]> git.proxmox.com Git - qemu.git/blame - hw/ide.c
projects / qemu.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
qdev error logging
[qemu.git] / hw / ide.c
CommitLineData
5391d806 1/*
38cdea7c 2 * QEMU IDE disk and CD/DVD-ROM Emulator
5fafdf24 3 *
5391d806 4 * Copyright (c) 2003 Fabrice Bellard
201a51fc 5 * Copyright (c) 2006 Openedhand Ltd.
5fafdf24 6 *
5391d806
FB		 7 * Permission is hereby granted, free of charge, to any person obtaining a copy
8 * of this software and associated documentation files (the "Software"), to deal
9 * in the Software without restriction, including without limitation the rights
10 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
11 * copies of the Software, and to permit persons to whom the Software is
12 * furnished to do so, subject to the following conditions:
13 *
14 * The above copyright notice and this permission notice shall be included in
15 * all copies or substantial portions of the Software.
16 *
17 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
18 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
19 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
20 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
21 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
22 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
23 * THE SOFTWARE.
24 */
87ecb68b
PB		 25#include "hw.h"
26#include "pc.h"
27#include "pci.h"
28#include "scsi-disk.h"
29#include "pcmcia.h"
30#include "block.h"
b0a7b120 31#include "block_int.h"
87ecb68b
PB		 32#include "qemu-timer.h"
33#include "sysemu.h"
9596ebb7 34#include "ppc_mac.h"
e3007e66 35#include "mac_dbdma.h"
b79e1752 36#include "sh.h"
1fb8648d 37#include "dma.h"
5391d806 38
5391d806
FB		 39/* debug IDE devices */
40//#define DEBUG_IDE
41//#define DEBUG_IDE_ATAPI
8ccad811
FB		 42//#define DEBUG_AIO
43#define USE_DMA_CDROM
5391d806
FB		 44
45/* Bits of HD_STATUS */
46#define ERR_STAT 0x01
47#define INDEX_STAT 0x02
48#define ECC_STAT 0x04 /* Corrected error */
49#define DRQ_STAT 0x08
50#define SEEK_STAT 0x10
51#define SRV_STAT 0x10
52#define WRERR_STAT 0x20
53#define READY_STAT 0x40
54#define BUSY_STAT 0x80
55
56/* Bits for HD_ERROR */
57#define MARK_ERR 0x01 /* Bad address mark */
58#define TRK0_ERR 0x02 /* couldn't find track 0 */
59#define ABRT_ERR 0x04 /* Command aborted */
60#define MCR_ERR 0x08 /* media change request */
61#define ID_ERR 0x10 /* ID field not found */
62#define MC_ERR 0x20 /* media changed */
63#define ECC_ERR 0x40 /* Uncorrectable ECC error */
64#define BBD_ERR 0x80 /* pre-EIDE meaning: block marked bad */
65#define ICRC_ERR 0x80 /* new meaning: CRC error during transfer */
66
67/* Bits of HD_NSECTOR */
68#define CD 0x01
69#define IO 0x02
70#define REL 0x04
71#define TAG_MASK 0xf8
72
73#define IDE_CMD_RESET 0x04
74#define IDE_CMD_DISABLE_IRQ 0x02
75
76/* ATA/ATAPI Commands pre T13 Spec */
77#define WIN_NOP 0x00
78/*
79 * 0x01->0x02 Reserved
80 */
81#define CFA_REQ_EXT_ERROR_CODE 0x03 /* CFA Request Extended Error Code */
82/*
83 * 0x04->0x07 Reserved
84 */
85#define WIN_SRST 0x08 /* ATAPI soft reset command */
86#define WIN_DEVICE_RESET 0x08
87/*
88 * 0x09->0x0F Reserved
89 */
90#define WIN_RECAL 0x10
91#define WIN_RESTORE WIN_RECAL
92/*
93 * 0x10->0x1F Reserved
94 */
95#define WIN_READ 0x20 /* 28-Bit */
96#define WIN_READ_ONCE 0x21 /* 28-Bit without retries */
97#define WIN_READ_LONG 0x22 /* 28-Bit */
98#define WIN_READ_LONG_ONCE 0x23 /* 28-Bit without retries */
99#define WIN_READ_EXT 0x24 /* 48-Bit */
100#define WIN_READDMA_EXT 0x25 /* 48-Bit */
101#define WIN_READDMA_QUEUED_EXT 0x26 /* 48-Bit */
102#define WIN_READ_NATIVE_MAX_EXT 0x27 /* 48-Bit */
103/*
104 * 0x28
105 */
106#define WIN_MULTREAD_EXT 0x29 /* 48-Bit */
107/*
108 * 0x2A->0x2F Reserved
109 */
110#define WIN_WRITE 0x30 /* 28-Bit */
111#define WIN_WRITE_ONCE 0x31 /* 28-Bit without retries */
112#define WIN_WRITE_LONG 0x32 /* 28-Bit */
113#define WIN_WRITE_LONG_ONCE 0x33 /* 28-Bit without retries */
114#define WIN_WRITE_EXT 0x34 /* 48-Bit */
115#define WIN_WRITEDMA_EXT 0x35 /* 48-Bit */
116#define WIN_WRITEDMA_QUEUED_EXT 0x36 /* 48-Bit */
117#define WIN_SET_MAX_EXT 0x37 /* 48-Bit */
118#define CFA_WRITE_SECT_WO_ERASE 0x38 /* CFA Write Sectors without erase */
119#define WIN_MULTWRITE_EXT 0x39 /* 48-Bit */
120/*
121 * 0x3A->0x3B Reserved
122 */
123#define WIN_WRITE_VERIFY 0x3C /* 28-Bit */
124/*
125 * 0x3D->0x3F Reserved
126 */
127#define WIN_VERIFY 0x40 /* 28-Bit - Read Verify Sectors */
128#define WIN_VERIFY_ONCE 0x41 /* 28-Bit - without retries */
129#define WIN_VERIFY_EXT 0x42 /* 48-Bit */
130/*
131 * 0x43->0x4F Reserved
132 */
133#define WIN_FORMAT 0x50
134/*
135 * 0x51->0x5F Reserved
136 */
137#define WIN_INIT 0x60
138/*
139 * 0x61->0x5F Reserved
140 */
141#define WIN_SEEK 0x70 /* 0x70-0x7F Reserved */
142#define CFA_TRANSLATE_SECTOR 0x87 /* CFA Translate Sector */
143#define WIN_DIAGNOSE 0x90
144#define WIN_SPECIFY 0x91 /* set drive geometry translation */
145#define WIN_DOWNLOAD_MICROCODE 0x92
146#define WIN_STANDBYNOW2 0x94
201a51fc 147#define CFA_IDLEIMMEDIATE 0x95 /* force drive to become "ready" */
5391d806
FB		 148#define WIN_STANDBY2 0x96
149#define WIN_SETIDLE2 0x97
150#define WIN_CHECKPOWERMODE2 0x98
151#define WIN_SLEEPNOW2 0x99
152/*
153 * 0x9A VENDOR
154 */
155#define WIN_PACKETCMD 0xA0 /* Send a packet command. */
156#define WIN_PIDENTIFY 0xA1 /* identify ATAPI device */
157#define WIN_QUEUED_SERVICE 0xA2
158#define WIN_SMART 0xB0 /* self-monitoring and reporting */
201a51fc
AZ		 159#define CFA_ACCESS_METADATA_STORAGE 0xB8
160#define CFA_ERASE_SECTORS 0xC0 /* microdrives implement as NOP */
5391d806
FB		 161#define WIN_MULTREAD 0xC4 /* read sectors using multiple mode*/
162#define WIN_MULTWRITE 0xC5 /* write sectors using multiple mode */
163#define WIN_SETMULT 0xC6 /* enable/disable multiple mode */
164#define WIN_READDMA_QUEUED 0xC7 /* read sectors using Queued DMA transfers */
165#define WIN_READDMA 0xC8 /* read sectors using DMA transfers */
166#define WIN_READDMA_ONCE 0xC9 /* 28-Bit - without retries */
167#define WIN_WRITEDMA 0xCA /* write sectors using DMA transfers */
168#define WIN_WRITEDMA_ONCE 0xCB /* 28-Bit - without retries */
169#define WIN_WRITEDMA_QUEUED 0xCC /* write sectors using Queued DMA transfers */
170#define CFA_WRITE_MULTI_WO_ERASE 0xCD /* CFA Write multiple without erase */
5fafdf24 171#define WIN_GETMEDIASTATUS 0xDA
5391d806
FB		 172#define WIN_ACKMEDIACHANGE 0xDB /* ATA-1, ATA-2 vendor */
173#define WIN_POSTBOOT 0xDC
174#define WIN_PREBOOT 0xDD
175#define WIN_DOORLOCK 0xDE /* lock door on removable drives */
176#define WIN_DOORUNLOCK 0xDF /* unlock door on removable drives */
177#define WIN_STANDBYNOW1 0xE0
178#define WIN_IDLEIMMEDIATE 0xE1 /* force drive to become "ready" */
179#define WIN_STANDBY 0xE2 /* Set device in Standby Mode */
180#define WIN_SETIDLE1 0xE3
181#define WIN_READ_BUFFER 0xE4 /* force read only 1 sector */
182#define WIN_CHECKPOWERMODE1 0xE5
183#define WIN_SLEEPNOW1 0xE6
184#define WIN_FLUSH_CACHE 0xE7
185#define WIN_WRITE_BUFFER 0xE8 /* force write only 1 sector */
186#define WIN_WRITE_SAME 0xE9 /* read ata-2 to use */
187 /* SET_FEATURES 0x22 or 0xDD */
188#define WIN_FLUSH_CACHE_EXT 0xEA /* 48-Bit */
189#define WIN_IDENTIFY 0xEC /* ask drive to identify itself */
190#define WIN_MEDIAEJECT 0xED
191#define WIN_IDENTIFY_DMA 0xEE /* same as WIN_IDENTIFY, but DMA */
192#define WIN_SETFEATURES 0xEF /* set special drive features */
193#define EXABYTE_ENABLE_NEST 0xF0
201a51fc 194#define IBM_SENSE_CONDITION 0xF0 /* measure disk temperature */
5391d806
FB		 195#define WIN_SECURITY_SET_PASS 0xF1
196#define WIN_SECURITY_UNLOCK 0xF2
197#define WIN_SECURITY_ERASE_PREPARE 0xF3
198#define WIN_SECURITY_ERASE_UNIT 0xF4
199#define WIN_SECURITY_FREEZE_LOCK 0xF5
201a51fc 200#define CFA_WEAR_LEVEL 0xF5 /* microdrives implement as NOP */
5391d806
FB		 201#define WIN_SECURITY_DISABLE 0xF6
202#define WIN_READ_NATIVE_MAX 0xF8 /* return the native maximum address */
203#define WIN_SET_MAX 0xF9
204#define DISABLE_SEAGATE 0xFB
205
206/* set to 1 set disable mult support */
f66723fa 207#define MAX_MULT_SECTORS 16
5391d806 208
1d8cde5b
AJ		 209#define IDE_DMA_BUF_SECTORS 256
210
211#if (IDE_DMA_BUF_SECTORS < MAX_MULT_SECTORS)
212#error "IDE_DMA_BUF_SECTORS must be bigger or equal to MAX_MULT_SECTORS"
213#endif
214
5391d806
FB		 215/* ATAPI defines */
216
217#define ATAPI_PACKET_SIZE 12
218
219/* The generic packet command opcodes for CD/DVD Logical Units,
220 * From Table 57 of the SFF8090 Ver. 3 (Mt. Fuji) draft standard. */
221#define GPCMD_BLANK 0xa1
222#define GPCMD_CLOSE_TRACK 0x5b
223#define GPCMD_FLUSH_CACHE 0x35
224#define GPCMD_FORMAT_UNIT 0x04
225#define GPCMD_GET_CONFIGURATION 0x46
226#define GPCMD_GET_EVENT_STATUS_NOTIFICATION 0x4a
227#define GPCMD_GET_PERFORMANCE 0xac
228#define GPCMD_INQUIRY 0x12
229#define GPCMD_LOAD_UNLOAD 0xa6
230#define GPCMD_MECHANISM_STATUS 0xbd
231#define GPCMD_MODE_SELECT_10 0x55
232#define GPCMD_MODE_SENSE_10 0x5a
233#define GPCMD_PAUSE_RESUME 0x4b
234#define GPCMD_PLAY_AUDIO_10 0x45
235#define GPCMD_PLAY_AUDIO_MSF 0x47
236#define GPCMD_PLAY_AUDIO_TI 0x48
237#define GPCMD_PLAY_CD 0xbc
238#define GPCMD_PREVENT_ALLOW_MEDIUM_REMOVAL 0x1e
239#define GPCMD_READ_10 0x28
240#define GPCMD_READ_12 0xa8
241#define GPCMD_READ_CDVD_CAPACITY 0x25
242#define GPCMD_READ_CD 0xbe
243#define GPCMD_READ_CD_MSF 0xb9
244#define GPCMD_READ_DISC_INFO 0x51
245#define GPCMD_READ_DVD_STRUCTURE 0xad
246#define GPCMD_READ_FORMAT_CAPACITIES 0x23
247#define GPCMD_READ_HEADER 0x44
248#define GPCMD_READ_TRACK_RZONE_INFO 0x52
249#define GPCMD_READ_SUBCHANNEL 0x42
250#define GPCMD_READ_TOC_PMA_ATIP 0x43
251#define GPCMD_REPAIR_RZONE_TRACK 0x58
252#define GPCMD_REPORT_KEY 0xa4
253#define GPCMD_REQUEST_SENSE 0x03
254#define GPCMD_RESERVE_RZONE_TRACK 0x53
255#define GPCMD_SCAN 0xba
256#define GPCMD_SEEK 0x2b
257#define GPCMD_SEND_DVD_STRUCTURE 0xad
258#define GPCMD_SEND_EVENT 0xa2
259#define GPCMD_SEND_KEY 0xa3
260#define GPCMD_SEND_OPC 0x54
261#define GPCMD_SET_READ_AHEAD 0xa7
262#define GPCMD_SET_STREAMING 0xb6
263#define GPCMD_START_STOP_UNIT 0x1b
264#define GPCMD_STOP_PLAY_SCAN 0x4e
265#define GPCMD_TEST_UNIT_READY 0x00
266#define GPCMD_VERIFY_10 0x2f
267#define GPCMD_WRITE_10 0x2a
268#define GPCMD_WRITE_AND_VERIFY_10 0x2e
5fafdf24 269/* This is listed as optional in ATAPI 2.6, but is (curiously)
5391d806
FB		 270 * missing from Mt. Fuji, Table 57. It _is_ mentioned in Mt. Fuji
271 * Table 377 as an MMC command for SCSi devices though... Most ATAPI
272 * drives support it. */
273#define GPCMD_SET_SPEED 0xbb
5fafdf24 274/* This seems to be a SCSI specific CD-ROM opcode
5391d806
FB		 275 * to play data at track/index */
276#define GPCMD_PLAYAUDIO_TI 0x48
277/*
278 * From MS Media Status Notification Support Specification. For
279 * older drives only.
280 */
281#define GPCMD_GET_MEDIA_STATUS 0xda
d14049ea 282#define GPCMD_MODE_SENSE_6 0x1a
5391d806
FB		 283
284/* Mode page codes for mode sense/set */
285#define GPMODE_R_W_ERROR_PAGE 0x01
286#define GPMODE_WRITE_PARMS_PAGE 0x05
287#define GPMODE_AUDIO_CTL_PAGE 0x0e
288#define GPMODE_POWER_PAGE 0x1a
289#define GPMODE_FAULT_FAIL_PAGE 0x1c
290#define GPMODE_TO_PROTECT_PAGE 0x1d
291#define GPMODE_CAPABILITIES_PAGE 0x2a
292#define GPMODE_ALL_PAGES 0x3f
293/* Not in Mt. Fuji, but in ATAPI 2.6 -- depricated now in favor
294 * of MODE_SENSE_POWER_PAGE */
295#define GPMODE_CDROM_PAGE 0x0d
296
38cdea7c
AZ		 297/*
298 * Based on values from <linux/cdrom.h> but extending CD_MINS
299 * to the maximum common size allowed by the Orange's Book ATIP
300 *
301 * 90 and 99 min CDs are also available but using them as the
302 * upper limit reduces the effectiveness of the heuristic to
303 * detect DVDs burned to less than 25% of their maximum capacity
304 */
305
306/* Some generally useful CD-ROM information */
307#define CD_MINS 80 /* max. minutes per CD */
308#define CD_SECS 60 /* seconds per minute */
309#define CD_FRAMES 75 /* frames per second */
310#define CD_FRAMESIZE 2048 /* bytes per frame, "cooked" mode */
311#define CD_MAX_BYTES (CD_MINS * CD_SECS * CD_FRAMES * CD_FRAMESIZE)
312#define CD_MAX_SECTORS (CD_MAX_BYTES / 512)
313
314/*
315 * The MMC values are not IDE specific and might need to be moved
316 * to a common header if they are also needed for the SCSI emulation
317 */
318
319/* Profile list from MMC-6 revision 1 table 91 */
320#define MMC_PROFILE_NONE 0x0000
321#define MMC_PROFILE_CD_ROM 0x0008
322#define MMC_PROFILE_CD_R 0x0009
323#define MMC_PROFILE_CD_RW 0x000A
324#define MMC_PROFILE_DVD_ROM 0x0010
325#define MMC_PROFILE_DVD_R_SR 0x0011
326#define MMC_PROFILE_DVD_RAM 0x0012
327#define MMC_PROFILE_DVD_RW_RO 0x0013
328#define MMC_PROFILE_DVD_RW_SR 0x0014
329#define MMC_PROFILE_DVD_R_DL_SR 0x0015
330#define MMC_PROFILE_DVD_R_DL_JR 0x0016
331#define MMC_PROFILE_DVD_RW_DL 0x0017
332#define MMC_PROFILE_DVD_DDR 0x0018
333#define MMC_PROFILE_DVD_PLUS_RW 0x001A
334#define MMC_PROFILE_DVD_PLUS_R 0x001B
335#define MMC_PROFILE_DVD_PLUS_RW_DL 0x002A
336#define MMC_PROFILE_DVD_PLUS_R_DL 0x002B
337#define MMC_PROFILE_BD_ROM 0x0040
338#define MMC_PROFILE_BD_R_SRM 0x0041
339#define MMC_PROFILE_BD_R_RRM 0x0042
340#define MMC_PROFILE_BD_RE 0x0043
341#define MMC_PROFILE_HDDVD_ROM 0x0050
342#define MMC_PROFILE_HDDVD_R 0x0051
343#define MMC_PROFILE_HDDVD_RAM 0x0052
344#define MMC_PROFILE_HDDVD_RW 0x0053
345#define MMC_PROFILE_HDDVD_R_DL 0x0058
346#define MMC_PROFILE_HDDVD_RW_DL 0x005A
347#define MMC_PROFILE_INVALID 0xFFFF
348
5391d806
FB		 349#define ATAPI_INT_REASON_CD 0x01 /* 0 = data transfer */
350#define ATAPI_INT_REASON_IO 0x02 /* 1 = transfer to the host */
351#define ATAPI_INT_REASON_REL 0x04
352#define ATAPI_INT_REASON_TAG 0xf8
353
354/* same constants as bochs */
7f777bf3 355#define ASC_ILLEGAL_OPCODE 0x20
5391d806
FB		 356#define ASC_LOGICAL_BLOCK_OOR 0x21
357#define ASC_INV_FIELD_IN_CMD_PACKET 0x24
9118e7f0 358#define ASC_MEDIUM_MAY_HAVE_CHANGED 0x28
8114e9e8 359#define ASC_INCOMPATIBLE_FORMAT 0x30
5391d806
FB		 360#define ASC_MEDIUM_NOT_PRESENT 0x3a
361#define ASC_SAVING_PARAMETERS_NOT_SUPPORTED 0x39
aea2a33c 362#define ASC_MEDIA_REMOVAL_PREVENTED 0x53
5391d806 363
201a51fc
AZ		 364#define CFA_NO_ERROR 0x00
365#define CFA_MISC_ERROR 0x09
366#define CFA_INVALID_COMMAND 0x20
367#define CFA_INVALID_ADDRESS 0x21
368#define CFA_ADDRESS_OVERFLOW 0x2f
369
5391d806
FB		 370#define SENSE_NONE 0
371#define SENSE_NOT_READY 2
372#define SENSE_ILLEGAL_REQUEST 5
373#define SENSE_UNIT_ATTENTION 6
374
e8b54394
BW		 375#define SMART_READ_DATA 0xd0
376#define SMART_READ_THRESH 0xd1
377#define SMART_ATTR_AUTOSAVE 0xd2
378#define SMART_SAVE_ATTR 0xd3
379#define SMART_EXECUTE_OFFLINE 0xd4
380#define SMART_READ_LOG 0xd5
381#define SMART_WRITE_LOG 0xd6
382#define SMART_ENABLE 0xd8
383#define SMART_DISABLE 0xd9
384#define SMART_STATUS 0xda
385
386static int smart_attributes[][5] = {
387 /* id, flags, val, wrst, thrsh */
388 { 0x01, 0x03, 0x64, 0x64, 0x06}, /* raw read */
389 { 0x03, 0x03, 0x64, 0x64, 0x46}, /* spin up */
390 { 0x04, 0x02, 0x64, 0x64, 0x14}, /* start stop count */
391 { 0x05, 0x03, 0x64, 0x64, 0x36}, /* remapped sectors */
392 { 0x00, 0x00, 0x00, 0x00, 0x00}
393};
394
395
396
5391d806
FB		 397struct IDEState;
398
399typedef void EndTransferFunc(struct IDEState *);
400
caed8802 401/* NOTE: IDEState represents in fact one drive */
5391d806
FB		 402typedef struct IDEState {
403 /* ide config */
404 int is_cdrom;
201a51fc 405 int is_cf;
5391d806
FB		 406 int cylinders, heads, sectors;
407 int64_t nb_sectors;
408 int mult_sectors;
94458802
FB		 409 int identify_set;
410 uint16_t identify_data[256];
d537cf6c 411 qemu_irq irq;
34e538ae 412 PCIDevice *pci_dev;
98087450 413 struct BMDMAState *bmdma;
aedf5382 414 int drive_serial;
fa879c64 415 char drive_serial_str[21];
5391d806
FB		 416 /* ide regs */
417 uint8_t feature;
418 uint8_t error;
c2ff060f 419 uint32_t nsector;
5391d806
FB		 420 uint8_t sector;
421 uint8_t lcyl;
422 uint8_t hcyl;
c2ff060f
FB		 423 /* other part of tf for lba48 support */
424 uint8_t hob_feature;
425 uint8_t hob_nsector;
426 uint8_t hob_sector;
427 uint8_t hob_lcyl;
428 uint8_t hob_hcyl;
429
5391d806
FB		 430 uint8_t select;
431 uint8_t status;
c2ff060f 432
5391d806
FB		 433 /* 0x3f6 command, only meaningful for drive 0 */
434 uint8_t cmd;
c2ff060f
FB		 435 /* set for lba48 access */
436 uint8_t lba48;
5391d806 437 /* depends on bit 4 in select, only meaningful for drive 0 */
5fafdf24 438 struct IDEState *cur_drive;
5391d806
FB		 439 BlockDriverState *bs;
440 /* ATAPI specific */
441 uint8_t sense_key;
442 uint8_t asc;
93c8cfd9 443 uint8_t cdrom_changed;
5391d806
FB		 444 int packet_transfer_size;
445 int elementary_transfer_size;
446 int io_buffer_index;
447 int lba;
98087450
FB		 448 int cd_sector_size;
449 int atapi_dma; /* true if dma is requested for the packet cmd */
450 /* ATA DMA state */
451 int io_buffer_size;
1fb8648d 452 QEMUSGList sg;
98087450 453 /* PIO transfer handling */
5391d806
FB		 454 int req_nb_sectors; /* number of sectors per interrupt */
455 EndTransferFunc *end_transfer_func;
456 uint8_t *data_ptr;
457 uint8_t *data_end;
33f00271 458 uint8_t *io_buffer;
31c2a146 459 QEMUTimer *sector_write_timer; /* only used for win2k install hack */
e774a278 460 uint32_t irq_count; /* counts IRQs when using win2k install hack */
201a51fc
AZ		 461 /* CF-ATA extended error */
462 uint8_t ext_error;
463 /* CF-ATA metadata storage */
464 uint32_t mdata_size;
465 uint8_t *mdata_storage;
466 int media_changed;
e3007e66
AJ		 467 /* for pmac */
468 int is_read;
e8b54394
BW		 469 /* SMART */
470 uint8_t smart_enabled;
471 uint8_t smart_autosave;
472 int smart_errors;
473 uint8_t smart_selftest_count;
474 uint8_t *smart_selftest_data;
475
5391d806
FB		 476} IDEState;
477
8114e9e8
TS		 478/* XXX: DVDs that could fit on a CD will be reported as a CD */
479static inline int media_present(IDEState *s)
480{
481 return (s->nb_sectors > 0);
482}
483
484static inline int media_is_dvd(IDEState *s)
485{
486 return (media_present(s) && s->nb_sectors > CD_MAX_SECTORS);
487}
488
489static inline int media_is_cd(IDEState *s)
490{
491 return (media_present(s) && s->nb_sectors <= CD_MAX_SECTORS);
492}
493
98087450
FB		 494#define BM_STATUS_DMAING 0x01
495#define BM_STATUS_ERROR 0x02
496#define BM_STATUS_INT 0x04
428c5705
AL		 497#define BM_STATUS_DMA_RETRY 0x08
498#define BM_STATUS_PIO_RETRY 0x10
98087450
FB		 499
500#define BM_CMD_START 0x01
501#define BM_CMD_READ 0x08
502
5457c8ce
FB		 503#define IDE_TYPE_PIIX3 0
504#define IDE_TYPE_CMD646 1
afcc3cdf 505#define IDE_TYPE_PIIX4 2
5457c8ce
FB		 506
507/* CMD646 specific */
508#define MRDMODE 0x71
509#define MRDMODE_INTR_CH0 0x04
510#define MRDMODE_INTR_CH1 0x08
511#define MRDMODE_BLK_CH0 0x10
512#define MRDMODE_BLK_CH1 0x20
513#define UDIDETCR0 0x73
514#define UDIDETCR1 0x7B
515
98087450
FB		 516typedef struct BMDMAState {
517 uint8_t cmd;
518 uint8_t status;
519 uint32_t addr;
3b46e624 520
5457c8ce 521 struct PCIIDEState *pci_dev;
98087450 522 /* current transfer state */
8ccad811
FB		 523 uint32_t cur_addr;
524 uint32_t cur_prd_last;
525 uint32_t cur_prd_addr;
526 uint32_t cur_prd_len;
98087450 527 IDEState *ide_if;
8ccad811
FB		 528 BlockDriverCompletionFunc *dma_cb;
529 BlockDriverAIOCB *aiocb;
c87c0672
AL		 530 struct iovec iov;
531 QEMUIOVector qiov;
428c5705
AL		 532 int64_t sector_num;
533 uint32_t nsector;
213189ab 534 QEMUBH *bh;
98087450
FB		 535} BMDMAState;
536
537typedef struct PCIIDEState {
538 PCIDevice dev;
539 IDEState ide_if[4];
540 BMDMAState bmdma[2];
5457c8ce 541 int type; /* see IDE_TYPE_xxx */
98087450
FB		 542} PCIIDEState;
543
8ccad811 544static void ide_dma_start(IDEState *s, BlockDriverCompletionFunc *dma_cb);
428c5705 545static void ide_dma_restart(IDEState *s);
5f12ab4b 546static void ide_atapi_cmd_read_dma_cb(void *opaque, int ret);
98087450 547
5391d806
FB		 548static void padstr(char *str, const char *src, int len)
549{
550 int i, v;
551 for(i = 0; i < len; i++) {
552 if (*src)
553 v = *src++;
554 else
555 v = ' ';
69b34976 556 str[i^1] = v;
5391d806
FB		 557 }
558}
559
bd0d90b2
FB		 560static void padstr8(uint8_t *buf, int buf_size, const char *src)
561{
562 int i;
563 for(i = 0; i < buf_size; i++) {
564 if (*src)
565 buf[i] = *src++;
566 else
567 buf[i] = ' ';
568 }
569}
570
67b915a5
FB		 571static void put_le16(uint16_t *p, unsigned int v)
572{
0c4ad8dc 573 *p = cpu_to_le16(v);
67b915a5
FB		 574}
575
5391d806
FB		 576static void ide_identify(IDEState *s)
577{
578 uint16_t *p;
579 unsigned int oldsize;
580
94458802
FB		 581 if (s->identify_set) {
582 memcpy(s->io_buffer, s->identify_data, sizeof(s->identify_data));
583 return;
584 }
585
5391d806
FB		 586 memset(s->io_buffer, 0, 512);
587 p = (uint16_t *)s->io_buffer;
67b915a5 588 put_le16(p + 0, 0x0040);
5fafdf24 589 put_le16(p + 1, s->cylinders);
67b915a5
FB		 590 put_le16(p + 3, s->heads);
591 put_le16(p + 4, 512 * s->sectors); /* XXX: retired, remove ? */
592 put_le16(p + 5, 512); /* XXX: retired, remove ? */
5fafdf24 593 put_le16(p + 6, s->sectors);
fa879c64 594 padstr((char *)(p + 10), s->drive_serial_str, 20); /* serial number */
67b915a5
FB		 595 put_le16(p + 20, 3); /* XXX: retired, remove ? */
596 put_le16(p + 21, 512); /* cache size in sectors */
597 put_le16(p + 22, 4); /* ecc bytes */
60fe76f3
TS		 598 padstr((char *)(p + 23), QEMU_VERSION, 8); /* firmware version */
599 padstr((char *)(p + 27), "QEMU HARDDISK", 40); /* model */
3b46e624 600#if MAX_MULT_SECTORS > 1
67b915a5 601 put_le16(p + 47, 0x8000 | MAX_MULT_SECTORS);
5391d806 602#endif
67b915a5 603 put_le16(p + 48, 1); /* dword I/O */
94458802 604 put_le16(p + 49, (1 << 11) | (1 << 9) | (1 << 8)); /* DMA and LBA supported */
67b915a5
FB		 605 put_le16(p + 51, 0x200); /* PIO transfer cycle */
606 put_le16(p + 52, 0x200); /* DMA transfer cycle */
94458802 607 put_le16(p + 53, 1 | (1 << 1) | (1 << 2)); /* words 54-58,64-70,88 are valid */
67b915a5
FB		 608 put_le16(p + 54, s->cylinders);
609 put_le16(p + 55, s->heads);
610 put_le16(p + 56, s->sectors);
5391d806 611 oldsize = s->cylinders * s->heads * s->sectors;
67b915a5
FB		 612 put_le16(p + 57, oldsize);
613 put_le16(p + 58, oldsize >> 16);
5391d806 614 if (s->mult_sectors)
67b915a5
FB		 615 put_le16(p + 59, 0x100 | s->mult_sectors);
616 put_le16(p + 60, s->nb_sectors);
617 put_le16(p + 61, s->nb_sectors >> 16);
d1b5c20d 618 put_le16(p + 62, 0x07); /* single word dma0-2 supported */
94458802
FB		 619 put_le16(p + 63, 0x07); /* mdma0-2 supported */
620 put_le16(p + 65, 120);
621 put_le16(p + 66, 120);
622 put_le16(p + 67, 120);
623 put_le16(p + 68, 120);
624 put_le16(p + 80, 0xf0); /* ata3 -> ata6 supported */
625 put_le16(p + 81, 0x16); /* conforms to ata5 */
e8b54394
BW		 626 /* 14=NOP supported, 0=SMART supported */
627 put_le16(p + 82, (1 << 14) | 1);
c2ff060f
FB		 628 /* 13=flush_cache_ext,12=flush_cache,10=lba48 */
629 put_le16(p + 83, (1 << 14) | (1 << 13) | (1 <<12) | (1 << 10));
e8b54394
BW		 630 /* 14=set to 1, 1=SMART self test, 0=SMART error logging */
631 put_le16(p + 84, (1 << 14) | 0);
632 /* 14 = NOP supported, 0=SMART feature set enabled */
633 put_le16(p + 85, (1 << 14) | 1);
c2ff060f
FB		 634 /* 13=flush_cache_ext,12=flush_cache,10=lba48 */
635 put_le16(p + 86, (1 << 14) | (1 << 13) | (1 <<12) | (1 << 10));
e8b54394
BW		 636 /* 14=set to 1, 1=smart self test, 0=smart error logging */
637 put_le16(p + 87, (1 << 14) | 0);
94458802
FB		 638 put_le16(p + 88, 0x3f | (1 << 13)); /* udma5 set and supported */
639 put_le16(p + 93, 1 | (1 << 14) | 0x2000);
c2ff060f
FB		 640 put_le16(p + 100, s->nb_sectors);
641 put_le16(p + 101, s->nb_sectors >> 16);
642 put_le16(p + 102, s->nb_sectors >> 32);
643 put_le16(p + 103, s->nb_sectors >> 48);
94458802
FB		 644
645 memcpy(s->identify_data, p, sizeof(s->identify_data));
646 s->identify_set = 1;
5391d806
FB		 647}
648
649static void ide_atapi_identify(IDEState *s)
650{
651 uint16_t *p;
652
94458802
FB		 653 if (s->identify_set) {
654 memcpy(s->io_buffer, s->identify_data, sizeof(s->identify_data));
655 return;
656 }
657
5391d806
FB		 658 memset(s->io_buffer, 0, 512);
659 p = (uint16_t *)s->io_buffer;
660 /* Removable CDROM, 50us response, 12 byte packets */
67b915a5 661 put_le16(p + 0, (2 << 14) | (5 << 8) | (1 << 7) | (2 << 5) | (0 << 0));
fa879c64 662 padstr((char *)(p + 10), s->drive_serial_str, 20); /* serial number */
67b915a5
FB		 663 put_le16(p + 20, 3); /* buffer type */
664 put_le16(p + 21, 512); /* cache size in sectors */
665 put_le16(p + 22, 4); /* ecc bytes */
60fe76f3 666 padstr((char *)(p + 23), QEMU_VERSION, 8); /* firmware version */
38cdea7c 667 padstr((char *)(p + 27), "QEMU DVD-ROM", 40); /* model */
67b915a5 668 put_le16(p + 48, 1); /* dword I/O (XXX: should not be set on CDROM) */
8ccad811
FB		 669#ifdef USE_DMA_CDROM
670 put_le16(p + 49, 1 << 9 | 1 << 8); /* DMA and LBA supported */
671 put_le16(p + 53, 7); /* words 64-70, 54-58, 88 valid */
d1b5c20d 672 put_le16(p + 62, 7); /* single word dma0-2 supported */
8ccad811
FB		 673 put_le16(p + 63, 7); /* mdma0-2 supported */
674 put_le16(p + 64, 0x3f); /* PIO modes supported */
675#else
67b915a5
FB		 676 put_le16(p + 49, 1 << 9); /* LBA supported, no DMA */
677 put_le16(p + 53, 3); /* words 64-70, 54-58 valid */
678 put_le16(p + 63, 0x103); /* DMA modes XXX: may be incorrect */
679 put_le16(p + 64, 1); /* PIO modes */
8ccad811 680#endif
67b915a5
FB		 681 put_le16(p + 65, 0xb4); /* minimum DMA multiword tx cycle time */
682 put_le16(p + 66, 0xb4); /* recommended DMA multiword tx cycle time */
683 put_le16(p + 67, 0x12c); /* minimum PIO cycle time without flow control */
684 put_le16(p + 68, 0xb4); /* minimum PIO cycle time with IORDY flow control */
94458802 685
67b915a5
FB		 686 put_le16(p + 71, 30); /* in ns */
687 put_le16(p + 72, 30); /* in ns */
5391d806 688
67b915a5 689 put_le16(p + 80, 0x1e); /* support up to ATA/ATAPI-4 */
8ccad811
FB		 690#ifdef USE_DMA_CDROM
691 put_le16(p + 88, 0x3f | (1 << 13)); /* udma5 set and supported */
692#endif
94458802
FB		 693 memcpy(s->identify_data, p, sizeof(s->identify_data));
694 s->identify_set = 1;
5391d806
FB		 695}
696
201a51fc
AZ		 697static void ide_cfata_identify(IDEState *s)
698{
699 uint16_t *p;
700 uint32_t cur_sec;
201a51fc
AZ		 701
702 p = (uint16_t *) s->identify_data;
703 if (s->identify_set)
704 goto fill_buffer;
705
706 memset(p, 0, sizeof(s->identify_data));
707
708 cur_sec = s->cylinders * s->heads * s->sectors;
709
710 put_le16(p + 0, 0x848a); /* CF Storage Card signature */
711 put_le16(p + 1, s->cylinders); /* Default cylinders */
712 put_le16(p + 3, s->heads); /* Default heads */
713 put_le16(p + 6, s->sectors); /* Default sectors per track */
714 put_le16(p + 7, s->nb_sectors >> 16); /* Sectors per card */
715 put_le16(p + 8, s->nb_sectors); /* Sectors per card */
fa879c64 716 padstr((char *)(p + 10), s->drive_serial_str, 20); /* serial number */
201a51fc 717 put_le16(p + 22, 0x0004); /* ECC bytes */
60fe76f3
TS		 718 padstr((char *) (p + 23), QEMU_VERSION, 8); /* Firmware Revision */
719 padstr((char *) (p + 27), "QEMU MICRODRIVE", 40);/* Model number */
201a51fc
AZ		 720#if MAX_MULT_SECTORS > 1
721 put_le16(p + 47, 0x8000 | MAX_MULT_SECTORS);
722#else
723 put_le16(p + 47, 0x0000);
724#endif
725 put_le16(p + 49, 0x0f00); /* Capabilities */
726 put_le16(p + 51, 0x0002); /* PIO cycle timing mode */
727 put_le16(p + 52, 0x0001); /* DMA cycle timing mode */
728 put_le16(p + 53, 0x0003); /* Translation params valid */
729 put_le16(p + 54, s->cylinders); /* Current cylinders */
730 put_le16(p + 55, s->heads); /* Current heads */
731 put_le16(p + 56, s->sectors); /* Current sectors */
732 put_le16(p + 57, cur_sec); /* Current capacity */
733 put_le16(p + 58, cur_sec >> 16); /* Current capacity */
734 if (s->mult_sectors) /* Multiple sector setting */
735 put_le16(p + 59, 0x100 | s->mult_sectors);
736 put_le16(p + 60, s->nb_sectors); /* Total LBA sectors */
737 put_le16(p + 61, s->nb_sectors >> 16); /* Total LBA sectors */
738 put_le16(p + 63, 0x0203); /* Multiword DMA capability */
739 put_le16(p + 64, 0x0001); /* Flow Control PIO support */
740 put_le16(p + 65, 0x0096); /* Min. Multiword DMA cycle */
741 put_le16(p + 66, 0x0096); /* Rec. Multiword DMA cycle */
742 put_le16(p + 68, 0x00b4); /* Min. PIO cycle time */
743 put_le16(p + 82, 0x400c); /* Command Set supported */
744 put_le16(p + 83, 0x7068); /* Command Set supported */
745 put_le16(p + 84, 0x4000); /* Features supported */
746 put_le16(p + 85, 0x000c); /* Command Set enabled */
747 put_le16(p + 86, 0x7044); /* Command Set enabled */
748 put_le16(p + 87, 0x4000); /* Features enabled */
749 put_le16(p + 91, 0x4060); /* Current APM level */
750 put_le16(p + 129, 0x0002); /* Current features option */
751 put_le16(p + 130, 0x0005); /* Reassigned sectors */
752 put_le16(p + 131, 0x0001); /* Initial power mode */
753 put_le16(p + 132, 0x0000); /* User signature */
754 put_le16(p + 160, 0x8100); /* Power requirement */
755 put_le16(p + 161, 0x8001); /* CF command set */
756
757 s->identify_set = 1;
758
759fill_buffer:
760 memcpy(s->io_buffer, p, sizeof(s->identify_data));
761}
762
5391d806
FB		 763static void ide_set_signature(IDEState *s)
764{
765 s->select &= 0xf0; /* clear head */
766 /* put signature */
767 s->nsector = 1;
768 s->sector = 1;
769 if (s->is_cdrom) {
770 s->lcyl = 0x14;
771 s->hcyl = 0xeb;
772 } else if (s->bs) {
773 s->lcyl = 0;
774 s->hcyl = 0;
775 } else {
776 s->lcyl = 0xff;
777 s->hcyl = 0xff;
778 }
779}
780
781static inline void ide_abort_command(IDEState *s)
782{
783 s->status = READY_STAT | ERR_STAT;
784 s->error = ABRT_ERR;
785}
786
5604e090
AZ		 787static inline void ide_dma_submit_check(IDEState *s,
788 BlockDriverCompletionFunc *dma_cb, BMDMAState *bm)
789{
790 if (bm->aiocb)
791 return;
792 dma_cb(bm, -1);
793}
794
5391d806
FB		 795static inline void ide_set_irq(IDEState *s)
796{
98ff7d30 797 BMDMAState *bm = s->bmdma;
5391d806 798 if (!(s->cmd & IDE_CMD_DISABLE_IRQ)) {
5457c8ce 799 if (bm) {
98ff7d30 800 bm->status |= BM_STATUS_INT;
5457c8ce 801 }
d537cf6c 802 qemu_irq_raise(s->irq);
5391d806
FB		 803 }
804}
805
806/* prepare data transfer and tell what to do after */
5fafdf24 807static void ide_transfer_start(IDEState *s, uint8_t *buf, int size,
5391d806
FB		 808 EndTransferFunc *end_transfer_func)
809{
810 s->end_transfer_func = end_transfer_func;
811 s->data_ptr = buf;
812 s->data_end = buf + size;
7603d156
TS		 813 if (!(s->status & ERR_STAT))
814 s->status |= DRQ_STAT;
5391d806
FB		 815}
816
817static void ide_transfer_stop(IDEState *s)
818{
819 s->end_transfer_func = ide_transfer_stop;
820 s->data_ptr = s->io_buffer;
821 s->data_end = s->io_buffer;
822 s->status &= ~DRQ_STAT;
823}
824
825static int64_t ide_get_sector(IDEState *s)
826{
827 int64_t sector_num;
828 if (s->select & 0x40) {
829 /* lba */
c2ff060f
FB		 830 if (!s->lba48) {
831 sector_num = ((s->select & 0x0f) << 24) | (s->hcyl << 16) |
832 (s->lcyl << 8) | s->sector;
833 } else {
834 sector_num = ((int64_t)s->hob_hcyl << 40) |
835 ((int64_t) s->hob_lcyl << 32) |
836 ((int64_t) s->hob_sector << 24) |
837 ((int64_t) s->hcyl << 16) |
838 ((int64_t) s->lcyl << 8) | s->sector;
839 }
5391d806
FB		 840 } else {
841 sector_num = ((s->hcyl << 8) | s->lcyl) * s->heads * s->sectors +
c2ff060f 842 (s->select & 0x0f) * s->sectors + (s->sector - 1);
5391d806
FB		 843 }
844 return sector_num;
845}
846
847static void ide_set_sector(IDEState *s, int64_t sector_num)
848{
849 unsigned int cyl, r;
850 if (s->select & 0x40) {
c2ff060f
FB		 851 if (!s->lba48) {
852 s->select = (s->select & 0xf0) | (sector_num >> 24);
853 s->hcyl = (sector_num >> 16);
854 s->lcyl = (sector_num >> 8);
855 s->sector = (sector_num);
856 } else {
857 s->sector = sector_num;
858 s->lcyl = sector_num >> 8;
859 s->hcyl = sector_num >> 16;
860 s->hob_sector = sector_num >> 24;
861 s->hob_lcyl = sector_num >> 32;
862 s->hob_hcyl = sector_num >> 40;
863 }
5391d806
FB		 864 } else {
865 cyl = sector_num / (s->heads * s->sectors);
866 r = sector_num % (s->heads * s->sectors);
867 s->hcyl = cyl >> 8;
868 s->lcyl = cyl;
1b8eb456 869 s->select = (s->select & 0xf0) | ((r / s->sectors) & 0x0f);
5391d806
FB		 870 s->sector = (r % s->sectors) + 1;
871 }
872}
873
e162cfb0
AZ		 874static void ide_rw_error(IDEState *s) {
875 ide_abort_command(s);
876 ide_set_irq(s);
877}
878
5391d806
FB		 879static void ide_sector_read(IDEState *s)
880{
881 int64_t sector_num;
882 int ret, n;
883
884 s->status = READY_STAT | SEEK_STAT;
a136e5a8 885 s->error = 0; /* not needed by IDE spec, but needed by Windows */
5391d806
FB		 886 sector_num = ide_get_sector(s);
887 n = s->nsector;
888 if (n == 0) {
889 /* no more sector to read from disk */
890 ide_transfer_stop(s);
891 } else {
892#if defined(DEBUG_IDE)
18c5f8ea 893 printf("read sector=%" PRId64 "\n", sector_num);
5391d806
FB		 894#endif
895 if (n > s->req_nb_sectors)
896 n = s->req_nb_sectors;
897 ret = bdrv_read(s->bs, sector_num, s->io_buffer, n);
e162cfb0
AZ		 898 if (ret != 0) {
899 ide_rw_error(s);
900 return;
901 }
5391d806
FB		 902 ide_transfer_start(s, s->io_buffer, 512 * n, ide_sector_read);
903 ide_set_irq(s);
904 ide_set_sector(s, sector_num + n);
905 s->nsector -= n;
906 }
907}
908
7aea4412
AL		 909
910/* return 0 if buffer completed */
911static int dma_buf_prepare(BMDMAState *bm, int is_write)
912{
913 IDEState *s = bm->ide_if;
914 struct {
915 uint32_t addr;
916 uint32_t size;
917 } prd;
918 int l, len;
7aea4412 919
1fb8648d 920 qemu_sglist_init(&s->sg, s->nsector / (TARGET_PAGE_SIZE/512) + 1);
7aea4412
AL		 921 s->io_buffer_size = 0;
922 for(;;) {
923 if (bm->cur_prd_len == 0) {
924 /* end of table (with a fail safe of one page) */
925 if (bm->cur_prd_last ||
926 (bm->cur_addr - bm->addr) >= 4096)
927 return s->io_buffer_size != 0;
928 cpu_physical_memory_read(bm->cur_addr, (uint8_t *)&prd, 8);
929 bm->cur_addr += 8;
930 prd.addr = le32_to_cpu(prd.addr);
931 prd.size = le32_to_cpu(prd.size);
932 len = prd.size & 0xfffe;
933 if (len == 0)
934 len = 0x10000;
935 bm->cur_prd_len = len;
936 bm->cur_prd_addr = prd.addr;
937 bm->cur_prd_last = (prd.size & 0x80000000);
938 }
939 l = bm->cur_prd_len;
940 if (l > 0) {
1fb8648d
AL		 941 qemu_sglist_add(&s->sg, bm->cur_prd_addr, l);
942 bm->cur_prd_addr += l;
943 bm->cur_prd_len -= l;
944 s->io_buffer_size += l;
7aea4412
AL		 945 }
946 }
947 return 1;
948}
949
950static void dma_buf_commit(IDEState *s, int is_write)
951{
1fb8648d 952 qemu_sglist_destroy(&s->sg);
7aea4412
AL		 953}
954
e162cfb0
AZ		 955static void ide_dma_error(IDEState *s)
956{
957 ide_transfer_stop(s);
958 s->error = ABRT_ERR;
959 s->status = READY_STAT | ERR_STAT;
960 ide_set_irq(s);
961}
962
428c5705
AL		 963static int ide_handle_write_error(IDEState *s, int error, int op)
964{
965 BlockInterfaceErrorAction action = drive_get_onerror(s->bs);
966
967 if (action == BLOCK_ERR_IGNORE)
968 return 0;
969
970 if ((error == ENOSPC && action == BLOCK_ERR_STOP_ENOSPC)
971 || action == BLOCK_ERR_STOP_ANY) {
972 s->bmdma->ide_if = s;
973 s->bmdma->status |= op;
974 vm_stop(0);
975 } else {
7aea4412
AL		 976 if (op == BM_STATUS_DMA_RETRY) {
977 dma_buf_commit(s, 0);
428c5705 978 ide_dma_error(s);
7aea4412 979 } else {
428c5705 980 ide_rw_error(s);
7aea4412 981 }
428c5705
AL		 982 }
983
984 return 1;
985}
986
8ccad811
FB		 987/* return 0 if buffer completed */
988static int dma_buf_rw(BMDMAState *bm, int is_write)
98087450 989{
8ccad811
FB		 990 IDEState *s = bm->ide_if;
991 struct {
992 uint32_t addr;
993 uint32_t size;
994 } prd;
995 int l, len;
98087450 996
8ccad811
FB		 997 for(;;) {
998 l = s->io_buffer_size - s->io_buffer_index;
5fafdf24 999 if (l <= 0)
8ccad811
FB		 1000 break;
1001 if (bm->cur_prd_len == 0) {
1002 /* end of table (with a fail safe of one page) */
1003 if (bm->cur_prd_last ||
1004 (bm->cur_addr - bm->addr) >= 4096)
1005 return 0;
1006 cpu_physical_memory_read(bm->cur_addr, (uint8_t *)&prd, 8);
1007 bm->cur_addr += 8;
1008 prd.addr = le32_to_cpu(prd.addr);
1009 prd.size = le32_to_cpu(prd.size);
1010 len = prd.size & 0xfffe;
1011 if (len == 0)
1012 len = 0x10000;
1013 bm->cur_prd_len = len;
1014 bm->cur_prd_addr = prd.addr;
1015 bm->cur_prd_last = (prd.size & 0x80000000);
1016 }
1017 if (l > bm->cur_prd_len)
1018 l = bm->cur_prd_len;
1019 if (l > 0) {
1020 if (is_write) {
5fafdf24 1021 cpu_physical_memory_write(bm->cur_prd_addr,
8ccad811
FB		 1022 s->io_buffer + s->io_buffer_index, l);
1023 } else {
5fafdf24 1024 cpu_physical_memory_read(bm->cur_prd_addr,
8ccad811
FB		 1025 s->io_buffer + s->io_buffer_index, l);
1026 }
1027 bm->cur_prd_addr += l;
1028 bm->cur_prd_len -= l;
1029 s->io_buffer_index += l;
98087450 1030 }
98087450 1031 }
8ccad811
FB		 1032 return 1;
1033}
1034
8ccad811
FB		 1035static void ide_read_dma_cb(void *opaque, int ret)
1036{
1037 BMDMAState *bm = opaque;
1038 IDEState *s = bm->ide_if;
1039 int n;
1040 int64_t sector_num;
1041
e162cfb0 1042 if (ret < 0) {
7aea4412 1043 dma_buf_commit(s, 1);
e162cfb0
AZ		 1044 ide_dma_error(s);
1045 return;
1046 }
1047
8ccad811
FB		 1048 n = s->io_buffer_size >> 9;
1049 sector_num = ide_get_sector(s);
1050 if (n > 0) {
7aea4412 1051 dma_buf_commit(s, 1);
8ccad811
FB		 1052 sector_num += n;
1053 ide_set_sector(s, sector_num);
1054 s->nsector -= n;
8ccad811
FB		 1055 }
1056
1057 /* end of transfer ? */
1058 if (s->nsector == 0) {
98087450
FB		 1059 s->status = READY_STAT | SEEK_STAT;
1060 ide_set_irq(s);
8ccad811
FB		 1061 eot:
1062 bm->status &= ~BM_STATUS_DMAING;
1063 bm->status |= BM_STATUS_INT;
1064 bm->dma_cb = NULL;
1065 bm->ide_if = NULL;
1066 bm->aiocb = NULL;
1067 return;
98087450 1068 }
8ccad811
FB		 1069
1070 /* launch next transfer */
1071 n = s->nsector;
8ccad811
FB		 1072 s->io_buffer_index = 0;
1073 s->io_buffer_size = n * 512;
7aea4412
AL		 1074 if (dma_buf_prepare(bm, 1) == 0)
1075 goto eot;
8ccad811 1076#ifdef DEBUG_AIO
5df23f53 1077 printf("aio_read: sector_num=%" PRId64 " n=%d\n", sector_num, n);
8ccad811 1078#endif
1fb8648d 1079 bm->aiocb = dma_bdrv_read(s->bs, &s->sg, sector_num, ide_read_dma_cb, bm);
5604e090 1080 ide_dma_submit_check(s, ide_read_dma_cb, bm);
98087450
FB		 1081}
1082
1083static void ide_sector_read_dma(IDEState *s)
1084{
8ccad811 1085 s->status = READY_STAT | SEEK_STAT | DRQ_STAT | BUSY_STAT;
98087450
FB		 1086 s->io_buffer_index = 0;
1087 s->io_buffer_size = 0;
e3007e66 1088 s->is_read = 1;
98087450
FB		 1089 ide_dma_start(s, ide_read_dma_cb);
1090}
1091
a09db21f
FB		 1092static void ide_sector_write_timer_cb(void *opaque)
1093{
1094 IDEState *s = opaque;
1095 ide_set_irq(s);
1096}
1097
5391d806
FB		 1098static void ide_sector_write(IDEState *s)
1099{
1100 int64_t sector_num;
31c2a146 1101 int ret, n, n1;
5391d806
FB		 1102
1103 s->status = READY_STAT | SEEK_STAT;
1104 sector_num = ide_get_sector(s);
1105#if defined(DEBUG_IDE)
18c5f8ea 1106 printf("write sector=%" PRId64 "\n", sector_num);
5391d806
FB		 1107#endif
1108 n = s->nsector;
1109 if (n > s->req_nb_sectors)
1110 n = s->req_nb_sectors;
31c2a146 1111 ret = bdrv_write(s->bs, sector_num, s->io_buffer, n);
428c5705 1112
e162cfb0 1113 if (ret != 0) {
428c5705
AL		 1114 if (ide_handle_write_error(s, -ret, BM_STATUS_PIO_RETRY))
1115 return;
e162cfb0
AZ		 1116 }
1117
5391d806
FB		 1118 s->nsector -= n;
1119 if (s->nsector == 0) {
292eef5a 1120 /* no more sectors to write */
5391d806
FB		 1121 ide_transfer_stop(s);
1122 } else {
1123 n1 = s->nsector;
1124 if (n1 > s->req_nb_sectors)
1125 n1 = s->req_nb_sectors;
1126 ide_transfer_start(s, s->io_buffer, 512 * n1, ide_sector_write);
1127 }
1128 ide_set_sector(s, sector_num + n);
3b46e624 1129
31c2a146
TS		 1130#ifdef TARGET_I386
1131 if (win2k_install_hack && ((++s->irq_count % 16) == 0)) {
1132 /* It seems there is a bug in the Windows 2000 installer HDD
1133 IDE driver which fills the disk with empty logs when the
1134 IDE write IRQ comes too early. This hack tries to correct
1135 that at the expense of slower write performances. Use this
1136 option _only_ to install Windows 2000. You must disable it
1137 for normal use. */
1138 qemu_mod_timer(s->sector_write_timer,
1139 qemu_get_clock(vm_clock) + (ticks_per_sec / 1000));
1140 } else
1141#endif
1142 {
1143 ide_set_irq(s);
1144 }
5391d806
FB		 1145}
1146
213189ab 1147static void ide_dma_restart_bh(void *opaque)
428c5705
AL		 1148{
1149 BMDMAState *bm = opaque;
213189ab
MA		 1150
1151 qemu_bh_delete(bm->bh);
1152 bm->bh = NULL;
1153
428c5705
AL		 1154 if (bm->status & BM_STATUS_DMA_RETRY) {
1155 bm->status &= ~BM_STATUS_DMA_RETRY;
1156 ide_dma_restart(bm->ide_if);
1157 } else if (bm->status & BM_STATUS_PIO_RETRY) {
1158 bm->status &= ~BM_STATUS_PIO_RETRY;
1159 ide_sector_write(bm->ide_if);
1160 }
1161}
1162
213189ab
MA		 1163static void ide_dma_restart_cb(void *opaque, int running, int reason)
1164{
1165 BMDMAState *bm = opaque;
1166
1167 if (!running)
1168 return;
1169
1170 if (!bm->bh) {
1171 bm->bh = qemu_bh_new(ide_dma_restart_bh, bm);
1172 qemu_bh_schedule(bm->bh);
1173 }
1174}
1175
8ccad811 1176static void ide_write_dma_cb(void *opaque, int ret)
98087450 1177{
8ccad811
FB		 1178 BMDMAState *bm = opaque;
1179 IDEState *s = bm->ide_if;
1180 int n;
98087450
FB		 1181 int64_t sector_num;
1182
e162cfb0 1183 if (ret < 0) {
428c5705
AL		 1184 if (ide_handle_write_error(s, -ret, BM_STATUS_DMA_RETRY))
1185 return;
e162cfb0
AZ		 1186 }
1187
8ccad811
FB		 1188 n = s->io_buffer_size >> 9;
1189 sector_num = ide_get_sector(s);
1190 if (n > 0) {
7aea4412 1191 dma_buf_commit(s, 0);
8ccad811
FB		 1192 sector_num += n;
1193 ide_set_sector(s, sector_num);
1194 s->nsector -= n;
98087450 1195 }
98087450 1196
8ccad811
FB		 1197 /* end of transfer ? */
1198 if (s->nsector == 0) {
1199 s->status = READY_STAT | SEEK_STAT;
1200 ide_set_irq(s);
1201 eot:
1202 bm->status &= ~BM_STATUS_DMAING;
1203 bm->status |= BM_STATUS_INT;
1204 bm->dma_cb = NULL;
1205 bm->ide_if = NULL;
1206 bm->aiocb = NULL;
1207 return;
1208 }
1209
98087450 1210 n = s->nsector;
98087450 1211 s->io_buffer_size = n * 512;
7aea4412
AL		 1212 /* launch next transfer */
1213 if (dma_buf_prepare(bm, 0) == 0)
8ccad811
FB		 1214 goto eot;
1215#ifdef DEBUG_AIO
5df23f53 1216 printf("aio_write: sector_num=%" PRId64 " n=%d\n", sector_num, n);
8ccad811 1217#endif
1fb8648d 1218 bm->aiocb = dma_bdrv_write(s->bs, &s->sg, sector_num, ide_write_dma_cb, bm);
5604e090 1219 ide_dma_submit_check(s, ide_write_dma_cb, bm);
8ccad811
FB		 1220}
1221
1222static void ide_sector_write_dma(IDEState *s)
1223{
1224 s->status = READY_STAT | SEEK_STAT | DRQ_STAT | BUSY_STAT;
1225 s->io_buffer_index = 0;
1226 s->io_buffer_size = 0;
e3007e66 1227 s->is_read = 0;
98087450
FB		 1228 ide_dma_start(s, ide_write_dma_cb);
1229}
1230
5391d806
FB		 1231static void ide_atapi_cmd_ok(IDEState *s)
1232{
1233 s->error = 0;
41a2b959 1234 s->status = READY_STAT | SEEK_STAT;
5391d806
FB		 1235 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
1236 ide_set_irq(s);
1237}
1238
1239static void ide_atapi_cmd_error(IDEState *s, int sense_key, int asc)
1240{
1241#ifdef DEBUG_IDE_ATAPI
1242 printf("atapi_cmd_error: sense=0x%x asc=0x%x\n", sense_key, asc);
1243#endif
1244 s->error = sense_key << 4;
1245 s->status = READY_STAT | ERR_STAT;
1246 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
1247 s->sense_key = sense_key;
1248 s->asc = asc;
1249 ide_set_irq(s);
1250}
1251
9118e7f0
AL		 1252static void ide_atapi_cmd_check_status(IDEState *s)
1253{
1254#ifdef DEBUG_IDE_ATAPI
1255 printf("atapi_cmd_check_status\n");
1256#endif
1257 s->error = MC_ERR | (SENSE_UNIT_ATTENTION << 4);
1258 s->status = ERR_STAT;
1259 s->nsector = 0;
1260 ide_set_irq(s);
1261}
1262
5391d806
FB		 1263static inline void cpu_to_ube16(uint8_t *buf, int val)
1264{
1265 buf[0] = val >> 8;
9e622b15 1266 buf[1] = val & 0xff;
5391d806
FB		 1267}
1268
1269static inline void cpu_to_ube32(uint8_t *buf, unsigned int val)
1270{
1271 buf[0] = val >> 24;
1272 buf[1] = val >> 16;
1273 buf[2] = val >> 8;
9e622b15 1274 buf[3] = val & 0xff;
5391d806
FB		 1275}
1276
1277static inline int ube16_to_cpu(const uint8_t *buf)
1278{
1279 return (buf[0] << 8) | buf[1];
1280}
1281
1282static inline int ube32_to_cpu(const uint8_t *buf)
1283{
1284 return (buf[0] << 24) | (buf[1] << 16) | (buf[2] << 8) | buf[3];
1285}
1286
98087450
FB		 1287static void lba_to_msf(uint8_t *buf, int lba)
1288{
1289 lba += 150;
1290 buf[0] = (lba / 75) / 60;
1291 buf[1] = (lba / 75) % 60;
1292 buf[2] = lba % 75;
1293}
1294
8ccad811
FB		 1295static void cd_data_to_raw(uint8_t *buf, int lba)
1296{
1297 /* sync bytes */
1298 buf[0] = 0x00;
1299 memset(buf + 1, 0xff, 10);
1300 buf[11] = 0x00;
1301 buf += 12;
1302 /* MSF */
1303 lba_to_msf(buf, lba);
1304 buf[3] = 0x01; /* mode 1 data */
1305 buf += 4;
1306 /* data */
1307 buf += 2048;
1308 /* XXX: ECC not computed */
1309 memset(buf, 0, 288);
1310}
1311
5fafdf24 1312static int cd_read_sector(BlockDriverState *bs, int lba, uint8_t *buf,
98087450
FB		 1313 int sector_size)
1314{
66c6ef76
FB		 1315 int ret;
1316
98087450
FB		 1317 switch(sector_size) {
1318 case 2048:
66c6ef76 1319 ret = bdrv_read(bs, (int64_t)lba << 2, buf, 4);
98087450
FB		 1320 break;
1321 case 2352:
66c6ef76
FB		 1322 ret = bdrv_read(bs, (int64_t)lba << 2, buf + 16, 4);
1323 if (ret < 0)
1324 return ret;
8ccad811 1325 cd_data_to_raw(buf, lba);
98087450
FB		 1326 break;
1327 default:
66c6ef76 1328 ret = -EIO;
98087450
FB		 1329 break;
1330 }
66c6ef76
FB		 1331 return ret;
1332}
1333
1334static void ide_atapi_io_error(IDEState *s, int ret)
1335{
1336 /* XXX: handle more errors */
1337 if (ret == -ENOMEDIUM) {
5fafdf24 1338 ide_atapi_cmd_error(s, SENSE_NOT_READY,
66c6ef76
FB		 1339 ASC_MEDIUM_NOT_PRESENT);
1340 } else {
5fafdf24 1341 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
66c6ef76
FB		 1342 ASC_LOGICAL_BLOCK_OOR);
1343 }
98087450
FB		 1344}
1345
5391d806
FB		 1346/* The whole ATAPI transfer logic is handled in this function */
1347static void ide_atapi_cmd_reply_end(IDEState *s)
1348{
66c6ef76 1349 int byte_count_limit, size, ret;
5391d806 1350#ifdef DEBUG_IDE_ATAPI
5fafdf24 1351 printf("reply: tx_size=%d elem_tx_size=%d index=%d\n",
5391d806
FB		 1352 s->packet_transfer_size,
1353 s->elementary_transfer_size,
1354 s->io_buffer_index);
1355#endif
1356 if (s->packet_transfer_size <= 0) {
1357 /* end of transfer */
1358 ide_transfer_stop(s);
41a2b959 1359 s->status = READY_STAT | SEEK_STAT;
5391d806
FB		 1360 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
1361 ide_set_irq(s);
1362#ifdef DEBUG_IDE_ATAPI
1363 printf("status=0x%x\n", s->status);
1364#endif
1365 } else {
1366 /* see if a new sector must be read */
98087450 1367 if (s->lba != -1 && s->io_buffer_index >= s->cd_sector_size) {
66c6ef76
FB		 1368 ret = cd_read_sector(s->bs, s->lba, s->io_buffer, s->cd_sector_size);
1369 if (ret < 0) {
1370 ide_transfer_stop(s);
1371 ide_atapi_io_error(s, ret);
1372 return;
1373 }
5391d806
FB		 1374 s->lba++;
1375 s->io_buffer_index = 0;
1376 }
1377 if (s->elementary_transfer_size > 0) {
1378 /* there are some data left to transmit in this elementary
1379 transfer */
98087450 1380 size = s->cd_sector_size - s->io_buffer_index;
5391d806
FB		 1381 if (size > s->elementary_transfer_size)
1382 size = s->elementary_transfer_size;
5fafdf24 1383 ide_transfer_start(s, s->io_buffer + s->io_buffer_index,
5391d806
FB		 1384 size, ide_atapi_cmd_reply_end);
1385 s->packet_transfer_size -= size;
1386 s->elementary_transfer_size -= size;
1387 s->io_buffer_index += size;
1388 } else {
1389 /* a new transfer is needed */
1390 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO;
1391 byte_count_limit = s->lcyl | (s->hcyl << 8);
1392#ifdef DEBUG_IDE_ATAPI
1393 printf("byte_count_limit=%d\n", byte_count_limit);
1394#endif
1395 if (byte_count_limit == 0xffff)
1396 byte_count_limit--;
1397 size = s->packet_transfer_size;
1398 if (size > byte_count_limit) {
1399 /* byte count limit must be even if this case */
1400 if (byte_count_limit & 1)
1401 byte_count_limit--;
1402 size = byte_count_limit;
5391d806 1403 }
a136e5a8
FB		 1404 s->lcyl = size;
1405 s->hcyl = size >> 8;
5391d806
FB		 1406 s->elementary_transfer_size = size;
1407 /* we cannot transmit more than one sector at a time */
1408 if (s->lba != -1) {
98087450
FB		 1409 if (size > (s->cd_sector_size - s->io_buffer_index))
1410 size = (s->cd_sector_size - s->io_buffer_index);
5391d806 1411 }
5fafdf24 1412 ide_transfer_start(s, s->io_buffer + s->io_buffer_index,
5391d806
FB		 1413 size, ide_atapi_cmd_reply_end);
1414 s->packet_transfer_size -= size;
1415 s->elementary_transfer_size -= size;
1416 s->io_buffer_index += size;
1417 ide_set_irq(s);
1418#ifdef DEBUG_IDE_ATAPI
1419 printf("status=0x%x\n", s->status);
1420#endif
1421 }
1422 }
1423}
1424
1425/* send a reply of 'size' bytes in s->io_buffer to an ATAPI command */
1426static void ide_atapi_cmd_reply(IDEState *s, int size, int max_size)
1427{
1428 if (size > max_size)
1429 size = max_size;
1430 s->lba = -1; /* no sector read */
1431 s->packet_transfer_size = size;
5f12ab4b 1432 s->io_buffer_size = size; /* dma: send the reply data as one chunk */
5391d806
FB		 1433 s->elementary_transfer_size = 0;
1434 s->io_buffer_index = 0;
1435
5f12ab4b 1436 if (s->atapi_dma) {
41a2b959 1437 s->status = READY_STAT | SEEK_STAT | DRQ_STAT;
5f12ab4b
TS		 1438 ide_dma_start(s, ide_atapi_cmd_read_dma_cb);
1439 } else {
41a2b959 1440 s->status = READY_STAT | SEEK_STAT;
5f12ab4b
TS		 1441 ide_atapi_cmd_reply_end(s);
1442 }
5391d806
FB		 1443}
1444
1445/* start a CD-CDROM read command */
98087450
FB		 1446static void ide_atapi_cmd_read_pio(IDEState *s, int lba, int nb_sectors,
1447 int sector_size)
5391d806 1448{
5391d806 1449 s->lba = lba;
98087450 1450 s->packet_transfer_size = nb_sectors * sector_size;
5391d806 1451 s->elementary_transfer_size = 0;
98087450
FB		 1452 s->io_buffer_index = sector_size;
1453 s->cd_sector_size = sector_size;
5391d806 1454
41a2b959 1455 s->status = READY_STAT | SEEK_STAT;
5391d806
FB		 1456 ide_atapi_cmd_reply_end(s);
1457}
1458
98087450 1459/* ATAPI DMA support */
8ccad811
FB		 1460
1461/* XXX: handle read errors */
1462static void ide_atapi_cmd_read_dma_cb(void *opaque, int ret)
98087450 1463{
8ccad811
FB		 1464 BMDMAState *bm = opaque;
1465 IDEState *s = bm->ide_if;
1466 int data_offset, n;
1467
66c6ef76
FB		 1468 if (ret < 0) {
1469 ide_atapi_io_error(s, ret);
1470 goto eot;
1471 }
1472
8ccad811 1473 if (s->io_buffer_size > 0) {
5f12ab4b
TS		 1474 /*
1475 * For a cdrom read sector command (s->lba != -1),
1476 * adjust the lba for the next s->io_buffer_size chunk
1477 * and dma the current chunk.
1478 * For a command != read (s->lba == -1), just transfer
1479 * the reply data.
1480 */
1481 if (s->lba != -1) {
1482 if (s->cd_sector_size == 2352) {
1483 n = 1;
1484 cd_data_to_raw(s->io_buffer, s->lba);
1485 } else {
1486 n = s->io_buffer_size >> 11;
1487 }
1488 s->lba += n;
1489 }
8ccad811 1490 s->packet_transfer_size -= s->io_buffer_size;
8ccad811
FB		 1491 if (dma_buf_rw(bm, 1) == 0)
1492 goto eot;
98087450 1493 }
8ccad811 1494
98087450 1495 if (s->packet_transfer_size <= 0) {
41a2b959 1496 s->status = READY_STAT | SEEK_STAT;
98087450
FB		 1497 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
1498 ide_set_irq(s);
8ccad811
FB		 1499 eot:
1500 bm->status &= ~BM_STATUS_DMAING;
1501 bm->status |= BM_STATUS_INT;
1502 bm->dma_cb = NULL;
1503 bm->ide_if = NULL;
1504 bm->aiocb = NULL;
1505 return;
1506 }
3b46e624 1507
8ccad811
FB		 1508 s->io_buffer_index = 0;
1509 if (s->cd_sector_size == 2352) {
1510 n = 1;
1511 s->io_buffer_size = s->cd_sector_size;
1512 data_offset = 16;
1513 } else {
1514 n = s->packet_transfer_size >> 11;
1d8cde5b
AJ		 1515 if (n > (IDE_DMA_BUF_SECTORS / 4))
1516 n = (IDE_DMA_BUF_SECTORS / 4);
8ccad811
FB		 1517 s->io_buffer_size = n * 2048;
1518 data_offset = 0;
98087450 1519 }
8ccad811
FB		 1520#ifdef DEBUG_AIO
1521 printf("aio_read_cd: lba=%u n=%d\n", s->lba, n);
1522#endif
3f4cb3d3 1523 bm->iov.iov_base = (void *)(s->io_buffer + data_offset);
c87c0672
AL		 1524 bm->iov.iov_len = n * 4 * 512;
1525 qemu_iovec_init_external(&bm->qiov, &bm->iov, 1);
1526 bm->aiocb = bdrv_aio_readv(s->bs, (int64_t)s->lba << 2, &bm->qiov,
1527 n * 4, ide_atapi_cmd_read_dma_cb, bm);
66c6ef76
FB		 1528 if (!bm->aiocb) {
1529 /* Note: media not present is the most likely case */
5fafdf24 1530 ide_atapi_cmd_error(s, SENSE_NOT_READY,
66c6ef76
FB		 1531 ASC_MEDIUM_NOT_PRESENT);
1532 goto eot;
1533 }
98087450
FB		 1534}
1535
1536/* start a CD-CDROM read command with DMA */
1537/* XXX: test if DMA is available */
1538static void ide_atapi_cmd_read_dma(IDEState *s, int lba, int nb_sectors,
1539 int sector_size)
1540{
1541 s->lba = lba;
1542 s->packet_transfer_size = nb_sectors * sector_size;
8ccad811
FB		 1543 s->io_buffer_index = 0;
1544 s->io_buffer_size = 0;
98087450
FB		 1545 s->cd_sector_size = sector_size;
1546
8ccad811 1547 /* XXX: check if BUSY_STAT should be set */
41a2b959 1548 s->status = READY_STAT | SEEK_STAT | DRQ_STAT | BUSY_STAT;
98087450
FB		 1549 ide_dma_start(s, ide_atapi_cmd_read_dma_cb);
1550}
1551
5fafdf24 1552static void ide_atapi_cmd_read(IDEState *s, int lba, int nb_sectors,
98087450
FB		 1553 int sector_size)
1554{
1555#ifdef DEBUG_IDE_ATAPI
5f12ab4b
TS		 1556 printf("read %s: LBA=%d nb_sectors=%d\n", s->atapi_dma ? "dma" : "pio",
1557 lba, nb_sectors);
98087450
FB		 1558#endif
1559 if (s->atapi_dma) {
1560 ide_atapi_cmd_read_dma(s, lba, nb_sectors, sector_size);
1561 } else {
1562 ide_atapi_cmd_read_pio(s, lba, nb_sectors, sector_size);
1563 }
1564}
1565
38cdea7c
AZ		 1566static inline uint8_t ide_atapi_set_profile(uint8_t *buf, uint8_t *index,
1567 uint16_t profile)
1568{
1569 uint8_t *buf_profile = buf + 12; /* start of profiles */
1570
1571 buf_profile += ((*index) * 4); /* start of indexed profile */
1572 cpu_to_ube16 (buf_profile, profile);
1573 buf_profile[2] = ((buf_profile[0] == buf[6]) && (buf_profile[1] == buf[7]));
1574
1575 /* each profile adds 4 bytes to the response */
1576 (*index)++;
1577 buf[11] += 4; /* Additional Length */
1578
1579 return 4;
1580}
1581
8114e9e8
TS		 1582static int ide_dvd_read_structure(IDEState *s, int format,
1583 const uint8_t *packet, uint8_t *buf)
1584{
1585 switch (format) {
1586 case 0x0: /* Physical format information */
1587 {
1588 int layer = packet[6];
1589 uint64_t total_sectors;
1590
1591 if (layer != 0)
1592 return -ASC_INV_FIELD_IN_CMD_PACKET;
1593
1594 bdrv_get_geometry(s->bs, &total_sectors);
1595 total_sectors >>= 2;
1596 if (total_sectors == 0)
1597 return -ASC_MEDIUM_NOT_PRESENT;
1598
1599 buf[4] = 1; /* DVD-ROM, part version 1 */
1600 buf[5] = 0xf; /* 120mm disc, minimum rate unspecified */
1601 buf[6] = 1; /* one layer, read-only (per MMC-2 spec) */
1602 buf[7] = 0; /* default densities */
1603
1604 /* FIXME: 0x30000 per spec? */
1605 cpu_to_ube32(buf + 8, 0); /* start sector */
1606 cpu_to_ube32(buf + 12, total_sectors - 1); /* end sector */
1607 cpu_to_ube32(buf + 16, total_sectors - 1); /* l0 end sector */
1608
1609 /* Size of buffer, not including 2 byte size field */
1610 cpu_to_be16wu((uint16_t *)buf, 2048 + 2);
1611
1612 /* 2k data + 4 byte header */
1613 return (2048 + 4);
1614 }
1615
1616 case 0x01: /* DVD copyright information */
1617 buf[4] = 0; /* no copyright data */
1618 buf[5] = 0; /* no region restrictions */
1619
1620 /* Size of buffer, not including 2 byte size field */
1621 cpu_to_be16wu((uint16_t *)buf, 4 + 2);
1622
1623 /* 4 byte header + 4 byte data */
1624 return (4 + 4);
1625
1626 case 0x03: /* BCA information - invalid field for no BCA info */
1627 return -ASC_INV_FIELD_IN_CMD_PACKET;
1628
1629 case 0x04: /* DVD disc manufacturing information */
1630 /* Size of buffer, not including 2 byte size field */
1631 cpu_to_be16wu((uint16_t *)buf, 2048 + 2);
1632
1633 /* 2k data + 4 byte header */
1634 return (2048 + 4);
1635
1636 case 0xff:
1637 /*
1638 * This lists all the command capabilities above. Add new ones
1639 * in order and update the length and buffer return values.
1640 */
1641
1642 buf[4] = 0x00; /* Physical format */
1643 buf[5] = 0x40; /* Not writable, is readable */
1644 cpu_to_be16wu((uint16_t *)(buf + 6), 2048 + 4);
1645
1646 buf[8] = 0x01; /* Copyright info */
1647 buf[9] = 0x40; /* Not writable, is readable */
1648 cpu_to_be16wu((uint16_t *)(buf + 10), 4 + 4);
1649
1650 buf[12] = 0x03; /* BCA info */
1651 buf[13] = 0x40; /* Not writable, is readable */
1652 cpu_to_be16wu((uint16_t *)(buf + 14), 188 + 4);
1653
1654 buf[16] = 0x04; /* Manufacturing info */
1655 buf[17] = 0x40; /* Not writable, is readable */
1656 cpu_to_be16wu((uint16_t *)(buf + 18), 2048 + 4);
1657
1658 /* Size of buffer, not including 2 byte size field */
1659 cpu_to_be16wu((uint16_t *)buf, 16 + 2);
1660
1661 /* data written + 4 byte header */
1662 return (16 + 4);
1663
1664 default: /* TODO: formats beyond DVD-ROM requires */
1665 return -ASC_INV_FIELD_IN_CMD_PACKET;
1666 }
1667}
1668
5391d806
FB		 1669static void ide_atapi_cmd(IDEState *s)
1670{
1671 const uint8_t *packet;
1672 uint8_t *buf;
1673 int max_len;
1674
1675 packet = s->io_buffer;
1676 buf = s->io_buffer;
1677#ifdef DEBUG_IDE_ATAPI
1678 {
1679 int i;
1680 printf("ATAPI limit=0x%x packet:", s->lcyl | (s->hcyl << 8));
1681 for(i = 0; i < ATAPI_PACKET_SIZE; i++) {
1682 printf(" %02x", packet[i]);
1683 }
1684 printf("\n");
1685 }
1686#endif
9118e7f0
AL		 1687 /* If there's a UNIT_ATTENTION condition pending, only
1688 REQUEST_SENSE and INQUIRY commands are allowed to complete. */
1689 if (s->sense_key == SENSE_UNIT_ATTENTION &&
1690 s->io_buffer[0] != GPCMD_REQUEST_SENSE &&
1691 s->io_buffer[0] != GPCMD_INQUIRY) {
1692 ide_atapi_cmd_check_status(s);
1693 return;
1694 }
5391d806
FB		 1695 switch(s->io_buffer[0]) {
1696 case GPCMD_TEST_UNIT_READY:
93c8cfd9 1697 if (bdrv_is_inserted(s->bs) && !s->cdrom_changed) {
5391d806
FB		 1698 ide_atapi_cmd_ok(s);
1699 } else {
93c8cfd9 1700 s->cdrom_changed = 0;
5fafdf24 1701 ide_atapi_cmd_error(s, SENSE_NOT_READY,
5391d806
FB		 1702 ASC_MEDIUM_NOT_PRESENT);
1703 }
1704 break;
d14049ea 1705 case GPCMD_MODE_SENSE_6:
5391d806
FB		 1706 case GPCMD_MODE_SENSE_10:
1707 {
1708 int action, code;
d14049ea
TS		 1709 if (packet[0] == GPCMD_MODE_SENSE_10)
1710 max_len = ube16_to_cpu(packet + 7);
1711 else
1712 max_len = packet[4];
5391d806
FB		 1713 action = packet[2] >> 6;
1714 code = packet[2] & 0x3f;
1715 switch(action) {
1716 case 0: /* current values */
1717 switch(code) {
1718 case 0x01: /* error recovery */
1719 cpu_to_ube16(&buf[0], 16 + 6);
1720 buf[2] = 0x70;
1721 buf[3] = 0;
1722 buf[4] = 0;
1723 buf[5] = 0;
1724 buf[6] = 0;
1725 buf[7] = 0;
1726
1727 buf[8] = 0x01;
1728 buf[9] = 0x06;
1729 buf[10] = 0x00;
1730 buf[11] = 0x05;
1731 buf[12] = 0x00;
1732 buf[13] = 0x00;
1733 buf[14] = 0x00;
1734 buf[15] = 0x00;
1735 ide_atapi_cmd_reply(s, 16, max_len);
1736 break;
1737 case 0x2a:
1738 cpu_to_ube16(&buf[0], 28 + 6);
1739 buf[2] = 0x70;
1740 buf[3] = 0;
1741 buf[4] = 0;
1742 buf[5] = 0;
1743 buf[6] = 0;
1744 buf[7] = 0;
1745
1746 buf[8] = 0x2a;
1747 buf[9] = 0x12;
0d4a05a1 1748 buf[10] = 0x00;
5391d806 1749 buf[11] = 0x00;
3b46e624 1750
d5b4eb40
AL		 1751 /* Claim PLAY_AUDIO capability (0x01) since some Linux
1752 code checks for this to automount media. */
1753 buf[12] = 0x71;
5391d806
FB		 1754 buf[13] = 3 << 5;
1755 buf[14] = (1 << 0) | (1 << 3) | (1 << 5);
caed8802 1756 if (bdrv_is_locked(s->bs))
5391d806
FB		 1757 buf[6] |= 1 << 1;
1758 buf[15] = 0x00;
1759 cpu_to_ube16(&buf[16], 706);
1760 buf[18] = 0;
1761 buf[19] = 2;
1762 cpu_to_ube16(&buf[20], 512);
1763 cpu_to_ube16(&buf[22], 706);
1764 buf[24] = 0;
1765 buf[25] = 0;
1766 buf[26] = 0;
1767 buf[27] = 0;
1768 ide_atapi_cmd_reply(s, 28, max_len);
1769 break;
1770 default:
1771 goto error_cmd;
1772 }
1773 break;
1774 case 1: /* changeable values */
1775 goto error_cmd;
1776 case 2: /* default values */
1777 goto error_cmd;
1778 default:
1779 case 3: /* saved values */
5fafdf24 1780 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
5391d806
FB		 1781 ASC_SAVING_PARAMETERS_NOT_SUPPORTED);
1782 break;
1783 }
1784 }
1785 break;
1786 case GPCMD_REQUEST_SENSE:
1787 max_len = packet[4];
1788 memset(buf, 0, 18);
1789 buf[0] = 0x70 | (1 << 7);
1790 buf[2] = s->sense_key;
1791 buf[7] = 10;
1792 buf[12] = s->asc;
9118e7f0
AL		 1793 if (s->sense_key == SENSE_UNIT_ATTENTION)
1794 s->sense_key = SENSE_NONE;
5391d806
FB		 1795 ide_atapi_cmd_reply(s, 18, max_len);
1796 break;
1797 case GPCMD_PREVENT_ALLOW_MEDIUM_REMOVAL:
caed8802
FB		 1798 if (bdrv_is_inserted(s->bs)) {
1799 bdrv_set_locked(s->bs, packet[4] & 1);
5391d806
FB		 1800 ide_atapi_cmd_ok(s);
1801 } else {
5fafdf24 1802 ide_atapi_cmd_error(s, SENSE_NOT_READY,
5391d806
FB		 1803 ASC_MEDIUM_NOT_PRESENT);
1804 }
1805 break;
1806 case GPCMD_READ_10:
1807 case GPCMD_READ_12:
1808 {
1809 int nb_sectors, lba;
1810
5391d806
FB		 1811 if (packet[0] == GPCMD_READ_10)
1812 nb_sectors = ube16_to_cpu(packet + 7);
1813 else
1814 nb_sectors = ube32_to_cpu(packet + 6);
1815 lba = ube32_to_cpu(packet + 2);
1816 if (nb_sectors == 0) {
1817 ide_atapi_cmd_ok(s);
1818 break;
1819 }
98087450
FB		 1820 ide_atapi_cmd_read(s, lba, nb_sectors, 2048);
1821 }
1822 break;
1823 case GPCMD_READ_CD:
1824 {
1825 int nb_sectors, lba, transfer_request;
1826
98087450
FB		 1827 nb_sectors = (packet[6] << 16) | (packet[7] << 8) | packet[8];
1828 lba = ube32_to_cpu(packet + 2);
1829 if (nb_sectors == 0) {
1830 ide_atapi_cmd_ok(s);
1831 break;
1832 }
98087450
FB		 1833 transfer_request = packet[9];
1834 switch(transfer_request & 0xf8) {
1835 case 0x00:
1836 /* nothing */
1837 ide_atapi_cmd_ok(s);
1838 break;
1839 case 0x10:
1840 /* normal read */
1841 ide_atapi_cmd_read(s, lba, nb_sectors, 2048);
1842 break;
1843 case 0xf8:
1844 /* read all data */
1845 ide_atapi_cmd_read(s, lba, nb_sectors, 2352);
1846 break;
1847 default:
5fafdf24 1848 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
98087450
FB		 1849 ASC_INV_FIELD_IN_CMD_PACKET);
1850 break;
1851 }
5391d806
FB		 1852 }
1853 break;
1854 case GPCMD_SEEK:
1855 {
96b8f136
TS		 1856 unsigned int lba;
1857 uint64_t total_sectors;
66c6ef76
FB		 1858
1859 bdrv_get_geometry(s->bs, &total_sectors);
1860 total_sectors >>= 2;
96b8f136 1861 if (total_sectors == 0) {
5fafdf24 1862 ide_atapi_cmd_error(s, SENSE_NOT_READY,
5391d806
FB		 1863 ASC_MEDIUM_NOT_PRESENT);
1864 break;
1865 }
1866 lba = ube32_to_cpu(packet + 2);
66c6ef76 1867 if (lba >= total_sectors) {
5fafdf24 1868 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
5391d806
FB		 1869 ASC_LOGICAL_BLOCK_OOR);
1870 break;
1871 }
1872 ide_atapi_cmd_ok(s);
1873 }
1874 break;
1875 case GPCMD_START_STOP_UNIT:
1876 {
aea2a33c 1877 int start, eject, err = 0;
5391d806
FB		 1878 start = packet[4] & 1;
1879 eject = (packet[4] >> 1) & 1;
3b46e624 1880
aea2a33c
MM		 1881 if (eject) {
1882 err = bdrv_eject(s->bs, !start);
1883 }
1884
1885 switch (err) {
1886 case 0:
1887 ide_atapi_cmd_ok(s);
1888 break;
1889 case -EBUSY:
1890 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1891 ASC_MEDIA_REMOVAL_PREVENTED);
1892 break;
1893 default:
1894 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1895 ASC_MEDIUM_NOT_PRESENT);
1896 break;
caed8802 1897 }
5391d806
FB		 1898 }
1899 break;
1900 case GPCMD_MECHANISM_STATUS:
1901 {
1902 max_len = ube16_to_cpu(packet + 8);
1903 cpu_to_ube16(buf, 0);
1904 /* no current LBA */
1905 buf[2] = 0;
1906 buf[3] = 0;
1907 buf[4] = 0;
1908 buf[5] = 1;
1909 cpu_to_ube16(buf + 6, 0);
1910 ide_atapi_cmd_reply(s, 8, max_len);
1911 }
1912 break;
1913 case GPCMD_READ_TOC_PMA_ATIP:
1914 {
1915 int format, msf, start_track, len;
96b8f136 1916 uint64_t total_sectors;
5391d806 1917
66c6ef76
FB		 1918 bdrv_get_geometry(s->bs, &total_sectors);
1919 total_sectors >>= 2;
96b8f136 1920 if (total_sectors == 0) {
5fafdf24 1921 ide_atapi_cmd_error(s, SENSE_NOT_READY,
5391d806
FB		 1922 ASC_MEDIUM_NOT_PRESENT);
1923 break;
1924 }
1925 max_len = ube16_to_cpu(packet + 7);
1926 format = packet[9] >> 6;
1927 msf = (packet[1] >> 1) & 1;
1928 start_track = packet[6];
1929 switch(format) {
1930 case 0:
66c6ef76 1931 len = cdrom_read_toc(total_sectors, buf, msf, start_track);
5391d806
FB		 1932 if (len < 0)
1933 goto error_cmd;
1934 ide_atapi_cmd_reply(s, len, max_len);
1935 break;
1936 case 1:
1937 /* multi session : only a single session defined */
1938 memset(buf, 0, 12);
1939 buf[1] = 0x0a;
1940 buf[2] = 0x01;
1941 buf[3] = 0x01;
1942 ide_atapi_cmd_reply(s, 12, max_len);
1943 break;
98087450 1944 case 2:
66c6ef76 1945 len = cdrom_read_toc_raw(total_sectors, buf, msf, start_track);
98087450
FB		 1946 if (len < 0)
1947 goto error_cmd;
1948 ide_atapi_cmd_reply(s, len, max_len);
1949 break;
5391d806 1950 default:
7f777bf3 1951 error_cmd:
5fafdf24 1952 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
7f777bf3
FB		 1953 ASC_INV_FIELD_IN_CMD_PACKET);
1954 break;
5391d806
FB		 1955 }
1956 }
1957 break;
1958 case GPCMD_READ_CDVD_CAPACITY:
66c6ef76 1959 {
96b8f136 1960 uint64_t total_sectors;
66c6ef76
FB		 1961
1962 bdrv_get_geometry(s->bs, &total_sectors);
1963 total_sectors >>= 2;
96b8f136 1964 if (total_sectors == 0) {
5fafdf24 1965 ide_atapi_cmd_error(s, SENSE_NOT_READY,
66c6ef76
FB		 1966 ASC_MEDIUM_NOT_PRESENT);
1967 break;
1968 }
1969 /* NOTE: it is really the number of sectors minus 1 */
1970 cpu_to_ube32(buf, total_sectors - 1);
1971 cpu_to_ube32(buf + 4, 2048);
1972 ide_atapi_cmd_reply(s, 8, 8);
5391d806 1973 }
5391d806 1974 break;
d14049ea
TS		 1975 case GPCMD_READ_DVD_STRUCTURE:
1976 {
1977 int media = packet[1];
8114e9e8
TS		 1978 int format = packet[7];
1979 int ret;
d14049ea 1980
8114e9e8 1981 max_len = ube16_to_cpu(packet + 8);
d14049ea 1982
8114e9e8
TS		 1983 if (format < 0xff) {
1984 if (media_is_cd(s)) {
1985 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1986 ASC_INCOMPATIBLE_FORMAT);
1987 break;
1988 } else if (!media_present(s)) {
1989 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1990 ASC_INV_FIELD_IN_CMD_PACKET);
1991 break;
1992 }
1993 }
d14049ea 1994
8114e9e8
TS		 1995 memset(buf, 0, max_len > IDE_DMA_BUF_SECTORS * 512 + 4 ?
1996 IDE_DMA_BUF_SECTORS * 512 + 4 : max_len);
d14049ea 1997
8114e9e8
TS		 1998 switch (format) {
1999 case 0x00 ... 0x7f:
2000 case 0xff:
2001 if (media == 0) {
2002 ret = ide_dvd_read_structure(s, format, packet, buf);
d14049ea 2003
8114e9e8
TS		 2004 if (ret < 0)
2005 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST, -ret);
2006 else
2007 ide_atapi_cmd_reply(s, ret, max_len);
d14049ea 2008
8114e9e8
TS		 2009 break;
2010 }
2011 /* TODO: BD support, fall through for now */
2012
2013 /* Generic disk structures */
2014 case 0x80: /* TODO: AACS volume identifier */
2015 case 0x81: /* TODO: AACS media serial number */
2016 case 0x82: /* TODO: AACS media identifier */
2017 case 0x83: /* TODO: AACS media key block */
2018 case 0x90: /* TODO: List of recognized format layers */
2019 case 0xc0: /* TODO: Write protection status */
d14049ea
TS		 2020 default:
2021 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
2022 ASC_INV_FIELD_IN_CMD_PACKET);
2023 break;
2024 }
2025 }
2026 break;
2027 case GPCMD_SET_SPEED:
2028 ide_atapi_cmd_ok(s);
2029 break;
bd0d90b2
FB		 2030 case GPCMD_INQUIRY:
2031 max_len = packet[4];
2032 buf[0] = 0x05; /* CD-ROM */
2033 buf[1] = 0x80; /* removable */
2034 buf[2] = 0x00; /* ISO */
2035 buf[3] = 0x21; /* ATAPI-2 (XXX: put ATAPI-4 ?) */
aa1f17c1 2036 buf[4] = 31; /* additional length */
bd0d90b2
FB		 2037 buf[5] = 0; /* reserved */
2038 buf[6] = 0; /* reserved */
2039 buf[7] = 0; /* reserved */
2040 padstr8(buf + 8, 8, "QEMU");
38cdea7c 2041 padstr8(buf + 16, 16, "QEMU DVD-ROM");
bd0d90b2
FB		 2042 padstr8(buf + 32, 4, QEMU_VERSION);
2043 ide_atapi_cmd_reply(s, 36, max_len);
2044 break;
d14049ea
TS		 2045 case GPCMD_GET_CONFIGURATION:
2046 {
38cdea7c 2047 uint32_t len;
091d055b 2048 uint8_t index = 0;
d14049ea
TS		 2049
2050 /* only feature 0 is supported */
2051 if (packet[2] != 0 || packet[3] != 0) {
2052 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
2053 ASC_INV_FIELD_IN_CMD_PACKET);
2054 break;
2055 }
38cdea7c
AZ		 2056
2057 /* XXX: could result in alignment problems in some architectures */
2058 max_len = ube16_to_cpu(packet + 7);
091d055b 2059
38cdea7c 2060 /*
091d055b
AZ		 2061 * XXX: avoid overflow for io_buffer if max_len is bigger than
2062 * the size of that buffer (dimensioned to max number of
2063 * sectors to transfer at once)
38cdea7c 2064 *
091d055b 2065 * Only a problem if the feature/profiles grow.
38cdea7c
AZ		 2066 */
2067 if (max_len > 512) /* XXX: assume 1 sector */
2068 max_len = 512;
2069
2070 memset(buf, 0, max_len);
2071 /*
2072 * the number of sectors from the media tells us which profile
2073 * to use as current. 0 means there is no media
38cdea7c 2074 */
8114e9e8
TS		 2075 if (media_is_dvd(s))
2076 cpu_to_ube16(buf + 6, MMC_PROFILE_DVD_ROM);
2077 else if (media_is_cd(s))
2078 cpu_to_ube16(buf + 6, MMC_PROFILE_CD_ROM);
38cdea7c 2079
091d055b
AZ		 2080 buf[10] = 0x02 | 0x01; /* persistent and current */
2081 len = 12; /* headers: 8 + 4 */
2082 len += ide_atapi_set_profile(buf, &index, MMC_PROFILE_DVD_ROM);
2083 len += ide_atapi_set_profile(buf, &index, MMC_PROFILE_CD_ROM);
38cdea7c
AZ		 2084 cpu_to_ube32(buf, len - 4); /* data length */
2085
2086 ide_atapi_cmd_reply(s, len, max_len);
d14049ea
TS		 2087 break;
2088 }
5391d806 2089 default:
5fafdf24 2090 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
7f777bf3 2091 ASC_ILLEGAL_OPCODE);
5391d806
FB		 2092 break;
2093 }
2094}
2095
201a51fc
AZ		 2096static void ide_cfata_metadata_inquiry(IDEState *s)
2097{
2098 uint16_t *p;
2099 uint32_t spd;
2100
2101 p = (uint16_t *) s->io_buffer;
2102 memset(p, 0, 0x200);
2103 spd = ((s->mdata_size - 1) >> 9) + 1;
2104
2105 put_le16(p + 0, 0x0001); /* Data format revision */
2106 put_le16(p + 1, 0x0000); /* Media property: silicon */
2107 put_le16(p + 2, s->media_changed); /* Media status */
2108 put_le16(p + 3, s->mdata_size & 0xffff); /* Capacity in bytes (low) */
2109 put_le16(p + 4, s->mdata_size >> 16); /* Capacity in bytes (high) */
2110 put_le16(p + 5, spd & 0xffff); /* Sectors per device (low) */
2111 put_le16(p + 6, spd >> 16); /* Sectors per device (high) */
2112}
2113
2114static void ide_cfata_metadata_read(IDEState *s)
2115{
2116 uint16_t *p;
2117
2118 if (((s->hcyl << 16) | s->lcyl) << 9 > s->mdata_size + 2) {
2119 s->status = ERR_STAT;
2120 s->error = ABRT_ERR;
2121 return;
2122 }
2123
2124 p = (uint16_t *) s->io_buffer;
2125 memset(p, 0, 0x200);
2126
2127 put_le16(p + 0, s->media_changed); /* Media status */
2128 memcpy(p + 1, s->mdata_storage + (((s->hcyl << 16) | s->lcyl) << 9),
2129 MIN(MIN(s->mdata_size - (((s->hcyl << 16) | s->lcyl) << 9),
2130 s->nsector << 9), 0x200 - 2));
2131}
2132
2133static void ide_cfata_metadata_write(IDEState *s)
2134{
2135 if (((s->hcyl << 16) | s->lcyl) << 9 > s->mdata_size + 2) {
2136 s->status = ERR_STAT;
2137 s->error = ABRT_ERR;
2138 return;
2139 }
2140
2141 s->media_changed = 0;
2142
2143 memcpy(s->mdata_storage + (((s->hcyl << 16) | s->lcyl) << 9),
2144 s->io_buffer + 2,
2145 MIN(MIN(s->mdata_size - (((s->hcyl << 16) | s->lcyl) << 9),
2146 s->nsector << 9), 0x200 - 2));
2147}
2148
bd491d6a
TS		 2149/* called when the inserted state of the media has changed */
2150static void cdrom_change_cb(void *opaque)
2151{
2152 IDEState *s = opaque;
96b8f136 2153 uint64_t nb_sectors;
bd491d6a 2154
bd491d6a
TS		 2155 bdrv_get_geometry(s->bs, &nb_sectors);
2156 s->nb_sectors = nb_sectors;
9118e7f0
AL		 2157
2158 s->sense_key = SENSE_UNIT_ATTENTION;
2159 s->asc = ASC_MEDIUM_MAY_HAVE_CHANGED;
93c8cfd9 2160 s->cdrom_changed = 1;
9118e7f0 2161 ide_set_irq(s);
bd491d6a
TS		 2162}
2163
c2ff060f
FB		 2164static void ide_cmd_lba48_transform(IDEState *s, int lba48)
2165{
2166 s->lba48 = lba48;
2167
2168 /* handle the 'magic' 0 nsector count conversion here. to avoid
2169 * fiddling with the rest of the read logic, we just store the
2170 * full sector count in ->nsector and ignore ->hob_nsector from now
2171 */
2172 if (!s->lba48) {
2173 if (!s->nsector)
2174 s->nsector = 256;
2175 } else {
2176 if (!s->nsector && !s->hob_nsector)
2177 s->nsector = 65536;
2178 else {
2179 int lo = s->nsector;
2180 int hi = s->hob_nsector;
2181
2182 s->nsector = (hi << 8) | lo;
2183 }
2184 }
2185}
2186
2187static void ide_clear_hob(IDEState *ide_if)
2188{
2189 /* any write clears HOB high bit of device control register */
2190 ide_if[0].select &= ~(1 << 7);
2191 ide_if[1].select &= ~(1 << 7);
2192}
2193
caed8802
FB		 2194static void ide_ioport_write(void *opaque, uint32_t addr, uint32_t val)
2195{
2196 IDEState *ide_if = opaque;
c45c3d00 2197 IDEState *s;
5391d806 2198 int unit, n;
c2ff060f 2199 int lba48 = 0;
5391d806
FB		 2200
2201#ifdef DEBUG_IDE
2202 printf("IDE: write addr=0x%x val=0x%02x\n", addr, val);
2203#endif
c2ff060f 2204
5391d806 2205 addr &= 7;
fcdd25ab
AL		 2206
2207 /* ignore writes to command block while busy with previous command */
2208 if (addr != 7 && (ide_if->cur_drive->status & (BUSY_STAT|DRQ_STAT)))
2209 return;
2210
5391d806
FB		 2211 switch(addr) {
2212 case 0:
2213 break;
2214 case 1:
c2ff060f 2215 ide_clear_hob(ide_if);
c45c3d00 2216 /* NOTE: data is written to the two drives */
c2ff060f
FB		 2217 ide_if[0].hob_feature = ide_if[0].feature;
2218 ide_if[1].hob_feature = ide_if[1].feature;
c45c3d00
FB		 2219 ide_if[0].feature = val;
2220 ide_if[1].feature = val;
5391d806
FB		 2221 break;
2222 case 2:
c2ff060f
FB		 2223 ide_clear_hob(ide_if);
2224 ide_if[0].hob_nsector = ide_if[0].nsector;
2225 ide_if[1].hob_nsector = ide_if[1].nsector;
c45c3d00
FB		 2226 ide_if[0].nsector = val;
2227 ide_if[1].nsector = val;
5391d806
FB		 2228 break;
2229 case 3:
c2ff060f
FB		 2230 ide_clear_hob(ide_if);
2231 ide_if[0].hob_sector = ide_if[0].sector;
2232 ide_if[1].hob_sector = ide_if[1].sector;
c45c3d00
FB		 2233 ide_if[0].sector = val;
2234 ide_if[1].sector = val;
5391d806
FB		 2235 break;
2236 case 4:
c2ff060f
FB		 2237 ide_clear_hob(ide_if);
2238 ide_if[0].hob_lcyl = ide_if[0].lcyl;
2239 ide_if[1].hob_lcyl = ide_if[1].lcyl;
c45c3d00
FB		 2240 ide_if[0].lcyl = val;
2241 ide_if[1].lcyl = val;
5391d806
FB		 2242 break;
2243 case 5:
c2ff060f
FB		 2244 ide_clear_hob(ide_if);
2245 ide_if[0].hob_hcyl = ide_if[0].hcyl;
2246 ide_if[1].hob_hcyl = ide_if[1].hcyl;
c45c3d00
FB		 2247 ide_if[0].hcyl = val;
2248 ide_if[1].hcyl = val;
5391d806
FB		 2249 break;
2250 case 6:
c2ff060f 2251 /* FIXME: HOB readback uses bit 7 */
7ae98627
FB		 2252 ide_if[0].select = (val & ~0x10) | 0xa0;
2253 ide_if[1].select = (val | 0x10) | 0xa0;
5391d806
FB		 2254 /* select drive */
2255 unit = (val >> 4) & 1;
2256 s = ide_if + unit;
2257 ide_if->cur_drive = s;
5391d806
FB		 2258 break;
2259 default:
2260 case 7:
2261 /* command */
2262#if defined(DEBUG_IDE)
2263 printf("ide: CMD=%02x\n", val);
2264#endif
c45c3d00 2265 s = ide_if->cur_drive;
66201e2d 2266 /* ignore commands to non existant slave */
5fafdf24 2267 if (s != ide_if && !s->bs)
66201e2d 2268 break;
c2ff060f 2269
fcdd25ab
AL		 2270 /* Only DEVICE RESET is allowed while BSY or/and DRQ are set */
2271 if ((s->status & (BUSY_STAT|DRQ_STAT)) && val != WIN_DEVICE_RESET)
2272 break;
2273
5391d806
FB		 2274 switch(val) {
2275 case WIN_IDENTIFY:
2276 if (s->bs && !s->is_cdrom) {
201a51fc
AZ		 2277 if (!s->is_cf)
2278 ide_identify(s);
2279 else
2280 ide_cfata_identify(s);
2a282056 2281 s->status = READY_STAT | SEEK_STAT;
5391d806
FB		 2282 ide_transfer_start(s, s->io_buffer, 512, ide_transfer_stop);
2283 } else {
2284 if (s->is_cdrom) {
2285 ide_set_signature(s);
2286 }
2287 ide_abort_command(s);
2288 }
2289 ide_set_irq(s);
2290 break;
2291 case WIN_SPECIFY:
2292 case WIN_RECAL:
a136e5a8 2293 s->error = 0;
769bec72 2294 s->status = READY_STAT | SEEK_STAT;
5391d806
FB		 2295 ide_set_irq(s);
2296 break;
2297 case WIN_SETMULT:
201a51fc
AZ		 2298 if (s->is_cf && s->nsector == 0) {
2299 /* Disable Read and Write Multiple */
2300 s->mult_sectors = 0;
41a2b959 2301 s->status = READY_STAT | SEEK_STAT;
201a51fc 2302 } else if ((s->nsector & 0xff) != 0 &&
39dfc926
TS		 2303 ((s->nsector & 0xff) > MAX_MULT_SECTORS ||
2304 (s->nsector & (s->nsector - 1)) != 0)) {
5391d806
FB		 2305 ide_abort_command(s);
2306 } else {
292eef5a 2307 s->mult_sectors = s->nsector & 0xff;
41a2b959 2308 s->status = READY_STAT | SEEK_STAT;
5391d806
FB		 2309 }
2310 ide_set_irq(s);
2311 break;
c2ff060f
FB		 2312 case WIN_VERIFY_EXT:
2313 lba48 = 1;
4ce900b4
FB		 2314 case WIN_VERIFY:
2315 case WIN_VERIFY_ONCE:
2316 /* do sector number check ? */
c2ff060f 2317 ide_cmd_lba48_transform(s, lba48);
41a2b959 2318 s->status = READY_STAT | SEEK_STAT;
4ce900b4
FB		 2319 ide_set_irq(s);
2320 break;
c2ff060f
FB		 2321 case WIN_READ_EXT:
2322 lba48 = 1;
5391d806
FB		 2323 case WIN_READ:
2324 case WIN_READ_ONCE:
5fafdf24 2325 if (!s->bs)
6b136f9e 2326 goto abort_cmd;
c2ff060f 2327 ide_cmd_lba48_transform(s, lba48);
5391d806
FB		 2328 s->req_nb_sectors = 1;
2329 ide_sector_read(s);
2330 break;
c2ff060f
FB		 2331 case WIN_WRITE_EXT:
2332 lba48 = 1;
5391d806
FB		 2333 case WIN_WRITE:
2334 case WIN_WRITE_ONCE:
201a51fc
AZ		 2335 case CFA_WRITE_SECT_WO_ERASE:
2336 case WIN_WRITE_VERIFY:
c2ff060f 2337 ide_cmd_lba48_transform(s, lba48);
a136e5a8 2338 s->error = 0;
f66723fa 2339 s->status = SEEK_STAT | READY_STAT;
5391d806
FB		 2340 s->req_nb_sectors = 1;
2341 ide_transfer_start(s, s->io_buffer, 512, ide_sector_write);
201a51fc 2342 s->media_changed = 1;
5391d806 2343 break;
c2ff060f
FB		 2344 case WIN_MULTREAD_EXT:
2345 lba48 = 1;
5391d806
FB		 2346 case WIN_MULTREAD:
2347 if (!s->mult_sectors)
2348 goto abort_cmd;
c2ff060f 2349 ide_cmd_lba48_transform(s, lba48);
5391d806
FB		 2350 s->req_nb_sectors = s->mult_sectors;
2351 ide_sector_read(s);
2352 break;
c2ff060f
FB		 2353 case WIN_MULTWRITE_EXT:
2354 lba48 = 1;
5391d806 2355 case WIN_MULTWRITE:
201a51fc 2356 case CFA_WRITE_MULTI_WO_ERASE:
5391d806
FB		 2357 if (!s->mult_sectors)
2358 goto abort_cmd;
c2ff060f 2359 ide_cmd_lba48_transform(s, lba48);
a136e5a8 2360 s->error = 0;
f66723fa 2361 s->status = SEEK_STAT | READY_STAT;
5391d806
FB		 2362 s->req_nb_sectors = s->mult_sectors;
2363 n = s->nsector;
2364 if (n > s->req_nb_sectors)
2365 n = s->req_nb_sectors;
2366 ide_transfer_start(s, s->io_buffer, 512 * n, ide_sector_write);
201a51fc 2367 s->media_changed = 1;
5391d806 2368 break;
c2ff060f
FB		 2369 case WIN_READDMA_EXT:
2370 lba48 = 1;
98087450
FB		 2371 case WIN_READDMA:
2372 case WIN_READDMA_ONCE:
5fafdf24 2373 if (!s->bs)
98087450 2374 goto abort_cmd;
c2ff060f 2375 ide_cmd_lba48_transform(s, lba48);
98087450
FB		 2376 ide_sector_read_dma(s);
2377 break;
c2ff060f
FB		 2378 case WIN_WRITEDMA_EXT:
2379 lba48 = 1;
98087450
FB		 2380 case WIN_WRITEDMA:
2381 case WIN_WRITEDMA_ONCE:
5fafdf24 2382 if (!s->bs)
98087450 2383 goto abort_cmd;
c2ff060f 2384 ide_cmd_lba48_transform(s, lba48);
98087450 2385 ide_sector_write_dma(s);
201a51fc 2386 s->media_changed = 1;
98087450 2387 break;
c2ff060f
FB		 2388 case WIN_READ_NATIVE_MAX_EXT:
2389 lba48 = 1;
5391d806 2390 case WIN_READ_NATIVE_MAX:
c2ff060f 2391 ide_cmd_lba48_transform(s, lba48);
5391d806 2392 ide_set_sector(s, s->nb_sectors - 1);
41a2b959 2393 s->status = READY_STAT | SEEK_STAT;
5391d806
FB		 2394 ide_set_irq(s);
2395 break;
a136e5a8 2396 case WIN_CHECKPOWERMODE1:
201a51fc 2397 case WIN_CHECKPOWERMODE2:
a136e5a8 2398 s->nsector = 0xff; /* device active or idle */
41a2b959 2399 s->status = READY_STAT | SEEK_STAT;
a136e5a8
FB		 2400 ide_set_irq(s);
2401 break;
34e538ae
FB		 2402 case WIN_SETFEATURES:
2403 if (!s->bs)
2404 goto abort_cmd;
2405 /* XXX: valid for CDROM ? */
2406 switch(s->feature) {
e1f63470
TS		 2407 case 0xcc: /* reverting to power-on defaults enable */
2408 case 0x66: /* reverting to power-on defaults disable */
34e538ae
FB		 2409 case 0x02: /* write cache enable */
2410 case 0x82: /* write cache disable */
2411 case 0xaa: /* read look-ahead enable */
2412 case 0x55: /* read look-ahead disable */
201a51fc
AZ		 2413 case 0x05: /* set advanced power management mode */
2414 case 0x85: /* disable advanced power management mode */
2415 case 0x69: /* NOP */
2416 case 0x67: /* NOP */
2417 case 0x96: /* NOP */
2418 case 0x9a: /* NOP */
c3e88d8c
TS		 2419 case 0x42: /* enable Automatic Acoustic Mode */
2420 case 0xc2: /* disable Automatic Acoustic Mode */
e0fe67aa 2421 s->status = READY_STAT | SEEK_STAT;
34e538ae
FB		 2422 ide_set_irq(s);
2423 break;
94458802
FB		 2424 case 0x03: { /* set transfer mode */
2425 uint8_t val = s->nsector & 0x07;
2426
2427 switch (s->nsector >> 3) {
2428 case 0x00: /* pio default */
2429 case 0x01: /* pio mode */
d1b5c20d
TS		 2430 put_le16(s->identify_data + 62,0x07);
2431 put_le16(s->identify_data + 63,0x07);
2432 put_le16(s->identify_data + 88,0x3f);
2433 break;
2434 case 0x02: /* sigle word dma mode*/
2435 put_le16(s->identify_data + 62,0x07 | (1 << (val + 8)));
94458802
FB		 2436 put_le16(s->identify_data + 63,0x07);
2437 put_le16(s->identify_data + 88,0x3f);
2438 break;
2439 case 0x04: /* mdma mode */
d1b5c20d 2440 put_le16(s->identify_data + 62,0x07);
94458802
FB		 2441 put_le16(s->identify_data + 63,0x07 | (1 << (val + 8)));
2442 put_le16(s->identify_data + 88,0x3f);
2443 break;
2444 case 0x08: /* udma mode */
d1b5c20d 2445 put_le16(s->identify_data + 62,0x07);
94458802
FB		 2446 put_le16(s->identify_data + 63,0x07);
2447 put_le16(s->identify_data + 88,0x3f | (1 << (val + 8)));
2448 break;
2449 default:
2450 goto abort_cmd;
2451 }
2452 s->status = READY_STAT | SEEK_STAT;
2453 ide_set_irq(s);
2454 break;
2455 }
34e538ae
FB		 2456 default:
2457 goto abort_cmd;
2458 }
2459 break;
c2ff060f
FB		 2460 case WIN_FLUSH_CACHE:
2461 case WIN_FLUSH_CACHE_EXT:
7a6cba61
PB		 2462 if (s->bs)
2463 bdrv_flush(s->bs);
41a2b959 2464 s->status = READY_STAT | SEEK_STAT;
7a6cba61
PB		 2465 ide_set_irq(s);
2466 break;
c3e88d8c
TS		 2467 case WIN_STANDBY:
2468 case WIN_STANDBY2:
2469 case WIN_STANDBYNOW1:
201a51fc 2470 case WIN_STANDBYNOW2:
c451ee71 2471 case WIN_IDLEIMMEDIATE:
201a51fc
AZ		 2472 case CFA_IDLEIMMEDIATE:
2473 case WIN_SETIDLE1:
2474 case WIN_SETIDLE2:
c3e88d8c
TS		 2475 case WIN_SLEEPNOW1:
2476 case WIN_SLEEPNOW2:
2477 s->status = READY_STAT;
a7dfe172
FB		 2478 ide_set_irq(s);
2479 break;
4fbfcd6d
AJ		 2480 case WIN_SEEK:
2481 if(s->is_cdrom)
2482 goto abort_cmd;
2483 /* XXX: Check that seek is within bounds */
2484 s->status = READY_STAT | SEEK_STAT;
2485 ide_set_irq(s);
2486 break;
5391d806
FB		 2487 /* ATAPI commands */
2488 case WIN_PIDENTIFY:
2489 if (s->is_cdrom) {
2490 ide_atapi_identify(s);
1298fe63 2491 s->status = READY_STAT | SEEK_STAT;
5391d806
FB		 2492 ide_transfer_start(s, s->io_buffer, 512, ide_transfer_stop);
2493 } else {
2494 ide_abort_command(s);
2495 }
2496 ide_set_irq(s);
2497 break;
c451ee71
FB		 2498 case WIN_DIAGNOSE:
2499 ide_set_signature(s);
33256a25
AL		 2500 if (s->is_cdrom)
2501 s->status = 0; /* ATAPI spec (v6) section 9.10 defines packet
2502 * devices to return a clear status register
2503 * with READY_STAT *not* set. */
2504 else
2505 s->status = READY_STAT | SEEK_STAT;
2506 s->error = 0x01; /* Device 0 passed, Device 1 passed or not
2507 * present.
2508 */
f5fdd0a8 2509 ide_set_irq(s);
c451ee71 2510 break;
5391d806
FB		 2511 case WIN_SRST:
2512 if (!s->is_cdrom)
2513 goto abort_cmd;
2514 ide_set_signature(s);
6b136f9e 2515 s->status = 0x00; /* NOTE: READY is _not_ set */
5391d806
FB		 2516 s->error = 0x01;
2517 break;
2518 case WIN_PACKETCMD:
2519 if (!s->is_cdrom)
2520 goto abort_cmd;
98087450
FB		 2521 /* overlapping commands not supported */
2522 if (s->feature & 0x02)
5391d806 2523 goto abort_cmd;
41a2b959 2524 s->status = READY_STAT | SEEK_STAT;
98087450 2525 s->atapi_dma = s->feature & 1;
5391d806 2526 s->nsector = 1;
5fafdf24 2527 ide_transfer_start(s, s->io_buffer, ATAPI_PACKET_SIZE,
5391d806
FB		 2528 ide_atapi_cmd);
2529 break;
201a51fc
AZ		 2530 /* CF-ATA commands */
2531 case CFA_REQ_EXT_ERROR_CODE:
2532 if (!s->is_cf)
2533 goto abort_cmd;
2534 s->error = 0x09; /* miscellaneous error */
41a2b959 2535 s->status = READY_STAT | SEEK_STAT;
201a51fc
AZ		 2536 ide_set_irq(s);
2537 break;
2538 case CFA_ERASE_SECTORS:
2539 case CFA_WEAR_LEVEL:
2540 if (!s->is_cf)
2541 goto abort_cmd;
2542 if (val == CFA_WEAR_LEVEL)
2543 s->nsector = 0;
2544 if (val == CFA_ERASE_SECTORS)
2545 s->media_changed = 1;
2546 s->error = 0x00;
41a2b959 2547 s->status = READY_STAT | SEEK_STAT;
201a51fc
AZ		 2548 ide_set_irq(s);
2549 break;
2550 case CFA_TRANSLATE_SECTOR:
2551 if (!s->is_cf)
2552 goto abort_cmd;
2553 s->error = 0x00;
41a2b959 2554 s->status = READY_STAT | SEEK_STAT;
201a51fc
AZ		 2555 memset(s->io_buffer, 0, 0x200);
2556 s->io_buffer[0x00] = s->hcyl; /* Cyl MSB */
2557 s->io_buffer[0x01] = s->lcyl; /* Cyl LSB */
2558 s->io_buffer[0x02] = s->select; /* Head */
2559 s->io_buffer[0x03] = s->sector; /* Sector */
2560 s->io_buffer[0x04] = ide_get_sector(s) >> 16; /* LBA MSB */
2561 s->io_buffer[0x05] = ide_get_sector(s) >> 8; /* LBA */
2562 s->io_buffer[0x06] = ide_get_sector(s) >> 0; /* LBA LSB */
2563 s->io_buffer[0x13] = 0x00; /* Erase flag */
2564 s->io_buffer[0x18] = 0x00; /* Hot count */
2565 s->io_buffer[0x19] = 0x00; /* Hot count */
2566 s->io_buffer[0x1a] = 0x01; /* Hot count */
2567 ide_transfer_start(s, s->io_buffer, 0x200, ide_transfer_stop);
2568 ide_set_irq(s);
2569 break;
2570 case CFA_ACCESS_METADATA_STORAGE:
2571 if (!s->is_cf)
2572 goto abort_cmd;
2573 switch (s->feature) {
2574 case 0x02: /* Inquiry Metadata Storage */
2575 ide_cfata_metadata_inquiry(s);
2576 break;
2577 case 0x03: /* Read Metadata Storage */
2578 ide_cfata_metadata_read(s);
2579 break;
2580 case 0x04: /* Write Metadata Storage */
2581 ide_cfata_metadata_write(s);
2582 break;
2583 default:
2584 goto abort_cmd;
2585 }
2586 ide_transfer_start(s, s->io_buffer, 0x200, ide_transfer_stop);
2587 s->status = 0x00; /* NOTE: READY is _not_ set */
2588 ide_set_irq(s);
2589 break;
2590 case IBM_SENSE_CONDITION:
2591 if (!s->is_cf)
2592 goto abort_cmd;
2593 switch (s->feature) {
2594 case 0x01: /* sense temperature in device */
2595 s->nsector = 0x50; /* +20 C */
2596 break;
2597 default:
2598 goto abort_cmd;
2599 }
41a2b959 2600 s->status = READY_STAT | SEEK_STAT;
201a51fc
AZ		 2601 ide_set_irq(s);
2602 break;
e8b54394
BW		 2603
2604 case WIN_SMART:
2605 if (s->is_cdrom)
2606 goto abort_cmd;
2607 if (s->hcyl != 0xc2 || s->lcyl != 0x4f)
2608 goto abort_cmd;
2609 if (!s->smart_enabled && s->feature != SMART_ENABLE)
2610 goto abort_cmd;
2611 switch (s->feature) {
2612 case SMART_DISABLE:
2613 s->smart_enabled = 0;
2614 s->status = READY_STAT | SEEK_STAT;
2615 ide_set_irq(s);
2616 break;
2617 case SMART_ENABLE:
2618 s->smart_enabled = 1;
2619 s->status = READY_STAT | SEEK_STAT;
2620 ide_set_irq(s);
2621 break;
2622 case SMART_ATTR_AUTOSAVE:
2623 switch (s->sector) {
2624 case 0x00:
2625 s->smart_autosave = 0;
2626 break;
2627 case 0xf1:
2628 s->smart_autosave = 1;
2629 break;
2630 default:
2631 goto abort_cmd;
2632 }
2633 s->status = READY_STAT | SEEK_STAT;
2634 ide_set_irq(s);
2635 break;
2636 case SMART_STATUS:
2637 if (!s->smart_errors) {
2638 s->hcyl = 0xc2;
2639 s->lcyl = 0x4f;
2640 } else {
2641 s->hcyl = 0x2c;
2642 s->lcyl = 0xf4;
2643 }
2644 s->status = READY_STAT | SEEK_STAT;
2645 ide_set_irq(s);
2646 break;
2647 case SMART_READ_THRESH:
2648 memset(s->io_buffer, 0, 0x200);
2649 s->io_buffer[0] = 0x01; /* smart struct version */
2650 for (n=0; n<30; n++) {
2651 if (smart_attributes[n][0] == 0)
2652 break;
2653 s->io_buffer[2+0+(n*12)] = smart_attributes[n][0];
2654 s->io_buffer[2+1+(n*12)] = smart_attributes[n][4];
2655 }
2656 for (n=0; n<511; n++) /* checksum */
2657 s->io_buffer[511] += s->io_buffer[n];
2658 s->io_buffer[511] = 0x100 - s->io_buffer[511];
2659 s->status = READY_STAT | SEEK_STAT;
2660 ide_transfer_start(s, s->io_buffer, 0x200, ide_transfer_stop);
2661 ide_set_irq(s);
2662 break;
2663 case SMART_READ_DATA:
2664 memset(s->io_buffer, 0, 0x200);
2665 s->io_buffer[0] = 0x01; /* smart struct version */
2666 for (n=0; n<30; n++) {
2667 if (smart_attributes[n][0] == 0)
2668 break;
2669 s->io_buffer[2+0+(n*12)] = smart_attributes[n][0];
2670 s->io_buffer[2+1+(n*12)] = smart_attributes[n][1];
2671 s->io_buffer[2+3+(n*12)] = smart_attributes[n][2];
2672 s->io_buffer[2+4+(n*12)] = smart_attributes[n][3];
2673 }
2674 s->io_buffer[362] = 0x02 | (s->smart_autosave?0x80:0x00);
2675 if (s->smart_selftest_count == 0) {
2676 s->io_buffer[363] = 0;
2677 } else {
2678 s->io_buffer[363] =
2679 s->smart_selftest_data[3 +
2680 (s->smart_selftest_count - 1) *
2681 24];
2682 }
2683 s->io_buffer[364] = 0x20;
2684 s->io_buffer[365] = 0x01;
2685 /* offline data collection capacity: execute + self-test*/
2686 s->io_buffer[367] = (1<<4 | 1<<3 | 1);
2687 s->io_buffer[368] = 0x03; /* smart capability (1) */
2688 s->io_buffer[369] = 0x00; /* smart capability (2) */
2689 s->io_buffer[370] = 0x01; /* error logging supported */
2690 s->io_buffer[372] = 0x02; /* minutes for poll short test */
2691 s->io_buffer[373] = 0x36; /* minutes for poll ext test */
2692 s->io_buffer[374] = 0x01; /* minutes for poll conveyance */
2693
2694 for (n=0; n<511; n++)
2695 s->io_buffer[511] += s->io_buffer[n];
2696 s->io_buffer[511] = 0x100 - s->io_buffer[511];
2697 s->status = READY_STAT | SEEK_STAT;
2698 ide_transfer_start(s, s->io_buffer, 0x200, ide_transfer_stop);
2699 ide_set_irq(s);
2700 break;
2701 case SMART_READ_LOG:
2702 switch (s->sector) {
2703 case 0x01: /* summary smart error log */
2704 memset(s->io_buffer, 0, 0x200);
2705 s->io_buffer[0] = 0x01;
2706 s->io_buffer[1] = 0x00; /* no error entries */
2707 s->io_buffer[452] = s->smart_errors & 0xff;
2708 s->io_buffer[453] = (s->smart_errors & 0xff00) >> 8;
2709
2710 for (n=0; n<511; n++)
2711 s->io_buffer[511] += s->io_buffer[n];
2712 s->io_buffer[511] = 0x100 - s->io_buffer[511];
2713 break;
2714 case 0x06: /* smart self test log */
2715 memset(s->io_buffer, 0, 0x200);
2716 s->io_buffer[0] = 0x01;
2717 if (s->smart_selftest_count == 0) {
2718 s->io_buffer[508] = 0;
2719 } else {
2720 s->io_buffer[508] = s->smart_selftest_count;
2721 for (n=2; n<506; n++)
2722 s->io_buffer[n] = s->smart_selftest_data[n];
2723 }
2724 for (n=0; n<511; n++)
2725 s->io_buffer[511] += s->io_buffer[n];
2726 s->io_buffer[511] = 0x100 - s->io_buffer[511];
2727 break;
2728 default:
2729 goto abort_cmd;
2730 }
2731 s->status = READY_STAT | SEEK_STAT;
2732 ide_transfer_start(s, s->io_buffer, 0x200, ide_transfer_stop);
2733 ide_set_irq(s);
2734 break;
2735 case SMART_EXECUTE_OFFLINE:
2736 switch (s->sector) {
2737 case 0: /* off-line routine */
2738 case 1: /* short self test */
2739 case 2: /* extended self test */
2740 s->smart_selftest_count++;
2741 if(s->smart_selftest_count > 21)
2742 s->smart_selftest_count = 0;
2743 n = 2 + (s->smart_selftest_count - 1) * 24;
2744 s->smart_selftest_data[n] = s->sector;
2745 s->smart_selftest_data[n+1] = 0x00; /* OK and finished */
2746 s->smart_selftest_data[n+2] = 0x34; /* hour count lsb */
2747 s->smart_selftest_data[n+3] = 0x12; /* hour count msb */
2748 s->status = READY_STAT | SEEK_STAT;
2749 ide_set_irq(s);
2750 break;
2751 default:
2752 goto abort_cmd;
2753 }
2754 break;
2755 default:
2756 goto abort_cmd;
2757 }
2758 break;
5391d806
FB		 2759 default:
2760 abort_cmd:
2761 ide_abort_command(s);
2762 ide_set_irq(s);
2763 break;
2764 }
2765 }
2766}
2767
caed8802 2768static uint32_t ide_ioport_read(void *opaque, uint32_t addr1)
5391d806 2769{
7ae98627
FB		 2770 IDEState *ide_if = opaque;
2771 IDEState *s = ide_if->cur_drive;
5391d806 2772 uint32_t addr;
c2ff060f 2773 int ret, hob;
5391d806
FB		 2774
2775 addr = addr1 & 7;
c2ff060f
FB		 2776 /* FIXME: HOB readback uses bit 7, but it's always set right now */
2777 //hob = s->select & (1 << 7);
2778 hob = 0;
5391d806
FB		 2779 switch(addr) {
2780 case 0:
2781 ret = 0xff;
2782 break;
2783 case 1:
c45ca54f
AL		 2784 if ((!ide_if[0].bs && !ide_if[1].bs) ||
2785 (s != ide_if && !s->bs))
c45c3d00 2786 ret = 0;
c2ff060f 2787 else if (!hob)
c45c3d00 2788 ret = s->error;
c2ff060f
FB		 2789 else
2790 ret = s->hob_feature;
5391d806
FB		 2791 break;
2792 case 2:
7ae98627 2793 if (!ide_if[0].bs && !ide_if[1].bs)
c45c3d00 2794 ret = 0;
c2ff060f 2795 else if (!hob)
c45c3d00 2796 ret = s->nsector & 0xff;
c2ff060f
FB		 2797 else
2798 ret = s->hob_nsector;
5391d806
FB		 2799 break;
2800 case 3:
7ae98627 2801 if (!ide_if[0].bs && !ide_if[1].bs)
c45c3d00 2802 ret = 0;
c2ff060f 2803 else if (!hob)
c45c3d00 2804 ret = s->sector;
c2ff060f
FB		 2805 else
2806 ret = s->hob_sector;
5391d806
FB		 2807 break;
2808 case 4:
7ae98627 2809 if (!ide_if[0].bs && !ide_if[1].bs)
c45c3d00 2810 ret = 0;
c2ff060f 2811 else if (!hob)
c45c3d00 2812 ret = s->lcyl;
c2ff060f
FB		 2813 else
2814 ret = s->hob_lcyl;
5391d806
FB		 2815 break;
2816 case 5:
7ae98627 2817 if (!ide_if[0].bs && !ide_if[1].bs)
c45c3d00 2818 ret = 0;
c2ff060f 2819 else if (!hob)
c45c3d00 2820 ret = s->hcyl;
c2ff060f
FB		 2821 else
2822 ret = s->hob_hcyl;
5391d806
FB		 2823 break;
2824 case 6:
7ae98627 2825 if (!ide_if[0].bs && !ide_if[1].bs)
c45c3d00
FB		 2826 ret = 0;
2827 else
7ae98627 2828 ret = s->select;
5391d806
FB		 2829 break;
2830 default:
2831 case 7:
66201e2d
FB		 2832 if ((!ide_if[0].bs && !ide_if[1].bs) ||
2833 (s != ide_if && !s->bs))
c45c3d00
FB		 2834 ret = 0;
2835 else
2836 ret = s->status;
d537cf6c 2837 qemu_irq_lower(s->irq);
5391d806
FB		 2838 break;
2839 }
2840#ifdef DEBUG_IDE
2841 printf("ide: read addr=0x%x val=%02x\n", addr1, ret);
2842#endif
2843 return ret;
2844}
2845
caed8802 2846static uint32_t ide_status_read(void *opaque, uint32_t addr)
5391d806 2847{
7ae98627
FB		 2848 IDEState *ide_if = opaque;
2849 IDEState *s = ide_if->cur_drive;
5391d806 2850 int ret;
7ae98627 2851
66201e2d
FB		 2852 if ((!ide_if[0].bs && !ide_if[1].bs) ||
2853 (s != ide_if && !s->bs))
7ae98627
FB		 2854 ret = 0;
2855 else
2856 ret = s->status;
5391d806
FB		 2857#ifdef DEBUG_IDE
2858 printf("ide: read status addr=0x%x val=%02x\n", addr, ret);
2859#endif
2860 return ret;
2861}
2862
caed8802 2863static void ide_cmd_write(void *opaque, uint32_t addr, uint32_t val)
5391d806 2864{
caed8802 2865 IDEState *ide_if = opaque;
5391d806
FB		 2866 IDEState *s;
2867 int i;
2868
2869#ifdef DEBUG_IDE
2870 printf("ide: write control addr=0x%x val=%02x\n", addr, val);
2871#endif
2872 /* common for both drives */
2873 if (!(ide_if[0].cmd & IDE_CMD_RESET) &&
2874 (val & IDE_CMD_RESET)) {
2875 /* reset low to high */
2876 for(i = 0;i < 2; i++) {
2877 s = &ide_if[i];
2878 s->status = BUSY_STAT | SEEK_STAT;
2879 s->error = 0x01;
2880 }
2881 } else if ((ide_if[0].cmd & IDE_CMD_RESET) &&
2882 !(val & IDE_CMD_RESET)) {
2883 /* high to low */
2884 for(i = 0;i < 2; i++) {
2885 s = &ide_if[i];
6b136f9e
FB		 2886 if (s->is_cdrom)
2887 s->status = 0x00; /* NOTE: READY is _not_ set */
2888 else
56bf1d37 2889 s->status = READY_STAT | SEEK_STAT;
5391d806
FB		 2890 ide_set_signature(s);
2891 }
2892 }
2893
2894 ide_if[0].cmd = val;
2895 ide_if[1].cmd = val;
2896}
2897
caed8802 2898static void ide_data_writew(void *opaque, uint32_t addr, uint32_t val)
5391d806 2899{
caed8802 2900 IDEState *s = ((IDEState *)opaque)->cur_drive;
5391d806
FB		 2901 uint8_t *p;
2902
fcdd25ab
AL		 2903 /* PIO data access allowed only when DRQ bit is set */
2904 if (!(s->status & DRQ_STAT))
2905 return;
2906
5391d806 2907 p = s->data_ptr;
0c4ad8dc 2908 *(uint16_t *)p = le16_to_cpu(val);
5391d806
FB		 2909 p += 2;
2910 s->data_ptr = p;
2911 if (p >= s->data_end)
2912 s->end_transfer_func(s);
2913}
2914
caed8802 2915static uint32_t ide_data_readw(void *opaque, uint32_t addr)
5391d806 2916{
caed8802 2917 IDEState *s = ((IDEState *)opaque)->cur_drive;
5391d806
FB		 2918 uint8_t *p;
2919 int ret;
fcdd25ab
AL		 2920
2921 /* PIO data access allowed only when DRQ bit is set */
2922 if (!(s->status & DRQ_STAT))
2923 return 0;
2924
5391d806 2925 p = s->data_ptr;
0c4ad8dc 2926 ret = cpu_to_le16(*(uint16_t *)p);
5391d806
FB		 2927 p += 2;
2928 s->data_ptr = p;
2929 if (p >= s->data_end)
2930 s->end_transfer_func(s);
2931 return ret;
2932}
2933
caed8802 2934static void ide_data_writel(void *opaque, uint32_t addr, uint32_t val)
5391d806 2935{
caed8802 2936 IDEState *s = ((IDEState *)opaque)->cur_drive;
5391d806
FB		 2937 uint8_t *p;
2938
fcdd25ab
AL		 2939 /* PIO data access allowed only when DRQ bit is set */
2940 if (!(s->status & DRQ_STAT))
2941 return;
2942
5391d806 2943 p = s->data_ptr;
0c4ad8dc 2944 *(uint32_t *)p = le32_to_cpu(val);
5391d806
FB		 2945 p += 4;
2946 s->data_ptr = p;
2947 if (p >= s->data_end)
2948 s->end_transfer_func(s);
2949}
2950
caed8802 2951static uint32_t ide_data_readl(void *opaque, uint32_t addr)
5391d806 2952{
caed8802 2953 IDEState *s = ((IDEState *)opaque)->cur_drive;
5391d806
FB		 2954 uint8_t *p;
2955 int ret;
3b46e624 2956
fcdd25ab
AL		 2957 /* PIO data access allowed only when DRQ bit is set */
2958 if (!(s->status & DRQ_STAT))
2959 return 0;
2960
5391d806 2961 p = s->data_ptr;
0c4ad8dc 2962 ret = cpu_to_le32(*(uint32_t *)p);
5391d806
FB		 2963 p += 4;
2964 s->data_ptr = p;
2965 if (p >= s->data_end)
2966 s->end_transfer_func(s);
2967 return ret;
2968}
2969
a7dfe172
FB		 2970static void ide_dummy_transfer_stop(IDEState *s)
2971{
2972 s->data_ptr = s->io_buffer;
2973 s->data_end = s->io_buffer;
2974 s->io_buffer[0] = 0xff;
2975 s->io_buffer[1] = 0xff;
2976 s->io_buffer[2] = 0xff;
2977 s->io_buffer[3] = 0xff;
2978}
2979
5391d806
FB		 2980static void ide_reset(IDEState *s)
2981{
201a51fc
AZ		 2982 if (s->is_cf)
2983 s->mult_sectors = 0;
2984 else
2985 s->mult_sectors = MAX_MULT_SECTORS;
5391d806
FB		 2986 s->cur_drive = s;
2987 s->select = 0xa0;
41a2b959 2988 s->status = READY_STAT | SEEK_STAT;
5391d806 2989 ide_set_signature(s);
a7dfe172
FB		 2990 /* init the transfer handler so that 0xffff is returned on data
2991 accesses */
2992 s->end_transfer_func = ide_dummy_transfer_stop;
2993 ide_dummy_transfer_stop(s);
201a51fc 2994 s->media_changed = 0;
5391d806
FB		 2995}
2996
5457c8ce
FB		 2997static void ide_init2(IDEState *ide_state,
2998 BlockDriverState *hd0, BlockDriverState *hd1,
d537cf6c 2999 qemu_irq irq)
5391d806 3000{
69b91039 3001 IDEState *s;
aedf5382 3002 static int drive_serial = 1;
f3d54fc4 3003 int i, cylinders, heads, secs;
96b8f136 3004 uint64_t nb_sectors;
5391d806 3005
caed8802
FB		 3006 for(i = 0; i < 2; i++) {
3007 s = ide_state + i;
3008 if (i == 0)
3009 s->bs = hd0;
3010 else
3011 s->bs = hd1;
e268ca52 3012 s->io_buffer = qemu_blockalign(s->bs, IDE_DMA_BUF_SECTORS*512 + 4);
5391d806
FB		 3013 if (s->bs) {
3014 bdrv_get_geometry(s->bs, &nb_sectors);
f3d54fc4
AL		 3015 bdrv_guess_geometry(s->bs, &cylinders, &heads, &secs);
3016 s->cylinders = cylinders;
3017 s->heads = heads;
3018 s->sectors = secs;
5391d806 3019 s->nb_sectors = nb_sectors;
e8b54394
BW		 3020 /* The SMART values should be preserved across power cycles
3021 but they aren't. */
3022 s->smart_enabled = 1;
3023 s->smart_autosave = 1;
3024 s->smart_errors = 0;
3025 s->smart_selftest_count = 0;
3026 s->smart_selftest_data = qemu_blockalign(s->bs, 512);
caed8802
FB		 3027 if (bdrv_get_type_hint(s->bs) == BDRV_TYPE_CDROM) {
3028 s->is_cdrom = 1;
bd491d6a 3029 bdrv_set_change_cb(s->bs, cdrom_change_cb, s);
5391d806
FB		 3030 }
3031 }
aedf5382 3032 s->drive_serial = drive_serial++;
fa879c64
AL		 3033 strncpy(s->drive_serial_str, drive_get_serial(s->bs),
3034 sizeof(s->drive_serial_str));
3035 if (strlen(s->drive_serial_str) == 0)
3036 snprintf(s->drive_serial_str, sizeof(s->drive_serial_str),
3037 "QM%05d", s->drive_serial);
caed8802 3038 s->irq = irq;
5fafdf24 3039 s->sector_write_timer = qemu_new_timer(vm_clock,
a09db21f 3040 ide_sector_write_timer_cb, s);
5391d806
FB		 3041 ide_reset(s);
3042 }
69b91039
FB		 3043}
3044
34e538ae 3045static void ide_init_ioport(IDEState *ide_state, int iobase, int iobase2)
69b91039 3046{
caed8802
FB		 3047 register_ioport_write(iobase, 8, 1, ide_ioport_write, ide_state);
3048 register_ioport_read(iobase, 8, 1, ide_ioport_read, ide_state);
3049 if (iobase2) {
3050 register_ioport_read(iobase2, 1, 1, ide_status_read, ide_state);
3051 register_ioport_write(iobase2, 1, 1, ide_cmd_write, ide_state);
5391d806 3052 }
3b46e624 3053
caed8802
FB		 3054 /* data ports */
3055 register_ioport_write(iobase, 2, 2, ide_data_writew, ide_state);
3056 register_ioport_read(iobase, 2, 2, ide_data_readw, ide_state);
3057 register_ioport_write(iobase, 4, 4, ide_data_writel, ide_state);
3058 register_ioport_read(iobase, 4, 4, ide_data_readl, ide_state);
5391d806 3059}
69b91039 3060
aa941b94
AZ		 3061/* save per IDE drive data */
3062static void ide_save(QEMUFile* f, IDEState *s)
3063{
bee8d684
TS		 3064 qemu_put_be32(f, s->mult_sectors);
3065 qemu_put_be32(f, s->identify_set);
aa941b94
AZ		 3066 if (s->identify_set) {
3067 qemu_put_buffer(f, (const uint8_t *)s->identify_data, 512);
3068 }
3069 qemu_put_8s(f, &s->feature);
3070 qemu_put_8s(f, &s->error);
3071 qemu_put_be32s(f, &s->nsector);
3072 qemu_put_8s(f, &s->sector);
3073 qemu_put_8s(f, &s->lcyl);
3074 qemu_put_8s(f, &s->hcyl);
3075 qemu_put_8s(f, &s->hob_feature);
3076 qemu_put_8s(f, &s->hob_nsector);
3077 qemu_put_8s(f, &s->hob_sector);
3078 qemu_put_8s(f, &s->hob_lcyl);
3079 qemu_put_8s(f, &s->hob_hcyl);
3080 qemu_put_8s(f, &s->select);
3081 qemu_put_8s(f, &s->status);
3082 qemu_put_8s(f, &s->lba48);
3083
3084 qemu_put_8s(f, &s->sense_key);
3085 qemu_put_8s(f, &s->asc);
0bf5e443 3086 qemu_put_8s(f, &s->cdrom_changed);
aa941b94
AZ		 3087 /* XXX: if a transfer is pending, we do not save it yet */
3088}
3089
3090/* load per IDE drive data */
93c8cfd9 3091static void ide_load(QEMUFile* f, IDEState *s, int version_id)
aa941b94 3092{
bee8d684
TS		 3093 s->mult_sectors=qemu_get_be32(f);
3094 s->identify_set=qemu_get_be32(f);
aa941b94
AZ		 3095 if (s->identify_set) {
3096 qemu_get_buffer(f, (uint8_t *)s->identify_data, 512);
3097 }
3098 qemu_get_8s(f, &s->feature);
3099 qemu_get_8s(f, &s->error);
3100 qemu_get_be32s(f, &s->nsector);
3101 qemu_get_8s(f, &s->sector);
3102 qemu_get_8s(f, &s->lcyl);
3103 qemu_get_8s(f, &s->hcyl);
3104 qemu_get_8s(f, &s->hob_feature);
3105 qemu_get_8s(f, &s->hob_nsector);
3106 qemu_get_8s(f, &s->hob_sector);
3107 qemu_get_8s(f, &s->hob_lcyl);
3108 qemu_get_8s(f, &s->hob_hcyl);
3109 qemu_get_8s(f, &s->select);
3110 qemu_get_8s(f, &s->status);
3111 qemu_get_8s(f, &s->lba48);
3112
3113 qemu_get_8s(f, &s->sense_key);
3114 qemu_get_8s(f, &s->asc);
93c8cfd9
GN		 3115 if (version_id == 3) {
3116 qemu_get_8s(f, &s->cdrom_changed);
3117 } else {
3118 if (s->sense_key == SENSE_UNIT_ATTENTION &&
3119 s->asc == ASC_MEDIUM_MAY_HAVE_CHANGED)
3120 s->cdrom_changed = 1;
3121 }
aa941b94
AZ		 3122 /* XXX: if a transfer is pending, we do not save it yet */
3123}
3124
34e538ae
FB		 3125/***********************************************************/
3126/* ISA IDE definitions */
3127
d537cf6c 3128void isa_ide_init(int iobase, int iobase2, qemu_irq irq,
34e538ae
FB		 3129 BlockDriverState *hd0, BlockDriverState *hd1)
3130{
3131 IDEState *ide_state;
3132
3133 ide_state = qemu_mallocz(sizeof(IDEState) * 2);
3b46e624 3134
d537cf6c 3135 ide_init2(ide_state, hd0, hd1, irq);
34e538ae
FB		 3136 ide_init_ioport(ide_state, iobase, iobase2);
3137}
3138
69b91039
FB		 3139/***********************************************************/
3140/* PCI IDE definitions */
3141
5457c8ce
FB		 3142static void cmd646_update_irq(PCIIDEState *d);
3143
5fafdf24 3144static void ide_map(PCIDevice *pci_dev, int region_num,
69b91039
FB		 3145 uint32_t addr, uint32_t size, int type)
3146{
3147 PCIIDEState *d = (PCIIDEState *)pci_dev;
3148 IDEState *ide_state;
3149
3150 if (region_num <= 3) {
3151 ide_state = &d->ide_if[(region_num >> 1) * 2];
3152 if (region_num & 1) {
3153 register_ioport_read(addr + 2, 1, 1, ide_status_read, ide_state);
3154 register_ioport_write(addr + 2, 1, 1, ide_cmd_write, ide_state);
3155 } else {
3156 register_ioport_write(addr, 8, 1, ide_ioport_write, ide_state);
3157 register_ioport_read(addr, 8, 1, ide_ioport_read, ide_state);
3158
3159 /* data ports */
3160 register_ioport_write(addr, 2, 2, ide_data_writew, ide_state);
3161 register_ioport_read(addr, 2, 2, ide_data_readw, ide_state);
3162 register_ioport_write(addr, 4, 4, ide_data_writel, ide_state);
3163 register_ioport_read(addr, 4, 4, ide_data_readl, ide_state);
3164 }
3165 }
3166}
3167
8ccad811 3168static void ide_dma_start(IDEState *s, BlockDriverCompletionFunc *dma_cb)
98087450
FB		 3169{
3170 BMDMAState *bm = s->bmdma;
3171 if(!bm)
3172 return;
3173 bm->ide_if = s;
3174 bm->dma_cb = dma_cb;
8ccad811
FB		 3175 bm->cur_prd_last = 0;
3176 bm->cur_prd_addr = 0;
3177 bm->cur_prd_len = 0;
428c5705
AL		 3178 bm->sector_num = ide_get_sector(s);
3179 bm->nsector = s->nsector;
98087450 3180 if (bm->status & BM_STATUS_DMAING) {
8ccad811 3181 bm->dma_cb(bm, 0);
98087450
FB		 3182 }
3183}
3184
428c5705
AL		 3185static void ide_dma_restart(IDEState *s)
3186{
3187 BMDMAState *bm = s->bmdma;
3188 ide_set_sector(s, bm->sector_num);
3189 s->io_buffer_index = 0;
3190 s->io_buffer_size = 0;
3191 s->nsector = bm->nsector;
3192 bm->cur_addr = bm->addr;
3193 bm->dma_cb = ide_write_dma_cb;
3194 ide_dma_start(s, bm->dma_cb);
3195}
3196
72c7b06c
AL		 3197static void ide_dma_cancel(BMDMAState *bm)
3198{
3199 if (bm->status & BM_STATUS_DMAING) {
3200 bm->status &= ~BM_STATUS_DMAING;
3201 /* cancel DMA request */
3202 bm->ide_if = NULL;
3203 bm->dma_cb = NULL;
3204 if (bm->aiocb) {
3205#ifdef DEBUG_AIO
3206 printf("aio_cancel\n");
3207#endif
3208 bdrv_aio_cancel(bm->aiocb);
3209 bm->aiocb = NULL;
3210 }
3211 }
3212}
3213
98087450
FB		 3214static void bmdma_cmd_writeb(void *opaque, uint32_t addr, uint32_t val)
3215{
3216 BMDMAState *bm = opaque;
3217#ifdef DEBUG_IDE
3218 printf("%s: 0x%08x\n", __func__, val);
3219#endif
3220 if (!(val & BM_CMD_START)) {
3221 /* XXX: do it better */
72c7b06c 3222 ide_dma_cancel(bm);
98087450
FB		 3223 bm->cmd = val & 0x09;
3224 } else {
8ccad811
FB		 3225 if (!(bm->status & BM_STATUS_DMAING)) {
3226 bm->status |= BM_STATUS_DMAING;
3227 /* start dma transfer if possible */
3228 if (bm->dma_cb)
3229 bm->dma_cb(bm, 0);
3230 }
98087450 3231 bm->cmd = val & 0x09;
98087450
FB		 3232 }
3233}
3234
5457c8ce 3235static uint32_t bmdma_readb(void *opaque, uint32_t addr)
98087450
FB		 3236{
3237 BMDMAState *bm = opaque;
5457c8ce 3238 PCIIDEState *pci_dev;
98087450 3239 uint32_t val;
3b46e624 3240
5457c8ce 3241 switch(addr & 3) {
5fafdf24 3242 case 0:
5457c8ce
FB		 3243 val = bm->cmd;
3244 break;
3245 case 1:
3246 pci_dev = bm->pci_dev;
3247 if (pci_dev->type == IDE_TYPE_CMD646) {
3248 val = pci_dev->dev.config[MRDMODE];
3249 } else {
3250 val = 0xff;
3251 }
3252 break;
3253 case 2:
3254 val = bm->status;
3255 break;
3256 case 3:
3257 pci_dev = bm->pci_dev;
3258 if (pci_dev->type == IDE_TYPE_CMD646) {
3259 if (bm == &pci_dev->bmdma[0])
3260 val = pci_dev->dev.config[UDIDETCR0];
3261 else
3262 val = pci_dev->dev.config[UDIDETCR1];
3263 } else {
3264 val = 0xff;
3265 }
3266 break;
3267 default:
3268 val = 0xff;
3269 break;
3270 }
98087450 3271#ifdef DEBUG_IDE
5457c8ce 3272 printf("bmdma: readb 0x%02x : 0x%02x\n", addr, val);
98087450
FB		 3273#endif
3274 return val;
3275}
3276
5457c8ce 3277static void bmdma_writeb(void *opaque, uint32_t addr, uint32_t val)
98087450
FB		 3278{
3279 BMDMAState *bm = opaque;
5457c8ce 3280 PCIIDEState *pci_dev;
98087450 3281#ifdef DEBUG_IDE
5457c8ce 3282 printf("bmdma: writeb 0x%02x : 0x%02x\n", addr, val);
98087450 3283#endif
5457c8ce
FB		 3284 switch(addr & 3) {
3285 case 1:
3286 pci_dev = bm->pci_dev;
3287 if (pci_dev->type == IDE_TYPE_CMD646) {
5fafdf24 3288 pci_dev->dev.config[MRDMODE] =
5457c8ce
FB		 3289 (pci_dev->dev.config[MRDMODE] & ~0x30) | (val & 0x30);
3290 cmd646_update_irq(pci_dev);
3291 }
3292 break;
3293 case 2:
3294 bm->status = (val & 0x60) | (bm->status & 1) | (bm->status & ~val & 0x06);
3295 break;
3296 case 3:
3297 pci_dev = bm->pci_dev;
3298 if (pci_dev->type == IDE_TYPE_CMD646) {
3299 if (bm == &pci_dev->bmdma[0])
3300 pci_dev->dev.config[UDIDETCR0] = val;
3301 else
3302 pci_dev->dev.config[UDIDETCR1] = val;
3303 }
3304 break;
3305 }
98087450
FB		 3306}
3307
5b9a1293
AJ		 3308static uint32_t bmdma_addr_readb(void *opaque, uint32_t addr)
3309{
3310 BMDMAState *bm = opaque;
3311 uint32_t val;
3312 val = (bm->addr >> ((addr & 3) * 8)) & 0xff;
3313#ifdef DEBUG_IDE
3314 printf("%s: 0x%08x\n", __func__, val);
3315#endif
3316 return val;
3317}
3318
3319static void bmdma_addr_writeb(void *opaque, uint32_t addr, uint32_t val)
3320{
3321 BMDMAState *bm = opaque;
3322 int shift = (addr & 3) * 8;
3323#ifdef DEBUG_IDE
3324 printf("%s: 0x%08x\n", __func__, val);
3325#endif
3326 bm->addr &= ~(0xFF << shift);
3327 bm->addr |= ((val & 0xFF) << shift) & ~3;
3328 bm->cur_addr = bm->addr;
3329}
3330
3331static uint32_t bmdma_addr_readw(void *opaque, uint32_t addr)
3332{
3333 BMDMAState *bm = opaque;
3334 uint32_t val;
3335 val = (bm->addr >> ((addr & 3) * 8)) & 0xffff;
3336#ifdef DEBUG_IDE
3337 printf("%s: 0x%08x\n", __func__, val);
3338#endif
3339 return val;
3340}
3341
3342static void bmdma_addr_writew(void *opaque, uint32_t addr, uint32_t val)
3343{
3344 BMDMAState *bm = opaque;
3345 int shift = (addr & 3) * 8;
3346#ifdef DEBUG_IDE
3347 printf("%s: 0x%08x\n", __func__, val);
3348#endif
3349 bm->addr &= ~(0xFFFF << shift);
3350 bm->addr |= ((val & 0xFFFF) << shift) & ~3;
3351 bm->cur_addr = bm->addr;
3352}
3353
98087450
FB		 3354static uint32_t bmdma_addr_readl(void *opaque, uint32_t addr)
3355{
3356 BMDMAState *bm = opaque;
3357 uint32_t val;
3358 val = bm->addr;
3359#ifdef DEBUG_IDE
3360 printf("%s: 0x%08x\n", __func__, val);
3361#endif
3362 return val;
3363}
3364
3365static void bmdma_addr_writel(void *opaque, uint32_t addr, uint32_t val)
3366{
3367 BMDMAState *bm = opaque;
3368#ifdef DEBUG_IDE
3369 printf("%s: 0x%08x\n", __func__, val);
3370#endif
3371 bm->addr = val & ~3;
30c4bbac 3372 bm->cur_addr = bm->addr;
98087450
FB		 3373}
3374
5fafdf24 3375static void bmdma_map(PCIDevice *pci_dev, int region_num,
98087450
FB		 3376 uint32_t addr, uint32_t size, int type)
3377{
3378 PCIIDEState *d = (PCIIDEState *)pci_dev;
3379 int i;
3380
3381 for(i = 0;i < 2; i++) {
3382 BMDMAState *bm = &d->bmdma[i];
3383 d->ide_if[2 * i].bmdma = bm;
3384 d->ide_if[2 * i + 1].bmdma = bm;
5457c8ce 3385 bm->pci_dev = (PCIIDEState *)pci_dev;
428c5705 3386 qemu_add_vm_change_state_handler(ide_dma_restart_cb, bm);
5457c8ce 3387
98087450 3388 register_ioport_write(addr, 1, 1, bmdma_cmd_writeb, bm);
98087450 3389
5457c8ce
FB		 3390 register_ioport_write(addr + 1, 3, 1, bmdma_writeb, bm);
3391 register_ioport_read(addr, 4, 1, bmdma_readb, bm);
98087450 3392
5b9a1293
AJ		 3393 register_ioport_write(addr + 4, 4, 1, bmdma_addr_writeb, bm);
3394 register_ioport_read(addr + 4, 4, 1, bmdma_addr_readb, bm);
3395 register_ioport_write(addr + 4, 4, 2, bmdma_addr_writew, bm);
3396 register_ioport_read(addr + 4, 4, 2, bmdma_addr_readw, bm);
98087450
FB		 3397 register_ioport_write(addr + 4, 4, 4, bmdma_addr_writel, bm);
3398 register_ioport_read(addr + 4, 4, 4, bmdma_addr_readl, bm);
3399 addr += 8;
3400 }
3401}
3402
9b64997f
BS		 3403static void pci_ide_save(QEMUFile* f, void *opaque)
3404{
3405 PCIIDEState *d = opaque;
3406 int i;
3407
3408 pci_device_save(&d->dev, f);
3409
3410 for(i = 0; i < 2; i++) {
3411 BMDMAState *bm = &d->bmdma[i];
428c5705 3412 uint8_t ifidx;
9b64997f
BS		 3413 qemu_put_8s(f, &bm->cmd);
3414 qemu_put_8s(f, &bm->status);
3415 qemu_put_be32s(f, &bm->addr);
428c5705
AL		 3416 qemu_put_sbe64s(f, &bm->sector_num);
3417 qemu_put_be32s(f, &bm->nsector);
3418 ifidx = bm->ide_if ? bm->ide_if - d->ide_if : 0;
3419 qemu_put_8s(f, &ifidx);
9b64997f
BS		 3420 /* XXX: if a transfer is pending, we do not save it yet */
3421 }
3422
3423 /* per IDE interface data */
3424 for(i = 0; i < 2; i++) {
3425 IDEState *s = &d->ide_if[i * 2];
3426 uint8_t drive1_selected;
3427 qemu_put_8s(f, &s->cmd);
3428 drive1_selected = (s->cur_drive != s);
3429 qemu_put_8s(f, &drive1_selected);
3430 }
3431
3432 /* per IDE drive data */
3433 for(i = 0; i < 4; i++) {
3434 ide_save(f, &d->ide_if[i]);
3435 }
3436}
3437
3438static int pci_ide_load(QEMUFile* f, void *opaque, int version_id)
3439{
3440 PCIIDEState *d = opaque;
3441 int ret, i;
3442
93c8cfd9 3443 if (version_id != 2 && version_id != 3)
9b64997f
BS		 3444 return -EINVAL;
3445 ret = pci_device_load(&d->dev, f);
3446 if (ret < 0)
3447 return ret;
3448
3449 for(i = 0; i < 2; i++) {
3450 BMDMAState *bm = &d->bmdma[i];
428c5705 3451 uint8_t ifidx;
9b64997f
BS		 3452 qemu_get_8s(f, &bm->cmd);
3453 qemu_get_8s(f, &bm->status);
3454 qemu_get_be32s(f, &bm->addr);
428c5705
AL		 3455 qemu_get_sbe64s(f, &bm->sector_num);
3456 qemu_get_be32s(f, &bm->nsector);
3457 qemu_get_8s(f, &ifidx);
3458 bm->ide_if = &d->ide_if[ifidx];
9b64997f
BS		 3459 /* XXX: if a transfer is pending, we do not save it yet */
3460 }
3461
3462 /* per IDE interface data */
3463 for(i = 0; i < 2; i++) {
3464 IDEState *s = &d->ide_if[i * 2];
3465 uint8_t drive1_selected;
3466 qemu_get_8s(f, &s->cmd);
3467 qemu_get_8s(f, &drive1_selected);
3468 s->cur_drive = &d->ide_if[i * 2 + (drive1_selected != 0)];
3469 }
3470
3471 /* per IDE drive data */
3472 for(i = 0; i < 4; i++) {
93c8cfd9 3473 ide_load(f, &d->ide_if[i], version_id);
9b64997f
BS		 3474 }
3475 return 0;
3476}
3477
5457c8ce
FB		 3478/* XXX: call it also when the MRDMODE is changed from the PCI config
3479 registers */
3480static void cmd646_update_irq(PCIIDEState *d)
3481{
3482 int pci_level;
3483 pci_level = ((d->dev.config[MRDMODE] & MRDMODE_INTR_CH0) &&
3484 !(d->dev.config[MRDMODE] & MRDMODE_BLK_CH0)) ||
3485 ((d->dev.config[MRDMODE] & MRDMODE_INTR_CH1) &&
3486 !(d->dev.config[MRDMODE] & MRDMODE_BLK_CH1));
d537cf6c 3487 qemu_set_irq(d->dev.irq[0], pci_level);
5457c8ce
FB		 3488}
3489
3490/* the PCI irq level is the logical OR of the two channels */
3491static void cmd646_set_irq(void *opaque, int channel, int level)
3492{
3493 PCIIDEState *d = opaque;
3494 int irq_mask;
3495
3496 irq_mask = MRDMODE_INTR_CH0 << channel;
3497 if (level)
3498 d->dev.config[MRDMODE] |= irq_mask;
3499 else
3500 d->dev.config[MRDMODE] &= ~irq_mask;
3501 cmd646_update_irq(d);
3502}
3503
6e6b7363
BS		 3504static void cmd646_reset(void *opaque)
3505{
3506 PCIIDEState *d = opaque;
3507 unsigned int i;
3508
3509 for (i = 0; i < 2; i++)
3510 ide_dma_cancel(&d->bmdma[i]);
3511}
3512
5457c8ce
FB		 3513/* CMD646 PCI IDE controller */
3514void pci_cmd646_ide_init(PCIBus *bus, BlockDriverState **hd_table,
3515 int secondary_ide_enabled)
69b91039
FB		 3516{
3517 PCIIDEState *d;
3518 uint8_t *pci_conf;
34e538ae 3519 int i;
d537cf6c 3520 qemu_irq *irq;
34e538ae 3521
5fafdf24 3522 d = (PCIIDEState *)pci_register_device(bus, "CMD646 IDE",
5457c8ce 3523 sizeof(PCIIDEState),
5fafdf24 3524 -1,
73c11f63 3525 NULL, NULL);
5457c8ce 3526 d->type = IDE_TYPE_CMD646;
69b91039 3527 pci_conf = d->dev.config;
deb54399
AL		 3528 pci_config_set_vendor_id(pci_conf, PCI_VENDOR_ID_CMD);
3529 pci_config_set_device_id(pci_conf, PCI_DEVICE_ID_CMD_646);
5457c8ce
FB		 3530
3531 pci_conf[0x08] = 0x07; // IDE controller revision
5fafdf24 3532 pci_conf[0x09] = 0x8f;
5457c8ce 3533
173a543b 3534 pci_config_set_class(pci_conf, PCI_CLASS_STORAGE_IDE);
6407f373 3535 pci_conf[PCI_HEADER_TYPE] = PCI_HEADER_TYPE_NORMAL; // header_type
3b46e624 3536
0516ede0 3537 pci_conf[0x51] = 0x04; // enable IDE0
5457c8ce
FB		 3538 if (secondary_ide_enabled) {
3539 /* XXX: if not enabled, really disable the seconday IDE controller */
0516ede0 3540 pci_conf[0x51] |= 0x08; /* enable IDE1 */
5457c8ce 3541 }
69b91039 3542
28c2c264 3543 pci_register_bar((PCIDevice *)d, 0, 0x8,
69b91039 3544 PCI_ADDRESS_SPACE_IO, ide_map);
28c2c264 3545 pci_register_bar((PCIDevice *)d, 1, 0x4,
69b91039 3546 PCI_ADDRESS_SPACE_IO, ide_map);
28c2c264 3547 pci_register_bar((PCIDevice *)d, 2, 0x8,
69b91039 3548 PCI_ADDRESS_SPACE_IO, ide_map);
28c2c264 3549 pci_register_bar((PCIDevice *)d, 3, 0x4,
69b91039 3550 PCI_ADDRESS_SPACE_IO, ide_map);
28c2c264 3551 pci_register_bar((PCIDevice *)d, 4, 0x10,
98087450 3552 PCI_ADDRESS_SPACE_IO, bmdma_map);
69b91039 3553
34e538ae 3554 pci_conf[0x3d] = 0x01; // interrupt on pin 1
3b46e624 3555
34e538ae
FB		 3556 for(i = 0; i < 4; i++)
3557 d->ide_if[i].pci_dev = (PCIDevice *)d;
d537cf6c
PB		 3558
3559 irq = qemu_allocate_irqs(cmd646_set_irq, d, 2);
3560 ide_init2(&d->ide_if[0], hd_table[0], hd_table[1], irq[0]);
3561 ide_init2(&d->ide_if[2], hd_table[2], hd_table[3], irq[1]);
6e6b7363 3562
93c8cfd9 3563 register_savevm("ide", 0, 3, pci_ide_save, pci_ide_load, d);
a08d4367 3564 qemu_register_reset(cmd646_reset, d);
6e6b7363 3565 cmd646_reset(d);
34e538ae
FB		 3566}
3567
72c7b06c 3568static void piix3_reset(void *opaque)
e6a71ae3 3569{
72c7b06c 3570 PCIIDEState *d = opaque;
e6a71ae3 3571 uint8_t *pci_conf = d->dev.config;
72c7b06c
AL		 3572 int i;
3573
3574 for (i = 0; i < 2; i++)
3575 ide_dma_cancel(&d->bmdma[i]);
e6a71ae3
TS		 3576
3577 pci_conf[0x04] = 0x00;
3578 pci_conf[0x05] = 0x00;
3579 pci_conf[0x06] = 0x80; /* FBC */
3580 pci_conf[0x07] = 0x02; // PCI_status_devsel_medium
3581 pci_conf[0x20] = 0x01; /* BMIBA: 20-23h */
3582}
3583
34e538ae
FB		 3584/* hd_table must contain 4 block drivers */
3585/* NOTE: for the PIIX3, the IRQs and IOports are hardcoded */
d537cf6c
PB		 3586void pci_piix3_ide_init(PCIBus *bus, BlockDriverState **hd_table, int devfn,
3587 qemu_irq *pic)
34e538ae
FB		 3588{
3589 PCIIDEState *d;
3590 uint8_t *pci_conf;
b0a7b120 3591 int i;
3b46e624 3592
34e538ae 3593 /* register a function 1 of PIIX3 */
5fafdf24 3594 d = (PCIIDEState *)pci_register_device(bus, "PIIX3 IDE",
46e50e9d 3595 sizeof(PCIIDEState),
502a5395 3596 devfn,
34e538ae 3597 NULL, NULL);
5457c8ce
FB		 3598 d->type = IDE_TYPE_PIIX3;
3599
34e538ae 3600 pci_conf = d->dev.config;
deb54399
AL		 3601 pci_config_set_vendor_id(pci_conf, PCI_VENDOR_ID_INTEL);
3602 pci_config_set_device_id(pci_conf, PCI_DEVICE_ID_INTEL_82371SB_1);
92510b8c 3603 pci_conf[0x09] = 0x80; // legacy ATA mode
173a543b 3604 pci_config_set_class(pci_conf, PCI_CLASS_STORAGE_IDE);
6407f373 3605 pci_conf[PCI_HEADER_TYPE] = PCI_HEADER_TYPE_NORMAL; // header_type
34e538ae 3606
a08d4367 3607 qemu_register_reset(piix3_reset, d);
e6a71ae3
TS		 3608 piix3_reset(d);
3609
28c2c264 3610 pci_register_bar((PCIDevice *)d, 4, 0x10,
98087450 3611 PCI_ADDRESS_SPACE_IO, bmdma_map);
34e538ae 3612
3a38d437
JS		 3613 ide_init2(&d->ide_if[0], hd_table[0], hd_table[1], isa_reserve_irq(14));
3614 ide_init2(&d->ide_if[2], hd_table[2], hd_table[3], isa_reserve_irq(15));
34e538ae
FB		 3615 ide_init_ioport(&d->ide_if[0], 0x1f0, 0x3f6);
3616 ide_init_ioport(&d->ide_if[2], 0x170, 0x376);
c3d78997 3617
b0a7b120
AL		 3618 for (i = 0; i < 4; i++)
3619 if (hd_table[i])
3620 hd_table[i]->private = &d->dev;
3621
93c8cfd9 3622 register_savevm("ide", 0, 3, pci_ide_save, pci_ide_load, d);
69b91039 3623}
1ade1de2 3624
afcc3cdf
TS		 3625/* hd_table must contain 4 block drivers */
3626/* NOTE: for the PIIX4, the IRQs and IOports are hardcoded */
3627void pci_piix4_ide_init(PCIBus *bus, BlockDriverState **hd_table, int devfn,
3628 qemu_irq *pic)
3629{
3630 PCIIDEState *d;
3631 uint8_t *pci_conf;
3632
3633 /* register a function 1 of PIIX4 */
3634 d = (PCIIDEState *)pci_register_device(bus, "PIIX4 IDE",
3635 sizeof(PCIIDEState),
3636 devfn,
3637 NULL, NULL);
3638 d->type = IDE_TYPE_PIIX4;
3639
3640 pci_conf = d->dev.config;
deb54399
AL		 3641 pci_config_set_vendor_id(pci_conf, PCI_VENDOR_ID_INTEL);
3642 pci_config_set_device_id(pci_conf, PCI_DEVICE_ID_INTEL_82371AB);
afcc3cdf 3643 pci_conf[0x09] = 0x80; // legacy ATA mode
173a543b 3644 pci_config_set_class(pci_conf, PCI_CLASS_STORAGE_IDE);
6407f373 3645 pci_conf[PCI_HEADER_TYPE] = PCI_HEADER_TYPE_NORMAL; // header_type
afcc3cdf 3646
a08d4367 3647 qemu_register_reset(piix3_reset, d);
afcc3cdf
TS		 3648 piix3_reset(d);
3649
28c2c264 3650 pci_register_bar((PCIDevice *)d, 4, 0x10,
afcc3cdf
TS		 3651 PCI_ADDRESS_SPACE_IO, bmdma_map);
3652
3a38d437
JS		 3653 /*
3654 * These should call isa_reserve_irq() instead when MIPS supports it
3655 */
afcc3cdf
TS		 3656 ide_init2(&d->ide_if[0], hd_table[0], hd_table[1], pic[14]);
3657 ide_init2(&d->ide_if[2], hd_table[2], hd_table[3], pic[15]);
3658 ide_init_ioport(&d->ide_if[0], 0x1f0, 0x3f6);
3659 ide_init_ioport(&d->ide_if[2], 0x170, 0x376);
3660
93c8cfd9 3661 register_savevm("ide", 0, 3, pci_ide_save, pci_ide_load, d);
afcc3cdf
TS		 3662}
3663
e3007e66 3664#if defined(TARGET_PPC)
1ade1de2
FB		 3665/***********************************************************/
3666/* MacIO based PowerPC IDE */
3667
e3007e66
AJ		 3668typedef struct MACIOIDEState {
3669 IDEState ide_if[2];
862c9280 3670 BlockDriverAIOCB *aiocb;
e3007e66
AJ		 3671} MACIOIDEState;
3672
862c9280 3673static void pmac_ide_atapi_transfer_cb(void *opaque, int ret)
e3007e66 3674{
862c9280 3675 DBDMA_io *io = opaque;
b42ec42d 3676 MACIOIDEState *m = io->opaque;
e3007e66 3677 IDEState *s = m->ide_if->cur_drive;
e3007e66 3678
862c9280
AJ		 3679 if (ret < 0) {
3680 m->aiocb = NULL;
3681 qemu_sglist_destroy(&s->sg);
3682 ide_atapi_io_error(s, ret);
3683 io->dma_end(opaque);
3684 return;
3685 }
e3007e66 3686
862c9280
AJ		 3687 if (s->io_buffer_size > 0) {
3688 m->aiocb = NULL;
3689 qemu_sglist_destroy(&s->sg);
e3007e66 3690
862c9280 3691 s->packet_transfer_size -= s->io_buffer_size;
e3007e66 3692
862c9280
AJ		 3693 s->io_buffer_index += s->io_buffer_size;
3694 s->lba += s->io_buffer_index >> 11;
3695 s->io_buffer_index &= 0x7ff;
3696 }
e3007e66 3697
862c9280
AJ		 3698 if (s->packet_transfer_size <= 0)
3699 ide_atapi_cmd_ok(s);
e3007e66 3700
862c9280
AJ		 3701 if (io->len == 0) {
3702 io->dma_end(opaque);
3703 return;
e3007e66 3704 }
b42ec42d 3705
862c9280 3706 /* launch next transfer */
b42ec42d 3707
862c9280
AJ		 3708 s->io_buffer_size = io->len;
3709
3710 qemu_sglist_init(&s->sg, io->len / TARGET_PAGE_SIZE + 1);
3711 qemu_sglist_add(&s->sg, io->addr, io->len);
3712 io->addr += io->len;
3713 io->len = 0;
3714
3715 m->aiocb = dma_bdrv_read(s->bs, &s->sg,
3716 (int64_t)(s->lba << 2) + (s->io_buffer_index >> 9),
3717 pmac_ide_atapi_transfer_cb, io);
3718 if (!m->aiocb) {
3719 qemu_sglist_destroy(&s->sg);
3720 /* Note: media not present is the most likely case */
3721 ide_atapi_cmd_error(s, SENSE_NOT_READY,
3722 ASC_MEDIUM_NOT_PRESENT);
3723 io->dma_end(opaque);
3724 return;
e3007e66 3725 }
e3007e66
AJ		 3726}
3727
862c9280 3728static void pmac_ide_transfer_cb(void *opaque, int ret)
e3007e66 3729{
862c9280 3730 DBDMA_io *io = opaque;
b42ec42d 3731 MACIOIDEState *m = io->opaque;
e3007e66 3732 IDEState *s = m->ide_if->cur_drive;
862c9280 3733 int n;
e3007e66 3734 int64_t sector_num;
e3007e66 3735
862c9280
AJ		 3736 if (ret < 0) {
3737 m->aiocb = NULL;
3738 qemu_sglist_destroy(&s->sg);
3739 ide_dma_error(s);
3740 io->dma_end(io);
b42ec42d
AJ		 3741 return;
3742 }
e3007e66 3743
862c9280
AJ		 3744 sector_num = ide_get_sector(s);
3745 if (s->io_buffer_size > 0) {
3746 m->aiocb = NULL;
3747 qemu_sglist_destroy(&s->sg);
3748 n = (s->io_buffer_size + 0x1ff) >> 9;
3749 sector_num += n;
3750 ide_set_sector(s, sector_num);
3751 s->nsector -= n;
3752 }
3753
3754 /* end of transfer ? */
3755 if (s->nsector == 0) {
3756 s->status = READY_STAT | SEEK_STAT;
3757 ide_set_irq(s);
3758 }
e3007e66 3759
862c9280 3760 /* end of DMA ? */
e3007e66 3761
862c9280
AJ		 3762 if (io->len == 0) {
3763 io->dma_end(io);
3764 return;
3765 }
e3007e66 3766
862c9280 3767 /* launch next transfer */
e3007e66 3768
862c9280
AJ		 3769 s->io_buffer_index = 0;
3770 s->io_buffer_size = io->len;
e3007e66 3771
862c9280
AJ		 3772 qemu_sglist_init(&s->sg, io->len / TARGET_PAGE_SIZE + 1);
3773 qemu_sglist_add(&s->sg, io->addr, io->len);
3774 io->addr += io->len;
3775 io->len = 0;
e3007e66 3776
862c9280
AJ		 3777 if (s->is_read)
3778 m->aiocb = dma_bdrv_read(s->bs, &s->sg, sector_num,
3779 pmac_ide_transfer_cb, io);
3780 else
3781 m->aiocb = dma_bdrv_write(s->bs, &s->sg, sector_num,
3782 pmac_ide_transfer_cb, io);
3783 if (!m->aiocb)
3784 pmac_ide_transfer_cb(io, -1);
3785}
e3007e66 3786
862c9280
AJ		 3787static void pmac_ide_transfer(DBDMA_io *io)
3788{
3789 MACIOIDEState *m = io->opaque;
3790 IDEState *s = m->ide_if->cur_drive;
b42ec42d 3791
862c9280
AJ		 3792 s->io_buffer_size = 0;
3793 if (s->is_cdrom) {
3794 pmac_ide_atapi_transfer_cb(io, 0);
3795 return;
e3007e66
AJ		 3796 }
3797
862c9280
AJ		 3798 pmac_ide_transfer_cb(io, 0);
3799}
3800
3801static void pmac_ide_flush(DBDMA_io *io)
3802{
3803 MACIOIDEState *m = io->opaque;
3804
3805 if (m->aiocb)
3806 qemu_aio_flush();
e3007e66
AJ		 3807}
3808
1ade1de2
FB		 3809/* PowerMac IDE memory IO */
3810static void pmac_ide_writeb (void *opaque,
3811 target_phys_addr_t addr, uint32_t val)
3812{
e3007e66
AJ		 3813 MACIOIDEState *d = opaque;
3814
5fafdf24 3815 addr = (addr & 0xFFF) >> 4;
1ade1de2
FB		 3816 switch (addr) {
3817 case 1 ... 7:
e3007e66 3818 ide_ioport_write(d->ide_if, addr, val);
1ade1de2
FB		 3819 break;
3820 case 8:
3821 case 22:
e3007e66 3822 ide_cmd_write(d->ide_if, 0, val);
1ade1de2
FB		 3823 break;
3824 default:
3825 break;
3826 }
3827}
3828
3829static uint32_t pmac_ide_readb (void *opaque,target_phys_addr_t addr)
3830{
3831 uint8_t retval;
e3007e66 3832 MACIOIDEState *d = opaque;
1ade1de2
FB		 3833
3834 addr = (addr & 0xFFF) >> 4;
3835 switch (addr) {
3836 case 1 ... 7:
e3007e66 3837 retval = ide_ioport_read(d->ide_if, addr);
1ade1de2
FB		 3838 break;
3839 case 8:
3840 case 22:
e3007e66 3841 retval = ide_status_read(d->ide_if, 0);
1ade1de2
FB		 3842 break;
3843 default:
3844 retval = 0xFF;
3845 break;
3846 }
3847 return retval;
3848}
3849
3850static void pmac_ide_writew (void *opaque,
3851 target_phys_addr_t addr, uint32_t val)
3852{
e3007e66
AJ		 3853 MACIOIDEState *d = opaque;
3854
5fafdf24 3855 addr = (addr & 0xFFF) >> 4;
1ade1de2
FB		 3856#ifdef TARGET_WORDS_BIGENDIAN
3857 val = bswap16(val);
3858#endif
3859 if (addr == 0) {
e3007e66 3860 ide_data_writew(d->ide_if, 0, val);
1ade1de2
FB		 3861 }
3862}
3863
3864static uint32_t pmac_ide_readw (void *opaque,target_phys_addr_t addr)
3865{
3866 uint16_t retval;
e3007e66 3867 MACIOIDEState *d = opaque;
1ade1de2 3868
5fafdf24 3869 addr = (addr & 0xFFF) >> 4;
1ade1de2 3870 if (addr == 0) {
e3007e66 3871 retval = ide_data_readw(d->ide_if, 0);
1ade1de2
FB		 3872 } else {
3873 retval = 0xFFFF;
3874 }
3875#ifdef TARGET_WORDS_BIGENDIAN
3876 retval = bswap16(retval);
3877#endif
3878 return retval;
3879}
3880
3881static void pmac_ide_writel (void *opaque,
3882 target_phys_addr_t addr, uint32_t val)
3883{
e3007e66
AJ		 3884 MACIOIDEState *d = opaque;
3885
5fafdf24 3886 addr = (addr & 0xFFF) >> 4;
1ade1de2
FB		 3887#ifdef TARGET_WORDS_BIGENDIAN
3888 val = bswap32(val);
3889#endif
3890 if (addr == 0) {
e3007e66 3891 ide_data_writel(d->ide_if, 0, val);
1ade1de2
FB		 3892 }
3893}
3894
3895static uint32_t pmac_ide_readl (void *opaque,target_phys_addr_t addr)
3896{
3897 uint32_t retval;
e3007e66 3898 MACIOIDEState *d = opaque;
1ade1de2 3899
5fafdf24 3900 addr = (addr & 0xFFF) >> 4;
1ade1de2 3901 if (addr == 0) {
e3007e66 3902 retval = ide_data_readl(d->ide_if, 0);
1ade1de2
FB		 3903 } else {
3904 retval = 0xFFFFFFFF;
3905 }
3906#ifdef TARGET_WORDS_BIGENDIAN
3907 retval = bswap32(retval);
3908#endif
3909 return retval;
3910}
3911
d60efc6b 3912static CPUWriteMemoryFunc * const pmac_ide_write[] = {
1ade1de2
FB		 3913 pmac_ide_writeb,
3914 pmac_ide_writew,
3915 pmac_ide_writel,
3916};
3917
d60efc6b 3918static CPUReadMemoryFunc * const pmac_ide_read[] = {
1ade1de2
FB		 3919 pmac_ide_readb,
3920 pmac_ide_readw,
3921 pmac_ide_readl,
3922};
3923
9b64997f
BS		 3924static void pmac_ide_save(QEMUFile *f, void *opaque)
3925{
e3007e66
AJ		 3926 MACIOIDEState *d = opaque;
3927 IDEState *s = d->ide_if;
9b64997f
BS		 3928 uint8_t drive1_selected;
3929 unsigned int i;
3930
3931 /* per IDE interface data */
3932 qemu_put_8s(f, &s->cmd);
3933 drive1_selected = (s->cur_drive != s);
3934 qemu_put_8s(f, &drive1_selected);
3935
3936 /* per IDE drive data */
3937 for(i = 0; i < 2; i++) {
3938 ide_save(f, &s[i]);
3939 }
3940}
3941
3942static int pmac_ide_load(QEMUFile *f, void *opaque, int version_id)
3943{
e3007e66
AJ		 3944 MACIOIDEState *d = opaque;
3945 IDEState *s = d->ide_if;
9b64997f
BS		 3946 uint8_t drive1_selected;
3947 unsigned int i;
3948
93c8cfd9 3949 if (version_id != 1 && version_id != 3)
9b64997f
BS		 3950 return -EINVAL;
3951
3952 /* per IDE interface data */
3953 qemu_get_8s(f, &s->cmd);
3954 qemu_get_8s(f, &drive1_selected);
3955 s->cur_drive = &s[(drive1_selected != 0)];
3956
3957 /* per IDE drive data */
3958 for(i = 0; i < 2; i++) {
93c8cfd9 3959 ide_load(f, &s[i], version_id);
9b64997f
BS		 3960 }
3961 return 0;
3962}
3963
6e6b7363
BS		 3964static void pmac_ide_reset(void *opaque)
3965{
e3007e66
AJ		 3966 MACIOIDEState *d = opaque;
3967 IDEState *s = d->ide_if;
6e6b7363
BS		 3968
3969 ide_reset(&s[0]);
3970 ide_reset(&s[1]);
3971}
3972
1ade1de2
FB		 3973/* hd_table must contain 4 block drivers */
3974/* PowerMac uses memory mapped registers, not I/O. Return the memory
3975 I/O index to access the ide. */
e3007e66
AJ		 3976int pmac_ide_init (BlockDriverState **hd_table, qemu_irq irq,
3977 void *dbdma, int channel, qemu_irq dma_irq)
1ade1de2 3978{
e3007e66 3979 MACIOIDEState *d;
1ade1de2
FB		 3980 int pmac_ide_memory;
3981
e3007e66
AJ		 3982 d = qemu_mallocz(sizeof(MACIOIDEState));
3983 ide_init2(d->ide_if, hd_table[0], hd_table[1], irq);
3984
b42ec42d 3985 if (dbdma)
862c9280 3986 DBDMA_register_channel(dbdma, channel, dma_irq, pmac_ide_transfer, pmac_ide_flush, d);
3b46e624 3987
1eed09cb 3988 pmac_ide_memory = cpu_register_io_memory(pmac_ide_read,
e3007e66 3989 pmac_ide_write, d);
93c8cfd9 3990 register_savevm("ide", 0, 3, pmac_ide_save, pmac_ide_load, d);
a08d4367 3991 qemu_register_reset(pmac_ide_reset, d);
e3007e66
AJ		 3992 pmac_ide_reset(d);
3993
1ade1de2
FB		 3994 return pmac_ide_memory;
3995}
e3007e66 3996#endif /* TARGET_PPC */
201a51fc 3997
a4a771c0
AZ		 3998/***********************************************************/
3999/* MMIO based ide port
4000 * This emulates IDE device connected directly to the CPU bus without
4001 * dedicated ide controller, which is often seen on embedded boards.
4002 */
4003
4004typedef struct {
4005 void *dev;
4006 int shift;
4007} MMIOState;
4008
4009static uint32_t mmio_ide_read (void *opaque, target_phys_addr_t addr)
4010{
4011 MMIOState *s = (MMIOState*)opaque;
4012 IDEState *ide = (IDEState*)s->dev;
4013 addr >>= s->shift;
4014 if (addr & 7)
4015 return ide_ioport_read(ide, addr);
4016 else
4017 return ide_data_readw(ide, 0);
4018}
4019
4020static void mmio_ide_write (void *opaque, target_phys_addr_t addr,
4021 uint32_t val)
4022{
4023 MMIOState *s = (MMIOState*)opaque;
4024 IDEState *ide = (IDEState*)s->dev;
4025 addr >>= s->shift;
4026 if (addr & 7)
4027 ide_ioport_write(ide, addr, val);
4028 else
4029 ide_data_writew(ide, 0, val);
4030}
4031
d60efc6b 4032static CPUReadMemoryFunc * const mmio_ide_reads[] = {
a4a771c0
AZ		 4033 mmio_ide_read,
4034 mmio_ide_read,
4035 mmio_ide_read,
4036};
4037
d60efc6b 4038static CPUWriteMemoryFunc * const mmio_ide_writes[] = {
a4a771c0
AZ		 4039 mmio_ide_write,
4040 mmio_ide_write,
4041 mmio_ide_write,
4042};
4043
4044static uint32_t mmio_ide_status_read (void *opaque, target_phys_addr_t addr)
4045{
4046 MMIOState *s= (MMIOState*)opaque;
4047 IDEState *ide = (IDEState*)s->dev;
4048 return ide_status_read(ide, 0);
4049}
4050
4051static void mmio_ide_cmd_write (void *opaque, target_phys_addr_t addr,
4052 uint32_t val)
4053{
4054 MMIOState *s = (MMIOState*)opaque;
4055 IDEState *ide = (IDEState*)s->dev;
4056 ide_cmd_write(ide, 0, val);
4057}
4058
d60efc6b 4059static CPUReadMemoryFunc * const mmio_ide_status[] = {
a4a771c0
AZ		 4060 mmio_ide_status_read,
4061 mmio_ide_status_read,
4062 mmio_ide_status_read,
4063};
4064
d60efc6b 4065static CPUWriteMemoryFunc * const mmio_ide_cmd[] = {
a4a771c0
AZ		 4066 mmio_ide_cmd_write,
4067 mmio_ide_cmd_write,
4068 mmio_ide_cmd_write,
4069};
4070
4071void mmio_ide_init (target_phys_addr_t membase, target_phys_addr_t membase2,
4072 qemu_irq irq, int shift,
4073 BlockDriverState *hd0, BlockDriverState *hd1)
4074{
4075 MMIOState *s = qemu_mallocz(sizeof(MMIOState));
4076 IDEState *ide = qemu_mallocz(sizeof(IDEState) * 2);
4077 int mem1, mem2;
4078
4079 ide_init2(ide, hd0, hd1, irq);
4080
4081 s->dev = ide;
4082 s->shift = shift;
4083
1eed09cb
AK		 4084 mem1 = cpu_register_io_memory(mmio_ide_reads, mmio_ide_writes, s);
4085 mem2 = cpu_register_io_memory(mmio_ide_status, mmio_ide_cmd, s);
a4a771c0
AZ		 4086 cpu_register_physical_memory(membase, 16 << shift, mem1);
4087 cpu_register_physical_memory(membase2, 2 << shift, mem2);
4088}
4089
201a51fc
AZ		 4090/***********************************************************/
4091/* CF-ATA Microdrive */
4092
4093#define METADATA_SIZE 0x20
4094
4095/* DSCM-1XXXX Microdrive hard disk with CF+ II / PCMCIA interface. */
bc24a225 4096typedef struct {
201a51fc 4097 IDEState ide[2];
bc24a225 4098 PCMCIACardState card;
201a51fc
AZ		 4099 uint32_t attr_base;
4100 uint32_t io_base;
4101
4102 /* Card state */
4103 uint8_t opt;
4104 uint8_t stat;
4105 uint8_t pins;
4106
4107 uint8_t ctrl;
4108 uint16_t io;
4109 int cycle;
bc24a225 4110} MicroDriveState;
201a51fc
AZ		 4111
4112/* Register bitfields */
4113enum md_opt {
4114 OPT_MODE_MMAP = 0,
4115 OPT_MODE_IOMAP16 = 1,
4116 OPT_MODE_IOMAP1 = 2,
4117 OPT_MODE_IOMAP2 = 3,
4118 OPT_MODE = 0x3f,
4119 OPT_LEVIREQ = 0x40,
4120 OPT_SRESET = 0x80,
4121};
4122enum md_cstat {
4123 STAT_INT = 0x02,
4124 STAT_PWRDWN = 0x04,
4125 STAT_XE = 0x10,
4126 STAT_IOIS8 = 0x20,
4127 STAT_SIGCHG = 0x40,
4128 STAT_CHANGED = 0x80,
4129};
4130enum md_pins {
4131 PINS_MRDY = 0x02,
4132 PINS_CRDY = 0x20,
4133};
4134enum md_ctrl {
4135 CTRL_IEN = 0x02,
4136 CTRL_SRST = 0x04,
4137};
4138
bc24a225 4139static inline void md_interrupt_update(MicroDriveState *s)
201a51fc
AZ		 4140{
4141 if (!s->card.slot)
4142 return;
4143
4144 qemu_set_irq(s->card.slot->irq,
4145 !(s->stat & STAT_INT) && /* Inverted */
4146 !(s->ctrl & (CTRL_IEN | CTRL_SRST)) &&
4147 !(s->opt & OPT_SRESET));
4148}
4149
4150static void md_set_irq(void *opaque, int irq, int level)
4151{
bc24a225 4152 MicroDriveState *s = (MicroDriveState *) opaque;
201a51fc
AZ		 4153 if (level)
4154 s->stat |= STAT_INT;
4155 else
4156 s->stat &= ~STAT_INT;
4157
4158 md_interrupt_update(s);
4159}
4160
bc24a225 4161static void md_reset(MicroDriveState *s)
201a51fc
AZ		 4162{
4163 s->opt = OPT_MODE_MMAP;
4164 s->stat = 0;
4165 s->pins = 0;
4166 s->cycle = 0;
4167 s->ctrl = 0;
4168 ide_reset(s->ide);
4169}
4170
9e315fa9 4171static uint8_t md_attr_read(void *opaque, uint32_t at)
201a51fc 4172{
bc24a225 4173 MicroDriveState *s = (MicroDriveState *) opaque;
201a51fc
AZ		 4174 if (at < s->attr_base) {
4175 if (at < s->card.cis_len)
4176 return s->card.cis[at];
4177 else
4178 return 0x00;
4179 }
4180
4181 at -= s->attr_base;
4182
4183 switch (at) {
4184 case 0x00: /* Configuration Option Register */
4185 return s->opt;
4186 case 0x02: /* Card Configuration Status Register */
4187 if (s->ctrl & CTRL_IEN)
4188 return s->stat & ~STAT_INT;
4189 else
4190 return s->stat;
4191 case 0x04: /* Pin Replacement Register */
4192 return (s->pins & PINS_CRDY) | 0x0c;
4193 case 0x06: /* Socket and Copy Register */
4194 return 0x00;
4195#ifdef VERBOSE
4196 default:
4197 printf("%s: Bad attribute space register %02x\n", __FUNCTION__, at);
4198#endif
4199 }
4200
4201 return 0;
4202}
4203
9e315fa9 4204static void md_attr_write(void *opaque, uint32_t at, uint8_t value)
201a51fc 4205{
bc24a225 4206 MicroDriveState *s = (MicroDriveState *) opaque;
201a51fc
AZ		 4207 at -= s->attr_base;
4208
4209 switch (at) {
4210 case 0x00: /* Configuration Option Register */
4211 s->opt = value & 0xcf;
4212 if (value & OPT_SRESET)
4213 md_reset(s);
4214 md_interrupt_update(s);
4215 break;
4216 case 0x02: /* Card Configuration Status Register */
4217 if ((s->stat ^ value) & STAT_PWRDWN)
4218 s->pins |= PINS_CRDY;
4219 s->stat &= 0x82;
4220 s->stat |= value & 0x74;
4221 md_interrupt_update(s);
4222 /* Word 170 in Identify Device must be equal to STAT_XE */
4223 break;
4224 case 0x04: /* Pin Replacement Register */
4225 s->pins &= PINS_CRDY;
4226 s->pins |= value & PINS_MRDY;
4227 break;
4228 case 0x06: /* Socket and Copy Register */
4229 break;
4230 default:
4231 printf("%s: Bad attribute space register %02x\n", __FUNCTION__, at);
4232 }
4233}
4234
9e315fa9 4235static uint16_t md_common_read(void *opaque, uint32_t at)
201a51fc 4236{
bc24a225 4237 MicroDriveState *s = (MicroDriveState *) opaque;
201a51fc
AZ		 4238 uint16_t ret;
4239 at -= s->io_base;
4240
4241 switch (s->opt & OPT_MODE) {
4242 case OPT_MODE_MMAP:
4243 if ((at & ~0x3ff) == 0x400)
4244 at = 0;
4245 break;
4246 case OPT_MODE_IOMAP16:
4247 at &= 0xf;
4248 break;
4249 case OPT_MODE_IOMAP1:
4250 if ((at & ~0xf) == 0x3f0)
4251 at -= 0x3e8;
4252 else if ((at & ~0xf) == 0x1f0)
4253 at -= 0x1f0;
4254 break;
4255 case OPT_MODE_IOMAP2:
4256 if ((at & ~0xf) == 0x370)
4257 at -= 0x368;
4258 else if ((at & ~0xf) == 0x170)
4259 at -= 0x170;
4260 }
4261
4262 switch (at) {
4263 case 0x0: /* Even RD Data */
4264 case 0x8:
4265 return ide_data_readw(s->ide, 0);
4266
4267 /* TODO: 8-bit accesses */
4268 if (s->cycle)
4269 ret = s->io >> 8;
4270 else {
4271 s->io = ide_data_readw(s->ide, 0);
4272 ret = s->io & 0xff;
4273 }
4274 s->cycle = !s->cycle;
4275 return ret;
4276 case 0x9: /* Odd RD Data */
4277 return s->io >> 8;
4278 case 0xd: /* Error */
4279 return ide_ioport_read(s->ide, 0x1);
4280 case 0xe: /* Alternate Status */
4281 if (s->ide->cur_drive->bs)
4282 return s->ide->cur_drive->status;
4283 else
4284 return 0;
4285 case 0xf: /* Device Address */
4286 return 0xc2 | ((~s->ide->select << 2) & 0x3c);
4287 default:
4288 return ide_ioport_read(s->ide, at);
4289 }
4290
4291 return 0;
4292}
4293
9e315fa9 4294static void md_common_write(void *opaque, uint32_t at, uint16_t value)
201a51fc 4295{
bc24a225 4296 MicroDriveState *s = (MicroDriveState *) opaque;
201a51fc
AZ		 4297 at -= s->io_base;
4298
4299 switch (s->opt & OPT_MODE) {
4300 case OPT_MODE_MMAP:
4301 if ((at & ~0x3ff) == 0x400)
4302 at = 0;
4303 break;
4304 case OPT_MODE_IOMAP16:
4305 at &= 0xf;
4306 break;
4307 case OPT_MODE_IOMAP1:
4308 if ((at & ~0xf) == 0x3f0)
4309 at -= 0x3e8;
4310 else if ((at & ~0xf) == 0x1f0)
4311 at -= 0x1f0;
4312 break;
4313 case OPT_MODE_IOMAP2:
4314 if ((at & ~0xf) == 0x370)
4315 at -= 0x368;
4316 else if ((at & ~0xf) == 0x170)
4317 at -= 0x170;
4318 }
4319
4320 switch (at) {
4321 case 0x0: /* Even WR Data */
4322 case 0x8:
4323 ide_data_writew(s->ide, 0, value);
4324 break;
4325
4326 /* TODO: 8-bit accesses */
4327 if (s->cycle)
4328 ide_data_writew(s->ide, 0, s->io | (value << 8));
4329 else
4330 s->io = value & 0xff;
4331 s->cycle = !s->cycle;
4332 break;
4333 case 0x9:
4334 s->io = value & 0xff;
4335 s->cycle = !s->cycle;
4336 break;
4337 case 0xd: /* Features */
4338 ide_ioport_write(s->ide, 0x1, value);
4339 break;
4340 case 0xe: /* Device Control */
4341 s->ctrl = value;
4342 if (value & CTRL_SRST)
4343 md_reset(s);
4344 md_interrupt_update(s);
4345 break;
4346 default:
4347 if (s->stat & STAT_PWRDWN) {
4348 s->pins |= PINS_CRDY;
4349 s->stat &= ~STAT_PWRDWN;
4350 }
4351 ide_ioport_write(s->ide, at, value);
4352 }
4353}
4354
aa941b94
AZ		 4355static void md_save(QEMUFile *f, void *opaque)
4356{
bc24a225 4357 MicroDriveState *s = (MicroDriveState *) opaque;
aa941b94
AZ		 4358 int i;
4359 uint8_t drive1_selected;
4360
4361 qemu_put_8s(f, &s->opt);
4362 qemu_put_8s(f, &s->stat);
4363 qemu_put_8s(f, &s->pins);
4364
4365 qemu_put_8s(f, &s->ctrl);
4366 qemu_put_be16s(f, &s->io);
4367 qemu_put_byte(f, s->cycle);
4368
4369 drive1_selected = (s->ide->cur_drive != s->ide);
4370 qemu_put_8s(f, &s->ide->cmd);
4371 qemu_put_8s(f, &drive1_selected);
4372
4373 for (i = 0; i < 2; i ++)
4374 ide_save(f, &s->ide[i]);
4375}
4376
4377static int md_load(QEMUFile *f, void *opaque, int version_id)
4378{
bc24a225 4379 MicroDriveState *s = (MicroDriveState *) opaque;
aa941b94
AZ		 4380 int i;
4381 uint8_t drive1_selected;
4382
93c8cfd9
GN		 4383 if (version_id != 0 && version_id != 3)
4384 return -EINVAL;
4385
aa941b94
AZ		 4386 qemu_get_8s(f, &s->opt);
4387 qemu_get_8s(f, &s->stat);
4388 qemu_get_8s(f, &s->pins);
4389
4390 qemu_get_8s(f, &s->ctrl);
4391 qemu_get_be16s(f, &s->io);
4392 s->cycle = qemu_get_byte(f);
4393
4394 qemu_get_8s(f, &s->ide->cmd);
4395 qemu_get_8s(f, &drive1_selected);
4396 s->ide->cur_drive = &s->ide[(drive1_selected != 0)];
4397
4398 for (i = 0; i < 2; i ++)
93c8cfd9 4399 ide_load(f, &s->ide[i], version_id);
aa941b94
AZ		 4400
4401 return 0;
4402}
4403
201a51fc
AZ		 4404static const uint8_t dscm1xxxx_cis[0x14a] = {
4405 [0x000] = CISTPL_DEVICE, /* 5V Device Information */
4406 [0x002] = 0x03, /* Tuple length = 4 bytes */
4407 [0x004] = 0xdb, /* ID: DTYPE_FUNCSPEC, non WP, DSPEED_150NS */
4408 [0x006] = 0x01, /* Size = 2K bytes */
4409 [0x008] = CISTPL_ENDMARK,
4410
4411 [0x00a] = CISTPL_DEVICE_OC, /* Additional Device Information */
4412 [0x00c] = 0x04, /* Tuple length = 4 byest */
4413 [0x00e] = 0x03, /* Conditions: Ext = 0, Vcc 3.3V, MWAIT = 1 */
4414 [0x010] = 0xdb, /* ID: DTYPE_FUNCSPEC, non WP, DSPEED_150NS */
4415 [0x012] = 0x01, /* Size = 2K bytes */
4416 [0x014] = CISTPL_ENDMARK,
4417
4418 [0x016] = CISTPL_JEDEC_C, /* JEDEC ID */
4419 [0x018] = 0x02, /* Tuple length = 2 bytes */
4420 [0x01a] = 0xdf, /* PC Card ATA with no Vpp required */
4421 [0x01c] = 0x01,
4422
4423 [0x01e] = CISTPL_MANFID, /* Manufacture ID */
4424 [0x020] = 0x04, /* Tuple length = 4 bytes */
4425 [0x022] = 0xa4, /* TPLMID_MANF = 00a4 (IBM) */
4426 [0x024] = 0x00,
4427 [0x026] = 0x00, /* PLMID_CARD = 0000 */
4428 [0x028] = 0x00,
4429
4430 [0x02a] = CISTPL_VERS_1, /* Level 1 Version */
4431 [0x02c] = 0x12, /* Tuple length = 23 bytes */
4432 [0x02e] = 0x04, /* Major Version = JEIDA 4.2 / PCMCIA 2.1 */
4433 [0x030] = 0x01, /* Minor Version = 1 */
4434 [0x032] = 'I',
4435 [0x034] = 'B',
4436 [0x036] = 'M',
4437 [0x038] = 0x00,
4438 [0x03a] = 'm',
4439 [0x03c] = 'i',
4440 [0x03e] = 'c',
4441 [0x040] = 'r',
4442 [0x042] = 'o',
4443 [0x044] = 'd',
4444 [0x046] = 'r',
4445 [0x048] = 'i',
4446 [0x04a] = 'v',
4447 [0x04c] = 'e',
4448 [0x04e] = 0x00,
4449 [0x050] = CISTPL_ENDMARK,
4450
4451 [0x052] = CISTPL_FUNCID, /* Function ID */
4452 [0x054] = 0x02, /* Tuple length = 2 bytes */
4453 [0x056] = 0x04, /* TPLFID_FUNCTION = Fixed Disk */
4454 [0x058] = 0x01, /* TPLFID_SYSINIT: POST = 1, ROM = 0 */
4455
4456 [0x05a] = CISTPL_FUNCE, /* Function Extension */
4457 [0x05c] = 0x02, /* Tuple length = 2 bytes */
4458 [0x05e] = 0x01, /* TPLFE_TYPE = Disk Device Interface */
4459 [0x060] = 0x01, /* TPLFE_DATA = PC Card ATA Interface */
4460
4461 [0x062] = CISTPL_FUNCE, /* Function Extension */
4462 [0x064] = 0x03, /* Tuple length = 3 bytes */
4463 [0x066] = 0x02, /* TPLFE_TYPE = Basic PC Card ATA Interface */
4464 [0x068] = 0x08, /* TPLFE_DATA: Rotating, Unique, Single */
4465 [0x06a] = 0x0f, /* TPLFE_DATA: Sleep, Standby, Idle, Auto */
4466
4467 [0x06c] = CISTPL_CONFIG, /* Configuration */
4468 [0x06e] = 0x05, /* Tuple length = 5 bytes */
4469 [0x070] = 0x01, /* TPCC_RASZ = 2 bytes, TPCC_RMSZ = 1 byte */
4470 [0x072] = 0x07, /* TPCC_LAST = 7 */
4471 [0x074] = 0x00, /* TPCC_RADR = 0200 */
4472 [0x076] = 0x02,
4473 [0x078] = 0x0f, /* TPCC_RMSK = 200, 202, 204, 206 */
4474
4475 [0x07a] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
4476 [0x07c] = 0x0b, /* Tuple length = 11 bytes */
4477 [0x07e] = 0xc0, /* TPCE_INDX = Memory Mode, Default, Iface */
4478 [0x080] = 0xc0, /* TPCE_IF = Memory, no BVDs, no WP, READY */
4479 [0x082] = 0xa1, /* TPCE_FS = Vcc only, no I/O, Memory, Misc */
4480 [0x084] = 0x27, /* NomV = 1, MinV = 1, MaxV = 1, Peakl = 1 */
4481 [0x086] = 0x55, /* NomV: 5.0 V */
4482 [0x088] = 0x4d, /* MinV: 4.5 V */
4483 [0x08a] = 0x5d, /* MaxV: 5.5 V */
4484 [0x08c] = 0x4e, /* Peakl: 450 mA */
4485 [0x08e] = 0x08, /* TPCE_MS = 1 window, 1 byte, Host address */
4486 [0x090] = 0x00, /* Window descriptor: Window length = 0 */
4487 [0x092] = 0x20, /* TPCE_MI: support power down mode, RW */
4488
4489 [0x094] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
4490 [0x096] = 0x06, /* Tuple length = 6 bytes */
4491 [0x098] = 0x00, /* TPCE_INDX = Memory Mode, no Default */
4492 [0x09a] = 0x01, /* TPCE_FS = Vcc only, no I/O, no Memory */
4493 [0x09c] = 0x21, /* NomV = 1, MinV = 0, MaxV = 0, Peakl = 1 */
4494 [0x09e] = 0xb5, /* NomV: 3.3 V */
4495 [0x0a0] = 0x1e,
4496 [0x0a2] = 0x3e, /* Peakl: 350 mA */
4497
4498 [0x0a4] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
4499 [0x0a6] = 0x0d, /* Tuple length = 13 bytes */
4500 [0x0a8] = 0xc1, /* TPCE_INDX = I/O and Memory Mode, Default */
4501 [0x0aa] = 0x41, /* TPCE_IF = I/O and Memory, no BVD, no WP */
4502 [0x0ac] = 0x99, /* TPCE_FS = Vcc only, I/O, Interrupt, Misc */
4503 [0x0ae] = 0x27, /* NomV = 1, MinV = 1, MaxV = 1, Peakl = 1 */
4504 [0x0b0] = 0x55, /* NomV: 5.0 V */
4505 [0x0b2] = 0x4d, /* MinV: 4.5 V */
4506 [0x0b4] = 0x5d, /* MaxV: 5.5 V */
4507 [0x0b6] = 0x4e, /* Peakl: 450 mA */
4508 [0x0b8] = 0x64, /* TPCE_IO = 16-byte boundary, 16/8 accesses */
4509 [0x0ba] = 0xf0, /* TPCE_IR = MASK, Level, Pulse, Share */
4510 [0x0bc] = 0xff, /* IRQ0..IRQ7 supported */
4511 [0x0be] = 0xff, /* IRQ8..IRQ15 supported */
4512 [0x0c0] = 0x20, /* TPCE_MI = support power down mode */
4513
4514 [0x0c2] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
4515 [0x0c4] = 0x06, /* Tuple length = 6 bytes */
4516 [0x0c6] = 0x01, /* TPCE_INDX = I/O and Memory Mode */
4517 [0x0c8] = 0x01, /* TPCE_FS = Vcc only, no I/O, no Memory */
4518 [0x0ca] = 0x21, /* NomV = 1, MinV = 0, MaxV = 0, Peakl = 1 */
4519 [0x0cc] = 0xb5, /* NomV: 3.3 V */
4520 [0x0ce] = 0x1e,
4521 [0x0d0] = 0x3e, /* Peakl: 350 mA */
4522
4523 [0x0d2] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
4524 [0x0d4] = 0x12, /* Tuple length = 18 bytes */
4525 [0x0d6] = 0xc2, /* TPCE_INDX = I/O Primary Mode */
4526 [0x0d8] = 0x41, /* TPCE_IF = I/O and Memory, no BVD, no WP */
4527 [0x0da] = 0x99, /* TPCE_FS = Vcc only, I/O, Interrupt, Misc */
4528 [0x0dc] = 0x27, /* NomV = 1, MinV = 1, MaxV = 1, Peakl = 1 */
4529 [0x0de] = 0x55, /* NomV: 5.0 V */
4530 [0x0e0] = 0x4d, /* MinV: 4.5 V */
4531 [0x0e2] = 0x5d, /* MaxV: 5.5 V */
4532 [0x0e4] = 0x4e, /* Peakl: 450 mA */
4533 [0x0e6] = 0xea, /* TPCE_IO = 1K boundary, 16/8 access, Range */
4534 [0x0e8] = 0x61, /* Range: 2 fields, 2 bytes addr, 1 byte len */
4535 [0x0ea] = 0xf0, /* Field 1 address = 0x01f0 */
4536 [0x0ec] = 0x01,
4537 [0x0ee] = 0x07, /* Address block length = 8 */
4538 [0x0f0] = 0xf6, /* Field 2 address = 0x03f6 */
4539 [0x0f2] = 0x03,
4540 [0x0f4] = 0x01, /* Address block length = 2 */
4541 [0x0f6] = 0xee, /* TPCE_IR = IRQ E, Level, Pulse, Share */
4542 [0x0f8] = 0x20, /* TPCE_MI = support power down mode */
4543
4544 [0x0fa] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
4545 [0x0fc] = 0x06, /* Tuple length = 6 bytes */
4546 [0x0fe] = 0x02, /* TPCE_INDX = I/O Primary Mode, no Default */
4547 [0x100] = 0x01, /* TPCE_FS = Vcc only, no I/O, no Memory */
4548 [0x102] = 0x21, /* NomV = 1, MinV = 0, MaxV = 0, Peakl = 1 */
4549 [0x104] = 0xb5, /* NomV: 3.3 V */
4550 [0x106] = 0x1e,
4551 [0x108] = 0x3e, /* Peakl: 350 mA */
4552
4553 [0x10a] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
4554 [0x10c] = 0x12, /* Tuple length = 18 bytes */
4555 [0x10e] = 0xc3, /* TPCE_INDX = I/O Secondary Mode, Default */
4556 [0x110] = 0x41, /* TPCE_IF = I/O and Memory, no BVD, no WP */
4557 [0x112] = 0x99, /* TPCE_FS = Vcc only, I/O, Interrupt, Misc */
4558 [0x114] = 0x27, /* NomV = 1, MinV = 1, MaxV = 1, Peakl = 1 */
4559 [0x116] = 0x55, /* NomV: 5.0 V */
4560 [0x118] = 0x4d, /* MinV: 4.5 V */
4561 [0x11a] = 0x5d, /* MaxV: 5.5 V */
4562 [0x11c] = 0x4e, /* Peakl: 450 mA */
4563 [0x11e] = 0xea, /* TPCE_IO = 1K boundary, 16/8 access, Range */
4564 [0x120] = 0x61, /* Range: 2 fields, 2 byte addr, 1 byte len */
4565 [0x122] = 0x70, /* Field 1 address = 0x0170 */
4566 [0x124] = 0x01,
4567 [0x126] = 0x07, /* Address block length = 8 */
4568 [0x128] = 0x76, /* Field 2 address = 0x0376 */
4569 [0x12a] = 0x03,
4570 [0x12c] = 0x01, /* Address block length = 2 */
4571 [0x12e] = 0xee, /* TPCE_IR = IRQ E, Level, Pulse, Share */
4572 [0x130] = 0x20, /* TPCE_MI = support power down mode */
4573
4574 [0x132] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
4575 [0x134] = 0x06, /* Tuple length = 6 bytes */
4576 [0x136] = 0x03, /* TPCE_INDX = I/O Secondary Mode */
4577 [0x138] = 0x01, /* TPCE_FS = Vcc only, no I/O, no Memory */
4578 [0x13a] = 0x21, /* NomV = 1, MinV = 0, MaxV = 0, Peakl = 1 */
4579 [0x13c] = 0xb5, /* NomV: 3.3 V */
4580 [0x13e] = 0x1e,
4581 [0x140] = 0x3e, /* Peakl: 350 mA */
4582
4583 [0x142] = CISTPL_NO_LINK, /* No Link */
4584 [0x144] = 0x00, /* Tuple length = 0 bytes */
4585
4586 [0x146] = CISTPL_END, /* Tuple End */
4587};
4588
4589static int dscm1xxxx_attach(void *opaque)
4590{
bc24a225 4591 MicroDriveState *md = (MicroDriveState *) opaque;
201a51fc
AZ		 4592 md->card.attr_read = md_attr_read;
4593 md->card.attr_write = md_attr_write;
4594 md->card.common_read = md_common_read;
4595 md->card.common_write = md_common_write;
4596 md->card.io_read = md_common_read;
4597 md->card.io_write = md_common_write;
4598
4599 md->attr_base = md->card.cis[0x74] | (md->card.cis[0x76] << 8);
4600 md->io_base = 0x0;
4601
4602 md_reset(md);
4603 md_interrupt_update(md);
4604
4605 md->card.slot->card_string = "DSCM-1xxxx Hitachi Microdrive";
4606 return 0;
4607}
4608
4609static int dscm1xxxx_detach(void *opaque)
4610{
bc24a225 4611 MicroDriveState *md = (MicroDriveState *) opaque;
201a51fc
AZ		 4612 md_reset(md);
4613 return 0;
4614}
4615
bc24a225 4616PCMCIACardState *dscm1xxxx_init(BlockDriverState *bdrv)
201a51fc 4617{
bc24a225 4618 MicroDriveState *md = (MicroDriveState *) qemu_mallocz(sizeof(MicroDriveState));
201a51fc
AZ		 4619 md->card.state = md;
4620 md->card.attach = dscm1xxxx_attach;
4621 md->card.detach = dscm1xxxx_detach;
4622 md->card.cis = dscm1xxxx_cis;
4623 md->card.cis_len = sizeof(dscm1xxxx_cis);
4624
660f11be 4625 ide_init2(md->ide, bdrv, NULL, qemu_allocate_irqs(md_set_irq, md, 1)[0]);
201a51fc
AZ		 4626 md->ide->is_cf = 1;
4627 md->ide->mdata_size = METADATA_SIZE;
4628 md->ide->mdata_storage = (uint8_t *) qemu_mallocz(METADATA_SIZE);
aa941b94 4629
93c8cfd9 4630 register_savevm("microdrive", -1, 3, md_save, md_load, md);
aa941b94 4631
201a51fc
AZ		 4632 return &md->card;
4633}
Qemu copy for testing