]> git.proxmox.com Git - qemu.git/blame - hw/ide.c
projects / qemu.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
DB-DMA IDE asynchronous I/O
[qemu.git] / hw / ide.c
CommitLineData
5391d806 1/*
38cdea7c 2 * QEMU IDE disk and CD/DVD-ROM Emulator
5fafdf24 3 *
5391d806 4 * Copyright (c) 2003 Fabrice Bellard
201a51fc 5 * Copyright (c) 2006 Openedhand Ltd.
5fafdf24 6 *
5391d806
FB		 7 * Permission is hereby granted, free of charge, to any person obtaining a copy
8 * of this software and associated documentation files (the "Software"), to deal
9 * in the Software without restriction, including without limitation the rights
10 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
11 * copies of the Software, and to permit persons to whom the Software is
12 * furnished to do so, subject to the following conditions:
13 *
14 * The above copyright notice and this permission notice shall be included in
15 * all copies or substantial portions of the Software.
16 *
17 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
18 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
19 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
20 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
21 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
22 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
23 * THE SOFTWARE.
24 */
87ecb68b
PB		 25#include "hw.h"
26#include "pc.h"
27#include "pci.h"
28#include "scsi-disk.h"
29#include "pcmcia.h"
30#include "block.h"
b0a7b120 31#include "block_int.h"
87ecb68b
PB		 32#include "qemu-timer.h"
33#include "sysemu.h"
9596ebb7 34#include "ppc_mac.h"
e3007e66 35#include "mac_dbdma.h"
b79e1752 36#include "sh.h"
1fb8648d 37#include "dma.h"
5391d806 38
5391d806
FB		 39/* debug IDE devices */
40//#define DEBUG_IDE
41//#define DEBUG_IDE_ATAPI
8ccad811
FB		 42//#define DEBUG_AIO
43#define USE_DMA_CDROM
5391d806
FB		 44
45/* Bits of HD_STATUS */
46#define ERR_STAT 0x01
47#define INDEX_STAT 0x02
48#define ECC_STAT 0x04 /* Corrected error */
49#define DRQ_STAT 0x08
50#define SEEK_STAT 0x10
51#define SRV_STAT 0x10
52#define WRERR_STAT 0x20
53#define READY_STAT 0x40
54#define BUSY_STAT 0x80
55
56/* Bits for HD_ERROR */
57#define MARK_ERR 0x01 /* Bad address mark */
58#define TRK0_ERR 0x02 /* couldn't find track 0 */
59#define ABRT_ERR 0x04 /* Command aborted */
60#define MCR_ERR 0x08 /* media change request */
61#define ID_ERR 0x10 /* ID field not found */
62#define MC_ERR 0x20 /* media changed */
63#define ECC_ERR 0x40 /* Uncorrectable ECC error */
64#define BBD_ERR 0x80 /* pre-EIDE meaning: block marked bad */
65#define ICRC_ERR 0x80 /* new meaning: CRC error during transfer */
66
67/* Bits of HD_NSECTOR */
68#define CD 0x01
69#define IO 0x02
70#define REL 0x04
71#define TAG_MASK 0xf8
72
73#define IDE_CMD_RESET 0x04
74#define IDE_CMD_DISABLE_IRQ 0x02
75
76/* ATA/ATAPI Commands pre T13 Spec */
77#define WIN_NOP 0x00
78/*
79 * 0x01->0x02 Reserved
80 */
81#define CFA_REQ_EXT_ERROR_CODE 0x03 /* CFA Request Extended Error Code */
82/*
83 * 0x04->0x07 Reserved
84 */
85#define WIN_SRST 0x08 /* ATAPI soft reset command */
86#define WIN_DEVICE_RESET 0x08
87/*
88 * 0x09->0x0F Reserved
89 */
90#define WIN_RECAL 0x10
91#define WIN_RESTORE WIN_RECAL
92/*
93 * 0x10->0x1F Reserved
94 */
95#define WIN_READ 0x20 /* 28-Bit */
96#define WIN_READ_ONCE 0x21 /* 28-Bit without retries */
97#define WIN_READ_LONG 0x22 /* 28-Bit */
98#define WIN_READ_LONG_ONCE 0x23 /* 28-Bit without retries */
99#define WIN_READ_EXT 0x24 /* 48-Bit */
100#define WIN_READDMA_EXT 0x25 /* 48-Bit */
101#define WIN_READDMA_QUEUED_EXT 0x26 /* 48-Bit */
102#define WIN_READ_NATIVE_MAX_EXT 0x27 /* 48-Bit */
103/*
104 * 0x28
105 */
106#define WIN_MULTREAD_EXT 0x29 /* 48-Bit */
107/*
108 * 0x2A->0x2F Reserved
109 */
110#define WIN_WRITE 0x30 /* 28-Bit */
111#define WIN_WRITE_ONCE 0x31 /* 28-Bit without retries */
112#define WIN_WRITE_LONG 0x32 /* 28-Bit */
113#define WIN_WRITE_LONG_ONCE 0x33 /* 28-Bit without retries */
114#define WIN_WRITE_EXT 0x34 /* 48-Bit */
115#define WIN_WRITEDMA_EXT 0x35 /* 48-Bit */
116#define WIN_WRITEDMA_QUEUED_EXT 0x36 /* 48-Bit */
117#define WIN_SET_MAX_EXT 0x37 /* 48-Bit */
118#define CFA_WRITE_SECT_WO_ERASE 0x38 /* CFA Write Sectors without erase */
119#define WIN_MULTWRITE_EXT 0x39 /* 48-Bit */
120/*
121 * 0x3A->0x3B Reserved
122 */
123#define WIN_WRITE_VERIFY 0x3C /* 28-Bit */
124/*
125 * 0x3D->0x3F Reserved
126 */
127#define WIN_VERIFY 0x40 /* 28-Bit - Read Verify Sectors */
128#define WIN_VERIFY_ONCE 0x41 /* 28-Bit - without retries */
129#define WIN_VERIFY_EXT 0x42 /* 48-Bit */
130/*
131 * 0x43->0x4F Reserved
132 */
133#define WIN_FORMAT 0x50
134/*
135 * 0x51->0x5F Reserved
136 */
137#define WIN_INIT 0x60
138/*
139 * 0x61->0x5F Reserved
140 */
141#define WIN_SEEK 0x70 /* 0x70-0x7F Reserved */
142#define CFA_TRANSLATE_SECTOR 0x87 /* CFA Translate Sector */
143#define WIN_DIAGNOSE 0x90
144#define WIN_SPECIFY 0x91 /* set drive geometry translation */
145#define WIN_DOWNLOAD_MICROCODE 0x92
146#define WIN_STANDBYNOW2 0x94
201a51fc 147#define CFA_IDLEIMMEDIATE 0x95 /* force drive to become "ready" */
5391d806
FB		 148#define WIN_STANDBY2 0x96
149#define WIN_SETIDLE2 0x97
150#define WIN_CHECKPOWERMODE2 0x98
151#define WIN_SLEEPNOW2 0x99
152/*
153 * 0x9A VENDOR
154 */
155#define WIN_PACKETCMD 0xA0 /* Send a packet command. */
156#define WIN_PIDENTIFY 0xA1 /* identify ATAPI device */
157#define WIN_QUEUED_SERVICE 0xA2
158#define WIN_SMART 0xB0 /* self-monitoring and reporting */
201a51fc
AZ		 159#define CFA_ACCESS_METADATA_STORAGE 0xB8
160#define CFA_ERASE_SECTORS 0xC0 /* microdrives implement as NOP */
5391d806
FB		 161#define WIN_MULTREAD 0xC4 /* read sectors using multiple mode*/
162#define WIN_MULTWRITE 0xC5 /* write sectors using multiple mode */
163#define WIN_SETMULT 0xC6 /* enable/disable multiple mode */
164#define WIN_READDMA_QUEUED 0xC7 /* read sectors using Queued DMA transfers */
165#define WIN_READDMA 0xC8 /* read sectors using DMA transfers */
166#define WIN_READDMA_ONCE 0xC9 /* 28-Bit - without retries */
167#define WIN_WRITEDMA 0xCA /* write sectors using DMA transfers */
168#define WIN_WRITEDMA_ONCE 0xCB /* 28-Bit - without retries */
169#define WIN_WRITEDMA_QUEUED 0xCC /* write sectors using Queued DMA transfers */
170#define CFA_WRITE_MULTI_WO_ERASE 0xCD /* CFA Write multiple without erase */
5fafdf24 171#define WIN_GETMEDIASTATUS 0xDA
5391d806
FB		 172#define WIN_ACKMEDIACHANGE 0xDB /* ATA-1, ATA-2 vendor */
173#define WIN_POSTBOOT 0xDC
174#define WIN_PREBOOT 0xDD
175#define WIN_DOORLOCK 0xDE /* lock door on removable drives */
176#define WIN_DOORUNLOCK 0xDF /* unlock door on removable drives */
177#define WIN_STANDBYNOW1 0xE0
178#define WIN_IDLEIMMEDIATE 0xE1 /* force drive to become "ready" */
179#define WIN_STANDBY 0xE2 /* Set device in Standby Mode */
180#define WIN_SETIDLE1 0xE3
181#define WIN_READ_BUFFER 0xE4 /* force read only 1 sector */
182#define WIN_CHECKPOWERMODE1 0xE5
183#define WIN_SLEEPNOW1 0xE6
184#define WIN_FLUSH_CACHE 0xE7
185#define WIN_WRITE_BUFFER 0xE8 /* force write only 1 sector */
186#define WIN_WRITE_SAME 0xE9 /* read ata-2 to use */
187 /* SET_FEATURES 0x22 or 0xDD */
188#define WIN_FLUSH_CACHE_EXT 0xEA /* 48-Bit */
189#define WIN_IDENTIFY 0xEC /* ask drive to identify itself */
190#define WIN_MEDIAEJECT 0xED
191#define WIN_IDENTIFY_DMA 0xEE /* same as WIN_IDENTIFY, but DMA */
192#define WIN_SETFEATURES 0xEF /* set special drive features */
193#define EXABYTE_ENABLE_NEST 0xF0
201a51fc 194#define IBM_SENSE_CONDITION 0xF0 /* measure disk temperature */
5391d806
FB		 195#define WIN_SECURITY_SET_PASS 0xF1
196#define WIN_SECURITY_UNLOCK 0xF2
197#define WIN_SECURITY_ERASE_PREPARE 0xF3
198#define WIN_SECURITY_ERASE_UNIT 0xF4
199#define WIN_SECURITY_FREEZE_LOCK 0xF5
201a51fc 200#define CFA_WEAR_LEVEL 0xF5 /* microdrives implement as NOP */
5391d806
FB		 201#define WIN_SECURITY_DISABLE 0xF6
202#define WIN_READ_NATIVE_MAX 0xF8 /* return the native maximum address */
203#define WIN_SET_MAX 0xF9
204#define DISABLE_SEAGATE 0xFB
205
206/* set to 1 set disable mult support */
f66723fa 207#define MAX_MULT_SECTORS 16
5391d806 208
1d8cde5b
AJ		 209#define IDE_DMA_BUF_SECTORS 256
210
211#if (IDE_DMA_BUF_SECTORS < MAX_MULT_SECTORS)
212#error "IDE_DMA_BUF_SECTORS must be bigger or equal to MAX_MULT_SECTORS"
213#endif
214
5391d806
FB		 215/* ATAPI defines */
216
217#define ATAPI_PACKET_SIZE 12
218
219/* The generic packet command opcodes for CD/DVD Logical Units,
220 * From Table 57 of the SFF8090 Ver. 3 (Mt. Fuji) draft standard. */
221#define GPCMD_BLANK 0xa1
222#define GPCMD_CLOSE_TRACK 0x5b
223#define GPCMD_FLUSH_CACHE 0x35
224#define GPCMD_FORMAT_UNIT 0x04
225#define GPCMD_GET_CONFIGURATION 0x46
226#define GPCMD_GET_EVENT_STATUS_NOTIFICATION 0x4a
227#define GPCMD_GET_PERFORMANCE 0xac
228#define GPCMD_INQUIRY 0x12
229#define GPCMD_LOAD_UNLOAD 0xa6
230#define GPCMD_MECHANISM_STATUS 0xbd
231#define GPCMD_MODE_SELECT_10 0x55
232#define GPCMD_MODE_SENSE_10 0x5a
233#define GPCMD_PAUSE_RESUME 0x4b
234#define GPCMD_PLAY_AUDIO_10 0x45
235#define GPCMD_PLAY_AUDIO_MSF 0x47
236#define GPCMD_PLAY_AUDIO_TI 0x48
237#define GPCMD_PLAY_CD 0xbc
238#define GPCMD_PREVENT_ALLOW_MEDIUM_REMOVAL 0x1e
239#define GPCMD_READ_10 0x28
240#define GPCMD_READ_12 0xa8
241#define GPCMD_READ_CDVD_CAPACITY 0x25
242#define GPCMD_READ_CD 0xbe
243#define GPCMD_READ_CD_MSF 0xb9
244#define GPCMD_READ_DISC_INFO 0x51
245#define GPCMD_READ_DVD_STRUCTURE 0xad
246#define GPCMD_READ_FORMAT_CAPACITIES 0x23
247#define GPCMD_READ_HEADER 0x44
248#define GPCMD_READ_TRACK_RZONE_INFO 0x52
249#define GPCMD_READ_SUBCHANNEL 0x42
250#define GPCMD_READ_TOC_PMA_ATIP 0x43
251#define GPCMD_REPAIR_RZONE_TRACK 0x58
252#define GPCMD_REPORT_KEY 0xa4
253#define GPCMD_REQUEST_SENSE 0x03
254#define GPCMD_RESERVE_RZONE_TRACK 0x53
255#define GPCMD_SCAN 0xba
256#define GPCMD_SEEK 0x2b
257#define GPCMD_SEND_DVD_STRUCTURE 0xad
258#define GPCMD_SEND_EVENT 0xa2
259#define GPCMD_SEND_KEY 0xa3
260#define GPCMD_SEND_OPC 0x54
261#define GPCMD_SET_READ_AHEAD 0xa7
262#define GPCMD_SET_STREAMING 0xb6
263#define GPCMD_START_STOP_UNIT 0x1b
264#define GPCMD_STOP_PLAY_SCAN 0x4e
265#define GPCMD_TEST_UNIT_READY 0x00
266#define GPCMD_VERIFY_10 0x2f
267#define GPCMD_WRITE_10 0x2a
268#define GPCMD_WRITE_AND_VERIFY_10 0x2e
5fafdf24 269/* This is listed as optional in ATAPI 2.6, but is (curiously)
5391d806
FB		 270 * missing from Mt. Fuji, Table 57. It _is_ mentioned in Mt. Fuji
271 * Table 377 as an MMC command for SCSi devices though... Most ATAPI
272 * drives support it. */
273#define GPCMD_SET_SPEED 0xbb
5fafdf24 274/* This seems to be a SCSI specific CD-ROM opcode
5391d806
FB		 275 * to play data at track/index */
276#define GPCMD_PLAYAUDIO_TI 0x48
277/*
278 * From MS Media Status Notification Support Specification. For
279 * older drives only.
280 */
281#define GPCMD_GET_MEDIA_STATUS 0xda
d14049ea 282#define GPCMD_MODE_SENSE_6 0x1a
5391d806
FB		 283
284/* Mode page codes for mode sense/set */
285#define GPMODE_R_W_ERROR_PAGE 0x01
286#define GPMODE_WRITE_PARMS_PAGE 0x05
287#define GPMODE_AUDIO_CTL_PAGE 0x0e
288#define GPMODE_POWER_PAGE 0x1a
289#define GPMODE_FAULT_FAIL_PAGE 0x1c
290#define GPMODE_TO_PROTECT_PAGE 0x1d
291#define GPMODE_CAPABILITIES_PAGE 0x2a
292#define GPMODE_ALL_PAGES 0x3f
293/* Not in Mt. Fuji, but in ATAPI 2.6 -- depricated now in favor
294 * of MODE_SENSE_POWER_PAGE */
295#define GPMODE_CDROM_PAGE 0x0d
296
38cdea7c
AZ		 297/*
298 * Based on values from <linux/cdrom.h> but extending CD_MINS
299 * to the maximum common size allowed by the Orange's Book ATIP
300 *
301 * 90 and 99 min CDs are also available but using them as the
302 * upper limit reduces the effectiveness of the heuristic to
303 * detect DVDs burned to less than 25% of their maximum capacity
304 */
305
306/* Some generally useful CD-ROM information */
307#define CD_MINS 80 /* max. minutes per CD */
308#define CD_SECS 60 /* seconds per minute */
309#define CD_FRAMES 75 /* frames per second */
310#define CD_FRAMESIZE 2048 /* bytes per frame, "cooked" mode */
311#define CD_MAX_BYTES (CD_MINS * CD_SECS * CD_FRAMES * CD_FRAMESIZE)
312#define CD_MAX_SECTORS (CD_MAX_BYTES / 512)
313
314/*
315 * The MMC values are not IDE specific and might need to be moved
316 * to a common header if they are also needed for the SCSI emulation
317 */
318
319/* Profile list from MMC-6 revision 1 table 91 */
320#define MMC_PROFILE_NONE 0x0000
321#define MMC_PROFILE_CD_ROM 0x0008
322#define MMC_PROFILE_CD_R 0x0009
323#define MMC_PROFILE_CD_RW 0x000A
324#define MMC_PROFILE_DVD_ROM 0x0010
325#define MMC_PROFILE_DVD_R_SR 0x0011
326#define MMC_PROFILE_DVD_RAM 0x0012
327#define MMC_PROFILE_DVD_RW_RO 0x0013
328#define MMC_PROFILE_DVD_RW_SR 0x0014
329#define MMC_PROFILE_DVD_R_DL_SR 0x0015
330#define MMC_PROFILE_DVD_R_DL_JR 0x0016
331#define MMC_PROFILE_DVD_RW_DL 0x0017
332#define MMC_PROFILE_DVD_DDR 0x0018
333#define MMC_PROFILE_DVD_PLUS_RW 0x001A
334#define MMC_PROFILE_DVD_PLUS_R 0x001B
335#define MMC_PROFILE_DVD_PLUS_RW_DL 0x002A
336#define MMC_PROFILE_DVD_PLUS_R_DL 0x002B
337#define MMC_PROFILE_BD_ROM 0x0040
338#define MMC_PROFILE_BD_R_SRM 0x0041
339#define MMC_PROFILE_BD_R_RRM 0x0042
340#define MMC_PROFILE_BD_RE 0x0043
341#define MMC_PROFILE_HDDVD_ROM 0x0050
342#define MMC_PROFILE_HDDVD_R 0x0051
343#define MMC_PROFILE_HDDVD_RAM 0x0052
344#define MMC_PROFILE_HDDVD_RW 0x0053
345#define MMC_PROFILE_HDDVD_R_DL 0x0058
346#define MMC_PROFILE_HDDVD_RW_DL 0x005A
347#define MMC_PROFILE_INVALID 0xFFFF
348
5391d806
FB		 349#define ATAPI_INT_REASON_CD 0x01 /* 0 = data transfer */
350#define ATAPI_INT_REASON_IO 0x02 /* 1 = transfer to the host */
351#define ATAPI_INT_REASON_REL 0x04
352#define ATAPI_INT_REASON_TAG 0xf8
353
354/* same constants as bochs */
7f777bf3 355#define ASC_ILLEGAL_OPCODE 0x20
5391d806
FB		 356#define ASC_LOGICAL_BLOCK_OOR 0x21
357#define ASC_INV_FIELD_IN_CMD_PACKET 0x24
9118e7f0 358#define ASC_MEDIUM_MAY_HAVE_CHANGED 0x28
8114e9e8 359#define ASC_INCOMPATIBLE_FORMAT 0x30
5391d806
FB		 360#define ASC_MEDIUM_NOT_PRESENT 0x3a
361#define ASC_SAVING_PARAMETERS_NOT_SUPPORTED 0x39
362
201a51fc
AZ		 363#define CFA_NO_ERROR 0x00
364#define CFA_MISC_ERROR 0x09
365#define CFA_INVALID_COMMAND 0x20
366#define CFA_INVALID_ADDRESS 0x21
367#define CFA_ADDRESS_OVERFLOW 0x2f
368
5391d806
FB		 369#define SENSE_NONE 0
370#define SENSE_NOT_READY 2
371#define SENSE_ILLEGAL_REQUEST 5
372#define SENSE_UNIT_ATTENTION 6
373
374struct IDEState;
375
376typedef void EndTransferFunc(struct IDEState *);
377
caed8802 378/* NOTE: IDEState represents in fact one drive */
5391d806
FB		 379typedef struct IDEState {
380 /* ide config */
381 int is_cdrom;
201a51fc 382 int is_cf;
5391d806
FB		 383 int cylinders, heads, sectors;
384 int64_t nb_sectors;
385 int mult_sectors;
94458802
FB		 386 int identify_set;
387 uint16_t identify_data[256];
d537cf6c 388 qemu_irq irq;
34e538ae 389 PCIDevice *pci_dev;
98087450 390 struct BMDMAState *bmdma;
aedf5382 391 int drive_serial;
fa879c64 392 char drive_serial_str[21];
5391d806
FB		 393 /* ide regs */
394 uint8_t feature;
395 uint8_t error;
c2ff060f 396 uint32_t nsector;
5391d806
FB		 397 uint8_t sector;
398 uint8_t lcyl;
399 uint8_t hcyl;
c2ff060f
FB		 400 /* other part of tf for lba48 support */
401 uint8_t hob_feature;
402 uint8_t hob_nsector;
403 uint8_t hob_sector;
404 uint8_t hob_lcyl;
405 uint8_t hob_hcyl;
406
5391d806
FB		 407 uint8_t select;
408 uint8_t status;
c2ff060f 409
5391d806
FB		 410 /* 0x3f6 command, only meaningful for drive 0 */
411 uint8_t cmd;
c2ff060f
FB		 412 /* set for lba48 access */
413 uint8_t lba48;
5391d806 414 /* depends on bit 4 in select, only meaningful for drive 0 */
5fafdf24 415 struct IDEState *cur_drive;
5391d806
FB		 416 BlockDriverState *bs;
417 /* ATAPI specific */
418 uint8_t sense_key;
419 uint8_t asc;
420 int packet_transfer_size;
421 int elementary_transfer_size;
422 int io_buffer_index;
423 int lba;
98087450
FB		 424 int cd_sector_size;
425 int atapi_dma; /* true if dma is requested for the packet cmd */
426 /* ATA DMA state */
427 int io_buffer_size;
1fb8648d 428 QEMUSGList sg;
98087450 429 /* PIO transfer handling */
5391d806
FB		 430 int req_nb_sectors; /* number of sectors per interrupt */
431 EndTransferFunc *end_transfer_func;
432 uint8_t *data_ptr;
433 uint8_t *data_end;
33f00271 434 uint8_t *io_buffer;
31c2a146 435 QEMUTimer *sector_write_timer; /* only used for win2k install hack */
e774a278 436 uint32_t irq_count; /* counts IRQs when using win2k install hack */
201a51fc
AZ		 437 /* CF-ATA extended error */
438 uint8_t ext_error;
439 /* CF-ATA metadata storage */
440 uint32_t mdata_size;
441 uint8_t *mdata_storage;
442 int media_changed;
e3007e66
AJ		 443 /* for pmac */
444 int is_read;
5391d806
FB		 445} IDEState;
446
8114e9e8
TS		 447/* XXX: DVDs that could fit on a CD will be reported as a CD */
448static inline int media_present(IDEState *s)
449{
450 return (s->nb_sectors > 0);
451}
452
453static inline int media_is_dvd(IDEState *s)
454{
455 return (media_present(s) && s->nb_sectors > CD_MAX_SECTORS);
456}
457
458static inline int media_is_cd(IDEState *s)
459{
460 return (media_present(s) && s->nb_sectors <= CD_MAX_SECTORS);
461}
462
98087450
FB		 463#define BM_STATUS_DMAING 0x01
464#define BM_STATUS_ERROR 0x02
465#define BM_STATUS_INT 0x04
428c5705
AL		 466#define BM_STATUS_DMA_RETRY 0x08
467#define BM_STATUS_PIO_RETRY 0x10
98087450
FB		 468
469#define BM_CMD_START 0x01
470#define BM_CMD_READ 0x08
471
5457c8ce
FB		 472#define IDE_TYPE_PIIX3 0
473#define IDE_TYPE_CMD646 1
afcc3cdf 474#define IDE_TYPE_PIIX4 2
5457c8ce
FB		 475
476/* CMD646 specific */
477#define MRDMODE 0x71
478#define MRDMODE_INTR_CH0 0x04
479#define MRDMODE_INTR_CH1 0x08
480#define MRDMODE_BLK_CH0 0x10
481#define MRDMODE_BLK_CH1 0x20
482#define UDIDETCR0 0x73
483#define UDIDETCR1 0x7B
484
98087450
FB		 485typedef struct BMDMAState {
486 uint8_t cmd;
487 uint8_t status;
488 uint32_t addr;
3b46e624 489
5457c8ce 490 struct PCIIDEState *pci_dev;
98087450 491 /* current transfer state */
8ccad811
FB		 492 uint32_t cur_addr;
493 uint32_t cur_prd_last;
494 uint32_t cur_prd_addr;
495 uint32_t cur_prd_len;
98087450 496 IDEState *ide_if;
8ccad811
FB		 497 BlockDriverCompletionFunc *dma_cb;
498 BlockDriverAIOCB *aiocb;
428c5705
AL		 499 int64_t sector_num;
500 uint32_t nsector;
98087450
FB		 501} BMDMAState;
502
503typedef struct PCIIDEState {
504 PCIDevice dev;
505 IDEState ide_if[4];
506 BMDMAState bmdma[2];
5457c8ce 507 int type; /* see IDE_TYPE_xxx */
98087450
FB		 508} PCIIDEState;
509
8ccad811 510static void ide_dma_start(IDEState *s, BlockDriverCompletionFunc *dma_cb);
428c5705 511static void ide_dma_restart(IDEState *s);
5f12ab4b 512static void ide_atapi_cmd_read_dma_cb(void *opaque, int ret);
98087450 513
5391d806
FB		 514static void padstr(char *str, const char *src, int len)
515{
516 int i, v;
517 for(i = 0; i < len; i++) {
518 if (*src)
519 v = *src++;
520 else
521 v = ' ';
69b34976 522 str[i^1] = v;
5391d806
FB		 523 }
524}
525
bd0d90b2
FB		 526static void padstr8(uint8_t *buf, int buf_size, const char *src)
527{
528 int i;
529 for(i = 0; i < buf_size; i++) {
530 if (*src)
531 buf[i] = *src++;
532 else
533 buf[i] = ' ';
534 }
535}
536
67b915a5
FB		 537static void put_le16(uint16_t *p, unsigned int v)
538{
0c4ad8dc 539 *p = cpu_to_le16(v);
67b915a5
FB		 540}
541
5391d806
FB		 542static void ide_identify(IDEState *s)
543{
544 uint16_t *p;
545 unsigned int oldsize;
546
94458802
FB		 547 if (s->identify_set) {
548 memcpy(s->io_buffer, s->identify_data, sizeof(s->identify_data));
549 return;
550 }
551
5391d806
FB		 552 memset(s->io_buffer, 0, 512);
553 p = (uint16_t *)s->io_buffer;
67b915a5 554 put_le16(p + 0, 0x0040);
5fafdf24 555 put_le16(p + 1, s->cylinders);
67b915a5
FB		 556 put_le16(p + 3, s->heads);
557 put_le16(p + 4, 512 * s->sectors); /* XXX: retired, remove ? */
558 put_le16(p + 5, 512); /* XXX: retired, remove ? */
5fafdf24 559 put_le16(p + 6, s->sectors);
fa879c64 560 padstr((char *)(p + 10), s->drive_serial_str, 20); /* serial number */
67b915a5
FB		 561 put_le16(p + 20, 3); /* XXX: retired, remove ? */
562 put_le16(p + 21, 512); /* cache size in sectors */
563 put_le16(p + 22, 4); /* ecc bytes */
60fe76f3
TS		 564 padstr((char *)(p + 23), QEMU_VERSION, 8); /* firmware version */
565 padstr((char *)(p + 27), "QEMU HARDDISK", 40); /* model */
3b46e624 566#if MAX_MULT_SECTORS > 1
67b915a5 567 put_le16(p + 47, 0x8000 | MAX_MULT_SECTORS);
5391d806 568#endif
67b915a5 569 put_le16(p + 48, 1); /* dword I/O */
94458802 570 put_le16(p + 49, (1 << 11) | (1 << 9) | (1 << 8)); /* DMA and LBA supported */
67b915a5
FB		 571 put_le16(p + 51, 0x200); /* PIO transfer cycle */
572 put_le16(p + 52, 0x200); /* DMA transfer cycle */
94458802 573 put_le16(p + 53, 1 | (1 << 1) | (1 << 2)); /* words 54-58,64-70,88 are valid */
67b915a5
FB		 574 put_le16(p + 54, s->cylinders);
575 put_le16(p + 55, s->heads);
576 put_le16(p + 56, s->sectors);
5391d806 577 oldsize = s->cylinders * s->heads * s->sectors;
67b915a5
FB		 578 put_le16(p + 57, oldsize);
579 put_le16(p + 58, oldsize >> 16);
5391d806 580 if (s->mult_sectors)
67b915a5
FB		 581 put_le16(p + 59, 0x100 | s->mult_sectors);
582 put_le16(p + 60, s->nb_sectors);
583 put_le16(p + 61, s->nb_sectors >> 16);
d1b5c20d 584 put_le16(p + 62, 0x07); /* single word dma0-2 supported */
94458802
FB		 585 put_le16(p + 63, 0x07); /* mdma0-2 supported */
586 put_le16(p + 65, 120);
587 put_le16(p + 66, 120);
588 put_le16(p + 67, 120);
589 put_le16(p + 68, 120);
590 put_le16(p + 80, 0xf0); /* ata3 -> ata6 supported */
591 put_le16(p + 81, 0x16); /* conforms to ata5 */
67b915a5 592 put_le16(p + 82, (1 << 14));
c2ff060f
FB		 593 /* 13=flush_cache_ext,12=flush_cache,10=lba48 */
594 put_le16(p + 83, (1 << 14) | (1 << 13) | (1 <<12) | (1 << 10));
67b915a5
FB		 595 put_le16(p + 84, (1 << 14));
596 put_le16(p + 85, (1 << 14));
c2ff060f
FB		 597 /* 13=flush_cache_ext,12=flush_cache,10=lba48 */
598 put_le16(p + 86, (1 << 14) | (1 << 13) | (1 <<12) | (1 << 10));
67b915a5 599 put_le16(p + 87, (1 << 14));
94458802
FB		 600 put_le16(p + 88, 0x3f | (1 << 13)); /* udma5 set and supported */
601 put_le16(p + 93, 1 | (1 << 14) | 0x2000);
c2ff060f
FB		 602 put_le16(p + 100, s->nb_sectors);
603 put_le16(p + 101, s->nb_sectors >> 16);
604 put_le16(p + 102, s->nb_sectors >> 32);
605 put_le16(p + 103, s->nb_sectors >> 48);
94458802
FB		 606
607 memcpy(s->identify_data, p, sizeof(s->identify_data));
608 s->identify_set = 1;
5391d806
FB		 609}
610
611static void ide_atapi_identify(IDEState *s)
612{
613 uint16_t *p;
614
94458802
FB		 615 if (s->identify_set) {
616 memcpy(s->io_buffer, s->identify_data, sizeof(s->identify_data));
617 return;
618 }
619
5391d806
FB		 620 memset(s->io_buffer, 0, 512);
621 p = (uint16_t *)s->io_buffer;
622 /* Removable CDROM, 50us response, 12 byte packets */
67b915a5 623 put_le16(p + 0, (2 << 14) | (5 << 8) | (1 << 7) | (2 << 5) | (0 << 0));
fa879c64 624 padstr((char *)(p + 10), s->drive_serial_str, 20); /* serial number */
67b915a5
FB		 625 put_le16(p + 20, 3); /* buffer type */
626 put_le16(p + 21, 512); /* cache size in sectors */
627 put_le16(p + 22, 4); /* ecc bytes */
60fe76f3 628 padstr((char *)(p + 23), QEMU_VERSION, 8); /* firmware version */
38cdea7c 629 padstr((char *)(p + 27), "QEMU DVD-ROM", 40); /* model */
67b915a5 630 put_le16(p + 48, 1); /* dword I/O (XXX: should not be set on CDROM) */
8ccad811
FB		 631#ifdef USE_DMA_CDROM
632 put_le16(p + 49, 1 << 9 | 1 << 8); /* DMA and LBA supported */
633 put_le16(p + 53, 7); /* words 64-70, 54-58, 88 valid */
d1b5c20d 634 put_le16(p + 62, 7); /* single word dma0-2 supported */
8ccad811
FB		 635 put_le16(p + 63, 7); /* mdma0-2 supported */
636 put_le16(p + 64, 0x3f); /* PIO modes supported */
637#else
67b915a5
FB		 638 put_le16(p + 49, 1 << 9); /* LBA supported, no DMA */
639 put_le16(p + 53, 3); /* words 64-70, 54-58 valid */
640 put_le16(p + 63, 0x103); /* DMA modes XXX: may be incorrect */
641 put_le16(p + 64, 1); /* PIO modes */
8ccad811 642#endif
67b915a5
FB		 643 put_le16(p + 65, 0xb4); /* minimum DMA multiword tx cycle time */
644 put_le16(p + 66, 0xb4); /* recommended DMA multiword tx cycle time */
645 put_le16(p + 67, 0x12c); /* minimum PIO cycle time without flow control */
646 put_le16(p + 68, 0xb4); /* minimum PIO cycle time with IORDY flow control */
94458802 647
67b915a5
FB		 648 put_le16(p + 71, 30); /* in ns */
649 put_le16(p + 72, 30); /* in ns */
5391d806 650
67b915a5 651 put_le16(p + 80, 0x1e); /* support up to ATA/ATAPI-4 */
8ccad811
FB		 652#ifdef USE_DMA_CDROM
653 put_le16(p + 88, 0x3f | (1 << 13)); /* udma5 set and supported */
654#endif
94458802
FB		 655 memcpy(s->identify_data, p, sizeof(s->identify_data));
656 s->identify_set = 1;
5391d806
FB		 657}
658
201a51fc
AZ		 659static void ide_cfata_identify(IDEState *s)
660{
661 uint16_t *p;
662 uint32_t cur_sec;
201a51fc
AZ		 663
664 p = (uint16_t *) s->identify_data;
665 if (s->identify_set)
666 goto fill_buffer;
667
668 memset(p, 0, sizeof(s->identify_data));
669
670 cur_sec = s->cylinders * s->heads * s->sectors;
671
672 put_le16(p + 0, 0x848a); /* CF Storage Card signature */
673 put_le16(p + 1, s->cylinders); /* Default cylinders */
674 put_le16(p + 3, s->heads); /* Default heads */
675 put_le16(p + 6, s->sectors); /* Default sectors per track */
676 put_le16(p + 7, s->nb_sectors >> 16); /* Sectors per card */
677 put_le16(p + 8, s->nb_sectors); /* Sectors per card */
fa879c64 678 padstr((char *)(p + 10), s->drive_serial_str, 20); /* serial number */
201a51fc 679 put_le16(p + 22, 0x0004); /* ECC bytes */
60fe76f3
TS		 680 padstr((char *) (p + 23), QEMU_VERSION, 8); /* Firmware Revision */
681 padstr((char *) (p + 27), "QEMU MICRODRIVE", 40);/* Model number */
201a51fc
AZ		 682#if MAX_MULT_SECTORS > 1
683 put_le16(p + 47, 0x8000 | MAX_MULT_SECTORS);
684#else
685 put_le16(p + 47, 0x0000);
686#endif
687 put_le16(p + 49, 0x0f00); /* Capabilities */
688 put_le16(p + 51, 0x0002); /* PIO cycle timing mode */
689 put_le16(p + 52, 0x0001); /* DMA cycle timing mode */
690 put_le16(p + 53, 0x0003); /* Translation params valid */
691 put_le16(p + 54, s->cylinders); /* Current cylinders */
692 put_le16(p + 55, s->heads); /* Current heads */
693 put_le16(p + 56, s->sectors); /* Current sectors */
694 put_le16(p + 57, cur_sec); /* Current capacity */
695 put_le16(p + 58, cur_sec >> 16); /* Current capacity */
696 if (s->mult_sectors) /* Multiple sector setting */
697 put_le16(p + 59, 0x100 | s->mult_sectors);
698 put_le16(p + 60, s->nb_sectors); /* Total LBA sectors */
699 put_le16(p + 61, s->nb_sectors >> 16); /* Total LBA sectors */
700 put_le16(p + 63, 0x0203); /* Multiword DMA capability */
701 put_le16(p + 64, 0x0001); /* Flow Control PIO support */
702 put_le16(p + 65, 0x0096); /* Min. Multiword DMA cycle */
703 put_le16(p + 66, 0x0096); /* Rec. Multiword DMA cycle */
704 put_le16(p + 68, 0x00b4); /* Min. PIO cycle time */
705 put_le16(p + 82, 0x400c); /* Command Set supported */
706 put_le16(p + 83, 0x7068); /* Command Set supported */
707 put_le16(p + 84, 0x4000); /* Features supported */
708 put_le16(p + 85, 0x000c); /* Command Set enabled */
709 put_le16(p + 86, 0x7044); /* Command Set enabled */
710 put_le16(p + 87, 0x4000); /* Features enabled */
711 put_le16(p + 91, 0x4060); /* Current APM level */
712 put_le16(p + 129, 0x0002); /* Current features option */
713 put_le16(p + 130, 0x0005); /* Reassigned sectors */
714 put_le16(p + 131, 0x0001); /* Initial power mode */
715 put_le16(p + 132, 0x0000); /* User signature */
716 put_le16(p + 160, 0x8100); /* Power requirement */
717 put_le16(p + 161, 0x8001); /* CF command set */
718
719 s->identify_set = 1;
720
721fill_buffer:
722 memcpy(s->io_buffer, p, sizeof(s->identify_data));
723}
724
5391d806
FB		 725static void ide_set_signature(IDEState *s)
726{
727 s->select &= 0xf0; /* clear head */
728 /* put signature */
729 s->nsector = 1;
730 s->sector = 1;
731 if (s->is_cdrom) {
732 s->lcyl = 0x14;
733 s->hcyl = 0xeb;
734 } else if (s->bs) {
735 s->lcyl = 0;
736 s->hcyl = 0;
737 } else {
738 s->lcyl = 0xff;
739 s->hcyl = 0xff;
740 }
741}
742
743static inline void ide_abort_command(IDEState *s)
744{
745 s->status = READY_STAT | ERR_STAT;
746 s->error = ABRT_ERR;
747}
748
5604e090
AZ		 749static inline void ide_dma_submit_check(IDEState *s,
750 BlockDriverCompletionFunc *dma_cb, BMDMAState *bm)
751{
752 if (bm->aiocb)
753 return;
754 dma_cb(bm, -1);
755}
756
5391d806
FB		 757static inline void ide_set_irq(IDEState *s)
758{
98ff7d30 759 BMDMAState *bm = s->bmdma;
5391d806 760 if (!(s->cmd & IDE_CMD_DISABLE_IRQ)) {
5457c8ce 761 if (bm) {
98ff7d30 762 bm->status |= BM_STATUS_INT;
5457c8ce 763 }
d537cf6c 764 qemu_irq_raise(s->irq);
5391d806
FB		 765 }
766}
767
768/* prepare data transfer and tell what to do after */
5fafdf24 769static void ide_transfer_start(IDEState *s, uint8_t *buf, int size,
5391d806
FB		 770 EndTransferFunc *end_transfer_func)
771{
772 s->end_transfer_func = end_transfer_func;
773 s->data_ptr = buf;
774 s->data_end = buf + size;
7603d156
TS		 775 if (!(s->status & ERR_STAT))
776 s->status |= DRQ_STAT;
5391d806
FB		 777}
778
779static void ide_transfer_stop(IDEState *s)
780{
781 s->end_transfer_func = ide_transfer_stop;
782 s->data_ptr = s->io_buffer;
783 s->data_end = s->io_buffer;
784 s->status &= ~DRQ_STAT;
785}
786
787static int64_t ide_get_sector(IDEState *s)
788{
789 int64_t sector_num;
790 if (s->select & 0x40) {
791 /* lba */
c2ff060f
FB		 792 if (!s->lba48) {
793 sector_num = ((s->select & 0x0f) << 24) | (s->hcyl << 16) |
794 (s->lcyl << 8) | s->sector;
795 } else {
796 sector_num = ((int64_t)s->hob_hcyl << 40) |
797 ((int64_t) s->hob_lcyl << 32) |
798 ((int64_t) s->hob_sector << 24) |
799 ((int64_t) s->hcyl << 16) |
800 ((int64_t) s->lcyl << 8) | s->sector;
801 }
5391d806
FB		 802 } else {
803 sector_num = ((s->hcyl << 8) | s->lcyl) * s->heads * s->sectors +
c2ff060f 804 (s->select & 0x0f) * s->sectors + (s->sector - 1);
5391d806
FB		 805 }
806 return sector_num;
807}
808
809static void ide_set_sector(IDEState *s, int64_t sector_num)
810{
811 unsigned int cyl, r;
812 if (s->select & 0x40) {
c2ff060f
FB		 813 if (!s->lba48) {
814 s->select = (s->select & 0xf0) | (sector_num >> 24);
815 s->hcyl = (sector_num >> 16);
816 s->lcyl = (sector_num >> 8);
817 s->sector = (sector_num);
818 } else {
819 s->sector = sector_num;
820 s->lcyl = sector_num >> 8;
821 s->hcyl = sector_num >> 16;
822 s->hob_sector = sector_num >> 24;
823 s->hob_lcyl = sector_num >> 32;
824 s->hob_hcyl = sector_num >> 40;
825 }
5391d806
FB		 826 } else {
827 cyl = sector_num / (s->heads * s->sectors);
828 r = sector_num % (s->heads * s->sectors);
829 s->hcyl = cyl >> 8;
830 s->lcyl = cyl;
1b8eb456 831 s->select = (s->select & 0xf0) | ((r / s->sectors) & 0x0f);
5391d806
FB		 832 s->sector = (r % s->sectors) + 1;
833 }
834}
835
e162cfb0
AZ		 836static void ide_rw_error(IDEState *s) {
837 ide_abort_command(s);
838 ide_set_irq(s);
839}
840
5391d806
FB		 841static void ide_sector_read(IDEState *s)
842{
843 int64_t sector_num;
844 int ret, n;
845
846 s->status = READY_STAT | SEEK_STAT;
a136e5a8 847 s->error = 0; /* not needed by IDE spec, but needed by Windows */
5391d806
FB		 848 sector_num = ide_get_sector(s);
849 n = s->nsector;
850 if (n == 0) {
851 /* no more sector to read from disk */
852 ide_transfer_stop(s);
853 } else {
854#if defined(DEBUG_IDE)
18c5f8ea 855 printf("read sector=%" PRId64 "\n", sector_num);
5391d806
FB		 856#endif
857 if (n > s->req_nb_sectors)
858 n = s->req_nb_sectors;
859 ret = bdrv_read(s->bs, sector_num, s->io_buffer, n);
e162cfb0
AZ		 860 if (ret != 0) {
861 ide_rw_error(s);
862 return;
863 }
5391d806
FB		 864 ide_transfer_start(s, s->io_buffer, 512 * n, ide_sector_read);
865 ide_set_irq(s);
866 ide_set_sector(s, sector_num + n);
867 s->nsector -= n;
868 }
869}
870
7aea4412
AL		 871
872/* return 0 if buffer completed */
873static int dma_buf_prepare(BMDMAState *bm, int is_write)
874{
875 IDEState *s = bm->ide_if;
876 struct {
877 uint32_t addr;
878 uint32_t size;
879 } prd;
880 int l, len;
7aea4412 881
1fb8648d 882 qemu_sglist_init(&s->sg, s->nsector / (TARGET_PAGE_SIZE/512) + 1);
7aea4412
AL		 883 s->io_buffer_size = 0;
884 for(;;) {
885 if (bm->cur_prd_len == 0) {
886 /* end of table (with a fail safe of one page) */
887 if (bm->cur_prd_last ||
888 (bm->cur_addr - bm->addr) >= 4096)
889 return s->io_buffer_size != 0;
890 cpu_physical_memory_read(bm->cur_addr, (uint8_t *)&prd, 8);
891 bm->cur_addr += 8;
892 prd.addr = le32_to_cpu(prd.addr);
893 prd.size = le32_to_cpu(prd.size);
894 len = prd.size & 0xfffe;
895 if (len == 0)
896 len = 0x10000;
897 bm->cur_prd_len = len;
898 bm->cur_prd_addr = prd.addr;
899 bm->cur_prd_last = (prd.size & 0x80000000);
900 }
901 l = bm->cur_prd_len;
902 if (l > 0) {
1fb8648d
AL		 903 qemu_sglist_add(&s->sg, bm->cur_prd_addr, l);
904 bm->cur_prd_addr += l;
905 bm->cur_prd_len -= l;
906 s->io_buffer_size += l;
7aea4412
AL		 907 }
908 }
909 return 1;
910}
911
912static void dma_buf_commit(IDEState *s, int is_write)
913{
1fb8648d 914 qemu_sglist_destroy(&s->sg);
7aea4412
AL		 915}
916
e162cfb0
AZ		 917static void ide_dma_error(IDEState *s)
918{
919 ide_transfer_stop(s);
920 s->error = ABRT_ERR;
921 s->status = READY_STAT | ERR_STAT;
922 ide_set_irq(s);
923}
924
428c5705
AL		 925static int ide_handle_write_error(IDEState *s, int error, int op)
926{
927 BlockInterfaceErrorAction action = drive_get_onerror(s->bs);
928
929 if (action == BLOCK_ERR_IGNORE)
930 return 0;
931
932 if ((error == ENOSPC && action == BLOCK_ERR_STOP_ENOSPC)
933 || action == BLOCK_ERR_STOP_ANY) {
934 s->bmdma->ide_if = s;
935 s->bmdma->status |= op;
936 vm_stop(0);
937 } else {
7aea4412
AL		 938 if (op == BM_STATUS_DMA_RETRY) {
939 dma_buf_commit(s, 0);
428c5705 940 ide_dma_error(s);
7aea4412 941 } else {
428c5705 942 ide_rw_error(s);
7aea4412 943 }
428c5705
AL		 944 }
945
946 return 1;
947}
948
8ccad811
FB		 949/* return 0 if buffer completed */
950static int dma_buf_rw(BMDMAState *bm, int is_write)
98087450 951{
8ccad811
FB		 952 IDEState *s = bm->ide_if;
953 struct {
954 uint32_t addr;
955 uint32_t size;
956 } prd;
957 int l, len;
98087450 958
8ccad811
FB		 959 for(;;) {
960 l = s->io_buffer_size - s->io_buffer_index;
5fafdf24 961 if (l <= 0)
8ccad811
FB		 962 break;
963 if (bm->cur_prd_len == 0) {
964 /* end of table (with a fail safe of one page) */
965 if (bm->cur_prd_last ||
966 (bm->cur_addr - bm->addr) >= 4096)
967 return 0;
968 cpu_physical_memory_read(bm->cur_addr, (uint8_t *)&prd, 8);
969 bm->cur_addr += 8;
970 prd.addr = le32_to_cpu(prd.addr);
971 prd.size = le32_to_cpu(prd.size);
972 len = prd.size & 0xfffe;
973 if (len == 0)
974 len = 0x10000;
975 bm->cur_prd_len = len;
976 bm->cur_prd_addr = prd.addr;
977 bm->cur_prd_last = (prd.size & 0x80000000);
978 }
979 if (l > bm->cur_prd_len)
980 l = bm->cur_prd_len;
981 if (l > 0) {
982 if (is_write) {
5fafdf24 983 cpu_physical_memory_write(bm->cur_prd_addr,
8ccad811
FB		 984 s->io_buffer + s->io_buffer_index, l);
985 } else {
5fafdf24 986 cpu_physical_memory_read(bm->cur_prd_addr,
8ccad811
FB		 987 s->io_buffer + s->io_buffer_index, l);
988 }
989 bm->cur_prd_addr += l;
990 bm->cur_prd_len -= l;
991 s->io_buffer_index += l;
98087450 992 }
98087450 993 }
8ccad811
FB		 994 return 1;
995}
996
8ccad811
FB		 997static void ide_read_dma_cb(void *opaque, int ret)
998{
999 BMDMAState *bm = opaque;
1000 IDEState *s = bm->ide_if;
1001 int n;
1002 int64_t sector_num;
1003
e162cfb0 1004 if (ret < 0) {
7aea4412 1005 dma_buf_commit(s, 1);
e162cfb0
AZ		 1006 ide_dma_error(s);
1007 return;
1008 }
1009
8ccad811
FB		 1010 n = s->io_buffer_size >> 9;
1011 sector_num = ide_get_sector(s);
1012 if (n > 0) {
7aea4412 1013 dma_buf_commit(s, 1);
8ccad811
FB		 1014 sector_num += n;
1015 ide_set_sector(s, sector_num);
1016 s->nsector -= n;
8ccad811
FB		 1017 }
1018
1019 /* end of transfer ? */
1020 if (s->nsector == 0) {
98087450
FB		 1021 s->status = READY_STAT | SEEK_STAT;
1022 ide_set_irq(s);
8ccad811
FB		 1023 eot:
1024 bm->status &= ~BM_STATUS_DMAING;
1025 bm->status |= BM_STATUS_INT;
1026 bm->dma_cb = NULL;
1027 bm->ide_if = NULL;
1028 bm->aiocb = NULL;
1029 return;
98087450 1030 }
8ccad811
FB		 1031
1032 /* launch next transfer */
1033 n = s->nsector;
8ccad811
FB		 1034 s->io_buffer_index = 0;
1035 s->io_buffer_size = n * 512;
7aea4412
AL		 1036 if (dma_buf_prepare(bm, 1) == 0)
1037 goto eot;
8ccad811 1038#ifdef DEBUG_AIO
5df23f53 1039 printf("aio_read: sector_num=%" PRId64 " n=%d\n", sector_num, n);
8ccad811 1040#endif
1fb8648d 1041 bm->aiocb = dma_bdrv_read(s->bs, &s->sg, sector_num, ide_read_dma_cb, bm);
5604e090 1042 ide_dma_submit_check(s, ide_read_dma_cb, bm);
98087450
FB		 1043}
1044
1045static void ide_sector_read_dma(IDEState *s)
1046{
8ccad811 1047 s->status = READY_STAT | SEEK_STAT | DRQ_STAT | BUSY_STAT;
98087450
FB		 1048 s->io_buffer_index = 0;
1049 s->io_buffer_size = 0;
e3007e66 1050 s->is_read = 1;
98087450
FB		 1051 ide_dma_start(s, ide_read_dma_cb);
1052}
1053
a09db21f
FB		 1054static void ide_sector_write_timer_cb(void *opaque)
1055{
1056 IDEState *s = opaque;
1057 ide_set_irq(s);
1058}
1059
5391d806
FB		 1060static void ide_sector_write(IDEState *s)
1061{
1062 int64_t sector_num;
31c2a146 1063 int ret, n, n1;
5391d806
FB		 1064
1065 s->status = READY_STAT | SEEK_STAT;
1066 sector_num = ide_get_sector(s);
1067#if defined(DEBUG_IDE)
18c5f8ea 1068 printf("write sector=%" PRId64 "\n", sector_num);
5391d806
FB		 1069#endif
1070 n = s->nsector;
1071 if (n > s->req_nb_sectors)
1072 n = s->req_nb_sectors;
31c2a146 1073 ret = bdrv_write(s->bs, sector_num, s->io_buffer, n);
428c5705 1074
e162cfb0 1075 if (ret != 0) {
428c5705
AL		 1076 if (ide_handle_write_error(s, -ret, BM_STATUS_PIO_RETRY))
1077 return;
e162cfb0
AZ		 1078 }
1079
5391d806
FB		 1080 s->nsector -= n;
1081 if (s->nsector == 0) {
292eef5a 1082 /* no more sectors to write */
5391d806
FB		 1083 ide_transfer_stop(s);
1084 } else {
1085 n1 = s->nsector;
1086 if (n1 > s->req_nb_sectors)
1087 n1 = s->req_nb_sectors;
1088 ide_transfer_start(s, s->io_buffer, 512 * n1, ide_sector_write);
1089 }
1090 ide_set_sector(s, sector_num + n);
3b46e624 1091
31c2a146
TS		 1092#ifdef TARGET_I386
1093 if (win2k_install_hack && ((++s->irq_count % 16) == 0)) {
1094 /* It seems there is a bug in the Windows 2000 installer HDD
1095 IDE driver which fills the disk with empty logs when the
1096 IDE write IRQ comes too early. This hack tries to correct
1097 that at the expense of slower write performances. Use this
1098 option _only_ to install Windows 2000. You must disable it
1099 for normal use. */
1100 qemu_mod_timer(s->sector_write_timer,
1101 qemu_get_clock(vm_clock) + (ticks_per_sec / 1000));
1102 } else
1103#endif
1104 {
1105 ide_set_irq(s);
1106 }
5391d806
FB		 1107}
1108
f18be901 1109static void ide_dma_restart_cb(void *opaque, int running, int reason)
428c5705
AL		 1110{
1111 BMDMAState *bm = opaque;
1112 if (!running)
1113 return;
1114 if (bm->status & BM_STATUS_DMA_RETRY) {
1115 bm->status &= ~BM_STATUS_DMA_RETRY;
1116 ide_dma_restart(bm->ide_if);
1117 } else if (bm->status & BM_STATUS_PIO_RETRY) {
1118 bm->status &= ~BM_STATUS_PIO_RETRY;
1119 ide_sector_write(bm->ide_if);
1120 }
1121}
1122
8ccad811 1123static void ide_write_dma_cb(void *opaque, int ret)
98087450 1124{
8ccad811
FB		 1125 BMDMAState *bm = opaque;
1126 IDEState *s = bm->ide_if;
1127 int n;
98087450
FB		 1128 int64_t sector_num;
1129
e162cfb0 1130 if (ret < 0) {
428c5705
AL		 1131 if (ide_handle_write_error(s, -ret, BM_STATUS_DMA_RETRY))
1132 return;
e162cfb0
AZ		 1133 }
1134
8ccad811
FB		 1135 n = s->io_buffer_size >> 9;
1136 sector_num = ide_get_sector(s);
1137 if (n > 0) {
7aea4412 1138 dma_buf_commit(s, 0);
8ccad811
FB		 1139 sector_num += n;
1140 ide_set_sector(s, sector_num);
1141 s->nsector -= n;
98087450 1142 }
98087450 1143
8ccad811
FB		 1144 /* end of transfer ? */
1145 if (s->nsector == 0) {
1146 s->status = READY_STAT | SEEK_STAT;
1147 ide_set_irq(s);
1148 eot:
1149 bm->status &= ~BM_STATUS_DMAING;
1150 bm->status |= BM_STATUS_INT;
1151 bm->dma_cb = NULL;
1152 bm->ide_if = NULL;
1153 bm->aiocb = NULL;
1154 return;
1155 }
1156
98087450 1157 n = s->nsector;
98087450 1158 s->io_buffer_size = n * 512;
7aea4412
AL		 1159 /* launch next transfer */
1160 if (dma_buf_prepare(bm, 0) == 0)
8ccad811
FB		 1161 goto eot;
1162#ifdef DEBUG_AIO
5df23f53 1163 printf("aio_write: sector_num=%" PRId64 " n=%d\n", sector_num, n);
8ccad811 1164#endif
1fb8648d 1165 bm->aiocb = dma_bdrv_write(s->bs, &s->sg, sector_num, ide_write_dma_cb, bm);
5604e090 1166 ide_dma_submit_check(s, ide_write_dma_cb, bm);
8ccad811
FB		 1167}
1168
1169static void ide_sector_write_dma(IDEState *s)
1170{
1171 s->status = READY_STAT | SEEK_STAT | DRQ_STAT | BUSY_STAT;
1172 s->io_buffer_index = 0;
1173 s->io_buffer_size = 0;
e3007e66 1174 s->is_read = 0;
98087450
FB		 1175 ide_dma_start(s, ide_write_dma_cb);
1176}
1177
5391d806
FB		 1178static void ide_atapi_cmd_ok(IDEState *s)
1179{
1180 s->error = 0;
41a2b959 1181 s->status = READY_STAT | SEEK_STAT;
5391d806
FB		 1182 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
1183 ide_set_irq(s);
1184}
1185
1186static void ide_atapi_cmd_error(IDEState *s, int sense_key, int asc)
1187{
1188#ifdef DEBUG_IDE_ATAPI
1189 printf("atapi_cmd_error: sense=0x%x asc=0x%x\n", sense_key, asc);
1190#endif
1191 s->error = sense_key << 4;
1192 s->status = READY_STAT | ERR_STAT;
1193 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
1194 s->sense_key = sense_key;
1195 s->asc = asc;
1196 ide_set_irq(s);
1197}
1198
9118e7f0
AL		 1199static void ide_atapi_cmd_check_status(IDEState *s)
1200{
1201#ifdef DEBUG_IDE_ATAPI
1202 printf("atapi_cmd_check_status\n");
1203#endif
1204 s->error = MC_ERR | (SENSE_UNIT_ATTENTION << 4);
1205 s->status = ERR_STAT;
1206 s->nsector = 0;
1207 ide_set_irq(s);
1208}
1209
5391d806
FB		 1210static inline void cpu_to_ube16(uint8_t *buf, int val)
1211{
1212 buf[0] = val >> 8;
1213 buf[1] = val;
1214}
1215
1216static inline void cpu_to_ube32(uint8_t *buf, unsigned int val)
1217{
1218 buf[0] = val >> 24;
1219 buf[1] = val >> 16;
1220 buf[2] = val >> 8;
1221 buf[3] = val;
1222}
1223
1224static inline int ube16_to_cpu(const uint8_t *buf)
1225{
1226 return (buf[0] << 8) | buf[1];
1227}
1228
1229static inline int ube32_to_cpu(const uint8_t *buf)
1230{
1231 return (buf[0] << 24) | (buf[1] << 16) | (buf[2] << 8) | buf[3];
1232}
1233
98087450
FB		 1234static void lba_to_msf(uint8_t *buf, int lba)
1235{
1236 lba += 150;
1237 buf[0] = (lba / 75) / 60;
1238 buf[1] = (lba / 75) % 60;
1239 buf[2] = lba % 75;
1240}
1241
8ccad811
FB		 1242static void cd_data_to_raw(uint8_t *buf, int lba)
1243{
1244 /* sync bytes */
1245 buf[0] = 0x00;
1246 memset(buf + 1, 0xff, 10);
1247 buf[11] = 0x00;
1248 buf += 12;
1249 /* MSF */
1250 lba_to_msf(buf, lba);
1251 buf[3] = 0x01; /* mode 1 data */
1252 buf += 4;
1253 /* data */
1254 buf += 2048;
1255 /* XXX: ECC not computed */
1256 memset(buf, 0, 288);
1257}
1258
5fafdf24 1259static int cd_read_sector(BlockDriverState *bs, int lba, uint8_t *buf,
98087450
FB		 1260 int sector_size)
1261{
66c6ef76
FB		 1262 int ret;
1263
98087450
FB		 1264 switch(sector_size) {
1265 case 2048:
66c6ef76 1266 ret = bdrv_read(bs, (int64_t)lba << 2, buf, 4);
98087450
FB		 1267 break;
1268 case 2352:
66c6ef76
FB		 1269 ret = bdrv_read(bs, (int64_t)lba << 2, buf + 16, 4);
1270 if (ret < 0)
1271 return ret;
8ccad811 1272 cd_data_to_raw(buf, lba);
98087450
FB		 1273 break;
1274 default:
66c6ef76 1275 ret = -EIO;
98087450
FB		 1276 break;
1277 }
66c6ef76
FB		 1278 return ret;
1279}
1280
1281static void ide_atapi_io_error(IDEState *s, int ret)
1282{
1283 /* XXX: handle more errors */
1284 if (ret == -ENOMEDIUM) {
5fafdf24 1285 ide_atapi_cmd_error(s, SENSE_NOT_READY,
66c6ef76
FB		 1286 ASC_MEDIUM_NOT_PRESENT);
1287 } else {
5fafdf24 1288 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
66c6ef76
FB		 1289 ASC_LOGICAL_BLOCK_OOR);
1290 }
98087450
FB		 1291}
1292
5391d806
FB		 1293/* The whole ATAPI transfer logic is handled in this function */
1294static void ide_atapi_cmd_reply_end(IDEState *s)
1295{
66c6ef76 1296 int byte_count_limit, size, ret;
5391d806 1297#ifdef DEBUG_IDE_ATAPI
5fafdf24 1298 printf("reply: tx_size=%d elem_tx_size=%d index=%d\n",
5391d806
FB		 1299 s->packet_transfer_size,
1300 s->elementary_transfer_size,
1301 s->io_buffer_index);
1302#endif
1303 if (s->packet_transfer_size <= 0) {
1304 /* end of transfer */
1305 ide_transfer_stop(s);
41a2b959 1306 s->status = READY_STAT | SEEK_STAT;
5391d806
FB		 1307 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
1308 ide_set_irq(s);
1309#ifdef DEBUG_IDE_ATAPI
1310 printf("status=0x%x\n", s->status);
1311#endif
1312 } else {
1313 /* see if a new sector must be read */
98087450 1314 if (s->lba != -1 && s->io_buffer_index >= s->cd_sector_size) {
66c6ef76
FB		 1315 ret = cd_read_sector(s->bs, s->lba, s->io_buffer, s->cd_sector_size);
1316 if (ret < 0) {
1317 ide_transfer_stop(s);
1318 ide_atapi_io_error(s, ret);
1319 return;
1320 }
5391d806
FB		 1321 s->lba++;
1322 s->io_buffer_index = 0;
1323 }
1324 if (s->elementary_transfer_size > 0) {
1325 /* there are some data left to transmit in this elementary
1326 transfer */
98087450 1327 size = s->cd_sector_size - s->io_buffer_index;
5391d806
FB		 1328 if (size > s->elementary_transfer_size)
1329 size = s->elementary_transfer_size;
5fafdf24 1330 ide_transfer_start(s, s->io_buffer + s->io_buffer_index,
5391d806
FB		 1331 size, ide_atapi_cmd_reply_end);
1332 s->packet_transfer_size -= size;
1333 s->elementary_transfer_size -= size;
1334 s->io_buffer_index += size;
1335 } else {
1336 /* a new transfer is needed */
1337 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO;
1338 byte_count_limit = s->lcyl | (s->hcyl << 8);
1339#ifdef DEBUG_IDE_ATAPI
1340 printf("byte_count_limit=%d\n", byte_count_limit);
1341#endif
1342 if (byte_count_limit == 0xffff)
1343 byte_count_limit--;
1344 size = s->packet_transfer_size;
1345 if (size > byte_count_limit) {
1346 /* byte count limit must be even if this case */
1347 if (byte_count_limit & 1)
1348 byte_count_limit--;
1349 size = byte_count_limit;
5391d806 1350 }
a136e5a8
FB		 1351 s->lcyl = size;
1352 s->hcyl = size >> 8;
5391d806
FB		 1353 s->elementary_transfer_size = size;
1354 /* we cannot transmit more than one sector at a time */
1355 if (s->lba != -1) {
98087450
FB		 1356 if (size > (s->cd_sector_size - s->io_buffer_index))
1357 size = (s->cd_sector_size - s->io_buffer_index);
5391d806 1358 }
5fafdf24 1359 ide_transfer_start(s, s->io_buffer + s->io_buffer_index,
5391d806
FB		 1360 size, ide_atapi_cmd_reply_end);
1361 s->packet_transfer_size -= size;
1362 s->elementary_transfer_size -= size;
1363 s->io_buffer_index += size;
1364 ide_set_irq(s);
1365#ifdef DEBUG_IDE_ATAPI
1366 printf("status=0x%x\n", s->status);
1367#endif
1368 }
1369 }
1370}
1371
1372/* send a reply of 'size' bytes in s->io_buffer to an ATAPI command */
1373static void ide_atapi_cmd_reply(IDEState *s, int size, int max_size)
1374{
1375 if (size > max_size)
1376 size = max_size;
1377 s->lba = -1; /* no sector read */
1378 s->packet_transfer_size = size;
5f12ab4b 1379 s->io_buffer_size = size; /* dma: send the reply data as one chunk */
5391d806
FB		 1380 s->elementary_transfer_size = 0;
1381 s->io_buffer_index = 0;
1382
5f12ab4b 1383 if (s->atapi_dma) {
41a2b959 1384 s->status = READY_STAT | SEEK_STAT | DRQ_STAT;
5f12ab4b
TS		 1385 ide_dma_start(s, ide_atapi_cmd_read_dma_cb);
1386 } else {
41a2b959 1387 s->status = READY_STAT | SEEK_STAT;
5f12ab4b
TS		 1388 ide_atapi_cmd_reply_end(s);
1389 }
5391d806
FB		 1390}
1391
1392/* start a CD-CDROM read command */
98087450
FB		 1393static void ide_atapi_cmd_read_pio(IDEState *s, int lba, int nb_sectors,
1394 int sector_size)
5391d806 1395{
5391d806 1396 s->lba = lba;
98087450 1397 s->packet_transfer_size = nb_sectors * sector_size;
5391d806 1398 s->elementary_transfer_size = 0;
98087450
FB		 1399 s->io_buffer_index = sector_size;
1400 s->cd_sector_size = sector_size;
5391d806 1401
41a2b959 1402 s->status = READY_STAT | SEEK_STAT;
5391d806
FB		 1403 ide_atapi_cmd_reply_end(s);
1404}
1405
98087450 1406/* ATAPI DMA support */
8ccad811
FB		 1407
1408/* XXX: handle read errors */
1409static void ide_atapi_cmd_read_dma_cb(void *opaque, int ret)
98087450 1410{
8ccad811
FB		 1411 BMDMAState *bm = opaque;
1412 IDEState *s = bm->ide_if;
1413 int data_offset, n;
1414
66c6ef76
FB		 1415 if (ret < 0) {
1416 ide_atapi_io_error(s, ret);
1417 goto eot;
1418 }
1419
8ccad811 1420 if (s->io_buffer_size > 0) {
5f12ab4b
TS		 1421 /*
1422 * For a cdrom read sector command (s->lba != -1),
1423 * adjust the lba for the next s->io_buffer_size chunk
1424 * and dma the current chunk.
1425 * For a command != read (s->lba == -1), just transfer
1426 * the reply data.
1427 */
1428 if (s->lba != -1) {
1429 if (s->cd_sector_size == 2352) {
1430 n = 1;
1431 cd_data_to_raw(s->io_buffer, s->lba);
1432 } else {
1433 n = s->io_buffer_size >> 11;
1434 }
1435 s->lba += n;
1436 }
8ccad811 1437 s->packet_transfer_size -= s->io_buffer_size;
8ccad811
FB		 1438 if (dma_buf_rw(bm, 1) == 0)
1439 goto eot;
98087450 1440 }
8ccad811 1441
98087450 1442 if (s->packet_transfer_size <= 0) {
41a2b959 1443 s->status = READY_STAT | SEEK_STAT;
98087450
FB		 1444 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
1445 ide_set_irq(s);
8ccad811
FB		 1446 eot:
1447 bm->status &= ~BM_STATUS_DMAING;
1448 bm->status |= BM_STATUS_INT;
1449 bm->dma_cb = NULL;
1450 bm->ide_if = NULL;
1451 bm->aiocb = NULL;
1452 return;
1453 }
3b46e624 1454
8ccad811
FB		 1455 s->io_buffer_index = 0;
1456 if (s->cd_sector_size == 2352) {
1457 n = 1;
1458 s->io_buffer_size = s->cd_sector_size;
1459 data_offset = 16;
1460 } else {
1461 n = s->packet_transfer_size >> 11;
1d8cde5b
AJ		 1462 if (n > (IDE_DMA_BUF_SECTORS / 4))
1463 n = (IDE_DMA_BUF_SECTORS / 4);
8ccad811
FB		 1464 s->io_buffer_size = n * 2048;
1465 data_offset = 0;
98087450 1466 }
8ccad811
FB		 1467#ifdef DEBUG_AIO
1468 printf("aio_read_cd: lba=%u n=%d\n", s->lba, n);
1469#endif
5fafdf24
TS		 1470 bm->aiocb = bdrv_aio_read(s->bs, (int64_t)s->lba << 2,
1471 s->io_buffer + data_offset, n * 4,
8ccad811 1472 ide_atapi_cmd_read_dma_cb, bm);
66c6ef76
FB		 1473 if (!bm->aiocb) {
1474 /* Note: media not present is the most likely case */
5fafdf24 1475 ide_atapi_cmd_error(s, SENSE_NOT_READY,
66c6ef76
FB		 1476 ASC_MEDIUM_NOT_PRESENT);
1477 goto eot;
1478 }
98087450
FB		 1479}
1480
1481/* start a CD-CDROM read command with DMA */
1482/* XXX: test if DMA is available */
1483static void ide_atapi_cmd_read_dma(IDEState *s, int lba, int nb_sectors,
1484 int sector_size)
1485{
1486 s->lba = lba;
1487 s->packet_transfer_size = nb_sectors * sector_size;
8ccad811
FB		 1488 s->io_buffer_index = 0;
1489 s->io_buffer_size = 0;
98087450
FB		 1490 s->cd_sector_size = sector_size;
1491
8ccad811 1492 /* XXX: check if BUSY_STAT should be set */
41a2b959 1493 s->status = READY_STAT | SEEK_STAT | DRQ_STAT | BUSY_STAT;
98087450
FB		 1494 ide_dma_start(s, ide_atapi_cmd_read_dma_cb);
1495}
1496
5fafdf24 1497static void ide_atapi_cmd_read(IDEState *s, int lba, int nb_sectors,
98087450
FB		 1498 int sector_size)
1499{
1500#ifdef DEBUG_IDE_ATAPI
5f12ab4b
TS		 1501 printf("read %s: LBA=%d nb_sectors=%d\n", s->atapi_dma ? "dma" : "pio",
1502 lba, nb_sectors);
98087450
FB		 1503#endif
1504 if (s->atapi_dma) {
1505 ide_atapi_cmd_read_dma(s, lba, nb_sectors, sector_size);
1506 } else {
1507 ide_atapi_cmd_read_pio(s, lba, nb_sectors, sector_size);
1508 }
1509}
1510
38cdea7c
AZ		 1511static inline uint8_t ide_atapi_set_profile(uint8_t *buf, uint8_t *index,
1512 uint16_t profile)
1513{
1514 uint8_t *buf_profile = buf + 12; /* start of profiles */
1515
1516 buf_profile += ((*index) * 4); /* start of indexed profile */
1517 cpu_to_ube16 (buf_profile, profile);
1518 buf_profile[2] = ((buf_profile[0] == buf[6]) && (buf_profile[1] == buf[7]));
1519
1520 /* each profile adds 4 bytes to the response */
1521 (*index)++;
1522 buf[11] += 4; /* Additional Length */
1523
1524 return 4;
1525}
1526
8114e9e8
TS		 1527static int ide_dvd_read_structure(IDEState *s, int format,
1528 const uint8_t *packet, uint8_t *buf)
1529{
1530 switch (format) {
1531 case 0x0: /* Physical format information */
1532 {
1533 int layer = packet[6];
1534 uint64_t total_sectors;
1535
1536 if (layer != 0)
1537 return -ASC_INV_FIELD_IN_CMD_PACKET;
1538
1539 bdrv_get_geometry(s->bs, &total_sectors);
1540 total_sectors >>= 2;
1541 if (total_sectors == 0)
1542 return -ASC_MEDIUM_NOT_PRESENT;
1543
1544 buf[4] = 1; /* DVD-ROM, part version 1 */
1545 buf[5] = 0xf; /* 120mm disc, minimum rate unspecified */
1546 buf[6] = 1; /* one layer, read-only (per MMC-2 spec) */
1547 buf[7] = 0; /* default densities */
1548
1549 /* FIXME: 0x30000 per spec? */
1550 cpu_to_ube32(buf + 8, 0); /* start sector */
1551 cpu_to_ube32(buf + 12, total_sectors - 1); /* end sector */
1552 cpu_to_ube32(buf + 16, total_sectors - 1); /* l0 end sector */
1553
1554 /* Size of buffer, not including 2 byte size field */
1555 cpu_to_be16wu((uint16_t *)buf, 2048 + 2);
1556
1557 /* 2k data + 4 byte header */
1558 return (2048 + 4);
1559 }
1560
1561 case 0x01: /* DVD copyright information */
1562 buf[4] = 0; /* no copyright data */
1563 buf[5] = 0; /* no region restrictions */
1564
1565 /* Size of buffer, not including 2 byte size field */
1566 cpu_to_be16wu((uint16_t *)buf, 4 + 2);
1567
1568 /* 4 byte header + 4 byte data */
1569 return (4 + 4);
1570
1571 case 0x03: /* BCA information - invalid field for no BCA info */
1572 return -ASC_INV_FIELD_IN_CMD_PACKET;
1573
1574 case 0x04: /* DVD disc manufacturing information */
1575 /* Size of buffer, not including 2 byte size field */
1576 cpu_to_be16wu((uint16_t *)buf, 2048 + 2);
1577
1578 /* 2k data + 4 byte header */
1579 return (2048 + 4);
1580
1581 case 0xff:
1582 /*
1583 * This lists all the command capabilities above. Add new ones
1584 * in order and update the length and buffer return values.
1585 */
1586
1587 buf[4] = 0x00; /* Physical format */
1588 buf[5] = 0x40; /* Not writable, is readable */
1589 cpu_to_be16wu((uint16_t *)(buf + 6), 2048 + 4);
1590
1591 buf[8] = 0x01; /* Copyright info */
1592 buf[9] = 0x40; /* Not writable, is readable */
1593 cpu_to_be16wu((uint16_t *)(buf + 10), 4 + 4);
1594
1595 buf[12] = 0x03; /* BCA info */
1596 buf[13] = 0x40; /* Not writable, is readable */
1597 cpu_to_be16wu((uint16_t *)(buf + 14), 188 + 4);
1598
1599 buf[16] = 0x04; /* Manufacturing info */
1600 buf[17] = 0x40; /* Not writable, is readable */
1601 cpu_to_be16wu((uint16_t *)(buf + 18), 2048 + 4);
1602
1603 /* Size of buffer, not including 2 byte size field */
1604 cpu_to_be16wu((uint16_t *)buf, 16 + 2);
1605
1606 /* data written + 4 byte header */
1607 return (16 + 4);
1608
1609 default: /* TODO: formats beyond DVD-ROM requires */
1610 return -ASC_INV_FIELD_IN_CMD_PACKET;
1611 }
1612}
1613
5391d806
FB		 1614static void ide_atapi_cmd(IDEState *s)
1615{
1616 const uint8_t *packet;
1617 uint8_t *buf;
1618 int max_len;
1619
1620 packet = s->io_buffer;
1621 buf = s->io_buffer;
1622#ifdef DEBUG_IDE_ATAPI
1623 {
1624 int i;
1625 printf("ATAPI limit=0x%x packet:", s->lcyl | (s->hcyl << 8));
1626 for(i = 0; i < ATAPI_PACKET_SIZE; i++) {
1627 printf(" %02x", packet[i]);
1628 }
1629 printf("\n");
1630 }
1631#endif
9118e7f0
AL		 1632 /* If there's a UNIT_ATTENTION condition pending, only
1633 REQUEST_SENSE and INQUIRY commands are allowed to complete. */
1634 if (s->sense_key == SENSE_UNIT_ATTENTION &&
1635 s->io_buffer[0] != GPCMD_REQUEST_SENSE &&
1636 s->io_buffer[0] != GPCMD_INQUIRY) {
1637 ide_atapi_cmd_check_status(s);
1638 return;
1639 }
5391d806
FB		 1640 switch(s->io_buffer[0]) {
1641 case GPCMD_TEST_UNIT_READY:
caed8802 1642 if (bdrv_is_inserted(s->bs)) {
5391d806
FB		 1643 ide_atapi_cmd_ok(s);
1644 } else {
5fafdf24 1645 ide_atapi_cmd_error(s, SENSE_NOT_READY,
5391d806
FB		 1646 ASC_MEDIUM_NOT_PRESENT);
1647 }
1648 break;
d14049ea 1649 case GPCMD_MODE_SENSE_6:
5391d806
FB		 1650 case GPCMD_MODE_SENSE_10:
1651 {
1652 int action, code;
d14049ea
TS		 1653 if (packet[0] == GPCMD_MODE_SENSE_10)
1654 max_len = ube16_to_cpu(packet + 7);
1655 else
1656 max_len = packet[4];
5391d806
FB		 1657 action = packet[2] >> 6;
1658 code = packet[2] & 0x3f;
1659 switch(action) {
1660 case 0: /* current values */
1661 switch(code) {
1662 case 0x01: /* error recovery */
1663 cpu_to_ube16(&buf[0], 16 + 6);
1664 buf[2] = 0x70;
1665 buf[3] = 0;
1666 buf[4] = 0;
1667 buf[5] = 0;
1668 buf[6] = 0;
1669 buf[7] = 0;
1670
1671 buf[8] = 0x01;
1672 buf[9] = 0x06;
1673 buf[10] = 0x00;
1674 buf[11] = 0x05;
1675 buf[12] = 0x00;
1676 buf[13] = 0x00;
1677 buf[14] = 0x00;
1678 buf[15] = 0x00;
1679 ide_atapi_cmd_reply(s, 16, max_len);
1680 break;
1681 case 0x2a:
1682 cpu_to_ube16(&buf[0], 28 + 6);
1683 buf[2] = 0x70;
1684 buf[3] = 0;
1685 buf[4] = 0;
1686 buf[5] = 0;
1687 buf[6] = 0;
1688 buf[7] = 0;
1689
1690 buf[8] = 0x2a;
1691 buf[9] = 0x12;
0d4a05a1 1692 buf[10] = 0x00;
5391d806 1693 buf[11] = 0x00;
3b46e624 1694
d5b4eb40
AL		 1695 /* Claim PLAY_AUDIO capability (0x01) since some Linux
1696 code checks for this to automount media. */
1697 buf[12] = 0x71;
5391d806
FB		 1698 buf[13] = 3 << 5;
1699 buf[14] = (1 << 0) | (1 << 3) | (1 << 5);
caed8802 1700 if (bdrv_is_locked(s->bs))
5391d806
FB		 1701 buf[6] |= 1 << 1;
1702 buf[15] = 0x00;
1703 cpu_to_ube16(&buf[16], 706);
1704 buf[18] = 0;
1705 buf[19] = 2;
1706 cpu_to_ube16(&buf[20], 512);
1707 cpu_to_ube16(&buf[22], 706);
1708 buf[24] = 0;
1709 buf[25] = 0;
1710 buf[26] = 0;
1711 buf[27] = 0;
1712 ide_atapi_cmd_reply(s, 28, max_len);
1713 break;
1714 default:
1715 goto error_cmd;
1716 }
1717 break;
1718 case 1: /* changeable values */
1719 goto error_cmd;
1720 case 2: /* default values */
1721 goto error_cmd;
1722 default:
1723 case 3: /* saved values */
5fafdf24 1724 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
5391d806
FB		 1725 ASC_SAVING_PARAMETERS_NOT_SUPPORTED);
1726 break;
1727 }
1728 }
1729 break;
1730 case GPCMD_REQUEST_SENSE:
1731 max_len = packet[4];
1732 memset(buf, 0, 18);
1733 buf[0] = 0x70 | (1 << 7);
1734 buf[2] = s->sense_key;
1735 buf[7] = 10;
1736 buf[12] = s->asc;
9118e7f0
AL		 1737 if (s->sense_key == SENSE_UNIT_ATTENTION)
1738 s->sense_key = SENSE_NONE;
5391d806
FB		 1739 ide_atapi_cmd_reply(s, 18, max_len);
1740 break;
1741 case GPCMD_PREVENT_ALLOW_MEDIUM_REMOVAL:
caed8802
FB		 1742 if (bdrv_is_inserted(s->bs)) {
1743 bdrv_set_locked(s->bs, packet[4] & 1);
5391d806
FB		 1744 ide_atapi_cmd_ok(s);
1745 } else {
5fafdf24 1746 ide_atapi_cmd_error(s, SENSE_NOT_READY,
5391d806
FB		 1747 ASC_MEDIUM_NOT_PRESENT);
1748 }
1749 break;
1750 case GPCMD_READ_10:
1751 case GPCMD_READ_12:
1752 {
1753 int nb_sectors, lba;
1754
5391d806
FB		 1755 if (packet[0] == GPCMD_READ_10)
1756 nb_sectors = ube16_to_cpu(packet + 7);
1757 else
1758 nb_sectors = ube32_to_cpu(packet + 6);
1759 lba = ube32_to_cpu(packet + 2);
1760 if (nb_sectors == 0) {
1761 ide_atapi_cmd_ok(s);
1762 break;
1763 }
98087450
FB		 1764 ide_atapi_cmd_read(s, lba, nb_sectors, 2048);
1765 }
1766 break;
1767 case GPCMD_READ_CD:
1768 {
1769 int nb_sectors, lba, transfer_request;
1770
98087450
FB		 1771 nb_sectors = (packet[6] << 16) | (packet[7] << 8) | packet[8];
1772 lba = ube32_to_cpu(packet + 2);
1773 if (nb_sectors == 0) {
1774 ide_atapi_cmd_ok(s);
1775 break;
1776 }
98087450
FB		 1777 transfer_request = packet[9];
1778 switch(transfer_request & 0xf8) {
1779 case 0x00:
1780 /* nothing */
1781 ide_atapi_cmd_ok(s);
1782 break;
1783 case 0x10:
1784 /* normal read */
1785 ide_atapi_cmd_read(s, lba, nb_sectors, 2048);
1786 break;
1787 case 0xf8:
1788 /* read all data */
1789 ide_atapi_cmd_read(s, lba, nb_sectors, 2352);
1790 break;
1791 default:
5fafdf24 1792 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
98087450
FB		 1793 ASC_INV_FIELD_IN_CMD_PACKET);
1794 break;
1795 }
5391d806
FB		 1796 }
1797 break;
1798 case GPCMD_SEEK:
1799 {
96b8f136
TS		 1800 unsigned int lba;
1801 uint64_t total_sectors;
66c6ef76
FB		 1802
1803 bdrv_get_geometry(s->bs, &total_sectors);
1804 total_sectors >>= 2;
96b8f136 1805 if (total_sectors == 0) {
5fafdf24 1806 ide_atapi_cmd_error(s, SENSE_NOT_READY,
5391d806
FB		 1807 ASC_MEDIUM_NOT_PRESENT);
1808 break;
1809 }
1810 lba = ube32_to_cpu(packet + 2);
66c6ef76 1811 if (lba >= total_sectors) {
5fafdf24 1812 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
5391d806
FB		 1813 ASC_LOGICAL_BLOCK_OOR);
1814 break;
1815 }
1816 ide_atapi_cmd_ok(s);
1817 }
1818 break;
1819 case GPCMD_START_STOP_UNIT:
1820 {
1821 int start, eject;
1822 start = packet[4] & 1;
1823 eject = (packet[4] >> 1) & 1;
3b46e624 1824
caed8802
FB		 1825 if (eject && !start) {
1826 /* eject the disk */
66c6ef76
FB		 1827 bdrv_eject(s->bs, 1);
1828 } else if (eject && start) {
1829 /* close the tray */
1830 bdrv_eject(s->bs, 0);
caed8802 1831 }
5391d806
FB		 1832 ide_atapi_cmd_ok(s);
1833 }
1834 break;
1835 case GPCMD_MECHANISM_STATUS:
1836 {
1837 max_len = ube16_to_cpu(packet + 8);
1838 cpu_to_ube16(buf, 0);
1839 /* no current LBA */
1840 buf[2] = 0;
1841 buf[3] = 0;
1842 buf[4] = 0;
1843 buf[5] = 1;
1844 cpu_to_ube16(buf + 6, 0);
1845 ide_atapi_cmd_reply(s, 8, max_len);
1846 }
1847 break;
1848 case GPCMD_READ_TOC_PMA_ATIP:
1849 {
1850 int format, msf, start_track, len;
96b8f136 1851 uint64_t total_sectors;
5391d806 1852
66c6ef76
FB		 1853 bdrv_get_geometry(s->bs, &total_sectors);
1854 total_sectors >>= 2;
96b8f136 1855 if (total_sectors == 0) {
5fafdf24 1856 ide_atapi_cmd_error(s, SENSE_NOT_READY,
5391d806
FB		 1857 ASC_MEDIUM_NOT_PRESENT);
1858 break;
1859 }
1860 max_len = ube16_to_cpu(packet + 7);
1861 format = packet[9] >> 6;
1862 msf = (packet[1] >> 1) & 1;
1863 start_track = packet[6];
1864 switch(format) {
1865 case 0:
66c6ef76 1866 len = cdrom_read_toc(total_sectors, buf, msf, start_track);
5391d806
FB		 1867 if (len < 0)
1868 goto error_cmd;
1869 ide_atapi_cmd_reply(s, len, max_len);
1870 break;
1871 case 1:
1872 /* multi session : only a single session defined */
1873 memset(buf, 0, 12);
1874 buf[1] = 0x0a;
1875 buf[2] = 0x01;
1876 buf[3] = 0x01;
1877 ide_atapi_cmd_reply(s, 12, max_len);
1878 break;
98087450 1879 case 2:
66c6ef76 1880 len = cdrom_read_toc_raw(total_sectors, buf, msf, start_track);
98087450
FB		 1881 if (len < 0)
1882 goto error_cmd;
1883 ide_atapi_cmd_reply(s, len, max_len);
1884 break;
5391d806 1885 default:
7f777bf3 1886 error_cmd:
5fafdf24 1887 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
7f777bf3
FB		 1888 ASC_INV_FIELD_IN_CMD_PACKET);
1889 break;
5391d806
FB		 1890 }
1891 }
1892 break;
1893 case GPCMD_READ_CDVD_CAPACITY:
66c6ef76 1894 {
96b8f136 1895 uint64_t total_sectors;
66c6ef76
FB		 1896
1897 bdrv_get_geometry(s->bs, &total_sectors);
1898 total_sectors >>= 2;
96b8f136 1899 if (total_sectors == 0) {
5fafdf24 1900 ide_atapi_cmd_error(s, SENSE_NOT_READY,
66c6ef76
FB		 1901 ASC_MEDIUM_NOT_PRESENT);
1902 break;
1903 }
1904 /* NOTE: it is really the number of sectors minus 1 */
1905 cpu_to_ube32(buf, total_sectors - 1);
1906 cpu_to_ube32(buf + 4, 2048);
1907 ide_atapi_cmd_reply(s, 8, 8);
5391d806 1908 }
5391d806 1909 break;
d14049ea
TS		 1910 case GPCMD_READ_DVD_STRUCTURE:
1911 {
1912 int media = packet[1];
8114e9e8
TS		 1913 int format = packet[7];
1914 int ret;
d14049ea 1915
8114e9e8 1916 max_len = ube16_to_cpu(packet + 8);
d14049ea 1917
8114e9e8
TS		 1918 if (format < 0xff) {
1919 if (media_is_cd(s)) {
1920 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1921 ASC_INCOMPATIBLE_FORMAT);
1922 break;
1923 } else if (!media_present(s)) {
1924 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1925 ASC_INV_FIELD_IN_CMD_PACKET);
1926 break;
1927 }
1928 }
d14049ea 1929
8114e9e8
TS		 1930 memset(buf, 0, max_len > IDE_DMA_BUF_SECTORS * 512 + 4 ?
1931 IDE_DMA_BUF_SECTORS * 512 + 4 : max_len);
d14049ea 1932
8114e9e8
TS		 1933 switch (format) {
1934 case 0x00 ... 0x7f:
1935 case 0xff:
1936 if (media == 0) {
1937 ret = ide_dvd_read_structure(s, format, packet, buf);
d14049ea 1938
8114e9e8
TS		 1939 if (ret < 0)
1940 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST, -ret);
1941 else
1942 ide_atapi_cmd_reply(s, ret, max_len);
d14049ea 1943
8114e9e8
TS		 1944 break;
1945 }
1946 /* TODO: BD support, fall through for now */
1947
1948 /* Generic disk structures */
1949 case 0x80: /* TODO: AACS volume identifier */
1950 case 0x81: /* TODO: AACS media serial number */
1951 case 0x82: /* TODO: AACS media identifier */
1952 case 0x83: /* TODO: AACS media key block */
1953 case 0x90: /* TODO: List of recognized format layers */
1954 case 0xc0: /* TODO: Write protection status */
d14049ea
TS		 1955 default:
1956 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1957 ASC_INV_FIELD_IN_CMD_PACKET);
1958 break;
1959 }
1960 }
1961 break;
1962 case GPCMD_SET_SPEED:
1963 ide_atapi_cmd_ok(s);
1964 break;
bd0d90b2
FB		 1965 case GPCMD_INQUIRY:
1966 max_len = packet[4];
1967 buf[0] = 0x05; /* CD-ROM */
1968 buf[1] = 0x80; /* removable */
1969 buf[2] = 0x00; /* ISO */
1970 buf[3] = 0x21; /* ATAPI-2 (XXX: put ATAPI-4 ?) */
aa1f17c1 1971 buf[4] = 31; /* additional length */
bd0d90b2
FB		 1972 buf[5] = 0; /* reserved */
1973 buf[6] = 0; /* reserved */
1974 buf[7] = 0; /* reserved */
1975 padstr8(buf + 8, 8, "QEMU");
38cdea7c 1976 padstr8(buf + 16, 16, "QEMU DVD-ROM");
bd0d90b2
FB		 1977 padstr8(buf + 32, 4, QEMU_VERSION);
1978 ide_atapi_cmd_reply(s, 36, max_len);
1979 break;
d14049ea
TS		 1980 case GPCMD_GET_CONFIGURATION:
1981 {
38cdea7c 1982 uint32_t len;
091d055b 1983 uint8_t index = 0;
d14049ea
TS		 1984
1985 /* only feature 0 is supported */
1986 if (packet[2] != 0 || packet[3] != 0) {
1987 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1988 ASC_INV_FIELD_IN_CMD_PACKET);
1989 break;
1990 }
38cdea7c
AZ		 1991
1992 /* XXX: could result in alignment problems in some architectures */
1993 max_len = ube16_to_cpu(packet + 7);
091d055b 1994
38cdea7c 1995 /*
091d055b
AZ		 1996 * XXX: avoid overflow for io_buffer if max_len is bigger than
1997 * the size of that buffer (dimensioned to max number of
1998 * sectors to transfer at once)
38cdea7c 1999 *
091d055b 2000 * Only a problem if the feature/profiles grow.
38cdea7c
AZ		 2001 */
2002 if (max_len > 512) /* XXX: assume 1 sector */
2003 max_len = 512;
2004
2005 memset(buf, 0, max_len);
2006 /*
2007 * the number of sectors from the media tells us which profile
2008 * to use as current. 0 means there is no media
38cdea7c 2009 */
8114e9e8
TS		 2010 if (media_is_dvd(s))
2011 cpu_to_ube16(buf + 6, MMC_PROFILE_DVD_ROM);
2012 else if (media_is_cd(s))
2013 cpu_to_ube16(buf + 6, MMC_PROFILE_CD_ROM);
38cdea7c 2014
091d055b
AZ		 2015 buf[10] = 0x02 | 0x01; /* persistent and current */
2016 len = 12; /* headers: 8 + 4 */
2017 len += ide_atapi_set_profile(buf, &index, MMC_PROFILE_DVD_ROM);
2018 len += ide_atapi_set_profile(buf, &index, MMC_PROFILE_CD_ROM);
38cdea7c
AZ		 2019 cpu_to_ube32(buf, len - 4); /* data length */
2020
2021 ide_atapi_cmd_reply(s, len, max_len);
d14049ea
TS		 2022 break;
2023 }
5391d806 2024 default:
5fafdf24 2025 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
7f777bf3 2026 ASC_ILLEGAL_OPCODE);
5391d806
FB		 2027 break;
2028 }
2029}
2030
201a51fc
AZ		 2031static void ide_cfata_metadata_inquiry(IDEState *s)
2032{
2033 uint16_t *p;
2034 uint32_t spd;
2035
2036 p = (uint16_t *) s->io_buffer;
2037 memset(p, 0, 0x200);
2038 spd = ((s->mdata_size - 1) >> 9) + 1;
2039
2040 put_le16(p + 0, 0x0001); /* Data format revision */
2041 put_le16(p + 1, 0x0000); /* Media property: silicon */
2042 put_le16(p + 2, s->media_changed); /* Media status */
2043 put_le16(p + 3, s->mdata_size & 0xffff); /* Capacity in bytes (low) */
2044 put_le16(p + 4, s->mdata_size >> 16); /* Capacity in bytes (high) */
2045 put_le16(p + 5, spd & 0xffff); /* Sectors per device (low) */
2046 put_le16(p + 6, spd >> 16); /* Sectors per device (high) */
2047}
2048
2049static void ide_cfata_metadata_read(IDEState *s)
2050{
2051 uint16_t *p;
2052
2053 if (((s->hcyl << 16) | s->lcyl) << 9 > s->mdata_size + 2) {
2054 s->status = ERR_STAT;
2055 s->error = ABRT_ERR;
2056 return;
2057 }
2058
2059 p = (uint16_t *) s->io_buffer;
2060 memset(p, 0, 0x200);
2061
2062 put_le16(p + 0, s->media_changed); /* Media status */
2063 memcpy(p + 1, s->mdata_storage + (((s->hcyl << 16) | s->lcyl) << 9),
2064 MIN(MIN(s->mdata_size - (((s->hcyl << 16) | s->lcyl) << 9),
2065 s->nsector << 9), 0x200 - 2));
2066}
2067
2068static void ide_cfata_metadata_write(IDEState *s)
2069{
2070 if (((s->hcyl << 16) | s->lcyl) << 9 > s->mdata_size + 2) {
2071 s->status = ERR_STAT;
2072 s->error = ABRT_ERR;
2073 return;
2074 }
2075
2076 s->media_changed = 0;
2077
2078 memcpy(s->mdata_storage + (((s->hcyl << 16) | s->lcyl) << 9),
2079 s->io_buffer + 2,
2080 MIN(MIN(s->mdata_size - (((s->hcyl << 16) | s->lcyl) << 9),
2081 s->nsector << 9), 0x200 - 2));
2082}
2083
bd491d6a
TS		 2084/* called when the inserted state of the media has changed */
2085static void cdrom_change_cb(void *opaque)
2086{
2087 IDEState *s = opaque;
96b8f136 2088 uint64_t nb_sectors;
bd491d6a 2089
bd491d6a
TS		 2090 bdrv_get_geometry(s->bs, &nb_sectors);
2091 s->nb_sectors = nb_sectors;
9118e7f0
AL		 2092
2093 s->sense_key = SENSE_UNIT_ATTENTION;
2094 s->asc = ASC_MEDIUM_MAY_HAVE_CHANGED;
2095
2096 ide_set_irq(s);
bd491d6a
TS		 2097}
2098
c2ff060f
FB		 2099static void ide_cmd_lba48_transform(IDEState *s, int lba48)
2100{
2101 s->lba48 = lba48;
2102
2103 /* handle the 'magic' 0 nsector count conversion here. to avoid
2104 * fiddling with the rest of the read logic, we just store the
2105 * full sector count in ->nsector and ignore ->hob_nsector from now
2106 */
2107 if (!s->lba48) {
2108 if (!s->nsector)
2109 s->nsector = 256;
2110 } else {
2111 if (!s->nsector && !s->hob_nsector)
2112 s->nsector = 65536;
2113 else {
2114 int lo = s->nsector;
2115 int hi = s->hob_nsector;
2116
2117 s->nsector = (hi << 8) | lo;
2118 }
2119 }
2120}
2121
2122static void ide_clear_hob(IDEState *ide_if)
2123{
2124 /* any write clears HOB high bit of device control register */
2125 ide_if[0].select &= ~(1 << 7);
2126 ide_if[1].select &= ~(1 << 7);
2127}
2128
caed8802
FB		 2129static void ide_ioport_write(void *opaque, uint32_t addr, uint32_t val)
2130{
2131 IDEState *ide_if = opaque;
c45c3d00 2132 IDEState *s;
5391d806 2133 int unit, n;
c2ff060f 2134 int lba48 = 0;
5391d806
FB		 2135
2136#ifdef DEBUG_IDE
2137 printf("IDE: write addr=0x%x val=0x%02x\n", addr, val);
2138#endif
c2ff060f 2139
5391d806 2140 addr &= 7;
fcdd25ab
AL		 2141
2142 /* ignore writes to command block while busy with previous command */
2143 if (addr != 7 && (ide_if->cur_drive->status & (BUSY_STAT|DRQ_STAT)))
2144 return;
2145
5391d806
FB		 2146 switch(addr) {
2147 case 0:
2148 break;
2149 case 1:
c2ff060f 2150 ide_clear_hob(ide_if);
c45c3d00 2151 /* NOTE: data is written to the two drives */
c2ff060f
FB		 2152 ide_if[0].hob_feature = ide_if[0].feature;
2153 ide_if[1].hob_feature = ide_if[1].feature;
c45c3d00
FB		 2154 ide_if[0].feature = val;
2155 ide_if[1].feature = val;
5391d806
FB		 2156 break;
2157 case 2:
c2ff060f
FB		 2158 ide_clear_hob(ide_if);
2159 ide_if[0].hob_nsector = ide_if[0].nsector;
2160 ide_if[1].hob_nsector = ide_if[1].nsector;
c45c3d00
FB		 2161 ide_if[0].nsector = val;
2162 ide_if[1].nsector = val;
5391d806
FB		 2163 break;
2164 case 3:
c2ff060f
FB		 2165 ide_clear_hob(ide_if);
2166 ide_if[0].hob_sector = ide_if[0].sector;
2167 ide_if[1].hob_sector = ide_if[1].sector;
c45c3d00
FB		 2168 ide_if[0].sector = val;
2169 ide_if[1].sector = val;
5391d806
FB		 2170 break;
2171 case 4:
c2ff060f
FB		 2172 ide_clear_hob(ide_if);
2173 ide_if[0].hob_lcyl = ide_if[0].lcyl;
2174 ide_if[1].hob_lcyl = ide_if[1].lcyl;
c45c3d00
FB		 2175 ide_if[0].lcyl = val;
2176 ide_if[1].lcyl = val;
5391d806
FB		 2177 break;
2178 case 5:
c2ff060f
FB		 2179 ide_clear_hob(ide_if);
2180 ide_if[0].hob_hcyl = ide_if[0].hcyl;
2181 ide_if[1].hob_hcyl = ide_if[1].hcyl;
c45c3d00
FB		 2182 ide_if[0].hcyl = val;
2183 ide_if[1].hcyl = val;
5391d806
FB		 2184 break;
2185 case 6:
c2ff060f 2186 /* FIXME: HOB readback uses bit 7 */
7ae98627
FB		 2187 ide_if[0].select = (val & ~0x10) | 0xa0;
2188 ide_if[1].select = (val | 0x10) | 0xa0;
5391d806
FB		 2189 /* select drive */
2190 unit = (val >> 4) & 1;
2191 s = ide_if + unit;
2192 ide_if->cur_drive = s;
5391d806
FB		 2193 break;
2194 default:
2195 case 7:
2196 /* command */
2197#if defined(DEBUG_IDE)
2198 printf("ide: CMD=%02x\n", val);
2199#endif
c45c3d00 2200 s = ide_if->cur_drive;
66201e2d 2201 /* ignore commands to non existant slave */
5fafdf24 2202 if (s != ide_if && !s->bs)
66201e2d 2203 break;
c2ff060f 2204
fcdd25ab
AL		 2205 /* Only DEVICE RESET is allowed while BSY or/and DRQ are set */
2206 if ((s->status & (BUSY_STAT|DRQ_STAT)) && val != WIN_DEVICE_RESET)
2207 break;
2208
5391d806
FB		 2209 switch(val) {
2210 case WIN_IDENTIFY:
2211 if (s->bs && !s->is_cdrom) {
201a51fc
AZ		 2212 if (!s->is_cf)
2213 ide_identify(s);
2214 else
2215 ide_cfata_identify(s);
2a282056 2216 s->status = READY_STAT | SEEK_STAT;
5391d806
FB		 2217 ide_transfer_start(s, s->io_buffer, 512, ide_transfer_stop);
2218 } else {
2219 if (s->is_cdrom) {
2220 ide_set_signature(s);
2221 }
2222 ide_abort_command(s);
2223 }
2224 ide_set_irq(s);
2225 break;
2226 case WIN_SPECIFY:
2227 case WIN_RECAL:
a136e5a8 2228 s->error = 0;
769bec72 2229 s->status = READY_STAT | SEEK_STAT;
5391d806
FB		 2230 ide_set_irq(s);
2231 break;
2232 case WIN_SETMULT:
201a51fc
AZ		 2233 if (s->is_cf && s->nsector == 0) {
2234 /* Disable Read and Write Multiple */
2235 s->mult_sectors = 0;
41a2b959 2236 s->status = READY_STAT | SEEK_STAT;
201a51fc 2237 } else if ((s->nsector & 0xff) != 0 &&
39dfc926
TS		 2238 ((s->nsector & 0xff) > MAX_MULT_SECTORS ||
2239 (s->nsector & (s->nsector - 1)) != 0)) {
5391d806
FB		 2240 ide_abort_command(s);
2241 } else {
292eef5a 2242 s->mult_sectors = s->nsector & 0xff;
41a2b959 2243 s->status = READY_STAT | SEEK_STAT;
5391d806
FB		 2244 }
2245 ide_set_irq(s);
2246 break;
c2ff060f
FB		 2247 case WIN_VERIFY_EXT:
2248 lba48 = 1;
4ce900b4
FB		 2249 case WIN_VERIFY:
2250 case WIN_VERIFY_ONCE:
2251 /* do sector number check ? */
c2ff060f 2252 ide_cmd_lba48_transform(s, lba48);
41a2b959 2253 s->status = READY_STAT | SEEK_STAT;
4ce900b4
FB		 2254 ide_set_irq(s);
2255 break;
c2ff060f
FB		 2256 case WIN_READ_EXT:
2257 lba48 = 1;
5391d806
FB		 2258 case WIN_READ:
2259 case WIN_READ_ONCE:
5fafdf24 2260 if (!s->bs)
6b136f9e 2261 goto abort_cmd;
c2ff060f 2262 ide_cmd_lba48_transform(s, lba48);
5391d806
FB		 2263 s->req_nb_sectors = 1;
2264 ide_sector_read(s);
2265 break;
c2ff060f
FB		 2266 case WIN_WRITE_EXT:
2267 lba48 = 1;
5391d806
FB		 2268 case WIN_WRITE:
2269 case WIN_WRITE_ONCE:
201a51fc
AZ		 2270 case CFA_WRITE_SECT_WO_ERASE:
2271 case WIN_WRITE_VERIFY:
c2ff060f 2272 ide_cmd_lba48_transform(s, lba48);
a136e5a8 2273 s->error = 0;
f66723fa 2274 s->status = SEEK_STAT | READY_STAT;
5391d806
FB		 2275 s->req_nb_sectors = 1;
2276 ide_transfer_start(s, s->io_buffer, 512, ide_sector_write);
201a51fc 2277 s->media_changed = 1;
5391d806 2278 break;
c2ff060f
FB		 2279 case WIN_MULTREAD_EXT:
2280 lba48 = 1;
5391d806
FB		 2281 case WIN_MULTREAD:
2282 if (!s->mult_sectors)
2283 goto abort_cmd;
c2ff060f 2284 ide_cmd_lba48_transform(s, lba48);
5391d806
FB		 2285 s->req_nb_sectors = s->mult_sectors;
2286 ide_sector_read(s);
2287 break;
c2ff060f
FB		 2288 case WIN_MULTWRITE_EXT:
2289 lba48 = 1;
5391d806 2290 case WIN_MULTWRITE:
201a51fc 2291 case CFA_WRITE_MULTI_WO_ERASE:
5391d806
FB		 2292 if (!s->mult_sectors)
2293 goto abort_cmd;
c2ff060f 2294 ide_cmd_lba48_transform(s, lba48);
a136e5a8 2295 s->error = 0;
f66723fa 2296 s->status = SEEK_STAT | READY_STAT;
5391d806
FB		 2297 s->req_nb_sectors = s->mult_sectors;
2298 n = s->nsector;
2299 if (n > s->req_nb_sectors)
2300 n = s->req_nb_sectors;
2301 ide_transfer_start(s, s->io_buffer, 512 * n, ide_sector_write);
201a51fc 2302 s->media_changed = 1;
5391d806 2303 break;
c2ff060f
FB		 2304 case WIN_READDMA_EXT:
2305 lba48 = 1;
98087450
FB		 2306 case WIN_READDMA:
2307 case WIN_READDMA_ONCE:
5fafdf24 2308 if (!s->bs)
98087450 2309 goto abort_cmd;
c2ff060f 2310 ide_cmd_lba48_transform(s, lba48);
98087450
FB		 2311 ide_sector_read_dma(s);
2312 break;
c2ff060f
FB		 2313 case WIN_WRITEDMA_EXT:
2314 lba48 = 1;
98087450
FB		 2315 case WIN_WRITEDMA:
2316 case WIN_WRITEDMA_ONCE:
5fafdf24 2317 if (!s->bs)
98087450 2318 goto abort_cmd;
c2ff060f 2319 ide_cmd_lba48_transform(s, lba48);
98087450 2320 ide_sector_write_dma(s);
201a51fc 2321 s->media_changed = 1;
98087450 2322 break;
c2ff060f
FB		 2323 case WIN_READ_NATIVE_MAX_EXT:
2324 lba48 = 1;
5391d806 2325 case WIN_READ_NATIVE_MAX:
c2ff060f 2326 ide_cmd_lba48_transform(s, lba48);
5391d806 2327 ide_set_sector(s, s->nb_sectors - 1);
41a2b959 2328 s->status = READY_STAT | SEEK_STAT;
5391d806
FB		 2329 ide_set_irq(s);
2330 break;
a136e5a8 2331 case WIN_CHECKPOWERMODE1:
201a51fc 2332 case WIN_CHECKPOWERMODE2:
a136e5a8 2333 s->nsector = 0xff; /* device active or idle */
41a2b959 2334 s->status = READY_STAT | SEEK_STAT;
a136e5a8
FB		 2335 ide_set_irq(s);
2336 break;
34e538ae
FB		 2337 case WIN_SETFEATURES:
2338 if (!s->bs)
2339 goto abort_cmd;
2340 /* XXX: valid for CDROM ? */
2341 switch(s->feature) {
e1f63470
TS		 2342 case 0xcc: /* reverting to power-on defaults enable */
2343 case 0x66: /* reverting to power-on defaults disable */
34e538ae
FB		 2344 case 0x02: /* write cache enable */
2345 case 0x82: /* write cache disable */
2346 case 0xaa: /* read look-ahead enable */
2347 case 0x55: /* read look-ahead disable */
201a51fc
AZ		 2348 case 0x05: /* set advanced power management mode */
2349 case 0x85: /* disable advanced power management mode */
2350 case 0x69: /* NOP */
2351 case 0x67: /* NOP */
2352 case 0x96: /* NOP */
2353 case 0x9a: /* NOP */
c3e88d8c
TS		 2354 case 0x42: /* enable Automatic Acoustic Mode */
2355 case 0xc2: /* disable Automatic Acoustic Mode */
e0fe67aa 2356 s->status = READY_STAT | SEEK_STAT;
34e538ae
FB		 2357 ide_set_irq(s);
2358 break;
94458802
FB		 2359 case 0x03: { /* set transfer mode */
2360 uint8_t val = s->nsector & 0x07;
2361
2362 switch (s->nsector >> 3) {
2363 case 0x00: /* pio default */
2364 case 0x01: /* pio mode */
d1b5c20d
TS		 2365 put_le16(s->identify_data + 62,0x07);
2366 put_le16(s->identify_data + 63,0x07);
2367 put_le16(s->identify_data + 88,0x3f);
2368 break;
2369 case 0x02: /* sigle word dma mode*/
2370 put_le16(s->identify_data + 62,0x07 | (1 << (val + 8)));
94458802
FB		 2371 put_le16(s->identify_data + 63,0x07);
2372 put_le16(s->identify_data + 88,0x3f);
2373 break;
2374 case 0x04: /* mdma mode */
d1b5c20d 2375 put_le16(s->identify_data + 62,0x07);
94458802
FB		 2376 put_le16(s->identify_data + 63,0x07 | (1 << (val + 8)));
2377 put_le16(s->identify_data + 88,0x3f);
2378 break;
2379 case 0x08: /* udma mode */
d1b5c20d 2380 put_le16(s->identify_data + 62,0x07);
94458802
FB		 2381 put_le16(s->identify_data + 63,0x07);
2382 put_le16(s->identify_data + 88,0x3f | (1 << (val + 8)));
2383 break;
2384 default:
2385 goto abort_cmd;
2386 }
2387 s->status = READY_STAT | SEEK_STAT;
2388 ide_set_irq(s);
2389 break;
2390 }
34e538ae
FB		 2391 default:
2392 goto abort_cmd;
2393 }
2394 break;
c2ff060f
FB		 2395 case WIN_FLUSH_CACHE:
2396 case WIN_FLUSH_CACHE_EXT:
7a6cba61
PB		 2397 if (s->bs)
2398 bdrv_flush(s->bs);
41a2b959 2399 s->status = READY_STAT | SEEK_STAT;
7a6cba61
PB		 2400 ide_set_irq(s);
2401 break;
c3e88d8c
TS		 2402 case WIN_STANDBY:
2403 case WIN_STANDBY2:
2404 case WIN_STANDBYNOW1:
201a51fc 2405 case WIN_STANDBYNOW2:
c451ee71 2406 case WIN_IDLEIMMEDIATE:
201a51fc
AZ		 2407 case CFA_IDLEIMMEDIATE:
2408 case WIN_SETIDLE1:
2409 case WIN_SETIDLE2:
c3e88d8c
TS		 2410 case WIN_SLEEPNOW1:
2411 case WIN_SLEEPNOW2:
2412 s->status = READY_STAT;
a7dfe172
FB		 2413 ide_set_irq(s);
2414 break;
4fbfcd6d
AJ		 2415 case WIN_SEEK:
2416 if(s->is_cdrom)
2417 goto abort_cmd;
2418 /* XXX: Check that seek is within bounds */
2419 s->status = READY_STAT | SEEK_STAT;
2420 ide_set_irq(s);
2421 break;
5391d806
FB		 2422 /* ATAPI commands */
2423 case WIN_PIDENTIFY:
2424 if (s->is_cdrom) {
2425 ide_atapi_identify(s);
1298fe63 2426 s->status = READY_STAT | SEEK_STAT;
5391d806
FB		 2427 ide_transfer_start(s, s->io_buffer, 512, ide_transfer_stop);
2428 } else {
2429 ide_abort_command(s);
2430 }
2431 ide_set_irq(s);
2432 break;
c451ee71
FB		 2433 case WIN_DIAGNOSE:
2434 ide_set_signature(s);
33256a25
AL		 2435 if (s->is_cdrom)
2436 s->status = 0; /* ATAPI spec (v6) section 9.10 defines packet
2437 * devices to return a clear status register
2438 * with READY_STAT *not* set. */
2439 else
2440 s->status = READY_STAT | SEEK_STAT;
2441 s->error = 0x01; /* Device 0 passed, Device 1 passed or not
2442 * present.
2443 */
f5fdd0a8 2444 ide_set_irq(s);
c451ee71 2445 break;
5391d806
FB		 2446 case WIN_SRST:
2447 if (!s->is_cdrom)
2448 goto abort_cmd;
2449 ide_set_signature(s);
6b136f9e 2450 s->status = 0x00; /* NOTE: READY is _not_ set */
5391d806
FB		 2451 s->error = 0x01;
2452 break;
2453 case WIN_PACKETCMD:
2454 if (!s->is_cdrom)
2455 goto abort_cmd;
98087450
FB		 2456 /* overlapping commands not supported */
2457 if (s->feature & 0x02)
5391d806 2458 goto abort_cmd;
41a2b959 2459 s->status = READY_STAT | SEEK_STAT;
98087450 2460 s->atapi_dma = s->feature & 1;
5391d806 2461 s->nsector = 1;
5fafdf24 2462 ide_transfer_start(s, s->io_buffer, ATAPI_PACKET_SIZE,
5391d806
FB		 2463 ide_atapi_cmd);
2464 break;
201a51fc
AZ		 2465 /* CF-ATA commands */
2466 case CFA_REQ_EXT_ERROR_CODE:
2467 if (!s->is_cf)
2468 goto abort_cmd;
2469 s->error = 0x09; /* miscellaneous error */
41a2b959 2470 s->status = READY_STAT | SEEK_STAT;
201a51fc
AZ		 2471 ide_set_irq(s);
2472 break;
2473 case CFA_ERASE_SECTORS:
2474 case CFA_WEAR_LEVEL:
2475 if (!s->is_cf)
2476 goto abort_cmd;
2477 if (val == CFA_WEAR_LEVEL)
2478 s->nsector = 0;
2479 if (val == CFA_ERASE_SECTORS)
2480 s->media_changed = 1;
2481 s->error = 0x00;
41a2b959 2482 s->status = READY_STAT | SEEK_STAT;
201a51fc
AZ		 2483 ide_set_irq(s);
2484 break;
2485 case CFA_TRANSLATE_SECTOR:
2486 if (!s->is_cf)
2487 goto abort_cmd;
2488 s->error = 0x00;
41a2b959 2489 s->status = READY_STAT | SEEK_STAT;
201a51fc
AZ		 2490 memset(s->io_buffer, 0, 0x200);
2491 s->io_buffer[0x00] = s->hcyl; /* Cyl MSB */
2492 s->io_buffer[0x01] = s->lcyl; /* Cyl LSB */
2493 s->io_buffer[0x02] = s->select; /* Head */
2494 s->io_buffer[0x03] = s->sector; /* Sector */
2495 s->io_buffer[0x04] = ide_get_sector(s) >> 16; /* LBA MSB */
2496 s->io_buffer[0x05] = ide_get_sector(s) >> 8; /* LBA */
2497 s->io_buffer[0x06] = ide_get_sector(s) >> 0; /* LBA LSB */
2498 s->io_buffer[0x13] = 0x00; /* Erase flag */
2499 s->io_buffer[0x18] = 0x00; /* Hot count */
2500 s->io_buffer[0x19] = 0x00; /* Hot count */
2501 s->io_buffer[0x1a] = 0x01; /* Hot count */
2502 ide_transfer_start(s, s->io_buffer, 0x200, ide_transfer_stop);
2503 ide_set_irq(s);
2504 break;
2505 case CFA_ACCESS_METADATA_STORAGE:
2506 if (!s->is_cf)
2507 goto abort_cmd;
2508 switch (s->feature) {
2509 case 0x02: /* Inquiry Metadata Storage */
2510 ide_cfata_metadata_inquiry(s);
2511 break;
2512 case 0x03: /* Read Metadata Storage */
2513 ide_cfata_metadata_read(s);
2514 break;
2515 case 0x04: /* Write Metadata Storage */
2516 ide_cfata_metadata_write(s);
2517 break;
2518 default:
2519 goto abort_cmd;
2520 }
2521 ide_transfer_start(s, s->io_buffer, 0x200, ide_transfer_stop);
2522 s->status = 0x00; /* NOTE: READY is _not_ set */
2523 ide_set_irq(s);
2524 break;
2525 case IBM_SENSE_CONDITION:
2526 if (!s->is_cf)
2527 goto abort_cmd;
2528 switch (s->feature) {
2529 case 0x01: /* sense temperature in device */
2530 s->nsector = 0x50; /* +20 C */
2531 break;
2532 default:
2533 goto abort_cmd;
2534 }
41a2b959 2535 s->status = READY_STAT | SEEK_STAT;
201a51fc
AZ		 2536 ide_set_irq(s);
2537 break;
5391d806
FB		 2538 default:
2539 abort_cmd:
2540 ide_abort_command(s);
2541 ide_set_irq(s);
2542 break;
2543 }
2544 }
2545}
2546
caed8802 2547static uint32_t ide_ioport_read(void *opaque, uint32_t addr1)
5391d806 2548{
7ae98627
FB		 2549 IDEState *ide_if = opaque;
2550 IDEState *s = ide_if->cur_drive;
5391d806 2551 uint32_t addr;
c2ff060f 2552 int ret, hob;
5391d806
FB		 2553
2554 addr = addr1 & 7;
c2ff060f
FB		 2555 /* FIXME: HOB readback uses bit 7, but it's always set right now */
2556 //hob = s->select & (1 << 7);
2557 hob = 0;
5391d806
FB		 2558 switch(addr) {
2559 case 0:
2560 ret = 0xff;
2561 break;
2562 case 1:
c45ca54f
AL		 2563 if ((!ide_if[0].bs && !ide_if[1].bs) ||
2564 (s != ide_if && !s->bs))
c45c3d00 2565 ret = 0;
c2ff060f 2566 else if (!hob)
c45c3d00 2567 ret = s->error;
c2ff060f
FB		 2568 else
2569 ret = s->hob_feature;
5391d806
FB		 2570 break;
2571 case 2:
7ae98627 2572 if (!ide_if[0].bs && !ide_if[1].bs)
c45c3d00 2573 ret = 0;
c2ff060f 2574 else if (!hob)
c45c3d00 2575 ret = s->nsector & 0xff;
c2ff060f
FB		 2576 else
2577 ret = s->hob_nsector;
5391d806
FB		 2578 break;
2579 case 3:
7ae98627 2580 if (!ide_if[0].bs && !ide_if[1].bs)
c45c3d00 2581 ret = 0;
c2ff060f 2582 else if (!hob)
c45c3d00 2583 ret = s->sector;
c2ff060f
FB		 2584 else
2585 ret = s->hob_sector;
5391d806
FB		 2586 break;
2587 case 4:
7ae98627 2588 if (!ide_if[0].bs && !ide_if[1].bs)
c45c3d00 2589 ret = 0;
c2ff060f 2590 else if (!hob)
c45c3d00 2591 ret = s->lcyl;
c2ff060f
FB		 2592 else
2593 ret = s->hob_lcyl;
5391d806
FB		 2594 break;
2595 case 5:
7ae98627 2596 if (!ide_if[0].bs && !ide_if[1].bs)
c45c3d00 2597 ret = 0;
c2ff060f 2598 else if (!hob)
c45c3d00 2599 ret = s->hcyl;
c2ff060f
FB		 2600 else
2601 ret = s->hob_hcyl;
5391d806
FB		 2602 break;
2603 case 6:
7ae98627 2604 if (!ide_if[0].bs && !ide_if[1].bs)
c45c3d00
FB		 2605 ret = 0;
2606 else
7ae98627 2607 ret = s->select;
5391d806
FB		 2608 break;
2609 default:
2610 case 7:
66201e2d
FB		 2611 if ((!ide_if[0].bs && !ide_if[1].bs) ||
2612 (s != ide_if && !s->bs))
c45c3d00
FB		 2613 ret = 0;
2614 else
2615 ret = s->status;
d537cf6c 2616 qemu_irq_lower(s->irq);
5391d806
FB		 2617 break;
2618 }
2619#ifdef DEBUG_IDE
2620 printf("ide: read addr=0x%x val=%02x\n", addr1, ret);
2621#endif
2622 return ret;
2623}
2624
caed8802 2625static uint32_t ide_status_read(void *opaque, uint32_t addr)
5391d806 2626{
7ae98627
FB		 2627 IDEState *ide_if = opaque;
2628 IDEState *s = ide_if->cur_drive;
5391d806 2629 int ret;
7ae98627 2630
66201e2d
FB		 2631 if ((!ide_if[0].bs && !ide_if[1].bs) ||
2632 (s != ide_if && !s->bs))
7ae98627
FB		 2633 ret = 0;
2634 else
2635 ret = s->status;
5391d806
FB		 2636#ifdef DEBUG_IDE
2637 printf("ide: read status addr=0x%x val=%02x\n", addr, ret);
2638#endif
2639 return ret;
2640}
2641
caed8802 2642static void ide_cmd_write(void *opaque, uint32_t addr, uint32_t val)
5391d806 2643{
caed8802 2644 IDEState *ide_if = opaque;
5391d806
FB		 2645 IDEState *s;
2646 int i;
2647
2648#ifdef DEBUG_IDE
2649 printf("ide: write control addr=0x%x val=%02x\n", addr, val);
2650#endif
2651 /* common for both drives */
2652 if (!(ide_if[0].cmd & IDE_CMD_RESET) &&
2653 (val & IDE_CMD_RESET)) {
2654 /* reset low to high */
2655 for(i = 0;i < 2; i++) {
2656 s = &ide_if[i];
2657 s->status = BUSY_STAT | SEEK_STAT;
2658 s->error = 0x01;
2659 }
2660 } else if ((ide_if[0].cmd & IDE_CMD_RESET) &&
2661 !(val & IDE_CMD_RESET)) {
2662 /* high to low */
2663 for(i = 0;i < 2; i++) {
2664 s = &ide_if[i];
6b136f9e
FB		 2665 if (s->is_cdrom)
2666 s->status = 0x00; /* NOTE: READY is _not_ set */
2667 else
56bf1d37 2668 s->status = READY_STAT | SEEK_STAT;
5391d806
FB		 2669 ide_set_signature(s);
2670 }
2671 }
2672
2673 ide_if[0].cmd = val;
2674 ide_if[1].cmd = val;
2675}
2676
caed8802 2677static void ide_data_writew(void *opaque, uint32_t addr, uint32_t val)
5391d806 2678{
caed8802 2679 IDEState *s = ((IDEState *)opaque)->cur_drive;
5391d806
FB		 2680 uint8_t *p;
2681
fcdd25ab
AL		 2682 /* PIO data access allowed only when DRQ bit is set */
2683 if (!(s->status & DRQ_STAT))
2684 return;
2685
5391d806 2686 p = s->data_ptr;
0c4ad8dc 2687 *(uint16_t *)p = le16_to_cpu(val);
5391d806
FB		 2688 p += 2;
2689 s->data_ptr = p;
2690 if (p >= s->data_end)
2691 s->end_transfer_func(s);
2692}
2693
caed8802 2694static uint32_t ide_data_readw(void *opaque, uint32_t addr)
5391d806 2695{
caed8802 2696 IDEState *s = ((IDEState *)opaque)->cur_drive;
5391d806
FB		 2697 uint8_t *p;
2698 int ret;
fcdd25ab
AL		 2699
2700 /* PIO data access allowed only when DRQ bit is set */
2701 if (!(s->status & DRQ_STAT))
2702 return 0;
2703
5391d806 2704 p = s->data_ptr;
0c4ad8dc 2705 ret = cpu_to_le16(*(uint16_t *)p);
5391d806
FB		 2706 p += 2;
2707 s->data_ptr = p;
2708 if (p >= s->data_end)
2709 s->end_transfer_func(s);
2710 return ret;
2711}
2712
caed8802 2713static void ide_data_writel(void *opaque, uint32_t addr, uint32_t val)
5391d806 2714{
caed8802 2715 IDEState *s = ((IDEState *)opaque)->cur_drive;
5391d806
FB		 2716 uint8_t *p;
2717
fcdd25ab
AL		 2718 /* PIO data access allowed only when DRQ bit is set */
2719 if (!(s->status & DRQ_STAT))
2720 return;
2721
5391d806 2722 p = s->data_ptr;
0c4ad8dc 2723 *(uint32_t *)p = le32_to_cpu(val);
5391d806
FB		 2724 p += 4;
2725 s->data_ptr = p;
2726 if (p >= s->data_end)
2727 s->end_transfer_func(s);
2728}
2729
caed8802 2730static uint32_t ide_data_readl(void *opaque, uint32_t addr)
5391d806 2731{
caed8802 2732 IDEState *s = ((IDEState *)opaque)->cur_drive;
5391d806
FB		 2733 uint8_t *p;
2734 int ret;
3b46e624 2735
fcdd25ab
AL		 2736 /* PIO data access allowed only when DRQ bit is set */
2737 if (!(s->status & DRQ_STAT))
2738 return 0;
2739
5391d806 2740 p = s->data_ptr;
0c4ad8dc 2741 ret = cpu_to_le32(*(uint32_t *)p);
5391d806
FB		 2742 p += 4;
2743 s->data_ptr = p;
2744 if (p >= s->data_end)
2745 s->end_transfer_func(s);
2746 return ret;
2747}
2748
a7dfe172
FB		 2749static void ide_dummy_transfer_stop(IDEState *s)
2750{
2751 s->data_ptr = s->io_buffer;
2752 s->data_end = s->io_buffer;
2753 s->io_buffer[0] = 0xff;
2754 s->io_buffer[1] = 0xff;
2755 s->io_buffer[2] = 0xff;
2756 s->io_buffer[3] = 0xff;
2757}
2758
5391d806
FB		 2759static void ide_reset(IDEState *s)
2760{
201a51fc
AZ		 2761 if (s->is_cf)
2762 s->mult_sectors = 0;
2763 else
2764 s->mult_sectors = MAX_MULT_SECTORS;
5391d806
FB		 2765 s->cur_drive = s;
2766 s->select = 0xa0;
41a2b959 2767 s->status = READY_STAT | SEEK_STAT;
5391d806 2768 ide_set_signature(s);
a7dfe172
FB		 2769 /* init the transfer handler so that 0xffff is returned on data
2770 accesses */
2771 s->end_transfer_func = ide_dummy_transfer_stop;
2772 ide_dummy_transfer_stop(s);
201a51fc 2773 s->media_changed = 0;
5391d806
FB		 2774}
2775
5457c8ce
FB		 2776static void ide_init2(IDEState *ide_state,
2777 BlockDriverState *hd0, BlockDriverState *hd1,
d537cf6c 2778 qemu_irq irq)
5391d806 2779{
69b91039 2780 IDEState *s;
aedf5382 2781 static int drive_serial = 1;
f3d54fc4 2782 int i, cylinders, heads, secs;
96b8f136 2783 uint64_t nb_sectors;
5391d806 2784
caed8802
FB		 2785 for(i = 0; i < 2; i++) {
2786 s = ide_state + i;
1d8cde5b 2787 s->io_buffer = qemu_memalign(512, IDE_DMA_BUF_SECTORS*512 + 4);
caed8802
FB		 2788 if (i == 0)
2789 s->bs = hd0;
2790 else
2791 s->bs = hd1;
5391d806
FB		 2792 if (s->bs) {
2793 bdrv_get_geometry(s->bs, &nb_sectors);
f3d54fc4
AL		 2794 bdrv_guess_geometry(s->bs, &cylinders, &heads, &secs);
2795 s->cylinders = cylinders;
2796 s->heads = heads;
2797 s->sectors = secs;
5391d806 2798 s->nb_sectors = nb_sectors;
f3d54fc4 2799
caed8802
FB		 2800 if (bdrv_get_type_hint(s->bs) == BDRV_TYPE_CDROM) {
2801 s->is_cdrom = 1;
bd491d6a 2802 bdrv_set_change_cb(s->bs, cdrom_change_cb, s);
5391d806
FB		 2803 }
2804 }
aedf5382 2805 s->drive_serial = drive_serial++;
fa879c64
AL		 2806 strncpy(s->drive_serial_str, drive_get_serial(s->bs),
2807 sizeof(s->drive_serial_str));
2808 if (strlen(s->drive_serial_str) == 0)
2809 snprintf(s->drive_serial_str, sizeof(s->drive_serial_str),
2810 "QM%05d", s->drive_serial);
caed8802 2811 s->irq = irq;
5fafdf24 2812 s->sector_write_timer = qemu_new_timer(vm_clock,
a09db21f 2813 ide_sector_write_timer_cb, s);
5391d806
FB		 2814 ide_reset(s);
2815 }
69b91039
FB		 2816}
2817
34e538ae 2818static void ide_init_ioport(IDEState *ide_state, int iobase, int iobase2)
69b91039 2819{
caed8802
FB		 2820 register_ioport_write(iobase, 8, 1, ide_ioport_write, ide_state);
2821 register_ioport_read(iobase, 8, 1, ide_ioport_read, ide_state);
2822 if (iobase2) {
2823 register_ioport_read(iobase2, 1, 1, ide_status_read, ide_state);
2824 register_ioport_write(iobase2, 1, 1, ide_cmd_write, ide_state);
5391d806 2825 }
3b46e624 2826
caed8802
FB		 2827 /* data ports */
2828 register_ioport_write(iobase, 2, 2, ide_data_writew, ide_state);
2829 register_ioport_read(iobase, 2, 2, ide_data_readw, ide_state);
2830 register_ioport_write(iobase, 4, 4, ide_data_writel, ide_state);
2831 register_ioport_read(iobase, 4, 4, ide_data_readl, ide_state);
5391d806 2832}
69b91039 2833
aa941b94
AZ		 2834/* save per IDE drive data */
2835static void ide_save(QEMUFile* f, IDEState *s)
2836{
bee8d684
TS		 2837 qemu_put_be32(f, s->mult_sectors);
2838 qemu_put_be32(f, s->identify_set);
aa941b94
AZ		 2839 if (s->identify_set) {
2840 qemu_put_buffer(f, (const uint8_t *)s->identify_data, 512);
2841 }
2842 qemu_put_8s(f, &s->feature);
2843 qemu_put_8s(f, &s->error);
2844 qemu_put_be32s(f, &s->nsector);
2845 qemu_put_8s(f, &s->sector);
2846 qemu_put_8s(f, &s->lcyl);
2847 qemu_put_8s(f, &s->hcyl);
2848 qemu_put_8s(f, &s->hob_feature);
2849 qemu_put_8s(f, &s->hob_nsector);
2850 qemu_put_8s(f, &s->hob_sector);
2851 qemu_put_8s(f, &s->hob_lcyl);
2852 qemu_put_8s(f, &s->hob_hcyl);
2853 qemu_put_8s(f, &s->select);
2854 qemu_put_8s(f, &s->status);
2855 qemu_put_8s(f, &s->lba48);
2856
2857 qemu_put_8s(f, &s->sense_key);
2858 qemu_put_8s(f, &s->asc);
2859 /* XXX: if a transfer is pending, we do not save it yet */
2860}
2861
2862/* load per IDE drive data */
2863static void ide_load(QEMUFile* f, IDEState *s)
2864{
bee8d684
TS		 2865 s->mult_sectors=qemu_get_be32(f);
2866 s->identify_set=qemu_get_be32(f);
aa941b94
AZ		 2867 if (s->identify_set) {
2868 qemu_get_buffer(f, (uint8_t *)s->identify_data, 512);
2869 }
2870 qemu_get_8s(f, &s->feature);
2871 qemu_get_8s(f, &s->error);
2872 qemu_get_be32s(f, &s->nsector);
2873 qemu_get_8s(f, &s->sector);
2874 qemu_get_8s(f, &s->lcyl);
2875 qemu_get_8s(f, &s->hcyl);
2876 qemu_get_8s(f, &s->hob_feature);
2877 qemu_get_8s(f, &s->hob_nsector);
2878 qemu_get_8s(f, &s->hob_sector);
2879 qemu_get_8s(f, &s->hob_lcyl);
2880 qemu_get_8s(f, &s->hob_hcyl);
2881 qemu_get_8s(f, &s->select);
2882 qemu_get_8s(f, &s->status);
2883 qemu_get_8s(f, &s->lba48);
2884
2885 qemu_get_8s(f, &s->sense_key);
2886 qemu_get_8s(f, &s->asc);
2887 /* XXX: if a transfer is pending, we do not save it yet */
2888}
2889
34e538ae
FB		 2890/***********************************************************/
2891/* ISA IDE definitions */
2892
d537cf6c 2893void isa_ide_init(int iobase, int iobase2, qemu_irq irq,
34e538ae
FB		 2894 BlockDriverState *hd0, BlockDriverState *hd1)
2895{
2896 IDEState *ide_state;
2897
2898 ide_state = qemu_mallocz(sizeof(IDEState) * 2);
3b46e624 2899
d537cf6c 2900 ide_init2(ide_state, hd0, hd1, irq);
34e538ae
FB		 2901 ide_init_ioport(ide_state, iobase, iobase2);
2902}
2903
69b91039
FB		 2904/***********************************************************/
2905/* PCI IDE definitions */
2906
5457c8ce
FB		 2907static void cmd646_update_irq(PCIIDEState *d);
2908
5fafdf24 2909static void ide_map(PCIDevice *pci_dev, int region_num,
69b91039
FB		 2910 uint32_t addr, uint32_t size, int type)
2911{
2912 PCIIDEState *d = (PCIIDEState *)pci_dev;
2913 IDEState *ide_state;
2914
2915 if (region_num <= 3) {
2916 ide_state = &d->ide_if[(region_num >> 1) * 2];
2917 if (region_num & 1) {
2918 register_ioport_read(addr + 2, 1, 1, ide_status_read, ide_state);
2919 register_ioport_write(addr + 2, 1, 1, ide_cmd_write, ide_state);
2920 } else {
2921 register_ioport_write(addr, 8, 1, ide_ioport_write, ide_state);
2922 register_ioport_read(addr, 8, 1, ide_ioport_read, ide_state);
2923
2924 /* data ports */
2925 register_ioport_write(addr, 2, 2, ide_data_writew, ide_state);
2926 register_ioport_read(addr, 2, 2, ide_data_readw, ide_state);
2927 register_ioport_write(addr, 4, 4, ide_data_writel, ide_state);
2928 register_ioport_read(addr, 4, 4, ide_data_readl, ide_state);
2929 }
2930 }
2931}
2932
8ccad811 2933static void ide_dma_start(IDEState *s, BlockDriverCompletionFunc *dma_cb)
98087450
FB		 2934{
2935 BMDMAState *bm = s->bmdma;
2936 if(!bm)
2937 return;
2938 bm->ide_if = s;
2939 bm->dma_cb = dma_cb;
8ccad811
FB		 2940 bm->cur_prd_last = 0;
2941 bm->cur_prd_addr = 0;
2942 bm->cur_prd_len = 0;
428c5705
AL		 2943 bm->sector_num = ide_get_sector(s);
2944 bm->nsector = s->nsector;
98087450 2945 if (bm->status & BM_STATUS_DMAING) {
8ccad811 2946 bm->dma_cb(bm, 0);
98087450
FB		 2947 }
2948}
2949
428c5705
AL		 2950static void ide_dma_restart(IDEState *s)
2951{
2952 BMDMAState *bm = s->bmdma;
2953 ide_set_sector(s, bm->sector_num);
2954 s->io_buffer_index = 0;
2955 s->io_buffer_size = 0;
2956 s->nsector = bm->nsector;
2957 bm->cur_addr = bm->addr;
2958 bm->dma_cb = ide_write_dma_cb;
2959 ide_dma_start(s, bm->dma_cb);
2960}
2961
72c7b06c
AL		 2962static void ide_dma_cancel(BMDMAState *bm)
2963{
2964 if (bm->status & BM_STATUS_DMAING) {
2965 bm->status &= ~BM_STATUS_DMAING;
2966 /* cancel DMA request */
2967 bm->ide_if = NULL;
2968 bm->dma_cb = NULL;
2969 if (bm->aiocb) {
2970#ifdef DEBUG_AIO
2971 printf("aio_cancel\n");
2972#endif
2973 bdrv_aio_cancel(bm->aiocb);
2974 bm->aiocb = NULL;
2975 }
2976 }
2977}
2978
98087450
FB		 2979static void bmdma_cmd_writeb(void *opaque, uint32_t addr, uint32_t val)
2980{
2981 BMDMAState *bm = opaque;
2982#ifdef DEBUG_IDE
2983 printf("%s: 0x%08x\n", __func__, val);
2984#endif
2985 if (!(val & BM_CMD_START)) {
2986 /* XXX: do it better */
72c7b06c 2987 ide_dma_cancel(bm);
98087450
FB		 2988 bm->cmd = val & 0x09;
2989 } else {
8ccad811
FB		 2990 if (!(bm->status & BM_STATUS_DMAING)) {
2991 bm->status |= BM_STATUS_DMAING;
2992 /* start dma transfer if possible */
2993 if (bm->dma_cb)
2994 bm->dma_cb(bm, 0);
2995 }
98087450 2996 bm->cmd = val & 0x09;
98087450
FB		 2997 }
2998}
2999
5457c8ce 3000static uint32_t bmdma_readb(void *opaque, uint32_t addr)
98087450
FB		 3001{
3002 BMDMAState *bm = opaque;
5457c8ce 3003 PCIIDEState *pci_dev;
98087450 3004 uint32_t val;
3b46e624 3005
5457c8ce 3006 switch(addr & 3) {
5fafdf24 3007 case 0:
5457c8ce
FB		 3008 val = bm->cmd;
3009 break;
3010 case 1:
3011 pci_dev = bm->pci_dev;
3012 if (pci_dev->type == IDE_TYPE_CMD646) {
3013 val = pci_dev->dev.config[MRDMODE];
3014 } else {
3015 val = 0xff;
3016 }
3017 break;
3018 case 2:
3019 val = bm->status;
3020 break;
3021 case 3:
3022 pci_dev = bm->pci_dev;
3023 if (pci_dev->type == IDE_TYPE_CMD646) {
3024 if (bm == &pci_dev->bmdma[0])
3025 val = pci_dev->dev.config[UDIDETCR0];
3026 else
3027 val = pci_dev->dev.config[UDIDETCR1];
3028 } else {
3029 val = 0xff;
3030 }
3031 break;
3032 default:
3033 val = 0xff;
3034 break;
3035 }
98087450 3036#ifdef DEBUG_IDE
5457c8ce 3037 printf("bmdma: readb 0x%02x : 0x%02x\n", addr, val);
98087450
FB		 3038#endif
3039 return val;
3040}
3041
5457c8ce 3042static void bmdma_writeb(void *opaque, uint32_t addr, uint32_t val)
98087450
FB		 3043{
3044 BMDMAState *bm = opaque;
5457c8ce 3045 PCIIDEState *pci_dev;
98087450 3046#ifdef DEBUG_IDE
5457c8ce 3047 printf("bmdma: writeb 0x%02x : 0x%02x\n", addr, val);
98087450 3048#endif
5457c8ce
FB		 3049 switch(addr & 3) {
3050 case 1:
3051 pci_dev = bm->pci_dev;
3052 if (pci_dev->type == IDE_TYPE_CMD646) {
5fafdf24 3053 pci_dev->dev.config[MRDMODE] =
5457c8ce
FB		 3054 (pci_dev->dev.config[MRDMODE] & ~0x30) | (val & 0x30);
3055 cmd646_update_irq(pci_dev);
3056 }
3057 break;
3058 case 2:
3059 bm->status = (val & 0x60) | (bm->status & 1) | (bm->status & ~val & 0x06);
3060 break;
3061 case 3:
3062 pci_dev = bm->pci_dev;
3063 if (pci_dev->type == IDE_TYPE_CMD646) {
3064 if (bm == &pci_dev->bmdma[0])
3065 pci_dev->dev.config[UDIDETCR0] = val;
3066 else
3067 pci_dev->dev.config[UDIDETCR1] = val;
3068 }
3069 break;
3070 }
98087450
FB		 3071}
3072
5b9a1293
AJ		 3073static uint32_t bmdma_addr_readb(void *opaque, uint32_t addr)
3074{
3075 BMDMAState *bm = opaque;
3076 uint32_t val;
3077 val = (bm->addr >> ((addr & 3) * 8)) & 0xff;
3078#ifdef DEBUG_IDE
3079 printf("%s: 0x%08x\n", __func__, val);
3080#endif
3081 return val;
3082}
3083
3084static void bmdma_addr_writeb(void *opaque, uint32_t addr, uint32_t val)
3085{
3086 BMDMAState *bm = opaque;
3087 int shift = (addr & 3) * 8;
3088#ifdef DEBUG_IDE
3089 printf("%s: 0x%08x\n", __func__, val);
3090#endif
3091 bm->addr &= ~(0xFF << shift);
3092 bm->addr |= ((val & 0xFF) << shift) & ~3;
3093 bm->cur_addr = bm->addr;
3094}
3095
3096static uint32_t bmdma_addr_readw(void *opaque, uint32_t addr)
3097{
3098 BMDMAState *bm = opaque;
3099 uint32_t val;
3100 val = (bm->addr >> ((addr & 3) * 8)) & 0xffff;
3101#ifdef DEBUG_IDE
3102 printf("%s: 0x%08x\n", __func__, val);
3103#endif
3104 return val;
3105}
3106
3107static void bmdma_addr_writew(void *opaque, uint32_t addr, uint32_t val)
3108{
3109 BMDMAState *bm = opaque;
3110 int shift = (addr & 3) * 8;
3111#ifdef DEBUG_IDE
3112 printf("%s: 0x%08x\n", __func__, val);
3113#endif
3114 bm->addr &= ~(0xFFFF << shift);
3115 bm->addr |= ((val & 0xFFFF) << shift) & ~3;
3116 bm->cur_addr = bm->addr;
3117}
3118
98087450
FB		 3119static uint32_t bmdma_addr_readl(void *opaque, uint32_t addr)
3120{
3121 BMDMAState *bm = opaque;
3122 uint32_t val;
3123 val = bm->addr;
3124#ifdef DEBUG_IDE
3125 printf("%s: 0x%08x\n", __func__, val);
3126#endif
3127 return val;
3128}
3129
3130static void bmdma_addr_writel(void *opaque, uint32_t addr, uint32_t val)
3131{
3132 BMDMAState *bm = opaque;
3133#ifdef DEBUG_IDE
3134 printf("%s: 0x%08x\n", __func__, val);
3135#endif
3136 bm->addr = val & ~3;
30c4bbac 3137 bm->cur_addr = bm->addr;
98087450
FB		 3138}
3139
5fafdf24 3140static void bmdma_map(PCIDevice *pci_dev, int region_num,
98087450
FB		 3141 uint32_t addr, uint32_t size, int type)
3142{
3143 PCIIDEState *d = (PCIIDEState *)pci_dev;
3144 int i;
3145
3146 for(i = 0;i < 2; i++) {
3147 BMDMAState *bm = &d->bmdma[i];
3148 d->ide_if[2 * i].bmdma = bm;
3149 d->ide_if[2 * i + 1].bmdma = bm;
5457c8ce 3150 bm->pci_dev = (PCIIDEState *)pci_dev;
428c5705 3151 qemu_add_vm_change_state_handler(ide_dma_restart_cb, bm);
5457c8ce 3152
98087450 3153 register_ioport_write(addr, 1, 1, bmdma_cmd_writeb, bm);
98087450 3154
5457c8ce
FB		 3155 register_ioport_write(addr + 1, 3, 1, bmdma_writeb, bm);
3156 register_ioport_read(addr, 4, 1, bmdma_readb, bm);
98087450 3157
5b9a1293
AJ		 3158 register_ioport_write(addr + 4, 4, 1, bmdma_addr_writeb, bm);
3159 register_ioport_read(addr + 4, 4, 1, bmdma_addr_readb, bm);
3160 register_ioport_write(addr + 4, 4, 2, bmdma_addr_writew, bm);
3161 register_ioport_read(addr + 4, 4, 2, bmdma_addr_readw, bm);
98087450
FB		 3162 register_ioport_write(addr + 4, 4, 4, bmdma_addr_writel, bm);
3163 register_ioport_read(addr + 4, 4, 4, bmdma_addr_readl, bm);
3164 addr += 8;
3165 }
3166}
3167
9b64997f
BS		 3168static void pci_ide_save(QEMUFile* f, void *opaque)
3169{
3170 PCIIDEState *d = opaque;
3171 int i;
3172
3173 pci_device_save(&d->dev, f);
3174
3175 for(i = 0; i < 2; i++) {
3176 BMDMAState *bm = &d->bmdma[i];
428c5705 3177 uint8_t ifidx;
9b64997f
BS		 3178 qemu_put_8s(f, &bm->cmd);
3179 qemu_put_8s(f, &bm->status);
3180 qemu_put_be32s(f, &bm->addr);
428c5705
AL		 3181 qemu_put_sbe64s(f, &bm->sector_num);
3182 qemu_put_be32s(f, &bm->nsector);
3183 ifidx = bm->ide_if ? bm->ide_if - d->ide_if : 0;
3184 qemu_put_8s(f, &ifidx);
9b64997f
BS		 3185 /* XXX: if a transfer is pending, we do not save it yet */
3186 }
3187
3188 /* per IDE interface data */
3189 for(i = 0; i < 2; i++) {
3190 IDEState *s = &d->ide_if[i * 2];
3191 uint8_t drive1_selected;
3192 qemu_put_8s(f, &s->cmd);
3193 drive1_selected = (s->cur_drive != s);
3194 qemu_put_8s(f, &drive1_selected);
3195 }
3196
3197 /* per IDE drive data */
3198 for(i = 0; i < 4; i++) {
3199 ide_save(f, &d->ide_if[i]);
3200 }
3201}
3202
3203static int pci_ide_load(QEMUFile* f, void *opaque, int version_id)
3204{
3205 PCIIDEState *d = opaque;
3206 int ret, i;
3207
428c5705 3208 if (version_id != 2)
9b64997f
BS		 3209 return -EINVAL;
3210 ret = pci_device_load(&d->dev, f);
3211 if (ret < 0)
3212 return ret;
3213
3214 for(i = 0; i < 2; i++) {
3215 BMDMAState *bm = &d->bmdma[i];
428c5705 3216 uint8_t ifidx;
9b64997f
BS		 3217 qemu_get_8s(f, &bm->cmd);
3218 qemu_get_8s(f, &bm->status);
3219 qemu_get_be32s(f, &bm->addr);
428c5705
AL		 3220 qemu_get_sbe64s(f, &bm->sector_num);
3221 qemu_get_be32s(f, &bm->nsector);
3222 qemu_get_8s(f, &ifidx);
3223 bm->ide_if = &d->ide_if[ifidx];
9b64997f
BS		 3224 /* XXX: if a transfer is pending, we do not save it yet */
3225 }
3226
3227 /* per IDE interface data */
3228 for(i = 0; i < 2; i++) {
3229 IDEState *s = &d->ide_if[i * 2];
3230 uint8_t drive1_selected;
3231 qemu_get_8s(f, &s->cmd);
3232 qemu_get_8s(f, &drive1_selected);
3233 s->cur_drive = &d->ide_if[i * 2 + (drive1_selected != 0)];
3234 }
3235
3236 /* per IDE drive data */
3237 for(i = 0; i < 4; i++) {
3238 ide_load(f, &d->ide_if[i]);
3239 }
3240 return 0;
3241}
3242
5457c8ce
FB		 3243/* XXX: call it also when the MRDMODE is changed from the PCI config
3244 registers */
3245static void cmd646_update_irq(PCIIDEState *d)
3246{
3247 int pci_level;
3248 pci_level = ((d->dev.config[MRDMODE] & MRDMODE_INTR_CH0) &&
3249 !(d->dev.config[MRDMODE] & MRDMODE_BLK_CH0)) ||
3250 ((d->dev.config[MRDMODE] & MRDMODE_INTR_CH1) &&
3251 !(d->dev.config[MRDMODE] & MRDMODE_BLK_CH1));
d537cf6c 3252 qemu_set_irq(d->dev.irq[0], pci_level);
5457c8ce
FB		 3253}
3254
3255/* the PCI irq level is the logical OR of the two channels */
3256static void cmd646_set_irq(void *opaque, int channel, int level)
3257{
3258 PCIIDEState *d = opaque;
3259 int irq_mask;
3260
3261 irq_mask = MRDMODE_INTR_CH0 << channel;
3262 if (level)
3263 d->dev.config[MRDMODE] |= irq_mask;
3264 else
3265 d->dev.config[MRDMODE] &= ~irq_mask;
3266 cmd646_update_irq(d);
3267}
3268
6e6b7363
BS		 3269static void cmd646_reset(void *opaque)
3270{
3271 PCIIDEState *d = opaque;
3272 unsigned int i;
3273
3274 for (i = 0; i < 2; i++)
3275 ide_dma_cancel(&d->bmdma[i]);
3276}
3277
5457c8ce
FB		 3278/* CMD646 PCI IDE controller */
3279void pci_cmd646_ide_init(PCIBus *bus, BlockDriverState **hd_table,
3280 int secondary_ide_enabled)
69b91039
FB		 3281{
3282 PCIIDEState *d;
3283 uint8_t *pci_conf;
34e538ae 3284 int i;
d537cf6c 3285 qemu_irq *irq;
34e538ae 3286
5fafdf24 3287 d = (PCIIDEState *)pci_register_device(bus, "CMD646 IDE",
5457c8ce 3288 sizeof(PCIIDEState),
5fafdf24 3289 -1,
73c11f63 3290 NULL, NULL);
5457c8ce 3291 d->type = IDE_TYPE_CMD646;
69b91039 3292 pci_conf = d->dev.config;
deb54399
AL		 3293 pci_config_set_vendor_id(pci_conf, PCI_VENDOR_ID_CMD);
3294 pci_config_set_device_id(pci_conf, PCI_DEVICE_ID_CMD_646);
5457c8ce
FB		 3295
3296 pci_conf[0x08] = 0x07; // IDE controller revision
5fafdf24 3297 pci_conf[0x09] = 0x8f;
5457c8ce 3298
173a543b 3299 pci_config_set_class(pci_conf, PCI_CLASS_STORAGE_IDE);
5457c8ce 3300 pci_conf[0x0e] = 0x00; // header_type
3b46e624 3301
0516ede0 3302 pci_conf[0x51] = 0x04; // enable IDE0
5457c8ce
FB		 3303 if (secondary_ide_enabled) {
3304 /* XXX: if not enabled, really disable the seconday IDE controller */
0516ede0 3305 pci_conf[0x51] |= 0x08; /* enable IDE1 */
5457c8ce 3306 }
69b91039 3307
5fafdf24 3308 pci_register_io_region((PCIDevice *)d, 0, 0x8,
69b91039 3309 PCI_ADDRESS_SPACE_IO, ide_map);
5fafdf24 3310 pci_register_io_region((PCIDevice *)d, 1, 0x4,
69b91039 3311 PCI_ADDRESS_SPACE_IO, ide_map);
5fafdf24 3312 pci_register_io_region((PCIDevice *)d, 2, 0x8,
69b91039 3313 PCI_ADDRESS_SPACE_IO, ide_map);
5fafdf24 3314 pci_register_io_region((PCIDevice *)d, 3, 0x4,
69b91039 3315 PCI_ADDRESS_SPACE_IO, ide_map);
5fafdf24 3316 pci_register_io_region((PCIDevice *)d, 4, 0x10,
98087450 3317 PCI_ADDRESS_SPACE_IO, bmdma_map);
69b91039 3318
34e538ae 3319 pci_conf[0x3d] = 0x01; // interrupt on pin 1
3b46e624 3320
34e538ae
FB		 3321 for(i = 0; i < 4; i++)
3322 d->ide_if[i].pci_dev = (PCIDevice *)d;
d537cf6c
PB		 3323
3324 irq = qemu_allocate_irqs(cmd646_set_irq, d, 2);
3325 ide_init2(&d->ide_if[0], hd_table[0], hd_table[1], irq[0]);
3326 ide_init2(&d->ide_if[2], hd_table[2], hd_table[3], irq[1]);
6e6b7363 3327
428c5705 3328 register_savevm("ide", 0, 2, pci_ide_save, pci_ide_load, d);
6e6b7363
BS		 3329 qemu_register_reset(cmd646_reset, d);
3330 cmd646_reset(d);
34e538ae
FB		 3331}
3332
72c7b06c 3333static void piix3_reset(void *opaque)
e6a71ae3 3334{
72c7b06c 3335 PCIIDEState *d = opaque;
e6a71ae3 3336 uint8_t *pci_conf = d->dev.config;
72c7b06c
AL		 3337 int i;
3338
3339 for (i = 0; i < 2; i++)
3340 ide_dma_cancel(&d->bmdma[i]);
e6a71ae3
TS		 3341
3342 pci_conf[0x04] = 0x00;
3343 pci_conf[0x05] = 0x00;
3344 pci_conf[0x06] = 0x80; /* FBC */
3345 pci_conf[0x07] = 0x02; // PCI_status_devsel_medium
3346 pci_conf[0x20] = 0x01; /* BMIBA: 20-23h */
3347}
3348
34e538ae
FB		 3349/* hd_table must contain 4 block drivers */
3350/* NOTE: for the PIIX3, the IRQs and IOports are hardcoded */
d537cf6c
PB		 3351void pci_piix3_ide_init(PCIBus *bus, BlockDriverState **hd_table, int devfn,
3352 qemu_irq *pic)
34e538ae
FB		 3353{
3354 PCIIDEState *d;
3355 uint8_t *pci_conf;
b0a7b120 3356 int i;
3b46e624 3357
34e538ae 3358 /* register a function 1 of PIIX3 */
5fafdf24 3359 d = (PCIIDEState *)pci_register_device(bus, "PIIX3 IDE",
46e50e9d 3360 sizeof(PCIIDEState),
502a5395 3361 devfn,
34e538ae 3362 NULL, NULL);
5457c8ce
FB		 3363 d->type = IDE_TYPE_PIIX3;
3364
34e538ae 3365 pci_conf = d->dev.config;
deb54399
AL		 3366 pci_config_set_vendor_id(pci_conf, PCI_VENDOR_ID_INTEL);
3367 pci_config_set_device_id(pci_conf, PCI_DEVICE_ID_INTEL_82371SB_1);
92510b8c 3368 pci_conf[0x09] = 0x80; // legacy ATA mode
173a543b 3369 pci_config_set_class(pci_conf, PCI_CLASS_STORAGE_IDE);
34e538ae
FB		 3370 pci_conf[0x0e] = 0x00; // header_type
3371
72c7b06c 3372 qemu_register_reset(piix3_reset, d);
e6a71ae3
TS		 3373 piix3_reset(d);
3374
5fafdf24 3375 pci_register_io_region((PCIDevice *)d, 4, 0x10,
98087450 3376 PCI_ADDRESS_SPACE_IO, bmdma_map);
34e538ae 3377
d537cf6c
PB		 3378 ide_init2(&d->ide_if[0], hd_table[0], hd_table[1], pic[14]);
3379 ide_init2(&d->ide_if[2], hd_table[2], hd_table[3], pic[15]);
34e538ae
FB		 3380 ide_init_ioport(&d->ide_if[0], 0x1f0, 0x3f6);
3381 ide_init_ioport(&d->ide_if[2], 0x170, 0x376);
c3d78997 3382
b0a7b120
AL		 3383 for (i = 0; i < 4; i++)
3384 if (hd_table[i])
3385 hd_table[i]->private = &d->dev;
3386
428c5705 3387 register_savevm("ide", 0, 2, pci_ide_save, pci_ide_load, d);
69b91039 3388}
1ade1de2 3389
afcc3cdf
TS		 3390/* hd_table must contain 4 block drivers */
3391/* NOTE: for the PIIX4, the IRQs and IOports are hardcoded */
3392void pci_piix4_ide_init(PCIBus *bus, BlockDriverState **hd_table, int devfn,
3393 qemu_irq *pic)
3394{
3395 PCIIDEState *d;
3396 uint8_t *pci_conf;
3397
3398 /* register a function 1 of PIIX4 */
3399 d = (PCIIDEState *)pci_register_device(bus, "PIIX4 IDE",
3400 sizeof(PCIIDEState),
3401 devfn,
3402 NULL, NULL);
3403 d->type = IDE_TYPE_PIIX4;
3404
3405 pci_conf = d->dev.config;
deb54399
AL		 3406 pci_config_set_vendor_id(pci_conf, PCI_VENDOR_ID_INTEL);
3407 pci_config_set_device_id(pci_conf, PCI_DEVICE_ID_INTEL_82371AB);
afcc3cdf 3408 pci_conf[0x09] = 0x80; // legacy ATA mode
173a543b 3409 pci_config_set_class(pci_conf, PCI_CLASS_STORAGE_IDE);
afcc3cdf
TS		 3410 pci_conf[0x0e] = 0x00; // header_type
3411
72c7b06c 3412 qemu_register_reset(piix3_reset, d);
afcc3cdf
TS		 3413 piix3_reset(d);
3414
3415 pci_register_io_region((PCIDevice *)d, 4, 0x10,
3416 PCI_ADDRESS_SPACE_IO, bmdma_map);
3417
3418 ide_init2(&d->ide_if[0], hd_table[0], hd_table[1], pic[14]);
3419 ide_init2(&d->ide_if[2], hd_table[2], hd_table[3], pic[15]);
3420 ide_init_ioport(&d->ide_if[0], 0x1f0, 0x3f6);
3421 ide_init_ioport(&d->ide_if[2], 0x170, 0x376);
3422
428c5705 3423 register_savevm("ide", 0, 2, pci_ide_save, pci_ide_load, d);
afcc3cdf
TS		 3424}
3425
e3007e66 3426#if defined(TARGET_PPC)
1ade1de2
FB		 3427/***********************************************************/
3428/* MacIO based PowerPC IDE */
3429
e3007e66
AJ		 3430typedef struct MACIOIDEState {
3431 IDEState ide_if[2];
862c9280 3432 BlockDriverAIOCB *aiocb;
e3007e66
AJ		 3433} MACIOIDEState;
3434
862c9280 3435static void pmac_ide_atapi_transfer_cb(void *opaque, int ret)
e3007e66 3436{
862c9280 3437 DBDMA_io *io = opaque;
b42ec42d 3438 MACIOIDEState *m = io->opaque;
e3007e66 3439 IDEState *s = m->ide_if->cur_drive;
e3007e66 3440
862c9280
AJ		 3441 if (ret < 0) {
3442 m->aiocb = NULL;
3443 qemu_sglist_destroy(&s->sg);
3444 ide_atapi_io_error(s, ret);
3445 io->dma_end(opaque);
3446 return;
3447 }
e3007e66 3448
862c9280
AJ		 3449 if (s->io_buffer_size > 0) {
3450 m->aiocb = NULL;
3451 qemu_sglist_destroy(&s->sg);
e3007e66 3452
862c9280 3453 s->packet_transfer_size -= s->io_buffer_size;
e3007e66 3454
862c9280
AJ		 3455 s->io_buffer_index += s->io_buffer_size;
3456 s->lba += s->io_buffer_index >> 11;
3457 s->io_buffer_index &= 0x7ff;
3458 }
e3007e66 3459
862c9280
AJ		 3460 if (s->packet_transfer_size <= 0)
3461 ide_atapi_cmd_ok(s);
e3007e66 3462
862c9280
AJ		 3463 if (io->len == 0) {
3464 io->dma_end(opaque);
3465 return;
e3007e66 3466 }
b42ec42d 3467
862c9280 3468 /* launch next transfer */
b42ec42d 3469
862c9280
AJ		 3470 s->io_buffer_size = io->len;
3471
3472 qemu_sglist_init(&s->sg, io->len / TARGET_PAGE_SIZE + 1);
3473 qemu_sglist_add(&s->sg, io->addr, io->len);
3474 io->addr += io->len;
3475 io->len = 0;
3476
3477 m->aiocb = dma_bdrv_read(s->bs, &s->sg,
3478 (int64_t)(s->lba << 2) + (s->io_buffer_index >> 9),
3479 pmac_ide_atapi_transfer_cb, io);
3480 if (!m->aiocb) {
3481 qemu_sglist_destroy(&s->sg);
3482 /* Note: media not present is the most likely case */
3483 ide_atapi_cmd_error(s, SENSE_NOT_READY,
3484 ASC_MEDIUM_NOT_PRESENT);
3485 io->dma_end(opaque);
3486 return;
e3007e66 3487 }
e3007e66
AJ		 3488}
3489
862c9280 3490static void pmac_ide_transfer_cb(void *opaque, int ret)
e3007e66 3491{
862c9280 3492 DBDMA_io *io = opaque;
b42ec42d 3493 MACIOIDEState *m = io->opaque;
e3007e66 3494 IDEState *s = m->ide_if->cur_drive;
862c9280 3495 int n;
e3007e66 3496 int64_t sector_num;
e3007e66 3497
862c9280
AJ		 3498 if (ret < 0) {
3499 m->aiocb = NULL;
3500 qemu_sglist_destroy(&s->sg);
3501 ide_dma_error(s);
3502 io->dma_end(io);
b42ec42d
AJ		 3503 return;
3504 }
e3007e66 3505
862c9280
AJ		 3506 sector_num = ide_get_sector(s);
3507 if (s->io_buffer_size > 0) {
3508 m->aiocb = NULL;
3509 qemu_sglist_destroy(&s->sg);
3510 n = (s->io_buffer_size + 0x1ff) >> 9;
3511 sector_num += n;
3512 ide_set_sector(s, sector_num);
3513 s->nsector -= n;
3514 }
3515
3516 /* end of transfer ? */
3517 if (s->nsector == 0) {
3518 s->status = READY_STAT | SEEK_STAT;
3519 ide_set_irq(s);
3520 }
e3007e66 3521
862c9280 3522 /* end of DMA ? */
e3007e66 3523
862c9280
AJ		 3524 if (io->len == 0) {
3525 io->dma_end(io);
3526 return;
3527 }
e3007e66 3528
862c9280 3529 /* launch next transfer */
e3007e66 3530
862c9280
AJ		 3531 s->io_buffer_index = 0;
3532 s->io_buffer_size = io->len;
e3007e66 3533
862c9280
AJ		 3534 qemu_sglist_init(&s->sg, io->len / TARGET_PAGE_SIZE + 1);
3535 qemu_sglist_add(&s->sg, io->addr, io->len);
3536 io->addr += io->len;
3537 io->len = 0;
e3007e66 3538
862c9280
AJ		 3539 if (s->is_read)
3540 m->aiocb = dma_bdrv_read(s->bs, &s->sg, sector_num,
3541 pmac_ide_transfer_cb, io);
3542 else
3543 m->aiocb = dma_bdrv_write(s->bs, &s->sg, sector_num,
3544 pmac_ide_transfer_cb, io);
3545 if (!m->aiocb)
3546 pmac_ide_transfer_cb(io, -1);
3547}
e3007e66 3548
862c9280
AJ		 3549static void pmac_ide_transfer(DBDMA_io *io)
3550{
3551 MACIOIDEState *m = io->opaque;
3552 IDEState *s = m->ide_if->cur_drive;
b42ec42d 3553
862c9280
AJ		 3554 s->io_buffer_size = 0;
3555 if (s->is_cdrom) {
3556 pmac_ide_atapi_transfer_cb(io, 0);
3557 return;
e3007e66
AJ		 3558 }
3559
862c9280
AJ		 3560 pmac_ide_transfer_cb(io, 0);
3561}
3562
3563static void pmac_ide_flush(DBDMA_io *io)
3564{
3565 MACIOIDEState *m = io->opaque;
3566
3567 if (m->aiocb)
3568 qemu_aio_flush();
e3007e66
AJ		 3569}
3570
1ade1de2
FB		 3571/* PowerMac IDE memory IO */
3572static void pmac_ide_writeb (void *opaque,
3573 target_phys_addr_t addr, uint32_t val)
3574{
e3007e66
AJ		 3575 MACIOIDEState *d = opaque;
3576
5fafdf24 3577 addr = (addr & 0xFFF) >> 4;
1ade1de2
FB		 3578 switch (addr) {
3579 case 1 ... 7:
e3007e66 3580 ide_ioport_write(d->ide_if, addr, val);
1ade1de2
FB		 3581 break;
3582 case 8:
3583 case 22:
e3007e66 3584 ide_cmd_write(d->ide_if, 0, val);
1ade1de2
FB		 3585 break;
3586 default:
3587 break;
3588 }
3589}
3590
3591static uint32_t pmac_ide_readb (void *opaque,target_phys_addr_t addr)
3592{
3593 uint8_t retval;
e3007e66 3594 MACIOIDEState *d = opaque;
1ade1de2
FB		 3595
3596 addr = (addr & 0xFFF) >> 4;
3597 switch (addr) {
3598 case 1 ... 7:
e3007e66 3599 retval = ide_ioport_read(d->ide_if, addr);
1ade1de2
FB		 3600 break;
3601 case 8:
3602 case 22:
e3007e66 3603 retval = ide_status_read(d->ide_if, 0);
1ade1de2
FB		 3604 break;
3605 default:
3606 retval = 0xFF;
3607 break;
3608 }
3609 return retval;
3610}
3611
3612static void pmac_ide_writew (void *opaque,
3613 target_phys_addr_t addr, uint32_t val)
3614{
e3007e66
AJ		 3615 MACIOIDEState *d = opaque;
3616
5fafdf24 3617 addr = (addr & 0xFFF) >> 4;
1ade1de2
FB		 3618#ifdef TARGET_WORDS_BIGENDIAN
3619 val = bswap16(val);
3620#endif
3621 if (addr == 0) {
e3007e66 3622 ide_data_writew(d->ide_if, 0, val);
1ade1de2
FB		 3623 }
3624}
3625
3626static uint32_t pmac_ide_readw (void *opaque,target_phys_addr_t addr)
3627{
3628 uint16_t retval;
e3007e66 3629 MACIOIDEState *d = opaque;
1ade1de2 3630
5fafdf24 3631 addr = (addr & 0xFFF) >> 4;
1ade1de2 3632 if (addr == 0) {
e3007e66 3633 retval = ide_data_readw(d->ide_if, 0);
1ade1de2
FB		 3634 } else {
3635 retval = 0xFFFF;
3636 }
3637#ifdef TARGET_WORDS_BIGENDIAN
3638 retval = bswap16(retval);
3639#endif
3640 return retval;
3641}
3642
3643static void pmac_ide_writel (void *opaque,
3644 target_phys_addr_t addr, uint32_t val)
3645{
e3007e66
AJ		 3646 MACIOIDEState *d = opaque;
3647
5fafdf24 3648 addr = (addr & 0xFFF) >> 4;
1ade1de2
FB		 3649#ifdef TARGET_WORDS_BIGENDIAN
3650 val = bswap32(val);
3651#endif
3652 if (addr == 0) {
e3007e66 3653 ide_data_writel(d->ide_if, 0, val);
1ade1de2
FB		 3654 }
3655}
3656
3657static uint32_t pmac_ide_readl (void *opaque,target_phys_addr_t addr)
3658{
3659 uint32_t retval;
e3007e66 3660 MACIOIDEState *d = opaque;
1ade1de2 3661
5fafdf24 3662 addr = (addr & 0xFFF) >> 4;
1ade1de2 3663 if (addr == 0) {
e3007e66 3664 retval = ide_data_readl(d->ide_if, 0);
1ade1de2
FB		 3665 } else {
3666 retval = 0xFFFFFFFF;
3667 }
3668#ifdef TARGET_WORDS_BIGENDIAN
3669 retval = bswap32(retval);
3670#endif
3671 return retval;
3672}
3673
3674static CPUWriteMemoryFunc *pmac_ide_write[] = {
3675 pmac_ide_writeb,
3676 pmac_ide_writew,
3677 pmac_ide_writel,
3678};
3679
3680static CPUReadMemoryFunc *pmac_ide_read[] = {
3681 pmac_ide_readb,
3682 pmac_ide_readw,
3683 pmac_ide_readl,
3684};
3685
9b64997f
BS		 3686static void pmac_ide_save(QEMUFile *f, void *opaque)
3687{
e3007e66
AJ		 3688 MACIOIDEState *d = opaque;
3689 IDEState *s = d->ide_if;
9b64997f
BS		 3690 uint8_t drive1_selected;
3691 unsigned int i;
3692
3693 /* per IDE interface data */
3694 qemu_put_8s(f, &s->cmd);
3695 drive1_selected = (s->cur_drive != s);
3696 qemu_put_8s(f, &drive1_selected);
3697
3698 /* per IDE drive data */
3699 for(i = 0; i < 2; i++) {
3700 ide_save(f, &s[i]);
3701 }
3702}
3703
3704static int pmac_ide_load(QEMUFile *f, void *opaque, int version_id)
3705{
e3007e66
AJ		 3706 MACIOIDEState *d = opaque;
3707 IDEState *s = d->ide_if;
9b64997f
BS		 3708 uint8_t drive1_selected;
3709 unsigned int i;
3710
3711 if (version_id != 1)
3712 return -EINVAL;
3713
3714 /* per IDE interface data */
3715 qemu_get_8s(f, &s->cmd);
3716 qemu_get_8s(f, &drive1_selected);
3717 s->cur_drive = &s[(drive1_selected != 0)];
3718
3719 /* per IDE drive data */
3720 for(i = 0; i < 2; i++) {
3721 ide_load(f, &s[i]);
3722 }
3723 return 0;
3724}
3725
6e6b7363
BS		 3726static void pmac_ide_reset(void *opaque)
3727{
e3007e66
AJ		 3728 MACIOIDEState *d = opaque;
3729 IDEState *s = d->ide_if;
6e6b7363
BS		 3730
3731 ide_reset(&s[0]);
3732 ide_reset(&s[1]);
3733}
3734
1ade1de2
FB		 3735/* hd_table must contain 4 block drivers */
3736/* PowerMac uses memory mapped registers, not I/O. Return the memory
3737 I/O index to access the ide. */
e3007e66
AJ		 3738int pmac_ide_init (BlockDriverState **hd_table, qemu_irq irq,
3739 void *dbdma, int channel, qemu_irq dma_irq)
1ade1de2 3740{
e3007e66 3741 MACIOIDEState *d;
1ade1de2
FB		 3742 int pmac_ide_memory;
3743
e3007e66
AJ		 3744 d = qemu_mallocz(sizeof(MACIOIDEState));
3745 ide_init2(d->ide_if, hd_table[0], hd_table[1], irq);
3746
b42ec42d 3747 if (dbdma)
862c9280 3748 DBDMA_register_channel(dbdma, channel, dma_irq, pmac_ide_transfer, pmac_ide_flush, d);
3b46e624 3749
1ade1de2 3750 pmac_ide_memory = cpu_register_io_memory(0, pmac_ide_read,
e3007e66
AJ		 3751 pmac_ide_write, d);
3752 register_savevm("ide", 0, 1, pmac_ide_save, pmac_ide_load, d);
3753 qemu_register_reset(pmac_ide_reset, d);
3754 pmac_ide_reset(d);
3755
1ade1de2
FB		 3756 return pmac_ide_memory;
3757}
e3007e66 3758#endif /* TARGET_PPC */
201a51fc 3759
a4a771c0
AZ		 3760/***********************************************************/
3761/* MMIO based ide port
3762 * This emulates IDE device connected directly to the CPU bus without
3763 * dedicated ide controller, which is often seen on embedded boards.
3764 */
3765
3766typedef struct {
3767 void *dev;
3768 int shift;
3769} MMIOState;
3770
3771static uint32_t mmio_ide_read (void *opaque, target_phys_addr_t addr)
3772{
3773 MMIOState *s = (MMIOState*)opaque;
3774 IDEState *ide = (IDEState*)s->dev;
3775 addr >>= s->shift;
3776 if (addr & 7)
3777 return ide_ioport_read(ide, addr);
3778 else
3779 return ide_data_readw(ide, 0);
3780}
3781
3782static void mmio_ide_write (void *opaque, target_phys_addr_t addr,
3783 uint32_t val)
3784{
3785 MMIOState *s = (MMIOState*)opaque;
3786 IDEState *ide = (IDEState*)s->dev;
3787 addr >>= s->shift;
3788 if (addr & 7)
3789 ide_ioport_write(ide, addr, val);
3790 else
3791 ide_data_writew(ide, 0, val);
3792}
3793
3794static CPUReadMemoryFunc *mmio_ide_reads[] = {
3795 mmio_ide_read,
3796 mmio_ide_read,
3797 mmio_ide_read,
3798};
3799
3800static CPUWriteMemoryFunc *mmio_ide_writes[] = {
3801 mmio_ide_write,
3802 mmio_ide_write,
3803 mmio_ide_write,
3804};
3805
3806static uint32_t mmio_ide_status_read (void *opaque, target_phys_addr_t addr)
3807{
3808 MMIOState *s= (MMIOState*)opaque;
3809 IDEState *ide = (IDEState*)s->dev;
3810 return ide_status_read(ide, 0);
3811}
3812
3813static void mmio_ide_cmd_write (void *opaque, target_phys_addr_t addr,
3814 uint32_t val)
3815{
3816 MMIOState *s = (MMIOState*)opaque;
3817 IDEState *ide = (IDEState*)s->dev;
3818 ide_cmd_write(ide, 0, val);
3819}
3820
3821static CPUReadMemoryFunc *mmio_ide_status[] = {
3822 mmio_ide_status_read,
3823 mmio_ide_status_read,
3824 mmio_ide_status_read,
3825};
3826
3827static CPUWriteMemoryFunc *mmio_ide_cmd[] = {
3828 mmio_ide_cmd_write,
3829 mmio_ide_cmd_write,
3830 mmio_ide_cmd_write,
3831};
3832
3833void mmio_ide_init (target_phys_addr_t membase, target_phys_addr_t membase2,
3834 qemu_irq irq, int shift,
3835 BlockDriverState *hd0, BlockDriverState *hd1)
3836{
3837 MMIOState *s = qemu_mallocz(sizeof(MMIOState));
3838 IDEState *ide = qemu_mallocz(sizeof(IDEState) * 2);
3839 int mem1, mem2;
3840
3841 ide_init2(ide, hd0, hd1, irq);
3842
3843 s->dev = ide;
3844 s->shift = shift;
3845
3846 mem1 = cpu_register_io_memory(0, mmio_ide_reads, mmio_ide_writes, s);
3847 mem2 = cpu_register_io_memory(0, mmio_ide_status, mmio_ide_cmd, s);
3848 cpu_register_physical_memory(membase, 16 << shift, mem1);
3849 cpu_register_physical_memory(membase2, 2 << shift, mem2);
3850}
3851
201a51fc
AZ		 3852/***********************************************************/
3853/* CF-ATA Microdrive */
3854
3855#define METADATA_SIZE 0x20
3856
3857/* DSCM-1XXXX Microdrive hard disk with CF+ II / PCMCIA interface. */
3858struct md_s {
3859 IDEState ide[2];
3860 struct pcmcia_card_s card;
3861 uint32_t attr_base;
3862 uint32_t io_base;
3863
3864 /* Card state */
3865 uint8_t opt;
3866 uint8_t stat;
3867 uint8_t pins;
3868
3869 uint8_t ctrl;
3870 uint16_t io;
3871 int cycle;
3872};
3873
3874/* Register bitfields */
3875enum md_opt {
3876 OPT_MODE_MMAP = 0,
3877 OPT_MODE_IOMAP16 = 1,
3878 OPT_MODE_IOMAP1 = 2,
3879 OPT_MODE_IOMAP2 = 3,
3880 OPT_MODE = 0x3f,
3881 OPT_LEVIREQ = 0x40,
3882 OPT_SRESET = 0x80,
3883};
3884enum md_cstat {
3885 STAT_INT = 0x02,
3886 STAT_PWRDWN = 0x04,
3887 STAT_XE = 0x10,
3888 STAT_IOIS8 = 0x20,
3889 STAT_SIGCHG = 0x40,
3890 STAT_CHANGED = 0x80,
3891};
3892enum md_pins {
3893 PINS_MRDY = 0x02,
3894 PINS_CRDY = 0x20,
3895};
3896enum md_ctrl {
3897 CTRL_IEN = 0x02,
3898 CTRL_SRST = 0x04,
3899};
3900
3901static inline void md_interrupt_update(struct md_s *s)
3902{
3903 if (!s->card.slot)
3904 return;
3905
3906 qemu_set_irq(s->card.slot->irq,
3907 !(s->stat & STAT_INT) && /* Inverted */
3908 !(s->ctrl & (CTRL_IEN | CTRL_SRST)) &&
3909 !(s->opt & OPT_SRESET));
3910}
3911
3912static void md_set_irq(void *opaque, int irq, int level)
3913{
3914 struct md_s *s = (struct md_s *) opaque;
3915 if (level)
3916 s->stat |= STAT_INT;
3917 else
3918 s->stat &= ~STAT_INT;
3919
3920 md_interrupt_update(s);
3921}
3922
3923static void md_reset(struct md_s *s)
3924{
3925 s->opt = OPT_MODE_MMAP;
3926 s->stat = 0;
3927 s->pins = 0;
3928 s->cycle = 0;
3929 s->ctrl = 0;
3930 ide_reset(s->ide);
3931}
3932
9e315fa9 3933static uint8_t md_attr_read(void *opaque, uint32_t at)
201a51fc
AZ		 3934{
3935 struct md_s *s = (struct md_s *) opaque;
3936 if (at < s->attr_base) {
3937 if (at < s->card.cis_len)
3938 return s->card.cis[at];
3939 else
3940 return 0x00;
3941 }
3942
3943 at -= s->attr_base;
3944
3945 switch (at) {
3946 case 0x00: /* Configuration Option Register */
3947 return s->opt;
3948 case 0x02: /* Card Configuration Status Register */
3949 if (s->ctrl & CTRL_IEN)
3950 return s->stat & ~STAT_INT;
3951 else
3952 return s->stat;
3953 case 0x04: /* Pin Replacement Register */
3954 return (s->pins & PINS_CRDY) | 0x0c;
3955 case 0x06: /* Socket and Copy Register */
3956 return 0x00;
3957#ifdef VERBOSE
3958 default:
3959 printf("%s: Bad attribute space register %02x\n", __FUNCTION__, at);
3960#endif
3961 }
3962
3963 return 0;
3964}
3965
9e315fa9 3966static void md_attr_write(void *opaque, uint32_t at, uint8_t value)
201a51fc
AZ		 3967{
3968 struct md_s *s = (struct md_s *) opaque;
3969 at -= s->attr_base;
3970
3971 switch (at) {
3972 case 0x00: /* Configuration Option Register */
3973 s->opt = value & 0xcf;
3974 if (value & OPT_SRESET)
3975 md_reset(s);
3976 md_interrupt_update(s);
3977 break;
3978 case 0x02: /* Card Configuration Status Register */
3979 if ((s->stat ^ value) & STAT_PWRDWN)
3980 s->pins |= PINS_CRDY;
3981 s->stat &= 0x82;
3982 s->stat |= value & 0x74;
3983 md_interrupt_update(s);
3984 /* Word 170 in Identify Device must be equal to STAT_XE */
3985 break;
3986 case 0x04: /* Pin Replacement Register */
3987 s->pins &= PINS_CRDY;
3988 s->pins |= value & PINS_MRDY;
3989 break;
3990 case 0x06: /* Socket and Copy Register */
3991 break;
3992 default:
3993 printf("%s: Bad attribute space register %02x\n", __FUNCTION__, at);
3994 }
3995}
3996
9e315fa9 3997static uint16_t md_common_read(void *opaque, uint32_t at)
201a51fc
AZ		 3998{
3999 struct md_s *s = (struct md_s *) opaque;
4000 uint16_t ret;
4001 at -= s->io_base;
4002
4003 switch (s->opt & OPT_MODE) {
4004 case OPT_MODE_MMAP:
4005 if ((at & ~0x3ff) == 0x400)
4006 at = 0;
4007 break;
4008 case OPT_MODE_IOMAP16:
4009 at &= 0xf;
4010 break;
4011 case OPT_MODE_IOMAP1:
4012 if ((at & ~0xf) == 0x3f0)
4013 at -= 0x3e8;
4014 else if ((at & ~0xf) == 0x1f0)
4015 at -= 0x1f0;
4016 break;
4017 case OPT_MODE_IOMAP2:
4018 if ((at & ~0xf) == 0x370)
4019 at -= 0x368;
4020 else if ((at & ~0xf) == 0x170)
4021 at -= 0x170;
4022 }
4023
4024 switch (at) {
4025 case 0x0: /* Even RD Data */
4026 case 0x8:
4027 return ide_data_readw(s->ide, 0);
4028
4029 /* TODO: 8-bit accesses */
4030 if (s->cycle)
4031 ret = s->io >> 8;
4032 else {
4033 s->io = ide_data_readw(s->ide, 0);
4034 ret = s->io & 0xff;
4035 }
4036 s->cycle = !s->cycle;
4037 return ret;
4038 case 0x9: /* Odd RD Data */
4039 return s->io >> 8;
4040 case 0xd: /* Error */
4041 return ide_ioport_read(s->ide, 0x1);
4042 case 0xe: /* Alternate Status */
4043 if (s->ide->cur_drive->bs)
4044 return s->ide->cur_drive->status;
4045 else
4046 return 0;
4047 case 0xf: /* Device Address */
4048 return 0xc2 | ((~s->ide->select << 2) & 0x3c);
4049 default:
4050 return ide_ioport_read(s->ide, at);
4051 }
4052
4053 return 0;
4054}
4055
9e315fa9 4056static void md_common_write(void *opaque, uint32_t at, uint16_t value)
201a51fc
AZ		 4057{
4058 struct md_s *s = (struct md_s *) opaque;
4059 at -= s->io_base;
4060
4061 switch (s->opt & OPT_MODE) {
4062 case OPT_MODE_MMAP:
4063 if ((at & ~0x3ff) == 0x400)
4064 at = 0;
4065 break;
4066 case OPT_MODE_IOMAP16:
4067 at &= 0xf;
4068 break;
4069 case OPT_MODE_IOMAP1:
4070 if ((at & ~0xf) == 0x3f0)
4071 at -= 0x3e8;
4072 else if ((at & ~0xf) == 0x1f0)
4073 at -= 0x1f0;
4074 break;
4075 case OPT_MODE_IOMAP2:
4076 if ((at & ~0xf) == 0x370)
4077 at -= 0x368;
4078 else if ((at & ~0xf) == 0x170)
4079 at -= 0x170;
4080 }
4081
4082 switch (at) {
4083 case 0x0: /* Even WR Data */
4084 case 0x8:
4085 ide_data_writew(s->ide, 0, value);
4086 break;
4087
4088 /* TODO: 8-bit accesses */
4089 if (s->cycle)
4090 ide_data_writew(s->ide, 0, s->io | (value << 8));
4091 else
4092 s->io = value & 0xff;
4093 s->cycle = !s->cycle;
4094 break;
4095 case 0x9:
4096 s->io = value & 0xff;
4097 s->cycle = !s->cycle;
4098 break;
4099 case 0xd: /* Features */
4100 ide_ioport_write(s->ide, 0x1, value);
4101 break;
4102 case 0xe: /* Device Control */
4103 s->ctrl = value;
4104 if (value & CTRL_SRST)
4105 md_reset(s);
4106 md_interrupt_update(s);
4107 break;
4108 default:
4109 if (s->stat & STAT_PWRDWN) {
4110 s->pins |= PINS_CRDY;
4111 s->stat &= ~STAT_PWRDWN;
4112 }
4113 ide_ioport_write(s->ide, at, value);
4114 }
4115}
4116
aa941b94
AZ		 4117static void md_save(QEMUFile *f, void *opaque)
4118{
4119 struct md_s *s = (struct md_s *) opaque;
4120 int i;
4121 uint8_t drive1_selected;
4122
4123 qemu_put_8s(f, &s->opt);
4124 qemu_put_8s(f, &s->stat);
4125 qemu_put_8s(f, &s->pins);
4126
4127 qemu_put_8s(f, &s->ctrl);
4128 qemu_put_be16s(f, &s->io);
4129 qemu_put_byte(f, s->cycle);
4130
4131 drive1_selected = (s->ide->cur_drive != s->ide);
4132 qemu_put_8s(f, &s->ide->cmd);
4133 qemu_put_8s(f, &drive1_selected);
4134
4135 for (i = 0; i < 2; i ++)
4136 ide_save(f, &s->ide[i]);
4137}
4138
4139static int md_load(QEMUFile *f, void *opaque, int version_id)
4140{
4141 struct md_s *s = (struct md_s *) opaque;
4142 int i;
4143 uint8_t drive1_selected;
4144
4145 qemu_get_8s(f, &s->opt);
4146 qemu_get_8s(f, &s->stat);
4147 qemu_get_8s(f, &s->pins);
4148
4149 qemu_get_8s(f, &s->ctrl);
4150 qemu_get_be16s(f, &s->io);
4151 s->cycle = qemu_get_byte(f);
4152
4153 qemu_get_8s(f, &s->ide->cmd);
4154 qemu_get_8s(f, &drive1_selected);
4155 s->ide->cur_drive = &s->ide[(drive1_selected != 0)];
4156
4157 for (i = 0; i < 2; i ++)
4158 ide_load(f, &s->ide[i]);
4159
4160 return 0;
4161}
4162
201a51fc
AZ		 4163static const uint8_t dscm1xxxx_cis[0x14a] = {
4164 [0x000] = CISTPL_DEVICE, /* 5V Device Information */
4165 [0x002] = 0x03, /* Tuple length = 4 bytes */
4166 [0x004] = 0xdb, /* ID: DTYPE_FUNCSPEC, non WP, DSPEED_150NS */
4167 [0x006] = 0x01, /* Size = 2K bytes */
4168 [0x008] = CISTPL_ENDMARK,
4169
4170 [0x00a] = CISTPL_DEVICE_OC, /* Additional Device Information */
4171 [0x00c] = 0x04, /* Tuple length = 4 byest */
4172 [0x00e] = 0x03, /* Conditions: Ext = 0, Vcc 3.3V, MWAIT = 1 */
4173 [0x010] = 0xdb, /* ID: DTYPE_FUNCSPEC, non WP, DSPEED_150NS */
4174 [0x012] = 0x01, /* Size = 2K bytes */
4175 [0x014] = CISTPL_ENDMARK,
4176
4177 [0x016] = CISTPL_JEDEC_C, /* JEDEC ID */
4178 [0x018] = 0x02, /* Tuple length = 2 bytes */
4179 [0x01a] = 0xdf, /* PC Card ATA with no Vpp required */
4180 [0x01c] = 0x01,
4181
4182 [0x01e] = CISTPL_MANFID, /* Manufacture ID */
4183 [0x020] = 0x04, /* Tuple length = 4 bytes */
4184 [0x022] = 0xa4, /* TPLMID_MANF = 00a4 (IBM) */
4185 [0x024] = 0x00,
4186 [0x026] = 0x00, /* PLMID_CARD = 0000 */
4187 [0x028] = 0x00,
4188
4189 [0x02a] = CISTPL_VERS_1, /* Level 1 Version */
4190 [0x02c] = 0x12, /* Tuple length = 23 bytes */
4191 [0x02e] = 0x04, /* Major Version = JEIDA 4.2 / PCMCIA 2.1 */
4192 [0x030] = 0x01, /* Minor Version = 1 */
4193 [0x032] = 'I',
4194 [0x034] = 'B',
4195 [0x036] = 'M',
4196 [0x038] = 0x00,
4197 [0x03a] = 'm',
4198 [0x03c] = 'i',
4199 [0x03e] = 'c',
4200 [0x040] = 'r',
4201 [0x042] = 'o',
4202 [0x044] = 'd',
4203 [0x046] = 'r',
4204 [0x048] = 'i',
4205 [0x04a] = 'v',
4206 [0x04c] = 'e',
4207 [0x04e] = 0x00,
4208 [0x050] = CISTPL_ENDMARK,
4209
4210 [0x052] = CISTPL_FUNCID, /* Function ID */
4211 [0x054] = 0x02, /* Tuple length = 2 bytes */
4212 [0x056] = 0x04, /* TPLFID_FUNCTION = Fixed Disk */
4213 [0x058] = 0x01, /* TPLFID_SYSINIT: POST = 1, ROM = 0 */
4214
4215 [0x05a] = CISTPL_FUNCE, /* Function Extension */
4216 [0x05c] = 0x02, /* Tuple length = 2 bytes */
4217 [0x05e] = 0x01, /* TPLFE_TYPE = Disk Device Interface */
4218 [0x060] = 0x01, /* TPLFE_DATA = PC Card ATA Interface */
4219
4220 [0x062] = CISTPL_FUNCE, /* Function Extension */
4221 [0x064] = 0x03, /* Tuple length = 3 bytes */
4222 [0x066] = 0x02, /* TPLFE_TYPE = Basic PC Card ATA Interface */
4223 [0x068] = 0x08, /* TPLFE_DATA: Rotating, Unique, Single */
4224 [0x06a] = 0x0f, /* TPLFE_DATA: Sleep, Standby, Idle, Auto */
4225
4226 [0x06c] = CISTPL_CONFIG, /* Configuration */
4227 [0x06e] = 0x05, /* Tuple length = 5 bytes */
4228 [0x070] = 0x01, /* TPCC_RASZ = 2 bytes, TPCC_RMSZ = 1 byte */
4229 [0x072] = 0x07, /* TPCC_LAST = 7 */
4230 [0x074] = 0x00, /* TPCC_RADR = 0200 */
4231 [0x076] = 0x02,
4232 [0x078] = 0x0f, /* TPCC_RMSK = 200, 202, 204, 206 */
4233
4234 [0x07a] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
4235 [0x07c] = 0x0b, /* Tuple length = 11 bytes */
4236 [0x07e] = 0xc0, /* TPCE_INDX = Memory Mode, Default, Iface */
4237 [0x080] = 0xc0, /* TPCE_IF = Memory, no BVDs, no WP, READY */
4238 [0x082] = 0xa1, /* TPCE_FS = Vcc only, no I/O, Memory, Misc */
4239 [0x084] = 0x27, /* NomV = 1, MinV = 1, MaxV = 1, Peakl = 1 */
4240 [0x086] = 0x55, /* NomV: 5.0 V */
4241 [0x088] = 0x4d, /* MinV: 4.5 V */
4242 [0x08a] = 0x5d, /* MaxV: 5.5 V */
4243 [0x08c] = 0x4e, /* Peakl: 450 mA */
4244 [0x08e] = 0x08, /* TPCE_MS = 1 window, 1 byte, Host address */
4245 [0x090] = 0x00, /* Window descriptor: Window length = 0 */
4246 [0x092] = 0x20, /* TPCE_MI: support power down mode, RW */
4247
4248 [0x094] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
4249 [0x096] = 0x06, /* Tuple length = 6 bytes */
4250 [0x098] = 0x00, /* TPCE_INDX = Memory Mode, no Default */
4251 [0x09a] = 0x01, /* TPCE_FS = Vcc only, no I/O, no Memory */
4252 [0x09c] = 0x21, /* NomV = 1, MinV = 0, MaxV = 0, Peakl = 1 */
4253 [0x09e] = 0xb5, /* NomV: 3.3 V */
4254 [0x0a0] = 0x1e,
4255 [0x0a2] = 0x3e, /* Peakl: 350 mA */
4256
4257 [0x0a4] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
4258 [0x0a6] = 0x0d, /* Tuple length = 13 bytes */
4259 [0x0a8] = 0xc1, /* TPCE_INDX = I/O and Memory Mode, Default */
4260 [0x0aa] = 0x41, /* TPCE_IF = I/O and Memory, no BVD, no WP */
4261 [0x0ac] = 0x99, /* TPCE_FS = Vcc only, I/O, Interrupt, Misc */
4262 [0x0ae] = 0x27, /* NomV = 1, MinV = 1, MaxV = 1, Peakl = 1 */
4263 [0x0b0] = 0x55, /* NomV: 5.0 V */
4264 [0x0b2] = 0x4d, /* MinV: 4.5 V */
4265 [0x0b4] = 0x5d, /* MaxV: 5.5 V */
4266 [0x0b6] = 0x4e, /* Peakl: 450 mA */
4267 [0x0b8] = 0x64, /* TPCE_IO = 16-byte boundary, 16/8 accesses */
4268 [0x0ba] = 0xf0, /* TPCE_IR = MASK, Level, Pulse, Share */
4269 [0x0bc] = 0xff, /* IRQ0..IRQ7 supported */
4270 [0x0be] = 0xff, /* IRQ8..IRQ15 supported */
4271 [0x0c0] = 0x20, /* TPCE_MI = support power down mode */
4272
4273 [0x0c2] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
4274 [0x0c4] = 0x06, /* Tuple length = 6 bytes */
4275 [0x0c6] = 0x01, /* TPCE_INDX = I/O and Memory Mode */
4276 [0x0c8] = 0x01, /* TPCE_FS = Vcc only, no I/O, no Memory */
4277 [0x0ca] = 0x21, /* NomV = 1, MinV = 0, MaxV = 0, Peakl = 1 */
4278 [0x0cc] = 0xb5, /* NomV: 3.3 V */
4279 [0x0ce] = 0x1e,
4280 [0x0d0] = 0x3e, /* Peakl: 350 mA */
4281
4282 [0x0d2] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
4283 [0x0d4] = 0x12, /* Tuple length = 18 bytes */
4284 [0x0d6] = 0xc2, /* TPCE_INDX = I/O Primary Mode */
4285 [0x0d8] = 0x41, /* TPCE_IF = I/O and Memory, no BVD, no WP */
4286 [0x0da] = 0x99, /* TPCE_FS = Vcc only, I/O, Interrupt, Misc */
4287 [0x0dc] = 0x27, /* NomV = 1, MinV = 1, MaxV = 1, Peakl = 1 */
4288 [0x0de] = 0x55, /* NomV: 5.0 V */
4289 [0x0e0] = 0x4d, /* MinV: 4.5 V */
4290 [0x0e2] = 0x5d, /* MaxV: 5.5 V */
4291 [0x0e4] = 0x4e, /* Peakl: 450 mA */
4292 [0x0e6] = 0xea, /* TPCE_IO = 1K boundary, 16/8 access, Range */
4293 [0x0e8] = 0x61, /* Range: 2 fields, 2 bytes addr, 1 byte len */
4294 [0x0ea] = 0xf0, /* Field 1 address = 0x01f0 */
4295 [0x0ec] = 0x01,
4296 [0x0ee] = 0x07, /* Address block length = 8 */
4297 [0x0f0] = 0xf6, /* Field 2 address = 0x03f6 */
4298 [0x0f2] = 0x03,
4299 [0x0f4] = 0x01, /* Address block length = 2 */
4300 [0x0f6] = 0xee, /* TPCE_IR = IRQ E, Level, Pulse, Share */
4301 [0x0f8] = 0x20, /* TPCE_MI = support power down mode */
4302
4303 [0x0fa] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
4304 [0x0fc] = 0x06, /* Tuple length = 6 bytes */
4305 [0x0fe] = 0x02, /* TPCE_INDX = I/O Primary Mode, no Default */
4306 [0x100] = 0x01, /* TPCE_FS = Vcc only, no I/O, no Memory */
4307 [0x102] = 0x21, /* NomV = 1, MinV = 0, MaxV = 0, Peakl = 1 */
4308 [0x104] = 0xb5, /* NomV: 3.3 V */
4309 [0x106] = 0x1e,
4310 [0x108] = 0x3e, /* Peakl: 350 mA */
4311
4312 [0x10a] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
4313 [0x10c] = 0x12, /* Tuple length = 18 bytes */
4314 [0x10e] = 0xc3, /* TPCE_INDX = I/O Secondary Mode, Default */
4315 [0x110] = 0x41, /* TPCE_IF = I/O and Memory, no BVD, no WP */
4316 [0x112] = 0x99, /* TPCE_FS = Vcc only, I/O, Interrupt, Misc */
4317 [0x114] = 0x27, /* NomV = 1, MinV = 1, MaxV = 1, Peakl = 1 */
4318 [0x116] = 0x55, /* NomV: 5.0 V */
4319 [0x118] = 0x4d, /* MinV: 4.5 V */
4320 [0x11a] = 0x5d, /* MaxV: 5.5 V */
4321 [0x11c] = 0x4e, /* Peakl: 450 mA */
4322 [0x11e] = 0xea, /* TPCE_IO = 1K boundary, 16/8 access, Range */
4323 [0x120] = 0x61, /* Range: 2 fields, 2 byte addr, 1 byte len */
4324 [0x122] = 0x70, /* Field 1 address = 0x0170 */
4325 [0x124] = 0x01,
4326 [0x126] = 0x07, /* Address block length = 8 */
4327 [0x128] = 0x76, /* Field 2 address = 0x0376 */
4328 [0x12a] = 0x03,
4329 [0x12c] = 0x01, /* Address block length = 2 */
4330 [0x12e] = 0xee, /* TPCE_IR = IRQ E, Level, Pulse, Share */
4331 [0x130] = 0x20, /* TPCE_MI = support power down mode */
4332
4333 [0x132] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
4334 [0x134] = 0x06, /* Tuple length = 6 bytes */
4335 [0x136] = 0x03, /* TPCE_INDX = I/O Secondary Mode */
4336 [0x138] = 0x01, /* TPCE_FS = Vcc only, no I/O, no Memory */
4337 [0x13a] = 0x21, /* NomV = 1, MinV = 0, MaxV = 0, Peakl = 1 */
4338 [0x13c] = 0xb5, /* NomV: 3.3 V */
4339 [0x13e] = 0x1e,
4340 [0x140] = 0x3e, /* Peakl: 350 mA */
4341
4342 [0x142] = CISTPL_NO_LINK, /* No Link */
4343 [0x144] = 0x00, /* Tuple length = 0 bytes */
4344
4345 [0x146] = CISTPL_END, /* Tuple End */
4346};
4347
4348static int dscm1xxxx_attach(void *opaque)
4349{
4350 struct md_s *md = (struct md_s *) opaque;
4351 md->card.attr_read = md_attr_read;
4352 md->card.attr_write = md_attr_write;
4353 md->card.common_read = md_common_read;
4354 md->card.common_write = md_common_write;
4355 md->card.io_read = md_common_read;
4356 md->card.io_write = md_common_write;
4357
4358 md->attr_base = md->card.cis[0x74] | (md->card.cis[0x76] << 8);
4359 md->io_base = 0x0;
4360
4361 md_reset(md);
4362 md_interrupt_update(md);
4363
4364 md->card.slot->card_string = "DSCM-1xxxx Hitachi Microdrive";
4365 return 0;
4366}
4367
4368static int dscm1xxxx_detach(void *opaque)
4369{
4370 struct md_s *md = (struct md_s *) opaque;
4371 md_reset(md);
4372 return 0;
4373}
4374
4375struct pcmcia_card_s *dscm1xxxx_init(BlockDriverState *bdrv)
4376{
4377 struct md_s *md = (struct md_s *) qemu_mallocz(sizeof(struct md_s));
4378 md->card.state = md;
4379 md->card.attach = dscm1xxxx_attach;
4380 md->card.detach = dscm1xxxx_detach;
4381 md->card.cis = dscm1xxxx_cis;
4382 md->card.cis_len = sizeof(dscm1xxxx_cis);
4383
4384 ide_init2(md->ide, bdrv, 0, qemu_allocate_irqs(md_set_irq, md, 1)[0]);
4385 md->ide->is_cf = 1;
4386 md->ide->mdata_size = METADATA_SIZE;
4387 md->ide->mdata_storage = (uint8_t *) qemu_mallocz(METADATA_SIZE);
aa941b94 4388
18be5187 4389 register_savevm("microdrive", -1, 0, md_save, md_load, md);
aa941b94 4390
201a51fc
AZ		 4391 return &md->card;
4392}
Qemu copy for testing