector_num >> 16;
368 s->hob_sector = sector_num >> 24;
369 s->hob_lcyl = sector_num >> 32;
370 s->hob_hcyl = sector_num >> 40;
371 }
5391d806
FB		 372 } else {
373 cyl = sector_num / (s->heads * s->sectors);
374 r = sector_num % (s->heads * s->sectors);
375 s->hcyl = cyl >> 8;
376 s->lcyl = cyl;
1b8eb456 377 s->select = (s->select & 0xf0) | ((r / s->sectors) & 0x0f);
5391d806
FB		 378 s->sector = (r % s->sectors) + 1;
379 }
380}
381
e162cfb0
AZ		 382static void ide_rw_error(IDEState *s) {
383 ide_abort_command(s);
384 ide_set_irq(s);
385}
386
5391d806
FB		 387static void ide_sector_read(IDEState *s)
388{
389 int64_t sector_num;
390 int ret, n;
391
392 s->status = READY_STAT | SEEK_STAT;
a136e5a8 393 s->error = 0; /* not needed by IDE spec, but needed by Windows */
5391d806
FB		 394 sector_num = ide_get_sector(s);
395 n = s->nsector;
396 if (n == 0) {
397 /* no more sector to read from disk */
398 ide_transfer_stop(s);
399 } else {
400#if defined(DEBUG_IDE)
18c5f8ea 401 printf("read sector=%" PRId64 "\n", sector_num);
5391d806
FB		 402#endif
403 if (n > s->req_nb_sectors)
404 n = s->req_nb_sectors;
405 ret = bdrv_read(s->bs, sector_num, s->io_buffer, n);
e162cfb0
AZ		 406 if (ret != 0) {
407 ide_rw_error(s);
408 return;
409 }
5391d806
FB		 410 ide_transfer_start(s, s->io_buffer, 512 * n, ide_sector_read);
411 ide_set_irq(s);
412 ide_set_sector(s, sector_num + n);
413 s->nsector -= n;
414 }
415}
416
7aea4412
AL		 417
418/* return 0 if buffer completed */
419static int dma_buf_prepare(BMDMAState *bm, int is_write)
420{
bcbdc4d3 421 IDEState *s = bmdma_active_if(bm);
7aea4412
AL		 422 struct {
423 uint32_t addr;
424 uint32_t size;
425 } prd;
426 int l, len;
7aea4412 427
1fb8648d 428 qemu_sglist_init(&s->sg, s->nsector / (TARGET_PAGE_SIZE/512) + 1);
7aea4412
AL		 429 s->io_buffer_size = 0;
430 for(;;) {
431 if (bm->cur_prd_len == 0) {
432 /* end of table (with a fail safe of one page) */
433 if (bm->cur_prd_last ||
434 (bm->cur_addr - bm->addr) >= 4096)
435 return s->io_buffer_size != 0;
436 cpu_physical_memory_read(bm->cur_addr, (uint8_t *)&prd, 8);
437 bm->cur_addr += 8;
438 prd.addr = le32_to_cpu(prd.addr);
439 prd.size = le32_to_cpu(prd.size);
440 len = prd.size & 0xfffe;
441 if (len == 0)
442 len = 0x10000;
443 bm->cur_prd_len = len;
444 bm->cur_prd_addr = prd.addr;
445 bm->cur_prd_last = (prd.size & 0x80000000);
446 }
447 l = bm->cur_prd_len;
448 if (l > 0) {
1fb8648d
AL		 449 qemu_sglist_add(&s->sg, bm->cur_prd_addr, l);
450 bm->cur_prd_addr += l;
451 bm->cur_prd_len -= l;
452 s->io_buffer_size += l;
7aea4412
AL		 453 }
454 }
455 return 1;
456}
457
458static void dma_buf_commit(IDEState *s, int is_write)
459{
1fb8648d 460 qemu_sglist_destroy(&s->sg);
7aea4412
AL		 461}
462
356721ae 463void ide_dma_error(IDEState *s)
e162cfb0
AZ		 464{
465 ide_transfer_stop(s);
466 s->error = ABRT_ERR;
467 s->status = READY_STAT | ERR_STAT;
468 ide_set_irq(s);
469}
470
428c5705
AL		 471static int ide_handle_write_error(IDEState *s, int error, int op)
472{
473 BlockInterfaceErrorAction action = drive_get_onerror(s->bs);
474
475 if (action == BLOCK_ERR_IGNORE)
476 return 0;
477
478 if ((error == ENOSPC && action == BLOCK_ERR_STOP_ENOSPC)
479 || action == BLOCK_ERR_STOP_ANY) {
bcbdc4d3
GH		 480 s->bus->bmdma->unit = s->unit;
481 s->bus->bmdma->status |= op;
428c5705
AL		 482 vm_stop(0);
483 } else {
7aea4412
AL		 484 if (op == BM_STATUS_DMA_RETRY) {
485 dma_buf_commit(s, 0);
428c5705 486 ide_dma_error(s);
7aea4412 487 } else {
428c5705 488 ide_rw_error(s);
7aea4412 489 }
428c5705
AL		 490 }
491
492 return 1;
493}
494
8ccad811
FB		 495/* return 0 if buffer completed */
496static int dma_buf_rw(BMDMAState *bm, int is_write)
98087450 497{
bcbdc4d3 498 IDEState *s = bmdma_active_if(bm);
8ccad811
FB		 499 struct {
500 uint32_t addr;
501 uint32_t size;
502 } prd;
503 int l, len;
98087450 504
8ccad811
FB		 505 for(;;) {
506 l = s->io_buffer_size - s->io_buffer_index;
5fafdf24 507 if (l <= 0)
8ccad811
FB		 508 break;
509 if (bm->cur_prd_len == 0) {
510 /* end of table (with a fail safe of one page) */
511 if (bm->cur_prd_last ||
512 (bm->cur_addr - bm->addr) >= 4096)
513 return 0;
514 cpu_physical_memory_read(bm->cur_addr, (uint8_t *)&prd, 8);
515 bm->cur_addr += 8;
516 prd.addr = le32_to_cpu(prd.addr);
517 prd.size = le32_to_cpu(prd.size);
518 len = prd.size & 0xfffe;
519 if (len == 0)
520 len = 0x10000;
521 bm->cur_prd_len = len;
522 bm->cur_prd_addr = prd.addr;
523 bm->cur_prd_last = (prd.size & 0x80000000);
524 }
525 if (l > bm->cur_prd_len)
526 l = bm->cur_prd_len;
527 if (l > 0) {
528 if (is_write) {
5fafdf24 529 cpu_physical_memory_write(bm->cur_prd_addr,
8ccad811
FB		 530 s->io_buffer + s->io_buffer_index, l);
531 } else {
5fafdf24 532 cpu_physical_memory_read(bm->cur_prd_addr,
8ccad811
FB		 533 s->io_buffer + s->io_buffer_index, l);
534 }
535 bm->cur_prd_addr += l;
536 bm->cur_prd_len -= l;
537 s->io_buffer_index += l;
98087450 538 }
98087450 539 }
8ccad811
FB		 540 return 1;
541}
542
8ccad811
FB		 543static void ide_read_dma_cb(void *opaque, int ret)
544{
545 BMDMAState *bm = opaque;
bcbdc4d3 546 IDEState *s = bmdma_active_if(bm);
8ccad811
FB		 547 int n;
548 int64_t sector_num;
549
e162cfb0 550 if (ret < 0) {
7aea4412 551 dma_buf_commit(s, 1);
e162cfb0
AZ		 552 ide_dma_error(s);
553 return;
554 }
555
8ccad811
FB		 556 n = s->io_buffer_size >> 9;
557 sector_num = ide_get_sector(s);
558 if (n > 0) {
7aea4412 559 dma_buf_commit(s, 1);
8ccad811
FB		 560 sector_num += n;
561 ide_set_sector(s, sector_num);
562 s->nsector -= n;
8ccad811
FB		 563 }
564
565 /* end of transfer ? */
566 if (s->nsector == 0) {
98087450
FB		 567 s->status = READY_STAT | SEEK_STAT;
568 ide_set_irq(s);
8ccad811
FB		 569 eot:
570 bm->status &= ~BM_STATUS_DMAING;
571 bm->status |= BM_STATUS_INT;
572 bm->dma_cb = NULL;
bcbdc4d3 573 bm->unit = -1;
8ccad811
FB		 574 bm->aiocb = NULL;
575 return;
98087450 576 }
8ccad811
FB		 577
578 /* launch next transfer */
579 n = s->nsector;
8ccad811
FB		 580 s->io_buffer_index = 0;
581 s->io_buffer_size = n * 512;
7aea4412
AL		 582 if (dma_buf_prepare(bm, 1) == 0)
583 goto eot;
8ccad811 584#ifdef DEBUG_AIO
5df23f53 585 printf("aio_read: sector_num=%" PRId64 " n=%d\n", sector_num, n);
8ccad811 586#endif
1fb8648d 587 bm->aiocb = dma_bdrv_read(s->bs, &s->sg, sector_num, ide_read_dma_cb, bm);
5604e090 588 ide_dma_submit_check(s, ide_read_dma_cb, bm);
98087450
FB		 589}
590
591static void ide_sector_read_dma(IDEState *s)
592{
8ccad811 593 s->status = READY_STAT | SEEK_STAT | DRQ_STAT | BUSY_STAT;
98087450
FB		 594 s->io_buffer_index = 0;
595 s->io_buffer_size = 0;
e3007e66 596 s->is_read = 1;
98087450
FB		 597 ide_dma_start(s, ide_read_dma_cb);
598}
599
a09db21f
FB		 600static void ide_sector_write_timer_cb(void *opaque)
601{
602 IDEState *s = opaque;
603 ide_set_irq(s);
604}
605
5391d806
FB		 606static void ide_sector_write(IDEState *s)
607{
608 int64_t sector_num;
31c2a146 609 int ret, n, n1;
5391d806
FB		 610
611 s->status = READY_STAT | SEEK_STAT;
612 sector_num = ide_get_sector(s);
613#if defined(DEBUG_IDE)
18c5f8ea 614 printf("write sector=%" PRId64 "\n", sector_num);
5391d806
FB		 615#endif
616 n = s->nsector;
617 if (n > s->req_nb_sectors)
618 n = s->req_nb_sectors;
31c2a146 619 ret = bdrv_write(s->bs, sector_num, s->io_buffer, n);
428c5705 620
e162cfb0 621 if (ret != 0) {
428c5705
AL		 622 if (ide_handle_write_error(s, -ret, BM_STATUS_PIO_RETRY))
623 return;
e162cfb0
AZ		 624 }
625
5391d806
FB		 626 s->nsector -= n;
627 if (s->nsector == 0) {
292eef5a 628 /* no more sectors to write */
5391d806
FB		 629 ide_transfer_stop(s);
630 } else {
631 n1 = s->nsector;
632 if (n1 > s->req_nb_sectors)
633 n1 = s->req_nb_sectors;
634 ide_transfer_start(s, s->io_buffer, 512 * n1, ide_sector_write);
635 }
636 ide_set_sector(s, sector_num + n);
3b46e624 637
31c2a146
TS		 638#ifdef TARGET_I386
639 if (win2k_install_hack && ((++s->irq_count % 16) == 0)) {
640 /* It seems there is a bug in the Windows 2000 installer HDD
641 IDE driver which fills the disk with empty logs when the
642 IDE write IRQ comes too early. This hack tries to correct
643 that at the expense of slower write performances. Use this
644 option _only_ to install Windows 2000. You must disable it
645 for normal use. */
646 qemu_mod_timer(s->sector_write_timer,
647 qemu_get_clock(vm_clock) + (ticks_per_sec / 1000));
648 } else
649#endif
650 {
651 ide_set_irq(s);
652 }
5391d806
FB		 653}
654
213189ab 655static void ide_dma_restart_bh(void *opaque)
428c5705
AL		 656{
657 BMDMAState *bm = opaque;
213189ab
MA		 658
659 qemu_bh_delete(bm->bh);
660 bm->bh = NULL;
661
428c5705
AL		 662 if (bm->status & BM_STATUS_DMA_RETRY) {
663 bm->status &= ~BM_STATUS_DMA_RETRY;
bcbdc4d3 664 ide_dma_restart(bmdma_active_if(bm));
428c5705
AL		 665 } else if (bm->status & BM_STATUS_PIO_RETRY) {
666 bm->status &= ~BM_STATUS_PIO_RETRY;
bcbdc4d3 667 ide_sector_write(bmdma_active_if(bm));
428c5705
AL		 668 }
669}
670
356721ae 671void ide_dma_restart_cb(void *opaque, int running, int reason)
213189ab
MA		 672{
673 BMDMAState *bm = opaque;
674
675 if (!running)
676 return;
677
678 if (!bm->bh) {
679 bm->bh = qemu_bh_new(ide_dma_restart_bh, bm);
680 qemu_bh_schedule(bm->bh);
681 }
682}
683
8ccad811 684static void ide_write_dma_cb(void *opaque, int ret)
98087450 685{
8ccad811 686 BMDMAState *bm = opaque;
bcbdc4d3 687 IDEState *s = bmdma_active_if(bm);
8ccad811 688 int n;
98087450
FB		 689 int64_t sector_num;
690
e162cfb0 691 if (ret < 0) {
428c5705
AL		 692 if (ide_handle_write_error(s, -ret, BM_STATUS_DMA_RETRY))
693 return;
e162cfb0
AZ		 694 }
695
8ccad811
FB		 696 n = s->io_buffer_size >> 9;
697 sector_num = ide_get_sector(s);
698 if (n > 0) {
7aea4412 699 dma_buf_commit(s, 0);
8ccad811
FB		 700 sector_num += n;
701 ide_set_sector(s, sector_num);
702 s->nsector -= n;
98087450 703 }
98087450 704
8ccad811
FB		 705 /* end of transfer ? */
706 if (s->nsector == 0) {
707 s->status = READY_STAT | SEEK_STAT;
708 ide_set_irq(s);
709 eot:
710 bm->status &= ~BM_STATUS_DMAING;
711 bm->status |= BM_STATUS_INT;
712 bm->dma_cb = NULL;
bcbdc4d3 713 bm->unit = -1;
8ccad811
FB		 714 bm->aiocb = NULL;
715 return;
716 }
717
98087450 718 n = s->nsector;
98087450 719 s->io_buffer_size = n * 512;
7aea4412
AL		 720 /* launch next transfer */
721 if (dma_buf_prepare(bm, 0) == 0)
8ccad811
FB		 722 goto eot;
723#ifdef DEBUG_AIO
5df23f53 724 printf("aio_write: sector_num=%" PRId64 " n=%d\n", sector_num, n);
8ccad811 725#endif
1fb8648d 726 bm->aiocb = dma_bdrv_write(s->bs, &s->sg, sector_num, ide_write_dma_cb, bm);
5604e090 727 ide_dma_submit_check(s, ide_write_dma_cb, bm);
8ccad811
FB		 728}
729
730static void ide_sector_write_dma(IDEState *s)
731{
732 s->status = READY_STAT | SEEK_STAT | DRQ_STAT | BUSY_STAT;
733 s->io_buffer_index = 0;
734 s->io_buffer_size = 0;
e3007e66 735 s->is_read = 0;
98087450
FB		 736 ide_dma_start(s, ide_write_dma_cb);
737}
738
356721ae 739void ide_atapi_cmd_ok(IDEState *s)
5391d806
FB		 740{
741 s->error = 0;
41a2b959 742 s->status = READY_STAT | SEEK_STAT;
5391d806
FB		 743 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
744 ide_set_irq(s);
745}
746
356721ae 747void ide_atapi_cmd_error(IDEState *s, int sense_key, int asc)
5391d806
FB		 748{
749#ifdef DEBUG_IDE_ATAPI
750 printf("atapi_cmd_error: sense=0x%x asc=0x%x\n", sense_key, asc);
751#endif
752 s->error = sense_key << 4;
753 s->status = READY_STAT | ERR_STAT;
754 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
755 s->sense_key = sense_key;
756 s->asc = asc;
757 ide_set_irq(s);
758}
759
9118e7f0
AL		 760static void ide_atapi_cmd_check_status(IDEState *s)
761{
762#ifdef DEBUG_IDE_ATAPI
763 printf("atapi_cmd_check_status\n");
764#endif
765 s->error = MC_ERR | (SENSE_UNIT_ATTENTION << 4);
766 s->status = ERR_STAT;
767 s->nsector = 0;
768 ide_set_irq(s);
769}
770
5391d806
FB		 771static inline void cpu_to_ube16(uint8_t *buf, int val)
772{
773 buf[0] = val >> 8;
9e622b15 774 buf[1] = val & 0xff;
5391d806
FB		 775}
776
777static inline void cpu_to_ube32(uint8_t *buf, unsigned int val)
778{
779 buf[0] = val >> 24;
780 buf[1] = val >> 16;
781 buf[2] = val >> 8;
9e622b15 782 buf[3] = val & 0xff;
5391d806
FB		 783}
784
785static inline int ube16_to_cpu(const uint8_t *buf)
786{
787 return (buf[0] << 8) | buf[1];
788}
789
790static inline int ube32_to_cpu(const uint8_t *buf)
791{
792 return (buf[0] << 24) | (buf[1] << 16) | (buf[2] << 8) | buf[3];
793}
794
98087450
FB		 795static void lba_to_msf(uint8_t *buf, int lba)
796{
797 lba += 150;
798 buf[0] = (lba / 75) / 60;
799 buf[1] = (lba / 75) % 60;
800 buf[2] = lba % 75;
801}
802
8ccad811
FB		 803static void cd_data_to_raw(uint8_t *buf, int lba)
804{
805 /* sync bytes */
806 buf[0] = 0x00;
807 memset(buf + 1, 0xff, 10);
808 buf[11] = 0x00;
809 buf += 12;
810 /* MSF */
811 lba_to_msf(buf, lba);
812 buf[3] = 0x01; /* mode 1 data */
813 buf += 4;
814 /* data */
815 buf += 2048;
816 /* XXX: ECC not computed */
817 memset(buf, 0, 288);
818}
819
5fafdf24 820static int cd_read_sector(BlockDriverState *bs, int lba, uint8_t *buf,
98087450
FB		 821 int sector_size)
822{
66c6ef76
FB		 823 int ret;
824
98087450
FB		 825 switch(sector_size) {
826 case 2048:
66c6ef76 827 ret = bdrv_read(bs, (int64_t)lba << 2, buf, 4);
98087450
FB		 828 break;
829 case 2352:
66c6ef76
FB		 830 ret = bdrv_read(bs, (int64_t)lba << 2, buf + 16, 4);
831 if (ret < 0)
832 return ret;
8ccad811 833 cd_data_to_raw(buf, lba);
98087450
FB		 834 break;
835 default:
66c6ef76 836 ret = -EIO;
98087450
FB		 837 break;
838 }
66c6ef76
FB		 839 return ret;
840}
841
356721ae 842void ide_atapi_io_error(IDEState *s, int ret)
66c6ef76
FB		 843{
844 /* XXX: handle more errors */
845 if (ret == -ENOMEDIUM) {
5fafdf24 846 ide_atapi_cmd_error(s, SENSE_NOT_READY,
66c6ef76
FB		 847 ASC_MEDIUM_NOT_PRESENT);
848 } else {
5fafdf24 849 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
66c6ef76
FB		 850 ASC_LOGICAL_BLOCK_OOR);
851 }
98087450
FB		 852}
853
5391d806
FB		 854/* The whole ATAPI transfer logic is handled in this function */
855static void ide_atapi_cmd_reply_end(IDEState *s)
856{
66c6ef76 857 int byte_count_limit, size, ret;
5391d806 858#ifdef DEBUG_IDE_ATAPI
5fafdf24 859 printf("reply: tx_size=%d elem_tx_size=%d index=%d\n",
5391d806
FB		 860 s->packet_transfer_size,
861 s->elementary_transfer_size,
862 s->io_buffer_index);
863#endif
864 if (s->packet_transfer_size <= 0) {
865 /* end of transfer */
866 ide_transfer_stop(s);
41a2b959 867 s->status = READY_STAT | SEEK_STAT;
5391d806
FB		 868 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
869 ide_set_irq(s);
870#ifdef DEBUG_IDE_ATAPI
871 printf("status=0x%x\n", s->status);
872#endif
873 } else {
874 /* see if a new sector must be read */
98087450 875 if (s->lba != -1 && s->io_buffer_index >= s->cd_sector_size) {
66c6ef76
FB		 876 ret = cd_read_sector(s->bs, s->lba, s->io_buffer, s->cd_sector_size);
877 if (ret < 0) {
878 ide_transfer_stop(s);
879 ide_atapi_io_error(s, ret);
880 return;
881 }
5391d806
FB		 882 s->lba++;
883 s->io_buffer_index = 0;
884 }
885 if (s->elementary_transfer_size > 0) {
886 /* there are some data left to transmit in this elementary
887 transfer */
98087450 888 size = s->cd_sector_size - s->io_buffer_index;
5391d806
FB		 889 if (size > s->elementary_transfer_size)
890 size = s->elementary_transfer_size;
5fafdf24 891 ide_transfer_start(s, s->io_buffer + s->io_buffer_index,
5391d806
FB		 892 size, ide_atapi_cmd_reply_end);
893 s->packet_transfer_size -= size;
894 s->elementary_transfer_size -= size;
895 s->io_buffer_index += size;
896 } else {
897 /* a new transfer is needed */
898 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO;
899 byte_count_limit = s->lcyl | (s->hcyl << 8);
900#ifdef DEBUG_IDE_ATAPI
901 printf("byte_count_limit=%d\n", byte_count_limit);
902#endif
903 if (byte_count_limit == 0xffff)
904 byte_count_limit--;
905 size = s->packet_transfer_size;
906 if (size > byte_count_limit) {
907 /* byte count limit must be even if this case */
908 if (byte_count_limit & 1)
909 byte_count_limit--;
910 size = byte_count_limit;
5391d806 911 }
a136e5a8
FB		 912 s->lcyl = size;
913 s->hcyl = size >> 8;
5391d806
FB		 914 s->elementary_transfer_size = size;
915 /* we cannot transmit more than one sector at a time */
916 if (s->lba != -1) {
98087450
FB		 917 if (size > (s->cd_sector_size - s->io_buffer_index))
918 size = (s->cd_sector_size - s->io_buffer_index);
5391d806 919 }
5fafdf24 920 ide_transfer_start(s, s->io_buffer + s->io_buffer_index,
5391d806
FB		 921 size, ide_atapi_cmd_reply_end);
922 s->packet_transfer_size -= size;
923 s->elementary_transfer_size -= size;
924 s->io_buffer_index += size;
925 ide_set_irq(s);
926#ifdef DEBUG_IDE_ATAPI
927 printf("status=0x%x\n", s->status);
928#endif
929 }
930 }
931}
932
933/* send a reply of 'size' bytes in s->io_buffer to an ATAPI command */
934static void ide_atapi_cmd_reply(IDEState *s, int size, int max_size)
935{
936 if (size > max_size)
937 size = max_size;
938 s->lba = -1; /* no sector read */
939 s->packet_transfer_size = size;
5f12ab4b 940 s->io_buffer_size = size; /* dma: send the reply data as one chunk */
5391d806
FB		 941 s->elementary_transfer_size = 0;
942 s->io_buffer_index = 0;
943
5f12ab4b 944 if (s->atapi_dma) {
41a2b959 945 s->status = READY_STAT | SEEK_STAT | DRQ_STAT;
5f12ab4b
TS		 946 ide_dma_start(s, ide_atapi_cmd_read_dma_cb);
947 } else {
41a2b959 948 s->status = READY_STAT | SEEK_STAT;
5f12ab4b
TS		 949 ide_atapi_cmd_reply_end(s);
950 }
5391d806
FB		 951}
952
953/* start a CD-CDROM read command */
98087450
FB		 954static void ide_atapi_cmd_read_pio(IDEState *s, int lba, int nb_sectors,
955 int sector_size)
5391d806 956{
5391d806 957 s->lba = lba;
98087450 958 s->packet_transfer_size = nb_sectors * sector_size;
5391d806 959 s->elementary_transfer_size = 0;
98087450
FB		 960 s->io_buffer_index = sector_size;
961 s->cd_sector_size = sector_size;
5391d806 962
41a2b959 963 s->status = READY_STAT | SEEK_STAT;
5391d806
FB		 964 ide_atapi_cmd_reply_end(s);
965}
966
98087450 967/* ATAPI DMA support */
8ccad811
FB		 968
969/* XXX: handle read errors */
970static void ide_atapi_cmd_read_dma_cb(void *opaque, int ret)
98087450 971{
8ccad811 972 BMDMAState *bm = opaque;
bcbdc4d3 973 IDEState *s = bmdma_active_if(bm);
8ccad811
FB		 974 int data_offset, n;
975
66c6ef76
FB		 976 if (ret < 0) {
977 ide_atapi_io_error(s, ret);
978 goto eot;
979 }
980
8ccad811 981 if (s->io_buffer_size > 0) {
5f12ab4b
TS		 982 /*
983 * For a cdrom read sector command (s->lba != -1),
984 * adjust the lba for the next s->io_buffer_size chunk
985 * and dma the current chunk.
986 * For a command != read (s->lba == -1), just transfer
987 * the reply data.
988 */
989 if (s->lba != -1) {
990 if (s->cd_sector_size == 2352) {
991 n = 1;
992 cd_data_to_raw(s->io_buffer, s->lba);
993 } else {
994 n = s->io_buffer_size >> 11;
995 }
996 s->lba += n;
997 }
8ccad811 998 s->packet_transfer_size -= s->io_buffer_size;
8ccad811
FB		 999 if (dma_buf_rw(bm, 1) == 0)
1000 goto eot;
98087450 1001 }
8ccad811 1002
98087450 1003 if (s->packet_transfer_size <= 0) {
41a2b959 1004 s->status = READY_STAT | SEEK_STAT;
98087450
FB		 1005 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
1006 ide_set_irq(s);
8ccad811
FB		 1007 eot:
1008 bm->status &= ~BM_STATUS_DMAING;
1009 bm->status |= BM_STATUS_INT;
1010 bm->dma_cb = NULL;
bcbdc4d3 1011 bm->unit = -1;
8ccad811
FB		 1012 bm->aiocb = NULL;
1013 return;
1014 }
3b46e624 1015
8ccad811
FB		 1016 s->io_buffer_index = 0;
1017 if (s->cd_sector_size == 2352) {
1018 n = 1;
1019 s->io_buffer_size = s->cd_sector_size;
1020 data_offset = 16;
1021 } else {
1022 n = s->packet_transfer_size >> 11;
1d8cde5b
AJ		 1023 if (n > (IDE_DMA_BUF_SECTORS / 4))
1024 n = (IDE_DMA_BUF_SECTORS / 4);
8ccad811
FB		 1025 s->io_buffer_size = n * 2048;
1026 data_offset = 0;
98087450 1027 }
8ccad811
FB		 1028#ifdef DEBUG_AIO
1029 printf("aio_read_cd: lba=%u n=%d\n", s->lba, n);
1030#endif
3f4cb3d3 1031 bm->iov.iov_base = (void *)(s->io_buffer + data_offset);
c87c0672
AL		 1032 bm->iov.iov_len = n * 4 * 512;
1033 qemu_iovec_init_external(&bm->qiov, &bm->iov, 1);
1034 bm->aiocb = bdrv_aio_readv(s->bs, (int64_t)s->lba << 2, &bm->qiov,
1035 n * 4, ide_atapi_cmd_read_dma_cb, bm);
66c6ef76
FB		 1036 if (!bm->aiocb) {
1037 /* Note: media not present is the most likely case */
5fafdf24 1038 ide_atapi_cmd_error(s, SENSE_NOT_READY,
66c6ef76
FB		 1039 ASC_MEDIUM_NOT_PRESENT);
1040 goto eot;
1041 }
98087450
FB		 1042}
1043
1044/* start a CD-CDROM read command with DMA */
1045/* XXX: test if DMA is available */
1046static void ide_atapi_cmd_read_dma(IDEState *s, int lba, int nb_sectors,
1047 int sector_size)
1048{
1049 s->lba = lba;
1050 s->packet_transfer_size = nb_sectors * sector_size;
8ccad811
FB		 1051 s->io_buffer_index = 0;
1052 s->io_buffer_size = 0;
98087450
FB		 1053 s->cd_sector_size = sector_size;
1054
8ccad811 1055 /* XXX: check if BUSY_STAT should be set */
41a2b959 1056 s->status = READY_STAT | SEEK_STAT | DRQ_STAT | BUSY_STAT;
98087450
FB		 1057 ide_dma_start(s, ide_atapi_cmd_read_dma_cb);
1058}
1059
5fafdf24 1060static void ide_atapi_cmd_read(IDEState *s, int lba, int nb_sectors,
98087450
FB		 1061 int sector_size)
1062{
1063#ifdef DEBUG_IDE_ATAPI
5f12ab4b
TS		 1064 printf("read %s: LBA=%d nb_sectors=%d\n", s->atapi_dma ? "dma" : "pio",
1065 lba, nb_sectors);
98087450
FB		 1066#endif
1067 if (s->atapi_dma) {
1068 ide_atapi_cmd_read_dma(s, lba, nb_sectors, sector_size);
1069 } else {
1070 ide_atapi_cmd_read_pio(s, lba, nb_sectors, sector_size);
1071 }
1072}
1073
38cdea7c
AZ		 1074static inline uint8_t ide_atapi_set_profile(uint8_t *buf, uint8_t *index,
1075 uint16_t profile)
1076{
1077 uint8_t *buf_profile = buf + 12; /* start of profiles */
1078
1079 buf_profile += ((*index) * 4); /* start of indexed profile */
1080 cpu_to_ube16 (buf_profile, profile);
1081 buf_profile[2] = ((buf_profile[0] == buf[6]) && (buf_profile[1] == buf[7]));
1082
1083 /* each profile adds 4 bytes to the response */
1084 (*index)++;
1085 buf[11] += 4; /* Additional Length */
1086
1087 return 4;
1088}
1089
8114e9e8
TS		 1090static int ide_dvd_read_structure(IDEState *s, int format,
1091 const uint8_t *packet, uint8_t *buf)
1092{
1093 switch (format) {
1094 case 0x0: /* Physical format information */
1095 {
1096 int layer = packet[6];
1097 uint64_t total_sectors;
1098
1099 if (layer != 0)
1100 return -ASC_INV_FIELD_IN_CMD_PACKET;
1101
1102 bdrv_get_geometry(s->bs, &total_sectors);
1103 total_sectors >>= 2;
1104 if (total_sectors == 0)
1105 return -ASC_MEDIUM_NOT_PRESENT;
1106
1107 buf[4] = 1; /* DVD-ROM, part version 1 */
1108 buf[5] = 0xf; /* 120mm disc, minimum rate unspecified */
1109 buf[6] = 1; /* one layer, read-only (per MMC-2 spec) */
1110 buf[7] = 0; /* default densities */
1111
1112 /* FIXME: 0x30000 per spec? */
1113 cpu_to_ube32(buf + 8, 0); /* start sector */
1114 cpu_to_ube32(buf + 12, total_sectors - 1); /* end sector */
1115 cpu_to_ube32(buf + 16, total_sectors - 1); /* l0 end sector */
1116
1117 /* Size of buffer, not including 2 byte size field */
1118 cpu_to_be16wu((uint16_t *)buf, 2048 + 2);
1119
1120 /* 2k data + 4 byte header */
1121 return (2048 + 4);
1122 }
1123
1124 case 0x01: /* DVD copyright information */
1125 buf[4] = 0; /* no copyright data */
1126 buf[5] = 0; /* no region restrictions */
1127
1128 /* Size of buffer, not including 2 byte size field */
1129 cpu_to_be16wu((uint16_t *)buf, 4 + 2);
1130
1131 /* 4 byte header + 4 byte data */
1132 return (4 + 4);
1133
1134 case 0x03: /* BCA information - invalid field for no BCA info */
1135 return -ASC_INV_FIELD_IN_CMD_PACKET;
1136
1137 case 0x04: /* DVD disc manufacturing information */
1138 /* Size of buffer, not including 2 byte size field */
1139 cpu_to_be16wu((uint16_t *)buf, 2048 + 2);
1140
1141 /* 2k data + 4 byte header */
1142 return (2048 + 4);
1143
1144 case 0xff:
1145 /*
1146 * This lists all the command capabilities above. Add new ones
1147 * in order and update the length and buffer return values.
1148 */
1149
1150 buf[4] = 0x00; /* Physical format */
1151 buf[5] = 0x40; /* Not writable, is readable */
1152 cpu_to_be16wu((uint16_t *)(buf + 6), 2048 + 4);
1153
1154 buf[8] = 0x01; /* Copyright info */
1155 buf[9] = 0x40; /* Not writable, is readable */
1156 cpu_to_be16wu((uint16_t *)(buf + 10), 4 + 4);
1157
1158 buf[12] = 0x03; /* BCA info */
1159 buf[13] = 0x40; /* Not writable, is readable */
1160 cpu_to_be16wu((uint16_t *)(buf + 14), 188 + 4);
1161
1162 buf[16] = 0x04; /* Manufacturing info */
1163 buf[17] = 0x40; /* Not writable, is readable */
1164 cpu_to_be16wu((uint16_t *)(buf + 18), 2048 + 4);
1165
1166 /* Size of buffer, not including 2 byte size field */
1167 cpu_to_be16wu((uint16_t *)buf, 16 + 2);
1168
1169 /* data written + 4 byte header */
1170 return (16 + 4);
1171
1172 default: /* TODO: formats beyond DVD-ROM requires */
1173 return -ASC_INV_FIELD_IN_CMD_PACKET;
1174 }
1175}
1176
5391d806
FB		 1177static void ide_atapi_cmd(IDEState *s)
1178{
1179 const uint8_t *packet;
1180 uint8_t *buf;
1181 int max_len;
1182
1183 packet = s->io_buffer;
1184 buf = s->io_buffer;
1185#ifdef DEBUG_IDE_ATAPI
1186 {
1187 int i;
1188 printf("ATAPI limit=0x%x packet:", s->lcyl | (s->hcyl << 8));
1189 for(i = 0; i < ATAPI_PACKET_SIZE; i++) {
1190 printf(" %02x", packet[i]);
1191 }
1192 printf("\n");
1193 }
1194#endif
9118e7f0
AL		 1195 /* If there's a UNIT_ATTENTION condition pending, only
1196 REQUEST_SENSE and INQUIRY commands are allowed to complete. */
1197 if (s->sense_key == SENSE_UNIT_ATTENTION &&
1198 s->io_buffer[0] != GPCMD_REQUEST_SENSE &&
1199 s->io_buffer[0] != GPCMD_INQUIRY) {
1200 ide_atapi_cmd_check_status(s);
1201 return;
1202 }
5391d806
FB		 1203 switch(s->io_buffer[0]) {
1204 case GPCMD_TEST_UNIT_READY:
93c8cfd9 1205 if (bdrv_is_inserted(s->bs) && !s->cdrom_changed) {
5391d806
FB		 1206 ide_atapi_cmd_ok(s);
1207 } else {
93c8cfd9 1208 s->cdrom_changed = 0;
5fafdf24 1209 ide_atapi_cmd_error(s, SENSE_NOT_READY,
5391d806
FB		 1210 ASC_MEDIUM_NOT_PRESENT);
1211 }
1212 break;
d14049ea 1213 case GPCMD_MODE_SENSE_6:
5391d806
FB		 1214 case GPCMD_MODE_SENSE_10:
1215 {
1216 int action, code;
d14049ea
TS		 1217 if (packet[0] == GPCMD_MODE_SENSE_10)
1218 max_len = ube16_to_cpu(packet + 7);
1219 else
1220 max_len = packet[4];
5391d806
FB		 1221 action = packet[2] >> 6;
1222 code = packet[2] & 0x3f;
1223 switch(action) {
1224 case 0: /* current values */
1225 switch(code) {
1226 case 0x01: /* error recovery */
1227 cpu_to_ube16(&buf[0], 16 + 6);
1228 buf[2] = 0x70;
1229 buf[3] = 0;
1230 buf[4] = 0;
1231 buf[5] = 0;
1232 buf[6] = 0;
1233 buf[7] = 0;
1234
1235 buf[8] = 0x01;
1236 buf[9] = 0x06;
1237 buf[10] = 0x00;
1238 buf[11] = 0x05;
1239 buf[12] = 0x00;
1240 buf[13] = 0x00;
1241 buf[14] = 0x00;
1242 buf[15] = 0x00;
1243 ide_atapi_cmd_reply(s, 16, max_len);
1244 break;
1245 case 0x2a:
1246 cpu_to_ube16(&buf[0], 28 + 6);
1247 buf[2] = 0x70;
1248 buf[3] = 0;
1249 buf[4] = 0;
1250 buf[5] = 0;
1251 buf[6] = 0;
1252 buf[7] = 0;
1253
1254 buf[8] = 0x2a;
1255 buf[9] = 0x12;
0d4a05a1 1256 buf[10] = 0x00;
5391d806 1257 buf[11] = 0x00;
3b46e624 1258
d5b4eb40
AL		 1259 /* Claim PLAY_AUDIO capability (0x01) since some Linux
1260 code checks for this to automount media. */
1261 buf[12] = 0x71;
5391d806
FB		 1262 buf[13] = 3 << 5;
1263 buf[14] = (1 << 0) | (1 << 3) | (1 << 5);
caed8802 1264 if (bdrv_is_locked(s->bs))
5391d806
FB		 1265 buf[6] |= 1 << 1;
1266 buf[15] = 0x00;
1267 cpu_to_ube16(&buf[16], 706);
1268 buf[18] = 0;
1269 buf[19] = 2;
1270 cpu_to_ube16(&buf[20], 512);
1271 cpu_to_ube16(&buf[22], 706);
1272 buf[24] = 0;
1273 buf[25] = 0;
1274 buf[26] = 0;
1275 buf[27] = 0;
1276 ide_atapi_cmd_reply(s, 28, max_len);
1277 break;
1278 default:
1279 goto error_cmd;
1280 }
1281 break;
1282 case 1: /* changeable values */
1283 goto error_cmd;
1284 case 2: /* default values */
1285 goto error_cmd;
1286 default:
1287 case 3: /* saved values */
5fafdf24 1288 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
5391d806
FB		 1289 ASC_SAVING_PARAMETERS_NOT_SUPPORTED);
1290 break;
1291 }
1292 }
1293 break;
1294 case GPCMD_REQUEST_SENSE:
1295 max_len = packet[4];
1296 memset(buf, 0, 18);
1297 buf[0] = 0x70 | (1 << 7);
1298 buf[2] = s->sense_key;
1299 buf[7] = 10;
1300 buf[12] = s->asc;
9118e7f0
AL		 1301 if (s->sense_key == SENSE_UNIT_ATTENTION)
1302 s->sense_key = SENSE_NONE;
5391d806
FB		 1303 ide_atapi_cmd_reply(s, 18, max_len);
1304 break;
1305 case GPCMD_PREVENT_ALLOW_MEDIUM_REMOVAL:
caed8802
FB		 1306 if (bdrv_is_inserted(s->bs)) {
1307 bdrv_set_locked(s->bs, packet[4] & 1);
5391d806
FB		 1308 ide_atapi_cmd_ok(s);
1309 } else {
5fafdf24 1310 ide_atapi_cmd_error(s, SENSE_NOT_READY,
5391d806
FB		 1311 ASC_MEDIUM_NOT_PRESENT);
1312 }
1313 break;
1314 case GPCMD_READ_10:
1315 case GPCMD_READ_12:
1316 {
1317 int nb_sectors, lba;
1318
5391d806
FB		 1319 if (packet[0] == GPCMD_READ_10)
1320 nb_sectors = ube16_to_cpu(packet + 7);
1321 else
1322 nb_sectors = ube32_to_cpu(packet + 6);
1323 lba = ube32_to_cpu(packet + 2);
1324 if (nb_sectors == 0) {
1325 ide_atapi_cmd_ok(s);
1326 break;
1327 }
98087450
FB		 1328 ide_atapi_cmd_read(s, lba, nb_sectors, 2048);
1329 }
1330 break;
1331 case GPCMD_READ_CD:
1332 {
1333 int nb_sectors, lba, transfer_request;
1334
98087450
FB		 1335 nb_sectors = (packet[6] << 16) | (packet[7] << 8) | packet[8];
1336 lba = ube32_to_cpu(packet + 2);
1337 if (nb_sectors == 0) {
1338 ide_atapi_cmd_ok(s);
1339 break;
1340 }
98087450
FB		 1341 transfer_request = packet[9];
1342 switch(transfer_request & 0xf8) {
1343 case 0x00:
1344 /* nothing */
1345 ide_atapi_cmd_ok(s);
1346 break;
1347 case 0x10:
1348 /* normal read */
1349 ide_atapi_cmd_read(s, lba, nb_sectors, 2048);
1350 break;
1351 case 0xf8:
1352 /* read all data */
1353 ide_atapi_cmd_read(s, lba, nb_sectors, 2352);
1354 break;
1355 default:
5fafdf24 1356 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
98087450
FB		 1357 ASC_INV_FIELD_IN_CMD_PACKET);
1358 break;
1359 }
5391d806
FB		 1360 }
1361 break;
1362 case GPCMD_SEEK:
1363 {
96b8f136
TS		 1364 unsigned int lba;
1365 uint64_t total_sectors;
66c6ef76
FB		 1366
1367 bdrv_get_geometry(s->bs, &total_sectors);
1368 total_sectors >>= 2;
96b8f136 1369 if (total_sectors == 0) {
5fafdf24 1370 ide_atapi_cmd_error(s, SENSE_NOT_READY,
5391d806
FB		 1371 ASC_MEDIUM_NOT_PRESENT);
1372 break;
1373 }
1374 lba = ube32_to_cpu(packet + 2);
66c6ef76 1375 if (lba >= total_sectors) {
5fafdf24 1376 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
5391d806
FB		 1377 ASC_LOGICAL_BLOCK_OOR);
1378 break;
1379 }
1380 ide_atapi_cmd_ok(s);
1381 }
1382 break;
1383 case GPCMD_START_STOP_UNIT:
1384 {
aea2a33c 1385 int start, eject, err = 0;
5391d806
FB		 1386 start = packet[4] & 1;
1387 eject = (packet[4] >> 1) & 1;
3b46e624 1388
aea2a33c
MM		 1389 if (eject) {
1390 err = bdrv_eject(s->bs, !start);
1391 }
1392
1393 switch (err) {
1394 case 0:
1395 ide_atapi_cmd_ok(s);
1396 break;
1397 case -EBUSY:
1398 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1399 ASC_MEDIA_REMOVAL_PREVENTED);
1400 break;
1401 default:
1402 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1403 ASC_MEDIUM_NOT_PRESENT);
1404 break;
caed8802 1405 }
5391d806
FB		 1406 }
1407 break;
1408 case GPCMD_MECHANISM_STATUS:
1409 {
1410 max_len = ube16_to_cpu(packet + 8);
1411 cpu_to_ube16(buf, 0);
1412 /* no current LBA */
1413 buf[2] = 0;
1414 buf[3] = 0;
1415 buf[4] = 0;
1416 buf[5] = 1;
1417 cpu_to_ube16(buf + 6, 0);
1418 ide_atapi_cmd_reply(s, 8, max_len);
1419 }
1420 break;
1421 case GPCMD_READ_TOC_PMA_ATIP:
1422 {
1423 int format, msf, start_track, len;
96b8f136 1424 uint64_t total_sectors;
5391d806 1425
66c6ef76
FB		 1426 bdrv_get_geometry(s->bs, &total_sectors);
1427 total_sectors >>= 2;
96b8f136 1428 if (total_sectors == 0) {
5fafdf24 1429 ide_atapi_cmd_error(s, SENSE_NOT_READY,
5391d806
FB		 1430 ASC_MEDIUM_NOT_PRESENT);
1431 break;
1432 }
1433 max_len = ube16_to_cpu(packet + 7);
1434 format = packet[9] >> 6;
1435 msf = (packet[1] >> 1) & 1;
1436 start_track = packet[6];
1437 switch(format) {
1438 case 0:
66c6ef76 1439 len = cdrom_read_toc(total_sectors, buf, msf, start_track);
5391d806
FB		 1440 if (len < 0)
1441 goto error_cmd;
1442 ide_atapi_cmd_reply(s, len, max_len);
1443 break;
1444 case 1:
1445 /* multi session : only a single session defined */
1446 memset(buf, 0, 12);
1447 buf[1] = 0x0a;
1448 buf[2] = 0x01;
1449 buf[3] = 0x01;
1450 ide_atapi_cmd_reply(s, 12, max_len);
1451 break;
98087450 1452 case 2:
66c6ef76 1453 len = cdrom_read_toc_raw(total_sectors, buf, msf, start_track);
98087450
FB		 1454 if (len < 0)
1455 goto error_cmd;
1456 ide_atapi_cmd_reply(s, len, max_len);
1457 break;
5391d806 1458 default:
7f777bf3 1459 error_cmd:
5fafdf24 1460 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
7f777bf3
FB		 1461 ASC_INV_FIELD_IN_CMD_PACKET);
1462 break;
5391d806
FB		 1463 }
1464 }
1465 break;
1466 case GPCMD_READ_CDVD_CAPACITY:
66c6ef76 1467 {
96b8f136 1468 uint64_t total_sectors;
66c6ef76
FB		 1469
1470 bdrv_get_geometry(s->bs, &total_sectors);
1471 total_sectors >>= 2;
96b8f136 1472 if (total_sectors == 0) {
5fafdf24 1473 ide_atapi_cmd_error(s, SENSE_NOT_READY,
66c6ef76
FB		 1474 ASC_MEDIUM_NOT_PRESENT);
1475 break;
1476 }
1477 /* NOTE: it is really the number of sectors minus 1 */
1478 cpu_to_ube32(buf, total_sectors - 1);
1479 cpu_to_ube32(buf + 4, 2048);
1480 ide_atapi_cmd_reply(s, 8, 8);
5391d806 1481 }
5391d806 1482 break;
d14049ea
TS		 1483 case GPCMD_READ_DVD_STRUCTURE:
1484 {
1485 int media = packet[1];
8114e9e8
TS		 1486 int format = packet[7];
1487 int ret;
d14049ea 1488
8114e9e8 1489 max_len = ube16_to_cpu(packet + 8);
d14049ea 1490
8114e9e8
TS		 1491 if (format < 0xff) {
1492 if (media_is_cd(s)) {
1493 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1494 ASC_INCOMPATIBLE_FORMAT);
1495 break;
1496 } else if (!media_present(s)) {
1497 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1498 ASC_INV_FIELD_IN_CMD_PACKET);
1499 break;
1500 }
1501 }
d14049ea 1502
8114e9e8
TS		 1503 memset(buf, 0, max_len > IDE_DMA_BUF_SECTORS * 512 + 4 ?
1504 IDE_DMA_BUF_SECTORS * 512 + 4 : max_len);
d14049ea 1505
8114e9e8
TS		 1506 switch (format) {
1507 case 0x00 ... 0x7f:
1508 case 0xff:
1509 if (media == 0) {
1510 ret = ide_dvd_read_structure(s, format, packet, buf);
d14049ea 1511
8114e9e8
TS		 1512 if (ret < 0)
1513 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST, -ret);
1514 else
1515 ide_atapi_cmd_reply(s, ret, max_len);
d14049ea 1516
8114e9e8
TS		 1517 break;
1518 }
1519 /* TODO: BD support, fall through for now */
1520
1521 /* Generic disk structures */
1522 case 0x80: /* TODO: AACS volume identifier */
1523 case 0x81: /* TODO: AACS media serial number */
1524 case 0x82: /* TODO: AACS media identifier */
1525 case 0x83: /* TODO: AACS media key block */
1526 case 0x90: /* TODO: List of recognized format layers */
1527 case 0xc0: /* TODO: Write protection status */
d14049ea
TS		 1528 default:
1529 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1530 ASC_INV_FIELD_IN_CMD_PACKET);
1531 break;
1532 }
1533 }
1534 break;
1535 case GPCMD_SET_SPEED:
1536 ide_atapi_cmd_ok(s);
1537 break;
bd0d90b2
FB		 1538 case GPCMD_INQUIRY:
1539 max_len = packet[4];
1540 buf[0] = 0x05; /* CD-ROM */
1541 buf[1] = 0x80; /* removable */
1542 buf[2] = 0x00; /* ISO */
1543 buf[3] = 0x21; /* ATAPI-2 (XXX: put ATAPI-4 ?) */
aa1f17c1 1544 buf[4] = 31; /* additional length */
bd0d90b2
FB		 1545 buf[5] = 0; /* reserved */
1546 buf[6] = 0; /* reserved */
1547 buf[7] = 0; /* reserved */
1548 padstr8(buf + 8, 8, "QEMU");
38cdea7c 1549 padstr8(buf + 16, 16, "QEMU DVD-ROM");
bd0d90b2
FB		 1550 padstr8(buf + 32, 4, QEMU_VERSION);
1551 ide_atapi_cmd_reply(s, 36, max_len);
1552 break;
d14049ea
TS		 1553 case GPCMD_GET_CONFIGURATION:
1554 {
38cdea7c 1555 uint32_t len;
091d055b 1556 uint8_t index = 0;
d14049ea
TS		 1557
1558 /* only feature 0 is supported */
1559 if (packet[2] != 0 || packet[3] != 0) {
1560 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1561 ASC_INV_FIELD_IN_CMD_PACKET);
1562 break;
1563 }
38cdea7c
AZ		 1564
1565 /* XXX: could result in alignment problems in some architectures */
1566 max_len = ube16_to_cpu(packet + 7);
091d055b 1567
38cdea7c 1568 /*
091d055b
AZ		 1569 * XXX: avoid overflow for io_buffer if max_len is bigger than
1570 * the size of that buffer (dimensioned to max number of
1571 * sectors to transfer at once)
38cdea7c 1572 *
091d055b 1573 * Only a problem if the feature/profiles grow.
38cdea7c
AZ		 1574 */
1575 if (max_len > 512) /* XXX: assume 1 sector */
1576 max_len = 512;
1577
1578 memset(buf, 0, max_len);
1579 /*
1580 * the number of sectors from the media tells us which profile
1581 * to use as current. 0 means there is no media
38cdea7c 1582 */
8114e9e8
TS		 1583 if (media_is_dvd(s))
1584 cpu_to_ube16(buf + 6, MMC_PROFILE_DVD_ROM);
1585 else if (media_is_cd(s))
1586 cpu_to_ube16(buf + 6, MMC_PROFILE_CD_ROM);
38cdea7c 1587
091d055b
AZ		 1588 buf[10] = 0x02 | 0x01; /* persistent and current */
1589 len = 12; /* headers: 8 + 4 */
1590 len += ide_atapi_set_profile(buf, &index, MMC_PROFILE_DVD_ROM);
1591 len += ide_atapi_set_profile(buf, &index, MMC_PROFILE_CD_ROM);
38cdea7c
AZ		 1592 cpu_to_ube32(buf, len - 4); /* data length */
1593
1594 ide_atapi_cmd_reply(s, len, max_len);
d14049ea
TS		 1595 break;
1596 }
5391d806 1597 default:
5fafdf24 1598 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
7f777bf3 1599 ASC_ILLEGAL_OPCODE);
5391d806
FB		 1600 break;
1601 }
1602}
1603
201a51fc
AZ		 1604static void ide_cfata_metadata_inquiry(IDEState *s)
1605{
1606 uint16_t *p;
1607 uint32_t spd;
1608
1609 p = (uint16_t *) s->io_buffer;
1610 memset(p, 0, 0x200);
1611 spd = ((s->mdata_size - 1) >> 9) + 1;
1612
1613 put_le16(p + 0, 0x0001); /* Data format revision */
1614 put_le16(p + 1, 0x0000); /* Media property: silicon */
1615 put_le16(p + 2, s->media_changed); /* Media status */
1616 put_le16(p + 3, s->mdata_size & 0xffff); /* Capacity in bytes (low) */
1617 put_le16(p + 4, s->mdata_size >> 16); /* Capacity in bytes (high) */
1618 put_le16(p + 5, spd & 0xffff); /* Sectors per device (low) */
1619 put_le16(p + 6, spd >> 16); /* Sectors per device (high) */
1620}
1621
1622static void ide_cfata_metadata_read(IDEState *s)
1623{
1624 uint16_t *p;
1625
1626 if (((s->hcyl << 16) | s->lcyl) << 9 > s->mdata_size + 2) {
1627 s->status = ERR_STAT;
1628 s->error = ABRT_ERR;
1629 return;
1630 }
1631
1632 p = (uint16_t *) s->io_buffer;
1633 memset(p, 0, 0x200);
1634
1635 put_le16(p + 0, s->media_changed); /* Media status */
1636 memcpy(p + 1, s->mdata_storage + (((s->hcyl << 16) | s->lcyl) << 9),
1637 MIN(MIN(s->mdata_size - (((s->hcyl << 16) | s->lcyl) << 9),
1638 s->nsector << 9), 0x200 - 2));
1639}
1640
1641static void ide_cfata_metadata_write(IDEState *s)
1642{
1643 if (((s->hcyl << 16) | s->lcyl) << 9 > s->mdata_size + 2) {
1644 s->status = ERR_STAT;
1645 s->error = ABRT_ERR;
1646 return;
1647 }
1648
1649 s->media_changed = 0;
1650
1651 memcpy(s->mdata_storage + (((s->hcyl << 16) | s->lcyl) << 9),
1652 s->io_buffer + 2,
1653 MIN(MIN(s->mdata_size - (((s->hcyl << 16) | s->lcyl) << 9),
1654 s->nsector << 9), 0x200 - 2));
1655}
1656
bd491d6a
TS		 1657/* called when the inserted state of the media has changed */
1658static void cdrom_change_cb(void *opaque)
1659{
1660 IDEState *s = opaque;
96b8f136 1661 uint64_t nb_sectors;
bd491d6a 1662
bd491d6a
TS		 1663 bdrv_get_geometry(s->bs, &nb_sectors);
1664 s->nb_sectors = nb_sectors;
9118e7f0
AL		 1665
1666 s->sense_key = SENSE_UNIT_ATTENTION;
1667 s->asc = ASC_MEDIUM_MAY_HAVE_CHANGED;
93c8cfd9 1668 s->cdrom_changed = 1;
9118e7f0 1669 ide_set_irq(s);
bd491d6a
TS		 1670}
1671
c2ff060f
FB		 1672static void ide_cmd_lba48_transform(IDEState *s, int lba48)
1673{
1674 s->lba48 = lba48;
1675
1676 /* handle the 'magic' 0 nsector count conversion here. to avoid
1677 * fiddling with the rest of the read logic, we just store the
1678 * full sector count in ->nsector and ignore ->hob_nsector from now
1679 */
1680 if (!s->lba48) {
1681 if (!s->nsector)
1682 s->nsector = 256;
1683 } else {
1684 if (!s->nsector && !s->hob_nsector)
1685 s->nsector = 65536;
1686 else {
1687 int lo = s->nsector;
1688 int hi = s->hob_nsector;
1689
1690 s->nsector = (hi << 8) | lo;
1691 }
1692 }
1693}
1694
bcbdc4d3 1695static void ide_clear_hob(IDEBus *bus)
c2ff060f
FB		 1696{
1697 /* any write clears HOB high bit of device control register */
bcbdc4d3
GH		 1698 bus->ifs[0].select &= ~(1 << 7);
1699 bus->ifs[1].select &= ~(1 << 7);
c2ff060f
FB		 1700}
1701
356721ae 1702void ide_ioport_write(void *opaque, uint32_t addr, uint32_t val)
caed8802 1703{
bcbdc4d3 1704 IDEBus *bus = opaque;
c45c3d00 1705 IDEState *s;
bcbdc4d3 1706 int n;
c2ff060f 1707 int lba48 = 0;
5391d806
FB		 1708
1709#ifdef DEBUG_IDE
1710 printf("IDE: write addr=0x%x val=0x%02x\n", addr, val);
1711#endif
c2ff060f 1712
5391d806 1713 addr &= 7;
fcdd25ab
AL		 1714
1715 /* ignore writes to command block while busy with previous command */
bcbdc4d3 1716 if (addr != 7 && (idebus_active_if(bus)->status & (BUSY_STAT|DRQ_STAT)))
fcdd25ab
AL		 1717 return;
1718
5391d806
FB		 1719 switch(addr) {
1720 case 0:
1721 break;
1722 case 1:
bcbdc4d3 1723 ide_clear_hob(bus);
c45c3d00 1724 /* NOTE: data is written to the two drives */
bcbdc4d3
GH		 1725 bus->ifs[0].hob_feature = bus->ifs[0].feature;
1726 bus->ifs[1].hob_feature = bus->ifs[1].feature;
1727 bus->ifs[0].feature = val;
1728 bus->ifs[1].feature = val;
5391d806
FB		 1729 break;
1730 case 2:
bcbdc4d3
GH		 1731 ide_clear_hob(bus);
1732 bus->ifs[0].hob_nsector = bus->ifs[0].nsector;
1733 bus->ifs[1].hob_nsector = bus->ifs[1].nsector;
1734 bus->ifs[0].nsector = val;
1735 bus->ifs[1].nsector = val;
5391d806
FB		 1736 break;
1737 case 3:
bcbdc4d3
GH		 1738 ide_clear_hob(bus);
1739 bus->ifs[0].hob_sector = bus->ifs[0].sector;
1740 bus->ifs[1].hob_sector = bus->ifs[1].sector;
1741 bus->ifs[0].sector = val;
1742 bus->ifs[1].sector = val;
5391d806
FB		 1743 break;
1744 case 4:
bcbdc4d3
GH		 1745 ide_clear_hob(bus);
1746 bus->ifs[0].hob_lcyl = bus->ifs[0].lcyl;
1747 bus->ifs[1].hob_lcyl = bus->ifs[1].lcyl;
1748 bus->ifs[0].lcyl = val;
1749 bus->ifs[1].lcyl = val;
5391d806
FB		 1750 break;
1751 case 5:
bcbdc4d3
GH		 1752 ide_clear_hob(bus);
1753 bus->ifs[0].hob_hcyl = bus->ifs[0].hcyl;
1754 bus->ifs[1].hob_hcyl = bus->ifs[1].hcyl;
1755 bus->ifs[0].hcyl = val;
1756 bus->ifs[1].hcyl = val;
5391d806
FB		 1757 break;
1758 case 6:
c2ff060f 1759 /* FIXME: HOB readback uses bit 7 */
bcbdc4d3
GH		 1760 bus->ifs[0].select = (val & ~0x10) | 0xa0;
1761 bus->ifs[1].select = (val | 0x10) | 0xa0;
5391d806 1762 /* select drive */
bcbdc4d3 1763 bus->unit = (val >> 4) & 1;
5391d806
FB		 1764 break;
1765 default:
1766 case 7:
1767 /* command */
1768#if defined(DEBUG_IDE)
1769 printf("ide: CMD=%02x\n", val);
1770#endif
bcbdc4d3 1771 s = idebus_active_if(bus);
66201e2d 1772 /* ignore commands to non existant slave */
bcbdc4d3 1773 if (s != bus->ifs && !s->bs)
66201e2d 1774 break;
c2ff060f 1775
fcdd25ab
AL		 1776 /* Only DEVICE RESET is allowed while BSY or/and DRQ are set */
1777 if ((s->status & (BUSY_STAT|DRQ_STAT)) && val != WIN_DEVICE_RESET)
1778 break;
1779
5391d806
FB		 1780 switch(val) {
1781 case WIN_IDENTIFY:
1782 if (s->bs && !s->is_cdrom) {
201a51fc
AZ		 1783 if (!s->is_cf)
1784 ide_identify(s);
1785 else
1786 ide_cfata_identify(s);
2a282056 1787 s->status = READY_STAT | SEEK_STAT;
5391d806
FB		 1788 ide_transfer_start(s, s->io_buffer, 512, ide_transfer_stop);
1789 } else {
1790 if (s->is_cdrom) {
1791 ide_set_signature(s);
1792 }
1793 ide_abort_command(s);
1794 }
1795 ide_set_irq(s);
1796 break;
1797 case WIN_SPECIFY:
1798 case WIN_RECAL:
a136e5a8 1799 s->error = 0;
769bec72 1800 s->status = READY_STAT | SEEK_STAT;
5391d806
FB		 1801 ide_set_irq(s);
1802 break;
1803 case WIN_SETMULT:
201a51fc
AZ		 1804 if (s->is_cf && s->nsector == 0) {
1805 /* Disable Read and Write Multiple */
1806 s->mult_sectors = 0;
41a2b959 1807 s->status = READY_STAT | SEEK_STAT;
201a51fc 1808 } else if ((s->nsector & 0xff) != 0 &&
39dfc926
TS		 1809 ((s->nsector & 0xff) > MAX_MULT_SECTORS ||
1810 (s->nsector & (s->nsector - 1)) != 0)) {
5391d806
FB		 1811 ide_abort_command(s);
1812 } else {
292eef5a 1813 s->mult_sectors = s->nsector & 0xff;
41a2b959 1814 s->status = READY_STAT | SEEK_STAT;
5391d806
FB		 1815 }
1816 ide_set_irq(s);
1817 break;
c2ff060f
FB		 1818 case WIN_VERIFY_EXT:
1819 lba48 = 1;
4ce900b4
FB		 1820 case WIN_VERIFY:
1821 case WIN_VERIFY_ONCE:
1822 /* do sector number check ? */
c2ff060f 1823 ide_cmd_lba48_transform(s, lba48);
41a2b959 1824 s->status = READY_STAT | SEEK_STAT;
4ce900b4
FB		 1825 ide_set_irq(s);
1826 break;
c2ff060f
FB		 1827 case WIN_READ_EXT:
1828 lba48 = 1;
5391d806
FB		 1829 case WIN_READ:
1830 case WIN_READ_ONCE:
5fafdf24 1831 if (!s->bs)
6b136f9e 1832 goto abort_cmd;
c2ff060f 1833 ide_cmd_lba48_transform(s, lba48);
5391d806
FB		 1834 s->req_nb_sectors = 1;
1835 ide_sector_read(s);
1836 break;
c2ff060f
FB		 1837 case WIN_WRITE_EXT:
1838 lba48 = 1;
5391d806
FB		 1839 case WIN_WRITE:
1840 case WIN_WRITE_ONCE:
201a51fc
AZ		 1841 case CFA_WRITE_SECT_WO_ERASE:
1842 case WIN_WRITE_VERIFY:
c2ff060f 1843 ide_cmd_lba48_transform(s, lba48);
a136e5a8 1844 s->error = 0;
f66723fa 1845 s->status = SEEK_STAT | READY_STAT;
5391d806
FB		 1846 s->req_nb_sectors = 1;
1847 ide_transfer_start(s, s->io_buffer, 512, ide_sector_write);
201a51fc 1848 s->media_changed = 1;
5391d806 1849 break;
c2ff060f
FB		 1850 case WIN_MULTREAD_EXT:
1851 lba48 = 1;
5391d806
FB		 1852 case WIN_MULTREAD:
1853 if (!s->mult_sectors)
1854 goto abort_cmd;
c2ff060f 1855 ide_cmd_lba48_transform(s, lba48);
5391d806
FB		 1856 s->req_nb_sectors = s->mult_sectors;
1857 ide_sector_read(s);
1858 break;
c2ff060f
FB		 1859 case WIN_MULTWRITE_EXT:
1860 lba48 = 1;
5391d806 1861 case WIN_MULTWRITE:
201a51fc 1862 case CFA_WRITE_MULTI_WO_ERASE:
5391d806
FB		 1863 if (!s->mult_sectors)
1864 goto abort_cmd;
c2ff060f 1865 ide_cmd_lba48_transform(s, lba48);
a136e5a8 1866 s->error = 0;
f66723fa 1867 s->status = SEEK_STAT | READY_STAT;
5391d806
FB		 1868 s->req_nb_sectors = s->mult_sectors;
1869 n = s->nsector;
1870 if (n > s->req_nb_sectors)
1871 n = s->req_nb_sectors;
1872 ide_transfer_start(s, s->io_buffer, 512 * n, ide_sector_write);
201a51fc 1873 s->media_changed = 1;
5391d806 1874 break;
c2ff060f
FB		 1875 case WIN_READDMA_EXT:
1876 lba48 = 1;
98087450
FB		 1877 case WIN_READDMA:
1878 case WIN_READDMA_ONCE:
5fafdf24 1879 if (!s->bs)
98087450 1880 goto abort_cmd;
c2ff060f 1881 ide_cmd_lba48_transform(s, lba48);
98087450
FB		 1882 ide_sector_read_dma(s);
1883 break;
c2ff060f
FB		 1884 case WIN_WRITEDMA_EXT:
1885 lba48 = 1;
98087450
FB		 1886 case WIN_WRITEDMA:
1887 case WIN_WRITEDMA_ONCE:
5fafdf24 1888 if (!s->bs)
98087450 1889 goto abort_cmd;
c2ff060f 1890 ide_cmd_lba48_transform(s, lba48);
98087450 1891 ide_sector_write_dma(s);
201a51fc 1892 s->media_changed = 1;
98087450 1893 break;
c2ff060f
FB		 1894 case WIN_READ_NATIVE_MAX_EXT:
1895 lba48 = 1;
5391d806 1896 case WIN_READ_NATIVE_MAX:
c2ff060f 1897 ide_cmd_lba48_transform(s, lba48);
5391d806 1898 ide_set_sector(s, s->nb_sectors - 1);
41a2b959 1899 s->status = READY_STAT | SEEK_STAT;
5391d806
FB		 1900 ide_set_irq(s);
1901 break;
a136e5a8 1902 case WIN_CHECKPOWERMODE1:
201a51fc 1903 case WIN_CHECKPOWERMODE2:
a136e5a8 1904 s->nsector = 0xff; /* device active or idle */
41a2b959 1905 s->status = READY_STAT | SEEK_STAT;
a136e5a8
FB		 1906 ide_set_irq(s);
1907 break;
34e538ae
FB		 1908 case WIN_SETFEATURES:
1909 if (!s->bs)
1910 goto abort_cmd;
1911 /* XXX: valid for CDROM ? */
1912 switch(s->feature) {
e1f63470
TS		 1913 case 0xcc: /* reverting to power-on defaults enable */
1914 case 0x66: /* reverting to power-on defaults disable */
34e538ae
FB		 1915 case 0x02: /* write cache enable */
1916 case 0x82: /* write cache disable */
1917 case 0xaa: /* read look-ahead enable */
1918 case 0x55: /* read look-ahead disable */
201a51fc
AZ		 1919 case 0x05: /* set advanced power management mode */
1920 case 0x85: /* disable advanced power management mode */
1921 case 0x69: /* NOP */
1922 case 0x67: /* NOP */
1923 case 0x96: /* NOP */
1924 case 0x9a: /* NOP */
c3e88d8c
TS		 1925 case 0x42: /* enable Automatic Acoustic Mode */
1926 case 0xc2: /* disable Automatic Acoustic Mode */
e0fe67aa 1927 s->status = READY_STAT | SEEK_STAT;
34e538ae
FB		 1928 ide_set_irq(s);
1929 break;
94458802
FB		 1930 case 0x03: { /* set transfer mode */
1931 uint8_t val = s->nsector & 0x07;
1932
1933 switch (s->nsector >> 3) {
1934 case 0x00: /* pio default */
1935 case 0x01: /* pio mode */
d1b5c20d
TS		 1936 put_le16(s->identify_data + 62,0x07);
1937 put_le16(s->identify_data + 63,0x07);
1938 put_le16(s->identify_data + 88,0x3f);
1939 break;
1940 case 0x02: /* sigle word dma mode*/
1941 put_le16(s->identify_data + 62,0x07 | (1 << (val + 8)));
94458802
FB		 1942 put_le16(s->identify_data + 63,0x07);
1943 put_le16(s->identify_data + 88,0x3f);
1944 break;
1945 case 0x04: /* mdma mode */
d1b5c20d 1946 put_le16(s->identify_data + 62,0x07);
94458802
FB		 1947 put_le16(s->identify_data + 63,0x07 | (1 << (val + 8)));
1948 put_le16(s->identify_data + 88,0x3f);
1949 break;
1950 case 0x08: /* udma mode */
d1b5c20d 1951 put_le16(s->identify_data + 62,0x07);
94458802
FB		 1952 put_le16(s->identify_data + 63,0x07);
1953 put_le16(s->identify_data + 88,0x3f | (1 << (val + 8)));
1954 break;
1955 default:
1956 goto abort_cmd;
1957 }
1958 s->status = READY_STAT | SEEK_STAT;
1959 ide_set_irq(s);
1960 break;
1961 }
34e538ae
FB		 1962 default:
1963 goto abort_cmd;
1964 }
1965 break;
c2ff060f
FB		 1966 case WIN_FLUSH_CACHE:
1967 case WIN_FLUSH_CACHE_EXT:
7a6cba61
PB		 1968 if (s->bs)
1969 bdrv_flush(s->bs);
41a2b959 1970 s->status = READY_STAT | SEEK_STAT;
7a6cba61
PB		 1971 ide_set_irq(s);
1972 break;
c3e88d8c
TS		 1973 case WIN_STANDBY:
1974 case WIN_STANDBY2:
1975 case WIN_STANDBYNOW1:
201a51fc 1976 case WIN_STANDBYNOW2:
c451ee71 1977 case WIN_IDLEIMMEDIATE:
201a51fc
AZ		 1978 case CFA_IDLEIMMEDIATE:
1979 case WIN_SETIDLE1:
1980 case WIN_SETIDLE2:
c3e88d8c
TS		 1981 case WIN_SLEEPNOW1:
1982 case WIN_SLEEPNOW2:
1983 s->status = READY_STAT;
a7dfe172
FB		 1984 ide_set_irq(s);
1985 break;
4fbfcd6d
AJ		 1986 case WIN_SEEK:
1987 if(s->is_cdrom)
1988 goto abort_cmd;
1989 /* XXX: Check that seek is within bounds */
1990 s->status = READY_STAT | SEEK_STAT;
1991 ide_set_irq(s);
1992 break;
5391d806
FB		 1993 /* ATAPI commands */
1994 case WIN_PIDENTIFY:
1995 if (s->is_cdrom) {
1996 ide_atapi_identify(s);
1298fe63 1997 s->status = READY_STAT | SEEK_STAT;
5391d806
FB		 1998 ide_transfer_start(s, s->io_buffer, 512, ide_transfer_stop);
1999 } else {
2000 ide_abort_command(s);
2001 }
2002 ide_set_irq(s);
2003 break;
c451ee71
FB		 2004 case WIN_DIAGNOSE:
2005 ide_set_signature(s);
33256a25
AL		 2006 if (s->is_cdrom)
2007 s->status = 0; /* ATAPI spec (v6) section 9.10 defines packet
2008 * devices to return a clear status register
2009 * with READY_STAT *not* set. */
2010 else
2011 s->status = READY_STAT | SEEK_STAT;
2012 s->error = 0x01; /* Device 0 passed, Device 1 passed or not
2013 * present.
2014 */
f5fdd0a8 2015 ide_set_irq(s);
c451ee71 2016 break;
5391d806
FB		 2017 case WIN_SRST:
2018 if (!s->is_cdrom)
2019 goto abort_cmd;
2020 ide_set_signature(s);
6b136f9e 2021 s->status = 0x00; /* NOTE: READY is _not_ set */
5391d806
FB		 2022 s->error = 0x01;
2023 break;
2024 case WIN_PACKETCMD:
2025 if (!s->is_cdrom)
2026 goto abort_cmd;
98087450
FB		 2027 /* overlapping commands not supported */
2028 if (s->feature & 0x02)
5391d806 2029 goto abort_cmd;
41a2b959 2030 s->status = READY_STAT | SEEK_STAT;
98087450 2031 s->atapi_dma = s->feature & 1;
5391d806 2032 s->nsector = 1;
5fafdf24 2033 ide_transfer_start(s, s->io_buffer, ATAPI_PACKET_SIZE,
5391d806
FB		 2034 ide_atapi_cmd);
2035 break;
201a51fc
AZ		 2036 /* CF-ATA commands */
2037 case CFA_REQ_EXT_ERROR_CODE:
2038 if (!s->is_cf)
2039 goto abort_cmd;
2040 s->error = 0x09; /* miscellaneous error */
41a2b959 2041 s->status = READY_STAT | SEEK_STAT;
201a51fc
AZ		 2042 ide_set_irq(s);
2043 break;
2044 case CFA_ERASE_SECTORS:
2045 case CFA_WEAR_LEVEL:
2046 if (!s->is_cf)
2047 goto abort_cmd;
2048 if (val == CFA_WEAR_LEVEL)
2049 s->nsector = 0;
2050 if (val == CFA_ERASE_SECTORS)
2051 s->media_changed = 1;
2052 s->error = 0x00;
41a2b959 2053 s->status = READY_STAT | SEEK_STAT;
201a51fc
AZ		 2054 ide_set_irq(s);
2055 break;
2056 case CFA_TRANSLATE_SECTOR:
2057 if (!s->is_cf)
2058 goto abort_cmd;
2059 s->error = 0x00;
41a2b959 2060 s->status = READY_STAT | SEEK_STAT;
201a51fc
AZ		 2061 memset(s->io_buffer, 0, 0x200);
2062 s->io_buffer[0x00] = s->hcyl; /* Cyl MSB */
2063 s->io_buffer[0x01] = s->lcyl; /* Cyl LSB */
2064 s->io_buffer[0x02] = s->select; /* Head */
2065 s->io_buffer[0x03] = s->sector; /* Sector */
2066 s->io_buffer[0x04] = ide_get_sector(s) >> 16; /* LBA MSB */
2067 s->io_buffer[0x05] = ide_get_sector(s) >> 8; /* LBA */
2068 s->io_buffer[0x06] = ide_get_sector(s) >> 0; /* LBA LSB */
2069 s->io_buffer[0x13] = 0x00; /* Erase flag */
2070 s->io_buffer[0x18] = 0x00; /* Hot count */
2071 s->io_buffer[0x19] = 0x00; /* Hot count */
2072 s->io_buffer[0x1a] = 0x01; /* Hot count */
2073 ide_transfer_start(s, s->io_buffer, 0x200, ide_transfer_stop);
2074 ide_set_irq(s);
2075 break;
2076 case CFA_ACCESS_METADATA_STORAGE:
2077 if (!s->is_cf)
2078 goto abort_cmd;
2079 switch (s->feature) {
2080 case 0x02: /* Inquiry Metadata Storage */
2081 ide_cfata_metadata_inquiry(s);
2082 break;
2083 case 0x03: /* Read Metadata Storage */
2084 ide_cfata_metadata_read(s);
2085 break;
2086 case 0x04: /* Write Metadata Storage */
2087 ide_cfata_metadata_write(s);
2088 break;
2089 default:
2090 goto abort_cmd;
2091 }
2092 ide_transfer_start(s, s->io_buffer, 0x200, ide_transfer_stop);
2093 s->status = 0x00; /* NOTE: READY is _not_ set */
2094 ide_set_irq(s);
2095 break;
2096 case IBM_SENSE_CONDITION:
2097 if (!s->is_cf)
2098 goto abort_cmd;
2099 switch (s->feature) {
2100 case 0x01: /* sense temperature in device */
2101 s->nsector = 0x50; /* +20 C */
2102 break;
2103 default:
2104 goto abort_cmd;
2105 }
41a2b959 2106 s->status = READY_STAT | SEEK_STAT;
201a51fc
AZ		 2107 ide_set_irq(s);
2108 break;
e8b54394
BW		 2109
2110 case WIN_SMART:
2111 if (s->is_cdrom)
2112 goto abort_cmd;
2113 if (s->hcyl != 0xc2 || s->lcyl != 0x4f)
2114 goto abort_cmd;
2115 if (!s->smart_enabled && s->feature != SMART_ENABLE)
2116 goto abort_cmd;
2117 switch (s->feature) {
2118 case SMART_DISABLE:
2119 s->smart_enabled = 0;
2120 s->status = READY_STAT | SEEK_STAT;
2121 ide_set_irq(s);
2122 break;
2123 case SMART_ENABLE:
2124 s->smart_enabled = 1;
2125 s->status = READY_STAT | SEEK_STAT;
2126 ide_set_irq(s);
2127 break;
2128 case SMART_ATTR_AUTOSAVE:
2129 switch (s->sector) {
2130 case 0x00:
2131 s->smart_autosave = 0;
2132 break;
2133 case 0xf1:
2134 s->smart_autosave = 1;
2135 break;
2136 default:
2137 goto abort_cmd;
2138 }
2139 s->status = READY_STAT | SEEK_STAT;
2140 ide_set_irq(s);
2141 break;
2142 case SMART_STATUS:
2143 if (!s->smart_errors) {
2144 s->hcyl = 0xc2;
2145 s->lcyl = 0x4f;
2146 } else {
2147 s->hcyl = 0x2c;
2148 s->lcyl = 0xf4;
2149 }
2150 s->status = READY_STAT | SEEK_STAT;
2151 ide_set_irq(s);
2152 break;
2153 case SMART_READ_THRESH:
2154 memset(s->io_buffer, 0, 0x200);
2155 s->io_buffer[0] = 0x01; /* smart struct version */
2156 for (n=0; n<30; n++) {
2157 if (smart_attributes[n][0] == 0)
2158 break;
2159 s->io_buffer[2+0+(n*12)] = smart_attributes[n][0];
2160 s->io_buffer[2+1+(n*12)] = smart_attributes[n][4];
2161 }
2162 for (n=0; n<511; n++) /* checksum */
2163 s->io_buffer[511] += s->io_buffer[n];
2164 s->io_buffer[511] = 0x100 - s->io_buffer[511];
2165 s->status = READY_STAT | SEEK_STAT;
2166 ide_transfer_start(s, s->io_buffer, 0x200, ide_transfer_stop);
2167 ide_set_irq(s);
2168 break;
2169 case SMART_READ_DATA:
2170 memset(s->io_buffer, 0, 0x200);
2171 s->io_buffer[0] = 0x01; /* smart struct version */
2172 for (n=0; n<30; n++) {
2173 if (smart_attributes[n][0] == 0)
2174 break;
2175 s->io_buffer[2+0+(n*12)] = smart_attributes[n][0];
2176 s->io_buffer[2+1+(n*12)] = smart_attributes[n][1];
2177 s->io_buffer[2+3+(n*12)] = smart_attributes[n][2];
2178 s->io_buffer[2+4+(n*12)] = smart_attributes[n][3];
2179 }
2180 s->io_buffer[362] = 0x02 | (s->smart_autosave?0x80:0x00);
2181 if (s->smart_selftest_count == 0) {
2182 s->io_buffer[363] = 0;
2183 } else {
2184 s->io_buffer[363] =
2185 s->smart_selftest_data[3 +
2186 (s->smart_selftest_count - 1) *
2187 24];
2188 }
2189 s->io_buffer[364] = 0x20;
2190 s->io_buffer[365] = 0x01;
2191 /* offline data collection capacity: execute + self-test*/
2192 s->io_buffer[367] = (1<<4 | 1<<3 | 1);
2193 s->io_buffer[368] = 0x03; /* smart capability (1) */
2194 s->io_buffer[369] = 0x00; /* smart capability (2) */
2195 s->io_buffer[370] = 0x01; /* error logging supported */
2196 s->io_buffer[372] = 0x02; /* minutes for poll short test */
2197 s->io_buffer[373] = 0x36; /* minutes for poll ext test */
2198 s->io_buffer[374] = 0x01; /* minutes for poll conveyance */
2199
2200 for (n=0; n<511; n++)
2201 s->io_buffer[511] += s->io_buffer[n];
2202 s->io_buffer[511] = 0x100 - s->io_buffer[511];
2203 s->status = READY_STAT | SEEK_STAT;
2204 ide_transfer_start(s, s->io_buffer, 0x200, ide_transfer_stop);
2205 ide_set_irq(s);
2206 break;
2207 case SMART_READ_LOG:
2208 switch (s->sector) {
2209 case 0x01: /* summary smart error log */
2210 memset(s->io_buffer, 0, 0x200);
2211 s->io_buffer[0] = 0x01;
2212 s->io_buffer[1] = 0x00; /* no error entries */
2213 s->io_buffer[452] = s->smart_errors & 0xff;
2214 s->io_buffer[453] = (s->smart_errors & 0xff00) >> 8;
2215
2216 for (n=0; n<511; n++)
2217 s->io_buffer[511] += s->io_buffer[n];
2218 s->io_buffer[511] = 0x100 - s->io_buffer[511];
2219 break;
2220 case 0x06: /* smart self test log */
2221 memset(s->io_buffer, 0, 0x200);
2222 s->io_buffer[0] = 0x01;
2223 if (s->smart_selftest_count == 0) {
2224 s->io_buffer[508] = 0;
2225 } else {
2226 s->io_buffer[508] = s->smart_selftest_count;
2227 for (n=2; n<506; n++)
2228 s->io_buffer[n] = s->smart_selftest_data[n];
2229 }
2230 for (n=0; n<511; n++)
2231 s->io_buffer[511] += s->io_buffer[n];
2232 s->io_buffer[511] = 0x100 - s->io_buffer[511];
2233 break;
2234 default:
2235 goto abort_cmd;
2236 }
2237 s->status = READY_STAT | SEEK_STAT;
2238 ide_transfer_start(s, s->io_buffer, 0x200, ide_transfer_stop);
2239 ide_set_irq(s);
2240 break;
2241 case SMART_EXECUTE_OFFLINE:
2242 switch (s->sector) {
2243 case 0: /* off-line routine */
2244 case 1: /* short self test */
2245 case 2: /* extended self test */
2246 s->smart_selftest_count++;
2247 if(s->smart_selftest_count > 21)
2248 s->smart_selftest_count = 0;
2249 n = 2 + (s->smart_selftest_count - 1) * 24;
2250 s->smart_selftest_data[n] = s->sector;
2251 s->smart_selftest_data[n+1] = 0x00; /* OK and finished */
2252 s->smart_selftest_data[n+2] = 0x34; /* hour count lsb */
2253 s->smart_selftest_data[n+3] = 0x12; /* hour count msb */
2254 s->status = READY_STAT | SEEK_STAT;
2255 ide_set_irq(s);
2256 break;
2257 default:
2258 goto abort_cmd;
2259 }
2260 break;
2261 default:
2262 goto abort_cmd;
2263 }
2264 break;
5391d806
FB		 2265 default:
2266 abort_cmd:
2267 ide_abort_command(s);
2268 ide_set_irq(s);
2269 break;
2270 }
2271 }
2272}
2273
356721ae 2274uint32_t ide_ioport_read(void *opaque, uint32_t addr1)
5391d806 2275{
bcbdc4d3
GH		 2276 IDEBus *bus = opaque;
2277 IDEState *s = idebus_active_if(bus);
5391d806 2278 uint32_t addr;
c2ff060f 2279 int ret, hob;
5391d806
FB		 2280
2281 addr = addr1 & 7;
c2ff060f
FB		 2282 /* FIXME: HOB readback uses bit 7, but it's always set right now */
2283 //hob = s->select & (1 << 7);
2284 hob = 0;
5391d806
FB		 2285 switch(addr) {
2286 case 0:
2287 ret = 0xff;
2288 break;
2289 case 1:
bcbdc4d3
GH		 2290 if ((!bus->ifs[0].bs && !bus->ifs[1].bs) ||
2291 (s != bus->ifs && !s->bs))
c45c3d00 2292 ret = 0;
c2ff060f 2293 else if (!hob)
c45c3d00 2294 ret = s->error;
c2ff060f
FB		 2295 else
2296 ret = s->hob_feature;
5391d806
FB		 2297 break;
2298 case 2:
bcbdc4d3 2299 if (!bus->ifs[0].bs && !bus->ifs[1].bs)
c45c3d00 2300 ret = 0;
c2ff060f 2301 else if (!hob)
c45c3d00 2302 ret = s->nsector & 0xff;
c2ff060f
FB		 2303 else
2304 ret = s->hob_nsector;
5391d806
FB		 2305 break;
2306 case 3:
bcbdc4d3 2307 if (!bus->ifs[0].bs && !bus->ifs[1].bs)
c45c3d00 2308 ret = 0;
c2ff060f 2309 else if (!hob)
c45c3d00 2310 ret = s->sector;
c2ff060f
FB		 2311 else
2312 ret = s->hob_sector;
5391d806
FB		 2313 break;
2314 case 4:
bcbdc4d3 2315 if (!bus->ifs[0].bs && !bus->ifs[1].bs)
c45c3d00 2316 ret = 0;
c2ff060f 2317 else if (!hob)
c45c3d00 2318 ret = s->lcyl;
c2ff060f
FB		 2319 else
2320 ret = s->hob_lcyl;
5391d806
FB		 2321 break;
2322 case 5:
bcbdc4d3 2323 if (!bus->ifs[0].bs && !bus->ifs[1].bs)
c45c3d00 2324 ret = 0;
c2ff060f 2325 else if (!hob)
c45c3d00 2326 ret = s->hcyl;
c2ff060f
FB		 2327 else
2328 ret = s->hob_hcyl;
5391d806
FB		 2329 break;
2330 case 6:
bcbdc4d3 2331 if (!bus->ifs[0].bs && !bus->ifs[1].bs)
c45c3d00
FB		 2332 ret = 0;
2333 else
7ae98627 2334 ret = s->select;
5391d806
FB		 2335 break;
2336 default:
2337 case 7:
bcbdc4d3
GH		 2338 if ((!bus->ifs[0].bs && !bus->ifs[1].bs) ||
2339 (s != bus->ifs && !s->bs))
c45c3d00
FB		 2340 ret = 0;
2341 else
2342 ret = s->status;
d537cf6c 2343 qemu_irq_lower(s->irq);
5391d806
FB		 2344 break;
2345 }
2346#ifdef DEBUG_IDE
2347 printf("ide: read addr=0x%x val=%02x\n", addr1, ret);
2348#endif
2349 return ret;
2350}
2351
356721ae 2352uint32_t ide_status_read(void *opaque, uint32_t addr)
5391d806 2353{
bcbdc4d3
GH		 2354 IDEBus *bus = opaque;
2355 IDEState *s = idebus_active_if(bus);
5391d806 2356 int ret;
7ae98627 2357
bcbdc4d3
GH		 2358 if ((!bus->ifs[0].bs && !bus->ifs[1].bs) ||
2359 (s != bus->ifs && !s->bs))
7ae98627
FB		 2360 ret = 0;
2361 else
2362 ret = s->status;
5391d806
FB		 2363#ifdef DEBUG_IDE
2364 printf("ide: read status addr=0x%x val=%02x\n", addr, ret);
2365#endif
2366 return ret;
2367}
2368
356721ae 2369void ide_cmd_write(void *opaque, uint32_t addr, uint32_t val)
5391d806 2370{
bcbdc4d3 2371 IDEBus *bus = opaque;
5391d806
FB		 2372 IDEState *s;
2373 int i;
2374
2375#ifdef DEBUG_IDE
2376 printf("ide: write control addr=0x%x val=%02x\n", addr, val);
2377#endif
2378 /* common for both drives */
bcbdc4d3 2379 if (!(bus->ifs[0].cmd & IDE_CMD_RESET) &&
5391d806
FB		 2380 (val & IDE_CMD_RESET)) {
2381 /* reset low to high */
2382 for(i = 0;i < 2; i++) {
bcbdc4d3 2383 s = &bus->ifs[i];
5391d806
FB		 2384 s->status = BUSY_STAT | SEEK_STAT;
2385 s->error = 0x01;
2386 }
bcbdc4d3 2387 } else if ((bus->ifs[0].cmd & IDE_CMD_RESET) &&
5391d806
FB		 2388 !(val & IDE_CMD_RESET)) {
2389 /* high to low */
2390 for(i = 0;i < 2; i++) {
bcbdc4d3 2391 s = &bus->ifs[i];
6b136f9e
FB		 2392 if (s->is_cdrom)
2393 s->status = 0x00; /* NOTE: READY is _not_ set */
2394 else
56bf1d37 2395 s->status = READY_STAT | SEEK_STAT;
5391d806
FB		 2396 ide_set_signature(s);
2397 }
2398 }
2399
bcbdc4d3
GH		 2400 bus->ifs[0].cmd = val;
2401 bus->ifs[1].cmd = val;
5391d806
FB		 2402}
2403
356721ae 2404void ide_data_writew(void *opaque, uint32_t addr, uint32_t val)
5391d806 2405{
bcbdc4d3
GH		 2406 IDEBus *bus = opaque;
2407 IDEState *s = idebus_active_if(bus);
5391d806
FB		 2408 uint8_t *p;
2409
fcdd25ab
AL		 2410 /* PIO data access allowed only when DRQ bit is set */
2411 if (!(s->status & DRQ_STAT))
2412 return;
2413
5391d806 2414 p = s->data_ptr;
0c4ad8dc 2415 *(uint16_t *)p = le16_to_cpu(val);
5391d806
FB		 2416 p += 2;
2417 s->data_ptr = p;
2418 if (p >= s->data_end)
2419 s->end_transfer_func(s);
2420}
2421
356721ae 2422uint32_t ide_data_readw(void *opaque, uint32_t addr)
5391d806 2423{
bcbdc4d3
GH		 2424 IDEBus *bus = opaque;
2425 IDEState *s = idebus_active_if(bus);
5391d806
FB		 2426 uint8_t *p;
2427 int ret;
fcdd25ab
AL		 2428
2429 /* PIO data access allowed only when DRQ bit is set */
2430 if (!(s->status & DRQ_STAT))
2431 return 0;
2432
5391d806 2433 p = s->data_ptr;
0c4ad8dc 2434 ret = cpu_to_le16(*(uint16_t *)p);
5391d806
FB		 2435 p += 2;
2436 s->data_ptr = p;
2437 if (p >= s->data_end)
2438 s->end_transfer_func(s);
2439 return ret;
2440}
2441
356721ae 2442void ide_data_writel(void *opaque, uint32_t addr, uint32_t val)
5391d806 2443{
bcbdc4d3
GH		 2444 IDEBus *bus = opaque;
2445 IDEState *s = idebus_active_if(bus);
5391d806
FB		 2446 uint8_t *p;
2447
fcdd25ab
AL		 2448 /* PIO data access allowed only when DRQ bit is set */
2449 if (!(s->status & DRQ_STAT))
2450 return;
2451
5391d806 2452 p = s->data_ptr;
0c4ad8dc 2453 *(uint32_t *)p = le32_to_cpu(val);
5391d806
FB		 2454 p += 4;
2455 s->data_ptr = p;
2456 if (p >= s->data_end)
2457 s->end_transfer_func(s);
2458}
2459
356721ae 2460uint32_t ide_data_readl(void *opaque, uint32_t addr)
5391d806 2461{
bcbdc4d3
GH		 2462 IDEBus *bus = opaque;
2463 IDEState *s = idebus_active_if(bus);
5391d806
FB		 2464 uint8_t *p;
2465 int ret;
3b46e624 2466
fcdd25ab
AL		 2467 /* PIO data access allowed only when DRQ bit is set */
2468 if (!(s->status & DRQ_STAT))
2469 return 0;
2470
5391d806 2471 p = s->data_ptr;
0c4ad8dc 2472 ret = cpu_to_le32(*(uint32_t *)p);
5391d806
FB		 2473 p += 4;
2474 s->data_ptr = p;
2475 if (p >= s->data_end)
2476 s->end_transfer_func(s);
2477 return ret;
2478}
2479
a7dfe172
FB		 2480static void ide_dummy_transfer_stop(IDEState *s)
2481{
2482 s->data_ptr = s->io_buffer;
2483 s->data_end = s->io_buffer;
2484 s->io_buffer[0] = 0xff;
2485 s->io_buffer[1] = 0xff;
2486 s->io_buffer[2] = 0xff;
2487 s->io_buffer[3] = 0xff;
2488}
2489
356721ae 2490void ide_reset(IDEState *s)
5391d806 2491{
bcbdc4d3
GH		 2492 IDEBus *bus = s->bus;
2493
201a51fc
AZ		 2494 if (s->is_cf)
2495 s->mult_sectors = 0;
2496 else
2497 s->mult_sectors = MAX_MULT_SECTORS;
bcbdc4d3 2498 bus->unit = s->unit;
5391d806 2499 s->select = 0xa0;
41a2b959 2500 s->status = READY_STAT | SEEK_STAT;
5391d806 2501 ide_set_signature(s);
a7dfe172
FB		 2502 /* init the transfer handler so that 0xffff is returned on data
2503 accesses */
2504 s->end_transfer_func = ide_dummy_transfer_stop;
2505 ide_dummy_transfer_stop(s);
201a51fc 2506 s->media_changed = 0;
5391d806
FB		 2507}
2508
f455e98c 2509void ide_init2(IDEBus *bus, DriveInfo *hd0, DriveInfo *hd1,
356721ae 2510 qemu_irq irq)
5391d806 2511{
69b91039 2512 IDEState *s;
aedf5382 2513 static int drive_serial = 1;
f3d54fc4 2514 int i, cylinders, heads, secs;
96b8f136 2515 uint64_t nb_sectors;
5391d806 2516
caed8802 2517 for(i = 0; i < 2; i++) {
bcbdc4d3
GH		 2518 s = bus->ifs + i;
2519 s->bus = bus;
2520 s->unit = i;
f455e98c
GH		 2521 if (i == 0 && hd0)
2522 s->bs = hd0->bdrv;
2523 if (i == 1 && hd1)
2524 s->bs = hd1->bdrv;
e268ca52 2525 s->io_buffer = qemu_blockalign(s->bs, IDE_DMA_BUF_SECTORS*512 + 4);
5391d806
FB		 2526 if (s->bs) {
2527 bdrv_get_geometry(s->bs, &nb_sectors);
f3d54fc4
AL		 2528 bdrv_guess_geometry(s->bs, &cylinders, &heads, &secs);
2529 s->cylinders = cylinders;
2530 s->heads = heads;
2531 s->sectors = secs;
5391d806 2532 s->nb_sectors = nb_sectors;
e8b54394
BW		 2533 /* The SMART values should be preserved across power cycles
2534 but they aren't. */
2535 s->smart_enabled = 1;
2536 s->smart_autosave = 1;
2537 s->smart_errors = 0;
2538 s->smart_selftest_count = 0;
2539 s->smart_selftest_data = qemu_blockalign(s->bs, 512);
caed8802
FB		 2540 if (bdrv_get_type_hint(s->bs) == BDRV_TYPE_CDROM) {
2541 s->is_cdrom = 1;
bd491d6a 2542 bdrv_set_change_cb(s->bs, cdrom_change_cb, s);
5391d806
FB		 2543 }
2544 }
aedf5382 2545 s->drive_serial = drive_serial++;
fa879c64
AL		 2546 strncpy(s->drive_serial_str, drive_get_serial(s->bs),
2547 sizeof(s->drive_serial_str));
2548 if (strlen(s->drive_serial_str) == 0)
2549 snprintf(s->drive_serial_str, sizeof(s->drive_serial_str),
2550 "QM%05d", s->drive_serial);
caed8802 2551 s->irq = irq;
5fafdf24 2552 s->sector_write_timer = qemu_new_timer(vm_clock,
a09db21f 2553 ide_sector_write_timer_cb, s);
5391d806
FB		 2554 ide_reset(s);
2555 }
69b91039
FB		 2556}
2557
356721ae 2558void ide_init_ioport(IDEBus *bus, int iobase, int iobase2)
69b91039 2559{
bcbdc4d3
GH		 2560 register_ioport_write(iobase, 8, 1, ide_ioport_write, bus);
2561 register_ioport_read(iobase, 8, 1, ide_ioport_read, bus);
caed8802 2562 if (iobase2) {
bcbdc4d3
GH		 2563 register_ioport_read(iobase2, 1, 1, ide_status_read, bus);
2564 register_ioport_write(iobase2, 1, 1, ide_cmd_write, bus);
5391d806 2565 }
3b46e624 2566
caed8802 2567 /* data ports */
bcbdc4d3
GH		 2568 register_ioport_write(iobase, 2, 2, ide_data_writew, bus);
2569 register_ioport_read(iobase, 2, 2, ide_data_readw, bus);
2570 register_ioport_write(iobase, 4, 4, ide_data_writel, bus);
2571 register_ioport_read(iobase, 4, 4, ide_data_readl, bus);
5391d806 2572}
69b91039 2573
aa941b94 2574/* save per IDE drive data */
356721ae 2575void ide_save(QEMUFile* f, IDEState *s)
aa941b94 2576{
bee8d684
TS		 2577 qemu_put_be32(f, s->mult_sectors);
2578 qemu_put_be32(f, s->identify_set);
aa941b94
AZ		 2579 if (s->identify_set) {
2580 qemu_put_buffer(f, (const uint8_t *)s->identify_data, 512);
2581 }
2582 qemu_put_8s(f, &s->feature);
2583 qemu_put_8s(f, &s->error);
2584 qemu_put_be32s(f, &s->nsector);
2585 qemu_put_8s(f, &s->sector);
2586 qemu_put_8s(f, &s->lcyl);
2587 qemu_put_8s(f, &s->hcyl);
2588 qemu_put_8s(f, &s->hob_feature);
2589 qemu_put_8s(f, &s->hob_nsector);
2590 qemu_put_8s(f, &s->hob_sector);
2591 qemu_put_8s(f, &s->hob_lcyl);
2592 qemu_put_8s(f, &s->hob_hcyl);
2593 qemu_put_8s(f, &s->select);
2594 qemu_put_8s(f, &s->status);
2595 qemu_put_8s(f, &s->lba48);
2596
2597 qemu_put_8s(f, &s->sense_key);
2598 qemu_put_8s(f, &s->asc);
0bf5e443 2599 qemu_put_8s(f, &s->cdrom_changed);
aa941b94
AZ		 2600 /* XXX: if a transfer is pending, we do not save it yet */
2601}
2602
2603/* load per IDE drive data */
356721ae 2604void ide_load(QEMUFile* f, IDEState *s, int version_id)
aa941b94 2605{
bee8d684
TS		 2606 s->mult_sectors=qemu_get_be32(f);
2607 s->identify_set=qemu_get_be32(f);
aa941b94
AZ		 2608 if (s->identify_set) {
2609 qemu_get_buffer(f, (uint8_t *)s->identify_data, 512);
2610 }
2611 qemu_get_8s(f, &s->feature);
2612 qemu_get_8s(f, &s->error);
2613 qemu_get_be32s(f, &s->nsector);
2614 qemu_get_8s(f, &s->sector);
2615 qemu_get_8s(f, &s->lcyl);
2616 qemu_get_8s(f, &s->hcyl);
2617 qemu_get_8s(f, &s->hob_feature);
2618 qemu_get_8s(f, &s->hob_nsector);
2619 qemu_get_8s(f, &s->hob_sector);
2620 qemu_get_8s(f, &s->hob_lcyl);
2621 qemu_get_8s(f, &s->hob_hcyl);
2622 qemu_get_8s(f, &s->select);
2623 qemu_get_8s(f, &s->status);
2624 qemu_get_8s(f, &s->lba48);
2625
2626 qemu_get_8s(f, &s->sense_key);
2627 qemu_get_8s(f, &s->asc);
93c8cfd9
GN		 2628 if (version_id == 3) {
2629 qemu_get_8s(f, &s->cdrom_changed);
2630 } else {
2631 if (s->sense_key == SENSE_UNIT_ATTENTION &&
2632 s->asc == ASC_MEDIUM_MAY_HAVE_CHANGED)
2633 s->cdrom_changed = 1;
2634 }
aa941b94
AZ		 2635 /* XXX: if a transfer is pending, we do not save it yet */
2636}
2637
356721ae 2638void idebus_save(QEMUFile* f, IDEBus *bus)
bcbdc4d3
GH		 2639{
2640 IDEState *s = idebus_active_if(bus);
2641 qemu_put_8s(f, &s->cmd);
2642 qemu_put_8s(f, &bus->unit);
2643}
2644
356721ae 2645void idebus_load(QEMUFile* f, IDEBus *bus, int version_id)
bcbdc4d3
GH		 2646{
2647 IDEState *s;
2648 uint8_t cmd;
2649
2650 qemu_get_8s(f, &cmd);
2651 qemu_get_8s(f, &bus->unit);
2652 s = idebus_active_if(bus);
2653 s->cmd = cmd;
2654}
2655
69b91039
FB		 2656/***********************************************************/
2657/* PCI IDE definitions */
2658
8ccad811 2659static void ide_dma_start(IDEState *s, BlockDriverCompletionFunc *dma_cb)
98087450 2660{
bcbdc4d3 2661 BMDMAState *bm = s->bus->bmdma;
98087450
FB		 2662 if(!bm)
2663 return;
bcbdc4d3 2664 bm->unit = s->unit;
98087450 2665 bm->dma_cb = dma_cb;
8ccad811
FB		 2666 bm->cur_prd_last = 0;
2667 bm->cur_prd_addr = 0;
2668 bm->cur_prd_len = 0;
428c5705
AL		 2669 bm->sector_num = ide_get_sector(s);
2670 bm->nsector = s->nsector;
98087450 2671 if (bm->status & BM_STATUS_DMAING) {
8ccad811 2672 bm->dma_cb(bm, 0);
98087450
FB		 2673 }
2674}
2675
428c5705
AL		 2676static void ide_dma_restart(IDEState *s)
2677{
bcbdc4d3 2678 BMDMAState *bm = s->bus->bmdma;
428c5705
AL		 2679 ide_set_sector(s, bm->sector_num);
2680 s->io_buffer_index = 0;
2681 s->io_buffer_size = 0;
2682 s->nsector = bm->nsector;
2683 bm->cur_addr = bm->addr;
2684 bm->dma_cb = ide_write_dma_cb;
2685 ide_dma_start(s, bm->dma_cb);
2686}
2687
356721ae 2688void ide_dma_cancel(BMDMAState *bm)
72c7b06c
AL		 2689{
2690 if (bm->status & BM_STATUS_DMAING) {
2691 bm->status &= ~BM_STATUS_DMAING;
2692 /* cancel DMA request */
bcbdc4d3 2693 bm->unit = -1;
72c7b06c
AL		 2694 bm->dma_cb = NULL;
2695 if (bm->aiocb) {
2696#ifdef DEBUG_AIO
2697 printf("aio_cancel\n");
2698#endif
2699 bdrv_aio_cancel(bm->aiocb);
2700 bm->aiocb = NULL;
2701 }
2702 }
2703}
2704
Qemu copy for testing