]> git.proxmox.com Git - qemu.git/blame - hw/ide.c
projects / qemu.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Rearrange PCI host emulation code.
[qemu.git] / hw / ide.c
CommitLineData
5391d806
FB		 1/*
2 * QEMU IDE disk and CD-ROM Emulator
3 *
4 * Copyright (c) 2003 Fabrice Bellard
5 *
6 * Permission is hereby granted, free of charge, to any person obtaining a copy
7 * of this software and associated documentation files (the "Software"), to deal
8 * in the Software without restriction, including without limitation the rights
9 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
10 * copies of the Software, and to permit persons to whom the Software is
11 * furnished to do so, subject to the following conditions:
12 *
13 * The above copyright notice and this permission notice shall be included in
14 * all copies or substantial portions of the Software.
15 *
16 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
17 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
18 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
19 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
20 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
21 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
22 * THE SOFTWARE.
23 */
5391d806
FB		 24#include "vl.h"
25
5391d806
FB		 26/* debug IDE devices */
27//#define DEBUG_IDE
28//#define DEBUG_IDE_ATAPI
29
30/* Bits of HD_STATUS */
31#define ERR_STAT 0x01
32#define INDEX_STAT 0x02
33#define ECC_STAT 0x04 /* Corrected error */
34#define DRQ_STAT 0x08
35#define SEEK_STAT 0x10
36#define SRV_STAT 0x10
37#define WRERR_STAT 0x20
38#define READY_STAT 0x40
39#define BUSY_STAT 0x80
40
41/* Bits for HD_ERROR */
42#define MARK_ERR 0x01 /* Bad address mark */
43#define TRK0_ERR 0x02 /* couldn't find track 0 */
44#define ABRT_ERR 0x04 /* Command aborted */
45#define MCR_ERR 0x08 /* media change request */
46#define ID_ERR 0x10 /* ID field not found */
47#define MC_ERR 0x20 /* media changed */
48#define ECC_ERR 0x40 /* Uncorrectable ECC error */
49#define BBD_ERR 0x80 /* pre-EIDE meaning: block marked bad */
50#define ICRC_ERR 0x80 /* new meaning: CRC error during transfer */
51
52/* Bits of HD_NSECTOR */
53#define CD 0x01
54#define IO 0x02
55#define REL 0x04
56#define TAG_MASK 0xf8
57
58#define IDE_CMD_RESET 0x04
59#define IDE_CMD_DISABLE_IRQ 0x02
60
61/* ATA/ATAPI Commands pre T13 Spec */
62#define WIN_NOP 0x00
63/*
64 * 0x01->0x02 Reserved
65 */
66#define CFA_REQ_EXT_ERROR_CODE 0x03 /* CFA Request Extended Error Code */
67/*
68 * 0x04->0x07 Reserved
69 */
70#define WIN_SRST 0x08 /* ATAPI soft reset command */
71#define WIN_DEVICE_RESET 0x08
72/*
73 * 0x09->0x0F Reserved
74 */
75#define WIN_RECAL 0x10
76#define WIN_RESTORE WIN_RECAL
77/*
78 * 0x10->0x1F Reserved
79 */
80#define WIN_READ 0x20 /* 28-Bit */
81#define WIN_READ_ONCE 0x21 /* 28-Bit without retries */
82#define WIN_READ_LONG 0x22 /* 28-Bit */
83#define WIN_READ_LONG_ONCE 0x23 /* 28-Bit without retries */
84#define WIN_READ_EXT 0x24 /* 48-Bit */
85#define WIN_READDMA_EXT 0x25 /* 48-Bit */
86#define WIN_READDMA_QUEUED_EXT 0x26 /* 48-Bit */
87#define WIN_READ_NATIVE_MAX_EXT 0x27 /* 48-Bit */
88/*
89 * 0x28
90 */
91#define WIN_MULTREAD_EXT 0x29 /* 48-Bit */
92/*
93 * 0x2A->0x2F Reserved
94 */
95#define WIN_WRITE 0x30 /* 28-Bit */
96#define WIN_WRITE_ONCE 0x31 /* 28-Bit without retries */
97#define WIN_WRITE_LONG 0x32 /* 28-Bit */
98#define WIN_WRITE_LONG_ONCE 0x33 /* 28-Bit without retries */
99#define WIN_WRITE_EXT 0x34 /* 48-Bit */
100#define WIN_WRITEDMA_EXT 0x35 /* 48-Bit */
101#define WIN_WRITEDMA_QUEUED_EXT 0x36 /* 48-Bit */
102#define WIN_SET_MAX_EXT 0x37 /* 48-Bit */
103#define CFA_WRITE_SECT_WO_ERASE 0x38 /* CFA Write Sectors without erase */
104#define WIN_MULTWRITE_EXT 0x39 /* 48-Bit */
105/*
106 * 0x3A->0x3B Reserved
107 */
108#define WIN_WRITE_VERIFY 0x3C /* 28-Bit */
109/*
110 * 0x3D->0x3F Reserved
111 */
112#define WIN_VERIFY 0x40 /* 28-Bit - Read Verify Sectors */
113#define WIN_VERIFY_ONCE 0x41 /* 28-Bit - without retries */
114#define WIN_VERIFY_EXT 0x42 /* 48-Bit */
115/*
116 * 0x43->0x4F Reserved
117 */
118#define WIN_FORMAT 0x50
119/*
120 * 0x51->0x5F Reserved
121 */
122#define WIN_INIT 0x60
123/*
124 * 0x61->0x5F Reserved
125 */
126#define WIN_SEEK 0x70 /* 0x70-0x7F Reserved */
127#define CFA_TRANSLATE_SECTOR 0x87 /* CFA Translate Sector */
128#define WIN_DIAGNOSE 0x90
129#define WIN_SPECIFY 0x91 /* set drive geometry translation */
130#define WIN_DOWNLOAD_MICROCODE 0x92
131#define WIN_STANDBYNOW2 0x94
132#define WIN_STANDBY2 0x96
133#define WIN_SETIDLE2 0x97
134#define WIN_CHECKPOWERMODE2 0x98
135#define WIN_SLEEPNOW2 0x99
136/*
137 * 0x9A VENDOR
138 */
139#define WIN_PACKETCMD 0xA0 /* Send a packet command. */
140#define WIN_PIDENTIFY 0xA1 /* identify ATAPI device */
141#define WIN_QUEUED_SERVICE 0xA2
142#define WIN_SMART 0xB0 /* self-monitoring and reporting */
143#define CFA_ERASE_SECTORS 0xC0
144#define WIN_MULTREAD 0xC4 /* read sectors using multiple mode*/
145#define WIN_MULTWRITE 0xC5 /* write sectors using multiple mode */
146#define WIN_SETMULT 0xC6 /* enable/disable multiple mode */
147#define WIN_READDMA_QUEUED 0xC7 /* read sectors using Queued DMA transfers */
148#define WIN_READDMA 0xC8 /* read sectors using DMA transfers */
149#define WIN_READDMA_ONCE 0xC9 /* 28-Bit - without retries */
150#define WIN_WRITEDMA 0xCA /* write sectors using DMA transfers */
151#define WIN_WRITEDMA_ONCE 0xCB /* 28-Bit - without retries */
152#define WIN_WRITEDMA_QUEUED 0xCC /* write sectors using Queued DMA transfers */
153#define CFA_WRITE_MULTI_WO_ERASE 0xCD /* CFA Write multiple without erase */
154#define WIN_GETMEDIASTATUS 0xDA
155#define WIN_ACKMEDIACHANGE 0xDB /* ATA-1, ATA-2 vendor */
156#define WIN_POSTBOOT 0xDC
157#define WIN_PREBOOT 0xDD
158#define WIN_DOORLOCK 0xDE /* lock door on removable drives */
159#define WIN_DOORUNLOCK 0xDF /* unlock door on removable drives */
160#define WIN_STANDBYNOW1 0xE0
161#define WIN_IDLEIMMEDIATE 0xE1 /* force drive to become "ready" */
162#define WIN_STANDBY 0xE2 /* Set device in Standby Mode */
163#define WIN_SETIDLE1 0xE3
164#define WIN_READ_BUFFER 0xE4 /* force read only 1 sector */
165#define WIN_CHECKPOWERMODE1 0xE5
166#define WIN_SLEEPNOW1 0xE6
167#define WIN_FLUSH_CACHE 0xE7
168#define WIN_WRITE_BUFFER 0xE8 /* force write only 1 sector */
169#define WIN_WRITE_SAME 0xE9 /* read ata-2 to use */
170 /* SET_FEATURES 0x22 or 0xDD */
171#define WIN_FLUSH_CACHE_EXT 0xEA /* 48-Bit */
172#define WIN_IDENTIFY 0xEC /* ask drive to identify itself */
173#define WIN_MEDIAEJECT 0xED
174#define WIN_IDENTIFY_DMA 0xEE /* same as WIN_IDENTIFY, but DMA */
175#define WIN_SETFEATURES 0xEF /* set special drive features */
176#define EXABYTE_ENABLE_NEST 0xF0
177#define WIN_SECURITY_SET_PASS 0xF1
178#define WIN_SECURITY_UNLOCK 0xF2
179#define WIN_SECURITY_ERASE_PREPARE 0xF3
180#define WIN_SECURITY_ERASE_UNIT 0xF4
181#define WIN_SECURITY_FREEZE_LOCK 0xF5
182#define WIN_SECURITY_DISABLE 0xF6
183#define WIN_READ_NATIVE_MAX 0xF8 /* return the native maximum address */
184#define WIN_SET_MAX 0xF9
185#define DISABLE_SEAGATE 0xFB
186
187/* set to 1 set disable mult support */
f66723fa 188#define MAX_MULT_SECTORS 16
5391d806
FB		 189
190/* ATAPI defines */
191
192#define ATAPI_PACKET_SIZE 12
193
194/* The generic packet command opcodes for CD/DVD Logical Units,
195 * From Table 57 of the SFF8090 Ver. 3 (Mt. Fuji) draft standard. */
196#define GPCMD_BLANK 0xa1
197#define GPCMD_CLOSE_TRACK 0x5b
198#define GPCMD_FLUSH_CACHE 0x35
199#define GPCMD_FORMAT_UNIT 0x04
200#define GPCMD_GET_CONFIGURATION 0x46
201#define GPCMD_GET_EVENT_STATUS_NOTIFICATION 0x4a
202#define GPCMD_GET_PERFORMANCE 0xac
203#define GPCMD_INQUIRY 0x12
204#define GPCMD_LOAD_UNLOAD 0xa6
205#define GPCMD_MECHANISM_STATUS 0xbd
206#define GPCMD_MODE_SELECT_10 0x55
207#define GPCMD_MODE_SENSE_10 0x5a
208#define GPCMD_PAUSE_RESUME 0x4b
209#define GPCMD_PLAY_AUDIO_10 0x45
210#define GPCMD_PLAY_AUDIO_MSF 0x47
211#define GPCMD_PLAY_AUDIO_TI 0x48
212#define GPCMD_PLAY_CD 0xbc
213#define GPCMD_PREVENT_ALLOW_MEDIUM_REMOVAL 0x1e
214#define GPCMD_READ_10 0x28
215#define GPCMD_READ_12 0xa8
216#define GPCMD_READ_CDVD_CAPACITY 0x25
217#define GPCMD_READ_CD 0xbe
218#define GPCMD_READ_CD_MSF 0xb9
219#define GPCMD_READ_DISC_INFO 0x51
220#define GPCMD_READ_DVD_STRUCTURE 0xad
221#define GPCMD_READ_FORMAT_CAPACITIES 0x23
222#define GPCMD_READ_HEADER 0x44
223#define GPCMD_READ_TRACK_RZONE_INFO 0x52
224#define GPCMD_READ_SUBCHANNEL 0x42
225#define GPCMD_READ_TOC_PMA_ATIP 0x43
226#define GPCMD_REPAIR_RZONE_TRACK 0x58
227#define GPCMD_REPORT_KEY 0xa4
228#define GPCMD_REQUEST_SENSE 0x03
229#define GPCMD_RESERVE_RZONE_TRACK 0x53
230#define GPCMD_SCAN 0xba
231#define GPCMD_SEEK 0x2b
232#define GPCMD_SEND_DVD_STRUCTURE 0xad
233#define GPCMD_SEND_EVENT 0xa2
234#define GPCMD_SEND_KEY 0xa3
235#define GPCMD_SEND_OPC 0x54
236#define GPCMD_SET_READ_AHEAD 0xa7
237#define GPCMD_SET_STREAMING 0xb6
238#define GPCMD_START_STOP_UNIT 0x1b
239#define GPCMD_STOP_PLAY_SCAN 0x4e
240#define GPCMD_TEST_UNIT_READY 0x00
241#define GPCMD_VERIFY_10 0x2f
242#define GPCMD_WRITE_10 0x2a
243#define GPCMD_WRITE_AND_VERIFY_10 0x2e
244/* This is listed as optional in ATAPI 2.6, but is (curiously)
245 * missing from Mt. Fuji, Table 57. It _is_ mentioned in Mt. Fuji
246 * Table 377 as an MMC command for SCSi devices though... Most ATAPI
247 * drives support it. */
248#define GPCMD_SET_SPEED 0xbb
249/* This seems to be a SCSI specific CD-ROM opcode
250 * to play data at track/index */
251#define GPCMD_PLAYAUDIO_TI 0x48
252/*
253 * From MS Media Status Notification Support Specification. For
254 * older drives only.
255 */
256#define GPCMD_GET_MEDIA_STATUS 0xda
257
258/* Mode page codes for mode sense/set */
259#define GPMODE_R_W_ERROR_PAGE 0x01
260#define GPMODE_WRITE_PARMS_PAGE 0x05
261#define GPMODE_AUDIO_CTL_PAGE 0x0e
262#define GPMODE_POWER_PAGE 0x1a
263#define GPMODE_FAULT_FAIL_PAGE 0x1c
264#define GPMODE_TO_PROTECT_PAGE 0x1d
265#define GPMODE_CAPABILITIES_PAGE 0x2a
266#define GPMODE_ALL_PAGES 0x3f
267/* Not in Mt. Fuji, but in ATAPI 2.6 -- depricated now in favor
268 * of MODE_SENSE_POWER_PAGE */
269#define GPMODE_CDROM_PAGE 0x0d
270
271#define ATAPI_INT_REASON_CD 0x01 /* 0 = data transfer */
272#define ATAPI_INT_REASON_IO 0x02 /* 1 = transfer to the host */
273#define ATAPI_INT_REASON_REL 0x04
274#define ATAPI_INT_REASON_TAG 0xf8
275
276/* same constants as bochs */
7f777bf3 277#define ASC_ILLEGAL_OPCODE 0x20
5391d806
FB		 278#define ASC_LOGICAL_BLOCK_OOR 0x21
279#define ASC_INV_FIELD_IN_CMD_PACKET 0x24
280#define ASC_MEDIUM_NOT_PRESENT 0x3a
281#define ASC_SAVING_PARAMETERS_NOT_SUPPORTED 0x39
282
283#define SENSE_NONE 0
284#define SENSE_NOT_READY 2
285#define SENSE_ILLEGAL_REQUEST 5
286#define SENSE_UNIT_ATTENTION 6
287
288struct IDEState;
289
290typedef void EndTransferFunc(struct IDEState *);
291
caed8802 292/* NOTE: IDEState represents in fact one drive */
5391d806
FB		 293typedef struct IDEState {
294 /* ide config */
295 int is_cdrom;
5391d806
FB		 296 int cylinders, heads, sectors;
297 int64_t nb_sectors;
298 int mult_sectors;
94458802
FB		 299 int identify_set;
300 uint16_t identify_data[256];
5457c8ce
FB		 301 SetIRQFunc *set_irq;
302 void *irq_opaque;
5391d806 303 int irq;
34e538ae 304 PCIDevice *pci_dev;
98087450 305 struct BMDMAState *bmdma;
aedf5382 306 int drive_serial;
5391d806
FB		 307 /* ide regs */
308 uint8_t feature;
309 uint8_t error;
c2ff060f 310 uint32_t nsector;
5391d806
FB		 311 uint8_t sector;
312 uint8_t lcyl;
313 uint8_t hcyl;
c2ff060f
FB		 314 /* other part of tf for lba48 support */
315 uint8_t hob_feature;
316 uint8_t hob_nsector;
317 uint8_t hob_sector;
318 uint8_t hob_lcyl;
319 uint8_t hob_hcyl;
320
5391d806
FB		 321 uint8_t select;
322 uint8_t status;
c2ff060f 323
5391d806
FB		 324 /* 0x3f6 command, only meaningful for drive 0 */
325 uint8_t cmd;
c2ff060f
FB		 326 /* set for lba48 access */
327 uint8_t lba48;
5391d806
FB		 328 /* depends on bit 4 in select, only meaningful for drive 0 */
329 struct IDEState *cur_drive;
330 BlockDriverState *bs;
331 /* ATAPI specific */
332 uint8_t sense_key;
333 uint8_t asc;
334 int packet_transfer_size;
335 int elementary_transfer_size;
336 int io_buffer_index;
337 int lba;
98087450
FB		 338 int cd_sector_size;
339 int atapi_dma; /* true if dma is requested for the packet cmd */
340 /* ATA DMA state */
341 int io_buffer_size;
342 /* PIO transfer handling */
5391d806
FB		 343 int req_nb_sectors; /* number of sectors per interrupt */
344 EndTransferFunc *end_transfer_func;
345 uint8_t *data_ptr;
346 uint8_t *data_end;
347 uint8_t io_buffer[MAX_MULT_SECTORS*512 + 4];
a09db21f 348 QEMUTimer *sector_write_timer; /* only used for win2k instal hack */
e774a278 349 uint32_t irq_count; /* counts IRQs when using win2k install hack */
5391d806
FB		 350} IDEState;
351
98087450
FB		 352#define BM_STATUS_DMAING 0x01
353#define BM_STATUS_ERROR 0x02
354#define BM_STATUS_INT 0x04
355
356#define BM_CMD_START 0x01
357#define BM_CMD_READ 0x08
358
5457c8ce
FB		 359#define IDE_TYPE_PIIX3 0
360#define IDE_TYPE_CMD646 1
361
362/* CMD646 specific */
363#define MRDMODE 0x71
364#define MRDMODE_INTR_CH0 0x04
365#define MRDMODE_INTR_CH1 0x08
366#define MRDMODE_BLK_CH0 0x10
367#define MRDMODE_BLK_CH1 0x20
368#define UDIDETCR0 0x73
369#define UDIDETCR1 0x7B
370
98087450
FB		 371typedef int IDEDMAFunc(IDEState *s,
372 target_phys_addr_t phys_addr,
373 int transfer_size1);
374
375typedef struct BMDMAState {
376 uint8_t cmd;
377 uint8_t status;
378 uint32_t addr;
5457c8ce
FB		 379
380 struct PCIIDEState *pci_dev;
98087450
FB		 381 /* current transfer state */
382 IDEState *ide_if;
383 IDEDMAFunc *dma_cb;
384} BMDMAState;
385
386typedef struct PCIIDEState {
387 PCIDevice dev;
388 IDEState ide_if[4];
389 BMDMAState bmdma[2];
5457c8ce 390 int type; /* see IDE_TYPE_xxx */
98087450
FB		 391} PCIIDEState;
392
393static void ide_dma_start(IDEState *s, IDEDMAFunc *dma_cb);
394
5391d806
FB		 395static void padstr(char *str, const char *src, int len)
396{
397 int i, v;
398 for(i = 0; i < len; i++) {
399 if (*src)
400 v = *src++;
401 else
402 v = ' ';
403 *(char *)((long)str ^ 1) = v;
404 str++;
405 }
406}
407
bd0d90b2
FB		 408static void padstr8(uint8_t *buf, int buf_size, const char *src)
409{
410 int i;
411 for(i = 0; i < buf_size; i++) {
412 if (*src)
413 buf[i] = *src++;
414 else
415 buf[i] = ' ';
416 }
417}
418
67b915a5
FB		 419static void put_le16(uint16_t *p, unsigned int v)
420{
0c4ad8dc 421 *p = cpu_to_le16(v);
67b915a5
FB		 422}
423
5391d806
FB		 424static void ide_identify(IDEState *s)
425{
426 uint16_t *p;
427 unsigned int oldsize;
aedf5382 428 char buf[20];
5391d806 429
94458802
FB		 430 if (s->identify_set) {
431 memcpy(s->io_buffer, s->identify_data, sizeof(s->identify_data));
432 return;
433 }
434
5391d806
FB		 435 memset(s->io_buffer, 0, 512);
436 p = (uint16_t *)s->io_buffer;
67b915a5
FB		 437 put_le16(p + 0, 0x0040);
438 put_le16(p + 1, s->cylinders);
439 put_le16(p + 3, s->heads);
440 put_le16(p + 4, 512 * s->sectors); /* XXX: retired, remove ? */
441 put_le16(p + 5, 512); /* XXX: retired, remove ? */
442 put_le16(p + 6, s->sectors);
aedf5382
FB		 443 snprintf(buf, sizeof(buf), "QM%05d", s->drive_serial);
444 padstr((uint8_t *)(p + 10), buf, 20); /* serial number */
67b915a5
FB		 445 put_le16(p + 20, 3); /* XXX: retired, remove ? */
446 put_le16(p + 21, 512); /* cache size in sectors */
447 put_le16(p + 22, 4); /* ecc bytes */
5391d806
FB		 448 padstr((uint8_t *)(p + 23), QEMU_VERSION, 8); /* firmware version */
449 padstr((uint8_t *)(p + 27), "QEMU HARDDISK", 40); /* model */
450#if MAX_MULT_SECTORS > 1
67b915a5 451 put_le16(p + 47, 0x8000 | MAX_MULT_SECTORS);
5391d806 452#endif
67b915a5 453 put_le16(p + 48, 1); /* dword I/O */
94458802 454 put_le16(p + 49, (1 << 11) | (1 << 9) | (1 << 8)); /* DMA and LBA supported */
67b915a5
FB		 455 put_le16(p + 51, 0x200); /* PIO transfer cycle */
456 put_le16(p + 52, 0x200); /* DMA transfer cycle */
94458802 457 put_le16(p + 53, 1 | (1 << 1) | (1 << 2)); /* words 54-58,64-70,88 are valid */
67b915a5
FB		 458 put_le16(p + 54, s->cylinders);
459 put_le16(p + 55, s->heads);
460 put_le16(p + 56, s->sectors);
5391d806 461 oldsize = s->cylinders * s->heads * s->sectors;
67b915a5
FB		 462 put_le16(p + 57, oldsize);
463 put_le16(p + 58, oldsize >> 16);
5391d806 464 if (s->mult_sectors)
67b915a5
FB		 465 put_le16(p + 59, 0x100 | s->mult_sectors);
466 put_le16(p + 60, s->nb_sectors);
467 put_le16(p + 61, s->nb_sectors >> 16);
94458802
FB		 468 put_le16(p + 63, 0x07); /* mdma0-2 supported */
469 put_le16(p + 65, 120);
470 put_le16(p + 66, 120);
471 put_le16(p + 67, 120);
472 put_le16(p + 68, 120);
473 put_le16(p + 80, 0xf0); /* ata3 -> ata6 supported */
474 put_le16(p + 81, 0x16); /* conforms to ata5 */
67b915a5 475 put_le16(p + 82, (1 << 14));
c2ff060f
FB		 476 /* 13=flush_cache_ext,12=flush_cache,10=lba48 */
477 put_le16(p + 83, (1 << 14) | (1 << 13) | (1 <<12) | (1 << 10));
67b915a5
FB		 478 put_le16(p + 84, (1 << 14));
479 put_le16(p + 85, (1 << 14));
c2ff060f
FB		 480 /* 13=flush_cache_ext,12=flush_cache,10=lba48 */
481 put_le16(p + 86, (1 << 14) | (1 << 13) | (1 <<12) | (1 << 10));
67b915a5 482 put_le16(p + 87, (1 << 14));
94458802
FB		 483 put_le16(p + 88, 0x3f | (1 << 13)); /* udma5 set and supported */
484 put_le16(p + 93, 1 | (1 << 14) | 0x2000);
c2ff060f
FB		 485 put_le16(p + 100, s->nb_sectors);
486 put_le16(p + 101, s->nb_sectors >> 16);
487 put_le16(p + 102, s->nb_sectors >> 32);
488 put_le16(p + 103, s->nb_sectors >> 48);
94458802
FB		 489
490 memcpy(s->identify_data, p, sizeof(s->identify_data));
491 s->identify_set = 1;
5391d806
FB		 492}
493
494static void ide_atapi_identify(IDEState *s)
495{
496 uint16_t *p;
aedf5382 497 char buf[20];
5391d806 498
94458802
FB		 499 if (s->identify_set) {
500 memcpy(s->io_buffer, s->identify_data, sizeof(s->identify_data));
501 return;
502 }
503
5391d806
FB		 504 memset(s->io_buffer, 0, 512);
505 p = (uint16_t *)s->io_buffer;
506 /* Removable CDROM, 50us response, 12 byte packets */
67b915a5 507 put_le16(p + 0, (2 << 14) | (5 << 8) | (1 << 7) | (2 << 5) | (0 << 0));
aedf5382
FB		 508 snprintf(buf, sizeof(buf), "QM%05d", s->drive_serial);
509 padstr((uint8_t *)(p + 10), buf, 20); /* serial number */
67b915a5
FB		 510 put_le16(p + 20, 3); /* buffer type */
511 put_le16(p + 21, 512); /* cache size in sectors */
512 put_le16(p + 22, 4); /* ecc bytes */
5391d806
FB		 513 padstr((uint8_t *)(p + 23), QEMU_VERSION, 8); /* firmware version */
514 padstr((uint8_t *)(p + 27), "QEMU CD-ROM", 40); /* model */
67b915a5
FB		 515 put_le16(p + 48, 1); /* dword I/O (XXX: should not be set on CDROM) */
516 put_le16(p + 49, 1 << 9); /* LBA supported, no DMA */
517 put_le16(p + 53, 3); /* words 64-70, 54-58 valid */
518 put_le16(p + 63, 0x103); /* DMA modes XXX: may be incorrect */
519 put_le16(p + 64, 1); /* PIO modes */
520 put_le16(p + 65, 0xb4); /* minimum DMA multiword tx cycle time */
521 put_le16(p + 66, 0xb4); /* recommended DMA multiword tx cycle time */
522 put_le16(p + 67, 0x12c); /* minimum PIO cycle time without flow control */
523 put_le16(p + 68, 0xb4); /* minimum PIO cycle time with IORDY flow control */
94458802 524
67b915a5
FB		 525 put_le16(p + 71, 30); /* in ns */
526 put_le16(p + 72, 30); /* in ns */
5391d806 527
67b915a5 528 put_le16(p + 80, 0x1e); /* support up to ATA/ATAPI-4 */
94458802
FB		 529
530 memcpy(s->identify_data, p, sizeof(s->identify_data));
531 s->identify_set = 1;
5391d806
FB		 532}
533
534static void ide_set_signature(IDEState *s)
535{
536 s->select &= 0xf0; /* clear head */
537 /* put signature */
538 s->nsector = 1;
539 s->sector = 1;
540 if (s->is_cdrom) {
541 s->lcyl = 0x14;
542 s->hcyl = 0xeb;
543 } else if (s->bs) {
544 s->lcyl = 0;
545 s->hcyl = 0;
546 } else {
547 s->lcyl = 0xff;
548 s->hcyl = 0xff;
549 }
550}
551
552static inline void ide_abort_command(IDEState *s)
553{
554 s->status = READY_STAT | ERR_STAT;
555 s->error = ABRT_ERR;
556}
557
558static inline void ide_set_irq(IDEState *s)
559{
98ff7d30 560 BMDMAState *bm = s->bmdma;
5391d806 561 if (!(s->cmd & IDE_CMD_DISABLE_IRQ)) {
5457c8ce 562 if (bm) {
98ff7d30 563 bm->status |= BM_STATUS_INT;
5457c8ce
FB		 564 }
565 s->set_irq(s->irq_opaque, s->irq, 1);
5391d806
FB		 566 }
567}
568
569/* prepare data transfer and tell what to do after */
570static void ide_transfer_start(IDEState *s, uint8_t *buf, int size,
571 EndTransferFunc *end_transfer_func)
572{
573 s->end_transfer_func = end_transfer_func;
574 s->data_ptr = buf;
575 s->data_end = buf + size;
576 s->status |= DRQ_STAT;
577}
578
579static void ide_transfer_stop(IDEState *s)
580{
581 s->end_transfer_func = ide_transfer_stop;
582 s->data_ptr = s->io_buffer;
583 s->data_end = s->io_buffer;
584 s->status &= ~DRQ_STAT;
585}
586
587static int64_t ide_get_sector(IDEState *s)
588{
589 int64_t sector_num;
590 if (s->select & 0x40) {
591 /* lba */
c2ff060f
FB		 592 if (!s->lba48) {
593 sector_num = ((s->select & 0x0f) << 24) | (s->hcyl << 16) |
594 (s->lcyl << 8) | s->sector;
595 } else {
596 sector_num = ((int64_t)s->hob_hcyl << 40) |
597 ((int64_t) s->hob_lcyl << 32) |
598 ((int64_t) s->hob_sector << 24) |
599 ((int64_t) s->hcyl << 16) |
600 ((int64_t) s->lcyl << 8) | s->sector;
601 }
5391d806
FB		 602 } else {
603 sector_num = ((s->hcyl << 8) | s->lcyl) * s->heads * s->sectors +
c2ff060f 604 (s->select & 0x0f) * s->sectors + (s->sector - 1);
5391d806
FB		 605 }
606 return sector_num;
607}
608
609static void ide_set_sector(IDEState *s, int64_t sector_num)
610{
611 unsigned int cyl, r;
612 if (s->select & 0x40) {
c2ff060f
FB		 613 if (!s->lba48) {
614 s->select = (s->select & 0xf0) | (sector_num >> 24);
615 s->hcyl = (sector_num >> 16);
616 s->lcyl = (sector_num >> 8);
617 s->sector = (sector_num);
618 } else {
619 s->sector = sector_num;
620 s->lcyl = sector_num >> 8;
621 s->hcyl = sector_num >> 16;
622 s->hob_sector = sector_num >> 24;
623 s->hob_lcyl = sector_num >> 32;
624 s->hob_hcyl = sector_num >> 40;
625 }
5391d806
FB		 626 } else {
627 cyl = sector_num / (s->heads * s->sectors);
628 r = sector_num % (s->heads * s->sectors);
629 s->hcyl = cyl >> 8;
630 s->lcyl = cyl;
1b8eb456 631 s->select = (s->select & 0xf0) | ((r / s->sectors) & 0x0f);
5391d806
FB		 632 s->sector = (r % s->sectors) + 1;
633 }
634}
635
636static void ide_sector_read(IDEState *s)
637{
638 int64_t sector_num;
639 int ret, n;
640
641 s->status = READY_STAT | SEEK_STAT;
a136e5a8 642 s->error = 0; /* not needed by IDE spec, but needed by Windows */
5391d806
FB		 643 sector_num = ide_get_sector(s);
644 n = s->nsector;
645 if (n == 0) {
646 /* no more sector to read from disk */
647 ide_transfer_stop(s);
648 } else {
649#if defined(DEBUG_IDE)
650 printf("read sector=%Ld\n", sector_num);
651#endif
652 if (n > s->req_nb_sectors)
653 n = s->req_nb_sectors;
654 ret = bdrv_read(s->bs, sector_num, s->io_buffer, n);
655 ide_transfer_start(s, s->io_buffer, 512 * n, ide_sector_read);
656 ide_set_irq(s);
657 ide_set_sector(s, sector_num + n);
658 s->nsector -= n;
659 }
660}
661
98087450
FB		 662static int ide_read_dma_cb(IDEState *s,
663 target_phys_addr_t phys_addr,
664 int transfer_size1)
665{
666 int len, transfer_size, n;
667 int64_t sector_num;
668
669 transfer_size = transfer_size1;
670 while (transfer_size > 0) {
671 len = s->io_buffer_size - s->io_buffer_index;
672 if (len <= 0) {
673 /* transfert next data */
674 n = s->nsector;
675 if (n == 0)
676 break;
677 if (n > MAX_MULT_SECTORS)
678 n = MAX_MULT_SECTORS;
679 sector_num = ide_get_sector(s);
680 bdrv_read(s->bs, sector_num, s->io_buffer, n);
681 s->io_buffer_index = 0;
682 s->io_buffer_size = n * 512;
683 len = s->io_buffer_size;
684 sector_num += n;
685 ide_set_sector(s, sector_num);
686 s->nsector -= n;
687 }
688 if (len > transfer_size)
689 len = transfer_size;
690 cpu_physical_memory_write(phys_addr,
691 s->io_buffer + s->io_buffer_index, len);
692 s->io_buffer_index += len;
693 transfer_size -= len;
694 phys_addr += len;
695 }
696 if (s->io_buffer_index >= s->io_buffer_size && s->nsector == 0) {
697 s->status = READY_STAT | SEEK_STAT;
698 ide_set_irq(s);
699#ifdef DEBUG_IDE_ATAPI
700 printf("dma status=0x%x\n", s->status);
701#endif
702 return 0;
703 }
704 return transfer_size1 - transfer_size;
705}
706
707static void ide_sector_read_dma(IDEState *s)
708{
709 s->status = READY_STAT | SEEK_STAT | DRQ_STAT;
710 s->io_buffer_index = 0;
711 s->io_buffer_size = 0;
712 ide_dma_start(s, ide_read_dma_cb);
713}
714
a09db21f
FB		 715static void ide_sector_write_timer_cb(void *opaque)
716{
717 IDEState *s = opaque;
718 ide_set_irq(s);
719}
720
5391d806
FB		 721static void ide_sector_write(IDEState *s)
722{
723 int64_t sector_num;
724 int ret, n, n1;
725
726 s->status = READY_STAT | SEEK_STAT;
727 sector_num = ide_get_sector(s);
728#if defined(DEBUG_IDE)
729 printf("write sector=%Ld\n", sector_num);
730#endif
731 n = s->nsector;
732 if (n > s->req_nb_sectors)
733 n = s->req_nb_sectors;
734 ret = bdrv_write(s->bs, sector_num, s->io_buffer, n);
735 s->nsector -= n;
736 if (s->nsector == 0) {
737 /* no more sector to write */
738 ide_transfer_stop(s);
739 } else {
740 n1 = s->nsector;
741 if (n1 > s->req_nb_sectors)
742 n1 = s->req_nb_sectors;
743 ide_transfer_start(s, s->io_buffer, 512 * n1, ide_sector_write);
744 }
745 ide_set_sector(s, sector_num + n);
a09db21f
FB		 746
747#ifdef TARGET_I386
e774a278 748 if (win2k_install_hack && ((++s->irq_count % 16) == 0)) {
a09db21f
FB		 749 /* It seems there is a bug in the Windows 2000 installer HDD
750 IDE driver which fills the disk with empty logs when the
751 IDE write IRQ comes too early. This hack tries to correct
752 that at the expense of slower write performances. Use this
753 option _only_ to install Windows 2000. You must disable it
754 for normal use. */
755 qemu_mod_timer(s->sector_write_timer,
756 qemu_get_clock(vm_clock) + (ticks_per_sec / 1000));
757 } else
758#endif
759 {
760 ide_set_irq(s);
761 }
5391d806
FB		 762}
763
98087450
FB		 764static int ide_write_dma_cb(IDEState *s,
765 target_phys_addr_t phys_addr,
766 int transfer_size1)
767{
768 int len, transfer_size, n;
769 int64_t sector_num;
770
771 transfer_size = transfer_size1;
772 for(;;) {
773 len = s->io_buffer_size - s->io_buffer_index;
774 if (len == 0) {
775 n = s->io_buffer_size >> 9;
776 sector_num = ide_get_sector(s);
777 bdrv_write(s->bs, sector_num, s->io_buffer,
778 s->io_buffer_size >> 9);
779 sector_num += n;
780 ide_set_sector(s, sector_num);
781 s->nsector -= n;
782 n = s->nsector;
783 if (n == 0) {
784 /* end of transfer */
785 s->status = READY_STAT | SEEK_STAT;
e774a278
FB		 786#ifdef TARGET_I386
787 if (win2k_install_hack && ((++s->irq_count % 16) == 0)) {
788 /* It seems there is a bug in the Windows 2000 installer
789 HDD IDE driver which fills the disk with empty logs
790 when the IDE write IRQ comes too early. This hack tries
791 to correct that at the expense of slower write
792 performances. Use this option _only_ to install Windows
793 2000. You must disable it for normal use. */
794 qemu_mod_timer(s->sector_write_timer,
795 qemu_get_clock(vm_clock) + (ticks_per_sec / 1000));
796 } else
797#endif
798 ide_set_irq(s);
98087450
FB		 799 return 0;
800 }
801 if (n > MAX_MULT_SECTORS)
802 n = MAX_MULT_SECTORS;
803 s->io_buffer_index = 0;
804 s->io_buffer_size = n * 512;
805 len = s->io_buffer_size;
806 }
807 if (transfer_size <= 0)
808 break;
809 if (len > transfer_size)
810 len = transfer_size;
811 cpu_physical_memory_read(phys_addr,
812 s->io_buffer + s->io_buffer_index, len);
813 s->io_buffer_index += len;
814 transfer_size -= len;
815 phys_addr += len;
816 }
817 return transfer_size1 - transfer_size;
818}
819
820static void ide_sector_write_dma(IDEState *s)
821{
822 int n;
823 s->status = READY_STAT | SEEK_STAT | DRQ_STAT;
824 n = s->nsector;
825 if (n > MAX_MULT_SECTORS)
826 n = MAX_MULT_SECTORS;
827 s->io_buffer_index = 0;
828 s->io_buffer_size = n * 512;
829 ide_dma_start(s, ide_write_dma_cb);
830}
831
5391d806
FB		 832static void ide_atapi_cmd_ok(IDEState *s)
833{
834 s->error = 0;
835 s->status = READY_STAT;
836 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
837 ide_set_irq(s);
838}
839
840static void ide_atapi_cmd_error(IDEState *s, int sense_key, int asc)
841{
842#ifdef DEBUG_IDE_ATAPI
843 printf("atapi_cmd_error: sense=0x%x asc=0x%x\n", sense_key, asc);
844#endif
845 s->error = sense_key << 4;
846 s->status = READY_STAT | ERR_STAT;
847 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
848 s->sense_key = sense_key;
849 s->asc = asc;
850 ide_set_irq(s);
851}
852
853static inline void cpu_to_ube16(uint8_t *buf, int val)
854{
855 buf[0] = val >> 8;
856 buf[1] = val;
857}
858
859static inline void cpu_to_ube32(uint8_t *buf, unsigned int val)
860{
861 buf[0] = val >> 24;
862 buf[1] = val >> 16;
863 buf[2] = val >> 8;
864 buf[3] = val;
865}
866
867static inline int ube16_to_cpu(const uint8_t *buf)
868{
869 return (buf[0] << 8) | buf[1];
870}
871
872static inline int ube32_to_cpu(const uint8_t *buf)
873{
874 return (buf[0] << 24) | (buf[1] << 16) | (buf[2] << 8) | buf[3];
875}
876
98087450
FB		 877static void lba_to_msf(uint8_t *buf, int lba)
878{
879 lba += 150;
880 buf[0] = (lba / 75) / 60;
881 buf[1] = (lba / 75) % 60;
882 buf[2] = lba % 75;
883}
884
885static void cd_read_sector(BlockDriverState *bs, int lba, uint8_t *buf,
886 int sector_size)
887{
888 switch(sector_size) {
889 case 2048:
890 bdrv_read(bs, (int64_t)lba << 2, buf, 4);
891 break;
892 case 2352:
893 /* sync bytes */
894 buf[0] = 0x00;
5457c8ce
FB		 895 memset(buf + 1, 0xff, 10);
896 buf[11] = 0x00;
98087450
FB		 897 buf += 12;
898 /* MSF */
899 lba_to_msf(buf, lba);
900 buf[3] = 0x01; /* mode 1 data */
901 buf += 4;
902 /* data */
903 bdrv_read(bs, (int64_t)lba << 2, buf, 4);
904 buf += 2048;
905 /* ECC */
906 memset(buf, 0, 288);
907 break;
908 default:
909 break;
910 }
911}
912
5391d806
FB		 913/* The whole ATAPI transfer logic is handled in this function */
914static void ide_atapi_cmd_reply_end(IDEState *s)
915{
916 int byte_count_limit, size;
917#ifdef DEBUG_IDE_ATAPI
918 printf("reply: tx_size=%d elem_tx_size=%d index=%d\n",
919 s->packet_transfer_size,
920 s->elementary_transfer_size,
921 s->io_buffer_index);
922#endif
923 if (s->packet_transfer_size <= 0) {
924 /* end of transfer */
925 ide_transfer_stop(s);
926 s->status = READY_STAT;
927 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
928 ide_set_irq(s);
929#ifdef DEBUG_IDE_ATAPI
930 printf("status=0x%x\n", s->status);
931#endif
932 } else {
933 /* see if a new sector must be read */
98087450
FB		 934 if (s->lba != -1 && s->io_buffer_index >= s->cd_sector_size) {
935 cd_read_sector(s->bs, s->lba, s->io_buffer, s->cd_sector_size);
5391d806
FB		 936 s->lba++;
937 s->io_buffer_index = 0;
938 }
939 if (s->elementary_transfer_size > 0) {
940 /* there are some data left to transmit in this elementary
941 transfer */
98087450 942 size = s->cd_sector_size - s->io_buffer_index;
5391d806
FB		 943 if (size > s->elementary_transfer_size)
944 size = s->elementary_transfer_size;
945 ide_transfer_start(s, s->io_buffer + s->io_buffer_index,
946 size, ide_atapi_cmd_reply_end);
947 s->packet_transfer_size -= size;
948 s->elementary_transfer_size -= size;
949 s->io_buffer_index += size;
950 } else {
951 /* a new transfer is needed */
952 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO;
953 byte_count_limit = s->lcyl | (s->hcyl << 8);
954#ifdef DEBUG_IDE_ATAPI
955 printf("byte_count_limit=%d\n", byte_count_limit);
956#endif
957 if (byte_count_limit == 0xffff)
958 byte_count_limit--;
959 size = s->packet_transfer_size;
960 if (size > byte_count_limit) {
961 /* byte count limit must be even if this case */
962 if (byte_count_limit & 1)
963 byte_count_limit--;
964 size = byte_count_limit;
5391d806 965 }
a136e5a8
FB		 966 s->lcyl = size;
967 s->hcyl = size >> 8;
5391d806
FB		 968 s->elementary_transfer_size = size;
969 /* we cannot transmit more than one sector at a time */
970 if (s->lba != -1) {
98087450
FB		 971 if (size > (s->cd_sector_size - s->io_buffer_index))
972 size = (s->cd_sector_size - s->io_buffer_index);
5391d806
FB		 973 }
974 ide_transfer_start(s, s->io_buffer + s->io_buffer_index,
975 size, ide_atapi_cmd_reply_end);
976 s->packet_transfer_size -= size;
977 s->elementary_transfer_size -= size;
978 s->io_buffer_index += size;
979 ide_set_irq(s);
980#ifdef DEBUG_IDE_ATAPI
981 printf("status=0x%x\n", s->status);
982#endif
983 }
984 }
985}
986
987/* send a reply of 'size' bytes in s->io_buffer to an ATAPI command */
988static void ide_atapi_cmd_reply(IDEState *s, int size, int max_size)
989{
990 if (size > max_size)
991 size = max_size;
992 s->lba = -1; /* no sector read */
993 s->packet_transfer_size = size;
994 s->elementary_transfer_size = 0;
995 s->io_buffer_index = 0;
996
997 s->status = READY_STAT;
998 ide_atapi_cmd_reply_end(s);
999}
1000
1001/* start a CD-CDROM read command */
98087450
FB		 1002static void ide_atapi_cmd_read_pio(IDEState *s, int lba, int nb_sectors,
1003 int sector_size)
5391d806 1004{
5391d806 1005 s->lba = lba;
98087450 1006 s->packet_transfer_size = nb_sectors * sector_size;
5391d806 1007 s->elementary_transfer_size = 0;
98087450
FB		 1008 s->io_buffer_index = sector_size;
1009 s->cd_sector_size = sector_size;
5391d806
FB		 1010
1011 s->status = READY_STAT;
1012 ide_atapi_cmd_reply_end(s);
1013}
1014
98087450
FB		 1015/* ATAPI DMA support */
1016static int ide_atapi_cmd_read_dma_cb(IDEState *s,
1017 target_phys_addr_t phys_addr,
1018 int transfer_size1)
1019{
1020 int len, transfer_size;
1021
1022 transfer_size = transfer_size1;
1023 while (transfer_size > 0) {
5457c8ce
FB		 1024#ifdef DEBUG_IDE_ATAPI
1025 printf("transfer_size: %d phys_addr=%08x\n", transfer_size, phys_addr);
1026#endif
98087450
FB		 1027 if (s->packet_transfer_size <= 0)
1028 break;
1029 len = s->cd_sector_size - s->io_buffer_index;
1030 if (len <= 0) {
1031 /* transfert next data */
1032 cd_read_sector(s->bs, s->lba, s->io_buffer, s->cd_sector_size);
1033 s->lba++;
1034 s->io_buffer_index = 0;
1035 len = s->cd_sector_size;
1036 }
1037 if (len > transfer_size)
1038 len = transfer_size;
1039 cpu_physical_memory_write(phys_addr,
1040 s->io_buffer + s->io_buffer_index, len);
1041 s->packet_transfer_size -= len;
1042 s->io_buffer_index += len;
1043 transfer_size -= len;
1044 phys_addr += len;
1045 }
1046 if (s->packet_transfer_size <= 0) {
1047 s->status = READY_STAT;
1048 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
1049 ide_set_irq(s);
1050#ifdef DEBUG_IDE_ATAPI
1051 printf("dma status=0x%x\n", s->status);
1052#endif
1053 return 0;
1054 }
1055 return transfer_size1 - transfer_size;
1056}
1057
1058/* start a CD-CDROM read command with DMA */
1059/* XXX: test if DMA is available */
1060static void ide_atapi_cmd_read_dma(IDEState *s, int lba, int nb_sectors,
1061 int sector_size)
1062{
1063 s->lba = lba;
1064 s->packet_transfer_size = nb_sectors * sector_size;
1065 s->io_buffer_index = sector_size;
1066 s->cd_sector_size = sector_size;
1067
1068 s->status = READY_STAT | DRQ_STAT;
1069 ide_dma_start(s, ide_atapi_cmd_read_dma_cb);
1070}
1071
1072static void ide_atapi_cmd_read(IDEState *s, int lba, int nb_sectors,
1073 int sector_size)
1074{
1075#ifdef DEBUG_IDE_ATAPI
1076 printf("read: LBA=%d nb_sectors=%d\n", lba, nb_sectors);
1077#endif
1078 if (s->atapi_dma) {
1079 ide_atapi_cmd_read_dma(s, lba, nb_sectors, sector_size);
1080 } else {
1081 ide_atapi_cmd_read_pio(s, lba, nb_sectors, sector_size);
1082 }
1083}
1084
5391d806 1085/* same toc as bochs. Return -1 if error or the toc length */
98087450 1086/* XXX: check this */
5391d806
FB		 1087static int cdrom_read_toc(IDEState *s, uint8_t *buf, int msf, int start_track)
1088{
1089 uint8_t *q;
1090 int nb_sectors, len;
1091
1092 if (start_track > 1 && start_track != 0xaa)
1093 return -1;
1094 q = buf + 2;
98087450
FB		 1095 *q++ = 1; /* first session */
1096 *q++ = 1; /* last session */
5391d806
FB		 1097 if (start_track <= 1) {
1098 *q++ = 0; /* reserved */
1099 *q++ = 0x14; /* ADR, control */
1100 *q++ = 1; /* track number */
1101 *q++ = 0; /* reserved */
1102 if (msf) {
1103 *q++ = 0; /* reserved */
5457c8ce
FB		 1104 lba_to_msf(q, 0);
1105 q += 3;
5391d806
FB		 1106 } else {
1107 /* sector 0 */
1108 cpu_to_ube32(q, 0);
1109 q += 4;
1110 }
1111 }
1112 /* lead out track */
1113 *q++ = 0; /* reserved */
1114 *q++ = 0x16; /* ADR, control */
1115 *q++ = 0xaa; /* track number */
1116 *q++ = 0; /* reserved */
1117 nb_sectors = s->nb_sectors >> 2;
1118 if (msf) {
1119 *q++ = 0; /* reserved */
98087450
FB		 1120 lba_to_msf(q, nb_sectors);
1121 q += 3;
1122 } else {
1123 cpu_to_ube32(q, nb_sectors);
1124 q += 4;
1125 }
1126 len = q - buf;
1127 cpu_to_ube16(buf, len - 2);
1128 return len;
1129}
1130
1131/* mostly same info as PearPc */
1132static int cdrom_read_toc_raw(IDEState *s, uint8_t *buf, int msf,
1133 int session_num)
1134{
1135 uint8_t *q;
1136 int nb_sectors, len;
1137
1138 q = buf + 2;
1139 *q++ = 1; /* first session */
1140 *q++ = 1; /* last session */
1141
1142 *q++ = 1; /* session number */
1143 *q++ = 0x14; /* data track */
1144 *q++ = 0; /* track number */
1145 *q++ = 0xa0; /* lead-in */
1146 *q++ = 0; /* min */
1147 *q++ = 0; /* sec */
1148 *q++ = 0; /* frame */
1149 *q++ = 0;
1150 *q++ = 1; /* first track */
1151 *q++ = 0x00; /* disk type */
1152 *q++ = 0x00;
1153
1154 *q++ = 1; /* session number */
1155 *q++ = 0x14; /* data track */
1156 *q++ = 0; /* track number */
1157 *q++ = 0xa1;
1158 *q++ = 0; /* min */
1159 *q++ = 0; /* sec */
1160 *q++ = 0; /* frame */
1161 *q++ = 0;
1162 *q++ = 1; /* last track */
1163 *q++ = 0x00;
1164 *q++ = 0x00;
1165
1166 *q++ = 1; /* session number */
1167 *q++ = 0x14; /* data track */
1168 *q++ = 0; /* track number */
1169 *q++ = 0xa2; /* lead-out */
1170 *q++ = 0; /* min */
1171 *q++ = 0; /* sec */
1172 *q++ = 0; /* frame */
1173 nb_sectors = s->nb_sectors >> 2;
1174 if (msf) {
1175 *q++ = 0; /* reserved */
1176 lba_to_msf(q, nb_sectors);
1177 q += 3;
5391d806
FB		 1178 } else {
1179 cpu_to_ube32(q, nb_sectors);
1180 q += 4;
1181 }
98087450
FB		 1182
1183 *q++ = 1; /* session number */
1184 *q++ = 0x14; /* ADR, control */
1185 *q++ = 0; /* track number */
1186 *q++ = 1; /* point */
1187 *q++ = 0; /* min */
1188 *q++ = 0; /* sec */
1189 *q++ = 0; /* frame */
a368741b
FB		 1190 if (msf) {
1191 *q++ = 0;
1192 lba_to_msf(q, 0);
1193 q += 3;
1194 } else {
1195 *q++ = 0;
1196 *q++ = 0;
1197 *q++ = 0;
1198 *q++ = 0;
1199 }
98087450 1200
5391d806
FB		 1201 len = q - buf;
1202 cpu_to_ube16(buf, len - 2);
1203 return len;
1204}
1205
1206static void ide_atapi_cmd(IDEState *s)
1207{
1208 const uint8_t *packet;
1209 uint8_t *buf;
1210 int max_len;
1211
1212 packet = s->io_buffer;
1213 buf = s->io_buffer;
1214#ifdef DEBUG_IDE_ATAPI
1215 {
1216 int i;
1217 printf("ATAPI limit=0x%x packet:", s->lcyl | (s->hcyl << 8));
1218 for(i = 0; i < ATAPI_PACKET_SIZE; i++) {
1219 printf(" %02x", packet[i]);
1220 }
1221 printf("\n");
1222 }
1223#endif
1224 switch(s->io_buffer[0]) {
1225 case GPCMD_TEST_UNIT_READY:
caed8802 1226 if (bdrv_is_inserted(s->bs)) {
5391d806
FB		 1227 ide_atapi_cmd_ok(s);
1228 } else {
1229 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1230 ASC_MEDIUM_NOT_PRESENT);
1231 }
1232 break;
1233 case GPCMD_MODE_SENSE_10:
1234 {
1235 int action, code;
1236 max_len = ube16_to_cpu(packet + 7);
1237 action = packet[2] >> 6;
1238 code = packet[2] & 0x3f;
1239 switch(action) {
1240 case 0: /* current values */
1241 switch(code) {
1242 case 0x01: /* error recovery */
1243 cpu_to_ube16(&buf[0], 16 + 6);
1244 buf[2] = 0x70;
1245 buf[3] = 0;
1246 buf[4] = 0;
1247 buf[5] = 0;
1248 buf[6] = 0;
1249 buf[7] = 0;
1250
1251 buf[8] = 0x01;
1252 buf[9] = 0x06;
1253 buf[10] = 0x00;
1254 buf[11] = 0x05;
1255 buf[12] = 0x00;
1256 buf[13] = 0x00;
1257 buf[14] = 0x00;
1258 buf[15] = 0x00;
1259 ide_atapi_cmd_reply(s, 16, max_len);
1260 break;
1261 case 0x2a:
1262 cpu_to_ube16(&buf[0], 28 + 6);
1263 buf[2] = 0x70;
1264 buf[3] = 0;
1265 buf[4] = 0;
1266 buf[5] = 0;
1267 buf[6] = 0;
1268 buf[7] = 0;
1269
1270 buf[8] = 0x2a;
1271 buf[9] = 0x12;
1272 buf[10] = 0x00;
1273 buf[11] = 0x00;
1274
1275 buf[12] = 0x70;
1276 buf[13] = 3 << 5;
1277 buf[14] = (1 << 0) | (1 << 3) | (1 << 5);
caed8802 1278 if (bdrv_is_locked(s->bs))
5391d806
FB		 1279 buf[6] |= 1 << 1;
1280 buf[15] = 0x00;
1281 cpu_to_ube16(&buf[16], 706);
1282 buf[18] = 0;
1283 buf[19] = 2;
1284 cpu_to_ube16(&buf[20], 512);
1285 cpu_to_ube16(&buf[22], 706);
1286 buf[24] = 0;
1287 buf[25] = 0;
1288 buf[26] = 0;
1289 buf[27] = 0;
1290 ide_atapi_cmd_reply(s, 28, max_len);
1291 break;
1292 default:
1293 goto error_cmd;
1294 }
1295 break;
1296 case 1: /* changeable values */
1297 goto error_cmd;
1298 case 2: /* default values */
1299 goto error_cmd;
1300 default:
1301 case 3: /* saved values */
1302 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1303 ASC_SAVING_PARAMETERS_NOT_SUPPORTED);
1304 break;
1305 }
1306 }
1307 break;
1308 case GPCMD_REQUEST_SENSE:
1309 max_len = packet[4];
1310 memset(buf, 0, 18);
1311 buf[0] = 0x70 | (1 << 7);
1312 buf[2] = s->sense_key;
1313 buf[7] = 10;
1314 buf[12] = s->asc;
1315 ide_atapi_cmd_reply(s, 18, max_len);
1316 break;
1317 case GPCMD_PREVENT_ALLOW_MEDIUM_REMOVAL:
caed8802
FB		 1318 if (bdrv_is_inserted(s->bs)) {
1319 bdrv_set_locked(s->bs, packet[4] & 1);
5391d806
FB		 1320 ide_atapi_cmd_ok(s);
1321 } else {
1322 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1323 ASC_MEDIUM_NOT_PRESENT);
1324 }
1325 break;
1326 case GPCMD_READ_10:
1327 case GPCMD_READ_12:
1328 {
1329 int nb_sectors, lba;
1330
caed8802 1331 if (!bdrv_is_inserted(s->bs)) {
5391d806
FB		 1332 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1333 ASC_MEDIUM_NOT_PRESENT);
1334 break;
1335 }
1336 if (packet[0] == GPCMD_READ_10)
1337 nb_sectors = ube16_to_cpu(packet + 7);
1338 else
1339 nb_sectors = ube32_to_cpu(packet + 6);
1340 lba = ube32_to_cpu(packet + 2);
1341 if (nb_sectors == 0) {
1342 ide_atapi_cmd_ok(s);
1343 break;
1344 }
1345 if (((int64_t)(lba + nb_sectors) << 2) > s->nb_sectors) {
1346 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1347 ASC_LOGICAL_BLOCK_OOR);
1348 break;
1349 }
98087450
FB		 1350 ide_atapi_cmd_read(s, lba, nb_sectors, 2048);
1351 }
1352 break;
1353 case GPCMD_READ_CD:
1354 {
1355 int nb_sectors, lba, transfer_request;
1356
1357 if (!bdrv_is_inserted(s->bs)) {
1358 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1359 ASC_MEDIUM_NOT_PRESENT);
1360 break;
1361 }
1362 nb_sectors = (packet[6] << 16) | (packet[7] << 8) | packet[8];
1363 lba = ube32_to_cpu(packet + 2);
1364 if (nb_sectors == 0) {
1365 ide_atapi_cmd_ok(s);
1366 break;
1367 }
1368 if (((int64_t)(lba + nb_sectors) << 2) > s->nb_sectors) {
1369 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1370 ASC_LOGICAL_BLOCK_OOR);
1371 break;
1372 }
1373 transfer_request = packet[9];
1374 switch(transfer_request & 0xf8) {
1375 case 0x00:
1376 /* nothing */
1377 ide_atapi_cmd_ok(s);
1378 break;
1379 case 0x10:
1380 /* normal read */
1381 ide_atapi_cmd_read(s, lba, nb_sectors, 2048);
1382 break;
1383 case 0xf8:
1384 /* read all data */
1385 ide_atapi_cmd_read(s, lba, nb_sectors, 2352);
1386 break;
1387 default:
1388 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1389 ASC_INV_FIELD_IN_CMD_PACKET);
1390 break;
1391 }
5391d806
FB		 1392 }
1393 break;
1394 case GPCMD_SEEK:
1395 {
1396 int lba;
caed8802 1397 if (!bdrv_is_inserted(s->bs)) {
5391d806
FB		 1398 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1399 ASC_MEDIUM_NOT_PRESENT);
1400 break;
1401 }
1402 lba = ube32_to_cpu(packet + 2);
1403 if (((int64_t)lba << 2) > s->nb_sectors) {
1404 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1405 ASC_LOGICAL_BLOCK_OOR);
1406 break;
1407 }
1408 ide_atapi_cmd_ok(s);
1409 }
1410 break;
1411 case GPCMD_START_STOP_UNIT:
1412 {
1413 int start, eject;
1414 start = packet[4] & 1;
1415 eject = (packet[4] >> 1) & 1;
1416
caed8802
FB		 1417 if (eject && !start) {
1418 /* eject the disk */
1419 bdrv_close(s->bs);
1420 }
5391d806
FB		 1421 ide_atapi_cmd_ok(s);
1422 }
1423 break;
1424 case GPCMD_MECHANISM_STATUS:
1425 {
1426 max_len = ube16_to_cpu(packet + 8);
1427 cpu_to_ube16(buf, 0);
1428 /* no current LBA */
1429 buf[2] = 0;
1430 buf[3] = 0;
1431 buf[4] = 0;
1432 buf[5] = 1;
1433 cpu_to_ube16(buf + 6, 0);
1434 ide_atapi_cmd_reply(s, 8, max_len);
1435 }
1436 break;
1437 case GPCMD_READ_TOC_PMA_ATIP:
1438 {
1439 int format, msf, start_track, len;
1440
caed8802 1441 if (!bdrv_is_inserted(s->bs)) {
5391d806
FB		 1442 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1443 ASC_MEDIUM_NOT_PRESENT);
1444 break;
1445 }
1446 max_len = ube16_to_cpu(packet + 7);
1447 format = packet[9] >> 6;
1448 msf = (packet[1] >> 1) & 1;
1449 start_track = packet[6];
1450 switch(format) {
1451 case 0:
1452 len = cdrom_read_toc(s, buf, msf, start_track);
1453 if (len < 0)
1454 goto error_cmd;
1455 ide_atapi_cmd_reply(s, len, max_len);
1456 break;
1457 case 1:
1458 /* multi session : only a single session defined */
1459 memset(buf, 0, 12);
1460 buf[1] = 0x0a;
1461 buf[2] = 0x01;
1462 buf[3] = 0x01;
1463 ide_atapi_cmd_reply(s, 12, max_len);
1464 break;
98087450
FB		 1465 case 2:
1466 len = cdrom_read_toc_raw(s, buf, msf, start_track);
1467 if (len < 0)
1468 goto error_cmd;
1469 ide_atapi_cmd_reply(s, len, max_len);
1470 break;
5391d806 1471 default:
7f777bf3
FB		 1472 error_cmd:
1473 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1474 ASC_INV_FIELD_IN_CMD_PACKET);
1475 break;
5391d806
FB		 1476 }
1477 }
1478 break;
1479 case GPCMD_READ_CDVD_CAPACITY:
caed8802 1480 if (!bdrv_is_inserted(s->bs)) {
5391d806
FB		 1481 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1482 ASC_MEDIUM_NOT_PRESENT);
1483 break;
1484 }
1485 /* NOTE: it is really the number of sectors minus 1 */
1486 cpu_to_ube32(buf, (s->nb_sectors >> 2) - 1);
1487 cpu_to_ube32(buf + 4, 2048);
1488 ide_atapi_cmd_reply(s, 8, 8);
1489 break;
bd0d90b2
FB		 1490 case GPCMD_INQUIRY:
1491 max_len = packet[4];
1492 buf[0] = 0x05; /* CD-ROM */
1493 buf[1] = 0x80; /* removable */
1494 buf[2] = 0x00; /* ISO */
1495 buf[3] = 0x21; /* ATAPI-2 (XXX: put ATAPI-4 ?) */
1496 buf[4] = 31; /* additionnal length */
1497 buf[5] = 0; /* reserved */
1498 buf[6] = 0; /* reserved */
1499 buf[7] = 0; /* reserved */
1500 padstr8(buf + 8, 8, "QEMU");
1501 padstr8(buf + 16, 16, "QEMU CD-ROM");
1502 padstr8(buf + 32, 4, QEMU_VERSION);
1503 ide_atapi_cmd_reply(s, 36, max_len);
1504 break;
5391d806 1505 default:
5391d806 1506 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
7f777bf3 1507 ASC_ILLEGAL_OPCODE);
5391d806
FB		 1508 break;
1509 }
1510}
1511
caed8802
FB		 1512/* called when the inserted state of the media has changed */
1513static void cdrom_change_cb(void *opaque)
5391d806 1514{
caed8802
FB		 1515 IDEState *s = opaque;
1516 int64_t nb_sectors;
1517
1518 /* XXX: send interrupt too */
1519 bdrv_get_geometry(s->bs, &nb_sectors);
1520 s->nb_sectors = nb_sectors;
1521}
1522
c2ff060f
FB		 1523static void ide_cmd_lba48_transform(IDEState *s, int lba48)
1524{
1525 s->lba48 = lba48;
1526
1527 /* handle the 'magic' 0 nsector count conversion here. to avoid
1528 * fiddling with the rest of the read logic, we just store the
1529 * full sector count in ->nsector and ignore ->hob_nsector from now
1530 */
1531 if (!s->lba48) {
1532 if (!s->nsector)
1533 s->nsector = 256;
1534 } else {
1535 if (!s->nsector && !s->hob_nsector)
1536 s->nsector = 65536;
1537 else {
1538 int lo = s->nsector;
1539 int hi = s->hob_nsector;
1540
1541 s->nsector = (hi << 8) | lo;
1542 }
1543 }
1544}
1545
1546static void ide_clear_hob(IDEState *ide_if)
1547{
1548 /* any write clears HOB high bit of device control register */
1549 ide_if[0].select &= ~(1 << 7);
1550 ide_if[1].select &= ~(1 << 7);
1551}
1552
caed8802
FB		 1553static void ide_ioport_write(void *opaque, uint32_t addr, uint32_t val)
1554{
1555 IDEState *ide_if = opaque;
c45c3d00 1556 IDEState *s;
5391d806 1557 int unit, n;
c2ff060f 1558 int lba48 = 0;
5391d806
FB		 1559
1560#ifdef DEBUG_IDE
1561 printf("IDE: write addr=0x%x val=0x%02x\n", addr, val);
1562#endif
c2ff060f 1563
5391d806
FB		 1564 addr &= 7;
1565 switch(addr) {
1566 case 0:
1567 break;
1568 case 1:
c2ff060f 1569 ide_clear_hob(ide_if);
c45c3d00 1570 /* NOTE: data is written to the two drives */
c2ff060f
FB		 1571 ide_if[0].hob_feature = ide_if[0].feature;
1572 ide_if[1].hob_feature = ide_if[1].feature;
c45c3d00
FB		 1573 ide_if[0].feature = val;
1574 ide_if[1].feature = val;
5391d806
FB		 1575 break;
1576 case 2:
c2ff060f
FB		 1577 ide_clear_hob(ide_if);
1578 ide_if[0].hob_nsector = ide_if[0].nsector;
1579 ide_if[1].hob_nsector = ide_if[1].nsector;
c45c3d00
FB		 1580 ide_if[0].nsector = val;
1581 ide_if[1].nsector = val;
5391d806
FB		 1582 break;
1583 case 3:
c2ff060f
FB		 1584 ide_clear_hob(ide_if);
1585 ide_if[0].hob_sector = ide_if[0].sector;
1586 ide_if[1].hob_sector = ide_if[1].sector;
c45c3d00
FB		 1587 ide_if[0].sector = val;
1588 ide_if[1].sector = val;
5391d806
FB		 1589 break;
1590 case 4:
c2ff060f
FB		 1591 ide_clear_hob(ide_if);
1592 ide_if[0].hob_lcyl = ide_if[0].lcyl;
1593 ide_if[1].hob_lcyl = ide_if[1].lcyl;
c45c3d00
FB		 1594 ide_if[0].lcyl = val;
1595 ide_if[1].lcyl = val;
5391d806
FB		 1596 break;
1597 case 5:
c2ff060f
FB		 1598 ide_clear_hob(ide_if);
1599 ide_if[0].hob_hcyl = ide_if[0].hcyl;
1600 ide_if[1].hob_hcyl = ide_if[1].hcyl;
c45c3d00
FB		 1601 ide_if[0].hcyl = val;
1602 ide_if[1].hcyl = val;
5391d806
FB		 1603 break;
1604 case 6:
c2ff060f 1605 /* FIXME: HOB readback uses bit 7 */
7ae98627
FB		 1606 ide_if[0].select = (val & ~0x10) | 0xa0;
1607 ide_if[1].select = (val | 0x10) | 0xa0;
5391d806
FB		 1608 /* select drive */
1609 unit = (val >> 4) & 1;
1610 s = ide_if + unit;
1611 ide_if->cur_drive = s;
5391d806
FB		 1612 break;
1613 default:
1614 case 7:
1615 /* command */
1616#if defined(DEBUG_IDE)
1617 printf("ide: CMD=%02x\n", val);
1618#endif
c45c3d00 1619 s = ide_if->cur_drive;
66201e2d
FB		 1620 /* ignore commands to non existant slave */
1621 if (s != ide_if && !s->bs)
1622 break;
c2ff060f 1623
5391d806
FB		 1624 switch(val) {
1625 case WIN_IDENTIFY:
1626 if (s->bs && !s->is_cdrom) {
1627 ide_identify(s);
2a282056 1628 s->status = READY_STAT | SEEK_STAT;
5391d806
FB		 1629 ide_transfer_start(s, s->io_buffer, 512, ide_transfer_stop);
1630 } else {
1631 if (s->is_cdrom) {
1632 ide_set_signature(s);
1633 }
1634 ide_abort_command(s);
1635 }
1636 ide_set_irq(s);
1637 break;
1638 case WIN_SPECIFY:
1639 case WIN_RECAL:
a136e5a8 1640 s->error = 0;
769bec72 1641 s->status = READY_STAT | SEEK_STAT;
5391d806
FB		 1642 ide_set_irq(s);
1643 break;
1644 case WIN_SETMULT:
1645 if (s->nsector > MAX_MULT_SECTORS ||
1646 s->nsector == 0 ||
1647 (s->nsector & (s->nsector - 1)) != 0) {
1648 ide_abort_command(s);
1649 } else {
1650 s->mult_sectors = s->nsector;
1651 s->status = READY_STAT;
1652 }
1653 ide_set_irq(s);
1654 break;
c2ff060f
FB		 1655 case WIN_VERIFY_EXT:
1656 lba48 = 1;
4ce900b4
FB		 1657 case WIN_VERIFY:
1658 case WIN_VERIFY_ONCE:
1659 /* do sector number check ? */
c2ff060f 1660 ide_cmd_lba48_transform(s, lba48);
4ce900b4
FB		 1661 s->status = READY_STAT;
1662 ide_set_irq(s);
1663 break;
c2ff060f
FB		 1664 case WIN_READ_EXT:
1665 lba48 = 1;
5391d806
FB		 1666 case WIN_READ:
1667 case WIN_READ_ONCE:
6b136f9e
FB		 1668 if (!s->bs)
1669 goto abort_cmd;
c2ff060f 1670 ide_cmd_lba48_transform(s, lba48);
5391d806
FB		 1671 s->req_nb_sectors = 1;
1672 ide_sector_read(s);
1673 break;
c2ff060f
FB		 1674 case WIN_WRITE_EXT:
1675 lba48 = 1;
5391d806
FB		 1676 case WIN_WRITE:
1677 case WIN_WRITE_ONCE:
c2ff060f 1678 ide_cmd_lba48_transform(s, lba48);
a136e5a8 1679 s->error = 0;
f66723fa 1680 s->status = SEEK_STAT | READY_STAT;
5391d806
FB		 1681 s->req_nb_sectors = 1;
1682 ide_transfer_start(s, s->io_buffer, 512, ide_sector_write);
1683 break;
c2ff060f
FB		 1684 case WIN_MULTREAD_EXT:
1685 lba48 = 1;
5391d806
FB		 1686 case WIN_MULTREAD:
1687 if (!s->mult_sectors)
1688 goto abort_cmd;
c2ff060f 1689 ide_cmd_lba48_transform(s, lba48);
5391d806
FB		 1690 s->req_nb_sectors = s->mult_sectors;
1691 ide_sector_read(s);
1692 break;
c2ff060f
FB		 1693 case WIN_MULTWRITE_EXT:
1694 lba48 = 1;
5391d806
FB		 1695 case WIN_MULTWRITE:
1696 if (!s->mult_sectors)
1697 goto abort_cmd;
c2ff060f 1698 ide_cmd_lba48_transform(s, lba48);
a136e5a8 1699 s->error = 0;
f66723fa 1700 s->status = SEEK_STAT | READY_STAT;
5391d806
FB		 1701 s->req_nb_sectors = s->mult_sectors;
1702 n = s->nsector;
1703 if (n > s->req_nb_sectors)
1704 n = s->req_nb_sectors;
1705 ide_transfer_start(s, s->io_buffer, 512 * n, ide_sector_write);
1706 break;
c2ff060f
FB		 1707 case WIN_READDMA_EXT:
1708 lba48 = 1;
98087450
FB		 1709 case WIN_READDMA:
1710 case WIN_READDMA_ONCE:
1711 if (!s->bs)
1712 goto abort_cmd;
c2ff060f 1713 ide_cmd_lba48_transform(s, lba48);
98087450
FB		 1714 ide_sector_read_dma(s);
1715 break;
c2ff060f
FB		 1716 case WIN_WRITEDMA_EXT:
1717 lba48 = 1;
98087450
FB		 1718 case WIN_WRITEDMA:
1719 case WIN_WRITEDMA_ONCE:
1720 if (!s->bs)
1721 goto abort_cmd;
c2ff060f 1722 ide_cmd_lba48_transform(s, lba48);
98087450
FB		 1723 ide_sector_write_dma(s);
1724 break;
c2ff060f
FB		 1725 case WIN_READ_NATIVE_MAX_EXT:
1726 lba48 = 1;
5391d806 1727 case WIN_READ_NATIVE_MAX:
c2ff060f 1728 ide_cmd_lba48_transform(s, lba48);
5391d806
FB		 1729 ide_set_sector(s, s->nb_sectors - 1);
1730 s->status = READY_STAT;
1731 ide_set_irq(s);
1732 break;
a136e5a8
FB		 1733 case WIN_CHECKPOWERMODE1:
1734 s->nsector = 0xff; /* device active or idle */
1735 s->status = READY_STAT;
1736 ide_set_irq(s);
1737 break;
34e538ae
FB		 1738 case WIN_SETFEATURES:
1739 if (!s->bs)
1740 goto abort_cmd;
1741 /* XXX: valid for CDROM ? */
1742 switch(s->feature) {
1743 case 0x02: /* write cache enable */
1744 case 0x82: /* write cache disable */
1745 case 0xaa: /* read look-ahead enable */
1746 case 0x55: /* read look-ahead disable */
e0fe67aa 1747 s->status = READY_STAT | SEEK_STAT;
34e538ae
FB		 1748 ide_set_irq(s);
1749 break;
94458802
FB		 1750 case 0x03: { /* set transfer mode */
1751 uint8_t val = s->nsector & 0x07;
1752
1753 switch (s->nsector >> 3) {
1754 case 0x00: /* pio default */
1755 case 0x01: /* pio mode */
1756 put_le16(s->identify_data + 63,0x07);
1757 put_le16(s->identify_data + 88,0x3f);
1758 break;
1759 case 0x04: /* mdma mode */
1760 put_le16(s->identify_data + 63,0x07 | (1 << (val + 8)));
1761 put_le16(s->identify_data + 88,0x3f);
1762 break;
1763 case 0x08: /* udma mode */
1764 put_le16(s->identify_data + 63,0x07);
1765 put_le16(s->identify_data + 88,0x3f | (1 << (val + 8)));
1766 break;
1767 default:
1768 goto abort_cmd;
1769 }
1770 s->status = READY_STAT | SEEK_STAT;
1771 ide_set_irq(s);
1772 break;
1773 }
34e538ae
FB		 1774 default:
1775 goto abort_cmd;
1776 }
1777 break;
c2ff060f
FB		 1778 case WIN_FLUSH_CACHE:
1779 case WIN_FLUSH_CACHE_EXT:
a7dfe172 1780 case WIN_STANDBYNOW1:
c451ee71 1781 case WIN_IDLEIMMEDIATE:
a7dfe172
FB		 1782 s->status = READY_STAT;
1783 ide_set_irq(s);
1784 break;
5391d806
FB		 1785 /* ATAPI commands */
1786 case WIN_PIDENTIFY:
1787 if (s->is_cdrom) {
1788 ide_atapi_identify(s);
1298fe63 1789 s->status = READY_STAT | SEEK_STAT;
5391d806
FB		 1790 ide_transfer_start(s, s->io_buffer, 512, ide_transfer_stop);
1791 } else {
1792 ide_abort_command(s);
1793 }
1794 ide_set_irq(s);
1795 break;
c451ee71
FB		 1796 case WIN_DIAGNOSE:
1797 ide_set_signature(s);
1798 s->status = 0x00; /* NOTE: READY is _not_ set */
1799 s->error = 0x01;
1800 break;
5391d806
FB		 1801 case WIN_SRST:
1802 if (!s->is_cdrom)
1803 goto abort_cmd;
1804 ide_set_signature(s);
6b136f9e 1805 s->status = 0x00; /* NOTE: READY is _not_ set */
5391d806
FB		 1806 s->error = 0x01;
1807 break;
1808 case WIN_PACKETCMD:
1809 if (!s->is_cdrom)
1810 goto abort_cmd;
98087450
FB		 1811 /* overlapping commands not supported */
1812 if (s->feature & 0x02)
5391d806 1813 goto abort_cmd;
98087450 1814 s->atapi_dma = s->feature & 1;
5391d806
FB		 1815 s->nsector = 1;
1816 ide_transfer_start(s, s->io_buffer, ATAPI_PACKET_SIZE,
1817 ide_atapi_cmd);
1818 break;
1819 default:
1820 abort_cmd:
1821 ide_abort_command(s);
1822 ide_set_irq(s);
1823 break;
1824 }
1825 }
1826}
1827
caed8802 1828static uint32_t ide_ioport_read(void *opaque, uint32_t addr1)
5391d806 1829{
7ae98627
FB		 1830 IDEState *ide_if = opaque;
1831 IDEState *s = ide_if->cur_drive;
5391d806 1832 uint32_t addr;
c2ff060f 1833 int ret, hob;
5391d806
FB		 1834
1835 addr = addr1 & 7;
c2ff060f
FB		 1836 /* FIXME: HOB readback uses bit 7, but it's always set right now */
1837 //hob = s->select & (1 << 7);
1838 hob = 0;
5391d806
FB		 1839 switch(addr) {
1840 case 0:
1841 ret = 0xff;
1842 break;
1843 case 1:
7ae98627 1844 if (!ide_if[0].bs && !ide_if[1].bs)
c45c3d00 1845 ret = 0;
c2ff060f 1846 else if (!hob)
c45c3d00 1847 ret = s->error;
c2ff060f
FB		 1848 else
1849 ret = s->hob_feature;
5391d806
FB		 1850 break;
1851 case 2:
7ae98627 1852 if (!ide_if[0].bs && !ide_if[1].bs)
c45c3d00 1853 ret = 0;
c2ff060f 1854 else if (!hob)
c45c3d00 1855 ret = s->nsector & 0xff;
c2ff060f
FB		 1856 else
1857 ret = s->hob_nsector;
5391d806
FB		 1858 break;
1859 case 3:
7ae98627 1860 if (!ide_if[0].bs && !ide_if[1].bs)
c45c3d00 1861 ret = 0;
c2ff060f 1862 else if (!hob)
c45c3d00 1863 ret = s->sector;
c2ff060f
FB		 1864 else
1865 ret = s->hob_sector;
5391d806
FB		 1866 break;
1867 case 4:
7ae98627 1868 if (!ide_if[0].bs && !ide_if[1].bs)
c45c3d00 1869 ret = 0;
c2ff060f 1870 else if (!hob)
c45c3d00 1871 ret = s->lcyl;
c2ff060f
FB		 1872 else
1873 ret = s->hob_lcyl;
5391d806
FB		 1874 break;
1875 case 5:
7ae98627 1876 if (!ide_if[0].bs && !ide_if[1].bs)
c45c3d00 1877 ret = 0;
c2ff060f 1878 else if (!hob)
c45c3d00 1879 ret = s->hcyl;
c2ff060f
FB		 1880 else
1881 ret = s->hob_hcyl;
5391d806
FB		 1882 break;
1883 case 6:
7ae98627 1884 if (!ide_if[0].bs && !ide_if[1].bs)
c45c3d00
FB		 1885 ret = 0;
1886 else
7ae98627 1887 ret = s->select;
5391d806
FB		 1888 break;
1889 default:
1890 case 7:
66201e2d
FB		 1891 if ((!ide_if[0].bs && !ide_if[1].bs) ||
1892 (s != ide_if && !s->bs))
c45c3d00
FB		 1893 ret = 0;
1894 else
1895 ret = s->status;
5457c8ce 1896 s->set_irq(s->irq_opaque, s->irq, 0);
5391d806
FB		 1897 break;
1898 }
1899#ifdef DEBUG_IDE
1900 printf("ide: read addr=0x%x val=%02x\n", addr1, ret);
1901#endif
1902 return ret;
1903}
1904
caed8802 1905static uint32_t ide_status_read(void *opaque, uint32_t addr)
5391d806 1906{
7ae98627
FB		 1907 IDEState *ide_if = opaque;
1908 IDEState *s = ide_if->cur_drive;
5391d806 1909 int ret;
7ae98627 1910
66201e2d
FB		 1911 if ((!ide_if[0].bs && !ide_if[1].bs) ||
1912 (s != ide_if && !s->bs))
7ae98627
FB		 1913 ret = 0;
1914 else
1915 ret = s->status;
5391d806
FB		 1916#ifdef DEBUG_IDE
1917 printf("ide: read status addr=0x%x val=%02x\n", addr, ret);
1918#endif
1919 return ret;
1920}
1921
caed8802 1922static void ide_cmd_write(void *opaque, uint32_t addr, uint32_t val)
5391d806 1923{
caed8802 1924 IDEState *ide_if = opaque;
5391d806
FB		 1925 IDEState *s;
1926 int i;
1927
1928#ifdef DEBUG_IDE
1929 printf("ide: write control addr=0x%x val=%02x\n", addr, val);
1930#endif
1931 /* common for both drives */
1932 if (!(ide_if[0].cmd & IDE_CMD_RESET) &&
1933 (val & IDE_CMD_RESET)) {
1934 /* reset low to high */
1935 for(i = 0;i < 2; i++) {
1936 s = &ide_if[i];
1937 s->status = BUSY_STAT | SEEK_STAT;
1938 s->error = 0x01;
1939 }
1940 } else if ((ide_if[0].cmd & IDE_CMD_RESET) &&
1941 !(val & IDE_CMD_RESET)) {
1942 /* high to low */
1943 for(i = 0;i < 2; i++) {
1944 s = &ide_if[i];
6b136f9e
FB		 1945 if (s->is_cdrom)
1946 s->status = 0x00; /* NOTE: READY is _not_ set */
1947 else
56bf1d37 1948 s->status = READY_STAT | SEEK_STAT;
5391d806
FB		 1949 ide_set_signature(s);
1950 }
1951 }
1952
1953 ide_if[0].cmd = val;
1954 ide_if[1].cmd = val;
1955}
1956
caed8802 1957static void ide_data_writew(void *opaque, uint32_t addr, uint32_t val)
5391d806 1958{
caed8802 1959 IDEState *s = ((IDEState *)opaque)->cur_drive;
5391d806
FB		 1960 uint8_t *p;
1961
1962 p = s->data_ptr;
0c4ad8dc 1963 *(uint16_t *)p = le16_to_cpu(val);
5391d806
FB		 1964 p += 2;
1965 s->data_ptr = p;
1966 if (p >= s->data_end)
1967 s->end_transfer_func(s);
1968}
1969
caed8802 1970static uint32_t ide_data_readw(void *opaque, uint32_t addr)
5391d806 1971{
caed8802 1972 IDEState *s = ((IDEState *)opaque)->cur_drive;
5391d806
FB		 1973 uint8_t *p;
1974 int ret;
1975 p = s->data_ptr;
0c4ad8dc 1976 ret = cpu_to_le16(*(uint16_t *)p);
5391d806
FB		 1977 p += 2;
1978 s->data_ptr = p;
1979 if (p >= s->data_end)
1980 s->end_transfer_func(s);
1981 return ret;
1982}
1983
caed8802 1984static void ide_data_writel(void *opaque, uint32_t addr, uint32_t val)
5391d806 1985{
caed8802 1986 IDEState *s = ((IDEState *)opaque)->cur_drive;
5391d806
FB		 1987 uint8_t *p;
1988
1989 p = s->data_ptr;
0c4ad8dc 1990 *(uint32_t *)p = le32_to_cpu(val);
5391d806
FB		 1991 p += 4;
1992 s->data_ptr = p;
1993 if (p >= s->data_end)
1994 s->end_transfer_func(s);
1995}
1996
caed8802 1997static uint32_t ide_data_readl(void *opaque, uint32_t addr)
5391d806 1998{
caed8802 1999 IDEState *s = ((IDEState *)opaque)->cur_drive;
5391d806
FB		 2000 uint8_t *p;
2001 int ret;
2002
2003 p = s->data_ptr;
0c4ad8dc 2004 ret = cpu_to_le32(*(uint32_t *)p);
5391d806
FB		 2005 p += 4;
2006 s->data_ptr = p;
2007 if (p >= s->data_end)
2008 s->end_transfer_func(s);
2009 return ret;
2010}
2011
a7dfe172
FB		 2012static void ide_dummy_transfer_stop(IDEState *s)
2013{
2014 s->data_ptr = s->io_buffer;
2015 s->data_end = s->io_buffer;
2016 s->io_buffer[0] = 0xff;
2017 s->io_buffer[1] = 0xff;
2018 s->io_buffer[2] = 0xff;
2019 s->io_buffer[3] = 0xff;
2020}
2021
5391d806
FB		 2022static void ide_reset(IDEState *s)
2023{
2024 s->mult_sectors = MAX_MULT_SECTORS;
2025 s->cur_drive = s;
2026 s->select = 0xa0;
2027 s->status = READY_STAT;
2028 ide_set_signature(s);
a7dfe172
FB		 2029 /* init the transfer handler so that 0xffff is returned on data
2030 accesses */
2031 s->end_transfer_func = ide_dummy_transfer_stop;
2032 ide_dummy_transfer_stop(s);
5391d806
FB		 2033}
2034
2035struct partition {
2036 uint8_t boot_ind; /* 0x80 - active */
2037 uint8_t head; /* starting head */
2038 uint8_t sector; /* starting sector */
2039 uint8_t cyl; /* starting cylinder */
2040 uint8_t sys_ind; /* What partition type */
2041 uint8_t end_head; /* end head */
2042 uint8_t end_sector; /* end sector */
2043 uint8_t end_cyl; /* end cylinder */
2044 uint32_t start_sect; /* starting sector counting from 0 */
2045 uint32_t nr_sects; /* nr of sectors in partition */
2046} __attribute__((packed));
2047
bf1b938f
FB		 2048/* try to guess the disk logical geometry from the MSDOS partition table. Return 0 if OK, -1 if could not guess */
2049static int guess_disk_lchs(IDEState *s,
2050 int *pcylinders, int *pheads, int *psectors)
5391d806
FB		 2051{
2052 uint8_t buf[512];
46d4767d 2053 int ret, i, heads, sectors, cylinders;
5391d806
FB		 2054 struct partition *p;
2055 uint32_t nr_sects;
2056
5391d806
FB		 2057 ret = bdrv_read(s->bs, 0, buf, 1);
2058 if (ret < 0)
bf1b938f 2059 return -1;
5391d806
FB		 2060 /* test msdos magic */
2061 if (buf[510] != 0x55 || buf[511] != 0xaa)
bf1b938f 2062 return -1;
5391d806
FB		 2063 for(i = 0; i < 4; i++) {
2064 p = ((struct partition *)(buf + 0x1be)) + i;
0c4ad8dc 2065 nr_sects = le32_to_cpu(p->nr_sects);
5391d806
FB		 2066 if (nr_sects && p->end_head) {
2067 /* We make the assumption that the partition terminates on
2068 a cylinder boundary */
46d4767d 2069 heads = p->end_head + 1;
46d4767d
FB		 2070 sectors = p->end_sector & 63;
2071 if (sectors == 0)
2072 continue;
2073 cylinders = s->nb_sectors / (heads * sectors);
2074 if (cylinders < 1 || cylinders > 16383)
2075 continue;
bf1b938f
FB		 2076 *pheads = heads;
2077 *psectors = sectors;
2078 *pcylinders = cylinders;
5391d806 2079#if 0
bf1b938f
FB		 2080 printf("guessed geometry: LCHS=%d %d %d\n",
2081 cylinders, heads, sectors);
5391d806 2082#endif
bf1b938f 2083 return 0;
5391d806
FB		 2084 }
2085 }
bf1b938f 2086 return -1;
5391d806
FB		 2087}
2088
5457c8ce
FB		 2089static void ide_init2(IDEState *ide_state,
2090 BlockDriverState *hd0, BlockDriverState *hd1,
2091 SetIRQFunc *set_irq, void *irq_opaque, int irq)
5391d806 2092{
69b91039 2093 IDEState *s;
aedf5382 2094 static int drive_serial = 1;
bf1b938f 2095 int i, cylinders, heads, secs, translation;
5391d806 2096 int64_t nb_sectors;
5391d806 2097
caed8802
FB		 2098 for(i = 0; i < 2; i++) {
2099 s = ide_state + i;
2100 if (i == 0)
2101 s->bs = hd0;
2102 else
2103 s->bs = hd1;
5391d806
FB		 2104 if (s->bs) {
2105 bdrv_get_geometry(s->bs, &nb_sectors);
2106 s->nb_sectors = nb_sectors;
caed8802
FB		 2107 /* if a geometry hint is available, use it */
2108 bdrv_get_geometry_hint(s->bs, &cylinders, &heads, &secs);
2109 if (cylinders != 0) {
5391d806 2110 s->cylinders = cylinders;
caed8802
FB		 2111 s->heads = heads;
2112 s->sectors = secs;
2113 } else {
bf1b938f
FB		 2114 if (guess_disk_lchs(s, &cylinders, &heads, &secs) == 0) {
2115 if (heads > 16) {
2116 /* if heads > 16, it means that a BIOS LBA
2117 translation was active, so the default
2118 hardware geometry is OK */
2119 goto default_geometry;
2120 } else {
2121 s->cylinders = cylinders;
2122 s->heads = heads;
2123 s->sectors = secs;
2124 /* disable any translation to be in sync with
2125 the logical geometry */
2126 translation = bdrv_get_translation_hint(s->bs);
2127 if (translation == BIOS_ATA_TRANSLATION_AUTO) {
2128 bdrv_set_translation_hint(s->bs,
2129 BIOS_ATA_TRANSLATION_NONE);
2130 }
2131 }
2132 } else {
2133 default_geometry:
46d4767d 2134 /* if no geometry, use a standard physical disk geometry */
caed8802
FB		 2135 cylinders = nb_sectors / (16 * 63);
2136 if (cylinders > 16383)
2137 cylinders = 16383;
2138 else if (cylinders < 2)
2139 cylinders = 2;
2140 s->cylinders = cylinders;
2141 s->heads = 16;
2142 s->sectors = 63;
2143 }
769bec72 2144 bdrv_set_geometry_hint(s->bs, s->cylinders, s->heads, s->sectors);
caed8802
FB		 2145 }
2146 if (bdrv_get_type_hint(s->bs) == BDRV_TYPE_CDROM) {
2147 s->is_cdrom = 1;
2148 bdrv_set_change_cb(s->bs, cdrom_change_cb, s);
5391d806
FB		 2149 }
2150 }
aedf5382 2151 s->drive_serial = drive_serial++;
5457c8ce
FB		 2152 s->set_irq = set_irq;
2153 s->irq_opaque = irq_opaque;
caed8802 2154 s->irq = irq;
a09db21f
FB		 2155 s->sector_write_timer = qemu_new_timer(vm_clock,
2156 ide_sector_write_timer_cb, s);
5391d806
FB		 2157 ide_reset(s);
2158 }
69b91039
FB		 2159}
2160
34e538ae 2161static void ide_init_ioport(IDEState *ide_state, int iobase, int iobase2)
69b91039 2162{
caed8802
FB		 2163 register_ioport_write(iobase, 8, 1, ide_ioport_write, ide_state);
2164 register_ioport_read(iobase, 8, 1, ide_ioport_read, ide_state);
2165 if (iobase2) {
2166 register_ioport_read(iobase2, 1, 1, ide_status_read, ide_state);
2167 register_ioport_write(iobase2, 1, 1, ide_cmd_write, ide_state);
5391d806 2168 }
caed8802
FB		 2169
2170 /* data ports */
2171 register_ioport_write(iobase, 2, 2, ide_data_writew, ide_state);
2172 register_ioport_read(iobase, 2, 2, ide_data_readw, ide_state);
2173 register_ioport_write(iobase, 4, 4, ide_data_writel, ide_state);
2174 register_ioport_read(iobase, 4, 4, ide_data_readl, ide_state);
5391d806 2175}
69b91039 2176
34e538ae
FB		 2177/***********************************************************/
2178/* ISA IDE definitions */
2179
2180void isa_ide_init(int iobase, int iobase2, int irq,
2181 BlockDriverState *hd0, BlockDriverState *hd1)
2182{
2183 IDEState *ide_state;
2184
2185 ide_state = qemu_mallocz(sizeof(IDEState) * 2);
2186 if (!ide_state)
2187 return;
2188
3de388f6 2189 ide_init2(ide_state, hd0, hd1, pic_set_irq_new, isa_pic, irq);
34e538ae
FB		 2190 ide_init_ioport(ide_state, iobase, iobase2);
2191}
2192
69b91039
FB		 2193/***********************************************************/
2194/* PCI IDE definitions */
2195
5457c8ce
FB		 2196static void cmd646_update_irq(PCIIDEState *d);
2197
69b91039
FB		 2198static void ide_map(PCIDevice *pci_dev, int region_num,
2199 uint32_t addr, uint32_t size, int type)
2200{
2201 PCIIDEState *d = (PCIIDEState *)pci_dev;
2202 IDEState *ide_state;
2203
2204 if (region_num <= 3) {
2205 ide_state = &d->ide_if[(region_num >> 1) * 2];
2206 if (region_num & 1) {
2207 register_ioport_read(addr + 2, 1, 1, ide_status_read, ide_state);
2208 register_ioport_write(addr + 2, 1, 1, ide_cmd_write, ide_state);
2209 } else {
2210 register_ioport_write(addr, 8, 1, ide_ioport_write, ide_state);
2211 register_ioport_read(addr, 8, 1, ide_ioport_read, ide_state);
2212
2213 /* data ports */
2214 register_ioport_write(addr, 2, 2, ide_data_writew, ide_state);
2215 register_ioport_read(addr, 2, 2, ide_data_readw, ide_state);
2216 register_ioport_write(addr, 4, 4, ide_data_writel, ide_state);
2217 register_ioport_read(addr, 4, 4, ide_data_readl, ide_state);
2218 }
2219 }
2220}
2221
98087450
FB		 2222/* XXX: full callback usage to prepare non blocking I/Os support -
2223 error handling */
2224static void ide_dma_loop(BMDMAState *bm)
2225{
2226 struct {
2227 uint32_t addr;
2228 uint32_t size;
2229 } prd;
2230 target_phys_addr_t cur_addr;
2231 int len, i, len1;
2232
2233 cur_addr = bm->addr;
2234 /* at most one page to avoid hanging if erroneous parameters */
2235 for(i = 0; i < 512; i++) {
2236 cpu_physical_memory_read(cur_addr, (uint8_t *)&prd, 8);
2237 prd.addr = le32_to_cpu(prd.addr);
2238 prd.size = le32_to_cpu(prd.size);
2239#ifdef DEBUG_IDE
2240 printf("ide: dma: prd: %08x: addr=0x%08x size=0x%08x\n",
2241 (int)cur_addr, prd.addr, prd.size);
2242#endif
2243 len = prd.size & 0xfffe;
2244 if (len == 0)
2245 len = 0x10000;
2246 while (len > 0) {
2247 len1 = bm->dma_cb(bm->ide_if, prd.addr, len);
2248 if (len1 == 0)
2249 goto the_end;
2250 prd.addr += len1;
2251 len -= len1;
2252 }
2253 /* end of transfer */
2254 if (prd.size & 0x80000000)
2255 break;
2256 cur_addr += 8;
2257 }
2258 /* end of transfer */
2259 the_end:
2260 bm->status &= ~BM_STATUS_DMAING;
2261 bm->status |= BM_STATUS_INT;
2262 bm->dma_cb = NULL;
2263 bm->ide_if = NULL;
2264}
2265
2266static void ide_dma_start(IDEState *s, IDEDMAFunc *dma_cb)
2267{
2268 BMDMAState *bm = s->bmdma;
2269 if(!bm)
2270 return;
2271 bm->ide_if = s;
2272 bm->dma_cb = dma_cb;
2273 if (bm->status & BM_STATUS_DMAING) {
2274 ide_dma_loop(bm);
2275 }
2276}
2277
98087450
FB		 2278static void bmdma_cmd_writeb(void *opaque, uint32_t addr, uint32_t val)
2279{
2280 BMDMAState *bm = opaque;
2281#ifdef DEBUG_IDE
2282 printf("%s: 0x%08x\n", __func__, val);
2283#endif
2284 if (!(val & BM_CMD_START)) {
2285 /* XXX: do it better */
2286 bm->status &= ~BM_STATUS_DMAING;
2287 bm->cmd = val & 0x09;
2288 } else {
2289 bm->status |= BM_STATUS_DMAING;
2290 bm->cmd = val & 0x09;
2291 /* start dma transfer if possible */
2292 if (bm->dma_cb)
2293 ide_dma_loop(bm);
2294 }
2295}
2296
5457c8ce 2297static uint32_t bmdma_readb(void *opaque, uint32_t addr)
98087450
FB		 2298{
2299 BMDMAState *bm = opaque;
5457c8ce 2300 PCIIDEState *pci_dev;
98087450 2301 uint32_t val;
5457c8ce
FB		 2302
2303 switch(addr & 3) {
2304 case 0:
2305 val = bm->cmd;
2306 break;
2307 case 1:
2308 pci_dev = bm->pci_dev;
2309 if (pci_dev->type == IDE_TYPE_CMD646) {
2310 val = pci_dev->dev.config[MRDMODE];
2311 } else {
2312 val = 0xff;
2313 }
2314 break;
2315 case 2:
2316 val = bm->status;
2317 break;
2318 case 3:
2319 pci_dev = bm->pci_dev;
2320 if (pci_dev->type == IDE_TYPE_CMD646) {
2321 if (bm == &pci_dev->bmdma[0])
2322 val = pci_dev->dev.config[UDIDETCR0];
2323 else
2324 val = pci_dev->dev.config[UDIDETCR1];
2325 } else {
2326 val = 0xff;
2327 }
2328 break;
2329 default:
2330 val = 0xff;
2331 break;
2332 }
98087450 2333#ifdef DEBUG_IDE
5457c8ce 2334 printf("bmdma: readb 0x%02x : 0x%02x\n", addr, val);
98087450
FB		 2335#endif
2336 return val;
2337}
2338
5457c8ce 2339static void bmdma_writeb(void *opaque, uint32_t addr, uint32_t val)
98087450
FB		 2340{
2341 BMDMAState *bm = opaque;
5457c8ce 2342 PCIIDEState *pci_dev;
98087450 2343#ifdef DEBUG_IDE
5457c8ce 2344 printf("bmdma: writeb 0x%02x : 0x%02x\n", addr, val);
98087450 2345#endif
5457c8ce
FB		 2346 switch(addr & 3) {
2347 case 1:
2348 pci_dev = bm->pci_dev;
2349 if (pci_dev->type == IDE_TYPE_CMD646) {
2350 pci_dev->dev.config[MRDMODE] =
2351 (pci_dev->dev.config[MRDMODE] & ~0x30) | (val & 0x30);
2352 cmd646_update_irq(pci_dev);
2353 }
2354 break;
2355 case 2:
2356 bm->status = (val & 0x60) | (bm->status & 1) | (bm->status & ~val & 0x06);
2357 break;
2358 case 3:
2359 pci_dev = bm->pci_dev;
2360 if (pci_dev->type == IDE_TYPE_CMD646) {
2361 if (bm == &pci_dev->bmdma[0])
2362 pci_dev->dev.config[UDIDETCR0] = val;
2363 else
2364 pci_dev->dev.config[UDIDETCR1] = val;
2365 }
2366 break;
2367 }
98087450
FB		 2368}
2369
2370static uint32_t bmdma_addr_readl(void *opaque, uint32_t addr)
2371{
2372 BMDMAState *bm = opaque;
2373 uint32_t val;
2374 val = bm->addr;
2375#ifdef DEBUG_IDE
2376 printf("%s: 0x%08x\n", __func__, val);
2377#endif
2378 return val;
2379}
2380
2381static void bmdma_addr_writel(void *opaque, uint32_t addr, uint32_t val)
2382{
2383 BMDMAState *bm = opaque;
2384#ifdef DEBUG_IDE
2385 printf("%s: 0x%08x\n", __func__, val);
2386#endif
2387 bm->addr = val & ~3;
2388}
2389
2390static void bmdma_map(PCIDevice *pci_dev, int region_num,
2391 uint32_t addr, uint32_t size, int type)
2392{
2393 PCIIDEState *d = (PCIIDEState *)pci_dev;
2394 int i;
2395
2396 for(i = 0;i < 2; i++) {
2397 BMDMAState *bm = &d->bmdma[i];
2398 d->ide_if[2 * i].bmdma = bm;
2399 d->ide_if[2 * i + 1].bmdma = bm;
5457c8ce
FB		 2400 bm->pci_dev = (PCIIDEState *)pci_dev;
2401
98087450 2402 register_ioport_write(addr, 1, 1, bmdma_cmd_writeb, bm);
98087450 2403
5457c8ce
FB		 2404 register_ioport_write(addr + 1, 3, 1, bmdma_writeb, bm);
2405 register_ioport_read(addr, 4, 1, bmdma_readb, bm);
98087450
FB		 2406
2407 register_ioport_write(addr + 4, 4, 4, bmdma_addr_writel, bm);
2408 register_ioport_read(addr + 4, 4, 4, bmdma_addr_readl, bm);
2409 addr += 8;
2410 }
2411}
2412
5457c8ce
FB		 2413/* XXX: call it also when the MRDMODE is changed from the PCI config
2414 registers */
2415static void cmd646_update_irq(PCIIDEState *d)
2416{
2417 int pci_level;
2418 pci_level = ((d->dev.config[MRDMODE] & MRDMODE_INTR_CH0) &&
2419 !(d->dev.config[MRDMODE] & MRDMODE_BLK_CH0)) ||
2420 ((d->dev.config[MRDMODE] & MRDMODE_INTR_CH1) &&
2421 !(d->dev.config[MRDMODE] & MRDMODE_BLK_CH1));
2422 pci_set_irq((PCIDevice *)d, 0, pci_level);
2423}
2424
2425/* the PCI irq level is the logical OR of the two channels */
2426static void cmd646_set_irq(void *opaque, int channel, int level)
2427{
2428 PCIIDEState *d = opaque;
2429 int irq_mask;
2430
2431 irq_mask = MRDMODE_INTR_CH0 << channel;
2432 if (level)
2433 d->dev.config[MRDMODE] |= irq_mask;
2434 else
2435 d->dev.config[MRDMODE] &= ~irq_mask;
2436 cmd646_update_irq(d);
2437}
2438
2439/* CMD646 PCI IDE controller */
2440void pci_cmd646_ide_init(PCIBus *bus, BlockDriverState **hd_table,
2441 int secondary_ide_enabled)
69b91039
FB		 2442{
2443 PCIIDEState *d;
2444 uint8_t *pci_conf;
34e538ae
FB		 2445 int i;
2446
5457c8ce
FB		 2447 d = (PCIIDEState *)pci_register_device(bus, "CMD646 IDE",
2448 sizeof(PCIIDEState),
46e50e9d 2449 -1,
73c11f63 2450 NULL, NULL);
5457c8ce 2451 d->type = IDE_TYPE_CMD646;
69b91039 2452 pci_conf = d->dev.config;
5457c8ce
FB		 2453 pci_conf[0x00] = 0x95; // CMD646
2454 pci_conf[0x01] = 0x10;
2455 pci_conf[0x02] = 0x46;
2456 pci_conf[0x03] = 0x06;
2457
2458 pci_conf[0x08] = 0x07; // IDE controller revision
2459 pci_conf[0x09] = 0x8f;
2460
69b91039
FB		 2461 pci_conf[0x0a] = 0x01; // class_sub = PCI_IDE
2462 pci_conf[0x0b] = 0x01; // class_base = PCI_mass_storage
5457c8ce
FB		 2463 pci_conf[0x0e] = 0x00; // header_type
2464
2465 if (secondary_ide_enabled) {
2466 /* XXX: if not enabled, really disable the seconday IDE controller */
2467 pci_conf[0x51] = 0x80; /* enable IDE1 */
2468 }
69b91039
FB		 2469
2470 pci_register_io_region((PCIDevice *)d, 0, 0x8,
2471 PCI_ADDRESS_SPACE_IO, ide_map);
2472 pci_register_io_region((PCIDevice *)d, 1, 0x4,
2473 PCI_ADDRESS_SPACE_IO, ide_map);
2474 pci_register_io_region((PCIDevice *)d, 2, 0x8,
2475 PCI_ADDRESS_SPACE_IO, ide_map);
2476 pci_register_io_region((PCIDevice *)d, 3, 0x4,
2477 PCI_ADDRESS_SPACE_IO, ide_map);
98087450
FB		 2478 pci_register_io_region((PCIDevice *)d, 4, 0x10,
2479 PCI_ADDRESS_SPACE_IO, bmdma_map);
69b91039 2480
34e538ae 2481 pci_conf[0x3d] = 0x01; // interrupt on pin 1
5457c8ce 2482
34e538ae
FB		 2483 for(i = 0; i < 4; i++)
2484 d->ide_if[i].pci_dev = (PCIDevice *)d;
5457c8ce
FB		 2485 ide_init2(&d->ide_if[0], hd_table[0], hd_table[1],
2486 cmd646_set_irq, d, 0);
2487 ide_init2(&d->ide_if[2], hd_table[2], hd_table[3],
2488 cmd646_set_irq, d, 1);
34e538ae
FB		 2489}
2490
2491/* hd_table must contain 4 block drivers */
2492/* NOTE: for the PIIX3, the IRQs and IOports are hardcoded */
502a5395 2493void pci_piix3_ide_init(PCIBus *bus, BlockDriverState **hd_table, int devfn)
34e538ae
FB		 2494{
2495 PCIIDEState *d;
2496 uint8_t *pci_conf;
2497
2498 /* register a function 1 of PIIX3 */
46e50e9d
FB		 2499 d = (PCIIDEState *)pci_register_device(bus, "PIIX3 IDE",
2500 sizeof(PCIIDEState),
502a5395 2501 devfn,
34e538ae 2502 NULL, NULL);
5457c8ce
FB		 2503 d->type = IDE_TYPE_PIIX3;
2504
34e538ae
FB		 2505 pci_conf = d->dev.config;
2506 pci_conf[0x00] = 0x86; // Intel
2507 pci_conf[0x01] = 0x80;
2508 pci_conf[0x02] = 0x10;
2509 pci_conf[0x03] = 0x70;
92510b8c 2510 pci_conf[0x09] = 0x80; // legacy ATA mode
34e538ae
FB		 2511 pci_conf[0x0a] = 0x01; // class_sub = PCI_IDE
2512 pci_conf[0x0b] = 0x01; // class_base = PCI_mass_storage
2513 pci_conf[0x0e] = 0x00; // header_type
2514
98087450
FB		 2515 pci_register_io_region((PCIDevice *)d, 4, 0x10,
2516 PCI_ADDRESS_SPACE_IO, bmdma_map);
34e538ae 2517
5457c8ce 2518 ide_init2(&d->ide_if[0], hd_table[0], hd_table[1],
3de388f6 2519 pic_set_irq_new, isa_pic, 14);
5457c8ce 2520 ide_init2(&d->ide_if[2], hd_table[2], hd_table[3],
3de388f6 2521 pic_set_irq_new, isa_pic, 15);
34e538ae
FB		 2522 ide_init_ioport(&d->ide_if[0], 0x1f0, 0x3f6);
2523 ide_init_ioport(&d->ide_if[2], 0x170, 0x376);
69b91039 2524}
1ade1de2
FB		 2525
2526/***********************************************************/
2527/* MacIO based PowerPC IDE */
2528
2529/* PowerMac IDE memory IO */
2530static void pmac_ide_writeb (void *opaque,
2531 target_phys_addr_t addr, uint32_t val)
2532{
2533 addr = (addr & 0xFFF) >> 4;
2534 switch (addr) {
2535 case 1 ... 7:
2536 ide_ioport_write(opaque, addr, val);
2537 break;
2538 case 8:
2539 case 22:
2540 ide_cmd_write(opaque, 0, val);
2541 break;
2542 default:
2543 break;
2544 }
2545}
2546
2547static uint32_t pmac_ide_readb (void *opaque,target_phys_addr_t addr)
2548{
2549 uint8_t retval;
2550
2551 addr = (addr & 0xFFF) >> 4;
2552 switch (addr) {
2553 case 1 ... 7:
2554 retval = ide_ioport_read(opaque, addr);
2555 break;
2556 case 8:
2557 case 22:
2558 retval = ide_status_read(opaque, 0);
2559 break;
2560 default:
2561 retval = 0xFF;
2562 break;
2563 }
2564 return retval;
2565}
2566
2567static void pmac_ide_writew (void *opaque,
2568 target_phys_addr_t addr, uint32_t val)
2569{
2570 addr = (addr & 0xFFF) >> 4;
2571#ifdef TARGET_WORDS_BIGENDIAN
2572 val = bswap16(val);
2573#endif
2574 if (addr == 0) {
2575 ide_data_writew(opaque, 0, val);
2576 }
2577}
2578
2579static uint32_t pmac_ide_readw (void *opaque,target_phys_addr_t addr)
2580{
2581 uint16_t retval;
2582
2583 addr = (addr & 0xFFF) >> 4;
2584 if (addr == 0) {
2585 retval = ide_data_readw(opaque, 0);
2586 } else {
2587 retval = 0xFFFF;
2588 }
2589#ifdef TARGET_WORDS_BIGENDIAN
2590 retval = bswap16(retval);
2591#endif
2592 return retval;
2593}
2594
2595static void pmac_ide_writel (void *opaque,
2596 target_phys_addr_t addr, uint32_t val)
2597{
2598 addr = (addr & 0xFFF) >> 4;
2599#ifdef TARGET_WORDS_BIGENDIAN
2600 val = bswap32(val);
2601#endif
2602 if (addr == 0) {
2603 ide_data_writel(opaque, 0, val);
2604 }
2605}
2606
2607static uint32_t pmac_ide_readl (void *opaque,target_phys_addr_t addr)
2608{
2609 uint32_t retval;
2610
2611 addr = (addr & 0xFFF) >> 4;
2612 if (addr == 0) {
2613 retval = ide_data_readl(opaque, 0);
2614 } else {
2615 retval = 0xFFFFFFFF;
2616 }
2617#ifdef TARGET_WORDS_BIGENDIAN
2618 retval = bswap32(retval);
2619#endif
2620 return retval;
2621}
2622
2623static CPUWriteMemoryFunc *pmac_ide_write[] = {
2624 pmac_ide_writeb,
2625 pmac_ide_writew,
2626 pmac_ide_writel,
2627};
2628
2629static CPUReadMemoryFunc *pmac_ide_read[] = {
2630 pmac_ide_readb,
2631 pmac_ide_readw,
2632 pmac_ide_readl,
2633};
2634
2635/* hd_table must contain 4 block drivers */
2636/* PowerMac uses memory mapped registers, not I/O. Return the memory
2637 I/O index to access the ide. */
2638int pmac_ide_init (BlockDriverState **hd_table,
5457c8ce 2639 SetIRQFunc *set_irq, void *irq_opaque, int irq)
1ade1de2
FB		 2640{
2641 IDEState *ide_if;
2642 int pmac_ide_memory;
2643
2644 ide_if = qemu_mallocz(sizeof(IDEState) * 2);
5457c8ce
FB		 2645 ide_init2(&ide_if[0], hd_table[0], hd_table[1],
2646 set_irq, irq_opaque, irq);
1ade1de2
FB		 2647
2648 pmac_ide_memory = cpu_register_io_memory(0, pmac_ide_read,
2649 pmac_ide_write, &ide_if[0]);
2650 return pmac_ide_memory;
2651}
Qemu copy for testing