]> git.proxmox.com Git - qemu.git/blame - hw/ide.c
projects / qemu.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Adds null check for DisplayStatus (Stefano Stabellini)
[qemu.git] / hw / ide.c
CommitLineData
5391d806 1/*
38cdea7c 2 * QEMU IDE disk and CD/DVD-ROM Emulator
5fafdf24 3 *
5391d806 4 * Copyright (c) 2003 Fabrice Bellard
201a51fc 5 * Copyright (c) 2006 Openedhand Ltd.
5fafdf24 6 *
5391d806
FB		 7 * Permission is hereby granted, free of charge, to any person obtaining a copy
8 * of this software and associated documentation files (the "Software"), to deal
9 * in the Software without restriction, including without limitation the rights
10 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
11 * copies of the Software, and to permit persons to whom the Software is
12 * furnished to do so, subject to the following conditions:
13 *
14 * The above copyright notice and this permission notice shall be included in
15 * all copies or substantial portions of the Software.
16 *
17 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
18 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
19 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
20 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
21 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
22 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
23 * THE SOFTWARE.
24 */
87ecb68b
PB		 25#include "hw.h"
26#include "pc.h"
27#include "pci.h"
28#include "scsi-disk.h"
29#include "pcmcia.h"
30#include "block.h"
31#include "qemu-timer.h"
32#include "sysemu.h"
9596ebb7 33#include "ppc_mac.h"
b79e1752 34#include "sh.h"
5391d806 35
5391d806
FB		 36/* debug IDE devices */
37//#define DEBUG_IDE
38//#define DEBUG_IDE_ATAPI
8ccad811
FB		 39//#define DEBUG_AIO
40#define USE_DMA_CDROM
5391d806
FB		 41
42/* Bits of HD_STATUS */
43#define ERR_STAT 0x01
44#define INDEX_STAT 0x02
45#define ECC_STAT 0x04 /* Corrected error */
46#define DRQ_STAT 0x08
47#define SEEK_STAT 0x10
48#define SRV_STAT 0x10
49#define WRERR_STAT 0x20
50#define READY_STAT 0x40
51#define BUSY_STAT 0x80
52
53/* Bits for HD_ERROR */
54#define MARK_ERR 0x01 /* Bad address mark */
55#define TRK0_ERR 0x02 /* couldn't find track 0 */
56#define ABRT_ERR 0x04 /* Command aborted */
57#define MCR_ERR 0x08 /* media change request */
58#define ID_ERR 0x10 /* ID field not found */
59#define MC_ERR 0x20 /* media changed */
60#define ECC_ERR 0x40 /* Uncorrectable ECC error */
61#define BBD_ERR 0x80 /* pre-EIDE meaning: block marked bad */
62#define ICRC_ERR 0x80 /* new meaning: CRC error during transfer */
63
64/* Bits of HD_NSECTOR */
65#define CD 0x01
66#define IO 0x02
67#define REL 0x04
68#define TAG_MASK 0xf8
69
70#define IDE_CMD_RESET 0x04
71#define IDE_CMD_DISABLE_IRQ 0x02
72
73/* ATA/ATAPI Commands pre T13 Spec */
74#define WIN_NOP 0x00
75/*
76 * 0x01->0x02 Reserved
77 */
78#define CFA_REQ_EXT_ERROR_CODE 0x03 /* CFA Request Extended Error Code */
79/*
80 * 0x04->0x07 Reserved
81 */
82#define WIN_SRST 0x08 /* ATAPI soft reset command */
83#define WIN_DEVICE_RESET 0x08
84/*
85 * 0x09->0x0F Reserved
86 */
87#define WIN_RECAL 0x10
88#define WIN_RESTORE WIN_RECAL
89/*
90 * 0x10->0x1F Reserved
91 */
92#define WIN_READ 0x20 /* 28-Bit */
93#define WIN_READ_ONCE 0x21 /* 28-Bit without retries */
94#define WIN_READ_LONG 0x22 /* 28-Bit */
95#define WIN_READ_LONG_ONCE 0x23 /* 28-Bit without retries */
96#define WIN_READ_EXT 0x24 /* 48-Bit */
97#define WIN_READDMA_EXT 0x25 /* 48-Bit */
98#define WIN_READDMA_QUEUED_EXT 0x26 /* 48-Bit */
99#define WIN_READ_NATIVE_MAX_EXT 0x27 /* 48-Bit */
100/*
101 * 0x28
102 */
103#define WIN_MULTREAD_EXT 0x29 /* 48-Bit */
104/*
105 * 0x2A->0x2F Reserved
106 */
107#define WIN_WRITE 0x30 /* 28-Bit */
108#define WIN_WRITE_ONCE 0x31 /* 28-Bit without retries */
109#define WIN_WRITE_LONG 0x32 /* 28-Bit */
110#define WIN_WRITE_LONG_ONCE 0x33 /* 28-Bit without retries */
111#define WIN_WRITE_EXT 0x34 /* 48-Bit */
112#define WIN_WRITEDMA_EXT 0x35 /* 48-Bit */
113#define WIN_WRITEDMA_QUEUED_EXT 0x36 /* 48-Bit */
114#define WIN_SET_MAX_EXT 0x37 /* 48-Bit */
115#define CFA_WRITE_SECT_WO_ERASE 0x38 /* CFA Write Sectors without erase */
116#define WIN_MULTWRITE_EXT 0x39 /* 48-Bit */
117/*
118 * 0x3A->0x3B Reserved
119 */
120#define WIN_WRITE_VERIFY 0x3C /* 28-Bit */
121/*
122 * 0x3D->0x3F Reserved
123 */
124#define WIN_VERIFY 0x40 /* 28-Bit - Read Verify Sectors */
125#define WIN_VERIFY_ONCE 0x41 /* 28-Bit - without retries */
126#define WIN_VERIFY_EXT 0x42 /* 48-Bit */
127/*
128 * 0x43->0x4F Reserved
129 */
130#define WIN_FORMAT 0x50
131/*
132 * 0x51->0x5F Reserved
133 */
134#define WIN_INIT 0x60
135/*
136 * 0x61->0x5F Reserved
137 */
138#define WIN_SEEK 0x70 /* 0x70-0x7F Reserved */
139#define CFA_TRANSLATE_SECTOR 0x87 /* CFA Translate Sector */
140#define WIN_DIAGNOSE 0x90
141#define WIN_SPECIFY 0x91 /* set drive geometry translation */
142#define WIN_DOWNLOAD_MICROCODE 0x92
143#define WIN_STANDBYNOW2 0x94
201a51fc 144#define CFA_IDLEIMMEDIATE 0x95 /* force drive to become "ready" */
5391d806
FB		 145#define WIN_STANDBY2 0x96
146#define WIN_SETIDLE2 0x97
147#define WIN_CHECKPOWERMODE2 0x98
148#define WIN_SLEEPNOW2 0x99
149/*
150 * 0x9A VENDOR
151 */
152#define WIN_PACKETCMD 0xA0 /* Send a packet command. */
153#define WIN_PIDENTIFY 0xA1 /* identify ATAPI device */
154#define WIN_QUEUED_SERVICE 0xA2
155#define WIN_SMART 0xB0 /* self-monitoring and reporting */
201a51fc
AZ		 156#define CFA_ACCESS_METADATA_STORAGE 0xB8
157#define CFA_ERASE_SECTORS 0xC0 /* microdrives implement as NOP */
5391d806
FB		 158#define WIN_MULTREAD 0xC4 /* read sectors using multiple mode*/
159#define WIN_MULTWRITE 0xC5 /* write sectors using multiple mode */
160#define WIN_SETMULT 0xC6 /* enable/disable multiple mode */
161#define WIN_READDMA_QUEUED 0xC7 /* read sectors using Queued DMA transfers */
162#define WIN_READDMA 0xC8 /* read sectors using DMA transfers */
163#define WIN_READDMA_ONCE 0xC9 /* 28-Bit - without retries */
164#define WIN_WRITEDMA 0xCA /* write sectors using DMA transfers */
165#define WIN_WRITEDMA_ONCE 0xCB /* 28-Bit - without retries */
166#define WIN_WRITEDMA_QUEUED 0xCC /* write sectors using Queued DMA transfers */
167#define CFA_WRITE_MULTI_WO_ERASE 0xCD /* CFA Write multiple without erase */
5fafdf24 168#define WIN_GETMEDIASTATUS 0xDA
5391d806
FB		 169#define WIN_ACKMEDIACHANGE 0xDB /* ATA-1, ATA-2 vendor */
170#define WIN_POSTBOOT 0xDC
171#define WIN_PREBOOT 0xDD
172#define WIN_DOORLOCK 0xDE /* lock door on removable drives */
173#define WIN_DOORUNLOCK 0xDF /* unlock door on removable drives */
174#define WIN_STANDBYNOW1 0xE0
175#define WIN_IDLEIMMEDIATE 0xE1 /* force drive to become "ready" */
176#define WIN_STANDBY 0xE2 /* Set device in Standby Mode */
177#define WIN_SETIDLE1 0xE3
178#define WIN_READ_BUFFER 0xE4 /* force read only 1 sector */
179#define WIN_CHECKPOWERMODE1 0xE5
180#define WIN_SLEEPNOW1 0xE6
181#define WIN_FLUSH_CACHE 0xE7
182#define WIN_WRITE_BUFFER 0xE8 /* force write only 1 sector */
183#define WIN_WRITE_SAME 0xE9 /* read ata-2 to use */
184 /* SET_FEATURES 0x22 or 0xDD */
185#define WIN_FLUSH_CACHE_EXT 0xEA /* 48-Bit */
186#define WIN_IDENTIFY 0xEC /* ask drive to identify itself */
187#define WIN_MEDIAEJECT 0xED
188#define WIN_IDENTIFY_DMA 0xEE /* same as WIN_IDENTIFY, but DMA */
189#define WIN_SETFEATURES 0xEF /* set special drive features */
190#define EXABYTE_ENABLE_NEST 0xF0
201a51fc 191#define IBM_SENSE_CONDITION 0xF0 /* measure disk temperature */
5391d806
FB		 192#define WIN_SECURITY_SET_PASS 0xF1
193#define WIN_SECURITY_UNLOCK 0xF2
194#define WIN_SECURITY_ERASE_PREPARE 0xF3
195#define WIN_SECURITY_ERASE_UNIT 0xF4
196#define WIN_SECURITY_FREEZE_LOCK 0xF5
201a51fc 197#define CFA_WEAR_LEVEL 0xF5 /* microdrives implement as NOP */
5391d806
FB		 198#define WIN_SECURITY_DISABLE 0xF6
199#define WIN_READ_NATIVE_MAX 0xF8 /* return the native maximum address */
200#define WIN_SET_MAX 0xF9
201#define DISABLE_SEAGATE 0xFB
202
203/* set to 1 set disable mult support */
f66723fa 204#define MAX_MULT_SECTORS 16
5391d806 205
1d8cde5b
AJ		 206#define IDE_DMA_BUF_SECTORS 256
207
208#if (IDE_DMA_BUF_SECTORS < MAX_MULT_SECTORS)
209#error "IDE_DMA_BUF_SECTORS must be bigger or equal to MAX_MULT_SECTORS"
210#endif
211
5391d806
FB		 212/* ATAPI defines */
213
214#define ATAPI_PACKET_SIZE 12
215
216/* The generic packet command opcodes for CD/DVD Logical Units,
217 * From Table 57 of the SFF8090 Ver. 3 (Mt. Fuji) draft standard. */
218#define GPCMD_BLANK 0xa1
219#define GPCMD_CLOSE_TRACK 0x5b
220#define GPCMD_FLUSH_CACHE 0x35
221#define GPCMD_FORMAT_UNIT 0x04
222#define GPCMD_GET_CONFIGURATION 0x46
223#define GPCMD_GET_EVENT_STATUS_NOTIFICATION 0x4a
224#define GPCMD_GET_PERFORMANCE 0xac
225#define GPCMD_INQUIRY 0x12
226#define GPCMD_LOAD_UNLOAD 0xa6
227#define GPCMD_MECHANISM_STATUS 0xbd
228#define GPCMD_MODE_SELECT_10 0x55
229#define GPCMD_MODE_SENSE_10 0x5a
230#define GPCMD_PAUSE_RESUME 0x4b
231#define GPCMD_PLAY_AUDIO_10 0x45
232#define GPCMD_PLAY_AUDIO_MSF 0x47
233#define GPCMD_PLAY_AUDIO_TI 0x48
234#define GPCMD_PLAY_CD 0xbc
235#define GPCMD_PREVENT_ALLOW_MEDIUM_REMOVAL 0x1e
236#define GPCMD_READ_10 0x28
237#define GPCMD_READ_12 0xa8
238#define GPCMD_READ_CDVD_CAPACITY 0x25
239#define GPCMD_READ_CD 0xbe
240#define GPCMD_READ_CD_MSF 0xb9
241#define GPCMD_READ_DISC_INFO 0x51
242#define GPCMD_READ_DVD_STRUCTURE 0xad
243#define GPCMD_READ_FORMAT_CAPACITIES 0x23
244#define GPCMD_READ_HEADER 0x44
245#define GPCMD_READ_TRACK_RZONE_INFO 0x52
246#define GPCMD_READ_SUBCHANNEL 0x42
247#define GPCMD_READ_TOC_PMA_ATIP 0x43
248#define GPCMD_REPAIR_RZONE_TRACK 0x58
249#define GPCMD_REPORT_KEY 0xa4
250#define GPCMD_REQUEST_SENSE 0x03
251#define GPCMD_RESERVE_RZONE_TRACK 0x53
252#define GPCMD_SCAN 0xba
253#define GPCMD_SEEK 0x2b
254#define GPCMD_SEND_DVD_STRUCTURE 0xad
255#define GPCMD_SEND_EVENT 0xa2
256#define GPCMD_SEND_KEY 0xa3
257#define GPCMD_SEND_OPC 0x54
258#define GPCMD_SET_READ_AHEAD 0xa7
259#define GPCMD_SET_STREAMING 0xb6
260#define GPCMD_START_STOP_UNIT 0x1b
261#define GPCMD_STOP_PLAY_SCAN 0x4e
262#define GPCMD_TEST_UNIT_READY 0x00
263#define GPCMD_VERIFY_10 0x2f
264#define GPCMD_WRITE_10 0x2a
265#define GPCMD_WRITE_AND_VERIFY_10 0x2e
5fafdf24 266/* This is listed as optional in ATAPI 2.6, but is (curiously)
5391d806
FB		 267 * missing from Mt. Fuji, Table 57. It _is_ mentioned in Mt. Fuji
268 * Table 377 as an MMC command for SCSi devices though... Most ATAPI
269 * drives support it. */
270#define GPCMD_SET_SPEED 0xbb
5fafdf24 271/* This seems to be a SCSI specific CD-ROM opcode
5391d806
FB		 272 * to play data at track/index */
273#define GPCMD_PLAYAUDIO_TI 0x48
274/*
275 * From MS Media Status Notification Support Specification. For
276 * older drives only.
277 */
278#define GPCMD_GET_MEDIA_STATUS 0xda
d14049ea 279#define GPCMD_MODE_SENSE_6 0x1a
5391d806
FB		 280
281/* Mode page codes for mode sense/set */
282#define GPMODE_R_W_ERROR_PAGE 0x01
283#define GPMODE_WRITE_PARMS_PAGE 0x05
284#define GPMODE_AUDIO_CTL_PAGE 0x0e
285#define GPMODE_POWER_PAGE 0x1a
286#define GPMODE_FAULT_FAIL_PAGE 0x1c
287#define GPMODE_TO_PROTECT_PAGE 0x1d
288#define GPMODE_CAPABILITIES_PAGE 0x2a
289#define GPMODE_ALL_PAGES 0x3f
290/* Not in Mt. Fuji, but in ATAPI 2.6 -- depricated now in favor
291 * of MODE_SENSE_POWER_PAGE */
292#define GPMODE_CDROM_PAGE 0x0d
293
38cdea7c
AZ		 294/*
295 * Based on values from <linux/cdrom.h> but extending CD_MINS
296 * to the maximum common size allowed by the Orange's Book ATIP
297 *
298 * 90 and 99 min CDs are also available but using them as the
299 * upper limit reduces the effectiveness of the heuristic to
300 * detect DVDs burned to less than 25% of their maximum capacity
301 */
302
303/* Some generally useful CD-ROM information */
304#define CD_MINS 80 /* max. minutes per CD */
305#define CD_SECS 60 /* seconds per minute */
306#define CD_FRAMES 75 /* frames per second */
307#define CD_FRAMESIZE 2048 /* bytes per frame, "cooked" mode */
308#define CD_MAX_BYTES (CD_MINS * CD_SECS * CD_FRAMES * CD_FRAMESIZE)
309#define CD_MAX_SECTORS (CD_MAX_BYTES / 512)
310
311/*
312 * The MMC values are not IDE specific and might need to be moved
313 * to a common header if they are also needed for the SCSI emulation
314 */
315
316/* Profile list from MMC-6 revision 1 table 91 */
317#define MMC_PROFILE_NONE 0x0000
318#define MMC_PROFILE_CD_ROM 0x0008
319#define MMC_PROFILE_CD_R 0x0009
320#define MMC_PROFILE_CD_RW 0x000A
321#define MMC_PROFILE_DVD_ROM 0x0010
322#define MMC_PROFILE_DVD_R_SR 0x0011
323#define MMC_PROFILE_DVD_RAM 0x0012
324#define MMC_PROFILE_DVD_RW_RO 0x0013
325#define MMC_PROFILE_DVD_RW_SR 0x0014
326#define MMC_PROFILE_DVD_R_DL_SR 0x0015
327#define MMC_PROFILE_DVD_R_DL_JR 0x0016
328#define MMC_PROFILE_DVD_RW_DL 0x0017
329#define MMC_PROFILE_DVD_DDR 0x0018
330#define MMC_PROFILE_DVD_PLUS_RW 0x001A
331#define MMC_PROFILE_DVD_PLUS_R 0x001B
332#define MMC_PROFILE_DVD_PLUS_RW_DL 0x002A
333#define MMC_PROFILE_DVD_PLUS_R_DL 0x002B
334#define MMC_PROFILE_BD_ROM 0x0040
335#define MMC_PROFILE_BD_R_SRM 0x0041
336#define MMC_PROFILE_BD_R_RRM 0x0042
337#define MMC_PROFILE_BD_RE 0x0043
338#define MMC_PROFILE_HDDVD_ROM 0x0050
339#define MMC_PROFILE_HDDVD_R 0x0051
340#define MMC_PROFILE_HDDVD_RAM 0x0052
341#define MMC_PROFILE_HDDVD_RW 0x0053
342#define MMC_PROFILE_HDDVD_R_DL 0x0058
343#define MMC_PROFILE_HDDVD_RW_DL 0x005A
344#define MMC_PROFILE_INVALID 0xFFFF
345
5391d806
FB		 346#define ATAPI_INT_REASON_CD 0x01 /* 0 = data transfer */
347#define ATAPI_INT_REASON_IO 0x02 /* 1 = transfer to the host */
348#define ATAPI_INT_REASON_REL 0x04
349#define ATAPI_INT_REASON_TAG 0xf8
350
351/* same constants as bochs */
7f777bf3 352#define ASC_ILLEGAL_OPCODE 0x20
5391d806
FB		 353#define ASC_LOGICAL_BLOCK_OOR 0x21
354#define ASC_INV_FIELD_IN_CMD_PACKET 0x24
9118e7f0 355#define ASC_MEDIUM_MAY_HAVE_CHANGED 0x28
8114e9e8 356#define ASC_INCOMPATIBLE_FORMAT 0x30
5391d806
FB		 357#define ASC_MEDIUM_NOT_PRESENT 0x3a
358#define ASC_SAVING_PARAMETERS_NOT_SUPPORTED 0x39
359
201a51fc
AZ		 360#define CFA_NO_ERROR 0x00
361#define CFA_MISC_ERROR 0x09
362#define CFA_INVALID_COMMAND 0x20
363#define CFA_INVALID_ADDRESS 0x21
364#define CFA_ADDRESS_OVERFLOW 0x2f
365
5391d806
FB		 366#define SENSE_NONE 0
367#define SENSE_NOT_READY 2
368#define SENSE_ILLEGAL_REQUEST 5
369#define SENSE_UNIT_ATTENTION 6
370
371struct IDEState;
372
373typedef void EndTransferFunc(struct IDEState *);
374
caed8802 375/* NOTE: IDEState represents in fact one drive */
5391d806
FB		 376typedef struct IDEState {
377 /* ide config */
378 int is_cdrom;
201a51fc 379 int is_cf;
5391d806
FB		 380 int cylinders, heads, sectors;
381 int64_t nb_sectors;
382 int mult_sectors;
94458802
FB		 383 int identify_set;
384 uint16_t identify_data[256];
d537cf6c 385 qemu_irq irq;
34e538ae 386 PCIDevice *pci_dev;
98087450 387 struct BMDMAState *bmdma;
aedf5382 388 int drive_serial;
fa879c64 389 char drive_serial_str[21];
5391d806
FB		 390 /* ide regs */
391 uint8_t feature;
392 uint8_t error;
c2ff060f 393 uint32_t nsector;
5391d806
FB		 394 uint8_t sector;
395 uint8_t lcyl;
396 uint8_t hcyl;
c2ff060f
FB		 397 /* other part of tf for lba48 support */
398 uint8_t hob_feature;
399 uint8_t hob_nsector;
400 uint8_t hob_sector;
401 uint8_t hob_lcyl;
402 uint8_t hob_hcyl;
403
5391d806
FB		 404 uint8_t select;
405 uint8_t status;
c2ff060f 406
5391d806
FB		 407 /* 0x3f6 command, only meaningful for drive 0 */
408 uint8_t cmd;
c2ff060f
FB		 409 /* set for lba48 access */
410 uint8_t lba48;
5391d806 411 /* depends on bit 4 in select, only meaningful for drive 0 */
5fafdf24 412 struct IDEState *cur_drive;
5391d806
FB		 413 BlockDriverState *bs;
414 /* ATAPI specific */
415 uint8_t sense_key;
416 uint8_t asc;
417 int packet_transfer_size;
418 int elementary_transfer_size;
419 int io_buffer_index;
420 int lba;
98087450
FB		 421 int cd_sector_size;
422 int atapi_dma; /* true if dma is requested for the packet cmd */
423 /* ATA DMA state */
424 int io_buffer_size;
425 /* PIO transfer handling */
5391d806
FB		 426 int req_nb_sectors; /* number of sectors per interrupt */
427 EndTransferFunc *end_transfer_func;
428 uint8_t *data_ptr;
429 uint8_t *data_end;
33f00271 430 uint8_t *io_buffer;
31c2a146 431 QEMUTimer *sector_write_timer; /* only used for win2k install hack */
e774a278 432 uint32_t irq_count; /* counts IRQs when using win2k install hack */
201a51fc
AZ		 433 /* CF-ATA extended error */
434 uint8_t ext_error;
435 /* CF-ATA metadata storage */
436 uint32_t mdata_size;
437 uint8_t *mdata_storage;
438 int media_changed;
5391d806
FB		 439} IDEState;
440
8114e9e8
TS		 441/* XXX: DVDs that could fit on a CD will be reported as a CD */
442static inline int media_present(IDEState *s)
443{
444 return (s->nb_sectors > 0);
445}
446
447static inline int media_is_dvd(IDEState *s)
448{
449 return (media_present(s) && s->nb_sectors > CD_MAX_SECTORS);
450}
451
452static inline int media_is_cd(IDEState *s)
453{
454 return (media_present(s) && s->nb_sectors <= CD_MAX_SECTORS);
455}
456
98087450
FB		 457#define BM_STATUS_DMAING 0x01
458#define BM_STATUS_ERROR 0x02
459#define BM_STATUS_INT 0x04
460
461#define BM_CMD_START 0x01
462#define BM_CMD_READ 0x08
463
5457c8ce
FB		 464#define IDE_TYPE_PIIX3 0
465#define IDE_TYPE_CMD646 1
afcc3cdf 466#define IDE_TYPE_PIIX4 2
5457c8ce
FB		 467
468/* CMD646 specific */
469#define MRDMODE 0x71
470#define MRDMODE_INTR_CH0 0x04
471#define MRDMODE_INTR_CH1 0x08
472#define MRDMODE_BLK_CH0 0x10
473#define MRDMODE_BLK_CH1 0x20
474#define UDIDETCR0 0x73
475#define UDIDETCR1 0x7B
476
98087450
FB		 477typedef struct BMDMAState {
478 uint8_t cmd;
479 uint8_t status;
480 uint32_t addr;
3b46e624 481
5457c8ce 482 struct PCIIDEState *pci_dev;
98087450 483 /* current transfer state */
8ccad811
FB		 484 uint32_t cur_addr;
485 uint32_t cur_prd_last;
486 uint32_t cur_prd_addr;
487 uint32_t cur_prd_len;
98087450 488 IDEState *ide_if;
8ccad811
FB		 489 BlockDriverCompletionFunc *dma_cb;
490 BlockDriverAIOCB *aiocb;
98087450
FB		 491} BMDMAState;
492
493typedef struct PCIIDEState {
494 PCIDevice dev;
495 IDEState ide_if[4];
496 BMDMAState bmdma[2];
5457c8ce 497 int type; /* see IDE_TYPE_xxx */
98087450
FB		 498} PCIIDEState;
499
8ccad811 500static void ide_dma_start(IDEState *s, BlockDriverCompletionFunc *dma_cb);
5f12ab4b 501static void ide_atapi_cmd_read_dma_cb(void *opaque, int ret);
98087450 502
5391d806
FB		 503static void padstr(char *str, const char *src, int len)
504{
505 int i, v;
506 for(i = 0; i < len; i++) {
507 if (*src)
508 v = *src++;
509 else
510 v = ' ';
69b34976 511 str[i^1] = v;
5391d806
FB		 512 }
513}
514
bd0d90b2
FB		 515static void padstr8(uint8_t *buf, int buf_size, const char *src)
516{
517 int i;
518 for(i = 0; i < buf_size; i++) {
519 if (*src)
520 buf[i] = *src++;
521 else
522 buf[i] = ' ';
523 }
524}
525
67b915a5
FB		 526static void put_le16(uint16_t *p, unsigned int v)
527{
0c4ad8dc 528 *p = cpu_to_le16(v);
67b915a5
FB		 529}
530
5391d806
FB		 531static void ide_identify(IDEState *s)
532{
533 uint16_t *p;
534 unsigned int oldsize;
535
94458802
FB		 536 if (s->identify_set) {
537 memcpy(s->io_buffer, s->identify_data, sizeof(s->identify_data));
538 return;
539 }
540
5391d806
FB		 541 memset(s->io_buffer, 0, 512);
542 p = (uint16_t *)s->io_buffer;
67b915a5 543 put_le16(p + 0, 0x0040);
5fafdf24 544 put_le16(p + 1, s->cylinders);
67b915a5
FB		 545 put_le16(p + 3, s->heads);
546 put_le16(p + 4, 512 * s->sectors); /* XXX: retired, remove ? */
547 put_le16(p + 5, 512); /* XXX: retired, remove ? */
5fafdf24 548 put_le16(p + 6, s->sectors);
fa879c64 549 padstr((char *)(p + 10), s->drive_serial_str, 20); /* serial number */
67b915a5
FB		 550 put_le16(p + 20, 3); /* XXX: retired, remove ? */
551 put_le16(p + 21, 512); /* cache size in sectors */
552 put_le16(p + 22, 4); /* ecc bytes */
60fe76f3
TS		 553 padstr((char *)(p + 23), QEMU_VERSION, 8); /* firmware version */
554 padstr((char *)(p + 27), "QEMU HARDDISK", 40); /* model */
3b46e624 555#if MAX_MULT_SECTORS > 1
67b915a5 556 put_le16(p + 47, 0x8000 | MAX_MULT_SECTORS);
5391d806 557#endif
67b915a5 558 put_le16(p + 48, 1); /* dword I/O */
94458802 559 put_le16(p + 49, (1 << 11) | (1 << 9) | (1 << 8)); /* DMA and LBA supported */
67b915a5
FB		 560 put_le16(p + 51, 0x200); /* PIO transfer cycle */
561 put_le16(p + 52, 0x200); /* DMA transfer cycle */
94458802 562 put_le16(p + 53, 1 | (1 << 1) | (1 << 2)); /* words 54-58,64-70,88 are valid */
67b915a5
FB		 563 put_le16(p + 54, s->cylinders);
564 put_le16(p + 55, s->heads);
565 put_le16(p + 56, s->sectors);
5391d806 566 oldsize = s->cylinders * s->heads * s->sectors;
67b915a5
FB		 567 put_le16(p + 57, oldsize);
568 put_le16(p + 58, oldsize >> 16);
5391d806 569 if (s->mult_sectors)
67b915a5
FB		 570 put_le16(p + 59, 0x100 | s->mult_sectors);
571 put_le16(p + 60, s->nb_sectors);
572 put_le16(p + 61, s->nb_sectors >> 16);
d1b5c20d 573 put_le16(p + 62, 0x07); /* single word dma0-2 supported */
94458802
FB		 574 put_le16(p + 63, 0x07); /* mdma0-2 supported */
575 put_le16(p + 65, 120);
576 put_le16(p + 66, 120);
577 put_le16(p + 67, 120);
578 put_le16(p + 68, 120);
579 put_le16(p + 80, 0xf0); /* ata3 -> ata6 supported */
580 put_le16(p + 81, 0x16); /* conforms to ata5 */
67b915a5 581 put_le16(p + 82, (1 << 14));
c2ff060f
FB		 582 /* 13=flush_cache_ext,12=flush_cache,10=lba48 */
583 put_le16(p + 83, (1 << 14) | (1 << 13) | (1 <<12) | (1 << 10));
67b915a5
FB		 584 put_le16(p + 84, (1 << 14));
585 put_le16(p + 85, (1 << 14));
c2ff060f
FB		 586 /* 13=flush_cache_ext,12=flush_cache,10=lba48 */
587 put_le16(p + 86, (1 << 14) | (1 << 13) | (1 <<12) | (1 << 10));
67b915a5 588 put_le16(p + 87, (1 << 14));
94458802
FB		 589 put_le16(p + 88, 0x3f | (1 << 13)); /* udma5 set and supported */
590 put_le16(p + 93, 1 | (1 << 14) | 0x2000);
c2ff060f
FB		 591 put_le16(p + 100, s->nb_sectors);
592 put_le16(p + 101, s->nb_sectors >> 16);
593 put_le16(p + 102, s->nb_sectors >> 32);
594 put_le16(p + 103, s->nb_sectors >> 48);
94458802
FB		 595
596 memcpy(s->identify_data, p, sizeof(s->identify_data));
597 s->identify_set = 1;
5391d806
FB		 598}
599
600static void ide_atapi_identify(IDEState *s)
601{
602 uint16_t *p;
603
94458802
FB		 604 if (s->identify_set) {
605 memcpy(s->io_buffer, s->identify_data, sizeof(s->identify_data));
606 return;
607 }
608
5391d806
FB		 609 memset(s->io_buffer, 0, 512);
610 p = (uint16_t *)s->io_buffer;
611 /* Removable CDROM, 50us response, 12 byte packets */
67b915a5 612 put_le16(p + 0, (2 << 14) | (5 << 8) | (1 << 7) | (2 << 5) | (0 << 0));
fa879c64 613 padstr((char *)(p + 10), s->drive_serial_str, 20); /* serial number */
67b915a5
FB		 614 put_le16(p + 20, 3); /* buffer type */
615 put_le16(p + 21, 512); /* cache size in sectors */
616 put_le16(p + 22, 4); /* ecc bytes */
60fe76f3 617 padstr((char *)(p + 23), QEMU_VERSION, 8); /* firmware version */
38cdea7c 618 padstr((char *)(p + 27), "QEMU DVD-ROM", 40); /* model */
67b915a5 619 put_le16(p + 48, 1); /* dword I/O (XXX: should not be set on CDROM) */
8ccad811
FB		 620#ifdef USE_DMA_CDROM
621 put_le16(p + 49, 1 << 9 | 1 << 8); /* DMA and LBA supported */
622 put_le16(p + 53, 7); /* words 64-70, 54-58, 88 valid */
d1b5c20d 623 put_le16(p + 62, 7); /* single word dma0-2 supported */
8ccad811
FB		 624 put_le16(p + 63, 7); /* mdma0-2 supported */
625 put_le16(p + 64, 0x3f); /* PIO modes supported */
626#else
67b915a5
FB		 627 put_le16(p + 49, 1 << 9); /* LBA supported, no DMA */
628 put_le16(p + 53, 3); /* words 64-70, 54-58 valid */
629 put_le16(p + 63, 0x103); /* DMA modes XXX: may be incorrect */
630 put_le16(p + 64, 1); /* PIO modes */
8ccad811 631#endif
67b915a5
FB		 632 put_le16(p + 65, 0xb4); /* minimum DMA multiword tx cycle time */
633 put_le16(p + 66, 0xb4); /* recommended DMA multiword tx cycle time */
634 put_le16(p + 67, 0x12c); /* minimum PIO cycle time without flow control */
635 put_le16(p + 68, 0xb4); /* minimum PIO cycle time with IORDY flow control */
94458802 636
67b915a5
FB		 637 put_le16(p + 71, 30); /* in ns */
638 put_le16(p + 72, 30); /* in ns */
5391d806 639
67b915a5 640 put_le16(p + 80, 0x1e); /* support up to ATA/ATAPI-4 */
8ccad811
FB		 641#ifdef USE_DMA_CDROM
642 put_le16(p + 88, 0x3f | (1 << 13)); /* udma5 set and supported */
643#endif
94458802
FB		 644 memcpy(s->identify_data, p, sizeof(s->identify_data));
645 s->identify_set = 1;
5391d806
FB		 646}
647
201a51fc
AZ		 648static void ide_cfata_identify(IDEState *s)
649{
650 uint16_t *p;
651 uint32_t cur_sec;
201a51fc
AZ		 652
653 p = (uint16_t *) s->identify_data;
654 if (s->identify_set)
655 goto fill_buffer;
656
657 memset(p, 0, sizeof(s->identify_data));
658
659 cur_sec = s->cylinders * s->heads * s->sectors;
660
661 put_le16(p + 0, 0x848a); /* CF Storage Card signature */
662 put_le16(p + 1, s->cylinders); /* Default cylinders */
663 put_le16(p + 3, s->heads); /* Default heads */
664 put_le16(p + 6, s->sectors); /* Default sectors per track */
665 put_le16(p + 7, s->nb_sectors >> 16); /* Sectors per card */
666 put_le16(p + 8, s->nb_sectors); /* Sectors per card */
fa879c64 667 padstr((char *)(p + 10), s->drive_serial_str, 20); /* serial number */
201a51fc 668 put_le16(p + 22, 0x0004); /* ECC bytes */
60fe76f3
TS		 669 padstr((char *) (p + 23), QEMU_VERSION, 8); /* Firmware Revision */
670 padstr((char *) (p + 27), "QEMU MICRODRIVE", 40);/* Model number */
201a51fc
AZ		 671#if MAX_MULT_SECTORS > 1
672 put_le16(p + 47, 0x8000 | MAX_MULT_SECTORS);
673#else
674 put_le16(p + 47, 0x0000);
675#endif
676 put_le16(p + 49, 0x0f00); /* Capabilities */
677 put_le16(p + 51, 0x0002); /* PIO cycle timing mode */
678 put_le16(p + 52, 0x0001); /* DMA cycle timing mode */
679 put_le16(p + 53, 0x0003); /* Translation params valid */
680 put_le16(p + 54, s->cylinders); /* Current cylinders */
681 put_le16(p + 55, s->heads); /* Current heads */
682 put_le16(p + 56, s->sectors); /* Current sectors */
683 put_le16(p + 57, cur_sec); /* Current capacity */
684 put_le16(p + 58, cur_sec >> 16); /* Current capacity */
685 if (s->mult_sectors) /* Multiple sector setting */
686 put_le16(p + 59, 0x100 | s->mult_sectors);
687 put_le16(p + 60, s->nb_sectors); /* Total LBA sectors */
688 put_le16(p + 61, s->nb_sectors >> 16); /* Total LBA sectors */
689 put_le16(p + 63, 0x0203); /* Multiword DMA capability */
690 put_le16(p + 64, 0x0001); /* Flow Control PIO support */
691 put_le16(p + 65, 0x0096); /* Min. Multiword DMA cycle */
692 put_le16(p + 66, 0x0096); /* Rec. Multiword DMA cycle */
693 put_le16(p + 68, 0x00b4); /* Min. PIO cycle time */
694 put_le16(p + 82, 0x400c); /* Command Set supported */
695 put_le16(p + 83, 0x7068); /* Command Set supported */
696 put_le16(p + 84, 0x4000); /* Features supported */
697 put_le16(p + 85, 0x000c); /* Command Set enabled */
698 put_le16(p + 86, 0x7044); /* Command Set enabled */
699 put_le16(p + 87, 0x4000); /* Features enabled */
700 put_le16(p + 91, 0x4060); /* Current APM level */
701 put_le16(p + 129, 0x0002); /* Current features option */
702 put_le16(p + 130, 0x0005); /* Reassigned sectors */
703 put_le16(p + 131, 0x0001); /* Initial power mode */
704 put_le16(p + 132, 0x0000); /* User signature */
705 put_le16(p + 160, 0x8100); /* Power requirement */
706 put_le16(p + 161, 0x8001); /* CF command set */
707
708 s->identify_set = 1;
709
710fill_buffer:
711 memcpy(s->io_buffer, p, sizeof(s->identify_data));
712}
713
5391d806
FB		 714static void ide_set_signature(IDEState *s)
715{
716 s->select &= 0xf0; /* clear head */
717 /* put signature */
718 s->nsector = 1;
719 s->sector = 1;
720 if (s->is_cdrom) {
721 s->lcyl = 0x14;
722 s->hcyl = 0xeb;
723 } else if (s->bs) {
724 s->lcyl = 0;
725 s->hcyl = 0;
726 } else {
727 s->lcyl = 0xff;
728 s->hcyl = 0xff;
729 }
730}
731
732static inline void ide_abort_command(IDEState *s)
733{
734 s->status = READY_STAT | ERR_STAT;
735 s->error = ABRT_ERR;
736}
737
5604e090
AZ		 738static inline void ide_dma_submit_check(IDEState *s,
739 BlockDriverCompletionFunc *dma_cb, BMDMAState *bm)
740{
741 if (bm->aiocb)
742 return;
743 dma_cb(bm, -1);
744}
745
5391d806
FB		 746static inline void ide_set_irq(IDEState *s)
747{
98ff7d30 748 BMDMAState *bm = s->bmdma;
5391d806 749 if (!(s->cmd & IDE_CMD_DISABLE_IRQ)) {
5457c8ce 750 if (bm) {
98ff7d30 751 bm->status |= BM_STATUS_INT;
5457c8ce 752 }
d537cf6c 753 qemu_irq_raise(s->irq);
5391d806
FB		 754 }
755}
756
757/* prepare data transfer and tell what to do after */
5fafdf24 758static void ide_transfer_start(IDEState *s, uint8_t *buf, int size,
5391d806
FB		 759 EndTransferFunc *end_transfer_func)
760{
761 s->end_transfer_func = end_transfer_func;
762 s->data_ptr = buf;
763 s->data_end = buf + size;
7603d156
TS		 764 if (!(s->status & ERR_STAT))
765 s->status |= DRQ_STAT;
5391d806
FB		 766}
767
768static void ide_transfer_stop(IDEState *s)
769{
770 s->end_transfer_func = ide_transfer_stop;
771 s->data_ptr = s->io_buffer;
772 s->data_end = s->io_buffer;
773 s->status &= ~DRQ_STAT;
774}
775
776static int64_t ide_get_sector(IDEState *s)
777{
778 int64_t sector_num;
779 if (s->select & 0x40) {
780 /* lba */
c2ff060f
FB		 781 if (!s->lba48) {
782 sector_num = ((s->select & 0x0f) << 24) | (s->hcyl << 16) |
783 (s->lcyl << 8) | s->sector;
784 } else {
785 sector_num = ((int64_t)s->hob_hcyl << 40) |
786 ((int64_t) s->hob_lcyl << 32) |
787 ((int64_t) s->hob_sector << 24) |
788 ((int64_t) s->hcyl << 16) |
789 ((int64_t) s->lcyl << 8) | s->sector;
790 }
5391d806
FB		 791 } else {
792 sector_num = ((s->hcyl << 8) | s->lcyl) * s->heads * s->sectors +
c2ff060f 793 (s->select & 0x0f) * s->sectors + (s->sector - 1);
5391d806
FB		 794 }
795 return sector_num;
796}
797
798static void ide_set_sector(IDEState *s, int64_t sector_num)
799{
800 unsigned int cyl, r;
801 if (s->select & 0x40) {
c2ff060f
FB		 802 if (!s->lba48) {
803 s->select = (s->select & 0xf0) | (sector_num >> 24);
804 s->hcyl = (sector_num >> 16);
805 s->lcyl = (sector_num >> 8);
806 s->sector = (sector_num);
807 } else {
808 s->sector = sector_num;
809 s->lcyl = sector_num >> 8;
810 s->hcyl = sector_num >> 16;
811 s->hob_sector = sector_num >> 24;
812 s->hob_lcyl = sector_num >> 32;
813 s->hob_hcyl = sector_num >> 40;
814 }
5391d806
FB		 815 } else {
816 cyl = sector_num / (s->heads * s->sectors);
817 r = sector_num % (s->heads * s->sectors);
818 s->hcyl = cyl >> 8;
819 s->lcyl = cyl;
1b8eb456 820 s->select = (s->select & 0xf0) | ((r / s->sectors) & 0x0f);
5391d806
FB		 821 s->sector = (r % s->sectors) + 1;
822 }
823}
824
e162cfb0
AZ		 825static void ide_rw_error(IDEState *s) {
826 ide_abort_command(s);
827 ide_set_irq(s);
828}
829
5391d806
FB		 830static void ide_sector_read(IDEState *s)
831{
832 int64_t sector_num;
833 int ret, n;
834
835 s->status = READY_STAT | SEEK_STAT;
a136e5a8 836 s->error = 0; /* not needed by IDE spec, but needed by Windows */
5391d806
FB		 837 sector_num = ide_get_sector(s);
838 n = s->nsector;
839 if (n == 0) {
840 /* no more sector to read from disk */
841 ide_transfer_stop(s);
842 } else {
843#if defined(DEBUG_IDE)
18c5f8ea 844 printf("read sector=%" PRId64 "\n", sector_num);
5391d806
FB		 845#endif
846 if (n > s->req_nb_sectors)
847 n = s->req_nb_sectors;
848 ret = bdrv_read(s->bs, sector_num, s->io_buffer, n);
e162cfb0
AZ		 849 if (ret != 0) {
850 ide_rw_error(s);
851 return;
852 }
5391d806
FB		 853 ide_transfer_start(s, s->io_buffer, 512 * n, ide_sector_read);
854 ide_set_irq(s);
855 ide_set_sector(s, sector_num + n);
856 s->nsector -= n;
857 }
858}
859
e162cfb0
AZ		 860static void ide_dma_error(IDEState *s)
861{
862 ide_transfer_stop(s);
863 s->error = ABRT_ERR;
864 s->status = READY_STAT | ERR_STAT;
865 ide_set_irq(s);
866}
867
8ccad811
FB		 868/* return 0 if buffer completed */
869static int dma_buf_rw(BMDMAState *bm, int is_write)
98087450 870{
8ccad811
FB		 871 IDEState *s = bm->ide_if;
872 struct {
873 uint32_t addr;
874 uint32_t size;
875 } prd;
876 int l, len;
98087450 877
8ccad811
FB		 878 for(;;) {
879 l = s->io_buffer_size - s->io_buffer_index;
5fafdf24 880 if (l <= 0)
8ccad811
FB		 881 break;
882 if (bm->cur_prd_len == 0) {
883 /* end of table (with a fail safe of one page) */
884 if (bm->cur_prd_last ||
885 (bm->cur_addr - bm->addr) >= 4096)
886 return 0;
887 cpu_physical_memory_read(bm->cur_addr, (uint8_t *)&prd, 8);
888 bm->cur_addr += 8;
889 prd.addr = le32_to_cpu(prd.addr);
890 prd.size = le32_to_cpu(prd.size);
891 len = prd.size & 0xfffe;
892 if (len == 0)
893 len = 0x10000;
894 bm->cur_prd_len = len;
895 bm->cur_prd_addr = prd.addr;
896 bm->cur_prd_last = (prd.size & 0x80000000);
897 }
898 if (l > bm->cur_prd_len)
899 l = bm->cur_prd_len;
900 if (l > 0) {
901 if (is_write) {
5fafdf24 902 cpu_physical_memory_write(bm->cur_prd_addr,
8ccad811
FB		 903 s->io_buffer + s->io_buffer_index, l);
904 } else {
5fafdf24 905 cpu_physical_memory_read(bm->cur_prd_addr,
8ccad811
FB		 906 s->io_buffer + s->io_buffer_index, l);
907 }
908 bm->cur_prd_addr += l;
909 bm->cur_prd_len -= l;
910 s->io_buffer_index += l;
98087450 911 }
98087450 912 }
8ccad811
FB		 913 return 1;
914}
915
8ccad811
FB		 916static void ide_read_dma_cb(void *opaque, int ret)
917{
918 BMDMAState *bm = opaque;
919 IDEState *s = bm->ide_if;
920 int n;
921 int64_t sector_num;
922
e162cfb0
AZ		 923 if (ret < 0) {
924 ide_dma_error(s);
925 return;
926 }
927
8ccad811
FB		 928 n = s->io_buffer_size >> 9;
929 sector_num = ide_get_sector(s);
930 if (n > 0) {
931 sector_num += n;
932 ide_set_sector(s, sector_num);
933 s->nsector -= n;
934 if (dma_buf_rw(bm, 1) == 0)
935 goto eot;
936 }
937
938 /* end of transfer ? */
939 if (s->nsector == 0) {
98087450
FB		 940 s->status = READY_STAT | SEEK_STAT;
941 ide_set_irq(s);
8ccad811
FB		 942 eot:
943 bm->status &= ~BM_STATUS_DMAING;
944 bm->status |= BM_STATUS_INT;
945 bm->dma_cb = NULL;
946 bm->ide_if = NULL;
947 bm->aiocb = NULL;
948 return;
98087450 949 }
8ccad811
FB		 950
951 /* launch next transfer */
952 n = s->nsector;
1d8cde5b
AJ		 953 if (n > IDE_DMA_BUF_SECTORS)
954 n = IDE_DMA_BUF_SECTORS;
8ccad811
FB		 955 s->io_buffer_index = 0;
956 s->io_buffer_size = n * 512;
957#ifdef DEBUG_AIO
5df23f53 958 printf("aio_read: sector_num=%" PRId64 " n=%d\n", sector_num, n);
8ccad811 959#endif
5fafdf24 960 bm->aiocb = bdrv_aio_read(s->bs, sector_num, s->io_buffer, n,
8ccad811 961 ide_read_dma_cb, bm);
5604e090 962 ide_dma_submit_check(s, ide_read_dma_cb, bm);
98087450
FB		 963}
964
965static void ide_sector_read_dma(IDEState *s)
966{
8ccad811 967 s->status = READY_STAT | SEEK_STAT | DRQ_STAT | BUSY_STAT;
98087450
FB		 968 s->io_buffer_index = 0;
969 s->io_buffer_size = 0;
970 ide_dma_start(s, ide_read_dma_cb);
971}
972
a09db21f
FB		 973static void ide_sector_write_timer_cb(void *opaque)
974{
975 IDEState *s = opaque;
976 ide_set_irq(s);
977}
978
5391d806
FB		 979static void ide_sector_write(IDEState *s)
980{
981 int64_t sector_num;
31c2a146 982 int ret, n, n1;
5391d806
FB		 983
984 s->status = READY_STAT | SEEK_STAT;
985 sector_num = ide_get_sector(s);
986#if defined(DEBUG_IDE)
18c5f8ea 987 printf("write sector=%" PRId64 "\n", sector_num);
5391d806
FB		 988#endif
989 n = s->nsector;
990 if (n > s->req_nb_sectors)
991 n = s->req_nb_sectors;
31c2a146 992 ret = bdrv_write(s->bs, sector_num, s->io_buffer, n);
e162cfb0
AZ		 993 if (ret != 0) {
994 ide_rw_error(s);
995 return;
996 }
997
5391d806
FB		 998 s->nsector -= n;
999 if (s->nsector == 0) {
292eef5a 1000 /* no more sectors to write */
5391d806
FB		 1001 ide_transfer_stop(s);
1002 } else {
1003 n1 = s->nsector;
1004 if (n1 > s->req_nb_sectors)
1005 n1 = s->req_nb_sectors;
1006 ide_transfer_start(s, s->io_buffer, 512 * n1, ide_sector_write);
1007 }
1008 ide_set_sector(s, sector_num + n);
3b46e624 1009
31c2a146
TS		 1010#ifdef TARGET_I386
1011 if (win2k_install_hack && ((++s->irq_count % 16) == 0)) {
1012 /* It seems there is a bug in the Windows 2000 installer HDD
1013 IDE driver which fills the disk with empty logs when the
1014 IDE write IRQ comes too early. This hack tries to correct
1015 that at the expense of slower write performances. Use this
1016 option _only_ to install Windows 2000. You must disable it
1017 for normal use. */
1018 qemu_mod_timer(s->sector_write_timer,
1019 qemu_get_clock(vm_clock) + (ticks_per_sec / 1000));
1020 } else
1021#endif
1022 {
1023 ide_set_irq(s);
1024 }
5391d806
FB		 1025}
1026
8ccad811 1027static void ide_write_dma_cb(void *opaque, int ret)
98087450 1028{
8ccad811
FB		 1029 BMDMAState *bm = opaque;
1030 IDEState *s = bm->ide_if;
1031 int n;
98087450
FB		 1032 int64_t sector_num;
1033
e162cfb0
AZ		 1034 if (ret < 0) {
1035 ide_dma_error(s);
1036 return;
1037 }
1038
8ccad811
FB		 1039 n = s->io_buffer_size >> 9;
1040 sector_num = ide_get_sector(s);
1041 if (n > 0) {
1042 sector_num += n;
1043 ide_set_sector(s, sector_num);
1044 s->nsector -= n;
98087450 1045 }
98087450 1046
8ccad811
FB		 1047 /* end of transfer ? */
1048 if (s->nsector == 0) {
1049 s->status = READY_STAT | SEEK_STAT;
1050 ide_set_irq(s);
1051 eot:
1052 bm->status &= ~BM_STATUS_DMAING;
1053 bm->status |= BM_STATUS_INT;
1054 bm->dma_cb = NULL;
1055 bm->ide_if = NULL;
1056 bm->aiocb = NULL;
1057 return;
1058 }
1059
1060 /* launch next transfer */
98087450 1061 n = s->nsector;
1d8cde5b
AJ		 1062 if (n > IDE_DMA_BUF_SECTORS)
1063 n = IDE_DMA_BUF_SECTORS;
98087450
FB		 1064 s->io_buffer_index = 0;
1065 s->io_buffer_size = n * 512;
8ccad811
FB		 1066
1067 if (dma_buf_rw(bm, 0) == 0)
1068 goto eot;
1069#ifdef DEBUG_AIO
5df23f53 1070 printf("aio_write: sector_num=%" PRId64 " n=%d\n", sector_num, n);
8ccad811 1071#endif
5fafdf24 1072 bm->aiocb = bdrv_aio_write(s->bs, sector_num, s->io_buffer, n,
8ccad811 1073 ide_write_dma_cb, bm);
5604e090 1074 ide_dma_submit_check(s, ide_write_dma_cb, bm);
8ccad811
FB		 1075}
1076
1077static void ide_sector_write_dma(IDEState *s)
1078{
1079 s->status = READY_STAT | SEEK_STAT | DRQ_STAT | BUSY_STAT;
1080 s->io_buffer_index = 0;
1081 s->io_buffer_size = 0;
98087450
FB		 1082 ide_dma_start(s, ide_write_dma_cb);
1083}
1084
5391d806
FB		 1085static void ide_atapi_cmd_ok(IDEState *s)
1086{
1087 s->error = 0;
41a2b959 1088 s->status = READY_STAT | SEEK_STAT;
5391d806
FB		 1089 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
1090 ide_set_irq(s);
1091}
1092
1093static void ide_atapi_cmd_error(IDEState *s, int sense_key, int asc)
1094{
1095#ifdef DEBUG_IDE_ATAPI
1096 printf("atapi_cmd_error: sense=0x%x asc=0x%x\n", sense_key, asc);
1097#endif
1098 s->error = sense_key << 4;
1099 s->status = READY_STAT | ERR_STAT;
1100 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
1101 s->sense_key = sense_key;
1102 s->asc = asc;
1103 ide_set_irq(s);
1104}
1105
9118e7f0
AL		 1106static void ide_atapi_cmd_check_status(IDEState *s)
1107{
1108#ifdef DEBUG_IDE_ATAPI
1109 printf("atapi_cmd_check_status\n");
1110#endif
1111 s->error = MC_ERR | (SENSE_UNIT_ATTENTION << 4);
1112 s->status = ERR_STAT;
1113 s->nsector = 0;
1114 ide_set_irq(s);
1115}
1116
5391d806
FB		 1117static inline void cpu_to_ube16(uint8_t *buf, int val)
1118{
1119 buf[0] = val >> 8;
1120 buf[1] = val;
1121}
1122
1123static inline void cpu_to_ube32(uint8_t *buf, unsigned int val)
1124{
1125 buf[0] = val >> 24;
1126 buf[1] = val >> 16;
1127 buf[2] = val >> 8;
1128 buf[3] = val;
1129}
1130
1131static inline int ube16_to_cpu(const uint8_t *buf)
1132{
1133 return (buf[0] << 8) | buf[1];
1134}
1135
1136static inline int ube32_to_cpu(const uint8_t *buf)
1137{
1138 return (buf[0] << 24) | (buf[1] << 16) | (buf[2] << 8) | buf[3];
1139}
1140
98087450
FB		 1141static void lba_to_msf(uint8_t *buf, int lba)
1142{
1143 lba += 150;
1144 buf[0] = (lba / 75) / 60;
1145 buf[1] = (lba / 75) % 60;
1146 buf[2] = lba % 75;
1147}
1148
8ccad811
FB		 1149static void cd_data_to_raw(uint8_t *buf, int lba)
1150{
1151 /* sync bytes */
1152 buf[0] = 0x00;
1153 memset(buf + 1, 0xff, 10);
1154 buf[11] = 0x00;
1155 buf += 12;
1156 /* MSF */
1157 lba_to_msf(buf, lba);
1158 buf[3] = 0x01; /* mode 1 data */
1159 buf += 4;
1160 /* data */
1161 buf += 2048;
1162 /* XXX: ECC not computed */
1163 memset(buf, 0, 288);
1164}
1165
5fafdf24 1166static int cd_read_sector(BlockDriverState *bs, int lba, uint8_t *buf,
98087450
FB		 1167 int sector_size)
1168{
66c6ef76
FB		 1169 int ret;
1170
98087450
FB		 1171 switch(sector_size) {
1172 case 2048:
66c6ef76 1173 ret = bdrv_read(bs, (int64_t)lba << 2, buf, 4);
98087450
FB		 1174 break;
1175 case 2352:
66c6ef76
FB		 1176 ret = bdrv_read(bs, (int64_t)lba << 2, buf + 16, 4);
1177 if (ret < 0)
1178 return ret;
8ccad811 1179 cd_data_to_raw(buf, lba);
98087450
FB		 1180 break;
1181 default:
66c6ef76 1182 ret = -EIO;
98087450
FB		 1183 break;
1184 }
66c6ef76
FB		 1185 return ret;
1186}
1187
1188static void ide_atapi_io_error(IDEState *s, int ret)
1189{
1190 /* XXX: handle more errors */
1191 if (ret == -ENOMEDIUM) {
5fafdf24 1192 ide_atapi_cmd_error(s, SENSE_NOT_READY,
66c6ef76
FB		 1193 ASC_MEDIUM_NOT_PRESENT);
1194 } else {
5fafdf24 1195 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
66c6ef76
FB		 1196 ASC_LOGICAL_BLOCK_OOR);
1197 }
98087450
FB		 1198}
1199
5391d806
FB		 1200/* The whole ATAPI transfer logic is handled in this function */
1201static void ide_atapi_cmd_reply_end(IDEState *s)
1202{
66c6ef76 1203 int byte_count_limit, size, ret;
5391d806 1204#ifdef DEBUG_IDE_ATAPI
5fafdf24 1205 printf("reply: tx_size=%d elem_tx_size=%d index=%d\n",
5391d806
FB		 1206 s->packet_transfer_size,
1207 s->elementary_transfer_size,
1208 s->io_buffer_index);
1209#endif
1210 if (s->packet_transfer_size <= 0) {
1211 /* end of transfer */
1212 ide_transfer_stop(s);
41a2b959 1213 s->status = READY_STAT | SEEK_STAT;
5391d806
FB		 1214 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
1215 ide_set_irq(s);
1216#ifdef DEBUG_IDE_ATAPI
1217 printf("status=0x%x\n", s->status);
1218#endif
1219 } else {
1220 /* see if a new sector must be read */
98087450 1221 if (s->lba != -1 && s->io_buffer_index >= s->cd_sector_size) {
66c6ef76
FB		 1222 ret = cd_read_sector(s->bs, s->lba, s->io_buffer, s->cd_sector_size);
1223 if (ret < 0) {
1224 ide_transfer_stop(s);
1225 ide_atapi_io_error(s, ret);
1226 return;
1227 }
5391d806
FB		 1228 s->lba++;
1229 s->io_buffer_index = 0;
1230 }
1231 if (s->elementary_transfer_size > 0) {
1232 /* there are some data left to transmit in this elementary
1233 transfer */
98087450 1234 size = s->cd_sector_size - s->io_buffer_index;
5391d806
FB		 1235 if (size > s->elementary_transfer_size)
1236 size = s->elementary_transfer_size;
5fafdf24 1237 ide_transfer_start(s, s->io_buffer + s->io_buffer_index,
5391d806
FB		 1238 size, ide_atapi_cmd_reply_end);
1239 s->packet_transfer_size -= size;
1240 s->elementary_transfer_size -= size;
1241 s->io_buffer_index += size;
1242 } else {
1243 /* a new transfer is needed */
1244 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO;
1245 byte_count_limit = s->lcyl | (s->hcyl << 8);
1246#ifdef DEBUG_IDE_ATAPI
1247 printf("byte_count_limit=%d\n", byte_count_limit);
1248#endif
1249 if (byte_count_limit == 0xffff)
1250 byte_count_limit--;
1251 size = s->packet_transfer_size;
1252 if (size > byte_count_limit) {
1253 /* byte count limit must be even if this case */
1254 if (byte_count_limit & 1)
1255 byte_count_limit--;
1256 size = byte_count_limit;
5391d806 1257 }
a136e5a8
FB		 1258 s->lcyl = size;
1259 s->hcyl = size >> 8;
5391d806
FB		 1260 s->elementary_transfer_size = size;
1261 /* we cannot transmit more than one sector at a time */
1262 if (s->lba != -1) {
98087450
FB		 1263 if (size > (s->cd_sector_size - s->io_buffer_index))
1264 size = (s->cd_sector_size - s->io_buffer_index);
5391d806 1265 }
5fafdf24 1266 ide_transfer_start(s, s->io_buffer + s->io_buffer_index,
5391d806
FB		 1267 size, ide_atapi_cmd_reply_end);
1268 s->packet_transfer_size -= size;
1269 s->elementary_transfer_size -= size;
1270 s->io_buffer_index += size;
1271 ide_set_irq(s);
1272#ifdef DEBUG_IDE_ATAPI
1273 printf("status=0x%x\n", s->status);
1274#endif
1275 }
1276 }
1277}
1278
1279/* send a reply of 'size' bytes in s->io_buffer to an ATAPI command */
1280static void ide_atapi_cmd_reply(IDEState *s, int size, int max_size)
1281{
1282 if (size > max_size)
1283 size = max_size;
1284 s->lba = -1; /* no sector read */
1285 s->packet_transfer_size = size;
5f12ab4b 1286 s->io_buffer_size = size; /* dma: send the reply data as one chunk */
5391d806
FB		 1287 s->elementary_transfer_size = 0;
1288 s->io_buffer_index = 0;
1289
5f12ab4b 1290 if (s->atapi_dma) {
41a2b959 1291 s->status = READY_STAT | SEEK_STAT | DRQ_STAT;
5f12ab4b
TS		 1292 ide_dma_start(s, ide_atapi_cmd_read_dma_cb);
1293 } else {
41a2b959 1294 s->status = READY_STAT | SEEK_STAT;
5f12ab4b
TS		 1295 ide_atapi_cmd_reply_end(s);
1296 }
5391d806
FB		 1297}
1298
1299/* start a CD-CDROM read command */
98087450
FB		 1300static void ide_atapi_cmd_read_pio(IDEState *s, int lba, int nb_sectors,
1301 int sector_size)
5391d806 1302{
5391d806 1303 s->lba = lba;
98087450 1304 s->packet_transfer_size = nb_sectors * sector_size;
5391d806 1305 s->elementary_transfer_size = 0;
98087450
FB		 1306 s->io_buffer_index = sector_size;
1307 s->cd_sector_size = sector_size;
5391d806 1308
41a2b959 1309 s->status = READY_STAT | SEEK_STAT;
5391d806
FB		 1310 ide_atapi_cmd_reply_end(s);
1311}
1312
98087450 1313/* ATAPI DMA support */
8ccad811
FB		 1314
1315/* XXX: handle read errors */
1316static void ide_atapi_cmd_read_dma_cb(void *opaque, int ret)
98087450 1317{
8ccad811
FB		 1318 BMDMAState *bm = opaque;
1319 IDEState *s = bm->ide_if;
1320 int data_offset, n;
1321
66c6ef76
FB		 1322 if (ret < 0) {
1323 ide_atapi_io_error(s, ret);
1324 goto eot;
1325 }
1326
8ccad811 1327 if (s->io_buffer_size > 0) {
5f12ab4b
TS		 1328 /*
1329 * For a cdrom read sector command (s->lba != -1),
1330 * adjust the lba for the next s->io_buffer_size chunk
1331 * and dma the current chunk.
1332 * For a command != read (s->lba == -1), just transfer
1333 * the reply data.
1334 */
1335 if (s->lba != -1) {
1336 if (s->cd_sector_size == 2352) {
1337 n = 1;
1338 cd_data_to_raw(s->io_buffer, s->lba);
1339 } else {
1340 n = s->io_buffer_size >> 11;
1341 }
1342 s->lba += n;
1343 }
8ccad811 1344 s->packet_transfer_size -= s->io_buffer_size;
8ccad811
FB		 1345 if (dma_buf_rw(bm, 1) == 0)
1346 goto eot;
98087450 1347 }
8ccad811 1348
98087450 1349 if (s->packet_transfer_size <= 0) {
41a2b959 1350 s->status = READY_STAT | SEEK_STAT;
98087450
FB		 1351 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
1352 ide_set_irq(s);
8ccad811
FB		 1353 eot:
1354 bm->status &= ~BM_STATUS_DMAING;
1355 bm->status |= BM_STATUS_INT;
1356 bm->dma_cb = NULL;
1357 bm->ide_if = NULL;
1358 bm->aiocb = NULL;
1359 return;
1360 }
3b46e624 1361
8ccad811
FB		 1362 s->io_buffer_index = 0;
1363 if (s->cd_sector_size == 2352) {
1364 n = 1;
1365 s->io_buffer_size = s->cd_sector_size;
1366 data_offset = 16;
1367 } else {
1368 n = s->packet_transfer_size >> 11;
1d8cde5b
AJ		 1369 if (n > (IDE_DMA_BUF_SECTORS / 4))
1370 n = (IDE_DMA_BUF_SECTORS / 4);
8ccad811
FB		 1371 s->io_buffer_size = n * 2048;
1372 data_offset = 0;
98087450 1373 }
8ccad811
FB		 1374#ifdef DEBUG_AIO
1375 printf("aio_read_cd: lba=%u n=%d\n", s->lba, n);
1376#endif
5fafdf24
TS		 1377 bm->aiocb = bdrv_aio_read(s->bs, (int64_t)s->lba << 2,
1378 s->io_buffer + data_offset, n * 4,
8ccad811 1379 ide_atapi_cmd_read_dma_cb, bm);
66c6ef76
FB		 1380 if (!bm->aiocb) {
1381 /* Note: media not present is the most likely case */
5fafdf24 1382 ide_atapi_cmd_error(s, SENSE_NOT_READY,
66c6ef76
FB		 1383 ASC_MEDIUM_NOT_PRESENT);
1384 goto eot;
1385 }
98087450
FB		 1386}
1387
1388/* start a CD-CDROM read command with DMA */
1389/* XXX: test if DMA is available */
1390static void ide_atapi_cmd_read_dma(IDEState *s, int lba, int nb_sectors,
1391 int sector_size)
1392{
1393 s->lba = lba;
1394 s->packet_transfer_size = nb_sectors * sector_size;
8ccad811
FB		 1395 s->io_buffer_index = 0;
1396 s->io_buffer_size = 0;
98087450
FB		 1397 s->cd_sector_size = sector_size;
1398
8ccad811 1399 /* XXX: check if BUSY_STAT should be set */
41a2b959 1400 s->status = READY_STAT | SEEK_STAT | DRQ_STAT | BUSY_STAT;
98087450
FB		 1401 ide_dma_start(s, ide_atapi_cmd_read_dma_cb);
1402}
1403
5fafdf24 1404static void ide_atapi_cmd_read(IDEState *s, int lba, int nb_sectors,
98087450
FB		 1405 int sector_size)
1406{
1407#ifdef DEBUG_IDE_ATAPI
5f12ab4b
TS		 1408 printf("read %s: LBA=%d nb_sectors=%d\n", s->atapi_dma ? "dma" : "pio",
1409 lba, nb_sectors);
98087450
FB		 1410#endif
1411 if (s->atapi_dma) {
1412 ide_atapi_cmd_read_dma(s, lba, nb_sectors, sector_size);
1413 } else {
1414 ide_atapi_cmd_read_pio(s, lba, nb_sectors, sector_size);
1415 }
1416}
1417
38cdea7c
AZ		 1418static inline uint8_t ide_atapi_set_profile(uint8_t *buf, uint8_t *index,
1419 uint16_t profile)
1420{
1421 uint8_t *buf_profile = buf + 12; /* start of profiles */
1422
1423 buf_profile += ((*index) * 4); /* start of indexed profile */
1424 cpu_to_ube16 (buf_profile, profile);
1425 buf_profile[2] = ((buf_profile[0] == buf[6]) && (buf_profile[1] == buf[7]));
1426
1427 /* each profile adds 4 bytes to the response */
1428 (*index)++;
1429 buf[11] += 4; /* Additional Length */
1430
1431 return 4;
1432}
1433
8114e9e8
TS		 1434static int ide_dvd_read_structure(IDEState *s, int format,
1435 const uint8_t *packet, uint8_t *buf)
1436{
1437 switch (format) {
1438 case 0x0: /* Physical format information */
1439 {
1440 int layer = packet[6];
1441 uint64_t total_sectors;
1442
1443 if (layer != 0)
1444 return -ASC_INV_FIELD_IN_CMD_PACKET;
1445
1446 bdrv_get_geometry(s->bs, &total_sectors);
1447 total_sectors >>= 2;
1448 if (total_sectors == 0)
1449 return -ASC_MEDIUM_NOT_PRESENT;
1450
1451 buf[4] = 1; /* DVD-ROM, part version 1 */
1452 buf[5] = 0xf; /* 120mm disc, minimum rate unspecified */
1453 buf[6] = 1; /* one layer, read-only (per MMC-2 spec) */
1454 buf[7] = 0; /* default densities */
1455
1456 /* FIXME: 0x30000 per spec? */
1457 cpu_to_ube32(buf + 8, 0); /* start sector */
1458 cpu_to_ube32(buf + 12, total_sectors - 1); /* end sector */
1459 cpu_to_ube32(buf + 16, total_sectors - 1); /* l0 end sector */
1460
1461 /* Size of buffer, not including 2 byte size field */
1462 cpu_to_be16wu((uint16_t *)buf, 2048 + 2);
1463
1464 /* 2k data + 4 byte header */
1465 return (2048 + 4);
1466 }
1467
1468 case 0x01: /* DVD copyright information */
1469 buf[4] = 0; /* no copyright data */
1470 buf[5] = 0; /* no region restrictions */
1471
1472 /* Size of buffer, not including 2 byte size field */
1473 cpu_to_be16wu((uint16_t *)buf, 4 + 2);
1474
1475 /* 4 byte header + 4 byte data */
1476 return (4 + 4);
1477
1478 case 0x03: /* BCA information - invalid field for no BCA info */
1479 return -ASC_INV_FIELD_IN_CMD_PACKET;
1480
1481 case 0x04: /* DVD disc manufacturing information */
1482 /* Size of buffer, not including 2 byte size field */
1483 cpu_to_be16wu((uint16_t *)buf, 2048 + 2);
1484
1485 /* 2k data + 4 byte header */
1486 return (2048 + 4);
1487
1488 case 0xff:
1489 /*
1490 * This lists all the command capabilities above. Add new ones
1491 * in order and update the length and buffer return values.
1492 */
1493
1494 buf[4] = 0x00; /* Physical format */
1495 buf[5] = 0x40; /* Not writable, is readable */
1496 cpu_to_be16wu((uint16_t *)(buf + 6), 2048 + 4);
1497
1498 buf[8] = 0x01; /* Copyright info */
1499 buf[9] = 0x40; /* Not writable, is readable */
1500 cpu_to_be16wu((uint16_t *)(buf + 10), 4 + 4);
1501
1502 buf[12] = 0x03; /* BCA info */
1503 buf[13] = 0x40; /* Not writable, is readable */
1504 cpu_to_be16wu((uint16_t *)(buf + 14), 188 + 4);
1505
1506 buf[16] = 0x04; /* Manufacturing info */
1507 buf[17] = 0x40; /* Not writable, is readable */
1508 cpu_to_be16wu((uint16_t *)(buf + 18), 2048 + 4);
1509
1510 /* Size of buffer, not including 2 byte size field */
1511 cpu_to_be16wu((uint16_t *)buf, 16 + 2);
1512
1513 /* data written + 4 byte header */
1514 return (16 + 4);
1515
1516 default: /* TODO: formats beyond DVD-ROM requires */
1517 return -ASC_INV_FIELD_IN_CMD_PACKET;
1518 }
1519}
1520
5391d806
FB		 1521static void ide_atapi_cmd(IDEState *s)
1522{
1523 const uint8_t *packet;
1524 uint8_t *buf;
1525 int max_len;
1526
1527 packet = s->io_buffer;
1528 buf = s->io_buffer;
1529#ifdef DEBUG_IDE_ATAPI
1530 {
1531 int i;
1532 printf("ATAPI limit=0x%x packet:", s->lcyl | (s->hcyl << 8));
1533 for(i = 0; i < ATAPI_PACKET_SIZE; i++) {
1534 printf(" %02x", packet[i]);
1535 }
1536 printf("\n");
1537 }
1538#endif
9118e7f0
AL		 1539 /* If there's a UNIT_ATTENTION condition pending, only
1540 REQUEST_SENSE and INQUIRY commands are allowed to complete. */
1541 if (s->sense_key == SENSE_UNIT_ATTENTION &&
1542 s->io_buffer[0] != GPCMD_REQUEST_SENSE &&
1543 s->io_buffer[0] != GPCMD_INQUIRY) {
1544 ide_atapi_cmd_check_status(s);
1545 return;
1546 }
5391d806
FB		 1547 switch(s->io_buffer[0]) {
1548 case GPCMD_TEST_UNIT_READY:
caed8802 1549 if (bdrv_is_inserted(s->bs)) {
5391d806
FB		 1550 ide_atapi_cmd_ok(s);
1551 } else {
5fafdf24 1552 ide_atapi_cmd_error(s, SENSE_NOT_READY,
5391d806
FB		 1553 ASC_MEDIUM_NOT_PRESENT);
1554 }
1555 break;
d14049ea 1556 case GPCMD_MODE_SENSE_6:
5391d806
FB		 1557 case GPCMD_MODE_SENSE_10:
1558 {
1559 int action, code;
d14049ea
TS		 1560 if (packet[0] == GPCMD_MODE_SENSE_10)
1561 max_len = ube16_to_cpu(packet + 7);
1562 else
1563 max_len = packet[4];
5391d806
FB		 1564 action = packet[2] >> 6;
1565 code = packet[2] & 0x3f;
1566 switch(action) {
1567 case 0: /* current values */
1568 switch(code) {
1569 case 0x01: /* error recovery */
1570 cpu_to_ube16(&buf[0], 16 + 6);
1571 buf[2] = 0x70;
1572 buf[3] = 0;
1573 buf[4] = 0;
1574 buf[5] = 0;
1575 buf[6] = 0;
1576 buf[7] = 0;
1577
1578 buf[8] = 0x01;
1579 buf[9] = 0x06;
1580 buf[10] = 0x00;
1581 buf[11] = 0x05;
1582 buf[12] = 0x00;
1583 buf[13] = 0x00;
1584 buf[14] = 0x00;
1585 buf[15] = 0x00;
1586 ide_atapi_cmd_reply(s, 16, max_len);
1587 break;
1588 case 0x2a:
1589 cpu_to_ube16(&buf[0], 28 + 6);
1590 buf[2] = 0x70;
1591 buf[3] = 0;
1592 buf[4] = 0;
1593 buf[5] = 0;
1594 buf[6] = 0;
1595 buf[7] = 0;
1596
1597 buf[8] = 0x2a;
1598 buf[9] = 0x12;
0d4a05a1 1599 buf[10] = 0x00;
5391d806 1600 buf[11] = 0x00;
3b46e624 1601
d5b4eb40
AL		 1602 /* Claim PLAY_AUDIO capability (0x01) since some Linux
1603 code checks for this to automount media. */
1604 buf[12] = 0x71;
5391d806
FB		 1605 buf[13] = 3 << 5;
1606 buf[14] = (1 << 0) | (1 << 3) | (1 << 5);
caed8802 1607 if (bdrv_is_locked(s->bs))
5391d806
FB		 1608 buf[6] |= 1 << 1;
1609 buf[15] = 0x00;
1610 cpu_to_ube16(&buf[16], 706);
1611 buf[18] = 0;
1612 buf[19] = 2;
1613 cpu_to_ube16(&buf[20], 512);
1614 cpu_to_ube16(&buf[22], 706);
1615 buf[24] = 0;
1616 buf[25] = 0;
1617 buf[26] = 0;
1618 buf[27] = 0;
1619 ide_atapi_cmd_reply(s, 28, max_len);
1620 break;
1621 default:
1622 goto error_cmd;
1623 }
1624 break;
1625 case 1: /* changeable values */
1626 goto error_cmd;
1627 case 2: /* default values */
1628 goto error_cmd;
1629 default:
1630 case 3: /* saved values */
5fafdf24 1631 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
5391d806
FB		 1632 ASC_SAVING_PARAMETERS_NOT_SUPPORTED);
1633 break;
1634 }
1635 }
1636 break;
1637 case GPCMD_REQUEST_SENSE:
1638 max_len = packet[4];
1639 memset(buf, 0, 18);
1640 buf[0] = 0x70 | (1 << 7);
1641 buf[2] = s->sense_key;
1642 buf[7] = 10;
1643 buf[12] = s->asc;
9118e7f0
AL		 1644 if (s->sense_key == SENSE_UNIT_ATTENTION)
1645 s->sense_key = SENSE_NONE;
5391d806
FB		 1646 ide_atapi_cmd_reply(s, 18, max_len);
1647 break;
1648 case GPCMD_PREVENT_ALLOW_MEDIUM_REMOVAL:
caed8802
FB		 1649 if (bdrv_is_inserted(s->bs)) {
1650 bdrv_set_locked(s->bs, packet[4] & 1);
5391d806
FB		 1651 ide_atapi_cmd_ok(s);
1652 } else {
5fafdf24 1653 ide_atapi_cmd_error(s, SENSE_NOT_READY,
5391d806
FB		 1654 ASC_MEDIUM_NOT_PRESENT);
1655 }
1656 break;
1657 case GPCMD_READ_10:
1658 case GPCMD_READ_12:
1659 {
1660 int nb_sectors, lba;
1661
5391d806
FB		 1662 if (packet[0] == GPCMD_READ_10)
1663 nb_sectors = ube16_to_cpu(packet + 7);
1664 else
1665 nb_sectors = ube32_to_cpu(packet + 6);
1666 lba = ube32_to_cpu(packet + 2);
1667 if (nb_sectors == 0) {
1668 ide_atapi_cmd_ok(s);
1669 break;
1670 }
98087450
FB		 1671 ide_atapi_cmd_read(s, lba, nb_sectors, 2048);
1672 }
1673 break;
1674 case GPCMD_READ_CD:
1675 {
1676 int nb_sectors, lba, transfer_request;
1677
98087450
FB		 1678 nb_sectors = (packet[6] << 16) | (packet[7] << 8) | packet[8];
1679 lba = ube32_to_cpu(packet + 2);
1680 if (nb_sectors == 0) {
1681 ide_atapi_cmd_ok(s);
1682 break;
1683 }
98087450
FB		 1684 transfer_request = packet[9];
1685 switch(transfer_request & 0xf8) {
1686 case 0x00:
1687 /* nothing */
1688 ide_atapi_cmd_ok(s);
1689 break;
1690 case 0x10:
1691 /* normal read */
1692 ide_atapi_cmd_read(s, lba, nb_sectors, 2048);
1693 break;
1694 case 0xf8:
1695 /* read all data */
1696 ide_atapi_cmd_read(s, lba, nb_sectors, 2352);
1697 break;
1698 default:
5fafdf24 1699 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
98087450
FB		 1700 ASC_INV_FIELD_IN_CMD_PACKET);
1701 break;
1702 }
5391d806
FB		 1703 }
1704 break;
1705 case GPCMD_SEEK:
1706 {
96b8f136
TS		 1707 unsigned int lba;
1708 uint64_t total_sectors;
66c6ef76
FB		 1709
1710 bdrv_get_geometry(s->bs, &total_sectors);
1711 total_sectors >>= 2;
96b8f136 1712 if (total_sectors == 0) {
5fafdf24 1713 ide_atapi_cmd_error(s, SENSE_NOT_READY,
5391d806
FB		 1714 ASC_MEDIUM_NOT_PRESENT);
1715 break;
1716 }
1717 lba = ube32_to_cpu(packet + 2);
66c6ef76 1718 if (lba >= total_sectors) {
5fafdf24 1719 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
5391d806
FB		 1720 ASC_LOGICAL_BLOCK_OOR);
1721 break;
1722 }
1723 ide_atapi_cmd_ok(s);
1724 }
1725 break;
1726 case GPCMD_START_STOP_UNIT:
1727 {
1728 int start, eject;
1729 start = packet[4] & 1;
1730 eject = (packet[4] >> 1) & 1;
3b46e624 1731
caed8802
FB		 1732 if (eject && !start) {
1733 /* eject the disk */
66c6ef76
FB		 1734 bdrv_eject(s->bs, 1);
1735 } else if (eject && start) {
1736 /* close the tray */
1737 bdrv_eject(s->bs, 0);
caed8802 1738 }
5391d806
FB		 1739 ide_atapi_cmd_ok(s);
1740 }
1741 break;
1742 case GPCMD_MECHANISM_STATUS:
1743 {
1744 max_len = ube16_to_cpu(packet + 8);
1745 cpu_to_ube16(buf, 0);
1746 /* no current LBA */
1747 buf[2] = 0;
1748 buf[3] = 0;
1749 buf[4] = 0;
1750 buf[5] = 1;
1751 cpu_to_ube16(buf + 6, 0);
1752 ide_atapi_cmd_reply(s, 8, max_len);
1753 }
1754 break;
1755 case GPCMD_READ_TOC_PMA_ATIP:
1756 {
1757 int format, msf, start_track, len;
96b8f136 1758 uint64_t total_sectors;
5391d806 1759
66c6ef76
FB		 1760 bdrv_get_geometry(s->bs, &total_sectors);
1761 total_sectors >>= 2;
96b8f136 1762 if (total_sectors == 0) {
5fafdf24 1763 ide_atapi_cmd_error(s, SENSE_NOT_READY,
5391d806
FB		 1764 ASC_MEDIUM_NOT_PRESENT);
1765 break;
1766 }
1767 max_len = ube16_to_cpu(packet + 7);
1768 format = packet[9] >> 6;
1769 msf = (packet[1] >> 1) & 1;
1770 start_track = packet[6];
1771 switch(format) {
1772 case 0:
66c6ef76 1773 len = cdrom_read_toc(total_sectors, buf, msf, start_track);
5391d806
FB		 1774 if (len < 0)
1775 goto error_cmd;
1776 ide_atapi_cmd_reply(s, len, max_len);
1777 break;
1778 case 1:
1779 /* multi session : only a single session defined */
1780 memset(buf, 0, 12);
1781 buf[1] = 0x0a;
1782 buf[2] = 0x01;
1783 buf[3] = 0x01;
1784 ide_atapi_cmd_reply(s, 12, max_len);
1785 break;
98087450 1786 case 2:
66c6ef76 1787 len = cdrom_read_toc_raw(total_sectors, buf, msf, start_track);
98087450
FB		 1788 if (len < 0)
1789 goto error_cmd;
1790 ide_atapi_cmd_reply(s, len, max_len);
1791 break;
5391d806 1792 default:
7f777bf3 1793 error_cmd:
5fafdf24 1794 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
7f777bf3
FB		 1795 ASC_INV_FIELD_IN_CMD_PACKET);
1796 break;
5391d806
FB		 1797 }
1798 }
1799 break;
1800 case GPCMD_READ_CDVD_CAPACITY:
66c6ef76 1801 {
96b8f136 1802 uint64_t total_sectors;
66c6ef76
FB		 1803
1804 bdrv_get_geometry(s->bs, &total_sectors);
1805 total_sectors >>= 2;
96b8f136 1806 if (total_sectors == 0) {
5fafdf24 1807 ide_atapi_cmd_error(s, SENSE_NOT_READY,
66c6ef76
FB		 1808 ASC_MEDIUM_NOT_PRESENT);
1809 break;
1810 }
1811 /* NOTE: it is really the number of sectors minus 1 */
1812 cpu_to_ube32(buf, total_sectors - 1);
1813 cpu_to_ube32(buf + 4, 2048);
1814 ide_atapi_cmd_reply(s, 8, 8);
5391d806 1815 }
5391d806 1816 break;
d14049ea
TS		 1817 case GPCMD_READ_DVD_STRUCTURE:
1818 {
1819 int media = packet[1];
8114e9e8
TS		 1820 int format = packet[7];
1821 int ret;
d14049ea 1822
8114e9e8 1823 max_len = ube16_to_cpu(packet + 8);
d14049ea 1824
8114e9e8
TS		 1825 if (format < 0xff) {
1826 if (media_is_cd(s)) {
1827 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1828 ASC_INCOMPATIBLE_FORMAT);
1829 break;
1830 } else if (!media_present(s)) {
1831 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1832 ASC_INV_FIELD_IN_CMD_PACKET);
1833 break;
1834 }
1835 }
d14049ea 1836
8114e9e8
TS		 1837 memset(buf, 0, max_len > IDE_DMA_BUF_SECTORS * 512 + 4 ?
1838 IDE_DMA_BUF_SECTORS * 512 + 4 : max_len);
d14049ea 1839
8114e9e8
TS		 1840 switch (format) {
1841 case 0x00 ... 0x7f:
1842 case 0xff:
1843 if (media == 0) {
1844 ret = ide_dvd_read_structure(s, format, packet, buf);
d14049ea 1845
8114e9e8
TS		 1846 if (ret < 0)
1847 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST, -ret);
1848 else
1849 ide_atapi_cmd_reply(s, ret, max_len);
d14049ea 1850
8114e9e8
TS		 1851 break;
1852 }
1853 /* TODO: BD support, fall through for now */
1854
1855 /* Generic disk structures */
1856 case 0x80: /* TODO: AACS volume identifier */
1857 case 0x81: /* TODO: AACS media serial number */
1858 case 0x82: /* TODO: AACS media identifier */
1859 case 0x83: /* TODO: AACS media key block */
1860 case 0x90: /* TODO: List of recognized format layers */
1861 case 0xc0: /* TODO: Write protection status */
d14049ea
TS		 1862 default:
1863 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1864 ASC_INV_FIELD_IN_CMD_PACKET);
1865 break;
1866 }
1867 }
1868 break;
1869 case GPCMD_SET_SPEED:
1870 ide_atapi_cmd_ok(s);
1871 break;
bd0d90b2
FB		 1872 case GPCMD_INQUIRY:
1873 max_len = packet[4];
1874 buf[0] = 0x05; /* CD-ROM */
1875 buf[1] = 0x80; /* removable */
1876 buf[2] = 0x00; /* ISO */
1877 buf[3] = 0x21; /* ATAPI-2 (XXX: put ATAPI-4 ?) */
aa1f17c1 1878 buf[4] = 31; /* additional length */
bd0d90b2
FB		 1879 buf[5] = 0; /* reserved */
1880 buf[6] = 0; /* reserved */
1881 buf[7] = 0; /* reserved */
1882 padstr8(buf + 8, 8, "QEMU");
38cdea7c 1883 padstr8(buf + 16, 16, "QEMU DVD-ROM");
bd0d90b2
FB		 1884 padstr8(buf + 32, 4, QEMU_VERSION);
1885 ide_atapi_cmd_reply(s, 36, max_len);
1886 break;
d14049ea
TS		 1887 case GPCMD_GET_CONFIGURATION:
1888 {
38cdea7c 1889 uint32_t len;
091d055b 1890 uint8_t index = 0;
d14049ea
TS		 1891
1892 /* only feature 0 is supported */
1893 if (packet[2] != 0 || packet[3] != 0) {
1894 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1895 ASC_INV_FIELD_IN_CMD_PACKET);
1896 break;
1897 }
38cdea7c
AZ		 1898
1899 /* XXX: could result in alignment problems in some architectures */
1900 max_len = ube16_to_cpu(packet + 7);
091d055b 1901
38cdea7c 1902 /*
091d055b
AZ		 1903 * XXX: avoid overflow for io_buffer if max_len is bigger than
1904 * the size of that buffer (dimensioned to max number of
1905 * sectors to transfer at once)
38cdea7c 1906 *
091d055b 1907 * Only a problem if the feature/profiles grow.
38cdea7c
AZ		 1908 */
1909 if (max_len > 512) /* XXX: assume 1 sector */
1910 max_len = 512;
1911
1912 memset(buf, 0, max_len);
1913 /*
1914 * the number of sectors from the media tells us which profile
1915 * to use as current. 0 means there is no media
38cdea7c 1916 */
8114e9e8
TS		 1917 if (media_is_dvd(s))
1918 cpu_to_ube16(buf + 6, MMC_PROFILE_DVD_ROM);
1919 else if (media_is_cd(s))
1920 cpu_to_ube16(buf + 6, MMC_PROFILE_CD_ROM);
38cdea7c 1921
091d055b
AZ		 1922 buf[10] = 0x02 | 0x01; /* persistent and current */
1923 len = 12; /* headers: 8 + 4 */
1924 len += ide_atapi_set_profile(buf, &index, MMC_PROFILE_DVD_ROM);
1925 len += ide_atapi_set_profile(buf, &index, MMC_PROFILE_CD_ROM);
38cdea7c
AZ		 1926 cpu_to_ube32(buf, len - 4); /* data length */
1927
1928 ide_atapi_cmd_reply(s, len, max_len);
d14049ea
TS		 1929 break;
1930 }
5391d806 1931 default:
5fafdf24 1932 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
7f777bf3 1933 ASC_ILLEGAL_OPCODE);
5391d806
FB		 1934 break;
1935 }
1936}
1937
201a51fc
AZ		 1938static void ide_cfata_metadata_inquiry(IDEState *s)
1939{
1940 uint16_t *p;
1941 uint32_t spd;
1942
1943 p = (uint16_t *) s->io_buffer;
1944 memset(p, 0, 0x200);
1945 spd = ((s->mdata_size - 1) >> 9) + 1;
1946
1947 put_le16(p + 0, 0x0001); /* Data format revision */
1948 put_le16(p + 1, 0x0000); /* Media property: silicon */
1949 put_le16(p + 2, s->media_changed); /* Media status */
1950 put_le16(p + 3, s->mdata_size & 0xffff); /* Capacity in bytes (low) */
1951 put_le16(p + 4, s->mdata_size >> 16); /* Capacity in bytes (high) */
1952 put_le16(p + 5, spd & 0xffff); /* Sectors per device (low) */
1953 put_le16(p + 6, spd >> 16); /* Sectors per device (high) */
1954}
1955
1956static void ide_cfata_metadata_read(IDEState *s)
1957{
1958 uint16_t *p;
1959
1960 if (((s->hcyl << 16) | s->lcyl) << 9 > s->mdata_size + 2) {
1961 s->status = ERR_STAT;
1962 s->error = ABRT_ERR;
1963 return;
1964 }
1965
1966 p = (uint16_t *) s->io_buffer;
1967 memset(p, 0, 0x200);
1968
1969 put_le16(p + 0, s->media_changed); /* Media status */
1970 memcpy(p + 1, s->mdata_storage + (((s->hcyl << 16) | s->lcyl) << 9),
1971 MIN(MIN(s->mdata_size - (((s->hcyl << 16) | s->lcyl) << 9),
1972 s->nsector << 9), 0x200 - 2));
1973}
1974
1975static void ide_cfata_metadata_write(IDEState *s)
1976{
1977 if (((s->hcyl << 16) | s->lcyl) << 9 > s->mdata_size + 2) {
1978 s->status = ERR_STAT;
1979 s->error = ABRT_ERR;
1980 return;
1981 }
1982
1983 s->media_changed = 0;
1984
1985 memcpy(s->mdata_storage + (((s->hcyl << 16) | s->lcyl) << 9),
1986 s->io_buffer + 2,
1987 MIN(MIN(s->mdata_size - (((s->hcyl << 16) | s->lcyl) << 9),
1988 s->nsector << 9), 0x200 - 2));
1989}
1990
bd491d6a
TS		 1991/* called when the inserted state of the media has changed */
1992static void cdrom_change_cb(void *opaque)
1993{
1994 IDEState *s = opaque;
96b8f136 1995 uint64_t nb_sectors;
bd491d6a 1996
bd491d6a
TS		 1997 bdrv_get_geometry(s->bs, &nb_sectors);
1998 s->nb_sectors = nb_sectors;
9118e7f0
AL		 1999
2000 s->sense_key = SENSE_UNIT_ATTENTION;
2001 s->asc = ASC_MEDIUM_MAY_HAVE_CHANGED;
2002
2003 ide_set_irq(s);
bd491d6a
TS		 2004}
2005
c2ff060f
FB		 2006static void ide_cmd_lba48_transform(IDEState *s, int lba48)
2007{
2008 s->lba48 = lba48;
2009
2010 /* handle the 'magic' 0 nsector count conversion here. to avoid
2011 * fiddling with the rest of the read logic, we just store the
2012 * full sector count in ->nsector and ignore ->hob_nsector from now
2013 */
2014 if (!s->lba48) {
2015 if (!s->nsector)
2016 s->nsector = 256;
2017 } else {
2018 if (!s->nsector && !s->hob_nsector)
2019 s->nsector = 65536;
2020 else {
2021 int lo = s->nsector;
2022 int hi = s->hob_nsector;
2023
2024 s->nsector = (hi << 8) | lo;
2025 }
2026 }
2027}
2028
2029static void ide_clear_hob(IDEState *ide_if)
2030{
2031 /* any write clears HOB high bit of device control register */
2032 ide_if[0].select &= ~(1 << 7);
2033 ide_if[1].select &= ~(1 << 7);
2034}
2035
caed8802
FB		 2036static void ide_ioport_write(void *opaque, uint32_t addr, uint32_t val)
2037{
2038 IDEState *ide_if = opaque;
c45c3d00 2039 IDEState *s;
5391d806 2040 int unit, n;
c2ff060f 2041 int lba48 = 0;
5391d806
FB		 2042
2043#ifdef DEBUG_IDE
2044 printf("IDE: write addr=0x%x val=0x%02x\n", addr, val);
2045#endif
c2ff060f 2046
5391d806 2047 addr &= 7;
fcdd25ab
AL		 2048
2049 /* ignore writes to command block while busy with previous command */
2050 if (addr != 7 && (ide_if->cur_drive->status & (BUSY_STAT|DRQ_STAT)))
2051 return;
2052
5391d806
FB		 2053 switch(addr) {
2054 case 0:
2055 break;
2056 case 1:
c2ff060f 2057 ide_clear_hob(ide_if);
c45c3d00 2058 /* NOTE: data is written to the two drives */
c2ff060f
FB		 2059 ide_if[0].hob_feature = ide_if[0].feature;
2060 ide_if[1].hob_feature = ide_if[1].feature;
c45c3d00
FB		 2061 ide_if[0].feature = val;
2062 ide_if[1].feature = val;
5391d806
FB		 2063 break;
2064 case 2:
c2ff060f
FB		 2065 ide_clear_hob(ide_if);
2066 ide_if[0].hob_nsector = ide_if[0].nsector;
2067 ide_if[1].hob_nsector = ide_if[1].nsector;
c45c3d00
FB		 2068 ide_if[0].nsector = val;
2069 ide_if[1].nsector = val;
5391d806
FB		 2070 break;
2071 case 3:
c2ff060f
FB		 2072 ide_clear_hob(ide_if);
2073 ide_if[0].hob_sector = ide_if[0].sector;
2074 ide_if[1].hob_sector = ide_if[1].sector;
c45c3d00
FB		 2075 ide_if[0].sector = val;
2076 ide_if[1].sector = val;
5391d806
FB		 2077 break;
2078 case 4:
c2ff060f
FB		 2079 ide_clear_hob(ide_if);
2080 ide_if[0].hob_lcyl = ide_if[0].lcyl;
2081 ide_if[1].hob_lcyl = ide_if[1].lcyl;
c45c3d00
FB		 2082 ide_if[0].lcyl = val;
2083 ide_if[1].lcyl = val;
5391d806
FB		 2084 break;
2085 case 5:
c2ff060f
FB		 2086 ide_clear_hob(ide_if);
2087 ide_if[0].hob_hcyl = ide_if[0].hcyl;
2088 ide_if[1].hob_hcyl = ide_if[1].hcyl;
c45c3d00
FB		 2089 ide_if[0].hcyl = val;
2090 ide_if[1].hcyl = val;
5391d806
FB		 2091 break;
2092 case 6:
c2ff060f 2093 /* FIXME: HOB readback uses bit 7 */
7ae98627
FB		 2094 ide_if[0].select = (val & ~0x10) | 0xa0;
2095 ide_if[1].select = (val | 0x10) | 0xa0;
5391d806
FB		 2096 /* select drive */
2097 unit = (val >> 4) & 1;
2098 s = ide_if + unit;
2099 ide_if->cur_drive = s;
5391d806
FB		 2100 break;
2101 default:
2102 case 7:
2103 /* command */
2104#if defined(DEBUG_IDE)
2105 printf("ide: CMD=%02x\n", val);
2106#endif
c45c3d00 2107 s = ide_if->cur_drive;
66201e2d 2108 /* ignore commands to non existant slave */
5fafdf24 2109 if (s != ide_if && !s->bs)
66201e2d 2110 break;
c2ff060f 2111
fcdd25ab
AL		 2112 /* Only DEVICE RESET is allowed while BSY or/and DRQ are set */
2113 if ((s->status & (BUSY_STAT|DRQ_STAT)) && val != WIN_DEVICE_RESET)
2114 break;
2115
5391d806
FB		 2116 switch(val) {
2117 case WIN_IDENTIFY:
2118 if (s->bs && !s->is_cdrom) {
201a51fc
AZ		 2119 if (!s->is_cf)
2120 ide_identify(s);
2121 else
2122 ide_cfata_identify(s);
2a282056 2123 s->status = READY_STAT | SEEK_STAT;
5391d806
FB		 2124 ide_transfer_start(s, s->io_buffer, 512, ide_transfer_stop);
2125 } else {
2126 if (s->is_cdrom) {
2127 ide_set_signature(s);
2128 }
2129 ide_abort_command(s);
2130 }
2131 ide_set_irq(s);
2132 break;
2133 case WIN_SPECIFY:
2134 case WIN_RECAL:
a136e5a8 2135 s->error = 0;
769bec72 2136 s->status = READY_STAT | SEEK_STAT;
5391d806
FB		 2137 ide_set_irq(s);
2138 break;
2139 case WIN_SETMULT:
201a51fc
AZ		 2140 if (s->is_cf && s->nsector == 0) {
2141 /* Disable Read and Write Multiple */
2142 s->mult_sectors = 0;
41a2b959 2143 s->status = READY_STAT | SEEK_STAT;
201a51fc 2144 } else if ((s->nsector & 0xff) != 0 &&
39dfc926
TS		 2145 ((s->nsector & 0xff) > MAX_MULT_SECTORS ||
2146 (s->nsector & (s->nsector - 1)) != 0)) {
5391d806
FB		 2147 ide_abort_command(s);
2148 } else {
292eef5a 2149 s->mult_sectors = s->nsector & 0xff;
41a2b959 2150 s->status = READY_STAT | SEEK_STAT;
5391d806
FB		 2151 }
2152 ide_set_irq(s);
2153 break;
c2ff060f
FB		 2154 case WIN_VERIFY_EXT:
2155 lba48 = 1;
4ce900b4
FB		 2156 case WIN_VERIFY:
2157 case WIN_VERIFY_ONCE:
2158 /* do sector number check ? */
c2ff060f 2159 ide_cmd_lba48_transform(s, lba48);
41a2b959 2160 s->status = READY_STAT | SEEK_STAT;
4ce900b4
FB		 2161 ide_set_irq(s);
2162 break;
c2ff060f
FB		 2163 case WIN_READ_EXT:
2164 lba48 = 1;
5391d806
FB		 2165 case WIN_READ:
2166 case WIN_READ_ONCE:
5fafdf24 2167 if (!s->bs)
6b136f9e 2168 goto abort_cmd;
c2ff060f 2169 ide_cmd_lba48_transform(s, lba48);
5391d806
FB		 2170 s->req_nb_sectors = 1;
2171 ide_sector_read(s);
2172 break;
c2ff060f
FB		 2173 case WIN_WRITE_EXT:
2174 lba48 = 1;
5391d806
FB		 2175 case WIN_WRITE:
2176 case WIN_WRITE_ONCE:
201a51fc
AZ		 2177 case CFA_WRITE_SECT_WO_ERASE:
2178 case WIN_WRITE_VERIFY:
c2ff060f 2179 ide_cmd_lba48_transform(s, lba48);
a136e5a8 2180 s->error = 0;
f66723fa 2181 s->status = SEEK_STAT | READY_STAT;
5391d806
FB		 2182 s->req_nb_sectors = 1;
2183 ide_transfer_start(s, s->io_buffer, 512, ide_sector_write);
201a51fc 2184 s->media_changed = 1;
5391d806 2185 break;
c2ff060f
FB		 2186 case WIN_MULTREAD_EXT:
2187 lba48 = 1;
5391d806
FB		 2188 case WIN_MULTREAD:
2189 if (!s->mult_sectors)
2190 goto abort_cmd;
c2ff060f 2191 ide_cmd_lba48_transform(s, lba48);
5391d806
FB		 2192 s->req_nb_sectors = s->mult_sectors;
2193 ide_sector_read(s);
2194 break;
c2ff060f
FB		 2195 case WIN_MULTWRITE_EXT:
2196 lba48 = 1;
5391d806 2197 case WIN_MULTWRITE:
201a51fc 2198 case CFA_WRITE_MULTI_WO_ERASE:
5391d806
FB		 2199 if (!s->mult_sectors)
2200 goto abort_cmd;
c2ff060f 2201 ide_cmd_lba48_transform(s, lba48);
a136e5a8 2202 s->error = 0;
f66723fa 2203 s->status = SEEK_STAT | READY_STAT;
5391d806
FB		 2204 s->req_nb_sectors = s->mult_sectors;
2205 n = s->nsector;
2206 if (n > s->req_nb_sectors)
2207 n = s->req_nb_sectors;
2208 ide_transfer_start(s, s->io_buffer, 512 * n, ide_sector_write);
201a51fc 2209 s->media_changed = 1;
5391d806 2210 break;
c2ff060f
FB		 2211 case WIN_READDMA_EXT:
2212 lba48 = 1;
98087450
FB		 2213 case WIN_READDMA:
2214 case WIN_READDMA_ONCE:
5fafdf24 2215 if (!s->bs)
98087450 2216 goto abort_cmd;
c2ff060f 2217 ide_cmd_lba48_transform(s, lba48);
98087450
FB		 2218 ide_sector_read_dma(s);
2219 break;
c2ff060f
FB		 2220 case WIN_WRITEDMA_EXT:
2221 lba48 = 1;
98087450
FB		 2222 case WIN_WRITEDMA:
2223 case WIN_WRITEDMA_ONCE:
5fafdf24 2224 if (!s->bs)
98087450 2225 goto abort_cmd;
c2ff060f 2226 ide_cmd_lba48_transform(s, lba48);
98087450 2227 ide_sector_write_dma(s);
201a51fc 2228 s->media_changed = 1;
98087450 2229 break;
c2ff060f
FB		 2230 case WIN_READ_NATIVE_MAX_EXT:
2231 lba48 = 1;
5391d806 2232 case WIN_READ_NATIVE_MAX:
c2ff060f 2233 ide_cmd_lba48_transform(s, lba48);
5391d806 2234 ide_set_sector(s, s->nb_sectors - 1);
41a2b959 2235 s->status = READY_STAT | SEEK_STAT;
5391d806
FB		 2236 ide_set_irq(s);
2237 break;
a136e5a8 2238 case WIN_CHECKPOWERMODE1:
201a51fc 2239 case WIN_CHECKPOWERMODE2:
a136e5a8 2240 s->nsector = 0xff; /* device active or idle */
41a2b959 2241 s->status = READY_STAT | SEEK_STAT;
a136e5a8
FB		 2242 ide_set_irq(s);
2243 break;
34e538ae
FB		 2244 case WIN_SETFEATURES:
2245 if (!s->bs)
2246 goto abort_cmd;
2247 /* XXX: valid for CDROM ? */
2248 switch(s->feature) {
e1f63470
TS		 2249 case 0xcc: /* reverting to power-on defaults enable */
2250 case 0x66: /* reverting to power-on defaults disable */
34e538ae
FB		 2251 case 0x02: /* write cache enable */
2252 case 0x82: /* write cache disable */
2253 case 0xaa: /* read look-ahead enable */
2254 case 0x55: /* read look-ahead disable */
201a51fc
AZ		 2255 case 0x05: /* set advanced power management mode */
2256 case 0x85: /* disable advanced power management mode */
2257 case 0x69: /* NOP */
2258 case 0x67: /* NOP */
2259 case 0x96: /* NOP */
2260 case 0x9a: /* NOP */
c3e88d8c
TS		 2261 case 0x42: /* enable Automatic Acoustic Mode */
2262 case 0xc2: /* disable Automatic Acoustic Mode */
e0fe67aa 2263 s->status = READY_STAT | SEEK_STAT;
34e538ae
FB		 2264 ide_set_irq(s);
2265 break;
94458802
FB		 2266 case 0x03: { /* set transfer mode */
2267 uint8_t val = s->nsector & 0x07;
2268
2269 switch (s->nsector >> 3) {
2270 case 0x00: /* pio default */
2271 case 0x01: /* pio mode */
d1b5c20d
TS		 2272 put_le16(s->identify_data + 62,0x07);
2273 put_le16(s->identify_data + 63,0x07);
2274 put_le16(s->identify_data + 88,0x3f);
2275 break;
2276 case 0x02: /* sigle word dma mode*/
2277 put_le16(s->identify_data + 62,0x07 | (1 << (val + 8)));
94458802
FB		 2278 put_le16(s->identify_data + 63,0x07);
2279 put_le16(s->identify_data + 88,0x3f);
2280 break;
2281 case 0x04: /* mdma mode */
d1b5c20d 2282 put_le16(s->identify_data + 62,0x07);
94458802
FB		 2283 put_le16(s->identify_data + 63,0x07 | (1 << (val + 8)));
2284 put_le16(s->identify_data + 88,0x3f);
2285 break;
2286 case 0x08: /* udma mode */
d1b5c20d 2287 put_le16(s->identify_data + 62,0x07);
94458802
FB		 2288 put_le16(s->identify_data + 63,0x07);
2289 put_le16(s->identify_data + 88,0x3f | (1 << (val + 8)));
2290 break;
2291 default:
2292 goto abort_cmd;
2293 }
2294 s->status = READY_STAT | SEEK_STAT;
2295 ide_set_irq(s);
2296 break;
2297 }
34e538ae
FB		 2298 default:
2299 goto abort_cmd;
2300 }
2301 break;
c2ff060f
FB		 2302 case WIN_FLUSH_CACHE:
2303 case WIN_FLUSH_CACHE_EXT:
7a6cba61
PB		 2304 if (s->bs)
2305 bdrv_flush(s->bs);
41a2b959 2306 s->status = READY_STAT | SEEK_STAT;
7a6cba61
PB		 2307 ide_set_irq(s);
2308 break;
c3e88d8c
TS		 2309 case WIN_STANDBY:
2310 case WIN_STANDBY2:
2311 case WIN_STANDBYNOW1:
201a51fc 2312 case WIN_STANDBYNOW2:
c451ee71 2313 case WIN_IDLEIMMEDIATE:
201a51fc
AZ		 2314 case CFA_IDLEIMMEDIATE:
2315 case WIN_SETIDLE1:
2316 case WIN_SETIDLE2:
c3e88d8c
TS		 2317 case WIN_SLEEPNOW1:
2318 case WIN_SLEEPNOW2:
2319 s->status = READY_STAT;
a7dfe172
FB		 2320 ide_set_irq(s);
2321 break;
4fbfcd6d
AJ		 2322 case WIN_SEEK:
2323 if(s->is_cdrom)
2324 goto abort_cmd;
2325 /* XXX: Check that seek is within bounds */
2326 s->status = READY_STAT | SEEK_STAT;
2327 ide_set_irq(s);
2328 break;
5391d806
FB		 2329 /* ATAPI commands */
2330 case WIN_PIDENTIFY:
2331 if (s->is_cdrom) {
2332 ide_atapi_identify(s);
1298fe63 2333 s->status = READY_STAT | SEEK_STAT;
5391d806
FB		 2334 ide_transfer_start(s, s->io_buffer, 512, ide_transfer_stop);
2335 } else {
2336 ide_abort_command(s);
2337 }
2338 ide_set_irq(s);
2339 break;
c451ee71
FB		 2340 case WIN_DIAGNOSE:
2341 ide_set_signature(s);
33256a25
AL		 2342 if (s->is_cdrom)
2343 s->status = 0; /* ATAPI spec (v6) section 9.10 defines packet
2344 * devices to return a clear status register
2345 * with READY_STAT *not* set. */
2346 else
2347 s->status = READY_STAT | SEEK_STAT;
2348 s->error = 0x01; /* Device 0 passed, Device 1 passed or not
2349 * present.
2350 */
f5fdd0a8 2351 ide_set_irq(s);
c451ee71 2352 break;
5391d806
FB		 2353 case WIN_SRST:
2354 if (!s->is_cdrom)
2355 goto abort_cmd;
2356 ide_set_signature(s);
6b136f9e 2357 s->status = 0x00; /* NOTE: READY is _not_ set */
5391d806
FB		 2358 s->error = 0x01;
2359 break;
2360 case WIN_PACKETCMD:
2361 if (!s->is_cdrom)
2362 goto abort_cmd;
98087450
FB		 2363 /* overlapping commands not supported */
2364 if (s->feature & 0x02)
5391d806 2365 goto abort_cmd;
41a2b959 2366 s->status = READY_STAT | SEEK_STAT;
98087450 2367 s->atapi_dma = s->feature & 1;
5391d806 2368 s->nsector = 1;
5fafdf24 2369 ide_transfer_start(s, s->io_buffer, ATAPI_PACKET_SIZE,
5391d806
FB		 2370 ide_atapi_cmd);
2371 break;
201a51fc
AZ		 2372 /* CF-ATA commands */
2373 case CFA_REQ_EXT_ERROR_CODE:
2374 if (!s->is_cf)
2375 goto abort_cmd;
2376 s->error = 0x09; /* miscellaneous error */
41a2b959 2377 s->status = READY_STAT | SEEK_STAT;
201a51fc
AZ		 2378 ide_set_irq(s);
2379 break;
2380 case CFA_ERASE_SECTORS:
2381 case CFA_WEAR_LEVEL:
2382 if (!s->is_cf)
2383 goto abort_cmd;
2384 if (val == CFA_WEAR_LEVEL)
2385 s->nsector = 0;
2386 if (val == CFA_ERASE_SECTORS)
2387 s->media_changed = 1;
2388 s->error = 0x00;
41a2b959 2389 s->status = READY_STAT | SEEK_STAT;
201a51fc
AZ		 2390 ide_set_irq(s);
2391 break;
2392 case CFA_TRANSLATE_SECTOR:
2393 if (!s->is_cf)
2394 goto abort_cmd;
2395 s->error = 0x00;
41a2b959 2396 s->status = READY_STAT | SEEK_STAT;
201a51fc
AZ		 2397 memset(s->io_buffer, 0, 0x200);
2398 s->io_buffer[0x00] = s->hcyl; /* Cyl MSB */
2399 s->io_buffer[0x01] = s->lcyl; /* Cyl LSB */
2400 s->io_buffer[0x02] = s->select; /* Head */
2401 s->io_buffer[0x03] = s->sector; /* Sector */
2402 s->io_buffer[0x04] = ide_get_sector(s) >> 16; /* LBA MSB */
2403 s->io_buffer[0x05] = ide_get_sector(s) >> 8; /* LBA */
2404 s->io_buffer[0x06] = ide_get_sector(s) >> 0; /* LBA LSB */
2405 s->io_buffer[0x13] = 0x00; /* Erase flag */
2406 s->io_buffer[0x18] = 0x00; /* Hot count */
2407 s->io_buffer[0x19] = 0x00; /* Hot count */
2408 s->io_buffer[0x1a] = 0x01; /* Hot count */
2409 ide_transfer_start(s, s->io_buffer, 0x200, ide_transfer_stop);
2410 ide_set_irq(s);
2411 break;
2412 case CFA_ACCESS_METADATA_STORAGE:
2413 if (!s->is_cf)
2414 goto abort_cmd;
2415 switch (s->feature) {
2416 case 0x02: /* Inquiry Metadata Storage */
2417 ide_cfata_metadata_inquiry(s);
2418 break;
2419 case 0x03: /* Read Metadata Storage */
2420 ide_cfata_metadata_read(s);
2421 break;
2422 case 0x04: /* Write Metadata Storage */
2423 ide_cfata_metadata_write(s);
2424 break;
2425 default:
2426 goto abort_cmd;
2427 }
2428 ide_transfer_start(s, s->io_buffer, 0x200, ide_transfer_stop);
2429 s->status = 0x00; /* NOTE: READY is _not_ set */
2430 ide_set_irq(s);
2431 break;
2432 case IBM_SENSE_CONDITION:
2433 if (!s->is_cf)
2434 goto abort_cmd;
2435 switch (s->feature) {
2436 case 0x01: /* sense temperature in device */
2437 s->nsector = 0x50; /* +20 C */
2438 break;
2439 default:
2440 goto abort_cmd;
2441 }
41a2b959 2442 s->status = READY_STAT | SEEK_STAT;
201a51fc
AZ		 2443 ide_set_irq(s);
2444 break;
5391d806
FB		 2445 default:
2446 abort_cmd:
2447 ide_abort_command(s);
2448 ide_set_irq(s);
2449 break;
2450 }
2451 }
2452}
2453
caed8802 2454static uint32_t ide_ioport_read(void *opaque, uint32_t addr1)
5391d806 2455{
7ae98627
FB		 2456 IDEState *ide_if = opaque;
2457 IDEState *s = ide_if->cur_drive;
5391d806 2458 uint32_t addr;
c2ff060f 2459 int ret, hob;
5391d806
FB		 2460
2461 addr = addr1 & 7;
c2ff060f
FB		 2462 /* FIXME: HOB readback uses bit 7, but it's always set right now */
2463 //hob = s->select & (1 << 7);
2464 hob = 0;
5391d806
FB		 2465 switch(addr) {
2466 case 0:
2467 ret = 0xff;
2468 break;
2469 case 1:
c45ca54f
AL		 2470 if ((!ide_if[0].bs && !ide_if[1].bs) ||
2471 (s != ide_if && !s->bs))
c45c3d00 2472 ret = 0;
c2ff060f 2473 else if (!hob)
c45c3d00 2474 ret = s->error;
c2ff060f
FB		 2475 else
2476 ret = s->hob_feature;
5391d806
FB		 2477 break;
2478 case 2:
7ae98627 2479 if (!ide_if[0].bs && !ide_if[1].bs)
c45c3d00 2480 ret = 0;
c2ff060f 2481 else if (!hob)
c45c3d00 2482 ret = s->nsector & 0xff;
c2ff060f
FB		 2483 else
2484 ret = s->hob_nsector;
5391d806
FB		 2485 break;
2486 case 3:
7ae98627 2487 if (!ide_if[0].bs && !ide_if[1].bs)
c45c3d00 2488 ret = 0;
c2ff060f 2489 else if (!hob)
c45c3d00 2490 ret = s->sector;
c2ff060f
FB		 2491 else
2492 ret = s->hob_sector;
5391d806
FB		 2493 break;
2494 case 4:
7ae98627 2495 if (!ide_if[0].bs && !ide_if[1].bs)
c45c3d00 2496 ret = 0;
c2ff060f 2497 else if (!hob)
c45c3d00 2498 ret = s->lcyl;
c2ff060f
FB		 2499 else
2500 ret = s->hob_lcyl;
5391d806
FB		 2501 break;
2502 case 5:
7ae98627 2503 if (!ide_if[0].bs && !ide_if[1].bs)
c45c3d00 2504 ret = 0;
c2ff060f 2505 else if (!hob)
c45c3d00 2506 ret = s->hcyl;
c2ff060f
FB		 2507 else
2508 ret = s->hob_hcyl;
5391d806
FB		 2509 break;
2510 case 6:
7ae98627 2511 if (!ide_if[0].bs && !ide_if[1].bs)
c45c3d00
FB		 2512 ret = 0;
2513 else
7ae98627 2514 ret = s->select;
5391d806
FB		 2515 break;
2516 default:
2517 case 7:
66201e2d
FB		 2518 if ((!ide_if[0].bs && !ide_if[1].bs) ||
2519 (s != ide_if && !s->bs))
c45c3d00
FB		 2520 ret = 0;
2521 else
2522 ret = s->status;
d537cf6c 2523 qemu_irq_lower(s->irq);
5391d806
FB		 2524 break;
2525 }
2526#ifdef DEBUG_IDE
2527 printf("ide: read addr=0x%x val=%02x\n", addr1, ret);
2528#endif
2529 return ret;
2530}
2531
caed8802 2532static uint32_t ide_status_read(void *opaque, uint32_t addr)
5391d806 2533{
7ae98627
FB		 2534 IDEState *ide_if = opaque;
2535 IDEState *s = ide_if->cur_drive;
5391d806 2536 int ret;
7ae98627 2537
66201e2d
FB		 2538 if ((!ide_if[0].bs && !ide_if[1].bs) ||
2539 (s != ide_if && !s->bs))
7ae98627
FB		 2540 ret = 0;
2541 else
2542 ret = s->status;
5391d806
FB		 2543#ifdef DEBUG_IDE
2544 printf("ide: read status addr=0x%x val=%02x\n", addr, ret);
2545#endif
2546 return ret;
2547}
2548
caed8802 2549static void ide_cmd_write(void *opaque, uint32_t addr, uint32_t val)
5391d806 2550{
caed8802 2551 IDEState *ide_if = opaque;
5391d806
FB		 2552 IDEState *s;
2553 int i;
2554
2555#ifdef DEBUG_IDE
2556 printf("ide: write control addr=0x%x val=%02x\n", addr, val);
2557#endif
2558 /* common for both drives */
2559 if (!(ide_if[0].cmd & IDE_CMD_RESET) &&
2560 (val & IDE_CMD_RESET)) {
2561 /* reset low to high */
2562 for(i = 0;i < 2; i++) {
2563 s = &ide_if[i];
2564 s->status = BUSY_STAT | SEEK_STAT;
2565 s->error = 0x01;
2566 }
2567 } else if ((ide_if[0].cmd & IDE_CMD_RESET) &&
2568 !(val & IDE_CMD_RESET)) {
2569 /* high to low */
2570 for(i = 0;i < 2; i++) {
2571 s = &ide_if[i];
6b136f9e
FB		 2572 if (s->is_cdrom)
2573 s->status = 0x00; /* NOTE: READY is _not_ set */
2574 else
56bf1d37 2575 s->status = READY_STAT | SEEK_STAT;
5391d806
FB		 2576 ide_set_signature(s);
2577 }
2578 }
2579
2580 ide_if[0].cmd = val;
2581 ide_if[1].cmd = val;
2582}
2583
caed8802 2584static void ide_data_writew(void *opaque, uint32_t addr, uint32_t val)
5391d806 2585{
caed8802 2586 IDEState *s = ((IDEState *)opaque)->cur_drive;
5391d806
FB		 2587 uint8_t *p;
2588
fcdd25ab
AL		 2589 /* PIO data access allowed only when DRQ bit is set */
2590 if (!(s->status & DRQ_STAT))
2591 return;
2592
5391d806 2593 p = s->data_ptr;
0c4ad8dc 2594 *(uint16_t *)p = le16_to_cpu(val);
5391d806
FB		 2595 p += 2;
2596 s->data_ptr = p;
2597 if (p >= s->data_end)
2598 s->end_transfer_func(s);
2599}
2600
caed8802 2601static uint32_t ide_data_readw(void *opaque, uint32_t addr)
5391d806 2602{
caed8802 2603 IDEState *s = ((IDEState *)opaque)->cur_drive;
5391d806
FB		 2604 uint8_t *p;
2605 int ret;
fcdd25ab
AL		 2606
2607 /* PIO data access allowed only when DRQ bit is set */
2608 if (!(s->status & DRQ_STAT))
2609 return 0;
2610
5391d806 2611 p = s->data_ptr;
0c4ad8dc 2612 ret = cpu_to_le16(*(uint16_t *)p);
5391d806
FB		 2613 p += 2;
2614 s->data_ptr = p;
2615 if (p >= s->data_end)
2616 s->end_transfer_func(s);
2617 return ret;
2618}
2619
caed8802 2620static void ide_data_writel(void *opaque, uint32_t addr, uint32_t val)
5391d806 2621{
caed8802 2622 IDEState *s = ((IDEState *)opaque)->cur_drive;
5391d806
FB		 2623 uint8_t *p;
2624
fcdd25ab
AL		 2625 /* PIO data access allowed only when DRQ bit is set */
2626 if (!(s->status & DRQ_STAT))
2627 return;
2628
5391d806 2629 p = s->data_ptr;
0c4ad8dc 2630 *(uint32_t *)p = le32_to_cpu(val);
5391d806
FB		 2631 p += 4;
2632 s->data_ptr = p;
2633 if (p >= s->data_end)
2634 s->end_transfer_func(s);
2635}
2636
caed8802 2637static uint32_t ide_data_readl(void *opaque, uint32_t addr)
5391d806 2638{
caed8802 2639 IDEState *s = ((IDEState *)opaque)->cur_drive;
5391d806
FB		 2640 uint8_t *p;
2641 int ret;
3b46e624 2642
fcdd25ab
AL		 2643 /* PIO data access allowed only when DRQ bit is set */
2644 if (!(s->status & DRQ_STAT))
2645 return 0;
2646
5391d806 2647 p = s->data_ptr;
0c4ad8dc 2648 ret = cpu_to_le32(*(uint32_t *)p);
5391d806
FB		 2649 p += 4;
2650 s->data_ptr = p;
2651 if (p >= s->data_end)
2652 s->end_transfer_func(s);
2653 return ret;
2654}
2655
a7dfe172
FB		 2656static void ide_dummy_transfer_stop(IDEState *s)
2657{
2658 s->data_ptr = s->io_buffer;
2659 s->data_end = s->io_buffer;
2660 s->io_buffer[0] = 0xff;
2661 s->io_buffer[1] = 0xff;
2662 s->io_buffer[2] = 0xff;
2663 s->io_buffer[3] = 0xff;
2664}
2665
5391d806
FB		 2666static void ide_reset(IDEState *s)
2667{
201a51fc
AZ		 2668 if (s->is_cf)
2669 s->mult_sectors = 0;
2670 else
2671 s->mult_sectors = MAX_MULT_SECTORS;
5391d806
FB		 2672 s->cur_drive = s;
2673 s->select = 0xa0;
41a2b959 2674 s->status = READY_STAT | SEEK_STAT;
5391d806 2675 ide_set_signature(s);
a7dfe172
FB		 2676 /* init the transfer handler so that 0xffff is returned on data
2677 accesses */
2678 s->end_transfer_func = ide_dummy_transfer_stop;
2679 ide_dummy_transfer_stop(s);
201a51fc 2680 s->media_changed = 0;
5391d806
FB		 2681}
2682
5457c8ce
FB		 2683static void ide_init2(IDEState *ide_state,
2684 BlockDriverState *hd0, BlockDriverState *hd1,
d537cf6c 2685 qemu_irq irq)
5391d806 2686{
69b91039 2687 IDEState *s;
aedf5382 2688 static int drive_serial = 1;
f3d54fc4 2689 int i, cylinders, heads, secs;
96b8f136 2690 uint64_t nb_sectors;
5391d806 2691
caed8802
FB		 2692 for(i = 0; i < 2; i++) {
2693 s = ide_state + i;
1d8cde5b 2694 s->io_buffer = qemu_memalign(512, IDE_DMA_BUF_SECTORS*512 + 4);
caed8802
FB		 2695 if (i == 0)
2696 s->bs = hd0;
2697 else
2698 s->bs = hd1;
5391d806
FB		 2699 if (s->bs) {
2700 bdrv_get_geometry(s->bs, &nb_sectors);
f3d54fc4
AL		 2701 bdrv_guess_geometry(s->bs, &cylinders, &heads, &secs);
2702 s->cylinders = cylinders;
2703 s->heads = heads;
2704 s->sectors = secs;
5391d806 2705 s->nb_sectors = nb_sectors;
f3d54fc4 2706
caed8802
FB		 2707 if (bdrv_get_type_hint(s->bs) == BDRV_TYPE_CDROM) {
2708 s->is_cdrom = 1;
bd491d6a 2709 bdrv_set_change_cb(s->bs, cdrom_change_cb, s);
5391d806
FB		 2710 }
2711 }
aedf5382 2712 s->drive_serial = drive_serial++;
fa879c64
AL		 2713 strncpy(s->drive_serial_str, drive_get_serial(s->bs),
2714 sizeof(s->drive_serial_str));
2715 if (strlen(s->drive_serial_str) == 0)
2716 snprintf(s->drive_serial_str, sizeof(s->drive_serial_str),
2717 "QM%05d", s->drive_serial);
caed8802 2718 s->irq = irq;
5fafdf24 2719 s->sector_write_timer = qemu_new_timer(vm_clock,
a09db21f 2720 ide_sector_write_timer_cb, s);
5391d806
FB		 2721 ide_reset(s);
2722 }
69b91039
FB		 2723}
2724
34e538ae 2725static void ide_init_ioport(IDEState *ide_state, int iobase, int iobase2)
69b91039 2726{
caed8802
FB		 2727 register_ioport_write(iobase, 8, 1, ide_ioport_write, ide_state);
2728 register_ioport_read(iobase, 8, 1, ide_ioport_read, ide_state);
2729 if (iobase2) {
2730 register_ioport_read(iobase2, 1, 1, ide_status_read, ide_state);
2731 register_ioport_write(iobase2, 1, 1, ide_cmd_write, ide_state);
5391d806 2732 }
3b46e624 2733
caed8802
FB		 2734 /* data ports */
2735 register_ioport_write(iobase, 2, 2, ide_data_writew, ide_state);
2736 register_ioport_read(iobase, 2, 2, ide_data_readw, ide_state);
2737 register_ioport_write(iobase, 4, 4, ide_data_writel, ide_state);
2738 register_ioport_read(iobase, 4, 4, ide_data_readl, ide_state);
5391d806 2739}
69b91039 2740
aa941b94
AZ		 2741/* save per IDE drive data */
2742static void ide_save(QEMUFile* f, IDEState *s)
2743{
bee8d684
TS		 2744 qemu_put_be32(f, s->mult_sectors);
2745 qemu_put_be32(f, s->identify_set);
aa941b94
AZ		 2746 if (s->identify_set) {
2747 qemu_put_buffer(f, (const uint8_t *)s->identify_data, 512);
2748 }
2749 qemu_put_8s(f, &s->feature);
2750 qemu_put_8s(f, &s->error);
2751 qemu_put_be32s(f, &s->nsector);
2752 qemu_put_8s(f, &s->sector);
2753 qemu_put_8s(f, &s->lcyl);
2754 qemu_put_8s(f, &s->hcyl);
2755 qemu_put_8s(f, &s->hob_feature);
2756 qemu_put_8s(f, &s->hob_nsector);
2757 qemu_put_8s(f, &s->hob_sector);
2758 qemu_put_8s(f, &s->hob_lcyl);
2759 qemu_put_8s(f, &s->hob_hcyl);
2760 qemu_put_8s(f, &s->select);
2761 qemu_put_8s(f, &s->status);
2762 qemu_put_8s(f, &s->lba48);
2763
2764 qemu_put_8s(f, &s->sense_key);
2765 qemu_put_8s(f, &s->asc);
2766 /* XXX: if a transfer is pending, we do not save it yet */
2767}
2768
2769/* load per IDE drive data */
2770static void ide_load(QEMUFile* f, IDEState *s)
2771{
bee8d684
TS		 2772 s->mult_sectors=qemu_get_be32(f);
2773 s->identify_set=qemu_get_be32(f);
aa941b94
AZ		 2774 if (s->identify_set) {
2775 qemu_get_buffer(f, (uint8_t *)s->identify_data, 512);
2776 }
2777 qemu_get_8s(f, &s->feature);
2778 qemu_get_8s(f, &s->error);
2779 qemu_get_be32s(f, &s->nsector);
2780 qemu_get_8s(f, &s->sector);
2781 qemu_get_8s(f, &s->lcyl);
2782 qemu_get_8s(f, &s->hcyl);
2783 qemu_get_8s(f, &s->hob_feature);
2784 qemu_get_8s(f, &s->hob_nsector);
2785 qemu_get_8s(f, &s->hob_sector);
2786 qemu_get_8s(f, &s->hob_lcyl);
2787 qemu_get_8s(f, &s->hob_hcyl);
2788 qemu_get_8s(f, &s->select);
2789 qemu_get_8s(f, &s->status);
2790 qemu_get_8s(f, &s->lba48);
2791
2792 qemu_get_8s(f, &s->sense_key);
2793 qemu_get_8s(f, &s->asc);
2794 /* XXX: if a transfer is pending, we do not save it yet */
2795}
2796
34e538ae
FB		 2797/***********************************************************/
2798/* ISA IDE definitions */
2799
d537cf6c 2800void isa_ide_init(int iobase, int iobase2, qemu_irq irq,
34e538ae
FB		 2801 BlockDriverState *hd0, BlockDriverState *hd1)
2802{
2803 IDEState *ide_state;
2804
2805 ide_state = qemu_mallocz(sizeof(IDEState) * 2);
2806 if (!ide_state)
2807 return;
3b46e624 2808
d537cf6c 2809 ide_init2(ide_state, hd0, hd1, irq);
34e538ae
FB		 2810 ide_init_ioport(ide_state, iobase, iobase2);
2811}
2812
69b91039
FB		 2813/***********************************************************/
2814/* PCI IDE definitions */
2815
5457c8ce
FB		 2816static void cmd646_update_irq(PCIIDEState *d);
2817
5fafdf24 2818static void ide_map(PCIDevice *pci_dev, int region_num,
69b91039
FB		 2819 uint32_t addr, uint32_t size, int type)
2820{
2821 PCIIDEState *d = (PCIIDEState *)pci_dev;
2822 IDEState *ide_state;
2823
2824 if (region_num <= 3) {
2825 ide_state = &d->ide_if[(region_num >> 1) * 2];
2826 if (region_num & 1) {
2827 register_ioport_read(addr + 2, 1, 1, ide_status_read, ide_state);
2828 register_ioport_write(addr + 2, 1, 1, ide_cmd_write, ide_state);
2829 } else {
2830 register_ioport_write(addr, 8, 1, ide_ioport_write, ide_state);
2831 register_ioport_read(addr, 8, 1, ide_ioport_read, ide_state);
2832
2833 /* data ports */
2834 register_ioport_write(addr, 2, 2, ide_data_writew, ide_state);
2835 register_ioport_read(addr, 2, 2, ide_data_readw, ide_state);
2836 register_ioport_write(addr, 4, 4, ide_data_writel, ide_state);
2837 register_ioport_read(addr, 4, 4, ide_data_readl, ide_state);
2838 }
2839 }
2840}
2841
8ccad811 2842static void ide_dma_start(IDEState *s, BlockDriverCompletionFunc *dma_cb)
98087450
FB		 2843{
2844 BMDMAState *bm = s->bmdma;
2845 if(!bm)
2846 return;
2847 bm->ide_if = s;
2848 bm->dma_cb = dma_cb;
8ccad811
FB		 2849 bm->cur_prd_last = 0;
2850 bm->cur_prd_addr = 0;
2851 bm->cur_prd_len = 0;
98087450 2852 if (bm->status & BM_STATUS_DMAING) {
8ccad811 2853 bm->dma_cb(bm, 0);
98087450
FB		 2854 }
2855}
2856
72c7b06c
AL		 2857static void ide_dma_cancel(BMDMAState *bm)
2858{
2859 if (bm->status & BM_STATUS_DMAING) {
2860 bm->status &= ~BM_STATUS_DMAING;
2861 /* cancel DMA request */
2862 bm->ide_if = NULL;
2863 bm->dma_cb = NULL;
2864 if (bm->aiocb) {
2865#ifdef DEBUG_AIO
2866 printf("aio_cancel\n");
2867#endif
2868 bdrv_aio_cancel(bm->aiocb);
2869 bm->aiocb = NULL;
2870 }
2871 }
2872}
2873
98087450
FB		 2874static void bmdma_cmd_writeb(void *opaque, uint32_t addr, uint32_t val)
2875{
2876 BMDMAState *bm = opaque;
2877#ifdef DEBUG_IDE
2878 printf("%s: 0x%08x\n", __func__, val);
2879#endif
2880 if (!(val & BM_CMD_START)) {
2881 /* XXX: do it better */
72c7b06c 2882 ide_dma_cancel(bm);
98087450
FB		 2883 bm->cmd = val & 0x09;
2884 } else {
8ccad811
FB		 2885 if (!(bm->status & BM_STATUS_DMAING)) {
2886 bm->status |= BM_STATUS_DMAING;
2887 /* start dma transfer if possible */
2888 if (bm->dma_cb)
2889 bm->dma_cb(bm, 0);
2890 }
98087450 2891 bm->cmd = val & 0x09;
98087450
FB		 2892 }
2893}
2894
5457c8ce 2895static uint32_t bmdma_readb(void *opaque, uint32_t addr)
98087450
FB		 2896{
2897 BMDMAState *bm = opaque;
5457c8ce 2898 PCIIDEState *pci_dev;
98087450 2899 uint32_t val;
3b46e624 2900
5457c8ce 2901 switch(addr & 3) {
5fafdf24 2902 case 0:
5457c8ce
FB		 2903 val = bm->cmd;
2904 break;
2905 case 1:
2906 pci_dev = bm->pci_dev;
2907 if (pci_dev->type == IDE_TYPE_CMD646) {
2908 val = pci_dev->dev.config[MRDMODE];
2909 } else {
2910 val = 0xff;
2911 }
2912 break;
2913 case 2:
2914 val = bm->status;
2915 break;
2916 case 3:
2917 pci_dev = bm->pci_dev;
2918 if (pci_dev->type == IDE_TYPE_CMD646) {
2919 if (bm == &pci_dev->bmdma[0])
2920 val = pci_dev->dev.config[UDIDETCR0];
2921 else
2922 val = pci_dev->dev.config[UDIDETCR1];
2923 } else {
2924 val = 0xff;
2925 }
2926 break;
2927 default:
2928 val = 0xff;
2929 break;
2930 }
98087450 2931#ifdef DEBUG_IDE
5457c8ce 2932 printf("bmdma: readb 0x%02x : 0x%02x\n", addr, val);
98087450
FB		 2933#endif
2934 return val;
2935}
2936
5457c8ce 2937static void bmdma_writeb(void *opaque, uint32_t addr, uint32_t val)
98087450
FB		 2938{
2939 BMDMAState *bm = opaque;
5457c8ce 2940 PCIIDEState *pci_dev;
98087450 2941#ifdef DEBUG_IDE
5457c8ce 2942 printf("bmdma: writeb 0x%02x : 0x%02x\n", addr, val);
98087450 2943#endif
5457c8ce
FB		 2944 switch(addr & 3) {
2945 case 1:
2946 pci_dev = bm->pci_dev;
2947 if (pci_dev->type == IDE_TYPE_CMD646) {
5fafdf24 2948 pci_dev->dev.config[MRDMODE] =
5457c8ce
FB		 2949 (pci_dev->dev.config[MRDMODE] & ~0x30) | (val & 0x30);
2950 cmd646_update_irq(pci_dev);
2951 }
2952 break;
2953 case 2:
2954 bm->status = (val & 0x60) | (bm->status & 1) | (bm->status & ~val & 0x06);
2955 break;
2956 case 3:
2957 pci_dev = bm->pci_dev;
2958 if (pci_dev->type == IDE_TYPE_CMD646) {
2959 if (bm == &pci_dev->bmdma[0])
2960 pci_dev->dev.config[UDIDETCR0] = val;
2961 else
2962 pci_dev->dev.config[UDIDETCR1] = val;
2963 }
2964 break;
2965 }
98087450
FB		 2966}
2967
5b9a1293
AJ		 2968static uint32_t bmdma_addr_readb(void *opaque, uint32_t addr)
2969{
2970 BMDMAState *bm = opaque;
2971 uint32_t val;
2972 val = (bm->addr >> ((addr & 3) * 8)) & 0xff;
2973#ifdef DEBUG_IDE
2974 printf("%s: 0x%08x\n", __func__, val);
2975#endif
2976 return val;
2977}
2978
2979static void bmdma_addr_writeb(void *opaque, uint32_t addr, uint32_t val)
2980{
2981 BMDMAState *bm = opaque;
2982 int shift = (addr & 3) * 8;
2983#ifdef DEBUG_IDE
2984 printf("%s: 0x%08x\n", __func__, val);
2985#endif
2986 bm->addr &= ~(0xFF << shift);
2987 bm->addr |= ((val & 0xFF) << shift) & ~3;
2988 bm->cur_addr = bm->addr;
2989}
2990
2991static uint32_t bmdma_addr_readw(void *opaque, uint32_t addr)
2992{
2993 BMDMAState *bm = opaque;
2994 uint32_t val;
2995 val = (bm->addr >> ((addr & 3) * 8)) & 0xffff;
2996#ifdef DEBUG_IDE
2997 printf("%s: 0x%08x\n", __func__, val);
2998#endif
2999 return val;
3000}
3001
3002static void bmdma_addr_writew(void *opaque, uint32_t addr, uint32_t val)
3003{
3004 BMDMAState *bm = opaque;
3005 int shift = (addr & 3) * 8;
3006#ifdef DEBUG_IDE
3007 printf("%s: 0x%08x\n", __func__, val);
3008#endif
3009 bm->addr &= ~(0xFFFF << shift);
3010 bm->addr |= ((val & 0xFFFF) << shift) & ~3;
3011 bm->cur_addr = bm->addr;
3012}
3013
98087450
FB		 3014static uint32_t bmdma_addr_readl(void *opaque, uint32_t addr)
3015{
3016 BMDMAState *bm = opaque;
3017 uint32_t val;
3018 val = bm->addr;
3019#ifdef DEBUG_IDE
3020 printf("%s: 0x%08x\n", __func__, val);
3021#endif
3022 return val;
3023}
3024
3025static void bmdma_addr_writel(void *opaque, uint32_t addr, uint32_t val)
3026{
3027 BMDMAState *bm = opaque;
3028#ifdef DEBUG_IDE
3029 printf("%s: 0x%08x\n", __func__, val);
3030#endif
3031 bm->addr = val & ~3;
30c4bbac 3032 bm->cur_addr = bm->addr;
98087450
FB		 3033}
3034
5fafdf24 3035static void bmdma_map(PCIDevice *pci_dev, int region_num,
98087450
FB		 3036 uint32_t addr, uint32_t size, int type)
3037{
3038 PCIIDEState *d = (PCIIDEState *)pci_dev;
3039 int i;
3040
3041 for(i = 0;i < 2; i++) {
3042 BMDMAState *bm = &d->bmdma[i];
3043 d->ide_if[2 * i].bmdma = bm;
3044 d->ide_if[2 * i + 1].bmdma = bm;
5457c8ce
FB		 3045 bm->pci_dev = (PCIIDEState *)pci_dev;
3046
98087450 3047 register_ioport_write(addr, 1, 1, bmdma_cmd_writeb, bm);
98087450 3048
5457c8ce
FB		 3049 register_ioport_write(addr + 1, 3, 1, bmdma_writeb, bm);
3050 register_ioport_read(addr, 4, 1, bmdma_readb, bm);
98087450 3051
5b9a1293
AJ		 3052 register_ioport_write(addr + 4, 4, 1, bmdma_addr_writeb, bm);
3053 register_ioport_read(addr + 4, 4, 1, bmdma_addr_readb, bm);
3054 register_ioport_write(addr + 4, 4, 2, bmdma_addr_writew, bm);
3055 register_ioport_read(addr + 4, 4, 2, bmdma_addr_readw, bm);
98087450
FB		 3056 register_ioport_write(addr + 4, 4, 4, bmdma_addr_writel, bm);
3057 register_ioport_read(addr + 4, 4, 4, bmdma_addr_readl, bm);
3058 addr += 8;
3059 }
3060}
3061
9b64997f
BS		 3062static void pci_ide_save(QEMUFile* f, void *opaque)
3063{
3064 PCIIDEState *d = opaque;
3065 int i;
3066
3067 pci_device_save(&d->dev, f);
3068
3069 for(i = 0; i < 2; i++) {
3070 BMDMAState *bm = &d->bmdma[i];
3071 qemu_put_8s(f, &bm->cmd);
3072 qemu_put_8s(f, &bm->status);
3073 qemu_put_be32s(f, &bm->addr);
3074 /* XXX: if a transfer is pending, we do not save it yet */
3075 }
3076
3077 /* per IDE interface data */
3078 for(i = 0; i < 2; i++) {
3079 IDEState *s = &d->ide_if[i * 2];
3080 uint8_t drive1_selected;
3081 qemu_put_8s(f, &s->cmd);
3082 drive1_selected = (s->cur_drive != s);
3083 qemu_put_8s(f, &drive1_selected);
3084 }
3085
3086 /* per IDE drive data */
3087 for(i = 0; i < 4; i++) {
3088 ide_save(f, &d->ide_if[i]);
3089 }
3090}
3091
3092static int pci_ide_load(QEMUFile* f, void *opaque, int version_id)
3093{
3094 PCIIDEState *d = opaque;
3095 int ret, i;
3096
3097 if (version_id != 1)
3098 return -EINVAL;
3099 ret = pci_device_load(&d->dev, f);
3100 if (ret < 0)
3101 return ret;
3102
3103 for(i = 0; i < 2; i++) {
3104 BMDMAState *bm = &d->bmdma[i];
3105 qemu_get_8s(f, &bm->cmd);
3106 qemu_get_8s(f, &bm->status);
3107 qemu_get_be32s(f, &bm->addr);
3108 /* XXX: if a transfer is pending, we do not save it yet */
3109 }
3110
3111 /* per IDE interface data */
3112 for(i = 0; i < 2; i++) {
3113 IDEState *s = &d->ide_if[i * 2];
3114 uint8_t drive1_selected;
3115 qemu_get_8s(f, &s->cmd);
3116 qemu_get_8s(f, &drive1_selected);
3117 s->cur_drive = &d->ide_if[i * 2 + (drive1_selected != 0)];
3118 }
3119
3120 /* per IDE drive data */
3121 for(i = 0; i < 4; i++) {
3122 ide_load(f, &d->ide_if[i]);
3123 }
3124 return 0;
3125}
3126
5457c8ce
FB		 3127/* XXX: call it also when the MRDMODE is changed from the PCI config
3128 registers */
3129static void cmd646_update_irq(PCIIDEState *d)
3130{
3131 int pci_level;
3132 pci_level = ((d->dev.config[MRDMODE] & MRDMODE_INTR_CH0) &&
3133 !(d->dev.config[MRDMODE] & MRDMODE_BLK_CH0)) ||
3134 ((d->dev.config[MRDMODE] & MRDMODE_INTR_CH1) &&
3135 !(d->dev.config[MRDMODE] & MRDMODE_BLK_CH1));
d537cf6c 3136 qemu_set_irq(d->dev.irq[0], pci_level);
5457c8ce
FB		 3137}
3138
3139/* the PCI irq level is the logical OR of the two channels */
3140static void cmd646_set_irq(void *opaque, int channel, int level)
3141{
3142 PCIIDEState *d = opaque;
3143 int irq_mask;
3144
3145 irq_mask = MRDMODE_INTR_CH0 << channel;
3146 if (level)
3147 d->dev.config[MRDMODE] |= irq_mask;
3148 else
3149 d->dev.config[MRDMODE] &= ~irq_mask;
3150 cmd646_update_irq(d);
3151}
3152
6e6b7363
BS		 3153static void cmd646_reset(void *opaque)
3154{
3155 PCIIDEState *d = opaque;
3156 unsigned int i;
3157
3158 for (i = 0; i < 2; i++)
3159 ide_dma_cancel(&d->bmdma[i]);
3160}
3161
5457c8ce
FB		 3162/* CMD646 PCI IDE controller */
3163void pci_cmd646_ide_init(PCIBus *bus, BlockDriverState **hd_table,
3164 int secondary_ide_enabled)
69b91039
FB		 3165{
3166 PCIIDEState *d;
3167 uint8_t *pci_conf;
34e538ae 3168 int i;
d537cf6c 3169 qemu_irq *irq;
34e538ae 3170
5fafdf24 3171 d = (PCIIDEState *)pci_register_device(bus, "CMD646 IDE",
5457c8ce 3172 sizeof(PCIIDEState),
5fafdf24 3173 -1,
73c11f63 3174 NULL, NULL);
5457c8ce 3175 d->type = IDE_TYPE_CMD646;
69b91039 3176 pci_conf = d->dev.config;
5457c8ce
FB		 3177 pci_conf[0x00] = 0x95; // CMD646
3178 pci_conf[0x01] = 0x10;
3179 pci_conf[0x02] = 0x46;
3180 pci_conf[0x03] = 0x06;
3181
3182 pci_conf[0x08] = 0x07; // IDE controller revision
5fafdf24 3183 pci_conf[0x09] = 0x8f;
5457c8ce 3184
69b91039
FB		 3185 pci_conf[0x0a] = 0x01; // class_sub = PCI_IDE
3186 pci_conf[0x0b] = 0x01; // class_base = PCI_mass_storage
5457c8ce 3187 pci_conf[0x0e] = 0x00; // header_type
3b46e624 3188
0516ede0 3189 pci_conf[0x51] = 0x04; // enable IDE0
5457c8ce
FB		 3190 if (secondary_ide_enabled) {
3191 /* XXX: if not enabled, really disable the seconday IDE controller */
0516ede0 3192 pci_conf[0x51] |= 0x08; /* enable IDE1 */
5457c8ce 3193 }
69b91039 3194
5fafdf24 3195 pci_register_io_region((PCIDevice *)d, 0, 0x8,
69b91039 3196 PCI_ADDRESS_SPACE_IO, ide_map);
5fafdf24 3197 pci_register_io_region((PCIDevice *)d, 1, 0x4,
69b91039 3198 PCI_ADDRESS_SPACE_IO, ide_map);
5fafdf24 3199 pci_register_io_region((PCIDevice *)d, 2, 0x8,
69b91039 3200 PCI_ADDRESS_SPACE_IO, ide_map);
5fafdf24 3201 pci_register_io_region((PCIDevice *)d, 3, 0x4,
69b91039 3202 PCI_ADDRESS_SPACE_IO, ide_map);
5fafdf24 3203 pci_register_io_region((PCIDevice *)d, 4, 0x10,
98087450 3204 PCI_ADDRESS_SPACE_IO, bmdma_map);
69b91039 3205
34e538ae 3206 pci_conf[0x3d] = 0x01; // interrupt on pin 1
3b46e624 3207
34e538ae
FB		 3208 for(i = 0; i < 4; i++)
3209 d->ide_if[i].pci_dev = (PCIDevice *)d;
d537cf6c
PB		 3210
3211 irq = qemu_allocate_irqs(cmd646_set_irq, d, 2);
3212 ide_init2(&d->ide_if[0], hd_table[0], hd_table[1], irq[0]);
3213 ide_init2(&d->ide_if[2], hd_table[2], hd_table[3], irq[1]);
6e6b7363 3214
9b64997f 3215 register_savevm("ide", 0, 1, pci_ide_save, pci_ide_load, d);
6e6b7363
BS		 3216 qemu_register_reset(cmd646_reset, d);
3217 cmd646_reset(d);
34e538ae
FB		 3218}
3219
72c7b06c 3220static void piix3_reset(void *opaque)
e6a71ae3 3221{
72c7b06c 3222 PCIIDEState *d = opaque;
e6a71ae3 3223 uint8_t *pci_conf = d->dev.config;
72c7b06c
AL		 3224 int i;
3225
3226 for (i = 0; i < 2; i++)
3227 ide_dma_cancel(&d->bmdma[i]);
e6a71ae3
TS		 3228
3229 pci_conf[0x04] = 0x00;
3230 pci_conf[0x05] = 0x00;
3231 pci_conf[0x06] = 0x80; /* FBC */
3232 pci_conf[0x07] = 0x02; // PCI_status_devsel_medium
3233 pci_conf[0x20] = 0x01; /* BMIBA: 20-23h */
3234}
3235
34e538ae
FB		 3236/* hd_table must contain 4 block drivers */
3237/* NOTE: for the PIIX3, the IRQs and IOports are hardcoded */
d537cf6c
PB		 3238void pci_piix3_ide_init(PCIBus *bus, BlockDriverState **hd_table, int devfn,
3239 qemu_irq *pic)
34e538ae
FB		 3240{
3241 PCIIDEState *d;
3242 uint8_t *pci_conf;
3b46e624 3243
34e538ae 3244 /* register a function 1 of PIIX3 */
5fafdf24 3245 d = (PCIIDEState *)pci_register_device(bus, "PIIX3 IDE",
46e50e9d 3246 sizeof(PCIIDEState),
502a5395 3247 devfn,
34e538ae 3248 NULL, NULL);
5457c8ce
FB		 3249 d->type = IDE_TYPE_PIIX3;
3250
34e538ae
FB		 3251 pci_conf = d->dev.config;
3252 pci_conf[0x00] = 0x86; // Intel
3253 pci_conf[0x01] = 0x80;
3254 pci_conf[0x02] = 0x10;
3255 pci_conf[0x03] = 0x70;
92510b8c 3256 pci_conf[0x09] = 0x80; // legacy ATA mode
34e538ae
FB		 3257 pci_conf[0x0a] = 0x01; // class_sub = PCI_IDE
3258 pci_conf[0x0b] = 0x01; // class_base = PCI_mass_storage
3259 pci_conf[0x0e] = 0x00; // header_type
3260
72c7b06c 3261 qemu_register_reset(piix3_reset, d);
e6a71ae3
TS		 3262 piix3_reset(d);
3263
5fafdf24 3264 pci_register_io_region((PCIDevice *)d, 4, 0x10,
98087450 3265 PCI_ADDRESS_SPACE_IO, bmdma_map);
34e538ae 3266
d537cf6c
PB		 3267 ide_init2(&d->ide_if[0], hd_table[0], hd_table[1], pic[14]);
3268 ide_init2(&d->ide_if[2], hd_table[2], hd_table[3], pic[15]);
34e538ae
FB		 3269 ide_init_ioport(&d->ide_if[0], 0x1f0, 0x3f6);
3270 ide_init_ioport(&d->ide_if[2], 0x170, 0x376);
c3d78997
FB		 3271
3272 register_savevm("ide", 0, 1, pci_ide_save, pci_ide_load, d);
69b91039 3273}
1ade1de2 3274
afcc3cdf
TS		 3275/* hd_table must contain 4 block drivers */
3276/* NOTE: for the PIIX4, the IRQs and IOports are hardcoded */
3277void pci_piix4_ide_init(PCIBus *bus, BlockDriverState **hd_table, int devfn,
3278 qemu_irq *pic)
3279{
3280 PCIIDEState *d;
3281 uint8_t *pci_conf;
3282
3283 /* register a function 1 of PIIX4 */
3284 d = (PCIIDEState *)pci_register_device(bus, "PIIX4 IDE",
3285 sizeof(PCIIDEState),
3286 devfn,
3287 NULL, NULL);
3288 d->type = IDE_TYPE_PIIX4;
3289
3290 pci_conf = d->dev.config;
3291 pci_conf[0x00] = 0x86; // Intel
3292 pci_conf[0x01] = 0x80;
3293 pci_conf[0x02] = 0x11;
3294 pci_conf[0x03] = 0x71;
3295 pci_conf[0x09] = 0x80; // legacy ATA mode
3296 pci_conf[0x0a] = 0x01; // class_sub = PCI_IDE
3297 pci_conf[0x0b] = 0x01; // class_base = PCI_mass_storage
3298 pci_conf[0x0e] = 0x00; // header_type
3299
72c7b06c 3300 qemu_register_reset(piix3_reset, d);
afcc3cdf
TS		 3301 piix3_reset(d);
3302
3303 pci_register_io_region((PCIDevice *)d, 4, 0x10,
3304 PCI_ADDRESS_SPACE_IO, bmdma_map);
3305
3306 ide_init2(&d->ide_if[0], hd_table[0], hd_table[1], pic[14]);
3307 ide_init2(&d->ide_if[2], hd_table[2], hd_table[3], pic[15]);
3308 ide_init_ioport(&d->ide_if[0], 0x1f0, 0x3f6);
3309 ide_init_ioport(&d->ide_if[2], 0x170, 0x376);
3310
3311 register_savevm("ide", 0, 1, pci_ide_save, pci_ide_load, d);
3312}
3313
1ade1de2
FB		 3314/***********************************************************/
3315/* MacIO based PowerPC IDE */
3316
3317/* PowerMac IDE memory IO */
3318static void pmac_ide_writeb (void *opaque,
3319 target_phys_addr_t addr, uint32_t val)
3320{
5fafdf24 3321 addr = (addr & 0xFFF) >> 4;
1ade1de2
FB		 3322 switch (addr) {
3323 case 1 ... 7:
3324 ide_ioport_write(opaque, addr, val);
3325 break;
3326 case 8:
3327 case 22:
3328 ide_cmd_write(opaque, 0, val);
3329 break;
3330 default:
3331 break;
3332 }
3333}
3334
3335static uint32_t pmac_ide_readb (void *opaque,target_phys_addr_t addr)
3336{
3337 uint8_t retval;
3338
3339 addr = (addr & 0xFFF) >> 4;
3340 switch (addr) {
3341 case 1 ... 7:
3342 retval = ide_ioport_read(opaque, addr);
3343 break;
3344 case 8:
3345 case 22:
3346 retval = ide_status_read(opaque, 0);
3347 break;
3348 default:
3349 retval = 0xFF;
3350 break;
3351 }
3352 return retval;
3353}
3354
3355static void pmac_ide_writew (void *opaque,
3356 target_phys_addr_t addr, uint32_t val)
3357{
5fafdf24 3358 addr = (addr & 0xFFF) >> 4;
1ade1de2
FB		 3359#ifdef TARGET_WORDS_BIGENDIAN
3360 val = bswap16(val);
3361#endif
3362 if (addr == 0) {
3363 ide_data_writew(opaque, 0, val);
3364 }
3365}
3366
3367static uint32_t pmac_ide_readw (void *opaque,target_phys_addr_t addr)
3368{
3369 uint16_t retval;
3370
5fafdf24 3371 addr = (addr & 0xFFF) >> 4;
1ade1de2
FB		 3372 if (addr == 0) {
3373 retval = ide_data_readw(opaque, 0);
3374 } else {
3375 retval = 0xFFFF;
3376 }
3377#ifdef TARGET_WORDS_BIGENDIAN
3378 retval = bswap16(retval);
3379#endif
3380 return retval;
3381}
3382
3383static void pmac_ide_writel (void *opaque,
3384 target_phys_addr_t addr, uint32_t val)
3385{
5fafdf24 3386 addr = (addr & 0xFFF) >> 4;
1ade1de2
FB		 3387#ifdef TARGET_WORDS_BIGENDIAN
3388 val = bswap32(val);
3389#endif
3390 if (addr == 0) {
3391 ide_data_writel(opaque, 0, val);
3392 }
3393}
3394
3395static uint32_t pmac_ide_readl (void *opaque,target_phys_addr_t addr)
3396{
3397 uint32_t retval;
3398
5fafdf24 3399 addr = (addr & 0xFFF) >> 4;
1ade1de2
FB		 3400 if (addr == 0) {
3401 retval = ide_data_readl(opaque, 0);
3402 } else {
3403 retval = 0xFFFFFFFF;
3404 }
3405#ifdef TARGET_WORDS_BIGENDIAN
3406 retval = bswap32(retval);
3407#endif
3408 return retval;
3409}
3410
3411static CPUWriteMemoryFunc *pmac_ide_write[] = {
3412 pmac_ide_writeb,
3413 pmac_ide_writew,
3414 pmac_ide_writel,
3415};
3416
3417static CPUReadMemoryFunc *pmac_ide_read[] = {
3418 pmac_ide_readb,
3419 pmac_ide_readw,
3420 pmac_ide_readl,
3421};
3422
9b64997f
BS		 3423static void pmac_ide_save(QEMUFile *f, void *opaque)
3424{
3425 IDEState *s = (IDEState *)opaque;
3426 uint8_t drive1_selected;
3427 unsigned int i;
3428
3429 /* per IDE interface data */
3430 qemu_put_8s(f, &s->cmd);
3431 drive1_selected = (s->cur_drive != s);
3432 qemu_put_8s(f, &drive1_selected);
3433
3434 /* per IDE drive data */
3435 for(i = 0; i < 2; i++) {
3436 ide_save(f, &s[i]);
3437 }
3438}
3439
3440static int pmac_ide_load(QEMUFile *f, void *opaque, int version_id)
3441{
3442 IDEState *s = (IDEState *)opaque;
3443 uint8_t drive1_selected;
3444 unsigned int i;
3445
3446 if (version_id != 1)
3447 return -EINVAL;
3448
3449 /* per IDE interface data */
3450 qemu_get_8s(f, &s->cmd);
3451 qemu_get_8s(f, &drive1_selected);
3452 s->cur_drive = &s[(drive1_selected != 0)];
3453
3454 /* per IDE drive data */
3455 for(i = 0; i < 2; i++) {
3456 ide_load(f, &s[i]);
3457 }
3458 return 0;
3459}
3460
6e6b7363
BS		 3461static void pmac_ide_reset(void *opaque)
3462{
3463 IDEState *s = (IDEState *)opaque;
3464
3465 ide_reset(&s[0]);
3466 ide_reset(&s[1]);
3467}
3468
1ade1de2
FB		 3469/* hd_table must contain 4 block drivers */
3470/* PowerMac uses memory mapped registers, not I/O. Return the memory
3471 I/O index to access the ide. */
d537cf6c 3472int pmac_ide_init (BlockDriverState **hd_table, qemu_irq irq)
1ade1de2
FB		 3473{
3474 IDEState *ide_if;
3475 int pmac_ide_memory;
3476
3477 ide_if = qemu_mallocz(sizeof(IDEState) * 2);
d537cf6c 3478 ide_init2(&ide_if[0], hd_table[0], hd_table[1], irq);
3b46e624 3479
1ade1de2
FB		 3480 pmac_ide_memory = cpu_register_io_memory(0, pmac_ide_read,
3481 pmac_ide_write, &ide_if[0]);
9b64997f 3482 register_savevm("ide", 0, 1, pmac_ide_save, pmac_ide_load, &ide_if[0]);
6e6b7363
BS		 3483 qemu_register_reset(pmac_ide_reset, &ide_if[0]);
3484 pmac_ide_reset(&ide_if[0]);
1ade1de2
FB		 3485 return pmac_ide_memory;
3486}
201a51fc 3487
a4a771c0
AZ		 3488/***********************************************************/
3489/* MMIO based ide port
3490 * This emulates IDE device connected directly to the CPU bus without
3491 * dedicated ide controller, which is often seen on embedded boards.
3492 */
3493
3494typedef struct {
3495 void *dev;
3496 int shift;
3497} MMIOState;
3498
3499static uint32_t mmio_ide_read (void *opaque, target_phys_addr_t addr)
3500{
3501 MMIOState *s = (MMIOState*)opaque;
3502 IDEState *ide = (IDEState*)s->dev;
3503 addr >>= s->shift;
3504 if (addr & 7)
3505 return ide_ioport_read(ide, addr);
3506 else
3507 return ide_data_readw(ide, 0);
3508}
3509
3510static void mmio_ide_write (void *opaque, target_phys_addr_t addr,
3511 uint32_t val)
3512{
3513 MMIOState *s = (MMIOState*)opaque;
3514 IDEState *ide = (IDEState*)s->dev;
3515 addr >>= s->shift;
3516 if (addr & 7)
3517 ide_ioport_write(ide, addr, val);
3518 else
3519 ide_data_writew(ide, 0, val);
3520}
3521
3522static CPUReadMemoryFunc *mmio_ide_reads[] = {
3523 mmio_ide_read,
3524 mmio_ide_read,
3525 mmio_ide_read,
3526};
3527
3528static CPUWriteMemoryFunc *mmio_ide_writes[] = {
3529 mmio_ide_write,
3530 mmio_ide_write,
3531 mmio_ide_write,
3532};
3533
3534static uint32_t mmio_ide_status_read (void *opaque, target_phys_addr_t addr)
3535{
3536 MMIOState *s= (MMIOState*)opaque;
3537 IDEState *ide = (IDEState*)s->dev;
3538 return ide_status_read(ide, 0);
3539}
3540
3541static void mmio_ide_cmd_write (void *opaque, target_phys_addr_t addr,
3542 uint32_t val)
3543{
3544 MMIOState *s = (MMIOState*)opaque;
3545 IDEState *ide = (IDEState*)s->dev;
3546 ide_cmd_write(ide, 0, val);
3547}
3548
3549static CPUReadMemoryFunc *mmio_ide_status[] = {
3550 mmio_ide_status_read,
3551 mmio_ide_status_read,
3552 mmio_ide_status_read,
3553};
3554
3555static CPUWriteMemoryFunc *mmio_ide_cmd[] = {
3556 mmio_ide_cmd_write,
3557 mmio_ide_cmd_write,
3558 mmio_ide_cmd_write,
3559};
3560
3561void mmio_ide_init (target_phys_addr_t membase, target_phys_addr_t membase2,
3562 qemu_irq irq, int shift,
3563 BlockDriverState *hd0, BlockDriverState *hd1)
3564{
3565 MMIOState *s = qemu_mallocz(sizeof(MMIOState));
3566 IDEState *ide = qemu_mallocz(sizeof(IDEState) * 2);
3567 int mem1, mem2;
3568
3569 ide_init2(ide, hd0, hd1, irq);
3570
3571 s->dev = ide;
3572 s->shift = shift;
3573
3574 mem1 = cpu_register_io_memory(0, mmio_ide_reads, mmio_ide_writes, s);
3575 mem2 = cpu_register_io_memory(0, mmio_ide_status, mmio_ide_cmd, s);
3576 cpu_register_physical_memory(membase, 16 << shift, mem1);
3577 cpu_register_physical_memory(membase2, 2 << shift, mem2);
3578}
3579
201a51fc
AZ		 3580/***********************************************************/
3581/* CF-ATA Microdrive */
3582
3583#define METADATA_SIZE 0x20
3584
3585/* DSCM-1XXXX Microdrive hard disk with CF+ II / PCMCIA interface. */
3586struct md_s {
3587 IDEState ide[2];
3588 struct pcmcia_card_s card;
3589 uint32_t attr_base;
3590 uint32_t io_base;
3591
3592 /* Card state */
3593 uint8_t opt;
3594 uint8_t stat;
3595 uint8_t pins;
3596
3597 uint8_t ctrl;
3598 uint16_t io;
3599 int cycle;
3600};
3601
3602/* Register bitfields */
3603enum md_opt {
3604 OPT_MODE_MMAP = 0,
3605 OPT_MODE_IOMAP16 = 1,
3606 OPT_MODE_IOMAP1 = 2,
3607 OPT_MODE_IOMAP2 = 3,
3608 OPT_MODE = 0x3f,
3609 OPT_LEVIREQ = 0x40,
3610 OPT_SRESET = 0x80,
3611};
3612enum md_cstat {
3613 STAT_INT = 0x02,
3614 STAT_PWRDWN = 0x04,
3615 STAT_XE = 0x10,
3616 STAT_IOIS8 = 0x20,
3617 STAT_SIGCHG = 0x40,
3618 STAT_CHANGED = 0x80,
3619};
3620enum md_pins {
3621 PINS_MRDY = 0x02,
3622 PINS_CRDY = 0x20,
3623};
3624enum md_ctrl {
3625 CTRL_IEN = 0x02,
3626 CTRL_SRST = 0x04,
3627};
3628
3629static inline void md_interrupt_update(struct md_s *s)
3630{
3631 if (!s->card.slot)
3632 return;
3633
3634 qemu_set_irq(s->card.slot->irq,
3635 !(s->stat & STAT_INT) && /* Inverted */
3636 !(s->ctrl & (CTRL_IEN | CTRL_SRST)) &&
3637 !(s->opt & OPT_SRESET));
3638}
3639
3640static void md_set_irq(void *opaque, int irq, int level)
3641{
3642 struct md_s *s = (struct md_s *) opaque;
3643 if (level)
3644 s->stat |= STAT_INT;
3645 else
3646 s->stat &= ~STAT_INT;
3647
3648 md_interrupt_update(s);
3649}
3650
3651static void md_reset(struct md_s *s)
3652{
3653 s->opt = OPT_MODE_MMAP;
3654 s->stat = 0;
3655 s->pins = 0;
3656 s->cycle = 0;
3657 s->ctrl = 0;
3658 ide_reset(s->ide);
3659}
3660
9e315fa9 3661static uint8_t md_attr_read(void *opaque, uint32_t at)
201a51fc
AZ		 3662{
3663 struct md_s *s = (struct md_s *) opaque;
3664 if (at < s->attr_base) {
3665 if (at < s->card.cis_len)
3666 return s->card.cis[at];
3667 else
3668 return 0x00;
3669 }
3670
3671 at -= s->attr_base;
3672
3673 switch (at) {
3674 case 0x00: /* Configuration Option Register */
3675 return s->opt;
3676 case 0x02: /* Card Configuration Status Register */
3677 if (s->ctrl & CTRL_IEN)
3678 return s->stat & ~STAT_INT;
3679 else
3680 return s->stat;
3681 case 0x04: /* Pin Replacement Register */
3682 return (s->pins & PINS_CRDY) | 0x0c;
3683 case 0x06: /* Socket and Copy Register */
3684 return 0x00;
3685#ifdef VERBOSE
3686 default:
3687 printf("%s: Bad attribute space register %02x\n", __FUNCTION__, at);
3688#endif
3689 }
3690
3691 return 0;
3692}
3693
9e315fa9 3694static void md_attr_write(void *opaque, uint32_t at, uint8_t value)
201a51fc
AZ		 3695{
3696 struct md_s *s = (struct md_s *) opaque;
3697 at -= s->attr_base;
3698
3699 switch (at) {
3700 case 0x00: /* Configuration Option Register */
3701 s->opt = value & 0xcf;
3702 if (value & OPT_SRESET)
3703 md_reset(s);
3704 md_interrupt_update(s);
3705 break;
3706 case 0x02: /* Card Configuration Status Register */
3707 if ((s->stat ^ value) & STAT_PWRDWN)
3708 s->pins |= PINS_CRDY;
3709 s->stat &= 0x82;
3710 s->stat |= value & 0x74;
3711 md_interrupt_update(s);
3712 /* Word 170 in Identify Device must be equal to STAT_XE */
3713 break;
3714 case 0x04: /* Pin Replacement Register */
3715 s->pins &= PINS_CRDY;
3716 s->pins |= value & PINS_MRDY;
3717 break;
3718 case 0x06: /* Socket and Copy Register */
3719 break;
3720 default:
3721 printf("%s: Bad attribute space register %02x\n", __FUNCTION__, at);
3722 }
3723}
3724
9e315fa9 3725static uint16_t md_common_read(void *opaque, uint32_t at)
201a51fc
AZ		 3726{
3727 struct md_s *s = (struct md_s *) opaque;
3728 uint16_t ret;
3729 at -= s->io_base;
3730
3731 switch (s->opt & OPT_MODE) {
3732 case OPT_MODE_MMAP:
3733 if ((at & ~0x3ff) == 0x400)
3734 at = 0;
3735 break;
3736 case OPT_MODE_IOMAP16:
3737 at &= 0xf;
3738 break;
3739 case OPT_MODE_IOMAP1:
3740 if ((at & ~0xf) == 0x3f0)
3741 at -= 0x3e8;
3742 else if ((at & ~0xf) == 0x1f0)
3743 at -= 0x1f0;
3744 break;
3745 case OPT_MODE_IOMAP2:
3746 if ((at & ~0xf) == 0x370)
3747 at -= 0x368;
3748 else if ((at & ~0xf) == 0x170)
3749 at -= 0x170;
3750 }
3751
3752 switch (at) {
3753 case 0x0: /* Even RD Data */
3754 case 0x8:
3755 return ide_data_readw(s->ide, 0);
3756
3757 /* TODO: 8-bit accesses */
3758 if (s->cycle)
3759 ret = s->io >> 8;
3760 else {
3761 s->io = ide_data_readw(s->ide, 0);
3762 ret = s->io & 0xff;
3763 }
3764 s->cycle = !s->cycle;
3765 return ret;
3766 case 0x9: /* Odd RD Data */
3767 return s->io >> 8;
3768 case 0xd: /* Error */
3769 return ide_ioport_read(s->ide, 0x1);
3770 case 0xe: /* Alternate Status */
3771 if (s->ide->cur_drive->bs)
3772 return s->ide->cur_drive->status;
3773 else
3774 return 0;
3775 case 0xf: /* Device Address */
3776 return 0xc2 | ((~s->ide->select << 2) & 0x3c);
3777 default:
3778 return ide_ioport_read(s->ide, at);
3779 }
3780
3781 return 0;
3782}
3783
9e315fa9 3784static void md_common_write(void *opaque, uint32_t at, uint16_t value)
201a51fc
AZ		 3785{
3786 struct md_s *s = (struct md_s *) opaque;
3787 at -= s->io_base;
3788
3789 switch (s->opt & OPT_MODE) {
3790 case OPT_MODE_MMAP:
3791 if ((at & ~0x3ff) == 0x400)
3792 at = 0;
3793 break;
3794 case OPT_MODE_IOMAP16:
3795 at &= 0xf;
3796 break;
3797 case OPT_MODE_IOMAP1:
3798 if ((at & ~0xf) == 0x3f0)
3799 at -= 0x3e8;
3800 else if ((at & ~0xf) == 0x1f0)
3801 at -= 0x1f0;
3802 break;
3803 case OPT_MODE_IOMAP2:
3804 if ((at & ~0xf) == 0x370)
3805 at -= 0x368;
3806 else if ((at & ~0xf) == 0x170)
3807 at -= 0x170;
3808 }
3809
3810 switch (at) {
3811 case 0x0: /* Even WR Data */
3812 case 0x8:
3813 ide_data_writew(s->ide, 0, value);
3814 break;
3815
3816 /* TODO: 8-bit accesses */
3817 if (s->cycle)
3818 ide_data_writew(s->ide, 0, s->io | (value << 8));
3819 else
3820 s->io = value & 0xff;
3821 s->cycle = !s->cycle;
3822 break;
3823 case 0x9:
3824 s->io = value & 0xff;
3825 s->cycle = !s->cycle;
3826 break;
3827 case 0xd: /* Features */
3828 ide_ioport_write(s->ide, 0x1, value);
3829 break;
3830 case 0xe: /* Device Control */
3831 s->ctrl = value;
3832 if (value & CTRL_SRST)
3833 md_reset(s);
3834 md_interrupt_update(s);
3835 break;
3836 default:
3837 if (s->stat & STAT_PWRDWN) {
3838 s->pins |= PINS_CRDY;
3839 s->stat &= ~STAT_PWRDWN;
3840 }
3841 ide_ioport_write(s->ide, at, value);
3842 }
3843}
3844
aa941b94
AZ		 3845static void md_save(QEMUFile *f, void *opaque)
3846{
3847 struct md_s *s = (struct md_s *) opaque;
3848 int i;
3849 uint8_t drive1_selected;
3850
3851 qemu_put_8s(f, &s->opt);
3852 qemu_put_8s(f, &s->stat);
3853 qemu_put_8s(f, &s->pins);
3854
3855 qemu_put_8s(f, &s->ctrl);
3856 qemu_put_be16s(f, &s->io);
3857 qemu_put_byte(f, s->cycle);
3858
3859 drive1_selected = (s->ide->cur_drive != s->ide);
3860 qemu_put_8s(f, &s->ide->cmd);
3861 qemu_put_8s(f, &drive1_selected);
3862
3863 for (i = 0; i < 2; i ++)
3864 ide_save(f, &s->ide[i]);
3865}
3866
3867static int md_load(QEMUFile *f, void *opaque, int version_id)
3868{
3869 struct md_s *s = (struct md_s *) opaque;
3870 int i;
3871 uint8_t drive1_selected;
3872
3873 qemu_get_8s(f, &s->opt);
3874 qemu_get_8s(f, &s->stat);
3875 qemu_get_8s(f, &s->pins);
3876
3877 qemu_get_8s(f, &s->ctrl);
3878 qemu_get_be16s(f, &s->io);
3879 s->cycle = qemu_get_byte(f);
3880
3881 qemu_get_8s(f, &s->ide->cmd);
3882 qemu_get_8s(f, &drive1_selected);
3883 s->ide->cur_drive = &s->ide[(drive1_selected != 0)];
3884
3885 for (i = 0; i < 2; i ++)
3886 ide_load(f, &s->ide[i]);
3887
3888 return 0;
3889}
3890
201a51fc
AZ		 3891static const uint8_t dscm1xxxx_cis[0x14a] = {
3892 [0x000] = CISTPL_DEVICE, /* 5V Device Information */
3893 [0x002] = 0x03, /* Tuple length = 4 bytes */
3894 [0x004] = 0xdb, /* ID: DTYPE_FUNCSPEC, non WP, DSPEED_150NS */
3895 [0x006] = 0x01, /* Size = 2K bytes */
3896 [0x008] = CISTPL_ENDMARK,
3897
3898 [0x00a] = CISTPL_DEVICE_OC, /* Additional Device Information */
3899 [0x00c] = 0x04, /* Tuple length = 4 byest */
3900 [0x00e] = 0x03, /* Conditions: Ext = 0, Vcc 3.3V, MWAIT = 1 */
3901 [0x010] = 0xdb, /* ID: DTYPE_FUNCSPEC, non WP, DSPEED_150NS */
3902 [0x012] = 0x01, /* Size = 2K bytes */
3903 [0x014] = CISTPL_ENDMARK,
3904
3905 [0x016] = CISTPL_JEDEC_C, /* JEDEC ID */
3906 [0x018] = 0x02, /* Tuple length = 2 bytes */
3907 [0x01a] = 0xdf, /* PC Card ATA with no Vpp required */
3908 [0x01c] = 0x01,
3909
3910 [0x01e] = CISTPL_MANFID, /* Manufacture ID */
3911 [0x020] = 0x04, /* Tuple length = 4 bytes */
3912 [0x022] = 0xa4, /* TPLMID_MANF = 00a4 (IBM) */
3913 [0x024] = 0x00,
3914 [0x026] = 0x00, /* PLMID_CARD = 0000 */
3915 [0x028] = 0x00,
3916
3917 [0x02a] = CISTPL_VERS_1, /* Level 1 Version */
3918 [0x02c] = 0x12, /* Tuple length = 23 bytes */
3919 [0x02e] = 0x04, /* Major Version = JEIDA 4.2 / PCMCIA 2.1 */
3920 [0x030] = 0x01, /* Minor Version = 1 */
3921 [0x032] = 'I',
3922 [0x034] = 'B',
3923 [0x036] = 'M',
3924 [0x038] = 0x00,
3925 [0x03a] = 'm',
3926 [0x03c] = 'i',
3927 [0x03e] = 'c',
3928 [0x040] = 'r',
3929 [0x042] = 'o',
3930 [0x044] = 'd',
3931 [0x046] = 'r',
3932 [0x048] = 'i',
3933 [0x04a] = 'v',
3934 [0x04c] = 'e',
3935 [0x04e] = 0x00,
3936 [0x050] = CISTPL_ENDMARK,
3937
3938 [0x052] = CISTPL_FUNCID, /* Function ID */
3939 [0x054] = 0x02, /* Tuple length = 2 bytes */
3940 [0x056] = 0x04, /* TPLFID_FUNCTION = Fixed Disk */
3941 [0x058] = 0x01, /* TPLFID_SYSINIT: POST = 1, ROM = 0 */
3942
3943 [0x05a] = CISTPL_FUNCE, /* Function Extension */
3944 [0x05c] = 0x02, /* Tuple length = 2 bytes */
3945 [0x05e] = 0x01, /* TPLFE_TYPE = Disk Device Interface */
3946 [0x060] = 0x01, /* TPLFE_DATA = PC Card ATA Interface */
3947
3948 [0x062] = CISTPL_FUNCE, /* Function Extension */
3949 [0x064] = 0x03, /* Tuple length = 3 bytes */
3950 [0x066] = 0x02, /* TPLFE_TYPE = Basic PC Card ATA Interface */
3951 [0x068] = 0x08, /* TPLFE_DATA: Rotating, Unique, Single */
3952 [0x06a] = 0x0f, /* TPLFE_DATA: Sleep, Standby, Idle, Auto */
3953
3954 [0x06c] = CISTPL_CONFIG, /* Configuration */
3955 [0x06e] = 0x05, /* Tuple length = 5 bytes */
3956 [0x070] = 0x01, /* TPCC_RASZ = 2 bytes, TPCC_RMSZ = 1 byte */
3957 [0x072] = 0x07, /* TPCC_LAST = 7 */
3958 [0x074] = 0x00, /* TPCC_RADR = 0200 */
3959 [0x076] = 0x02,
3960 [0x078] = 0x0f, /* TPCC_RMSK = 200, 202, 204, 206 */
3961
3962 [0x07a] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
3963 [0x07c] = 0x0b, /* Tuple length = 11 bytes */
3964 [0x07e] = 0xc0, /* TPCE_INDX = Memory Mode, Default, Iface */
3965 [0x080] = 0xc0, /* TPCE_IF = Memory, no BVDs, no WP, READY */
3966 [0x082] = 0xa1, /* TPCE_FS = Vcc only, no I/O, Memory, Misc */
3967 [0x084] = 0x27, /* NomV = 1, MinV = 1, MaxV = 1, Peakl = 1 */
3968 [0x086] = 0x55, /* NomV: 5.0 V */
3969 [0x088] = 0x4d, /* MinV: 4.5 V */
3970 [0x08a] = 0x5d, /* MaxV: 5.5 V */
3971 [0x08c] = 0x4e, /* Peakl: 450 mA */
3972 [0x08e] = 0x08, /* TPCE_MS = 1 window, 1 byte, Host address */
3973 [0x090] = 0x00, /* Window descriptor: Window length = 0 */
3974 [0x092] = 0x20, /* TPCE_MI: support power down mode, RW */
3975
3976 [0x094] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
3977 [0x096] = 0x06, /* Tuple length = 6 bytes */
3978 [0x098] = 0x00, /* TPCE_INDX = Memory Mode, no Default */
3979 [0x09a] = 0x01, /* TPCE_FS = Vcc only, no I/O, no Memory */
3980 [0x09c] = 0x21, /* NomV = 1, MinV = 0, MaxV = 0, Peakl = 1 */
3981 [0x09e] = 0xb5, /* NomV: 3.3 V */
3982 [0x0a0] = 0x1e,
3983 [0x0a2] = 0x3e, /* Peakl: 350 mA */
3984
3985 [0x0a4] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
3986 [0x0a6] = 0x0d, /* Tuple length = 13 bytes */
3987 [0x0a8] = 0xc1, /* TPCE_INDX = I/O and Memory Mode, Default */
3988 [0x0aa] = 0x41, /* TPCE_IF = I/O and Memory, no BVD, no WP */
3989 [0x0ac] = 0x99, /* TPCE_FS = Vcc only, I/O, Interrupt, Misc */
3990 [0x0ae] = 0x27, /* NomV = 1, MinV = 1, MaxV = 1, Peakl = 1 */
3991 [0x0b0] = 0x55, /* NomV: 5.0 V */
3992 [0x0b2] = 0x4d, /* MinV: 4.5 V */
3993 [0x0b4] = 0x5d, /* MaxV: 5.5 V */
3994 [0x0b6] = 0x4e, /* Peakl: 450 mA */
3995 [0x0b8] = 0x64, /* TPCE_IO = 16-byte boundary, 16/8 accesses */
3996 [0x0ba] = 0xf0, /* TPCE_IR = MASK, Level, Pulse, Share */
3997 [0x0bc] = 0xff, /* IRQ0..IRQ7 supported */
3998 [0x0be] = 0xff, /* IRQ8..IRQ15 supported */
3999 [0x0c0] = 0x20, /* TPCE_MI = support power down mode */
4000
4001 [0x0c2] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
4002 [0x0c4] = 0x06, /* Tuple length = 6 bytes */
4003 [0x0c6] = 0x01, /* TPCE_INDX = I/O and Memory Mode */
4004 [0x0c8] = 0x01, /* TPCE_FS = Vcc only, no I/O, no Memory */
4005 [0x0ca] = 0x21, /* NomV = 1, MinV = 0, MaxV = 0, Peakl = 1 */
4006 [0x0cc] = 0xb5, /* NomV: 3.3 V */
4007 [0x0ce] = 0x1e,
4008 [0x0d0] = 0x3e, /* Peakl: 350 mA */
4009
4010 [0x0d2] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
4011 [0x0d4] = 0x12, /* Tuple length = 18 bytes */
4012 [0x0d6] = 0xc2, /* TPCE_INDX = I/O Primary Mode */
4013 [0x0d8] = 0x41, /* TPCE_IF = I/O and Memory, no BVD, no WP */
4014 [0x0da] = 0x99, /* TPCE_FS = Vcc only, I/O, Interrupt, Misc */
4015 [0x0dc] = 0x27, /* NomV = 1, MinV = 1, MaxV = 1, Peakl = 1 */
4016 [0x0de] = 0x55, /* NomV: 5.0 V */
4017 [0x0e0] = 0x4d, /* MinV: 4.5 V */
4018 [0x0e2] = 0x5d, /* MaxV: 5.5 V */
4019 [0x0e4] = 0x4e, /* Peakl: 450 mA */
4020 [0x0e6] = 0xea, /* TPCE_IO = 1K boundary, 16/8 access, Range */
4021 [0x0e8] = 0x61, /* Range: 2 fields, 2 bytes addr, 1 byte len */
4022 [0x0ea] = 0xf0, /* Field 1 address = 0x01f0 */
4023 [0x0ec] = 0x01,
4024 [0x0ee] = 0x07, /* Address block length = 8 */
4025 [0x0f0] = 0xf6, /* Field 2 address = 0x03f6 */
4026 [0x0f2] = 0x03,
4027 [0x0f4] = 0x01, /* Address block length = 2 */
4028 [0x0f6] = 0xee, /* TPCE_IR = IRQ E, Level, Pulse, Share */
4029 [0x0f8] = 0x20, /* TPCE_MI = support power down mode */
4030
4031 [0x0fa] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
4032 [0x0fc] = 0x06, /* Tuple length = 6 bytes */
4033 [0x0fe] = 0x02, /* TPCE_INDX = I/O Primary Mode, no Default */
4034 [0x100] = 0x01, /* TPCE_FS = Vcc only, no I/O, no Memory */
4035 [0x102] = 0x21, /* NomV = 1, MinV = 0, MaxV = 0, Peakl = 1 */
4036 [0x104] = 0xb5, /* NomV: 3.3 V */
4037 [0x106] = 0x1e,
4038 [0x108] = 0x3e, /* Peakl: 350 mA */
4039
4040 [0x10a] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
4041 [0x10c] = 0x12, /* Tuple length = 18 bytes */
4042 [0x10e] = 0xc3, /* TPCE_INDX = I/O Secondary Mode, Default */
4043 [0x110] = 0x41, /* TPCE_IF = I/O and Memory, no BVD, no WP */
4044 [0x112] = 0x99, /* TPCE_FS = Vcc only, I/O, Interrupt, Misc */
4045 [0x114] = 0x27, /* NomV = 1, MinV = 1, MaxV = 1, Peakl = 1 */
4046 [0x116] = 0x55, /* NomV: 5.0 V */
4047 [0x118] = 0x4d, /* MinV: 4.5 V */
4048 [0x11a] = 0x5d, /* MaxV: 5.5 V */
4049 [0x11c] = 0x4e, /* Peakl: 450 mA */
4050 [0x11e] = 0xea, /* TPCE_IO = 1K boundary, 16/8 access, Range */
4051 [0x120] = 0x61, /* Range: 2 fields, 2 byte addr, 1 byte len */
4052 [0x122] = 0x70, /* Field 1 address = 0x0170 */
4053 [0x124] = 0x01,
4054 [0x126] = 0x07, /* Address block length = 8 */
4055 [0x128] = 0x76, /* Field 2 address = 0x0376 */
4056 [0x12a] = 0x03,
4057 [0x12c] = 0x01, /* Address block length = 2 */
4058 [0x12e] = 0xee, /* TPCE_IR = IRQ E, Level, Pulse, Share */
4059 [0x130] = 0x20, /* TPCE_MI = support power down mode */
4060
4061 [0x132] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
4062 [0x134] = 0x06, /* Tuple length = 6 bytes */
4063 [0x136] = 0x03, /* TPCE_INDX = I/O Secondary Mode */
4064 [0x138] = 0x01, /* TPCE_FS = Vcc only, no I/O, no Memory */
4065 [0x13a] = 0x21, /* NomV = 1, MinV = 0, MaxV = 0, Peakl = 1 */
4066 [0x13c] = 0xb5, /* NomV: 3.3 V */
4067 [0x13e] = 0x1e,
4068 [0x140] = 0x3e, /* Peakl: 350 mA */
4069
4070 [0x142] = CISTPL_NO_LINK, /* No Link */
4071 [0x144] = 0x00, /* Tuple length = 0 bytes */
4072
4073 [0x146] = CISTPL_END, /* Tuple End */
4074};
4075
4076static int dscm1xxxx_attach(void *opaque)
4077{
4078 struct md_s *md = (struct md_s *) opaque;
4079 md->card.attr_read = md_attr_read;
4080 md->card.attr_write = md_attr_write;
4081 md->card.common_read = md_common_read;
4082 md->card.common_write = md_common_write;
4083 md->card.io_read = md_common_read;
4084 md->card.io_write = md_common_write;
4085
4086 md->attr_base = md->card.cis[0x74] | (md->card.cis[0x76] << 8);
4087 md->io_base = 0x0;
4088
4089 md_reset(md);
4090 md_interrupt_update(md);
4091
4092 md->card.slot->card_string = "DSCM-1xxxx Hitachi Microdrive";
4093 return 0;
4094}
4095
4096static int dscm1xxxx_detach(void *opaque)
4097{
4098 struct md_s *md = (struct md_s *) opaque;
4099 md_reset(md);
4100 return 0;
4101}
4102
4103struct pcmcia_card_s *dscm1xxxx_init(BlockDriverState *bdrv)
4104{
4105 struct md_s *md = (struct md_s *) qemu_mallocz(sizeof(struct md_s));
4106 md->card.state = md;
4107 md->card.attach = dscm1xxxx_attach;
4108 md->card.detach = dscm1xxxx_detach;
4109 md->card.cis = dscm1xxxx_cis;
4110 md->card.cis_len = sizeof(dscm1xxxx_cis);
4111
4112 ide_init2(md->ide, bdrv, 0, qemu_allocate_irqs(md_set_irq, md, 1)[0]);
4113 md->ide->is_cf = 1;
4114 md->ide->mdata_size = METADATA_SIZE;
4115 md->ide->mdata_storage = (uint8_t *) qemu_mallocz(METADATA_SIZE);
aa941b94 4116
18be5187 4117 register_savevm("microdrive", -1, 0, md_save, md_load, md);
aa941b94 4118
201a51fc
AZ		 4119 return &md->card;
4120}
Qemu copy for testing