]> git.proxmox.com Git - qemu.git/blame - hw/ide.c
projects / qemu.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Kill broken host register definitions, thanks to Paul Brook and Herve
[qemu.git] / hw / ide.c
CommitLineData
5391d806
FB		 1/*
2 * QEMU IDE disk and CD-ROM Emulator
3 *
4 * Copyright (c) 2003 Fabrice Bellard
5 *
6 * Permission is hereby granted, free of charge, to any person obtaining a copy
7 * of this software and associated documentation files (the "Software"), to deal
8 * in the Software without restriction, including without limitation the rights
9 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
10 * copies of the Software, and to permit persons to whom the Software is
11 * furnished to do so, subject to the following conditions:
12 *
13 * The above copyright notice and this permission notice shall be included in
14 * all copies or substantial portions of the Software.
15 *
16 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
17 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
18 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
19 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
20 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
21 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
22 * THE SOFTWARE.
23 */
5391d806
FB		 24#include "vl.h"
25
5391d806
FB		 26/* debug IDE devices */
27//#define DEBUG_IDE
28//#define DEBUG_IDE_ATAPI
8ccad811
FB		 29//#define DEBUG_AIO
30#define USE_DMA_CDROM
5391d806
FB		 31
32/* Bits of HD_STATUS */
33#define ERR_STAT 0x01
34#define INDEX_STAT 0x02
35#define ECC_STAT 0x04 /* Corrected error */
36#define DRQ_STAT 0x08
37#define SEEK_STAT 0x10
38#define SRV_STAT 0x10
39#define WRERR_STAT 0x20
40#define READY_STAT 0x40
41#define BUSY_STAT 0x80
42
43/* Bits for HD_ERROR */
44#define MARK_ERR 0x01 /* Bad address mark */
45#define TRK0_ERR 0x02 /* couldn't find track 0 */
46#define ABRT_ERR 0x04 /* Command aborted */
47#define MCR_ERR 0x08 /* media change request */
48#define ID_ERR 0x10 /* ID field not found */
49#define MC_ERR 0x20 /* media changed */
50#define ECC_ERR 0x40 /* Uncorrectable ECC error */
51#define BBD_ERR 0x80 /* pre-EIDE meaning: block marked bad */
52#define ICRC_ERR 0x80 /* new meaning: CRC error during transfer */
53
54/* Bits of HD_NSECTOR */
55#define CD 0x01
56#define IO 0x02
57#define REL 0x04
58#define TAG_MASK 0xf8
59
60#define IDE_CMD_RESET 0x04
61#define IDE_CMD_DISABLE_IRQ 0x02
62
63/* ATA/ATAPI Commands pre T13 Spec */
64#define WIN_NOP 0x00
65/*
66 * 0x01->0x02 Reserved
67 */
68#define CFA_REQ_EXT_ERROR_CODE 0x03 /* CFA Request Extended Error Code */
69/*
70 * 0x04->0x07 Reserved
71 */
72#define WIN_SRST 0x08 /* ATAPI soft reset command */
73#define WIN_DEVICE_RESET 0x08
74/*
75 * 0x09->0x0F Reserved
76 */
77#define WIN_RECAL 0x10
78#define WIN_RESTORE WIN_RECAL
79/*
80 * 0x10->0x1F Reserved
81 */
82#define WIN_READ 0x20 /* 28-Bit */
83#define WIN_READ_ONCE 0x21 /* 28-Bit without retries */
84#define WIN_READ_LONG 0x22 /* 28-Bit */
85#define WIN_READ_LONG_ONCE 0x23 /* 28-Bit without retries */
86#define WIN_READ_EXT 0x24 /* 48-Bit */
87#define WIN_READDMA_EXT 0x25 /* 48-Bit */
88#define WIN_READDMA_QUEUED_EXT 0x26 /* 48-Bit */
89#define WIN_READ_NATIVE_MAX_EXT 0x27 /* 48-Bit */
90/*
91 * 0x28
92 */
93#define WIN_MULTREAD_EXT 0x29 /* 48-Bit */
94/*
95 * 0x2A->0x2F Reserved
96 */
97#define WIN_WRITE 0x30 /* 28-Bit */
98#define WIN_WRITE_ONCE 0x31 /* 28-Bit without retries */
99#define WIN_WRITE_LONG 0x32 /* 28-Bit */
100#define WIN_WRITE_LONG_ONCE 0x33 /* 28-Bit without retries */
101#define WIN_WRITE_EXT 0x34 /* 48-Bit */
102#define WIN_WRITEDMA_EXT 0x35 /* 48-Bit */
103#define WIN_WRITEDMA_QUEUED_EXT 0x36 /* 48-Bit */
104#define WIN_SET_MAX_EXT 0x37 /* 48-Bit */
105#define CFA_WRITE_SECT_WO_ERASE 0x38 /* CFA Write Sectors without erase */
106#define WIN_MULTWRITE_EXT 0x39 /* 48-Bit */
107/*
108 * 0x3A->0x3B Reserved
109 */
110#define WIN_WRITE_VERIFY 0x3C /* 28-Bit */
111/*
112 * 0x3D->0x3F Reserved
113 */
114#define WIN_VERIFY 0x40 /* 28-Bit - Read Verify Sectors */
115#define WIN_VERIFY_ONCE 0x41 /* 28-Bit - without retries */
116#define WIN_VERIFY_EXT 0x42 /* 48-Bit */
117/*
118 * 0x43->0x4F Reserved
119 */
120#define WIN_FORMAT 0x50
121/*
122 * 0x51->0x5F Reserved
123 */
124#define WIN_INIT 0x60
125/*
126 * 0x61->0x5F Reserved
127 */
128#define WIN_SEEK 0x70 /* 0x70-0x7F Reserved */
129#define CFA_TRANSLATE_SECTOR 0x87 /* CFA Translate Sector */
130#define WIN_DIAGNOSE 0x90
131#define WIN_SPECIFY 0x91 /* set drive geometry translation */
132#define WIN_DOWNLOAD_MICROCODE 0x92
133#define WIN_STANDBYNOW2 0x94
134#define WIN_STANDBY2 0x96
135#define WIN_SETIDLE2 0x97
136#define WIN_CHECKPOWERMODE2 0x98
137#define WIN_SLEEPNOW2 0x99
138/*
139 * 0x9A VENDOR
140 */
141#define WIN_PACKETCMD 0xA0 /* Send a packet command. */
142#define WIN_PIDENTIFY 0xA1 /* identify ATAPI device */
143#define WIN_QUEUED_SERVICE 0xA2
144#define WIN_SMART 0xB0 /* self-monitoring and reporting */
145#define CFA_ERASE_SECTORS 0xC0
146#define WIN_MULTREAD 0xC4 /* read sectors using multiple mode*/
147#define WIN_MULTWRITE 0xC5 /* write sectors using multiple mode */
148#define WIN_SETMULT 0xC6 /* enable/disable multiple mode */
149#define WIN_READDMA_QUEUED 0xC7 /* read sectors using Queued DMA transfers */
150#define WIN_READDMA 0xC8 /* read sectors using DMA transfers */
151#define WIN_READDMA_ONCE 0xC9 /* 28-Bit - without retries */
152#define WIN_WRITEDMA 0xCA /* write sectors using DMA transfers */
153#define WIN_WRITEDMA_ONCE 0xCB /* 28-Bit - without retries */
154#define WIN_WRITEDMA_QUEUED 0xCC /* write sectors using Queued DMA transfers */
155#define CFA_WRITE_MULTI_WO_ERASE 0xCD /* CFA Write multiple without erase */
156#define WIN_GETMEDIASTATUS 0xDA
157#define WIN_ACKMEDIACHANGE 0xDB /* ATA-1, ATA-2 vendor */
158#define WIN_POSTBOOT 0xDC
159#define WIN_PREBOOT 0xDD
160#define WIN_DOORLOCK 0xDE /* lock door on removable drives */
161#define WIN_DOORUNLOCK 0xDF /* unlock door on removable drives */
162#define WIN_STANDBYNOW1 0xE0
163#define WIN_IDLEIMMEDIATE 0xE1 /* force drive to become "ready" */
164#define WIN_STANDBY 0xE2 /* Set device in Standby Mode */
165#define WIN_SETIDLE1 0xE3
166#define WIN_READ_BUFFER 0xE4 /* force read only 1 sector */
167#define WIN_CHECKPOWERMODE1 0xE5
168#define WIN_SLEEPNOW1 0xE6
169#define WIN_FLUSH_CACHE 0xE7
170#define WIN_WRITE_BUFFER 0xE8 /* force write only 1 sector */
171#define WIN_WRITE_SAME 0xE9 /* read ata-2 to use */
172 /* SET_FEATURES 0x22 or 0xDD */
173#define WIN_FLUSH_CACHE_EXT 0xEA /* 48-Bit */
174#define WIN_IDENTIFY 0xEC /* ask drive to identify itself */
175#define WIN_MEDIAEJECT 0xED
176#define WIN_IDENTIFY_DMA 0xEE /* same as WIN_IDENTIFY, but DMA */
177#define WIN_SETFEATURES 0xEF /* set special drive features */
178#define EXABYTE_ENABLE_NEST 0xF0
179#define WIN_SECURITY_SET_PASS 0xF1
180#define WIN_SECURITY_UNLOCK 0xF2
181#define WIN_SECURITY_ERASE_PREPARE 0xF3
182#define WIN_SECURITY_ERASE_UNIT 0xF4
183#define WIN_SECURITY_FREEZE_LOCK 0xF5
184#define WIN_SECURITY_DISABLE 0xF6
185#define WIN_READ_NATIVE_MAX 0xF8 /* return the native maximum address */
186#define WIN_SET_MAX 0xF9
187#define DISABLE_SEAGATE 0xFB
188
189/* set to 1 set disable mult support */
f66723fa 190#define MAX_MULT_SECTORS 16
5391d806
FB		 191
192/* ATAPI defines */
193
194#define ATAPI_PACKET_SIZE 12
195
196/* The generic packet command opcodes for CD/DVD Logical Units,
197 * From Table 57 of the SFF8090 Ver. 3 (Mt. Fuji) draft standard. */
198#define GPCMD_BLANK 0xa1
199#define GPCMD_CLOSE_TRACK 0x5b
200#define GPCMD_FLUSH_CACHE 0x35
201#define GPCMD_FORMAT_UNIT 0x04
202#define GPCMD_GET_CONFIGURATION 0x46
203#define GPCMD_GET_EVENT_STATUS_NOTIFICATION 0x4a
204#define GPCMD_GET_PERFORMANCE 0xac
205#define GPCMD_INQUIRY 0x12
206#define GPCMD_LOAD_UNLOAD 0xa6
207#define GPCMD_MECHANISM_STATUS 0xbd
208#define GPCMD_MODE_SELECT_10 0x55
209#define GPCMD_MODE_SENSE_10 0x5a
210#define GPCMD_PAUSE_RESUME 0x4b
211#define GPCMD_PLAY_AUDIO_10 0x45
212#define GPCMD_PLAY_AUDIO_MSF 0x47
213#define GPCMD_PLAY_AUDIO_TI 0x48
214#define GPCMD_PLAY_CD 0xbc
215#define GPCMD_PREVENT_ALLOW_MEDIUM_REMOVAL 0x1e
216#define GPCMD_READ_10 0x28
217#define GPCMD_READ_12 0xa8
218#define GPCMD_READ_CDVD_CAPACITY 0x25
219#define GPCMD_READ_CD 0xbe
220#define GPCMD_READ_CD_MSF 0xb9
221#define GPCMD_READ_DISC_INFO 0x51
222#define GPCMD_READ_DVD_STRUCTURE 0xad
223#define GPCMD_READ_FORMAT_CAPACITIES 0x23
224#define GPCMD_READ_HEADER 0x44
225#define GPCMD_READ_TRACK_RZONE_INFO 0x52
226#define GPCMD_READ_SUBCHANNEL 0x42
227#define GPCMD_READ_TOC_PMA_ATIP 0x43
228#define GPCMD_REPAIR_RZONE_TRACK 0x58
229#define GPCMD_REPORT_KEY 0xa4
230#define GPCMD_REQUEST_SENSE 0x03
231#define GPCMD_RESERVE_RZONE_TRACK 0x53
232#define GPCMD_SCAN 0xba
233#define GPCMD_SEEK 0x2b
234#define GPCMD_SEND_DVD_STRUCTURE 0xad
235#define GPCMD_SEND_EVENT 0xa2
236#define GPCMD_SEND_KEY 0xa3
237#define GPCMD_SEND_OPC 0x54
238#define GPCMD_SET_READ_AHEAD 0xa7
239#define GPCMD_SET_STREAMING 0xb6
240#define GPCMD_START_STOP_UNIT 0x1b
241#define GPCMD_STOP_PLAY_SCAN 0x4e
242#define GPCMD_TEST_UNIT_READY 0x00
243#define GPCMD_VERIFY_10 0x2f
244#define GPCMD_WRITE_10 0x2a
245#define GPCMD_WRITE_AND_VERIFY_10 0x2e
246/* This is listed as optional in ATAPI 2.6, but is (curiously)
247 * missing from Mt. Fuji, Table 57. It _is_ mentioned in Mt. Fuji
248 * Table 377 as an MMC command for SCSi devices though... Most ATAPI
249 * drives support it. */
250#define GPCMD_SET_SPEED 0xbb
251/* This seems to be a SCSI specific CD-ROM opcode
252 * to play data at track/index */
253#define GPCMD_PLAYAUDIO_TI 0x48
254/*
255 * From MS Media Status Notification Support Specification. For
256 * older drives only.
257 */
258#define GPCMD_GET_MEDIA_STATUS 0xda
259
260/* Mode page codes for mode sense/set */
261#define GPMODE_R_W_ERROR_PAGE 0x01
262#define GPMODE_WRITE_PARMS_PAGE 0x05
263#define GPMODE_AUDIO_CTL_PAGE 0x0e
264#define GPMODE_POWER_PAGE 0x1a
265#define GPMODE_FAULT_FAIL_PAGE 0x1c
266#define GPMODE_TO_PROTECT_PAGE 0x1d
267#define GPMODE_CAPABILITIES_PAGE 0x2a
268#define GPMODE_ALL_PAGES 0x3f
269/* Not in Mt. Fuji, but in ATAPI 2.6 -- depricated now in favor
270 * of MODE_SENSE_POWER_PAGE */
271#define GPMODE_CDROM_PAGE 0x0d
272
273#define ATAPI_INT_REASON_CD 0x01 /* 0 = data transfer */
274#define ATAPI_INT_REASON_IO 0x02 /* 1 = transfer to the host */
275#define ATAPI_INT_REASON_REL 0x04
276#define ATAPI_INT_REASON_TAG 0xf8
277
278/* same constants as bochs */
7f777bf3 279#define ASC_ILLEGAL_OPCODE 0x20
5391d806
FB		 280#define ASC_LOGICAL_BLOCK_OOR 0x21
281#define ASC_INV_FIELD_IN_CMD_PACKET 0x24
282#define ASC_MEDIUM_NOT_PRESENT 0x3a
283#define ASC_SAVING_PARAMETERS_NOT_SUPPORTED 0x39
284
285#define SENSE_NONE 0
286#define SENSE_NOT_READY 2
287#define SENSE_ILLEGAL_REQUEST 5
288#define SENSE_UNIT_ATTENTION 6
289
290struct IDEState;
291
292typedef void EndTransferFunc(struct IDEState *);
293
caed8802 294/* NOTE: IDEState represents in fact one drive */
5391d806
FB		 295typedef struct IDEState {
296 /* ide config */
297 int is_cdrom;
5391d806
FB		 298 int cylinders, heads, sectors;
299 int64_t nb_sectors;
300 int mult_sectors;
94458802
FB		 301 int identify_set;
302 uint16_t identify_data[256];
d537cf6c 303 qemu_irq irq;
34e538ae 304 PCIDevice *pci_dev;
98087450 305 struct BMDMAState *bmdma;
aedf5382 306 int drive_serial;
5391d806
FB		 307 /* ide regs */
308 uint8_t feature;
309 uint8_t error;
c2ff060f 310 uint32_t nsector;
5391d806
FB		 311 uint8_t sector;
312 uint8_t lcyl;
313 uint8_t hcyl;
c2ff060f
FB		 314 /* other part of tf for lba48 support */
315 uint8_t hob_feature;
316 uint8_t hob_nsector;
317 uint8_t hob_sector;
318 uint8_t hob_lcyl;
319 uint8_t hob_hcyl;
320
5391d806
FB		 321 uint8_t select;
322 uint8_t status;
c2ff060f 323
5391d806
FB		 324 /* 0x3f6 command, only meaningful for drive 0 */
325 uint8_t cmd;
c2ff060f
FB		 326 /* set for lba48 access */
327 uint8_t lba48;
5391d806
FB		 328 /* depends on bit 4 in select, only meaningful for drive 0 */
329 struct IDEState *cur_drive;
330 BlockDriverState *bs;
331 /* ATAPI specific */
332 uint8_t sense_key;
333 uint8_t asc;
334 int packet_transfer_size;
335 int elementary_transfer_size;
336 int io_buffer_index;
337 int lba;
98087450
FB		 338 int cd_sector_size;
339 int atapi_dma; /* true if dma is requested for the packet cmd */
340 /* ATA DMA state */
341 int io_buffer_size;
342 /* PIO transfer handling */
5391d806
FB		 343 int req_nb_sectors; /* number of sectors per interrupt */
344 EndTransferFunc *end_transfer_func;
345 uint8_t *data_ptr;
346 uint8_t *data_end;
347 uint8_t io_buffer[MAX_MULT_SECTORS*512 + 4];
a09db21f 348 QEMUTimer *sector_write_timer; /* only used for win2k instal hack */
e774a278 349 uint32_t irq_count; /* counts IRQs when using win2k install hack */
5391d806
FB		 350} IDEState;
351
98087450
FB		 352#define BM_STATUS_DMAING 0x01
353#define BM_STATUS_ERROR 0x02
354#define BM_STATUS_INT 0x04
355
356#define BM_CMD_START 0x01
357#define BM_CMD_READ 0x08
358
5457c8ce
FB		 359#define IDE_TYPE_PIIX3 0
360#define IDE_TYPE_CMD646 1
361
362/* CMD646 specific */
363#define MRDMODE 0x71
364#define MRDMODE_INTR_CH0 0x04
365#define MRDMODE_INTR_CH1 0x08
366#define MRDMODE_BLK_CH0 0x10
367#define MRDMODE_BLK_CH1 0x20
368#define UDIDETCR0 0x73
369#define UDIDETCR1 0x7B
370
98087450
FB		 371typedef struct BMDMAState {
372 uint8_t cmd;
373 uint8_t status;
374 uint32_t addr;
8ccad811 375
5457c8ce 376 struct PCIIDEState *pci_dev;
98087450 377 /* current transfer state */
8ccad811
FB		 378 uint32_t cur_addr;
379 uint32_t cur_prd_last;
380 uint32_t cur_prd_addr;
381 uint32_t cur_prd_len;
98087450 382 IDEState *ide_if;
8ccad811
FB		 383 BlockDriverCompletionFunc *dma_cb;
384 BlockDriverAIOCB *aiocb;
98087450
FB		 385} BMDMAState;
386
387typedef struct PCIIDEState {
388 PCIDevice dev;
389 IDEState ide_if[4];
390 BMDMAState bmdma[2];
5457c8ce 391 int type; /* see IDE_TYPE_xxx */
98087450
FB		 392} PCIIDEState;
393
8ccad811 394static void ide_dma_start(IDEState *s, BlockDriverCompletionFunc *dma_cb);
5f12ab4b 395static void ide_atapi_cmd_read_dma_cb(void *opaque, int ret);
98087450 396
5391d806
FB		 397static void padstr(char *str, const char *src, int len)
398{
399 int i, v;
400 for(i = 0; i < len; i++) {
401 if (*src)
402 v = *src++;
403 else
404 v = ' ';
405 *(char *)((long)str ^ 1) = v;
406 str++;
407 }
408}
409
bd0d90b2
FB		 410static void padstr8(uint8_t *buf, int buf_size, const char *src)
411{
412 int i;
413 for(i = 0; i < buf_size; i++) {
414 if (*src)
415 buf[i] = *src++;
416 else
417 buf[i] = ' ';
418 }
419}
420
67b915a5
FB		 421static void put_le16(uint16_t *p, unsigned int v)
422{
0c4ad8dc 423 *p = cpu_to_le16(v);
67b915a5
FB		 424}
425
5391d806
FB		 426static void ide_identify(IDEState *s)
427{
428 uint16_t *p;
429 unsigned int oldsize;
aedf5382 430 char buf[20];
5391d806 431
94458802
FB		 432 if (s->identify_set) {
433 memcpy(s->io_buffer, s->identify_data, sizeof(s->identify_data));
434 return;
435 }
436
5391d806
FB		 437 memset(s->io_buffer, 0, 512);
438 p = (uint16_t *)s->io_buffer;
67b915a5
FB		 439 put_le16(p + 0, 0x0040);
440 put_le16(p + 1, s->cylinders);
441 put_le16(p + 3, s->heads);
442 put_le16(p + 4, 512 * s->sectors); /* XXX: retired, remove ? */
443 put_le16(p + 5, 512); /* XXX: retired, remove ? */
444 put_le16(p + 6, s->sectors);
aedf5382
FB		 445 snprintf(buf, sizeof(buf), "QM%05d", s->drive_serial);
446 padstr((uint8_t *)(p + 10), buf, 20); /* serial number */
67b915a5
FB		 447 put_le16(p + 20, 3); /* XXX: retired, remove ? */
448 put_le16(p + 21, 512); /* cache size in sectors */
449 put_le16(p + 22, 4); /* ecc bytes */
5391d806
FB		 450 padstr((uint8_t *)(p + 23), QEMU_VERSION, 8); /* firmware version */
451 padstr((uint8_t *)(p + 27), "QEMU HARDDISK", 40); /* model */
452#if MAX_MULT_SECTORS > 1
67b915a5 453 put_le16(p + 47, 0x8000 | MAX_MULT_SECTORS);
5391d806 454#endif
67b915a5 455 put_le16(p + 48, 1); /* dword I/O */
94458802 456 put_le16(p + 49, (1 << 11) | (1 << 9) | (1 << 8)); /* DMA and LBA supported */
67b915a5
FB		 457 put_le16(p + 51, 0x200); /* PIO transfer cycle */
458 put_le16(p + 52, 0x200); /* DMA transfer cycle */
94458802 459 put_le16(p + 53, 1 | (1 << 1) | (1 << 2)); /* words 54-58,64-70,88 are valid */
67b915a5
FB		 460 put_le16(p + 54, s->cylinders);
461 put_le16(p + 55, s->heads);
462 put_le16(p + 56, s->sectors);
5391d806 463 oldsize = s->cylinders * s->heads * s->sectors;
67b915a5
FB		 464 put_le16(p + 57, oldsize);
465 put_le16(p + 58, oldsize >> 16);
5391d806 466 if (s->mult_sectors)
67b915a5
FB		 467 put_le16(p + 59, 0x100 | s->mult_sectors);
468 put_le16(p + 60, s->nb_sectors);
469 put_le16(p + 61, s->nb_sectors >> 16);
94458802
FB		 470 put_le16(p + 63, 0x07); /* mdma0-2 supported */
471 put_le16(p + 65, 120);
472 put_le16(p + 66, 120);
473 put_le16(p + 67, 120);
474 put_le16(p + 68, 120);
475 put_le16(p + 80, 0xf0); /* ata3 -> ata6 supported */
476 put_le16(p + 81, 0x16); /* conforms to ata5 */
67b915a5 477 put_le16(p + 82, (1 << 14));
c2ff060f
FB		 478 /* 13=flush_cache_ext,12=flush_cache,10=lba48 */
479 put_le16(p + 83, (1 << 14) | (1 << 13) | (1 <<12) | (1 << 10));
67b915a5
FB		 480 put_le16(p + 84, (1 << 14));
481 put_le16(p + 85, (1 << 14));
c2ff060f
FB		 482 /* 13=flush_cache_ext,12=flush_cache,10=lba48 */
483 put_le16(p + 86, (1 << 14) | (1 << 13) | (1 <<12) | (1 << 10));
67b915a5 484 put_le16(p + 87, (1 << 14));
94458802
FB		 485 put_le16(p + 88, 0x3f | (1 << 13)); /* udma5 set and supported */
486 put_le16(p + 93, 1 | (1 << 14) | 0x2000);
c2ff060f
FB		 487 put_le16(p + 100, s->nb_sectors);
488 put_le16(p + 101, s->nb_sectors >> 16);
489 put_le16(p + 102, s->nb_sectors >> 32);
490 put_le16(p + 103, s->nb_sectors >> 48);
94458802
FB		 491
492 memcpy(s->identify_data, p, sizeof(s->identify_data));
493 s->identify_set = 1;
5391d806
FB		 494}
495
496static void ide_atapi_identify(IDEState *s)
497{
498 uint16_t *p;
aedf5382 499 char buf[20];
5391d806 500
94458802
FB		 501 if (s->identify_set) {
502 memcpy(s->io_buffer, s->identify_data, sizeof(s->identify_data));
503 return;
504 }
505
5391d806
FB		 506 memset(s->io_buffer, 0, 512);
507 p = (uint16_t *)s->io_buffer;
508 /* Removable CDROM, 50us response, 12 byte packets */
67b915a5 509 put_le16(p + 0, (2 << 14) | (5 << 8) | (1 << 7) | (2 << 5) | (0 << 0));
aedf5382
FB		 510 snprintf(buf, sizeof(buf), "QM%05d", s->drive_serial);
511 padstr((uint8_t *)(p + 10), buf, 20); /* serial number */
67b915a5
FB		 512 put_le16(p + 20, 3); /* buffer type */
513 put_le16(p + 21, 512); /* cache size in sectors */
514 put_le16(p + 22, 4); /* ecc bytes */
5391d806
FB		 515 padstr((uint8_t *)(p + 23), QEMU_VERSION, 8); /* firmware version */
516 padstr((uint8_t *)(p + 27), "QEMU CD-ROM", 40); /* model */
67b915a5 517 put_le16(p + 48, 1); /* dword I/O (XXX: should not be set on CDROM) */
8ccad811
FB		 518#ifdef USE_DMA_CDROM
519 put_le16(p + 49, 1 << 9 | 1 << 8); /* DMA and LBA supported */
520 put_le16(p + 53, 7); /* words 64-70, 54-58, 88 valid */
521 put_le16(p + 63, 7); /* mdma0-2 supported */
522 put_le16(p + 64, 0x3f); /* PIO modes supported */
523#else
67b915a5
FB		 524 put_le16(p + 49, 1 << 9); /* LBA supported, no DMA */
525 put_le16(p + 53, 3); /* words 64-70, 54-58 valid */
526 put_le16(p + 63, 0x103); /* DMA modes XXX: may be incorrect */
527 put_le16(p + 64, 1); /* PIO modes */
8ccad811 528#endif
67b915a5
FB		 529 put_le16(p + 65, 0xb4); /* minimum DMA multiword tx cycle time */
530 put_le16(p + 66, 0xb4); /* recommended DMA multiword tx cycle time */
531 put_le16(p + 67, 0x12c); /* minimum PIO cycle time without flow control */
532 put_le16(p + 68, 0xb4); /* minimum PIO cycle time with IORDY flow control */
94458802 533
67b915a5
FB		 534 put_le16(p + 71, 30); /* in ns */
535 put_le16(p + 72, 30); /* in ns */
5391d806 536
67b915a5 537 put_le16(p + 80, 0x1e); /* support up to ATA/ATAPI-4 */
8ccad811
FB		 538#ifdef USE_DMA_CDROM
539 put_le16(p + 88, 0x3f | (1 << 13)); /* udma5 set and supported */
540#endif
94458802
FB		 541 memcpy(s->identify_data, p, sizeof(s->identify_data));
542 s->identify_set = 1;
5391d806
FB		 543}
544
545static void ide_set_signature(IDEState *s)
546{
547 s->select &= 0xf0; /* clear head */
548 /* put signature */
549 s->nsector = 1;
550 s->sector = 1;
551 if (s->is_cdrom) {
552 s->lcyl = 0x14;
553 s->hcyl = 0xeb;
554 } else if (s->bs) {
555 s->lcyl = 0;
556 s->hcyl = 0;
557 } else {
558 s->lcyl = 0xff;
559 s->hcyl = 0xff;
560 }
561}
562
563static inline void ide_abort_command(IDEState *s)
564{
565 s->status = READY_STAT | ERR_STAT;
566 s->error = ABRT_ERR;
567}
568
569static inline void ide_set_irq(IDEState *s)
570{
98ff7d30 571 BMDMAState *bm = s->bmdma;
5391d806 572 if (!(s->cmd & IDE_CMD_DISABLE_IRQ)) {
5457c8ce 573 if (bm) {
98ff7d30 574 bm->status |= BM_STATUS_INT;
5457c8ce 575 }
d537cf6c 576 qemu_irq_raise(s->irq);
5391d806
FB		 577 }
578}
579
580/* prepare data transfer and tell what to do after */
581static void ide_transfer_start(IDEState *s, uint8_t *buf, int size,
582 EndTransferFunc *end_transfer_func)
583{
584 s->end_transfer_func = end_transfer_func;
585 s->data_ptr = buf;
586 s->data_end = buf + size;
587 s->status |= DRQ_STAT;
588}
589
590static void ide_transfer_stop(IDEState *s)
591{
592 s->end_transfer_func = ide_transfer_stop;
593 s->data_ptr = s->io_buffer;
594 s->data_end = s->io_buffer;
595 s->status &= ~DRQ_STAT;
596}
597
598static int64_t ide_get_sector(IDEState *s)
599{
600 int64_t sector_num;
601 if (s->select & 0x40) {
602 /* lba */
c2ff060f
FB		 603 if (!s->lba48) {
604 sector_num = ((s->select & 0x0f) << 24) | (s->hcyl << 16) |
605 (s->lcyl << 8) | s->sector;
606 } else {
607 sector_num = ((int64_t)s->hob_hcyl << 40) |
608 ((int64_t) s->hob_lcyl << 32) |
609 ((int64_t) s->hob_sector << 24) |
610 ((int64_t) s->hcyl << 16) |
611 ((int64_t) s->lcyl << 8) | s->sector;
612 }
5391d806
FB		 613 } else {
614 sector_num = ((s->hcyl << 8) | s->lcyl) * s->heads * s->sectors +
c2ff060f 615 (s->select & 0x0f) * s->sectors + (s->sector - 1);
5391d806
FB		 616 }
617 return sector_num;
618}
619
620static void ide_set_sector(IDEState *s, int64_t sector_num)
621{
622 unsigned int cyl, r;
623 if (s->select & 0x40) {
c2ff060f
FB		 624 if (!s->lba48) {
625 s->select = (s->select & 0xf0) | (sector_num >> 24);
626 s->hcyl = (sector_num >> 16);
627 s->lcyl = (sector_num >> 8);
628 s->sector = (sector_num);
629 } else {
630 s->sector = sector_num;
631 s->lcyl = sector_num >> 8;
632 s->hcyl = sector_num >> 16;
633 s->hob_sector = sector_num >> 24;
634 s->hob_lcyl = sector_num >> 32;
635 s->hob_hcyl = sector_num >> 40;
636 }
5391d806
FB		 637 } else {
638 cyl = sector_num / (s->heads * s->sectors);
639 r = sector_num % (s->heads * s->sectors);
640 s->hcyl = cyl >> 8;
641 s->lcyl = cyl;
1b8eb456 642 s->select = (s->select & 0xf0) | ((r / s->sectors) & 0x0f);
5391d806
FB		 643 s->sector = (r % s->sectors) + 1;
644 }
645}
646
647static void ide_sector_read(IDEState *s)
648{
649 int64_t sector_num;
650 int ret, n;
651
652 s->status = READY_STAT | SEEK_STAT;
a136e5a8 653 s->error = 0; /* not needed by IDE spec, but needed by Windows */
5391d806
FB		 654 sector_num = ide_get_sector(s);
655 n = s->nsector;
656 if (n == 0) {
657 /* no more sector to read from disk */
658 ide_transfer_stop(s);
659 } else {
660#if defined(DEBUG_IDE)
661 printf("read sector=%Ld\n", sector_num);
662#endif
663 if (n > s->req_nb_sectors)
664 n = s->req_nb_sectors;
665 ret = bdrv_read(s->bs, sector_num, s->io_buffer, n);
666 ide_transfer_start(s, s->io_buffer, 512 * n, ide_sector_read);
667 ide_set_irq(s);
668 ide_set_sector(s, sector_num + n);
669 s->nsector -= n;
670 }
671}
672
8ccad811
FB		 673/* return 0 if buffer completed */
674static int dma_buf_rw(BMDMAState *bm, int is_write)
98087450 675{
8ccad811
FB		 676 IDEState *s = bm->ide_if;
677 struct {
678 uint32_t addr;
679 uint32_t size;
680 } prd;
681 int l, len;
98087450 682
8ccad811
FB		 683 for(;;) {
684 l = s->io_buffer_size - s->io_buffer_index;
685 if (l <= 0)
686 break;
687 if (bm->cur_prd_len == 0) {
688 /* end of table (with a fail safe of one page) */
689 if (bm->cur_prd_last ||
690 (bm->cur_addr - bm->addr) >= 4096)
691 return 0;
692 cpu_physical_memory_read(bm->cur_addr, (uint8_t *)&prd, 8);
693 bm->cur_addr += 8;
694 prd.addr = le32_to_cpu(prd.addr);
695 prd.size = le32_to_cpu(prd.size);
696 len = prd.size & 0xfffe;
697 if (len == 0)
698 len = 0x10000;
699 bm->cur_prd_len = len;
700 bm->cur_prd_addr = prd.addr;
701 bm->cur_prd_last = (prd.size & 0x80000000);
702 }
703 if (l > bm->cur_prd_len)
704 l = bm->cur_prd_len;
705 if (l > 0) {
706 if (is_write) {
707 cpu_physical_memory_write(bm->cur_prd_addr,
708 s->io_buffer + s->io_buffer_index, l);
709 } else {
710 cpu_physical_memory_read(bm->cur_prd_addr,
711 s->io_buffer + s->io_buffer_index, l);
712 }
713 bm->cur_prd_addr += l;
714 bm->cur_prd_len -= l;
715 s->io_buffer_index += l;
98087450 716 }
98087450 717 }
8ccad811
FB		 718 return 1;
719}
720
721/* XXX: handle errors */
722static void ide_read_dma_cb(void *opaque, int ret)
723{
724 BMDMAState *bm = opaque;
725 IDEState *s = bm->ide_if;
726 int n;
727 int64_t sector_num;
728
729 n = s->io_buffer_size >> 9;
730 sector_num = ide_get_sector(s);
731 if (n > 0) {
732 sector_num += n;
733 ide_set_sector(s, sector_num);
734 s->nsector -= n;
735 if (dma_buf_rw(bm, 1) == 0)
736 goto eot;
737 }
738
739 /* end of transfer ? */
740 if (s->nsector == 0) {
98087450
FB		 741 s->status = READY_STAT | SEEK_STAT;
742 ide_set_irq(s);
8ccad811
FB		 743 eot:
744 bm->status &= ~BM_STATUS_DMAING;
745 bm->status |= BM_STATUS_INT;
746 bm->dma_cb = NULL;
747 bm->ide_if = NULL;
748 bm->aiocb = NULL;
749 return;
98087450 750 }
8ccad811
FB		 751
752 /* launch next transfer */
753 n = s->nsector;
754 if (n > MAX_MULT_SECTORS)
755 n = MAX_MULT_SECTORS;
756 s->io_buffer_index = 0;
757 s->io_buffer_size = n * 512;
758#ifdef DEBUG_AIO
759 printf("aio_read: sector_num=%lld n=%d\n", sector_num, n);
760#endif
761 bm->aiocb = bdrv_aio_read(s->bs, sector_num, s->io_buffer, n,
762 ide_read_dma_cb, bm);
98087450
FB		 763}
764
765static void ide_sector_read_dma(IDEState *s)
766{
8ccad811 767 s->status = READY_STAT | SEEK_STAT | DRQ_STAT | BUSY_STAT;
98087450
FB		 768 s->io_buffer_index = 0;
769 s->io_buffer_size = 0;
770 ide_dma_start(s, ide_read_dma_cb);
771}
772
a09db21f
FB		 773static void ide_sector_write_timer_cb(void *opaque)
774{
775 IDEState *s = opaque;
776 ide_set_irq(s);
777}
778
5391d806
FB		 779static void ide_sector_write(IDEState *s)
780{
781 int64_t sector_num;
782 int ret, n, n1;
783
784 s->status = READY_STAT | SEEK_STAT;
785 sector_num = ide_get_sector(s);
786#if defined(DEBUG_IDE)
787 printf("write sector=%Ld\n", sector_num);
788#endif
789 n = s->nsector;
790 if (n > s->req_nb_sectors)
791 n = s->req_nb_sectors;
792 ret = bdrv_write(s->bs, sector_num, s->io_buffer, n);
793 s->nsector -= n;
794 if (s->nsector == 0) {
292eef5a 795 /* no more sectors to write */
5391d806
FB		 796 ide_transfer_stop(s);
797 } else {
798 n1 = s->nsector;
799 if (n1 > s->req_nb_sectors)
800 n1 = s->req_nb_sectors;
801 ide_transfer_start(s, s->io_buffer, 512 * n1, ide_sector_write);
802 }
803 ide_set_sector(s, sector_num + n);
a09db21f
FB		 804
805#ifdef TARGET_I386
e774a278 806 if (win2k_install_hack && ((++s->irq_count % 16) == 0)) {
a09db21f
FB		 807 /* It seems there is a bug in the Windows 2000 installer HDD
808 IDE driver which fills the disk with empty logs when the
809 IDE write IRQ comes too early. This hack tries to correct
810 that at the expense of slower write performances. Use this
811 option _only_ to install Windows 2000. You must disable it
812 for normal use. */
813 qemu_mod_timer(s->sector_write_timer,
814 qemu_get_clock(vm_clock) + (ticks_per_sec / 1000));
815 } else
816#endif
817 {
818 ide_set_irq(s);
819 }
5391d806
FB		 820}
821
8ccad811
FB		 822/* XXX: handle errors */
823static void ide_write_dma_cb(void *opaque, int ret)
98087450 824{
8ccad811
FB		 825 BMDMAState *bm = opaque;
826 IDEState *s = bm->ide_if;
827 int n;
98087450
FB		 828 int64_t sector_num;
829
8ccad811
FB		 830 n = s->io_buffer_size >> 9;
831 sector_num = ide_get_sector(s);
832 if (n > 0) {
833 sector_num += n;
834 ide_set_sector(s, sector_num);
835 s->nsector -= n;
98087450 836 }
98087450 837
8ccad811
FB		 838 /* end of transfer ? */
839 if (s->nsector == 0) {
840 s->status = READY_STAT | SEEK_STAT;
841 ide_set_irq(s);
842 eot:
843 bm->status &= ~BM_STATUS_DMAING;
844 bm->status |= BM_STATUS_INT;
845 bm->dma_cb = NULL;
846 bm->ide_if = NULL;
847 bm->aiocb = NULL;
848 return;
849 }
850
851 /* launch next transfer */
98087450
FB		 852 n = s->nsector;
853 if (n > MAX_MULT_SECTORS)
854 n = MAX_MULT_SECTORS;
855 s->io_buffer_index = 0;
856 s->io_buffer_size = n * 512;
8ccad811
FB		 857
858 if (dma_buf_rw(bm, 0) == 0)
859 goto eot;
860#ifdef DEBUG_AIO
861 printf("aio_write: sector_num=%lld n=%d\n", sector_num, n);
862#endif
863 bm->aiocb = bdrv_aio_write(s->bs, sector_num, s->io_buffer, n,
864 ide_write_dma_cb, bm);
865}
866
867static void ide_sector_write_dma(IDEState *s)
868{
869 s->status = READY_STAT | SEEK_STAT | DRQ_STAT | BUSY_STAT;
870 s->io_buffer_index = 0;
871 s->io_buffer_size = 0;
98087450
FB		 872 ide_dma_start(s, ide_write_dma_cb);
873}
874
5391d806
FB		 875static void ide_atapi_cmd_ok(IDEState *s)
876{
877 s->error = 0;
878 s->status = READY_STAT;
879 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
880 ide_set_irq(s);
881}
882
883static void ide_atapi_cmd_error(IDEState *s, int sense_key, int asc)
884{
885#ifdef DEBUG_IDE_ATAPI
886 printf("atapi_cmd_error: sense=0x%x asc=0x%x\n", sense_key, asc);
887#endif
888 s->error = sense_key << 4;
889 s->status = READY_STAT | ERR_STAT;
890 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
891 s->sense_key = sense_key;
892 s->asc = asc;
893 ide_set_irq(s);
894}
895
896static inline void cpu_to_ube16(uint8_t *buf, int val)
897{
898 buf[0] = val >> 8;
899 buf[1] = val;
900}
901
902static inline void cpu_to_ube32(uint8_t *buf, unsigned int val)
903{
904 buf[0] = val >> 24;
905 buf[1] = val >> 16;
906 buf[2] = val >> 8;
907 buf[3] = val;
908}
909
910static inline int ube16_to_cpu(const uint8_t *buf)
911{
912 return (buf[0] << 8) | buf[1];
913}
914
915static inline int ube32_to_cpu(const uint8_t *buf)
916{
917 return (buf[0] << 24) | (buf[1] << 16) | (buf[2] << 8) | buf[3];
918}
919
98087450
FB		 920static void lba_to_msf(uint8_t *buf, int lba)
921{
922 lba += 150;
923 buf[0] = (lba / 75) / 60;
924 buf[1] = (lba / 75) % 60;
925 buf[2] = lba % 75;
926}
927
8ccad811
FB		 928static void cd_data_to_raw(uint8_t *buf, int lba)
929{
930 /* sync bytes */
931 buf[0] = 0x00;
932 memset(buf + 1, 0xff, 10);
933 buf[11] = 0x00;
934 buf += 12;
935 /* MSF */
936 lba_to_msf(buf, lba);
937 buf[3] = 0x01; /* mode 1 data */
938 buf += 4;
939 /* data */
940 buf += 2048;
941 /* XXX: ECC not computed */
942 memset(buf, 0, 288);
943}
944
66c6ef76 945static int cd_read_sector(BlockDriverState *bs, int lba, uint8_t *buf,
98087450
FB		 946 int sector_size)
947{
66c6ef76
FB		 948 int ret;
949
98087450
FB		 950 switch(sector_size) {
951 case 2048:
66c6ef76 952 ret = bdrv_read(bs, (int64_t)lba << 2, buf, 4);
98087450
FB		 953 break;
954 case 2352:
66c6ef76
FB		 955 ret = bdrv_read(bs, (int64_t)lba << 2, buf + 16, 4);
956 if (ret < 0)
957 return ret;
8ccad811 958 cd_data_to_raw(buf, lba);
98087450
FB		 959 break;
960 default:
66c6ef76 961 ret = -EIO;
98087450
FB		 962 break;
963 }
66c6ef76
FB		 964 return ret;
965}
966
967static void ide_atapi_io_error(IDEState *s, int ret)
968{
969 /* XXX: handle more errors */
970 if (ret == -ENOMEDIUM) {
971 ide_atapi_cmd_error(s, SENSE_NOT_READY,
972 ASC_MEDIUM_NOT_PRESENT);
973 } else {
974 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
975 ASC_LOGICAL_BLOCK_OOR);
976 }
98087450
FB		 977}
978
5391d806
FB		 979/* The whole ATAPI transfer logic is handled in this function */
980static void ide_atapi_cmd_reply_end(IDEState *s)
981{
66c6ef76 982 int byte_count_limit, size, ret;
5391d806
FB		 983#ifdef DEBUG_IDE_ATAPI
984 printf("reply: tx_size=%d elem_tx_size=%d index=%d\n",
985 s->packet_transfer_size,
986 s->elementary_transfer_size,
987 s->io_buffer_index);
988#endif
989 if (s->packet_transfer_size <= 0) {
990 /* end of transfer */
991 ide_transfer_stop(s);
992 s->status = READY_STAT;
993 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
994 ide_set_irq(s);
995#ifdef DEBUG_IDE_ATAPI
996 printf("status=0x%x\n", s->status);
997#endif
998 } else {
999 /* see if a new sector must be read */
98087450 1000 if (s->lba != -1 && s->io_buffer_index >= s->cd_sector_size) {
66c6ef76
FB		 1001 ret = cd_read_sector(s->bs, s->lba, s->io_buffer, s->cd_sector_size);
1002 if (ret < 0) {
1003 ide_transfer_stop(s);
1004 ide_atapi_io_error(s, ret);
1005 return;
1006 }
5391d806
FB		 1007 s->lba++;
1008 s->io_buffer_index = 0;
1009 }
1010 if (s->elementary_transfer_size > 0) {
1011 /* there are some data left to transmit in this elementary
1012 transfer */
98087450 1013 size = s->cd_sector_size - s->io_buffer_index;
5391d806
FB		 1014 if (size > s->elementary_transfer_size)
1015 size = s->elementary_transfer_size;
1016 ide_transfer_start(s, s->io_buffer + s->io_buffer_index,
1017 size, ide_atapi_cmd_reply_end);
1018 s->packet_transfer_size -= size;
1019 s->elementary_transfer_size -= size;
1020 s->io_buffer_index += size;
1021 } else {
1022 /* a new transfer is needed */
1023 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO;
1024 byte_count_limit = s->lcyl | (s->hcyl << 8);
1025#ifdef DEBUG_IDE_ATAPI
1026 printf("byte_count_limit=%d\n", byte_count_limit);
1027#endif
1028 if (byte_count_limit == 0xffff)
1029 byte_count_limit--;
1030 size = s->packet_transfer_size;
1031 if (size > byte_count_limit) {
1032 /* byte count limit must be even if this case */
1033 if (byte_count_limit & 1)
1034 byte_count_limit--;
1035 size = byte_count_limit;
5391d806 1036 }
a136e5a8
FB		 1037 s->lcyl = size;
1038 s->hcyl = size >> 8;
5391d806
FB		 1039 s->elementary_transfer_size = size;
1040 /* we cannot transmit more than one sector at a time */
1041 if (s->lba != -1) {
98087450
FB		 1042 if (size > (s->cd_sector_size - s->io_buffer_index))
1043 size = (s->cd_sector_size - s->io_buffer_index);
5391d806
FB		 1044 }
1045 ide_transfer_start(s, s->io_buffer + s->io_buffer_index,
1046 size, ide_atapi_cmd_reply_end);
1047 s->packet_transfer_size -= size;
1048 s->elementary_transfer_size -= size;
1049 s->io_buffer_index += size;
1050 ide_set_irq(s);
1051#ifdef DEBUG_IDE_ATAPI
1052 printf("status=0x%x\n", s->status);
1053#endif
1054 }
1055 }
1056}
1057
1058/* send a reply of 'size' bytes in s->io_buffer to an ATAPI command */
1059static void ide_atapi_cmd_reply(IDEState *s, int size, int max_size)
1060{
1061 if (size > max_size)
1062 size = max_size;
1063 s->lba = -1; /* no sector read */
1064 s->packet_transfer_size = size;
5f12ab4b 1065 s->io_buffer_size = size; /* dma: send the reply data as one chunk */
5391d806
FB		 1066 s->elementary_transfer_size = 0;
1067 s->io_buffer_index = 0;
1068
5f12ab4b
TS		 1069 if (s->atapi_dma) {
1070 s->status = READY_STAT | DRQ_STAT;
1071 ide_dma_start(s, ide_atapi_cmd_read_dma_cb);
1072 } else {
1073 s->status = READY_STAT;
1074 ide_atapi_cmd_reply_end(s);
1075 }
5391d806
FB		 1076}
1077
1078/* start a CD-CDROM read command */
98087450
FB		 1079static void ide_atapi_cmd_read_pio(IDEState *s, int lba, int nb_sectors,
1080 int sector_size)
5391d806 1081{
5391d806 1082 s->lba = lba;
98087450 1083 s->packet_transfer_size = nb_sectors * sector_size;
5391d806 1084 s->elementary_transfer_size = 0;
98087450
FB		 1085 s->io_buffer_index = sector_size;
1086 s->cd_sector_size = sector_size;
5391d806
FB		 1087
1088 s->status = READY_STAT;
1089 ide_atapi_cmd_reply_end(s);
1090}
1091
98087450 1092/* ATAPI DMA support */
8ccad811
FB		 1093
1094/* XXX: handle read errors */
1095static void ide_atapi_cmd_read_dma_cb(void *opaque, int ret)
98087450 1096{
8ccad811
FB		 1097 BMDMAState *bm = opaque;
1098 IDEState *s = bm->ide_if;
1099 int data_offset, n;
1100
66c6ef76
FB		 1101 if (ret < 0) {
1102 ide_atapi_io_error(s, ret);
1103 goto eot;
1104 }
1105
8ccad811 1106 if (s->io_buffer_size > 0) {
5f12ab4b
TS		 1107 /*
1108 * For a cdrom read sector command (s->lba != -1),
1109 * adjust the lba for the next s->io_buffer_size chunk
1110 * and dma the current chunk.
1111 * For a command != read (s->lba == -1), just transfer
1112 * the reply data.
1113 */
1114 if (s->lba != -1) {
1115 if (s->cd_sector_size == 2352) {
1116 n = 1;
1117 cd_data_to_raw(s->io_buffer, s->lba);
1118 } else {
1119 n = s->io_buffer_size >> 11;
1120 }
1121 s->lba += n;
1122 }
8ccad811 1123 s->packet_transfer_size -= s->io_buffer_size;
8ccad811
FB		 1124 if (dma_buf_rw(bm, 1) == 0)
1125 goto eot;
98087450 1126 }
8ccad811 1127
98087450
FB		 1128 if (s->packet_transfer_size <= 0) {
1129 s->status = READY_STAT;
1130 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
1131 ide_set_irq(s);
8ccad811
FB		 1132 eot:
1133 bm->status &= ~BM_STATUS_DMAING;
1134 bm->status |= BM_STATUS_INT;
1135 bm->dma_cb = NULL;
1136 bm->ide_if = NULL;
1137 bm->aiocb = NULL;
1138 return;
1139 }
1140
1141 s->io_buffer_index = 0;
1142 if (s->cd_sector_size == 2352) {
1143 n = 1;
1144 s->io_buffer_size = s->cd_sector_size;
1145 data_offset = 16;
1146 } else {
1147 n = s->packet_transfer_size >> 11;
1148 if (n > (MAX_MULT_SECTORS / 4))
1149 n = (MAX_MULT_SECTORS / 4);
1150 s->io_buffer_size = n * 2048;
1151 data_offset = 0;
98087450 1152 }
8ccad811
FB		 1153#ifdef DEBUG_AIO
1154 printf("aio_read_cd: lba=%u n=%d\n", s->lba, n);
1155#endif
1156 bm->aiocb = bdrv_aio_read(s->bs, (int64_t)s->lba << 2,
1157 s->io_buffer + data_offset, n * 4,
1158 ide_atapi_cmd_read_dma_cb, bm);
66c6ef76
FB		 1159 if (!bm->aiocb) {
1160 /* Note: media not present is the most likely case */
1161 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1162 ASC_MEDIUM_NOT_PRESENT);
1163 goto eot;
1164 }
98087450
FB		 1165}
1166
1167/* start a CD-CDROM read command with DMA */
1168/* XXX: test if DMA is available */
1169static void ide_atapi_cmd_read_dma(IDEState *s, int lba, int nb_sectors,
1170 int sector_size)
1171{
1172 s->lba = lba;
1173 s->packet_transfer_size = nb_sectors * sector_size;
8ccad811
FB		 1174 s->io_buffer_index = 0;
1175 s->io_buffer_size = 0;
98087450
FB		 1176 s->cd_sector_size = sector_size;
1177
8ccad811
FB		 1178 /* XXX: check if BUSY_STAT should be set */
1179 s->status = READY_STAT | DRQ_STAT | BUSY_STAT;
98087450
FB		 1180 ide_dma_start(s, ide_atapi_cmd_read_dma_cb);
1181}
1182
1183static void ide_atapi_cmd_read(IDEState *s, int lba, int nb_sectors,
1184 int sector_size)
1185{
1186#ifdef DEBUG_IDE_ATAPI
5f12ab4b
TS		 1187 printf("read %s: LBA=%d nb_sectors=%d\n", s->atapi_dma ? "dma" : "pio",
1188 lba, nb_sectors);
98087450
FB		 1189#endif
1190 if (s->atapi_dma) {
1191 ide_atapi_cmd_read_dma(s, lba, nb_sectors, sector_size);
1192 } else {
1193 ide_atapi_cmd_read_pio(s, lba, nb_sectors, sector_size);
1194 }
1195}
1196
5391d806
FB		 1197static void ide_atapi_cmd(IDEState *s)
1198{
1199 const uint8_t *packet;
1200 uint8_t *buf;
1201 int max_len;
1202
1203 packet = s->io_buffer;
1204 buf = s->io_buffer;
1205#ifdef DEBUG_IDE_ATAPI
1206 {
1207 int i;
1208 printf("ATAPI limit=0x%x packet:", s->lcyl | (s->hcyl << 8));
1209 for(i = 0; i < ATAPI_PACKET_SIZE; i++) {
1210 printf(" %02x", packet[i]);
1211 }
1212 printf("\n");
1213 }
1214#endif
1215 switch(s->io_buffer[0]) {
1216 case GPCMD_TEST_UNIT_READY:
caed8802 1217 if (bdrv_is_inserted(s->bs)) {
5391d806
FB		 1218 ide_atapi_cmd_ok(s);
1219 } else {
1220 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1221 ASC_MEDIUM_NOT_PRESENT);
1222 }
1223 break;
1224 case GPCMD_MODE_SENSE_10:
1225 {
1226 int action, code;
1227 max_len = ube16_to_cpu(packet + 7);
1228 action = packet[2] >> 6;
1229 code = packet[2] & 0x3f;
1230 switch(action) {
1231 case 0: /* current values */
1232 switch(code) {
1233 case 0x01: /* error recovery */
1234 cpu_to_ube16(&buf[0], 16 + 6);
1235 buf[2] = 0x70;
1236 buf[3] = 0;
1237 buf[4] = 0;
1238 buf[5] = 0;
1239 buf[6] = 0;
1240 buf[7] = 0;
1241
1242 buf[8] = 0x01;
1243 buf[9] = 0x06;
1244 buf[10] = 0x00;
1245 buf[11] = 0x05;
1246 buf[12] = 0x00;
1247 buf[13] = 0x00;
1248 buf[14] = 0x00;
1249 buf[15] = 0x00;
1250 ide_atapi_cmd_reply(s, 16, max_len);
1251 break;
1252 case 0x2a:
1253 cpu_to_ube16(&buf[0], 28 + 6);
1254 buf[2] = 0x70;
1255 buf[3] = 0;
1256 buf[4] = 0;
1257 buf[5] = 0;
1258 buf[6] = 0;
1259 buf[7] = 0;
1260
1261 buf[8] = 0x2a;
1262 buf[9] = 0x12;
1263 buf[10] = 0x00;
1264 buf[11] = 0x00;
1265
1266 buf[12] = 0x70;
1267 buf[13] = 3 << 5;
1268 buf[14] = (1 << 0) | (1 << 3) | (1 << 5);
caed8802 1269 if (bdrv_is_locked(s->bs))
5391d806
FB		 1270 buf[6] |= 1 << 1;
1271 buf[15] = 0x00;
1272 cpu_to_ube16(&buf[16], 706);
1273 buf[18] = 0;
1274 buf[19] = 2;
1275 cpu_to_ube16(&buf[20], 512);
1276 cpu_to_ube16(&buf[22], 706);
1277 buf[24] = 0;
1278 buf[25] = 0;
1279 buf[26] = 0;
1280 buf[27] = 0;
1281 ide_atapi_cmd_reply(s, 28, max_len);
1282 break;
1283 default:
1284 goto error_cmd;
1285 }
1286 break;
1287 case 1: /* changeable values */
1288 goto error_cmd;
1289 case 2: /* default values */
1290 goto error_cmd;
1291 default:
1292 case 3: /* saved values */
1293 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1294 ASC_SAVING_PARAMETERS_NOT_SUPPORTED);
1295 break;
1296 }
1297 }
1298 break;
1299 case GPCMD_REQUEST_SENSE:
1300 max_len = packet[4];
1301 memset(buf, 0, 18);
1302 buf[0] = 0x70 | (1 << 7);
1303 buf[2] = s->sense_key;
1304 buf[7] = 10;
1305 buf[12] = s->asc;
1306 ide_atapi_cmd_reply(s, 18, max_len);
1307 break;
1308 case GPCMD_PREVENT_ALLOW_MEDIUM_REMOVAL:
caed8802
FB		 1309 if (bdrv_is_inserted(s->bs)) {
1310 bdrv_set_locked(s->bs, packet[4] & 1);
5391d806
FB		 1311 ide_atapi_cmd_ok(s);
1312 } else {
1313 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1314 ASC_MEDIUM_NOT_PRESENT);
1315 }
1316 break;
1317 case GPCMD_READ_10:
1318 case GPCMD_READ_12:
1319 {
1320 int nb_sectors, lba;
1321
5391d806
FB		 1322 if (packet[0] == GPCMD_READ_10)
1323 nb_sectors = ube16_to_cpu(packet + 7);
1324 else
1325 nb_sectors = ube32_to_cpu(packet + 6);
1326 lba = ube32_to_cpu(packet + 2);
1327 if (nb_sectors == 0) {
1328 ide_atapi_cmd_ok(s);
1329 break;
1330 }
98087450
FB		 1331 ide_atapi_cmd_read(s, lba, nb_sectors, 2048);
1332 }
1333 break;
1334 case GPCMD_READ_CD:
1335 {
1336 int nb_sectors, lba, transfer_request;
1337
98087450
FB		 1338 nb_sectors = (packet[6] << 16) | (packet[7] << 8) | packet[8];
1339 lba = ube32_to_cpu(packet + 2);
1340 if (nb_sectors == 0) {
1341 ide_atapi_cmd_ok(s);
1342 break;
1343 }
98087450
FB		 1344 transfer_request = packet[9];
1345 switch(transfer_request & 0xf8) {
1346 case 0x00:
1347 /* nothing */
1348 ide_atapi_cmd_ok(s);
1349 break;
1350 case 0x10:
1351 /* normal read */
1352 ide_atapi_cmd_read(s, lba, nb_sectors, 2048);
1353 break;
1354 case 0xf8:
1355 /* read all data */
1356 ide_atapi_cmd_read(s, lba, nb_sectors, 2352);
1357 break;
1358 default:
1359 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1360 ASC_INV_FIELD_IN_CMD_PACKET);
1361 break;
1362 }
5391d806
FB		 1363 }
1364 break;
1365 case GPCMD_SEEK:
1366 {
1367 int lba;
66c6ef76
FB		 1368 int64_t total_sectors;
1369
1370 bdrv_get_geometry(s->bs, &total_sectors);
1371 total_sectors >>= 2;
1372 if (total_sectors <= 0) {
5391d806
FB		 1373 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1374 ASC_MEDIUM_NOT_PRESENT);
1375 break;
1376 }
1377 lba = ube32_to_cpu(packet + 2);
66c6ef76 1378 if (lba >= total_sectors) {
5391d806
FB		 1379 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1380 ASC_LOGICAL_BLOCK_OOR);
1381 break;
1382 }
1383 ide_atapi_cmd_ok(s);
1384 }
1385 break;
1386 case GPCMD_START_STOP_UNIT:
1387 {
1388 int start, eject;
1389 start = packet[4] & 1;
1390 eject = (packet[4] >> 1) & 1;
1391
caed8802
FB		 1392 if (eject && !start) {
1393 /* eject the disk */
66c6ef76
FB		 1394 bdrv_eject(s->bs, 1);
1395 } else if (eject && start) {
1396 /* close the tray */
1397 bdrv_eject(s->bs, 0);
caed8802 1398 }
5391d806
FB		 1399 ide_atapi_cmd_ok(s);
1400 }
1401 break;
1402 case GPCMD_MECHANISM_STATUS:
1403 {
1404 max_len = ube16_to_cpu(packet + 8);
1405 cpu_to_ube16(buf, 0);
1406 /* no current LBA */
1407 buf[2] = 0;
1408 buf[3] = 0;
1409 buf[4] = 0;
1410 buf[5] = 1;
1411 cpu_to_ube16(buf + 6, 0);
1412 ide_atapi_cmd_reply(s, 8, max_len);
1413 }
1414 break;
1415 case GPCMD_READ_TOC_PMA_ATIP:
1416 {
1417 int format, msf, start_track, len;
66c6ef76 1418 int64_t total_sectors;
5391d806 1419
66c6ef76
FB		 1420 bdrv_get_geometry(s->bs, &total_sectors);
1421 total_sectors >>= 2;
1422 if (total_sectors <= 0) {
5391d806
FB		 1423 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1424 ASC_MEDIUM_NOT_PRESENT);
1425 break;
1426 }
1427 max_len = ube16_to_cpu(packet + 7);
1428 format = packet[9] >> 6;
1429 msf = (packet[1] >> 1) & 1;
1430 start_track = packet[6];
1431 switch(format) {
1432 case 0:
66c6ef76 1433 len = cdrom_read_toc(total_sectors, buf, msf, start_track);
5391d806
FB		 1434 if (len < 0)
1435 goto error_cmd;
1436 ide_atapi_cmd_reply(s, len, max_len);
1437 break;
1438 case 1:
1439 /* multi session : only a single session defined */
1440 memset(buf, 0, 12);
1441 buf[1] = 0x0a;
1442 buf[2] = 0x01;
1443 buf[3] = 0x01;
1444 ide_atapi_cmd_reply(s, 12, max_len);
1445 break;
98087450 1446 case 2:
66c6ef76 1447 len = cdrom_read_toc_raw(total_sectors, buf, msf, start_track);
98087450
FB		 1448 if (len < 0)
1449 goto error_cmd;
1450 ide_atapi_cmd_reply(s, len, max_len);
1451 break;
5391d806 1452 default:
7f777bf3
FB		 1453 error_cmd:
1454 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1455 ASC_INV_FIELD_IN_CMD_PACKET);
1456 break;
5391d806
FB		 1457 }
1458 }
1459 break;
1460 case GPCMD_READ_CDVD_CAPACITY:
66c6ef76
FB		 1461 {
1462 int64_t total_sectors;
1463
1464 bdrv_get_geometry(s->bs, &total_sectors);
1465 total_sectors >>= 2;
1466 if (total_sectors <= 0) {
1467 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1468 ASC_MEDIUM_NOT_PRESENT);
1469 break;
1470 }
1471 /* NOTE: it is really the number of sectors minus 1 */
1472 cpu_to_ube32(buf, total_sectors - 1);
1473 cpu_to_ube32(buf + 4, 2048);
1474 ide_atapi_cmd_reply(s, 8, 8);
5391d806 1475 }
5391d806 1476 break;
bd0d90b2
FB		 1477 case GPCMD_INQUIRY:
1478 max_len = packet[4];
1479 buf[0] = 0x05; /* CD-ROM */
1480 buf[1] = 0x80; /* removable */
1481 buf[2] = 0x00; /* ISO */
1482 buf[3] = 0x21; /* ATAPI-2 (XXX: put ATAPI-4 ?) */
1483 buf[4] = 31; /* additionnal length */
1484 buf[5] = 0; /* reserved */
1485 buf[6] = 0; /* reserved */
1486 buf[7] = 0; /* reserved */
1487 padstr8(buf + 8, 8, "QEMU");
1488 padstr8(buf + 16, 16, "QEMU CD-ROM");
1489 padstr8(buf + 32, 4, QEMU_VERSION);
1490 ide_atapi_cmd_reply(s, 36, max_len);
1491 break;
5391d806 1492 default:
5391d806 1493 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
7f777bf3 1494 ASC_ILLEGAL_OPCODE);
5391d806
FB		 1495 break;
1496 }
1497}
1498
bd491d6a
TS		 1499/* called when the inserted state of the media has changed */
1500static void cdrom_change_cb(void *opaque)
1501{
1502 IDEState *s = opaque;
1503 int64_t nb_sectors;
1504
1505 /* XXX: send interrupt too */
1506 bdrv_get_geometry(s->bs, &nb_sectors);
1507 s->nb_sectors = nb_sectors;
1508}
1509
c2ff060f
FB		 1510static void ide_cmd_lba48_transform(IDEState *s, int lba48)
1511{
1512 s->lba48 = lba48;
1513
1514 /* handle the 'magic' 0 nsector count conversion here. to avoid
1515 * fiddling with the rest of the read logic, we just store the
1516 * full sector count in ->nsector and ignore ->hob_nsector from now
1517 */
1518 if (!s->lba48) {
1519 if (!s->nsector)
1520 s->nsector = 256;
1521 } else {
1522 if (!s->nsector && !s->hob_nsector)
1523 s->nsector = 65536;
1524 else {
1525 int lo = s->nsector;
1526 int hi = s->hob_nsector;
1527
1528 s->nsector = (hi << 8) | lo;
1529 }
1530 }
1531}
1532
1533static void ide_clear_hob(IDEState *ide_if)
1534{
1535 /* any write clears HOB high bit of device control register */
1536 ide_if[0].select &= ~(1 << 7);
1537 ide_if[1].select &= ~(1 << 7);
1538}
1539
caed8802
FB		 1540static void ide_ioport_write(void *opaque, uint32_t addr, uint32_t val)
1541{
1542 IDEState *ide_if = opaque;
c45c3d00 1543 IDEState *s;
5391d806 1544 int unit, n;
c2ff060f 1545 int lba48 = 0;
5391d806
FB		 1546
1547#ifdef DEBUG_IDE
1548 printf("IDE: write addr=0x%x val=0x%02x\n", addr, val);
1549#endif
c2ff060f 1550
5391d806
FB		 1551 addr &= 7;
1552 switch(addr) {
1553 case 0:
1554 break;
1555 case 1:
c2ff060f 1556 ide_clear_hob(ide_if);
c45c3d00 1557 /* NOTE: data is written to the two drives */
c2ff060f
FB		 1558 ide_if[0].hob_feature = ide_if[0].feature;
1559 ide_if[1].hob_feature = ide_if[1].feature;
c45c3d00
FB		 1560 ide_if[0].feature = val;
1561 ide_if[1].feature = val;
5391d806
FB		 1562 break;
1563 case 2:
c2ff060f
FB		 1564 ide_clear_hob(ide_if);
1565 ide_if[0].hob_nsector = ide_if[0].nsector;
1566 ide_if[1].hob_nsector = ide_if[1].nsector;
c45c3d00
FB		 1567 ide_if[0].nsector = val;
1568 ide_if[1].nsector = val;
5391d806
FB		 1569 break;
1570 case 3:
c2ff060f
FB		 1571 ide_clear_hob(ide_if);
1572 ide_if[0].hob_sector = ide_if[0].sector;
1573 ide_if[1].hob_sector = ide_if[1].sector;
c45c3d00
FB		 1574 ide_if[0].sector = val;
1575 ide_if[1].sector = val;
5391d806
FB		 1576 break;
1577 case 4:
c2ff060f
FB		 1578 ide_clear_hob(ide_if);
1579 ide_if[0].hob_lcyl = ide_if[0].lcyl;
1580 ide_if[1].hob_lcyl = ide_if[1].lcyl;
c45c3d00
FB		 1581 ide_if[0].lcyl = val;
1582 ide_if[1].lcyl = val;
5391d806
FB		 1583 break;
1584 case 5:
c2ff060f
FB		 1585 ide_clear_hob(ide_if);
1586 ide_if[0].hob_hcyl = ide_if[0].hcyl;
1587 ide_if[1].hob_hcyl = ide_if[1].hcyl;
c45c3d00
FB		 1588 ide_if[0].hcyl = val;
1589 ide_if[1].hcyl = val;
5391d806
FB		 1590 break;
1591 case 6:
c2ff060f 1592 /* FIXME: HOB readback uses bit 7 */
7ae98627
FB		 1593 ide_if[0].select = (val & ~0x10) | 0xa0;
1594 ide_if[1].select = (val | 0x10) | 0xa0;
5391d806
FB		 1595 /* select drive */
1596 unit = (val >> 4) & 1;
1597 s = ide_if + unit;
1598 ide_if->cur_drive = s;
5391d806
FB		 1599 break;
1600 default:
1601 case 7:
1602 /* command */
1603#if defined(DEBUG_IDE)
1604 printf("ide: CMD=%02x\n", val);
1605#endif
c45c3d00 1606 s = ide_if->cur_drive;
66201e2d
FB		 1607 /* ignore commands to non existant slave */
1608 if (s != ide_if && !s->bs)
1609 break;
c2ff060f 1610
5391d806
FB		 1611 switch(val) {
1612 case WIN_IDENTIFY:
1613 if (s->bs && !s->is_cdrom) {
1614 ide_identify(s);
2a282056 1615 s->status = READY_STAT | SEEK_STAT;
5391d806
FB		 1616 ide_transfer_start(s, s->io_buffer, 512, ide_transfer_stop);
1617 } else {
1618 if (s->is_cdrom) {
1619 ide_set_signature(s);
1620 }
1621 ide_abort_command(s);
1622 }
1623 ide_set_irq(s);
1624 break;
1625 case WIN_SPECIFY:
1626 case WIN_RECAL:
a136e5a8 1627 s->error = 0;
769bec72 1628 s->status = READY_STAT | SEEK_STAT;
5391d806
FB		 1629 ide_set_irq(s);
1630 break;
1631 case WIN_SETMULT:
39dfc926
TS		 1632 if ((s->nsector & 0xff) != 0 &&
1633 ((s->nsector & 0xff) > MAX_MULT_SECTORS ||
1634 (s->nsector & (s->nsector - 1)) != 0)) {
5391d806
FB		 1635 ide_abort_command(s);
1636 } else {
292eef5a 1637 s->mult_sectors = s->nsector & 0xff;
5391d806
FB		 1638 s->status = READY_STAT;
1639 }
1640 ide_set_irq(s);
1641 break;
c2ff060f
FB		 1642 case WIN_VERIFY_EXT:
1643 lba48 = 1;
4ce900b4
FB		 1644 case WIN_VERIFY:
1645 case WIN_VERIFY_ONCE:
1646 /* do sector number check ? */
c2ff060f 1647 ide_cmd_lba48_transform(s, lba48);
4ce900b4
FB		 1648 s->status = READY_STAT;
1649 ide_set_irq(s);
1650 break;
c2ff060f
FB		 1651 case WIN_READ_EXT:
1652 lba48 = 1;
5391d806
FB		 1653 case WIN_READ:
1654 case WIN_READ_ONCE:
6b136f9e
FB		 1655 if (!s->bs)
1656 goto abort_cmd;
c2ff060f 1657 ide_cmd_lba48_transform(s, lba48);
5391d806
FB		 1658 s->req_nb_sectors = 1;
1659 ide_sector_read(s);
1660 break;
c2ff060f
FB		 1661 case WIN_WRITE_EXT:
1662 lba48 = 1;
5391d806
FB		 1663 case WIN_WRITE:
1664 case WIN_WRITE_ONCE:
c2ff060f 1665 ide_cmd_lba48_transform(s, lba48);
a136e5a8 1666 s->error = 0;
f66723fa 1667 s->status = SEEK_STAT | READY_STAT;
5391d806
FB		 1668 s->req_nb_sectors = 1;
1669 ide_transfer_start(s, s->io_buffer, 512, ide_sector_write);
1670 break;
c2ff060f
FB		 1671 case WIN_MULTREAD_EXT:
1672 lba48 = 1;
5391d806
FB		 1673 case WIN_MULTREAD:
1674 if (!s->mult_sectors)
1675 goto abort_cmd;
c2ff060f 1676 ide_cmd_lba48_transform(s, lba48);
5391d806
FB		 1677 s->req_nb_sectors = s->mult_sectors;
1678 ide_sector_read(s);
1679 break;
c2ff060f
FB		 1680 case WIN_MULTWRITE_EXT:
1681 lba48 = 1;
5391d806
FB		 1682 case WIN_MULTWRITE:
1683 if (!s->mult_sectors)
1684 goto abort_cmd;
c2ff060f 1685 ide_cmd_lba48_transform(s, lba48);
a136e5a8 1686 s->error = 0;
f66723fa 1687 s->status = SEEK_STAT | READY_STAT;
5391d806
FB		 1688 s->req_nb_sectors = s->mult_sectors;
1689 n = s->nsector;
1690 if (n > s->req_nb_sectors)
1691 n = s->req_nb_sectors;
1692 ide_transfer_start(s, s->io_buffer, 512 * n, ide_sector_write);
1693 break;
c2ff060f
FB		 1694 case WIN_READDMA_EXT:
1695 lba48 = 1;
98087450
FB		 1696 case WIN_READDMA:
1697 case WIN_READDMA_ONCE:
1698 if (!s->bs)
1699 goto abort_cmd;
c2ff060f 1700 ide_cmd_lba48_transform(s, lba48);
98087450
FB		 1701 ide_sector_read_dma(s);
1702 break;
c2ff060f
FB		 1703 case WIN_WRITEDMA_EXT:
1704 lba48 = 1;
98087450
FB		 1705 case WIN_WRITEDMA:
1706 case WIN_WRITEDMA_ONCE:
1707 if (!s->bs)
1708 goto abort_cmd;
c2ff060f 1709 ide_cmd_lba48_transform(s, lba48);
98087450
FB		 1710 ide_sector_write_dma(s);
1711 break;
c2ff060f
FB		 1712 case WIN_READ_NATIVE_MAX_EXT:
1713 lba48 = 1;
5391d806 1714 case WIN_READ_NATIVE_MAX:
c2ff060f 1715 ide_cmd_lba48_transform(s, lba48);
5391d806
FB		 1716 ide_set_sector(s, s->nb_sectors - 1);
1717 s->status = READY_STAT;
1718 ide_set_irq(s);
1719 break;
a136e5a8
FB		 1720 case WIN_CHECKPOWERMODE1:
1721 s->nsector = 0xff; /* device active or idle */
1722 s->status = READY_STAT;
1723 ide_set_irq(s);
1724 break;
34e538ae
FB		 1725 case WIN_SETFEATURES:
1726 if (!s->bs)
1727 goto abort_cmd;
1728 /* XXX: valid for CDROM ? */
1729 switch(s->feature) {
e1f63470
TS		 1730 case 0xcc: /* reverting to power-on defaults enable */
1731 case 0x66: /* reverting to power-on defaults disable */
34e538ae
FB		 1732 case 0x02: /* write cache enable */
1733 case 0x82: /* write cache disable */
1734 case 0xaa: /* read look-ahead enable */
1735 case 0x55: /* read look-ahead disable */
e0fe67aa 1736 s->status = READY_STAT | SEEK_STAT;
34e538ae
FB		 1737 ide_set_irq(s);
1738 break;
94458802
FB		 1739 case 0x03: { /* set transfer mode */
1740 uint8_t val = s->nsector & 0x07;
1741
1742 switch (s->nsector >> 3) {
1743 case 0x00: /* pio default */
1744 case 0x01: /* pio mode */
1745 put_le16(s->identify_data + 63,0x07);
1746 put_le16(s->identify_data + 88,0x3f);
1747 break;
1748 case 0x04: /* mdma mode */
1749 put_le16(s->identify_data + 63,0x07 | (1 << (val + 8)));
1750 put_le16(s->identify_data + 88,0x3f);
1751 break;
1752 case 0x08: /* udma mode */
1753 put_le16(s->identify_data + 63,0x07);
1754 put_le16(s->identify_data + 88,0x3f | (1 << (val + 8)));
1755 break;
1756 default:
1757 goto abort_cmd;
1758 }
1759 s->status = READY_STAT | SEEK_STAT;
1760 ide_set_irq(s);
1761 break;
1762 }
34e538ae
FB		 1763 default:
1764 goto abort_cmd;
1765 }
1766 break;
c2ff060f
FB		 1767 case WIN_FLUSH_CACHE:
1768 case WIN_FLUSH_CACHE_EXT:
7a6cba61
PB		 1769 if (s->bs)
1770 bdrv_flush(s->bs);
1771 s->status = READY_STAT;
1772 ide_set_irq(s);
1773 break;
a7dfe172 1774 case WIN_STANDBYNOW1:
c451ee71 1775 case WIN_IDLEIMMEDIATE:
a7dfe172
FB		 1776 s->status = READY_STAT;
1777 ide_set_irq(s);
1778 break;
5391d806
FB		 1779 /* ATAPI commands */
1780 case WIN_PIDENTIFY:
1781 if (s->is_cdrom) {
1782 ide_atapi_identify(s);
1298fe63 1783 s->status = READY_STAT | SEEK_STAT;
5391d806
FB		 1784 ide_transfer_start(s, s->io_buffer, 512, ide_transfer_stop);
1785 } else {
1786 ide_abort_command(s);
1787 }
1788 ide_set_irq(s);
1789 break;
c451ee71
FB		 1790 case WIN_DIAGNOSE:
1791 ide_set_signature(s);
1792 s->status = 0x00; /* NOTE: READY is _not_ set */
1793 s->error = 0x01;
1794 break;
5391d806
FB		 1795 case WIN_SRST:
1796 if (!s->is_cdrom)
1797 goto abort_cmd;
1798 ide_set_signature(s);
6b136f9e 1799 s->status = 0x00; /* NOTE: READY is _not_ set */
5391d806
FB		 1800 s->error = 0x01;
1801 break;
1802 case WIN_PACKETCMD:
1803 if (!s->is_cdrom)
1804 goto abort_cmd;
98087450
FB		 1805 /* overlapping commands not supported */
1806 if (s->feature & 0x02)
5391d806 1807 goto abort_cmd;
98087450 1808 s->atapi_dma = s->feature & 1;
5391d806
FB		 1809 s->nsector = 1;
1810 ide_transfer_start(s, s->io_buffer, ATAPI_PACKET_SIZE,
1811 ide_atapi_cmd);
1812 break;
1813 default:
1814 abort_cmd:
1815 ide_abort_command(s);
1816 ide_set_irq(s);
1817 break;
1818 }
1819 }
1820}
1821
caed8802 1822static uint32_t ide_ioport_read(void *opaque, uint32_t addr1)
5391d806 1823{
7ae98627
FB		 1824 IDEState *ide_if = opaque;
1825 IDEState *s = ide_if->cur_drive;
5391d806 1826 uint32_t addr;
c2ff060f 1827 int ret, hob;
5391d806
FB		 1828
1829 addr = addr1 & 7;
c2ff060f
FB		 1830 /* FIXME: HOB readback uses bit 7, but it's always set right now */
1831 //hob = s->select & (1 << 7);
1832 hob = 0;
5391d806
FB		 1833 switch(addr) {
1834 case 0:
1835 ret = 0xff;
1836 break;
1837 case 1:
7ae98627 1838 if (!ide_if[0].bs && !ide_if[1].bs)
c45c3d00 1839 ret = 0;
c2ff060f 1840 else if (!hob)
c45c3d00 1841 ret = s->error;
c2ff060f
FB		 1842 else
1843 ret = s->hob_feature;
5391d806
FB		 1844 break;
1845 case 2:
7ae98627 1846 if (!ide_if[0].bs && !ide_if[1].bs)
c45c3d00 1847 ret = 0;
c2ff060f 1848 else if (!hob)
c45c3d00 1849 ret = s->nsector & 0xff;
c2ff060f
FB		 1850 else
1851 ret = s->hob_nsector;
5391d806
FB		 1852 break;
1853 case 3:
7ae98627 1854 if (!ide_if[0].bs && !ide_if[1].bs)
c45c3d00 1855 ret = 0;
c2ff060f 1856 else if (!hob)
c45c3d00 1857 ret = s->sector;
c2ff060f
FB		 1858 else
1859 ret = s->hob_sector;
5391d806
FB		 1860 break;
1861 case 4:
7ae98627 1862 if (!ide_if[0].bs && !ide_if[1].bs)
c45c3d00 1863 ret = 0;
c2ff060f 1864 else if (!hob)
c45c3d00 1865 ret = s->lcyl;
c2ff060f
FB		 1866 else
1867 ret = s->hob_lcyl;
5391d806
FB		 1868 break;
1869 case 5:
7ae98627 1870 if (!ide_if[0].bs && !ide_if[1].bs)
c45c3d00 1871 ret = 0;
c2ff060f 1872 else if (!hob)
c45c3d00 1873 ret = s->hcyl;
c2ff060f
FB		 1874 else
1875 ret = s->hob_hcyl;
5391d806
FB		 1876 break;
1877 case 6:
7ae98627 1878 if (!ide_if[0].bs && !ide_if[1].bs)
c45c3d00
FB		 1879 ret = 0;
1880 else
7ae98627 1881 ret = s->select;
5391d806
FB		 1882 break;
1883 default:
1884 case 7:
66201e2d
FB		 1885 if ((!ide_if[0].bs && !ide_if[1].bs) ||
1886 (s != ide_if && !s->bs))
c45c3d00
FB		 1887 ret = 0;
1888 else
1889 ret = s->status;
d537cf6c 1890 qemu_irq_lower(s->irq);
5391d806
FB		 1891 break;
1892 }
1893#ifdef DEBUG_IDE
1894 printf("ide: read addr=0x%x val=%02x\n", addr1, ret);
1895#endif
1896 return ret;
1897}
1898
caed8802 1899static uint32_t ide_status_read(void *opaque, uint32_t addr)
5391d806 1900{
7ae98627
FB		 1901 IDEState *ide_if = opaque;
1902 IDEState *s = ide_if->cur_drive;
5391d806 1903 int ret;
7ae98627 1904
66201e2d
FB		 1905 if ((!ide_if[0].bs && !ide_if[1].bs) ||
1906 (s != ide_if && !s->bs))
7ae98627
FB		 1907 ret = 0;
1908 else
1909 ret = s->status;
5391d806
FB		 1910#ifdef DEBUG_IDE
1911 printf("ide: read status addr=0x%x val=%02x\n", addr, ret);
1912#endif
1913 return ret;
1914}
1915
caed8802 1916static void ide_cmd_write(void *opaque, uint32_t addr, uint32_t val)
5391d806 1917{
caed8802 1918 IDEState *ide_if = opaque;
5391d806
FB		 1919 IDEState *s;
1920 int i;
1921
1922#ifdef DEBUG_IDE
1923 printf("ide: write control addr=0x%x val=%02x\n", addr, val);
1924#endif
1925 /* common for both drives */
1926 if (!(ide_if[0].cmd & IDE_CMD_RESET) &&
1927 (val & IDE_CMD_RESET)) {
1928 /* reset low to high */
1929 for(i = 0;i < 2; i++) {
1930 s = &ide_if[i];
1931 s->status = BUSY_STAT | SEEK_STAT;
1932 s->error = 0x01;
1933 }
1934 } else if ((ide_if[0].cmd & IDE_CMD_RESET) &&
1935 !(val & IDE_CMD_RESET)) {
1936 /* high to low */
1937 for(i = 0;i < 2; i++) {
1938 s = &ide_if[i];
6b136f9e
FB		 1939 if (s->is_cdrom)
1940 s->status = 0x00; /* NOTE: READY is _not_ set */
1941 else
56bf1d37 1942 s->status = READY_STAT | SEEK_STAT;
5391d806
FB		 1943 ide_set_signature(s);
1944 }
1945 }
1946
1947 ide_if[0].cmd = val;
1948 ide_if[1].cmd = val;
1949}
1950
caed8802 1951static void ide_data_writew(void *opaque, uint32_t addr, uint32_t val)
5391d806 1952{
caed8802 1953 IDEState *s = ((IDEState *)opaque)->cur_drive;
5391d806
FB		 1954 uint8_t *p;
1955
1956 p = s->data_ptr;
0c4ad8dc 1957 *(uint16_t *)p = le16_to_cpu(val);
5391d806
FB		 1958 p += 2;
1959 s->data_ptr = p;
1960 if (p >= s->data_end)
1961 s->end_transfer_func(s);
1962}
1963
caed8802 1964static uint32_t ide_data_readw(void *opaque, uint32_t addr)
5391d806 1965{
caed8802 1966 IDEState *s = ((IDEState *)opaque)->cur_drive;
5391d806
FB		 1967 uint8_t *p;
1968 int ret;
1969 p = s->data_ptr;
0c4ad8dc 1970 ret = cpu_to_le16(*(uint16_t *)p);
5391d806
FB		 1971 p += 2;
1972 s->data_ptr = p;
1973 if (p >= s->data_end)
1974 s->end_transfer_func(s);
1975 return ret;
1976}
1977
caed8802 1978static void ide_data_writel(void *opaque, uint32_t addr, uint32_t val)
5391d806 1979{
caed8802 1980 IDEState *s = ((IDEState *)opaque)->cur_drive;
5391d806
FB		 1981 uint8_t *p;
1982
1983 p = s->data_ptr;
0c4ad8dc 1984 *(uint32_t *)p = le32_to_cpu(val);
5391d806
FB		 1985 p += 4;
1986 s->data_ptr = p;
1987 if (p >= s->data_end)
1988 s->end_transfer_func(s);
1989}
1990
caed8802 1991static uint32_t ide_data_readl(void *opaque, uint32_t addr)
5391d806 1992{
caed8802 1993 IDEState *s = ((IDEState *)opaque)->cur_drive;
5391d806
FB		 1994 uint8_t *p;
1995 int ret;
1996
1997 p = s->data_ptr;
0c4ad8dc 1998 ret = cpu_to_le32(*(uint32_t *)p);
5391d806
FB		 1999 p += 4;
2000 s->data_ptr = p;
2001 if (p >= s->data_end)
2002 s->end_transfer_func(s);
2003 return ret;
2004}
2005
a7dfe172
FB		 2006static void ide_dummy_transfer_stop(IDEState *s)
2007{
2008 s->data_ptr = s->io_buffer;
2009 s->data_end = s->io_buffer;
2010 s->io_buffer[0] = 0xff;
2011 s->io_buffer[1] = 0xff;
2012 s->io_buffer[2] = 0xff;
2013 s->io_buffer[3] = 0xff;
2014}
2015
5391d806
FB		 2016static void ide_reset(IDEState *s)
2017{
2018 s->mult_sectors = MAX_MULT_SECTORS;
2019 s->cur_drive = s;
2020 s->select = 0xa0;
2021 s->status = READY_STAT;
2022 ide_set_signature(s);
a7dfe172
FB		 2023 /* init the transfer handler so that 0xffff is returned on data
2024 accesses */
2025 s->end_transfer_func = ide_dummy_transfer_stop;
2026 ide_dummy_transfer_stop(s);
5391d806
FB		 2027}
2028
2029struct partition {
2030 uint8_t boot_ind; /* 0x80 - active */
2031 uint8_t head; /* starting head */
2032 uint8_t sector; /* starting sector */
2033 uint8_t cyl; /* starting cylinder */
2034 uint8_t sys_ind; /* What partition type */
2035 uint8_t end_head; /* end head */
2036 uint8_t end_sector; /* end sector */
2037 uint8_t end_cyl; /* end cylinder */
2038 uint32_t start_sect; /* starting sector counting from 0 */
2039 uint32_t nr_sects; /* nr of sectors in partition */
2040} __attribute__((packed));
2041
bf1b938f
FB		 2042/* try to guess the disk logical geometry from the MSDOS partition table. Return 0 if OK, -1 if could not guess */
2043static int guess_disk_lchs(IDEState *s,
2044 int *pcylinders, int *pheads, int *psectors)
5391d806
FB		 2045{
2046 uint8_t buf[512];
46d4767d 2047 int ret, i, heads, sectors, cylinders;
5391d806
FB		 2048 struct partition *p;
2049 uint32_t nr_sects;
2050
5391d806
FB		 2051 ret = bdrv_read(s->bs, 0, buf, 1);
2052 if (ret < 0)
bf1b938f 2053 return -1;
5391d806
FB		 2054 /* test msdos magic */
2055 if (buf[510] != 0x55 || buf[511] != 0xaa)
bf1b938f 2056 return -1;
5391d806
FB		 2057 for(i = 0; i < 4; i++) {
2058 p = ((struct partition *)(buf + 0x1be)) + i;
0c4ad8dc 2059 nr_sects = le32_to_cpu(p->nr_sects);
5391d806
FB		 2060 if (nr_sects && p->end_head) {
2061 /* We make the assumption that the partition terminates on
2062 a cylinder boundary */
46d4767d 2063 heads = p->end_head + 1;
46d4767d
FB		 2064 sectors = p->end_sector & 63;
2065 if (sectors == 0)
2066 continue;
2067 cylinders = s->nb_sectors / (heads * sectors);
2068 if (cylinders < 1 || cylinders > 16383)
2069 continue;
bf1b938f
FB		 2070 *pheads = heads;
2071 *psectors = sectors;
2072 *pcylinders = cylinders;
5391d806 2073#if 0
bf1b938f
FB		 2074 printf("guessed geometry: LCHS=%d %d %d\n",
2075 cylinders, heads, sectors);
5391d806 2076#endif
bf1b938f 2077 return 0;
5391d806
FB		 2078 }
2079 }
bf1b938f 2080 return -1;
5391d806
FB		 2081}
2082
5457c8ce
FB		 2083static void ide_init2(IDEState *ide_state,
2084 BlockDriverState *hd0, BlockDriverState *hd1,
d537cf6c 2085 qemu_irq irq)
5391d806 2086{
69b91039 2087 IDEState *s;
aedf5382 2088 static int drive_serial = 1;
4dbb0f50 2089 int i, cylinders, heads, secs, translation, lba_detected = 0;
5391d806 2090 int64_t nb_sectors;
5391d806 2091
caed8802
FB		 2092 for(i = 0; i < 2; i++) {
2093 s = ide_state + i;
2094 if (i == 0)
2095 s->bs = hd0;
2096 else
2097 s->bs = hd1;
5391d806
FB		 2098 if (s->bs) {
2099 bdrv_get_geometry(s->bs, &nb_sectors);
2100 s->nb_sectors = nb_sectors;
caed8802
FB		 2101 /* if a geometry hint is available, use it */
2102 bdrv_get_geometry_hint(s->bs, &cylinders, &heads, &secs);
4dbb0f50 2103 translation = bdrv_get_translation_hint(s->bs);
caed8802 2104 if (cylinders != 0) {
5391d806 2105 s->cylinders = cylinders;
caed8802
FB		 2106 s->heads = heads;
2107 s->sectors = secs;
2108 } else {
bf1b938f
FB		 2109 if (guess_disk_lchs(s, &cylinders, &heads, &secs) == 0) {
2110 if (heads > 16) {
2111 /* if heads > 16, it means that a BIOS LBA
2112 translation was active, so the default
2113 hardware geometry is OK */
4dbb0f50 2114 lba_detected = 1;
bf1b938f
FB		 2115 goto default_geometry;
2116 } else {
2117 s->cylinders = cylinders;
2118 s->heads = heads;
2119 s->sectors = secs;
2120 /* disable any translation to be in sync with
2121 the logical geometry */
bf1b938f
FB		 2122 if (translation == BIOS_ATA_TRANSLATION_AUTO) {
2123 bdrv_set_translation_hint(s->bs,
2124 BIOS_ATA_TRANSLATION_NONE);
2125 }
2126 }
2127 } else {
2128 default_geometry:
46d4767d 2129 /* if no geometry, use a standard physical disk geometry */
caed8802
FB		 2130 cylinders = nb_sectors / (16 * 63);
2131 if (cylinders > 16383)
2132 cylinders = 16383;
2133 else if (cylinders < 2)
2134 cylinders = 2;
2135 s->cylinders = cylinders;
2136 s->heads = 16;
2137 s->sectors = 63;
4dbb0f50
TS		 2138 if ((lba_detected == 1) && (translation == BIOS_ATA_TRANSLATION_AUTO)) {
2139 if ((s->cylinders * s->heads) <= 131072) {
2140 bdrv_set_translation_hint(s->bs,
2141 BIOS_ATA_TRANSLATION_LARGE);
2142 } else {
2143 bdrv_set_translation_hint(s->bs,
2144 BIOS_ATA_TRANSLATION_LBA);
2145 }
2146 }
caed8802 2147 }
769bec72 2148 bdrv_set_geometry_hint(s->bs, s->cylinders, s->heads, s->sectors);
caed8802
FB		 2149 }
2150 if (bdrv_get_type_hint(s->bs) == BDRV_TYPE_CDROM) {
2151 s->is_cdrom = 1;
bd491d6a 2152 bdrv_set_change_cb(s->bs, cdrom_change_cb, s);
5391d806
FB		 2153 }
2154 }
aedf5382 2155 s->drive_serial = drive_serial++;
caed8802 2156 s->irq = irq;
a09db21f
FB		 2157 s->sector_write_timer = qemu_new_timer(vm_clock,
2158 ide_sector_write_timer_cb, s);
5391d806
FB		 2159 ide_reset(s);
2160 }
69b91039
FB		 2161}
2162
34e538ae 2163static void ide_init_ioport(IDEState *ide_state, int iobase, int iobase2)
69b91039 2164{
caed8802
FB		 2165 register_ioport_write(iobase, 8, 1, ide_ioport_write, ide_state);
2166 register_ioport_read(iobase, 8, 1, ide_ioport_read, ide_state);
2167 if (iobase2) {
2168 register_ioport_read(iobase2, 1, 1, ide_status_read, ide_state);
2169 register_ioport_write(iobase2, 1, 1, ide_cmd_write, ide_state);
5391d806 2170 }
caed8802
FB		 2171
2172 /* data ports */
2173 register_ioport_write(iobase, 2, 2, ide_data_writew, ide_state);
2174 register_ioport_read(iobase, 2, 2, ide_data_readw, ide_state);
2175 register_ioport_write(iobase, 4, 4, ide_data_writel, ide_state);
2176 register_ioport_read(iobase, 4, 4, ide_data_readl, ide_state);
5391d806 2177}
69b91039 2178
34e538ae
FB		 2179/***********************************************************/
2180/* ISA IDE definitions */
2181
d537cf6c 2182void isa_ide_init(int iobase, int iobase2, qemu_irq irq,
34e538ae
FB		 2183 BlockDriverState *hd0, BlockDriverState *hd1)
2184{
2185 IDEState *ide_state;
2186
2187 ide_state = qemu_mallocz(sizeof(IDEState) * 2);
2188 if (!ide_state)
2189 return;
2190
d537cf6c 2191 ide_init2(ide_state, hd0, hd1, irq);
34e538ae
FB		 2192 ide_init_ioport(ide_state, iobase, iobase2);
2193}
2194
69b91039
FB		 2195/***********************************************************/
2196/* PCI IDE definitions */
2197
5457c8ce
FB		 2198static void cmd646_update_irq(PCIIDEState *d);
2199
69b91039
FB		 2200static void ide_map(PCIDevice *pci_dev, int region_num,
2201 uint32_t addr, uint32_t size, int type)
2202{
2203 PCIIDEState *d = (PCIIDEState *)pci_dev;
2204 IDEState *ide_state;
2205
2206 if (region_num <= 3) {
2207 ide_state = &d->ide_if[(region_num >> 1) * 2];
2208 if (region_num & 1) {
2209 register_ioport_read(addr + 2, 1, 1, ide_status_read, ide_state);
2210 register_ioport_write(addr + 2, 1, 1, ide_cmd_write, ide_state);
2211 } else {
2212 register_ioport_write(addr, 8, 1, ide_ioport_write, ide_state);
2213 register_ioport_read(addr, 8, 1, ide_ioport_read, ide_state);
2214
2215 /* data ports */
2216 register_ioport_write(addr, 2, 2, ide_data_writew, ide_state);
2217 register_ioport_read(addr, 2, 2, ide_data_readw, ide_state);
2218 register_ioport_write(addr, 4, 4, ide_data_writel, ide_state);
2219 register_ioport_read(addr, 4, 4, ide_data_readl, ide_state);
2220 }
2221 }
2222}
2223
8ccad811 2224static void ide_dma_start(IDEState *s, BlockDriverCompletionFunc *dma_cb)
98087450
FB		 2225{
2226 BMDMAState *bm = s->bmdma;
2227 if(!bm)
2228 return;
2229 bm->ide_if = s;
2230 bm->dma_cb = dma_cb;
8ccad811
FB		 2231 bm->cur_prd_last = 0;
2232 bm->cur_prd_addr = 0;
2233 bm->cur_prd_len = 0;
98087450 2234 if (bm->status & BM_STATUS_DMAING) {
8ccad811 2235 bm->dma_cb(bm, 0);
98087450
FB		 2236 }
2237}
2238
98087450
FB		 2239static void bmdma_cmd_writeb(void *opaque, uint32_t addr, uint32_t val)
2240{
2241 BMDMAState *bm = opaque;
2242#ifdef DEBUG_IDE
2243 printf("%s: 0x%08x\n", __func__, val);
2244#endif
2245 if (!(val & BM_CMD_START)) {
2246 /* XXX: do it better */
8ccad811
FB		 2247 if (bm->status & BM_STATUS_DMAING) {
2248 bm->status &= ~BM_STATUS_DMAING;
2249 /* cancel DMA request */
2250 bm->ide_if = NULL;
2251 bm->dma_cb = NULL;
2252 if (bm->aiocb) {
2253#ifdef DEBUG_AIO
2254 printf("aio_cancel\n");
2255#endif
2256 bdrv_aio_cancel(bm->aiocb);
2257 bm->aiocb = NULL;
2258 }
2259 }
98087450
FB		 2260 bm->cmd = val & 0x09;
2261 } else {
8ccad811
FB		 2262 if (!(bm->status & BM_STATUS_DMAING)) {
2263 bm->status |= BM_STATUS_DMAING;
2264 /* start dma transfer if possible */
2265 if (bm->dma_cb)
2266 bm->dma_cb(bm, 0);
2267 }
98087450 2268 bm->cmd = val & 0x09;
98087450
FB		 2269 }
2270}
2271
5457c8ce 2272static uint32_t bmdma_readb(void *opaque, uint32_t addr)
98087450
FB		 2273{
2274 BMDMAState *bm = opaque;
5457c8ce 2275 PCIIDEState *pci_dev;
98087450 2276 uint32_t val;
5457c8ce
FB		 2277
2278 switch(addr & 3) {
2279 case 0:
2280 val = bm->cmd;
2281 break;
2282 case 1:
2283 pci_dev = bm->pci_dev;
2284 if (pci_dev->type == IDE_TYPE_CMD646) {
2285 val = pci_dev->dev.config[MRDMODE];
2286 } else {
2287 val = 0xff;
2288 }
2289 break;
2290 case 2:
2291 val = bm->status;
2292 break;
2293 case 3:
2294 pci_dev = bm->pci_dev;
2295 if (pci_dev->type == IDE_TYPE_CMD646) {
2296 if (bm == &pci_dev->bmdma[0])
2297 val = pci_dev->dev.config[UDIDETCR0];
2298 else
2299 val = pci_dev->dev.config[UDIDETCR1];
2300 } else {
2301 val = 0xff;
2302 }
2303 break;
2304 default:
2305 val = 0xff;
2306 break;
2307 }
98087450 2308#ifdef DEBUG_IDE
5457c8ce 2309 printf("bmdma: readb 0x%02x : 0x%02x\n", addr, val);
98087450
FB		 2310#endif
2311 return val;
2312}
2313
5457c8ce 2314static void bmdma_writeb(void *opaque, uint32_t addr, uint32_t val)
98087450
FB		 2315{
2316 BMDMAState *bm = opaque;
5457c8ce 2317 PCIIDEState *pci_dev;
98087450 2318#ifdef DEBUG_IDE
5457c8ce 2319 printf("bmdma: writeb 0x%02x : 0x%02x\n", addr, val);
98087450 2320#endif
5457c8ce
FB		 2321 switch(addr & 3) {
2322 case 1:
2323 pci_dev = bm->pci_dev;
2324 if (pci_dev->type == IDE_TYPE_CMD646) {
2325 pci_dev->dev.config[MRDMODE] =
2326 (pci_dev->dev.config[MRDMODE] & ~0x30) | (val & 0x30);
2327 cmd646_update_irq(pci_dev);
2328 }
2329 break;
2330 case 2:
2331 bm->status = (val & 0x60) | (bm->status & 1) | (bm->status & ~val & 0x06);
2332 break;
2333 case 3:
2334 pci_dev = bm->pci_dev;
2335 if (pci_dev->type == IDE_TYPE_CMD646) {
2336 if (bm == &pci_dev->bmdma[0])
2337 pci_dev->dev.config[UDIDETCR0] = val;
2338 else
2339 pci_dev->dev.config[UDIDETCR1] = val;
2340 }
2341 break;
2342 }
98087450
FB		 2343}
2344
2345static uint32_t bmdma_addr_readl(void *opaque, uint32_t addr)
2346{
2347 BMDMAState *bm = opaque;
2348 uint32_t val;
2349 val = bm->addr;
2350#ifdef DEBUG_IDE
2351 printf("%s: 0x%08x\n", __func__, val);
2352#endif
2353 return val;
2354}
2355
2356static void bmdma_addr_writel(void *opaque, uint32_t addr, uint32_t val)
2357{
2358 BMDMAState *bm = opaque;
2359#ifdef DEBUG_IDE
2360 printf("%s: 0x%08x\n", __func__, val);
2361#endif
2362 bm->addr = val & ~3;
30c4bbac 2363 bm->cur_addr = bm->addr;
98087450
FB		 2364}
2365
2366static void bmdma_map(PCIDevice *pci_dev, int region_num,
2367 uint32_t addr, uint32_t size, int type)
2368{
2369 PCIIDEState *d = (PCIIDEState *)pci_dev;
2370 int i;
2371
2372 for(i = 0;i < 2; i++) {
2373 BMDMAState *bm = &d->bmdma[i];
2374 d->ide_if[2 * i].bmdma = bm;
2375 d->ide_if[2 * i + 1].bmdma = bm;
5457c8ce
FB		 2376 bm->pci_dev = (PCIIDEState *)pci_dev;
2377
98087450 2378 register_ioport_write(addr, 1, 1, bmdma_cmd_writeb, bm);
98087450 2379
5457c8ce
FB		 2380 register_ioport_write(addr + 1, 3, 1, bmdma_writeb, bm);
2381 register_ioport_read(addr, 4, 1, bmdma_readb, bm);
98087450
FB		 2382
2383 register_ioport_write(addr + 4, 4, 4, bmdma_addr_writel, bm);
2384 register_ioport_read(addr + 4, 4, 4, bmdma_addr_readl, bm);
2385 addr += 8;
2386 }
2387}
2388
5457c8ce
FB		 2389/* XXX: call it also when the MRDMODE is changed from the PCI config
2390 registers */
2391static void cmd646_update_irq(PCIIDEState *d)
2392{
2393 int pci_level;
2394 pci_level = ((d->dev.config[MRDMODE] & MRDMODE_INTR_CH0) &&
2395 !(d->dev.config[MRDMODE] & MRDMODE_BLK_CH0)) ||
2396 ((d->dev.config[MRDMODE] & MRDMODE_INTR_CH1) &&
2397 !(d->dev.config[MRDMODE] & MRDMODE_BLK_CH1));
d537cf6c 2398 qemu_set_irq(d->dev.irq[0], pci_level);
5457c8ce
FB		 2399}
2400
2401/* the PCI irq level is the logical OR of the two channels */
2402static void cmd646_set_irq(void *opaque, int channel, int level)
2403{
2404 PCIIDEState *d = opaque;
2405 int irq_mask;
2406
2407 irq_mask = MRDMODE_INTR_CH0 << channel;
2408 if (level)
2409 d->dev.config[MRDMODE] |= irq_mask;
2410 else
2411 d->dev.config[MRDMODE] &= ~irq_mask;
2412 cmd646_update_irq(d);
2413}
2414
2415/* CMD646 PCI IDE controller */
2416void pci_cmd646_ide_init(PCIBus *bus, BlockDriverState **hd_table,
2417 int secondary_ide_enabled)
69b91039
FB		 2418{
2419 PCIIDEState *d;
2420 uint8_t *pci_conf;
34e538ae 2421 int i;
d537cf6c 2422 qemu_irq *irq;
34e538ae 2423
5457c8ce
FB		 2424 d = (PCIIDEState *)pci_register_device(bus, "CMD646 IDE",
2425 sizeof(PCIIDEState),
46e50e9d 2426 -1,
73c11f63 2427 NULL, NULL);
5457c8ce 2428 d->type = IDE_TYPE_CMD646;
69b91039 2429 pci_conf = d->dev.config;
5457c8ce
FB		 2430 pci_conf[0x00] = 0x95; // CMD646
2431 pci_conf[0x01] = 0x10;
2432 pci_conf[0x02] = 0x46;
2433 pci_conf[0x03] = 0x06;
2434
2435 pci_conf[0x08] = 0x07; // IDE controller revision
2436 pci_conf[0x09] = 0x8f;
2437
69b91039
FB		 2438 pci_conf[0x0a] = 0x01; // class_sub = PCI_IDE
2439 pci_conf[0x0b] = 0x01; // class_base = PCI_mass_storage
5457c8ce
FB		 2440 pci_conf[0x0e] = 0x00; // header_type
2441
2442 if (secondary_ide_enabled) {
2443 /* XXX: if not enabled, really disable the seconday IDE controller */
2444 pci_conf[0x51] = 0x80; /* enable IDE1 */
2445 }
69b91039
FB		 2446
2447 pci_register_io_region((PCIDevice *)d, 0, 0x8,
2448 PCI_ADDRESS_SPACE_IO, ide_map);
2449 pci_register_io_region((PCIDevice *)d, 1, 0x4,
2450 PCI_ADDRESS_SPACE_IO, ide_map);
2451 pci_register_io_region((PCIDevice *)d, 2, 0x8,
2452 PCI_ADDRESS_SPACE_IO, ide_map);
2453 pci_register_io_region((PCIDevice *)d, 3, 0x4,
2454 PCI_ADDRESS_SPACE_IO, ide_map);
98087450
FB		 2455 pci_register_io_region((PCIDevice *)d, 4, 0x10,
2456 PCI_ADDRESS_SPACE_IO, bmdma_map);
69b91039 2457
34e538ae 2458 pci_conf[0x3d] = 0x01; // interrupt on pin 1
5457c8ce 2459
34e538ae
FB		 2460 for(i = 0; i < 4; i++)
2461 d->ide_if[i].pci_dev = (PCIDevice *)d;
d537cf6c
PB		 2462
2463 irq = qemu_allocate_irqs(cmd646_set_irq, d, 2);
2464 ide_init2(&d->ide_if[0], hd_table[0], hd_table[1], irq[0]);
2465 ide_init2(&d->ide_if[2], hd_table[2], hd_table[3], irq[1]);
34e538ae
FB		 2466}
2467
c3d78997
FB		 2468static void pci_ide_save(QEMUFile* f, void *opaque)
2469{
2470 PCIIDEState *d = opaque;
2471 int i;
2472
2473 pci_device_save(&d->dev, f);
2474
2475 for(i = 0; i < 2; i++) {
2476 BMDMAState *bm = &d->bmdma[i];
2477 qemu_put_8s(f, &bm->cmd);
2478 qemu_put_8s(f, &bm->status);
2479 qemu_put_be32s(f, &bm->addr);
2480 /* XXX: if a transfer is pending, we do not save it yet */
2481 }
2482
2483 /* per IDE interface data */
2484 for(i = 0; i < 2; i++) {
2485 IDEState *s = &d->ide_if[i * 2];
2486 uint8_t drive1_selected;
2487 qemu_put_8s(f, &s->cmd);
2488 drive1_selected = (s->cur_drive != s);
2489 qemu_put_8s(f, &drive1_selected);
2490 }
2491
2492 /* per IDE drive data */
2493 for(i = 0; i < 4; i++) {
2494 IDEState *s = &d->ide_if[i];
2495 qemu_put_be32s(f, &s->mult_sectors);
2496 qemu_put_be32s(f, &s->identify_set);
2497 if (s->identify_set) {
2498 qemu_put_buffer(f, (const uint8_t *)s->identify_data, 512);
2499 }
2500 qemu_put_8s(f, &s->feature);
2501 qemu_put_8s(f, &s->error);
2502 qemu_put_be32s(f, &s->nsector);
2503 qemu_put_8s(f, &s->sector);
2504 qemu_put_8s(f, &s->lcyl);
2505 qemu_put_8s(f, &s->hcyl);
2506 qemu_put_8s(f, &s->hob_feature);
2507 qemu_put_8s(f, &s->hob_nsector);
2508 qemu_put_8s(f, &s->hob_sector);
2509 qemu_put_8s(f, &s->hob_lcyl);
2510 qemu_put_8s(f, &s->hob_hcyl);
2511 qemu_put_8s(f, &s->select);
2512 qemu_put_8s(f, &s->status);
2513 qemu_put_8s(f, &s->lba48);
2514
2515 qemu_put_8s(f, &s->sense_key);
2516 qemu_put_8s(f, &s->asc);
2517 /* XXX: if a transfer is pending, we do not save it yet */
2518 }
2519}
2520
2521static int pci_ide_load(QEMUFile* f, void *opaque, int version_id)
2522{
2523 PCIIDEState *d = opaque;
2524 int ret, i;
2525
2526 if (version_id != 1)
2527 return -EINVAL;
2528 ret = pci_device_load(&d->dev, f);
2529 if (ret < 0)
2530 return ret;
2531
2532 for(i = 0; i < 2; i++) {
2533 BMDMAState *bm = &d->bmdma[i];
2534 qemu_get_8s(f, &bm->cmd);
2535 qemu_get_8s(f, &bm->status);
2536 qemu_get_be32s(f, &bm->addr);
2537 /* XXX: if a transfer is pending, we do not save it yet */
2538 }
2539
2540 /* per IDE interface data */
2541 for(i = 0; i < 2; i++) {
2542 IDEState *s = &d->ide_if[i * 2];
2543 uint8_t drive1_selected;
2544 qemu_get_8s(f, &s->cmd);
2545 qemu_get_8s(f, &drive1_selected);
2546 s->cur_drive = &d->ide_if[i * 2 + (drive1_selected != 0)];
2547 }
2548
2549 /* per IDE drive data */
2550 for(i = 0; i < 4; i++) {
2551 IDEState *s = &d->ide_if[i];
2552 qemu_get_be32s(f, &s->mult_sectors);
2553 qemu_get_be32s(f, &s->identify_set);
2554 if (s->identify_set) {
2555 qemu_get_buffer(f, (uint8_t *)s->identify_data, 512);
2556 }
2557 qemu_get_8s(f, &s->feature);
2558 qemu_get_8s(f, &s->error);
2559 qemu_get_be32s(f, &s->nsector);
2560 qemu_get_8s(f, &s->sector);
2561 qemu_get_8s(f, &s->lcyl);
2562 qemu_get_8s(f, &s->hcyl);
2563 qemu_get_8s(f, &s->hob_feature);
2564 qemu_get_8s(f, &s->hob_nsector);
2565 qemu_get_8s(f, &s->hob_sector);
2566 qemu_get_8s(f, &s->hob_lcyl);
2567 qemu_get_8s(f, &s->hob_hcyl);
2568 qemu_get_8s(f, &s->select);
2569 qemu_get_8s(f, &s->status);
2570 qemu_get_8s(f, &s->lba48);
2571
2572 qemu_get_8s(f, &s->sense_key);
2573 qemu_get_8s(f, &s->asc);
2574 /* XXX: if a transfer is pending, we do not save it yet */
2575 }
2576 return 0;
2577}
2578
e6a71ae3
TS		 2579static void piix3_reset(PCIIDEState *d)
2580{
2581 uint8_t *pci_conf = d->dev.config;
2582
2583 pci_conf[0x04] = 0x00;
2584 pci_conf[0x05] = 0x00;
2585 pci_conf[0x06] = 0x80; /* FBC */
2586 pci_conf[0x07] = 0x02; // PCI_status_devsel_medium
2587 pci_conf[0x20] = 0x01; /* BMIBA: 20-23h */
2588}
2589
34e538ae
FB		 2590/* hd_table must contain 4 block drivers */
2591/* NOTE: for the PIIX3, the IRQs and IOports are hardcoded */
d537cf6c
PB		 2592void pci_piix3_ide_init(PCIBus *bus, BlockDriverState **hd_table, int devfn,
2593 qemu_irq *pic)
34e538ae
FB		 2594{
2595 PCIIDEState *d;
2596 uint8_t *pci_conf;
2597
2598 /* register a function 1 of PIIX3 */
46e50e9d
FB		 2599 d = (PCIIDEState *)pci_register_device(bus, "PIIX3 IDE",
2600 sizeof(PCIIDEState),
502a5395 2601 devfn,
34e538ae 2602 NULL, NULL);
5457c8ce
FB		 2603 d->type = IDE_TYPE_PIIX3;
2604
34e538ae
FB		 2605 pci_conf = d->dev.config;
2606 pci_conf[0x00] = 0x86; // Intel
2607 pci_conf[0x01] = 0x80;
2608 pci_conf[0x02] = 0x10;
2609 pci_conf[0x03] = 0x70;
92510b8c 2610 pci_conf[0x09] = 0x80; // legacy ATA mode
34e538ae
FB		 2611 pci_conf[0x0a] = 0x01; // class_sub = PCI_IDE
2612 pci_conf[0x0b] = 0x01; // class_base = PCI_mass_storage
2613 pci_conf[0x0e] = 0x00; // header_type
2614
e6a71ae3
TS		 2615 piix3_reset(d);
2616
98087450
FB		 2617 pci_register_io_region((PCIDevice *)d, 4, 0x10,
2618 PCI_ADDRESS_SPACE_IO, bmdma_map);
34e538ae 2619
d537cf6c
PB		 2620 ide_init2(&d->ide_if[0], hd_table[0], hd_table[1], pic[14]);
2621 ide_init2(&d->ide_if[2], hd_table[2], hd_table[3], pic[15]);
34e538ae
FB		 2622 ide_init_ioport(&d->ide_if[0], 0x1f0, 0x3f6);
2623 ide_init_ioport(&d->ide_if[2], 0x170, 0x376);
c3d78997
FB		 2624
2625 register_savevm("ide", 0, 1, pci_ide_save, pci_ide_load, d);
69b91039 2626}
1ade1de2
FB		 2627
2628/***********************************************************/
2629/* MacIO based PowerPC IDE */
2630
2631/* PowerMac IDE memory IO */
2632static void pmac_ide_writeb (void *opaque,
2633 target_phys_addr_t addr, uint32_t val)
2634{
2635 addr = (addr & 0xFFF) >> 4;
2636 switch (addr) {
2637 case 1 ... 7:
2638 ide_ioport_write(opaque, addr, val);
2639 break;
2640 case 8:
2641 case 22:
2642 ide_cmd_write(opaque, 0, val);
2643 break;
2644 default:
2645 break;
2646 }
2647}
2648
2649static uint32_t pmac_ide_readb (void *opaque,target_phys_addr_t addr)
2650{
2651 uint8_t retval;
2652
2653 addr = (addr & 0xFFF) >> 4;
2654 switch (addr) {
2655 case 1 ... 7:
2656 retval = ide_ioport_read(opaque, addr);
2657 break;
2658 case 8:
2659 case 22:
2660 retval = ide_status_read(opaque, 0);
2661 break;
2662 default:
2663 retval = 0xFF;
2664 break;
2665 }
2666 return retval;
2667}
2668
2669static void pmac_ide_writew (void *opaque,
2670 target_phys_addr_t addr, uint32_t val)
2671{
2672 addr = (addr & 0xFFF) >> 4;
2673#ifdef TARGET_WORDS_BIGENDIAN
2674 val = bswap16(val);
2675#endif
2676 if (addr == 0) {
2677 ide_data_writew(opaque, 0, val);
2678 }
2679}
2680
2681static uint32_t pmac_ide_readw (void *opaque,target_phys_addr_t addr)
2682{
2683 uint16_t retval;
2684
2685 addr = (addr & 0xFFF) >> 4;
2686 if (addr == 0) {
2687 retval = ide_data_readw(opaque, 0);
2688 } else {
2689 retval = 0xFFFF;
2690 }
2691#ifdef TARGET_WORDS_BIGENDIAN
2692 retval = bswap16(retval);
2693#endif
2694 return retval;
2695}
2696
2697static void pmac_ide_writel (void *opaque,
2698 target_phys_addr_t addr, uint32_t val)
2699{
2700 addr = (addr & 0xFFF) >> 4;
2701#ifdef TARGET_WORDS_BIGENDIAN
2702 val = bswap32(val);
2703#endif
2704 if (addr == 0) {
2705 ide_data_writel(opaque, 0, val);
2706 }
2707}
2708
2709static uint32_t pmac_ide_readl (void *opaque,target_phys_addr_t addr)
2710{
2711 uint32_t retval;
2712
2713 addr = (addr & 0xFFF) >> 4;
2714 if (addr == 0) {
2715 retval = ide_data_readl(opaque, 0);
2716 } else {
2717 retval = 0xFFFFFFFF;
2718 }
2719#ifdef TARGET_WORDS_BIGENDIAN
2720 retval = bswap32(retval);
2721#endif
2722 return retval;
2723}
2724
2725static CPUWriteMemoryFunc *pmac_ide_write[] = {
2726 pmac_ide_writeb,
2727 pmac_ide_writew,
2728 pmac_ide_writel,
2729};
2730
2731static CPUReadMemoryFunc *pmac_ide_read[] = {
2732 pmac_ide_readb,
2733 pmac_ide_readw,
2734 pmac_ide_readl,
2735};
2736
2737/* hd_table must contain 4 block drivers */
2738/* PowerMac uses memory mapped registers, not I/O. Return the memory
2739 I/O index to access the ide. */
d537cf6c 2740int pmac_ide_init (BlockDriverState **hd_table, qemu_irq irq)
1ade1de2
FB		 2741{
2742 IDEState *ide_if;
2743 int pmac_ide_memory;
2744
2745 ide_if = qemu_mallocz(sizeof(IDEState) * 2);
d537cf6c 2746 ide_init2(&ide_if[0], hd_table[0], hd_table[1], irq);
1ade1de2
FB		 2747
2748 pmac_ide_memory = cpu_register_io_memory(0, pmac_ide_read,
2749 pmac_ide_write, &ide_if[0]);
2750 return pmac_ide_memory;
2751}
Qemu copy for testing