]> git.proxmox.com Git - qemu.git/blame - hw/ide.c
projects / qemu.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
set migration max downtime
[qemu.git] / hw / ide.c
CommitLineData
5391d806 1/*
38cdea7c 2 * QEMU IDE disk and CD/DVD-ROM Emulator
5fafdf24 3 *
5391d806 4 * Copyright (c) 2003 Fabrice Bellard
201a51fc 5 * Copyright (c) 2006 Openedhand Ltd.
5fafdf24 6 *
5391d806
FB		 7 * Permission is hereby granted, free of charge, to any person obtaining a copy
8 * of this software and associated documentation files (the "Software"), to deal
9 * in the Software without restriction, including without limitation the rights
10 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
11 * copies of the Software, and to permit persons to whom the Software is
12 * furnished to do so, subject to the following conditions:
13 *
14 * The above copyright notice and this permission notice shall be included in
15 * all copies or substantial portions of the Software.
16 *
17 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
18 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
19 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
20 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
21 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
22 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
23 * THE SOFTWARE.
24 */
87ecb68b
PB		 25#include "hw.h"
26#include "pc.h"
27#include "pci.h"
28#include "scsi-disk.h"
29#include "pcmcia.h"
30#include "block.h"
b0a7b120 31#include "block_int.h"
87ecb68b
PB		 32#include "qemu-timer.h"
33#include "sysemu.h"
9596ebb7 34#include "ppc_mac.h"
e3007e66 35#include "mac_dbdma.h"
b79e1752 36#include "sh.h"
1fb8648d 37#include "dma.h"
5391d806 38
5391d806
FB		 39/* debug IDE devices */
40//#define DEBUG_IDE
41//#define DEBUG_IDE_ATAPI
8ccad811
FB		 42//#define DEBUG_AIO
43#define USE_DMA_CDROM
5391d806
FB		 44
45/* Bits of HD_STATUS */
46#define ERR_STAT 0x01
47#define INDEX_STAT 0x02
48#define ECC_STAT 0x04 /* Corrected error */
49#define DRQ_STAT 0x08
50#define SEEK_STAT 0x10
51#define SRV_STAT 0x10
52#define WRERR_STAT 0x20
53#define READY_STAT 0x40
54#define BUSY_STAT 0x80
55
56/* Bits for HD_ERROR */
57#define MARK_ERR 0x01 /* Bad address mark */
58#define TRK0_ERR 0x02 /* couldn't find track 0 */
59#define ABRT_ERR 0x04 /* Command aborted */
60#define MCR_ERR 0x08 /* media change request */
61#define ID_ERR 0x10 /* ID field not found */
62#define MC_ERR 0x20 /* media changed */
63#define ECC_ERR 0x40 /* Uncorrectable ECC error */
64#define BBD_ERR 0x80 /* pre-EIDE meaning: block marked bad */
65#define ICRC_ERR 0x80 /* new meaning: CRC error during transfer */
66
67/* Bits of HD_NSECTOR */
68#define CD 0x01
69#define IO 0x02
70#define REL 0x04
71#define TAG_MASK 0xf8
72
73#define IDE_CMD_RESET 0x04
74#define IDE_CMD_DISABLE_IRQ 0x02
75
76/* ATA/ATAPI Commands pre T13 Spec */
77#define WIN_NOP 0x00
78/*
79 * 0x01->0x02 Reserved
80 */
81#define CFA_REQ_EXT_ERROR_CODE 0x03 /* CFA Request Extended Error Code */
82/*
83 * 0x04->0x07 Reserved
84 */
85#define WIN_SRST 0x08 /* ATAPI soft reset command */
86#define WIN_DEVICE_RESET 0x08
87/*
88 * 0x09->0x0F Reserved
89 */
90#define WIN_RECAL 0x10
91#define WIN_RESTORE WIN_RECAL
92/*
93 * 0x10->0x1F Reserved
94 */
95#define WIN_READ 0x20 /* 28-Bit */
96#define WIN_READ_ONCE 0x21 /* 28-Bit without retries */
97#define WIN_READ_LONG 0x22 /* 28-Bit */
98#define WIN_READ_LONG_ONCE 0x23 /* 28-Bit without retries */
99#define WIN_READ_EXT 0x24 /* 48-Bit */
100#define WIN_READDMA_EXT 0x25 /* 48-Bit */
101#define WIN_READDMA_QUEUED_EXT 0x26 /* 48-Bit */
102#define WIN_READ_NATIVE_MAX_EXT 0x27 /* 48-Bit */
103/*
104 * 0x28
105 */
106#define WIN_MULTREAD_EXT 0x29 /* 48-Bit */
107/*
108 * 0x2A->0x2F Reserved
109 */
110#define WIN_WRITE 0x30 /* 28-Bit */
111#define WIN_WRITE_ONCE 0x31 /* 28-Bit without retries */
112#define WIN_WRITE_LONG 0x32 /* 28-Bit */
113#define WIN_WRITE_LONG_ONCE 0x33 /* 28-Bit without retries */
114#define WIN_WRITE_EXT 0x34 /* 48-Bit */
115#define WIN_WRITEDMA_EXT 0x35 /* 48-Bit */
116#define WIN_WRITEDMA_QUEUED_EXT 0x36 /* 48-Bit */
117#define WIN_SET_MAX_EXT 0x37 /* 48-Bit */
118#define CFA_WRITE_SECT_WO_ERASE 0x38 /* CFA Write Sectors without erase */
119#define WIN_MULTWRITE_EXT 0x39 /* 48-Bit */
120/*
121 * 0x3A->0x3B Reserved
122 */
123#define WIN_WRITE_VERIFY 0x3C /* 28-Bit */
124/*
125 * 0x3D->0x3F Reserved
126 */
127#define WIN_VERIFY 0x40 /* 28-Bit - Read Verify Sectors */
128#define WIN_VERIFY_ONCE 0x41 /* 28-Bit - without retries */
129#define WIN_VERIFY_EXT 0x42 /* 48-Bit */
130/*
131 * 0x43->0x4F Reserved
132 */
133#define WIN_FORMAT 0x50
134/*
135 * 0x51->0x5F Reserved
136 */
137#define WIN_INIT 0x60
138/*
139 * 0x61->0x5F Reserved
140 */
141#define WIN_SEEK 0x70 /* 0x70-0x7F Reserved */
142#define CFA_TRANSLATE_SECTOR 0x87 /* CFA Translate Sector */
143#define WIN_DIAGNOSE 0x90
144#define WIN_SPECIFY 0x91 /* set drive geometry translation */
145#define WIN_DOWNLOAD_MICROCODE 0x92
146#define WIN_STANDBYNOW2 0x94
201a51fc 147#define CFA_IDLEIMMEDIATE 0x95 /* force drive to become "ready" */
5391d806
FB		 148#define WIN_STANDBY2 0x96
149#define WIN_SETIDLE2 0x97
150#define WIN_CHECKPOWERMODE2 0x98
151#define WIN_SLEEPNOW2 0x99
152/*
153 * 0x9A VENDOR
154 */
155#define WIN_PACKETCMD 0xA0 /* Send a packet command. */
156#define WIN_PIDENTIFY 0xA1 /* identify ATAPI device */
157#define WIN_QUEUED_SERVICE 0xA2
158#define WIN_SMART 0xB0 /* self-monitoring and reporting */
201a51fc
AZ		 159#define CFA_ACCESS_METADATA_STORAGE 0xB8
160#define CFA_ERASE_SECTORS 0xC0 /* microdrives implement as NOP */
5391d806
FB		 161#define WIN_MULTREAD 0xC4 /* read sectors using multiple mode*/
162#define WIN_MULTWRITE 0xC5 /* write sectors using multiple mode */
163#define WIN_SETMULT 0xC6 /* enable/disable multiple mode */
164#define WIN_READDMA_QUEUED 0xC7 /* read sectors using Queued DMA transfers */
165#define WIN_READDMA 0xC8 /* read sectors using DMA transfers */
166#define WIN_READDMA_ONCE 0xC9 /* 28-Bit - without retries */
167#define WIN_WRITEDMA 0xCA /* write sectors using DMA transfers */
168#define WIN_WRITEDMA_ONCE 0xCB /* 28-Bit - without retries */
169#define WIN_WRITEDMA_QUEUED 0xCC /* write sectors using Queued DMA transfers */
170#define CFA_WRITE_MULTI_WO_ERASE 0xCD /* CFA Write multiple without erase */
5fafdf24 171#define WIN_GETMEDIASTATUS 0xDA
5391d806
FB		 172#define WIN_ACKMEDIACHANGE 0xDB /* ATA-1, ATA-2 vendor */
173#define WIN_POSTBOOT 0xDC
174#define WIN_PREBOOT 0xDD
175#define WIN_DOORLOCK 0xDE /* lock door on removable drives */
176#define WIN_DOORUNLOCK 0xDF /* unlock door on removable drives */
177#define WIN_STANDBYNOW1 0xE0
178#define WIN_IDLEIMMEDIATE 0xE1 /* force drive to become "ready" */
179#define WIN_STANDBY 0xE2 /* Set device in Standby Mode */
180#define WIN_SETIDLE1 0xE3
181#define WIN_READ_BUFFER 0xE4 /* force read only 1 sector */
182#define WIN_CHECKPOWERMODE1 0xE5
183#define WIN_SLEEPNOW1 0xE6
184#define WIN_FLUSH_CACHE 0xE7
185#define WIN_WRITE_BUFFER 0xE8 /* force write only 1 sector */
186#define WIN_WRITE_SAME 0xE9 /* read ata-2 to use */
187 /* SET_FEATURES 0x22 or 0xDD */
188#define WIN_FLUSH_CACHE_EXT 0xEA /* 48-Bit */
189#define WIN_IDENTIFY 0xEC /* ask drive to identify itself */
190#define WIN_MEDIAEJECT 0xED
191#define WIN_IDENTIFY_DMA 0xEE /* same as WIN_IDENTIFY, but DMA */
192#define WIN_SETFEATURES 0xEF /* set special drive features */
193#define EXABYTE_ENABLE_NEST 0xF0
201a51fc 194#define IBM_SENSE_CONDITION 0xF0 /* measure disk temperature */
5391d806
FB		 195#define WIN_SECURITY_SET_PASS 0xF1
196#define WIN_SECURITY_UNLOCK 0xF2
197#define WIN_SECURITY_ERASE_PREPARE 0xF3
198#define WIN_SECURITY_ERASE_UNIT 0xF4
199#define WIN_SECURITY_FREEZE_LOCK 0xF5
201a51fc 200#define CFA_WEAR_LEVEL 0xF5 /* microdrives implement as NOP */
5391d806
FB		 201#define WIN_SECURITY_DISABLE 0xF6
202#define WIN_READ_NATIVE_MAX 0xF8 /* return the native maximum address */
203#define WIN_SET_MAX 0xF9
204#define DISABLE_SEAGATE 0xFB
205
206/* set to 1 set disable mult support */
f66723fa 207#define MAX_MULT_SECTORS 16
5391d806 208
1d8cde5b
AJ		 209#define IDE_DMA_BUF_SECTORS 256
210
211#if (IDE_DMA_BUF_SECTORS < MAX_MULT_SECTORS)
212#error "IDE_DMA_BUF_SECTORS must be bigger or equal to MAX_MULT_SECTORS"
213#endif
214
5391d806
FB		 215/* ATAPI defines */
216
217#define ATAPI_PACKET_SIZE 12
218
219/* The generic packet command opcodes for CD/DVD Logical Units,
220 * From Table 57 of the SFF8090 Ver. 3 (Mt. Fuji) draft standard. */
221#define GPCMD_BLANK 0xa1
222#define GPCMD_CLOSE_TRACK 0x5b
223#define GPCMD_FLUSH_CACHE 0x35
224#define GPCMD_FORMAT_UNIT 0x04
225#define GPCMD_GET_CONFIGURATION 0x46
226#define GPCMD_GET_EVENT_STATUS_NOTIFICATION 0x4a
227#define GPCMD_GET_PERFORMANCE 0xac
228#define GPCMD_INQUIRY 0x12
229#define GPCMD_LOAD_UNLOAD 0xa6
230#define GPCMD_MECHANISM_STATUS 0xbd
231#define GPCMD_MODE_SELECT_10 0x55
232#define GPCMD_MODE_SENSE_10 0x5a
233#define GPCMD_PAUSE_RESUME 0x4b
234#define GPCMD_PLAY_AUDIO_10 0x45
235#define GPCMD_PLAY_AUDIO_MSF 0x47
236#define GPCMD_PLAY_AUDIO_TI 0x48
237#define GPCMD_PLAY_CD 0xbc
238#define GPCMD_PREVENT_ALLOW_MEDIUM_REMOVAL 0x1e
239#define GPCMD_READ_10 0x28
240#define GPCMD_READ_12 0xa8
241#define GPCMD_READ_CDVD_CAPACITY 0x25
242#define GPCMD_READ_CD 0xbe
243#define GPCMD_READ_CD_MSF 0xb9
244#define GPCMD_READ_DISC_INFO 0x51
245#define GPCMD_READ_DVD_STRUCTURE 0xad
246#define GPCMD_READ_FORMAT_CAPACITIES 0x23
247#define GPCMD_READ_HEADER 0x44
248#define GPCMD_READ_TRACK_RZONE_INFO 0x52
249#define GPCMD_READ_SUBCHANNEL 0x42
250#define GPCMD_READ_TOC_PMA_ATIP 0x43
251#define GPCMD_REPAIR_RZONE_TRACK 0x58
252#define GPCMD_REPORT_KEY 0xa4
253#define GPCMD_REQUEST_SENSE 0x03
254#define GPCMD_RESERVE_RZONE_TRACK 0x53
255#define GPCMD_SCAN 0xba
256#define GPCMD_SEEK 0x2b
257#define GPCMD_SEND_DVD_STRUCTURE 0xad
258#define GPCMD_SEND_EVENT 0xa2
259#define GPCMD_SEND_KEY 0xa3
260#define GPCMD_SEND_OPC 0x54
261#define GPCMD_SET_READ_AHEAD 0xa7
262#define GPCMD_SET_STREAMING 0xb6
263#define GPCMD_START_STOP_UNIT 0x1b
264#define GPCMD_STOP_PLAY_SCAN 0x4e
265#define GPCMD_TEST_UNIT_READY 0x00
266#define GPCMD_VERIFY_10 0x2f
267#define GPCMD_WRITE_10 0x2a
268#define GPCMD_WRITE_AND_VERIFY_10 0x2e
5fafdf24 269/* This is listed as optional in ATAPI 2.6, but is (curiously)
5391d806
FB		 270 * missing from Mt. Fuji, Table 57. It _is_ mentioned in Mt. Fuji
271 * Table 377 as an MMC command for SCSi devices though... Most ATAPI
272 * drives support it. */
273#define GPCMD_SET_SPEED 0xbb
5fafdf24 274/* This seems to be a SCSI specific CD-ROM opcode
5391d806
FB		 275 * to play data at track/index */
276#define GPCMD_PLAYAUDIO_TI 0x48
277/*
278 * From MS Media Status Notification Support Specification. For
279 * older drives only.
280 */
281#define GPCMD_GET_MEDIA_STATUS 0xda
d14049ea 282#define GPCMD_MODE_SENSE_6 0x1a
5391d806
FB		 283
284/* Mode page codes for mode sense/set */
285#define GPMODE_R_W_ERROR_PAGE 0x01
286#define GPMODE_WRITE_PARMS_PAGE 0x05
287#define GPMODE_AUDIO_CTL_PAGE 0x0e
288#define GPMODE_POWER_PAGE 0x1a
289#define GPMODE_FAULT_FAIL_PAGE 0x1c
290#define GPMODE_TO_PROTECT_PAGE 0x1d
291#define GPMODE_CAPABILITIES_PAGE 0x2a
292#define GPMODE_ALL_PAGES 0x3f
293/* Not in Mt. Fuji, but in ATAPI 2.6 -- depricated now in favor
294 * of MODE_SENSE_POWER_PAGE */
295#define GPMODE_CDROM_PAGE 0x0d
296
38cdea7c
AZ		 297/*
298 * Based on values from <linux/cdrom.h> but extending CD_MINS
299 * to the maximum common size allowed by the Orange's Book ATIP
300 *
301 * 90 and 99 min CDs are also available but using them as the
302 * upper limit reduces the effectiveness of the heuristic to
303 * detect DVDs burned to less than 25% of their maximum capacity
304 */
305
306/* Some generally useful CD-ROM information */
307#define CD_MINS 80 /* max. minutes per CD */
308#define CD_SECS 60 /* seconds per minute */
309#define CD_FRAMES 75 /* frames per second */
310#define CD_FRAMESIZE 2048 /* bytes per frame, "cooked" mode */
311#define CD_MAX_BYTES (CD_MINS * CD_SECS * CD_FRAMES * CD_FRAMESIZE)
312#define CD_MAX_SECTORS (CD_MAX_BYTES / 512)
313
314/*
315 * The MMC values are not IDE specific and might need to be moved
316 * to a common header if they are also needed for the SCSI emulation
317 */
318
319/* Profile list from MMC-6 revision 1 table 91 */
320#define MMC_PROFILE_NONE 0x0000
321#define MMC_PROFILE_CD_ROM 0x0008
322#define MMC_PROFILE_CD_R 0x0009
323#define MMC_PROFILE_CD_RW 0x000A
324#define MMC_PROFILE_DVD_ROM 0x0010
325#define MMC_PROFILE_DVD_R_SR 0x0011
326#define MMC_PROFILE_DVD_RAM 0x0012
327#define MMC_PROFILE_DVD_RW_RO 0x0013
328#define MMC_PROFILE_DVD_RW_SR 0x0014
329#define MMC_PROFILE_DVD_R_DL_SR 0x0015
330#define MMC_PROFILE_DVD_R_DL_JR 0x0016
331#define MMC_PROFILE_DVD_RW_DL 0x0017
332#define MMC_PROFILE_DVD_DDR 0x0018
333#define MMC_PROFILE_DVD_PLUS_RW 0x001A
334#define MMC_PROFILE_DVD_PLUS_R 0x001B
335#define MMC_PROFILE_DVD_PLUS_RW_DL 0x002A
336#define MMC_PROFILE_DVD_PLUS_R_DL 0x002B
337#define MMC_PROFILE_BD_ROM 0x0040
338#define MMC_PROFILE_BD_R_SRM 0x0041
339#define MMC_PROFILE_BD_R_RRM 0x0042
340#define MMC_PROFILE_BD_RE 0x0043
341#define MMC_PROFILE_HDDVD_ROM 0x0050
342#define MMC_PROFILE_HDDVD_R 0x0051
343#define MMC_PROFILE_HDDVD_RAM 0x0052
344#define MMC_PROFILE_HDDVD_RW 0x0053
345#define MMC_PROFILE_HDDVD_R_DL 0x0058
346#define MMC_PROFILE_HDDVD_RW_DL 0x005A
347#define MMC_PROFILE_INVALID 0xFFFF
348
5391d806
FB		 349#define ATAPI_INT_REASON_CD 0x01 /* 0 = data transfer */
350#define ATAPI_INT_REASON_IO 0x02 /* 1 = transfer to the host */
351#define ATAPI_INT_REASON_REL 0x04
352#define ATAPI_INT_REASON_TAG 0xf8
353
354/* same constants as bochs */
7f777bf3 355#define ASC_ILLEGAL_OPCODE 0x20
5391d806
FB		 356#define ASC_LOGICAL_BLOCK_OOR 0x21
357#define ASC_INV_FIELD_IN_CMD_PACKET 0x24
9118e7f0 358#define ASC_MEDIUM_MAY_HAVE_CHANGED 0x28
8114e9e8 359#define ASC_INCOMPATIBLE_FORMAT 0x30
5391d806
FB		 360#define ASC_MEDIUM_NOT_PRESENT 0x3a
361#define ASC_SAVING_PARAMETERS_NOT_SUPPORTED 0x39
362
201a51fc
AZ		 363#define CFA_NO_ERROR 0x00
364#define CFA_MISC_ERROR 0x09
365#define CFA_INVALID_COMMAND 0x20
366#define CFA_INVALID_ADDRESS 0x21
367#define CFA_ADDRESS_OVERFLOW 0x2f
368
5391d806
FB		 369#define SENSE_NONE 0
370#define SENSE_NOT_READY 2
371#define SENSE_ILLEGAL_REQUEST 5
372#define SENSE_UNIT_ATTENTION 6
373
374struct IDEState;
375
376typedef void EndTransferFunc(struct IDEState *);
377
caed8802 378/* NOTE: IDEState represents in fact one drive */
5391d806
FB		 379typedef struct IDEState {
380 /* ide config */
381 int is_cdrom;
201a51fc 382 int is_cf;
5391d806
FB		 383 int cylinders, heads, sectors;
384 int64_t nb_sectors;
385 int mult_sectors;
94458802
FB		 386 int identify_set;
387 uint16_t identify_data[256];
d537cf6c 388 qemu_irq irq;
34e538ae 389 PCIDevice *pci_dev;
98087450 390 struct BMDMAState *bmdma;
aedf5382 391 int drive_serial;
fa879c64 392 char drive_serial_str[21];
5391d806
FB		 393 /* ide regs */
394 uint8_t feature;
395 uint8_t error;
c2ff060f 396 uint32_t nsector;
5391d806
FB		 397 uint8_t sector;
398 uint8_t lcyl;
399 uint8_t hcyl;
c2ff060f
FB		 400 /* other part of tf for lba48 support */
401 uint8_t hob_feature;
402 uint8_t hob_nsector;
403 uint8_t hob_sector;
404 uint8_t hob_lcyl;
405 uint8_t hob_hcyl;
406
5391d806
FB		 407 uint8_t select;
408 uint8_t status;
c2ff060f 409
5391d806
FB		 410 /* 0x3f6 command, only meaningful for drive 0 */
411 uint8_t cmd;
c2ff060f
FB		 412 /* set for lba48 access */
413 uint8_t lba48;
5391d806 414 /* depends on bit 4 in select, only meaningful for drive 0 */
5fafdf24 415 struct IDEState *cur_drive;
5391d806
FB		 416 BlockDriverState *bs;
417 /* ATAPI specific */
418 uint8_t sense_key;
419 uint8_t asc;
420 int packet_transfer_size;
421 int elementary_transfer_size;
422 int io_buffer_index;
423 int lba;
98087450
FB		 424 int cd_sector_size;
425 int atapi_dma; /* true if dma is requested for the packet cmd */
426 /* ATA DMA state */
427 int io_buffer_size;
1fb8648d 428 QEMUSGList sg;
98087450 429 /* PIO transfer handling */
5391d806
FB		 430 int req_nb_sectors; /* number of sectors per interrupt */
431 EndTransferFunc *end_transfer_func;
432 uint8_t *data_ptr;
433 uint8_t *data_end;
33f00271 434 uint8_t *io_buffer;
31c2a146 435 QEMUTimer *sector_write_timer; /* only used for win2k install hack */
e774a278 436 uint32_t irq_count; /* counts IRQs when using win2k install hack */
201a51fc
AZ		 437 /* CF-ATA extended error */
438 uint8_t ext_error;
439 /* CF-ATA metadata storage */
440 uint32_t mdata_size;
441 uint8_t *mdata_storage;
442 int media_changed;
e3007e66
AJ		 443 /* for pmac */
444 int is_read;
5391d806
FB		 445} IDEState;
446
8114e9e8
TS		 447/* XXX: DVDs that could fit on a CD will be reported as a CD */
448static inline int media_present(IDEState *s)
449{
450 return (s->nb_sectors > 0);
451}
452
453static inline int media_is_dvd(IDEState *s)
454{
455 return (media_present(s) && s->nb_sectors > CD_MAX_SECTORS);
456}
457
458static inline int media_is_cd(IDEState *s)
459{
460 return (media_present(s) && s->nb_sectors <= CD_MAX_SECTORS);
461}
462
98087450
FB		 463#define BM_STATUS_DMAING 0x01
464#define BM_STATUS_ERROR 0x02
465#define BM_STATUS_INT 0x04
428c5705
AL		 466#define BM_STATUS_DMA_RETRY 0x08
467#define BM_STATUS_PIO_RETRY 0x10
98087450
FB		 468
469#define BM_CMD_START 0x01
470#define BM_CMD_READ 0x08
471
5457c8ce
FB		 472#define IDE_TYPE_PIIX3 0
473#define IDE_TYPE_CMD646 1
afcc3cdf 474#define IDE_TYPE_PIIX4 2
5457c8ce
FB		 475
476/* CMD646 specific */
477#define MRDMODE 0x71
478#define MRDMODE_INTR_CH0 0x04
479#define MRDMODE_INTR_CH1 0x08
480#define MRDMODE_BLK_CH0 0x10
481#define MRDMODE_BLK_CH1 0x20
482#define UDIDETCR0 0x73
483#define UDIDETCR1 0x7B
484
98087450
FB		 485typedef struct BMDMAState {
486 uint8_t cmd;
487 uint8_t status;
488 uint32_t addr;
3b46e624 489
5457c8ce 490 struct PCIIDEState *pci_dev;
98087450 491 /* current transfer state */
8ccad811
FB		 492 uint32_t cur_addr;
493 uint32_t cur_prd_last;
494 uint32_t cur_prd_addr;
495 uint32_t cur_prd_len;
98087450 496 IDEState *ide_if;
8ccad811
FB		 497 BlockDriverCompletionFunc *dma_cb;
498 BlockDriverAIOCB *aiocb;
c87c0672
AL		 499 struct iovec iov;
500 QEMUIOVector qiov;
428c5705
AL		 501 int64_t sector_num;
502 uint32_t nsector;
98087450
FB		 503} BMDMAState;
504
505typedef struct PCIIDEState {
506 PCIDevice dev;
507 IDEState ide_if[4];
508 BMDMAState bmdma[2];
5457c8ce 509 int type; /* see IDE_TYPE_xxx */
98087450
FB		 510} PCIIDEState;
511
8ccad811 512static void ide_dma_start(IDEState *s, BlockDriverCompletionFunc *dma_cb);
428c5705 513static void ide_dma_restart(IDEState *s);
5f12ab4b 514static void ide_atapi_cmd_read_dma_cb(void *opaque, int ret);
98087450 515
5391d806
FB		 516static void padstr(char *str, const char *src, int len)
517{
518 int i, v;
519 for(i = 0; i < len; i++) {
520 if (*src)
521 v = *src++;
522 else
523 v = ' ';
69b34976 524 str[i^1] = v;
5391d806
FB		 525 }
526}
527
bd0d90b2
FB		 528static void padstr8(uint8_t *buf, int buf_size, const char *src)
529{
530 int i;
531 for(i = 0; i < buf_size; i++) {
532 if (*src)
533 buf[i] = *src++;
534 else
535 buf[i] = ' ';
536 }
537}
538
67b915a5
FB		 539static void put_le16(uint16_t *p, unsigned int v)
540{
0c4ad8dc 541 *p = cpu_to_le16(v);
67b915a5
FB		 542}
543
5391d806
FB		 544static void ide_identify(IDEState *s)
545{
546 uint16_t *p;
547 unsigned int oldsize;
548
94458802
FB		 549 if (s->identify_set) {
550 memcpy(s->io_buffer, s->identify_data, sizeof(s->identify_data));
551 return;
552 }
553
5391d806
FB		 554 memset(s->io_buffer, 0, 512);
555 p = (uint16_t *)s->io_buffer;
67b915a5 556 put_le16(p + 0, 0x0040);
5fafdf24 557 put_le16(p + 1, s->cylinders);
67b915a5
FB		 558 put_le16(p + 3, s->heads);
559 put_le16(p + 4, 512 * s->sectors); /* XXX: retired, remove ? */
560 put_le16(p + 5, 512); /* XXX: retired, remove ? */
5fafdf24 561 put_le16(p + 6, s->sectors);
fa879c64 562 padstr((char *)(p + 10), s->drive_serial_str, 20); /* serial number */
67b915a5
FB		 563 put_le16(p + 20, 3); /* XXX: retired, remove ? */
564 put_le16(p + 21, 512); /* cache size in sectors */
565 put_le16(p + 22, 4); /* ecc bytes */
60fe76f3
TS		 566 padstr((char *)(p + 23), QEMU_VERSION, 8); /* firmware version */
567 padstr((char *)(p + 27), "QEMU HARDDISK", 40); /* model */
3b46e624 568#if MAX_MULT_SECTORS > 1
67b915a5 569 put_le16(p + 47, 0x8000 | MAX_MULT_SECTORS);
5391d806 570#endif
67b915a5 571 put_le16(p + 48, 1); /* dword I/O */
94458802 572 put_le16(p + 49, (1 << 11) | (1 << 9) | (1 << 8)); /* DMA and LBA supported */
67b915a5
FB		 573 put_le16(p + 51, 0x200); /* PIO transfer cycle */
574 put_le16(p + 52, 0x200); /* DMA transfer cycle */
94458802 575 put_le16(p + 53, 1 | (1 << 1) | (1 << 2)); /* words 54-58,64-70,88 are valid */
67b915a5
FB		 576 put_le16(p + 54, s->cylinders);
577 put_le16(p + 55, s->heads);
578 put_le16(p + 56, s->sectors);
5391d806 579 oldsize = s->cylinders * s->heads * s->sectors;
67b915a5
FB		 580 put_le16(p + 57, oldsize);
581 put_le16(p + 58, oldsize >> 16);
5391d806 582 if (s->mult_sectors)
67b915a5
FB		 583 put_le16(p + 59, 0x100 | s->mult_sectors);
584 put_le16(p + 60, s->nb_sectors);
585 put_le16(p + 61, s->nb_sectors >> 16);
d1b5c20d 586 put_le16(p + 62, 0x07); /* single word dma0-2 supported */
94458802
FB		 587 put_le16(p + 63, 0x07); /* mdma0-2 supported */
588 put_le16(p + 65, 120);
589 put_le16(p + 66, 120);
590 put_le16(p + 67, 120);
591 put_le16(p + 68, 120);
592 put_le16(p + 80, 0xf0); /* ata3 -> ata6 supported */
593 put_le16(p + 81, 0x16); /* conforms to ata5 */
67b915a5 594 put_le16(p + 82, (1 << 14));
c2ff060f
FB		 595 /* 13=flush_cache_ext,12=flush_cache,10=lba48 */
596 put_le16(p + 83, (1 << 14) | (1 << 13) | (1 <<12) | (1 << 10));
67b915a5
FB		 597 put_le16(p + 84, (1 << 14));
598 put_le16(p + 85, (1 << 14));
c2ff060f
FB		 599 /* 13=flush_cache_ext,12=flush_cache,10=lba48 */
600 put_le16(p + 86, (1 << 14) | (1 << 13) | (1 <<12) | (1 << 10));
67b915a5 601 put_le16(p + 87, (1 << 14));
94458802
FB		 602 put_le16(p + 88, 0x3f | (1 << 13)); /* udma5 set and supported */
603 put_le16(p + 93, 1 | (1 << 14) | 0x2000);
c2ff060f
FB		 604 put_le16(p + 100, s->nb_sectors);
605 put_le16(p + 101, s->nb_sectors >> 16);
606 put_le16(p + 102, s->nb_sectors >> 32);
607 put_le16(p + 103, s->nb_sectors >> 48);
94458802
FB		 608
609 memcpy(s->identify_data, p, sizeof(s->identify_data));
610 s->identify_set = 1;
5391d806
FB		 611}
612
613static void ide_atapi_identify(IDEState *s)
614{
615 uint16_t *p;
616
94458802
FB		 617 if (s->identify_set) {
618 memcpy(s->io_buffer, s->identify_data, sizeof(s->identify_data));
619 return;
620 }
621
5391d806
FB		 622 memset(s->io_buffer, 0, 512);
623 p = (uint16_t *)s->io_buffer;
624 /* Removable CDROM, 50us response, 12 byte packets */
67b915a5 625 put_le16(p + 0, (2 << 14) | (5 << 8) | (1 << 7) | (2 << 5) | (0 << 0));
fa879c64 626 padstr((char *)(p + 10), s->drive_serial_str, 20); /* serial number */
67b915a5
FB		 627 put_le16(p + 20, 3); /* buffer type */
628 put_le16(p + 21, 512); /* cache size in sectors */
629 put_le16(p + 22, 4); /* ecc bytes */
60fe76f3 630 padstr((char *)(p + 23), QEMU_VERSION, 8); /* firmware version */
38cdea7c 631 padstr((char *)(p + 27), "QEMU DVD-ROM", 40); /* model */
67b915a5 632 put_le16(p + 48, 1); /* dword I/O (XXX: should not be set on CDROM) */
8ccad811
FB		 633#ifdef USE_DMA_CDROM
634 put_le16(p + 49, 1 << 9 | 1 << 8); /* DMA and LBA supported */
635 put_le16(p + 53, 7); /* words 64-70, 54-58, 88 valid */
d1b5c20d 636 put_le16(p + 62, 7); /* single word dma0-2 supported */
8ccad811
FB		 637 put_le16(p + 63, 7); /* mdma0-2 supported */
638 put_le16(p + 64, 0x3f); /* PIO modes supported */
639#else
67b915a5
FB		 640 put_le16(p + 49, 1 << 9); /* LBA supported, no DMA */
641 put_le16(p + 53, 3); /* words 64-70, 54-58 valid */
642 put_le16(p + 63, 0x103); /* DMA modes XXX: may be incorrect */
643 put_le16(p + 64, 1); /* PIO modes */
8ccad811 644#endif
67b915a5
FB		 645 put_le16(p + 65, 0xb4); /* minimum DMA multiword tx cycle time */
646 put_le16(p + 66, 0xb4); /* recommended DMA multiword tx cycle time */
647 put_le16(p + 67, 0x12c); /* minimum PIO cycle time without flow control */
648 put_le16(p + 68, 0xb4); /* minimum PIO cycle time with IORDY flow control */
94458802 649
67b915a5
FB		 650 put_le16(p + 71, 30); /* in ns */
651 put_le16(p + 72, 30); /* in ns */
5391d806 652
67b915a5 653 put_le16(p + 80, 0x1e); /* support up to ATA/ATAPI-4 */
8ccad811
FB		 654#ifdef USE_DMA_CDROM
655 put_le16(p + 88, 0x3f | (1 << 13)); /* udma5 set and supported */
656#endif
94458802
FB		 657 memcpy(s->identify_data, p, sizeof(s->identify_data));
658 s->identify_set = 1;
5391d806
FB		 659}
660
201a51fc
AZ		 661static void ide_cfata_identify(IDEState *s)
662{
663 uint16_t *p;
664 uint32_t cur_sec;
201a51fc
AZ		 665
666 p = (uint16_t *) s->identify_data;
667 if (s->identify_set)
668 goto fill_buffer;
669
670 memset(p, 0, sizeof(s->identify_data));
671
672 cur_sec = s->cylinders * s->heads * s->sectors;
673
674 put_le16(p + 0, 0x848a); /* CF Storage Card signature */
675 put_le16(p + 1, s->cylinders); /* Default cylinders */
676 put_le16(p + 3, s->heads); /* Default heads */
677 put_le16(p + 6, s->sectors); /* Default sectors per track */
678 put_le16(p + 7, s->nb_sectors >> 16); /* Sectors per card */
679 put_le16(p + 8, s->nb_sectors); /* Sectors per card */
fa879c64 680 padstr((char *)(p + 10), s->drive_serial_str, 20); /* serial number */
201a51fc 681 put_le16(p + 22, 0x0004); /* ECC bytes */
60fe76f3
TS		 682 padstr((char *) (p + 23), QEMU_VERSION, 8); /* Firmware Revision */
683 padstr((char *) (p + 27), "QEMU MICRODRIVE", 40);/* Model number */
201a51fc
AZ		 684#if MAX_MULT_SECTORS > 1
685 put_le16(p + 47, 0x8000 | MAX_MULT_SECTORS);
686#else
687 put_le16(p + 47, 0x0000);
688#endif
689 put_le16(p + 49, 0x0f00); /* Capabilities */
690 put_le16(p + 51, 0x0002); /* PIO cycle timing mode */
691 put_le16(p + 52, 0x0001); /* DMA cycle timing mode */
692 put_le16(p + 53, 0x0003); /* Translation params valid */
693 put_le16(p + 54, s->cylinders); /* Current cylinders */
694 put_le16(p + 55, s->heads); /* Current heads */
695 put_le16(p + 56, s->sectors); /* Current sectors */
696 put_le16(p + 57, cur_sec); /* Current capacity */
697 put_le16(p + 58, cur_sec >> 16); /* Current capacity */
698 if (s->mult_sectors) /* Multiple sector setting */
699 put_le16(p + 59, 0x100 | s->mult_sectors);
700 put_le16(p + 60, s->nb_sectors); /* Total LBA sectors */
701 put_le16(p + 61, s->nb_sectors >> 16); /* Total LBA sectors */
702 put_le16(p + 63, 0x0203); /* Multiword DMA capability */
703 put_le16(p + 64, 0x0001); /* Flow Control PIO support */
704 put_le16(p + 65, 0x0096); /* Min. Multiword DMA cycle */
705 put_le16(p + 66, 0x0096); /* Rec. Multiword DMA cycle */
706 put_le16(p + 68, 0x00b4); /* Min. PIO cycle time */
707 put_le16(p + 82, 0x400c); /* Command Set supported */
708 put_le16(p + 83, 0x7068); /* Command Set supported */
709 put_le16(p + 84, 0x4000); /* Features supported */
710 put_le16(p + 85, 0x000c); /* Command Set enabled */
711 put_le16(p + 86, 0x7044); /* Command Set enabled */
712 put_le16(p + 87, 0x4000); /* Features enabled */
713 put_le16(p + 91, 0x4060); /* Current APM level */
714 put_le16(p + 129, 0x0002); /* Current features option */
715 put_le16(p + 130, 0x0005); /* Reassigned sectors */
716 put_le16(p + 131, 0x0001); /* Initial power mode */
717 put_le16(p + 132, 0x0000); /* User signature */
718 put_le16(p + 160, 0x8100); /* Power requirement */
719 put_le16(p + 161, 0x8001); /* CF command set */
720
721 s->identify_set = 1;
722
723fill_buffer:
724 memcpy(s->io_buffer, p, sizeof(s->identify_data));
725}
726
5391d806
FB		 727static void ide_set_signature(IDEState *s)
728{
729 s->select &= 0xf0; /* clear head */
730 /* put signature */
731 s->nsector = 1;
732 s->sector = 1;
733 if (s->is_cdrom) {
734 s->lcyl = 0x14;
735 s->hcyl = 0xeb;
736 } else if (s->bs) {
737 s->lcyl = 0;
738 s->hcyl = 0;
739 } else {
740 s->lcyl = 0xff;
741 s->hcyl = 0xff;
742 }
743}
744
745static inline void ide_abort_command(IDEState *s)
746{
747 s->status = READY_STAT | ERR_STAT;
748 s->error = ABRT_ERR;
749}
750
5604e090
AZ		 751static inline void ide_dma_submit_check(IDEState *s,
752 BlockDriverCompletionFunc *dma_cb, BMDMAState *bm)
753{
754 if (bm->aiocb)
755 return;
756 dma_cb(bm, -1);
757}
758
5391d806
FB		 759static inline void ide_set_irq(IDEState *s)
760{
98ff7d30 761 BMDMAState *bm = s->bmdma;
5391d806 762 if (!(s->cmd & IDE_CMD_DISABLE_IRQ)) {
5457c8ce 763 if (bm) {
98ff7d30 764 bm->status |= BM_STATUS_INT;
5457c8ce 765 }
d537cf6c 766 qemu_irq_raise(s->irq);
5391d806
FB		 767 }
768}
769
770/* prepare data transfer and tell what to do after */
5fafdf24 771static void ide_transfer_start(IDEState *s, uint8_t *buf, int size,
5391d806
FB		 772 EndTransferFunc *end_transfer_func)
773{
774 s->end_transfer_func = end_transfer_func;
775 s->data_ptr = buf;
776 s->data_end = buf + size;
7603d156
TS		 777 if (!(s->status & ERR_STAT))
778 s->status |= DRQ_STAT;
5391d806
FB		 779}
780
781static void ide_transfer_stop(IDEState *s)
782{
783 s->end_transfer_func = ide_transfer_stop;
784 s->data_ptr = s->io_buffer;
785 s->data_end = s->io_buffer;
786 s->status &= ~DRQ_STAT;
787}
788
789static int64_t ide_get_sector(IDEState *s)
790{
791 int64_t sector_num;
792 if (s->select & 0x40) {
793 /* lba */
c2ff060f
FB		 794 if (!s->lba48) {
795 sector_num = ((s->select & 0x0f) << 24) | (s->hcyl << 16) |
796 (s->lcyl << 8) | s->sector;
797 } else {
798 sector_num = ((int64_t)s->hob_hcyl << 40) |
799 ((int64_t) s->hob_lcyl << 32) |
800 ((int64_t) s->hob_sector << 24) |
801 ((int64_t) s->hcyl << 16) |
802 ((int64_t) s->lcyl << 8) | s->sector;
803 }
5391d806
FB		 804 } else {
805 sector_num = ((s->hcyl << 8) | s->lcyl) * s->heads * s->sectors +
c2ff060f 806 (s->select & 0x0f) * s->sectors + (s->sector - 1);
5391d806
FB		 807 }
808 return sector_num;
809}
810
811static void ide_set_sector(IDEState *s, int64_t sector_num)
812{
813 unsigned int cyl, r;
814 if (s->select & 0x40) {
c2ff060f
FB		 815 if (!s->lba48) {
816 s->select = (s->select & 0xf0) | (sector_num >> 24);
817 s->hcyl = (sector_num >> 16);
818 s->lcyl = (sector_num >> 8);
819 s->sector = (sector_num);
820 } else {
821 s->sector = sector_num;
822 s->lcyl = sector_num >> 8;
823 s->hcyl = sector_num >> 16;
824 s->hob_sector = sector_num >> 24;
825 s->hob_lcyl = sector_num >> 32;
826 s->hob_hcyl = sector_num >> 40;
827 }
5391d806
FB		 828 } else {
829 cyl = sector_num / (s->heads * s->sectors);
830 r = sector_num % (s->heads * s->sectors);
831 s->hcyl = cyl >> 8;
832 s->lcyl = cyl;
1b8eb456 833 s->select = (s->select & 0xf0) | ((r / s->sectors) & 0x0f);
5391d806
FB		 834 s->sector = (r % s->sectors) + 1;
835 }
836}
837
e162cfb0
AZ		 838static void ide_rw_error(IDEState *s) {
839 ide_abort_command(s);
840 ide_set_irq(s);
841}
842
5391d806
FB		 843static void ide_sector_read(IDEState *s)
844{
845 int64_t sector_num;
846 int ret, n;
847
848 s->status = READY_STAT | SEEK_STAT;
a136e5a8 849 s->error = 0; /* not needed by IDE spec, but needed by Windows */
5391d806
FB		 850 sector_num = ide_get_sector(s);
851 n = s->nsector;
852 if (n == 0) {
853 /* no more sector to read from disk */
854 ide_transfer_stop(s);
855 } else {
856#if defined(DEBUG_IDE)
18c5f8ea 857 printf("read sector=%" PRId64 "\n", sector_num);
5391d806
FB		 858#endif
859 if (n > s->req_nb_sectors)
860 n = s->req_nb_sectors;
861 ret = bdrv_read(s->bs, sector_num, s->io_buffer, n);
e162cfb0
AZ		 862 if (ret != 0) {
863 ide_rw_error(s);
864 return;
865 }
5391d806
FB		 866 ide_transfer_start(s, s->io_buffer, 512 * n, ide_sector_read);
867 ide_set_irq(s);
868 ide_set_sector(s, sector_num + n);
869 s->nsector -= n;
870 }
871}
872
7aea4412
AL		 873
874/* return 0 if buffer completed */
875static int dma_buf_prepare(BMDMAState *bm, int is_write)
876{
877 IDEState *s = bm->ide_if;
878 struct {
879 uint32_t addr;
880 uint32_t size;
881 } prd;
882 int l, len;
7aea4412 883
1fb8648d 884 qemu_sglist_init(&s->sg, s->nsector / (TARGET_PAGE_SIZE/512) + 1);
7aea4412
AL		 885 s->io_buffer_size = 0;
886 for(;;) {
887 if (bm->cur_prd_len == 0) {
888 /* end of table (with a fail safe of one page) */
889 if (bm->cur_prd_last ||
890 (bm->cur_addr - bm->addr) >= 4096)
891 return s->io_buffer_size != 0;
892 cpu_physical_memory_read(bm->cur_addr, (uint8_t *)&prd, 8);
893 bm->cur_addr += 8;
894 prd.addr = le32_to_cpu(prd.addr);
895 prd.size = le32_to_cpu(prd.size);
896 len = prd.size & 0xfffe;
897 if (len == 0)
898 len = 0x10000;
899 bm->cur_prd_len = len;
900 bm->cur_prd_addr = prd.addr;
901 bm->cur_prd_last = (prd.size & 0x80000000);
902 }
903 l = bm->cur_prd_len;
904 if (l > 0) {
1fb8648d
AL		 905 qemu_sglist_add(&s->sg, bm->cur_prd_addr, l);
906 bm->cur_prd_addr += l;
907 bm->cur_prd_len -= l;
908 s->io_buffer_size += l;
7aea4412
AL		 909 }
910 }
911 return 1;
912}
913
914static void dma_buf_commit(IDEState *s, int is_write)
915{
1fb8648d 916 qemu_sglist_destroy(&s->sg);
7aea4412
AL		 917}
918
e162cfb0
AZ		 919static void ide_dma_error(IDEState *s)
920{
921 ide_transfer_stop(s);
922 s->error = ABRT_ERR;
923 s->status = READY_STAT | ERR_STAT;
924 ide_set_irq(s);
925}
926
428c5705
AL		 927static int ide_handle_write_error(IDEState *s, int error, int op)
928{
929 BlockInterfaceErrorAction action = drive_get_onerror(s->bs);
930
931 if (action == BLOCK_ERR_IGNORE)
932 return 0;
933
934 if ((error == ENOSPC && action == BLOCK_ERR_STOP_ENOSPC)
935 || action == BLOCK_ERR_STOP_ANY) {
936 s->bmdma->ide_if = s;
937 s->bmdma->status |= op;
938 vm_stop(0);
939 } else {
7aea4412
AL		 940 if (op == BM_STATUS_DMA_RETRY) {
941 dma_buf_commit(s, 0);
428c5705 942 ide_dma_error(s);
7aea4412 943 } else {
428c5705 944 ide_rw_error(s);
7aea4412 945 }
428c5705
AL		 946 }
947
948 return 1;
949}
950
8ccad811
FB		 951/* return 0 if buffer completed */
952static int dma_buf_rw(BMDMAState *bm, int is_write)
98087450 953{
8ccad811
FB		 954 IDEState *s = bm->ide_if;
955 struct {
956 uint32_t addr;
957 uint32_t size;
958 } prd;
959 int l, len;
98087450 960
8ccad811
FB		 961 for(;;) {
962 l = s->io_buffer_size - s->io_buffer_index;
5fafdf24 963 if (l <= 0)
8ccad811
FB		 964 break;
965 if (bm->cur_prd_len == 0) {
966 /* end of table (with a fail safe of one page) */
967 if (bm->cur_prd_last ||
968 (bm->cur_addr - bm->addr) >= 4096)
969 return 0;
970 cpu_physical_memory_read(bm->cur_addr, (uint8_t *)&prd, 8);
971 bm->cur_addr += 8;
972 prd.addr = le32_to_cpu(prd.addr);
973 prd.size = le32_to_cpu(prd.size);
974 len = prd.size & 0xfffe;
975 if (len == 0)
976 len = 0x10000;
977 bm->cur_prd_len = len;
978 bm->cur_prd_addr = prd.addr;
979 bm->cur_prd_last = (prd.size & 0x80000000);
980 }
981 if (l > bm->cur_prd_len)
982 l = bm->cur_prd_len;
983 if (l > 0) {
984 if (is_write) {
5fafdf24 985 cpu_physical_memory_write(bm->cur_prd_addr,
8ccad811
FB		 986 s->io_buffer + s->io_buffer_index, l);
987 } else {
5fafdf24 988 cpu_physical_memory_read(bm->cur_prd_addr,
8ccad811
FB		 989 s->io_buffer + s->io_buffer_index, l);
990 }
991 bm->cur_prd_addr += l;
992 bm->cur_prd_len -= l;
993 s->io_buffer_index += l;
98087450 994 }
98087450 995 }
8ccad811
FB		 996 return 1;
997}
998
8ccad811
FB		 999static void ide_read_dma_cb(void *opaque, int ret)
1000{
1001 BMDMAState *bm = opaque;
1002 IDEState *s = bm->ide_if;
1003 int n;
1004 int64_t sector_num;
1005
e162cfb0 1006 if (ret < 0) {
7aea4412 1007 dma_buf_commit(s, 1);
e162cfb0
AZ		 1008 ide_dma_error(s);
1009 return;
1010 }
1011
8ccad811
FB		 1012 n = s->io_buffer_size >> 9;
1013 sector_num = ide_get_sector(s);
1014 if (n > 0) {
7aea4412 1015 dma_buf_commit(s, 1);
8ccad811
FB		 1016 sector_num += n;
1017 ide_set_sector(s, sector_num);
1018 s->nsector -= n;
8ccad811
FB		 1019 }
1020
1021 /* end of transfer ? */
1022 if (s->nsector == 0) {
98087450
FB		 1023 s->status = READY_STAT | SEEK_STAT;
1024 ide_set_irq(s);
8ccad811
FB		 1025 eot:
1026 bm->status &= ~BM_STATUS_DMAING;
1027 bm->status |= BM_STATUS_INT;
1028 bm->dma_cb = NULL;
1029 bm->ide_if = NULL;
1030 bm->aiocb = NULL;
1031 return;
98087450 1032 }
8ccad811
FB		 1033
1034 /* launch next transfer */
1035 n = s->nsector;
8ccad811
FB		 1036 s->io_buffer_index = 0;
1037 s->io_buffer_size = n * 512;
7aea4412
AL		 1038 if (dma_buf_prepare(bm, 1) == 0)
1039 goto eot;
8ccad811 1040#ifdef DEBUG_AIO
5df23f53 1041 printf("aio_read: sector_num=%" PRId64 " n=%d\n", sector_num, n);
8ccad811 1042#endif
1fb8648d 1043 bm->aiocb = dma_bdrv_read(s->bs, &s->sg, sector_num, ide_read_dma_cb, bm);
5604e090 1044 ide_dma_submit_check(s, ide_read_dma_cb, bm);
98087450
FB		 1045}
1046
1047static void ide_sector_read_dma(IDEState *s)
1048{
8ccad811 1049 s->status = READY_STAT | SEEK_STAT | DRQ_STAT | BUSY_STAT;
98087450
FB		 1050 s->io_buffer_index = 0;
1051 s->io_buffer_size = 0;
e3007e66 1052 s->is_read = 1;
98087450
FB		 1053 ide_dma_start(s, ide_read_dma_cb);
1054}
1055
a09db21f
FB		 1056static void ide_sector_write_timer_cb(void *opaque)
1057{
1058 IDEState *s = opaque;
1059 ide_set_irq(s);
1060}
1061
5391d806
FB		 1062static void ide_sector_write(IDEState *s)
1063{
1064 int64_t sector_num;
31c2a146 1065 int ret, n, n1;
5391d806
FB		 1066
1067 s->status = READY_STAT | SEEK_STAT;
1068 sector_num = ide_get_sector(s);
1069#if defined(DEBUG_IDE)
18c5f8ea 1070 printf("write sector=%" PRId64 "\n", sector_num);
5391d806
FB		 1071#endif
1072 n = s->nsector;
1073 if (n > s->req_nb_sectors)
1074 n = s->req_nb_sectors;
31c2a146 1075 ret = bdrv_write(s->bs, sector_num, s->io_buffer, n);
428c5705 1076
e162cfb0 1077 if (ret != 0) {
428c5705
AL		 1078 if (ide_handle_write_error(s, -ret, BM_STATUS_PIO_RETRY))
1079 return;
e162cfb0
AZ		 1080 }
1081
5391d806
FB		 1082 s->nsector -= n;
1083 if (s->nsector == 0) {
292eef5a 1084 /* no more sectors to write */
5391d806
FB		 1085 ide_transfer_stop(s);
1086 } else {
1087 n1 = s->nsector;
1088 if (n1 > s->req_nb_sectors)
1089 n1 = s->req_nb_sectors;
1090 ide_transfer_start(s, s->io_buffer, 512 * n1, ide_sector_write);
1091 }
1092 ide_set_sector(s, sector_num + n);
3b46e624 1093
31c2a146
TS		 1094#ifdef TARGET_I386
1095 if (win2k_install_hack && ((++s->irq_count % 16) == 0)) {
1096 /* It seems there is a bug in the Windows 2000 installer HDD
1097 IDE driver which fills the disk with empty logs when the
1098 IDE write IRQ comes too early. This hack tries to correct
1099 that at the expense of slower write performances. Use this
1100 option _only_ to install Windows 2000. You must disable it
1101 for normal use. */
1102 qemu_mod_timer(s->sector_write_timer,
1103 qemu_get_clock(vm_clock) + (ticks_per_sec / 1000));
1104 } else
1105#endif
1106 {
1107 ide_set_irq(s);
1108 }
5391d806
FB		 1109}
1110
f18be901 1111static void ide_dma_restart_cb(void *opaque, int running, int reason)
428c5705
AL		 1112{
1113 BMDMAState *bm = opaque;
1114 if (!running)
1115 return;
1116 if (bm->status & BM_STATUS_DMA_RETRY) {
1117 bm->status &= ~BM_STATUS_DMA_RETRY;
1118 ide_dma_restart(bm->ide_if);
1119 } else if (bm->status & BM_STATUS_PIO_RETRY) {
1120 bm->status &= ~BM_STATUS_PIO_RETRY;
1121 ide_sector_write(bm->ide_if);
1122 }
1123}
1124
8ccad811 1125static void ide_write_dma_cb(void *opaque, int ret)
98087450 1126{
8ccad811
FB		 1127 BMDMAState *bm = opaque;
1128 IDEState *s = bm->ide_if;
1129 int n;
98087450
FB		 1130 int64_t sector_num;
1131
e162cfb0 1132 if (ret < 0) {
428c5705
AL		 1133 if (ide_handle_write_error(s, -ret, BM_STATUS_DMA_RETRY))
1134 return;
e162cfb0
AZ		 1135 }
1136
8ccad811
FB		 1137 n = s->io_buffer_size >> 9;
1138 sector_num = ide_get_sector(s);
1139 if (n > 0) {
7aea4412 1140 dma_buf_commit(s, 0);
8ccad811
FB		 1141 sector_num += n;
1142 ide_set_sector(s, sector_num);
1143 s->nsector -= n;
98087450 1144 }
98087450 1145
8ccad811
FB		 1146 /* end of transfer ? */
1147 if (s->nsector == 0) {
1148 s->status = READY_STAT | SEEK_STAT;
1149 ide_set_irq(s);
1150 eot:
1151 bm->status &= ~BM_STATUS_DMAING;
1152 bm->status |= BM_STATUS_INT;
1153 bm->dma_cb = NULL;
1154 bm->ide_if = NULL;
1155 bm->aiocb = NULL;
1156 return;
1157 }
1158
98087450 1159 n = s->nsector;
98087450 1160 s->io_buffer_size = n * 512;
7aea4412
AL		 1161 /* launch next transfer */
1162 if (dma_buf_prepare(bm, 0) == 0)
8ccad811
FB		 1163 goto eot;
1164#ifdef DEBUG_AIO
5df23f53 1165 printf("aio_write: sector_num=%" PRId64 " n=%d\n", sector_num, n);
8ccad811 1166#endif
1fb8648d 1167 bm->aiocb = dma_bdrv_write(s->bs, &s->sg, sector_num, ide_write_dma_cb, bm);
5604e090 1168 ide_dma_submit_check(s, ide_write_dma_cb, bm);
8ccad811
FB		 1169}
1170
1171static void ide_sector_write_dma(IDEState *s)
1172{
1173 s->status = READY_STAT | SEEK_STAT | DRQ_STAT | BUSY_STAT;
1174 s->io_buffer_index = 0;
1175 s->io_buffer_size = 0;
e3007e66 1176 s->is_read = 0;
98087450
FB		 1177 ide_dma_start(s, ide_write_dma_cb);
1178}
1179
5391d806
FB		 1180static void ide_atapi_cmd_ok(IDEState *s)
1181{
1182 s->error = 0;
41a2b959 1183 s->status = READY_STAT | SEEK_STAT;
5391d806
FB		 1184 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
1185 ide_set_irq(s);
1186}
1187
1188static void ide_atapi_cmd_error(IDEState *s, int sense_key, int asc)
1189{
1190#ifdef DEBUG_IDE_ATAPI
1191 printf("atapi_cmd_error: sense=0x%x asc=0x%x\n", sense_key, asc);
1192#endif
1193 s->error = sense_key << 4;
1194 s->status = READY_STAT | ERR_STAT;
1195 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
1196 s->sense_key = sense_key;
1197 s->asc = asc;
1198 ide_set_irq(s);
1199}
1200
9118e7f0
AL		 1201static void ide_atapi_cmd_check_status(IDEState *s)
1202{
1203#ifdef DEBUG_IDE_ATAPI
1204 printf("atapi_cmd_check_status\n");
1205#endif
1206 s->error = MC_ERR | (SENSE_UNIT_ATTENTION << 4);
1207 s->status = ERR_STAT;
1208 s->nsector = 0;
1209 ide_set_irq(s);
1210}
1211
5391d806
FB		 1212static inline void cpu_to_ube16(uint8_t *buf, int val)
1213{
1214 buf[0] = val >> 8;
9e622b15 1215 buf[1] = val & 0xff;
5391d806
FB		 1216}
1217
1218static inline void cpu_to_ube32(uint8_t *buf, unsigned int val)
1219{
1220 buf[0] = val >> 24;
1221 buf[1] = val >> 16;
1222 buf[2] = val >> 8;
9e622b15 1223 buf[3] = val & 0xff;
5391d806
FB		 1224}
1225
1226static inline int ube16_to_cpu(const uint8_t *buf)
1227{
1228 return (buf[0] << 8) | buf[1];
1229}
1230
1231static inline int ube32_to_cpu(const uint8_t *buf)
1232{
1233 return (buf[0] << 24) | (buf[1] << 16) | (buf[2] << 8) | buf[3];
1234}
1235
98087450
FB		 1236static void lba_to_msf(uint8_t *buf, int lba)
1237{
1238 lba += 150;
1239 buf[0] = (lba / 75) / 60;
1240 buf[1] = (lba / 75) % 60;
1241 buf[2] = lba % 75;
1242}
1243
8ccad811
FB		 1244static void cd_data_to_raw(uint8_t *buf, int lba)
1245{
1246 /* sync bytes */
1247 buf[0] = 0x00;
1248 memset(buf + 1, 0xff, 10);
1249 buf[11] = 0x00;
1250 buf += 12;
1251 /* MSF */
1252 lba_to_msf(buf, lba);
1253 buf[3] = 0x01; /* mode 1 data */
1254 buf += 4;
1255 /* data */
1256 buf += 2048;
1257 /* XXX: ECC not computed */
1258 memset(buf, 0, 288);
1259}
1260
5fafdf24 1261static int cd_read_sector(BlockDriverState *bs, int lba, uint8_t *buf,
98087450
FB		 1262 int sector_size)
1263{
66c6ef76
FB		 1264 int ret;
1265
98087450
FB		 1266 switch(sector_size) {
1267 case 2048:
66c6ef76 1268 ret = bdrv_read(bs, (int64_t)lba << 2, buf, 4);
98087450
FB		 1269 break;
1270 case 2352:
66c6ef76
FB		 1271 ret = bdrv_read(bs, (int64_t)lba << 2, buf + 16, 4);
1272 if (ret < 0)
1273 return ret;
8ccad811 1274 cd_data_to_raw(buf, lba);
98087450
FB		 1275 break;
1276 default:
66c6ef76 1277 ret = -EIO;
98087450
FB		 1278 break;
1279 }
66c6ef76
FB		 1280 return ret;
1281}
1282
1283static void ide_atapi_io_error(IDEState *s, int ret)
1284{
1285 /* XXX: handle more errors */
1286 if (ret == -ENOMEDIUM) {
5fafdf24 1287 ide_atapi_cmd_error(s, SENSE_NOT_READY,
66c6ef76
FB		 1288 ASC_MEDIUM_NOT_PRESENT);
1289 } else {
5fafdf24 1290 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
66c6ef76
FB		 1291 ASC_LOGICAL_BLOCK_OOR);
1292 }
98087450
FB		 1293}
1294
5391d806
FB		 1295/* The whole ATAPI transfer logic is handled in this function */
1296static void ide_atapi_cmd_reply_end(IDEState *s)
1297{
66c6ef76 1298 int byte_count_limit, size, ret;
5391d806 1299#ifdef DEBUG_IDE_ATAPI
5fafdf24 1300 printf("reply: tx_size=%d elem_tx_size=%d index=%d\n",
5391d806
FB		 1301 s->packet_transfer_size,
1302 s->elementary_transfer_size,
1303 s->io_buffer_index);
1304#endif
1305 if (s->packet_transfer_size <= 0) {
1306 /* end of transfer */
1307 ide_transfer_stop(s);
41a2b959 1308 s->status = READY_STAT | SEEK_STAT;
5391d806
FB		 1309 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
1310 ide_set_irq(s);
1311#ifdef DEBUG_IDE_ATAPI
1312 printf("status=0x%x\n", s->status);
1313#endif
1314 } else {
1315 /* see if a new sector must be read */
98087450 1316 if (s->lba != -1 && s->io_buffer_index >= s->cd_sector_size) {
66c6ef76
FB		 1317 ret = cd_read_sector(s->bs, s->lba, s->io_buffer, s->cd_sector_size);
1318 if (ret < 0) {
1319 ide_transfer_stop(s);
1320 ide_atapi_io_error(s, ret);
1321 return;
1322 }
5391d806
FB		 1323 s->lba++;
1324 s->io_buffer_index = 0;
1325 }
1326 if (s->elementary_transfer_size > 0) {
1327 /* there are some data left to transmit in this elementary
1328 transfer */
98087450 1329 size = s->cd_sector_size - s->io_buffer_index;
5391d806
FB		 1330 if (size > s->elementary_transfer_size)
1331 size = s->elementary_transfer_size;
5fafdf24 1332 ide_transfer_start(s, s->io_buffer + s->io_buffer_index,
5391d806
FB		 1333 size, ide_atapi_cmd_reply_end);
1334 s->packet_transfer_size -= size;
1335 s->elementary_transfer_size -= size;
1336 s->io_buffer_index += size;
1337 } else {
1338 /* a new transfer is needed */
1339 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO;
1340 byte_count_limit = s->lcyl | (s->hcyl << 8);
1341#ifdef DEBUG_IDE_ATAPI
1342 printf("byte_count_limit=%d\n", byte_count_limit);
1343#endif
1344 if (byte_count_limit == 0xffff)
1345 byte_count_limit--;
1346 size = s->packet_transfer_size;
1347 if (size > byte_count_limit) {
1348 /* byte count limit must be even if this case */
1349 if (byte_count_limit & 1)
1350 byte_count_limit--;
1351 size = byte_count_limit;
5391d806 1352 }
a136e5a8
FB		 1353 s->lcyl = size;
1354 s->hcyl = size >> 8;
5391d806
FB		 1355 s->elementary_transfer_size = size;
1356 /* we cannot transmit more than one sector at a time */
1357 if (s->lba != -1) {
98087450
FB		 1358 if (size > (s->cd_sector_size - s->io_buffer_index))
1359 size = (s->cd_sector_size - s->io_buffer_index);
5391d806 1360 }
5fafdf24 1361 ide_transfer_start(s, s->io_buffer + s->io_buffer_index,
5391d806
FB		 1362 size, ide_atapi_cmd_reply_end);
1363 s->packet_transfer_size -= size;
1364 s->elementary_transfer_size -= size;
1365 s->io_buffer_index += size;
1366 ide_set_irq(s);
1367#ifdef DEBUG_IDE_ATAPI
1368 printf("status=0x%x\n", s->status);
1369#endif
1370 }
1371 }
1372}
1373
1374/* send a reply of 'size' bytes in s->io_buffer to an ATAPI command */
1375static void ide_atapi_cmd_reply(IDEState *s, int size, int max_size)
1376{
1377 if (size > max_size)
1378 size = max_size;
1379 s->lba = -1; /* no sector read */
1380 s->packet_transfer_size = size;
5f12ab4b 1381 s->io_buffer_size = size; /* dma: send the reply data as one chunk */
5391d806
FB		 1382 s->elementary_transfer_size = 0;
1383 s->io_buffer_index = 0;
1384
5f12ab4b 1385 if (s->atapi_dma) {
41a2b959 1386 s->status = READY_STAT | SEEK_STAT | DRQ_STAT;
5f12ab4b
TS		 1387 ide_dma_start(s, ide_atapi_cmd_read_dma_cb);
1388 } else {
41a2b959 1389 s->status = READY_STAT | SEEK_STAT;
5f12ab4b
TS		 1390 ide_atapi_cmd_reply_end(s);
1391 }
5391d806
FB		 1392}
1393
1394/* start a CD-CDROM read command */
98087450
FB		 1395static void ide_atapi_cmd_read_pio(IDEState *s, int lba, int nb_sectors,
1396 int sector_size)
5391d806 1397{
5391d806 1398 s->lba = lba;
98087450 1399 s->packet_transfer_size = nb_sectors * sector_size;
5391d806 1400 s->elementary_transfer_size = 0;
98087450
FB		 1401 s->io_buffer_index = sector_size;
1402 s->cd_sector_size = sector_size;
5391d806 1403
41a2b959 1404 s->status = READY_STAT | SEEK_STAT;
5391d806
FB		 1405 ide_atapi_cmd_reply_end(s);
1406}
1407
98087450 1408/* ATAPI DMA support */
8ccad811
FB		 1409
1410/* XXX: handle read errors */
1411static void ide_atapi_cmd_read_dma_cb(void *opaque, int ret)
98087450 1412{
8ccad811
FB		 1413 BMDMAState *bm = opaque;
1414 IDEState *s = bm->ide_if;
1415 int data_offset, n;
1416
66c6ef76
FB		 1417 if (ret < 0) {
1418 ide_atapi_io_error(s, ret);
1419 goto eot;
1420 }
1421
8ccad811 1422 if (s->io_buffer_size > 0) {
5f12ab4b
TS		 1423 /*
1424 * For a cdrom read sector command (s->lba != -1),
1425 * adjust the lba for the next s->io_buffer_size chunk
1426 * and dma the current chunk.
1427 * For a command != read (s->lba == -1), just transfer
1428 * the reply data.
1429 */
1430 if (s->lba != -1) {
1431 if (s->cd_sector_size == 2352) {
1432 n = 1;
1433 cd_data_to_raw(s->io_buffer, s->lba);
1434 } else {
1435 n = s->io_buffer_size >> 11;
1436 }
1437 s->lba += n;
1438 }
8ccad811 1439 s->packet_transfer_size -= s->io_buffer_size;
8ccad811
FB		 1440 if (dma_buf_rw(bm, 1) == 0)
1441 goto eot;
98087450 1442 }
8ccad811 1443
98087450 1444 if (s->packet_transfer_size <= 0) {
41a2b959 1445 s->status = READY_STAT | SEEK_STAT;
98087450
FB		 1446 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
1447 ide_set_irq(s);
8ccad811
FB		 1448 eot:
1449 bm->status &= ~BM_STATUS_DMAING;
1450 bm->status |= BM_STATUS_INT;
1451 bm->dma_cb = NULL;
1452 bm->ide_if = NULL;
1453 bm->aiocb = NULL;
1454 return;
1455 }
3b46e624 1456
8ccad811
FB		 1457 s->io_buffer_index = 0;
1458 if (s->cd_sector_size == 2352) {
1459 n = 1;
1460 s->io_buffer_size = s->cd_sector_size;
1461 data_offset = 16;
1462 } else {
1463 n = s->packet_transfer_size >> 11;
1d8cde5b
AJ		 1464 if (n > (IDE_DMA_BUF_SECTORS / 4))
1465 n = (IDE_DMA_BUF_SECTORS / 4);
8ccad811
FB		 1466 s->io_buffer_size = n * 2048;
1467 data_offset = 0;
98087450 1468 }
8ccad811
FB		 1469#ifdef DEBUG_AIO
1470 printf("aio_read_cd: lba=%u n=%d\n", s->lba, n);
1471#endif
3f4cb3d3 1472 bm->iov.iov_base = (void *)(s->io_buffer + data_offset);
c87c0672
AL		 1473 bm->iov.iov_len = n * 4 * 512;
1474 qemu_iovec_init_external(&bm->qiov, &bm->iov, 1);
1475 bm->aiocb = bdrv_aio_readv(s->bs, (int64_t)s->lba << 2, &bm->qiov,
1476 n * 4, ide_atapi_cmd_read_dma_cb, bm);
66c6ef76
FB		 1477 if (!bm->aiocb) {
1478 /* Note: media not present is the most likely case */
5fafdf24 1479 ide_atapi_cmd_error(s, SENSE_NOT_READY,
66c6ef76
FB		 1480 ASC_MEDIUM_NOT_PRESENT);
1481 goto eot;
1482 }
98087450
FB		 1483}
1484
1485/* start a CD-CDROM read command with DMA */
1486/* XXX: test if DMA is available */
1487static void ide_atapi_cmd_read_dma(IDEState *s, int lba, int nb_sectors,
1488 int sector_size)
1489{
1490 s->lba = lba;
1491 s->packet_transfer_size = nb_sectors * sector_size;
8ccad811
FB		 1492 s->io_buffer_index = 0;
1493 s->io_buffer_size = 0;
98087450
FB		 1494 s->cd_sector_size = sector_size;
1495
8ccad811 1496 /* XXX: check if BUSY_STAT should be set */
41a2b959 1497 s->status = READY_STAT | SEEK_STAT | DRQ_STAT | BUSY_STAT;
98087450
FB		 1498 ide_dma_start(s, ide_atapi_cmd_read_dma_cb);
1499}
1500
5fafdf24 1501static void ide_atapi_cmd_read(IDEState *s, int lba, int nb_sectors,
98087450
FB		 1502 int sector_size)
1503{
1504#ifdef DEBUG_IDE_ATAPI
5f12ab4b
TS		 1505 printf("read %s: LBA=%d nb_sectors=%d\n", s->atapi_dma ? "dma" : "pio",
1506 lba, nb_sectors);
98087450
FB		 1507#endif
1508 if (s->atapi_dma) {
1509 ide_atapi_cmd_read_dma(s, lba, nb_sectors, sector_size);
1510 } else {
1511 ide_atapi_cmd_read_pio(s, lba, nb_sectors, sector_size);
1512 }
1513}
1514
38cdea7c
AZ		 1515static inline uint8_t ide_atapi_set_profile(uint8_t *buf, uint8_t *index,
1516 uint16_t profile)
1517{
1518 uint8_t *buf_profile = buf + 12; /* start of profiles */
1519
1520 buf_profile += ((*index) * 4); /* start of indexed profile */
1521 cpu_to_ube16 (buf_profile, profile);
1522 buf_profile[2] = ((buf_profile[0] == buf[6]) && (buf_profile[1] == buf[7]));
1523
1524 /* each profile adds 4 bytes to the response */
1525 (*index)++;
1526 buf[11] += 4; /* Additional Length */
1527
1528 return 4;
1529}
1530
8114e9e8
TS		 1531static int ide_dvd_read_structure(IDEState *s, int format,
1532 const uint8_t *packet, uint8_t *buf)
1533{
1534 switch (format) {
1535 case 0x0: /* Physical format information */
1536 {
1537 int layer = packet[6];
1538 uint64_t total_sectors;
1539
1540 if (layer != 0)
1541 return -ASC_INV_FIELD_IN_CMD_PACKET;
1542
1543 bdrv_get_geometry(s->bs, &total_sectors);
1544 total_sectors >>= 2;
1545 if (total_sectors == 0)
1546 return -ASC_MEDIUM_NOT_PRESENT;
1547
1548 buf[4] = 1; /* DVD-ROM, part version 1 */
1549 buf[5] = 0xf; /* 120mm disc, minimum rate unspecified */
1550 buf[6] = 1; /* one layer, read-only (per MMC-2 spec) */
1551 buf[7] = 0; /* default densities */
1552
1553 /* FIXME: 0x30000 per spec? */
1554 cpu_to_ube32(buf + 8, 0); /* start sector */
1555 cpu_to_ube32(buf + 12, total_sectors - 1); /* end sector */
1556 cpu_to_ube32(buf + 16, total_sectors - 1); /* l0 end sector */
1557
1558 /* Size of buffer, not including 2 byte size field */
1559 cpu_to_be16wu((uint16_t *)buf, 2048 + 2);
1560
1561 /* 2k data + 4 byte header */
1562 return (2048 + 4);
1563 }
1564
1565 case 0x01: /* DVD copyright information */
1566 buf[4] = 0; /* no copyright data */
1567 buf[5] = 0; /* no region restrictions */
1568
1569 /* Size of buffer, not including 2 byte size field */
1570 cpu_to_be16wu((uint16_t *)buf, 4 + 2);
1571
1572 /* 4 byte header + 4 byte data */
1573 return (4 + 4);
1574
1575 case 0x03: /* BCA information - invalid field for no BCA info */
1576 return -ASC_INV_FIELD_IN_CMD_PACKET;
1577
1578 case 0x04: /* DVD disc manufacturing information */
1579 /* Size of buffer, not including 2 byte size field */
1580 cpu_to_be16wu((uint16_t *)buf, 2048 + 2);
1581
1582 /* 2k data + 4 byte header */
1583 return (2048 + 4);
1584
1585 case 0xff:
1586 /*
1587 * This lists all the command capabilities above. Add new ones
1588 * in order and update the length and buffer return values.
1589 */
1590
1591 buf[4] = 0x00; /* Physical format */
1592 buf[5] = 0x40; /* Not writable, is readable */
1593 cpu_to_be16wu((uint16_t *)(buf + 6), 2048 + 4);
1594
1595 buf[8] = 0x01; /* Copyright info */
1596 buf[9] = 0x40; /* Not writable, is readable */
1597 cpu_to_be16wu((uint16_t *)(buf + 10), 4 + 4);
1598
1599 buf[12] = 0x03; /* BCA info */
1600 buf[13] = 0x40; /* Not writable, is readable */
1601 cpu_to_be16wu((uint16_t *)(buf + 14), 188 + 4);
1602
1603 buf[16] = 0x04; /* Manufacturing info */
1604 buf[17] = 0x40; /* Not writable, is readable */
1605 cpu_to_be16wu((uint16_t *)(buf + 18), 2048 + 4);
1606
1607 /* Size of buffer, not including 2 byte size field */
1608 cpu_to_be16wu((uint16_t *)buf, 16 + 2);
1609
1610 /* data written + 4 byte header */
1611 return (16 + 4);
1612
1613 default: /* TODO: formats beyond DVD-ROM requires */
1614 return -ASC_INV_FIELD_IN_CMD_PACKET;
1615 }
1616}
1617
5391d806
FB		 1618static void ide_atapi_cmd(IDEState *s)
1619{
1620 const uint8_t *packet;
1621 uint8_t *buf;
1622 int max_len;
1623
1624 packet = s->io_buffer;
1625 buf = s->io_buffer;
1626#ifdef DEBUG_IDE_ATAPI
1627 {
1628 int i;
1629 printf("ATAPI limit=0x%x packet:", s->lcyl | (s->hcyl << 8));
1630 for(i = 0; i < ATAPI_PACKET_SIZE; i++) {
1631 printf(" %02x", packet[i]);
1632 }
1633 printf("\n");
1634 }
1635#endif
9118e7f0
AL		 1636 /* If there's a UNIT_ATTENTION condition pending, only
1637 REQUEST_SENSE and INQUIRY commands are allowed to complete. */
1638 if (s->sense_key == SENSE_UNIT_ATTENTION &&
1639 s->io_buffer[0] != GPCMD_REQUEST_SENSE &&
1640 s->io_buffer[0] != GPCMD_INQUIRY) {
1641 ide_atapi_cmd_check_status(s);
1642 return;
1643 }
5391d806
FB		 1644 switch(s->io_buffer[0]) {
1645 case GPCMD_TEST_UNIT_READY:
caed8802 1646 if (bdrv_is_inserted(s->bs)) {
5391d806
FB		 1647 ide_atapi_cmd_ok(s);
1648 } else {
5fafdf24 1649 ide_atapi_cmd_error(s, SENSE_NOT_READY,
5391d806
FB		 1650 ASC_MEDIUM_NOT_PRESENT);
1651 }
1652 break;
d14049ea 1653 case GPCMD_MODE_SENSE_6:
5391d806
FB		 1654 case GPCMD_MODE_SENSE_10:
1655 {
1656 int action, code;
d14049ea
TS		 1657 if (packet[0] == GPCMD_MODE_SENSE_10)
1658 max_len = ube16_to_cpu(packet + 7);
1659 else
1660 max_len = packet[4];
5391d806
FB		 1661 action = packet[2] >> 6;
1662 code = packet[2] & 0x3f;
1663 switch(action) {
1664 case 0: /* current values */
1665 switch(code) {
1666 case 0x01: /* error recovery */
1667 cpu_to_ube16(&buf[0], 16 + 6);
1668 buf[2] = 0x70;
1669 buf[3] = 0;
1670 buf[4] = 0;
1671 buf[5] = 0;
1672 buf[6] = 0;
1673 buf[7] = 0;
1674
1675 buf[8] = 0x01;
1676 buf[9] = 0x06;
1677 buf[10] = 0x00;
1678 buf[11] = 0x05;
1679 buf[12] = 0x00;
1680 buf[13] = 0x00;
1681 buf[14] = 0x00;
1682 buf[15] = 0x00;
1683 ide_atapi_cmd_reply(s, 16, max_len);
1684 break;
1685 case 0x2a:
1686 cpu_to_ube16(&buf[0], 28 + 6);
1687 buf[2] = 0x70;
1688 buf[3] = 0;
1689 buf[4] = 0;
1690 buf[5] = 0;
1691 buf[6] = 0;
1692 buf[7] = 0;
1693
1694 buf[8] = 0x2a;
1695 buf[9] = 0x12;
0d4a05a1 1696 buf[10] = 0x00;
5391d806 1697 buf[11] = 0x00;
3b46e624 1698
d5b4eb40
AL		 1699 /* Claim PLAY_AUDIO capability (0x01) since some Linux
1700 code checks for this to automount media. */
1701 buf[12] = 0x71;
5391d806
FB		 1702 buf[13] = 3 << 5;
1703 buf[14] = (1 << 0) | (1 << 3) | (1 << 5);
caed8802 1704 if (bdrv_is_locked(s->bs))
5391d806
FB		 1705 buf[6] |= 1 << 1;
1706 buf[15] = 0x00;
1707 cpu_to_ube16(&buf[16], 706);
1708 buf[18] = 0;
1709 buf[19] = 2;
1710 cpu_to_ube16(&buf[20], 512);
1711 cpu_to_ube16(&buf[22], 706);
1712 buf[24] = 0;
1713 buf[25] = 0;
1714 buf[26] = 0;
1715 buf[27] = 0;
1716 ide_atapi_cmd_reply(s, 28, max_len);
1717 break;
1718 default:
1719 goto error_cmd;
1720 }
1721 break;
1722 case 1: /* changeable values */
1723 goto error_cmd;
1724 case 2: /* default values */
1725 goto error_cmd;
1726 default:
1727 case 3: /* saved values */
5fafdf24 1728 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
5391d806
FB		 1729 ASC_SAVING_PARAMETERS_NOT_SUPPORTED);
1730 break;
1731 }
1732 }
1733 break;
1734 case GPCMD_REQUEST_SENSE:
1735 max_len = packet[4];
1736 memset(buf, 0, 18);
1737 buf[0] = 0x70 | (1 << 7);
1738 buf[2] = s->sense_key;
1739 buf[7] = 10;
1740 buf[12] = s->asc;
9118e7f0
AL		 1741 if (s->sense_key == SENSE_UNIT_ATTENTION)
1742 s->sense_key = SENSE_NONE;
5391d806
FB		 1743 ide_atapi_cmd_reply(s, 18, max_len);
1744 break;
1745 case GPCMD_PREVENT_ALLOW_MEDIUM_REMOVAL:
caed8802
FB		 1746 if (bdrv_is_inserted(s->bs)) {
1747 bdrv_set_locked(s->bs, packet[4] & 1);
5391d806
FB		 1748 ide_atapi_cmd_ok(s);
1749 } else {
5fafdf24 1750 ide_atapi_cmd_error(s, SENSE_NOT_READY,
5391d806
FB		 1751 ASC_MEDIUM_NOT_PRESENT);
1752 }
1753 break;
1754 case GPCMD_READ_10:
1755 case GPCMD_READ_12:
1756 {
1757 int nb_sectors, lba;
1758
5391d806
FB		 1759 if (packet[0] == GPCMD_READ_10)
1760 nb_sectors = ube16_to_cpu(packet + 7);
1761 else
1762 nb_sectors = ube32_to_cpu(packet + 6);
1763 lba = ube32_to_cpu(packet + 2);
1764 if (nb_sectors == 0) {
1765 ide_atapi_cmd_ok(s);
1766 break;
1767 }
98087450
FB		 1768 ide_atapi_cmd_read(s, lba, nb_sectors, 2048);
1769 }
1770 break;
1771 case GPCMD_READ_CD:
1772 {
1773 int nb_sectors, lba, transfer_request;
1774
98087450
FB		 1775 nb_sectors = (packet[6] << 16) | (packet[7] << 8) | packet[8];
1776 lba = ube32_to_cpu(packet + 2);
1777 if (nb_sectors == 0) {
1778 ide_atapi_cmd_ok(s);
1779 break;
1780 }
98087450
FB		 1781 transfer_request = packet[9];
1782 switch(transfer_request & 0xf8) {
1783 case 0x00:
1784 /* nothing */
1785 ide_atapi_cmd_ok(s);
1786 break;
1787 case 0x10:
1788 /* normal read */
1789 ide_atapi_cmd_read(s, lba, nb_sectors, 2048);
1790 break;
1791 case 0xf8:
1792 /* read all data */
1793 ide_atapi_cmd_read(s, lba, nb_sectors, 2352);
1794 break;
1795 default:
5fafdf24 1796 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
98087450
FB		 1797 ASC_INV_FIELD_IN_CMD_PACKET);
1798 break;
1799 }
5391d806
FB		 1800 }
1801 break;
1802 case GPCMD_SEEK:
1803 {
96b8f136
TS		 1804 unsigned int lba;
1805 uint64_t total_sectors;
66c6ef76
FB		 1806
1807 bdrv_get_geometry(s->bs, &total_sectors);
1808 total_sectors >>= 2;
96b8f136 1809 if (total_sectors == 0) {
5fafdf24 1810 ide_atapi_cmd_error(s, SENSE_NOT_READY,
5391d806
FB		 1811 ASC_MEDIUM_NOT_PRESENT);
1812 break;
1813 }
1814 lba = ube32_to_cpu(packet + 2);
66c6ef76 1815 if (lba >= total_sectors) {
5fafdf24 1816 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
5391d806
FB		 1817 ASC_LOGICAL_BLOCK_OOR);
1818 break;
1819 }
1820 ide_atapi_cmd_ok(s);
1821 }
1822 break;
1823 case GPCMD_START_STOP_UNIT:
1824 {
1825 int start, eject;
1826 start = packet[4] & 1;
1827 eject = (packet[4] >> 1) & 1;
3b46e624 1828
caed8802
FB		 1829 if (eject && !start) {
1830 /* eject the disk */
66c6ef76
FB		 1831 bdrv_eject(s->bs, 1);
1832 } else if (eject && start) {
1833 /* close the tray */
1834 bdrv_eject(s->bs, 0);
caed8802 1835 }
5391d806
FB		 1836 ide_atapi_cmd_ok(s);
1837 }
1838 break;
1839 case GPCMD_MECHANISM_STATUS:
1840 {
1841 max_len = ube16_to_cpu(packet + 8);
1842 cpu_to_ube16(buf, 0);
1843 /* no current LBA */
1844 buf[2] = 0;
1845 buf[3] = 0;
1846 buf[4] = 0;
1847 buf[5] = 1;
1848 cpu_to_ube16(buf + 6, 0);
1849 ide_atapi_cmd_reply(s, 8, max_len);
1850 }
1851 break;
1852 case GPCMD_READ_TOC_PMA_ATIP:
1853 {
1854 int format, msf, start_track, len;
96b8f136 1855 uint64_t total_sectors;
5391d806 1856
66c6ef76
FB		 1857 bdrv_get_geometry(s->bs, &total_sectors);
1858 total_sectors >>= 2;
96b8f136 1859 if (total_sectors == 0) {
5fafdf24 1860 ide_atapi_cmd_error(s, SENSE_NOT_READY,
5391d806
FB		 1861 ASC_MEDIUM_NOT_PRESENT);
1862 break;
1863 }
1864 max_len = ube16_to_cpu(packet + 7);
1865 format = packet[9] >> 6;
1866 msf = (packet[1] >> 1) & 1;
1867 start_track = packet[6];
1868 switch(format) {
1869 case 0:
66c6ef76 1870 len = cdrom_read_toc(total_sectors, buf, msf, start_track);
5391d806
FB		 1871 if (len < 0)
1872 goto error_cmd;
1873 ide_atapi_cmd_reply(s, len, max_len);
1874 break;
1875 case 1:
1876 /* multi session : only a single session defined */
1877 memset(buf, 0, 12);
1878 buf[1] = 0x0a;
1879 buf[2] = 0x01;
1880 buf[3] = 0x01;
1881 ide_atapi_cmd_reply(s, 12, max_len);
1882 break;
98087450 1883 case 2:
66c6ef76 1884 len = cdrom_read_toc_raw(total_sectors, buf, msf, start_track);
98087450
FB		 1885 if (len < 0)
1886 goto error_cmd;
1887 ide_atapi_cmd_reply(s, len, max_len);
1888 break;
5391d806 1889 default:
7f777bf3 1890 error_cmd:
5fafdf24 1891 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
7f777bf3
FB		 1892 ASC_INV_FIELD_IN_CMD_PACKET);
1893 break;
5391d806
FB		 1894 }
1895 }
1896 break;
1897 case GPCMD_READ_CDVD_CAPACITY:
66c6ef76 1898 {
96b8f136 1899 uint64_t total_sectors;
66c6ef76
FB		 1900
1901 bdrv_get_geometry(s->bs, &total_sectors);
1902 total_sectors >>= 2;
96b8f136 1903 if (total_sectors == 0) {
5fafdf24 1904 ide_atapi_cmd_error(s, SENSE_NOT_READY,
66c6ef76
FB		 1905 ASC_MEDIUM_NOT_PRESENT);
1906 break;
1907 }
1908 /* NOTE: it is really the number of sectors minus 1 */
1909 cpu_to_ube32(buf, total_sectors - 1);
1910 cpu_to_ube32(buf + 4, 2048);
1911 ide_atapi_cmd_reply(s, 8, 8);
5391d806 1912 }
5391d806 1913 break;
d14049ea
TS		 1914 case GPCMD_READ_DVD_STRUCTURE:
1915 {
1916 int media = packet[1];
8114e9e8
TS		 1917 int format = packet[7];
1918 int ret;
d14049ea 1919
8114e9e8 1920 max_len = ube16_to_cpu(packet + 8);
d14049ea 1921
8114e9e8
TS		 1922 if (format < 0xff) {
1923 if (media_is_cd(s)) {
1924 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1925 ASC_INCOMPATIBLE_FORMAT);
1926 break;
1927 } else if (!media_present(s)) {
1928 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1929 ASC_INV_FIELD_IN_CMD_PACKET);
1930 break;
1931 }
1932 }
d14049ea 1933
8114e9e8
TS		 1934 memset(buf, 0, max_len > IDE_DMA_BUF_SECTORS * 512 + 4 ?
1935 IDE_DMA_BUF_SECTORS * 512 + 4 : max_len);
d14049ea 1936
8114e9e8
TS		 1937 switch (format) {
1938 case 0x00 ... 0x7f:
1939 case 0xff:
1940 if (media == 0) {
1941 ret = ide_dvd_read_structure(s, format, packet, buf);
d14049ea 1942
8114e9e8
TS		 1943 if (ret < 0)
1944 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST, -ret);
1945 else
1946 ide_atapi_cmd_reply(s, ret, max_len);
d14049ea 1947
8114e9e8
TS		 1948 break;
1949 }
1950 /* TODO: BD support, fall through for now */
1951
1952 /* Generic disk structures */
1953 case 0x80: /* TODO: AACS volume identifier */
1954 case 0x81: /* TODO: AACS media serial number */
1955 case 0x82: /* TODO: AACS media identifier */
1956 case 0x83: /* TODO: AACS media key block */
1957 case 0x90: /* TODO: List of recognized format layers */
1958 case 0xc0: /* TODO: Write protection status */
d14049ea
TS		 1959 default:
1960 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1961 ASC_INV_FIELD_IN_CMD_PACKET);
1962 break;
1963 }
1964 }
1965 break;
1966 case GPCMD_SET_SPEED:
1967 ide_atapi_cmd_ok(s);
1968 break;
bd0d90b2
FB		 1969 case GPCMD_INQUIRY:
1970 max_len = packet[4];
1971 buf[0] = 0x05; /* CD-ROM */
1972 buf[1] = 0x80; /* removable */
1973 buf[2] = 0x00; /* ISO */
1974 buf[3] = 0x21; /* ATAPI-2 (XXX: put ATAPI-4 ?) */
aa1f17c1 1975 buf[4] = 31; /* additional length */
bd0d90b2
FB		 1976 buf[5] = 0; /* reserved */
1977 buf[6] = 0; /* reserved */
1978 buf[7] = 0; /* reserved */
1979 padstr8(buf + 8, 8, "QEMU");
38cdea7c 1980 padstr8(buf + 16, 16, "QEMU DVD-ROM");
bd0d90b2
FB		 1981 padstr8(buf + 32, 4, QEMU_VERSION);
1982 ide_atapi_cmd_reply(s, 36, max_len);
1983 break;
d14049ea
TS		 1984 case GPCMD_GET_CONFIGURATION:
1985 {
38cdea7c 1986 uint32_t len;
091d055b 1987 uint8_t index = 0;
d14049ea
TS		 1988
1989 /* only feature 0 is supported */
1990 if (packet[2] != 0 || packet[3] != 0) {
1991 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1992 ASC_INV_FIELD_IN_CMD_PACKET);
1993 break;
1994 }
38cdea7c
AZ		 1995
1996 /* XXX: could result in alignment problems in some architectures */
1997 max_len = ube16_to_cpu(packet + 7);
091d055b 1998
38cdea7c 1999 /*
091d055b
AZ		 2000 * XXX: avoid overflow for io_buffer if max_len is bigger than
2001 * the size of that buffer (dimensioned to max number of
2002 * sectors to transfer at once)
38cdea7c 2003 *
091d055b 2004 * Only a problem if the feature/profiles grow.
38cdea7c
AZ		 2005 */
2006 if (max_len > 512) /* XXX: assume 1 sector */
2007 max_len = 512;
2008
2009 memset(buf, 0, max_len);
2010 /*
2011 * the number of sectors from the media tells us which profile
2012 * to use as current. 0 means there is no media
38cdea7c 2013 */
8114e9e8
TS		 2014 if (media_is_dvd(s))
2015 cpu_to_ube16(buf + 6, MMC_PROFILE_DVD_ROM);
2016 else if (media_is_cd(s))
2017 cpu_to_ube16(buf + 6, MMC_PROFILE_CD_ROM);
38cdea7c 2018
091d055b
AZ		 2019 buf[10] = 0x02 | 0x01; /* persistent and current */
2020 len = 12; /* headers: 8 + 4 */
2021 len += ide_atapi_set_profile(buf, &index, MMC_PROFILE_DVD_ROM);
2022 len += ide_atapi_set_profile(buf, &index, MMC_PROFILE_CD_ROM);
38cdea7c
AZ		 2023 cpu_to_ube32(buf, len - 4); /* data length */
2024
2025 ide_atapi_cmd_reply(s, len, max_len);
d14049ea
TS		 2026 break;
2027 }
5391d806 2028 default:
5fafdf24 2029 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
7f777bf3 2030 ASC_ILLEGAL_OPCODE);
5391d806
FB		 2031 break;
2032 }
2033}
2034
201a51fc
AZ		 2035static void ide_cfata_metadata_inquiry(IDEState *s)
2036{
2037 uint16_t *p;
2038 uint32_t spd;
2039
2040 p = (uint16_t *) s->io_buffer;
2041 memset(p, 0, 0x200);
2042 spd = ((s->mdata_size - 1) >> 9) + 1;
2043
2044 put_le16(p + 0, 0x0001); /* Data format revision */
2045 put_le16(p + 1, 0x0000); /* Media property: silicon */
2046 put_le16(p + 2, s->media_changed); /* Media status */
2047 put_le16(p + 3, s->mdata_size & 0xffff); /* Capacity in bytes (low) */
2048 put_le16(p + 4, s->mdata_size >> 16); /* Capacity in bytes (high) */
2049 put_le16(p + 5, spd & 0xffff); /* Sectors per device (low) */
2050 put_le16(p + 6, spd >> 16); /* Sectors per device (high) */
2051}
2052
2053static void ide_cfata_metadata_read(IDEState *s)
2054{
2055 uint16_t *p;
2056
2057 if (((s->hcyl << 16) | s->lcyl) << 9 > s->mdata_size + 2) {
2058 s->status = ERR_STAT;
2059 s->error = ABRT_ERR;
2060 return;
2061 }
2062
2063 p = (uint16_t *) s->io_buffer;
2064 memset(p, 0, 0x200);
2065
2066 put_le16(p + 0, s->media_changed); /* Media status */
2067 memcpy(p + 1, s->mdata_storage + (((s->hcyl << 16) | s->lcyl) << 9),
2068 MIN(MIN(s->mdata_size - (((s->hcyl << 16) | s->lcyl) << 9),
2069 s->nsector << 9), 0x200 - 2));
2070}
2071
2072static void ide_cfata_metadata_write(IDEState *s)
2073{
2074 if (((s->hcyl << 16) | s->lcyl) << 9 > s->mdata_size + 2) {
2075 s->status = ERR_STAT;
2076 s->error = ABRT_ERR;
2077 return;
2078 }
2079
2080 s->media_changed = 0;
2081
2082 memcpy(s->mdata_storage + (((s->hcyl << 16) | s->lcyl) << 9),
2083 s->io_buffer + 2,
2084 MIN(MIN(s->mdata_size - (((s->hcyl << 16) | s->lcyl) << 9),
2085 s->nsector << 9), 0x200 - 2));
2086}
2087
bd491d6a
TS		 2088/* called when the inserted state of the media has changed */
2089static void cdrom_change_cb(void *opaque)
2090{
2091 IDEState *s = opaque;
96b8f136 2092 uint64_t nb_sectors;
bd491d6a 2093
bd491d6a
TS		 2094 bdrv_get_geometry(s->bs, &nb_sectors);
2095 s->nb_sectors = nb_sectors;
9118e7f0
AL		 2096
2097 s->sense_key = SENSE_UNIT_ATTENTION;
2098 s->asc = ASC_MEDIUM_MAY_HAVE_CHANGED;
2099
2100 ide_set_irq(s);
bd491d6a
TS		 2101}
2102
c2ff060f
FB		 2103static void ide_cmd_lba48_transform(IDEState *s, int lba48)
2104{
2105 s->lba48 = lba48;
2106
2107 /* handle the 'magic' 0 nsector count conversion here. to avoid
2108 * fiddling with the rest of the read logic, we just store the
2109 * full sector count in ->nsector and ignore ->hob_nsector from now
2110 */
2111 if (!s->lba48) {
2112 if (!s->nsector)
2113 s->nsector = 256;
2114 } else {
2115 if (!s->nsector && !s->hob_nsector)
2116 s->nsector = 65536;
2117 else {
2118 int lo = s->nsector;
2119 int hi = s->hob_nsector;
2120
2121 s->nsector = (hi << 8) | lo;
2122 }
2123 }
2124}
2125
2126static void ide_clear_hob(IDEState *ide_if)
2127{
2128 /* any write clears HOB high bit of device control register */
2129 ide_if[0].select &= ~(1 << 7);
2130 ide_if[1].select &= ~(1 << 7);
2131}
2132
caed8802
FB		 2133static void ide_ioport_write(void *opaque, uint32_t addr, uint32_t val)
2134{
2135 IDEState *ide_if = opaque;
c45c3d00 2136 IDEState *s;
5391d806 2137 int unit, n;
c2ff060f 2138 int lba48 = 0;
5391d806
FB		 2139
2140#ifdef DEBUG_IDE
2141 printf("IDE: write addr=0x%x val=0x%02x\n", addr, val);
2142#endif
c2ff060f 2143
5391d806 2144 addr &= 7;
fcdd25ab
AL		 2145
2146 /* ignore writes to command block while busy with previous command */
2147 if (addr != 7 && (ide_if->cur_drive->status & (BUSY_STAT|DRQ_STAT)))
2148 return;
2149
5391d806
FB		 2150 switch(addr) {
2151 case 0:
2152 break;
2153 case 1:
c2ff060f 2154 ide_clear_hob(ide_if);
c45c3d00 2155 /* NOTE: data is written to the two drives */
c2ff060f
FB		 2156 ide_if[0].hob_feature = ide_if[0].feature;
2157 ide_if[1].hob_feature = ide_if[1].feature;
c45c3d00
FB		 2158 ide_if[0].feature = val;
2159 ide_if[1].feature = val;
5391d806
FB		 2160 break;
2161 case 2:
c2ff060f
FB		 2162 ide_clear_hob(ide_if);
2163 ide_if[0].hob_nsector = ide_if[0].nsector;
2164 ide_if[1].hob_nsector = ide_if[1].nsector;
c45c3d00
FB		 2165 ide_if[0].nsector = val;
2166 ide_if[1].nsector = val;
5391d806
FB		 2167 break;
2168 case 3:
c2ff060f
FB		 2169 ide_clear_hob(ide_if);
2170 ide_if[0].hob_sector = ide_if[0].sector;
2171 ide_if[1].hob_sector = ide_if[1].sector;
c45c3d00
FB		 2172 ide_if[0].sector = val;
2173 ide_if[1].sector = val;
5391d806
FB		 2174 break;
2175 case 4:
c2ff060f
FB		 2176 ide_clear_hob(ide_if);
2177 ide_if[0].hob_lcyl = ide_if[0].lcyl;
2178 ide_if[1].hob_lcyl = ide_if[1].lcyl;
c45c3d00
FB		 2179 ide_if[0].lcyl = val;
2180 ide_if[1].lcyl = val;
5391d806
FB		 2181 break;
2182 case 5:
c2ff060f
FB		 2183 ide_clear_hob(ide_if);
2184 ide_if[0].hob_hcyl = ide_if[0].hcyl;
2185 ide_if[1].hob_hcyl = ide_if[1].hcyl;
c45c3d00
FB		 2186 ide_if[0].hcyl = val;
2187 ide_if[1].hcyl = val;
5391d806
FB		 2188 break;
2189 case 6:
c2ff060f 2190 /* FIXME: HOB readback uses bit 7 */
7ae98627
FB		 2191 ide_if[0].select = (val & ~0x10) | 0xa0;
2192 ide_if[1].select = (val | 0x10) | 0xa0;
5391d806
FB		 2193 /* select drive */
2194 unit = (val >> 4) & 1;
2195 s = ide_if + unit;
2196 ide_if->cur_drive = s;
5391d806
FB		 2197 break;
2198 default:
2199 case 7:
2200 /* command */
2201#if defined(DEBUG_IDE)
2202 printf("ide: CMD=%02x\n", val);
2203#endif
c45c3d00 2204 s = ide_if->cur_drive;
66201e2d 2205 /* ignore commands to non existant slave */
5fafdf24 2206 if (s != ide_if && !s->bs)
66201e2d 2207 break;
c2ff060f 2208
fcdd25ab
AL		 2209 /* Only DEVICE RESET is allowed while BSY or/and DRQ are set */
2210 if ((s->status & (BUSY_STAT|DRQ_STAT)) && val != WIN_DEVICE_RESET)
2211 break;
2212
5391d806
FB		 2213 switch(val) {
2214 case WIN_IDENTIFY:
2215 if (s->bs && !s->is_cdrom) {
201a51fc
AZ		 2216 if (!s->is_cf)
2217 ide_identify(s);
2218 else
2219 ide_cfata_identify(s);
2a282056 2220 s->status = READY_STAT | SEEK_STAT;
5391d806
FB		 2221 ide_transfer_start(s, s->io_buffer, 512, ide_transfer_stop);
2222 } else {
2223 if (s->is_cdrom) {
2224 ide_set_signature(s);
2225 }
2226 ide_abort_command(s);
2227 }
2228 ide_set_irq(s);
2229 break;
2230 case WIN_SPECIFY:
2231 case WIN_RECAL:
a136e5a8 2232 s->error = 0;
769bec72 2233 s->status = READY_STAT | SEEK_STAT;
5391d806
FB		 2234 ide_set_irq(s);
2235 break;
2236 case WIN_SETMULT:
201a51fc
AZ		 2237 if (s->is_cf && s->nsector == 0) {
2238 /* Disable Read and Write Multiple */
2239 s->mult_sectors = 0;
41a2b959 2240 s->status = READY_STAT | SEEK_STAT;
201a51fc 2241 } else if ((s->nsector & 0xff) != 0 &&
39dfc926
TS		 2242 ((s->nsector & 0xff) > MAX_MULT_SECTORS ||
2243 (s->nsector & (s->nsector - 1)) != 0)) {
5391d806
FB		 2244 ide_abort_command(s);
2245 } else {
292eef5a 2246 s->mult_sectors = s->nsector & 0xff;
41a2b959 2247 s->status = READY_STAT | SEEK_STAT;
5391d806
FB		 2248 }
2249 ide_set_irq(s);
2250 break;
c2ff060f
FB		 2251 case WIN_VERIFY_EXT:
2252 lba48 = 1;
4ce900b4
FB		 2253 case WIN_VERIFY:
2254 case WIN_VERIFY_ONCE:
2255 /* do sector number check ? */
c2ff060f 2256 ide_cmd_lba48_transform(s, lba48);
41a2b959 2257 s->status = READY_STAT | SEEK_STAT;
4ce900b4
FB		 2258 ide_set_irq(s);
2259 break;
c2ff060f
FB		 2260 case WIN_READ_EXT:
2261 lba48 = 1;
5391d806
FB		 2262 case WIN_READ:
2263 case WIN_READ_ONCE:
5fafdf24 2264 if (!s->bs)
6b136f9e 2265 goto abort_cmd;
c2ff060f 2266 ide_cmd_lba48_transform(s, lba48);
5391d806
FB		 2267 s->req_nb_sectors = 1;
2268 ide_sector_read(s);
2269 break;
c2ff060f
FB		 2270 case WIN_WRITE_EXT:
2271 lba48 = 1;
5391d806
FB		 2272 case WIN_WRITE:
2273 case WIN_WRITE_ONCE:
201a51fc
AZ		 2274 case CFA_WRITE_SECT_WO_ERASE:
2275 case WIN_WRITE_VERIFY:
c2ff060f 2276 ide_cmd_lba48_transform(s, lba48);
a136e5a8 2277 s->error = 0;
f66723fa 2278 s->status = SEEK_STAT | READY_STAT;
5391d806
FB		 2279 s->req_nb_sectors = 1;
2280 ide_transfer_start(s, s->io_buffer, 512, ide_sector_write);
201a51fc 2281 s->media_changed = 1;
5391d806 2282 break;
c2ff060f
FB		 2283 case WIN_MULTREAD_EXT:
2284 lba48 = 1;
5391d806
FB		 2285 case WIN_MULTREAD:
2286 if (!s->mult_sectors)
2287 goto abort_cmd;
c2ff060f 2288 ide_cmd_lba48_transform(s, lba48);
5391d806
FB		 2289 s->req_nb_sectors = s->mult_sectors;
2290 ide_sector_read(s);
2291 break;
c2ff060f
FB		 2292 case WIN_MULTWRITE_EXT:
2293 lba48 = 1;
5391d806 2294 case WIN_MULTWRITE:
201a51fc 2295 case CFA_WRITE_MULTI_WO_ERASE:
5391d806
FB		 2296 if (!s->mult_sectors)
2297 goto abort_cmd;
c2ff060f 2298 ide_cmd_lba48_transform(s, lba48);
a136e5a8 2299 s->error = 0;
f66723fa 2300 s->status = SEEK_STAT | READY_STAT;
5391d806
FB		 2301 s->req_nb_sectors = s->mult_sectors;
2302 n = s->nsector;
2303 if (n > s->req_nb_sectors)
2304 n = s->req_nb_sectors;
2305 ide_transfer_start(s, s->io_buffer, 512 * n, ide_sector_write);
201a51fc 2306 s->media_changed = 1;
5391d806 2307 break;
c2ff060f
FB		 2308 case WIN_READDMA_EXT:
2309 lba48 = 1;
98087450
FB		 2310 case WIN_READDMA:
2311 case WIN_READDMA_ONCE:
5fafdf24 2312 if (!s->bs)
98087450 2313 goto abort_cmd;
c2ff060f 2314 ide_cmd_lba48_transform(s, lba48);
98087450
FB		 2315 ide_sector_read_dma(s);
2316 break;
c2ff060f
FB		 2317 case WIN_WRITEDMA_EXT:
2318 lba48 = 1;
98087450
FB		 2319 case WIN_WRITEDMA:
2320 case WIN_WRITEDMA_ONCE:
5fafdf24 2321 if (!s->bs)
98087450 2322 goto abort_cmd;
c2ff060f 2323 ide_cmd_lba48_transform(s, lba48);
98087450 2324 ide_sector_write_dma(s);
201a51fc 2325 s->media_changed = 1;
98087450 2326 break;
c2ff060f
FB		 2327 case WIN_READ_NATIVE_MAX_EXT:
2328 lba48 = 1;
5391d806 2329 case WIN_READ_NATIVE_MAX:
c2ff060f 2330 ide_cmd_lba48_transform(s, lba48);
5391d806 2331 ide_set_sector(s, s->nb_sectors - 1);
41a2b959 2332 s->status = READY_STAT | SEEK_STAT;
5391d806
FB		 2333 ide_set_irq(s);
2334 break;
a136e5a8 2335 case WIN_CHECKPOWERMODE1:
201a51fc 2336 case WIN_CHECKPOWERMODE2:
a136e5a8 2337 s->nsector = 0xff; /* device active or idle */
41a2b959 2338 s->status = READY_STAT | SEEK_STAT;
a136e5a8
FB		 2339 ide_set_irq(s);
2340 break;
34e538ae
FB		 2341 case WIN_SETFEATURES:
2342 if (!s->bs)
2343 goto abort_cmd;
2344 /* XXX: valid for CDROM ? */
2345 switch(s->feature) {
e1f63470
TS		 2346 case 0xcc: /* reverting to power-on defaults enable */
2347 case 0x66: /* reverting to power-on defaults disable */
34e538ae
FB		 2348 case 0x02: /* write cache enable */
2349 case 0x82: /* write cache disable */
2350 case 0xaa: /* read look-ahead enable */
2351 case 0x55: /* read look-ahead disable */
201a51fc
AZ		 2352 case 0x05: /* set advanced power management mode */
2353 case 0x85: /* disable advanced power management mode */
2354 case 0x69: /* NOP */
2355 case 0x67: /* NOP */
2356 case 0x96: /* NOP */
2357 case 0x9a: /* NOP */
c3e88d8c
TS		 2358 case 0x42: /* enable Automatic Acoustic Mode */
2359 case 0xc2: /* disable Automatic Acoustic Mode */
e0fe67aa 2360 s->status = READY_STAT | SEEK_STAT;
34e538ae
FB		 2361 ide_set_irq(s);
2362 break;
94458802
FB		 2363 case 0x03: { /* set transfer mode */
2364 uint8_t val = s->nsector & 0x07;
2365
2366 switch (s->nsector >> 3) {
2367 case 0x00: /* pio default */
2368 case 0x01: /* pio mode */
d1b5c20d
TS		 2369 put_le16(s->identify_data + 62,0x07);
2370 put_le16(s->identify_data + 63,0x07);
2371 put_le16(s->identify_data + 88,0x3f);
2372 break;
2373 case 0x02: /* sigle word dma mode*/
2374 put_le16(s->identify_data + 62,0x07 | (1 << (val + 8)));
94458802
FB		 2375 put_le16(s->identify_data + 63,0x07);
2376 put_le16(s->identify_data + 88,0x3f);
2377 break;
2378 case 0x04: /* mdma mode */
d1b5c20d 2379 put_le16(s->identify_data + 62,0x07);
94458802
FB		 2380 put_le16(s->identify_data + 63,0x07 | (1 << (val + 8)));
2381 put_le16(s->identify_data + 88,0x3f);
2382 break;
2383 case 0x08: /* udma mode */
d1b5c20d 2384 put_le16(s->identify_data + 62,0x07);
94458802
FB		 2385 put_le16(s->identify_data + 63,0x07);
2386 put_le16(s->identify_data + 88,0x3f | (1 << (val + 8)));
2387 break;
2388 default:
2389 goto abort_cmd;
2390 }
2391 s->status = READY_STAT | SEEK_STAT;
2392 ide_set_irq(s);
2393 break;
2394 }
34e538ae
FB		 2395 default:
2396 goto abort_cmd;
2397 }
2398 break;
c2ff060f
FB		 2399 case WIN_FLUSH_CACHE:
2400 case WIN_FLUSH_CACHE_EXT:
7a6cba61
PB		 2401 if (s->bs)
2402 bdrv_flush(s->bs);
41a2b959 2403 s->status = READY_STAT | SEEK_STAT;
7a6cba61
PB		 2404 ide_set_irq(s);
2405 break;
c3e88d8c
TS		 2406 case WIN_STANDBY:
2407 case WIN_STANDBY2:
2408 case WIN_STANDBYNOW1:
201a51fc 2409 case WIN_STANDBYNOW2:
c451ee71 2410 case WIN_IDLEIMMEDIATE:
201a51fc
AZ		 2411 case CFA_IDLEIMMEDIATE:
2412 case WIN_SETIDLE1:
2413 case WIN_SETIDLE2:
c3e88d8c
TS		 2414 case WIN_SLEEPNOW1:
2415 case WIN_SLEEPNOW2:
2416 s->status = READY_STAT;
a7dfe172
FB		 2417 ide_set_irq(s);
2418 break;
4fbfcd6d
AJ		 2419 case WIN_SEEK:
2420 if(s->is_cdrom)
2421 goto abort_cmd;
2422 /* XXX: Check that seek is within bounds */
2423 s->status = READY_STAT | SEEK_STAT;
2424 ide_set_irq(s);
2425 break;
5391d806
FB		 2426 /* ATAPI commands */
2427 case WIN_PIDENTIFY:
2428 if (s->is_cdrom) {
2429 ide_atapi_identify(s);
1298fe63 2430 s->status = READY_STAT | SEEK_STAT;
5391d806
FB		 2431 ide_transfer_start(s, s->io_buffer, 512, ide_transfer_stop);
2432 } else {
2433 ide_abort_command(s);
2434 }
2435 ide_set_irq(s);
2436 break;
c451ee71
FB		 2437 case WIN_DIAGNOSE:
2438 ide_set_signature(s);
33256a25
AL		 2439 if (s->is_cdrom)
2440 s->status = 0; /* ATAPI spec (v6) section 9.10 defines packet
2441 * devices to return a clear status register
2442 * with READY_STAT *not* set. */
2443 else
2444 s->status = READY_STAT | SEEK_STAT;
2445 s->error = 0x01; /* Device 0 passed, Device 1 passed or not
2446 * present.
2447 */
f5fdd0a8 2448 ide_set_irq(s);
c451ee71 2449 break;
5391d806
FB		 2450 case WIN_SRST:
2451 if (!s->is_cdrom)
2452 goto abort_cmd;
2453 ide_set_signature(s);
6b136f9e 2454 s->status = 0x00; /* NOTE: READY is _not_ set */
5391d806
FB		 2455 s->error = 0x01;
2456 break;
2457 case WIN_PACKETCMD:
2458 if (!s->is_cdrom)
2459 goto abort_cmd;
98087450
FB		 2460 /* overlapping commands not supported */
2461 if (s->feature & 0x02)
5391d806 2462 goto abort_cmd;
41a2b959 2463 s->status = READY_STAT | SEEK_STAT;
98087450 2464 s->atapi_dma = s->feature & 1;
5391d806 2465 s->nsector = 1;
5fafdf24 2466 ide_transfer_start(s, s->io_buffer, ATAPI_PACKET_SIZE,
5391d806
FB		 2467 ide_atapi_cmd);
2468 break;
201a51fc
AZ		 2469 /* CF-ATA commands */
2470 case CFA_REQ_EXT_ERROR_CODE:
2471 if (!s->is_cf)
2472 goto abort_cmd;
2473 s->error = 0x09; /* miscellaneous error */
41a2b959 2474 s->status = READY_STAT | SEEK_STAT;
201a51fc
AZ		 2475 ide_set_irq(s);
2476 break;
2477 case CFA_ERASE_SECTORS:
2478 case CFA_WEAR_LEVEL:
2479 if (!s->is_cf)
2480 goto abort_cmd;
2481 if (val == CFA_WEAR_LEVEL)
2482 s->nsector = 0;
2483 if (val == CFA_ERASE_SECTORS)
2484 s->media_changed = 1;
2485 s->error = 0x00;
41a2b959 2486 s->status = READY_STAT | SEEK_STAT;
201a51fc
AZ		 2487 ide_set_irq(s);
2488 break;
2489 case CFA_TRANSLATE_SECTOR:
2490 if (!s->is_cf)
2491 goto abort_cmd;
2492 s->error = 0x00;
41a2b959 2493 s->status = READY_STAT | SEEK_STAT;
201a51fc
AZ		 2494 memset(s->io_buffer, 0, 0x200);
2495 s->io_buffer[0x00] = s->hcyl; /* Cyl MSB */
2496 s->io_buffer[0x01] = s->lcyl; /* Cyl LSB */
2497 s->io_buffer[0x02] = s->select; /* Head */
2498 s->io_buffer[0x03] = s->sector; /* Sector */
2499 s->io_buffer[0x04] = ide_get_sector(s) >> 16; /* LBA MSB */
2500 s->io_buffer[0x05] = ide_get_sector(s) >> 8; /* LBA */
2501 s->io_buffer[0x06] = ide_get_sector(s) >> 0; /* LBA LSB */
2502 s->io_buffer[0x13] = 0x00; /* Erase flag */
2503 s->io_buffer[0x18] = 0x00; /* Hot count */
2504 s->io_buffer[0x19] = 0x00; /* Hot count */
2505 s->io_buffer[0x1a] = 0x01; /* Hot count */
2506 ide_transfer_start(s, s->io_buffer, 0x200, ide_transfer_stop);
2507 ide_set_irq(s);
2508 break;
2509 case CFA_ACCESS_METADATA_STORAGE:
2510 if (!s->is_cf)
2511 goto abort_cmd;
2512 switch (s->feature) {
2513 case 0x02: /* Inquiry Metadata Storage */
2514 ide_cfata_metadata_inquiry(s);
2515 break;
2516 case 0x03: /* Read Metadata Storage */
2517 ide_cfata_metadata_read(s);
2518 break;
2519 case 0x04: /* Write Metadata Storage */
2520 ide_cfata_metadata_write(s);
2521 break;
2522 default:
2523 goto abort_cmd;
2524 }
2525 ide_transfer_start(s, s->io_buffer, 0x200, ide_transfer_stop);
2526 s->status = 0x00; /* NOTE: READY is _not_ set */
2527 ide_set_irq(s);
2528 break;
2529 case IBM_SENSE_CONDITION:
2530 if (!s->is_cf)
2531 goto abort_cmd;
2532 switch (s->feature) {
2533 case 0x01: /* sense temperature in device */
2534 s->nsector = 0x50; /* +20 C */
2535 break;
2536 default:
2537 goto abort_cmd;
2538 }
41a2b959 2539 s->status = READY_STAT | SEEK_STAT;
201a51fc
AZ		 2540 ide_set_irq(s);
2541 break;
5391d806
FB		 2542 default:
2543 abort_cmd:
2544 ide_abort_command(s);
2545 ide_set_irq(s);
2546 break;
2547 }
2548 }
2549}
2550
caed8802 2551static uint32_t ide_ioport_read(void *opaque, uint32_t addr1)
5391d806 2552{
7ae98627
FB		 2553 IDEState *ide_if = opaque;
2554 IDEState *s = ide_if->cur_drive;
5391d806 2555 uint32_t addr;
c2ff060f 2556 int ret, hob;
5391d806
FB		 2557
2558 addr = addr1 & 7;
c2ff060f
FB		 2559 /* FIXME: HOB readback uses bit 7, but it's always set right now */
2560 //hob = s->select & (1 << 7);
2561 hob = 0;
5391d806
FB		 2562 switch(addr) {
2563 case 0:
2564 ret = 0xff;
2565 break;
2566 case 1:
c45ca54f
AL		 2567 if ((!ide_if[0].bs && !ide_if[1].bs) ||
2568 (s != ide_if && !s->bs))
c45c3d00 2569 ret = 0;
c2ff060f 2570 else if (!hob)
c45c3d00 2571 ret = s->error;
c2ff060f
FB		 2572 else
2573 ret = s->hob_feature;
5391d806
FB		 2574 break;
2575 case 2:
7ae98627 2576 if (!ide_if[0].bs && !ide_if[1].bs)
c45c3d00 2577 ret = 0;
c2ff060f 2578 else if (!hob)
c45c3d00 2579 ret = s->nsector & 0xff;
c2ff060f
FB		 2580 else
2581 ret = s->hob_nsector;
5391d806
FB		 2582 break;
2583 case 3:
7ae98627 2584 if (!ide_if[0].bs && !ide_if[1].bs)
c45c3d00 2585 ret = 0;
c2ff060f 2586 else if (!hob)
c45c3d00 2587 ret = s->sector;
c2ff060f
FB		 2588 else
2589 ret = s->hob_sector;
5391d806
FB		 2590 break;
2591 case 4:
7ae98627 2592 if (!ide_if[0].bs && !ide_if[1].bs)
c45c3d00 2593 ret = 0;
c2ff060f 2594 else if (!hob)
c45c3d00 2595 ret = s->lcyl;
c2ff060f
FB		 2596 else
2597 ret = s->hob_lcyl;
5391d806
FB		 2598 break;
2599 case 5:
7ae98627 2600 if (!ide_if[0].bs && !ide_if[1].bs)
c45c3d00 2601 ret = 0;
c2ff060f 2602 else if (!hob)
c45c3d00 2603 ret = s->hcyl;
c2ff060f
FB		 2604 else
2605 ret = s->hob_hcyl;
5391d806
FB		 2606 break;
2607 case 6:
7ae98627 2608 if (!ide_if[0].bs && !ide_if[1].bs)
c45c3d00
FB		 2609 ret = 0;
2610 else
7ae98627 2611 ret = s->select;
5391d806
FB		 2612 break;
2613 default:
2614 case 7:
66201e2d
FB		 2615 if ((!ide_if[0].bs && !ide_if[1].bs) ||
2616 (s != ide_if && !s->bs))
c45c3d00
FB		 2617 ret = 0;
2618 else
2619 ret = s->status;
d537cf6c 2620 qemu_irq_lower(s->irq);
5391d806
FB		 2621 break;
2622 }
2623#ifdef DEBUG_IDE
2624 printf("ide: read addr=0x%x val=%02x\n", addr1, ret);
2625#endif
2626 return ret;
2627}
2628
caed8802 2629static uint32_t ide_status_read(void *opaque, uint32_t addr)
5391d806 2630{
7ae98627
FB		 2631 IDEState *ide_if = opaque;
2632 IDEState *s = ide_if->cur_drive;
5391d806 2633 int ret;
7ae98627 2634
66201e2d
FB		 2635 if ((!ide_if[0].bs && !ide_if[1].bs) ||
2636 (s != ide_if && !s->bs))
7ae98627
FB		 2637 ret = 0;
2638 else
2639 ret = s->status;
5391d806
FB		 2640#ifdef DEBUG_IDE
2641 printf("ide: read status addr=0x%x val=%02x\n", addr, ret);
2642#endif
2643 return ret;
2644}
2645
caed8802 2646static void ide_cmd_write(void *opaque, uint32_t addr, uint32_t val)
5391d806 2647{
caed8802 2648 IDEState *ide_if = opaque;
5391d806
FB		 2649 IDEState *s;
2650 int i;
2651
2652#ifdef DEBUG_IDE
2653 printf("ide: write control addr=0x%x val=%02x\n", addr, val);
2654#endif
2655 /* common for both drives */
2656 if (!(ide_if[0].cmd & IDE_CMD_RESET) &&
2657 (val & IDE_CMD_RESET)) {
2658 /* reset low to high */
2659 for(i = 0;i < 2; i++) {
2660 s = &ide_if[i];
2661 s->status = BUSY_STAT | SEEK_STAT;
2662 s->error = 0x01;
2663 }
2664 } else if ((ide_if[0].cmd & IDE_CMD_RESET) &&
2665 !(val & IDE_CMD_RESET)) {
2666 /* high to low */
2667 for(i = 0;i < 2; i++) {
2668 s = &ide_if[i];
6b136f9e
FB		 2669 if (s->is_cdrom)
2670 s->status = 0x00; /* NOTE: READY is _not_ set */
2671 else
56bf1d37 2672 s->status = READY_STAT | SEEK_STAT;
5391d806
FB		 2673 ide_set_signature(s);
2674 }
2675 }
2676
2677 ide_if[0].cmd = val;
2678 ide_if[1].cmd = val;
2679}
2680
caed8802 2681static void ide_data_writew(void *opaque, uint32_t addr, uint32_t val)
5391d806 2682{
caed8802 2683 IDEState *s = ((IDEState *)opaque)->cur_drive;
5391d806
FB		 2684 uint8_t *p;
2685
fcdd25ab
AL		 2686 /* PIO data access allowed only when DRQ bit is set */
2687 if (!(s->status & DRQ_STAT))
2688 return;
2689
5391d806 2690 p = s->data_ptr;
0c4ad8dc 2691 *(uint16_t *)p = le16_to_cpu(val);
5391d806
FB		 2692 p += 2;
2693 s->data_ptr = p;
2694 if (p >= s->data_end)
2695 s->end_transfer_func(s);
2696}
2697
caed8802 2698static uint32_t ide_data_readw(void *opaque, uint32_t addr)
5391d806 2699{
caed8802 2700 IDEState *s = ((IDEState *)opaque)->cur_drive;
5391d806
FB		 2701 uint8_t *p;
2702 int ret;
fcdd25ab
AL		 2703
2704 /* PIO data access allowed only when DRQ bit is set */
2705 if (!(s->status & DRQ_STAT))
2706 return 0;
2707
5391d806 2708 p = s->data_ptr;
0c4ad8dc 2709 ret = cpu_to_le16(*(uint16_t *)p);
5391d806
FB		 2710 p += 2;
2711 s->data_ptr = p;
2712 if (p >= s->data_end)
2713 s->end_transfer_func(s);
2714 return ret;
2715}
2716
caed8802 2717static void ide_data_writel(void *opaque, uint32_t addr, uint32_t val)
5391d806 2718{
caed8802 2719 IDEState *s = ((IDEState *)opaque)->cur_drive;
5391d806
FB		 2720 uint8_t *p;
2721
fcdd25ab
AL		 2722 /* PIO data access allowed only when DRQ bit is set */
2723 if (!(s->status & DRQ_STAT))
2724 return;
2725
5391d806 2726 p = s->data_ptr;
0c4ad8dc 2727 *(uint32_t *)p = le32_to_cpu(val);
5391d806
FB		 2728 p += 4;
2729 s->data_ptr = p;
2730 if (p >= s->data_end)
2731 s->end_transfer_func(s);
2732}
2733
caed8802 2734static uint32_t ide_data_readl(void *opaque, uint32_t addr)
5391d806 2735{
caed8802 2736 IDEState *s = ((IDEState *)opaque)->cur_drive;
5391d806
FB		 2737 uint8_t *p;
2738 int ret;
3b46e624 2739
fcdd25ab
AL		 2740 /* PIO data access allowed only when DRQ bit is set */
2741 if (!(s->status & DRQ_STAT))
2742 return 0;
2743
5391d806 2744 p = s->data_ptr;
0c4ad8dc 2745 ret = cpu_to_le32(*(uint32_t *)p);
5391d806
FB		 2746 p += 4;
2747 s->data_ptr = p;
2748 if (p >= s->data_end)
2749 s->end_transfer_func(s);
2750 return ret;
2751}
2752
a7dfe172
FB		 2753static void ide_dummy_transfer_stop(IDEState *s)
2754{
2755 s->data_ptr = s->io_buffer;
2756 s->data_end = s->io_buffer;
2757 s->io_buffer[0] = 0xff;
2758 s->io_buffer[1] = 0xff;
2759 s->io_buffer[2] = 0xff;
2760 s->io_buffer[3] = 0xff;
2761}
2762
5391d806
FB		 2763static void ide_reset(IDEState *s)
2764{
201a51fc
AZ		 2765 if (s->is_cf)
2766 s->mult_sectors = 0;
2767 else
2768 s->mult_sectors = MAX_MULT_SECTORS;
5391d806
FB		 2769 s->cur_drive = s;
2770 s->select = 0xa0;
41a2b959 2771 s->status = READY_STAT | SEEK_STAT;
5391d806 2772 ide_set_signature(s);
a7dfe172
FB		 2773 /* init the transfer handler so that 0xffff is returned on data
2774 accesses */
2775 s->end_transfer_func = ide_dummy_transfer_stop;
2776 ide_dummy_transfer_stop(s);
201a51fc 2777 s->media_changed = 0;
5391d806
FB		 2778}
2779
5457c8ce
FB		 2780static void ide_init2(IDEState *ide_state,
2781 BlockDriverState *hd0, BlockDriverState *hd1,
d537cf6c 2782 qemu_irq irq)
5391d806 2783{
69b91039 2784 IDEState *s;
aedf5382 2785 static int drive_serial = 1;
f3d54fc4 2786 int i, cylinders, heads, secs;
96b8f136 2787 uint64_t nb_sectors;
5391d806 2788
caed8802
FB		 2789 for(i = 0; i < 2; i++) {
2790 s = ide_state + i;
2791 if (i == 0)
2792 s->bs = hd0;
2793 else
2794 s->bs = hd1;
e268ca52 2795 s->io_buffer = qemu_blockalign(s->bs, IDE_DMA_BUF_SECTORS*512 + 4);
5391d806
FB		 2796 if (s->bs) {
2797 bdrv_get_geometry(s->bs, &nb_sectors);
f3d54fc4
AL		 2798 bdrv_guess_geometry(s->bs, &cylinders, &heads, &secs);
2799 s->cylinders = cylinders;
2800 s->heads = heads;
2801 s->sectors = secs;
5391d806 2802 s->nb_sectors = nb_sectors;
f3d54fc4 2803
caed8802
FB		 2804 if (bdrv_get_type_hint(s->bs) == BDRV_TYPE_CDROM) {
2805 s->is_cdrom = 1;
bd491d6a 2806 bdrv_set_change_cb(s->bs, cdrom_change_cb, s);
5391d806
FB		 2807 }
2808 }
aedf5382 2809 s->drive_serial = drive_serial++;
fa879c64
AL		 2810 strncpy(s->drive_serial_str, drive_get_serial(s->bs),
2811 sizeof(s->drive_serial_str));
2812 if (strlen(s->drive_serial_str) == 0)
2813 snprintf(s->drive_serial_str, sizeof(s->drive_serial_str),
2814 "QM%05d", s->drive_serial);
caed8802 2815 s->irq = irq;
5fafdf24 2816 s->sector_write_timer = qemu_new_timer(vm_clock,
a09db21f 2817 ide_sector_write_timer_cb, s);
5391d806
FB		 2818 ide_reset(s);
2819 }
69b91039
FB		 2820}
2821
34e538ae 2822static void ide_init_ioport(IDEState *ide_state, int iobase, int iobase2)
69b91039 2823{
caed8802
FB		 2824 register_ioport_write(iobase, 8, 1, ide_ioport_write, ide_state);
2825 register_ioport_read(iobase, 8, 1, ide_ioport_read, ide_state);
2826 if (iobase2) {
2827 register_ioport_read(iobase2, 1, 1, ide_status_read, ide_state);
2828 register_ioport_write(iobase2, 1, 1, ide_cmd_write, ide_state);
5391d806 2829 }
3b46e624 2830
caed8802
FB		 2831 /* data ports */
2832 register_ioport_write(iobase, 2, 2, ide_data_writew, ide_state);
2833 register_ioport_read(iobase, 2, 2, ide_data_readw, ide_state);
2834 register_ioport_write(iobase, 4, 4, ide_data_writel, ide_state);
2835 register_ioport_read(iobase, 4, 4, ide_data_readl, ide_state);
5391d806 2836}
69b91039 2837
aa941b94
AZ		 2838/* save per IDE drive data */
2839static void ide_save(QEMUFile* f, IDEState *s)
2840{
bee8d684
TS		 2841 qemu_put_be32(f, s->mult_sectors);
2842 qemu_put_be32(f, s->identify_set);
aa941b94
AZ		 2843 if (s->identify_set) {
2844 qemu_put_buffer(f, (const uint8_t *)s->identify_data, 512);
2845 }
2846 qemu_put_8s(f, &s->feature);
2847 qemu_put_8s(f, &s->error);
2848 qemu_put_be32s(f, &s->nsector);
2849 qemu_put_8s(f, &s->sector);
2850 qemu_put_8s(f, &s->lcyl);
2851 qemu_put_8s(f, &s->hcyl);
2852 qemu_put_8s(f, &s->hob_feature);
2853 qemu_put_8s(f, &s->hob_nsector);
2854 qemu_put_8s(f, &s->hob_sector);
2855 qemu_put_8s(f, &s->hob_lcyl);
2856 qemu_put_8s(f, &s->hob_hcyl);
2857 qemu_put_8s(f, &s->select);
2858 qemu_put_8s(f, &s->status);
2859 qemu_put_8s(f, &s->lba48);
2860
2861 qemu_put_8s(f, &s->sense_key);
2862 qemu_put_8s(f, &s->asc);
2863 /* XXX: if a transfer is pending, we do not save it yet */
2864}
2865
2866/* load per IDE drive data */
2867static void ide_load(QEMUFile* f, IDEState *s)
2868{
bee8d684
TS		 2869 s->mult_sectors=qemu_get_be32(f);
2870 s->identify_set=qemu_get_be32(f);
aa941b94
AZ		 2871 if (s->identify_set) {
2872 qemu_get_buffer(f, (uint8_t *)s->identify_data, 512);
2873 }
2874 qemu_get_8s(f, &s->feature);
2875 qemu_get_8s(f, &s->error);
2876 qemu_get_be32s(f, &s->nsector);
2877 qemu_get_8s(f, &s->sector);
2878 qemu_get_8s(f, &s->lcyl);
2879 qemu_get_8s(f, &s->hcyl);
2880 qemu_get_8s(f, &s->hob_feature);
2881 qemu_get_8s(f, &s->hob_nsector);
2882 qemu_get_8s(f, &s->hob_sector);
2883 qemu_get_8s(f, &s->hob_lcyl);
2884 qemu_get_8s(f, &s->hob_hcyl);
2885 qemu_get_8s(f, &s->select);
2886 qemu_get_8s(f, &s->status);
2887 qemu_get_8s(f, &s->lba48);
2888
2889 qemu_get_8s(f, &s->sense_key);
2890 qemu_get_8s(f, &s->asc);
2891 /* XXX: if a transfer is pending, we do not save it yet */
2892}
2893
34e538ae
FB		 2894/***********************************************************/
2895/* ISA IDE definitions */
2896
d537cf6c 2897void isa_ide_init(int iobase, int iobase2, qemu_irq irq,
34e538ae
FB		 2898 BlockDriverState *hd0, BlockDriverState *hd1)
2899{
2900 IDEState *ide_state;
2901
2902 ide_state = qemu_mallocz(sizeof(IDEState) * 2);
3b46e624 2903
d537cf6c 2904 ide_init2(ide_state, hd0, hd1, irq);
34e538ae
FB		 2905 ide_init_ioport(ide_state, iobase, iobase2);
2906}
2907
69b91039
FB		 2908/***********************************************************/
2909/* PCI IDE definitions */
2910
5457c8ce
FB		 2911static void cmd646_update_irq(PCIIDEState *d);
2912
5fafdf24 2913static void ide_map(PCIDevice *pci_dev, int region_num,
69b91039
FB		 2914 uint32_t addr, uint32_t size, int type)
2915{
2916 PCIIDEState *d = (PCIIDEState *)pci_dev;
2917 IDEState *ide_state;
2918
2919 if (region_num <= 3) {
2920 ide_state = &d->ide_if[(region_num >> 1) * 2];
2921 if (region_num & 1) {
2922 register_ioport_read(addr + 2, 1, 1, ide_status_read, ide_state);
2923 register_ioport_write(addr + 2, 1, 1, ide_cmd_write, ide_state);
2924 } else {
2925 register_ioport_write(addr, 8, 1, ide_ioport_write, ide_state);
2926 register_ioport_read(addr, 8, 1, ide_ioport_read, ide_state);
2927
2928 /* data ports */
2929 register_ioport_write(addr, 2, 2, ide_data_writew, ide_state);
2930 register_ioport_read(addr, 2, 2, ide_data_readw, ide_state);
2931 register_ioport_write(addr, 4, 4, ide_data_writel, ide_state);
2932 register_ioport_read(addr, 4, 4, ide_data_readl, ide_state);
2933 }
2934 }
2935}
2936
8ccad811 2937static void ide_dma_start(IDEState *s, BlockDriverCompletionFunc *dma_cb)
98087450
FB		 2938{
2939 BMDMAState *bm = s->bmdma;
2940 if(!bm)
2941 return;
2942 bm->ide_if = s;
2943 bm->dma_cb = dma_cb;
8ccad811
FB		 2944 bm->cur_prd_last = 0;
2945 bm->cur_prd_addr = 0;
2946 bm->cur_prd_len = 0;
428c5705
AL		 2947 bm->sector_num = ide_get_sector(s);
2948 bm->nsector = s->nsector;
98087450 2949 if (bm->status & BM_STATUS_DMAING) {
8ccad811 2950 bm->dma_cb(bm, 0);
98087450
FB		 2951 }
2952}
2953
428c5705
AL		 2954static void ide_dma_restart(IDEState *s)
2955{
2956 BMDMAState *bm = s->bmdma;
2957 ide_set_sector(s, bm->sector_num);
2958 s->io_buffer_index = 0;
2959 s->io_buffer_size = 0;
2960 s->nsector = bm->nsector;
2961 bm->cur_addr = bm->addr;
2962 bm->dma_cb = ide_write_dma_cb;
2963 ide_dma_start(s, bm->dma_cb);
2964}
2965
72c7b06c
AL		 2966static void ide_dma_cancel(BMDMAState *bm)
2967{
2968 if (bm->status & BM_STATUS_DMAING) {
2969 bm->status &= ~BM_STATUS_DMAING;
2970 /* cancel DMA request */
2971 bm->ide_if = NULL;
2972 bm->dma_cb = NULL;
2973 if (bm->aiocb) {
2974#ifdef DEBUG_AIO
2975 printf("aio_cancel\n");
2976#endif
2977 bdrv_aio_cancel(bm->aiocb);
2978 bm->aiocb = NULL;
2979 }
2980 }
2981}
2982
98087450
FB		 2983static void bmdma_cmd_writeb(void *opaque, uint32_t addr, uint32_t val)
2984{
2985 BMDMAState *bm = opaque;
2986#ifdef DEBUG_IDE
2987 printf("%s: 0x%08x\n", __func__, val);
2988#endif
2989 if (!(val & BM_CMD_START)) {
2990 /* XXX: do it better */
72c7b06c 2991 ide_dma_cancel(bm);
98087450
FB		 2992 bm->cmd = val & 0x09;
2993 } else {
8ccad811
FB		 2994 if (!(bm->status & BM_STATUS_DMAING)) {
2995 bm->status |= BM_STATUS_DMAING;
2996 /* start dma transfer if possible */
2997 if (bm->dma_cb)
2998 bm->dma_cb(bm, 0);
2999 }
98087450 3000 bm->cmd = val & 0x09;
98087450
FB		 3001 }
3002}
3003
5457c8ce 3004static uint32_t bmdma_readb(void *opaque, uint32_t addr)
98087450
FB		 3005{
3006 BMDMAState *bm = opaque;
5457c8ce 3007 PCIIDEState *pci_dev;
98087450 3008 uint32_t val;
3b46e624 3009
5457c8ce 3010 switch(addr & 3) {
5fafdf24 3011 case 0:
5457c8ce
FB		 3012 val = bm->cmd;
3013 break;
3014 case 1:
3015 pci_dev = bm->pci_dev;
3016 if (pci_dev->type == IDE_TYPE_CMD646) {
3017 val = pci_dev->dev.config[MRDMODE];
3018 } else {
3019 val = 0xff;
3020 }
3021 break;
3022 case 2:
3023 val = bm->status;
3024 break;
3025 case 3:
3026 pci_dev = bm->pci_dev;
3027 if (pci_dev->type == IDE_TYPE_CMD646) {
3028 if (bm == &pci_dev->bmdma[0])
3029 val = pci_dev->dev.config[UDIDETCR0];
3030 else
3031 val = pci_dev->dev.config[UDIDETCR1];
3032 } else {
3033 val = 0xff;
3034 }
3035 break;
3036 default:
3037 val = 0xff;
3038 break;
3039 }
98087450 3040#ifdef DEBUG_IDE
5457c8ce 3041 printf("bmdma: readb 0x%02x : 0x%02x\n", addr, val);
98087450
FB		 3042#endif
3043 return val;
3044}
3045
5457c8ce 3046static void bmdma_writeb(void *opaque, uint32_t addr, uint32_t val)
98087450
FB		 3047{
3048 BMDMAState *bm = opaque;
5457c8ce 3049 PCIIDEState *pci_dev;
98087450 3050#ifdef DEBUG_IDE
5457c8ce 3051 printf("bmdma: writeb 0x%02x : 0x%02x\n", addr, val);
98087450 3052#endif
5457c8ce
FB		 3053 switch(addr & 3) {
3054 case 1:
3055 pci_dev = bm->pci_dev;
3056 if (pci_dev->type == IDE_TYPE_CMD646) {
5fafdf24 3057 pci_dev->dev.config[MRDMODE] =
5457c8ce
FB		 3058 (pci_dev->dev.config[MRDMODE] & ~0x30) | (val & 0x30);
3059 cmd646_update_irq(pci_dev);
3060 }
3061 break;
3062 case 2:
3063 bm->status = (val & 0x60) | (bm->status & 1) | (bm->status & ~val & 0x06);
3064 break;
3065 case 3:
3066 pci_dev = bm->pci_dev;
3067 if (pci_dev->type == IDE_TYPE_CMD646) {
3068 if (bm == &pci_dev->bmdma[0])
3069 pci_dev->dev.config[UDIDETCR0] = val;
3070 else
3071 pci_dev->dev.config[UDIDETCR1] = val;
3072 }
3073 break;
3074 }
98087450
FB		 3075}
3076
5b9a1293
AJ		 3077static uint32_t bmdma_addr_readb(void *opaque, uint32_t addr)
3078{
3079 BMDMAState *bm = opaque;
3080 uint32_t val;
3081 val = (bm->addr >> ((addr & 3) * 8)) & 0xff;
3082#ifdef DEBUG_IDE
3083 printf("%s: 0x%08x\n", __func__, val);
3084#endif
3085 return val;
3086}
3087
3088static void bmdma_addr_writeb(void *opaque, uint32_t addr, uint32_t val)
3089{
3090 BMDMAState *bm = opaque;
3091 int shift = (addr & 3) * 8;
3092#ifdef DEBUG_IDE
3093 printf("%s: 0x%08x\n", __func__, val);
3094#endif
3095 bm->addr &= ~(0xFF << shift);
3096 bm->addr |= ((val & 0xFF) << shift) & ~3;
3097 bm->cur_addr = bm->addr;
3098}
3099
3100static uint32_t bmdma_addr_readw(void *opaque, uint32_t addr)
3101{
3102 BMDMAState *bm = opaque;
3103 uint32_t val;
3104 val = (bm->addr >> ((addr & 3) * 8)) & 0xffff;
3105#ifdef DEBUG_IDE
3106 printf("%s: 0x%08x\n", __func__, val);
3107#endif
3108 return val;
3109}
3110
3111static void bmdma_addr_writew(void *opaque, uint32_t addr, uint32_t val)
3112{
3113 BMDMAState *bm = opaque;
3114 int shift = (addr & 3) * 8;
3115#ifdef DEBUG_IDE
3116 printf("%s: 0x%08x\n", __func__, val);
3117#endif
3118 bm->addr &= ~(0xFFFF << shift);
3119 bm->addr |= ((val & 0xFFFF) << shift) & ~3;
3120 bm->cur_addr = bm->addr;
3121}
3122
98087450
FB		 3123static uint32_t bmdma_addr_readl(void *opaque, uint32_t addr)
3124{
3125 BMDMAState *bm = opaque;
3126 uint32_t val;
3127 val = bm->addr;
3128#ifdef DEBUG_IDE
3129 printf("%s: 0x%08x\n", __func__, val);
3130#endif
3131 return val;
3132}
3133
3134static void bmdma_addr_writel(void *opaque, uint32_t addr, uint32_t val)
3135{
3136 BMDMAState *bm = opaque;
3137#ifdef DEBUG_IDE
3138 printf("%s: 0x%08x\n", __func__, val);
3139#endif
3140 bm->addr = val & ~3;
30c4bbac 3141 bm->cur_addr = bm->addr;
98087450
FB		 3142}
3143
5fafdf24 3144static void bmdma_map(PCIDevice *pci_dev, int region_num,
98087450
FB		 3145 uint32_t addr, uint32_t size, int type)
3146{
3147 PCIIDEState *d = (PCIIDEState *)pci_dev;
3148 int i;
3149
3150 for(i = 0;i < 2; i++) {
3151 BMDMAState *bm = &d->bmdma[i];
3152 d->ide_if[2 * i].bmdma = bm;
3153 d->ide_if[2 * i + 1].bmdma = bm;
5457c8ce 3154 bm->pci_dev = (PCIIDEState *)pci_dev;
428c5705 3155 qemu_add_vm_change_state_handler(ide_dma_restart_cb, bm);
5457c8ce 3156
98087450 3157 register_ioport_write(addr, 1, 1, bmdma_cmd_writeb, bm);
98087450 3158
5457c8ce
FB		 3159 register_ioport_write(addr + 1, 3, 1, bmdma_writeb, bm);
3160 register_ioport_read(addr, 4, 1, bmdma_readb, bm);
98087450 3161
5b9a1293
AJ		 3162 register_ioport_write(addr + 4, 4, 1, bmdma_addr_writeb, bm);
3163 register_ioport_read(addr + 4, 4, 1, bmdma_addr_readb, bm);
3164 register_ioport_write(addr + 4, 4, 2, bmdma_addr_writew, bm);
3165 register_ioport_read(addr + 4, 4, 2, bmdma_addr_readw, bm);
98087450
FB		 3166 register_ioport_write(addr + 4, 4, 4, bmdma_addr_writel, bm);
3167 register_ioport_read(addr + 4, 4, 4, bmdma_addr_readl, bm);
3168 addr += 8;
3169 }
3170}
3171
9b64997f
BS		 3172static void pci_ide_save(QEMUFile* f, void *opaque)
3173{
3174 PCIIDEState *d = opaque;
3175 int i;
3176
3177 pci_device_save(&d->dev, f);
3178
3179 for(i = 0; i < 2; i++) {
3180 BMDMAState *bm = &d->bmdma[i];
428c5705 3181 uint8_t ifidx;
9b64997f
BS		 3182 qemu_put_8s(f, &bm->cmd);
3183 qemu_put_8s(f, &bm->status);
3184 qemu_put_be32s(f, &bm->addr);
428c5705
AL		 3185 qemu_put_sbe64s(f, &bm->sector_num);
3186 qemu_put_be32s(f, &bm->nsector);
3187 ifidx = bm->ide_if ? bm->ide_if - d->ide_if : 0;
3188 qemu_put_8s(f, &ifidx);
9b64997f
BS		 3189 /* XXX: if a transfer is pending, we do not save it yet */
3190 }
3191
3192 /* per IDE interface data */
3193 for(i = 0; i < 2; i++) {
3194 IDEState *s = &d->ide_if[i * 2];
3195 uint8_t drive1_selected;
3196 qemu_put_8s(f, &s->cmd);
3197 drive1_selected = (s->cur_drive != s);
3198 qemu_put_8s(f, &drive1_selected);
3199 }
3200
3201 /* per IDE drive data */
3202 for(i = 0; i < 4; i++) {
3203 ide_save(f, &d->ide_if[i]);
3204 }
3205}
3206
3207static int pci_ide_load(QEMUFile* f, void *opaque, int version_id)
3208{
3209 PCIIDEState *d = opaque;
3210 int ret, i;
3211
428c5705 3212 if (version_id != 2)
9b64997f
BS		 3213 return -EINVAL;
3214 ret = pci_device_load(&d->dev, f);
3215 if (ret < 0)
3216 return ret;
3217
3218 for(i = 0; i < 2; i++) {
3219 BMDMAState *bm = &d->bmdma[i];
428c5705 3220 uint8_t ifidx;
9b64997f
BS		 3221 qemu_get_8s(f, &bm->cmd);
3222 qemu_get_8s(f, &bm->status);
3223 qemu_get_be32s(f, &bm->addr);
428c5705
AL		 3224 qemu_get_sbe64s(f, &bm->sector_num);
3225 qemu_get_be32s(f, &bm->nsector);
3226 qemu_get_8s(f, &ifidx);
3227 bm->ide_if = &d->ide_if[ifidx];
9b64997f
BS		 3228 /* XXX: if a transfer is pending, we do not save it yet */
3229 }
3230
3231 /* per IDE interface data */
3232 for(i = 0; i < 2; i++) {
3233 IDEState *s = &d->ide_if[i * 2];
3234 uint8_t drive1_selected;
3235 qemu_get_8s(f, &s->cmd);
3236 qemu_get_8s(f, &drive1_selected);
3237 s->cur_drive = &d->ide_if[i * 2 + (drive1_selected != 0)];
3238 }
3239
3240 /* per IDE drive data */
3241 for(i = 0; i < 4; i++) {
3242 ide_load(f, &d->ide_if[i]);
3243 }
3244 return 0;
3245}
3246
5457c8ce
FB		 3247/* XXX: call it also when the MRDMODE is changed from the PCI config
3248 registers */
3249static void cmd646_update_irq(PCIIDEState *d)
3250{
3251 int pci_level;
3252 pci_level = ((d->dev.config[MRDMODE] & MRDMODE_INTR_CH0) &&
3253 !(d->dev.config[MRDMODE] & MRDMODE_BLK_CH0)) ||
3254 ((d->dev.config[MRDMODE] & MRDMODE_INTR_CH1) &&
3255 !(d->dev.config[MRDMODE] & MRDMODE_BLK_CH1));
d537cf6c 3256 qemu_set_irq(d->dev.irq[0], pci_level);
5457c8ce
FB		 3257}
3258
3259/* the PCI irq level is the logical OR of the two channels */
3260static void cmd646_set_irq(void *opaque, int channel, int level)
3261{
3262 PCIIDEState *d = opaque;
3263 int irq_mask;
3264
3265 irq_mask = MRDMODE_INTR_CH0 << channel;
3266 if (level)
3267 d->dev.config[MRDMODE] |= irq_mask;
3268 else
3269 d->dev.config[MRDMODE] &= ~irq_mask;
3270 cmd646_update_irq(d);
3271}
3272
6e6b7363
BS		 3273static void cmd646_reset(void *opaque)
3274{
3275 PCIIDEState *d = opaque;
3276 unsigned int i;
3277
3278 for (i = 0; i < 2; i++)
3279 ide_dma_cancel(&d->bmdma[i]);
3280}
3281
5457c8ce
FB		 3282/* CMD646 PCI IDE controller */
3283void pci_cmd646_ide_init(PCIBus *bus, BlockDriverState **hd_table,
3284 int secondary_ide_enabled)
69b91039
FB		 3285{
3286 PCIIDEState *d;
3287 uint8_t *pci_conf;
34e538ae 3288 int i;
d537cf6c 3289 qemu_irq *irq;
34e538ae 3290
5fafdf24 3291 d = (PCIIDEState *)pci_register_device(bus, "CMD646 IDE",
5457c8ce 3292 sizeof(PCIIDEState),
5fafdf24 3293 -1,
73c11f63 3294 NULL, NULL);
5457c8ce 3295 d->type = IDE_TYPE_CMD646;
69b91039 3296 pci_conf = d->dev.config;
deb54399
AL		 3297 pci_config_set_vendor_id(pci_conf, PCI_VENDOR_ID_CMD);
3298 pci_config_set_device_id(pci_conf, PCI_DEVICE_ID_CMD_646);
5457c8ce
FB		 3299
3300 pci_conf[0x08] = 0x07; // IDE controller revision
5fafdf24 3301 pci_conf[0x09] = 0x8f;
5457c8ce 3302
173a543b 3303 pci_config_set_class(pci_conf, PCI_CLASS_STORAGE_IDE);
6407f373 3304 pci_conf[PCI_HEADER_TYPE] = PCI_HEADER_TYPE_NORMAL; // header_type
3b46e624 3305
0516ede0 3306 pci_conf[0x51] = 0x04; // enable IDE0
5457c8ce
FB		 3307 if (secondary_ide_enabled) {
3308 /* XXX: if not enabled, really disable the seconday IDE controller */
0516ede0 3309 pci_conf[0x51] |= 0x08; /* enable IDE1 */
5457c8ce 3310 }
69b91039 3311
28c2c264 3312 pci_register_bar((PCIDevice *)d, 0, 0x8,
69b91039 3313 PCI_ADDRESS_SPACE_IO, ide_map);
28c2c264 3314 pci_register_bar((PCIDevice *)d, 1, 0x4,
69b91039 3315 PCI_ADDRESS_SPACE_IO, ide_map);
28c2c264 3316 pci_register_bar((PCIDevice *)d, 2, 0x8,
69b91039 3317 PCI_ADDRESS_SPACE_IO, ide_map);
28c2c264 3318 pci_register_bar((PCIDevice *)d, 3, 0x4,
69b91039 3319 PCI_ADDRESS_SPACE_IO, ide_map);
28c2c264 3320 pci_register_bar((PCIDevice *)d, 4, 0x10,
98087450 3321 PCI_ADDRESS_SPACE_IO, bmdma_map);
69b91039 3322
34e538ae 3323 pci_conf[0x3d] = 0x01; // interrupt on pin 1
3b46e624 3324
34e538ae
FB		 3325 for(i = 0; i < 4; i++)
3326 d->ide_if[i].pci_dev = (PCIDevice *)d;
d537cf6c
PB		 3327
3328 irq = qemu_allocate_irqs(cmd646_set_irq, d, 2);
3329 ide_init2(&d->ide_if[0], hd_table[0], hd_table[1], irq[0]);
3330 ide_init2(&d->ide_if[2], hd_table[2], hd_table[3], irq[1]);
6e6b7363 3331
428c5705 3332 register_savevm("ide", 0, 2, pci_ide_save, pci_ide_load, d);
8217606e 3333 qemu_register_reset(cmd646_reset, 0, d);
6e6b7363 3334 cmd646_reset(d);
34e538ae
FB		 3335}
3336
72c7b06c 3337static void piix3_reset(void *opaque)
e6a71ae3 3338{
72c7b06c 3339 PCIIDEState *d = opaque;
e6a71ae3 3340 uint8_t *pci_conf = d->dev.config;
72c7b06c
AL		 3341 int i;
3342
3343 for (i = 0; i < 2; i++)
3344 ide_dma_cancel(&d->bmdma[i]);
e6a71ae3
TS		 3345
3346 pci_conf[0x04] = 0x00;
3347 pci_conf[0x05] = 0x00;
3348 pci_conf[0x06] = 0x80; /* FBC */
3349 pci_conf[0x07] = 0x02; // PCI_status_devsel_medium
3350 pci_conf[0x20] = 0x01; /* BMIBA: 20-23h */
3351}
3352
34e538ae
FB		 3353/* hd_table must contain 4 block drivers */
3354/* NOTE: for the PIIX3, the IRQs and IOports are hardcoded */
d537cf6c
PB		 3355void pci_piix3_ide_init(PCIBus *bus, BlockDriverState **hd_table, int devfn,
3356 qemu_irq *pic)
34e538ae
FB		 3357{
3358 PCIIDEState *d;
3359 uint8_t *pci_conf;
b0a7b120 3360 int i;
3b46e624 3361
34e538ae 3362 /* register a function 1 of PIIX3 */
5fafdf24 3363 d = (PCIIDEState *)pci_register_device(bus, "PIIX3 IDE",
46e50e9d 3364 sizeof(PCIIDEState),
502a5395 3365 devfn,
34e538ae 3366 NULL, NULL);
5457c8ce
FB		 3367 d->type = IDE_TYPE_PIIX3;
3368
34e538ae 3369 pci_conf = d->dev.config;
deb54399
AL		 3370 pci_config_set_vendor_id(pci_conf, PCI_VENDOR_ID_INTEL);
3371 pci_config_set_device_id(pci_conf, PCI_DEVICE_ID_INTEL_82371SB_1);
92510b8c 3372 pci_conf[0x09] = 0x80; // legacy ATA mode
173a543b 3373 pci_config_set_class(pci_conf, PCI_CLASS_STORAGE_IDE);
6407f373 3374 pci_conf[PCI_HEADER_TYPE] = PCI_HEADER_TYPE_NORMAL; // header_type
34e538ae 3375
8217606e 3376 qemu_register_reset(piix3_reset, 0, d);
e6a71ae3
TS		 3377 piix3_reset(d);
3378
28c2c264 3379 pci_register_bar((PCIDevice *)d, 4, 0x10,
98087450 3380 PCI_ADDRESS_SPACE_IO, bmdma_map);
34e538ae 3381
d537cf6c
PB		 3382 ide_init2(&d->ide_if[0], hd_table[0], hd_table[1], pic[14]);
3383 ide_init2(&d->ide_if[2], hd_table[2], hd_table[3], pic[15]);
34e538ae
FB		 3384 ide_init_ioport(&d->ide_if[0], 0x1f0, 0x3f6);
3385 ide_init_ioport(&d->ide_if[2], 0x170, 0x376);
c3d78997 3386
b0a7b120
AL		 3387 for (i = 0; i < 4; i++)
3388 if (hd_table[i])
3389 hd_table[i]->private = &d->dev;
3390
428c5705 3391 register_savevm("ide", 0, 2, pci_ide_save, pci_ide_load, d);
69b91039 3392}
1ade1de2 3393
afcc3cdf
TS		 3394/* hd_table must contain 4 block drivers */
3395/* NOTE: for the PIIX4, the IRQs and IOports are hardcoded */
3396void pci_piix4_ide_init(PCIBus *bus, BlockDriverState **hd_table, int devfn,
3397 qemu_irq *pic)
3398{
3399 PCIIDEState *d;
3400 uint8_t *pci_conf;
3401
3402 /* register a function 1 of PIIX4 */
3403 d = (PCIIDEState *)pci_register_device(bus, "PIIX4 IDE",
3404 sizeof(PCIIDEState),
3405 devfn,
3406 NULL, NULL);
3407 d->type = IDE_TYPE_PIIX4;
3408
3409 pci_conf = d->dev.config;
deb54399
AL		 3410 pci_config_set_vendor_id(pci_conf, PCI_VENDOR_ID_INTEL);
3411 pci_config_set_device_id(pci_conf, PCI_DEVICE_ID_INTEL_82371AB);
afcc3cdf 3412 pci_conf[0x09] = 0x80; // legacy ATA mode
173a543b 3413 pci_config_set_class(pci_conf, PCI_CLASS_STORAGE_IDE);
6407f373 3414 pci_conf[PCI_HEADER_TYPE] = PCI_HEADER_TYPE_NORMAL; // header_type
afcc3cdf 3415
8217606e 3416 qemu_register_reset(piix3_reset, 0, d);
afcc3cdf
TS		 3417 piix3_reset(d);
3418
28c2c264 3419 pci_register_bar((PCIDevice *)d, 4, 0x10,
afcc3cdf
TS		 3420 PCI_ADDRESS_SPACE_IO, bmdma_map);
3421
3422 ide_init2(&d->ide_if[0], hd_table[0], hd_table[1], pic[14]);
3423 ide_init2(&d->ide_if[2], hd_table[2], hd_table[3], pic[15]);
3424 ide_init_ioport(&d->ide_if[0], 0x1f0, 0x3f6);
3425 ide_init_ioport(&d->ide_if[2], 0x170, 0x376);
3426
428c5705 3427 register_savevm("ide", 0, 2, pci_ide_save, pci_ide_load, d);
afcc3cdf
TS		 3428}
3429
e3007e66 3430#if defined(TARGET_PPC)
1ade1de2
FB		 3431/***********************************************************/
3432/* MacIO based PowerPC IDE */
3433
e3007e66
AJ		 3434typedef struct MACIOIDEState {
3435 IDEState ide_if[2];
862c9280 3436 BlockDriverAIOCB *aiocb;
e3007e66
AJ		 3437} MACIOIDEState;
3438
862c9280 3439static void pmac_ide_atapi_transfer_cb(void *opaque, int ret)
e3007e66 3440{
862c9280 3441 DBDMA_io *io = opaque;
b42ec42d 3442 MACIOIDEState *m = io->opaque;
e3007e66 3443 IDEState *s = m->ide_if->cur_drive;
e3007e66 3444
862c9280
AJ		 3445 if (ret < 0) {
3446 m->aiocb = NULL;
3447 qemu_sglist_destroy(&s->sg);
3448 ide_atapi_io_error(s, ret);
3449 io->dma_end(opaque);
3450 return;
3451 }
e3007e66 3452
862c9280
AJ		 3453 if (s->io_buffer_size > 0) {
3454 m->aiocb = NULL;
3455 qemu_sglist_destroy(&s->sg);
e3007e66 3456
862c9280 3457 s->packet_transfer_size -= s->io_buffer_size;
e3007e66 3458
862c9280
AJ		 3459 s->io_buffer_index += s->io_buffer_size;
3460 s->lba += s->io_buffer_index >> 11;
3461 s->io_buffer_index &= 0x7ff;
3462 }
e3007e66 3463
862c9280
AJ		 3464 if (s->packet_transfer_size <= 0)
3465 ide_atapi_cmd_ok(s);
e3007e66 3466
862c9280
AJ		 3467 if (io->len == 0) {
3468 io->dma_end(opaque);
3469 return;
e3007e66 3470 }
b42ec42d 3471
862c9280 3472 /* launch next transfer */
b42ec42d 3473
862c9280
AJ		 3474 s->io_buffer_size = io->len;
3475
3476 qemu_sglist_init(&s->sg, io->len / TARGET_PAGE_SIZE + 1);
3477 qemu_sglist_add(&s->sg, io->addr, io->len);
3478 io->addr += io->len;
3479 io->len = 0;
3480
3481 m->aiocb = dma_bdrv_read(s->bs, &s->sg,
3482 (int64_t)(s->lba << 2) + (s->io_buffer_index >> 9),
3483 pmac_ide_atapi_transfer_cb, io);
3484 if (!m->aiocb) {
3485 qemu_sglist_destroy(&s->sg);
3486 /* Note: media not present is the most likely case */
3487 ide_atapi_cmd_error(s, SENSE_NOT_READY,
3488 ASC_MEDIUM_NOT_PRESENT);
3489 io->dma_end(opaque);
3490 return;
e3007e66 3491 }
e3007e66
AJ		 3492}
3493
862c9280 3494static void pmac_ide_transfer_cb(void *opaque, int ret)
e3007e66 3495{
862c9280 3496 DBDMA_io *io = opaque;
b42ec42d 3497 MACIOIDEState *m = io->opaque;
e3007e66 3498 IDEState *s = m->ide_if->cur_drive;
862c9280 3499 int n;
e3007e66 3500 int64_t sector_num;
e3007e66 3501
862c9280
AJ		 3502 if (ret < 0) {
3503 m->aiocb = NULL;
3504 qemu_sglist_destroy(&s->sg);
3505 ide_dma_error(s);
3506 io->dma_end(io);
b42ec42d
AJ		 3507 return;
3508 }
e3007e66 3509
862c9280
AJ		 3510 sector_num = ide_get_sector(s);
3511 if (s->io_buffer_size > 0) {
3512 m->aiocb = NULL;
3513 qemu_sglist_destroy(&s->sg);
3514 n = (s->io_buffer_size + 0x1ff) >> 9;
3515 sector_num += n;
3516 ide_set_sector(s, sector_num);
3517 s->nsector -= n;
3518 }
3519
3520 /* end of transfer ? */
3521 if (s->nsector == 0) {
3522 s->status = READY_STAT | SEEK_STAT;
3523 ide_set_irq(s);
3524 }
e3007e66 3525
862c9280 3526 /* end of DMA ? */
e3007e66 3527
862c9280
AJ		 3528 if (io->len == 0) {
3529 io->dma_end(io);
3530 return;
3531 }
e3007e66 3532
862c9280 3533 /* launch next transfer */
e3007e66 3534
862c9280
AJ		 3535 s->io_buffer_index = 0;
3536 s->io_buffer_size = io->len;
e3007e66 3537
862c9280
AJ		 3538 qemu_sglist_init(&s->sg, io->len / TARGET_PAGE_SIZE + 1);
3539 qemu_sglist_add(&s->sg, io->addr, io->len);
3540 io->addr += io->len;
3541 io->len = 0;
e3007e66 3542
862c9280
AJ		 3543 if (s->is_read)
3544 m->aiocb = dma_bdrv_read(s->bs, &s->sg, sector_num,
3545 pmac_ide_transfer_cb, io);
3546 else
3547 m->aiocb = dma_bdrv_write(s->bs, &s->sg, sector_num,
3548 pmac_ide_transfer_cb, io);
3549 if (!m->aiocb)
3550 pmac_ide_transfer_cb(io, -1);
3551}
e3007e66 3552
862c9280
AJ		 3553static void pmac_ide_transfer(DBDMA_io *io)
3554{
3555 MACIOIDEState *m = io->opaque;
3556 IDEState *s = m->ide_if->cur_drive;
b42ec42d 3557
862c9280
AJ		 3558 s->io_buffer_size = 0;
3559 if (s->is_cdrom) {
3560 pmac_ide_atapi_transfer_cb(io, 0);
3561 return;
e3007e66
AJ		 3562 }
3563
862c9280
AJ		 3564 pmac_ide_transfer_cb(io, 0);
3565}
3566
3567static void pmac_ide_flush(DBDMA_io *io)
3568{
3569 MACIOIDEState *m = io->opaque;
3570
3571 if (m->aiocb)
3572 qemu_aio_flush();
e3007e66
AJ		 3573}
3574
1ade1de2
FB		 3575/* PowerMac IDE memory IO */
3576static void pmac_ide_writeb (void *opaque,
3577 target_phys_addr_t addr, uint32_t val)
3578{
e3007e66
AJ		 3579 MACIOIDEState *d = opaque;
3580
5fafdf24 3581 addr = (addr & 0xFFF) >> 4;
1ade1de2
FB		 3582 switch (addr) {
3583 case 1 ... 7:
e3007e66 3584 ide_ioport_write(d->ide_if, addr, val);
1ade1de2
FB		 3585 break;
3586 case 8:
3587 case 22:
e3007e66 3588 ide_cmd_write(d->ide_if, 0, val);
1ade1de2
FB		 3589 break;
3590 default:
3591 break;
3592 }
3593}
3594
3595static uint32_t pmac_ide_readb (void *opaque,target_phys_addr_t addr)
3596{
3597 uint8_t retval;
e3007e66 3598 MACIOIDEState *d = opaque;
1ade1de2
FB		 3599
3600 addr = (addr & 0xFFF) >> 4;
3601 switch (addr) {
3602 case 1 ... 7:
e3007e66 3603 retval = ide_ioport_read(d->ide_if, addr);
1ade1de2
FB		 3604 break;
3605 case 8:
3606 case 22:
e3007e66 3607 retval = ide_status_read(d->ide_if, 0);
1ade1de2
FB		 3608 break;
3609 default:
3610 retval = 0xFF;
3611 break;
3612 }
3613 return retval;
3614}
3615
3616static void pmac_ide_writew (void *opaque,
3617 target_phys_addr_t addr, uint32_t val)
3618{
e3007e66
AJ		 3619 MACIOIDEState *d = opaque;
3620
5fafdf24 3621 addr = (addr & 0xFFF) >> 4;
1ade1de2
FB		 3622#ifdef TARGET_WORDS_BIGENDIAN
3623 val = bswap16(val);
3624#endif
3625 if (addr == 0) {
e3007e66 3626 ide_data_writew(d->ide_if, 0, val);
1ade1de2
FB		 3627 }
3628}
3629
3630static uint32_t pmac_ide_readw (void *opaque,target_phys_addr_t addr)
3631{
3632 uint16_t retval;
e3007e66 3633 MACIOIDEState *d = opaque;
1ade1de2 3634
5fafdf24 3635 addr = (addr & 0xFFF) >> 4;
1ade1de2 3636 if (addr == 0) {
e3007e66 3637 retval = ide_data_readw(d->ide_if, 0);
1ade1de2
FB		 3638 } else {
3639 retval = 0xFFFF;
3640 }
3641#ifdef TARGET_WORDS_BIGENDIAN
3642 retval = bswap16(retval);
3643#endif
3644 return retval;
3645}
3646
3647static void pmac_ide_writel (void *opaque,
3648 target_phys_addr_t addr, uint32_t val)
3649{
e3007e66
AJ		 3650 MACIOIDEState *d = opaque;
3651
5fafdf24 3652 addr = (addr & 0xFFF) >> 4;
1ade1de2
FB		 3653#ifdef TARGET_WORDS_BIGENDIAN
3654 val = bswap32(val);
3655#endif
3656 if (addr == 0) {
e3007e66 3657 ide_data_writel(d->ide_if, 0, val);
1ade1de2
FB		 3658 }
3659}
3660
3661static uint32_t pmac_ide_readl (void *opaque,target_phys_addr_t addr)
3662{
3663 uint32_t retval;
e3007e66 3664 MACIOIDEState *d = opaque;
1ade1de2 3665
5fafdf24 3666 addr = (addr & 0xFFF) >> 4;
1ade1de2 3667 if (addr == 0) {
e3007e66 3668 retval = ide_data_readl(d->ide_if, 0);
1ade1de2
FB		 3669 } else {
3670 retval = 0xFFFFFFFF;
3671 }
3672#ifdef TARGET_WORDS_BIGENDIAN
3673 retval = bswap32(retval);
3674#endif
3675 return retval;
3676}
3677
3678static CPUWriteMemoryFunc *pmac_ide_write[] = {
3679 pmac_ide_writeb,
3680 pmac_ide_writew,
3681 pmac_ide_writel,
3682};
3683
3684static CPUReadMemoryFunc *pmac_ide_read[] = {
3685 pmac_ide_readb,
3686 pmac_ide_readw,
3687 pmac_ide_readl,
3688};
3689
9b64997f
BS		 3690static void pmac_ide_save(QEMUFile *f, void *opaque)
3691{
e3007e66
AJ		 3692 MACIOIDEState *d = opaque;
3693 IDEState *s = d->ide_if;
9b64997f
BS		 3694 uint8_t drive1_selected;
3695 unsigned int i;
3696
3697 /* per IDE interface data */
3698 qemu_put_8s(f, &s->cmd);
3699 drive1_selected = (s->cur_drive != s);
3700 qemu_put_8s(f, &drive1_selected);
3701
3702 /* per IDE drive data */
3703 for(i = 0; i < 2; i++) {
3704 ide_save(f, &s[i]);
3705 }
3706}
3707
3708static int pmac_ide_load(QEMUFile *f, void *opaque, int version_id)
3709{
e3007e66
AJ		 3710 MACIOIDEState *d = opaque;
3711 IDEState *s = d->ide_if;
9b64997f
BS		 3712 uint8_t drive1_selected;
3713 unsigned int i;
3714
3715 if (version_id != 1)
3716 return -EINVAL;
3717
3718 /* per IDE interface data */
3719 qemu_get_8s(f, &s->cmd);
3720 qemu_get_8s(f, &drive1_selected);
3721 s->cur_drive = &s[(drive1_selected != 0)];
3722
3723 /* per IDE drive data */
3724 for(i = 0; i < 2; i++) {
3725 ide_load(f, &s[i]);
3726 }
3727 return 0;
3728}
3729
6e6b7363
BS		 3730static void pmac_ide_reset(void *opaque)
3731{
e3007e66
AJ		 3732 MACIOIDEState *d = opaque;
3733 IDEState *s = d->ide_if;
6e6b7363
BS		 3734
3735 ide_reset(&s[0]);
3736 ide_reset(&s[1]);
3737}
3738
1ade1de2
FB		 3739/* hd_table must contain 4 block drivers */
3740/* PowerMac uses memory mapped registers, not I/O. Return the memory
3741 I/O index to access the ide. */
e3007e66
AJ		 3742int pmac_ide_init (BlockDriverState **hd_table, qemu_irq irq,
3743 void *dbdma, int channel, qemu_irq dma_irq)
1ade1de2 3744{
e3007e66 3745 MACIOIDEState *d;
1ade1de2
FB		 3746 int pmac_ide_memory;
3747
e3007e66
AJ		 3748 d = qemu_mallocz(sizeof(MACIOIDEState));
3749 ide_init2(d->ide_if, hd_table[0], hd_table[1], irq);
3750
b42ec42d 3751 if (dbdma)
862c9280 3752 DBDMA_register_channel(dbdma, channel, dma_irq, pmac_ide_transfer, pmac_ide_flush, d);
3b46e624 3753
1eed09cb 3754 pmac_ide_memory = cpu_register_io_memory(pmac_ide_read,
e3007e66
AJ		 3755 pmac_ide_write, d);
3756 register_savevm("ide", 0, 1, pmac_ide_save, pmac_ide_load, d);
8217606e 3757 qemu_register_reset(pmac_ide_reset, 0, d);
e3007e66
AJ		 3758 pmac_ide_reset(d);
3759
1ade1de2
FB		 3760 return pmac_ide_memory;
3761}
e3007e66 3762#endif /* TARGET_PPC */
201a51fc 3763
a4a771c0
AZ		 3764/***********************************************************/
3765/* MMIO based ide port
3766 * This emulates IDE device connected directly to the CPU bus without
3767 * dedicated ide controller, which is often seen on embedded boards.
3768 */
3769
3770typedef struct {
3771 void *dev;
3772 int shift;
3773} MMIOState;
3774
3775static uint32_t mmio_ide_read (void *opaque, target_phys_addr_t addr)
3776{
3777 MMIOState *s = (MMIOState*)opaque;
3778 IDEState *ide = (IDEState*)s->dev;
3779 addr >>= s->shift;
3780 if (addr & 7)
3781 return ide_ioport_read(ide, addr);
3782 else
3783 return ide_data_readw(ide, 0);
3784}
3785
3786static void mmio_ide_write (void *opaque, target_phys_addr_t addr,
3787 uint32_t val)
3788{
3789 MMIOState *s = (MMIOState*)opaque;
3790 IDEState *ide = (IDEState*)s->dev;
3791 addr >>= s->shift;
3792 if (addr & 7)
3793 ide_ioport_write(ide, addr, val);
3794 else
3795 ide_data_writew(ide, 0, val);
3796}
3797
3798static CPUReadMemoryFunc *mmio_ide_reads[] = {
3799 mmio_ide_read,
3800 mmio_ide_read,
3801 mmio_ide_read,
3802};
3803
3804static CPUWriteMemoryFunc *mmio_ide_writes[] = {
3805 mmio_ide_write,
3806 mmio_ide_write,
3807 mmio_ide_write,
3808};
3809
3810static uint32_t mmio_ide_status_read (void *opaque, target_phys_addr_t addr)
3811{
3812 MMIOState *s= (MMIOState*)opaque;
3813 IDEState *ide = (IDEState*)s->dev;
3814 return ide_status_read(ide, 0);
3815}
3816
3817static void mmio_ide_cmd_write (void *opaque, target_phys_addr_t addr,
3818 uint32_t val)
3819{
3820 MMIOState *s = (MMIOState*)opaque;
3821 IDEState *ide = (IDEState*)s->dev;
3822 ide_cmd_write(ide, 0, val);
3823}
3824
3825static CPUReadMemoryFunc *mmio_ide_status[] = {
3826 mmio_ide_status_read,
3827 mmio_ide_status_read,
3828 mmio_ide_status_read,
3829};
3830
3831static CPUWriteMemoryFunc *mmio_ide_cmd[] = {
3832 mmio_ide_cmd_write,
3833 mmio_ide_cmd_write,
3834 mmio_ide_cmd_write,
3835};
3836
3837void mmio_ide_init (target_phys_addr_t membase, target_phys_addr_t membase2,
3838 qemu_irq irq, int shift,
3839 BlockDriverState *hd0, BlockDriverState *hd1)
3840{
3841 MMIOState *s = qemu_mallocz(sizeof(MMIOState));
3842 IDEState *ide = qemu_mallocz(sizeof(IDEState) * 2);
3843 int mem1, mem2;
3844
3845 ide_init2(ide, hd0, hd1, irq);
3846
3847 s->dev = ide;
3848 s->shift = shift;
3849
1eed09cb
AK		 3850 mem1 = cpu_register_io_memory(mmio_ide_reads, mmio_ide_writes, s);
3851 mem2 = cpu_register_io_memory(mmio_ide_status, mmio_ide_cmd, s);
a4a771c0
AZ		 3852 cpu_register_physical_memory(membase, 16 << shift, mem1);
3853 cpu_register_physical_memory(membase2, 2 << shift, mem2);
3854}
3855
201a51fc
AZ		 3856/***********************************************************/
3857/* CF-ATA Microdrive */
3858
3859#define METADATA_SIZE 0x20
3860
3861/* DSCM-1XXXX Microdrive hard disk with CF+ II / PCMCIA interface. */
bc24a225 3862typedef struct {
201a51fc 3863 IDEState ide[2];
bc24a225 3864 PCMCIACardState card;
201a51fc
AZ		 3865 uint32_t attr_base;
3866 uint32_t io_base;
3867
3868 /* Card state */
3869 uint8_t opt;
3870 uint8_t stat;
3871 uint8_t pins;
3872
3873 uint8_t ctrl;
3874 uint16_t io;
3875 int cycle;
bc24a225 3876} MicroDriveState;
201a51fc
AZ		 3877
3878/* Register bitfields */
3879enum md_opt {
3880 OPT_MODE_MMAP = 0,
3881 OPT_MODE_IOMAP16 = 1,
3882 OPT_MODE_IOMAP1 = 2,
3883 OPT_MODE_IOMAP2 = 3,
3884 OPT_MODE = 0x3f,
3885 OPT_LEVIREQ = 0x40,
3886 OPT_SRESET = 0x80,
3887};
3888enum md_cstat {
3889 STAT_INT = 0x02,
3890 STAT_PWRDWN = 0x04,
3891 STAT_XE = 0x10,
3892 STAT_IOIS8 = 0x20,
3893 STAT_SIGCHG = 0x40,
3894 STAT_CHANGED = 0x80,
3895};
3896enum md_pins {
3897 PINS_MRDY = 0x02,
3898 PINS_CRDY = 0x20,
3899};
3900enum md_ctrl {
3901 CTRL_IEN = 0x02,
3902 CTRL_SRST = 0x04,
3903};
3904
bc24a225 3905static inline void md_interrupt_update(MicroDriveState *s)
201a51fc
AZ		 3906{
3907 if (!s->card.slot)
3908 return;
3909
3910 qemu_set_irq(s->card.slot->irq,
3911 !(s->stat & STAT_INT) && /* Inverted */
3912 !(s->ctrl & (CTRL_IEN | CTRL_SRST)) &&
3913 !(s->opt & OPT_SRESET));
3914}
3915
3916static void md_set_irq(void *opaque, int irq, int level)
3917{
bc24a225 3918 MicroDriveState *s = (MicroDriveState *) opaque;
201a51fc
AZ		 3919 if (level)
3920 s->stat |= STAT_INT;
3921 else
3922 s->stat &= ~STAT_INT;
3923
3924 md_interrupt_update(s);
3925}
3926
bc24a225 3927static void md_reset(MicroDriveState *s)
201a51fc
AZ		 3928{
3929 s->opt = OPT_MODE_MMAP;
3930 s->stat = 0;
3931 s->pins = 0;
3932 s->cycle = 0;
3933 s->ctrl = 0;
3934 ide_reset(s->ide);
3935}
3936
9e315fa9 3937static uint8_t md_attr_read(void *opaque, uint32_t at)
201a51fc 3938{
bc24a225 3939 MicroDriveState *s = (MicroDriveState *) opaque;
201a51fc
AZ		 3940 if (at < s->attr_base) {
3941 if (at < s->card.cis_len)
3942 return s->card.cis[at];
3943 else
3944 return 0x00;
3945 }
3946
3947 at -= s->attr_base;
3948
3949 switch (at) {
3950 case 0x00: /* Configuration Option Register */
3951 return s->opt;
3952 case 0x02: /* Card Configuration Status Register */
3953 if (s->ctrl & CTRL_IEN)
3954 return s->stat & ~STAT_INT;
3955 else
3956 return s->stat;
3957 case 0x04: /* Pin Replacement Register */
3958 return (s->pins & PINS_CRDY) | 0x0c;
3959 case 0x06: /* Socket and Copy Register */
3960 return 0x00;
3961#ifdef VERBOSE
3962 default:
3963 printf("%s: Bad attribute space register %02x\n", __FUNCTION__, at);
3964#endif
3965 }
3966
3967 return 0;
3968}
3969
9e315fa9 3970static void md_attr_write(void *opaque, uint32_t at, uint8_t value)
201a51fc 3971{
bc24a225 3972 MicroDriveState *s = (MicroDriveState *) opaque;
201a51fc
AZ		 3973 at -= s->attr_base;
3974
3975 switch (at) {
3976 case 0x00: /* Configuration Option Register */
3977 s->opt = value & 0xcf;
3978 if (value & OPT_SRESET)
3979 md_reset(s);
3980 md_interrupt_update(s);
3981 break;
3982 case 0x02: /* Card Configuration Status Register */
3983 if ((s->stat ^ value) & STAT_PWRDWN)
3984 s->pins |= PINS_CRDY;
3985 s->stat &= 0x82;
3986 s->stat |= value & 0x74;
3987 md_interrupt_update(s);
3988 /* Word 170 in Identify Device must be equal to STAT_XE */
3989 break;
3990 case 0x04: /* Pin Replacement Register */
3991 s->pins &= PINS_CRDY;
3992 s->pins |= value & PINS_MRDY;
3993 break;
3994 case 0x06: /* Socket and Copy Register */
3995 break;
3996 default:
3997 printf("%s: Bad attribute space register %02x\n", __FUNCTION__, at);
3998 }
3999}
4000
9e315fa9 4001static uint16_t md_common_read(void *opaque, uint32_t at)
201a51fc 4002{
bc24a225 4003 MicroDriveState *s = (MicroDriveState *) opaque;
201a51fc
AZ		 4004 uint16_t ret;
4005 at -= s->io_base;
4006
4007 switch (s->opt & OPT_MODE) {
4008 case OPT_MODE_MMAP:
4009 if ((at & ~0x3ff) == 0x400)
4010 at = 0;
4011 break;
4012 case OPT_MODE_IOMAP16:
4013 at &= 0xf;
4014 break;
4015 case OPT_MODE_IOMAP1:
4016 if ((at & ~0xf) == 0x3f0)
4017 at -= 0x3e8;
4018 else if ((at & ~0xf) == 0x1f0)
4019 at -= 0x1f0;
4020 break;
4021 case OPT_MODE_IOMAP2:
4022 if ((at & ~0xf) == 0x370)
4023 at -= 0x368;
4024 else if ((at & ~0xf) == 0x170)
4025 at -= 0x170;
4026 }
4027
4028 switch (at) {
4029 case 0x0: /* Even RD Data */
4030 case 0x8:
4031 return ide_data_readw(s->ide, 0);
4032
4033 /* TODO: 8-bit accesses */
4034 if (s->cycle)
4035 ret = s->io >> 8;
4036 else {
4037 s->io = ide_data_readw(s->ide, 0);
4038 ret = s->io & 0xff;
4039 }
4040 s->cycle = !s->cycle;
4041 return ret;
4042 case 0x9: /* Odd RD Data */
4043 return s->io >> 8;
4044 case 0xd: /* Error */
4045 return ide_ioport_read(s->ide, 0x1);
4046 case 0xe: /* Alternate Status */
4047 if (s->ide->cur_drive->bs)
4048 return s->ide->cur_drive->status;
4049 else
4050 return 0;
4051 case 0xf: /* Device Address */
4052 return 0xc2 | ((~s->ide->select << 2) & 0x3c);
4053 default:
4054 return ide_ioport_read(s->ide, at);
4055 }
4056
4057 return 0;
4058}
4059
9e315fa9 4060static void md_common_write(void *opaque, uint32_t at, uint16_t value)
201a51fc 4061{
bc24a225 4062 MicroDriveState *s = (MicroDriveState *) opaque;
201a51fc
AZ		 4063 at -= s->io_base;
4064
4065 switch (s->opt & OPT_MODE) {
4066 case OPT_MODE_MMAP:
4067 if ((at & ~0x3ff) == 0x400)
4068 at = 0;
4069 break;
4070 case OPT_MODE_IOMAP16:
4071 at &= 0xf;
4072 break;
4073 case OPT_MODE_IOMAP1:
4074 if ((at & ~0xf) == 0x3f0)
4075 at -= 0x3e8;
4076 else if ((at & ~0xf) == 0x1f0)
4077 at -= 0x1f0;
4078 break;
4079 case OPT_MODE_IOMAP2:
4080 if ((at & ~0xf) == 0x370)
4081 at -= 0x368;
4082 else if ((at & ~0xf) == 0x170)
4083 at -= 0x170;
4084 }
4085
4086 switch (at) {
4087 case 0x0: /* Even WR Data */
4088 case 0x8:
4089 ide_data_writew(s->ide, 0, value);
4090 break;
4091
4092 /* TODO: 8-bit accesses */
4093 if (s->cycle)
4094 ide_data_writew(s->ide, 0, s->io | (value << 8));
4095 else
4096 s->io = value & 0xff;
4097 s->cycle = !s->cycle;
4098 break;
4099 case 0x9:
4100 s->io = value & 0xff;
4101 s->cycle = !s->cycle;
4102 break;
4103 case 0xd: /* Features */
4104 ide_ioport_write(s->ide, 0x1, value);
4105 break;
4106 case 0xe: /* Device Control */
4107 s->ctrl = value;
4108 if (value & CTRL_SRST)
4109 md_reset(s);
4110 md_interrupt_update(s);
4111 break;
4112 default:
4113 if (s->stat & STAT_PWRDWN) {
4114 s->pins |= PINS_CRDY;
4115 s->stat &= ~STAT_PWRDWN;
4116 }
4117 ide_ioport_write(s->ide, at, value);
4118 }
4119}
4120
aa941b94
AZ		 4121static void md_save(QEMUFile *f, void *opaque)
4122{
bc24a225 4123 MicroDriveState *s = (MicroDriveState *) opaque;
aa941b94
AZ		 4124 int i;
4125 uint8_t drive1_selected;
4126
4127 qemu_put_8s(f, &s->opt);
4128 qemu_put_8s(f, &s->stat);
4129 qemu_put_8s(f, &s->pins);
4130
4131 qemu_put_8s(f, &s->ctrl);
4132 qemu_put_be16s(f, &s->io);
4133 qemu_put_byte(f, s->cycle);
4134
4135 drive1_selected = (s->ide->cur_drive != s->ide);
4136 qemu_put_8s(f, &s->ide->cmd);
4137 qemu_put_8s(f, &drive1_selected);
4138
4139 for (i = 0; i < 2; i ++)
4140 ide_save(f, &s->ide[i]);
4141}
4142
4143static int md_load(QEMUFile *f, void *opaque, int version_id)
4144{
bc24a225 4145 MicroDriveState *s = (MicroDriveState *) opaque;
aa941b94
AZ		 4146 int i;
4147 uint8_t drive1_selected;
4148
4149 qemu_get_8s(f, &s->opt);
4150 qemu_get_8s(f, &s->stat);
4151 qemu_get_8s(f, &s->pins);
4152
4153 qemu_get_8s(f, &s->ctrl);
4154 qemu_get_be16s(f, &s->io);
4155 s->cycle = qemu_get_byte(f);
4156
4157 qemu_get_8s(f, &s->ide->cmd);
4158 qemu_get_8s(f, &drive1_selected);
4159 s->ide->cur_drive = &s->ide[(drive1_selected != 0)];
4160
4161 for (i = 0; i < 2; i ++)
4162 ide_load(f, &s->ide[i]);
4163
4164 return 0;
4165}
4166
201a51fc
AZ		 4167static const uint8_t dscm1xxxx_cis[0x14a] = {
4168 [0x000] = CISTPL_DEVICE, /* 5V Device Information */
4169 [0x002] = 0x03, /* Tuple length = 4 bytes */
4170 [0x004] = 0xdb, /* ID: DTYPE_FUNCSPEC, non WP, DSPEED_150NS */
4171 [0x006] = 0x01, /* Size = 2K bytes */
4172 [0x008] = CISTPL_ENDMARK,
4173
4174 [0x00a] = CISTPL_DEVICE_OC, /* Additional Device Information */
4175 [0x00c] = 0x04, /* Tuple length = 4 byest */
4176 [0x00e] = 0x03, /* Conditions: Ext = 0, Vcc 3.3V, MWAIT = 1 */
4177 [0x010] = 0xdb, /* ID: DTYPE_FUNCSPEC, non WP, DSPEED_150NS */
4178 [0x012] = 0x01, /* Size = 2K bytes */
4179 [0x014] = CISTPL_ENDMARK,
4180
4181 [0x016] = CISTPL_JEDEC_C, /* JEDEC ID */
4182 [0x018] = 0x02, /* Tuple length = 2 bytes */
4183 [0x01a] = 0xdf, /* PC Card ATA with no Vpp required */
4184 [0x01c] = 0x01,
4185
4186 [0x01e] = CISTPL_MANFID, /* Manufacture ID */
4187 [0x020] = 0x04, /* Tuple length = 4 bytes */
4188 [0x022] = 0xa4, /* TPLMID_MANF = 00a4 (IBM) */
4189 [0x024] = 0x00,
4190 [0x026] = 0x00, /* PLMID_CARD = 0000 */
4191 [0x028] = 0x00,
4192
4193 [0x02a] = CISTPL_VERS_1, /* Level 1 Version */
4194 [0x02c] = 0x12, /* Tuple length = 23 bytes */
4195 [0x02e] = 0x04, /* Major Version = JEIDA 4.2 / PCMCIA 2.1 */
4196 [0x030] = 0x01, /* Minor Version = 1 */
4197 [0x032] = 'I',
4198 [0x034] = 'B',
4199 [0x036] = 'M',
4200 [0x038] = 0x00,
4201 [0x03a] = 'm',
4202 [0x03c] = 'i',
4203 [0x03e] = 'c',
4204 [0x040] = 'r',
4205 [0x042] = 'o',
4206 [0x044] = 'd',
4207 [0x046] = 'r',
4208 [0x048] = 'i',
4209 [0x04a] = 'v',
4210 [0x04c] = 'e',
4211 [0x04e] = 0x00,
4212 [0x050] = CISTPL_ENDMARK,
4213
4214 [0x052] = CISTPL_FUNCID, /* Function ID */
4215 [0x054] = 0x02, /* Tuple length = 2 bytes */
4216 [0x056] = 0x04, /* TPLFID_FUNCTION = Fixed Disk */
4217 [0x058] = 0x01, /* TPLFID_SYSINIT: POST = 1, ROM = 0 */
4218
4219 [0x05a] = CISTPL_FUNCE, /* Function Extension */
4220 [0x05c] = 0x02, /* Tuple length = 2 bytes */
4221 [0x05e] = 0x01, /* TPLFE_TYPE = Disk Device Interface */
4222 [0x060] = 0x01, /* TPLFE_DATA = PC Card ATA Interface */
4223
4224 [0x062] = CISTPL_FUNCE, /* Function Extension */
4225 [0x064] = 0x03, /* Tuple length = 3 bytes */
4226 [0x066] = 0x02, /* TPLFE_TYPE = Basic PC Card ATA Interface */
4227 [0x068] = 0x08, /* TPLFE_DATA: Rotating, Unique, Single */
4228 [0x06a] = 0x0f, /* TPLFE_DATA: Sleep, Standby, Idle, Auto */
4229
4230 [0x06c] = CISTPL_CONFIG, /* Configuration */
4231 [0x06e] = 0x05, /* Tuple length = 5 bytes */
4232 [0x070] = 0x01, /* TPCC_RASZ = 2 bytes, TPCC_RMSZ = 1 byte */
4233 [0x072] = 0x07, /* TPCC_LAST = 7 */
4234 [0x074] = 0x00, /* TPCC_RADR = 0200 */
4235 [0x076] = 0x02,
4236 [0x078] = 0x0f, /* TPCC_RMSK = 200, 202, 204, 206 */
4237
4238 [0x07a] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
4239 [0x07c] = 0x0b, /* Tuple length = 11 bytes */
4240 [0x07e] = 0xc0, /* TPCE_INDX = Memory Mode, Default, Iface */
4241 [0x080] = 0xc0, /* TPCE_IF = Memory, no BVDs, no WP, READY */
4242 [0x082] = 0xa1, /* TPCE_FS = Vcc only, no I/O, Memory, Misc */
4243 [0x084] = 0x27, /* NomV = 1, MinV = 1, MaxV = 1, Peakl = 1 */
4244 [0x086] = 0x55, /* NomV: 5.0 V */
4245 [0x088] = 0x4d, /* MinV: 4.5 V */
4246 [0x08a] = 0x5d, /* MaxV: 5.5 V */
4247 [0x08c] = 0x4e, /* Peakl: 450 mA */
4248 [0x08e] = 0x08, /* TPCE_MS = 1 window, 1 byte, Host address */
4249 [0x090] = 0x00, /* Window descriptor: Window length = 0 */
4250 [0x092] = 0x20, /* TPCE_MI: support power down mode, RW */
4251
4252 [0x094] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
4253 [0x096] = 0x06, /* Tuple length = 6 bytes */
4254 [0x098] = 0x00, /* TPCE_INDX = Memory Mode, no Default */
4255 [0x09a] = 0x01, /* TPCE_FS = Vcc only, no I/O, no Memory */
4256 [0x09c] = 0x21, /* NomV = 1, MinV = 0, MaxV = 0, Peakl = 1 */
4257 [0x09e] = 0xb5, /* NomV: 3.3 V */
4258 [0x0a0] = 0x1e,
4259 [0x0a2] = 0x3e, /* Peakl: 350 mA */
4260
4261 [0x0a4] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
4262 [0x0a6] = 0x0d, /* Tuple length = 13 bytes */
4263 [0x0a8] = 0xc1, /* TPCE_INDX = I/O and Memory Mode, Default */
4264 [0x0aa] = 0x41, /* TPCE_IF = I/O and Memory, no BVD, no WP */
4265 [0x0ac] = 0x99, /* TPCE_FS = Vcc only, I/O, Interrupt, Misc */
4266 [0x0ae] = 0x27, /* NomV = 1, MinV = 1, MaxV = 1, Peakl = 1 */
4267 [0x0b0] = 0x55, /* NomV: 5.0 V */
4268 [0x0b2] = 0x4d, /* MinV: 4.5 V */
4269 [0x0b4] = 0x5d, /* MaxV: 5.5 V */
4270 [0x0b6] = 0x4e, /* Peakl: 450 mA */
4271 [0x0b8] = 0x64, /* TPCE_IO = 16-byte boundary, 16/8 accesses */
4272 [0x0ba] = 0xf0, /* TPCE_IR = MASK, Level, Pulse, Share */
4273 [0x0bc] = 0xff, /* IRQ0..IRQ7 supported */
4274 [0x0be] = 0xff, /* IRQ8..IRQ15 supported */
4275 [0x0c0] = 0x20, /* TPCE_MI = support power down mode */
4276
4277 [0x0c2] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
4278 [0x0c4] = 0x06, /* Tuple length = 6 bytes */
4279 [0x0c6] = 0x01, /* TPCE_INDX = I/O and Memory Mode */
4280 [0x0c8] = 0x01, /* TPCE_FS = Vcc only, no I/O, no Memory */
4281 [0x0ca] = 0x21, /* NomV = 1, MinV = 0, MaxV = 0, Peakl = 1 */
4282 [0x0cc] = 0xb5, /* NomV: 3.3 V */
4283 [0x0ce] = 0x1e,
4284 [0x0d0] = 0x3e, /* Peakl: 350 mA */
4285
4286 [0x0d2] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
4287 [0x0d4] = 0x12, /* Tuple length = 18 bytes */
4288 [0x0d6] = 0xc2, /* TPCE_INDX = I/O Primary Mode */
4289 [0x0d8] = 0x41, /* TPCE_IF = I/O and Memory, no BVD, no WP */
4290 [0x0da] = 0x99, /* TPCE_FS = Vcc only, I/O, Interrupt, Misc */
4291 [0x0dc] = 0x27, /* NomV = 1, MinV = 1, MaxV = 1, Peakl = 1 */
4292 [0x0de] = 0x55, /* NomV: 5.0 V */
4293 [0x0e0] = 0x4d, /* MinV: 4.5 V */
4294 [0x0e2] = 0x5d, /* MaxV: 5.5 V */
4295 [0x0e4] = 0x4e, /* Peakl: 450 mA */
4296 [0x0e6] = 0xea, /* TPCE_IO = 1K boundary, 16/8 access, Range */
4297 [0x0e8] = 0x61, /* Range: 2 fields, 2 bytes addr, 1 byte len */
4298 [0x0ea] = 0xf0, /* Field 1 address = 0x01f0 */
4299 [0x0ec] = 0x01,
4300 [0x0ee] = 0x07, /* Address block length = 8 */
4301 [0x0f0] = 0xf6, /* Field 2 address = 0x03f6 */
4302 [0x0f2] = 0x03,
4303 [0x0f4] = 0x01, /* Address block length = 2 */
4304 [0x0f6] = 0xee, /* TPCE_IR = IRQ E, Level, Pulse, Share */
4305 [0x0f8] = 0x20, /* TPCE_MI = support power down mode */
4306
4307 [0x0fa] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
4308 [0x0fc] = 0x06, /* Tuple length = 6 bytes */
4309 [0x0fe] = 0x02, /* TPCE_INDX = I/O Primary Mode, no Default */
4310 [0x100] = 0x01, /* TPCE_FS = Vcc only, no I/O, no Memory */
4311 [0x102] = 0x21, /* NomV = 1, MinV = 0, MaxV = 0, Peakl = 1 */
4312 [0x104] = 0xb5, /* NomV: 3.3 V */
4313 [0x106] = 0x1e,
4314 [0x108] = 0x3e, /* Peakl: 350 mA */
4315
4316 [0x10a] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
4317 [0x10c] = 0x12, /* Tuple length = 18 bytes */
4318 [0x10e] = 0xc3, /* TPCE_INDX = I/O Secondary Mode, Default */
4319 [0x110] = 0x41, /* TPCE_IF = I/O and Memory, no BVD, no WP */
4320 [0x112] = 0x99, /* TPCE_FS = Vcc only, I/O, Interrupt, Misc */
4321 [0x114] = 0x27, /* NomV = 1, MinV = 1, MaxV = 1, Peakl = 1 */
4322 [0x116] = 0x55, /* NomV: 5.0 V */
4323 [0x118] = 0x4d, /* MinV: 4.5 V */
4324 [0x11a] = 0x5d, /* MaxV: 5.5 V */
4325 [0x11c] = 0x4e, /* Peakl: 450 mA */
4326 [0x11e] = 0xea, /* TPCE_IO = 1K boundary, 16/8 access, Range */
4327 [0x120] = 0x61, /* Range: 2 fields, 2 byte addr, 1 byte len */
4328 [0x122] = 0x70, /* Field 1 address = 0x0170 */
4329 [0x124] = 0x01,
4330 [0x126] = 0x07, /* Address block length = 8 */
4331 [0x128] = 0x76, /* Field 2 address = 0x0376 */
4332 [0x12a] = 0x03,
4333 [0x12c] = 0x01, /* Address block length = 2 */
4334 [0x12e] = 0xee, /* TPCE_IR = IRQ E, Level, Pulse, Share */
4335 [0x130] = 0x20, /* TPCE_MI = support power down mode */
4336
4337 [0x132] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
4338 [0x134] = 0x06, /* Tuple length = 6 bytes */
4339 [0x136] = 0x03, /* TPCE_INDX = I/O Secondary Mode */
4340 [0x138] = 0x01, /* TPCE_FS = Vcc only, no I/O, no Memory */
4341 [0x13a] = 0x21, /* NomV = 1, MinV = 0, MaxV = 0, Peakl = 1 */
4342 [0x13c] = 0xb5, /* NomV: 3.3 V */
4343 [0x13e] = 0x1e,
4344 [0x140] = 0x3e, /* Peakl: 350 mA */
4345
4346 [0x142] = CISTPL_NO_LINK, /* No Link */
4347 [0x144] = 0x00, /* Tuple length = 0 bytes */
4348
4349 [0x146] = CISTPL_END, /* Tuple End */
4350};
4351
4352static int dscm1xxxx_attach(void *opaque)
4353{
bc24a225 4354 MicroDriveState *md = (MicroDriveState *) opaque;
201a51fc
AZ		 4355 md->card.attr_read = md_attr_read;
4356 md->card.attr_write = md_attr_write;
4357 md->card.common_read = md_common_read;
4358 md->card.common_write = md_common_write;
4359 md->card.io_read = md_common_read;
4360 md->card.io_write = md_common_write;
4361
4362 md->attr_base = md->card.cis[0x74] | (md->card.cis[0x76] << 8);
4363 md->io_base = 0x0;
4364
4365 md_reset(md);
4366 md_interrupt_update(md);
4367
4368 md->card.slot->card_string = "DSCM-1xxxx Hitachi Microdrive";
4369 return 0;
4370}
4371
4372static int dscm1xxxx_detach(void *opaque)
4373{
bc24a225 4374 MicroDriveState *md = (MicroDriveState *) opaque;
201a51fc
AZ		 4375 md_reset(md);
4376 return 0;
4377}
4378
bc24a225 4379PCMCIACardState *dscm1xxxx_init(BlockDriverState *bdrv)
201a51fc 4380{
bc24a225 4381 MicroDriveState *md = (MicroDriveState *) qemu_mallocz(sizeof(MicroDriveState));
201a51fc
AZ		 4382 md->card.state = md;
4383 md->card.attach = dscm1xxxx_attach;
4384 md->card.detach = dscm1xxxx_detach;
4385 md->card.cis = dscm1xxxx_cis;
4386 md->card.cis_len = sizeof(dscm1xxxx_cis);
4387
4388 ide_init2(md->ide, bdrv, 0, qemu_allocate_irqs(md_set_irq, md, 1)[0]);
4389 md->ide->is_cf = 1;
4390 md->ide->mdata_size = METADATA_SIZE;
4391 md->ide->mdata_storage = (uint8_t *) qemu_mallocz(METADATA_SIZE);
aa941b94 4392
18be5187 4393 register_savevm("microdrive", -1, 0, md_save, md_load, md);
aa941b94 4394
201a51fc
AZ		 4395 return &md->card;
4396}
Qemu copy for testing