]> git.proxmox.com Git - qemu.git/blame - hw/ide.c
projects / qemu.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Introduce block dma helpers (Avi Kivity)
[qemu.git] / hw / ide.c
CommitLineData
5391d806 1/*
38cdea7c 2 * QEMU IDE disk and CD/DVD-ROM Emulator
5fafdf24 3 *
5391d806 4 * Copyright (c) 2003 Fabrice Bellard
201a51fc 5 * Copyright (c) 2006 Openedhand Ltd.
5fafdf24 6 *
5391d806
FB		 7 * Permission is hereby granted, free of charge, to any person obtaining a copy
8 * of this software and associated documentation files (the "Software"), to deal
9 * in the Software without restriction, including without limitation the rights
10 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
11 * copies of the Software, and to permit persons to whom the Software is
12 * furnished to do so, subject to the following conditions:
13 *
14 * The above copyright notice and this permission notice shall be included in
15 * all copies or substantial portions of the Software.
16 *
17 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
18 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
19 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
20 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
21 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
22 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
23 * THE SOFTWARE.
24 */
87ecb68b
PB		 25#include "hw.h"
26#include "pc.h"
27#include "pci.h"
28#include "scsi-disk.h"
29#include "pcmcia.h"
30#include "block.h"
31#include "qemu-timer.h"
32#include "sysemu.h"
9596ebb7 33#include "ppc_mac.h"
e3007e66 34#include "mac_dbdma.h"
b79e1752 35#include "sh.h"
5391d806 36
5391d806
FB		 37/* debug IDE devices */
38//#define DEBUG_IDE
39//#define DEBUG_IDE_ATAPI
8ccad811
FB		 40//#define DEBUG_AIO
41#define USE_DMA_CDROM
5391d806
FB		 42
43/* Bits of HD_STATUS */
44#define ERR_STAT 0x01
45#define INDEX_STAT 0x02
46#define ECC_STAT 0x04 /* Corrected error */
47#define DRQ_STAT 0x08
48#define SEEK_STAT 0x10
49#define SRV_STAT 0x10
50#define WRERR_STAT 0x20
51#define READY_STAT 0x40
52#define BUSY_STAT 0x80
53
54/* Bits for HD_ERROR */
55#define MARK_ERR 0x01 /* Bad address mark */
56#define TRK0_ERR 0x02 /* couldn't find track 0 */
57#define ABRT_ERR 0x04 /* Command aborted */
58#define MCR_ERR 0x08 /* media change request */
59#define ID_ERR 0x10 /* ID field not found */
60#define MC_ERR 0x20 /* media changed */
61#define ECC_ERR 0x40 /* Uncorrectable ECC error */
62#define BBD_ERR 0x80 /* pre-EIDE meaning: block marked bad */
63#define ICRC_ERR 0x80 /* new meaning: CRC error during transfer */
64
65/* Bits of HD_NSECTOR */
66#define CD 0x01
67#define IO 0x02
68#define REL 0x04
69#define TAG_MASK 0xf8
70
71#define IDE_CMD_RESET 0x04
72#define IDE_CMD_DISABLE_IRQ 0x02
73
74/* ATA/ATAPI Commands pre T13 Spec */
75#define WIN_NOP 0x00
76/*
77 * 0x01->0x02 Reserved
78 */
79#define CFA_REQ_EXT_ERROR_CODE 0x03 /* CFA Request Extended Error Code */
80/*
81 * 0x04->0x07 Reserved
82 */
83#define WIN_SRST 0x08 /* ATAPI soft reset command */
84#define WIN_DEVICE_RESET 0x08
85/*
86 * 0x09->0x0F Reserved
87 */
88#define WIN_RECAL 0x10
89#define WIN_RESTORE WIN_RECAL
90/*
91 * 0x10->0x1F Reserved
92 */
93#define WIN_READ 0x20 /* 28-Bit */
94#define WIN_READ_ONCE 0x21 /* 28-Bit without retries */
95#define WIN_READ_LONG 0x22 /* 28-Bit */
96#define WIN_READ_LONG_ONCE 0x23 /* 28-Bit without retries */
97#define WIN_READ_EXT 0x24 /* 48-Bit */
98#define WIN_READDMA_EXT 0x25 /* 48-Bit */
99#define WIN_READDMA_QUEUED_EXT 0x26 /* 48-Bit */
100#define WIN_READ_NATIVE_MAX_EXT 0x27 /* 48-Bit */
101/*
102 * 0x28
103 */
104#define WIN_MULTREAD_EXT 0x29 /* 48-Bit */
105/*
106 * 0x2A->0x2F Reserved
107 */
108#define WIN_WRITE 0x30 /* 28-Bit */
109#define WIN_WRITE_ONCE 0x31 /* 28-Bit without retries */
110#define WIN_WRITE_LONG 0x32 /* 28-Bit */
111#define WIN_WRITE_LONG_ONCE 0x33 /* 28-Bit without retries */
112#define WIN_WRITE_EXT 0x34 /* 48-Bit */
113#define WIN_WRITEDMA_EXT 0x35 /* 48-Bit */
114#define WIN_WRITEDMA_QUEUED_EXT 0x36 /* 48-Bit */
115#define WIN_SET_MAX_EXT 0x37 /* 48-Bit */
116#define CFA_WRITE_SECT_WO_ERASE 0x38 /* CFA Write Sectors without erase */
117#define WIN_MULTWRITE_EXT 0x39 /* 48-Bit */
118/*
119 * 0x3A->0x3B Reserved
120 */
121#define WIN_WRITE_VERIFY 0x3C /* 28-Bit */
122/*
123 * 0x3D->0x3F Reserved
124 */
125#define WIN_VERIFY 0x40 /* 28-Bit - Read Verify Sectors */
126#define WIN_VERIFY_ONCE 0x41 /* 28-Bit - without retries */
127#define WIN_VERIFY_EXT 0x42 /* 48-Bit */
128/*
129 * 0x43->0x4F Reserved
130 */
131#define WIN_FORMAT 0x50
132/*
133 * 0x51->0x5F Reserved
134 */
135#define WIN_INIT 0x60
136/*
137 * 0x61->0x5F Reserved
138 */
139#define WIN_SEEK 0x70 /* 0x70-0x7F Reserved */
140#define CFA_TRANSLATE_SECTOR 0x87 /* CFA Translate Sector */
141#define WIN_DIAGNOSE 0x90
142#define WIN_SPECIFY 0x91 /* set drive geometry translation */
143#define WIN_DOWNLOAD_MICROCODE 0x92
144#define WIN_STANDBYNOW2 0x94
201a51fc 145#define CFA_IDLEIMMEDIATE 0x95 /* force drive to become "ready" */
5391d806
FB		 146#define WIN_STANDBY2 0x96
147#define WIN_SETIDLE2 0x97
148#define WIN_CHECKPOWERMODE2 0x98
149#define WIN_SLEEPNOW2 0x99
150/*
151 * 0x9A VENDOR
152 */
153#define WIN_PACKETCMD 0xA0 /* Send a packet command. */
154#define WIN_PIDENTIFY 0xA1 /* identify ATAPI device */
155#define WIN_QUEUED_SERVICE 0xA2
156#define WIN_SMART 0xB0 /* self-monitoring and reporting */
201a51fc
AZ		 157#define CFA_ACCESS_METADATA_STORAGE 0xB8
158#define CFA_ERASE_SECTORS 0xC0 /* microdrives implement as NOP */
5391d806
FB		 159#define WIN_MULTREAD 0xC4 /* read sectors using multiple mode*/
160#define WIN_MULTWRITE 0xC5 /* write sectors using multiple mode */
161#define WIN_SETMULT 0xC6 /* enable/disable multiple mode */
162#define WIN_READDMA_QUEUED 0xC7 /* read sectors using Queued DMA transfers */
163#define WIN_READDMA 0xC8 /* read sectors using DMA transfers */
164#define WIN_READDMA_ONCE 0xC9 /* 28-Bit - without retries */
165#define WIN_WRITEDMA 0xCA /* write sectors using DMA transfers */
166#define WIN_WRITEDMA_ONCE 0xCB /* 28-Bit - without retries */
167#define WIN_WRITEDMA_QUEUED 0xCC /* write sectors using Queued DMA transfers */
168#define CFA_WRITE_MULTI_WO_ERASE 0xCD /* CFA Write multiple without erase */
5fafdf24 169#define WIN_GETMEDIASTATUS 0xDA
5391d806
FB		 170#define WIN_ACKMEDIACHANGE 0xDB /* ATA-1, ATA-2 vendor */
171#define WIN_POSTBOOT 0xDC
172#define WIN_PREBOOT 0xDD
173#define WIN_DOORLOCK 0xDE /* lock door on removable drives */
174#define WIN_DOORUNLOCK 0xDF /* unlock door on removable drives */
175#define WIN_STANDBYNOW1 0xE0
176#define WIN_IDLEIMMEDIATE 0xE1 /* force drive to become "ready" */
177#define WIN_STANDBY 0xE2 /* Set device in Standby Mode */
178#define WIN_SETIDLE1 0xE3
179#define WIN_READ_BUFFER 0xE4 /* force read only 1 sector */
180#define WIN_CHECKPOWERMODE1 0xE5
181#define WIN_SLEEPNOW1 0xE6
182#define WIN_FLUSH_CACHE 0xE7
183#define WIN_WRITE_BUFFER 0xE8 /* force write only 1 sector */
184#define WIN_WRITE_SAME 0xE9 /* read ata-2 to use */
185 /* SET_FEATURES 0x22 or 0xDD */
186#define WIN_FLUSH_CACHE_EXT 0xEA /* 48-Bit */
187#define WIN_IDENTIFY 0xEC /* ask drive to identify itself */
188#define WIN_MEDIAEJECT 0xED
189#define WIN_IDENTIFY_DMA 0xEE /* same as WIN_IDENTIFY, but DMA */
190#define WIN_SETFEATURES 0xEF /* set special drive features */
191#define EXABYTE_ENABLE_NEST 0xF0
201a51fc 192#define IBM_SENSE_CONDITION 0xF0 /* measure disk temperature */
5391d806
FB		 193#define WIN_SECURITY_SET_PASS 0xF1
194#define WIN_SECURITY_UNLOCK 0xF2
195#define WIN_SECURITY_ERASE_PREPARE 0xF3
196#define WIN_SECURITY_ERASE_UNIT 0xF4
197#define WIN_SECURITY_FREEZE_LOCK 0xF5
201a51fc 198#define CFA_WEAR_LEVEL 0xF5 /* microdrives implement as NOP */
5391d806
FB		 199#define WIN_SECURITY_DISABLE 0xF6
200#define WIN_READ_NATIVE_MAX 0xF8 /* return the native maximum address */
201#define WIN_SET_MAX 0xF9
202#define DISABLE_SEAGATE 0xFB
203
204/* set to 1 set disable mult support */
f66723fa 205#define MAX_MULT_SECTORS 16
5391d806 206
1d8cde5b
AJ		 207#define IDE_DMA_BUF_SECTORS 256
208
209#if (IDE_DMA_BUF_SECTORS < MAX_MULT_SECTORS)
210#error "IDE_DMA_BUF_SECTORS must be bigger or equal to MAX_MULT_SECTORS"
211#endif
212
5391d806
FB		 213/* ATAPI defines */
214
215#define ATAPI_PACKET_SIZE 12
216
217/* The generic packet command opcodes for CD/DVD Logical Units,
218 * From Table 57 of the SFF8090 Ver. 3 (Mt. Fuji) draft standard. */
219#define GPCMD_BLANK 0xa1
220#define GPCMD_CLOSE_TRACK 0x5b
221#define GPCMD_FLUSH_CACHE 0x35
222#define GPCMD_FORMAT_UNIT 0x04
223#define GPCMD_GET_CONFIGURATION 0x46
224#define GPCMD_GET_EVENT_STATUS_NOTIFICATION 0x4a
225#define GPCMD_GET_PERFORMANCE 0xac
226#define GPCMD_INQUIRY 0x12
227#define GPCMD_LOAD_UNLOAD 0xa6
228#define GPCMD_MECHANISM_STATUS 0xbd
229#define GPCMD_MODE_SELECT_10 0x55
230#define GPCMD_MODE_SENSE_10 0x5a
231#define GPCMD_PAUSE_RESUME 0x4b
232#define GPCMD_PLAY_AUDIO_10 0x45
233#define GPCMD_PLAY_AUDIO_MSF 0x47
234#define GPCMD_PLAY_AUDIO_TI 0x48
235#define GPCMD_PLAY_CD 0xbc
236#define GPCMD_PREVENT_ALLOW_MEDIUM_REMOVAL 0x1e
237#define GPCMD_READ_10 0x28
238#define GPCMD_READ_12 0xa8
239#define GPCMD_READ_CDVD_CAPACITY 0x25
240#define GPCMD_READ_CD 0xbe
241#define GPCMD_READ_CD_MSF 0xb9
242#define GPCMD_READ_DISC_INFO 0x51
243#define GPCMD_READ_DVD_STRUCTURE 0xad
244#define GPCMD_READ_FORMAT_CAPACITIES 0x23
245#define GPCMD_READ_HEADER 0x44
246#define GPCMD_READ_TRACK_RZONE_INFO 0x52
247#define GPCMD_READ_SUBCHANNEL 0x42
248#define GPCMD_READ_TOC_PMA_ATIP 0x43
249#define GPCMD_REPAIR_RZONE_TRACK 0x58
250#define GPCMD_REPORT_KEY 0xa4
251#define GPCMD_REQUEST_SENSE 0x03
252#define GPCMD_RESERVE_RZONE_TRACK 0x53
253#define GPCMD_SCAN 0xba
254#define GPCMD_SEEK 0x2b
255#define GPCMD_SEND_DVD_STRUCTURE 0xad
256#define GPCMD_SEND_EVENT 0xa2
257#define GPCMD_SEND_KEY 0xa3
258#define GPCMD_SEND_OPC 0x54
259#define GPCMD_SET_READ_AHEAD 0xa7
260#define GPCMD_SET_STREAMING 0xb6
261#define GPCMD_START_STOP_UNIT 0x1b
262#define GPCMD_STOP_PLAY_SCAN 0x4e
263#define GPCMD_TEST_UNIT_READY 0x00
264#define GPCMD_VERIFY_10 0x2f
265#define GPCMD_WRITE_10 0x2a
266#define GPCMD_WRITE_AND_VERIFY_10 0x2e
5fafdf24 267/* This is listed as optional in ATAPI 2.6, but is (curiously)
5391d806
FB		 268 * missing from Mt. Fuji, Table 57. It _is_ mentioned in Mt. Fuji
269 * Table 377 as an MMC command for SCSi devices though... Most ATAPI
270 * drives support it. */
271#define GPCMD_SET_SPEED 0xbb
5fafdf24 272/* This seems to be a SCSI specific CD-ROM opcode
5391d806
FB		 273 * to play data at track/index */
274#define GPCMD_PLAYAUDIO_TI 0x48
275/*
276 * From MS Media Status Notification Support Specification. For
277 * older drives only.
278 */
279#define GPCMD_GET_MEDIA_STATUS 0xda
d14049ea 280#define GPCMD_MODE_SENSE_6 0x1a
5391d806
FB		 281
282/* Mode page codes for mode sense/set */
283#define GPMODE_R_W_ERROR_PAGE 0x01
284#define GPMODE_WRITE_PARMS_PAGE 0x05
285#define GPMODE_AUDIO_CTL_PAGE 0x0e
286#define GPMODE_POWER_PAGE 0x1a
287#define GPMODE_FAULT_FAIL_PAGE 0x1c
288#define GPMODE_TO_PROTECT_PAGE 0x1d
289#define GPMODE_CAPABILITIES_PAGE 0x2a
290#define GPMODE_ALL_PAGES 0x3f
291/* Not in Mt. Fuji, but in ATAPI 2.6 -- depricated now in favor
292 * of MODE_SENSE_POWER_PAGE */
293#define GPMODE_CDROM_PAGE 0x0d
294
38cdea7c
AZ		 295/*
296 * Based on values from <linux/cdrom.h> but extending CD_MINS
297 * to the maximum common size allowed by the Orange's Book ATIP
298 *
299 * 90 and 99 min CDs are also available but using them as the
300 * upper limit reduces the effectiveness of the heuristic to
301 * detect DVDs burned to less than 25% of their maximum capacity
302 */
303
304/* Some generally useful CD-ROM information */
305#define CD_MINS 80 /* max. minutes per CD */
306#define CD_SECS 60 /* seconds per minute */
307#define CD_FRAMES 75 /* frames per second */
308#define CD_FRAMESIZE 2048 /* bytes per frame, "cooked" mode */
309#define CD_MAX_BYTES (CD_MINS * CD_SECS * CD_FRAMES * CD_FRAMESIZE)
310#define CD_MAX_SECTORS (CD_MAX_BYTES / 512)
311
312/*
313 * The MMC values are not IDE specific and might need to be moved
314 * to a common header if they are also needed for the SCSI emulation
315 */
316
317/* Profile list from MMC-6 revision 1 table 91 */
318#define MMC_PROFILE_NONE 0x0000
319#define MMC_PROFILE_CD_ROM 0x0008
320#define MMC_PROFILE_CD_R 0x0009
321#define MMC_PROFILE_CD_RW 0x000A
322#define MMC_PROFILE_DVD_ROM 0x0010
323#define MMC_PROFILE_DVD_R_SR 0x0011
324#define MMC_PROFILE_DVD_RAM 0x0012
325#define MMC_PROFILE_DVD_RW_RO 0x0013
326#define MMC_PROFILE_DVD_RW_SR 0x0014
327#define MMC_PROFILE_DVD_R_DL_SR 0x0015
328#define MMC_PROFILE_DVD_R_DL_JR 0x0016
329#define MMC_PROFILE_DVD_RW_DL 0x0017
330#define MMC_PROFILE_DVD_DDR 0x0018
331#define MMC_PROFILE_DVD_PLUS_RW 0x001A
332#define MMC_PROFILE_DVD_PLUS_R 0x001B
333#define MMC_PROFILE_DVD_PLUS_RW_DL 0x002A
334#define MMC_PROFILE_DVD_PLUS_R_DL 0x002B
335#define MMC_PROFILE_BD_ROM 0x0040
336#define MMC_PROFILE_BD_R_SRM 0x0041
337#define MMC_PROFILE_BD_R_RRM 0x0042
338#define MMC_PROFILE_BD_RE 0x0043
339#define MMC_PROFILE_HDDVD_ROM 0x0050
340#define MMC_PROFILE_HDDVD_R 0x0051
341#define MMC_PROFILE_HDDVD_RAM 0x0052
342#define MMC_PROFILE_HDDVD_RW 0x0053
343#define MMC_PROFILE_HDDVD_R_DL 0x0058
344#define MMC_PROFILE_HDDVD_RW_DL 0x005A
345#define MMC_PROFILE_INVALID 0xFFFF
346
5391d806
FB		 347#define ATAPI_INT_REASON_CD 0x01 /* 0 = data transfer */
348#define ATAPI_INT_REASON_IO 0x02 /* 1 = transfer to the host */
349#define ATAPI_INT_REASON_REL 0x04
350#define ATAPI_INT_REASON_TAG 0xf8
351
352/* same constants as bochs */
7f777bf3 353#define ASC_ILLEGAL_OPCODE 0x20
5391d806
FB		 354#define ASC_LOGICAL_BLOCK_OOR 0x21
355#define ASC_INV_FIELD_IN_CMD_PACKET 0x24
9118e7f0 356#define ASC_MEDIUM_MAY_HAVE_CHANGED 0x28
8114e9e8 357#define ASC_INCOMPATIBLE_FORMAT 0x30
5391d806
FB		 358#define ASC_MEDIUM_NOT_PRESENT 0x3a
359#define ASC_SAVING_PARAMETERS_NOT_SUPPORTED 0x39
360
201a51fc
AZ		 361#define CFA_NO_ERROR 0x00
362#define CFA_MISC_ERROR 0x09
363#define CFA_INVALID_COMMAND 0x20
364#define CFA_INVALID_ADDRESS 0x21
365#define CFA_ADDRESS_OVERFLOW 0x2f
366
5391d806
FB		 367#define SENSE_NONE 0
368#define SENSE_NOT_READY 2
369#define SENSE_ILLEGAL_REQUEST 5
370#define SENSE_UNIT_ATTENTION 6
371
372struct IDEState;
373
374typedef void EndTransferFunc(struct IDEState *);
375
caed8802 376/* NOTE: IDEState represents in fact one drive */
5391d806
FB		 377typedef struct IDEState {
378 /* ide config */
379 int is_cdrom;
201a51fc 380 int is_cf;
5391d806
FB		 381 int cylinders, heads, sectors;
382 int64_t nb_sectors;
383 int mult_sectors;
94458802
FB		 384 int identify_set;
385 uint16_t identify_data[256];
d537cf6c 386 qemu_irq irq;
34e538ae 387 PCIDevice *pci_dev;
98087450 388 struct BMDMAState *bmdma;
aedf5382 389 int drive_serial;
fa879c64 390 char drive_serial_str[21];
5391d806
FB		 391 /* ide regs */
392 uint8_t feature;
393 uint8_t error;
c2ff060f 394 uint32_t nsector;
5391d806
FB		 395 uint8_t sector;
396 uint8_t lcyl;
397 uint8_t hcyl;
c2ff060f
FB		 398 /* other part of tf for lba48 support */
399 uint8_t hob_feature;
400 uint8_t hob_nsector;
401 uint8_t hob_sector;
402 uint8_t hob_lcyl;
403 uint8_t hob_hcyl;
404
5391d806
FB		 405 uint8_t select;
406 uint8_t status;
c2ff060f 407
5391d806
FB		 408 /* 0x3f6 command, only meaningful for drive 0 */
409 uint8_t cmd;
c2ff060f
FB		 410 /* set for lba48 access */
411 uint8_t lba48;
5391d806 412 /* depends on bit 4 in select, only meaningful for drive 0 */
5fafdf24 413 struct IDEState *cur_drive;
5391d806
FB		 414 BlockDriverState *bs;
415 /* ATAPI specific */
416 uint8_t sense_key;
417 uint8_t asc;
418 int packet_transfer_size;
419 int elementary_transfer_size;
420 int io_buffer_index;
421 int lba;
98087450
FB		 422 int cd_sector_size;
423 int atapi_dma; /* true if dma is requested for the packet cmd */
424 /* ATA DMA state */
425 int io_buffer_size;
7aea4412 426 QEMUIOVector iovec;
98087450 427 /* PIO transfer handling */
5391d806
FB		 428 int req_nb_sectors; /* number of sectors per interrupt */
429 EndTransferFunc *end_transfer_func;
430 uint8_t *data_ptr;
431 uint8_t *data_end;
33f00271 432 uint8_t *io_buffer;
31c2a146 433 QEMUTimer *sector_write_timer; /* only used for win2k install hack */
e774a278 434 uint32_t irq_count; /* counts IRQs when using win2k install hack */
201a51fc
AZ		 435 /* CF-ATA extended error */
436 uint8_t ext_error;
437 /* CF-ATA metadata storage */
438 uint32_t mdata_size;
439 uint8_t *mdata_storage;
440 int media_changed;
e3007e66
AJ		 441 /* for pmac */
442 int is_read;
5391d806
FB		 443} IDEState;
444
8114e9e8
TS		 445/* XXX: DVDs that could fit on a CD will be reported as a CD */
446static inline int media_present(IDEState *s)
447{
448 return (s->nb_sectors > 0);
449}
450
451static inline int media_is_dvd(IDEState *s)
452{
453 return (media_present(s) && s->nb_sectors > CD_MAX_SECTORS);
454}
455
456static inline int media_is_cd(IDEState *s)
457{
458 return (media_present(s) && s->nb_sectors <= CD_MAX_SECTORS);
459}
460
98087450
FB		 461#define BM_STATUS_DMAING 0x01
462#define BM_STATUS_ERROR 0x02
463#define BM_STATUS_INT 0x04
428c5705
AL		 464#define BM_STATUS_DMA_RETRY 0x08
465#define BM_STATUS_PIO_RETRY 0x10
98087450
FB		 466
467#define BM_CMD_START 0x01
468#define BM_CMD_READ 0x08
469
5457c8ce
FB		 470#define IDE_TYPE_PIIX3 0
471#define IDE_TYPE_CMD646 1
afcc3cdf 472#define IDE_TYPE_PIIX4 2
5457c8ce
FB		 473
474/* CMD646 specific */
475#define MRDMODE 0x71
476#define MRDMODE_INTR_CH0 0x04
477#define MRDMODE_INTR_CH1 0x08
478#define MRDMODE_BLK_CH0 0x10
479#define MRDMODE_BLK_CH1 0x20
480#define UDIDETCR0 0x73
481#define UDIDETCR1 0x7B
482
98087450
FB		 483typedef struct BMDMAState {
484 uint8_t cmd;
485 uint8_t status;
486 uint32_t addr;
3b46e624 487
5457c8ce 488 struct PCIIDEState *pci_dev;
98087450 489 /* current transfer state */
8ccad811
FB		 490 uint32_t cur_addr;
491 uint32_t cur_prd_last;
492 uint32_t cur_prd_addr;
493 uint32_t cur_prd_len;
98087450 494 IDEState *ide_if;
8ccad811
FB		 495 BlockDriverCompletionFunc *dma_cb;
496 BlockDriverAIOCB *aiocb;
428c5705
AL		 497 int64_t sector_num;
498 uint32_t nsector;
98087450
FB		 499} BMDMAState;
500
501typedef struct PCIIDEState {
502 PCIDevice dev;
503 IDEState ide_if[4];
504 BMDMAState bmdma[2];
5457c8ce 505 int type; /* see IDE_TYPE_xxx */
98087450
FB		 506} PCIIDEState;
507
8ccad811 508static void ide_dma_start(IDEState *s, BlockDriverCompletionFunc *dma_cb);
428c5705 509static void ide_dma_restart(IDEState *s);
5f12ab4b 510static void ide_atapi_cmd_read_dma_cb(void *opaque, int ret);
98087450 511
5391d806
FB		 512static void padstr(char *str, const char *src, int len)
513{
514 int i, v;
515 for(i = 0; i < len; i++) {
516 if (*src)
517 v = *src++;
518 else
519 v = ' ';
69b34976 520 str[i^1] = v;
5391d806
FB		 521 }
522}
523
bd0d90b2
FB		 524static void padstr8(uint8_t *buf, int buf_size, const char *src)
525{
526 int i;
527 for(i = 0; i < buf_size; i++) {
528 if (*src)
529 buf[i] = *src++;
530 else
531 buf[i] = ' ';
532 }
533}
534
67b915a5
FB		 535static void put_le16(uint16_t *p, unsigned int v)
536{
0c4ad8dc 537 *p = cpu_to_le16(v);
67b915a5
FB		 538}
539
5391d806
FB		 540static void ide_identify(IDEState *s)
541{
542 uint16_t *p;
543 unsigned int oldsize;
544
94458802
FB		 545 if (s->identify_set) {
546 memcpy(s->io_buffer, s->identify_data, sizeof(s->identify_data));
547 return;
548 }
549
5391d806
FB		 550 memset(s->io_buffer, 0, 512);
551 p = (uint16_t *)s->io_buffer;
67b915a5 552 put_le16(p + 0, 0x0040);
5fafdf24 553 put_le16(p + 1, s->cylinders);
67b915a5
FB		 554 put_le16(p + 3, s->heads);
555 put_le16(p + 4, 512 * s->sectors); /* XXX: retired, remove ? */
556 put_le16(p + 5, 512); /* XXX: retired, remove ? */
5fafdf24 557 put_le16(p + 6, s->sectors);
fa879c64 558 padstr((char *)(p + 10), s->drive_serial_str, 20); /* serial number */
67b915a5
FB		 559 put_le16(p + 20, 3); /* XXX: retired, remove ? */
560 put_le16(p + 21, 512); /* cache size in sectors */
561 put_le16(p + 22, 4); /* ecc bytes */
60fe76f3
TS		 562 padstr((char *)(p + 23), QEMU_VERSION, 8); /* firmware version */
563 padstr((char *)(p + 27), "QEMU HARDDISK", 40); /* model */
3b46e624 564#if MAX_MULT_SECTORS > 1
67b915a5 565 put_le16(p + 47, 0x8000 | MAX_MULT_SECTORS);
5391d806 566#endif
67b915a5 567 put_le16(p + 48, 1); /* dword I/O */
94458802 568 put_le16(p + 49, (1 << 11) | (1 << 9) | (1 << 8)); /* DMA and LBA supported */
67b915a5
FB		 569 put_le16(p + 51, 0x200); /* PIO transfer cycle */
570 put_le16(p + 52, 0x200); /* DMA transfer cycle */
94458802 571 put_le16(p + 53, 1 | (1 << 1) | (1 << 2)); /* words 54-58,64-70,88 are valid */
67b915a5
FB		 572 put_le16(p + 54, s->cylinders);
573 put_le16(p + 55, s->heads);
574 put_le16(p + 56, s->sectors);
5391d806 575 oldsize = s->cylinders * s->heads * s->sectors;
67b915a5
FB		 576 put_le16(p + 57, oldsize);
577 put_le16(p + 58, oldsize >> 16);
5391d806 578 if (s->mult_sectors)
67b915a5
FB		 579 put_le16(p + 59, 0x100 | s->mult_sectors);
580 put_le16(p + 60, s->nb_sectors);
581 put_le16(p + 61, s->nb_sectors >> 16);
d1b5c20d 582 put_le16(p + 62, 0x07); /* single word dma0-2 supported */
94458802
FB		 583 put_le16(p + 63, 0x07); /* mdma0-2 supported */
584 put_le16(p + 65, 120);
585 put_le16(p + 66, 120);
586 put_le16(p + 67, 120);
587 put_le16(p + 68, 120);
588 put_le16(p + 80, 0xf0); /* ata3 -> ata6 supported */
589 put_le16(p + 81, 0x16); /* conforms to ata5 */
67b915a5 590 put_le16(p + 82, (1 << 14));
c2ff060f
FB		 591 /* 13=flush_cache_ext,12=flush_cache,10=lba48 */
592 put_le16(p + 83, (1 << 14) | (1 << 13) | (1 <<12) | (1 << 10));
67b915a5
FB		 593 put_le16(p + 84, (1 << 14));
594 put_le16(p + 85, (1 << 14));
c2ff060f
FB		 595 /* 13=flush_cache_ext,12=flush_cache,10=lba48 */
596 put_le16(p + 86, (1 << 14) | (1 << 13) | (1 <<12) | (1 << 10));
67b915a5 597 put_le16(p + 87, (1 << 14));
94458802
FB		 598 put_le16(p + 88, 0x3f | (1 << 13)); /* udma5 set and supported */
599 put_le16(p + 93, 1 | (1 << 14) | 0x2000);
c2ff060f
FB		 600 put_le16(p + 100, s->nb_sectors);
601 put_le16(p + 101, s->nb_sectors >> 16);
602 put_le16(p + 102, s->nb_sectors >> 32);
603 put_le16(p + 103, s->nb_sectors >> 48);
94458802
FB		 604
605 memcpy(s->identify_data, p, sizeof(s->identify_data));
606 s->identify_set = 1;
5391d806
FB		 607}
608
609static void ide_atapi_identify(IDEState *s)
610{
611 uint16_t *p;
612
94458802
FB		 613 if (s->identify_set) {
614 memcpy(s->io_buffer, s->identify_data, sizeof(s->identify_data));
615 return;
616 }
617
5391d806
FB		 618 memset(s->io_buffer, 0, 512);
619 p = (uint16_t *)s->io_buffer;
620 /* Removable CDROM, 50us response, 12 byte packets */
67b915a5 621 put_le16(p + 0, (2 << 14) | (5 << 8) | (1 << 7) | (2 << 5) | (0 << 0));
fa879c64 622 padstr((char *)(p + 10), s->drive_serial_str, 20); /* serial number */
67b915a5
FB		 623 put_le16(p + 20, 3); /* buffer type */
624 put_le16(p + 21, 512); /* cache size in sectors */
625 put_le16(p + 22, 4); /* ecc bytes */
60fe76f3 626 padstr((char *)(p + 23), QEMU_VERSION, 8); /* firmware version */
38cdea7c 627 padstr((char *)(p + 27), "QEMU DVD-ROM", 40); /* model */
67b915a5 628 put_le16(p + 48, 1); /* dword I/O (XXX: should not be set on CDROM) */
8ccad811
FB		 629#ifdef USE_DMA_CDROM
630 put_le16(p + 49, 1 << 9 | 1 << 8); /* DMA and LBA supported */
631 put_le16(p + 53, 7); /* words 64-70, 54-58, 88 valid */
d1b5c20d 632 put_le16(p + 62, 7); /* single word dma0-2 supported */
8ccad811
FB		 633 put_le16(p + 63, 7); /* mdma0-2 supported */
634 put_le16(p + 64, 0x3f); /* PIO modes supported */
635#else
67b915a5
FB		 636 put_le16(p + 49, 1 << 9); /* LBA supported, no DMA */
637 put_le16(p + 53, 3); /* words 64-70, 54-58 valid */
638 put_le16(p + 63, 0x103); /* DMA modes XXX: may be incorrect */
639 put_le16(p + 64, 1); /* PIO modes */
8ccad811 640#endif
67b915a5
FB		 641 put_le16(p + 65, 0xb4); /* minimum DMA multiword tx cycle time */
642 put_le16(p + 66, 0xb4); /* recommended DMA multiword tx cycle time */
643 put_le16(p + 67, 0x12c); /* minimum PIO cycle time without flow control */
644 put_le16(p + 68, 0xb4); /* minimum PIO cycle time with IORDY flow control */
94458802 645
67b915a5
FB		 646 put_le16(p + 71, 30); /* in ns */
647 put_le16(p + 72, 30); /* in ns */
5391d806 648
67b915a5 649 put_le16(p + 80, 0x1e); /* support up to ATA/ATAPI-4 */
8ccad811
FB		 650#ifdef USE_DMA_CDROM
651 put_le16(p + 88, 0x3f | (1 << 13)); /* udma5 set and supported */
652#endif
94458802
FB		 653 memcpy(s->identify_data, p, sizeof(s->identify_data));
654 s->identify_set = 1;
5391d806
FB		 655}
656
201a51fc
AZ		 657static void ide_cfata_identify(IDEState *s)
658{
659 uint16_t *p;
660 uint32_t cur_sec;
201a51fc
AZ		 661
662 p = (uint16_t *) s->identify_data;
663 if (s->identify_set)
664 goto fill_buffer;
665
666 memset(p, 0, sizeof(s->identify_data));
667
668 cur_sec = s->cylinders * s->heads * s->sectors;
669
670 put_le16(p + 0, 0x848a); /* CF Storage Card signature */
671 put_le16(p + 1, s->cylinders); /* Default cylinders */
672 put_le16(p + 3, s->heads); /* Default heads */
673 put_le16(p + 6, s->sectors); /* Default sectors per track */
674 put_le16(p + 7, s->nb_sectors >> 16); /* Sectors per card */
675 put_le16(p + 8, s->nb_sectors); /* Sectors per card */
fa879c64 676 padstr((char *)(p + 10), s->drive_serial_str, 20); /* serial number */
201a51fc 677 put_le16(p + 22, 0x0004); /* ECC bytes */
60fe76f3
TS		 678 padstr((char *) (p + 23), QEMU_VERSION, 8); /* Firmware Revision */
679 padstr((char *) (p + 27), "QEMU MICRODRIVE", 40);/* Model number */
201a51fc
AZ		 680#if MAX_MULT_SECTORS > 1
681 put_le16(p + 47, 0x8000 | MAX_MULT_SECTORS);
682#else
683 put_le16(p + 47, 0x0000);
684#endif
685 put_le16(p + 49, 0x0f00); /* Capabilities */
686 put_le16(p + 51, 0x0002); /* PIO cycle timing mode */
687 put_le16(p + 52, 0x0001); /* DMA cycle timing mode */
688 put_le16(p + 53, 0x0003); /* Translation params valid */
689 put_le16(p + 54, s->cylinders); /* Current cylinders */
690 put_le16(p + 55, s->heads); /* Current heads */
691 put_le16(p + 56, s->sectors); /* Current sectors */
692 put_le16(p + 57, cur_sec); /* Current capacity */
693 put_le16(p + 58, cur_sec >> 16); /* Current capacity */
694 if (s->mult_sectors) /* Multiple sector setting */
695 put_le16(p + 59, 0x100 | s->mult_sectors);
696 put_le16(p + 60, s->nb_sectors); /* Total LBA sectors */
697 put_le16(p + 61, s->nb_sectors >> 16); /* Total LBA sectors */
698 put_le16(p + 63, 0x0203); /* Multiword DMA capability */
699 put_le16(p + 64, 0x0001); /* Flow Control PIO support */
700 put_le16(p + 65, 0x0096); /* Min. Multiword DMA cycle */
701 put_le16(p + 66, 0x0096); /* Rec. Multiword DMA cycle */
702 put_le16(p + 68, 0x00b4); /* Min. PIO cycle time */
703 put_le16(p + 82, 0x400c); /* Command Set supported */
704 put_le16(p + 83, 0x7068); /* Command Set supported */
705 put_le16(p + 84, 0x4000); /* Features supported */
706 put_le16(p + 85, 0x000c); /* Command Set enabled */
707 put_le16(p + 86, 0x7044); /* Command Set enabled */
708 put_le16(p + 87, 0x4000); /* Features enabled */
709 put_le16(p + 91, 0x4060); /* Current APM level */
710 put_le16(p + 129, 0x0002); /* Current features option */
711 put_le16(p + 130, 0x0005); /* Reassigned sectors */
712 put_le16(p + 131, 0x0001); /* Initial power mode */
713 put_le16(p + 132, 0x0000); /* User signature */
714 put_le16(p + 160, 0x8100); /* Power requirement */
715 put_le16(p + 161, 0x8001); /* CF command set */
716
717 s->identify_set = 1;
718
719fill_buffer:
720 memcpy(s->io_buffer, p, sizeof(s->identify_data));
721}
722
5391d806
FB		 723static void ide_set_signature(IDEState *s)
724{
725 s->select &= 0xf0; /* clear head */
726 /* put signature */
727 s->nsector = 1;
728 s->sector = 1;
729 if (s->is_cdrom) {
730 s->lcyl = 0x14;
731 s->hcyl = 0xeb;
732 } else if (s->bs) {
733 s->lcyl = 0;
734 s->hcyl = 0;
735 } else {
736 s->lcyl = 0xff;
737 s->hcyl = 0xff;
738 }
739}
740
741static inline void ide_abort_command(IDEState *s)
742{
743 s->status = READY_STAT | ERR_STAT;
744 s->error = ABRT_ERR;
745}
746
5604e090
AZ		 747static inline void ide_dma_submit_check(IDEState *s,
748 BlockDriverCompletionFunc *dma_cb, BMDMAState *bm)
749{
750 if (bm->aiocb)
751 return;
752 dma_cb(bm, -1);
753}
754
5391d806
FB		 755static inline void ide_set_irq(IDEState *s)
756{
98ff7d30 757 BMDMAState *bm = s->bmdma;
5391d806 758 if (!(s->cmd & IDE_CMD_DISABLE_IRQ)) {
5457c8ce 759 if (bm) {
98ff7d30 760 bm->status |= BM_STATUS_INT;
5457c8ce 761 }
d537cf6c 762 qemu_irq_raise(s->irq);
5391d806
FB		 763 }
764}
765
766/* prepare data transfer and tell what to do after */
5fafdf24 767static void ide_transfer_start(IDEState *s, uint8_t *buf, int size,
5391d806
FB		 768 EndTransferFunc *end_transfer_func)
769{
770 s->end_transfer_func = end_transfer_func;
771 s->data_ptr = buf;
772 s->data_end = buf + size;
7603d156
TS		 773 if (!(s->status & ERR_STAT))
774 s->status |= DRQ_STAT;
5391d806
FB		 775}
776
777static void ide_transfer_stop(IDEState *s)
778{
779 s->end_transfer_func = ide_transfer_stop;
780 s->data_ptr = s->io_buffer;
781 s->data_end = s->io_buffer;
782 s->status &= ~DRQ_STAT;
783}
784
785static int64_t ide_get_sector(IDEState *s)
786{
787 int64_t sector_num;
788 if (s->select & 0x40) {
789 /* lba */
c2ff060f
FB		 790 if (!s->lba48) {
791 sector_num = ((s->select & 0x0f) << 24) | (s->hcyl << 16) |
792 (s->lcyl << 8) | s->sector;
793 } else {
794 sector_num = ((int64_t)s->hob_hcyl << 40) |
795 ((int64_t) s->hob_lcyl << 32) |
796 ((int64_t) s->hob_sector << 24) |
797 ((int64_t) s->hcyl << 16) |
798 ((int64_t) s->lcyl << 8) | s->sector;
799 }
5391d806
FB		 800 } else {
801 sector_num = ((s->hcyl << 8) | s->lcyl) * s->heads * s->sectors +
c2ff060f 802 (s->select & 0x0f) * s->sectors + (s->sector - 1);
5391d806
FB		 803 }
804 return sector_num;
805}
806
807static void ide_set_sector(IDEState *s, int64_t sector_num)
808{
809 unsigned int cyl, r;
810 if (s->select & 0x40) {
c2ff060f
FB		 811 if (!s->lba48) {
812 s->select = (s->select & 0xf0) | (sector_num >> 24);
813 s->hcyl = (sector_num >> 16);
814 s->lcyl = (sector_num >> 8);
815 s->sector = (sector_num);
816 } else {
817 s->sector = sector_num;
818 s->lcyl = sector_num >> 8;
819 s->hcyl = sector_num >> 16;
820 s->hob_sector = sector_num >> 24;
821 s->hob_lcyl = sector_num >> 32;
822 s->hob_hcyl = sector_num >> 40;
823 }
5391d806
FB		 824 } else {
825 cyl = sector_num / (s->heads * s->sectors);
826 r = sector_num % (s->heads * s->sectors);
827 s->hcyl = cyl >> 8;
828 s->lcyl = cyl;
1b8eb456 829 s->select = (s->select & 0xf0) | ((r / s->sectors) & 0x0f);
5391d806
FB		 830 s->sector = (r % s->sectors) + 1;
831 }
832}
833
e162cfb0
AZ		 834static void ide_rw_error(IDEState *s) {
835 ide_abort_command(s);
836 ide_set_irq(s);
837}
838
5391d806
FB		 839static void ide_sector_read(IDEState *s)
840{
841 int64_t sector_num;
842 int ret, n;
843
844 s->status = READY_STAT | SEEK_STAT;
a136e5a8 845 s->error = 0; /* not needed by IDE spec, but needed by Windows */
5391d806
FB		 846 sector_num = ide_get_sector(s);
847 n = s->nsector;
848 if (n == 0) {
849 /* no more sector to read from disk */
850 ide_transfer_stop(s);
851 } else {
852#if defined(DEBUG_IDE)
18c5f8ea 853 printf("read sector=%" PRId64 "\n", sector_num);
5391d806
FB		 854#endif
855 if (n > s->req_nb_sectors)
856 n = s->req_nb_sectors;
857 ret = bdrv_read(s->bs, sector_num, s->io_buffer, n);
e162cfb0
AZ		 858 if (ret != 0) {
859 ide_rw_error(s);
860 return;
861 }
5391d806
FB		 862 ide_transfer_start(s, s->io_buffer, 512 * n, ide_sector_read);
863 ide_set_irq(s);
864 ide_set_sector(s, sector_num + n);
865 s->nsector -= n;
866 }
867}
868
7aea4412
AL		 869
870/* return 0 if buffer completed */
871static int dma_buf_prepare(BMDMAState *bm, int is_write)
872{
873 IDEState *s = bm->ide_if;
874 struct {
875 uint32_t addr;
876 uint32_t size;
877 } prd;
878 int l, len;
879 void *mem;
880 target_phys_addr_t l1;
881
882 qemu_iovec_init(&s->iovec, s->nsector / (TARGET_PAGE_SIZE/512) + 1);
883 s->io_buffer_size = 0;
884 for(;;) {
885 if (bm->cur_prd_len == 0) {
886 /* end of table (with a fail safe of one page) */
887 if (bm->cur_prd_last ||
888 (bm->cur_addr - bm->addr) >= 4096)
889 return s->io_buffer_size != 0;
890 cpu_physical_memory_read(bm->cur_addr, (uint8_t *)&prd, 8);
891 bm->cur_addr += 8;
892 prd.addr = le32_to_cpu(prd.addr);
893 prd.size = le32_to_cpu(prd.size);
894 len = prd.size & 0xfffe;
895 if (len == 0)
896 len = 0x10000;
897 bm->cur_prd_len = len;
898 bm->cur_prd_addr = prd.addr;
899 bm->cur_prd_last = (prd.size & 0x80000000);
900 }
901 l = bm->cur_prd_len;
902 if (l > 0) {
903 l1 = l;
904 mem = cpu_physical_memory_map(bm->cur_prd_addr, &l1, is_write);
905 if (!mem) {
906 break;
907 }
908 qemu_iovec_add(&s->iovec, mem, l1);
909 bm->cur_prd_addr += l1;
910 bm->cur_prd_len -= l1;
911 s->io_buffer_size += l1;
912 }
913 }
914 return 1;
915}
916
917static void dma_buf_commit(IDEState *s, int is_write)
918{
919 int i;
920
921 for (i = 0; i < s->iovec.niov; ++i) {
922 cpu_physical_memory_unmap(s->iovec.iov[i].iov_base,
923 s->iovec.iov[i].iov_len, is_write,
924 s->iovec.iov[i].iov_len);
925 }
926 qemu_iovec_destroy(&s->iovec);
927}
928
e162cfb0
AZ		 929static void ide_dma_error(IDEState *s)
930{
931 ide_transfer_stop(s);
932 s->error = ABRT_ERR;
933 s->status = READY_STAT | ERR_STAT;
934 ide_set_irq(s);
935}
936
428c5705
AL		 937static int ide_handle_write_error(IDEState *s, int error, int op)
938{
939 BlockInterfaceErrorAction action = drive_get_onerror(s->bs);
940
941 if (action == BLOCK_ERR_IGNORE)
942 return 0;
943
944 if ((error == ENOSPC && action == BLOCK_ERR_STOP_ENOSPC)
945 || action == BLOCK_ERR_STOP_ANY) {
946 s->bmdma->ide_if = s;
947 s->bmdma->status |= op;
948 vm_stop(0);
949 } else {
7aea4412
AL		 950 if (op == BM_STATUS_DMA_RETRY) {
951 dma_buf_commit(s, 0);
428c5705 952 ide_dma_error(s);
7aea4412 953 } else {
428c5705 954 ide_rw_error(s);
7aea4412 955 }
428c5705
AL		 956 }
957
958 return 1;
959}
960
8ccad811
FB		 961/* return 0 if buffer completed */
962static int dma_buf_rw(BMDMAState *bm, int is_write)
98087450 963{
8ccad811
FB		 964 IDEState *s = bm->ide_if;
965 struct {
966 uint32_t addr;
967 uint32_t size;
968 } prd;
969 int l, len;
98087450 970
8ccad811
FB		 971 for(;;) {
972 l = s->io_buffer_size - s->io_buffer_index;
5fafdf24 973 if (l <= 0)
8ccad811
FB		 974 break;
975 if (bm->cur_prd_len == 0) {
976 /* end of table (with a fail safe of one page) */
977 if (bm->cur_prd_last ||
978 (bm->cur_addr - bm->addr) >= 4096)
979 return 0;
980 cpu_physical_memory_read(bm->cur_addr, (uint8_t *)&prd, 8);
981 bm->cur_addr += 8;
982 prd.addr = le32_to_cpu(prd.addr);
983 prd.size = le32_to_cpu(prd.size);
984 len = prd.size & 0xfffe;
985 if (len == 0)
986 len = 0x10000;
987 bm->cur_prd_len = len;
988 bm->cur_prd_addr = prd.addr;
989 bm->cur_prd_last = (prd.size & 0x80000000);
990 }
991 if (l > bm->cur_prd_len)
992 l = bm->cur_prd_len;
993 if (l > 0) {
994 if (is_write) {
5fafdf24 995 cpu_physical_memory_write(bm->cur_prd_addr,
8ccad811
FB		 996 s->io_buffer + s->io_buffer_index, l);
997 } else {
5fafdf24 998 cpu_physical_memory_read(bm->cur_prd_addr,
8ccad811
FB		 999 s->io_buffer + s->io_buffer_index, l);
1000 }
1001 bm->cur_prd_addr += l;
1002 bm->cur_prd_len -= l;
1003 s->io_buffer_index += l;
98087450 1004 }
98087450 1005 }
8ccad811
FB		 1006 return 1;
1007}
1008
7aea4412
AL		 1009typedef struct {
1010 BMDMAState *bm;
1011 void (*cb)(void *opaque, int ret);
1012 QEMUBH *bh;
1013} MapFailureContinuation;
1014
1015static void reschedule_dma(void *opaque)
1016{
1017 MapFailureContinuation *cont = opaque;
1018
1019 cont->cb(cont->bm, 0);
1020 qemu_bh_delete(cont->bh);
1021 qemu_free(cont);
1022}
1023
1024static void continue_after_map_failure(void *opaque)
1025{
1026 MapFailureContinuation *cont = opaque;
1027
1028 cont->bh = qemu_bh_new(reschedule_dma, opaque);
1029 qemu_bh_schedule(cont->bh);
1030}
1031
1032static void wait_for_bounce_buffer(BMDMAState *bmdma,
1033 void (*cb)(void *opaque, int ret))
1034{
1035 MapFailureContinuation *cont = qemu_malloc(sizeof(*cont));
1036
1037 cont->bm = bmdma;
1038 cont->cb = cb;
1039 cpu_register_map_client(cont, continue_after_map_failure);
1040}
1041
8ccad811
FB		 1042static void ide_read_dma_cb(void *opaque, int ret)
1043{
1044 BMDMAState *bm = opaque;
1045 IDEState *s = bm->ide_if;
1046 int n;
1047 int64_t sector_num;
1048
e162cfb0 1049 if (ret < 0) {
7aea4412 1050 dma_buf_commit(s, 1);
e162cfb0
AZ		 1051 ide_dma_error(s);
1052 return;
1053 }
1054
8ccad811
FB		 1055 n = s->io_buffer_size >> 9;
1056 sector_num = ide_get_sector(s);
1057 if (n > 0) {
7aea4412 1058 dma_buf_commit(s, 1);
8ccad811
FB		 1059 sector_num += n;
1060 ide_set_sector(s, sector_num);
1061 s->nsector -= n;
8ccad811
FB		 1062 }
1063
1064 /* end of transfer ? */
1065 if (s->nsector == 0) {
98087450
FB		 1066 s->status = READY_STAT | SEEK_STAT;
1067 ide_set_irq(s);
8ccad811
FB		 1068 eot:
1069 bm->status &= ~BM_STATUS_DMAING;
1070 bm->status |= BM_STATUS_INT;
1071 bm->dma_cb = NULL;
1072 bm->ide_if = NULL;
1073 bm->aiocb = NULL;
1074 return;
98087450 1075 }
8ccad811
FB		 1076
1077 /* launch next transfer */
1078 n = s->nsector;
8ccad811
FB		 1079 s->io_buffer_index = 0;
1080 s->io_buffer_size = n * 512;
7aea4412
AL		 1081 if (dma_buf_prepare(bm, 1) == 0)
1082 goto eot;
1083 if (!s->iovec.niov) {
1084 wait_for_bounce_buffer(bm, ide_read_dma_cb);
1085 return;
1086 }
8ccad811 1087#ifdef DEBUG_AIO
5df23f53 1088 printf("aio_read: sector_num=%" PRId64 " n=%d\n", sector_num, n);
8ccad811 1089#endif
7aea4412
AL		 1090 bm->aiocb = bdrv_aio_readv(s->bs, sector_num, &s->iovec, n,
1091 ide_read_dma_cb, bm);
5604e090 1092 ide_dma_submit_check(s, ide_read_dma_cb, bm);
98087450
FB		 1093}
1094
1095static void ide_sector_read_dma(IDEState *s)
1096{
8ccad811 1097 s->status = READY_STAT | SEEK_STAT | DRQ_STAT | BUSY_STAT;
98087450
FB		 1098 s->io_buffer_index = 0;
1099 s->io_buffer_size = 0;
e3007e66 1100 s->is_read = 1;
98087450
FB		 1101 ide_dma_start(s, ide_read_dma_cb);
1102}
1103
a09db21f
FB		 1104static void ide_sector_write_timer_cb(void *opaque)
1105{
1106 IDEState *s = opaque;
1107 ide_set_irq(s);
1108}
1109
5391d806
FB		 1110static void ide_sector_write(IDEState *s)
1111{
1112 int64_t sector_num;
31c2a146 1113 int ret, n, n1;
5391d806
FB		 1114
1115 s->status = READY_STAT | SEEK_STAT;
1116 sector_num = ide_get_sector(s);
1117#if defined(DEBUG_IDE)
18c5f8ea 1118 printf("write sector=%" PRId64 "\n", sector_num);
5391d806
FB		 1119#endif
1120 n = s->nsector;
1121 if (n > s->req_nb_sectors)
1122 n = s->req_nb_sectors;
31c2a146 1123 ret = bdrv_write(s->bs, sector_num, s->io_buffer, n);
428c5705 1124
e162cfb0 1125 if (ret != 0) {
428c5705
AL		 1126 if (ide_handle_write_error(s, -ret, BM_STATUS_PIO_RETRY))
1127 return;
e162cfb0
AZ		 1128 }
1129
5391d806
FB		 1130 s->nsector -= n;
1131 if (s->nsector == 0) {
292eef5a 1132 /* no more sectors to write */
5391d806
FB		 1133 ide_transfer_stop(s);
1134 } else {
1135 n1 = s->nsector;
1136 if (n1 > s->req_nb_sectors)
1137 n1 = s->req_nb_sectors;
1138 ide_transfer_start(s, s->io_buffer, 512 * n1, ide_sector_write);
1139 }
1140 ide_set_sector(s, sector_num + n);
3b46e624 1141
31c2a146
TS		 1142#ifdef TARGET_I386
1143 if (win2k_install_hack && ((++s->irq_count % 16) == 0)) {
1144 /* It seems there is a bug in the Windows 2000 installer HDD
1145 IDE driver which fills the disk with empty logs when the
1146 IDE write IRQ comes too early. This hack tries to correct
1147 that at the expense of slower write performances. Use this
1148 option _only_ to install Windows 2000. You must disable it
1149 for normal use. */
1150 qemu_mod_timer(s->sector_write_timer,
1151 qemu_get_clock(vm_clock) + (ticks_per_sec / 1000));
1152 } else
1153#endif
1154 {
1155 ide_set_irq(s);
1156 }
5391d806
FB		 1157}
1158
f18be901 1159static void ide_dma_restart_cb(void *opaque, int running, int reason)
428c5705
AL		 1160{
1161 BMDMAState *bm = opaque;
1162 if (!running)
1163 return;
1164 if (bm->status & BM_STATUS_DMA_RETRY) {
1165 bm->status &= ~BM_STATUS_DMA_RETRY;
1166 ide_dma_restart(bm->ide_if);
1167 } else if (bm->status & BM_STATUS_PIO_RETRY) {
1168 bm->status &= ~BM_STATUS_PIO_RETRY;
1169 ide_sector_write(bm->ide_if);
1170 }
1171}
1172
8ccad811 1173static void ide_write_dma_cb(void *opaque, int ret)
98087450 1174{
8ccad811
FB		 1175 BMDMAState *bm = opaque;
1176 IDEState *s = bm->ide_if;
1177 int n;
98087450
FB		 1178 int64_t sector_num;
1179
e162cfb0 1180 if (ret < 0) {
428c5705
AL		 1181 if (ide_handle_write_error(s, -ret, BM_STATUS_DMA_RETRY))
1182 return;
e162cfb0
AZ		 1183 }
1184
8ccad811
FB		 1185 n = s->io_buffer_size >> 9;
1186 sector_num = ide_get_sector(s);
1187 if (n > 0) {
7aea4412 1188 dma_buf_commit(s, 0);
8ccad811
FB		 1189 sector_num += n;
1190 ide_set_sector(s, sector_num);
1191 s->nsector -= n;
98087450 1192 }
98087450 1193
8ccad811
FB		 1194 /* end of transfer ? */
1195 if (s->nsector == 0) {
1196 s->status = READY_STAT | SEEK_STAT;
1197 ide_set_irq(s);
1198 eot:
1199 bm->status &= ~BM_STATUS_DMAING;
1200 bm->status |= BM_STATUS_INT;
1201 bm->dma_cb = NULL;
1202 bm->ide_if = NULL;
1203 bm->aiocb = NULL;
1204 return;
1205 }
1206
98087450 1207 n = s->nsector;
98087450 1208 s->io_buffer_size = n * 512;
7aea4412
AL		 1209 /* launch next transfer */
1210 if (dma_buf_prepare(bm, 0) == 0)
8ccad811 1211 goto eot;
7aea4412
AL		 1212 if (!s->iovec.niov) {
1213 wait_for_bounce_buffer(bm, ide_write_dma_cb);
1214 return;
1215 }
8ccad811 1216#ifdef DEBUG_AIO
5df23f53 1217 printf("aio_write: sector_num=%" PRId64 " n=%d\n", sector_num, n);
8ccad811 1218#endif
7aea4412
AL		 1219 bm->aiocb = bdrv_aio_writev(s->bs, sector_num, &s->iovec, n,
1220 ide_write_dma_cb, bm);
5604e090 1221 ide_dma_submit_check(s, ide_write_dma_cb, bm);
8ccad811
FB		 1222}
1223
1224static void ide_sector_write_dma(IDEState *s)
1225{
1226 s->status = READY_STAT | SEEK_STAT | DRQ_STAT | BUSY_STAT;
1227 s->io_buffer_index = 0;
1228 s->io_buffer_size = 0;
e3007e66 1229 s->is_read = 0;
98087450
FB		 1230 ide_dma_start(s, ide_write_dma_cb);
1231}
1232
5391d806
FB		 1233static void ide_atapi_cmd_ok(IDEState *s)
1234{
1235 s->error = 0;
41a2b959 1236 s->status = READY_STAT | SEEK_STAT;
5391d806
FB		 1237 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
1238 ide_set_irq(s);
1239}
1240
1241static void ide_atapi_cmd_error(IDEState *s, int sense_key, int asc)
1242{
1243#ifdef DEBUG_IDE_ATAPI
1244 printf("atapi_cmd_error: sense=0x%x asc=0x%x\n", sense_key, asc);
1245#endif
1246 s->error = sense_key << 4;
1247 s->status = READY_STAT | ERR_STAT;
1248 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
1249 s->sense_key = sense_key;
1250 s->asc = asc;
1251 ide_set_irq(s);
1252}
1253
9118e7f0
AL		 1254static void ide_atapi_cmd_check_status(IDEState *s)
1255{
1256#ifdef DEBUG_IDE_ATAPI
1257 printf("atapi_cmd_check_status\n");
1258#endif
1259 s->error = MC_ERR | (SENSE_UNIT_ATTENTION << 4);
1260 s->status = ERR_STAT;
1261 s->nsector = 0;
1262 ide_set_irq(s);
1263}
1264
5391d806
FB		 1265static inline void cpu_to_ube16(uint8_t *buf, int val)
1266{
1267 buf[0] = val >> 8;
1268 buf[1] = val;
1269}
1270
1271static inline void cpu_to_ube32(uint8_t *buf, unsigned int val)
1272{
1273 buf[0] = val >> 24;
1274 buf[1] = val >> 16;
1275 buf[2] = val >> 8;
1276 buf[3] = val;
1277}
1278
1279static inline int ube16_to_cpu(const uint8_t *buf)
1280{
1281 return (buf[0] << 8) | buf[1];
1282}
1283
1284static inline int ube32_to_cpu(const uint8_t *buf)
1285{
1286 return (buf[0] << 24) | (buf[1] << 16) | (buf[2] << 8) | buf[3];
1287}
1288
98087450
FB		 1289static void lba_to_msf(uint8_t *buf, int lba)
1290{
1291 lba += 150;
1292 buf[0] = (lba / 75) / 60;
1293 buf[1] = (lba / 75) % 60;
1294 buf[2] = lba % 75;
1295}
1296
8ccad811
FB		 1297static void cd_data_to_raw(uint8_t *buf, int lba)
1298{
1299 /* sync bytes */
1300 buf[0] = 0x00;
1301 memset(buf + 1, 0xff, 10);
1302 buf[11] = 0x00;
1303 buf += 12;
1304 /* MSF */
1305 lba_to_msf(buf, lba);
1306 buf[3] = 0x01; /* mode 1 data */
1307 buf += 4;
1308 /* data */
1309 buf += 2048;
1310 /* XXX: ECC not computed */
1311 memset(buf, 0, 288);
1312}
1313
5fafdf24 1314static int cd_read_sector(BlockDriverState *bs, int lba, uint8_t *buf,
98087450
FB		 1315 int sector_size)
1316{
66c6ef76
FB		 1317 int ret;
1318
98087450
FB		 1319 switch(sector_size) {
1320 case 2048:
66c6ef76 1321 ret = bdrv_read(bs, (int64_t)lba << 2, buf, 4);
98087450
FB		 1322 break;
1323 case 2352:
66c6ef76
FB		 1324 ret = bdrv_read(bs, (int64_t)lba << 2, buf + 16, 4);
1325 if (ret < 0)
1326 return ret;
8ccad811 1327 cd_data_to_raw(buf, lba);
98087450
FB		 1328 break;
1329 default:
66c6ef76 1330 ret = -EIO;
98087450
FB		 1331 break;
1332 }
66c6ef76
FB		 1333 return ret;
1334}
1335
1336static void ide_atapi_io_error(IDEState *s, int ret)
1337{
1338 /* XXX: handle more errors */
1339 if (ret == -ENOMEDIUM) {
5fafdf24 1340 ide_atapi_cmd_error(s, SENSE_NOT_READY,
66c6ef76
FB		 1341 ASC_MEDIUM_NOT_PRESENT);
1342 } else {
5fafdf24 1343 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
66c6ef76
FB		 1344 ASC_LOGICAL_BLOCK_OOR);
1345 }
98087450
FB		 1346}
1347
5391d806
FB		 1348/* The whole ATAPI transfer logic is handled in this function */
1349static void ide_atapi_cmd_reply_end(IDEState *s)
1350{
66c6ef76 1351 int byte_count_limit, size, ret;
5391d806 1352#ifdef DEBUG_IDE_ATAPI
5fafdf24 1353 printf("reply: tx_size=%d elem_tx_size=%d index=%d\n",
5391d806
FB		 1354 s->packet_transfer_size,
1355 s->elementary_transfer_size,
1356 s->io_buffer_index);
1357#endif
1358 if (s->packet_transfer_size <= 0) {
1359 /* end of transfer */
1360 ide_transfer_stop(s);
41a2b959 1361 s->status = READY_STAT | SEEK_STAT;
5391d806
FB		 1362 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
1363 ide_set_irq(s);
1364#ifdef DEBUG_IDE_ATAPI
1365 printf("status=0x%x\n", s->status);
1366#endif
1367 } else {
1368 /* see if a new sector must be read */
98087450 1369 if (s->lba != -1 && s->io_buffer_index >= s->cd_sector_size) {
66c6ef76
FB		 1370 ret = cd_read_sector(s->bs, s->lba, s->io_buffer, s->cd_sector_size);
1371 if (ret < 0) {
1372 ide_transfer_stop(s);
1373 ide_atapi_io_error(s, ret);
1374 return;
1375 }
5391d806
FB		 1376 s->lba++;
1377 s->io_buffer_index = 0;
1378 }
1379 if (s->elementary_transfer_size > 0) {
1380 /* there are some data left to transmit in this elementary
1381 transfer */
98087450 1382 size = s->cd_sector_size - s->io_buffer_index;
5391d806
FB		 1383 if (size > s->elementary_transfer_size)
1384 size = s->elementary_transfer_size;
5fafdf24 1385 ide_transfer_start(s, s->io_buffer + s->io_buffer_index,
5391d806
FB		 1386 size, ide_atapi_cmd_reply_end);
1387 s->packet_transfer_size -= size;
1388 s->elementary_transfer_size -= size;
1389 s->io_buffer_index += size;
1390 } else {
1391 /* a new transfer is needed */
1392 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO;
1393 byte_count_limit = s->lcyl | (s->hcyl << 8);
1394#ifdef DEBUG_IDE_ATAPI
1395 printf("byte_count_limit=%d\n", byte_count_limit);
1396#endif
1397 if (byte_count_limit == 0xffff)
1398 byte_count_limit--;
1399 size = s->packet_transfer_size;
1400 if (size > byte_count_limit) {
1401 /* byte count limit must be even if this case */
1402 if (byte_count_limit & 1)
1403 byte_count_limit--;
1404 size = byte_count_limit;
5391d806 1405 }
a136e5a8
FB		 1406 s->lcyl = size;
1407 s->hcyl = size >> 8;
5391d806
FB		 1408 s->elementary_transfer_size = size;
1409 /* we cannot transmit more than one sector at a time */
1410 if (s->lba != -1) {
98087450
FB		 1411 if (size > (s->cd_sector_size - s->io_buffer_index))
1412 size = (s->cd_sector_size - s->io_buffer_index);
5391d806 1413 }
5fafdf24 1414 ide_transfer_start(s, s->io_buffer + s->io_buffer_index,
5391d806
FB		 1415 size, ide_atapi_cmd_reply_end);
1416 s->packet_transfer_size -= size;
1417 s->elementary_transfer_size -= size;
1418 s->io_buffer_index += size;
1419 ide_set_irq(s);
1420#ifdef DEBUG_IDE_ATAPI
1421 printf("status=0x%x\n", s->status);
1422#endif
1423 }
1424 }
1425}
1426
1427/* send a reply of 'size' bytes in s->io_buffer to an ATAPI command */
1428static void ide_atapi_cmd_reply(IDEState *s, int size, int max_size)
1429{
1430 if (size > max_size)
1431 size = max_size;
1432 s->lba = -1; /* no sector read */
1433 s->packet_transfer_size = size;
5f12ab4b 1434 s->io_buffer_size = size; /* dma: send the reply data as one chunk */
5391d806
FB		 1435 s->elementary_transfer_size = 0;
1436 s->io_buffer_index = 0;
1437
5f12ab4b 1438 if (s->atapi_dma) {
41a2b959 1439 s->status = READY_STAT | SEEK_STAT | DRQ_STAT;
5f12ab4b
TS		 1440 ide_dma_start(s, ide_atapi_cmd_read_dma_cb);
1441 } else {
41a2b959 1442 s->status = READY_STAT | SEEK_STAT;
5f12ab4b
TS		 1443 ide_atapi_cmd_reply_end(s);
1444 }
5391d806
FB		 1445}
1446
1447/* start a CD-CDROM read command */
98087450
FB		 1448static void ide_atapi_cmd_read_pio(IDEState *s, int lba, int nb_sectors,
1449 int sector_size)
5391d806 1450{
5391d806 1451 s->lba = lba;
98087450 1452 s->packet_transfer_size = nb_sectors * sector_size;
5391d806 1453 s->elementary_transfer_size = 0;
98087450
FB		 1454 s->io_buffer_index = sector_size;
1455 s->cd_sector_size = sector_size;
5391d806 1456
41a2b959 1457 s->status = READY_STAT | SEEK_STAT;
5391d806
FB		 1458 ide_atapi_cmd_reply_end(s);
1459}
1460
98087450 1461/* ATAPI DMA support */
8ccad811
FB		 1462
1463/* XXX: handle read errors */
1464static void ide_atapi_cmd_read_dma_cb(void *opaque, int ret)
98087450 1465{
8ccad811
FB		 1466 BMDMAState *bm = opaque;
1467 IDEState *s = bm->ide_if;
1468 int data_offset, n;
1469
66c6ef76
FB		 1470 if (ret < 0) {
1471 ide_atapi_io_error(s, ret);
1472 goto eot;
1473 }
1474
8ccad811 1475 if (s->io_buffer_size > 0) {
5f12ab4b
TS		 1476 /*
1477 * For a cdrom read sector command (s->lba != -1),
1478 * adjust the lba for the next s->io_buffer_size chunk
1479 * and dma the current chunk.
1480 * For a command != read (s->lba == -1), just transfer
1481 * the reply data.
1482 */
1483 if (s->lba != -1) {
1484 if (s->cd_sector_size == 2352) {
1485 n = 1;
1486 cd_data_to_raw(s->io_buffer, s->lba);
1487 } else {
1488 n = s->io_buffer_size >> 11;
1489 }
1490 s->lba += n;
1491 }
8ccad811 1492 s->packet_transfer_size -= s->io_buffer_size;
8ccad811
FB		 1493 if (dma_buf_rw(bm, 1) == 0)
1494 goto eot;
98087450 1495 }
8ccad811 1496
98087450 1497 if (s->packet_transfer_size <= 0) {
41a2b959 1498 s->status = READY_STAT | SEEK_STAT;
98087450
FB		 1499 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
1500 ide_set_irq(s);
8ccad811
FB		 1501 eot:
1502 bm->status &= ~BM_STATUS_DMAING;
1503 bm->status |= BM_STATUS_INT;
1504 bm->dma_cb = NULL;
1505 bm->ide_if = NULL;
1506 bm->aiocb = NULL;
1507 return;
1508 }
3b46e624 1509
8ccad811
FB		 1510 s->io_buffer_index = 0;
1511 if (s->cd_sector_size == 2352) {
1512 n = 1;
1513 s->io_buffer_size = s->cd_sector_size;
1514 data_offset = 16;
1515 } else {
1516 n = s->packet_transfer_size >> 11;
1d8cde5b
AJ		 1517 if (n > (IDE_DMA_BUF_SECTORS / 4))
1518 n = (IDE_DMA_BUF_SECTORS / 4);
8ccad811
FB		 1519 s->io_buffer_size = n * 2048;
1520 data_offset = 0;
98087450 1521 }
8ccad811
FB		 1522#ifdef DEBUG_AIO
1523 printf("aio_read_cd: lba=%u n=%d\n", s->lba, n);
1524#endif
5fafdf24
TS		 1525 bm->aiocb = bdrv_aio_read(s->bs, (int64_t)s->lba << 2,
1526 s->io_buffer + data_offset, n * 4,
8ccad811 1527 ide_atapi_cmd_read_dma_cb, bm);
66c6ef76
FB		 1528 if (!bm->aiocb) {
1529 /* Note: media not present is the most likely case */
5fafdf24 1530 ide_atapi_cmd_error(s, SENSE_NOT_READY,
66c6ef76
FB		 1531 ASC_MEDIUM_NOT_PRESENT);
1532 goto eot;
1533 }
98087450
FB		 1534}
1535
1536/* start a CD-CDROM read command with DMA */
1537/* XXX: test if DMA is available */
1538static void ide_atapi_cmd_read_dma(IDEState *s, int lba, int nb_sectors,
1539 int sector_size)
1540{
1541 s->lba = lba;
1542 s->packet_transfer_size = nb_sectors * sector_size;
8ccad811
FB		 1543 s->io_buffer_index = 0;
1544 s->io_buffer_size = 0;
98087450
FB		 1545 s->cd_sector_size = sector_size;
1546
8ccad811 1547 /* XXX: check if BUSY_STAT should be set */
41a2b959 1548 s->status = READY_STAT | SEEK_STAT | DRQ_STAT | BUSY_STAT;
98087450
FB		 1549 ide_dma_start(s, ide_atapi_cmd_read_dma_cb);
1550}
1551
5fafdf24 1552static void ide_atapi_cmd_read(IDEState *s, int lba, int nb_sectors,
98087450
FB		 1553 int sector_size)
1554{
1555#ifdef DEBUG_IDE_ATAPI
5f12ab4b
TS		 1556 printf("read %s: LBA=%d nb_sectors=%d\n", s->atapi_dma ? "dma" : "pio",
1557 lba, nb_sectors);
98087450
FB		 1558#endif
1559 if (s->atapi_dma) {
1560 ide_atapi_cmd_read_dma(s, lba, nb_sectors, sector_size);
1561 } else {
1562 ide_atapi_cmd_read_pio(s, lba, nb_sectors, sector_size);
1563 }
1564}
1565
38cdea7c
AZ		 1566static inline uint8_t ide_atapi_set_profile(uint8_t *buf, uint8_t *index,
1567 uint16_t profile)
1568{
1569 uint8_t *buf_profile = buf + 12; /* start of profiles */
1570
1571 buf_profile += ((*index) * 4); /* start of indexed profile */
1572 cpu_to_ube16 (buf_profile, profile);
1573 buf_profile[2] = ((buf_profile[0] == buf[6]) && (buf_profile[1] == buf[7]));
1574
1575 /* each profile adds 4 bytes to the response */
1576 (*index)++;
1577 buf[11] += 4; /* Additional Length */
1578
1579 return 4;
1580}
1581
8114e9e8
TS		 1582static int ide_dvd_read_structure(IDEState *s, int format,
1583 const uint8_t *packet, uint8_t *buf)
1584{
1585 switch (format) {
1586 case 0x0: /* Physical format information */
1587 {
1588 int layer = packet[6];
1589 uint64_t total_sectors;
1590
1591 if (layer != 0)
1592 return -ASC_INV_FIELD_IN_CMD_PACKET;
1593
1594 bdrv_get_geometry(s->bs, &total_sectors);
1595 total_sectors >>= 2;
1596 if (total_sectors == 0)
1597 return -ASC_MEDIUM_NOT_PRESENT;
1598
1599 buf[4] = 1; /* DVD-ROM, part version 1 */
1600 buf[5] = 0xf; /* 120mm disc, minimum rate unspecified */
1601 buf[6] = 1; /* one layer, read-only (per MMC-2 spec) */
1602 buf[7] = 0; /* default densities */
1603
1604 /* FIXME: 0x30000 per spec? */
1605 cpu_to_ube32(buf + 8, 0); /* start sector */
1606 cpu_to_ube32(buf + 12, total_sectors - 1); /* end sector */
1607 cpu_to_ube32(buf + 16, total_sectors - 1); /* l0 end sector */
1608
1609 /* Size of buffer, not including 2 byte size field */
1610 cpu_to_be16wu((uint16_t *)buf, 2048 + 2);
1611
1612 /* 2k data + 4 byte header */
1613 return (2048 + 4);
1614 }
1615
1616 case 0x01: /* DVD copyright information */
1617 buf[4] = 0; /* no copyright data */
1618 buf[5] = 0; /* no region restrictions */
1619
1620 /* Size of buffer, not including 2 byte size field */
1621 cpu_to_be16wu((uint16_t *)buf, 4 + 2);
1622
1623 /* 4 byte header + 4 byte data */
1624 return (4 + 4);
1625
1626 case 0x03: /* BCA information - invalid field for no BCA info */
1627 return -ASC_INV_FIELD_IN_CMD_PACKET;
1628
1629 case 0x04: /* DVD disc manufacturing information */
1630 /* Size of buffer, not including 2 byte size field */
1631 cpu_to_be16wu((uint16_t *)buf, 2048 + 2);
1632
1633 /* 2k data + 4 byte header */
1634 return (2048 + 4);
1635
1636 case 0xff:
1637 /*
1638 * This lists all the command capabilities above. Add new ones
1639 * in order and update the length and buffer return values.
1640 */
1641
1642 buf[4] = 0x00; /* Physical format */
1643 buf[5] = 0x40; /* Not writable, is readable */
1644 cpu_to_be16wu((uint16_t *)(buf + 6), 2048 + 4);
1645
1646 buf[8] = 0x01; /* Copyright info */
1647 buf[9] = 0x40; /* Not writable, is readable */
1648 cpu_to_be16wu((uint16_t *)(buf + 10), 4 + 4);
1649
1650 buf[12] = 0x03; /* BCA info */
1651 buf[13] = 0x40; /* Not writable, is readable */
1652 cpu_to_be16wu((uint16_t *)(buf + 14), 188 + 4);
1653
1654 buf[16] = 0x04; /* Manufacturing info */
1655 buf[17] = 0x40; /* Not writable, is readable */
1656 cpu_to_be16wu((uint16_t *)(buf + 18), 2048 + 4);
1657
1658 /* Size of buffer, not including 2 byte size field */
1659 cpu_to_be16wu((uint16_t *)buf, 16 + 2);
1660
1661 /* data written + 4 byte header */
1662 return (16 + 4);
1663
1664 default: /* TODO: formats beyond DVD-ROM requires */
1665 return -ASC_INV_FIELD_IN_CMD_PACKET;
1666 }
1667}
1668
5391d806
FB		 1669static void ide_atapi_cmd(IDEState *s)
1670{
1671 const uint8_t *packet;
1672 uint8_t *buf;
1673 int max_len;
1674
1675 packet = s->io_buffer;
1676 buf = s->io_buffer;
1677#ifdef DEBUG_IDE_ATAPI
1678 {
1679 int i;
1680 printf("ATAPI limit=0x%x packet:", s->lcyl | (s->hcyl << 8));
1681 for(i = 0; i < ATAPI_PACKET_SIZE; i++) {
1682 printf(" %02x", packet[i]);
1683 }
1684 printf("\n");
1685 }
1686#endif
9118e7f0
AL		 1687 /* If there's a UNIT_ATTENTION condition pending, only
1688 REQUEST_SENSE and INQUIRY commands are allowed to complete. */
1689 if (s->sense_key == SENSE_UNIT_ATTENTION &&
1690 s->io_buffer[0] != GPCMD_REQUEST_SENSE &&
1691 s->io_buffer[0] != GPCMD_INQUIRY) {
1692 ide_atapi_cmd_check_status(s);
1693 return;
1694 }
5391d806
FB		 1695 switch(s->io_buffer[0]) {
1696 case GPCMD_TEST_UNIT_READY:
caed8802 1697 if (bdrv_is_inserted(s->bs)) {
5391d806
FB		 1698 ide_atapi_cmd_ok(s);
1699 } else {
5fafdf24 1700 ide_atapi_cmd_error(s, SENSE_NOT_READY,
5391d806
FB		 1701 ASC_MEDIUM_NOT_PRESENT);
1702 }
1703 break;
d14049ea 1704 case GPCMD_MODE_SENSE_6:
5391d806
FB		 1705 case GPCMD_MODE_SENSE_10:
1706 {
1707 int action, code;
d14049ea
TS		 1708 if (packet[0] == GPCMD_MODE_SENSE_10)
1709 max_len = ube16_to_cpu(packet + 7);
1710 else
1711 max_len = packet[4];
5391d806
FB		 1712 action = packet[2] >> 6;
1713 code = packet[2] & 0x3f;
1714 switch(action) {
1715 case 0: /* current values */
1716 switch(code) {
1717 case 0x01: /* error recovery */
1718 cpu_to_ube16(&buf[0], 16 + 6);
1719 buf[2] = 0x70;
1720 buf[3] = 0;
1721 buf[4] = 0;
1722 buf[5] = 0;
1723 buf[6] = 0;
1724 buf[7] = 0;
1725
1726 buf[8] = 0x01;
1727 buf[9] = 0x06;
1728 buf[10] = 0x00;
1729 buf[11] = 0x05;
1730 buf[12] = 0x00;
1731 buf[13] = 0x00;
1732 buf[14] = 0x00;
1733 buf[15] = 0x00;
1734 ide_atapi_cmd_reply(s, 16, max_len);
1735 break;
1736 case 0x2a:
1737 cpu_to_ube16(&buf[0], 28 + 6);
1738 buf[2] = 0x70;
1739 buf[3] = 0;
1740 buf[4] = 0;
1741 buf[5] = 0;
1742 buf[6] = 0;
1743 buf[7] = 0;
1744
1745 buf[8] = 0x2a;
1746 buf[9] = 0x12;
0d4a05a1 1747 buf[10] = 0x00;
5391d806 1748 buf[11] = 0x00;
3b46e624 1749
d5b4eb40
AL		 1750 /* Claim PLAY_AUDIO capability (0x01) since some Linux
1751 code checks for this to automount media. */
1752 buf[12] = 0x71;
5391d806
FB		 1753 buf[13] = 3 << 5;
1754 buf[14] = (1 << 0) | (1 << 3) | (1 << 5);
caed8802 1755 if (bdrv_is_locked(s->bs))
5391d806
FB		 1756 buf[6] |= 1 << 1;
1757 buf[15] = 0x00;
1758 cpu_to_ube16(&buf[16], 706);
1759 buf[18] = 0;
1760 buf[19] = 2;
1761 cpu_to_ube16(&buf[20], 512);
1762 cpu_to_ube16(&buf[22], 706);
1763 buf[24] = 0;
1764 buf[25] = 0;
1765 buf[26] = 0;
1766 buf[27] = 0;
1767 ide_atapi_cmd_reply(s, 28, max_len);
1768 break;
1769 default:
1770 goto error_cmd;
1771 }
1772 break;
1773 case 1: /* changeable values */
1774 goto error_cmd;
1775 case 2: /* default values */
1776 goto error_cmd;
1777 default:
1778 case 3: /* saved values */
5fafdf24 1779 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
5391d806
FB		 1780 ASC_SAVING_PARAMETERS_NOT_SUPPORTED);
1781 break;
1782 }
1783 }
1784 break;
1785 case GPCMD_REQUEST_SENSE:
1786 max_len = packet[4];
1787 memset(buf, 0, 18);
1788 buf[0] = 0x70 | (1 << 7);
1789 buf[2] = s->sense_key;
1790 buf[7] = 10;
1791 buf[12] = s->asc;
9118e7f0
AL		 1792 if (s->sense_key == SENSE_UNIT_ATTENTION)
1793 s->sense_key = SENSE_NONE;
5391d806
FB		 1794 ide_atapi_cmd_reply(s, 18, max_len);
1795 break;
1796 case GPCMD_PREVENT_ALLOW_MEDIUM_REMOVAL:
caed8802
FB		 1797 if (bdrv_is_inserted(s->bs)) {
1798 bdrv_set_locked(s->bs, packet[4] & 1);
5391d806
FB		 1799 ide_atapi_cmd_ok(s);
1800 } else {
5fafdf24 1801 ide_atapi_cmd_error(s, SENSE_NOT_READY,
5391d806
FB		 1802 ASC_MEDIUM_NOT_PRESENT);
1803 }
1804 break;
1805 case GPCMD_READ_10:
1806 case GPCMD_READ_12:
1807 {
1808 int nb_sectors, lba;
1809
5391d806
FB		 1810 if (packet[0] == GPCMD_READ_10)
1811 nb_sectors = ube16_to_cpu(packet + 7);
1812 else
1813 nb_sectors = ube32_to_cpu(packet + 6);
1814 lba = ube32_to_cpu(packet + 2);
1815 if (nb_sectors == 0) {
1816 ide_atapi_cmd_ok(s);
1817 break;
1818 }
98087450
FB		 1819 ide_atapi_cmd_read(s, lba, nb_sectors, 2048);
1820 }
1821 break;
1822 case GPCMD_READ_CD:
1823 {
1824 int nb_sectors, lba, transfer_request;
1825
98087450
FB		 1826 nb_sectors = (packet[6] << 16) | (packet[7] << 8) | packet[8];
1827 lba = ube32_to_cpu(packet + 2);
1828 if (nb_sectors == 0) {
1829 ide_atapi_cmd_ok(s);
1830 break;
1831 }
98087450
FB		 1832 transfer_request = packet[9];
1833 switch(transfer_request & 0xf8) {
1834 case 0x00:
1835 /* nothing */
1836 ide_atapi_cmd_ok(s);
1837 break;
1838 case 0x10:
1839 /* normal read */
1840 ide_atapi_cmd_read(s, lba, nb_sectors, 2048);
1841 break;
1842 case 0xf8:
1843 /* read all data */
1844 ide_atapi_cmd_read(s, lba, nb_sectors, 2352);
1845 break;
1846 default:
5fafdf24 1847 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
98087450
FB		 1848 ASC_INV_FIELD_IN_CMD_PACKET);
1849 break;
1850 }
5391d806
FB		 1851 }
1852 break;
1853 case GPCMD_SEEK:
1854 {
96b8f136
TS		 1855 unsigned int lba;
1856 uint64_t total_sectors;
66c6ef76
FB		 1857
1858 bdrv_get_geometry(s->bs, &total_sectors);
1859 total_sectors >>= 2;
96b8f136 1860 if (total_sectors == 0) {
5fafdf24 1861 ide_atapi_cmd_error(s, SENSE_NOT_READY,
5391d806
FB		 1862 ASC_MEDIUM_NOT_PRESENT);
1863 break;
1864 }
1865 lba = ube32_to_cpu(packet + 2);
66c6ef76 1866 if (lba >= total_sectors) {
5fafdf24 1867 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
5391d806
FB		 1868 ASC_LOGICAL_BLOCK_OOR);
1869 break;
1870 }
1871 ide_atapi_cmd_ok(s);
1872 }
1873 break;
1874 case GPCMD_START_STOP_UNIT:
1875 {
1876 int start, eject;
1877 start = packet[4] & 1;
1878 eject = (packet[4] >> 1) & 1;
3b46e624 1879
caed8802
FB		 1880 if (eject && !start) {
1881 /* eject the disk */
66c6ef76
FB		 1882 bdrv_eject(s->bs, 1);
1883 } else if (eject && start) {
1884 /* close the tray */
1885 bdrv_eject(s->bs, 0);
caed8802 1886 }
5391d806
FB		 1887 ide_atapi_cmd_ok(s);
1888 }
1889 break;
1890 case GPCMD_MECHANISM_STATUS:
1891 {
1892 max_len = ube16_to_cpu(packet + 8);
1893 cpu_to_ube16(buf, 0);
1894 /* no current LBA */
1895 buf[2] = 0;
1896 buf[3] = 0;
1897 buf[4] = 0;
1898 buf[5] = 1;
1899 cpu_to_ube16(buf + 6, 0);
1900 ide_atapi_cmd_reply(s, 8, max_len);
1901 }
1902 break;
1903 case GPCMD_READ_TOC_PMA_ATIP:
1904 {
1905 int format, msf, start_track, len;
96b8f136 1906 uint64_t total_sectors;
5391d806 1907
66c6ef76
FB		 1908 bdrv_get_geometry(s->bs, &total_sectors);
1909 total_sectors >>= 2;
96b8f136 1910 if (total_sectors == 0) {
5fafdf24 1911 ide_atapi_cmd_error(s, SENSE_NOT_READY,
5391d806
FB		 1912 ASC_MEDIUM_NOT_PRESENT);
1913 break;
1914 }
1915 max_len = ube16_to_cpu(packet + 7);
1916 format = packet[9] >> 6;
1917 msf = (packet[1] >> 1) & 1;
1918 start_track = packet[6];
1919 switch(format) {
1920 case 0:
66c6ef76 1921 len = cdrom_read_toc(total_sectors, buf, msf, start_track);
5391d806
FB		 1922 if (len < 0)
1923 goto error_cmd;
1924 ide_atapi_cmd_reply(s, len, max_len);
1925 break;
1926 case 1:
1927 /* multi session : only a single session defined */
1928 memset(buf, 0, 12);
1929 buf[1] = 0x0a;
1930 buf[2] = 0x01;
1931 buf[3] = 0x01;
1932 ide_atapi_cmd_reply(s, 12, max_len);
1933 break;
98087450 1934 case 2:
66c6ef76 1935 len = cdrom_read_toc_raw(total_sectors, buf, msf, start_track);
98087450
FB		 1936 if (len < 0)
1937 goto error_cmd;
1938 ide_atapi_cmd_reply(s, len, max_len);
1939 break;
5391d806 1940 default:
7f777bf3 1941 error_cmd:
5fafdf24 1942 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
7f777bf3
FB		 1943 ASC_INV_FIELD_IN_CMD_PACKET);
1944 break;
5391d806
FB		 1945 }
1946 }
1947 break;
1948 case GPCMD_READ_CDVD_CAPACITY:
66c6ef76 1949 {
96b8f136 1950 uint64_t total_sectors;
66c6ef76
FB		 1951
1952 bdrv_get_geometry(s->bs, &total_sectors);
1953 total_sectors >>= 2;
96b8f136 1954 if (total_sectors == 0) {
5fafdf24 1955 ide_atapi_cmd_error(s, SENSE_NOT_READY,
66c6ef76
FB		 1956 ASC_MEDIUM_NOT_PRESENT);
1957 break;
1958 }
1959 /* NOTE: it is really the number of sectors minus 1 */
1960 cpu_to_ube32(buf, total_sectors - 1);
1961 cpu_to_ube32(buf + 4, 2048);
1962 ide_atapi_cmd_reply(s, 8, 8);
5391d806 1963 }
5391d806 1964 break;
d14049ea
TS		 1965 case GPCMD_READ_DVD_STRUCTURE:
1966 {
1967 int media = packet[1];
8114e9e8
TS		 1968 int format = packet[7];
1969 int ret;
d14049ea 1970
8114e9e8 1971 max_len = ube16_to_cpu(packet + 8);
d14049ea 1972
8114e9e8
TS		 1973 if (format < 0xff) {
1974 if (media_is_cd(s)) {
1975 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1976 ASC_INCOMPATIBLE_FORMAT);
1977 break;
1978 } else if (!media_present(s)) {
1979 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1980 ASC_INV_FIELD_IN_CMD_PACKET);
1981 break;
1982 }
1983 }
d14049ea 1984
8114e9e8
TS		 1985 memset(buf, 0, max_len > IDE_DMA_BUF_SECTORS * 512 + 4 ?
1986 IDE_DMA_BUF_SECTORS * 512 + 4 : max_len);
d14049ea 1987
8114e9e8
TS		 1988 switch (format) {
1989 case 0x00 ... 0x7f:
1990 case 0xff:
1991 if (media == 0) {
1992 ret = ide_dvd_read_structure(s, format, packet, buf);
d14049ea 1993
8114e9e8
TS		 1994 if (ret < 0)
1995 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST, -ret);
1996 else
1997 ide_atapi_cmd_reply(s, ret, max_len);
d14049ea 1998
8114e9e8
TS		 1999 break;
2000 }
2001 /* TODO: BD support, fall through for now */
2002
2003 /* Generic disk structures */
2004 case 0x80: /* TODO: AACS volume identifier */
2005 case 0x81: /* TODO: AACS media serial number */
2006 case 0x82: /* TODO: AACS media identifier */
2007 case 0x83: /* TODO: AACS media key block */
2008 case 0x90: /* TODO: List of recognized format layers */
2009 case 0xc0: /* TODO: Write protection status */
d14049ea
TS		 2010 default:
2011 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
2012 ASC_INV_FIELD_IN_CMD_PACKET);
2013 break;
2014 }
2015 }
2016 break;
2017 case GPCMD_SET_SPEED:
2018 ide_atapi_cmd_ok(s);
2019 break;
bd0d90b2
FB		 2020 case GPCMD_INQUIRY:
2021 max_len = packet[4];
2022 buf[0] = 0x05; /* CD-ROM */
2023 buf[1] = 0x80; /* removable */
2024 buf[2] = 0x00; /* ISO */
2025 buf[3] = 0x21; /* ATAPI-2 (XXX: put ATAPI-4 ?) */
aa1f17c1 2026 buf[4] = 31; /* additional length */
bd0d90b2
FB		 2027 buf[5] = 0; /* reserved */
2028 buf[6] = 0; /* reserved */
2029 buf[7] = 0; /* reserved */
2030 padstr8(buf + 8, 8, "QEMU");
38cdea7c 2031 padstr8(buf + 16, 16, "QEMU DVD-ROM");
bd0d90b2
FB		 2032 padstr8(buf + 32, 4, QEMU_VERSION);
2033 ide_atapi_cmd_reply(s, 36, max_len);
2034 break;
d14049ea
TS		 2035 case GPCMD_GET_CONFIGURATION:
2036 {
38cdea7c 2037 uint32_t len;
091d055b 2038 uint8_t index = 0;
d14049ea
TS		 2039
2040 /* only feature 0 is supported */
2041 if (packet[2] != 0 || packet[3] != 0) {
2042 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
2043 ASC_INV_FIELD_IN_CMD_PACKET);
2044 break;
2045 }
38cdea7c
AZ		 2046
2047 /* XXX: could result in alignment problems in some architectures */
2048 max_len = ube16_to_cpu(packet + 7);
091d055b 2049
38cdea7c 2050 /*
091d055b
AZ		 2051 * XXX: avoid overflow for io_buffer if max_len is bigger than
2052 * the size of that buffer (dimensioned to max number of
2053 * sectors to transfer at once)
38cdea7c 2054 *
091d055b 2055 * Only a problem if the feature/profiles grow.
38cdea7c
AZ		 2056 */
2057 if (max_len > 512) /* XXX: assume 1 sector */
2058 max_len = 512;
2059
2060 memset(buf, 0, max_len);
2061 /*
2062 * the number of sectors from the media tells us which profile
2063 * to use as current. 0 means there is no media
38cdea7c 2064 */
8114e9e8
TS		 2065 if (media_is_dvd(s))
2066 cpu_to_ube16(buf + 6, MMC_PROFILE_DVD_ROM);
2067 else if (media_is_cd(s))
2068 cpu_to_ube16(buf + 6, MMC_PROFILE_CD_ROM);
38cdea7c 2069
091d055b
AZ		 2070 buf[10] = 0x02 | 0x01; /* persistent and current */
2071 len = 12; /* headers: 8 + 4 */
2072 len += ide_atapi_set_profile(buf, &index, MMC_PROFILE_DVD_ROM);
2073 len += ide_atapi_set_profile(buf, &index, MMC_PROFILE_CD_ROM);
38cdea7c
AZ		 2074 cpu_to_ube32(buf, len - 4); /* data length */
2075
2076 ide_atapi_cmd_reply(s, len, max_len);
d14049ea
TS		 2077 break;
2078 }
5391d806 2079 default:
5fafdf24 2080 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
7f777bf3 2081 ASC_ILLEGAL_OPCODE);
5391d806
FB		 2082 break;
2083 }
2084}
2085
201a51fc
AZ		 2086static void ide_cfata_metadata_inquiry(IDEState *s)
2087{
2088 uint16_t *p;
2089 uint32_t spd;
2090
2091 p = (uint16_t *) s->io_buffer;
2092 memset(p, 0, 0x200);
2093 spd = ((s->mdata_size - 1) >> 9) + 1;
2094
2095 put_le16(p + 0, 0x0001); /* Data format revision */
2096 put_le16(p + 1, 0x0000); /* Media property: silicon */
2097 put_le16(p + 2, s->media_changed); /* Media status */
2098 put_le16(p + 3, s->mdata_size & 0xffff); /* Capacity in bytes (low) */
2099 put_le16(p + 4, s->mdata_size >> 16); /* Capacity in bytes (high) */
2100 put_le16(p + 5, spd & 0xffff); /* Sectors per device (low) */
2101 put_le16(p + 6, spd >> 16); /* Sectors per device (high) */
2102}
2103
2104static void ide_cfata_metadata_read(IDEState *s)
2105{
2106 uint16_t *p;
2107
2108 if (((s->hcyl << 16) | s->lcyl) << 9 > s->mdata_size + 2) {
2109 s->status = ERR_STAT;
2110 s->error = ABRT_ERR;
2111 return;
2112 }
2113
2114 p = (uint16_t *) s->io_buffer;
2115 memset(p, 0, 0x200);
2116
2117 put_le16(p + 0, s->media_changed); /* Media status */
2118 memcpy(p + 1, s->mdata_storage + (((s->hcyl << 16) | s->lcyl) << 9),
2119 MIN(MIN(s->mdata_size - (((s->hcyl << 16) | s->lcyl) << 9),
2120 s->nsector << 9), 0x200 - 2));
2121}
2122
2123static void ide_cfata_metadata_write(IDEState *s)
2124{
2125 if (((s->hcyl << 16) | s->lcyl) << 9 > s->mdata_size + 2) {
2126 s->status = ERR_STAT;
2127 s->error = ABRT_ERR;
2128 return;
2129 }
2130
2131 s->media_changed = 0;
2132
2133 memcpy(s->mdata_storage + (((s->hcyl << 16) | s->lcyl) << 9),
2134 s->io_buffer + 2,
2135 MIN(MIN(s->mdata_size - (((s->hcyl << 16) | s->lcyl) << 9),
2136 s->nsector << 9), 0x200 - 2));
2137}
2138
bd491d6a
TS		 2139/* called when the inserted state of the media has changed */
2140static void cdrom_change_cb(void *opaque)
2141{
2142 IDEState *s = opaque;
96b8f136 2143 uint64_t nb_sectors;
bd491d6a 2144
bd491d6a
TS		 2145 bdrv_get_geometry(s->bs, &nb_sectors);
2146 s->nb_sectors = nb_sectors;
9118e7f0
AL		 2147
2148 s->sense_key = SENSE_UNIT_ATTENTION;
2149 s->asc = ASC_MEDIUM_MAY_HAVE_CHANGED;
2150
2151 ide_set_irq(s);
bd491d6a
TS		 2152}
2153
c2ff060f
FB		 2154static void ide_cmd_lba48_transform(IDEState *s, int lba48)
2155{
2156 s->lba48 = lba48;
2157
2158 /* handle the 'magic' 0 nsector count conversion here. to avoid
2159 * fiddling with the rest of the read logic, we just store the
2160 * full sector count in ->nsector and ignore ->hob_nsector from now
2161 */
2162 if (!s->lba48) {
2163 if (!s->nsector)
2164 s->nsector = 256;
2165 } else {
2166 if (!s->nsector && !s->hob_nsector)
2167 s->nsector = 65536;
2168 else {
2169 int lo = s->nsector;
2170 int hi = s->hob_nsector;
2171
2172 s->nsector = (hi << 8) | lo;
2173 }
2174 }
2175}
2176
2177static void ide_clear_hob(IDEState *ide_if)
2178{
2179 /* any write clears HOB high bit of device control register */
2180 ide_if[0].select &= ~(1 << 7);
2181 ide_if[1].select &= ~(1 << 7);
2182}
2183
caed8802
FB		 2184static void ide_ioport_write(void *opaque, uint32_t addr, uint32_t val)
2185{
2186 IDEState *ide_if = opaque;
c45c3d00 2187 IDEState *s;
5391d806 2188 int unit, n;
c2ff060f 2189 int lba48 = 0;
5391d806
FB		 2190
2191#ifdef DEBUG_IDE
2192 printf("IDE: write addr=0x%x val=0x%02x\n", addr, val);
2193#endif
c2ff060f 2194
5391d806 2195 addr &= 7;
fcdd25ab
AL		 2196
2197 /* ignore writes to command block while busy with previous command */
2198 if (addr != 7 && (ide_if->cur_drive->status & (BUSY_STAT|DRQ_STAT)))
2199 return;
2200
5391d806
FB		 2201 switch(addr) {
2202 case 0:
2203 break;
2204 case 1:
c2ff060f 2205 ide_clear_hob(ide_if);
c45c3d00 2206 /* NOTE: data is written to the two drives */
c2ff060f
FB		 2207 ide_if[0].hob_feature = ide_if[0].feature;
2208 ide_if[1].hob_feature = ide_if[1].feature;
c45c3d00
FB		 2209 ide_if[0].feature = val;
2210 ide_if[1].feature = val;
5391d806
FB		 2211 break;
2212 case 2:
c2ff060f
FB		 2213 ide_clear_hob(ide_if);
2214 ide_if[0].hob_nsector = ide_if[0].nsector;
2215 ide_if[1].hob_nsector = ide_if[1].nsector;
c45c3d00
FB		 2216 ide_if[0].nsector = val;
2217 ide_if[1].nsector = val;
5391d806
FB		 2218 break;
2219 case 3:
c2ff060f
FB		 2220 ide_clear_hob(ide_if);
2221 ide_if[0].hob_sector = ide_if[0].sector;
2222 ide_if[1].hob_sector = ide_if[1].sector;
c45c3d00
FB		 2223 ide_if[0].sector = val;
2224 ide_if[1].sector = val;
5391d806
FB		 2225 break;
2226 case 4:
c2ff060f
FB		 2227 ide_clear_hob(ide_if);
2228 ide_if[0].hob_lcyl = ide_if[0].lcyl;
2229 ide_if[1].hob_lcyl = ide_if[1].lcyl;
c45c3d00
FB		 2230 ide_if[0].lcyl = val;
2231 ide_if[1].lcyl = val;
5391d806
FB		 2232 break;
2233 case 5:
c2ff060f
FB		 2234 ide_clear_hob(ide_if);
2235 ide_if[0].hob_hcyl = ide_if[0].hcyl;
2236 ide_if[1].hob_hcyl = ide_if[1].hcyl;
c45c3d00
FB		 2237 ide_if[0].hcyl = val;
2238 ide_if[1].hcyl = val;
5391d806
FB		 2239 break;
2240 case 6:
c2ff060f 2241 /* FIXME: HOB readback uses bit 7 */
7ae98627
FB		 2242 ide_if[0].select = (val & ~0x10) | 0xa0;
2243 ide_if[1].select = (val | 0x10) | 0xa0;
5391d806
FB		 2244 /* select drive */
2245 unit = (val >> 4) & 1;
2246 s = ide_if + unit;
2247 ide_if->cur_drive = s;
5391d806
FB		 2248 break;
2249 default:
2250 case 7:
2251 /* command */
2252#if defined(DEBUG_IDE)
2253 printf("ide: CMD=%02x\n", val);
2254#endif
c45c3d00 2255 s = ide_if->cur_drive;
66201e2d 2256 /* ignore commands to non existant slave */
5fafdf24 2257 if (s != ide_if && !s->bs)
66201e2d 2258 break;
c2ff060f 2259
fcdd25ab
AL		 2260 /* Only DEVICE RESET is allowed while BSY or/and DRQ are set */
2261 if ((s->status & (BUSY_STAT|DRQ_STAT)) && val != WIN_DEVICE_RESET)
2262 break;
2263
5391d806
FB		 2264 switch(val) {
2265 case WIN_IDENTIFY:
2266 if (s->bs && !s->is_cdrom) {
201a51fc
AZ		 2267 if (!s->is_cf)
2268 ide_identify(s);
2269 else
2270 ide_cfata_identify(s);
2a282056 2271 s->status = READY_STAT | SEEK_STAT;
5391d806
FB		 2272 ide_transfer_start(s, s->io_buffer, 512, ide_transfer_stop);
2273 } else {
2274 if (s->is_cdrom) {
2275 ide_set_signature(s);
2276 }
2277 ide_abort_command(s);
2278 }
2279 ide_set_irq(s);
2280 break;
2281 case WIN_SPECIFY:
2282 case WIN_RECAL:
a136e5a8 2283 s->error = 0;
769bec72 2284 s->status = READY_STAT | SEEK_STAT;
5391d806
FB		 2285 ide_set_irq(s);
2286 break;
2287 case WIN_SETMULT:
201a51fc
AZ		 2288 if (s->is_cf && s->nsector == 0) {
2289 /* Disable Read and Write Multiple */
2290 s->mult_sectors = 0;
41a2b959 2291 s->status = READY_STAT | SEEK_STAT;
201a51fc 2292 } else if ((s->nsector & 0xff) != 0 &&
39dfc926
TS		 2293 ((s->nsector & 0xff) > MAX_MULT_SECTORS ||
2294 (s->nsector & (s->nsector - 1)) != 0)) {
5391d806
FB		 2295 ide_abort_command(s);
2296 } else {
292eef5a 2297 s->mult_sectors = s->nsector & 0xff;
41a2b959 2298 s->status = READY_STAT | SEEK_STAT;
5391d806
FB		 2299 }
2300 ide_set_irq(s);
2301 break;
c2ff060f
FB		 2302 case WIN_VERIFY_EXT:
2303 lba48 = 1;
4ce900b4
FB		 2304 case WIN_VERIFY:
2305 case WIN_VERIFY_ONCE:
2306 /* do sector number check ? */
c2ff060f 2307 ide_cmd_lba48_transform(s, lba48);
41a2b959 2308 s->status = READY_STAT | SEEK_STAT;
4ce900b4
FB		 2309 ide_set_irq(s);
2310 break;
c2ff060f
FB		 2311 case WIN_READ_EXT:
2312 lba48 = 1;
5391d806
FB		 2313 case WIN_READ:
2314 case WIN_READ_ONCE:
5fafdf24 2315 if (!s->bs)
6b136f9e 2316 goto abort_cmd;
c2ff060f 2317 ide_cmd_lba48_transform(s, lba48);
5391d806
FB		 2318 s->req_nb_sectors = 1;
2319 ide_sector_read(s);
2320 break;
c2ff060f
FB		 2321 case WIN_WRITE_EXT:
2322 lba48 = 1;
5391d806
FB		 2323 case WIN_WRITE:
2324 case WIN_WRITE_ONCE:
201a51fc
AZ		 2325 case CFA_WRITE_SECT_WO_ERASE:
2326 case WIN_WRITE_VERIFY:
c2ff060f 2327 ide_cmd_lba48_transform(s, lba48);
a136e5a8 2328 s->error = 0;
f66723fa 2329 s->status = SEEK_STAT | READY_STAT;
5391d806
FB		 2330 s->req_nb_sectors = 1;
2331 ide_transfer_start(s, s->io_buffer, 512, ide_sector_write);
201a51fc 2332 s->media_changed = 1;
5391d806 2333 break;
c2ff060f
FB		 2334 case WIN_MULTREAD_EXT:
2335 lba48 = 1;
5391d806
FB		 2336 case WIN_MULTREAD:
2337 if (!s->mult_sectors)
2338 goto abort_cmd;
c2ff060f 2339 ide_cmd_lba48_transform(s, lba48);
5391d806
FB		 2340 s->req_nb_sectors = s->mult_sectors;
2341 ide_sector_read(s);
2342 break;
c2ff060f
FB		 2343 case WIN_MULTWRITE_EXT:
2344 lba48 = 1;
5391d806 2345 case WIN_MULTWRITE:
201a51fc 2346 case CFA_WRITE_MULTI_WO_ERASE:
5391d806
FB		 2347 if (!s->mult_sectors)
2348 goto abort_cmd;
c2ff060f 2349 ide_cmd_lba48_transform(s, lba48);
a136e5a8 2350 s->error = 0;
f66723fa 2351 s->status = SEEK_STAT | READY_STAT;
5391d806
FB		 2352 s->req_nb_sectors = s->mult_sectors;
2353 n = s->nsector;
2354 if (n > s->req_nb_sectors)
2355 n = s->req_nb_sectors;
2356 ide_transfer_start(s, s->io_buffer, 512 * n, ide_sector_write);
201a51fc 2357 s->media_changed = 1;
5391d806 2358 break;
c2ff060f
FB		 2359 case WIN_READDMA_EXT:
2360 lba48 = 1;
98087450
FB		 2361 case WIN_READDMA:
2362 case WIN_READDMA_ONCE:
5fafdf24 2363 if (!s->bs)
98087450 2364 goto abort_cmd;
c2ff060f 2365 ide_cmd_lba48_transform(s, lba48);
98087450
FB		 2366 ide_sector_read_dma(s);
2367 break;
c2ff060f
FB		 2368 case WIN_WRITEDMA_EXT:
2369 lba48 = 1;
98087450
FB		 2370 case WIN_WRITEDMA:
2371 case WIN_WRITEDMA_ONCE:
5fafdf24 2372 if (!s->bs)
98087450 2373 goto abort_cmd;
c2ff060f 2374 ide_cmd_lba48_transform(s, lba48);
98087450 2375 ide_sector_write_dma(s);
201a51fc 2376 s->media_changed = 1;
98087450 2377 break;
c2ff060f
FB		 2378 case WIN_READ_NATIVE_MAX_EXT:
2379 lba48 = 1;
5391d806 2380 case WIN_READ_NATIVE_MAX:
c2ff060f 2381 ide_cmd_lba48_transform(s, lba48);
5391d806 2382 ide_set_sector(s, s->nb_sectors - 1);
41a2b959 2383 s->status = READY_STAT | SEEK_STAT;
5391d806
FB		 2384 ide_set_irq(s);
2385 break;
a136e5a8 2386 case WIN_CHECKPOWERMODE1:
201a51fc 2387 case WIN_CHECKPOWERMODE2:
a136e5a8 2388 s->nsector = 0xff; /* device active or idle */
41a2b959 2389 s->status = READY_STAT | SEEK_STAT;
a136e5a8
FB		 2390 ide_set_irq(s);
2391 break;
34e538ae
FB		 2392 case WIN_SETFEATURES:
2393 if (!s->bs)
2394 goto abort_cmd;
2395 /* XXX: valid for CDROM ? */
2396 switch(s->feature) {
e1f63470
TS		 2397 case 0xcc: /* reverting to power-on defaults enable */
2398 case 0x66: /* reverting to power-on defaults disable */
34e538ae
FB		 2399 case 0x02: /* write cache enable */
2400 case 0x82: /* write cache disable */
2401 case 0xaa: /* read look-ahead enable */
2402 case 0x55: /* read look-ahead disable */
201a51fc
AZ		 2403 case 0x05: /* set advanced power management mode */
2404 case 0x85: /* disable advanced power management mode */
2405 case 0x69: /* NOP */
2406 case 0x67: /* NOP */
2407 case 0x96: /* NOP */
2408 case 0x9a: /* NOP */
c3e88d8c
TS		 2409 case 0x42: /* enable Automatic Acoustic Mode */
2410 case 0xc2: /* disable Automatic Acoustic Mode */
e0fe67aa 2411 s->status = READY_STAT | SEEK_STAT;
34e538ae
FB		 2412 ide_set_irq(s);
2413 break;
94458802
FB		 2414 case 0x03: { /* set transfer mode */
2415 uint8_t val = s->nsector & 0x07;
2416
2417 switch (s->nsector >> 3) {
2418 case 0x00: /* pio default */
2419 case 0x01: /* pio mode */
d1b5c20d
TS		 2420 put_le16(s->identify_data + 62,0x07);
2421 put_le16(s->identify_data + 63,0x07);
2422 put_le16(s->identify_data + 88,0x3f);
2423 break;
2424 case 0x02: /* sigle word dma mode*/
2425 put_le16(s->identify_data + 62,0x07 | (1 << (val + 8)));
94458802
FB		 2426 put_le16(s->identify_data + 63,0x07);
2427 put_le16(s->identify_data + 88,0x3f);
2428 break;
2429 case 0x04: /* mdma mode */
d1b5c20d 2430 put_le16(s->identify_data + 62,0x07);
94458802
FB		 2431 put_le16(s->identify_data + 63,0x07 | (1 << (val + 8)));
2432 put_le16(s->identify_data + 88,0x3f);
2433 break;
2434 case 0x08: /* udma mode */
d1b5c20d 2435 put_le16(s->identify_data + 62,0x07);
94458802
FB		 2436 put_le16(s->identify_data + 63,0x07);
2437 put_le16(s->identify_data + 88,0x3f | (1 << (val + 8)));
2438 break;
2439 default:
2440 goto abort_cmd;
2441 }
2442 s->status = READY_STAT | SEEK_STAT;
2443 ide_set_irq(s);
2444 break;
2445 }
34e538ae
FB		 2446 default:
2447 goto abort_cmd;
2448 }
2449 break;
c2ff060f
FB		 2450 case WIN_FLUSH_CACHE:
2451 case WIN_FLUSH_CACHE_EXT:
7a6cba61
PB		 2452 if (s->bs)
2453 bdrv_flush(s->bs);
41a2b959 2454 s->status = READY_STAT | SEEK_STAT;
7a6cba61
PB		 2455 ide_set_irq(s);
2456 break;
c3e88d8c
TS		 2457 case WIN_STANDBY:
2458 case WIN_STANDBY2:
2459 case WIN_STANDBYNOW1:
201a51fc 2460 case WIN_STANDBYNOW2:
c451ee71 2461 case WIN_IDLEIMMEDIATE:
201a51fc
AZ		 2462 case CFA_IDLEIMMEDIATE:
2463 case WIN_SETIDLE1:
2464 case WIN_SETIDLE2:
c3e88d8c
TS		 2465 case WIN_SLEEPNOW1:
2466 case WIN_SLEEPNOW2:
2467 s->status = READY_STAT;
a7dfe172
FB		 2468 ide_set_irq(s);
2469 break;
4fbfcd6d
AJ		 2470 case WIN_SEEK:
2471 if(s->is_cdrom)
2472 goto abort_cmd;
2473 /* XXX: Check that seek is within bounds */
2474 s->status = READY_STAT | SEEK_STAT;
2475 ide_set_irq(s);
2476 break;
5391d806
FB		 2477 /* ATAPI commands */
2478 case WIN_PIDENTIFY:
2479 if (s->is_cdrom) {
2480 ide_atapi_identify(s);
1298fe63 2481 s->status = READY_STAT | SEEK_STAT;
5391d806
FB		 2482 ide_transfer_start(s, s->io_buffer, 512, ide_transfer_stop);
2483 } else {
2484 ide_abort_command(s);
2485 }
2486 ide_set_irq(s);
2487 break;
c451ee71
FB		 2488 case WIN_DIAGNOSE:
2489 ide_set_signature(s);
33256a25
AL		 2490 if (s->is_cdrom)
2491 s->status = 0; /* ATAPI spec (v6) section 9.10 defines packet
2492 * devices to return a clear status register
2493 * with READY_STAT *not* set. */
2494 else
2495 s->status = READY_STAT | SEEK_STAT;
2496 s->error = 0x01; /* Device 0 passed, Device 1 passed or not
2497 * present.
2498 */
f5fdd0a8 2499 ide_set_irq(s);
c451ee71 2500 break;
5391d806
FB		 2501 case WIN_SRST:
2502 if (!s->is_cdrom)
2503 goto abort_cmd;
2504 ide_set_signature(s);
6b136f9e 2505 s->status = 0x00; /* NOTE: READY is _not_ set */
5391d806
FB		 2506 s->error = 0x01;
2507 break;
2508 case WIN_PACKETCMD:
2509 if (!s->is_cdrom)
2510 goto abort_cmd;
98087450
FB		 2511 /* overlapping commands not supported */
2512 if (s->feature & 0x02)
5391d806 2513 goto abort_cmd;
41a2b959 2514 s->status = READY_STAT | SEEK_STAT;
98087450 2515 s->atapi_dma = s->feature & 1;
5391d806 2516 s->nsector = 1;
5fafdf24 2517 ide_transfer_start(s, s->io_buffer, ATAPI_PACKET_SIZE,
5391d806
FB		 2518 ide_atapi_cmd);
2519 break;
201a51fc
AZ		 2520 /* CF-ATA commands */
2521 case CFA_REQ_EXT_ERROR_CODE:
2522 if (!s->is_cf)
2523 goto abort_cmd;
2524 s->error = 0x09; /* miscellaneous error */
41a2b959 2525 s->status = READY_STAT | SEEK_STAT;
201a51fc
AZ		 2526 ide_set_irq(s);
2527 break;
2528 case CFA_ERASE_SECTORS:
2529 case CFA_WEAR_LEVEL:
2530 if (!s->is_cf)
2531 goto abort_cmd;
2532 if (val == CFA_WEAR_LEVEL)
2533 s->nsector = 0;
2534 if (val == CFA_ERASE_SECTORS)
2535 s->media_changed = 1;
2536 s->error = 0x00;
41a2b959 2537 s->status = READY_STAT | SEEK_STAT;
201a51fc
AZ		 2538 ide_set_irq(s);
2539 break;
2540 case CFA_TRANSLATE_SECTOR:
2541 if (!s->is_cf)
2542 goto abort_cmd;
2543 s->error = 0x00;
41a2b959 2544 s->status = READY_STAT | SEEK_STAT;
201a51fc
AZ		 2545 memset(s->io_buffer, 0, 0x200);
2546 s->io_buffer[0x00] = s->hcyl; /* Cyl MSB */
2547 s->io_buffer[0x01] = s->lcyl; /* Cyl LSB */
2548 s->io_buffer[0x02] = s->select; /* Head */
2549 s->io_buffer[0x03] = s->sector; /* Sector */
2550 s->io_buffer[0x04] = ide_get_sector(s) >> 16; /* LBA MSB */
2551 s->io_buffer[0x05] = ide_get_sector(s) >> 8; /* LBA */
2552 s->io_buffer[0x06] = ide_get_sector(s) >> 0; /* LBA LSB */
2553 s->io_buffer[0x13] = 0x00; /* Erase flag */
2554 s->io_buffer[0x18] = 0x00; /* Hot count */
2555 s->io_buffer[0x19] = 0x00; /* Hot count */
2556 s->io_buffer[0x1a] = 0x01; /* Hot count */
2557 ide_transfer_start(s, s->io_buffer, 0x200, ide_transfer_stop);
2558 ide_set_irq(s);
2559 break;
2560 case CFA_ACCESS_METADATA_STORAGE:
2561 if (!s->is_cf)
2562 goto abort_cmd;
2563 switch (s->feature) {
2564 case 0x02: /* Inquiry Metadata Storage */
2565 ide_cfata_metadata_inquiry(s);
2566 break;
2567 case 0x03: /* Read Metadata Storage */
2568 ide_cfata_metadata_read(s);
2569 break;
2570 case 0x04: /* Write Metadata Storage */
2571 ide_cfata_metadata_write(s);
2572 break;
2573 default:
2574 goto abort_cmd;
2575 }
2576 ide_transfer_start(s, s->io_buffer, 0x200, ide_transfer_stop);
2577 s->status = 0x00; /* NOTE: READY is _not_ set */
2578 ide_set_irq(s);
2579 break;
2580 case IBM_SENSE_CONDITION:
2581 if (!s->is_cf)
2582 goto abort_cmd;
2583 switch (s->feature) {
2584 case 0x01: /* sense temperature in device */
2585 s->nsector = 0x50; /* +20 C */
2586 break;
2587 default:
2588 goto abort_cmd;
2589 }
41a2b959 2590 s->status = READY_STAT | SEEK_STAT;
201a51fc
AZ		 2591 ide_set_irq(s);
2592 break;
5391d806
FB		 2593 default:
2594 abort_cmd:
2595 ide_abort_command(s);
2596 ide_set_irq(s);
2597 break;
2598 }
2599 }
2600}
2601
caed8802 2602static uint32_t ide_ioport_read(void *opaque, uint32_t addr1)
5391d806 2603{
7ae98627
FB		 2604 IDEState *ide_if = opaque;
2605 IDEState *s = ide_if->cur_drive;
5391d806 2606 uint32_t addr;
c2ff060f 2607 int ret, hob;
5391d806
FB		 2608
2609 addr = addr1 & 7;
c2ff060f
FB		 2610 /* FIXME: HOB readback uses bit 7, but it's always set right now */
2611 //hob = s->select & (1 << 7);
2612 hob = 0;
5391d806
FB		 2613 switch(addr) {
2614 case 0:
2615 ret = 0xff;
2616 break;
2617 case 1:
c45ca54f
AL		 2618 if ((!ide_if[0].bs && !ide_if[1].bs) ||
2619 (s != ide_if && !s->bs))
c45c3d00 2620 ret = 0;
c2ff060f 2621 else if (!hob)
c45c3d00 2622 ret = s->error;
c2ff060f
FB		 2623 else
2624 ret = s->hob_feature;
5391d806
FB		 2625 break;
2626 case 2:
7ae98627 2627 if (!ide_if[0].bs && !ide_if[1].bs)
c45c3d00 2628 ret = 0;
c2ff060f 2629 else if (!hob)
c45c3d00 2630 ret = s->nsector & 0xff;
c2ff060f
FB		 2631 else
2632 ret = s->hob_nsector;
5391d806
FB		 2633 break;
2634 case 3:
7ae98627 2635 if (!ide_if[0].bs && !ide_if[1].bs)
c45c3d00 2636 ret = 0;
c2ff060f 2637 else if (!hob)
c45c3d00 2638 ret = s->sector;
c2ff060f
FB		 2639 else
2640 ret = s->hob_sector;
5391d806
FB		 2641 break;
2642 case 4:
7ae98627 2643 if (!ide_if[0].bs && !ide_if[1].bs)
c45c3d00 2644 ret = 0;
c2ff060f 2645 else if (!hob)
c45c3d00 2646 ret = s->lcyl;
c2ff060f
FB		 2647 else
2648 ret = s->hob_lcyl;
5391d806
FB		 2649 break;
2650 case 5:
7ae98627 2651 if (!ide_if[0].bs && !ide_if[1].bs)
c45c3d00 2652 ret = 0;
c2ff060f 2653 else if (!hob)
c45c3d00 2654 ret = s->hcyl;
c2ff060f
FB		 2655 else
2656 ret = s->hob_hcyl;
5391d806
FB		 2657 break;
2658 case 6:
7ae98627 2659 if (!ide_if[0].bs && !ide_if[1].bs)
c45c3d00
FB		 2660 ret = 0;
2661 else
7ae98627 2662 ret = s->select;
5391d806
FB		 2663 break;
2664 default:
2665 case 7:
66201e2d
FB		 2666 if ((!ide_if[0].bs && !ide_if[1].bs) ||
2667 (s != ide_if && !s->bs))
c45c3d00
FB		 2668 ret = 0;
2669 else
2670 ret = s->status;
d537cf6c 2671 qemu_irq_lower(s->irq);
5391d806
FB		 2672 break;
2673 }
2674#ifdef DEBUG_IDE
2675 printf("ide: read addr=0x%x val=%02x\n", addr1, ret);
2676#endif
2677 return ret;
2678}
2679
caed8802 2680static uint32_t ide_status_read(void *opaque, uint32_t addr)
5391d806 2681{
7ae98627
FB		 2682 IDEState *ide_if = opaque;
2683 IDEState *s = ide_if->cur_drive;
5391d806 2684 int ret;
7ae98627 2685
66201e2d
FB		 2686 if ((!ide_if[0].bs && !ide_if[1].bs) ||
2687 (s != ide_if && !s->bs))
7ae98627
FB		 2688 ret = 0;
2689 else
2690 ret = s->status;
5391d806
FB		 2691#ifdef DEBUG_IDE
2692 printf("ide: read status addr=0x%x val=%02x\n", addr, ret);
2693#endif
2694 return ret;
2695}
2696
caed8802 2697static void ide_cmd_write(void *opaque, uint32_t addr, uint32_t val)
5391d806 2698{
caed8802 2699 IDEState *ide_if = opaque;
5391d806
FB		 2700 IDEState *s;
2701 int i;
2702
2703#ifdef DEBUG_IDE
2704 printf("ide: write control addr=0x%x val=%02x\n", addr, val);
2705#endif
2706 /* common for both drives */
2707 if (!(ide_if[0].cmd & IDE_CMD_RESET) &&
2708 (val & IDE_CMD_RESET)) {
2709 /* reset low to high */
2710 for(i = 0;i < 2; i++) {
2711 s = &ide_if[i];
2712 s->status = BUSY_STAT | SEEK_STAT;
2713 s->error = 0x01;
2714 }
2715 } else if ((ide_if[0].cmd & IDE_CMD_RESET) &&
2716 !(val & IDE_CMD_RESET)) {
2717 /* high to low */
2718 for(i = 0;i < 2; i++) {
2719 s = &ide_if[i];
6b136f9e
FB		 2720 if (s->is_cdrom)
2721 s->status = 0x00; /* NOTE: READY is _not_ set */
2722 else
56bf1d37 2723 s->status = READY_STAT | SEEK_STAT;
5391d806
FB		 2724 ide_set_signature(s);
2725 }
2726 }
2727
2728 ide_if[0].cmd = val;
2729 ide_if[1].cmd = val;
2730}
2731
caed8802 2732static void ide_data_writew(void *opaque, uint32_t addr, uint32_t val)
5391d806 2733{
caed8802 2734 IDEState *s = ((IDEState *)opaque)->cur_drive;
5391d806
FB		 2735 uint8_t *p;
2736
fcdd25ab
AL		 2737 /* PIO data access allowed only when DRQ bit is set */
2738 if (!(s->status & DRQ_STAT))
2739 return;
2740
5391d806 2741 p = s->data_ptr;
0c4ad8dc 2742 *(uint16_t *)p = le16_to_cpu(val);
5391d806
FB		 2743 p += 2;
2744 s->data_ptr = p;
2745 if (p >= s->data_end)
2746 s->end_transfer_func(s);
2747}
2748
caed8802 2749static uint32_t ide_data_readw(void *opaque, uint32_t addr)
5391d806 2750{
caed8802 2751 IDEState *s = ((IDEState *)opaque)->cur_drive;
5391d806
FB		 2752 uint8_t *p;
2753 int ret;
fcdd25ab
AL		 2754
2755 /* PIO data access allowed only when DRQ bit is set */
2756 if (!(s->status & DRQ_STAT))
2757 return 0;
2758
5391d806 2759 p = s->data_ptr;
0c4ad8dc 2760 ret = cpu_to_le16(*(uint16_t *)p);
5391d806
FB		 2761 p += 2;
2762 s->data_ptr = p;
2763 if (p >= s->data_end)
2764 s->end_transfer_func(s);
2765 return ret;
2766}
2767
caed8802 2768static void ide_data_writel(void *opaque, uint32_t addr, uint32_t val)
5391d806 2769{
caed8802 2770 IDEState *s = ((IDEState *)opaque)->cur_drive;
5391d806
FB		 2771 uint8_t *p;
2772
fcdd25ab
AL		 2773 /* PIO data access allowed only when DRQ bit is set */
2774 if (!(s->status & DRQ_STAT))
2775 return;
2776
5391d806 2777 p = s->data_ptr;
0c4ad8dc 2778 *(uint32_t *)p = le32_to_cpu(val);
5391d806
FB		 2779 p += 4;
2780 s->data_ptr = p;
2781 if (p >= s->data_end)
2782 s->end_transfer_func(s);
2783}
2784
caed8802 2785static uint32_t ide_data_readl(void *opaque, uint32_t addr)
5391d806 2786{
caed8802 2787 IDEState *s = ((IDEState *)opaque)->cur_drive;
5391d806
FB		 2788 uint8_t *p;
2789 int ret;
3b46e624 2790
fcdd25ab
AL		 2791 /* PIO data access allowed only when DRQ bit is set */
2792 if (!(s->status & DRQ_STAT))
2793 return 0;
2794
5391d806 2795 p = s->data_ptr;
0c4ad8dc 2796 ret = cpu_to_le32(*(uint32_t *)p);
5391d806
FB		 2797 p += 4;
2798 s->data_ptr = p;
2799 if (p >= s->data_end)
2800 s->end_transfer_func(s);
2801 return ret;
2802}
2803
a7dfe172
FB		 2804static void ide_dummy_transfer_stop(IDEState *s)
2805{
2806 s->data_ptr = s->io_buffer;
2807 s->data_end = s->io_buffer;
2808 s->io_buffer[0] = 0xff;
2809 s->io_buffer[1] = 0xff;
2810 s->io_buffer[2] = 0xff;
2811 s->io_buffer[3] = 0xff;
2812}
2813
5391d806
FB		 2814static void ide_reset(IDEState *s)
2815{
201a51fc
AZ		 2816 if (s->is_cf)
2817 s->mult_sectors = 0;
2818 else
2819 s->mult_sectors = MAX_MULT_SECTORS;
5391d806
FB		 2820 s->cur_drive = s;
2821 s->select = 0xa0;
41a2b959 2822 s->status = READY_STAT | SEEK_STAT;
5391d806 2823 ide_set_signature(s);
a7dfe172
FB		 2824 /* init the transfer handler so that 0xffff is returned on data
2825 accesses */
2826 s->end_transfer_func = ide_dummy_transfer_stop;
2827 ide_dummy_transfer_stop(s);
201a51fc 2828 s->media_changed = 0;
5391d806
FB		 2829}
2830
5457c8ce
FB		 2831static void ide_init2(IDEState *ide_state,
2832 BlockDriverState *hd0, BlockDriverState *hd1,
d537cf6c 2833 qemu_irq irq)
5391d806 2834{
69b91039 2835 IDEState *s;
aedf5382 2836 static int drive_serial = 1;
f3d54fc4 2837 int i, cylinders, heads, secs;
96b8f136 2838 uint64_t nb_sectors;
5391d806 2839
caed8802
FB		 2840 for(i = 0; i < 2; i++) {
2841 s = ide_state + i;
1d8cde5b 2842 s->io_buffer = qemu_memalign(512, IDE_DMA_BUF_SECTORS*512 + 4);
caed8802
FB		 2843 if (i == 0)
2844 s->bs = hd0;
2845 else
2846 s->bs = hd1;
5391d806
FB		 2847 if (s->bs) {
2848 bdrv_get_geometry(s->bs, &nb_sectors);
f3d54fc4
AL		 2849 bdrv_guess_geometry(s->bs, &cylinders, &heads, &secs);
2850 s->cylinders = cylinders;
2851 s->heads = heads;
2852 s->sectors = secs;
5391d806 2853 s->nb_sectors = nb_sectors;
f3d54fc4 2854
caed8802
FB		 2855 if (bdrv_get_type_hint(s->bs) == BDRV_TYPE_CDROM) {
2856 s->is_cdrom = 1;
bd491d6a 2857 bdrv_set_change_cb(s->bs, cdrom_change_cb, s);
5391d806
FB		 2858 }
2859 }
aedf5382 2860 s->drive_serial = drive_serial++;
fa879c64
AL		 2861 strncpy(s->drive_serial_str, drive_get_serial(s->bs),
2862 sizeof(s->drive_serial_str));
2863 if (strlen(s->drive_serial_str) == 0)
2864 snprintf(s->drive_serial_str, sizeof(s->drive_serial_str),
2865 "QM%05d", s->drive_serial);
caed8802 2866 s->irq = irq;
5fafdf24 2867 s->sector_write_timer = qemu_new_timer(vm_clock,
a09db21f 2868 ide_sector_write_timer_cb, s);
5391d806
FB		 2869 ide_reset(s);
2870 }
69b91039
FB		 2871}
2872
34e538ae 2873static void ide_init_ioport(IDEState *ide_state, int iobase, int iobase2)
69b91039 2874{
caed8802
FB		 2875 register_ioport_write(iobase, 8, 1, ide_ioport_write, ide_state);
2876 register_ioport_read(iobase, 8, 1, ide_ioport_read, ide_state);
2877 if (iobase2) {
2878 register_ioport_read(iobase2, 1, 1, ide_status_read, ide_state);
2879 register_ioport_write(iobase2, 1, 1, ide_cmd_write, ide_state);
5391d806 2880 }
3b46e624 2881
caed8802
FB		 2882 /* data ports */
2883 register_ioport_write(iobase, 2, 2, ide_data_writew, ide_state);
2884 register_ioport_read(iobase, 2, 2, ide_data_readw, ide_state);
2885 register_ioport_write(iobase, 4, 4, ide_data_writel, ide_state);
2886 register_ioport_read(iobase, 4, 4, ide_data_readl, ide_state);
5391d806 2887}
69b91039 2888
aa941b94
AZ		 2889/* save per IDE drive data */
2890static void ide_save(QEMUFile* f, IDEState *s)
2891{
bee8d684
TS		 2892 qemu_put_be32(f, s->mult_sectors);
2893 qemu_put_be32(f, s->identify_set);
aa941b94
AZ		 2894 if (s->identify_set) {
2895 qemu_put_buffer(f, (const uint8_t *)s->identify_data, 512);
2896 }
2897 qemu_put_8s(f, &s->feature);
2898 qemu_put_8s(f, &s->error);
2899 qemu_put_be32s(f, &s->nsector);
2900 qemu_put_8s(f, &s->sector);
2901 qemu_put_8s(f, &s->lcyl);
2902 qemu_put_8s(f, &s->hcyl);
2903 qemu_put_8s(f, &s->hob_feature);
2904 qemu_put_8s(f, &s->hob_nsector);
2905 qemu_put_8s(f, &s->hob_sector);
2906 qemu_put_8s(f, &s->hob_lcyl);
2907 qemu_put_8s(f, &s->hob_hcyl);
2908 qemu_put_8s(f, &s->select);
2909 qemu_put_8s(f, &s->status);
2910 qemu_put_8s(f, &s->lba48);
2911
2912 qemu_put_8s(f, &s->sense_key);
2913 qemu_put_8s(f, &s->asc);
2914 /* XXX: if a transfer is pending, we do not save it yet */
2915}
2916
2917/* load per IDE drive data */
2918static void ide_load(QEMUFile* f, IDEState *s)
2919{
bee8d684
TS		 2920 s->mult_sectors=qemu_get_be32(f);
2921 s->identify_set=qemu_get_be32(f);
aa941b94
AZ		 2922 if (s->identify_set) {
2923 qemu_get_buffer(f, (uint8_t *)s->identify_data, 512);
2924 }
2925 qemu_get_8s(f, &s->feature);
2926 qemu_get_8s(f, &s->error);
2927 qemu_get_be32s(f, &s->nsector);
2928 qemu_get_8s(f, &s->sector);
2929 qemu_get_8s(f, &s->lcyl);
2930 qemu_get_8s(f, &s->hcyl);
2931 qemu_get_8s(f, &s->hob_feature);
2932 qemu_get_8s(f, &s->hob_nsector);
2933 qemu_get_8s(f, &s->hob_sector);
2934 qemu_get_8s(f, &s->hob_lcyl);
2935 qemu_get_8s(f, &s->hob_hcyl);
2936 qemu_get_8s(f, &s->select);
2937 qemu_get_8s(f, &s->status);
2938 qemu_get_8s(f, &s->lba48);
2939
2940 qemu_get_8s(f, &s->sense_key);
2941 qemu_get_8s(f, &s->asc);
2942 /* XXX: if a transfer is pending, we do not save it yet */
2943}
2944
34e538ae
FB		 2945/***********************************************************/
2946/* ISA IDE definitions */
2947
d537cf6c 2948void isa_ide_init(int iobase, int iobase2, qemu_irq irq,
34e538ae
FB		 2949 BlockDriverState *hd0, BlockDriverState *hd1)
2950{
2951 IDEState *ide_state;
2952
2953 ide_state = qemu_mallocz(sizeof(IDEState) * 2);
2954 if (!ide_state)
2955 return;
3b46e624 2956
d537cf6c 2957 ide_init2(ide_state, hd0, hd1, irq);
34e538ae
FB		 2958 ide_init_ioport(ide_state, iobase, iobase2);
2959}
2960
69b91039
FB		 2961/***********************************************************/
2962/* PCI IDE definitions */
2963
5457c8ce
FB		 2964static void cmd646_update_irq(PCIIDEState *d);
2965
5fafdf24 2966static void ide_map(PCIDevice *pci_dev, int region_num,
69b91039
FB		 2967 uint32_t addr, uint32_t size, int type)
2968{
2969 PCIIDEState *d = (PCIIDEState *)pci_dev;
2970 IDEState *ide_state;
2971
2972 if (region_num <= 3) {
2973 ide_state = &d->ide_if[(region_num >> 1) * 2];
2974 if (region_num & 1) {
2975 register_ioport_read(addr + 2, 1, 1, ide_status_read, ide_state);
2976 register_ioport_write(addr + 2, 1, 1, ide_cmd_write, ide_state);
2977 } else {
2978 register_ioport_write(addr, 8, 1, ide_ioport_write, ide_state);
2979 register_ioport_read(addr, 8, 1, ide_ioport_read, ide_state);
2980
2981 /* data ports */
2982 register_ioport_write(addr, 2, 2, ide_data_writew, ide_state);
2983 register_ioport_read(addr, 2, 2, ide_data_readw, ide_state);
2984 register_ioport_write(addr, 4, 4, ide_data_writel, ide_state);
2985 register_ioport_read(addr, 4, 4, ide_data_readl, ide_state);
2986 }
2987 }
2988}
2989
8ccad811 2990static void ide_dma_start(IDEState *s, BlockDriverCompletionFunc *dma_cb)
98087450
FB		 2991{
2992 BMDMAState *bm = s->bmdma;
2993 if(!bm)
2994 return;
2995 bm->ide_if = s;
2996 bm->dma_cb = dma_cb;
8ccad811
FB		 2997 bm->cur_prd_last = 0;
2998 bm->cur_prd_addr = 0;
2999 bm->cur_prd_len = 0;
428c5705
AL		 3000 bm->sector_num = ide_get_sector(s);
3001 bm->nsector = s->nsector;
98087450 3002 if (bm->status & BM_STATUS_DMAING) {
8ccad811 3003 bm->dma_cb(bm, 0);
98087450
FB		 3004 }
3005}
3006
428c5705
AL		 3007static void ide_dma_restart(IDEState *s)
3008{
3009 BMDMAState *bm = s->bmdma;
3010 ide_set_sector(s, bm->sector_num);
3011 s->io_buffer_index = 0;
3012 s->io_buffer_size = 0;
3013 s->nsector = bm->nsector;
3014 bm->cur_addr = bm->addr;
3015 bm->dma_cb = ide_write_dma_cb;
3016 ide_dma_start(s, bm->dma_cb);
3017}
3018
72c7b06c
AL		 3019static void ide_dma_cancel(BMDMAState *bm)
3020{
3021 if (bm->status & BM_STATUS_DMAING) {
3022 bm->status &= ~BM_STATUS_DMAING;
3023 /* cancel DMA request */
3024 bm->ide_if = NULL;
3025 bm->dma_cb = NULL;
3026 if (bm->aiocb) {
3027#ifdef DEBUG_AIO
3028 printf("aio_cancel\n");
3029#endif
3030 bdrv_aio_cancel(bm->aiocb);
3031 bm->aiocb = NULL;
3032 }
3033 }
3034}
3035
98087450
FB		 3036static void bmdma_cmd_writeb(void *opaque, uint32_t addr, uint32_t val)
3037{
3038 BMDMAState *bm = opaque;
3039#ifdef DEBUG_IDE
3040 printf("%s: 0x%08x\n", __func__, val);
3041#endif
3042 if (!(val & BM_CMD_START)) {
3043 /* XXX: do it better */
72c7b06c 3044 ide_dma_cancel(bm);
98087450
FB		 3045 bm->cmd = val & 0x09;
3046 } else {
8ccad811
FB		 3047 if (!(bm->status & BM_STATUS_DMAING)) {
3048 bm->status |= BM_STATUS_DMAING;
3049 /* start dma transfer if possible */
3050 if (bm->dma_cb)
3051 bm->dma_cb(bm, 0);
3052 }
98087450 3053 bm->cmd = val & 0x09;
98087450
FB		 3054 }
3055}
3056
5457c8ce 3057static uint32_t bmdma_readb(void *opaque, uint32_t addr)
98087450
FB		 3058{
3059 BMDMAState *bm = opaque;
5457c8ce 3060 PCIIDEState *pci_dev;
98087450 3061 uint32_t val;
3b46e624 3062
5457c8ce 3063 switch(addr & 3) {
5fafdf24 3064 case 0:
5457c8ce
FB		 3065 val = bm->cmd;
3066 break;
3067 case 1:
3068 pci_dev = bm->pci_dev;
3069 if (pci_dev->type == IDE_TYPE_CMD646) {
3070 val = pci_dev->dev.config[MRDMODE];
3071 } else {
3072 val = 0xff;
3073 }
3074 break;
3075 case 2:
3076 val = bm->status;
3077 break;
3078 case 3:
3079 pci_dev = bm->pci_dev;
3080 if (pci_dev->type == IDE_TYPE_CMD646) {
3081 if (bm == &pci_dev->bmdma[0])
3082 val = pci_dev->dev.config[UDIDETCR0];
3083 else
3084 val = pci_dev->dev.config[UDIDETCR1];
3085 } else {
3086 val = 0xff;
3087 }
3088 break;
3089 default:
3090 val = 0xff;
3091 break;
3092 }
98087450 3093#ifdef DEBUG_IDE
5457c8ce 3094 printf("bmdma: readb 0x%02x : 0x%02x\n", addr, val);
98087450
FB		 3095#endif
3096 return val;
3097}
3098
5457c8ce 3099static void bmdma_writeb(void *opaque, uint32_t addr, uint32_t val)
98087450
FB		 3100{
3101 BMDMAState *bm = opaque;
5457c8ce 3102 PCIIDEState *pci_dev;
98087450 3103#ifdef DEBUG_IDE
5457c8ce 3104 printf("bmdma: writeb 0x%02x : 0x%02x\n", addr, val);
98087450 3105#endif
5457c8ce
FB		 3106 switch(addr & 3) {
3107 case 1:
3108 pci_dev = bm->pci_dev;
3109 if (pci_dev->type == IDE_TYPE_CMD646) {
5fafdf24 3110 pci_dev->dev.config[MRDMODE] =
5457c8ce
FB		 3111 (pci_dev->dev.config[MRDMODE] & ~0x30) | (val & 0x30);
3112 cmd646_update_irq(pci_dev);
3113 }
3114 break;
3115 case 2:
3116 bm->status = (val & 0x60) | (bm->status & 1) | (bm->status & ~val & 0x06);
3117 break;
3118 case 3:
3119 pci_dev = bm->pci_dev;
3120 if (pci_dev->type == IDE_TYPE_CMD646) {
3121 if (bm == &pci_dev->bmdma[0])
3122 pci_dev->dev.config[UDIDETCR0] = val;
3123 else
3124 pci_dev->dev.config[UDIDETCR1] = val;
3125 }
3126 break;
3127 }
98087450
FB		 3128}
3129
5b9a1293
AJ		 3130static uint32_t bmdma_addr_readb(void *opaque, uint32_t addr)
3131{
3132 BMDMAState *bm = opaque;
3133 uint32_t val;
3134 val = (bm->addr >> ((addr & 3) * 8)) & 0xff;
3135#ifdef DEBUG_IDE
3136 printf("%s: 0x%08x\n", __func__, val);
3137#endif
3138 return val;
3139}
3140
3141static void bmdma_addr_writeb(void *opaque, uint32_t addr, uint32_t val)
3142{
3143 BMDMAState *bm = opaque;
3144 int shift = (addr & 3) * 8;
3145#ifdef DEBUG_IDE
3146 printf("%s: 0x%08x\n", __func__, val);
3147#endif
3148 bm->addr &= ~(0xFF << shift);
3149 bm->addr |= ((val & 0xFF) << shift) & ~3;
3150 bm->cur_addr = bm->addr;
3151}
3152
3153static uint32_t bmdma_addr_readw(void *opaque, uint32_t addr)
3154{
3155 BMDMAState *bm = opaque;
3156 uint32_t val;
3157 val = (bm->addr >> ((addr & 3) * 8)) & 0xffff;
3158#ifdef DEBUG_IDE
3159 printf("%s: 0x%08x\n", __func__, val);
3160#endif
3161 return val;
3162}
3163
3164static void bmdma_addr_writew(void *opaque, uint32_t addr, uint32_t val)
3165{
3166 BMDMAState *bm = opaque;
3167 int shift = (addr & 3) * 8;
3168#ifdef DEBUG_IDE
3169 printf("%s: 0x%08x\n", __func__, val);
3170#endif
3171 bm->addr &= ~(0xFFFF << shift);
3172 bm->addr |= ((val & 0xFFFF) << shift) & ~3;
3173 bm->cur_addr = bm->addr;
3174}
3175
98087450
FB		 3176static uint32_t bmdma_addr_readl(void *opaque, uint32_t addr)
3177{
3178 BMDMAState *bm = opaque;
3179 uint32_t val;
3180 val = bm->addr;
3181#ifdef DEBUG_IDE
3182 printf("%s: 0x%08x\n", __func__, val);
3183#endif
3184 return val;
3185}
3186
3187static void bmdma_addr_writel(void *opaque, uint32_t addr, uint32_t val)
3188{
3189 BMDMAState *bm = opaque;
3190#ifdef DEBUG_IDE
3191 printf("%s: 0x%08x\n", __func__, val);
3192#endif
3193 bm->addr = val & ~3;
30c4bbac 3194 bm->cur_addr = bm->addr;
98087450
FB		 3195}
3196
5fafdf24 3197static void bmdma_map(PCIDevice *pci_dev, int region_num,
98087450
FB		 3198 uint32_t addr, uint32_t size, int type)
3199{
3200 PCIIDEState *d = (PCIIDEState *)pci_dev;
3201 int i;
3202
3203 for(i = 0;i < 2; i++) {
3204 BMDMAState *bm = &d->bmdma[i];
3205 d->ide_if[2 * i].bmdma = bm;
3206 d->ide_if[2 * i + 1].bmdma = bm;
5457c8ce 3207 bm->pci_dev = (PCIIDEState *)pci_dev;
428c5705 3208 qemu_add_vm_change_state_handler(ide_dma_restart_cb, bm);
5457c8ce 3209
98087450 3210 register_ioport_write(addr, 1, 1, bmdma_cmd_writeb, bm);
98087450 3211
5457c8ce
FB		 3212 register_ioport_write(addr + 1, 3, 1, bmdma_writeb, bm);
3213 register_ioport_read(addr, 4, 1, bmdma_readb, bm);
98087450 3214
5b9a1293
AJ		 3215 register_ioport_write(addr + 4, 4, 1, bmdma_addr_writeb, bm);
3216 register_ioport_read(addr + 4, 4, 1, bmdma_addr_readb, bm);
3217 register_ioport_write(addr + 4, 4, 2, bmdma_addr_writew, bm);
3218 register_ioport_read(addr + 4, 4, 2, bmdma_addr_readw, bm);
98087450
FB		 3219 register_ioport_write(addr + 4, 4, 4, bmdma_addr_writel, bm);
3220 register_ioport_read(addr + 4, 4, 4, bmdma_addr_readl, bm);
3221 addr += 8;
3222 }
3223}
3224
9b64997f
BS		 3225static void pci_ide_save(QEMUFile* f, void *opaque)
3226{
3227 PCIIDEState *d = opaque;
3228 int i;
3229
3230 pci_device_save(&d->dev, f);
3231
3232 for(i = 0; i < 2; i++) {
3233 BMDMAState *bm = &d->bmdma[i];
428c5705 3234 uint8_t ifidx;
9b64997f
BS		 3235 qemu_put_8s(f, &bm->cmd);
3236 qemu_put_8s(f, &bm->status);
3237 qemu_put_be32s(f, &bm->addr);
428c5705
AL		 3238 qemu_put_sbe64s(f, &bm->sector_num);
3239 qemu_put_be32s(f, &bm->nsector);
3240 ifidx = bm->ide_if ? bm->ide_if - d->ide_if : 0;
3241 qemu_put_8s(f, &ifidx);
9b64997f
BS		 3242 /* XXX: if a transfer is pending, we do not save it yet */
3243 }
3244
3245 /* per IDE interface data */
3246 for(i = 0; i < 2; i++) {
3247 IDEState *s = &d->ide_if[i * 2];
3248 uint8_t drive1_selected;
3249 qemu_put_8s(f, &s->cmd);
3250 drive1_selected = (s->cur_drive != s);
3251 qemu_put_8s(f, &drive1_selected);
3252 }
3253
3254 /* per IDE drive data */
3255 for(i = 0; i < 4; i++) {
3256 ide_save(f, &d->ide_if[i]);
3257 }
3258}
3259
3260static int pci_ide_load(QEMUFile* f, void *opaque, int version_id)
3261{
3262 PCIIDEState *d = opaque;
3263 int ret, i;
3264
428c5705 3265 if (version_id != 2)
9b64997f
BS		 3266 return -EINVAL;
3267 ret = pci_device_load(&d->dev, f);
3268 if (ret < 0)
3269 return ret;
3270
3271 for(i = 0; i < 2; i++) {
3272 BMDMAState *bm = &d->bmdma[i];
428c5705 3273 uint8_t ifidx;
9b64997f
BS		 3274 qemu_get_8s(f, &bm->cmd);
3275 qemu_get_8s(f, &bm->status);
3276 qemu_get_be32s(f, &bm->addr);
428c5705
AL		 3277 qemu_get_sbe64s(f, &bm->sector_num);
3278 qemu_get_be32s(f, &bm->nsector);
3279 qemu_get_8s(f, &ifidx);
3280 bm->ide_if = &d->ide_if[ifidx];
9b64997f
BS		 3281 /* XXX: if a transfer is pending, we do not save it yet */
3282 }
3283
3284 /* per IDE interface data */
3285 for(i = 0; i < 2; i++) {
3286 IDEState *s = &d->ide_if[i * 2];
3287 uint8_t drive1_selected;
3288 qemu_get_8s(f, &s->cmd);
3289 qemu_get_8s(f, &drive1_selected);
3290 s->cur_drive = &d->ide_if[i * 2 + (drive1_selected != 0)];
3291 }
3292
3293 /* per IDE drive data */
3294 for(i = 0; i < 4; i++) {
3295 ide_load(f, &d->ide_if[i]);
3296 }
3297 return 0;
3298}
3299
5457c8ce
FB		 3300/* XXX: call it also when the MRDMODE is changed from the PCI config
3301 registers */
3302static void cmd646_update_irq(PCIIDEState *d)
3303{
3304 int pci_level;
3305 pci_level = ((d->dev.config[MRDMODE] & MRDMODE_INTR_CH0) &&
3306 !(d->dev.config[MRDMODE] & MRDMODE_BLK_CH0)) ||
3307 ((d->dev.config[MRDMODE] & MRDMODE_INTR_CH1) &&
3308 !(d->dev.config[MRDMODE] & MRDMODE_BLK_CH1));
d537cf6c 3309 qemu_set_irq(d->dev.irq[0], pci_level);
5457c8ce
FB		 3310}
3311
3312/* the PCI irq level is the logical OR of the two channels */
3313static void cmd646_set_irq(void *opaque, int channel, int level)
3314{
3315 PCIIDEState *d = opaque;
3316 int irq_mask;
3317
3318 irq_mask = MRDMODE_INTR_CH0 << channel;
3319 if (level)
3320 d->dev.config[MRDMODE] |= irq_mask;
3321 else
3322 d->dev.config[MRDMODE] &= ~irq_mask;
3323 cmd646_update_irq(d);
3324}
3325
6e6b7363
BS		 3326static void cmd646_reset(void *opaque)
3327{
3328 PCIIDEState *d = opaque;
3329 unsigned int i;
3330
3331 for (i = 0; i < 2; i++)
3332 ide_dma_cancel(&d->bmdma[i]);
3333}
3334
5457c8ce
FB		 3335/* CMD646 PCI IDE controller */
3336void pci_cmd646_ide_init(PCIBus *bus, BlockDriverState **hd_table,
3337 int secondary_ide_enabled)
69b91039
FB		 3338{
3339 PCIIDEState *d;
3340 uint8_t *pci_conf;
34e538ae 3341 int i;
d537cf6c 3342 qemu_irq *irq;
34e538ae 3343
5fafdf24 3344 d = (PCIIDEState *)pci_register_device(bus, "CMD646 IDE",
5457c8ce 3345 sizeof(PCIIDEState),
5fafdf24 3346 -1,
73c11f63 3347 NULL, NULL);
5457c8ce 3348 d->type = IDE_TYPE_CMD646;
69b91039 3349 pci_conf = d->dev.config;
deb54399
AL		 3350 pci_config_set_vendor_id(pci_conf, PCI_VENDOR_ID_CMD);
3351 pci_config_set_device_id(pci_conf, PCI_DEVICE_ID_CMD_646);
5457c8ce
FB		 3352
3353 pci_conf[0x08] = 0x07; // IDE controller revision
5fafdf24 3354 pci_conf[0x09] = 0x8f;
5457c8ce 3355
173a543b 3356 pci_config_set_class(pci_conf, PCI_CLASS_STORAGE_IDE);
5457c8ce 3357 pci_conf[0x0e] = 0x00; // header_type
3b46e624 3358
0516ede0 3359 pci_conf[0x51] = 0x04; // enable IDE0
5457c8ce
FB		 3360 if (secondary_ide_enabled) {
3361 /* XXX: if not enabled, really disable the seconday IDE controller */
0516ede0 3362 pci_conf[0x51] |= 0x08; /* enable IDE1 */
5457c8ce 3363 }
69b91039 3364
5fafdf24 3365 pci_register_io_region((PCIDevice *)d, 0, 0x8,
69b91039 3366 PCI_ADDRESS_SPACE_IO, ide_map);
5fafdf24 3367 pci_register_io_region((PCIDevice *)d, 1, 0x4,
69b91039 3368 PCI_ADDRESS_SPACE_IO, ide_map);
5fafdf24 3369 pci_register_io_region((PCIDevice *)d, 2, 0x8,
69b91039 3370 PCI_ADDRESS_SPACE_IO, ide_map);
5fafdf24 3371 pci_register_io_region((PCIDevice *)d, 3, 0x4,
69b91039 3372 PCI_ADDRESS_SPACE_IO, ide_map);
5fafdf24 3373 pci_register_io_region((PCIDevice *)d, 4, 0x10,
98087450 3374 PCI_ADDRESS_SPACE_IO, bmdma_map);
69b91039 3375
34e538ae 3376 pci_conf[0x3d] = 0x01; // interrupt on pin 1
3b46e624 3377
34e538ae
FB		 3378 for(i = 0; i < 4; i++)
3379 d->ide_if[i].pci_dev = (PCIDevice *)d;
d537cf6c
PB		 3380
3381 irq = qemu_allocate_irqs(cmd646_set_irq, d, 2);
3382 ide_init2(&d->ide_if[0], hd_table[0], hd_table[1], irq[0]);
3383 ide_init2(&d->ide_if[2], hd_table[2], hd_table[3], irq[1]);
6e6b7363 3384
428c5705 3385 register_savevm("ide", 0, 2, pci_ide_save, pci_ide_load, d);
6e6b7363
BS		 3386 qemu_register_reset(cmd646_reset, d);
3387 cmd646_reset(d);
34e538ae
FB		 3388}
3389
72c7b06c 3390static void piix3_reset(void *opaque)
e6a71ae3 3391{
72c7b06c 3392 PCIIDEState *d = opaque;
e6a71ae3 3393 uint8_t *pci_conf = d->dev.config;
72c7b06c
AL		 3394 int i;
3395
3396 for (i = 0; i < 2; i++)
3397 ide_dma_cancel(&d->bmdma[i]);
e6a71ae3
TS		 3398
3399 pci_conf[0x04] = 0x00;
3400 pci_conf[0x05] = 0x00;
3401 pci_conf[0x06] = 0x80; /* FBC */
3402 pci_conf[0x07] = 0x02; // PCI_status_devsel_medium
3403 pci_conf[0x20] = 0x01; /* BMIBA: 20-23h */
3404}
3405
34e538ae
FB		 3406/* hd_table must contain 4 block drivers */
3407/* NOTE: for the PIIX3, the IRQs and IOports are hardcoded */
d537cf6c
PB		 3408void pci_piix3_ide_init(PCIBus *bus, BlockDriverState **hd_table, int devfn,
3409 qemu_irq *pic)
34e538ae
FB		 3410{
3411 PCIIDEState *d;
3412 uint8_t *pci_conf;
3b46e624 3413
34e538ae 3414 /* register a function 1 of PIIX3 */
5fafdf24 3415 d = (PCIIDEState *)pci_register_device(bus, "PIIX3 IDE",
46e50e9d 3416 sizeof(PCIIDEState),
502a5395 3417 devfn,
34e538ae 3418 NULL, NULL);
5457c8ce
FB		 3419 d->type = IDE_TYPE_PIIX3;
3420
34e538ae 3421 pci_conf = d->dev.config;
deb54399
AL		 3422 pci_config_set_vendor_id(pci_conf, PCI_VENDOR_ID_INTEL);
3423 pci_config_set_device_id(pci_conf, PCI_DEVICE_ID_INTEL_82371SB_1);
92510b8c 3424 pci_conf[0x09] = 0x80; // legacy ATA mode
173a543b 3425 pci_config_set_class(pci_conf, PCI_CLASS_STORAGE_IDE);
34e538ae
FB		 3426 pci_conf[0x0e] = 0x00; // header_type
3427
72c7b06c 3428 qemu_register_reset(piix3_reset, d);
e6a71ae3
TS		 3429 piix3_reset(d);
3430
5fafdf24 3431 pci_register_io_region((PCIDevice *)d, 4, 0x10,
98087450 3432 PCI_ADDRESS_SPACE_IO, bmdma_map);
34e538ae 3433
d537cf6c
PB		 3434 ide_init2(&d->ide_if[0], hd_table[0], hd_table[1], pic[14]);
3435 ide_init2(&d->ide_if[2], hd_table[2], hd_table[3], pic[15]);
34e538ae
FB		 3436 ide_init_ioport(&d->ide_if[0], 0x1f0, 0x3f6);
3437 ide_init_ioport(&d->ide_if[2], 0x170, 0x376);
c3d78997 3438
428c5705 3439 register_savevm("ide", 0, 2, pci_ide_save, pci_ide_load, d);
69b91039 3440}
1ade1de2 3441
afcc3cdf
TS		 3442/* hd_table must contain 4 block drivers */
3443/* NOTE: for the PIIX4, the IRQs and IOports are hardcoded */
3444void pci_piix4_ide_init(PCIBus *bus, BlockDriverState **hd_table, int devfn,
3445 qemu_irq *pic)
3446{
3447 PCIIDEState *d;
3448 uint8_t *pci_conf;
3449
3450 /* register a function 1 of PIIX4 */
3451 d = (PCIIDEState *)pci_register_device(bus, "PIIX4 IDE",
3452 sizeof(PCIIDEState),
3453 devfn,
3454 NULL, NULL);
3455 d->type = IDE_TYPE_PIIX4;
3456
3457 pci_conf = d->dev.config;
deb54399
AL		 3458 pci_config_set_vendor_id(pci_conf, PCI_VENDOR_ID_INTEL);
3459 pci_config_set_device_id(pci_conf, PCI_DEVICE_ID_INTEL_82371AB);
afcc3cdf 3460 pci_conf[0x09] = 0x80; // legacy ATA mode
173a543b 3461 pci_config_set_class(pci_conf, PCI_CLASS_STORAGE_IDE);
afcc3cdf
TS		 3462 pci_conf[0x0e] = 0x00; // header_type
3463
72c7b06c 3464 qemu_register_reset(piix3_reset, d);
afcc3cdf
TS		 3465 piix3_reset(d);
3466
3467 pci_register_io_region((PCIDevice *)d, 4, 0x10,
3468 PCI_ADDRESS_SPACE_IO, bmdma_map);
3469
3470 ide_init2(&d->ide_if[0], hd_table[0], hd_table[1], pic[14]);
3471 ide_init2(&d->ide_if[2], hd_table[2], hd_table[3], pic[15]);
3472 ide_init_ioport(&d->ide_if[0], 0x1f0, 0x3f6);
3473 ide_init_ioport(&d->ide_if[2], 0x170, 0x376);
3474
428c5705 3475 register_savevm("ide", 0, 2, pci_ide_save, pci_ide_load, d);
afcc3cdf
TS		 3476}
3477
e3007e66 3478#if defined(TARGET_PPC)
1ade1de2
FB		 3479/***********************************************************/
3480/* MacIO based PowerPC IDE */
3481
e3007e66
AJ		 3482typedef struct MACIOIDEState {
3483 IDEState ide_if[2];
3484 void *dbdma;
3485 int stream_index;
3486} MACIOIDEState;
3487
3488static int pmac_atapi_read(DBDMA_transfer *info, DBDMA_transfer_cb cb)
3489{
3490 MACIOIDEState *m = info->opaque;
3491 IDEState *s = m->ide_if->cur_drive;
3492 int ret;
3493
3494 if (s->lba == -1)
3495 return 0;
3496
3497 info->buf_pos = 0;
3498
3499 while (info->buf_pos < info->len && s->packet_transfer_size > 0) {
3500
3501 ret = cd_read_sector(s->bs, s->lba, s->io_buffer, s->cd_sector_size);
3502 if (ret < 0) {
3503 ide_transfer_stop(s);
3504 ide_atapi_io_error(s, ret);
3505 return info->buf_pos;
3506 }
3507
3508 info->buf = s->io_buffer + m->stream_index;
3509
3510 info->buf_len = s->cd_sector_size;
3511 if (info->buf_pos + info->buf_len > info->len)
3512 info->buf_len = info->len - info->buf_pos;
3513
3514 cb(info);
3515
3516 /* db-dma can ask for 512 bytes whereas block size is 2048... */
3517
3518 m->stream_index += info->buf_len;
3519 s->lba += m->stream_index / s->cd_sector_size;
3520 m->stream_index %= s->cd_sector_size;
3521
3522 info->buf_pos += info->buf_len;
3523 s->packet_transfer_size -= info->buf_len;
3524 }
3525 if (s->packet_transfer_size <= 0) {
3526 s->status = READY_STAT | SEEK_STAT;
3527 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO
3528 | ATAPI_INT_REASON_CD;
3529 ide_set_irq(s);
3530 }
3531
3532 return info->buf_pos;
3533}
3534
3535static int pmac_ide_transfer(DBDMA_transfer *info,
3536 DBDMA_transfer_cb cb)
3537{
3538 MACIOIDEState *m = info->opaque;
3539 IDEState *s = m->ide_if->cur_drive;
3540 int64_t sector_num;
3541 int ret, n;
3542
3543 if (s->is_cdrom)
3544 return pmac_atapi_read(info, cb);
3545
3546 info->buf = s->io_buffer;
3547 info->buf_pos = 0;
3548 while (info->buf_pos < info->len && s->nsector > 0) {
3549
3550 sector_num = ide_get_sector(s);
3551
3552 n = s->nsector;
3553 if (n > IDE_DMA_BUF_SECTORS)
3554 n = IDE_DMA_BUF_SECTORS;
3555
3556 info->buf_len = n << 9;
3557 if (info->buf_pos + info->buf_len > info->len)
3558 info->buf_len = info->len - info->buf_pos;
3559 n = info->buf_len >> 9;
3560
3561 if (s->is_read) {
3562 ret = bdrv_read(s->bs, sector_num, s->io_buffer, n);
3563 if (ret == 0)
3564 cb(info);
3565 } else {
3566 cb(info);
3567 ret = bdrv_write(s->bs, sector_num, s->io_buffer, n);
3568 }
3569
3570 if (ret != 0) {
3571 ide_rw_error(s);
3572 return info->buf_pos;
3573 }
3574
3575 info->buf_pos += n << 9;
3576 ide_set_sector(s, sector_num + n);
3577 s->nsector -= n;
3578 }
3579
3580 if (s->nsector <= 0) {
3581 s->status = READY_STAT | SEEK_STAT;
3582 ide_set_irq(s);
3583 }
3584
3585 return info->buf_pos;
3586}
3587
1ade1de2
FB		 3588/* PowerMac IDE memory IO */
3589static void pmac_ide_writeb (void *opaque,
3590 target_phys_addr_t addr, uint32_t val)
3591{
e3007e66
AJ		 3592 MACIOIDEState *d = opaque;
3593
5fafdf24 3594 addr = (addr & 0xFFF) >> 4;
1ade1de2
FB		 3595 switch (addr) {
3596 case 1 ... 7:
e3007e66 3597 ide_ioport_write(d->ide_if, addr, val);
1ade1de2
FB		 3598 break;
3599 case 8:
3600 case 22:
e3007e66 3601 ide_cmd_write(d->ide_if, 0, val);
1ade1de2
FB		 3602 break;
3603 default:
3604 break;
3605 }
3606}
3607
3608static uint32_t pmac_ide_readb (void *opaque,target_phys_addr_t addr)
3609{
3610 uint8_t retval;
e3007e66 3611 MACIOIDEState *d = opaque;
1ade1de2
FB		 3612
3613 addr = (addr & 0xFFF) >> 4;
3614 switch (addr) {
3615 case 1 ... 7:
e3007e66 3616 retval = ide_ioport_read(d->ide_if, addr);
1ade1de2
FB		 3617 break;
3618 case 8:
3619 case 22:
e3007e66 3620 retval = ide_status_read(d->ide_if, 0);
1ade1de2
FB		 3621 break;
3622 default:
3623 retval = 0xFF;
3624 break;
3625 }
3626 return retval;
3627}
3628
3629static void pmac_ide_writew (void *opaque,
3630 target_phys_addr_t addr, uint32_t val)
3631{
e3007e66
AJ		 3632 MACIOIDEState *d = opaque;
3633
5fafdf24 3634 addr = (addr & 0xFFF) >> 4;
1ade1de2
FB		 3635#ifdef TARGET_WORDS_BIGENDIAN
3636 val = bswap16(val);
3637#endif
3638 if (addr == 0) {
e3007e66 3639 ide_data_writew(d->ide_if, 0, val);
1ade1de2
FB		 3640 }
3641}
3642
3643static uint32_t pmac_ide_readw (void *opaque,target_phys_addr_t addr)
3644{
3645 uint16_t retval;
e3007e66 3646 MACIOIDEState *d = opaque;
1ade1de2 3647
5fafdf24 3648 addr = (addr & 0xFFF) >> 4;
1ade1de2 3649 if (addr == 0) {
e3007e66 3650 retval = ide_data_readw(d->ide_if, 0);
1ade1de2
FB		 3651 } else {
3652 retval = 0xFFFF;
3653 }
3654#ifdef TARGET_WORDS_BIGENDIAN
3655 retval = bswap16(retval);
3656#endif
3657 return retval;
3658}
3659
3660static void pmac_ide_writel (void *opaque,
3661 target_phys_addr_t addr, uint32_t val)
3662{
e3007e66
AJ		 3663 MACIOIDEState *d = opaque;
3664
5fafdf24 3665 addr = (addr & 0xFFF) >> 4;
1ade1de2
FB		 3666#ifdef TARGET_WORDS_BIGENDIAN
3667 val = bswap32(val);
3668#endif
3669 if (addr == 0) {
e3007e66 3670 ide_data_writel(d->ide_if, 0, val);
1ade1de2
FB		 3671 }
3672}
3673
3674static uint32_t pmac_ide_readl (void *opaque,target_phys_addr_t addr)
3675{
3676 uint32_t retval;
e3007e66 3677 MACIOIDEState *d = opaque;
1ade1de2 3678
5fafdf24 3679 addr = (addr & 0xFFF) >> 4;
1ade1de2 3680 if (addr == 0) {
e3007e66 3681 retval = ide_data_readl(d->ide_if, 0);
1ade1de2
FB		 3682 } else {
3683 retval = 0xFFFFFFFF;
3684 }
3685#ifdef TARGET_WORDS_BIGENDIAN
3686 retval = bswap32(retval);
3687#endif
3688 return retval;
3689}
3690
3691static CPUWriteMemoryFunc *pmac_ide_write[] = {
3692 pmac_ide_writeb,
3693 pmac_ide_writew,
3694 pmac_ide_writel,
3695};
3696
3697static CPUReadMemoryFunc *pmac_ide_read[] = {
3698 pmac_ide_readb,
3699 pmac_ide_readw,
3700 pmac_ide_readl,
3701};
3702
9b64997f
BS		 3703static void pmac_ide_save(QEMUFile *f, void *opaque)
3704{
e3007e66
AJ		 3705 MACIOIDEState *d = opaque;
3706 IDEState *s = d->ide_if;
9b64997f
BS		 3707 uint8_t drive1_selected;
3708 unsigned int i;
3709
3710 /* per IDE interface data */
3711 qemu_put_8s(f, &s->cmd);
3712 drive1_selected = (s->cur_drive != s);
3713 qemu_put_8s(f, &drive1_selected);
3714
3715 /* per IDE drive data */
3716 for(i = 0; i < 2; i++) {
3717 ide_save(f, &s[i]);
3718 }
3719}
3720
3721static int pmac_ide_load(QEMUFile *f, void *opaque, int version_id)
3722{
e3007e66
AJ		 3723 MACIOIDEState *d = opaque;
3724 IDEState *s = d->ide_if;
9b64997f
BS		 3725 uint8_t drive1_selected;
3726 unsigned int i;
3727
3728 if (version_id != 1)
3729 return -EINVAL;
3730
3731 /* per IDE interface data */
3732 qemu_get_8s(f, &s->cmd);
3733 qemu_get_8s(f, &drive1_selected);
3734 s->cur_drive = &s[(drive1_selected != 0)];
3735
3736 /* per IDE drive data */
3737 for(i = 0; i < 2; i++) {
3738 ide_load(f, &s[i]);
3739 }
3740 return 0;
3741}
3742
6e6b7363
BS		 3743static void pmac_ide_reset(void *opaque)
3744{
e3007e66
AJ		 3745 MACIOIDEState *d = opaque;
3746 IDEState *s = d->ide_if;
6e6b7363
BS		 3747
3748 ide_reset(&s[0]);
3749 ide_reset(&s[1]);
3750}
3751
1ade1de2
FB		 3752/* hd_table must contain 4 block drivers */
3753/* PowerMac uses memory mapped registers, not I/O. Return the memory
3754 I/O index to access the ide. */
e3007e66
AJ		 3755int pmac_ide_init (BlockDriverState **hd_table, qemu_irq irq,
3756 void *dbdma, int channel, qemu_irq dma_irq)
1ade1de2 3757{
e3007e66 3758 MACIOIDEState *d;
1ade1de2
FB		 3759 int pmac_ide_memory;
3760
e3007e66
AJ		 3761 d = qemu_mallocz(sizeof(MACIOIDEState));
3762 ide_init2(d->ide_if, hd_table[0], hd_table[1], irq);
3763
3764 if (dbdma) {
3765 d->dbdma = dbdma;
3766 DBDMA_register_channel(dbdma, channel, dma_irq, pmac_ide_transfer, d);
3767 }
3b46e624 3768
1ade1de2 3769 pmac_ide_memory = cpu_register_io_memory(0, pmac_ide_read,
e3007e66
AJ		 3770 pmac_ide_write, d);
3771 register_savevm("ide", 0, 1, pmac_ide_save, pmac_ide_load, d);
3772 qemu_register_reset(pmac_ide_reset, d);
3773 pmac_ide_reset(d);
3774
1ade1de2
FB		 3775 return pmac_ide_memory;
3776}
e3007e66 3777#endif /* TARGET_PPC */
201a51fc 3778
a4a771c0
AZ		 3779/***********************************************************/
3780/* MMIO based ide port
3781 * This emulates IDE device connected directly to the CPU bus without
3782 * dedicated ide controller, which is often seen on embedded boards.
3783 */
3784
3785typedef struct {
3786 void *dev;
3787 int shift;
3788} MMIOState;
3789
3790static uint32_t mmio_ide_read (void *opaque, target_phys_addr_t addr)
3791{
3792 MMIOState *s = (MMIOState*)opaque;
3793 IDEState *ide = (IDEState*)s->dev;
3794 addr >>= s->shift;
3795 if (addr & 7)
3796 return ide_ioport_read(ide, addr);
3797 else
3798 return ide_data_readw(ide, 0);
3799}
3800
3801static void mmio_ide_write (void *opaque, target_phys_addr_t addr,
3802 uint32_t val)
3803{
3804 MMIOState *s = (MMIOState*)opaque;
3805 IDEState *ide = (IDEState*)s->dev;
3806 addr >>= s->shift;
3807 if (addr & 7)
3808 ide_ioport_write(ide, addr, val);
3809 else
3810 ide_data_writew(ide, 0, val);
3811}
3812
3813static CPUReadMemoryFunc *mmio_ide_reads[] = {
3814 mmio_ide_read,
3815 mmio_ide_read,
3816 mmio_ide_read,
3817};
3818
3819static CPUWriteMemoryFunc *mmio_ide_writes[] = {
3820 mmio_ide_write,
3821 mmio_ide_write,
3822 mmio_ide_write,
3823};
3824
3825static uint32_t mmio_ide_status_read (void *opaque, target_phys_addr_t addr)
3826{
3827 MMIOState *s= (MMIOState*)opaque;
3828 IDEState *ide = (IDEState*)s->dev;
3829 return ide_status_read(ide, 0);
3830}
3831
3832static void mmio_ide_cmd_write (void *opaque, target_phys_addr_t addr,
3833 uint32_t val)
3834{
3835 MMIOState *s = (MMIOState*)opaque;
3836 IDEState *ide = (IDEState*)s->dev;
3837 ide_cmd_write(ide, 0, val);
3838}
3839
3840static CPUReadMemoryFunc *mmio_ide_status[] = {
3841 mmio_ide_status_read,
3842 mmio_ide_status_read,
3843 mmio_ide_status_read,
3844};
3845
3846static CPUWriteMemoryFunc *mmio_ide_cmd[] = {
3847 mmio_ide_cmd_write,
3848 mmio_ide_cmd_write,
3849 mmio_ide_cmd_write,
3850};
3851
3852void mmio_ide_init (target_phys_addr_t membase, target_phys_addr_t membase2,
3853 qemu_irq irq, int shift,
3854 BlockDriverState *hd0, BlockDriverState *hd1)
3855{
3856 MMIOState *s = qemu_mallocz(sizeof(MMIOState));
3857 IDEState *ide = qemu_mallocz(sizeof(IDEState) * 2);
3858 int mem1, mem2;
3859
3860 ide_init2(ide, hd0, hd1, irq);
3861
3862 s->dev = ide;
3863 s->shift = shift;
3864
3865 mem1 = cpu_register_io_memory(0, mmio_ide_reads, mmio_ide_writes, s);
3866 mem2 = cpu_register_io_memory(0, mmio_ide_status, mmio_ide_cmd, s);
3867 cpu_register_physical_memory(membase, 16 << shift, mem1);
3868 cpu_register_physical_memory(membase2, 2 << shift, mem2);
3869}
3870
201a51fc
AZ		 3871/***********************************************************/
3872/* CF-ATA Microdrive */
3873
3874#define METADATA_SIZE 0x20
3875
3876/* DSCM-1XXXX Microdrive hard disk with CF+ II / PCMCIA interface. */
3877struct md_s {
3878 IDEState ide[2];
3879 struct pcmcia_card_s card;
3880 uint32_t attr_base;
3881 uint32_t io_base;
3882
3883 /* Card state */
3884 uint8_t opt;
3885 uint8_t stat;
3886 uint8_t pins;
3887
3888 uint8_t ctrl;
3889 uint16_t io;
3890 int cycle;
3891};
3892
3893/* Register bitfields */
3894enum md_opt {
3895 OPT_MODE_MMAP = 0,
3896 OPT_MODE_IOMAP16 = 1,
3897 OPT_MODE_IOMAP1 = 2,
3898 OPT_MODE_IOMAP2 = 3,
3899 OPT_MODE = 0x3f,
3900 OPT_LEVIREQ = 0x40,
3901 OPT_SRESET = 0x80,
3902};
3903enum md_cstat {
3904 STAT_INT = 0x02,
3905 STAT_PWRDWN = 0x04,
3906 STAT_XE = 0x10,
3907 STAT_IOIS8 = 0x20,
3908 STAT_SIGCHG = 0x40,
3909 STAT_CHANGED = 0x80,
3910};
3911enum md_pins {
3912 PINS_MRDY = 0x02,
3913 PINS_CRDY = 0x20,
3914};
3915enum md_ctrl {
3916 CTRL_IEN = 0x02,
3917 CTRL_SRST = 0x04,
3918};
3919
3920static inline void md_interrupt_update(struct md_s *s)
3921{
3922 if (!s->card.slot)
3923 return;
3924
3925 qemu_set_irq(s->card.slot->irq,
3926 !(s->stat & STAT_INT) && /* Inverted */
3927 !(s->ctrl & (CTRL_IEN | CTRL_SRST)) &&
3928 !(s->opt & OPT_SRESET));
3929}
3930
3931static void md_set_irq(void *opaque, int irq, int level)
3932{
3933 struct md_s *s = (struct md_s *) opaque;
3934 if (level)
3935 s->stat |= STAT_INT;
3936 else
3937 s->stat &= ~STAT_INT;
3938
3939 md_interrupt_update(s);
3940}
3941
3942static void md_reset(struct md_s *s)
3943{
3944 s->opt = OPT_MODE_MMAP;
3945 s->stat = 0;
3946 s->pins = 0;
3947 s->cycle = 0;
3948 s->ctrl = 0;
3949 ide_reset(s->ide);
3950}
3951
9e315fa9 3952static uint8_t md_attr_read(void *opaque, uint32_t at)
201a51fc
AZ		 3953{
3954 struct md_s *s = (struct md_s *) opaque;
3955 if (at < s->attr_base) {
3956 if (at < s->card.cis_len)
3957 return s->card.cis[at];
3958 else
3959 return 0x00;
3960 }
3961
3962 at -= s->attr_base;
3963
3964 switch (at) {
3965 case 0x00: /* Configuration Option Register */
3966 return s->opt;
3967 case 0x02: /* Card Configuration Status Register */
3968 if (s->ctrl & CTRL_IEN)
3969 return s->stat & ~STAT_INT;
3970 else
3971 return s->stat;
3972 case 0x04: /* Pin Replacement Register */
3973 return (s->pins & PINS_CRDY) | 0x0c;
3974 case 0x06: /* Socket and Copy Register */
3975 return 0x00;
3976#ifdef VERBOSE
3977 default:
3978 printf("%s: Bad attribute space register %02x\n", __FUNCTION__, at);
3979#endif
3980 }
3981
3982 return 0;
3983}
3984
9e315fa9 3985static void md_attr_write(void *opaque, uint32_t at, uint8_t value)
201a51fc
AZ		 3986{
3987 struct md_s *s = (struct md_s *) opaque;
3988 at -= s->attr_base;
3989
3990 switch (at) {
3991 case 0x00: /* Configuration Option Register */
3992 s->opt = value & 0xcf;
3993 if (value & OPT_SRESET)
3994 md_reset(s);
3995 md_interrupt_update(s);
3996 break;
3997 case 0x02: /* Card Configuration Status Register */
3998 if ((s->stat ^ value) & STAT_PWRDWN)
3999 s->pins |= PINS_CRDY;
4000 s->stat &= 0x82;
4001 s->stat |= value & 0x74;
4002 md_interrupt_update(s);
4003 /* Word 170 in Identify Device must be equal to STAT_XE */
4004 break;
4005 case 0x04: /* Pin Replacement Register */
4006 s->pins &= PINS_CRDY;
4007 s->pins |= value & PINS_MRDY;
4008 break;
4009 case 0x06: /* Socket and Copy Register */
4010 break;
4011 default:
4012 printf("%s: Bad attribute space register %02x\n", __FUNCTION__, at);
4013 }
4014}
4015
9e315fa9 4016static uint16_t md_common_read(void *opaque, uint32_t at)
201a51fc
AZ		 4017{
4018 struct md_s *s = (struct md_s *) opaque;
4019 uint16_t ret;
4020 at -= s->io_base;
4021
4022 switch (s->opt & OPT_MODE) {
4023 case OPT_MODE_MMAP:
4024 if ((at & ~0x3ff) == 0x400)
4025 at = 0;
4026 break;
4027 case OPT_MODE_IOMAP16:
4028 at &= 0xf;
4029 break;
4030 case OPT_MODE_IOMAP1:
4031 if ((at & ~0xf) == 0x3f0)
4032 at -= 0x3e8;
4033 else if ((at & ~0xf) == 0x1f0)
4034 at -= 0x1f0;
4035 break;
4036 case OPT_MODE_IOMAP2:
4037 if ((at & ~0xf) == 0x370)
4038 at -= 0x368;
4039 else if ((at & ~0xf) == 0x170)
4040 at -= 0x170;
4041 }
4042
4043 switch (at) {
4044 case 0x0: /* Even RD Data */
4045 case 0x8:
4046 return ide_data_readw(s->ide, 0);
4047
4048 /* TODO: 8-bit accesses */
4049 if (s->cycle)
4050 ret = s->io >> 8;
4051 else {
4052 s->io = ide_data_readw(s->ide, 0);
4053 ret = s->io & 0xff;
4054 }
4055 s->cycle = !s->cycle;
4056 return ret;
4057 case 0x9: /* Odd RD Data */
4058 return s->io >> 8;
4059 case 0xd: /* Error */
4060 return ide_ioport_read(s->ide, 0x1);
4061 case 0xe: /* Alternate Status */
4062 if (s->ide->cur_drive->bs)
4063 return s->ide->cur_drive->status;
4064 else
4065 return 0;
4066 case 0xf: /* Device Address */
4067 return 0xc2 | ((~s->ide->select << 2) & 0x3c);
4068 default:
4069 return ide_ioport_read(s->ide, at);
4070 }
4071
4072 return 0;
4073}
4074
9e315fa9 4075static void md_common_write(void *opaque, uint32_t at, uint16_t value)
201a51fc
AZ		 4076{
4077 struct md_s *s = (struct md_s *) opaque;
4078 at -= s->io_base;
4079
4080 switch (s->opt & OPT_MODE) {
4081 case OPT_MODE_MMAP:
4082 if ((at & ~0x3ff) == 0x400)
4083 at = 0;
4084 break;
4085 case OPT_MODE_IOMAP16:
4086 at &= 0xf;
4087 break;
4088 case OPT_MODE_IOMAP1:
4089 if ((at & ~0xf) == 0x3f0)
4090 at -= 0x3e8;
4091 else if ((at & ~0xf) == 0x1f0)
4092 at -= 0x1f0;
4093 break;
4094 case OPT_MODE_IOMAP2:
4095 if ((at & ~0xf) == 0x370)
4096 at -= 0x368;
4097 else if ((at & ~0xf) == 0x170)
4098 at -= 0x170;
4099 }
4100
4101 switch (at) {
4102 case 0x0: /* Even WR Data */
4103 case 0x8:
4104 ide_data_writew(s->ide, 0, value);
4105 break;
4106
4107 /* TODO: 8-bit accesses */
4108 if (s->cycle)
4109 ide_data_writew(s->ide, 0, s->io | (value << 8));
4110 else
4111 s->io = value & 0xff;
4112 s->cycle = !s->cycle;
4113 break;
4114 case 0x9:
4115 s->io = value & 0xff;
4116 s->cycle = !s->cycle;
4117 break;
4118 case 0xd: /* Features */
4119 ide_ioport_write(s->ide, 0x1, value);
4120 break;
4121 case 0xe: /* Device Control */
4122 s->ctrl = value;
4123 if (value & CTRL_SRST)
4124 md_reset(s);
4125 md_interrupt_update(s);
4126 break;
4127 default:
4128 if (s->stat & STAT_PWRDWN) {
4129 s->pins |= PINS_CRDY;
4130 s->stat &= ~STAT_PWRDWN;
4131 }
4132 ide_ioport_write(s->ide, at, value);
4133 }
4134}
4135
aa941b94
AZ		 4136static void md_save(QEMUFile *f, void *opaque)
4137{
4138 struct md_s *s = (struct md_s *) opaque;
4139 int i;
4140 uint8_t drive1_selected;
4141
4142 qemu_put_8s(f, &s->opt);
4143 qemu_put_8s(f, &s->stat);
4144 qemu_put_8s(f, &s->pins);
4145
4146 qemu_put_8s(f, &s->ctrl);
4147 qemu_put_be16s(f, &s->io);
4148 qemu_put_byte(f, s->cycle);
4149
4150 drive1_selected = (s->ide->cur_drive != s->ide);
4151 qemu_put_8s(f, &s->ide->cmd);
4152 qemu_put_8s(f, &drive1_selected);
4153
4154 for (i = 0; i < 2; i ++)
4155 ide_save(f, &s->ide[i]);
4156}
4157
4158static int md_load(QEMUFile *f, void *opaque, int version_id)
4159{
4160 struct md_s *s = (struct md_s *) opaque;
4161 int i;
4162 uint8_t drive1_selected;
4163
4164 qemu_get_8s(f, &s->opt);
4165 qemu_get_8s(f, &s->stat);
4166 qemu_get_8s(f, &s->pins);
4167
4168 qemu_get_8s(f, &s->ctrl);
4169 qemu_get_be16s(f, &s->io);
4170 s->cycle = qemu_get_byte(f);
4171
4172 qemu_get_8s(f, &s->ide->cmd);
4173 qemu_get_8s(f, &drive1_selected);
4174 s->ide->cur_drive = &s->ide[(drive1_selected != 0)];
4175
4176 for (i = 0; i < 2; i ++)
4177 ide_load(f, &s->ide[i]);
4178
4179 return 0;
4180}
4181
201a51fc
AZ		 4182static const uint8_t dscm1xxxx_cis[0x14a] = {
4183 [0x000] = CISTPL_DEVICE, /* 5V Device Information */
4184 [0x002] = 0x03, /* Tuple length = 4 bytes */
4185 [0x004] = 0xdb, /* ID: DTYPE_FUNCSPEC, non WP, DSPEED_150NS */
4186 [0x006] = 0x01, /* Size = 2K bytes */
4187 [0x008] = CISTPL_ENDMARK,
4188
4189 [0x00a] = CISTPL_DEVICE_OC, /* Additional Device Information */
4190 [0x00c] = 0x04, /* Tuple length = 4 byest */
4191 [0x00e] = 0x03, /* Conditions: Ext = 0, Vcc 3.3V, MWAIT = 1 */
4192 [0x010] = 0xdb, /* ID: DTYPE_FUNCSPEC, non WP, DSPEED_150NS */
4193 [0x012] = 0x01, /* Size = 2K bytes */
4194 [0x014] = CISTPL_ENDMARK,
4195
4196 [0x016] = CISTPL_JEDEC_C, /* JEDEC ID */
4197 [0x018] = 0x02, /* Tuple length = 2 bytes */
4198 [0x01a] = 0xdf, /* PC Card ATA with no Vpp required */
4199 [0x01c] = 0x01,
4200
4201 [0x01e] = CISTPL_MANFID, /* Manufacture ID */
4202 [0x020] = 0x04, /* Tuple length = 4 bytes */
4203 [0x022] = 0xa4, /* TPLMID_MANF = 00a4 (IBM) */
4204 [0x024] = 0x00,
4205 [0x026] = 0x00, /* PLMID_CARD = 0000 */
4206 [0x028] = 0x00,
4207
4208 [0x02a] = CISTPL_VERS_1, /* Level 1 Version */
4209 [0x02c] = 0x12, /* Tuple length = 23 bytes */
4210 [0x02e] = 0x04, /* Major Version = JEIDA 4.2 / PCMCIA 2.1 */
4211 [0x030] = 0x01, /* Minor Version = 1 */
4212 [0x032] = 'I',
4213 [0x034] = 'B',
4214 [0x036] = 'M',
4215 [0x038] = 0x00,
4216 [0x03a] = 'm',
4217 [0x03c] = 'i',
4218 [0x03e] = 'c',
4219 [0x040] = 'r',
4220 [0x042] = 'o',
4221 [0x044] = 'd',
4222 [0x046] = 'r',
4223 [0x048] = 'i',
4224 [0x04a] = 'v',
4225 [0x04c] = 'e',
4226 [0x04e] = 0x00,
4227 [0x050] = CISTPL_ENDMARK,
4228
4229 [0x052] = CISTPL_FUNCID, /* Function ID */
4230 [0x054] = 0x02, /* Tuple length = 2 bytes */
4231 [0x056] = 0x04, /* TPLFID_FUNCTION = Fixed Disk */
4232 [0x058] = 0x01, /* TPLFID_SYSINIT: POST = 1, ROM = 0 */
4233
4234 [0x05a] = CISTPL_FUNCE, /* Function Extension */
4235 [0x05c] = 0x02, /* Tuple length = 2 bytes */
4236 [0x05e] = 0x01, /* TPLFE_TYPE = Disk Device Interface */
4237 [0x060] = 0x01, /* TPLFE_DATA = PC Card ATA Interface */
4238
4239 [0x062] = CISTPL_FUNCE, /* Function Extension */
4240 [0x064] = 0x03, /* Tuple length = 3 bytes */
4241 [0x066] = 0x02, /* TPLFE_TYPE = Basic PC Card ATA Interface */
4242 [0x068] = 0x08, /* TPLFE_DATA: Rotating, Unique, Single */
4243 [0x06a] = 0x0f, /* TPLFE_DATA: Sleep, Standby, Idle, Auto */
4244
4245 [0x06c] = CISTPL_CONFIG, /* Configuration */
4246 [0x06e] = 0x05, /* Tuple length = 5 bytes */
4247 [0x070] = 0x01, /* TPCC_RASZ = 2 bytes, TPCC_RMSZ = 1 byte */
4248 [0x072] = 0x07, /* TPCC_LAST = 7 */
4249 [0x074] = 0x00, /* TPCC_RADR = 0200 */
4250 [0x076] = 0x02,
4251 [0x078] = 0x0f, /* TPCC_RMSK = 200, 202, 204, 206 */
4252
4253 [0x07a] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
4254 [0x07c] = 0x0b, /* Tuple length = 11 bytes */
4255 [0x07e] = 0xc0, /* TPCE_INDX = Memory Mode, Default, Iface */
4256 [0x080] = 0xc0, /* TPCE_IF = Memory, no BVDs, no WP, READY */
4257 [0x082] = 0xa1, /* TPCE_FS = Vcc only, no I/O, Memory, Misc */
4258 [0x084] = 0x27, /* NomV = 1, MinV = 1, MaxV = 1, Peakl = 1 */
4259 [0x086] = 0x55, /* NomV: 5.0 V */
4260 [0x088] = 0x4d, /* MinV: 4.5 V */
4261 [0x08a] = 0x5d, /* MaxV: 5.5 V */
4262 [0x08c] = 0x4e, /* Peakl: 450 mA */
4263 [0x08e] = 0x08, /* TPCE_MS = 1 window, 1 byte, Host address */
4264 [0x090] = 0x00, /* Window descriptor: Window length = 0 */
4265 [0x092] = 0x20, /* TPCE_MI: support power down mode, RW */
4266
4267 [0x094] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
4268 [0x096] = 0x06, /* Tuple length = 6 bytes */
4269 [0x098] = 0x00, /* TPCE_INDX = Memory Mode, no Default */
4270 [0x09a] = 0x01, /* TPCE_FS = Vcc only, no I/O, no Memory */
4271 [0x09c] = 0x21, /* NomV = 1, MinV = 0, MaxV = 0, Peakl = 1 */
4272 [0x09e] = 0xb5, /* NomV: 3.3 V */
4273 [0x0a0] = 0x1e,
4274 [0x0a2] = 0x3e, /* Peakl: 350 mA */
4275
4276 [0x0a4] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
4277 [0x0a6] = 0x0d, /* Tuple length = 13 bytes */
4278 [0x0a8] = 0xc1, /* TPCE_INDX = I/O and Memory Mode, Default */
4279 [0x0aa] = 0x41, /* TPCE_IF = I/O and Memory, no BVD, no WP */
4280 [0x0ac] = 0x99, /* TPCE_FS = Vcc only, I/O, Interrupt, Misc */
4281 [0x0ae] = 0x27, /* NomV = 1, MinV = 1, MaxV = 1, Peakl = 1 */
4282 [0x0b0] = 0x55, /* NomV: 5.0 V */
4283 [0x0b2] = 0x4d, /* MinV: 4.5 V */
4284 [0x0b4] = 0x5d, /* MaxV: 5.5 V */
4285 [0x0b6] = 0x4e, /* Peakl: 450 mA */
4286 [0x0b8] = 0x64, /* TPCE_IO = 16-byte boundary, 16/8 accesses */
4287 [0x0ba] = 0xf0, /* TPCE_IR = MASK, Level, Pulse, Share */
4288 [0x0bc] = 0xff, /* IRQ0..IRQ7 supported */
4289 [0x0be] = 0xff, /* IRQ8..IRQ15 supported */
4290 [0x0c0] = 0x20, /* TPCE_MI = support power down mode */
4291
4292 [0x0c2] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
4293 [0x0c4] = 0x06, /* Tuple length = 6 bytes */
4294 [0x0c6] = 0x01, /* TPCE_INDX = I/O and Memory Mode */
4295 [0x0c8] = 0x01, /* TPCE_FS = Vcc only, no I/O, no Memory */
4296 [0x0ca] = 0x21, /* NomV = 1, MinV = 0, MaxV = 0, Peakl = 1 */
4297 [0x0cc] = 0xb5, /* NomV: 3.3 V */
4298 [0x0ce] = 0x1e,
4299 [0x0d0] = 0x3e, /* Peakl: 350 mA */
4300
4301 [0x0d2] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
4302 [0x0d4] = 0x12, /* Tuple length = 18 bytes */
4303 [0x0d6] = 0xc2, /* TPCE_INDX = I/O Primary Mode */
4304 [0x0d8] = 0x41, /* TPCE_IF = I/O and Memory, no BVD, no WP */
4305 [0x0da] = 0x99, /* TPCE_FS = Vcc only, I/O, Interrupt, Misc */
4306 [0x0dc] = 0x27, /* NomV = 1, MinV = 1, MaxV = 1, Peakl = 1 */
4307 [0x0de] = 0x55, /* NomV: 5.0 V */
4308 [0x0e0] = 0x4d, /* MinV: 4.5 V */
4309 [0x0e2] = 0x5d, /* MaxV: 5.5 V */
4310 [0x0e4] = 0x4e, /* Peakl: 450 mA */
4311 [0x0e6] = 0xea, /* TPCE_IO = 1K boundary, 16/8 access, Range */
4312 [0x0e8] = 0x61, /* Range: 2 fields, 2 bytes addr, 1 byte len */
4313 [0x0ea] = 0xf0, /* Field 1 address = 0x01f0 */
4314 [0x0ec] = 0x01,
4315 [0x0ee] = 0x07, /* Address block length = 8 */
4316 [0x0f0] = 0xf6, /* Field 2 address = 0x03f6 */
4317 [0x0f2] = 0x03,
4318 [0x0f4] = 0x01, /* Address block length = 2 */
4319 [0x0f6] = 0xee, /* TPCE_IR = IRQ E, Level, Pulse, Share */
4320 [0x0f8] = 0x20, /* TPCE_MI = support power down mode */
4321
4322 [0x0fa] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
4323 [0x0fc] = 0x06, /* Tuple length = 6 bytes */
4324 [0x0fe] = 0x02, /* TPCE_INDX = I/O Primary Mode, no Default */
4325 [0x100] = 0x01, /* TPCE_FS = Vcc only, no I/O, no Memory */
4326 [0x102] = 0x21, /* NomV = 1, MinV = 0, MaxV = 0, Peakl = 1 */
4327 [0x104] = 0xb5, /* NomV: 3.3 V */
4328 [0x106] = 0x1e,
4329 [0x108] = 0x3e, /* Peakl: 350 mA */
4330
4331 [0x10a] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
4332 [0x10c] = 0x12, /* Tuple length = 18 bytes */
4333 [0x10e] = 0xc3, /* TPCE_INDX = I/O Secondary Mode, Default */
4334 [0x110] = 0x41, /* TPCE_IF = I/O and Memory, no BVD, no WP */
4335 [0x112] = 0x99, /* TPCE_FS = Vcc only, I/O, Interrupt, Misc */
4336 [0x114] = 0x27, /* NomV = 1, MinV = 1, MaxV = 1, Peakl = 1 */
4337 [0x116] = 0x55, /* NomV: 5.0 V */
4338 [0x118] = 0x4d, /* MinV: 4.5 V */
4339 [0x11a] = 0x5d, /* MaxV: 5.5 V */
4340 [0x11c] = 0x4e, /* Peakl: 450 mA */
4341 [0x11e] = 0xea, /* TPCE_IO = 1K boundary, 16/8 access, Range */
4342 [0x120] = 0x61, /* Range: 2 fields, 2 byte addr, 1 byte len */
4343 [0x122] = 0x70, /* Field 1 address = 0x0170 */
4344 [0x124] = 0x01,
4345 [0x126] = 0x07, /* Address block length = 8 */
4346 [0x128] = 0x76, /* Field 2 address = 0x0376 */
4347 [0x12a] = 0x03,
4348 [0x12c] = 0x01, /* Address block length = 2 */
4349 [0x12e] = 0xee, /* TPCE_IR = IRQ E, Level, Pulse, Share */
4350 [0x130] = 0x20, /* TPCE_MI = support power down mode */
4351
4352 [0x132] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
4353 [0x134] = 0x06, /* Tuple length = 6 bytes */
4354 [0x136] = 0x03, /* TPCE_INDX = I/O Secondary Mode */
4355 [0x138] = 0x01, /* TPCE_FS = Vcc only, no I/O, no Memory */
4356 [0x13a] = 0x21, /* NomV = 1, MinV = 0, MaxV = 0, Peakl = 1 */
4357 [0x13c] = 0xb5, /* NomV: 3.3 V */
4358 [0x13e] = 0x1e,
4359 [0x140] = 0x3e, /* Peakl: 350 mA */
4360
4361 [0x142] = CISTPL_NO_LINK, /* No Link */
4362 [0x144] = 0x00, /* Tuple length = 0 bytes */
4363
4364 [0x146] = CISTPL_END, /* Tuple End */
4365};
4366
4367static int dscm1xxxx_attach(void *opaque)
4368{
4369 struct md_s *md = (struct md_s *) opaque;
4370 md->card.attr_read = md_attr_read;
4371 md->card.attr_write = md_attr_write;
4372 md->card.common_read = md_common_read;
4373 md->card.common_write = md_common_write;
4374 md->card.io_read = md_common_read;
4375 md->card.io_write = md_common_write;
4376
4377 md->attr_base = md->card.cis[0x74] | (md->card.cis[0x76] << 8);
4378 md->io_base = 0x0;
4379
4380 md_reset(md);
4381 md_interrupt_update(md);
4382
4383 md->card.slot->card_string = "DSCM-1xxxx Hitachi Microdrive";
4384 return 0;
4385}
4386
4387static int dscm1xxxx_detach(void *opaque)
4388{
4389 struct md_s *md = (struct md_s *) opaque;
4390 md_reset(md);
4391 return 0;
4392}
4393
4394struct pcmcia_card_s *dscm1xxxx_init(BlockDriverState *bdrv)
4395{
4396 struct md_s *md = (struct md_s *) qemu_mallocz(sizeof(struct md_s));
4397 md->card.state = md;
4398 md->card.attach = dscm1xxxx_attach;
4399 md->card.detach = dscm1xxxx_detach;
4400 md->card.cis = dscm1xxxx_cis;
4401 md->card.cis_len = sizeof(dscm1xxxx_cis);
4402
4403 ide_init2(md->ide, bdrv, 0, qemu_allocate_irqs(md_set_irq, md, 1)[0]);
4404 md->ide->is_cf = 1;
4405 md->ide->mdata_size = METADATA_SIZE;
4406 md->ide->mdata_storage = (uint8_t *) qemu_mallocz(METADATA_SIZE);
aa941b94 4407
18be5187 4408 register_savevm("microdrive", -1, 0, md_save, md_load, md);
aa941b94 4409
201a51fc
AZ		 4410 return &md->card;
4411}
Qemu copy for testing