]> git.proxmox.com Git - qemu.git/blame - hw/ide.c
projects / qemu.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Vectored block device API (Avi Kivity)
[qemu.git] / hw / ide.c
CommitLineData
5391d806 1/*
38cdea7c 2 * QEMU IDE disk and CD/DVD-ROM Emulator
5fafdf24 3 *
5391d806 4 * Copyright (c) 2003 Fabrice Bellard
201a51fc 5 * Copyright (c) 2006 Openedhand Ltd.
5fafdf24 6 *
5391d806
FB		 7 * Permission is hereby granted, free of charge, to any person obtaining a copy
8 * of this software and associated documentation files (the "Software"), to deal
9 * in the Software without restriction, including without limitation the rights
10 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
11 * copies of the Software, and to permit persons to whom the Software is
12 * furnished to do so, subject to the following conditions:
13 *
14 * The above copyright notice and this permission notice shall be included in
15 * all copies or substantial portions of the Software.
16 *
17 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
18 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
19 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
20 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
21 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
22 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
23 * THE SOFTWARE.
24 */
87ecb68b
PB		 25#include "hw.h"
26#include "pc.h"
27#include "pci.h"
28#include "scsi-disk.h"
29#include "pcmcia.h"
30#include "block.h"
31#include "qemu-timer.h"
32#include "sysemu.h"
9596ebb7 33#include "ppc_mac.h"
b79e1752 34#include "sh.h"
5391d806 35
5391d806
FB		 36/* debug IDE devices */
37//#define DEBUG_IDE
38//#define DEBUG_IDE_ATAPI
8ccad811
FB		 39//#define DEBUG_AIO
40#define USE_DMA_CDROM
5391d806
FB		 41
42/* Bits of HD_STATUS */
43#define ERR_STAT 0x01
44#define INDEX_STAT 0x02
45#define ECC_STAT 0x04 /* Corrected error */
46#define DRQ_STAT 0x08
47#define SEEK_STAT 0x10
48#define SRV_STAT 0x10
49#define WRERR_STAT 0x20
50#define READY_STAT 0x40
51#define BUSY_STAT 0x80
52
53/* Bits for HD_ERROR */
54#define MARK_ERR 0x01 /* Bad address mark */
55#define TRK0_ERR 0x02 /* couldn't find track 0 */
56#define ABRT_ERR 0x04 /* Command aborted */
57#define MCR_ERR 0x08 /* media change request */
58#define ID_ERR 0x10 /* ID field not found */
59#define MC_ERR 0x20 /* media changed */
60#define ECC_ERR 0x40 /* Uncorrectable ECC error */
61#define BBD_ERR 0x80 /* pre-EIDE meaning: block marked bad */
62#define ICRC_ERR 0x80 /* new meaning: CRC error during transfer */
63
64/* Bits of HD_NSECTOR */
65#define CD 0x01
66#define IO 0x02
67#define REL 0x04
68#define TAG_MASK 0xf8
69
70#define IDE_CMD_RESET 0x04
71#define IDE_CMD_DISABLE_IRQ 0x02
72
73/* ATA/ATAPI Commands pre T13 Spec */
74#define WIN_NOP 0x00
75/*
76 * 0x01->0x02 Reserved
77 */
78#define CFA_REQ_EXT_ERROR_CODE 0x03 /* CFA Request Extended Error Code */
79/*
80 * 0x04->0x07 Reserved
81 */
82#define WIN_SRST 0x08 /* ATAPI soft reset command */
83#define WIN_DEVICE_RESET 0x08
84/*
85 * 0x09->0x0F Reserved
86 */
87#define WIN_RECAL 0x10
88#define WIN_RESTORE WIN_RECAL
89/*
90 * 0x10->0x1F Reserved
91 */
92#define WIN_READ 0x20 /* 28-Bit */
93#define WIN_READ_ONCE 0x21 /* 28-Bit without retries */
94#define WIN_READ_LONG 0x22 /* 28-Bit */
95#define WIN_READ_LONG_ONCE 0x23 /* 28-Bit without retries */
96#define WIN_READ_EXT 0x24 /* 48-Bit */
97#define WIN_READDMA_EXT 0x25 /* 48-Bit */
98#define WIN_READDMA_QUEUED_EXT 0x26 /* 48-Bit */
99#define WIN_READ_NATIVE_MAX_EXT 0x27 /* 48-Bit */
100/*
101 * 0x28
102 */
103#define WIN_MULTREAD_EXT 0x29 /* 48-Bit */
104/*
105 * 0x2A->0x2F Reserved
106 */
107#define WIN_WRITE 0x30 /* 28-Bit */
108#define WIN_WRITE_ONCE 0x31 /* 28-Bit without retries */
109#define WIN_WRITE_LONG 0x32 /* 28-Bit */
110#define WIN_WRITE_LONG_ONCE 0x33 /* 28-Bit without retries */
111#define WIN_WRITE_EXT 0x34 /* 48-Bit */
112#define WIN_WRITEDMA_EXT 0x35 /* 48-Bit */
113#define WIN_WRITEDMA_QUEUED_EXT 0x36 /* 48-Bit */
114#define WIN_SET_MAX_EXT 0x37 /* 48-Bit */
115#define CFA_WRITE_SECT_WO_ERASE 0x38 /* CFA Write Sectors without erase */
116#define WIN_MULTWRITE_EXT 0x39 /* 48-Bit */
117/*
118 * 0x3A->0x3B Reserved
119 */
120#define WIN_WRITE_VERIFY 0x3C /* 28-Bit */
121/*
122 * 0x3D->0x3F Reserved
123 */
124#define WIN_VERIFY 0x40 /* 28-Bit - Read Verify Sectors */
125#define WIN_VERIFY_ONCE 0x41 /* 28-Bit - without retries */
126#define WIN_VERIFY_EXT 0x42 /* 48-Bit */
127/*
128 * 0x43->0x4F Reserved
129 */
130#define WIN_FORMAT 0x50
131/*
132 * 0x51->0x5F Reserved
133 */
134#define WIN_INIT 0x60
135/*
136 * 0x61->0x5F Reserved
137 */
138#define WIN_SEEK 0x70 /* 0x70-0x7F Reserved */
139#define CFA_TRANSLATE_SECTOR 0x87 /* CFA Translate Sector */
140#define WIN_DIAGNOSE 0x90
141#define WIN_SPECIFY 0x91 /* set drive geometry translation */
142#define WIN_DOWNLOAD_MICROCODE 0x92
143#define WIN_STANDBYNOW2 0x94
201a51fc 144#define CFA_IDLEIMMEDIATE 0x95 /* force drive to become "ready" */
5391d806
FB		 145#define WIN_STANDBY2 0x96
146#define WIN_SETIDLE2 0x97
147#define WIN_CHECKPOWERMODE2 0x98
148#define WIN_SLEEPNOW2 0x99
149/*
150 * 0x9A VENDOR
151 */
152#define WIN_PACKETCMD 0xA0 /* Send a packet command. */
153#define WIN_PIDENTIFY 0xA1 /* identify ATAPI device */
154#define WIN_QUEUED_SERVICE 0xA2
155#define WIN_SMART 0xB0 /* self-monitoring and reporting */
201a51fc
AZ		 156#define CFA_ACCESS_METADATA_STORAGE 0xB8
157#define CFA_ERASE_SECTORS 0xC0 /* microdrives implement as NOP */
5391d806
FB		 158#define WIN_MULTREAD 0xC4 /* read sectors using multiple mode*/
159#define WIN_MULTWRITE 0xC5 /* write sectors using multiple mode */
160#define WIN_SETMULT 0xC6 /* enable/disable multiple mode */
161#define WIN_READDMA_QUEUED 0xC7 /* read sectors using Queued DMA transfers */
162#define WIN_READDMA 0xC8 /* read sectors using DMA transfers */
163#define WIN_READDMA_ONCE 0xC9 /* 28-Bit - without retries */
164#define WIN_WRITEDMA 0xCA /* write sectors using DMA transfers */
165#define WIN_WRITEDMA_ONCE 0xCB /* 28-Bit - without retries */
166#define WIN_WRITEDMA_QUEUED 0xCC /* write sectors using Queued DMA transfers */
167#define CFA_WRITE_MULTI_WO_ERASE 0xCD /* CFA Write multiple without erase */
5fafdf24 168#define WIN_GETMEDIASTATUS 0xDA
5391d806
FB		 169#define WIN_ACKMEDIACHANGE 0xDB /* ATA-1, ATA-2 vendor */
170#define WIN_POSTBOOT 0xDC
171#define WIN_PREBOOT 0xDD
172#define WIN_DOORLOCK 0xDE /* lock door on removable drives */
173#define WIN_DOORUNLOCK 0xDF /* unlock door on removable drives */
174#define WIN_STANDBYNOW1 0xE0
175#define WIN_IDLEIMMEDIATE 0xE1 /* force drive to become "ready" */
176#define WIN_STANDBY 0xE2 /* Set device in Standby Mode */
177#define WIN_SETIDLE1 0xE3
178#define WIN_READ_BUFFER 0xE4 /* force read only 1 sector */
179#define WIN_CHECKPOWERMODE1 0xE5
180#define WIN_SLEEPNOW1 0xE6
181#define WIN_FLUSH_CACHE 0xE7
182#define WIN_WRITE_BUFFER 0xE8 /* force write only 1 sector */
183#define WIN_WRITE_SAME 0xE9 /* read ata-2 to use */
184 /* SET_FEATURES 0x22 or 0xDD */
185#define WIN_FLUSH_CACHE_EXT 0xEA /* 48-Bit */
186#define WIN_IDENTIFY 0xEC /* ask drive to identify itself */
187#define WIN_MEDIAEJECT 0xED
188#define WIN_IDENTIFY_DMA 0xEE /* same as WIN_IDENTIFY, but DMA */
189#define WIN_SETFEATURES 0xEF /* set special drive features */
190#define EXABYTE_ENABLE_NEST 0xF0
201a51fc 191#define IBM_SENSE_CONDITION 0xF0 /* measure disk temperature */
5391d806
FB		 192#define WIN_SECURITY_SET_PASS 0xF1
193#define WIN_SECURITY_UNLOCK 0xF2
194#define WIN_SECURITY_ERASE_PREPARE 0xF3
195#define WIN_SECURITY_ERASE_UNIT 0xF4
196#define WIN_SECURITY_FREEZE_LOCK 0xF5
201a51fc 197#define CFA_WEAR_LEVEL 0xF5 /* microdrives implement as NOP */
5391d806
FB		 198#define WIN_SECURITY_DISABLE 0xF6
199#define WIN_READ_NATIVE_MAX 0xF8 /* return the native maximum address */
200#define WIN_SET_MAX 0xF9
201#define DISABLE_SEAGATE 0xFB
202
203/* set to 1 set disable mult support */
f66723fa 204#define MAX_MULT_SECTORS 16
5391d806 205
1d8cde5b
AJ		 206#define IDE_DMA_BUF_SECTORS 256
207
208#if (IDE_DMA_BUF_SECTORS < MAX_MULT_SECTORS)
209#error "IDE_DMA_BUF_SECTORS must be bigger or equal to MAX_MULT_SECTORS"
210#endif
211
5391d806
FB		 212/* ATAPI defines */
213
214#define ATAPI_PACKET_SIZE 12
215
216/* The generic packet command opcodes for CD/DVD Logical Units,
217 * From Table 57 of the SFF8090 Ver. 3 (Mt. Fuji) draft standard. */
218#define GPCMD_BLANK 0xa1
219#define GPCMD_CLOSE_TRACK 0x5b
220#define GPCMD_FLUSH_CACHE 0x35
221#define GPCMD_FORMAT_UNIT 0x04
222#define GPCMD_GET_CONFIGURATION 0x46
223#define GPCMD_GET_EVENT_STATUS_NOTIFICATION 0x4a
224#define GPCMD_GET_PERFORMANCE 0xac
225#define GPCMD_INQUIRY 0x12
226#define GPCMD_LOAD_UNLOAD 0xa6
227#define GPCMD_MECHANISM_STATUS 0xbd
228#define GPCMD_MODE_SELECT_10 0x55
229#define GPCMD_MODE_SENSE_10 0x5a
230#define GPCMD_PAUSE_RESUME 0x4b
231#define GPCMD_PLAY_AUDIO_10 0x45
232#define GPCMD_PLAY_AUDIO_MSF 0x47
233#define GPCMD_PLAY_AUDIO_TI 0x48
234#define GPCMD_PLAY_CD 0xbc
235#define GPCMD_PREVENT_ALLOW_MEDIUM_REMOVAL 0x1e
236#define GPCMD_READ_10 0x28
237#define GPCMD_READ_12 0xa8
238#define GPCMD_READ_CDVD_CAPACITY 0x25
239#define GPCMD_READ_CD 0xbe
240#define GPCMD_READ_CD_MSF 0xb9
241#define GPCMD_READ_DISC_INFO 0x51
242#define GPCMD_READ_DVD_STRUCTURE 0xad
243#define GPCMD_READ_FORMAT_CAPACITIES 0x23
244#define GPCMD_READ_HEADER 0x44
245#define GPCMD_READ_TRACK_RZONE_INFO 0x52
246#define GPCMD_READ_SUBCHANNEL 0x42
247#define GPCMD_READ_TOC_PMA_ATIP 0x43
248#define GPCMD_REPAIR_RZONE_TRACK 0x58
249#define GPCMD_REPORT_KEY 0xa4
250#define GPCMD_REQUEST_SENSE 0x03
251#define GPCMD_RESERVE_RZONE_TRACK 0x53
252#define GPCMD_SCAN 0xba
253#define GPCMD_SEEK 0x2b
254#define GPCMD_SEND_DVD_STRUCTURE 0xad
255#define GPCMD_SEND_EVENT 0xa2
256#define GPCMD_SEND_KEY 0xa3
257#define GPCMD_SEND_OPC 0x54
258#define GPCMD_SET_READ_AHEAD 0xa7
259#define GPCMD_SET_STREAMING 0xb6
260#define GPCMD_START_STOP_UNIT 0x1b
261#define GPCMD_STOP_PLAY_SCAN 0x4e
262#define GPCMD_TEST_UNIT_READY 0x00
263#define GPCMD_VERIFY_10 0x2f
264#define GPCMD_WRITE_10 0x2a
265#define GPCMD_WRITE_AND_VERIFY_10 0x2e
5fafdf24 266/* This is listed as optional in ATAPI 2.6, but is (curiously)
5391d806
FB		 267 * missing from Mt. Fuji, Table 57. It _is_ mentioned in Mt. Fuji
268 * Table 377 as an MMC command for SCSi devices though... Most ATAPI
269 * drives support it. */
270#define GPCMD_SET_SPEED 0xbb
5fafdf24 271/* This seems to be a SCSI specific CD-ROM opcode
5391d806
FB		 272 * to play data at track/index */
273#define GPCMD_PLAYAUDIO_TI 0x48
274/*
275 * From MS Media Status Notification Support Specification. For
276 * older drives only.
277 */
278#define GPCMD_GET_MEDIA_STATUS 0xda
d14049ea 279#define GPCMD_MODE_SENSE_6 0x1a
5391d806
FB		 280
281/* Mode page codes for mode sense/set */
282#define GPMODE_R_W_ERROR_PAGE 0x01
283#define GPMODE_WRITE_PARMS_PAGE 0x05
284#define GPMODE_AUDIO_CTL_PAGE 0x0e
285#define GPMODE_POWER_PAGE 0x1a
286#define GPMODE_FAULT_FAIL_PAGE 0x1c
287#define GPMODE_TO_PROTECT_PAGE 0x1d
288#define GPMODE_CAPABILITIES_PAGE 0x2a
289#define GPMODE_ALL_PAGES 0x3f
290/* Not in Mt. Fuji, but in ATAPI 2.6 -- depricated now in favor
291 * of MODE_SENSE_POWER_PAGE */
292#define GPMODE_CDROM_PAGE 0x0d
293
38cdea7c
AZ		 294/*
295 * Based on values from <linux/cdrom.h> but extending CD_MINS
296 * to the maximum common size allowed by the Orange's Book ATIP
297 *
298 * 90 and 99 min CDs are also available but using them as the
299 * upper limit reduces the effectiveness of the heuristic to
300 * detect DVDs burned to less than 25% of their maximum capacity
301 */
302
303/* Some generally useful CD-ROM information */
304#define CD_MINS 80 /* max. minutes per CD */
305#define CD_SECS 60 /* seconds per minute */
306#define CD_FRAMES 75 /* frames per second */
307#define CD_FRAMESIZE 2048 /* bytes per frame, "cooked" mode */
308#define CD_MAX_BYTES (CD_MINS * CD_SECS * CD_FRAMES * CD_FRAMESIZE)
309#define CD_MAX_SECTORS (CD_MAX_BYTES / 512)
310
311/*
312 * The MMC values are not IDE specific and might need to be moved
313 * to a common header if they are also needed for the SCSI emulation
314 */
315
316/* Profile list from MMC-6 revision 1 table 91 */
317#define MMC_PROFILE_NONE 0x0000
318#define MMC_PROFILE_CD_ROM 0x0008
319#define MMC_PROFILE_CD_R 0x0009
320#define MMC_PROFILE_CD_RW 0x000A
321#define MMC_PROFILE_DVD_ROM 0x0010
322#define MMC_PROFILE_DVD_R_SR 0x0011
323#define MMC_PROFILE_DVD_RAM 0x0012
324#define MMC_PROFILE_DVD_RW_RO 0x0013
325#define MMC_PROFILE_DVD_RW_SR 0x0014
326#define MMC_PROFILE_DVD_R_DL_SR 0x0015
327#define MMC_PROFILE_DVD_R_DL_JR 0x0016
328#define MMC_PROFILE_DVD_RW_DL 0x0017
329#define MMC_PROFILE_DVD_DDR 0x0018
330#define MMC_PROFILE_DVD_PLUS_RW 0x001A
331#define MMC_PROFILE_DVD_PLUS_R 0x001B
332#define MMC_PROFILE_DVD_PLUS_RW_DL 0x002A
333#define MMC_PROFILE_DVD_PLUS_R_DL 0x002B
334#define MMC_PROFILE_BD_ROM 0x0040
335#define MMC_PROFILE_BD_R_SRM 0x0041
336#define MMC_PROFILE_BD_R_RRM 0x0042
337#define MMC_PROFILE_BD_RE 0x0043
338#define MMC_PROFILE_HDDVD_ROM 0x0050
339#define MMC_PROFILE_HDDVD_R 0x0051
340#define MMC_PROFILE_HDDVD_RAM 0x0052
341#define MMC_PROFILE_HDDVD_RW 0x0053
342#define MMC_PROFILE_HDDVD_R_DL 0x0058
343#define MMC_PROFILE_HDDVD_RW_DL 0x005A
344#define MMC_PROFILE_INVALID 0xFFFF
345
5391d806
FB		 346#define ATAPI_INT_REASON_CD 0x01 /* 0 = data transfer */
347#define ATAPI_INT_REASON_IO 0x02 /* 1 = transfer to the host */
348#define ATAPI_INT_REASON_REL 0x04
349#define ATAPI_INT_REASON_TAG 0xf8
350
351/* same constants as bochs */
7f777bf3 352#define ASC_ILLEGAL_OPCODE 0x20
5391d806
FB		 353#define ASC_LOGICAL_BLOCK_OOR 0x21
354#define ASC_INV_FIELD_IN_CMD_PACKET 0x24
9118e7f0 355#define ASC_MEDIUM_MAY_HAVE_CHANGED 0x28
8114e9e8 356#define ASC_INCOMPATIBLE_FORMAT 0x30
5391d806
FB		 357#define ASC_MEDIUM_NOT_PRESENT 0x3a
358#define ASC_SAVING_PARAMETERS_NOT_SUPPORTED 0x39
359
201a51fc
AZ		 360#define CFA_NO_ERROR 0x00
361#define CFA_MISC_ERROR 0x09
362#define CFA_INVALID_COMMAND 0x20
363#define CFA_INVALID_ADDRESS 0x21
364#define CFA_ADDRESS_OVERFLOW 0x2f
365
5391d806
FB		 366#define SENSE_NONE 0
367#define SENSE_NOT_READY 2
368#define SENSE_ILLEGAL_REQUEST 5
369#define SENSE_UNIT_ATTENTION 6
370
371struct IDEState;
372
373typedef void EndTransferFunc(struct IDEState *);
374
caed8802 375/* NOTE: IDEState represents in fact one drive */
5391d806
FB		 376typedef struct IDEState {
377 /* ide config */
378 int is_cdrom;
201a51fc 379 int is_cf;
5391d806
FB		 380 int cylinders, heads, sectors;
381 int64_t nb_sectors;
382 int mult_sectors;
94458802
FB		 383 int identify_set;
384 uint16_t identify_data[256];
d537cf6c 385 qemu_irq irq;
34e538ae 386 PCIDevice *pci_dev;
98087450 387 struct BMDMAState *bmdma;
aedf5382 388 int drive_serial;
fa879c64 389 char drive_serial_str[21];
5391d806
FB		 390 /* ide regs */
391 uint8_t feature;
392 uint8_t error;
c2ff060f 393 uint32_t nsector;
5391d806
FB		 394 uint8_t sector;
395 uint8_t lcyl;
396 uint8_t hcyl;
c2ff060f
FB		 397 /* other part of tf for lba48 support */
398 uint8_t hob_feature;
399 uint8_t hob_nsector;
400 uint8_t hob_sector;
401 uint8_t hob_lcyl;
402 uint8_t hob_hcyl;
403
5391d806
FB		 404 uint8_t select;
405 uint8_t status;
c2ff060f 406
5391d806
FB		 407 /* 0x3f6 command, only meaningful for drive 0 */
408 uint8_t cmd;
c2ff060f
FB		 409 /* set for lba48 access */
410 uint8_t lba48;
5391d806 411 /* depends on bit 4 in select, only meaningful for drive 0 */
5fafdf24 412 struct IDEState *cur_drive;
5391d806
FB		 413 BlockDriverState *bs;
414 /* ATAPI specific */
415 uint8_t sense_key;
416 uint8_t asc;
417 int packet_transfer_size;
418 int elementary_transfer_size;
419 int io_buffer_index;
420 int lba;
98087450
FB		 421 int cd_sector_size;
422 int atapi_dma; /* true if dma is requested for the packet cmd */
423 /* ATA DMA state */
424 int io_buffer_size;
425 /* PIO transfer handling */
5391d806
FB		 426 int req_nb_sectors; /* number of sectors per interrupt */
427 EndTransferFunc *end_transfer_func;
428 uint8_t *data_ptr;
429 uint8_t *data_end;
33f00271 430 uint8_t *io_buffer;
31c2a146 431 QEMUTimer *sector_write_timer; /* only used for win2k install hack */
e774a278 432 uint32_t irq_count; /* counts IRQs when using win2k install hack */
201a51fc
AZ		 433 /* CF-ATA extended error */
434 uint8_t ext_error;
435 /* CF-ATA metadata storage */
436 uint32_t mdata_size;
437 uint8_t *mdata_storage;
438 int media_changed;
5391d806
FB		 439} IDEState;
440
8114e9e8
TS		 441/* XXX: DVDs that could fit on a CD will be reported as a CD */
442static inline int media_present(IDEState *s)
443{
444 return (s->nb_sectors > 0);
445}
446
447static inline int media_is_dvd(IDEState *s)
448{
449 return (media_present(s) && s->nb_sectors > CD_MAX_SECTORS);
450}
451
452static inline int media_is_cd(IDEState *s)
453{
454 return (media_present(s) && s->nb_sectors <= CD_MAX_SECTORS);
455}
456
98087450
FB		 457#define BM_STATUS_DMAING 0x01
458#define BM_STATUS_ERROR 0x02
459#define BM_STATUS_INT 0x04
428c5705
AL		 460#define BM_STATUS_DMA_RETRY 0x08
461#define BM_STATUS_PIO_RETRY 0x10
98087450
FB		 462
463#define BM_CMD_START 0x01
464#define BM_CMD_READ 0x08
465
5457c8ce
FB		 466#define IDE_TYPE_PIIX3 0
467#define IDE_TYPE_CMD646 1
afcc3cdf 468#define IDE_TYPE_PIIX4 2
5457c8ce
FB		 469
470/* CMD646 specific */
471#define MRDMODE 0x71
472#define MRDMODE_INTR_CH0 0x04
473#define MRDMODE_INTR_CH1 0x08
474#define MRDMODE_BLK_CH0 0x10
475#define MRDMODE_BLK_CH1 0x20
476#define UDIDETCR0 0x73
477#define UDIDETCR1 0x7B
478
98087450
FB		 479typedef struct BMDMAState {
480 uint8_t cmd;
481 uint8_t status;
482 uint32_t addr;
3b46e624 483
5457c8ce 484 struct PCIIDEState *pci_dev;
98087450 485 /* current transfer state */
8ccad811
FB		 486 uint32_t cur_addr;
487 uint32_t cur_prd_last;
488 uint32_t cur_prd_addr;
489 uint32_t cur_prd_len;
98087450 490 IDEState *ide_if;
8ccad811
FB		 491 BlockDriverCompletionFunc *dma_cb;
492 BlockDriverAIOCB *aiocb;
428c5705
AL		 493 int64_t sector_num;
494 uint32_t nsector;
98087450
FB		 495} BMDMAState;
496
497typedef struct PCIIDEState {
498 PCIDevice dev;
499 IDEState ide_if[4];
500 BMDMAState bmdma[2];
5457c8ce 501 int type; /* see IDE_TYPE_xxx */
98087450
FB		 502} PCIIDEState;
503
8ccad811 504static void ide_dma_start(IDEState *s, BlockDriverCompletionFunc *dma_cb);
428c5705 505static void ide_dma_restart(IDEState *s);
5f12ab4b 506static void ide_atapi_cmd_read_dma_cb(void *opaque, int ret);
98087450 507
5391d806
FB		 508static void padstr(char *str, const char *src, int len)
509{
510 int i, v;
511 for(i = 0; i < len; i++) {
512 if (*src)
513 v = *src++;
514 else
515 v = ' ';
69b34976 516 str[i^1] = v;
5391d806
FB		 517 }
518}
519
bd0d90b2
FB		 520static void padstr8(uint8_t *buf, int buf_size, const char *src)
521{
522 int i;
523 for(i = 0; i < buf_size; i++) {
524 if (*src)
525 buf[i] = *src++;
526 else
527 buf[i] = ' ';
528 }
529}
530
67b915a5
FB		 531static void put_le16(uint16_t *p, unsigned int v)
532{
0c4ad8dc 533 *p = cpu_to_le16(v);
67b915a5
FB		 534}
535
5391d806
FB		 536static void ide_identify(IDEState *s)
537{
538 uint16_t *p;
539 unsigned int oldsize;
540
94458802
FB		 541 if (s->identify_set) {
542 memcpy(s->io_buffer, s->identify_data, sizeof(s->identify_data));
543 return;
544 }
545
5391d806
FB		 546 memset(s->io_buffer, 0, 512);
547 p = (uint16_t *)s->io_buffer;
67b915a5 548 put_le16(p + 0, 0x0040);
5fafdf24 549 put_le16(p + 1, s->cylinders);
67b915a5
FB		 550 put_le16(p + 3, s->heads);
551 put_le16(p + 4, 512 * s->sectors); /* XXX: retired, remove ? */
552 put_le16(p + 5, 512); /* XXX: retired, remove ? */
5fafdf24 553 put_le16(p + 6, s->sectors);
fa879c64 554 padstr((char *)(p + 10), s->drive_serial_str, 20); /* serial number */
67b915a5
FB		 555 put_le16(p + 20, 3); /* XXX: retired, remove ? */
556 put_le16(p + 21, 512); /* cache size in sectors */
557 put_le16(p + 22, 4); /* ecc bytes */
60fe76f3
TS		 558 padstr((char *)(p + 23), QEMU_VERSION, 8); /* firmware version */
559 padstr((char *)(p + 27), "QEMU HARDDISK", 40); /* model */
3b46e624 560#if MAX_MULT_SECTORS > 1
67b915a5 561 put_le16(p + 47, 0x8000 | MAX_MULT_SECTORS);
5391d806 562#endif
67b915a5 563 put_le16(p + 48, 1); /* dword I/O */
94458802 564 put_le16(p + 49, (1 << 11) | (1 << 9) | (1 << 8)); /* DMA and LBA supported */
67b915a5
FB		 565 put_le16(p + 51, 0x200); /* PIO transfer cycle */
566 put_le16(p + 52, 0x200); /* DMA transfer cycle */
94458802 567 put_le16(p + 53, 1 | (1 << 1) | (1 << 2)); /* words 54-58,64-70,88 are valid */
67b915a5
FB		 568 put_le16(p + 54, s->cylinders);
569 put_le16(p + 55, s->heads);
570 put_le16(p + 56, s->sectors);
5391d806 571 oldsize = s->cylinders * s->heads * s->sectors;
67b915a5
FB		 572 put_le16(p + 57, oldsize);
573 put_le16(p + 58, oldsize >> 16);
5391d806 574 if (s->mult_sectors)
67b915a5
FB		 575 put_le16(p + 59, 0x100 | s->mult_sectors);
576 put_le16(p + 60, s->nb_sectors);
577 put_le16(p + 61, s->nb_sectors >> 16);
d1b5c20d 578 put_le16(p + 62, 0x07); /* single word dma0-2 supported */
94458802
FB		 579 put_le16(p + 63, 0x07); /* mdma0-2 supported */
580 put_le16(p + 65, 120);
581 put_le16(p + 66, 120);
582 put_le16(p + 67, 120);
583 put_le16(p + 68, 120);
584 put_le16(p + 80, 0xf0); /* ata3 -> ata6 supported */
585 put_le16(p + 81, 0x16); /* conforms to ata5 */
67b915a5 586 put_le16(p + 82, (1 << 14));
c2ff060f
FB		 587 /* 13=flush_cache_ext,12=flush_cache,10=lba48 */
588 put_le16(p + 83, (1 << 14) | (1 << 13) | (1 <<12) | (1 << 10));
67b915a5
FB		 589 put_le16(p + 84, (1 << 14));
590 put_le16(p + 85, (1 << 14));
c2ff060f
FB		 591 /* 13=flush_cache_ext,12=flush_cache,10=lba48 */
592 put_le16(p + 86, (1 << 14) | (1 << 13) | (1 <<12) | (1 << 10));
67b915a5 593 put_le16(p + 87, (1 << 14));
94458802
FB		 594 put_le16(p + 88, 0x3f | (1 << 13)); /* udma5 set and supported */
595 put_le16(p + 93, 1 | (1 << 14) | 0x2000);
c2ff060f
FB		 596 put_le16(p + 100, s->nb_sectors);
597 put_le16(p + 101, s->nb_sectors >> 16);
598 put_le16(p + 102, s->nb_sectors >> 32);
599 put_le16(p + 103, s->nb_sectors >> 48);
94458802
FB		 600
601 memcpy(s->identify_data, p, sizeof(s->identify_data));
602 s->identify_set = 1;
5391d806
FB		 603}
604
605static void ide_atapi_identify(IDEState *s)
606{
607 uint16_t *p;
608
94458802
FB		 609 if (s->identify_set) {
610 memcpy(s->io_buffer, s->identify_data, sizeof(s->identify_data));
611 return;
612 }
613
5391d806
FB		 614 memset(s->io_buffer, 0, 512);
615 p = (uint16_t *)s->io_buffer;
616 /* Removable CDROM, 50us response, 12 byte packets */
67b915a5 617 put_le16(p + 0, (2 << 14) | (5 << 8) | (1 << 7) | (2 << 5) | (0 << 0));
fa879c64 618 padstr((char *)(p + 10), s->drive_serial_str, 20); /* serial number */
67b915a5
FB		 619 put_le16(p + 20, 3); /* buffer type */
620 put_le16(p + 21, 512); /* cache size in sectors */
621 put_le16(p + 22, 4); /* ecc bytes */
60fe76f3 622 padstr((char *)(p + 23), QEMU_VERSION, 8); /* firmware version */
38cdea7c 623 padstr((char *)(p + 27), "QEMU DVD-ROM", 40); /* model */
67b915a5 624 put_le16(p + 48, 1); /* dword I/O (XXX: should not be set on CDROM) */
8ccad811
FB		 625#ifdef USE_DMA_CDROM
626 put_le16(p + 49, 1 << 9 | 1 << 8); /* DMA and LBA supported */
627 put_le16(p + 53, 7); /* words 64-70, 54-58, 88 valid */
d1b5c20d 628 put_le16(p + 62, 7); /* single word dma0-2 supported */
8ccad811
FB		 629 put_le16(p + 63, 7); /* mdma0-2 supported */
630 put_le16(p + 64, 0x3f); /* PIO modes supported */
631#else
67b915a5
FB		 632 put_le16(p + 49, 1 << 9); /* LBA supported, no DMA */
633 put_le16(p + 53, 3); /* words 64-70, 54-58 valid */
634 put_le16(p + 63, 0x103); /* DMA modes XXX: may be incorrect */
635 put_le16(p + 64, 1); /* PIO modes */
8ccad811 636#endif
67b915a5
FB		 637 put_le16(p + 65, 0xb4); /* minimum DMA multiword tx cycle time */
638 put_le16(p + 66, 0xb4); /* recommended DMA multiword tx cycle time */
639 put_le16(p + 67, 0x12c); /* minimum PIO cycle time without flow control */
640 put_le16(p + 68, 0xb4); /* minimum PIO cycle time with IORDY flow control */
94458802 641
67b915a5
FB		 642 put_le16(p + 71, 30); /* in ns */
643 put_le16(p + 72, 30); /* in ns */
5391d806 644
67b915a5 645 put_le16(p + 80, 0x1e); /* support up to ATA/ATAPI-4 */
8ccad811
FB		 646#ifdef USE_DMA_CDROM
647 put_le16(p + 88, 0x3f | (1 << 13)); /* udma5 set and supported */
648#endif
94458802
FB		 649 memcpy(s->identify_data, p, sizeof(s->identify_data));
650 s->identify_set = 1;
5391d806
FB		 651}
652
201a51fc
AZ		 653static void ide_cfata_identify(IDEState *s)
654{
655 uint16_t *p;
656 uint32_t cur_sec;
201a51fc
AZ		 657
658 p = (uint16_t *) s->identify_data;
659 if (s->identify_set)
660 goto fill_buffer;
661
662 memset(p, 0, sizeof(s->identify_data));
663
664 cur_sec = s->cylinders * s->heads * s->sectors;
665
666 put_le16(p + 0, 0x848a); /* CF Storage Card signature */
667 put_le16(p + 1, s->cylinders); /* Default cylinders */
668 put_le16(p + 3, s->heads); /* Default heads */
669 put_le16(p + 6, s->sectors); /* Default sectors per track */
670 put_le16(p + 7, s->nb_sectors >> 16); /* Sectors per card */
671 put_le16(p + 8, s->nb_sectors); /* Sectors per card */
fa879c64 672 padstr((char *)(p + 10), s->drive_serial_str, 20); /* serial number */
201a51fc 673 put_le16(p + 22, 0x0004); /* ECC bytes */
60fe76f3
TS		 674 padstr((char *) (p + 23), QEMU_VERSION, 8); /* Firmware Revision */
675 padstr((char *) (p + 27), "QEMU MICRODRIVE", 40);/* Model number */
201a51fc
AZ		 676#if MAX_MULT_SECTORS > 1
677 put_le16(p + 47, 0x8000 | MAX_MULT_SECTORS);
678#else
679 put_le16(p + 47, 0x0000);
680#endif
681 put_le16(p + 49, 0x0f00); /* Capabilities */
682 put_le16(p + 51, 0x0002); /* PIO cycle timing mode */
683 put_le16(p + 52, 0x0001); /* DMA cycle timing mode */
684 put_le16(p + 53, 0x0003); /* Translation params valid */
685 put_le16(p + 54, s->cylinders); /* Current cylinders */
686 put_le16(p + 55, s->heads); /* Current heads */
687 put_le16(p + 56, s->sectors); /* Current sectors */
688 put_le16(p + 57, cur_sec); /* Current capacity */
689 put_le16(p + 58, cur_sec >> 16); /* Current capacity */
690 if (s->mult_sectors) /* Multiple sector setting */
691 put_le16(p + 59, 0x100 | s->mult_sectors);
692 put_le16(p + 60, s->nb_sectors); /* Total LBA sectors */
693 put_le16(p + 61, s->nb_sectors >> 16); /* Total LBA sectors */
694 put_le16(p + 63, 0x0203); /* Multiword DMA capability */
695 put_le16(p + 64, 0x0001); /* Flow Control PIO support */
696 put_le16(p + 65, 0x0096); /* Min. Multiword DMA cycle */
697 put_le16(p + 66, 0x0096); /* Rec. Multiword DMA cycle */
698 put_le16(p + 68, 0x00b4); /* Min. PIO cycle time */
699 put_le16(p + 82, 0x400c); /* Command Set supported */
700 put_le16(p + 83, 0x7068); /* Command Set supported */
701 put_le16(p + 84, 0x4000); /* Features supported */
702 put_le16(p + 85, 0x000c); /* Command Set enabled */
703 put_le16(p + 86, 0x7044); /* Command Set enabled */
704 put_le16(p + 87, 0x4000); /* Features enabled */
705 put_le16(p + 91, 0x4060); /* Current APM level */
706 put_le16(p + 129, 0x0002); /* Current features option */
707 put_le16(p + 130, 0x0005); /* Reassigned sectors */
708 put_le16(p + 131, 0x0001); /* Initial power mode */
709 put_le16(p + 132, 0x0000); /* User signature */
710 put_le16(p + 160, 0x8100); /* Power requirement */
711 put_le16(p + 161, 0x8001); /* CF command set */
712
713 s->identify_set = 1;
714
715fill_buffer:
716 memcpy(s->io_buffer, p, sizeof(s->identify_data));
717}
718
5391d806
FB		 719static void ide_set_signature(IDEState *s)
720{
721 s->select &= 0xf0; /* clear head */
722 /* put signature */
723 s->nsector = 1;
724 s->sector = 1;
725 if (s->is_cdrom) {
726 s->lcyl = 0x14;
727 s->hcyl = 0xeb;
728 } else if (s->bs) {
729 s->lcyl = 0;
730 s->hcyl = 0;
731 } else {
732 s->lcyl = 0xff;
733 s->hcyl = 0xff;
734 }
735}
736
737static inline void ide_abort_command(IDEState *s)
738{
739 s->status = READY_STAT | ERR_STAT;
740 s->error = ABRT_ERR;
741}
742
5604e090
AZ		 743static inline void ide_dma_submit_check(IDEState *s,
744 BlockDriverCompletionFunc *dma_cb, BMDMAState *bm)
745{
746 if (bm->aiocb)
747 return;
748 dma_cb(bm, -1);
749}
750
5391d806
FB		 751static inline void ide_set_irq(IDEState *s)
752{
98ff7d30 753 BMDMAState *bm = s->bmdma;
5391d806 754 if (!(s->cmd & IDE_CMD_DISABLE_IRQ)) {
5457c8ce 755 if (bm) {
98ff7d30 756 bm->status |= BM_STATUS_INT;
5457c8ce 757 }
d537cf6c 758 qemu_irq_raise(s->irq);
5391d806
FB		 759 }
760}
761
762/* prepare data transfer and tell what to do after */
5fafdf24 763static void ide_transfer_start(IDEState *s, uint8_t *buf, int size,
5391d806
FB		 764 EndTransferFunc *end_transfer_func)
765{
766 s->end_transfer_func = end_transfer_func;
767 s->data_ptr = buf;
768 s->data_end = buf + size;
7603d156
TS		 769 if (!(s->status & ERR_STAT))
770 s->status |= DRQ_STAT;
5391d806
FB		 771}
772
773static void ide_transfer_stop(IDEState *s)
774{
775 s->end_transfer_func = ide_transfer_stop;
776 s->data_ptr = s->io_buffer;
777 s->data_end = s->io_buffer;
778 s->status &= ~DRQ_STAT;
779}
780
781static int64_t ide_get_sector(IDEState *s)
782{
783 int64_t sector_num;
784 if (s->select & 0x40) {
785 /* lba */
c2ff060f
FB		 786 if (!s->lba48) {
787 sector_num = ((s->select & 0x0f) << 24) | (s->hcyl << 16) |
788 (s->lcyl << 8) | s->sector;
789 } else {
790 sector_num = ((int64_t)s->hob_hcyl << 40) |
791 ((int64_t) s->hob_lcyl << 32) |
792 ((int64_t) s->hob_sector << 24) |
793 ((int64_t) s->hcyl << 16) |
794 ((int64_t) s->lcyl << 8) | s->sector;
795 }
5391d806
FB		 796 } else {
797 sector_num = ((s->hcyl << 8) | s->lcyl) * s->heads * s->sectors +
c2ff060f 798 (s->select & 0x0f) * s->sectors + (s->sector - 1);
5391d806
FB		 799 }
800 return sector_num;
801}
802
803static void ide_set_sector(IDEState *s, int64_t sector_num)
804{
805 unsigned int cyl, r;
806 if (s->select & 0x40) {
c2ff060f
FB		 807 if (!s->lba48) {
808 s->select = (s->select & 0xf0) | (sector_num >> 24);
809 s->hcyl = (sector_num >> 16);
810 s->lcyl = (sector_num >> 8);
811 s->sector = (sector_num);
812 } else {
813 s->sector = sector_num;
814 s->lcyl = sector_num >> 8;
815 s->hcyl = sector_num >> 16;
816 s->hob_sector = sector_num >> 24;
817 s->hob_lcyl = sector_num >> 32;
818 s->hob_hcyl = sector_num >> 40;
819 }
5391d806
FB		 820 } else {
821 cyl = sector_num / (s->heads * s->sectors);
822 r = sector_num % (s->heads * s->sectors);
823 s->hcyl = cyl >> 8;
824 s->lcyl = cyl;
1b8eb456 825 s->select = (s->select & 0xf0) | ((r / s->sectors) & 0x0f);
5391d806
FB		 826 s->sector = (r % s->sectors) + 1;
827 }
828}
829
e162cfb0
AZ		 830static void ide_rw_error(IDEState *s) {
831 ide_abort_command(s);
832 ide_set_irq(s);
833}
834
5391d806
FB		 835static void ide_sector_read(IDEState *s)
836{
837 int64_t sector_num;
838 int ret, n;
839
840 s->status = READY_STAT | SEEK_STAT;
a136e5a8 841 s->error = 0; /* not needed by IDE spec, but needed by Windows */
5391d806
FB		 842 sector_num = ide_get_sector(s);
843 n = s->nsector;
844 if (n == 0) {
845 /* no more sector to read from disk */
846 ide_transfer_stop(s);
847 } else {
848#if defined(DEBUG_IDE)
18c5f8ea 849 printf("read sector=%" PRId64 "\n", sector_num);
5391d806
FB		 850#endif
851 if (n > s->req_nb_sectors)
852 n = s->req_nb_sectors;
853 ret = bdrv_read(s->bs, sector_num, s->io_buffer, n);
e162cfb0
AZ		 854 if (ret != 0) {
855 ide_rw_error(s);
856 return;
857 }
5391d806
FB		 858 ide_transfer_start(s, s->io_buffer, 512 * n, ide_sector_read);
859 ide_set_irq(s);
860 ide_set_sector(s, sector_num + n);
861 s->nsector -= n;
862 }
863}
864
e162cfb0
AZ		 865static void ide_dma_error(IDEState *s)
866{
867 ide_transfer_stop(s);
868 s->error = ABRT_ERR;
869 s->status = READY_STAT | ERR_STAT;
870 ide_set_irq(s);
871}
872
428c5705
AL		 873static int ide_handle_write_error(IDEState *s, int error, int op)
874{
875 BlockInterfaceErrorAction action = drive_get_onerror(s->bs);
876
877 if (action == BLOCK_ERR_IGNORE)
878 return 0;
879
880 if ((error == ENOSPC && action == BLOCK_ERR_STOP_ENOSPC)
881 || action == BLOCK_ERR_STOP_ANY) {
882 s->bmdma->ide_if = s;
883 s->bmdma->status |= op;
884 vm_stop(0);
885 } else {
886 if (op == BM_STATUS_DMA_RETRY)
887 ide_dma_error(s);
888 else
889 ide_rw_error(s);
890 }
891
892 return 1;
893}
894
8ccad811
FB		 895/* return 0 if buffer completed */
896static int dma_buf_rw(BMDMAState *bm, int is_write)
98087450 897{
8ccad811
FB		 898 IDEState *s = bm->ide_if;
899 struct {
900 uint32_t addr;
901 uint32_t size;
902 } prd;
903 int l, len;
98087450 904
8ccad811
FB		 905 for(;;) {
906 l = s->io_buffer_size - s->io_buffer_index;
5fafdf24 907 if (l <= 0)
8ccad811
FB		 908 break;
909 if (bm->cur_prd_len == 0) {
910 /* end of table (with a fail safe of one page) */
911 if (bm->cur_prd_last ||
912 (bm->cur_addr - bm->addr) >= 4096)
913 return 0;
914 cpu_physical_memory_read(bm->cur_addr, (uint8_t *)&prd, 8);
915 bm->cur_addr += 8;
916 prd.addr = le32_to_cpu(prd.addr);
917 prd.size = le32_to_cpu(prd.size);
918 len = prd.size & 0xfffe;
919 if (len == 0)
920 len = 0x10000;
921 bm->cur_prd_len = len;
922 bm->cur_prd_addr = prd.addr;
923 bm->cur_prd_last = (prd.size & 0x80000000);
924 }
925 if (l > bm->cur_prd_len)
926 l = bm->cur_prd_len;
927 if (l > 0) {
928 if (is_write) {
5fafdf24 929 cpu_physical_memory_write(bm->cur_prd_addr,
8ccad811
FB		 930 s->io_buffer + s->io_buffer_index, l);
931 } else {
5fafdf24 932 cpu_physical_memory_read(bm->cur_prd_addr,
8ccad811
FB		 933 s->io_buffer + s->io_buffer_index, l);
934 }
935 bm->cur_prd_addr += l;
936 bm->cur_prd_len -= l;
937 s->io_buffer_index += l;
98087450 938 }
98087450 939 }
8ccad811
FB		 940 return 1;
941}
942
8ccad811
FB		 943static void ide_read_dma_cb(void *opaque, int ret)
944{
945 BMDMAState *bm = opaque;
946 IDEState *s = bm->ide_if;
947 int n;
948 int64_t sector_num;
949
e162cfb0
AZ		 950 if (ret < 0) {
951 ide_dma_error(s);
952 return;
953 }
954
8ccad811
FB		 955 n = s->io_buffer_size >> 9;
956 sector_num = ide_get_sector(s);
957 if (n > 0) {
958 sector_num += n;
959 ide_set_sector(s, sector_num);
960 s->nsector -= n;
961 if (dma_buf_rw(bm, 1) == 0)
962 goto eot;
963 }
964
965 /* end of transfer ? */
966 if (s->nsector == 0) {
98087450
FB		 967 s->status = READY_STAT | SEEK_STAT;
968 ide_set_irq(s);
8ccad811
FB		 969 eot:
970 bm->status &= ~BM_STATUS_DMAING;
971 bm->status |= BM_STATUS_INT;
972 bm->dma_cb = NULL;
973 bm->ide_if = NULL;
974 bm->aiocb = NULL;
975 return;
98087450 976 }
8ccad811
FB		 977
978 /* launch next transfer */
979 n = s->nsector;
1d8cde5b
AJ		 980 if (n > IDE_DMA_BUF_SECTORS)
981 n = IDE_DMA_BUF_SECTORS;
8ccad811
FB		 982 s->io_buffer_index = 0;
983 s->io_buffer_size = n * 512;
984#ifdef DEBUG_AIO
5df23f53 985 printf("aio_read: sector_num=%" PRId64 " n=%d\n", sector_num, n);
8ccad811 986#endif
5fafdf24 987 bm->aiocb = bdrv_aio_read(s->bs, sector_num, s->io_buffer, n,
8ccad811 988 ide_read_dma_cb, bm);
5604e090 989 ide_dma_submit_check(s, ide_read_dma_cb, bm);
98087450
FB		 990}
991
992static void ide_sector_read_dma(IDEState *s)
993{
8ccad811 994 s->status = READY_STAT | SEEK_STAT | DRQ_STAT | BUSY_STAT;
98087450
FB		 995 s->io_buffer_index = 0;
996 s->io_buffer_size = 0;
997 ide_dma_start(s, ide_read_dma_cb);
998}
999
a09db21f
FB		 1000static void ide_sector_write_timer_cb(void *opaque)
1001{
1002 IDEState *s = opaque;
1003 ide_set_irq(s);
1004}
1005
5391d806
FB		 1006static void ide_sector_write(IDEState *s)
1007{
1008 int64_t sector_num;
31c2a146 1009 int ret, n, n1;
5391d806
FB		 1010
1011 s->status = READY_STAT | SEEK_STAT;
1012 sector_num = ide_get_sector(s);
1013#if defined(DEBUG_IDE)
18c5f8ea 1014 printf("write sector=%" PRId64 "\n", sector_num);
5391d806
FB		 1015#endif
1016 n = s->nsector;
1017 if (n > s->req_nb_sectors)
1018 n = s->req_nb_sectors;
31c2a146 1019 ret = bdrv_write(s->bs, sector_num, s->io_buffer, n);
428c5705 1020
e162cfb0 1021 if (ret != 0) {
428c5705
AL		 1022 if (ide_handle_write_error(s, -ret, BM_STATUS_PIO_RETRY))
1023 return;
e162cfb0
AZ		 1024 }
1025
5391d806
FB		 1026 s->nsector -= n;
1027 if (s->nsector == 0) {
292eef5a 1028 /* no more sectors to write */
5391d806
FB		 1029 ide_transfer_stop(s);
1030 } else {
1031 n1 = s->nsector;
1032 if (n1 > s->req_nb_sectors)
1033 n1 = s->req_nb_sectors;
1034 ide_transfer_start(s, s->io_buffer, 512 * n1, ide_sector_write);
1035 }
1036 ide_set_sector(s, sector_num + n);
3b46e624 1037
31c2a146
TS		 1038#ifdef TARGET_I386
1039 if (win2k_install_hack && ((++s->irq_count % 16) == 0)) {
1040 /* It seems there is a bug in the Windows 2000 installer HDD
1041 IDE driver which fills the disk with empty logs when the
1042 IDE write IRQ comes too early. This hack tries to correct
1043 that at the expense of slower write performances. Use this
1044 option _only_ to install Windows 2000. You must disable it
1045 for normal use. */
1046 qemu_mod_timer(s->sector_write_timer,
1047 qemu_get_clock(vm_clock) + (ticks_per_sec / 1000));
1048 } else
1049#endif
1050 {
1051 ide_set_irq(s);
1052 }
5391d806
FB		 1053}
1054
428c5705
AL		 1055static void ide_dma_restart_cb(void *opaque, int running)
1056{
1057 BMDMAState *bm = opaque;
1058 if (!running)
1059 return;
1060 if (bm->status & BM_STATUS_DMA_RETRY) {
1061 bm->status &= ~BM_STATUS_DMA_RETRY;
1062 ide_dma_restart(bm->ide_if);
1063 } else if (bm->status & BM_STATUS_PIO_RETRY) {
1064 bm->status &= ~BM_STATUS_PIO_RETRY;
1065 ide_sector_write(bm->ide_if);
1066 }
1067}
1068
8ccad811 1069static void ide_write_dma_cb(void *opaque, int ret)
98087450 1070{
8ccad811
FB		 1071 BMDMAState *bm = opaque;
1072 IDEState *s = bm->ide_if;
1073 int n;
98087450
FB		 1074 int64_t sector_num;
1075
e162cfb0 1076 if (ret < 0) {
428c5705
AL		 1077 if (ide_handle_write_error(s, -ret, BM_STATUS_DMA_RETRY))
1078 return;
e162cfb0
AZ		 1079 }
1080
8ccad811
FB		 1081 n = s->io_buffer_size >> 9;
1082 sector_num = ide_get_sector(s);
1083 if (n > 0) {
1084 sector_num += n;
1085 ide_set_sector(s, sector_num);
1086 s->nsector -= n;
98087450 1087 }
98087450 1088
8ccad811
FB		 1089 /* end of transfer ? */
1090 if (s->nsector == 0) {
1091 s->status = READY_STAT | SEEK_STAT;
1092 ide_set_irq(s);
1093 eot:
1094 bm->status &= ~BM_STATUS_DMAING;
1095 bm->status |= BM_STATUS_INT;
1096 bm->dma_cb = NULL;
1097 bm->ide_if = NULL;
1098 bm->aiocb = NULL;
1099 return;
1100 }
1101
1102 /* launch next transfer */
98087450 1103 n = s->nsector;
1d8cde5b
AJ		 1104 if (n > IDE_DMA_BUF_SECTORS)
1105 n = IDE_DMA_BUF_SECTORS;
98087450
FB		 1106 s->io_buffer_index = 0;
1107 s->io_buffer_size = n * 512;
8ccad811
FB		 1108
1109 if (dma_buf_rw(bm, 0) == 0)
1110 goto eot;
1111#ifdef DEBUG_AIO
5df23f53 1112 printf("aio_write: sector_num=%" PRId64 " n=%d\n", sector_num, n);
8ccad811 1113#endif
5fafdf24 1114 bm->aiocb = bdrv_aio_write(s->bs, sector_num, s->io_buffer, n,
8ccad811 1115 ide_write_dma_cb, bm);
5604e090 1116 ide_dma_submit_check(s, ide_write_dma_cb, bm);
8ccad811
FB		 1117}
1118
1119static void ide_sector_write_dma(IDEState *s)
1120{
1121 s->status = READY_STAT | SEEK_STAT | DRQ_STAT | BUSY_STAT;
1122 s->io_buffer_index = 0;
1123 s->io_buffer_size = 0;
98087450
FB		 1124 ide_dma_start(s, ide_write_dma_cb);
1125}
1126
5391d806
FB		 1127static void ide_atapi_cmd_ok(IDEState *s)
1128{
1129 s->error = 0;
41a2b959 1130 s->status = READY_STAT | SEEK_STAT;
5391d806
FB		 1131 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
1132 ide_set_irq(s);
1133}
1134
1135static void ide_atapi_cmd_error(IDEState *s, int sense_key, int asc)
1136{
1137#ifdef DEBUG_IDE_ATAPI
1138 printf("atapi_cmd_error: sense=0x%x asc=0x%x\n", sense_key, asc);
1139#endif
1140 s->error = sense_key << 4;
1141 s->status = READY_STAT | ERR_STAT;
1142 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
1143 s->sense_key = sense_key;
1144 s->asc = asc;
1145 ide_set_irq(s);
1146}
1147
9118e7f0
AL		 1148static void ide_atapi_cmd_check_status(IDEState *s)
1149{
1150#ifdef DEBUG_IDE_ATAPI
1151 printf("atapi_cmd_check_status\n");
1152#endif
1153 s->error = MC_ERR | (SENSE_UNIT_ATTENTION << 4);
1154 s->status = ERR_STAT;
1155 s->nsector = 0;
1156 ide_set_irq(s);
1157}
1158
5391d806
FB		 1159static inline void cpu_to_ube16(uint8_t *buf, int val)
1160{
1161 buf[0] = val >> 8;
1162 buf[1] = val;
1163}
1164
1165static inline void cpu_to_ube32(uint8_t *buf, unsigned int val)
1166{
1167 buf[0] = val >> 24;
1168 buf[1] = val >> 16;
1169 buf[2] = val >> 8;
1170 buf[3] = val;
1171}
1172
1173static inline int ube16_to_cpu(const uint8_t *buf)
1174{
1175 return (buf[0] << 8) | buf[1];
1176}
1177
1178static inline int ube32_to_cpu(const uint8_t *buf)
1179{
1180 return (buf[0] << 24) | (buf[1] << 16) | (buf[2] << 8) | buf[3];
1181}
1182
98087450
FB		 1183static void lba_to_msf(uint8_t *buf, int lba)
1184{
1185 lba += 150;
1186 buf[0] = (lba / 75) / 60;
1187 buf[1] = (lba / 75) % 60;
1188 buf[2] = lba % 75;
1189}
1190
8ccad811
FB		 1191static void cd_data_to_raw(uint8_t *buf, int lba)
1192{
1193 /* sync bytes */
1194 buf[0] = 0x00;
1195 memset(buf + 1, 0xff, 10);
1196 buf[11] = 0x00;
1197 buf += 12;
1198 /* MSF */
1199 lba_to_msf(buf, lba);
1200 buf[3] = 0x01; /* mode 1 data */
1201 buf += 4;
1202 /* data */
1203 buf += 2048;
1204 /* XXX: ECC not computed */
1205 memset(buf, 0, 288);
1206}
1207
5fafdf24 1208static int cd_read_sector(BlockDriverState *bs, int lba, uint8_t *buf,
98087450
FB		 1209 int sector_size)
1210{
66c6ef76
FB		 1211 int ret;
1212
98087450
FB		 1213 switch(sector_size) {
1214 case 2048:
66c6ef76 1215 ret = bdrv_read(bs, (int64_t)lba << 2, buf, 4);
98087450
FB		 1216 break;
1217 case 2352:
66c6ef76
FB		 1218 ret = bdrv_read(bs, (int64_t)lba << 2, buf + 16, 4);
1219 if (ret < 0)
1220 return ret;
8ccad811 1221 cd_data_to_raw(buf, lba);
98087450
FB		 1222 break;
1223 default:
66c6ef76 1224 ret = -EIO;
98087450
FB		 1225 break;
1226 }
66c6ef76
FB		 1227 return ret;
1228}
1229
1230static void ide_atapi_io_error(IDEState *s, int ret)
1231{
1232 /* XXX: handle more errors */
1233 if (ret == -ENOMEDIUM) {
5fafdf24 1234 ide_atapi_cmd_error(s, SENSE_NOT_READY,
66c6ef76
FB		 1235 ASC_MEDIUM_NOT_PRESENT);
1236 } else {
5fafdf24 1237 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
66c6ef76
FB		 1238 ASC_LOGICAL_BLOCK_OOR);
1239 }
98087450
FB		 1240}
1241
5391d806
FB		 1242/* The whole ATAPI transfer logic is handled in this function */
1243static void ide_atapi_cmd_reply_end(IDEState *s)
1244{
66c6ef76 1245 int byte_count_limit, size, ret;
5391d806 1246#ifdef DEBUG_IDE_ATAPI
5fafdf24 1247 printf("reply: tx_size=%d elem_tx_size=%d index=%d\n",
5391d806
FB		 1248 s->packet_transfer_size,
1249 s->elementary_transfer_size,
1250 s->io_buffer_index);
1251#endif
1252 if (s->packet_transfer_size <= 0) {
1253 /* end of transfer */
1254 ide_transfer_stop(s);
41a2b959 1255 s->status = READY_STAT | SEEK_STAT;
5391d806
FB		 1256 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
1257 ide_set_irq(s);
1258#ifdef DEBUG_IDE_ATAPI
1259 printf("status=0x%x\n", s->status);
1260#endif
1261 } else {
1262 /* see if a new sector must be read */
98087450 1263 if (s->lba != -1 && s->io_buffer_index >= s->cd_sector_size) {
66c6ef76
FB		 1264 ret = cd_read_sector(s->bs, s->lba, s->io_buffer, s->cd_sector_size);
1265 if (ret < 0) {
1266 ide_transfer_stop(s);
1267 ide_atapi_io_error(s, ret);
1268 return;
1269 }
5391d806
FB		 1270 s->lba++;
1271 s->io_buffer_index = 0;
1272 }
1273 if (s->elementary_transfer_size > 0) {
1274 /* there are some data left to transmit in this elementary
1275 transfer */
98087450 1276 size = s->cd_sector_size - s->io_buffer_index;
5391d806
FB		 1277 if (size > s->elementary_transfer_size)
1278 size = s->elementary_transfer_size;
5fafdf24 1279 ide_transfer_start(s, s->io_buffer + s->io_buffer_index,
5391d806
FB		 1280 size, ide_atapi_cmd_reply_end);
1281 s->packet_transfer_size -= size;
1282 s->elementary_transfer_size -= size;
1283 s->io_buffer_index += size;
1284 } else {
1285 /* a new transfer is needed */
1286 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO;
1287 byte_count_limit = s->lcyl | (s->hcyl << 8);
1288#ifdef DEBUG_IDE_ATAPI
1289 printf("byte_count_limit=%d\n", byte_count_limit);
1290#endif
1291 if (byte_count_limit == 0xffff)
1292 byte_count_limit--;
1293 size = s->packet_transfer_size;
1294 if (size > byte_count_limit) {
1295 /* byte count limit must be even if this case */
1296 if (byte_count_limit & 1)
1297 byte_count_limit--;
1298 size = byte_count_limit;
5391d806 1299 }
a136e5a8
FB		 1300 s->lcyl = size;
1301 s->hcyl = size >> 8;
5391d806
FB		 1302 s->elementary_transfer_size = size;
1303 /* we cannot transmit more than one sector at a time */
1304 if (s->lba != -1) {
98087450
FB		 1305 if (size > (s->cd_sector_size - s->io_buffer_index))
1306 size = (s->cd_sector_size - s->io_buffer_index);
5391d806 1307 }
5fafdf24 1308 ide_transfer_start(s, s->io_buffer + s->io_buffer_index,
5391d806
FB		 1309 size, ide_atapi_cmd_reply_end);
1310 s->packet_transfer_size -= size;
1311 s->elementary_transfer_size -= size;
1312 s->io_buffer_index += size;
1313 ide_set_irq(s);
1314#ifdef DEBUG_IDE_ATAPI
1315 printf("status=0x%x\n", s->status);
1316#endif
1317 }
1318 }
1319}
1320
1321/* send a reply of 'size' bytes in s->io_buffer to an ATAPI command */
1322static void ide_atapi_cmd_reply(IDEState *s, int size, int max_size)
1323{
1324 if (size > max_size)
1325 size = max_size;
1326 s->lba = -1; /* no sector read */
1327 s->packet_transfer_size = size;
5f12ab4b 1328 s->io_buffer_size = size; /* dma: send the reply data as one chunk */
5391d806
FB		 1329 s->elementary_transfer_size = 0;
1330 s->io_buffer_index = 0;
1331
5f12ab4b 1332 if (s->atapi_dma) {
41a2b959 1333 s->status = READY_STAT | SEEK_STAT | DRQ_STAT;
5f12ab4b
TS		 1334 ide_dma_start(s, ide_atapi_cmd_read_dma_cb);
1335 } else {
41a2b959 1336 s->status = READY_STAT | SEEK_STAT;
5f12ab4b
TS		 1337 ide_atapi_cmd_reply_end(s);
1338 }
5391d806
FB		 1339}
1340
1341/* start a CD-CDROM read command */
98087450
FB		 1342static void ide_atapi_cmd_read_pio(IDEState *s, int lba, int nb_sectors,
1343 int sector_size)
5391d806 1344{
5391d806 1345 s->lba = lba;
98087450 1346 s->packet_transfer_size = nb_sectors * sector_size;
5391d806 1347 s->elementary_transfer_size = 0;
98087450
FB		 1348 s->io_buffer_index = sector_size;
1349 s->cd_sector_size = sector_size;
5391d806 1350
41a2b959 1351 s->status = READY_STAT | SEEK_STAT;
5391d806
FB		 1352 ide_atapi_cmd_reply_end(s);
1353}
1354
98087450 1355/* ATAPI DMA support */
8ccad811
FB		 1356
1357/* XXX: handle read errors */
1358static void ide_atapi_cmd_read_dma_cb(void *opaque, int ret)
98087450 1359{
8ccad811
FB		 1360 BMDMAState *bm = opaque;
1361 IDEState *s = bm->ide_if;
1362 int data_offset, n;
1363
66c6ef76
FB		 1364 if (ret < 0) {
1365 ide_atapi_io_error(s, ret);
1366 goto eot;
1367 }
1368
8ccad811 1369 if (s->io_buffer_size > 0) {
5f12ab4b
TS		 1370 /*
1371 * For a cdrom read sector command (s->lba != -1),
1372 * adjust the lba for the next s->io_buffer_size chunk
1373 * and dma the current chunk.
1374 * For a command != read (s->lba == -1), just transfer
1375 * the reply data.
1376 */
1377 if (s->lba != -1) {
1378 if (s->cd_sector_size == 2352) {
1379 n = 1;
1380 cd_data_to_raw(s->io_buffer, s->lba);
1381 } else {
1382 n = s->io_buffer_size >> 11;
1383 }
1384 s->lba += n;
1385 }
8ccad811 1386 s->packet_transfer_size -= s->io_buffer_size;
8ccad811
FB		 1387 if (dma_buf_rw(bm, 1) == 0)
1388 goto eot;
98087450 1389 }
8ccad811 1390
98087450 1391 if (s->packet_transfer_size <= 0) {
41a2b959 1392 s->status = READY_STAT | SEEK_STAT;
98087450
FB		 1393 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
1394 ide_set_irq(s);
8ccad811
FB		 1395 eot:
1396 bm->status &= ~BM_STATUS_DMAING;
1397 bm->status |= BM_STATUS_INT;
1398 bm->dma_cb = NULL;
1399 bm->ide_if = NULL;
1400 bm->aiocb = NULL;
1401 return;
1402 }
3b46e624 1403
8ccad811
FB		 1404 s->io_buffer_index = 0;
1405 if (s->cd_sector_size == 2352) {
1406 n = 1;
1407 s->io_buffer_size = s->cd_sector_size;
1408 data_offset = 16;
1409 } else {
1410 n = s->packet_transfer_size >> 11;
1d8cde5b
AJ		 1411 if (n > (IDE_DMA_BUF_SECTORS / 4))
1412 n = (IDE_DMA_BUF_SECTORS / 4);
8ccad811
FB		 1413 s->io_buffer_size = n * 2048;
1414 data_offset = 0;
98087450 1415 }
8ccad811
FB		 1416#ifdef DEBUG_AIO
1417 printf("aio_read_cd: lba=%u n=%d\n", s->lba, n);
1418#endif
5fafdf24
TS		 1419 bm->aiocb = bdrv_aio_read(s->bs, (int64_t)s->lba << 2,
1420 s->io_buffer + data_offset, n * 4,
8ccad811 1421 ide_atapi_cmd_read_dma_cb, bm);
66c6ef76
FB		 1422 if (!bm->aiocb) {
1423 /* Note: media not present is the most likely case */
5fafdf24 1424 ide_atapi_cmd_error(s, SENSE_NOT_READY,
66c6ef76
FB		 1425 ASC_MEDIUM_NOT_PRESENT);
1426 goto eot;
1427 }
98087450
FB		 1428}
1429
1430/* start a CD-CDROM read command with DMA */
1431/* XXX: test if DMA is available */
1432static void ide_atapi_cmd_read_dma(IDEState *s, int lba, int nb_sectors,
1433 int sector_size)
1434{
1435 s->lba = lba;
1436 s->packet_transfer_size = nb_sectors * sector_size;
8ccad811
FB		 1437 s->io_buffer_index = 0;
1438 s->io_buffer_size = 0;
98087450
FB		 1439 s->cd_sector_size = sector_size;
1440
8ccad811 1441 /* XXX: check if BUSY_STAT should be set */
41a2b959 1442 s->status = READY_STAT | SEEK_STAT | DRQ_STAT | BUSY_STAT;
98087450
FB		 1443 ide_dma_start(s, ide_atapi_cmd_read_dma_cb);
1444}
1445
5fafdf24 1446static void ide_atapi_cmd_read(IDEState *s, int lba, int nb_sectors,
98087450
FB		 1447 int sector_size)
1448{
1449#ifdef DEBUG_IDE_ATAPI
5f12ab4b
TS		 1450 printf("read %s: LBA=%d nb_sectors=%d\n", s->atapi_dma ? "dma" : "pio",
1451 lba, nb_sectors);
98087450
FB		 1452#endif
1453 if (s->atapi_dma) {
1454 ide_atapi_cmd_read_dma(s, lba, nb_sectors, sector_size);
1455 } else {
1456 ide_atapi_cmd_read_pio(s, lba, nb_sectors, sector_size);
1457 }
1458}
1459
38cdea7c
AZ		 1460static inline uint8_t ide_atapi_set_profile(uint8_t *buf, uint8_t *index,
1461 uint16_t profile)
1462{
1463 uint8_t *buf_profile = buf + 12; /* start of profiles */
1464
1465 buf_profile += ((*index) * 4); /* start of indexed profile */
1466 cpu_to_ube16 (buf_profile, profile);
1467 buf_profile[2] = ((buf_profile[0] == buf[6]) && (buf_profile[1] == buf[7]));
1468
1469 /* each profile adds 4 bytes to the response */
1470 (*index)++;
1471 buf[11] += 4; /* Additional Length */
1472
1473 return 4;
1474}
1475
8114e9e8
TS		 1476static int ide_dvd_read_structure(IDEState *s, int format,
1477 const uint8_t *packet, uint8_t *buf)
1478{
1479 switch (format) {
1480 case 0x0: /* Physical format information */
1481 {
1482 int layer = packet[6];
1483 uint64_t total_sectors;
1484
1485 if (layer != 0)
1486 return -ASC_INV_FIELD_IN_CMD_PACKET;
1487
1488 bdrv_get_geometry(s->bs, &total_sectors);
1489 total_sectors >>= 2;
1490 if (total_sectors == 0)
1491 return -ASC_MEDIUM_NOT_PRESENT;
1492
1493 buf[4] = 1; /* DVD-ROM, part version 1 */
1494 buf[5] = 0xf; /* 120mm disc, minimum rate unspecified */
1495 buf[6] = 1; /* one layer, read-only (per MMC-2 spec) */
1496 buf[7] = 0; /* default densities */
1497
1498 /* FIXME: 0x30000 per spec? */
1499 cpu_to_ube32(buf + 8, 0); /* start sector */
1500 cpu_to_ube32(buf + 12, total_sectors - 1); /* end sector */
1501 cpu_to_ube32(buf + 16, total_sectors - 1); /* l0 end sector */
1502
1503 /* Size of buffer, not including 2 byte size field */
1504 cpu_to_be16wu((uint16_t *)buf, 2048 + 2);
1505
1506 /* 2k data + 4 byte header */
1507 return (2048 + 4);
1508 }
1509
1510 case 0x01: /* DVD copyright information */
1511 buf[4] = 0; /* no copyright data */
1512 buf[5] = 0; /* no region restrictions */
1513
1514 /* Size of buffer, not including 2 byte size field */
1515 cpu_to_be16wu((uint16_t *)buf, 4 + 2);
1516
1517 /* 4 byte header + 4 byte data */
1518 return (4 + 4);
1519
1520 case 0x03: /* BCA information - invalid field for no BCA info */
1521 return -ASC_INV_FIELD_IN_CMD_PACKET;
1522
1523 case 0x04: /* DVD disc manufacturing information */
1524 /* Size of buffer, not including 2 byte size field */
1525 cpu_to_be16wu((uint16_t *)buf, 2048 + 2);
1526
1527 /* 2k data + 4 byte header */
1528 return (2048 + 4);
1529
1530 case 0xff:
1531 /*
1532 * This lists all the command capabilities above. Add new ones
1533 * in order and update the length and buffer return values.
1534 */
1535
1536 buf[4] = 0x00; /* Physical format */
1537 buf[5] = 0x40; /* Not writable, is readable */
1538 cpu_to_be16wu((uint16_t *)(buf + 6), 2048 + 4);
1539
1540 buf[8] = 0x01; /* Copyright info */
1541 buf[9] = 0x40; /* Not writable, is readable */
1542 cpu_to_be16wu((uint16_t *)(buf + 10), 4 + 4);
1543
1544 buf[12] = 0x03; /* BCA info */
1545 buf[13] = 0x40; /* Not writable, is readable */
1546 cpu_to_be16wu((uint16_t *)(buf + 14), 188 + 4);
1547
1548 buf[16] = 0x04; /* Manufacturing info */
1549 buf[17] = 0x40; /* Not writable, is readable */
1550 cpu_to_be16wu((uint16_t *)(buf + 18), 2048 + 4);
1551
1552 /* Size of buffer, not including 2 byte size field */
1553 cpu_to_be16wu((uint16_t *)buf, 16 + 2);
1554
1555 /* data written + 4 byte header */
1556 return (16 + 4);
1557
1558 default: /* TODO: formats beyond DVD-ROM requires */
1559 return -ASC_INV_FIELD_IN_CMD_PACKET;
1560 }
1561}
1562
5391d806
FB		 1563static void ide_atapi_cmd(IDEState *s)
1564{
1565 const uint8_t *packet;
1566 uint8_t *buf;
1567 int max_len;
1568
1569 packet = s->io_buffer;
1570 buf = s->io_buffer;
1571#ifdef DEBUG_IDE_ATAPI
1572 {
1573 int i;
1574 printf("ATAPI limit=0x%x packet:", s->lcyl | (s->hcyl << 8));
1575 for(i = 0; i < ATAPI_PACKET_SIZE; i++) {
1576 printf(" %02x", packet[i]);
1577 }
1578 printf("\n");
1579 }
1580#endif
9118e7f0
AL		 1581 /* If there's a UNIT_ATTENTION condition pending, only
1582 REQUEST_SENSE and INQUIRY commands are allowed to complete. */
1583 if (s->sense_key == SENSE_UNIT_ATTENTION &&
1584 s->io_buffer[0] != GPCMD_REQUEST_SENSE &&
1585 s->io_buffer[0] != GPCMD_INQUIRY) {
1586 ide_atapi_cmd_check_status(s);
1587 return;
1588 }
5391d806
FB		 1589 switch(s->io_buffer[0]) {
1590 case GPCMD_TEST_UNIT_READY:
caed8802 1591 if (bdrv_is_inserted(s->bs)) {
5391d806
FB		 1592 ide_atapi_cmd_ok(s);
1593 } else {
5fafdf24 1594 ide_atapi_cmd_error(s, SENSE_NOT_READY,
5391d806
FB		 1595 ASC_MEDIUM_NOT_PRESENT);
1596 }
1597 break;
d14049ea 1598 case GPCMD_MODE_SENSE_6:
5391d806
FB		 1599 case GPCMD_MODE_SENSE_10:
1600 {
1601 int action, code;
d14049ea
TS		 1602 if (packet[0] == GPCMD_MODE_SENSE_10)
1603 max_len = ube16_to_cpu(packet + 7);
1604 else
1605 max_len = packet[4];
5391d806
FB		 1606 action = packet[2] >> 6;
1607 code = packet[2] & 0x3f;
1608 switch(action) {
1609 case 0: /* current values */
1610 switch(code) {
1611 case 0x01: /* error recovery */
1612 cpu_to_ube16(&buf[0], 16 + 6);
1613 buf[2] = 0x70;
1614 buf[3] = 0;
1615 buf[4] = 0;
1616 buf[5] = 0;
1617 buf[6] = 0;
1618 buf[7] = 0;
1619
1620 buf[8] = 0x01;
1621 buf[9] = 0x06;
1622 buf[10] = 0x00;
1623 buf[11] = 0x05;
1624 buf[12] = 0x00;
1625 buf[13] = 0x00;
1626 buf[14] = 0x00;
1627 buf[15] = 0x00;
1628 ide_atapi_cmd_reply(s, 16, max_len);
1629 break;
1630 case 0x2a:
1631 cpu_to_ube16(&buf[0], 28 + 6);
1632 buf[2] = 0x70;
1633 buf[3] = 0;
1634 buf[4] = 0;
1635 buf[5] = 0;
1636 buf[6] = 0;
1637 buf[7] = 0;
1638
1639 buf[8] = 0x2a;
1640 buf[9] = 0x12;
0d4a05a1 1641 buf[10] = 0x00;
5391d806 1642 buf[11] = 0x00;
3b46e624 1643
d5b4eb40
AL		 1644 /* Claim PLAY_AUDIO capability (0x01) since some Linux
1645 code checks for this to automount media. */
1646 buf[12] = 0x71;
5391d806
FB		 1647 buf[13] = 3 << 5;
1648 buf[14] = (1 << 0) | (1 << 3) | (1 << 5);
caed8802 1649 if (bdrv_is_locked(s->bs))
5391d806
FB		 1650 buf[6] |= 1 << 1;
1651 buf[15] = 0x00;
1652 cpu_to_ube16(&buf[16], 706);
1653 buf[18] = 0;
1654 buf[19] = 2;
1655 cpu_to_ube16(&buf[20], 512);
1656 cpu_to_ube16(&buf[22], 706);
1657 buf[24] = 0;
1658 buf[25] = 0;
1659 buf[26] = 0;
1660 buf[27] = 0;
1661 ide_atapi_cmd_reply(s, 28, max_len);
1662 break;
1663 default:
1664 goto error_cmd;
1665 }
1666 break;
1667 case 1: /* changeable values */
1668 goto error_cmd;
1669 case 2: /* default values */
1670 goto error_cmd;
1671 default:
1672 case 3: /* saved values */
5fafdf24 1673 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
5391d806
FB		 1674 ASC_SAVING_PARAMETERS_NOT_SUPPORTED);
1675 break;
1676 }
1677 }
1678 break;
1679 case GPCMD_REQUEST_SENSE:
1680 max_len = packet[4];
1681 memset(buf, 0, 18);
1682 buf[0] = 0x70 | (1 << 7);
1683 buf[2] = s->sense_key;
1684 buf[7] = 10;
1685 buf[12] = s->asc;
9118e7f0
AL		 1686 if (s->sense_key == SENSE_UNIT_ATTENTION)
1687 s->sense_key = SENSE_NONE;
5391d806
FB		 1688 ide_atapi_cmd_reply(s, 18, max_len);
1689 break;
1690 case GPCMD_PREVENT_ALLOW_MEDIUM_REMOVAL:
caed8802
FB		 1691 if (bdrv_is_inserted(s->bs)) {
1692 bdrv_set_locked(s->bs, packet[4] & 1);
5391d806
FB		 1693 ide_atapi_cmd_ok(s);
1694 } else {
5fafdf24 1695 ide_atapi_cmd_error(s, SENSE_NOT_READY,
5391d806
FB		 1696 ASC_MEDIUM_NOT_PRESENT);
1697 }
1698 break;
1699 case GPCMD_READ_10:
1700 case GPCMD_READ_12:
1701 {
1702 int nb_sectors, lba;
1703
5391d806
FB		 1704 if (packet[0] == GPCMD_READ_10)
1705 nb_sectors = ube16_to_cpu(packet + 7);
1706 else
1707 nb_sectors = ube32_to_cpu(packet + 6);
1708 lba = ube32_to_cpu(packet + 2);
1709 if (nb_sectors == 0) {
1710 ide_atapi_cmd_ok(s);
1711 break;
1712 }
98087450
FB		 1713 ide_atapi_cmd_read(s, lba, nb_sectors, 2048);
1714 }
1715 break;
1716 case GPCMD_READ_CD:
1717 {
1718 int nb_sectors, lba, transfer_request;
1719
98087450
FB		 1720 nb_sectors = (packet[6] << 16) | (packet[7] << 8) | packet[8];
1721 lba = ube32_to_cpu(packet + 2);
1722 if (nb_sectors == 0) {
1723 ide_atapi_cmd_ok(s);
1724 break;
1725 }
98087450
FB		 1726 transfer_request = packet[9];
1727 switch(transfer_request & 0xf8) {
1728 case 0x00:
1729 /* nothing */
1730 ide_atapi_cmd_ok(s);
1731 break;
1732 case 0x10:
1733 /* normal read */
1734 ide_atapi_cmd_read(s, lba, nb_sectors, 2048);
1735 break;
1736 case 0xf8:
1737 /* read all data */
1738 ide_atapi_cmd_read(s, lba, nb_sectors, 2352);
1739 break;
1740 default:
5fafdf24 1741 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
98087450
FB		 1742 ASC_INV_FIELD_IN_CMD_PACKET);
1743 break;
1744 }
5391d806
FB		 1745 }
1746 break;
1747 case GPCMD_SEEK:
1748 {
96b8f136
TS		 1749 unsigned int lba;
1750 uint64_t total_sectors;
66c6ef76
FB		 1751
1752 bdrv_get_geometry(s->bs, &total_sectors);
1753 total_sectors >>= 2;
96b8f136 1754 if (total_sectors == 0) {
5fafdf24 1755 ide_atapi_cmd_error(s, SENSE_NOT_READY,
5391d806
FB		 1756 ASC_MEDIUM_NOT_PRESENT);
1757 break;
1758 }
1759 lba = ube32_to_cpu(packet + 2);
66c6ef76 1760 if (lba >= total_sectors) {
5fafdf24 1761 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
5391d806
FB		 1762 ASC_LOGICAL_BLOCK_OOR);
1763 break;
1764 }
1765 ide_atapi_cmd_ok(s);
1766 }
1767 break;
1768 case GPCMD_START_STOP_UNIT:
1769 {
1770 int start, eject;
1771 start = packet[4] & 1;
1772 eject = (packet[4] >> 1) & 1;
3b46e624 1773
caed8802
FB		 1774 if (eject && !start) {
1775 /* eject the disk */
66c6ef76
FB		 1776 bdrv_eject(s->bs, 1);
1777 } else if (eject && start) {
1778 /* close the tray */
1779 bdrv_eject(s->bs, 0);
caed8802 1780 }
5391d806
FB		 1781 ide_atapi_cmd_ok(s);
1782 }
1783 break;
1784 case GPCMD_MECHANISM_STATUS:
1785 {
1786 max_len = ube16_to_cpu(packet + 8);
1787 cpu_to_ube16(buf, 0);
1788 /* no current LBA */
1789 buf[2] = 0;
1790 buf[3] = 0;
1791 buf[4] = 0;
1792 buf[5] = 1;
1793 cpu_to_ube16(buf + 6, 0);
1794 ide_atapi_cmd_reply(s, 8, max_len);
1795 }
1796 break;
1797 case GPCMD_READ_TOC_PMA_ATIP:
1798 {
1799 int format, msf, start_track, len;
96b8f136 1800 uint64_t total_sectors;
5391d806 1801
66c6ef76
FB		 1802 bdrv_get_geometry(s->bs, &total_sectors);
1803 total_sectors >>= 2;
96b8f136 1804 if (total_sectors == 0) {
5fafdf24 1805 ide_atapi_cmd_error(s, SENSE_NOT_READY,
5391d806
FB		 1806 ASC_MEDIUM_NOT_PRESENT);
1807 break;
1808 }
1809 max_len = ube16_to_cpu(packet + 7);
1810 format = packet[9] >> 6;
1811 msf = (packet[1] >> 1) & 1;
1812 start_track = packet[6];
1813 switch(format) {
1814 case 0:
66c6ef76 1815 len = cdrom_read_toc(total_sectors, buf, msf, start_track);
5391d806
FB		 1816 if (len < 0)
1817 goto error_cmd;
1818 ide_atapi_cmd_reply(s, len, max_len);
1819 break;
1820 case 1:
1821 /* multi session : only a single session defined */
1822 memset(buf, 0, 12);
1823 buf[1] = 0x0a;
1824 buf[2] = 0x01;
1825 buf[3] = 0x01;
1826 ide_atapi_cmd_reply(s, 12, max_len);
1827 break;
98087450 1828 case 2:
66c6ef76 1829 len = cdrom_read_toc_raw(total_sectors, buf, msf, start_track);
98087450
FB		 1830 if (len < 0)
1831 goto error_cmd;
1832 ide_atapi_cmd_reply(s, len, max_len);
1833 break;
5391d806 1834 default:
7f777bf3 1835 error_cmd:
5fafdf24 1836 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
7f777bf3
FB		 1837 ASC_INV_FIELD_IN_CMD_PACKET);
1838 break;
5391d806
FB		 1839 }
1840 }
1841 break;
1842 case GPCMD_READ_CDVD_CAPACITY:
66c6ef76 1843 {
96b8f136 1844 uint64_t total_sectors;
66c6ef76
FB		 1845
1846 bdrv_get_geometry(s->bs, &total_sectors);
1847 total_sectors >>= 2;
96b8f136 1848 if (total_sectors == 0) {
5fafdf24 1849 ide_atapi_cmd_error(s, SENSE_NOT_READY,
66c6ef76
FB		 1850 ASC_MEDIUM_NOT_PRESENT);
1851 break;
1852 }
1853 /* NOTE: it is really the number of sectors minus 1 */
1854 cpu_to_ube32(buf, total_sectors - 1);
1855 cpu_to_ube32(buf + 4, 2048);
1856 ide_atapi_cmd_reply(s, 8, 8);
5391d806 1857 }
5391d806 1858 break;
d14049ea
TS		 1859 case GPCMD_READ_DVD_STRUCTURE:
1860 {
1861 int media = packet[1];
8114e9e8
TS		 1862 int format = packet[7];
1863 int ret;
d14049ea 1864
8114e9e8 1865 max_len = ube16_to_cpu(packet + 8);
d14049ea 1866
8114e9e8
TS		 1867 if (format < 0xff) {
1868 if (media_is_cd(s)) {
1869 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1870 ASC_INCOMPATIBLE_FORMAT);
1871 break;
1872 } else if (!media_present(s)) {
1873 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1874 ASC_INV_FIELD_IN_CMD_PACKET);
1875 break;
1876 }
1877 }
d14049ea 1878
8114e9e8
TS		 1879 memset(buf, 0, max_len > IDE_DMA_BUF_SECTORS * 512 + 4 ?
1880 IDE_DMA_BUF_SECTORS * 512 + 4 : max_len);
d14049ea 1881
8114e9e8
TS		 1882 switch (format) {
1883 case 0x00 ... 0x7f:
1884 case 0xff:
1885 if (media == 0) {
1886 ret = ide_dvd_read_structure(s, format, packet, buf);
d14049ea 1887
8114e9e8
TS		 1888 if (ret < 0)
1889 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST, -ret);
1890 else
1891 ide_atapi_cmd_reply(s, ret, max_len);
d14049ea 1892
8114e9e8
TS		 1893 break;
1894 }
1895 /* TODO: BD support, fall through for now */
1896
1897 /* Generic disk structures */
1898 case 0x80: /* TODO: AACS volume identifier */
1899 case 0x81: /* TODO: AACS media serial number */
1900 case 0x82: /* TODO: AACS media identifier */
1901 case 0x83: /* TODO: AACS media key block */
1902 case 0x90: /* TODO: List of recognized format layers */
1903 case 0xc0: /* TODO: Write protection status */
d14049ea
TS		 1904 default:
1905 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1906 ASC_INV_FIELD_IN_CMD_PACKET);
1907 break;
1908 }
1909 }
1910 break;
1911 case GPCMD_SET_SPEED:
1912 ide_atapi_cmd_ok(s);
1913 break;
bd0d90b2
FB		 1914 case GPCMD_INQUIRY:
1915 max_len = packet[4];
1916 buf[0] = 0x05; /* CD-ROM */
1917 buf[1] = 0x80; /* removable */
1918 buf[2] = 0x00; /* ISO */
1919 buf[3] = 0x21; /* ATAPI-2 (XXX: put ATAPI-4 ?) */
aa1f17c1 1920 buf[4] = 31; /* additional length */
bd0d90b2
FB		 1921 buf[5] = 0; /* reserved */
1922 buf[6] = 0; /* reserved */
1923 buf[7] = 0; /* reserved */
1924 padstr8(buf + 8, 8, "QEMU");
38cdea7c 1925 padstr8(buf + 16, 16, "QEMU DVD-ROM");
bd0d90b2
FB		 1926 padstr8(buf + 32, 4, QEMU_VERSION);
1927 ide_atapi_cmd_reply(s, 36, max_len);
1928 break;
d14049ea
TS		 1929 case GPCMD_GET_CONFIGURATION:
1930 {
38cdea7c 1931 uint32_t len;
091d055b 1932 uint8_t index = 0;
d14049ea
TS		 1933
1934 /* only feature 0 is supported */
1935 if (packet[2] != 0 || packet[3] != 0) {
1936 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1937 ASC_INV_FIELD_IN_CMD_PACKET);
1938 break;
1939 }
38cdea7c
AZ		 1940
1941 /* XXX: could result in alignment problems in some architectures */
1942 max_len = ube16_to_cpu(packet + 7);
091d055b 1943
38cdea7c 1944 /*
091d055b
AZ		 1945 * XXX: avoid overflow for io_buffer if max_len is bigger than
1946 * the size of that buffer (dimensioned to max number of
1947 * sectors to transfer at once)
38cdea7c 1948 *
091d055b 1949 * Only a problem if the feature/profiles grow.
38cdea7c
AZ		 1950 */
1951 if (max_len > 512) /* XXX: assume 1 sector */
1952 max_len = 512;
1953
1954 memset(buf, 0, max_len);
1955 /*
1956 * the number of sectors from the media tells us which profile
1957 * to use as current. 0 means there is no media
38cdea7c 1958 */
8114e9e8
TS		 1959 if (media_is_dvd(s))
1960 cpu_to_ube16(buf + 6, MMC_PROFILE_DVD_ROM);
1961 else if (media_is_cd(s))
1962 cpu_to_ube16(buf + 6, MMC_PROFILE_CD_ROM);
38cdea7c 1963
091d055b
AZ		 1964 buf[10] = 0x02 | 0x01; /* persistent and current */
1965 len = 12; /* headers: 8 + 4 */
1966 len += ide_atapi_set_profile(buf, &index, MMC_PROFILE_DVD_ROM);
1967 len += ide_atapi_set_profile(buf, &index, MMC_PROFILE_CD_ROM);
38cdea7c
AZ		 1968 cpu_to_ube32(buf, len - 4); /* data length */
1969
1970 ide_atapi_cmd_reply(s, len, max_len);
d14049ea
TS		 1971 break;
1972 }
5391d806 1973 default:
5fafdf24 1974 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
7f777bf3 1975 ASC_ILLEGAL_OPCODE);
5391d806
FB		 1976 break;
1977 }
1978}
1979
201a51fc
AZ		 1980static void ide_cfata_metadata_inquiry(IDEState *s)
1981{
1982 uint16_t *p;
1983 uint32_t spd;
1984
1985 p = (uint16_t *) s->io_buffer;
1986 memset(p, 0, 0x200);
1987 spd = ((s->mdata_size - 1) >> 9) + 1;
1988
1989 put_le16(p + 0, 0x0001); /* Data format revision */
1990 put_le16(p + 1, 0x0000); /* Media property: silicon */
1991 put_le16(p + 2, s->media_changed); /* Media status */
1992 put_le16(p + 3, s->mdata_size & 0xffff); /* Capacity in bytes (low) */
1993 put_le16(p + 4, s->mdata_size >> 16); /* Capacity in bytes (high) */
1994 put_le16(p + 5, spd & 0xffff); /* Sectors per device (low) */
1995 put_le16(p + 6, spd >> 16); /* Sectors per device (high) */
1996}
1997
1998static void ide_cfata_metadata_read(IDEState *s)
1999{
2000 uint16_t *p;
2001
2002 if (((s->hcyl << 16) | s->lcyl) << 9 > s->mdata_size + 2) {
2003 s->status = ERR_STAT;
2004 s->error = ABRT_ERR;
2005 return;
2006 }
2007
2008 p = (uint16_t *) s->io_buffer;
2009 memset(p, 0, 0x200);
2010
2011 put_le16(p + 0, s->media_changed); /* Media status */
2012 memcpy(p + 1, s->mdata_storage + (((s->hcyl << 16) | s->lcyl) << 9),
2013 MIN(MIN(s->mdata_size - (((s->hcyl << 16) | s->lcyl) << 9),
2014 s->nsector << 9), 0x200 - 2));
2015}
2016
2017static void ide_cfata_metadata_write(IDEState *s)
2018{
2019 if (((s->hcyl << 16) | s->lcyl) << 9 > s->mdata_size + 2) {
2020 s->status = ERR_STAT;
2021 s->error = ABRT_ERR;
2022 return;
2023 }
2024
2025 s->media_changed = 0;
2026
2027 memcpy(s->mdata_storage + (((s->hcyl << 16) | s->lcyl) << 9),
2028 s->io_buffer + 2,
2029 MIN(MIN(s->mdata_size - (((s->hcyl << 16) | s->lcyl) << 9),
2030 s->nsector << 9), 0x200 - 2));
2031}
2032
bd491d6a
TS		 2033/* called when the inserted state of the media has changed */
2034static void cdrom_change_cb(void *opaque)
2035{
2036 IDEState *s = opaque;
96b8f136 2037 uint64_t nb_sectors;
bd491d6a 2038
bd491d6a
TS		 2039 bdrv_get_geometry(s->bs, &nb_sectors);
2040 s->nb_sectors = nb_sectors;
9118e7f0
AL		 2041
2042 s->sense_key = SENSE_UNIT_ATTENTION;
2043 s->asc = ASC_MEDIUM_MAY_HAVE_CHANGED;
2044
2045 ide_set_irq(s);
bd491d6a
TS		 2046}
2047
c2ff060f
FB		 2048static void ide_cmd_lba48_transform(IDEState *s, int lba48)
2049{
2050 s->lba48 = lba48;
2051
2052 /* handle the 'magic' 0 nsector count conversion here. to avoid
2053 * fiddling with the rest of the read logic, we just store the
2054 * full sector count in ->nsector and ignore ->hob_nsector from now
2055 */
2056 if (!s->lba48) {
2057 if (!s->nsector)
2058 s->nsector = 256;
2059 } else {
2060 if (!s->nsector && !s->hob_nsector)
2061 s->nsector = 65536;
2062 else {
2063 int lo = s->nsector;
2064 int hi = s->hob_nsector;
2065
2066 s->nsector = (hi << 8) | lo;
2067 }
2068 }
2069}
2070
2071static void ide_clear_hob(IDEState *ide_if)
2072{
2073 /* any write clears HOB high bit of device control register */
2074 ide_if[0].select &= ~(1 << 7);
2075 ide_if[1].select &= ~(1 << 7);
2076}
2077
caed8802
FB		 2078static void ide_ioport_write(void *opaque, uint32_t addr, uint32_t val)
2079{
2080 IDEState *ide_if = opaque;
c45c3d00 2081 IDEState *s;
5391d806 2082 int unit, n;
c2ff060f 2083 int lba48 = 0;
5391d806
FB		 2084
2085#ifdef DEBUG_IDE
2086 printf("IDE: write addr=0x%x val=0x%02x\n", addr, val);
2087#endif
c2ff060f 2088
5391d806 2089 addr &= 7;
fcdd25ab
AL		 2090
2091 /* ignore writes to command block while busy with previous command */
2092 if (addr != 7 && (ide_if->cur_drive->status & (BUSY_STAT|DRQ_STAT)))
2093 return;
2094
5391d806
FB		 2095 switch(addr) {
2096 case 0:
2097 break;
2098 case 1:
c2ff060f 2099 ide_clear_hob(ide_if);
c45c3d00 2100 /* NOTE: data is written to the two drives */
c2ff060f
FB		 2101 ide_if[0].hob_feature = ide_if[0].feature;
2102 ide_if[1].hob_feature = ide_if[1].feature;
c45c3d00
FB		 2103 ide_if[0].feature = val;
2104 ide_if[1].feature = val;
5391d806
FB		 2105 break;
2106 case 2:
c2ff060f
FB		 2107 ide_clear_hob(ide_if);
2108 ide_if[0].hob_nsector = ide_if[0].nsector;
2109 ide_if[1].hob_nsector = ide_if[1].nsector;
c45c3d00
FB		 2110 ide_if[0].nsector = val;
2111 ide_if[1].nsector = val;
5391d806
FB		 2112 break;
2113 case 3:
c2ff060f
FB		 2114 ide_clear_hob(ide_if);
2115 ide_if[0].hob_sector = ide_if[0].sector;
2116 ide_if[1].hob_sector = ide_if[1].sector;
c45c3d00
FB		 2117 ide_if[0].sector = val;
2118 ide_if[1].sector = val;
5391d806
FB		 2119 break;
2120 case 4:
c2ff060f
FB		 2121 ide_clear_hob(ide_if);
2122 ide_if[0].hob_lcyl = ide_if[0].lcyl;
2123 ide_if[1].hob_lcyl = ide_if[1].lcyl;
c45c3d00
FB		 2124 ide_if[0].lcyl = val;
2125 ide_if[1].lcyl = val;
5391d806
FB		 2126 break;
2127 case 5:
c2ff060f
FB		 2128 ide_clear_hob(ide_if);
2129 ide_if[0].hob_hcyl = ide_if[0].hcyl;
2130 ide_if[1].hob_hcyl = ide_if[1].hcyl;
c45c3d00
FB		 2131 ide_if[0].hcyl = val;
2132 ide_if[1].hcyl = val;
5391d806
FB		 2133 break;
2134 case 6:
c2ff060f 2135 /* FIXME: HOB readback uses bit 7 */
7ae98627
FB		 2136 ide_if[0].select = (val & ~0x10) | 0xa0;
2137 ide_if[1].select = (val | 0x10) | 0xa0;
5391d806
FB		 2138 /* select drive */
2139 unit = (val >> 4) & 1;
2140 s = ide_if + unit;
2141 ide_if->cur_drive = s;
5391d806
FB		 2142 break;
2143 default:
2144 case 7:
2145 /* command */
2146#if defined(DEBUG_IDE)
2147 printf("ide: CMD=%02x\n", val);
2148#endif
c45c3d00 2149 s = ide_if->cur_drive;
66201e2d 2150 /* ignore commands to non existant slave */
5fafdf24 2151 if (s != ide_if && !s->bs)
66201e2d 2152 break;
c2ff060f 2153
fcdd25ab
AL		 2154 /* Only DEVICE RESET is allowed while BSY or/and DRQ are set */
2155 if ((s->status & (BUSY_STAT|DRQ_STAT)) && val != WIN_DEVICE_RESET)
2156 break;
2157
5391d806
FB		 2158 switch(val) {
2159 case WIN_IDENTIFY:
2160 if (s->bs && !s->is_cdrom) {
201a51fc
AZ		 2161 if (!s->is_cf)
2162 ide_identify(s);
2163 else
2164 ide_cfata_identify(s);
2a282056 2165 s->status = READY_STAT | SEEK_STAT;
5391d806
FB		 2166 ide_transfer_start(s, s->io_buffer, 512, ide_transfer_stop);
2167 } else {
2168 if (s->is_cdrom) {
2169 ide_set_signature(s);
2170 }
2171 ide_abort_command(s);
2172 }
2173 ide_set_irq(s);
2174 break;
2175 case WIN_SPECIFY:
2176 case WIN_RECAL:
a136e5a8 2177 s->error = 0;
769bec72 2178 s->status = READY_STAT | SEEK_STAT;
5391d806
FB		 2179 ide_set_irq(s);
2180 break;
2181 case WIN_SETMULT:
201a51fc
AZ		 2182 if (s->is_cf && s->nsector == 0) {
2183 /* Disable Read and Write Multiple */
2184 s->mult_sectors = 0;
41a2b959 2185 s->status = READY_STAT | SEEK_STAT;
201a51fc 2186 } else if ((s->nsector & 0xff) != 0 &&
39dfc926
TS		 2187 ((s->nsector & 0xff) > MAX_MULT_SECTORS ||
2188 (s->nsector & (s->nsector - 1)) != 0)) {
5391d806
FB		 2189 ide_abort_command(s);
2190 } else {
292eef5a 2191 s->mult_sectors = s->nsector & 0xff;
41a2b959 2192 s->status = READY_STAT | SEEK_STAT;
5391d806
FB		 2193 }
2194 ide_set_irq(s);
2195 break;
c2ff060f
FB		 2196 case WIN_VERIFY_EXT:
2197 lba48 = 1;
4ce900b4
FB		 2198 case WIN_VERIFY:
2199 case WIN_VERIFY_ONCE:
2200 /* do sector number check ? */
c2ff060f 2201 ide_cmd_lba48_transform(s, lba48);
41a2b959 2202 s->status = READY_STAT | SEEK_STAT;
4ce900b4
FB		 2203 ide_set_irq(s);
2204 break;
c2ff060f
FB		 2205 case WIN_READ_EXT:
2206 lba48 = 1;
5391d806
FB		 2207 case WIN_READ:
2208 case WIN_READ_ONCE:
5fafdf24 2209 if (!s->bs)
6b136f9e 2210 goto abort_cmd;
c2ff060f 2211 ide_cmd_lba48_transform(s, lba48);
5391d806
FB		 2212 s->req_nb_sectors = 1;
2213 ide_sector_read(s);
2214 break;
c2ff060f
FB		 2215 case WIN_WRITE_EXT:
2216 lba48 = 1;
5391d806
FB		 2217 case WIN_WRITE:
2218 case WIN_WRITE_ONCE:
201a51fc
AZ		 2219 case CFA_WRITE_SECT_WO_ERASE:
2220 case WIN_WRITE_VERIFY:
c2ff060f 2221 ide_cmd_lba48_transform(s, lba48);
a136e5a8 2222 s->error = 0;
f66723fa 2223 s->status = SEEK_STAT | READY_STAT;
5391d806
FB		 2224 s->req_nb_sectors = 1;
2225 ide_transfer_start(s, s->io_buffer, 512, ide_sector_write);
201a51fc 2226 s->media_changed = 1;
5391d806 2227 break;
c2ff060f
FB		 2228 case WIN_MULTREAD_EXT:
2229 lba48 = 1;
5391d806
FB		 2230 case WIN_MULTREAD:
2231 if (!s->mult_sectors)
2232 goto abort_cmd;
c2ff060f 2233 ide_cmd_lba48_transform(s, lba48);
5391d806
FB		 2234 s->req_nb_sectors = s->mult_sectors;
2235 ide_sector_read(s);
2236 break;
c2ff060f
FB		 2237 case WIN_MULTWRITE_EXT:
2238 lba48 = 1;
5391d806 2239 case WIN_MULTWRITE:
201a51fc 2240 case CFA_WRITE_MULTI_WO_ERASE:
5391d806
FB		 2241 if (!s->mult_sectors)
2242 goto abort_cmd;
c2ff060f 2243 ide_cmd_lba48_transform(s, lba48);
a136e5a8 2244 s->error = 0;
f66723fa 2245 s->status = SEEK_STAT | READY_STAT;
5391d806
FB		 2246 s->req_nb_sectors = s->mult_sectors;
2247 n = s->nsector;
2248 if (n > s->req_nb_sectors)
2249 n = s->req_nb_sectors;
2250 ide_transfer_start(s, s->io_buffer, 512 * n, ide_sector_write);
201a51fc 2251 s->media_changed = 1;
5391d806 2252 break;
c2ff060f
FB		 2253 case WIN_READDMA_EXT:
2254 lba48 = 1;
98087450
FB		 2255 case WIN_READDMA:
2256 case WIN_READDMA_ONCE:
5fafdf24 2257 if (!s->bs)
98087450 2258 goto abort_cmd;
c2ff060f 2259 ide_cmd_lba48_transform(s, lba48);
98087450
FB		 2260 ide_sector_read_dma(s);
2261 break;
c2ff060f
FB		 2262 case WIN_WRITEDMA_EXT:
2263 lba48 = 1;
98087450
FB		 2264 case WIN_WRITEDMA:
2265 case WIN_WRITEDMA_ONCE:
5fafdf24 2266 if (!s->bs)
98087450 2267 goto abort_cmd;
c2ff060f 2268 ide_cmd_lba48_transform(s, lba48);
98087450 2269 ide_sector_write_dma(s);
201a51fc 2270 s->media_changed = 1;
98087450 2271 break;
c2ff060f
FB		 2272 case WIN_READ_NATIVE_MAX_EXT:
2273 lba48 = 1;
5391d806 2274 case WIN_READ_NATIVE_MAX:
c2ff060f 2275 ide_cmd_lba48_transform(s, lba48);
5391d806 2276 ide_set_sector(s, s->nb_sectors - 1);
41a2b959 2277 s->status = READY_STAT | SEEK_STAT;
5391d806
FB		 2278 ide_set_irq(s);
2279 break;
a136e5a8 2280 case WIN_CHECKPOWERMODE1:
201a51fc 2281 case WIN_CHECKPOWERMODE2:
a136e5a8 2282 s->nsector = 0xff; /* device active or idle */
41a2b959 2283 s->status = READY_STAT | SEEK_STAT;
a136e5a8
FB		 2284 ide_set_irq(s);
2285 break;
34e538ae
FB		 2286 case WIN_SETFEATURES:
2287 if (!s->bs)
2288 goto abort_cmd;
2289 /* XXX: valid for CDROM ? */
2290 switch(s->feature) {
e1f63470
TS		 2291 case 0xcc: /* reverting to power-on defaults enable */
2292 case 0x66: /* reverting to power-on defaults disable */
34e538ae
FB		 2293 case 0x02: /* write cache enable */
2294 case 0x82: /* write cache disable */
2295 case 0xaa: /* read look-ahead enable */
2296 case 0x55: /* read look-ahead disable */
201a51fc
AZ		 2297 case 0x05: /* set advanced power management mode */
2298 case 0x85: /* disable advanced power management mode */
2299 case 0x69: /* NOP */
2300 case 0x67: /* NOP */
2301 case 0x96: /* NOP */
2302 case 0x9a: /* NOP */
c3e88d8c
TS		 2303 case 0x42: /* enable Automatic Acoustic Mode */
2304 case 0xc2: /* disable Automatic Acoustic Mode */
e0fe67aa 2305 s->status = READY_STAT | SEEK_STAT;
34e538ae
FB		 2306 ide_set_irq(s);
2307 break;
94458802
FB		 2308 case 0x03: { /* set transfer mode */
2309 uint8_t val = s->nsector & 0x07;
2310
2311 switch (s->nsector >> 3) {
2312 case 0x00: /* pio default */
2313 case 0x01: /* pio mode */
d1b5c20d
TS		 2314 put_le16(s->identify_data + 62,0x07);
2315 put_le16(s->identify_data + 63,0x07);
2316 put_le16(s->identify_data + 88,0x3f);
2317 break;
2318 case 0x02: /* sigle word dma mode*/
2319 put_le16(s->identify_data + 62,0x07 | (1 << (val + 8)));
94458802
FB		 2320 put_le16(s->identify_data + 63,0x07);
2321 put_le16(s->identify_data + 88,0x3f);
2322 break;
2323 case 0x04: /* mdma mode */
d1b5c20d 2324 put_le16(s->identify_data + 62,0x07);
94458802
FB		 2325 put_le16(s->identify_data + 63,0x07 | (1 << (val + 8)));
2326 put_le16(s->identify_data + 88,0x3f);
2327 break;
2328 case 0x08: /* udma mode */
d1b5c20d 2329 put_le16(s->identify_data + 62,0x07);
94458802
FB		 2330 put_le16(s->identify_data + 63,0x07);
2331 put_le16(s->identify_data + 88,0x3f | (1 << (val + 8)));
2332 break;
2333 default:
2334 goto abort_cmd;
2335 }
2336 s->status = READY_STAT | SEEK_STAT;
2337 ide_set_irq(s);
2338 break;
2339 }
34e538ae
FB		 2340 default:
2341 goto abort_cmd;
2342 }
2343 break;
c2ff060f
FB		 2344 case WIN_FLUSH_CACHE:
2345 case WIN_FLUSH_CACHE_EXT:
7a6cba61
PB		 2346 if (s->bs)
2347 bdrv_flush(s->bs);
41a2b959 2348 s->status = READY_STAT | SEEK_STAT;
7a6cba61
PB		 2349 ide_set_irq(s);
2350 break;
c3e88d8c
TS		 2351 case WIN_STANDBY:
2352 case WIN_STANDBY2:
2353 case WIN_STANDBYNOW1:
201a51fc 2354 case WIN_STANDBYNOW2:
c451ee71 2355 case WIN_IDLEIMMEDIATE:
201a51fc
AZ		 2356 case CFA_IDLEIMMEDIATE:
2357 case WIN_SETIDLE1:
2358 case WIN_SETIDLE2:
c3e88d8c
TS		 2359 case WIN_SLEEPNOW1:
2360 case WIN_SLEEPNOW2:
2361 s->status = READY_STAT;
a7dfe172
FB		 2362 ide_set_irq(s);
2363 break;
4fbfcd6d
AJ		 2364 case WIN_SEEK:
2365 if(s->is_cdrom)
2366 goto abort_cmd;
2367 /* XXX: Check that seek is within bounds */
2368 s->status = READY_STAT | SEEK_STAT;
2369 ide_set_irq(s);
2370 break;
5391d806
FB		 2371 /* ATAPI commands */
2372 case WIN_PIDENTIFY:
2373 if (s->is_cdrom) {
2374 ide_atapi_identify(s);
1298fe63 2375 s->status = READY_STAT | SEEK_STAT;
5391d806
FB		 2376 ide_transfer_start(s, s->io_buffer, 512, ide_transfer_stop);
2377 } else {
2378 ide_abort_command(s);
2379 }
2380 ide_set_irq(s);
2381 break;
c451ee71
FB		 2382 case WIN_DIAGNOSE:
2383 ide_set_signature(s);
33256a25
AL		 2384 if (s->is_cdrom)
2385 s->status = 0; /* ATAPI spec (v6) section 9.10 defines packet
2386 * devices to return a clear status register
2387 * with READY_STAT *not* set. */
2388 else
2389 s->status = READY_STAT | SEEK_STAT;
2390 s->error = 0x01; /* Device 0 passed, Device 1 passed or not
2391 * present.
2392 */
f5fdd0a8 2393 ide_set_irq(s);
c451ee71 2394 break;
5391d806
FB		 2395 case WIN_SRST:
2396 if (!s->is_cdrom)
2397 goto abort_cmd;
2398 ide_set_signature(s);
6b136f9e 2399 s->status = 0x00; /* NOTE: READY is _not_ set */
5391d806
FB		 2400 s->error = 0x01;
2401 break;
2402 case WIN_PACKETCMD:
2403 if (!s->is_cdrom)
2404 goto abort_cmd;
98087450
FB		 2405 /* overlapping commands not supported */
2406 if (s->feature & 0x02)
5391d806 2407 goto abort_cmd;
41a2b959 2408 s->status = READY_STAT | SEEK_STAT;
98087450 2409 s->atapi_dma = s->feature & 1;
5391d806 2410 s->nsector = 1;
5fafdf24 2411 ide_transfer_start(s, s->io_buffer, ATAPI_PACKET_SIZE,
5391d806
FB		 2412 ide_atapi_cmd);
2413 break;
201a51fc
AZ		 2414 /* CF-ATA commands */
2415 case CFA_REQ_EXT_ERROR_CODE:
2416 if (!s->is_cf)
2417 goto abort_cmd;
2418 s->error = 0x09; /* miscellaneous error */
41a2b959 2419 s->status = READY_STAT | SEEK_STAT;
201a51fc
AZ		 2420 ide_set_irq(s);
2421 break;
2422 case CFA_ERASE_SECTORS:
2423 case CFA_WEAR_LEVEL:
2424 if (!s->is_cf)
2425 goto abort_cmd;
2426 if (val == CFA_WEAR_LEVEL)
2427 s->nsector = 0;
2428 if (val == CFA_ERASE_SECTORS)
2429 s->media_changed = 1;
2430 s->error = 0x00;
41a2b959 2431 s->status = READY_STAT | SEEK_STAT;
201a51fc
AZ		 2432 ide_set_irq(s);
2433 break;
2434 case CFA_TRANSLATE_SECTOR:
2435 if (!s->is_cf)
2436 goto abort_cmd;
2437 s->error = 0x00;
41a2b959 2438 s->status = READY_STAT | SEEK_STAT;
201a51fc
AZ		 2439 memset(s->io_buffer, 0, 0x200);
2440 s->io_buffer[0x00] = s->hcyl; /* Cyl MSB */
2441 s->io_buffer[0x01] = s->lcyl; /* Cyl LSB */
2442 s->io_buffer[0x02] = s->select; /* Head */
2443 s->io_buffer[0x03] = s->sector; /* Sector */
2444 s->io_buffer[0x04] = ide_get_sector(s) >> 16; /* LBA MSB */
2445 s->io_buffer[0x05] = ide_get_sector(s) >> 8; /* LBA */
2446 s->io_buffer[0x06] = ide_get_sector(s) >> 0; /* LBA LSB */
2447 s->io_buffer[0x13] = 0x00; /* Erase flag */
2448 s->io_buffer[0x18] = 0x00; /* Hot count */
2449 s->io_buffer[0x19] = 0x00; /* Hot count */
2450 s->io_buffer[0x1a] = 0x01; /* Hot count */
2451 ide_transfer_start(s, s->io_buffer, 0x200, ide_transfer_stop);
2452 ide_set_irq(s);
2453 break;
2454 case CFA_ACCESS_METADATA_STORAGE:
2455 if (!s->is_cf)
2456 goto abort_cmd;
2457 switch (s->feature) {
2458 case 0x02: /* Inquiry Metadata Storage */
2459 ide_cfata_metadata_inquiry(s);
2460 break;
2461 case 0x03: /* Read Metadata Storage */
2462 ide_cfata_metadata_read(s);
2463 break;
2464 case 0x04: /* Write Metadata Storage */
2465 ide_cfata_metadata_write(s);
2466 break;
2467 default:
2468 goto abort_cmd;
2469 }
2470 ide_transfer_start(s, s->io_buffer, 0x200, ide_transfer_stop);
2471 s->status = 0x00; /* NOTE: READY is _not_ set */
2472 ide_set_irq(s);
2473 break;
2474 case IBM_SENSE_CONDITION:
2475 if (!s->is_cf)
2476 goto abort_cmd;
2477 switch (s->feature) {
2478 case 0x01: /* sense temperature in device */
2479 s->nsector = 0x50; /* +20 C */
2480 break;
2481 default:
2482 goto abort_cmd;
2483 }
41a2b959 2484 s->status = READY_STAT | SEEK_STAT;
201a51fc
AZ		 2485 ide_set_irq(s);
2486 break;
5391d806
FB		 2487 default:
2488 abort_cmd:
2489 ide_abort_command(s);
2490 ide_set_irq(s);
2491 break;
2492 }
2493 }
2494}
2495
caed8802 2496static uint32_t ide_ioport_read(void *opaque, uint32_t addr1)
5391d806 2497{
7ae98627
FB		 2498 IDEState *ide_if = opaque;
2499 IDEState *s = ide_if->cur_drive;
5391d806 2500 uint32_t addr;
c2ff060f 2501 int ret, hob;
5391d806
FB		 2502
2503 addr = addr1 & 7;
c2ff060f
FB		 2504 /* FIXME: HOB readback uses bit 7, but it's always set right now */
2505 //hob = s->select & (1 << 7);
2506 hob = 0;
5391d806
FB		 2507 switch(addr) {
2508 case 0:
2509 ret = 0xff;
2510 break;
2511 case 1:
c45ca54f
AL		 2512 if ((!ide_if[0].bs && !ide_if[1].bs) ||
2513 (s != ide_if && !s->bs))
c45c3d00 2514 ret = 0;
c2ff060f 2515 else if (!hob)
c45c3d00 2516 ret = s->error;
c2ff060f
FB		 2517 else
2518 ret = s->hob_feature;
5391d806
FB		 2519 break;
2520 case 2:
7ae98627 2521 if (!ide_if[0].bs && !ide_if[1].bs)
c45c3d00 2522 ret = 0;
c2ff060f 2523 else if (!hob)
c45c3d00 2524 ret = s->nsector & 0xff;
c2ff060f
FB		 2525 else
2526 ret = s->hob_nsector;
5391d806
FB		 2527 break;
2528 case 3:
7ae98627 2529 if (!ide_if[0].bs && !ide_if[1].bs)
c45c3d00 2530 ret = 0;
c2ff060f 2531 else if (!hob)
c45c3d00 2532 ret = s->sector;
c2ff060f
FB		 2533 else
2534 ret = s->hob_sector;
5391d806
FB		 2535 break;
2536 case 4:
7ae98627 2537 if (!ide_if[0].bs && !ide_if[1].bs)
c45c3d00 2538 ret = 0;
c2ff060f 2539 else if (!hob)
c45c3d00 2540 ret = s->lcyl;
c2ff060f
FB		 2541 else
2542 ret = s->hob_lcyl;
5391d806
FB		 2543 break;
2544 case 5:
7ae98627 2545 if (!ide_if[0].bs && !ide_if[1].bs)
c45c3d00 2546 ret = 0;
c2ff060f 2547 else if (!hob)
c45c3d00 2548 ret = s->hcyl;
c2ff060f
FB		 2549 else
2550 ret = s->hob_hcyl;
5391d806
FB		 2551 break;
2552 case 6:
7ae98627 2553 if (!ide_if[0].bs && !ide_if[1].bs)
c45c3d00
FB		 2554 ret = 0;
2555 else
7ae98627 2556 ret = s->select;
5391d806
FB		 2557 break;
2558 default:
2559 case 7:
66201e2d
FB		 2560 if ((!ide_if[0].bs && !ide_if[1].bs) ||
2561 (s != ide_if && !s->bs))
c45c3d00
FB		 2562 ret = 0;
2563 else
2564 ret = s->status;
d537cf6c 2565 qemu_irq_lower(s->irq);
5391d806
FB		 2566 break;
2567 }
2568#ifdef DEBUG_IDE
2569 printf("ide: read addr=0x%x val=%02x\n", addr1, ret);
2570#endif
2571 return ret;
2572}
2573
caed8802 2574static uint32_t ide_status_read(void *opaque, uint32_t addr)
5391d806 2575{
7ae98627
FB		 2576 IDEState *ide_if = opaque;
2577 IDEState *s = ide_if->cur_drive;
5391d806 2578 int ret;
7ae98627 2579
66201e2d
FB		 2580 if ((!ide_if[0].bs && !ide_if[1].bs) ||
2581 (s != ide_if && !s->bs))
7ae98627
FB		 2582 ret = 0;
2583 else
2584 ret = s->status;
5391d806
FB		 2585#ifdef DEBUG_IDE
2586 printf("ide: read status addr=0x%x val=%02x\n", addr, ret);
2587#endif
2588 return ret;
2589}
2590
caed8802 2591static void ide_cmd_write(void *opaque, uint32_t addr, uint32_t val)
5391d806 2592{
caed8802 2593 IDEState *ide_if = opaque;
5391d806
FB		 2594 IDEState *s;
2595 int i;
2596
2597#ifdef DEBUG_IDE
2598 printf("ide: write control addr=0x%x val=%02x\n", addr, val);
2599#endif
2600 /* common for both drives */
2601 if (!(ide_if[0].cmd & IDE_CMD_RESET) &&
2602 (val & IDE_CMD_RESET)) {
2603 /* reset low to high */
2604 for(i = 0;i < 2; i++) {
2605 s = &ide_if[i];
2606 s->status = BUSY_STAT | SEEK_STAT;
2607 s->error = 0x01;
2608 }
2609 } else if ((ide_if[0].cmd & IDE_CMD_RESET) &&
2610 !(val & IDE_CMD_RESET)) {
2611 /* high to low */
2612 for(i = 0;i < 2; i++) {
2613 s = &ide_if[i];
6b136f9e
FB		 2614 if (s->is_cdrom)
2615 s->status = 0x00; /* NOTE: READY is _not_ set */
2616 else
56bf1d37 2617 s->status = READY_STAT | SEEK_STAT;
5391d806
FB		 2618 ide_set_signature(s);
2619 }
2620 }
2621
2622 ide_if[0].cmd = val;
2623 ide_if[1].cmd = val;
2624}
2625
caed8802 2626static void ide_data_writew(void *opaque, uint32_t addr, uint32_t val)
5391d806 2627{
caed8802 2628 IDEState *s = ((IDEState *)opaque)->cur_drive;
5391d806
FB		 2629 uint8_t *p;
2630
fcdd25ab
AL		 2631 /* PIO data access allowed only when DRQ bit is set */
2632 if (!(s->status & DRQ_STAT))
2633 return;
2634
5391d806 2635 p = s->data_ptr;
0c4ad8dc 2636 *(uint16_t *)p = le16_to_cpu(val);
5391d806
FB		 2637 p += 2;
2638 s->data_ptr = p;
2639 if (p >= s->data_end)
2640 s->end_transfer_func(s);
2641}
2642
caed8802 2643static uint32_t ide_data_readw(void *opaque, uint32_t addr)
5391d806 2644{
caed8802 2645 IDEState *s = ((IDEState *)opaque)->cur_drive;
5391d806
FB		 2646 uint8_t *p;
2647 int ret;
fcdd25ab
AL		 2648
2649 /* PIO data access allowed only when DRQ bit is set */
2650 if (!(s->status & DRQ_STAT))
2651 return 0;
2652
5391d806 2653 p = s->data_ptr;
0c4ad8dc 2654 ret = cpu_to_le16(*(uint16_t *)p);
5391d806
FB		 2655 p += 2;
2656 s->data_ptr = p;
2657 if (p >= s->data_end)
2658 s->end_transfer_func(s);
2659 return ret;
2660}
2661
caed8802 2662static void ide_data_writel(void *opaque, uint32_t addr, uint32_t val)
5391d806 2663{
caed8802 2664 IDEState *s = ((IDEState *)opaque)->cur_drive;
5391d806
FB		 2665 uint8_t *p;
2666
fcdd25ab
AL		 2667 /* PIO data access allowed only when DRQ bit is set */
2668 if (!(s->status & DRQ_STAT))
2669 return;
2670
5391d806 2671 p = s->data_ptr;
0c4ad8dc 2672 *(uint32_t *)p = le32_to_cpu(val);
5391d806
FB		 2673 p += 4;
2674 s->data_ptr = p;
2675 if (p >= s->data_end)
2676 s->end_transfer_func(s);
2677}
2678
caed8802 2679static uint32_t ide_data_readl(void *opaque, uint32_t addr)
5391d806 2680{
caed8802 2681 IDEState *s = ((IDEState *)opaque)->cur_drive;
5391d806
FB		 2682 uint8_t *p;
2683 int ret;
3b46e624 2684
fcdd25ab
AL		 2685 /* PIO data access allowed only when DRQ bit is set */
2686 if (!(s->status & DRQ_STAT))
2687 return 0;
2688
5391d806 2689 p = s->data_ptr;
0c4ad8dc 2690 ret = cpu_to_le32(*(uint32_t *)p);
5391d806
FB		 2691 p += 4;
2692 s->data_ptr = p;
2693 if (p >= s->data_end)
2694 s->end_transfer_func(s);
2695 return ret;
2696}
2697
a7dfe172
FB		 2698static void ide_dummy_transfer_stop(IDEState *s)
2699{
2700 s->data_ptr = s->io_buffer;
2701 s->data_end = s->io_buffer;
2702 s->io_buffer[0] = 0xff;
2703 s->io_buffer[1] = 0xff;
2704 s->io_buffer[2] = 0xff;
2705 s->io_buffer[3] = 0xff;
2706}
2707
5391d806
FB		 2708static void ide_reset(IDEState *s)
2709{
201a51fc
AZ		 2710 if (s->is_cf)
2711 s->mult_sectors = 0;
2712 else
2713 s->mult_sectors = MAX_MULT_SECTORS;
5391d806
FB		 2714 s->cur_drive = s;
2715 s->select = 0xa0;
41a2b959 2716 s->status = READY_STAT | SEEK_STAT;
5391d806 2717 ide_set_signature(s);
a7dfe172
FB		 2718 /* init the transfer handler so that 0xffff is returned on data
2719 accesses */
2720 s->end_transfer_func = ide_dummy_transfer_stop;
2721 ide_dummy_transfer_stop(s);
201a51fc 2722 s->media_changed = 0;
5391d806
FB		 2723}
2724
5457c8ce
FB		 2725static void ide_init2(IDEState *ide_state,
2726 BlockDriverState *hd0, BlockDriverState *hd1,
d537cf6c 2727 qemu_irq irq)
5391d806 2728{
69b91039 2729 IDEState *s;
aedf5382 2730 static int drive_serial = 1;
f3d54fc4 2731 int i, cylinders, heads, secs;
96b8f136 2732 uint64_t nb_sectors;
5391d806 2733
caed8802
FB		 2734 for(i = 0; i < 2; i++) {
2735 s = ide_state + i;
1d8cde5b 2736 s->io_buffer = qemu_memalign(512, IDE_DMA_BUF_SECTORS*512 + 4);
caed8802
FB		 2737 if (i == 0)
2738 s->bs = hd0;
2739 else
2740 s->bs = hd1;
5391d806
FB		 2741 if (s->bs) {
2742 bdrv_get_geometry(s->bs, &nb_sectors);
f3d54fc4
AL		 2743 bdrv_guess_geometry(s->bs, &cylinders, &heads, &secs);
2744 s->cylinders = cylinders;
2745 s->heads = heads;
2746 s->sectors = secs;
5391d806 2747 s->nb_sectors = nb_sectors;
f3d54fc4 2748
caed8802
FB		 2749 if (bdrv_get_type_hint(s->bs) == BDRV_TYPE_CDROM) {
2750 s->is_cdrom = 1;
bd491d6a 2751 bdrv_set_change_cb(s->bs, cdrom_change_cb, s);
5391d806
FB		 2752 }
2753 }
aedf5382 2754 s->drive_serial = drive_serial++;
fa879c64
AL		 2755 strncpy(s->drive_serial_str, drive_get_serial(s->bs),
2756 sizeof(s->drive_serial_str));
2757 if (strlen(s->drive_serial_str) == 0)
2758 snprintf(s->drive_serial_str, sizeof(s->drive_serial_str),
2759 "QM%05d", s->drive_serial);
caed8802 2760 s->irq = irq;
5fafdf24 2761 s->sector_write_timer = qemu_new_timer(vm_clock,
a09db21f 2762 ide_sector_write_timer_cb, s);
5391d806
FB		 2763 ide_reset(s);
2764 }
69b91039
FB		 2765}
2766
34e538ae 2767static void ide_init_ioport(IDEState *ide_state, int iobase, int iobase2)
69b91039 2768{
caed8802
FB		 2769 register_ioport_write(iobase, 8, 1, ide_ioport_write, ide_state);
2770 register_ioport_read(iobase, 8, 1, ide_ioport_read, ide_state);
2771 if (iobase2) {
2772 register_ioport_read(iobase2, 1, 1, ide_status_read, ide_state);
2773 register_ioport_write(iobase2, 1, 1, ide_cmd_write, ide_state);
5391d806 2774 }
3b46e624 2775
caed8802
FB		 2776 /* data ports */
2777 register_ioport_write(iobase, 2, 2, ide_data_writew, ide_state);
2778 register_ioport_read(iobase, 2, 2, ide_data_readw, ide_state);
2779 register_ioport_write(iobase, 4, 4, ide_data_writel, ide_state);
2780 register_ioport_read(iobase, 4, 4, ide_data_readl, ide_state);
5391d806 2781}
69b91039 2782
aa941b94
AZ		 2783/* save per IDE drive data */
2784static void ide_save(QEMUFile* f, IDEState *s)
2785{
bee8d684
TS		 2786 qemu_put_be32(f, s->mult_sectors);
2787 qemu_put_be32(f, s->identify_set);
aa941b94
AZ		 2788 if (s->identify_set) {
2789 qemu_put_buffer(f, (const uint8_t *)s->identify_data, 512);
2790 }
2791 qemu_put_8s(f, &s->feature);
2792 qemu_put_8s(f, &s->error);
2793 qemu_put_be32s(f, &s->nsector);
2794 qemu_put_8s(f, &s->sector);
2795 qemu_put_8s(f, &s->lcyl);
2796 qemu_put_8s(f, &s->hcyl);
2797 qemu_put_8s(f, &s->hob_feature);
2798 qemu_put_8s(f, &s->hob_nsector);
2799 qemu_put_8s(f, &s->hob_sector);
2800 qemu_put_8s(f, &s->hob_lcyl);
2801 qemu_put_8s(f, &s->hob_hcyl);
2802 qemu_put_8s(f, &s->select);
2803 qemu_put_8s(f, &s->status);
2804 qemu_put_8s(f, &s->lba48);
2805
2806 qemu_put_8s(f, &s->sense_key);
2807 qemu_put_8s(f, &s->asc);
2808 /* XXX: if a transfer is pending, we do not save it yet */
2809}
2810
2811/* load per IDE drive data */
2812static void ide_load(QEMUFile* f, IDEState *s)
2813{
bee8d684
TS		 2814 s->mult_sectors=qemu_get_be32(f);
2815 s->identify_set=qemu_get_be32(f);
aa941b94
AZ		 2816 if (s->identify_set) {
2817 qemu_get_buffer(f, (uint8_t *)s->identify_data, 512);
2818 }
2819 qemu_get_8s(f, &s->feature);
2820 qemu_get_8s(f, &s->error);
2821 qemu_get_be32s(f, &s->nsector);
2822 qemu_get_8s(f, &s->sector);
2823 qemu_get_8s(f, &s->lcyl);
2824 qemu_get_8s(f, &s->hcyl);
2825 qemu_get_8s(f, &s->hob_feature);
2826 qemu_get_8s(f, &s->hob_nsector);
2827 qemu_get_8s(f, &s->hob_sector);
2828 qemu_get_8s(f, &s->hob_lcyl);
2829 qemu_get_8s(f, &s->hob_hcyl);
2830 qemu_get_8s(f, &s->select);
2831 qemu_get_8s(f, &s->status);
2832 qemu_get_8s(f, &s->lba48);
2833
2834 qemu_get_8s(f, &s->sense_key);
2835 qemu_get_8s(f, &s->asc);
2836 /* XXX: if a transfer is pending, we do not save it yet */
2837}
2838
34e538ae
FB		 2839/***********************************************************/
2840/* ISA IDE definitions */
2841
d537cf6c 2842void isa_ide_init(int iobase, int iobase2, qemu_irq irq,
34e538ae
FB		 2843 BlockDriverState *hd0, BlockDriverState *hd1)
2844{
2845 IDEState *ide_state;
2846
2847 ide_state = qemu_mallocz(sizeof(IDEState) * 2);
2848 if (!ide_state)
2849 return;
3b46e624 2850
d537cf6c 2851 ide_init2(ide_state, hd0, hd1, irq);
34e538ae
FB		 2852 ide_init_ioport(ide_state, iobase, iobase2);
2853}
2854
69b91039
FB		 2855/***********************************************************/
2856/* PCI IDE definitions */
2857
5457c8ce
FB		 2858static void cmd646_update_irq(PCIIDEState *d);
2859
5fafdf24 2860static void ide_map(PCIDevice *pci_dev, int region_num,
69b91039
FB		 2861 uint32_t addr, uint32_t size, int type)
2862{
2863 PCIIDEState *d = (PCIIDEState *)pci_dev;
2864 IDEState *ide_state;
2865
2866 if (region_num <= 3) {
2867 ide_state = &d->ide_if[(region_num >> 1) * 2];
2868 if (region_num & 1) {
2869 register_ioport_read(addr + 2, 1, 1, ide_status_read, ide_state);
2870 register_ioport_write(addr + 2, 1, 1, ide_cmd_write, ide_state);
2871 } else {
2872 register_ioport_write(addr, 8, 1, ide_ioport_write, ide_state);
2873 register_ioport_read(addr, 8, 1, ide_ioport_read, ide_state);
2874
2875 /* data ports */
2876 register_ioport_write(addr, 2, 2, ide_data_writew, ide_state);
2877 register_ioport_read(addr, 2, 2, ide_data_readw, ide_state);
2878 register_ioport_write(addr, 4, 4, ide_data_writel, ide_state);
2879 register_ioport_read(addr, 4, 4, ide_data_readl, ide_state);
2880 }
2881 }
2882}
2883
8ccad811 2884static void ide_dma_start(IDEState *s, BlockDriverCompletionFunc *dma_cb)
98087450
FB		 2885{
2886 BMDMAState *bm = s->bmdma;
2887 if(!bm)
2888 return;
2889 bm->ide_if = s;
2890 bm->dma_cb = dma_cb;
8ccad811
FB		 2891 bm->cur_prd_last = 0;
2892 bm->cur_prd_addr = 0;
2893 bm->cur_prd_len = 0;
428c5705
AL		 2894 bm->sector_num = ide_get_sector(s);
2895 bm->nsector = s->nsector;
98087450 2896 if (bm->status & BM_STATUS_DMAING) {
8ccad811 2897 bm->dma_cb(bm, 0);
98087450
FB		 2898 }
2899}
2900
428c5705
AL		 2901static void ide_dma_restart(IDEState *s)
2902{
2903 BMDMAState *bm = s->bmdma;
2904 ide_set_sector(s, bm->sector_num);
2905 s->io_buffer_index = 0;
2906 s->io_buffer_size = 0;
2907 s->nsector = bm->nsector;
2908 bm->cur_addr = bm->addr;
2909 bm->dma_cb = ide_write_dma_cb;
2910 ide_dma_start(s, bm->dma_cb);
2911}
2912
72c7b06c
AL		 2913static void ide_dma_cancel(BMDMAState *bm)
2914{
2915 if (bm->status & BM_STATUS_DMAING) {
2916 bm->status &= ~BM_STATUS_DMAING;
2917 /* cancel DMA request */
2918 bm->ide_if = NULL;
2919 bm->dma_cb = NULL;
2920 if (bm->aiocb) {
2921#ifdef DEBUG_AIO
2922 printf("aio_cancel\n");
2923#endif
2924 bdrv_aio_cancel(bm->aiocb);
2925 bm->aiocb = NULL;
2926 }
2927 }
2928}
2929
98087450
FB		 2930static void bmdma_cmd_writeb(void *opaque, uint32_t addr, uint32_t val)
2931{
2932 BMDMAState *bm = opaque;
2933#ifdef DEBUG_IDE
2934 printf("%s: 0x%08x\n", __func__, val);
2935#endif
2936 if (!(val & BM_CMD_START)) {
2937 /* XXX: do it better */
72c7b06c 2938 ide_dma_cancel(bm);
98087450
FB		 2939 bm->cmd = val & 0x09;
2940 } else {
8ccad811
FB		 2941 if (!(bm->status & BM_STATUS_DMAING)) {
2942 bm->status |= BM_STATUS_DMAING;
2943 /* start dma transfer if possible */
2944 if (bm->dma_cb)
2945 bm->dma_cb(bm, 0);
2946 }
98087450 2947 bm->cmd = val & 0x09;
98087450
FB		 2948 }
2949}
2950
5457c8ce 2951static uint32_t bmdma_readb(void *opaque, uint32_t addr)
98087450
FB		 2952{
2953 BMDMAState *bm = opaque;
5457c8ce 2954 PCIIDEState *pci_dev;
98087450 2955 uint32_t val;
3b46e624 2956
5457c8ce 2957 switch(addr & 3) {
5fafdf24 2958 case 0:
5457c8ce
FB		 2959 val = bm->cmd;
2960 break;
2961 case 1:
2962 pci_dev = bm->pci_dev;
2963 if (pci_dev->type == IDE_TYPE_CMD646) {
2964 val = pci_dev->dev.config[MRDMODE];
2965 } else {
2966 val = 0xff;
2967 }
2968 break;
2969 case 2:
2970 val = bm->status;
2971 break;
2972 case 3:
2973 pci_dev = bm->pci_dev;
2974 if (pci_dev->type == IDE_TYPE_CMD646) {
2975 if (bm == &pci_dev->bmdma[0])
2976 val = pci_dev->dev.config[UDIDETCR0];
2977 else
2978 val = pci_dev->dev.config[UDIDETCR1];
2979 } else {
2980 val = 0xff;
2981 }
2982 break;
2983 default:
2984 val = 0xff;
2985 break;
2986 }
98087450 2987#ifdef DEBUG_IDE
5457c8ce 2988 printf("bmdma: readb 0x%02x : 0x%02x\n", addr, val);
98087450
FB		 2989#endif
2990 return val;
2991}
2992
5457c8ce 2993static void bmdma_writeb(void *opaque, uint32_t addr, uint32_t val)
98087450
FB		 2994{
2995 BMDMAState *bm = opaque;
5457c8ce 2996 PCIIDEState *pci_dev;
98087450 2997#ifdef DEBUG_IDE
5457c8ce 2998 printf("bmdma: writeb 0x%02x : 0x%02x\n", addr, val);
98087450 2999#endif
5457c8ce
FB		 3000 switch(addr & 3) {
3001 case 1:
3002 pci_dev = bm->pci_dev;
3003 if (pci_dev->type == IDE_TYPE_CMD646) {
5fafdf24 3004 pci_dev->dev.config[MRDMODE] =
5457c8ce
FB		 3005 (pci_dev->dev.config[MRDMODE] & ~0x30) | (val & 0x30);
3006 cmd646_update_irq(pci_dev);
3007 }
3008 break;
3009 case 2:
3010 bm->status = (val & 0x60) | (bm->status & 1) | (bm->status & ~val & 0x06);
3011 break;
3012 case 3:
3013 pci_dev = bm->pci_dev;
3014 if (pci_dev->type == IDE_TYPE_CMD646) {
3015 if (bm == &pci_dev->bmdma[0])
3016 pci_dev->dev.config[UDIDETCR0] = val;
3017 else
3018 pci_dev->dev.config[UDIDETCR1] = val;
3019 }
3020 break;
3021 }
98087450
FB		 3022}
3023
5b9a1293
AJ		 3024static uint32_t bmdma_addr_readb(void *opaque, uint32_t addr)
3025{
3026 BMDMAState *bm = opaque;
3027 uint32_t val;
3028 val = (bm->addr >> ((addr & 3) * 8)) & 0xff;
3029#ifdef DEBUG_IDE
3030 printf("%s: 0x%08x\n", __func__, val);
3031#endif
3032 return val;
3033}
3034
3035static void bmdma_addr_writeb(void *opaque, uint32_t addr, uint32_t val)
3036{
3037 BMDMAState *bm = opaque;
3038 int shift = (addr & 3) * 8;
3039#ifdef DEBUG_IDE
3040 printf("%s: 0x%08x\n", __func__, val);
3041#endif
3042 bm->addr &= ~(0xFF << shift);
3043 bm->addr |= ((val & 0xFF) << shift) & ~3;
3044 bm->cur_addr = bm->addr;
3045}
3046
3047static uint32_t bmdma_addr_readw(void *opaque, uint32_t addr)
3048{
3049 BMDMAState *bm = opaque;
3050 uint32_t val;
3051 val = (bm->addr >> ((addr & 3) * 8)) & 0xffff;
3052#ifdef DEBUG_IDE
3053 printf("%s: 0x%08x\n", __func__, val);
3054#endif
3055 return val;
3056}
3057
3058static void bmdma_addr_writew(void *opaque, uint32_t addr, uint32_t val)
3059{
3060 BMDMAState *bm = opaque;
3061 int shift = (addr & 3) * 8;
3062#ifdef DEBUG_IDE
3063 printf("%s: 0x%08x\n", __func__, val);
3064#endif
3065 bm->addr &= ~(0xFFFF << shift);
3066 bm->addr |= ((val & 0xFFFF) << shift) & ~3;
3067 bm->cur_addr = bm->addr;
3068}
3069
98087450
FB		 3070static uint32_t bmdma_addr_readl(void *opaque, uint32_t addr)
3071{
3072 BMDMAState *bm = opaque;
3073 uint32_t val;
3074 val = bm->addr;
3075#ifdef DEBUG_IDE
3076 printf("%s: 0x%08x\n", __func__, val);
3077#endif
3078 return val;
3079}
3080
3081static void bmdma_addr_writel(void *opaque, uint32_t addr, uint32_t val)
3082{
3083 BMDMAState *bm = opaque;
3084#ifdef DEBUG_IDE
3085 printf("%s: 0x%08x\n", __func__, val);
3086#endif
3087 bm->addr = val & ~3;
30c4bbac 3088 bm->cur_addr = bm->addr;
98087450
FB		 3089}
3090
5fafdf24 3091static void bmdma_map(PCIDevice *pci_dev, int region_num,
98087450
FB		 3092 uint32_t addr, uint32_t size, int type)
3093{
3094 PCIIDEState *d = (PCIIDEState *)pci_dev;
3095 int i;
3096
3097 for(i = 0;i < 2; i++) {
3098 BMDMAState *bm = &d->bmdma[i];
3099 d->ide_if[2 * i].bmdma = bm;
3100 d->ide_if[2 * i + 1].bmdma = bm;
5457c8ce 3101 bm->pci_dev = (PCIIDEState *)pci_dev;
428c5705 3102 qemu_add_vm_change_state_handler(ide_dma_restart_cb, bm);
5457c8ce 3103
98087450 3104 register_ioport_write(addr, 1, 1, bmdma_cmd_writeb, bm);
98087450 3105
5457c8ce
FB		 3106 register_ioport_write(addr + 1, 3, 1, bmdma_writeb, bm);
3107 register_ioport_read(addr, 4, 1, bmdma_readb, bm);
98087450 3108
5b9a1293
AJ		 3109 register_ioport_write(addr + 4, 4, 1, bmdma_addr_writeb, bm);
3110 register_ioport_read(addr + 4, 4, 1, bmdma_addr_readb, bm);
3111 register_ioport_write(addr + 4, 4, 2, bmdma_addr_writew, bm);
3112 register_ioport_read(addr + 4, 4, 2, bmdma_addr_readw, bm);
98087450
FB		 3113 register_ioport_write(addr + 4, 4, 4, bmdma_addr_writel, bm);
3114 register_ioport_read(addr + 4, 4, 4, bmdma_addr_readl, bm);
3115 addr += 8;
3116 }
3117}
3118
9b64997f
BS		 3119static void pci_ide_save(QEMUFile* f, void *opaque)
3120{
3121 PCIIDEState *d = opaque;
3122 int i;
3123
3124 pci_device_save(&d->dev, f);
3125
3126 for(i = 0; i < 2; i++) {
3127 BMDMAState *bm = &d->bmdma[i];
428c5705 3128 uint8_t ifidx;
9b64997f
BS		 3129 qemu_put_8s(f, &bm->cmd);
3130 qemu_put_8s(f, &bm->status);
3131 qemu_put_be32s(f, &bm->addr);
428c5705
AL		 3132 qemu_put_sbe64s(f, &bm->sector_num);
3133 qemu_put_be32s(f, &bm->nsector);
3134 ifidx = bm->ide_if ? bm->ide_if - d->ide_if : 0;
3135 qemu_put_8s(f, &ifidx);
9b64997f
BS		 3136 /* XXX: if a transfer is pending, we do not save it yet */
3137 }
3138
3139 /* per IDE interface data */
3140 for(i = 0; i < 2; i++) {
3141 IDEState *s = &d->ide_if[i * 2];
3142 uint8_t drive1_selected;
3143 qemu_put_8s(f, &s->cmd);
3144 drive1_selected = (s->cur_drive != s);
3145 qemu_put_8s(f, &drive1_selected);
3146 }
3147
3148 /* per IDE drive data */
3149 for(i = 0; i < 4; i++) {
3150 ide_save(f, &d->ide_if[i]);
3151 }
3152}
3153
3154static int pci_ide_load(QEMUFile* f, void *opaque, int version_id)
3155{
3156 PCIIDEState *d = opaque;
3157 int ret, i;
3158
428c5705 3159 if (version_id != 2)
9b64997f
BS		 3160 return -EINVAL;
3161 ret = pci_device_load(&d->dev, f);
3162 if (ret < 0)
3163 return ret;
3164
3165 for(i = 0; i < 2; i++) {
3166 BMDMAState *bm = &d->bmdma[i];
428c5705 3167 uint8_t ifidx;
9b64997f
BS		 3168 qemu_get_8s(f, &bm->cmd);
3169 qemu_get_8s(f, &bm->status);
3170 qemu_get_be32s(f, &bm->addr);
428c5705
AL		 3171 qemu_get_sbe64s(f, &bm->sector_num);
3172 qemu_get_be32s(f, &bm->nsector);
3173 qemu_get_8s(f, &ifidx);
3174 bm->ide_if = &d->ide_if[ifidx];
9b64997f
BS		 3175 /* XXX: if a transfer is pending, we do not save it yet */
3176 }
3177
3178 /* per IDE interface data */
3179 for(i = 0; i < 2; i++) {
3180 IDEState *s = &d->ide_if[i * 2];
3181 uint8_t drive1_selected;
3182 qemu_get_8s(f, &s->cmd);
3183 qemu_get_8s(f, &drive1_selected);
3184 s->cur_drive = &d->ide_if[i * 2 + (drive1_selected != 0)];
3185 }
3186
3187 /* per IDE drive data */
3188 for(i = 0; i < 4; i++) {
3189 ide_load(f, &d->ide_if[i]);
3190 }
3191 return 0;
3192}
3193
5457c8ce
FB		 3194/* XXX: call it also when the MRDMODE is changed from the PCI config
3195 registers */
3196static void cmd646_update_irq(PCIIDEState *d)
3197{
3198 int pci_level;
3199 pci_level = ((d->dev.config[MRDMODE] & MRDMODE_INTR_CH0) &&
3200 !(d->dev.config[MRDMODE] & MRDMODE_BLK_CH0)) ||
3201 ((d->dev.config[MRDMODE] & MRDMODE_INTR_CH1) &&
3202 !(d->dev.config[MRDMODE] & MRDMODE_BLK_CH1));
d537cf6c 3203 qemu_set_irq(d->dev.irq[0], pci_level);
5457c8ce
FB		 3204}
3205
3206/* the PCI irq level is the logical OR of the two channels */
3207static void cmd646_set_irq(void *opaque, int channel, int level)
3208{
3209 PCIIDEState *d = opaque;
3210 int irq_mask;
3211
3212 irq_mask = MRDMODE_INTR_CH0 << channel;
3213 if (level)
3214 d->dev.config[MRDMODE] |= irq_mask;
3215 else
3216 d->dev.config[MRDMODE] &= ~irq_mask;
3217 cmd646_update_irq(d);
3218}
3219
6e6b7363
BS		 3220static void cmd646_reset(void *opaque)
3221{
3222 PCIIDEState *d = opaque;
3223 unsigned int i;
3224
3225 for (i = 0; i < 2; i++)
3226 ide_dma_cancel(&d->bmdma[i]);
3227}
3228
5457c8ce
FB		 3229/* CMD646 PCI IDE controller */
3230void pci_cmd646_ide_init(PCIBus *bus, BlockDriverState **hd_table,
3231 int secondary_ide_enabled)
69b91039
FB		 3232{
3233 PCIIDEState *d;
3234 uint8_t *pci_conf;
34e538ae 3235 int i;
d537cf6c 3236 qemu_irq *irq;
34e538ae 3237
5fafdf24 3238 d = (PCIIDEState *)pci_register_device(bus, "CMD646 IDE",
5457c8ce 3239 sizeof(PCIIDEState),
5fafdf24 3240 -1,
73c11f63 3241 NULL, NULL);
5457c8ce 3242 d->type = IDE_TYPE_CMD646;
69b91039 3243 pci_conf = d->dev.config;
5457c8ce
FB		 3244 pci_conf[0x00] = 0x95; // CMD646
3245 pci_conf[0x01] = 0x10;
3246 pci_conf[0x02] = 0x46;
3247 pci_conf[0x03] = 0x06;
3248
3249 pci_conf[0x08] = 0x07; // IDE controller revision
5fafdf24 3250 pci_conf[0x09] = 0x8f;
5457c8ce 3251
69b91039
FB		 3252 pci_conf[0x0a] = 0x01; // class_sub = PCI_IDE
3253 pci_conf[0x0b] = 0x01; // class_base = PCI_mass_storage
5457c8ce 3254 pci_conf[0x0e] = 0x00; // header_type
3b46e624 3255
0516ede0 3256 pci_conf[0x51] = 0x04; // enable IDE0
5457c8ce
FB		 3257 if (secondary_ide_enabled) {
3258 /* XXX: if not enabled, really disable the seconday IDE controller */
0516ede0 3259 pci_conf[0x51] |= 0x08; /* enable IDE1 */
5457c8ce 3260 }
69b91039 3261
5fafdf24 3262 pci_register_io_region((PCIDevice *)d, 0, 0x8,
69b91039 3263 PCI_ADDRESS_SPACE_IO, ide_map);
5fafdf24 3264 pci_register_io_region((PCIDevice *)d, 1, 0x4,
69b91039 3265 PCI_ADDRESS_SPACE_IO, ide_map);
5fafdf24 3266 pci_register_io_region((PCIDevice *)d, 2, 0x8,
69b91039 3267 PCI_ADDRESS_SPACE_IO, ide_map);
5fafdf24 3268 pci_register_io_region((PCIDevice *)d, 3, 0x4,
69b91039 3269 PCI_ADDRESS_SPACE_IO, ide_map);
5fafdf24 3270 pci_register_io_region((PCIDevice *)d, 4, 0x10,
98087450 3271 PCI_ADDRESS_SPACE_IO, bmdma_map);
69b91039 3272
34e538ae 3273 pci_conf[0x3d] = 0x01; // interrupt on pin 1
3b46e624 3274
34e538ae
FB		 3275 for(i = 0; i < 4; i++)
3276 d->ide_if[i].pci_dev = (PCIDevice *)d;
d537cf6c
PB		 3277
3278 irq = qemu_allocate_irqs(cmd646_set_irq, d, 2);
3279 ide_init2(&d->ide_if[0], hd_table[0], hd_table[1], irq[0]);
3280 ide_init2(&d->ide_if[2], hd_table[2], hd_table[3], irq[1]);
6e6b7363 3281
428c5705 3282 register_savevm("ide", 0, 2, pci_ide_save, pci_ide_load, d);
6e6b7363
BS		 3283 qemu_register_reset(cmd646_reset, d);
3284 cmd646_reset(d);
34e538ae
FB		 3285}
3286
72c7b06c 3287static void piix3_reset(void *opaque)
e6a71ae3 3288{
72c7b06c 3289 PCIIDEState *d = opaque;
e6a71ae3 3290 uint8_t *pci_conf = d->dev.config;
72c7b06c
AL		 3291 int i;
3292
3293 for (i = 0; i < 2; i++)
3294 ide_dma_cancel(&d->bmdma[i]);
e6a71ae3
TS		 3295
3296 pci_conf[0x04] = 0x00;
3297 pci_conf[0x05] = 0x00;
3298 pci_conf[0x06] = 0x80; /* FBC */
3299 pci_conf[0x07] = 0x02; // PCI_status_devsel_medium
3300 pci_conf[0x20] = 0x01; /* BMIBA: 20-23h */
3301}
3302
34e538ae
FB		 3303/* hd_table must contain 4 block drivers */
3304/* NOTE: for the PIIX3, the IRQs and IOports are hardcoded */
d537cf6c
PB		 3305void pci_piix3_ide_init(PCIBus *bus, BlockDriverState **hd_table, int devfn,
3306 qemu_irq *pic)
34e538ae
FB		 3307{
3308 PCIIDEState *d;
3309 uint8_t *pci_conf;
3b46e624 3310
34e538ae 3311 /* register a function 1 of PIIX3 */
5fafdf24 3312 d = (PCIIDEState *)pci_register_device(bus, "PIIX3 IDE",
46e50e9d 3313 sizeof(PCIIDEState),
502a5395 3314 devfn,
34e538ae 3315 NULL, NULL);
5457c8ce
FB		 3316 d->type = IDE_TYPE_PIIX3;
3317
34e538ae
FB		 3318 pci_conf = d->dev.config;
3319 pci_conf[0x00] = 0x86; // Intel
3320 pci_conf[0x01] = 0x80;
3321 pci_conf[0x02] = 0x10;
3322 pci_conf[0x03] = 0x70;
92510b8c 3323 pci_conf[0x09] = 0x80; // legacy ATA mode
34e538ae
FB		 3324 pci_conf[0x0a] = 0x01; // class_sub = PCI_IDE
3325 pci_conf[0x0b] = 0x01; // class_base = PCI_mass_storage
3326 pci_conf[0x0e] = 0x00; // header_type
3327
72c7b06c 3328 qemu_register_reset(piix3_reset, d);
e6a71ae3
TS		 3329 piix3_reset(d);
3330
5fafdf24 3331 pci_register_io_region((PCIDevice *)d, 4, 0x10,
98087450 3332 PCI_ADDRESS_SPACE_IO, bmdma_map);
34e538ae 3333
d537cf6c
PB		 3334 ide_init2(&d->ide_if[0], hd_table[0], hd_table[1], pic[14]);
3335 ide_init2(&d->ide_if[2], hd_table[2], hd_table[3], pic[15]);
34e538ae
FB		 3336 ide_init_ioport(&d->ide_if[0], 0x1f0, 0x3f6);
3337 ide_init_ioport(&d->ide_if[2], 0x170, 0x376);
c3d78997 3338
428c5705 3339 register_savevm("ide", 0, 2, pci_ide_save, pci_ide_load, d);
69b91039 3340}
1ade1de2 3341
afcc3cdf
TS		 3342/* hd_table must contain 4 block drivers */
3343/* NOTE: for the PIIX4, the IRQs and IOports are hardcoded */
3344void pci_piix4_ide_init(PCIBus *bus, BlockDriverState **hd_table, int devfn,
3345 qemu_irq *pic)
3346{
3347 PCIIDEState *d;
3348 uint8_t *pci_conf;
3349
3350 /* register a function 1 of PIIX4 */
3351 d = (PCIIDEState *)pci_register_device(bus, "PIIX4 IDE",
3352 sizeof(PCIIDEState),
3353 devfn,
3354 NULL, NULL);
3355 d->type = IDE_TYPE_PIIX4;
3356
3357 pci_conf = d->dev.config;
3358 pci_conf[0x00] = 0x86; // Intel
3359 pci_conf[0x01] = 0x80;
3360 pci_conf[0x02] = 0x11;
3361 pci_conf[0x03] = 0x71;
3362 pci_conf[0x09] = 0x80; // legacy ATA mode
3363 pci_conf[0x0a] = 0x01; // class_sub = PCI_IDE
3364 pci_conf[0x0b] = 0x01; // class_base = PCI_mass_storage
3365 pci_conf[0x0e] = 0x00; // header_type
3366
72c7b06c 3367 qemu_register_reset(piix3_reset, d);
afcc3cdf
TS		 3368 piix3_reset(d);
3369
3370 pci_register_io_region((PCIDevice *)d, 4, 0x10,
3371 PCI_ADDRESS_SPACE_IO, bmdma_map);
3372
3373 ide_init2(&d->ide_if[0], hd_table[0], hd_table[1], pic[14]);
3374 ide_init2(&d->ide_if[2], hd_table[2], hd_table[3], pic[15]);
3375 ide_init_ioport(&d->ide_if[0], 0x1f0, 0x3f6);
3376 ide_init_ioport(&d->ide_if[2], 0x170, 0x376);
3377
428c5705 3378 register_savevm("ide", 0, 2, pci_ide_save, pci_ide_load, d);
afcc3cdf
TS		 3379}
3380
1ade1de2
FB		 3381/***********************************************************/
3382/* MacIO based PowerPC IDE */
3383
3384/* PowerMac IDE memory IO */
3385static void pmac_ide_writeb (void *opaque,
3386 target_phys_addr_t addr, uint32_t val)
3387{
5fafdf24 3388 addr = (addr & 0xFFF) >> 4;
1ade1de2
FB		 3389 switch (addr) {
3390 case 1 ... 7:
3391 ide_ioport_write(opaque, addr, val);
3392 break;
3393 case 8:
3394 case 22:
3395 ide_cmd_write(opaque, 0, val);
3396 break;
3397 default:
3398 break;
3399 }
3400}
3401
3402static uint32_t pmac_ide_readb (void *opaque,target_phys_addr_t addr)
3403{
3404 uint8_t retval;
3405
3406 addr = (addr & 0xFFF) >> 4;
3407 switch (addr) {
3408 case 1 ... 7:
3409 retval = ide_ioport_read(opaque, addr);
3410 break;
3411 case 8:
3412 case 22:
3413 retval = ide_status_read(opaque, 0);
3414 break;
3415 default:
3416 retval = 0xFF;
3417 break;
3418 }
3419 return retval;
3420}
3421
3422static void pmac_ide_writew (void *opaque,
3423 target_phys_addr_t addr, uint32_t val)
3424{
5fafdf24 3425 addr = (addr & 0xFFF) >> 4;
1ade1de2
FB		 3426#ifdef TARGET_WORDS_BIGENDIAN
3427 val = bswap16(val);
3428#endif
3429 if (addr == 0) {
3430 ide_data_writew(opaque, 0, val);
3431 }
3432}
3433
3434static uint32_t pmac_ide_readw (void *opaque,target_phys_addr_t addr)
3435{
3436 uint16_t retval;
3437
5fafdf24 3438 addr = (addr & 0xFFF) >> 4;
1ade1de2
FB		 3439 if (addr == 0) {
3440 retval = ide_data_readw(opaque, 0);
3441 } else {
3442 retval = 0xFFFF;
3443 }
3444#ifdef TARGET_WORDS_BIGENDIAN
3445 retval = bswap16(retval);
3446#endif
3447 return retval;
3448}
3449
3450static void pmac_ide_writel (void *opaque,
3451 target_phys_addr_t addr, uint32_t val)
3452{
5fafdf24 3453 addr = (addr & 0xFFF) >> 4;
1ade1de2
FB		 3454#ifdef TARGET_WORDS_BIGENDIAN
3455 val = bswap32(val);
3456#endif
3457 if (addr == 0) {
3458 ide_data_writel(opaque, 0, val);
3459 }
3460}
3461
3462static uint32_t pmac_ide_readl (void *opaque,target_phys_addr_t addr)
3463{
3464 uint32_t retval;
3465
5fafdf24 3466 addr = (addr & 0xFFF) >> 4;
1ade1de2
FB		 3467 if (addr == 0) {
3468 retval = ide_data_readl(opaque, 0);
3469 } else {
3470 retval = 0xFFFFFFFF;
3471 }
3472#ifdef TARGET_WORDS_BIGENDIAN
3473 retval = bswap32(retval);
3474#endif
3475 return retval;
3476}
3477
3478static CPUWriteMemoryFunc *pmac_ide_write[] = {
3479 pmac_ide_writeb,
3480 pmac_ide_writew,
3481 pmac_ide_writel,
3482};
3483
3484static CPUReadMemoryFunc *pmac_ide_read[] = {
3485 pmac_ide_readb,
3486 pmac_ide_readw,
3487 pmac_ide_readl,
3488};
3489
9b64997f
BS		 3490static void pmac_ide_save(QEMUFile *f, void *opaque)
3491{
3492 IDEState *s = (IDEState *)opaque;
3493 uint8_t drive1_selected;
3494 unsigned int i;
3495
3496 /* per IDE interface data */
3497 qemu_put_8s(f, &s->cmd);
3498 drive1_selected = (s->cur_drive != s);
3499 qemu_put_8s(f, &drive1_selected);
3500
3501 /* per IDE drive data */
3502 for(i = 0; i < 2; i++) {
3503 ide_save(f, &s[i]);
3504 }
3505}
3506
3507static int pmac_ide_load(QEMUFile *f, void *opaque, int version_id)
3508{
3509 IDEState *s = (IDEState *)opaque;
3510 uint8_t drive1_selected;
3511 unsigned int i;
3512
3513 if (version_id != 1)
3514 return -EINVAL;
3515
3516 /* per IDE interface data */
3517 qemu_get_8s(f, &s->cmd);
3518 qemu_get_8s(f, &drive1_selected);
3519 s->cur_drive = &s[(drive1_selected != 0)];
3520
3521 /* per IDE drive data */
3522 for(i = 0; i < 2; i++) {
3523 ide_load(f, &s[i]);
3524 }
3525 return 0;
3526}
3527
6e6b7363
BS		 3528static void pmac_ide_reset(void *opaque)
3529{
3530 IDEState *s = (IDEState *)opaque;
3531
3532 ide_reset(&s[0]);
3533 ide_reset(&s[1]);
3534}
3535
1ade1de2
FB		 3536/* hd_table must contain 4 block drivers */
3537/* PowerMac uses memory mapped registers, not I/O. Return the memory
3538 I/O index to access the ide. */
d537cf6c 3539int pmac_ide_init (BlockDriverState **hd_table, qemu_irq irq)
1ade1de2
FB		 3540{
3541 IDEState *ide_if;
3542 int pmac_ide_memory;
3543
3544 ide_if = qemu_mallocz(sizeof(IDEState) * 2);
d537cf6c 3545 ide_init2(&ide_if[0], hd_table[0], hd_table[1], irq);
3b46e624 3546
1ade1de2
FB		 3547 pmac_ide_memory = cpu_register_io_memory(0, pmac_ide_read,
3548 pmac_ide_write, &ide_if[0]);
9b64997f 3549 register_savevm("ide", 0, 1, pmac_ide_save, pmac_ide_load, &ide_if[0]);
6e6b7363
BS		 3550 qemu_register_reset(pmac_ide_reset, &ide_if[0]);
3551 pmac_ide_reset(&ide_if[0]);
1ade1de2
FB		 3552 return pmac_ide_memory;
3553}
201a51fc 3554
a4a771c0
AZ		 3555/***********************************************************/
3556/* MMIO based ide port
3557 * This emulates IDE device connected directly to the CPU bus without
3558 * dedicated ide controller, which is often seen on embedded boards.
3559 */
3560
3561typedef struct {
3562 void *dev;
3563 int shift;
3564} MMIOState;
3565
3566static uint32_t mmio_ide_read (void *opaque, target_phys_addr_t addr)
3567{
3568 MMIOState *s = (MMIOState*)opaque;
3569 IDEState *ide = (IDEState*)s->dev;
3570 addr >>= s->shift;
3571 if (addr & 7)
3572 return ide_ioport_read(ide, addr);
3573 else
3574 return ide_data_readw(ide, 0);
3575}
3576
3577static void mmio_ide_write (void *opaque, target_phys_addr_t addr,
3578 uint32_t val)
3579{
3580 MMIOState *s = (MMIOState*)opaque;
3581 IDEState *ide = (IDEState*)s->dev;
3582 addr >>= s->shift;
3583 if (addr & 7)
3584 ide_ioport_write(ide, addr, val);
3585 else
3586 ide_data_writew(ide, 0, val);
3587}
3588
3589static CPUReadMemoryFunc *mmio_ide_reads[] = {
3590 mmio_ide_read,
3591 mmio_ide_read,
3592 mmio_ide_read,
3593};
3594
3595static CPUWriteMemoryFunc *mmio_ide_writes[] = {
3596 mmio_ide_write,
3597 mmio_ide_write,
3598 mmio_ide_write,
3599};
3600
3601static uint32_t mmio_ide_status_read (void *opaque, target_phys_addr_t addr)
3602{
3603 MMIOState *s= (MMIOState*)opaque;
3604 IDEState *ide = (IDEState*)s->dev;
3605 return ide_status_read(ide, 0);
3606}
3607
3608static void mmio_ide_cmd_write (void *opaque, target_phys_addr_t addr,
3609 uint32_t val)
3610{
3611 MMIOState *s = (MMIOState*)opaque;
3612 IDEState *ide = (IDEState*)s->dev;
3613 ide_cmd_write(ide, 0, val);
3614}
3615
3616static CPUReadMemoryFunc *mmio_ide_status[] = {
3617 mmio_ide_status_read,
3618 mmio_ide_status_read,
3619 mmio_ide_status_read,
3620};
3621
3622static CPUWriteMemoryFunc *mmio_ide_cmd[] = {
3623 mmio_ide_cmd_write,
3624 mmio_ide_cmd_write,
3625 mmio_ide_cmd_write,
3626};
3627
3628void mmio_ide_init (target_phys_addr_t membase, target_phys_addr_t membase2,
3629 qemu_irq irq, int shift,
3630 BlockDriverState *hd0, BlockDriverState *hd1)
3631{
3632 MMIOState *s = qemu_mallocz(sizeof(MMIOState));
3633 IDEState *ide = qemu_mallocz(sizeof(IDEState) * 2);
3634 int mem1, mem2;
3635
3636 ide_init2(ide, hd0, hd1, irq);
3637
3638 s->dev = ide;
3639 s->shift = shift;
3640
3641 mem1 = cpu_register_io_memory(0, mmio_ide_reads, mmio_ide_writes, s);
3642 mem2 = cpu_register_io_memory(0, mmio_ide_status, mmio_ide_cmd, s);
3643 cpu_register_physical_memory(membase, 16 << shift, mem1);
3644 cpu_register_physical_memory(membase2, 2 << shift, mem2);
3645}
3646
201a51fc
AZ		 3647/***********************************************************/
3648/* CF-ATA Microdrive */
3649
3650#define METADATA_SIZE 0x20
3651
3652/* DSCM-1XXXX Microdrive hard disk with CF+ II / PCMCIA interface. */
3653struct md_s {
3654 IDEState ide[2];
3655 struct pcmcia_card_s card;
3656 uint32_t attr_base;
3657 uint32_t io_base;
3658
3659 /* Card state */
3660 uint8_t opt;
3661 uint8_t stat;
3662 uint8_t pins;
3663
3664 uint8_t ctrl;
3665 uint16_t io;
3666 int cycle;
3667};
3668
3669/* Register bitfields */
3670enum md_opt {
3671 OPT_MODE_MMAP = 0,
3672 OPT_MODE_IOMAP16 = 1,
3673 OPT_MODE_IOMAP1 = 2,
3674 OPT_MODE_IOMAP2 = 3,
3675 OPT_MODE = 0x3f,
3676 OPT_LEVIREQ = 0x40,
3677 OPT_SRESET = 0x80,
3678};
3679enum md_cstat {
3680 STAT_INT = 0x02,
3681 STAT_PWRDWN = 0x04,
3682 STAT_XE = 0x10,
3683 STAT_IOIS8 = 0x20,
3684 STAT_SIGCHG = 0x40,
3685 STAT_CHANGED = 0x80,
3686};
3687enum md_pins {
3688 PINS_MRDY = 0x02,
3689 PINS_CRDY = 0x20,
3690};
3691enum md_ctrl {
3692 CTRL_IEN = 0x02,
3693 CTRL_SRST = 0x04,
3694};
3695
3696static inline void md_interrupt_update(struct md_s *s)
3697{
3698 if (!s->card.slot)
3699 return;
3700
3701 qemu_set_irq(s->card.slot->irq,
3702 !(s->stat & STAT_INT) && /* Inverted */
3703 !(s->ctrl & (CTRL_IEN | CTRL_SRST)) &&
3704 !(s->opt & OPT_SRESET));
3705}
3706
3707static void md_set_irq(void *opaque, int irq, int level)
3708{
3709 struct md_s *s = (struct md_s *) opaque;
3710 if (level)
3711 s->stat |= STAT_INT;
3712 else
3713 s->stat &= ~STAT_INT;
3714
3715 md_interrupt_update(s);
3716}
3717
3718static void md_reset(struct md_s *s)
3719{
3720 s->opt = OPT_MODE_MMAP;
3721 s->stat = 0;
3722 s->pins = 0;
3723 s->cycle = 0;
3724 s->ctrl = 0;
3725 ide_reset(s->ide);
3726}
3727
9e315fa9 3728static uint8_t md_attr_read(void *opaque, uint32_t at)
201a51fc
AZ		 3729{
3730 struct md_s *s = (struct md_s *) opaque;
3731 if (at < s->attr_base) {
3732 if (at < s->card.cis_len)
3733 return s->card.cis[at];
3734 else
3735 return 0x00;
3736 }
3737
3738 at -= s->attr_base;
3739
3740 switch (at) {
3741 case 0x00: /* Configuration Option Register */
3742 return s->opt;
3743 case 0x02: /* Card Configuration Status Register */
3744 if (s->ctrl & CTRL_IEN)
3745 return s->stat & ~STAT_INT;
3746 else
3747 return s->stat;
3748 case 0x04: /* Pin Replacement Register */
3749 return (s->pins & PINS_CRDY) | 0x0c;
3750 case 0x06: /* Socket and Copy Register */
3751 return 0x00;
3752#ifdef VERBOSE
3753 default:
3754 printf("%s: Bad attribute space register %02x\n", __FUNCTION__, at);
3755#endif
3756 }
3757
3758 return 0;
3759}
3760
9e315fa9 3761static void md_attr_write(void *opaque, uint32_t at, uint8_t value)
201a51fc
AZ		 3762{
3763 struct md_s *s = (struct md_s *) opaque;
3764 at -= s->attr_base;
3765
3766 switch (at) {
3767 case 0x00: /* Configuration Option Register */
3768 s->opt = value & 0xcf;
3769 if (value & OPT_SRESET)
3770 md_reset(s);
3771 md_interrupt_update(s);
3772 break;
3773 case 0x02: /* Card Configuration Status Register */
3774 if ((s->stat ^ value) & STAT_PWRDWN)
3775 s->pins |= PINS_CRDY;
3776 s->stat &= 0x82;
3777 s->stat |= value & 0x74;
3778 md_interrupt_update(s);
3779 /* Word 170 in Identify Device must be equal to STAT_XE */
3780 break;
3781 case 0x04: /* Pin Replacement Register */
3782 s->pins &= PINS_CRDY;
3783 s->pins |= value & PINS_MRDY;
3784 break;
3785 case 0x06: /* Socket and Copy Register */
3786 break;
3787 default:
3788 printf("%s: Bad attribute space register %02x\n", __FUNCTION__, at);
3789 }
3790}
3791
9e315fa9 3792static uint16_t md_common_read(void *opaque, uint32_t at)
201a51fc
AZ		 3793{
3794 struct md_s *s = (struct md_s *) opaque;
3795 uint16_t ret;
3796 at -= s->io_base;
3797
3798 switch (s->opt & OPT_MODE) {
3799 case OPT_MODE_MMAP:
3800 if ((at & ~0x3ff) == 0x400)
3801 at = 0;
3802 break;
3803 case OPT_MODE_IOMAP16:
3804 at &= 0xf;
3805 break;
3806 case OPT_MODE_IOMAP1:
3807 if ((at & ~0xf) == 0x3f0)
3808 at -= 0x3e8;
3809 else if ((at & ~0xf) == 0x1f0)
3810 at -= 0x1f0;
3811 break;
3812 case OPT_MODE_IOMAP2:
3813 if ((at & ~0xf) == 0x370)
3814 at -= 0x368;
3815 else if ((at & ~0xf) == 0x170)
3816 at -= 0x170;
3817 }
3818
3819 switch (at) {
3820 case 0x0: /* Even RD Data */
3821 case 0x8:
3822 return ide_data_readw(s->ide, 0);
3823
3824 /* TODO: 8-bit accesses */
3825 if (s->cycle)
3826 ret = s->io >> 8;
3827 else {
3828 s->io = ide_data_readw(s->ide, 0);
3829 ret = s->io & 0xff;
3830 }
3831 s->cycle = !s->cycle;
3832 return ret;
3833 case 0x9: /* Odd RD Data */
3834 return s->io >> 8;
3835 case 0xd: /* Error */
3836 return ide_ioport_read(s->ide, 0x1);
3837 case 0xe: /* Alternate Status */
3838 if (s->ide->cur_drive->bs)
3839 return s->ide->cur_drive->status;
3840 else
3841 return 0;
3842 case 0xf: /* Device Address */
3843 return 0xc2 | ((~s->ide->select << 2) & 0x3c);
3844 default:
3845 return ide_ioport_read(s->ide, at);
3846 }
3847
3848 return 0;
3849}
3850
9e315fa9 3851static void md_common_write(void *opaque, uint32_t at, uint16_t value)
201a51fc
AZ		 3852{
3853 struct md_s *s = (struct md_s *) opaque;
3854 at -= s->io_base;
3855
3856 switch (s->opt & OPT_MODE) {
3857 case OPT_MODE_MMAP:
3858 if ((at & ~0x3ff) == 0x400)
3859 at = 0;
3860 break;
3861 case OPT_MODE_IOMAP16:
3862 at &= 0xf;
3863 break;
3864 case OPT_MODE_IOMAP1:
3865 if ((at & ~0xf) == 0x3f0)
3866 at -= 0x3e8;
3867 else if ((at & ~0xf) == 0x1f0)
3868 at -= 0x1f0;
3869 break;
3870 case OPT_MODE_IOMAP2:
3871 if ((at & ~0xf) == 0x370)
3872 at -= 0x368;
3873 else if ((at & ~0xf) == 0x170)
3874 at -= 0x170;
3875 }
3876
3877 switch (at) {
3878 case 0x0: /* Even WR Data */
3879 case 0x8:
3880 ide_data_writew(s->ide, 0, value);
3881 break;
3882
3883 /* TODO: 8-bit accesses */
3884 if (s->cycle)
3885 ide_data_writew(s->ide, 0, s->io | (value << 8));
3886 else
3887 s->io = value & 0xff;
3888 s->cycle = !s->cycle;
3889 break;
3890 case 0x9:
3891 s->io = value & 0xff;
3892 s->cycle = !s->cycle;
3893 break;
3894 case 0xd: /* Features */
3895 ide_ioport_write(s->ide, 0x1, value);
3896 break;
3897 case 0xe: /* Device Control */
3898 s->ctrl = value;
3899 if (value & CTRL_SRST)
3900 md_reset(s);
3901 md_interrupt_update(s);
3902 break;
3903 default:
3904 if (s->stat & STAT_PWRDWN) {
3905 s->pins |= PINS_CRDY;
3906 s->stat &= ~STAT_PWRDWN;
3907 }
3908 ide_ioport_write(s->ide, at, value);
3909 }
3910}
3911
aa941b94
AZ		 3912static void md_save(QEMUFile *f, void *opaque)
3913{
3914 struct md_s *s = (struct md_s *) opaque;
3915 int i;
3916 uint8_t drive1_selected;
3917
3918 qemu_put_8s(f, &s->opt);
3919 qemu_put_8s(f, &s->stat);
3920 qemu_put_8s(f, &s->pins);
3921
3922 qemu_put_8s(f, &s->ctrl);
3923 qemu_put_be16s(f, &s->io);
3924 qemu_put_byte(f, s->cycle);
3925
3926 drive1_selected = (s->ide->cur_drive != s->ide);
3927 qemu_put_8s(f, &s->ide->cmd);
3928 qemu_put_8s(f, &drive1_selected);
3929
3930 for (i = 0; i < 2; i ++)
3931 ide_save(f, &s->ide[i]);
3932}
3933
3934static int md_load(QEMUFile *f, void *opaque, int version_id)
3935{
3936 struct md_s *s = (struct md_s *) opaque;
3937 int i;
3938 uint8_t drive1_selected;
3939
3940 qemu_get_8s(f, &s->opt);
3941 qemu_get_8s(f, &s->stat);
3942 qemu_get_8s(f, &s->pins);
3943
3944 qemu_get_8s(f, &s->ctrl);
3945 qemu_get_be16s(f, &s->io);
3946 s->cycle = qemu_get_byte(f);
3947
3948 qemu_get_8s(f, &s->ide->cmd);
3949 qemu_get_8s(f, &drive1_selected);
3950 s->ide->cur_drive = &s->ide[(drive1_selected != 0)];
3951
3952 for (i = 0; i < 2; i ++)
3953 ide_load(f, &s->ide[i]);
3954
3955 return 0;
3956}
3957
201a51fc
AZ		 3958static const uint8_t dscm1xxxx_cis[0x14a] = {
3959 [0x000] = CISTPL_DEVICE, /* 5V Device Information */
3960 [0x002] = 0x03, /* Tuple length = 4 bytes */
3961 [0x004] = 0xdb, /* ID: DTYPE_FUNCSPEC, non WP, DSPEED_150NS */
3962 [0x006] = 0x01, /* Size = 2K bytes */
3963 [0x008] = CISTPL_ENDMARK,
3964
3965 [0x00a] = CISTPL_DEVICE_OC, /* Additional Device Information */
3966 [0x00c] = 0x04, /* Tuple length = 4 byest */
3967 [0x00e] = 0x03, /* Conditions: Ext = 0, Vcc 3.3V, MWAIT = 1 */
3968 [0x010] = 0xdb, /* ID: DTYPE_FUNCSPEC, non WP, DSPEED_150NS */
3969 [0x012] = 0x01, /* Size = 2K bytes */
3970 [0x014] = CISTPL_ENDMARK,
3971
3972 [0x016] = CISTPL_JEDEC_C, /* JEDEC ID */
3973 [0x018] = 0x02, /* Tuple length = 2 bytes */
3974 [0x01a] = 0xdf, /* PC Card ATA with no Vpp required */
3975 [0x01c] = 0x01,
3976
3977 [0x01e] = CISTPL_MANFID, /* Manufacture ID */
3978 [0x020] = 0x04, /* Tuple length = 4 bytes */
3979 [0x022] = 0xa4, /* TPLMID_MANF = 00a4 (IBM) */
3980 [0x024] = 0x00,
3981 [0x026] = 0x00, /* PLMID_CARD = 0000 */
3982 [0x028] = 0x00,
3983
3984 [0x02a] = CISTPL_VERS_1, /* Level 1 Version */
3985 [0x02c] = 0x12, /* Tuple length = 23 bytes */
3986 [0x02e] = 0x04, /* Major Version = JEIDA 4.2 / PCMCIA 2.1 */
3987 [0x030] = 0x01, /* Minor Version = 1 */
3988 [0x032] = 'I',
3989 [0x034] = 'B',
3990 [0x036] = 'M',
3991 [0x038] = 0x00,
3992 [0x03a] = 'm',
3993 [0x03c] = 'i',
3994 [0x03e] = 'c',
3995 [0x040] = 'r',
3996 [0x042] = 'o',
3997 [0x044] = 'd',
3998 [0x046] = 'r',
3999 [0x048] = 'i',
4000 [0x04a] = 'v',
4001 [0x04c] = 'e',
4002 [0x04e] = 0x00,
4003 [0x050] = CISTPL_ENDMARK,
4004
4005 [0x052] = CISTPL_FUNCID, /* Function ID */
4006 [0x054] = 0x02, /* Tuple length = 2 bytes */
4007 [0x056] = 0x04, /* TPLFID_FUNCTION = Fixed Disk */
4008 [0x058] = 0x01, /* TPLFID_SYSINIT: POST = 1, ROM = 0 */
4009
4010 [0x05a] = CISTPL_FUNCE, /* Function Extension */
4011 [0x05c] = 0x02, /* Tuple length = 2 bytes */
4012 [0x05e] = 0x01, /* TPLFE_TYPE = Disk Device Interface */
4013 [0x060] = 0x01, /* TPLFE_DATA = PC Card ATA Interface */
4014
4015 [0x062] = CISTPL_FUNCE, /* Function Extension */
4016 [0x064] = 0x03, /* Tuple length = 3 bytes */
4017 [0x066] = 0x02, /* TPLFE_TYPE = Basic PC Card ATA Interface */
4018 [0x068] = 0x08, /* TPLFE_DATA: Rotating, Unique, Single */
4019 [0x06a] = 0x0f, /* TPLFE_DATA: Sleep, Standby, Idle, Auto */
4020
4021 [0x06c] = CISTPL_CONFIG, /* Configuration */
4022 [0x06e] = 0x05, /* Tuple length = 5 bytes */
4023 [0x070] = 0x01, /* TPCC_RASZ = 2 bytes, TPCC_RMSZ = 1 byte */
4024 [0x072] = 0x07, /* TPCC_LAST = 7 */
4025 [0x074] = 0x00, /* TPCC_RADR = 0200 */
4026 [0x076] = 0x02,
4027 [0x078] = 0x0f, /* TPCC_RMSK = 200, 202, 204, 206 */
4028
4029 [0x07a] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
4030 [0x07c] = 0x0b, /* Tuple length = 11 bytes */
4031 [0x07e] = 0xc0, /* TPCE_INDX = Memory Mode, Default, Iface */
4032 [0x080] = 0xc0, /* TPCE_IF = Memory, no BVDs, no WP, READY */
4033 [0x082] = 0xa1, /* TPCE_FS = Vcc only, no I/O, Memory, Misc */
4034 [0x084] = 0x27, /* NomV = 1, MinV = 1, MaxV = 1, Peakl = 1 */
4035 [0x086] = 0x55, /* NomV: 5.0 V */
4036 [0x088] = 0x4d, /* MinV: 4.5 V */
4037 [0x08a] = 0x5d, /* MaxV: 5.5 V */
4038 [0x08c] = 0x4e, /* Peakl: 450 mA */
4039 [0x08e] = 0x08, /* TPCE_MS = 1 window, 1 byte, Host address */
4040 [0x090] = 0x00, /* Window descriptor: Window length = 0 */
4041 [0x092] = 0x20, /* TPCE_MI: support power down mode, RW */
4042
4043 [0x094] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
4044 [0x096] = 0x06, /* Tuple length = 6 bytes */
4045 [0x098] = 0x00, /* TPCE_INDX = Memory Mode, no Default */
4046 [0x09a] = 0x01, /* TPCE_FS = Vcc only, no I/O, no Memory */
4047 [0x09c] = 0x21, /* NomV = 1, MinV = 0, MaxV = 0, Peakl = 1 */
4048 [0x09e] = 0xb5, /* NomV: 3.3 V */
4049 [0x0a0] = 0x1e,
4050 [0x0a2] = 0x3e, /* Peakl: 350 mA */
4051
4052 [0x0a4] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
4053 [0x0a6] = 0x0d, /* Tuple length = 13 bytes */
4054 [0x0a8] = 0xc1, /* TPCE_INDX = I/O and Memory Mode, Default */
4055 [0x0aa] = 0x41, /* TPCE_IF = I/O and Memory, no BVD, no WP */
4056 [0x0ac] = 0x99, /* TPCE_FS = Vcc only, I/O, Interrupt, Misc */
4057 [0x0ae] = 0x27, /* NomV = 1, MinV = 1, MaxV = 1, Peakl = 1 */
4058 [0x0b0] = 0x55, /* NomV: 5.0 V */
4059 [0x0b2] = 0x4d, /* MinV: 4.5 V */
4060 [0x0b4] = 0x5d, /* MaxV: 5.5 V */
4061 [0x0b6] = 0x4e, /* Peakl: 450 mA */
4062 [0x0b8] = 0x64, /* TPCE_IO = 16-byte boundary, 16/8 accesses */
4063 [0x0ba] = 0xf0, /* TPCE_IR = MASK, Level, Pulse, Share */
4064 [0x0bc] = 0xff, /* IRQ0..IRQ7 supported */
4065 [0x0be] = 0xff, /* IRQ8..IRQ15 supported */
4066 [0x0c0] = 0x20, /* TPCE_MI = support power down mode */
4067
4068 [0x0c2] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
4069 [0x0c4] = 0x06, /* Tuple length = 6 bytes */
4070 [0x0c6] = 0x01, /* TPCE_INDX = I/O and Memory Mode */
4071 [0x0c8] = 0x01, /* TPCE_FS = Vcc only, no I/O, no Memory */
4072 [0x0ca] = 0x21, /* NomV = 1, MinV = 0, MaxV = 0, Peakl = 1 */
4073 [0x0cc] = 0xb5, /* NomV: 3.3 V */
4074 [0x0ce] = 0x1e,
4075 [0x0d0] = 0x3e, /* Peakl: 350 mA */
4076
4077 [0x0d2] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
4078 [0x0d4] = 0x12, /* Tuple length = 18 bytes */
4079 [0x0d6] = 0xc2, /* TPCE_INDX = I/O Primary Mode */
4080 [0x0d8] = 0x41, /* TPCE_IF = I/O and Memory, no BVD, no WP */
4081 [0x0da] = 0x99, /* TPCE_FS = Vcc only, I/O, Interrupt, Misc */
4082 [0x0dc] = 0x27, /* NomV = 1, MinV = 1, MaxV = 1, Peakl = 1 */
4083 [0x0de] = 0x55, /* NomV: 5.0 V */
4084 [0x0e0] = 0x4d, /* MinV: 4.5 V */
4085 [0x0e2] = 0x5d, /* MaxV: 5.5 V */
4086 [0x0e4] = 0x4e, /* Peakl: 450 mA */
4087 [0x0e6] = 0xea, /* TPCE_IO = 1K boundary, 16/8 access, Range */
4088 [0x0e8] = 0x61, /* Range: 2 fields, 2 bytes addr, 1 byte len */
4089 [0x0ea] = 0xf0, /* Field 1 address = 0x01f0 */
4090 [0x0ec] = 0x01,
4091 [0x0ee] = 0x07, /* Address block length = 8 */
4092 [0x0f0] = 0xf6, /* Field 2 address = 0x03f6 */
4093 [0x0f2] = 0x03,
4094 [0x0f4] = 0x01, /* Address block length = 2 */
4095 [0x0f6] = 0xee, /* TPCE_IR = IRQ E, Level, Pulse, Share */
4096 [0x0f8] = 0x20, /* TPCE_MI = support power down mode */
4097
4098 [0x0fa] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
4099 [0x0fc] = 0x06, /* Tuple length = 6 bytes */
4100 [0x0fe] = 0x02, /* TPCE_INDX = I/O Primary Mode, no Default */
4101 [0x100] = 0x01, /* TPCE_FS = Vcc only, no I/O, no Memory */
4102 [0x102] = 0x21, /* NomV = 1, MinV = 0, MaxV = 0, Peakl = 1 */
4103 [0x104] = 0xb5, /* NomV: 3.3 V */
4104 [0x106] = 0x1e,
4105 [0x108] = 0x3e, /* Peakl: 350 mA */
4106
4107 [0x10a] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
4108 [0x10c] = 0x12, /* Tuple length = 18 bytes */
4109 [0x10e] = 0xc3, /* TPCE_INDX = I/O Secondary Mode, Default */
4110 [0x110] = 0x41, /* TPCE_IF = I/O and Memory, no BVD, no WP */
4111 [0x112] = 0x99, /* TPCE_FS = Vcc only, I/O, Interrupt, Misc */
4112 [0x114] = 0x27, /* NomV = 1, MinV = 1, MaxV = 1, Peakl = 1 */
4113 [0x116] = 0x55, /* NomV: 5.0 V */
4114 [0x118] = 0x4d, /* MinV: 4.5 V */
4115 [0x11a] = 0x5d, /* MaxV: 5.5 V */
4116 [0x11c] = 0x4e, /* Peakl: 450 mA */
4117 [0x11e] = 0xea, /* TPCE_IO = 1K boundary, 16/8 access, Range */
4118 [0x120] = 0x61, /* Range: 2 fields, 2 byte addr, 1 byte len */
4119 [0x122] = 0x70, /* Field 1 address = 0x0170 */
4120 [0x124] = 0x01,
4121 [0x126] = 0x07, /* Address block length = 8 */
4122 [0x128] = 0x76, /* Field 2 address = 0x0376 */
4123 [0x12a] = 0x03,
4124 [0x12c] = 0x01, /* Address block length = 2 */
4125 [0x12e] = 0xee, /* TPCE_IR = IRQ E, Level, Pulse, Share */
4126 [0x130] = 0x20, /* TPCE_MI = support power down mode */
4127
4128 [0x132] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
4129 [0x134] = 0x06, /* Tuple length = 6 bytes */
4130 [0x136] = 0x03, /* TPCE_INDX = I/O Secondary Mode */
4131 [0x138] = 0x01, /* TPCE_FS = Vcc only, no I/O, no Memory */
4132 [0x13a] = 0x21, /* NomV = 1, MinV = 0, MaxV = 0, Peakl = 1 */
4133 [0x13c] = 0xb5, /* NomV: 3.3 V */
4134 [0x13e] = 0x1e,
4135 [0x140] = 0x3e, /* Peakl: 350 mA */
4136
4137 [0x142] = CISTPL_NO_LINK, /* No Link */
4138 [0x144] = 0x00, /* Tuple length = 0 bytes */
4139
4140 [0x146] = CISTPL_END, /* Tuple End */
4141};
4142
4143static int dscm1xxxx_attach(void *opaque)
4144{
4145 struct md_s *md = (struct md_s *) opaque;
4146 md->card.attr_read = md_attr_read;
4147 md->card.attr_write = md_attr_write;
4148 md->card.common_read = md_common_read;
4149 md->card.common_write = md_common_write;
4150 md->card.io_read = md_common_read;
4151 md->card.io_write = md_common_write;
4152
4153 md->attr_base = md->card.cis[0x74] | (md->card.cis[0x76] << 8);
4154 md->io_base = 0x0;
4155
4156 md_reset(md);
4157 md_interrupt_update(md);
4158
4159 md->card.slot->card_string = "DSCM-1xxxx Hitachi Microdrive";
4160 return 0;
4161}
4162
4163static int dscm1xxxx_detach(void *opaque)
4164{
4165 struct md_s *md = (struct md_s *) opaque;
4166 md_reset(md);
4167 return 0;
4168}
4169
4170struct pcmcia_card_s *dscm1xxxx_init(BlockDriverState *bdrv)
4171{
4172 struct md_s *md = (struct md_s *) qemu_mallocz(sizeof(struct md_s));
4173 md->card.state = md;
4174 md->card.attach = dscm1xxxx_attach;
4175 md->card.detach = dscm1xxxx_detach;
4176 md->card.cis = dscm1xxxx_cis;
4177 md->card.cis_len = sizeof(dscm1xxxx_cis);
4178
4179 ide_init2(md->ide, bdrv, 0, qemu_allocate_irqs(md_set_irq, md, 1)[0]);
4180 md->ide->is_cf = 1;
4181 md->ide->mdata_size = METADATA_SIZE;
4182 md->ide->mdata_storage = (uint8_t *) qemu_mallocz(METADATA_SIZE);
aa941b94 4183
18be5187 4184 register_savevm("microdrive", -1, 0, md_save, md_load, md);
aa941b94 4185
201a51fc
AZ		 4186 return &md->card;
4187}
Qemu copy for testing