]> git.proxmox.com Git - qemu.git/blame - hw/ide.c
projects / qemu.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
ide: add save/restore support for mmio
[qemu.git] / hw / ide.c
CommitLineData
5391d806 1/*
38cdea7c 2 * QEMU IDE disk and CD/DVD-ROM Emulator
5fafdf24 3 *
5391d806 4 * Copyright (c) 2003 Fabrice Bellard
201a51fc 5 * Copyright (c) 2006 Openedhand Ltd.
5fafdf24 6 *
5391d806
FB		 7 * Permission is hereby granted, free of charge, to any person obtaining a copy
8 * of this software and associated documentation files (the "Software"), to deal
9 * in the Software without restriction, including without limitation the rights
10 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
11 * copies of the Software, and to permit persons to whom the Software is
12 * furnished to do so, subject to the following conditions:
13 *
14 * The above copyright notice and this permission notice shall be included in
15 * all copies or substantial portions of the Software.
16 *
17 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
18 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
19 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
20 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
21 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
22 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
23 * THE SOFTWARE.
24 */
87ecb68b
PB		 25#include "hw.h"
26#include "pc.h"
27#include "pci.h"
28#include "scsi-disk.h"
87ecb68b 29#include "block.h"
b0a7b120 30#include "block_int.h"
87ecb68b
PB		 31#include "qemu-timer.h"
32#include "sysemu.h"
b79e1752 33#include "sh.h"
1fb8648d 34#include "dma.h"
356721ae 35#include "ide-internal.h"
e8b54394
BW		 36
37static int smart_attributes[][5] = {
38 /* id, flags, val, wrst, thrsh */
39 { 0x01, 0x03, 0x64, 0x64, 0x06}, /* raw read */
40 { 0x03, 0x03, 0x64, 0x64, 0x46}, /* spin up */
41 { 0x04, 0x02, 0x64, 0x64, 0x14}, /* start stop count */
42 { 0x05, 0x03, 0x64, 0x64, 0x36}, /* remapped sectors */
43 { 0x00, 0x00, 0x00, 0x00, 0x00}
44};
45
8114e9e8
TS		 46/* XXX: DVDs that could fit on a CD will be reported as a CD */
47static inline int media_present(IDEState *s)
48{
49 return (s->nb_sectors > 0);
50}
51
52static inline int media_is_dvd(IDEState *s)
53{
54 return (media_present(s) && s->nb_sectors > CD_MAX_SECTORS);
55}
56
57static inline int media_is_cd(IDEState *s)
58{
59 return (media_present(s) && s->nb_sectors <= CD_MAX_SECTORS);
60}
61
8ccad811 62static void ide_dma_start(IDEState *s, BlockDriverCompletionFunc *dma_cb);
428c5705 63static void ide_dma_restart(IDEState *s);
5f12ab4b 64static void ide_atapi_cmd_read_dma_cb(void *opaque, int ret);
98087450 65
5391d806
FB		 66static void padstr(char *str, const char *src, int len)
67{
68 int i, v;
69 for(i = 0; i < len; i++) {
70 if (*src)
71 v = *src++;
72 else
73 v = ' ';
69b34976 74 str[i^1] = v;
5391d806
FB		 75 }
76}
77
bd0d90b2
FB		 78static void padstr8(uint8_t *buf, int buf_size, const char *src)
79{
80 int i;
81 for(i = 0; i < buf_size; i++) {
82 if (*src)
83 buf[i] = *src++;
84 else
85 buf[i] = ' ';
86 }
87}
88
67b915a5
FB		 89static void put_le16(uint16_t *p, unsigned int v)
90{
0c4ad8dc 91 *p = cpu_to_le16(v);
67b915a5
FB		 92}
93
5391d806
FB		 94static void ide_identify(IDEState *s)
95{
96 uint16_t *p;
97 unsigned int oldsize;
98
94458802
FB		 99 if (s->identify_set) {
100 memcpy(s->io_buffer, s->identify_data, sizeof(s->identify_data));
101 return;
102 }
103
5391d806
FB		 104 memset(s->io_buffer, 0, 512);
105 p = (uint16_t *)s->io_buffer;
67b915a5 106 put_le16(p + 0, 0x0040);
5fafdf24 107 put_le16(p + 1, s->cylinders);
67b915a5
FB		 108 put_le16(p + 3, s->heads);
109 put_le16(p + 4, 512 * s->sectors); /* XXX: retired, remove ? */
110 put_le16(p + 5, 512); /* XXX: retired, remove ? */
5fafdf24 111 put_le16(p + 6, s->sectors);
fa879c64 112 padstr((char *)(p + 10), s->drive_serial_str, 20); /* serial number */
67b915a5
FB		 113 put_le16(p + 20, 3); /* XXX: retired, remove ? */
114 put_le16(p + 21, 512); /* cache size in sectors */
115 put_le16(p + 22, 4); /* ecc bytes */
60fe76f3
TS		 116 padstr((char *)(p + 23), QEMU_VERSION, 8); /* firmware version */
117 padstr((char *)(p + 27), "QEMU HARDDISK", 40); /* model */
3b46e624 118#if MAX_MULT_SECTORS > 1
67b915a5 119 put_le16(p + 47, 0x8000 | MAX_MULT_SECTORS);
5391d806 120#endif
67b915a5 121 put_le16(p + 48, 1); /* dword I/O */
94458802 122 put_le16(p + 49, (1 << 11) | (1 << 9) | (1 << 8)); /* DMA and LBA supported */
67b915a5
FB		 123 put_le16(p + 51, 0x200); /* PIO transfer cycle */
124 put_le16(p + 52, 0x200); /* DMA transfer cycle */
94458802 125 put_le16(p + 53, 1 | (1 << 1) | (1 << 2)); /* words 54-58,64-70,88 are valid */
67b915a5
FB		 126 put_le16(p + 54, s->cylinders);
127 put_le16(p + 55, s->heads);
128 put_le16(p + 56, s->sectors);
5391d806 129 oldsize = s->cylinders * s->heads * s->sectors;
67b915a5
FB		 130 put_le16(p + 57, oldsize);
131 put_le16(p + 58, oldsize >> 16);
5391d806 132 if (s->mult_sectors)
67b915a5
FB		 133 put_le16(p + 59, 0x100 | s->mult_sectors);
134 put_le16(p + 60, s->nb_sectors);
135 put_le16(p + 61, s->nb_sectors >> 16);
d1b5c20d 136 put_le16(p + 62, 0x07); /* single word dma0-2 supported */
94458802
FB		 137 put_le16(p + 63, 0x07); /* mdma0-2 supported */
138 put_le16(p + 65, 120);
139 put_le16(p + 66, 120);
140 put_le16(p + 67, 120);
141 put_le16(p + 68, 120);
142 put_le16(p + 80, 0xf0); /* ata3 -> ata6 supported */
143 put_le16(p + 81, 0x16); /* conforms to ata5 */
e8b54394
BW		 144 /* 14=NOP supported, 0=SMART supported */
145 put_le16(p + 82, (1 << 14) | 1);
c2ff060f
FB		 146 /* 13=flush_cache_ext,12=flush_cache,10=lba48 */
147 put_le16(p + 83, (1 << 14) | (1 << 13) | (1 <<12) | (1 << 10));
e8b54394
BW		 148 /* 14=set to 1, 1=SMART self test, 0=SMART error logging */
149 put_le16(p + 84, (1 << 14) | 0);
150 /* 14 = NOP supported, 0=SMART feature set enabled */
151 put_le16(p + 85, (1 << 14) | 1);
c2ff060f
FB		 152 /* 13=flush_cache_ext,12=flush_cache,10=lba48 */
153 put_le16(p + 86, (1 << 14) | (1 << 13) | (1 <<12) | (1 << 10));
e8b54394
BW		 154 /* 14=set to 1, 1=smart self test, 0=smart error logging */
155 put_le16(p + 87, (1 << 14) | 0);
94458802
FB		 156 put_le16(p + 88, 0x3f | (1 << 13)); /* udma5 set and supported */
157 put_le16(p + 93, 1 | (1 << 14) | 0x2000);
c2ff060f
FB		 158 put_le16(p + 100, s->nb_sectors);
159 put_le16(p + 101, s->nb_sectors >> 16);
160 put_le16(p + 102, s->nb_sectors >> 32);
161 put_le16(p + 103, s->nb_sectors >> 48);
94458802
FB		 162
163 memcpy(s->identify_data, p, sizeof(s->identify_data));
164 s->identify_set = 1;
5391d806
FB		 165}
166
167static void ide_atapi_identify(IDEState *s)
168{
169 uint16_t *p;
170
94458802
FB		 171 if (s->identify_set) {
172 memcpy(s->io_buffer, s->identify_data, sizeof(s->identify_data));
173 return;
174 }
175
5391d806
FB		 176 memset(s->io_buffer, 0, 512);
177 p = (uint16_t *)s->io_buffer;
178 /* Removable CDROM, 50us response, 12 byte packets */
67b915a5 179 put_le16(p + 0, (2 << 14) | (5 << 8) | (1 << 7) | (2 << 5) | (0 << 0));
fa879c64 180 padstr((char *)(p + 10), s->drive_serial_str, 20); /* serial number */
67b915a5
FB		 181 put_le16(p + 20, 3); /* buffer type */
182 put_le16(p + 21, 512); /* cache size in sectors */
183 put_le16(p + 22, 4); /* ecc bytes */
60fe76f3 184 padstr((char *)(p + 23), QEMU_VERSION, 8); /* firmware version */
38cdea7c 185 padstr((char *)(p + 27), "QEMU DVD-ROM", 40); /* model */
67b915a5 186 put_le16(p + 48, 1); /* dword I/O (XXX: should not be set on CDROM) */
8ccad811
FB		 187#ifdef USE_DMA_CDROM
188 put_le16(p + 49, 1 << 9 | 1 << 8); /* DMA and LBA supported */
189 put_le16(p + 53, 7); /* words 64-70, 54-58, 88 valid */
d1b5c20d 190 put_le16(p + 62, 7); /* single word dma0-2 supported */
8ccad811
FB		 191 put_le16(p + 63, 7); /* mdma0-2 supported */
192 put_le16(p + 64, 0x3f); /* PIO modes supported */
193#else
67b915a5
FB		 194 put_le16(p + 49, 1 << 9); /* LBA supported, no DMA */
195 put_le16(p + 53, 3); /* words 64-70, 54-58 valid */
196 put_le16(p + 63, 0x103); /* DMA modes XXX: may be incorrect */
197 put_le16(p + 64, 1); /* PIO modes */
8ccad811 198#endif
67b915a5
FB		 199 put_le16(p + 65, 0xb4); /* minimum DMA multiword tx cycle time */
200 put_le16(p + 66, 0xb4); /* recommended DMA multiword tx cycle time */
201 put_le16(p + 67, 0x12c); /* minimum PIO cycle time without flow control */
202 put_le16(p + 68, 0xb4); /* minimum PIO cycle time with IORDY flow control */
94458802 203
67b915a5
FB		 204 put_le16(p + 71, 30); /* in ns */
205 put_le16(p + 72, 30); /* in ns */
5391d806 206
67b915a5 207 put_le16(p + 80, 0x1e); /* support up to ATA/ATAPI-4 */
8ccad811
FB		 208#ifdef USE_DMA_CDROM
209 put_le16(p + 88, 0x3f | (1 << 13)); /* udma5 set and supported */
210#endif
94458802
FB		 211 memcpy(s->identify_data, p, sizeof(s->identify_data));
212 s->identify_set = 1;
5391d806
FB		 213}
214
201a51fc
AZ		 215static void ide_cfata_identify(IDEState *s)
216{
217 uint16_t *p;
218 uint32_t cur_sec;
201a51fc
AZ		 219
220 p = (uint16_t *) s->identify_data;
221 if (s->identify_set)
222 goto fill_buffer;
223
224 memset(p, 0, sizeof(s->identify_data));
225
226 cur_sec = s->cylinders * s->heads * s->sectors;
227
228 put_le16(p + 0, 0x848a); /* CF Storage Card signature */
229 put_le16(p + 1, s->cylinders); /* Default cylinders */
230 put_le16(p + 3, s->heads); /* Default heads */
231 put_le16(p + 6, s->sectors); /* Default sectors per track */
232 put_le16(p + 7, s->nb_sectors >> 16); /* Sectors per card */
233 put_le16(p + 8, s->nb_sectors); /* Sectors per card */
fa879c64 234 padstr((char *)(p + 10), s->drive_serial_str, 20); /* serial number */
201a51fc 235 put_le16(p + 22, 0x0004); /* ECC bytes */
60fe76f3
TS		 236 padstr((char *) (p + 23), QEMU_VERSION, 8); /* Firmware Revision */
237 padstr((char *) (p + 27), "QEMU MICRODRIVE", 40);/* Model number */
201a51fc
AZ		 238#if MAX_MULT_SECTORS > 1
239 put_le16(p + 47, 0x8000 | MAX_MULT_SECTORS);
240#else
241 put_le16(p + 47, 0x0000);
242#endif
243 put_le16(p + 49, 0x0f00); /* Capabilities */
244 put_le16(p + 51, 0x0002); /* PIO cycle timing mode */
245 put_le16(p + 52, 0x0001); /* DMA cycle timing mode */
246 put_le16(p + 53, 0x0003); /* Translation params valid */
247 put_le16(p + 54, s->cylinders); /* Current cylinders */
248 put_le16(p + 55, s->heads); /* Current heads */
249 put_le16(p + 56, s->sectors); /* Current sectors */
250 put_le16(p + 57, cur_sec); /* Current capacity */
251 put_le16(p + 58, cur_sec >> 16); /* Current capacity */
252 if (s->mult_sectors) /* Multiple sector setting */
253 put_le16(p + 59, 0x100 | s->mult_sectors);
254 put_le16(p + 60, s->nb_sectors); /* Total LBA sectors */
255 put_le16(p + 61, s->nb_sectors >> 16); /* Total LBA sectors */
256 put_le16(p + 63, 0x0203); /* Multiword DMA capability */
257 put_le16(p + 64, 0x0001); /* Flow Control PIO support */
258 put_le16(p + 65, 0x0096); /* Min. Multiword DMA cycle */
259 put_le16(p + 66, 0x0096); /* Rec. Multiword DMA cycle */
260 put_le16(p + 68, 0x00b4); /* Min. PIO cycle time */
261 put_le16(p + 82, 0x400c); /* Command Set supported */
262 put_le16(p + 83, 0x7068); /* Command Set supported */
263 put_le16(p + 84, 0x4000); /* Features supported */
264 put_le16(p + 85, 0x000c); /* Command Set enabled */
265 put_le16(p + 86, 0x7044); /* Command Set enabled */
266 put_le16(p + 87, 0x4000); /* Features enabled */
267 put_le16(p + 91, 0x4060); /* Current APM level */
268 put_le16(p + 129, 0x0002); /* Current features option */
269 put_le16(p + 130, 0x0005); /* Reassigned sectors */
270 put_le16(p + 131, 0x0001); /* Initial power mode */
271 put_le16(p + 132, 0x0000); /* User signature */
272 put_le16(p + 160, 0x8100); /* Power requirement */
273 put_le16(p + 161, 0x8001); /* CF command set */
274
275 s->identify_set = 1;
276
277fill_buffer:
278 memcpy(s->io_buffer, p, sizeof(s->identify_data));
279}
280
5391d806
FB		 281static void ide_set_signature(IDEState *s)
282{
283 s->select &= 0xf0; /* clear head */
284 /* put signature */
285 s->nsector = 1;
286 s->sector = 1;
287 if (s->is_cdrom) {
288 s->lcyl = 0x14;
289 s->hcyl = 0xeb;
290 } else if (s->bs) {
291 s->lcyl = 0;
292 s->hcyl = 0;
293 } else {
294 s->lcyl = 0xff;
295 s->hcyl = 0xff;
296 }
297}
298
299static inline void ide_abort_command(IDEState *s)
300{
301 s->status = READY_STAT | ERR_STAT;
302 s->error = ABRT_ERR;
303}
304
5604e090
AZ		 305static inline void ide_dma_submit_check(IDEState *s,
306 BlockDriverCompletionFunc *dma_cb, BMDMAState *bm)
307{
308 if (bm->aiocb)
309 return;
310 dma_cb(bm, -1);
311}
312
5391d806 313/* prepare data transfer and tell what to do after */
5fafdf24 314static void ide_transfer_start(IDEState *s, uint8_t *buf, int size,
5391d806
FB		 315 EndTransferFunc *end_transfer_func)
316{
317 s->end_transfer_func = end_transfer_func;
318 s->data_ptr = buf;
319 s->data_end = buf + size;
7603d156
TS		 320 if (!(s->status & ERR_STAT))
321 s->status |= DRQ_STAT;
5391d806
FB		 322}
323
324static void ide_transfer_stop(IDEState *s)
325{
326 s->end_transfer_func = ide_transfer_stop;
327 s->data_ptr = s->io_buffer;
328 s->data_end = s->io_buffer;
329 s->status &= ~DRQ_STAT;
330}
331
356721ae 332int64_t ide_get_sector(IDEState *s)
5391d806
FB		 333{
334 int64_t sector_num;
335 if (s->select & 0x40) {
336 /* lba */
c2ff060f
FB		 337 if (!s->lba48) {
338 sector_num = ((s->select & 0x0f) << 24) | (s->hcyl << 16) |
339 (s->lcyl << 8) | s->sector;
340 } else {
341 sector_num = ((int64_t)s->hob_hcyl << 40) |
342 ((int64_t) s->hob_lcyl << 32) |
343 ((int64_t) s->hob_sector << 24) |
344 ((int64_t) s->hcyl << 16) |
345 ((int64_t) s->lcyl << 8) | s->sector;
346 }
5391d806
FB		 347 } else {
348 sector_num = ((s->hcyl << 8) | s->lcyl) * s->heads * s->sectors +
c2ff060f 349 (s->select & 0x0f) * s->sectors + (s->sector - 1);
5391d806
FB		 350 }
351 return sector_num;
352}
353
356721ae 354void ide_set_sector(IDEState *s, int64_t sector_num)
5391d806
FB		 355{
356 unsigned int cyl, r;
357 if (s->select & 0x40) {
c2ff060f
FB		 358 if (!s->lba48) {
359 s->select = (s->select & 0xf0) | (sector_num >> 24);
360 s->hcyl = (sector_num >> 16);
361 s->lcyl = (sector_num >> 8);
362 s->sector = (sector_num);
363 } else {
364 s->sector = sector_num;
365 s->lcyl = sector_num >> 8;
366 s->hcyl = sector_num >> 16;
367 s->hob_sector = sector_num >> 24;
368 s->hob_lcyl = sector_num >> 32;
369 s->hob_hcyl = sector_num >> 40;
370 }
5391d806
FB		 371 } else {
372 cyl = sector_num / (s->heads * s->sectors);
373 r = sector_num % (s->heads * s->sectors);
374 s->hcyl = cyl >> 8;
375 s->lcyl = cyl;
1b8eb456 376 s->select = (s->select & 0xf0) | ((r / s->sectors) & 0x0f);
5391d806
FB		 377 s->sector = (r % s->sectors) + 1;
378 }
379}
380
e162cfb0
AZ		 381static void ide_rw_error(IDEState *s) {
382 ide_abort_command(s);
383 ide_set_irq(s);
384}
385
5391d806
FB		 386static void ide_sector_read(IDEState *s)
387{
388 int64_t sector_num;
389 int ret, n;
390
391 s->status = READY_STAT | SEEK_STAT;
a136e5a8 392 s->error = 0; /* not needed by IDE spec, but needed by Windows */
5391d806
FB		 393 sector_num = ide_get_sector(s);
394 n = s->nsector;
395 if (n == 0) {
396 /* no more sector to read from disk */
397 ide_transfer_stop(s);
398 } else {
399#if defined(DEBUG_IDE)
18c5f8ea 400 printf("read sector=%" PRId64 "\n", sector_num);
5391d806
FB		 401#endif
402 if (n > s->req_nb_sectors)
403 n = s->req_nb_sectors;
404 ret = bdrv_read(s->bs, sector_num, s->io_buffer, n);
e162cfb0
AZ		 405 if (ret != 0) {
406 ide_rw_error(s);
407 return;
408 }
5391d806
FB		 409 ide_transfer_start(s, s->io_buffer, 512 * n, ide_sector_read);
410 ide_set_irq(s);
411 ide_set_sector(s, sector_num + n);
412 s->nsector -= n;
413 }
414}
415
7aea4412
AL		 416
417/* return 0 if buffer completed */
418static int dma_buf_prepare(BMDMAState *bm, int is_write)
419{
bcbdc4d3 420 IDEState *s = bmdma_active_if(bm);
7aea4412
AL		 421 struct {
422 uint32_t addr;
423 uint32_t size;
424 } prd;
425 int l, len;
7aea4412 426
1fb8648d 427 qemu_sglist_init(&s->sg, s->nsector / (TARGET_PAGE_SIZE/512) + 1);
7aea4412
AL		 428 s->io_buffer_size = 0;
429 for(;;) {
430 if (bm->cur_prd_len == 0) {
431 /* end of table (with a fail safe of one page) */
432 if (bm->cur_prd_last ||
433 (bm->cur_addr - bm->addr) >= 4096)
434 return s->io_buffer_size != 0;
435 cpu_physical_memory_read(bm->cur_addr, (uint8_t *)&prd, 8);
436 bm->cur_addr += 8;
437 prd.addr = le32_to_cpu(prd.addr);
438 prd.size = le32_to_cpu(prd.size);
439 len = prd.size & 0xfffe;
440 if (len == 0)
441 len = 0x10000;
442 bm->cur_prd_len = len;
443 bm->cur_prd_addr = prd.addr;
444 bm->cur_prd_last = (prd.size & 0x80000000);
445 }
446 l = bm->cur_prd_len;
447 if (l > 0) {
1fb8648d
AL		 448 qemu_sglist_add(&s->sg, bm->cur_prd_addr, l);
449 bm->cur_prd_addr += l;
450 bm->cur_prd_len -= l;
451 s->io_buffer_size += l;
7aea4412
AL		 452 }
453 }
454 return 1;
455}
456
457static void dma_buf_commit(IDEState *s, int is_write)
458{
1fb8648d 459 qemu_sglist_destroy(&s->sg);
7aea4412
AL		 460}
461
356721ae 462void ide_dma_error(IDEState *s)
e162cfb0
AZ		 463{
464 ide_transfer_stop(s);
465 s->error = ABRT_ERR;
466 s->status = READY_STAT | ERR_STAT;
467 ide_set_irq(s);
468}
469
428c5705
AL		 470static int ide_handle_write_error(IDEState *s, int error, int op)
471{
472 BlockInterfaceErrorAction action = drive_get_onerror(s->bs);
473
474 if (action == BLOCK_ERR_IGNORE)
475 return 0;
476
477 if ((error == ENOSPC && action == BLOCK_ERR_STOP_ENOSPC)
478 || action == BLOCK_ERR_STOP_ANY) {
bcbdc4d3
GH		 479 s->bus->bmdma->unit = s->unit;
480 s->bus->bmdma->status |= op;
428c5705
AL		 481 vm_stop(0);
482 } else {
7aea4412
AL		 483 if (op == BM_STATUS_DMA_RETRY) {
484 dma_buf_commit(s, 0);
428c5705 485 ide_dma_error(s);
7aea4412 486 } else {
428c5705 487 ide_rw_error(s);
7aea4412 488 }
428c5705
AL		 489 }
490
491 return 1;
492}
493
8ccad811
FB		 494/* return 0 if buffer completed */
495static int dma_buf_rw(BMDMAState *bm, int is_write)
98087450 496{
bcbdc4d3 497 IDEState *s = bmdma_active_if(bm);
8ccad811
FB		 498 struct {
499 uint32_t addr;
500 uint32_t size;
501 } prd;
502 int l, len;
98087450 503
8ccad811
FB		 504 for(;;) {
505 l = s->io_buffer_size - s->io_buffer_index;
5fafdf24 506 if (l <= 0)
8ccad811
FB		 507 break;
508 if (bm->cur_prd_len == 0) {
509 /* end of table (with a fail safe of one page) */
510 if (bm->cur_prd_last ||
511 (bm->cur_addr - bm->addr) >= 4096)
512 return 0;
513 cpu_physical_memory_read(bm->cur_addr, (uint8_t *)&prd, 8);
514 bm->cur_addr += 8;
515 prd.addr = le32_to_cpu(prd.addr);
516 prd.size = le32_to_cpu(prd.size);
517 len = prd.size & 0xfffe;
518 if (len == 0)
519 len = 0x10000;
520 bm->cur_prd_len = len;
521 bm->cur_prd_addr = prd.addr;
522 bm->cur_prd_last = (prd.size & 0x80000000);
523 }
524 if (l > bm->cur_prd_len)
525 l = bm->cur_prd_len;
526 if (l > 0) {
527 if (is_write) {
5fafdf24 528 cpu_physical_memory_write(bm->cur_prd_addr,
8ccad811
FB		 529 s->io_buffer + s->io_buffer_index, l);
530 } else {
5fafdf24 531 cpu_physical_memory_read(bm->cur_prd_addr,
8ccad811
FB		 532 s->io_buffer + s->io_buffer_index, l);
533 }
534 bm->cur_prd_addr += l;
535 bm->cur_prd_len -= l;
536 s->io_buffer_index += l;
98087450 537 }
98087450 538 }
8ccad811
FB		 539 return 1;
540}
541
8ccad811
FB		 542static void ide_read_dma_cb(void *opaque, int ret)
543{
544 BMDMAState *bm = opaque;
bcbdc4d3 545 IDEState *s = bmdma_active_if(bm);
8ccad811
FB		 546 int n;
547 int64_t sector_num;
548
e162cfb0 549 if (ret < 0) {
7aea4412 550 dma_buf_commit(s, 1);
e162cfb0
AZ		 551 ide_dma_error(s);
552 return;
553 }
554
8ccad811
FB		 555 n = s->io_buffer_size >> 9;
556 sector_num = ide_get_sector(s);
557 if (n > 0) {
7aea4412 558 dma_buf_commit(s, 1);
8ccad811
FB		 559 sector_num += n;
560 ide_set_sector(s, sector_num);
561 s->nsector -= n;
8ccad811
FB		 562 }
563
564 /* end of transfer ? */
565 if (s->nsector == 0) {
98087450
FB		 566 s->status = READY_STAT | SEEK_STAT;
567 ide_set_irq(s);
8ccad811
FB		 568 eot:
569 bm->status &= ~BM_STATUS_DMAING;
570 bm->status |= BM_STATUS_INT;
571 bm->dma_cb = NULL;
bcbdc4d3 572 bm->unit = -1;
8ccad811
FB		 573 bm->aiocb = NULL;
574 return;
98087450 575 }
8ccad811
FB		 576
577 /* launch next transfer */
578 n = s->nsector;
8ccad811
FB		 579 s->io_buffer_index = 0;
580 s->io_buffer_size = n * 512;
7aea4412
AL		 581 if (dma_buf_prepare(bm, 1) == 0)
582 goto eot;
8ccad811 583#ifdef DEBUG_AIO
5df23f53 584 printf("aio_read: sector_num=%" PRId64 " n=%d\n", sector_num, n);
8ccad811 585#endif
1fb8648d 586 bm->aiocb = dma_bdrv_read(s->bs, &s->sg, sector_num, ide_read_dma_cb, bm);
5604e090 587 ide_dma_submit_check(s, ide_read_dma_cb, bm);
98087450
FB		 588}
589
590static void ide_sector_read_dma(IDEState *s)
591{
8ccad811 592 s->status = READY_STAT | SEEK_STAT | DRQ_STAT | BUSY_STAT;
98087450
FB		 593 s->io_buffer_index = 0;
594 s->io_buffer_size = 0;
e3007e66 595 s->is_read = 1;
98087450
FB		 596 ide_dma_start(s, ide_read_dma_cb);
597}
598
a09db21f
FB		 599static void ide_sector_write_timer_cb(void *opaque)
600{
601 IDEState *s = opaque;
602 ide_set_irq(s);
603}
604
5391d806
FB		 605static void ide_sector_write(IDEState *s)
606{
607 int64_t sector_num;
31c2a146 608 int ret, n, n1;
5391d806
FB		 609
610 s->status = READY_STAT | SEEK_STAT;
611 sector_num = ide_get_sector(s);
612#if defined(DEBUG_IDE)
18c5f8ea 613 printf("write sector=%" PRId64 "\n", sector_num);
5391d806
FB		 614#endif
615 n = s->nsector;
616 if (n > s->req_nb_sectors)
617 n = s->req_nb_sectors;
31c2a146 618 ret = bdrv_write(s->bs, sector_num, s->io_buffer, n);
428c5705 619
e162cfb0 620 if (ret != 0) {
428c5705
AL		 621 if (ide_handle_write_error(s, -ret, BM_STATUS_PIO_RETRY))
622 return;
e162cfb0
AZ		 623 }
624
5391d806
FB		 625 s->nsector -= n;
626 if (s->nsector == 0) {
292eef5a 627 /* no more sectors to write */
5391d806
FB		 628 ide_transfer_stop(s);
629 } else {
630 n1 = s->nsector;
631 if (n1 > s->req_nb_sectors)
632 n1 = s->req_nb_sectors;
633 ide_transfer_start(s, s->io_buffer, 512 * n1, ide_sector_write);
634 }
635 ide_set_sector(s, sector_num + n);
3b46e624 636
31c2a146
TS		 637#ifdef TARGET_I386
638 if (win2k_install_hack && ((++s->irq_count % 16) == 0)) {
639 /* It seems there is a bug in the Windows 2000 installer HDD
640 IDE driver which fills the disk with empty logs when the
641 IDE write IRQ comes too early. This hack tries to correct
642 that at the expense of slower write performances. Use this
643 option _only_ to install Windows 2000. You must disable it
644 for normal use. */
645 qemu_mod_timer(s->sector_write_timer,
646 qemu_get_clock(vm_clock) + (ticks_per_sec / 1000));
647 } else
648#endif
649 {
650 ide_set_irq(s);
651 }
5391d806
FB		 652}
653
213189ab 654static void ide_dma_restart_bh(void *opaque)
428c5705
AL		 655{
656 BMDMAState *bm = opaque;
213189ab
MA		 657
658 qemu_bh_delete(bm->bh);
659 bm->bh = NULL;
660
428c5705
AL		 661 if (bm->status & BM_STATUS_DMA_RETRY) {
662 bm->status &= ~BM_STATUS_DMA_RETRY;
bcbdc4d3 663 ide_dma_restart(bmdma_active_if(bm));
428c5705
AL		 664 } else if (bm->status & BM_STATUS_PIO_RETRY) {
665 bm->status &= ~BM_STATUS_PIO_RETRY;
bcbdc4d3 666 ide_sector_write(bmdma_active_if(bm));
428c5705
AL		 667 }
668}
669
356721ae 670void ide_dma_restart_cb(void *opaque, int running, int reason)
213189ab
MA		 671{
672 BMDMAState *bm = opaque;
673
674 if (!running)
675 return;
676
677 if (!bm->bh) {
678 bm->bh = qemu_bh_new(ide_dma_restart_bh, bm);
679 qemu_bh_schedule(bm->bh);
680 }
681}
682
8ccad811 683static void ide_write_dma_cb(void *opaque, int ret)
98087450 684{
8ccad811 685 BMDMAState *bm = opaque;
bcbdc4d3 686 IDEState *s = bmdma_active_if(bm);
8ccad811 687 int n;
98087450
FB		 688 int64_t sector_num;
689
e162cfb0 690 if (ret < 0) {
428c5705
AL		 691 if (ide_handle_write_error(s, -ret, BM_STATUS_DMA_RETRY))
692 return;
e162cfb0
AZ		 693 }
694
8ccad811
FB		 695 n = s->io_buffer_size >> 9;
696 sector_num = ide_get_sector(s);
697 if (n > 0) {
7aea4412 698 dma_buf_commit(s, 0);
8ccad811
FB		 699 sector_num += n;
700 ide_set_sector(s, sector_num);
701 s->nsector -= n;
98087450 702 }
98087450 703
8ccad811
FB		 704 /* end of transfer ? */
705 if (s->nsector == 0) {
706 s->status = READY_STAT | SEEK_STAT;
707 ide_set_irq(s);
708 eot:
709 bm->status &= ~BM_STATUS_DMAING;
710 bm->status |= BM_STATUS_INT;
711 bm->dma_cb = NULL;
bcbdc4d3 712 bm->unit = -1;
8ccad811
FB		 713 bm->aiocb = NULL;
714 return;
715 }
716
98087450 717 n = s->nsector;
98087450 718 s->io_buffer_size = n * 512;
7aea4412
AL		 719 /* launch next transfer */
720 if (dma_buf_prepare(bm, 0) == 0)
8ccad811
FB		 721 goto eot;
722#ifdef DEBUG_AIO
5df23f53 723 printf("aio_write: sector_num=%" PRId64 " n=%d\n", sector_num, n);
8ccad811 724#endif
1fb8648d 725 bm->aiocb = dma_bdrv_write(s->bs, &s->sg, sector_num, ide_write_dma_cb, bm);
5604e090 726 ide_dma_submit_check(s, ide_write_dma_cb, bm);
8ccad811
FB		 727}
728
729static void ide_sector_write_dma(IDEState *s)
730{
731 s->status = READY_STAT | SEEK_STAT | DRQ_STAT | BUSY_STAT;
732 s->io_buffer_index = 0;
733 s->io_buffer_size = 0;
e3007e66 734 s->is_read = 0;
98087450
FB		 735 ide_dma_start(s, ide_write_dma_cb);
736}
737
356721ae 738void ide_atapi_cmd_ok(IDEState *s)
5391d806
FB		 739{
740 s->error = 0;
41a2b959 741 s->status = READY_STAT | SEEK_STAT;
5391d806
FB		 742 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
743 ide_set_irq(s);
744}
745
356721ae 746void ide_atapi_cmd_error(IDEState *s, int sense_key, int asc)
5391d806
FB		 747{
748#ifdef DEBUG_IDE_ATAPI
749 printf("atapi_cmd_error: sense=0x%x asc=0x%x\n", sense_key, asc);
750#endif
751 s->error = sense_key << 4;
752 s->status = READY_STAT | ERR_STAT;
753 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
754 s->sense_key = sense_key;
755 s->asc = asc;
756 ide_set_irq(s);
757}
758
9118e7f0
AL		 759static void ide_atapi_cmd_check_status(IDEState *s)
760{
761#ifdef DEBUG_IDE_ATAPI
762 printf("atapi_cmd_check_status\n");
763#endif
764 s->error = MC_ERR | (SENSE_UNIT_ATTENTION << 4);
765 s->status = ERR_STAT;
766 s->nsector = 0;
767 ide_set_irq(s);
768}
769
5391d806
FB		 770static inline void cpu_to_ube16(uint8_t *buf, int val)
771{
772 buf[0] = val >> 8;
9e622b15 773 buf[1] = val & 0xff;
5391d806
FB		 774}
775
776static inline void cpu_to_ube32(uint8_t *buf, unsigned int val)
777{
778 buf[0] = val >> 24;
779 buf[1] = val >> 16;
780 buf[2] = val >> 8;
9e622b15 781 buf[3] = val & 0xff;
5391d806
FB		 782}
783
784static inline int ube16_to_cpu(const uint8_t *buf)
785{
786 return (buf[0] << 8) | buf[1];
787}
788
789static inline int ube32_to_cpu(const uint8_t *buf)
790{
791 return (buf[0] << 24) | (buf[1] << 16) | (buf[2] << 8) | buf[3];
792}
793
98087450
FB		 794static void lba_to_msf(uint8_t *buf, int lba)
795{
796 lba += 150;
797 buf[0] = (lba / 75) / 60;
798 buf[1] = (lba / 75) % 60;
799 buf[2] = lba % 75;
800}
801
8ccad811
FB		 802static void cd_data_to_raw(uint8_t *buf, int lba)
803{
804 /* sync bytes */
805 buf[0] = 0x00;
806 memset(buf + 1, 0xff, 10);
807 buf[11] = 0x00;
808 buf += 12;
809 /* MSF */
810 lba_to_msf(buf, lba);
811 buf[3] = 0x01; /* mode 1 data */
812 buf += 4;
813 /* data */
814 buf += 2048;
815 /* XXX: ECC not computed */
816 memset(buf, 0, 288);
817}
818
5fafdf24 819static int cd_read_sector(BlockDriverState *bs, int lba, uint8_t *buf,
98087450
FB		 820 int sector_size)
821{
66c6ef76
FB		 822 int ret;
823
98087450
FB		 824 switch(sector_size) {
825 case 2048:
66c6ef76 826 ret = bdrv_read(bs, (int64_t)lba << 2, buf, 4);
98087450
FB		 827 break;
828 case 2352:
66c6ef76
FB		 829 ret = bdrv_read(bs, (int64_t)lba << 2, buf + 16, 4);
830 if (ret < 0)
831 return ret;
8ccad811 832 cd_data_to_raw(buf, lba);
98087450
FB		 833 break;
834 default:
66c6ef76 835 ret = -EIO;
98087450
FB		 836 break;
837 }
66c6ef76
FB		 838 return ret;
839}
840
356721ae 841void ide_atapi_io_error(IDEState *s, int ret)
66c6ef76
FB		 842{
843 /* XXX: handle more errors */
844 if (ret == -ENOMEDIUM) {
5fafdf24 845 ide_atapi_cmd_error(s, SENSE_NOT_READY,
66c6ef76
FB		 846 ASC_MEDIUM_NOT_PRESENT);
847 } else {
5fafdf24 848 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
66c6ef76
FB		 849 ASC_LOGICAL_BLOCK_OOR);
850 }
98087450
FB		 851}
852
5391d806
FB		 853/* The whole ATAPI transfer logic is handled in this function */
854static void ide_atapi_cmd_reply_end(IDEState *s)
855{
66c6ef76 856 int byte_count_limit, size, ret;
5391d806 857#ifdef DEBUG_IDE_ATAPI
5fafdf24 858 printf("reply: tx_size=%d elem_tx_size=%d index=%d\n",
5391d806
FB		 859 s->packet_transfer_size,
860 s->elementary_transfer_size,
861 s->io_buffer_index);
862#endif
863 if (s->packet_transfer_size <= 0) {
864 /* end of transfer */
865 ide_transfer_stop(s);
41a2b959 866 s->status = READY_STAT | SEEK_STAT;
5391d806
FB		 867 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
868 ide_set_irq(s);
869#ifdef DEBUG_IDE_ATAPI
870 printf("status=0x%x\n", s->status);
871#endif
872 } else {
873 /* see if a new sector must be read */
98087450 874 if (s->lba != -1 && s->io_buffer_index >= s->cd_sector_size) {
66c6ef76
FB		 875 ret = cd_read_sector(s->bs, s->lba, s->io_buffer, s->cd_sector_size);
876 if (ret < 0) {
877 ide_transfer_stop(s);
878 ide_atapi_io_error(s, ret);
879 return;
880 }
5391d806
FB		 881 s->lba++;
882 s->io_buffer_index = 0;
883 }
884 if (s->elementary_transfer_size > 0) {
885 /* there are some data left to transmit in this elementary
886 transfer */
98087450 887 size = s->cd_sector_size - s->io_buffer_index;
5391d806
FB		 888 if (size > s->elementary_transfer_size)
889 size = s->elementary_transfer_size;
5fafdf24 890 ide_transfer_start(s, s->io_buffer + s->io_buffer_index,
5391d806
FB		 891 size, ide_atapi_cmd_reply_end);
892 s->packet_transfer_size -= size;
893 s->elementary_transfer_size -= size;
894 s->io_buffer_index += size;
895 } else {
896 /* a new transfer is needed */
897 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO;
898 byte_count_limit = s->lcyl | (s->hcyl << 8);
899#ifdef DEBUG_IDE_ATAPI
900 printf("byte_count_limit=%d\n", byte_count_limit);
901#endif
902 if (byte_count_limit == 0xffff)
903 byte_count_limit--;
904 size = s->packet_transfer_size;
905 if (size > byte_count_limit) {
906 /* byte count limit must be even if this case */
907 if (byte_count_limit & 1)
908 byte_count_limit--;
909 size = byte_count_limit;
5391d806 910 }
a136e5a8
FB		 911 s->lcyl = size;
912 s->hcyl = size >> 8;
5391d806
FB		 913 s->elementary_transfer_size = size;
914 /* we cannot transmit more than one sector at a time */
915 if (s->lba != -1) {
98087450
FB		 916 if (size > (s->cd_sector_size - s->io_buffer_index))
917 size = (s->cd_sector_size - s->io_buffer_index);
5391d806 918 }
5fafdf24 919 ide_transfer_start(s, s->io_buffer + s->io_buffer_index,
5391d806
FB		 920 size, ide_atapi_cmd_reply_end);
921 s->packet_transfer_size -= size;
922 s->elementary_transfer_size -= size;
923 s->io_buffer_index += size;
924 ide_set_irq(s);
925#ifdef DEBUG_IDE_ATAPI
926 printf("status=0x%x\n", s->status);
927#endif
928 }
929 }
930}
931
932/* send a reply of 'size' bytes in s->io_buffer to an ATAPI command */
933static void ide_atapi_cmd_reply(IDEState *s, int size, int max_size)
934{
935 if (size > max_size)
936 size = max_size;
937 s->lba = -1; /* no sector read */
938 s->packet_transfer_size = size;
5f12ab4b 939 s->io_buffer_size = size; /* dma: send the reply data as one chunk */
5391d806
FB		 940 s->elementary_transfer_size = 0;
941 s->io_buffer_index = 0;
942
5f12ab4b 943 if (s->atapi_dma) {
41a2b959 944 s->status = READY_STAT | SEEK_STAT | DRQ_STAT;
5f12ab4b
TS		 945 ide_dma_start(s, ide_atapi_cmd_read_dma_cb);
946 } else {
41a2b959 947 s->status = READY_STAT | SEEK_STAT;
5f12ab4b
TS		 948 ide_atapi_cmd_reply_end(s);
949 }
5391d806
FB		 950}
951
952/* start a CD-CDROM read command */
98087450
FB		 953static void ide_atapi_cmd_read_pio(IDEState *s, int lba, int nb_sectors,
954 int sector_size)
5391d806 955{
5391d806 956 s->lba = lba;
98087450 957 s->packet_transfer_size = nb_sectors * sector_size;
5391d806 958 s->elementary_transfer_size = 0;
98087450
FB		 959 s->io_buffer_index = sector_size;
960 s->cd_sector_size = sector_size;
5391d806 961
41a2b959 962 s->status = READY_STAT | SEEK_STAT;
5391d806
FB		 963 ide_atapi_cmd_reply_end(s);
964}
965
98087450 966/* ATAPI DMA support */
8ccad811
FB		 967
968/* XXX: handle read errors */
969static void ide_atapi_cmd_read_dma_cb(void *opaque, int ret)
98087450 970{
8ccad811 971 BMDMAState *bm = opaque;
bcbdc4d3 972 IDEState *s = bmdma_active_if(bm);
8ccad811
FB		 973 int data_offset, n;
974
66c6ef76
FB		 975 if (ret < 0) {
976 ide_atapi_io_error(s, ret);
977 goto eot;
978 }
979
8ccad811 980 if (s->io_buffer_size > 0) {
5f12ab4b
TS		 981 /*
982 * For a cdrom read sector command (s->lba != -1),
983 * adjust the lba for the next s->io_buffer_size chunk
984 * and dma the current chunk.
985 * For a command != read (s->lba == -1), just transfer
986 * the reply data.
987 */
988 if (s->lba != -1) {
989 if (s->cd_sector_size == 2352) {
990 n = 1;
991 cd_data_to_raw(s->io_buffer, s->lba);
992 } else {
993 n = s->io_buffer_size >> 11;
994 }
995 s->lba += n;
996 }
8ccad811 997 s->packet_transfer_size -= s->io_buffer_size;
8ccad811
FB		 998 if (dma_buf_rw(bm, 1) == 0)
999 goto eot;
98087450 1000 }
8ccad811 1001
98087450 1002 if (s->packet_transfer_size <= 0) {
41a2b959 1003 s->status = READY_STAT | SEEK_STAT;
98087450
FB		 1004 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
1005 ide_set_irq(s);
8ccad811
FB		 1006 eot:
1007 bm->status &= ~BM_STATUS_DMAING;
1008 bm->status |= BM_STATUS_INT;
1009 bm->dma_cb = NULL;
bcbdc4d3 1010 bm->unit = -1;
8ccad811
FB		 1011 bm->aiocb = NULL;
1012 return;
1013 }
3b46e624 1014
8ccad811
FB		 1015 s->io_buffer_index = 0;
1016 if (s->cd_sector_size == 2352) {
1017 n = 1;
1018 s->io_buffer_size = s->cd_sector_size;
1019 data_offset = 16;
1020 } else {
1021 n = s->packet_transfer_size >> 11;
1d8cde5b
AJ		 1022 if (n > (IDE_DMA_BUF_SECTORS / 4))
1023 n = (IDE_DMA_BUF_SECTORS / 4);
8ccad811
FB		 1024 s->io_buffer_size = n * 2048;
1025 data_offset = 0;
98087450 1026 }
8ccad811
FB		 1027#ifdef DEBUG_AIO
1028 printf("aio_read_cd: lba=%u n=%d\n", s->lba, n);
1029#endif
3f4cb3d3 1030 bm->iov.iov_base = (void *)(s->io_buffer + data_offset);
c87c0672
AL		 1031 bm->iov.iov_len = n * 4 * 512;
1032 qemu_iovec_init_external(&bm->qiov, &bm->iov, 1);
1033 bm->aiocb = bdrv_aio_readv(s->bs, (int64_t)s->lba << 2, &bm->qiov,
1034 n * 4, ide_atapi_cmd_read_dma_cb, bm);
66c6ef76
FB		 1035 if (!bm->aiocb) {
1036 /* Note: media not present is the most likely case */
5fafdf24 1037 ide_atapi_cmd_error(s, SENSE_NOT_READY,
66c6ef76
FB		 1038 ASC_MEDIUM_NOT_PRESENT);
1039 goto eot;
1040 }
98087450
FB		 1041}
1042
1043/* start a CD-CDROM read command with DMA */
1044/* XXX: test if DMA is available */
1045static void ide_atapi_cmd_read_dma(IDEState *s, int lba, int nb_sectors,
1046 int sector_size)
1047{
1048 s->lba = lba;
1049 s->packet_transfer_size = nb_sectors * sector_size;
8ccad811
FB		 1050 s->io_buffer_index = 0;
1051 s->io_buffer_size = 0;
98087450
FB		 1052 s->cd_sector_size = sector_size;
1053
8ccad811 1054 /* XXX: check if BUSY_STAT should be set */
41a2b959 1055 s->status = READY_STAT | SEEK_STAT | DRQ_STAT | BUSY_STAT;
98087450
FB		 1056 ide_dma_start(s, ide_atapi_cmd_read_dma_cb);
1057}
1058
5fafdf24 1059static void ide_atapi_cmd_read(IDEState *s, int lba, int nb_sectors,
98087450
FB		 1060 int sector_size)
1061{
1062#ifdef DEBUG_IDE_ATAPI
5f12ab4b
TS		 1063 printf("read %s: LBA=%d nb_sectors=%d\n", s->atapi_dma ? "dma" : "pio",
1064 lba, nb_sectors);
98087450
FB		 1065#endif
1066 if (s->atapi_dma) {
1067 ide_atapi_cmd_read_dma(s, lba, nb_sectors, sector_size);
1068 } else {
1069 ide_atapi_cmd_read_pio(s, lba, nb_sectors, sector_size);
1070 }
1071}
1072
38cdea7c
AZ		 1073static inline uint8_t ide_atapi_set_profile(uint8_t *buf, uint8_t *index,
1074 uint16_t profile)
1075{
1076 uint8_t *buf_profile = buf + 12; /* start of profiles */
1077
1078 buf_profile += ((*index) * 4); /* start of indexed profile */
1079 cpu_to_ube16 (buf_profile, profile);
1080 buf_profile[2] = ((buf_profile[0] == buf[6]) && (buf_profile[1] == buf[7]));
1081
1082 /* each profile adds 4 bytes to the response */
1083 (*index)++;
1084 buf[11] += 4; /* Additional Length */
1085
1086 return 4;
1087}
1088
8114e9e8
TS		 1089static int ide_dvd_read_structure(IDEState *s, int format,
1090 const uint8_t *packet, uint8_t *buf)
1091{
1092 switch (format) {
1093 case 0x0: /* Physical format information */
1094 {
1095 int layer = packet[6];
1096 uint64_t total_sectors;
1097
1098 if (layer != 0)
1099 return -ASC_INV_FIELD_IN_CMD_PACKET;
1100
1101 bdrv_get_geometry(s->bs, &total_sectors);
1102 total_sectors >>= 2;
1103 if (total_sectors == 0)
1104 return -ASC_MEDIUM_NOT_PRESENT;
1105
1106 buf[4] = 1; /* DVD-ROM, part version 1 */
1107 buf[5] = 0xf; /* 120mm disc, minimum rate unspecified */
1108 buf[6] = 1; /* one layer, read-only (per MMC-2 spec) */
1109 buf[7] = 0; /* default densities */
1110
1111 /* FIXME: 0x30000 per spec? */
1112 cpu_to_ube32(buf + 8, 0); /* start sector */
1113 cpu_to_ube32(buf + 12, total_sectors - 1); /* end sector */
1114 cpu_to_ube32(buf + 16, total_sectors - 1); /* l0 end sector */
1115
1116 /* Size of buffer, not including 2 byte size field */
1117 cpu_to_be16wu((uint16_t *)buf, 2048 + 2);
1118
1119 /* 2k data + 4 byte header */
1120 return (2048 + 4);
1121 }
1122
1123 case 0x01: /* DVD copyright information */
1124 buf[4] = 0; /* no copyright data */
1125 buf[5] = 0; /* no region restrictions */
1126
1127 /* Size of buffer, not including 2 byte size field */
1128 cpu_to_be16wu((uint16_t *)buf, 4 + 2);
1129
1130 /* 4 byte header + 4 byte data */
1131 return (4 + 4);
1132
1133 case 0x03: /* BCA information - invalid field for no BCA info */
1134 return -ASC_INV_FIELD_IN_CMD_PACKET;
1135
1136 case 0x04: /* DVD disc manufacturing information */
1137 /* Size of buffer, not including 2 byte size field */
1138 cpu_to_be16wu((uint16_t *)buf, 2048 + 2);
1139
1140 /* 2k data + 4 byte header */
1141 return (2048 + 4);
1142
1143 case 0xff:
1144 /*
1145 * This lists all the command capabilities above. Add new ones
1146 * in order and update the length and buffer return values.
1147 */
1148
1149 buf[4] = 0x00; /* Physical format */
1150 buf[5] = 0x40; /* Not writable, is readable */
1151 cpu_to_be16wu((uint16_t *)(buf + 6), 2048 + 4);
1152
1153 buf[8] = 0x01; /* Copyright info */
1154 buf[9] = 0x40; /* Not writable, is readable */
1155 cpu_to_be16wu((uint16_t *)(buf + 10), 4 + 4);
1156
1157 buf[12] = 0x03; /* BCA info */
1158 buf[13] = 0x40; /* Not writable, is readable */
1159 cpu_to_be16wu((uint16_t *)(buf + 14), 188 + 4);
1160
1161 buf[16] = 0x04; /* Manufacturing info */
1162 buf[17] = 0x40; /* Not writable, is readable */
1163 cpu_to_be16wu((uint16_t *)(buf + 18), 2048 + 4);
1164
1165 /* Size of buffer, not including 2 byte size field */
1166 cpu_to_be16wu((uint16_t *)buf, 16 + 2);
1167
1168 /* data written + 4 byte header */
1169 return (16 + 4);
1170
1171 default: /* TODO: formats beyond DVD-ROM requires */
1172 return -ASC_INV_FIELD_IN_CMD_PACKET;
1173 }
1174}
1175
5391d806
FB		 1176static void ide_atapi_cmd(IDEState *s)
1177{
1178 const uint8_t *packet;
1179 uint8_t *buf;
1180 int max_len;
1181
1182 packet = s->io_buffer;
1183 buf = s->io_buffer;
1184#ifdef DEBUG_IDE_ATAPI
1185 {
1186 int i;
1187 printf("ATAPI limit=0x%x packet:", s->lcyl | (s->hcyl << 8));
1188 for(i = 0; i < ATAPI_PACKET_SIZE; i++) {
1189 printf(" %02x", packet[i]);
1190 }
1191 printf("\n");
1192 }
1193#endif
9118e7f0
AL		 1194 /* If there's a UNIT_ATTENTION condition pending, only
1195 REQUEST_SENSE and INQUIRY commands are allowed to complete. */
1196 if (s->sense_key == SENSE_UNIT_ATTENTION &&
1197 s->io_buffer[0] != GPCMD_REQUEST_SENSE &&
1198 s->io_buffer[0] != GPCMD_INQUIRY) {
1199 ide_atapi_cmd_check_status(s);
1200 return;
1201 }
5391d806
FB		 1202 switch(s->io_buffer[0]) {
1203 case GPCMD_TEST_UNIT_READY:
93c8cfd9 1204 if (bdrv_is_inserted(s->bs) && !s->cdrom_changed) {
5391d806
FB		 1205 ide_atapi_cmd_ok(s);
1206 } else {
93c8cfd9 1207 s->cdrom_changed = 0;
5fafdf24 1208 ide_atapi_cmd_error(s, SENSE_NOT_READY,
5391d806
FB		 1209 ASC_MEDIUM_NOT_PRESENT);
1210 }
1211 break;
d14049ea 1212 case GPCMD_MODE_SENSE_6:
5391d806
FB		 1213 case GPCMD_MODE_SENSE_10:
1214 {
1215 int action, code;
d14049ea
TS		 1216 if (packet[0] == GPCMD_MODE_SENSE_10)
1217 max_len = ube16_to_cpu(packet + 7);
1218 else
1219 max_len = packet[4];
5391d806
FB		 1220 action = packet[2] >> 6;
1221 code = packet[2] & 0x3f;
1222 switch(action) {
1223 case 0: /* current values */
1224 switch(code) {
1225 case 0x01: /* error recovery */
1226 cpu_to_ube16(&buf[0], 16 + 6);
1227 buf[2] = 0x70;
1228 buf[3] = 0;
1229 buf[4] = 0;
1230 buf[5] = 0;
1231 buf[6] = 0;
1232 buf[7] = 0;
1233
1234 buf[8] = 0x01;
1235 buf[9] = 0x06;
1236 buf[10] = 0x00;
1237 buf[11] = 0x05;
1238 buf[12] = 0x00;
1239 buf[13] = 0x00;
1240 buf[14] = 0x00;
1241 buf[15] = 0x00;
1242 ide_atapi_cmd_reply(s, 16, max_len);
1243 break;
1244 case 0x2a:
1245 cpu_to_ube16(&buf[0], 28 + 6);
1246 buf[2] = 0x70;
1247 buf[3] = 0;
1248 buf[4] = 0;
1249 buf[5] = 0;
1250 buf[6] = 0;
1251 buf[7] = 0;
1252
1253 buf[8] = 0x2a;
1254 buf[9] = 0x12;
0d4a05a1 1255 buf[10] = 0x00;
5391d806 1256 buf[11] = 0x00;
3b46e624 1257
d5b4eb40
AL		 1258 /* Claim PLAY_AUDIO capability (0x01) since some Linux
1259 code checks for this to automount media. */
1260 buf[12] = 0x71;
5391d806
FB		 1261 buf[13] = 3 << 5;
1262 buf[14] = (1 << 0) | (1 << 3) | (1 << 5);
caed8802 1263 if (bdrv_is_locked(s->bs))
5391d806
FB		 1264 buf[6] |= 1 << 1;
1265 buf[15] = 0x00;
1266 cpu_to_ube16(&buf[16], 706);
1267 buf[18] = 0;
1268 buf[19] = 2;
1269 cpu_to_ube16(&buf[20], 512);
1270 cpu_to_ube16(&buf[22], 706);
1271 buf[24] = 0;
1272 buf[25] = 0;
1273 buf[26] = 0;
1274 buf[27] = 0;
1275 ide_atapi_cmd_reply(s, 28, max_len);
1276 break;
1277 default:
1278 goto error_cmd;
1279 }
1280 break;
1281 case 1: /* changeable values */
1282 goto error_cmd;
1283 case 2: /* default values */
1284 goto error_cmd;
1285 default:
1286 case 3: /* saved values */
5fafdf24 1287 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
5391d806
FB		 1288 ASC_SAVING_PARAMETERS_NOT_SUPPORTED);
1289 break;
1290 }
1291 }
1292 break;
1293 case GPCMD_REQUEST_SENSE:
1294 max_len = packet[4];
1295 memset(buf, 0, 18);
1296 buf[0] = 0x70 | (1 << 7);
1297 buf[2] = s->sense_key;
1298 buf[7] = 10;
1299 buf[12] = s->asc;
9118e7f0
AL		 1300 if (s->sense_key == SENSE_UNIT_ATTENTION)
1301 s->sense_key = SENSE_NONE;
5391d806
FB		 1302 ide_atapi_cmd_reply(s, 18, max_len);
1303 break;
1304 case GPCMD_PREVENT_ALLOW_MEDIUM_REMOVAL:
caed8802
FB		 1305 if (bdrv_is_inserted(s->bs)) {
1306 bdrv_set_locked(s->bs, packet[4] & 1);
5391d806
FB		 1307 ide_atapi_cmd_ok(s);
1308 } else {
5fafdf24 1309 ide_atapi_cmd_error(s, SENSE_NOT_READY,
5391d806
FB		 1310 ASC_MEDIUM_NOT_PRESENT);
1311 }
1312 break;
1313 case GPCMD_READ_10:
1314 case GPCMD_READ_12:
1315 {
1316 int nb_sectors, lba;
1317
5391d806
FB		 1318 if (packet[0] == GPCMD_READ_10)
1319 nb_sectors = ube16_to_cpu(packet + 7);
1320 else
1321 nb_sectors = ube32_to_cpu(packet + 6);
1322 lba = ube32_to_cpu(packet + 2);
1323 if (nb_sectors == 0) {
1324 ide_atapi_cmd_ok(s);
1325 break;
1326 }
98087450
FB		 1327 ide_atapi_cmd_read(s, lba, nb_sectors, 2048);
1328 }
1329 break;
1330 case GPCMD_READ_CD:
1331 {
1332 int nb_sectors, lba, transfer_request;
1333
98087450
FB		 1334 nb_sectors = (packet[6] << 16) | (packet[7] << 8) | packet[8];
1335 lba = ube32_to_cpu(packet + 2);
1336 if (nb_sectors == 0) {
1337 ide_atapi_cmd_ok(s);
1338 break;
1339 }
98087450
FB		 1340 transfer_request = packet[9];
1341 switch(transfer_request & 0xf8) {
1342 case 0x00:
1343 /* nothing */
1344 ide_atapi_cmd_ok(s);
1345 break;
1346 case 0x10:
1347 /* normal read */
1348 ide_atapi_cmd_read(s, lba, nb_sectors, 2048);
1349 break;
1350 case 0xf8:
1351 /* read all data */
1352 ide_atapi_cmd_read(s, lba, nb_sectors, 2352);
1353 break;
1354 default:
5fafdf24 1355 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
98087450
FB		 1356 ASC_INV_FIELD_IN_CMD_PACKET);
1357 break;
1358 }
5391d806
FB		 1359 }
1360 break;
1361 case GPCMD_SEEK:
1362 {
96b8f136
TS		 1363 unsigned int lba;
1364 uint64_t total_sectors;
66c6ef76
FB		 1365
1366 bdrv_get_geometry(s->bs, &total_sectors);
1367 total_sectors >>= 2;
96b8f136 1368 if (total_sectors == 0) {
5fafdf24 1369 ide_atapi_cmd_error(s, SENSE_NOT_READY,
5391d806
FB		 1370 ASC_MEDIUM_NOT_PRESENT);
1371 break;
1372 }
1373 lba = ube32_to_cpu(packet + 2);
66c6ef76 1374 if (lba >= total_sectors) {
5fafdf24 1375 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
5391d806
FB		 1376 ASC_LOGICAL_BLOCK_OOR);
1377 break;
1378 }
1379 ide_atapi_cmd_ok(s);
1380 }
1381 break;
1382 case GPCMD_START_STOP_UNIT:
1383 {
aea2a33c 1384 int start, eject, err = 0;
5391d806
FB		 1385 start = packet[4] & 1;
1386 eject = (packet[4] >> 1) & 1;
3b46e624 1387
aea2a33c
MM		 1388 if (eject) {
1389 err = bdrv_eject(s->bs, !start);
1390 }
1391
1392 switch (err) {
1393 case 0:
1394 ide_atapi_cmd_ok(s);
1395 break;
1396 case -EBUSY:
1397 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1398 ASC_MEDIA_REMOVAL_PREVENTED);
1399 break;
1400 default:
1401 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1402 ASC_MEDIUM_NOT_PRESENT);
1403 break;
caed8802 1404 }
5391d806
FB		 1405 }
1406 break;
1407 case GPCMD_MECHANISM_STATUS:
1408 {
1409 max_len = ube16_to_cpu(packet + 8);
1410 cpu_to_ube16(buf, 0);
1411 /* no current LBA */
1412 buf[2] = 0;
1413 buf[3] = 0;
1414 buf[4] = 0;
1415 buf[5] = 1;
1416 cpu_to_ube16(buf + 6, 0);
1417 ide_atapi_cmd_reply(s, 8, max_len);
1418 }
1419 break;
1420 case GPCMD_READ_TOC_PMA_ATIP:
1421 {
1422 int format, msf, start_track, len;
96b8f136 1423 uint64_t total_sectors;
5391d806 1424
66c6ef76
FB		 1425 bdrv_get_geometry(s->bs, &total_sectors);
1426 total_sectors >>= 2;
96b8f136 1427 if (total_sectors == 0) {
5fafdf24 1428 ide_atapi_cmd_error(s, SENSE_NOT_READY,
5391d806
FB		 1429 ASC_MEDIUM_NOT_PRESENT);
1430 break;
1431 }
1432 max_len = ube16_to_cpu(packet + 7);
1433 format = packet[9] >> 6;
1434 msf = (packet[1] >> 1) & 1;
1435 start_track = packet[6];
1436 switch(format) {
1437 case 0:
66c6ef76 1438 len = cdrom_read_toc(total_sectors, buf, msf, start_track);
5391d806
FB		 1439 if (len < 0)
1440 goto error_cmd;
1441 ide_atapi_cmd_reply(s, len, max_len);
1442 break;
1443 case 1:
1444 /* multi session : only a single session defined */
1445 memset(buf, 0, 12);
1446 buf[1] = 0x0a;
1447 buf[2] = 0x01;
1448 buf[3] = 0x01;
1449 ide_atapi_cmd_reply(s, 12, max_len);
1450 break;
98087450 1451 case 2:
66c6ef76 1452 len = cdrom_read_toc_raw(total_sectors, buf, msf, start_track);
98087450
FB		 1453 if (len < 0)
1454 goto error_cmd;
1455 ide_atapi_cmd_reply(s, len, max_len);
1456 break;
5391d806 1457 default:
7f777bf3 1458 error_cmd:
5fafdf24 1459 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
7f777bf3
FB		 1460 ASC_INV_FIELD_IN_CMD_PACKET);
1461 break;
5391d806
FB		 1462 }
1463 }
1464 break;
1465 case GPCMD_READ_CDVD_CAPACITY:
66c6ef76 1466 {
96b8f136 1467 uint64_t total_sectors;
66c6ef76
FB		 1468
1469 bdrv_get_geometry(s->bs, &total_sectors);
1470 total_sectors >>= 2;
96b8f136 1471 if (total_sectors == 0) {
5fafdf24 1472 ide_atapi_cmd_error(s, SENSE_NOT_READY,
66c6ef76
FB		 1473 ASC_MEDIUM_NOT_PRESENT);
1474 break;
1475 }
1476 /* NOTE: it is really the number of sectors minus 1 */
1477 cpu_to_ube32(buf, total_sectors - 1);
1478 cpu_to_ube32(buf + 4, 2048);
1479 ide_atapi_cmd_reply(s, 8, 8);
5391d806 1480 }
5391d806 1481 break;
d14049ea
TS		 1482 case GPCMD_READ_DVD_STRUCTURE:
1483 {
1484 int media = packet[1];
8114e9e8
TS		 1485 int format = packet[7];
1486 int ret;
d14049ea 1487
8114e9e8 1488 max_len = ube16_to_cpu(packet + 8);
d14049ea 1489
8114e9e8
TS		 1490 if (format < 0xff) {
1491 if (media_is_cd(s)) {
1492 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1493 ASC_INCOMPATIBLE_FORMAT);
1494 break;
1495 } else if (!media_present(s)) {
1496 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1497 ASC_INV_FIELD_IN_CMD_PACKET);
1498 break;
1499 }
1500 }
d14049ea 1501
8114e9e8
TS		 1502 memset(buf, 0, max_len > IDE_DMA_BUF_SECTORS * 512 + 4 ?
1503 IDE_DMA_BUF_SECTORS * 512 + 4 : max_len);
d14049ea 1504
8114e9e8
TS		 1505 switch (format) {
1506 case 0x00 ... 0x7f:
1507 case 0xff:
1508 if (media == 0) {
1509 ret = ide_dvd_read_structure(s, format, packet, buf);
d14049ea 1510
8114e9e8
TS		 1511 if (ret < 0)
1512 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST, -ret);
1513 else
1514 ide_atapi_cmd_reply(s, ret, max_len);
d14049ea 1515
8114e9e8
TS		 1516 break;
1517 }
1518 /* TODO: BD support, fall through for now */
1519
1520 /* Generic disk structures */
1521 case 0x80: /* TODO: AACS volume identifier */
1522 case 0x81: /* TODO: AACS media serial number */
1523 case 0x82: /* TODO: AACS media identifier */
1524 case 0x83: /* TODO: AACS media key block */
1525 case 0x90: /* TODO: List of recognized format layers */
1526 case 0xc0: /* TODO: Write protection status */
d14049ea
TS		 1527 default:
1528 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1529 ASC_INV_FIELD_IN_CMD_PACKET);
1530 break;
1531 }
1532 }
1533 break;
1534 case GPCMD_SET_SPEED:
1535 ide_atapi_cmd_ok(s);
1536 break;
bd0d90b2
FB		 1537 case GPCMD_INQUIRY:
1538 max_len = packet[4];
1539 buf[0] = 0x05; /* CD-ROM */
1540 buf[1] = 0x80; /* removable */
1541 buf[2] = 0x00; /* ISO */
1542 buf[3] = 0x21; /* ATAPI-2 (XXX: put ATAPI-4 ?) */
aa1f17c1 1543 buf[4] = 31; /* additional length */
bd0d90b2
FB		 1544 buf[5] = 0; /* reserved */
1545 buf[6] = 0; /* reserved */
1546 buf[7] = 0; /* reserved */
1547 padstr8(buf + 8, 8, "QEMU");
38cdea7c 1548 padstr8(buf + 16, 16, "QEMU DVD-ROM");
bd0d90b2
FB		 1549 padstr8(buf + 32, 4, QEMU_VERSION);
1550 ide_atapi_cmd_reply(s, 36, max_len);
1551 break;
d14049ea
TS		 1552 case GPCMD_GET_CONFIGURATION:
1553 {
38cdea7c 1554 uint32_t len;
091d055b 1555 uint8_t index = 0;
d14049ea
TS		 1556
1557 /* only feature 0 is supported */
1558 if (packet[2] != 0 || packet[3] != 0) {
1559 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1560 ASC_INV_FIELD_IN_CMD_PACKET);
1561 break;
1562 }
38cdea7c
AZ		 1563
1564 /* XXX: could result in alignment problems in some architectures */
1565 max_len = ube16_to_cpu(packet + 7);
091d055b 1566
38cdea7c 1567 /*
091d055b
AZ		 1568 * XXX: avoid overflow for io_buffer if max_len is bigger than
1569 * the size of that buffer (dimensioned to max number of
1570 * sectors to transfer at once)
38cdea7c 1571 *
091d055b 1572 * Only a problem if the feature/profiles grow.
38cdea7c
AZ		 1573 */
1574 if (max_len > 512) /* XXX: assume 1 sector */
1575 max_len = 512;
1576
1577 memset(buf, 0, max_len);
1578 /*
1579 * the number of sectors from the media tells us which profile
1580 * to use as current. 0 means there is no media
38cdea7c 1581 */
8114e9e8
TS		 1582 if (media_is_dvd(s))
1583 cpu_to_ube16(buf + 6, MMC_PROFILE_DVD_ROM);
1584 else if (media_is_cd(s))
1585 cpu_to_ube16(buf + 6, MMC_PROFILE_CD_ROM);
38cdea7c 1586
091d055b
AZ		 1587 buf[10] = 0x02 | 0x01; /* persistent and current */
1588 len = 12; /* headers: 8 + 4 */
1589 len += ide_atapi_set_profile(buf, &index, MMC_PROFILE_DVD_ROM);
1590 len += ide_atapi_set_profile(buf, &index, MMC_PROFILE_CD_ROM);
38cdea7c
AZ		 1591 cpu_to_ube32(buf, len - 4); /* data length */
1592
1593 ide_atapi_cmd_reply(s, len, max_len);
d14049ea
TS		 1594 break;
1595 }
5391d806 1596 default:
5fafdf24 1597 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
7f777bf3 1598 ASC_ILLEGAL_OPCODE);
5391d806
FB		 1599 break;
1600 }
1601}
1602
201a51fc
AZ		 1603static void ide_cfata_metadata_inquiry(IDEState *s)
1604{
1605 uint16_t *p;
1606 uint32_t spd;
1607
1608 p = (uint16_t *) s->io_buffer;
1609 memset(p, 0, 0x200);
1610 spd = ((s->mdata_size - 1) >> 9) + 1;
1611
1612 put_le16(p + 0, 0x0001); /* Data format revision */
1613 put_le16(p + 1, 0x0000); /* Media property: silicon */
1614 put_le16(p + 2, s->media_changed); /* Media status */
1615 put_le16(p + 3, s->mdata_size & 0xffff); /* Capacity in bytes (low) */
1616 put_le16(p + 4, s->mdata_size >> 16); /* Capacity in bytes (high) */
1617 put_le16(p + 5, spd & 0xffff); /* Sectors per device (low) */
1618 put_le16(p + 6, spd >> 16); /* Sectors per device (high) */
1619}
1620
1621static void ide_cfata_metadata_read(IDEState *s)
1622{
1623 uint16_t *p;
1624
1625 if (((s->hcyl << 16) | s->lcyl) << 9 > s->mdata_size + 2) {
1626 s->status = ERR_STAT;
1627 s->error = ABRT_ERR;
1628 return;
1629 }
1630
1631 p = (uint16_t *) s->io_buffer;
1632 memset(p, 0, 0x200);
1633
1634 put_le16(p + 0, s->media_changed); /* Media status */
1635 memcpy(p + 1, s->mdata_storage + (((s->hcyl << 16) | s->lcyl) << 9),
1636 MIN(MIN(s->mdata_size - (((s->hcyl << 16) | s->lcyl) << 9),
1637 s->nsector << 9), 0x200 - 2));
1638}
1639
1640static void ide_cfata_metadata_write(IDEState *s)
1641{
1642 if (((s->hcyl << 16) | s->lcyl) << 9 > s->mdata_size + 2) {
1643 s->status = ERR_STAT;
1644 s->error = ABRT_ERR;
1645 return;
1646 }
1647
1648 s->media_changed = 0;
1649
1650 memcpy(s->mdata_storage + (((s->hcyl << 16) | s->lcyl) << 9),
1651 s->io_buffer + 2,
1652 MIN(MIN(s->mdata_size - (((s->hcyl << 16) | s->lcyl) << 9),
1653 s->nsector << 9), 0x200 - 2));
1654}
1655
bd491d6a
TS		 1656/* called when the inserted state of the media has changed */
1657static void cdrom_change_cb(void *opaque)
1658{
1659 IDEState *s = opaque;
96b8f136 1660 uint64_t nb_sectors;
bd491d6a 1661
bd491d6a
TS		 1662 bdrv_get_geometry(s->bs, &nb_sectors);
1663 s->nb_sectors = nb_sectors;
9118e7f0
AL		 1664
1665 s->sense_key = SENSE_UNIT_ATTENTION;
1666 s->asc = ASC_MEDIUM_MAY_HAVE_CHANGED;
93c8cfd9 1667 s->cdrom_changed = 1;
9118e7f0 1668 ide_set_irq(s);
bd491d6a
TS		 1669}
1670
c2ff060f
FB		 1671static void ide_cmd_lba48_transform(IDEState *s, int lba48)
1672{
1673 s->lba48 = lba48;
1674
1675 /* handle the 'magic' 0 nsector count conversion here. to avoid
1676 * fiddling with the rest of the read logic, we just store the
1677 * full sector count in ->nsector and ignore ->hob_nsector from now
1678 */
1679 if (!s->lba48) {
1680 if (!s->nsector)
1681 s->nsector = 256;
1682 } else {
1683 if (!s->nsector && !s->hob_nsector)
1684 s->nsector = 65536;
1685 else {
1686 int lo = s->nsector;
1687 int hi = s->hob_nsector;
1688
1689 s->nsector = (hi << 8) | lo;
1690 }
1691 }
1692}
1693
bcbdc4d3 1694static void ide_clear_hob(IDEBus *bus)
c2ff060f
FB		 1695{
1696 /* any write clears HOB high bit of device control register */
bcbdc4d3
GH		 1697 bus->ifs[0].select &= ~(1 << 7);
1698 bus->ifs[1].select &= ~(1 << 7);
c2ff060f
FB		 1699}
1700
356721ae 1701void ide_ioport_write(void *opaque, uint32_t addr, uint32_t val)
caed8802 1702{
bcbdc4d3 1703 IDEBus *bus = opaque;
c45c3d00 1704 IDEState *s;
bcbdc4d3 1705 int n;
c2ff060f 1706 int lba48 = 0;
5391d806
FB		 1707
1708#ifdef DEBUG_IDE
1709 printf("IDE: write addr=0x%x val=0x%02x\n", addr, val);
1710#endif
c2ff060f 1711
5391d806 1712 addr &= 7;
fcdd25ab
AL		 1713
1714 /* ignore writes to command block while busy with previous command */
bcbdc4d3 1715 if (addr != 7 && (idebus_active_if(bus)->status & (BUSY_STAT|DRQ_STAT)))
fcdd25ab
AL		 1716 return;
1717
5391d806
FB		 1718 switch(addr) {
1719 case 0:
1720 break;
1721 case 1:
bcbdc4d3 1722 ide_clear_hob(bus);
c45c3d00 1723 /* NOTE: data is written to the two drives */
bcbdc4d3
GH		 1724 bus->ifs[0].hob_feature = bus->ifs[0].feature;
1725 bus->ifs[1].hob_feature = bus->ifs[1].feature;
1726 bus->ifs[0].feature = val;
1727 bus->ifs[1].feature = val;
5391d806
FB		 1728 break;
1729 case 2:
bcbdc4d3
GH		 1730 ide_clear_hob(bus);
1731 bus->ifs[0].hob_nsector = bus->ifs[0].nsector;
1732 bus->ifs[1].hob_nsector = bus->ifs[1].nsector;
1733 bus->ifs[0].nsector = val;
1734 bus->ifs[1].nsector = val;
5391d806
FB		 1735 break;
1736 case 3:
bcbdc4d3
GH		 1737 ide_clear_hob(bus);
1738 bus->ifs[0].hob_sector = bus->ifs[0].sector;
1739 bus->ifs[1].hob_sector = bus->ifs[1].sector;
1740 bus->ifs[0].sector = val;
1741 bus->ifs[1].sector = val;
5391d806
FB		 1742 break;
1743 case 4:
bcbdc4d3
GH		 1744 ide_clear_hob(bus);
1745 bus->ifs[0].hob_lcyl = bus->ifs[0].lcyl;
1746 bus->ifs[1].hob_lcyl = bus->ifs[1].lcyl;
1747 bus->ifs[0].lcyl = val;
1748 bus->ifs[1].lcyl = val;
5391d806
FB		 1749 break;
1750 case 5:
bcbdc4d3
GH		 1751 ide_clear_hob(bus);
1752 bus->ifs[0].hob_hcyl = bus->ifs[0].hcyl;
1753 bus->ifs[1].hob_hcyl = bus->ifs[1].hcyl;
1754 bus->ifs[0].hcyl = val;
1755 bus->ifs[1].hcyl = val;
5391d806
FB		 1756 break;
1757 case 6:
c2ff060f 1758 /* FIXME: HOB readback uses bit 7 */
bcbdc4d3
GH		 1759 bus->ifs[0].select = (val & ~0x10) | 0xa0;
1760 bus->ifs[1].select = (val | 0x10) | 0xa0;
5391d806 1761 /* select drive */
bcbdc4d3 1762 bus->unit = (val >> 4) & 1;
5391d806
FB		 1763 break;
1764 default:
1765 case 7:
1766 /* command */
1767#if defined(DEBUG_IDE)
1768 printf("ide: CMD=%02x\n", val);
1769#endif
bcbdc4d3 1770 s = idebus_active_if(bus);
66201e2d 1771 /* ignore commands to non existant slave */
bcbdc4d3 1772 if (s != bus->ifs && !s->bs)
66201e2d 1773 break;
c2ff060f 1774
fcdd25ab
AL		 1775 /* Only DEVICE RESET is allowed while BSY or/and DRQ are set */
1776 if ((s->status & (BUSY_STAT|DRQ_STAT)) && val != WIN_DEVICE_RESET)
1777 break;
1778
5391d806
FB		 1779 switch(val) {
1780 case WIN_IDENTIFY:
1781 if (s->bs && !s->is_cdrom) {
201a51fc
AZ		 1782 if (!s->is_cf)
1783 ide_identify(s);
1784 else
1785 ide_cfata_identify(s);
2a282056 1786 s->status = READY_STAT | SEEK_STAT;
5391d806
FB		 1787 ide_transfer_start(s, s->io_buffer, 512, ide_transfer_stop);
1788 } else {
1789 if (s->is_cdrom) {
1790 ide_set_signature(s);
1791 }
1792 ide_abort_command(s);
1793 }
1794 ide_set_irq(s);
1795 break;
1796 case WIN_SPECIFY:
1797 case WIN_RECAL:
a136e5a8 1798 s->error = 0;
769bec72 1799 s->status = READY_STAT | SEEK_STAT;
5391d806
FB		 1800 ide_set_irq(s);
1801 break;
1802 case WIN_SETMULT:
201a51fc
AZ		 1803 if (s->is_cf && s->nsector == 0) {
1804 /* Disable Read and Write Multiple */
1805 s->mult_sectors = 0;
41a2b959 1806 s->status = READY_STAT | SEEK_STAT;
201a51fc 1807 } else if ((s->nsector & 0xff) != 0 &&
39dfc926
TS		 1808 ((s->nsector & 0xff) > MAX_MULT_SECTORS ||
1809 (s->nsector & (s->nsector - 1)) != 0)) {
5391d806
FB		 1810 ide_abort_command(s);
1811 } else {
292eef5a 1812 s->mult_sectors = s->nsector & 0xff;
41a2b959 1813 s->status = READY_STAT | SEEK_STAT;
5391d806
FB		 1814 }
1815 ide_set_irq(s);
1816 break;
c2ff060f
FB		 1817 case WIN_VERIFY_EXT:
1818 lba48 = 1;
4ce900b4
FB		 1819 case WIN_VERIFY:
1820 case WIN_VERIFY_ONCE:
1821 /* do sector number check ? */
c2ff060f 1822 ide_cmd_lba48_transform(s, lba48);
41a2b959 1823 s->status = READY_STAT | SEEK_STAT;
4ce900b4
FB		 1824 ide_set_irq(s);
1825 break;
c2ff060f
FB		 1826 case WIN_READ_EXT:
1827 lba48 = 1;
5391d806
FB		 1828 case WIN_READ:
1829 case WIN_READ_ONCE:
5fafdf24 1830 if (!s->bs)
6b136f9e 1831 goto abort_cmd;
c2ff060f 1832 ide_cmd_lba48_transform(s, lba48);
5391d806
FB		 1833 s->req_nb_sectors = 1;
1834 ide_sector_read(s);
1835 break;
c2ff060f
FB		 1836 case WIN_WRITE_EXT:
1837 lba48 = 1;
5391d806
FB		 1838 case WIN_WRITE:
1839 case WIN_WRITE_ONCE:
201a51fc
AZ		 1840 case CFA_WRITE_SECT_WO_ERASE:
1841 case WIN_WRITE_VERIFY:
c2ff060f 1842 ide_cmd_lba48_transform(s, lba48);
a136e5a8 1843 s->error = 0;
f66723fa 1844 s->status = SEEK_STAT | READY_STAT;
5391d806
FB		 1845 s->req_nb_sectors = 1;
1846 ide_transfer_start(s, s->io_buffer, 512, ide_sector_write);
201a51fc 1847 s->media_changed = 1;
5391d806 1848 break;
c2ff060f
FB		 1849 case WIN_MULTREAD_EXT:
1850 lba48 = 1;
5391d806
FB		 1851 case WIN_MULTREAD:
1852 if (!s->mult_sectors)
1853 goto abort_cmd;
c2ff060f 1854 ide_cmd_lba48_transform(s, lba48);
5391d806
FB		 1855 s->req_nb_sectors = s->mult_sectors;
1856 ide_sector_read(s);
1857 break;
c2ff060f
FB		 1858 case WIN_MULTWRITE_EXT:
1859 lba48 = 1;
5391d806 1860 case WIN_MULTWRITE:
201a51fc 1861 case CFA_WRITE_MULTI_WO_ERASE:
5391d806
FB		 1862 if (!s->mult_sectors)
1863 goto abort_cmd;
c2ff060f 1864 ide_cmd_lba48_transform(s, lba48);
a136e5a8 1865 s->error = 0;
f66723fa 1866 s->status = SEEK_STAT | READY_STAT;
5391d806
FB		 1867 s->req_nb_sectors = s->mult_sectors;
1868 n = s->nsector;
1869 if (n > s->req_nb_sectors)
1870 n = s->req_nb_sectors;
1871 ide_transfer_start(s, s->io_buffer, 512 * n, ide_sector_write);
201a51fc 1872 s->media_changed = 1;
5391d806 1873 break;
c2ff060f
FB		 1874 case WIN_READDMA_EXT:
1875 lba48 = 1;
98087450
FB		 1876 case WIN_READDMA:
1877 case WIN_READDMA_ONCE:
5fafdf24 1878 if (!s->bs)
98087450 1879 goto abort_cmd;
c2ff060f 1880 ide_cmd_lba48_transform(s, lba48);
98087450
FB		 1881 ide_sector_read_dma(s);
1882 break;
c2ff060f
FB		 1883 case WIN_WRITEDMA_EXT:
1884 lba48 = 1;
98087450
FB		 1885 case WIN_WRITEDMA:
1886 case WIN_WRITEDMA_ONCE:
5fafdf24 1887 if (!s->bs)
98087450 1888 goto abort_cmd;
c2ff060f 1889 ide_cmd_lba48_transform(s, lba48);
98087450 1890 ide_sector_write_dma(s);
201a51fc 1891 s->media_changed = 1;
98087450 1892 break;
c2ff060f
FB		 1893 case WIN_READ_NATIVE_MAX_EXT:
1894 lba48 = 1;
5391d806 1895 case WIN_READ_NATIVE_MAX:
c2ff060f 1896 ide_cmd_lba48_transform(s, lba48);
5391d806 1897 ide_set_sector(s, s->nb_sectors - 1);
41a2b959 1898 s->status = READY_STAT | SEEK_STAT;
5391d806
FB		 1899 ide_set_irq(s);
1900 break;
a136e5a8 1901 case WIN_CHECKPOWERMODE1:
201a51fc 1902 case WIN_CHECKPOWERMODE2:
a136e5a8 1903 s->nsector = 0xff; /* device active or idle */
41a2b959 1904 s->status = READY_STAT | SEEK_STAT;
a136e5a8
FB		 1905 ide_set_irq(s);
1906 break;
34e538ae
FB		 1907 case WIN_SETFEATURES:
1908 if (!s->bs)
1909 goto abort_cmd;
1910 /* XXX: valid for CDROM ? */
1911 switch(s->feature) {
e1f63470
TS		 1912 case 0xcc: /* reverting to power-on defaults enable */
1913 case 0x66: /* reverting to power-on defaults disable */
34e538ae
FB		 1914 case 0x02: /* write cache enable */
1915 case 0x82: /* write cache disable */
1916 case 0xaa: /* read look-ahead enable */
1917 case 0x55: /* read look-ahead disable */
201a51fc
AZ		 1918 case 0x05: /* set advanced power management mode */
1919 case 0x85: /* disable advanced power management mode */
1920 case 0x69: /* NOP */
1921 case 0x67: /* NOP */
1922 case 0x96: /* NOP */
1923 case 0x9a: /* NOP */
c3e88d8c
TS		 1924 case 0x42: /* enable Automatic Acoustic Mode */
1925 case 0xc2: /* disable Automatic Acoustic Mode */
e0fe67aa 1926 s->status = READY_STAT | SEEK_STAT;
34e538ae
FB		 1927 ide_set_irq(s);
1928 break;
94458802
FB		 1929 case 0x03: { /* set transfer mode */
1930 uint8_t val = s->nsector & 0x07;
1931
1932 switch (s->nsector >> 3) {
1933 case 0x00: /* pio default */
1934 case 0x01: /* pio mode */
d1b5c20d
TS		 1935 put_le16(s->identify_data + 62,0x07);
1936 put_le16(s->identify_data + 63,0x07);
1937 put_le16(s->identify_data + 88,0x3f);
1938 break;
1939 case 0x02: /* sigle word dma mode*/
1940 put_le16(s->identify_data + 62,0x07 | (1 << (val + 8)));
94458802
FB		 1941 put_le16(s->identify_data + 63,0x07);
1942 put_le16(s->identify_data + 88,0x3f);
1943 break;
1944 case 0x04: /* mdma mode */
d1b5c20d 1945 put_le16(s->identify_data + 62,0x07);
94458802
FB		 1946 put_le16(s->identify_data + 63,0x07 | (1 << (val + 8)));
1947 put_le16(s->identify_data + 88,0x3f);
1948 break;
1949 case 0x08: /* udma mode */
d1b5c20d 1950 put_le16(s->identify_data + 62,0x07);
94458802
FB		 1951 put_le16(s->identify_data + 63,0x07);
1952 put_le16(s->identify_data + 88,0x3f | (1 << (val + 8)));
1953 break;
1954 default:
1955 goto abort_cmd;
1956 }
1957 s->status = READY_STAT | SEEK_STAT;
1958 ide_set_irq(s);
1959 break;
1960 }
34e538ae
FB		 1961 default:
1962 goto abort_cmd;
1963 }
1964 break;
c2ff060f
FB		 1965 case WIN_FLUSH_CACHE:
1966 case WIN_FLUSH_CACHE_EXT:
7a6cba61
PB		 1967 if (s->bs)
1968 bdrv_flush(s->bs);
41a2b959 1969 s->status = READY_STAT | SEEK_STAT;
7a6cba61
PB		 1970 ide_set_irq(s);
1971 break;
c3e88d8c
TS		 1972 case WIN_STANDBY:
1973 case WIN_STANDBY2:
1974 case WIN_STANDBYNOW1:
201a51fc 1975 case WIN_STANDBYNOW2:
c451ee71 1976 case WIN_IDLEIMMEDIATE:
201a51fc
AZ		 1977 case CFA_IDLEIMMEDIATE:
1978 case WIN_SETIDLE1:
1979 case WIN_SETIDLE2:
c3e88d8c
TS		 1980 case WIN_SLEEPNOW1:
1981 case WIN_SLEEPNOW2:
1982 s->status = READY_STAT;
a7dfe172
FB		 1983 ide_set_irq(s);
1984 break;
4fbfcd6d
AJ		 1985 case WIN_SEEK:
1986 if(s->is_cdrom)
1987 goto abort_cmd;
1988 /* XXX: Check that seek is within bounds */
1989 s->status = READY_STAT | SEEK_STAT;
1990 ide_set_irq(s);
1991 break;
5391d806
FB		 1992 /* ATAPI commands */
1993 case WIN_PIDENTIFY:
1994 if (s->is_cdrom) {
1995 ide_atapi_identify(s);
1298fe63 1996 s->status = READY_STAT | SEEK_STAT;
5391d806
FB		 1997 ide_transfer_start(s, s->io_buffer, 512, ide_transfer_stop);
1998 } else {
1999 ide_abort_command(s);
2000 }
2001 ide_set_irq(s);
2002 break;
c451ee71
FB		 2003 case WIN_DIAGNOSE:
2004 ide_set_signature(s);
33256a25
AL		 2005 if (s->is_cdrom)
2006 s->status = 0; /* ATAPI spec (v6) section 9.10 defines packet
2007 * devices to return a clear status register
2008 * with READY_STAT *not* set. */
2009 else
2010 s->status = READY_STAT | SEEK_STAT;
2011 s->error = 0x01; /* Device 0 passed, Device 1 passed or not
2012 * present.
2013 */
f5fdd0a8 2014 ide_set_irq(s);
c451ee71 2015 break;
5391d806
FB		 2016 case WIN_SRST:
2017 if (!s->is_cdrom)
2018 goto abort_cmd;
2019 ide_set_signature(s);
6b136f9e 2020 s->status = 0x00; /* NOTE: READY is _not_ set */
5391d806
FB		 2021 s->error = 0x01;
2022 break;
2023 case WIN_PACKETCMD:
2024 if (!s->is_cdrom)
2025 goto abort_cmd;
98087450
FB		 2026 /* overlapping commands not supported */
2027 if (s->feature & 0x02)
5391d806 2028 goto abort_cmd;
41a2b959 2029 s->status = READY_STAT | SEEK_STAT;
98087450 2030 s->atapi_dma = s->feature & 1;
5391d806 2031 s->nsector = 1;
5fafdf24 2032 ide_transfer_start(s, s->io_buffer, ATAPI_PACKET_SIZE,
5391d806
FB		 2033 ide_atapi_cmd);
2034 break;
201a51fc
AZ		 2035 /* CF-ATA commands */
2036 case CFA_REQ_EXT_ERROR_CODE:
2037 if (!s->is_cf)
2038 goto abort_cmd;
2039 s->error = 0x09; /* miscellaneous error */
41a2b959 2040 s->status = READY_STAT | SEEK_STAT;
201a51fc
AZ		 2041 ide_set_irq(s);
2042 break;
2043 case CFA_ERASE_SECTORS:
2044 case CFA_WEAR_LEVEL:
2045 if (!s->is_cf)
2046 goto abort_cmd;
2047 if (val == CFA_WEAR_LEVEL)
2048 s->nsector = 0;
2049 if (val == CFA_ERASE_SECTORS)
2050 s->media_changed = 1;
2051 s->error = 0x00;
41a2b959 2052 s->status = READY_STAT | SEEK_STAT;
201a51fc
AZ		 2053 ide_set_irq(s);
2054 break;
2055 case CFA_TRANSLATE_SECTOR:
2056 if (!s->is_cf)
2057 goto abort_cmd;
2058 s->error = 0x00;
41a2b959 2059 s->status = READY_STAT | SEEK_STAT;
201a51fc
AZ		 2060 memset(s->io_buffer, 0, 0x200);
2061 s->io_buffer[0x00] = s->hcyl; /* Cyl MSB */
2062 s->io_buffer[0x01] = s->lcyl; /* Cyl LSB */
2063 s->io_buffer[0x02] = s->select; /* Head */
2064 s->io_buffer[0x03] = s->sector; /* Sector */
2065 s->io_buffer[0x04] = ide_get_sector(s) >> 16; /* LBA MSB */
2066 s->io_buffer[0x05] = ide_get_sector(s) >> 8; /* LBA */
2067 s->io_buffer[0x06] = ide_get_sector(s) >> 0; /* LBA LSB */
2068 s->io_buffer[0x13] = 0x00; /* Erase flag */
2069 s->io_buffer[0x18] = 0x00; /* Hot count */
2070 s->io_buffer[0x19] = 0x00; /* Hot count */
2071 s->io_buffer[0x1a] = 0x01; /* Hot count */
2072 ide_transfer_start(s, s->io_buffer, 0x200, ide_transfer_stop);
2073 ide_set_irq(s);
2074 break;
2075 case CFA_ACCESS_METADATA_STORAGE:
2076 if (!s->is_cf)
2077 goto abort_cmd;
2078 switch (s->feature) {
2079 case 0x02: /* Inquiry Metadata Storage */
2080 ide_cfata_metadata_inquiry(s);
2081 break;
2082 case 0x03: /* Read Metadata Storage */
2083 ide_cfata_metadata_read(s);
2084 break;
2085 case 0x04: /* Write Metadata Storage */
2086 ide_cfata_metadata_write(s);
2087 break;
2088 default:
2089 goto abort_cmd;
2090 }
2091 ide_transfer_start(s, s->io_buffer, 0x200, ide_transfer_stop);
2092 s->status = 0x00; /* NOTE: READY is _not_ set */
2093 ide_set_irq(s);
2094 break;
2095 case IBM_SENSE_CONDITION:
2096 if (!s->is_cf)
2097 goto abort_cmd;
2098 switch (s->feature) {
2099 case 0x01: /* sense temperature in device */
2100 s->nsector = 0x50; /* +20 C */
2101 break;
2102 default:
2103 goto abort_cmd;
2104 }
41a2b959 2105 s->status = READY_STAT | SEEK_STAT;
201a51fc
AZ		 2106 ide_set_irq(s);
2107 break;
e8b54394
BW		 2108
2109 case WIN_SMART:
2110 if (s->is_cdrom)
2111 goto abort_cmd;
2112 if (s->hcyl != 0xc2 || s->lcyl != 0x4f)
2113 goto abort_cmd;
2114 if (!s->smart_enabled && s->feature != SMART_ENABLE)
2115 goto abort_cmd;
2116 switch (s->feature) {
2117 case SMART_DISABLE:
2118 s->smart_enabled = 0;
2119 s->status = READY_STAT | SEEK_STAT;
2120 ide_set_irq(s);
2121 break;
2122 case SMART_ENABLE:
2123 s->smart_enabled = 1;
2124 s->status = READY_STAT | SEEK_STAT;
2125 ide_set_irq(s);
2126 break;
2127 case SMART_ATTR_AUTOSAVE:
2128 switch (s->sector) {
2129 case 0x00:
2130 s->smart_autosave = 0;
2131 break;
2132 case 0xf1:
2133 s->smart_autosave = 1;
2134 break;
2135 default:
2136 goto abort_cmd;
2137 }
2138 s->status = READY_STAT | SEEK_STAT;
2139 ide_set_irq(s);
2140 break;
2141 case SMART_STATUS:
2142 if (!s->smart_errors) {
2143 s->hcyl = 0xc2;
2144 s->lcyl = 0x4f;
2145 } else {
2146 s->hcyl = 0x2c;
2147 s->lcyl = 0xf4;
2148 }
2149 s->status = READY_STAT | SEEK_STAT;
2150 ide_set_irq(s);
2151 break;
2152 case SMART_READ_THRESH:
2153 memset(s->io_buffer, 0, 0x200);
2154 s->io_buffer[0] = 0x01; /* smart struct version */
2155 for (n=0; n<30; n++) {
2156 if (smart_attributes[n][0] == 0)
2157 break;
2158 s->io_buffer[2+0+(n*12)] = smart_attributes[n][0];
2159 s->io_buffer[2+1+(n*12)] = smart_attributes[n][4];
2160 }
2161 for (n=0; n<511; n++) /* checksum */
2162 s->io_buffer[511] += s->io_buffer[n];
2163 s->io_buffer[511] = 0x100 - s->io_buffer[511];
2164 s->status = READY_STAT | SEEK_STAT;
2165 ide_transfer_start(s, s->io_buffer, 0x200, ide_transfer_stop);
2166 ide_set_irq(s);
2167 break;
2168 case SMART_READ_DATA:
2169 memset(s->io_buffer, 0, 0x200);
2170 s->io_buffer[0] = 0x01; /* smart struct version */
2171 for (n=0; n<30; n++) {
2172 if (smart_attributes[n][0] == 0)
2173 break;
2174 s->io_buffer[2+0+(n*12)] = smart_attributes[n][0];
2175 s->io_buffer[2+1+(n*12)] = smart_attributes[n][1];
2176 s->io_buffer[2+3+(n*12)] = smart_attributes[n][2];
2177 s->io_buffer[2+4+(n*12)] = smart_attributes[n][3];
2178 }
2179 s->io_buffer[362] = 0x02 | (s->smart_autosave?0x80:0x00);
2180 if (s->smart_selftest_count == 0) {
2181 s->io_buffer[363] = 0;
2182 } else {
2183 s->io_buffer[363] =
2184 s->smart_selftest_data[3 +
2185 (s->smart_selftest_count - 1) *
2186 24];
2187 }
2188 s->io_buffer[364] = 0x20;
2189 s->io_buffer[365] = 0x01;
2190 /* offline data collection capacity: execute + self-test*/
2191 s->io_buffer[367] = (1<<4 | 1<<3 | 1);
2192 s->io_buffer[368] = 0x03; /* smart capability (1) */
2193 s->io_buffer[369] = 0x00; /* smart capability (2) */
2194 s->io_buffer[370] = 0x01; /* error logging supported */
2195 s->io_buffer[372] = 0x02; /* minutes for poll short test */
2196 s->io_buffer[373] = 0x36; /* minutes for poll ext test */
2197 s->io_buffer[374] = 0x01; /* minutes for poll conveyance */
2198
2199 for (n=0; n<511; n++)
2200 s->io_buffer[511] += s->io_buffer[n];
2201 s->io_buffer[511] = 0x100 - s->io_buffer[511];
2202 s->status = READY_STAT | SEEK_STAT;
2203 ide_transfer_start(s, s->io_buffer, 0x200, ide_transfer_stop);
2204 ide_set_irq(s);
2205 break;
2206 case SMART_READ_LOG:
2207 switch (s->sector) {
2208 case 0x01: /* summary smart error log */
2209 memset(s->io_buffer, 0, 0x200);
2210 s->io_buffer[0] = 0x01;
2211 s->io_buffer[1] = 0x00; /* no error entries */
2212 s->io_buffer[452] = s->smart_errors & 0xff;
2213 s->io_buffer[453] = (s->smart_errors & 0xff00) >> 8;
2214
2215 for (n=0; n<511; n++)
2216 s->io_buffer[511] += s->io_buffer[n];
2217 s->io_buffer[511] = 0x100 - s->io_buffer[511];
2218 break;
2219 case 0x06: /* smart self test log */
2220 memset(s->io_buffer, 0, 0x200);
2221 s->io_buffer[0] = 0x01;
2222 if (s->smart_selftest_count == 0) {
2223 s->io_buffer[508] = 0;
2224 } else {
2225 s->io_buffer[508] = s->smart_selftest_count;
2226 for (n=2; n<506; n++)
2227 s->io_buffer[n] = s->smart_selftest_data[n];
2228 }
2229 for (n=0; n<511; n++)
2230 s->io_buffer[511] += s->io_buffer[n];
2231 s->io_buffer[511] = 0x100 - s->io_buffer[511];
2232 break;
2233 default:
2234 goto abort_cmd;
2235 }
2236 s->status = READY_STAT | SEEK_STAT;
2237 ide_transfer_start(s, s->io_buffer, 0x200, ide_transfer_stop);
2238 ide_set_irq(s);
2239 break;
2240 case SMART_EXECUTE_OFFLINE:
2241 switch (s->sector) {
2242 case 0: /* off-line routine */
2243 case 1: /* short self test */
2244 case 2: /* extended self test */
2245 s->smart_selftest_count++;
2246 if(s->smart_selftest_count > 21)
2247 s->smart_selftest_count = 0;
2248 n = 2 + (s->smart_selftest_count - 1) * 24;
2249 s->smart_selftest_data[n] = s->sector;
2250 s->smart_selftest_data[n+1] = 0x00; /* OK and finished */
2251 s->smart_selftest_data[n+2] = 0x34; /* hour count lsb */
2252 s->smart_selftest_data[n+3] = 0x12; /* hour count msb */
2253 s->status = READY_STAT | SEEK_STAT;
2254 ide_set_irq(s);
2255 break;
2256 default:
2257 goto abort_cmd;
2258 }
2259 break;
2260 default:
2261 goto abort_cmd;
2262 }
2263 break;
5391d806
FB		 2264 default:
2265 abort_cmd:
2266 ide_abort_command(s);
2267 ide_set_irq(s);
2268 break;
2269 }
2270 }
2271}
2272
356721ae 2273uint32_t ide_ioport_read(void *opaque, uint32_t addr1)
5391d806 2274{
bcbdc4d3
GH		 2275 IDEBus *bus = opaque;
2276 IDEState *s = idebus_active_if(bus);
5391d806 2277 uint32_t addr;
c2ff060f 2278 int ret, hob;
5391d806
FB		 2279
2280 addr = addr1 & 7;
c2ff060f
FB		 2281 /* FIXME: HOB readback uses bit 7, but it's always set right now */
2282 //hob = s->select & (1 << 7);
2283 hob = 0;
5391d806
FB		 2284 switch(addr) {
2285 case 0:
2286 ret = 0xff;
2287 break;
2288 case 1:
bcbdc4d3
GH		 2289 if ((!bus->ifs[0].bs && !bus->ifs[1].bs) ||
2290 (s != bus->ifs && !s->bs))
c45c3d00 2291 ret = 0;
c2ff060f 2292 else if (!hob)
c45c3d00 2293 ret = s->error;
c2ff060f
FB		 2294 else
2295 ret = s->hob_feature;
5391d806
FB		 2296 break;
2297 case 2:
bcbdc4d3 2298 if (!bus->ifs[0].bs && !bus->ifs[1].bs)
c45c3d00 2299 ret = 0;
c2ff060f 2300 else if (!hob)
c45c3d00 2301 ret = s->nsector & 0xff;
c2ff060f
FB		 2302 else
2303 ret = s->hob_nsector;
5391d806
FB		 2304 break;
2305 case 3:
bcbdc4d3 2306 if (!bus->ifs[0].bs && !bus->ifs[1].bs)
c45c3d00 2307 ret = 0;
c2ff060f 2308 else if (!hob)
c45c3d00 2309 ret = s->sector;
c2ff060f
FB		 2310 else
2311 ret = s->hob_sector;
5391d806
FB		 2312 break;
2313 case 4:
bcbdc4d3 2314 if (!bus->ifs[0].bs && !bus->ifs[1].bs)
c45c3d00 2315 ret = 0;
c2ff060f 2316 else if (!hob)
c45c3d00 2317 ret = s->lcyl;
c2ff060f
FB		 2318 else
2319 ret = s->hob_lcyl;
5391d806
FB		 2320 break;
2321 case 5:
bcbdc4d3 2322 if (!bus->ifs[0].bs && !bus->ifs[1].bs)
c45c3d00 2323 ret = 0;
c2ff060f 2324 else if (!hob)
c45c3d00 2325 ret = s->hcyl;
c2ff060f
FB		 2326 else
2327 ret = s->hob_hcyl;
5391d806
FB		 2328 break;
2329 case 6:
bcbdc4d3 2330 if (!bus->ifs[0].bs && !bus->ifs[1].bs)
c45c3d00
FB		 2331 ret = 0;
2332 else
7ae98627 2333 ret = s->select;
5391d806
FB		 2334 break;
2335 default:
2336 case 7:
bcbdc4d3
GH		 2337 if ((!bus->ifs[0].bs && !bus->ifs[1].bs) ||
2338 (s != bus->ifs && !s->bs))
c45c3d00
FB		 2339 ret = 0;
2340 else
2341 ret = s->status;
d537cf6c 2342 qemu_irq_lower(s->irq);
5391d806
FB		 2343 break;
2344 }
2345#ifdef DEBUG_IDE
2346 printf("ide: read addr=0x%x val=%02x\n", addr1, ret);
2347#endif
2348 return ret;
2349}
2350
356721ae 2351uint32_t ide_status_read(void *opaque, uint32_t addr)
5391d806 2352{
bcbdc4d3
GH		 2353 IDEBus *bus = opaque;
2354 IDEState *s = idebus_active_if(bus);
5391d806 2355 int ret;
7ae98627 2356
bcbdc4d3
GH		 2357 if ((!bus->ifs[0].bs && !bus->ifs[1].bs) ||
2358 (s != bus->ifs && !s->bs))
7ae98627
FB		 2359 ret = 0;
2360 else
2361 ret = s->status;
5391d806
FB		 2362#ifdef DEBUG_IDE
2363 printf("ide: read status addr=0x%x val=%02x\n", addr, ret);
2364#endif
2365 return ret;
2366}
2367
356721ae 2368void ide_cmd_write(void *opaque, uint32_t addr, uint32_t val)
5391d806 2369{
bcbdc4d3 2370 IDEBus *bus = opaque;
5391d806
FB		 2371 IDEState *s;
2372 int i;
2373
2374#ifdef DEBUG_IDE
2375 printf("ide: write control addr=0x%x val=%02x\n", addr, val);
2376#endif
2377 /* common for both drives */
bcbdc4d3 2378 if (!(bus->ifs[0].cmd & IDE_CMD_RESET) &&
5391d806
FB		 2379 (val & IDE_CMD_RESET)) {
2380 /* reset low to high */
2381 for(i = 0;i < 2; i++) {
bcbdc4d3 2382 s = &bus->ifs[i];
5391d806
FB		 2383 s->status = BUSY_STAT | SEEK_STAT;
2384 s->error = 0x01;
2385 }
bcbdc4d3 2386 } else if ((bus->ifs[0].cmd & IDE_CMD_RESET) &&
5391d806
FB		 2387 !(val & IDE_CMD_RESET)) {
2388 /* high to low */
2389 for(i = 0;i < 2; i++) {
bcbdc4d3 2390 s = &bus->ifs[i];
6b136f9e
FB		 2391 if (s->is_cdrom)
2392 s->status = 0x00; /* NOTE: READY is _not_ set */
2393 else
56bf1d37 2394 s->status = READY_STAT | SEEK_STAT;
5391d806
FB		 2395 ide_set_signature(s);
2396 }
2397 }
2398
bcbdc4d3
GH		 2399 bus->ifs[0].cmd = val;
2400 bus->ifs[1].cmd = val;
5391d806
FB		 2401}
2402
356721ae 2403void ide_data_writew(void *opaque, uint32_t addr, uint32_t val)
5391d806 2404{
bcbdc4d3
GH		 2405 IDEBus *bus = opaque;
2406 IDEState *s = idebus_active_if(bus);
5391d806
FB		 2407 uint8_t *p;
2408
fcdd25ab
AL		 2409 /* PIO data access allowed only when DRQ bit is set */
2410 if (!(s->status & DRQ_STAT))
2411 return;
2412
5391d806 2413 p = s->data_ptr;
0c4ad8dc 2414 *(uint16_t *)p = le16_to_cpu(val);
5391d806
FB		 2415 p += 2;
2416 s->data_ptr = p;
2417 if (p >= s->data_end)
2418 s->end_transfer_func(s);
2419}
2420
356721ae 2421uint32_t ide_data_readw(void *opaque, uint32_t addr)
5391d806 2422{
bcbdc4d3
GH		 2423 IDEBus *bus = opaque;
2424 IDEState *s = idebus_active_if(bus);
5391d806
FB		 2425 uint8_t *p;
2426 int ret;
fcdd25ab
AL		 2427
2428 /* PIO data access allowed only when DRQ bit is set */
2429 if (!(s->status & DRQ_STAT))
2430 return 0;
2431
5391d806 2432 p = s->data_ptr;
0c4ad8dc 2433 ret = cpu_to_le16(*(uint16_t *)p);
5391d806
FB		 2434 p += 2;
2435 s->data_ptr = p;
2436 if (p >= s->data_end)
2437 s->end_transfer_func(s);
2438 return ret;
2439}
2440
356721ae 2441void ide_data_writel(void *opaque, uint32_t addr, uint32_t val)
5391d806 2442{
bcbdc4d3
GH		 2443 IDEBus *bus = opaque;
2444 IDEState *s = idebus_active_if(bus);
5391d806
FB		 2445 uint8_t *p;
2446
fcdd25ab
AL		 2447 /* PIO data access allowed only when DRQ bit is set */
2448 if (!(s->status & DRQ_STAT))
2449 return;
2450
5391d806 2451 p = s->data_ptr;
0c4ad8dc 2452 *(uint32_t *)p = le32_to_cpu(val);
5391d806
FB		 2453 p += 4;
2454 s->data_ptr = p;
2455 if (p >= s->data_end)
2456 s->end_transfer_func(s);
2457}
2458
356721ae 2459uint32_t ide_data_readl(void *opaque, uint32_t addr)
5391d806 2460{
bcbdc4d3
GH		 2461 IDEBus *bus = opaque;
2462 IDEState *s = idebus_active_if(bus);
5391d806
FB		 2463 uint8_t *p;
2464 int ret;
3b46e624 2465
fcdd25ab
AL		 2466 /* PIO data access allowed only when DRQ bit is set */
2467 if (!(s->status & DRQ_STAT))
2468 return 0;
2469
5391d806 2470 p = s->data_ptr;
0c4ad8dc 2471 ret = cpu_to_le32(*(uint32_t *)p);
5391d806
FB		 2472 p += 4;
2473 s->data_ptr = p;
2474 if (p >= s->data_end)
2475 s->end_transfer_func(s);
2476 return ret;
2477}
2478
a7dfe172
FB		 2479static void ide_dummy_transfer_stop(IDEState *s)
2480{
2481 s->data_ptr = s->io_buffer;
2482 s->data_end = s->io_buffer;
2483 s->io_buffer[0] = 0xff;
2484 s->io_buffer[1] = 0xff;
2485 s->io_buffer[2] = 0xff;
2486 s->io_buffer[3] = 0xff;
2487}
2488
356721ae 2489void ide_reset(IDEState *s)
5391d806 2490{
bcbdc4d3
GH		 2491 IDEBus *bus = s->bus;
2492
201a51fc
AZ		 2493 if (s->is_cf)
2494 s->mult_sectors = 0;
2495 else
2496 s->mult_sectors = MAX_MULT_SECTORS;
bcbdc4d3 2497 bus->unit = s->unit;
5391d806 2498 s->select = 0xa0;
41a2b959 2499 s->status = READY_STAT | SEEK_STAT;
5391d806 2500 ide_set_signature(s);
a7dfe172
FB		 2501 /* init the transfer handler so that 0xffff is returned on data
2502 accesses */
2503 s->end_transfer_func = ide_dummy_transfer_stop;
2504 ide_dummy_transfer_stop(s);
201a51fc 2505 s->media_changed = 0;
5391d806
FB		 2506}
2507
356721ae
GH		 2508void ide_init2(IDEBus *bus, BlockDriverState *hd0, BlockDriverState *hd1,
2509 qemu_irq irq)
5391d806 2510{
69b91039 2511 IDEState *s;
aedf5382 2512 static int drive_serial = 1;
f3d54fc4 2513 int i, cylinders, heads, secs;
96b8f136 2514 uint64_t nb_sectors;
5391d806 2515
caed8802 2516 for(i = 0; i < 2; i++) {
bcbdc4d3
GH		 2517 s = bus->ifs + i;
2518 s->bus = bus;
2519 s->unit = i;
2520 s->bs = (i == 0) ? hd0 : hd1;
e268ca52 2521 s->io_buffer = qemu_blockalign(s->bs, IDE_DMA_BUF_SECTORS*512 + 4);
5391d806
FB		 2522 if (s->bs) {
2523 bdrv_get_geometry(s->bs, &nb_sectors);
f3d54fc4
AL		 2524 bdrv_guess_geometry(s->bs, &cylinders, &heads, &secs);
2525 s->cylinders = cylinders;
2526 s->heads = heads;
2527 s->sectors = secs;
5391d806 2528 s->nb_sectors = nb_sectors;
e8b54394
BW		 2529 /* The SMART values should be preserved across power cycles
2530 but they aren't. */
2531 s->smart_enabled = 1;
2532 s->smart_autosave = 1;
2533 s->smart_errors = 0;
2534 s->smart_selftest_count = 0;
2535 s->smart_selftest_data = qemu_blockalign(s->bs, 512);
caed8802
FB		 2536 if (bdrv_get_type_hint(s->bs) == BDRV_TYPE_CDROM) {
2537 s->is_cdrom = 1;
bd491d6a 2538 bdrv_set_change_cb(s->bs, cdrom_change_cb, s);
5391d806
FB		 2539 }
2540 }
aedf5382 2541 s->drive_serial = drive_serial++;
fa879c64
AL		 2542 strncpy(s->drive_serial_str, drive_get_serial(s->bs),
2543 sizeof(s->drive_serial_str));
2544 if (strlen(s->drive_serial_str) == 0)
2545 snprintf(s->drive_serial_str, sizeof(s->drive_serial_str),
2546 "QM%05d", s->drive_serial);
caed8802 2547 s->irq = irq;
5fafdf24 2548 s->sector_write_timer = qemu_new_timer(vm_clock,
a09db21f 2549 ide_sector_write_timer_cb, s);
5391d806
FB		 2550 ide_reset(s);
2551 }
69b91039
FB		 2552}
2553
356721ae 2554void ide_init_ioport(IDEBus *bus, int iobase, int iobase2)
69b91039 2555{
bcbdc4d3
GH		 2556 register_ioport_write(iobase, 8, 1, ide_ioport_write, bus);
2557 register_ioport_read(iobase, 8, 1, ide_ioport_read, bus);
caed8802 2558 if (iobase2) {
bcbdc4d3
GH		 2559 register_ioport_read(iobase2, 1, 1, ide_status_read, bus);
2560 register_ioport_write(iobase2, 1, 1, ide_cmd_write, bus);
5391d806 2561 }
3b46e624 2562
caed8802 2563 /* data ports */
bcbdc4d3
GH		 2564 register_ioport_write(iobase, 2, 2, ide_data_writew, bus);
2565 register_ioport_read(iobase, 2, 2, ide_data_readw, bus);
2566 register_ioport_write(iobase, 4, 4, ide_data_writel, bus);
2567 register_ioport_read(iobase, 4, 4, ide_data_readl, bus);
5391d806 2568}
69b91039 2569
aa941b94 2570/* save per IDE drive data */
356721ae 2571void ide_save(QEMUFile* f, IDEState *s)
aa941b94 2572{
bee8d684
TS		 2573 qemu_put_be32(f, s->mult_sectors);
2574 qemu_put_be32(f, s->identify_set);
aa941b94
AZ		 2575 if (s->identify_set) {
2576 qemu_put_buffer(f, (const uint8_t *)s->identify_data, 512);
2577 }
2578 qemu_put_8s(f, &s->feature);
2579 qemu_put_8s(f, &s->error);
2580 qemu_put_be32s(f, &s->nsector);
2581 qemu_put_8s(f, &s->sector);
2582 qemu_put_8s(f, &s->lcyl);
2583 qemu_put_8s(f, &s->hcyl);
2584 qemu_put_8s(f, &s->hob_feature);
2585 qemu_put_8s(f, &s->hob_nsector);
2586 qemu_put_8s(f, &s->hob_sector);
2587 qemu_put_8s(f, &s->hob_lcyl);
2588 qemu_put_8s(f, &s->hob_hcyl);
2589 qemu_put_8s(f, &s->select);
2590 qemu_put_8s(f, &s->status);
2591 qemu_put_8s(f, &s->lba48);
2592
2593 qemu_put_8s(f, &s->sense_key);
2594 qemu_put_8s(f, &s->asc);
0bf5e443 2595 qemu_put_8s(f, &s->cdrom_changed);
aa941b94
AZ		 2596 /* XXX: if a transfer is pending, we do not save it yet */
2597}
2598
2599/* load per IDE drive data */
356721ae 2600void ide_load(QEMUFile* f, IDEState *s, int version_id)
aa941b94 2601{
bee8d684
TS		 2602 s->mult_sectors=qemu_get_be32(f);
2603 s->identify_set=qemu_get_be32(f);
aa941b94
AZ		 2604 if (s->identify_set) {
2605 qemu_get_buffer(f, (uint8_t *)s->identify_data, 512);
2606 }
2607 qemu_get_8s(f, &s->feature);
2608 qemu_get_8s(f, &s->error);
2609 qemu_get_be32s(f, &s->nsector);
2610 qemu_get_8s(f, &s->sector);
2611 qemu_get_8s(f, &s->lcyl);
2612 qemu_get_8s(f, &s->hcyl);
2613 qemu_get_8s(f, &s->hob_feature);
2614 qemu_get_8s(f, &s->hob_nsector);
2615 qemu_get_8s(f, &s->hob_sector);
2616 qemu_get_8s(f, &s->hob_lcyl);
2617 qemu_get_8s(f, &s->hob_hcyl);
2618 qemu_get_8s(f, &s->select);
2619 qemu_get_8s(f, &s->status);
2620 qemu_get_8s(f, &s->lba48);
2621
2622 qemu_get_8s(f, &s->sense_key);
2623 qemu_get_8s(f, &s->asc);
93c8cfd9
GN		 2624 if (version_id == 3) {
2625 qemu_get_8s(f, &s->cdrom_changed);
2626 } else {
2627 if (s->sense_key == SENSE_UNIT_ATTENTION &&
2628 s->asc == ASC_MEDIUM_MAY_HAVE_CHANGED)
2629 s->cdrom_changed = 1;
2630 }
aa941b94
AZ		 2631 /* XXX: if a transfer is pending, we do not save it yet */
2632}
2633
356721ae 2634void idebus_save(QEMUFile* f, IDEBus *bus)
bcbdc4d3
GH		 2635{
2636 IDEState *s = idebus_active_if(bus);
2637 qemu_put_8s(f, &s->cmd);
2638 qemu_put_8s(f, &bus->unit);
2639}
2640
356721ae 2641void idebus_load(QEMUFile* f, IDEBus *bus, int version_id)
bcbdc4d3
GH		 2642{
2643 IDEState *s;
2644 uint8_t cmd;
2645
2646 qemu_get_8s(f, &cmd);
2647 qemu_get_8s(f, &bus->unit);
2648 s = idebus_active_if(bus);
2649 s->cmd = cmd;
2650}
2651
69b91039
FB		 2652/***********************************************************/
2653/* PCI IDE definitions */
2654
8ccad811 2655static void ide_dma_start(IDEState *s, BlockDriverCompletionFunc *dma_cb)
98087450 2656{
bcbdc4d3 2657 BMDMAState *bm = s->bus->bmdma;
98087450
FB		 2658 if(!bm)
2659 return;
bcbdc4d3 2660 bm->unit = s->unit;
98087450 2661 bm->dma_cb = dma_cb;
8ccad811
FB		 2662 bm->cur_prd_last = 0;
2663 bm->cur_prd_addr = 0;
2664 bm->cur_prd_len = 0;
428c5705
AL		 2665 bm->sector_num = ide_get_sector(s);
2666 bm->nsector = s->nsector;
98087450 2667 if (bm->status & BM_STATUS_DMAING) {
8ccad811 2668 bm->dma_cb(bm, 0);
98087450
FB		 2669 }
2670}
2671
428c5705
AL		 2672static void ide_dma_restart(IDEState *s)
2673{
bcbdc4d3 2674 BMDMAState *bm = s->bus->bmdma;
428c5705
AL		 2675 ide_set_sector(s, bm->sector_num);
2676 s->io_buffer_index = 0;
2677 s->io_buffer_size = 0;
2678 s->nsector = bm->nsector;
2679 bm->cur_addr = bm->addr;
2680 bm->dma_cb = ide_write_dma_cb;
2681 ide_dma_start(s, bm->dma_cb);
2682}
2683
356721ae 2684void ide_dma_cancel(BMDMAState *bm)
72c7b06c
AL		 2685{
2686 if (bm->status & BM_STATUS_DMAING) {
2687 bm->status &= ~BM_STATUS_DMAING;
2688 /* cancel DMA request */
bcbdc4d3 2689 bm->unit = -1;
72c7b06c
AL		 2690 bm->dma_cb = NULL;
2691 if (bm->aiocb) {
2692#ifdef DEBUG_AIO
2693 printf("aio_cancel\n");
2694#endif
2695 bdrv_aio_cancel(bm->aiocb);
2696 bm->aiocb = NULL;
2697 }
2698 }
2699}
2700
Qemu copy for testing