]> git.proxmox.com Git - qemu.git/blame - hw/ide.c
projects / qemu.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Fix VM state change handlers running out of order
[qemu.git] / hw / ide.c
CommitLineData
5391d806 1/*
38cdea7c 2 * QEMU IDE disk and CD/DVD-ROM Emulator
5fafdf24 3 *
5391d806 4 * Copyright (c) 2003 Fabrice Bellard
201a51fc 5 * Copyright (c) 2006 Openedhand Ltd.
5fafdf24 6 *
5391d806
FB		 7 * Permission is hereby granted, free of charge, to any person obtaining a copy
8 * of this software and associated documentation files (the "Software"), to deal
9 * in the Software without restriction, including without limitation the rights
10 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
11 * copies of the Software, and to permit persons to whom the Software is
12 * furnished to do so, subject to the following conditions:
13 *
14 * The above copyright notice and this permission notice shall be included in
15 * all copies or substantial portions of the Software.
16 *
17 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
18 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
19 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
20 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
21 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
22 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
23 * THE SOFTWARE.
24 */
87ecb68b
PB		 25#include "hw.h"
26#include "pc.h"
27#include "pci.h"
28#include "scsi-disk.h"
29#include "pcmcia.h"
30#include "block.h"
b0a7b120 31#include "block_int.h"
87ecb68b
PB		 32#include "qemu-timer.h"
33#include "sysemu.h"
9596ebb7 34#include "ppc_mac.h"
e3007e66 35#include "mac_dbdma.h"
b79e1752 36#include "sh.h"
1fb8648d 37#include "dma.h"
5391d806 38
5391d806
FB		 39/* debug IDE devices */
40//#define DEBUG_IDE
41//#define DEBUG_IDE_ATAPI
8ccad811
FB		 42//#define DEBUG_AIO
43#define USE_DMA_CDROM
5391d806
FB		 44
45/* Bits of HD_STATUS */
46#define ERR_STAT 0x01
47#define INDEX_STAT 0x02
48#define ECC_STAT 0x04 /* Corrected error */
49#define DRQ_STAT 0x08
50#define SEEK_STAT 0x10
51#define SRV_STAT 0x10
52#define WRERR_STAT 0x20
53#define READY_STAT 0x40
54#define BUSY_STAT 0x80
55
56/* Bits for HD_ERROR */
57#define MARK_ERR 0x01 /* Bad address mark */
58#define TRK0_ERR 0x02 /* couldn't find track 0 */
59#define ABRT_ERR 0x04 /* Command aborted */
60#define MCR_ERR 0x08 /* media change request */
61#define ID_ERR 0x10 /* ID field not found */
62#define MC_ERR 0x20 /* media changed */
63#define ECC_ERR 0x40 /* Uncorrectable ECC error */
64#define BBD_ERR 0x80 /* pre-EIDE meaning: block marked bad */
65#define ICRC_ERR 0x80 /* new meaning: CRC error during transfer */
66
67/* Bits of HD_NSECTOR */
68#define CD 0x01
69#define IO 0x02
70#define REL 0x04
71#define TAG_MASK 0xf8
72
73#define IDE_CMD_RESET 0x04
74#define IDE_CMD_DISABLE_IRQ 0x02
75
76/* ATA/ATAPI Commands pre T13 Spec */
77#define WIN_NOP 0x00
78/*
79 * 0x01->0x02 Reserved
80 */
81#define CFA_REQ_EXT_ERROR_CODE 0x03 /* CFA Request Extended Error Code */
82/*
83 * 0x04->0x07 Reserved
84 */
85#define WIN_SRST 0x08 /* ATAPI soft reset command */
86#define WIN_DEVICE_RESET 0x08
87/*
88 * 0x09->0x0F Reserved
89 */
90#define WIN_RECAL 0x10
91#define WIN_RESTORE WIN_RECAL
92/*
93 * 0x10->0x1F Reserved
94 */
95#define WIN_READ 0x20 /* 28-Bit */
96#define WIN_READ_ONCE 0x21 /* 28-Bit without retries */
97#define WIN_READ_LONG 0x22 /* 28-Bit */
98#define WIN_READ_LONG_ONCE 0x23 /* 28-Bit without retries */
99#define WIN_READ_EXT 0x24 /* 48-Bit */
100#define WIN_READDMA_EXT 0x25 /* 48-Bit */
101#define WIN_READDMA_QUEUED_EXT 0x26 /* 48-Bit */
102#define WIN_READ_NATIVE_MAX_EXT 0x27 /* 48-Bit */
103/*
104 * 0x28
105 */
106#define WIN_MULTREAD_EXT 0x29 /* 48-Bit */
107/*
108 * 0x2A->0x2F Reserved
109 */
110#define WIN_WRITE 0x30 /* 28-Bit */
111#define WIN_WRITE_ONCE 0x31 /* 28-Bit without retries */
112#define WIN_WRITE_LONG 0x32 /* 28-Bit */
113#define WIN_WRITE_LONG_ONCE 0x33 /* 28-Bit without retries */
114#define WIN_WRITE_EXT 0x34 /* 48-Bit */
115#define WIN_WRITEDMA_EXT 0x35 /* 48-Bit */
116#define WIN_WRITEDMA_QUEUED_EXT 0x36 /* 48-Bit */
117#define WIN_SET_MAX_EXT 0x37 /* 48-Bit */
118#define CFA_WRITE_SECT_WO_ERASE 0x38 /* CFA Write Sectors without erase */
119#define WIN_MULTWRITE_EXT 0x39 /* 48-Bit */
120/*
121 * 0x3A->0x3B Reserved
122 */
123#define WIN_WRITE_VERIFY 0x3C /* 28-Bit */
124/*
125 * 0x3D->0x3F Reserved
126 */
127#define WIN_VERIFY 0x40 /* 28-Bit - Read Verify Sectors */
128#define WIN_VERIFY_ONCE 0x41 /* 28-Bit - without retries */
129#define WIN_VERIFY_EXT 0x42 /* 48-Bit */
130/*
131 * 0x43->0x4F Reserved
132 */
133#define WIN_FORMAT 0x50
134/*
135 * 0x51->0x5F Reserved
136 */
137#define WIN_INIT 0x60
138/*
139 * 0x61->0x5F Reserved
140 */
141#define WIN_SEEK 0x70 /* 0x70-0x7F Reserved */
142#define CFA_TRANSLATE_SECTOR 0x87 /* CFA Translate Sector */
143#define WIN_DIAGNOSE 0x90
144#define WIN_SPECIFY 0x91 /* set drive geometry translation */
145#define WIN_DOWNLOAD_MICROCODE 0x92
146#define WIN_STANDBYNOW2 0x94
201a51fc 147#define CFA_IDLEIMMEDIATE 0x95 /* force drive to become "ready" */
5391d806
FB		 148#define WIN_STANDBY2 0x96
149#define WIN_SETIDLE2 0x97
150#define WIN_CHECKPOWERMODE2 0x98
151#define WIN_SLEEPNOW2 0x99
152/*
153 * 0x9A VENDOR
154 */
155#define WIN_PACKETCMD 0xA0 /* Send a packet command. */
156#define WIN_PIDENTIFY 0xA1 /* identify ATAPI device */
157#define WIN_QUEUED_SERVICE 0xA2
158#define WIN_SMART 0xB0 /* self-monitoring and reporting */
201a51fc
AZ		 159#define CFA_ACCESS_METADATA_STORAGE 0xB8
160#define CFA_ERASE_SECTORS 0xC0 /* microdrives implement as NOP */
5391d806
FB		 161#define WIN_MULTREAD 0xC4 /* read sectors using multiple mode*/
162#define WIN_MULTWRITE 0xC5 /* write sectors using multiple mode */
163#define WIN_SETMULT 0xC6 /* enable/disable multiple mode */
164#define WIN_READDMA_QUEUED 0xC7 /* read sectors using Queued DMA transfers */
165#define WIN_READDMA 0xC8 /* read sectors using DMA transfers */
166#define WIN_READDMA_ONCE 0xC9 /* 28-Bit - without retries */
167#define WIN_WRITEDMA 0xCA /* write sectors using DMA transfers */
168#define WIN_WRITEDMA_ONCE 0xCB /* 28-Bit - without retries */
169#define WIN_WRITEDMA_QUEUED 0xCC /* write sectors using Queued DMA transfers */
170#define CFA_WRITE_MULTI_WO_ERASE 0xCD /* CFA Write multiple without erase */
5fafdf24 171#define WIN_GETMEDIASTATUS 0xDA
5391d806
FB		 172#define WIN_ACKMEDIACHANGE 0xDB /* ATA-1, ATA-2 vendor */
173#define WIN_POSTBOOT 0xDC
174#define WIN_PREBOOT 0xDD
175#define WIN_DOORLOCK 0xDE /* lock door on removable drives */
176#define WIN_DOORUNLOCK 0xDF /* unlock door on removable drives */
177#define WIN_STANDBYNOW1 0xE0
178#define WIN_IDLEIMMEDIATE 0xE1 /* force drive to become "ready" */
179#define WIN_STANDBY 0xE2 /* Set device in Standby Mode */
180#define WIN_SETIDLE1 0xE3
181#define WIN_READ_BUFFER 0xE4 /* force read only 1 sector */
182#define WIN_CHECKPOWERMODE1 0xE5
183#define WIN_SLEEPNOW1 0xE6
184#define WIN_FLUSH_CACHE 0xE7
185#define WIN_WRITE_BUFFER 0xE8 /* force write only 1 sector */
186#define WIN_WRITE_SAME 0xE9 /* read ata-2 to use */
187 /* SET_FEATURES 0x22 or 0xDD */
188#define WIN_FLUSH_CACHE_EXT 0xEA /* 48-Bit */
189#define WIN_IDENTIFY 0xEC /* ask drive to identify itself */
190#define WIN_MEDIAEJECT 0xED
191#define WIN_IDENTIFY_DMA 0xEE /* same as WIN_IDENTIFY, but DMA */
192#define WIN_SETFEATURES 0xEF /* set special drive features */
193#define EXABYTE_ENABLE_NEST 0xF0
201a51fc 194#define IBM_SENSE_CONDITION 0xF0 /* measure disk temperature */
5391d806
FB		 195#define WIN_SECURITY_SET_PASS 0xF1
196#define WIN_SECURITY_UNLOCK 0xF2
197#define WIN_SECURITY_ERASE_PREPARE 0xF3
198#define WIN_SECURITY_ERASE_UNIT 0xF4
199#define WIN_SECURITY_FREEZE_LOCK 0xF5
201a51fc 200#define CFA_WEAR_LEVEL 0xF5 /* microdrives implement as NOP */
5391d806
FB		 201#define WIN_SECURITY_DISABLE 0xF6
202#define WIN_READ_NATIVE_MAX 0xF8 /* return the native maximum address */
203#define WIN_SET_MAX 0xF9
204#define DISABLE_SEAGATE 0xFB
205
206/* set to 1 set disable mult support */
f66723fa 207#define MAX_MULT_SECTORS 16
5391d806 208
1d8cde5b
AJ		 209#define IDE_DMA_BUF_SECTORS 256
210
211#if (IDE_DMA_BUF_SECTORS < MAX_MULT_SECTORS)
212#error "IDE_DMA_BUF_SECTORS must be bigger or equal to MAX_MULT_SECTORS"
213#endif
214
5391d806
FB		 215/* ATAPI defines */
216
217#define ATAPI_PACKET_SIZE 12
218
219/* The generic packet command opcodes for CD/DVD Logical Units,
220 * From Table 57 of the SFF8090 Ver. 3 (Mt. Fuji) draft standard. */
221#define GPCMD_BLANK 0xa1
222#define GPCMD_CLOSE_TRACK 0x5b
223#define GPCMD_FLUSH_CACHE 0x35
224#define GPCMD_FORMAT_UNIT 0x04
225#define GPCMD_GET_CONFIGURATION 0x46
226#define GPCMD_GET_EVENT_STATUS_NOTIFICATION 0x4a
227#define GPCMD_GET_PERFORMANCE 0xac
228#define GPCMD_INQUIRY 0x12
229#define GPCMD_LOAD_UNLOAD 0xa6
230#define GPCMD_MECHANISM_STATUS 0xbd
231#define GPCMD_MODE_SELECT_10 0x55
232#define GPCMD_MODE_SENSE_10 0x5a
233#define GPCMD_PAUSE_RESUME 0x4b
234#define GPCMD_PLAY_AUDIO_10 0x45
235#define GPCMD_PLAY_AUDIO_MSF 0x47
236#define GPCMD_PLAY_AUDIO_TI 0x48
237#define GPCMD_PLAY_CD 0xbc
238#define GPCMD_PREVENT_ALLOW_MEDIUM_REMOVAL 0x1e
239#define GPCMD_READ_10 0x28
240#define GPCMD_READ_12 0xa8
241#define GPCMD_READ_CDVD_CAPACITY 0x25
242#define GPCMD_READ_CD 0xbe
243#define GPCMD_READ_CD_MSF 0xb9
244#define GPCMD_READ_DISC_INFO 0x51
245#define GPCMD_READ_DVD_STRUCTURE 0xad
246#define GPCMD_READ_FORMAT_CAPACITIES 0x23
247#define GPCMD_READ_HEADER 0x44
248#define GPCMD_READ_TRACK_RZONE_INFO 0x52
249#define GPCMD_READ_SUBCHANNEL 0x42
250#define GPCMD_READ_TOC_PMA_ATIP 0x43
251#define GPCMD_REPAIR_RZONE_TRACK 0x58
252#define GPCMD_REPORT_KEY 0xa4
253#define GPCMD_REQUEST_SENSE 0x03
254#define GPCMD_RESERVE_RZONE_TRACK 0x53
255#define GPCMD_SCAN 0xba
256#define GPCMD_SEEK 0x2b
257#define GPCMD_SEND_DVD_STRUCTURE 0xad
258#define GPCMD_SEND_EVENT 0xa2
259#define GPCMD_SEND_KEY 0xa3
260#define GPCMD_SEND_OPC 0x54
261#define GPCMD_SET_READ_AHEAD 0xa7
262#define GPCMD_SET_STREAMING 0xb6
263#define GPCMD_START_STOP_UNIT 0x1b
264#define GPCMD_STOP_PLAY_SCAN 0x4e
265#define GPCMD_TEST_UNIT_READY 0x00
266#define GPCMD_VERIFY_10 0x2f
267#define GPCMD_WRITE_10 0x2a
268#define GPCMD_WRITE_AND_VERIFY_10 0x2e
5fafdf24 269/* This is listed as optional in ATAPI 2.6, but is (curiously)
5391d806
FB		 270 * missing from Mt. Fuji, Table 57. It _is_ mentioned in Mt. Fuji
271 * Table 377 as an MMC command for SCSi devices though... Most ATAPI
272 * drives support it. */
273#define GPCMD_SET_SPEED 0xbb
5fafdf24 274/* This seems to be a SCSI specific CD-ROM opcode
5391d806
FB		 275 * to play data at track/index */
276#define GPCMD_PLAYAUDIO_TI 0x48
277/*
278 * From MS Media Status Notification Support Specification. For
279 * older drives only.
280 */
281#define GPCMD_GET_MEDIA_STATUS 0xda
d14049ea 282#define GPCMD_MODE_SENSE_6 0x1a
5391d806
FB		 283
284/* Mode page codes for mode sense/set */
285#define GPMODE_R_W_ERROR_PAGE 0x01
286#define GPMODE_WRITE_PARMS_PAGE 0x05
287#define GPMODE_AUDIO_CTL_PAGE 0x0e
288#define GPMODE_POWER_PAGE 0x1a
289#define GPMODE_FAULT_FAIL_PAGE 0x1c
290#define GPMODE_TO_PROTECT_PAGE 0x1d
291#define GPMODE_CAPABILITIES_PAGE 0x2a
292#define GPMODE_ALL_PAGES 0x3f
293/* Not in Mt. Fuji, but in ATAPI 2.6 -- depricated now in favor
294 * of MODE_SENSE_POWER_PAGE */
295#define GPMODE_CDROM_PAGE 0x0d
296
38cdea7c
AZ		 297/*
298 * Based on values from <linux/cdrom.h> but extending CD_MINS
299 * to the maximum common size allowed by the Orange's Book ATIP
300 *
301 * 90 and 99 min CDs are also available but using them as the
302 * upper limit reduces the effectiveness of the heuristic to
303 * detect DVDs burned to less than 25% of their maximum capacity
304 */
305
306/* Some generally useful CD-ROM information */
307#define CD_MINS 80 /* max. minutes per CD */
308#define CD_SECS 60 /* seconds per minute */
309#define CD_FRAMES 75 /* frames per second */
310#define CD_FRAMESIZE 2048 /* bytes per frame, "cooked" mode */
311#define CD_MAX_BYTES (CD_MINS * CD_SECS * CD_FRAMES * CD_FRAMESIZE)
312#define CD_MAX_SECTORS (CD_MAX_BYTES / 512)
313
314/*
315 * The MMC values are not IDE specific and might need to be moved
316 * to a common header if they are also needed for the SCSI emulation
317 */
318
319/* Profile list from MMC-6 revision 1 table 91 */
320#define MMC_PROFILE_NONE 0x0000
321#define MMC_PROFILE_CD_ROM 0x0008
322#define MMC_PROFILE_CD_R 0x0009
323#define MMC_PROFILE_CD_RW 0x000A
324#define MMC_PROFILE_DVD_ROM 0x0010
325#define MMC_PROFILE_DVD_R_SR 0x0011
326#define MMC_PROFILE_DVD_RAM 0x0012
327#define MMC_PROFILE_DVD_RW_RO 0x0013
328#define MMC_PROFILE_DVD_RW_SR 0x0014
329#define MMC_PROFILE_DVD_R_DL_SR 0x0015
330#define MMC_PROFILE_DVD_R_DL_JR 0x0016
331#define MMC_PROFILE_DVD_RW_DL 0x0017
332#define MMC_PROFILE_DVD_DDR 0x0018
333#define MMC_PROFILE_DVD_PLUS_RW 0x001A
334#define MMC_PROFILE_DVD_PLUS_R 0x001B
335#define MMC_PROFILE_DVD_PLUS_RW_DL 0x002A
336#define MMC_PROFILE_DVD_PLUS_R_DL 0x002B
337#define MMC_PROFILE_BD_ROM 0x0040
338#define MMC_PROFILE_BD_R_SRM 0x0041
339#define MMC_PROFILE_BD_R_RRM 0x0042
340#define MMC_PROFILE_BD_RE 0x0043
341#define MMC_PROFILE_HDDVD_ROM 0x0050
342#define MMC_PROFILE_HDDVD_R 0x0051
343#define MMC_PROFILE_HDDVD_RAM 0x0052
344#define MMC_PROFILE_HDDVD_RW 0x0053
345#define MMC_PROFILE_HDDVD_R_DL 0x0058
346#define MMC_PROFILE_HDDVD_RW_DL 0x005A
347#define MMC_PROFILE_INVALID 0xFFFF
348
5391d806
FB		 349#define ATAPI_INT_REASON_CD 0x01 /* 0 = data transfer */
350#define ATAPI_INT_REASON_IO 0x02 /* 1 = transfer to the host */
351#define ATAPI_INT_REASON_REL 0x04
352#define ATAPI_INT_REASON_TAG 0xf8
353
354/* same constants as bochs */
7f777bf3 355#define ASC_ILLEGAL_OPCODE 0x20
5391d806
FB		 356#define ASC_LOGICAL_BLOCK_OOR 0x21
357#define ASC_INV_FIELD_IN_CMD_PACKET 0x24
9118e7f0 358#define ASC_MEDIUM_MAY_HAVE_CHANGED 0x28
8114e9e8 359#define ASC_INCOMPATIBLE_FORMAT 0x30
5391d806
FB		 360#define ASC_MEDIUM_NOT_PRESENT 0x3a
361#define ASC_SAVING_PARAMETERS_NOT_SUPPORTED 0x39
aea2a33c 362#define ASC_MEDIA_REMOVAL_PREVENTED 0x53
5391d806 363
201a51fc
AZ		 364#define CFA_NO_ERROR 0x00
365#define CFA_MISC_ERROR 0x09
366#define CFA_INVALID_COMMAND 0x20
367#define CFA_INVALID_ADDRESS 0x21
368#define CFA_ADDRESS_OVERFLOW 0x2f
369
5391d806
FB		 370#define SENSE_NONE 0
371#define SENSE_NOT_READY 2
372#define SENSE_ILLEGAL_REQUEST 5
373#define SENSE_UNIT_ATTENTION 6
374
375struct IDEState;
376
377typedef void EndTransferFunc(struct IDEState *);
378
caed8802 379/* NOTE: IDEState represents in fact one drive */
5391d806
FB		 380typedef struct IDEState {
381 /* ide config */
382 int is_cdrom;
201a51fc 383 int is_cf;
5391d806
FB		 384 int cylinders, heads, sectors;
385 int64_t nb_sectors;
386 int mult_sectors;
94458802
FB		 387 int identify_set;
388 uint16_t identify_data[256];
d537cf6c 389 qemu_irq irq;
34e538ae 390 PCIDevice *pci_dev;
98087450 391 struct BMDMAState *bmdma;
aedf5382 392 int drive_serial;
fa879c64 393 char drive_serial_str[21];
5391d806
FB		 394 /* ide regs */
395 uint8_t feature;
396 uint8_t error;
c2ff060f 397 uint32_t nsector;
5391d806
FB		 398 uint8_t sector;
399 uint8_t lcyl;
400 uint8_t hcyl;
c2ff060f
FB		 401 /* other part of tf for lba48 support */
402 uint8_t hob_feature;
403 uint8_t hob_nsector;
404 uint8_t hob_sector;
405 uint8_t hob_lcyl;
406 uint8_t hob_hcyl;
407
5391d806
FB		 408 uint8_t select;
409 uint8_t status;
c2ff060f 410
5391d806
FB		 411 /* 0x3f6 command, only meaningful for drive 0 */
412 uint8_t cmd;
c2ff060f
FB		 413 /* set for lba48 access */
414 uint8_t lba48;
5391d806 415 /* depends on bit 4 in select, only meaningful for drive 0 */
5fafdf24 416 struct IDEState *cur_drive;
5391d806
FB		 417 BlockDriverState *bs;
418 /* ATAPI specific */
419 uint8_t sense_key;
420 uint8_t asc;
421 int packet_transfer_size;
422 int elementary_transfer_size;
423 int io_buffer_index;
424 int lba;
98087450
FB		 425 int cd_sector_size;
426 int atapi_dma; /* true if dma is requested for the packet cmd */
427 /* ATA DMA state */
428 int io_buffer_size;
1fb8648d 429 QEMUSGList sg;
98087450 430 /* PIO transfer handling */
5391d806
FB		 431 int req_nb_sectors; /* number of sectors per interrupt */
432 EndTransferFunc *end_transfer_func;
433 uint8_t *data_ptr;
434 uint8_t *data_end;
33f00271 435 uint8_t *io_buffer;
31c2a146 436 QEMUTimer *sector_write_timer; /* only used for win2k install hack */
e774a278 437 uint32_t irq_count; /* counts IRQs when using win2k install hack */
201a51fc
AZ		 438 /* CF-ATA extended error */
439 uint8_t ext_error;
440 /* CF-ATA metadata storage */
441 uint32_t mdata_size;
442 uint8_t *mdata_storage;
443 int media_changed;
e3007e66
AJ		 444 /* for pmac */
445 int is_read;
5391d806
FB		 446} IDEState;
447
8114e9e8
TS		 448/* XXX: DVDs that could fit on a CD will be reported as a CD */
449static inline int media_present(IDEState *s)
450{
451 return (s->nb_sectors > 0);
452}
453
454static inline int media_is_dvd(IDEState *s)
455{
456 return (media_present(s) && s->nb_sectors > CD_MAX_SECTORS);
457}
458
459static inline int media_is_cd(IDEState *s)
460{
461 return (media_present(s) && s->nb_sectors <= CD_MAX_SECTORS);
462}
463
98087450
FB		 464#define BM_STATUS_DMAING 0x01
465#define BM_STATUS_ERROR 0x02
466#define BM_STATUS_INT 0x04
428c5705
AL		 467#define BM_STATUS_DMA_RETRY 0x08
468#define BM_STATUS_PIO_RETRY 0x10
98087450
FB		 469
470#define BM_CMD_START 0x01
471#define BM_CMD_READ 0x08
472
5457c8ce
FB		 473#define IDE_TYPE_PIIX3 0
474#define IDE_TYPE_CMD646 1
afcc3cdf 475#define IDE_TYPE_PIIX4 2
5457c8ce
FB		 476
477/* CMD646 specific */
478#define MRDMODE 0x71
479#define MRDMODE_INTR_CH0 0x04
480#define MRDMODE_INTR_CH1 0x08
481#define MRDMODE_BLK_CH0 0x10
482#define MRDMODE_BLK_CH1 0x20
483#define UDIDETCR0 0x73
484#define UDIDETCR1 0x7B
485
98087450
FB		 486typedef struct BMDMAState {
487 uint8_t cmd;
488 uint8_t status;
489 uint32_t addr;
3b46e624 490
5457c8ce 491 struct PCIIDEState *pci_dev;
98087450 492 /* current transfer state */
8ccad811
FB		 493 uint32_t cur_addr;
494 uint32_t cur_prd_last;
495 uint32_t cur_prd_addr;
496 uint32_t cur_prd_len;
98087450 497 IDEState *ide_if;
8ccad811
FB		 498 BlockDriverCompletionFunc *dma_cb;
499 BlockDriverAIOCB *aiocb;
c87c0672
AL		 500 struct iovec iov;
501 QEMUIOVector qiov;
428c5705
AL		 502 int64_t sector_num;
503 uint32_t nsector;
9d61a50b 504 QEMUBH *bh;
98087450
FB		 505} BMDMAState;
506
507typedef struct PCIIDEState {
508 PCIDevice dev;
509 IDEState ide_if[4];
510 BMDMAState bmdma[2];
5457c8ce 511 int type; /* see IDE_TYPE_xxx */
98087450
FB		 512} PCIIDEState;
513
8ccad811 514static void ide_dma_start(IDEState *s, BlockDriverCompletionFunc *dma_cb);
428c5705 515static void ide_dma_restart(IDEState *s);
5f12ab4b 516static void ide_atapi_cmd_read_dma_cb(void *opaque, int ret);
98087450 517
5391d806
FB		 518static void padstr(char *str, const char *src, int len)
519{
520 int i, v;
521 for(i = 0; i < len; i++) {
522 if (*src)
523 v = *src++;
524 else
525 v = ' ';
69b34976 526 str[i^1] = v;
5391d806
FB		 527 }
528}
529
bd0d90b2
FB		 530static void padstr8(uint8_t *buf, int buf_size, const char *src)
531{
532 int i;
533 for(i = 0; i < buf_size; i++) {
534 if (*src)
535 buf[i] = *src++;
536 else
537 buf[i] = ' ';
538 }
539}
540
67b915a5
FB		 541static void put_le16(uint16_t *p, unsigned int v)
542{
0c4ad8dc 543 *p = cpu_to_le16(v);
67b915a5
FB		 544}
545
5391d806
FB		 546static void ide_identify(IDEState *s)
547{
548 uint16_t *p;
549 unsigned int oldsize;
550
94458802
FB		 551 if (s->identify_set) {
552 memcpy(s->io_buffer, s->identify_data, sizeof(s->identify_data));
553 return;
554 }
555
5391d806
FB		 556 memset(s->io_buffer, 0, 512);
557 p = (uint16_t *)s->io_buffer;
67b915a5 558 put_le16(p + 0, 0x0040);
5fafdf24 559 put_le16(p + 1, s->cylinders);
67b915a5
FB		 560 put_le16(p + 3, s->heads);
561 put_le16(p + 4, 512 * s->sectors); /* XXX: retired, remove ? */
562 put_le16(p + 5, 512); /* XXX: retired, remove ? */
5fafdf24 563 put_le16(p + 6, s->sectors);
fa879c64 564 padstr((char *)(p + 10), s->drive_serial_str, 20); /* serial number */
67b915a5
FB		 565 put_le16(p + 20, 3); /* XXX: retired, remove ? */
566 put_le16(p + 21, 512); /* cache size in sectors */
567 put_le16(p + 22, 4); /* ecc bytes */
60fe76f3
TS		 568 padstr((char *)(p + 23), QEMU_VERSION, 8); /* firmware version */
569 padstr((char *)(p + 27), "QEMU HARDDISK", 40); /* model */
3b46e624 570#if MAX_MULT_SECTORS > 1
67b915a5 571 put_le16(p + 47, 0x8000 | MAX_MULT_SECTORS);
5391d806 572#endif
67b915a5 573 put_le16(p + 48, 1); /* dword I/O */
94458802 574 put_le16(p + 49, (1 << 11) | (1 << 9) | (1 << 8)); /* DMA and LBA supported */
67b915a5
FB		 575 put_le16(p + 51, 0x200); /* PIO transfer cycle */
576 put_le16(p + 52, 0x200); /* DMA transfer cycle */
94458802 577 put_le16(p + 53, 1 | (1 << 1) | (1 << 2)); /* words 54-58,64-70,88 are valid */
67b915a5
FB		 578 put_le16(p + 54, s->cylinders);
579 put_le16(p + 55, s->heads);
580 put_le16(p + 56, s->sectors);
5391d806 581 oldsize = s->cylinders * s->heads * s->sectors;
67b915a5
FB		 582 put_le16(p + 57, oldsize);
583 put_le16(p + 58, oldsize >> 16);
5391d806 584 if (s->mult_sectors)
67b915a5
FB		 585 put_le16(p + 59, 0x100 | s->mult_sectors);
586 put_le16(p + 60, s->nb_sectors);
587 put_le16(p + 61, s->nb_sectors >> 16);
d1b5c20d 588 put_le16(p + 62, 0x07); /* single word dma0-2 supported */
94458802
FB		 589 put_le16(p + 63, 0x07); /* mdma0-2 supported */
590 put_le16(p + 65, 120);
591 put_le16(p + 66, 120);
592 put_le16(p + 67, 120);
593 put_le16(p + 68, 120);
594 put_le16(p + 80, 0xf0); /* ata3 -> ata6 supported */
595 put_le16(p + 81, 0x16); /* conforms to ata5 */
67b915a5 596 put_le16(p + 82, (1 << 14));
c2ff060f
FB		 597 /* 13=flush_cache_ext,12=flush_cache,10=lba48 */
598 put_le16(p + 83, (1 << 14) | (1 << 13) | (1 <<12) | (1 << 10));
67b915a5
FB		 599 put_le16(p + 84, (1 << 14));
600 put_le16(p + 85, (1 << 14));
c2ff060f
FB		 601 /* 13=flush_cache_ext,12=flush_cache,10=lba48 */
602 put_le16(p + 86, (1 << 14) | (1 << 13) | (1 <<12) | (1 << 10));
67b915a5 603 put_le16(p + 87, (1 << 14));
94458802
FB		 604 put_le16(p + 88, 0x3f | (1 << 13)); /* udma5 set and supported */
605 put_le16(p + 93, 1 | (1 << 14) | 0x2000);
c2ff060f
FB		 606 put_le16(p + 100, s->nb_sectors);
607 put_le16(p + 101, s->nb_sectors >> 16);
608 put_le16(p + 102, s->nb_sectors >> 32);
609 put_le16(p + 103, s->nb_sectors >> 48);
94458802
FB		 610
611 memcpy(s->identify_data, p, sizeof(s->identify_data));
612 s->identify_set = 1;
5391d806
FB		 613}
614
615static void ide_atapi_identify(IDEState *s)
616{
617 uint16_t *p;
618
94458802
FB		 619 if (s->identify_set) {
620 memcpy(s->io_buffer, s->identify_data, sizeof(s->identify_data));
621 return;
622 }
623
5391d806
FB		 624 memset(s->io_buffer, 0, 512);
625 p = (uint16_t *)s->io_buffer;
626 /* Removable CDROM, 50us response, 12 byte packets */
67b915a5 627 put_le16(p + 0, (2 << 14) | (5 << 8) | (1 << 7) | (2 << 5) | (0 << 0));
fa879c64 628 padstr((char *)(p + 10), s->drive_serial_str, 20); /* serial number */
67b915a5
FB		 629 put_le16(p + 20, 3); /* buffer type */
630 put_le16(p + 21, 512); /* cache size in sectors */
631 put_le16(p + 22, 4); /* ecc bytes */
60fe76f3 632 padstr((char *)(p + 23), QEMU_VERSION, 8); /* firmware version */
38cdea7c 633 padstr((char *)(p + 27), "QEMU DVD-ROM", 40); /* model */
67b915a5 634 put_le16(p + 48, 1); /* dword I/O (XXX: should not be set on CDROM) */
8ccad811
FB		 635#ifdef USE_DMA_CDROM
636 put_le16(p + 49, 1 << 9 | 1 << 8); /* DMA and LBA supported */
637 put_le16(p + 53, 7); /* words 64-70, 54-58, 88 valid */
d1b5c20d 638 put_le16(p + 62, 7); /* single word dma0-2 supported */
8ccad811
FB		 639 put_le16(p + 63, 7); /* mdma0-2 supported */
640 put_le16(p + 64, 0x3f); /* PIO modes supported */
641#else
67b915a5
FB		 642 put_le16(p + 49, 1 << 9); /* LBA supported, no DMA */
643 put_le16(p + 53, 3); /* words 64-70, 54-58 valid */
644 put_le16(p + 63, 0x103); /* DMA modes XXX: may be incorrect */
645 put_le16(p + 64, 1); /* PIO modes */
8ccad811 646#endif
67b915a5
FB		 647 put_le16(p + 65, 0xb4); /* minimum DMA multiword tx cycle time */
648 put_le16(p + 66, 0xb4); /* recommended DMA multiword tx cycle time */
649 put_le16(p + 67, 0x12c); /* minimum PIO cycle time without flow control */
650 put_le16(p + 68, 0xb4); /* minimum PIO cycle time with IORDY flow control */
94458802 651
67b915a5
FB		 652 put_le16(p + 71, 30); /* in ns */
653 put_le16(p + 72, 30); /* in ns */
5391d806 654
67b915a5 655 put_le16(p + 80, 0x1e); /* support up to ATA/ATAPI-4 */
8ccad811
FB		 656#ifdef USE_DMA_CDROM
657 put_le16(p + 88, 0x3f | (1 << 13)); /* udma5 set and supported */
658#endif
94458802
FB		 659 memcpy(s->identify_data, p, sizeof(s->identify_data));
660 s->identify_set = 1;
5391d806
FB		 661}
662
201a51fc
AZ		 663static void ide_cfata_identify(IDEState *s)
664{
665 uint16_t *p;
666 uint32_t cur_sec;
201a51fc
AZ		 667
668 p = (uint16_t *) s->identify_data;
669 if (s->identify_set)
670 goto fill_buffer;
671
672 memset(p, 0, sizeof(s->identify_data));
673
674 cur_sec = s->cylinders * s->heads * s->sectors;
675
676 put_le16(p + 0, 0x848a); /* CF Storage Card signature */
677 put_le16(p + 1, s->cylinders); /* Default cylinders */
678 put_le16(p + 3, s->heads); /* Default heads */
679 put_le16(p + 6, s->sectors); /* Default sectors per track */
680 put_le16(p + 7, s->nb_sectors >> 16); /* Sectors per card */
681 put_le16(p + 8, s->nb_sectors); /* Sectors per card */
fa879c64 682 padstr((char *)(p + 10), s->drive_serial_str, 20); /* serial number */
201a51fc 683 put_le16(p + 22, 0x0004); /* ECC bytes */
60fe76f3
TS		 684 padstr((char *) (p + 23), QEMU_VERSION, 8); /* Firmware Revision */
685 padstr((char *) (p + 27), "QEMU MICRODRIVE", 40);/* Model number */
201a51fc
AZ		 686#if MAX_MULT_SECTORS > 1
687 put_le16(p + 47, 0x8000 | MAX_MULT_SECTORS);
688#else
689 put_le16(p + 47, 0x0000);
690#endif
691 put_le16(p + 49, 0x0f00); /* Capabilities */
692 put_le16(p + 51, 0x0002); /* PIO cycle timing mode */
693 put_le16(p + 52, 0x0001); /* DMA cycle timing mode */
694 put_le16(p + 53, 0x0003); /* Translation params valid */
695 put_le16(p + 54, s->cylinders); /* Current cylinders */
696 put_le16(p + 55, s->heads); /* Current heads */
697 put_le16(p + 56, s->sectors); /* Current sectors */
698 put_le16(p + 57, cur_sec); /* Current capacity */
699 put_le16(p + 58, cur_sec >> 16); /* Current capacity */
700 if (s->mult_sectors) /* Multiple sector setting */
701 put_le16(p + 59, 0x100 | s->mult_sectors);
702 put_le16(p + 60, s->nb_sectors); /* Total LBA sectors */
703 put_le16(p + 61, s->nb_sectors >> 16); /* Total LBA sectors */
704 put_le16(p + 63, 0x0203); /* Multiword DMA capability */
705 put_le16(p + 64, 0x0001); /* Flow Control PIO support */
706 put_le16(p + 65, 0x0096); /* Min. Multiword DMA cycle */
707 put_le16(p + 66, 0x0096); /* Rec. Multiword DMA cycle */
708 put_le16(p + 68, 0x00b4); /* Min. PIO cycle time */
709 put_le16(p + 82, 0x400c); /* Command Set supported */
710 put_le16(p + 83, 0x7068); /* Command Set supported */
711 put_le16(p + 84, 0x4000); /* Features supported */
712 put_le16(p + 85, 0x000c); /* Command Set enabled */
713 put_le16(p + 86, 0x7044); /* Command Set enabled */
714 put_le16(p + 87, 0x4000); /* Features enabled */
715 put_le16(p + 91, 0x4060); /* Current APM level */
716 put_le16(p + 129, 0x0002); /* Current features option */
717 put_le16(p + 130, 0x0005); /* Reassigned sectors */
718 put_le16(p + 131, 0x0001); /* Initial power mode */
719 put_le16(p + 132, 0x0000); /* User signature */
720 put_le16(p + 160, 0x8100); /* Power requirement */
721 put_le16(p + 161, 0x8001); /* CF command set */
722
723 s->identify_set = 1;
724
725fill_buffer:
726 memcpy(s->io_buffer, p, sizeof(s->identify_data));
727}
728
5391d806
FB		 729static void ide_set_signature(IDEState *s)
730{
731 s->select &= 0xf0; /* clear head */
732 /* put signature */
733 s->nsector = 1;
734 s->sector = 1;
735 if (s->is_cdrom) {
736 s->lcyl = 0x14;
737 s->hcyl = 0xeb;
738 } else if (s->bs) {
739 s->lcyl = 0;
740 s->hcyl = 0;
741 } else {
742 s->lcyl = 0xff;
743 s->hcyl = 0xff;
744 }
745}
746
747static inline void ide_abort_command(IDEState *s)
748{
749 s->status = READY_STAT | ERR_STAT;
750 s->error = ABRT_ERR;
751}
752
5604e090
AZ		 753static inline void ide_dma_submit_check(IDEState *s,
754 BlockDriverCompletionFunc *dma_cb, BMDMAState *bm)
755{
756 if (bm->aiocb)
757 return;
758 dma_cb(bm, -1);
759}
760
5391d806
FB		 761static inline void ide_set_irq(IDEState *s)
762{
98ff7d30 763 BMDMAState *bm = s->bmdma;
5391d806 764 if (!(s->cmd & IDE_CMD_DISABLE_IRQ)) {
5457c8ce 765 if (bm) {
98ff7d30 766 bm->status |= BM_STATUS_INT;
5457c8ce 767 }
d537cf6c 768 qemu_irq_raise(s->irq);
5391d806
FB		 769 }
770}
771
772/* prepare data transfer and tell what to do after */
5fafdf24 773static void ide_transfer_start(IDEState *s, uint8_t *buf, int size,
5391d806
FB		 774 EndTransferFunc *end_transfer_func)
775{
776 s->end_transfer_func = end_transfer_func;
777 s->data_ptr = buf;
778 s->data_end = buf + size;
7603d156
TS		 779 if (!(s->status & ERR_STAT))
780 s->status |= DRQ_STAT;
5391d806
FB		 781}
782
783static void ide_transfer_stop(IDEState *s)
784{
785 s->end_transfer_func = ide_transfer_stop;
786 s->data_ptr = s->io_buffer;
787 s->data_end = s->io_buffer;
788 s->status &= ~DRQ_STAT;
789}
790
791static int64_t ide_get_sector(IDEState *s)
792{
793 int64_t sector_num;
794 if (s->select & 0x40) {
795 /* lba */
c2ff060f
FB		 796 if (!s->lba48) {
797 sector_num = ((s->select & 0x0f) << 24) | (s->hcyl << 16) |
798 (s->lcyl << 8) | s->sector;
799 } else {
800 sector_num = ((int64_t)s->hob_hcyl << 40) |
801 ((int64_t) s->hob_lcyl << 32) |
802 ((int64_t) s->hob_sector << 24) |
803 ((int64_t) s->hcyl << 16) |
804 ((int64_t) s->lcyl << 8) | s->sector;
805 }
5391d806
FB		 806 } else {
807 sector_num = ((s->hcyl << 8) | s->lcyl) * s->heads * s->sectors +
c2ff060f 808 (s->select & 0x0f) * s->sectors + (s->sector - 1);
5391d806
FB		 809 }
810 return sector_num;
811}
812
813static void ide_set_sector(IDEState *s, int64_t sector_num)
814{
815 unsigned int cyl, r;
816 if (s->select & 0x40) {
c2ff060f
FB		 817 if (!s->lba48) {
818 s->select = (s->select & 0xf0) | (sector_num >> 24);
819 s->hcyl = (sector_num >> 16);
820 s->lcyl = (sector_num >> 8);
821 s->sector = (sector_num);
822 } else {
823 s->sector = sector_num;
824 s->lcyl = sector_num >> 8;
825 s->hcyl = sector_num >> 16;
826 s->hob_sector = sector_num >> 24;
827 s->hob_lcyl = sector_num >> 32;
828 s->hob_hcyl = sector_num >> 40;
829 }
5391d806
FB		 830 } else {
831 cyl = sector_num / (s->heads * s->sectors);
832 r = sector_num % (s->heads * s->sectors);
833 s->hcyl = cyl >> 8;
834 s->lcyl = cyl;
1b8eb456 835 s->select = (s->select & 0xf0) | ((r / s->sectors) & 0x0f);
5391d806
FB		 836 s->sector = (r % s->sectors) + 1;
837 }
838}
839
e162cfb0
AZ		 840static void ide_rw_error(IDEState *s) {
841 ide_abort_command(s);
842 ide_set_irq(s);
843}
844
5391d806
FB		 845static void ide_sector_read(IDEState *s)
846{
847 int64_t sector_num;
848 int ret, n;
849
850 s->status = READY_STAT | SEEK_STAT;
a136e5a8 851 s->error = 0; /* not needed by IDE spec, but needed by Windows */
5391d806
FB		 852 sector_num = ide_get_sector(s);
853 n = s->nsector;
854 if (n == 0) {
855 /* no more sector to read from disk */
856 ide_transfer_stop(s);
857 } else {
858#if defined(DEBUG_IDE)
18c5f8ea 859 printf("read sector=%" PRId64 "\n", sector_num);
5391d806
FB		 860#endif
861 if (n > s->req_nb_sectors)
862 n = s->req_nb_sectors;
863 ret = bdrv_read(s->bs, sector_num, s->io_buffer, n);
e162cfb0
AZ		 864 if (ret != 0) {
865 ide_rw_error(s);
866 return;
867 }
5391d806
FB		 868 ide_transfer_start(s, s->io_buffer, 512 * n, ide_sector_read);
869 ide_set_irq(s);
870 ide_set_sector(s, sector_num + n);
871 s->nsector -= n;
872 }
873}
874
7aea4412
AL		 875
876/* return 0 if buffer completed */
877static int dma_buf_prepare(BMDMAState *bm, int is_write)
878{
879 IDEState *s = bm->ide_if;
880 struct {
881 uint32_t addr;
882 uint32_t size;
883 } prd;
884 int l, len;
7aea4412 885
1fb8648d 886 qemu_sglist_init(&s->sg, s->nsector / (TARGET_PAGE_SIZE/512) + 1);
7aea4412
AL		 887 s->io_buffer_size = 0;
888 for(;;) {
889 if (bm->cur_prd_len == 0) {
890 /* end of table (with a fail safe of one page) */
891 if (bm->cur_prd_last ||
892 (bm->cur_addr - bm->addr) >= 4096)
893 return s->io_buffer_size != 0;
894 cpu_physical_memory_read(bm->cur_addr, (uint8_t *)&prd, 8);
895 bm->cur_addr += 8;
896 prd.addr = le32_to_cpu(prd.addr);
897 prd.size = le32_to_cpu(prd.size);
898 len = prd.size & 0xfffe;
899 if (len == 0)
900 len = 0x10000;
901 bm->cur_prd_len = len;
902 bm->cur_prd_addr = prd.addr;
903 bm->cur_prd_last = (prd.size & 0x80000000);
904 }
905 l = bm->cur_prd_len;
906 if (l > 0) {
1fb8648d
AL		 907 qemu_sglist_add(&s->sg, bm->cur_prd_addr, l);
908 bm->cur_prd_addr += l;
909 bm->cur_prd_len -= l;
910 s->io_buffer_size += l;
7aea4412
AL		 911 }
912 }
913 return 1;
914}
915
916static void dma_buf_commit(IDEState *s, int is_write)
917{
1fb8648d 918 qemu_sglist_destroy(&s->sg);
7aea4412
AL		 919}
920
e162cfb0
AZ		 921static void ide_dma_error(IDEState *s)
922{
923 ide_transfer_stop(s);
924 s->error = ABRT_ERR;
925 s->status = READY_STAT | ERR_STAT;
926 ide_set_irq(s);
927}
928
428c5705
AL		 929static int ide_handle_write_error(IDEState *s, int error, int op)
930{
931 BlockInterfaceErrorAction action = drive_get_onerror(s->bs);
932
933 if (action == BLOCK_ERR_IGNORE)
934 return 0;
935
936 if ((error == ENOSPC && action == BLOCK_ERR_STOP_ENOSPC)
937 || action == BLOCK_ERR_STOP_ANY) {
938 s->bmdma->ide_if = s;
939 s->bmdma->status |= op;
940 vm_stop(0);
941 } else {
7aea4412
AL		 942 if (op == BM_STATUS_DMA_RETRY) {
943 dma_buf_commit(s, 0);
428c5705 944 ide_dma_error(s);
7aea4412 945 } else {
428c5705 946 ide_rw_error(s);
7aea4412 947 }
428c5705
AL		 948 }
949
950 return 1;
951}
952
8ccad811
FB		 953/* return 0 if buffer completed */
954static int dma_buf_rw(BMDMAState *bm, int is_write)
98087450 955{
8ccad811
FB		 956 IDEState *s = bm->ide_if;
957 struct {
958 uint32_t addr;
959 uint32_t size;
960 } prd;
961 int l, len;
98087450 962
8ccad811
FB		 963 for(;;) {
964 l = s->io_buffer_size - s->io_buffer_index;
5fafdf24 965 if (l <= 0)
8ccad811
FB		 966 break;
967 if (bm->cur_prd_len == 0) {
968 /* end of table (with a fail safe of one page) */
969 if (bm->cur_prd_last ||
970 (bm->cur_addr - bm->addr) >= 4096)
971 return 0;
972 cpu_physical_memory_read(bm->cur_addr, (uint8_t *)&prd, 8);
973 bm->cur_addr += 8;
974 prd.addr = le32_to_cpu(prd.addr);
975 prd.size = le32_to_cpu(prd.size);
976 len = prd.size & 0xfffe;
977 if (len == 0)
978 len = 0x10000;
979 bm->cur_prd_len = len;
980 bm->cur_prd_addr = prd.addr;
981 bm->cur_prd_last = (prd.size & 0x80000000);
982 }
983 if (l > bm->cur_prd_len)
984 l = bm->cur_prd_len;
985 if (l > 0) {
986 if (is_write) {
5fafdf24 987 cpu_physical_memory_write(bm->cur_prd_addr,
8ccad811
FB		 988 s->io_buffer + s->io_buffer_index, l);
989 } else {
5fafdf24 990 cpu_physical_memory_read(bm->cur_prd_addr,
8ccad811
FB		 991 s->io_buffer + s->io_buffer_index, l);
992 }
993 bm->cur_prd_addr += l;
994 bm->cur_prd_len -= l;
995 s->io_buffer_index += l;
98087450 996 }
98087450 997 }
8ccad811
FB		 998 return 1;
999}
1000
8ccad811
FB		 1001static void ide_read_dma_cb(void *opaque, int ret)
1002{
1003 BMDMAState *bm = opaque;
1004 IDEState *s = bm->ide_if;
1005 int n;
1006 int64_t sector_num;
1007
e162cfb0 1008 if (ret < 0) {
7aea4412 1009 dma_buf_commit(s, 1);
e162cfb0
AZ		 1010 ide_dma_error(s);
1011 return;
1012 }
1013
8ccad811
FB		 1014 n = s->io_buffer_size >> 9;
1015 sector_num = ide_get_sector(s);
1016 if (n > 0) {
7aea4412 1017 dma_buf_commit(s, 1);
8ccad811
FB		 1018 sector_num += n;
1019 ide_set_sector(s, sector_num);
1020 s->nsector -= n;
8ccad811
FB		 1021 }
1022
1023 /* end of transfer ? */
1024 if (s->nsector == 0) {
98087450
FB		 1025 s->status = READY_STAT | SEEK_STAT;
1026 ide_set_irq(s);
8ccad811
FB		 1027 eot:
1028 bm->status &= ~BM_STATUS_DMAING;
1029 bm->status |= BM_STATUS_INT;
1030 bm->dma_cb = NULL;
1031 bm->ide_if = NULL;
1032 bm->aiocb = NULL;
1033 return;
98087450 1034 }
8ccad811
FB		 1035
1036 /* launch next transfer */
1037 n = s->nsector;
8ccad811
FB		 1038 s->io_buffer_index = 0;
1039 s->io_buffer_size = n * 512;
7aea4412
AL		 1040 if (dma_buf_prepare(bm, 1) == 0)
1041 goto eot;
8ccad811 1042#ifdef DEBUG_AIO
5df23f53 1043 printf("aio_read: sector_num=%" PRId64 " n=%d\n", sector_num, n);
8ccad811 1044#endif
1fb8648d 1045 bm->aiocb = dma_bdrv_read(s->bs, &s->sg, sector_num, ide_read_dma_cb, bm);
5604e090 1046 ide_dma_submit_check(s, ide_read_dma_cb, bm);
98087450
FB		 1047}
1048
1049static void ide_sector_read_dma(IDEState *s)
1050{
8ccad811 1051 s->status = READY_STAT | SEEK_STAT | DRQ_STAT | BUSY_STAT;
98087450
FB		 1052 s->io_buffer_index = 0;
1053 s->io_buffer_size = 0;
e3007e66 1054 s->is_read = 1;
98087450
FB		 1055 ide_dma_start(s, ide_read_dma_cb);
1056}
1057
a09db21f
FB		 1058static void ide_sector_write_timer_cb(void *opaque)
1059{
1060 IDEState *s = opaque;
1061 ide_set_irq(s);
1062}
1063
5391d806
FB		 1064static void ide_sector_write(IDEState *s)
1065{
1066 int64_t sector_num;
31c2a146 1067 int ret, n, n1;
5391d806
FB		 1068
1069 s->status = READY_STAT | SEEK_STAT;
1070 sector_num = ide_get_sector(s);
1071#if defined(DEBUG_IDE)
18c5f8ea 1072 printf("write sector=%" PRId64 "\n", sector_num);
5391d806
FB		 1073#endif
1074 n = s->nsector;
1075 if (n > s->req_nb_sectors)
1076 n = s->req_nb_sectors;
31c2a146 1077 ret = bdrv_write(s->bs, sector_num, s->io_buffer, n);
428c5705 1078
e162cfb0 1079 if (ret != 0) {
428c5705
AL		 1080 if (ide_handle_write_error(s, -ret, BM_STATUS_PIO_RETRY))
1081 return;
e162cfb0
AZ		 1082 }
1083
5391d806
FB		 1084 s->nsector -= n;
1085 if (s->nsector == 0) {
292eef5a 1086 /* no more sectors to write */
5391d806
FB		 1087 ide_transfer_stop(s);
1088 } else {
1089 n1 = s->nsector;
1090 if (n1 > s->req_nb_sectors)
1091 n1 = s->req_nb_sectors;
1092 ide_transfer_start(s, s->io_buffer, 512 * n1, ide_sector_write);
1093 }
1094 ide_set_sector(s, sector_num + n);
3b46e624 1095
31c2a146
TS		 1096#ifdef TARGET_I386
1097 if (win2k_install_hack && ((++s->irq_count % 16) == 0)) {
1098 /* It seems there is a bug in the Windows 2000 installer HDD
1099 IDE driver which fills the disk with empty logs when the
1100 IDE write IRQ comes too early. This hack tries to correct
1101 that at the expense of slower write performances. Use this
1102 option _only_ to install Windows 2000. You must disable it
1103 for normal use. */
1104 qemu_mod_timer(s->sector_write_timer,
1105 qemu_get_clock(vm_clock) + (ticks_per_sec / 1000));
1106 } else
1107#endif
1108 {
1109 ide_set_irq(s);
1110 }
5391d806
FB		 1111}
1112
9d61a50b 1113static void ide_dma_restart_bh(void *opaque)
428c5705
AL		 1114{
1115 BMDMAState *bm = opaque;
9d61a50b
MA		 1116
1117 qemu_bh_delete(bm->bh);
1118 bm->bh = NULL;
1119
428c5705
AL		 1120 if (bm->status & BM_STATUS_DMA_RETRY) {
1121 bm->status &= ~BM_STATUS_DMA_RETRY;
1122 ide_dma_restart(bm->ide_if);
1123 } else if (bm->status & BM_STATUS_PIO_RETRY) {
1124 bm->status &= ~BM_STATUS_PIO_RETRY;
1125 ide_sector_write(bm->ide_if);
1126 }
1127}
1128
9d61a50b
MA		 1129static void ide_dma_restart_cb(void *opaque, int running, int reason)
1130{
1131 BMDMAState *bm = opaque;
1132
1133 if (!running)
1134 return;
1135
1136 if (!bm->bh) {
1137 bm->bh = qemu_bh_new(ide_dma_restart_bh, bm);
1138 qemu_bh_schedule(bm->bh);
1139 }
1140}
1141
8ccad811 1142static void ide_write_dma_cb(void *opaque, int ret)
98087450 1143{
8ccad811
FB		 1144 BMDMAState *bm = opaque;
1145 IDEState *s = bm->ide_if;
1146 int n;
98087450
FB		 1147 int64_t sector_num;
1148
e162cfb0 1149 if (ret < 0) {
428c5705
AL		 1150 if (ide_handle_write_error(s, -ret, BM_STATUS_DMA_RETRY))
1151 return;
e162cfb0
AZ		 1152 }
1153
8ccad811
FB		 1154 n = s->io_buffer_size >> 9;
1155 sector_num = ide_get_sector(s);
1156 if (n > 0) {
7aea4412 1157 dma_buf_commit(s, 0);
8ccad811
FB		 1158 sector_num += n;
1159 ide_set_sector(s, sector_num);
1160 s->nsector -= n;
98087450 1161 }
98087450 1162
8ccad811
FB		 1163 /* end of transfer ? */
1164 if (s->nsector == 0) {
1165 s->status = READY_STAT | SEEK_STAT;
1166 ide_set_irq(s);
1167 eot:
1168 bm->status &= ~BM_STATUS_DMAING;
1169 bm->status |= BM_STATUS_INT;
1170 bm->dma_cb = NULL;
1171 bm->ide_if = NULL;
1172 bm->aiocb = NULL;
1173 return;
1174 }
1175
98087450 1176 n = s->nsector;
98087450 1177 s->io_buffer_size = n * 512;
7aea4412
AL		 1178 /* launch next transfer */
1179 if (dma_buf_prepare(bm, 0) == 0)
8ccad811
FB		 1180 goto eot;
1181#ifdef DEBUG_AIO
5df23f53 1182 printf("aio_write: sector_num=%" PRId64 " n=%d\n", sector_num, n);
8ccad811 1183#endif
1fb8648d 1184 bm->aiocb = dma_bdrv_write(s->bs, &s->sg, sector_num, ide_write_dma_cb, bm);
5604e090 1185 ide_dma_submit_check(s, ide_write_dma_cb, bm);
8ccad811
FB		 1186}
1187
1188static void ide_sector_write_dma(IDEState *s)
1189{
1190 s->status = READY_STAT | SEEK_STAT | DRQ_STAT | BUSY_STAT;
1191 s->io_buffer_index = 0;
1192 s->io_buffer_size = 0;
e3007e66 1193 s->is_read = 0;
98087450
FB		 1194 ide_dma_start(s, ide_write_dma_cb);
1195}
1196
5391d806
FB		 1197static void ide_atapi_cmd_ok(IDEState *s)
1198{
1199 s->error = 0;
41a2b959 1200 s->status = READY_STAT | SEEK_STAT;
5391d806
FB		 1201 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
1202 ide_set_irq(s);
1203}
1204
1205static void ide_atapi_cmd_error(IDEState *s, int sense_key, int asc)
1206{
1207#ifdef DEBUG_IDE_ATAPI
1208 printf("atapi_cmd_error: sense=0x%x asc=0x%x\n", sense_key, asc);
1209#endif
1210 s->error = sense_key << 4;
1211 s->status = READY_STAT | ERR_STAT;
1212 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
1213 s->sense_key = sense_key;
1214 s->asc = asc;
1215 ide_set_irq(s);
1216}
1217
9118e7f0
AL		 1218static void ide_atapi_cmd_check_status(IDEState *s)
1219{
1220#ifdef DEBUG_IDE_ATAPI
1221 printf("atapi_cmd_check_status\n");
1222#endif
1223 s->error = MC_ERR | (SENSE_UNIT_ATTENTION << 4);
1224 s->status = ERR_STAT;
1225 s->nsector = 0;
1226 ide_set_irq(s);
1227}
1228
5391d806
FB		 1229static inline void cpu_to_ube16(uint8_t *buf, int val)
1230{
1231 buf[0] = val >> 8;
9e622b15 1232 buf[1] = val & 0xff;
5391d806
FB		 1233}
1234
1235static inline void cpu_to_ube32(uint8_t *buf, unsigned int val)
1236{
1237 buf[0] = val >> 24;
1238 buf[1] = val >> 16;
1239 buf[2] = val >> 8;
9e622b15 1240 buf[3] = val & 0xff;
5391d806
FB		 1241}
1242
1243static inline int ube16_to_cpu(const uint8_t *buf)
1244{
1245 return (buf[0] << 8) | buf[1];
1246}
1247
1248static inline int ube32_to_cpu(const uint8_t *buf)
1249{
1250 return (buf[0] << 24) | (buf[1] << 16) | (buf[2] << 8) | buf[3];
1251}
1252
98087450
FB		 1253static void lba_to_msf(uint8_t *buf, int lba)
1254{
1255 lba += 150;
1256 buf[0] = (lba / 75) / 60;
1257 buf[1] = (lba / 75) % 60;
1258 buf[2] = lba % 75;
1259}
1260
8ccad811
FB		 1261static void cd_data_to_raw(uint8_t *buf, int lba)
1262{
1263 /* sync bytes */
1264 buf[0] = 0x00;
1265 memset(buf + 1, 0xff, 10);
1266 buf[11] = 0x00;
1267 buf += 12;
1268 /* MSF */
1269 lba_to_msf(buf, lba);
1270 buf[3] = 0x01; /* mode 1 data */
1271 buf += 4;
1272 /* data */
1273 buf += 2048;
1274 /* XXX: ECC not computed */
1275 memset(buf, 0, 288);
1276}
1277
5fafdf24 1278static int cd_read_sector(BlockDriverState *bs, int lba, uint8_t *buf,
98087450
FB		 1279 int sector_size)
1280{
66c6ef76
FB		 1281 int ret;
1282
98087450
FB		 1283 switch(sector_size) {
1284 case 2048:
66c6ef76 1285 ret = bdrv_read(bs, (int64_t)lba << 2, buf, 4);
98087450
FB		 1286 break;
1287 case 2352:
66c6ef76
FB		 1288 ret = bdrv_read(bs, (int64_t)lba << 2, buf + 16, 4);
1289 if (ret < 0)
1290 return ret;
8ccad811 1291 cd_data_to_raw(buf, lba);
98087450
FB		 1292 break;
1293 default:
66c6ef76 1294 ret = -EIO;
98087450
FB		 1295 break;
1296 }
66c6ef76
FB		 1297 return ret;
1298}
1299
1300static void ide_atapi_io_error(IDEState *s, int ret)
1301{
1302 /* XXX: handle more errors */
1303 if (ret == -ENOMEDIUM) {
5fafdf24 1304 ide_atapi_cmd_error(s, SENSE_NOT_READY,
66c6ef76
FB		 1305 ASC_MEDIUM_NOT_PRESENT);
1306 } else {
5fafdf24 1307 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
66c6ef76
FB		 1308 ASC_LOGICAL_BLOCK_OOR);
1309 }
98087450
FB		 1310}
1311
5391d806
FB		 1312/* The whole ATAPI transfer logic is handled in this function */
1313static void ide_atapi_cmd_reply_end(IDEState *s)
1314{
66c6ef76 1315 int byte_count_limit, size, ret;
5391d806 1316#ifdef DEBUG_IDE_ATAPI
5fafdf24 1317 printf("reply: tx_size=%d elem_tx_size=%d index=%d\n",
5391d806
FB		 1318 s->packet_transfer_size,
1319 s->elementary_transfer_size,
1320 s->io_buffer_index);
1321#endif
1322 if (s->packet_transfer_size <= 0) {
1323 /* end of transfer */
1324 ide_transfer_stop(s);
41a2b959 1325 s->status = READY_STAT | SEEK_STAT;
5391d806
FB		 1326 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
1327 ide_set_irq(s);
1328#ifdef DEBUG_IDE_ATAPI
1329 printf("status=0x%x\n", s->status);
1330#endif
1331 } else {
1332 /* see if a new sector must be read */
98087450 1333 if (s->lba != -1 && s->io_buffer_index >= s->cd_sector_size) {
66c6ef76
FB		 1334 ret = cd_read_sector(s->bs, s->lba, s->io_buffer, s->cd_sector_size);
1335 if (ret < 0) {
1336 ide_transfer_stop(s);
1337 ide_atapi_io_error(s, ret);
1338 return;
1339 }
5391d806
FB		 1340 s->lba++;
1341 s->io_buffer_index = 0;
1342 }
1343 if (s->elementary_transfer_size > 0) {
1344 /* there are some data left to transmit in this elementary
1345 transfer */
98087450 1346 size = s->cd_sector_size - s->io_buffer_index;
5391d806
FB		 1347 if (size > s->elementary_transfer_size)
1348 size = s->elementary_transfer_size;
5fafdf24 1349 ide_transfer_start(s, s->io_buffer + s->io_buffer_index,
5391d806
FB		 1350 size, ide_atapi_cmd_reply_end);
1351 s->packet_transfer_size -= size;
1352 s->elementary_transfer_size -= size;
1353 s->io_buffer_index += size;
1354 } else {
1355 /* a new transfer is needed */
1356 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO;
1357 byte_count_limit = s->lcyl | (s->hcyl << 8);
1358#ifdef DEBUG_IDE_ATAPI
1359 printf("byte_count_limit=%d\n", byte_count_limit);
1360#endif
1361 if (byte_count_limit == 0xffff)
1362 byte_count_limit--;
1363 size = s->packet_transfer_size;
1364 if (size > byte_count_limit) {
1365 /* byte count limit must be even if this case */
1366 if (byte_count_limit & 1)
1367 byte_count_limit--;
1368 size = byte_count_limit;
5391d806 1369 }
a136e5a8
FB		 1370 s->lcyl = size;
1371 s->hcyl = size >> 8;
5391d806
FB		 1372 s->elementary_transfer_size = size;
1373 /* we cannot transmit more than one sector at a time */
1374 if (s->lba != -1) {
98087450
FB		 1375 if (size > (s->cd_sector_size - s->io_buffer_index))
1376 size = (s->cd_sector_size - s->io_buffer_index);
5391d806 1377 }
5fafdf24 1378 ide_transfer_start(s, s->io_buffer + s->io_buffer_index,
5391d806
FB		 1379 size, ide_atapi_cmd_reply_end);
1380 s->packet_transfer_size -= size;
1381 s->elementary_transfer_size -= size;
1382 s->io_buffer_index += size;
1383 ide_set_irq(s);
1384#ifdef DEBUG_IDE_ATAPI
1385 printf("status=0x%x\n", s->status);
1386#endif
1387 }
1388 }
1389}
1390
1391/* send a reply of 'size' bytes in s->io_buffer to an ATAPI command */
1392static void ide_atapi_cmd_reply(IDEState *s, int size, int max_size)
1393{
1394 if (size > max_size)
1395 size = max_size;
1396 s->lba = -1; /* no sector read */
1397 s->packet_transfer_size = size;
5f12ab4b 1398 s->io_buffer_size = size; /* dma: send the reply data as one chunk */
5391d806
FB		 1399 s->elementary_transfer_size = 0;
1400 s->io_buffer_index = 0;
1401
5f12ab4b 1402 if (s->atapi_dma) {
41a2b959 1403 s->status = READY_STAT | SEEK_STAT | DRQ_STAT;
5f12ab4b
TS		 1404 ide_dma_start(s, ide_atapi_cmd_read_dma_cb);
1405 } else {
41a2b959 1406 s->status = READY_STAT | SEEK_STAT;
5f12ab4b
TS		 1407 ide_atapi_cmd_reply_end(s);
1408 }
5391d806
FB		 1409}
1410
1411/* start a CD-CDROM read command */
98087450
FB		 1412static void ide_atapi_cmd_read_pio(IDEState *s, int lba, int nb_sectors,
1413 int sector_size)
5391d806 1414{
5391d806 1415 s->lba = lba;
98087450 1416 s->packet_transfer_size = nb_sectors * sector_size;
5391d806 1417 s->elementary_transfer_size = 0;
98087450
FB		 1418 s->io_buffer_index = sector_size;
1419 s->cd_sector_size = sector_size;
5391d806 1420
41a2b959 1421 s->status = READY_STAT | SEEK_STAT;
5391d806
FB		 1422 ide_atapi_cmd_reply_end(s);
1423}
1424
98087450 1425/* ATAPI DMA support */
8ccad811
FB		 1426
1427/* XXX: handle read errors */
1428static void ide_atapi_cmd_read_dma_cb(void *opaque, int ret)
98087450 1429{
8ccad811
FB		 1430 BMDMAState *bm = opaque;
1431 IDEState *s = bm->ide_if;
1432 int data_offset, n;
1433
66c6ef76
FB		 1434 if (ret < 0) {
1435 ide_atapi_io_error(s, ret);
1436 goto eot;
1437 }
1438
8ccad811 1439 if (s->io_buffer_size > 0) {
5f12ab4b
TS		 1440 /*
1441 * For a cdrom read sector command (s->lba != -1),
1442 * adjust the lba for the next s->io_buffer_size chunk
1443 * and dma the current chunk.
1444 * For a command != read (s->lba == -1), just transfer
1445 * the reply data.
1446 */
1447 if (s->lba != -1) {
1448 if (s->cd_sector_size == 2352) {
1449 n = 1;
1450 cd_data_to_raw(s->io_buffer, s->lba);
1451 } else {
1452 n = s->io_buffer_size >> 11;
1453 }
1454 s->lba += n;
1455 }
8ccad811 1456 s->packet_transfer_size -= s->io_buffer_size;
8ccad811
FB		 1457 if (dma_buf_rw(bm, 1) == 0)
1458 goto eot;
98087450 1459 }
8ccad811 1460
98087450 1461 if (s->packet_transfer_size <= 0) {
41a2b959 1462 s->status = READY_STAT | SEEK_STAT;
98087450
FB		 1463 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
1464 ide_set_irq(s);
8ccad811
FB		 1465 eot:
1466 bm->status &= ~BM_STATUS_DMAING;
1467 bm->status |= BM_STATUS_INT;
1468 bm->dma_cb = NULL;
1469 bm->ide_if = NULL;
1470 bm->aiocb = NULL;
1471 return;
1472 }
3b46e624 1473
8ccad811
FB		 1474 s->io_buffer_index = 0;
1475 if (s->cd_sector_size == 2352) {
1476 n = 1;
1477 s->io_buffer_size = s->cd_sector_size;
1478 data_offset = 16;
1479 } else {
1480 n = s->packet_transfer_size >> 11;
1d8cde5b
AJ		 1481 if (n > (IDE_DMA_BUF_SECTORS / 4))
1482 n = (IDE_DMA_BUF_SECTORS / 4);
8ccad811
FB		 1483 s->io_buffer_size = n * 2048;
1484 data_offset = 0;
98087450 1485 }
8ccad811
FB		 1486#ifdef DEBUG_AIO
1487 printf("aio_read_cd: lba=%u n=%d\n", s->lba, n);
1488#endif
3f4cb3d3 1489 bm->iov.iov_base = (void *)(s->io_buffer + data_offset);
c87c0672
AL		 1490 bm->iov.iov_len = n * 4 * 512;
1491 qemu_iovec_init_external(&bm->qiov, &bm->iov, 1);
1492 bm->aiocb = bdrv_aio_readv(s->bs, (int64_t)s->lba << 2, &bm->qiov,
1493 n * 4, ide_atapi_cmd_read_dma_cb, bm);
66c6ef76
FB		 1494 if (!bm->aiocb) {
1495 /* Note: media not present is the most likely case */
5fafdf24 1496 ide_atapi_cmd_error(s, SENSE_NOT_READY,
66c6ef76
FB		 1497 ASC_MEDIUM_NOT_PRESENT);
1498 goto eot;
1499 }
98087450
FB		 1500}
1501
1502/* start a CD-CDROM read command with DMA */
1503/* XXX: test if DMA is available */
1504static void ide_atapi_cmd_read_dma(IDEState *s, int lba, int nb_sectors,
1505 int sector_size)
1506{
1507 s->lba = lba;
1508 s->packet_transfer_size = nb_sectors * sector_size;
8ccad811
FB		 1509 s->io_buffer_index = 0;
1510 s->io_buffer_size = 0;
98087450
FB		 1511 s->cd_sector_size = sector_size;
1512
8ccad811 1513 /* XXX: check if BUSY_STAT should be set */
41a2b959 1514 s->status = READY_STAT | SEEK_STAT | DRQ_STAT | BUSY_STAT;
98087450
FB		 1515 ide_dma_start(s, ide_atapi_cmd_read_dma_cb);
1516}
1517
5fafdf24 1518static void ide_atapi_cmd_read(IDEState *s, int lba, int nb_sectors,
98087450
FB		 1519 int sector_size)
1520{
1521#ifdef DEBUG_IDE_ATAPI
5f12ab4b
TS		 1522 printf("read %s: LBA=%d nb_sectors=%d\n", s->atapi_dma ? "dma" : "pio",
1523 lba, nb_sectors);
98087450
FB		 1524#endif
1525 if (s->atapi_dma) {
1526 ide_atapi_cmd_read_dma(s, lba, nb_sectors, sector_size);
1527 } else {
1528 ide_atapi_cmd_read_pio(s, lba, nb_sectors, sector_size);
1529 }
1530}
1531
38cdea7c
AZ		 1532static inline uint8_t ide_atapi_set_profile(uint8_t *buf, uint8_t *index,
1533 uint16_t profile)
1534{
1535 uint8_t *buf_profile = buf + 12; /* start of profiles */
1536
1537 buf_profile += ((*index) * 4); /* start of indexed profile */
1538 cpu_to_ube16 (buf_profile, profile);
1539 buf_profile[2] = ((buf_profile[0] == buf[6]) && (buf_profile[1] == buf[7]));
1540
1541 /* each profile adds 4 bytes to the response */
1542 (*index)++;
1543 buf[11] += 4; /* Additional Length */
1544
1545 return 4;
1546}
1547
8114e9e8
TS		 1548static int ide_dvd_read_structure(IDEState *s, int format,
1549 const uint8_t *packet, uint8_t *buf)
1550{
1551 switch (format) {
1552 case 0x0: /* Physical format information */
1553 {
1554 int layer = packet[6];
1555 uint64_t total_sectors;
1556
1557 if (layer != 0)
1558 return -ASC_INV_FIELD_IN_CMD_PACKET;
1559
1560 bdrv_get_geometry(s->bs, &total_sectors);
1561 total_sectors >>= 2;
1562 if (total_sectors == 0)
1563 return -ASC_MEDIUM_NOT_PRESENT;
1564
1565 buf[4] = 1; /* DVD-ROM, part version 1 */
1566 buf[5] = 0xf; /* 120mm disc, minimum rate unspecified */
1567 buf[6] = 1; /* one layer, read-only (per MMC-2 spec) */
1568 buf[7] = 0; /* default densities */
1569
1570 /* FIXME: 0x30000 per spec? */
1571 cpu_to_ube32(buf + 8, 0); /* start sector */
1572 cpu_to_ube32(buf + 12, total_sectors - 1); /* end sector */
1573 cpu_to_ube32(buf + 16, total_sectors - 1); /* l0 end sector */
1574
1575 /* Size of buffer, not including 2 byte size field */
1576 cpu_to_be16wu((uint16_t *)buf, 2048 + 2);
1577
1578 /* 2k data + 4 byte header */
1579 return (2048 + 4);
1580 }
1581
1582 case 0x01: /* DVD copyright information */
1583 buf[4] = 0; /* no copyright data */
1584 buf[5] = 0; /* no region restrictions */
1585
1586 /* Size of buffer, not including 2 byte size field */
1587 cpu_to_be16wu((uint16_t *)buf, 4 + 2);
1588
1589 /* 4 byte header + 4 byte data */
1590 return (4 + 4);
1591
1592 case 0x03: /* BCA information - invalid field for no BCA info */
1593 return -ASC_INV_FIELD_IN_CMD_PACKET;
1594
1595 case 0x04: /* DVD disc manufacturing information */
1596 /* Size of buffer, not including 2 byte size field */
1597 cpu_to_be16wu((uint16_t *)buf, 2048 + 2);
1598
1599 /* 2k data + 4 byte header */
1600 return (2048 + 4);
1601
1602 case 0xff:
1603 /*
1604 * This lists all the command capabilities above. Add new ones
1605 * in order and update the length and buffer return values.
1606 */
1607
1608 buf[4] = 0x00; /* Physical format */
1609 buf[5] = 0x40; /* Not writable, is readable */
1610 cpu_to_be16wu((uint16_t *)(buf + 6), 2048 + 4);
1611
1612 buf[8] = 0x01; /* Copyright info */
1613 buf[9] = 0x40; /* Not writable, is readable */
1614 cpu_to_be16wu((uint16_t *)(buf + 10), 4 + 4);
1615
1616 buf[12] = 0x03; /* BCA info */
1617 buf[13] = 0x40; /* Not writable, is readable */
1618 cpu_to_be16wu((uint16_t *)(buf + 14), 188 + 4);
1619
1620 buf[16] = 0x04; /* Manufacturing info */
1621 buf[17] = 0x40; /* Not writable, is readable */
1622 cpu_to_be16wu((uint16_t *)(buf + 18), 2048 + 4);
1623
1624 /* Size of buffer, not including 2 byte size field */
1625 cpu_to_be16wu((uint16_t *)buf, 16 + 2);
1626
1627 /* data written + 4 byte header */
1628 return (16 + 4);
1629
1630 default: /* TODO: formats beyond DVD-ROM requires */
1631 return -ASC_INV_FIELD_IN_CMD_PACKET;
1632 }
1633}
1634
5391d806
FB		 1635static void ide_atapi_cmd(IDEState *s)
1636{
1637 const uint8_t *packet;
1638 uint8_t *buf;
1639 int max_len;
1640
1641 packet = s->io_buffer;
1642 buf = s->io_buffer;
1643#ifdef DEBUG_IDE_ATAPI
1644 {
1645 int i;
1646 printf("ATAPI limit=0x%x packet:", s->lcyl | (s->hcyl << 8));
1647 for(i = 0; i < ATAPI_PACKET_SIZE; i++) {
1648 printf(" %02x", packet[i]);
1649 }
1650 printf("\n");
1651 }
1652#endif
9118e7f0
AL		 1653 /* If there's a UNIT_ATTENTION condition pending, only
1654 REQUEST_SENSE and INQUIRY commands are allowed to complete. */
1655 if (s->sense_key == SENSE_UNIT_ATTENTION &&
1656 s->io_buffer[0] != GPCMD_REQUEST_SENSE &&
1657 s->io_buffer[0] != GPCMD_INQUIRY) {
1658 ide_atapi_cmd_check_status(s);
1659 return;
1660 }
5391d806
FB		 1661 switch(s->io_buffer[0]) {
1662 case GPCMD_TEST_UNIT_READY:
caed8802 1663 if (bdrv_is_inserted(s->bs)) {
5391d806
FB		 1664 ide_atapi_cmd_ok(s);
1665 } else {
5fafdf24 1666 ide_atapi_cmd_error(s, SENSE_NOT_READY,
5391d806
FB		 1667 ASC_MEDIUM_NOT_PRESENT);
1668 }
1669 break;
d14049ea 1670 case GPCMD_MODE_SENSE_6:
5391d806
FB		 1671 case GPCMD_MODE_SENSE_10:
1672 {
1673 int action, code;
d14049ea
TS		 1674 if (packet[0] == GPCMD_MODE_SENSE_10)
1675 max_len = ube16_to_cpu(packet + 7);
1676 else
1677 max_len = packet[4];
5391d806
FB		 1678 action = packet[2] >> 6;
1679 code = packet[2] & 0x3f;
1680 switch(action) {
1681 case 0: /* current values */
1682 switch(code) {
1683 case 0x01: /* error recovery */
1684 cpu_to_ube16(&buf[0], 16 + 6);
1685 buf[2] = 0x70;
1686 buf[3] = 0;
1687 buf[4] = 0;
1688 buf[5] = 0;
1689 buf[6] = 0;
1690 buf[7] = 0;
1691
1692 buf[8] = 0x01;
1693 buf[9] = 0x06;
1694 buf[10] = 0x00;
1695 buf[11] = 0x05;
1696 buf[12] = 0x00;
1697 buf[13] = 0x00;
1698 buf[14] = 0x00;
1699 buf[15] = 0x00;
1700 ide_atapi_cmd_reply(s, 16, max_len);
1701 break;
1702 case 0x2a:
1703 cpu_to_ube16(&buf[0], 28 + 6);
1704 buf[2] = 0x70;
1705 buf[3] = 0;
1706 buf[4] = 0;
1707 buf[5] = 0;
1708 buf[6] = 0;
1709 buf[7] = 0;
1710
1711 buf[8] = 0x2a;
1712 buf[9] = 0x12;
0d4a05a1 1713 buf[10] = 0x00;
5391d806 1714 buf[11] = 0x00;
3b46e624 1715
d5b4eb40
AL		 1716 /* Claim PLAY_AUDIO capability (0x01) since some Linux
1717 code checks for this to automount media. */
1718 buf[12] = 0x71;
5391d806
FB		 1719 buf[13] = 3 << 5;
1720 buf[14] = (1 << 0) | (1 << 3) | (1 << 5);
caed8802 1721 if (bdrv_is_locked(s->bs))
5391d806
FB		 1722 buf[6] |= 1 << 1;
1723 buf[15] = 0x00;
1724 cpu_to_ube16(&buf[16], 706);
1725 buf[18] = 0;
1726 buf[19] = 2;
1727 cpu_to_ube16(&buf[20], 512);
1728 cpu_to_ube16(&buf[22], 706);
1729 buf[24] = 0;
1730 buf[25] = 0;
1731 buf[26] = 0;
1732 buf[27] = 0;
1733 ide_atapi_cmd_reply(s, 28, max_len);
1734 break;
1735 default:
1736 goto error_cmd;
1737 }
1738 break;
1739 case 1: /* changeable values */
1740 goto error_cmd;
1741 case 2: /* default values */
1742 goto error_cmd;
1743 default:
1744 case 3: /* saved values */
5fafdf24 1745 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
5391d806
FB		 1746 ASC_SAVING_PARAMETERS_NOT_SUPPORTED);
1747 break;
1748 }
1749 }
1750 break;
1751 case GPCMD_REQUEST_SENSE:
1752 max_len = packet[4];
1753 memset(buf, 0, 18);
1754 buf[0] = 0x70 | (1 << 7);
1755 buf[2] = s->sense_key;
1756 buf[7] = 10;
1757 buf[12] = s->asc;
9118e7f0
AL		 1758 if (s->sense_key == SENSE_UNIT_ATTENTION)
1759 s->sense_key = SENSE_NONE;
5391d806
FB		 1760 ide_atapi_cmd_reply(s, 18, max_len);
1761 break;
1762 case GPCMD_PREVENT_ALLOW_MEDIUM_REMOVAL:
caed8802
FB		 1763 if (bdrv_is_inserted(s->bs)) {
1764 bdrv_set_locked(s->bs, packet[4] & 1);
5391d806
FB		 1765 ide_atapi_cmd_ok(s);
1766 } else {
5fafdf24 1767 ide_atapi_cmd_error(s, SENSE_NOT_READY,
5391d806
FB		 1768 ASC_MEDIUM_NOT_PRESENT);
1769 }
1770 break;
1771 case GPCMD_READ_10:
1772 case GPCMD_READ_12:
1773 {
1774 int nb_sectors, lba;
1775
5391d806
FB		 1776 if (packet[0] == GPCMD_READ_10)
1777 nb_sectors = ube16_to_cpu(packet + 7);
1778 else
1779 nb_sectors = ube32_to_cpu(packet + 6);
1780 lba = ube32_to_cpu(packet + 2);
1781 if (nb_sectors == 0) {
1782 ide_atapi_cmd_ok(s);
1783 break;
1784 }
98087450
FB		 1785 ide_atapi_cmd_read(s, lba, nb_sectors, 2048);
1786 }
1787 break;
1788 case GPCMD_READ_CD:
1789 {
1790 int nb_sectors, lba, transfer_request;
1791
98087450
FB		 1792 nb_sectors = (packet[6] << 16) | (packet[7] << 8) | packet[8];
1793 lba = ube32_to_cpu(packet + 2);
1794 if (nb_sectors == 0) {
1795 ide_atapi_cmd_ok(s);
1796 break;
1797 }
98087450
FB		 1798 transfer_request = packet[9];
1799 switch(transfer_request & 0xf8) {
1800 case 0x00:
1801 /* nothing */
1802 ide_atapi_cmd_ok(s);
1803 break;
1804 case 0x10:
1805 /* normal read */
1806 ide_atapi_cmd_read(s, lba, nb_sectors, 2048);
1807 break;
1808 case 0xf8:
1809 /* read all data */
1810 ide_atapi_cmd_read(s, lba, nb_sectors, 2352);
1811 break;
1812 default:
5fafdf24 1813 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
98087450
FB		 1814 ASC_INV_FIELD_IN_CMD_PACKET);
1815 break;
1816 }
5391d806
FB		 1817 }
1818 break;
1819 case GPCMD_SEEK:
1820 {
96b8f136
TS		 1821 unsigned int lba;
1822 uint64_t total_sectors;
66c6ef76
FB		 1823
1824 bdrv_get_geometry(s->bs, &total_sectors);
1825 total_sectors >>= 2;
96b8f136 1826 if (total_sectors == 0) {
5fafdf24 1827 ide_atapi_cmd_error(s, SENSE_NOT_READY,
5391d806
FB		 1828 ASC_MEDIUM_NOT_PRESENT);
1829 break;
1830 }
1831 lba = ube32_to_cpu(packet + 2);
66c6ef76 1832 if (lba >= total_sectors) {
5fafdf24 1833 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
5391d806
FB		 1834 ASC_LOGICAL_BLOCK_OOR);
1835 break;
1836 }
1837 ide_atapi_cmd_ok(s);
1838 }
1839 break;
1840 case GPCMD_START_STOP_UNIT:
1841 {
aea2a33c 1842 int start, eject, err = 0;
5391d806
FB		 1843 start = packet[4] & 1;
1844 eject = (packet[4] >> 1) & 1;
3b46e624 1845
aea2a33c
MM		 1846 if (eject) {
1847 err = bdrv_eject(s->bs, !start);
1848 }
1849
1850 switch (err) {
1851 case 0:
1852 ide_atapi_cmd_ok(s);
1853 break;
1854 case -EBUSY:
1855 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1856 ASC_MEDIA_REMOVAL_PREVENTED);
1857 break;
1858 default:
1859 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1860 ASC_MEDIUM_NOT_PRESENT);
1861 break;
caed8802 1862 }
5391d806
FB		 1863 }
1864 break;
1865 case GPCMD_MECHANISM_STATUS:
1866 {
1867 max_len = ube16_to_cpu(packet + 8);
1868 cpu_to_ube16(buf, 0);
1869 /* no current LBA */
1870 buf[2] = 0;
1871 buf[3] = 0;
1872 buf[4] = 0;
1873 buf[5] = 1;
1874 cpu_to_ube16(buf + 6, 0);
1875 ide_atapi_cmd_reply(s, 8, max_len);
1876 }
1877 break;
1878 case GPCMD_READ_TOC_PMA_ATIP:
1879 {
1880 int format, msf, start_track, len;
96b8f136 1881 uint64_t total_sectors;
5391d806 1882
66c6ef76
FB		 1883 bdrv_get_geometry(s->bs, &total_sectors);
1884 total_sectors >>= 2;
96b8f136 1885 if (total_sectors == 0) {
5fafdf24 1886 ide_atapi_cmd_error(s, SENSE_NOT_READY,
5391d806
FB		 1887 ASC_MEDIUM_NOT_PRESENT);
1888 break;
1889 }
1890 max_len = ube16_to_cpu(packet + 7);
1891 format = packet[9] >> 6;
1892 msf = (packet[1] >> 1) & 1;
1893 start_track = packet[6];
1894 switch(format) {
1895 case 0:
66c6ef76 1896 len = cdrom_read_toc(total_sectors, buf, msf, start_track);
5391d806
FB		 1897 if (len < 0)
1898 goto error_cmd;
1899 ide_atapi_cmd_reply(s, len, max_len);
1900 break;
1901 case 1:
1902 /* multi session : only a single session defined */
1903 memset(buf, 0, 12);
1904 buf[1] = 0x0a;
1905 buf[2] = 0x01;
1906 buf[3] = 0x01;
1907 ide_atapi_cmd_reply(s, 12, max_len);
1908 break;
98087450 1909 case 2:
66c6ef76 1910 len = cdrom_read_toc_raw(total_sectors, buf, msf, start_track);
98087450
FB		 1911 if (len < 0)
1912 goto error_cmd;
1913 ide_atapi_cmd_reply(s, len, max_len);
1914 break;
5391d806 1915 default:
7f777bf3 1916 error_cmd:
5fafdf24 1917 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
7f777bf3
FB		 1918 ASC_INV_FIELD_IN_CMD_PACKET);
1919 break;
5391d806
FB		 1920 }
1921 }
1922 break;
1923 case GPCMD_READ_CDVD_CAPACITY:
66c6ef76 1924 {
96b8f136 1925 uint64_t total_sectors;
66c6ef76
FB		 1926
1927 bdrv_get_geometry(s->bs, &total_sectors);
1928 total_sectors >>= 2;
96b8f136 1929 if (total_sectors == 0) {
5fafdf24 1930 ide_atapi_cmd_error(s, SENSE_NOT_READY,
66c6ef76
FB		 1931 ASC_MEDIUM_NOT_PRESENT);
1932 break;
1933 }
1934 /* NOTE: it is really the number of sectors minus 1 */
1935 cpu_to_ube32(buf, total_sectors - 1);
1936 cpu_to_ube32(buf + 4, 2048);
1937 ide_atapi_cmd_reply(s, 8, 8);
5391d806 1938 }
5391d806 1939 break;
d14049ea
TS		 1940 case GPCMD_READ_DVD_STRUCTURE:
1941 {
1942 int media = packet[1];
8114e9e8
TS		 1943 int format = packet[7];
1944 int ret;
d14049ea 1945
8114e9e8 1946 max_len = ube16_to_cpu(packet + 8);
d14049ea 1947
8114e9e8
TS		 1948 if (format < 0xff) {
1949 if (media_is_cd(s)) {
1950 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1951 ASC_INCOMPATIBLE_FORMAT);
1952 break;
1953 } else if (!media_present(s)) {
1954 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1955 ASC_INV_FIELD_IN_CMD_PACKET);
1956 break;
1957 }
1958 }
d14049ea 1959
8114e9e8
TS		 1960 memset(buf, 0, max_len > IDE_DMA_BUF_SECTORS * 512 + 4 ?
1961 IDE_DMA_BUF_SECTORS * 512 + 4 : max_len);
d14049ea 1962
8114e9e8
TS		 1963 switch (format) {
1964 case 0x00 ... 0x7f:
1965 case 0xff:
1966 if (media == 0) {
1967 ret = ide_dvd_read_structure(s, format, packet, buf);
d14049ea 1968
8114e9e8
TS		 1969 if (ret < 0)
1970 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST, -ret);
1971 else
1972 ide_atapi_cmd_reply(s, ret, max_len);
d14049ea 1973
8114e9e8
TS		 1974 break;
1975 }
1976 /* TODO: BD support, fall through for now */
1977
1978 /* Generic disk structures */
1979 case 0x80: /* TODO: AACS volume identifier */
1980 case 0x81: /* TODO: AACS media serial number */
1981 case 0x82: /* TODO: AACS media identifier */
1982 case 0x83: /* TODO: AACS media key block */
1983 case 0x90: /* TODO: List of recognized format layers */
1984 case 0xc0: /* TODO: Write protection status */
d14049ea
TS		 1985 default:
1986 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1987 ASC_INV_FIELD_IN_CMD_PACKET);
1988 break;
1989 }
1990 }
1991 break;
1992 case GPCMD_SET_SPEED:
1993 ide_atapi_cmd_ok(s);
1994 break;
bd0d90b2
FB		 1995 case GPCMD_INQUIRY:
1996 max_len = packet[4];
1997 buf[0] = 0x05; /* CD-ROM */
1998 buf[1] = 0x80; /* removable */
1999 buf[2] = 0x00; /* ISO */
2000 buf[3] = 0x21; /* ATAPI-2 (XXX: put ATAPI-4 ?) */
aa1f17c1 2001 buf[4] = 31; /* additional length */
bd0d90b2
FB		 2002 buf[5] = 0; /* reserved */
2003 buf[6] = 0; /* reserved */
2004 buf[7] = 0; /* reserved */
2005 padstr8(buf + 8, 8, "QEMU");
38cdea7c 2006 padstr8(buf + 16, 16, "QEMU DVD-ROM");
bd0d90b2
FB		 2007 padstr8(buf + 32, 4, QEMU_VERSION);
2008 ide_atapi_cmd_reply(s, 36, max_len);
2009 break;
d14049ea
TS		 2010 case GPCMD_GET_CONFIGURATION:
2011 {
38cdea7c 2012 uint32_t len;
091d055b 2013 uint8_t index = 0;
d14049ea
TS		 2014
2015 /* only feature 0 is supported */
2016 if (packet[2] != 0 || packet[3] != 0) {
2017 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
2018 ASC_INV_FIELD_IN_CMD_PACKET);
2019 break;
2020 }
38cdea7c
AZ		 2021
2022 /* XXX: could result in alignment problems in some architectures */
2023 max_len = ube16_to_cpu(packet + 7);
091d055b 2024
38cdea7c 2025 /*
091d055b
AZ		 2026 * XXX: avoid overflow for io_buffer if max_len is bigger than
2027 * the size of that buffer (dimensioned to max number of
2028 * sectors to transfer at once)
38cdea7c 2029 *
091d055b 2030 * Only a problem if the feature/profiles grow.
38cdea7c
AZ		 2031 */
2032 if (max_len > 512) /* XXX: assume 1 sector */
2033 max_len = 512;
2034
2035 memset(buf, 0, max_len);
2036 /*
2037 * the number of sectors from the media tells us which profile
2038 * to use as current. 0 means there is no media
38cdea7c 2039 */
8114e9e8
TS		 2040 if (media_is_dvd(s))
2041 cpu_to_ube16(buf + 6, MMC_PROFILE_DVD_ROM);
2042 else if (media_is_cd(s))
2043 cpu_to_ube16(buf + 6, MMC_PROFILE_CD_ROM);
38cdea7c 2044
091d055b
AZ		 2045 buf[10] = 0x02 | 0x01; /* persistent and current */
2046 len = 12; /* headers: 8 + 4 */
2047 len += ide_atapi_set_profile(buf, &index, MMC_PROFILE_DVD_ROM);
2048 len += ide_atapi_set_profile(buf, &index, MMC_PROFILE_CD_ROM);
38cdea7c
AZ		 2049 cpu_to_ube32(buf, len - 4); /* data length */
2050
2051 ide_atapi_cmd_reply(s, len, max_len);
d14049ea
TS		 2052 break;
2053 }
5391d806 2054 default:
5fafdf24 2055 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
7f777bf3 2056 ASC_ILLEGAL_OPCODE);
5391d806
FB		 2057 break;
2058 }
2059}
2060
201a51fc
AZ		 2061static void ide_cfata_metadata_inquiry(IDEState *s)
2062{
2063 uint16_t *p;
2064 uint32_t spd;
2065
2066 p = (uint16_t *) s->io_buffer;
2067 memset(p, 0, 0x200);
2068 spd = ((s->mdata_size - 1) >> 9) + 1;
2069
2070 put_le16(p + 0, 0x0001); /* Data format revision */
2071 put_le16(p + 1, 0x0000); /* Media property: silicon */
2072 put_le16(p + 2, s->media_changed); /* Media status */
2073 put_le16(p + 3, s->mdata_size & 0xffff); /* Capacity in bytes (low) */
2074 put_le16(p + 4, s->mdata_size >> 16); /* Capacity in bytes (high) */
2075 put_le16(p + 5, spd & 0xffff); /* Sectors per device (low) */
2076 put_le16(p + 6, spd >> 16); /* Sectors per device (high) */
2077}
2078
2079static void ide_cfata_metadata_read(IDEState *s)
2080{
2081 uint16_t *p;
2082
2083 if (((s->hcyl << 16) | s->lcyl) << 9 > s->mdata_size + 2) {
2084 s->status = ERR_STAT;
2085 s->error = ABRT_ERR;
2086 return;
2087 }
2088
2089 p = (uint16_t *) s->io_buffer;
2090 memset(p, 0, 0x200);
2091
2092 put_le16(p + 0, s->media_changed); /* Media status */
2093 memcpy(p + 1, s->mdata_storage + (((s->hcyl << 16) | s->lcyl) << 9),
2094 MIN(MIN(s->mdata_size - (((s->hcyl << 16) | s->lcyl) << 9),
2095 s->nsector << 9), 0x200 - 2));
2096}
2097
2098static void ide_cfata_metadata_write(IDEState *s)
2099{
2100 if (((s->hcyl << 16) | s->lcyl) << 9 > s->mdata_size + 2) {
2101 s->status = ERR_STAT;
2102 s->error = ABRT_ERR;
2103 return;
2104 }
2105
2106 s->media_changed = 0;
2107
2108 memcpy(s->mdata_storage + (((s->hcyl << 16) | s->lcyl) << 9),
2109 s->io_buffer + 2,
2110 MIN(MIN(s->mdata_size - (((s->hcyl << 16) | s->lcyl) << 9),
2111 s->nsector << 9), 0x200 - 2));
2112}
2113
bd491d6a
TS		 2114/* called when the inserted state of the media has changed */
2115static void cdrom_change_cb(void *opaque)
2116{
2117 IDEState *s = opaque;
96b8f136 2118 uint64_t nb_sectors;
bd491d6a 2119
bd491d6a
TS		 2120 bdrv_get_geometry(s->bs, &nb_sectors);
2121 s->nb_sectors = nb_sectors;
9118e7f0
AL		 2122
2123 s->sense_key = SENSE_UNIT_ATTENTION;
2124 s->asc = ASC_MEDIUM_MAY_HAVE_CHANGED;
2125
2126 ide_set_irq(s);
bd491d6a
TS		 2127}
2128
c2ff060f
FB		 2129static void ide_cmd_lba48_transform(IDEState *s, int lba48)
2130{
2131 s->lba48 = lba48;
2132
2133 /* handle the 'magic' 0 nsector count conversion here. to avoid
2134 * fiddling with the rest of the read logic, we just store the
2135 * full sector count in ->nsector and ignore ->hob_nsector from now
2136 */
2137 if (!s->lba48) {
2138 if (!s->nsector)
2139 s->nsector = 256;
2140 } else {
2141 if (!s->nsector && !s->hob_nsector)
2142 s->nsector = 65536;
2143 else {
2144 int lo = s->nsector;
2145 int hi = s->hob_nsector;
2146
2147 s->nsector = (hi << 8) | lo;
2148 }
2149 }
2150}
2151
2152static void ide_clear_hob(IDEState *ide_if)
2153{
2154 /* any write clears HOB high bit of device control register */
2155 ide_if[0].select &= ~(1 << 7);
2156 ide_if[1].select &= ~(1 << 7);
2157}
2158
caed8802
FB		 2159static void ide_ioport_write(void *opaque, uint32_t addr, uint32_t val)
2160{
2161 IDEState *ide_if = opaque;
c45c3d00 2162 IDEState *s;
5391d806 2163 int unit, n;
c2ff060f 2164 int lba48 = 0;
5391d806
FB		 2165
2166#ifdef DEBUG_IDE
2167 printf("IDE: write addr=0x%x val=0x%02x\n", addr, val);
2168#endif
c2ff060f 2169
5391d806 2170 addr &= 7;
fcdd25ab
AL		 2171
2172 /* ignore writes to command block while busy with previous command */
2173 if (addr != 7 && (ide_if->cur_drive->status & (BUSY_STAT|DRQ_STAT)))
2174 return;
2175
5391d806
FB		 2176 switch(addr) {
2177 case 0:
2178 break;
2179 case 1:
c2ff060f 2180 ide_clear_hob(ide_if);
c45c3d00 2181 /* NOTE: data is written to the two drives */
c2ff060f
FB		 2182 ide_if[0].hob_feature = ide_if[0].feature;
2183 ide_if[1].hob_feature = ide_if[1].feature;
c45c3d00
FB		 2184 ide_if[0].feature = val;
2185 ide_if[1].feature = val;
5391d806
FB		 2186 break;
2187 case 2:
c2ff060f
FB		 2188 ide_clear_hob(ide_if);
2189 ide_if[0].hob_nsector = ide_if[0].nsector;
2190 ide_if[1].hob_nsector = ide_if[1].nsector;
c45c3d00
FB		 2191 ide_if[0].nsector = val;
2192 ide_if[1].nsector = val;
5391d806
FB		 2193 break;
2194 case 3:
c2ff060f
FB		 2195 ide_clear_hob(ide_if);
2196 ide_if[0].hob_sector = ide_if[0].sector;
2197 ide_if[1].hob_sector = ide_if[1].sector;
c45c3d00
FB		 2198 ide_if[0].sector = val;
2199 ide_if[1].sector = val;
5391d806
FB		 2200 break;
2201 case 4:
c2ff060f
FB		 2202 ide_clear_hob(ide_if);
2203 ide_if[0].hob_lcyl = ide_if[0].lcyl;
2204 ide_if[1].hob_lcyl = ide_if[1].lcyl;
c45c3d00
FB		 2205 ide_if[0].lcyl = val;
2206 ide_if[1].lcyl = val;
5391d806
FB		 2207 break;
2208 case 5:
c2ff060f
FB		 2209 ide_clear_hob(ide_if);
2210 ide_if[0].hob_hcyl = ide_if[0].hcyl;
2211 ide_if[1].hob_hcyl = ide_if[1].hcyl;
c45c3d00
FB		 2212 ide_if[0].hcyl = val;
2213 ide_if[1].hcyl = val;
5391d806
FB		 2214 break;
2215 case 6:
c2ff060f 2216 /* FIXME: HOB readback uses bit 7 */
7ae98627
FB		 2217 ide_if[0].select = (val & ~0x10) | 0xa0;
2218 ide_if[1].select = (val | 0x10) | 0xa0;
5391d806
FB		 2219 /* select drive */
2220 unit = (val >> 4) & 1;
2221 s = ide_if + unit;
2222 ide_if->cur_drive = s;
5391d806
FB		 2223 break;
2224 default:
2225 case 7:
2226 /* command */
2227#if defined(DEBUG_IDE)
2228 printf("ide: CMD=%02x\n", val);
2229#endif
c45c3d00 2230 s = ide_if->cur_drive;
66201e2d 2231 /* ignore commands to non existant slave */
5fafdf24 2232 if (s != ide_if && !s->bs)
66201e2d 2233 break;
c2ff060f 2234
fcdd25ab
AL		 2235 /* Only DEVICE RESET is allowed while BSY or/and DRQ are set */
2236 if ((s->status & (BUSY_STAT|DRQ_STAT)) && val != WIN_DEVICE_RESET)
2237 break;
2238
5391d806
FB		 2239 switch(val) {
2240 case WIN_IDENTIFY:
2241 if (s->bs && !s->is_cdrom) {
201a51fc
AZ		 2242 if (!s->is_cf)
2243 ide_identify(s);
2244 else
2245 ide_cfata_identify(s);
2a282056 2246 s->status = READY_STAT | SEEK_STAT;
5391d806
FB		 2247 ide_transfer_start(s, s->io_buffer, 512, ide_transfer_stop);
2248 } else {
2249 if (s->is_cdrom) {
2250 ide_set_signature(s);
2251 }
2252 ide_abort_command(s);
2253 }
2254 ide_set_irq(s);
2255 break;
2256 case WIN_SPECIFY:
2257 case WIN_RECAL:
a136e5a8 2258 s->error = 0;
769bec72 2259 s->status = READY_STAT | SEEK_STAT;
5391d806
FB		 2260 ide_set_irq(s);
2261 break;
2262 case WIN_SETMULT:
201a51fc
AZ		 2263 if (s->is_cf && s->nsector == 0) {
2264 /* Disable Read and Write Multiple */
2265 s->mult_sectors = 0;
41a2b959 2266 s->status = READY_STAT | SEEK_STAT;
201a51fc 2267 } else if ((s->nsector & 0xff) != 0 &&
39dfc926
TS		 2268 ((s->nsector & 0xff) > MAX_MULT_SECTORS ||
2269 (s->nsector & (s->nsector - 1)) != 0)) {
5391d806
FB		 2270 ide_abort_command(s);
2271 } else {
292eef5a 2272 s->mult_sectors = s->nsector & 0xff;
41a2b959 2273 s->status = READY_STAT | SEEK_STAT;
5391d806
FB		 2274 }
2275 ide_set_irq(s);
2276 break;
c2ff060f
FB		 2277 case WIN_VERIFY_EXT:
2278 lba48 = 1;
4ce900b4
FB		 2279 case WIN_VERIFY:
2280 case WIN_VERIFY_ONCE:
2281 /* do sector number check ? */
c2ff060f 2282 ide_cmd_lba48_transform(s, lba48);
41a2b959 2283 s->status = READY_STAT | SEEK_STAT;
4ce900b4
FB		 2284 ide_set_irq(s);
2285 break;
c2ff060f
FB		 2286 case WIN_READ_EXT:
2287 lba48 = 1;
5391d806
FB		 2288 case WIN_READ:
2289 case WIN_READ_ONCE:
5fafdf24 2290 if (!s->bs)
6b136f9e 2291 goto abort_cmd;
c2ff060f 2292 ide_cmd_lba48_transform(s, lba48);
5391d806
FB		 2293 s->req_nb_sectors = 1;
2294 ide_sector_read(s);
2295 break;
c2ff060f
FB		 2296 case WIN_WRITE_EXT:
2297 lba48 = 1;
5391d806
FB		 2298 case WIN_WRITE:
2299 case WIN_WRITE_ONCE:
201a51fc
AZ		 2300 case CFA_WRITE_SECT_WO_ERASE:
2301 case WIN_WRITE_VERIFY:
c2ff060f 2302 ide_cmd_lba48_transform(s, lba48);
a136e5a8 2303 s->error = 0;
f66723fa 2304 s->status = SEEK_STAT | READY_STAT;
5391d806
FB		 2305 s->req_nb_sectors = 1;
2306 ide_transfer_start(s, s->io_buffer, 512, ide_sector_write);
201a51fc 2307 s->media_changed = 1;
5391d806 2308 break;
c2ff060f
FB		 2309 case WIN_MULTREAD_EXT:
2310 lba48 = 1;
5391d806
FB		 2311 case WIN_MULTREAD:
2312 if (!s->mult_sectors)
2313 goto abort_cmd;
c2ff060f 2314 ide_cmd_lba48_transform(s, lba48);
5391d806
FB		 2315 s->req_nb_sectors = s->mult_sectors;
2316 ide_sector_read(s);
2317 break;
c2ff060f
FB		 2318 case WIN_MULTWRITE_EXT:
2319 lba48 = 1;
5391d806 2320 case WIN_MULTWRITE:
201a51fc 2321 case CFA_WRITE_MULTI_WO_ERASE:
5391d806
FB		 2322 if (!s->mult_sectors)
2323 goto abort_cmd;
c2ff060f 2324 ide_cmd_lba48_transform(s, lba48);
a136e5a8 2325 s->error = 0;
f66723fa 2326 s->status = SEEK_STAT | READY_STAT;
5391d806
FB		 2327 s->req_nb_sectors = s->mult_sectors;
2328 n = s->nsector;
2329 if (n > s->req_nb_sectors)
2330 n = s->req_nb_sectors;
2331 ide_transfer_start(s, s->io_buffer, 512 * n, ide_sector_write);
201a51fc 2332 s->media_changed = 1;
5391d806 2333 break;
c2ff060f
FB		 2334 case WIN_READDMA_EXT:
2335 lba48 = 1;
98087450
FB		 2336 case WIN_READDMA:
2337 case WIN_READDMA_ONCE:
5fafdf24 2338 if (!s->bs)
98087450 2339 goto abort_cmd;
c2ff060f 2340 ide_cmd_lba48_transform(s, lba48);
98087450
FB		 2341 ide_sector_read_dma(s);
2342 break;
c2ff060f
FB		 2343 case WIN_WRITEDMA_EXT:
2344 lba48 = 1;
98087450
FB		 2345 case WIN_WRITEDMA:
2346 case WIN_WRITEDMA_ONCE:
5fafdf24 2347 if (!s->bs)
98087450 2348 goto abort_cmd;
c2ff060f 2349 ide_cmd_lba48_transform(s, lba48);
98087450 2350 ide_sector_write_dma(s);
201a51fc 2351 s->media_changed = 1;
98087450 2352 break;
c2ff060f
FB		 2353 case WIN_READ_NATIVE_MAX_EXT:
2354 lba48 = 1;
5391d806 2355 case WIN_READ_NATIVE_MAX:
c2ff060f 2356 ide_cmd_lba48_transform(s, lba48);
5391d806 2357 ide_set_sector(s, s->nb_sectors - 1);
41a2b959 2358 s->status = READY_STAT | SEEK_STAT;
5391d806
FB		 2359 ide_set_irq(s);
2360 break;
a136e5a8 2361 case WIN_CHECKPOWERMODE1:
201a51fc 2362 case WIN_CHECKPOWERMODE2:
a136e5a8 2363 s->nsector = 0xff; /* device active or idle */
41a2b959 2364 s->status = READY_STAT | SEEK_STAT;
a136e5a8
FB		 2365 ide_set_irq(s);
2366 break;
34e538ae
FB		 2367 case WIN_SETFEATURES:
2368 if (!s->bs)
2369 goto abort_cmd;
2370 /* XXX: valid for CDROM ? */
2371 switch(s->feature) {
e1f63470
TS		 2372 case 0xcc: /* reverting to power-on defaults enable */
2373 case 0x66: /* reverting to power-on defaults disable */
34e538ae
FB		 2374 case 0x02: /* write cache enable */
2375 case 0x82: /* write cache disable */
2376 case 0xaa: /* read look-ahead enable */
2377 case 0x55: /* read look-ahead disable */
201a51fc
AZ		 2378 case 0x05: /* set advanced power management mode */
2379 case 0x85: /* disable advanced power management mode */
2380 case 0x69: /* NOP */
2381 case 0x67: /* NOP */
2382 case 0x96: /* NOP */
2383 case 0x9a: /* NOP */
c3e88d8c
TS		 2384 case 0x42: /* enable Automatic Acoustic Mode */
2385 case 0xc2: /* disable Automatic Acoustic Mode */
e0fe67aa 2386 s->status = READY_STAT | SEEK_STAT;
34e538ae
FB		 2387 ide_set_irq(s);
2388 break;
94458802
FB		 2389 case 0x03: { /* set transfer mode */
2390 uint8_t val = s->nsector & 0x07;
2391
2392 switch (s->nsector >> 3) {
2393 case 0x00: /* pio default */
2394 case 0x01: /* pio mode */
d1b5c20d
TS		 2395 put_le16(s->identify_data + 62,0x07);
2396 put_le16(s->identify_data + 63,0x07);
2397 put_le16(s->identify_data + 88,0x3f);
2398 break;
2399 case 0x02: /* sigle word dma mode*/
2400 put_le16(s->identify_data + 62,0x07 | (1 << (val + 8)));
94458802
FB		 2401 put_le16(s->identify_data + 63,0x07);
2402 put_le16(s->identify_data + 88,0x3f);
2403 break;
2404 case 0x04: /* mdma mode */
d1b5c20d 2405 put_le16(s->identify_data + 62,0x07);
94458802
FB		 2406 put_le16(s->identify_data + 63,0x07 | (1 << (val + 8)));
2407 put_le16(s->identify_data + 88,0x3f);
2408 break;
2409 case 0x08: /* udma mode */
d1b5c20d 2410 put_le16(s->identify_data + 62,0x07);
94458802
FB		 2411 put_le16(s->identify_data + 63,0x07);
2412 put_le16(s->identify_data + 88,0x3f | (1 << (val + 8)));
2413 break;
2414 default:
2415 goto abort_cmd;
2416 }
2417 s->status = READY_STAT | SEEK_STAT;
2418 ide_set_irq(s);
2419 break;
2420 }
34e538ae
FB		 2421 default:
2422 goto abort_cmd;
2423 }
2424 break;
c2ff060f
FB		 2425 case WIN_FLUSH_CACHE:
2426 case WIN_FLUSH_CACHE_EXT:
7a6cba61
PB		 2427 if (s->bs)
2428 bdrv_flush(s->bs);
41a2b959 2429 s->status = READY_STAT | SEEK_STAT;
7a6cba61
PB		 2430 ide_set_irq(s);
2431 break;
c3e88d8c
TS		 2432 case WIN_STANDBY:
2433 case WIN_STANDBY2:
2434 case WIN_STANDBYNOW1:
201a51fc 2435 case WIN_STANDBYNOW2:
c451ee71 2436 case WIN_IDLEIMMEDIATE:
201a51fc
AZ		 2437 case CFA_IDLEIMMEDIATE:
2438 case WIN_SETIDLE1:
2439 case WIN_SETIDLE2:
c3e88d8c
TS		 2440 case WIN_SLEEPNOW1:
2441 case WIN_SLEEPNOW2:
2442 s->status = READY_STAT;
a7dfe172
FB		 2443 ide_set_irq(s);
2444 break;
4fbfcd6d
AJ		 2445 case WIN_SEEK:
2446 if(s->is_cdrom)
2447 goto abort_cmd;
2448 /* XXX: Check that seek is within bounds */
2449 s->status = READY_STAT | SEEK_STAT;
2450 ide_set_irq(s);
2451 break;
5391d806
FB		 2452 /* ATAPI commands */
2453 case WIN_PIDENTIFY:
2454 if (s->is_cdrom) {
2455 ide_atapi_identify(s);
1298fe63 2456 s->status = READY_STAT | SEEK_STAT;
5391d806
FB		 2457 ide_transfer_start(s, s->io_buffer, 512, ide_transfer_stop);
2458 } else {
2459 ide_abort_command(s);
2460 }
2461 ide_set_irq(s);
2462 break;
c451ee71
FB		 2463 case WIN_DIAGNOSE:
2464 ide_set_signature(s);
33256a25
AL		 2465 if (s->is_cdrom)
2466 s->status = 0; /* ATAPI spec (v6) section 9.10 defines packet
2467 * devices to return a clear status register
2468 * with READY_STAT *not* set. */
2469 else
2470 s->status = READY_STAT | SEEK_STAT;
2471 s->error = 0x01; /* Device 0 passed, Device 1 passed or not
2472 * present.
2473 */
f5fdd0a8 2474 ide_set_irq(s);
c451ee71 2475 break;
5391d806
FB		 2476 case WIN_SRST:
2477 if (!s->is_cdrom)
2478 goto abort_cmd;
2479 ide_set_signature(s);
6b136f9e 2480 s->status = 0x00; /* NOTE: READY is _not_ set */
5391d806
FB		 2481 s->error = 0x01;
2482 break;
2483 case WIN_PACKETCMD:
2484 if (!s->is_cdrom)
2485 goto abort_cmd;
98087450
FB		 2486 /* overlapping commands not supported */
2487 if (s->feature & 0x02)
5391d806 2488 goto abort_cmd;
41a2b959 2489 s->status = READY_STAT | SEEK_STAT;
98087450 2490 s->atapi_dma = s->feature & 1;
5391d806 2491 s->nsector = 1;
5fafdf24 2492 ide_transfer_start(s, s->io_buffer, ATAPI_PACKET_SIZE,
5391d806
FB		 2493 ide_atapi_cmd);
2494 break;
201a51fc
AZ		 2495 /* CF-ATA commands */
2496 case CFA_REQ_EXT_ERROR_CODE:
2497 if (!s->is_cf)
2498 goto abort_cmd;
2499 s->error = 0x09; /* miscellaneous error */
41a2b959 2500 s->status = READY_STAT | SEEK_STAT;
201a51fc
AZ		 2501 ide_set_irq(s);
2502 break;
2503 case CFA_ERASE_SECTORS:
2504 case CFA_WEAR_LEVEL:
2505 if (!s->is_cf)
2506 goto abort_cmd;
2507 if (val == CFA_WEAR_LEVEL)
2508 s->nsector = 0;
2509 if (val == CFA_ERASE_SECTORS)
2510 s->media_changed = 1;
2511 s->error = 0x00;
41a2b959 2512 s->status = READY_STAT | SEEK_STAT;
201a51fc
AZ		 2513 ide_set_irq(s);
2514 break;
2515 case CFA_TRANSLATE_SECTOR:
2516 if (!s->is_cf)
2517 goto abort_cmd;
2518 s->error = 0x00;
41a2b959 2519 s->status = READY_STAT | SEEK_STAT;
201a51fc
AZ		 2520 memset(s->io_buffer, 0, 0x200);
2521 s->io_buffer[0x00] = s->hcyl; /* Cyl MSB */
2522 s->io_buffer[0x01] = s->lcyl; /* Cyl LSB */
2523 s->io_buffer[0x02] = s->select; /* Head */
2524 s->io_buffer[0x03] = s->sector; /* Sector */
2525 s->io_buffer[0x04] = ide_get_sector(s) >> 16; /* LBA MSB */
2526 s->io_buffer[0x05] = ide_get_sector(s) >> 8; /* LBA */
2527 s->io_buffer[0x06] = ide_get_sector(s) >> 0; /* LBA LSB */
2528 s->io_buffer[0x13] = 0x00; /* Erase flag */
2529 s->io_buffer[0x18] = 0x00; /* Hot count */
2530 s->io_buffer[0x19] = 0x00; /* Hot count */
2531 s->io_buffer[0x1a] = 0x01; /* Hot count */
2532 ide_transfer_start(s, s->io_buffer, 0x200, ide_transfer_stop);
2533 ide_set_irq(s);
2534 break;
2535 case CFA_ACCESS_METADATA_STORAGE:
2536 if (!s->is_cf)
2537 goto abort_cmd;
2538 switch (s->feature) {
2539 case 0x02: /* Inquiry Metadata Storage */
2540 ide_cfata_metadata_inquiry(s);
2541 break;
2542 case 0x03: /* Read Metadata Storage */
2543 ide_cfata_metadata_read(s);
2544 break;
2545 case 0x04: /* Write Metadata Storage */
2546 ide_cfata_metadata_write(s);
2547 break;
2548 default:
2549 goto abort_cmd;
2550 }
2551 ide_transfer_start(s, s->io_buffer, 0x200, ide_transfer_stop);
2552 s->status = 0x00; /* NOTE: READY is _not_ set */
2553 ide_set_irq(s);
2554 break;
2555 case IBM_SENSE_CONDITION:
2556 if (!s->is_cf)
2557 goto abort_cmd;
2558 switch (s->feature) {
2559 case 0x01: /* sense temperature in device */
2560 s->nsector = 0x50; /* +20 C */
2561 break;
2562 default:
2563 goto abort_cmd;
2564 }
41a2b959 2565 s->status = READY_STAT | SEEK_STAT;
201a51fc
AZ		 2566 ide_set_irq(s);
2567 break;
5391d806
FB		 2568 default:
2569 abort_cmd:
2570 ide_abort_command(s);
2571 ide_set_irq(s);
2572 break;
2573 }
2574 }
2575}
2576
caed8802 2577static uint32_t ide_ioport_read(void *opaque, uint32_t addr1)
5391d806 2578{
7ae98627
FB		 2579 IDEState *ide_if = opaque;
2580 IDEState *s = ide_if->cur_drive;
5391d806 2581 uint32_t addr;
c2ff060f 2582 int ret, hob;
5391d806
FB		 2583
2584 addr = addr1 & 7;
c2ff060f
FB		 2585 /* FIXME: HOB readback uses bit 7, but it's always set right now */
2586 //hob = s->select & (1 << 7);
2587 hob = 0;
5391d806
FB		 2588 switch(addr) {
2589 case 0:
2590 ret = 0xff;
2591 break;
2592 case 1:
c45ca54f
AL		 2593 if ((!ide_if[0].bs && !ide_if[1].bs) ||
2594 (s != ide_if && !s->bs))
c45c3d00 2595 ret = 0;
c2ff060f 2596 else if (!hob)
c45c3d00 2597 ret = s->error;
c2ff060f
FB		 2598 else
2599 ret = s->hob_feature;
5391d806
FB		 2600 break;
2601 case 2:
7ae98627 2602 if (!ide_if[0].bs && !ide_if[1].bs)
c45c3d00 2603 ret = 0;
c2ff060f 2604 else if (!hob)
c45c3d00 2605 ret = s->nsector & 0xff;
c2ff060f
FB		 2606 else
2607 ret = s->hob_nsector;
5391d806
FB		 2608 break;
2609 case 3:
7ae98627 2610 if (!ide_if[0].bs && !ide_if[1].bs)
c45c3d00 2611 ret = 0;
c2ff060f 2612 else if (!hob)
c45c3d00 2613 ret = s->sector;
c2ff060f
FB		 2614 else
2615 ret = s->hob_sector;
5391d806
FB		 2616 break;
2617 case 4:
7ae98627 2618 if (!ide_if[0].bs && !ide_if[1].bs)
c45c3d00 2619 ret = 0;
c2ff060f 2620 else if (!hob)
c45c3d00 2621 ret = s->lcyl;
c2ff060f
FB		 2622 else
2623 ret = s->hob_lcyl;
5391d806
FB		 2624 break;
2625 case 5:
7ae98627 2626 if (!ide_if[0].bs && !ide_if[1].bs)
c45c3d00 2627 ret = 0;
c2ff060f 2628 else if (!hob)
c45c3d00 2629 ret = s->hcyl;
c2ff060f
FB		 2630 else
2631 ret = s->hob_hcyl;
5391d806
FB		 2632 break;
2633 case 6:
7ae98627 2634 if (!ide_if[0].bs && !ide_if[1].bs)
c45c3d00
FB		 2635 ret = 0;
2636 else
7ae98627 2637 ret = s->select;
5391d806
FB		 2638 break;
2639 default:
2640 case 7:
66201e2d
FB		 2641 if ((!ide_if[0].bs && !ide_if[1].bs) ||
2642 (s != ide_if && !s->bs))
c45c3d00
FB		 2643 ret = 0;
2644 else
2645 ret = s->status;
d537cf6c 2646 qemu_irq_lower(s->irq);
5391d806
FB		 2647 break;
2648 }
2649#ifdef DEBUG_IDE
2650 printf("ide: read addr=0x%x val=%02x\n", addr1, ret);
2651#endif
2652 return ret;
2653}
2654
caed8802 2655static uint32_t ide_status_read(void *opaque, uint32_t addr)
5391d806 2656{
7ae98627
FB		 2657 IDEState *ide_if = opaque;
2658 IDEState *s = ide_if->cur_drive;
5391d806 2659 int ret;
7ae98627 2660
66201e2d
FB		 2661 if ((!ide_if[0].bs && !ide_if[1].bs) ||
2662 (s != ide_if && !s->bs))
7ae98627
FB		 2663 ret = 0;
2664 else
2665 ret = s->status;
5391d806
FB		 2666#ifdef DEBUG_IDE
2667 printf("ide: read status addr=0x%x val=%02x\n", addr, ret);
2668#endif
2669 return ret;
2670}
2671
caed8802 2672static void ide_cmd_write(void *opaque, uint32_t addr, uint32_t val)
5391d806 2673{
caed8802 2674 IDEState *ide_if = opaque;
5391d806
FB		 2675 IDEState *s;
2676 int i;
2677
2678#ifdef DEBUG_IDE
2679 printf("ide: write control addr=0x%x val=%02x\n", addr, val);
2680#endif
2681 /* common for both drives */
2682 if (!(ide_if[0].cmd & IDE_CMD_RESET) &&
2683 (val & IDE_CMD_RESET)) {
2684 /* reset low to high */
2685 for(i = 0;i < 2; i++) {
2686 s = &ide_if[i];
2687 s->status = BUSY_STAT | SEEK_STAT;
2688 s->error = 0x01;
2689 }
2690 } else if ((ide_if[0].cmd & IDE_CMD_RESET) &&
2691 !(val & IDE_CMD_RESET)) {
2692 /* high to low */
2693 for(i = 0;i < 2; i++) {
2694 s = &ide_if[i];
6b136f9e
FB		 2695 if (s->is_cdrom)
2696 s->status = 0x00; /* NOTE: READY is _not_ set */
2697 else
56bf1d37 2698 s->status = READY_STAT | SEEK_STAT;
5391d806
FB		 2699 ide_set_signature(s);
2700 }
2701 }
2702
2703 ide_if[0].cmd = val;
2704 ide_if[1].cmd = val;
2705}
2706
caed8802 2707static void ide_data_writew(void *opaque, uint32_t addr, uint32_t val)
5391d806 2708{
caed8802 2709 IDEState *s = ((IDEState *)opaque)->cur_drive;
5391d806
FB		 2710 uint8_t *p;
2711
fcdd25ab
AL		 2712 /* PIO data access allowed only when DRQ bit is set */
2713 if (!(s->status & DRQ_STAT))
2714 return;
2715
5391d806 2716 p = s->data_ptr;
0c4ad8dc 2717 *(uint16_t *)p = le16_to_cpu(val);
5391d806
FB		 2718 p += 2;
2719 s->data_ptr = p;
2720 if (p >= s->data_end)
2721 s->end_transfer_func(s);
2722}
2723
caed8802 2724static uint32_t ide_data_readw(void *opaque, uint32_t addr)
5391d806 2725{
caed8802 2726 IDEState *s = ((IDEState *)opaque)->cur_drive;
5391d806
FB		 2727 uint8_t *p;
2728 int ret;
fcdd25ab
AL		 2729
2730 /* PIO data access allowed only when DRQ bit is set */
2731 if (!(s->status & DRQ_STAT))
2732 return 0;
2733
5391d806 2734 p = s->data_ptr;
0c4ad8dc 2735 ret = cpu_to_le16(*(uint16_t *)p);
5391d806
FB		 2736 p += 2;
2737 s->data_ptr = p;
2738 if (p >= s->data_end)
2739 s->end_transfer_func(s);
2740 return ret;
2741}
2742
caed8802 2743static void ide_data_writel(void *opaque, uint32_t addr, uint32_t val)
5391d806 2744{
caed8802 2745 IDEState *s = ((IDEState *)opaque)->cur_drive;
5391d806
FB		 2746 uint8_t *p;
2747
fcdd25ab
AL		 2748 /* PIO data access allowed only when DRQ bit is set */
2749 if (!(s->status & DRQ_STAT))
2750 return;
2751
5391d806 2752 p = s->data_ptr;
0c4ad8dc 2753 *(uint32_t *)p = le32_to_cpu(val);
5391d806
FB		 2754 p += 4;
2755 s->data_ptr = p;
2756 if (p >= s->data_end)
2757 s->end_transfer_func(s);
2758}
2759
caed8802 2760static uint32_t ide_data_readl(void *opaque, uint32_t addr)
5391d806 2761{
caed8802 2762 IDEState *s = ((IDEState *)opaque)->cur_drive;
5391d806
FB		 2763 uint8_t *p;
2764 int ret;
3b46e624 2765
fcdd25ab
AL		 2766 /* PIO data access allowed only when DRQ bit is set */
2767 if (!(s->status & DRQ_STAT))
2768 return 0;
2769
5391d806 2770 p = s->data_ptr;
0c4ad8dc 2771 ret = cpu_to_le32(*(uint32_t *)p);
5391d806
FB		 2772 p += 4;
2773 s->data_ptr = p;
2774 if (p >= s->data_end)
2775 s->end_transfer_func(s);
2776 return ret;
2777}
2778
a7dfe172
FB		 2779static void ide_dummy_transfer_stop(IDEState *s)
2780{
2781 s->data_ptr = s->io_buffer;
2782 s->data_end = s->io_buffer;
2783 s->io_buffer[0] = 0xff;
2784 s->io_buffer[1] = 0xff;
2785 s->io_buffer[2] = 0xff;
2786 s->io_buffer[3] = 0xff;
2787}
2788
5391d806
FB		 2789static void ide_reset(IDEState *s)
2790{
201a51fc
AZ		 2791 if (s->is_cf)
2792 s->mult_sectors = 0;
2793 else
2794 s->mult_sectors = MAX_MULT_SECTORS;
5391d806
FB		 2795 s->cur_drive = s;
2796 s->select = 0xa0;
41a2b959 2797 s->status = READY_STAT | SEEK_STAT;
5391d806 2798 ide_set_signature(s);
a7dfe172
FB		 2799 /* init the transfer handler so that 0xffff is returned on data
2800 accesses */
2801 s->end_transfer_func = ide_dummy_transfer_stop;
2802 ide_dummy_transfer_stop(s);
201a51fc 2803 s->media_changed = 0;
5391d806
FB		 2804}
2805
5457c8ce
FB		 2806static void ide_init2(IDEState *ide_state,
2807 BlockDriverState *hd0, BlockDriverState *hd1,
d537cf6c 2808 qemu_irq irq)
5391d806 2809{
69b91039 2810 IDEState *s;
aedf5382 2811 static int drive_serial = 1;
f3d54fc4 2812 int i, cylinders, heads, secs;
96b8f136 2813 uint64_t nb_sectors;
5391d806 2814
caed8802
FB		 2815 for(i = 0; i < 2; i++) {
2816 s = ide_state + i;
2817 if (i == 0)
2818 s->bs = hd0;
2819 else
2820 s->bs = hd1;
e268ca52 2821 s->io_buffer = qemu_blockalign(s->bs, IDE_DMA_BUF_SECTORS*512 + 4);
5391d806
FB		 2822 if (s->bs) {
2823 bdrv_get_geometry(s->bs, &nb_sectors);
f3d54fc4
AL		 2824 bdrv_guess_geometry(s->bs, &cylinders, &heads, &secs);
2825 s->cylinders = cylinders;
2826 s->heads = heads;
2827 s->sectors = secs;
5391d806 2828 s->nb_sectors = nb_sectors;
f3d54fc4 2829
caed8802
FB		 2830 if (bdrv_get_type_hint(s->bs) == BDRV_TYPE_CDROM) {
2831 s->is_cdrom = 1;
bd491d6a 2832 bdrv_set_change_cb(s->bs, cdrom_change_cb, s);
5391d806
FB		 2833 }
2834 }
aedf5382 2835 s->drive_serial = drive_serial++;
fa879c64
AL		 2836 strncpy(s->drive_serial_str, drive_get_serial(s->bs),
2837 sizeof(s->drive_serial_str));
2838 if (strlen(s->drive_serial_str) == 0)
2839 snprintf(s->drive_serial_str, sizeof(s->drive_serial_str),
2840 "QM%05d", s->drive_serial);
caed8802 2841 s->irq = irq;
5fafdf24 2842 s->sector_write_timer = qemu_new_timer(vm_clock,
a09db21f 2843 ide_sector_write_timer_cb, s);
5391d806
FB		 2844 ide_reset(s);
2845 }
69b91039
FB		 2846}
2847
34e538ae 2848static void ide_init_ioport(IDEState *ide_state, int iobase, int iobase2)
69b91039 2849{
caed8802
FB		 2850 register_ioport_write(iobase, 8, 1, ide_ioport_write, ide_state);
2851 register_ioport_read(iobase, 8, 1, ide_ioport_read, ide_state);
2852 if (iobase2) {
2853 register_ioport_read(iobase2, 1, 1, ide_status_read, ide_state);
2854 register_ioport_write(iobase2, 1, 1, ide_cmd_write, ide_state);
5391d806 2855 }
3b46e624 2856
caed8802
FB		 2857 /* data ports */
2858 register_ioport_write(iobase, 2, 2, ide_data_writew, ide_state);
2859 register_ioport_read(iobase, 2, 2, ide_data_readw, ide_state);
2860 register_ioport_write(iobase, 4, 4, ide_data_writel, ide_state);
2861 register_ioport_read(iobase, 4, 4, ide_data_readl, ide_state);
5391d806 2862}
69b91039 2863
aa941b94
AZ		 2864/* save per IDE drive data */
2865static void ide_save(QEMUFile* f, IDEState *s)
2866{
bee8d684
TS		 2867 qemu_put_be32(f, s->mult_sectors);
2868 qemu_put_be32(f, s->identify_set);
aa941b94
AZ		 2869 if (s->identify_set) {
2870 qemu_put_buffer(f, (const uint8_t *)s->identify_data, 512);
2871 }
2872 qemu_put_8s(f, &s->feature);
2873 qemu_put_8s(f, &s->error);
2874 qemu_put_be32s(f, &s->nsector);
2875 qemu_put_8s(f, &s->sector);
2876 qemu_put_8s(f, &s->lcyl);
2877 qemu_put_8s(f, &s->hcyl);
2878 qemu_put_8s(f, &s->hob_feature);
2879 qemu_put_8s(f, &s->hob_nsector);
2880 qemu_put_8s(f, &s->hob_sector);
2881 qemu_put_8s(f, &s->hob_lcyl);
2882 qemu_put_8s(f, &s->hob_hcyl);
2883 qemu_put_8s(f, &s->select);
2884 qemu_put_8s(f, &s->status);
2885 qemu_put_8s(f, &s->lba48);
2886
2887 qemu_put_8s(f, &s->sense_key);
2888 qemu_put_8s(f, &s->asc);
2889 /* XXX: if a transfer is pending, we do not save it yet */
2890}
2891
2892/* load per IDE drive data */
2893static void ide_load(QEMUFile* f, IDEState *s)
2894{
bee8d684
TS		 2895 s->mult_sectors=qemu_get_be32(f);
2896 s->identify_set=qemu_get_be32(f);
aa941b94
AZ		 2897 if (s->identify_set) {
2898 qemu_get_buffer(f, (uint8_t *)s->identify_data, 512);
2899 }
2900 qemu_get_8s(f, &s->feature);
2901 qemu_get_8s(f, &s->error);
2902 qemu_get_be32s(f, &s->nsector);
2903 qemu_get_8s(f, &s->sector);
2904 qemu_get_8s(f, &s->lcyl);
2905 qemu_get_8s(f, &s->hcyl);
2906 qemu_get_8s(f, &s->hob_feature);
2907 qemu_get_8s(f, &s->hob_nsector);
2908 qemu_get_8s(f, &s->hob_sector);
2909 qemu_get_8s(f, &s->hob_lcyl);
2910 qemu_get_8s(f, &s->hob_hcyl);
2911 qemu_get_8s(f, &s->select);
2912 qemu_get_8s(f, &s->status);
2913 qemu_get_8s(f, &s->lba48);
2914
2915 qemu_get_8s(f, &s->sense_key);
2916 qemu_get_8s(f, &s->asc);
2917 /* XXX: if a transfer is pending, we do not save it yet */
2918}
2919
34e538ae
FB		 2920/***********************************************************/
2921/* ISA IDE definitions */
2922
d537cf6c 2923void isa_ide_init(int iobase, int iobase2, qemu_irq irq,
34e538ae
FB		 2924 BlockDriverState *hd0, BlockDriverState *hd1)
2925{
2926 IDEState *ide_state;
2927
2928 ide_state = qemu_mallocz(sizeof(IDEState) * 2);
3b46e624 2929
d537cf6c 2930 ide_init2(ide_state, hd0, hd1, irq);
34e538ae
FB		 2931 ide_init_ioport(ide_state, iobase, iobase2);
2932}
2933
69b91039
FB		 2934/***********************************************************/
2935/* PCI IDE definitions */
2936
5457c8ce
FB		 2937static void cmd646_update_irq(PCIIDEState *d);
2938
5fafdf24 2939static void ide_map(PCIDevice *pci_dev, int region_num,
69b91039
FB		 2940 uint32_t addr, uint32_t size, int type)
2941{
2942 PCIIDEState *d = (PCIIDEState *)pci_dev;
2943 IDEState *ide_state;
2944
2945 if (region_num <= 3) {
2946 ide_state = &d->ide_if[(region_num >> 1) * 2];
2947 if (region_num & 1) {
2948 register_ioport_read(addr + 2, 1, 1, ide_status_read, ide_state);
2949 register_ioport_write(addr + 2, 1, 1, ide_cmd_write, ide_state);
2950 } else {
2951 register_ioport_write(addr, 8, 1, ide_ioport_write, ide_state);
2952 register_ioport_read(addr, 8, 1, ide_ioport_read, ide_state);
2953
2954 /* data ports */
2955 register_ioport_write(addr, 2, 2, ide_data_writew, ide_state);
2956 register_ioport_read(addr, 2, 2, ide_data_readw, ide_state);
2957 register_ioport_write(addr, 4, 4, ide_data_writel, ide_state);
2958 register_ioport_read(addr, 4, 4, ide_data_readl, ide_state);
2959 }
2960 }
2961}
2962
8ccad811 2963static void ide_dma_start(IDEState *s, BlockDriverCompletionFunc *dma_cb)
98087450
FB		 2964{
2965 BMDMAState *bm = s->bmdma;
2966 if(!bm)
2967 return;
2968 bm->ide_if = s;
2969 bm->dma_cb = dma_cb;
8ccad811
FB		 2970 bm->cur_prd_last = 0;
2971 bm->cur_prd_addr = 0;
2972 bm->cur_prd_len = 0;
428c5705
AL		 2973 bm->sector_num = ide_get_sector(s);
2974 bm->nsector = s->nsector;
98087450 2975 if (bm->status & BM_STATUS_DMAING) {
8ccad811 2976 bm->dma_cb(bm, 0);
98087450
FB		 2977 }
2978}
2979
428c5705
AL		 2980static void ide_dma_restart(IDEState *s)
2981{
2982 BMDMAState *bm = s->bmdma;
2983 ide_set_sector(s, bm->sector_num);
2984 s->io_buffer_index = 0;
2985 s->io_buffer_size = 0;
2986 s->nsector = bm->nsector;
2987 bm->cur_addr = bm->addr;
2988 bm->dma_cb = ide_write_dma_cb;
2989 ide_dma_start(s, bm->dma_cb);
2990}
2991
72c7b06c
AL		 2992static void ide_dma_cancel(BMDMAState *bm)
2993{
2994 if (bm->status & BM_STATUS_DMAING) {
2995 bm->status &= ~BM_STATUS_DMAING;
2996 /* cancel DMA request */
2997 bm->ide_if = NULL;
2998 bm->dma_cb = NULL;
2999 if (bm->aiocb) {
3000#ifdef DEBUG_AIO
3001 printf("aio_cancel\n");
3002#endif
3003 bdrv_aio_cancel(bm->aiocb);
3004 bm->aiocb = NULL;
3005 }
3006 }
3007}
3008
98087450
FB		 3009static void bmdma_cmd_writeb(void *opaque, uint32_t addr, uint32_t val)
3010{
3011 BMDMAState *bm = opaque;
3012#ifdef DEBUG_IDE
3013 printf("%s: 0x%08x\n", __func__, val);
3014#endif
3015 if (!(val & BM_CMD_START)) {
3016 /* XXX: do it better */
72c7b06c 3017 ide_dma_cancel(bm);
98087450
FB		 3018 bm->cmd = val & 0x09;
3019 } else {
8ccad811
FB		 3020 if (!(bm->status & BM_STATUS_DMAING)) {
3021 bm->status |= BM_STATUS_DMAING;
3022 /* start dma transfer if possible */
3023 if (bm->dma_cb)
3024 bm->dma_cb(bm, 0);
3025 }
98087450 3026 bm->cmd = val & 0x09;
98087450
FB		 3027 }
3028}
3029
5457c8ce 3030static uint32_t bmdma_readb(void *opaque, uint32_t addr)
98087450
FB		 3031{
3032 BMDMAState *bm = opaque;
5457c8ce 3033 PCIIDEState *pci_dev;
98087450 3034 uint32_t val;
3b46e624 3035
5457c8ce 3036 switch(addr & 3) {
5fafdf24 3037 case 0:
5457c8ce
FB		 3038 val = bm->cmd;
3039 break;
3040 case 1:
3041 pci_dev = bm->pci_dev;
3042 if (pci_dev->type == IDE_TYPE_CMD646) {
3043 val = pci_dev->dev.config[MRDMODE];
3044 } else {
3045 val = 0xff;
3046 }
3047 break;
3048 case 2:
3049 val = bm->status;
3050 break;
3051 case 3:
3052 pci_dev = bm->pci_dev;
3053 if (pci_dev->type == IDE_TYPE_CMD646) {
3054 if (bm == &pci_dev->bmdma[0])
3055 val = pci_dev->dev.config[UDIDETCR0];
3056 else
3057 val = pci_dev->dev.config[UDIDETCR1];
3058 } else {
3059 val = 0xff;
3060 }
3061 break;
3062 default:
3063 val = 0xff;
3064 break;
3065 }
98087450 3066#ifdef DEBUG_IDE
5457c8ce 3067 printf("bmdma: readb 0x%02x : 0x%02x\n", addr, val);
98087450
FB		 3068#endif
3069 return val;
3070}
3071
5457c8ce 3072static void bmdma_writeb(void *opaque, uint32_t addr, uint32_t val)
98087450
FB		 3073{
3074 BMDMAState *bm = opaque;
5457c8ce 3075 PCIIDEState *pci_dev;
98087450 3076#ifdef DEBUG_IDE
5457c8ce 3077 printf("bmdma: writeb 0x%02x : 0x%02x\n", addr, val);
98087450 3078#endif
5457c8ce
FB		 3079 switch(addr & 3) {
3080 case 1:
3081 pci_dev = bm->pci_dev;
3082 if (pci_dev->type == IDE_TYPE_CMD646) {
5fafdf24 3083 pci_dev->dev.config[MRDMODE] =
5457c8ce
FB		 3084 (pci_dev->dev.config[MRDMODE] & ~0x30) | (val & 0x30);
3085 cmd646_update_irq(pci_dev);
3086 }
3087 break;
3088 case 2:
3089 bm->status = (val & 0x60) | (bm->status & 1) | (bm->status & ~val & 0x06);
3090 break;
3091 case 3:
3092 pci_dev = bm->pci_dev;
3093 if (pci_dev->type == IDE_TYPE_CMD646) {
3094 if (bm == &pci_dev->bmdma[0])
3095 pci_dev->dev.config[UDIDETCR0] = val;
3096 else
3097 pci_dev->dev.config[UDIDETCR1] = val;
3098 }
3099 break;
3100 }
98087450
FB		 3101}
3102
5b9a1293
AJ		 3103static uint32_t bmdma_addr_readb(void *opaque, uint32_t addr)
3104{
3105 BMDMAState *bm = opaque;
3106 uint32_t val;
3107 val = (bm->addr >> ((addr & 3) * 8)) & 0xff;
3108#ifdef DEBUG_IDE
3109 printf("%s: 0x%08x\n", __func__, val);
3110#endif
3111 return val;
3112}
3113
3114static void bmdma_addr_writeb(void *opaque, uint32_t addr, uint32_t val)
3115{
3116 BMDMAState *bm = opaque;
3117 int shift = (addr & 3) * 8;
3118#ifdef DEBUG_IDE
3119 printf("%s: 0x%08x\n", __func__, val);
3120#endif
3121 bm->addr &= ~(0xFF << shift);
3122 bm->addr |= ((val & 0xFF) << shift) & ~3;
3123 bm->cur_addr = bm->addr;
3124}
3125
3126static uint32_t bmdma_addr_readw(void *opaque, uint32_t addr)
3127{
3128 BMDMAState *bm = opaque;
3129 uint32_t val;
3130 val = (bm->addr >> ((addr & 3) * 8)) & 0xffff;
3131#ifdef DEBUG_IDE
3132 printf("%s: 0x%08x\n", __func__, val);
3133#endif
3134 return val;
3135}
3136
3137static void bmdma_addr_writew(void *opaque, uint32_t addr, uint32_t val)
3138{
3139 BMDMAState *bm = opaque;
3140 int shift = (addr & 3) * 8;
3141#ifdef DEBUG_IDE
3142 printf("%s: 0x%08x\n", __func__, val);
3143#endif
3144 bm->addr &= ~(0xFFFF << shift);
3145 bm->addr |= ((val & 0xFFFF) << shift) & ~3;
3146 bm->cur_addr = bm->addr;
3147}
3148
98087450
FB		 3149static uint32_t bmdma_addr_readl(void *opaque, uint32_t addr)
3150{
3151 BMDMAState *bm = opaque;
3152 uint32_t val;
3153 val = bm->addr;
3154#ifdef DEBUG_IDE
3155 printf("%s: 0x%08x\n", __func__, val);
3156#endif
3157 return val;
3158}
3159
3160static void bmdma_addr_writel(void *opaque, uint32_t addr, uint32_t val)
3161{
3162 BMDMAState *bm = opaque;
3163#ifdef DEBUG_IDE
3164 printf("%s: 0x%08x\n", __func__, val);
3165#endif
3166 bm->addr = val & ~3;
30c4bbac 3167 bm->cur_addr = bm->addr;
98087450
FB		 3168}
3169
5fafdf24 3170static void bmdma_map(PCIDevice *pci_dev, int region_num,
98087450
FB		 3171 uint32_t addr, uint32_t size, int type)
3172{
3173 PCIIDEState *d = (PCIIDEState *)pci_dev;
3174 int i;
3175
3176 for(i = 0;i < 2; i++) {
3177 BMDMAState *bm = &d->bmdma[i];
3178 d->ide_if[2 * i].bmdma = bm;
3179 d->ide_if[2 * i + 1].bmdma = bm;
5457c8ce 3180 bm->pci_dev = (PCIIDEState *)pci_dev;
428c5705 3181 qemu_add_vm_change_state_handler(ide_dma_restart_cb, bm);
5457c8ce 3182
98087450 3183 register_ioport_write(addr, 1, 1, bmdma_cmd_writeb, bm);
98087450 3184
5457c8ce
FB		 3185 register_ioport_write(addr + 1, 3, 1, bmdma_writeb, bm);
3186 register_ioport_read(addr, 4, 1, bmdma_readb, bm);
98087450 3187
5b9a1293
AJ		 3188 register_ioport_write(addr + 4, 4, 1, bmdma_addr_writeb, bm);
3189 register_ioport_read(addr + 4, 4, 1, bmdma_addr_readb, bm);
3190 register_ioport_write(addr + 4, 4, 2, bmdma_addr_writew, bm);
3191 register_ioport_read(addr + 4, 4, 2, bmdma_addr_readw, bm);
98087450
FB		 3192 register_ioport_write(addr + 4, 4, 4, bmdma_addr_writel, bm);
3193 register_ioport_read(addr + 4, 4, 4, bmdma_addr_readl, bm);
3194 addr += 8;
3195 }
3196}
3197
9b64997f
BS		 3198static void pci_ide_save(QEMUFile* f, void *opaque)
3199{
3200 PCIIDEState *d = opaque;
3201 int i;
3202
3203 pci_device_save(&d->dev, f);
3204
3205 for(i = 0; i < 2; i++) {
3206 BMDMAState *bm = &d->bmdma[i];
428c5705 3207 uint8_t ifidx;
9b64997f
BS		 3208 qemu_put_8s(f, &bm->cmd);
3209 qemu_put_8s(f, &bm->status);
3210 qemu_put_be32s(f, &bm->addr);
428c5705
AL		 3211 qemu_put_sbe64s(f, &bm->sector_num);
3212 qemu_put_be32s(f, &bm->nsector);
3213 ifidx = bm->ide_if ? bm->ide_if - d->ide_if : 0;
3214 qemu_put_8s(f, &ifidx);
9b64997f
BS		 3215 /* XXX: if a transfer is pending, we do not save it yet */
3216 }
3217
3218 /* per IDE interface data */
3219 for(i = 0; i < 2; i++) {
3220 IDEState *s = &d->ide_if[i * 2];
3221 uint8_t drive1_selected;
3222 qemu_put_8s(f, &s->cmd);
3223 drive1_selected = (s->cur_drive != s);
3224 qemu_put_8s(f, &drive1_selected);
3225 }
3226
3227 /* per IDE drive data */
3228 for(i = 0; i < 4; i++) {
3229 ide_save(f, &d->ide_if[i]);
3230 }
3231}
3232
3233static int pci_ide_load(QEMUFile* f, void *opaque, int version_id)
3234{
3235 PCIIDEState *d = opaque;
3236 int ret, i;
3237
428c5705 3238 if (version_id != 2)
9b64997f
BS		 3239 return -EINVAL;
3240 ret = pci_device_load(&d->dev, f);
3241 if (ret < 0)
3242 return ret;
3243
3244 for(i = 0; i < 2; i++) {
3245 BMDMAState *bm = &d->bmdma[i];
428c5705 3246 uint8_t ifidx;
9b64997f
BS		 3247 qemu_get_8s(f, &bm->cmd);
3248 qemu_get_8s(f, &bm->status);
3249 qemu_get_be32s(f, &bm->addr);
428c5705
AL		 3250 qemu_get_sbe64s(f, &bm->sector_num);
3251 qemu_get_be32s(f, &bm->nsector);
3252 qemu_get_8s(f, &ifidx);
3253 bm->ide_if = &d->ide_if[ifidx];
9b64997f
BS		 3254 /* XXX: if a transfer is pending, we do not save it yet */
3255 }
3256
3257 /* per IDE interface data */
3258 for(i = 0; i < 2; i++) {
3259 IDEState *s = &d->ide_if[i * 2];
3260 uint8_t drive1_selected;
3261 qemu_get_8s(f, &s->cmd);
3262 qemu_get_8s(f, &drive1_selected);
3263 s->cur_drive = &d->ide_if[i * 2 + (drive1_selected != 0)];
3264 }
3265
3266 /* per IDE drive data */
3267 for(i = 0; i < 4; i++) {
3268 ide_load(f, &d->ide_if[i]);
3269 }
3270 return 0;
3271}
3272
5457c8ce
FB		 3273/* XXX: call it also when the MRDMODE is changed from the PCI config
3274 registers */
3275static void cmd646_update_irq(PCIIDEState *d)
3276{
3277 int pci_level;
3278 pci_level = ((d->dev.config[MRDMODE] & MRDMODE_INTR_CH0) &&
3279 !(d->dev.config[MRDMODE] & MRDMODE_BLK_CH0)) ||
3280 ((d->dev.config[MRDMODE] & MRDMODE_INTR_CH1) &&
3281 !(d->dev.config[MRDMODE] & MRDMODE_BLK_CH1));
d537cf6c 3282 qemu_set_irq(d->dev.irq[0], pci_level);
5457c8ce
FB		 3283}
3284
3285/* the PCI irq level is the logical OR of the two channels */
3286static void cmd646_set_irq(void *opaque, int channel, int level)
3287{
3288 PCIIDEState *d = opaque;
3289 int irq_mask;
3290
3291 irq_mask = MRDMODE_INTR_CH0 << channel;
3292 if (level)
3293 d->dev.config[MRDMODE] |= irq_mask;
3294 else
3295 d->dev.config[MRDMODE] &= ~irq_mask;
3296 cmd646_update_irq(d);
3297}
3298
6e6b7363
BS		 3299static void cmd646_reset(void *opaque)
3300{
3301 PCIIDEState *d = opaque;
3302 unsigned int i;
3303
3304 for (i = 0; i < 2; i++)
3305 ide_dma_cancel(&d->bmdma[i]);
3306}
3307
5457c8ce
FB		 3308/* CMD646 PCI IDE controller */
3309void pci_cmd646_ide_init(PCIBus *bus, BlockDriverState **hd_table,
3310 int secondary_ide_enabled)
69b91039
FB		 3311{
3312 PCIIDEState *d;
3313 uint8_t *pci_conf;
34e538ae 3314 int i;
d537cf6c 3315 qemu_irq *irq;
34e538ae 3316
5fafdf24 3317 d = (PCIIDEState *)pci_register_device(bus, "CMD646 IDE",
5457c8ce 3318 sizeof(PCIIDEState),
5fafdf24 3319 -1,
73c11f63 3320 NULL, NULL);
5457c8ce 3321 d->type = IDE_TYPE_CMD646;
69b91039 3322 pci_conf = d->dev.config;
deb54399
AL		 3323 pci_config_set_vendor_id(pci_conf, PCI_VENDOR_ID_CMD);
3324 pci_config_set_device_id(pci_conf, PCI_DEVICE_ID_CMD_646);
5457c8ce
FB		 3325
3326 pci_conf[0x08] = 0x07; // IDE controller revision
5fafdf24 3327 pci_conf[0x09] = 0x8f;
5457c8ce 3328
173a543b 3329 pci_config_set_class(pci_conf, PCI_CLASS_STORAGE_IDE);
6407f373 3330 pci_conf[PCI_HEADER_TYPE] = PCI_HEADER_TYPE_NORMAL; // header_type
3b46e624 3331
0516ede0 3332 pci_conf[0x51] = 0x04; // enable IDE0
5457c8ce
FB		 3333 if (secondary_ide_enabled) {
3334 /* XXX: if not enabled, really disable the seconday IDE controller */
0516ede0 3335 pci_conf[0x51] |= 0x08; /* enable IDE1 */
5457c8ce 3336 }
69b91039 3337
28c2c264 3338 pci_register_bar((PCIDevice *)d, 0, 0x8,
69b91039 3339 PCI_ADDRESS_SPACE_IO, ide_map);
28c2c264 3340 pci_register_bar((PCIDevice *)d, 1, 0x4,
69b91039 3341 PCI_ADDRESS_SPACE_IO, ide_map);
28c2c264 3342 pci_register_bar((PCIDevice *)d, 2, 0x8,
69b91039 3343 PCI_ADDRESS_SPACE_IO, ide_map);
28c2c264 3344 pci_register_bar((PCIDevice *)d, 3, 0x4,
69b91039 3345 PCI_ADDRESS_SPACE_IO, ide_map);
28c2c264 3346 pci_register_bar((PCIDevice *)d, 4, 0x10,
98087450 3347 PCI_ADDRESS_SPACE_IO, bmdma_map);
69b91039 3348
34e538ae 3349 pci_conf[0x3d] = 0x01; // interrupt on pin 1
3b46e624 3350
34e538ae
FB		 3351 for(i = 0; i < 4; i++)
3352 d->ide_if[i].pci_dev = (PCIDevice *)d;
d537cf6c
PB		 3353
3354 irq = qemu_allocate_irqs(cmd646_set_irq, d, 2);
3355 ide_init2(&d->ide_if[0], hd_table[0], hd_table[1], irq[0]);
3356 ide_init2(&d->ide_if[2], hd_table[2], hd_table[3], irq[1]);
6e6b7363 3357
428c5705 3358 register_savevm("ide", 0, 2, pci_ide_save, pci_ide_load, d);
a08d4367 3359 qemu_register_reset(cmd646_reset, d);
6e6b7363 3360 cmd646_reset(d);
34e538ae
FB		 3361}
3362
72c7b06c 3363static void piix3_reset(void *opaque)
e6a71ae3 3364{
72c7b06c 3365 PCIIDEState *d = opaque;
e6a71ae3 3366 uint8_t *pci_conf = d->dev.config;
72c7b06c
AL		 3367 int i;
3368
3369 for (i = 0; i < 2; i++)
3370 ide_dma_cancel(&d->bmdma[i]);
e6a71ae3
TS		 3371
3372 pci_conf[0x04] = 0x00;
3373 pci_conf[0x05] = 0x00;
3374 pci_conf[0x06] = 0x80; /* FBC */
3375 pci_conf[0x07] = 0x02; // PCI_status_devsel_medium
3376 pci_conf[0x20] = 0x01; /* BMIBA: 20-23h */
3377}
3378
34e538ae
FB		 3379/* hd_table must contain 4 block drivers */
3380/* NOTE: for the PIIX3, the IRQs and IOports are hardcoded */
d537cf6c
PB		 3381void pci_piix3_ide_init(PCIBus *bus, BlockDriverState **hd_table, int devfn,
3382 qemu_irq *pic)
34e538ae
FB		 3383{
3384 PCIIDEState *d;
3385 uint8_t *pci_conf;
b0a7b120 3386 int i;
3b46e624 3387
34e538ae 3388 /* register a function 1 of PIIX3 */
5fafdf24 3389 d = (PCIIDEState *)pci_register_device(bus, "PIIX3 IDE",
46e50e9d 3390 sizeof(PCIIDEState),
502a5395 3391 devfn,
34e538ae 3392 NULL, NULL);
5457c8ce
FB		 3393 d->type = IDE_TYPE_PIIX3;
3394
34e538ae 3395 pci_conf = d->dev.config;
deb54399
AL		 3396 pci_config_set_vendor_id(pci_conf, PCI_VENDOR_ID_INTEL);
3397 pci_config_set_device_id(pci_conf, PCI_DEVICE_ID_INTEL_82371SB_1);
92510b8c 3398 pci_conf[0x09] = 0x80; // legacy ATA mode
173a543b 3399 pci_config_set_class(pci_conf, PCI_CLASS_STORAGE_IDE);
6407f373 3400 pci_conf[PCI_HEADER_TYPE] = PCI_HEADER_TYPE_NORMAL; // header_type
34e538ae 3401
a08d4367 3402 qemu_register_reset(piix3_reset, d);
e6a71ae3
TS		 3403 piix3_reset(d);
3404
28c2c264 3405 pci_register_bar((PCIDevice *)d, 4, 0x10,
98087450 3406 PCI_ADDRESS_SPACE_IO, bmdma_map);
34e538ae 3407
d537cf6c
PB		 3408 ide_init2(&d->ide_if[0], hd_table[0], hd_table[1], pic[14]);
3409 ide_init2(&d->ide_if[2], hd_table[2], hd_table[3], pic[15]);
34e538ae
FB		 3410 ide_init_ioport(&d->ide_if[0], 0x1f0, 0x3f6);
3411 ide_init_ioport(&d->ide_if[2], 0x170, 0x376);
c3d78997 3412
b0a7b120
AL		 3413 for (i = 0; i < 4; i++)
3414 if (hd_table[i])
3415 hd_table[i]->private = &d->dev;
3416
428c5705 3417 register_savevm("ide", 0, 2, pci_ide_save, pci_ide_load, d);
69b91039 3418}
1ade1de2 3419
afcc3cdf
TS		 3420/* hd_table must contain 4 block drivers */
3421/* NOTE: for the PIIX4, the IRQs and IOports are hardcoded */
3422void pci_piix4_ide_init(PCIBus *bus, BlockDriverState **hd_table, int devfn,
3423 qemu_irq *pic)
3424{
3425 PCIIDEState *d;
3426 uint8_t *pci_conf;
3427
3428 /* register a function 1 of PIIX4 */
3429 d = (PCIIDEState *)pci_register_device(bus, "PIIX4 IDE",
3430 sizeof(PCIIDEState),
3431 devfn,
3432 NULL, NULL);
3433 d->type = IDE_TYPE_PIIX4;
3434
3435 pci_conf = d->dev.config;
deb54399
AL		 3436 pci_config_set_vendor_id(pci_conf, PCI_VENDOR_ID_INTEL);
3437 pci_config_set_device_id(pci_conf, PCI_DEVICE_ID_INTEL_82371AB);
afcc3cdf 3438 pci_conf[0x09] = 0x80; // legacy ATA mode
173a543b 3439 pci_config_set_class(pci_conf, PCI_CLASS_STORAGE_IDE);
6407f373 3440 pci_conf[PCI_HEADER_TYPE] = PCI_HEADER_TYPE_NORMAL; // header_type
afcc3cdf 3441
a08d4367 3442 qemu_register_reset(piix3_reset, d);
afcc3cdf
TS		 3443 piix3_reset(d);
3444
28c2c264 3445 pci_register_bar((PCIDevice *)d, 4, 0x10,
afcc3cdf
TS		 3446 PCI_ADDRESS_SPACE_IO, bmdma_map);
3447
3448 ide_init2(&d->ide_if[0], hd_table[0], hd_table[1], pic[14]);
3449 ide_init2(&d->ide_if[2], hd_table[2], hd_table[3], pic[15]);
3450 ide_init_ioport(&d->ide_if[0], 0x1f0, 0x3f6);
3451 ide_init_ioport(&d->ide_if[2], 0x170, 0x376);
3452
428c5705 3453 register_savevm("ide", 0, 2, pci_ide_save, pci_ide_load, d);
afcc3cdf
TS		 3454}
3455
e3007e66 3456#if defined(TARGET_PPC)
1ade1de2
FB		 3457/***********************************************************/
3458/* MacIO based PowerPC IDE */
3459
e3007e66
AJ		 3460typedef struct MACIOIDEState {
3461 IDEState ide_if[2];
862c9280 3462 BlockDriverAIOCB *aiocb;
e3007e66
AJ		 3463} MACIOIDEState;
3464
862c9280 3465static void pmac_ide_atapi_transfer_cb(void *opaque, int ret)
e3007e66 3466{
862c9280 3467 DBDMA_io *io = opaque;
b42ec42d 3468 MACIOIDEState *m = io->opaque;
e3007e66 3469 IDEState *s = m->ide_if->cur_drive;
e3007e66 3470
862c9280
AJ		 3471 if (ret < 0) {
3472 m->aiocb = NULL;
3473 qemu_sglist_destroy(&s->sg);
3474 ide_atapi_io_error(s, ret);
3475 io->dma_end(opaque);
3476 return;
3477 }
e3007e66 3478
862c9280
AJ		 3479 if (s->io_buffer_size > 0) {
3480 m->aiocb = NULL;
3481 qemu_sglist_destroy(&s->sg);
e3007e66 3482
862c9280 3483 s->packet_transfer_size -= s->io_buffer_size;
e3007e66 3484
862c9280
AJ		 3485 s->io_buffer_index += s->io_buffer_size;
3486 s->lba += s->io_buffer_index >> 11;
3487 s->io_buffer_index &= 0x7ff;
3488 }
e3007e66 3489
862c9280
AJ		 3490 if (s->packet_transfer_size <= 0)
3491 ide_atapi_cmd_ok(s);
e3007e66 3492
862c9280
AJ		 3493 if (io->len == 0) {
3494 io->dma_end(opaque);
3495 return;
e3007e66 3496 }
b42ec42d 3497
862c9280 3498 /* launch next transfer */
b42ec42d 3499
862c9280
AJ		 3500 s->io_buffer_size = io->len;
3501
3502 qemu_sglist_init(&s->sg, io->len / TARGET_PAGE_SIZE + 1);
3503 qemu_sglist_add(&s->sg, io->addr, io->len);
3504 io->addr += io->len;
3505 io->len = 0;
3506
3507 m->aiocb = dma_bdrv_read(s->bs, &s->sg,
3508 (int64_t)(s->lba << 2) + (s->io_buffer_index >> 9),
3509 pmac_ide_atapi_transfer_cb, io);
3510 if (!m->aiocb) {
3511 qemu_sglist_destroy(&s->sg);
3512 /* Note: media not present is the most likely case */
3513 ide_atapi_cmd_error(s, SENSE_NOT_READY,
3514 ASC_MEDIUM_NOT_PRESENT);
3515 io->dma_end(opaque);
3516 return;
e3007e66 3517 }
e3007e66
AJ		 3518}
3519
862c9280 3520static void pmac_ide_transfer_cb(void *opaque, int ret)
e3007e66 3521{
862c9280 3522 DBDMA_io *io = opaque;
b42ec42d 3523 MACIOIDEState *m = io->opaque;
e3007e66 3524 IDEState *s = m->ide_if->cur_drive;
862c9280 3525 int n;
e3007e66 3526 int64_t sector_num;
e3007e66 3527
862c9280
AJ		 3528 if (ret < 0) {
3529 m->aiocb = NULL;
3530 qemu_sglist_destroy(&s->sg);
3531 ide_dma_error(s);
3532 io->dma_end(io);
b42ec42d
AJ		 3533 return;
3534 }
e3007e66 3535
862c9280
AJ		 3536 sector_num = ide_get_sector(s);
3537 if (s->io_buffer_size > 0) {
3538 m->aiocb = NULL;
3539 qemu_sglist_destroy(&s->sg);
3540 n = (s->io_buffer_size + 0x1ff) >> 9;
3541 sector_num += n;
3542 ide_set_sector(s, sector_num);
3543 s->nsector -= n;
3544 }
3545
3546 /* end of transfer ? */
3547 if (s->nsector == 0) {
3548 s->status = READY_STAT | SEEK_STAT;
3549 ide_set_irq(s);
3550 }
e3007e66 3551
862c9280 3552 /* end of DMA ? */
e3007e66 3553
862c9280
AJ		 3554 if (io->len == 0) {
3555 io->dma_end(io);
3556 return;
3557 }
e3007e66 3558
862c9280 3559 /* launch next transfer */
e3007e66 3560
862c9280
AJ		 3561 s->io_buffer_index = 0;
3562 s->io_buffer_size = io->len;
e3007e66 3563
862c9280
AJ		 3564 qemu_sglist_init(&s->sg, io->len / TARGET_PAGE_SIZE + 1);
3565 qemu_sglist_add(&s->sg, io->addr, io->len);
3566 io->addr += io->len;
3567 io->len = 0;
e3007e66 3568
862c9280
AJ		 3569 if (s->is_read)
3570 m->aiocb = dma_bdrv_read(s->bs, &s->sg, sector_num,
3571 pmac_ide_transfer_cb, io);
3572 else
3573 m->aiocb = dma_bdrv_write(s->bs, &s->sg, sector_num,
3574 pmac_ide_transfer_cb, io);
3575 if (!m->aiocb)
3576 pmac_ide_transfer_cb(io, -1);
3577}
e3007e66 3578
862c9280
AJ		 3579static void pmac_ide_transfer(DBDMA_io *io)
3580{
3581 MACIOIDEState *m = io->opaque;
3582 IDEState *s = m->ide_if->cur_drive;
b42ec42d 3583
862c9280
AJ		 3584 s->io_buffer_size = 0;
3585 if (s->is_cdrom) {
3586 pmac_ide_atapi_transfer_cb(io, 0);
3587 return;
e3007e66
AJ		 3588 }
3589
862c9280
AJ		 3590 pmac_ide_transfer_cb(io, 0);
3591}
3592
3593static void pmac_ide_flush(DBDMA_io *io)
3594{
3595 MACIOIDEState *m = io->opaque;
3596
3597 if (m->aiocb)
3598 qemu_aio_flush();
e3007e66
AJ		 3599}
3600
1ade1de2
FB		 3601/* PowerMac IDE memory IO */
3602static void pmac_ide_writeb (void *opaque,
3603 target_phys_addr_t addr, uint32_t val)
3604{
e3007e66
AJ		 3605 MACIOIDEState *d = opaque;
3606
5fafdf24 3607 addr = (addr & 0xFFF) >> 4;
1ade1de2
FB		 3608 switch (addr) {
3609 case 1 ... 7:
e3007e66 3610 ide_ioport_write(d->ide_if, addr, val);
1ade1de2
FB		 3611 break;
3612 case 8:
3613 case 22:
e3007e66 3614 ide_cmd_write(d->ide_if, 0, val);
1ade1de2
FB		 3615 break;
3616 default:
3617 break;
3618 }
3619}
3620
3621static uint32_t pmac_ide_readb (void *opaque,target_phys_addr_t addr)
3622{
3623 uint8_t retval;
e3007e66 3624 MACIOIDEState *d = opaque;
1ade1de2
FB		 3625
3626 addr = (addr & 0xFFF) >> 4;
3627 switch (addr) {
3628 case 1 ... 7:
e3007e66 3629 retval = ide_ioport_read(d->ide_if, addr);
1ade1de2
FB		 3630 break;
3631 case 8:
3632 case 22:
e3007e66 3633 retval = ide_status_read(d->ide_if, 0);
1ade1de2
FB		 3634 break;
3635 default:
3636 retval = 0xFF;
3637 break;
3638 }
3639 return retval;
3640}
3641
3642static void pmac_ide_writew (void *opaque,
3643 target_phys_addr_t addr, uint32_t val)
3644{
e3007e66
AJ		 3645 MACIOIDEState *d = opaque;
3646
5fafdf24 3647 addr = (addr & 0xFFF) >> 4;
1ade1de2
FB		 3648#ifdef TARGET_WORDS_BIGENDIAN
3649 val = bswap16(val);
3650#endif
3651 if (addr == 0) {
e3007e66 3652 ide_data_writew(d->ide_if, 0, val);
1ade1de2
FB		 3653 }
3654}
3655
3656static uint32_t pmac_ide_readw (void *opaque,target_phys_addr_t addr)
3657{
3658 uint16_t retval;
e3007e66 3659 MACIOIDEState *d = opaque;
1ade1de2 3660
5fafdf24 3661 addr = (addr & 0xFFF) >> 4;
1ade1de2 3662 if (addr == 0) {
e3007e66 3663 retval = ide_data_readw(d->ide_if, 0);
1ade1de2
FB		 3664 } else {
3665 retval = 0xFFFF;
3666 }
3667#ifdef TARGET_WORDS_BIGENDIAN
3668 retval = bswap16(retval);
3669#endif
3670 return retval;
3671}
3672
3673static void pmac_ide_writel (void *opaque,
3674 target_phys_addr_t addr, uint32_t val)
3675{
e3007e66
AJ		 3676 MACIOIDEState *d = opaque;
3677
5fafdf24 3678 addr = (addr & 0xFFF) >> 4;
1ade1de2
FB		 3679#ifdef TARGET_WORDS_BIGENDIAN
3680 val = bswap32(val);
3681#endif
3682 if (addr == 0) {
e3007e66 3683 ide_data_writel(d->ide_if, 0, val);
1ade1de2
FB		 3684 }
3685}
3686
3687static uint32_t pmac_ide_readl (void *opaque,target_phys_addr_t addr)
3688{
3689 uint32_t retval;
e3007e66 3690 MACIOIDEState *d = opaque;
1ade1de2 3691
5fafdf24 3692 addr = (addr & 0xFFF) >> 4;
1ade1de2 3693 if (addr == 0) {
e3007e66 3694 retval = ide_data_readl(d->ide_if, 0);
1ade1de2
FB		 3695 } else {
3696 retval = 0xFFFFFFFF;
3697 }
3698#ifdef TARGET_WORDS_BIGENDIAN
3699 retval = bswap32(retval);
3700#endif
3701 return retval;
3702}
3703
3704static CPUWriteMemoryFunc *pmac_ide_write[] = {
3705 pmac_ide_writeb,
3706 pmac_ide_writew,
3707 pmac_ide_writel,
3708};
3709
3710static CPUReadMemoryFunc *pmac_ide_read[] = {
3711 pmac_ide_readb,
3712 pmac_ide_readw,
3713 pmac_ide_readl,
3714};
3715
9b64997f
BS		 3716static void pmac_ide_save(QEMUFile *f, void *opaque)
3717{
e3007e66
AJ		 3718 MACIOIDEState *d = opaque;
3719 IDEState *s = d->ide_if;
9b64997f
BS		 3720 uint8_t drive1_selected;
3721 unsigned int i;
3722
3723 /* per IDE interface data */
3724 qemu_put_8s(f, &s->cmd);
3725 drive1_selected = (s->cur_drive != s);
3726 qemu_put_8s(f, &drive1_selected);
3727
3728 /* per IDE drive data */
3729 for(i = 0; i < 2; i++) {
3730 ide_save(f, &s[i]);
3731 }
3732}
3733
3734static int pmac_ide_load(QEMUFile *f, void *opaque, int version_id)
3735{
e3007e66
AJ		 3736 MACIOIDEState *d = opaque;
3737 IDEState *s = d->ide_if;
9b64997f
BS		 3738 uint8_t drive1_selected;
3739 unsigned int i;
3740
3741 if (version_id != 1)
3742 return -EINVAL;
3743
3744 /* per IDE interface data */
3745 qemu_get_8s(f, &s->cmd);
3746 qemu_get_8s(f, &drive1_selected);
3747 s->cur_drive = &s[(drive1_selected != 0)];
3748
3749 /* per IDE drive data */
3750 for(i = 0; i < 2; i++) {
3751 ide_load(f, &s[i]);
3752 }
3753 return 0;
3754}
3755
6e6b7363
BS		 3756static void pmac_ide_reset(void *opaque)
3757{
e3007e66
AJ		 3758 MACIOIDEState *d = opaque;
3759 IDEState *s = d->ide_if;
6e6b7363
BS		 3760
3761 ide_reset(&s[0]);
3762 ide_reset(&s[1]);
3763}
3764
1ade1de2
FB		 3765/* hd_table must contain 4 block drivers */
3766/* PowerMac uses memory mapped registers, not I/O. Return the memory
3767 I/O index to access the ide. */
e3007e66
AJ		 3768int pmac_ide_init (BlockDriverState **hd_table, qemu_irq irq,
3769 void *dbdma, int channel, qemu_irq dma_irq)
1ade1de2 3770{
e3007e66 3771 MACIOIDEState *d;
1ade1de2
FB		 3772 int pmac_ide_memory;
3773
e3007e66
AJ		 3774 d = qemu_mallocz(sizeof(MACIOIDEState));
3775 ide_init2(d->ide_if, hd_table[0], hd_table[1], irq);
3776
b42ec42d 3777 if (dbdma)
862c9280 3778 DBDMA_register_channel(dbdma, channel, dma_irq, pmac_ide_transfer, pmac_ide_flush, d);
3b46e624 3779
1eed09cb 3780 pmac_ide_memory = cpu_register_io_memory(pmac_ide_read,
e3007e66
AJ		 3781 pmac_ide_write, d);
3782 register_savevm("ide", 0, 1, pmac_ide_save, pmac_ide_load, d);
a08d4367 3783 qemu_register_reset(pmac_ide_reset, d);
e3007e66
AJ		 3784 pmac_ide_reset(d);
3785
1ade1de2
FB		 3786 return pmac_ide_memory;
3787}
e3007e66 3788#endif /* TARGET_PPC */
201a51fc 3789
a4a771c0
AZ		 3790/***********************************************************/
3791/* MMIO based ide port
3792 * This emulates IDE device connected directly to the CPU bus without
3793 * dedicated ide controller, which is often seen on embedded boards.
3794 */
3795
3796typedef struct {
3797 void *dev;
3798 int shift;
3799} MMIOState;
3800
3801static uint32_t mmio_ide_read (void *opaque, target_phys_addr_t addr)
3802{
3803 MMIOState *s = (MMIOState*)opaque;
3804 IDEState *ide = (IDEState*)s->dev;
3805 addr >>= s->shift;
3806 if (addr & 7)
3807 return ide_ioport_read(ide, addr);
3808 else
3809 return ide_data_readw(ide, 0);
3810}
3811
3812static void mmio_ide_write (void *opaque, target_phys_addr_t addr,
3813 uint32_t val)
3814{
3815 MMIOState *s = (MMIOState*)opaque;
3816 IDEState *ide = (IDEState*)s->dev;
3817 addr >>= s->shift;
3818 if (addr & 7)
3819 ide_ioport_write(ide, addr, val);
3820 else
3821 ide_data_writew(ide, 0, val);
3822}
3823
3824static CPUReadMemoryFunc *mmio_ide_reads[] = {
3825 mmio_ide_read,
3826 mmio_ide_read,
3827 mmio_ide_read,
3828};
3829
3830static CPUWriteMemoryFunc *mmio_ide_writes[] = {
3831 mmio_ide_write,
3832 mmio_ide_write,
3833 mmio_ide_write,
3834};
3835
3836static uint32_t mmio_ide_status_read (void *opaque, target_phys_addr_t addr)
3837{
3838 MMIOState *s= (MMIOState*)opaque;
3839 IDEState *ide = (IDEState*)s->dev;
3840 return ide_status_read(ide, 0);
3841}
3842
3843static void mmio_ide_cmd_write (void *opaque, target_phys_addr_t addr,
3844 uint32_t val)
3845{
3846 MMIOState *s = (MMIOState*)opaque;
3847 IDEState *ide = (IDEState*)s->dev;
3848 ide_cmd_write(ide, 0, val);
3849}
3850
3851static CPUReadMemoryFunc *mmio_ide_status[] = {
3852 mmio_ide_status_read,
3853 mmio_ide_status_read,
3854 mmio_ide_status_read,
3855};
3856
3857static CPUWriteMemoryFunc *mmio_ide_cmd[] = {
3858 mmio_ide_cmd_write,
3859 mmio_ide_cmd_write,
3860 mmio_ide_cmd_write,
3861};
3862
3863void mmio_ide_init (target_phys_addr_t membase, target_phys_addr_t membase2,
3864 qemu_irq irq, int shift,
3865 BlockDriverState *hd0, BlockDriverState *hd1)
3866{
3867 MMIOState *s = qemu_mallocz(sizeof(MMIOState));
3868 IDEState *ide = qemu_mallocz(sizeof(IDEState) * 2);
3869 int mem1, mem2;
3870
3871 ide_init2(ide, hd0, hd1, irq);
3872
3873 s->dev = ide;
3874 s->shift = shift;
3875
1eed09cb
AK		 3876 mem1 = cpu_register_io_memory(mmio_ide_reads, mmio_ide_writes, s);
3877 mem2 = cpu_register_io_memory(mmio_ide_status, mmio_ide_cmd, s);
a4a771c0
AZ		 3878 cpu_register_physical_memory(membase, 16 << shift, mem1);
3879 cpu_register_physical_memory(membase2, 2 << shift, mem2);
3880}
3881
201a51fc
AZ		 3882/***********************************************************/
3883/* CF-ATA Microdrive */
3884
3885#define METADATA_SIZE 0x20
3886
3887/* DSCM-1XXXX Microdrive hard disk with CF+ II / PCMCIA interface. */
bc24a225 3888typedef struct {
201a51fc 3889 IDEState ide[2];
bc24a225 3890 PCMCIACardState card;
201a51fc
AZ		 3891 uint32_t attr_base;
3892 uint32_t io_base;
3893
3894 /* Card state */
3895 uint8_t opt;
3896 uint8_t stat;
3897 uint8_t pins;
3898
3899 uint8_t ctrl;
3900 uint16_t io;
3901 int cycle;
bc24a225 3902} MicroDriveState;
201a51fc
AZ		 3903
3904/* Register bitfields */
3905enum md_opt {
3906 OPT_MODE_MMAP = 0,
3907 OPT_MODE_IOMAP16 = 1,
3908 OPT_MODE_IOMAP1 = 2,
3909 OPT_MODE_IOMAP2 = 3,
3910 OPT_MODE = 0x3f,
3911 OPT_LEVIREQ = 0x40,
3912 OPT_SRESET = 0x80,
3913};
3914enum md_cstat {
3915 STAT_INT = 0x02,
3916 STAT_PWRDWN = 0x04,
3917 STAT_XE = 0x10,
3918 STAT_IOIS8 = 0x20,
3919 STAT_SIGCHG = 0x40,
3920 STAT_CHANGED = 0x80,
3921};
3922enum md_pins {
3923 PINS_MRDY = 0x02,
3924 PINS_CRDY = 0x20,
3925};
3926enum md_ctrl {
3927 CTRL_IEN = 0x02,
3928 CTRL_SRST = 0x04,
3929};
3930
bc24a225 3931static inline void md_interrupt_update(MicroDriveState *s)
201a51fc
AZ		 3932{
3933 if (!s->card.slot)
3934 return;
3935
3936 qemu_set_irq(s->card.slot->irq,
3937 !(s->stat & STAT_INT) && /* Inverted */
3938 !(s->ctrl & (CTRL_IEN | CTRL_SRST)) &&
3939 !(s->opt & OPT_SRESET));
3940}
3941
3942static void md_set_irq(void *opaque, int irq, int level)
3943{
bc24a225 3944 MicroDriveState *s = (MicroDriveState *) opaque;
201a51fc
AZ		 3945 if (level)
3946 s->stat |= STAT_INT;
3947 else
3948 s->stat &= ~STAT_INT;
3949
3950 md_interrupt_update(s);
3951}
3952
bc24a225 3953static void md_reset(MicroDriveState *s)
201a51fc
AZ		 3954{
3955 s->opt = OPT_MODE_MMAP;
3956 s->stat = 0;
3957 s->pins = 0;
3958 s->cycle = 0;
3959 s->ctrl = 0;
3960 ide_reset(s->ide);
3961}
3962
9e315fa9 3963static uint8_t md_attr_read(void *opaque, uint32_t at)
201a51fc 3964{
bc24a225 3965 MicroDriveState *s = (MicroDriveState *) opaque;
201a51fc
AZ		 3966 if (at < s->attr_base) {
3967 if (at < s->card.cis_len)
3968 return s->card.cis[at];
3969 else
3970 return 0x00;
3971 }
3972
3973 at -= s->attr_base;
3974
3975 switch (at) {
3976 case 0x00: /* Configuration Option Register */
3977 return s->opt;
3978 case 0x02: /* Card Configuration Status Register */
3979 if (s->ctrl & CTRL_IEN)
3980 return s->stat & ~STAT_INT;
3981 else
3982 return s->stat;
3983 case 0x04: /* Pin Replacement Register */
3984 return (s->pins & PINS_CRDY) | 0x0c;
3985 case 0x06: /* Socket and Copy Register */
3986 return 0x00;
3987#ifdef VERBOSE
3988 default:
3989 printf("%s: Bad attribute space register %02x\n", __FUNCTION__, at);
3990#endif
3991 }
3992
3993 return 0;
3994}
3995
9e315fa9 3996static void md_attr_write(void *opaque, uint32_t at, uint8_t value)
201a51fc 3997{
bc24a225 3998 MicroDriveState *s = (MicroDriveState *) opaque;
201a51fc
AZ		 3999 at -= s->attr_base;
4000
4001 switch (at) {
4002 case 0x00: /* Configuration Option Register */
4003 s->opt = value & 0xcf;
4004 if (value & OPT_SRESET)
4005 md_reset(s);
4006 md_interrupt_update(s);
4007 break;
4008 case 0x02: /* Card Configuration Status Register */
4009 if ((s->stat ^ value) & STAT_PWRDWN)
4010 s->pins |= PINS_CRDY;
4011 s->stat &= 0x82;
4012 s->stat |= value & 0x74;
4013 md_interrupt_update(s);
4014 /* Word 170 in Identify Device must be equal to STAT_XE */
4015 break;
4016 case 0x04: /* Pin Replacement Register */
4017 s->pins &= PINS_CRDY;
4018 s->pins |= value & PINS_MRDY;
4019 break;
4020 case 0x06: /* Socket and Copy Register */
4021 break;
4022 default:
4023 printf("%s: Bad attribute space register %02x\n", __FUNCTION__, at);
4024 }
4025}
4026
9e315fa9 4027static uint16_t md_common_read(void *opaque, uint32_t at)
201a51fc 4028{
bc24a225 4029 MicroDriveState *s = (MicroDriveState *) opaque;
201a51fc
AZ		 4030 uint16_t ret;
4031 at -= s->io_base;
4032
4033 switch (s->opt & OPT_MODE) {
4034 case OPT_MODE_MMAP:
4035 if ((at & ~0x3ff) == 0x400)
4036 at = 0;
4037 break;
4038 case OPT_MODE_IOMAP16:
4039 at &= 0xf;
4040 break;
4041 case OPT_MODE_IOMAP1:
4042 if ((at & ~0xf) == 0x3f0)
4043 at -= 0x3e8;
4044 else if ((at & ~0xf) == 0x1f0)
4045 at -= 0x1f0;
4046 break;
4047 case OPT_MODE_IOMAP2:
4048 if ((at & ~0xf) == 0x370)
4049 at -= 0x368;
4050 else if ((at & ~0xf) == 0x170)
4051 at -= 0x170;
4052 }
4053
4054 switch (at) {
4055 case 0x0: /* Even RD Data */
4056 case 0x8:
4057 return ide_data_readw(s->ide, 0);
4058
4059 /* TODO: 8-bit accesses */
4060 if (s->cycle)
4061 ret = s->io >> 8;
4062 else {
4063 s->io = ide_data_readw(s->ide, 0);
4064 ret = s->io & 0xff;
4065 }
4066 s->cycle = !s->cycle;
4067 return ret;
4068 case 0x9: /* Odd RD Data */
4069 return s->io >> 8;
4070 case 0xd: /* Error */
4071 return ide_ioport_read(s->ide, 0x1);
4072 case 0xe: /* Alternate Status */
4073 if (s->ide->cur_drive->bs)
4074 return s->ide->cur_drive->status;
4075 else
4076 return 0;
4077 case 0xf: /* Device Address */
4078 return 0xc2 | ((~s->ide->select << 2) & 0x3c);
4079 default:
4080 return ide_ioport_read(s->ide, at);
4081 }
4082
4083 return 0;
4084}
4085
9e315fa9 4086static void md_common_write(void *opaque, uint32_t at, uint16_t value)
201a51fc 4087{
bc24a225 4088 MicroDriveState *s = (MicroDriveState *) opaque;
201a51fc
AZ		 4089 at -= s->io_base;
4090
4091 switch (s->opt & OPT_MODE) {
4092 case OPT_MODE_MMAP:
4093 if ((at & ~0x3ff) == 0x400)
4094 at = 0;
4095 break;
4096 case OPT_MODE_IOMAP16:
4097 at &= 0xf;
4098 break;
4099 case OPT_MODE_IOMAP1:
4100 if ((at & ~0xf) == 0x3f0)
4101 at -= 0x3e8;
4102 else if ((at & ~0xf) == 0x1f0)
4103 at -= 0x1f0;
4104 break;
4105 case OPT_MODE_IOMAP2:
4106 if ((at & ~0xf) == 0x370)
4107 at -= 0x368;
4108 else if ((at & ~0xf) == 0x170)
4109 at -= 0x170;
4110 }
4111
4112 switch (at) {
4113 case 0x0: /* Even WR Data */
4114 case 0x8:
4115 ide_data_writew(s->ide, 0, value);
4116 break;
4117
4118 /* TODO: 8-bit accesses */
4119 if (s->cycle)
4120 ide_data_writew(s->ide, 0, s->io | (value << 8));
4121 else
4122 s->io = value & 0xff;
4123 s->cycle = !s->cycle;
4124 break;
4125 case 0x9:
4126 s->io = value & 0xff;
4127 s->cycle = !s->cycle;
4128 break;
4129 case 0xd: /* Features */
4130 ide_ioport_write(s->ide, 0x1, value);
4131 break;
4132 case 0xe: /* Device Control */
4133 s->ctrl = value;
4134 if (value & CTRL_SRST)
4135 md_reset(s);
4136 md_interrupt_update(s);
4137 break;
4138 default:
4139 if (s->stat & STAT_PWRDWN) {
4140 s->pins |= PINS_CRDY;
4141 s->stat &= ~STAT_PWRDWN;
4142 }
4143 ide_ioport_write(s->ide, at, value);
4144 }
4145}
4146
aa941b94
AZ		 4147static void md_save(QEMUFile *f, void *opaque)
4148{
bc24a225 4149 MicroDriveState *s = (MicroDriveState *) opaque;
aa941b94
AZ		 4150 int i;
4151 uint8_t drive1_selected;
4152
4153 qemu_put_8s(f, &s->opt);
4154 qemu_put_8s(f, &s->stat);
4155 qemu_put_8s(f, &s->pins);
4156
4157 qemu_put_8s(f, &s->ctrl);
4158 qemu_put_be16s(f, &s->io);
4159 qemu_put_byte(f, s->cycle);
4160
4161 drive1_selected = (s->ide->cur_drive != s->ide);
4162 qemu_put_8s(f, &s->ide->cmd);
4163 qemu_put_8s(f, &drive1_selected);
4164
4165 for (i = 0; i < 2; i ++)
4166 ide_save(f, &s->ide[i]);
4167}
4168
4169static int md_load(QEMUFile *f, void *opaque, int version_id)
4170{
bc24a225 4171 MicroDriveState *s = (MicroDriveState *) opaque;
aa941b94
AZ		 4172 int i;
4173 uint8_t drive1_selected;
4174
4175 qemu_get_8s(f, &s->opt);
4176 qemu_get_8s(f, &s->stat);
4177 qemu_get_8s(f, &s->pins);
4178
4179 qemu_get_8s(f, &s->ctrl);
4180 qemu_get_be16s(f, &s->io);
4181 s->cycle = qemu_get_byte(f);
4182
4183 qemu_get_8s(f, &s->ide->cmd);
4184 qemu_get_8s(f, &drive1_selected);
4185 s->ide->cur_drive = &s->ide[(drive1_selected != 0)];
4186
4187 for (i = 0; i < 2; i ++)
4188 ide_load(f, &s->ide[i]);
4189
4190 return 0;
4191}
4192
201a51fc
AZ		 4193static const uint8_t dscm1xxxx_cis[0x14a] = {
4194 [0x000] = CISTPL_DEVICE, /* 5V Device Information */
4195 [0x002] = 0x03, /* Tuple length = 4 bytes */
4196 [0x004] = 0xdb, /* ID: DTYPE_FUNCSPEC, non WP, DSPEED_150NS */
4197 [0x006] = 0x01, /* Size = 2K bytes */
4198 [0x008] = CISTPL_ENDMARK,
4199
4200 [0x00a] = CISTPL_DEVICE_OC, /* Additional Device Information */
4201 [0x00c] = 0x04, /* Tuple length = 4 byest */
4202 [0x00e] = 0x03, /* Conditions: Ext = 0, Vcc 3.3V, MWAIT = 1 */
4203 [0x010] = 0xdb, /* ID: DTYPE_FUNCSPEC, non WP, DSPEED_150NS */
4204 [0x012] = 0x01, /* Size = 2K bytes */
4205 [0x014] = CISTPL_ENDMARK,
4206
4207 [0x016] = CISTPL_JEDEC_C, /* JEDEC ID */
4208 [0x018] = 0x02, /* Tuple length = 2 bytes */
4209 [0x01a] = 0xdf, /* PC Card ATA with no Vpp required */
4210 [0x01c] = 0x01,
4211
4212 [0x01e] = CISTPL_MANFID, /* Manufacture ID */
4213 [0x020] = 0x04, /* Tuple length = 4 bytes */
4214 [0x022] = 0xa4, /* TPLMID_MANF = 00a4 (IBM) */
4215 [0x024] = 0x00,
4216 [0x026] = 0x00, /* PLMID_CARD = 0000 */
4217 [0x028] = 0x00,
4218
4219 [0x02a] = CISTPL_VERS_1, /* Level 1 Version */
4220 [0x02c] = 0x12, /* Tuple length = 23 bytes */
4221 [0x02e] = 0x04, /* Major Version = JEIDA 4.2 / PCMCIA 2.1 */
4222 [0x030] = 0x01, /* Minor Version = 1 */
4223 [0x032] = 'I',
4224 [0x034] = 'B',
4225 [0x036] = 'M',
4226 [0x038] = 0x00,
4227 [0x03a] = 'm',
4228 [0x03c] = 'i',
4229 [0x03e] = 'c',
4230 [0x040] = 'r',
4231 [0x042] = 'o',
4232 [0x044] = 'd',
4233 [0x046] = 'r',
4234 [0x048] = 'i',
4235 [0x04a] = 'v',
4236 [0x04c] = 'e',
4237 [0x04e] = 0x00,
4238 [0x050] = CISTPL_ENDMARK,
4239
4240 [0x052] = CISTPL_FUNCID, /* Function ID */
4241 [0x054] = 0x02, /* Tuple length = 2 bytes */
4242 [0x056] = 0x04, /* TPLFID_FUNCTION = Fixed Disk */
4243 [0x058] = 0x01, /* TPLFID_SYSINIT: POST = 1, ROM = 0 */
4244
4245 [0x05a] = CISTPL_FUNCE, /* Function Extension */
4246 [0x05c] = 0x02, /* Tuple length = 2 bytes */
4247 [0x05e] = 0x01, /* TPLFE_TYPE = Disk Device Interface */
4248 [0x060] = 0x01, /* TPLFE_DATA = PC Card ATA Interface */
4249
4250 [0x062] = CISTPL_FUNCE, /* Function Extension */
4251 [0x064] = 0x03, /* Tuple length = 3 bytes */
4252 [0x066] = 0x02, /* TPLFE_TYPE = Basic PC Card ATA Interface */
4253 [0x068] = 0x08, /* TPLFE_DATA: Rotating, Unique, Single */
4254 [0x06a] = 0x0f, /* TPLFE_DATA: Sleep, Standby, Idle, Auto */
4255
4256 [0x06c] = CISTPL_CONFIG, /* Configuration */
4257 [0x06e] = 0x05, /* Tuple length = 5 bytes */
4258 [0x070] = 0x01, /* TPCC_RASZ = 2 bytes, TPCC_RMSZ = 1 byte */
4259 [0x072] = 0x07, /* TPCC_LAST = 7 */
4260 [0x074] = 0x00, /* TPCC_RADR = 0200 */
4261 [0x076] = 0x02,
4262 [0x078] = 0x0f, /* TPCC_RMSK = 200, 202, 204, 206 */
4263
4264 [0x07a] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
4265 [0x07c] = 0x0b, /* Tuple length = 11 bytes */
4266 [0x07e] = 0xc0, /* TPCE_INDX = Memory Mode, Default, Iface */
4267 [0x080] = 0xc0, /* TPCE_IF = Memory, no BVDs, no WP, READY */
4268 [0x082] = 0xa1, /* TPCE_FS = Vcc only, no I/O, Memory, Misc */
4269 [0x084] = 0x27, /* NomV = 1, MinV = 1, MaxV = 1, Peakl = 1 */
4270 [0x086] = 0x55, /* NomV: 5.0 V */
4271 [0x088] = 0x4d, /* MinV: 4.5 V */
4272 [0x08a] = 0x5d, /* MaxV: 5.5 V */
4273 [0x08c] = 0x4e, /* Peakl: 450 mA */
4274 [0x08e] = 0x08, /* TPCE_MS = 1 window, 1 byte, Host address */
4275 [0x090] = 0x00, /* Window descriptor: Window length = 0 */
4276 [0x092] = 0x20, /* TPCE_MI: support power down mode, RW */
4277
4278 [0x094] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
4279 [0x096] = 0x06, /* Tuple length = 6 bytes */
4280 [0x098] = 0x00, /* TPCE_INDX = Memory Mode, no Default */
4281 [0x09a] = 0x01, /* TPCE_FS = Vcc only, no I/O, no Memory */
4282 [0x09c] = 0x21, /* NomV = 1, MinV = 0, MaxV = 0, Peakl = 1 */
4283 [0x09e] = 0xb5, /* NomV: 3.3 V */
4284 [0x0a0] = 0x1e,
4285 [0x0a2] = 0x3e, /* Peakl: 350 mA */
4286
4287 [0x0a4] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
4288 [0x0a6] = 0x0d, /* Tuple length = 13 bytes */
4289 [0x0a8] = 0xc1, /* TPCE_INDX = I/O and Memory Mode, Default */
4290 [0x0aa] = 0x41, /* TPCE_IF = I/O and Memory, no BVD, no WP */
4291 [0x0ac] = 0x99, /* TPCE_FS = Vcc only, I/O, Interrupt, Misc */
4292 [0x0ae] = 0x27, /* NomV = 1, MinV = 1, MaxV = 1, Peakl = 1 */
4293 [0x0b0] = 0x55, /* NomV: 5.0 V */
4294 [0x0b2] = 0x4d, /* MinV: 4.5 V */
4295 [0x0b4] = 0x5d, /* MaxV: 5.5 V */
4296 [0x0b6] = 0x4e, /* Peakl: 450 mA */
4297 [0x0b8] = 0x64, /* TPCE_IO = 16-byte boundary, 16/8 accesses */
4298 [0x0ba] = 0xf0, /* TPCE_IR = MASK, Level, Pulse, Share */
4299 [0x0bc] = 0xff, /* IRQ0..IRQ7 supported */
4300 [0x0be] = 0xff, /* IRQ8..IRQ15 supported */
4301 [0x0c0] = 0x20, /* TPCE_MI = support power down mode */
4302
4303 [0x0c2] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
4304 [0x0c4] = 0x06, /* Tuple length = 6 bytes */
4305 [0x0c6] = 0x01, /* TPCE_INDX = I/O and Memory Mode */
4306 [0x0c8] = 0x01, /* TPCE_FS = Vcc only, no I/O, no Memory */
4307 [0x0ca] = 0x21, /* NomV = 1, MinV = 0, MaxV = 0, Peakl = 1 */
4308 [0x0cc] = 0xb5, /* NomV: 3.3 V */
4309 [0x0ce] = 0x1e,
4310 [0x0d0] = 0x3e, /* Peakl: 350 mA */
4311
4312 [0x0d2] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
4313 [0x0d4] = 0x12, /* Tuple length = 18 bytes */
4314 [0x0d6] = 0xc2, /* TPCE_INDX = I/O Primary Mode */
4315 [0x0d8] = 0x41, /* TPCE_IF = I/O and Memory, no BVD, no WP */
4316 [0x0da] = 0x99, /* TPCE_FS = Vcc only, I/O, Interrupt, Misc */
4317 [0x0dc] = 0x27, /* NomV = 1, MinV = 1, MaxV = 1, Peakl = 1 */
4318 [0x0de] = 0x55, /* NomV: 5.0 V */
4319 [0x0e0] = 0x4d, /* MinV: 4.5 V */
4320 [0x0e2] = 0x5d, /* MaxV: 5.5 V */
4321 [0x0e4] = 0x4e, /* Peakl: 450 mA */
4322 [0x0e6] = 0xea, /* TPCE_IO = 1K boundary, 16/8 access, Range */
4323 [0x0e8] = 0x61, /* Range: 2 fields, 2 bytes addr, 1 byte len */
4324 [0x0ea] = 0xf0, /* Field 1 address = 0x01f0 */
4325 [0x0ec] = 0x01,
4326 [0x0ee] = 0x07, /* Address block length = 8 */
4327 [0x0f0] = 0xf6, /* Field 2 address = 0x03f6 */
4328 [0x0f2] = 0x03,
4329 [0x0f4] = 0x01, /* Address block length = 2 */
4330 [0x0f6] = 0xee, /* TPCE_IR = IRQ E, Level, Pulse, Share */
4331 [0x0f8] = 0x20, /* TPCE_MI = support power down mode */
4332
4333 [0x0fa] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
4334 [0x0fc] = 0x06, /* Tuple length = 6 bytes */
4335 [0x0fe] = 0x02, /* TPCE_INDX = I/O Primary Mode, no Default */
4336 [0x100] = 0x01, /* TPCE_FS = Vcc only, no I/O, no Memory */
4337 [0x102] = 0x21, /* NomV = 1, MinV = 0, MaxV = 0, Peakl = 1 */
4338 [0x104] = 0xb5, /* NomV: 3.3 V */
4339 [0x106] = 0x1e,
4340 [0x108] = 0x3e, /* Peakl: 350 mA */
4341
4342 [0x10a] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
4343 [0x10c] = 0x12, /* Tuple length = 18 bytes */
4344 [0x10e] = 0xc3, /* TPCE_INDX = I/O Secondary Mode, Default */
4345 [0x110] = 0x41, /* TPCE_IF = I/O and Memory, no BVD, no WP */
4346 [0x112] = 0x99, /* TPCE_FS = Vcc only, I/O, Interrupt, Misc */
4347 [0x114] = 0x27, /* NomV = 1, MinV = 1, MaxV = 1, Peakl = 1 */
4348 [0x116] = 0x55, /* NomV: 5.0 V */
4349 [0x118] = 0x4d, /* MinV: 4.5 V */
4350 [0x11a] = 0x5d, /* MaxV: 5.5 V */
4351 [0x11c] = 0x4e, /* Peakl: 450 mA */
4352 [0x11e] = 0xea, /* TPCE_IO = 1K boundary, 16/8 access, Range */
4353 [0x120] = 0x61, /* Range: 2 fields, 2 byte addr, 1 byte len */
4354 [0x122] = 0x70, /* Field 1 address = 0x0170 */
4355 [0x124] = 0x01,
4356 [0x126] = 0x07, /* Address block length = 8 */
4357 [0x128] = 0x76, /* Field 2 address = 0x0376 */
4358 [0x12a] = 0x03,
4359 [0x12c] = 0x01, /* Address block length = 2 */
4360 [0x12e] = 0xee, /* TPCE_IR = IRQ E, Level, Pulse, Share */
4361 [0x130] = 0x20, /* TPCE_MI = support power down mode */
4362
4363 [0x132] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
4364 [0x134] = 0x06, /* Tuple length = 6 bytes */
4365 [0x136] = 0x03, /* TPCE_INDX = I/O Secondary Mode */
4366 [0x138] = 0x01, /* TPCE_FS = Vcc only, no I/O, no Memory */
4367 [0x13a] = 0x21, /* NomV = 1, MinV = 0, MaxV = 0, Peakl = 1 */
4368 [0x13c] = 0xb5, /* NomV: 3.3 V */
4369 [0x13e] = 0x1e,
4370 [0x140] = 0x3e, /* Peakl: 350 mA */
4371
4372 [0x142] = CISTPL_NO_LINK, /* No Link */
4373 [0x144] = 0x00, /* Tuple length = 0 bytes */
4374
4375 [0x146] = CISTPL_END, /* Tuple End */
4376};
4377
4378static int dscm1xxxx_attach(void *opaque)
4379{
bc24a225 4380 MicroDriveState *md = (MicroDriveState *) opaque;
201a51fc
AZ		 4381 md->card.attr_read = md_attr_read;
4382 md->card.attr_write = md_attr_write;
4383 md->card.common_read = md_common_read;
4384 md->card.common_write = md_common_write;
4385 md->card.io_read = md_common_read;
4386 md->card.io_write = md_common_write;
4387
4388 md->attr_base = md->card.cis[0x74] | (md->card.cis[0x76] << 8);
4389 md->io_base = 0x0;
4390
4391 md_reset(md);
4392 md_interrupt_update(md);
4393
4394 md->card.slot->card_string = "DSCM-1xxxx Hitachi Microdrive";
4395 return 0;
4396}
4397
4398static int dscm1xxxx_detach(void *opaque)
4399{
bc24a225 4400 MicroDriveState *md = (MicroDriveState *) opaque;
201a51fc
AZ		 4401 md_reset(md);
4402 return 0;
4403}
4404
bc24a225 4405PCMCIACardState *dscm1xxxx_init(BlockDriverState *bdrv)
201a51fc 4406{
bc24a225 4407 MicroDriveState *md = (MicroDriveState *) qemu_mallocz(sizeof(MicroDriveState));
201a51fc
AZ		 4408 md->card.state = md;
4409 md->card.attach = dscm1xxxx_attach;
4410 md->card.detach = dscm1xxxx_detach;
4411 md->card.cis = dscm1xxxx_cis;
4412 md->card.cis_len = sizeof(dscm1xxxx_cis);
4413
4414 ide_init2(md->ide, bdrv, 0, qemu_allocate_irqs(md_set_irq, md, 1)[0]);
4415 md->ide->is_cf = 1;
4416 md->ide->mdata_size = METADATA_SIZE;
4417 md->ide->mdata_storage = (uint8_t *) qemu_mallocz(METADATA_SIZE);
aa941b94 4418
18be5187 4419 register_savevm("microdrive", -1, 0, md_save, md_load, md);
aa941b94 4420
201a51fc
AZ		 4421 return &md->card;
4422}
Qemu copy for testing