]> git.proxmox.com Git - qemu.git/blame - hw/ide.c
projects / qemu.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
x86 pextrw destination operand can be r64.
[qemu.git] / hw / ide.c
CommitLineData
5391d806 1/*
38cdea7c 2 * QEMU IDE disk and CD/DVD-ROM Emulator
5fafdf24 3 *
5391d806 4 * Copyright (c) 2003 Fabrice Bellard
201a51fc 5 * Copyright (c) 2006 Openedhand Ltd.
5fafdf24 6 *
5391d806
FB		 7 * Permission is hereby granted, free of charge, to any person obtaining a copy
8 * of this software and associated documentation files (the "Software"), to deal
9 * in the Software without restriction, including without limitation the rights
10 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
11 * copies of the Software, and to permit persons to whom the Software is
12 * furnished to do so, subject to the following conditions:
13 *
14 * The above copyright notice and this permission notice shall be included in
15 * all copies or substantial portions of the Software.
16 *
17 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
18 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
19 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
20 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
21 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
22 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
23 * THE SOFTWARE.
24 */
87ecb68b
PB		 25#include "hw.h"
26#include "pc.h"
27#include "pci.h"
28#include "scsi-disk.h"
29#include "pcmcia.h"
30#include "block.h"
31#include "qemu-timer.h"
32#include "sysemu.h"
9596ebb7 33#include "ppc_mac.h"
5391d806 34
5391d806
FB		 35/* debug IDE devices */
36//#define DEBUG_IDE
37//#define DEBUG_IDE_ATAPI
8ccad811
FB		 38//#define DEBUG_AIO
39#define USE_DMA_CDROM
5391d806
FB		 40
41/* Bits of HD_STATUS */
42#define ERR_STAT 0x01
43#define INDEX_STAT 0x02
44#define ECC_STAT 0x04 /* Corrected error */
45#define DRQ_STAT 0x08
46#define SEEK_STAT 0x10
47#define SRV_STAT 0x10
48#define WRERR_STAT 0x20
49#define READY_STAT 0x40
50#define BUSY_STAT 0x80
51
52/* Bits for HD_ERROR */
53#define MARK_ERR 0x01 /* Bad address mark */
54#define TRK0_ERR 0x02 /* couldn't find track 0 */
55#define ABRT_ERR 0x04 /* Command aborted */
56#define MCR_ERR 0x08 /* media change request */
57#define ID_ERR 0x10 /* ID field not found */
58#define MC_ERR 0x20 /* media changed */
59#define ECC_ERR 0x40 /* Uncorrectable ECC error */
60#define BBD_ERR 0x80 /* pre-EIDE meaning: block marked bad */
61#define ICRC_ERR 0x80 /* new meaning: CRC error during transfer */
62
63/* Bits of HD_NSECTOR */
64#define CD 0x01
65#define IO 0x02
66#define REL 0x04
67#define TAG_MASK 0xf8
68
69#define IDE_CMD_RESET 0x04
70#define IDE_CMD_DISABLE_IRQ 0x02
71
72/* ATA/ATAPI Commands pre T13 Spec */
73#define WIN_NOP 0x00
74/*
75 * 0x01->0x02 Reserved
76 */
77#define CFA_REQ_EXT_ERROR_CODE 0x03 /* CFA Request Extended Error Code */
78/*
79 * 0x04->0x07 Reserved
80 */
81#define WIN_SRST 0x08 /* ATAPI soft reset command */
82#define WIN_DEVICE_RESET 0x08
83/*
84 * 0x09->0x0F Reserved
85 */
86#define WIN_RECAL 0x10
87#define WIN_RESTORE WIN_RECAL
88/*
89 * 0x10->0x1F Reserved
90 */
91#define WIN_READ 0x20 /* 28-Bit */
92#define WIN_READ_ONCE 0x21 /* 28-Bit without retries */
93#define WIN_READ_LONG 0x22 /* 28-Bit */
94#define WIN_READ_LONG_ONCE 0x23 /* 28-Bit without retries */
95#define WIN_READ_EXT 0x24 /* 48-Bit */
96#define WIN_READDMA_EXT 0x25 /* 48-Bit */
97#define WIN_READDMA_QUEUED_EXT 0x26 /* 48-Bit */
98#define WIN_READ_NATIVE_MAX_EXT 0x27 /* 48-Bit */
99/*
100 * 0x28
101 */
102#define WIN_MULTREAD_EXT 0x29 /* 48-Bit */
103/*
104 * 0x2A->0x2F Reserved
105 */
106#define WIN_WRITE 0x30 /* 28-Bit */
107#define WIN_WRITE_ONCE 0x31 /* 28-Bit without retries */
108#define WIN_WRITE_LONG 0x32 /* 28-Bit */
109#define WIN_WRITE_LONG_ONCE 0x33 /* 28-Bit without retries */
110#define WIN_WRITE_EXT 0x34 /* 48-Bit */
111#define WIN_WRITEDMA_EXT 0x35 /* 48-Bit */
112#define WIN_WRITEDMA_QUEUED_EXT 0x36 /* 48-Bit */
113#define WIN_SET_MAX_EXT 0x37 /* 48-Bit */
114#define CFA_WRITE_SECT_WO_ERASE 0x38 /* CFA Write Sectors without erase */
115#define WIN_MULTWRITE_EXT 0x39 /* 48-Bit */
116/*
117 * 0x3A->0x3B Reserved
118 */
119#define WIN_WRITE_VERIFY 0x3C /* 28-Bit */
120/*
121 * 0x3D->0x3F Reserved
122 */
123#define WIN_VERIFY 0x40 /* 28-Bit - Read Verify Sectors */
124#define WIN_VERIFY_ONCE 0x41 /* 28-Bit - without retries */
125#define WIN_VERIFY_EXT 0x42 /* 48-Bit */
126/*
127 * 0x43->0x4F Reserved
128 */
129#define WIN_FORMAT 0x50
130/*
131 * 0x51->0x5F Reserved
132 */
133#define WIN_INIT 0x60
134/*
135 * 0x61->0x5F Reserved
136 */
137#define WIN_SEEK 0x70 /* 0x70-0x7F Reserved */
138#define CFA_TRANSLATE_SECTOR 0x87 /* CFA Translate Sector */
139#define WIN_DIAGNOSE 0x90
140#define WIN_SPECIFY 0x91 /* set drive geometry translation */
141#define WIN_DOWNLOAD_MICROCODE 0x92
142#define WIN_STANDBYNOW2 0x94
201a51fc 143#define CFA_IDLEIMMEDIATE 0x95 /* force drive to become "ready" */
5391d806
FB		 144#define WIN_STANDBY2 0x96
145#define WIN_SETIDLE2 0x97
146#define WIN_CHECKPOWERMODE2 0x98
147#define WIN_SLEEPNOW2 0x99
148/*
149 * 0x9A VENDOR
150 */
151#define WIN_PACKETCMD 0xA0 /* Send a packet command. */
152#define WIN_PIDENTIFY 0xA1 /* identify ATAPI device */
153#define WIN_QUEUED_SERVICE 0xA2
154#define WIN_SMART 0xB0 /* self-monitoring and reporting */
201a51fc
AZ		 155#define CFA_ACCESS_METADATA_STORAGE 0xB8
156#define CFA_ERASE_SECTORS 0xC0 /* microdrives implement as NOP */
5391d806
FB		 157#define WIN_MULTREAD 0xC4 /* read sectors using multiple mode*/
158#define WIN_MULTWRITE 0xC5 /* write sectors using multiple mode */
159#define WIN_SETMULT 0xC6 /* enable/disable multiple mode */
160#define WIN_READDMA_QUEUED 0xC7 /* read sectors using Queued DMA transfers */
161#define WIN_READDMA 0xC8 /* read sectors using DMA transfers */
162#define WIN_READDMA_ONCE 0xC9 /* 28-Bit - without retries */
163#define WIN_WRITEDMA 0xCA /* write sectors using DMA transfers */
164#define WIN_WRITEDMA_ONCE 0xCB /* 28-Bit - without retries */
165#define WIN_WRITEDMA_QUEUED 0xCC /* write sectors using Queued DMA transfers */
166#define CFA_WRITE_MULTI_WO_ERASE 0xCD /* CFA Write multiple without erase */
5fafdf24 167#define WIN_GETMEDIASTATUS 0xDA
5391d806
FB		 168#define WIN_ACKMEDIACHANGE 0xDB /* ATA-1, ATA-2 vendor */
169#define WIN_POSTBOOT 0xDC
170#define WIN_PREBOOT 0xDD
171#define WIN_DOORLOCK 0xDE /* lock door on removable drives */
172#define WIN_DOORUNLOCK 0xDF /* unlock door on removable drives */
173#define WIN_STANDBYNOW1 0xE0
174#define WIN_IDLEIMMEDIATE 0xE1 /* force drive to become "ready" */
175#define WIN_STANDBY 0xE2 /* Set device in Standby Mode */
176#define WIN_SETIDLE1 0xE3
177#define WIN_READ_BUFFER 0xE4 /* force read only 1 sector */
178#define WIN_CHECKPOWERMODE1 0xE5
179#define WIN_SLEEPNOW1 0xE6
180#define WIN_FLUSH_CACHE 0xE7
181#define WIN_WRITE_BUFFER 0xE8 /* force write only 1 sector */
182#define WIN_WRITE_SAME 0xE9 /* read ata-2 to use */
183 /* SET_FEATURES 0x22 or 0xDD */
184#define WIN_FLUSH_CACHE_EXT 0xEA /* 48-Bit */
185#define WIN_IDENTIFY 0xEC /* ask drive to identify itself */
186#define WIN_MEDIAEJECT 0xED
187#define WIN_IDENTIFY_DMA 0xEE /* same as WIN_IDENTIFY, but DMA */
188#define WIN_SETFEATURES 0xEF /* set special drive features */
189#define EXABYTE_ENABLE_NEST 0xF0
201a51fc 190#define IBM_SENSE_CONDITION 0xF0 /* measure disk temperature */
5391d806
FB		 191#define WIN_SECURITY_SET_PASS 0xF1
192#define WIN_SECURITY_UNLOCK 0xF2
193#define WIN_SECURITY_ERASE_PREPARE 0xF3
194#define WIN_SECURITY_ERASE_UNIT 0xF4
195#define WIN_SECURITY_FREEZE_LOCK 0xF5
201a51fc 196#define CFA_WEAR_LEVEL 0xF5 /* microdrives implement as NOP */
5391d806
FB		 197#define WIN_SECURITY_DISABLE 0xF6
198#define WIN_READ_NATIVE_MAX 0xF8 /* return the native maximum address */
199#define WIN_SET_MAX 0xF9
200#define DISABLE_SEAGATE 0xFB
201
202/* set to 1 set disable mult support */
f66723fa 203#define MAX_MULT_SECTORS 16
5391d806 204
1d8cde5b
AJ		 205#define IDE_DMA_BUF_SECTORS 256
206
207#if (IDE_DMA_BUF_SECTORS < MAX_MULT_SECTORS)
208#error "IDE_DMA_BUF_SECTORS must be bigger or equal to MAX_MULT_SECTORS"
209#endif
210
5391d806
FB		 211/* ATAPI defines */
212
213#define ATAPI_PACKET_SIZE 12
214
215/* The generic packet command opcodes for CD/DVD Logical Units,
216 * From Table 57 of the SFF8090 Ver. 3 (Mt. Fuji) draft standard. */
217#define GPCMD_BLANK 0xa1
218#define GPCMD_CLOSE_TRACK 0x5b
219#define GPCMD_FLUSH_CACHE 0x35
220#define GPCMD_FORMAT_UNIT 0x04
221#define GPCMD_GET_CONFIGURATION 0x46
222#define GPCMD_GET_EVENT_STATUS_NOTIFICATION 0x4a
223#define GPCMD_GET_PERFORMANCE 0xac
224#define GPCMD_INQUIRY 0x12
225#define GPCMD_LOAD_UNLOAD 0xa6
226#define GPCMD_MECHANISM_STATUS 0xbd
227#define GPCMD_MODE_SELECT_10 0x55
228#define GPCMD_MODE_SENSE_10 0x5a
229#define GPCMD_PAUSE_RESUME 0x4b
230#define GPCMD_PLAY_AUDIO_10 0x45
231#define GPCMD_PLAY_AUDIO_MSF 0x47
232#define GPCMD_PLAY_AUDIO_TI 0x48
233#define GPCMD_PLAY_CD 0xbc
234#define GPCMD_PREVENT_ALLOW_MEDIUM_REMOVAL 0x1e
235#define GPCMD_READ_10 0x28
236#define GPCMD_READ_12 0xa8
237#define GPCMD_READ_CDVD_CAPACITY 0x25
238#define GPCMD_READ_CD 0xbe
239#define GPCMD_READ_CD_MSF 0xb9
240#define GPCMD_READ_DISC_INFO 0x51
241#define GPCMD_READ_DVD_STRUCTURE 0xad
242#define GPCMD_READ_FORMAT_CAPACITIES 0x23
243#define GPCMD_READ_HEADER 0x44
244#define GPCMD_READ_TRACK_RZONE_INFO 0x52
245#define GPCMD_READ_SUBCHANNEL 0x42
246#define GPCMD_READ_TOC_PMA_ATIP 0x43
247#define GPCMD_REPAIR_RZONE_TRACK 0x58
248#define GPCMD_REPORT_KEY 0xa4
249#define GPCMD_REQUEST_SENSE 0x03
250#define GPCMD_RESERVE_RZONE_TRACK 0x53
251#define GPCMD_SCAN 0xba
252#define GPCMD_SEEK 0x2b
253#define GPCMD_SEND_DVD_STRUCTURE 0xad
254#define GPCMD_SEND_EVENT 0xa2
255#define GPCMD_SEND_KEY 0xa3
256#define GPCMD_SEND_OPC 0x54
257#define GPCMD_SET_READ_AHEAD 0xa7
258#define GPCMD_SET_STREAMING 0xb6
259#define GPCMD_START_STOP_UNIT 0x1b
260#define GPCMD_STOP_PLAY_SCAN 0x4e
261#define GPCMD_TEST_UNIT_READY 0x00
262#define GPCMD_VERIFY_10 0x2f
263#define GPCMD_WRITE_10 0x2a
264#define GPCMD_WRITE_AND_VERIFY_10 0x2e
5fafdf24 265/* This is listed as optional in ATAPI 2.6, but is (curiously)
5391d806
FB		 266 * missing from Mt. Fuji, Table 57. It _is_ mentioned in Mt. Fuji
267 * Table 377 as an MMC command for SCSi devices though... Most ATAPI
268 * drives support it. */
269#define GPCMD_SET_SPEED 0xbb
5fafdf24 270/* This seems to be a SCSI specific CD-ROM opcode
5391d806
FB		 271 * to play data at track/index */
272#define GPCMD_PLAYAUDIO_TI 0x48
273/*
274 * From MS Media Status Notification Support Specification. For
275 * older drives only.
276 */
277#define GPCMD_GET_MEDIA_STATUS 0xda
d14049ea 278#define GPCMD_MODE_SENSE_6 0x1a
5391d806
FB		 279
280/* Mode page codes for mode sense/set */
281#define GPMODE_R_W_ERROR_PAGE 0x01
282#define GPMODE_WRITE_PARMS_PAGE 0x05
283#define GPMODE_AUDIO_CTL_PAGE 0x0e
284#define GPMODE_POWER_PAGE 0x1a
285#define GPMODE_FAULT_FAIL_PAGE 0x1c
286#define GPMODE_TO_PROTECT_PAGE 0x1d
287#define GPMODE_CAPABILITIES_PAGE 0x2a
288#define GPMODE_ALL_PAGES 0x3f
289/* Not in Mt. Fuji, but in ATAPI 2.6 -- depricated now in favor
290 * of MODE_SENSE_POWER_PAGE */
291#define GPMODE_CDROM_PAGE 0x0d
292
38cdea7c
AZ		 293/*
294 * Based on values from <linux/cdrom.h> but extending CD_MINS
295 * to the maximum common size allowed by the Orange's Book ATIP
296 *
297 * 90 and 99 min CDs are also available but using them as the
298 * upper limit reduces the effectiveness of the heuristic to
299 * detect DVDs burned to less than 25% of their maximum capacity
300 */
301
302/* Some generally useful CD-ROM information */
303#define CD_MINS 80 /* max. minutes per CD */
304#define CD_SECS 60 /* seconds per minute */
305#define CD_FRAMES 75 /* frames per second */
306#define CD_FRAMESIZE 2048 /* bytes per frame, "cooked" mode */
307#define CD_MAX_BYTES (CD_MINS * CD_SECS * CD_FRAMES * CD_FRAMESIZE)
308#define CD_MAX_SECTORS (CD_MAX_BYTES / 512)
309
310/*
311 * The MMC values are not IDE specific and might need to be moved
312 * to a common header if they are also needed for the SCSI emulation
313 */
314
315/* Profile list from MMC-6 revision 1 table 91 */
316#define MMC_PROFILE_NONE 0x0000
317#define MMC_PROFILE_CD_ROM 0x0008
318#define MMC_PROFILE_CD_R 0x0009
319#define MMC_PROFILE_CD_RW 0x000A
320#define MMC_PROFILE_DVD_ROM 0x0010
321#define MMC_PROFILE_DVD_R_SR 0x0011
322#define MMC_PROFILE_DVD_RAM 0x0012
323#define MMC_PROFILE_DVD_RW_RO 0x0013
324#define MMC_PROFILE_DVD_RW_SR 0x0014
325#define MMC_PROFILE_DVD_R_DL_SR 0x0015
326#define MMC_PROFILE_DVD_R_DL_JR 0x0016
327#define MMC_PROFILE_DVD_RW_DL 0x0017
328#define MMC_PROFILE_DVD_DDR 0x0018
329#define MMC_PROFILE_DVD_PLUS_RW 0x001A
330#define MMC_PROFILE_DVD_PLUS_R 0x001B
331#define MMC_PROFILE_DVD_PLUS_RW_DL 0x002A
332#define MMC_PROFILE_DVD_PLUS_R_DL 0x002B
333#define MMC_PROFILE_BD_ROM 0x0040
334#define MMC_PROFILE_BD_R_SRM 0x0041
335#define MMC_PROFILE_BD_R_RRM 0x0042
336#define MMC_PROFILE_BD_RE 0x0043
337#define MMC_PROFILE_HDDVD_ROM 0x0050
338#define MMC_PROFILE_HDDVD_R 0x0051
339#define MMC_PROFILE_HDDVD_RAM 0x0052
340#define MMC_PROFILE_HDDVD_RW 0x0053
341#define MMC_PROFILE_HDDVD_R_DL 0x0058
342#define MMC_PROFILE_HDDVD_RW_DL 0x005A
343#define MMC_PROFILE_INVALID 0xFFFF
344
5391d806
FB		 345#define ATAPI_INT_REASON_CD 0x01 /* 0 = data transfer */
346#define ATAPI_INT_REASON_IO 0x02 /* 1 = transfer to the host */
347#define ATAPI_INT_REASON_REL 0x04
348#define ATAPI_INT_REASON_TAG 0xf8
349
350/* same constants as bochs */
7f777bf3 351#define ASC_ILLEGAL_OPCODE 0x20
5391d806
FB		 352#define ASC_LOGICAL_BLOCK_OOR 0x21
353#define ASC_INV_FIELD_IN_CMD_PACKET 0x24
8114e9e8 354#define ASC_INCOMPATIBLE_FORMAT 0x30
5391d806
FB		 355#define ASC_MEDIUM_NOT_PRESENT 0x3a
356#define ASC_SAVING_PARAMETERS_NOT_SUPPORTED 0x39
357
201a51fc
AZ		 358#define CFA_NO_ERROR 0x00
359#define CFA_MISC_ERROR 0x09
360#define CFA_INVALID_COMMAND 0x20
361#define CFA_INVALID_ADDRESS 0x21
362#define CFA_ADDRESS_OVERFLOW 0x2f
363
5391d806
FB		 364#define SENSE_NONE 0
365#define SENSE_NOT_READY 2
366#define SENSE_ILLEGAL_REQUEST 5
367#define SENSE_UNIT_ATTENTION 6
368
369struct IDEState;
370
371typedef void EndTransferFunc(struct IDEState *);
372
caed8802 373/* NOTE: IDEState represents in fact one drive */
5391d806
FB		 374typedef struct IDEState {
375 /* ide config */
376 int is_cdrom;
201a51fc 377 int is_cf;
5391d806
FB		 378 int cylinders, heads, sectors;
379 int64_t nb_sectors;
380 int mult_sectors;
94458802
FB		 381 int identify_set;
382 uint16_t identify_data[256];
d537cf6c 383 qemu_irq irq;
34e538ae 384 PCIDevice *pci_dev;
98087450 385 struct BMDMAState *bmdma;
aedf5382 386 int drive_serial;
5391d806
FB		 387 /* ide regs */
388 uint8_t feature;
389 uint8_t error;
c2ff060f 390 uint32_t nsector;
5391d806
FB		 391 uint8_t sector;
392 uint8_t lcyl;
393 uint8_t hcyl;
c2ff060f
FB		 394 /* other part of tf for lba48 support */
395 uint8_t hob_feature;
396 uint8_t hob_nsector;
397 uint8_t hob_sector;
398 uint8_t hob_lcyl;
399 uint8_t hob_hcyl;
400
5391d806
FB		 401 uint8_t select;
402 uint8_t status;
c2ff060f 403
5391d806
FB		 404 /* 0x3f6 command, only meaningful for drive 0 */
405 uint8_t cmd;
c2ff060f
FB		 406 /* set for lba48 access */
407 uint8_t lba48;
5391d806 408 /* depends on bit 4 in select, only meaningful for drive 0 */
5fafdf24 409 struct IDEState *cur_drive;
5391d806
FB		 410 BlockDriverState *bs;
411 /* ATAPI specific */
412 uint8_t sense_key;
413 uint8_t asc;
414 int packet_transfer_size;
415 int elementary_transfer_size;
416 int io_buffer_index;
417 int lba;
98087450
FB		 418 int cd_sector_size;
419 int atapi_dma; /* true if dma is requested for the packet cmd */
420 /* ATA DMA state */
421 int io_buffer_size;
422 /* PIO transfer handling */
5391d806
FB		 423 int req_nb_sectors; /* number of sectors per interrupt */
424 EndTransferFunc *end_transfer_func;
425 uint8_t *data_ptr;
426 uint8_t *data_end;
33f00271 427 uint8_t *io_buffer;
31c2a146 428 QEMUTimer *sector_write_timer; /* only used for win2k install hack */
e774a278 429 uint32_t irq_count; /* counts IRQs when using win2k install hack */
201a51fc
AZ		 430 /* CF-ATA extended error */
431 uint8_t ext_error;
432 /* CF-ATA metadata storage */
433 uint32_t mdata_size;
434 uint8_t *mdata_storage;
435 int media_changed;
5391d806
FB		 436} IDEState;
437
8114e9e8
TS		 438/* XXX: DVDs that could fit on a CD will be reported as a CD */
439static inline int media_present(IDEState *s)
440{
441 return (s->nb_sectors > 0);
442}
443
444static inline int media_is_dvd(IDEState *s)
445{
446 return (media_present(s) && s->nb_sectors > CD_MAX_SECTORS);
447}
448
449static inline int media_is_cd(IDEState *s)
450{
451 return (media_present(s) && s->nb_sectors <= CD_MAX_SECTORS);
452}
453
98087450
FB		 454#define BM_STATUS_DMAING 0x01
455#define BM_STATUS_ERROR 0x02
456#define BM_STATUS_INT 0x04
457
458#define BM_CMD_START 0x01
459#define BM_CMD_READ 0x08
460
5457c8ce
FB		 461#define IDE_TYPE_PIIX3 0
462#define IDE_TYPE_CMD646 1
afcc3cdf 463#define IDE_TYPE_PIIX4 2
5457c8ce
FB		 464
465/* CMD646 specific */
466#define MRDMODE 0x71
467#define MRDMODE_INTR_CH0 0x04
468#define MRDMODE_INTR_CH1 0x08
469#define MRDMODE_BLK_CH0 0x10
470#define MRDMODE_BLK_CH1 0x20
471#define UDIDETCR0 0x73
472#define UDIDETCR1 0x7B
473
98087450
FB		 474typedef struct BMDMAState {
475 uint8_t cmd;
476 uint8_t status;
477 uint32_t addr;
3b46e624 478
5457c8ce 479 struct PCIIDEState *pci_dev;
98087450 480 /* current transfer state */
8ccad811
FB		 481 uint32_t cur_addr;
482 uint32_t cur_prd_last;
483 uint32_t cur_prd_addr;
484 uint32_t cur_prd_len;
98087450 485 IDEState *ide_if;
8ccad811
FB		 486 BlockDriverCompletionFunc *dma_cb;
487 BlockDriverAIOCB *aiocb;
98087450
FB		 488} BMDMAState;
489
490typedef struct PCIIDEState {
491 PCIDevice dev;
492 IDEState ide_if[4];
493 BMDMAState bmdma[2];
5457c8ce 494 int type; /* see IDE_TYPE_xxx */
98087450
FB		 495} PCIIDEState;
496
8ccad811 497static void ide_dma_start(IDEState *s, BlockDriverCompletionFunc *dma_cb);
5f12ab4b 498static void ide_atapi_cmd_read_dma_cb(void *opaque, int ret);
98087450 499
5391d806
FB		 500static void padstr(char *str, const char *src, int len)
501{
502 int i, v;
503 for(i = 0; i < len; i++) {
504 if (*src)
505 v = *src++;
506 else
507 v = ' ';
69b34976 508 str[i^1] = v;
5391d806
FB		 509 }
510}
511
bd0d90b2
FB		 512static void padstr8(uint8_t *buf, int buf_size, const char *src)
513{
514 int i;
515 for(i = 0; i < buf_size; i++) {
516 if (*src)
517 buf[i] = *src++;
518 else
519 buf[i] = ' ';
520 }
521}
522
67b915a5
FB		 523static void put_le16(uint16_t *p, unsigned int v)
524{
0c4ad8dc 525 *p = cpu_to_le16(v);
67b915a5
FB		 526}
527
5391d806
FB		 528static void ide_identify(IDEState *s)
529{
530 uint16_t *p;
531 unsigned int oldsize;
aedf5382 532 char buf[20];
5391d806 533
94458802
FB		 534 if (s->identify_set) {
535 memcpy(s->io_buffer, s->identify_data, sizeof(s->identify_data));
536 return;
537 }
538
5391d806
FB		 539 memset(s->io_buffer, 0, 512);
540 p = (uint16_t *)s->io_buffer;
67b915a5 541 put_le16(p + 0, 0x0040);
5fafdf24 542 put_le16(p + 1, s->cylinders);
67b915a5
FB		 543 put_le16(p + 3, s->heads);
544 put_le16(p + 4, 512 * s->sectors); /* XXX: retired, remove ? */
545 put_le16(p + 5, 512); /* XXX: retired, remove ? */
5fafdf24 546 put_le16(p + 6, s->sectors);
aedf5382 547 snprintf(buf, sizeof(buf), "QM%05d", s->drive_serial);
60fe76f3 548 padstr((char *)(p + 10), buf, 20); /* serial number */
67b915a5
FB		 549 put_le16(p + 20, 3); /* XXX: retired, remove ? */
550 put_le16(p + 21, 512); /* cache size in sectors */
551 put_le16(p + 22, 4); /* ecc bytes */
60fe76f3
TS		 552 padstr((char *)(p + 23), QEMU_VERSION, 8); /* firmware version */
553 padstr((char *)(p + 27), "QEMU HARDDISK", 40); /* model */
3b46e624 554#if MAX_MULT_SECTORS > 1
67b915a5 555 put_le16(p + 47, 0x8000 | MAX_MULT_SECTORS);
5391d806 556#endif
67b915a5 557 put_le16(p + 48, 1); /* dword I/O */
94458802 558 put_le16(p + 49, (1 << 11) | (1 << 9) | (1 << 8)); /* DMA and LBA supported */
67b915a5
FB		 559 put_le16(p + 51, 0x200); /* PIO transfer cycle */
560 put_le16(p + 52, 0x200); /* DMA transfer cycle */
94458802 561 put_le16(p + 53, 1 | (1 << 1) | (1 << 2)); /* words 54-58,64-70,88 are valid */
67b915a5
FB		 562 put_le16(p + 54, s->cylinders);
563 put_le16(p + 55, s->heads);
564 put_le16(p + 56, s->sectors);
5391d806 565 oldsize = s->cylinders * s->heads * s->sectors;
67b915a5
FB		 566 put_le16(p + 57, oldsize);
567 put_le16(p + 58, oldsize >> 16);
5391d806 568 if (s->mult_sectors)
67b915a5
FB		 569 put_le16(p + 59, 0x100 | s->mult_sectors);
570 put_le16(p + 60, s->nb_sectors);
571 put_le16(p + 61, s->nb_sectors >> 16);
d1b5c20d 572 put_le16(p + 62, 0x07); /* single word dma0-2 supported */
94458802
FB		 573 put_le16(p + 63, 0x07); /* mdma0-2 supported */
574 put_le16(p + 65, 120);
575 put_le16(p + 66, 120);
576 put_le16(p + 67, 120);
577 put_le16(p + 68, 120);
578 put_le16(p + 80, 0xf0); /* ata3 -> ata6 supported */
579 put_le16(p + 81, 0x16); /* conforms to ata5 */
67b915a5 580 put_le16(p + 82, (1 << 14));
c2ff060f
FB		 581 /* 13=flush_cache_ext,12=flush_cache,10=lba48 */
582 put_le16(p + 83, (1 << 14) | (1 << 13) | (1 <<12) | (1 << 10));
67b915a5
FB		 583 put_le16(p + 84, (1 << 14));
584 put_le16(p + 85, (1 << 14));
c2ff060f
FB		 585 /* 13=flush_cache_ext,12=flush_cache,10=lba48 */
586 put_le16(p + 86, (1 << 14) | (1 << 13) | (1 <<12) | (1 << 10));
67b915a5 587 put_le16(p + 87, (1 << 14));
94458802
FB		 588 put_le16(p + 88, 0x3f | (1 << 13)); /* udma5 set and supported */
589 put_le16(p + 93, 1 | (1 << 14) | 0x2000);
c2ff060f
FB		 590 put_le16(p + 100, s->nb_sectors);
591 put_le16(p + 101, s->nb_sectors >> 16);
592 put_le16(p + 102, s->nb_sectors >> 32);
593 put_le16(p + 103, s->nb_sectors >> 48);
94458802
FB		 594
595 memcpy(s->identify_data, p, sizeof(s->identify_data));
596 s->identify_set = 1;
5391d806
FB		 597}
598
599static void ide_atapi_identify(IDEState *s)
600{
601 uint16_t *p;
aedf5382 602 char buf[20];
5391d806 603
94458802
FB		 604 if (s->identify_set) {
605 memcpy(s->io_buffer, s->identify_data, sizeof(s->identify_data));
606 return;
607 }
608
5391d806
FB		 609 memset(s->io_buffer, 0, 512);
610 p = (uint16_t *)s->io_buffer;
611 /* Removable CDROM, 50us response, 12 byte packets */
67b915a5 612 put_le16(p + 0, (2 << 14) | (5 << 8) | (1 << 7) | (2 << 5) | (0 << 0));
aedf5382 613 snprintf(buf, sizeof(buf), "QM%05d", s->drive_serial);
60fe76f3 614 padstr((char *)(p + 10), buf, 20); /* serial number */
67b915a5
FB		 615 put_le16(p + 20, 3); /* buffer type */
616 put_le16(p + 21, 512); /* cache size in sectors */
617 put_le16(p + 22, 4); /* ecc bytes */
60fe76f3 618 padstr((char *)(p + 23), QEMU_VERSION, 8); /* firmware version */
38cdea7c 619 padstr((char *)(p + 27), "QEMU DVD-ROM", 40); /* model */
67b915a5 620 put_le16(p + 48, 1); /* dword I/O (XXX: should not be set on CDROM) */
8ccad811
FB		 621#ifdef USE_DMA_CDROM
622 put_le16(p + 49, 1 << 9 | 1 << 8); /* DMA and LBA supported */
623 put_le16(p + 53, 7); /* words 64-70, 54-58, 88 valid */
d1b5c20d 624 put_le16(p + 62, 7); /* single word dma0-2 supported */
8ccad811
FB		 625 put_le16(p + 63, 7); /* mdma0-2 supported */
626 put_le16(p + 64, 0x3f); /* PIO modes supported */
627#else
67b915a5
FB		 628 put_le16(p + 49, 1 << 9); /* LBA supported, no DMA */
629 put_le16(p + 53, 3); /* words 64-70, 54-58 valid */
630 put_le16(p + 63, 0x103); /* DMA modes XXX: may be incorrect */
631 put_le16(p + 64, 1); /* PIO modes */
8ccad811 632#endif
67b915a5
FB		 633 put_le16(p + 65, 0xb4); /* minimum DMA multiword tx cycle time */
634 put_le16(p + 66, 0xb4); /* recommended DMA multiword tx cycle time */
635 put_le16(p + 67, 0x12c); /* minimum PIO cycle time without flow control */
636 put_le16(p + 68, 0xb4); /* minimum PIO cycle time with IORDY flow control */
94458802 637
67b915a5
FB		 638 put_le16(p + 71, 30); /* in ns */
639 put_le16(p + 72, 30); /* in ns */
5391d806 640
67b915a5 641 put_le16(p + 80, 0x1e); /* support up to ATA/ATAPI-4 */
8ccad811
FB		 642#ifdef USE_DMA_CDROM
643 put_le16(p + 88, 0x3f | (1 << 13)); /* udma5 set and supported */
644#endif
94458802
FB		 645 memcpy(s->identify_data, p, sizeof(s->identify_data));
646 s->identify_set = 1;
5391d806
FB		 647}
648
201a51fc
AZ		 649static void ide_cfata_identify(IDEState *s)
650{
651 uint16_t *p;
652 uint32_t cur_sec;
653 char buf[20];
654
655 p = (uint16_t *) s->identify_data;
656 if (s->identify_set)
657 goto fill_buffer;
658
659 memset(p, 0, sizeof(s->identify_data));
660
661 cur_sec = s->cylinders * s->heads * s->sectors;
662
663 put_le16(p + 0, 0x848a); /* CF Storage Card signature */
664 put_le16(p + 1, s->cylinders); /* Default cylinders */
665 put_le16(p + 3, s->heads); /* Default heads */
666 put_le16(p + 6, s->sectors); /* Default sectors per track */
667 put_le16(p + 7, s->nb_sectors >> 16); /* Sectors per card */
668 put_le16(p + 8, s->nb_sectors); /* Sectors per card */
669 snprintf(buf, sizeof(buf), "QM%05d", s->drive_serial);
60fe76f3 670 padstr((char *)(p + 10), buf, 20); /* Serial number in ASCII */
201a51fc 671 put_le16(p + 22, 0x0004); /* ECC bytes */
60fe76f3
TS		 672 padstr((char *) (p + 23), QEMU_VERSION, 8); /* Firmware Revision */
673 padstr((char *) (p + 27), "QEMU MICRODRIVE", 40);/* Model number */
201a51fc
AZ		 674#if MAX_MULT_SECTORS > 1
675 put_le16(p + 47, 0x8000 | MAX_MULT_SECTORS);
676#else
677 put_le16(p + 47, 0x0000);
678#endif
679 put_le16(p + 49, 0x0f00); /* Capabilities */
680 put_le16(p + 51, 0x0002); /* PIO cycle timing mode */
681 put_le16(p + 52, 0x0001); /* DMA cycle timing mode */
682 put_le16(p + 53, 0x0003); /* Translation params valid */
683 put_le16(p + 54, s->cylinders); /* Current cylinders */
684 put_le16(p + 55, s->heads); /* Current heads */
685 put_le16(p + 56, s->sectors); /* Current sectors */
686 put_le16(p + 57, cur_sec); /* Current capacity */
687 put_le16(p + 58, cur_sec >> 16); /* Current capacity */
688 if (s->mult_sectors) /* Multiple sector setting */
689 put_le16(p + 59, 0x100 | s->mult_sectors);
690 put_le16(p + 60, s->nb_sectors); /* Total LBA sectors */
691 put_le16(p + 61, s->nb_sectors >> 16); /* Total LBA sectors */
692 put_le16(p + 63, 0x0203); /* Multiword DMA capability */
693 put_le16(p + 64, 0x0001); /* Flow Control PIO support */
694 put_le16(p + 65, 0x0096); /* Min. Multiword DMA cycle */
695 put_le16(p + 66, 0x0096); /* Rec. Multiword DMA cycle */
696 put_le16(p + 68, 0x00b4); /* Min. PIO cycle time */
697 put_le16(p + 82, 0x400c); /* Command Set supported */
698 put_le16(p + 83, 0x7068); /* Command Set supported */
699 put_le16(p + 84, 0x4000); /* Features supported */
700 put_le16(p + 85, 0x000c); /* Command Set enabled */
701 put_le16(p + 86, 0x7044); /* Command Set enabled */
702 put_le16(p + 87, 0x4000); /* Features enabled */
703 put_le16(p + 91, 0x4060); /* Current APM level */
704 put_le16(p + 129, 0x0002); /* Current features option */
705 put_le16(p + 130, 0x0005); /* Reassigned sectors */
706 put_le16(p + 131, 0x0001); /* Initial power mode */
707 put_le16(p + 132, 0x0000); /* User signature */
708 put_le16(p + 160, 0x8100); /* Power requirement */
709 put_le16(p + 161, 0x8001); /* CF command set */
710
711 s->identify_set = 1;
712
713fill_buffer:
714 memcpy(s->io_buffer, p, sizeof(s->identify_data));
715}
716
5391d806
FB		 717static void ide_set_signature(IDEState *s)
718{
719 s->select &= 0xf0; /* clear head */
720 /* put signature */
721 s->nsector = 1;
722 s->sector = 1;
723 if (s->is_cdrom) {
724 s->lcyl = 0x14;
725 s->hcyl = 0xeb;
726 } else if (s->bs) {
727 s->lcyl = 0;
728 s->hcyl = 0;
729 } else {
730 s->lcyl = 0xff;
731 s->hcyl = 0xff;
732 }
733}
734
735static inline void ide_abort_command(IDEState *s)
736{
737 s->status = READY_STAT | ERR_STAT;
738 s->error = ABRT_ERR;
739}
740
741static inline void ide_set_irq(IDEState *s)
742{
98ff7d30 743 BMDMAState *bm = s->bmdma;
5391d806 744 if (!(s->cmd & IDE_CMD_DISABLE_IRQ)) {
5457c8ce 745 if (bm) {
98ff7d30 746 bm->status |= BM_STATUS_INT;
5457c8ce 747 }
d537cf6c 748 qemu_irq_raise(s->irq);
5391d806
FB		 749 }
750}
751
752/* prepare data transfer and tell what to do after */
5fafdf24 753static void ide_transfer_start(IDEState *s, uint8_t *buf, int size,
5391d806
FB		 754 EndTransferFunc *end_transfer_func)
755{
756 s->end_transfer_func = end_transfer_func;
757 s->data_ptr = buf;
758 s->data_end = buf + size;
7603d156
TS		 759 if (!(s->status & ERR_STAT))
760 s->status |= DRQ_STAT;
5391d806
FB		 761}
762
763static void ide_transfer_stop(IDEState *s)
764{
765 s->end_transfer_func = ide_transfer_stop;
766 s->data_ptr = s->io_buffer;
767 s->data_end = s->io_buffer;
768 s->status &= ~DRQ_STAT;
769}
770
771static int64_t ide_get_sector(IDEState *s)
772{
773 int64_t sector_num;
774 if (s->select & 0x40) {
775 /* lba */
c2ff060f
FB		 776 if (!s->lba48) {
777 sector_num = ((s->select & 0x0f) << 24) | (s->hcyl << 16) |
778 (s->lcyl << 8) | s->sector;
779 } else {
780 sector_num = ((int64_t)s->hob_hcyl << 40) |
781 ((int64_t) s->hob_lcyl << 32) |
782 ((int64_t) s->hob_sector << 24) |
783 ((int64_t) s->hcyl << 16) |
784 ((int64_t) s->lcyl << 8) | s->sector;
785 }
5391d806
FB		 786 } else {
787 sector_num = ((s->hcyl << 8) | s->lcyl) * s->heads * s->sectors +
c2ff060f 788 (s->select & 0x0f) * s->sectors + (s->sector - 1);
5391d806
FB		 789 }
790 return sector_num;
791}
792
793static void ide_set_sector(IDEState *s, int64_t sector_num)
794{
795 unsigned int cyl, r;
796 if (s->select & 0x40) {
c2ff060f
FB		 797 if (!s->lba48) {
798 s->select = (s->select & 0xf0) | (sector_num >> 24);
799 s->hcyl = (sector_num >> 16);
800 s->lcyl = (sector_num >> 8);
801 s->sector = (sector_num);
802 } else {
803 s->sector = sector_num;
804 s->lcyl = sector_num >> 8;
805 s->hcyl = sector_num >> 16;
806 s->hob_sector = sector_num >> 24;
807 s->hob_lcyl = sector_num >> 32;
808 s->hob_hcyl = sector_num >> 40;
809 }
5391d806
FB		 810 } else {
811 cyl = sector_num / (s->heads * s->sectors);
812 r = sector_num % (s->heads * s->sectors);
813 s->hcyl = cyl >> 8;
814 s->lcyl = cyl;
1b8eb456 815 s->select = (s->select & 0xf0) | ((r / s->sectors) & 0x0f);
5391d806
FB		 816 s->sector = (r % s->sectors) + 1;
817 }
818}
819
820static void ide_sector_read(IDEState *s)
821{
822 int64_t sector_num;
823 int ret, n;
824
825 s->status = READY_STAT | SEEK_STAT;
a136e5a8 826 s->error = 0; /* not needed by IDE spec, but needed by Windows */
5391d806
FB		 827 sector_num = ide_get_sector(s);
828 n = s->nsector;
829 if (n == 0) {
830 /* no more sector to read from disk */
831 ide_transfer_stop(s);
832 } else {
833#if defined(DEBUG_IDE)
834 printf("read sector=%Ld\n", sector_num);
835#endif
836 if (n > s->req_nb_sectors)
837 n = s->req_nb_sectors;
838 ret = bdrv_read(s->bs, sector_num, s->io_buffer, n);
839 ide_transfer_start(s, s->io_buffer, 512 * n, ide_sector_read);
840 ide_set_irq(s);
841 ide_set_sector(s, sector_num + n);
842 s->nsector -= n;
843 }
844}
845
8ccad811
FB		 846/* return 0 if buffer completed */
847static int dma_buf_rw(BMDMAState *bm, int is_write)
98087450 848{
8ccad811
FB		 849 IDEState *s = bm->ide_if;
850 struct {
851 uint32_t addr;
852 uint32_t size;
853 } prd;
854 int l, len;
98087450 855
8ccad811
FB		 856 for(;;) {
857 l = s->io_buffer_size - s->io_buffer_index;
5fafdf24 858 if (l <= 0)
8ccad811
FB		 859 break;
860 if (bm->cur_prd_len == 0) {
861 /* end of table (with a fail safe of one page) */
862 if (bm->cur_prd_last ||
863 (bm->cur_addr - bm->addr) >= 4096)
864 return 0;
865 cpu_physical_memory_read(bm->cur_addr, (uint8_t *)&prd, 8);
866 bm->cur_addr += 8;
867 prd.addr = le32_to_cpu(prd.addr);
868 prd.size = le32_to_cpu(prd.size);
869 len = prd.size & 0xfffe;
870 if (len == 0)
871 len = 0x10000;
872 bm->cur_prd_len = len;
873 bm->cur_prd_addr = prd.addr;
874 bm->cur_prd_last = (prd.size & 0x80000000);
875 }
876 if (l > bm->cur_prd_len)
877 l = bm->cur_prd_len;
878 if (l > 0) {
879 if (is_write) {
5fafdf24 880 cpu_physical_memory_write(bm->cur_prd_addr,
8ccad811
FB		 881 s->io_buffer + s->io_buffer_index, l);
882 } else {
5fafdf24 883 cpu_physical_memory_read(bm->cur_prd_addr,
8ccad811
FB		 884 s->io_buffer + s->io_buffer_index, l);
885 }
886 bm->cur_prd_addr += l;
887 bm->cur_prd_len -= l;
888 s->io_buffer_index += l;
98087450 889 }
98087450 890 }
8ccad811
FB		 891 return 1;
892}
893
894/* XXX: handle errors */
895static void ide_read_dma_cb(void *opaque, int ret)
896{
897 BMDMAState *bm = opaque;
898 IDEState *s = bm->ide_if;
899 int n;
900 int64_t sector_num;
901
902 n = s->io_buffer_size >> 9;
903 sector_num = ide_get_sector(s);
904 if (n > 0) {
905 sector_num += n;
906 ide_set_sector(s, sector_num);
907 s->nsector -= n;
908 if (dma_buf_rw(bm, 1) == 0)
909 goto eot;
910 }
911
912 /* end of transfer ? */
913 if (s->nsector == 0) {
98087450
FB		 914 s->status = READY_STAT | SEEK_STAT;
915 ide_set_irq(s);
8ccad811
FB		 916 eot:
917 bm->status &= ~BM_STATUS_DMAING;
918 bm->status |= BM_STATUS_INT;
919 bm->dma_cb = NULL;
920 bm->ide_if = NULL;
921 bm->aiocb = NULL;
922 return;
98087450 923 }
8ccad811
FB		 924
925 /* launch next transfer */
926 n = s->nsector;
1d8cde5b
AJ		 927 if (n > IDE_DMA_BUF_SECTORS)
928 n = IDE_DMA_BUF_SECTORS;
8ccad811
FB		 929 s->io_buffer_index = 0;
930 s->io_buffer_size = n * 512;
931#ifdef DEBUG_AIO
932 printf("aio_read: sector_num=%lld n=%d\n", sector_num, n);
933#endif
5fafdf24 934 bm->aiocb = bdrv_aio_read(s->bs, sector_num, s->io_buffer, n,
8ccad811 935 ide_read_dma_cb, bm);
98087450
FB		 936}
937
938static void ide_sector_read_dma(IDEState *s)
939{
8ccad811 940 s->status = READY_STAT | SEEK_STAT | DRQ_STAT | BUSY_STAT;
98087450
FB		 941 s->io_buffer_index = 0;
942 s->io_buffer_size = 0;
943 ide_dma_start(s, ide_read_dma_cb);
944}
945
a09db21f
FB		 946static void ide_sector_write_timer_cb(void *opaque)
947{
948 IDEState *s = opaque;
949 ide_set_irq(s);
950}
951
5391d806
FB		 952static void ide_sector_write(IDEState *s)
953{
954 int64_t sector_num;
31c2a146 955 int ret, n, n1;
5391d806
FB		 956
957 s->status = READY_STAT | SEEK_STAT;
958 sector_num = ide_get_sector(s);
959#if defined(DEBUG_IDE)
960 printf("write sector=%Ld\n", sector_num);
961#endif
962 n = s->nsector;
963 if (n > s->req_nb_sectors)
964 n = s->req_nb_sectors;
31c2a146 965 ret = bdrv_write(s->bs, sector_num, s->io_buffer, n);
5391d806
FB		 966 s->nsector -= n;
967 if (s->nsector == 0) {
292eef5a 968 /* no more sectors to write */
5391d806
FB		 969 ide_transfer_stop(s);
970 } else {
971 n1 = s->nsector;
972 if (n1 > s->req_nb_sectors)
973 n1 = s->req_nb_sectors;
974 ide_transfer_start(s, s->io_buffer, 512 * n1, ide_sector_write);
975 }
976 ide_set_sector(s, sector_num + n);
3b46e624 977
31c2a146
TS		 978#ifdef TARGET_I386
979 if (win2k_install_hack && ((++s->irq_count % 16) == 0)) {
980 /* It seems there is a bug in the Windows 2000 installer HDD
981 IDE driver which fills the disk with empty logs when the
982 IDE write IRQ comes too early. This hack tries to correct
983 that at the expense of slower write performances. Use this
984 option _only_ to install Windows 2000. You must disable it
985 for normal use. */
986 qemu_mod_timer(s->sector_write_timer,
987 qemu_get_clock(vm_clock) + (ticks_per_sec / 1000));
988 } else
989#endif
990 {
991 ide_set_irq(s);
992 }
5391d806
FB		 993}
994
8ccad811
FB		 995/* XXX: handle errors */
996static void ide_write_dma_cb(void *opaque, int ret)
98087450 997{
8ccad811
FB		 998 BMDMAState *bm = opaque;
999 IDEState *s = bm->ide_if;
1000 int n;
98087450
FB		 1001 int64_t sector_num;
1002
8ccad811
FB		 1003 n = s->io_buffer_size >> 9;
1004 sector_num = ide_get_sector(s);
1005 if (n > 0) {
1006 sector_num += n;
1007 ide_set_sector(s, sector_num);
1008 s->nsector -= n;
98087450 1009 }
98087450 1010
8ccad811
FB		 1011 /* end of transfer ? */
1012 if (s->nsector == 0) {
1013 s->status = READY_STAT | SEEK_STAT;
1014 ide_set_irq(s);
1015 eot:
1016 bm->status &= ~BM_STATUS_DMAING;
1017 bm->status |= BM_STATUS_INT;
1018 bm->dma_cb = NULL;
1019 bm->ide_if = NULL;
1020 bm->aiocb = NULL;
1021 return;
1022 }
1023
1024 /* launch next transfer */
98087450 1025 n = s->nsector;
1d8cde5b
AJ		 1026 if (n > IDE_DMA_BUF_SECTORS)
1027 n = IDE_DMA_BUF_SECTORS;
98087450
FB		 1028 s->io_buffer_index = 0;
1029 s->io_buffer_size = n * 512;
8ccad811
FB		 1030
1031 if (dma_buf_rw(bm, 0) == 0)
1032 goto eot;
1033#ifdef DEBUG_AIO
1034 printf("aio_write: sector_num=%lld n=%d\n", sector_num, n);
1035#endif
5fafdf24 1036 bm->aiocb = bdrv_aio_write(s->bs, sector_num, s->io_buffer, n,
8ccad811
FB		 1037 ide_write_dma_cb, bm);
1038}
1039
1040static void ide_sector_write_dma(IDEState *s)
1041{
1042 s->status = READY_STAT | SEEK_STAT | DRQ_STAT | BUSY_STAT;
1043 s->io_buffer_index = 0;
1044 s->io_buffer_size = 0;
98087450
FB		 1045 ide_dma_start(s, ide_write_dma_cb);
1046}
1047
5391d806
FB		 1048static void ide_atapi_cmd_ok(IDEState *s)
1049{
1050 s->error = 0;
41a2b959 1051 s->status = READY_STAT | SEEK_STAT;
5391d806
FB		 1052 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
1053 ide_set_irq(s);
1054}
1055
1056static void ide_atapi_cmd_error(IDEState *s, int sense_key, int asc)
1057{
1058#ifdef DEBUG_IDE_ATAPI
1059 printf("atapi_cmd_error: sense=0x%x asc=0x%x\n", sense_key, asc);
1060#endif
1061 s->error = sense_key << 4;
1062 s->status = READY_STAT | ERR_STAT;
1063 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
1064 s->sense_key = sense_key;
1065 s->asc = asc;
1066 ide_set_irq(s);
1067}
1068
1069static inline void cpu_to_ube16(uint8_t *buf, int val)
1070{
1071 buf[0] = val >> 8;
1072 buf[1] = val;
1073}
1074
1075static inline void cpu_to_ube32(uint8_t *buf, unsigned int val)
1076{
1077 buf[0] = val >> 24;
1078 buf[1] = val >> 16;
1079 buf[2] = val >> 8;
1080 buf[3] = val;
1081}
1082
1083static inline int ube16_to_cpu(const uint8_t *buf)
1084{
1085 return (buf[0] << 8) | buf[1];
1086}
1087
1088static inline int ube32_to_cpu(const uint8_t *buf)
1089{
1090 return (buf[0] << 24) | (buf[1] << 16) | (buf[2] << 8) | buf[3];
1091}
1092
98087450
FB		 1093static void lba_to_msf(uint8_t *buf, int lba)
1094{
1095 lba += 150;
1096 buf[0] = (lba / 75) / 60;
1097 buf[1] = (lba / 75) % 60;
1098 buf[2] = lba % 75;
1099}
1100
8ccad811
FB		 1101static void cd_data_to_raw(uint8_t *buf, int lba)
1102{
1103 /* sync bytes */
1104 buf[0] = 0x00;
1105 memset(buf + 1, 0xff, 10);
1106 buf[11] = 0x00;
1107 buf += 12;
1108 /* MSF */
1109 lba_to_msf(buf, lba);
1110 buf[3] = 0x01; /* mode 1 data */
1111 buf += 4;
1112 /* data */
1113 buf += 2048;
1114 /* XXX: ECC not computed */
1115 memset(buf, 0, 288);
1116}
1117
5fafdf24 1118static int cd_read_sector(BlockDriverState *bs, int lba, uint8_t *buf,
98087450
FB		 1119 int sector_size)
1120{
66c6ef76
FB		 1121 int ret;
1122
98087450
FB		 1123 switch(sector_size) {
1124 case 2048:
66c6ef76 1125 ret = bdrv_read(bs, (int64_t)lba << 2, buf, 4);
98087450
FB		 1126 break;
1127 case 2352:
66c6ef76
FB		 1128 ret = bdrv_read(bs, (int64_t)lba << 2, buf + 16, 4);
1129 if (ret < 0)
1130 return ret;
8ccad811 1131 cd_data_to_raw(buf, lba);
98087450
FB		 1132 break;
1133 default:
66c6ef76 1134 ret = -EIO;
98087450
FB		 1135 break;
1136 }
66c6ef76
FB		 1137 return ret;
1138}
1139
1140static void ide_atapi_io_error(IDEState *s, int ret)
1141{
1142 /* XXX: handle more errors */
1143 if (ret == -ENOMEDIUM) {
5fafdf24 1144 ide_atapi_cmd_error(s, SENSE_NOT_READY,
66c6ef76
FB		 1145 ASC_MEDIUM_NOT_PRESENT);
1146 } else {
5fafdf24 1147 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
66c6ef76
FB		 1148 ASC_LOGICAL_BLOCK_OOR);
1149 }
98087450
FB		 1150}
1151
5391d806
FB		 1152/* The whole ATAPI transfer logic is handled in this function */
1153static void ide_atapi_cmd_reply_end(IDEState *s)
1154{
66c6ef76 1155 int byte_count_limit, size, ret;
5391d806 1156#ifdef DEBUG_IDE_ATAPI
5fafdf24 1157 printf("reply: tx_size=%d elem_tx_size=%d index=%d\n",
5391d806
FB		 1158 s->packet_transfer_size,
1159 s->elementary_transfer_size,
1160 s->io_buffer_index);
1161#endif
1162 if (s->packet_transfer_size <= 0) {
1163 /* end of transfer */
1164 ide_transfer_stop(s);
41a2b959 1165 s->status = READY_STAT | SEEK_STAT;
5391d806
FB		 1166 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
1167 ide_set_irq(s);
1168#ifdef DEBUG_IDE_ATAPI
1169 printf("status=0x%x\n", s->status);
1170#endif
1171 } else {
1172 /* see if a new sector must be read */
98087450 1173 if (s->lba != -1 && s->io_buffer_index >= s->cd_sector_size) {
66c6ef76
FB		 1174 ret = cd_read_sector(s->bs, s->lba, s->io_buffer, s->cd_sector_size);
1175 if (ret < 0) {
1176 ide_transfer_stop(s);
1177 ide_atapi_io_error(s, ret);
1178 return;
1179 }
5391d806
FB		 1180 s->lba++;
1181 s->io_buffer_index = 0;
1182 }
1183 if (s->elementary_transfer_size > 0) {
1184 /* there are some data left to transmit in this elementary
1185 transfer */
98087450 1186 size = s->cd_sector_size - s->io_buffer_index;
5391d806
FB		 1187 if (size > s->elementary_transfer_size)
1188 size = s->elementary_transfer_size;
5fafdf24 1189 ide_transfer_start(s, s->io_buffer + s->io_buffer_index,
5391d806
FB		 1190 size, ide_atapi_cmd_reply_end);
1191 s->packet_transfer_size -= size;
1192 s->elementary_transfer_size -= size;
1193 s->io_buffer_index += size;
1194 } else {
1195 /* a new transfer is needed */
1196 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO;
1197 byte_count_limit = s->lcyl | (s->hcyl << 8);
1198#ifdef DEBUG_IDE_ATAPI
1199 printf("byte_count_limit=%d\n", byte_count_limit);
1200#endif
1201 if (byte_count_limit == 0xffff)
1202 byte_count_limit--;
1203 size = s->packet_transfer_size;
1204 if (size > byte_count_limit) {
1205 /* byte count limit must be even if this case */
1206 if (byte_count_limit & 1)
1207 byte_count_limit--;
1208 size = byte_count_limit;
5391d806 1209 }
a136e5a8
FB		 1210 s->lcyl = size;
1211 s->hcyl = size >> 8;
5391d806
FB		 1212 s->elementary_transfer_size = size;
1213 /* we cannot transmit more than one sector at a time */
1214 if (s->lba != -1) {
98087450
FB		 1215 if (size > (s->cd_sector_size - s->io_buffer_index))
1216 size = (s->cd_sector_size - s->io_buffer_index);
5391d806 1217 }
5fafdf24 1218 ide_transfer_start(s, s->io_buffer + s->io_buffer_index,
5391d806
FB		 1219 size, ide_atapi_cmd_reply_end);
1220 s->packet_transfer_size -= size;
1221 s->elementary_transfer_size -= size;
1222 s->io_buffer_index += size;
1223 ide_set_irq(s);
1224#ifdef DEBUG_IDE_ATAPI
1225 printf("status=0x%x\n", s->status);
1226#endif
1227 }
1228 }
1229}
1230
1231/* send a reply of 'size' bytes in s->io_buffer to an ATAPI command */
1232static void ide_atapi_cmd_reply(IDEState *s, int size, int max_size)
1233{
1234 if (size > max_size)
1235 size = max_size;
1236 s->lba = -1; /* no sector read */
1237 s->packet_transfer_size = size;
5f12ab4b 1238 s->io_buffer_size = size; /* dma: send the reply data as one chunk */
5391d806
FB		 1239 s->elementary_transfer_size = 0;
1240 s->io_buffer_index = 0;
1241
5f12ab4b 1242 if (s->atapi_dma) {
41a2b959 1243 s->status = READY_STAT | SEEK_STAT | DRQ_STAT;
5f12ab4b
TS		 1244 ide_dma_start(s, ide_atapi_cmd_read_dma_cb);
1245 } else {
41a2b959 1246 s->status = READY_STAT | SEEK_STAT;
5f12ab4b
TS		 1247 ide_atapi_cmd_reply_end(s);
1248 }
5391d806
FB		 1249}
1250
1251/* start a CD-CDROM read command */
98087450
FB		 1252static void ide_atapi_cmd_read_pio(IDEState *s, int lba, int nb_sectors,
1253 int sector_size)
5391d806 1254{
5391d806 1255 s->lba = lba;
98087450 1256 s->packet_transfer_size = nb_sectors * sector_size;
5391d806 1257 s->elementary_transfer_size = 0;
98087450
FB		 1258 s->io_buffer_index = sector_size;
1259 s->cd_sector_size = sector_size;
5391d806 1260
41a2b959 1261 s->status = READY_STAT | SEEK_STAT;
5391d806
FB		 1262 ide_atapi_cmd_reply_end(s);
1263}
1264
98087450 1265/* ATAPI DMA support */
8ccad811
FB		 1266
1267/* XXX: handle read errors */
1268static void ide_atapi_cmd_read_dma_cb(void *opaque, int ret)
98087450 1269{
8ccad811
FB		 1270 BMDMAState *bm = opaque;
1271 IDEState *s = bm->ide_if;
1272 int data_offset, n;
1273
66c6ef76
FB		 1274 if (ret < 0) {
1275 ide_atapi_io_error(s, ret);
1276 goto eot;
1277 }
1278
8ccad811 1279 if (s->io_buffer_size > 0) {
5f12ab4b
TS		 1280 /*
1281 * For a cdrom read sector command (s->lba != -1),
1282 * adjust the lba for the next s->io_buffer_size chunk
1283 * and dma the current chunk.
1284 * For a command != read (s->lba == -1), just transfer
1285 * the reply data.
1286 */
1287 if (s->lba != -1) {
1288 if (s->cd_sector_size == 2352) {
1289 n = 1;
1290 cd_data_to_raw(s->io_buffer, s->lba);
1291 } else {
1292 n = s->io_buffer_size >> 11;
1293 }
1294 s->lba += n;
1295 }
8ccad811 1296 s->packet_transfer_size -= s->io_buffer_size;
8ccad811
FB		 1297 if (dma_buf_rw(bm, 1) == 0)
1298 goto eot;
98087450 1299 }
8ccad811 1300
98087450 1301 if (s->packet_transfer_size <= 0) {
41a2b959 1302 s->status = READY_STAT | SEEK_STAT;
98087450
FB		 1303 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
1304 ide_set_irq(s);
8ccad811
FB		 1305 eot:
1306 bm->status &= ~BM_STATUS_DMAING;
1307 bm->status |= BM_STATUS_INT;
1308 bm->dma_cb = NULL;
1309 bm->ide_if = NULL;
1310 bm->aiocb = NULL;
1311 return;
1312 }
3b46e624 1313
8ccad811
FB		 1314 s->io_buffer_index = 0;
1315 if (s->cd_sector_size == 2352) {
1316 n = 1;
1317 s->io_buffer_size = s->cd_sector_size;
1318 data_offset = 16;
1319 } else {
1320 n = s->packet_transfer_size >> 11;
1d8cde5b
AJ		 1321 if (n > (IDE_DMA_BUF_SECTORS / 4))
1322 n = (IDE_DMA_BUF_SECTORS / 4);
8ccad811
FB		 1323 s->io_buffer_size = n * 2048;
1324 data_offset = 0;
98087450 1325 }
8ccad811
FB		 1326#ifdef DEBUG_AIO
1327 printf("aio_read_cd: lba=%u n=%d\n", s->lba, n);
1328#endif
5fafdf24
TS		 1329 bm->aiocb = bdrv_aio_read(s->bs, (int64_t)s->lba << 2,
1330 s->io_buffer + data_offset, n * 4,
8ccad811 1331 ide_atapi_cmd_read_dma_cb, bm);
66c6ef76
FB		 1332 if (!bm->aiocb) {
1333 /* Note: media not present is the most likely case */
5fafdf24 1334 ide_atapi_cmd_error(s, SENSE_NOT_READY,
66c6ef76
FB		 1335 ASC_MEDIUM_NOT_PRESENT);
1336 goto eot;
1337 }
98087450
FB		 1338}
1339
1340/* start a CD-CDROM read command with DMA */
1341/* XXX: test if DMA is available */
1342static void ide_atapi_cmd_read_dma(IDEState *s, int lba, int nb_sectors,
1343 int sector_size)
1344{
1345 s->lba = lba;
1346 s->packet_transfer_size = nb_sectors * sector_size;
8ccad811
FB		 1347 s->io_buffer_index = 0;
1348 s->io_buffer_size = 0;
98087450
FB		 1349 s->cd_sector_size = sector_size;
1350
8ccad811 1351 /* XXX: check if BUSY_STAT should be set */
41a2b959 1352 s->status = READY_STAT | SEEK_STAT | DRQ_STAT | BUSY_STAT;
98087450
FB		 1353 ide_dma_start(s, ide_atapi_cmd_read_dma_cb);
1354}
1355
5fafdf24 1356static void ide_atapi_cmd_read(IDEState *s, int lba, int nb_sectors,
98087450
FB		 1357 int sector_size)
1358{
1359#ifdef DEBUG_IDE_ATAPI
5f12ab4b
TS		 1360 printf("read %s: LBA=%d nb_sectors=%d\n", s->atapi_dma ? "dma" : "pio",
1361 lba, nb_sectors);
98087450
FB		 1362#endif
1363 if (s->atapi_dma) {
1364 ide_atapi_cmd_read_dma(s, lba, nb_sectors, sector_size);
1365 } else {
1366 ide_atapi_cmd_read_pio(s, lba, nb_sectors, sector_size);
1367 }
1368}
1369
38cdea7c
AZ		 1370static inline uint8_t ide_atapi_set_profile(uint8_t *buf, uint8_t *index,
1371 uint16_t profile)
1372{
1373 uint8_t *buf_profile = buf + 12; /* start of profiles */
1374
1375 buf_profile += ((*index) * 4); /* start of indexed profile */
1376 cpu_to_ube16 (buf_profile, profile);
1377 buf_profile[2] = ((buf_profile[0] == buf[6]) && (buf_profile[1] == buf[7]));
1378
1379 /* each profile adds 4 bytes to the response */
1380 (*index)++;
1381 buf[11] += 4; /* Additional Length */
1382
1383 return 4;
1384}
1385
8114e9e8
TS		 1386static int ide_dvd_read_structure(IDEState *s, int format,
1387 const uint8_t *packet, uint8_t *buf)
1388{
1389 switch (format) {
1390 case 0x0: /* Physical format information */
1391 {
1392 int layer = packet[6];
1393 uint64_t total_sectors;
1394
1395 if (layer != 0)
1396 return -ASC_INV_FIELD_IN_CMD_PACKET;
1397
1398 bdrv_get_geometry(s->bs, &total_sectors);
1399 total_sectors >>= 2;
1400 if (total_sectors == 0)
1401 return -ASC_MEDIUM_NOT_PRESENT;
1402
1403 buf[4] = 1; /* DVD-ROM, part version 1 */
1404 buf[5] = 0xf; /* 120mm disc, minimum rate unspecified */
1405 buf[6] = 1; /* one layer, read-only (per MMC-2 spec) */
1406 buf[7] = 0; /* default densities */
1407
1408 /* FIXME: 0x30000 per spec? */
1409 cpu_to_ube32(buf + 8, 0); /* start sector */
1410 cpu_to_ube32(buf + 12, total_sectors - 1); /* end sector */
1411 cpu_to_ube32(buf + 16, total_sectors - 1); /* l0 end sector */
1412
1413 /* Size of buffer, not including 2 byte size field */
1414 cpu_to_be16wu((uint16_t *)buf, 2048 + 2);
1415
1416 /* 2k data + 4 byte header */
1417 return (2048 + 4);
1418 }
1419
1420 case 0x01: /* DVD copyright information */
1421 buf[4] = 0; /* no copyright data */
1422 buf[5] = 0; /* no region restrictions */
1423
1424 /* Size of buffer, not including 2 byte size field */
1425 cpu_to_be16wu((uint16_t *)buf, 4 + 2);
1426
1427 /* 4 byte header + 4 byte data */
1428 return (4 + 4);
1429
1430 case 0x03: /* BCA information - invalid field for no BCA info */
1431 return -ASC_INV_FIELD_IN_CMD_PACKET;
1432
1433 case 0x04: /* DVD disc manufacturing information */
1434 /* Size of buffer, not including 2 byte size field */
1435 cpu_to_be16wu((uint16_t *)buf, 2048 + 2);
1436
1437 /* 2k data + 4 byte header */
1438 return (2048 + 4);
1439
1440 case 0xff:
1441 /*
1442 * This lists all the command capabilities above. Add new ones
1443 * in order and update the length and buffer return values.
1444 */
1445
1446 buf[4] = 0x00; /* Physical format */
1447 buf[5] = 0x40; /* Not writable, is readable */
1448 cpu_to_be16wu((uint16_t *)(buf + 6), 2048 + 4);
1449
1450 buf[8] = 0x01; /* Copyright info */
1451 buf[9] = 0x40; /* Not writable, is readable */
1452 cpu_to_be16wu((uint16_t *)(buf + 10), 4 + 4);
1453
1454 buf[12] = 0x03; /* BCA info */
1455 buf[13] = 0x40; /* Not writable, is readable */
1456 cpu_to_be16wu((uint16_t *)(buf + 14), 188 + 4);
1457
1458 buf[16] = 0x04; /* Manufacturing info */
1459 buf[17] = 0x40; /* Not writable, is readable */
1460 cpu_to_be16wu((uint16_t *)(buf + 18), 2048 + 4);
1461
1462 /* Size of buffer, not including 2 byte size field */
1463 cpu_to_be16wu((uint16_t *)buf, 16 + 2);
1464
1465 /* data written + 4 byte header */
1466 return (16 + 4);
1467
1468 default: /* TODO: formats beyond DVD-ROM requires */
1469 return -ASC_INV_FIELD_IN_CMD_PACKET;
1470 }
1471}
1472
5391d806
FB		 1473static void ide_atapi_cmd(IDEState *s)
1474{
1475 const uint8_t *packet;
1476 uint8_t *buf;
1477 int max_len;
1478
1479 packet = s->io_buffer;
1480 buf = s->io_buffer;
1481#ifdef DEBUG_IDE_ATAPI
1482 {
1483 int i;
1484 printf("ATAPI limit=0x%x packet:", s->lcyl | (s->hcyl << 8));
1485 for(i = 0; i < ATAPI_PACKET_SIZE; i++) {
1486 printf(" %02x", packet[i]);
1487 }
1488 printf("\n");
1489 }
1490#endif
1491 switch(s->io_buffer[0]) {
1492 case GPCMD_TEST_UNIT_READY:
caed8802 1493 if (bdrv_is_inserted(s->bs)) {
5391d806
FB		 1494 ide_atapi_cmd_ok(s);
1495 } else {
5fafdf24 1496 ide_atapi_cmd_error(s, SENSE_NOT_READY,
5391d806
FB		 1497 ASC_MEDIUM_NOT_PRESENT);
1498 }
1499 break;
d14049ea 1500 case GPCMD_MODE_SENSE_6:
5391d806
FB		 1501 case GPCMD_MODE_SENSE_10:
1502 {
1503 int action, code;
d14049ea
TS		 1504 if (packet[0] == GPCMD_MODE_SENSE_10)
1505 max_len = ube16_to_cpu(packet + 7);
1506 else
1507 max_len = packet[4];
5391d806
FB		 1508 action = packet[2] >> 6;
1509 code = packet[2] & 0x3f;
1510 switch(action) {
1511 case 0: /* current values */
1512 switch(code) {
1513 case 0x01: /* error recovery */
1514 cpu_to_ube16(&buf[0], 16 + 6);
1515 buf[2] = 0x70;
1516 buf[3] = 0;
1517 buf[4] = 0;
1518 buf[5] = 0;
1519 buf[6] = 0;
1520 buf[7] = 0;
1521
1522 buf[8] = 0x01;
1523 buf[9] = 0x06;
1524 buf[10] = 0x00;
1525 buf[11] = 0x05;
1526 buf[12] = 0x00;
1527 buf[13] = 0x00;
1528 buf[14] = 0x00;
1529 buf[15] = 0x00;
1530 ide_atapi_cmd_reply(s, 16, max_len);
1531 break;
1532 case 0x2a:
1533 cpu_to_ube16(&buf[0], 28 + 6);
1534 buf[2] = 0x70;
1535 buf[3] = 0;
1536 buf[4] = 0;
1537 buf[5] = 0;
1538 buf[6] = 0;
1539 buf[7] = 0;
1540
1541 buf[8] = 0x2a;
1542 buf[9] = 0x12;
0d4a05a1 1543 buf[10] = 0x00;
5391d806 1544 buf[11] = 0x00;
3b46e624 1545
5391d806
FB		 1546 buf[12] = 0x70;
1547 buf[13] = 3 << 5;
1548 buf[14] = (1 << 0) | (1 << 3) | (1 << 5);
caed8802 1549 if (bdrv_is_locked(s->bs))
5391d806
FB		 1550 buf[6] |= 1 << 1;
1551 buf[15] = 0x00;
1552 cpu_to_ube16(&buf[16], 706);
1553 buf[18] = 0;
1554 buf[19] = 2;
1555 cpu_to_ube16(&buf[20], 512);
1556 cpu_to_ube16(&buf[22], 706);
1557 buf[24] = 0;
1558 buf[25] = 0;
1559 buf[26] = 0;
1560 buf[27] = 0;
1561 ide_atapi_cmd_reply(s, 28, max_len);
1562 break;
1563 default:
1564 goto error_cmd;
1565 }
1566 break;
1567 case 1: /* changeable values */
1568 goto error_cmd;
1569 case 2: /* default values */
1570 goto error_cmd;
1571 default:
1572 case 3: /* saved values */
5fafdf24 1573 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
5391d806
FB		 1574 ASC_SAVING_PARAMETERS_NOT_SUPPORTED);
1575 break;
1576 }
1577 }
1578 break;
1579 case GPCMD_REQUEST_SENSE:
1580 max_len = packet[4];
1581 memset(buf, 0, 18);
1582 buf[0] = 0x70 | (1 << 7);
1583 buf[2] = s->sense_key;
1584 buf[7] = 10;
1585 buf[12] = s->asc;
1586 ide_atapi_cmd_reply(s, 18, max_len);
1587 break;
1588 case GPCMD_PREVENT_ALLOW_MEDIUM_REMOVAL:
caed8802
FB		 1589 if (bdrv_is_inserted(s->bs)) {
1590 bdrv_set_locked(s->bs, packet[4] & 1);
5391d806
FB		 1591 ide_atapi_cmd_ok(s);
1592 } else {
5fafdf24 1593 ide_atapi_cmd_error(s, SENSE_NOT_READY,
5391d806
FB		 1594 ASC_MEDIUM_NOT_PRESENT);
1595 }
1596 break;
1597 case GPCMD_READ_10:
1598 case GPCMD_READ_12:
1599 {
1600 int nb_sectors, lba;
1601
5391d806
FB		 1602 if (packet[0] == GPCMD_READ_10)
1603 nb_sectors = ube16_to_cpu(packet + 7);
1604 else
1605 nb_sectors = ube32_to_cpu(packet + 6);
1606 lba = ube32_to_cpu(packet + 2);
1607 if (nb_sectors == 0) {
1608 ide_atapi_cmd_ok(s);
1609 break;
1610 }
98087450
FB		 1611 ide_atapi_cmd_read(s, lba, nb_sectors, 2048);
1612 }
1613 break;
1614 case GPCMD_READ_CD:
1615 {
1616 int nb_sectors, lba, transfer_request;
1617
98087450
FB		 1618 nb_sectors = (packet[6] << 16) | (packet[7] << 8) | packet[8];
1619 lba = ube32_to_cpu(packet + 2);
1620 if (nb_sectors == 0) {
1621 ide_atapi_cmd_ok(s);
1622 break;
1623 }
98087450
FB		 1624 transfer_request = packet[9];
1625 switch(transfer_request & 0xf8) {
1626 case 0x00:
1627 /* nothing */
1628 ide_atapi_cmd_ok(s);
1629 break;
1630 case 0x10:
1631 /* normal read */
1632 ide_atapi_cmd_read(s, lba, nb_sectors, 2048);
1633 break;
1634 case 0xf8:
1635 /* read all data */
1636 ide_atapi_cmd_read(s, lba, nb_sectors, 2352);
1637 break;
1638 default:
5fafdf24 1639 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
98087450
FB		 1640 ASC_INV_FIELD_IN_CMD_PACKET);
1641 break;
1642 }
5391d806
FB		 1643 }
1644 break;
1645 case GPCMD_SEEK:
1646 {
96b8f136
TS		 1647 unsigned int lba;
1648 uint64_t total_sectors;
66c6ef76
FB		 1649
1650 bdrv_get_geometry(s->bs, &total_sectors);
1651 total_sectors >>= 2;
96b8f136 1652 if (total_sectors == 0) {
5fafdf24 1653 ide_atapi_cmd_error(s, SENSE_NOT_READY,
5391d806
FB		 1654 ASC_MEDIUM_NOT_PRESENT);
1655 break;
1656 }
1657 lba = ube32_to_cpu(packet + 2);
66c6ef76 1658 if (lba >= total_sectors) {
5fafdf24 1659 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
5391d806
FB		 1660 ASC_LOGICAL_BLOCK_OOR);
1661 break;
1662 }
1663 ide_atapi_cmd_ok(s);
1664 }
1665 break;
1666 case GPCMD_START_STOP_UNIT:
1667 {
1668 int start, eject;
1669 start = packet[4] & 1;
1670 eject = (packet[4] >> 1) & 1;
3b46e624 1671
caed8802
FB		 1672 if (eject && !start) {
1673 /* eject the disk */
66c6ef76
FB		 1674 bdrv_eject(s->bs, 1);
1675 } else if (eject && start) {
1676 /* close the tray */
1677 bdrv_eject(s->bs, 0);
caed8802 1678 }
5391d806
FB		 1679 ide_atapi_cmd_ok(s);
1680 }
1681 break;
1682 case GPCMD_MECHANISM_STATUS:
1683 {
1684 max_len = ube16_to_cpu(packet + 8);
1685 cpu_to_ube16(buf, 0);
1686 /* no current LBA */
1687 buf[2] = 0;
1688 buf[3] = 0;
1689 buf[4] = 0;
1690 buf[5] = 1;
1691 cpu_to_ube16(buf + 6, 0);
1692 ide_atapi_cmd_reply(s, 8, max_len);
1693 }
1694 break;
1695 case GPCMD_READ_TOC_PMA_ATIP:
1696 {
1697 int format, msf, start_track, len;
96b8f136 1698 uint64_t total_sectors;
5391d806 1699
66c6ef76
FB		 1700 bdrv_get_geometry(s->bs, &total_sectors);
1701 total_sectors >>= 2;
96b8f136 1702 if (total_sectors == 0) {
5fafdf24 1703 ide_atapi_cmd_error(s, SENSE_NOT_READY,
5391d806
FB		 1704 ASC_MEDIUM_NOT_PRESENT);
1705 break;
1706 }
1707 max_len = ube16_to_cpu(packet + 7);
1708 format = packet[9] >> 6;
1709 msf = (packet[1] >> 1) & 1;
1710 start_track = packet[6];
1711 switch(format) {
1712 case 0:
66c6ef76 1713 len = cdrom_read_toc(total_sectors, buf, msf, start_track);
5391d806
FB		 1714 if (len < 0)
1715 goto error_cmd;
1716 ide_atapi_cmd_reply(s, len, max_len);
1717 break;
1718 case 1:
1719 /* multi session : only a single session defined */
1720 memset(buf, 0, 12);
1721 buf[1] = 0x0a;
1722 buf[2] = 0x01;
1723 buf[3] = 0x01;
1724 ide_atapi_cmd_reply(s, 12, max_len);
1725 break;
98087450 1726 case 2:
66c6ef76 1727 len = cdrom_read_toc_raw(total_sectors, buf, msf, start_track);
98087450
FB		 1728 if (len < 0)
1729 goto error_cmd;
1730 ide_atapi_cmd_reply(s, len, max_len);
1731 break;
5391d806 1732 default:
7f777bf3 1733 error_cmd:
5fafdf24 1734 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
7f777bf3
FB		 1735 ASC_INV_FIELD_IN_CMD_PACKET);
1736 break;
5391d806
FB		 1737 }
1738 }
1739 break;
1740 case GPCMD_READ_CDVD_CAPACITY:
66c6ef76 1741 {
96b8f136 1742 uint64_t total_sectors;
66c6ef76
FB		 1743
1744 bdrv_get_geometry(s->bs, &total_sectors);
1745 total_sectors >>= 2;
96b8f136 1746 if (total_sectors == 0) {
5fafdf24 1747 ide_atapi_cmd_error(s, SENSE_NOT_READY,
66c6ef76
FB		 1748 ASC_MEDIUM_NOT_PRESENT);
1749 break;
1750 }
1751 /* NOTE: it is really the number of sectors minus 1 */
1752 cpu_to_ube32(buf, total_sectors - 1);
1753 cpu_to_ube32(buf + 4, 2048);
1754 ide_atapi_cmd_reply(s, 8, 8);
5391d806 1755 }
5391d806 1756 break;
d14049ea
TS		 1757 case GPCMD_READ_DVD_STRUCTURE:
1758 {
1759 int media = packet[1];
8114e9e8
TS		 1760 int format = packet[7];
1761 int ret;
d14049ea 1762
8114e9e8 1763 max_len = ube16_to_cpu(packet + 8);
d14049ea 1764
8114e9e8
TS		 1765 if (format < 0xff) {
1766 if (media_is_cd(s)) {
1767 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1768 ASC_INCOMPATIBLE_FORMAT);
1769 break;
1770 } else if (!media_present(s)) {
1771 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1772 ASC_INV_FIELD_IN_CMD_PACKET);
1773 break;
1774 }
1775 }
d14049ea 1776
8114e9e8
TS		 1777 memset(buf, 0, max_len > IDE_DMA_BUF_SECTORS * 512 + 4 ?
1778 IDE_DMA_BUF_SECTORS * 512 + 4 : max_len);
d14049ea 1779
8114e9e8
TS		 1780 switch (format) {
1781 case 0x00 ... 0x7f:
1782 case 0xff:
1783 if (media == 0) {
1784 ret = ide_dvd_read_structure(s, format, packet, buf);
d14049ea 1785
8114e9e8
TS		 1786 if (ret < 0)
1787 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST, -ret);
1788 else
1789 ide_atapi_cmd_reply(s, ret, max_len);
d14049ea 1790
8114e9e8
TS		 1791 break;
1792 }
1793 /* TODO: BD support, fall through for now */
1794
1795 /* Generic disk structures */
1796 case 0x80: /* TODO: AACS volume identifier */
1797 case 0x81: /* TODO: AACS media serial number */
1798 case 0x82: /* TODO: AACS media identifier */
1799 case 0x83: /* TODO: AACS media key block */
1800 case 0x90: /* TODO: List of recognized format layers */
1801 case 0xc0: /* TODO: Write protection status */
d14049ea
TS		 1802 default:
1803 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1804 ASC_INV_FIELD_IN_CMD_PACKET);
1805 break;
1806 }
1807 }
1808 break;
1809 case GPCMD_SET_SPEED:
1810 ide_atapi_cmd_ok(s);
1811 break;
bd0d90b2
FB		 1812 case GPCMD_INQUIRY:
1813 max_len = packet[4];
1814 buf[0] = 0x05; /* CD-ROM */
1815 buf[1] = 0x80; /* removable */
1816 buf[2] = 0x00; /* ISO */
1817 buf[3] = 0x21; /* ATAPI-2 (XXX: put ATAPI-4 ?) */
aa1f17c1 1818 buf[4] = 31; /* additional length */
bd0d90b2
FB		 1819 buf[5] = 0; /* reserved */
1820 buf[6] = 0; /* reserved */
1821 buf[7] = 0; /* reserved */
1822 padstr8(buf + 8, 8, "QEMU");
38cdea7c 1823 padstr8(buf + 16, 16, "QEMU DVD-ROM");
bd0d90b2
FB		 1824 padstr8(buf + 32, 4, QEMU_VERSION);
1825 ide_atapi_cmd_reply(s, 36, max_len);
1826 break;
d14049ea
TS		 1827 case GPCMD_GET_CONFIGURATION:
1828 {
38cdea7c 1829 uint32_t len;
091d055b 1830 uint8_t index = 0;
d14049ea
TS		 1831
1832 /* only feature 0 is supported */
1833 if (packet[2] != 0 || packet[3] != 0) {
1834 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1835 ASC_INV_FIELD_IN_CMD_PACKET);
1836 break;
1837 }
38cdea7c
AZ		 1838
1839 /* XXX: could result in alignment problems in some architectures */
1840 max_len = ube16_to_cpu(packet + 7);
091d055b 1841
38cdea7c 1842 /*
091d055b
AZ		 1843 * XXX: avoid overflow for io_buffer if max_len is bigger than
1844 * the size of that buffer (dimensioned to max number of
1845 * sectors to transfer at once)
38cdea7c 1846 *
091d055b 1847 * Only a problem if the feature/profiles grow.
38cdea7c
AZ		 1848 */
1849 if (max_len > 512) /* XXX: assume 1 sector */
1850 max_len = 512;
1851
1852 memset(buf, 0, max_len);
1853 /*
1854 * the number of sectors from the media tells us which profile
1855 * to use as current. 0 means there is no media
38cdea7c 1856 */
8114e9e8
TS		 1857 if (media_is_dvd(s))
1858 cpu_to_ube16(buf + 6, MMC_PROFILE_DVD_ROM);
1859 else if (media_is_cd(s))
1860 cpu_to_ube16(buf + 6, MMC_PROFILE_CD_ROM);
38cdea7c 1861
091d055b
AZ		 1862 buf[10] = 0x02 | 0x01; /* persistent and current */
1863 len = 12; /* headers: 8 + 4 */
1864 len += ide_atapi_set_profile(buf, &index, MMC_PROFILE_DVD_ROM);
1865 len += ide_atapi_set_profile(buf, &index, MMC_PROFILE_CD_ROM);
38cdea7c
AZ		 1866 cpu_to_ube32(buf, len - 4); /* data length */
1867
1868 ide_atapi_cmd_reply(s, len, max_len);
d14049ea
TS		 1869 break;
1870 }
5391d806 1871 default:
5fafdf24 1872 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
7f777bf3 1873 ASC_ILLEGAL_OPCODE);
5391d806
FB		 1874 break;
1875 }
1876}
1877
201a51fc
AZ		 1878static void ide_cfata_metadata_inquiry(IDEState *s)
1879{
1880 uint16_t *p;
1881 uint32_t spd;
1882
1883 p = (uint16_t *) s->io_buffer;
1884 memset(p, 0, 0x200);
1885 spd = ((s->mdata_size - 1) >> 9) + 1;
1886
1887 put_le16(p + 0, 0x0001); /* Data format revision */
1888 put_le16(p + 1, 0x0000); /* Media property: silicon */
1889 put_le16(p + 2, s->media_changed); /* Media status */
1890 put_le16(p + 3, s->mdata_size & 0xffff); /* Capacity in bytes (low) */
1891 put_le16(p + 4, s->mdata_size >> 16); /* Capacity in bytes (high) */
1892 put_le16(p + 5, spd & 0xffff); /* Sectors per device (low) */
1893 put_le16(p + 6, spd >> 16); /* Sectors per device (high) */
1894}
1895
1896static void ide_cfata_metadata_read(IDEState *s)
1897{
1898 uint16_t *p;
1899
1900 if (((s->hcyl << 16) | s->lcyl) << 9 > s->mdata_size + 2) {
1901 s->status = ERR_STAT;
1902 s->error = ABRT_ERR;
1903 return;
1904 }
1905
1906 p = (uint16_t *) s->io_buffer;
1907 memset(p, 0, 0x200);
1908
1909 put_le16(p + 0, s->media_changed); /* Media status */
1910 memcpy(p + 1, s->mdata_storage + (((s->hcyl << 16) | s->lcyl) << 9),
1911 MIN(MIN(s->mdata_size - (((s->hcyl << 16) | s->lcyl) << 9),
1912 s->nsector << 9), 0x200 - 2));
1913}
1914
1915static void ide_cfata_metadata_write(IDEState *s)
1916{
1917 if (((s->hcyl << 16) | s->lcyl) << 9 > s->mdata_size + 2) {
1918 s->status = ERR_STAT;
1919 s->error = ABRT_ERR;
1920 return;
1921 }
1922
1923 s->media_changed = 0;
1924
1925 memcpy(s->mdata_storage + (((s->hcyl << 16) | s->lcyl) << 9),
1926 s->io_buffer + 2,
1927 MIN(MIN(s->mdata_size - (((s->hcyl << 16) | s->lcyl) << 9),
1928 s->nsector << 9), 0x200 - 2));
1929}
1930
bd491d6a
TS		 1931/* called when the inserted state of the media has changed */
1932static void cdrom_change_cb(void *opaque)
1933{
1934 IDEState *s = opaque;
96b8f136 1935 uint64_t nb_sectors;
bd491d6a
TS		 1936
1937 /* XXX: send interrupt too */
1938 bdrv_get_geometry(s->bs, &nb_sectors);
1939 s->nb_sectors = nb_sectors;
1940}
1941
c2ff060f
FB		 1942static void ide_cmd_lba48_transform(IDEState *s, int lba48)
1943{
1944 s->lba48 = lba48;
1945
1946 /* handle the 'magic' 0 nsector count conversion here. to avoid
1947 * fiddling with the rest of the read logic, we just store the
1948 * full sector count in ->nsector and ignore ->hob_nsector from now
1949 */
1950 if (!s->lba48) {
1951 if (!s->nsector)
1952 s->nsector = 256;
1953 } else {
1954 if (!s->nsector && !s->hob_nsector)
1955 s->nsector = 65536;
1956 else {
1957 int lo = s->nsector;
1958 int hi = s->hob_nsector;
1959
1960 s->nsector = (hi << 8) | lo;
1961 }
1962 }
1963}
1964
1965static void ide_clear_hob(IDEState *ide_if)
1966{
1967 /* any write clears HOB high bit of device control register */
1968 ide_if[0].select &= ~(1 << 7);
1969 ide_if[1].select &= ~(1 << 7);
1970}
1971
caed8802
FB		 1972static void ide_ioport_write(void *opaque, uint32_t addr, uint32_t val)
1973{
1974 IDEState *ide_if = opaque;
c45c3d00 1975 IDEState *s;
5391d806 1976 int unit, n;
c2ff060f 1977 int lba48 = 0;
5391d806
FB		 1978
1979#ifdef DEBUG_IDE
1980 printf("IDE: write addr=0x%x val=0x%02x\n", addr, val);
1981#endif
c2ff060f 1982
5391d806 1983 addr &= 7;
fcdd25ab
AL		 1984
1985 /* ignore writes to command block while busy with previous command */
1986 if (addr != 7 && (ide_if->cur_drive->status & (BUSY_STAT|DRQ_STAT)))
1987 return;
1988
5391d806
FB		 1989 switch(addr) {
1990 case 0:
1991 break;
1992 case 1:
c2ff060f 1993 ide_clear_hob(ide_if);
c45c3d00 1994 /* NOTE: data is written to the two drives */
c2ff060f
FB		 1995 ide_if[0].hob_feature = ide_if[0].feature;
1996 ide_if[1].hob_feature = ide_if[1].feature;
c45c3d00
FB		 1997 ide_if[0].feature = val;
1998 ide_if[1].feature = val;
5391d806
FB		 1999 break;
2000 case 2:
c2ff060f
FB		 2001 ide_clear_hob(ide_if);
2002 ide_if[0].hob_nsector = ide_if[0].nsector;
2003 ide_if[1].hob_nsector = ide_if[1].nsector;
c45c3d00
FB		 2004 ide_if[0].nsector = val;
2005 ide_if[1].nsector = val;
5391d806
FB		 2006 break;
2007 case 3:
c2ff060f
FB		 2008 ide_clear_hob(ide_if);
2009 ide_if[0].hob_sector = ide_if[0].sector;
2010 ide_if[1].hob_sector = ide_if[1].sector;
c45c3d00
FB		 2011 ide_if[0].sector = val;
2012 ide_if[1].sector = val;
5391d806
FB		 2013 break;
2014 case 4:
c2ff060f
FB		 2015 ide_clear_hob(ide_if);
2016 ide_if[0].hob_lcyl = ide_if[0].lcyl;
2017 ide_if[1].hob_lcyl = ide_if[1].lcyl;
c45c3d00
FB		 2018 ide_if[0].lcyl = val;
2019 ide_if[1].lcyl = val;
5391d806
FB		 2020 break;
2021 case 5:
c2ff060f
FB		 2022 ide_clear_hob(ide_if);
2023 ide_if[0].hob_hcyl = ide_if[0].hcyl;
2024 ide_if[1].hob_hcyl = ide_if[1].hcyl;
c45c3d00
FB		 2025 ide_if[0].hcyl = val;
2026 ide_if[1].hcyl = val;
5391d806
FB		 2027 break;
2028 case 6:
c2ff060f 2029 /* FIXME: HOB readback uses bit 7 */
7ae98627
FB		 2030 ide_if[0].select = (val & ~0x10) | 0xa0;
2031 ide_if[1].select = (val | 0x10) | 0xa0;
5391d806
FB		 2032 /* select drive */
2033 unit = (val >> 4) & 1;
2034 s = ide_if + unit;
2035 ide_if->cur_drive = s;
5391d806
FB		 2036 break;
2037 default:
2038 case 7:
2039 /* command */
2040#if defined(DEBUG_IDE)
2041 printf("ide: CMD=%02x\n", val);
2042#endif
c45c3d00 2043 s = ide_if->cur_drive;
66201e2d 2044 /* ignore commands to non existant slave */
5fafdf24 2045 if (s != ide_if && !s->bs)
66201e2d 2046 break;
c2ff060f 2047
fcdd25ab
AL		 2048 /* Only DEVICE RESET is allowed while BSY or/and DRQ are set */
2049 if ((s->status & (BUSY_STAT|DRQ_STAT)) && val != WIN_DEVICE_RESET)
2050 break;
2051
5391d806
FB		 2052 switch(val) {
2053 case WIN_IDENTIFY:
2054 if (s->bs && !s->is_cdrom) {
201a51fc
AZ		 2055 if (!s->is_cf)
2056 ide_identify(s);
2057 else
2058 ide_cfata_identify(s);
2a282056 2059 s->status = READY_STAT | SEEK_STAT;
5391d806
FB		 2060 ide_transfer_start(s, s->io_buffer, 512, ide_transfer_stop);
2061 } else {
2062 if (s->is_cdrom) {
2063 ide_set_signature(s);
2064 }
2065 ide_abort_command(s);
2066 }
2067 ide_set_irq(s);
2068 break;
2069 case WIN_SPECIFY:
2070 case WIN_RECAL:
a136e5a8 2071 s->error = 0;
769bec72 2072 s->status = READY_STAT | SEEK_STAT;
5391d806
FB		 2073 ide_set_irq(s);
2074 break;
2075 case WIN_SETMULT:
201a51fc
AZ		 2076 if (s->is_cf && s->nsector == 0) {
2077 /* Disable Read and Write Multiple */
2078 s->mult_sectors = 0;
41a2b959 2079 s->status = READY_STAT | SEEK_STAT;
201a51fc 2080 } else if ((s->nsector & 0xff) != 0 &&
39dfc926
TS		 2081 ((s->nsector & 0xff) > MAX_MULT_SECTORS ||
2082 (s->nsector & (s->nsector - 1)) != 0)) {
5391d806
FB		 2083 ide_abort_command(s);
2084 } else {
292eef5a 2085 s->mult_sectors = s->nsector & 0xff;
41a2b959 2086 s->status = READY_STAT | SEEK_STAT;
5391d806
FB		 2087 }
2088 ide_set_irq(s);
2089 break;
c2ff060f
FB		 2090 case WIN_VERIFY_EXT:
2091 lba48 = 1;
4ce900b4
FB		 2092 case WIN_VERIFY:
2093 case WIN_VERIFY_ONCE:
2094 /* do sector number check ? */
c2ff060f 2095 ide_cmd_lba48_transform(s, lba48);
41a2b959 2096 s->status = READY_STAT | SEEK_STAT;
4ce900b4
FB		 2097 ide_set_irq(s);
2098 break;
c2ff060f
FB		 2099 case WIN_READ_EXT:
2100 lba48 = 1;
5391d806
FB		 2101 case WIN_READ:
2102 case WIN_READ_ONCE:
5fafdf24 2103 if (!s->bs)
6b136f9e 2104 goto abort_cmd;
c2ff060f 2105 ide_cmd_lba48_transform(s, lba48);
5391d806
FB		 2106 s->req_nb_sectors = 1;
2107 ide_sector_read(s);
2108 break;
c2ff060f
FB		 2109 case WIN_WRITE_EXT:
2110 lba48 = 1;
5391d806
FB		 2111 case WIN_WRITE:
2112 case WIN_WRITE_ONCE:
201a51fc
AZ		 2113 case CFA_WRITE_SECT_WO_ERASE:
2114 case WIN_WRITE_VERIFY:
c2ff060f 2115 ide_cmd_lba48_transform(s, lba48);
a136e5a8 2116 s->error = 0;
f66723fa 2117 s->status = SEEK_STAT | READY_STAT;
5391d806
FB		 2118 s->req_nb_sectors = 1;
2119 ide_transfer_start(s, s->io_buffer, 512, ide_sector_write);
201a51fc 2120 s->media_changed = 1;
5391d806 2121 break;
c2ff060f
FB		 2122 case WIN_MULTREAD_EXT:
2123 lba48 = 1;
5391d806
FB		 2124 case WIN_MULTREAD:
2125 if (!s->mult_sectors)
2126 goto abort_cmd;
c2ff060f 2127 ide_cmd_lba48_transform(s, lba48);
5391d806
FB		 2128 s->req_nb_sectors = s->mult_sectors;
2129 ide_sector_read(s);
2130 break;
c2ff060f
FB		 2131 case WIN_MULTWRITE_EXT:
2132 lba48 = 1;
5391d806 2133 case WIN_MULTWRITE:
201a51fc 2134 case CFA_WRITE_MULTI_WO_ERASE:
5391d806
FB		 2135 if (!s->mult_sectors)
2136 goto abort_cmd;
c2ff060f 2137 ide_cmd_lba48_transform(s, lba48);
a136e5a8 2138 s->error = 0;
f66723fa 2139 s->status = SEEK_STAT | READY_STAT;
5391d806
FB		 2140 s->req_nb_sectors = s->mult_sectors;
2141 n = s->nsector;
2142 if (n > s->req_nb_sectors)
2143 n = s->req_nb_sectors;
2144 ide_transfer_start(s, s->io_buffer, 512 * n, ide_sector_write);
201a51fc 2145 s->media_changed = 1;
5391d806 2146 break;
c2ff060f
FB		 2147 case WIN_READDMA_EXT:
2148 lba48 = 1;
98087450
FB		 2149 case WIN_READDMA:
2150 case WIN_READDMA_ONCE:
5fafdf24 2151 if (!s->bs)
98087450 2152 goto abort_cmd;
c2ff060f 2153 ide_cmd_lba48_transform(s, lba48);
98087450
FB		 2154 ide_sector_read_dma(s);
2155 break;
c2ff060f
FB		 2156 case WIN_WRITEDMA_EXT:
2157 lba48 = 1;
98087450
FB		 2158 case WIN_WRITEDMA:
2159 case WIN_WRITEDMA_ONCE:
5fafdf24 2160 if (!s->bs)
98087450 2161 goto abort_cmd;
c2ff060f 2162 ide_cmd_lba48_transform(s, lba48);
98087450 2163 ide_sector_write_dma(s);
201a51fc 2164 s->media_changed = 1;
98087450 2165 break;
c2ff060f
FB		 2166 case WIN_READ_NATIVE_MAX_EXT:
2167 lba48 = 1;
5391d806 2168 case WIN_READ_NATIVE_MAX:
c2ff060f 2169 ide_cmd_lba48_transform(s, lba48);
5391d806 2170 ide_set_sector(s, s->nb_sectors - 1);
41a2b959 2171 s->status = READY_STAT | SEEK_STAT;
5391d806
FB		 2172 ide_set_irq(s);
2173 break;
a136e5a8 2174 case WIN_CHECKPOWERMODE1:
201a51fc 2175 case WIN_CHECKPOWERMODE2:
a136e5a8 2176 s->nsector = 0xff; /* device active or idle */
41a2b959 2177 s->status = READY_STAT | SEEK_STAT;
a136e5a8
FB		 2178 ide_set_irq(s);
2179 break;
34e538ae
FB		 2180 case WIN_SETFEATURES:
2181 if (!s->bs)
2182 goto abort_cmd;
2183 /* XXX: valid for CDROM ? */
2184 switch(s->feature) {
e1f63470
TS		 2185 case 0xcc: /* reverting to power-on defaults enable */
2186 case 0x66: /* reverting to power-on defaults disable */
34e538ae
FB		 2187 case 0x02: /* write cache enable */
2188 case 0x82: /* write cache disable */
2189 case 0xaa: /* read look-ahead enable */
2190 case 0x55: /* read look-ahead disable */
201a51fc
AZ		 2191 case 0x05: /* set advanced power management mode */
2192 case 0x85: /* disable advanced power management mode */
2193 case 0x69: /* NOP */
2194 case 0x67: /* NOP */
2195 case 0x96: /* NOP */
2196 case 0x9a: /* NOP */
c3e88d8c
TS		 2197 case 0x42: /* enable Automatic Acoustic Mode */
2198 case 0xc2: /* disable Automatic Acoustic Mode */
e0fe67aa 2199 s->status = READY_STAT | SEEK_STAT;
34e538ae
FB		 2200 ide_set_irq(s);
2201 break;
94458802
FB		 2202 case 0x03: { /* set transfer mode */
2203 uint8_t val = s->nsector & 0x07;
2204
2205 switch (s->nsector >> 3) {
2206 case 0x00: /* pio default */
2207 case 0x01: /* pio mode */
d1b5c20d
TS		 2208 put_le16(s->identify_data + 62,0x07);
2209 put_le16(s->identify_data + 63,0x07);
2210 put_le16(s->identify_data + 88,0x3f);
2211 break;
2212 case 0x02: /* sigle word dma mode*/
2213 put_le16(s->identify_data + 62,0x07 | (1 << (val + 8)));
94458802
FB		 2214 put_le16(s->identify_data + 63,0x07);
2215 put_le16(s->identify_data + 88,0x3f);
2216 break;
2217 case 0x04: /* mdma mode */
d1b5c20d 2218 put_le16(s->identify_data + 62,0x07);
94458802
FB		 2219 put_le16(s->identify_data + 63,0x07 | (1 << (val + 8)));
2220 put_le16(s->identify_data + 88,0x3f);
2221 break;
2222 case 0x08: /* udma mode */
d1b5c20d 2223 put_le16(s->identify_data + 62,0x07);
94458802
FB		 2224 put_le16(s->identify_data + 63,0x07);
2225 put_le16(s->identify_data + 88,0x3f | (1 << (val + 8)));
2226 break;
2227 default:
2228 goto abort_cmd;
2229 }
2230 s->status = READY_STAT | SEEK_STAT;
2231 ide_set_irq(s);
2232 break;
2233 }
34e538ae
FB		 2234 default:
2235 goto abort_cmd;
2236 }
2237 break;
c2ff060f
FB		 2238 case WIN_FLUSH_CACHE:
2239 case WIN_FLUSH_CACHE_EXT:
7a6cba61
PB		 2240 if (s->bs)
2241 bdrv_flush(s->bs);
41a2b959 2242 s->status = READY_STAT | SEEK_STAT;
7a6cba61
PB		 2243 ide_set_irq(s);
2244 break;
c3e88d8c
TS		 2245 case WIN_STANDBY:
2246 case WIN_STANDBY2:
2247 case WIN_STANDBYNOW1:
201a51fc 2248 case WIN_STANDBYNOW2:
c451ee71 2249 case WIN_IDLEIMMEDIATE:
201a51fc
AZ		 2250 case CFA_IDLEIMMEDIATE:
2251 case WIN_SETIDLE1:
2252 case WIN_SETIDLE2:
c3e88d8c
TS		 2253 case WIN_SLEEPNOW1:
2254 case WIN_SLEEPNOW2:
2255 s->status = READY_STAT;
a7dfe172
FB		 2256 ide_set_irq(s);
2257 break;
5391d806
FB		 2258 /* ATAPI commands */
2259 case WIN_PIDENTIFY:
2260 if (s->is_cdrom) {
2261 ide_atapi_identify(s);
1298fe63 2262 s->status = READY_STAT | SEEK_STAT;
5391d806
FB		 2263 ide_transfer_start(s, s->io_buffer, 512, ide_transfer_stop);
2264 } else {
2265 ide_abort_command(s);
2266 }
2267 ide_set_irq(s);
2268 break;
c451ee71
FB		 2269 case WIN_DIAGNOSE:
2270 ide_set_signature(s);
41a2b959 2271 s->status = READY_STAT | SEEK_STAT;
c451ee71 2272 s->error = 0x01;
f5fdd0a8 2273 ide_set_irq(s);
c451ee71 2274 break;
5391d806
FB		 2275 case WIN_SRST:
2276 if (!s->is_cdrom)
2277 goto abort_cmd;
2278 ide_set_signature(s);
6b136f9e 2279 s->status = 0x00; /* NOTE: READY is _not_ set */
5391d806
FB		 2280 s->error = 0x01;
2281 break;
2282 case WIN_PACKETCMD:
2283 if (!s->is_cdrom)
2284 goto abort_cmd;
98087450
FB		 2285 /* overlapping commands not supported */
2286 if (s->feature & 0x02)
5391d806 2287 goto abort_cmd;
41a2b959 2288 s->status = READY_STAT | SEEK_STAT;
98087450 2289 s->atapi_dma = s->feature & 1;
5391d806 2290 s->nsector = 1;
5fafdf24 2291 ide_transfer_start(s, s->io_buffer, ATAPI_PACKET_SIZE,
5391d806
FB		 2292 ide_atapi_cmd);
2293 break;
201a51fc
AZ		 2294 /* CF-ATA commands */
2295 case CFA_REQ_EXT_ERROR_CODE:
2296 if (!s->is_cf)
2297 goto abort_cmd;
2298 s->error = 0x09; /* miscellaneous error */
41a2b959 2299 s->status = READY_STAT | SEEK_STAT;
201a51fc
AZ		 2300 ide_set_irq(s);
2301 break;
2302 case CFA_ERASE_SECTORS:
2303 case CFA_WEAR_LEVEL:
2304 if (!s->is_cf)
2305 goto abort_cmd;
2306 if (val == CFA_WEAR_LEVEL)
2307 s->nsector = 0;
2308 if (val == CFA_ERASE_SECTORS)
2309 s->media_changed = 1;
2310 s->error = 0x00;
41a2b959 2311 s->status = READY_STAT | SEEK_STAT;
201a51fc
AZ		 2312 ide_set_irq(s);
2313 break;
2314 case CFA_TRANSLATE_SECTOR:
2315 if (!s->is_cf)
2316 goto abort_cmd;
2317 s->error = 0x00;
41a2b959 2318 s->status = READY_STAT | SEEK_STAT;
201a51fc
AZ		 2319 memset(s->io_buffer, 0, 0x200);
2320 s->io_buffer[0x00] = s->hcyl; /* Cyl MSB */
2321 s->io_buffer[0x01] = s->lcyl; /* Cyl LSB */
2322 s->io_buffer[0x02] = s->select; /* Head */
2323 s->io_buffer[0x03] = s->sector; /* Sector */
2324 s->io_buffer[0x04] = ide_get_sector(s) >> 16; /* LBA MSB */
2325 s->io_buffer[0x05] = ide_get_sector(s) >> 8; /* LBA */
2326 s->io_buffer[0x06] = ide_get_sector(s) >> 0; /* LBA LSB */
2327 s->io_buffer[0x13] = 0x00; /* Erase flag */
2328 s->io_buffer[0x18] = 0x00; /* Hot count */
2329 s->io_buffer[0x19] = 0x00; /* Hot count */
2330 s->io_buffer[0x1a] = 0x01; /* Hot count */
2331 ide_transfer_start(s, s->io_buffer, 0x200, ide_transfer_stop);
2332 ide_set_irq(s);
2333 break;
2334 case CFA_ACCESS_METADATA_STORAGE:
2335 if (!s->is_cf)
2336 goto abort_cmd;
2337 switch (s->feature) {
2338 case 0x02: /* Inquiry Metadata Storage */
2339 ide_cfata_metadata_inquiry(s);
2340 break;
2341 case 0x03: /* Read Metadata Storage */
2342 ide_cfata_metadata_read(s);
2343 break;
2344 case 0x04: /* Write Metadata Storage */
2345 ide_cfata_metadata_write(s);
2346 break;
2347 default:
2348 goto abort_cmd;
2349 }
2350 ide_transfer_start(s, s->io_buffer, 0x200, ide_transfer_stop);
2351 s->status = 0x00; /* NOTE: READY is _not_ set */
2352 ide_set_irq(s);
2353 break;
2354 case IBM_SENSE_CONDITION:
2355 if (!s->is_cf)
2356 goto abort_cmd;
2357 switch (s->feature) {
2358 case 0x01: /* sense temperature in device */
2359 s->nsector = 0x50; /* +20 C */
2360 break;
2361 default:
2362 goto abort_cmd;
2363 }
41a2b959 2364 s->status = READY_STAT | SEEK_STAT;
201a51fc
AZ		 2365 ide_set_irq(s);
2366 break;
5391d806
FB		 2367 default:
2368 abort_cmd:
2369 ide_abort_command(s);
2370 ide_set_irq(s);
2371 break;
2372 }
2373 }
2374}
2375
caed8802 2376static uint32_t ide_ioport_read(void *opaque, uint32_t addr1)
5391d806 2377{
7ae98627
FB		 2378 IDEState *ide_if = opaque;
2379 IDEState *s = ide_if->cur_drive;
5391d806 2380 uint32_t addr;
c2ff060f 2381 int ret, hob;
5391d806
FB		 2382
2383 addr = addr1 & 7;
c2ff060f
FB		 2384 /* FIXME: HOB readback uses bit 7, but it's always set right now */
2385 //hob = s->select & (1 << 7);
2386 hob = 0;
5391d806
FB		 2387 switch(addr) {
2388 case 0:
2389 ret = 0xff;
2390 break;
2391 case 1:
7ae98627 2392 if (!ide_if[0].bs && !ide_if[1].bs)
c45c3d00 2393 ret = 0;
c2ff060f 2394 else if (!hob)
c45c3d00 2395 ret = s->error;
c2ff060f
FB		 2396 else
2397 ret = s->hob_feature;
5391d806
FB		 2398 break;
2399 case 2:
7ae98627 2400 if (!ide_if[0].bs && !ide_if[1].bs)
c45c3d00 2401 ret = 0;
c2ff060f 2402 else if (!hob)
c45c3d00 2403 ret = s->nsector & 0xff;
c2ff060f
FB		 2404 else
2405 ret = s->hob_nsector;
5391d806
FB		 2406 break;
2407 case 3:
7ae98627 2408 if (!ide_if[0].bs && !ide_if[1].bs)
c45c3d00 2409 ret = 0;
c2ff060f 2410 else if (!hob)
c45c3d00 2411 ret = s->sector;
c2ff060f
FB		 2412 else
2413 ret = s->hob_sector;
5391d806
FB		 2414 break;
2415 case 4:
7ae98627 2416 if (!ide_if[0].bs && !ide_if[1].bs)
c45c3d00 2417 ret = 0;
c2ff060f 2418 else if (!hob)
c45c3d00 2419 ret = s->lcyl;
c2ff060f
FB		 2420 else
2421 ret = s->hob_lcyl;
5391d806
FB		 2422 break;
2423 case 5:
7ae98627 2424 if (!ide_if[0].bs && !ide_if[1].bs)
c45c3d00 2425 ret = 0;
c2ff060f 2426 else if (!hob)
c45c3d00 2427 ret = s->hcyl;
c2ff060f
FB		 2428 else
2429 ret = s->hob_hcyl;
5391d806
FB		 2430 break;
2431 case 6:
7ae98627 2432 if (!ide_if[0].bs && !ide_if[1].bs)
c45c3d00
FB		 2433 ret = 0;
2434 else
7ae98627 2435 ret = s->select;
5391d806
FB		 2436 break;
2437 default:
2438 case 7:
66201e2d
FB		 2439 if ((!ide_if[0].bs && !ide_if[1].bs) ||
2440 (s != ide_if && !s->bs))
c45c3d00
FB		 2441 ret = 0;
2442 else
2443 ret = s->status;
d537cf6c 2444 qemu_irq_lower(s->irq);
5391d806
FB		 2445 break;
2446 }
2447#ifdef DEBUG_IDE
2448 printf("ide: read addr=0x%x val=%02x\n", addr1, ret);
2449#endif
2450 return ret;
2451}
2452
caed8802 2453static uint32_t ide_status_read(void *opaque, uint32_t addr)
5391d806 2454{
7ae98627
FB		 2455 IDEState *ide_if = opaque;
2456 IDEState *s = ide_if->cur_drive;
5391d806 2457 int ret;
7ae98627 2458
66201e2d
FB		 2459 if ((!ide_if[0].bs && !ide_if[1].bs) ||
2460 (s != ide_if && !s->bs))
7ae98627
FB		 2461 ret = 0;
2462 else
2463 ret = s->status;
5391d806
FB		 2464#ifdef DEBUG_IDE
2465 printf("ide: read status addr=0x%x val=%02x\n", addr, ret);
2466#endif
2467 return ret;
2468}
2469
caed8802 2470static void ide_cmd_write(void *opaque, uint32_t addr, uint32_t val)
5391d806 2471{
caed8802 2472 IDEState *ide_if = opaque;
5391d806
FB		 2473 IDEState *s;
2474 int i;
2475
2476#ifdef DEBUG_IDE
2477 printf("ide: write control addr=0x%x val=%02x\n", addr, val);
2478#endif
2479 /* common for both drives */
2480 if (!(ide_if[0].cmd & IDE_CMD_RESET) &&
2481 (val & IDE_CMD_RESET)) {
2482 /* reset low to high */
2483 for(i = 0;i < 2; i++) {
2484 s = &ide_if[i];
2485 s->status = BUSY_STAT | SEEK_STAT;
2486 s->error = 0x01;
2487 }
2488 } else if ((ide_if[0].cmd & IDE_CMD_RESET) &&
2489 !(val & IDE_CMD_RESET)) {
2490 /* high to low */
2491 for(i = 0;i < 2; i++) {
2492 s = &ide_if[i];
6b136f9e
FB		 2493 if (s->is_cdrom)
2494 s->status = 0x00; /* NOTE: READY is _not_ set */
2495 else
56bf1d37 2496 s->status = READY_STAT | SEEK_STAT;
5391d806
FB		 2497 ide_set_signature(s);
2498 }
2499 }
2500
2501 ide_if[0].cmd = val;
2502 ide_if[1].cmd = val;
2503}
2504
caed8802 2505static void ide_data_writew(void *opaque, uint32_t addr, uint32_t val)
5391d806 2506{
caed8802 2507 IDEState *s = ((IDEState *)opaque)->cur_drive;
5391d806
FB		 2508 uint8_t *p;
2509
fcdd25ab
AL		 2510 /* PIO data access allowed only when DRQ bit is set */
2511 if (!(s->status & DRQ_STAT))
2512 return;
2513
5391d806 2514 p = s->data_ptr;
0c4ad8dc 2515 *(uint16_t *)p = le16_to_cpu(val);
5391d806
FB		 2516 p += 2;
2517 s->data_ptr = p;
2518 if (p >= s->data_end)
2519 s->end_transfer_func(s);
2520}
2521
caed8802 2522static uint32_t ide_data_readw(void *opaque, uint32_t addr)
5391d806 2523{
caed8802 2524 IDEState *s = ((IDEState *)opaque)->cur_drive;
5391d806
FB		 2525 uint8_t *p;
2526 int ret;
fcdd25ab
AL		 2527
2528 /* PIO data access allowed only when DRQ bit is set */
2529 if (!(s->status & DRQ_STAT))
2530 return 0;
2531
5391d806 2532 p = s->data_ptr;
0c4ad8dc 2533 ret = cpu_to_le16(*(uint16_t *)p);
5391d806
FB		 2534 p += 2;
2535 s->data_ptr = p;
2536 if (p >= s->data_end)
2537 s->end_transfer_func(s);
2538 return ret;
2539}
2540
caed8802 2541static void ide_data_writel(void *opaque, uint32_t addr, uint32_t val)
5391d806 2542{
caed8802 2543 IDEState *s = ((IDEState *)opaque)->cur_drive;
5391d806
FB		 2544 uint8_t *p;
2545
fcdd25ab
AL		 2546 /* PIO data access allowed only when DRQ bit is set */
2547 if (!(s->status & DRQ_STAT))
2548 return;
2549
5391d806 2550 p = s->data_ptr;
0c4ad8dc 2551 *(uint32_t *)p = le32_to_cpu(val);
5391d806
FB		 2552 p += 4;
2553 s->data_ptr = p;
2554 if (p >= s->data_end)
2555 s->end_transfer_func(s);
2556}
2557
caed8802 2558static uint32_t ide_data_readl(void *opaque, uint32_t addr)
5391d806 2559{
caed8802 2560 IDEState *s = ((IDEState *)opaque)->cur_drive;
5391d806
FB		 2561 uint8_t *p;
2562 int ret;
3b46e624 2563
fcdd25ab
AL		 2564 /* PIO data access allowed only when DRQ bit is set */
2565 if (!(s->status & DRQ_STAT))
2566 return 0;
2567
5391d806 2568 p = s->data_ptr;
0c4ad8dc 2569 ret = cpu_to_le32(*(uint32_t *)p);
5391d806
FB		 2570 p += 4;
2571 s->data_ptr = p;
2572 if (p >= s->data_end)
2573 s->end_transfer_func(s);
2574 return ret;
2575}
2576
a7dfe172
FB		 2577static void ide_dummy_transfer_stop(IDEState *s)
2578{
2579 s->data_ptr = s->io_buffer;
2580 s->data_end = s->io_buffer;
2581 s->io_buffer[0] = 0xff;
2582 s->io_buffer[1] = 0xff;
2583 s->io_buffer[2] = 0xff;
2584 s->io_buffer[3] = 0xff;
2585}
2586
5391d806
FB		 2587static void ide_reset(IDEState *s)
2588{
201a51fc
AZ		 2589 if (s->is_cf)
2590 s->mult_sectors = 0;
2591 else
2592 s->mult_sectors = MAX_MULT_SECTORS;
5391d806
FB		 2593 s->cur_drive = s;
2594 s->select = 0xa0;
41a2b959 2595 s->status = READY_STAT | SEEK_STAT;
5391d806 2596 ide_set_signature(s);
a7dfe172
FB		 2597 /* init the transfer handler so that 0xffff is returned on data
2598 accesses */
2599 s->end_transfer_func = ide_dummy_transfer_stop;
2600 ide_dummy_transfer_stop(s);
201a51fc 2601 s->media_changed = 0;
5391d806
FB		 2602}
2603
2604struct partition {
2605 uint8_t boot_ind; /* 0x80 - active */
2606 uint8_t head; /* starting head */
2607 uint8_t sector; /* starting sector */
2608 uint8_t cyl; /* starting cylinder */
2609 uint8_t sys_ind; /* What partition type */
2610 uint8_t end_head; /* end head */
2611 uint8_t end_sector; /* end sector */
2612 uint8_t end_cyl; /* end cylinder */
2613 uint32_t start_sect; /* starting sector counting from 0 */
2614 uint32_t nr_sects; /* nr of sectors in partition */
2615} __attribute__((packed));
2616
bf1b938f 2617/* try to guess the disk logical geometry from the MSDOS partition table. Return 0 if OK, -1 if could not guess */
5fafdf24 2618static int guess_disk_lchs(IDEState *s,
bf1b938f 2619 int *pcylinders, int *pheads, int *psectors)
5391d806 2620{
c717d8bf 2621 uint8_t *buf = s->io_buffer;
46d4767d 2622 int ret, i, heads, sectors, cylinders;
5391d806
FB		 2623 struct partition *p;
2624 uint32_t nr_sects;
2625
5391d806 2626 ret = bdrv_read(s->bs, 0, buf, 1);
33f00271 2627 if (ret < 0) {
bf1b938f 2628 return -1;
33f00271 2629 }
5391d806 2630 /* test msdos magic */
33f00271 2631 if (buf[510] != 0x55 || buf[511] != 0xaa) {
bf1b938f 2632 return -1;
33f00271 2633 }
5391d806
FB		 2634 for(i = 0; i < 4; i++) {
2635 p = ((struct partition *)(buf + 0x1be)) + i;
0c4ad8dc 2636 nr_sects = le32_to_cpu(p->nr_sects);
5391d806
FB		 2637 if (nr_sects && p->end_head) {
2638 /* We make the assumption that the partition terminates on
2639 a cylinder boundary */
46d4767d 2640 heads = p->end_head + 1;
46d4767d
FB		 2641 sectors = p->end_sector & 63;
2642 if (sectors == 0)
2643 continue;
2644 cylinders = s->nb_sectors / (heads * sectors);
2645 if (cylinders < 1 || cylinders > 16383)
2646 continue;
bf1b938f
FB		 2647 *pheads = heads;
2648 *psectors = sectors;
2649 *pcylinders = cylinders;
5391d806 2650#if 0
5fafdf24 2651 printf("guessed geometry: LCHS=%d %d %d\n",
bf1b938f 2652 cylinders, heads, sectors);
5391d806 2653#endif
bf1b938f 2654 return 0;
5391d806
FB		 2655 }
2656 }
bf1b938f 2657 return -1;
5391d806
FB		 2658}
2659
5457c8ce
FB		 2660static void ide_init2(IDEState *ide_state,
2661 BlockDriverState *hd0, BlockDriverState *hd1,
d537cf6c 2662 qemu_irq irq)
5391d806 2663{
69b91039 2664 IDEState *s;
aedf5382 2665 static int drive_serial = 1;
4dbb0f50 2666 int i, cylinders, heads, secs, translation, lba_detected = 0;
96b8f136 2667 uint64_t nb_sectors;
5391d806 2668
caed8802
FB		 2669 for(i = 0; i < 2; i++) {
2670 s = ide_state + i;
1d8cde5b 2671 s->io_buffer = qemu_memalign(512, IDE_DMA_BUF_SECTORS*512 + 4);
caed8802
FB		 2672 if (i == 0)
2673 s->bs = hd0;
2674 else
2675 s->bs = hd1;
5391d806
FB		 2676 if (s->bs) {
2677 bdrv_get_geometry(s->bs, &nb_sectors);
2678 s->nb_sectors = nb_sectors;
caed8802
FB		 2679 /* if a geometry hint is available, use it */
2680 bdrv_get_geometry_hint(s->bs, &cylinders, &heads, &secs);
4dbb0f50 2681 translation = bdrv_get_translation_hint(s->bs);
caed8802 2682 if (cylinders != 0) {
5391d806 2683 s->cylinders = cylinders;
caed8802
FB		 2684 s->heads = heads;
2685 s->sectors = secs;
2686 } else {
bf1b938f
FB		 2687 if (guess_disk_lchs(s, &cylinders, &heads, &secs) == 0) {
2688 if (heads > 16) {
2689 /* if heads > 16, it means that a BIOS LBA
2690 translation was active, so the default
2691 hardware geometry is OK */
4dbb0f50 2692 lba_detected = 1;
bf1b938f
FB		 2693 goto default_geometry;
2694 } else {
2695 s->cylinders = cylinders;
2696 s->heads = heads;
2697 s->sectors = secs;
2698 /* disable any translation to be in sync with
2699 the logical geometry */
bf1b938f
FB		 2700 if (translation == BIOS_ATA_TRANSLATION_AUTO) {
2701 bdrv_set_translation_hint(s->bs,
2702 BIOS_ATA_TRANSLATION_NONE);
2703 }
2704 }
2705 } else {
2706 default_geometry:
46d4767d 2707 /* if no geometry, use a standard physical disk geometry */
caed8802
FB		 2708 cylinders = nb_sectors / (16 * 63);
2709 if (cylinders > 16383)
2710 cylinders = 16383;
2711 else if (cylinders < 2)
2712 cylinders = 2;
2713 s->cylinders = cylinders;
2714 s->heads = 16;
2715 s->sectors = 63;
4dbb0f50
TS		 2716 if ((lba_detected == 1) && (translation == BIOS_ATA_TRANSLATION_AUTO)) {
2717 if ((s->cylinders * s->heads) <= 131072) {
2718 bdrv_set_translation_hint(s->bs,
2719 BIOS_ATA_TRANSLATION_LARGE);
2720 } else {
2721 bdrv_set_translation_hint(s->bs,
2722 BIOS_ATA_TRANSLATION_LBA);
2723 }
2724 }
caed8802 2725 }
769bec72 2726 bdrv_set_geometry_hint(s->bs, s->cylinders, s->heads, s->sectors);
caed8802
FB		 2727 }
2728 if (bdrv_get_type_hint(s->bs) == BDRV_TYPE_CDROM) {
2729 s->is_cdrom = 1;
bd491d6a 2730 bdrv_set_change_cb(s->bs, cdrom_change_cb, s);
5391d806
FB		 2731 }
2732 }
aedf5382 2733 s->drive_serial = drive_serial++;
caed8802 2734 s->irq = irq;
5fafdf24 2735 s->sector_write_timer = qemu_new_timer(vm_clock,
a09db21f 2736 ide_sector_write_timer_cb, s);
5391d806
FB		 2737 ide_reset(s);
2738 }
69b91039
FB		 2739}
2740
34e538ae 2741static void ide_init_ioport(IDEState *ide_state, int iobase, int iobase2)
69b91039 2742{
caed8802
FB		 2743 register_ioport_write(iobase, 8, 1, ide_ioport_write, ide_state);
2744 register_ioport_read(iobase, 8, 1, ide_ioport_read, ide_state);
2745 if (iobase2) {
2746 register_ioport_read(iobase2, 1, 1, ide_status_read, ide_state);
2747 register_ioport_write(iobase2, 1, 1, ide_cmd_write, ide_state);
5391d806 2748 }
3b46e624 2749
caed8802
FB		 2750 /* data ports */
2751 register_ioport_write(iobase, 2, 2, ide_data_writew, ide_state);
2752 register_ioport_read(iobase, 2, 2, ide_data_readw, ide_state);
2753 register_ioport_write(iobase, 4, 4, ide_data_writel, ide_state);
2754 register_ioport_read(iobase, 4, 4, ide_data_readl, ide_state);
5391d806 2755}
69b91039 2756
aa941b94
AZ		 2757/* save per IDE drive data */
2758static void ide_save(QEMUFile* f, IDEState *s)
2759{
bee8d684
TS		 2760 qemu_put_be32(f, s->mult_sectors);
2761 qemu_put_be32(f, s->identify_set);
aa941b94
AZ		 2762 if (s->identify_set) {
2763 qemu_put_buffer(f, (const uint8_t *)s->identify_data, 512);
2764 }
2765 qemu_put_8s(f, &s->feature);
2766 qemu_put_8s(f, &s->error);
2767 qemu_put_be32s(f, &s->nsector);
2768 qemu_put_8s(f, &s->sector);
2769 qemu_put_8s(f, &s->lcyl);
2770 qemu_put_8s(f, &s->hcyl);
2771 qemu_put_8s(f, &s->hob_feature);
2772 qemu_put_8s(f, &s->hob_nsector);
2773 qemu_put_8s(f, &s->hob_sector);
2774 qemu_put_8s(f, &s->hob_lcyl);
2775 qemu_put_8s(f, &s->hob_hcyl);
2776 qemu_put_8s(f, &s->select);
2777 qemu_put_8s(f, &s->status);
2778 qemu_put_8s(f, &s->lba48);
2779
2780 qemu_put_8s(f, &s->sense_key);
2781 qemu_put_8s(f, &s->asc);
2782 /* XXX: if a transfer is pending, we do not save it yet */
2783}
2784
2785/* load per IDE drive data */
2786static void ide_load(QEMUFile* f, IDEState *s)
2787{
bee8d684
TS		 2788 s->mult_sectors=qemu_get_be32(f);
2789 s->identify_set=qemu_get_be32(f);
aa941b94
AZ		 2790 if (s->identify_set) {
2791 qemu_get_buffer(f, (uint8_t *)s->identify_data, 512);
2792 }
2793 qemu_get_8s(f, &s->feature);
2794 qemu_get_8s(f, &s->error);
2795 qemu_get_be32s(f, &s->nsector);
2796 qemu_get_8s(f, &s->sector);
2797 qemu_get_8s(f, &s->lcyl);
2798 qemu_get_8s(f, &s->hcyl);
2799 qemu_get_8s(f, &s->hob_feature);
2800 qemu_get_8s(f, &s->hob_nsector);
2801 qemu_get_8s(f, &s->hob_sector);
2802 qemu_get_8s(f, &s->hob_lcyl);
2803 qemu_get_8s(f, &s->hob_hcyl);
2804 qemu_get_8s(f, &s->select);
2805 qemu_get_8s(f, &s->status);
2806 qemu_get_8s(f, &s->lba48);
2807
2808 qemu_get_8s(f, &s->sense_key);
2809 qemu_get_8s(f, &s->asc);
2810 /* XXX: if a transfer is pending, we do not save it yet */
2811}
2812
34e538ae
FB		 2813/***********************************************************/
2814/* ISA IDE definitions */
2815
d537cf6c 2816void isa_ide_init(int iobase, int iobase2, qemu_irq irq,
34e538ae
FB		 2817 BlockDriverState *hd0, BlockDriverState *hd1)
2818{
2819 IDEState *ide_state;
2820
2821 ide_state = qemu_mallocz(sizeof(IDEState) * 2);
2822 if (!ide_state)
2823 return;
3b46e624 2824
d537cf6c 2825 ide_init2(ide_state, hd0, hd1, irq);
34e538ae
FB		 2826 ide_init_ioport(ide_state, iobase, iobase2);
2827}
2828
69b91039
FB		 2829/***********************************************************/
2830/* PCI IDE definitions */
2831
5457c8ce
FB		 2832static void cmd646_update_irq(PCIIDEState *d);
2833
5fafdf24 2834static void ide_map(PCIDevice *pci_dev, int region_num,
69b91039
FB		 2835 uint32_t addr, uint32_t size, int type)
2836{
2837 PCIIDEState *d = (PCIIDEState *)pci_dev;
2838 IDEState *ide_state;
2839
2840 if (region_num <= 3) {
2841 ide_state = &d->ide_if[(region_num >> 1) * 2];
2842 if (region_num & 1) {
2843 register_ioport_read(addr + 2, 1, 1, ide_status_read, ide_state);
2844 register_ioport_write(addr + 2, 1, 1, ide_cmd_write, ide_state);
2845 } else {
2846 register_ioport_write(addr, 8, 1, ide_ioport_write, ide_state);
2847 register_ioport_read(addr, 8, 1, ide_ioport_read, ide_state);
2848
2849 /* data ports */
2850 register_ioport_write(addr, 2, 2, ide_data_writew, ide_state);
2851 register_ioport_read(addr, 2, 2, ide_data_readw, ide_state);
2852 register_ioport_write(addr, 4, 4, ide_data_writel, ide_state);
2853 register_ioport_read(addr, 4, 4, ide_data_readl, ide_state);
2854 }
2855 }
2856}
2857
8ccad811 2858static void ide_dma_start(IDEState *s, BlockDriverCompletionFunc *dma_cb)
98087450
FB		 2859{
2860 BMDMAState *bm = s->bmdma;
2861 if(!bm)
2862 return;
2863 bm->ide_if = s;
2864 bm->dma_cb = dma_cb;
8ccad811
FB		 2865 bm->cur_prd_last = 0;
2866 bm->cur_prd_addr = 0;
2867 bm->cur_prd_len = 0;
98087450 2868 if (bm->status & BM_STATUS_DMAING) {
8ccad811 2869 bm->dma_cb(bm, 0);
98087450
FB		 2870 }
2871}
2872
72c7b06c
AL		 2873static void ide_dma_cancel(BMDMAState *bm)
2874{
2875 if (bm->status & BM_STATUS_DMAING) {
2876 bm->status &= ~BM_STATUS_DMAING;
2877 /* cancel DMA request */
2878 bm->ide_if = NULL;
2879 bm->dma_cb = NULL;
2880 if (bm->aiocb) {
2881#ifdef DEBUG_AIO
2882 printf("aio_cancel\n");
2883#endif
2884 bdrv_aio_cancel(bm->aiocb);
2885 bm->aiocb = NULL;
2886 }
2887 }
2888}
2889
98087450
FB		 2890static void bmdma_cmd_writeb(void *opaque, uint32_t addr, uint32_t val)
2891{
2892 BMDMAState *bm = opaque;
2893#ifdef DEBUG_IDE
2894 printf("%s: 0x%08x\n", __func__, val);
2895#endif
2896 if (!(val & BM_CMD_START)) {
2897 /* XXX: do it better */
72c7b06c 2898 ide_dma_cancel(bm);
98087450
FB		 2899 bm->cmd = val & 0x09;
2900 } else {
8ccad811
FB		 2901 if (!(bm->status & BM_STATUS_DMAING)) {
2902 bm->status |= BM_STATUS_DMAING;
2903 /* start dma transfer if possible */
2904 if (bm->dma_cb)
2905 bm->dma_cb(bm, 0);
2906 }
98087450 2907 bm->cmd = val & 0x09;
98087450
FB		 2908 }
2909}
2910
5457c8ce 2911static uint32_t bmdma_readb(void *opaque, uint32_t addr)
98087450
FB		 2912{
2913 BMDMAState *bm = opaque;
5457c8ce 2914 PCIIDEState *pci_dev;
98087450 2915 uint32_t val;
3b46e624 2916
5457c8ce 2917 switch(addr & 3) {
5fafdf24 2918 case 0:
5457c8ce
FB		 2919 val = bm->cmd;
2920 break;
2921 case 1:
2922 pci_dev = bm->pci_dev;
2923 if (pci_dev->type == IDE_TYPE_CMD646) {
2924 val = pci_dev->dev.config[MRDMODE];
2925 } else {
2926 val = 0xff;
2927 }
2928 break;
2929 case 2:
2930 val = bm->status;
2931 break;
2932 case 3:
2933 pci_dev = bm->pci_dev;
2934 if (pci_dev->type == IDE_TYPE_CMD646) {
2935 if (bm == &pci_dev->bmdma[0])
2936 val = pci_dev->dev.config[UDIDETCR0];
2937 else
2938 val = pci_dev->dev.config[UDIDETCR1];
2939 } else {
2940 val = 0xff;
2941 }
2942 break;
2943 default:
2944 val = 0xff;
2945 break;
2946 }
98087450 2947#ifdef DEBUG_IDE
5457c8ce 2948 printf("bmdma: readb 0x%02x : 0x%02x\n", addr, val);
98087450
FB		 2949#endif
2950 return val;
2951}
2952
5457c8ce 2953static void bmdma_writeb(void *opaque, uint32_t addr, uint32_t val)
98087450
FB		 2954{
2955 BMDMAState *bm = opaque;
5457c8ce 2956 PCIIDEState *pci_dev;
98087450 2957#ifdef DEBUG_IDE
5457c8ce 2958 printf("bmdma: writeb 0x%02x : 0x%02x\n", addr, val);
98087450 2959#endif
5457c8ce
FB		 2960 switch(addr & 3) {
2961 case 1:
2962 pci_dev = bm->pci_dev;
2963 if (pci_dev->type == IDE_TYPE_CMD646) {
5fafdf24 2964 pci_dev->dev.config[MRDMODE] =
5457c8ce
FB		 2965 (pci_dev->dev.config[MRDMODE] & ~0x30) | (val & 0x30);
2966 cmd646_update_irq(pci_dev);
2967 }
2968 break;
2969 case 2:
2970 bm->status = (val & 0x60) | (bm->status & 1) | (bm->status & ~val & 0x06);
2971 break;
2972 case 3:
2973 pci_dev = bm->pci_dev;
2974 if (pci_dev->type == IDE_TYPE_CMD646) {
2975 if (bm == &pci_dev->bmdma[0])
2976 pci_dev->dev.config[UDIDETCR0] = val;
2977 else
2978 pci_dev->dev.config[UDIDETCR1] = val;
2979 }
2980 break;
2981 }
98087450
FB		 2982}
2983
5b9a1293
AJ		 2984static uint32_t bmdma_addr_readb(void *opaque, uint32_t addr)
2985{
2986 BMDMAState *bm = opaque;
2987 uint32_t val;
2988 val = (bm->addr >> ((addr & 3) * 8)) & 0xff;
2989#ifdef DEBUG_IDE
2990 printf("%s: 0x%08x\n", __func__, val);
2991#endif
2992 return val;
2993}
2994
2995static void bmdma_addr_writeb(void *opaque, uint32_t addr, uint32_t val)
2996{
2997 BMDMAState *bm = opaque;
2998 int shift = (addr & 3) * 8;
2999#ifdef DEBUG_IDE
3000 printf("%s: 0x%08x\n", __func__, val);
3001#endif
3002 bm->addr &= ~(0xFF << shift);
3003 bm->addr |= ((val & 0xFF) << shift) & ~3;
3004 bm->cur_addr = bm->addr;
3005}
3006
3007static uint32_t bmdma_addr_readw(void *opaque, uint32_t addr)
3008{
3009 BMDMAState *bm = opaque;
3010 uint32_t val;
3011 val = (bm->addr >> ((addr & 3) * 8)) & 0xffff;
3012#ifdef DEBUG_IDE
3013 printf("%s: 0x%08x\n", __func__, val);
3014#endif
3015 return val;
3016}
3017
3018static void bmdma_addr_writew(void *opaque, uint32_t addr, uint32_t val)
3019{
3020 BMDMAState *bm = opaque;
3021 int shift = (addr & 3) * 8;
3022#ifdef DEBUG_IDE
3023 printf("%s: 0x%08x\n", __func__, val);
3024#endif
3025 bm->addr &= ~(0xFFFF << shift);
3026 bm->addr |= ((val & 0xFFFF) << shift) & ~3;
3027 bm->cur_addr = bm->addr;
3028}
3029
98087450
FB		 3030static uint32_t bmdma_addr_readl(void *opaque, uint32_t addr)
3031{
3032 BMDMAState *bm = opaque;
3033 uint32_t val;
3034 val = bm->addr;
3035#ifdef DEBUG_IDE
3036 printf("%s: 0x%08x\n", __func__, val);
3037#endif
3038 return val;
3039}
3040
3041static void bmdma_addr_writel(void *opaque, uint32_t addr, uint32_t val)
3042{
3043 BMDMAState *bm = opaque;
3044#ifdef DEBUG_IDE
3045 printf("%s: 0x%08x\n", __func__, val);
3046#endif
3047 bm->addr = val & ~3;
30c4bbac 3048 bm->cur_addr = bm->addr;
98087450
FB		 3049}
3050
5fafdf24 3051static void bmdma_map(PCIDevice *pci_dev, int region_num,
98087450
FB		 3052 uint32_t addr, uint32_t size, int type)
3053{
3054 PCIIDEState *d = (PCIIDEState *)pci_dev;
3055 int i;
3056
3057 for(i = 0;i < 2; i++) {
3058 BMDMAState *bm = &d->bmdma[i];
3059 d->ide_if[2 * i].bmdma = bm;
3060 d->ide_if[2 * i + 1].bmdma = bm;
5457c8ce
FB		 3061 bm->pci_dev = (PCIIDEState *)pci_dev;
3062
98087450 3063 register_ioport_write(addr, 1, 1, bmdma_cmd_writeb, bm);
98087450 3064
5457c8ce
FB		 3065 register_ioport_write(addr + 1, 3, 1, bmdma_writeb, bm);
3066 register_ioport_read(addr, 4, 1, bmdma_readb, bm);
98087450 3067
5b9a1293
AJ		 3068 register_ioport_write(addr + 4, 4, 1, bmdma_addr_writeb, bm);
3069 register_ioport_read(addr + 4, 4, 1, bmdma_addr_readb, bm);
3070 register_ioport_write(addr + 4, 4, 2, bmdma_addr_writew, bm);
3071 register_ioport_read(addr + 4, 4, 2, bmdma_addr_readw, bm);
98087450
FB		 3072 register_ioport_write(addr + 4, 4, 4, bmdma_addr_writel, bm);
3073 register_ioport_read(addr + 4, 4, 4, bmdma_addr_readl, bm);
3074 addr += 8;
3075 }
3076}
3077
5457c8ce
FB		 3078/* XXX: call it also when the MRDMODE is changed from the PCI config
3079 registers */
3080static void cmd646_update_irq(PCIIDEState *d)
3081{
3082 int pci_level;
3083 pci_level = ((d->dev.config[MRDMODE] & MRDMODE_INTR_CH0) &&
3084 !(d->dev.config[MRDMODE] & MRDMODE_BLK_CH0)) ||
3085 ((d->dev.config[MRDMODE] & MRDMODE_INTR_CH1) &&
3086 !(d->dev.config[MRDMODE] & MRDMODE_BLK_CH1));
d537cf6c 3087 qemu_set_irq(d->dev.irq[0], pci_level);
5457c8ce
FB		 3088}
3089
3090/* the PCI irq level is the logical OR of the two channels */
3091static void cmd646_set_irq(void *opaque, int channel, int level)
3092{
3093 PCIIDEState *d = opaque;
3094 int irq_mask;
3095
3096 irq_mask = MRDMODE_INTR_CH0 << channel;
3097 if (level)
3098 d->dev.config[MRDMODE] |= irq_mask;
3099 else
3100 d->dev.config[MRDMODE] &= ~irq_mask;
3101 cmd646_update_irq(d);
3102}
3103
3104/* CMD646 PCI IDE controller */
3105void pci_cmd646_ide_init(PCIBus *bus, BlockDriverState **hd_table,
3106 int secondary_ide_enabled)
69b91039
FB		 3107{
3108 PCIIDEState *d;
3109 uint8_t *pci_conf;
34e538ae 3110 int i;
d537cf6c 3111 qemu_irq *irq;
34e538ae 3112
5fafdf24 3113 d = (PCIIDEState *)pci_register_device(bus, "CMD646 IDE",
5457c8ce 3114 sizeof(PCIIDEState),
5fafdf24 3115 -1,
73c11f63 3116 NULL, NULL);
5457c8ce 3117 d->type = IDE_TYPE_CMD646;
69b91039 3118 pci_conf = d->dev.config;
5457c8ce
FB		 3119 pci_conf[0x00] = 0x95; // CMD646
3120 pci_conf[0x01] = 0x10;
3121 pci_conf[0x02] = 0x46;
3122 pci_conf[0x03] = 0x06;
3123
3124 pci_conf[0x08] = 0x07; // IDE controller revision
5fafdf24 3125 pci_conf[0x09] = 0x8f;
5457c8ce 3126
69b91039
FB		 3127 pci_conf[0x0a] = 0x01; // class_sub = PCI_IDE
3128 pci_conf[0x0b] = 0x01; // class_base = PCI_mass_storage
5457c8ce 3129 pci_conf[0x0e] = 0x00; // header_type
3b46e624 3130
5457c8ce
FB		 3131 if (secondary_ide_enabled) {
3132 /* XXX: if not enabled, really disable the seconday IDE controller */
3133 pci_conf[0x51] = 0x80; /* enable IDE1 */
3134 }
69b91039 3135
5fafdf24 3136 pci_register_io_region((PCIDevice *)d, 0, 0x8,
69b91039 3137 PCI_ADDRESS_SPACE_IO, ide_map);
5fafdf24 3138 pci_register_io_region((PCIDevice *)d, 1, 0x4,
69b91039 3139 PCI_ADDRESS_SPACE_IO, ide_map);
5fafdf24 3140 pci_register_io_region((PCIDevice *)d, 2, 0x8,
69b91039 3141 PCI_ADDRESS_SPACE_IO, ide_map);
5fafdf24 3142 pci_register_io_region((PCIDevice *)d, 3, 0x4,
69b91039 3143 PCI_ADDRESS_SPACE_IO, ide_map);
5fafdf24 3144 pci_register_io_region((PCIDevice *)d, 4, 0x10,
98087450 3145 PCI_ADDRESS_SPACE_IO, bmdma_map);
69b91039 3146
34e538ae 3147 pci_conf[0x3d] = 0x01; // interrupt on pin 1
3b46e624 3148
34e538ae
FB		 3149 for(i = 0; i < 4; i++)
3150 d->ide_if[i].pci_dev = (PCIDevice *)d;
d537cf6c
PB		 3151
3152 irq = qemu_allocate_irqs(cmd646_set_irq, d, 2);
3153 ide_init2(&d->ide_if[0], hd_table[0], hd_table[1], irq[0]);
3154 ide_init2(&d->ide_if[2], hd_table[2], hd_table[3], irq[1]);
34e538ae
FB		 3155}
3156
c3d78997
FB		 3157static void pci_ide_save(QEMUFile* f, void *opaque)
3158{
3159 PCIIDEState *d = opaque;
3160 int i;
3161
3162 pci_device_save(&d->dev, f);
3163
3164 for(i = 0; i < 2; i++) {
3165 BMDMAState *bm = &d->bmdma[i];
3166 qemu_put_8s(f, &bm->cmd);
3167 qemu_put_8s(f, &bm->status);
3168 qemu_put_be32s(f, &bm->addr);
3169 /* XXX: if a transfer is pending, we do not save it yet */
3170 }
3171
3172 /* per IDE interface data */
3173 for(i = 0; i < 2; i++) {
3174 IDEState *s = &d->ide_if[i * 2];
3175 uint8_t drive1_selected;
3176 qemu_put_8s(f, &s->cmd);
3177 drive1_selected = (s->cur_drive != s);
3178 qemu_put_8s(f, &drive1_selected);
3179 }
3180
3181 /* per IDE drive data */
3182 for(i = 0; i < 4; i++) {
aa941b94 3183 ide_save(f, &d->ide_if[i]);
c3d78997
FB		 3184 }
3185}
3186
3187static int pci_ide_load(QEMUFile* f, void *opaque, int version_id)
3188{
3189 PCIIDEState *d = opaque;
3190 int ret, i;
3191
3192 if (version_id != 1)
3193 return -EINVAL;
3194 ret = pci_device_load(&d->dev, f);
3195 if (ret < 0)
3196 return ret;
3197
3198 for(i = 0; i < 2; i++) {
3199 BMDMAState *bm = &d->bmdma[i];
3200 qemu_get_8s(f, &bm->cmd);
3201 qemu_get_8s(f, &bm->status);
3202 qemu_get_be32s(f, &bm->addr);
3203 /* XXX: if a transfer is pending, we do not save it yet */
3204 }
3205
3206 /* per IDE interface data */
3207 for(i = 0; i < 2; i++) {
3208 IDEState *s = &d->ide_if[i * 2];
3209 uint8_t drive1_selected;
3210 qemu_get_8s(f, &s->cmd);
3211 qemu_get_8s(f, &drive1_selected);
3212 s->cur_drive = &d->ide_if[i * 2 + (drive1_selected != 0)];
3213 }
3214
3215 /* per IDE drive data */
3216 for(i = 0; i < 4; i++) {
aa941b94 3217 ide_load(f, &d->ide_if[i]);
c3d78997
FB		 3218 }
3219 return 0;
3220}
3221
72c7b06c 3222static void piix3_reset(void *opaque)
e6a71ae3 3223{
72c7b06c 3224 PCIIDEState *d = opaque;
e6a71ae3 3225 uint8_t *pci_conf = d->dev.config;
72c7b06c
AL		 3226 int i;
3227
3228 for (i = 0; i < 2; i++)
3229 ide_dma_cancel(&d->bmdma[i]);
e6a71ae3
TS		 3230
3231 pci_conf[0x04] = 0x00;
3232 pci_conf[0x05] = 0x00;
3233 pci_conf[0x06] = 0x80; /* FBC */
3234 pci_conf[0x07] = 0x02; // PCI_status_devsel_medium
3235 pci_conf[0x20] = 0x01; /* BMIBA: 20-23h */
3236}
3237
34e538ae
FB		 3238/* hd_table must contain 4 block drivers */
3239/* NOTE: for the PIIX3, the IRQs and IOports are hardcoded */
d537cf6c
PB		 3240void pci_piix3_ide_init(PCIBus *bus, BlockDriverState **hd_table, int devfn,
3241 qemu_irq *pic)
34e538ae
FB		 3242{
3243 PCIIDEState *d;
3244 uint8_t *pci_conf;
3b46e624 3245
34e538ae 3246 /* register a function 1 of PIIX3 */
5fafdf24 3247 d = (PCIIDEState *)pci_register_device(bus, "PIIX3 IDE",
46e50e9d 3248 sizeof(PCIIDEState),
502a5395 3249 devfn,
34e538ae 3250 NULL, NULL);
5457c8ce
FB		 3251 d->type = IDE_TYPE_PIIX3;
3252
34e538ae
FB		 3253 pci_conf = d->dev.config;
3254 pci_conf[0x00] = 0x86; // Intel
3255 pci_conf[0x01] = 0x80;
3256 pci_conf[0x02] = 0x10;
3257 pci_conf[0x03] = 0x70;
92510b8c 3258 pci_conf[0x09] = 0x80; // legacy ATA mode
34e538ae
FB		 3259 pci_conf[0x0a] = 0x01; // class_sub = PCI_IDE
3260 pci_conf[0x0b] = 0x01; // class_base = PCI_mass_storage
3261 pci_conf[0x0e] = 0x00; // header_type
3262
72c7b06c 3263 qemu_register_reset(piix3_reset, d);
e6a71ae3
TS		 3264 piix3_reset(d);
3265
5fafdf24 3266 pci_register_io_region((PCIDevice *)d, 4, 0x10,
98087450 3267 PCI_ADDRESS_SPACE_IO, bmdma_map);
34e538ae 3268
d537cf6c
PB		 3269 ide_init2(&d->ide_if[0], hd_table[0], hd_table[1], pic[14]);
3270 ide_init2(&d->ide_if[2], hd_table[2], hd_table[3], pic[15]);
34e538ae
FB		 3271 ide_init_ioport(&d->ide_if[0], 0x1f0, 0x3f6);
3272 ide_init_ioport(&d->ide_if[2], 0x170, 0x376);
c3d78997
FB		 3273
3274 register_savevm("ide", 0, 1, pci_ide_save, pci_ide_load, d);
69b91039 3275}
1ade1de2 3276
afcc3cdf
TS		 3277/* hd_table must contain 4 block drivers */
3278/* NOTE: for the PIIX4, the IRQs and IOports are hardcoded */
3279void pci_piix4_ide_init(PCIBus *bus, BlockDriverState **hd_table, int devfn,
3280 qemu_irq *pic)
3281{
3282 PCIIDEState *d;
3283 uint8_t *pci_conf;
3284
3285 /* register a function 1 of PIIX4 */
3286 d = (PCIIDEState *)pci_register_device(bus, "PIIX4 IDE",
3287 sizeof(PCIIDEState),
3288 devfn,
3289 NULL, NULL);
3290 d->type = IDE_TYPE_PIIX4;
3291
3292 pci_conf = d->dev.config;
3293 pci_conf[0x00] = 0x86; // Intel
3294 pci_conf[0x01] = 0x80;
3295 pci_conf[0x02] = 0x11;
3296 pci_conf[0x03] = 0x71;
3297 pci_conf[0x09] = 0x80; // legacy ATA mode
3298 pci_conf[0x0a] = 0x01; // class_sub = PCI_IDE
3299 pci_conf[0x0b] = 0x01; // class_base = PCI_mass_storage
3300 pci_conf[0x0e] = 0x00; // header_type
3301
72c7b06c 3302 qemu_register_reset(piix3_reset, d);
afcc3cdf
TS		 3303 piix3_reset(d);
3304
3305 pci_register_io_region((PCIDevice *)d, 4, 0x10,
3306 PCI_ADDRESS_SPACE_IO, bmdma_map);
3307
3308 ide_init2(&d->ide_if[0], hd_table[0], hd_table[1], pic[14]);
3309 ide_init2(&d->ide_if[2], hd_table[2], hd_table[3], pic[15]);
3310 ide_init_ioport(&d->ide_if[0], 0x1f0, 0x3f6);
3311 ide_init_ioport(&d->ide_if[2], 0x170, 0x376);
3312
3313 register_savevm("ide", 0, 1, pci_ide_save, pci_ide_load, d);
3314}
3315
1ade1de2
FB		 3316/***********************************************************/
3317/* MacIO based PowerPC IDE */
3318
3319/* PowerMac IDE memory IO */
3320static void pmac_ide_writeb (void *opaque,
3321 target_phys_addr_t addr, uint32_t val)
3322{
5fafdf24 3323 addr = (addr & 0xFFF) >> 4;
1ade1de2
FB		 3324 switch (addr) {
3325 case 1 ... 7:
3326 ide_ioport_write(opaque, addr, val);
3327 break;
3328 case 8:
3329 case 22:
3330 ide_cmd_write(opaque, 0, val);
3331 break;
3332 default:
3333 break;
3334 }
3335}
3336
3337static uint32_t pmac_ide_readb (void *opaque,target_phys_addr_t addr)
3338{
3339 uint8_t retval;
3340
3341 addr = (addr & 0xFFF) >> 4;
3342 switch (addr) {
3343 case 1 ... 7:
3344 retval = ide_ioport_read(opaque, addr);
3345 break;
3346 case 8:
3347 case 22:
3348 retval = ide_status_read(opaque, 0);
3349 break;
3350 default:
3351 retval = 0xFF;
3352 break;
3353 }
3354 return retval;
3355}
3356
3357static void pmac_ide_writew (void *opaque,
3358 target_phys_addr_t addr, uint32_t val)
3359{
5fafdf24 3360 addr = (addr & 0xFFF) >> 4;
1ade1de2
FB		 3361#ifdef TARGET_WORDS_BIGENDIAN
3362 val = bswap16(val);
3363#endif
3364 if (addr == 0) {
3365 ide_data_writew(opaque, 0, val);
3366 }
3367}
3368
3369static uint32_t pmac_ide_readw (void *opaque,target_phys_addr_t addr)
3370{
3371 uint16_t retval;
3372
5fafdf24 3373 addr = (addr & 0xFFF) >> 4;
1ade1de2
FB		 3374 if (addr == 0) {
3375 retval = ide_data_readw(opaque, 0);
3376 } else {
3377 retval = 0xFFFF;
3378 }
3379#ifdef TARGET_WORDS_BIGENDIAN
3380 retval = bswap16(retval);
3381#endif
3382 return retval;
3383}
3384
3385static void pmac_ide_writel (void *opaque,
3386 target_phys_addr_t addr, uint32_t val)
3387{
5fafdf24 3388 addr = (addr & 0xFFF) >> 4;
1ade1de2
FB		 3389#ifdef TARGET_WORDS_BIGENDIAN
3390 val = bswap32(val);
3391#endif
3392 if (addr == 0) {
3393 ide_data_writel(opaque, 0, val);
3394 }
3395}
3396
3397static uint32_t pmac_ide_readl (void *opaque,target_phys_addr_t addr)
3398{
3399 uint32_t retval;
3400
5fafdf24 3401 addr = (addr & 0xFFF) >> 4;
1ade1de2
FB		 3402 if (addr == 0) {
3403 retval = ide_data_readl(opaque, 0);
3404 } else {
3405 retval = 0xFFFFFFFF;
3406 }
3407#ifdef TARGET_WORDS_BIGENDIAN
3408 retval = bswap32(retval);
3409#endif
3410 return retval;
3411}
3412
3413static CPUWriteMemoryFunc *pmac_ide_write[] = {
3414 pmac_ide_writeb,
3415 pmac_ide_writew,
3416 pmac_ide_writel,
3417};
3418
3419static CPUReadMemoryFunc *pmac_ide_read[] = {
3420 pmac_ide_readb,
3421 pmac_ide_readw,
3422 pmac_ide_readl,
3423};
3424
3425/* hd_table must contain 4 block drivers */
3426/* PowerMac uses memory mapped registers, not I/O. Return the memory
3427 I/O index to access the ide. */
d537cf6c 3428int pmac_ide_init (BlockDriverState **hd_table, qemu_irq irq)
1ade1de2
FB		 3429{
3430 IDEState *ide_if;
3431 int pmac_ide_memory;
3432
3433 ide_if = qemu_mallocz(sizeof(IDEState) * 2);
d537cf6c 3434 ide_init2(&ide_if[0], hd_table[0], hd_table[1], irq);
3b46e624 3435
1ade1de2
FB		 3436 pmac_ide_memory = cpu_register_io_memory(0, pmac_ide_read,
3437 pmac_ide_write, &ide_if[0]);
3438 return pmac_ide_memory;
3439}
201a51fc
AZ		 3440
3441/***********************************************************/
3442/* CF-ATA Microdrive */
3443
3444#define METADATA_SIZE 0x20
3445
3446/* DSCM-1XXXX Microdrive hard disk with CF+ II / PCMCIA interface. */
3447struct md_s {
3448 IDEState ide[2];
3449 struct pcmcia_card_s card;
3450 uint32_t attr_base;
3451 uint32_t io_base;
3452
3453 /* Card state */
3454 uint8_t opt;
3455 uint8_t stat;
3456 uint8_t pins;
3457
3458 uint8_t ctrl;
3459 uint16_t io;
3460 int cycle;
3461};
3462
3463/* Register bitfields */
3464enum md_opt {
3465 OPT_MODE_MMAP = 0,
3466 OPT_MODE_IOMAP16 = 1,
3467 OPT_MODE_IOMAP1 = 2,
3468 OPT_MODE_IOMAP2 = 3,
3469 OPT_MODE = 0x3f,
3470 OPT_LEVIREQ = 0x40,
3471 OPT_SRESET = 0x80,
3472};
3473enum md_cstat {
3474 STAT_INT = 0x02,
3475 STAT_PWRDWN = 0x04,
3476 STAT_XE = 0x10,
3477 STAT_IOIS8 = 0x20,
3478 STAT_SIGCHG = 0x40,
3479 STAT_CHANGED = 0x80,
3480};
3481enum md_pins {
3482 PINS_MRDY = 0x02,
3483 PINS_CRDY = 0x20,
3484};
3485enum md_ctrl {
3486 CTRL_IEN = 0x02,
3487 CTRL_SRST = 0x04,
3488};
3489
3490static inline void md_interrupt_update(struct md_s *s)
3491{
3492 if (!s->card.slot)
3493 return;
3494
3495 qemu_set_irq(s->card.slot->irq,
3496 !(s->stat & STAT_INT) && /* Inverted */
3497 !(s->ctrl & (CTRL_IEN | CTRL_SRST)) &&
3498 !(s->opt & OPT_SRESET));
3499}
3500
3501static void md_set_irq(void *opaque, int irq, int level)
3502{
3503 struct md_s *s = (struct md_s *) opaque;
3504 if (level)
3505 s->stat |= STAT_INT;
3506 else
3507 s->stat &= ~STAT_INT;
3508
3509 md_interrupt_update(s);
3510}
3511
3512static void md_reset(struct md_s *s)
3513{
3514 s->opt = OPT_MODE_MMAP;
3515 s->stat = 0;
3516 s->pins = 0;
3517 s->cycle = 0;
3518 s->ctrl = 0;
3519 ide_reset(s->ide);
3520}
3521
9e315fa9 3522static uint8_t md_attr_read(void *opaque, uint32_t at)
201a51fc
AZ		 3523{
3524 struct md_s *s = (struct md_s *) opaque;
3525 if (at < s->attr_base) {
3526 if (at < s->card.cis_len)
3527 return s->card.cis[at];
3528 else
3529 return 0x00;
3530 }
3531
3532 at -= s->attr_base;
3533
3534 switch (at) {
3535 case 0x00: /* Configuration Option Register */
3536 return s->opt;
3537 case 0x02: /* Card Configuration Status Register */
3538 if (s->ctrl & CTRL_IEN)
3539 return s->stat & ~STAT_INT;
3540 else
3541 return s->stat;
3542 case 0x04: /* Pin Replacement Register */
3543 return (s->pins & PINS_CRDY) | 0x0c;
3544 case 0x06: /* Socket and Copy Register */
3545 return 0x00;
3546#ifdef VERBOSE
3547 default:
3548 printf("%s: Bad attribute space register %02x\n", __FUNCTION__, at);
3549#endif
3550 }
3551
3552 return 0;
3553}
3554
9e315fa9 3555static void md_attr_write(void *opaque, uint32_t at, uint8_t value)
201a51fc
AZ		 3556{
3557 struct md_s *s = (struct md_s *) opaque;
3558 at -= s->attr_base;
3559
3560 switch (at) {
3561 case 0x00: /* Configuration Option Register */
3562 s->opt = value & 0xcf;
3563 if (value & OPT_SRESET)
3564 md_reset(s);
3565 md_interrupt_update(s);
3566 break;
3567 case 0x02: /* Card Configuration Status Register */
3568 if ((s->stat ^ value) & STAT_PWRDWN)
3569 s->pins |= PINS_CRDY;
3570 s->stat &= 0x82;
3571 s->stat |= value & 0x74;
3572 md_interrupt_update(s);
3573 /* Word 170 in Identify Device must be equal to STAT_XE */
3574 break;
3575 case 0x04: /* Pin Replacement Register */
3576 s->pins &= PINS_CRDY;
3577 s->pins |= value & PINS_MRDY;
3578 break;
3579 case 0x06: /* Socket and Copy Register */
3580 break;
3581 default:
3582 printf("%s: Bad attribute space register %02x\n", __FUNCTION__, at);
3583 }
3584}
3585
9e315fa9 3586static uint16_t md_common_read(void *opaque, uint32_t at)
201a51fc
AZ		 3587{
3588 struct md_s *s = (struct md_s *) opaque;
3589 uint16_t ret;
3590 at -= s->io_base;
3591
3592 switch (s->opt & OPT_MODE) {
3593 case OPT_MODE_MMAP:
3594 if ((at & ~0x3ff) == 0x400)
3595 at = 0;
3596 break;
3597 case OPT_MODE_IOMAP16:
3598 at &= 0xf;
3599 break;
3600 case OPT_MODE_IOMAP1:
3601 if ((at & ~0xf) == 0x3f0)
3602 at -= 0x3e8;
3603 else if ((at & ~0xf) == 0x1f0)
3604 at -= 0x1f0;
3605 break;
3606 case OPT_MODE_IOMAP2:
3607 if ((at & ~0xf) == 0x370)
3608 at -= 0x368;
3609 else if ((at & ~0xf) == 0x170)
3610 at -= 0x170;
3611 }
3612
3613 switch (at) {
3614 case 0x0: /* Even RD Data */
3615 case 0x8:
3616 return ide_data_readw(s->ide, 0);
3617
3618 /* TODO: 8-bit accesses */
3619 if (s->cycle)
3620 ret = s->io >> 8;
3621 else {
3622 s->io = ide_data_readw(s->ide, 0);
3623 ret = s->io & 0xff;
3624 }
3625 s->cycle = !s->cycle;
3626 return ret;
3627 case 0x9: /* Odd RD Data */
3628 return s->io >> 8;
3629 case 0xd: /* Error */
3630 return ide_ioport_read(s->ide, 0x1);
3631 case 0xe: /* Alternate Status */
3632 if (s->ide->cur_drive->bs)
3633 return s->ide->cur_drive->status;
3634 else
3635 return 0;
3636 case 0xf: /* Device Address */
3637 return 0xc2 | ((~s->ide->select << 2) & 0x3c);
3638 default:
3639 return ide_ioport_read(s->ide, at);
3640 }
3641
3642 return 0;
3643}
3644
9e315fa9 3645static void md_common_write(void *opaque, uint32_t at, uint16_t value)
201a51fc
AZ		 3646{
3647 struct md_s *s = (struct md_s *) opaque;
3648 at -= s->io_base;
3649
3650 switch (s->opt & OPT_MODE) {
3651 case OPT_MODE_MMAP:
3652 if ((at & ~0x3ff) == 0x400)
3653 at = 0;
3654 break;
3655 case OPT_MODE_IOMAP16:
3656 at &= 0xf;
3657 break;
3658 case OPT_MODE_IOMAP1:
3659 if ((at & ~0xf) == 0x3f0)
3660 at -= 0x3e8;
3661 else if ((at & ~0xf) == 0x1f0)
3662 at -= 0x1f0;
3663 break;
3664 case OPT_MODE_IOMAP2:
3665 if ((at & ~0xf) == 0x370)
3666 at -= 0x368;
3667 else if ((at & ~0xf) == 0x170)
3668 at -= 0x170;
3669 }
3670
3671 switch (at) {
3672 case 0x0: /* Even WR Data */
3673 case 0x8:
3674 ide_data_writew(s->ide, 0, value);
3675 break;
3676
3677 /* TODO: 8-bit accesses */
3678 if (s->cycle)
3679 ide_data_writew(s->ide, 0, s->io | (value << 8));
3680 else
3681 s->io = value & 0xff;
3682 s->cycle = !s->cycle;
3683 break;
3684 case 0x9:
3685 s->io = value & 0xff;
3686 s->cycle = !s->cycle;
3687 break;
3688 case 0xd: /* Features */
3689 ide_ioport_write(s->ide, 0x1, value);
3690 break;
3691 case 0xe: /* Device Control */
3692 s->ctrl = value;
3693 if (value & CTRL_SRST)
3694 md_reset(s);
3695 md_interrupt_update(s);
3696 break;
3697 default:
3698 if (s->stat & STAT_PWRDWN) {
3699 s->pins |= PINS_CRDY;
3700 s->stat &= ~STAT_PWRDWN;
3701 }
3702 ide_ioport_write(s->ide, at, value);
3703 }
3704}
3705
aa941b94
AZ		 3706static void md_save(QEMUFile *f, void *opaque)
3707{
3708 struct md_s *s = (struct md_s *) opaque;
3709 int i;
3710 uint8_t drive1_selected;
3711
3712 qemu_put_8s(f, &s->opt);
3713 qemu_put_8s(f, &s->stat);
3714 qemu_put_8s(f, &s->pins);
3715
3716 qemu_put_8s(f, &s->ctrl);
3717 qemu_put_be16s(f, &s->io);
3718 qemu_put_byte(f, s->cycle);
3719
3720 drive1_selected = (s->ide->cur_drive != s->ide);
3721 qemu_put_8s(f, &s->ide->cmd);
3722 qemu_put_8s(f, &drive1_selected);
3723
3724 for (i = 0; i < 2; i ++)
3725 ide_save(f, &s->ide[i]);
3726}
3727
3728static int md_load(QEMUFile *f, void *opaque, int version_id)
3729{
3730 struct md_s *s = (struct md_s *) opaque;
3731 int i;
3732 uint8_t drive1_selected;
3733
3734 qemu_get_8s(f, &s->opt);
3735 qemu_get_8s(f, &s->stat);
3736 qemu_get_8s(f, &s->pins);
3737
3738 qemu_get_8s(f, &s->ctrl);
3739 qemu_get_be16s(f, &s->io);
3740 s->cycle = qemu_get_byte(f);
3741
3742 qemu_get_8s(f, &s->ide->cmd);
3743 qemu_get_8s(f, &drive1_selected);
3744 s->ide->cur_drive = &s->ide[(drive1_selected != 0)];
3745
3746 for (i = 0; i < 2; i ++)
3747 ide_load(f, &s->ide[i]);
3748
3749 return 0;
3750}
3751
201a51fc
AZ		 3752static const uint8_t dscm1xxxx_cis[0x14a] = {
3753 [0x000] = CISTPL_DEVICE, /* 5V Device Information */
3754 [0x002] = 0x03, /* Tuple length = 4 bytes */
3755 [0x004] = 0xdb, /* ID: DTYPE_FUNCSPEC, non WP, DSPEED_150NS */
3756 [0x006] = 0x01, /* Size = 2K bytes */
3757 [0x008] = CISTPL_ENDMARK,
3758
3759 [0x00a] = CISTPL_DEVICE_OC, /* Additional Device Information */
3760 [0x00c] = 0x04, /* Tuple length = 4 byest */
3761 [0x00e] = 0x03, /* Conditions: Ext = 0, Vcc 3.3V, MWAIT = 1 */
3762 [0x010] = 0xdb, /* ID: DTYPE_FUNCSPEC, non WP, DSPEED_150NS */
3763 [0x012] = 0x01, /* Size = 2K bytes */
3764 [0x014] = CISTPL_ENDMARK,
3765
3766 [0x016] = CISTPL_JEDEC_C, /* JEDEC ID */
3767 [0x018] = 0x02, /* Tuple length = 2 bytes */
3768 [0x01a] = 0xdf, /* PC Card ATA with no Vpp required */
3769 [0x01c] = 0x01,
3770
3771 [0x01e] = CISTPL_MANFID, /* Manufacture ID */
3772 [0x020] = 0x04, /* Tuple length = 4 bytes */
3773 [0x022] = 0xa4, /* TPLMID_MANF = 00a4 (IBM) */
3774 [0x024] = 0x00,
3775 [0x026] = 0x00, /* PLMID_CARD = 0000 */
3776 [0x028] = 0x00,
3777
3778 [0x02a] = CISTPL_VERS_1, /* Level 1 Version */
3779 [0x02c] = 0x12, /* Tuple length = 23 bytes */
3780 [0x02e] = 0x04, /* Major Version = JEIDA 4.2 / PCMCIA 2.1 */
3781 [0x030] = 0x01, /* Minor Version = 1 */
3782 [0x032] = 'I',
3783 [0x034] = 'B',
3784 [0x036] = 'M',
3785 [0x038] = 0x00,
3786 [0x03a] = 'm',
3787 [0x03c] = 'i',
3788 [0x03e] = 'c',
3789 [0x040] = 'r',
3790 [0x042] = 'o',
3791 [0x044] = 'd',
3792 [0x046] = 'r',
3793 [0x048] = 'i',
3794 [0x04a] = 'v',
3795 [0x04c] = 'e',
3796 [0x04e] = 0x00,
3797 [0x050] = CISTPL_ENDMARK,
3798
3799 [0x052] = CISTPL_FUNCID, /* Function ID */
3800 [0x054] = 0x02, /* Tuple length = 2 bytes */
3801 [0x056] = 0x04, /* TPLFID_FUNCTION = Fixed Disk */
3802 [0x058] = 0x01, /* TPLFID_SYSINIT: POST = 1, ROM = 0 */
3803
3804 [0x05a] = CISTPL_FUNCE, /* Function Extension */
3805 [0x05c] = 0x02, /* Tuple length = 2 bytes */
3806 [0x05e] = 0x01, /* TPLFE_TYPE = Disk Device Interface */
3807 [0x060] = 0x01, /* TPLFE_DATA = PC Card ATA Interface */
3808
3809 [0x062] = CISTPL_FUNCE, /* Function Extension */
3810 [0x064] = 0x03, /* Tuple length = 3 bytes */
3811 [0x066] = 0x02, /* TPLFE_TYPE = Basic PC Card ATA Interface */
3812 [0x068] = 0x08, /* TPLFE_DATA: Rotating, Unique, Single */
3813 [0x06a] = 0x0f, /* TPLFE_DATA: Sleep, Standby, Idle, Auto */
3814
3815 [0x06c] = CISTPL_CONFIG, /* Configuration */
3816 [0x06e] = 0x05, /* Tuple length = 5 bytes */
3817 [0x070] = 0x01, /* TPCC_RASZ = 2 bytes, TPCC_RMSZ = 1 byte */
3818 [0x072] = 0x07, /* TPCC_LAST = 7 */
3819 [0x074] = 0x00, /* TPCC_RADR = 0200 */
3820 [0x076] = 0x02,
3821 [0x078] = 0x0f, /* TPCC_RMSK = 200, 202, 204, 206 */
3822
3823 [0x07a] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
3824 [0x07c] = 0x0b, /* Tuple length = 11 bytes */
3825 [0x07e] = 0xc0, /* TPCE_INDX = Memory Mode, Default, Iface */
3826 [0x080] = 0xc0, /* TPCE_IF = Memory, no BVDs, no WP, READY */
3827 [0x082] = 0xa1, /* TPCE_FS = Vcc only, no I/O, Memory, Misc */
3828 [0x084] = 0x27, /* NomV = 1, MinV = 1, MaxV = 1, Peakl = 1 */
3829 [0x086] = 0x55, /* NomV: 5.0 V */
3830 [0x088] = 0x4d, /* MinV: 4.5 V */
3831 [0x08a] = 0x5d, /* MaxV: 5.5 V */
3832 [0x08c] = 0x4e, /* Peakl: 450 mA */
3833 [0x08e] = 0x08, /* TPCE_MS = 1 window, 1 byte, Host address */
3834 [0x090] = 0x00, /* Window descriptor: Window length = 0 */
3835 [0x092] = 0x20, /* TPCE_MI: support power down mode, RW */
3836
3837 [0x094] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
3838 [0x096] = 0x06, /* Tuple length = 6 bytes */
3839 [0x098] = 0x00, /* TPCE_INDX = Memory Mode, no Default */
3840 [0x09a] = 0x01, /* TPCE_FS = Vcc only, no I/O, no Memory */
3841 [0x09c] = 0x21, /* NomV = 1, MinV = 0, MaxV = 0, Peakl = 1 */
3842 [0x09e] = 0xb5, /* NomV: 3.3 V */
3843 [0x0a0] = 0x1e,
3844 [0x0a2] = 0x3e, /* Peakl: 350 mA */
3845
3846 [0x0a4] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
3847 [0x0a6] = 0x0d, /* Tuple length = 13 bytes */
3848 [0x0a8] = 0xc1, /* TPCE_INDX = I/O and Memory Mode, Default */
3849 [0x0aa] = 0x41, /* TPCE_IF = I/O and Memory, no BVD, no WP */
3850 [0x0ac] = 0x99, /* TPCE_FS = Vcc only, I/O, Interrupt, Misc */
3851 [0x0ae] = 0x27, /* NomV = 1, MinV = 1, MaxV = 1, Peakl = 1 */
3852 [0x0b0] = 0x55, /* NomV: 5.0 V */
3853 [0x0b2] = 0x4d, /* MinV: 4.5 V */
3854 [0x0b4] = 0x5d, /* MaxV: 5.5 V */
3855 [0x0b6] = 0x4e, /* Peakl: 450 mA */
3856 [0x0b8] = 0x64, /* TPCE_IO = 16-byte boundary, 16/8 accesses */
3857 [0x0ba] = 0xf0, /* TPCE_IR = MASK, Level, Pulse, Share */
3858 [0x0bc] = 0xff, /* IRQ0..IRQ7 supported */
3859 [0x0be] = 0xff, /* IRQ8..IRQ15 supported */
3860 [0x0c0] = 0x20, /* TPCE_MI = support power down mode */
3861
3862 [0x0c2] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
3863 [0x0c4] = 0x06, /* Tuple length = 6 bytes */
3864 [0x0c6] = 0x01, /* TPCE_INDX = I/O and Memory Mode */
3865 [0x0c8] = 0x01, /* TPCE_FS = Vcc only, no I/O, no Memory */
3866 [0x0ca] = 0x21, /* NomV = 1, MinV = 0, MaxV = 0, Peakl = 1 */
3867 [0x0cc] = 0xb5, /* NomV: 3.3 V */
3868 [0x0ce] = 0x1e,
3869 [0x0d0] = 0x3e, /* Peakl: 350 mA */
3870
3871 [0x0d2] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
3872 [0x0d4] = 0x12, /* Tuple length = 18 bytes */
3873 [0x0d6] = 0xc2, /* TPCE_INDX = I/O Primary Mode */
3874 [0x0d8] = 0x41, /* TPCE_IF = I/O and Memory, no BVD, no WP */
3875 [0x0da] = 0x99, /* TPCE_FS = Vcc only, I/O, Interrupt, Misc */
3876 [0x0dc] = 0x27, /* NomV = 1, MinV = 1, MaxV = 1, Peakl = 1 */
3877 [0x0de] = 0x55, /* NomV: 5.0 V */
3878 [0x0e0] = 0x4d, /* MinV: 4.5 V */
3879 [0x0e2] = 0x5d, /* MaxV: 5.5 V */
3880 [0x0e4] = 0x4e, /* Peakl: 450 mA */
3881 [0x0e6] = 0xea, /* TPCE_IO = 1K boundary, 16/8 access, Range */
3882 [0x0e8] = 0x61, /* Range: 2 fields, 2 bytes addr, 1 byte len */
3883 [0x0ea] = 0xf0, /* Field 1 address = 0x01f0 */
3884 [0x0ec] = 0x01,
3885 [0x0ee] = 0x07, /* Address block length = 8 */
3886 [0x0f0] = 0xf6, /* Field 2 address = 0x03f6 */
3887 [0x0f2] = 0x03,
3888 [0x0f4] = 0x01, /* Address block length = 2 */
3889 [0x0f6] = 0xee, /* TPCE_IR = IRQ E, Level, Pulse, Share */
3890 [0x0f8] = 0x20, /* TPCE_MI = support power down mode */
3891
3892 [0x0fa] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
3893 [0x0fc] = 0x06, /* Tuple length = 6 bytes */
3894 [0x0fe] = 0x02, /* TPCE_INDX = I/O Primary Mode, no Default */
3895 [0x100] = 0x01, /* TPCE_FS = Vcc only, no I/O, no Memory */
3896 [0x102] = 0x21, /* NomV = 1, MinV = 0, MaxV = 0, Peakl = 1 */
3897 [0x104] = 0xb5, /* NomV: 3.3 V */
3898 [0x106] = 0x1e,
3899 [0x108] = 0x3e, /* Peakl: 350 mA */
3900
3901 [0x10a] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
3902 [0x10c] = 0x12, /* Tuple length = 18 bytes */
3903 [0x10e] = 0xc3, /* TPCE_INDX = I/O Secondary Mode, Default */
3904 [0x110] = 0x41, /* TPCE_IF = I/O and Memory, no BVD, no WP */
3905 [0x112] = 0x99, /* TPCE_FS = Vcc only, I/O, Interrupt, Misc */
3906 [0x114] = 0x27, /* NomV = 1, MinV = 1, MaxV = 1, Peakl = 1 */
3907 [0x116] = 0x55, /* NomV: 5.0 V */
3908 [0x118] = 0x4d, /* MinV: 4.5 V */
3909 [0x11a] = 0x5d, /* MaxV: 5.5 V */
3910 [0x11c] = 0x4e, /* Peakl: 450 mA */
3911 [0x11e] = 0xea, /* TPCE_IO = 1K boundary, 16/8 access, Range */
3912 [0x120] = 0x61, /* Range: 2 fields, 2 byte addr, 1 byte len */
3913 [0x122] = 0x70, /* Field 1 address = 0x0170 */
3914 [0x124] = 0x01,
3915 [0x126] = 0x07, /* Address block length = 8 */
3916 [0x128] = 0x76, /* Field 2 address = 0x0376 */
3917 [0x12a] = 0x03,
3918 [0x12c] = 0x01, /* Address block length = 2 */
3919 [0x12e] = 0xee, /* TPCE_IR = IRQ E, Level, Pulse, Share */
3920 [0x130] = 0x20, /* TPCE_MI = support power down mode */
3921
3922 [0x132] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
3923 [0x134] = 0x06, /* Tuple length = 6 bytes */
3924 [0x136] = 0x03, /* TPCE_INDX = I/O Secondary Mode */
3925 [0x138] = 0x01, /* TPCE_FS = Vcc only, no I/O, no Memory */
3926 [0x13a] = 0x21, /* NomV = 1, MinV = 0, MaxV = 0, Peakl = 1 */
3927 [0x13c] = 0xb5, /* NomV: 3.3 V */
3928 [0x13e] = 0x1e,
3929 [0x140] = 0x3e, /* Peakl: 350 mA */
3930
3931 [0x142] = CISTPL_NO_LINK, /* No Link */
3932 [0x144] = 0x00, /* Tuple length = 0 bytes */
3933
3934 [0x146] = CISTPL_END, /* Tuple End */
3935};
3936
3937static int dscm1xxxx_attach(void *opaque)
3938{
3939 struct md_s *md = (struct md_s *) opaque;
3940 md->card.attr_read = md_attr_read;
3941 md->card.attr_write = md_attr_write;
3942 md->card.common_read = md_common_read;
3943 md->card.common_write = md_common_write;
3944 md->card.io_read = md_common_read;
3945 md->card.io_write = md_common_write;
3946
3947 md->attr_base = md->card.cis[0x74] | (md->card.cis[0x76] << 8);
3948 md->io_base = 0x0;
3949
3950 md_reset(md);
3951 md_interrupt_update(md);
3952
3953 md->card.slot->card_string = "DSCM-1xxxx Hitachi Microdrive";
3954 return 0;
3955}
3956
3957static int dscm1xxxx_detach(void *opaque)
3958{
3959 struct md_s *md = (struct md_s *) opaque;
3960 md_reset(md);
3961 return 0;
3962}
3963
3964struct pcmcia_card_s *dscm1xxxx_init(BlockDriverState *bdrv)
3965{
3966 struct md_s *md = (struct md_s *) qemu_mallocz(sizeof(struct md_s));
3967 md->card.state = md;
3968 md->card.attach = dscm1xxxx_attach;
3969 md->card.detach = dscm1xxxx_detach;
3970 md->card.cis = dscm1xxxx_cis;
3971 md->card.cis_len = sizeof(dscm1xxxx_cis);
3972
3973 ide_init2(md->ide, bdrv, 0, qemu_allocate_irqs(md_set_irq, md, 1)[0]);
3974 md->ide->is_cf = 1;
3975 md->ide->mdata_size = METADATA_SIZE;
3976 md->ide->mdata_storage = (uint8_t *) qemu_mallocz(METADATA_SIZE);
aa941b94 3977
18be5187 3978 register_savevm("microdrive", -1, 0, md_save, md_load, md);
aa941b94 3979
201a51fc
AZ		 3980 return &md->card;
3981}
Qemu copy for testing