]> git.proxmox.com Git - mirror_qemu.git/blame - hw/ide.c
projects / mirror_qemu.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Add PowerPC 64 target for tests.
[mirror_qemu.git] / hw / ide.c
CommitLineData
5391d806
FB		 1/*
2 * QEMU IDE disk and CD-ROM Emulator
3 *
4 * Copyright (c) 2003 Fabrice Bellard
5 *
6 * Permission is hereby granted, free of charge, to any person obtaining a copy
7 * of this software and associated documentation files (the "Software"), to deal
8 * in the Software without restriction, including without limitation the rights
9 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
10 * copies of the Software, and to permit persons to whom the Software is
11 * furnished to do so, subject to the following conditions:
12 *
13 * The above copyright notice and this permission notice shall be included in
14 * all copies or substantial portions of the Software.
15 *
16 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
17 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
18 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
19 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
20 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
21 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
22 * THE SOFTWARE.
23 */
5391d806
FB		 24#include "vl.h"
25
5391d806
FB		 26/* debug IDE devices */
27//#define DEBUG_IDE
28//#define DEBUG_IDE_ATAPI
8ccad811
FB		 29//#define DEBUG_AIO
30#define USE_DMA_CDROM
5391d806
FB		 31
32/* Bits of HD_STATUS */
33#define ERR_STAT 0x01
34#define INDEX_STAT 0x02
35#define ECC_STAT 0x04 /* Corrected error */
36#define DRQ_STAT 0x08
37#define SEEK_STAT 0x10
38#define SRV_STAT 0x10
39#define WRERR_STAT 0x20
40#define READY_STAT 0x40
41#define BUSY_STAT 0x80
42
43/* Bits for HD_ERROR */
44#define MARK_ERR 0x01 /* Bad address mark */
45#define TRK0_ERR 0x02 /* couldn't find track 0 */
46#define ABRT_ERR 0x04 /* Command aborted */
47#define MCR_ERR 0x08 /* media change request */
48#define ID_ERR 0x10 /* ID field not found */
49#define MC_ERR 0x20 /* media changed */
50#define ECC_ERR 0x40 /* Uncorrectable ECC error */
51#define BBD_ERR 0x80 /* pre-EIDE meaning: block marked bad */
52#define ICRC_ERR 0x80 /* new meaning: CRC error during transfer */
53
54/* Bits of HD_NSECTOR */
55#define CD 0x01
56#define IO 0x02
57#define REL 0x04
58#define TAG_MASK 0xf8
59
60#define IDE_CMD_RESET 0x04
61#define IDE_CMD_DISABLE_IRQ 0x02
62
63/* ATA/ATAPI Commands pre T13 Spec */
64#define WIN_NOP 0x00
65/*
66 * 0x01->0x02 Reserved
67 */
68#define CFA_REQ_EXT_ERROR_CODE 0x03 /* CFA Request Extended Error Code */
69/*
70 * 0x04->0x07 Reserved
71 */
72#define WIN_SRST 0x08 /* ATAPI soft reset command */
73#define WIN_DEVICE_RESET 0x08
74/*
75 * 0x09->0x0F Reserved
76 */
77#define WIN_RECAL 0x10
78#define WIN_RESTORE WIN_RECAL
79/*
80 * 0x10->0x1F Reserved
81 */
82#define WIN_READ 0x20 /* 28-Bit */
83#define WIN_READ_ONCE 0x21 /* 28-Bit without retries */
84#define WIN_READ_LONG 0x22 /* 28-Bit */
85#define WIN_READ_LONG_ONCE 0x23 /* 28-Bit without retries */
86#define WIN_READ_EXT 0x24 /* 48-Bit */
87#define WIN_READDMA_EXT 0x25 /* 48-Bit */
88#define WIN_READDMA_QUEUED_EXT 0x26 /* 48-Bit */
89#define WIN_READ_NATIVE_MAX_EXT 0x27 /* 48-Bit */
90/*
91 * 0x28
92 */
93#define WIN_MULTREAD_EXT 0x29 /* 48-Bit */
94/*
95 * 0x2A->0x2F Reserved
96 */
97#define WIN_WRITE 0x30 /* 28-Bit */
98#define WIN_WRITE_ONCE 0x31 /* 28-Bit without retries */
99#define WIN_WRITE_LONG 0x32 /* 28-Bit */
100#define WIN_WRITE_LONG_ONCE 0x33 /* 28-Bit without retries */
101#define WIN_WRITE_EXT 0x34 /* 48-Bit */
102#define WIN_WRITEDMA_EXT 0x35 /* 48-Bit */
103#define WIN_WRITEDMA_QUEUED_EXT 0x36 /* 48-Bit */
104#define WIN_SET_MAX_EXT 0x37 /* 48-Bit */
105#define CFA_WRITE_SECT_WO_ERASE 0x38 /* CFA Write Sectors without erase */
106#define WIN_MULTWRITE_EXT 0x39 /* 48-Bit */
107/*
108 * 0x3A->0x3B Reserved
109 */
110#define WIN_WRITE_VERIFY 0x3C /* 28-Bit */
111/*
112 * 0x3D->0x3F Reserved
113 */
114#define WIN_VERIFY 0x40 /* 28-Bit - Read Verify Sectors */
115#define WIN_VERIFY_ONCE 0x41 /* 28-Bit - without retries */
116#define WIN_VERIFY_EXT 0x42 /* 48-Bit */
117/*
118 * 0x43->0x4F Reserved
119 */
120#define WIN_FORMAT 0x50
121/*
122 * 0x51->0x5F Reserved
123 */
124#define WIN_INIT 0x60
125/*
126 * 0x61->0x5F Reserved
127 */
128#define WIN_SEEK 0x70 /* 0x70-0x7F Reserved */
129#define CFA_TRANSLATE_SECTOR 0x87 /* CFA Translate Sector */
130#define WIN_DIAGNOSE 0x90
131#define WIN_SPECIFY 0x91 /* set drive geometry translation */
132#define WIN_DOWNLOAD_MICROCODE 0x92
133#define WIN_STANDBYNOW2 0x94
134#define WIN_STANDBY2 0x96
135#define WIN_SETIDLE2 0x97
136#define WIN_CHECKPOWERMODE2 0x98
137#define WIN_SLEEPNOW2 0x99
138/*
139 * 0x9A VENDOR
140 */
141#define WIN_PACKETCMD 0xA0 /* Send a packet command. */
142#define WIN_PIDENTIFY 0xA1 /* identify ATAPI device */
143#define WIN_QUEUED_SERVICE 0xA2
144#define WIN_SMART 0xB0 /* self-monitoring and reporting */
145#define CFA_ERASE_SECTORS 0xC0
146#define WIN_MULTREAD 0xC4 /* read sectors using multiple mode*/
147#define WIN_MULTWRITE 0xC5 /* write sectors using multiple mode */
148#define WIN_SETMULT 0xC6 /* enable/disable multiple mode */
149#define WIN_READDMA_QUEUED 0xC7 /* read sectors using Queued DMA transfers */
150#define WIN_READDMA 0xC8 /* read sectors using DMA transfers */
151#define WIN_READDMA_ONCE 0xC9 /* 28-Bit - without retries */
152#define WIN_WRITEDMA 0xCA /* write sectors using DMA transfers */
153#define WIN_WRITEDMA_ONCE 0xCB /* 28-Bit - without retries */
154#define WIN_WRITEDMA_QUEUED 0xCC /* write sectors using Queued DMA transfers */
155#define CFA_WRITE_MULTI_WO_ERASE 0xCD /* CFA Write multiple without erase */
156#define WIN_GETMEDIASTATUS 0xDA
157#define WIN_ACKMEDIACHANGE 0xDB /* ATA-1, ATA-2 vendor */
158#define WIN_POSTBOOT 0xDC
159#define WIN_PREBOOT 0xDD
160#define WIN_DOORLOCK 0xDE /* lock door on removable drives */
161#define WIN_DOORUNLOCK 0xDF /* unlock door on removable drives */
162#define WIN_STANDBYNOW1 0xE0
163#define WIN_IDLEIMMEDIATE 0xE1 /* force drive to become "ready" */
164#define WIN_STANDBY 0xE2 /* Set device in Standby Mode */
165#define WIN_SETIDLE1 0xE3
166#define WIN_READ_BUFFER 0xE4 /* force read only 1 sector */
167#define WIN_CHECKPOWERMODE1 0xE5
168#define WIN_SLEEPNOW1 0xE6
169#define WIN_FLUSH_CACHE 0xE7
170#define WIN_WRITE_BUFFER 0xE8 /* force write only 1 sector */
171#define WIN_WRITE_SAME 0xE9 /* read ata-2 to use */
172 /* SET_FEATURES 0x22 or 0xDD */
173#define WIN_FLUSH_CACHE_EXT 0xEA /* 48-Bit */
174#define WIN_IDENTIFY 0xEC /* ask drive to identify itself */
175#define WIN_MEDIAEJECT 0xED
176#define WIN_IDENTIFY_DMA 0xEE /* same as WIN_IDENTIFY, but DMA */
177#define WIN_SETFEATURES 0xEF /* set special drive features */
178#define EXABYTE_ENABLE_NEST 0xF0
179#define WIN_SECURITY_SET_PASS 0xF1
180#define WIN_SECURITY_UNLOCK 0xF2
181#define WIN_SECURITY_ERASE_PREPARE 0xF3
182#define WIN_SECURITY_ERASE_UNIT 0xF4
183#define WIN_SECURITY_FREEZE_LOCK 0xF5
184#define WIN_SECURITY_DISABLE 0xF6
185#define WIN_READ_NATIVE_MAX 0xF8 /* return the native maximum address */
186#define WIN_SET_MAX 0xF9
187#define DISABLE_SEAGATE 0xFB
188
189/* set to 1 set disable mult support */
f66723fa 190#define MAX_MULT_SECTORS 16
5391d806
FB		 191
192/* ATAPI defines */
193
194#define ATAPI_PACKET_SIZE 12
195
196/* The generic packet command opcodes for CD/DVD Logical Units,
197 * From Table 57 of the SFF8090 Ver. 3 (Mt. Fuji) draft standard. */
198#define GPCMD_BLANK 0xa1
199#define GPCMD_CLOSE_TRACK 0x5b
200#define GPCMD_FLUSH_CACHE 0x35
201#define GPCMD_FORMAT_UNIT 0x04
202#define GPCMD_GET_CONFIGURATION 0x46
203#define GPCMD_GET_EVENT_STATUS_NOTIFICATION 0x4a
204#define GPCMD_GET_PERFORMANCE 0xac
205#define GPCMD_INQUIRY 0x12
206#define GPCMD_LOAD_UNLOAD 0xa6
207#define GPCMD_MECHANISM_STATUS 0xbd
208#define GPCMD_MODE_SELECT_10 0x55
209#define GPCMD_MODE_SENSE_10 0x5a
210#define GPCMD_PAUSE_RESUME 0x4b
211#define GPCMD_PLAY_AUDIO_10 0x45
212#define GPCMD_PLAY_AUDIO_MSF 0x47
213#define GPCMD_PLAY_AUDIO_TI 0x48
214#define GPCMD_PLAY_CD 0xbc
215#define GPCMD_PREVENT_ALLOW_MEDIUM_REMOVAL 0x1e
216#define GPCMD_READ_10 0x28
217#define GPCMD_READ_12 0xa8
218#define GPCMD_READ_CDVD_CAPACITY 0x25
219#define GPCMD_READ_CD 0xbe
220#define GPCMD_READ_CD_MSF 0xb9
221#define GPCMD_READ_DISC_INFO 0x51
222#define GPCMD_READ_DVD_STRUCTURE 0xad
223#define GPCMD_READ_FORMAT_CAPACITIES 0x23
224#define GPCMD_READ_HEADER 0x44
225#define GPCMD_READ_TRACK_RZONE_INFO 0x52
226#define GPCMD_READ_SUBCHANNEL 0x42
227#define GPCMD_READ_TOC_PMA_ATIP 0x43
228#define GPCMD_REPAIR_RZONE_TRACK 0x58
229#define GPCMD_REPORT_KEY 0xa4
230#define GPCMD_REQUEST_SENSE 0x03
231#define GPCMD_RESERVE_RZONE_TRACK 0x53
232#define GPCMD_SCAN 0xba
233#define GPCMD_SEEK 0x2b
234#define GPCMD_SEND_DVD_STRUCTURE 0xad
235#define GPCMD_SEND_EVENT 0xa2
236#define GPCMD_SEND_KEY 0xa3
237#define GPCMD_SEND_OPC 0x54
238#define GPCMD_SET_READ_AHEAD 0xa7
239#define GPCMD_SET_STREAMING 0xb6
240#define GPCMD_START_STOP_UNIT 0x1b
241#define GPCMD_STOP_PLAY_SCAN 0x4e
242#define GPCMD_TEST_UNIT_READY 0x00
243#define GPCMD_VERIFY_10 0x2f
244#define GPCMD_WRITE_10 0x2a
245#define GPCMD_WRITE_AND_VERIFY_10 0x2e
246/* This is listed as optional in ATAPI 2.6, but is (curiously)
247 * missing from Mt. Fuji, Table 57. It _is_ mentioned in Mt. Fuji
248 * Table 377 as an MMC command for SCSi devices though... Most ATAPI
249 * drives support it. */
250#define GPCMD_SET_SPEED 0xbb
251/* This seems to be a SCSI specific CD-ROM opcode
252 * to play data at track/index */
253#define GPCMD_PLAYAUDIO_TI 0x48
254/*
255 * From MS Media Status Notification Support Specification. For
256 * older drives only.
257 */
258#define GPCMD_GET_MEDIA_STATUS 0xda
259
260/* Mode page codes for mode sense/set */
261#define GPMODE_R_W_ERROR_PAGE 0x01
262#define GPMODE_WRITE_PARMS_PAGE 0x05
263#define GPMODE_AUDIO_CTL_PAGE 0x0e
264#define GPMODE_POWER_PAGE 0x1a
265#define GPMODE_FAULT_FAIL_PAGE 0x1c
266#define GPMODE_TO_PROTECT_PAGE 0x1d
267#define GPMODE_CAPABILITIES_PAGE 0x2a
268#define GPMODE_ALL_PAGES 0x3f
269/* Not in Mt. Fuji, but in ATAPI 2.6 -- depricated now in favor
270 * of MODE_SENSE_POWER_PAGE */
271#define GPMODE_CDROM_PAGE 0x0d
272
273#define ATAPI_INT_REASON_CD 0x01 /* 0 = data transfer */
274#define ATAPI_INT_REASON_IO 0x02 /* 1 = transfer to the host */
275#define ATAPI_INT_REASON_REL 0x04
276#define ATAPI_INT_REASON_TAG 0xf8
277
278/* same constants as bochs */
7f777bf3 279#define ASC_ILLEGAL_OPCODE 0x20
5391d806
FB		 280#define ASC_LOGICAL_BLOCK_OOR 0x21
281#define ASC_INV_FIELD_IN_CMD_PACKET 0x24
282#define ASC_MEDIUM_NOT_PRESENT 0x3a
283#define ASC_SAVING_PARAMETERS_NOT_SUPPORTED 0x39
284
285#define SENSE_NONE 0
286#define SENSE_NOT_READY 2
287#define SENSE_ILLEGAL_REQUEST 5
288#define SENSE_UNIT_ATTENTION 6
289
290struct IDEState;
291
292typedef void EndTransferFunc(struct IDEState *);
293
caed8802 294/* NOTE: IDEState represents in fact one drive */
5391d806
FB		 295typedef struct IDEState {
296 /* ide config */
297 int is_cdrom;
5391d806
FB		 298 int cylinders, heads, sectors;
299 int64_t nb_sectors;
300 int mult_sectors;
94458802
FB		 301 int identify_set;
302 uint16_t identify_data[256];
5457c8ce
FB		 303 SetIRQFunc *set_irq;
304 void *irq_opaque;
5391d806 305 int irq;
34e538ae 306 PCIDevice *pci_dev;
98087450 307 struct BMDMAState *bmdma;
aedf5382 308 int drive_serial;
5391d806
FB		 309 /* ide regs */
310 uint8_t feature;
311 uint8_t error;
c2ff060f 312 uint32_t nsector;
5391d806
FB		 313 uint8_t sector;
314 uint8_t lcyl;
315 uint8_t hcyl;
c2ff060f
FB		 316 /* other part of tf for lba48 support */
317 uint8_t hob_feature;
318 uint8_t hob_nsector;
319 uint8_t hob_sector;
320 uint8_t hob_lcyl;
321 uint8_t hob_hcyl;
322
5391d806
FB		 323 uint8_t select;
324 uint8_t status;
c2ff060f 325
5391d806
FB		 326 /* 0x3f6 command, only meaningful for drive 0 */
327 uint8_t cmd;
c2ff060f
FB		 328 /* set for lba48 access */
329 uint8_t lba48;
5391d806
FB		 330 /* depends on bit 4 in select, only meaningful for drive 0 */
331 struct IDEState *cur_drive;
332 BlockDriverState *bs;
333 /* ATAPI specific */
334 uint8_t sense_key;
335 uint8_t asc;
336 int packet_transfer_size;
337 int elementary_transfer_size;
338 int io_buffer_index;
339 int lba;
98087450
FB		 340 int cd_sector_size;
341 int atapi_dma; /* true if dma is requested for the packet cmd */
342 /* ATA DMA state */
343 int io_buffer_size;
344 /* PIO transfer handling */
5391d806
FB		 345 int req_nb_sectors; /* number of sectors per interrupt */
346 EndTransferFunc *end_transfer_func;
347 uint8_t *data_ptr;
348 uint8_t *data_end;
349 uint8_t io_buffer[MAX_MULT_SECTORS*512 + 4];
a09db21f 350 QEMUTimer *sector_write_timer; /* only used for win2k instal hack */
e774a278 351 uint32_t irq_count; /* counts IRQs when using win2k install hack */
5391d806
FB		 352} IDEState;
353
98087450
FB		 354#define BM_STATUS_DMAING 0x01
355#define BM_STATUS_ERROR 0x02
356#define BM_STATUS_INT 0x04
357
358#define BM_CMD_START 0x01
359#define BM_CMD_READ 0x08
360
5457c8ce
FB		 361#define IDE_TYPE_PIIX3 0
362#define IDE_TYPE_CMD646 1
363
364/* CMD646 specific */
365#define MRDMODE 0x71
366#define MRDMODE_INTR_CH0 0x04
367#define MRDMODE_INTR_CH1 0x08
368#define MRDMODE_BLK_CH0 0x10
369#define MRDMODE_BLK_CH1 0x20
370#define UDIDETCR0 0x73
371#define UDIDETCR1 0x7B
372
98087450
FB		 373typedef struct BMDMAState {
374 uint8_t cmd;
375 uint8_t status;
376 uint32_t addr;
8ccad811 377
5457c8ce 378 struct PCIIDEState *pci_dev;
98087450 379 /* current transfer state */
8ccad811
FB		 380 uint32_t cur_addr;
381 uint32_t cur_prd_last;
382 uint32_t cur_prd_addr;
383 uint32_t cur_prd_len;
98087450 384 IDEState *ide_if;
8ccad811
FB		 385 BlockDriverCompletionFunc *dma_cb;
386 BlockDriverAIOCB *aiocb;
98087450
FB		 387} BMDMAState;
388
389typedef struct PCIIDEState {
390 PCIDevice dev;
391 IDEState ide_if[4];
392 BMDMAState bmdma[2];
5457c8ce 393 int type; /* see IDE_TYPE_xxx */
98087450
FB		 394} PCIIDEState;
395
8ccad811 396static void ide_dma_start(IDEState *s, BlockDriverCompletionFunc *dma_cb);
5f12ab4b 397static void ide_atapi_cmd_read_dma_cb(void *opaque, int ret);
98087450 398
5391d806
FB		 399static void padstr(char *str, const char *src, int len)
400{
401 int i, v;
402 for(i = 0; i < len; i++) {
403 if (*src)
404 v = *src++;
405 else
406 v = ' ';
407 *(char *)((long)str ^ 1) = v;
408 str++;
409 }
410}
411
bd0d90b2
FB		 412static void padstr8(uint8_t *buf, int buf_size, const char *src)
413{
414 int i;
415 for(i = 0; i < buf_size; i++) {
416 if (*src)
417 buf[i] = *src++;
418 else
419 buf[i] = ' ';
420 }
421}
422
67b915a5
FB		 423static void put_le16(uint16_t *p, unsigned int v)
424{
0c4ad8dc 425 *p = cpu_to_le16(v);
67b915a5
FB		 426}
427
5391d806
FB		 428static void ide_identify(IDEState *s)
429{
430 uint16_t *p;
431 unsigned int oldsize;
aedf5382 432 char buf[20];
5391d806 433
94458802
FB		 434 if (s->identify_set) {
435 memcpy(s->io_buffer, s->identify_data, sizeof(s->identify_data));
436 return;
437 }
438
5391d806
FB		 439 memset(s->io_buffer, 0, 512);
440 p = (uint16_t *)s->io_buffer;
67b915a5
FB		 441 put_le16(p + 0, 0x0040);
442 put_le16(p + 1, s->cylinders);
443 put_le16(p + 3, s->heads);
444 put_le16(p + 4, 512 * s->sectors); /* XXX: retired, remove ? */
445 put_le16(p + 5, 512); /* XXX: retired, remove ? */
446 put_le16(p + 6, s->sectors);
aedf5382
FB		 447 snprintf(buf, sizeof(buf), "QM%05d", s->drive_serial);
448 padstr((uint8_t *)(p + 10), buf, 20); /* serial number */
67b915a5
FB		 449 put_le16(p + 20, 3); /* XXX: retired, remove ? */
450 put_le16(p + 21, 512); /* cache size in sectors */
451 put_le16(p + 22, 4); /* ecc bytes */
5391d806
FB		 452 padstr((uint8_t *)(p + 23), QEMU_VERSION, 8); /* firmware version */
453 padstr((uint8_t *)(p + 27), "QEMU HARDDISK", 40); /* model */
454#if MAX_MULT_SECTORS > 1
67b915a5 455 put_le16(p + 47, 0x8000 | MAX_MULT_SECTORS);
5391d806 456#endif
67b915a5 457 put_le16(p + 48, 1); /* dword I/O */
94458802 458 put_le16(p + 49, (1 << 11) | (1 << 9) | (1 << 8)); /* DMA and LBA supported */
67b915a5
FB		 459 put_le16(p + 51, 0x200); /* PIO transfer cycle */
460 put_le16(p + 52, 0x200); /* DMA transfer cycle */
94458802 461 put_le16(p + 53, 1 | (1 << 1) | (1 << 2)); /* words 54-58,64-70,88 are valid */
67b915a5
FB		 462 put_le16(p + 54, s->cylinders);
463 put_le16(p + 55, s->heads);
464 put_le16(p + 56, s->sectors);
5391d806 465 oldsize = s->cylinders * s->heads * s->sectors;
67b915a5
FB		 466 put_le16(p + 57, oldsize);
467 put_le16(p + 58, oldsize >> 16);
5391d806 468 if (s->mult_sectors)
67b915a5
FB		 469 put_le16(p + 59, 0x100 | s->mult_sectors);
470 put_le16(p + 60, s->nb_sectors);
471 put_le16(p + 61, s->nb_sectors >> 16);
94458802
FB		 472 put_le16(p + 63, 0x07); /* mdma0-2 supported */
473 put_le16(p + 65, 120);
474 put_le16(p + 66, 120);
475 put_le16(p + 67, 120);
476 put_le16(p + 68, 120);
477 put_le16(p + 80, 0xf0); /* ata3 -> ata6 supported */
478 put_le16(p + 81, 0x16); /* conforms to ata5 */
67b915a5 479 put_le16(p + 82, (1 << 14));
c2ff060f
FB		 480 /* 13=flush_cache_ext,12=flush_cache,10=lba48 */
481 put_le16(p + 83, (1 << 14) | (1 << 13) | (1 <<12) | (1 << 10));
67b915a5
FB		 482 put_le16(p + 84, (1 << 14));
483 put_le16(p + 85, (1 << 14));
c2ff060f
FB		 484 /* 13=flush_cache_ext,12=flush_cache,10=lba48 */
485 put_le16(p + 86, (1 << 14) | (1 << 13) | (1 <<12) | (1 << 10));
67b915a5 486 put_le16(p + 87, (1 << 14));
94458802
FB		 487 put_le16(p + 88, 0x3f | (1 << 13)); /* udma5 set and supported */
488 put_le16(p + 93, 1 | (1 << 14) | 0x2000);
c2ff060f
FB		 489 put_le16(p + 100, s->nb_sectors);
490 put_le16(p + 101, s->nb_sectors >> 16);
491 put_le16(p + 102, s->nb_sectors >> 32);
492 put_le16(p + 103, s->nb_sectors >> 48);
94458802
FB		 493
494 memcpy(s->identify_data, p, sizeof(s->identify_data));
495 s->identify_set = 1;
5391d806
FB		 496}
497
498static void ide_atapi_identify(IDEState *s)
499{
500 uint16_t *p;
aedf5382 501 char buf[20];
5391d806 502
94458802
FB		 503 if (s->identify_set) {
504 memcpy(s->io_buffer, s->identify_data, sizeof(s->identify_data));
505 return;
506 }
507
5391d806
FB		 508 memset(s->io_buffer, 0, 512);
509 p = (uint16_t *)s->io_buffer;
510 /* Removable CDROM, 50us response, 12 byte packets */
67b915a5 511 put_le16(p + 0, (2 << 14) | (5 << 8) | (1 << 7) | (2 << 5) | (0 << 0));
aedf5382
FB		 512 snprintf(buf, sizeof(buf), "QM%05d", s->drive_serial);
513 padstr((uint8_t *)(p + 10), buf, 20); /* serial number */
67b915a5
FB		 514 put_le16(p + 20, 3); /* buffer type */
515 put_le16(p + 21, 512); /* cache size in sectors */
516 put_le16(p + 22, 4); /* ecc bytes */
5391d806
FB		 517 padstr((uint8_t *)(p + 23), QEMU_VERSION, 8); /* firmware version */
518 padstr((uint8_t *)(p + 27), "QEMU CD-ROM", 40); /* model */
67b915a5 519 put_le16(p + 48, 1); /* dword I/O (XXX: should not be set on CDROM) */
8ccad811
FB		 520#ifdef USE_DMA_CDROM
521 put_le16(p + 49, 1 << 9 | 1 << 8); /* DMA and LBA supported */
522 put_le16(p + 53, 7); /* words 64-70, 54-58, 88 valid */
523 put_le16(p + 63, 7); /* mdma0-2 supported */
524 put_le16(p + 64, 0x3f); /* PIO modes supported */
525#else
67b915a5
FB		 526 put_le16(p + 49, 1 << 9); /* LBA supported, no DMA */
527 put_le16(p + 53, 3); /* words 64-70, 54-58 valid */
528 put_le16(p + 63, 0x103); /* DMA modes XXX: may be incorrect */
529 put_le16(p + 64, 1); /* PIO modes */
8ccad811 530#endif
67b915a5
FB		 531 put_le16(p + 65, 0xb4); /* minimum DMA multiword tx cycle time */
532 put_le16(p + 66, 0xb4); /* recommended DMA multiword tx cycle time */
533 put_le16(p + 67, 0x12c); /* minimum PIO cycle time without flow control */
534 put_le16(p + 68, 0xb4); /* minimum PIO cycle time with IORDY flow control */
94458802 535
67b915a5
FB		 536 put_le16(p + 71, 30); /* in ns */
537 put_le16(p + 72, 30); /* in ns */
5391d806 538
67b915a5 539 put_le16(p + 80, 0x1e); /* support up to ATA/ATAPI-4 */
8ccad811
FB		 540#ifdef USE_DMA_CDROM
541 put_le16(p + 88, 0x3f | (1 << 13)); /* udma5 set and supported */
542#endif
94458802
FB		 543 memcpy(s->identify_data, p, sizeof(s->identify_data));
544 s->identify_set = 1;
5391d806
FB		 545}
546
547static void ide_set_signature(IDEState *s)
548{
549 s->select &= 0xf0; /* clear head */
550 /* put signature */
551 s->nsector = 1;
552 s->sector = 1;
553 if (s->is_cdrom) {
554 s->lcyl = 0x14;
555 s->hcyl = 0xeb;
556 } else if (s->bs) {
557 s->lcyl = 0;
558 s->hcyl = 0;
559 } else {
560 s->lcyl = 0xff;
561 s->hcyl = 0xff;
562 }
563}
564
565static inline void ide_abort_command(IDEState *s)
566{
567 s->status = READY_STAT | ERR_STAT;
568 s->error = ABRT_ERR;
569}
570
571static inline void ide_set_irq(IDEState *s)
572{
98ff7d30 573 BMDMAState *bm = s->bmdma;
5391d806 574 if (!(s->cmd & IDE_CMD_DISABLE_IRQ)) {
5457c8ce 575 if (bm) {
98ff7d30 576 bm->status |= BM_STATUS_INT;
5457c8ce
FB		 577 }
578 s->set_irq(s->irq_opaque, s->irq, 1);
5391d806
FB		 579 }
580}
581
582/* prepare data transfer and tell what to do after */
583static void ide_transfer_start(IDEState *s, uint8_t *buf, int size,
584 EndTransferFunc *end_transfer_func)
585{
586 s->end_transfer_func = end_transfer_func;
587 s->data_ptr = buf;
588 s->data_end = buf + size;
589 s->status |= DRQ_STAT;
590}
591
592static void ide_transfer_stop(IDEState *s)
593{
594 s->end_transfer_func = ide_transfer_stop;
595 s->data_ptr = s->io_buffer;
596 s->data_end = s->io_buffer;
597 s->status &= ~DRQ_STAT;
598}
599
600static int64_t ide_get_sector(IDEState *s)
601{
602 int64_t sector_num;
603 if (s->select & 0x40) {
604 /* lba */
c2ff060f
FB		 605 if (!s->lba48) {
606 sector_num = ((s->select & 0x0f) << 24) | (s->hcyl << 16) |
607 (s->lcyl << 8) | s->sector;
608 } else {
609 sector_num = ((int64_t)s->hob_hcyl << 40) |
610 ((int64_t) s->hob_lcyl << 32) |
611 ((int64_t) s->hob_sector << 24) |
612 ((int64_t) s->hcyl << 16) |
613 ((int64_t) s->lcyl << 8) | s->sector;
614 }
5391d806
FB		 615 } else {
616 sector_num = ((s->hcyl << 8) | s->lcyl) * s->heads * s->sectors +
c2ff060f 617 (s->select & 0x0f) * s->sectors + (s->sector - 1);
5391d806
FB		 618 }
619 return sector_num;
620}
621
622static void ide_set_sector(IDEState *s, int64_t sector_num)
623{
624 unsigned int cyl, r;
625 if (s->select & 0x40) {
c2ff060f
FB		 626 if (!s->lba48) {
627 s->select = (s->select & 0xf0) | (sector_num >> 24);
628 s->hcyl = (sector_num >> 16);
629 s->lcyl = (sector_num >> 8);
630 s->sector = (sector_num);
631 } else {
632 s->sector = sector_num;
633 s->lcyl = sector_num >> 8;
634 s->hcyl = sector_num >> 16;
635 s->hob_sector = sector_num >> 24;
636 s->hob_lcyl = sector_num >> 32;
637 s->hob_hcyl = sector_num >> 40;
638 }
5391d806
FB		 639 } else {
640 cyl = sector_num / (s->heads * s->sectors);
641 r = sector_num % (s->heads * s->sectors);
642 s->hcyl = cyl >> 8;
643 s->lcyl = cyl;
1b8eb456 644 s->select = (s->select & 0xf0) | ((r / s->sectors) & 0x0f);
5391d806
FB		 645 s->sector = (r % s->sectors) + 1;
646 }
647}
648
649static void ide_sector_read(IDEState *s)
650{
651 int64_t sector_num;
652 int ret, n;
653
654 s->status = READY_STAT | SEEK_STAT;
a136e5a8 655 s->error = 0; /* not needed by IDE spec, but needed by Windows */
5391d806
FB		 656 sector_num = ide_get_sector(s);
657 n = s->nsector;
658 if (n == 0) {
659 /* no more sector to read from disk */
660 ide_transfer_stop(s);
661 } else {
662#if defined(DEBUG_IDE)
663 printf("read sector=%Ld\n", sector_num);
664#endif
665 if (n > s->req_nb_sectors)
666 n = s->req_nb_sectors;
667 ret = bdrv_read(s->bs, sector_num, s->io_buffer, n);
668 ide_transfer_start(s, s->io_buffer, 512 * n, ide_sector_read);
669 ide_set_irq(s);
670 ide_set_sector(s, sector_num + n);
671 s->nsector -= n;
672 }
673}
674
8ccad811
FB		 675/* return 0 if buffer completed */
676static int dma_buf_rw(BMDMAState *bm, int is_write)
98087450 677{
8ccad811
FB		 678 IDEState *s = bm->ide_if;
679 struct {
680 uint32_t addr;
681 uint32_t size;
682 } prd;
683 int l, len;
98087450 684
8ccad811
FB		 685 for(;;) {
686 l = s->io_buffer_size - s->io_buffer_index;
687 if (l <= 0)
688 break;
689 if (bm->cur_prd_len == 0) {
690 /* end of table (with a fail safe of one page) */
691 if (bm->cur_prd_last ||
692 (bm->cur_addr - bm->addr) >= 4096)
693 return 0;
694 cpu_physical_memory_read(bm->cur_addr, (uint8_t *)&prd, 8);
695 bm->cur_addr += 8;
696 prd.addr = le32_to_cpu(prd.addr);
697 prd.size = le32_to_cpu(prd.size);
698 len = prd.size & 0xfffe;
699 if (len == 0)
700 len = 0x10000;
701 bm->cur_prd_len = len;
702 bm->cur_prd_addr = prd.addr;
703 bm->cur_prd_last = (prd.size & 0x80000000);
704 }
705 if (l > bm->cur_prd_len)
706 l = bm->cur_prd_len;
707 if (l > 0) {
708 if (is_write) {
709 cpu_physical_memory_write(bm->cur_prd_addr,
710 s->io_buffer + s->io_buffer_index, l);
711 } else {
712 cpu_physical_memory_read(bm->cur_prd_addr,
713 s->io_buffer + s->io_buffer_index, l);
714 }
715 bm->cur_prd_addr += l;
716 bm->cur_prd_len -= l;
717 s->io_buffer_index += l;
98087450 718 }
98087450 719 }
8ccad811
FB		 720 return 1;
721}
722
723/* XXX: handle errors */
724static void ide_read_dma_cb(void *opaque, int ret)
725{
726 BMDMAState *bm = opaque;
727 IDEState *s = bm->ide_if;
728 int n;
729 int64_t sector_num;
730
731 n = s->io_buffer_size >> 9;
732 sector_num = ide_get_sector(s);
733 if (n > 0) {
734 sector_num += n;
735 ide_set_sector(s, sector_num);
736 s->nsector -= n;
737 if (dma_buf_rw(bm, 1) == 0)
738 goto eot;
739 }
740
741 /* end of transfer ? */
742 if (s->nsector == 0) {
98087450
FB		 743 s->status = READY_STAT | SEEK_STAT;
744 ide_set_irq(s);
8ccad811
FB		 745 eot:
746 bm->status &= ~BM_STATUS_DMAING;
747 bm->status |= BM_STATUS_INT;
748 bm->dma_cb = NULL;
749 bm->ide_if = NULL;
750 bm->aiocb = NULL;
751 return;
98087450 752 }
8ccad811
FB		 753
754 /* launch next transfer */
755 n = s->nsector;
756 if (n > MAX_MULT_SECTORS)
757 n = MAX_MULT_SECTORS;
758 s->io_buffer_index = 0;
759 s->io_buffer_size = n * 512;
760#ifdef DEBUG_AIO
761 printf("aio_read: sector_num=%lld n=%d\n", sector_num, n);
762#endif
763 bm->aiocb = bdrv_aio_read(s->bs, sector_num, s->io_buffer, n,
764 ide_read_dma_cb, bm);
98087450
FB		 765}
766
767static void ide_sector_read_dma(IDEState *s)
768{
8ccad811 769 s->status = READY_STAT | SEEK_STAT | DRQ_STAT | BUSY_STAT;
98087450
FB		 770 s->io_buffer_index = 0;
771 s->io_buffer_size = 0;
772 ide_dma_start(s, ide_read_dma_cb);
773}
774
a09db21f
FB		 775static void ide_sector_write_timer_cb(void *opaque)
776{
777 IDEState *s = opaque;
778 ide_set_irq(s);
779}
780
5391d806
FB		 781static void ide_sector_write(IDEState *s)
782{
783 int64_t sector_num;
784 int ret, n, n1;
785
786 s->status = READY_STAT | SEEK_STAT;
787 sector_num = ide_get_sector(s);
788#if defined(DEBUG_IDE)
789 printf("write sector=%Ld\n", sector_num);
790#endif
791 n = s->nsector;
792 if (n > s->req_nb_sectors)
793 n = s->req_nb_sectors;
794 ret = bdrv_write(s->bs, sector_num, s->io_buffer, n);
795 s->nsector -= n;
796 if (s->nsector == 0) {
292eef5a 797 /* no more sectors to write */
5391d806
FB		 798 ide_transfer_stop(s);
799 } else {
800 n1 = s->nsector;
801 if (n1 > s->req_nb_sectors)
802 n1 = s->req_nb_sectors;
803 ide_transfer_start(s, s->io_buffer, 512 * n1, ide_sector_write);
804 }
805 ide_set_sector(s, sector_num + n);
a09db21f
FB		 806
807#ifdef TARGET_I386
e774a278 808 if (win2k_install_hack && ((++s->irq_count % 16) == 0)) {
a09db21f
FB		 809 /* It seems there is a bug in the Windows 2000 installer HDD
810 IDE driver which fills the disk with empty logs when the
811 IDE write IRQ comes too early. This hack tries to correct
812 that at the expense of slower write performances. Use this
813 option _only_ to install Windows 2000. You must disable it
814 for normal use. */
815 qemu_mod_timer(s->sector_write_timer,
816 qemu_get_clock(vm_clock) + (ticks_per_sec / 1000));
817 } else
818#endif
819 {
820 ide_set_irq(s);
821 }
5391d806
FB		 822}
823
8ccad811
FB		 824/* XXX: handle errors */
825static void ide_write_dma_cb(void *opaque, int ret)
98087450 826{
8ccad811
FB		 827 BMDMAState *bm = opaque;
828 IDEState *s = bm->ide_if;
829 int n;
98087450
FB		 830 int64_t sector_num;
831
8ccad811
FB		 832 n = s->io_buffer_size >> 9;
833 sector_num = ide_get_sector(s);
834 if (n > 0) {
835 sector_num += n;
836 ide_set_sector(s, sector_num);
837 s->nsector -= n;
98087450 838 }
98087450 839
8ccad811
FB		 840 /* end of transfer ? */
841 if (s->nsector == 0) {
842 s->status = READY_STAT | SEEK_STAT;
843 ide_set_irq(s);
844 eot:
845 bm->status &= ~BM_STATUS_DMAING;
846 bm->status |= BM_STATUS_INT;
847 bm->dma_cb = NULL;
848 bm->ide_if = NULL;
849 bm->aiocb = NULL;
850 return;
851 }
852
853 /* launch next transfer */
98087450
FB		 854 n = s->nsector;
855 if (n > MAX_MULT_SECTORS)
856 n = MAX_MULT_SECTORS;
857 s->io_buffer_index = 0;
858 s->io_buffer_size = n * 512;
8ccad811
FB		 859
860 if (dma_buf_rw(bm, 0) == 0)
861 goto eot;
862#ifdef DEBUG_AIO
863 printf("aio_write: sector_num=%lld n=%d\n", sector_num, n);
864#endif
865 bm->aiocb = bdrv_aio_write(s->bs, sector_num, s->io_buffer, n,
866 ide_write_dma_cb, bm);
867}
868
869static void ide_sector_write_dma(IDEState *s)
870{
871 s->status = READY_STAT | SEEK_STAT | DRQ_STAT | BUSY_STAT;
872 s->io_buffer_index = 0;
873 s->io_buffer_size = 0;
98087450
FB		 874 ide_dma_start(s, ide_write_dma_cb);
875}
876
5391d806
FB		 877static void ide_atapi_cmd_ok(IDEState *s)
878{
879 s->error = 0;
880 s->status = READY_STAT;
881 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
882 ide_set_irq(s);
883}
884
885static void ide_atapi_cmd_error(IDEState *s, int sense_key, int asc)
886{
887#ifdef DEBUG_IDE_ATAPI
888 printf("atapi_cmd_error: sense=0x%x asc=0x%x\n", sense_key, asc);
889#endif
890 s->error = sense_key << 4;
891 s->status = READY_STAT | ERR_STAT;
892 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
893 s->sense_key = sense_key;
894 s->asc = asc;
895 ide_set_irq(s);
896}
897
898static inline void cpu_to_ube16(uint8_t *buf, int val)
899{
900 buf[0] = val >> 8;
901 buf[1] = val;
902}
903
904static inline void cpu_to_ube32(uint8_t *buf, unsigned int val)
905{
906 buf[0] = val >> 24;
907 buf[1] = val >> 16;
908 buf[2] = val >> 8;
909 buf[3] = val;
910}
911
912static inline int ube16_to_cpu(const uint8_t *buf)
913{
914 return (buf[0] << 8) | buf[1];
915}
916
917static inline int ube32_to_cpu(const uint8_t *buf)
918{
919 return (buf[0] << 24) | (buf[1] << 16) | (buf[2] << 8) | buf[3];
920}
921
98087450
FB		 922static void lba_to_msf(uint8_t *buf, int lba)
923{
924 lba += 150;
925 buf[0] = (lba / 75) / 60;
926 buf[1] = (lba / 75) % 60;
927 buf[2] = lba % 75;
928}
929
8ccad811
FB		 930static void cd_data_to_raw(uint8_t *buf, int lba)
931{
932 /* sync bytes */
933 buf[0] = 0x00;
934 memset(buf + 1, 0xff, 10);
935 buf[11] = 0x00;
936 buf += 12;
937 /* MSF */
938 lba_to_msf(buf, lba);
939 buf[3] = 0x01; /* mode 1 data */
940 buf += 4;
941 /* data */
942 buf += 2048;
943 /* XXX: ECC not computed */
944 memset(buf, 0, 288);
945}
946
66c6ef76 947static int cd_read_sector(BlockDriverState *bs, int lba, uint8_t *buf,
98087450
FB		 948 int sector_size)
949{
66c6ef76
FB		 950 int ret;
951
98087450
FB		 952 switch(sector_size) {
953 case 2048:
66c6ef76 954 ret = bdrv_read(bs, (int64_t)lba << 2, buf, 4);
98087450
FB		 955 break;
956 case 2352:
66c6ef76
FB		 957 ret = bdrv_read(bs, (int64_t)lba << 2, buf + 16, 4);
958 if (ret < 0)
959 return ret;
8ccad811 960 cd_data_to_raw(buf, lba);
98087450
FB		 961 break;
962 default:
66c6ef76 963 ret = -EIO;
98087450
FB		 964 break;
965 }
66c6ef76
FB		 966 return ret;
967}
968
969static void ide_atapi_io_error(IDEState *s, int ret)
970{
971 /* XXX: handle more errors */
972 if (ret == -ENOMEDIUM) {
973 ide_atapi_cmd_error(s, SENSE_NOT_READY,
974 ASC_MEDIUM_NOT_PRESENT);
975 } else {
976 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
977 ASC_LOGICAL_BLOCK_OOR);
978 }
98087450
FB		 979}
980
5391d806
FB		 981/* The whole ATAPI transfer logic is handled in this function */
982static void ide_atapi_cmd_reply_end(IDEState *s)
983{
66c6ef76 984 int byte_count_limit, size, ret;
5391d806
FB		 985#ifdef DEBUG_IDE_ATAPI
986 printf("reply: tx_size=%d elem_tx_size=%d index=%d\n",
987 s->packet_transfer_size,
988 s->elementary_transfer_size,
989 s->io_buffer_index);
990#endif
991 if (s->packet_transfer_size <= 0) {
992 /* end of transfer */
993 ide_transfer_stop(s);
994 s->status = READY_STAT;
995 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
996 ide_set_irq(s);
997#ifdef DEBUG_IDE_ATAPI
998 printf("status=0x%x\n", s->status);
999#endif
1000 } else {
1001 /* see if a new sector must be read */
98087450 1002 if (s->lba != -1 && s->io_buffer_index >= s->cd_sector_size) {
66c6ef76
FB		 1003 ret = cd_read_sector(s->bs, s->lba, s->io_buffer, s->cd_sector_size);
1004 if (ret < 0) {
1005 ide_transfer_stop(s);
1006 ide_atapi_io_error(s, ret);
1007 return;
1008 }
5391d806
FB		 1009 s->lba++;
1010 s->io_buffer_index = 0;
1011 }
1012 if (s->elementary_transfer_size > 0) {
1013 /* there are some data left to transmit in this elementary
1014 transfer */
98087450 1015 size = s->cd_sector_size - s->io_buffer_index;
5391d806
FB		 1016 if (size > s->elementary_transfer_size)
1017 size = s->elementary_transfer_size;
1018 ide_transfer_start(s, s->io_buffer + s->io_buffer_index,
1019 size, ide_atapi_cmd_reply_end);
1020 s->packet_transfer_size -= size;
1021 s->elementary_transfer_size -= size;
1022 s->io_buffer_index += size;
1023 } else {
1024 /* a new transfer is needed */
1025 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO;
1026 byte_count_limit = s->lcyl | (s->hcyl << 8);
1027#ifdef DEBUG_IDE_ATAPI
1028 printf("byte_count_limit=%d\n", byte_count_limit);
1029#endif
1030 if (byte_count_limit == 0xffff)
1031 byte_count_limit--;
1032 size = s->packet_transfer_size;
1033 if (size > byte_count_limit) {
1034 /* byte count limit must be even if this case */
1035 if (byte_count_limit & 1)
1036 byte_count_limit--;
1037 size = byte_count_limit;
5391d806 1038 }
a136e5a8
FB		 1039 s->lcyl = size;
1040 s->hcyl = size >> 8;
5391d806
FB		 1041 s->elementary_transfer_size = size;
1042 /* we cannot transmit more than one sector at a time */
1043 if (s->lba != -1) {
98087450
FB		 1044 if (size > (s->cd_sector_size - s->io_buffer_index))
1045 size = (s->cd_sector_size - s->io_buffer_index);
5391d806
FB		 1046 }
1047 ide_transfer_start(s, s->io_buffer + s->io_buffer_index,
1048 size, ide_atapi_cmd_reply_end);
1049 s->packet_transfer_size -= size;
1050 s->elementary_transfer_size -= size;
1051 s->io_buffer_index += size;
1052 ide_set_irq(s);
1053#ifdef DEBUG_IDE_ATAPI
1054 printf("status=0x%x\n", s->status);
1055#endif
1056 }
1057 }
1058}
1059
1060/* send a reply of 'size' bytes in s->io_buffer to an ATAPI command */
1061static void ide_atapi_cmd_reply(IDEState *s, int size, int max_size)
1062{
1063 if (size > max_size)
1064 size = max_size;
1065 s->lba = -1; /* no sector read */
1066 s->packet_transfer_size = size;
5f12ab4b 1067 s->io_buffer_size = size; /* dma: send the reply data as one chunk */
5391d806
FB		 1068 s->elementary_transfer_size = 0;
1069 s->io_buffer_index = 0;
1070
5f12ab4b
TS		 1071 if (s->atapi_dma) {
1072 s->status = READY_STAT | DRQ_STAT;
1073 ide_dma_start(s, ide_atapi_cmd_read_dma_cb);
1074 } else {
1075 s->status = READY_STAT;
1076 ide_atapi_cmd_reply_end(s);
1077 }
5391d806
FB		 1078}
1079
1080/* start a CD-CDROM read command */
98087450
FB		 1081static void ide_atapi_cmd_read_pio(IDEState *s, int lba, int nb_sectors,
1082 int sector_size)
5391d806 1083{
5391d806 1084 s->lba = lba;
98087450 1085 s->packet_transfer_size = nb_sectors * sector_size;
5391d806 1086 s->elementary_transfer_size = 0;
98087450
FB		 1087 s->io_buffer_index = sector_size;
1088 s->cd_sector_size = sector_size;
5391d806
FB		 1089
1090 s->status = READY_STAT;
1091 ide_atapi_cmd_reply_end(s);
1092}
1093
98087450 1094/* ATAPI DMA support */
8ccad811
FB		 1095
1096/* XXX: handle read errors */
1097static void ide_atapi_cmd_read_dma_cb(void *opaque, int ret)
98087450 1098{
8ccad811
FB		 1099 BMDMAState *bm = opaque;
1100 IDEState *s = bm->ide_if;
1101 int data_offset, n;
1102
66c6ef76
FB		 1103 if (ret < 0) {
1104 ide_atapi_io_error(s, ret);
1105 goto eot;
1106 }
1107
8ccad811 1108 if (s->io_buffer_size > 0) {
5f12ab4b
TS		 1109 /*
1110 * For a cdrom read sector command (s->lba != -1),
1111 * adjust the lba for the next s->io_buffer_size chunk
1112 * and dma the current chunk.
1113 * For a command != read (s->lba == -1), just transfer
1114 * the reply data.
1115 */
1116 if (s->lba != -1) {
1117 if (s->cd_sector_size == 2352) {
1118 n = 1;
1119 cd_data_to_raw(s->io_buffer, s->lba);
1120 } else {
1121 n = s->io_buffer_size >> 11;
1122 }
1123 s->lba += n;
1124 }
8ccad811 1125 s->packet_transfer_size -= s->io_buffer_size;
8ccad811
FB		 1126 if (dma_buf_rw(bm, 1) == 0)
1127 goto eot;
98087450 1128 }
8ccad811 1129
98087450
FB		 1130 if (s->packet_transfer_size <= 0) {
1131 s->status = READY_STAT;
1132 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
1133 ide_set_irq(s);
8ccad811
FB		 1134 eot:
1135 bm->status &= ~BM_STATUS_DMAING;
1136 bm->status |= BM_STATUS_INT;
1137 bm->dma_cb = NULL;
1138 bm->ide_if = NULL;
1139 bm->aiocb = NULL;
1140 return;
1141 }
1142
1143 s->io_buffer_index = 0;
1144 if (s->cd_sector_size == 2352) {
1145 n = 1;
1146 s->io_buffer_size = s->cd_sector_size;
1147 data_offset = 16;
1148 } else {
1149 n = s->packet_transfer_size >> 11;
1150 if (n > (MAX_MULT_SECTORS / 4))
1151 n = (MAX_MULT_SECTORS / 4);
1152 s->io_buffer_size = n * 2048;
1153 data_offset = 0;
98087450 1154 }
8ccad811
FB		 1155#ifdef DEBUG_AIO
1156 printf("aio_read_cd: lba=%u n=%d\n", s->lba, n);
1157#endif
1158 bm->aiocb = bdrv_aio_read(s->bs, (int64_t)s->lba << 2,
1159 s->io_buffer + data_offset, n * 4,
1160 ide_atapi_cmd_read_dma_cb, bm);
66c6ef76
FB		 1161 if (!bm->aiocb) {
1162 /* Note: media not present is the most likely case */
1163 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1164 ASC_MEDIUM_NOT_PRESENT);
1165 goto eot;
1166 }
98087450
FB		 1167}
1168
1169/* start a CD-CDROM read command with DMA */
1170/* XXX: test if DMA is available */
1171static void ide_atapi_cmd_read_dma(IDEState *s, int lba, int nb_sectors,
1172 int sector_size)
1173{
1174 s->lba = lba;
1175 s->packet_transfer_size = nb_sectors * sector_size;
8ccad811
FB		 1176 s->io_buffer_index = 0;
1177 s->io_buffer_size = 0;
98087450
FB		 1178 s->cd_sector_size = sector_size;
1179
8ccad811
FB		 1180 /* XXX: check if BUSY_STAT should be set */
1181 s->status = READY_STAT | DRQ_STAT | BUSY_STAT;
98087450
FB		 1182 ide_dma_start(s, ide_atapi_cmd_read_dma_cb);
1183}
1184
1185static void ide_atapi_cmd_read(IDEState *s, int lba, int nb_sectors,
1186 int sector_size)
1187{
1188#ifdef DEBUG_IDE_ATAPI
5f12ab4b
TS		 1189 printf("read %s: LBA=%d nb_sectors=%d\n", s->atapi_dma ? "dma" : "pio",
1190 lba, nb_sectors);
98087450
FB		 1191#endif
1192 if (s->atapi_dma) {
1193 ide_atapi_cmd_read_dma(s, lba, nb_sectors, sector_size);
1194 } else {
1195 ide_atapi_cmd_read_pio(s, lba, nb_sectors, sector_size);
1196 }
1197}
1198
5391d806
FB		 1199static void ide_atapi_cmd(IDEState *s)
1200{
1201 const uint8_t *packet;
1202 uint8_t *buf;
1203 int max_len;
1204
1205 packet = s->io_buffer;
1206 buf = s->io_buffer;
1207#ifdef DEBUG_IDE_ATAPI
1208 {
1209 int i;
1210 printf("ATAPI limit=0x%x packet:", s->lcyl | (s->hcyl << 8));
1211 for(i = 0; i < ATAPI_PACKET_SIZE; i++) {
1212 printf(" %02x", packet[i]);
1213 }
1214 printf("\n");
1215 }
1216#endif
1217 switch(s->io_buffer[0]) {
1218 case GPCMD_TEST_UNIT_READY:
caed8802 1219 if (bdrv_is_inserted(s->bs)) {
5391d806
FB		 1220 ide_atapi_cmd_ok(s);
1221 } else {
1222 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1223 ASC_MEDIUM_NOT_PRESENT);
1224 }
1225 break;
1226 case GPCMD_MODE_SENSE_10:
1227 {
1228 int action, code;
1229 max_len = ube16_to_cpu(packet + 7);
1230 action = packet[2] >> 6;
1231 code = packet[2] & 0x3f;
1232 switch(action) {
1233 case 0: /* current values */
1234 switch(code) {
1235 case 0x01: /* error recovery */
1236 cpu_to_ube16(&buf[0], 16 + 6);
1237 buf[2] = 0x70;
1238 buf[3] = 0;
1239 buf[4] = 0;
1240 buf[5] = 0;
1241 buf[6] = 0;
1242 buf[7] = 0;
1243
1244 buf[8] = 0x01;
1245 buf[9] = 0x06;
1246 buf[10] = 0x00;
1247 buf[11] = 0x05;
1248 buf[12] = 0x00;
1249 buf[13] = 0x00;
1250 buf[14] = 0x00;
1251 buf[15] = 0x00;
1252 ide_atapi_cmd_reply(s, 16, max_len);
1253 break;
1254 case 0x2a:
1255 cpu_to_ube16(&buf[0], 28 + 6);
1256 buf[2] = 0x70;
1257 buf[3] = 0;
1258 buf[4] = 0;
1259 buf[5] = 0;
1260 buf[6] = 0;
1261 buf[7] = 0;
1262
1263 buf[8] = 0x2a;
1264 buf[9] = 0x12;
1265 buf[10] = 0x00;
1266 buf[11] = 0x00;
1267
1268 buf[12] = 0x70;
1269 buf[13] = 3 << 5;
1270 buf[14] = (1 << 0) | (1 << 3) | (1 << 5);
caed8802 1271 if (bdrv_is_locked(s->bs))
5391d806
FB		 1272 buf[6] |= 1 << 1;
1273 buf[15] = 0x00;
1274 cpu_to_ube16(&buf[16], 706);
1275 buf[18] = 0;
1276 buf[19] = 2;
1277 cpu_to_ube16(&buf[20], 512);
1278 cpu_to_ube16(&buf[22], 706);
1279 buf[24] = 0;
1280 buf[25] = 0;
1281 buf[26] = 0;
1282 buf[27] = 0;
1283 ide_atapi_cmd_reply(s, 28, max_len);
1284 break;
1285 default:
1286 goto error_cmd;
1287 }
1288 break;
1289 case 1: /* changeable values */
1290 goto error_cmd;
1291 case 2: /* default values */
1292 goto error_cmd;
1293 default:
1294 case 3: /* saved values */
1295 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1296 ASC_SAVING_PARAMETERS_NOT_SUPPORTED);
1297 break;
1298 }
1299 }
1300 break;
1301 case GPCMD_REQUEST_SENSE:
1302 max_len = packet[4];
1303 memset(buf, 0, 18);
1304 buf[0] = 0x70 | (1 << 7);
1305 buf[2] = s->sense_key;
1306 buf[7] = 10;
1307 buf[12] = s->asc;
1308 ide_atapi_cmd_reply(s, 18, max_len);
1309 break;
1310 case GPCMD_PREVENT_ALLOW_MEDIUM_REMOVAL:
caed8802
FB		 1311 if (bdrv_is_inserted(s->bs)) {
1312 bdrv_set_locked(s->bs, packet[4] & 1);
5391d806
FB		 1313 ide_atapi_cmd_ok(s);
1314 } else {
1315 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1316 ASC_MEDIUM_NOT_PRESENT);
1317 }
1318 break;
1319 case GPCMD_READ_10:
1320 case GPCMD_READ_12:
1321 {
1322 int nb_sectors, lba;
1323
5391d806
FB		 1324 if (packet[0] == GPCMD_READ_10)
1325 nb_sectors = ube16_to_cpu(packet + 7);
1326 else
1327 nb_sectors = ube32_to_cpu(packet + 6);
1328 lba = ube32_to_cpu(packet + 2);
1329 if (nb_sectors == 0) {
1330 ide_atapi_cmd_ok(s);
1331 break;
1332 }
98087450
FB		 1333 ide_atapi_cmd_read(s, lba, nb_sectors, 2048);
1334 }
1335 break;
1336 case GPCMD_READ_CD:
1337 {
1338 int nb_sectors, lba, transfer_request;
1339
98087450
FB		 1340 nb_sectors = (packet[6] << 16) | (packet[7] << 8) | packet[8];
1341 lba = ube32_to_cpu(packet + 2);
1342 if (nb_sectors == 0) {
1343 ide_atapi_cmd_ok(s);
1344 break;
1345 }
98087450
FB		 1346 transfer_request = packet[9];
1347 switch(transfer_request & 0xf8) {
1348 case 0x00:
1349 /* nothing */
1350 ide_atapi_cmd_ok(s);
1351 break;
1352 case 0x10:
1353 /* normal read */
1354 ide_atapi_cmd_read(s, lba, nb_sectors, 2048);
1355 break;
1356 case 0xf8:
1357 /* read all data */
1358 ide_atapi_cmd_read(s, lba, nb_sectors, 2352);
1359 break;
1360 default:
1361 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1362 ASC_INV_FIELD_IN_CMD_PACKET);
1363 break;
1364 }
5391d806
FB		 1365 }
1366 break;
1367 case GPCMD_SEEK:
1368 {
1369 int lba;
66c6ef76
FB		 1370 int64_t total_sectors;
1371
1372 bdrv_get_geometry(s->bs, &total_sectors);
1373 total_sectors >>= 2;
1374 if (total_sectors <= 0) {
5391d806
FB		 1375 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1376 ASC_MEDIUM_NOT_PRESENT);
1377 break;
1378 }
1379 lba = ube32_to_cpu(packet + 2);
66c6ef76 1380 if (lba >= total_sectors) {
5391d806
FB		 1381 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1382 ASC_LOGICAL_BLOCK_OOR);
1383 break;
1384 }
1385 ide_atapi_cmd_ok(s);
1386 }
1387 break;
1388 case GPCMD_START_STOP_UNIT:
1389 {
1390 int start, eject;
1391 start = packet[4] & 1;
1392 eject = (packet[4] >> 1) & 1;
1393
caed8802
FB		 1394 if (eject && !start) {
1395 /* eject the disk */
66c6ef76
FB		 1396 bdrv_eject(s->bs, 1);
1397 } else if (eject && start) {
1398 /* close the tray */
1399 bdrv_eject(s->bs, 0);
caed8802 1400 }
5391d806
FB		 1401 ide_atapi_cmd_ok(s);
1402 }
1403 break;
1404 case GPCMD_MECHANISM_STATUS:
1405 {
1406 max_len = ube16_to_cpu(packet + 8);
1407 cpu_to_ube16(buf, 0);
1408 /* no current LBA */
1409 buf[2] = 0;
1410 buf[3] = 0;
1411 buf[4] = 0;
1412 buf[5] = 1;
1413 cpu_to_ube16(buf + 6, 0);
1414 ide_atapi_cmd_reply(s, 8, max_len);
1415 }
1416 break;
1417 case GPCMD_READ_TOC_PMA_ATIP:
1418 {
1419 int format, msf, start_track, len;
66c6ef76 1420 int64_t total_sectors;
5391d806 1421
66c6ef76
FB		 1422 bdrv_get_geometry(s->bs, &total_sectors);
1423 total_sectors >>= 2;
1424 if (total_sectors <= 0) {
5391d806
FB		 1425 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1426 ASC_MEDIUM_NOT_PRESENT);
1427 break;
1428 }
1429 max_len = ube16_to_cpu(packet + 7);
1430 format = packet[9] >> 6;
1431 msf = (packet[1] >> 1) & 1;
1432 start_track = packet[6];
1433 switch(format) {
1434 case 0:
66c6ef76 1435 len = cdrom_read_toc(total_sectors, buf, msf, start_track);
5391d806
FB		 1436 if (len < 0)
1437 goto error_cmd;
1438 ide_atapi_cmd_reply(s, len, max_len);
1439 break;
1440 case 1:
1441 /* multi session : only a single session defined */
1442 memset(buf, 0, 12);
1443 buf[1] = 0x0a;
1444 buf[2] = 0x01;
1445 buf[3] = 0x01;
1446 ide_atapi_cmd_reply(s, 12, max_len);
1447 break;
98087450 1448 case 2:
66c6ef76 1449 len = cdrom_read_toc_raw(total_sectors, buf, msf, start_track);
98087450
FB		 1450 if (len < 0)
1451 goto error_cmd;
1452 ide_atapi_cmd_reply(s, len, max_len);
1453 break;
5391d806 1454 default:
7f777bf3
FB		 1455 error_cmd:
1456 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1457 ASC_INV_FIELD_IN_CMD_PACKET);
1458 break;
5391d806
FB		 1459 }
1460 }
1461 break;
1462 case GPCMD_READ_CDVD_CAPACITY:
66c6ef76
FB		 1463 {
1464 int64_t total_sectors;
1465
1466 bdrv_get_geometry(s->bs, &total_sectors);
1467 total_sectors >>= 2;
1468 if (total_sectors <= 0) {
1469 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1470 ASC_MEDIUM_NOT_PRESENT);
1471 break;
1472 }
1473 /* NOTE: it is really the number of sectors minus 1 */
1474 cpu_to_ube32(buf, total_sectors - 1);
1475 cpu_to_ube32(buf + 4, 2048);
1476 ide_atapi_cmd_reply(s, 8, 8);
5391d806 1477 }
5391d806 1478 break;
bd0d90b2
FB		 1479 case GPCMD_INQUIRY:
1480 max_len = packet[4];
1481 buf[0] = 0x05; /* CD-ROM */
1482 buf[1] = 0x80; /* removable */
1483 buf[2] = 0x00; /* ISO */
1484 buf[3] = 0x21; /* ATAPI-2 (XXX: put ATAPI-4 ?) */
1485 buf[4] = 31; /* additionnal length */
1486 buf[5] = 0; /* reserved */
1487 buf[6] = 0; /* reserved */
1488 buf[7] = 0; /* reserved */
1489 padstr8(buf + 8, 8, "QEMU");
1490 padstr8(buf + 16, 16, "QEMU CD-ROM");
1491 padstr8(buf + 32, 4, QEMU_VERSION);
1492 ide_atapi_cmd_reply(s, 36, max_len);
1493 break;
5391d806 1494 default:
5391d806 1495 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
7f777bf3 1496 ASC_ILLEGAL_OPCODE);
5391d806
FB		 1497 break;
1498 }
1499}
1500
bd491d6a
TS		 1501/* called when the inserted state of the media has changed */
1502static void cdrom_change_cb(void *opaque)
1503{
1504 IDEState *s = opaque;
1505 int64_t nb_sectors;
1506
1507 /* XXX: send interrupt too */
1508 bdrv_get_geometry(s->bs, &nb_sectors);
1509 s->nb_sectors = nb_sectors;
1510}
1511
c2ff060f
FB		 1512static void ide_cmd_lba48_transform(IDEState *s, int lba48)
1513{
1514 s->lba48 = lba48;
1515
1516 /* handle the 'magic' 0 nsector count conversion here. to avoid
1517 * fiddling with the rest of the read logic, we just store the
1518 * full sector count in ->nsector and ignore ->hob_nsector from now
1519 */
1520 if (!s->lba48) {
1521 if (!s->nsector)
1522 s->nsector = 256;
1523 } else {
1524 if (!s->nsector && !s->hob_nsector)
1525 s->nsector = 65536;
1526 else {
1527 int lo = s->nsector;
1528 int hi = s->hob_nsector;
1529
1530 s->nsector = (hi << 8) | lo;
1531 }
1532 }
1533}
1534
1535static void ide_clear_hob(IDEState *ide_if)
1536{
1537 /* any write clears HOB high bit of device control register */
1538 ide_if[0].select &= ~(1 << 7);
1539 ide_if[1].select &= ~(1 << 7);
1540}
1541
caed8802
FB		 1542static void ide_ioport_write(void *opaque, uint32_t addr, uint32_t val)
1543{
1544 IDEState *ide_if = opaque;
c45c3d00 1545 IDEState *s;
5391d806 1546 int unit, n;
c2ff060f 1547 int lba48 = 0;
5391d806
FB		 1548
1549#ifdef DEBUG_IDE
1550 printf("IDE: write addr=0x%x val=0x%02x\n", addr, val);
1551#endif
c2ff060f 1552
5391d806
FB		 1553 addr &= 7;
1554 switch(addr) {
1555 case 0:
1556 break;
1557 case 1:
c2ff060f 1558 ide_clear_hob(ide_if);
c45c3d00 1559 /* NOTE: data is written to the two drives */
c2ff060f
FB		 1560 ide_if[0].hob_feature = ide_if[0].feature;
1561 ide_if[1].hob_feature = ide_if[1].feature;
c45c3d00
FB		 1562 ide_if[0].feature = val;
1563 ide_if[1].feature = val;
5391d806
FB		 1564 break;
1565 case 2:
c2ff060f
FB		 1566 ide_clear_hob(ide_if);
1567 ide_if[0].hob_nsector = ide_if[0].nsector;
1568 ide_if[1].hob_nsector = ide_if[1].nsector;
c45c3d00
FB		 1569 ide_if[0].nsector = val;
1570 ide_if[1].nsector = val;
5391d806
FB		 1571 break;
1572 case 3:
c2ff060f
FB		 1573 ide_clear_hob(ide_if);
1574 ide_if[0].hob_sector = ide_if[0].sector;
1575 ide_if[1].hob_sector = ide_if[1].sector;
c45c3d00
FB		 1576 ide_if[0].sector = val;
1577 ide_if[1].sector = val;
5391d806
FB		 1578 break;
1579 case 4:
c2ff060f
FB		 1580 ide_clear_hob(ide_if);
1581 ide_if[0].hob_lcyl = ide_if[0].lcyl;
1582 ide_if[1].hob_lcyl = ide_if[1].lcyl;
c45c3d00
FB		 1583 ide_if[0].lcyl = val;
1584 ide_if[1].lcyl = val;
5391d806
FB		 1585 break;
1586 case 5:
c2ff060f
FB		 1587 ide_clear_hob(ide_if);
1588 ide_if[0].hob_hcyl = ide_if[0].hcyl;
1589 ide_if[1].hob_hcyl = ide_if[1].hcyl;
c45c3d00
FB		 1590 ide_if[0].hcyl = val;
1591 ide_if[1].hcyl = val;
5391d806
FB		 1592 break;
1593 case 6:
c2ff060f 1594 /* FIXME: HOB readback uses bit 7 */
7ae98627
FB		 1595 ide_if[0].select = (val & ~0x10) | 0xa0;
1596 ide_if[1].select = (val | 0x10) | 0xa0;
5391d806
FB		 1597 /* select drive */
1598 unit = (val >> 4) & 1;
1599 s = ide_if + unit;
1600 ide_if->cur_drive = s;
5391d806
FB		 1601 break;
1602 default:
1603 case 7:
1604 /* command */
1605#if defined(DEBUG_IDE)
1606 printf("ide: CMD=%02x\n", val);
1607#endif
c45c3d00 1608 s = ide_if->cur_drive;
66201e2d
FB		 1609 /* ignore commands to non existant slave */
1610 if (s != ide_if && !s->bs)
1611 break;
c2ff060f 1612
5391d806
FB		 1613 switch(val) {
1614 case WIN_IDENTIFY:
1615 if (s->bs && !s->is_cdrom) {
1616 ide_identify(s);
2a282056 1617 s->status = READY_STAT | SEEK_STAT;
5391d806
FB		 1618 ide_transfer_start(s, s->io_buffer, 512, ide_transfer_stop);
1619 } else {
1620 if (s->is_cdrom) {
1621 ide_set_signature(s);
1622 }
1623 ide_abort_command(s);
1624 }
1625 ide_set_irq(s);
1626 break;
1627 case WIN_SPECIFY:
1628 case WIN_RECAL:
a136e5a8 1629 s->error = 0;
769bec72 1630 s->status = READY_STAT | SEEK_STAT;
5391d806
FB		 1631 ide_set_irq(s);
1632 break;
1633 case WIN_SETMULT:
292eef5a 1634 if ((s->nsector & 0xff) > MAX_MULT_SECTORS ||
5391d806
FB		 1635 s->nsector == 0 ||
1636 (s->nsector & (s->nsector - 1)) != 0) {
1637 ide_abort_command(s);
1638 } else {
292eef5a 1639 s->mult_sectors = s->nsector & 0xff;
5391d806
FB		 1640 s->status = READY_STAT;
1641 }
1642 ide_set_irq(s);
1643 break;
c2ff060f
FB		 1644 case WIN_VERIFY_EXT:
1645 lba48 = 1;
4ce900b4
FB		 1646 case WIN_VERIFY:
1647 case WIN_VERIFY_ONCE:
1648 /* do sector number check ? */
c2ff060f 1649 ide_cmd_lba48_transform(s, lba48);
4ce900b4
FB		 1650 s->status = READY_STAT;
1651 ide_set_irq(s);
1652 break;
c2ff060f
FB		 1653 case WIN_READ_EXT:
1654 lba48 = 1;
5391d806
FB		 1655 case WIN_READ:
1656 case WIN_READ_ONCE:
6b136f9e
FB		 1657 if (!s->bs)
1658 goto abort_cmd;
c2ff060f 1659 ide_cmd_lba48_transform(s, lba48);
5391d806
FB		 1660 s->req_nb_sectors = 1;
1661 ide_sector_read(s);
1662 break;
c2ff060f
FB		 1663 case WIN_WRITE_EXT:
1664 lba48 = 1;
5391d806
FB		 1665 case WIN_WRITE:
1666 case WIN_WRITE_ONCE:
c2ff060f 1667 ide_cmd_lba48_transform(s, lba48);
a136e5a8 1668 s->error = 0;
f66723fa 1669 s->status = SEEK_STAT | READY_STAT;
5391d806
FB		 1670 s->req_nb_sectors = 1;
1671 ide_transfer_start(s, s->io_buffer, 512, ide_sector_write);
1672 break;
c2ff060f
FB		 1673 case WIN_MULTREAD_EXT:
1674 lba48 = 1;
5391d806
FB		 1675 case WIN_MULTREAD:
1676 if (!s->mult_sectors)
1677 goto abort_cmd;
c2ff060f 1678 ide_cmd_lba48_transform(s, lba48);
5391d806
FB		 1679 s->req_nb_sectors = s->mult_sectors;
1680 ide_sector_read(s);
1681 break;
c2ff060f
FB		 1682 case WIN_MULTWRITE_EXT:
1683 lba48 = 1;
5391d806
FB		 1684 case WIN_MULTWRITE:
1685 if (!s->mult_sectors)
1686 goto abort_cmd;
c2ff060f 1687 ide_cmd_lba48_transform(s, lba48);
a136e5a8 1688 s->error = 0;
f66723fa 1689 s->status = SEEK_STAT | READY_STAT;
5391d806
FB		 1690 s->req_nb_sectors = s->mult_sectors;
1691 n = s->nsector;
1692 if (n > s->req_nb_sectors)
1693 n = s->req_nb_sectors;
1694 ide_transfer_start(s, s->io_buffer, 512 * n, ide_sector_write);
1695 break;
c2ff060f
FB		 1696 case WIN_READDMA_EXT:
1697 lba48 = 1;
98087450
FB		 1698 case WIN_READDMA:
1699 case WIN_READDMA_ONCE:
1700 if (!s->bs)
1701 goto abort_cmd;
c2ff060f 1702 ide_cmd_lba48_transform(s, lba48);
98087450
FB		 1703 ide_sector_read_dma(s);
1704 break;
c2ff060f
FB		 1705 case WIN_WRITEDMA_EXT:
1706 lba48 = 1;
98087450
FB		 1707 case WIN_WRITEDMA:
1708 case WIN_WRITEDMA_ONCE:
1709 if (!s->bs)
1710 goto abort_cmd;
c2ff060f 1711 ide_cmd_lba48_transform(s, lba48);
98087450
FB		 1712 ide_sector_write_dma(s);
1713 break;
c2ff060f
FB		 1714 case WIN_READ_NATIVE_MAX_EXT:
1715 lba48 = 1;
5391d806 1716 case WIN_READ_NATIVE_MAX:
c2ff060f 1717 ide_cmd_lba48_transform(s, lba48);
5391d806
FB		 1718 ide_set_sector(s, s->nb_sectors - 1);
1719 s->status = READY_STAT;
1720 ide_set_irq(s);
1721 break;
a136e5a8
FB		 1722 case WIN_CHECKPOWERMODE1:
1723 s->nsector = 0xff; /* device active or idle */
1724 s->status = READY_STAT;
1725 ide_set_irq(s);
1726 break;
34e538ae
FB		 1727 case WIN_SETFEATURES:
1728 if (!s->bs)
1729 goto abort_cmd;
1730 /* XXX: valid for CDROM ? */
1731 switch(s->feature) {
1732 case 0x02: /* write cache enable */
1733 case 0x82: /* write cache disable */
1734 case 0xaa: /* read look-ahead enable */
1735 case 0x55: /* read look-ahead disable */
e0fe67aa 1736 s->status = READY_STAT | SEEK_STAT;
34e538ae
FB		 1737 ide_set_irq(s);
1738 break;
94458802
FB		 1739 case 0x03: { /* set transfer mode */
1740 uint8_t val = s->nsector & 0x07;
1741
1742 switch (s->nsector >> 3) {
1743 case 0x00: /* pio default */
1744 case 0x01: /* pio mode */
1745 put_le16(s->identify_data + 63,0x07);
1746 put_le16(s->identify_data + 88,0x3f);
1747 break;
1748 case 0x04: /* mdma mode */
1749 put_le16(s->identify_data + 63,0x07 | (1 << (val + 8)));
1750 put_le16(s->identify_data + 88,0x3f);
1751 break;
1752 case 0x08: /* udma mode */
1753 put_le16(s->identify_data + 63,0x07);
1754 put_le16(s->identify_data + 88,0x3f | (1 << (val + 8)));
1755 break;
1756 default:
1757 goto abort_cmd;
1758 }
1759 s->status = READY_STAT | SEEK_STAT;
1760 ide_set_irq(s);
1761 break;
1762 }
34e538ae
FB		 1763 default:
1764 goto abort_cmd;
1765 }
1766 break;
c2ff060f
FB		 1767 case WIN_FLUSH_CACHE:
1768 case WIN_FLUSH_CACHE_EXT:
7a6cba61
PB		 1769 if (s->bs)
1770 bdrv_flush(s->bs);
1771 s->status = READY_STAT;
1772 ide_set_irq(s);
1773 break;
a7dfe172 1774 case WIN_STANDBYNOW1:
c451ee71 1775 case WIN_IDLEIMMEDIATE:
a7dfe172
FB		 1776 s->status = READY_STAT;
1777 ide_set_irq(s);
1778 break;
5391d806
FB		 1779 /* ATAPI commands */
1780 case WIN_PIDENTIFY:
1781 if (s->is_cdrom) {
1782 ide_atapi_identify(s);
1298fe63 1783 s->status = READY_STAT | SEEK_STAT;
5391d806
FB		 1784 ide_transfer_start(s, s->io_buffer, 512, ide_transfer_stop);
1785 } else {
1786 ide_abort_command(s);
1787 }
1788 ide_set_irq(s);
1789 break;
c451ee71
FB		 1790 case WIN_DIAGNOSE:
1791 ide_set_signature(s);
1792 s->status = 0x00; /* NOTE: READY is _not_ set */
1793 s->error = 0x01;
1794 break;
5391d806
FB		 1795 case WIN_SRST:
1796 if (!s->is_cdrom)
1797 goto abort_cmd;
1798 ide_set_signature(s);
6b136f9e 1799 s->status = 0x00; /* NOTE: READY is _not_ set */
5391d806
FB		 1800 s->error = 0x01;
1801 break;
1802 case WIN_PACKETCMD:
1803 if (!s->is_cdrom)
1804 goto abort_cmd;
98087450
FB		 1805 /* overlapping commands not supported */
1806 if (s->feature & 0x02)
5391d806 1807 goto abort_cmd;
98087450 1808 s->atapi_dma = s->feature & 1;
5391d806
FB		 1809 s->nsector = 1;
1810 ide_transfer_start(s, s->io_buffer, ATAPI_PACKET_SIZE,
1811 ide_atapi_cmd);
1812 break;
1813 default:
1814 abort_cmd:
1815 ide_abort_command(s);
1816 ide_set_irq(s);
1817 break;
1818 }
1819 }
1820}
1821
caed8802 1822static uint32_t ide_ioport_read(void *opaque, uint32_t addr1)
5391d806 1823{
7ae98627
FB		 1824 IDEState *ide_if = opaque;
1825 IDEState *s = ide_if->cur_drive;
5391d806 1826 uint32_t addr;
c2ff060f 1827 int ret, hob;
5391d806
FB		 1828
1829 addr = addr1 & 7;
c2ff060f
FB		 1830 /* FIXME: HOB readback uses bit 7, but it's always set right now */
1831 //hob = s->select & (1 << 7);
1832 hob = 0;
5391d806
FB		 1833 switch(addr) {
1834 case 0:
1835 ret = 0xff;
1836 break;
1837 case 1:
7ae98627 1838 if (!ide_if[0].bs && !ide_if[1].bs)
c45c3d00 1839 ret = 0;
c2ff060f 1840 else if (!hob)
c45c3d00 1841 ret = s->error;
c2ff060f
FB		 1842 else
1843 ret = s->hob_feature;
5391d806
FB		 1844 break;
1845 case 2:
7ae98627 1846 if (!ide_if[0].bs && !ide_if[1].bs)
c45c3d00 1847 ret = 0;
c2ff060f 1848 else if (!hob)
c45c3d00 1849 ret = s->nsector & 0xff;
c2ff060f
FB		 1850 else
1851 ret = s->hob_nsector;
5391d806
FB		 1852 break;
1853 case 3:
7ae98627 1854 if (!ide_if[0].bs && !ide_if[1].bs)
c45c3d00 1855 ret = 0;
c2ff060f 1856 else if (!hob)
c45c3d00 1857 ret = s->sector;
c2ff060f
FB		 1858 else
1859 ret = s->hob_sector;
5391d806
FB		 1860 break;
1861 case 4:
7ae98627 1862 if (!ide_if[0].bs && !ide_if[1].bs)
c45c3d00 1863 ret = 0;
c2ff060f 1864 else if (!hob)
c45c3d00 1865 ret = s->lcyl;
c2ff060f
FB		 1866 else
1867 ret = s->hob_lcyl;
5391d806
FB		 1868 break;
1869 case 5:
7ae98627 1870 if (!ide_if[0].bs && !ide_if[1].bs)
c45c3d00 1871 ret = 0;
c2ff060f 1872 else if (!hob)
c45c3d00 1873 ret = s->hcyl;
c2ff060f
FB		 1874 else
1875 ret = s->hob_hcyl;
5391d806
FB		 1876 break;
1877 case 6:
7ae98627 1878 if (!ide_if[0].bs && !ide_if[1].bs)
c45c3d00
FB		 1879 ret = 0;
1880 else
7ae98627 1881 ret = s->select;
5391d806
FB		 1882 break;
1883 default:
1884 case 7:
66201e2d
FB		 1885 if ((!ide_if[0].bs && !ide_if[1].bs) ||
1886 (s != ide_if && !s->bs))
c45c3d00
FB		 1887 ret = 0;
1888 else
1889 ret = s->status;
5457c8ce 1890 s->set_irq(s->irq_opaque, s->irq, 0);
5391d806
FB		 1891 break;
1892 }
1893#ifdef DEBUG_IDE
1894 printf("ide: read addr=0x%x val=%02x\n", addr1, ret);
1895#endif
1896 return ret;
1897}
1898
caed8802 1899static uint32_t ide_status_read(void *opaque, uint32_t addr)
5391d806 1900{
7ae98627
FB		 1901 IDEState *ide_if = opaque;
1902 IDEState *s = ide_if->cur_drive;
5391d806 1903 int ret;
7ae98627 1904
66201e2d
FB		 1905 if ((!ide_if[0].bs && !ide_if[1].bs) ||
1906 (s != ide_if && !s->bs))
7ae98627
FB		 1907 ret = 0;
1908 else
1909 ret = s->status;
5391d806
FB		 1910#ifdef DEBUG_IDE
1911 printf("ide: read status addr=0x%x val=%02x\n", addr, ret);
1912#endif
1913 return ret;
1914}
1915
caed8802 1916static void ide_cmd_write(void *opaque, uint32_t addr, uint32_t val)
5391d806 1917{
caed8802 1918 IDEState *ide_if = opaque;
5391d806
FB		 1919 IDEState *s;
1920 int i;
1921
1922#ifdef DEBUG_IDE
1923 printf("ide: write control addr=0x%x val=%02x\n", addr, val);
1924#endif
1925 /* common for both drives */
1926 if (!(ide_if[0].cmd & IDE_CMD_RESET) &&
1927 (val & IDE_CMD_RESET)) {
1928 /* reset low to high */
1929 for(i = 0;i < 2; i++) {
1930 s = &ide_if[i];
1931 s->status = BUSY_STAT | SEEK_STAT;
1932 s->error = 0x01;
1933 }
1934 } else if ((ide_if[0].cmd & IDE_CMD_RESET) &&
1935 !(val & IDE_CMD_RESET)) {
1936 /* high to low */
1937 for(i = 0;i < 2; i++) {
1938 s = &ide_if[i];
6b136f9e
FB		 1939 if (s->is_cdrom)
1940 s->status = 0x00; /* NOTE: READY is _not_ set */
1941 else
56bf1d37 1942 s->status = READY_STAT | SEEK_STAT;
5391d806
FB		 1943 ide_set_signature(s);
1944 }
1945 }
1946
1947 ide_if[0].cmd = val;
1948 ide_if[1].cmd = val;
1949}
1950
caed8802 1951static void ide_data_writew(void *opaque, uint32_t addr, uint32_t val)
5391d806 1952{
caed8802 1953 IDEState *s = ((IDEState *)opaque)->cur_drive;
5391d806
FB		 1954 uint8_t *p;
1955
1956 p = s->data_ptr;
0c4ad8dc 1957 *(uint16_t *)p = le16_to_cpu(val);
5391d806
FB		 1958 p += 2;
1959 s->data_ptr = p;
1960 if (p >= s->data_end)
1961 s->end_transfer_func(s);
1962}
1963
caed8802 1964static uint32_t ide_data_readw(void *opaque, uint32_t addr)
5391d806 1965{
caed8802 1966 IDEState *s = ((IDEState *)opaque)->cur_drive;
5391d806
FB		 1967 uint8_t *p;
1968 int ret;
1969 p = s->data_ptr;
0c4ad8dc 1970 ret = cpu_to_le16(*(uint16_t *)p);
5391d806
FB		 1971 p += 2;
1972 s->data_ptr = p;
1973 if (p >= s->data_end)
1974 s->end_transfer_func(s);
1975 return ret;
1976}
1977
caed8802 1978static void ide_data_writel(void *opaque, uint32_t addr, uint32_t val)
5391d806 1979{
caed8802 1980 IDEState *s = ((IDEState *)opaque)->cur_drive;
5391d806
FB		 1981 uint8_t *p;
1982
1983 p = s->data_ptr;
0c4ad8dc 1984 *(uint32_t *)p = le32_to_cpu(val);
5391d806
FB		 1985 p += 4;
1986 s->data_ptr = p;
1987 if (p >= s->data_end)
1988 s->end_transfer_func(s);
1989}
1990
caed8802 1991static uint32_t ide_data_readl(void *opaque, uint32_t addr)
5391d806 1992{
caed8802 1993 IDEState *s = ((IDEState *)opaque)->cur_drive;
5391d806
FB		 1994 uint8_t *p;
1995 int ret;
1996
1997 p = s->data_ptr;
0c4ad8dc 1998 ret = cpu_to_le32(*(uint32_t *)p);
5391d806
FB		 1999 p += 4;
2000 s->data_ptr = p;
2001 if (p >= s->data_end)
2002 s->end_transfer_func(s);
2003 return ret;
2004}
2005
a7dfe172
FB		 2006static void ide_dummy_transfer_stop(IDEState *s)
2007{
2008 s->data_ptr = s->io_buffer;
2009 s->data_end = s->io_buffer;
2010 s->io_buffer[0] = 0xff;
2011 s->io_buffer[1] = 0xff;
2012 s->io_buffer[2] = 0xff;
2013 s->io_buffer[3] = 0xff;
2014}
2015
5391d806
FB		 2016static void ide_reset(IDEState *s)
2017{
2018 s->mult_sectors = MAX_MULT_SECTORS;
2019 s->cur_drive = s;
2020 s->select = 0xa0;
2021 s->status = READY_STAT;
2022 ide_set_signature(s);
a7dfe172
FB		 2023 /* init the transfer handler so that 0xffff is returned on data
2024 accesses */
2025 s->end_transfer_func = ide_dummy_transfer_stop;
2026 ide_dummy_transfer_stop(s);
5391d806
FB		 2027}
2028
2029struct partition {
2030 uint8_t boot_ind; /* 0x80 - active */
2031 uint8_t head; /* starting head */
2032 uint8_t sector; /* starting sector */
2033 uint8_t cyl; /* starting cylinder */
2034 uint8_t sys_ind; /* What partition type */
2035 uint8_t end_head; /* end head */
2036 uint8_t end_sector; /* end sector */
2037 uint8_t end_cyl; /* end cylinder */
2038 uint32_t start_sect; /* starting sector counting from 0 */
2039 uint32_t nr_sects; /* nr of sectors in partition */
2040} __attribute__((packed));
2041
bf1b938f
FB		 2042/* try to guess the disk logical geometry from the MSDOS partition table. Return 0 if OK, -1 if could not guess */
2043static int guess_disk_lchs(IDEState *s,
2044 int *pcylinders, int *pheads, int *psectors)
5391d806
FB		 2045{
2046 uint8_t buf[512];
46d4767d 2047 int ret, i, heads, sectors, cylinders;
5391d806
FB		 2048 struct partition *p;
2049 uint32_t nr_sects;
2050
5391d806
FB		 2051 ret = bdrv_read(s->bs, 0, buf, 1);
2052 if (ret < 0)
bf1b938f 2053 return -1;
5391d806
FB		 2054 /* test msdos magic */
2055 if (buf[510] != 0x55 || buf[511] != 0xaa)
bf1b938f 2056 return -1;
5391d806
FB		 2057 for(i = 0; i < 4; i++) {
2058 p = ((struct partition *)(buf + 0x1be)) + i;
0c4ad8dc 2059 nr_sects = le32_to_cpu(p->nr_sects);
5391d806
FB		 2060 if (nr_sects && p->end_head) {
2061 /* We make the assumption that the partition terminates on
2062 a cylinder boundary */
46d4767d 2063 heads = p->end_head + 1;
46d4767d
FB		 2064 sectors = p->end_sector & 63;
2065 if (sectors == 0)
2066 continue;
2067 cylinders = s->nb_sectors / (heads * sectors);
2068 if (cylinders < 1 || cylinders > 16383)
2069 continue;
bf1b938f
FB		 2070 *pheads = heads;
2071 *psectors = sectors;
2072 *pcylinders = cylinders;
5391d806 2073#if 0
bf1b938f
FB		 2074 printf("guessed geometry: LCHS=%d %d %d\n",
2075 cylinders, heads, sectors);
5391d806 2076#endif
bf1b938f 2077 return 0;
5391d806
FB		 2078 }
2079 }
bf1b938f 2080 return -1;
5391d806
FB		 2081}
2082
5457c8ce
FB		 2083static void ide_init2(IDEState *ide_state,
2084 BlockDriverState *hd0, BlockDriverState *hd1,
2085 SetIRQFunc *set_irq, void *irq_opaque, int irq)
5391d806 2086{
69b91039 2087 IDEState *s;
aedf5382 2088 static int drive_serial = 1;
4dbb0f50 2089 int i, cylinders, heads, secs, translation, lba_detected = 0;
5391d806 2090 int64_t nb_sectors;
5391d806 2091
caed8802
FB		 2092 for(i = 0; i < 2; i++) {
2093 s = ide_state + i;
2094 if (i == 0)
2095 s->bs = hd0;
2096 else
2097 s->bs = hd1;
5391d806
FB		 2098 if (s->bs) {
2099 bdrv_get_geometry(s->bs, &nb_sectors);
2100 s->nb_sectors = nb_sectors;
caed8802
FB		 2101 /* if a geometry hint is available, use it */
2102 bdrv_get_geometry_hint(s->bs, &cylinders, &heads, &secs);
4dbb0f50 2103 translation = bdrv_get_translation_hint(s->bs);
caed8802 2104 if (cylinders != 0) {
5391d806 2105 s->cylinders = cylinders;
caed8802
FB		 2106 s->heads = heads;
2107 s->sectors = secs;
2108 } else {
bf1b938f
FB		 2109 if (guess_disk_lchs(s, &cylinders, &heads, &secs) == 0) {
2110 if (heads > 16) {
2111 /* if heads > 16, it means that a BIOS LBA
2112 translation was active, so the default
2113 hardware geometry is OK */
4dbb0f50 2114 lba_detected = 1;
bf1b938f
FB		 2115 goto default_geometry;
2116 } else {
2117 s->cylinders = cylinders;
2118 s->heads = heads;
2119 s->sectors = secs;
2120 /* disable any translation to be in sync with
2121 the logical geometry */
bf1b938f
FB		 2122 if (translation == BIOS_ATA_TRANSLATION_AUTO) {
2123 bdrv_set_translation_hint(s->bs,
2124 BIOS_ATA_TRANSLATION_NONE);
2125 }
2126 }
2127 } else {
2128 default_geometry:
46d4767d 2129 /* if no geometry, use a standard physical disk geometry */
caed8802
FB		 2130 cylinders = nb_sectors / (16 * 63);
2131 if (cylinders > 16383)
2132 cylinders = 16383;
2133 else if (cylinders < 2)
2134 cylinders = 2;
2135 s->cylinders = cylinders;
2136 s->heads = 16;
2137 s->sectors = 63;
4dbb0f50
TS		 2138 if ((lba_detected == 1) && (translation == BIOS_ATA_TRANSLATION_AUTO)) {
2139 if ((s->cylinders * s->heads) <= 131072) {
2140 bdrv_set_translation_hint(s->bs,
2141 BIOS_ATA_TRANSLATION_LARGE);
2142 } else {
2143 bdrv_set_translation_hint(s->bs,
2144 BIOS_ATA_TRANSLATION_LBA);
2145 }
2146 }
caed8802 2147 }
769bec72 2148 bdrv_set_geometry_hint(s->bs, s->cylinders, s->heads, s->sectors);
caed8802
FB		 2149 }
2150 if (bdrv_get_type_hint(s->bs) == BDRV_TYPE_CDROM) {
2151 s->is_cdrom = 1;
bd491d6a 2152 bdrv_set_change_cb(s->bs, cdrom_change_cb, s);
5391d806
FB		 2153 }
2154 }
aedf5382 2155 s->drive_serial = drive_serial++;
5457c8ce
FB		 2156 s->set_irq = set_irq;
2157 s->irq_opaque = irq_opaque;
caed8802 2158 s->irq = irq;
a09db21f
FB		 2159 s->sector_write_timer = qemu_new_timer(vm_clock,
2160 ide_sector_write_timer_cb, s);
5391d806
FB		 2161 ide_reset(s);
2162 }
69b91039
FB		 2163}
2164
34e538ae 2165static void ide_init_ioport(IDEState *ide_state, int iobase, int iobase2)
69b91039 2166{
caed8802
FB		 2167 register_ioport_write(iobase, 8, 1, ide_ioport_write, ide_state);
2168 register_ioport_read(iobase, 8, 1, ide_ioport_read, ide_state);
2169 if (iobase2) {
2170 register_ioport_read(iobase2, 1, 1, ide_status_read, ide_state);
2171 register_ioport_write(iobase2, 1, 1, ide_cmd_write, ide_state);
5391d806 2172 }
caed8802
FB		 2173
2174 /* data ports */
2175 register_ioport_write(iobase, 2, 2, ide_data_writew, ide_state);
2176 register_ioport_read(iobase, 2, 2, ide_data_readw, ide_state);
2177 register_ioport_write(iobase, 4, 4, ide_data_writel, ide_state);
2178 register_ioport_read(iobase, 4, 4, ide_data_readl, ide_state);
5391d806 2179}
69b91039 2180
34e538ae
FB		 2181/***********************************************************/
2182/* ISA IDE definitions */
2183
2184void isa_ide_init(int iobase, int iobase2, int irq,
2185 BlockDriverState *hd0, BlockDriverState *hd1)
2186{
2187 IDEState *ide_state;
2188
2189 ide_state = qemu_mallocz(sizeof(IDEState) * 2);
2190 if (!ide_state)
2191 return;
2192
3de388f6 2193 ide_init2(ide_state, hd0, hd1, pic_set_irq_new, isa_pic, irq);
34e538ae
FB		 2194 ide_init_ioport(ide_state, iobase, iobase2);
2195}
2196
69b91039
FB		 2197/***********************************************************/
2198/* PCI IDE definitions */
2199
5457c8ce
FB		 2200static void cmd646_update_irq(PCIIDEState *d);
2201
69b91039
FB		 2202static void ide_map(PCIDevice *pci_dev, int region_num,
2203 uint32_t addr, uint32_t size, int type)
2204{
2205 PCIIDEState *d = (PCIIDEState *)pci_dev;
2206 IDEState *ide_state;
2207
2208 if (region_num <= 3) {
2209 ide_state = &d->ide_if[(region_num >> 1) * 2];
2210 if (region_num & 1) {
2211 register_ioport_read(addr + 2, 1, 1, ide_status_read, ide_state);
2212 register_ioport_write(addr + 2, 1, 1, ide_cmd_write, ide_state);
2213 } else {
2214 register_ioport_write(addr, 8, 1, ide_ioport_write, ide_state);
2215 register_ioport_read(addr, 8, 1, ide_ioport_read, ide_state);
2216
2217 /* data ports */
2218 register_ioport_write(addr, 2, 2, ide_data_writew, ide_state);
2219 register_ioport_read(addr, 2, 2, ide_data_readw, ide_state);
2220 register_ioport_write(addr, 4, 4, ide_data_writel, ide_state);
2221 register_ioport_read(addr, 4, 4, ide_data_readl, ide_state);
2222 }
2223 }
2224}
2225
8ccad811 2226static void ide_dma_start(IDEState *s, BlockDriverCompletionFunc *dma_cb)
98087450
FB		 2227{
2228 BMDMAState *bm = s->bmdma;
2229 if(!bm)
2230 return;
2231 bm->ide_if = s;
2232 bm->dma_cb = dma_cb;
8ccad811
FB		 2233 bm->cur_prd_last = 0;
2234 bm->cur_prd_addr = 0;
2235 bm->cur_prd_len = 0;
98087450 2236 if (bm->status & BM_STATUS_DMAING) {
8ccad811 2237 bm->dma_cb(bm, 0);
98087450
FB		 2238 }
2239}
2240
98087450
FB		 2241static void bmdma_cmd_writeb(void *opaque, uint32_t addr, uint32_t val)
2242{
2243 BMDMAState *bm = opaque;
2244#ifdef DEBUG_IDE
2245 printf("%s: 0x%08x\n", __func__, val);
2246#endif
2247 if (!(val & BM_CMD_START)) {
2248 /* XXX: do it better */
8ccad811
FB		 2249 if (bm->status & BM_STATUS_DMAING) {
2250 bm->status &= ~BM_STATUS_DMAING;
2251 /* cancel DMA request */
2252 bm->ide_if = NULL;
2253 bm->dma_cb = NULL;
2254 if (bm->aiocb) {
2255#ifdef DEBUG_AIO
2256 printf("aio_cancel\n");
2257#endif
2258 bdrv_aio_cancel(bm->aiocb);
2259 bm->aiocb = NULL;
2260 }
2261 }
98087450
FB		 2262 bm->cmd = val & 0x09;
2263 } else {
8ccad811
FB		 2264 if (!(bm->status & BM_STATUS_DMAING)) {
2265 bm->status |= BM_STATUS_DMAING;
2266 /* start dma transfer if possible */
2267 if (bm->dma_cb)
2268 bm->dma_cb(bm, 0);
2269 }
98087450 2270 bm->cmd = val & 0x09;
98087450
FB		 2271 }
2272}
2273
5457c8ce 2274static uint32_t bmdma_readb(void *opaque, uint32_t addr)
98087450
FB		 2275{
2276 BMDMAState *bm = opaque;
5457c8ce 2277 PCIIDEState *pci_dev;
98087450 2278 uint32_t val;
5457c8ce
FB		 2279
2280 switch(addr & 3) {
2281 case 0:
2282 val = bm->cmd;
2283 break;
2284 case 1:
2285 pci_dev = bm->pci_dev;
2286 if (pci_dev->type == IDE_TYPE_CMD646) {
2287 val = pci_dev->dev.config[MRDMODE];
2288 } else {
2289 val = 0xff;
2290 }
2291 break;
2292 case 2:
2293 val = bm->status;
2294 break;
2295 case 3:
2296 pci_dev = bm->pci_dev;
2297 if (pci_dev->type == IDE_TYPE_CMD646) {
2298 if (bm == &pci_dev->bmdma[0])
2299 val = pci_dev->dev.config[UDIDETCR0];
2300 else
2301 val = pci_dev->dev.config[UDIDETCR1];
2302 } else {
2303 val = 0xff;
2304 }
2305 break;
2306 default:
2307 val = 0xff;
2308 break;
2309 }
98087450 2310#ifdef DEBUG_IDE
5457c8ce 2311 printf("bmdma: readb 0x%02x : 0x%02x\n", addr, val);
98087450
FB		 2312#endif
2313 return val;
2314}
2315
5457c8ce 2316static void bmdma_writeb(void *opaque, uint32_t addr, uint32_t val)
98087450
FB		 2317{
2318 BMDMAState *bm = opaque;
5457c8ce 2319 PCIIDEState *pci_dev;
98087450 2320#ifdef DEBUG_IDE
5457c8ce 2321 printf("bmdma: writeb 0x%02x : 0x%02x\n", addr, val);
98087450 2322#endif
5457c8ce
FB		 2323 switch(addr & 3) {
2324 case 1:
2325 pci_dev = bm->pci_dev;
2326 if (pci_dev->type == IDE_TYPE_CMD646) {
2327 pci_dev->dev.config[MRDMODE] =
2328 (pci_dev->dev.config[MRDMODE] & ~0x30) | (val & 0x30);
2329 cmd646_update_irq(pci_dev);
2330 }
2331 break;
2332 case 2:
2333 bm->status = (val & 0x60) | (bm->status & 1) | (bm->status & ~val & 0x06);
2334 break;
2335 case 3:
2336 pci_dev = bm->pci_dev;
2337 if (pci_dev->type == IDE_TYPE_CMD646) {
2338 if (bm == &pci_dev->bmdma[0])
2339 pci_dev->dev.config[UDIDETCR0] = val;
2340 else
2341 pci_dev->dev.config[UDIDETCR1] = val;
2342 }
2343 break;
2344 }
98087450
FB		 2345}
2346
2347static uint32_t bmdma_addr_readl(void *opaque, uint32_t addr)
2348{
2349 BMDMAState *bm = opaque;
2350 uint32_t val;
2351 val = bm->addr;
2352#ifdef DEBUG_IDE
2353 printf("%s: 0x%08x\n", __func__, val);
2354#endif
2355 return val;
2356}
2357
2358static void bmdma_addr_writel(void *opaque, uint32_t addr, uint32_t val)
2359{
2360 BMDMAState *bm = opaque;
2361#ifdef DEBUG_IDE
2362 printf("%s: 0x%08x\n", __func__, val);
2363#endif
2364 bm->addr = val & ~3;
30c4bbac 2365 bm->cur_addr = bm->addr;
98087450
FB		 2366}
2367
2368static void bmdma_map(PCIDevice *pci_dev, int region_num,
2369 uint32_t addr, uint32_t size, int type)
2370{
2371 PCIIDEState *d = (PCIIDEState *)pci_dev;
2372 int i;
2373
2374 for(i = 0;i < 2; i++) {
2375 BMDMAState *bm = &d->bmdma[i];
2376 d->ide_if[2 * i].bmdma = bm;
2377 d->ide_if[2 * i + 1].bmdma = bm;
5457c8ce
FB		 2378 bm->pci_dev = (PCIIDEState *)pci_dev;
2379
98087450 2380 register_ioport_write(addr, 1, 1, bmdma_cmd_writeb, bm);
98087450 2381
5457c8ce
FB		 2382 register_ioport_write(addr + 1, 3, 1, bmdma_writeb, bm);
2383 register_ioport_read(addr, 4, 1, bmdma_readb, bm);
98087450
FB		 2384
2385 register_ioport_write(addr + 4, 4, 4, bmdma_addr_writel, bm);
2386 register_ioport_read(addr + 4, 4, 4, bmdma_addr_readl, bm);
2387 addr += 8;
2388 }
2389}
2390
5457c8ce
FB		 2391/* XXX: call it also when the MRDMODE is changed from the PCI config
2392 registers */
2393static void cmd646_update_irq(PCIIDEState *d)
2394{
2395 int pci_level;
2396 pci_level = ((d->dev.config[MRDMODE] & MRDMODE_INTR_CH0) &&
2397 !(d->dev.config[MRDMODE] & MRDMODE_BLK_CH0)) ||
2398 ((d->dev.config[MRDMODE] & MRDMODE_INTR_CH1) &&
2399 !(d->dev.config[MRDMODE] & MRDMODE_BLK_CH1));
2400 pci_set_irq((PCIDevice *)d, 0, pci_level);
2401}
2402
2403/* the PCI irq level is the logical OR of the two channels */
2404static void cmd646_set_irq(void *opaque, int channel, int level)
2405{
2406 PCIIDEState *d = opaque;
2407 int irq_mask;
2408
2409 irq_mask = MRDMODE_INTR_CH0 << channel;
2410 if (level)
2411 d->dev.config[MRDMODE] |= irq_mask;
2412 else
2413 d->dev.config[MRDMODE] &= ~irq_mask;
2414 cmd646_update_irq(d);
2415}
2416
2417/* CMD646 PCI IDE controller */
2418void pci_cmd646_ide_init(PCIBus *bus, BlockDriverState **hd_table,
2419 int secondary_ide_enabled)
69b91039
FB		 2420{
2421 PCIIDEState *d;
2422 uint8_t *pci_conf;
34e538ae
FB		 2423 int i;
2424
5457c8ce
FB		 2425 d = (PCIIDEState *)pci_register_device(bus, "CMD646 IDE",
2426 sizeof(PCIIDEState),
46e50e9d 2427 -1,
73c11f63 2428 NULL, NULL);
5457c8ce 2429 d->type = IDE_TYPE_CMD646;
69b91039 2430 pci_conf = d->dev.config;
5457c8ce
FB		 2431 pci_conf[0x00] = 0x95; // CMD646
2432 pci_conf[0x01] = 0x10;
2433 pci_conf[0x02] = 0x46;
2434 pci_conf[0x03] = 0x06;
2435
2436 pci_conf[0x08] = 0x07; // IDE controller revision
2437 pci_conf[0x09] = 0x8f;
2438
69b91039
FB		 2439 pci_conf[0x0a] = 0x01; // class_sub = PCI_IDE
2440 pci_conf[0x0b] = 0x01; // class_base = PCI_mass_storage
5457c8ce
FB		 2441 pci_conf[0x0e] = 0x00; // header_type
2442
2443 if (secondary_ide_enabled) {
2444 /* XXX: if not enabled, really disable the seconday IDE controller */
2445 pci_conf[0x51] = 0x80; /* enable IDE1 */
2446 }
69b91039
FB		 2447
2448 pci_register_io_region((PCIDevice *)d, 0, 0x8,
2449 PCI_ADDRESS_SPACE_IO, ide_map);
2450 pci_register_io_region((PCIDevice *)d, 1, 0x4,
2451 PCI_ADDRESS_SPACE_IO, ide_map);
2452 pci_register_io_region((PCIDevice *)d, 2, 0x8,
2453 PCI_ADDRESS_SPACE_IO, ide_map);
2454 pci_register_io_region((PCIDevice *)d, 3, 0x4,
2455 PCI_ADDRESS_SPACE_IO, ide_map);
98087450
FB		 2456 pci_register_io_region((PCIDevice *)d, 4, 0x10,
2457 PCI_ADDRESS_SPACE_IO, bmdma_map);
69b91039 2458
34e538ae 2459 pci_conf[0x3d] = 0x01; // interrupt on pin 1
5457c8ce 2460
34e538ae
FB		 2461 for(i = 0; i < 4; i++)
2462 d->ide_if[i].pci_dev = (PCIDevice *)d;
5457c8ce
FB		 2463 ide_init2(&d->ide_if[0], hd_table[0], hd_table[1],
2464 cmd646_set_irq, d, 0);
2465 ide_init2(&d->ide_if[2], hd_table[2], hd_table[3],
2466 cmd646_set_irq, d, 1);
34e538ae
FB		 2467}
2468
c3d78997
FB		 2469static void pci_ide_save(QEMUFile* f, void *opaque)
2470{
2471 PCIIDEState *d = opaque;
2472 int i;
2473
2474 pci_device_save(&d->dev, f);
2475
2476 for(i = 0; i < 2; i++) {
2477 BMDMAState *bm = &d->bmdma[i];
2478 qemu_put_8s(f, &bm->cmd);
2479 qemu_put_8s(f, &bm->status);
2480 qemu_put_be32s(f, &bm->addr);
2481 /* XXX: if a transfer is pending, we do not save it yet */
2482 }
2483
2484 /* per IDE interface data */
2485 for(i = 0; i < 2; i++) {
2486 IDEState *s = &d->ide_if[i * 2];
2487 uint8_t drive1_selected;
2488 qemu_put_8s(f, &s->cmd);
2489 drive1_selected = (s->cur_drive != s);
2490 qemu_put_8s(f, &drive1_selected);
2491 }
2492
2493 /* per IDE drive data */
2494 for(i = 0; i < 4; i++) {
2495 IDEState *s = &d->ide_if[i];
2496 qemu_put_be32s(f, &s->mult_sectors);
2497 qemu_put_be32s(f, &s->identify_set);
2498 if (s->identify_set) {
2499 qemu_put_buffer(f, (const uint8_t *)s->identify_data, 512);
2500 }
2501 qemu_put_8s(f, &s->feature);
2502 qemu_put_8s(f, &s->error);
2503 qemu_put_be32s(f, &s->nsector);
2504 qemu_put_8s(f, &s->sector);
2505 qemu_put_8s(f, &s->lcyl);
2506 qemu_put_8s(f, &s->hcyl);
2507 qemu_put_8s(f, &s->hob_feature);
2508 qemu_put_8s(f, &s->hob_nsector);
2509 qemu_put_8s(f, &s->hob_sector);
2510 qemu_put_8s(f, &s->hob_lcyl);
2511 qemu_put_8s(f, &s->hob_hcyl);
2512 qemu_put_8s(f, &s->select);
2513 qemu_put_8s(f, &s->status);
2514 qemu_put_8s(f, &s->lba48);
2515
2516 qemu_put_8s(f, &s->sense_key);
2517 qemu_put_8s(f, &s->asc);
2518 /* XXX: if a transfer is pending, we do not save it yet */
2519 }
2520}
2521
2522static int pci_ide_load(QEMUFile* f, void *opaque, int version_id)
2523{
2524 PCIIDEState *d = opaque;
2525 int ret, i;
2526
2527 if (version_id != 1)
2528 return -EINVAL;
2529 ret = pci_device_load(&d->dev, f);
2530 if (ret < 0)
2531 return ret;
2532
2533 for(i = 0; i < 2; i++) {
2534 BMDMAState *bm = &d->bmdma[i];
2535 qemu_get_8s(f, &bm->cmd);
2536 qemu_get_8s(f, &bm->status);
2537 qemu_get_be32s(f, &bm->addr);
2538 /* XXX: if a transfer is pending, we do not save it yet */
2539 }
2540
2541 /* per IDE interface data */
2542 for(i = 0; i < 2; i++) {
2543 IDEState *s = &d->ide_if[i * 2];
2544 uint8_t drive1_selected;
2545 qemu_get_8s(f, &s->cmd);
2546 qemu_get_8s(f, &drive1_selected);
2547 s->cur_drive = &d->ide_if[i * 2 + (drive1_selected != 0)];
2548 }
2549
2550 /* per IDE drive data */
2551 for(i = 0; i < 4; i++) {
2552 IDEState *s = &d->ide_if[i];
2553 qemu_get_be32s(f, &s->mult_sectors);
2554 qemu_get_be32s(f, &s->identify_set);
2555 if (s->identify_set) {
2556 qemu_get_buffer(f, (uint8_t *)s->identify_data, 512);
2557 }
2558 qemu_get_8s(f, &s->feature);
2559 qemu_get_8s(f, &s->error);
2560 qemu_get_be32s(f, &s->nsector);
2561 qemu_get_8s(f, &s->sector);
2562 qemu_get_8s(f, &s->lcyl);
2563 qemu_get_8s(f, &s->hcyl);
2564 qemu_get_8s(f, &s->hob_feature);
2565 qemu_get_8s(f, &s->hob_nsector);
2566 qemu_get_8s(f, &s->hob_sector);
2567 qemu_get_8s(f, &s->hob_lcyl);
2568 qemu_get_8s(f, &s->hob_hcyl);
2569 qemu_get_8s(f, &s->select);
2570 qemu_get_8s(f, &s->status);
2571 qemu_get_8s(f, &s->lba48);
2572
2573 qemu_get_8s(f, &s->sense_key);
2574 qemu_get_8s(f, &s->asc);
2575 /* XXX: if a transfer is pending, we do not save it yet */
2576 }
2577 return 0;
2578}
2579
e6a71ae3
TS		 2580static void piix3_reset(PCIIDEState *d)
2581{
2582 uint8_t *pci_conf = d->dev.config;
2583
2584 pci_conf[0x04] = 0x00;
2585 pci_conf[0x05] = 0x00;
2586 pci_conf[0x06] = 0x80; /* FBC */
2587 pci_conf[0x07] = 0x02; // PCI_status_devsel_medium
2588 pci_conf[0x20] = 0x01; /* BMIBA: 20-23h */
2589}
2590
2591void pci_piix_ide_init(PCIBus *bus, BlockDriverState **hd_table, int devfn)
2592{
2593 PCIIDEState *d;
2594 uint8_t *pci_conf;
2595
2596 /* register a function 1 of PIIX */
2597 d = (PCIIDEState *)pci_register_device(bus, "PIIX IDE",
2598 sizeof(PCIIDEState),
2599 devfn,
2600 NULL, NULL);
2601 d->type = IDE_TYPE_PIIX3;
2602
2603 pci_conf = d->dev.config;
2604 pci_conf[0x00] = 0x86; // Intel
2605 pci_conf[0x01] = 0x80;
2606 pci_conf[0x02] = 0x30;
2607 pci_conf[0x03] = 0x12;
2608 pci_conf[0x08] = 0x02; // Step A1
2609 pci_conf[0x09] = 0x80; // legacy ATA mode
2610 pci_conf[0x0a] = 0x01; // class_sub = PCI_IDE
2611 pci_conf[0x0b] = 0x01; // class_base = PCI_mass_storage
2612 pci_conf[0x0e] = 0x00; // header_type
2613
2614 piix3_reset(d);
2615
2616 pci_register_io_region((PCIDevice *)d, 4, 0x10,
2617 PCI_ADDRESS_SPACE_IO, bmdma_map);
2618
2619 ide_init2(&d->ide_if[0], hd_table[0], hd_table[1],
2620 pic_set_irq_new, isa_pic, 14);
2621 ide_init2(&d->ide_if[2], hd_table[2], hd_table[3],
2622 pic_set_irq_new, isa_pic, 15);
2623 ide_init_ioport(&d->ide_if[0], 0x1f0, 0x3f6);
2624 ide_init_ioport(&d->ide_if[2], 0x170, 0x376);
2625
2626 register_savevm("ide", 0, 1, pci_ide_save, pci_ide_load, d);
2627}
2628
34e538ae
FB		 2629/* hd_table must contain 4 block drivers */
2630/* NOTE: for the PIIX3, the IRQs and IOports are hardcoded */
502a5395 2631void pci_piix3_ide_init(PCIBus *bus, BlockDriverState **hd_table, int devfn)
34e538ae
FB		 2632{
2633 PCIIDEState *d;
2634 uint8_t *pci_conf;
2635
2636 /* register a function 1 of PIIX3 */
46e50e9d
FB		 2637 d = (PCIIDEState *)pci_register_device(bus, "PIIX3 IDE",
2638 sizeof(PCIIDEState),
502a5395 2639 devfn,
34e538ae 2640 NULL, NULL);
5457c8ce
FB		 2641 d->type = IDE_TYPE_PIIX3;
2642
34e538ae
FB		 2643 pci_conf = d->dev.config;
2644 pci_conf[0x00] = 0x86; // Intel
2645 pci_conf[0x01] = 0x80;
2646 pci_conf[0x02] = 0x10;
2647 pci_conf[0x03] = 0x70;
92510b8c 2648 pci_conf[0x09] = 0x80; // legacy ATA mode
34e538ae
FB		 2649 pci_conf[0x0a] = 0x01; // class_sub = PCI_IDE
2650 pci_conf[0x0b] = 0x01; // class_base = PCI_mass_storage
2651 pci_conf[0x0e] = 0x00; // header_type
2652
e6a71ae3
TS		 2653 piix3_reset(d);
2654
98087450
FB		 2655 pci_register_io_region((PCIDevice *)d, 4, 0x10,
2656 PCI_ADDRESS_SPACE_IO, bmdma_map);
34e538ae 2657
5457c8ce 2658 ide_init2(&d->ide_if[0], hd_table[0], hd_table[1],
3de388f6 2659 pic_set_irq_new, isa_pic, 14);
5457c8ce 2660 ide_init2(&d->ide_if[2], hd_table[2], hd_table[3],
3de388f6 2661 pic_set_irq_new, isa_pic, 15);
34e538ae
FB		 2662 ide_init_ioport(&d->ide_if[0], 0x1f0, 0x3f6);
2663 ide_init_ioport(&d->ide_if[2], 0x170, 0x376);
c3d78997
FB		 2664
2665 register_savevm("ide", 0, 1, pci_ide_save, pci_ide_load, d);
69b91039 2666}
1ade1de2
FB		 2667
2668/***********************************************************/
2669/* MacIO based PowerPC IDE */
2670
2671/* PowerMac IDE memory IO */
2672static void pmac_ide_writeb (void *opaque,
2673 target_phys_addr_t addr, uint32_t val)
2674{
2675 addr = (addr & 0xFFF) >> 4;
2676 switch (addr) {
2677 case 1 ... 7:
2678 ide_ioport_write(opaque, addr, val);
2679 break;
2680 case 8:
2681 case 22:
2682 ide_cmd_write(opaque, 0, val);
2683 break;
2684 default:
2685 break;
2686 }
2687}
2688
2689static uint32_t pmac_ide_readb (void *opaque,target_phys_addr_t addr)
2690{
2691 uint8_t retval;
2692
2693 addr = (addr & 0xFFF) >> 4;
2694 switch (addr) {
2695 case 1 ... 7:
2696 retval = ide_ioport_read(opaque, addr);
2697 break;
2698 case 8:
2699 case 22:
2700 retval = ide_status_read(opaque, 0);
2701 break;
2702 default:
2703 retval = 0xFF;
2704 break;
2705 }
2706 return retval;
2707}
2708
2709static void pmac_ide_writew (void *opaque,
2710 target_phys_addr_t addr, uint32_t val)
2711{
2712 addr = (addr & 0xFFF) >> 4;
2713#ifdef TARGET_WORDS_BIGENDIAN
2714 val = bswap16(val);
2715#endif
2716 if (addr == 0) {
2717 ide_data_writew(opaque, 0, val);
2718 }
2719}
2720
2721static uint32_t pmac_ide_readw (void *opaque,target_phys_addr_t addr)
2722{
2723 uint16_t retval;
2724
2725 addr = (addr & 0xFFF) >> 4;
2726 if (addr == 0) {
2727 retval = ide_data_readw(opaque, 0);
2728 } else {
2729 retval = 0xFFFF;
2730 }
2731#ifdef TARGET_WORDS_BIGENDIAN
2732 retval = bswap16(retval);
2733#endif
2734 return retval;
2735}
2736
2737static void pmac_ide_writel (void *opaque,
2738 target_phys_addr_t addr, uint32_t val)
2739{
2740 addr = (addr & 0xFFF) >> 4;
2741#ifdef TARGET_WORDS_BIGENDIAN
2742 val = bswap32(val);
2743#endif
2744 if (addr == 0) {
2745 ide_data_writel(opaque, 0, val);
2746 }
2747}
2748
2749static uint32_t pmac_ide_readl (void *opaque,target_phys_addr_t addr)
2750{
2751 uint32_t retval;
2752
2753 addr = (addr & 0xFFF) >> 4;
2754 if (addr == 0) {
2755 retval = ide_data_readl(opaque, 0);
2756 } else {
2757 retval = 0xFFFFFFFF;
2758 }
2759#ifdef TARGET_WORDS_BIGENDIAN
2760 retval = bswap32(retval);
2761#endif
2762 return retval;
2763}
2764
2765static CPUWriteMemoryFunc *pmac_ide_write[] = {
2766 pmac_ide_writeb,
2767 pmac_ide_writew,
2768 pmac_ide_writel,
2769};
2770
2771static CPUReadMemoryFunc *pmac_ide_read[] = {
2772 pmac_ide_readb,
2773 pmac_ide_readw,
2774 pmac_ide_readl,
2775};
2776
2777/* hd_table must contain 4 block drivers */
2778/* PowerMac uses memory mapped registers, not I/O. Return the memory
2779 I/O index to access the ide. */
2780int pmac_ide_init (BlockDriverState **hd_table,
5457c8ce 2781 SetIRQFunc *set_irq, void *irq_opaque, int irq)
1ade1de2
FB		 2782{
2783 IDEState *ide_if;
2784 int pmac_ide_memory;
2785
2786 ide_if = qemu_mallocz(sizeof(IDEState) * 2);
5457c8ce
FB		 2787 ide_init2(&ide_if[0], hd_table[0], hd_table[1],
2788 set_irq, irq_opaque, irq);
1ade1de2
FB		 2789
2790 pmac_ide_memory = cpu_register_io_memory(0, pmac_ide_read,
2791 pmac_ide_write, &ide_if[0]);
2792 return pmac_ide_memory;
2793}
QEMU mirror