]> git.proxmox.com Git - qemu.git/blame - hw/ide.c
projects / qemu.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
sd.c build fix.
[qemu.git] / hw / ide.c
CommitLineData
5391d806
FB		 1/*
2 * QEMU IDE disk and CD-ROM Emulator
5fafdf24 3 *
5391d806 4 * Copyright (c) 2003 Fabrice Bellard
201a51fc 5 * Copyright (c) 2006 Openedhand Ltd.
5fafdf24 6 *
5391d806
FB		 7 * Permission is hereby granted, free of charge, to any person obtaining a copy
8 * of this software and associated documentation files (the "Software"), to deal
9 * in the Software without restriction, including without limitation the rights
10 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
11 * copies of the Software, and to permit persons to whom the Software is
12 * furnished to do so, subject to the following conditions:
13 *
14 * The above copyright notice and this permission notice shall be included in
15 * all copies or substantial portions of the Software.
16 *
17 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
18 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
19 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
20 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
21 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
22 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
23 * THE SOFTWARE.
24 */
5391d806
FB		 25#include "vl.h"
26
5391d806
FB		 27/* debug IDE devices */
28//#define DEBUG_IDE
29//#define DEBUG_IDE_ATAPI
8ccad811
FB		 30//#define DEBUG_AIO
31#define USE_DMA_CDROM
5391d806
FB		 32
33/* Bits of HD_STATUS */
34#define ERR_STAT 0x01
35#define INDEX_STAT 0x02
36#define ECC_STAT 0x04 /* Corrected error */
37#define DRQ_STAT 0x08
38#define SEEK_STAT 0x10
39#define SRV_STAT 0x10
40#define WRERR_STAT 0x20
41#define READY_STAT 0x40
42#define BUSY_STAT 0x80
43
44/* Bits for HD_ERROR */
45#define MARK_ERR 0x01 /* Bad address mark */
46#define TRK0_ERR 0x02 /* couldn't find track 0 */
47#define ABRT_ERR 0x04 /* Command aborted */
48#define MCR_ERR 0x08 /* media change request */
49#define ID_ERR 0x10 /* ID field not found */
50#define MC_ERR 0x20 /* media changed */
51#define ECC_ERR 0x40 /* Uncorrectable ECC error */
52#define BBD_ERR 0x80 /* pre-EIDE meaning: block marked bad */
53#define ICRC_ERR 0x80 /* new meaning: CRC error during transfer */
54
55/* Bits of HD_NSECTOR */
56#define CD 0x01
57#define IO 0x02
58#define REL 0x04
59#define TAG_MASK 0xf8
60
61#define IDE_CMD_RESET 0x04
62#define IDE_CMD_DISABLE_IRQ 0x02
63
64/* ATA/ATAPI Commands pre T13 Spec */
65#define WIN_NOP 0x00
66/*
67 * 0x01->0x02 Reserved
68 */
69#define CFA_REQ_EXT_ERROR_CODE 0x03 /* CFA Request Extended Error Code */
70/*
71 * 0x04->0x07 Reserved
72 */
73#define WIN_SRST 0x08 /* ATAPI soft reset command */
74#define WIN_DEVICE_RESET 0x08
75/*
76 * 0x09->0x0F Reserved
77 */
78#define WIN_RECAL 0x10
79#define WIN_RESTORE WIN_RECAL
80/*
81 * 0x10->0x1F Reserved
82 */
83#define WIN_READ 0x20 /* 28-Bit */
84#define WIN_READ_ONCE 0x21 /* 28-Bit without retries */
85#define WIN_READ_LONG 0x22 /* 28-Bit */
86#define WIN_READ_LONG_ONCE 0x23 /* 28-Bit without retries */
87#define WIN_READ_EXT 0x24 /* 48-Bit */
88#define WIN_READDMA_EXT 0x25 /* 48-Bit */
89#define WIN_READDMA_QUEUED_EXT 0x26 /* 48-Bit */
90#define WIN_READ_NATIVE_MAX_EXT 0x27 /* 48-Bit */
91/*
92 * 0x28
93 */
94#define WIN_MULTREAD_EXT 0x29 /* 48-Bit */
95/*
96 * 0x2A->0x2F Reserved
97 */
98#define WIN_WRITE 0x30 /* 28-Bit */
99#define WIN_WRITE_ONCE 0x31 /* 28-Bit without retries */
100#define WIN_WRITE_LONG 0x32 /* 28-Bit */
101#define WIN_WRITE_LONG_ONCE 0x33 /* 28-Bit without retries */
102#define WIN_WRITE_EXT 0x34 /* 48-Bit */
103#define WIN_WRITEDMA_EXT 0x35 /* 48-Bit */
104#define WIN_WRITEDMA_QUEUED_EXT 0x36 /* 48-Bit */
105#define WIN_SET_MAX_EXT 0x37 /* 48-Bit */
106#define CFA_WRITE_SECT_WO_ERASE 0x38 /* CFA Write Sectors without erase */
107#define WIN_MULTWRITE_EXT 0x39 /* 48-Bit */
108/*
109 * 0x3A->0x3B Reserved
110 */
111#define WIN_WRITE_VERIFY 0x3C /* 28-Bit */
112/*
113 * 0x3D->0x3F Reserved
114 */
115#define WIN_VERIFY 0x40 /* 28-Bit - Read Verify Sectors */
116#define WIN_VERIFY_ONCE 0x41 /* 28-Bit - without retries */
117#define WIN_VERIFY_EXT 0x42 /* 48-Bit */
118/*
119 * 0x43->0x4F Reserved
120 */
121#define WIN_FORMAT 0x50
122/*
123 * 0x51->0x5F Reserved
124 */
125#define WIN_INIT 0x60
126/*
127 * 0x61->0x5F Reserved
128 */
129#define WIN_SEEK 0x70 /* 0x70-0x7F Reserved */
130#define CFA_TRANSLATE_SECTOR 0x87 /* CFA Translate Sector */
131#define WIN_DIAGNOSE 0x90
132#define WIN_SPECIFY 0x91 /* set drive geometry translation */
133#define WIN_DOWNLOAD_MICROCODE 0x92
134#define WIN_STANDBYNOW2 0x94
201a51fc 135#define CFA_IDLEIMMEDIATE 0x95 /* force drive to become "ready" */
5391d806
FB		 136#define WIN_STANDBY2 0x96
137#define WIN_SETIDLE2 0x97
138#define WIN_CHECKPOWERMODE2 0x98
139#define WIN_SLEEPNOW2 0x99
140/*
141 * 0x9A VENDOR
142 */
143#define WIN_PACKETCMD 0xA0 /* Send a packet command. */
144#define WIN_PIDENTIFY 0xA1 /* identify ATAPI device */
145#define WIN_QUEUED_SERVICE 0xA2
146#define WIN_SMART 0xB0 /* self-monitoring and reporting */
201a51fc
AZ		 147#define CFA_ACCESS_METADATA_STORAGE 0xB8
148#define CFA_ERASE_SECTORS 0xC0 /* microdrives implement as NOP */
5391d806
FB		 149#define WIN_MULTREAD 0xC4 /* read sectors using multiple mode*/
150#define WIN_MULTWRITE 0xC5 /* write sectors using multiple mode */
151#define WIN_SETMULT 0xC6 /* enable/disable multiple mode */
152#define WIN_READDMA_QUEUED 0xC7 /* read sectors using Queued DMA transfers */
153#define WIN_READDMA 0xC8 /* read sectors using DMA transfers */
154#define WIN_READDMA_ONCE 0xC9 /* 28-Bit - without retries */
155#define WIN_WRITEDMA 0xCA /* write sectors using DMA transfers */
156#define WIN_WRITEDMA_ONCE 0xCB /* 28-Bit - without retries */
157#define WIN_WRITEDMA_QUEUED 0xCC /* write sectors using Queued DMA transfers */
158#define CFA_WRITE_MULTI_WO_ERASE 0xCD /* CFA Write multiple without erase */
5fafdf24 159#define WIN_GETMEDIASTATUS 0xDA
5391d806
FB		 160#define WIN_ACKMEDIACHANGE 0xDB /* ATA-1, ATA-2 vendor */
161#define WIN_POSTBOOT 0xDC
162#define WIN_PREBOOT 0xDD
163#define WIN_DOORLOCK 0xDE /* lock door on removable drives */
164#define WIN_DOORUNLOCK 0xDF /* unlock door on removable drives */
165#define WIN_STANDBYNOW1 0xE0
166#define WIN_IDLEIMMEDIATE 0xE1 /* force drive to become "ready" */
167#define WIN_STANDBY 0xE2 /* Set device in Standby Mode */
168#define WIN_SETIDLE1 0xE3
169#define WIN_READ_BUFFER 0xE4 /* force read only 1 sector */
170#define WIN_CHECKPOWERMODE1 0xE5
171#define WIN_SLEEPNOW1 0xE6
172#define WIN_FLUSH_CACHE 0xE7
173#define WIN_WRITE_BUFFER 0xE8 /* force write only 1 sector */
174#define WIN_WRITE_SAME 0xE9 /* read ata-2 to use */
175 /* SET_FEATURES 0x22 or 0xDD */
176#define WIN_FLUSH_CACHE_EXT 0xEA /* 48-Bit */
177#define WIN_IDENTIFY 0xEC /* ask drive to identify itself */
178#define WIN_MEDIAEJECT 0xED
179#define WIN_IDENTIFY_DMA 0xEE /* same as WIN_IDENTIFY, but DMA */
180#define WIN_SETFEATURES 0xEF /* set special drive features */
181#define EXABYTE_ENABLE_NEST 0xF0
201a51fc 182#define IBM_SENSE_CONDITION 0xF0 /* measure disk temperature */
5391d806
FB		 183#define WIN_SECURITY_SET_PASS 0xF1
184#define WIN_SECURITY_UNLOCK 0xF2
185#define WIN_SECURITY_ERASE_PREPARE 0xF3
186#define WIN_SECURITY_ERASE_UNIT 0xF4
187#define WIN_SECURITY_FREEZE_LOCK 0xF5
201a51fc 188#define CFA_WEAR_LEVEL 0xF5 /* microdrives implement as NOP */
5391d806
FB		 189#define WIN_SECURITY_DISABLE 0xF6
190#define WIN_READ_NATIVE_MAX 0xF8 /* return the native maximum address */
191#define WIN_SET_MAX 0xF9
192#define DISABLE_SEAGATE 0xFB
193
194/* set to 1 set disable mult support */
f66723fa 195#define MAX_MULT_SECTORS 16
5391d806
FB		 196
197/* ATAPI defines */
198
199#define ATAPI_PACKET_SIZE 12
200
201/* The generic packet command opcodes for CD/DVD Logical Units,
202 * From Table 57 of the SFF8090 Ver. 3 (Mt. Fuji) draft standard. */
203#define GPCMD_BLANK 0xa1
204#define GPCMD_CLOSE_TRACK 0x5b
205#define GPCMD_FLUSH_CACHE 0x35
206#define GPCMD_FORMAT_UNIT 0x04
207#define GPCMD_GET_CONFIGURATION 0x46
208#define GPCMD_GET_EVENT_STATUS_NOTIFICATION 0x4a
209#define GPCMD_GET_PERFORMANCE 0xac
210#define GPCMD_INQUIRY 0x12
211#define GPCMD_LOAD_UNLOAD 0xa6
212#define GPCMD_MECHANISM_STATUS 0xbd
213#define GPCMD_MODE_SELECT_10 0x55
214#define GPCMD_MODE_SENSE_10 0x5a
215#define GPCMD_PAUSE_RESUME 0x4b
216#define GPCMD_PLAY_AUDIO_10 0x45
217#define GPCMD_PLAY_AUDIO_MSF 0x47
218#define GPCMD_PLAY_AUDIO_TI 0x48
219#define GPCMD_PLAY_CD 0xbc
220#define GPCMD_PREVENT_ALLOW_MEDIUM_REMOVAL 0x1e
221#define GPCMD_READ_10 0x28
222#define GPCMD_READ_12 0xa8
223#define GPCMD_READ_CDVD_CAPACITY 0x25
224#define GPCMD_READ_CD 0xbe
225#define GPCMD_READ_CD_MSF 0xb9
226#define GPCMD_READ_DISC_INFO 0x51
227#define GPCMD_READ_DVD_STRUCTURE 0xad
228#define GPCMD_READ_FORMAT_CAPACITIES 0x23
229#define GPCMD_READ_HEADER 0x44
230#define GPCMD_READ_TRACK_RZONE_INFO 0x52
231#define GPCMD_READ_SUBCHANNEL 0x42
232#define GPCMD_READ_TOC_PMA_ATIP 0x43
233#define GPCMD_REPAIR_RZONE_TRACK 0x58
234#define GPCMD_REPORT_KEY 0xa4
235#define GPCMD_REQUEST_SENSE 0x03
236#define GPCMD_RESERVE_RZONE_TRACK 0x53
237#define GPCMD_SCAN 0xba
238#define GPCMD_SEEK 0x2b
239#define GPCMD_SEND_DVD_STRUCTURE 0xad
240#define GPCMD_SEND_EVENT 0xa2
241#define GPCMD_SEND_KEY 0xa3
242#define GPCMD_SEND_OPC 0x54
243#define GPCMD_SET_READ_AHEAD 0xa7
244#define GPCMD_SET_STREAMING 0xb6
245#define GPCMD_START_STOP_UNIT 0x1b
246#define GPCMD_STOP_PLAY_SCAN 0x4e
247#define GPCMD_TEST_UNIT_READY 0x00
248#define GPCMD_VERIFY_10 0x2f
249#define GPCMD_WRITE_10 0x2a
250#define GPCMD_WRITE_AND_VERIFY_10 0x2e
5fafdf24 251/* This is listed as optional in ATAPI 2.6, but is (curiously)
5391d806
FB		 252 * missing from Mt. Fuji, Table 57. It _is_ mentioned in Mt. Fuji
253 * Table 377 as an MMC command for SCSi devices though... Most ATAPI
254 * drives support it. */
255#define GPCMD_SET_SPEED 0xbb
5fafdf24 256/* This seems to be a SCSI specific CD-ROM opcode
5391d806
FB		 257 * to play data at track/index */
258#define GPCMD_PLAYAUDIO_TI 0x48
259/*
260 * From MS Media Status Notification Support Specification. For
261 * older drives only.
262 */
263#define GPCMD_GET_MEDIA_STATUS 0xda
d14049ea 264#define GPCMD_MODE_SENSE_6 0x1a
5391d806
FB		 265
266/* Mode page codes for mode sense/set */
267#define GPMODE_R_W_ERROR_PAGE 0x01
268#define GPMODE_WRITE_PARMS_PAGE 0x05
269#define GPMODE_AUDIO_CTL_PAGE 0x0e
270#define GPMODE_POWER_PAGE 0x1a
271#define GPMODE_FAULT_FAIL_PAGE 0x1c
272#define GPMODE_TO_PROTECT_PAGE 0x1d
273#define GPMODE_CAPABILITIES_PAGE 0x2a
274#define GPMODE_ALL_PAGES 0x3f
275/* Not in Mt. Fuji, but in ATAPI 2.6 -- depricated now in favor
276 * of MODE_SENSE_POWER_PAGE */
277#define GPMODE_CDROM_PAGE 0x0d
278
279#define ATAPI_INT_REASON_CD 0x01 /* 0 = data transfer */
280#define ATAPI_INT_REASON_IO 0x02 /* 1 = transfer to the host */
281#define ATAPI_INT_REASON_REL 0x04
282#define ATAPI_INT_REASON_TAG 0xf8
283
284/* same constants as bochs */
7f777bf3 285#define ASC_ILLEGAL_OPCODE 0x20
5391d806
FB		 286#define ASC_LOGICAL_BLOCK_OOR 0x21
287#define ASC_INV_FIELD_IN_CMD_PACKET 0x24
288#define ASC_MEDIUM_NOT_PRESENT 0x3a
289#define ASC_SAVING_PARAMETERS_NOT_SUPPORTED 0x39
290
201a51fc
AZ		 291#define CFA_NO_ERROR 0x00
292#define CFA_MISC_ERROR 0x09
293#define CFA_INVALID_COMMAND 0x20
294#define CFA_INVALID_ADDRESS 0x21
295#define CFA_ADDRESS_OVERFLOW 0x2f
296
5391d806
FB		 297#define SENSE_NONE 0
298#define SENSE_NOT_READY 2
299#define SENSE_ILLEGAL_REQUEST 5
300#define SENSE_UNIT_ATTENTION 6
301
302struct IDEState;
303
304typedef void EndTransferFunc(struct IDEState *);
305
caed8802 306/* NOTE: IDEState represents in fact one drive */
5391d806
FB		 307typedef struct IDEState {
308 /* ide config */
309 int is_cdrom;
201a51fc 310 int is_cf;
5391d806
FB		 311 int cylinders, heads, sectors;
312 int64_t nb_sectors;
313 int mult_sectors;
94458802
FB		 314 int identify_set;
315 uint16_t identify_data[256];
d537cf6c 316 qemu_irq irq;
34e538ae 317 PCIDevice *pci_dev;
98087450 318 struct BMDMAState *bmdma;
aedf5382 319 int drive_serial;
5391d806
FB		 320 /* ide regs */
321 uint8_t feature;
322 uint8_t error;
c2ff060f 323 uint32_t nsector;
5391d806
FB		 324 uint8_t sector;
325 uint8_t lcyl;
326 uint8_t hcyl;
c2ff060f
FB		 327 /* other part of tf for lba48 support */
328 uint8_t hob_feature;
329 uint8_t hob_nsector;
330 uint8_t hob_sector;
331 uint8_t hob_lcyl;
332 uint8_t hob_hcyl;
333
5391d806
FB		 334 uint8_t select;
335 uint8_t status;
c2ff060f 336
5391d806
FB		 337 /* 0x3f6 command, only meaningful for drive 0 */
338 uint8_t cmd;
c2ff060f
FB		 339 /* set for lba48 access */
340 uint8_t lba48;
5391d806 341 /* depends on bit 4 in select, only meaningful for drive 0 */
5fafdf24 342 struct IDEState *cur_drive;
5391d806
FB		 343 BlockDriverState *bs;
344 /* ATAPI specific */
345 uint8_t sense_key;
346 uint8_t asc;
347 int packet_transfer_size;
348 int elementary_transfer_size;
349 int io_buffer_index;
350 int lba;
98087450
FB		 351 int cd_sector_size;
352 int atapi_dma; /* true if dma is requested for the packet cmd */
353 /* ATA DMA state */
354 int io_buffer_size;
355 /* PIO transfer handling */
5391d806
FB		 356 int req_nb_sectors; /* number of sectors per interrupt */
357 EndTransferFunc *end_transfer_func;
358 uint8_t *data_ptr;
359 uint8_t *data_end;
360 uint8_t io_buffer[MAX_MULT_SECTORS*512 + 4];
31c2a146 361 QEMUTimer *sector_write_timer; /* only used for win2k install hack */
e774a278 362 uint32_t irq_count; /* counts IRQs when using win2k install hack */
201a51fc
AZ		 363 /* CF-ATA extended error */
364 uint8_t ext_error;
365 /* CF-ATA metadata storage */
366 uint32_t mdata_size;
367 uint8_t *mdata_storage;
368 int media_changed;
5391d806
FB		 369} IDEState;
370
98087450
FB		 371#define BM_STATUS_DMAING 0x01
372#define BM_STATUS_ERROR 0x02
373#define BM_STATUS_INT 0x04
374
375#define BM_CMD_START 0x01
376#define BM_CMD_READ 0x08
377
5457c8ce
FB		 378#define IDE_TYPE_PIIX3 0
379#define IDE_TYPE_CMD646 1
afcc3cdf 380#define IDE_TYPE_PIIX4 2
5457c8ce
FB		 381
382/* CMD646 specific */
383#define MRDMODE 0x71
384#define MRDMODE_INTR_CH0 0x04
385#define MRDMODE_INTR_CH1 0x08
386#define MRDMODE_BLK_CH0 0x10
387#define MRDMODE_BLK_CH1 0x20
388#define UDIDETCR0 0x73
389#define UDIDETCR1 0x7B
390
98087450
FB		 391typedef struct BMDMAState {
392 uint8_t cmd;
393 uint8_t status;
394 uint32_t addr;
3b46e624 395
5457c8ce 396 struct PCIIDEState *pci_dev;
98087450 397 /* current transfer state */
8ccad811
FB		 398 uint32_t cur_addr;
399 uint32_t cur_prd_last;
400 uint32_t cur_prd_addr;
401 uint32_t cur_prd_len;
98087450 402 IDEState *ide_if;
8ccad811
FB		 403 BlockDriverCompletionFunc *dma_cb;
404 BlockDriverAIOCB *aiocb;
98087450
FB		 405} BMDMAState;
406
407typedef struct PCIIDEState {
408 PCIDevice dev;
409 IDEState ide_if[4];
410 BMDMAState bmdma[2];
5457c8ce 411 int type; /* see IDE_TYPE_xxx */
98087450
FB		 412} PCIIDEState;
413
8ccad811 414static void ide_dma_start(IDEState *s, BlockDriverCompletionFunc *dma_cb);
5f12ab4b 415static void ide_atapi_cmd_read_dma_cb(void *opaque, int ret);
98087450 416
5391d806
FB		 417static void padstr(char *str, const char *src, int len)
418{
419 int i, v;
420 for(i = 0; i < len; i++) {
421 if (*src)
422 v = *src++;
423 else
424 v = ' ';
425 *(char *)((long)str ^ 1) = v;
426 str++;
427 }
428}
429
bd0d90b2
FB		 430static void padstr8(uint8_t *buf, int buf_size, const char *src)
431{
432 int i;
433 for(i = 0; i < buf_size; i++) {
434 if (*src)
435 buf[i] = *src++;
436 else
437 buf[i] = ' ';
438 }
439}
440
67b915a5
FB		 441static void put_le16(uint16_t *p, unsigned int v)
442{
0c4ad8dc 443 *p = cpu_to_le16(v);
67b915a5
FB		 444}
445
5391d806
FB		 446static void ide_identify(IDEState *s)
447{
448 uint16_t *p;
449 unsigned int oldsize;
aedf5382 450 char buf[20];
5391d806 451
94458802
FB		 452 if (s->identify_set) {
453 memcpy(s->io_buffer, s->identify_data, sizeof(s->identify_data));
454 return;
455 }
456
5391d806
FB		 457 memset(s->io_buffer, 0, 512);
458 p = (uint16_t *)s->io_buffer;
67b915a5 459 put_le16(p + 0, 0x0040);
5fafdf24 460 put_le16(p + 1, s->cylinders);
67b915a5
FB		 461 put_le16(p + 3, s->heads);
462 put_le16(p + 4, 512 * s->sectors); /* XXX: retired, remove ? */
463 put_le16(p + 5, 512); /* XXX: retired, remove ? */
5fafdf24 464 put_le16(p + 6, s->sectors);
aedf5382
FB		 465 snprintf(buf, sizeof(buf), "QM%05d", s->drive_serial);
466 padstr((uint8_t *)(p + 10), buf, 20); /* serial number */
67b915a5
FB		 467 put_le16(p + 20, 3); /* XXX: retired, remove ? */
468 put_le16(p + 21, 512); /* cache size in sectors */
469 put_le16(p + 22, 4); /* ecc bytes */
5391d806
FB		 470 padstr((uint8_t *)(p + 23), QEMU_VERSION, 8); /* firmware version */
471 padstr((uint8_t *)(p + 27), "QEMU HARDDISK", 40); /* model */
3b46e624 472#if MAX_MULT_SECTORS > 1
67b915a5 473 put_le16(p + 47, 0x8000 | MAX_MULT_SECTORS);
5391d806 474#endif
67b915a5 475 put_le16(p + 48, 1); /* dword I/O */
94458802 476 put_le16(p + 49, (1 << 11) | (1 << 9) | (1 << 8)); /* DMA and LBA supported */
67b915a5
FB		 477 put_le16(p + 51, 0x200); /* PIO transfer cycle */
478 put_le16(p + 52, 0x200); /* DMA transfer cycle */
94458802 479 put_le16(p + 53, 1 | (1 << 1) | (1 << 2)); /* words 54-58,64-70,88 are valid */
67b915a5
FB		 480 put_le16(p + 54, s->cylinders);
481 put_le16(p + 55, s->heads);
482 put_le16(p + 56, s->sectors);
5391d806 483 oldsize = s->cylinders * s->heads * s->sectors;
67b915a5
FB		 484 put_le16(p + 57, oldsize);
485 put_le16(p + 58, oldsize >> 16);
5391d806 486 if (s->mult_sectors)
67b915a5
FB		 487 put_le16(p + 59, 0x100 | s->mult_sectors);
488 put_le16(p + 60, s->nb_sectors);
489 put_le16(p + 61, s->nb_sectors >> 16);
94458802
FB		 490 put_le16(p + 63, 0x07); /* mdma0-2 supported */
491 put_le16(p + 65, 120);
492 put_le16(p + 66, 120);
493 put_le16(p + 67, 120);
494 put_le16(p + 68, 120);
495 put_le16(p + 80, 0xf0); /* ata3 -> ata6 supported */
496 put_le16(p + 81, 0x16); /* conforms to ata5 */
67b915a5 497 put_le16(p + 82, (1 << 14));
c2ff060f
FB		 498 /* 13=flush_cache_ext,12=flush_cache,10=lba48 */
499 put_le16(p + 83, (1 << 14) | (1 << 13) | (1 <<12) | (1 << 10));
67b915a5
FB		 500 put_le16(p + 84, (1 << 14));
501 put_le16(p + 85, (1 << 14));
c2ff060f
FB		 502 /* 13=flush_cache_ext,12=flush_cache,10=lba48 */
503 put_le16(p + 86, (1 << 14) | (1 << 13) | (1 <<12) | (1 << 10));
67b915a5 504 put_le16(p + 87, (1 << 14));
94458802
FB		 505 put_le16(p + 88, 0x3f | (1 << 13)); /* udma5 set and supported */
506 put_le16(p + 93, 1 | (1 << 14) | 0x2000);
c2ff060f
FB		 507 put_le16(p + 100, s->nb_sectors);
508 put_le16(p + 101, s->nb_sectors >> 16);
509 put_le16(p + 102, s->nb_sectors >> 32);
510 put_le16(p + 103, s->nb_sectors >> 48);
94458802
FB		 511
512 memcpy(s->identify_data, p, sizeof(s->identify_data));
513 s->identify_set = 1;
5391d806
FB		 514}
515
516static void ide_atapi_identify(IDEState *s)
517{
518 uint16_t *p;
aedf5382 519 char buf[20];
5391d806 520
94458802
FB		 521 if (s->identify_set) {
522 memcpy(s->io_buffer, s->identify_data, sizeof(s->identify_data));
523 return;
524 }
525
5391d806
FB		 526 memset(s->io_buffer, 0, 512);
527 p = (uint16_t *)s->io_buffer;
528 /* Removable CDROM, 50us response, 12 byte packets */
67b915a5 529 put_le16(p + 0, (2 << 14) | (5 << 8) | (1 << 7) | (2 << 5) | (0 << 0));
aedf5382
FB		 530 snprintf(buf, sizeof(buf), "QM%05d", s->drive_serial);
531 padstr((uint8_t *)(p + 10), buf, 20); /* serial number */
67b915a5
FB		 532 put_le16(p + 20, 3); /* buffer type */
533 put_le16(p + 21, 512); /* cache size in sectors */
534 put_le16(p + 22, 4); /* ecc bytes */
5391d806
FB		 535 padstr((uint8_t *)(p + 23), QEMU_VERSION, 8); /* firmware version */
536 padstr((uint8_t *)(p + 27), "QEMU CD-ROM", 40); /* model */
67b915a5 537 put_le16(p + 48, 1); /* dword I/O (XXX: should not be set on CDROM) */
8ccad811
FB		 538#ifdef USE_DMA_CDROM
539 put_le16(p + 49, 1 << 9 | 1 << 8); /* DMA and LBA supported */
540 put_le16(p + 53, 7); /* words 64-70, 54-58, 88 valid */
541 put_le16(p + 63, 7); /* mdma0-2 supported */
542 put_le16(p + 64, 0x3f); /* PIO modes supported */
543#else
67b915a5
FB		 544 put_le16(p + 49, 1 << 9); /* LBA supported, no DMA */
545 put_le16(p + 53, 3); /* words 64-70, 54-58 valid */
546 put_le16(p + 63, 0x103); /* DMA modes XXX: may be incorrect */
547 put_le16(p + 64, 1); /* PIO modes */
8ccad811 548#endif
67b915a5
FB		 549 put_le16(p + 65, 0xb4); /* minimum DMA multiword tx cycle time */
550 put_le16(p + 66, 0xb4); /* recommended DMA multiword tx cycle time */
551 put_le16(p + 67, 0x12c); /* minimum PIO cycle time without flow control */
552 put_le16(p + 68, 0xb4); /* minimum PIO cycle time with IORDY flow control */
94458802 553
67b915a5
FB		 554 put_le16(p + 71, 30); /* in ns */
555 put_le16(p + 72, 30); /* in ns */
5391d806 556
67b915a5 557 put_le16(p + 80, 0x1e); /* support up to ATA/ATAPI-4 */
8ccad811
FB		 558#ifdef USE_DMA_CDROM
559 put_le16(p + 88, 0x3f | (1 << 13)); /* udma5 set and supported */
560#endif
94458802
FB		 561 memcpy(s->identify_data, p, sizeof(s->identify_data));
562 s->identify_set = 1;
5391d806
FB		 563}
564
201a51fc
AZ		 565static void ide_cfata_identify(IDEState *s)
566{
567 uint16_t *p;
568 uint32_t cur_sec;
569 char buf[20];
570
571 p = (uint16_t *) s->identify_data;
572 if (s->identify_set)
573 goto fill_buffer;
574
575 memset(p, 0, sizeof(s->identify_data));
576
577 cur_sec = s->cylinders * s->heads * s->sectors;
578
579 put_le16(p + 0, 0x848a); /* CF Storage Card signature */
580 put_le16(p + 1, s->cylinders); /* Default cylinders */
581 put_le16(p + 3, s->heads); /* Default heads */
582 put_le16(p + 6, s->sectors); /* Default sectors per track */
583 put_le16(p + 7, s->nb_sectors >> 16); /* Sectors per card */
584 put_le16(p + 8, s->nb_sectors); /* Sectors per card */
585 snprintf(buf, sizeof(buf), "QM%05d", s->drive_serial);
586 padstr((uint8_t *)(p + 10), buf, 20); /* Serial number in ASCII */
587 put_le16(p + 22, 0x0004); /* ECC bytes */
588 padstr((uint8_t *) (p + 23), QEMU_VERSION, 8); /* Firmware Revision */
589 padstr((uint8_t *) (p + 27), "QEMU MICRODRIVE", 40);/* Model number */
590#if MAX_MULT_SECTORS > 1
591 put_le16(p + 47, 0x8000 | MAX_MULT_SECTORS);
592#else
593 put_le16(p + 47, 0x0000);
594#endif
595 put_le16(p + 49, 0x0f00); /* Capabilities */
596 put_le16(p + 51, 0x0002); /* PIO cycle timing mode */
597 put_le16(p + 52, 0x0001); /* DMA cycle timing mode */
598 put_le16(p + 53, 0x0003); /* Translation params valid */
599 put_le16(p + 54, s->cylinders); /* Current cylinders */
600 put_le16(p + 55, s->heads); /* Current heads */
601 put_le16(p + 56, s->sectors); /* Current sectors */
602 put_le16(p + 57, cur_sec); /* Current capacity */
603 put_le16(p + 58, cur_sec >> 16); /* Current capacity */
604 if (s->mult_sectors) /* Multiple sector setting */
605 put_le16(p + 59, 0x100 | s->mult_sectors);
606 put_le16(p + 60, s->nb_sectors); /* Total LBA sectors */
607 put_le16(p + 61, s->nb_sectors >> 16); /* Total LBA sectors */
608 put_le16(p + 63, 0x0203); /* Multiword DMA capability */
609 put_le16(p + 64, 0x0001); /* Flow Control PIO support */
610 put_le16(p + 65, 0x0096); /* Min. Multiword DMA cycle */
611 put_le16(p + 66, 0x0096); /* Rec. Multiword DMA cycle */
612 put_le16(p + 68, 0x00b4); /* Min. PIO cycle time */
613 put_le16(p + 82, 0x400c); /* Command Set supported */
614 put_le16(p + 83, 0x7068); /* Command Set supported */
615 put_le16(p + 84, 0x4000); /* Features supported */
616 put_le16(p + 85, 0x000c); /* Command Set enabled */
617 put_le16(p + 86, 0x7044); /* Command Set enabled */
618 put_le16(p + 87, 0x4000); /* Features enabled */
619 put_le16(p + 91, 0x4060); /* Current APM level */
620 put_le16(p + 129, 0x0002); /* Current features option */
621 put_le16(p + 130, 0x0005); /* Reassigned sectors */
622 put_le16(p + 131, 0x0001); /* Initial power mode */
623 put_le16(p + 132, 0x0000); /* User signature */
624 put_le16(p + 160, 0x8100); /* Power requirement */
625 put_le16(p + 161, 0x8001); /* CF command set */
626
627 s->identify_set = 1;
628
629fill_buffer:
630 memcpy(s->io_buffer, p, sizeof(s->identify_data));
631}
632
5391d806
FB		 633static void ide_set_signature(IDEState *s)
634{
635 s->select &= 0xf0; /* clear head */
636 /* put signature */
637 s->nsector = 1;
638 s->sector = 1;
639 if (s->is_cdrom) {
640 s->lcyl = 0x14;
641 s->hcyl = 0xeb;
642 } else if (s->bs) {
643 s->lcyl = 0;
644 s->hcyl = 0;
645 } else {
646 s->lcyl = 0xff;
647 s->hcyl = 0xff;
648 }
649}
650
651static inline void ide_abort_command(IDEState *s)
652{
653 s->status = READY_STAT | ERR_STAT;
654 s->error = ABRT_ERR;
655}
656
657static inline void ide_set_irq(IDEState *s)
658{
98ff7d30 659 BMDMAState *bm = s->bmdma;
5391d806 660 if (!(s->cmd & IDE_CMD_DISABLE_IRQ)) {
5457c8ce 661 if (bm) {
98ff7d30 662 bm->status |= BM_STATUS_INT;
5457c8ce 663 }
d537cf6c 664 qemu_irq_raise(s->irq);
5391d806
FB		 665 }
666}
667
668/* prepare data transfer and tell what to do after */
5fafdf24 669static void ide_transfer_start(IDEState *s, uint8_t *buf, int size,
5391d806
FB		 670 EndTransferFunc *end_transfer_func)
671{
672 s->end_transfer_func = end_transfer_func;
673 s->data_ptr = buf;
674 s->data_end = buf + size;
7603d156
TS		 675 if (!(s->status & ERR_STAT))
676 s->status |= DRQ_STAT;
5391d806
FB		 677}
678
679static void ide_transfer_stop(IDEState *s)
680{
681 s->end_transfer_func = ide_transfer_stop;
682 s->data_ptr = s->io_buffer;
683 s->data_end = s->io_buffer;
684 s->status &= ~DRQ_STAT;
685}
686
687static int64_t ide_get_sector(IDEState *s)
688{
689 int64_t sector_num;
690 if (s->select & 0x40) {
691 /* lba */
c2ff060f
FB		 692 if (!s->lba48) {
693 sector_num = ((s->select & 0x0f) << 24) | (s->hcyl << 16) |
694 (s->lcyl << 8) | s->sector;
695 } else {
696 sector_num = ((int64_t)s->hob_hcyl << 40) |
697 ((int64_t) s->hob_lcyl << 32) |
698 ((int64_t) s->hob_sector << 24) |
699 ((int64_t) s->hcyl << 16) |
700 ((int64_t) s->lcyl << 8) | s->sector;
701 }
5391d806
FB		 702 } else {
703 sector_num = ((s->hcyl << 8) | s->lcyl) * s->heads * s->sectors +
c2ff060f 704 (s->select & 0x0f) * s->sectors + (s->sector - 1);
5391d806
FB		 705 }
706 return sector_num;
707}
708
709static void ide_set_sector(IDEState *s, int64_t sector_num)
710{
711 unsigned int cyl, r;
712 if (s->select & 0x40) {
c2ff060f
FB		 713 if (!s->lba48) {
714 s->select = (s->select & 0xf0) | (sector_num >> 24);
715 s->hcyl = (sector_num >> 16);
716 s->lcyl = (sector_num >> 8);
717 s->sector = (sector_num);
718 } else {
719 s->sector = sector_num;
720 s->lcyl = sector_num >> 8;
721 s->hcyl = sector_num >> 16;
722 s->hob_sector = sector_num >> 24;
723 s->hob_lcyl = sector_num >> 32;
724 s->hob_hcyl = sector_num >> 40;
725 }
5391d806
FB		 726 } else {
727 cyl = sector_num / (s->heads * s->sectors);
728 r = sector_num % (s->heads * s->sectors);
729 s->hcyl = cyl >> 8;
730 s->lcyl = cyl;
1b8eb456 731 s->select = (s->select & 0xf0) | ((r / s->sectors) & 0x0f);
5391d806
FB		 732 s->sector = (r % s->sectors) + 1;
733 }
734}
735
736static void ide_sector_read(IDEState *s)
737{
738 int64_t sector_num;
739 int ret, n;
740
741 s->status = READY_STAT | SEEK_STAT;
a136e5a8 742 s->error = 0; /* not needed by IDE spec, but needed by Windows */
5391d806
FB		 743 sector_num = ide_get_sector(s);
744 n = s->nsector;
745 if (n == 0) {
746 /* no more sector to read from disk */
747 ide_transfer_stop(s);
748 } else {
749#if defined(DEBUG_IDE)
750 printf("read sector=%Ld\n", sector_num);
751#endif
752 if (n > s->req_nb_sectors)
753 n = s->req_nb_sectors;
754 ret = bdrv_read(s->bs, sector_num, s->io_buffer, n);
755 ide_transfer_start(s, s->io_buffer, 512 * n, ide_sector_read);
756 ide_set_irq(s);
757 ide_set_sector(s, sector_num + n);
758 s->nsector -= n;
759 }
760}
761
8ccad811
FB		 762/* return 0 if buffer completed */
763static int dma_buf_rw(BMDMAState *bm, int is_write)
98087450 764{
8ccad811
FB		 765 IDEState *s = bm->ide_if;
766 struct {
767 uint32_t addr;
768 uint32_t size;
769 } prd;
770 int l, len;
98087450 771
8ccad811
FB		 772 for(;;) {
773 l = s->io_buffer_size - s->io_buffer_index;
5fafdf24 774 if (l <= 0)
8ccad811
FB		 775 break;
776 if (bm->cur_prd_len == 0) {
777 /* end of table (with a fail safe of one page) */
778 if (bm->cur_prd_last ||
779 (bm->cur_addr - bm->addr) >= 4096)
780 return 0;
781 cpu_physical_memory_read(bm->cur_addr, (uint8_t *)&prd, 8);
782 bm->cur_addr += 8;
783 prd.addr = le32_to_cpu(prd.addr);
784 prd.size = le32_to_cpu(prd.size);
785 len = prd.size & 0xfffe;
786 if (len == 0)
787 len = 0x10000;
788 bm->cur_prd_len = len;
789 bm->cur_prd_addr = prd.addr;
790 bm->cur_prd_last = (prd.size & 0x80000000);
791 }
792 if (l > bm->cur_prd_len)
793 l = bm->cur_prd_len;
794 if (l > 0) {
795 if (is_write) {
5fafdf24 796 cpu_physical_memory_write(bm->cur_prd_addr,
8ccad811
FB		 797 s->io_buffer + s->io_buffer_index, l);
798 } else {
5fafdf24 799 cpu_physical_memory_read(bm->cur_prd_addr,
8ccad811
FB		 800 s->io_buffer + s->io_buffer_index, l);
801 }
802 bm->cur_prd_addr += l;
803 bm->cur_prd_len -= l;
804 s->io_buffer_index += l;
98087450 805 }
98087450 806 }
8ccad811
FB		 807 return 1;
808}
809
810/* XXX: handle errors */
811static void ide_read_dma_cb(void *opaque, int ret)
812{
813 BMDMAState *bm = opaque;
814 IDEState *s = bm->ide_if;
815 int n;
816 int64_t sector_num;
817
818 n = s->io_buffer_size >> 9;
819 sector_num = ide_get_sector(s);
820 if (n > 0) {
821 sector_num += n;
822 ide_set_sector(s, sector_num);
823 s->nsector -= n;
824 if (dma_buf_rw(bm, 1) == 0)
825 goto eot;
826 }
827
828 /* end of transfer ? */
829 if (s->nsector == 0) {
98087450
FB		 830 s->status = READY_STAT | SEEK_STAT;
831 ide_set_irq(s);
8ccad811
FB		 832 eot:
833 bm->status &= ~BM_STATUS_DMAING;
834 bm->status |= BM_STATUS_INT;
835 bm->dma_cb = NULL;
836 bm->ide_if = NULL;
837 bm->aiocb = NULL;
838 return;
98087450 839 }
8ccad811
FB		 840
841 /* launch next transfer */
842 n = s->nsector;
843 if (n > MAX_MULT_SECTORS)
844 n = MAX_MULT_SECTORS;
845 s->io_buffer_index = 0;
846 s->io_buffer_size = n * 512;
847#ifdef DEBUG_AIO
848 printf("aio_read: sector_num=%lld n=%d\n", sector_num, n);
849#endif
5fafdf24 850 bm->aiocb = bdrv_aio_read(s->bs, sector_num, s->io_buffer, n,
8ccad811 851 ide_read_dma_cb, bm);
98087450
FB		 852}
853
854static void ide_sector_read_dma(IDEState *s)
855{
8ccad811 856 s->status = READY_STAT | SEEK_STAT | DRQ_STAT | BUSY_STAT;
98087450
FB		 857 s->io_buffer_index = 0;
858 s->io_buffer_size = 0;
859 ide_dma_start(s, ide_read_dma_cb);
860}
861
a09db21f
FB		 862static void ide_sector_write_timer_cb(void *opaque)
863{
864 IDEState *s = opaque;
865 ide_set_irq(s);
866}
867
5391d806
FB		 868static void ide_sector_write(IDEState *s)
869{
870 int64_t sector_num;
31c2a146 871 int ret, n, n1;
5391d806
FB		 872
873 s->status = READY_STAT | SEEK_STAT;
874 sector_num = ide_get_sector(s);
875#if defined(DEBUG_IDE)
876 printf("write sector=%Ld\n", sector_num);
877#endif
878 n = s->nsector;
879 if (n > s->req_nb_sectors)
880 n = s->req_nb_sectors;
31c2a146 881 ret = bdrv_write(s->bs, sector_num, s->io_buffer, n);
5391d806
FB		 882 s->nsector -= n;
883 if (s->nsector == 0) {
292eef5a 884 /* no more sectors to write */
5391d806
FB		 885 ide_transfer_stop(s);
886 } else {
887 n1 = s->nsector;
888 if (n1 > s->req_nb_sectors)
889 n1 = s->req_nb_sectors;
890 ide_transfer_start(s, s->io_buffer, 512 * n1, ide_sector_write);
891 }
892 ide_set_sector(s, sector_num + n);
3b46e624 893
31c2a146
TS		 894#ifdef TARGET_I386
895 if (win2k_install_hack && ((++s->irq_count % 16) == 0)) {
896 /* It seems there is a bug in the Windows 2000 installer HDD
897 IDE driver which fills the disk with empty logs when the
898 IDE write IRQ comes too early. This hack tries to correct
899 that at the expense of slower write performances. Use this
900 option _only_ to install Windows 2000. You must disable it
901 for normal use. */
902 qemu_mod_timer(s->sector_write_timer,
903 qemu_get_clock(vm_clock) + (ticks_per_sec / 1000));
904 } else
905#endif
906 {
907 ide_set_irq(s);
908 }
5391d806
FB		 909}
910
8ccad811
FB		 911/* XXX: handle errors */
912static void ide_write_dma_cb(void *opaque, int ret)
98087450 913{
8ccad811
FB		 914 BMDMAState *bm = opaque;
915 IDEState *s = bm->ide_if;
916 int n;
98087450
FB		 917 int64_t sector_num;
918
8ccad811
FB		 919 n = s->io_buffer_size >> 9;
920 sector_num = ide_get_sector(s);
921 if (n > 0) {
922 sector_num += n;
923 ide_set_sector(s, sector_num);
924 s->nsector -= n;
98087450 925 }
98087450 926
8ccad811
FB		 927 /* end of transfer ? */
928 if (s->nsector == 0) {
929 s->status = READY_STAT | SEEK_STAT;
930 ide_set_irq(s);
931 eot:
932 bm->status &= ~BM_STATUS_DMAING;
933 bm->status |= BM_STATUS_INT;
934 bm->dma_cb = NULL;
935 bm->ide_if = NULL;
936 bm->aiocb = NULL;
937 return;
938 }
939
940 /* launch next transfer */
98087450
FB		 941 n = s->nsector;
942 if (n > MAX_MULT_SECTORS)
943 n = MAX_MULT_SECTORS;
944 s->io_buffer_index = 0;
945 s->io_buffer_size = n * 512;
8ccad811
FB		 946
947 if (dma_buf_rw(bm, 0) == 0)
948 goto eot;
949#ifdef DEBUG_AIO
950 printf("aio_write: sector_num=%lld n=%d\n", sector_num, n);
951#endif
5fafdf24 952 bm->aiocb = bdrv_aio_write(s->bs, sector_num, s->io_buffer, n,
8ccad811
FB		 953 ide_write_dma_cb, bm);
954}
955
956static void ide_sector_write_dma(IDEState *s)
957{
958 s->status = READY_STAT | SEEK_STAT | DRQ_STAT | BUSY_STAT;
959 s->io_buffer_index = 0;
960 s->io_buffer_size = 0;
98087450
FB		 961 ide_dma_start(s, ide_write_dma_cb);
962}
963
5391d806
FB		 964static void ide_atapi_cmd_ok(IDEState *s)
965{
966 s->error = 0;
967 s->status = READY_STAT;
968 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
969 ide_set_irq(s);
970}
971
972static void ide_atapi_cmd_error(IDEState *s, int sense_key, int asc)
973{
974#ifdef DEBUG_IDE_ATAPI
975 printf("atapi_cmd_error: sense=0x%x asc=0x%x\n", sense_key, asc);
976#endif
977 s->error = sense_key << 4;
978 s->status = READY_STAT | ERR_STAT;
979 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
980 s->sense_key = sense_key;
981 s->asc = asc;
982 ide_set_irq(s);
983}
984
985static inline void cpu_to_ube16(uint8_t *buf, int val)
986{
987 buf[0] = val >> 8;
988 buf[1] = val;
989}
990
991static inline void cpu_to_ube32(uint8_t *buf, unsigned int val)
992{
993 buf[0] = val >> 24;
994 buf[1] = val >> 16;
995 buf[2] = val >> 8;
996 buf[3] = val;
997}
998
999static inline int ube16_to_cpu(const uint8_t *buf)
1000{
1001 return (buf[0] << 8) | buf[1];
1002}
1003
1004static inline int ube32_to_cpu(const uint8_t *buf)
1005{
1006 return (buf[0] << 24) | (buf[1] << 16) | (buf[2] << 8) | buf[3];
1007}
1008
98087450
FB		 1009static void lba_to_msf(uint8_t *buf, int lba)
1010{
1011 lba += 150;
1012 buf[0] = (lba / 75) / 60;
1013 buf[1] = (lba / 75) % 60;
1014 buf[2] = lba % 75;
1015}
1016
8ccad811
FB		 1017static void cd_data_to_raw(uint8_t *buf, int lba)
1018{
1019 /* sync bytes */
1020 buf[0] = 0x00;
1021 memset(buf + 1, 0xff, 10);
1022 buf[11] = 0x00;
1023 buf += 12;
1024 /* MSF */
1025 lba_to_msf(buf, lba);
1026 buf[3] = 0x01; /* mode 1 data */
1027 buf += 4;
1028 /* data */
1029 buf += 2048;
1030 /* XXX: ECC not computed */
1031 memset(buf, 0, 288);
1032}
1033
5fafdf24 1034static int cd_read_sector(BlockDriverState *bs, int lba, uint8_t *buf,
98087450
FB		 1035 int sector_size)
1036{
66c6ef76
FB		 1037 int ret;
1038
98087450
FB		 1039 switch(sector_size) {
1040 case 2048:
66c6ef76 1041 ret = bdrv_read(bs, (int64_t)lba << 2, buf, 4);
98087450
FB		 1042 break;
1043 case 2352:
66c6ef76
FB		 1044 ret = bdrv_read(bs, (int64_t)lba << 2, buf + 16, 4);
1045 if (ret < 0)
1046 return ret;
8ccad811 1047 cd_data_to_raw(buf, lba);
98087450
FB		 1048 break;
1049 default:
66c6ef76 1050 ret = -EIO;
98087450
FB		 1051 break;
1052 }
66c6ef76
FB		 1053 return ret;
1054}
1055
1056static void ide_atapi_io_error(IDEState *s, int ret)
1057{
1058 /* XXX: handle more errors */
1059 if (ret == -ENOMEDIUM) {
5fafdf24 1060 ide_atapi_cmd_error(s, SENSE_NOT_READY,
66c6ef76
FB		 1061 ASC_MEDIUM_NOT_PRESENT);
1062 } else {
5fafdf24 1063 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
66c6ef76
FB		 1064 ASC_LOGICAL_BLOCK_OOR);
1065 }
98087450
FB		 1066}
1067
5391d806
FB		 1068/* The whole ATAPI transfer logic is handled in this function */
1069static void ide_atapi_cmd_reply_end(IDEState *s)
1070{
66c6ef76 1071 int byte_count_limit, size, ret;
5391d806 1072#ifdef DEBUG_IDE_ATAPI
5fafdf24 1073 printf("reply: tx_size=%d elem_tx_size=%d index=%d\n",
5391d806
FB		 1074 s->packet_transfer_size,
1075 s->elementary_transfer_size,
1076 s->io_buffer_index);
1077#endif
1078 if (s->packet_transfer_size <= 0) {
1079 /* end of transfer */
1080 ide_transfer_stop(s);
1081 s->status = READY_STAT;
1082 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
1083 ide_set_irq(s);
1084#ifdef DEBUG_IDE_ATAPI
1085 printf("status=0x%x\n", s->status);
1086#endif
1087 } else {
1088 /* see if a new sector must be read */
98087450 1089 if (s->lba != -1 && s->io_buffer_index >= s->cd_sector_size) {
66c6ef76
FB		 1090 ret = cd_read_sector(s->bs, s->lba, s->io_buffer, s->cd_sector_size);
1091 if (ret < 0) {
1092 ide_transfer_stop(s);
1093 ide_atapi_io_error(s, ret);
1094 return;
1095 }
5391d806
FB		 1096 s->lba++;
1097 s->io_buffer_index = 0;
1098 }
1099 if (s->elementary_transfer_size > 0) {
1100 /* there are some data left to transmit in this elementary
1101 transfer */
98087450 1102 size = s->cd_sector_size - s->io_buffer_index;
5391d806
FB		 1103 if (size > s->elementary_transfer_size)
1104 size = s->elementary_transfer_size;
5fafdf24 1105 ide_transfer_start(s, s->io_buffer + s->io_buffer_index,
5391d806
FB		 1106 size, ide_atapi_cmd_reply_end);
1107 s->packet_transfer_size -= size;
1108 s->elementary_transfer_size -= size;
1109 s->io_buffer_index += size;
1110 } else {
1111 /* a new transfer is needed */
1112 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO;
1113 byte_count_limit = s->lcyl | (s->hcyl << 8);
1114#ifdef DEBUG_IDE_ATAPI
1115 printf("byte_count_limit=%d\n", byte_count_limit);
1116#endif
1117 if (byte_count_limit == 0xffff)
1118 byte_count_limit--;
1119 size = s->packet_transfer_size;
1120 if (size > byte_count_limit) {
1121 /* byte count limit must be even if this case */
1122 if (byte_count_limit & 1)
1123 byte_count_limit--;
1124 size = byte_count_limit;
5391d806 1125 }
a136e5a8
FB		 1126 s->lcyl = size;
1127 s->hcyl = size >> 8;
5391d806
FB		 1128 s->elementary_transfer_size = size;
1129 /* we cannot transmit more than one sector at a time */
1130 if (s->lba != -1) {
98087450
FB		 1131 if (size > (s->cd_sector_size - s->io_buffer_index))
1132 size = (s->cd_sector_size - s->io_buffer_index);
5391d806 1133 }
5fafdf24 1134 ide_transfer_start(s, s->io_buffer + s->io_buffer_index,
5391d806
FB		 1135 size, ide_atapi_cmd_reply_end);
1136 s->packet_transfer_size -= size;
1137 s->elementary_transfer_size -= size;
1138 s->io_buffer_index += size;
1139 ide_set_irq(s);
1140#ifdef DEBUG_IDE_ATAPI
1141 printf("status=0x%x\n", s->status);
1142#endif
1143 }
1144 }
1145}
1146
1147/* send a reply of 'size' bytes in s->io_buffer to an ATAPI command */
1148static void ide_atapi_cmd_reply(IDEState *s, int size, int max_size)
1149{
1150 if (size > max_size)
1151 size = max_size;
1152 s->lba = -1; /* no sector read */
1153 s->packet_transfer_size = size;
5f12ab4b 1154 s->io_buffer_size = size; /* dma: send the reply data as one chunk */
5391d806
FB		 1155 s->elementary_transfer_size = 0;
1156 s->io_buffer_index = 0;
1157
5f12ab4b
TS		 1158 if (s->atapi_dma) {
1159 s->status = READY_STAT | DRQ_STAT;
1160 ide_dma_start(s, ide_atapi_cmd_read_dma_cb);
1161 } else {
1162 s->status = READY_STAT;
1163 ide_atapi_cmd_reply_end(s);
1164 }
5391d806
FB		 1165}
1166
1167/* start a CD-CDROM read command */
98087450
FB		 1168static void ide_atapi_cmd_read_pio(IDEState *s, int lba, int nb_sectors,
1169 int sector_size)
5391d806 1170{
5391d806 1171 s->lba = lba;
98087450 1172 s->packet_transfer_size = nb_sectors * sector_size;
5391d806 1173 s->elementary_transfer_size = 0;
98087450
FB		 1174 s->io_buffer_index = sector_size;
1175 s->cd_sector_size = sector_size;
5391d806
FB		 1176
1177 s->status = READY_STAT;
1178 ide_atapi_cmd_reply_end(s);
1179}
1180
98087450 1181/* ATAPI DMA support */
8ccad811
FB		 1182
1183/* XXX: handle read errors */
1184static void ide_atapi_cmd_read_dma_cb(void *opaque, int ret)
98087450 1185{
8ccad811
FB		 1186 BMDMAState *bm = opaque;
1187 IDEState *s = bm->ide_if;
1188 int data_offset, n;
1189
66c6ef76
FB		 1190 if (ret < 0) {
1191 ide_atapi_io_error(s, ret);
1192 goto eot;
1193 }
1194
8ccad811 1195 if (s->io_buffer_size > 0) {
5f12ab4b
TS		 1196 /*
1197 * For a cdrom read sector command (s->lba != -1),
1198 * adjust the lba for the next s->io_buffer_size chunk
1199 * and dma the current chunk.
1200 * For a command != read (s->lba == -1), just transfer
1201 * the reply data.
1202 */
1203 if (s->lba != -1) {
1204 if (s->cd_sector_size == 2352) {
1205 n = 1;
1206 cd_data_to_raw(s->io_buffer, s->lba);
1207 } else {
1208 n = s->io_buffer_size >> 11;
1209 }
1210 s->lba += n;
1211 }
8ccad811 1212 s->packet_transfer_size -= s->io_buffer_size;
8ccad811
FB		 1213 if (dma_buf_rw(bm, 1) == 0)
1214 goto eot;
98087450 1215 }
8ccad811 1216
98087450
FB		 1217 if (s->packet_transfer_size <= 0) {
1218 s->status = READY_STAT;
1219 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
1220 ide_set_irq(s);
8ccad811
FB		 1221 eot:
1222 bm->status &= ~BM_STATUS_DMAING;
1223 bm->status |= BM_STATUS_INT;
1224 bm->dma_cb = NULL;
1225 bm->ide_if = NULL;
1226 bm->aiocb = NULL;
1227 return;
1228 }
3b46e624 1229
8ccad811
FB		 1230 s->io_buffer_index = 0;
1231 if (s->cd_sector_size == 2352) {
1232 n = 1;
1233 s->io_buffer_size = s->cd_sector_size;
1234 data_offset = 16;
1235 } else {
1236 n = s->packet_transfer_size >> 11;
1237 if (n > (MAX_MULT_SECTORS / 4))
1238 n = (MAX_MULT_SECTORS / 4);
1239 s->io_buffer_size = n * 2048;
1240 data_offset = 0;
98087450 1241 }
8ccad811
FB		 1242#ifdef DEBUG_AIO
1243 printf("aio_read_cd: lba=%u n=%d\n", s->lba, n);
1244#endif
5fafdf24
TS		 1245 bm->aiocb = bdrv_aio_read(s->bs, (int64_t)s->lba << 2,
1246 s->io_buffer + data_offset, n * 4,
8ccad811 1247 ide_atapi_cmd_read_dma_cb, bm);
66c6ef76
FB		 1248 if (!bm->aiocb) {
1249 /* Note: media not present is the most likely case */
5fafdf24 1250 ide_atapi_cmd_error(s, SENSE_NOT_READY,
66c6ef76
FB		 1251 ASC_MEDIUM_NOT_PRESENT);
1252 goto eot;
1253 }
98087450
FB		 1254}
1255
1256/* start a CD-CDROM read command with DMA */
1257/* XXX: test if DMA is available */
1258static void ide_atapi_cmd_read_dma(IDEState *s, int lba, int nb_sectors,
1259 int sector_size)
1260{
1261 s->lba = lba;
1262 s->packet_transfer_size = nb_sectors * sector_size;
8ccad811
FB		 1263 s->io_buffer_index = 0;
1264 s->io_buffer_size = 0;
98087450
FB		 1265 s->cd_sector_size = sector_size;
1266
8ccad811
FB		 1267 /* XXX: check if BUSY_STAT should be set */
1268 s->status = READY_STAT | DRQ_STAT | BUSY_STAT;
98087450
FB		 1269 ide_dma_start(s, ide_atapi_cmd_read_dma_cb);
1270}
1271
5fafdf24 1272static void ide_atapi_cmd_read(IDEState *s, int lba, int nb_sectors,
98087450
FB		 1273 int sector_size)
1274{
1275#ifdef DEBUG_IDE_ATAPI
5f12ab4b
TS		 1276 printf("read %s: LBA=%d nb_sectors=%d\n", s->atapi_dma ? "dma" : "pio",
1277 lba, nb_sectors);
98087450
FB		 1278#endif
1279 if (s->atapi_dma) {
1280 ide_atapi_cmd_read_dma(s, lba, nb_sectors, sector_size);
1281 } else {
1282 ide_atapi_cmd_read_pio(s, lba, nb_sectors, sector_size);
1283 }
1284}
1285
5391d806
FB		 1286static void ide_atapi_cmd(IDEState *s)
1287{
1288 const uint8_t *packet;
1289 uint8_t *buf;
1290 int max_len;
1291
1292 packet = s->io_buffer;
1293 buf = s->io_buffer;
1294#ifdef DEBUG_IDE_ATAPI
1295 {
1296 int i;
1297 printf("ATAPI limit=0x%x packet:", s->lcyl | (s->hcyl << 8));
1298 for(i = 0; i < ATAPI_PACKET_SIZE; i++) {
1299 printf(" %02x", packet[i]);
1300 }
1301 printf("\n");
1302 }
1303#endif
1304 switch(s->io_buffer[0]) {
1305 case GPCMD_TEST_UNIT_READY:
caed8802 1306 if (bdrv_is_inserted(s->bs)) {
5391d806
FB		 1307 ide_atapi_cmd_ok(s);
1308 } else {
5fafdf24 1309 ide_atapi_cmd_error(s, SENSE_NOT_READY,
5391d806
FB		 1310 ASC_MEDIUM_NOT_PRESENT);
1311 }
1312 break;
d14049ea 1313 case GPCMD_MODE_SENSE_6:
5391d806
FB		 1314 case GPCMD_MODE_SENSE_10:
1315 {
1316 int action, code;
d14049ea
TS		 1317 if (packet[0] == GPCMD_MODE_SENSE_10)
1318 max_len = ube16_to_cpu(packet + 7);
1319 else
1320 max_len = packet[4];
5391d806
FB		 1321 action = packet[2] >> 6;
1322 code = packet[2] & 0x3f;
1323 switch(action) {
1324 case 0: /* current values */
1325 switch(code) {
1326 case 0x01: /* error recovery */
1327 cpu_to_ube16(&buf[0], 16 + 6);
1328 buf[2] = 0x70;
1329 buf[3] = 0;
1330 buf[4] = 0;
1331 buf[5] = 0;
1332 buf[6] = 0;
1333 buf[7] = 0;
1334
1335 buf[8] = 0x01;
1336 buf[9] = 0x06;
1337 buf[10] = 0x00;
1338 buf[11] = 0x05;
1339 buf[12] = 0x00;
1340 buf[13] = 0x00;
1341 buf[14] = 0x00;
1342 buf[15] = 0x00;
1343 ide_atapi_cmd_reply(s, 16, max_len);
1344 break;
1345 case 0x2a:
1346 cpu_to_ube16(&buf[0], 28 + 6);
1347 buf[2] = 0x70;
1348 buf[3] = 0;
1349 buf[4] = 0;
1350 buf[5] = 0;
1351 buf[6] = 0;
1352 buf[7] = 0;
1353
1354 buf[8] = 0x2a;
1355 buf[9] = 0x12;
d14049ea 1356 buf[10] = 0x08;
5391d806 1357 buf[11] = 0x00;
3b46e624 1358
5391d806
FB		 1359 buf[12] = 0x70;
1360 buf[13] = 3 << 5;
1361 buf[14] = (1 << 0) | (1 << 3) | (1 << 5);
caed8802 1362 if (bdrv_is_locked(s->bs))
5391d806
FB		 1363 buf[6] |= 1 << 1;
1364 buf[15] = 0x00;
1365 cpu_to_ube16(&buf[16], 706);
1366 buf[18] = 0;
1367 buf[19] = 2;
1368 cpu_to_ube16(&buf[20], 512);
1369 cpu_to_ube16(&buf[22], 706);
1370 buf[24] = 0;
1371 buf[25] = 0;
1372 buf[26] = 0;
1373 buf[27] = 0;
1374 ide_atapi_cmd_reply(s, 28, max_len);
1375 break;
1376 default:
1377 goto error_cmd;
1378 }
1379 break;
1380 case 1: /* changeable values */
1381 goto error_cmd;
1382 case 2: /* default values */
1383 goto error_cmd;
1384 default:
1385 case 3: /* saved values */
5fafdf24 1386 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
5391d806
FB		 1387 ASC_SAVING_PARAMETERS_NOT_SUPPORTED);
1388 break;
1389 }
1390 }
1391 break;
1392 case GPCMD_REQUEST_SENSE:
1393 max_len = packet[4];
1394 memset(buf, 0, 18);
1395 buf[0] = 0x70 | (1 << 7);
1396 buf[2] = s->sense_key;
1397 buf[7] = 10;
1398 buf[12] = s->asc;
1399 ide_atapi_cmd_reply(s, 18, max_len);
1400 break;
1401 case GPCMD_PREVENT_ALLOW_MEDIUM_REMOVAL:
caed8802
FB		 1402 if (bdrv_is_inserted(s->bs)) {
1403 bdrv_set_locked(s->bs, packet[4] & 1);
5391d806
FB		 1404 ide_atapi_cmd_ok(s);
1405 } else {
5fafdf24 1406 ide_atapi_cmd_error(s, SENSE_NOT_READY,
5391d806
FB		 1407 ASC_MEDIUM_NOT_PRESENT);
1408 }
1409 break;
1410 case GPCMD_READ_10:
1411 case GPCMD_READ_12:
1412 {
1413 int nb_sectors, lba;
1414
5391d806
FB		 1415 if (packet[0] == GPCMD_READ_10)
1416 nb_sectors = ube16_to_cpu(packet + 7);
1417 else
1418 nb_sectors = ube32_to_cpu(packet + 6);
1419 lba = ube32_to_cpu(packet + 2);
1420 if (nb_sectors == 0) {
1421 ide_atapi_cmd_ok(s);
1422 break;
1423 }
98087450
FB		 1424 ide_atapi_cmd_read(s, lba, nb_sectors, 2048);
1425 }
1426 break;
1427 case GPCMD_READ_CD:
1428 {
1429 int nb_sectors, lba, transfer_request;
1430
98087450
FB		 1431 nb_sectors = (packet[6] << 16) | (packet[7] << 8) | packet[8];
1432 lba = ube32_to_cpu(packet + 2);
1433 if (nb_sectors == 0) {
1434 ide_atapi_cmd_ok(s);
1435 break;
1436 }
98087450
FB		 1437 transfer_request = packet[9];
1438 switch(transfer_request & 0xf8) {
1439 case 0x00:
1440 /* nothing */
1441 ide_atapi_cmd_ok(s);
1442 break;
1443 case 0x10:
1444 /* normal read */
1445 ide_atapi_cmd_read(s, lba, nb_sectors, 2048);
1446 break;
1447 case 0xf8:
1448 /* read all data */
1449 ide_atapi_cmd_read(s, lba, nb_sectors, 2352);
1450 break;
1451 default:
5fafdf24 1452 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
98087450
FB		 1453 ASC_INV_FIELD_IN_CMD_PACKET);
1454 break;
1455 }
5391d806
FB		 1456 }
1457 break;
1458 case GPCMD_SEEK:
1459 {
1460 int lba;
66c6ef76
FB		 1461 int64_t total_sectors;
1462
1463 bdrv_get_geometry(s->bs, &total_sectors);
1464 total_sectors >>= 2;
1465 if (total_sectors <= 0) {
5fafdf24 1466 ide_atapi_cmd_error(s, SENSE_NOT_READY,
5391d806
FB		 1467 ASC_MEDIUM_NOT_PRESENT);
1468 break;
1469 }
1470 lba = ube32_to_cpu(packet + 2);
66c6ef76 1471 if (lba >= total_sectors) {
5fafdf24 1472 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
5391d806
FB		 1473 ASC_LOGICAL_BLOCK_OOR);
1474 break;
1475 }
1476 ide_atapi_cmd_ok(s);
1477 }
1478 break;
1479 case GPCMD_START_STOP_UNIT:
1480 {
1481 int start, eject;
1482 start = packet[4] & 1;
1483 eject = (packet[4] >> 1) & 1;
3b46e624 1484
caed8802
FB		 1485 if (eject && !start) {
1486 /* eject the disk */
66c6ef76
FB		 1487 bdrv_eject(s->bs, 1);
1488 } else if (eject && start) {
1489 /* close the tray */
1490 bdrv_eject(s->bs, 0);
caed8802 1491 }
5391d806
FB		 1492 ide_atapi_cmd_ok(s);
1493 }
1494 break;
1495 case GPCMD_MECHANISM_STATUS:
1496 {
1497 max_len = ube16_to_cpu(packet + 8);
1498 cpu_to_ube16(buf, 0);
1499 /* no current LBA */
1500 buf[2] = 0;
1501 buf[3] = 0;
1502 buf[4] = 0;
1503 buf[5] = 1;
1504 cpu_to_ube16(buf + 6, 0);
1505 ide_atapi_cmd_reply(s, 8, max_len);
1506 }
1507 break;
1508 case GPCMD_READ_TOC_PMA_ATIP:
1509 {
1510 int format, msf, start_track, len;
66c6ef76 1511 int64_t total_sectors;
5391d806 1512
66c6ef76
FB		 1513 bdrv_get_geometry(s->bs, &total_sectors);
1514 total_sectors >>= 2;
1515 if (total_sectors <= 0) {
5fafdf24 1516 ide_atapi_cmd_error(s, SENSE_NOT_READY,
5391d806
FB		 1517 ASC_MEDIUM_NOT_PRESENT);
1518 break;
1519 }
1520 max_len = ube16_to_cpu(packet + 7);
1521 format = packet[9] >> 6;
1522 msf = (packet[1] >> 1) & 1;
1523 start_track = packet[6];
1524 switch(format) {
1525 case 0:
66c6ef76 1526 len = cdrom_read_toc(total_sectors, buf, msf, start_track);
5391d806
FB		 1527 if (len < 0)
1528 goto error_cmd;
1529 ide_atapi_cmd_reply(s, len, max_len);
1530 break;
1531 case 1:
1532 /* multi session : only a single session defined */
1533 memset(buf, 0, 12);
1534 buf[1] = 0x0a;
1535 buf[2] = 0x01;
1536 buf[3] = 0x01;
1537 ide_atapi_cmd_reply(s, 12, max_len);
1538 break;
98087450 1539 case 2:
66c6ef76 1540 len = cdrom_read_toc_raw(total_sectors, buf, msf, start_track);
98087450
FB		 1541 if (len < 0)
1542 goto error_cmd;
1543 ide_atapi_cmd_reply(s, len, max_len);
1544 break;
5391d806 1545 default:
7f777bf3 1546 error_cmd:
5fafdf24 1547 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
7f777bf3
FB		 1548 ASC_INV_FIELD_IN_CMD_PACKET);
1549 break;
5391d806
FB		 1550 }
1551 }
1552 break;
1553 case GPCMD_READ_CDVD_CAPACITY:
66c6ef76
FB		 1554 {
1555 int64_t total_sectors;
1556
1557 bdrv_get_geometry(s->bs, &total_sectors);
1558 total_sectors >>= 2;
1559 if (total_sectors <= 0) {
5fafdf24 1560 ide_atapi_cmd_error(s, SENSE_NOT_READY,
66c6ef76
FB		 1561 ASC_MEDIUM_NOT_PRESENT);
1562 break;
1563 }
1564 /* NOTE: it is really the number of sectors minus 1 */
1565 cpu_to_ube32(buf, total_sectors - 1);
1566 cpu_to_ube32(buf + 4, 2048);
1567 ide_atapi_cmd_reply(s, 8, 8);
5391d806 1568 }
5391d806 1569 break;
d14049ea
TS		 1570 case GPCMD_READ_DVD_STRUCTURE:
1571 {
1572 int media = packet[1];
1573 int layer = packet[6];
1574 int format = packet[2];
1575 int64_t total_sectors;
1576
1577 if (media != 0 || layer != 0)
1578 {
1579 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1580 ASC_INV_FIELD_IN_CMD_PACKET);
1581 }
1582
1583 switch (format) {
1584 case 0:
1585 bdrv_get_geometry(s->bs, &total_sectors);
1586 total_sectors >>= 2;
1587
1588 memset(buf, 0, 2052);
1589
1590 buf[4] = 1; // DVD-ROM, part version 1
1591 buf[5] = 0xf; // 120mm disc, maximum rate unspecified
1592 buf[6] = 0; // one layer, embossed data
1593 buf[7] = 0;
1594
1595 cpu_to_ube32(buf + 8, 0);
1596 cpu_to_ube32(buf + 12, total_sectors - 1);
1597 cpu_to_ube32(buf + 16, total_sectors - 1);
1598
1599 cpu_to_be16wu((uint16_t *)buf, 2048 + 4);
1600
1601 ide_atapi_cmd_reply(s, 2048 + 3, 2048 + 4);
1602 break;
1603
1604 default:
1605 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1606 ASC_INV_FIELD_IN_CMD_PACKET);
1607 break;
1608 }
1609 }
1610 break;
1611 case GPCMD_SET_SPEED:
1612 ide_atapi_cmd_ok(s);
1613 break;
bd0d90b2
FB		 1614 case GPCMD_INQUIRY:
1615 max_len = packet[4];
1616 buf[0] = 0x05; /* CD-ROM */
1617 buf[1] = 0x80; /* removable */
1618 buf[2] = 0x00; /* ISO */
1619 buf[3] = 0x21; /* ATAPI-2 (XXX: put ATAPI-4 ?) */
aa1f17c1 1620 buf[4] = 31; /* additional length */
bd0d90b2
FB		 1621 buf[5] = 0; /* reserved */
1622 buf[6] = 0; /* reserved */
1623 buf[7] = 0; /* reserved */
1624 padstr8(buf + 8, 8, "QEMU");
1625 padstr8(buf + 16, 16, "QEMU CD-ROM");
1626 padstr8(buf + 32, 4, QEMU_VERSION);
1627 ide_atapi_cmd_reply(s, 36, max_len);
1628 break;
d14049ea
TS		 1629 case GPCMD_GET_CONFIGURATION:
1630 {
1631 int64_t total_sectors;
1632
1633 /* only feature 0 is supported */
1634 if (packet[2] != 0 || packet[3] != 0) {
1635 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1636 ASC_INV_FIELD_IN_CMD_PACKET);
1637 break;
1638 }
1639 memset(buf, 0, 32);
1640 bdrv_get_geometry(s->bs, &total_sectors);
1641 buf[3] = 16;
1642 buf[7] = total_sectors <= 1433600 ? 0x08 : 0x10; /* current profile */
1643 buf[10] = 0x10 | 0x1;
1644 buf[11] = 0x08; /* size of profile list */
1645 buf[13] = 0x10; /* DVD-ROM profile */
1646 buf[14] = buf[7] == 0x10; /* (in)active */
1647 buf[17] = 0x08; /* CD-ROM profile */
1648 buf[18] = buf[7] == 0x08; /* (in)active */
1649 ide_atapi_cmd_reply(s, 32, 32);
1650 break;
1651 }
5391d806 1652 default:
5fafdf24 1653 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
7f777bf3 1654 ASC_ILLEGAL_OPCODE);
5391d806
FB		 1655 break;
1656 }
1657}
1658
201a51fc
AZ		 1659static void ide_cfata_metadata_inquiry(IDEState *s)
1660{
1661 uint16_t *p;
1662 uint32_t spd;
1663
1664 p = (uint16_t *) s->io_buffer;
1665 memset(p, 0, 0x200);
1666 spd = ((s->mdata_size - 1) >> 9) + 1;
1667
1668 put_le16(p + 0, 0x0001); /* Data format revision */
1669 put_le16(p + 1, 0x0000); /* Media property: silicon */
1670 put_le16(p + 2, s->media_changed); /* Media status */
1671 put_le16(p + 3, s->mdata_size & 0xffff); /* Capacity in bytes (low) */
1672 put_le16(p + 4, s->mdata_size >> 16); /* Capacity in bytes (high) */
1673 put_le16(p + 5, spd & 0xffff); /* Sectors per device (low) */
1674 put_le16(p + 6, spd >> 16); /* Sectors per device (high) */
1675}
1676
1677static void ide_cfata_metadata_read(IDEState *s)
1678{
1679 uint16_t *p;
1680
1681 if (((s->hcyl << 16) | s->lcyl) << 9 > s->mdata_size + 2) {
1682 s->status = ERR_STAT;
1683 s->error = ABRT_ERR;
1684 return;
1685 }
1686
1687 p = (uint16_t *) s->io_buffer;
1688 memset(p, 0, 0x200);
1689
1690 put_le16(p + 0, s->media_changed); /* Media status */
1691 memcpy(p + 1, s->mdata_storage + (((s->hcyl << 16) | s->lcyl) << 9),
1692 MIN(MIN(s->mdata_size - (((s->hcyl << 16) | s->lcyl) << 9),
1693 s->nsector << 9), 0x200 - 2));
1694}
1695
1696static void ide_cfata_metadata_write(IDEState *s)
1697{
1698 if (((s->hcyl << 16) | s->lcyl) << 9 > s->mdata_size + 2) {
1699 s->status = ERR_STAT;
1700 s->error = ABRT_ERR;
1701 return;
1702 }
1703
1704 s->media_changed = 0;
1705
1706 memcpy(s->mdata_storage + (((s->hcyl << 16) | s->lcyl) << 9),
1707 s->io_buffer + 2,
1708 MIN(MIN(s->mdata_size - (((s->hcyl << 16) | s->lcyl) << 9),
1709 s->nsector << 9), 0x200 - 2));
1710}
1711
bd491d6a
TS		 1712/* called when the inserted state of the media has changed */
1713static void cdrom_change_cb(void *opaque)
1714{
1715 IDEState *s = opaque;
1716 int64_t nb_sectors;
1717
1718 /* XXX: send interrupt too */
1719 bdrv_get_geometry(s->bs, &nb_sectors);
1720 s->nb_sectors = nb_sectors;
1721}
1722
c2ff060f
FB		 1723static void ide_cmd_lba48_transform(IDEState *s, int lba48)
1724{
1725 s->lba48 = lba48;
1726
1727 /* handle the 'magic' 0 nsector count conversion here. to avoid
1728 * fiddling with the rest of the read logic, we just store the
1729 * full sector count in ->nsector and ignore ->hob_nsector from now
1730 */
1731 if (!s->lba48) {
1732 if (!s->nsector)
1733 s->nsector = 256;
1734 } else {
1735 if (!s->nsector && !s->hob_nsector)
1736 s->nsector = 65536;
1737 else {
1738 int lo = s->nsector;
1739 int hi = s->hob_nsector;
1740
1741 s->nsector = (hi << 8) | lo;
1742 }
1743 }
1744}
1745
1746static void ide_clear_hob(IDEState *ide_if)
1747{
1748 /* any write clears HOB high bit of device control register */
1749 ide_if[0].select &= ~(1 << 7);
1750 ide_if[1].select &= ~(1 << 7);
1751}
1752
caed8802
FB		 1753static void ide_ioport_write(void *opaque, uint32_t addr, uint32_t val)
1754{
1755 IDEState *ide_if = opaque;
c45c3d00 1756 IDEState *s;
5391d806 1757 int unit, n;
c2ff060f 1758 int lba48 = 0;
5391d806
FB		 1759
1760#ifdef DEBUG_IDE
1761 printf("IDE: write addr=0x%x val=0x%02x\n", addr, val);
1762#endif
c2ff060f 1763
5391d806
FB		 1764 addr &= 7;
1765 switch(addr) {
1766 case 0:
1767 break;
1768 case 1:
c2ff060f 1769 ide_clear_hob(ide_if);
c45c3d00 1770 /* NOTE: data is written to the two drives */
c2ff060f
FB		 1771 ide_if[0].hob_feature = ide_if[0].feature;
1772 ide_if[1].hob_feature = ide_if[1].feature;
c45c3d00
FB		 1773 ide_if[0].feature = val;
1774 ide_if[1].feature = val;
5391d806
FB		 1775 break;
1776 case 2:
c2ff060f
FB		 1777 ide_clear_hob(ide_if);
1778 ide_if[0].hob_nsector = ide_if[0].nsector;
1779 ide_if[1].hob_nsector = ide_if[1].nsector;
c45c3d00
FB		 1780 ide_if[0].nsector = val;
1781 ide_if[1].nsector = val;
5391d806
FB		 1782 break;
1783 case 3:
c2ff060f
FB		 1784 ide_clear_hob(ide_if);
1785 ide_if[0].hob_sector = ide_if[0].sector;
1786 ide_if[1].hob_sector = ide_if[1].sector;
c45c3d00
FB		 1787 ide_if[0].sector = val;
1788 ide_if[1].sector = val;
5391d806
FB		 1789 break;
1790 case 4:
c2ff060f
FB		 1791 ide_clear_hob(ide_if);
1792 ide_if[0].hob_lcyl = ide_if[0].lcyl;
1793 ide_if[1].hob_lcyl = ide_if[1].lcyl;
c45c3d00
FB		 1794 ide_if[0].lcyl = val;
1795 ide_if[1].lcyl = val;
5391d806
FB		 1796 break;
1797 case 5:
c2ff060f
FB		 1798 ide_clear_hob(ide_if);
1799 ide_if[0].hob_hcyl = ide_if[0].hcyl;
1800 ide_if[1].hob_hcyl = ide_if[1].hcyl;
c45c3d00
FB		 1801 ide_if[0].hcyl = val;
1802 ide_if[1].hcyl = val;
5391d806
FB		 1803 break;
1804 case 6:
c2ff060f 1805 /* FIXME: HOB readback uses bit 7 */
7ae98627
FB		 1806 ide_if[0].select = (val & ~0x10) | 0xa0;
1807 ide_if[1].select = (val | 0x10) | 0xa0;
5391d806
FB		 1808 /* select drive */
1809 unit = (val >> 4) & 1;
1810 s = ide_if + unit;
1811 ide_if->cur_drive = s;
5391d806
FB		 1812 break;
1813 default:
1814 case 7:
1815 /* command */
1816#if defined(DEBUG_IDE)
1817 printf("ide: CMD=%02x\n", val);
1818#endif
c45c3d00 1819 s = ide_if->cur_drive;
66201e2d 1820 /* ignore commands to non existant slave */
5fafdf24 1821 if (s != ide_if && !s->bs)
66201e2d 1822 break;
c2ff060f 1823
5391d806
FB		 1824 switch(val) {
1825 case WIN_IDENTIFY:
1826 if (s->bs && !s->is_cdrom) {
201a51fc
AZ		 1827 if (!s->is_cf)
1828 ide_identify(s);
1829 else
1830 ide_cfata_identify(s);
2a282056 1831 s->status = READY_STAT | SEEK_STAT;
5391d806
FB		 1832 ide_transfer_start(s, s->io_buffer, 512, ide_transfer_stop);
1833 } else {
1834 if (s->is_cdrom) {
1835 ide_set_signature(s);
1836 }
1837 ide_abort_command(s);
1838 }
1839 ide_set_irq(s);
1840 break;
1841 case WIN_SPECIFY:
1842 case WIN_RECAL:
a136e5a8 1843 s->error = 0;
769bec72 1844 s->status = READY_STAT | SEEK_STAT;
5391d806
FB		 1845 ide_set_irq(s);
1846 break;
1847 case WIN_SETMULT:
201a51fc
AZ		 1848 if (s->is_cf && s->nsector == 0) {
1849 /* Disable Read and Write Multiple */
1850 s->mult_sectors = 0;
1851 s->status = READY_STAT;
1852 } else if ((s->nsector & 0xff) != 0 &&
39dfc926
TS		 1853 ((s->nsector & 0xff) > MAX_MULT_SECTORS ||
1854 (s->nsector & (s->nsector - 1)) != 0)) {
5391d806
FB		 1855 ide_abort_command(s);
1856 } else {
292eef5a 1857 s->mult_sectors = s->nsector & 0xff;
5391d806
FB		 1858 s->status = READY_STAT;
1859 }
1860 ide_set_irq(s);
1861 break;
c2ff060f
FB		 1862 case WIN_VERIFY_EXT:
1863 lba48 = 1;
4ce900b4
FB		 1864 case WIN_VERIFY:
1865 case WIN_VERIFY_ONCE:
1866 /* do sector number check ? */
c2ff060f 1867 ide_cmd_lba48_transform(s, lba48);
4ce900b4
FB		 1868 s->status = READY_STAT;
1869 ide_set_irq(s);
1870 break;
c2ff060f
FB		 1871 case WIN_READ_EXT:
1872 lba48 = 1;
5391d806
FB		 1873 case WIN_READ:
1874 case WIN_READ_ONCE:
5fafdf24 1875 if (!s->bs)
6b136f9e 1876 goto abort_cmd;
c2ff060f 1877 ide_cmd_lba48_transform(s, lba48);
5391d806
FB		 1878 s->req_nb_sectors = 1;
1879 ide_sector_read(s);
1880 break;
c2ff060f
FB		 1881 case WIN_WRITE_EXT:
1882 lba48 = 1;
5391d806
FB		 1883 case WIN_WRITE:
1884 case WIN_WRITE_ONCE:
201a51fc
AZ		 1885 case CFA_WRITE_SECT_WO_ERASE:
1886 case WIN_WRITE_VERIFY:
c2ff060f 1887 ide_cmd_lba48_transform(s, lba48);
a136e5a8 1888 s->error = 0;
f66723fa 1889 s->status = SEEK_STAT | READY_STAT;
5391d806
FB		 1890 s->req_nb_sectors = 1;
1891 ide_transfer_start(s, s->io_buffer, 512, ide_sector_write);
201a51fc 1892 s->media_changed = 1;
5391d806 1893 break;
c2ff060f
FB		 1894 case WIN_MULTREAD_EXT:
1895 lba48 = 1;
5391d806
FB		 1896 case WIN_MULTREAD:
1897 if (!s->mult_sectors)
1898 goto abort_cmd;
c2ff060f 1899 ide_cmd_lba48_transform(s, lba48);
5391d806
FB		 1900 s->req_nb_sectors = s->mult_sectors;
1901 ide_sector_read(s);
1902 break;
c2ff060f
FB		 1903 case WIN_MULTWRITE_EXT:
1904 lba48 = 1;
5391d806 1905 case WIN_MULTWRITE:
201a51fc 1906 case CFA_WRITE_MULTI_WO_ERASE:
5391d806
FB		 1907 if (!s->mult_sectors)
1908 goto abort_cmd;
c2ff060f 1909 ide_cmd_lba48_transform(s, lba48);
a136e5a8 1910 s->error = 0;
f66723fa 1911 s->status = SEEK_STAT | READY_STAT;
5391d806
FB		 1912 s->req_nb_sectors = s->mult_sectors;
1913 n = s->nsector;
1914 if (n > s->req_nb_sectors)
1915 n = s->req_nb_sectors;
1916 ide_transfer_start(s, s->io_buffer, 512 * n, ide_sector_write);
201a51fc 1917 s->media_changed = 1;
5391d806 1918 break;
c2ff060f
FB		 1919 case WIN_READDMA_EXT:
1920 lba48 = 1;
98087450
FB		 1921 case WIN_READDMA:
1922 case WIN_READDMA_ONCE:
5fafdf24 1923 if (!s->bs)
98087450 1924 goto abort_cmd;
c2ff060f 1925 ide_cmd_lba48_transform(s, lba48);
98087450
FB		 1926 ide_sector_read_dma(s);
1927 break;
c2ff060f
FB		 1928 case WIN_WRITEDMA_EXT:
1929 lba48 = 1;
98087450
FB		 1930 case WIN_WRITEDMA:
1931 case WIN_WRITEDMA_ONCE:
5fafdf24 1932 if (!s->bs)
98087450 1933 goto abort_cmd;
c2ff060f 1934 ide_cmd_lba48_transform(s, lba48);
98087450 1935 ide_sector_write_dma(s);
201a51fc 1936 s->media_changed = 1;
98087450 1937 break;
c2ff060f
FB		 1938 case WIN_READ_NATIVE_MAX_EXT:
1939 lba48 = 1;
5391d806 1940 case WIN_READ_NATIVE_MAX:
c2ff060f 1941 ide_cmd_lba48_transform(s, lba48);
5391d806
FB		 1942 ide_set_sector(s, s->nb_sectors - 1);
1943 s->status = READY_STAT;
1944 ide_set_irq(s);
1945 break;
a136e5a8 1946 case WIN_CHECKPOWERMODE1:
201a51fc 1947 case WIN_CHECKPOWERMODE2:
a136e5a8
FB		 1948 s->nsector = 0xff; /* device active or idle */
1949 s->status = READY_STAT;
1950 ide_set_irq(s);
1951 break;
34e538ae
FB		 1952 case WIN_SETFEATURES:
1953 if (!s->bs)
1954 goto abort_cmd;
1955 /* XXX: valid for CDROM ? */
1956 switch(s->feature) {
e1f63470
TS		 1957 case 0xcc: /* reverting to power-on defaults enable */
1958 case 0x66: /* reverting to power-on defaults disable */
34e538ae
FB		 1959 case 0x02: /* write cache enable */
1960 case 0x82: /* write cache disable */
1961 case 0xaa: /* read look-ahead enable */
1962 case 0x55: /* read look-ahead disable */
201a51fc
AZ		 1963 case 0x05: /* set advanced power management mode */
1964 case 0x85: /* disable advanced power management mode */
1965 case 0x69: /* NOP */
1966 case 0x67: /* NOP */
1967 case 0x96: /* NOP */
1968 case 0x9a: /* NOP */
c3e88d8c
TS		 1969 case 0x42: /* enable Automatic Acoustic Mode */
1970 case 0xc2: /* disable Automatic Acoustic Mode */
e0fe67aa 1971 s->status = READY_STAT | SEEK_STAT;
34e538ae
FB		 1972 ide_set_irq(s);
1973 break;
94458802
FB		 1974 case 0x03: { /* set transfer mode */
1975 uint8_t val = s->nsector & 0x07;
1976
1977 switch (s->nsector >> 3) {
1978 case 0x00: /* pio default */
1979 case 0x01: /* pio mode */
1980 put_le16(s->identify_data + 63,0x07);
1981 put_le16(s->identify_data + 88,0x3f);
1982 break;
1983 case 0x04: /* mdma mode */
1984 put_le16(s->identify_data + 63,0x07 | (1 << (val + 8)));
1985 put_le16(s->identify_data + 88,0x3f);
1986 break;
1987 case 0x08: /* udma mode */
1988 put_le16(s->identify_data + 63,0x07);
1989 put_le16(s->identify_data + 88,0x3f | (1 << (val + 8)));
1990 break;
1991 default:
1992 goto abort_cmd;
1993 }
1994 s->status = READY_STAT | SEEK_STAT;
1995 ide_set_irq(s);
1996 break;
1997 }
34e538ae
FB		 1998 default:
1999 goto abort_cmd;
2000 }
2001 break;
c2ff060f
FB		 2002 case WIN_FLUSH_CACHE:
2003 case WIN_FLUSH_CACHE_EXT:
7a6cba61
PB		 2004 if (s->bs)
2005 bdrv_flush(s->bs);
2006 s->status = READY_STAT;
2007 ide_set_irq(s);
2008 break;
c3e88d8c
TS		 2009 case WIN_STANDBY:
2010 case WIN_STANDBY2:
2011 case WIN_STANDBYNOW1:
201a51fc 2012 case WIN_STANDBYNOW2:
c451ee71 2013 case WIN_IDLEIMMEDIATE:
201a51fc
AZ		 2014 case CFA_IDLEIMMEDIATE:
2015 case WIN_SETIDLE1:
2016 case WIN_SETIDLE2:
c3e88d8c
TS		 2017 case WIN_SLEEPNOW1:
2018 case WIN_SLEEPNOW2:
2019 s->status = READY_STAT;
a7dfe172
FB		 2020 ide_set_irq(s);
2021 break;
5391d806
FB		 2022 /* ATAPI commands */
2023 case WIN_PIDENTIFY:
2024 if (s->is_cdrom) {
2025 ide_atapi_identify(s);
1298fe63 2026 s->status = READY_STAT | SEEK_STAT;
5391d806
FB		 2027 ide_transfer_start(s, s->io_buffer, 512, ide_transfer_stop);
2028 } else {
2029 ide_abort_command(s);
2030 }
2031 ide_set_irq(s);
2032 break;
c451ee71
FB		 2033 case WIN_DIAGNOSE:
2034 ide_set_signature(s);
2035 s->status = 0x00; /* NOTE: READY is _not_ set */
2036 s->error = 0x01;
2037 break;
5391d806
FB		 2038 case WIN_SRST:
2039 if (!s->is_cdrom)
2040 goto abort_cmd;
2041 ide_set_signature(s);
6b136f9e 2042 s->status = 0x00; /* NOTE: READY is _not_ set */
5391d806
FB		 2043 s->error = 0x01;
2044 break;
2045 case WIN_PACKETCMD:
2046 if (!s->is_cdrom)
2047 goto abort_cmd;
98087450
FB		 2048 /* overlapping commands not supported */
2049 if (s->feature & 0x02)
5391d806 2050 goto abort_cmd;
7603d156 2051 s->status = READY_STAT;
98087450 2052 s->atapi_dma = s->feature & 1;
5391d806 2053 s->nsector = 1;
5fafdf24 2054 ide_transfer_start(s, s->io_buffer, ATAPI_PACKET_SIZE,
5391d806
FB		 2055 ide_atapi_cmd);
2056 break;
201a51fc
AZ		 2057 /* CF-ATA commands */
2058 case CFA_REQ_EXT_ERROR_CODE:
2059 if (!s->is_cf)
2060 goto abort_cmd;
2061 s->error = 0x09; /* miscellaneous error */
2062 s->status = READY_STAT;
2063 ide_set_irq(s);
2064 break;
2065 case CFA_ERASE_SECTORS:
2066 case CFA_WEAR_LEVEL:
2067 if (!s->is_cf)
2068 goto abort_cmd;
2069 if (val == CFA_WEAR_LEVEL)
2070 s->nsector = 0;
2071 if (val == CFA_ERASE_SECTORS)
2072 s->media_changed = 1;
2073 s->error = 0x00;
2074 s->status = READY_STAT;
2075 ide_set_irq(s);
2076 break;
2077 case CFA_TRANSLATE_SECTOR:
2078 if (!s->is_cf)
2079 goto abort_cmd;
2080 s->error = 0x00;
2081 s->status = READY_STAT;
2082 memset(s->io_buffer, 0, 0x200);
2083 s->io_buffer[0x00] = s->hcyl; /* Cyl MSB */
2084 s->io_buffer[0x01] = s->lcyl; /* Cyl LSB */
2085 s->io_buffer[0x02] = s->select; /* Head */
2086 s->io_buffer[0x03] = s->sector; /* Sector */
2087 s->io_buffer[0x04] = ide_get_sector(s) >> 16; /* LBA MSB */
2088 s->io_buffer[0x05] = ide_get_sector(s) >> 8; /* LBA */
2089 s->io_buffer[0x06] = ide_get_sector(s) >> 0; /* LBA LSB */
2090 s->io_buffer[0x13] = 0x00; /* Erase flag */
2091 s->io_buffer[0x18] = 0x00; /* Hot count */
2092 s->io_buffer[0x19] = 0x00; /* Hot count */
2093 s->io_buffer[0x1a] = 0x01; /* Hot count */
2094 ide_transfer_start(s, s->io_buffer, 0x200, ide_transfer_stop);
2095 ide_set_irq(s);
2096 break;
2097 case CFA_ACCESS_METADATA_STORAGE:
2098 if (!s->is_cf)
2099 goto abort_cmd;
2100 switch (s->feature) {
2101 case 0x02: /* Inquiry Metadata Storage */
2102 ide_cfata_metadata_inquiry(s);
2103 break;
2104 case 0x03: /* Read Metadata Storage */
2105 ide_cfata_metadata_read(s);
2106 break;
2107 case 0x04: /* Write Metadata Storage */
2108 ide_cfata_metadata_write(s);
2109 break;
2110 default:
2111 goto abort_cmd;
2112 }
2113 ide_transfer_start(s, s->io_buffer, 0x200, ide_transfer_stop);
2114 s->status = 0x00; /* NOTE: READY is _not_ set */
2115 ide_set_irq(s);
2116 break;
2117 case IBM_SENSE_CONDITION:
2118 if (!s->is_cf)
2119 goto abort_cmd;
2120 switch (s->feature) {
2121 case 0x01: /* sense temperature in device */
2122 s->nsector = 0x50; /* +20 C */
2123 break;
2124 default:
2125 goto abort_cmd;
2126 }
2127 s->status = READY_STAT;
2128 ide_set_irq(s);
2129 break;
5391d806
FB		 2130 default:
2131 abort_cmd:
2132 ide_abort_command(s);
2133 ide_set_irq(s);
2134 break;
2135 }
2136 }
2137}
2138
caed8802 2139static uint32_t ide_ioport_read(void *opaque, uint32_t addr1)
5391d806 2140{
7ae98627
FB		 2141 IDEState *ide_if = opaque;
2142 IDEState *s = ide_if->cur_drive;
5391d806 2143 uint32_t addr;
c2ff060f 2144 int ret, hob;
5391d806
FB		 2145
2146 addr = addr1 & 7;
c2ff060f
FB		 2147 /* FIXME: HOB readback uses bit 7, but it's always set right now */
2148 //hob = s->select & (1 << 7);
2149 hob = 0;
5391d806
FB		 2150 switch(addr) {
2151 case 0:
2152 ret = 0xff;
2153 break;
2154 case 1:
7ae98627 2155 if (!ide_if[0].bs && !ide_if[1].bs)
c45c3d00 2156 ret = 0;
c2ff060f 2157 else if (!hob)
c45c3d00 2158 ret = s->error;
c2ff060f
FB		 2159 else
2160 ret = s->hob_feature;
5391d806
FB		 2161 break;
2162 case 2:
7ae98627 2163 if (!ide_if[0].bs && !ide_if[1].bs)
c45c3d00 2164 ret = 0;
c2ff060f 2165 else if (!hob)
c45c3d00 2166 ret = s->nsector & 0xff;
c2ff060f
FB		 2167 else
2168 ret = s->hob_nsector;
5391d806
FB		 2169 break;
2170 case 3:
7ae98627 2171 if (!ide_if[0].bs && !ide_if[1].bs)
c45c3d00 2172 ret = 0;
c2ff060f 2173 else if (!hob)
c45c3d00 2174 ret = s->sector;
c2ff060f
FB		 2175 else
2176 ret = s->hob_sector;
5391d806
FB		 2177 break;
2178 case 4:
7ae98627 2179 if (!ide_if[0].bs && !ide_if[1].bs)
c45c3d00 2180 ret = 0;
c2ff060f 2181 else if (!hob)
c45c3d00 2182 ret = s->lcyl;
c2ff060f
FB		 2183 else
2184 ret = s->hob_lcyl;
5391d806
FB		 2185 break;
2186 case 5:
7ae98627 2187 if (!ide_if[0].bs && !ide_if[1].bs)
c45c3d00 2188 ret = 0;
c2ff060f 2189 else if (!hob)
c45c3d00 2190 ret = s->hcyl;
c2ff060f
FB		 2191 else
2192 ret = s->hob_hcyl;
5391d806
FB		 2193 break;
2194 case 6:
7ae98627 2195 if (!ide_if[0].bs && !ide_if[1].bs)
c45c3d00
FB		 2196 ret = 0;
2197 else
7ae98627 2198 ret = s->select;
5391d806
FB		 2199 break;
2200 default:
2201 case 7:
66201e2d
FB		 2202 if ((!ide_if[0].bs && !ide_if[1].bs) ||
2203 (s != ide_if && !s->bs))
c45c3d00
FB		 2204 ret = 0;
2205 else
2206 ret = s->status;
d537cf6c 2207 qemu_irq_lower(s->irq);
5391d806
FB		 2208 break;
2209 }
2210#ifdef DEBUG_IDE
2211 printf("ide: read addr=0x%x val=%02x\n", addr1, ret);
2212#endif
2213 return ret;
2214}
2215
caed8802 2216static uint32_t ide_status_read(void *opaque, uint32_t addr)
5391d806 2217{
7ae98627
FB		 2218 IDEState *ide_if = opaque;
2219 IDEState *s = ide_if->cur_drive;
5391d806 2220 int ret;
7ae98627 2221
66201e2d
FB		 2222 if ((!ide_if[0].bs && !ide_if[1].bs) ||
2223 (s != ide_if && !s->bs))
7ae98627
FB		 2224 ret = 0;
2225 else
2226 ret = s->status;
5391d806
FB		 2227#ifdef DEBUG_IDE
2228 printf("ide: read status addr=0x%x val=%02x\n", addr, ret);
2229#endif
2230 return ret;
2231}
2232
caed8802 2233static void ide_cmd_write(void *opaque, uint32_t addr, uint32_t val)
5391d806 2234{
caed8802 2235 IDEState *ide_if = opaque;
5391d806
FB		 2236 IDEState *s;
2237 int i;
2238
2239#ifdef DEBUG_IDE
2240 printf("ide: write control addr=0x%x val=%02x\n", addr, val);
2241#endif
2242 /* common for both drives */
2243 if (!(ide_if[0].cmd & IDE_CMD_RESET) &&
2244 (val & IDE_CMD_RESET)) {
2245 /* reset low to high */
2246 for(i = 0;i < 2; i++) {
2247 s = &ide_if[i];
2248 s->status = BUSY_STAT | SEEK_STAT;
2249 s->error = 0x01;
2250 }
2251 } else if ((ide_if[0].cmd & IDE_CMD_RESET) &&
2252 !(val & IDE_CMD_RESET)) {
2253 /* high to low */
2254 for(i = 0;i < 2; i++) {
2255 s = &ide_if[i];
6b136f9e
FB		 2256 if (s->is_cdrom)
2257 s->status = 0x00; /* NOTE: READY is _not_ set */
2258 else
56bf1d37 2259 s->status = READY_STAT | SEEK_STAT;
5391d806
FB		 2260 ide_set_signature(s);
2261 }
2262 }
2263
2264 ide_if[0].cmd = val;
2265 ide_if[1].cmd = val;
2266}
2267
caed8802 2268static void ide_data_writew(void *opaque, uint32_t addr, uint32_t val)
5391d806 2269{
caed8802 2270 IDEState *s = ((IDEState *)opaque)->cur_drive;
5391d806
FB		 2271 uint8_t *p;
2272
2273 p = s->data_ptr;
0c4ad8dc 2274 *(uint16_t *)p = le16_to_cpu(val);
5391d806
FB		 2275 p += 2;
2276 s->data_ptr = p;
2277 if (p >= s->data_end)
2278 s->end_transfer_func(s);
2279}
2280
caed8802 2281static uint32_t ide_data_readw(void *opaque, uint32_t addr)
5391d806 2282{
caed8802 2283 IDEState *s = ((IDEState *)opaque)->cur_drive;
5391d806
FB		 2284 uint8_t *p;
2285 int ret;
2286 p = s->data_ptr;
0c4ad8dc 2287 ret = cpu_to_le16(*(uint16_t *)p);
5391d806
FB		 2288 p += 2;
2289 s->data_ptr = p;
2290 if (p >= s->data_end)
2291 s->end_transfer_func(s);
2292 return ret;
2293}
2294
caed8802 2295static void ide_data_writel(void *opaque, uint32_t addr, uint32_t val)
5391d806 2296{
caed8802 2297 IDEState *s = ((IDEState *)opaque)->cur_drive;
5391d806
FB		 2298 uint8_t *p;
2299
2300 p = s->data_ptr;
0c4ad8dc 2301 *(uint32_t *)p = le32_to_cpu(val);
5391d806
FB		 2302 p += 4;
2303 s->data_ptr = p;
2304 if (p >= s->data_end)
2305 s->end_transfer_func(s);
2306}
2307
caed8802 2308static uint32_t ide_data_readl(void *opaque, uint32_t addr)
5391d806 2309{
caed8802 2310 IDEState *s = ((IDEState *)opaque)->cur_drive;
5391d806
FB		 2311 uint8_t *p;
2312 int ret;
3b46e624 2313
5391d806 2314 p = s->data_ptr;
0c4ad8dc 2315 ret = cpu_to_le32(*(uint32_t *)p);
5391d806
FB		 2316 p += 4;
2317 s->data_ptr = p;
2318 if (p >= s->data_end)
2319 s->end_transfer_func(s);
2320 return ret;
2321}
2322
a7dfe172
FB		 2323static void ide_dummy_transfer_stop(IDEState *s)
2324{
2325 s->data_ptr = s->io_buffer;
2326 s->data_end = s->io_buffer;
2327 s->io_buffer[0] = 0xff;
2328 s->io_buffer[1] = 0xff;
2329 s->io_buffer[2] = 0xff;
2330 s->io_buffer[3] = 0xff;
2331}
2332
5391d806
FB		 2333static void ide_reset(IDEState *s)
2334{
201a51fc
AZ		 2335 if (s->is_cf)
2336 s->mult_sectors = 0;
2337 else
2338 s->mult_sectors = MAX_MULT_SECTORS;
5391d806
FB		 2339 s->cur_drive = s;
2340 s->select = 0xa0;
2341 s->status = READY_STAT;
2342 ide_set_signature(s);
a7dfe172
FB		 2343 /* init the transfer handler so that 0xffff is returned on data
2344 accesses */
2345 s->end_transfer_func = ide_dummy_transfer_stop;
2346 ide_dummy_transfer_stop(s);
201a51fc 2347 s->media_changed = 0;
5391d806
FB		 2348}
2349
2350struct partition {
2351 uint8_t boot_ind; /* 0x80 - active */
2352 uint8_t head; /* starting head */
2353 uint8_t sector; /* starting sector */
2354 uint8_t cyl; /* starting cylinder */
2355 uint8_t sys_ind; /* What partition type */
2356 uint8_t end_head; /* end head */
2357 uint8_t end_sector; /* end sector */
2358 uint8_t end_cyl; /* end cylinder */
2359 uint32_t start_sect; /* starting sector counting from 0 */
2360 uint32_t nr_sects; /* nr of sectors in partition */
2361} __attribute__((packed));
2362
bf1b938f 2363/* try to guess the disk logical geometry from the MSDOS partition table. Return 0 if OK, -1 if could not guess */
5fafdf24 2364static int guess_disk_lchs(IDEState *s,
bf1b938f 2365 int *pcylinders, int *pheads, int *psectors)
5391d806
FB		 2366{
2367 uint8_t buf[512];
46d4767d 2368 int ret, i, heads, sectors, cylinders;
5391d806
FB		 2369 struct partition *p;
2370 uint32_t nr_sects;
2371
5391d806
FB		 2372 ret = bdrv_read(s->bs, 0, buf, 1);
2373 if (ret < 0)
bf1b938f 2374 return -1;
5391d806
FB		 2375 /* test msdos magic */
2376 if (buf[510] != 0x55 || buf[511] != 0xaa)
bf1b938f 2377 return -1;
5391d806
FB		 2378 for(i = 0; i < 4; i++) {
2379 p = ((struct partition *)(buf + 0x1be)) + i;
0c4ad8dc 2380 nr_sects = le32_to_cpu(p->nr_sects);
5391d806
FB		 2381 if (nr_sects && p->end_head) {
2382 /* We make the assumption that the partition terminates on
2383 a cylinder boundary */
46d4767d 2384 heads = p->end_head + 1;
46d4767d
FB		 2385 sectors = p->end_sector & 63;
2386 if (sectors == 0)
2387 continue;
2388 cylinders = s->nb_sectors / (heads * sectors);
2389 if (cylinders < 1 || cylinders > 16383)
2390 continue;
bf1b938f
FB		 2391 *pheads = heads;
2392 *psectors = sectors;
2393 *pcylinders = cylinders;
5391d806 2394#if 0
5fafdf24 2395 printf("guessed geometry: LCHS=%d %d %d\n",
bf1b938f 2396 cylinders, heads, sectors);
5391d806 2397#endif
bf1b938f 2398 return 0;
5391d806
FB		 2399 }
2400 }
bf1b938f 2401 return -1;
5391d806
FB		 2402}
2403
5457c8ce
FB		 2404static void ide_init2(IDEState *ide_state,
2405 BlockDriverState *hd0, BlockDriverState *hd1,
d537cf6c 2406 qemu_irq irq)
5391d806 2407{
69b91039 2408 IDEState *s;
aedf5382 2409 static int drive_serial = 1;
4dbb0f50 2410 int i, cylinders, heads, secs, translation, lba_detected = 0;
5391d806 2411 int64_t nb_sectors;
5391d806 2412
caed8802
FB		 2413 for(i = 0; i < 2; i++) {
2414 s = ide_state + i;
2415 if (i == 0)
2416 s->bs = hd0;
2417 else
2418 s->bs = hd1;
5391d806
FB		 2419 if (s->bs) {
2420 bdrv_get_geometry(s->bs, &nb_sectors);
2421 s->nb_sectors = nb_sectors;
caed8802
FB		 2422 /* if a geometry hint is available, use it */
2423 bdrv_get_geometry_hint(s->bs, &cylinders, &heads, &secs);
4dbb0f50 2424 translation = bdrv_get_translation_hint(s->bs);
caed8802 2425 if (cylinders != 0) {
5391d806 2426 s->cylinders = cylinders;
caed8802
FB		 2427 s->heads = heads;
2428 s->sectors = secs;
2429 } else {
bf1b938f
FB		 2430 if (guess_disk_lchs(s, &cylinders, &heads, &secs) == 0) {
2431 if (heads > 16) {
2432 /* if heads > 16, it means that a BIOS LBA
2433 translation was active, so the default
2434 hardware geometry is OK */
4dbb0f50 2435 lba_detected = 1;
bf1b938f
FB		 2436 goto default_geometry;
2437 } else {
2438 s->cylinders = cylinders;
2439 s->heads = heads;
2440 s->sectors = secs;
2441 /* disable any translation to be in sync with
2442 the logical geometry */
bf1b938f
FB		 2443 if (translation == BIOS_ATA_TRANSLATION_AUTO) {
2444 bdrv_set_translation_hint(s->bs,
2445 BIOS_ATA_TRANSLATION_NONE);
2446 }
2447 }
2448 } else {
2449 default_geometry:
46d4767d 2450 /* if no geometry, use a standard physical disk geometry */
caed8802
FB		 2451 cylinders = nb_sectors / (16 * 63);
2452 if (cylinders > 16383)
2453 cylinders = 16383;
2454 else if (cylinders < 2)
2455 cylinders = 2;
2456 s->cylinders = cylinders;
2457 s->heads = 16;
2458 s->sectors = 63;
4dbb0f50
TS		 2459 if ((lba_detected == 1) && (translation == BIOS_ATA_TRANSLATION_AUTO)) {
2460 if ((s->cylinders * s->heads) <= 131072) {
2461 bdrv_set_translation_hint(s->bs,
2462 BIOS_ATA_TRANSLATION_LARGE);
2463 } else {
2464 bdrv_set_translation_hint(s->bs,
2465 BIOS_ATA_TRANSLATION_LBA);
2466 }
2467 }
caed8802 2468 }
769bec72 2469 bdrv_set_geometry_hint(s->bs, s->cylinders, s->heads, s->sectors);
caed8802
FB		 2470 }
2471 if (bdrv_get_type_hint(s->bs) == BDRV_TYPE_CDROM) {
2472 s->is_cdrom = 1;
bd491d6a 2473 bdrv_set_change_cb(s->bs, cdrom_change_cb, s);
5391d806
FB		 2474 }
2475 }
aedf5382 2476 s->drive_serial = drive_serial++;
caed8802 2477 s->irq = irq;
5fafdf24 2478 s->sector_write_timer = qemu_new_timer(vm_clock,
a09db21f 2479 ide_sector_write_timer_cb, s);
5391d806
FB		 2480 ide_reset(s);
2481 }
69b91039
FB		 2482}
2483
34e538ae 2484static void ide_init_ioport(IDEState *ide_state, int iobase, int iobase2)
69b91039 2485{
caed8802
FB		 2486 register_ioport_write(iobase, 8, 1, ide_ioport_write, ide_state);
2487 register_ioport_read(iobase, 8, 1, ide_ioport_read, ide_state);
2488 if (iobase2) {
2489 register_ioport_read(iobase2, 1, 1, ide_status_read, ide_state);
2490 register_ioport_write(iobase2, 1, 1, ide_cmd_write, ide_state);
5391d806 2491 }
3b46e624 2492
caed8802
FB		 2493 /* data ports */
2494 register_ioport_write(iobase, 2, 2, ide_data_writew, ide_state);
2495 register_ioport_read(iobase, 2, 2, ide_data_readw, ide_state);
2496 register_ioport_write(iobase, 4, 4, ide_data_writel, ide_state);
2497 register_ioport_read(iobase, 4, 4, ide_data_readl, ide_state);
5391d806 2498}
69b91039 2499
aa941b94
AZ		 2500/* save per IDE drive data */
2501static void ide_save(QEMUFile* f, IDEState *s)
2502{
2503 qemu_put_be32s(f, &s->mult_sectors);
2504 qemu_put_be32s(f, &s->identify_set);
2505 if (s->identify_set) {
2506 qemu_put_buffer(f, (const uint8_t *)s->identify_data, 512);
2507 }
2508 qemu_put_8s(f, &s->feature);
2509 qemu_put_8s(f, &s->error);
2510 qemu_put_be32s(f, &s->nsector);
2511 qemu_put_8s(f, &s->sector);
2512 qemu_put_8s(f, &s->lcyl);
2513 qemu_put_8s(f, &s->hcyl);
2514 qemu_put_8s(f, &s->hob_feature);
2515 qemu_put_8s(f, &s->hob_nsector);
2516 qemu_put_8s(f, &s->hob_sector);
2517 qemu_put_8s(f, &s->hob_lcyl);
2518 qemu_put_8s(f, &s->hob_hcyl);
2519 qemu_put_8s(f, &s->select);
2520 qemu_put_8s(f, &s->status);
2521 qemu_put_8s(f, &s->lba48);
2522
2523 qemu_put_8s(f, &s->sense_key);
2524 qemu_put_8s(f, &s->asc);
2525 /* XXX: if a transfer is pending, we do not save it yet */
2526}
2527
2528/* load per IDE drive data */
2529static void ide_load(QEMUFile* f, IDEState *s)
2530{
2531 qemu_get_be32s(f, &s->mult_sectors);
2532 qemu_get_be32s(f, &s->identify_set);
2533 if (s->identify_set) {
2534 qemu_get_buffer(f, (uint8_t *)s->identify_data, 512);
2535 }
2536 qemu_get_8s(f, &s->feature);
2537 qemu_get_8s(f, &s->error);
2538 qemu_get_be32s(f, &s->nsector);
2539 qemu_get_8s(f, &s->sector);
2540 qemu_get_8s(f, &s->lcyl);
2541 qemu_get_8s(f, &s->hcyl);
2542 qemu_get_8s(f, &s->hob_feature);
2543 qemu_get_8s(f, &s->hob_nsector);
2544 qemu_get_8s(f, &s->hob_sector);
2545 qemu_get_8s(f, &s->hob_lcyl);
2546 qemu_get_8s(f, &s->hob_hcyl);
2547 qemu_get_8s(f, &s->select);
2548 qemu_get_8s(f, &s->status);
2549 qemu_get_8s(f, &s->lba48);
2550
2551 qemu_get_8s(f, &s->sense_key);
2552 qemu_get_8s(f, &s->asc);
2553 /* XXX: if a transfer is pending, we do not save it yet */
2554}
2555
34e538ae
FB		 2556/***********************************************************/
2557/* ISA IDE definitions */
2558
d537cf6c 2559void isa_ide_init(int iobase, int iobase2, qemu_irq irq,
34e538ae
FB		 2560 BlockDriverState *hd0, BlockDriverState *hd1)
2561{
2562 IDEState *ide_state;
2563
2564 ide_state = qemu_mallocz(sizeof(IDEState) * 2);
2565 if (!ide_state)
2566 return;
3b46e624 2567
d537cf6c 2568 ide_init2(ide_state, hd0, hd1, irq);
34e538ae
FB		 2569 ide_init_ioport(ide_state, iobase, iobase2);
2570}
2571
69b91039
FB		 2572/***********************************************************/
2573/* PCI IDE definitions */
2574
5457c8ce
FB		 2575static void cmd646_update_irq(PCIIDEState *d);
2576
5fafdf24 2577static void ide_map(PCIDevice *pci_dev, int region_num,
69b91039
FB		 2578 uint32_t addr, uint32_t size, int type)
2579{
2580 PCIIDEState *d = (PCIIDEState *)pci_dev;
2581 IDEState *ide_state;
2582
2583 if (region_num <= 3) {
2584 ide_state = &d->ide_if[(region_num >> 1) * 2];
2585 if (region_num & 1) {
2586 register_ioport_read(addr + 2, 1, 1, ide_status_read, ide_state);
2587 register_ioport_write(addr + 2, 1, 1, ide_cmd_write, ide_state);
2588 } else {
2589 register_ioport_write(addr, 8, 1, ide_ioport_write, ide_state);
2590 register_ioport_read(addr, 8, 1, ide_ioport_read, ide_state);
2591
2592 /* data ports */
2593 register_ioport_write(addr, 2, 2, ide_data_writew, ide_state);
2594 register_ioport_read(addr, 2, 2, ide_data_readw, ide_state);
2595 register_ioport_write(addr, 4, 4, ide_data_writel, ide_state);
2596 register_ioport_read(addr, 4, 4, ide_data_readl, ide_state);
2597 }
2598 }
2599}
2600
8ccad811 2601static void ide_dma_start(IDEState *s, BlockDriverCompletionFunc *dma_cb)
98087450
FB		 2602{
2603 BMDMAState *bm = s->bmdma;
2604 if(!bm)
2605 return;
2606 bm->ide_if = s;
2607 bm->dma_cb = dma_cb;
8ccad811
FB		 2608 bm->cur_prd_last = 0;
2609 bm->cur_prd_addr = 0;
2610 bm->cur_prd_len = 0;
98087450 2611 if (bm->status & BM_STATUS_DMAING) {
8ccad811 2612 bm->dma_cb(bm, 0);
98087450
FB		 2613 }
2614}
2615
98087450
FB		 2616static void bmdma_cmd_writeb(void *opaque, uint32_t addr, uint32_t val)
2617{
2618 BMDMAState *bm = opaque;
2619#ifdef DEBUG_IDE
2620 printf("%s: 0x%08x\n", __func__, val);
2621#endif
2622 if (!(val & BM_CMD_START)) {
2623 /* XXX: do it better */
8ccad811
FB		 2624 if (bm->status & BM_STATUS_DMAING) {
2625 bm->status &= ~BM_STATUS_DMAING;
2626 /* cancel DMA request */
2627 bm->ide_if = NULL;
2628 bm->dma_cb = NULL;
2629 if (bm->aiocb) {
2630#ifdef DEBUG_AIO
2631 printf("aio_cancel\n");
2632#endif
2633 bdrv_aio_cancel(bm->aiocb);
2634 bm->aiocb = NULL;
2635 }
2636 }
98087450
FB		 2637 bm->cmd = val & 0x09;
2638 } else {
8ccad811
FB		 2639 if (!(bm->status & BM_STATUS_DMAING)) {
2640 bm->status |= BM_STATUS_DMAING;
2641 /* start dma transfer if possible */
2642 if (bm->dma_cb)
2643 bm->dma_cb(bm, 0);
2644 }
98087450 2645 bm->cmd = val & 0x09;
98087450
FB		 2646 }
2647}
2648
5457c8ce 2649static uint32_t bmdma_readb(void *opaque, uint32_t addr)
98087450
FB		 2650{
2651 BMDMAState *bm = opaque;
5457c8ce 2652 PCIIDEState *pci_dev;
98087450 2653 uint32_t val;
3b46e624 2654
5457c8ce 2655 switch(addr & 3) {
5fafdf24 2656 case 0:
5457c8ce
FB		 2657 val = bm->cmd;
2658 break;
2659 case 1:
2660 pci_dev = bm->pci_dev;
2661 if (pci_dev->type == IDE_TYPE_CMD646) {
2662 val = pci_dev->dev.config[MRDMODE];
2663 } else {
2664 val = 0xff;
2665 }
2666 break;
2667 case 2:
2668 val = bm->status;
2669 break;
2670 case 3:
2671 pci_dev = bm->pci_dev;
2672 if (pci_dev->type == IDE_TYPE_CMD646) {
2673 if (bm == &pci_dev->bmdma[0])
2674 val = pci_dev->dev.config[UDIDETCR0];
2675 else
2676 val = pci_dev->dev.config[UDIDETCR1];
2677 } else {
2678 val = 0xff;
2679 }
2680 break;
2681 default:
2682 val = 0xff;
2683 break;
2684 }
98087450 2685#ifdef DEBUG_IDE
5457c8ce 2686 printf("bmdma: readb 0x%02x : 0x%02x\n", addr, val);
98087450
FB		 2687#endif
2688 return val;
2689}
2690
5457c8ce 2691static void bmdma_writeb(void *opaque, uint32_t addr, uint32_t val)
98087450
FB		 2692{
2693 BMDMAState *bm = opaque;
5457c8ce 2694 PCIIDEState *pci_dev;
98087450 2695#ifdef DEBUG_IDE
5457c8ce 2696 printf("bmdma: writeb 0x%02x : 0x%02x\n", addr, val);
98087450 2697#endif
5457c8ce
FB		 2698 switch(addr & 3) {
2699 case 1:
2700 pci_dev = bm->pci_dev;
2701 if (pci_dev->type == IDE_TYPE_CMD646) {
5fafdf24 2702 pci_dev->dev.config[MRDMODE] =
5457c8ce
FB		 2703 (pci_dev->dev.config[MRDMODE] & ~0x30) | (val & 0x30);
2704 cmd646_update_irq(pci_dev);
2705 }
2706 break;
2707 case 2:
2708 bm->status = (val & 0x60) | (bm->status & 1) | (bm->status & ~val & 0x06);
2709 break;
2710 case 3:
2711 pci_dev = bm->pci_dev;
2712 if (pci_dev->type == IDE_TYPE_CMD646) {
2713 if (bm == &pci_dev->bmdma[0])
2714 pci_dev->dev.config[UDIDETCR0] = val;
2715 else
2716 pci_dev->dev.config[UDIDETCR1] = val;
2717 }
2718 break;
2719 }
98087450
FB		 2720}
2721
2722static uint32_t bmdma_addr_readl(void *opaque, uint32_t addr)
2723{
2724 BMDMAState *bm = opaque;
2725 uint32_t val;
2726 val = bm->addr;
2727#ifdef DEBUG_IDE
2728 printf("%s: 0x%08x\n", __func__, val);
2729#endif
2730 return val;
2731}
2732
2733static void bmdma_addr_writel(void *opaque, uint32_t addr, uint32_t val)
2734{
2735 BMDMAState *bm = opaque;
2736#ifdef DEBUG_IDE
2737 printf("%s: 0x%08x\n", __func__, val);
2738#endif
2739 bm->addr = val & ~3;
30c4bbac 2740 bm->cur_addr = bm->addr;
98087450
FB		 2741}
2742
5fafdf24 2743static void bmdma_map(PCIDevice *pci_dev, int region_num,
98087450
FB		 2744 uint32_t addr, uint32_t size, int type)
2745{
2746 PCIIDEState *d = (PCIIDEState *)pci_dev;
2747 int i;
2748
2749 for(i = 0;i < 2; i++) {
2750 BMDMAState *bm = &d->bmdma[i];
2751 d->ide_if[2 * i].bmdma = bm;
2752 d->ide_if[2 * i + 1].bmdma = bm;
5457c8ce
FB		 2753 bm->pci_dev = (PCIIDEState *)pci_dev;
2754
98087450 2755 register_ioport_write(addr, 1, 1, bmdma_cmd_writeb, bm);
98087450 2756
5457c8ce
FB		 2757 register_ioport_write(addr + 1, 3, 1, bmdma_writeb, bm);
2758 register_ioport_read(addr, 4, 1, bmdma_readb, bm);
98087450
FB		 2759
2760 register_ioport_write(addr + 4, 4, 4, bmdma_addr_writel, bm);
2761 register_ioport_read(addr + 4, 4, 4, bmdma_addr_readl, bm);
2762 addr += 8;
2763 }
2764}
2765
5457c8ce
FB		 2766/* XXX: call it also when the MRDMODE is changed from the PCI config
2767 registers */
2768static void cmd646_update_irq(PCIIDEState *d)
2769{
2770 int pci_level;
2771 pci_level = ((d->dev.config[MRDMODE] & MRDMODE_INTR_CH0) &&
2772 !(d->dev.config[MRDMODE] & MRDMODE_BLK_CH0)) ||
2773 ((d->dev.config[MRDMODE] & MRDMODE_INTR_CH1) &&
2774 !(d->dev.config[MRDMODE] & MRDMODE_BLK_CH1));
d537cf6c 2775 qemu_set_irq(d->dev.irq[0], pci_level);
5457c8ce
FB		 2776}
2777
2778/* the PCI irq level is the logical OR of the two channels */
2779static void cmd646_set_irq(void *opaque, int channel, int level)
2780{
2781 PCIIDEState *d = opaque;
2782 int irq_mask;
2783
2784 irq_mask = MRDMODE_INTR_CH0 << channel;
2785 if (level)
2786 d->dev.config[MRDMODE] |= irq_mask;
2787 else
2788 d->dev.config[MRDMODE] &= ~irq_mask;
2789 cmd646_update_irq(d);
2790}
2791
2792/* CMD646 PCI IDE controller */
2793void pci_cmd646_ide_init(PCIBus *bus, BlockDriverState **hd_table,
2794 int secondary_ide_enabled)
69b91039
FB		 2795{
2796 PCIIDEState *d;
2797 uint8_t *pci_conf;
34e538ae 2798 int i;
d537cf6c 2799 qemu_irq *irq;
34e538ae 2800
5fafdf24 2801 d = (PCIIDEState *)pci_register_device(bus, "CMD646 IDE",
5457c8ce 2802 sizeof(PCIIDEState),
5fafdf24 2803 -1,
73c11f63 2804 NULL, NULL);
5457c8ce 2805 d->type = IDE_TYPE_CMD646;
69b91039 2806 pci_conf = d->dev.config;
5457c8ce
FB		 2807 pci_conf[0x00] = 0x95; // CMD646
2808 pci_conf[0x01] = 0x10;
2809 pci_conf[0x02] = 0x46;
2810 pci_conf[0x03] = 0x06;
2811
2812 pci_conf[0x08] = 0x07; // IDE controller revision
5fafdf24 2813 pci_conf[0x09] = 0x8f;
5457c8ce 2814
69b91039
FB		 2815 pci_conf[0x0a] = 0x01; // class_sub = PCI_IDE
2816 pci_conf[0x0b] = 0x01; // class_base = PCI_mass_storage
5457c8ce 2817 pci_conf[0x0e] = 0x00; // header_type
3b46e624 2818
5457c8ce
FB		 2819 if (secondary_ide_enabled) {
2820 /* XXX: if not enabled, really disable the seconday IDE controller */
2821 pci_conf[0x51] = 0x80; /* enable IDE1 */
2822 }
69b91039 2823
5fafdf24 2824 pci_register_io_region((PCIDevice *)d, 0, 0x8,
69b91039 2825 PCI_ADDRESS_SPACE_IO, ide_map);
5fafdf24 2826 pci_register_io_region((PCIDevice *)d, 1, 0x4,
69b91039 2827 PCI_ADDRESS_SPACE_IO, ide_map);
5fafdf24 2828 pci_register_io_region((PCIDevice *)d, 2, 0x8,
69b91039 2829 PCI_ADDRESS_SPACE_IO, ide_map);
5fafdf24 2830 pci_register_io_region((PCIDevice *)d, 3, 0x4,
69b91039 2831 PCI_ADDRESS_SPACE_IO, ide_map);
5fafdf24 2832 pci_register_io_region((PCIDevice *)d, 4, 0x10,
98087450 2833 PCI_ADDRESS_SPACE_IO, bmdma_map);
69b91039 2834
34e538ae 2835 pci_conf[0x3d] = 0x01; // interrupt on pin 1
3b46e624 2836
34e538ae
FB		 2837 for(i = 0; i < 4; i++)
2838 d->ide_if[i].pci_dev = (PCIDevice *)d;
d537cf6c
PB		 2839
2840 irq = qemu_allocate_irqs(cmd646_set_irq, d, 2);
2841 ide_init2(&d->ide_if[0], hd_table[0], hd_table[1], irq[0]);
2842 ide_init2(&d->ide_if[2], hd_table[2], hd_table[3], irq[1]);
34e538ae
FB		 2843}
2844
c3d78997
FB		 2845static void pci_ide_save(QEMUFile* f, void *opaque)
2846{
2847 PCIIDEState *d = opaque;
2848 int i;
2849
2850 pci_device_save(&d->dev, f);
2851
2852 for(i = 0; i < 2; i++) {
2853 BMDMAState *bm = &d->bmdma[i];
2854 qemu_put_8s(f, &bm->cmd);
2855 qemu_put_8s(f, &bm->status);
2856 qemu_put_be32s(f, &bm->addr);
2857 /* XXX: if a transfer is pending, we do not save it yet */
2858 }
2859
2860 /* per IDE interface data */
2861 for(i = 0; i < 2; i++) {
2862 IDEState *s = &d->ide_if[i * 2];
2863 uint8_t drive1_selected;
2864 qemu_put_8s(f, &s->cmd);
2865 drive1_selected = (s->cur_drive != s);
2866 qemu_put_8s(f, &drive1_selected);
2867 }
2868
2869 /* per IDE drive data */
2870 for(i = 0; i < 4; i++) {
aa941b94 2871 ide_save(f, &d->ide_if[i]);
c3d78997
FB		 2872 }
2873}
2874
2875static int pci_ide_load(QEMUFile* f, void *opaque, int version_id)
2876{
2877 PCIIDEState *d = opaque;
2878 int ret, i;
2879
2880 if (version_id != 1)
2881 return -EINVAL;
2882 ret = pci_device_load(&d->dev, f);
2883 if (ret < 0)
2884 return ret;
2885
2886 for(i = 0; i < 2; i++) {
2887 BMDMAState *bm = &d->bmdma[i];
2888 qemu_get_8s(f, &bm->cmd);
2889 qemu_get_8s(f, &bm->status);
2890 qemu_get_be32s(f, &bm->addr);
2891 /* XXX: if a transfer is pending, we do not save it yet */
2892 }
2893
2894 /* per IDE interface data */
2895 for(i = 0; i < 2; i++) {
2896 IDEState *s = &d->ide_if[i * 2];
2897 uint8_t drive1_selected;
2898 qemu_get_8s(f, &s->cmd);
2899 qemu_get_8s(f, &drive1_selected);
2900 s->cur_drive = &d->ide_if[i * 2 + (drive1_selected != 0)];
2901 }
2902
2903 /* per IDE drive data */
2904 for(i = 0; i < 4; i++) {
aa941b94 2905 ide_load(f, &d->ide_if[i]);
c3d78997
FB		 2906 }
2907 return 0;
2908}
2909
e6a71ae3
TS		 2910static void piix3_reset(PCIIDEState *d)
2911{
2912 uint8_t *pci_conf = d->dev.config;
2913
2914 pci_conf[0x04] = 0x00;
2915 pci_conf[0x05] = 0x00;
2916 pci_conf[0x06] = 0x80; /* FBC */
2917 pci_conf[0x07] = 0x02; // PCI_status_devsel_medium
2918 pci_conf[0x20] = 0x01; /* BMIBA: 20-23h */
2919}
2920
34e538ae
FB		 2921/* hd_table must contain 4 block drivers */
2922/* NOTE: for the PIIX3, the IRQs and IOports are hardcoded */
d537cf6c
PB		 2923void pci_piix3_ide_init(PCIBus *bus, BlockDriverState **hd_table, int devfn,
2924 qemu_irq *pic)
34e538ae
FB		 2925{
2926 PCIIDEState *d;
2927 uint8_t *pci_conf;
3b46e624 2928
34e538ae 2929 /* register a function 1 of PIIX3 */
5fafdf24 2930 d = (PCIIDEState *)pci_register_device(bus, "PIIX3 IDE",
46e50e9d 2931 sizeof(PCIIDEState),
502a5395 2932 devfn,
34e538ae 2933 NULL, NULL);
5457c8ce
FB		 2934 d->type = IDE_TYPE_PIIX3;
2935
34e538ae
FB		 2936 pci_conf = d->dev.config;
2937 pci_conf[0x00] = 0x86; // Intel
2938 pci_conf[0x01] = 0x80;
2939 pci_conf[0x02] = 0x10;
2940 pci_conf[0x03] = 0x70;
92510b8c 2941 pci_conf[0x09] = 0x80; // legacy ATA mode
34e538ae
FB		 2942 pci_conf[0x0a] = 0x01; // class_sub = PCI_IDE
2943 pci_conf[0x0b] = 0x01; // class_base = PCI_mass_storage
2944 pci_conf[0x0e] = 0x00; // header_type
2945
e6a71ae3
TS		 2946 piix3_reset(d);
2947
5fafdf24 2948 pci_register_io_region((PCIDevice *)d, 4, 0x10,
98087450 2949 PCI_ADDRESS_SPACE_IO, bmdma_map);
34e538ae 2950
d537cf6c
PB		 2951 ide_init2(&d->ide_if[0], hd_table[0], hd_table[1], pic[14]);
2952 ide_init2(&d->ide_if[2], hd_table[2], hd_table[3], pic[15]);
34e538ae
FB		 2953 ide_init_ioport(&d->ide_if[0], 0x1f0, 0x3f6);
2954 ide_init_ioport(&d->ide_if[2], 0x170, 0x376);
c3d78997
FB		 2955
2956 register_savevm("ide", 0, 1, pci_ide_save, pci_ide_load, d);
69b91039 2957}
1ade1de2 2958
afcc3cdf
TS		 2959/* hd_table must contain 4 block drivers */
2960/* NOTE: for the PIIX4, the IRQs and IOports are hardcoded */
2961void pci_piix4_ide_init(PCIBus *bus, BlockDriverState **hd_table, int devfn,
2962 qemu_irq *pic)
2963{
2964 PCIIDEState *d;
2965 uint8_t *pci_conf;
2966
2967 /* register a function 1 of PIIX4 */
2968 d = (PCIIDEState *)pci_register_device(bus, "PIIX4 IDE",
2969 sizeof(PCIIDEState),
2970 devfn,
2971 NULL, NULL);
2972 d->type = IDE_TYPE_PIIX4;
2973
2974 pci_conf = d->dev.config;
2975 pci_conf[0x00] = 0x86; // Intel
2976 pci_conf[0x01] = 0x80;
2977 pci_conf[0x02] = 0x11;
2978 pci_conf[0x03] = 0x71;
2979 pci_conf[0x09] = 0x80; // legacy ATA mode
2980 pci_conf[0x0a] = 0x01; // class_sub = PCI_IDE
2981 pci_conf[0x0b] = 0x01; // class_base = PCI_mass_storage
2982 pci_conf[0x0e] = 0x00; // header_type
2983
2984 piix3_reset(d);
2985
2986 pci_register_io_region((PCIDevice *)d, 4, 0x10,
2987 PCI_ADDRESS_SPACE_IO, bmdma_map);
2988
2989 ide_init2(&d->ide_if[0], hd_table[0], hd_table[1], pic[14]);
2990 ide_init2(&d->ide_if[2], hd_table[2], hd_table[3], pic[15]);
2991 ide_init_ioport(&d->ide_if[0], 0x1f0, 0x3f6);
2992 ide_init_ioport(&d->ide_if[2], 0x170, 0x376);
2993
2994 register_savevm("ide", 0, 1, pci_ide_save, pci_ide_load, d);
2995}
2996
1ade1de2
FB		 2997/***********************************************************/
2998/* MacIO based PowerPC IDE */
2999
3000/* PowerMac IDE memory IO */
3001static void pmac_ide_writeb (void *opaque,
3002 target_phys_addr_t addr, uint32_t val)
3003{
5fafdf24 3004 addr = (addr & 0xFFF) >> 4;
1ade1de2
FB		 3005 switch (addr) {
3006 case 1 ... 7:
3007 ide_ioport_write(opaque, addr, val);
3008 break;
3009 case 8:
3010 case 22:
3011 ide_cmd_write(opaque, 0, val);
3012 break;
3013 default:
3014 break;
3015 }
3016}
3017
3018static uint32_t pmac_ide_readb (void *opaque,target_phys_addr_t addr)
3019{
3020 uint8_t retval;
3021
3022 addr = (addr & 0xFFF) >> 4;
3023 switch (addr) {
3024 case 1 ... 7:
3025 retval = ide_ioport_read(opaque, addr);
3026 break;
3027 case 8:
3028 case 22:
3029 retval = ide_status_read(opaque, 0);
3030 break;
3031 default:
3032 retval = 0xFF;
3033 break;
3034 }
3035 return retval;
3036}
3037
3038static void pmac_ide_writew (void *opaque,
3039 target_phys_addr_t addr, uint32_t val)
3040{
5fafdf24 3041 addr = (addr & 0xFFF) >> 4;
1ade1de2
FB		 3042#ifdef TARGET_WORDS_BIGENDIAN
3043 val = bswap16(val);
3044#endif
3045 if (addr == 0) {
3046 ide_data_writew(opaque, 0, val);
3047 }
3048}
3049
3050static uint32_t pmac_ide_readw (void *opaque,target_phys_addr_t addr)
3051{
3052 uint16_t retval;
3053
5fafdf24 3054 addr = (addr & 0xFFF) >> 4;
1ade1de2
FB		 3055 if (addr == 0) {
3056 retval = ide_data_readw(opaque, 0);
3057 } else {
3058 retval = 0xFFFF;
3059 }
3060#ifdef TARGET_WORDS_BIGENDIAN
3061 retval = bswap16(retval);
3062#endif
3063 return retval;
3064}
3065
3066static void pmac_ide_writel (void *opaque,
3067 target_phys_addr_t addr, uint32_t val)
3068{
5fafdf24 3069 addr = (addr & 0xFFF) >> 4;
1ade1de2
FB		 3070#ifdef TARGET_WORDS_BIGENDIAN
3071 val = bswap32(val);
3072#endif
3073 if (addr == 0) {
3074 ide_data_writel(opaque, 0, val);
3075 }
3076}
3077
3078static uint32_t pmac_ide_readl (void *opaque,target_phys_addr_t addr)
3079{
3080 uint32_t retval;
3081
5fafdf24 3082 addr = (addr & 0xFFF) >> 4;
1ade1de2
FB		 3083 if (addr == 0) {
3084 retval = ide_data_readl(opaque, 0);
3085 } else {
3086 retval = 0xFFFFFFFF;
3087 }
3088#ifdef TARGET_WORDS_BIGENDIAN
3089 retval = bswap32(retval);
3090#endif
3091 return retval;
3092}
3093
3094static CPUWriteMemoryFunc *pmac_ide_write[] = {
3095 pmac_ide_writeb,
3096 pmac_ide_writew,
3097 pmac_ide_writel,
3098};
3099
3100static CPUReadMemoryFunc *pmac_ide_read[] = {
3101 pmac_ide_readb,
3102 pmac_ide_readw,
3103 pmac_ide_readl,
3104};
3105
3106/* hd_table must contain 4 block drivers */
3107/* PowerMac uses memory mapped registers, not I/O. Return the memory
3108 I/O index to access the ide. */
d537cf6c 3109int pmac_ide_init (BlockDriverState **hd_table, qemu_irq irq)
1ade1de2
FB		 3110{
3111 IDEState *ide_if;
3112 int pmac_ide_memory;
3113
3114 ide_if = qemu_mallocz(sizeof(IDEState) * 2);
d537cf6c 3115 ide_init2(&ide_if[0], hd_table[0], hd_table[1], irq);
3b46e624 3116
1ade1de2
FB		 3117 pmac_ide_memory = cpu_register_io_memory(0, pmac_ide_read,
3118 pmac_ide_write, &ide_if[0]);
3119 return pmac_ide_memory;
3120}
201a51fc
AZ		 3121
3122/***********************************************************/
3123/* CF-ATA Microdrive */
3124
3125#define METADATA_SIZE 0x20
3126
3127/* DSCM-1XXXX Microdrive hard disk with CF+ II / PCMCIA interface. */
3128struct md_s {
3129 IDEState ide[2];
3130 struct pcmcia_card_s card;
3131 uint32_t attr_base;
3132 uint32_t io_base;
3133
3134 /* Card state */
3135 uint8_t opt;
3136 uint8_t stat;
3137 uint8_t pins;
3138
3139 uint8_t ctrl;
3140 uint16_t io;
3141 int cycle;
3142};
3143
3144/* Register bitfields */
3145enum md_opt {
3146 OPT_MODE_MMAP = 0,
3147 OPT_MODE_IOMAP16 = 1,
3148 OPT_MODE_IOMAP1 = 2,
3149 OPT_MODE_IOMAP2 = 3,
3150 OPT_MODE = 0x3f,
3151 OPT_LEVIREQ = 0x40,
3152 OPT_SRESET = 0x80,
3153};
3154enum md_cstat {
3155 STAT_INT = 0x02,
3156 STAT_PWRDWN = 0x04,
3157 STAT_XE = 0x10,
3158 STAT_IOIS8 = 0x20,
3159 STAT_SIGCHG = 0x40,
3160 STAT_CHANGED = 0x80,
3161};
3162enum md_pins {
3163 PINS_MRDY = 0x02,
3164 PINS_CRDY = 0x20,
3165};
3166enum md_ctrl {
3167 CTRL_IEN = 0x02,
3168 CTRL_SRST = 0x04,
3169};
3170
3171static inline void md_interrupt_update(struct md_s *s)
3172{
3173 if (!s->card.slot)
3174 return;
3175
3176 qemu_set_irq(s->card.slot->irq,
3177 !(s->stat & STAT_INT) && /* Inverted */
3178 !(s->ctrl & (CTRL_IEN | CTRL_SRST)) &&
3179 !(s->opt & OPT_SRESET));
3180}
3181
3182static void md_set_irq(void *opaque, int irq, int level)
3183{
3184 struct md_s *s = (struct md_s *) opaque;
3185 if (level)
3186 s->stat |= STAT_INT;
3187 else
3188 s->stat &= ~STAT_INT;
3189
3190 md_interrupt_update(s);
3191}
3192
3193static void md_reset(struct md_s *s)
3194{
3195 s->opt = OPT_MODE_MMAP;
3196 s->stat = 0;
3197 s->pins = 0;
3198 s->cycle = 0;
3199 s->ctrl = 0;
3200 ide_reset(s->ide);
3201}
3202
9e315fa9 3203static uint8_t md_attr_read(void *opaque, uint32_t at)
201a51fc
AZ		 3204{
3205 struct md_s *s = (struct md_s *) opaque;
3206 if (at < s->attr_base) {
3207 if (at < s->card.cis_len)
3208 return s->card.cis[at];
3209 else
3210 return 0x00;
3211 }
3212
3213 at -= s->attr_base;
3214
3215 switch (at) {
3216 case 0x00: /* Configuration Option Register */
3217 return s->opt;
3218 case 0x02: /* Card Configuration Status Register */
3219 if (s->ctrl & CTRL_IEN)
3220 return s->stat & ~STAT_INT;
3221 else
3222 return s->stat;
3223 case 0x04: /* Pin Replacement Register */
3224 return (s->pins & PINS_CRDY) | 0x0c;
3225 case 0x06: /* Socket and Copy Register */
3226 return 0x00;
3227#ifdef VERBOSE
3228 default:
3229 printf("%s: Bad attribute space register %02x\n", __FUNCTION__, at);
3230#endif
3231 }
3232
3233 return 0;
3234}
3235
9e315fa9 3236static void md_attr_write(void *opaque, uint32_t at, uint8_t value)
201a51fc
AZ		 3237{
3238 struct md_s *s = (struct md_s *) opaque;
3239 at -= s->attr_base;
3240
3241 switch (at) {
3242 case 0x00: /* Configuration Option Register */
3243 s->opt = value & 0xcf;
3244 if (value & OPT_SRESET)
3245 md_reset(s);
3246 md_interrupt_update(s);
3247 break;
3248 case 0x02: /* Card Configuration Status Register */
3249 if ((s->stat ^ value) & STAT_PWRDWN)
3250 s->pins |= PINS_CRDY;
3251 s->stat &= 0x82;
3252 s->stat |= value & 0x74;
3253 md_interrupt_update(s);
3254 /* Word 170 in Identify Device must be equal to STAT_XE */
3255 break;
3256 case 0x04: /* Pin Replacement Register */
3257 s->pins &= PINS_CRDY;
3258 s->pins |= value & PINS_MRDY;
3259 break;
3260 case 0x06: /* Socket and Copy Register */
3261 break;
3262 default:
3263 printf("%s: Bad attribute space register %02x\n", __FUNCTION__, at);
3264 }
3265}
3266
9e315fa9 3267static uint16_t md_common_read(void *opaque, uint32_t at)
201a51fc
AZ		 3268{
3269 struct md_s *s = (struct md_s *) opaque;
3270 uint16_t ret;
3271 at -= s->io_base;
3272
3273 switch (s->opt & OPT_MODE) {
3274 case OPT_MODE_MMAP:
3275 if ((at & ~0x3ff) == 0x400)
3276 at = 0;
3277 break;
3278 case OPT_MODE_IOMAP16:
3279 at &= 0xf;
3280 break;
3281 case OPT_MODE_IOMAP1:
3282 if ((at & ~0xf) == 0x3f0)
3283 at -= 0x3e8;
3284 else if ((at & ~0xf) == 0x1f0)
3285 at -= 0x1f0;
3286 break;
3287 case OPT_MODE_IOMAP2:
3288 if ((at & ~0xf) == 0x370)
3289 at -= 0x368;
3290 else if ((at & ~0xf) == 0x170)
3291 at -= 0x170;
3292 }
3293
3294 switch (at) {
3295 case 0x0: /* Even RD Data */
3296 case 0x8:
3297 return ide_data_readw(s->ide, 0);
3298
3299 /* TODO: 8-bit accesses */
3300 if (s->cycle)
3301 ret = s->io >> 8;
3302 else {
3303 s->io = ide_data_readw(s->ide, 0);
3304 ret = s->io & 0xff;
3305 }
3306 s->cycle = !s->cycle;
3307 return ret;
3308 case 0x9: /* Odd RD Data */
3309 return s->io >> 8;
3310 case 0xd: /* Error */
3311 return ide_ioport_read(s->ide, 0x1);
3312 case 0xe: /* Alternate Status */
3313 if (s->ide->cur_drive->bs)
3314 return s->ide->cur_drive->status;
3315 else
3316 return 0;
3317 case 0xf: /* Device Address */
3318 return 0xc2 | ((~s->ide->select << 2) & 0x3c);
3319 default:
3320 return ide_ioport_read(s->ide, at);
3321 }
3322
3323 return 0;
3324}
3325
9e315fa9 3326static void md_common_write(void *opaque, uint32_t at, uint16_t value)
201a51fc
AZ		 3327{
3328 struct md_s *s = (struct md_s *) opaque;
3329 at -= s->io_base;
3330
3331 switch (s->opt & OPT_MODE) {
3332 case OPT_MODE_MMAP:
3333 if ((at & ~0x3ff) == 0x400)
3334 at = 0;
3335 break;
3336 case OPT_MODE_IOMAP16:
3337 at &= 0xf;
3338 break;
3339 case OPT_MODE_IOMAP1:
3340 if ((at & ~0xf) == 0x3f0)
3341 at -= 0x3e8;
3342 else if ((at & ~0xf) == 0x1f0)
3343 at -= 0x1f0;
3344 break;
3345 case OPT_MODE_IOMAP2:
3346 if ((at & ~0xf) == 0x370)
3347 at -= 0x368;
3348 else if ((at & ~0xf) == 0x170)
3349 at -= 0x170;
3350 }
3351
3352 switch (at) {
3353 case 0x0: /* Even WR Data */
3354 case 0x8:
3355 ide_data_writew(s->ide, 0, value);
3356 break;
3357
3358 /* TODO: 8-bit accesses */
3359 if (s->cycle)
3360 ide_data_writew(s->ide, 0, s->io | (value << 8));
3361 else
3362 s->io = value & 0xff;
3363 s->cycle = !s->cycle;
3364 break;
3365 case 0x9:
3366 s->io = value & 0xff;
3367 s->cycle = !s->cycle;
3368 break;
3369 case 0xd: /* Features */
3370 ide_ioport_write(s->ide, 0x1, value);
3371 break;
3372 case 0xe: /* Device Control */
3373 s->ctrl = value;
3374 if (value & CTRL_SRST)
3375 md_reset(s);
3376 md_interrupt_update(s);
3377 break;
3378 default:
3379 if (s->stat & STAT_PWRDWN) {
3380 s->pins |= PINS_CRDY;
3381 s->stat &= ~STAT_PWRDWN;
3382 }
3383 ide_ioport_write(s->ide, at, value);
3384 }
3385}
3386
aa941b94
AZ		 3387static void md_save(QEMUFile *f, void *opaque)
3388{
3389 struct md_s *s = (struct md_s *) opaque;
3390 int i;
3391 uint8_t drive1_selected;
3392
3393 qemu_put_8s(f, &s->opt);
3394 qemu_put_8s(f, &s->stat);
3395 qemu_put_8s(f, &s->pins);
3396
3397 qemu_put_8s(f, &s->ctrl);
3398 qemu_put_be16s(f, &s->io);
3399 qemu_put_byte(f, s->cycle);
3400
3401 drive1_selected = (s->ide->cur_drive != s->ide);
3402 qemu_put_8s(f, &s->ide->cmd);
3403 qemu_put_8s(f, &drive1_selected);
3404
3405 for (i = 0; i < 2; i ++)
3406 ide_save(f, &s->ide[i]);
3407}
3408
3409static int md_load(QEMUFile *f, void *opaque, int version_id)
3410{
3411 struct md_s *s = (struct md_s *) opaque;
3412 int i;
3413 uint8_t drive1_selected;
3414
3415 qemu_get_8s(f, &s->opt);
3416 qemu_get_8s(f, &s->stat);
3417 qemu_get_8s(f, &s->pins);
3418
3419 qemu_get_8s(f, &s->ctrl);
3420 qemu_get_be16s(f, &s->io);
3421 s->cycle = qemu_get_byte(f);
3422
3423 qemu_get_8s(f, &s->ide->cmd);
3424 qemu_get_8s(f, &drive1_selected);
3425 s->ide->cur_drive = &s->ide[(drive1_selected != 0)];
3426
3427 for (i = 0; i < 2; i ++)
3428 ide_load(f, &s->ide[i]);
3429
3430 return 0;
3431}
3432
3433static int md_iid = 0;
3434
201a51fc
AZ		 3435static const uint8_t dscm1xxxx_cis[0x14a] = {
3436 [0x000] = CISTPL_DEVICE, /* 5V Device Information */
3437 [0x002] = 0x03, /* Tuple length = 4 bytes */
3438 [0x004] = 0xdb, /* ID: DTYPE_FUNCSPEC, non WP, DSPEED_150NS */
3439 [0x006] = 0x01, /* Size = 2K bytes */
3440 [0x008] = CISTPL_ENDMARK,
3441
3442 [0x00a] = CISTPL_DEVICE_OC, /* Additional Device Information */
3443 [0x00c] = 0x04, /* Tuple length = 4 byest */
3444 [0x00e] = 0x03, /* Conditions: Ext = 0, Vcc 3.3V, MWAIT = 1 */
3445 [0x010] = 0xdb, /* ID: DTYPE_FUNCSPEC, non WP, DSPEED_150NS */
3446 [0x012] = 0x01, /* Size = 2K bytes */
3447 [0x014] = CISTPL_ENDMARK,
3448
3449 [0x016] = CISTPL_JEDEC_C, /* JEDEC ID */
3450 [0x018] = 0x02, /* Tuple length = 2 bytes */
3451 [0x01a] = 0xdf, /* PC Card ATA with no Vpp required */
3452 [0x01c] = 0x01,
3453
3454 [0x01e] = CISTPL_MANFID, /* Manufacture ID */
3455 [0x020] = 0x04, /* Tuple length = 4 bytes */
3456 [0x022] = 0xa4, /* TPLMID_MANF = 00a4 (IBM) */
3457 [0x024] = 0x00,
3458 [0x026] = 0x00, /* PLMID_CARD = 0000 */
3459 [0x028] = 0x00,
3460
3461 [0x02a] = CISTPL_VERS_1, /* Level 1 Version */
3462 [0x02c] = 0x12, /* Tuple length = 23 bytes */
3463 [0x02e] = 0x04, /* Major Version = JEIDA 4.2 / PCMCIA 2.1 */
3464 [0x030] = 0x01, /* Minor Version = 1 */
3465 [0x032] = 'I',
3466 [0x034] = 'B',
3467 [0x036] = 'M',
3468 [0x038] = 0x00,
3469 [0x03a] = 'm',
3470 [0x03c] = 'i',
3471 [0x03e] = 'c',
3472 [0x040] = 'r',
3473 [0x042] = 'o',
3474 [0x044] = 'd',
3475 [0x046] = 'r',
3476 [0x048] = 'i',
3477 [0x04a] = 'v',
3478 [0x04c] = 'e',
3479 [0x04e] = 0x00,
3480 [0x050] = CISTPL_ENDMARK,
3481
3482 [0x052] = CISTPL_FUNCID, /* Function ID */
3483 [0x054] = 0x02, /* Tuple length = 2 bytes */
3484 [0x056] = 0x04, /* TPLFID_FUNCTION = Fixed Disk */
3485 [0x058] = 0x01, /* TPLFID_SYSINIT: POST = 1, ROM = 0 */
3486
3487 [0x05a] = CISTPL_FUNCE, /* Function Extension */
3488 [0x05c] = 0x02, /* Tuple length = 2 bytes */
3489 [0x05e] = 0x01, /* TPLFE_TYPE = Disk Device Interface */
3490 [0x060] = 0x01, /* TPLFE_DATA = PC Card ATA Interface */
3491
3492 [0x062] = CISTPL_FUNCE, /* Function Extension */
3493 [0x064] = 0x03, /* Tuple length = 3 bytes */
3494 [0x066] = 0x02, /* TPLFE_TYPE = Basic PC Card ATA Interface */
3495 [0x068] = 0x08, /* TPLFE_DATA: Rotating, Unique, Single */
3496 [0x06a] = 0x0f, /* TPLFE_DATA: Sleep, Standby, Idle, Auto */
3497
3498 [0x06c] = CISTPL_CONFIG, /* Configuration */
3499 [0x06e] = 0x05, /* Tuple length = 5 bytes */
3500 [0x070] = 0x01, /* TPCC_RASZ = 2 bytes, TPCC_RMSZ = 1 byte */
3501 [0x072] = 0x07, /* TPCC_LAST = 7 */
3502 [0x074] = 0x00, /* TPCC_RADR = 0200 */
3503 [0x076] = 0x02,
3504 [0x078] = 0x0f, /* TPCC_RMSK = 200, 202, 204, 206 */
3505
3506 [0x07a] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
3507 [0x07c] = 0x0b, /* Tuple length = 11 bytes */
3508 [0x07e] = 0xc0, /* TPCE_INDX = Memory Mode, Default, Iface */
3509 [0x080] = 0xc0, /* TPCE_IF = Memory, no BVDs, no WP, READY */
3510 [0x082] = 0xa1, /* TPCE_FS = Vcc only, no I/O, Memory, Misc */
3511 [0x084] = 0x27, /* NomV = 1, MinV = 1, MaxV = 1, Peakl = 1 */
3512 [0x086] = 0x55, /* NomV: 5.0 V */
3513 [0x088] = 0x4d, /* MinV: 4.5 V */
3514 [0x08a] = 0x5d, /* MaxV: 5.5 V */
3515 [0x08c] = 0x4e, /* Peakl: 450 mA */
3516 [0x08e] = 0x08, /* TPCE_MS = 1 window, 1 byte, Host address */
3517 [0x090] = 0x00, /* Window descriptor: Window length = 0 */
3518 [0x092] = 0x20, /* TPCE_MI: support power down mode, RW */
3519
3520 [0x094] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
3521 [0x096] = 0x06, /* Tuple length = 6 bytes */
3522 [0x098] = 0x00, /* TPCE_INDX = Memory Mode, no Default */
3523 [0x09a] = 0x01, /* TPCE_FS = Vcc only, no I/O, no Memory */
3524 [0x09c] = 0x21, /* NomV = 1, MinV = 0, MaxV = 0, Peakl = 1 */
3525 [0x09e] = 0xb5, /* NomV: 3.3 V */
3526 [0x0a0] = 0x1e,
3527 [0x0a2] = 0x3e, /* Peakl: 350 mA */
3528
3529 [0x0a4] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
3530 [0x0a6] = 0x0d, /* Tuple length = 13 bytes */
3531 [0x0a8] = 0xc1, /* TPCE_INDX = I/O and Memory Mode, Default */
3532 [0x0aa] = 0x41, /* TPCE_IF = I/O and Memory, no BVD, no WP */
3533 [0x0ac] = 0x99, /* TPCE_FS = Vcc only, I/O, Interrupt, Misc */
3534 [0x0ae] = 0x27, /* NomV = 1, MinV = 1, MaxV = 1, Peakl = 1 */
3535 [0x0b0] = 0x55, /* NomV: 5.0 V */
3536 [0x0b2] = 0x4d, /* MinV: 4.5 V */
3537 [0x0b4] = 0x5d, /* MaxV: 5.5 V */
3538 [0x0b6] = 0x4e, /* Peakl: 450 mA */
3539 [0x0b8] = 0x64, /* TPCE_IO = 16-byte boundary, 16/8 accesses */
3540 [0x0ba] = 0xf0, /* TPCE_IR = MASK, Level, Pulse, Share */
3541 [0x0bc] = 0xff, /* IRQ0..IRQ7 supported */
3542 [0x0be] = 0xff, /* IRQ8..IRQ15 supported */
3543 [0x0c0] = 0x20, /* TPCE_MI = support power down mode */
3544
3545 [0x0c2] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
3546 [0x0c4] = 0x06, /* Tuple length = 6 bytes */
3547 [0x0c6] = 0x01, /* TPCE_INDX = I/O and Memory Mode */
3548 [0x0c8] = 0x01, /* TPCE_FS = Vcc only, no I/O, no Memory */
3549 [0x0ca] = 0x21, /* NomV = 1, MinV = 0, MaxV = 0, Peakl = 1 */
3550 [0x0cc] = 0xb5, /* NomV: 3.3 V */
3551 [0x0ce] = 0x1e,
3552 [0x0d0] = 0x3e, /* Peakl: 350 mA */
3553
3554 [0x0d2] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
3555 [0x0d4] = 0x12, /* Tuple length = 18 bytes */
3556 [0x0d6] = 0xc2, /* TPCE_INDX = I/O Primary Mode */
3557 [0x0d8] = 0x41, /* TPCE_IF = I/O and Memory, no BVD, no WP */
3558 [0x0da] = 0x99, /* TPCE_FS = Vcc only, I/O, Interrupt, Misc */
3559 [0x0dc] = 0x27, /* NomV = 1, MinV = 1, MaxV = 1, Peakl = 1 */
3560 [0x0de] = 0x55, /* NomV: 5.0 V */
3561 [0x0e0] = 0x4d, /* MinV: 4.5 V */
3562 [0x0e2] = 0x5d, /* MaxV: 5.5 V */
3563 [0x0e4] = 0x4e, /* Peakl: 450 mA */
3564 [0x0e6] = 0xea, /* TPCE_IO = 1K boundary, 16/8 access, Range */
3565 [0x0e8] = 0x61, /* Range: 2 fields, 2 bytes addr, 1 byte len */
3566 [0x0ea] = 0xf0, /* Field 1 address = 0x01f0 */
3567 [0x0ec] = 0x01,
3568 [0x0ee] = 0x07, /* Address block length = 8 */
3569 [0x0f0] = 0xf6, /* Field 2 address = 0x03f6 */
3570 [0x0f2] = 0x03,
3571 [0x0f4] = 0x01, /* Address block length = 2 */
3572 [0x0f6] = 0xee, /* TPCE_IR = IRQ E, Level, Pulse, Share */
3573 [0x0f8] = 0x20, /* TPCE_MI = support power down mode */
3574
3575 [0x0fa] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
3576 [0x0fc] = 0x06, /* Tuple length = 6 bytes */
3577 [0x0fe] = 0x02, /* TPCE_INDX = I/O Primary Mode, no Default */
3578 [0x100] = 0x01, /* TPCE_FS = Vcc only, no I/O, no Memory */
3579 [0x102] = 0x21, /* NomV = 1, MinV = 0, MaxV = 0, Peakl = 1 */
3580 [0x104] = 0xb5, /* NomV: 3.3 V */
3581 [0x106] = 0x1e,
3582 [0x108] = 0x3e, /* Peakl: 350 mA */
3583
3584 [0x10a] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
3585 [0x10c] = 0x12, /* Tuple length = 18 bytes */
3586 [0x10e] = 0xc3, /* TPCE_INDX = I/O Secondary Mode, Default */
3587 [0x110] = 0x41, /* TPCE_IF = I/O and Memory, no BVD, no WP */
3588 [0x112] = 0x99, /* TPCE_FS = Vcc only, I/O, Interrupt, Misc */
3589 [0x114] = 0x27, /* NomV = 1, MinV = 1, MaxV = 1, Peakl = 1 */
3590 [0x116] = 0x55, /* NomV: 5.0 V */
3591 [0x118] = 0x4d, /* MinV: 4.5 V */
3592 [0x11a] = 0x5d, /* MaxV: 5.5 V */
3593 [0x11c] = 0x4e, /* Peakl: 450 mA */
3594 [0x11e] = 0xea, /* TPCE_IO = 1K boundary, 16/8 access, Range */
3595 [0x120] = 0x61, /* Range: 2 fields, 2 byte addr, 1 byte len */
3596 [0x122] = 0x70, /* Field 1 address = 0x0170 */
3597 [0x124] = 0x01,
3598 [0x126] = 0x07, /* Address block length = 8 */
3599 [0x128] = 0x76, /* Field 2 address = 0x0376 */
3600 [0x12a] = 0x03,
3601 [0x12c] = 0x01, /* Address block length = 2 */
3602 [0x12e] = 0xee, /* TPCE_IR = IRQ E, Level, Pulse, Share */
3603 [0x130] = 0x20, /* TPCE_MI = support power down mode */
3604
3605 [0x132] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
3606 [0x134] = 0x06, /* Tuple length = 6 bytes */
3607 [0x136] = 0x03, /* TPCE_INDX = I/O Secondary Mode */
3608 [0x138] = 0x01, /* TPCE_FS = Vcc only, no I/O, no Memory */
3609 [0x13a] = 0x21, /* NomV = 1, MinV = 0, MaxV = 0, Peakl = 1 */
3610 [0x13c] = 0xb5, /* NomV: 3.3 V */
3611 [0x13e] = 0x1e,
3612 [0x140] = 0x3e, /* Peakl: 350 mA */
3613
3614 [0x142] = CISTPL_NO_LINK, /* No Link */
3615 [0x144] = 0x00, /* Tuple length = 0 bytes */
3616
3617 [0x146] = CISTPL_END, /* Tuple End */
3618};
3619
3620static int dscm1xxxx_attach(void *opaque)
3621{
3622 struct md_s *md = (struct md_s *) opaque;
3623 md->card.attr_read = md_attr_read;
3624 md->card.attr_write = md_attr_write;
3625 md->card.common_read = md_common_read;
3626 md->card.common_write = md_common_write;
3627 md->card.io_read = md_common_read;
3628 md->card.io_write = md_common_write;
3629
3630 md->attr_base = md->card.cis[0x74] | (md->card.cis[0x76] << 8);
3631 md->io_base = 0x0;
3632
3633 md_reset(md);
3634 md_interrupt_update(md);
3635
3636 md->card.slot->card_string = "DSCM-1xxxx Hitachi Microdrive";
3637 return 0;
3638}
3639
3640static int dscm1xxxx_detach(void *opaque)
3641{
3642 struct md_s *md = (struct md_s *) opaque;
3643 md_reset(md);
3644 return 0;
3645}
3646
3647struct pcmcia_card_s *dscm1xxxx_init(BlockDriverState *bdrv)
3648{
3649 struct md_s *md = (struct md_s *) qemu_mallocz(sizeof(struct md_s));
3650 md->card.state = md;
3651 md->card.attach = dscm1xxxx_attach;
3652 md->card.detach = dscm1xxxx_detach;
3653 md->card.cis = dscm1xxxx_cis;
3654 md->card.cis_len = sizeof(dscm1xxxx_cis);
3655
3656 ide_init2(md->ide, bdrv, 0, qemu_allocate_irqs(md_set_irq, md, 1)[0]);
3657 md->ide->is_cf = 1;
3658 md->ide->mdata_size = METADATA_SIZE;
3659 md->ide->mdata_storage = (uint8_t *) qemu_mallocz(METADATA_SIZE);
aa941b94
AZ		 3660
3661 register_savevm("microdrive", md_iid ++, 0, md_save, md_load, md);
3662
201a51fc
AZ		 3663 return &md->card;
3664}
Qemu copy for testing