]> git.proxmox.com Git - mirror_qemu.git/blame - hw/ide.c
projects / mirror_qemu.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Break up vl.h.
[mirror_qemu.git] / hw / ide.c
CommitLineData
5391d806
FB		 1/*
2 * QEMU IDE disk and CD-ROM Emulator
5fafdf24 3 *
5391d806 4 * Copyright (c) 2003 Fabrice Bellard
201a51fc 5 * Copyright (c) 2006 Openedhand Ltd.
5fafdf24 6 *
5391d806
FB		 7 * Permission is hereby granted, free of charge, to any person obtaining a copy
8 * of this software and associated documentation files (the "Software"), to deal
9 * in the Software without restriction, including without limitation the rights
10 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
11 * copies of the Software, and to permit persons to whom the Software is
12 * furnished to do so, subject to the following conditions:
13 *
14 * The above copyright notice and this permission notice shall be included in
15 * all copies or substantial portions of the Software.
16 *
17 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
18 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
19 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
20 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
21 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
22 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
23 * THE SOFTWARE.
24 */
87ecb68b
PB		 25#include "hw.h"
26#include "pc.h"
27#include "pci.h"
28#include "scsi-disk.h"
29#include "pcmcia.h"
30#include "block.h"
31#include "qemu-timer.h"
32#include "sysemu.h"
5391d806 33
5391d806
FB		 34/* debug IDE devices */
35//#define DEBUG_IDE
36//#define DEBUG_IDE_ATAPI
8ccad811
FB		 37//#define DEBUG_AIO
38#define USE_DMA_CDROM
5391d806
FB		 39
40/* Bits of HD_STATUS */
41#define ERR_STAT 0x01
42#define INDEX_STAT 0x02
43#define ECC_STAT 0x04 /* Corrected error */
44#define DRQ_STAT 0x08
45#define SEEK_STAT 0x10
46#define SRV_STAT 0x10
47#define WRERR_STAT 0x20
48#define READY_STAT 0x40
49#define BUSY_STAT 0x80
50
51/* Bits for HD_ERROR */
52#define MARK_ERR 0x01 /* Bad address mark */
53#define TRK0_ERR 0x02 /* couldn't find track 0 */
54#define ABRT_ERR 0x04 /* Command aborted */
55#define MCR_ERR 0x08 /* media change request */
56#define ID_ERR 0x10 /* ID field not found */
57#define MC_ERR 0x20 /* media changed */
58#define ECC_ERR 0x40 /* Uncorrectable ECC error */
59#define BBD_ERR 0x80 /* pre-EIDE meaning: block marked bad */
60#define ICRC_ERR 0x80 /* new meaning: CRC error during transfer */
61
62/* Bits of HD_NSECTOR */
63#define CD 0x01
64#define IO 0x02
65#define REL 0x04
66#define TAG_MASK 0xf8
67
68#define IDE_CMD_RESET 0x04
69#define IDE_CMD_DISABLE_IRQ 0x02
70
71/* ATA/ATAPI Commands pre T13 Spec */
72#define WIN_NOP 0x00
73/*
74 * 0x01->0x02 Reserved
75 */
76#define CFA_REQ_EXT_ERROR_CODE 0x03 /* CFA Request Extended Error Code */
77/*
78 * 0x04->0x07 Reserved
79 */
80#define WIN_SRST 0x08 /* ATAPI soft reset command */
81#define WIN_DEVICE_RESET 0x08
82/*
83 * 0x09->0x0F Reserved
84 */
85#define WIN_RECAL 0x10
86#define WIN_RESTORE WIN_RECAL
87/*
88 * 0x10->0x1F Reserved
89 */
90#define WIN_READ 0x20 /* 28-Bit */
91#define WIN_READ_ONCE 0x21 /* 28-Bit without retries */
92#define WIN_READ_LONG 0x22 /* 28-Bit */
93#define WIN_READ_LONG_ONCE 0x23 /* 28-Bit without retries */
94#define WIN_READ_EXT 0x24 /* 48-Bit */
95#define WIN_READDMA_EXT 0x25 /* 48-Bit */
96#define WIN_READDMA_QUEUED_EXT 0x26 /* 48-Bit */
97#define WIN_READ_NATIVE_MAX_EXT 0x27 /* 48-Bit */
98/*
99 * 0x28
100 */
101#define WIN_MULTREAD_EXT 0x29 /* 48-Bit */
102/*
103 * 0x2A->0x2F Reserved
104 */
105#define WIN_WRITE 0x30 /* 28-Bit */
106#define WIN_WRITE_ONCE 0x31 /* 28-Bit without retries */
107#define WIN_WRITE_LONG 0x32 /* 28-Bit */
108#define WIN_WRITE_LONG_ONCE 0x33 /* 28-Bit without retries */
109#define WIN_WRITE_EXT 0x34 /* 48-Bit */
110#define WIN_WRITEDMA_EXT 0x35 /* 48-Bit */
111#define WIN_WRITEDMA_QUEUED_EXT 0x36 /* 48-Bit */
112#define WIN_SET_MAX_EXT 0x37 /* 48-Bit */
113#define CFA_WRITE_SECT_WO_ERASE 0x38 /* CFA Write Sectors without erase */
114#define WIN_MULTWRITE_EXT 0x39 /* 48-Bit */
115/*
116 * 0x3A->0x3B Reserved
117 */
118#define WIN_WRITE_VERIFY 0x3C /* 28-Bit */
119/*
120 * 0x3D->0x3F Reserved
121 */
122#define WIN_VERIFY 0x40 /* 28-Bit - Read Verify Sectors */
123#define WIN_VERIFY_ONCE 0x41 /* 28-Bit - without retries */
124#define WIN_VERIFY_EXT 0x42 /* 48-Bit */
125/*
126 * 0x43->0x4F Reserved
127 */
128#define WIN_FORMAT 0x50
129/*
130 * 0x51->0x5F Reserved
131 */
132#define WIN_INIT 0x60
133/*
134 * 0x61->0x5F Reserved
135 */
136#define WIN_SEEK 0x70 /* 0x70-0x7F Reserved */
137#define CFA_TRANSLATE_SECTOR 0x87 /* CFA Translate Sector */
138#define WIN_DIAGNOSE 0x90
139#define WIN_SPECIFY 0x91 /* set drive geometry translation */
140#define WIN_DOWNLOAD_MICROCODE 0x92
141#define WIN_STANDBYNOW2 0x94
201a51fc 142#define CFA_IDLEIMMEDIATE 0x95 /* force drive to become "ready" */
5391d806
FB		 143#define WIN_STANDBY2 0x96
144#define WIN_SETIDLE2 0x97
145#define WIN_CHECKPOWERMODE2 0x98
146#define WIN_SLEEPNOW2 0x99
147/*
148 * 0x9A VENDOR
149 */
150#define WIN_PACKETCMD 0xA0 /* Send a packet command. */
151#define WIN_PIDENTIFY 0xA1 /* identify ATAPI device */
152#define WIN_QUEUED_SERVICE 0xA2
153#define WIN_SMART 0xB0 /* self-monitoring and reporting */
201a51fc
AZ		 154#define CFA_ACCESS_METADATA_STORAGE 0xB8
155#define CFA_ERASE_SECTORS 0xC0 /* microdrives implement as NOP */
5391d806
FB		 156#define WIN_MULTREAD 0xC4 /* read sectors using multiple mode*/
157#define WIN_MULTWRITE 0xC5 /* write sectors using multiple mode */
158#define WIN_SETMULT 0xC6 /* enable/disable multiple mode */
159#define WIN_READDMA_QUEUED 0xC7 /* read sectors using Queued DMA transfers */
160#define WIN_READDMA 0xC8 /* read sectors using DMA transfers */
161#define WIN_READDMA_ONCE 0xC9 /* 28-Bit - without retries */
162#define WIN_WRITEDMA 0xCA /* write sectors using DMA transfers */
163#define WIN_WRITEDMA_ONCE 0xCB /* 28-Bit - without retries */
164#define WIN_WRITEDMA_QUEUED 0xCC /* write sectors using Queued DMA transfers */
165#define CFA_WRITE_MULTI_WO_ERASE 0xCD /* CFA Write multiple without erase */
5fafdf24 166#define WIN_GETMEDIASTATUS 0xDA
5391d806
FB		 167#define WIN_ACKMEDIACHANGE 0xDB /* ATA-1, ATA-2 vendor */
168#define WIN_POSTBOOT 0xDC
169#define WIN_PREBOOT 0xDD
170#define WIN_DOORLOCK 0xDE /* lock door on removable drives */
171#define WIN_DOORUNLOCK 0xDF /* unlock door on removable drives */
172#define WIN_STANDBYNOW1 0xE0
173#define WIN_IDLEIMMEDIATE 0xE1 /* force drive to become "ready" */
174#define WIN_STANDBY 0xE2 /* Set device in Standby Mode */
175#define WIN_SETIDLE1 0xE3
176#define WIN_READ_BUFFER 0xE4 /* force read only 1 sector */
177#define WIN_CHECKPOWERMODE1 0xE5
178#define WIN_SLEEPNOW1 0xE6
179#define WIN_FLUSH_CACHE 0xE7
180#define WIN_WRITE_BUFFER 0xE8 /* force write only 1 sector */
181#define WIN_WRITE_SAME 0xE9 /* read ata-2 to use */
182 /* SET_FEATURES 0x22 or 0xDD */
183#define WIN_FLUSH_CACHE_EXT 0xEA /* 48-Bit */
184#define WIN_IDENTIFY 0xEC /* ask drive to identify itself */
185#define WIN_MEDIAEJECT 0xED
186#define WIN_IDENTIFY_DMA 0xEE /* same as WIN_IDENTIFY, but DMA */
187#define WIN_SETFEATURES 0xEF /* set special drive features */
188#define EXABYTE_ENABLE_NEST 0xF0
201a51fc 189#define IBM_SENSE_CONDITION 0xF0 /* measure disk temperature */
5391d806
FB		 190#define WIN_SECURITY_SET_PASS 0xF1
191#define WIN_SECURITY_UNLOCK 0xF2
192#define WIN_SECURITY_ERASE_PREPARE 0xF3
193#define WIN_SECURITY_ERASE_UNIT 0xF4
194#define WIN_SECURITY_FREEZE_LOCK 0xF5
201a51fc 195#define CFA_WEAR_LEVEL 0xF5 /* microdrives implement as NOP */
5391d806
FB		 196#define WIN_SECURITY_DISABLE 0xF6
197#define WIN_READ_NATIVE_MAX 0xF8 /* return the native maximum address */
198#define WIN_SET_MAX 0xF9
199#define DISABLE_SEAGATE 0xFB
200
201/* set to 1 set disable mult support */
f66723fa 202#define MAX_MULT_SECTORS 16
5391d806
FB		 203
204/* ATAPI defines */
205
206#define ATAPI_PACKET_SIZE 12
207
208/* The generic packet command opcodes for CD/DVD Logical Units,
209 * From Table 57 of the SFF8090 Ver. 3 (Mt. Fuji) draft standard. */
210#define GPCMD_BLANK 0xa1
211#define GPCMD_CLOSE_TRACK 0x5b
212#define GPCMD_FLUSH_CACHE 0x35
213#define GPCMD_FORMAT_UNIT 0x04
214#define GPCMD_GET_CONFIGURATION 0x46
215#define GPCMD_GET_EVENT_STATUS_NOTIFICATION 0x4a
216#define GPCMD_GET_PERFORMANCE 0xac
217#define GPCMD_INQUIRY 0x12
218#define GPCMD_LOAD_UNLOAD 0xa6
219#define GPCMD_MECHANISM_STATUS 0xbd
220#define GPCMD_MODE_SELECT_10 0x55
221#define GPCMD_MODE_SENSE_10 0x5a
222#define GPCMD_PAUSE_RESUME 0x4b
223#define GPCMD_PLAY_AUDIO_10 0x45
224#define GPCMD_PLAY_AUDIO_MSF 0x47
225#define GPCMD_PLAY_AUDIO_TI 0x48
226#define GPCMD_PLAY_CD 0xbc
227#define GPCMD_PREVENT_ALLOW_MEDIUM_REMOVAL 0x1e
228#define GPCMD_READ_10 0x28
229#define GPCMD_READ_12 0xa8
230#define GPCMD_READ_CDVD_CAPACITY 0x25
231#define GPCMD_READ_CD 0xbe
232#define GPCMD_READ_CD_MSF 0xb9
233#define GPCMD_READ_DISC_INFO 0x51
234#define GPCMD_READ_DVD_STRUCTURE 0xad
235#define GPCMD_READ_FORMAT_CAPACITIES 0x23
236#define GPCMD_READ_HEADER 0x44
237#define GPCMD_READ_TRACK_RZONE_INFO 0x52
238#define GPCMD_READ_SUBCHANNEL 0x42
239#define GPCMD_READ_TOC_PMA_ATIP 0x43
240#define GPCMD_REPAIR_RZONE_TRACK 0x58
241#define GPCMD_REPORT_KEY 0xa4
242#define GPCMD_REQUEST_SENSE 0x03
243#define GPCMD_RESERVE_RZONE_TRACK 0x53
244#define GPCMD_SCAN 0xba
245#define GPCMD_SEEK 0x2b
246#define GPCMD_SEND_DVD_STRUCTURE 0xad
247#define GPCMD_SEND_EVENT 0xa2
248#define GPCMD_SEND_KEY 0xa3
249#define GPCMD_SEND_OPC 0x54
250#define GPCMD_SET_READ_AHEAD 0xa7
251#define GPCMD_SET_STREAMING 0xb6
252#define GPCMD_START_STOP_UNIT 0x1b
253#define GPCMD_STOP_PLAY_SCAN 0x4e
254#define GPCMD_TEST_UNIT_READY 0x00
255#define GPCMD_VERIFY_10 0x2f
256#define GPCMD_WRITE_10 0x2a
257#define GPCMD_WRITE_AND_VERIFY_10 0x2e
5fafdf24 258/* This is listed as optional in ATAPI 2.6, but is (curiously)
5391d806
FB		 259 * missing from Mt. Fuji, Table 57. It _is_ mentioned in Mt. Fuji
260 * Table 377 as an MMC command for SCSi devices though... Most ATAPI
261 * drives support it. */
262#define GPCMD_SET_SPEED 0xbb
5fafdf24 263/* This seems to be a SCSI specific CD-ROM opcode
5391d806
FB		 264 * to play data at track/index */
265#define GPCMD_PLAYAUDIO_TI 0x48
266/*
267 * From MS Media Status Notification Support Specification. For
268 * older drives only.
269 */
270#define GPCMD_GET_MEDIA_STATUS 0xda
d14049ea 271#define GPCMD_MODE_SENSE_6 0x1a
5391d806
FB		 272
273/* Mode page codes for mode sense/set */
274#define GPMODE_R_W_ERROR_PAGE 0x01
275#define GPMODE_WRITE_PARMS_PAGE 0x05
276#define GPMODE_AUDIO_CTL_PAGE 0x0e
277#define GPMODE_POWER_PAGE 0x1a
278#define GPMODE_FAULT_FAIL_PAGE 0x1c
279#define GPMODE_TO_PROTECT_PAGE 0x1d
280#define GPMODE_CAPABILITIES_PAGE 0x2a
281#define GPMODE_ALL_PAGES 0x3f
282/* Not in Mt. Fuji, but in ATAPI 2.6 -- depricated now in favor
283 * of MODE_SENSE_POWER_PAGE */
284#define GPMODE_CDROM_PAGE 0x0d
285
286#define ATAPI_INT_REASON_CD 0x01 /* 0 = data transfer */
287#define ATAPI_INT_REASON_IO 0x02 /* 1 = transfer to the host */
288#define ATAPI_INT_REASON_REL 0x04
289#define ATAPI_INT_REASON_TAG 0xf8
290
291/* same constants as bochs */
7f777bf3 292#define ASC_ILLEGAL_OPCODE 0x20
5391d806
FB		 293#define ASC_LOGICAL_BLOCK_OOR 0x21
294#define ASC_INV_FIELD_IN_CMD_PACKET 0x24
295#define ASC_MEDIUM_NOT_PRESENT 0x3a
296#define ASC_SAVING_PARAMETERS_NOT_SUPPORTED 0x39
297
201a51fc
AZ		 298#define CFA_NO_ERROR 0x00
299#define CFA_MISC_ERROR 0x09
300#define CFA_INVALID_COMMAND 0x20
301#define CFA_INVALID_ADDRESS 0x21
302#define CFA_ADDRESS_OVERFLOW 0x2f
303
5391d806
FB		 304#define SENSE_NONE 0
305#define SENSE_NOT_READY 2
306#define SENSE_ILLEGAL_REQUEST 5
307#define SENSE_UNIT_ATTENTION 6
308
309struct IDEState;
310
311typedef void EndTransferFunc(struct IDEState *);
312
caed8802 313/* NOTE: IDEState represents in fact one drive */
5391d806
FB		 314typedef struct IDEState {
315 /* ide config */
316 int is_cdrom;
201a51fc 317 int is_cf;
5391d806
FB		 318 int cylinders, heads, sectors;
319 int64_t nb_sectors;
320 int mult_sectors;
94458802
FB		 321 int identify_set;
322 uint16_t identify_data[256];
d537cf6c 323 qemu_irq irq;
34e538ae 324 PCIDevice *pci_dev;
98087450 325 struct BMDMAState *bmdma;
aedf5382 326 int drive_serial;
5391d806
FB		 327 /* ide regs */
328 uint8_t feature;
329 uint8_t error;
c2ff060f 330 uint32_t nsector;
5391d806
FB		 331 uint8_t sector;
332 uint8_t lcyl;
333 uint8_t hcyl;
c2ff060f
FB		 334 /* other part of tf for lba48 support */
335 uint8_t hob_feature;
336 uint8_t hob_nsector;
337 uint8_t hob_sector;
338 uint8_t hob_lcyl;
339 uint8_t hob_hcyl;
340
5391d806
FB		 341 uint8_t select;
342 uint8_t status;
c2ff060f 343
5391d806
FB		 344 /* 0x3f6 command, only meaningful for drive 0 */
345 uint8_t cmd;
c2ff060f
FB		 346 /* set for lba48 access */
347 uint8_t lba48;
5391d806 348 /* depends on bit 4 in select, only meaningful for drive 0 */
5fafdf24 349 struct IDEState *cur_drive;
5391d806
FB		 350 BlockDriverState *bs;
351 /* ATAPI specific */
352 uint8_t sense_key;
353 uint8_t asc;
354 int packet_transfer_size;
355 int elementary_transfer_size;
356 int io_buffer_index;
357 int lba;
98087450
FB		 358 int cd_sector_size;
359 int atapi_dma; /* true if dma is requested for the packet cmd */
360 /* ATA DMA state */
361 int io_buffer_size;
362 /* PIO transfer handling */
5391d806
FB		 363 int req_nb_sectors; /* number of sectors per interrupt */
364 EndTransferFunc *end_transfer_func;
365 uint8_t *data_ptr;
366 uint8_t *data_end;
367 uint8_t io_buffer[MAX_MULT_SECTORS*512 + 4];
31c2a146 368 QEMUTimer *sector_write_timer; /* only used for win2k install hack */
e774a278 369 uint32_t irq_count; /* counts IRQs when using win2k install hack */
201a51fc
AZ		 370 /* CF-ATA extended error */
371 uint8_t ext_error;
372 /* CF-ATA metadata storage */
373 uint32_t mdata_size;
374 uint8_t *mdata_storage;
375 int media_changed;
5391d806
FB		 376} IDEState;
377
98087450
FB		 378#define BM_STATUS_DMAING 0x01
379#define BM_STATUS_ERROR 0x02
380#define BM_STATUS_INT 0x04
381
382#define BM_CMD_START 0x01
383#define BM_CMD_READ 0x08
384
5457c8ce
FB		 385#define IDE_TYPE_PIIX3 0
386#define IDE_TYPE_CMD646 1
afcc3cdf 387#define IDE_TYPE_PIIX4 2
5457c8ce
FB		 388
389/* CMD646 specific */
390#define MRDMODE 0x71
391#define MRDMODE_INTR_CH0 0x04
392#define MRDMODE_INTR_CH1 0x08
393#define MRDMODE_BLK_CH0 0x10
394#define MRDMODE_BLK_CH1 0x20
395#define UDIDETCR0 0x73
396#define UDIDETCR1 0x7B
397
98087450
FB		 398typedef struct BMDMAState {
399 uint8_t cmd;
400 uint8_t status;
401 uint32_t addr;
3b46e624 402
5457c8ce 403 struct PCIIDEState *pci_dev;
98087450 404 /* current transfer state */
8ccad811
FB		 405 uint32_t cur_addr;
406 uint32_t cur_prd_last;
407 uint32_t cur_prd_addr;
408 uint32_t cur_prd_len;
98087450 409 IDEState *ide_if;
8ccad811
FB		 410 BlockDriverCompletionFunc *dma_cb;
411 BlockDriverAIOCB *aiocb;
98087450
FB		 412} BMDMAState;
413
414typedef struct PCIIDEState {
415 PCIDevice dev;
416 IDEState ide_if[4];
417 BMDMAState bmdma[2];
5457c8ce 418 int type; /* see IDE_TYPE_xxx */
98087450
FB		 419} PCIIDEState;
420
8ccad811 421static void ide_dma_start(IDEState *s, BlockDriverCompletionFunc *dma_cb);
5f12ab4b 422static void ide_atapi_cmd_read_dma_cb(void *opaque, int ret);
98087450 423
5391d806
FB		 424static void padstr(char *str, const char *src, int len)
425{
426 int i, v;
427 for(i = 0; i < len; i++) {
428 if (*src)
429 v = *src++;
430 else
431 v = ' ';
432 *(char *)((long)str ^ 1) = v;
433 str++;
434 }
435}
436
bd0d90b2
FB		 437static void padstr8(uint8_t *buf, int buf_size, const char *src)
438{
439 int i;
440 for(i = 0; i < buf_size; i++) {
441 if (*src)
442 buf[i] = *src++;
443 else
444 buf[i] = ' ';
445 }
446}
447
67b915a5
FB		 448static void put_le16(uint16_t *p, unsigned int v)
449{
0c4ad8dc 450 *p = cpu_to_le16(v);
67b915a5
FB		 451}
452
5391d806
FB		 453static void ide_identify(IDEState *s)
454{
455 uint16_t *p;
456 unsigned int oldsize;
aedf5382 457 char buf[20];
5391d806 458
94458802
FB		 459 if (s->identify_set) {
460 memcpy(s->io_buffer, s->identify_data, sizeof(s->identify_data));
461 return;
462 }
463
5391d806
FB		 464 memset(s->io_buffer, 0, 512);
465 p = (uint16_t *)s->io_buffer;
67b915a5 466 put_le16(p + 0, 0x0040);
5fafdf24 467 put_le16(p + 1, s->cylinders);
67b915a5
FB		 468 put_le16(p + 3, s->heads);
469 put_le16(p + 4, 512 * s->sectors); /* XXX: retired, remove ? */
470 put_le16(p + 5, 512); /* XXX: retired, remove ? */
5fafdf24 471 put_le16(p + 6, s->sectors);
aedf5382
FB		 472 snprintf(buf, sizeof(buf), "QM%05d", s->drive_serial);
473 padstr((uint8_t *)(p + 10), buf, 20); /* serial number */
67b915a5
FB		 474 put_le16(p + 20, 3); /* XXX: retired, remove ? */
475 put_le16(p + 21, 512); /* cache size in sectors */
476 put_le16(p + 22, 4); /* ecc bytes */
5391d806
FB		 477 padstr((uint8_t *)(p + 23), QEMU_VERSION, 8); /* firmware version */
478 padstr((uint8_t *)(p + 27), "QEMU HARDDISK", 40); /* model */
3b46e624 479#if MAX_MULT_SECTORS > 1
67b915a5 480 put_le16(p + 47, 0x8000 | MAX_MULT_SECTORS);
5391d806 481#endif
67b915a5 482 put_le16(p + 48, 1); /* dword I/O */
94458802 483 put_le16(p + 49, (1 << 11) | (1 << 9) | (1 << 8)); /* DMA and LBA supported */
67b915a5
FB		 484 put_le16(p + 51, 0x200); /* PIO transfer cycle */
485 put_le16(p + 52, 0x200); /* DMA transfer cycle */
94458802 486 put_le16(p + 53, 1 | (1 << 1) | (1 << 2)); /* words 54-58,64-70,88 are valid */
67b915a5
FB		 487 put_le16(p + 54, s->cylinders);
488 put_le16(p + 55, s->heads);
489 put_le16(p + 56, s->sectors);
5391d806 490 oldsize = s->cylinders * s->heads * s->sectors;
67b915a5
FB		 491 put_le16(p + 57, oldsize);
492 put_le16(p + 58, oldsize >> 16);
5391d806 493 if (s->mult_sectors)
67b915a5
FB		 494 put_le16(p + 59, 0x100 | s->mult_sectors);
495 put_le16(p + 60, s->nb_sectors);
496 put_le16(p + 61, s->nb_sectors >> 16);
94458802
FB		 497 put_le16(p + 63, 0x07); /* mdma0-2 supported */
498 put_le16(p + 65, 120);
499 put_le16(p + 66, 120);
500 put_le16(p + 67, 120);
501 put_le16(p + 68, 120);
502 put_le16(p + 80, 0xf0); /* ata3 -> ata6 supported */
503 put_le16(p + 81, 0x16); /* conforms to ata5 */
67b915a5 504 put_le16(p + 82, (1 << 14));
c2ff060f
FB		 505 /* 13=flush_cache_ext,12=flush_cache,10=lba48 */
506 put_le16(p + 83, (1 << 14) | (1 << 13) | (1 <<12) | (1 << 10));
67b915a5
FB		 507 put_le16(p + 84, (1 << 14));
508 put_le16(p + 85, (1 << 14));
c2ff060f
FB		 509 /* 13=flush_cache_ext,12=flush_cache,10=lba48 */
510 put_le16(p + 86, (1 << 14) | (1 << 13) | (1 <<12) | (1 << 10));
67b915a5 511 put_le16(p + 87, (1 << 14));
94458802
FB		 512 put_le16(p + 88, 0x3f | (1 << 13)); /* udma5 set and supported */
513 put_le16(p + 93, 1 | (1 << 14) | 0x2000);
c2ff060f
FB		 514 put_le16(p + 100, s->nb_sectors);
515 put_le16(p + 101, s->nb_sectors >> 16);
516 put_le16(p + 102, s->nb_sectors >> 32);
517 put_le16(p + 103, s->nb_sectors >> 48);
94458802
FB		 518
519 memcpy(s->identify_data, p, sizeof(s->identify_data));
520 s->identify_set = 1;
5391d806
FB		 521}
522
523static void ide_atapi_identify(IDEState *s)
524{
525 uint16_t *p;
aedf5382 526 char buf[20];
5391d806 527
94458802
FB		 528 if (s->identify_set) {
529 memcpy(s->io_buffer, s->identify_data, sizeof(s->identify_data));
530 return;
531 }
532
5391d806
FB		 533 memset(s->io_buffer, 0, 512);
534 p = (uint16_t *)s->io_buffer;
535 /* Removable CDROM, 50us response, 12 byte packets */
67b915a5 536 put_le16(p + 0, (2 << 14) | (5 << 8) | (1 << 7) | (2 << 5) | (0 << 0));
aedf5382
FB		 537 snprintf(buf, sizeof(buf), "QM%05d", s->drive_serial);
538 padstr((uint8_t *)(p + 10), buf, 20); /* serial number */
67b915a5
FB		 539 put_le16(p + 20, 3); /* buffer type */
540 put_le16(p + 21, 512); /* cache size in sectors */
541 put_le16(p + 22, 4); /* ecc bytes */
5391d806
FB		 542 padstr((uint8_t *)(p + 23), QEMU_VERSION, 8); /* firmware version */
543 padstr((uint8_t *)(p + 27), "QEMU CD-ROM", 40); /* model */
67b915a5 544 put_le16(p + 48, 1); /* dword I/O (XXX: should not be set on CDROM) */
8ccad811
FB		 545#ifdef USE_DMA_CDROM
546 put_le16(p + 49, 1 << 9 | 1 << 8); /* DMA and LBA supported */
547 put_le16(p + 53, 7); /* words 64-70, 54-58, 88 valid */
548 put_le16(p + 63, 7); /* mdma0-2 supported */
549 put_le16(p + 64, 0x3f); /* PIO modes supported */
550#else
67b915a5
FB		 551 put_le16(p + 49, 1 << 9); /* LBA supported, no DMA */
552 put_le16(p + 53, 3); /* words 64-70, 54-58 valid */
553 put_le16(p + 63, 0x103); /* DMA modes XXX: may be incorrect */
554 put_le16(p + 64, 1); /* PIO modes */
8ccad811 555#endif
67b915a5
FB		 556 put_le16(p + 65, 0xb4); /* minimum DMA multiword tx cycle time */
557 put_le16(p + 66, 0xb4); /* recommended DMA multiword tx cycle time */
558 put_le16(p + 67, 0x12c); /* minimum PIO cycle time without flow control */
559 put_le16(p + 68, 0xb4); /* minimum PIO cycle time with IORDY flow control */
94458802 560
67b915a5
FB		 561 put_le16(p + 71, 30); /* in ns */
562 put_le16(p + 72, 30); /* in ns */
5391d806 563
67b915a5 564 put_le16(p + 80, 0x1e); /* support up to ATA/ATAPI-4 */
8ccad811
FB		 565#ifdef USE_DMA_CDROM
566 put_le16(p + 88, 0x3f | (1 << 13)); /* udma5 set and supported */
567#endif
94458802
FB		 568 memcpy(s->identify_data, p, sizeof(s->identify_data));
569 s->identify_set = 1;
5391d806
FB		 570}
571
201a51fc
AZ		 572static void ide_cfata_identify(IDEState *s)
573{
574 uint16_t *p;
575 uint32_t cur_sec;
576 char buf[20];
577
578 p = (uint16_t *) s->identify_data;
579 if (s->identify_set)
580 goto fill_buffer;
581
582 memset(p, 0, sizeof(s->identify_data));
583
584 cur_sec = s->cylinders * s->heads * s->sectors;
585
586 put_le16(p + 0, 0x848a); /* CF Storage Card signature */
587 put_le16(p + 1, s->cylinders); /* Default cylinders */
588 put_le16(p + 3, s->heads); /* Default heads */
589 put_le16(p + 6, s->sectors); /* Default sectors per track */
590 put_le16(p + 7, s->nb_sectors >> 16); /* Sectors per card */
591 put_le16(p + 8, s->nb_sectors); /* Sectors per card */
592 snprintf(buf, sizeof(buf), "QM%05d", s->drive_serial);
593 padstr((uint8_t *)(p + 10), buf, 20); /* Serial number in ASCII */
594 put_le16(p + 22, 0x0004); /* ECC bytes */
595 padstr((uint8_t *) (p + 23), QEMU_VERSION, 8); /* Firmware Revision */
596 padstr((uint8_t *) (p + 27), "QEMU MICRODRIVE", 40);/* Model number */
597#if MAX_MULT_SECTORS > 1
598 put_le16(p + 47, 0x8000 | MAX_MULT_SECTORS);
599#else
600 put_le16(p + 47, 0x0000);
601#endif
602 put_le16(p + 49, 0x0f00); /* Capabilities */
603 put_le16(p + 51, 0x0002); /* PIO cycle timing mode */
604 put_le16(p + 52, 0x0001); /* DMA cycle timing mode */
605 put_le16(p + 53, 0x0003); /* Translation params valid */
606 put_le16(p + 54, s->cylinders); /* Current cylinders */
607 put_le16(p + 55, s->heads); /* Current heads */
608 put_le16(p + 56, s->sectors); /* Current sectors */
609 put_le16(p + 57, cur_sec); /* Current capacity */
610 put_le16(p + 58, cur_sec >> 16); /* Current capacity */
611 if (s->mult_sectors) /* Multiple sector setting */
612 put_le16(p + 59, 0x100 | s->mult_sectors);
613 put_le16(p + 60, s->nb_sectors); /* Total LBA sectors */
614 put_le16(p + 61, s->nb_sectors >> 16); /* Total LBA sectors */
615 put_le16(p + 63, 0x0203); /* Multiword DMA capability */
616 put_le16(p + 64, 0x0001); /* Flow Control PIO support */
617 put_le16(p + 65, 0x0096); /* Min. Multiword DMA cycle */
618 put_le16(p + 66, 0x0096); /* Rec. Multiword DMA cycle */
619 put_le16(p + 68, 0x00b4); /* Min. PIO cycle time */
620 put_le16(p + 82, 0x400c); /* Command Set supported */
621 put_le16(p + 83, 0x7068); /* Command Set supported */
622 put_le16(p + 84, 0x4000); /* Features supported */
623 put_le16(p + 85, 0x000c); /* Command Set enabled */
624 put_le16(p + 86, 0x7044); /* Command Set enabled */
625 put_le16(p + 87, 0x4000); /* Features enabled */
626 put_le16(p + 91, 0x4060); /* Current APM level */
627 put_le16(p + 129, 0x0002); /* Current features option */
628 put_le16(p + 130, 0x0005); /* Reassigned sectors */
629 put_le16(p + 131, 0x0001); /* Initial power mode */
630 put_le16(p + 132, 0x0000); /* User signature */
631 put_le16(p + 160, 0x8100); /* Power requirement */
632 put_le16(p + 161, 0x8001); /* CF command set */
633
634 s->identify_set = 1;
635
636fill_buffer:
637 memcpy(s->io_buffer, p, sizeof(s->identify_data));
638}
639
5391d806
FB		 640static void ide_set_signature(IDEState *s)
641{
642 s->select &= 0xf0; /* clear head */
643 /* put signature */
644 s->nsector = 1;
645 s->sector = 1;
646 if (s->is_cdrom) {
647 s->lcyl = 0x14;
648 s->hcyl = 0xeb;
649 } else if (s->bs) {
650 s->lcyl = 0;
651 s->hcyl = 0;
652 } else {
653 s->lcyl = 0xff;
654 s->hcyl = 0xff;
655 }
656}
657
658static inline void ide_abort_command(IDEState *s)
659{
660 s->status = READY_STAT | ERR_STAT;
661 s->error = ABRT_ERR;
662}
663
664static inline void ide_set_irq(IDEState *s)
665{
98ff7d30 666 BMDMAState *bm = s->bmdma;
5391d806 667 if (!(s->cmd & IDE_CMD_DISABLE_IRQ)) {
5457c8ce 668 if (bm) {
98ff7d30 669 bm->status |= BM_STATUS_INT;
5457c8ce 670 }
d537cf6c 671 qemu_irq_raise(s->irq);
5391d806
FB		 672 }
673}
674
675/* prepare data transfer and tell what to do after */
5fafdf24 676static void ide_transfer_start(IDEState *s, uint8_t *buf, int size,
5391d806
FB		 677 EndTransferFunc *end_transfer_func)
678{
679 s->end_transfer_func = end_transfer_func;
680 s->data_ptr = buf;
681 s->data_end = buf + size;
7603d156
TS		 682 if (!(s->status & ERR_STAT))
683 s->status |= DRQ_STAT;
5391d806
FB		 684}
685
686static void ide_transfer_stop(IDEState *s)
687{
688 s->end_transfer_func = ide_transfer_stop;
689 s->data_ptr = s->io_buffer;
690 s->data_end = s->io_buffer;
691 s->status &= ~DRQ_STAT;
692}
693
694static int64_t ide_get_sector(IDEState *s)
695{
696 int64_t sector_num;
697 if (s->select & 0x40) {
698 /* lba */
c2ff060f
FB		 699 if (!s->lba48) {
700 sector_num = ((s->select & 0x0f) << 24) | (s->hcyl << 16) |
701 (s->lcyl << 8) | s->sector;
702 } else {
703 sector_num = ((int64_t)s->hob_hcyl << 40) |
704 ((int64_t) s->hob_lcyl << 32) |
705 ((int64_t) s->hob_sector << 24) |
706 ((int64_t) s->hcyl << 16) |
707 ((int64_t) s->lcyl << 8) | s->sector;
708 }
5391d806
FB		 709 } else {
710 sector_num = ((s->hcyl << 8) | s->lcyl) * s->heads * s->sectors +
c2ff060f 711 (s->select & 0x0f) * s->sectors + (s->sector - 1);
5391d806
FB		 712 }
713 return sector_num;
714}
715
716static void ide_set_sector(IDEState *s, int64_t sector_num)
717{
718 unsigned int cyl, r;
719 if (s->select & 0x40) {
c2ff060f
FB		 720 if (!s->lba48) {
721 s->select = (s->select & 0xf0) | (sector_num >> 24);
722 s->hcyl = (sector_num >> 16);
723 s->lcyl = (sector_num >> 8);
724 s->sector = (sector_num);
725 } else {
726 s->sector = sector_num;
727 s->lcyl = sector_num >> 8;
728 s->hcyl = sector_num >> 16;
729 s->hob_sector = sector_num >> 24;
730 s->hob_lcyl = sector_num >> 32;
731 s->hob_hcyl = sector_num >> 40;
732 }
5391d806
FB		 733 } else {
734 cyl = sector_num / (s->heads * s->sectors);
735 r = sector_num % (s->heads * s->sectors);
736 s->hcyl = cyl >> 8;
737 s->lcyl = cyl;
1b8eb456 738 s->select = (s->select & 0xf0) | ((r / s->sectors) & 0x0f);
5391d806
FB		 739 s->sector = (r % s->sectors) + 1;
740 }
741}
742
743static void ide_sector_read(IDEState *s)
744{
745 int64_t sector_num;
746 int ret, n;
747
748 s->status = READY_STAT | SEEK_STAT;
a136e5a8 749 s->error = 0; /* not needed by IDE spec, but needed by Windows */
5391d806
FB		 750 sector_num = ide_get_sector(s);
751 n = s->nsector;
752 if (n == 0) {
753 /* no more sector to read from disk */
754 ide_transfer_stop(s);
755 } else {
756#if defined(DEBUG_IDE)
757 printf("read sector=%Ld\n", sector_num);
758#endif
759 if (n > s->req_nb_sectors)
760 n = s->req_nb_sectors;
761 ret = bdrv_read(s->bs, sector_num, s->io_buffer, n);
762 ide_transfer_start(s, s->io_buffer, 512 * n, ide_sector_read);
763 ide_set_irq(s);
764 ide_set_sector(s, sector_num + n);
765 s->nsector -= n;
766 }
767}
768
8ccad811
FB		 769/* return 0 if buffer completed */
770static int dma_buf_rw(BMDMAState *bm, int is_write)
98087450 771{
8ccad811
FB		 772 IDEState *s = bm->ide_if;
773 struct {
774 uint32_t addr;
775 uint32_t size;
776 } prd;
777 int l, len;
98087450 778
8ccad811
FB		 779 for(;;) {
780 l = s->io_buffer_size - s->io_buffer_index;
5fafdf24 781 if (l <= 0)
8ccad811
FB		 782 break;
783 if (bm->cur_prd_len == 0) {
784 /* end of table (with a fail safe of one page) */
785 if (bm->cur_prd_last ||
786 (bm->cur_addr - bm->addr) >= 4096)
787 return 0;
788 cpu_physical_memory_read(bm->cur_addr, (uint8_t *)&prd, 8);
789 bm->cur_addr += 8;
790 prd.addr = le32_to_cpu(prd.addr);
791 prd.size = le32_to_cpu(prd.size);
792 len = prd.size & 0xfffe;
793 if (len == 0)
794 len = 0x10000;
795 bm->cur_prd_len = len;
796 bm->cur_prd_addr = prd.addr;
797 bm->cur_prd_last = (prd.size & 0x80000000);
798 }
799 if (l > bm->cur_prd_len)
800 l = bm->cur_prd_len;
801 if (l > 0) {
802 if (is_write) {
5fafdf24 803 cpu_physical_memory_write(bm->cur_prd_addr,
8ccad811
FB		 804 s->io_buffer + s->io_buffer_index, l);
805 } else {
5fafdf24 806 cpu_physical_memory_read(bm->cur_prd_addr,
8ccad811
FB		 807 s->io_buffer + s->io_buffer_index, l);
808 }
809 bm->cur_prd_addr += l;
810 bm->cur_prd_len -= l;
811 s->io_buffer_index += l;
98087450 812 }
98087450 813 }
8ccad811
FB		 814 return 1;
815}
816
817/* XXX: handle errors */
818static void ide_read_dma_cb(void *opaque, int ret)
819{
820 BMDMAState *bm = opaque;
821 IDEState *s = bm->ide_if;
822 int n;
823 int64_t sector_num;
824
825 n = s->io_buffer_size >> 9;
826 sector_num = ide_get_sector(s);
827 if (n > 0) {
828 sector_num += n;
829 ide_set_sector(s, sector_num);
830 s->nsector -= n;
831 if (dma_buf_rw(bm, 1) == 0)
832 goto eot;
833 }
834
835 /* end of transfer ? */
836 if (s->nsector == 0) {
98087450
FB		 837 s->status = READY_STAT | SEEK_STAT;
838 ide_set_irq(s);
8ccad811
FB		 839 eot:
840 bm->status &= ~BM_STATUS_DMAING;
841 bm->status |= BM_STATUS_INT;
842 bm->dma_cb = NULL;
843 bm->ide_if = NULL;
844 bm->aiocb = NULL;
845 return;
98087450 846 }
8ccad811
FB		 847
848 /* launch next transfer */
849 n = s->nsector;
850 if (n > MAX_MULT_SECTORS)
851 n = MAX_MULT_SECTORS;
852 s->io_buffer_index = 0;
853 s->io_buffer_size = n * 512;
854#ifdef DEBUG_AIO
855 printf("aio_read: sector_num=%lld n=%d\n", sector_num, n);
856#endif
5fafdf24 857 bm->aiocb = bdrv_aio_read(s->bs, sector_num, s->io_buffer, n,
8ccad811 858 ide_read_dma_cb, bm);
98087450
FB		 859}
860
861static void ide_sector_read_dma(IDEState *s)
862{
8ccad811 863 s->status = READY_STAT | SEEK_STAT | DRQ_STAT | BUSY_STAT;
98087450
FB		 864 s->io_buffer_index = 0;
865 s->io_buffer_size = 0;
866 ide_dma_start(s, ide_read_dma_cb);
867}
868
a09db21f
FB		 869static void ide_sector_write_timer_cb(void *opaque)
870{
871 IDEState *s = opaque;
872 ide_set_irq(s);
873}
874
5391d806
FB		 875static void ide_sector_write(IDEState *s)
876{
877 int64_t sector_num;
31c2a146 878 int ret, n, n1;
5391d806
FB		 879
880 s->status = READY_STAT | SEEK_STAT;
881 sector_num = ide_get_sector(s);
882#if defined(DEBUG_IDE)
883 printf("write sector=%Ld\n", sector_num);
884#endif
885 n = s->nsector;
886 if (n > s->req_nb_sectors)
887 n = s->req_nb_sectors;
31c2a146 888 ret = bdrv_write(s->bs, sector_num, s->io_buffer, n);
5391d806
FB		 889 s->nsector -= n;
890 if (s->nsector == 0) {
292eef5a 891 /* no more sectors to write */
5391d806
FB		 892 ide_transfer_stop(s);
893 } else {
894 n1 = s->nsector;
895 if (n1 > s->req_nb_sectors)
896 n1 = s->req_nb_sectors;
897 ide_transfer_start(s, s->io_buffer, 512 * n1, ide_sector_write);
898 }
899 ide_set_sector(s, sector_num + n);
3b46e624 900
31c2a146
TS		 901#ifdef TARGET_I386
902 if (win2k_install_hack && ((++s->irq_count % 16) == 0)) {
903 /* It seems there is a bug in the Windows 2000 installer HDD
904 IDE driver which fills the disk with empty logs when the
905 IDE write IRQ comes too early. This hack tries to correct
906 that at the expense of slower write performances. Use this
907 option _only_ to install Windows 2000. You must disable it
908 for normal use. */
909 qemu_mod_timer(s->sector_write_timer,
910 qemu_get_clock(vm_clock) + (ticks_per_sec / 1000));
911 } else
912#endif
913 {
914 ide_set_irq(s);
915 }
5391d806
FB		 916}
917
8ccad811
FB		 918/* XXX: handle errors */
919static void ide_write_dma_cb(void *opaque, int ret)
98087450 920{
8ccad811
FB		 921 BMDMAState *bm = opaque;
922 IDEState *s = bm->ide_if;
923 int n;
98087450
FB		 924 int64_t sector_num;
925
8ccad811
FB		 926 n = s->io_buffer_size >> 9;
927 sector_num = ide_get_sector(s);
928 if (n > 0) {
929 sector_num += n;
930 ide_set_sector(s, sector_num);
931 s->nsector -= n;
98087450 932 }
98087450 933
8ccad811
FB		 934 /* end of transfer ? */
935 if (s->nsector == 0) {
936 s->status = READY_STAT | SEEK_STAT;
937 ide_set_irq(s);
938 eot:
939 bm->status &= ~BM_STATUS_DMAING;
940 bm->status |= BM_STATUS_INT;
941 bm->dma_cb = NULL;
942 bm->ide_if = NULL;
943 bm->aiocb = NULL;
944 return;
945 }
946
947 /* launch next transfer */
98087450
FB		 948 n = s->nsector;
949 if (n > MAX_MULT_SECTORS)
950 n = MAX_MULT_SECTORS;
951 s->io_buffer_index = 0;
952 s->io_buffer_size = n * 512;
8ccad811
FB		 953
954 if (dma_buf_rw(bm, 0) == 0)
955 goto eot;
956#ifdef DEBUG_AIO
957 printf("aio_write: sector_num=%lld n=%d\n", sector_num, n);
958#endif
5fafdf24 959 bm->aiocb = bdrv_aio_write(s->bs, sector_num, s->io_buffer, n,
8ccad811
FB		 960 ide_write_dma_cb, bm);
961}
962
963static void ide_sector_write_dma(IDEState *s)
964{
965 s->status = READY_STAT | SEEK_STAT | DRQ_STAT | BUSY_STAT;
966 s->io_buffer_index = 0;
967 s->io_buffer_size = 0;
98087450
FB		 968 ide_dma_start(s, ide_write_dma_cb);
969}
970
5391d806
FB		 971static void ide_atapi_cmd_ok(IDEState *s)
972{
973 s->error = 0;
974 s->status = READY_STAT;
975 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
976 ide_set_irq(s);
977}
978
979static void ide_atapi_cmd_error(IDEState *s, int sense_key, int asc)
980{
981#ifdef DEBUG_IDE_ATAPI
982 printf("atapi_cmd_error: sense=0x%x asc=0x%x\n", sense_key, asc);
983#endif
984 s->error = sense_key << 4;
985 s->status = READY_STAT | ERR_STAT;
986 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
987 s->sense_key = sense_key;
988 s->asc = asc;
989 ide_set_irq(s);
990}
991
992static inline void cpu_to_ube16(uint8_t *buf, int val)
993{
994 buf[0] = val >> 8;
995 buf[1] = val;
996}
997
998static inline void cpu_to_ube32(uint8_t *buf, unsigned int val)
999{
1000 buf[0] = val >> 24;
1001 buf[1] = val >> 16;
1002 buf[2] = val >> 8;
1003 buf[3] = val;
1004}
1005
1006static inline int ube16_to_cpu(const uint8_t *buf)
1007{
1008 return (buf[0] << 8) | buf[1];
1009}
1010
1011static inline int ube32_to_cpu(const uint8_t *buf)
1012{
1013 return (buf[0] << 24) | (buf[1] << 16) | (buf[2] << 8) | buf[3];
1014}
1015
98087450
FB		 1016static void lba_to_msf(uint8_t *buf, int lba)
1017{
1018 lba += 150;
1019 buf[0] = (lba / 75) / 60;
1020 buf[1] = (lba / 75) % 60;
1021 buf[2] = lba % 75;
1022}
1023
8ccad811
FB		 1024static void cd_data_to_raw(uint8_t *buf, int lba)
1025{
1026 /* sync bytes */
1027 buf[0] = 0x00;
1028 memset(buf + 1, 0xff, 10);
1029 buf[11] = 0x00;
1030 buf += 12;
1031 /* MSF */
1032 lba_to_msf(buf, lba);
1033 buf[3] = 0x01; /* mode 1 data */
1034 buf += 4;
1035 /* data */
1036 buf += 2048;
1037 /* XXX: ECC not computed */
1038 memset(buf, 0, 288);
1039}
1040
5fafdf24 1041static int cd_read_sector(BlockDriverState *bs, int lba, uint8_t *buf,
98087450
FB		 1042 int sector_size)
1043{
66c6ef76
FB		 1044 int ret;
1045
98087450
FB		 1046 switch(sector_size) {
1047 case 2048:
66c6ef76 1048 ret = bdrv_read(bs, (int64_t)lba << 2, buf, 4);
98087450
FB		 1049 break;
1050 case 2352:
66c6ef76
FB		 1051 ret = bdrv_read(bs, (int64_t)lba << 2, buf + 16, 4);
1052 if (ret < 0)
1053 return ret;
8ccad811 1054 cd_data_to_raw(buf, lba);
98087450
FB		 1055 break;
1056 default:
66c6ef76 1057 ret = -EIO;
98087450
FB		 1058 break;
1059 }
66c6ef76
FB		 1060 return ret;
1061}
1062
1063static void ide_atapi_io_error(IDEState *s, int ret)
1064{
1065 /* XXX: handle more errors */
1066 if (ret == -ENOMEDIUM) {
5fafdf24 1067 ide_atapi_cmd_error(s, SENSE_NOT_READY,
66c6ef76
FB		 1068 ASC_MEDIUM_NOT_PRESENT);
1069 } else {
5fafdf24 1070 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
66c6ef76
FB		 1071 ASC_LOGICAL_BLOCK_OOR);
1072 }
98087450
FB		 1073}
1074
5391d806
FB		 1075/* The whole ATAPI transfer logic is handled in this function */
1076static void ide_atapi_cmd_reply_end(IDEState *s)
1077{
66c6ef76 1078 int byte_count_limit, size, ret;
5391d806 1079#ifdef DEBUG_IDE_ATAPI
5fafdf24 1080 printf("reply: tx_size=%d elem_tx_size=%d index=%d\n",
5391d806
FB		 1081 s->packet_transfer_size,
1082 s->elementary_transfer_size,
1083 s->io_buffer_index);
1084#endif
1085 if (s->packet_transfer_size <= 0) {
1086 /* end of transfer */
1087 ide_transfer_stop(s);
1088 s->status = READY_STAT;
1089 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
1090 ide_set_irq(s);
1091#ifdef DEBUG_IDE_ATAPI
1092 printf("status=0x%x\n", s->status);
1093#endif
1094 } else {
1095 /* see if a new sector must be read */
98087450 1096 if (s->lba != -1 && s->io_buffer_index >= s->cd_sector_size) {
66c6ef76
FB		 1097 ret = cd_read_sector(s->bs, s->lba, s->io_buffer, s->cd_sector_size);
1098 if (ret < 0) {
1099 ide_transfer_stop(s);
1100 ide_atapi_io_error(s, ret);
1101 return;
1102 }
5391d806
FB		 1103 s->lba++;
1104 s->io_buffer_index = 0;
1105 }
1106 if (s->elementary_transfer_size > 0) {
1107 /* there are some data left to transmit in this elementary
1108 transfer */
98087450 1109 size = s->cd_sector_size - s->io_buffer_index;
5391d806
FB		 1110 if (size > s->elementary_transfer_size)
1111 size = s->elementary_transfer_size;
5fafdf24 1112 ide_transfer_start(s, s->io_buffer + s->io_buffer_index,
5391d806
FB		 1113 size, ide_atapi_cmd_reply_end);
1114 s->packet_transfer_size -= size;
1115 s->elementary_transfer_size -= size;
1116 s->io_buffer_index += size;
1117 } else {
1118 /* a new transfer is needed */
1119 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO;
1120 byte_count_limit = s->lcyl | (s->hcyl << 8);
1121#ifdef DEBUG_IDE_ATAPI
1122 printf("byte_count_limit=%d\n", byte_count_limit);
1123#endif
1124 if (byte_count_limit == 0xffff)
1125 byte_count_limit--;
1126 size = s->packet_transfer_size;
1127 if (size > byte_count_limit) {
1128 /* byte count limit must be even if this case */
1129 if (byte_count_limit & 1)
1130 byte_count_limit--;
1131 size = byte_count_limit;
5391d806 1132 }
a136e5a8
FB		 1133 s->lcyl = size;
1134 s->hcyl = size >> 8;
5391d806
FB		 1135 s->elementary_transfer_size = size;
1136 /* we cannot transmit more than one sector at a time */
1137 if (s->lba != -1) {
98087450
FB		 1138 if (size > (s->cd_sector_size - s->io_buffer_index))
1139 size = (s->cd_sector_size - s->io_buffer_index);
5391d806 1140 }
5fafdf24 1141 ide_transfer_start(s, s->io_buffer + s->io_buffer_index,
5391d806
FB		 1142 size, ide_atapi_cmd_reply_end);
1143 s->packet_transfer_size -= size;
1144 s->elementary_transfer_size -= size;
1145 s->io_buffer_index += size;
1146 ide_set_irq(s);
1147#ifdef DEBUG_IDE_ATAPI
1148 printf("status=0x%x\n", s->status);
1149#endif
1150 }
1151 }
1152}
1153
1154/* send a reply of 'size' bytes in s->io_buffer to an ATAPI command */
1155static void ide_atapi_cmd_reply(IDEState *s, int size, int max_size)
1156{
1157 if (size > max_size)
1158 size = max_size;
1159 s->lba = -1; /* no sector read */
1160 s->packet_transfer_size = size;
5f12ab4b 1161 s->io_buffer_size = size; /* dma: send the reply data as one chunk */
5391d806
FB		 1162 s->elementary_transfer_size = 0;
1163 s->io_buffer_index = 0;
1164
5f12ab4b
TS		 1165 if (s->atapi_dma) {
1166 s->status = READY_STAT | DRQ_STAT;
1167 ide_dma_start(s, ide_atapi_cmd_read_dma_cb);
1168 } else {
1169 s->status = READY_STAT;
1170 ide_atapi_cmd_reply_end(s);
1171 }
5391d806
FB		 1172}
1173
1174/* start a CD-CDROM read command */
98087450
FB		 1175static void ide_atapi_cmd_read_pio(IDEState *s, int lba, int nb_sectors,
1176 int sector_size)
5391d806 1177{
5391d806 1178 s->lba = lba;
98087450 1179 s->packet_transfer_size = nb_sectors * sector_size;
5391d806 1180 s->elementary_transfer_size = 0;
98087450
FB		 1181 s->io_buffer_index = sector_size;
1182 s->cd_sector_size = sector_size;
5391d806
FB		 1183
1184 s->status = READY_STAT;
1185 ide_atapi_cmd_reply_end(s);
1186}
1187
98087450 1188/* ATAPI DMA support */
8ccad811
FB		 1189
1190/* XXX: handle read errors */
1191static void ide_atapi_cmd_read_dma_cb(void *opaque, int ret)
98087450 1192{
8ccad811
FB		 1193 BMDMAState *bm = opaque;
1194 IDEState *s = bm->ide_if;
1195 int data_offset, n;
1196
66c6ef76
FB		 1197 if (ret < 0) {
1198 ide_atapi_io_error(s, ret);
1199 goto eot;
1200 }
1201
8ccad811 1202 if (s->io_buffer_size > 0) {
5f12ab4b
TS		 1203 /*
1204 * For a cdrom read sector command (s->lba != -1),
1205 * adjust the lba for the next s->io_buffer_size chunk
1206 * and dma the current chunk.
1207 * For a command != read (s->lba == -1), just transfer
1208 * the reply data.
1209 */
1210 if (s->lba != -1) {
1211 if (s->cd_sector_size == 2352) {
1212 n = 1;
1213 cd_data_to_raw(s->io_buffer, s->lba);
1214 } else {
1215 n = s->io_buffer_size >> 11;
1216 }
1217 s->lba += n;
1218 }
8ccad811 1219 s->packet_transfer_size -= s->io_buffer_size;
8ccad811
FB		 1220 if (dma_buf_rw(bm, 1) == 0)
1221 goto eot;
98087450 1222 }
8ccad811 1223
98087450
FB		 1224 if (s->packet_transfer_size <= 0) {
1225 s->status = READY_STAT;
1226 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
1227 ide_set_irq(s);
8ccad811
FB		 1228 eot:
1229 bm->status &= ~BM_STATUS_DMAING;
1230 bm->status |= BM_STATUS_INT;
1231 bm->dma_cb = NULL;
1232 bm->ide_if = NULL;
1233 bm->aiocb = NULL;
1234 return;
1235 }
3b46e624 1236
8ccad811
FB		 1237 s->io_buffer_index = 0;
1238 if (s->cd_sector_size == 2352) {
1239 n = 1;
1240 s->io_buffer_size = s->cd_sector_size;
1241 data_offset = 16;
1242 } else {
1243 n = s->packet_transfer_size >> 11;
1244 if (n > (MAX_MULT_SECTORS / 4))
1245 n = (MAX_MULT_SECTORS / 4);
1246 s->io_buffer_size = n * 2048;
1247 data_offset = 0;
98087450 1248 }
8ccad811
FB		 1249#ifdef DEBUG_AIO
1250 printf("aio_read_cd: lba=%u n=%d\n", s->lba, n);
1251#endif
5fafdf24
TS		 1252 bm->aiocb = bdrv_aio_read(s->bs, (int64_t)s->lba << 2,
1253 s->io_buffer + data_offset, n * 4,
8ccad811 1254 ide_atapi_cmd_read_dma_cb, bm);
66c6ef76
FB		 1255 if (!bm->aiocb) {
1256 /* Note: media not present is the most likely case */
5fafdf24 1257 ide_atapi_cmd_error(s, SENSE_NOT_READY,
66c6ef76
FB		 1258 ASC_MEDIUM_NOT_PRESENT);
1259 goto eot;
1260 }
98087450
FB		 1261}
1262
1263/* start a CD-CDROM read command with DMA */
1264/* XXX: test if DMA is available */
1265static void ide_atapi_cmd_read_dma(IDEState *s, int lba, int nb_sectors,
1266 int sector_size)
1267{
1268 s->lba = lba;
1269 s->packet_transfer_size = nb_sectors * sector_size;
8ccad811
FB		 1270 s->io_buffer_index = 0;
1271 s->io_buffer_size = 0;
98087450
FB		 1272 s->cd_sector_size = sector_size;
1273
8ccad811
FB		 1274 /* XXX: check if BUSY_STAT should be set */
1275 s->status = READY_STAT | DRQ_STAT | BUSY_STAT;
98087450
FB		 1276 ide_dma_start(s, ide_atapi_cmd_read_dma_cb);
1277}
1278
5fafdf24 1279static void ide_atapi_cmd_read(IDEState *s, int lba, int nb_sectors,
98087450
FB		 1280 int sector_size)
1281{
1282#ifdef DEBUG_IDE_ATAPI
5f12ab4b
TS		 1283 printf("read %s: LBA=%d nb_sectors=%d\n", s->atapi_dma ? "dma" : "pio",
1284 lba, nb_sectors);
98087450
FB		 1285#endif
1286 if (s->atapi_dma) {
1287 ide_atapi_cmd_read_dma(s, lba, nb_sectors, sector_size);
1288 } else {
1289 ide_atapi_cmd_read_pio(s, lba, nb_sectors, sector_size);
1290 }
1291}
1292
5391d806
FB		 1293static void ide_atapi_cmd(IDEState *s)
1294{
1295 const uint8_t *packet;
1296 uint8_t *buf;
1297 int max_len;
1298
1299 packet = s->io_buffer;
1300 buf = s->io_buffer;
1301#ifdef DEBUG_IDE_ATAPI
1302 {
1303 int i;
1304 printf("ATAPI limit=0x%x packet:", s->lcyl | (s->hcyl << 8));
1305 for(i = 0; i < ATAPI_PACKET_SIZE; i++) {
1306 printf(" %02x", packet[i]);
1307 }
1308 printf("\n");
1309 }
1310#endif
1311 switch(s->io_buffer[0]) {
1312 case GPCMD_TEST_UNIT_READY:
caed8802 1313 if (bdrv_is_inserted(s->bs)) {
5391d806
FB		 1314 ide_atapi_cmd_ok(s);
1315 } else {
5fafdf24 1316 ide_atapi_cmd_error(s, SENSE_NOT_READY,
5391d806
FB		 1317 ASC_MEDIUM_NOT_PRESENT);
1318 }
1319 break;
d14049ea 1320 case GPCMD_MODE_SENSE_6:
5391d806
FB		 1321 case GPCMD_MODE_SENSE_10:
1322 {
1323 int action, code;
d14049ea
TS		 1324 if (packet[0] == GPCMD_MODE_SENSE_10)
1325 max_len = ube16_to_cpu(packet + 7);
1326 else
1327 max_len = packet[4];
5391d806
FB		 1328 action = packet[2] >> 6;
1329 code = packet[2] & 0x3f;
1330 switch(action) {
1331 case 0: /* current values */
1332 switch(code) {
1333 case 0x01: /* error recovery */
1334 cpu_to_ube16(&buf[0], 16 + 6);
1335 buf[2] = 0x70;
1336 buf[3] = 0;
1337 buf[4] = 0;
1338 buf[5] = 0;
1339 buf[6] = 0;
1340 buf[7] = 0;
1341
1342 buf[8] = 0x01;
1343 buf[9] = 0x06;
1344 buf[10] = 0x00;
1345 buf[11] = 0x05;
1346 buf[12] = 0x00;
1347 buf[13] = 0x00;
1348 buf[14] = 0x00;
1349 buf[15] = 0x00;
1350 ide_atapi_cmd_reply(s, 16, max_len);
1351 break;
1352 case 0x2a:
1353 cpu_to_ube16(&buf[0], 28 + 6);
1354 buf[2] = 0x70;
1355 buf[3] = 0;
1356 buf[4] = 0;
1357 buf[5] = 0;
1358 buf[6] = 0;
1359 buf[7] = 0;
1360
1361 buf[8] = 0x2a;
1362 buf[9] = 0x12;
d14049ea 1363 buf[10] = 0x08;
5391d806 1364 buf[11] = 0x00;
3b46e624 1365
5391d806
FB		 1366 buf[12] = 0x70;
1367 buf[13] = 3 << 5;
1368 buf[14] = (1 << 0) | (1 << 3) | (1 << 5);
caed8802 1369 if (bdrv_is_locked(s->bs))
5391d806
FB		 1370 buf[6] |= 1 << 1;
1371 buf[15] = 0x00;
1372 cpu_to_ube16(&buf[16], 706);
1373 buf[18] = 0;
1374 buf[19] = 2;
1375 cpu_to_ube16(&buf[20], 512);
1376 cpu_to_ube16(&buf[22], 706);
1377 buf[24] = 0;
1378 buf[25] = 0;
1379 buf[26] = 0;
1380 buf[27] = 0;
1381 ide_atapi_cmd_reply(s, 28, max_len);
1382 break;
1383 default:
1384 goto error_cmd;
1385 }
1386 break;
1387 case 1: /* changeable values */
1388 goto error_cmd;
1389 case 2: /* default values */
1390 goto error_cmd;
1391 default:
1392 case 3: /* saved values */
5fafdf24 1393 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
5391d806
FB		 1394 ASC_SAVING_PARAMETERS_NOT_SUPPORTED);
1395 break;
1396 }
1397 }
1398 break;
1399 case GPCMD_REQUEST_SENSE:
1400 max_len = packet[4];
1401 memset(buf, 0, 18);
1402 buf[0] = 0x70 | (1 << 7);
1403 buf[2] = s->sense_key;
1404 buf[7] = 10;
1405 buf[12] = s->asc;
1406 ide_atapi_cmd_reply(s, 18, max_len);
1407 break;
1408 case GPCMD_PREVENT_ALLOW_MEDIUM_REMOVAL:
caed8802
FB		 1409 if (bdrv_is_inserted(s->bs)) {
1410 bdrv_set_locked(s->bs, packet[4] & 1);
5391d806
FB		 1411 ide_atapi_cmd_ok(s);
1412 } else {
5fafdf24 1413 ide_atapi_cmd_error(s, SENSE_NOT_READY,
5391d806
FB		 1414 ASC_MEDIUM_NOT_PRESENT);
1415 }
1416 break;
1417 case GPCMD_READ_10:
1418 case GPCMD_READ_12:
1419 {
1420 int nb_sectors, lba;
1421
5391d806
FB		 1422 if (packet[0] == GPCMD_READ_10)
1423 nb_sectors = ube16_to_cpu(packet + 7);
1424 else
1425 nb_sectors = ube32_to_cpu(packet + 6);
1426 lba = ube32_to_cpu(packet + 2);
1427 if (nb_sectors == 0) {
1428 ide_atapi_cmd_ok(s);
1429 break;
1430 }
98087450
FB		 1431 ide_atapi_cmd_read(s, lba, nb_sectors, 2048);
1432 }
1433 break;
1434 case GPCMD_READ_CD:
1435 {
1436 int nb_sectors, lba, transfer_request;
1437
98087450
FB		 1438 nb_sectors = (packet[6] << 16) | (packet[7] << 8) | packet[8];
1439 lba = ube32_to_cpu(packet + 2);
1440 if (nb_sectors == 0) {
1441 ide_atapi_cmd_ok(s);
1442 break;
1443 }
98087450
FB		 1444 transfer_request = packet[9];
1445 switch(transfer_request & 0xf8) {
1446 case 0x00:
1447 /* nothing */
1448 ide_atapi_cmd_ok(s);
1449 break;
1450 case 0x10:
1451 /* normal read */
1452 ide_atapi_cmd_read(s, lba, nb_sectors, 2048);
1453 break;
1454 case 0xf8:
1455 /* read all data */
1456 ide_atapi_cmd_read(s, lba, nb_sectors, 2352);
1457 break;
1458 default:
5fafdf24 1459 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
98087450
FB		 1460 ASC_INV_FIELD_IN_CMD_PACKET);
1461 break;
1462 }
5391d806
FB		 1463 }
1464 break;
1465 case GPCMD_SEEK:
1466 {
1467 int lba;
66c6ef76
FB		 1468 int64_t total_sectors;
1469
1470 bdrv_get_geometry(s->bs, &total_sectors);
1471 total_sectors >>= 2;
1472 if (total_sectors <= 0) {
5fafdf24 1473 ide_atapi_cmd_error(s, SENSE_NOT_READY,
5391d806
FB		 1474 ASC_MEDIUM_NOT_PRESENT);
1475 break;
1476 }
1477 lba = ube32_to_cpu(packet + 2);
66c6ef76 1478 if (lba >= total_sectors) {
5fafdf24 1479 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
5391d806
FB		 1480 ASC_LOGICAL_BLOCK_OOR);
1481 break;
1482 }
1483 ide_atapi_cmd_ok(s);
1484 }
1485 break;
1486 case GPCMD_START_STOP_UNIT:
1487 {
1488 int start, eject;
1489 start = packet[4] & 1;
1490 eject = (packet[4] >> 1) & 1;
3b46e624 1491
caed8802
FB		 1492 if (eject && !start) {
1493 /* eject the disk */
66c6ef76
FB		 1494 bdrv_eject(s->bs, 1);
1495 } else if (eject && start) {
1496 /* close the tray */
1497 bdrv_eject(s->bs, 0);
caed8802 1498 }
5391d806
FB		 1499 ide_atapi_cmd_ok(s);
1500 }
1501 break;
1502 case GPCMD_MECHANISM_STATUS:
1503 {
1504 max_len = ube16_to_cpu(packet + 8);
1505 cpu_to_ube16(buf, 0);
1506 /* no current LBA */
1507 buf[2] = 0;
1508 buf[3] = 0;
1509 buf[4] = 0;
1510 buf[5] = 1;
1511 cpu_to_ube16(buf + 6, 0);
1512 ide_atapi_cmd_reply(s, 8, max_len);
1513 }
1514 break;
1515 case GPCMD_READ_TOC_PMA_ATIP:
1516 {
1517 int format, msf, start_track, len;
66c6ef76 1518 int64_t total_sectors;
5391d806 1519
66c6ef76
FB		 1520 bdrv_get_geometry(s->bs, &total_sectors);
1521 total_sectors >>= 2;
1522 if (total_sectors <= 0) {
5fafdf24 1523 ide_atapi_cmd_error(s, SENSE_NOT_READY,
5391d806
FB		 1524 ASC_MEDIUM_NOT_PRESENT);
1525 break;
1526 }
1527 max_len = ube16_to_cpu(packet + 7);
1528 format = packet[9] >> 6;
1529 msf = (packet[1] >> 1) & 1;
1530 start_track = packet[6];
1531 switch(format) {
1532 case 0:
66c6ef76 1533 len = cdrom_read_toc(total_sectors, buf, msf, start_track);
5391d806
FB		 1534 if (len < 0)
1535 goto error_cmd;
1536 ide_atapi_cmd_reply(s, len, max_len);
1537 break;
1538 case 1:
1539 /* multi session : only a single session defined */
1540 memset(buf, 0, 12);
1541 buf[1] = 0x0a;
1542 buf[2] = 0x01;
1543 buf[3] = 0x01;
1544 ide_atapi_cmd_reply(s, 12, max_len);
1545 break;
98087450 1546 case 2:
66c6ef76 1547 len = cdrom_read_toc_raw(total_sectors, buf, msf, start_track);
98087450
FB		 1548 if (len < 0)
1549 goto error_cmd;
1550 ide_atapi_cmd_reply(s, len, max_len);
1551 break;
5391d806 1552 default:
7f777bf3 1553 error_cmd:
5fafdf24 1554 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
7f777bf3
FB		 1555 ASC_INV_FIELD_IN_CMD_PACKET);
1556 break;
5391d806
FB		 1557 }
1558 }
1559 break;
1560 case GPCMD_READ_CDVD_CAPACITY:
66c6ef76
FB		 1561 {
1562 int64_t total_sectors;
1563
1564 bdrv_get_geometry(s->bs, &total_sectors);
1565 total_sectors >>= 2;
1566 if (total_sectors <= 0) {
5fafdf24 1567 ide_atapi_cmd_error(s, SENSE_NOT_READY,
66c6ef76
FB		 1568 ASC_MEDIUM_NOT_PRESENT);
1569 break;
1570 }
1571 /* NOTE: it is really the number of sectors minus 1 */
1572 cpu_to_ube32(buf, total_sectors - 1);
1573 cpu_to_ube32(buf + 4, 2048);
1574 ide_atapi_cmd_reply(s, 8, 8);
5391d806 1575 }
5391d806 1576 break;
d14049ea
TS		 1577 case GPCMD_READ_DVD_STRUCTURE:
1578 {
1579 int media = packet[1];
1580 int layer = packet[6];
1581 int format = packet[2];
1582 int64_t total_sectors;
1583
1584 if (media != 0 || layer != 0)
1585 {
1586 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1587 ASC_INV_FIELD_IN_CMD_PACKET);
1588 }
1589
1590 switch (format) {
1591 case 0:
1592 bdrv_get_geometry(s->bs, &total_sectors);
1593 total_sectors >>= 2;
1594
1595 memset(buf, 0, 2052);
1596
1597 buf[4] = 1; // DVD-ROM, part version 1
1598 buf[5] = 0xf; // 120mm disc, maximum rate unspecified
1599 buf[6] = 0; // one layer, embossed data
1600 buf[7] = 0;
1601
1602 cpu_to_ube32(buf + 8, 0);
1603 cpu_to_ube32(buf + 12, total_sectors - 1);
1604 cpu_to_ube32(buf + 16, total_sectors - 1);
1605
1606 cpu_to_be16wu((uint16_t *)buf, 2048 + 4);
1607
1608 ide_atapi_cmd_reply(s, 2048 + 3, 2048 + 4);
1609 break;
1610
1611 default:
1612 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1613 ASC_INV_FIELD_IN_CMD_PACKET);
1614 break;
1615 }
1616 }
1617 break;
1618 case GPCMD_SET_SPEED:
1619 ide_atapi_cmd_ok(s);
1620 break;
bd0d90b2
FB		 1621 case GPCMD_INQUIRY:
1622 max_len = packet[4];
1623 buf[0] = 0x05; /* CD-ROM */
1624 buf[1] = 0x80; /* removable */
1625 buf[2] = 0x00; /* ISO */
1626 buf[3] = 0x21; /* ATAPI-2 (XXX: put ATAPI-4 ?) */
aa1f17c1 1627 buf[4] = 31; /* additional length */
bd0d90b2
FB		 1628 buf[5] = 0; /* reserved */
1629 buf[6] = 0; /* reserved */
1630 buf[7] = 0; /* reserved */
1631 padstr8(buf + 8, 8, "QEMU");
1632 padstr8(buf + 16, 16, "QEMU CD-ROM");
1633 padstr8(buf + 32, 4, QEMU_VERSION);
1634 ide_atapi_cmd_reply(s, 36, max_len);
1635 break;
d14049ea
TS		 1636 case GPCMD_GET_CONFIGURATION:
1637 {
1638 int64_t total_sectors;
1639
1640 /* only feature 0 is supported */
1641 if (packet[2] != 0 || packet[3] != 0) {
1642 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1643 ASC_INV_FIELD_IN_CMD_PACKET);
1644 break;
1645 }
1646 memset(buf, 0, 32);
1647 bdrv_get_geometry(s->bs, &total_sectors);
1648 buf[3] = 16;
1649 buf[7] = total_sectors <= 1433600 ? 0x08 : 0x10; /* current profile */
1650 buf[10] = 0x10 | 0x1;
1651 buf[11] = 0x08; /* size of profile list */
1652 buf[13] = 0x10; /* DVD-ROM profile */
1653 buf[14] = buf[7] == 0x10; /* (in)active */
1654 buf[17] = 0x08; /* CD-ROM profile */
1655 buf[18] = buf[7] == 0x08; /* (in)active */
1656 ide_atapi_cmd_reply(s, 32, 32);
1657 break;
1658 }
5391d806 1659 default:
5fafdf24 1660 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
7f777bf3 1661 ASC_ILLEGAL_OPCODE);
5391d806
FB		 1662 break;
1663 }
1664}
1665
201a51fc
AZ		 1666static void ide_cfata_metadata_inquiry(IDEState *s)
1667{
1668 uint16_t *p;
1669 uint32_t spd;
1670
1671 p = (uint16_t *) s->io_buffer;
1672 memset(p, 0, 0x200);
1673 spd = ((s->mdata_size - 1) >> 9) + 1;
1674
1675 put_le16(p + 0, 0x0001); /* Data format revision */
1676 put_le16(p + 1, 0x0000); /* Media property: silicon */
1677 put_le16(p + 2, s->media_changed); /* Media status */
1678 put_le16(p + 3, s->mdata_size & 0xffff); /* Capacity in bytes (low) */
1679 put_le16(p + 4, s->mdata_size >> 16); /* Capacity in bytes (high) */
1680 put_le16(p + 5, spd & 0xffff); /* Sectors per device (low) */
1681 put_le16(p + 6, spd >> 16); /* Sectors per device (high) */
1682}
1683
1684static void ide_cfata_metadata_read(IDEState *s)
1685{
1686 uint16_t *p;
1687
1688 if (((s->hcyl << 16) | s->lcyl) << 9 > s->mdata_size + 2) {
1689 s->status = ERR_STAT;
1690 s->error = ABRT_ERR;
1691 return;
1692 }
1693
1694 p = (uint16_t *) s->io_buffer;
1695 memset(p, 0, 0x200);
1696
1697 put_le16(p + 0, s->media_changed); /* Media status */
1698 memcpy(p + 1, s->mdata_storage + (((s->hcyl << 16) | s->lcyl) << 9),
1699 MIN(MIN(s->mdata_size - (((s->hcyl << 16) | s->lcyl) << 9),
1700 s->nsector << 9), 0x200 - 2));
1701}
1702
1703static void ide_cfata_metadata_write(IDEState *s)
1704{
1705 if (((s->hcyl << 16) | s->lcyl) << 9 > s->mdata_size + 2) {
1706 s->status = ERR_STAT;
1707 s->error = ABRT_ERR;
1708 return;
1709 }
1710
1711 s->media_changed = 0;
1712
1713 memcpy(s->mdata_storage + (((s->hcyl << 16) | s->lcyl) << 9),
1714 s->io_buffer + 2,
1715 MIN(MIN(s->mdata_size - (((s->hcyl << 16) | s->lcyl) << 9),
1716 s->nsector << 9), 0x200 - 2));
1717}
1718
bd491d6a
TS		 1719/* called when the inserted state of the media has changed */
1720static void cdrom_change_cb(void *opaque)
1721{
1722 IDEState *s = opaque;
1723 int64_t nb_sectors;
1724
1725 /* XXX: send interrupt too */
1726 bdrv_get_geometry(s->bs, &nb_sectors);
1727 s->nb_sectors = nb_sectors;
1728}
1729
c2ff060f
FB		 1730static void ide_cmd_lba48_transform(IDEState *s, int lba48)
1731{
1732 s->lba48 = lba48;
1733
1734 /* handle the 'magic' 0 nsector count conversion here. to avoid
1735 * fiddling with the rest of the read logic, we just store the
1736 * full sector count in ->nsector and ignore ->hob_nsector from now
1737 */
1738 if (!s->lba48) {
1739 if (!s->nsector)
1740 s->nsector = 256;
1741 } else {
1742 if (!s->nsector && !s->hob_nsector)
1743 s->nsector = 65536;
1744 else {
1745 int lo = s->nsector;
1746 int hi = s->hob_nsector;
1747
1748 s->nsector = (hi << 8) | lo;
1749 }
1750 }
1751}
1752
1753static void ide_clear_hob(IDEState *ide_if)
1754{
1755 /* any write clears HOB high bit of device control register */
1756 ide_if[0].select &= ~(1 << 7);
1757 ide_if[1].select &= ~(1 << 7);
1758}
1759
caed8802
FB		 1760static void ide_ioport_write(void *opaque, uint32_t addr, uint32_t val)
1761{
1762 IDEState *ide_if = opaque;
c45c3d00 1763 IDEState *s;
5391d806 1764 int unit, n;
c2ff060f 1765 int lba48 = 0;
5391d806
FB		 1766
1767#ifdef DEBUG_IDE
1768 printf("IDE: write addr=0x%x val=0x%02x\n", addr, val);
1769#endif
c2ff060f 1770
5391d806
FB		 1771 addr &= 7;
1772 switch(addr) {
1773 case 0:
1774 break;
1775 case 1:
c2ff060f 1776 ide_clear_hob(ide_if);
c45c3d00 1777 /* NOTE: data is written to the two drives */
c2ff060f
FB		 1778 ide_if[0].hob_feature = ide_if[0].feature;
1779 ide_if[1].hob_feature = ide_if[1].feature;
c45c3d00
FB		 1780 ide_if[0].feature = val;
1781 ide_if[1].feature = val;
5391d806
FB		 1782 break;
1783 case 2:
c2ff060f
FB		 1784 ide_clear_hob(ide_if);
1785 ide_if[0].hob_nsector = ide_if[0].nsector;
1786 ide_if[1].hob_nsector = ide_if[1].nsector;
c45c3d00
FB		 1787 ide_if[0].nsector = val;
1788 ide_if[1].nsector = val;
5391d806
FB		 1789 break;
1790 case 3:
c2ff060f
FB		 1791 ide_clear_hob(ide_if);
1792 ide_if[0].hob_sector = ide_if[0].sector;
1793 ide_if[1].hob_sector = ide_if[1].sector;
c45c3d00
FB		 1794 ide_if[0].sector = val;
1795 ide_if[1].sector = val;
5391d806
FB		 1796 break;
1797 case 4:
c2ff060f
FB		 1798 ide_clear_hob(ide_if);
1799 ide_if[0].hob_lcyl = ide_if[0].lcyl;
1800 ide_if[1].hob_lcyl = ide_if[1].lcyl;
c45c3d00
FB		 1801 ide_if[0].lcyl = val;
1802 ide_if[1].lcyl = val;
5391d806
FB		 1803 break;
1804 case 5:
c2ff060f
FB		 1805 ide_clear_hob(ide_if);
1806 ide_if[0].hob_hcyl = ide_if[0].hcyl;
1807 ide_if[1].hob_hcyl = ide_if[1].hcyl;
c45c3d00
FB		 1808 ide_if[0].hcyl = val;
1809 ide_if[1].hcyl = val;
5391d806
FB		 1810 break;
1811 case 6:
c2ff060f 1812 /* FIXME: HOB readback uses bit 7 */
7ae98627
FB		 1813 ide_if[0].select = (val & ~0x10) | 0xa0;
1814 ide_if[1].select = (val | 0x10) | 0xa0;
5391d806
FB		 1815 /* select drive */
1816 unit = (val >> 4) & 1;
1817 s = ide_if + unit;
1818 ide_if->cur_drive = s;
5391d806
FB		 1819 break;
1820 default:
1821 case 7:
1822 /* command */
1823#if defined(DEBUG_IDE)
1824 printf("ide: CMD=%02x\n", val);
1825#endif
c45c3d00 1826 s = ide_if->cur_drive;
66201e2d 1827 /* ignore commands to non existant slave */
5fafdf24 1828 if (s != ide_if && !s->bs)
66201e2d 1829 break;
c2ff060f 1830
5391d806
FB		 1831 switch(val) {
1832 case WIN_IDENTIFY:
1833 if (s->bs && !s->is_cdrom) {
201a51fc
AZ		 1834 if (!s->is_cf)
1835 ide_identify(s);
1836 else
1837 ide_cfata_identify(s);
2a282056 1838 s->status = READY_STAT | SEEK_STAT;
5391d806
FB		 1839 ide_transfer_start(s, s->io_buffer, 512, ide_transfer_stop);
1840 } else {
1841 if (s->is_cdrom) {
1842 ide_set_signature(s);
1843 }
1844 ide_abort_command(s);
1845 }
1846 ide_set_irq(s);
1847 break;
1848 case WIN_SPECIFY:
1849 case WIN_RECAL:
a136e5a8 1850 s->error = 0;
769bec72 1851 s->status = READY_STAT | SEEK_STAT;
5391d806
FB		 1852 ide_set_irq(s);
1853 break;
1854 case WIN_SETMULT:
201a51fc
AZ		 1855 if (s->is_cf && s->nsector == 0) {
1856 /* Disable Read and Write Multiple */
1857 s->mult_sectors = 0;
1858 s->status = READY_STAT;
1859 } else if ((s->nsector & 0xff) != 0 &&
39dfc926
TS		 1860 ((s->nsector & 0xff) > MAX_MULT_SECTORS ||
1861 (s->nsector & (s->nsector - 1)) != 0)) {
5391d806
FB		 1862 ide_abort_command(s);
1863 } else {
292eef5a 1864 s->mult_sectors = s->nsector & 0xff;
5391d806
FB		 1865 s->status = READY_STAT;
1866 }
1867 ide_set_irq(s);
1868 break;
c2ff060f
FB		 1869 case WIN_VERIFY_EXT:
1870 lba48 = 1;
4ce900b4
FB		 1871 case WIN_VERIFY:
1872 case WIN_VERIFY_ONCE:
1873 /* do sector number check ? */
c2ff060f 1874 ide_cmd_lba48_transform(s, lba48);
4ce900b4
FB		 1875 s->status = READY_STAT;
1876 ide_set_irq(s);
1877 break;
c2ff060f
FB		 1878 case WIN_READ_EXT:
1879 lba48 = 1;
5391d806
FB		 1880 case WIN_READ:
1881 case WIN_READ_ONCE:
5fafdf24 1882 if (!s->bs)
6b136f9e 1883 goto abort_cmd;
c2ff060f 1884 ide_cmd_lba48_transform(s, lba48);
5391d806
FB		 1885 s->req_nb_sectors = 1;
1886 ide_sector_read(s);
1887 break;
c2ff060f
FB		 1888 case WIN_WRITE_EXT:
1889 lba48 = 1;
5391d806
FB		 1890 case WIN_WRITE:
1891 case WIN_WRITE_ONCE:
201a51fc
AZ		 1892 case CFA_WRITE_SECT_WO_ERASE:
1893 case WIN_WRITE_VERIFY:
c2ff060f 1894 ide_cmd_lba48_transform(s, lba48);
a136e5a8 1895 s->error = 0;
f66723fa 1896 s->status = SEEK_STAT | READY_STAT;
5391d806
FB		 1897 s->req_nb_sectors = 1;
1898 ide_transfer_start(s, s->io_buffer, 512, ide_sector_write);
201a51fc 1899 s->media_changed = 1;
5391d806 1900 break;
c2ff060f
FB		 1901 case WIN_MULTREAD_EXT:
1902 lba48 = 1;
5391d806
FB		 1903 case WIN_MULTREAD:
1904 if (!s->mult_sectors)
1905 goto abort_cmd;
c2ff060f 1906 ide_cmd_lba48_transform(s, lba48);
5391d806
FB		 1907 s->req_nb_sectors = s->mult_sectors;
1908 ide_sector_read(s);
1909 break;
c2ff060f
FB		 1910 case WIN_MULTWRITE_EXT:
1911 lba48 = 1;
5391d806 1912 case WIN_MULTWRITE:
201a51fc 1913 case CFA_WRITE_MULTI_WO_ERASE:
5391d806
FB		 1914 if (!s->mult_sectors)
1915 goto abort_cmd;
c2ff060f 1916 ide_cmd_lba48_transform(s, lba48);
a136e5a8 1917 s->error = 0;
f66723fa 1918 s->status = SEEK_STAT | READY_STAT;
5391d806
FB		 1919 s->req_nb_sectors = s->mult_sectors;
1920 n = s->nsector;
1921 if (n > s->req_nb_sectors)
1922 n = s->req_nb_sectors;
1923 ide_transfer_start(s, s->io_buffer, 512 * n, ide_sector_write);
201a51fc 1924 s->media_changed = 1;
5391d806 1925 break;
c2ff060f
FB		 1926 case WIN_READDMA_EXT:
1927 lba48 = 1;
98087450
FB		 1928 case WIN_READDMA:
1929 case WIN_READDMA_ONCE:
5fafdf24 1930 if (!s->bs)
98087450 1931 goto abort_cmd;
c2ff060f 1932 ide_cmd_lba48_transform(s, lba48);
98087450
FB		 1933 ide_sector_read_dma(s);
1934 break;
c2ff060f
FB		 1935 case WIN_WRITEDMA_EXT:
1936 lba48 = 1;
98087450
FB		 1937 case WIN_WRITEDMA:
1938 case WIN_WRITEDMA_ONCE:
5fafdf24 1939 if (!s->bs)
98087450 1940 goto abort_cmd;
c2ff060f 1941 ide_cmd_lba48_transform(s, lba48);
98087450 1942 ide_sector_write_dma(s);
201a51fc 1943 s->media_changed = 1;
98087450 1944 break;
c2ff060f
FB		 1945 case WIN_READ_NATIVE_MAX_EXT:
1946 lba48 = 1;
5391d806 1947 case WIN_READ_NATIVE_MAX:
c2ff060f 1948 ide_cmd_lba48_transform(s, lba48);
5391d806
FB		 1949 ide_set_sector(s, s->nb_sectors - 1);
1950 s->status = READY_STAT;
1951 ide_set_irq(s);
1952 break;
a136e5a8 1953 case WIN_CHECKPOWERMODE1:
201a51fc 1954 case WIN_CHECKPOWERMODE2:
a136e5a8
FB		 1955 s->nsector = 0xff; /* device active or idle */
1956 s->status = READY_STAT;
1957 ide_set_irq(s);
1958 break;
34e538ae
FB		 1959 case WIN_SETFEATURES:
1960 if (!s->bs)
1961 goto abort_cmd;
1962 /* XXX: valid for CDROM ? */
1963 switch(s->feature) {
e1f63470
TS		 1964 case 0xcc: /* reverting to power-on defaults enable */
1965 case 0x66: /* reverting to power-on defaults disable */
34e538ae
FB		 1966 case 0x02: /* write cache enable */
1967 case 0x82: /* write cache disable */
1968 case 0xaa: /* read look-ahead enable */
1969 case 0x55: /* read look-ahead disable */
201a51fc
AZ		 1970 case 0x05: /* set advanced power management mode */
1971 case 0x85: /* disable advanced power management mode */
1972 case 0x69: /* NOP */
1973 case 0x67: /* NOP */
1974 case 0x96: /* NOP */
1975 case 0x9a: /* NOP */
c3e88d8c
TS		 1976 case 0x42: /* enable Automatic Acoustic Mode */
1977 case 0xc2: /* disable Automatic Acoustic Mode */
e0fe67aa 1978 s->status = READY_STAT | SEEK_STAT;
34e538ae
FB		 1979 ide_set_irq(s);
1980 break;
94458802
FB		 1981 case 0x03: { /* set transfer mode */
1982 uint8_t val = s->nsector & 0x07;
1983
1984 switch (s->nsector >> 3) {
1985 case 0x00: /* pio default */
1986 case 0x01: /* pio mode */
1987 put_le16(s->identify_data + 63,0x07);
1988 put_le16(s->identify_data + 88,0x3f);
1989 break;
1990 case 0x04: /* mdma mode */
1991 put_le16(s->identify_data + 63,0x07 | (1 << (val + 8)));
1992 put_le16(s->identify_data + 88,0x3f);
1993 break;
1994 case 0x08: /* udma mode */
1995 put_le16(s->identify_data + 63,0x07);
1996 put_le16(s->identify_data + 88,0x3f | (1 << (val + 8)));
1997 break;
1998 default:
1999 goto abort_cmd;
2000 }
2001 s->status = READY_STAT | SEEK_STAT;
2002 ide_set_irq(s);
2003 break;
2004 }
34e538ae
FB		 2005 default:
2006 goto abort_cmd;
2007 }
2008 break;
c2ff060f
FB		 2009 case WIN_FLUSH_CACHE:
2010 case WIN_FLUSH_CACHE_EXT:
7a6cba61
PB		 2011 if (s->bs)
2012 bdrv_flush(s->bs);
2013 s->status = READY_STAT;
2014 ide_set_irq(s);
2015 break;
c3e88d8c
TS		 2016 case WIN_STANDBY:
2017 case WIN_STANDBY2:
2018 case WIN_STANDBYNOW1:
201a51fc 2019 case WIN_STANDBYNOW2:
c451ee71 2020 case WIN_IDLEIMMEDIATE:
201a51fc
AZ		 2021 case CFA_IDLEIMMEDIATE:
2022 case WIN_SETIDLE1:
2023 case WIN_SETIDLE2:
c3e88d8c
TS		 2024 case WIN_SLEEPNOW1:
2025 case WIN_SLEEPNOW2:
2026 s->status = READY_STAT;
a7dfe172
FB		 2027 ide_set_irq(s);
2028 break;
5391d806
FB		 2029 /* ATAPI commands */
2030 case WIN_PIDENTIFY:
2031 if (s->is_cdrom) {
2032 ide_atapi_identify(s);
1298fe63 2033 s->status = READY_STAT | SEEK_STAT;
5391d806
FB		 2034 ide_transfer_start(s, s->io_buffer, 512, ide_transfer_stop);
2035 } else {
2036 ide_abort_command(s);
2037 }
2038 ide_set_irq(s);
2039 break;
c451ee71
FB		 2040 case WIN_DIAGNOSE:
2041 ide_set_signature(s);
2042 s->status = 0x00; /* NOTE: READY is _not_ set */
2043 s->error = 0x01;
2044 break;
5391d806
FB		 2045 case WIN_SRST:
2046 if (!s->is_cdrom)
2047 goto abort_cmd;
2048 ide_set_signature(s);
6b136f9e 2049 s->status = 0x00; /* NOTE: READY is _not_ set */
5391d806
FB		 2050 s->error = 0x01;
2051 break;
2052 case WIN_PACKETCMD:
2053 if (!s->is_cdrom)
2054 goto abort_cmd;
98087450
FB		 2055 /* overlapping commands not supported */
2056 if (s->feature & 0x02)
5391d806 2057 goto abort_cmd;
7603d156 2058 s->status = READY_STAT;
98087450 2059 s->atapi_dma = s->feature & 1;
5391d806 2060 s->nsector = 1;
5fafdf24 2061 ide_transfer_start(s, s->io_buffer, ATAPI_PACKET_SIZE,
5391d806
FB		 2062 ide_atapi_cmd);
2063 break;
201a51fc
AZ		 2064 /* CF-ATA commands */
2065 case CFA_REQ_EXT_ERROR_CODE:
2066 if (!s->is_cf)
2067 goto abort_cmd;
2068 s->error = 0x09; /* miscellaneous error */
2069 s->status = READY_STAT;
2070 ide_set_irq(s);
2071 break;
2072 case CFA_ERASE_SECTORS:
2073 case CFA_WEAR_LEVEL:
2074 if (!s->is_cf)
2075 goto abort_cmd;
2076 if (val == CFA_WEAR_LEVEL)
2077 s->nsector = 0;
2078 if (val == CFA_ERASE_SECTORS)
2079 s->media_changed = 1;
2080 s->error = 0x00;
2081 s->status = READY_STAT;
2082 ide_set_irq(s);
2083 break;
2084 case CFA_TRANSLATE_SECTOR:
2085 if (!s->is_cf)
2086 goto abort_cmd;
2087 s->error = 0x00;
2088 s->status = READY_STAT;
2089 memset(s->io_buffer, 0, 0x200);
2090 s->io_buffer[0x00] = s->hcyl; /* Cyl MSB */
2091 s->io_buffer[0x01] = s->lcyl; /* Cyl LSB */
2092 s->io_buffer[0x02] = s->select; /* Head */
2093 s->io_buffer[0x03] = s->sector; /* Sector */
2094 s->io_buffer[0x04] = ide_get_sector(s) >> 16; /* LBA MSB */
2095 s->io_buffer[0x05] = ide_get_sector(s) >> 8; /* LBA */
2096 s->io_buffer[0x06] = ide_get_sector(s) >> 0; /* LBA LSB */
2097 s->io_buffer[0x13] = 0x00; /* Erase flag */
2098 s->io_buffer[0x18] = 0x00; /* Hot count */
2099 s->io_buffer[0x19] = 0x00; /* Hot count */
2100 s->io_buffer[0x1a] = 0x01; /* Hot count */
2101 ide_transfer_start(s, s->io_buffer, 0x200, ide_transfer_stop);
2102 ide_set_irq(s);
2103 break;
2104 case CFA_ACCESS_METADATA_STORAGE:
2105 if (!s->is_cf)
2106 goto abort_cmd;
2107 switch (s->feature) {
2108 case 0x02: /* Inquiry Metadata Storage */
2109 ide_cfata_metadata_inquiry(s);
2110 break;
2111 case 0x03: /* Read Metadata Storage */
2112 ide_cfata_metadata_read(s);
2113 break;
2114 case 0x04: /* Write Metadata Storage */
2115 ide_cfata_metadata_write(s);
2116 break;
2117 default:
2118 goto abort_cmd;
2119 }
2120 ide_transfer_start(s, s->io_buffer, 0x200, ide_transfer_stop);
2121 s->status = 0x00; /* NOTE: READY is _not_ set */
2122 ide_set_irq(s);
2123 break;
2124 case IBM_SENSE_CONDITION:
2125 if (!s->is_cf)
2126 goto abort_cmd;
2127 switch (s->feature) {
2128 case 0x01: /* sense temperature in device */
2129 s->nsector = 0x50; /* +20 C */
2130 break;
2131 default:
2132 goto abort_cmd;
2133 }
2134 s->status = READY_STAT;
2135 ide_set_irq(s);
2136 break;
5391d806
FB		 2137 default:
2138 abort_cmd:
2139 ide_abort_command(s);
2140 ide_set_irq(s);
2141 break;
2142 }
2143 }
2144}
2145
caed8802 2146static uint32_t ide_ioport_read(void *opaque, uint32_t addr1)
5391d806 2147{
7ae98627
FB		 2148 IDEState *ide_if = opaque;
2149 IDEState *s = ide_if->cur_drive;
5391d806 2150 uint32_t addr;
c2ff060f 2151 int ret, hob;
5391d806
FB		 2152
2153 addr = addr1 & 7;
c2ff060f
FB		 2154 /* FIXME: HOB readback uses bit 7, but it's always set right now */
2155 //hob = s->select & (1 << 7);
2156 hob = 0;
5391d806
FB		 2157 switch(addr) {
2158 case 0:
2159 ret = 0xff;
2160 break;
2161 case 1:
7ae98627 2162 if (!ide_if[0].bs && !ide_if[1].bs)
c45c3d00 2163 ret = 0;
c2ff060f 2164 else if (!hob)
c45c3d00 2165 ret = s->error;
c2ff060f
FB		 2166 else
2167 ret = s->hob_feature;
5391d806
FB		 2168 break;
2169 case 2:
7ae98627 2170 if (!ide_if[0].bs && !ide_if[1].bs)
c45c3d00 2171 ret = 0;
c2ff060f 2172 else if (!hob)
c45c3d00 2173 ret = s->nsector & 0xff;
c2ff060f
FB		 2174 else
2175 ret = s->hob_nsector;
5391d806
FB		 2176 break;
2177 case 3:
7ae98627 2178 if (!ide_if[0].bs && !ide_if[1].bs)
c45c3d00 2179 ret = 0;
c2ff060f 2180 else if (!hob)
c45c3d00 2181 ret = s->sector;
c2ff060f
FB		 2182 else
2183 ret = s->hob_sector;
5391d806
FB		 2184 break;
2185 case 4:
7ae98627 2186 if (!ide_if[0].bs && !ide_if[1].bs)
c45c3d00 2187 ret = 0;
c2ff060f 2188 else if (!hob)
c45c3d00 2189 ret = s->lcyl;
c2ff060f
FB		 2190 else
2191 ret = s->hob_lcyl;
5391d806
FB		 2192 break;
2193 case 5:
7ae98627 2194 if (!ide_if[0].bs && !ide_if[1].bs)
c45c3d00 2195 ret = 0;
c2ff060f 2196 else if (!hob)
c45c3d00 2197 ret = s->hcyl;
c2ff060f
FB		 2198 else
2199 ret = s->hob_hcyl;
5391d806
FB		 2200 break;
2201 case 6:
7ae98627 2202 if (!ide_if[0].bs && !ide_if[1].bs)
c45c3d00
FB		 2203 ret = 0;
2204 else
7ae98627 2205 ret = s->select;
5391d806
FB		 2206 break;
2207 default:
2208 case 7:
66201e2d
FB		 2209 if ((!ide_if[0].bs && !ide_if[1].bs) ||
2210 (s != ide_if && !s->bs))
c45c3d00
FB		 2211 ret = 0;
2212 else
2213 ret = s->status;
d537cf6c 2214 qemu_irq_lower(s->irq);
5391d806
FB		 2215 break;
2216 }
2217#ifdef DEBUG_IDE
2218 printf("ide: read addr=0x%x val=%02x\n", addr1, ret);
2219#endif
2220 return ret;
2221}
2222
caed8802 2223static uint32_t ide_status_read(void *opaque, uint32_t addr)
5391d806 2224{
7ae98627
FB		 2225 IDEState *ide_if = opaque;
2226 IDEState *s = ide_if->cur_drive;
5391d806 2227 int ret;
7ae98627 2228
66201e2d
FB		 2229 if ((!ide_if[0].bs && !ide_if[1].bs) ||
2230 (s != ide_if && !s->bs))
7ae98627
FB		 2231 ret = 0;
2232 else
2233 ret = s->status;
5391d806
FB		 2234#ifdef DEBUG_IDE
2235 printf("ide: read status addr=0x%x val=%02x\n", addr, ret);
2236#endif
2237 return ret;
2238}
2239
caed8802 2240static void ide_cmd_write(void *opaque, uint32_t addr, uint32_t val)
5391d806 2241{
caed8802 2242 IDEState *ide_if = opaque;
5391d806
FB		 2243 IDEState *s;
2244 int i;
2245
2246#ifdef DEBUG_IDE
2247 printf("ide: write control addr=0x%x val=%02x\n", addr, val);
2248#endif
2249 /* common for both drives */
2250 if (!(ide_if[0].cmd & IDE_CMD_RESET) &&
2251 (val & IDE_CMD_RESET)) {
2252 /* reset low to high */
2253 for(i = 0;i < 2; i++) {
2254 s = &ide_if[i];
2255 s->status = BUSY_STAT | SEEK_STAT;
2256 s->error = 0x01;
2257 }
2258 } else if ((ide_if[0].cmd & IDE_CMD_RESET) &&
2259 !(val & IDE_CMD_RESET)) {
2260 /* high to low */
2261 for(i = 0;i < 2; i++) {
2262 s = &ide_if[i];
6b136f9e
FB		 2263 if (s->is_cdrom)
2264 s->status = 0x00; /* NOTE: READY is _not_ set */
2265 else
56bf1d37 2266 s->status = READY_STAT | SEEK_STAT;
5391d806
FB		 2267 ide_set_signature(s);
2268 }
2269 }
2270
2271 ide_if[0].cmd = val;
2272 ide_if[1].cmd = val;
2273}
2274
caed8802 2275static void ide_data_writew(void *opaque, uint32_t addr, uint32_t val)
5391d806 2276{
caed8802 2277 IDEState *s = ((IDEState *)opaque)->cur_drive;
5391d806
FB		 2278 uint8_t *p;
2279
2280 p = s->data_ptr;
0c4ad8dc 2281 *(uint16_t *)p = le16_to_cpu(val);
5391d806
FB		 2282 p += 2;
2283 s->data_ptr = p;
2284 if (p >= s->data_end)
2285 s->end_transfer_func(s);
2286}
2287
caed8802 2288static uint32_t ide_data_readw(void *opaque, uint32_t addr)
5391d806 2289{
caed8802 2290 IDEState *s = ((IDEState *)opaque)->cur_drive;
5391d806
FB		 2291 uint8_t *p;
2292 int ret;
2293 p = s->data_ptr;
0c4ad8dc 2294 ret = cpu_to_le16(*(uint16_t *)p);
5391d806
FB		 2295 p += 2;
2296 s->data_ptr = p;
2297 if (p >= s->data_end)
2298 s->end_transfer_func(s);
2299 return ret;
2300}
2301
caed8802 2302static void ide_data_writel(void *opaque, uint32_t addr, uint32_t val)
5391d806 2303{
caed8802 2304 IDEState *s = ((IDEState *)opaque)->cur_drive;
5391d806
FB		 2305 uint8_t *p;
2306
2307 p = s->data_ptr;
0c4ad8dc 2308 *(uint32_t *)p = le32_to_cpu(val);
5391d806
FB		 2309 p += 4;
2310 s->data_ptr = p;
2311 if (p >= s->data_end)
2312 s->end_transfer_func(s);
2313}
2314
caed8802 2315static uint32_t ide_data_readl(void *opaque, uint32_t addr)
5391d806 2316{
caed8802 2317 IDEState *s = ((IDEState *)opaque)->cur_drive;
5391d806
FB		 2318 uint8_t *p;
2319 int ret;
3b46e624 2320
5391d806 2321 p = s->data_ptr;
0c4ad8dc 2322 ret = cpu_to_le32(*(uint32_t *)p);
5391d806
FB		 2323 p += 4;
2324 s->data_ptr = p;
2325 if (p >= s->data_end)
2326 s->end_transfer_func(s);
2327 return ret;
2328}
2329
a7dfe172
FB		 2330static void ide_dummy_transfer_stop(IDEState *s)
2331{
2332 s->data_ptr = s->io_buffer;
2333 s->data_end = s->io_buffer;
2334 s->io_buffer[0] = 0xff;
2335 s->io_buffer[1] = 0xff;
2336 s->io_buffer[2] = 0xff;
2337 s->io_buffer[3] = 0xff;
2338}
2339
5391d806
FB		 2340static void ide_reset(IDEState *s)
2341{
201a51fc
AZ		 2342 if (s->is_cf)
2343 s->mult_sectors = 0;
2344 else
2345 s->mult_sectors = MAX_MULT_SECTORS;
5391d806
FB		 2346 s->cur_drive = s;
2347 s->select = 0xa0;
2348 s->status = READY_STAT;
2349 ide_set_signature(s);
a7dfe172
FB		 2350 /* init the transfer handler so that 0xffff is returned on data
2351 accesses */
2352 s->end_transfer_func = ide_dummy_transfer_stop;
2353 ide_dummy_transfer_stop(s);
201a51fc 2354 s->media_changed = 0;
5391d806
FB		 2355}
2356
2357struct partition {
2358 uint8_t boot_ind; /* 0x80 - active */
2359 uint8_t head; /* starting head */
2360 uint8_t sector; /* starting sector */
2361 uint8_t cyl; /* starting cylinder */
2362 uint8_t sys_ind; /* What partition type */
2363 uint8_t end_head; /* end head */
2364 uint8_t end_sector; /* end sector */
2365 uint8_t end_cyl; /* end cylinder */
2366 uint32_t start_sect; /* starting sector counting from 0 */
2367 uint32_t nr_sects; /* nr of sectors in partition */
2368} __attribute__((packed));
2369
bf1b938f 2370/* try to guess the disk logical geometry from the MSDOS partition table. Return 0 if OK, -1 if could not guess */
5fafdf24 2371static int guess_disk_lchs(IDEState *s,
bf1b938f 2372 int *pcylinders, int *pheads, int *psectors)
5391d806
FB		 2373{
2374 uint8_t buf[512];
46d4767d 2375 int ret, i, heads, sectors, cylinders;
5391d806
FB		 2376 struct partition *p;
2377 uint32_t nr_sects;
2378
5391d806
FB		 2379 ret = bdrv_read(s->bs, 0, buf, 1);
2380 if (ret < 0)
bf1b938f 2381 return -1;
5391d806
FB		 2382 /* test msdos magic */
2383 if (buf[510] != 0x55 || buf[511] != 0xaa)
bf1b938f 2384 return -1;
5391d806
FB		 2385 for(i = 0; i < 4; i++) {
2386 p = ((struct partition *)(buf + 0x1be)) + i;
0c4ad8dc 2387 nr_sects = le32_to_cpu(p->nr_sects);
5391d806
FB		 2388 if (nr_sects && p->end_head) {
2389 /* We make the assumption that the partition terminates on
2390 a cylinder boundary */
46d4767d 2391 heads = p->end_head + 1;
46d4767d
FB		 2392 sectors = p->end_sector & 63;
2393 if (sectors == 0)
2394 continue;
2395 cylinders = s->nb_sectors / (heads * sectors);
2396 if (cylinders < 1 || cylinders > 16383)
2397 continue;
bf1b938f
FB		 2398 *pheads = heads;
2399 *psectors = sectors;
2400 *pcylinders = cylinders;
5391d806 2401#if 0
5fafdf24 2402 printf("guessed geometry: LCHS=%d %d %d\n",
bf1b938f 2403 cylinders, heads, sectors);
5391d806 2404#endif
bf1b938f 2405 return 0;
5391d806
FB		 2406 }
2407 }
bf1b938f 2408 return -1;
5391d806
FB		 2409}
2410
5457c8ce
FB		 2411static void ide_init2(IDEState *ide_state,
2412 BlockDriverState *hd0, BlockDriverState *hd1,
d537cf6c 2413 qemu_irq irq)
5391d806 2414{
69b91039 2415 IDEState *s;
aedf5382 2416 static int drive_serial = 1;
4dbb0f50 2417 int i, cylinders, heads, secs, translation, lba_detected = 0;
5391d806 2418 int64_t nb_sectors;
5391d806 2419
caed8802
FB		 2420 for(i = 0; i < 2; i++) {
2421 s = ide_state + i;
2422 if (i == 0)
2423 s->bs = hd0;
2424 else
2425 s->bs = hd1;
5391d806
FB		 2426 if (s->bs) {
2427 bdrv_get_geometry(s->bs, &nb_sectors);
2428 s->nb_sectors = nb_sectors;
caed8802
FB		 2429 /* if a geometry hint is available, use it */
2430 bdrv_get_geometry_hint(s->bs, &cylinders, &heads, &secs);
4dbb0f50 2431 translation = bdrv_get_translation_hint(s->bs);
caed8802 2432 if (cylinders != 0) {
5391d806 2433 s->cylinders = cylinders;
caed8802
FB		 2434 s->heads = heads;
2435 s->sectors = secs;
2436 } else {
bf1b938f
FB		 2437 if (guess_disk_lchs(s, &cylinders, &heads, &secs) == 0) {
2438 if (heads > 16) {
2439 /* if heads > 16, it means that a BIOS LBA
2440 translation was active, so the default
2441 hardware geometry is OK */
4dbb0f50 2442 lba_detected = 1;
bf1b938f
FB		 2443 goto default_geometry;
2444 } else {
2445 s->cylinders = cylinders;
2446 s->heads = heads;
2447 s->sectors = secs;
2448 /* disable any translation to be in sync with
2449 the logical geometry */
bf1b938f
FB		 2450 if (translation == BIOS_ATA_TRANSLATION_AUTO) {
2451 bdrv_set_translation_hint(s->bs,
2452 BIOS_ATA_TRANSLATION_NONE);
2453 }
2454 }
2455 } else {
2456 default_geometry:
46d4767d 2457 /* if no geometry, use a standard physical disk geometry */
caed8802
FB		 2458 cylinders = nb_sectors / (16 * 63);
2459 if (cylinders > 16383)
2460 cylinders = 16383;
2461 else if (cylinders < 2)
2462 cylinders = 2;
2463 s->cylinders = cylinders;
2464 s->heads = 16;
2465 s->sectors = 63;
4dbb0f50
TS		 2466 if ((lba_detected == 1) && (translation == BIOS_ATA_TRANSLATION_AUTO)) {
2467 if ((s->cylinders * s->heads) <= 131072) {
2468 bdrv_set_translation_hint(s->bs,
2469 BIOS_ATA_TRANSLATION_LARGE);
2470 } else {
2471 bdrv_set_translation_hint(s->bs,
2472 BIOS_ATA_TRANSLATION_LBA);
2473 }
2474 }
caed8802 2475 }
769bec72 2476 bdrv_set_geometry_hint(s->bs, s->cylinders, s->heads, s->sectors);
caed8802
FB		 2477 }
2478 if (bdrv_get_type_hint(s->bs) == BDRV_TYPE_CDROM) {
2479 s->is_cdrom = 1;
bd491d6a 2480 bdrv_set_change_cb(s->bs, cdrom_change_cb, s);
5391d806
FB		 2481 }
2482 }
aedf5382 2483 s->drive_serial = drive_serial++;
caed8802 2484 s->irq = irq;
5fafdf24 2485 s->sector_write_timer = qemu_new_timer(vm_clock,
a09db21f 2486 ide_sector_write_timer_cb, s);
5391d806
FB		 2487 ide_reset(s);
2488 }
69b91039
FB		 2489}
2490
34e538ae 2491static void ide_init_ioport(IDEState *ide_state, int iobase, int iobase2)
69b91039 2492{
caed8802
FB		 2493 register_ioport_write(iobase, 8, 1, ide_ioport_write, ide_state);
2494 register_ioport_read(iobase, 8, 1, ide_ioport_read, ide_state);
2495 if (iobase2) {
2496 register_ioport_read(iobase2, 1, 1, ide_status_read, ide_state);
2497 register_ioport_write(iobase2, 1, 1, ide_cmd_write, ide_state);
5391d806 2498 }
3b46e624 2499
caed8802
FB		 2500 /* data ports */
2501 register_ioport_write(iobase, 2, 2, ide_data_writew, ide_state);
2502 register_ioport_read(iobase, 2, 2, ide_data_readw, ide_state);
2503 register_ioport_write(iobase, 4, 4, ide_data_writel, ide_state);
2504 register_ioport_read(iobase, 4, 4, ide_data_readl, ide_state);
5391d806 2505}
69b91039 2506
aa941b94
AZ		 2507/* save per IDE drive data */
2508static void ide_save(QEMUFile* f, IDEState *s)
2509{
2510 qemu_put_be32s(f, &s->mult_sectors);
2511 qemu_put_be32s(f, &s->identify_set);
2512 if (s->identify_set) {
2513 qemu_put_buffer(f, (const uint8_t *)s->identify_data, 512);
2514 }
2515 qemu_put_8s(f, &s->feature);
2516 qemu_put_8s(f, &s->error);
2517 qemu_put_be32s(f, &s->nsector);
2518 qemu_put_8s(f, &s->sector);
2519 qemu_put_8s(f, &s->lcyl);
2520 qemu_put_8s(f, &s->hcyl);
2521 qemu_put_8s(f, &s->hob_feature);
2522 qemu_put_8s(f, &s->hob_nsector);
2523 qemu_put_8s(f, &s->hob_sector);
2524 qemu_put_8s(f, &s->hob_lcyl);
2525 qemu_put_8s(f, &s->hob_hcyl);
2526 qemu_put_8s(f, &s->select);
2527 qemu_put_8s(f, &s->status);
2528 qemu_put_8s(f, &s->lba48);
2529
2530 qemu_put_8s(f, &s->sense_key);
2531 qemu_put_8s(f, &s->asc);
2532 /* XXX: if a transfer is pending, we do not save it yet */
2533}
2534
2535/* load per IDE drive data */
2536static void ide_load(QEMUFile* f, IDEState *s)
2537{
2538 qemu_get_be32s(f, &s->mult_sectors);
2539 qemu_get_be32s(f, &s->identify_set);
2540 if (s->identify_set) {
2541 qemu_get_buffer(f, (uint8_t *)s->identify_data, 512);
2542 }
2543 qemu_get_8s(f, &s->feature);
2544 qemu_get_8s(f, &s->error);
2545 qemu_get_be32s(f, &s->nsector);
2546 qemu_get_8s(f, &s->sector);
2547 qemu_get_8s(f, &s->lcyl);
2548 qemu_get_8s(f, &s->hcyl);
2549 qemu_get_8s(f, &s->hob_feature);
2550 qemu_get_8s(f, &s->hob_nsector);
2551 qemu_get_8s(f, &s->hob_sector);
2552 qemu_get_8s(f, &s->hob_lcyl);
2553 qemu_get_8s(f, &s->hob_hcyl);
2554 qemu_get_8s(f, &s->select);
2555 qemu_get_8s(f, &s->status);
2556 qemu_get_8s(f, &s->lba48);
2557
2558 qemu_get_8s(f, &s->sense_key);
2559 qemu_get_8s(f, &s->asc);
2560 /* XXX: if a transfer is pending, we do not save it yet */
2561}
2562
34e538ae
FB		 2563/***********************************************************/
2564/* ISA IDE definitions */
2565
d537cf6c 2566void isa_ide_init(int iobase, int iobase2, qemu_irq irq,
34e538ae
FB		 2567 BlockDriverState *hd0, BlockDriverState *hd1)
2568{
2569 IDEState *ide_state;
2570
2571 ide_state = qemu_mallocz(sizeof(IDEState) * 2);
2572 if (!ide_state)
2573 return;
3b46e624 2574
d537cf6c 2575 ide_init2(ide_state, hd0, hd1, irq);
34e538ae
FB		 2576 ide_init_ioport(ide_state, iobase, iobase2);
2577}
2578
69b91039
FB		 2579/***********************************************************/
2580/* PCI IDE definitions */
2581
5457c8ce
FB		 2582static void cmd646_update_irq(PCIIDEState *d);
2583
5fafdf24 2584static void ide_map(PCIDevice *pci_dev, int region_num,
69b91039
FB		 2585 uint32_t addr, uint32_t size, int type)
2586{
2587 PCIIDEState *d = (PCIIDEState *)pci_dev;
2588 IDEState *ide_state;
2589
2590 if (region_num <= 3) {
2591 ide_state = &d->ide_if[(region_num >> 1) * 2];
2592 if (region_num & 1) {
2593 register_ioport_read(addr + 2, 1, 1, ide_status_read, ide_state);
2594 register_ioport_write(addr + 2, 1, 1, ide_cmd_write, ide_state);
2595 } else {
2596 register_ioport_write(addr, 8, 1, ide_ioport_write, ide_state);
2597 register_ioport_read(addr, 8, 1, ide_ioport_read, ide_state);
2598
2599 /* data ports */
2600 register_ioport_write(addr, 2, 2, ide_data_writew, ide_state);
2601 register_ioport_read(addr, 2, 2, ide_data_readw, ide_state);
2602 register_ioport_write(addr, 4, 4, ide_data_writel, ide_state);
2603 register_ioport_read(addr, 4, 4, ide_data_readl, ide_state);
2604 }
2605 }
2606}
2607
8ccad811 2608static void ide_dma_start(IDEState *s, BlockDriverCompletionFunc *dma_cb)
98087450
FB		 2609{
2610 BMDMAState *bm = s->bmdma;
2611 if(!bm)
2612 return;
2613 bm->ide_if = s;
2614 bm->dma_cb = dma_cb;
8ccad811
FB		 2615 bm->cur_prd_last = 0;
2616 bm->cur_prd_addr = 0;
2617 bm->cur_prd_len = 0;
98087450 2618 if (bm->status & BM_STATUS_DMAING) {
8ccad811 2619 bm->dma_cb(bm, 0);
98087450
FB		 2620 }
2621}
2622
98087450
FB		 2623static void bmdma_cmd_writeb(void *opaque, uint32_t addr, uint32_t val)
2624{
2625 BMDMAState *bm = opaque;
2626#ifdef DEBUG_IDE
2627 printf("%s: 0x%08x\n", __func__, val);
2628#endif
2629 if (!(val & BM_CMD_START)) {
2630 /* XXX: do it better */
8ccad811
FB		 2631 if (bm->status & BM_STATUS_DMAING) {
2632 bm->status &= ~BM_STATUS_DMAING;
2633 /* cancel DMA request */
2634 bm->ide_if = NULL;
2635 bm->dma_cb = NULL;
2636 if (bm->aiocb) {
2637#ifdef DEBUG_AIO
2638 printf("aio_cancel\n");
2639#endif
2640 bdrv_aio_cancel(bm->aiocb);
2641 bm->aiocb = NULL;
2642 }
2643 }
98087450
FB		 2644 bm->cmd = val & 0x09;
2645 } else {
8ccad811
FB		 2646 if (!(bm->status & BM_STATUS_DMAING)) {
2647 bm->status |= BM_STATUS_DMAING;
2648 /* start dma transfer if possible */
2649 if (bm->dma_cb)
2650 bm->dma_cb(bm, 0);
2651 }
98087450 2652 bm->cmd = val & 0x09;
98087450
FB		 2653 }
2654}
2655
5457c8ce 2656static uint32_t bmdma_readb(void *opaque, uint32_t addr)
98087450
FB		 2657{
2658 BMDMAState *bm = opaque;
5457c8ce 2659 PCIIDEState *pci_dev;
98087450 2660 uint32_t val;
3b46e624 2661
5457c8ce 2662 switch(addr & 3) {
5fafdf24 2663 case 0:
5457c8ce
FB		 2664 val = bm->cmd;
2665 break;
2666 case 1:
2667 pci_dev = bm->pci_dev;
2668 if (pci_dev->type == IDE_TYPE_CMD646) {
2669 val = pci_dev->dev.config[MRDMODE];
2670 } else {
2671 val = 0xff;
2672 }
2673 break;
2674 case 2:
2675 val = bm->status;
2676 break;
2677 case 3:
2678 pci_dev = bm->pci_dev;
2679 if (pci_dev->type == IDE_TYPE_CMD646) {
2680 if (bm == &pci_dev->bmdma[0])
2681 val = pci_dev->dev.config[UDIDETCR0];
2682 else
2683 val = pci_dev->dev.config[UDIDETCR1];
2684 } else {
2685 val = 0xff;
2686 }
2687 break;
2688 default:
2689 val = 0xff;
2690 break;
2691 }
98087450 2692#ifdef DEBUG_IDE
5457c8ce 2693 printf("bmdma: readb 0x%02x : 0x%02x\n", addr, val);
98087450
FB		 2694#endif
2695 return val;
2696}
2697
5457c8ce 2698static void bmdma_writeb(void *opaque, uint32_t addr, uint32_t val)
98087450
FB		 2699{
2700 BMDMAState *bm = opaque;
5457c8ce 2701 PCIIDEState *pci_dev;
98087450 2702#ifdef DEBUG_IDE
5457c8ce 2703 printf("bmdma: writeb 0x%02x : 0x%02x\n", addr, val);
98087450 2704#endif
5457c8ce
FB		 2705 switch(addr & 3) {
2706 case 1:
2707 pci_dev = bm->pci_dev;
2708 if (pci_dev->type == IDE_TYPE_CMD646) {
5fafdf24 2709 pci_dev->dev.config[MRDMODE] =
5457c8ce
FB		 2710 (pci_dev->dev.config[MRDMODE] & ~0x30) | (val & 0x30);
2711 cmd646_update_irq(pci_dev);
2712 }
2713 break;
2714 case 2:
2715 bm->status = (val & 0x60) | (bm->status & 1) | (bm->status & ~val & 0x06);
2716 break;
2717 case 3:
2718 pci_dev = bm->pci_dev;
2719 if (pci_dev->type == IDE_TYPE_CMD646) {
2720 if (bm == &pci_dev->bmdma[0])
2721 pci_dev->dev.config[UDIDETCR0] = val;
2722 else
2723 pci_dev->dev.config[UDIDETCR1] = val;
2724 }
2725 break;
2726 }
98087450
FB		 2727}
2728
2729static uint32_t bmdma_addr_readl(void *opaque, uint32_t addr)
2730{
2731 BMDMAState *bm = opaque;
2732 uint32_t val;
2733 val = bm->addr;
2734#ifdef DEBUG_IDE
2735 printf("%s: 0x%08x\n", __func__, val);
2736#endif
2737 return val;
2738}
2739
2740static void bmdma_addr_writel(void *opaque, uint32_t addr, uint32_t val)
2741{
2742 BMDMAState *bm = opaque;
2743#ifdef DEBUG_IDE
2744 printf("%s: 0x%08x\n", __func__, val);
2745#endif
2746 bm->addr = val & ~3;
30c4bbac 2747 bm->cur_addr = bm->addr;
98087450
FB		 2748}
2749
5fafdf24 2750static void bmdma_map(PCIDevice *pci_dev, int region_num,
98087450
FB		 2751 uint32_t addr, uint32_t size, int type)
2752{
2753 PCIIDEState *d = (PCIIDEState *)pci_dev;
2754 int i;
2755
2756 for(i = 0;i < 2; i++) {
2757 BMDMAState *bm = &d->bmdma[i];
2758 d->ide_if[2 * i].bmdma = bm;
2759 d->ide_if[2 * i + 1].bmdma = bm;
5457c8ce
FB		 2760 bm->pci_dev = (PCIIDEState *)pci_dev;
2761
98087450 2762 register_ioport_write(addr, 1, 1, bmdma_cmd_writeb, bm);
98087450 2763
5457c8ce
FB		 2764 register_ioport_write(addr + 1, 3, 1, bmdma_writeb, bm);
2765 register_ioport_read(addr, 4, 1, bmdma_readb, bm);
98087450
FB		 2766
2767 register_ioport_write(addr + 4, 4, 4, bmdma_addr_writel, bm);
2768 register_ioport_read(addr + 4, 4, 4, bmdma_addr_readl, bm);
2769 addr += 8;
2770 }
2771}
2772
5457c8ce
FB		 2773/* XXX: call it also when the MRDMODE is changed from the PCI config
2774 registers */
2775static void cmd646_update_irq(PCIIDEState *d)
2776{
2777 int pci_level;
2778 pci_level = ((d->dev.config[MRDMODE] & MRDMODE_INTR_CH0) &&
2779 !(d->dev.config[MRDMODE] & MRDMODE_BLK_CH0)) ||
2780 ((d->dev.config[MRDMODE] & MRDMODE_INTR_CH1) &&
2781 !(d->dev.config[MRDMODE] & MRDMODE_BLK_CH1));
d537cf6c 2782 qemu_set_irq(d->dev.irq[0], pci_level);
5457c8ce
FB		 2783}
2784
2785/* the PCI irq level is the logical OR of the two channels */
2786static void cmd646_set_irq(void *opaque, int channel, int level)
2787{
2788 PCIIDEState *d = opaque;
2789 int irq_mask;
2790
2791 irq_mask = MRDMODE_INTR_CH0 << channel;
2792 if (level)
2793 d->dev.config[MRDMODE] |= irq_mask;
2794 else
2795 d->dev.config[MRDMODE] &= ~irq_mask;
2796 cmd646_update_irq(d);
2797}
2798
2799/* CMD646 PCI IDE controller */
2800void pci_cmd646_ide_init(PCIBus *bus, BlockDriverState **hd_table,
2801 int secondary_ide_enabled)
69b91039
FB		 2802{
2803 PCIIDEState *d;
2804 uint8_t *pci_conf;
34e538ae 2805 int i;
d537cf6c 2806 qemu_irq *irq;
34e538ae 2807
5fafdf24 2808 d = (PCIIDEState *)pci_register_device(bus, "CMD646 IDE",
5457c8ce 2809 sizeof(PCIIDEState),
5fafdf24 2810 -1,
73c11f63 2811 NULL, NULL);
5457c8ce 2812 d->type = IDE_TYPE_CMD646;
69b91039 2813 pci_conf = d->dev.config;
5457c8ce
FB		 2814 pci_conf[0x00] = 0x95; // CMD646
2815 pci_conf[0x01] = 0x10;
2816 pci_conf[0x02] = 0x46;
2817 pci_conf[0x03] = 0x06;
2818
2819 pci_conf[0x08] = 0x07; // IDE controller revision
5fafdf24 2820 pci_conf[0x09] = 0x8f;
5457c8ce 2821
69b91039
FB		 2822 pci_conf[0x0a] = 0x01; // class_sub = PCI_IDE
2823 pci_conf[0x0b] = 0x01; // class_base = PCI_mass_storage
5457c8ce 2824 pci_conf[0x0e] = 0x00; // header_type
3b46e624 2825
5457c8ce
FB		 2826 if (secondary_ide_enabled) {
2827 /* XXX: if not enabled, really disable the seconday IDE controller */
2828 pci_conf[0x51] = 0x80; /* enable IDE1 */
2829 }
69b91039 2830
5fafdf24 2831 pci_register_io_region((PCIDevice *)d, 0, 0x8,
69b91039 2832 PCI_ADDRESS_SPACE_IO, ide_map);
5fafdf24 2833 pci_register_io_region((PCIDevice *)d, 1, 0x4,
69b91039 2834 PCI_ADDRESS_SPACE_IO, ide_map);
5fafdf24 2835 pci_register_io_region((PCIDevice *)d, 2, 0x8,
69b91039 2836 PCI_ADDRESS_SPACE_IO, ide_map);
5fafdf24 2837 pci_register_io_region((PCIDevice *)d, 3, 0x4,
69b91039 2838 PCI_ADDRESS_SPACE_IO, ide_map);
5fafdf24 2839 pci_register_io_region((PCIDevice *)d, 4, 0x10,
98087450 2840 PCI_ADDRESS_SPACE_IO, bmdma_map);
69b91039 2841
34e538ae 2842 pci_conf[0x3d] = 0x01; // interrupt on pin 1
3b46e624 2843
34e538ae
FB		 2844 for(i = 0; i < 4; i++)
2845 d->ide_if[i].pci_dev = (PCIDevice *)d;
d537cf6c
PB		 2846
2847 irq = qemu_allocate_irqs(cmd646_set_irq, d, 2);
2848 ide_init2(&d->ide_if[0], hd_table[0], hd_table[1], irq[0]);
2849 ide_init2(&d->ide_if[2], hd_table[2], hd_table[3], irq[1]);
34e538ae
FB		 2850}
2851
c3d78997
FB		 2852static void pci_ide_save(QEMUFile* f, void *opaque)
2853{
2854 PCIIDEState *d = opaque;
2855 int i;
2856
2857 pci_device_save(&d->dev, f);
2858
2859 for(i = 0; i < 2; i++) {
2860 BMDMAState *bm = &d->bmdma[i];
2861 qemu_put_8s(f, &bm->cmd);
2862 qemu_put_8s(f, &bm->status);
2863 qemu_put_be32s(f, &bm->addr);
2864 /* XXX: if a transfer is pending, we do not save it yet */
2865 }
2866
2867 /* per IDE interface data */
2868 for(i = 0; i < 2; i++) {
2869 IDEState *s = &d->ide_if[i * 2];
2870 uint8_t drive1_selected;
2871 qemu_put_8s(f, &s->cmd);
2872 drive1_selected = (s->cur_drive != s);
2873 qemu_put_8s(f, &drive1_selected);
2874 }
2875
2876 /* per IDE drive data */
2877 for(i = 0; i < 4; i++) {
aa941b94 2878 ide_save(f, &d->ide_if[i]);
c3d78997
FB		 2879 }
2880}
2881
2882static int pci_ide_load(QEMUFile* f, void *opaque, int version_id)
2883{
2884 PCIIDEState *d = opaque;
2885 int ret, i;
2886
2887 if (version_id != 1)
2888 return -EINVAL;
2889 ret = pci_device_load(&d->dev, f);
2890 if (ret < 0)
2891 return ret;
2892
2893 for(i = 0; i < 2; i++) {
2894 BMDMAState *bm = &d->bmdma[i];
2895 qemu_get_8s(f, &bm->cmd);
2896 qemu_get_8s(f, &bm->status);
2897 qemu_get_be32s(f, &bm->addr);
2898 /* XXX: if a transfer is pending, we do not save it yet */
2899 }
2900
2901 /* per IDE interface data */
2902 for(i = 0; i < 2; i++) {
2903 IDEState *s = &d->ide_if[i * 2];
2904 uint8_t drive1_selected;
2905 qemu_get_8s(f, &s->cmd);
2906 qemu_get_8s(f, &drive1_selected);
2907 s->cur_drive = &d->ide_if[i * 2 + (drive1_selected != 0)];
2908 }
2909
2910 /* per IDE drive data */
2911 for(i = 0; i < 4; i++) {
aa941b94 2912 ide_load(f, &d->ide_if[i]);
c3d78997
FB		 2913 }
2914 return 0;
2915}
2916
e6a71ae3
TS		 2917static void piix3_reset(PCIIDEState *d)
2918{
2919 uint8_t *pci_conf = d->dev.config;
2920
2921 pci_conf[0x04] = 0x00;
2922 pci_conf[0x05] = 0x00;
2923 pci_conf[0x06] = 0x80; /* FBC */
2924 pci_conf[0x07] = 0x02; // PCI_status_devsel_medium
2925 pci_conf[0x20] = 0x01; /* BMIBA: 20-23h */
2926}
2927
34e538ae
FB		 2928/* hd_table must contain 4 block drivers */
2929/* NOTE: for the PIIX3, the IRQs and IOports are hardcoded */
d537cf6c
PB		 2930void pci_piix3_ide_init(PCIBus *bus, BlockDriverState **hd_table, int devfn,
2931 qemu_irq *pic)
34e538ae
FB		 2932{
2933 PCIIDEState *d;
2934 uint8_t *pci_conf;
3b46e624 2935
34e538ae 2936 /* register a function 1 of PIIX3 */
5fafdf24 2937 d = (PCIIDEState *)pci_register_device(bus, "PIIX3 IDE",
46e50e9d 2938 sizeof(PCIIDEState),
502a5395 2939 devfn,
34e538ae 2940 NULL, NULL);
5457c8ce
FB		 2941 d->type = IDE_TYPE_PIIX3;
2942
34e538ae
FB		 2943 pci_conf = d->dev.config;
2944 pci_conf[0x00] = 0x86; // Intel
2945 pci_conf[0x01] = 0x80;
2946 pci_conf[0x02] = 0x10;
2947 pci_conf[0x03] = 0x70;
92510b8c 2948 pci_conf[0x09] = 0x80; // legacy ATA mode
34e538ae
FB		 2949 pci_conf[0x0a] = 0x01; // class_sub = PCI_IDE
2950 pci_conf[0x0b] = 0x01; // class_base = PCI_mass_storage
2951 pci_conf[0x0e] = 0x00; // header_type
2952
e6a71ae3
TS		 2953 piix3_reset(d);
2954
5fafdf24 2955 pci_register_io_region((PCIDevice *)d, 4, 0x10,
98087450 2956 PCI_ADDRESS_SPACE_IO, bmdma_map);
34e538ae 2957
d537cf6c
PB		 2958 ide_init2(&d->ide_if[0], hd_table[0], hd_table[1], pic[14]);
2959 ide_init2(&d->ide_if[2], hd_table[2], hd_table[3], pic[15]);
34e538ae
FB		 2960 ide_init_ioport(&d->ide_if[0], 0x1f0, 0x3f6);
2961 ide_init_ioport(&d->ide_if[2], 0x170, 0x376);
c3d78997
FB		 2962
2963 register_savevm("ide", 0, 1, pci_ide_save, pci_ide_load, d);
69b91039 2964}
1ade1de2 2965
afcc3cdf
TS		 2966/* hd_table must contain 4 block drivers */
2967/* NOTE: for the PIIX4, the IRQs and IOports are hardcoded */
2968void pci_piix4_ide_init(PCIBus *bus, BlockDriverState **hd_table, int devfn,
2969 qemu_irq *pic)
2970{
2971 PCIIDEState *d;
2972 uint8_t *pci_conf;
2973
2974 /* register a function 1 of PIIX4 */
2975 d = (PCIIDEState *)pci_register_device(bus, "PIIX4 IDE",
2976 sizeof(PCIIDEState),
2977 devfn,
2978 NULL, NULL);
2979 d->type = IDE_TYPE_PIIX4;
2980
2981 pci_conf = d->dev.config;
2982 pci_conf[0x00] = 0x86; // Intel
2983 pci_conf[0x01] = 0x80;
2984 pci_conf[0x02] = 0x11;
2985 pci_conf[0x03] = 0x71;
2986 pci_conf[0x09] = 0x80; // legacy ATA mode
2987 pci_conf[0x0a] = 0x01; // class_sub = PCI_IDE
2988 pci_conf[0x0b] = 0x01; // class_base = PCI_mass_storage
2989 pci_conf[0x0e] = 0x00; // header_type
2990
2991 piix3_reset(d);
2992
2993 pci_register_io_region((PCIDevice *)d, 4, 0x10,
2994 PCI_ADDRESS_SPACE_IO, bmdma_map);
2995
2996 ide_init2(&d->ide_if[0], hd_table[0], hd_table[1], pic[14]);
2997 ide_init2(&d->ide_if[2], hd_table[2], hd_table[3], pic[15]);
2998 ide_init_ioport(&d->ide_if[0], 0x1f0, 0x3f6);
2999 ide_init_ioport(&d->ide_if[2], 0x170, 0x376);
3000
3001 register_savevm("ide", 0, 1, pci_ide_save, pci_ide_load, d);
3002}
3003
1ade1de2
FB		 3004/***********************************************************/
3005/* MacIO based PowerPC IDE */
3006
3007/* PowerMac IDE memory IO */
3008static void pmac_ide_writeb (void *opaque,
3009 target_phys_addr_t addr, uint32_t val)
3010{
5fafdf24 3011 addr = (addr & 0xFFF) >> 4;
1ade1de2
FB		 3012 switch (addr) {
3013 case 1 ... 7:
3014 ide_ioport_write(opaque, addr, val);
3015 break;
3016 case 8:
3017 case 22:
3018 ide_cmd_write(opaque, 0, val);
3019 break;
3020 default:
3021 break;
3022 }
3023}
3024
3025static uint32_t pmac_ide_readb (void *opaque,target_phys_addr_t addr)
3026{
3027 uint8_t retval;
3028
3029 addr = (addr & 0xFFF) >> 4;
3030 switch (addr) {
3031 case 1 ... 7:
3032 retval = ide_ioport_read(opaque, addr);
3033 break;
3034 case 8:
3035 case 22:
3036 retval = ide_status_read(opaque, 0);
3037 break;
3038 default:
3039 retval = 0xFF;
3040 break;
3041 }
3042 return retval;
3043}
3044
3045static void pmac_ide_writew (void *opaque,
3046 target_phys_addr_t addr, uint32_t val)
3047{
5fafdf24 3048 addr = (addr & 0xFFF) >> 4;
1ade1de2
FB		 3049#ifdef TARGET_WORDS_BIGENDIAN
3050 val = bswap16(val);
3051#endif
3052 if (addr == 0) {
3053 ide_data_writew(opaque, 0, val);
3054 }
3055}
3056
3057static uint32_t pmac_ide_readw (void *opaque,target_phys_addr_t addr)
3058{
3059 uint16_t retval;
3060
5fafdf24 3061 addr = (addr & 0xFFF) >> 4;
1ade1de2
FB		 3062 if (addr == 0) {
3063 retval = ide_data_readw(opaque, 0);
3064 } else {
3065 retval = 0xFFFF;
3066 }
3067#ifdef TARGET_WORDS_BIGENDIAN
3068 retval = bswap16(retval);
3069#endif
3070 return retval;
3071}
3072
3073static void pmac_ide_writel (void *opaque,
3074 target_phys_addr_t addr, uint32_t val)
3075{
5fafdf24 3076 addr = (addr & 0xFFF) >> 4;
1ade1de2
FB		 3077#ifdef TARGET_WORDS_BIGENDIAN
3078 val = bswap32(val);
3079#endif
3080 if (addr == 0) {
3081 ide_data_writel(opaque, 0, val);
3082 }
3083}
3084
3085static uint32_t pmac_ide_readl (void *opaque,target_phys_addr_t addr)
3086{
3087 uint32_t retval;
3088
5fafdf24 3089 addr = (addr & 0xFFF) >> 4;
1ade1de2
FB		 3090 if (addr == 0) {
3091 retval = ide_data_readl(opaque, 0);
3092 } else {
3093 retval = 0xFFFFFFFF;
3094 }
3095#ifdef TARGET_WORDS_BIGENDIAN
3096 retval = bswap32(retval);
3097#endif
3098 return retval;
3099}
3100
3101static CPUWriteMemoryFunc *pmac_ide_write[] = {
3102 pmac_ide_writeb,
3103 pmac_ide_writew,
3104 pmac_ide_writel,
3105};
3106
3107static CPUReadMemoryFunc *pmac_ide_read[] = {
3108 pmac_ide_readb,
3109 pmac_ide_readw,
3110 pmac_ide_readl,
3111};
3112
3113/* hd_table must contain 4 block drivers */
3114/* PowerMac uses memory mapped registers, not I/O. Return the memory
3115 I/O index to access the ide. */
d537cf6c 3116int pmac_ide_init (BlockDriverState **hd_table, qemu_irq irq)
1ade1de2
FB		 3117{
3118 IDEState *ide_if;
3119 int pmac_ide_memory;
3120
3121 ide_if = qemu_mallocz(sizeof(IDEState) * 2);
d537cf6c 3122 ide_init2(&ide_if[0], hd_table[0], hd_table[1], irq);
3b46e624 3123
1ade1de2
FB		 3124 pmac_ide_memory = cpu_register_io_memory(0, pmac_ide_read,
3125 pmac_ide_write, &ide_if[0]);
3126 return pmac_ide_memory;
3127}
201a51fc
AZ		 3128
3129/***********************************************************/
3130/* CF-ATA Microdrive */
3131
3132#define METADATA_SIZE 0x20
3133
3134/* DSCM-1XXXX Microdrive hard disk with CF+ II / PCMCIA interface. */
3135struct md_s {
3136 IDEState ide[2];
3137 struct pcmcia_card_s card;
3138 uint32_t attr_base;
3139 uint32_t io_base;
3140
3141 /* Card state */
3142 uint8_t opt;
3143 uint8_t stat;
3144 uint8_t pins;
3145
3146 uint8_t ctrl;
3147 uint16_t io;
3148 int cycle;
3149};
3150
3151/* Register bitfields */
3152enum md_opt {
3153 OPT_MODE_MMAP = 0,
3154 OPT_MODE_IOMAP16 = 1,
3155 OPT_MODE_IOMAP1 = 2,
3156 OPT_MODE_IOMAP2 = 3,
3157 OPT_MODE = 0x3f,
3158 OPT_LEVIREQ = 0x40,
3159 OPT_SRESET = 0x80,
3160};
3161enum md_cstat {
3162 STAT_INT = 0x02,
3163 STAT_PWRDWN = 0x04,
3164 STAT_XE = 0x10,
3165 STAT_IOIS8 = 0x20,
3166 STAT_SIGCHG = 0x40,
3167 STAT_CHANGED = 0x80,
3168};
3169enum md_pins {
3170 PINS_MRDY = 0x02,
3171 PINS_CRDY = 0x20,
3172};
3173enum md_ctrl {
3174 CTRL_IEN = 0x02,
3175 CTRL_SRST = 0x04,
3176};
3177
3178static inline void md_interrupt_update(struct md_s *s)
3179{
3180 if (!s->card.slot)
3181 return;
3182
3183 qemu_set_irq(s->card.slot->irq,
3184 !(s->stat & STAT_INT) && /* Inverted */
3185 !(s->ctrl & (CTRL_IEN | CTRL_SRST)) &&
3186 !(s->opt & OPT_SRESET));
3187}
3188
3189static void md_set_irq(void *opaque, int irq, int level)
3190{
3191 struct md_s *s = (struct md_s *) opaque;
3192 if (level)
3193 s->stat |= STAT_INT;
3194 else
3195 s->stat &= ~STAT_INT;
3196
3197 md_interrupt_update(s);
3198}
3199
3200static void md_reset(struct md_s *s)
3201{
3202 s->opt = OPT_MODE_MMAP;
3203 s->stat = 0;
3204 s->pins = 0;
3205 s->cycle = 0;
3206 s->ctrl = 0;
3207 ide_reset(s->ide);
3208}
3209
9e315fa9 3210static uint8_t md_attr_read(void *opaque, uint32_t at)
201a51fc
AZ		 3211{
3212 struct md_s *s = (struct md_s *) opaque;
3213 if (at < s->attr_base) {
3214 if (at < s->card.cis_len)
3215 return s->card.cis[at];
3216 else
3217 return 0x00;
3218 }
3219
3220 at -= s->attr_base;
3221
3222 switch (at) {
3223 case 0x00: /* Configuration Option Register */
3224 return s->opt;
3225 case 0x02: /* Card Configuration Status Register */
3226 if (s->ctrl & CTRL_IEN)
3227 return s->stat & ~STAT_INT;
3228 else
3229 return s->stat;
3230 case 0x04: /* Pin Replacement Register */
3231 return (s->pins & PINS_CRDY) | 0x0c;
3232 case 0x06: /* Socket and Copy Register */
3233 return 0x00;
3234#ifdef VERBOSE
3235 default:
3236 printf("%s: Bad attribute space register %02x\n", __FUNCTION__, at);
3237#endif
3238 }
3239
3240 return 0;
3241}
3242
9e315fa9 3243static void md_attr_write(void *opaque, uint32_t at, uint8_t value)
201a51fc
AZ		 3244{
3245 struct md_s *s = (struct md_s *) opaque;
3246 at -= s->attr_base;
3247
3248 switch (at) {
3249 case 0x00: /* Configuration Option Register */
3250 s->opt = value & 0xcf;
3251 if (value & OPT_SRESET)
3252 md_reset(s);
3253 md_interrupt_update(s);
3254 break;
3255 case 0x02: /* Card Configuration Status Register */
3256 if ((s->stat ^ value) & STAT_PWRDWN)
3257 s->pins |= PINS_CRDY;
3258 s->stat &= 0x82;
3259 s->stat |= value & 0x74;
3260 md_interrupt_update(s);
3261 /* Word 170 in Identify Device must be equal to STAT_XE */
3262 break;
3263 case 0x04: /* Pin Replacement Register */
3264 s->pins &= PINS_CRDY;
3265 s->pins |= value & PINS_MRDY;
3266 break;
3267 case 0x06: /* Socket and Copy Register */
3268 break;
3269 default:
3270 printf("%s: Bad attribute space register %02x\n", __FUNCTION__, at);
3271 }
3272}
3273
9e315fa9 3274static uint16_t md_common_read(void *opaque, uint32_t at)
201a51fc
AZ		 3275{
3276 struct md_s *s = (struct md_s *) opaque;
3277 uint16_t ret;
3278 at -= s->io_base;
3279
3280 switch (s->opt & OPT_MODE) {
3281 case OPT_MODE_MMAP:
3282 if ((at & ~0x3ff) == 0x400)
3283 at = 0;
3284 break;
3285 case OPT_MODE_IOMAP16:
3286 at &= 0xf;
3287 break;
3288 case OPT_MODE_IOMAP1:
3289 if ((at & ~0xf) == 0x3f0)
3290 at -= 0x3e8;
3291 else if ((at & ~0xf) == 0x1f0)
3292 at -= 0x1f0;
3293 break;
3294 case OPT_MODE_IOMAP2:
3295 if ((at & ~0xf) == 0x370)
3296 at -= 0x368;
3297 else if ((at & ~0xf) == 0x170)
3298 at -= 0x170;
3299 }
3300
3301 switch (at) {
3302 case 0x0: /* Even RD Data */
3303 case 0x8:
3304 return ide_data_readw(s->ide, 0);
3305
3306 /* TODO: 8-bit accesses */
3307 if (s->cycle)
3308 ret = s->io >> 8;
3309 else {
3310 s->io = ide_data_readw(s->ide, 0);
3311 ret = s->io & 0xff;
3312 }
3313 s->cycle = !s->cycle;
3314 return ret;
3315 case 0x9: /* Odd RD Data */
3316 return s->io >> 8;
3317 case 0xd: /* Error */
3318 return ide_ioport_read(s->ide, 0x1);
3319 case 0xe: /* Alternate Status */
3320 if (s->ide->cur_drive->bs)
3321 return s->ide->cur_drive->status;
3322 else
3323 return 0;
3324 case 0xf: /* Device Address */
3325 return 0xc2 | ((~s->ide->select << 2) & 0x3c);
3326 default:
3327 return ide_ioport_read(s->ide, at);
3328 }
3329
3330 return 0;
3331}
3332
9e315fa9 3333static void md_common_write(void *opaque, uint32_t at, uint16_t value)
201a51fc
AZ		 3334{
3335 struct md_s *s = (struct md_s *) opaque;
3336 at -= s->io_base;
3337
3338 switch (s->opt & OPT_MODE) {
3339 case OPT_MODE_MMAP:
3340 if ((at & ~0x3ff) == 0x400)
3341 at = 0;
3342 break;
3343 case OPT_MODE_IOMAP16:
3344 at &= 0xf;
3345 break;
3346 case OPT_MODE_IOMAP1:
3347 if ((at & ~0xf) == 0x3f0)
3348 at -= 0x3e8;
3349 else if ((at & ~0xf) == 0x1f0)
3350 at -= 0x1f0;
3351 break;
3352 case OPT_MODE_IOMAP2:
3353 if ((at & ~0xf) == 0x370)
3354 at -= 0x368;
3355 else if ((at & ~0xf) == 0x170)
3356 at -= 0x170;
3357 }
3358
3359 switch (at) {
3360 case 0x0: /* Even WR Data */
3361 case 0x8:
3362 ide_data_writew(s->ide, 0, value);
3363 break;
3364
3365 /* TODO: 8-bit accesses */
3366 if (s->cycle)
3367 ide_data_writew(s->ide, 0, s->io | (value << 8));
3368 else
3369 s->io = value & 0xff;
3370 s->cycle = !s->cycle;
3371 break;
3372 case 0x9:
3373 s->io = value & 0xff;
3374 s->cycle = !s->cycle;
3375 break;
3376 case 0xd: /* Features */
3377 ide_ioport_write(s->ide, 0x1, value);
3378 break;
3379 case 0xe: /* Device Control */
3380 s->ctrl = value;
3381 if (value & CTRL_SRST)
3382 md_reset(s);
3383 md_interrupt_update(s);
3384 break;
3385 default:
3386 if (s->stat & STAT_PWRDWN) {
3387 s->pins |= PINS_CRDY;
3388 s->stat &= ~STAT_PWRDWN;
3389 }
3390 ide_ioport_write(s->ide, at, value);
3391 }
3392}
3393
aa941b94
AZ		 3394static void md_save(QEMUFile *f, void *opaque)
3395{
3396 struct md_s *s = (struct md_s *) opaque;
3397 int i;
3398 uint8_t drive1_selected;
3399
3400 qemu_put_8s(f, &s->opt);
3401 qemu_put_8s(f, &s->stat);
3402 qemu_put_8s(f, &s->pins);
3403
3404 qemu_put_8s(f, &s->ctrl);
3405 qemu_put_be16s(f, &s->io);
3406 qemu_put_byte(f, s->cycle);
3407
3408 drive1_selected = (s->ide->cur_drive != s->ide);
3409 qemu_put_8s(f, &s->ide->cmd);
3410 qemu_put_8s(f, &drive1_selected);
3411
3412 for (i = 0; i < 2; i ++)
3413 ide_save(f, &s->ide[i]);
3414}
3415
3416static int md_load(QEMUFile *f, void *opaque, int version_id)
3417{
3418 struct md_s *s = (struct md_s *) opaque;
3419 int i;
3420 uint8_t drive1_selected;
3421
3422 qemu_get_8s(f, &s->opt);
3423 qemu_get_8s(f, &s->stat);
3424 qemu_get_8s(f, &s->pins);
3425
3426 qemu_get_8s(f, &s->ctrl);
3427 qemu_get_be16s(f, &s->io);
3428 s->cycle = qemu_get_byte(f);
3429
3430 qemu_get_8s(f, &s->ide->cmd);
3431 qemu_get_8s(f, &drive1_selected);
3432 s->ide->cur_drive = &s->ide[(drive1_selected != 0)];
3433
3434 for (i = 0; i < 2; i ++)
3435 ide_load(f, &s->ide[i]);
3436
3437 return 0;
3438}
3439
3440static int md_iid = 0;
3441
201a51fc
AZ		 3442static const uint8_t dscm1xxxx_cis[0x14a] = {
3443 [0x000] = CISTPL_DEVICE, /* 5V Device Information */
3444 [0x002] = 0x03, /* Tuple length = 4 bytes */
3445 [0x004] = 0xdb, /* ID: DTYPE_FUNCSPEC, non WP, DSPEED_150NS */
3446 [0x006] = 0x01, /* Size = 2K bytes */
3447 [0x008] = CISTPL_ENDMARK,
3448
3449 [0x00a] = CISTPL_DEVICE_OC, /* Additional Device Information */
3450 [0x00c] = 0x04, /* Tuple length = 4 byest */
3451 [0x00e] = 0x03, /* Conditions: Ext = 0, Vcc 3.3V, MWAIT = 1 */
3452 [0x010] = 0xdb, /* ID: DTYPE_FUNCSPEC, non WP, DSPEED_150NS */
3453 [0x012] = 0x01, /* Size = 2K bytes */
3454 [0x014] = CISTPL_ENDMARK,
3455
3456 [0x016] = CISTPL_JEDEC_C, /* JEDEC ID */
3457 [0x018] = 0x02, /* Tuple length = 2 bytes */
3458 [0x01a] = 0xdf, /* PC Card ATA with no Vpp required */
3459 [0x01c] = 0x01,
3460
3461 [0x01e] = CISTPL_MANFID, /* Manufacture ID */
3462 [0x020] = 0x04, /* Tuple length = 4 bytes */
3463 [0x022] = 0xa4, /* TPLMID_MANF = 00a4 (IBM) */
3464 [0x024] = 0x00,
3465 [0x026] = 0x00, /* PLMID_CARD = 0000 */
3466 [0x028] = 0x00,
3467
3468 [0x02a] = CISTPL_VERS_1, /* Level 1 Version */
3469 [0x02c] = 0x12, /* Tuple length = 23 bytes */
3470 [0x02e] = 0x04, /* Major Version = JEIDA 4.2 / PCMCIA 2.1 */
3471 [0x030] = 0x01, /* Minor Version = 1 */
3472 [0x032] = 'I',
3473 [0x034] = 'B',
3474 [0x036] = 'M',
3475 [0x038] = 0x00,
3476 [0x03a] = 'm',
3477 [0x03c] = 'i',
3478 [0x03e] = 'c',
3479 [0x040] = 'r',
3480 [0x042] = 'o',
3481 [0x044] = 'd',
3482 [0x046] = 'r',
3483 [0x048] = 'i',
3484 [0x04a] = 'v',
3485 [0x04c] = 'e',
3486 [0x04e] = 0x00,
3487 [0x050] = CISTPL_ENDMARK,
3488
3489 [0x052] = CISTPL_FUNCID, /* Function ID */
3490 [0x054] = 0x02, /* Tuple length = 2 bytes */
3491 [0x056] = 0x04, /* TPLFID_FUNCTION = Fixed Disk */
3492 [0x058] = 0x01, /* TPLFID_SYSINIT: POST = 1, ROM = 0 */
3493
3494 [0x05a] = CISTPL_FUNCE, /* Function Extension */
3495 [0x05c] = 0x02, /* Tuple length = 2 bytes */
3496 [0x05e] = 0x01, /* TPLFE_TYPE = Disk Device Interface */
3497 [0x060] = 0x01, /* TPLFE_DATA = PC Card ATA Interface */
3498
3499 [0x062] = CISTPL_FUNCE, /* Function Extension */
3500 [0x064] = 0x03, /* Tuple length = 3 bytes */
3501 [0x066] = 0x02, /* TPLFE_TYPE = Basic PC Card ATA Interface */
3502 [0x068] = 0x08, /* TPLFE_DATA: Rotating, Unique, Single */
3503 [0x06a] = 0x0f, /* TPLFE_DATA: Sleep, Standby, Idle, Auto */
3504
3505 [0x06c] = CISTPL_CONFIG, /* Configuration */
3506 [0x06e] = 0x05, /* Tuple length = 5 bytes */
3507 [0x070] = 0x01, /* TPCC_RASZ = 2 bytes, TPCC_RMSZ = 1 byte */
3508 [0x072] = 0x07, /* TPCC_LAST = 7 */
3509 [0x074] = 0x00, /* TPCC_RADR = 0200 */
3510 [0x076] = 0x02,
3511 [0x078] = 0x0f, /* TPCC_RMSK = 200, 202, 204, 206 */
3512
3513 [0x07a] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
3514 [0x07c] = 0x0b, /* Tuple length = 11 bytes */
3515 [0x07e] = 0xc0, /* TPCE_INDX = Memory Mode, Default, Iface */
3516 [0x080] = 0xc0, /* TPCE_IF = Memory, no BVDs, no WP, READY */
3517 [0x082] = 0xa1, /* TPCE_FS = Vcc only, no I/O, Memory, Misc */
3518 [0x084] = 0x27, /* NomV = 1, MinV = 1, MaxV = 1, Peakl = 1 */
3519 [0x086] = 0x55, /* NomV: 5.0 V */
3520 [0x088] = 0x4d, /* MinV: 4.5 V */
3521 [0x08a] = 0x5d, /* MaxV: 5.5 V */
3522 [0x08c] = 0x4e, /* Peakl: 450 mA */
3523 [0x08e] = 0x08, /* TPCE_MS = 1 window, 1 byte, Host address */
3524 [0x090] = 0x00, /* Window descriptor: Window length = 0 */
3525 [0x092] = 0x20, /* TPCE_MI: support power down mode, RW */
3526
3527 [0x094] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
3528 [0x096] = 0x06, /* Tuple length = 6 bytes */
3529 [0x098] = 0x00, /* TPCE_INDX = Memory Mode, no Default */
3530 [0x09a] = 0x01, /* TPCE_FS = Vcc only, no I/O, no Memory */
3531 [0x09c] = 0x21, /* NomV = 1, MinV = 0, MaxV = 0, Peakl = 1 */
3532 [0x09e] = 0xb5, /* NomV: 3.3 V */
3533 [0x0a0] = 0x1e,
3534 [0x0a2] = 0x3e, /* Peakl: 350 mA */
3535
3536 [0x0a4] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
3537 [0x0a6] = 0x0d, /* Tuple length = 13 bytes */
3538 [0x0a8] = 0xc1, /* TPCE_INDX = I/O and Memory Mode, Default */
3539 [0x0aa] = 0x41, /* TPCE_IF = I/O and Memory, no BVD, no WP */
3540 [0x0ac] = 0x99, /* TPCE_FS = Vcc only, I/O, Interrupt, Misc */
3541 [0x0ae] = 0x27, /* NomV = 1, MinV = 1, MaxV = 1, Peakl = 1 */
3542 [0x0b0] = 0x55, /* NomV: 5.0 V */
3543 [0x0b2] = 0x4d, /* MinV: 4.5 V */
3544 [0x0b4] = 0x5d, /* MaxV: 5.5 V */
3545 [0x0b6] = 0x4e, /* Peakl: 450 mA */
3546 [0x0b8] = 0x64, /* TPCE_IO = 16-byte boundary, 16/8 accesses */
3547 [0x0ba] = 0xf0, /* TPCE_IR = MASK, Level, Pulse, Share */
3548 [0x0bc] = 0xff, /* IRQ0..IRQ7 supported */
3549 [0x0be] = 0xff, /* IRQ8..IRQ15 supported */
3550 [0x0c0] = 0x20, /* TPCE_MI = support power down mode */
3551
3552 [0x0c2] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
3553 [0x0c4] = 0x06, /* Tuple length = 6 bytes */
3554 [0x0c6] = 0x01, /* TPCE_INDX = I/O and Memory Mode */
3555 [0x0c8] = 0x01, /* TPCE_FS = Vcc only, no I/O, no Memory */
3556 [0x0ca] = 0x21, /* NomV = 1, MinV = 0, MaxV = 0, Peakl = 1 */
3557 [0x0cc] = 0xb5, /* NomV: 3.3 V */
3558 [0x0ce] = 0x1e,
3559 [0x0d0] = 0x3e, /* Peakl: 350 mA */
3560
3561 [0x0d2] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
3562 [0x0d4] = 0x12, /* Tuple length = 18 bytes */
3563 [0x0d6] = 0xc2, /* TPCE_INDX = I/O Primary Mode */
3564 [0x0d8] = 0x41, /* TPCE_IF = I/O and Memory, no BVD, no WP */
3565 [0x0da] = 0x99, /* TPCE_FS = Vcc only, I/O, Interrupt, Misc */
3566 [0x0dc] = 0x27, /* NomV = 1, MinV = 1, MaxV = 1, Peakl = 1 */
3567 [0x0de] = 0x55, /* NomV: 5.0 V */
3568 [0x0e0] = 0x4d, /* MinV: 4.5 V */
3569 [0x0e2] = 0x5d, /* MaxV: 5.5 V */
3570 [0x0e4] = 0x4e, /* Peakl: 450 mA */
3571 [0x0e6] = 0xea, /* TPCE_IO = 1K boundary, 16/8 access, Range */
3572 [0x0e8] = 0x61, /* Range: 2 fields, 2 bytes addr, 1 byte len */
3573 [0x0ea] = 0xf0, /* Field 1 address = 0x01f0 */
3574 [0x0ec] = 0x01,
3575 [0x0ee] = 0x07, /* Address block length = 8 */
3576 [0x0f0] = 0xf6, /* Field 2 address = 0x03f6 */
3577 [0x0f2] = 0x03,
3578 [0x0f4] = 0x01, /* Address block length = 2 */
3579 [0x0f6] = 0xee, /* TPCE_IR = IRQ E, Level, Pulse, Share */
3580 [0x0f8] = 0x20, /* TPCE_MI = support power down mode */
3581
3582 [0x0fa] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
3583 [0x0fc] = 0x06, /* Tuple length = 6 bytes */
3584 [0x0fe] = 0x02, /* TPCE_INDX = I/O Primary Mode, no Default */
3585 [0x100] = 0x01, /* TPCE_FS = Vcc only, no I/O, no Memory */
3586 [0x102] = 0x21, /* NomV = 1, MinV = 0, MaxV = 0, Peakl = 1 */
3587 [0x104] = 0xb5, /* NomV: 3.3 V */
3588 [0x106] = 0x1e,
3589 [0x108] = 0x3e, /* Peakl: 350 mA */
3590
3591 [0x10a] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
3592 [0x10c] = 0x12, /* Tuple length = 18 bytes */
3593 [0x10e] = 0xc3, /* TPCE_INDX = I/O Secondary Mode, Default */
3594 [0x110] = 0x41, /* TPCE_IF = I/O and Memory, no BVD, no WP */
3595 [0x112] = 0x99, /* TPCE_FS = Vcc only, I/O, Interrupt, Misc */
3596 [0x114] = 0x27, /* NomV = 1, MinV = 1, MaxV = 1, Peakl = 1 */
3597 [0x116] = 0x55, /* NomV: 5.0 V */
3598 [0x118] = 0x4d, /* MinV: 4.5 V */
3599 [0x11a] = 0x5d, /* MaxV: 5.5 V */
3600 [0x11c] = 0x4e, /* Peakl: 450 mA */
3601 [0x11e] = 0xea, /* TPCE_IO = 1K boundary, 16/8 access, Range */
3602 [0x120] = 0x61, /* Range: 2 fields, 2 byte addr, 1 byte len */
3603 [0x122] = 0x70, /* Field 1 address = 0x0170 */
3604 [0x124] = 0x01,
3605 [0x126] = 0x07, /* Address block length = 8 */
3606 [0x128] = 0x76, /* Field 2 address = 0x0376 */
3607 [0x12a] = 0x03,
3608 [0x12c] = 0x01, /* Address block length = 2 */
3609 [0x12e] = 0xee, /* TPCE_IR = IRQ E, Level, Pulse, Share */
3610 [0x130] = 0x20, /* TPCE_MI = support power down mode */
3611
3612 [0x132] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
3613 [0x134] = 0x06, /* Tuple length = 6 bytes */
3614 [0x136] = 0x03, /* TPCE_INDX = I/O Secondary Mode */
3615 [0x138] = 0x01, /* TPCE_FS = Vcc only, no I/O, no Memory */
3616 [0x13a] = 0x21, /* NomV = 1, MinV = 0, MaxV = 0, Peakl = 1 */
3617 [0x13c] = 0xb5, /* NomV: 3.3 V */
3618 [0x13e] = 0x1e,
3619 [0x140] = 0x3e, /* Peakl: 350 mA */
3620
3621 [0x142] = CISTPL_NO_LINK, /* No Link */
3622 [0x144] = 0x00, /* Tuple length = 0 bytes */
3623
3624 [0x146] = CISTPL_END, /* Tuple End */
3625};
3626
3627static int dscm1xxxx_attach(void *opaque)
3628{
3629 struct md_s *md = (struct md_s *) opaque;
3630 md->card.attr_read = md_attr_read;
3631 md->card.attr_write = md_attr_write;
3632 md->card.common_read = md_common_read;
3633 md->card.common_write = md_common_write;
3634 md->card.io_read = md_common_read;
3635 md->card.io_write = md_common_write;
3636
3637 md->attr_base = md->card.cis[0x74] | (md->card.cis[0x76] << 8);
3638 md->io_base = 0x0;
3639
3640 md_reset(md);
3641 md_interrupt_update(md);
3642
3643 md->card.slot->card_string = "DSCM-1xxxx Hitachi Microdrive";
3644 return 0;
3645}
3646
3647static int dscm1xxxx_detach(void *opaque)
3648{
3649 struct md_s *md = (struct md_s *) opaque;
3650 md_reset(md);
3651 return 0;
3652}
3653
3654struct pcmcia_card_s *dscm1xxxx_init(BlockDriverState *bdrv)
3655{
3656 struct md_s *md = (struct md_s *) qemu_mallocz(sizeof(struct md_s));
3657 md->card.state = md;
3658 md->card.attach = dscm1xxxx_attach;
3659 md->card.detach = dscm1xxxx_detach;
3660 md->card.cis = dscm1xxxx_cis;
3661 md->card.cis_len = sizeof(dscm1xxxx_cis);
3662
3663 ide_init2(md->ide, bdrv, 0, qemu_allocate_irqs(md_set_irq, md, 1)[0]);
3664 md->ide->is_cf = 1;
3665 md->ide->mdata_size = METADATA_SIZE;
3666 md->ide->mdata_storage = (uint8_t *) qemu_mallocz(METADATA_SIZE);
aa941b94
AZ		 3667
3668 register_savevm("microdrive", md_iid ++, 0, md_save, md_load, md);
3669
201a51fc
AZ		 3670 return &md->card;
3671}
QEMU mirror