]> git.proxmox.com Git - qemu.git/blame - hw/ide.c
projects / qemu.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Daemonize option, by Anthony Liguori.
[qemu.git] / hw / ide.c
CommitLineData
5391d806
FB		 1/*
2 * QEMU IDE disk and CD-ROM Emulator
3 *
4 * Copyright (c) 2003 Fabrice Bellard
5 *
6 * Permission is hereby granted, free of charge, to any person obtaining a copy
7 * of this software and associated documentation files (the "Software"), to deal
8 * in the Software without restriction, including without limitation the rights
9 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
10 * copies of the Software, and to permit persons to whom the Software is
11 * furnished to do so, subject to the following conditions:
12 *
13 * The above copyright notice and this permission notice shall be included in
14 * all copies or substantial portions of the Software.
15 *
16 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
17 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
18 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
19 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
20 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
21 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
22 * THE SOFTWARE.
23 */
5391d806
FB		 24#include "vl.h"
25
5391d806
FB		 26/* debug IDE devices */
27//#define DEBUG_IDE
28//#define DEBUG_IDE_ATAPI
8ccad811
FB		 29//#define DEBUG_AIO
30#define USE_DMA_CDROM
5391d806
FB		 31
32/* Bits of HD_STATUS */
33#define ERR_STAT 0x01
34#define INDEX_STAT 0x02
35#define ECC_STAT 0x04 /* Corrected error */
36#define DRQ_STAT 0x08
37#define SEEK_STAT 0x10
38#define SRV_STAT 0x10
39#define WRERR_STAT 0x20
40#define READY_STAT 0x40
41#define BUSY_STAT 0x80
42
43/* Bits for HD_ERROR */
44#define MARK_ERR 0x01 /* Bad address mark */
45#define TRK0_ERR 0x02 /* couldn't find track 0 */
46#define ABRT_ERR 0x04 /* Command aborted */
47#define MCR_ERR 0x08 /* media change request */
48#define ID_ERR 0x10 /* ID field not found */
49#define MC_ERR 0x20 /* media changed */
50#define ECC_ERR 0x40 /* Uncorrectable ECC error */
51#define BBD_ERR 0x80 /* pre-EIDE meaning: block marked bad */
52#define ICRC_ERR 0x80 /* new meaning: CRC error during transfer */
53
54/* Bits of HD_NSECTOR */
55#define CD 0x01
56#define IO 0x02
57#define REL 0x04
58#define TAG_MASK 0xf8
59
60#define IDE_CMD_RESET 0x04
61#define IDE_CMD_DISABLE_IRQ 0x02
62
63/* ATA/ATAPI Commands pre T13 Spec */
64#define WIN_NOP 0x00
65/*
66 * 0x01->0x02 Reserved
67 */
68#define CFA_REQ_EXT_ERROR_CODE 0x03 /* CFA Request Extended Error Code */
69/*
70 * 0x04->0x07 Reserved
71 */
72#define WIN_SRST 0x08 /* ATAPI soft reset command */
73#define WIN_DEVICE_RESET 0x08
74/*
75 * 0x09->0x0F Reserved
76 */
77#define WIN_RECAL 0x10
78#define WIN_RESTORE WIN_RECAL
79/*
80 * 0x10->0x1F Reserved
81 */
82#define WIN_READ 0x20 /* 28-Bit */
83#define WIN_READ_ONCE 0x21 /* 28-Bit without retries */
84#define WIN_READ_LONG 0x22 /* 28-Bit */
85#define WIN_READ_LONG_ONCE 0x23 /* 28-Bit without retries */
86#define WIN_READ_EXT 0x24 /* 48-Bit */
87#define WIN_READDMA_EXT 0x25 /* 48-Bit */
88#define WIN_READDMA_QUEUED_EXT 0x26 /* 48-Bit */
89#define WIN_READ_NATIVE_MAX_EXT 0x27 /* 48-Bit */
90/*
91 * 0x28
92 */
93#define WIN_MULTREAD_EXT 0x29 /* 48-Bit */
94/*
95 * 0x2A->0x2F Reserved
96 */
97#define WIN_WRITE 0x30 /* 28-Bit */
98#define WIN_WRITE_ONCE 0x31 /* 28-Bit without retries */
99#define WIN_WRITE_LONG 0x32 /* 28-Bit */
100#define WIN_WRITE_LONG_ONCE 0x33 /* 28-Bit without retries */
101#define WIN_WRITE_EXT 0x34 /* 48-Bit */
102#define WIN_WRITEDMA_EXT 0x35 /* 48-Bit */
103#define WIN_WRITEDMA_QUEUED_EXT 0x36 /* 48-Bit */
104#define WIN_SET_MAX_EXT 0x37 /* 48-Bit */
105#define CFA_WRITE_SECT_WO_ERASE 0x38 /* CFA Write Sectors without erase */
106#define WIN_MULTWRITE_EXT 0x39 /* 48-Bit */
107/*
108 * 0x3A->0x3B Reserved
109 */
110#define WIN_WRITE_VERIFY 0x3C /* 28-Bit */
111/*
112 * 0x3D->0x3F Reserved
113 */
114#define WIN_VERIFY 0x40 /* 28-Bit - Read Verify Sectors */
115#define WIN_VERIFY_ONCE 0x41 /* 28-Bit - without retries */
116#define WIN_VERIFY_EXT 0x42 /* 48-Bit */
117/*
118 * 0x43->0x4F Reserved
119 */
120#define WIN_FORMAT 0x50
121/*
122 * 0x51->0x5F Reserved
123 */
124#define WIN_INIT 0x60
125/*
126 * 0x61->0x5F Reserved
127 */
128#define WIN_SEEK 0x70 /* 0x70-0x7F Reserved */
129#define CFA_TRANSLATE_SECTOR 0x87 /* CFA Translate Sector */
130#define WIN_DIAGNOSE 0x90
131#define WIN_SPECIFY 0x91 /* set drive geometry translation */
132#define WIN_DOWNLOAD_MICROCODE 0x92
133#define WIN_STANDBYNOW2 0x94
134#define WIN_STANDBY2 0x96
135#define WIN_SETIDLE2 0x97
136#define WIN_CHECKPOWERMODE2 0x98
137#define WIN_SLEEPNOW2 0x99
138/*
139 * 0x9A VENDOR
140 */
141#define WIN_PACKETCMD 0xA0 /* Send a packet command. */
142#define WIN_PIDENTIFY 0xA1 /* identify ATAPI device */
143#define WIN_QUEUED_SERVICE 0xA2
144#define WIN_SMART 0xB0 /* self-monitoring and reporting */
145#define CFA_ERASE_SECTORS 0xC0
146#define WIN_MULTREAD 0xC4 /* read sectors using multiple mode*/
147#define WIN_MULTWRITE 0xC5 /* write sectors using multiple mode */
148#define WIN_SETMULT 0xC6 /* enable/disable multiple mode */
149#define WIN_READDMA_QUEUED 0xC7 /* read sectors using Queued DMA transfers */
150#define WIN_READDMA 0xC8 /* read sectors using DMA transfers */
151#define WIN_READDMA_ONCE 0xC9 /* 28-Bit - without retries */
152#define WIN_WRITEDMA 0xCA /* write sectors using DMA transfers */
153#define WIN_WRITEDMA_ONCE 0xCB /* 28-Bit - without retries */
154#define WIN_WRITEDMA_QUEUED 0xCC /* write sectors using Queued DMA transfers */
155#define CFA_WRITE_MULTI_WO_ERASE 0xCD /* CFA Write multiple without erase */
156#define WIN_GETMEDIASTATUS 0xDA
157#define WIN_ACKMEDIACHANGE 0xDB /* ATA-1, ATA-2 vendor */
158#define WIN_POSTBOOT 0xDC
159#define WIN_PREBOOT 0xDD
160#define WIN_DOORLOCK 0xDE /* lock door on removable drives */
161#define WIN_DOORUNLOCK 0xDF /* unlock door on removable drives */
162#define WIN_STANDBYNOW1 0xE0
163#define WIN_IDLEIMMEDIATE 0xE1 /* force drive to become "ready" */
164#define WIN_STANDBY 0xE2 /* Set device in Standby Mode */
165#define WIN_SETIDLE1 0xE3
166#define WIN_READ_BUFFER 0xE4 /* force read only 1 sector */
167#define WIN_CHECKPOWERMODE1 0xE5
168#define WIN_SLEEPNOW1 0xE6
169#define WIN_FLUSH_CACHE 0xE7
170#define WIN_WRITE_BUFFER 0xE8 /* force write only 1 sector */
171#define WIN_WRITE_SAME 0xE9 /* read ata-2 to use */
172 /* SET_FEATURES 0x22 or 0xDD */
173#define WIN_FLUSH_CACHE_EXT 0xEA /* 48-Bit */
174#define WIN_IDENTIFY 0xEC /* ask drive to identify itself */
175#define WIN_MEDIAEJECT 0xED
176#define WIN_IDENTIFY_DMA 0xEE /* same as WIN_IDENTIFY, but DMA */
177#define WIN_SETFEATURES 0xEF /* set special drive features */
178#define EXABYTE_ENABLE_NEST 0xF0
179#define WIN_SECURITY_SET_PASS 0xF1
180#define WIN_SECURITY_UNLOCK 0xF2
181#define WIN_SECURITY_ERASE_PREPARE 0xF3
182#define WIN_SECURITY_ERASE_UNIT 0xF4
183#define WIN_SECURITY_FREEZE_LOCK 0xF5
184#define WIN_SECURITY_DISABLE 0xF6
185#define WIN_READ_NATIVE_MAX 0xF8 /* return the native maximum address */
186#define WIN_SET_MAX 0xF9
187#define DISABLE_SEAGATE 0xFB
188
189/* set to 1 set disable mult support */
f66723fa 190#define MAX_MULT_SECTORS 16
5391d806
FB		 191
192/* ATAPI defines */
193
194#define ATAPI_PACKET_SIZE 12
195
196/* The generic packet command opcodes for CD/DVD Logical Units,
197 * From Table 57 of the SFF8090 Ver. 3 (Mt. Fuji) draft standard. */
198#define GPCMD_BLANK 0xa1
199#define GPCMD_CLOSE_TRACK 0x5b
200#define GPCMD_FLUSH_CACHE 0x35
201#define GPCMD_FORMAT_UNIT 0x04
202#define GPCMD_GET_CONFIGURATION 0x46
203#define GPCMD_GET_EVENT_STATUS_NOTIFICATION 0x4a
204#define GPCMD_GET_PERFORMANCE 0xac
205#define GPCMD_INQUIRY 0x12
206#define GPCMD_LOAD_UNLOAD 0xa6
207#define GPCMD_MECHANISM_STATUS 0xbd
208#define GPCMD_MODE_SELECT_10 0x55
209#define GPCMD_MODE_SENSE_10 0x5a
210#define GPCMD_PAUSE_RESUME 0x4b
211#define GPCMD_PLAY_AUDIO_10 0x45
212#define GPCMD_PLAY_AUDIO_MSF 0x47
213#define GPCMD_PLAY_AUDIO_TI 0x48
214#define GPCMD_PLAY_CD 0xbc
215#define GPCMD_PREVENT_ALLOW_MEDIUM_REMOVAL 0x1e
216#define GPCMD_READ_10 0x28
217#define GPCMD_READ_12 0xa8
218#define GPCMD_READ_CDVD_CAPACITY 0x25
219#define GPCMD_READ_CD 0xbe
220#define GPCMD_READ_CD_MSF 0xb9
221#define GPCMD_READ_DISC_INFO 0x51
222#define GPCMD_READ_DVD_STRUCTURE 0xad
223#define GPCMD_READ_FORMAT_CAPACITIES 0x23
224#define GPCMD_READ_HEADER 0x44
225#define GPCMD_READ_TRACK_RZONE_INFO 0x52
226#define GPCMD_READ_SUBCHANNEL 0x42
227#define GPCMD_READ_TOC_PMA_ATIP 0x43
228#define GPCMD_REPAIR_RZONE_TRACK 0x58
229#define GPCMD_REPORT_KEY 0xa4
230#define GPCMD_REQUEST_SENSE 0x03
231#define GPCMD_RESERVE_RZONE_TRACK 0x53
232#define GPCMD_SCAN 0xba
233#define GPCMD_SEEK 0x2b
234#define GPCMD_SEND_DVD_STRUCTURE 0xad
235#define GPCMD_SEND_EVENT 0xa2
236#define GPCMD_SEND_KEY 0xa3
237#define GPCMD_SEND_OPC 0x54
238#define GPCMD_SET_READ_AHEAD 0xa7
239#define GPCMD_SET_STREAMING 0xb6
240#define GPCMD_START_STOP_UNIT 0x1b
241#define GPCMD_STOP_PLAY_SCAN 0x4e
242#define GPCMD_TEST_UNIT_READY 0x00
243#define GPCMD_VERIFY_10 0x2f
244#define GPCMD_WRITE_10 0x2a
245#define GPCMD_WRITE_AND_VERIFY_10 0x2e
246/* This is listed as optional in ATAPI 2.6, but is (curiously)
247 * missing from Mt. Fuji, Table 57. It _is_ mentioned in Mt. Fuji
248 * Table 377 as an MMC command for SCSi devices though... Most ATAPI
249 * drives support it. */
250#define GPCMD_SET_SPEED 0xbb
251/* This seems to be a SCSI specific CD-ROM opcode
252 * to play data at track/index */
253#define GPCMD_PLAYAUDIO_TI 0x48
254/*
255 * From MS Media Status Notification Support Specification. For
256 * older drives only.
257 */
258#define GPCMD_GET_MEDIA_STATUS 0xda
259
260/* Mode page codes for mode sense/set */
261#define GPMODE_R_W_ERROR_PAGE 0x01
262#define GPMODE_WRITE_PARMS_PAGE 0x05
263#define GPMODE_AUDIO_CTL_PAGE 0x0e
264#define GPMODE_POWER_PAGE 0x1a
265#define GPMODE_FAULT_FAIL_PAGE 0x1c
266#define GPMODE_TO_PROTECT_PAGE 0x1d
267#define GPMODE_CAPABILITIES_PAGE 0x2a
268#define GPMODE_ALL_PAGES 0x3f
269/* Not in Mt. Fuji, but in ATAPI 2.6 -- depricated now in favor
270 * of MODE_SENSE_POWER_PAGE */
271#define GPMODE_CDROM_PAGE 0x0d
272
273#define ATAPI_INT_REASON_CD 0x01 /* 0 = data transfer */
274#define ATAPI_INT_REASON_IO 0x02 /* 1 = transfer to the host */
275#define ATAPI_INT_REASON_REL 0x04
276#define ATAPI_INT_REASON_TAG 0xf8
277
278/* same constants as bochs */
7f777bf3 279#define ASC_ILLEGAL_OPCODE 0x20
5391d806
FB		 280#define ASC_LOGICAL_BLOCK_OOR 0x21
281#define ASC_INV_FIELD_IN_CMD_PACKET 0x24
282#define ASC_MEDIUM_NOT_PRESENT 0x3a
283#define ASC_SAVING_PARAMETERS_NOT_SUPPORTED 0x39
284
285#define SENSE_NONE 0
286#define SENSE_NOT_READY 2
287#define SENSE_ILLEGAL_REQUEST 5
288#define SENSE_UNIT_ATTENTION 6
289
290struct IDEState;
291
292typedef void EndTransferFunc(struct IDEState *);
293
caed8802 294/* NOTE: IDEState represents in fact one drive */
5391d806
FB		 295typedef struct IDEState {
296 /* ide config */
297 int is_cdrom;
5391d806
FB		 298 int cylinders, heads, sectors;
299 int64_t nb_sectors;
300 int mult_sectors;
94458802
FB		 301 int identify_set;
302 uint16_t identify_data[256];
5457c8ce
FB		 303 SetIRQFunc *set_irq;
304 void *irq_opaque;
5391d806 305 int irq;
34e538ae 306 PCIDevice *pci_dev;
98087450 307 struct BMDMAState *bmdma;
aedf5382 308 int drive_serial;
5391d806
FB		 309 /* ide regs */
310 uint8_t feature;
311 uint8_t error;
c2ff060f 312 uint32_t nsector;
5391d806
FB		 313 uint8_t sector;
314 uint8_t lcyl;
315 uint8_t hcyl;
c2ff060f
FB		 316 /* other part of tf for lba48 support */
317 uint8_t hob_feature;
318 uint8_t hob_nsector;
319 uint8_t hob_sector;
320 uint8_t hob_lcyl;
321 uint8_t hob_hcyl;
322
5391d806
FB		 323 uint8_t select;
324 uint8_t status;
c2ff060f 325
5391d806
FB		 326 /* 0x3f6 command, only meaningful for drive 0 */
327 uint8_t cmd;
c2ff060f
FB		 328 /* set for lba48 access */
329 uint8_t lba48;
5391d806
FB		 330 /* depends on bit 4 in select, only meaningful for drive 0 */
331 struct IDEState *cur_drive;
332 BlockDriverState *bs;
333 /* ATAPI specific */
334 uint8_t sense_key;
335 uint8_t asc;
336 int packet_transfer_size;
337 int elementary_transfer_size;
338 int io_buffer_index;
339 int lba;
98087450
FB		 340 int cd_sector_size;
341 int atapi_dma; /* true if dma is requested for the packet cmd */
342 /* ATA DMA state */
343 int io_buffer_size;
344 /* PIO transfer handling */
5391d806
FB		 345 int req_nb_sectors; /* number of sectors per interrupt */
346 EndTransferFunc *end_transfer_func;
347 uint8_t *data_ptr;
348 uint8_t *data_end;
349 uint8_t io_buffer[MAX_MULT_SECTORS*512 + 4];
a09db21f 350 QEMUTimer *sector_write_timer; /* only used for win2k instal hack */
e774a278 351 uint32_t irq_count; /* counts IRQs when using win2k install hack */
5391d806
FB		 352} IDEState;
353
98087450
FB		 354#define BM_STATUS_DMAING 0x01
355#define BM_STATUS_ERROR 0x02
356#define BM_STATUS_INT 0x04
357
358#define BM_CMD_START 0x01
359#define BM_CMD_READ 0x08
360
5457c8ce
FB		 361#define IDE_TYPE_PIIX3 0
362#define IDE_TYPE_CMD646 1
363
364/* CMD646 specific */
365#define MRDMODE 0x71
366#define MRDMODE_INTR_CH0 0x04
367#define MRDMODE_INTR_CH1 0x08
368#define MRDMODE_BLK_CH0 0x10
369#define MRDMODE_BLK_CH1 0x20
370#define UDIDETCR0 0x73
371#define UDIDETCR1 0x7B
372
98087450
FB		 373typedef struct BMDMAState {
374 uint8_t cmd;
375 uint8_t status;
376 uint32_t addr;
8ccad811 377
5457c8ce 378 struct PCIIDEState *pci_dev;
98087450 379 /* current transfer state */
8ccad811
FB		 380 uint32_t cur_addr;
381 uint32_t cur_prd_last;
382 uint32_t cur_prd_addr;
383 uint32_t cur_prd_len;
98087450 384 IDEState *ide_if;
8ccad811
FB		 385 BlockDriverCompletionFunc *dma_cb;
386 BlockDriverAIOCB *aiocb;
98087450
FB		 387} BMDMAState;
388
389typedef struct PCIIDEState {
390 PCIDevice dev;
391 IDEState ide_if[4];
392 BMDMAState bmdma[2];
5457c8ce 393 int type; /* see IDE_TYPE_xxx */
98087450
FB		 394} PCIIDEState;
395
8ccad811 396static void ide_dma_start(IDEState *s, BlockDriverCompletionFunc *dma_cb);
98087450 397
5391d806
FB		 398static void padstr(char *str, const char *src, int len)
399{
400 int i, v;
401 for(i = 0; i < len; i++) {
402 if (*src)
403 v = *src++;
404 else
405 v = ' ';
406 *(char *)((long)str ^ 1) = v;
407 str++;
408 }
409}
410
bd0d90b2
FB		 411static void padstr8(uint8_t *buf, int buf_size, const char *src)
412{
413 int i;
414 for(i = 0; i < buf_size; i++) {
415 if (*src)
416 buf[i] = *src++;
417 else
418 buf[i] = ' ';
419 }
420}
421
67b915a5
FB		 422static void put_le16(uint16_t *p, unsigned int v)
423{
0c4ad8dc 424 *p = cpu_to_le16(v);
67b915a5
FB		 425}
426
5391d806
FB		 427static void ide_identify(IDEState *s)
428{
429 uint16_t *p;
430 unsigned int oldsize;
aedf5382 431 char buf[20];
5391d806 432
94458802
FB		 433 if (s->identify_set) {
434 memcpy(s->io_buffer, s->identify_data, sizeof(s->identify_data));
435 return;
436 }
437
5391d806
FB		 438 memset(s->io_buffer, 0, 512);
439 p = (uint16_t *)s->io_buffer;
67b915a5
FB		 440 put_le16(p + 0, 0x0040);
441 put_le16(p + 1, s->cylinders);
442 put_le16(p + 3, s->heads);
443 put_le16(p + 4, 512 * s->sectors); /* XXX: retired, remove ? */
444 put_le16(p + 5, 512); /* XXX: retired, remove ? */
445 put_le16(p + 6, s->sectors);
aedf5382
FB		 446 snprintf(buf, sizeof(buf), "QM%05d", s->drive_serial);
447 padstr((uint8_t *)(p + 10), buf, 20); /* serial number */
67b915a5
FB		 448 put_le16(p + 20, 3); /* XXX: retired, remove ? */
449 put_le16(p + 21, 512); /* cache size in sectors */
450 put_le16(p + 22, 4); /* ecc bytes */
5391d806
FB		 451 padstr((uint8_t *)(p + 23), QEMU_VERSION, 8); /* firmware version */
452 padstr((uint8_t *)(p + 27), "QEMU HARDDISK", 40); /* model */
453#if MAX_MULT_SECTORS > 1
67b915a5 454 put_le16(p + 47, 0x8000 | MAX_MULT_SECTORS);
5391d806 455#endif
67b915a5 456 put_le16(p + 48, 1); /* dword I/O */
94458802 457 put_le16(p + 49, (1 << 11) | (1 << 9) | (1 << 8)); /* DMA and LBA supported */
67b915a5
FB		 458 put_le16(p + 51, 0x200); /* PIO transfer cycle */
459 put_le16(p + 52, 0x200); /* DMA transfer cycle */
94458802 460 put_le16(p + 53, 1 | (1 << 1) | (1 << 2)); /* words 54-58,64-70,88 are valid */
67b915a5
FB		 461 put_le16(p + 54, s->cylinders);
462 put_le16(p + 55, s->heads);
463 put_le16(p + 56, s->sectors);
5391d806 464 oldsize = s->cylinders * s->heads * s->sectors;
67b915a5
FB		 465 put_le16(p + 57, oldsize);
466 put_le16(p + 58, oldsize >> 16);
5391d806 467 if (s->mult_sectors)
67b915a5
FB		 468 put_le16(p + 59, 0x100 | s->mult_sectors);
469 put_le16(p + 60, s->nb_sectors);
470 put_le16(p + 61, s->nb_sectors >> 16);
94458802
FB		 471 put_le16(p + 63, 0x07); /* mdma0-2 supported */
472 put_le16(p + 65, 120);
473 put_le16(p + 66, 120);
474 put_le16(p + 67, 120);
475 put_le16(p + 68, 120);
476 put_le16(p + 80, 0xf0); /* ata3 -> ata6 supported */
477 put_le16(p + 81, 0x16); /* conforms to ata5 */
67b915a5 478 put_le16(p + 82, (1 << 14));
c2ff060f
FB		 479 /* 13=flush_cache_ext,12=flush_cache,10=lba48 */
480 put_le16(p + 83, (1 << 14) | (1 << 13) | (1 <<12) | (1 << 10));
67b915a5
FB		 481 put_le16(p + 84, (1 << 14));
482 put_le16(p + 85, (1 << 14));
c2ff060f
FB		 483 /* 13=flush_cache_ext,12=flush_cache,10=lba48 */
484 put_le16(p + 86, (1 << 14) | (1 << 13) | (1 <<12) | (1 << 10));
67b915a5 485 put_le16(p + 87, (1 << 14));
94458802
FB		 486 put_le16(p + 88, 0x3f | (1 << 13)); /* udma5 set and supported */
487 put_le16(p + 93, 1 | (1 << 14) | 0x2000);
c2ff060f
FB		 488 put_le16(p + 100, s->nb_sectors);
489 put_le16(p + 101, s->nb_sectors >> 16);
490 put_le16(p + 102, s->nb_sectors >> 32);
491 put_le16(p + 103, s->nb_sectors >> 48);
94458802
FB		 492
493 memcpy(s->identify_data, p, sizeof(s->identify_data));
494 s->identify_set = 1;
5391d806
FB		 495}
496
497static void ide_atapi_identify(IDEState *s)
498{
499 uint16_t *p;
aedf5382 500 char buf[20];
5391d806 501
94458802
FB		 502 if (s->identify_set) {
503 memcpy(s->io_buffer, s->identify_data, sizeof(s->identify_data));
504 return;
505 }
506
5391d806
FB		 507 memset(s->io_buffer, 0, 512);
508 p = (uint16_t *)s->io_buffer;
509 /* Removable CDROM, 50us response, 12 byte packets */
67b915a5 510 put_le16(p + 0, (2 << 14) | (5 << 8) | (1 << 7) | (2 << 5) | (0 << 0));
aedf5382
FB		 511 snprintf(buf, sizeof(buf), "QM%05d", s->drive_serial);
512 padstr((uint8_t *)(p + 10), buf, 20); /* serial number */
67b915a5
FB		 513 put_le16(p + 20, 3); /* buffer type */
514 put_le16(p + 21, 512); /* cache size in sectors */
515 put_le16(p + 22, 4); /* ecc bytes */
5391d806
FB		 516 padstr((uint8_t *)(p + 23), QEMU_VERSION, 8); /* firmware version */
517 padstr((uint8_t *)(p + 27), "QEMU CD-ROM", 40); /* model */
67b915a5 518 put_le16(p + 48, 1); /* dword I/O (XXX: should not be set on CDROM) */
8ccad811
FB		 519#ifdef USE_DMA_CDROM
520 put_le16(p + 49, 1 << 9 | 1 << 8); /* DMA and LBA supported */
521 put_le16(p + 53, 7); /* words 64-70, 54-58, 88 valid */
522 put_le16(p + 63, 7); /* mdma0-2 supported */
523 put_le16(p + 64, 0x3f); /* PIO modes supported */
524#else
67b915a5
FB		 525 put_le16(p + 49, 1 << 9); /* LBA supported, no DMA */
526 put_le16(p + 53, 3); /* words 64-70, 54-58 valid */
527 put_le16(p + 63, 0x103); /* DMA modes XXX: may be incorrect */
528 put_le16(p + 64, 1); /* PIO modes */
8ccad811 529#endif
67b915a5
FB		 530 put_le16(p + 65, 0xb4); /* minimum DMA multiword tx cycle time */
531 put_le16(p + 66, 0xb4); /* recommended DMA multiword tx cycle time */
532 put_le16(p + 67, 0x12c); /* minimum PIO cycle time without flow control */
533 put_le16(p + 68, 0xb4); /* minimum PIO cycle time with IORDY flow control */
94458802 534
67b915a5
FB		 535 put_le16(p + 71, 30); /* in ns */
536 put_le16(p + 72, 30); /* in ns */
5391d806 537
67b915a5 538 put_le16(p + 80, 0x1e); /* support up to ATA/ATAPI-4 */
8ccad811
FB		 539#ifdef USE_DMA_CDROM
540 put_le16(p + 88, 0x3f | (1 << 13)); /* udma5 set and supported */
541#endif
94458802
FB		 542 memcpy(s->identify_data, p, sizeof(s->identify_data));
543 s->identify_set = 1;
5391d806
FB		 544}
545
546static void ide_set_signature(IDEState *s)
547{
548 s->select &= 0xf0; /* clear head */
549 /* put signature */
550 s->nsector = 1;
551 s->sector = 1;
552 if (s->is_cdrom) {
553 s->lcyl = 0x14;
554 s->hcyl = 0xeb;
555 } else if (s->bs) {
556 s->lcyl = 0;
557 s->hcyl = 0;
558 } else {
559 s->lcyl = 0xff;
560 s->hcyl = 0xff;
561 }
562}
563
564static inline void ide_abort_command(IDEState *s)
565{
566 s->status = READY_STAT | ERR_STAT;
567 s->error = ABRT_ERR;
568}
569
570static inline void ide_set_irq(IDEState *s)
571{
98ff7d30 572 BMDMAState *bm = s->bmdma;
5391d806 573 if (!(s->cmd & IDE_CMD_DISABLE_IRQ)) {
5457c8ce 574 if (bm) {
98ff7d30 575 bm->status |= BM_STATUS_INT;
5457c8ce
FB		 576 }
577 s->set_irq(s->irq_opaque, s->irq, 1);
5391d806
FB		 578 }
579}
580
581/* prepare data transfer and tell what to do after */
582static void ide_transfer_start(IDEState *s, uint8_t *buf, int size,
583 EndTransferFunc *end_transfer_func)
584{
585 s->end_transfer_func = end_transfer_func;
586 s->data_ptr = buf;
587 s->data_end = buf + size;
588 s->status |= DRQ_STAT;
589}
590
591static void ide_transfer_stop(IDEState *s)
592{
593 s->end_transfer_func = ide_transfer_stop;
594 s->data_ptr = s->io_buffer;
595 s->data_end = s->io_buffer;
596 s->status &= ~DRQ_STAT;
597}
598
599static int64_t ide_get_sector(IDEState *s)
600{
601 int64_t sector_num;
602 if (s->select & 0x40) {
603 /* lba */
c2ff060f
FB		 604 if (!s->lba48) {
605 sector_num = ((s->select & 0x0f) << 24) | (s->hcyl << 16) |
606 (s->lcyl << 8) | s->sector;
607 } else {
608 sector_num = ((int64_t)s->hob_hcyl << 40) |
609 ((int64_t) s->hob_lcyl << 32) |
610 ((int64_t) s->hob_sector << 24) |
611 ((int64_t) s->hcyl << 16) |
612 ((int64_t) s->lcyl << 8) | s->sector;
613 }
5391d806
FB		 614 } else {
615 sector_num = ((s->hcyl << 8) | s->lcyl) * s->heads * s->sectors +
c2ff060f 616 (s->select & 0x0f) * s->sectors + (s->sector - 1);
5391d806
FB		 617 }
618 return sector_num;
619}
620
621static void ide_set_sector(IDEState *s, int64_t sector_num)
622{
623 unsigned int cyl, r;
624 if (s->select & 0x40) {
c2ff060f
FB		 625 if (!s->lba48) {
626 s->select = (s->select & 0xf0) | (sector_num >> 24);
627 s->hcyl = (sector_num >> 16);
628 s->lcyl = (sector_num >> 8);
629 s->sector = (sector_num);
630 } else {
631 s->sector = sector_num;
632 s->lcyl = sector_num >> 8;
633 s->hcyl = sector_num >> 16;
634 s->hob_sector = sector_num >> 24;
635 s->hob_lcyl = sector_num >> 32;
636 s->hob_hcyl = sector_num >> 40;
637 }
5391d806
FB		 638 } else {
639 cyl = sector_num / (s->heads * s->sectors);
640 r = sector_num % (s->heads * s->sectors);
641 s->hcyl = cyl >> 8;
642 s->lcyl = cyl;
1b8eb456 643 s->select = (s->select & 0xf0) | ((r / s->sectors) & 0x0f);
5391d806
FB		 644 s->sector = (r % s->sectors) + 1;
645 }
646}
647
648static void ide_sector_read(IDEState *s)
649{
650 int64_t sector_num;
651 int ret, n;
652
653 s->status = READY_STAT | SEEK_STAT;
a136e5a8 654 s->error = 0; /* not needed by IDE spec, but needed by Windows */
5391d806
FB		 655 sector_num = ide_get_sector(s);
656 n = s->nsector;
657 if (n == 0) {
658 /* no more sector to read from disk */
659 ide_transfer_stop(s);
660 } else {
661#if defined(DEBUG_IDE)
662 printf("read sector=%Ld\n", sector_num);
663#endif
664 if (n > s->req_nb_sectors)
665 n = s->req_nb_sectors;
666 ret = bdrv_read(s->bs, sector_num, s->io_buffer, n);
667 ide_transfer_start(s, s->io_buffer, 512 * n, ide_sector_read);
668 ide_set_irq(s);
669 ide_set_sector(s, sector_num + n);
670 s->nsector -= n;
671 }
672}
673
8ccad811
FB		 674/* return 0 if buffer completed */
675static int dma_buf_rw(BMDMAState *bm, int is_write)
98087450 676{
8ccad811
FB		 677 IDEState *s = bm->ide_if;
678 struct {
679 uint32_t addr;
680 uint32_t size;
681 } prd;
682 int l, len;
98087450 683
8ccad811
FB		 684 for(;;) {
685 l = s->io_buffer_size - s->io_buffer_index;
686 if (l <= 0)
687 break;
688 if (bm->cur_prd_len == 0) {
689 /* end of table (with a fail safe of one page) */
690 if (bm->cur_prd_last ||
691 (bm->cur_addr - bm->addr) >= 4096)
692 return 0;
693 cpu_physical_memory_read(bm->cur_addr, (uint8_t *)&prd, 8);
694 bm->cur_addr += 8;
695 prd.addr = le32_to_cpu(prd.addr);
696 prd.size = le32_to_cpu(prd.size);
697 len = prd.size & 0xfffe;
698 if (len == 0)
699 len = 0x10000;
700 bm->cur_prd_len = len;
701 bm->cur_prd_addr = prd.addr;
702 bm->cur_prd_last = (prd.size & 0x80000000);
703 }
704 if (l > bm->cur_prd_len)
705 l = bm->cur_prd_len;
706 if (l > 0) {
707 if (is_write) {
708 cpu_physical_memory_write(bm->cur_prd_addr,
709 s->io_buffer + s->io_buffer_index, l);
710 } else {
711 cpu_physical_memory_read(bm->cur_prd_addr,
712 s->io_buffer + s->io_buffer_index, l);
713 }
714 bm->cur_prd_addr += l;
715 bm->cur_prd_len -= l;
716 s->io_buffer_index += l;
98087450 717 }
98087450 718 }
8ccad811
FB		 719 return 1;
720}
721
722/* XXX: handle errors */
723static void ide_read_dma_cb(void *opaque, int ret)
724{
725 BMDMAState *bm = opaque;
726 IDEState *s = bm->ide_if;
727 int n;
728 int64_t sector_num;
729
730 n = s->io_buffer_size >> 9;
731 sector_num = ide_get_sector(s);
732 if (n > 0) {
733 sector_num += n;
734 ide_set_sector(s, sector_num);
735 s->nsector -= n;
736 if (dma_buf_rw(bm, 1) == 0)
737 goto eot;
738 }
739
740 /* end of transfer ? */
741 if (s->nsector == 0) {
98087450
FB		 742 s->status = READY_STAT | SEEK_STAT;
743 ide_set_irq(s);
8ccad811
FB		 744 eot:
745 bm->status &= ~BM_STATUS_DMAING;
746 bm->status |= BM_STATUS_INT;
747 bm->dma_cb = NULL;
748 bm->ide_if = NULL;
749 bm->aiocb = NULL;
750 return;
98087450 751 }
8ccad811
FB		 752
753 /* launch next transfer */
754 n = s->nsector;
755 if (n > MAX_MULT_SECTORS)
756 n = MAX_MULT_SECTORS;
757 s->io_buffer_index = 0;
758 s->io_buffer_size = n * 512;
759#ifdef DEBUG_AIO
760 printf("aio_read: sector_num=%lld n=%d\n", sector_num, n);
761#endif
762 bm->aiocb = bdrv_aio_read(s->bs, sector_num, s->io_buffer, n,
763 ide_read_dma_cb, bm);
98087450
FB		 764}
765
766static void ide_sector_read_dma(IDEState *s)
767{
8ccad811 768 s->status = READY_STAT | SEEK_STAT | DRQ_STAT | BUSY_STAT;
98087450
FB		 769 s->io_buffer_index = 0;
770 s->io_buffer_size = 0;
771 ide_dma_start(s, ide_read_dma_cb);
772}
773
a09db21f
FB		 774static void ide_sector_write_timer_cb(void *opaque)
775{
776 IDEState *s = opaque;
777 ide_set_irq(s);
778}
779
5391d806
FB		 780static void ide_sector_write(IDEState *s)
781{
782 int64_t sector_num;
783 int ret, n, n1;
784
785 s->status = READY_STAT | SEEK_STAT;
786 sector_num = ide_get_sector(s);
787#if defined(DEBUG_IDE)
788 printf("write sector=%Ld\n", sector_num);
789#endif
790 n = s->nsector;
791 if (n > s->req_nb_sectors)
792 n = s->req_nb_sectors;
793 ret = bdrv_write(s->bs, sector_num, s->io_buffer, n);
794 s->nsector -= n;
795 if (s->nsector == 0) {
796 /* no more sector to write */
797 ide_transfer_stop(s);
798 } else {
799 n1 = s->nsector;
800 if (n1 > s->req_nb_sectors)
801 n1 = s->req_nb_sectors;
802 ide_transfer_start(s, s->io_buffer, 512 * n1, ide_sector_write);
803 }
804 ide_set_sector(s, sector_num + n);
a09db21f
FB		 805
806#ifdef TARGET_I386
e774a278 807 if (win2k_install_hack && ((++s->irq_count % 16) == 0)) {
a09db21f
FB		 808 /* It seems there is a bug in the Windows 2000 installer HDD
809 IDE driver which fills the disk with empty logs when the
810 IDE write IRQ comes too early. This hack tries to correct
811 that at the expense of slower write performances. Use this
812 option _only_ to install Windows 2000. You must disable it
813 for normal use. */
814 qemu_mod_timer(s->sector_write_timer,
815 qemu_get_clock(vm_clock) + (ticks_per_sec / 1000));
816 } else
817#endif
818 {
819 ide_set_irq(s);
820 }
5391d806
FB		 821}
822
8ccad811
FB		 823/* XXX: handle errors */
824static void ide_write_dma_cb(void *opaque, int ret)
98087450 825{
8ccad811
FB		 826 BMDMAState *bm = opaque;
827 IDEState *s = bm->ide_if;
828 int n;
98087450
FB		 829 int64_t sector_num;
830
8ccad811
FB		 831 n = s->io_buffer_size >> 9;
832 sector_num = ide_get_sector(s);
833 if (n > 0) {
834 sector_num += n;
835 ide_set_sector(s, sector_num);
836 s->nsector -= n;
98087450 837 }
98087450 838
8ccad811
FB		 839 /* end of transfer ? */
840 if (s->nsector == 0) {
841 s->status = READY_STAT | SEEK_STAT;
842 ide_set_irq(s);
843 eot:
844 bm->status &= ~BM_STATUS_DMAING;
845 bm->status |= BM_STATUS_INT;
846 bm->dma_cb = NULL;
847 bm->ide_if = NULL;
848 bm->aiocb = NULL;
849 return;
850 }
851
852 /* launch next transfer */
98087450
FB		 853 n = s->nsector;
854 if (n > MAX_MULT_SECTORS)
855 n = MAX_MULT_SECTORS;
856 s->io_buffer_index = 0;
857 s->io_buffer_size = n * 512;
8ccad811
FB		 858
859 if (dma_buf_rw(bm, 0) == 0)
860 goto eot;
861#ifdef DEBUG_AIO
862 printf("aio_write: sector_num=%lld n=%d\n", sector_num, n);
863#endif
864 bm->aiocb = bdrv_aio_write(s->bs, sector_num, s->io_buffer, n,
865 ide_write_dma_cb, bm);
866}
867
868static void ide_sector_write_dma(IDEState *s)
869{
870 s->status = READY_STAT | SEEK_STAT | DRQ_STAT | BUSY_STAT;
871 s->io_buffer_index = 0;
872 s->io_buffer_size = 0;
98087450
FB		 873 ide_dma_start(s, ide_write_dma_cb);
874}
875
5391d806
FB		 876static void ide_atapi_cmd_ok(IDEState *s)
877{
878 s->error = 0;
879 s->status = READY_STAT;
880 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
881 ide_set_irq(s);
882}
883
884static void ide_atapi_cmd_error(IDEState *s, int sense_key, int asc)
885{
886#ifdef DEBUG_IDE_ATAPI
887 printf("atapi_cmd_error: sense=0x%x asc=0x%x\n", sense_key, asc);
888#endif
889 s->error = sense_key << 4;
890 s->status = READY_STAT | ERR_STAT;
891 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
892 s->sense_key = sense_key;
893 s->asc = asc;
894 ide_set_irq(s);
895}
896
897static inline void cpu_to_ube16(uint8_t *buf, int val)
898{
899 buf[0] = val >> 8;
900 buf[1] = val;
901}
902
903static inline void cpu_to_ube32(uint8_t *buf, unsigned int val)
904{
905 buf[0] = val >> 24;
906 buf[1] = val >> 16;
907 buf[2] = val >> 8;
908 buf[3] = val;
909}
910
911static inline int ube16_to_cpu(const uint8_t *buf)
912{
913 return (buf[0] << 8) | buf[1];
914}
915
916static inline int ube32_to_cpu(const uint8_t *buf)
917{
918 return (buf[0] << 24) | (buf[1] << 16) | (buf[2] << 8) | buf[3];
919}
920
98087450
FB		 921static void lba_to_msf(uint8_t *buf, int lba)
922{
923 lba += 150;
924 buf[0] = (lba / 75) / 60;
925 buf[1] = (lba / 75) % 60;
926 buf[2] = lba % 75;
927}
928
8ccad811
FB		 929static void cd_data_to_raw(uint8_t *buf, int lba)
930{
931 /* sync bytes */
932 buf[0] = 0x00;
933 memset(buf + 1, 0xff, 10);
934 buf[11] = 0x00;
935 buf += 12;
936 /* MSF */
937 lba_to_msf(buf, lba);
938 buf[3] = 0x01; /* mode 1 data */
939 buf += 4;
940 /* data */
941 buf += 2048;
942 /* XXX: ECC not computed */
943 memset(buf, 0, 288);
944}
945
66c6ef76 946static int cd_read_sector(BlockDriverState *bs, int lba, uint8_t *buf,
98087450
FB		 947 int sector_size)
948{
66c6ef76
FB		 949 int ret;
950
98087450
FB		 951 switch(sector_size) {
952 case 2048:
66c6ef76 953 ret = bdrv_read(bs, (int64_t)lba << 2, buf, 4);
98087450
FB		 954 break;
955 case 2352:
66c6ef76
FB		 956 ret = bdrv_read(bs, (int64_t)lba << 2, buf + 16, 4);
957 if (ret < 0)
958 return ret;
8ccad811 959 cd_data_to_raw(buf, lba);
98087450
FB		 960 break;
961 default:
66c6ef76 962 ret = -EIO;
98087450
FB		 963 break;
964 }
66c6ef76
FB		 965 return ret;
966}
967
968static void ide_atapi_io_error(IDEState *s, int ret)
969{
970 /* XXX: handle more errors */
971 if (ret == -ENOMEDIUM) {
972 ide_atapi_cmd_error(s, SENSE_NOT_READY,
973 ASC_MEDIUM_NOT_PRESENT);
974 } else {
975 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
976 ASC_LOGICAL_BLOCK_OOR);
977 }
98087450
FB		 978}
979
5391d806
FB		 980/* The whole ATAPI transfer logic is handled in this function */
981static void ide_atapi_cmd_reply_end(IDEState *s)
982{
66c6ef76 983 int byte_count_limit, size, ret;
5391d806
FB		 984#ifdef DEBUG_IDE_ATAPI
985 printf("reply: tx_size=%d elem_tx_size=%d index=%d\n",
986 s->packet_transfer_size,
987 s->elementary_transfer_size,
988 s->io_buffer_index);
989#endif
990 if (s->packet_transfer_size <= 0) {
991 /* end of transfer */
992 ide_transfer_stop(s);
993 s->status = READY_STAT;
994 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
995 ide_set_irq(s);
996#ifdef DEBUG_IDE_ATAPI
997 printf("status=0x%x\n", s->status);
998#endif
999 } else {
1000 /* see if a new sector must be read */
98087450 1001 if (s->lba != -1 && s->io_buffer_index >= s->cd_sector_size) {
66c6ef76
FB		 1002 ret = cd_read_sector(s->bs, s->lba, s->io_buffer, s->cd_sector_size);
1003 if (ret < 0) {
1004 ide_transfer_stop(s);
1005 ide_atapi_io_error(s, ret);
1006 return;
1007 }
5391d806
FB		 1008 s->lba++;
1009 s->io_buffer_index = 0;
1010 }
1011 if (s->elementary_transfer_size > 0) {
1012 /* there are some data left to transmit in this elementary
1013 transfer */
98087450 1014 size = s->cd_sector_size - s->io_buffer_index;
5391d806
FB		 1015 if (size > s->elementary_transfer_size)
1016 size = s->elementary_transfer_size;
1017 ide_transfer_start(s, s->io_buffer + s->io_buffer_index,
1018 size, ide_atapi_cmd_reply_end);
1019 s->packet_transfer_size -= size;
1020 s->elementary_transfer_size -= size;
1021 s->io_buffer_index += size;
1022 } else {
1023 /* a new transfer is needed */
1024 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO;
1025 byte_count_limit = s->lcyl | (s->hcyl << 8);
1026#ifdef DEBUG_IDE_ATAPI
1027 printf("byte_count_limit=%d\n", byte_count_limit);
1028#endif
1029 if (byte_count_limit == 0xffff)
1030 byte_count_limit--;
1031 size = s->packet_transfer_size;
1032 if (size > byte_count_limit) {
1033 /* byte count limit must be even if this case */
1034 if (byte_count_limit & 1)
1035 byte_count_limit--;
1036 size = byte_count_limit;
5391d806 1037 }
a136e5a8
FB		 1038 s->lcyl = size;
1039 s->hcyl = size >> 8;
5391d806
FB		 1040 s->elementary_transfer_size = size;
1041 /* we cannot transmit more than one sector at a time */
1042 if (s->lba != -1) {
98087450
FB		 1043 if (size > (s->cd_sector_size - s->io_buffer_index))
1044 size = (s->cd_sector_size - s->io_buffer_index);
5391d806
FB		 1045 }
1046 ide_transfer_start(s, s->io_buffer + s->io_buffer_index,
1047 size, ide_atapi_cmd_reply_end);
1048 s->packet_transfer_size -= size;
1049 s->elementary_transfer_size -= size;
1050 s->io_buffer_index += size;
1051 ide_set_irq(s);
1052#ifdef DEBUG_IDE_ATAPI
1053 printf("status=0x%x\n", s->status);
1054#endif
1055 }
1056 }
1057}
1058
1059/* send a reply of 'size' bytes in s->io_buffer to an ATAPI command */
1060static void ide_atapi_cmd_reply(IDEState *s, int size, int max_size)
1061{
1062 if (size > max_size)
1063 size = max_size;
1064 s->lba = -1; /* no sector read */
1065 s->packet_transfer_size = size;
1066 s->elementary_transfer_size = 0;
1067 s->io_buffer_index = 0;
1068
1069 s->status = READY_STAT;
1070 ide_atapi_cmd_reply_end(s);
1071}
1072
1073/* start a CD-CDROM read command */
98087450
FB		 1074static void ide_atapi_cmd_read_pio(IDEState *s, int lba, int nb_sectors,
1075 int sector_size)
5391d806 1076{
5391d806 1077 s->lba = lba;
98087450 1078 s->packet_transfer_size = nb_sectors * sector_size;
5391d806 1079 s->elementary_transfer_size = 0;
98087450
FB		 1080 s->io_buffer_index = sector_size;
1081 s->cd_sector_size = sector_size;
5391d806
FB		 1082
1083 s->status = READY_STAT;
1084 ide_atapi_cmd_reply_end(s);
1085}
1086
98087450 1087/* ATAPI DMA support */
8ccad811
FB		 1088
1089/* XXX: handle read errors */
1090static void ide_atapi_cmd_read_dma_cb(void *opaque, int ret)
98087450 1091{
8ccad811
FB		 1092 BMDMAState *bm = opaque;
1093 IDEState *s = bm->ide_if;
1094 int data_offset, n;
1095
66c6ef76
FB		 1096 if (ret < 0) {
1097 ide_atapi_io_error(s, ret);
1098 goto eot;
1099 }
1100
8ccad811
FB		 1101 if (s->io_buffer_size > 0) {
1102 if (s->cd_sector_size == 2352) {
1103 n = 1;
1104 cd_data_to_raw(s->io_buffer, s->lba);
1105 } else {
1106 n = s->io_buffer_size >> 11;
98087450 1107 }
8ccad811
FB		 1108 s->packet_transfer_size -= s->io_buffer_size;
1109 s->lba += n;
1110 if (dma_buf_rw(bm, 1) == 0)
1111 goto eot;
98087450 1112 }
8ccad811 1113
98087450
FB		 1114 if (s->packet_transfer_size <= 0) {
1115 s->status = READY_STAT;
1116 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
1117 ide_set_irq(s);
8ccad811
FB		 1118 eot:
1119 bm->status &= ~BM_STATUS_DMAING;
1120 bm->status |= BM_STATUS_INT;
1121 bm->dma_cb = NULL;
1122 bm->ide_if = NULL;
1123 bm->aiocb = NULL;
1124 return;
1125 }
1126
1127 s->io_buffer_index = 0;
1128 if (s->cd_sector_size == 2352) {
1129 n = 1;
1130 s->io_buffer_size = s->cd_sector_size;
1131 data_offset = 16;
1132 } else {
1133 n = s->packet_transfer_size >> 11;
1134 if (n > (MAX_MULT_SECTORS / 4))
1135 n = (MAX_MULT_SECTORS / 4);
1136 s->io_buffer_size = n * 2048;
1137 data_offset = 0;
98087450 1138 }
8ccad811
FB		 1139#ifdef DEBUG_AIO
1140 printf("aio_read_cd: lba=%u n=%d\n", s->lba, n);
1141#endif
1142 bm->aiocb = bdrv_aio_read(s->bs, (int64_t)s->lba << 2,
1143 s->io_buffer + data_offset, n * 4,
1144 ide_atapi_cmd_read_dma_cb, bm);
66c6ef76
FB		 1145 if (!bm->aiocb) {
1146 /* Note: media not present is the most likely case */
1147 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1148 ASC_MEDIUM_NOT_PRESENT);
1149 goto eot;
1150 }
98087450
FB		 1151}
1152
1153/* start a CD-CDROM read command with DMA */
1154/* XXX: test if DMA is available */
1155static void ide_atapi_cmd_read_dma(IDEState *s, int lba, int nb_sectors,
1156 int sector_size)
1157{
1158 s->lba = lba;
1159 s->packet_transfer_size = nb_sectors * sector_size;
8ccad811
FB		 1160 s->io_buffer_index = 0;
1161 s->io_buffer_size = 0;
98087450
FB		 1162 s->cd_sector_size = sector_size;
1163
8ccad811
FB		 1164 /* XXX: check if BUSY_STAT should be set */
1165 s->status = READY_STAT | DRQ_STAT | BUSY_STAT;
98087450
FB		 1166 ide_dma_start(s, ide_atapi_cmd_read_dma_cb);
1167}
1168
1169static void ide_atapi_cmd_read(IDEState *s, int lba, int nb_sectors,
1170 int sector_size)
1171{
1172#ifdef DEBUG_IDE_ATAPI
1173 printf("read: LBA=%d nb_sectors=%d\n", lba, nb_sectors);
1174#endif
1175 if (s->atapi_dma) {
1176 ide_atapi_cmd_read_dma(s, lba, nb_sectors, sector_size);
1177 } else {
1178 ide_atapi_cmd_read_pio(s, lba, nb_sectors, sector_size);
1179 }
1180}
1181
5391d806
FB		 1182static void ide_atapi_cmd(IDEState *s)
1183{
1184 const uint8_t *packet;
1185 uint8_t *buf;
1186 int max_len;
1187
1188 packet = s->io_buffer;
1189 buf = s->io_buffer;
1190#ifdef DEBUG_IDE_ATAPI
1191 {
1192 int i;
1193 printf("ATAPI limit=0x%x packet:", s->lcyl | (s->hcyl << 8));
1194 for(i = 0; i < ATAPI_PACKET_SIZE; i++) {
1195 printf(" %02x", packet[i]);
1196 }
1197 printf("\n");
1198 }
1199#endif
1200 switch(s->io_buffer[0]) {
1201 case GPCMD_TEST_UNIT_READY:
caed8802 1202 if (bdrv_is_inserted(s->bs)) {
5391d806
FB		 1203 ide_atapi_cmd_ok(s);
1204 } else {
1205 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1206 ASC_MEDIUM_NOT_PRESENT);
1207 }
1208 break;
1209 case GPCMD_MODE_SENSE_10:
1210 {
1211 int action, code;
1212 max_len = ube16_to_cpu(packet + 7);
1213 action = packet[2] >> 6;
1214 code = packet[2] & 0x3f;
1215 switch(action) {
1216 case 0: /* current values */
1217 switch(code) {
1218 case 0x01: /* error recovery */
1219 cpu_to_ube16(&buf[0], 16 + 6);
1220 buf[2] = 0x70;
1221 buf[3] = 0;
1222 buf[4] = 0;
1223 buf[5] = 0;
1224 buf[6] = 0;
1225 buf[7] = 0;
1226
1227 buf[8] = 0x01;
1228 buf[9] = 0x06;
1229 buf[10] = 0x00;
1230 buf[11] = 0x05;
1231 buf[12] = 0x00;
1232 buf[13] = 0x00;
1233 buf[14] = 0x00;
1234 buf[15] = 0x00;
1235 ide_atapi_cmd_reply(s, 16, max_len);
1236 break;
1237 case 0x2a:
1238 cpu_to_ube16(&buf[0], 28 + 6);
1239 buf[2] = 0x70;
1240 buf[3] = 0;
1241 buf[4] = 0;
1242 buf[5] = 0;
1243 buf[6] = 0;
1244 buf[7] = 0;
1245
1246 buf[8] = 0x2a;
1247 buf[9] = 0x12;
1248 buf[10] = 0x00;
1249 buf[11] = 0x00;
1250
1251 buf[12] = 0x70;
1252 buf[13] = 3 << 5;
1253 buf[14] = (1 << 0) | (1 << 3) | (1 << 5);
caed8802 1254 if (bdrv_is_locked(s->bs))
5391d806
FB		 1255 buf[6] |= 1 << 1;
1256 buf[15] = 0x00;
1257 cpu_to_ube16(&buf[16], 706);
1258 buf[18] = 0;
1259 buf[19] = 2;
1260 cpu_to_ube16(&buf[20], 512);
1261 cpu_to_ube16(&buf[22], 706);
1262 buf[24] = 0;
1263 buf[25] = 0;
1264 buf[26] = 0;
1265 buf[27] = 0;
1266 ide_atapi_cmd_reply(s, 28, max_len);
1267 break;
1268 default:
1269 goto error_cmd;
1270 }
1271 break;
1272 case 1: /* changeable values */
1273 goto error_cmd;
1274 case 2: /* default values */
1275 goto error_cmd;
1276 default:
1277 case 3: /* saved values */
1278 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1279 ASC_SAVING_PARAMETERS_NOT_SUPPORTED);
1280 break;
1281 }
1282 }
1283 break;
1284 case GPCMD_REQUEST_SENSE:
1285 max_len = packet[4];
1286 memset(buf, 0, 18);
1287 buf[0] = 0x70 | (1 << 7);
1288 buf[2] = s->sense_key;
1289 buf[7] = 10;
1290 buf[12] = s->asc;
1291 ide_atapi_cmd_reply(s, 18, max_len);
1292 break;
1293 case GPCMD_PREVENT_ALLOW_MEDIUM_REMOVAL:
caed8802
FB		 1294 if (bdrv_is_inserted(s->bs)) {
1295 bdrv_set_locked(s->bs, packet[4] & 1);
5391d806
FB		 1296 ide_atapi_cmd_ok(s);
1297 } else {
1298 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1299 ASC_MEDIUM_NOT_PRESENT);
1300 }
1301 break;
1302 case GPCMD_READ_10:
1303 case GPCMD_READ_12:
1304 {
1305 int nb_sectors, lba;
1306
5391d806
FB		 1307 if (packet[0] == GPCMD_READ_10)
1308 nb_sectors = ube16_to_cpu(packet + 7);
1309 else
1310 nb_sectors = ube32_to_cpu(packet + 6);
1311 lba = ube32_to_cpu(packet + 2);
1312 if (nb_sectors == 0) {
1313 ide_atapi_cmd_ok(s);
1314 break;
1315 }
98087450
FB		 1316 ide_atapi_cmd_read(s, lba, nb_sectors, 2048);
1317 }
1318 break;
1319 case GPCMD_READ_CD:
1320 {
1321 int nb_sectors, lba, transfer_request;
1322
98087450
FB		 1323 nb_sectors = (packet[6] << 16) | (packet[7] << 8) | packet[8];
1324 lba = ube32_to_cpu(packet + 2);
1325 if (nb_sectors == 0) {
1326 ide_atapi_cmd_ok(s);
1327 break;
1328 }
98087450
FB		 1329 transfer_request = packet[9];
1330 switch(transfer_request & 0xf8) {
1331 case 0x00:
1332 /* nothing */
1333 ide_atapi_cmd_ok(s);
1334 break;
1335 case 0x10:
1336 /* normal read */
1337 ide_atapi_cmd_read(s, lba, nb_sectors, 2048);
1338 break;
1339 case 0xf8:
1340 /* read all data */
1341 ide_atapi_cmd_read(s, lba, nb_sectors, 2352);
1342 break;
1343 default:
1344 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1345 ASC_INV_FIELD_IN_CMD_PACKET);
1346 break;
1347 }
5391d806
FB		 1348 }
1349 break;
1350 case GPCMD_SEEK:
1351 {
1352 int lba;
66c6ef76
FB		 1353 int64_t total_sectors;
1354
1355 bdrv_get_geometry(s->bs, &total_sectors);
1356 total_sectors >>= 2;
1357 if (total_sectors <= 0) {
5391d806
FB		 1358 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1359 ASC_MEDIUM_NOT_PRESENT);
1360 break;
1361 }
1362 lba = ube32_to_cpu(packet + 2);
66c6ef76 1363 if (lba >= total_sectors) {
5391d806
FB		 1364 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1365 ASC_LOGICAL_BLOCK_OOR);
1366 break;
1367 }
1368 ide_atapi_cmd_ok(s);
1369 }
1370 break;
1371 case GPCMD_START_STOP_UNIT:
1372 {
1373 int start, eject;
1374 start = packet[4] & 1;
1375 eject = (packet[4] >> 1) & 1;
1376
caed8802
FB		 1377 if (eject && !start) {
1378 /* eject the disk */
66c6ef76
FB		 1379 bdrv_eject(s->bs, 1);
1380 } else if (eject && start) {
1381 /* close the tray */
1382 bdrv_eject(s->bs, 0);
caed8802 1383 }
5391d806
FB		 1384 ide_atapi_cmd_ok(s);
1385 }
1386 break;
1387 case GPCMD_MECHANISM_STATUS:
1388 {
1389 max_len = ube16_to_cpu(packet + 8);
1390 cpu_to_ube16(buf, 0);
1391 /* no current LBA */
1392 buf[2] = 0;
1393 buf[3] = 0;
1394 buf[4] = 0;
1395 buf[5] = 1;
1396 cpu_to_ube16(buf + 6, 0);
1397 ide_atapi_cmd_reply(s, 8, max_len);
1398 }
1399 break;
1400 case GPCMD_READ_TOC_PMA_ATIP:
1401 {
1402 int format, msf, start_track, len;
66c6ef76 1403 int64_t total_sectors;
5391d806 1404
66c6ef76
FB		 1405 bdrv_get_geometry(s->bs, &total_sectors);
1406 total_sectors >>= 2;
1407 if (total_sectors <= 0) {
5391d806
FB		 1408 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1409 ASC_MEDIUM_NOT_PRESENT);
1410 break;
1411 }
1412 max_len = ube16_to_cpu(packet + 7);
1413 format = packet[9] >> 6;
1414 msf = (packet[1] >> 1) & 1;
1415 start_track = packet[6];
1416 switch(format) {
1417 case 0:
66c6ef76 1418 len = cdrom_read_toc(total_sectors, buf, msf, start_track);
5391d806
FB		 1419 if (len < 0)
1420 goto error_cmd;
1421 ide_atapi_cmd_reply(s, len, max_len);
1422 break;
1423 case 1:
1424 /* multi session : only a single session defined */
1425 memset(buf, 0, 12);
1426 buf[1] = 0x0a;
1427 buf[2] = 0x01;
1428 buf[3] = 0x01;
1429 ide_atapi_cmd_reply(s, 12, max_len);
1430 break;
98087450 1431 case 2:
66c6ef76 1432 len = cdrom_read_toc_raw(total_sectors, buf, msf, start_track);
98087450
FB		 1433 if (len < 0)
1434 goto error_cmd;
1435 ide_atapi_cmd_reply(s, len, max_len);
1436 break;
5391d806 1437 default:
7f777bf3
FB		 1438 error_cmd:
1439 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1440 ASC_INV_FIELD_IN_CMD_PACKET);
1441 break;
5391d806
FB		 1442 }
1443 }
1444 break;
1445 case GPCMD_READ_CDVD_CAPACITY:
66c6ef76
FB		 1446 {
1447 int64_t total_sectors;
1448
1449 bdrv_get_geometry(s->bs, &total_sectors);
1450 total_sectors >>= 2;
1451 if (total_sectors <= 0) {
1452 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1453 ASC_MEDIUM_NOT_PRESENT);
1454 break;
1455 }
1456 /* NOTE: it is really the number of sectors minus 1 */
1457 cpu_to_ube32(buf, total_sectors - 1);
1458 cpu_to_ube32(buf + 4, 2048);
1459 ide_atapi_cmd_reply(s, 8, 8);
5391d806 1460 }
5391d806 1461 break;
bd0d90b2
FB		 1462 case GPCMD_INQUIRY:
1463 max_len = packet[4];
1464 buf[0] = 0x05; /* CD-ROM */
1465 buf[1] = 0x80; /* removable */
1466 buf[2] = 0x00; /* ISO */
1467 buf[3] = 0x21; /* ATAPI-2 (XXX: put ATAPI-4 ?) */
1468 buf[4] = 31; /* additionnal length */
1469 buf[5] = 0; /* reserved */
1470 buf[6] = 0; /* reserved */
1471 buf[7] = 0; /* reserved */
1472 padstr8(buf + 8, 8, "QEMU");
1473 padstr8(buf + 16, 16, "QEMU CD-ROM");
1474 padstr8(buf + 32, 4, QEMU_VERSION);
1475 ide_atapi_cmd_reply(s, 36, max_len);
1476 break;
5391d806 1477 default:
5391d806 1478 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
7f777bf3 1479 ASC_ILLEGAL_OPCODE);
5391d806
FB		 1480 break;
1481 }
1482}
1483
c2ff060f
FB		 1484static void ide_cmd_lba48_transform(IDEState *s, int lba48)
1485{
1486 s->lba48 = lba48;
1487
1488 /* handle the 'magic' 0 nsector count conversion here. to avoid
1489 * fiddling with the rest of the read logic, we just store the
1490 * full sector count in ->nsector and ignore ->hob_nsector from now
1491 */
1492 if (!s->lba48) {
1493 if (!s->nsector)
1494 s->nsector = 256;
1495 } else {
1496 if (!s->nsector && !s->hob_nsector)
1497 s->nsector = 65536;
1498 else {
1499 int lo = s->nsector;
1500 int hi = s->hob_nsector;
1501
1502 s->nsector = (hi << 8) | lo;
1503 }
1504 }
1505}
1506
1507static void ide_clear_hob(IDEState *ide_if)
1508{
1509 /* any write clears HOB high bit of device control register */
1510 ide_if[0].select &= ~(1 << 7);
1511 ide_if[1].select &= ~(1 << 7);
1512}
1513
caed8802
FB		 1514static void ide_ioport_write(void *opaque, uint32_t addr, uint32_t val)
1515{
1516 IDEState *ide_if = opaque;
c45c3d00 1517 IDEState *s;
5391d806 1518 int unit, n;
c2ff060f 1519 int lba48 = 0;
5391d806
FB		 1520
1521#ifdef DEBUG_IDE
1522 printf("IDE: write addr=0x%x val=0x%02x\n", addr, val);
1523#endif
c2ff060f 1524
5391d806
FB		 1525 addr &= 7;
1526 switch(addr) {
1527 case 0:
1528 break;
1529 case 1:
c2ff060f 1530 ide_clear_hob(ide_if);
c45c3d00 1531 /* NOTE: data is written to the two drives */
c2ff060f
FB		 1532 ide_if[0].hob_feature = ide_if[0].feature;
1533 ide_if[1].hob_feature = ide_if[1].feature;
c45c3d00
FB		 1534 ide_if[0].feature = val;
1535 ide_if[1].feature = val;
5391d806
FB		 1536 break;
1537 case 2:
c2ff060f
FB		 1538 ide_clear_hob(ide_if);
1539 ide_if[0].hob_nsector = ide_if[0].nsector;
1540 ide_if[1].hob_nsector = ide_if[1].nsector;
c45c3d00
FB		 1541 ide_if[0].nsector = val;
1542 ide_if[1].nsector = val;
5391d806
FB		 1543 break;
1544 case 3:
c2ff060f
FB		 1545 ide_clear_hob(ide_if);
1546 ide_if[0].hob_sector = ide_if[0].sector;
1547 ide_if[1].hob_sector = ide_if[1].sector;
c45c3d00
FB		 1548 ide_if[0].sector = val;
1549 ide_if[1].sector = val;
5391d806
FB		 1550 break;
1551 case 4:
c2ff060f
FB		 1552 ide_clear_hob(ide_if);
1553 ide_if[0].hob_lcyl = ide_if[0].lcyl;
1554 ide_if[1].hob_lcyl = ide_if[1].lcyl;
c45c3d00
FB		 1555 ide_if[0].lcyl = val;
1556 ide_if[1].lcyl = val;
5391d806
FB		 1557 break;
1558 case 5:
c2ff060f
FB		 1559 ide_clear_hob(ide_if);
1560 ide_if[0].hob_hcyl = ide_if[0].hcyl;
1561 ide_if[1].hob_hcyl = ide_if[1].hcyl;
c45c3d00
FB		 1562 ide_if[0].hcyl = val;
1563 ide_if[1].hcyl = val;
5391d806
FB		 1564 break;
1565 case 6:
c2ff060f 1566 /* FIXME: HOB readback uses bit 7 */
7ae98627
FB		 1567 ide_if[0].select = (val & ~0x10) | 0xa0;
1568 ide_if[1].select = (val | 0x10) | 0xa0;
5391d806
FB		 1569 /* select drive */
1570 unit = (val >> 4) & 1;
1571 s = ide_if + unit;
1572 ide_if->cur_drive = s;
5391d806
FB		 1573 break;
1574 default:
1575 case 7:
1576 /* command */
1577#if defined(DEBUG_IDE)
1578 printf("ide: CMD=%02x\n", val);
1579#endif
c45c3d00 1580 s = ide_if->cur_drive;
66201e2d
FB		 1581 /* ignore commands to non existant slave */
1582 if (s != ide_if && !s->bs)
1583 break;
c2ff060f 1584
5391d806
FB		 1585 switch(val) {
1586 case WIN_IDENTIFY:
1587 if (s->bs && !s->is_cdrom) {
1588 ide_identify(s);
2a282056 1589 s->status = READY_STAT | SEEK_STAT;
5391d806
FB		 1590 ide_transfer_start(s, s->io_buffer, 512, ide_transfer_stop);
1591 } else {
1592 if (s->is_cdrom) {
1593 ide_set_signature(s);
1594 }
1595 ide_abort_command(s);
1596 }
1597 ide_set_irq(s);
1598 break;
1599 case WIN_SPECIFY:
1600 case WIN_RECAL:
a136e5a8 1601 s->error = 0;
769bec72 1602 s->status = READY_STAT | SEEK_STAT;
5391d806
FB		 1603 ide_set_irq(s);
1604 break;
1605 case WIN_SETMULT:
1606 if (s->nsector > MAX_MULT_SECTORS ||
1607 s->nsector == 0 ||
1608 (s->nsector & (s->nsector - 1)) != 0) {
1609 ide_abort_command(s);
1610 } else {
1611 s->mult_sectors = s->nsector;
1612 s->status = READY_STAT;
1613 }
1614 ide_set_irq(s);
1615 break;
c2ff060f
FB		 1616 case WIN_VERIFY_EXT:
1617 lba48 = 1;
4ce900b4
FB		 1618 case WIN_VERIFY:
1619 case WIN_VERIFY_ONCE:
1620 /* do sector number check ? */
c2ff060f 1621 ide_cmd_lba48_transform(s, lba48);
4ce900b4
FB		 1622 s->status = READY_STAT;
1623 ide_set_irq(s);
1624 break;
c2ff060f
FB		 1625 case WIN_READ_EXT:
1626 lba48 = 1;
5391d806
FB		 1627 case WIN_READ:
1628 case WIN_READ_ONCE:
6b136f9e
FB		 1629 if (!s->bs)
1630 goto abort_cmd;
c2ff060f 1631 ide_cmd_lba48_transform(s, lba48);
5391d806
FB		 1632 s->req_nb_sectors = 1;
1633 ide_sector_read(s);
1634 break;
c2ff060f
FB		 1635 case WIN_WRITE_EXT:
1636 lba48 = 1;
5391d806
FB		 1637 case WIN_WRITE:
1638 case WIN_WRITE_ONCE:
c2ff060f 1639 ide_cmd_lba48_transform(s, lba48);
a136e5a8 1640 s->error = 0;
f66723fa 1641 s->status = SEEK_STAT | READY_STAT;
5391d806
FB		 1642 s->req_nb_sectors = 1;
1643 ide_transfer_start(s, s->io_buffer, 512, ide_sector_write);
1644 break;
c2ff060f
FB		 1645 case WIN_MULTREAD_EXT:
1646 lba48 = 1;
5391d806
FB		 1647 case WIN_MULTREAD:
1648 if (!s->mult_sectors)
1649 goto abort_cmd;
c2ff060f 1650 ide_cmd_lba48_transform(s, lba48);
5391d806
FB		 1651 s->req_nb_sectors = s->mult_sectors;
1652 ide_sector_read(s);
1653 break;
c2ff060f
FB		 1654 case WIN_MULTWRITE_EXT:
1655 lba48 = 1;
5391d806
FB		 1656 case WIN_MULTWRITE:
1657 if (!s->mult_sectors)
1658 goto abort_cmd;
c2ff060f 1659 ide_cmd_lba48_transform(s, lba48);
a136e5a8 1660 s->error = 0;
f66723fa 1661 s->status = SEEK_STAT | READY_STAT;
5391d806
FB		 1662 s->req_nb_sectors = s->mult_sectors;
1663 n = s->nsector;
1664 if (n > s->req_nb_sectors)
1665 n = s->req_nb_sectors;
1666 ide_transfer_start(s, s->io_buffer, 512 * n, ide_sector_write);
1667 break;
c2ff060f
FB		 1668 case WIN_READDMA_EXT:
1669 lba48 = 1;
98087450
FB		 1670 case WIN_READDMA:
1671 case WIN_READDMA_ONCE:
1672 if (!s->bs)
1673 goto abort_cmd;
c2ff060f 1674 ide_cmd_lba48_transform(s, lba48);
98087450
FB		 1675 ide_sector_read_dma(s);
1676 break;
c2ff060f
FB		 1677 case WIN_WRITEDMA_EXT:
1678 lba48 = 1;
98087450
FB		 1679 case WIN_WRITEDMA:
1680 case WIN_WRITEDMA_ONCE:
1681 if (!s->bs)
1682 goto abort_cmd;
c2ff060f 1683 ide_cmd_lba48_transform(s, lba48);
98087450
FB		 1684 ide_sector_write_dma(s);
1685 break;
c2ff060f
FB		 1686 case WIN_READ_NATIVE_MAX_EXT:
1687 lba48 = 1;
5391d806 1688 case WIN_READ_NATIVE_MAX:
c2ff060f 1689 ide_cmd_lba48_transform(s, lba48);
5391d806
FB		 1690 ide_set_sector(s, s->nb_sectors - 1);
1691 s->status = READY_STAT;
1692 ide_set_irq(s);
1693 break;
a136e5a8
FB		 1694 case WIN_CHECKPOWERMODE1:
1695 s->nsector = 0xff; /* device active or idle */
1696 s->status = READY_STAT;
1697 ide_set_irq(s);
1698 break;
34e538ae
FB		 1699 case WIN_SETFEATURES:
1700 if (!s->bs)
1701 goto abort_cmd;
1702 /* XXX: valid for CDROM ? */
1703 switch(s->feature) {
1704 case 0x02: /* write cache enable */
1705 case 0x82: /* write cache disable */
1706 case 0xaa: /* read look-ahead enable */
1707 case 0x55: /* read look-ahead disable */
e0fe67aa 1708 s->status = READY_STAT | SEEK_STAT;
34e538ae
FB		 1709 ide_set_irq(s);
1710 break;
94458802
FB		 1711 case 0x03: { /* set transfer mode */
1712 uint8_t val = s->nsector & 0x07;
1713
1714 switch (s->nsector >> 3) {
1715 case 0x00: /* pio default */
1716 case 0x01: /* pio mode */
1717 put_le16(s->identify_data + 63,0x07);
1718 put_le16(s->identify_data + 88,0x3f);
1719 break;
1720 case 0x04: /* mdma mode */
1721 put_le16(s->identify_data + 63,0x07 | (1 << (val + 8)));
1722 put_le16(s->identify_data + 88,0x3f);
1723 break;
1724 case 0x08: /* udma mode */
1725 put_le16(s->identify_data + 63,0x07);
1726 put_le16(s->identify_data + 88,0x3f | (1 << (val + 8)));
1727 break;
1728 default:
1729 goto abort_cmd;
1730 }
1731 s->status = READY_STAT | SEEK_STAT;
1732 ide_set_irq(s);
1733 break;
1734 }
34e538ae
FB		 1735 default:
1736 goto abort_cmd;
1737 }
1738 break;
c2ff060f
FB		 1739 case WIN_FLUSH_CACHE:
1740 case WIN_FLUSH_CACHE_EXT:
7a6cba61
PB		 1741 if (s->bs)
1742 bdrv_flush(s->bs);
1743 s->status = READY_STAT;
1744 ide_set_irq(s);
1745 break;
a7dfe172 1746 case WIN_STANDBYNOW1:
c451ee71 1747 case WIN_IDLEIMMEDIATE:
a7dfe172
FB		 1748 s->status = READY_STAT;
1749 ide_set_irq(s);
1750 break;
5391d806
FB		 1751 /* ATAPI commands */
1752 case WIN_PIDENTIFY:
1753 if (s->is_cdrom) {
1754 ide_atapi_identify(s);
1298fe63 1755 s->status = READY_STAT | SEEK_STAT;
5391d806
FB		 1756 ide_transfer_start(s, s->io_buffer, 512, ide_transfer_stop);
1757 } else {
1758 ide_abort_command(s);
1759 }
1760 ide_set_irq(s);
1761 break;
c451ee71
FB		 1762 case WIN_DIAGNOSE:
1763 ide_set_signature(s);
1764 s->status = 0x00; /* NOTE: READY is _not_ set */
1765 s->error = 0x01;
1766 break;
5391d806
FB		 1767 case WIN_SRST:
1768 if (!s->is_cdrom)
1769 goto abort_cmd;
1770 ide_set_signature(s);
6b136f9e 1771 s->status = 0x00; /* NOTE: READY is _not_ set */
5391d806
FB		 1772 s->error = 0x01;
1773 break;
1774 case WIN_PACKETCMD:
1775 if (!s->is_cdrom)
1776 goto abort_cmd;
98087450
FB		 1777 /* overlapping commands not supported */
1778 if (s->feature & 0x02)
5391d806 1779 goto abort_cmd;
98087450 1780 s->atapi_dma = s->feature & 1;
5391d806
FB		 1781 s->nsector = 1;
1782 ide_transfer_start(s, s->io_buffer, ATAPI_PACKET_SIZE,
1783 ide_atapi_cmd);
1784 break;
1785 default:
1786 abort_cmd:
1787 ide_abort_command(s);
1788 ide_set_irq(s);
1789 break;
1790 }
1791 }
1792}
1793
caed8802 1794static uint32_t ide_ioport_read(void *opaque, uint32_t addr1)
5391d806 1795{
7ae98627
FB		 1796 IDEState *ide_if = opaque;
1797 IDEState *s = ide_if->cur_drive;
5391d806 1798 uint32_t addr;
c2ff060f 1799 int ret, hob;
5391d806
FB		 1800
1801 addr = addr1 & 7;
c2ff060f
FB		 1802 /* FIXME: HOB readback uses bit 7, but it's always set right now */
1803 //hob = s->select & (1 << 7);
1804 hob = 0;
5391d806
FB		 1805 switch(addr) {
1806 case 0:
1807 ret = 0xff;
1808 break;
1809 case 1:
7ae98627 1810 if (!ide_if[0].bs && !ide_if[1].bs)
c45c3d00 1811 ret = 0;
c2ff060f 1812 else if (!hob)
c45c3d00 1813 ret = s->error;
c2ff060f
FB		 1814 else
1815 ret = s->hob_feature;
5391d806
FB		 1816 break;
1817 case 2:
7ae98627 1818 if (!ide_if[0].bs && !ide_if[1].bs)
c45c3d00 1819 ret = 0;
c2ff060f 1820 else if (!hob)
c45c3d00 1821 ret = s->nsector & 0xff;
c2ff060f
FB		 1822 else
1823 ret = s->hob_nsector;
5391d806
FB		 1824 break;
1825 case 3:
7ae98627 1826 if (!ide_if[0].bs && !ide_if[1].bs)
c45c3d00 1827 ret = 0;
c2ff060f 1828 else if (!hob)
c45c3d00 1829 ret = s->sector;
c2ff060f
FB		 1830 else
1831 ret = s->hob_sector;
5391d806
FB		 1832 break;
1833 case 4:
7ae98627 1834 if (!ide_if[0].bs && !ide_if[1].bs)
c45c3d00 1835 ret = 0;
c2ff060f 1836 else if (!hob)
c45c3d00 1837 ret = s->lcyl;
c2ff060f
FB		 1838 else
1839 ret = s->hob_lcyl;
5391d806
FB		 1840 break;
1841 case 5:
7ae98627 1842 if (!ide_if[0].bs && !ide_if[1].bs)
c45c3d00 1843 ret = 0;
c2ff060f 1844 else if (!hob)
c45c3d00 1845 ret = s->hcyl;
c2ff060f
FB		 1846 else
1847 ret = s->hob_hcyl;
5391d806
FB		 1848 break;
1849 case 6:
7ae98627 1850 if (!ide_if[0].bs && !ide_if[1].bs)
c45c3d00
FB		 1851 ret = 0;
1852 else
7ae98627 1853 ret = s->select;
5391d806
FB		 1854 break;
1855 default:
1856 case 7:
66201e2d
FB		 1857 if ((!ide_if[0].bs && !ide_if[1].bs) ||
1858 (s != ide_if && !s->bs))
c45c3d00
FB		 1859 ret = 0;
1860 else
1861 ret = s->status;
5457c8ce 1862 s->set_irq(s->irq_opaque, s->irq, 0);
5391d806
FB		 1863 break;
1864 }
1865#ifdef DEBUG_IDE
1866 printf("ide: read addr=0x%x val=%02x\n", addr1, ret);
1867#endif
1868 return ret;
1869}
1870
caed8802 1871static uint32_t ide_status_read(void *opaque, uint32_t addr)
5391d806 1872{
7ae98627
FB		 1873 IDEState *ide_if = opaque;
1874 IDEState *s = ide_if->cur_drive;
5391d806 1875 int ret;
7ae98627 1876
66201e2d
FB		 1877 if ((!ide_if[0].bs && !ide_if[1].bs) ||
1878 (s != ide_if && !s->bs))
7ae98627
FB		 1879 ret = 0;
1880 else
1881 ret = s->status;
5391d806
FB		 1882#ifdef DEBUG_IDE
1883 printf("ide: read status addr=0x%x val=%02x\n", addr, ret);
1884#endif
1885 return ret;
1886}
1887
caed8802 1888static void ide_cmd_write(void *opaque, uint32_t addr, uint32_t val)
5391d806 1889{
caed8802 1890 IDEState *ide_if = opaque;
5391d806
FB		 1891 IDEState *s;
1892 int i;
1893
1894#ifdef DEBUG_IDE
1895 printf("ide: write control addr=0x%x val=%02x\n", addr, val);
1896#endif
1897 /* common for both drives */
1898 if (!(ide_if[0].cmd & IDE_CMD_RESET) &&
1899 (val & IDE_CMD_RESET)) {
1900 /* reset low to high */
1901 for(i = 0;i < 2; i++) {
1902 s = &ide_if[i];
1903 s->status = BUSY_STAT | SEEK_STAT;
1904 s->error = 0x01;
1905 }
1906 } else if ((ide_if[0].cmd & IDE_CMD_RESET) &&
1907 !(val & IDE_CMD_RESET)) {
1908 /* high to low */
1909 for(i = 0;i < 2; i++) {
1910 s = &ide_if[i];
6b136f9e
FB		 1911 if (s->is_cdrom)
1912 s->status = 0x00; /* NOTE: READY is _not_ set */
1913 else
56bf1d37 1914 s->status = READY_STAT | SEEK_STAT;
5391d806
FB		 1915 ide_set_signature(s);
1916 }
1917 }
1918
1919 ide_if[0].cmd = val;
1920 ide_if[1].cmd = val;
1921}
1922
caed8802 1923static void ide_data_writew(void *opaque, uint32_t addr, uint32_t val)
5391d806 1924{
caed8802 1925 IDEState *s = ((IDEState *)opaque)->cur_drive;
5391d806
FB		 1926 uint8_t *p;
1927
1928 p = s->data_ptr;
0c4ad8dc 1929 *(uint16_t *)p = le16_to_cpu(val);
5391d806
FB		 1930 p += 2;
1931 s->data_ptr = p;
1932 if (p >= s->data_end)
1933 s->end_transfer_func(s);
1934}
1935
caed8802 1936static uint32_t ide_data_readw(void *opaque, uint32_t addr)
5391d806 1937{
caed8802 1938 IDEState *s = ((IDEState *)opaque)->cur_drive;
5391d806
FB		 1939 uint8_t *p;
1940 int ret;
1941 p = s->data_ptr;
0c4ad8dc 1942 ret = cpu_to_le16(*(uint16_t *)p);
5391d806
FB		 1943 p += 2;
1944 s->data_ptr = p;
1945 if (p >= s->data_end)
1946 s->end_transfer_func(s);
1947 return ret;
1948}
1949
caed8802 1950static void ide_data_writel(void *opaque, uint32_t addr, uint32_t val)
5391d806 1951{
caed8802 1952 IDEState *s = ((IDEState *)opaque)->cur_drive;
5391d806
FB		 1953 uint8_t *p;
1954
1955 p = s->data_ptr;
0c4ad8dc 1956 *(uint32_t *)p = le32_to_cpu(val);
5391d806
FB		 1957 p += 4;
1958 s->data_ptr = p;
1959 if (p >= s->data_end)
1960 s->end_transfer_func(s);
1961}
1962
caed8802 1963static uint32_t ide_data_readl(void *opaque, uint32_t addr)
5391d806 1964{
caed8802 1965 IDEState *s = ((IDEState *)opaque)->cur_drive;
5391d806
FB		 1966 uint8_t *p;
1967 int ret;
1968
1969 p = s->data_ptr;
0c4ad8dc 1970 ret = cpu_to_le32(*(uint32_t *)p);
5391d806
FB		 1971 p += 4;
1972 s->data_ptr = p;
1973 if (p >= s->data_end)
1974 s->end_transfer_func(s);
1975 return ret;
1976}
1977
a7dfe172
FB		 1978static void ide_dummy_transfer_stop(IDEState *s)
1979{
1980 s->data_ptr = s->io_buffer;
1981 s->data_end = s->io_buffer;
1982 s->io_buffer[0] = 0xff;
1983 s->io_buffer[1] = 0xff;
1984 s->io_buffer[2] = 0xff;
1985 s->io_buffer[3] = 0xff;
1986}
1987
5391d806
FB		 1988static void ide_reset(IDEState *s)
1989{
1990 s->mult_sectors = MAX_MULT_SECTORS;
1991 s->cur_drive = s;
1992 s->select = 0xa0;
1993 s->status = READY_STAT;
1994 ide_set_signature(s);
a7dfe172
FB		 1995 /* init the transfer handler so that 0xffff is returned on data
1996 accesses */
1997 s->end_transfer_func = ide_dummy_transfer_stop;
1998 ide_dummy_transfer_stop(s);
5391d806
FB		 1999}
2000
2001struct partition {
2002 uint8_t boot_ind; /* 0x80 - active */
2003 uint8_t head; /* starting head */
2004 uint8_t sector; /* starting sector */
2005 uint8_t cyl; /* starting cylinder */
2006 uint8_t sys_ind; /* What partition type */
2007 uint8_t end_head; /* end head */
2008 uint8_t end_sector; /* end sector */
2009 uint8_t end_cyl; /* end cylinder */
2010 uint32_t start_sect; /* starting sector counting from 0 */
2011 uint32_t nr_sects; /* nr of sectors in partition */
2012} __attribute__((packed));
2013
bf1b938f
FB		 2014/* try to guess the disk logical geometry from the MSDOS partition table. Return 0 if OK, -1 if could not guess */
2015static int guess_disk_lchs(IDEState *s,
2016 int *pcylinders, int *pheads, int *psectors)
5391d806
FB		 2017{
2018 uint8_t buf[512];
46d4767d 2019 int ret, i, heads, sectors, cylinders;
5391d806
FB		 2020 struct partition *p;
2021 uint32_t nr_sects;
2022
5391d806
FB		 2023 ret = bdrv_read(s->bs, 0, buf, 1);
2024 if (ret < 0)
bf1b938f 2025 return -1;
5391d806
FB		 2026 /* test msdos magic */
2027 if (buf[510] != 0x55 || buf[511] != 0xaa)
bf1b938f 2028 return -1;
5391d806
FB		 2029 for(i = 0; i < 4; i++) {
2030 p = ((struct partition *)(buf + 0x1be)) + i;
0c4ad8dc 2031 nr_sects = le32_to_cpu(p->nr_sects);
5391d806
FB		 2032 if (nr_sects && p->end_head) {
2033 /* We make the assumption that the partition terminates on
2034 a cylinder boundary */
46d4767d 2035 heads = p->end_head + 1;
46d4767d
FB		 2036 sectors = p->end_sector & 63;
2037 if (sectors == 0)
2038 continue;
2039 cylinders = s->nb_sectors / (heads * sectors);
2040 if (cylinders < 1 || cylinders > 16383)
2041 continue;
bf1b938f
FB		 2042 *pheads = heads;
2043 *psectors = sectors;
2044 *pcylinders = cylinders;
5391d806 2045#if 0
bf1b938f
FB		 2046 printf("guessed geometry: LCHS=%d %d %d\n",
2047 cylinders, heads, sectors);
5391d806 2048#endif
bf1b938f 2049 return 0;
5391d806
FB		 2050 }
2051 }
bf1b938f 2052 return -1;
5391d806
FB		 2053}
2054
5457c8ce
FB		 2055static void ide_init2(IDEState *ide_state,
2056 BlockDriverState *hd0, BlockDriverState *hd1,
2057 SetIRQFunc *set_irq, void *irq_opaque, int irq)
5391d806 2058{
69b91039 2059 IDEState *s;
aedf5382 2060 static int drive_serial = 1;
bf1b938f 2061 int i, cylinders, heads, secs, translation;
5391d806 2062 int64_t nb_sectors;
5391d806 2063
caed8802
FB		 2064 for(i = 0; i < 2; i++) {
2065 s = ide_state + i;
2066 if (i == 0)
2067 s->bs = hd0;
2068 else
2069 s->bs = hd1;
5391d806
FB		 2070 if (s->bs) {
2071 bdrv_get_geometry(s->bs, &nb_sectors);
2072 s->nb_sectors = nb_sectors;
caed8802
FB		 2073 /* if a geometry hint is available, use it */
2074 bdrv_get_geometry_hint(s->bs, &cylinders, &heads, &secs);
2075 if (cylinders != 0) {
5391d806 2076 s->cylinders = cylinders;
caed8802
FB		 2077 s->heads = heads;
2078 s->sectors = secs;
2079 } else {
bf1b938f
FB		 2080 if (guess_disk_lchs(s, &cylinders, &heads, &secs) == 0) {
2081 if (heads > 16) {
2082 /* if heads > 16, it means that a BIOS LBA
2083 translation was active, so the default
2084 hardware geometry is OK */
2085 goto default_geometry;
2086 } else {
2087 s->cylinders = cylinders;
2088 s->heads = heads;
2089 s->sectors = secs;
2090 /* disable any translation to be in sync with
2091 the logical geometry */
2092 translation = bdrv_get_translation_hint(s->bs);
2093 if (translation == BIOS_ATA_TRANSLATION_AUTO) {
2094 bdrv_set_translation_hint(s->bs,
2095 BIOS_ATA_TRANSLATION_NONE);
2096 }
2097 }
2098 } else {
2099 default_geometry:
46d4767d 2100 /* if no geometry, use a standard physical disk geometry */
caed8802
FB		 2101 cylinders = nb_sectors / (16 * 63);
2102 if (cylinders > 16383)
2103 cylinders = 16383;
2104 else if (cylinders < 2)
2105 cylinders = 2;
2106 s->cylinders = cylinders;
2107 s->heads = 16;
2108 s->sectors = 63;
2109 }
769bec72 2110 bdrv_set_geometry_hint(s->bs, s->cylinders, s->heads, s->sectors);
caed8802
FB		 2111 }
2112 if (bdrv_get_type_hint(s->bs) == BDRV_TYPE_CDROM) {
2113 s->is_cdrom = 1;
5391d806
FB		 2114 }
2115 }
aedf5382 2116 s->drive_serial = drive_serial++;
5457c8ce
FB		 2117 s->set_irq = set_irq;
2118 s->irq_opaque = irq_opaque;
caed8802 2119 s->irq = irq;
a09db21f
FB		 2120 s->sector_write_timer = qemu_new_timer(vm_clock,
2121 ide_sector_write_timer_cb, s);
5391d806
FB		 2122 ide_reset(s);
2123 }
69b91039
FB		 2124}
2125
34e538ae 2126static void ide_init_ioport(IDEState *ide_state, int iobase, int iobase2)
69b91039 2127{
caed8802
FB		 2128 register_ioport_write(iobase, 8, 1, ide_ioport_write, ide_state);
2129 register_ioport_read(iobase, 8, 1, ide_ioport_read, ide_state);
2130 if (iobase2) {
2131 register_ioport_read(iobase2, 1, 1, ide_status_read, ide_state);
2132 register_ioport_write(iobase2, 1, 1, ide_cmd_write, ide_state);
5391d806 2133 }
caed8802
FB		 2134
2135 /* data ports */
2136 register_ioport_write(iobase, 2, 2, ide_data_writew, ide_state);
2137 register_ioport_read(iobase, 2, 2, ide_data_readw, ide_state);
2138 register_ioport_write(iobase, 4, 4, ide_data_writel, ide_state);
2139 register_ioport_read(iobase, 4, 4, ide_data_readl, ide_state);
5391d806 2140}
69b91039 2141
34e538ae
FB		 2142/***********************************************************/
2143/* ISA IDE definitions */
2144
2145void isa_ide_init(int iobase, int iobase2, int irq,
2146 BlockDriverState *hd0, BlockDriverState *hd1)
2147{
2148 IDEState *ide_state;
2149
2150 ide_state = qemu_mallocz(sizeof(IDEState) * 2);
2151 if (!ide_state)
2152 return;
2153
3de388f6 2154 ide_init2(ide_state, hd0, hd1, pic_set_irq_new, isa_pic, irq);
34e538ae
FB		 2155 ide_init_ioport(ide_state, iobase, iobase2);
2156}
2157
69b91039
FB		 2158/***********************************************************/
2159/* PCI IDE definitions */
2160
5457c8ce
FB		 2161static void cmd646_update_irq(PCIIDEState *d);
2162
69b91039
FB		 2163static void ide_map(PCIDevice *pci_dev, int region_num,
2164 uint32_t addr, uint32_t size, int type)
2165{
2166 PCIIDEState *d = (PCIIDEState *)pci_dev;
2167 IDEState *ide_state;
2168
2169 if (region_num <= 3) {
2170 ide_state = &d->ide_if[(region_num >> 1) * 2];
2171 if (region_num & 1) {
2172 register_ioport_read(addr + 2, 1, 1, ide_status_read, ide_state);
2173 register_ioport_write(addr + 2, 1, 1, ide_cmd_write, ide_state);
2174 } else {
2175 register_ioport_write(addr, 8, 1, ide_ioport_write, ide_state);
2176 register_ioport_read(addr, 8, 1, ide_ioport_read, ide_state);
2177
2178 /* data ports */
2179 register_ioport_write(addr, 2, 2, ide_data_writew, ide_state);
2180 register_ioport_read(addr, 2, 2, ide_data_readw, ide_state);
2181 register_ioport_write(addr, 4, 4, ide_data_writel, ide_state);
2182 register_ioport_read(addr, 4, 4, ide_data_readl, ide_state);
2183 }
2184 }
2185}
2186
8ccad811 2187static void ide_dma_start(IDEState *s, BlockDriverCompletionFunc *dma_cb)
98087450
FB		 2188{
2189 BMDMAState *bm = s->bmdma;
2190 if(!bm)
2191 return;
2192 bm->ide_if = s;
2193 bm->dma_cb = dma_cb;
8ccad811
FB		 2194 bm->cur_addr = bm->addr;
2195 bm->cur_prd_last = 0;
2196 bm->cur_prd_addr = 0;
2197 bm->cur_prd_len = 0;
98087450 2198 if (bm->status & BM_STATUS_DMAING) {
8ccad811 2199 bm->dma_cb(bm, 0);
98087450
FB		 2200 }
2201}
2202
98087450
FB		 2203static void bmdma_cmd_writeb(void *opaque, uint32_t addr, uint32_t val)
2204{
2205 BMDMAState *bm = opaque;
2206#ifdef DEBUG_IDE
2207 printf("%s: 0x%08x\n", __func__, val);
2208#endif
2209 if (!(val & BM_CMD_START)) {
2210 /* XXX: do it better */
8ccad811
FB		 2211 if (bm->status & BM_STATUS_DMAING) {
2212 bm->status &= ~BM_STATUS_DMAING;
2213 /* cancel DMA request */
2214 bm->ide_if = NULL;
2215 bm->dma_cb = NULL;
2216 if (bm->aiocb) {
2217#ifdef DEBUG_AIO
2218 printf("aio_cancel\n");
2219#endif
2220 bdrv_aio_cancel(bm->aiocb);
2221 bm->aiocb = NULL;
2222 }
2223 }
98087450
FB		 2224 bm->cmd = val & 0x09;
2225 } else {
8ccad811
FB		 2226 if (!(bm->status & BM_STATUS_DMAING)) {
2227 bm->status |= BM_STATUS_DMAING;
2228 /* start dma transfer if possible */
2229 if (bm->dma_cb)
2230 bm->dma_cb(bm, 0);
2231 }
98087450 2232 bm->cmd = val & 0x09;
98087450
FB		 2233 }
2234}
2235
5457c8ce 2236static uint32_t bmdma_readb(void *opaque, uint32_t addr)
98087450
FB		 2237{
2238 BMDMAState *bm = opaque;
5457c8ce 2239 PCIIDEState *pci_dev;
98087450 2240 uint32_t val;
5457c8ce
FB		 2241
2242 switch(addr & 3) {
2243 case 0:
2244 val = bm->cmd;
2245 break;
2246 case 1:
2247 pci_dev = bm->pci_dev;
2248 if (pci_dev->type == IDE_TYPE_CMD646) {
2249 val = pci_dev->dev.config[MRDMODE];
2250 } else {
2251 val = 0xff;
2252 }
2253 break;
2254 case 2:
2255 val = bm->status;
2256 break;
2257 case 3:
2258 pci_dev = bm->pci_dev;
2259 if (pci_dev->type == IDE_TYPE_CMD646) {
2260 if (bm == &pci_dev->bmdma[0])
2261 val = pci_dev->dev.config[UDIDETCR0];
2262 else
2263 val = pci_dev->dev.config[UDIDETCR1];
2264 } else {
2265 val = 0xff;
2266 }
2267 break;
2268 default:
2269 val = 0xff;
2270 break;
2271 }
98087450 2272#ifdef DEBUG_IDE
5457c8ce 2273 printf("bmdma: readb 0x%02x : 0x%02x\n", addr, val);
98087450
FB		 2274#endif
2275 return val;
2276}
2277
5457c8ce 2278static void bmdma_writeb(void *opaque, uint32_t addr, uint32_t val)
98087450
FB		 2279{
2280 BMDMAState *bm = opaque;
5457c8ce 2281 PCIIDEState *pci_dev;
98087450 2282#ifdef DEBUG_IDE
5457c8ce 2283 printf("bmdma: writeb 0x%02x : 0x%02x\n", addr, val);
98087450 2284#endif
5457c8ce
FB		 2285 switch(addr & 3) {
2286 case 1:
2287 pci_dev = bm->pci_dev;
2288 if (pci_dev->type == IDE_TYPE_CMD646) {
2289 pci_dev->dev.config[MRDMODE] =
2290 (pci_dev->dev.config[MRDMODE] & ~0x30) | (val & 0x30);
2291 cmd646_update_irq(pci_dev);
2292 }
2293 break;
2294 case 2:
2295 bm->status = (val & 0x60) | (bm->status & 1) | (bm->status & ~val & 0x06);
2296 break;
2297 case 3:
2298 pci_dev = bm->pci_dev;
2299 if (pci_dev->type == IDE_TYPE_CMD646) {
2300 if (bm == &pci_dev->bmdma[0])
2301 pci_dev->dev.config[UDIDETCR0] = val;
2302 else
2303 pci_dev->dev.config[UDIDETCR1] = val;
2304 }
2305 break;
2306 }
98087450
FB		 2307}
2308
2309static uint32_t bmdma_addr_readl(void *opaque, uint32_t addr)
2310{
2311 BMDMAState *bm = opaque;
2312 uint32_t val;
2313 val = bm->addr;
2314#ifdef DEBUG_IDE
2315 printf("%s: 0x%08x\n", __func__, val);
2316#endif
2317 return val;
2318}
2319
2320static void bmdma_addr_writel(void *opaque, uint32_t addr, uint32_t val)
2321{
2322 BMDMAState *bm = opaque;
2323#ifdef DEBUG_IDE
2324 printf("%s: 0x%08x\n", __func__, val);
2325#endif
2326 bm->addr = val & ~3;
2327}
2328
2329static void bmdma_map(PCIDevice *pci_dev, int region_num,
2330 uint32_t addr, uint32_t size, int type)
2331{
2332 PCIIDEState *d = (PCIIDEState *)pci_dev;
2333 int i;
2334
2335 for(i = 0;i < 2; i++) {
2336 BMDMAState *bm = &d->bmdma[i];
2337 d->ide_if[2 * i].bmdma = bm;
2338 d->ide_if[2 * i + 1].bmdma = bm;
5457c8ce
FB		 2339 bm->pci_dev = (PCIIDEState *)pci_dev;
2340
98087450 2341 register_ioport_write(addr, 1, 1, bmdma_cmd_writeb, bm);
98087450 2342
5457c8ce
FB		 2343 register_ioport_write(addr + 1, 3, 1, bmdma_writeb, bm);
2344 register_ioport_read(addr, 4, 1, bmdma_readb, bm);
98087450
FB		 2345
2346 register_ioport_write(addr + 4, 4, 4, bmdma_addr_writel, bm);
2347 register_ioport_read(addr + 4, 4, 4, bmdma_addr_readl, bm);
2348 addr += 8;
2349 }
2350}
2351
5457c8ce
FB		 2352/* XXX: call it also when the MRDMODE is changed from the PCI config
2353 registers */
2354static void cmd646_update_irq(PCIIDEState *d)
2355{
2356 int pci_level;
2357 pci_level = ((d->dev.config[MRDMODE] & MRDMODE_INTR_CH0) &&
2358 !(d->dev.config[MRDMODE] & MRDMODE_BLK_CH0)) ||
2359 ((d->dev.config[MRDMODE] & MRDMODE_INTR_CH1) &&
2360 !(d->dev.config[MRDMODE] & MRDMODE_BLK_CH1));
2361 pci_set_irq((PCIDevice *)d, 0, pci_level);
2362}
2363
2364/* the PCI irq level is the logical OR of the two channels */
2365static void cmd646_set_irq(void *opaque, int channel, int level)
2366{
2367 PCIIDEState *d = opaque;
2368 int irq_mask;
2369
2370 irq_mask = MRDMODE_INTR_CH0 << channel;
2371 if (level)
2372 d->dev.config[MRDMODE] |= irq_mask;
2373 else
2374 d->dev.config[MRDMODE] &= ~irq_mask;
2375 cmd646_update_irq(d);
2376}
2377
2378/* CMD646 PCI IDE controller */
2379void pci_cmd646_ide_init(PCIBus *bus, BlockDriverState **hd_table,
2380 int secondary_ide_enabled)
69b91039
FB		 2381{
2382 PCIIDEState *d;
2383 uint8_t *pci_conf;
34e538ae
FB		 2384 int i;
2385
5457c8ce
FB		 2386 d = (PCIIDEState *)pci_register_device(bus, "CMD646 IDE",
2387 sizeof(PCIIDEState),
46e50e9d 2388 -1,
73c11f63 2389 NULL, NULL);
5457c8ce 2390 d->type = IDE_TYPE_CMD646;
69b91039 2391 pci_conf = d->dev.config;
5457c8ce
FB		 2392 pci_conf[0x00] = 0x95; // CMD646
2393 pci_conf[0x01] = 0x10;
2394 pci_conf[0x02] = 0x46;
2395 pci_conf[0x03] = 0x06;
2396
2397 pci_conf[0x08] = 0x07; // IDE controller revision
2398 pci_conf[0x09] = 0x8f;
2399
69b91039
FB		 2400 pci_conf[0x0a] = 0x01; // class_sub = PCI_IDE
2401 pci_conf[0x0b] = 0x01; // class_base = PCI_mass_storage
5457c8ce
FB		 2402 pci_conf[0x0e] = 0x00; // header_type
2403
2404 if (secondary_ide_enabled) {
2405 /* XXX: if not enabled, really disable the seconday IDE controller */
2406 pci_conf[0x51] = 0x80; /* enable IDE1 */
2407 }
69b91039
FB		 2408
2409 pci_register_io_region((PCIDevice *)d, 0, 0x8,
2410 PCI_ADDRESS_SPACE_IO, ide_map);
2411 pci_register_io_region((PCIDevice *)d, 1, 0x4,
2412 PCI_ADDRESS_SPACE_IO, ide_map);
2413 pci_register_io_region((PCIDevice *)d, 2, 0x8,
2414 PCI_ADDRESS_SPACE_IO, ide_map);
2415 pci_register_io_region((PCIDevice *)d, 3, 0x4,
2416 PCI_ADDRESS_SPACE_IO, ide_map);
98087450
FB		 2417 pci_register_io_region((PCIDevice *)d, 4, 0x10,
2418 PCI_ADDRESS_SPACE_IO, bmdma_map);
69b91039 2419
34e538ae 2420 pci_conf[0x3d] = 0x01; // interrupt on pin 1
5457c8ce 2421
34e538ae
FB		 2422 for(i = 0; i < 4; i++)
2423 d->ide_if[i].pci_dev = (PCIDevice *)d;
5457c8ce
FB		 2424 ide_init2(&d->ide_if[0], hd_table[0], hd_table[1],
2425 cmd646_set_irq, d, 0);
2426 ide_init2(&d->ide_if[2], hd_table[2], hd_table[3],
2427 cmd646_set_irq, d, 1);
34e538ae
FB		 2428}
2429
c3d78997
FB		 2430static void pci_ide_save(QEMUFile* f, void *opaque)
2431{
2432 PCIIDEState *d = opaque;
2433 int i;
2434
2435 pci_device_save(&d->dev, f);
2436
2437 for(i = 0; i < 2; i++) {
2438 BMDMAState *bm = &d->bmdma[i];
2439 qemu_put_8s(f, &bm->cmd);
2440 qemu_put_8s(f, &bm->status);
2441 qemu_put_be32s(f, &bm->addr);
2442 /* XXX: if a transfer is pending, we do not save it yet */
2443 }
2444
2445 /* per IDE interface data */
2446 for(i = 0; i < 2; i++) {
2447 IDEState *s = &d->ide_if[i * 2];
2448 uint8_t drive1_selected;
2449 qemu_put_8s(f, &s->cmd);
2450 drive1_selected = (s->cur_drive != s);
2451 qemu_put_8s(f, &drive1_selected);
2452 }
2453
2454 /* per IDE drive data */
2455 for(i = 0; i < 4; i++) {
2456 IDEState *s = &d->ide_if[i];
2457 qemu_put_be32s(f, &s->mult_sectors);
2458 qemu_put_be32s(f, &s->identify_set);
2459 if (s->identify_set) {
2460 qemu_put_buffer(f, (const uint8_t *)s->identify_data, 512);
2461 }
2462 qemu_put_8s(f, &s->feature);
2463 qemu_put_8s(f, &s->error);
2464 qemu_put_be32s(f, &s->nsector);
2465 qemu_put_8s(f, &s->sector);
2466 qemu_put_8s(f, &s->lcyl);
2467 qemu_put_8s(f, &s->hcyl);
2468 qemu_put_8s(f, &s->hob_feature);
2469 qemu_put_8s(f, &s->hob_nsector);
2470 qemu_put_8s(f, &s->hob_sector);
2471 qemu_put_8s(f, &s->hob_lcyl);
2472 qemu_put_8s(f, &s->hob_hcyl);
2473 qemu_put_8s(f, &s->select);
2474 qemu_put_8s(f, &s->status);
2475 qemu_put_8s(f, &s->lba48);
2476
2477 qemu_put_8s(f, &s->sense_key);
2478 qemu_put_8s(f, &s->asc);
2479 /* XXX: if a transfer is pending, we do not save it yet */
2480 }
2481}
2482
2483static int pci_ide_load(QEMUFile* f, void *opaque, int version_id)
2484{
2485 PCIIDEState *d = opaque;
2486 int ret, i;
2487
2488 if (version_id != 1)
2489 return -EINVAL;
2490 ret = pci_device_load(&d->dev, f);
2491 if (ret < 0)
2492 return ret;
2493
2494 for(i = 0; i < 2; i++) {
2495 BMDMAState *bm = &d->bmdma[i];
2496 qemu_get_8s(f, &bm->cmd);
2497 qemu_get_8s(f, &bm->status);
2498 qemu_get_be32s(f, &bm->addr);
2499 /* XXX: if a transfer is pending, we do not save it yet */
2500 }
2501
2502 /* per IDE interface data */
2503 for(i = 0; i < 2; i++) {
2504 IDEState *s = &d->ide_if[i * 2];
2505 uint8_t drive1_selected;
2506 qemu_get_8s(f, &s->cmd);
2507 qemu_get_8s(f, &drive1_selected);
2508 s->cur_drive = &d->ide_if[i * 2 + (drive1_selected != 0)];
2509 }
2510
2511 /* per IDE drive data */
2512 for(i = 0; i < 4; i++) {
2513 IDEState *s = &d->ide_if[i];
2514 qemu_get_be32s(f, &s->mult_sectors);
2515 qemu_get_be32s(f, &s->identify_set);
2516 if (s->identify_set) {
2517 qemu_get_buffer(f, (uint8_t *)s->identify_data, 512);
2518 }
2519 qemu_get_8s(f, &s->feature);
2520 qemu_get_8s(f, &s->error);
2521 qemu_get_be32s(f, &s->nsector);
2522 qemu_get_8s(f, &s->sector);
2523 qemu_get_8s(f, &s->lcyl);
2524 qemu_get_8s(f, &s->hcyl);
2525 qemu_get_8s(f, &s->hob_feature);
2526 qemu_get_8s(f, &s->hob_nsector);
2527 qemu_get_8s(f, &s->hob_sector);
2528 qemu_get_8s(f, &s->hob_lcyl);
2529 qemu_get_8s(f, &s->hob_hcyl);
2530 qemu_get_8s(f, &s->select);
2531 qemu_get_8s(f, &s->status);
2532 qemu_get_8s(f, &s->lba48);
2533
2534 qemu_get_8s(f, &s->sense_key);
2535 qemu_get_8s(f, &s->asc);
2536 /* XXX: if a transfer is pending, we do not save it yet */
2537 }
2538 return 0;
2539}
2540
34e538ae
FB		 2541/* hd_table must contain 4 block drivers */
2542/* NOTE: for the PIIX3, the IRQs and IOports are hardcoded */
502a5395 2543void pci_piix3_ide_init(PCIBus *bus, BlockDriverState **hd_table, int devfn)
34e538ae
FB		 2544{
2545 PCIIDEState *d;
2546 uint8_t *pci_conf;
2547
2548 /* register a function 1 of PIIX3 */
46e50e9d
FB		 2549 d = (PCIIDEState *)pci_register_device(bus, "PIIX3 IDE",
2550 sizeof(PCIIDEState),
502a5395 2551 devfn,
34e538ae 2552 NULL, NULL);
5457c8ce
FB		 2553 d->type = IDE_TYPE_PIIX3;
2554
34e538ae
FB		 2555 pci_conf = d->dev.config;
2556 pci_conf[0x00] = 0x86; // Intel
2557 pci_conf[0x01] = 0x80;
2558 pci_conf[0x02] = 0x10;
2559 pci_conf[0x03] = 0x70;
92510b8c 2560 pci_conf[0x09] = 0x80; // legacy ATA mode
34e538ae
FB		 2561 pci_conf[0x0a] = 0x01; // class_sub = PCI_IDE
2562 pci_conf[0x0b] = 0x01; // class_base = PCI_mass_storage
2563 pci_conf[0x0e] = 0x00; // header_type
2564
98087450
FB		 2565 pci_register_io_region((PCIDevice *)d, 4, 0x10,
2566 PCI_ADDRESS_SPACE_IO, bmdma_map);
34e538ae 2567
5457c8ce 2568 ide_init2(&d->ide_if[0], hd_table[0], hd_table[1],
3de388f6 2569 pic_set_irq_new, isa_pic, 14);
5457c8ce 2570 ide_init2(&d->ide_if[2], hd_table[2], hd_table[3],
3de388f6 2571 pic_set_irq_new, isa_pic, 15);
34e538ae
FB		 2572 ide_init_ioport(&d->ide_if[0], 0x1f0, 0x3f6);
2573 ide_init_ioport(&d->ide_if[2], 0x170, 0x376);
c3d78997
FB		 2574
2575 register_savevm("ide", 0, 1, pci_ide_save, pci_ide_load, d);
69b91039 2576}
1ade1de2
FB		 2577
2578/***********************************************************/
2579/* MacIO based PowerPC IDE */
2580
2581/* PowerMac IDE memory IO */
2582static void pmac_ide_writeb (void *opaque,
2583 target_phys_addr_t addr, uint32_t val)
2584{
2585 addr = (addr & 0xFFF) >> 4;
2586 switch (addr) {
2587 case 1 ... 7:
2588 ide_ioport_write(opaque, addr, val);
2589 break;
2590 case 8:
2591 case 22:
2592 ide_cmd_write(opaque, 0, val);
2593 break;
2594 default:
2595 break;
2596 }
2597}
2598
2599static uint32_t pmac_ide_readb (void *opaque,target_phys_addr_t addr)
2600{
2601 uint8_t retval;
2602
2603 addr = (addr & 0xFFF) >> 4;
2604 switch (addr) {
2605 case 1 ... 7:
2606 retval = ide_ioport_read(opaque, addr);
2607 break;
2608 case 8:
2609 case 22:
2610 retval = ide_status_read(opaque, 0);
2611 break;
2612 default:
2613 retval = 0xFF;
2614 break;
2615 }
2616 return retval;
2617}
2618
2619static void pmac_ide_writew (void *opaque,
2620 target_phys_addr_t addr, uint32_t val)
2621{
2622 addr = (addr & 0xFFF) >> 4;
2623#ifdef TARGET_WORDS_BIGENDIAN
2624 val = bswap16(val);
2625#endif
2626 if (addr == 0) {
2627 ide_data_writew(opaque, 0, val);
2628 }
2629}
2630
2631static uint32_t pmac_ide_readw (void *opaque,target_phys_addr_t addr)
2632{
2633 uint16_t retval;
2634
2635 addr = (addr & 0xFFF) >> 4;
2636 if (addr == 0) {
2637 retval = ide_data_readw(opaque, 0);
2638 } else {
2639 retval = 0xFFFF;
2640 }
2641#ifdef TARGET_WORDS_BIGENDIAN
2642 retval = bswap16(retval);
2643#endif
2644 return retval;
2645}
2646
2647static void pmac_ide_writel (void *opaque,
2648 target_phys_addr_t addr, uint32_t val)
2649{
2650 addr = (addr & 0xFFF) >> 4;
2651#ifdef TARGET_WORDS_BIGENDIAN
2652 val = bswap32(val);
2653#endif
2654 if (addr == 0) {
2655 ide_data_writel(opaque, 0, val);
2656 }
2657}
2658
2659static uint32_t pmac_ide_readl (void *opaque,target_phys_addr_t addr)
2660{
2661 uint32_t retval;
2662
2663 addr = (addr & 0xFFF) >> 4;
2664 if (addr == 0) {
2665 retval = ide_data_readl(opaque, 0);
2666 } else {
2667 retval = 0xFFFFFFFF;
2668 }
2669#ifdef TARGET_WORDS_BIGENDIAN
2670 retval = bswap32(retval);
2671#endif
2672 return retval;
2673}
2674
2675static CPUWriteMemoryFunc *pmac_ide_write[] = {
2676 pmac_ide_writeb,
2677 pmac_ide_writew,
2678 pmac_ide_writel,
2679};
2680
2681static CPUReadMemoryFunc *pmac_ide_read[] = {
2682 pmac_ide_readb,
2683 pmac_ide_readw,
2684 pmac_ide_readl,
2685};
2686
2687/* hd_table must contain 4 block drivers */
2688/* PowerMac uses memory mapped registers, not I/O. Return the memory
2689 I/O index to access the ide. */
2690int pmac_ide_init (BlockDriverState **hd_table,
5457c8ce 2691 SetIRQFunc *set_irq, void *irq_opaque, int irq)
1ade1de2
FB		 2692{
2693 IDEState *ide_if;
2694 int pmac_ide_memory;
2695
2696 ide_if = qemu_mallocz(sizeof(IDEState) * 2);
5457c8ce
FB		 2697 ide_init2(&ide_if[0], hd_table[0], hd_table[1],
2698 set_irq, irq_opaque, irq);
1ade1de2
FB		 2699
2700 pmac_ide_memory = cpu_register_io_memory(0, pmac_ide_read,
2701 pmac_ide_write, &ide_if[0]);
2702 return pmac_ide_memory;
2703}
Qemu copy for testing