]> git.proxmox.com Git - qemu.git/blame - hw/ide.c
projects / qemu.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
fix for HCHALTED status bit
[qemu.git] / hw / ide.c
CommitLineData
5391d806
FB		 1/*
2 * QEMU IDE disk and CD-ROM Emulator
3 *
4 * Copyright (c) 2003 Fabrice Bellard
5 *
6 * Permission is hereby granted, free of charge, to any person obtaining a copy
7 * of this software and associated documentation files (the "Software"), to deal
8 * in the Software without restriction, including without limitation the rights
9 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
10 * copies of the Software, and to permit persons to whom the Software is
11 * furnished to do so, subject to the following conditions:
12 *
13 * The above copyright notice and this permission notice shall be included in
14 * all copies or substantial portions of the Software.
15 *
16 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
17 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
18 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
19 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
20 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
21 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
22 * THE SOFTWARE.
23 */
5391d806
FB		 24#include "vl.h"
25
5391d806
FB		 26/* debug IDE devices */
27//#define DEBUG_IDE
28//#define DEBUG_IDE_ATAPI
29
30/* Bits of HD_STATUS */
31#define ERR_STAT 0x01
32#define INDEX_STAT 0x02
33#define ECC_STAT 0x04 /* Corrected error */
34#define DRQ_STAT 0x08
35#define SEEK_STAT 0x10
36#define SRV_STAT 0x10
37#define WRERR_STAT 0x20
38#define READY_STAT 0x40
39#define BUSY_STAT 0x80
40
41/* Bits for HD_ERROR */
42#define MARK_ERR 0x01 /* Bad address mark */
43#define TRK0_ERR 0x02 /* couldn't find track 0 */
44#define ABRT_ERR 0x04 /* Command aborted */
45#define MCR_ERR 0x08 /* media change request */
46#define ID_ERR 0x10 /* ID field not found */
47#define MC_ERR 0x20 /* media changed */
48#define ECC_ERR 0x40 /* Uncorrectable ECC error */
49#define BBD_ERR 0x80 /* pre-EIDE meaning: block marked bad */
50#define ICRC_ERR 0x80 /* new meaning: CRC error during transfer */
51
52/* Bits of HD_NSECTOR */
53#define CD 0x01
54#define IO 0x02
55#define REL 0x04
56#define TAG_MASK 0xf8
57
58#define IDE_CMD_RESET 0x04
59#define IDE_CMD_DISABLE_IRQ 0x02
60
61/* ATA/ATAPI Commands pre T13 Spec */
62#define WIN_NOP 0x00
63/*
64 * 0x01->0x02 Reserved
65 */
66#define CFA_REQ_EXT_ERROR_CODE 0x03 /* CFA Request Extended Error Code */
67/*
68 * 0x04->0x07 Reserved
69 */
70#define WIN_SRST 0x08 /* ATAPI soft reset command */
71#define WIN_DEVICE_RESET 0x08
72/*
73 * 0x09->0x0F Reserved
74 */
75#define WIN_RECAL 0x10
76#define WIN_RESTORE WIN_RECAL
77/*
78 * 0x10->0x1F Reserved
79 */
80#define WIN_READ 0x20 /* 28-Bit */
81#define WIN_READ_ONCE 0x21 /* 28-Bit without retries */
82#define WIN_READ_LONG 0x22 /* 28-Bit */
83#define WIN_READ_LONG_ONCE 0x23 /* 28-Bit without retries */
84#define WIN_READ_EXT 0x24 /* 48-Bit */
85#define WIN_READDMA_EXT 0x25 /* 48-Bit */
86#define WIN_READDMA_QUEUED_EXT 0x26 /* 48-Bit */
87#define WIN_READ_NATIVE_MAX_EXT 0x27 /* 48-Bit */
88/*
89 * 0x28
90 */
91#define WIN_MULTREAD_EXT 0x29 /* 48-Bit */
92/*
93 * 0x2A->0x2F Reserved
94 */
95#define WIN_WRITE 0x30 /* 28-Bit */
96#define WIN_WRITE_ONCE 0x31 /* 28-Bit without retries */
97#define WIN_WRITE_LONG 0x32 /* 28-Bit */
98#define WIN_WRITE_LONG_ONCE 0x33 /* 28-Bit without retries */
99#define WIN_WRITE_EXT 0x34 /* 48-Bit */
100#define WIN_WRITEDMA_EXT 0x35 /* 48-Bit */
101#define WIN_WRITEDMA_QUEUED_EXT 0x36 /* 48-Bit */
102#define WIN_SET_MAX_EXT 0x37 /* 48-Bit */
103#define CFA_WRITE_SECT_WO_ERASE 0x38 /* CFA Write Sectors without erase */
104#define WIN_MULTWRITE_EXT 0x39 /* 48-Bit */
105/*
106 * 0x3A->0x3B Reserved
107 */
108#define WIN_WRITE_VERIFY 0x3C /* 28-Bit */
109/*
110 * 0x3D->0x3F Reserved
111 */
112#define WIN_VERIFY 0x40 /* 28-Bit - Read Verify Sectors */
113#define WIN_VERIFY_ONCE 0x41 /* 28-Bit - without retries */
114#define WIN_VERIFY_EXT 0x42 /* 48-Bit */
115/*
116 * 0x43->0x4F Reserved
117 */
118#define WIN_FORMAT 0x50
119/*
120 * 0x51->0x5F Reserved
121 */
122#define WIN_INIT 0x60
123/*
124 * 0x61->0x5F Reserved
125 */
126#define WIN_SEEK 0x70 /* 0x70-0x7F Reserved */
127#define CFA_TRANSLATE_SECTOR 0x87 /* CFA Translate Sector */
128#define WIN_DIAGNOSE 0x90
129#define WIN_SPECIFY 0x91 /* set drive geometry translation */
130#define WIN_DOWNLOAD_MICROCODE 0x92
131#define WIN_STANDBYNOW2 0x94
132#define WIN_STANDBY2 0x96
133#define WIN_SETIDLE2 0x97
134#define WIN_CHECKPOWERMODE2 0x98
135#define WIN_SLEEPNOW2 0x99
136/*
137 * 0x9A VENDOR
138 */
139#define WIN_PACKETCMD 0xA0 /* Send a packet command. */
140#define WIN_PIDENTIFY 0xA1 /* identify ATAPI device */
141#define WIN_QUEUED_SERVICE 0xA2
142#define WIN_SMART 0xB0 /* self-monitoring and reporting */
143#define CFA_ERASE_SECTORS 0xC0
144#define WIN_MULTREAD 0xC4 /* read sectors using multiple mode*/
145#define WIN_MULTWRITE 0xC5 /* write sectors using multiple mode */
146#define WIN_SETMULT 0xC6 /* enable/disable multiple mode */
147#define WIN_READDMA_QUEUED 0xC7 /* read sectors using Queued DMA transfers */
148#define WIN_READDMA 0xC8 /* read sectors using DMA transfers */
149#define WIN_READDMA_ONCE 0xC9 /* 28-Bit - without retries */
150#define WIN_WRITEDMA 0xCA /* write sectors using DMA transfers */
151#define WIN_WRITEDMA_ONCE 0xCB /* 28-Bit - without retries */
152#define WIN_WRITEDMA_QUEUED 0xCC /* write sectors using Queued DMA transfers */
153#define CFA_WRITE_MULTI_WO_ERASE 0xCD /* CFA Write multiple without erase */
154#define WIN_GETMEDIASTATUS 0xDA
155#define WIN_ACKMEDIACHANGE 0xDB /* ATA-1, ATA-2 vendor */
156#define WIN_POSTBOOT 0xDC
157#define WIN_PREBOOT 0xDD
158#define WIN_DOORLOCK 0xDE /* lock door on removable drives */
159#define WIN_DOORUNLOCK 0xDF /* unlock door on removable drives */
160#define WIN_STANDBYNOW1 0xE0
161#define WIN_IDLEIMMEDIATE 0xE1 /* force drive to become "ready" */
162#define WIN_STANDBY 0xE2 /* Set device in Standby Mode */
163#define WIN_SETIDLE1 0xE3
164#define WIN_READ_BUFFER 0xE4 /* force read only 1 sector */
165#define WIN_CHECKPOWERMODE1 0xE5
166#define WIN_SLEEPNOW1 0xE6
167#define WIN_FLUSH_CACHE 0xE7
168#define WIN_WRITE_BUFFER 0xE8 /* force write only 1 sector */
169#define WIN_WRITE_SAME 0xE9 /* read ata-2 to use */
170 /* SET_FEATURES 0x22 or 0xDD */
171#define WIN_FLUSH_CACHE_EXT 0xEA /* 48-Bit */
172#define WIN_IDENTIFY 0xEC /* ask drive to identify itself */
173#define WIN_MEDIAEJECT 0xED
174#define WIN_IDENTIFY_DMA 0xEE /* same as WIN_IDENTIFY, but DMA */
175#define WIN_SETFEATURES 0xEF /* set special drive features */
176#define EXABYTE_ENABLE_NEST 0xF0
177#define WIN_SECURITY_SET_PASS 0xF1
178#define WIN_SECURITY_UNLOCK 0xF2
179#define WIN_SECURITY_ERASE_PREPARE 0xF3
180#define WIN_SECURITY_ERASE_UNIT 0xF4
181#define WIN_SECURITY_FREEZE_LOCK 0xF5
182#define WIN_SECURITY_DISABLE 0xF6
183#define WIN_READ_NATIVE_MAX 0xF8 /* return the native maximum address */
184#define WIN_SET_MAX 0xF9
185#define DISABLE_SEAGATE 0xFB
186
187/* set to 1 set disable mult support */
f66723fa 188#define MAX_MULT_SECTORS 16
5391d806
FB		 189
190/* ATAPI defines */
191
192#define ATAPI_PACKET_SIZE 12
193
194/* The generic packet command opcodes for CD/DVD Logical Units,
195 * From Table 57 of the SFF8090 Ver. 3 (Mt. Fuji) draft standard. */
196#define GPCMD_BLANK 0xa1
197#define GPCMD_CLOSE_TRACK 0x5b
198#define GPCMD_FLUSH_CACHE 0x35
199#define GPCMD_FORMAT_UNIT 0x04
200#define GPCMD_GET_CONFIGURATION 0x46
201#define GPCMD_GET_EVENT_STATUS_NOTIFICATION 0x4a
202#define GPCMD_GET_PERFORMANCE 0xac
203#define GPCMD_INQUIRY 0x12
204#define GPCMD_LOAD_UNLOAD 0xa6
205#define GPCMD_MECHANISM_STATUS 0xbd
206#define GPCMD_MODE_SELECT_10 0x55
207#define GPCMD_MODE_SENSE_10 0x5a
208#define GPCMD_PAUSE_RESUME 0x4b
209#define GPCMD_PLAY_AUDIO_10 0x45
210#define GPCMD_PLAY_AUDIO_MSF 0x47
211#define GPCMD_PLAY_AUDIO_TI 0x48
212#define GPCMD_PLAY_CD 0xbc
213#define GPCMD_PREVENT_ALLOW_MEDIUM_REMOVAL 0x1e
214#define GPCMD_READ_10 0x28
215#define GPCMD_READ_12 0xa8
216#define GPCMD_READ_CDVD_CAPACITY 0x25
217#define GPCMD_READ_CD 0xbe
218#define GPCMD_READ_CD_MSF 0xb9
219#define GPCMD_READ_DISC_INFO 0x51
220#define GPCMD_READ_DVD_STRUCTURE 0xad
221#define GPCMD_READ_FORMAT_CAPACITIES 0x23
222#define GPCMD_READ_HEADER 0x44
223#define GPCMD_READ_TRACK_RZONE_INFO 0x52
224#define GPCMD_READ_SUBCHANNEL 0x42
225#define GPCMD_READ_TOC_PMA_ATIP 0x43
226#define GPCMD_REPAIR_RZONE_TRACK 0x58
227#define GPCMD_REPORT_KEY 0xa4
228#define GPCMD_REQUEST_SENSE 0x03
229#define GPCMD_RESERVE_RZONE_TRACK 0x53
230#define GPCMD_SCAN 0xba
231#define GPCMD_SEEK 0x2b
232#define GPCMD_SEND_DVD_STRUCTURE 0xad
233#define GPCMD_SEND_EVENT 0xa2
234#define GPCMD_SEND_KEY 0xa3
235#define GPCMD_SEND_OPC 0x54
236#define GPCMD_SET_READ_AHEAD 0xa7
237#define GPCMD_SET_STREAMING 0xb6
238#define GPCMD_START_STOP_UNIT 0x1b
239#define GPCMD_STOP_PLAY_SCAN 0x4e
240#define GPCMD_TEST_UNIT_READY 0x00
241#define GPCMD_VERIFY_10 0x2f
242#define GPCMD_WRITE_10 0x2a
243#define GPCMD_WRITE_AND_VERIFY_10 0x2e
244/* This is listed as optional in ATAPI 2.6, but is (curiously)
245 * missing from Mt. Fuji, Table 57. It _is_ mentioned in Mt. Fuji
246 * Table 377 as an MMC command for SCSi devices though... Most ATAPI
247 * drives support it. */
248#define GPCMD_SET_SPEED 0xbb
249/* This seems to be a SCSI specific CD-ROM opcode
250 * to play data at track/index */
251#define GPCMD_PLAYAUDIO_TI 0x48
252/*
253 * From MS Media Status Notification Support Specification. For
254 * older drives only.
255 */
256#define GPCMD_GET_MEDIA_STATUS 0xda
257
258/* Mode page codes for mode sense/set */
259#define GPMODE_R_W_ERROR_PAGE 0x01
260#define GPMODE_WRITE_PARMS_PAGE 0x05
261#define GPMODE_AUDIO_CTL_PAGE 0x0e
262#define GPMODE_POWER_PAGE 0x1a
263#define GPMODE_FAULT_FAIL_PAGE 0x1c
264#define GPMODE_TO_PROTECT_PAGE 0x1d
265#define GPMODE_CAPABILITIES_PAGE 0x2a
266#define GPMODE_ALL_PAGES 0x3f
267/* Not in Mt. Fuji, but in ATAPI 2.6 -- depricated now in favor
268 * of MODE_SENSE_POWER_PAGE */
269#define GPMODE_CDROM_PAGE 0x0d
270
271#define ATAPI_INT_REASON_CD 0x01 /* 0 = data transfer */
272#define ATAPI_INT_REASON_IO 0x02 /* 1 = transfer to the host */
273#define ATAPI_INT_REASON_REL 0x04
274#define ATAPI_INT_REASON_TAG 0xf8
275
276/* same constants as bochs */
7f777bf3 277#define ASC_ILLEGAL_OPCODE 0x20
5391d806
FB		 278#define ASC_LOGICAL_BLOCK_OOR 0x21
279#define ASC_INV_FIELD_IN_CMD_PACKET 0x24
280#define ASC_MEDIUM_NOT_PRESENT 0x3a
281#define ASC_SAVING_PARAMETERS_NOT_SUPPORTED 0x39
282
283#define SENSE_NONE 0
284#define SENSE_NOT_READY 2
285#define SENSE_ILLEGAL_REQUEST 5
286#define SENSE_UNIT_ATTENTION 6
287
288struct IDEState;
289
290typedef void EndTransferFunc(struct IDEState *);
291
caed8802 292/* NOTE: IDEState represents in fact one drive */
5391d806
FB		 293typedef struct IDEState {
294 /* ide config */
295 int is_cdrom;
5391d806
FB		 296 int cylinders, heads, sectors;
297 int64_t nb_sectors;
298 int mult_sectors;
94458802
FB		 299 int identify_set;
300 uint16_t identify_data[256];
5457c8ce
FB		 301 SetIRQFunc *set_irq;
302 void *irq_opaque;
5391d806 303 int irq;
34e538ae 304 PCIDevice *pci_dev;
98087450 305 struct BMDMAState *bmdma;
aedf5382 306 int drive_serial;
5391d806
FB		 307 /* ide regs */
308 uint8_t feature;
309 uint8_t error;
310 uint16_t nsector; /* 0 is 256 to ease computations */
311 uint8_t sector;
312 uint8_t lcyl;
313 uint8_t hcyl;
314 uint8_t select;
315 uint8_t status;
316 /* 0x3f6 command, only meaningful for drive 0 */
317 uint8_t cmd;
318 /* depends on bit 4 in select, only meaningful for drive 0 */
319 struct IDEState *cur_drive;
320 BlockDriverState *bs;
321 /* ATAPI specific */
322 uint8_t sense_key;
323 uint8_t asc;
324 int packet_transfer_size;
325 int elementary_transfer_size;
326 int io_buffer_index;
327 int lba;
98087450
FB		 328 int cd_sector_size;
329 int atapi_dma; /* true if dma is requested for the packet cmd */
330 /* ATA DMA state */
331 int io_buffer_size;
332 /* PIO transfer handling */
5391d806
FB		 333 int req_nb_sectors; /* number of sectors per interrupt */
334 EndTransferFunc *end_transfer_func;
335 uint8_t *data_ptr;
336 uint8_t *data_end;
337 uint8_t io_buffer[MAX_MULT_SECTORS*512 + 4];
a09db21f 338 QEMUTimer *sector_write_timer; /* only used for win2k instal hack */
e774a278 339 uint32_t irq_count; /* counts IRQs when using win2k install hack */
5391d806
FB		 340} IDEState;
341
98087450
FB		 342#define BM_STATUS_DMAING 0x01
343#define BM_STATUS_ERROR 0x02
344#define BM_STATUS_INT 0x04
345
346#define BM_CMD_START 0x01
347#define BM_CMD_READ 0x08
348
5457c8ce
FB		 349#define IDE_TYPE_PIIX3 0
350#define IDE_TYPE_CMD646 1
351
352/* CMD646 specific */
353#define MRDMODE 0x71
354#define MRDMODE_INTR_CH0 0x04
355#define MRDMODE_INTR_CH1 0x08
356#define MRDMODE_BLK_CH0 0x10
357#define MRDMODE_BLK_CH1 0x20
358#define UDIDETCR0 0x73
359#define UDIDETCR1 0x7B
360
98087450
FB		 361typedef int IDEDMAFunc(IDEState *s,
362 target_phys_addr_t phys_addr,
363 int transfer_size1);
364
365typedef struct BMDMAState {
366 uint8_t cmd;
367 uint8_t status;
368 uint32_t addr;
5457c8ce
FB		 369
370 struct PCIIDEState *pci_dev;
98087450
FB		 371 /* current transfer state */
372 IDEState *ide_if;
373 IDEDMAFunc *dma_cb;
374} BMDMAState;
375
376typedef struct PCIIDEState {
377 PCIDevice dev;
378 IDEState ide_if[4];
379 BMDMAState bmdma[2];
5457c8ce 380 int type; /* see IDE_TYPE_xxx */
98087450
FB		 381} PCIIDEState;
382
383static void ide_dma_start(IDEState *s, IDEDMAFunc *dma_cb);
384
5391d806
FB		 385static void padstr(char *str, const char *src, int len)
386{
387 int i, v;
388 for(i = 0; i < len; i++) {
389 if (*src)
390 v = *src++;
391 else
392 v = ' ';
393 *(char *)((long)str ^ 1) = v;
394 str++;
395 }
396}
397
bd0d90b2
FB		 398static void padstr8(uint8_t *buf, int buf_size, const char *src)
399{
400 int i;
401 for(i = 0; i < buf_size; i++) {
402 if (*src)
403 buf[i] = *src++;
404 else
405 buf[i] = ' ';
406 }
407}
408
67b915a5
FB		 409static void put_le16(uint16_t *p, unsigned int v)
410{
0c4ad8dc 411 *p = cpu_to_le16(v);
67b915a5
FB		 412}
413
5391d806
FB		 414static void ide_identify(IDEState *s)
415{
416 uint16_t *p;
417 unsigned int oldsize;
aedf5382 418 char buf[20];
5391d806 419
94458802
FB		 420 if (s->identify_set) {
421 memcpy(s->io_buffer, s->identify_data, sizeof(s->identify_data));
422 return;
423 }
424
5391d806
FB		 425 memset(s->io_buffer, 0, 512);
426 p = (uint16_t *)s->io_buffer;
67b915a5
FB		 427 put_le16(p + 0, 0x0040);
428 put_le16(p + 1, s->cylinders);
429 put_le16(p + 3, s->heads);
430 put_le16(p + 4, 512 * s->sectors); /* XXX: retired, remove ? */
431 put_le16(p + 5, 512); /* XXX: retired, remove ? */
432 put_le16(p + 6, s->sectors);
aedf5382
FB		 433 snprintf(buf, sizeof(buf), "QM%05d", s->drive_serial);
434 padstr((uint8_t *)(p + 10), buf, 20); /* serial number */
67b915a5
FB		 435 put_le16(p + 20, 3); /* XXX: retired, remove ? */
436 put_le16(p + 21, 512); /* cache size in sectors */
437 put_le16(p + 22, 4); /* ecc bytes */
5391d806
FB		 438 padstr((uint8_t *)(p + 23), QEMU_VERSION, 8); /* firmware version */
439 padstr((uint8_t *)(p + 27), "QEMU HARDDISK", 40); /* model */
440#if MAX_MULT_SECTORS > 1
67b915a5 441 put_le16(p + 47, 0x8000 | MAX_MULT_SECTORS);
5391d806 442#endif
67b915a5 443 put_le16(p + 48, 1); /* dword I/O */
94458802 444 put_le16(p + 49, (1 << 11) | (1 << 9) | (1 << 8)); /* DMA and LBA supported */
67b915a5
FB		 445 put_le16(p + 51, 0x200); /* PIO transfer cycle */
446 put_le16(p + 52, 0x200); /* DMA transfer cycle */
94458802 447 put_le16(p + 53, 1 | (1 << 1) | (1 << 2)); /* words 54-58,64-70,88 are valid */
67b915a5
FB		 448 put_le16(p + 54, s->cylinders);
449 put_le16(p + 55, s->heads);
450 put_le16(p + 56, s->sectors);
5391d806 451 oldsize = s->cylinders * s->heads * s->sectors;
67b915a5
FB		 452 put_le16(p + 57, oldsize);
453 put_le16(p + 58, oldsize >> 16);
5391d806 454 if (s->mult_sectors)
67b915a5
FB		 455 put_le16(p + 59, 0x100 | s->mult_sectors);
456 put_le16(p + 60, s->nb_sectors);
457 put_le16(p + 61, s->nb_sectors >> 16);
94458802
FB		 458 put_le16(p + 63, 0x07); /* mdma0-2 supported */
459 put_le16(p + 65, 120);
460 put_le16(p + 66, 120);
461 put_le16(p + 67, 120);
462 put_le16(p + 68, 120);
463 put_le16(p + 80, 0xf0); /* ata3 -> ata6 supported */
464 put_le16(p + 81, 0x16); /* conforms to ata5 */
67b915a5
FB		 465 put_le16(p + 82, (1 << 14));
466 put_le16(p + 83, (1 << 14));
467 put_le16(p + 84, (1 << 14));
468 put_le16(p + 85, (1 << 14));
469 put_le16(p + 86, 0);
470 put_le16(p + 87, (1 << 14));
94458802
FB		 471 put_le16(p + 88, 0x3f | (1 << 13)); /* udma5 set and supported */
472 put_le16(p + 93, 1 | (1 << 14) | 0x2000);
473
474 memcpy(s->identify_data, p, sizeof(s->identify_data));
475 s->identify_set = 1;
5391d806
FB		 476}
477
478static void ide_atapi_identify(IDEState *s)
479{
480 uint16_t *p;
aedf5382 481 char buf[20];
5391d806 482
94458802
FB		 483 if (s->identify_set) {
484 memcpy(s->io_buffer, s->identify_data, sizeof(s->identify_data));
485 return;
486 }
487
5391d806
FB		 488 memset(s->io_buffer, 0, 512);
489 p = (uint16_t *)s->io_buffer;
490 /* Removable CDROM, 50us response, 12 byte packets */
67b915a5 491 put_le16(p + 0, (2 << 14) | (5 << 8) | (1 << 7) | (2 << 5) | (0 << 0));
aedf5382
FB		 492 snprintf(buf, sizeof(buf), "QM%05d", s->drive_serial);
493 padstr((uint8_t *)(p + 10), buf, 20); /* serial number */
67b915a5
FB		 494 put_le16(p + 20, 3); /* buffer type */
495 put_le16(p + 21, 512); /* cache size in sectors */
496 put_le16(p + 22, 4); /* ecc bytes */
5391d806
FB		 497 padstr((uint8_t *)(p + 23), QEMU_VERSION, 8); /* firmware version */
498 padstr((uint8_t *)(p + 27), "QEMU CD-ROM", 40); /* model */
67b915a5
FB		 499 put_le16(p + 48, 1); /* dword I/O (XXX: should not be set on CDROM) */
500 put_le16(p + 49, 1 << 9); /* LBA supported, no DMA */
501 put_le16(p + 53, 3); /* words 64-70, 54-58 valid */
502 put_le16(p + 63, 0x103); /* DMA modes XXX: may be incorrect */
503 put_le16(p + 64, 1); /* PIO modes */
504 put_le16(p + 65, 0xb4); /* minimum DMA multiword tx cycle time */
505 put_le16(p + 66, 0xb4); /* recommended DMA multiword tx cycle time */
506 put_le16(p + 67, 0x12c); /* minimum PIO cycle time without flow control */
507 put_le16(p + 68, 0xb4); /* minimum PIO cycle time with IORDY flow control */
94458802 508
67b915a5
FB		 509 put_le16(p + 71, 30); /* in ns */
510 put_le16(p + 72, 30); /* in ns */
5391d806 511
67b915a5 512 put_le16(p + 80, 0x1e); /* support up to ATA/ATAPI-4 */
94458802
FB		 513
514 memcpy(s->identify_data, p, sizeof(s->identify_data));
515 s->identify_set = 1;
5391d806
FB		 516}
517
518static void ide_set_signature(IDEState *s)
519{
520 s->select &= 0xf0; /* clear head */
521 /* put signature */
522 s->nsector = 1;
523 s->sector = 1;
524 if (s->is_cdrom) {
525 s->lcyl = 0x14;
526 s->hcyl = 0xeb;
527 } else if (s->bs) {
528 s->lcyl = 0;
529 s->hcyl = 0;
530 } else {
531 s->lcyl = 0xff;
532 s->hcyl = 0xff;
533 }
534}
535
536static inline void ide_abort_command(IDEState *s)
537{
538 s->status = READY_STAT | ERR_STAT;
539 s->error = ABRT_ERR;
540}
541
542static inline void ide_set_irq(IDEState *s)
543{
98ff7d30 544 BMDMAState *bm = s->bmdma;
5391d806 545 if (!(s->cmd & IDE_CMD_DISABLE_IRQ)) {
5457c8ce 546 if (bm) {
98ff7d30 547 bm->status |= BM_STATUS_INT;
5457c8ce
FB		 548 }
549 s->set_irq(s->irq_opaque, s->irq, 1);
5391d806
FB		 550 }
551}
552
553/* prepare data transfer and tell what to do after */
554static void ide_transfer_start(IDEState *s, uint8_t *buf, int size,
555 EndTransferFunc *end_transfer_func)
556{
557 s->end_transfer_func = end_transfer_func;
558 s->data_ptr = buf;
559 s->data_end = buf + size;
560 s->status |= DRQ_STAT;
561}
562
563static void ide_transfer_stop(IDEState *s)
564{
565 s->end_transfer_func = ide_transfer_stop;
566 s->data_ptr = s->io_buffer;
567 s->data_end = s->io_buffer;
568 s->status &= ~DRQ_STAT;
569}
570
571static int64_t ide_get_sector(IDEState *s)
572{
573 int64_t sector_num;
574 if (s->select & 0x40) {
575 /* lba */
576 sector_num = ((s->select & 0x0f) << 24) | (s->hcyl << 16) |
577 (s->lcyl << 8) | s->sector;
578 } else {
579 sector_num = ((s->hcyl << 8) | s->lcyl) * s->heads * s->sectors +
580 (s->select & 0x0f) * s->sectors +
581 (s->sector - 1);
582 }
583 return sector_num;
584}
585
586static void ide_set_sector(IDEState *s, int64_t sector_num)
587{
588 unsigned int cyl, r;
589 if (s->select & 0x40) {
590 s->select = (s->select & 0xf0) | (sector_num >> 24);
591 s->hcyl = (sector_num >> 16);
592 s->lcyl = (sector_num >> 8);
593 s->sector = (sector_num);
594 } else {
595 cyl = sector_num / (s->heads * s->sectors);
596 r = sector_num % (s->heads * s->sectors);
597 s->hcyl = cyl >> 8;
598 s->lcyl = cyl;
1b8eb456 599 s->select = (s->select & 0xf0) | ((r / s->sectors) & 0x0f);
5391d806
FB		 600 s->sector = (r % s->sectors) + 1;
601 }
602}
603
604static void ide_sector_read(IDEState *s)
605{
606 int64_t sector_num;
607 int ret, n;
608
609 s->status = READY_STAT | SEEK_STAT;
a136e5a8 610 s->error = 0; /* not needed by IDE spec, but needed by Windows */
5391d806
FB		 611 sector_num = ide_get_sector(s);
612 n = s->nsector;
613 if (n == 0) {
614 /* no more sector to read from disk */
615 ide_transfer_stop(s);
616 } else {
617#if defined(DEBUG_IDE)
618 printf("read sector=%Ld\n", sector_num);
619#endif
620 if (n > s->req_nb_sectors)
621 n = s->req_nb_sectors;
622 ret = bdrv_read(s->bs, sector_num, s->io_buffer, n);
623 ide_transfer_start(s, s->io_buffer, 512 * n, ide_sector_read);
624 ide_set_irq(s);
625 ide_set_sector(s, sector_num + n);
626 s->nsector -= n;
627 }
628}
629
98087450
FB		 630static int ide_read_dma_cb(IDEState *s,
631 target_phys_addr_t phys_addr,
632 int transfer_size1)
633{
634 int len, transfer_size, n;
635 int64_t sector_num;
636
637 transfer_size = transfer_size1;
638 while (transfer_size > 0) {
639 len = s->io_buffer_size - s->io_buffer_index;
640 if (len <= 0) {
641 /* transfert next data */
642 n = s->nsector;
643 if (n == 0)
644 break;
645 if (n > MAX_MULT_SECTORS)
646 n = MAX_MULT_SECTORS;
647 sector_num = ide_get_sector(s);
648 bdrv_read(s->bs, sector_num, s->io_buffer, n);
649 s->io_buffer_index = 0;
650 s->io_buffer_size = n * 512;
651 len = s->io_buffer_size;
652 sector_num += n;
653 ide_set_sector(s, sector_num);
654 s->nsector -= n;
655 }
656 if (len > transfer_size)
657 len = transfer_size;
658 cpu_physical_memory_write(phys_addr,
659 s->io_buffer + s->io_buffer_index, len);
660 s->io_buffer_index += len;
661 transfer_size -= len;
662 phys_addr += len;
663 }
664 if (s->io_buffer_index >= s->io_buffer_size && s->nsector == 0) {
665 s->status = READY_STAT | SEEK_STAT;
666 ide_set_irq(s);
667#ifdef DEBUG_IDE_ATAPI
668 printf("dma status=0x%x\n", s->status);
669#endif
670 return 0;
671 }
672 return transfer_size1 - transfer_size;
673}
674
675static void ide_sector_read_dma(IDEState *s)
676{
677 s->status = READY_STAT | SEEK_STAT | DRQ_STAT;
678 s->io_buffer_index = 0;
679 s->io_buffer_size = 0;
680 ide_dma_start(s, ide_read_dma_cb);
681}
682
a09db21f
FB		 683static void ide_sector_write_timer_cb(void *opaque)
684{
685 IDEState *s = opaque;
686 ide_set_irq(s);
687}
688
5391d806
FB		 689static void ide_sector_write(IDEState *s)
690{
691 int64_t sector_num;
692 int ret, n, n1;
693
694 s->status = READY_STAT | SEEK_STAT;
695 sector_num = ide_get_sector(s);
696#if defined(DEBUG_IDE)
697 printf("write sector=%Ld\n", sector_num);
698#endif
699 n = s->nsector;
700 if (n > s->req_nb_sectors)
701 n = s->req_nb_sectors;
702 ret = bdrv_write(s->bs, sector_num, s->io_buffer, n);
703 s->nsector -= n;
704 if (s->nsector == 0) {
705 /* no more sector to write */
706 ide_transfer_stop(s);
707 } else {
708 n1 = s->nsector;
709 if (n1 > s->req_nb_sectors)
710 n1 = s->req_nb_sectors;
711 ide_transfer_start(s, s->io_buffer, 512 * n1, ide_sector_write);
712 }
713 ide_set_sector(s, sector_num + n);
a09db21f
FB		 714
715#ifdef TARGET_I386
e774a278 716 if (win2k_install_hack && ((++s->irq_count % 16) == 0)) {
a09db21f
FB		 717 /* It seems there is a bug in the Windows 2000 installer HDD
718 IDE driver which fills the disk with empty logs when the
719 IDE write IRQ comes too early. This hack tries to correct
720 that at the expense of slower write performances. Use this
721 option _only_ to install Windows 2000. You must disable it
722 for normal use. */
723 qemu_mod_timer(s->sector_write_timer,
724 qemu_get_clock(vm_clock) + (ticks_per_sec / 1000));
725 } else
726#endif
727 {
728 ide_set_irq(s);
729 }
5391d806
FB		 730}
731
98087450
FB		 732static int ide_write_dma_cb(IDEState *s,
733 target_phys_addr_t phys_addr,
734 int transfer_size1)
735{
736 int len, transfer_size, n;
737 int64_t sector_num;
738
739 transfer_size = transfer_size1;
740 for(;;) {
741 len = s->io_buffer_size - s->io_buffer_index;
742 if (len == 0) {
743 n = s->io_buffer_size >> 9;
744 sector_num = ide_get_sector(s);
745 bdrv_write(s->bs, sector_num, s->io_buffer,
746 s->io_buffer_size >> 9);
747 sector_num += n;
748 ide_set_sector(s, sector_num);
749 s->nsector -= n;
750 n = s->nsector;
751 if (n == 0) {
752 /* end of transfer */
753 s->status = READY_STAT | SEEK_STAT;
e774a278
FB		 754#ifdef TARGET_I386
755 if (win2k_install_hack && ((++s->irq_count % 16) == 0)) {
756 /* It seems there is a bug in the Windows 2000 installer
757 HDD IDE driver which fills the disk with empty logs
758 when the IDE write IRQ comes too early. This hack tries
759 to correct that at the expense of slower write
760 performances. Use this option _only_ to install Windows
761 2000. You must disable it for normal use. */
762 qemu_mod_timer(s->sector_write_timer,
763 qemu_get_clock(vm_clock) + (ticks_per_sec / 1000));
764 } else
765#endif
766 ide_set_irq(s);
98087450
FB		 767 return 0;
768 }
769 if (n > MAX_MULT_SECTORS)
770 n = MAX_MULT_SECTORS;
771 s->io_buffer_index = 0;
772 s->io_buffer_size = n * 512;
773 len = s->io_buffer_size;
774 }
775 if (transfer_size <= 0)
776 break;
777 if (len > transfer_size)
778 len = transfer_size;
779 cpu_physical_memory_read(phys_addr,
780 s->io_buffer + s->io_buffer_index, len);
781 s->io_buffer_index += len;
782 transfer_size -= len;
783 phys_addr += len;
784 }
785 return transfer_size1 - transfer_size;
786}
787
788static void ide_sector_write_dma(IDEState *s)
789{
790 int n;
791 s->status = READY_STAT | SEEK_STAT | DRQ_STAT;
792 n = s->nsector;
793 if (n > MAX_MULT_SECTORS)
794 n = MAX_MULT_SECTORS;
795 s->io_buffer_index = 0;
796 s->io_buffer_size = n * 512;
797 ide_dma_start(s, ide_write_dma_cb);
798}
799
5391d806
FB		 800static void ide_atapi_cmd_ok(IDEState *s)
801{
802 s->error = 0;
803 s->status = READY_STAT;
804 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
805 ide_set_irq(s);
806}
807
808static void ide_atapi_cmd_error(IDEState *s, int sense_key, int asc)
809{
810#ifdef DEBUG_IDE_ATAPI
811 printf("atapi_cmd_error: sense=0x%x asc=0x%x\n", sense_key, asc);
812#endif
813 s->error = sense_key << 4;
814 s->status = READY_STAT | ERR_STAT;
815 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
816 s->sense_key = sense_key;
817 s->asc = asc;
818 ide_set_irq(s);
819}
820
821static inline void cpu_to_ube16(uint8_t *buf, int val)
822{
823 buf[0] = val >> 8;
824 buf[1] = val;
825}
826
827static inline void cpu_to_ube32(uint8_t *buf, unsigned int val)
828{
829 buf[0] = val >> 24;
830 buf[1] = val >> 16;
831 buf[2] = val >> 8;
832 buf[3] = val;
833}
834
835static inline int ube16_to_cpu(const uint8_t *buf)
836{
837 return (buf[0] << 8) | buf[1];
838}
839
840static inline int ube32_to_cpu(const uint8_t *buf)
841{
842 return (buf[0] << 24) | (buf[1] << 16) | (buf[2] << 8) | buf[3];
843}
844
98087450
FB		 845static void lba_to_msf(uint8_t *buf, int lba)
846{
847 lba += 150;
848 buf[0] = (lba / 75) / 60;
849 buf[1] = (lba / 75) % 60;
850 buf[2] = lba % 75;
851}
852
853static void cd_read_sector(BlockDriverState *bs, int lba, uint8_t *buf,
854 int sector_size)
855{
856 switch(sector_size) {
857 case 2048:
858 bdrv_read(bs, (int64_t)lba << 2, buf, 4);
859 break;
860 case 2352:
861 /* sync bytes */
862 buf[0] = 0x00;
5457c8ce
FB		 863 memset(buf + 1, 0xff, 10);
864 buf[11] = 0x00;
98087450
FB		 865 buf += 12;
866 /* MSF */
867 lba_to_msf(buf, lba);
868 buf[3] = 0x01; /* mode 1 data */
869 buf += 4;
870 /* data */
871 bdrv_read(bs, (int64_t)lba << 2, buf, 4);
872 buf += 2048;
873 /* ECC */
874 memset(buf, 0, 288);
875 break;
876 default:
877 break;
878 }
879}
880
5391d806
FB		 881/* The whole ATAPI transfer logic is handled in this function */
882static void ide_atapi_cmd_reply_end(IDEState *s)
883{
884 int byte_count_limit, size;
885#ifdef DEBUG_IDE_ATAPI
886 printf("reply: tx_size=%d elem_tx_size=%d index=%d\n",
887 s->packet_transfer_size,
888 s->elementary_transfer_size,
889 s->io_buffer_index);
890#endif
891 if (s->packet_transfer_size <= 0) {
892 /* end of transfer */
893 ide_transfer_stop(s);
894 s->status = READY_STAT;
895 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
896 ide_set_irq(s);
897#ifdef DEBUG_IDE_ATAPI
898 printf("status=0x%x\n", s->status);
899#endif
900 } else {
901 /* see if a new sector must be read */
98087450
FB		 902 if (s->lba != -1 && s->io_buffer_index >= s->cd_sector_size) {
903 cd_read_sector(s->bs, s->lba, s->io_buffer, s->cd_sector_size);
5391d806
FB		 904 s->lba++;
905 s->io_buffer_index = 0;
906 }
907 if (s->elementary_transfer_size > 0) {
908 /* there are some data left to transmit in this elementary
909 transfer */
98087450 910 size = s->cd_sector_size - s->io_buffer_index;
5391d806
FB		 911 if (size > s->elementary_transfer_size)
912 size = s->elementary_transfer_size;
913 ide_transfer_start(s, s->io_buffer + s->io_buffer_index,
914 size, ide_atapi_cmd_reply_end);
915 s->packet_transfer_size -= size;
916 s->elementary_transfer_size -= size;
917 s->io_buffer_index += size;
918 } else {
919 /* a new transfer is needed */
920 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO;
921 byte_count_limit = s->lcyl | (s->hcyl << 8);
922#ifdef DEBUG_IDE_ATAPI
923 printf("byte_count_limit=%d\n", byte_count_limit);
924#endif
925 if (byte_count_limit == 0xffff)
926 byte_count_limit--;
927 size = s->packet_transfer_size;
928 if (size > byte_count_limit) {
929 /* byte count limit must be even if this case */
930 if (byte_count_limit & 1)
931 byte_count_limit--;
932 size = byte_count_limit;
5391d806 933 }
a136e5a8
FB		 934 s->lcyl = size;
935 s->hcyl = size >> 8;
5391d806
FB		 936 s->elementary_transfer_size = size;
937 /* we cannot transmit more than one sector at a time */
938 if (s->lba != -1) {
98087450
FB		 939 if (size > (s->cd_sector_size - s->io_buffer_index))
940 size = (s->cd_sector_size - s->io_buffer_index);
5391d806
FB		 941 }
942 ide_transfer_start(s, s->io_buffer + s->io_buffer_index,
943 size, ide_atapi_cmd_reply_end);
944 s->packet_transfer_size -= size;
945 s->elementary_transfer_size -= size;
946 s->io_buffer_index += size;
947 ide_set_irq(s);
948#ifdef DEBUG_IDE_ATAPI
949 printf("status=0x%x\n", s->status);
950#endif
951 }
952 }
953}
954
955/* send a reply of 'size' bytes in s->io_buffer to an ATAPI command */
956static void ide_atapi_cmd_reply(IDEState *s, int size, int max_size)
957{
958 if (size > max_size)
959 size = max_size;
960 s->lba = -1; /* no sector read */
961 s->packet_transfer_size = size;
962 s->elementary_transfer_size = 0;
963 s->io_buffer_index = 0;
964
965 s->status = READY_STAT;
966 ide_atapi_cmd_reply_end(s);
967}
968
969/* start a CD-CDROM read command */
98087450
FB		 970static void ide_atapi_cmd_read_pio(IDEState *s, int lba, int nb_sectors,
971 int sector_size)
5391d806 972{
5391d806 973 s->lba = lba;
98087450 974 s->packet_transfer_size = nb_sectors * sector_size;
5391d806 975 s->elementary_transfer_size = 0;
98087450
FB		 976 s->io_buffer_index = sector_size;
977 s->cd_sector_size = sector_size;
5391d806
FB		 978
979 s->status = READY_STAT;
980 ide_atapi_cmd_reply_end(s);
981}
982
98087450
FB		 983/* ATAPI DMA support */
984static int ide_atapi_cmd_read_dma_cb(IDEState *s,
985 target_phys_addr_t phys_addr,
986 int transfer_size1)
987{
988 int len, transfer_size;
989
990 transfer_size = transfer_size1;
991 while (transfer_size > 0) {
5457c8ce
FB		 992#ifdef DEBUG_IDE_ATAPI
993 printf("transfer_size: %d phys_addr=%08x\n", transfer_size, phys_addr);
994#endif
98087450
FB		 995 if (s->packet_transfer_size <= 0)
996 break;
997 len = s->cd_sector_size - s->io_buffer_index;
998 if (len <= 0) {
999 /* transfert next data */
1000 cd_read_sector(s->bs, s->lba, s->io_buffer, s->cd_sector_size);
1001 s->lba++;
1002 s->io_buffer_index = 0;
1003 len = s->cd_sector_size;
1004 }
1005 if (len > transfer_size)
1006 len = transfer_size;
1007 cpu_physical_memory_write(phys_addr,
1008 s->io_buffer + s->io_buffer_index, len);
1009 s->packet_transfer_size -= len;
1010 s->io_buffer_index += len;
1011 transfer_size -= len;
1012 phys_addr += len;
1013 }
1014 if (s->packet_transfer_size <= 0) {
1015 s->status = READY_STAT;
1016 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
1017 ide_set_irq(s);
1018#ifdef DEBUG_IDE_ATAPI
1019 printf("dma status=0x%x\n", s->status);
1020#endif
1021 return 0;
1022 }
1023 return transfer_size1 - transfer_size;
1024}
1025
1026/* start a CD-CDROM read command with DMA */
1027/* XXX: test if DMA is available */
1028static void ide_atapi_cmd_read_dma(IDEState *s, int lba, int nb_sectors,
1029 int sector_size)
1030{
1031 s->lba = lba;
1032 s->packet_transfer_size = nb_sectors * sector_size;
1033 s->io_buffer_index = sector_size;
1034 s->cd_sector_size = sector_size;
1035
1036 s->status = READY_STAT | DRQ_STAT;
1037 ide_dma_start(s, ide_atapi_cmd_read_dma_cb);
1038}
1039
1040static void ide_atapi_cmd_read(IDEState *s, int lba, int nb_sectors,
1041 int sector_size)
1042{
1043#ifdef DEBUG_IDE_ATAPI
1044 printf("read: LBA=%d nb_sectors=%d\n", lba, nb_sectors);
1045#endif
1046 if (s->atapi_dma) {
1047 ide_atapi_cmd_read_dma(s, lba, nb_sectors, sector_size);
1048 } else {
1049 ide_atapi_cmd_read_pio(s, lba, nb_sectors, sector_size);
1050 }
1051}
1052
5391d806 1053/* same toc as bochs. Return -1 if error or the toc length */
98087450 1054/* XXX: check this */
5391d806
FB		 1055static int cdrom_read_toc(IDEState *s, uint8_t *buf, int msf, int start_track)
1056{
1057 uint8_t *q;
1058 int nb_sectors, len;
1059
1060 if (start_track > 1 && start_track != 0xaa)
1061 return -1;
1062 q = buf + 2;
98087450
FB		 1063 *q++ = 1; /* first session */
1064 *q++ = 1; /* last session */
5391d806
FB		 1065 if (start_track <= 1) {
1066 *q++ = 0; /* reserved */
1067 *q++ = 0x14; /* ADR, control */
1068 *q++ = 1; /* track number */
1069 *q++ = 0; /* reserved */
1070 if (msf) {
1071 *q++ = 0; /* reserved */
5457c8ce
FB		 1072 lba_to_msf(q, 0);
1073 q += 3;
5391d806
FB		 1074 } else {
1075 /* sector 0 */
1076 cpu_to_ube32(q, 0);
1077 q += 4;
1078 }
1079 }
1080 /* lead out track */
1081 *q++ = 0; /* reserved */
1082 *q++ = 0x16; /* ADR, control */
1083 *q++ = 0xaa; /* track number */
1084 *q++ = 0; /* reserved */
1085 nb_sectors = s->nb_sectors >> 2;
1086 if (msf) {
1087 *q++ = 0; /* reserved */
98087450
FB		 1088 lba_to_msf(q, nb_sectors);
1089 q += 3;
1090 } else {
1091 cpu_to_ube32(q, nb_sectors);
1092 q += 4;
1093 }
1094 len = q - buf;
1095 cpu_to_ube16(buf, len - 2);
1096 return len;
1097}
1098
1099/* mostly same info as PearPc */
1100static int cdrom_read_toc_raw(IDEState *s, uint8_t *buf, int msf,
1101 int session_num)
1102{
1103 uint8_t *q;
1104 int nb_sectors, len;
1105
1106 q = buf + 2;
1107 *q++ = 1; /* first session */
1108 *q++ = 1; /* last session */
1109
1110 *q++ = 1; /* session number */
1111 *q++ = 0x14; /* data track */
1112 *q++ = 0; /* track number */
1113 *q++ = 0xa0; /* lead-in */
1114 *q++ = 0; /* min */
1115 *q++ = 0; /* sec */
1116 *q++ = 0; /* frame */
1117 *q++ = 0;
1118 *q++ = 1; /* first track */
1119 *q++ = 0x00; /* disk type */
1120 *q++ = 0x00;
1121
1122 *q++ = 1; /* session number */
1123 *q++ = 0x14; /* data track */
1124 *q++ = 0; /* track number */
1125 *q++ = 0xa1;
1126 *q++ = 0; /* min */
1127 *q++ = 0; /* sec */
1128 *q++ = 0; /* frame */
1129 *q++ = 0;
1130 *q++ = 1; /* last track */
1131 *q++ = 0x00;
1132 *q++ = 0x00;
1133
1134 *q++ = 1; /* session number */
1135 *q++ = 0x14; /* data track */
1136 *q++ = 0; /* track number */
1137 *q++ = 0xa2; /* lead-out */
1138 *q++ = 0; /* min */
1139 *q++ = 0; /* sec */
1140 *q++ = 0; /* frame */
1141 nb_sectors = s->nb_sectors >> 2;
1142 if (msf) {
1143 *q++ = 0; /* reserved */
1144 lba_to_msf(q, nb_sectors);
1145 q += 3;
5391d806
FB		 1146 } else {
1147 cpu_to_ube32(q, nb_sectors);
1148 q += 4;
1149 }
98087450
FB		 1150
1151 *q++ = 1; /* session number */
1152 *q++ = 0x14; /* ADR, control */
1153 *q++ = 0; /* track number */
1154 *q++ = 1; /* point */
1155 *q++ = 0; /* min */
1156 *q++ = 0; /* sec */
1157 *q++ = 0; /* frame */
a368741b
FB		 1158 if (msf) {
1159 *q++ = 0;
1160 lba_to_msf(q, 0);
1161 q += 3;
1162 } else {
1163 *q++ = 0;
1164 *q++ = 0;
1165 *q++ = 0;
1166 *q++ = 0;
1167 }
98087450 1168
5391d806
FB		 1169 len = q - buf;
1170 cpu_to_ube16(buf, len - 2);
1171 return len;
1172}
1173
1174static void ide_atapi_cmd(IDEState *s)
1175{
1176 const uint8_t *packet;
1177 uint8_t *buf;
1178 int max_len;
1179
1180 packet = s->io_buffer;
1181 buf = s->io_buffer;
1182#ifdef DEBUG_IDE_ATAPI
1183 {
1184 int i;
1185 printf("ATAPI limit=0x%x packet:", s->lcyl | (s->hcyl << 8));
1186 for(i = 0; i < ATAPI_PACKET_SIZE; i++) {
1187 printf(" %02x", packet[i]);
1188 }
1189 printf("\n");
1190 }
1191#endif
1192 switch(s->io_buffer[0]) {
1193 case GPCMD_TEST_UNIT_READY:
caed8802 1194 if (bdrv_is_inserted(s->bs)) {
5391d806
FB		 1195 ide_atapi_cmd_ok(s);
1196 } else {
1197 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1198 ASC_MEDIUM_NOT_PRESENT);
1199 }
1200 break;
1201 case GPCMD_MODE_SENSE_10:
1202 {
1203 int action, code;
1204 max_len = ube16_to_cpu(packet + 7);
1205 action = packet[2] >> 6;
1206 code = packet[2] & 0x3f;
1207 switch(action) {
1208 case 0: /* current values */
1209 switch(code) {
1210 case 0x01: /* error recovery */
1211 cpu_to_ube16(&buf[0], 16 + 6);
1212 buf[2] = 0x70;
1213 buf[3] = 0;
1214 buf[4] = 0;
1215 buf[5] = 0;
1216 buf[6] = 0;
1217 buf[7] = 0;
1218
1219 buf[8] = 0x01;
1220 buf[9] = 0x06;
1221 buf[10] = 0x00;
1222 buf[11] = 0x05;
1223 buf[12] = 0x00;
1224 buf[13] = 0x00;
1225 buf[14] = 0x00;
1226 buf[15] = 0x00;
1227 ide_atapi_cmd_reply(s, 16, max_len);
1228 break;
1229 case 0x2a:
1230 cpu_to_ube16(&buf[0], 28 + 6);
1231 buf[2] = 0x70;
1232 buf[3] = 0;
1233 buf[4] = 0;
1234 buf[5] = 0;
1235 buf[6] = 0;
1236 buf[7] = 0;
1237
1238 buf[8] = 0x2a;
1239 buf[9] = 0x12;
1240 buf[10] = 0x00;
1241 buf[11] = 0x00;
1242
1243 buf[12] = 0x70;
1244 buf[13] = 3 << 5;
1245 buf[14] = (1 << 0) | (1 << 3) | (1 << 5);
caed8802 1246 if (bdrv_is_locked(s->bs))
5391d806
FB		 1247 buf[6] |= 1 << 1;
1248 buf[15] = 0x00;
1249 cpu_to_ube16(&buf[16], 706);
1250 buf[18] = 0;
1251 buf[19] = 2;
1252 cpu_to_ube16(&buf[20], 512);
1253 cpu_to_ube16(&buf[22], 706);
1254 buf[24] = 0;
1255 buf[25] = 0;
1256 buf[26] = 0;
1257 buf[27] = 0;
1258 ide_atapi_cmd_reply(s, 28, max_len);
1259 break;
1260 default:
1261 goto error_cmd;
1262 }
1263 break;
1264 case 1: /* changeable values */
1265 goto error_cmd;
1266 case 2: /* default values */
1267 goto error_cmd;
1268 default:
1269 case 3: /* saved values */
1270 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1271 ASC_SAVING_PARAMETERS_NOT_SUPPORTED);
1272 break;
1273 }
1274 }
1275 break;
1276 case GPCMD_REQUEST_SENSE:
1277 max_len = packet[4];
1278 memset(buf, 0, 18);
1279 buf[0] = 0x70 | (1 << 7);
1280 buf[2] = s->sense_key;
1281 buf[7] = 10;
1282 buf[12] = s->asc;
1283 ide_atapi_cmd_reply(s, 18, max_len);
1284 break;
1285 case GPCMD_PREVENT_ALLOW_MEDIUM_REMOVAL:
caed8802
FB		 1286 if (bdrv_is_inserted(s->bs)) {
1287 bdrv_set_locked(s->bs, packet[4] & 1);
5391d806
FB		 1288 ide_atapi_cmd_ok(s);
1289 } else {
1290 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1291 ASC_MEDIUM_NOT_PRESENT);
1292 }
1293 break;
1294 case GPCMD_READ_10:
1295 case GPCMD_READ_12:
1296 {
1297 int nb_sectors, lba;
1298
caed8802 1299 if (!bdrv_is_inserted(s->bs)) {
5391d806
FB		 1300 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1301 ASC_MEDIUM_NOT_PRESENT);
1302 break;
1303 }
1304 if (packet[0] == GPCMD_READ_10)
1305 nb_sectors = ube16_to_cpu(packet + 7);
1306 else
1307 nb_sectors = ube32_to_cpu(packet + 6);
1308 lba = ube32_to_cpu(packet + 2);
1309 if (nb_sectors == 0) {
1310 ide_atapi_cmd_ok(s);
1311 break;
1312 }
1313 if (((int64_t)(lba + nb_sectors) << 2) > s->nb_sectors) {
1314 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1315 ASC_LOGICAL_BLOCK_OOR);
1316 break;
1317 }
98087450
FB		 1318 ide_atapi_cmd_read(s, lba, nb_sectors, 2048);
1319 }
1320 break;
1321 case GPCMD_READ_CD:
1322 {
1323 int nb_sectors, lba, transfer_request;
1324
1325 if (!bdrv_is_inserted(s->bs)) {
1326 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1327 ASC_MEDIUM_NOT_PRESENT);
1328 break;
1329 }
1330 nb_sectors = (packet[6] << 16) | (packet[7] << 8) | packet[8];
1331 lba = ube32_to_cpu(packet + 2);
1332 if (nb_sectors == 0) {
1333 ide_atapi_cmd_ok(s);
1334 break;
1335 }
1336 if (((int64_t)(lba + nb_sectors) << 2) > s->nb_sectors) {
1337 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1338 ASC_LOGICAL_BLOCK_OOR);
1339 break;
1340 }
1341 transfer_request = packet[9];
1342 switch(transfer_request & 0xf8) {
1343 case 0x00:
1344 /* nothing */
1345 ide_atapi_cmd_ok(s);
1346 break;
1347 case 0x10:
1348 /* normal read */
1349 ide_atapi_cmd_read(s, lba, nb_sectors, 2048);
1350 break;
1351 case 0xf8:
1352 /* read all data */
1353 ide_atapi_cmd_read(s, lba, nb_sectors, 2352);
1354 break;
1355 default:
1356 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1357 ASC_INV_FIELD_IN_CMD_PACKET);
1358 break;
1359 }
5391d806
FB		 1360 }
1361 break;
1362 case GPCMD_SEEK:
1363 {
1364 int lba;
caed8802 1365 if (!bdrv_is_inserted(s->bs)) {
5391d806
FB		 1366 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1367 ASC_MEDIUM_NOT_PRESENT);
1368 break;
1369 }
1370 lba = ube32_to_cpu(packet + 2);
1371 if (((int64_t)lba << 2) > s->nb_sectors) {
1372 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1373 ASC_LOGICAL_BLOCK_OOR);
1374 break;
1375 }
1376 ide_atapi_cmd_ok(s);
1377 }
1378 break;
1379 case GPCMD_START_STOP_UNIT:
1380 {
1381 int start, eject;
1382 start = packet[4] & 1;
1383 eject = (packet[4] >> 1) & 1;
1384
caed8802
FB		 1385 if (eject && !start) {
1386 /* eject the disk */
1387 bdrv_close(s->bs);
1388 }
5391d806
FB		 1389 ide_atapi_cmd_ok(s);
1390 }
1391 break;
1392 case GPCMD_MECHANISM_STATUS:
1393 {
1394 max_len = ube16_to_cpu(packet + 8);
1395 cpu_to_ube16(buf, 0);
1396 /* no current LBA */
1397 buf[2] = 0;
1398 buf[3] = 0;
1399 buf[4] = 0;
1400 buf[5] = 1;
1401 cpu_to_ube16(buf + 6, 0);
1402 ide_atapi_cmd_reply(s, 8, max_len);
1403 }
1404 break;
1405 case GPCMD_READ_TOC_PMA_ATIP:
1406 {
1407 int format, msf, start_track, len;
1408
caed8802 1409 if (!bdrv_is_inserted(s->bs)) {
5391d806
FB		 1410 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1411 ASC_MEDIUM_NOT_PRESENT);
1412 break;
1413 }
1414 max_len = ube16_to_cpu(packet + 7);
1415 format = packet[9] >> 6;
1416 msf = (packet[1] >> 1) & 1;
1417 start_track = packet[6];
1418 switch(format) {
1419 case 0:
1420 len = cdrom_read_toc(s, buf, msf, start_track);
1421 if (len < 0)
1422 goto error_cmd;
1423 ide_atapi_cmd_reply(s, len, max_len);
1424 break;
1425 case 1:
1426 /* multi session : only a single session defined */
1427 memset(buf, 0, 12);
1428 buf[1] = 0x0a;
1429 buf[2] = 0x01;
1430 buf[3] = 0x01;
1431 ide_atapi_cmd_reply(s, 12, max_len);
1432 break;
98087450
FB		 1433 case 2:
1434 len = cdrom_read_toc_raw(s, buf, msf, start_track);
1435 if (len < 0)
1436 goto error_cmd;
1437 ide_atapi_cmd_reply(s, len, max_len);
1438 break;
5391d806 1439 default:
7f777bf3
FB		 1440 error_cmd:
1441 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1442 ASC_INV_FIELD_IN_CMD_PACKET);
1443 break;
5391d806
FB		 1444 }
1445 }
1446 break;
1447 case GPCMD_READ_CDVD_CAPACITY:
caed8802 1448 if (!bdrv_is_inserted(s->bs)) {
5391d806
FB		 1449 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1450 ASC_MEDIUM_NOT_PRESENT);
1451 break;
1452 }
1453 /* NOTE: it is really the number of sectors minus 1 */
1454 cpu_to_ube32(buf, (s->nb_sectors >> 2) - 1);
1455 cpu_to_ube32(buf + 4, 2048);
1456 ide_atapi_cmd_reply(s, 8, 8);
1457 break;
bd0d90b2
FB		 1458 case GPCMD_INQUIRY:
1459 max_len = packet[4];
1460 buf[0] = 0x05; /* CD-ROM */
1461 buf[1] = 0x80; /* removable */
1462 buf[2] = 0x00; /* ISO */
1463 buf[3] = 0x21; /* ATAPI-2 (XXX: put ATAPI-4 ?) */
1464 buf[4] = 31; /* additionnal length */
1465 buf[5] = 0; /* reserved */
1466 buf[6] = 0; /* reserved */
1467 buf[7] = 0; /* reserved */
1468 padstr8(buf + 8, 8, "QEMU");
1469 padstr8(buf + 16, 16, "QEMU CD-ROM");
1470 padstr8(buf + 32, 4, QEMU_VERSION);
1471 ide_atapi_cmd_reply(s, 36, max_len);
1472 break;
5391d806 1473 default:
5391d806 1474 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
7f777bf3 1475 ASC_ILLEGAL_OPCODE);
5391d806
FB		 1476 break;
1477 }
1478}
1479
caed8802
FB		 1480/* called when the inserted state of the media has changed */
1481static void cdrom_change_cb(void *opaque)
5391d806 1482{
caed8802
FB		 1483 IDEState *s = opaque;
1484 int64_t nb_sectors;
1485
1486 /* XXX: send interrupt too */
1487 bdrv_get_geometry(s->bs, &nb_sectors);
1488 s->nb_sectors = nb_sectors;
1489}
1490
1491static void ide_ioport_write(void *opaque, uint32_t addr, uint32_t val)
1492{
1493 IDEState *ide_if = opaque;
c45c3d00 1494 IDEState *s;
5391d806
FB		 1495 int unit, n;
1496
1497#ifdef DEBUG_IDE
1498 printf("IDE: write addr=0x%x val=0x%02x\n", addr, val);
1499#endif
1500 addr &= 7;
1501 switch(addr) {
1502 case 0:
1503 break;
1504 case 1:
c45c3d00
FB		 1505 /* NOTE: data is written to the two drives */
1506 ide_if[0].feature = val;
1507 ide_if[1].feature = val;
5391d806
FB		 1508 break;
1509 case 2:
1510 if (val == 0)
1511 val = 256;
c45c3d00
FB		 1512 ide_if[0].nsector = val;
1513 ide_if[1].nsector = val;
5391d806
FB		 1514 break;
1515 case 3:
c45c3d00
FB		 1516 ide_if[0].sector = val;
1517 ide_if[1].sector = val;
5391d806
FB		 1518 break;
1519 case 4:
c45c3d00
FB		 1520 ide_if[0].lcyl = val;
1521 ide_if[1].lcyl = val;
5391d806
FB		 1522 break;
1523 case 5:
c45c3d00
FB		 1524 ide_if[0].hcyl = val;
1525 ide_if[1].hcyl = val;
5391d806
FB		 1526 break;
1527 case 6:
7ae98627
FB		 1528 ide_if[0].select = (val & ~0x10) | 0xa0;
1529 ide_if[1].select = (val | 0x10) | 0xa0;
5391d806
FB		 1530 /* select drive */
1531 unit = (val >> 4) & 1;
1532 s = ide_if + unit;
1533 ide_if->cur_drive = s;
5391d806
FB		 1534 break;
1535 default:
1536 case 7:
1537 /* command */
1538#if defined(DEBUG_IDE)
1539 printf("ide: CMD=%02x\n", val);
1540#endif
c45c3d00 1541 s = ide_if->cur_drive;
66201e2d
FB		 1542 /* ignore commands to non existant slave */
1543 if (s != ide_if && !s->bs)
1544 break;
5391d806
FB		 1545 switch(val) {
1546 case WIN_IDENTIFY:
1547 if (s->bs && !s->is_cdrom) {
1548 ide_identify(s);
2a282056 1549 s->status = READY_STAT | SEEK_STAT;
5391d806
FB		 1550 ide_transfer_start(s, s->io_buffer, 512, ide_transfer_stop);
1551 } else {
1552 if (s->is_cdrom) {
1553 ide_set_signature(s);
1554 }
1555 ide_abort_command(s);
1556 }
1557 ide_set_irq(s);
1558 break;
1559 case WIN_SPECIFY:
1560 case WIN_RECAL:
a136e5a8 1561 s->error = 0;
769bec72 1562 s->status = READY_STAT | SEEK_STAT;
5391d806
FB		 1563 ide_set_irq(s);
1564 break;
1565 case WIN_SETMULT:
1566 if (s->nsector > MAX_MULT_SECTORS ||
1567 s->nsector == 0 ||
1568 (s->nsector & (s->nsector - 1)) != 0) {
1569 ide_abort_command(s);
1570 } else {
1571 s->mult_sectors = s->nsector;
1572 s->status = READY_STAT;
1573 }
1574 ide_set_irq(s);
1575 break;
4ce900b4
FB		 1576 case WIN_VERIFY:
1577 case WIN_VERIFY_ONCE:
1578 /* do sector number check ? */
1579 s->status = READY_STAT;
1580 ide_set_irq(s);
1581 break;
5391d806
FB		 1582 case WIN_READ:
1583 case WIN_READ_ONCE:
6b136f9e
FB		 1584 if (!s->bs)
1585 goto abort_cmd;
5391d806
FB		 1586 s->req_nb_sectors = 1;
1587 ide_sector_read(s);
1588 break;
1589 case WIN_WRITE:
1590 case WIN_WRITE_ONCE:
a136e5a8 1591 s->error = 0;
f66723fa 1592 s->status = SEEK_STAT | READY_STAT;
5391d806
FB		 1593 s->req_nb_sectors = 1;
1594 ide_transfer_start(s, s->io_buffer, 512, ide_sector_write);
1595 break;
1596 case WIN_MULTREAD:
1597 if (!s->mult_sectors)
1598 goto abort_cmd;
1599 s->req_nb_sectors = s->mult_sectors;
1600 ide_sector_read(s);
1601 break;
1602 case WIN_MULTWRITE:
1603 if (!s->mult_sectors)
1604 goto abort_cmd;
a136e5a8 1605 s->error = 0;
f66723fa 1606 s->status = SEEK_STAT | READY_STAT;
5391d806
FB		 1607 s->req_nb_sectors = s->mult_sectors;
1608 n = s->nsector;
1609 if (n > s->req_nb_sectors)
1610 n = s->req_nb_sectors;
1611 ide_transfer_start(s, s->io_buffer, 512 * n, ide_sector_write);
1612 break;
98087450
FB		 1613 case WIN_READDMA:
1614 case WIN_READDMA_ONCE:
1615 if (!s->bs)
1616 goto abort_cmd;
1617 ide_sector_read_dma(s);
1618 break;
1619 case WIN_WRITEDMA:
1620 case WIN_WRITEDMA_ONCE:
1621 if (!s->bs)
1622 goto abort_cmd;
1623 ide_sector_write_dma(s);
1624 break;
5391d806
FB		 1625 case WIN_READ_NATIVE_MAX:
1626 ide_set_sector(s, s->nb_sectors - 1);
1627 s->status = READY_STAT;
1628 ide_set_irq(s);
1629 break;
a136e5a8
FB		 1630 case WIN_CHECKPOWERMODE1:
1631 s->nsector = 0xff; /* device active or idle */
1632 s->status = READY_STAT;
1633 ide_set_irq(s);
1634 break;
34e538ae
FB		 1635 case WIN_SETFEATURES:
1636 if (!s->bs)
1637 goto abort_cmd;
1638 /* XXX: valid for CDROM ? */
1639 switch(s->feature) {
1640 case 0x02: /* write cache enable */
1641 case 0x82: /* write cache disable */
1642 case 0xaa: /* read look-ahead enable */
1643 case 0x55: /* read look-ahead disable */
e0fe67aa 1644 s->status = READY_STAT | SEEK_STAT;
34e538ae
FB		 1645 ide_set_irq(s);
1646 break;
94458802
FB		 1647 case 0x03: { /* set transfer mode */
1648 uint8_t val = s->nsector & 0x07;
1649
1650 switch (s->nsector >> 3) {
1651 case 0x00: /* pio default */
1652 case 0x01: /* pio mode */
1653 put_le16(s->identify_data + 63,0x07);
1654 put_le16(s->identify_data + 88,0x3f);
1655 break;
1656 case 0x04: /* mdma mode */
1657 put_le16(s->identify_data + 63,0x07 | (1 << (val + 8)));
1658 put_le16(s->identify_data + 88,0x3f);
1659 break;
1660 case 0x08: /* udma mode */
1661 put_le16(s->identify_data + 63,0x07);
1662 put_le16(s->identify_data + 88,0x3f | (1 << (val + 8)));
1663 break;
1664 default:
1665 goto abort_cmd;
1666 }
1667 s->status = READY_STAT | SEEK_STAT;
1668 ide_set_irq(s);
1669 break;
1670 }
34e538ae
FB		 1671 default:
1672 goto abort_cmd;
1673 }
1674 break;
a7dfe172 1675 case WIN_STANDBYNOW1:
c451ee71 1676 case WIN_IDLEIMMEDIATE:
5457c8ce 1677 case WIN_FLUSH_CACHE:
a7dfe172
FB		 1678 s->status = READY_STAT;
1679 ide_set_irq(s);
1680 break;
5391d806
FB		 1681 /* ATAPI commands */
1682 case WIN_PIDENTIFY:
1683 if (s->is_cdrom) {
1684 ide_atapi_identify(s);
1298fe63 1685 s->status = READY_STAT | SEEK_STAT;
5391d806
FB		 1686 ide_transfer_start(s, s->io_buffer, 512, ide_transfer_stop);
1687 } else {
1688 ide_abort_command(s);
1689 }
1690 ide_set_irq(s);
1691 break;
c451ee71
FB		 1692 case WIN_DIAGNOSE:
1693 ide_set_signature(s);
1694 s->status = 0x00; /* NOTE: READY is _not_ set */
1695 s->error = 0x01;
1696 break;
5391d806
FB		 1697 case WIN_SRST:
1698 if (!s->is_cdrom)
1699 goto abort_cmd;
1700 ide_set_signature(s);
6b136f9e 1701 s->status = 0x00; /* NOTE: READY is _not_ set */
5391d806
FB		 1702 s->error = 0x01;
1703 break;
1704 case WIN_PACKETCMD:
1705 if (!s->is_cdrom)
1706 goto abort_cmd;
98087450
FB		 1707 /* overlapping commands not supported */
1708 if (s->feature & 0x02)
5391d806 1709 goto abort_cmd;
98087450 1710 s->atapi_dma = s->feature & 1;
5391d806
FB		 1711 s->nsector = 1;
1712 ide_transfer_start(s, s->io_buffer, ATAPI_PACKET_SIZE,
1713 ide_atapi_cmd);
1714 break;
1715 default:
1716 abort_cmd:
1717 ide_abort_command(s);
1718 ide_set_irq(s);
1719 break;
1720 }
1721 }
1722}
1723
caed8802 1724static uint32_t ide_ioport_read(void *opaque, uint32_t addr1)
5391d806 1725{
7ae98627
FB		 1726 IDEState *ide_if = opaque;
1727 IDEState *s = ide_if->cur_drive;
5391d806
FB		 1728 uint32_t addr;
1729 int ret;
1730
1731 addr = addr1 & 7;
1732 switch(addr) {
1733 case 0:
1734 ret = 0xff;
1735 break;
1736 case 1:
7ae98627 1737 if (!ide_if[0].bs && !ide_if[1].bs)
c45c3d00
FB		 1738 ret = 0;
1739 else
1740 ret = s->error;
5391d806
FB		 1741 break;
1742 case 2:
7ae98627 1743 if (!ide_if[0].bs && !ide_if[1].bs)
c45c3d00
FB		 1744 ret = 0;
1745 else
1746 ret = s->nsector & 0xff;
5391d806
FB		 1747 break;
1748 case 3:
7ae98627 1749 if (!ide_if[0].bs && !ide_if[1].bs)
c45c3d00
FB		 1750 ret = 0;
1751 else
1752 ret = s->sector;
5391d806
FB		 1753 break;
1754 case 4:
7ae98627 1755 if (!ide_if[0].bs && !ide_if[1].bs)
c45c3d00
FB		 1756 ret = 0;
1757 else
1758 ret = s->lcyl;
5391d806
FB		 1759 break;
1760 case 5:
7ae98627 1761 if (!ide_if[0].bs && !ide_if[1].bs)
c45c3d00
FB		 1762 ret = 0;
1763 else
1764 ret = s->hcyl;
5391d806
FB		 1765 break;
1766 case 6:
7ae98627 1767 if (!ide_if[0].bs && !ide_if[1].bs)
c45c3d00
FB		 1768 ret = 0;
1769 else
7ae98627 1770 ret = s->select;
5391d806
FB		 1771 break;
1772 default:
1773 case 7:
66201e2d
FB		 1774 if ((!ide_if[0].bs && !ide_if[1].bs) ||
1775 (s != ide_if && !s->bs))
c45c3d00
FB		 1776 ret = 0;
1777 else
1778 ret = s->status;
5457c8ce 1779 s->set_irq(s->irq_opaque, s->irq, 0);
5391d806
FB		 1780 break;
1781 }
1782#ifdef DEBUG_IDE
1783 printf("ide: read addr=0x%x val=%02x\n", addr1, ret);
1784#endif
1785 return ret;
1786}
1787
caed8802 1788static uint32_t ide_status_read(void *opaque, uint32_t addr)
5391d806 1789{
7ae98627
FB		 1790 IDEState *ide_if = opaque;
1791 IDEState *s = ide_if->cur_drive;
5391d806 1792 int ret;
7ae98627 1793
66201e2d
FB		 1794 if ((!ide_if[0].bs && !ide_if[1].bs) ||
1795 (s != ide_if && !s->bs))
7ae98627
FB		 1796 ret = 0;
1797 else
1798 ret = s->status;
5391d806
FB		 1799#ifdef DEBUG_IDE
1800 printf("ide: read status addr=0x%x val=%02x\n", addr, ret);
1801#endif
1802 return ret;
1803}
1804
caed8802 1805static void ide_cmd_write(void *opaque, uint32_t addr, uint32_t val)
5391d806 1806{
caed8802 1807 IDEState *ide_if = opaque;
5391d806
FB		 1808 IDEState *s;
1809 int i;
1810
1811#ifdef DEBUG_IDE
1812 printf("ide: write control addr=0x%x val=%02x\n", addr, val);
1813#endif
1814 /* common for both drives */
1815 if (!(ide_if[0].cmd & IDE_CMD_RESET) &&
1816 (val & IDE_CMD_RESET)) {
1817 /* reset low to high */
1818 for(i = 0;i < 2; i++) {
1819 s = &ide_if[i];
1820 s->status = BUSY_STAT | SEEK_STAT;
1821 s->error = 0x01;
1822 }
1823 } else if ((ide_if[0].cmd & IDE_CMD_RESET) &&
1824 !(val & IDE_CMD_RESET)) {
1825 /* high to low */
1826 for(i = 0;i < 2; i++) {
1827 s = &ide_if[i];
6b136f9e
FB		 1828 if (s->is_cdrom)
1829 s->status = 0x00; /* NOTE: READY is _not_ set */
1830 else
56bf1d37 1831 s->status = READY_STAT | SEEK_STAT;
5391d806
FB		 1832 ide_set_signature(s);
1833 }
1834 }
1835
1836 ide_if[0].cmd = val;
1837 ide_if[1].cmd = val;
1838}
1839
caed8802 1840static void ide_data_writew(void *opaque, uint32_t addr, uint32_t val)
5391d806 1841{
caed8802 1842 IDEState *s = ((IDEState *)opaque)->cur_drive;
5391d806
FB		 1843 uint8_t *p;
1844
1845 p = s->data_ptr;
0c4ad8dc 1846 *(uint16_t *)p = le16_to_cpu(val);
5391d806
FB		 1847 p += 2;
1848 s->data_ptr = p;
1849 if (p >= s->data_end)
1850 s->end_transfer_func(s);
1851}
1852
caed8802 1853static uint32_t ide_data_readw(void *opaque, uint32_t addr)
5391d806 1854{
caed8802 1855 IDEState *s = ((IDEState *)opaque)->cur_drive;
5391d806
FB		 1856 uint8_t *p;
1857 int ret;
1858 p = s->data_ptr;
0c4ad8dc 1859 ret = cpu_to_le16(*(uint16_t *)p);
5391d806
FB		 1860 p += 2;
1861 s->data_ptr = p;
1862 if (p >= s->data_end)
1863 s->end_transfer_func(s);
1864 return ret;
1865}
1866
caed8802 1867static void ide_data_writel(void *opaque, uint32_t addr, uint32_t val)
5391d806 1868{
caed8802 1869 IDEState *s = ((IDEState *)opaque)->cur_drive;
5391d806
FB		 1870 uint8_t *p;
1871
1872 p = s->data_ptr;
0c4ad8dc 1873 *(uint32_t *)p = le32_to_cpu(val);
5391d806
FB		 1874 p += 4;
1875 s->data_ptr = p;
1876 if (p >= s->data_end)
1877 s->end_transfer_func(s);
1878}
1879
caed8802 1880static uint32_t ide_data_readl(void *opaque, uint32_t addr)
5391d806 1881{
caed8802 1882 IDEState *s = ((IDEState *)opaque)->cur_drive;
5391d806
FB		 1883 uint8_t *p;
1884 int ret;
1885
1886 p = s->data_ptr;
0c4ad8dc 1887 ret = cpu_to_le32(*(uint32_t *)p);
5391d806
FB		 1888 p += 4;
1889 s->data_ptr = p;
1890 if (p >= s->data_end)
1891 s->end_transfer_func(s);
1892 return ret;
1893}
1894
a7dfe172
FB		 1895static void ide_dummy_transfer_stop(IDEState *s)
1896{
1897 s->data_ptr = s->io_buffer;
1898 s->data_end = s->io_buffer;
1899 s->io_buffer[0] = 0xff;
1900 s->io_buffer[1] = 0xff;
1901 s->io_buffer[2] = 0xff;
1902 s->io_buffer[3] = 0xff;
1903}
1904
5391d806
FB		 1905static void ide_reset(IDEState *s)
1906{
1907 s->mult_sectors = MAX_MULT_SECTORS;
1908 s->cur_drive = s;
1909 s->select = 0xa0;
1910 s->status = READY_STAT;
1911 ide_set_signature(s);
a7dfe172
FB		 1912 /* init the transfer handler so that 0xffff is returned on data
1913 accesses */
1914 s->end_transfer_func = ide_dummy_transfer_stop;
1915 ide_dummy_transfer_stop(s);
5391d806
FB		 1916}
1917
1918struct partition {
1919 uint8_t boot_ind; /* 0x80 - active */
1920 uint8_t head; /* starting head */
1921 uint8_t sector; /* starting sector */
1922 uint8_t cyl; /* starting cylinder */
1923 uint8_t sys_ind; /* What partition type */
1924 uint8_t end_head; /* end head */
1925 uint8_t end_sector; /* end sector */
1926 uint8_t end_cyl; /* end cylinder */
1927 uint32_t start_sect; /* starting sector counting from 0 */
1928 uint32_t nr_sects; /* nr of sectors in partition */
1929} __attribute__((packed));
1930
bf1b938f
FB		 1931/* try to guess the disk logical geometry from the MSDOS partition table. Return 0 if OK, -1 if could not guess */
1932static int guess_disk_lchs(IDEState *s,
1933 int *pcylinders, int *pheads, int *psectors)
5391d806
FB		 1934{
1935 uint8_t buf[512];
46d4767d 1936 int ret, i, heads, sectors, cylinders;
5391d806
FB		 1937 struct partition *p;
1938 uint32_t nr_sects;
1939
5391d806
FB		 1940 ret = bdrv_read(s->bs, 0, buf, 1);
1941 if (ret < 0)
bf1b938f 1942 return -1;
5391d806
FB		 1943 /* test msdos magic */
1944 if (buf[510] != 0x55 || buf[511] != 0xaa)
bf1b938f 1945 return -1;
5391d806
FB		 1946 for(i = 0; i < 4; i++) {
1947 p = ((struct partition *)(buf + 0x1be)) + i;
0c4ad8dc 1948 nr_sects = le32_to_cpu(p->nr_sects);
5391d806
FB		 1949 if (nr_sects && p->end_head) {
1950 /* We make the assumption that the partition terminates on
1951 a cylinder boundary */
46d4767d 1952 heads = p->end_head + 1;
46d4767d
FB		 1953 sectors = p->end_sector & 63;
1954 if (sectors == 0)
1955 continue;
1956 cylinders = s->nb_sectors / (heads * sectors);
1957 if (cylinders < 1 || cylinders > 16383)
1958 continue;
bf1b938f
FB		 1959 *pheads = heads;
1960 *psectors = sectors;
1961 *pcylinders = cylinders;
5391d806 1962#if 0
bf1b938f
FB		 1963 printf("guessed geometry: LCHS=%d %d %d\n",
1964 cylinders, heads, sectors);
5391d806 1965#endif
bf1b938f 1966 return 0;
5391d806
FB		 1967 }
1968 }
bf1b938f 1969 return -1;
5391d806
FB		 1970}
1971
5457c8ce
FB		 1972static void ide_init2(IDEState *ide_state,
1973 BlockDriverState *hd0, BlockDriverState *hd1,
1974 SetIRQFunc *set_irq, void *irq_opaque, int irq)
5391d806 1975{
69b91039 1976 IDEState *s;
aedf5382 1977 static int drive_serial = 1;
bf1b938f 1978 int i, cylinders, heads, secs, translation;
5391d806 1979 int64_t nb_sectors;
5391d806 1980
caed8802
FB		 1981 for(i = 0; i < 2; i++) {
1982 s = ide_state + i;
1983 if (i == 0)
1984 s->bs = hd0;
1985 else
1986 s->bs = hd1;
5391d806
FB		 1987 if (s->bs) {
1988 bdrv_get_geometry(s->bs, &nb_sectors);
1989 s->nb_sectors = nb_sectors;
caed8802
FB		 1990 /* if a geometry hint is available, use it */
1991 bdrv_get_geometry_hint(s->bs, &cylinders, &heads, &secs);
1992 if (cylinders != 0) {
5391d806 1993 s->cylinders = cylinders;
caed8802
FB		 1994 s->heads = heads;
1995 s->sectors = secs;
1996 } else {
bf1b938f
FB		 1997 if (guess_disk_lchs(s, &cylinders, &heads, &secs) == 0) {
1998 if (heads > 16) {
1999 /* if heads > 16, it means that a BIOS LBA
2000 translation was active, so the default
2001 hardware geometry is OK */
2002 goto default_geometry;
2003 } else {
2004 s->cylinders = cylinders;
2005 s->heads = heads;
2006 s->sectors = secs;
2007 /* disable any translation to be in sync with
2008 the logical geometry */
2009 translation = bdrv_get_translation_hint(s->bs);
2010 if (translation == BIOS_ATA_TRANSLATION_AUTO) {
2011 bdrv_set_translation_hint(s->bs,
2012 BIOS_ATA_TRANSLATION_NONE);
2013 }
2014 }
2015 } else {
2016 default_geometry:
46d4767d 2017 /* if no geometry, use a standard physical disk geometry */
caed8802
FB		 2018 cylinders = nb_sectors / (16 * 63);
2019 if (cylinders > 16383)
2020 cylinders = 16383;
2021 else if (cylinders < 2)
2022 cylinders = 2;
2023 s->cylinders = cylinders;
2024 s->heads = 16;
2025 s->sectors = 63;
2026 }
769bec72 2027 bdrv_set_geometry_hint(s->bs, s->cylinders, s->heads, s->sectors);
caed8802
FB		 2028 }
2029 if (bdrv_get_type_hint(s->bs) == BDRV_TYPE_CDROM) {
2030 s->is_cdrom = 1;
2031 bdrv_set_change_cb(s->bs, cdrom_change_cb, s);
5391d806
FB		 2032 }
2033 }
aedf5382 2034 s->drive_serial = drive_serial++;
5457c8ce
FB		 2035 s->set_irq = set_irq;
2036 s->irq_opaque = irq_opaque;
caed8802 2037 s->irq = irq;
a09db21f
FB		 2038 s->sector_write_timer = qemu_new_timer(vm_clock,
2039 ide_sector_write_timer_cb, s);
5391d806
FB		 2040 ide_reset(s);
2041 }
69b91039
FB		 2042}
2043
34e538ae 2044static void ide_init_ioport(IDEState *ide_state, int iobase, int iobase2)
69b91039 2045{
caed8802
FB		 2046 register_ioport_write(iobase, 8, 1, ide_ioport_write, ide_state);
2047 register_ioport_read(iobase, 8, 1, ide_ioport_read, ide_state);
2048 if (iobase2) {
2049 register_ioport_read(iobase2, 1, 1, ide_status_read, ide_state);
2050 register_ioport_write(iobase2, 1, 1, ide_cmd_write, ide_state);
5391d806 2051 }
caed8802
FB		 2052
2053 /* data ports */
2054 register_ioport_write(iobase, 2, 2, ide_data_writew, ide_state);
2055 register_ioport_read(iobase, 2, 2, ide_data_readw, ide_state);
2056 register_ioport_write(iobase, 4, 4, ide_data_writel, ide_state);
2057 register_ioport_read(iobase, 4, 4, ide_data_readl, ide_state);
5391d806 2058}
69b91039 2059
34e538ae
FB		 2060/***********************************************************/
2061/* ISA IDE definitions */
2062
2063void isa_ide_init(int iobase, int iobase2, int irq,
2064 BlockDriverState *hd0, BlockDriverState *hd1)
2065{
2066 IDEState *ide_state;
2067
2068 ide_state = qemu_mallocz(sizeof(IDEState) * 2);
2069 if (!ide_state)
2070 return;
2071
3de388f6 2072 ide_init2(ide_state, hd0, hd1, pic_set_irq_new, isa_pic, irq);
34e538ae
FB		 2073 ide_init_ioport(ide_state, iobase, iobase2);
2074}
2075
69b91039
FB		 2076/***********************************************************/
2077/* PCI IDE definitions */
2078
5457c8ce
FB		 2079static void cmd646_update_irq(PCIIDEState *d);
2080
69b91039
FB		 2081static void ide_map(PCIDevice *pci_dev, int region_num,
2082 uint32_t addr, uint32_t size, int type)
2083{
2084 PCIIDEState *d = (PCIIDEState *)pci_dev;
2085 IDEState *ide_state;
2086
2087 if (region_num <= 3) {
2088 ide_state = &d->ide_if[(region_num >> 1) * 2];
2089 if (region_num & 1) {
2090 register_ioport_read(addr + 2, 1, 1, ide_status_read, ide_state);
2091 register_ioport_write(addr + 2, 1, 1, ide_cmd_write, ide_state);
2092 } else {
2093 register_ioport_write(addr, 8, 1, ide_ioport_write, ide_state);
2094 register_ioport_read(addr, 8, 1, ide_ioport_read, ide_state);
2095
2096 /* data ports */
2097 register_ioport_write(addr, 2, 2, ide_data_writew, ide_state);
2098 register_ioport_read(addr, 2, 2, ide_data_readw, ide_state);
2099 register_ioport_write(addr, 4, 4, ide_data_writel, ide_state);
2100 register_ioport_read(addr, 4, 4, ide_data_readl, ide_state);
2101 }
2102 }
2103}
2104
98087450
FB		 2105/* XXX: full callback usage to prepare non blocking I/Os support -
2106 error handling */
2107static void ide_dma_loop(BMDMAState *bm)
2108{
2109 struct {
2110 uint32_t addr;
2111 uint32_t size;
2112 } prd;
2113 target_phys_addr_t cur_addr;
2114 int len, i, len1;
2115
2116 cur_addr = bm->addr;
2117 /* at most one page to avoid hanging if erroneous parameters */
2118 for(i = 0; i < 512; i++) {
2119 cpu_physical_memory_read(cur_addr, (uint8_t *)&prd, 8);
2120 prd.addr = le32_to_cpu(prd.addr);
2121 prd.size = le32_to_cpu(prd.size);
2122#ifdef DEBUG_IDE
2123 printf("ide: dma: prd: %08x: addr=0x%08x size=0x%08x\n",
2124 (int)cur_addr, prd.addr, prd.size);
2125#endif
2126 len = prd.size & 0xfffe;
2127 if (len == 0)
2128 len = 0x10000;
2129 while (len > 0) {
2130 len1 = bm->dma_cb(bm->ide_if, prd.addr, len);
2131 if (len1 == 0)
2132 goto the_end;
2133 prd.addr += len1;
2134 len -= len1;
2135 }
2136 /* end of transfer */
2137 if (prd.size & 0x80000000)
2138 break;
2139 cur_addr += 8;
2140 }
2141 /* end of transfer */
2142 the_end:
2143 bm->status &= ~BM_STATUS_DMAING;
2144 bm->status |= BM_STATUS_INT;
2145 bm->dma_cb = NULL;
2146 bm->ide_if = NULL;
2147}
2148
2149static void ide_dma_start(IDEState *s, IDEDMAFunc *dma_cb)
2150{
2151 BMDMAState *bm = s->bmdma;
2152 if(!bm)
2153 return;
2154 bm->ide_if = s;
2155 bm->dma_cb = dma_cb;
2156 if (bm->status & BM_STATUS_DMAING) {
2157 ide_dma_loop(bm);
2158 }
2159}
2160
98087450
FB		 2161static void bmdma_cmd_writeb(void *opaque, uint32_t addr, uint32_t val)
2162{
2163 BMDMAState *bm = opaque;
2164#ifdef DEBUG_IDE
2165 printf("%s: 0x%08x\n", __func__, val);
2166#endif
2167 if (!(val & BM_CMD_START)) {
2168 /* XXX: do it better */
2169 bm->status &= ~BM_STATUS_DMAING;
2170 bm->cmd = val & 0x09;
2171 } else {
2172 bm->status |= BM_STATUS_DMAING;
2173 bm->cmd = val & 0x09;
2174 /* start dma transfer if possible */
2175 if (bm->dma_cb)
2176 ide_dma_loop(bm);
2177 }
2178}
2179
5457c8ce 2180static uint32_t bmdma_readb(void *opaque, uint32_t addr)
98087450
FB		 2181{
2182 BMDMAState *bm = opaque;
5457c8ce 2183 PCIIDEState *pci_dev;
98087450 2184 uint32_t val;
5457c8ce
FB		 2185
2186 switch(addr & 3) {
2187 case 0:
2188 val = bm->cmd;
2189 break;
2190 case 1:
2191 pci_dev = bm->pci_dev;
2192 if (pci_dev->type == IDE_TYPE_CMD646) {
2193 val = pci_dev->dev.config[MRDMODE];
2194 } else {
2195 val = 0xff;
2196 }
2197 break;
2198 case 2:
2199 val = bm->status;
2200 break;
2201 case 3:
2202 pci_dev = bm->pci_dev;
2203 if (pci_dev->type == IDE_TYPE_CMD646) {
2204 if (bm == &pci_dev->bmdma[0])
2205 val = pci_dev->dev.config[UDIDETCR0];
2206 else
2207 val = pci_dev->dev.config[UDIDETCR1];
2208 } else {
2209 val = 0xff;
2210 }
2211 break;
2212 default:
2213 val = 0xff;
2214 break;
2215 }
98087450 2216#ifdef DEBUG_IDE
5457c8ce 2217 printf("bmdma: readb 0x%02x : 0x%02x\n", addr, val);
98087450
FB		 2218#endif
2219 return val;
2220}
2221
5457c8ce 2222static void bmdma_writeb(void *opaque, uint32_t addr, uint32_t val)
98087450
FB		 2223{
2224 BMDMAState *bm = opaque;
5457c8ce 2225 PCIIDEState *pci_dev;
98087450 2226#ifdef DEBUG_IDE
5457c8ce 2227 printf("bmdma: writeb 0x%02x : 0x%02x\n", addr, val);
98087450 2228#endif
5457c8ce
FB		 2229 switch(addr & 3) {
2230 case 1:
2231 pci_dev = bm->pci_dev;
2232 if (pci_dev->type == IDE_TYPE_CMD646) {
2233 pci_dev->dev.config[MRDMODE] =
2234 (pci_dev->dev.config[MRDMODE] & ~0x30) | (val & 0x30);
2235 cmd646_update_irq(pci_dev);
2236 }
2237 break;
2238 case 2:
2239 bm->status = (val & 0x60) | (bm->status & 1) | (bm->status & ~val & 0x06);
2240 break;
2241 case 3:
2242 pci_dev = bm->pci_dev;
2243 if (pci_dev->type == IDE_TYPE_CMD646) {
2244 if (bm == &pci_dev->bmdma[0])
2245 pci_dev->dev.config[UDIDETCR0] = val;
2246 else
2247 pci_dev->dev.config[UDIDETCR1] = val;
2248 }
2249 break;
2250 }
98087450
FB		 2251}
2252
2253static uint32_t bmdma_addr_readl(void *opaque, uint32_t addr)
2254{
2255 BMDMAState *bm = opaque;
2256 uint32_t val;
2257 val = bm->addr;
2258#ifdef DEBUG_IDE
2259 printf("%s: 0x%08x\n", __func__, val);
2260#endif
2261 return val;
2262}
2263
2264static void bmdma_addr_writel(void *opaque, uint32_t addr, uint32_t val)
2265{
2266 BMDMAState *bm = opaque;
2267#ifdef DEBUG_IDE
2268 printf("%s: 0x%08x\n", __func__, val);
2269#endif
2270 bm->addr = val & ~3;
2271}
2272
2273static void bmdma_map(PCIDevice *pci_dev, int region_num,
2274 uint32_t addr, uint32_t size, int type)
2275{
2276 PCIIDEState *d = (PCIIDEState *)pci_dev;
2277 int i;
2278
2279 for(i = 0;i < 2; i++) {
2280 BMDMAState *bm = &d->bmdma[i];
2281 d->ide_if[2 * i].bmdma = bm;
2282 d->ide_if[2 * i + 1].bmdma = bm;
5457c8ce
FB		 2283 bm->pci_dev = (PCIIDEState *)pci_dev;
2284
98087450 2285 register_ioport_write(addr, 1, 1, bmdma_cmd_writeb, bm);
98087450 2286
5457c8ce
FB		 2287 register_ioport_write(addr + 1, 3, 1, bmdma_writeb, bm);
2288 register_ioport_read(addr, 4, 1, bmdma_readb, bm);
98087450
FB		 2289
2290 register_ioport_write(addr + 4, 4, 4, bmdma_addr_writel, bm);
2291 register_ioport_read(addr + 4, 4, 4, bmdma_addr_readl, bm);
2292 addr += 8;
2293 }
2294}
2295
5457c8ce
FB		 2296/* XXX: call it also when the MRDMODE is changed from the PCI config
2297 registers */
2298static void cmd646_update_irq(PCIIDEState *d)
2299{
2300 int pci_level;
2301 pci_level = ((d->dev.config[MRDMODE] & MRDMODE_INTR_CH0) &&
2302 !(d->dev.config[MRDMODE] & MRDMODE_BLK_CH0)) ||
2303 ((d->dev.config[MRDMODE] & MRDMODE_INTR_CH1) &&
2304 !(d->dev.config[MRDMODE] & MRDMODE_BLK_CH1));
2305 pci_set_irq((PCIDevice *)d, 0, pci_level);
2306}
2307
2308/* the PCI irq level is the logical OR of the two channels */
2309static void cmd646_set_irq(void *opaque, int channel, int level)
2310{
2311 PCIIDEState *d = opaque;
2312 int irq_mask;
2313
2314 irq_mask = MRDMODE_INTR_CH0 << channel;
2315 if (level)
2316 d->dev.config[MRDMODE] |= irq_mask;
2317 else
2318 d->dev.config[MRDMODE] &= ~irq_mask;
2319 cmd646_update_irq(d);
2320}
2321
2322/* CMD646 PCI IDE controller */
2323void pci_cmd646_ide_init(PCIBus *bus, BlockDriverState **hd_table,
2324 int secondary_ide_enabled)
69b91039
FB		 2325{
2326 PCIIDEState *d;
2327 uint8_t *pci_conf;
34e538ae
FB		 2328 int i;
2329
5457c8ce
FB		 2330 d = (PCIIDEState *)pci_register_device(bus, "CMD646 IDE",
2331 sizeof(PCIIDEState),
46e50e9d 2332 -1,
73c11f63 2333 NULL, NULL);
5457c8ce 2334 d->type = IDE_TYPE_CMD646;
69b91039 2335 pci_conf = d->dev.config;
5457c8ce
FB		 2336 pci_conf[0x00] = 0x95; // CMD646
2337 pci_conf[0x01] = 0x10;
2338 pci_conf[0x02] = 0x46;
2339 pci_conf[0x03] = 0x06;
2340
2341 pci_conf[0x08] = 0x07; // IDE controller revision
2342 pci_conf[0x09] = 0x8f;
2343
69b91039
FB		 2344 pci_conf[0x0a] = 0x01; // class_sub = PCI_IDE
2345 pci_conf[0x0b] = 0x01; // class_base = PCI_mass_storage
5457c8ce
FB		 2346 pci_conf[0x0e] = 0x00; // header_type
2347
2348 if (secondary_ide_enabled) {
2349 /* XXX: if not enabled, really disable the seconday IDE controller */
2350 pci_conf[0x51] = 0x80; /* enable IDE1 */
2351 }
69b91039
FB		 2352
2353 pci_register_io_region((PCIDevice *)d, 0, 0x8,
2354 PCI_ADDRESS_SPACE_IO, ide_map);
2355 pci_register_io_region((PCIDevice *)d, 1, 0x4,
2356 PCI_ADDRESS_SPACE_IO, ide_map);
2357 pci_register_io_region((PCIDevice *)d, 2, 0x8,
2358 PCI_ADDRESS_SPACE_IO, ide_map);
2359 pci_register_io_region((PCIDevice *)d, 3, 0x4,
2360 PCI_ADDRESS_SPACE_IO, ide_map);
98087450
FB		 2361 pci_register_io_region((PCIDevice *)d, 4, 0x10,
2362 PCI_ADDRESS_SPACE_IO, bmdma_map);
69b91039 2363
34e538ae 2364 pci_conf[0x3d] = 0x01; // interrupt on pin 1
5457c8ce 2365
34e538ae
FB		 2366 for(i = 0; i < 4; i++)
2367 d->ide_if[i].pci_dev = (PCIDevice *)d;
5457c8ce
FB		 2368 ide_init2(&d->ide_if[0], hd_table[0], hd_table[1],
2369 cmd646_set_irq, d, 0);
2370 ide_init2(&d->ide_if[2], hd_table[2], hd_table[3],
2371 cmd646_set_irq, d, 1);
34e538ae
FB		 2372}
2373
2374/* hd_table must contain 4 block drivers */
2375/* NOTE: for the PIIX3, the IRQs and IOports are hardcoded */
46e50e9d 2376void pci_piix3_ide_init(PCIBus *bus, BlockDriverState **hd_table)
34e538ae
FB		 2377{
2378 PCIIDEState *d;
2379 uint8_t *pci_conf;
2380
2381 /* register a function 1 of PIIX3 */
46e50e9d
FB		 2382 d = (PCIIDEState *)pci_register_device(bus, "PIIX3 IDE",
2383 sizeof(PCIIDEState),
2384 ((PCIDevice *)piix3_state)->devfn + 1,
34e538ae 2385 NULL, NULL);
5457c8ce
FB		 2386 d->type = IDE_TYPE_PIIX3;
2387
34e538ae
FB		 2388 pci_conf = d->dev.config;
2389 pci_conf[0x00] = 0x86; // Intel
2390 pci_conf[0x01] = 0x80;
2391 pci_conf[0x02] = 0x10;
2392 pci_conf[0x03] = 0x70;
92510b8c 2393 pci_conf[0x09] = 0x80; // legacy ATA mode
34e538ae
FB		 2394 pci_conf[0x0a] = 0x01; // class_sub = PCI_IDE
2395 pci_conf[0x0b] = 0x01; // class_base = PCI_mass_storage
2396 pci_conf[0x0e] = 0x00; // header_type
2397
98087450
FB		 2398 pci_register_io_region((PCIDevice *)d, 4, 0x10,
2399 PCI_ADDRESS_SPACE_IO, bmdma_map);
34e538ae 2400
5457c8ce 2401 ide_init2(&d->ide_if[0], hd_table[0], hd_table[1],
3de388f6 2402 pic_set_irq_new, isa_pic, 14);
5457c8ce 2403 ide_init2(&d->ide_if[2], hd_table[2], hd_table[3],
3de388f6 2404 pic_set_irq_new, isa_pic, 15);
34e538ae
FB		 2405 ide_init_ioport(&d->ide_if[0], 0x1f0, 0x3f6);
2406 ide_init_ioport(&d->ide_if[2], 0x170, 0x376);
69b91039 2407}
1ade1de2
FB		 2408
2409/***********************************************************/
2410/* MacIO based PowerPC IDE */
2411
2412/* PowerMac IDE memory IO */
2413static void pmac_ide_writeb (void *opaque,
2414 target_phys_addr_t addr, uint32_t val)
2415{
2416 addr = (addr & 0xFFF) >> 4;
2417 switch (addr) {
2418 case 1 ... 7:
2419 ide_ioport_write(opaque, addr, val);
2420 break;
2421 case 8:
2422 case 22:
2423 ide_cmd_write(opaque, 0, val);
2424 break;
2425 default:
2426 break;
2427 }
2428}
2429
2430static uint32_t pmac_ide_readb (void *opaque,target_phys_addr_t addr)
2431{
2432 uint8_t retval;
2433
2434 addr = (addr & 0xFFF) >> 4;
2435 switch (addr) {
2436 case 1 ... 7:
2437 retval = ide_ioport_read(opaque, addr);
2438 break;
2439 case 8:
2440 case 22:
2441 retval = ide_status_read(opaque, 0);
2442 break;
2443 default:
2444 retval = 0xFF;
2445 break;
2446 }
2447 return retval;
2448}
2449
2450static void pmac_ide_writew (void *opaque,
2451 target_phys_addr_t addr, uint32_t val)
2452{
2453 addr = (addr & 0xFFF) >> 4;
2454#ifdef TARGET_WORDS_BIGENDIAN
2455 val = bswap16(val);
2456#endif
2457 if (addr == 0) {
2458 ide_data_writew(opaque, 0, val);
2459 }
2460}
2461
2462static uint32_t pmac_ide_readw (void *opaque,target_phys_addr_t addr)
2463{
2464 uint16_t retval;
2465
2466 addr = (addr & 0xFFF) >> 4;
2467 if (addr == 0) {
2468 retval = ide_data_readw(opaque, 0);
2469 } else {
2470 retval = 0xFFFF;
2471 }
2472#ifdef TARGET_WORDS_BIGENDIAN
2473 retval = bswap16(retval);
2474#endif
2475 return retval;
2476}
2477
2478static void pmac_ide_writel (void *opaque,
2479 target_phys_addr_t addr, uint32_t val)
2480{
2481 addr = (addr & 0xFFF) >> 4;
2482#ifdef TARGET_WORDS_BIGENDIAN
2483 val = bswap32(val);
2484#endif
2485 if (addr == 0) {
2486 ide_data_writel(opaque, 0, val);
2487 }
2488}
2489
2490static uint32_t pmac_ide_readl (void *opaque,target_phys_addr_t addr)
2491{
2492 uint32_t retval;
2493
2494 addr = (addr & 0xFFF) >> 4;
2495 if (addr == 0) {
2496 retval = ide_data_readl(opaque, 0);
2497 } else {
2498 retval = 0xFFFFFFFF;
2499 }
2500#ifdef TARGET_WORDS_BIGENDIAN
2501 retval = bswap32(retval);
2502#endif
2503 return retval;
2504}
2505
2506static CPUWriteMemoryFunc *pmac_ide_write[] = {
2507 pmac_ide_writeb,
2508 pmac_ide_writew,
2509 pmac_ide_writel,
2510};
2511
2512static CPUReadMemoryFunc *pmac_ide_read[] = {
2513 pmac_ide_readb,
2514 pmac_ide_readw,
2515 pmac_ide_readl,
2516};
2517
2518/* hd_table must contain 4 block drivers */
2519/* PowerMac uses memory mapped registers, not I/O. Return the memory
2520 I/O index to access the ide. */
2521int pmac_ide_init (BlockDriverState **hd_table,
5457c8ce 2522 SetIRQFunc *set_irq, void *irq_opaque, int irq)
1ade1de2
FB		 2523{
2524 IDEState *ide_if;
2525 int pmac_ide_memory;
2526
2527 ide_if = qemu_mallocz(sizeof(IDEState) * 2);
5457c8ce
FB		 2528 ide_init2(&ide_if[0], hd_table[0], hd_table[1],
2529 set_irq, irq_opaque, irq);
1ade1de2
FB		 2530
2531 pmac_ide_memory = cpu_register_io_memory(0, pmac_ide_read,
2532 pmac_ide_write, &ide_if[0]);
2533 return pmac_ide_memory;
2534}
Qemu copy for testing