]> git.proxmox.com Git - qemu.git/blame - hw/ide.c
projects / qemu.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Unbreak Sparc64
[qemu.git] / hw / ide.c
CommitLineData
5391d806 1/*
38cdea7c 2 * QEMU IDE disk and CD/DVD-ROM Emulator
5fafdf24 3 *
5391d806 4 * Copyright (c) 2003 Fabrice Bellard
201a51fc 5 * Copyright (c) 2006 Openedhand Ltd.
5fafdf24 6 *
5391d806
FB		 7 * Permission is hereby granted, free of charge, to any person obtaining a copy
8 * of this software and associated documentation files (the "Software"), to deal
9 * in the Software without restriction, including without limitation the rights
10 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
11 * copies of the Software, and to permit persons to whom the Software is
12 * furnished to do so, subject to the following conditions:
13 *
14 * The above copyright notice and this permission notice shall be included in
15 * all copies or substantial portions of the Software.
16 *
17 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
18 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
19 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
20 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
21 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
22 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
23 * THE SOFTWARE.
24 */
87ecb68b
PB		 25#include "hw.h"
26#include "pc.h"
27#include "pci.h"
28#include "scsi-disk.h"
29#include "pcmcia.h"
30#include "block.h"
b0a7b120 31#include "block_int.h"
87ecb68b
PB		 32#include "qemu-timer.h"
33#include "sysemu.h"
9596ebb7 34#include "ppc_mac.h"
e3007e66 35#include "mac_dbdma.h"
b79e1752 36#include "sh.h"
1fb8648d 37#include "dma.h"
5391d806 38
5391d806
FB		 39/* debug IDE devices */
40//#define DEBUG_IDE
41//#define DEBUG_IDE_ATAPI
8ccad811
FB		 42//#define DEBUG_AIO
43#define USE_DMA_CDROM
5391d806
FB		 44
45/* Bits of HD_STATUS */
46#define ERR_STAT 0x01
47#define INDEX_STAT 0x02
48#define ECC_STAT 0x04 /* Corrected error */
49#define DRQ_STAT 0x08
50#define SEEK_STAT 0x10
51#define SRV_STAT 0x10
52#define WRERR_STAT 0x20
53#define READY_STAT 0x40
54#define BUSY_STAT 0x80
55
56/* Bits for HD_ERROR */
57#define MARK_ERR 0x01 /* Bad address mark */
58#define TRK0_ERR 0x02 /* couldn't find track 0 */
59#define ABRT_ERR 0x04 /* Command aborted */
60#define MCR_ERR 0x08 /* media change request */
61#define ID_ERR 0x10 /* ID field not found */
62#define MC_ERR 0x20 /* media changed */
63#define ECC_ERR 0x40 /* Uncorrectable ECC error */
64#define BBD_ERR 0x80 /* pre-EIDE meaning: block marked bad */
65#define ICRC_ERR 0x80 /* new meaning: CRC error during transfer */
66
67/* Bits of HD_NSECTOR */
68#define CD 0x01
69#define IO 0x02
70#define REL 0x04
71#define TAG_MASK 0xf8
72
73#define IDE_CMD_RESET 0x04
74#define IDE_CMD_DISABLE_IRQ 0x02
75
76/* ATA/ATAPI Commands pre T13 Spec */
77#define WIN_NOP 0x00
78/*
79 * 0x01->0x02 Reserved
80 */
81#define CFA_REQ_EXT_ERROR_CODE 0x03 /* CFA Request Extended Error Code */
82/*
83 * 0x04->0x07 Reserved
84 */
85#define WIN_SRST 0x08 /* ATAPI soft reset command */
86#define WIN_DEVICE_RESET 0x08
87/*
88 * 0x09->0x0F Reserved
89 */
90#define WIN_RECAL 0x10
91#define WIN_RESTORE WIN_RECAL
92/*
93 * 0x10->0x1F Reserved
94 */
95#define WIN_READ 0x20 /* 28-Bit */
96#define WIN_READ_ONCE 0x21 /* 28-Bit without retries */
97#define WIN_READ_LONG 0x22 /* 28-Bit */
98#define WIN_READ_LONG_ONCE 0x23 /* 28-Bit without retries */
99#define WIN_READ_EXT 0x24 /* 48-Bit */
100#define WIN_READDMA_EXT 0x25 /* 48-Bit */
101#define WIN_READDMA_QUEUED_EXT 0x26 /* 48-Bit */
102#define WIN_READ_NATIVE_MAX_EXT 0x27 /* 48-Bit */
103/*
104 * 0x28
105 */
106#define WIN_MULTREAD_EXT 0x29 /* 48-Bit */
107/*
108 * 0x2A->0x2F Reserved
109 */
110#define WIN_WRITE 0x30 /* 28-Bit */
111#define WIN_WRITE_ONCE 0x31 /* 28-Bit without retries */
112#define WIN_WRITE_LONG 0x32 /* 28-Bit */
113#define WIN_WRITE_LONG_ONCE 0x33 /* 28-Bit without retries */
114#define WIN_WRITE_EXT 0x34 /* 48-Bit */
115#define WIN_WRITEDMA_EXT 0x35 /* 48-Bit */
116#define WIN_WRITEDMA_QUEUED_EXT 0x36 /* 48-Bit */
117#define WIN_SET_MAX_EXT 0x37 /* 48-Bit */
118#define CFA_WRITE_SECT_WO_ERASE 0x38 /* CFA Write Sectors without erase */
119#define WIN_MULTWRITE_EXT 0x39 /* 48-Bit */
120/*
121 * 0x3A->0x3B Reserved
122 */
123#define WIN_WRITE_VERIFY 0x3C /* 28-Bit */
124/*
125 * 0x3D->0x3F Reserved
126 */
127#define WIN_VERIFY 0x40 /* 28-Bit - Read Verify Sectors */
128#define WIN_VERIFY_ONCE 0x41 /* 28-Bit - without retries */
129#define WIN_VERIFY_EXT 0x42 /* 48-Bit */
130/*
131 * 0x43->0x4F Reserved
132 */
133#define WIN_FORMAT 0x50
134/*
135 * 0x51->0x5F Reserved
136 */
137#define WIN_INIT 0x60
138/*
139 * 0x61->0x5F Reserved
140 */
141#define WIN_SEEK 0x70 /* 0x70-0x7F Reserved */
142#define CFA_TRANSLATE_SECTOR 0x87 /* CFA Translate Sector */
143#define WIN_DIAGNOSE 0x90
144#define WIN_SPECIFY 0x91 /* set drive geometry translation */
145#define WIN_DOWNLOAD_MICROCODE 0x92
146#define WIN_STANDBYNOW2 0x94
201a51fc 147#define CFA_IDLEIMMEDIATE 0x95 /* force drive to become "ready" */
5391d806
FB		 148#define WIN_STANDBY2 0x96
149#define WIN_SETIDLE2 0x97
150#define WIN_CHECKPOWERMODE2 0x98
151#define WIN_SLEEPNOW2 0x99
152/*
153 * 0x9A VENDOR
154 */
155#define WIN_PACKETCMD 0xA0 /* Send a packet command. */
156#define WIN_PIDENTIFY 0xA1 /* identify ATAPI device */
157#define WIN_QUEUED_SERVICE 0xA2
158#define WIN_SMART 0xB0 /* self-monitoring and reporting */
201a51fc
AZ		 159#define CFA_ACCESS_METADATA_STORAGE 0xB8
160#define CFA_ERASE_SECTORS 0xC0 /* microdrives implement as NOP */
5391d806
FB		 161#define WIN_MULTREAD 0xC4 /* read sectors using multiple mode*/
162#define WIN_MULTWRITE 0xC5 /* write sectors using multiple mode */
163#define WIN_SETMULT 0xC6 /* enable/disable multiple mode */
164#define WIN_READDMA_QUEUED 0xC7 /* read sectors using Queued DMA transfers */
165#define WIN_READDMA 0xC8 /* read sectors using DMA transfers */
166#define WIN_READDMA_ONCE 0xC9 /* 28-Bit - without retries */
167#define WIN_WRITEDMA 0xCA /* write sectors using DMA transfers */
168#define WIN_WRITEDMA_ONCE 0xCB /* 28-Bit - without retries */
169#define WIN_WRITEDMA_QUEUED 0xCC /* write sectors using Queued DMA transfers */
170#define CFA_WRITE_MULTI_WO_ERASE 0xCD /* CFA Write multiple without erase */
5fafdf24 171#define WIN_GETMEDIASTATUS 0xDA
5391d806
FB		 172#define WIN_ACKMEDIACHANGE 0xDB /* ATA-1, ATA-2 vendor */
173#define WIN_POSTBOOT 0xDC
174#define WIN_PREBOOT 0xDD
175#define WIN_DOORLOCK 0xDE /* lock door on removable drives */
176#define WIN_DOORUNLOCK 0xDF /* unlock door on removable drives */
177#define WIN_STANDBYNOW1 0xE0
178#define WIN_IDLEIMMEDIATE 0xE1 /* force drive to become "ready" */
179#define WIN_STANDBY 0xE2 /* Set device in Standby Mode */
180#define WIN_SETIDLE1 0xE3
181#define WIN_READ_BUFFER 0xE4 /* force read only 1 sector */
182#define WIN_CHECKPOWERMODE1 0xE5
183#define WIN_SLEEPNOW1 0xE6
184#define WIN_FLUSH_CACHE 0xE7
185#define WIN_WRITE_BUFFER 0xE8 /* force write only 1 sector */
186#define WIN_WRITE_SAME 0xE9 /* read ata-2 to use */
187 /* SET_FEATURES 0x22 or 0xDD */
188#define WIN_FLUSH_CACHE_EXT 0xEA /* 48-Bit */
189#define WIN_IDENTIFY 0xEC /* ask drive to identify itself */
190#define WIN_MEDIAEJECT 0xED
191#define WIN_IDENTIFY_DMA 0xEE /* same as WIN_IDENTIFY, but DMA */
192#define WIN_SETFEATURES 0xEF /* set special drive features */
193#define EXABYTE_ENABLE_NEST 0xF0
201a51fc 194#define IBM_SENSE_CONDITION 0xF0 /* measure disk temperature */
5391d806
FB		 195#define WIN_SECURITY_SET_PASS 0xF1
196#define WIN_SECURITY_UNLOCK 0xF2
197#define WIN_SECURITY_ERASE_PREPARE 0xF3
198#define WIN_SECURITY_ERASE_UNIT 0xF4
199#define WIN_SECURITY_FREEZE_LOCK 0xF5
201a51fc 200#define CFA_WEAR_LEVEL 0xF5 /* microdrives implement as NOP */
5391d806
FB		 201#define WIN_SECURITY_DISABLE 0xF6
202#define WIN_READ_NATIVE_MAX 0xF8 /* return the native maximum address */
203#define WIN_SET_MAX 0xF9
204#define DISABLE_SEAGATE 0xFB
205
206/* set to 1 set disable mult support */
f66723fa 207#define MAX_MULT_SECTORS 16
5391d806 208
1d8cde5b
AJ		 209#define IDE_DMA_BUF_SECTORS 256
210
211#if (IDE_DMA_BUF_SECTORS < MAX_MULT_SECTORS)
212#error "IDE_DMA_BUF_SECTORS must be bigger or equal to MAX_MULT_SECTORS"
213#endif
214
5391d806
FB		 215/* ATAPI defines */
216
217#define ATAPI_PACKET_SIZE 12
218
219/* The generic packet command opcodes for CD/DVD Logical Units,
220 * From Table 57 of the SFF8090 Ver. 3 (Mt. Fuji) draft standard. */
221#define GPCMD_BLANK 0xa1
222#define GPCMD_CLOSE_TRACK 0x5b
223#define GPCMD_FLUSH_CACHE 0x35
224#define GPCMD_FORMAT_UNIT 0x04
225#define GPCMD_GET_CONFIGURATION 0x46
226#define GPCMD_GET_EVENT_STATUS_NOTIFICATION 0x4a
227#define GPCMD_GET_PERFORMANCE 0xac
228#define GPCMD_INQUIRY 0x12
229#define GPCMD_LOAD_UNLOAD 0xa6
230#define GPCMD_MECHANISM_STATUS 0xbd
231#define GPCMD_MODE_SELECT_10 0x55
232#define GPCMD_MODE_SENSE_10 0x5a
233#define GPCMD_PAUSE_RESUME 0x4b
234#define GPCMD_PLAY_AUDIO_10 0x45
235#define GPCMD_PLAY_AUDIO_MSF 0x47
236#define GPCMD_PLAY_AUDIO_TI 0x48
237#define GPCMD_PLAY_CD 0xbc
238#define GPCMD_PREVENT_ALLOW_MEDIUM_REMOVAL 0x1e
239#define GPCMD_READ_10 0x28
240#define GPCMD_READ_12 0xa8
241#define GPCMD_READ_CDVD_CAPACITY 0x25
242#define GPCMD_READ_CD 0xbe
243#define GPCMD_READ_CD_MSF 0xb9
244#define GPCMD_READ_DISC_INFO 0x51
245#define GPCMD_READ_DVD_STRUCTURE 0xad
246#define GPCMD_READ_FORMAT_CAPACITIES 0x23
247#define GPCMD_READ_HEADER 0x44
248#define GPCMD_READ_TRACK_RZONE_INFO 0x52
249#define GPCMD_READ_SUBCHANNEL 0x42
250#define GPCMD_READ_TOC_PMA_ATIP 0x43
251#define GPCMD_REPAIR_RZONE_TRACK 0x58
252#define GPCMD_REPORT_KEY 0xa4
253#define GPCMD_REQUEST_SENSE 0x03
254#define GPCMD_RESERVE_RZONE_TRACK 0x53
255#define GPCMD_SCAN 0xba
256#define GPCMD_SEEK 0x2b
257#define GPCMD_SEND_DVD_STRUCTURE 0xad
258#define GPCMD_SEND_EVENT 0xa2
259#define GPCMD_SEND_KEY 0xa3
260#define GPCMD_SEND_OPC 0x54
261#define GPCMD_SET_READ_AHEAD 0xa7
262#define GPCMD_SET_STREAMING 0xb6
263#define GPCMD_START_STOP_UNIT 0x1b
264#define GPCMD_STOP_PLAY_SCAN 0x4e
265#define GPCMD_TEST_UNIT_READY 0x00
266#define GPCMD_VERIFY_10 0x2f
267#define GPCMD_WRITE_10 0x2a
268#define GPCMD_WRITE_AND_VERIFY_10 0x2e
5fafdf24 269/* This is listed as optional in ATAPI 2.6, but is (curiously)
5391d806
FB		 270 * missing from Mt. Fuji, Table 57. It _is_ mentioned in Mt. Fuji
271 * Table 377 as an MMC command for SCSi devices though... Most ATAPI
272 * drives support it. */
273#define GPCMD_SET_SPEED 0xbb
5fafdf24 274/* This seems to be a SCSI specific CD-ROM opcode
5391d806
FB		 275 * to play data at track/index */
276#define GPCMD_PLAYAUDIO_TI 0x48
277/*
278 * From MS Media Status Notification Support Specification. For
279 * older drives only.
280 */
281#define GPCMD_GET_MEDIA_STATUS 0xda
d14049ea 282#define GPCMD_MODE_SENSE_6 0x1a
5391d806
FB		 283
284/* Mode page codes for mode sense/set */
285#define GPMODE_R_W_ERROR_PAGE 0x01
286#define GPMODE_WRITE_PARMS_PAGE 0x05
287#define GPMODE_AUDIO_CTL_PAGE 0x0e
288#define GPMODE_POWER_PAGE 0x1a
289#define GPMODE_FAULT_FAIL_PAGE 0x1c
290#define GPMODE_TO_PROTECT_PAGE 0x1d
291#define GPMODE_CAPABILITIES_PAGE 0x2a
292#define GPMODE_ALL_PAGES 0x3f
293/* Not in Mt. Fuji, but in ATAPI 2.6 -- depricated now in favor
294 * of MODE_SENSE_POWER_PAGE */
295#define GPMODE_CDROM_PAGE 0x0d
296
38cdea7c
AZ		 297/*
298 * Based on values from <linux/cdrom.h> but extending CD_MINS
299 * to the maximum common size allowed by the Orange's Book ATIP
300 *
301 * 90 and 99 min CDs are also available but using them as the
302 * upper limit reduces the effectiveness of the heuristic to
303 * detect DVDs burned to less than 25% of their maximum capacity
304 */
305
306/* Some generally useful CD-ROM information */
307#define CD_MINS 80 /* max. minutes per CD */
308#define CD_SECS 60 /* seconds per minute */
309#define CD_FRAMES 75 /* frames per second */
310#define CD_FRAMESIZE 2048 /* bytes per frame, "cooked" mode */
311#define CD_MAX_BYTES (CD_MINS * CD_SECS * CD_FRAMES * CD_FRAMESIZE)
312#define CD_MAX_SECTORS (CD_MAX_BYTES / 512)
313
314/*
315 * The MMC values are not IDE specific and might need to be moved
316 * to a common header if they are also needed for the SCSI emulation
317 */
318
319/* Profile list from MMC-6 revision 1 table 91 */
320#define MMC_PROFILE_NONE 0x0000
321#define MMC_PROFILE_CD_ROM 0x0008
322#define MMC_PROFILE_CD_R 0x0009
323#define MMC_PROFILE_CD_RW 0x000A
324#define MMC_PROFILE_DVD_ROM 0x0010
325#define MMC_PROFILE_DVD_R_SR 0x0011
326#define MMC_PROFILE_DVD_RAM 0x0012
327#define MMC_PROFILE_DVD_RW_RO 0x0013
328#define MMC_PROFILE_DVD_RW_SR 0x0014
329#define MMC_PROFILE_DVD_R_DL_SR 0x0015
330#define MMC_PROFILE_DVD_R_DL_JR 0x0016
331#define MMC_PROFILE_DVD_RW_DL 0x0017
332#define MMC_PROFILE_DVD_DDR 0x0018
333#define MMC_PROFILE_DVD_PLUS_RW 0x001A
334#define MMC_PROFILE_DVD_PLUS_R 0x001B
335#define MMC_PROFILE_DVD_PLUS_RW_DL 0x002A
336#define MMC_PROFILE_DVD_PLUS_R_DL 0x002B
337#define MMC_PROFILE_BD_ROM 0x0040
338#define MMC_PROFILE_BD_R_SRM 0x0041
339#define MMC_PROFILE_BD_R_RRM 0x0042
340#define MMC_PROFILE_BD_RE 0x0043
341#define MMC_PROFILE_HDDVD_ROM 0x0050
342#define MMC_PROFILE_HDDVD_R 0x0051
343#define MMC_PROFILE_HDDVD_RAM 0x0052
344#define MMC_PROFILE_HDDVD_RW 0x0053
345#define MMC_PROFILE_HDDVD_R_DL 0x0058
346#define MMC_PROFILE_HDDVD_RW_DL 0x005A
347#define MMC_PROFILE_INVALID 0xFFFF
348
5391d806
FB		 349#define ATAPI_INT_REASON_CD 0x01 /* 0 = data transfer */
350#define ATAPI_INT_REASON_IO 0x02 /* 1 = transfer to the host */
351#define ATAPI_INT_REASON_REL 0x04
352#define ATAPI_INT_REASON_TAG 0xf8
353
354/* same constants as bochs */
7f777bf3 355#define ASC_ILLEGAL_OPCODE 0x20
5391d806
FB		 356#define ASC_LOGICAL_BLOCK_OOR 0x21
357#define ASC_INV_FIELD_IN_CMD_PACKET 0x24
9118e7f0 358#define ASC_MEDIUM_MAY_HAVE_CHANGED 0x28
8114e9e8 359#define ASC_INCOMPATIBLE_FORMAT 0x30
5391d806
FB		 360#define ASC_MEDIUM_NOT_PRESENT 0x3a
361#define ASC_SAVING_PARAMETERS_NOT_SUPPORTED 0x39
aea2a33c 362#define ASC_MEDIA_REMOVAL_PREVENTED 0x53
5391d806 363
201a51fc
AZ		 364#define CFA_NO_ERROR 0x00
365#define CFA_MISC_ERROR 0x09
366#define CFA_INVALID_COMMAND 0x20
367#define CFA_INVALID_ADDRESS 0x21
368#define CFA_ADDRESS_OVERFLOW 0x2f
369
5391d806
FB		 370#define SENSE_NONE 0
371#define SENSE_NOT_READY 2
372#define SENSE_ILLEGAL_REQUEST 5
373#define SENSE_UNIT_ATTENTION 6
374
375struct IDEState;
376
377typedef void EndTransferFunc(struct IDEState *);
378
caed8802 379/* NOTE: IDEState represents in fact one drive */
5391d806
FB		 380typedef struct IDEState {
381 /* ide config */
382 int is_cdrom;
201a51fc 383 int is_cf;
5391d806
FB		 384 int cylinders, heads, sectors;
385 int64_t nb_sectors;
386 int mult_sectors;
94458802
FB		 387 int identify_set;
388 uint16_t identify_data[256];
d537cf6c 389 qemu_irq irq;
34e538ae 390 PCIDevice *pci_dev;
98087450 391 struct BMDMAState *bmdma;
aedf5382 392 int drive_serial;
fa879c64 393 char drive_serial_str[21];
5391d806
FB		 394 /* ide regs */
395 uint8_t feature;
396 uint8_t error;
c2ff060f 397 uint32_t nsector;
5391d806
FB		 398 uint8_t sector;
399 uint8_t lcyl;
400 uint8_t hcyl;
c2ff060f
FB		 401 /* other part of tf for lba48 support */
402 uint8_t hob_feature;
403 uint8_t hob_nsector;
404 uint8_t hob_sector;
405 uint8_t hob_lcyl;
406 uint8_t hob_hcyl;
407
5391d806
FB		 408 uint8_t select;
409 uint8_t status;
c2ff060f 410
5391d806
FB		 411 /* 0x3f6 command, only meaningful for drive 0 */
412 uint8_t cmd;
c2ff060f
FB		 413 /* set for lba48 access */
414 uint8_t lba48;
5391d806 415 /* depends on bit 4 in select, only meaningful for drive 0 */
5fafdf24 416 struct IDEState *cur_drive;
5391d806
FB		 417 BlockDriverState *bs;
418 /* ATAPI specific */
419 uint8_t sense_key;
420 uint8_t asc;
93c8cfd9 421 uint8_t cdrom_changed;
5391d806
FB		 422 int packet_transfer_size;
423 int elementary_transfer_size;
424 int io_buffer_index;
425 int lba;
98087450
FB		 426 int cd_sector_size;
427 int atapi_dma; /* true if dma is requested for the packet cmd */
428 /* ATA DMA state */
429 int io_buffer_size;
1fb8648d 430 QEMUSGList sg;
98087450 431 /* PIO transfer handling */
5391d806
FB		 432 int req_nb_sectors; /* number of sectors per interrupt */
433 EndTransferFunc *end_transfer_func;
434 uint8_t *data_ptr;
435 uint8_t *data_end;
33f00271 436 uint8_t *io_buffer;
31c2a146 437 QEMUTimer *sector_write_timer; /* only used for win2k install hack */
e774a278 438 uint32_t irq_count; /* counts IRQs when using win2k install hack */
201a51fc
AZ		 439 /* CF-ATA extended error */
440 uint8_t ext_error;
441 /* CF-ATA metadata storage */
442 uint32_t mdata_size;
443 uint8_t *mdata_storage;
444 int media_changed;
e3007e66
AJ		 445 /* for pmac */
446 int is_read;
5391d806
FB		 447} IDEState;
448
8114e9e8
TS		 449/* XXX: DVDs that could fit on a CD will be reported as a CD */
450static inline int media_present(IDEState *s)
451{
452 return (s->nb_sectors > 0);
453}
454
455static inline int media_is_dvd(IDEState *s)
456{
457 return (media_present(s) && s->nb_sectors > CD_MAX_SECTORS);
458}
459
460static inline int media_is_cd(IDEState *s)
461{
462 return (media_present(s) && s->nb_sectors <= CD_MAX_SECTORS);
463}
464
98087450
FB		 465#define BM_STATUS_DMAING 0x01
466#define BM_STATUS_ERROR 0x02
467#define BM_STATUS_INT 0x04
428c5705
AL		 468#define BM_STATUS_DMA_RETRY 0x08
469#define BM_STATUS_PIO_RETRY 0x10
98087450
FB		 470
471#define BM_CMD_START 0x01
472#define BM_CMD_READ 0x08
473
5457c8ce
FB		 474#define IDE_TYPE_PIIX3 0
475#define IDE_TYPE_CMD646 1
afcc3cdf 476#define IDE_TYPE_PIIX4 2
5457c8ce
FB		 477
478/* CMD646 specific */
479#define MRDMODE 0x71
480#define MRDMODE_INTR_CH0 0x04
481#define MRDMODE_INTR_CH1 0x08
482#define MRDMODE_BLK_CH0 0x10
483#define MRDMODE_BLK_CH1 0x20
484#define UDIDETCR0 0x73
485#define UDIDETCR1 0x7B
486
98087450
FB		 487typedef struct BMDMAState {
488 uint8_t cmd;
489 uint8_t status;
490 uint32_t addr;
3b46e624 491
5457c8ce 492 struct PCIIDEState *pci_dev;
98087450 493 /* current transfer state */
8ccad811
FB		 494 uint32_t cur_addr;
495 uint32_t cur_prd_last;
496 uint32_t cur_prd_addr;
497 uint32_t cur_prd_len;
98087450 498 IDEState *ide_if;
8ccad811
FB		 499 BlockDriverCompletionFunc *dma_cb;
500 BlockDriverAIOCB *aiocb;
c87c0672
AL		 501 struct iovec iov;
502 QEMUIOVector qiov;
428c5705
AL		 503 int64_t sector_num;
504 uint32_t nsector;
213189ab 505 QEMUBH *bh;
98087450
FB		 506} BMDMAState;
507
508typedef struct PCIIDEState {
509 PCIDevice dev;
510 IDEState ide_if[4];
511 BMDMAState bmdma[2];
5457c8ce 512 int type; /* see IDE_TYPE_xxx */
98087450
FB		 513} PCIIDEState;
514
8ccad811 515static void ide_dma_start(IDEState *s, BlockDriverCompletionFunc *dma_cb);
428c5705 516static void ide_dma_restart(IDEState *s);
5f12ab4b 517static void ide_atapi_cmd_read_dma_cb(void *opaque, int ret);
98087450 518
5391d806
FB		 519static void padstr(char *str, const char *src, int len)
520{
521 int i, v;
522 for(i = 0; i < len; i++) {
523 if (*src)
524 v = *src++;
525 else
526 v = ' ';
69b34976 527 str[i^1] = v;
5391d806
FB		 528 }
529}
530
bd0d90b2
FB		 531static void padstr8(uint8_t *buf, int buf_size, const char *src)
532{
533 int i;
534 for(i = 0; i < buf_size; i++) {
535 if (*src)
536 buf[i] = *src++;
537 else
538 buf[i] = ' ';
539 }
540}
541
67b915a5
FB		 542static void put_le16(uint16_t *p, unsigned int v)
543{
0c4ad8dc 544 *p = cpu_to_le16(v);
67b915a5
FB		 545}
546
5391d806
FB		 547static void ide_identify(IDEState *s)
548{
549 uint16_t *p;
550 unsigned int oldsize;
551
94458802
FB		 552 if (s->identify_set) {
553 memcpy(s->io_buffer, s->identify_data, sizeof(s->identify_data));
554 return;
555 }
556
5391d806
FB		 557 memset(s->io_buffer, 0, 512);
558 p = (uint16_t *)s->io_buffer;
67b915a5 559 put_le16(p + 0, 0x0040);
5fafdf24 560 put_le16(p + 1, s->cylinders);
67b915a5
FB		 561 put_le16(p + 3, s->heads);
562 put_le16(p + 4, 512 * s->sectors); /* XXX: retired, remove ? */
563 put_le16(p + 5, 512); /* XXX: retired, remove ? */
5fafdf24 564 put_le16(p + 6, s->sectors);
fa879c64 565 padstr((char *)(p + 10), s->drive_serial_str, 20); /* serial number */
67b915a5
FB		 566 put_le16(p + 20, 3); /* XXX: retired, remove ? */
567 put_le16(p + 21, 512); /* cache size in sectors */
568 put_le16(p + 22, 4); /* ecc bytes */
60fe76f3
TS		 569 padstr((char *)(p + 23), QEMU_VERSION, 8); /* firmware version */
570 padstr((char *)(p + 27), "QEMU HARDDISK", 40); /* model */
3b46e624 571#if MAX_MULT_SECTORS > 1
67b915a5 572 put_le16(p + 47, 0x8000 | MAX_MULT_SECTORS);
5391d806 573#endif
67b915a5 574 put_le16(p + 48, 1); /* dword I/O */
94458802 575 put_le16(p + 49, (1 << 11) | (1 << 9) | (1 << 8)); /* DMA and LBA supported */
67b915a5
FB		 576 put_le16(p + 51, 0x200); /* PIO transfer cycle */
577 put_le16(p + 52, 0x200); /* DMA transfer cycle */
94458802 578 put_le16(p + 53, 1 | (1 << 1) | (1 << 2)); /* words 54-58,64-70,88 are valid */
67b915a5
FB		 579 put_le16(p + 54, s->cylinders);
580 put_le16(p + 55, s->heads);
581 put_le16(p + 56, s->sectors);
5391d806 582 oldsize = s->cylinders * s->heads * s->sectors;
67b915a5
FB		 583 put_le16(p + 57, oldsize);
584 put_le16(p + 58, oldsize >> 16);
5391d806 585 if (s->mult_sectors)
67b915a5
FB		 586 put_le16(p + 59, 0x100 | s->mult_sectors);
587 put_le16(p + 60, s->nb_sectors);
588 put_le16(p + 61, s->nb_sectors >> 16);
d1b5c20d 589 put_le16(p + 62, 0x07); /* single word dma0-2 supported */
94458802
FB		 590 put_le16(p + 63, 0x07); /* mdma0-2 supported */
591 put_le16(p + 65, 120);
592 put_le16(p + 66, 120);
593 put_le16(p + 67, 120);
594 put_le16(p + 68, 120);
595 put_le16(p + 80, 0xf0); /* ata3 -> ata6 supported */
596 put_le16(p + 81, 0x16); /* conforms to ata5 */
67b915a5 597 put_le16(p + 82, (1 << 14));
c2ff060f
FB		 598 /* 13=flush_cache_ext,12=flush_cache,10=lba48 */
599 put_le16(p + 83, (1 << 14) | (1 << 13) | (1 <<12) | (1 << 10));
67b915a5
FB		 600 put_le16(p + 84, (1 << 14));
601 put_le16(p + 85, (1 << 14));
c2ff060f
FB		 602 /* 13=flush_cache_ext,12=flush_cache,10=lba48 */
603 put_le16(p + 86, (1 << 14) | (1 << 13) | (1 <<12) | (1 << 10));
67b915a5 604 put_le16(p + 87, (1 << 14));
94458802
FB		 605 put_le16(p + 88, 0x3f | (1 << 13)); /* udma5 set and supported */
606 put_le16(p + 93, 1 | (1 << 14) | 0x2000);
c2ff060f
FB		 607 put_le16(p + 100, s->nb_sectors);
608 put_le16(p + 101, s->nb_sectors >> 16);
609 put_le16(p + 102, s->nb_sectors >> 32);
610 put_le16(p + 103, s->nb_sectors >> 48);
94458802
FB		 611
612 memcpy(s->identify_data, p, sizeof(s->identify_data));
613 s->identify_set = 1;
5391d806
FB		 614}
615
616static void ide_atapi_identify(IDEState *s)
617{
618 uint16_t *p;
619
94458802
FB		 620 if (s->identify_set) {
621 memcpy(s->io_buffer, s->identify_data, sizeof(s->identify_data));
622 return;
623 }
624
5391d806
FB		 625 memset(s->io_buffer, 0, 512);
626 p = (uint16_t *)s->io_buffer;
627 /* Removable CDROM, 50us response, 12 byte packets */
67b915a5 628 put_le16(p + 0, (2 << 14) | (5 << 8) | (1 << 7) | (2 << 5) | (0 << 0));
fa879c64 629 padstr((char *)(p + 10), s->drive_serial_str, 20); /* serial number */
67b915a5
FB		 630 put_le16(p + 20, 3); /* buffer type */
631 put_le16(p + 21, 512); /* cache size in sectors */
632 put_le16(p + 22, 4); /* ecc bytes */
60fe76f3 633 padstr((char *)(p + 23), QEMU_VERSION, 8); /* firmware version */
38cdea7c 634 padstr((char *)(p + 27), "QEMU DVD-ROM", 40); /* model */
67b915a5 635 put_le16(p + 48, 1); /* dword I/O (XXX: should not be set on CDROM) */
8ccad811
FB		 636#ifdef USE_DMA_CDROM
637 put_le16(p + 49, 1 << 9 | 1 << 8); /* DMA and LBA supported */
638 put_le16(p + 53, 7); /* words 64-70, 54-58, 88 valid */
d1b5c20d 639 put_le16(p + 62, 7); /* single word dma0-2 supported */
8ccad811
FB		 640 put_le16(p + 63, 7); /* mdma0-2 supported */
641 put_le16(p + 64, 0x3f); /* PIO modes supported */
642#else
67b915a5
FB		 643 put_le16(p + 49, 1 << 9); /* LBA supported, no DMA */
644 put_le16(p + 53, 3); /* words 64-70, 54-58 valid */
645 put_le16(p + 63, 0x103); /* DMA modes XXX: may be incorrect */
646 put_le16(p + 64, 1); /* PIO modes */
8ccad811 647#endif
67b915a5
FB		 648 put_le16(p + 65, 0xb4); /* minimum DMA multiword tx cycle time */
649 put_le16(p + 66, 0xb4); /* recommended DMA multiword tx cycle time */
650 put_le16(p + 67, 0x12c); /* minimum PIO cycle time without flow control */
651 put_le16(p + 68, 0xb4); /* minimum PIO cycle time with IORDY flow control */
94458802 652
67b915a5
FB		 653 put_le16(p + 71, 30); /* in ns */
654 put_le16(p + 72, 30); /* in ns */
5391d806 655
67b915a5 656 put_le16(p + 80, 0x1e); /* support up to ATA/ATAPI-4 */
8ccad811
FB		 657#ifdef USE_DMA_CDROM
658 put_le16(p + 88, 0x3f | (1 << 13)); /* udma5 set and supported */
659#endif
94458802
FB		 660 memcpy(s->identify_data, p, sizeof(s->identify_data));
661 s->identify_set = 1;
5391d806
FB		 662}
663
201a51fc
AZ		 664static void ide_cfata_identify(IDEState *s)
665{
666 uint16_t *p;
667 uint32_t cur_sec;
201a51fc
AZ		 668
669 p = (uint16_t *) s->identify_data;
670 if (s->identify_set)
671 goto fill_buffer;
672
673 memset(p, 0, sizeof(s->identify_data));
674
675 cur_sec = s->cylinders * s->heads * s->sectors;
676
677 put_le16(p + 0, 0x848a); /* CF Storage Card signature */
678 put_le16(p + 1, s->cylinders); /* Default cylinders */
679 put_le16(p + 3, s->heads); /* Default heads */
680 put_le16(p + 6, s->sectors); /* Default sectors per track */
681 put_le16(p + 7, s->nb_sectors >> 16); /* Sectors per card */
682 put_le16(p + 8, s->nb_sectors); /* Sectors per card */
fa879c64 683 padstr((char *)(p + 10), s->drive_serial_str, 20); /* serial number */
201a51fc 684 put_le16(p + 22, 0x0004); /* ECC bytes */
60fe76f3
TS		 685 padstr((char *) (p + 23), QEMU_VERSION, 8); /* Firmware Revision */
686 padstr((char *) (p + 27), "QEMU MICRODRIVE", 40);/* Model number */
201a51fc
AZ		 687#if MAX_MULT_SECTORS > 1
688 put_le16(p + 47, 0x8000 | MAX_MULT_SECTORS);
689#else
690 put_le16(p + 47, 0x0000);
691#endif
692 put_le16(p + 49, 0x0f00); /* Capabilities */
693 put_le16(p + 51, 0x0002); /* PIO cycle timing mode */
694 put_le16(p + 52, 0x0001); /* DMA cycle timing mode */
695 put_le16(p + 53, 0x0003); /* Translation params valid */
696 put_le16(p + 54, s->cylinders); /* Current cylinders */
697 put_le16(p + 55, s->heads); /* Current heads */
698 put_le16(p + 56, s->sectors); /* Current sectors */
699 put_le16(p + 57, cur_sec); /* Current capacity */
700 put_le16(p + 58, cur_sec >> 16); /* Current capacity */
701 if (s->mult_sectors) /* Multiple sector setting */
702 put_le16(p + 59, 0x100 | s->mult_sectors);
703 put_le16(p + 60, s->nb_sectors); /* Total LBA sectors */
704 put_le16(p + 61, s->nb_sectors >> 16); /* Total LBA sectors */
705 put_le16(p + 63, 0x0203); /* Multiword DMA capability */
706 put_le16(p + 64, 0x0001); /* Flow Control PIO support */
707 put_le16(p + 65, 0x0096); /* Min. Multiword DMA cycle */
708 put_le16(p + 66, 0x0096); /* Rec. Multiword DMA cycle */
709 put_le16(p + 68, 0x00b4); /* Min. PIO cycle time */
710 put_le16(p + 82, 0x400c); /* Command Set supported */
711 put_le16(p + 83, 0x7068); /* Command Set supported */
712 put_le16(p + 84, 0x4000); /* Features supported */
713 put_le16(p + 85, 0x000c); /* Command Set enabled */
714 put_le16(p + 86, 0x7044); /* Command Set enabled */
715 put_le16(p + 87, 0x4000); /* Features enabled */
716 put_le16(p + 91, 0x4060); /* Current APM level */
717 put_le16(p + 129, 0x0002); /* Current features option */
718 put_le16(p + 130, 0x0005); /* Reassigned sectors */
719 put_le16(p + 131, 0x0001); /* Initial power mode */
720 put_le16(p + 132, 0x0000); /* User signature */
721 put_le16(p + 160, 0x8100); /* Power requirement */
722 put_le16(p + 161, 0x8001); /* CF command set */
723
724 s->identify_set = 1;
725
726fill_buffer:
727 memcpy(s->io_buffer, p, sizeof(s->identify_data));
728}
729
5391d806
FB		 730static void ide_set_signature(IDEState *s)
731{
732 s->select &= 0xf0; /* clear head */
733 /* put signature */
734 s->nsector = 1;
735 s->sector = 1;
736 if (s->is_cdrom) {
737 s->lcyl = 0x14;
738 s->hcyl = 0xeb;
739 } else if (s->bs) {
740 s->lcyl = 0;
741 s->hcyl = 0;
742 } else {
743 s->lcyl = 0xff;
744 s->hcyl = 0xff;
745 }
746}
747
748static inline void ide_abort_command(IDEState *s)
749{
750 s->status = READY_STAT | ERR_STAT;
751 s->error = ABRT_ERR;
752}
753
5604e090
AZ		 754static inline void ide_dma_submit_check(IDEState *s,
755 BlockDriverCompletionFunc *dma_cb, BMDMAState *bm)
756{
757 if (bm->aiocb)
758 return;
759 dma_cb(bm, -1);
760}
761
5391d806
FB		 762static inline void ide_set_irq(IDEState *s)
763{
98ff7d30 764 BMDMAState *bm = s->bmdma;
5391d806 765 if (!(s->cmd & IDE_CMD_DISABLE_IRQ)) {
5457c8ce 766 if (bm) {
98ff7d30 767 bm->status |= BM_STATUS_INT;
5457c8ce 768 }
d537cf6c 769 qemu_irq_raise(s->irq);
5391d806
FB		 770 }
771}
772
773/* prepare data transfer and tell what to do after */
5fafdf24 774static void ide_transfer_start(IDEState *s, uint8_t *buf, int size,
5391d806
FB		 775 EndTransferFunc *end_transfer_func)
776{
777 s->end_transfer_func = end_transfer_func;
778 s->data_ptr = buf;
779 s->data_end = buf + size;
7603d156
TS		 780 if (!(s->status & ERR_STAT))
781 s->status |= DRQ_STAT;
5391d806
FB		 782}
783
784static void ide_transfer_stop(IDEState *s)
785{
786 s->end_transfer_func = ide_transfer_stop;
787 s->data_ptr = s->io_buffer;
788 s->data_end = s->io_buffer;
789 s->status &= ~DRQ_STAT;
790}
791
792static int64_t ide_get_sector(IDEState *s)
793{
794 int64_t sector_num;
795 if (s->select & 0x40) {
796 /* lba */
c2ff060f
FB		 797 if (!s->lba48) {
798 sector_num = ((s->select & 0x0f) << 24) | (s->hcyl << 16) |
799 (s->lcyl << 8) | s->sector;
800 } else {
801 sector_num = ((int64_t)s->hob_hcyl << 40) |
802 ((int64_t) s->hob_lcyl << 32) |
803 ((int64_t) s->hob_sector << 24) |
804 ((int64_t) s->hcyl << 16) |
805 ((int64_t) s->lcyl << 8) | s->sector;
806 }
5391d806
FB		 807 } else {
808 sector_num = ((s->hcyl << 8) | s->lcyl) * s->heads * s->sectors +
c2ff060f 809 (s->select & 0x0f) * s->sectors + (s->sector - 1);
5391d806
FB		 810 }
811 return sector_num;
812}
813
814static void ide_set_sector(IDEState *s, int64_t sector_num)
815{
816 unsigned int cyl, r;
817 if (s->select & 0x40) {
c2ff060f
FB		 818 if (!s->lba48) {
819 s->select = (s->select & 0xf0) | (sector_num >> 24);
820 s->hcyl = (sector_num >> 16);
821 s->lcyl = (sector_num >> 8);
822 s->sector = (sector_num);
823 } else {
824 s->sector = sector_num;
825 s->lcyl = sector_num >> 8;
826 s->hcyl = sector_num >> 16;
827 s->hob_sector = sector_num >> 24;
828 s->hob_lcyl = sector_num >> 32;
829 s->hob_hcyl = sector_num >> 40;
830 }
5391d806
FB		 831 } else {
832 cyl = sector_num / (s->heads * s->sectors);
833 r = sector_num % (s->heads * s->sectors);
834 s->hcyl = cyl >> 8;
835 s->lcyl = cyl;
1b8eb456 836 s->select = (s->select & 0xf0) | ((r / s->sectors) & 0x0f);
5391d806
FB		 837 s->sector = (r % s->sectors) + 1;
838 }
839}
840
e162cfb0
AZ		 841static void ide_rw_error(IDEState *s) {
842 ide_abort_command(s);
843 ide_set_irq(s);
844}
845
5391d806
FB		 846static void ide_sector_read(IDEState *s)
847{
848 int64_t sector_num;
849 int ret, n;
850
851 s->status = READY_STAT | SEEK_STAT;
a136e5a8 852 s->error = 0; /* not needed by IDE spec, but needed by Windows */
5391d806
FB		 853 sector_num = ide_get_sector(s);
854 n = s->nsector;
855 if (n == 0) {
856 /* no more sector to read from disk */
857 ide_transfer_stop(s);
858 } else {
859#if defined(DEBUG_IDE)
18c5f8ea 860 printf("read sector=%" PRId64 "\n", sector_num);
5391d806
FB		 861#endif
862 if (n > s->req_nb_sectors)
863 n = s->req_nb_sectors;
864 ret = bdrv_read(s->bs, sector_num, s->io_buffer, n);
e162cfb0
AZ		 865 if (ret != 0) {
866 ide_rw_error(s);
867 return;
868 }
5391d806
FB		 869 ide_transfer_start(s, s->io_buffer, 512 * n, ide_sector_read);
870 ide_set_irq(s);
871 ide_set_sector(s, sector_num + n);
872 s->nsector -= n;
873 }
874}
875
7aea4412
AL		 876
877/* return 0 if buffer completed */
878static int dma_buf_prepare(BMDMAState *bm, int is_write)
879{
880 IDEState *s = bm->ide_if;
881 struct {
882 uint32_t addr;
883 uint32_t size;
884 } prd;
885 int l, len;
7aea4412 886
1fb8648d 887 qemu_sglist_init(&s->sg, s->nsector / (TARGET_PAGE_SIZE/512) + 1);
7aea4412
AL		 888 s->io_buffer_size = 0;
889 for(;;) {
890 if (bm->cur_prd_len == 0) {
891 /* end of table (with a fail safe of one page) */
892 if (bm->cur_prd_last ||
893 (bm->cur_addr - bm->addr) >= 4096)
894 return s->io_buffer_size != 0;
895 cpu_physical_memory_read(bm->cur_addr, (uint8_t *)&prd, 8);
896 bm->cur_addr += 8;
897 prd.addr = le32_to_cpu(prd.addr);
898 prd.size = le32_to_cpu(prd.size);
899 len = prd.size & 0xfffe;
900 if (len == 0)
901 len = 0x10000;
902 bm->cur_prd_len = len;
903 bm->cur_prd_addr = prd.addr;
904 bm->cur_prd_last = (prd.size & 0x80000000);
905 }
906 l = bm->cur_prd_len;
907 if (l > 0) {
1fb8648d
AL		 908 qemu_sglist_add(&s->sg, bm->cur_prd_addr, l);
909 bm->cur_prd_addr += l;
910 bm->cur_prd_len -= l;
911 s->io_buffer_size += l;
7aea4412
AL		 912 }
913 }
914 return 1;
915}
916
917static void dma_buf_commit(IDEState *s, int is_write)
918{
1fb8648d 919 qemu_sglist_destroy(&s->sg);
7aea4412
AL		 920}
921
e162cfb0
AZ		 922static void ide_dma_error(IDEState *s)
923{
924 ide_transfer_stop(s);
925 s->error = ABRT_ERR;
926 s->status = READY_STAT | ERR_STAT;
927 ide_set_irq(s);
928}
929
428c5705
AL		 930static int ide_handle_write_error(IDEState *s, int error, int op)
931{
932 BlockInterfaceErrorAction action = drive_get_onerror(s->bs);
933
934 if (action == BLOCK_ERR_IGNORE)
935 return 0;
936
937 if ((error == ENOSPC && action == BLOCK_ERR_STOP_ENOSPC)
938 || action == BLOCK_ERR_STOP_ANY) {
939 s->bmdma->ide_if = s;
940 s->bmdma->status |= op;
941 vm_stop(0);
942 } else {
7aea4412
AL		 943 if (op == BM_STATUS_DMA_RETRY) {
944 dma_buf_commit(s, 0);
428c5705 945 ide_dma_error(s);
7aea4412 946 } else {
428c5705 947 ide_rw_error(s);
7aea4412 948 }
428c5705
AL		 949 }
950
951 return 1;
952}
953
8ccad811
FB		 954/* return 0 if buffer completed */
955static int dma_buf_rw(BMDMAState *bm, int is_write)
98087450 956{
8ccad811
FB		 957 IDEState *s = bm->ide_if;
958 struct {
959 uint32_t addr;
960 uint32_t size;
961 } prd;
962 int l, len;
98087450 963
8ccad811
FB		 964 for(;;) {
965 l = s->io_buffer_size - s->io_buffer_index;
5fafdf24 966 if (l <= 0)
8ccad811
FB		 967 break;
968 if (bm->cur_prd_len == 0) {
969 /* end of table (with a fail safe of one page) */
970 if (bm->cur_prd_last ||
971 (bm->cur_addr - bm->addr) >= 4096)
972 return 0;
973 cpu_physical_memory_read(bm->cur_addr, (uint8_t *)&prd, 8);
974 bm->cur_addr += 8;
975 prd.addr = le32_to_cpu(prd.addr);
976 prd.size = le32_to_cpu(prd.size);
977 len = prd.size & 0xfffe;
978 if (len == 0)
979 len = 0x10000;
980 bm->cur_prd_len = len;
981 bm->cur_prd_addr = prd.addr;
982 bm->cur_prd_last = (prd.size & 0x80000000);
983 }
984 if (l > bm->cur_prd_len)
985 l = bm->cur_prd_len;
986 if (l > 0) {
987 if (is_write) {
5fafdf24 988 cpu_physical_memory_write(bm->cur_prd_addr,
8ccad811
FB		 989 s->io_buffer + s->io_buffer_index, l);
990 } else {
5fafdf24 991 cpu_physical_memory_read(bm->cur_prd_addr,
8ccad811
FB		 992 s->io_buffer + s->io_buffer_index, l);
993 }
994 bm->cur_prd_addr += l;
995 bm->cur_prd_len -= l;
996 s->io_buffer_index += l;
98087450 997 }
98087450 998 }
8ccad811
FB		 999 return 1;
1000}
1001
8ccad811
FB		 1002static void ide_read_dma_cb(void *opaque, int ret)
1003{
1004 BMDMAState *bm = opaque;
1005 IDEState *s = bm->ide_if;
1006 int n;
1007 int64_t sector_num;
1008
e162cfb0 1009 if (ret < 0) {
7aea4412 1010 dma_buf_commit(s, 1);
e162cfb0
AZ		 1011 ide_dma_error(s);
1012 return;
1013 }
1014
8ccad811
FB		 1015 n = s->io_buffer_size >> 9;
1016 sector_num = ide_get_sector(s);
1017 if (n > 0) {
7aea4412 1018 dma_buf_commit(s, 1);
8ccad811
FB		 1019 sector_num += n;
1020 ide_set_sector(s, sector_num);
1021 s->nsector -= n;
8ccad811
FB		 1022 }
1023
1024 /* end of transfer ? */
1025 if (s->nsector == 0) {
98087450
FB		 1026 s->status = READY_STAT | SEEK_STAT;
1027 ide_set_irq(s);
8ccad811
FB		 1028 eot:
1029 bm->status &= ~BM_STATUS_DMAING;
1030 bm->status |= BM_STATUS_INT;
1031 bm->dma_cb = NULL;
1032 bm->ide_if = NULL;
1033 bm->aiocb = NULL;
1034 return;
98087450 1035 }
8ccad811
FB		 1036
1037 /* launch next transfer */
1038 n = s->nsector;
8ccad811
FB		 1039 s->io_buffer_index = 0;
1040 s->io_buffer_size = n * 512;
7aea4412
AL		 1041 if (dma_buf_prepare(bm, 1) == 0)
1042 goto eot;
8ccad811 1043#ifdef DEBUG_AIO
5df23f53 1044 printf("aio_read: sector_num=%" PRId64 " n=%d\n", sector_num, n);
8ccad811 1045#endif
1fb8648d 1046 bm->aiocb = dma_bdrv_read(s->bs, &s->sg, sector_num, ide_read_dma_cb, bm);
5604e090 1047 ide_dma_submit_check(s, ide_read_dma_cb, bm);
98087450
FB		 1048}
1049
1050static void ide_sector_read_dma(IDEState *s)
1051{
8ccad811 1052 s->status = READY_STAT | SEEK_STAT | DRQ_STAT | BUSY_STAT;
98087450
FB		 1053 s->io_buffer_index = 0;
1054 s->io_buffer_size = 0;
e3007e66 1055 s->is_read = 1;
98087450
FB		 1056 ide_dma_start(s, ide_read_dma_cb);
1057}
1058
a09db21f
FB		 1059static void ide_sector_write_timer_cb(void *opaque)
1060{
1061 IDEState *s = opaque;
1062 ide_set_irq(s);
1063}
1064
5391d806
FB		 1065static void ide_sector_write(IDEState *s)
1066{
1067 int64_t sector_num;
31c2a146 1068 int ret, n, n1;
5391d806
FB		 1069
1070 s->status = READY_STAT | SEEK_STAT;
1071 sector_num = ide_get_sector(s);
1072#if defined(DEBUG_IDE)
18c5f8ea 1073 printf("write sector=%" PRId64 "\n", sector_num);
5391d806
FB		 1074#endif
1075 n = s->nsector;
1076 if (n > s->req_nb_sectors)
1077 n = s->req_nb_sectors;
31c2a146 1078 ret = bdrv_write(s->bs, sector_num, s->io_buffer, n);
428c5705 1079
e162cfb0 1080 if (ret != 0) {
428c5705
AL		 1081 if (ide_handle_write_error(s, -ret, BM_STATUS_PIO_RETRY))
1082 return;
e162cfb0
AZ		 1083 }
1084
5391d806
FB		 1085 s->nsector -= n;
1086 if (s->nsector == 0) {
292eef5a 1087 /* no more sectors to write */
5391d806
FB		 1088 ide_transfer_stop(s);
1089 } else {
1090 n1 = s->nsector;
1091 if (n1 > s->req_nb_sectors)
1092 n1 = s->req_nb_sectors;
1093 ide_transfer_start(s, s->io_buffer, 512 * n1, ide_sector_write);
1094 }
1095 ide_set_sector(s, sector_num + n);
3b46e624 1096
31c2a146
TS		 1097#ifdef TARGET_I386
1098 if (win2k_install_hack && ((++s->irq_count % 16) == 0)) {
1099 /* It seems there is a bug in the Windows 2000 installer HDD
1100 IDE driver which fills the disk with empty logs when the
1101 IDE write IRQ comes too early. This hack tries to correct
1102 that at the expense of slower write performances. Use this
1103 option _only_ to install Windows 2000. You must disable it
1104 for normal use. */
1105 qemu_mod_timer(s->sector_write_timer,
1106 qemu_get_clock(vm_clock) + (ticks_per_sec / 1000));
1107 } else
1108#endif
1109 {
1110 ide_set_irq(s);
1111 }
5391d806
FB		 1112}
1113
213189ab 1114static void ide_dma_restart_bh(void *opaque)
428c5705
AL		 1115{
1116 BMDMAState *bm = opaque;
213189ab
MA		 1117
1118 qemu_bh_delete(bm->bh);
1119 bm->bh = NULL;
1120
428c5705
AL		 1121 if (bm->status & BM_STATUS_DMA_RETRY) {
1122 bm->status &= ~BM_STATUS_DMA_RETRY;
1123 ide_dma_restart(bm->ide_if);
1124 } else if (bm->status & BM_STATUS_PIO_RETRY) {
1125 bm->status &= ~BM_STATUS_PIO_RETRY;
1126 ide_sector_write(bm->ide_if);
1127 }
1128}
1129
213189ab
MA		 1130static void ide_dma_restart_cb(void *opaque, int running, int reason)
1131{
1132 BMDMAState *bm = opaque;
1133
1134 if (!running)
1135 return;
1136
1137 if (!bm->bh) {
1138 bm->bh = qemu_bh_new(ide_dma_restart_bh, bm);
1139 qemu_bh_schedule(bm->bh);
1140 }
1141}
1142
8ccad811 1143static void ide_write_dma_cb(void *opaque, int ret)
98087450 1144{
8ccad811
FB		 1145 BMDMAState *bm = opaque;
1146 IDEState *s = bm->ide_if;
1147 int n;
98087450
FB		 1148 int64_t sector_num;
1149
e162cfb0 1150 if (ret < 0) {
428c5705
AL		 1151 if (ide_handle_write_error(s, -ret, BM_STATUS_DMA_RETRY))
1152 return;
e162cfb0
AZ		 1153 }
1154
8ccad811
FB		 1155 n = s->io_buffer_size >> 9;
1156 sector_num = ide_get_sector(s);
1157 if (n > 0) {
7aea4412 1158 dma_buf_commit(s, 0);
8ccad811
FB		 1159 sector_num += n;
1160 ide_set_sector(s, sector_num);
1161 s->nsector -= n;
98087450 1162 }
98087450 1163
8ccad811
FB		 1164 /* end of transfer ? */
1165 if (s->nsector == 0) {
1166 s->status = READY_STAT | SEEK_STAT;
1167 ide_set_irq(s);
1168 eot:
1169 bm->status &= ~BM_STATUS_DMAING;
1170 bm->status |= BM_STATUS_INT;
1171 bm->dma_cb = NULL;
1172 bm->ide_if = NULL;
1173 bm->aiocb = NULL;
1174 return;
1175 }
1176
98087450 1177 n = s->nsector;
98087450 1178 s->io_buffer_size = n * 512;
7aea4412
AL		 1179 /* launch next transfer */
1180 if (dma_buf_prepare(bm, 0) == 0)
8ccad811
FB		 1181 goto eot;
1182#ifdef DEBUG_AIO
5df23f53 1183 printf("aio_write: sector_num=%" PRId64 " n=%d\n", sector_num, n);
8ccad811 1184#endif
1fb8648d 1185 bm->aiocb = dma_bdrv_write(s->bs, &s->sg, sector_num, ide_write_dma_cb, bm);
5604e090 1186 ide_dma_submit_check(s, ide_write_dma_cb, bm);
8ccad811
FB		 1187}
1188
1189static void ide_sector_write_dma(IDEState *s)
1190{
1191 s->status = READY_STAT | SEEK_STAT | DRQ_STAT | BUSY_STAT;
1192 s->io_buffer_index = 0;
1193 s->io_buffer_size = 0;
e3007e66 1194 s->is_read = 0;
98087450
FB		 1195 ide_dma_start(s, ide_write_dma_cb);
1196}
1197
5391d806
FB		 1198static void ide_atapi_cmd_ok(IDEState *s)
1199{
1200 s->error = 0;
41a2b959 1201 s->status = READY_STAT | SEEK_STAT;
5391d806
FB		 1202 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
1203 ide_set_irq(s);
1204}
1205
1206static void ide_atapi_cmd_error(IDEState *s, int sense_key, int asc)
1207{
1208#ifdef DEBUG_IDE_ATAPI
1209 printf("atapi_cmd_error: sense=0x%x asc=0x%x\n", sense_key, asc);
1210#endif
1211 s->error = sense_key << 4;
1212 s->status = READY_STAT | ERR_STAT;
1213 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
1214 s->sense_key = sense_key;
1215 s->asc = asc;
1216 ide_set_irq(s);
1217}
1218
9118e7f0
AL		 1219static void ide_atapi_cmd_check_status(IDEState *s)
1220{
1221#ifdef DEBUG_IDE_ATAPI
1222 printf("atapi_cmd_check_status\n");
1223#endif
1224 s->error = MC_ERR | (SENSE_UNIT_ATTENTION << 4);
1225 s->status = ERR_STAT;
1226 s->nsector = 0;
1227 ide_set_irq(s);
1228}
1229
5391d806
FB		 1230static inline void cpu_to_ube16(uint8_t *buf, int val)
1231{
1232 buf[0] = val >> 8;
9e622b15 1233 buf[1] = val & 0xff;
5391d806
FB		 1234}
1235
1236static inline void cpu_to_ube32(uint8_t *buf, unsigned int val)
1237{
1238 buf[0] = val >> 24;
1239 buf[1] = val >> 16;
1240 buf[2] = val >> 8;
9e622b15 1241 buf[3] = val & 0xff;
5391d806
FB		 1242}
1243
1244static inline int ube16_to_cpu(const uint8_t *buf)
1245{
1246 return (buf[0] << 8) | buf[1];
1247}
1248
1249static inline int ube32_to_cpu(const uint8_t *buf)
1250{
1251 return (buf[0] << 24) | (buf[1] << 16) | (buf[2] << 8) | buf[3];
1252}
1253
98087450
FB		 1254static void lba_to_msf(uint8_t *buf, int lba)
1255{
1256 lba += 150;
1257 buf[0] = (lba / 75) / 60;
1258 buf[1] = (lba / 75) % 60;
1259 buf[2] = lba % 75;
1260}
1261
8ccad811
FB		 1262static void cd_data_to_raw(uint8_t *buf, int lba)
1263{
1264 /* sync bytes */
1265 buf[0] = 0x00;
1266 memset(buf + 1, 0xff, 10);
1267 buf[11] = 0x00;
1268 buf += 12;
1269 /* MSF */
1270 lba_to_msf(buf, lba);
1271 buf[3] = 0x01; /* mode 1 data */
1272 buf += 4;
1273 /* data */
1274 buf += 2048;
1275 /* XXX: ECC not computed */
1276 memset(buf, 0, 288);
1277}
1278
5fafdf24 1279static int cd_read_sector(BlockDriverState *bs, int lba, uint8_t *buf,
98087450
FB		 1280 int sector_size)
1281{
66c6ef76
FB		 1282 int ret;
1283
98087450
FB		 1284 switch(sector_size) {
1285 case 2048:
66c6ef76 1286 ret = bdrv_read(bs, (int64_t)lba << 2, buf, 4);
98087450
FB		 1287 break;
1288 case 2352:
66c6ef76
FB		 1289 ret = bdrv_read(bs, (int64_t)lba << 2, buf + 16, 4);
1290 if (ret < 0)
1291 return ret;
8ccad811 1292 cd_data_to_raw(buf, lba);
98087450
FB		 1293 break;
1294 default:
66c6ef76 1295 ret = -EIO;
98087450
FB		 1296 break;
1297 }
66c6ef76
FB		 1298 return ret;
1299}
1300
1301static void ide_atapi_io_error(IDEState *s, int ret)
1302{
1303 /* XXX: handle more errors */
1304 if (ret == -ENOMEDIUM) {
5fafdf24 1305 ide_atapi_cmd_error(s, SENSE_NOT_READY,
66c6ef76
FB		 1306 ASC_MEDIUM_NOT_PRESENT);
1307 } else {
5fafdf24 1308 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
66c6ef76
FB		 1309 ASC_LOGICAL_BLOCK_OOR);
1310 }
98087450
FB		 1311}
1312
5391d806
FB		 1313/* The whole ATAPI transfer logic is handled in this function */
1314static void ide_atapi_cmd_reply_end(IDEState *s)
1315{
66c6ef76 1316 int byte_count_limit, size, ret;
5391d806 1317#ifdef DEBUG_IDE_ATAPI
5fafdf24 1318 printf("reply: tx_size=%d elem_tx_size=%d index=%d\n",
5391d806
FB		 1319 s->packet_transfer_size,
1320 s->elementary_transfer_size,
1321 s->io_buffer_index);
1322#endif
1323 if (s->packet_transfer_size <= 0) {
1324 /* end of transfer */
1325 ide_transfer_stop(s);
41a2b959 1326 s->status = READY_STAT | SEEK_STAT;
5391d806
FB		 1327 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
1328 ide_set_irq(s);
1329#ifdef DEBUG_IDE_ATAPI
1330 printf("status=0x%x\n", s->status);
1331#endif
1332 } else {
1333 /* see if a new sector must be read */
98087450 1334 if (s->lba != -1 && s->io_buffer_index >= s->cd_sector_size) {
66c6ef76
FB		 1335 ret = cd_read_sector(s->bs, s->lba, s->io_buffer, s->cd_sector_size);
1336 if (ret < 0) {
1337 ide_transfer_stop(s);
1338 ide_atapi_io_error(s, ret);
1339 return;
1340 }
5391d806
FB		 1341 s->lba++;
1342 s->io_buffer_index = 0;
1343 }
1344 if (s->elementary_transfer_size > 0) {
1345 /* there are some data left to transmit in this elementary
1346 transfer */
98087450 1347 size = s->cd_sector_size - s->io_buffer_index;
5391d806
FB		 1348 if (size > s->elementary_transfer_size)
1349 size = s->elementary_transfer_size;
5fafdf24 1350 ide_transfer_start(s, s->io_buffer + s->io_buffer_index,
5391d806
FB		 1351 size, ide_atapi_cmd_reply_end);
1352 s->packet_transfer_size -= size;
1353 s->elementary_transfer_size -= size;
1354 s->io_buffer_index += size;
1355 } else {
1356 /* a new transfer is needed */
1357 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO;
1358 byte_count_limit = s->lcyl | (s->hcyl << 8);
1359#ifdef DEBUG_IDE_ATAPI
1360 printf("byte_count_limit=%d\n", byte_count_limit);
1361#endif
1362 if (byte_count_limit == 0xffff)
1363 byte_count_limit--;
1364 size = s->packet_transfer_size;
1365 if (size > byte_count_limit) {
1366 /* byte count limit must be even if this case */
1367 if (byte_count_limit & 1)
1368 byte_count_limit--;
1369 size = byte_count_limit;
5391d806 1370 }
a136e5a8
FB		 1371 s->lcyl = size;
1372 s->hcyl = size >> 8;
5391d806
FB		 1373 s->elementary_transfer_size = size;
1374 /* we cannot transmit more than one sector at a time */
1375 if (s->lba != -1) {
98087450
FB		 1376 if (size > (s->cd_sector_size - s->io_buffer_index))
1377 size = (s->cd_sector_size - s->io_buffer_index);
5391d806 1378 }
5fafdf24 1379 ide_transfer_start(s, s->io_buffer + s->io_buffer_index,
5391d806
FB		 1380 size, ide_atapi_cmd_reply_end);
1381 s->packet_transfer_size -= size;
1382 s->elementary_transfer_size -= size;
1383 s->io_buffer_index += size;
1384 ide_set_irq(s);
1385#ifdef DEBUG_IDE_ATAPI
1386 printf("status=0x%x\n", s->status);
1387#endif
1388 }
1389 }
1390}
1391
1392/* send a reply of 'size' bytes in s->io_buffer to an ATAPI command */
1393static void ide_atapi_cmd_reply(IDEState *s, int size, int max_size)
1394{
1395 if (size > max_size)
1396 size = max_size;
1397 s->lba = -1; /* no sector read */
1398 s->packet_transfer_size = size;
5f12ab4b 1399 s->io_buffer_size = size; /* dma: send the reply data as one chunk */
5391d806
FB		 1400 s->elementary_transfer_size = 0;
1401 s->io_buffer_index = 0;
1402
5f12ab4b 1403 if (s->atapi_dma) {
41a2b959 1404 s->status = READY_STAT | SEEK_STAT | DRQ_STAT;
5f12ab4b
TS		 1405 ide_dma_start(s, ide_atapi_cmd_read_dma_cb);
1406 } else {
41a2b959 1407 s->status = READY_STAT | SEEK_STAT;
5f12ab4b
TS		 1408 ide_atapi_cmd_reply_end(s);
1409 }
5391d806
FB		 1410}
1411
1412/* start a CD-CDROM read command */
98087450
FB		 1413static void ide_atapi_cmd_read_pio(IDEState *s, int lba, int nb_sectors,
1414 int sector_size)
5391d806 1415{
5391d806 1416 s->lba = lba;
98087450 1417 s->packet_transfer_size = nb_sectors * sector_size;
5391d806 1418 s->elementary_transfer_size = 0;
98087450
FB		 1419 s->io_buffer_index = sector_size;
1420 s->cd_sector_size = sector_size;
5391d806 1421
41a2b959 1422 s->status = READY_STAT | SEEK_STAT;
5391d806
FB		 1423 ide_atapi_cmd_reply_end(s);
1424}
1425
98087450 1426/* ATAPI DMA support */
8ccad811
FB		 1427
1428/* XXX: handle read errors */
1429static void ide_atapi_cmd_read_dma_cb(void *opaque, int ret)
98087450 1430{
8ccad811
FB		 1431 BMDMAState *bm = opaque;
1432 IDEState *s = bm->ide_if;
1433 int data_offset, n;
1434
66c6ef76
FB		 1435 if (ret < 0) {
1436 ide_atapi_io_error(s, ret);
1437 goto eot;
1438 }
1439
8ccad811 1440 if (s->io_buffer_size > 0) {
5f12ab4b
TS		 1441 /*
1442 * For a cdrom read sector command (s->lba != -1),
1443 * adjust the lba for the next s->io_buffer_size chunk
1444 * and dma the current chunk.
1445 * For a command != read (s->lba == -1), just transfer
1446 * the reply data.
1447 */
1448 if (s->lba != -1) {
1449 if (s->cd_sector_size == 2352) {
1450 n = 1;
1451 cd_data_to_raw(s->io_buffer, s->lba);
1452 } else {
1453 n = s->io_buffer_size >> 11;
1454 }
1455 s->lba += n;
1456 }
8ccad811 1457 s->packet_transfer_size -= s->io_buffer_size;
8ccad811
FB		 1458 if (dma_buf_rw(bm, 1) == 0)
1459 goto eot;
98087450 1460 }
8ccad811 1461
98087450 1462 if (s->packet_transfer_size <= 0) {
41a2b959 1463 s->status = READY_STAT | SEEK_STAT;
98087450
FB		 1464 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
1465 ide_set_irq(s);
8ccad811
FB		 1466 eot:
1467 bm->status &= ~BM_STATUS_DMAING;
1468 bm->status |= BM_STATUS_INT;
1469 bm->dma_cb = NULL;
1470 bm->ide_if = NULL;
1471 bm->aiocb = NULL;
1472 return;
1473 }
3b46e624 1474
8ccad811
FB		 1475 s->io_buffer_index = 0;
1476 if (s->cd_sector_size == 2352) {
1477 n = 1;
1478 s->io_buffer_size = s->cd_sector_size;
1479 data_offset = 16;
1480 } else {
1481 n = s->packet_transfer_size >> 11;
1d8cde5b
AJ		 1482 if (n > (IDE_DMA_BUF_SECTORS / 4))
1483 n = (IDE_DMA_BUF_SECTORS / 4);
8ccad811
FB		 1484 s->io_buffer_size = n * 2048;
1485 data_offset = 0;
98087450 1486 }
8ccad811
FB		 1487#ifdef DEBUG_AIO
1488 printf("aio_read_cd: lba=%u n=%d\n", s->lba, n);
1489#endif
3f4cb3d3 1490 bm->iov.iov_base = (void *)(s->io_buffer + data_offset);
c87c0672
AL		 1491 bm->iov.iov_len = n * 4 * 512;
1492 qemu_iovec_init_external(&bm->qiov, &bm->iov, 1);
1493 bm->aiocb = bdrv_aio_readv(s->bs, (int64_t)s->lba << 2, &bm->qiov,
1494 n * 4, ide_atapi_cmd_read_dma_cb, bm);
66c6ef76
FB		 1495 if (!bm->aiocb) {
1496 /* Note: media not present is the most likely case */
5fafdf24 1497 ide_atapi_cmd_error(s, SENSE_NOT_READY,
66c6ef76
FB		 1498 ASC_MEDIUM_NOT_PRESENT);
1499 goto eot;
1500 }
98087450
FB		 1501}
1502
1503/* start a CD-CDROM read command with DMA */
1504/* XXX: test if DMA is available */
1505static void ide_atapi_cmd_read_dma(IDEState *s, int lba, int nb_sectors,
1506 int sector_size)
1507{
1508 s->lba = lba;
1509 s->packet_transfer_size = nb_sectors * sector_size;
8ccad811
FB		 1510 s->io_buffer_index = 0;
1511 s->io_buffer_size = 0;
98087450
FB		 1512 s->cd_sector_size = sector_size;
1513
8ccad811 1514 /* XXX: check if BUSY_STAT should be set */
41a2b959 1515 s->status = READY_STAT | SEEK_STAT | DRQ_STAT | BUSY_STAT;
98087450
FB		 1516 ide_dma_start(s, ide_atapi_cmd_read_dma_cb);
1517}
1518
5fafdf24 1519static void ide_atapi_cmd_read(IDEState *s, int lba, int nb_sectors,
98087450
FB		 1520 int sector_size)
1521{
1522#ifdef DEBUG_IDE_ATAPI
5f12ab4b
TS		 1523 printf("read %s: LBA=%d nb_sectors=%d\n", s->atapi_dma ? "dma" : "pio",
1524 lba, nb_sectors);
98087450
FB		 1525#endif
1526 if (s->atapi_dma) {
1527 ide_atapi_cmd_read_dma(s, lba, nb_sectors, sector_size);
1528 } else {
1529 ide_atapi_cmd_read_pio(s, lba, nb_sectors, sector_size);
1530 }
1531}
1532
38cdea7c
AZ		 1533static inline uint8_t ide_atapi_set_profile(uint8_t *buf, uint8_t *index,
1534 uint16_t profile)
1535{
1536 uint8_t *buf_profile = buf + 12; /* start of profiles */
1537
1538 buf_profile += ((*index) * 4); /* start of indexed profile */
1539 cpu_to_ube16 (buf_profile, profile);
1540 buf_profile[2] = ((buf_profile[0] == buf[6]) && (buf_profile[1] == buf[7]));
1541
1542 /* each profile adds 4 bytes to the response */
1543 (*index)++;
1544 buf[11] += 4; /* Additional Length */
1545
1546 return 4;
1547}
1548
8114e9e8
TS		 1549static int ide_dvd_read_structure(IDEState *s, int format,
1550 const uint8_t *packet, uint8_t *buf)
1551{
1552 switch (format) {
1553 case 0x0: /* Physical format information */
1554 {
1555 int layer = packet[6];
1556 uint64_t total_sectors;
1557
1558 if (layer != 0)
1559 return -ASC_INV_FIELD_IN_CMD_PACKET;
1560
1561 bdrv_get_geometry(s->bs, &total_sectors);
1562 total_sectors >>= 2;
1563 if (total_sectors == 0)
1564 return -ASC_MEDIUM_NOT_PRESENT;
1565
1566 buf[4] = 1; /* DVD-ROM, part version 1 */
1567 buf[5] = 0xf; /* 120mm disc, minimum rate unspecified */
1568 buf[6] = 1; /* one layer, read-only (per MMC-2 spec) */
1569 buf[7] = 0; /* default densities */
1570
1571 /* FIXME: 0x30000 per spec? */
1572 cpu_to_ube32(buf + 8, 0); /* start sector */
1573 cpu_to_ube32(buf + 12, total_sectors - 1); /* end sector */
1574 cpu_to_ube32(buf + 16, total_sectors - 1); /* l0 end sector */
1575
1576 /* Size of buffer, not including 2 byte size field */
1577 cpu_to_be16wu((uint16_t *)buf, 2048 + 2);
1578
1579 /* 2k data + 4 byte header */
1580 return (2048 + 4);
1581 }
1582
1583 case 0x01: /* DVD copyright information */
1584 buf[4] = 0; /* no copyright data */
1585 buf[5] = 0; /* no region restrictions */
1586
1587 /* Size of buffer, not including 2 byte size field */
1588 cpu_to_be16wu((uint16_t *)buf, 4 + 2);
1589
1590 /* 4 byte header + 4 byte data */
1591 return (4 + 4);
1592
1593 case 0x03: /* BCA information - invalid field for no BCA info */
1594 return -ASC_INV_FIELD_IN_CMD_PACKET;
1595
1596 case 0x04: /* DVD disc manufacturing information */
1597 /* Size of buffer, not including 2 byte size field */
1598 cpu_to_be16wu((uint16_t *)buf, 2048 + 2);
1599
1600 /* 2k data + 4 byte header */
1601 return (2048 + 4);
1602
1603 case 0xff:
1604 /*
1605 * This lists all the command capabilities above. Add new ones
1606 * in order and update the length and buffer return values.
1607 */
1608
1609 buf[4] = 0x00; /* Physical format */
1610 buf[5] = 0x40; /* Not writable, is readable */
1611 cpu_to_be16wu((uint16_t *)(buf + 6), 2048 + 4);
1612
1613 buf[8] = 0x01; /* Copyright info */
1614 buf[9] = 0x40; /* Not writable, is readable */
1615 cpu_to_be16wu((uint16_t *)(buf + 10), 4 + 4);
1616
1617 buf[12] = 0x03; /* BCA info */
1618 buf[13] = 0x40; /* Not writable, is readable */
1619 cpu_to_be16wu((uint16_t *)(buf + 14), 188 + 4);
1620
1621 buf[16] = 0x04; /* Manufacturing info */
1622 buf[17] = 0x40; /* Not writable, is readable */
1623 cpu_to_be16wu((uint16_t *)(buf + 18), 2048 + 4);
1624
1625 /* Size of buffer, not including 2 byte size field */
1626 cpu_to_be16wu((uint16_t *)buf, 16 + 2);
1627
1628 /* data written + 4 byte header */
1629 return (16 + 4);
1630
1631 default: /* TODO: formats beyond DVD-ROM requires */
1632 return -ASC_INV_FIELD_IN_CMD_PACKET;
1633 }
1634}
1635
5391d806
FB		 1636static void ide_atapi_cmd(IDEState *s)
1637{
1638 const uint8_t *packet;
1639 uint8_t *buf;
1640 int max_len;
1641
1642 packet = s->io_buffer;
1643 buf = s->io_buffer;
1644#ifdef DEBUG_IDE_ATAPI
1645 {
1646 int i;
1647 printf("ATAPI limit=0x%x packet:", s->lcyl | (s->hcyl << 8));
1648 for(i = 0; i < ATAPI_PACKET_SIZE; i++) {
1649 printf(" %02x", packet[i]);
1650 }
1651 printf("\n");
1652 }
1653#endif
9118e7f0
AL		 1654 /* If there's a UNIT_ATTENTION condition pending, only
1655 REQUEST_SENSE and INQUIRY commands are allowed to complete. */
1656 if (s->sense_key == SENSE_UNIT_ATTENTION &&
1657 s->io_buffer[0] != GPCMD_REQUEST_SENSE &&
1658 s->io_buffer[0] != GPCMD_INQUIRY) {
1659 ide_atapi_cmd_check_status(s);
1660 return;
1661 }
5391d806
FB		 1662 switch(s->io_buffer[0]) {
1663 case GPCMD_TEST_UNIT_READY:
93c8cfd9 1664 if (bdrv_is_inserted(s->bs) && !s->cdrom_changed) {
5391d806
FB		 1665 ide_atapi_cmd_ok(s);
1666 } else {
93c8cfd9 1667 s->cdrom_changed = 0;
5fafdf24 1668 ide_atapi_cmd_error(s, SENSE_NOT_READY,
5391d806
FB		 1669 ASC_MEDIUM_NOT_PRESENT);
1670 }
1671 break;
d14049ea 1672 case GPCMD_MODE_SENSE_6:
5391d806
FB		 1673 case GPCMD_MODE_SENSE_10:
1674 {
1675 int action, code;
d14049ea
TS		 1676 if (packet[0] == GPCMD_MODE_SENSE_10)
1677 max_len = ube16_to_cpu(packet + 7);
1678 else
1679 max_len = packet[4];
5391d806
FB		 1680 action = packet[2] >> 6;
1681 code = packet[2] & 0x3f;
1682 switch(action) {
1683 case 0: /* current values */
1684 switch(code) {
1685 case 0x01: /* error recovery */
1686 cpu_to_ube16(&buf[0], 16 + 6);
1687 buf[2] = 0x70;
1688 buf[3] = 0;
1689 buf[4] = 0;
1690 buf[5] = 0;
1691 buf[6] = 0;
1692 buf[7] = 0;
1693
1694 buf[8] = 0x01;
1695 buf[9] = 0x06;
1696 buf[10] = 0x00;
1697 buf[11] = 0x05;
1698 buf[12] = 0x00;
1699 buf[13] = 0x00;
1700 buf[14] = 0x00;
1701 buf[15] = 0x00;
1702 ide_atapi_cmd_reply(s, 16, max_len);
1703 break;
1704 case 0x2a:
1705 cpu_to_ube16(&buf[0], 28 + 6);
1706 buf[2] = 0x70;
1707 buf[3] = 0;
1708 buf[4] = 0;
1709 buf[5] = 0;
1710 buf[6] = 0;
1711 buf[7] = 0;
1712
1713 buf[8] = 0x2a;
1714 buf[9] = 0x12;
0d4a05a1 1715 buf[10] = 0x00;
5391d806 1716 buf[11] = 0x00;
3b46e624 1717
d5b4eb40
AL		 1718 /* Claim PLAY_AUDIO capability (0x01) since some Linux
1719 code checks for this to automount media. */
1720 buf[12] = 0x71;
5391d806
FB		 1721 buf[13] = 3 << 5;
1722 buf[14] = (1 << 0) | (1 << 3) | (1 << 5);
caed8802 1723 if (bdrv_is_locked(s->bs))
5391d806
FB		 1724 buf[6] |= 1 << 1;
1725 buf[15] = 0x00;
1726 cpu_to_ube16(&buf[16], 706);
1727 buf[18] = 0;
1728 buf[19] = 2;
1729 cpu_to_ube16(&buf[20], 512);
1730 cpu_to_ube16(&buf[22], 706);
1731 buf[24] = 0;
1732 buf[25] = 0;
1733 buf[26] = 0;
1734 buf[27] = 0;
1735 ide_atapi_cmd_reply(s, 28, max_len);
1736 break;
1737 default:
1738 goto error_cmd;
1739 }
1740 break;
1741 case 1: /* changeable values */
1742 goto error_cmd;
1743 case 2: /* default values */
1744 goto error_cmd;
1745 default:
1746 case 3: /* saved values */
5fafdf24 1747 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
5391d806
FB		 1748 ASC_SAVING_PARAMETERS_NOT_SUPPORTED);
1749 break;
1750 }
1751 }
1752 break;
1753 case GPCMD_REQUEST_SENSE:
1754 max_len = packet[4];
1755 memset(buf, 0, 18);
1756 buf[0] = 0x70 | (1 << 7);
1757 buf[2] = s->sense_key;
1758 buf[7] = 10;
1759 buf[12] = s->asc;
9118e7f0
AL		 1760 if (s->sense_key == SENSE_UNIT_ATTENTION)
1761 s->sense_key = SENSE_NONE;
5391d806
FB		 1762 ide_atapi_cmd_reply(s, 18, max_len);
1763 break;
1764 case GPCMD_PREVENT_ALLOW_MEDIUM_REMOVAL:
caed8802
FB		 1765 if (bdrv_is_inserted(s->bs)) {
1766 bdrv_set_locked(s->bs, packet[4] & 1);
5391d806
FB		 1767 ide_atapi_cmd_ok(s);
1768 } else {
5fafdf24 1769 ide_atapi_cmd_error(s, SENSE_NOT_READY,
5391d806
FB		 1770 ASC_MEDIUM_NOT_PRESENT);
1771 }
1772 break;
1773 case GPCMD_READ_10:
1774 case GPCMD_READ_12:
1775 {
1776 int nb_sectors, lba;
1777
5391d806
FB		 1778 if (packet[0] == GPCMD_READ_10)
1779 nb_sectors = ube16_to_cpu(packet + 7);
1780 else
1781 nb_sectors = ube32_to_cpu(packet + 6);
1782 lba = ube32_to_cpu(packet + 2);
1783 if (nb_sectors == 0) {
1784 ide_atapi_cmd_ok(s);
1785 break;
1786 }
98087450
FB		 1787 ide_atapi_cmd_read(s, lba, nb_sectors, 2048);
1788 }
1789 break;
1790 case GPCMD_READ_CD:
1791 {
1792 int nb_sectors, lba, transfer_request;
1793
98087450
FB		 1794 nb_sectors = (packet[6] << 16) | (packet[7] << 8) | packet[8];
1795 lba = ube32_to_cpu(packet + 2);
1796 if (nb_sectors == 0) {
1797 ide_atapi_cmd_ok(s);
1798 break;
1799 }
98087450
FB		 1800 transfer_request = packet[9];
1801 switch(transfer_request & 0xf8) {
1802 case 0x00:
1803 /* nothing */
1804 ide_atapi_cmd_ok(s);
1805 break;
1806 case 0x10:
1807 /* normal read */
1808 ide_atapi_cmd_read(s, lba, nb_sectors, 2048);
1809 break;
1810 case 0xf8:
1811 /* read all data */
1812 ide_atapi_cmd_read(s, lba, nb_sectors, 2352);
1813 break;
1814 default:
5fafdf24 1815 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
98087450
FB		 1816 ASC_INV_FIELD_IN_CMD_PACKET);
1817 break;
1818 }
5391d806
FB		 1819 }
1820 break;
1821 case GPCMD_SEEK:
1822 {
96b8f136
TS		 1823 unsigned int lba;
1824 uint64_t total_sectors;
66c6ef76
FB		 1825
1826 bdrv_get_geometry(s->bs, &total_sectors);
1827 total_sectors >>= 2;
96b8f136 1828 if (total_sectors == 0) {
5fafdf24 1829 ide_atapi_cmd_error(s, SENSE_NOT_READY,
5391d806
FB		 1830 ASC_MEDIUM_NOT_PRESENT);
1831 break;
1832 }
1833 lba = ube32_to_cpu(packet + 2);
66c6ef76 1834 if (lba >= total_sectors) {
5fafdf24 1835 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
5391d806
FB		 1836 ASC_LOGICAL_BLOCK_OOR);
1837 break;
1838 }
1839 ide_atapi_cmd_ok(s);
1840 }
1841 break;
1842 case GPCMD_START_STOP_UNIT:
1843 {
aea2a33c 1844 int start, eject, err = 0;
5391d806
FB		 1845 start = packet[4] & 1;
1846 eject = (packet[4] >> 1) & 1;
3b46e624 1847
aea2a33c
MM		 1848 if (eject) {
1849 err = bdrv_eject(s->bs, !start);
1850 }
1851
1852 switch (err) {
1853 case 0:
1854 ide_atapi_cmd_ok(s);
1855 break;
1856 case -EBUSY:
1857 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1858 ASC_MEDIA_REMOVAL_PREVENTED);
1859 break;
1860 default:
1861 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1862 ASC_MEDIUM_NOT_PRESENT);
1863 break;
caed8802 1864 }
5391d806
FB		 1865 }
1866 break;
1867 case GPCMD_MECHANISM_STATUS:
1868 {
1869 max_len = ube16_to_cpu(packet + 8);
1870 cpu_to_ube16(buf, 0);
1871 /* no current LBA */
1872 buf[2] = 0;
1873 buf[3] = 0;
1874 buf[4] = 0;
1875 buf[5] = 1;
1876 cpu_to_ube16(buf + 6, 0);
1877 ide_atapi_cmd_reply(s, 8, max_len);
1878 }
1879 break;
1880 case GPCMD_READ_TOC_PMA_ATIP:
1881 {
1882 int format, msf, start_track, len;
96b8f136 1883 uint64_t total_sectors;
5391d806 1884
66c6ef76
FB		 1885 bdrv_get_geometry(s->bs, &total_sectors);
1886 total_sectors >>= 2;
96b8f136 1887 if (total_sectors == 0) {
5fafdf24 1888 ide_atapi_cmd_error(s, SENSE_NOT_READY,
5391d806
FB		 1889 ASC_MEDIUM_NOT_PRESENT);
1890 break;
1891 }
1892 max_len = ube16_to_cpu(packet + 7);
1893 format = packet[9] >> 6;
1894 msf = (packet[1] >> 1) & 1;
1895 start_track = packet[6];
1896 switch(format) {
1897 case 0:
66c6ef76 1898 len = cdrom_read_toc(total_sectors, buf, msf, start_track);
5391d806
FB		 1899 if (len < 0)
1900 goto error_cmd;
1901 ide_atapi_cmd_reply(s, len, max_len);
1902 break;
1903 case 1:
1904 /* multi session : only a single session defined */
1905 memset(buf, 0, 12);
1906 buf[1] = 0x0a;
1907 buf[2] = 0x01;
1908 buf[3] = 0x01;
1909 ide_atapi_cmd_reply(s, 12, max_len);
1910 break;
98087450 1911 case 2:
66c6ef76 1912 len = cdrom_read_toc_raw(total_sectors, buf, msf, start_track);
98087450
FB		 1913 if (len < 0)
1914 goto error_cmd;
1915 ide_atapi_cmd_reply(s, len, max_len);
1916 break;
5391d806 1917 default:
7f777bf3 1918 error_cmd:
5fafdf24 1919 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
7f777bf3
FB		 1920 ASC_INV_FIELD_IN_CMD_PACKET);
1921 break;
5391d806
FB		 1922 }
1923 }
1924 break;
1925 case GPCMD_READ_CDVD_CAPACITY:
66c6ef76 1926 {
96b8f136 1927 uint64_t total_sectors;
66c6ef76
FB		 1928
1929 bdrv_get_geometry(s->bs, &total_sectors);
1930 total_sectors >>= 2;
96b8f136 1931 if (total_sectors == 0) {
5fafdf24 1932 ide_atapi_cmd_error(s, SENSE_NOT_READY,
66c6ef76
FB		 1933 ASC_MEDIUM_NOT_PRESENT);
1934 break;
1935 }
1936 /* NOTE: it is really the number of sectors minus 1 */
1937 cpu_to_ube32(buf, total_sectors - 1);
1938 cpu_to_ube32(buf + 4, 2048);
1939 ide_atapi_cmd_reply(s, 8, 8);
5391d806 1940 }
5391d806 1941 break;
d14049ea
TS		 1942 case GPCMD_READ_DVD_STRUCTURE:
1943 {
1944 int media = packet[1];
8114e9e8
TS		 1945 int format = packet[7];
1946 int ret;
d14049ea 1947
8114e9e8 1948 max_len = ube16_to_cpu(packet + 8);
d14049ea 1949
8114e9e8
TS		 1950 if (format < 0xff) {
1951 if (media_is_cd(s)) {
1952 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1953 ASC_INCOMPATIBLE_FORMAT);
1954 break;
1955 } else if (!media_present(s)) {
1956 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1957 ASC_INV_FIELD_IN_CMD_PACKET);
1958 break;
1959 }
1960 }
d14049ea 1961
8114e9e8
TS		 1962 memset(buf, 0, max_len > IDE_DMA_BUF_SECTORS * 512 + 4 ?
1963 IDE_DMA_BUF_SECTORS * 512 + 4 : max_len);
d14049ea 1964
8114e9e8
TS		 1965 switch (format) {
1966 case 0x00 ... 0x7f:
1967 case 0xff:
1968 if (media == 0) {
1969 ret = ide_dvd_read_structure(s, format, packet, buf);
d14049ea 1970
8114e9e8
TS		 1971 if (ret < 0)
1972 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST, -ret);
1973 else
1974 ide_atapi_cmd_reply(s, ret, max_len);
d14049ea 1975
8114e9e8
TS		 1976 break;
1977 }
1978 /* TODO: BD support, fall through for now */
1979
1980 /* Generic disk structures */
1981 case 0x80: /* TODO: AACS volume identifier */
1982 case 0x81: /* TODO: AACS media serial number */
1983 case 0x82: /* TODO: AACS media identifier */
1984 case 0x83: /* TODO: AACS media key block */
1985 case 0x90: /* TODO: List of recognized format layers */
1986 case 0xc0: /* TODO: Write protection status */
d14049ea
TS		 1987 default:
1988 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1989 ASC_INV_FIELD_IN_CMD_PACKET);
1990 break;
1991 }
1992 }
1993 break;
1994 case GPCMD_SET_SPEED:
1995 ide_atapi_cmd_ok(s);
1996 break;
bd0d90b2
FB		 1997 case GPCMD_INQUIRY:
1998 max_len = packet[4];
1999 buf[0] = 0x05; /* CD-ROM */
2000 buf[1] = 0x80; /* removable */
2001 buf[2] = 0x00; /* ISO */
2002 buf[3] = 0x21; /* ATAPI-2 (XXX: put ATAPI-4 ?) */
aa1f17c1 2003 buf[4] = 31; /* additional length */
bd0d90b2
FB		 2004 buf[5] = 0; /* reserved */
2005 buf[6] = 0; /* reserved */
2006 buf[7] = 0; /* reserved */
2007 padstr8(buf + 8, 8, "QEMU");
38cdea7c 2008 padstr8(buf + 16, 16, "QEMU DVD-ROM");
bd0d90b2
FB		 2009 padstr8(buf + 32, 4, QEMU_VERSION);
2010 ide_atapi_cmd_reply(s, 36, max_len);
2011 break;
d14049ea
TS		 2012 case GPCMD_GET_CONFIGURATION:
2013 {
38cdea7c 2014 uint32_t len;
091d055b 2015 uint8_t index = 0;
d14049ea
TS		 2016
2017 /* only feature 0 is supported */
2018 if (packet[2] != 0 || packet[3] != 0) {
2019 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
2020 ASC_INV_FIELD_IN_CMD_PACKET);
2021 break;
2022 }
38cdea7c
AZ		 2023
2024 /* XXX: could result in alignment problems in some architectures */
2025 max_len = ube16_to_cpu(packet + 7);
091d055b 2026
38cdea7c 2027 /*
091d055b
AZ		 2028 * XXX: avoid overflow for io_buffer if max_len is bigger than
2029 * the size of that buffer (dimensioned to max number of
2030 * sectors to transfer at once)
38cdea7c 2031 *
091d055b 2032 * Only a problem if the feature/profiles grow.
38cdea7c
AZ		 2033 */
2034 if (max_len > 512) /* XXX: assume 1 sector */
2035 max_len = 512;
2036
2037 memset(buf, 0, max_len);
2038 /*
2039 * the number of sectors from the media tells us which profile
2040 * to use as current. 0 means there is no media
38cdea7c 2041 */
8114e9e8
TS		 2042 if (media_is_dvd(s))
2043 cpu_to_ube16(buf + 6, MMC_PROFILE_DVD_ROM);
2044 else if (media_is_cd(s))
2045 cpu_to_ube16(buf + 6, MMC_PROFILE_CD_ROM);
38cdea7c 2046
091d055b
AZ		 2047 buf[10] = 0x02 | 0x01; /* persistent and current */
2048 len = 12; /* headers: 8 + 4 */
2049 len += ide_atapi_set_profile(buf, &index, MMC_PROFILE_DVD_ROM);
2050 len += ide_atapi_set_profile(buf, &index, MMC_PROFILE_CD_ROM);
38cdea7c
AZ		 2051 cpu_to_ube32(buf, len - 4); /* data length */
2052
2053 ide_atapi_cmd_reply(s, len, max_len);
d14049ea
TS		 2054 break;
2055 }
5391d806 2056 default:
5fafdf24 2057 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
7f777bf3 2058 ASC_ILLEGAL_OPCODE);
5391d806
FB		 2059 break;
2060 }
2061}
2062
201a51fc
AZ		 2063static void ide_cfata_metadata_inquiry(IDEState *s)
2064{
2065 uint16_t *p;
2066 uint32_t spd;
2067
2068 p = (uint16_t *) s->io_buffer;
2069 memset(p, 0, 0x200);
2070 spd = ((s->mdata_size - 1) >> 9) + 1;
2071
2072 put_le16(p + 0, 0x0001); /* Data format revision */
2073 put_le16(p + 1, 0x0000); /* Media property: silicon */
2074 put_le16(p + 2, s->media_changed); /* Media status */
2075 put_le16(p + 3, s->mdata_size & 0xffff); /* Capacity in bytes (low) */
2076 put_le16(p + 4, s->mdata_size >> 16); /* Capacity in bytes (high) */
2077 put_le16(p + 5, spd & 0xffff); /* Sectors per device (low) */
2078 put_le16(p + 6, spd >> 16); /* Sectors per device (high) */
2079}
2080
2081static void ide_cfata_metadata_read(IDEState *s)
2082{
2083 uint16_t *p;
2084
2085 if (((s->hcyl << 16) | s->lcyl) << 9 > s->mdata_size + 2) {
2086 s->status = ERR_STAT;
2087 s->error = ABRT_ERR;
2088 return;
2089 }
2090
2091 p = (uint16_t *) s->io_buffer;
2092 memset(p, 0, 0x200);
2093
2094 put_le16(p + 0, s->media_changed); /* Media status */
2095 memcpy(p + 1, s->mdata_storage + (((s->hcyl << 16) | s->lcyl) << 9),
2096 MIN(MIN(s->mdata_size - (((s->hcyl << 16) | s->lcyl) << 9),
2097 s->nsector << 9), 0x200 - 2));
2098}
2099
2100static void ide_cfata_metadata_write(IDEState *s)
2101{
2102 if (((s->hcyl << 16) | s->lcyl) << 9 > s->mdata_size + 2) {
2103 s->status = ERR_STAT;
2104 s->error = ABRT_ERR;
2105 return;
2106 }
2107
2108 s->media_changed = 0;
2109
2110 memcpy(s->mdata_storage + (((s->hcyl << 16) | s->lcyl) << 9),
2111 s->io_buffer + 2,
2112 MIN(MIN(s->mdata_size - (((s->hcyl << 16) | s->lcyl) << 9),
2113 s->nsector << 9), 0x200 - 2));
2114}
2115
bd491d6a
TS		 2116/* called when the inserted state of the media has changed */
2117static void cdrom_change_cb(void *opaque)
2118{
2119 IDEState *s = opaque;
96b8f136 2120 uint64_t nb_sectors;
bd491d6a 2121
bd491d6a
TS		 2122 bdrv_get_geometry(s->bs, &nb_sectors);
2123 s->nb_sectors = nb_sectors;
9118e7f0
AL		 2124
2125 s->sense_key = SENSE_UNIT_ATTENTION;
2126 s->asc = ASC_MEDIUM_MAY_HAVE_CHANGED;
93c8cfd9 2127 s->cdrom_changed = 1;
9118e7f0 2128 ide_set_irq(s);
bd491d6a
TS		 2129}
2130
c2ff060f
FB		 2131static void ide_cmd_lba48_transform(IDEState *s, int lba48)
2132{
2133 s->lba48 = lba48;
2134
2135 /* handle the 'magic' 0 nsector count conversion here. to avoid
2136 * fiddling with the rest of the read logic, we just store the
2137 * full sector count in ->nsector and ignore ->hob_nsector from now
2138 */
2139 if (!s->lba48) {
2140 if (!s->nsector)
2141 s->nsector = 256;
2142 } else {
2143 if (!s->nsector && !s->hob_nsector)
2144 s->nsector = 65536;
2145 else {
2146 int lo = s->nsector;
2147 int hi = s->hob_nsector;
2148
2149 s->nsector = (hi << 8) | lo;
2150 }
2151 }
2152}
2153
2154static void ide_clear_hob(IDEState *ide_if)
2155{
2156 /* any write clears HOB high bit of device control register */
2157 ide_if[0].select &= ~(1 << 7);
2158 ide_if[1].select &= ~(1 << 7);
2159}
2160
caed8802
FB		 2161static void ide_ioport_write(void *opaque, uint32_t addr, uint32_t val)
2162{
2163 IDEState *ide_if = opaque;
c45c3d00 2164 IDEState *s;
5391d806 2165 int unit, n;
c2ff060f 2166 int lba48 = 0;
5391d806
FB		 2167
2168#ifdef DEBUG_IDE
2169 printf("IDE: write addr=0x%x val=0x%02x\n", addr, val);
2170#endif
c2ff060f 2171
5391d806 2172 addr &= 7;
fcdd25ab
AL		 2173
2174 /* ignore writes to command block while busy with previous command */
2175 if (addr != 7 && (ide_if->cur_drive->status & (BUSY_STAT|DRQ_STAT)))
2176 return;
2177
5391d806
FB		 2178 switch(addr) {
2179 case 0:
2180 break;
2181 case 1:
c2ff060f 2182 ide_clear_hob(ide_if);
c45c3d00 2183 /* NOTE: data is written to the two drives */
c2ff060f
FB		 2184 ide_if[0].hob_feature = ide_if[0].feature;
2185 ide_if[1].hob_feature = ide_if[1].feature;
c45c3d00
FB		 2186 ide_if[0].feature = val;
2187 ide_if[1].feature = val;
5391d806
FB		 2188 break;
2189 case 2:
c2ff060f
FB		 2190 ide_clear_hob(ide_if);
2191 ide_if[0].hob_nsector = ide_if[0].nsector;
2192 ide_if[1].hob_nsector = ide_if[1].nsector;
c45c3d00
FB		 2193 ide_if[0].nsector = val;
2194 ide_if[1].nsector = val;
5391d806
FB		 2195 break;
2196 case 3:
c2ff060f
FB		 2197 ide_clear_hob(ide_if);
2198 ide_if[0].hob_sector = ide_if[0].sector;
2199 ide_if[1].hob_sector = ide_if[1].sector;
c45c3d00
FB		 2200 ide_if[0].sector = val;
2201 ide_if[1].sector = val;
5391d806
FB		 2202 break;
2203 case 4:
c2ff060f
FB		 2204 ide_clear_hob(ide_if);
2205 ide_if[0].hob_lcyl = ide_if[0].lcyl;
2206 ide_if[1].hob_lcyl = ide_if[1].lcyl;
c45c3d00
FB		 2207 ide_if[0].lcyl = val;
2208 ide_if[1].lcyl = val;
5391d806
FB		 2209 break;
2210 case 5:
c2ff060f
FB		 2211 ide_clear_hob(ide_if);
2212 ide_if[0].hob_hcyl = ide_if[0].hcyl;
2213 ide_if[1].hob_hcyl = ide_if[1].hcyl;
c45c3d00
FB		 2214 ide_if[0].hcyl = val;
2215 ide_if[1].hcyl = val;
5391d806
FB		 2216 break;
2217 case 6:
c2ff060f 2218 /* FIXME: HOB readback uses bit 7 */
7ae98627
FB		 2219 ide_if[0].select = (val & ~0x10) | 0xa0;
2220 ide_if[1].select = (val | 0x10) | 0xa0;
5391d806
FB		 2221 /* select drive */
2222 unit = (val >> 4) & 1;
2223 s = ide_if + unit;
2224 ide_if->cur_drive = s;
5391d806
FB		 2225 break;
2226 default:
2227 case 7:
2228 /* command */
2229#if defined(DEBUG_IDE)
2230 printf("ide: CMD=%02x\n", val);
2231#endif
c45c3d00 2232 s = ide_if->cur_drive;
66201e2d 2233 /* ignore commands to non existant slave */
5fafdf24 2234 if (s != ide_if && !s->bs)
66201e2d 2235 break;
c2ff060f 2236
fcdd25ab
AL		 2237 /* Only DEVICE RESET is allowed while BSY or/and DRQ are set */
2238 if ((s->status & (BUSY_STAT|DRQ_STAT)) && val != WIN_DEVICE_RESET)
2239 break;
2240
5391d806
FB		 2241 switch(val) {
2242 case WIN_IDENTIFY:
2243 if (s->bs && !s->is_cdrom) {
201a51fc
AZ		 2244 if (!s->is_cf)
2245 ide_identify(s);
2246 else
2247 ide_cfata_identify(s);
2a282056 2248 s->status = READY_STAT | SEEK_STAT;
5391d806
FB		 2249 ide_transfer_start(s, s->io_buffer, 512, ide_transfer_stop);
2250 } else {
2251 if (s->is_cdrom) {
2252 ide_set_signature(s);
2253 }
2254 ide_abort_command(s);
2255 }
2256 ide_set_irq(s);
2257 break;
2258 case WIN_SPECIFY:
2259 case WIN_RECAL:
a136e5a8 2260 s->error = 0;
769bec72 2261 s->status = READY_STAT | SEEK_STAT;
5391d806
FB		 2262 ide_set_irq(s);
2263 break;
2264 case WIN_SETMULT:
201a51fc
AZ		 2265 if (s->is_cf && s->nsector == 0) {
2266 /* Disable Read and Write Multiple */
2267 s->mult_sectors = 0;
41a2b959 2268 s->status = READY_STAT | SEEK_STAT;
201a51fc 2269 } else if ((s->nsector & 0xff) != 0 &&
39dfc926
TS		 2270 ((s->nsector & 0xff) > MAX_MULT_SECTORS ||
2271 (s->nsector & (s->nsector - 1)) != 0)) {
5391d806
FB		 2272 ide_abort_command(s);
2273 } else {
292eef5a 2274 s->mult_sectors = s->nsector & 0xff;
41a2b959 2275 s->status = READY_STAT | SEEK_STAT;
5391d806
FB		 2276 }
2277 ide_set_irq(s);
2278 break;
c2ff060f
FB		 2279 case WIN_VERIFY_EXT:
2280 lba48 = 1;
4ce900b4
FB		 2281 case WIN_VERIFY:
2282 case WIN_VERIFY_ONCE:
2283 /* do sector number check ? */
c2ff060f 2284 ide_cmd_lba48_transform(s, lba48);
41a2b959 2285 s->status = READY_STAT | SEEK_STAT;
4ce900b4
FB		 2286 ide_set_irq(s);
2287 break;
c2ff060f
FB		 2288 case WIN_READ_EXT:
2289 lba48 = 1;
5391d806
FB		 2290 case WIN_READ:
2291 case WIN_READ_ONCE:
5fafdf24 2292 if (!s->bs)
6b136f9e 2293 goto abort_cmd;
c2ff060f 2294 ide_cmd_lba48_transform(s, lba48);
5391d806
FB		 2295 s->req_nb_sectors = 1;
2296 ide_sector_read(s);
2297 break;
c2ff060f
FB		 2298 case WIN_WRITE_EXT:
2299 lba48 = 1;
5391d806
FB		 2300 case WIN_WRITE:
2301 case WIN_WRITE_ONCE:
201a51fc
AZ		 2302 case CFA_WRITE_SECT_WO_ERASE:
2303 case WIN_WRITE_VERIFY:
c2ff060f 2304 ide_cmd_lba48_transform(s, lba48);
a136e5a8 2305 s->error = 0;
f66723fa 2306 s->status = SEEK_STAT | READY_STAT;
5391d806
FB		 2307 s->req_nb_sectors = 1;
2308 ide_transfer_start(s, s->io_buffer, 512, ide_sector_write);
201a51fc 2309 s->media_changed = 1;
5391d806 2310 break;
c2ff060f
FB		 2311 case WIN_MULTREAD_EXT:
2312 lba48 = 1;
5391d806
FB		 2313 case WIN_MULTREAD:
2314 if (!s->mult_sectors)
2315 goto abort_cmd;
c2ff060f 2316 ide_cmd_lba48_transform(s, lba48);
5391d806
FB		 2317 s->req_nb_sectors = s->mult_sectors;
2318 ide_sector_read(s);
2319 break;
c2ff060f
FB		 2320 case WIN_MULTWRITE_EXT:
2321 lba48 = 1;
5391d806 2322 case WIN_MULTWRITE:
201a51fc 2323 case CFA_WRITE_MULTI_WO_ERASE:
5391d806
FB		 2324 if (!s->mult_sectors)
2325 goto abort_cmd;
c2ff060f 2326 ide_cmd_lba48_transform(s, lba48);
a136e5a8 2327 s->error = 0;
f66723fa 2328 s->status = SEEK_STAT | READY_STAT;
5391d806
FB		 2329 s->req_nb_sectors = s->mult_sectors;
2330 n = s->nsector;
2331 if (n > s->req_nb_sectors)
2332 n = s->req_nb_sectors;
2333 ide_transfer_start(s, s->io_buffer, 512 * n, ide_sector_write);
201a51fc 2334 s->media_changed = 1;
5391d806 2335 break;
c2ff060f
FB		 2336 case WIN_READDMA_EXT:
2337 lba48 = 1;
98087450
FB		 2338 case WIN_READDMA:
2339 case WIN_READDMA_ONCE:
5fafdf24 2340 if (!s->bs)
98087450 2341 goto abort_cmd;
c2ff060f 2342 ide_cmd_lba48_transform(s, lba48);
98087450
FB		 2343 ide_sector_read_dma(s);
2344 break;
c2ff060f
FB		 2345 case WIN_WRITEDMA_EXT:
2346 lba48 = 1;
98087450
FB		 2347 case WIN_WRITEDMA:
2348 case WIN_WRITEDMA_ONCE:
5fafdf24 2349 if (!s->bs)
98087450 2350 goto abort_cmd;
c2ff060f 2351 ide_cmd_lba48_transform(s, lba48);
98087450 2352 ide_sector_write_dma(s);
201a51fc 2353 s->media_changed = 1;
98087450 2354 break;
c2ff060f
FB		 2355 case WIN_READ_NATIVE_MAX_EXT:
2356 lba48 = 1;
5391d806 2357 case WIN_READ_NATIVE_MAX:
c2ff060f 2358 ide_cmd_lba48_transform(s, lba48);
5391d806 2359 ide_set_sector(s, s->nb_sectors - 1);
41a2b959 2360 s->status = READY_STAT | SEEK_STAT;
5391d806
FB		 2361 ide_set_irq(s);
2362 break;
a136e5a8 2363 case WIN_CHECKPOWERMODE1:
201a51fc 2364 case WIN_CHECKPOWERMODE2:
a136e5a8 2365 s->nsector = 0xff; /* device active or idle */
41a2b959 2366 s->status = READY_STAT | SEEK_STAT;
a136e5a8
FB		 2367 ide_set_irq(s);
2368 break;
34e538ae
FB		 2369 case WIN_SETFEATURES:
2370 if (!s->bs)
2371 goto abort_cmd;
2372 /* XXX: valid for CDROM ? */
2373 switch(s->feature) {
e1f63470
TS		 2374 case 0xcc: /* reverting to power-on defaults enable */
2375 case 0x66: /* reverting to power-on defaults disable */
34e538ae
FB		 2376 case 0x02: /* write cache enable */
2377 case 0x82: /* write cache disable */
2378 case 0xaa: /* read look-ahead enable */
2379 case 0x55: /* read look-ahead disable */
201a51fc
AZ		 2380 case 0x05: /* set advanced power management mode */
2381 case 0x85: /* disable advanced power management mode */
2382 case 0x69: /* NOP */
2383 case 0x67: /* NOP */
2384 case 0x96: /* NOP */
2385 case 0x9a: /* NOP */
c3e88d8c
TS		 2386 case 0x42: /* enable Automatic Acoustic Mode */
2387 case 0xc2: /* disable Automatic Acoustic Mode */
e0fe67aa 2388 s->status = READY_STAT | SEEK_STAT;
34e538ae
FB		 2389 ide_set_irq(s);
2390 break;
94458802
FB		 2391 case 0x03: { /* set transfer mode */
2392 uint8_t val = s->nsector & 0x07;
2393
2394 switch (s->nsector >> 3) {
2395 case 0x00: /* pio default */
2396 case 0x01: /* pio mode */
d1b5c20d
TS		 2397 put_le16(s->identify_data + 62,0x07);
2398 put_le16(s->identify_data + 63,0x07);
2399 put_le16(s->identify_data + 88,0x3f);
2400 break;
2401 case 0x02: /* sigle word dma mode*/
2402 put_le16(s->identify_data + 62,0x07 | (1 << (val + 8)));
94458802
FB		 2403 put_le16(s->identify_data + 63,0x07);
2404 put_le16(s->identify_data + 88,0x3f);
2405 break;
2406 case 0x04: /* mdma mode */
d1b5c20d 2407 put_le16(s->identify_data + 62,0x07);
94458802
FB		 2408 put_le16(s->identify_data + 63,0x07 | (1 << (val + 8)));
2409 put_le16(s->identify_data + 88,0x3f);
2410 break;
2411 case 0x08: /* udma mode */
d1b5c20d 2412 put_le16(s->identify_data + 62,0x07);
94458802
FB		 2413 put_le16(s->identify_data + 63,0x07);
2414 put_le16(s->identify_data + 88,0x3f | (1 << (val + 8)));
2415 break;
2416 default:
2417 goto abort_cmd;
2418 }
2419 s->status = READY_STAT | SEEK_STAT;
2420 ide_set_irq(s);
2421 break;
2422 }
34e538ae
FB		 2423 default:
2424 goto abort_cmd;
2425 }
2426 break;
c2ff060f
FB		 2427 case WIN_FLUSH_CACHE:
2428 case WIN_FLUSH_CACHE_EXT:
7a6cba61
PB		 2429 if (s->bs)
2430 bdrv_flush(s->bs);
41a2b959 2431 s->status = READY_STAT | SEEK_STAT;
7a6cba61
PB		 2432 ide_set_irq(s);
2433 break;
c3e88d8c
TS		 2434 case WIN_STANDBY:
2435 case WIN_STANDBY2:
2436 case WIN_STANDBYNOW1:
201a51fc 2437 case WIN_STANDBYNOW2:
c451ee71 2438 case WIN_IDLEIMMEDIATE:
201a51fc
AZ		 2439 case CFA_IDLEIMMEDIATE:
2440 case WIN_SETIDLE1:
2441 case WIN_SETIDLE2:
c3e88d8c
TS		 2442 case WIN_SLEEPNOW1:
2443 case WIN_SLEEPNOW2:
2444 s->status = READY_STAT;
a7dfe172
FB		 2445 ide_set_irq(s);
2446 break;
4fbfcd6d
AJ		 2447 case WIN_SEEK:
2448 if(s->is_cdrom)
2449 goto abort_cmd;
2450 /* XXX: Check that seek is within bounds */
2451 s->status = READY_STAT | SEEK_STAT;
2452 ide_set_irq(s);
2453 break;
5391d806
FB		 2454 /* ATAPI commands */
2455 case WIN_PIDENTIFY:
2456 if (s->is_cdrom) {
2457 ide_atapi_identify(s);
1298fe63 2458 s->status = READY_STAT | SEEK_STAT;
5391d806
FB		 2459 ide_transfer_start(s, s->io_buffer, 512, ide_transfer_stop);
2460 } else {
2461 ide_abort_command(s);
2462 }
2463 ide_set_irq(s);
2464 break;
c451ee71
FB		 2465 case WIN_DIAGNOSE:
2466 ide_set_signature(s);
33256a25
AL		 2467 if (s->is_cdrom)
2468 s->status = 0; /* ATAPI spec (v6) section 9.10 defines packet
2469 * devices to return a clear status register
2470 * with READY_STAT *not* set. */
2471 else
2472 s->status = READY_STAT | SEEK_STAT;
2473 s->error = 0x01; /* Device 0 passed, Device 1 passed or not
2474 * present.
2475 */
f5fdd0a8 2476 ide_set_irq(s);
c451ee71 2477 break;
5391d806
FB		 2478 case WIN_SRST:
2479 if (!s->is_cdrom)
2480 goto abort_cmd;
2481 ide_set_signature(s);
6b136f9e 2482 s->status = 0x00; /* NOTE: READY is _not_ set */
5391d806
FB		 2483 s->error = 0x01;
2484 break;
2485 case WIN_PACKETCMD:
2486 if (!s->is_cdrom)
2487 goto abort_cmd;
98087450
FB		 2488 /* overlapping commands not supported */
2489 if (s->feature & 0x02)
5391d806 2490 goto abort_cmd;
41a2b959 2491 s->status = READY_STAT | SEEK_STAT;
98087450 2492 s->atapi_dma = s->feature & 1;
5391d806 2493 s->nsector = 1;
5fafdf24 2494 ide_transfer_start(s, s->io_buffer, ATAPI_PACKET_SIZE,
5391d806
FB		 2495 ide_atapi_cmd);
2496 break;
201a51fc
AZ		 2497 /* CF-ATA commands */
2498 case CFA_REQ_EXT_ERROR_CODE:
2499 if (!s->is_cf)
2500 goto abort_cmd;
2501 s->error = 0x09; /* miscellaneous error */
41a2b959 2502 s->status = READY_STAT | SEEK_STAT;
201a51fc
AZ		 2503 ide_set_irq(s);
2504 break;
2505 case CFA_ERASE_SECTORS:
2506 case CFA_WEAR_LEVEL:
2507 if (!s->is_cf)
2508 goto abort_cmd;
2509 if (val == CFA_WEAR_LEVEL)
2510 s->nsector = 0;
2511 if (val == CFA_ERASE_SECTORS)
2512 s->media_changed = 1;
2513 s->error = 0x00;
41a2b959 2514 s->status = READY_STAT | SEEK_STAT;
201a51fc
AZ		 2515 ide_set_irq(s);
2516 break;
2517 case CFA_TRANSLATE_SECTOR:
2518 if (!s->is_cf)
2519 goto abort_cmd;
2520 s->error = 0x00;
41a2b959 2521 s->status = READY_STAT | SEEK_STAT;
201a51fc
AZ		 2522 memset(s->io_buffer, 0, 0x200);
2523 s->io_buffer[0x00] = s->hcyl; /* Cyl MSB */
2524 s->io_buffer[0x01] = s->lcyl; /* Cyl LSB */
2525 s->io_buffer[0x02] = s->select; /* Head */
2526 s->io_buffer[0x03] = s->sector; /* Sector */
2527 s->io_buffer[0x04] = ide_get_sector(s) >> 16; /* LBA MSB */
2528 s->io_buffer[0x05] = ide_get_sector(s) >> 8; /* LBA */
2529 s->io_buffer[0x06] = ide_get_sector(s) >> 0; /* LBA LSB */
2530 s->io_buffer[0x13] = 0x00; /* Erase flag */
2531 s->io_buffer[0x18] = 0x00; /* Hot count */
2532 s->io_buffer[0x19] = 0x00; /* Hot count */
2533 s->io_buffer[0x1a] = 0x01; /* Hot count */
2534 ide_transfer_start(s, s->io_buffer, 0x200, ide_transfer_stop);
2535 ide_set_irq(s);
2536 break;
2537 case CFA_ACCESS_METADATA_STORAGE:
2538 if (!s->is_cf)
2539 goto abort_cmd;
2540 switch (s->feature) {
2541 case 0x02: /* Inquiry Metadata Storage */
2542 ide_cfata_metadata_inquiry(s);
2543 break;
2544 case 0x03: /* Read Metadata Storage */
2545 ide_cfata_metadata_read(s);
2546 break;
2547 case 0x04: /* Write Metadata Storage */
2548 ide_cfata_metadata_write(s);
2549 break;
2550 default:
2551 goto abort_cmd;
2552 }
2553 ide_transfer_start(s, s->io_buffer, 0x200, ide_transfer_stop);
2554 s->status = 0x00; /* NOTE: READY is _not_ set */
2555 ide_set_irq(s);
2556 break;
2557 case IBM_SENSE_CONDITION:
2558 if (!s->is_cf)
2559 goto abort_cmd;
2560 switch (s->feature) {
2561 case 0x01: /* sense temperature in device */
2562 s->nsector = 0x50; /* +20 C */
2563 break;
2564 default:
2565 goto abort_cmd;
2566 }
41a2b959 2567 s->status = READY_STAT | SEEK_STAT;
201a51fc
AZ		 2568 ide_set_irq(s);
2569 break;
5391d806
FB		 2570 default:
2571 abort_cmd:
2572 ide_abort_command(s);
2573 ide_set_irq(s);
2574 break;
2575 }
2576 }
2577}
2578
caed8802 2579static uint32_t ide_ioport_read(void *opaque, uint32_t addr1)
5391d806 2580{
7ae98627
FB		 2581 IDEState *ide_if = opaque;
2582 IDEState *s = ide_if->cur_drive;
5391d806 2583 uint32_t addr;
c2ff060f 2584 int ret, hob;
5391d806
FB		 2585
2586 addr = addr1 & 7;
c2ff060f
FB		 2587 /* FIXME: HOB readback uses bit 7, but it's always set right now */
2588 //hob = s->select & (1 << 7);
2589 hob = 0;
5391d806
FB		 2590 switch(addr) {
2591 case 0:
2592 ret = 0xff;
2593 break;
2594 case 1:
c45ca54f
AL		 2595 if ((!ide_if[0].bs && !ide_if[1].bs) ||
2596 (s != ide_if && !s->bs))
c45c3d00 2597 ret = 0;
c2ff060f 2598 else if (!hob)
c45c3d00 2599 ret = s->error;
c2ff060f
FB		 2600 else
2601 ret = s->hob_feature;
5391d806
FB		 2602 break;
2603 case 2:
7ae98627 2604 if (!ide_if[0].bs && !ide_if[1].bs)
c45c3d00 2605 ret = 0;
c2ff060f 2606 else if (!hob)
c45c3d00 2607 ret = s->nsector & 0xff;
c2ff060f
FB		 2608 else
2609 ret = s->hob_nsector;
5391d806
FB		 2610 break;
2611 case 3:
7ae98627 2612 if (!ide_if[0].bs && !ide_if[1].bs)
c45c3d00 2613 ret = 0;
c2ff060f 2614 else if (!hob)
c45c3d00 2615 ret = s->sector;
c2ff060f
FB		 2616 else
2617 ret = s->hob_sector;
5391d806
FB		 2618 break;
2619 case 4:
7ae98627 2620 if (!ide_if[0].bs && !ide_if[1].bs)
c45c3d00 2621 ret = 0;
c2ff060f 2622 else if (!hob)
c45c3d00 2623 ret = s->lcyl;
c2ff060f
FB		 2624 else
2625 ret = s->hob_lcyl;
5391d806
FB		 2626 break;
2627 case 5:
7ae98627 2628 if (!ide_if[0].bs && !ide_if[1].bs)
c45c3d00 2629 ret = 0;
c2ff060f 2630 else if (!hob)
c45c3d00 2631 ret = s->hcyl;
c2ff060f
FB		 2632 else
2633 ret = s->hob_hcyl;
5391d806
FB		 2634 break;
2635 case 6:
7ae98627 2636 if (!ide_if[0].bs && !ide_if[1].bs)
c45c3d00
FB		 2637 ret = 0;
2638 else
7ae98627 2639 ret = s->select;
5391d806
FB		 2640 break;
2641 default:
2642 case 7:
66201e2d
FB		 2643 if ((!ide_if[0].bs && !ide_if[1].bs) ||
2644 (s != ide_if && !s->bs))
c45c3d00
FB		 2645 ret = 0;
2646 else
2647 ret = s->status;
d537cf6c 2648 qemu_irq_lower(s->irq);
5391d806
FB		 2649 break;
2650 }
2651#ifdef DEBUG_IDE
2652 printf("ide: read addr=0x%x val=%02x\n", addr1, ret);
2653#endif
2654 return ret;
2655}
2656
caed8802 2657static uint32_t ide_status_read(void *opaque, uint32_t addr)
5391d806 2658{
7ae98627
FB		 2659 IDEState *ide_if = opaque;
2660 IDEState *s = ide_if->cur_drive;
5391d806 2661 int ret;
7ae98627 2662
66201e2d
FB		 2663 if ((!ide_if[0].bs && !ide_if[1].bs) ||
2664 (s != ide_if && !s->bs))
7ae98627
FB		 2665 ret = 0;
2666 else
2667 ret = s->status;
5391d806
FB		 2668#ifdef DEBUG_IDE
2669 printf("ide: read status addr=0x%x val=%02x\n", addr, ret);
2670#endif
2671 return ret;
2672}
2673
caed8802 2674static void ide_cmd_write(void *opaque, uint32_t addr, uint32_t val)
5391d806 2675{
caed8802 2676 IDEState *ide_if = opaque;
5391d806
FB		 2677 IDEState *s;
2678 int i;
2679
2680#ifdef DEBUG_IDE
2681 printf("ide: write control addr=0x%x val=%02x\n", addr, val);
2682#endif
2683 /* common for both drives */
2684 if (!(ide_if[0].cmd & IDE_CMD_RESET) &&
2685 (val & IDE_CMD_RESET)) {
2686 /* reset low to high */
2687 for(i = 0;i < 2; i++) {
2688 s = &ide_if[i];
2689 s->status = BUSY_STAT | SEEK_STAT;
2690 s->error = 0x01;
2691 }
2692 } else if ((ide_if[0].cmd & IDE_CMD_RESET) &&
2693 !(val & IDE_CMD_RESET)) {
2694 /* high to low */
2695 for(i = 0;i < 2; i++) {
2696 s = &ide_if[i];
6b136f9e
FB		 2697 if (s->is_cdrom)
2698 s->status = 0x00; /* NOTE: READY is _not_ set */
2699 else
56bf1d37 2700 s->status = READY_STAT | SEEK_STAT;
5391d806
FB		 2701 ide_set_signature(s);
2702 }
2703 }
2704
2705 ide_if[0].cmd = val;
2706 ide_if[1].cmd = val;
2707}
2708
caed8802 2709static void ide_data_writew(void *opaque, uint32_t addr, uint32_t val)
5391d806 2710{
caed8802 2711 IDEState *s = ((IDEState *)opaque)->cur_drive;
5391d806
FB		 2712 uint8_t *p;
2713
fcdd25ab
AL		 2714 /* PIO data access allowed only when DRQ bit is set */
2715 if (!(s->status & DRQ_STAT))
2716 return;
2717
5391d806 2718 p = s->data_ptr;
0c4ad8dc 2719 *(uint16_t *)p = le16_to_cpu(val);
5391d806
FB		 2720 p += 2;
2721 s->data_ptr = p;
2722 if (p >= s->data_end)
2723 s->end_transfer_func(s);
2724}
2725
caed8802 2726static uint32_t ide_data_readw(void *opaque, uint32_t addr)
5391d806 2727{
caed8802 2728 IDEState *s = ((IDEState *)opaque)->cur_drive;
5391d806
FB		 2729 uint8_t *p;
2730 int ret;
fcdd25ab
AL		 2731
2732 /* PIO data access allowed only when DRQ bit is set */
2733 if (!(s->status & DRQ_STAT))
2734 return 0;
2735
5391d806 2736 p = s->data_ptr;
0c4ad8dc 2737 ret = cpu_to_le16(*(uint16_t *)p);
5391d806
FB		 2738 p += 2;
2739 s->data_ptr = p;
2740 if (p >= s->data_end)
2741 s->end_transfer_func(s);
2742 return ret;
2743}
2744
caed8802 2745static void ide_data_writel(void *opaque, uint32_t addr, uint32_t val)
5391d806 2746{
caed8802 2747 IDEState *s = ((IDEState *)opaque)->cur_drive;
5391d806
FB		 2748 uint8_t *p;
2749
fcdd25ab
AL		 2750 /* PIO data access allowed only when DRQ bit is set */
2751 if (!(s->status & DRQ_STAT))
2752 return;
2753
5391d806 2754 p = s->data_ptr;
0c4ad8dc 2755 *(uint32_t *)p = le32_to_cpu(val);
5391d806
FB		 2756 p += 4;
2757 s->data_ptr = p;
2758 if (p >= s->data_end)
2759 s->end_transfer_func(s);
2760}
2761
caed8802 2762static uint32_t ide_data_readl(void *opaque, uint32_t addr)
5391d806 2763{
caed8802 2764 IDEState *s = ((IDEState *)opaque)->cur_drive;
5391d806
FB		 2765 uint8_t *p;
2766 int ret;
3b46e624 2767
fcdd25ab
AL		 2768 /* PIO data access allowed only when DRQ bit is set */
2769 if (!(s->status & DRQ_STAT))
2770 return 0;
2771
5391d806 2772 p = s->data_ptr;
0c4ad8dc 2773 ret = cpu_to_le32(*(uint32_t *)p);
5391d806
FB		 2774 p += 4;
2775 s->data_ptr = p;
2776 if (p >= s->data_end)
2777 s->end_transfer_func(s);
2778 return ret;
2779}
2780
a7dfe172
FB		 2781static void ide_dummy_transfer_stop(IDEState *s)
2782{
2783 s->data_ptr = s->io_buffer;
2784 s->data_end = s->io_buffer;
2785 s->io_buffer[0] = 0xff;
2786 s->io_buffer[1] = 0xff;
2787 s->io_buffer[2] = 0xff;
2788 s->io_buffer[3] = 0xff;
2789}
2790
5391d806
FB		 2791static void ide_reset(IDEState *s)
2792{
201a51fc
AZ		 2793 if (s->is_cf)
2794 s->mult_sectors = 0;
2795 else
2796 s->mult_sectors = MAX_MULT_SECTORS;
5391d806
FB		 2797 s->cur_drive = s;
2798 s->select = 0xa0;
41a2b959 2799 s->status = READY_STAT | SEEK_STAT;
5391d806 2800 ide_set_signature(s);
a7dfe172
FB		 2801 /* init the transfer handler so that 0xffff is returned on data
2802 accesses */
2803 s->end_transfer_func = ide_dummy_transfer_stop;
2804 ide_dummy_transfer_stop(s);
201a51fc 2805 s->media_changed = 0;
5391d806
FB		 2806}
2807
5457c8ce
FB		 2808static void ide_init2(IDEState *ide_state,
2809 BlockDriverState *hd0, BlockDriverState *hd1,
d537cf6c 2810 qemu_irq irq)
5391d806 2811{
69b91039 2812 IDEState *s;
aedf5382 2813 static int drive_serial = 1;
f3d54fc4 2814 int i, cylinders, heads, secs;
96b8f136 2815 uint64_t nb_sectors;
5391d806 2816
caed8802
FB		 2817 for(i = 0; i < 2; i++) {
2818 s = ide_state + i;
2819 if (i == 0)
2820 s->bs = hd0;
2821 else
2822 s->bs = hd1;
e268ca52 2823 s->io_buffer = qemu_blockalign(s->bs, IDE_DMA_BUF_SECTORS*512 + 4);
5391d806
FB		 2824 if (s->bs) {
2825 bdrv_get_geometry(s->bs, &nb_sectors);
f3d54fc4
AL		 2826 bdrv_guess_geometry(s->bs, &cylinders, &heads, &secs);
2827 s->cylinders = cylinders;
2828 s->heads = heads;
2829 s->sectors = secs;
5391d806 2830 s->nb_sectors = nb_sectors;
f3d54fc4 2831
caed8802
FB		 2832 if (bdrv_get_type_hint(s->bs) == BDRV_TYPE_CDROM) {
2833 s->is_cdrom = 1;
bd491d6a 2834 bdrv_set_change_cb(s->bs, cdrom_change_cb, s);
5391d806
FB		 2835 }
2836 }
aedf5382 2837 s->drive_serial = drive_serial++;
fa879c64
AL		 2838 strncpy(s->drive_serial_str, drive_get_serial(s->bs),
2839 sizeof(s->drive_serial_str));
2840 if (strlen(s->drive_serial_str) == 0)
2841 snprintf(s->drive_serial_str, sizeof(s->drive_serial_str),
2842 "QM%05d", s->drive_serial);
caed8802 2843 s->irq = irq;
5fafdf24 2844 s->sector_write_timer = qemu_new_timer(vm_clock,
a09db21f 2845 ide_sector_write_timer_cb, s);
5391d806
FB		 2846 ide_reset(s);
2847 }
69b91039
FB		 2848}
2849
34e538ae 2850static void ide_init_ioport(IDEState *ide_state, int iobase, int iobase2)
69b91039 2851{
caed8802
FB		 2852 register_ioport_write(iobase, 8, 1, ide_ioport_write, ide_state);
2853 register_ioport_read(iobase, 8, 1, ide_ioport_read, ide_state);
2854 if (iobase2) {
2855 register_ioport_read(iobase2, 1, 1, ide_status_read, ide_state);
2856 register_ioport_write(iobase2, 1, 1, ide_cmd_write, ide_state);
5391d806 2857 }
3b46e624 2858
caed8802
FB		 2859 /* data ports */
2860 register_ioport_write(iobase, 2, 2, ide_data_writew, ide_state);
2861 register_ioport_read(iobase, 2, 2, ide_data_readw, ide_state);
2862 register_ioport_write(iobase, 4, 4, ide_data_writel, ide_state);
2863 register_ioport_read(iobase, 4, 4, ide_data_readl, ide_state);
5391d806 2864}
69b91039 2865
aa941b94
AZ		 2866/* save per IDE drive data */
2867static void ide_save(QEMUFile* f, IDEState *s)
2868{
bee8d684
TS		 2869 qemu_put_be32(f, s->mult_sectors);
2870 qemu_put_be32(f, s->identify_set);
aa941b94
AZ		 2871 if (s->identify_set) {
2872 qemu_put_buffer(f, (const uint8_t *)s->identify_data, 512);
2873 }
2874 qemu_put_8s(f, &s->feature);
2875 qemu_put_8s(f, &s->error);
2876 qemu_put_be32s(f, &s->nsector);
2877 qemu_put_8s(f, &s->sector);
2878 qemu_put_8s(f, &s->lcyl);
2879 qemu_put_8s(f, &s->hcyl);
2880 qemu_put_8s(f, &s->hob_feature);
2881 qemu_put_8s(f, &s->hob_nsector);
2882 qemu_put_8s(f, &s->hob_sector);
2883 qemu_put_8s(f, &s->hob_lcyl);
2884 qemu_put_8s(f, &s->hob_hcyl);
2885 qemu_put_8s(f, &s->select);
2886 qemu_put_8s(f, &s->status);
2887 qemu_put_8s(f, &s->lba48);
2888
2889 qemu_put_8s(f, &s->sense_key);
2890 qemu_put_8s(f, &s->asc);
2891 /* XXX: if a transfer is pending, we do not save it yet */
2892}
2893
2894/* load per IDE drive data */
93c8cfd9 2895static void ide_load(QEMUFile* f, IDEState *s, int version_id)
aa941b94 2896{
bee8d684
TS		 2897 s->mult_sectors=qemu_get_be32(f);
2898 s->identify_set=qemu_get_be32(f);
aa941b94
AZ		 2899 if (s->identify_set) {
2900 qemu_get_buffer(f, (uint8_t *)s->identify_data, 512);
2901 }
2902 qemu_get_8s(f, &s->feature);
2903 qemu_get_8s(f, &s->error);
2904 qemu_get_be32s(f, &s->nsector);
2905 qemu_get_8s(f, &s->sector);
2906 qemu_get_8s(f, &s->lcyl);
2907 qemu_get_8s(f, &s->hcyl);
2908 qemu_get_8s(f, &s->hob_feature);
2909 qemu_get_8s(f, &s->hob_nsector);
2910 qemu_get_8s(f, &s->hob_sector);
2911 qemu_get_8s(f, &s->hob_lcyl);
2912 qemu_get_8s(f, &s->hob_hcyl);
2913 qemu_get_8s(f, &s->select);
2914 qemu_get_8s(f, &s->status);
2915 qemu_get_8s(f, &s->lba48);
2916
2917 qemu_get_8s(f, &s->sense_key);
2918 qemu_get_8s(f, &s->asc);
93c8cfd9
GN		 2919 if (version_id == 3) {
2920 qemu_get_8s(f, &s->cdrom_changed);
2921 } else {
2922 if (s->sense_key == SENSE_UNIT_ATTENTION &&
2923 s->asc == ASC_MEDIUM_MAY_HAVE_CHANGED)
2924 s->cdrom_changed = 1;
2925 }
aa941b94
AZ		 2926 /* XXX: if a transfer is pending, we do not save it yet */
2927}
2928
34e538ae
FB		 2929/***********************************************************/
2930/* ISA IDE definitions */
2931
d537cf6c 2932void isa_ide_init(int iobase, int iobase2, qemu_irq irq,
34e538ae
FB		 2933 BlockDriverState *hd0, BlockDriverState *hd1)
2934{
2935 IDEState *ide_state;
2936
2937 ide_state = qemu_mallocz(sizeof(IDEState) * 2);
3b46e624 2938
d537cf6c 2939 ide_init2(ide_state, hd0, hd1, irq);
34e538ae
FB		 2940 ide_init_ioport(ide_state, iobase, iobase2);
2941}
2942
69b91039
FB		 2943/***********************************************************/
2944/* PCI IDE definitions */
2945
5457c8ce
FB		 2946static void cmd646_update_irq(PCIIDEState *d);
2947
5fafdf24 2948static void ide_map(PCIDevice *pci_dev, int region_num,
69b91039
FB		 2949 uint32_t addr, uint32_t size, int type)
2950{
2951 PCIIDEState *d = (PCIIDEState *)pci_dev;
2952 IDEState *ide_state;
2953
2954 if (region_num <= 3) {
2955 ide_state = &d->ide_if[(region_num >> 1) * 2];
2956 if (region_num & 1) {
2957 register_ioport_read(addr + 2, 1, 1, ide_status_read, ide_state);
2958 register_ioport_write(addr + 2, 1, 1, ide_cmd_write, ide_state);
2959 } else {
2960 register_ioport_write(addr, 8, 1, ide_ioport_write, ide_state);
2961 register_ioport_read(addr, 8, 1, ide_ioport_read, ide_state);
2962
2963 /* data ports */
2964 register_ioport_write(addr, 2, 2, ide_data_writew, ide_state);
2965 register_ioport_read(addr, 2, 2, ide_data_readw, ide_state);
2966 register_ioport_write(addr, 4, 4, ide_data_writel, ide_state);
2967 register_ioport_read(addr, 4, 4, ide_data_readl, ide_state);
2968 }
2969 }
2970}
2971
8ccad811 2972static void ide_dma_start(IDEState *s, BlockDriverCompletionFunc *dma_cb)
98087450
FB		 2973{
2974 BMDMAState *bm = s->bmdma;
2975 if(!bm)
2976 return;
2977 bm->ide_if = s;
2978 bm->dma_cb = dma_cb;
8ccad811
FB		 2979 bm->cur_prd_last = 0;
2980 bm->cur_prd_addr = 0;
2981 bm->cur_prd_len = 0;
428c5705
AL		 2982 bm->sector_num = ide_get_sector(s);
2983 bm->nsector = s->nsector;
98087450 2984 if (bm->status & BM_STATUS_DMAING) {
8ccad811 2985 bm->dma_cb(bm, 0);
98087450
FB		 2986 }
2987}
2988
428c5705
AL		 2989static void ide_dma_restart(IDEState *s)
2990{
2991 BMDMAState *bm = s->bmdma;
2992 ide_set_sector(s, bm->sector_num);
2993 s->io_buffer_index = 0;
2994 s->io_buffer_size = 0;
2995 s->nsector = bm->nsector;
2996 bm->cur_addr = bm->addr;
2997 bm->dma_cb = ide_write_dma_cb;
2998 ide_dma_start(s, bm->dma_cb);
2999}
3000
72c7b06c
AL		 3001static void ide_dma_cancel(BMDMAState *bm)
3002{
3003 if (bm->status & BM_STATUS_DMAING) {
3004 bm->status &= ~BM_STATUS_DMAING;
3005 /* cancel DMA request */
3006 bm->ide_if = NULL;
3007 bm->dma_cb = NULL;
3008 if (bm->aiocb) {
3009#ifdef DEBUG_AIO
3010 printf("aio_cancel\n");
3011#endif
3012 bdrv_aio_cancel(bm->aiocb);
3013 bm->aiocb = NULL;
3014 }
3015 }
3016}
3017
98087450
FB		 3018static void bmdma_cmd_writeb(void *opaque, uint32_t addr, uint32_t val)
3019{
3020 BMDMAState *bm = opaque;
3021#ifdef DEBUG_IDE
3022 printf("%s: 0x%08x\n", __func__, val);
3023#endif
3024 if (!(val & BM_CMD_START)) {
3025 /* XXX: do it better */
72c7b06c 3026 ide_dma_cancel(bm);
98087450
FB		 3027 bm->cmd = val & 0x09;
3028 } else {
8ccad811
FB		 3029 if (!(bm->status & BM_STATUS_DMAING)) {
3030 bm->status |= BM_STATUS_DMAING;
3031 /* start dma transfer if possible */
3032 if (bm->dma_cb)
3033 bm->dma_cb(bm, 0);
3034 }
98087450 3035 bm->cmd = val & 0x09;
98087450
FB		 3036 }
3037}
3038
5457c8ce 3039static uint32_t bmdma_readb(void *opaque, uint32_t addr)
98087450
FB		 3040{
3041 BMDMAState *bm = opaque;
5457c8ce 3042 PCIIDEState *pci_dev;
98087450 3043 uint32_t val;
3b46e624 3044
5457c8ce 3045 switch(addr & 3) {
5fafdf24 3046 case 0:
5457c8ce
FB		 3047 val = bm->cmd;
3048 break;
3049 case 1:
3050 pci_dev = bm->pci_dev;
3051 if (pci_dev->type == IDE_TYPE_CMD646) {
3052 val = pci_dev->dev.config[MRDMODE];
3053 } else {
3054 val = 0xff;
3055 }
3056 break;
3057 case 2:
3058 val = bm->status;
3059 break;
3060 case 3:
3061 pci_dev = bm->pci_dev;
3062 if (pci_dev->type == IDE_TYPE_CMD646) {
3063 if (bm == &pci_dev->bmdma[0])
3064 val = pci_dev->dev.config[UDIDETCR0];
3065 else
3066 val = pci_dev->dev.config[UDIDETCR1];
3067 } else {
3068 val = 0xff;
3069 }
3070 break;
3071 default:
3072 val = 0xff;
3073 break;
3074 }
98087450 3075#ifdef DEBUG_IDE
5457c8ce 3076 printf("bmdma: readb 0x%02x : 0x%02x\n", addr, val);
98087450
FB		 3077#endif
3078 return val;
3079}
3080
5457c8ce 3081static void bmdma_writeb(void *opaque, uint32_t addr, uint32_t val)
98087450
FB		 3082{
3083 BMDMAState *bm = opaque;
5457c8ce 3084 PCIIDEState *pci_dev;
98087450 3085#ifdef DEBUG_IDE
5457c8ce 3086 printf("bmdma: writeb 0x%02x : 0x%02x\n", addr, val);
98087450 3087#endif
5457c8ce
FB		 3088 switch(addr & 3) {
3089 case 1:
3090 pci_dev = bm->pci_dev;
3091 if (pci_dev->type == IDE_TYPE_CMD646) {
5fafdf24 3092 pci_dev->dev.config[MRDMODE] =
5457c8ce
FB		 3093 (pci_dev->dev.config[MRDMODE] & ~0x30) | (val & 0x30);
3094 cmd646_update_irq(pci_dev);
3095 }
3096 break;
3097 case 2:
3098 bm->status = (val & 0x60) | (bm->status & 1) | (bm->status & ~val & 0x06);
3099 break;
3100 case 3:
3101 pci_dev = bm->pci_dev;
3102 if (pci_dev->type == IDE_TYPE_CMD646) {
3103 if (bm == &pci_dev->bmdma[0])
3104 pci_dev->dev.config[UDIDETCR0] = val;
3105 else
3106 pci_dev->dev.config[UDIDETCR1] = val;
3107 }
3108 break;
3109 }
98087450
FB		 3110}
3111
5b9a1293
AJ		 3112static uint32_t bmdma_addr_readb(void *opaque, uint32_t addr)
3113{
3114 BMDMAState *bm = opaque;
3115 uint32_t val;
3116 val = (bm->addr >> ((addr & 3) * 8)) & 0xff;
3117#ifdef DEBUG_IDE
3118 printf("%s: 0x%08x\n", __func__, val);
3119#endif
3120 return val;
3121}
3122
3123static void bmdma_addr_writeb(void *opaque, uint32_t addr, uint32_t val)
3124{
3125 BMDMAState *bm = opaque;
3126 int shift = (addr & 3) * 8;
3127#ifdef DEBUG_IDE
3128 printf("%s: 0x%08x\n", __func__, val);
3129#endif
3130 bm->addr &= ~(0xFF << shift);
3131 bm->addr |= ((val & 0xFF) << shift) & ~3;
3132 bm->cur_addr = bm->addr;
3133}
3134
3135static uint32_t bmdma_addr_readw(void *opaque, uint32_t addr)
3136{
3137 BMDMAState *bm = opaque;
3138 uint32_t val;
3139 val = (bm->addr >> ((addr & 3) * 8)) & 0xffff;
3140#ifdef DEBUG_IDE
3141 printf("%s: 0x%08x\n", __func__, val);
3142#endif
3143 return val;
3144}
3145
3146static void bmdma_addr_writew(void *opaque, uint32_t addr, uint32_t val)
3147{
3148 BMDMAState *bm = opaque;
3149 int shift = (addr & 3) * 8;
3150#ifdef DEBUG_IDE
3151 printf("%s: 0x%08x\n", __func__, val);
3152#endif
3153 bm->addr &= ~(0xFFFF << shift);
3154 bm->addr |= ((val & 0xFFFF) << shift) & ~3;
3155 bm->cur_addr = bm->addr;
3156}
3157
98087450
FB		 3158static uint32_t bmdma_addr_readl(void *opaque, uint32_t addr)
3159{
3160 BMDMAState *bm = opaque;
3161 uint32_t val;
3162 val = bm->addr;
3163#ifdef DEBUG_IDE
3164 printf("%s: 0x%08x\n", __func__, val);
3165#endif
3166 return val;
3167}
3168
3169static void bmdma_addr_writel(void *opaque, uint32_t addr, uint32_t val)
3170{
3171 BMDMAState *bm = opaque;
3172#ifdef DEBUG_IDE
3173 printf("%s: 0x%08x\n", __func__, val);
3174#endif
3175 bm->addr = val & ~3;
30c4bbac 3176 bm->cur_addr = bm->addr;
98087450
FB		 3177}
3178
5fafdf24 3179static void bmdma_map(PCIDevice *pci_dev, int region_num,
98087450
FB		 3180 uint32_t addr, uint32_t size, int type)
3181{
3182 PCIIDEState *d = (PCIIDEState *)pci_dev;
3183 int i;
3184
3185 for(i = 0;i < 2; i++) {
3186 BMDMAState *bm = &d->bmdma[i];
3187 d->ide_if[2 * i].bmdma = bm;
3188 d->ide_if[2 * i + 1].bmdma = bm;
5457c8ce 3189 bm->pci_dev = (PCIIDEState *)pci_dev;
428c5705 3190 qemu_add_vm_change_state_handler(ide_dma_restart_cb, bm);
5457c8ce 3191
98087450 3192 register_ioport_write(addr, 1, 1, bmdma_cmd_writeb, bm);
98087450 3193
5457c8ce
FB		 3194 register_ioport_write(addr + 1, 3, 1, bmdma_writeb, bm);
3195 register_ioport_read(addr, 4, 1, bmdma_readb, bm);
98087450 3196
5b9a1293
AJ		 3197 register_ioport_write(addr + 4, 4, 1, bmdma_addr_writeb, bm);
3198 register_ioport_read(addr + 4, 4, 1, bmdma_addr_readb, bm);
3199 register_ioport_write(addr + 4, 4, 2, bmdma_addr_writew, bm);
3200 register_ioport_read(addr + 4, 4, 2, bmdma_addr_readw, bm);
98087450
FB		 3201 register_ioport_write(addr + 4, 4, 4, bmdma_addr_writel, bm);
3202 register_ioport_read(addr + 4, 4, 4, bmdma_addr_readl, bm);
3203 addr += 8;
3204 }
3205}
3206
9b64997f
BS		 3207static void pci_ide_save(QEMUFile* f, void *opaque)
3208{
3209 PCIIDEState *d = opaque;
3210 int i;
3211
3212 pci_device_save(&d->dev, f);
3213
3214 for(i = 0; i < 2; i++) {
3215 BMDMAState *bm = &d->bmdma[i];
428c5705 3216 uint8_t ifidx;
9b64997f
BS		 3217 qemu_put_8s(f, &bm->cmd);
3218 qemu_put_8s(f, &bm->status);
3219 qemu_put_be32s(f, &bm->addr);
428c5705
AL		 3220 qemu_put_sbe64s(f, &bm->sector_num);
3221 qemu_put_be32s(f, &bm->nsector);
3222 ifidx = bm->ide_if ? bm->ide_if - d->ide_if : 0;
3223 qemu_put_8s(f, &ifidx);
9b64997f
BS		 3224 /* XXX: if a transfer is pending, we do not save it yet */
3225 }
3226
3227 /* per IDE interface data */
3228 for(i = 0; i < 2; i++) {
3229 IDEState *s = &d->ide_if[i * 2];
3230 uint8_t drive1_selected;
3231 qemu_put_8s(f, &s->cmd);
3232 drive1_selected = (s->cur_drive != s);
3233 qemu_put_8s(f, &drive1_selected);
3234 }
3235
3236 /* per IDE drive data */
3237 for(i = 0; i < 4; i++) {
3238 ide_save(f, &d->ide_if[i]);
3239 }
3240}
3241
3242static int pci_ide_load(QEMUFile* f, void *opaque, int version_id)
3243{
3244 PCIIDEState *d = opaque;
3245 int ret, i;
3246
93c8cfd9 3247 if (version_id != 2 && version_id != 3)
9b64997f
BS		 3248 return -EINVAL;
3249 ret = pci_device_load(&d->dev, f);
3250 if (ret < 0)
3251 return ret;
3252
3253 for(i = 0; i < 2; i++) {
3254 BMDMAState *bm = &d->bmdma[i];
428c5705 3255 uint8_t ifidx;
9b64997f
BS		 3256 qemu_get_8s(f, &bm->cmd);
3257 qemu_get_8s(f, &bm->status);
3258 qemu_get_be32s(f, &bm->addr);
428c5705
AL		 3259 qemu_get_sbe64s(f, &bm->sector_num);
3260 qemu_get_be32s(f, &bm->nsector);
3261 qemu_get_8s(f, &ifidx);
3262 bm->ide_if = &d->ide_if[ifidx];
9b64997f
BS		 3263 /* XXX: if a transfer is pending, we do not save it yet */
3264 }
3265
3266 /* per IDE interface data */
3267 for(i = 0; i < 2; i++) {
3268 IDEState *s = &d->ide_if[i * 2];
3269 uint8_t drive1_selected;
3270 qemu_get_8s(f, &s->cmd);
3271 qemu_get_8s(f, &drive1_selected);
3272 s->cur_drive = &d->ide_if[i * 2 + (drive1_selected != 0)];
3273 }
3274
3275 /* per IDE drive data */
3276 for(i = 0; i < 4; i++) {
93c8cfd9 3277 ide_load(f, &d->ide_if[i], version_id);
9b64997f
BS		 3278 }
3279 return 0;
3280}
3281
5457c8ce
FB		 3282/* XXX: call it also when the MRDMODE is changed from the PCI config
3283 registers */
3284static void cmd646_update_irq(PCIIDEState *d)
3285{
3286 int pci_level;
3287 pci_level = ((d->dev.config[MRDMODE] & MRDMODE_INTR_CH0) &&
3288 !(d->dev.config[MRDMODE] & MRDMODE_BLK_CH0)) ||
3289 ((d->dev.config[MRDMODE] & MRDMODE_INTR_CH1) &&
3290 !(d->dev.config[MRDMODE] & MRDMODE_BLK_CH1));
d537cf6c 3291 qemu_set_irq(d->dev.irq[0], pci_level);
5457c8ce
FB		 3292}
3293
3294/* the PCI irq level is the logical OR of the two channels */
3295static void cmd646_set_irq(void *opaque, int channel, int level)
3296{
3297 PCIIDEState *d = opaque;
3298 int irq_mask;
3299
3300 irq_mask = MRDMODE_INTR_CH0 << channel;
3301 if (level)
3302 d->dev.config[MRDMODE] |= irq_mask;
3303 else
3304 d->dev.config[MRDMODE] &= ~irq_mask;
3305 cmd646_update_irq(d);
3306}
3307
6e6b7363
BS		 3308static void cmd646_reset(void *opaque)
3309{
3310 PCIIDEState *d = opaque;
3311 unsigned int i;
3312
3313 for (i = 0; i < 2; i++)
3314 ide_dma_cancel(&d->bmdma[i]);
3315}
3316
5457c8ce
FB		 3317/* CMD646 PCI IDE controller */
3318void pci_cmd646_ide_init(PCIBus *bus, BlockDriverState **hd_table,
3319 int secondary_ide_enabled)
69b91039
FB		 3320{
3321 PCIIDEState *d;
3322 uint8_t *pci_conf;
34e538ae 3323 int i;
d537cf6c 3324 qemu_irq *irq;
34e538ae 3325
5fafdf24 3326 d = (PCIIDEState *)pci_register_device(bus, "CMD646 IDE",
5457c8ce 3327 sizeof(PCIIDEState),
5fafdf24 3328 -1,
73c11f63 3329 NULL, NULL);
5457c8ce 3330 d->type = IDE_TYPE_CMD646;
69b91039 3331 pci_conf = d->dev.config;
deb54399
AL		 3332 pci_config_set_vendor_id(pci_conf, PCI_VENDOR_ID_CMD);
3333 pci_config_set_device_id(pci_conf, PCI_DEVICE_ID_CMD_646);
5457c8ce
FB		 3334
3335 pci_conf[0x08] = 0x07; // IDE controller revision
5fafdf24 3336 pci_conf[0x09] = 0x8f;
5457c8ce 3337
173a543b 3338 pci_config_set_class(pci_conf, PCI_CLASS_STORAGE_IDE);
6407f373 3339 pci_conf[PCI_HEADER_TYPE] = PCI_HEADER_TYPE_NORMAL; // header_type
3b46e624 3340
0516ede0 3341 pci_conf[0x51] = 0x04; // enable IDE0
5457c8ce
FB		 3342 if (secondary_ide_enabled) {
3343 /* XXX: if not enabled, really disable the seconday IDE controller */
0516ede0 3344 pci_conf[0x51] |= 0x08; /* enable IDE1 */
5457c8ce 3345 }
69b91039 3346
28c2c264 3347 pci_register_bar((PCIDevice *)d, 0, 0x8,
69b91039 3348 PCI_ADDRESS_SPACE_IO, ide_map);
28c2c264 3349 pci_register_bar((PCIDevice *)d, 1, 0x4,
69b91039 3350 PCI_ADDRESS_SPACE_IO, ide_map);
28c2c264 3351 pci_register_bar((PCIDevice *)d, 2, 0x8,
69b91039 3352 PCI_ADDRESS_SPACE_IO, ide_map);
28c2c264 3353 pci_register_bar((PCIDevice *)d, 3, 0x4,
69b91039 3354 PCI_ADDRESS_SPACE_IO, ide_map);
28c2c264 3355 pci_register_bar((PCIDevice *)d, 4, 0x10,
98087450 3356 PCI_ADDRESS_SPACE_IO, bmdma_map);
69b91039 3357
34e538ae 3358 pci_conf[0x3d] = 0x01; // interrupt on pin 1
3b46e624 3359
34e538ae
FB		 3360 for(i = 0; i < 4; i++)
3361 d->ide_if[i].pci_dev = (PCIDevice *)d;
d537cf6c
PB		 3362
3363 irq = qemu_allocate_irqs(cmd646_set_irq, d, 2);
3364 ide_init2(&d->ide_if[0], hd_table[0], hd_table[1], irq[0]);
3365 ide_init2(&d->ide_if[2], hd_table[2], hd_table[3], irq[1]);
6e6b7363 3366
93c8cfd9 3367 register_savevm("ide", 0, 3, pci_ide_save, pci_ide_load, d);
a08d4367 3368 qemu_register_reset(cmd646_reset, d);
6e6b7363 3369 cmd646_reset(d);
34e538ae
FB		 3370}
3371
72c7b06c 3372static void piix3_reset(void *opaque)
e6a71ae3 3373{
72c7b06c 3374 PCIIDEState *d = opaque;
e6a71ae3 3375 uint8_t *pci_conf = d->dev.config;
72c7b06c
AL		 3376 int i;
3377
3378 for (i = 0; i < 2; i++)
3379 ide_dma_cancel(&d->bmdma[i]);
e6a71ae3
TS		 3380
3381 pci_conf[0x04] = 0x00;
3382 pci_conf[0x05] = 0x00;
3383 pci_conf[0x06] = 0x80; /* FBC */
3384 pci_conf[0x07] = 0x02; // PCI_status_devsel_medium
3385 pci_conf[0x20] = 0x01; /* BMIBA: 20-23h */
3386}
3387
34e538ae
FB		 3388/* hd_table must contain 4 block drivers */
3389/* NOTE: for the PIIX3, the IRQs and IOports are hardcoded */
d537cf6c
PB		 3390void pci_piix3_ide_init(PCIBus *bus, BlockDriverState **hd_table, int devfn,
3391 qemu_irq *pic)
34e538ae
FB		 3392{
3393 PCIIDEState *d;
3394 uint8_t *pci_conf;
b0a7b120 3395 int i;
3b46e624 3396
34e538ae 3397 /* register a function 1 of PIIX3 */
5fafdf24 3398 d = (PCIIDEState *)pci_register_device(bus, "PIIX3 IDE",
46e50e9d 3399 sizeof(PCIIDEState),
502a5395 3400 devfn,
34e538ae 3401 NULL, NULL);
5457c8ce
FB		 3402 d->type = IDE_TYPE_PIIX3;
3403
34e538ae 3404 pci_conf = d->dev.config;
deb54399
AL		 3405 pci_config_set_vendor_id(pci_conf, PCI_VENDOR_ID_INTEL);
3406 pci_config_set_device_id(pci_conf, PCI_DEVICE_ID_INTEL_82371SB_1);
92510b8c 3407 pci_conf[0x09] = 0x80; // legacy ATA mode
173a543b 3408 pci_config_set_class(pci_conf, PCI_CLASS_STORAGE_IDE);
6407f373 3409 pci_conf[PCI_HEADER_TYPE] = PCI_HEADER_TYPE_NORMAL; // header_type
34e538ae 3410
a08d4367 3411 qemu_register_reset(piix3_reset, d);
e6a71ae3
TS		 3412 piix3_reset(d);
3413
28c2c264 3414 pci_register_bar((PCIDevice *)d, 4, 0x10,
98087450 3415 PCI_ADDRESS_SPACE_IO, bmdma_map);
34e538ae 3416
d537cf6c
PB		 3417 ide_init2(&d->ide_if[0], hd_table[0], hd_table[1], pic[14]);
3418 ide_init2(&d->ide_if[2], hd_table[2], hd_table[3], pic[15]);
34e538ae
FB		 3419 ide_init_ioport(&d->ide_if[0], 0x1f0, 0x3f6);
3420 ide_init_ioport(&d->ide_if[2], 0x170, 0x376);
c3d78997 3421
b0a7b120
AL		 3422 for (i = 0; i < 4; i++)
3423 if (hd_table[i])
3424 hd_table[i]->private = &d->dev;
3425
93c8cfd9 3426 register_savevm("ide", 0, 3, pci_ide_save, pci_ide_load, d);
69b91039 3427}
1ade1de2 3428
afcc3cdf
TS		 3429/* hd_table must contain 4 block drivers */
3430/* NOTE: for the PIIX4, the IRQs and IOports are hardcoded */
3431void pci_piix4_ide_init(PCIBus *bus, BlockDriverState **hd_table, int devfn,
3432 qemu_irq *pic)
3433{
3434 PCIIDEState *d;
3435 uint8_t *pci_conf;
3436
3437 /* register a function 1 of PIIX4 */
3438 d = (PCIIDEState *)pci_register_device(bus, "PIIX4 IDE",
3439 sizeof(PCIIDEState),
3440 devfn,
3441 NULL, NULL);
3442 d->type = IDE_TYPE_PIIX4;
3443
3444 pci_conf = d->dev.config;
deb54399
AL		 3445 pci_config_set_vendor_id(pci_conf, PCI_VENDOR_ID_INTEL);
3446 pci_config_set_device_id(pci_conf, PCI_DEVICE_ID_INTEL_82371AB);
afcc3cdf 3447 pci_conf[0x09] = 0x80; // legacy ATA mode
173a543b 3448 pci_config_set_class(pci_conf, PCI_CLASS_STORAGE_IDE);
6407f373 3449 pci_conf[PCI_HEADER_TYPE] = PCI_HEADER_TYPE_NORMAL; // header_type
afcc3cdf 3450
a08d4367 3451 qemu_register_reset(piix3_reset, d);
afcc3cdf
TS		 3452 piix3_reset(d);
3453
28c2c264 3454 pci_register_bar((PCIDevice *)d, 4, 0x10,
afcc3cdf
TS		 3455 PCI_ADDRESS_SPACE_IO, bmdma_map);
3456
3457 ide_init2(&d->ide_if[0], hd_table[0], hd_table[1], pic[14]);
3458 ide_init2(&d->ide_if[2], hd_table[2], hd_table[3], pic[15]);
3459 ide_init_ioport(&d->ide_if[0], 0x1f0, 0x3f6);
3460 ide_init_ioport(&d->ide_if[2], 0x170, 0x376);
3461
93c8cfd9 3462 register_savevm("ide", 0, 3, pci_ide_save, pci_ide_load, d);
afcc3cdf
TS		 3463}
3464
e3007e66 3465#if defined(TARGET_PPC)
1ade1de2
FB		 3466/***********************************************************/
3467/* MacIO based PowerPC IDE */
3468
e3007e66
AJ		 3469typedef struct MACIOIDEState {
3470 IDEState ide_if[2];
862c9280 3471 BlockDriverAIOCB *aiocb;
e3007e66
AJ		 3472} MACIOIDEState;
3473
862c9280 3474static void pmac_ide_atapi_transfer_cb(void *opaque, int ret)
e3007e66 3475{
862c9280 3476 DBDMA_io *io = opaque;
b42ec42d 3477 MACIOIDEState *m = io->opaque;
e3007e66 3478 IDEState *s = m->ide_if->cur_drive;
e3007e66 3479
862c9280
AJ		 3480 if (ret < 0) {
3481 m->aiocb = NULL;
3482 qemu_sglist_destroy(&s->sg);
3483 ide_atapi_io_error(s, ret);
3484 io->dma_end(opaque);
3485 return;
3486 }
e3007e66 3487
862c9280
AJ		 3488 if (s->io_buffer_size > 0) {
3489 m->aiocb = NULL;
3490 qemu_sglist_destroy(&s->sg);
e3007e66 3491
862c9280 3492 s->packet_transfer_size -= s->io_buffer_size;
e3007e66 3493
862c9280
AJ		 3494 s->io_buffer_index += s->io_buffer_size;
3495 s->lba += s->io_buffer_index >> 11;
3496 s->io_buffer_index &= 0x7ff;
3497 }
e3007e66 3498
862c9280
AJ		 3499 if (s->packet_transfer_size <= 0)
3500 ide_atapi_cmd_ok(s);
e3007e66 3501
862c9280
AJ		 3502 if (io->len == 0) {
3503 io->dma_end(opaque);
3504 return;
e3007e66 3505 }
b42ec42d 3506
862c9280 3507 /* launch next transfer */
b42ec42d 3508
862c9280
AJ		 3509 s->io_buffer_size = io->len;
3510
3511 qemu_sglist_init(&s->sg, io->len / TARGET_PAGE_SIZE + 1);
3512 qemu_sglist_add(&s->sg, io->addr, io->len);
3513 io->addr += io->len;
3514 io->len = 0;
3515
3516 m->aiocb = dma_bdrv_read(s->bs, &s->sg,
3517 (int64_t)(s->lba << 2) + (s->io_buffer_index >> 9),
3518 pmac_ide_atapi_transfer_cb, io);
3519 if (!m->aiocb) {
3520 qemu_sglist_destroy(&s->sg);
3521 /* Note: media not present is the most likely case */
3522 ide_atapi_cmd_error(s, SENSE_NOT_READY,
3523 ASC_MEDIUM_NOT_PRESENT);
3524 io->dma_end(opaque);
3525 return;
e3007e66 3526 }
e3007e66
AJ		 3527}
3528
862c9280 3529static void pmac_ide_transfer_cb(void *opaque, int ret)
e3007e66 3530{
862c9280 3531 DBDMA_io *io = opaque;
b42ec42d 3532 MACIOIDEState *m = io->opaque;
e3007e66 3533 IDEState *s = m->ide_if->cur_drive;
862c9280 3534 int n;
e3007e66 3535 int64_t sector_num;
e3007e66 3536
862c9280
AJ		 3537 if (ret < 0) {
3538 m->aiocb = NULL;
3539 qemu_sglist_destroy(&s->sg);
3540 ide_dma_error(s);
3541 io->dma_end(io);
b42ec42d
AJ		 3542 return;
3543 }
e3007e66 3544
862c9280
AJ		 3545 sector_num = ide_get_sector(s);
3546 if (s->io_buffer_size > 0) {
3547 m->aiocb = NULL;
3548 qemu_sglist_destroy(&s->sg);
3549 n = (s->io_buffer_size + 0x1ff) >> 9;
3550 sector_num += n;
3551 ide_set_sector(s, sector_num);
3552 s->nsector -= n;
3553 }
3554
3555 /* end of transfer ? */
3556 if (s->nsector == 0) {
3557 s->status = READY_STAT | SEEK_STAT;
3558 ide_set_irq(s);
3559 }
e3007e66 3560
862c9280 3561 /* end of DMA ? */
e3007e66 3562
862c9280
AJ		 3563 if (io->len == 0) {
3564 io->dma_end(io);
3565 return;
3566 }
e3007e66 3567
862c9280 3568 /* launch next transfer */
e3007e66 3569
862c9280
AJ		 3570 s->io_buffer_index = 0;
3571 s->io_buffer_size = io->len;
e3007e66 3572
862c9280
AJ		 3573 qemu_sglist_init(&s->sg, io->len / TARGET_PAGE_SIZE + 1);
3574 qemu_sglist_add(&s->sg, io->addr, io->len);
3575 io->addr += io->len;
3576 io->len = 0;
e3007e66 3577
862c9280
AJ		 3578 if (s->is_read)
3579 m->aiocb = dma_bdrv_read(s->bs, &s->sg, sector_num,
3580 pmac_ide_transfer_cb, io);
3581 else
3582 m->aiocb = dma_bdrv_write(s->bs, &s->sg, sector_num,
3583 pmac_ide_transfer_cb, io);
3584 if (!m->aiocb)
3585 pmac_ide_transfer_cb(io, -1);
3586}
e3007e66 3587
862c9280
AJ		 3588static void pmac_ide_transfer(DBDMA_io *io)
3589{
3590 MACIOIDEState *m = io->opaque;
3591 IDEState *s = m->ide_if->cur_drive;
b42ec42d 3592
862c9280
AJ		 3593 s->io_buffer_size = 0;
3594 if (s->is_cdrom) {
3595 pmac_ide_atapi_transfer_cb(io, 0);
3596 return;
e3007e66
AJ		 3597 }
3598
862c9280
AJ		 3599 pmac_ide_transfer_cb(io, 0);
3600}
3601
3602static void pmac_ide_flush(DBDMA_io *io)
3603{
3604 MACIOIDEState *m = io->opaque;
3605
3606 if (m->aiocb)
3607 qemu_aio_flush();
e3007e66
AJ		 3608}
3609
1ade1de2
FB		 3610/* PowerMac IDE memory IO */
3611static void pmac_ide_writeb (void *opaque,
3612 target_phys_addr_t addr, uint32_t val)
3613{
e3007e66
AJ		 3614 MACIOIDEState *d = opaque;
3615
5fafdf24 3616 addr = (addr & 0xFFF) >> 4;
1ade1de2
FB		 3617 switch (addr) {
3618 case 1 ... 7:
e3007e66 3619 ide_ioport_write(d->ide_if, addr, val);
1ade1de2
FB		 3620 break;
3621 case 8:
3622 case 22:
e3007e66 3623 ide_cmd_write(d->ide_if, 0, val);
1ade1de2
FB		 3624 break;
3625 default:
3626 break;
3627 }
3628}
3629
3630static uint32_t pmac_ide_readb (void *opaque,target_phys_addr_t addr)
3631{
3632 uint8_t retval;
e3007e66 3633 MACIOIDEState *d = opaque;
1ade1de2
FB		 3634
3635 addr = (addr & 0xFFF) >> 4;
3636 switch (addr) {
3637 case 1 ... 7:
e3007e66 3638 retval = ide_ioport_read(d->ide_if, addr);
1ade1de2
FB		 3639 break;
3640 case 8:
3641 case 22:
e3007e66 3642 retval = ide_status_read(d->ide_if, 0);
1ade1de2
FB		 3643 break;
3644 default:
3645 retval = 0xFF;
3646 break;
3647 }
3648 return retval;
3649}
3650
3651static void pmac_ide_writew (void *opaque,
3652 target_phys_addr_t addr, uint32_t val)
3653{
e3007e66
AJ		 3654 MACIOIDEState *d = opaque;
3655
5fafdf24 3656 addr = (addr & 0xFFF) >> 4;
1ade1de2
FB		 3657#ifdef TARGET_WORDS_BIGENDIAN
3658 val = bswap16(val);
3659#endif
3660 if (addr == 0) {
e3007e66 3661 ide_data_writew(d->ide_if, 0, val);
1ade1de2
FB		 3662 }
3663}
3664
3665static uint32_t pmac_ide_readw (void *opaque,target_phys_addr_t addr)
3666{
3667 uint16_t retval;
e3007e66 3668 MACIOIDEState *d = opaque;
1ade1de2 3669
5fafdf24 3670 addr = (addr & 0xFFF) >> 4;
1ade1de2 3671 if (addr == 0) {
e3007e66 3672 retval = ide_data_readw(d->ide_if, 0);
1ade1de2
FB		 3673 } else {
3674 retval = 0xFFFF;
3675 }
3676#ifdef TARGET_WORDS_BIGENDIAN
3677 retval = bswap16(retval);
3678#endif
3679 return retval;
3680}
3681
3682static void pmac_ide_writel (void *opaque,
3683 target_phys_addr_t addr, uint32_t val)
3684{
e3007e66
AJ		 3685 MACIOIDEState *d = opaque;
3686
5fafdf24 3687 addr = (addr & 0xFFF) >> 4;
1ade1de2
FB		 3688#ifdef TARGET_WORDS_BIGENDIAN
3689 val = bswap32(val);
3690#endif
3691 if (addr == 0) {
e3007e66 3692 ide_data_writel(d->ide_if, 0, val);
1ade1de2
FB		 3693 }
3694}
3695
3696static uint32_t pmac_ide_readl (void *opaque,target_phys_addr_t addr)
3697{
3698 uint32_t retval;
e3007e66 3699 MACIOIDEState *d = opaque;
1ade1de2 3700
5fafdf24 3701 addr = (addr & 0xFFF) >> 4;
1ade1de2 3702 if (addr == 0) {
e3007e66 3703 retval = ide_data_readl(d->ide_if, 0);
1ade1de2
FB		 3704 } else {
3705 retval = 0xFFFFFFFF;
3706 }
3707#ifdef TARGET_WORDS_BIGENDIAN
3708 retval = bswap32(retval);
3709#endif
3710 return retval;
3711}
3712
3713static CPUWriteMemoryFunc *pmac_ide_write[] = {
3714 pmac_ide_writeb,
3715 pmac_ide_writew,
3716 pmac_ide_writel,
3717};
3718
3719static CPUReadMemoryFunc *pmac_ide_read[] = {
3720 pmac_ide_readb,
3721 pmac_ide_readw,
3722 pmac_ide_readl,
3723};
3724
9b64997f
BS		 3725static void pmac_ide_save(QEMUFile *f, void *opaque)
3726{
e3007e66
AJ		 3727 MACIOIDEState *d = opaque;
3728 IDEState *s = d->ide_if;
9b64997f
BS		 3729 uint8_t drive1_selected;
3730 unsigned int i;
3731
3732 /* per IDE interface data */
3733 qemu_put_8s(f, &s->cmd);
3734 drive1_selected = (s->cur_drive != s);
3735 qemu_put_8s(f, &drive1_selected);
3736
3737 /* per IDE drive data */
3738 for(i = 0; i < 2; i++) {
3739 ide_save(f, &s[i]);
3740 }
3741}
3742
3743static int pmac_ide_load(QEMUFile *f, void *opaque, int version_id)
3744{
e3007e66
AJ		 3745 MACIOIDEState *d = opaque;
3746 IDEState *s = d->ide_if;
9b64997f
BS		 3747 uint8_t drive1_selected;
3748 unsigned int i;
3749
93c8cfd9 3750 if (version_id != 1 && version_id != 3)
9b64997f
BS		 3751 return -EINVAL;
3752
3753 /* per IDE interface data */
3754 qemu_get_8s(f, &s->cmd);
3755 qemu_get_8s(f, &drive1_selected);
3756 s->cur_drive = &s[(drive1_selected != 0)];
3757
3758 /* per IDE drive data */
3759 for(i = 0; i < 2; i++) {
93c8cfd9 3760 ide_load(f, &s[i], version_id);
9b64997f
BS		 3761 }
3762 return 0;
3763}
3764
6e6b7363
BS		 3765static void pmac_ide_reset(void *opaque)
3766{
e3007e66
AJ		 3767 MACIOIDEState *d = opaque;
3768 IDEState *s = d->ide_if;
6e6b7363
BS		 3769
3770 ide_reset(&s[0]);
3771 ide_reset(&s[1]);
3772}
3773
1ade1de2
FB		 3774/* hd_table must contain 4 block drivers */
3775/* PowerMac uses memory mapped registers, not I/O. Return the memory
3776 I/O index to access the ide. */
e3007e66
AJ		 3777int pmac_ide_init (BlockDriverState **hd_table, qemu_irq irq,
3778 void *dbdma, int channel, qemu_irq dma_irq)
1ade1de2 3779{
e3007e66 3780 MACIOIDEState *d;
1ade1de2
FB		 3781 int pmac_ide_memory;
3782
e3007e66
AJ		 3783 d = qemu_mallocz(sizeof(MACIOIDEState));
3784 ide_init2(d->ide_if, hd_table[0], hd_table[1], irq);
3785
b42ec42d 3786 if (dbdma)
862c9280 3787 DBDMA_register_channel(dbdma, channel, dma_irq, pmac_ide_transfer, pmac_ide_flush, d);
3b46e624 3788
1eed09cb 3789 pmac_ide_memory = cpu_register_io_memory(pmac_ide_read,
e3007e66 3790 pmac_ide_write, d);
93c8cfd9 3791 register_savevm("ide", 0, 3, pmac_ide_save, pmac_ide_load, d);
a08d4367 3792 qemu_register_reset(pmac_ide_reset, d);
e3007e66
AJ		 3793 pmac_ide_reset(d);
3794
1ade1de2
FB		 3795 return pmac_ide_memory;
3796}
e3007e66 3797#endif /* TARGET_PPC */
201a51fc 3798
a4a771c0
AZ		 3799/***********************************************************/
3800/* MMIO based ide port
3801 * This emulates IDE device connected directly to the CPU bus without
3802 * dedicated ide controller, which is often seen on embedded boards.
3803 */
3804
3805typedef struct {
3806 void *dev;
3807 int shift;
3808} MMIOState;
3809
3810static uint32_t mmio_ide_read (void *opaque, target_phys_addr_t addr)
3811{
3812 MMIOState *s = (MMIOState*)opaque;
3813 IDEState *ide = (IDEState*)s->dev;
3814 addr >>= s->shift;
3815 if (addr & 7)
3816 return ide_ioport_read(ide, addr);
3817 else
3818 return ide_data_readw(ide, 0);
3819}
3820
3821static void mmio_ide_write (void *opaque, target_phys_addr_t addr,
3822 uint32_t val)
3823{
3824 MMIOState *s = (MMIOState*)opaque;
3825 IDEState *ide = (IDEState*)s->dev;
3826 addr >>= s->shift;
3827 if (addr & 7)
3828 ide_ioport_write(ide, addr, val);
3829 else
3830 ide_data_writew(ide, 0, val);
3831}
3832
3833static CPUReadMemoryFunc *mmio_ide_reads[] = {
3834 mmio_ide_read,
3835 mmio_ide_read,
3836 mmio_ide_read,
3837};
3838
3839static CPUWriteMemoryFunc *mmio_ide_writes[] = {
3840 mmio_ide_write,
3841 mmio_ide_write,
3842 mmio_ide_write,
3843};
3844
3845static uint32_t mmio_ide_status_read (void *opaque, target_phys_addr_t addr)
3846{
3847 MMIOState *s= (MMIOState*)opaque;
3848 IDEState *ide = (IDEState*)s->dev;
3849 return ide_status_read(ide, 0);
3850}
3851
3852static void mmio_ide_cmd_write (void *opaque, target_phys_addr_t addr,
3853 uint32_t val)
3854{
3855 MMIOState *s = (MMIOState*)opaque;
3856 IDEState *ide = (IDEState*)s->dev;
3857 ide_cmd_write(ide, 0, val);
3858}
3859
3860static CPUReadMemoryFunc *mmio_ide_status[] = {
3861 mmio_ide_status_read,
3862 mmio_ide_status_read,
3863 mmio_ide_status_read,
3864};
3865
3866static CPUWriteMemoryFunc *mmio_ide_cmd[] = {
3867 mmio_ide_cmd_write,
3868 mmio_ide_cmd_write,
3869 mmio_ide_cmd_write,
3870};
3871
3872void mmio_ide_init (target_phys_addr_t membase, target_phys_addr_t membase2,
3873 qemu_irq irq, int shift,
3874 BlockDriverState *hd0, BlockDriverState *hd1)
3875{
3876 MMIOState *s = qemu_mallocz(sizeof(MMIOState));
3877 IDEState *ide = qemu_mallocz(sizeof(IDEState) * 2);
3878 int mem1, mem2;
3879
3880 ide_init2(ide, hd0, hd1, irq);
3881
3882 s->dev = ide;
3883 s->shift = shift;
3884
1eed09cb
AK		 3885 mem1 = cpu_register_io_memory(mmio_ide_reads, mmio_ide_writes, s);
3886 mem2 = cpu_register_io_memory(mmio_ide_status, mmio_ide_cmd, s);
a4a771c0
AZ		 3887 cpu_register_physical_memory(membase, 16 << shift, mem1);
3888 cpu_register_physical_memory(membase2, 2 << shift, mem2);
3889}
3890
201a51fc
AZ		 3891/***********************************************************/
3892/* CF-ATA Microdrive */
3893
3894#define METADATA_SIZE 0x20
3895
3896/* DSCM-1XXXX Microdrive hard disk with CF+ II / PCMCIA interface. */
bc24a225 3897typedef struct {
201a51fc 3898 IDEState ide[2];
bc24a225 3899 PCMCIACardState card;
201a51fc
AZ		 3900 uint32_t attr_base;
3901 uint32_t io_base;
3902
3903 /* Card state */
3904 uint8_t opt;
3905 uint8_t stat;
3906 uint8_t pins;
3907
3908 uint8_t ctrl;
3909 uint16_t io;
3910 int cycle;
bc24a225 3911} MicroDriveState;
201a51fc
AZ		 3912
3913/* Register bitfields */
3914enum md_opt {
3915 OPT_MODE_MMAP = 0,
3916 OPT_MODE_IOMAP16 = 1,
3917 OPT_MODE_IOMAP1 = 2,
3918 OPT_MODE_IOMAP2 = 3,
3919 OPT_MODE = 0x3f,
3920 OPT_LEVIREQ = 0x40,
3921 OPT_SRESET = 0x80,
3922};
3923enum md_cstat {
3924 STAT_INT = 0x02,
3925 STAT_PWRDWN = 0x04,
3926 STAT_XE = 0x10,
3927 STAT_IOIS8 = 0x20,
3928 STAT_SIGCHG = 0x40,
3929 STAT_CHANGED = 0x80,
3930};
3931enum md_pins {
3932 PINS_MRDY = 0x02,
3933 PINS_CRDY = 0x20,
3934};
3935enum md_ctrl {
3936 CTRL_IEN = 0x02,
3937 CTRL_SRST = 0x04,
3938};
3939
bc24a225 3940static inline void md_interrupt_update(MicroDriveState *s)
201a51fc
AZ		 3941{
3942 if (!s->card.slot)
3943 return;
3944
3945 qemu_set_irq(s->card.slot->irq,
3946 !(s->stat & STAT_INT) && /* Inverted */
3947 !(s->ctrl & (CTRL_IEN | CTRL_SRST)) &&
3948 !(s->opt & OPT_SRESET));
3949}
3950
3951static void md_set_irq(void *opaque, int irq, int level)
3952{
bc24a225 3953 MicroDriveState *s = (MicroDriveState *) opaque;
201a51fc
AZ		 3954 if (level)
3955 s->stat |= STAT_INT;
3956 else
3957 s->stat &= ~STAT_INT;
3958
3959 md_interrupt_update(s);
3960}
3961
bc24a225 3962static void md_reset(MicroDriveState *s)
201a51fc
AZ		 3963{
3964 s->opt = OPT_MODE_MMAP;
3965 s->stat = 0;
3966 s->pins = 0;
3967 s->cycle = 0;
3968 s->ctrl = 0;
3969 ide_reset(s->ide);
3970}
3971
9e315fa9 3972static uint8_t md_attr_read(void *opaque, uint32_t at)
201a51fc 3973{
bc24a225 3974 MicroDriveState *s = (MicroDriveState *) opaque;
201a51fc
AZ		 3975 if (at < s->attr_base) {
3976 if (at < s->card.cis_len)
3977 return s->card.cis[at];
3978 else
3979 return 0x00;
3980 }
3981
3982 at -= s->attr_base;
3983
3984 switch (at) {
3985 case 0x00: /* Configuration Option Register */
3986 return s->opt;
3987 case 0x02: /* Card Configuration Status Register */
3988 if (s->ctrl & CTRL_IEN)
3989 return s->stat & ~STAT_INT;
3990 else
3991 return s->stat;
3992 case 0x04: /* Pin Replacement Register */
3993 return (s->pins & PINS_CRDY) | 0x0c;
3994 case 0x06: /* Socket and Copy Register */
3995 return 0x00;
3996#ifdef VERBOSE
3997 default:
3998 printf("%s: Bad attribute space register %02x\n", __FUNCTION__, at);
3999#endif
4000 }
4001
4002 return 0;
4003}
4004
9e315fa9 4005static void md_attr_write(void *opaque, uint32_t at, uint8_t value)
201a51fc 4006{
bc24a225 4007 MicroDriveState *s = (MicroDriveState *) opaque;
201a51fc
AZ		 4008 at -= s->attr_base;
4009
4010 switch (at) {
4011 case 0x00: /* Configuration Option Register */
4012 s->opt = value & 0xcf;
4013 if (value & OPT_SRESET)
4014 md_reset(s);
4015 md_interrupt_update(s);
4016 break;
4017 case 0x02: /* Card Configuration Status Register */
4018 if ((s->stat ^ value) & STAT_PWRDWN)
4019 s->pins |= PINS_CRDY;
4020 s->stat &= 0x82;
4021 s->stat |= value & 0x74;
4022 md_interrupt_update(s);
4023 /* Word 170 in Identify Device must be equal to STAT_XE */
4024 break;
4025 case 0x04: /* Pin Replacement Register */
4026 s->pins &= PINS_CRDY;
4027 s->pins |= value & PINS_MRDY;
4028 break;
4029 case 0x06: /* Socket and Copy Register */
4030 break;
4031 default:
4032 printf("%s: Bad attribute space register %02x\n", __FUNCTION__, at);
4033 }
4034}
4035
9e315fa9 4036static uint16_t md_common_read(void *opaque, uint32_t at)
201a51fc 4037{
bc24a225 4038 MicroDriveState *s = (MicroDriveState *) opaque;
201a51fc
AZ		 4039 uint16_t ret;
4040 at -= s->io_base;
4041
4042 switch (s->opt & OPT_MODE) {
4043 case OPT_MODE_MMAP:
4044 if ((at & ~0x3ff) == 0x400)
4045 at = 0;
4046 break;
4047 case OPT_MODE_IOMAP16:
4048 at &= 0xf;
4049 break;
4050 case OPT_MODE_IOMAP1:
4051 if ((at & ~0xf) == 0x3f0)
4052 at -= 0x3e8;
4053 else if ((at & ~0xf) == 0x1f0)
4054 at -= 0x1f0;
4055 break;
4056 case OPT_MODE_IOMAP2:
4057 if ((at & ~0xf) == 0x370)
4058 at -= 0x368;
4059 else if ((at & ~0xf) == 0x170)
4060 at -= 0x170;
4061 }
4062
4063 switch (at) {
4064 case 0x0: /* Even RD Data */
4065 case 0x8:
4066 return ide_data_readw(s->ide, 0);
4067
4068 /* TODO: 8-bit accesses */
4069 if (s->cycle)
4070 ret = s->io >> 8;
4071 else {
4072 s->io = ide_data_readw(s->ide, 0);
4073 ret = s->io & 0xff;
4074 }
4075 s->cycle = !s->cycle;
4076 return ret;
4077 case 0x9: /* Odd RD Data */
4078 return s->io >> 8;
4079 case 0xd: /* Error */
4080 return ide_ioport_read(s->ide, 0x1);
4081 case 0xe: /* Alternate Status */
4082 if (s->ide->cur_drive->bs)
4083 return s->ide->cur_drive->status;
4084 else
4085 return 0;
4086 case 0xf: /* Device Address */
4087 return 0xc2 | ((~s->ide->select << 2) & 0x3c);
4088 default:
4089 return ide_ioport_read(s->ide, at);
4090 }
4091
4092 return 0;
4093}
4094
9e315fa9 4095static void md_common_write(void *opaque, uint32_t at, uint16_t value)
201a51fc 4096{
bc24a225 4097 MicroDriveState *s = (MicroDriveState *) opaque;
201a51fc
AZ		 4098 at -= s->io_base;
4099
4100 switch (s->opt & OPT_MODE) {
4101 case OPT_MODE_MMAP:
4102 if ((at & ~0x3ff) == 0x400)
4103 at = 0;
4104 break;
4105 case OPT_MODE_IOMAP16:
4106 at &= 0xf;
4107 break;
4108 case OPT_MODE_IOMAP1:
4109 if ((at & ~0xf) == 0x3f0)
4110 at -= 0x3e8;
4111 else if ((at & ~0xf) == 0x1f0)
4112 at -= 0x1f0;
4113 break;
4114 case OPT_MODE_IOMAP2:
4115 if ((at & ~0xf) == 0x370)
4116 at -= 0x368;
4117 else if ((at & ~0xf) == 0x170)
4118 at -= 0x170;
4119 }
4120
4121 switch (at) {
4122 case 0x0: /* Even WR Data */
4123 case 0x8:
4124 ide_data_writew(s->ide, 0, value);
4125 break;
4126
4127 /* TODO: 8-bit accesses */
4128 if (s->cycle)
4129 ide_data_writew(s->ide, 0, s->io | (value << 8));
4130 else
4131 s->io = value & 0xff;
4132 s->cycle = !s->cycle;
4133 break;
4134 case 0x9:
4135 s->io = value & 0xff;
4136 s->cycle = !s->cycle;
4137 break;
4138 case 0xd: /* Features */
4139 ide_ioport_write(s->ide, 0x1, value);
4140 break;
4141 case 0xe: /* Device Control */
4142 s->ctrl = value;
4143 if (value & CTRL_SRST)
4144 md_reset(s);
4145 md_interrupt_update(s);
4146 break;
4147 default:
4148 if (s->stat & STAT_PWRDWN) {
4149 s->pins |= PINS_CRDY;
4150 s->stat &= ~STAT_PWRDWN;
4151 }
4152 ide_ioport_write(s->ide, at, value);
4153 }
4154}
4155
aa941b94
AZ		 4156static void md_save(QEMUFile *f, void *opaque)
4157{
bc24a225 4158 MicroDriveState *s = (MicroDriveState *) opaque;
aa941b94
AZ		 4159 int i;
4160 uint8_t drive1_selected;
4161
4162 qemu_put_8s(f, &s->opt);
4163 qemu_put_8s(f, &s->stat);
4164 qemu_put_8s(f, &s->pins);
4165
4166 qemu_put_8s(f, &s->ctrl);
4167 qemu_put_be16s(f, &s->io);
4168 qemu_put_byte(f, s->cycle);
4169
4170 drive1_selected = (s->ide->cur_drive != s->ide);
4171 qemu_put_8s(f, &s->ide->cmd);
4172 qemu_put_8s(f, &drive1_selected);
4173
4174 for (i = 0; i < 2; i ++)
4175 ide_save(f, &s->ide[i]);
4176}
4177
4178static int md_load(QEMUFile *f, void *opaque, int version_id)
4179{
bc24a225 4180 MicroDriveState *s = (MicroDriveState *) opaque;
aa941b94
AZ		 4181 int i;
4182 uint8_t drive1_selected;
4183
93c8cfd9
GN		 4184 if (version_id != 0 && version_id != 3)
4185 return -EINVAL;
4186
aa941b94
AZ		 4187 qemu_get_8s(f, &s->opt);
4188 qemu_get_8s(f, &s->stat);
4189 qemu_get_8s(f, &s->pins);
4190
4191 qemu_get_8s(f, &s->ctrl);
4192 qemu_get_be16s(f, &s->io);
4193 s->cycle = qemu_get_byte(f);
4194
4195 qemu_get_8s(f, &s->ide->cmd);
4196 qemu_get_8s(f, &drive1_selected);
4197 s->ide->cur_drive = &s->ide[(drive1_selected != 0)];
4198
4199 for (i = 0; i < 2; i ++)
93c8cfd9 4200 ide_load(f, &s->ide[i], version_id);
aa941b94
AZ		 4201
4202 return 0;
4203}
4204
201a51fc
AZ		 4205static const uint8_t dscm1xxxx_cis[0x14a] = {
4206 [0x000] = CISTPL_DEVICE, /* 5V Device Information */
4207 [0x002] = 0x03, /* Tuple length = 4 bytes */
4208 [0x004] = 0xdb, /* ID: DTYPE_FUNCSPEC, non WP, DSPEED_150NS */
4209 [0x006] = 0x01, /* Size = 2K bytes */
4210 [0x008] = CISTPL_ENDMARK,
4211
4212 [0x00a] = CISTPL_DEVICE_OC, /* Additional Device Information */
4213 [0x00c] = 0x04, /* Tuple length = 4 byest */
4214 [0x00e] = 0x03, /* Conditions: Ext = 0, Vcc 3.3V, MWAIT = 1 */
4215 [0x010] = 0xdb, /* ID: DTYPE_FUNCSPEC, non WP, DSPEED_150NS */
4216 [0x012] = 0x01, /* Size = 2K bytes */
4217 [0x014] = CISTPL_ENDMARK,
4218
4219 [0x016] = CISTPL_JEDEC_C, /* JEDEC ID */
4220 [0x018] = 0x02, /* Tuple length = 2 bytes */
4221 [0x01a] = 0xdf, /* PC Card ATA with no Vpp required */
4222 [0x01c] = 0x01,
4223
4224 [0x01e] = CISTPL_MANFID, /* Manufacture ID */
4225 [0x020] = 0x04, /* Tuple length = 4 bytes */
4226 [0x022] = 0xa4, /* TPLMID_MANF = 00a4 (IBM) */
4227 [0x024] = 0x00,
4228 [0x026] = 0x00, /* PLMID_CARD = 0000 */
4229 [0x028] = 0x00,
4230
4231 [0x02a] = CISTPL_VERS_1, /* Level 1 Version */
4232 [0x02c] = 0x12, /* Tuple length = 23 bytes */
4233 [0x02e] = 0x04, /* Major Version = JEIDA 4.2 / PCMCIA 2.1 */
4234 [0x030] = 0x01, /* Minor Version = 1 */
4235 [0x032] = 'I',
4236 [0x034] = 'B',
4237 [0x036] = 'M',
4238 [0x038] = 0x00,
4239 [0x03a] = 'm',
4240 [0x03c] = 'i',
4241 [0x03e] = 'c',
4242 [0x040] = 'r',
4243 [0x042] = 'o',
4244 [0x044] = 'd',
4245 [0x046] = 'r',
4246 [0x048] = 'i',
4247 [0x04a] = 'v',
4248 [0x04c] = 'e',
4249 [0x04e] = 0x00,
4250 [0x050] = CISTPL_ENDMARK,
4251
4252 [0x052] = CISTPL_FUNCID, /* Function ID */
4253 [0x054] = 0x02, /* Tuple length = 2 bytes */
4254 [0x056] = 0x04, /* TPLFID_FUNCTION = Fixed Disk */
4255 [0x058] = 0x01, /* TPLFID_SYSINIT: POST = 1, ROM = 0 */
4256
4257 [0x05a] = CISTPL_FUNCE, /* Function Extension */
4258 [0x05c] = 0x02, /* Tuple length = 2 bytes */
4259 [0x05e] = 0x01, /* TPLFE_TYPE = Disk Device Interface */
4260 [0x060] = 0x01, /* TPLFE_DATA = PC Card ATA Interface */
4261
4262 [0x062] = CISTPL_FUNCE, /* Function Extension */
4263 [0x064] = 0x03, /* Tuple length = 3 bytes */
4264 [0x066] = 0x02, /* TPLFE_TYPE = Basic PC Card ATA Interface */
4265 [0x068] = 0x08, /* TPLFE_DATA: Rotating, Unique, Single */
4266 [0x06a] = 0x0f, /* TPLFE_DATA: Sleep, Standby, Idle, Auto */
4267
4268 [0x06c] = CISTPL_CONFIG, /* Configuration */
4269 [0x06e] = 0x05, /* Tuple length = 5 bytes */
4270 [0x070] = 0x01, /* TPCC_RASZ = 2 bytes, TPCC_RMSZ = 1 byte */
4271 [0x072] = 0x07, /* TPCC_LAST = 7 */
4272 [0x074] = 0x00, /* TPCC_RADR = 0200 */
4273 [0x076] = 0x02,
4274 [0x078] = 0x0f, /* TPCC_RMSK = 200, 202, 204, 206 */
4275
4276 [0x07a] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
4277 [0x07c] = 0x0b, /* Tuple length = 11 bytes */
4278 [0x07e] = 0xc0, /* TPCE_INDX = Memory Mode, Default, Iface */
4279 [0x080] = 0xc0, /* TPCE_IF = Memory, no BVDs, no WP, READY */
4280 [0x082] = 0xa1, /* TPCE_FS = Vcc only, no I/O, Memory, Misc */
4281 [0x084] = 0x27, /* NomV = 1, MinV = 1, MaxV = 1, Peakl = 1 */
4282 [0x086] = 0x55, /* NomV: 5.0 V */
4283 [0x088] = 0x4d, /* MinV: 4.5 V */
4284 [0x08a] = 0x5d, /* MaxV: 5.5 V */
4285 [0x08c] = 0x4e, /* Peakl: 450 mA */
4286 [0x08e] = 0x08, /* TPCE_MS = 1 window, 1 byte, Host address */
4287 [0x090] = 0x00, /* Window descriptor: Window length = 0 */
4288 [0x092] = 0x20, /* TPCE_MI: support power down mode, RW */
4289
4290 [0x094] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
4291 [0x096] = 0x06, /* Tuple length = 6 bytes */
4292 [0x098] = 0x00, /* TPCE_INDX = Memory Mode, no Default */
4293 [0x09a] = 0x01, /* TPCE_FS = Vcc only, no I/O, no Memory */
4294 [0x09c] = 0x21, /* NomV = 1, MinV = 0, MaxV = 0, Peakl = 1 */
4295 [0x09e] = 0xb5, /* NomV: 3.3 V */
4296 [0x0a0] = 0x1e,
4297 [0x0a2] = 0x3e, /* Peakl: 350 mA */
4298
4299 [0x0a4] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
4300 [0x0a6] = 0x0d, /* Tuple length = 13 bytes */
4301 [0x0a8] = 0xc1, /* TPCE_INDX = I/O and Memory Mode, Default */
4302 [0x0aa] = 0x41, /* TPCE_IF = I/O and Memory, no BVD, no WP */
4303 [0x0ac] = 0x99, /* TPCE_FS = Vcc only, I/O, Interrupt, Misc */
4304 [0x0ae] = 0x27, /* NomV = 1, MinV = 1, MaxV = 1, Peakl = 1 */
4305 [0x0b0] = 0x55, /* NomV: 5.0 V */
4306 [0x0b2] = 0x4d, /* MinV: 4.5 V */
4307 [0x0b4] = 0x5d, /* MaxV: 5.5 V */
4308 [0x0b6] = 0x4e, /* Peakl: 450 mA */
4309 [0x0b8] = 0x64, /* TPCE_IO = 16-byte boundary, 16/8 accesses */
4310 [0x0ba] = 0xf0, /* TPCE_IR = MASK, Level, Pulse, Share */
4311 [0x0bc] = 0xff, /* IRQ0..IRQ7 supported */
4312 [0x0be] = 0xff, /* IRQ8..IRQ15 supported */
4313 [0x0c0] = 0x20, /* TPCE_MI = support power down mode */
4314
4315 [0x0c2] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
4316 [0x0c4] = 0x06, /* Tuple length = 6 bytes */
4317 [0x0c6] = 0x01, /* TPCE_INDX = I/O and Memory Mode */
4318 [0x0c8] = 0x01, /* TPCE_FS = Vcc only, no I/O, no Memory */
4319 [0x0ca] = 0x21, /* NomV = 1, MinV = 0, MaxV = 0, Peakl = 1 */
4320 [0x0cc] = 0xb5, /* NomV: 3.3 V */
4321 [0x0ce] = 0x1e,
4322 [0x0d0] = 0x3e, /* Peakl: 350 mA */
4323
4324 [0x0d2] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
4325 [0x0d4] = 0x12, /* Tuple length = 18 bytes */
4326 [0x0d6] = 0xc2, /* TPCE_INDX = I/O Primary Mode */
4327 [0x0d8] = 0x41, /* TPCE_IF = I/O and Memory, no BVD, no WP */
4328 [0x0da] = 0x99, /* TPCE_FS = Vcc only, I/O, Interrupt, Misc */
4329 [0x0dc] = 0x27, /* NomV = 1, MinV = 1, MaxV = 1, Peakl = 1 */
4330 [0x0de] = 0x55, /* NomV: 5.0 V */
4331 [0x0e0] = 0x4d, /* MinV: 4.5 V */
4332 [0x0e2] = 0x5d, /* MaxV: 5.5 V */
4333 [0x0e4] = 0x4e, /* Peakl: 450 mA */
4334 [0x0e6] = 0xea, /* TPCE_IO = 1K boundary, 16/8 access, Range */
4335 [0x0e8] = 0x61, /* Range: 2 fields, 2 bytes addr, 1 byte len */
4336 [0x0ea] = 0xf0, /* Field 1 address = 0x01f0 */
4337 [0x0ec] = 0x01,
4338 [0x0ee] = 0x07, /* Address block length = 8 */
4339 [0x0f0] = 0xf6, /* Field 2 address = 0x03f6 */
4340 [0x0f2] = 0x03,
4341 [0x0f4] = 0x01, /* Address block length = 2 */
4342 [0x0f6] = 0xee, /* TPCE_IR = IRQ E, Level, Pulse, Share */
4343 [0x0f8] = 0x20, /* TPCE_MI = support power down mode */
4344
4345 [0x0fa] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
4346 [0x0fc] = 0x06, /* Tuple length = 6 bytes */
4347 [0x0fe] = 0x02, /* TPCE_INDX = I/O Primary Mode, no Default */
4348 [0x100] = 0x01, /* TPCE_FS = Vcc only, no I/O, no Memory */
4349 [0x102] = 0x21, /* NomV = 1, MinV = 0, MaxV = 0, Peakl = 1 */
4350 [0x104] = 0xb5, /* NomV: 3.3 V */
4351 [0x106] = 0x1e,
4352 [0x108] = 0x3e, /* Peakl: 350 mA */
4353
4354 [0x10a] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
4355 [0x10c] = 0x12, /* Tuple length = 18 bytes */
4356 [0x10e] = 0xc3, /* TPCE_INDX = I/O Secondary Mode, Default */
4357 [0x110] = 0x41, /* TPCE_IF = I/O and Memory, no BVD, no WP */
4358 [0x112] = 0x99, /* TPCE_FS = Vcc only, I/O, Interrupt, Misc */
4359 [0x114] = 0x27, /* NomV = 1, MinV = 1, MaxV = 1, Peakl = 1 */
4360 [0x116] = 0x55, /* NomV: 5.0 V */
4361 [0x118] = 0x4d, /* MinV: 4.5 V */
4362 [0x11a] = 0x5d, /* MaxV: 5.5 V */
4363 [0x11c] = 0x4e, /* Peakl: 450 mA */
4364 [0x11e] = 0xea, /* TPCE_IO = 1K boundary, 16/8 access, Range */
4365 [0x120] = 0x61, /* Range: 2 fields, 2 byte addr, 1 byte len */
4366 [0x122] = 0x70, /* Field 1 address = 0x0170 */
4367 [0x124] = 0x01,
4368 [0x126] = 0x07, /* Address block length = 8 */
4369 [0x128] = 0x76, /* Field 2 address = 0x0376 */
4370 [0x12a] = 0x03,
4371 [0x12c] = 0x01, /* Address block length = 2 */
4372 [0x12e] = 0xee, /* TPCE_IR = IRQ E, Level, Pulse, Share */
4373 [0x130] = 0x20, /* TPCE_MI = support power down mode */
4374
4375 [0x132] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
4376 [0x134] = 0x06, /* Tuple length = 6 bytes */
4377 [0x136] = 0x03, /* TPCE_INDX = I/O Secondary Mode */
4378 [0x138] = 0x01, /* TPCE_FS = Vcc only, no I/O, no Memory */
4379 [0x13a] = 0x21, /* NomV = 1, MinV = 0, MaxV = 0, Peakl = 1 */
4380 [0x13c] = 0xb5, /* NomV: 3.3 V */
4381 [0x13e] = 0x1e,
4382 [0x140] = 0x3e, /* Peakl: 350 mA */
4383
4384 [0x142] = CISTPL_NO_LINK, /* No Link */
4385 [0x144] = 0x00, /* Tuple length = 0 bytes */
4386
4387 [0x146] = CISTPL_END, /* Tuple End */
4388};
4389
4390static int dscm1xxxx_attach(void *opaque)
4391{
bc24a225 4392 MicroDriveState *md = (MicroDriveState *) opaque;
201a51fc
AZ		 4393 md->card.attr_read = md_attr_read;
4394 md->card.attr_write = md_attr_write;
4395 md->card.common_read = md_common_read;
4396 md->card.common_write = md_common_write;
4397 md->card.io_read = md_common_read;
4398 md->card.io_write = md_common_write;
4399
4400 md->attr_base = md->card.cis[0x74] | (md->card.cis[0x76] << 8);
4401 md->io_base = 0x0;
4402
4403 md_reset(md);
4404 md_interrupt_update(md);
4405
4406 md->card.slot->card_string = "DSCM-1xxxx Hitachi Microdrive";
4407 return 0;
4408}
4409
4410static int dscm1xxxx_detach(void *opaque)
4411{
bc24a225 4412 MicroDriveState *md = (MicroDriveState *) opaque;
201a51fc
AZ		 4413 md_reset(md);
4414 return 0;
4415}
4416
bc24a225 4417PCMCIACardState *dscm1xxxx_init(BlockDriverState *bdrv)
201a51fc 4418{
bc24a225 4419 MicroDriveState *md = (MicroDriveState *) qemu_mallocz(sizeof(MicroDriveState));
201a51fc
AZ		 4420 md->card.state = md;
4421 md->card.attach = dscm1xxxx_attach;
4422 md->card.detach = dscm1xxxx_detach;
4423 md->card.cis = dscm1xxxx_cis;
4424 md->card.cis_len = sizeof(dscm1xxxx_cis);
4425
660f11be 4426 ide_init2(md->ide, bdrv, NULL, qemu_allocate_irqs(md_set_irq, md, 1)[0]);
201a51fc
AZ		 4427 md->ide->is_cf = 1;
4428 md->ide->mdata_size = METADATA_SIZE;
4429 md->ide->mdata_storage = (uint8_t *) qemu_mallocz(METADATA_SIZE);
aa941b94 4430
93c8cfd9 4431 register_savevm("microdrive", -1, 3, md_save, md_load, md);
aa941b94 4432
201a51fc
AZ		 4433 return &md->card;
4434}
Qemu copy for testing