]> git.proxmox.com Git - qemu.git/blame - hw/ide.c
projects / qemu.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
qemu_put signedness fixes, by Andre Przywara.
[qemu.git] / hw / ide.c
CommitLineData
5391d806
FB		 1/*
2 * QEMU IDE disk and CD-ROM Emulator
5fafdf24 3 *
5391d806 4 * Copyright (c) 2003 Fabrice Bellard
201a51fc 5 * Copyright (c) 2006 Openedhand Ltd.
5fafdf24 6 *
5391d806
FB		 7 * Permission is hereby granted, free of charge, to any person obtaining a copy
8 * of this software and associated documentation files (the "Software"), to deal
9 * in the Software without restriction, including without limitation the rights
10 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
11 * copies of the Software, and to permit persons to whom the Software is
12 * furnished to do so, subject to the following conditions:
13 *
14 * The above copyright notice and this permission notice shall be included in
15 * all copies or substantial portions of the Software.
16 *
17 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
18 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
19 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
20 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
21 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
22 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
23 * THE SOFTWARE.
24 */
87ecb68b
PB		 25#include "hw.h"
26#include "pc.h"
27#include "pci.h"
28#include "scsi-disk.h"
29#include "pcmcia.h"
30#include "block.h"
31#include "qemu-timer.h"
32#include "sysemu.h"
9596ebb7 33#include "ppc_mac.h"
5391d806 34
5391d806
FB		 35/* debug IDE devices */
36//#define DEBUG_IDE
37//#define DEBUG_IDE_ATAPI
8ccad811
FB		 38//#define DEBUG_AIO
39#define USE_DMA_CDROM
5391d806
FB		 40
41/* Bits of HD_STATUS */
42#define ERR_STAT 0x01
43#define INDEX_STAT 0x02
44#define ECC_STAT 0x04 /* Corrected error */
45#define DRQ_STAT 0x08
46#define SEEK_STAT 0x10
47#define SRV_STAT 0x10
48#define WRERR_STAT 0x20
49#define READY_STAT 0x40
50#define BUSY_STAT 0x80
51
52/* Bits for HD_ERROR */
53#define MARK_ERR 0x01 /* Bad address mark */
54#define TRK0_ERR 0x02 /* couldn't find track 0 */
55#define ABRT_ERR 0x04 /* Command aborted */
56#define MCR_ERR 0x08 /* media change request */
57#define ID_ERR 0x10 /* ID field not found */
58#define MC_ERR 0x20 /* media changed */
59#define ECC_ERR 0x40 /* Uncorrectable ECC error */
60#define BBD_ERR 0x80 /* pre-EIDE meaning: block marked bad */
61#define ICRC_ERR 0x80 /* new meaning: CRC error during transfer */
62
63/* Bits of HD_NSECTOR */
64#define CD 0x01
65#define IO 0x02
66#define REL 0x04
67#define TAG_MASK 0xf8
68
69#define IDE_CMD_RESET 0x04
70#define IDE_CMD_DISABLE_IRQ 0x02
71
72/* ATA/ATAPI Commands pre T13 Spec */
73#define WIN_NOP 0x00
74/*
75 * 0x01->0x02 Reserved
76 */
77#define CFA_REQ_EXT_ERROR_CODE 0x03 /* CFA Request Extended Error Code */
78/*
79 * 0x04->0x07 Reserved
80 */
81#define WIN_SRST 0x08 /* ATAPI soft reset command */
82#define WIN_DEVICE_RESET 0x08
83/*
84 * 0x09->0x0F Reserved
85 */
86#define WIN_RECAL 0x10
87#define WIN_RESTORE WIN_RECAL
88/*
89 * 0x10->0x1F Reserved
90 */
91#define WIN_READ 0x20 /* 28-Bit */
92#define WIN_READ_ONCE 0x21 /* 28-Bit without retries */
93#define WIN_READ_LONG 0x22 /* 28-Bit */
94#define WIN_READ_LONG_ONCE 0x23 /* 28-Bit without retries */
95#define WIN_READ_EXT 0x24 /* 48-Bit */
96#define WIN_READDMA_EXT 0x25 /* 48-Bit */
97#define WIN_READDMA_QUEUED_EXT 0x26 /* 48-Bit */
98#define WIN_READ_NATIVE_MAX_EXT 0x27 /* 48-Bit */
99/*
100 * 0x28
101 */
102#define WIN_MULTREAD_EXT 0x29 /* 48-Bit */
103/*
104 * 0x2A->0x2F Reserved
105 */
106#define WIN_WRITE 0x30 /* 28-Bit */
107#define WIN_WRITE_ONCE 0x31 /* 28-Bit without retries */
108#define WIN_WRITE_LONG 0x32 /* 28-Bit */
109#define WIN_WRITE_LONG_ONCE 0x33 /* 28-Bit without retries */
110#define WIN_WRITE_EXT 0x34 /* 48-Bit */
111#define WIN_WRITEDMA_EXT 0x35 /* 48-Bit */
112#define WIN_WRITEDMA_QUEUED_EXT 0x36 /* 48-Bit */
113#define WIN_SET_MAX_EXT 0x37 /* 48-Bit */
114#define CFA_WRITE_SECT_WO_ERASE 0x38 /* CFA Write Sectors without erase */
115#define WIN_MULTWRITE_EXT 0x39 /* 48-Bit */
116/*
117 * 0x3A->0x3B Reserved
118 */
119#define WIN_WRITE_VERIFY 0x3C /* 28-Bit */
120/*
121 * 0x3D->0x3F Reserved
122 */
123#define WIN_VERIFY 0x40 /* 28-Bit - Read Verify Sectors */
124#define WIN_VERIFY_ONCE 0x41 /* 28-Bit - without retries */
125#define WIN_VERIFY_EXT 0x42 /* 48-Bit */
126/*
127 * 0x43->0x4F Reserved
128 */
129#define WIN_FORMAT 0x50
130/*
131 * 0x51->0x5F Reserved
132 */
133#define WIN_INIT 0x60
134/*
135 * 0x61->0x5F Reserved
136 */
137#define WIN_SEEK 0x70 /* 0x70-0x7F Reserved */
138#define CFA_TRANSLATE_SECTOR 0x87 /* CFA Translate Sector */
139#define WIN_DIAGNOSE 0x90
140#define WIN_SPECIFY 0x91 /* set drive geometry translation */
141#define WIN_DOWNLOAD_MICROCODE 0x92
142#define WIN_STANDBYNOW2 0x94
201a51fc 143#define CFA_IDLEIMMEDIATE 0x95 /* force drive to become "ready" */
5391d806
FB		 144#define WIN_STANDBY2 0x96
145#define WIN_SETIDLE2 0x97
146#define WIN_CHECKPOWERMODE2 0x98
147#define WIN_SLEEPNOW2 0x99
148/*
149 * 0x9A VENDOR
150 */
151#define WIN_PACKETCMD 0xA0 /* Send a packet command. */
152#define WIN_PIDENTIFY 0xA1 /* identify ATAPI device */
153#define WIN_QUEUED_SERVICE 0xA2
154#define WIN_SMART 0xB0 /* self-monitoring and reporting */
201a51fc
AZ		 155#define CFA_ACCESS_METADATA_STORAGE 0xB8
156#define CFA_ERASE_SECTORS 0xC0 /* microdrives implement as NOP */
5391d806
FB		 157#define WIN_MULTREAD 0xC4 /* read sectors using multiple mode*/
158#define WIN_MULTWRITE 0xC5 /* write sectors using multiple mode */
159#define WIN_SETMULT 0xC6 /* enable/disable multiple mode */
160#define WIN_READDMA_QUEUED 0xC7 /* read sectors using Queued DMA transfers */
161#define WIN_READDMA 0xC8 /* read sectors using DMA transfers */
162#define WIN_READDMA_ONCE 0xC9 /* 28-Bit - without retries */
163#define WIN_WRITEDMA 0xCA /* write sectors using DMA transfers */
164#define WIN_WRITEDMA_ONCE 0xCB /* 28-Bit - without retries */
165#define WIN_WRITEDMA_QUEUED 0xCC /* write sectors using Queued DMA transfers */
166#define CFA_WRITE_MULTI_WO_ERASE 0xCD /* CFA Write multiple without erase */
5fafdf24 167#define WIN_GETMEDIASTATUS 0xDA
5391d806
FB		 168#define WIN_ACKMEDIACHANGE 0xDB /* ATA-1, ATA-2 vendor */
169#define WIN_POSTBOOT 0xDC
170#define WIN_PREBOOT 0xDD
171#define WIN_DOORLOCK 0xDE /* lock door on removable drives */
172#define WIN_DOORUNLOCK 0xDF /* unlock door on removable drives */
173#define WIN_STANDBYNOW1 0xE0
174#define WIN_IDLEIMMEDIATE 0xE1 /* force drive to become "ready" */
175#define WIN_STANDBY 0xE2 /* Set device in Standby Mode */
176#define WIN_SETIDLE1 0xE3
177#define WIN_READ_BUFFER 0xE4 /* force read only 1 sector */
178#define WIN_CHECKPOWERMODE1 0xE5
179#define WIN_SLEEPNOW1 0xE6
180#define WIN_FLUSH_CACHE 0xE7
181#define WIN_WRITE_BUFFER 0xE8 /* force write only 1 sector */
182#define WIN_WRITE_SAME 0xE9 /* read ata-2 to use */
183 /* SET_FEATURES 0x22 or 0xDD */
184#define WIN_FLUSH_CACHE_EXT 0xEA /* 48-Bit */
185#define WIN_IDENTIFY 0xEC /* ask drive to identify itself */
186#define WIN_MEDIAEJECT 0xED
187#define WIN_IDENTIFY_DMA 0xEE /* same as WIN_IDENTIFY, but DMA */
188#define WIN_SETFEATURES 0xEF /* set special drive features */
189#define EXABYTE_ENABLE_NEST 0xF0
201a51fc 190#define IBM_SENSE_CONDITION 0xF0 /* measure disk temperature */
5391d806
FB		 191#define WIN_SECURITY_SET_PASS 0xF1
192#define WIN_SECURITY_UNLOCK 0xF2
193#define WIN_SECURITY_ERASE_PREPARE 0xF3
194#define WIN_SECURITY_ERASE_UNIT 0xF4
195#define WIN_SECURITY_FREEZE_LOCK 0xF5
201a51fc 196#define CFA_WEAR_LEVEL 0xF5 /* microdrives implement as NOP */
5391d806
FB		 197#define WIN_SECURITY_DISABLE 0xF6
198#define WIN_READ_NATIVE_MAX 0xF8 /* return the native maximum address */
199#define WIN_SET_MAX 0xF9
200#define DISABLE_SEAGATE 0xFB
201
202/* set to 1 set disable mult support */
f66723fa 203#define MAX_MULT_SECTORS 16
5391d806
FB		 204
205/* ATAPI defines */
206
207#define ATAPI_PACKET_SIZE 12
208
209/* The generic packet command opcodes for CD/DVD Logical Units,
210 * From Table 57 of the SFF8090 Ver. 3 (Mt. Fuji) draft standard. */
211#define GPCMD_BLANK 0xa1
212#define GPCMD_CLOSE_TRACK 0x5b
213#define GPCMD_FLUSH_CACHE 0x35
214#define GPCMD_FORMAT_UNIT 0x04
215#define GPCMD_GET_CONFIGURATION 0x46
216#define GPCMD_GET_EVENT_STATUS_NOTIFICATION 0x4a
217#define GPCMD_GET_PERFORMANCE 0xac
218#define GPCMD_INQUIRY 0x12
219#define GPCMD_LOAD_UNLOAD 0xa6
220#define GPCMD_MECHANISM_STATUS 0xbd
221#define GPCMD_MODE_SELECT_10 0x55
222#define GPCMD_MODE_SENSE_10 0x5a
223#define GPCMD_PAUSE_RESUME 0x4b
224#define GPCMD_PLAY_AUDIO_10 0x45
225#define GPCMD_PLAY_AUDIO_MSF 0x47
226#define GPCMD_PLAY_AUDIO_TI 0x48
227#define GPCMD_PLAY_CD 0xbc
228#define GPCMD_PREVENT_ALLOW_MEDIUM_REMOVAL 0x1e
229#define GPCMD_READ_10 0x28
230#define GPCMD_READ_12 0xa8
231#define GPCMD_READ_CDVD_CAPACITY 0x25
232#define GPCMD_READ_CD 0xbe
233#define GPCMD_READ_CD_MSF 0xb9
234#define GPCMD_READ_DISC_INFO 0x51
235#define GPCMD_READ_DVD_STRUCTURE 0xad
236#define GPCMD_READ_FORMAT_CAPACITIES 0x23
237#define GPCMD_READ_HEADER 0x44
238#define GPCMD_READ_TRACK_RZONE_INFO 0x52
239#define GPCMD_READ_SUBCHANNEL 0x42
240#define GPCMD_READ_TOC_PMA_ATIP 0x43
241#define GPCMD_REPAIR_RZONE_TRACK 0x58
242#define GPCMD_REPORT_KEY 0xa4
243#define GPCMD_REQUEST_SENSE 0x03
244#define GPCMD_RESERVE_RZONE_TRACK 0x53
245#define GPCMD_SCAN 0xba
246#define GPCMD_SEEK 0x2b
247#define GPCMD_SEND_DVD_STRUCTURE 0xad
248#define GPCMD_SEND_EVENT 0xa2
249#define GPCMD_SEND_KEY 0xa3
250#define GPCMD_SEND_OPC 0x54
251#define GPCMD_SET_READ_AHEAD 0xa7
252#define GPCMD_SET_STREAMING 0xb6
253#define GPCMD_START_STOP_UNIT 0x1b
254#define GPCMD_STOP_PLAY_SCAN 0x4e
255#define GPCMD_TEST_UNIT_READY 0x00
256#define GPCMD_VERIFY_10 0x2f
257#define GPCMD_WRITE_10 0x2a
258#define GPCMD_WRITE_AND_VERIFY_10 0x2e
5fafdf24 259/* This is listed as optional in ATAPI 2.6, but is (curiously)
5391d806
FB		 260 * missing from Mt. Fuji, Table 57. It _is_ mentioned in Mt. Fuji
261 * Table 377 as an MMC command for SCSi devices though... Most ATAPI
262 * drives support it. */
263#define GPCMD_SET_SPEED 0xbb
5fafdf24 264/* This seems to be a SCSI specific CD-ROM opcode
5391d806
FB		 265 * to play data at track/index */
266#define GPCMD_PLAYAUDIO_TI 0x48
267/*
268 * From MS Media Status Notification Support Specification. For
269 * older drives only.
270 */
271#define GPCMD_GET_MEDIA_STATUS 0xda
d14049ea 272#define GPCMD_MODE_SENSE_6 0x1a
5391d806
FB		 273
274/* Mode page codes for mode sense/set */
275#define GPMODE_R_W_ERROR_PAGE 0x01
276#define GPMODE_WRITE_PARMS_PAGE 0x05
277#define GPMODE_AUDIO_CTL_PAGE 0x0e
278#define GPMODE_POWER_PAGE 0x1a
279#define GPMODE_FAULT_FAIL_PAGE 0x1c
280#define GPMODE_TO_PROTECT_PAGE 0x1d
281#define GPMODE_CAPABILITIES_PAGE 0x2a
282#define GPMODE_ALL_PAGES 0x3f
283/* Not in Mt. Fuji, but in ATAPI 2.6 -- depricated now in favor
284 * of MODE_SENSE_POWER_PAGE */
285#define GPMODE_CDROM_PAGE 0x0d
286
287#define ATAPI_INT_REASON_CD 0x01 /* 0 = data transfer */
288#define ATAPI_INT_REASON_IO 0x02 /* 1 = transfer to the host */
289#define ATAPI_INT_REASON_REL 0x04
290#define ATAPI_INT_REASON_TAG 0xf8
291
292/* same constants as bochs */
7f777bf3 293#define ASC_ILLEGAL_OPCODE 0x20
5391d806
FB		 294#define ASC_LOGICAL_BLOCK_OOR 0x21
295#define ASC_INV_FIELD_IN_CMD_PACKET 0x24
296#define ASC_MEDIUM_NOT_PRESENT 0x3a
297#define ASC_SAVING_PARAMETERS_NOT_SUPPORTED 0x39
298
201a51fc
AZ		 299#define CFA_NO_ERROR 0x00
300#define CFA_MISC_ERROR 0x09
301#define CFA_INVALID_COMMAND 0x20
302#define CFA_INVALID_ADDRESS 0x21
303#define CFA_ADDRESS_OVERFLOW 0x2f
304
5391d806
FB		 305#define SENSE_NONE 0
306#define SENSE_NOT_READY 2
307#define SENSE_ILLEGAL_REQUEST 5
308#define SENSE_UNIT_ATTENTION 6
309
310struct IDEState;
311
312typedef void EndTransferFunc(struct IDEState *);
313
caed8802 314/* NOTE: IDEState represents in fact one drive */
5391d806
FB		 315typedef struct IDEState {
316 /* ide config */
317 int is_cdrom;
201a51fc 318 int is_cf;
5391d806
FB		 319 int cylinders, heads, sectors;
320 int64_t nb_sectors;
321 int mult_sectors;
94458802
FB		 322 int identify_set;
323 uint16_t identify_data[256];
d537cf6c 324 qemu_irq irq;
34e538ae 325 PCIDevice *pci_dev;
98087450 326 struct BMDMAState *bmdma;
aedf5382 327 int drive_serial;
5391d806
FB		 328 /* ide regs */
329 uint8_t feature;
330 uint8_t error;
c2ff060f 331 uint32_t nsector;
5391d806
FB		 332 uint8_t sector;
333 uint8_t lcyl;
334 uint8_t hcyl;
c2ff060f
FB		 335 /* other part of tf for lba48 support */
336 uint8_t hob_feature;
337 uint8_t hob_nsector;
338 uint8_t hob_sector;
339 uint8_t hob_lcyl;
340 uint8_t hob_hcyl;
341
5391d806
FB		 342 uint8_t select;
343 uint8_t status;
c2ff060f 344
5391d806
FB		 345 /* 0x3f6 command, only meaningful for drive 0 */
346 uint8_t cmd;
c2ff060f
FB		 347 /* set for lba48 access */
348 uint8_t lba48;
5391d806 349 /* depends on bit 4 in select, only meaningful for drive 0 */
5fafdf24 350 struct IDEState *cur_drive;
5391d806
FB		 351 BlockDriverState *bs;
352 /* ATAPI specific */
353 uint8_t sense_key;
354 uint8_t asc;
355 int packet_transfer_size;
356 int elementary_transfer_size;
357 int io_buffer_index;
358 int lba;
98087450
FB		 359 int cd_sector_size;
360 int atapi_dma; /* true if dma is requested for the packet cmd */
361 /* ATA DMA state */
362 int io_buffer_size;
363 /* PIO transfer handling */
5391d806
FB		 364 int req_nb_sectors; /* number of sectors per interrupt */
365 EndTransferFunc *end_transfer_func;
366 uint8_t *data_ptr;
367 uint8_t *data_end;
368 uint8_t io_buffer[MAX_MULT_SECTORS*512 + 4];
31c2a146 369 QEMUTimer *sector_write_timer; /* only used for win2k install hack */
e774a278 370 uint32_t irq_count; /* counts IRQs when using win2k install hack */
201a51fc
AZ		 371 /* CF-ATA extended error */
372 uint8_t ext_error;
373 /* CF-ATA metadata storage */
374 uint32_t mdata_size;
375 uint8_t *mdata_storage;
376 int media_changed;
5391d806
FB		 377} IDEState;
378
98087450
FB		 379#define BM_STATUS_DMAING 0x01
380#define BM_STATUS_ERROR 0x02
381#define BM_STATUS_INT 0x04
382
383#define BM_CMD_START 0x01
384#define BM_CMD_READ 0x08
385
5457c8ce
FB		 386#define IDE_TYPE_PIIX3 0
387#define IDE_TYPE_CMD646 1
afcc3cdf 388#define IDE_TYPE_PIIX4 2
5457c8ce
FB		 389
390/* CMD646 specific */
391#define MRDMODE 0x71
392#define MRDMODE_INTR_CH0 0x04
393#define MRDMODE_INTR_CH1 0x08
394#define MRDMODE_BLK_CH0 0x10
395#define MRDMODE_BLK_CH1 0x20
396#define UDIDETCR0 0x73
397#define UDIDETCR1 0x7B
398
98087450
FB		 399typedef struct BMDMAState {
400 uint8_t cmd;
401 uint8_t status;
402 uint32_t addr;
3b46e624 403
5457c8ce 404 struct PCIIDEState *pci_dev;
98087450 405 /* current transfer state */
8ccad811
FB		 406 uint32_t cur_addr;
407 uint32_t cur_prd_last;
408 uint32_t cur_prd_addr;
409 uint32_t cur_prd_len;
98087450 410 IDEState *ide_if;
8ccad811
FB		 411 BlockDriverCompletionFunc *dma_cb;
412 BlockDriverAIOCB *aiocb;
98087450
FB		 413} BMDMAState;
414
415typedef struct PCIIDEState {
416 PCIDevice dev;
417 IDEState ide_if[4];
418 BMDMAState bmdma[2];
5457c8ce 419 int type; /* see IDE_TYPE_xxx */
98087450
FB		 420} PCIIDEState;
421
8ccad811 422static void ide_dma_start(IDEState *s, BlockDriverCompletionFunc *dma_cb);
5f12ab4b 423static void ide_atapi_cmd_read_dma_cb(void *opaque, int ret);
98087450 424
5391d806
FB		 425static void padstr(char *str, const char *src, int len)
426{
427 int i, v;
428 for(i = 0; i < len; i++) {
429 if (*src)
430 v = *src++;
431 else
432 v = ' ';
433 *(char *)((long)str ^ 1) = v;
434 str++;
435 }
436}
437
bd0d90b2
FB		 438static void padstr8(uint8_t *buf, int buf_size, const char *src)
439{
440 int i;
441 for(i = 0; i < buf_size; i++) {
442 if (*src)
443 buf[i] = *src++;
444 else
445 buf[i] = ' ';
446 }
447}
448
67b915a5
FB		 449static void put_le16(uint16_t *p, unsigned int v)
450{
0c4ad8dc 451 *p = cpu_to_le16(v);
67b915a5
FB		 452}
453
5391d806
FB		 454static void ide_identify(IDEState *s)
455{
456 uint16_t *p;
457 unsigned int oldsize;
aedf5382 458 char buf[20];
5391d806 459
94458802
FB		 460 if (s->identify_set) {
461 memcpy(s->io_buffer, s->identify_data, sizeof(s->identify_data));
462 return;
463 }
464
5391d806
FB		 465 memset(s->io_buffer, 0, 512);
466 p = (uint16_t *)s->io_buffer;
67b915a5 467 put_le16(p + 0, 0x0040);
5fafdf24 468 put_le16(p + 1, s->cylinders);
67b915a5
FB		 469 put_le16(p + 3, s->heads);
470 put_le16(p + 4, 512 * s->sectors); /* XXX: retired, remove ? */
471 put_le16(p + 5, 512); /* XXX: retired, remove ? */
5fafdf24 472 put_le16(p + 6, s->sectors);
aedf5382 473 snprintf(buf, sizeof(buf), "QM%05d", s->drive_serial);
60fe76f3 474 padstr((char *)(p + 10), buf, 20); /* serial number */
67b915a5
FB		 475 put_le16(p + 20, 3); /* XXX: retired, remove ? */
476 put_le16(p + 21, 512); /* cache size in sectors */
477 put_le16(p + 22, 4); /* ecc bytes */
60fe76f3
TS		 478 padstr((char *)(p + 23), QEMU_VERSION, 8); /* firmware version */
479 padstr((char *)(p + 27), "QEMU HARDDISK", 40); /* model */
3b46e624 480#if MAX_MULT_SECTORS > 1
67b915a5 481 put_le16(p + 47, 0x8000 | MAX_MULT_SECTORS);
5391d806 482#endif
67b915a5 483 put_le16(p + 48, 1); /* dword I/O */
94458802 484 put_le16(p + 49, (1 << 11) | (1 << 9) | (1 << 8)); /* DMA and LBA supported */
67b915a5
FB		 485 put_le16(p + 51, 0x200); /* PIO transfer cycle */
486 put_le16(p + 52, 0x200); /* DMA transfer cycle */
94458802 487 put_le16(p + 53, 1 | (1 << 1) | (1 << 2)); /* words 54-58,64-70,88 are valid */
67b915a5
FB		 488 put_le16(p + 54, s->cylinders);
489 put_le16(p + 55, s->heads);
490 put_le16(p + 56, s->sectors);
5391d806 491 oldsize = s->cylinders * s->heads * s->sectors;
67b915a5
FB		 492 put_le16(p + 57, oldsize);
493 put_le16(p + 58, oldsize >> 16);
5391d806 494 if (s->mult_sectors)
67b915a5
FB		 495 put_le16(p + 59, 0x100 | s->mult_sectors);
496 put_le16(p + 60, s->nb_sectors);
497 put_le16(p + 61, s->nb_sectors >> 16);
94458802
FB		 498 put_le16(p + 63, 0x07); /* mdma0-2 supported */
499 put_le16(p + 65, 120);
500 put_le16(p + 66, 120);
501 put_le16(p + 67, 120);
502 put_le16(p + 68, 120);
503 put_le16(p + 80, 0xf0); /* ata3 -> ata6 supported */
504 put_le16(p + 81, 0x16); /* conforms to ata5 */
67b915a5 505 put_le16(p + 82, (1 << 14));
c2ff060f
FB		 506 /* 13=flush_cache_ext,12=flush_cache,10=lba48 */
507 put_le16(p + 83, (1 << 14) | (1 << 13) | (1 <<12) | (1 << 10));
67b915a5
FB		 508 put_le16(p + 84, (1 << 14));
509 put_le16(p + 85, (1 << 14));
c2ff060f
FB		 510 /* 13=flush_cache_ext,12=flush_cache,10=lba48 */
511 put_le16(p + 86, (1 << 14) | (1 << 13) | (1 <<12) | (1 << 10));
67b915a5 512 put_le16(p + 87, (1 << 14));
94458802
FB		 513 put_le16(p + 88, 0x3f | (1 << 13)); /* udma5 set and supported */
514 put_le16(p + 93, 1 | (1 << 14) | 0x2000);
c2ff060f
FB		 515 put_le16(p + 100, s->nb_sectors);
516 put_le16(p + 101, s->nb_sectors >> 16);
517 put_le16(p + 102, s->nb_sectors >> 32);
518 put_le16(p + 103, s->nb_sectors >> 48);
94458802
FB		 519
520 memcpy(s->identify_data, p, sizeof(s->identify_data));
521 s->identify_set = 1;
5391d806
FB		 522}
523
524static void ide_atapi_identify(IDEState *s)
525{
526 uint16_t *p;
aedf5382 527 char buf[20];
5391d806 528
94458802
FB		 529 if (s->identify_set) {
530 memcpy(s->io_buffer, s->identify_data, sizeof(s->identify_data));
531 return;
532 }
533
5391d806
FB		 534 memset(s->io_buffer, 0, 512);
535 p = (uint16_t *)s->io_buffer;
536 /* Removable CDROM, 50us response, 12 byte packets */
67b915a5 537 put_le16(p + 0, (2 << 14) | (5 << 8) | (1 << 7) | (2 << 5) | (0 << 0));
aedf5382 538 snprintf(buf, sizeof(buf), "QM%05d", s->drive_serial);
60fe76f3 539 padstr((char *)(p + 10), buf, 20); /* serial number */
67b915a5
FB		 540 put_le16(p + 20, 3); /* buffer type */
541 put_le16(p + 21, 512); /* cache size in sectors */
542 put_le16(p + 22, 4); /* ecc bytes */
60fe76f3
TS		 543 padstr((char *)(p + 23), QEMU_VERSION, 8); /* firmware version */
544 padstr((char *)(p + 27), "QEMU CD-ROM", 40); /* model */
67b915a5 545 put_le16(p + 48, 1); /* dword I/O (XXX: should not be set on CDROM) */
8ccad811
FB		 546#ifdef USE_DMA_CDROM
547 put_le16(p + 49, 1 << 9 | 1 << 8); /* DMA and LBA supported */
548 put_le16(p + 53, 7); /* words 64-70, 54-58, 88 valid */
549 put_le16(p + 63, 7); /* mdma0-2 supported */
550 put_le16(p + 64, 0x3f); /* PIO modes supported */
551#else
67b915a5
FB		 552 put_le16(p + 49, 1 << 9); /* LBA supported, no DMA */
553 put_le16(p + 53, 3); /* words 64-70, 54-58 valid */
554 put_le16(p + 63, 0x103); /* DMA modes XXX: may be incorrect */
555 put_le16(p + 64, 1); /* PIO modes */
8ccad811 556#endif
67b915a5
FB		 557 put_le16(p + 65, 0xb4); /* minimum DMA multiword tx cycle time */
558 put_le16(p + 66, 0xb4); /* recommended DMA multiword tx cycle time */
559 put_le16(p + 67, 0x12c); /* minimum PIO cycle time without flow control */
560 put_le16(p + 68, 0xb4); /* minimum PIO cycle time with IORDY flow control */
94458802 561
67b915a5
FB		 562 put_le16(p + 71, 30); /* in ns */
563 put_le16(p + 72, 30); /* in ns */
5391d806 564
67b915a5 565 put_le16(p + 80, 0x1e); /* support up to ATA/ATAPI-4 */
8ccad811
FB		 566#ifdef USE_DMA_CDROM
567 put_le16(p + 88, 0x3f | (1 << 13)); /* udma5 set and supported */
568#endif
94458802
FB		 569 memcpy(s->identify_data, p, sizeof(s->identify_data));
570 s->identify_set = 1;
5391d806
FB		 571}
572
201a51fc
AZ		 573static void ide_cfata_identify(IDEState *s)
574{
575 uint16_t *p;
576 uint32_t cur_sec;
577 char buf[20];
578
579 p = (uint16_t *) s->identify_data;
580 if (s->identify_set)
581 goto fill_buffer;
582
583 memset(p, 0, sizeof(s->identify_data));
584
585 cur_sec = s->cylinders * s->heads * s->sectors;
586
587 put_le16(p + 0, 0x848a); /* CF Storage Card signature */
588 put_le16(p + 1, s->cylinders); /* Default cylinders */
589 put_le16(p + 3, s->heads); /* Default heads */
590 put_le16(p + 6, s->sectors); /* Default sectors per track */
591 put_le16(p + 7, s->nb_sectors >> 16); /* Sectors per card */
592 put_le16(p + 8, s->nb_sectors); /* Sectors per card */
593 snprintf(buf, sizeof(buf), "QM%05d", s->drive_serial);
60fe76f3 594 padstr((char *)(p + 10), buf, 20); /* Serial number in ASCII */
201a51fc 595 put_le16(p + 22, 0x0004); /* ECC bytes */
60fe76f3
TS		 596 padstr((char *) (p + 23), QEMU_VERSION, 8); /* Firmware Revision */
597 padstr((char *) (p + 27), "QEMU MICRODRIVE", 40);/* Model number */
201a51fc
AZ		 598#if MAX_MULT_SECTORS > 1
599 put_le16(p + 47, 0x8000 | MAX_MULT_SECTORS);
600#else
601 put_le16(p + 47, 0x0000);
602#endif
603 put_le16(p + 49, 0x0f00); /* Capabilities */
604 put_le16(p + 51, 0x0002); /* PIO cycle timing mode */
605 put_le16(p + 52, 0x0001); /* DMA cycle timing mode */
606 put_le16(p + 53, 0x0003); /* Translation params valid */
607 put_le16(p + 54, s->cylinders); /* Current cylinders */
608 put_le16(p + 55, s->heads); /* Current heads */
609 put_le16(p + 56, s->sectors); /* Current sectors */
610 put_le16(p + 57, cur_sec); /* Current capacity */
611 put_le16(p + 58, cur_sec >> 16); /* Current capacity */
612 if (s->mult_sectors) /* Multiple sector setting */
613 put_le16(p + 59, 0x100 | s->mult_sectors);
614 put_le16(p + 60, s->nb_sectors); /* Total LBA sectors */
615 put_le16(p + 61, s->nb_sectors >> 16); /* Total LBA sectors */
616 put_le16(p + 63, 0x0203); /* Multiword DMA capability */
617 put_le16(p + 64, 0x0001); /* Flow Control PIO support */
618 put_le16(p + 65, 0x0096); /* Min. Multiword DMA cycle */
619 put_le16(p + 66, 0x0096); /* Rec. Multiword DMA cycle */
620 put_le16(p + 68, 0x00b4); /* Min. PIO cycle time */
621 put_le16(p + 82, 0x400c); /* Command Set supported */
622 put_le16(p + 83, 0x7068); /* Command Set supported */
623 put_le16(p + 84, 0x4000); /* Features supported */
624 put_le16(p + 85, 0x000c); /* Command Set enabled */
625 put_le16(p + 86, 0x7044); /* Command Set enabled */
626 put_le16(p + 87, 0x4000); /* Features enabled */
627 put_le16(p + 91, 0x4060); /* Current APM level */
628 put_le16(p + 129, 0x0002); /* Current features option */
629 put_le16(p + 130, 0x0005); /* Reassigned sectors */
630 put_le16(p + 131, 0x0001); /* Initial power mode */
631 put_le16(p + 132, 0x0000); /* User signature */
632 put_le16(p + 160, 0x8100); /* Power requirement */
633 put_le16(p + 161, 0x8001); /* CF command set */
634
635 s->identify_set = 1;
636
637fill_buffer:
638 memcpy(s->io_buffer, p, sizeof(s->identify_data));
639}
640
5391d806
FB		 641static void ide_set_signature(IDEState *s)
642{
643 s->select &= 0xf0; /* clear head */
644 /* put signature */
645 s->nsector = 1;
646 s->sector = 1;
647 if (s->is_cdrom) {
648 s->lcyl = 0x14;
649 s->hcyl = 0xeb;
650 } else if (s->bs) {
651 s->lcyl = 0;
652 s->hcyl = 0;
653 } else {
654 s->lcyl = 0xff;
655 s->hcyl = 0xff;
656 }
657}
658
659static inline void ide_abort_command(IDEState *s)
660{
661 s->status = READY_STAT | ERR_STAT;
662 s->error = ABRT_ERR;
663}
664
665static inline void ide_set_irq(IDEState *s)
666{
98ff7d30 667 BMDMAState *bm = s->bmdma;
5391d806 668 if (!(s->cmd & IDE_CMD_DISABLE_IRQ)) {
5457c8ce 669 if (bm) {
98ff7d30 670 bm->status |= BM_STATUS_INT;
5457c8ce 671 }
d537cf6c 672 qemu_irq_raise(s->irq);
5391d806
FB		 673 }
674}
675
676/* prepare data transfer and tell what to do after */
5fafdf24 677static void ide_transfer_start(IDEState *s, uint8_t *buf, int size,
5391d806
FB		 678 EndTransferFunc *end_transfer_func)
679{
680 s->end_transfer_func = end_transfer_func;
681 s->data_ptr = buf;
682 s->data_end = buf + size;
7603d156
TS		 683 if (!(s->status & ERR_STAT))
684 s->status |= DRQ_STAT;
5391d806
FB		 685}
686
687static void ide_transfer_stop(IDEState *s)
688{
689 s->end_transfer_func = ide_transfer_stop;
690 s->data_ptr = s->io_buffer;
691 s->data_end = s->io_buffer;
692 s->status &= ~DRQ_STAT;
693}
694
695static int64_t ide_get_sector(IDEState *s)
696{
697 int64_t sector_num;
698 if (s->select & 0x40) {
699 /* lba */
c2ff060f
FB		 700 if (!s->lba48) {
701 sector_num = ((s->select & 0x0f) << 24) | (s->hcyl << 16) |
702 (s->lcyl << 8) | s->sector;
703 } else {
704 sector_num = ((int64_t)s->hob_hcyl << 40) |
705 ((int64_t) s->hob_lcyl << 32) |
706 ((int64_t) s->hob_sector << 24) |
707 ((int64_t) s->hcyl << 16) |
708 ((int64_t) s->lcyl << 8) | s->sector;
709 }
5391d806
FB		 710 } else {
711 sector_num = ((s->hcyl << 8) | s->lcyl) * s->heads * s->sectors +
c2ff060f 712 (s->select & 0x0f) * s->sectors + (s->sector - 1);
5391d806
FB		 713 }
714 return sector_num;
715}
716
717static void ide_set_sector(IDEState *s, int64_t sector_num)
718{
719 unsigned int cyl, r;
720 if (s->select & 0x40) {
c2ff060f
FB		 721 if (!s->lba48) {
722 s->select = (s->select & 0xf0) | (sector_num >> 24);
723 s->hcyl = (sector_num >> 16);
724 s->lcyl = (sector_num >> 8);
725 s->sector = (sector_num);
726 } else {
727 s->sector = sector_num;
728 s->lcyl = sector_num >> 8;
729 s->hcyl = sector_num >> 16;
730 s->hob_sector = sector_num >> 24;
731 s->hob_lcyl = sector_num >> 32;
732 s->hob_hcyl = sector_num >> 40;
733 }
5391d806
FB		 734 } else {
735 cyl = sector_num / (s->heads * s->sectors);
736 r = sector_num % (s->heads * s->sectors);
737 s->hcyl = cyl >> 8;
738 s->lcyl = cyl;
1b8eb456 739 s->select = (s->select & 0xf0) | ((r / s->sectors) & 0x0f);
5391d806
FB		 740 s->sector = (r % s->sectors) + 1;
741 }
742}
743
744static void ide_sector_read(IDEState *s)
745{
746 int64_t sector_num;
747 int ret, n;
748
749 s->status = READY_STAT | SEEK_STAT;
a136e5a8 750 s->error = 0; /* not needed by IDE spec, but needed by Windows */
5391d806
FB		 751 sector_num = ide_get_sector(s);
752 n = s->nsector;
753 if (n == 0) {
754 /* no more sector to read from disk */
755 ide_transfer_stop(s);
756 } else {
757#if defined(DEBUG_IDE)
758 printf("read sector=%Ld\n", sector_num);
759#endif
760 if (n > s->req_nb_sectors)
761 n = s->req_nb_sectors;
762 ret = bdrv_read(s->bs, sector_num, s->io_buffer, n);
763 ide_transfer_start(s, s->io_buffer, 512 * n, ide_sector_read);
764 ide_set_irq(s);
765 ide_set_sector(s, sector_num + n);
766 s->nsector -= n;
767 }
768}
769
8ccad811
FB		 770/* return 0 if buffer completed */
771static int dma_buf_rw(BMDMAState *bm, int is_write)
98087450 772{
8ccad811
FB		 773 IDEState *s = bm->ide_if;
774 struct {
775 uint32_t addr;
776 uint32_t size;
777 } prd;
778 int l, len;
98087450 779
8ccad811
FB		 780 for(;;) {
781 l = s->io_buffer_size - s->io_buffer_index;
5fafdf24 782 if (l <= 0)
8ccad811
FB		 783 break;
784 if (bm->cur_prd_len == 0) {
785 /* end of table (with a fail safe of one page) */
786 if (bm->cur_prd_last ||
787 (bm->cur_addr - bm->addr) >= 4096)
788 return 0;
789 cpu_physical_memory_read(bm->cur_addr, (uint8_t *)&prd, 8);
790 bm->cur_addr += 8;
791 prd.addr = le32_to_cpu(prd.addr);
792 prd.size = le32_to_cpu(prd.size);
793 len = prd.size & 0xfffe;
794 if (len == 0)
795 len = 0x10000;
796 bm->cur_prd_len = len;
797 bm->cur_prd_addr = prd.addr;
798 bm->cur_prd_last = (prd.size & 0x80000000);
799 }
800 if (l > bm->cur_prd_len)
801 l = bm->cur_prd_len;
802 if (l > 0) {
803 if (is_write) {
5fafdf24 804 cpu_physical_memory_write(bm->cur_prd_addr,
8ccad811
FB		 805 s->io_buffer + s->io_buffer_index, l);
806 } else {
5fafdf24 807 cpu_physical_memory_read(bm->cur_prd_addr,
8ccad811
FB		 808 s->io_buffer + s->io_buffer_index, l);
809 }
810 bm->cur_prd_addr += l;
811 bm->cur_prd_len -= l;
812 s->io_buffer_index += l;
98087450 813 }
98087450 814 }
8ccad811
FB		 815 return 1;
816}
817
818/* XXX: handle errors */
819static void ide_read_dma_cb(void *opaque, int ret)
820{
821 BMDMAState *bm = opaque;
822 IDEState *s = bm->ide_if;
823 int n;
824 int64_t sector_num;
825
826 n = s->io_buffer_size >> 9;
827 sector_num = ide_get_sector(s);
828 if (n > 0) {
829 sector_num += n;
830 ide_set_sector(s, sector_num);
831 s->nsector -= n;
832 if (dma_buf_rw(bm, 1) == 0)
833 goto eot;
834 }
835
836 /* end of transfer ? */
837 if (s->nsector == 0) {
98087450
FB		 838 s->status = READY_STAT | SEEK_STAT;
839 ide_set_irq(s);
8ccad811
FB		 840 eot:
841 bm->status &= ~BM_STATUS_DMAING;
842 bm->status |= BM_STATUS_INT;
843 bm->dma_cb = NULL;
844 bm->ide_if = NULL;
845 bm->aiocb = NULL;
846 return;
98087450 847 }
8ccad811
FB		 848
849 /* launch next transfer */
850 n = s->nsector;
851 if (n > MAX_MULT_SECTORS)
852 n = MAX_MULT_SECTORS;
853 s->io_buffer_index = 0;
854 s->io_buffer_size = n * 512;
855#ifdef DEBUG_AIO
856 printf("aio_read: sector_num=%lld n=%d\n", sector_num, n);
857#endif
5fafdf24 858 bm->aiocb = bdrv_aio_read(s->bs, sector_num, s->io_buffer, n,
8ccad811 859 ide_read_dma_cb, bm);
98087450
FB		 860}
861
862static void ide_sector_read_dma(IDEState *s)
863{
8ccad811 864 s->status = READY_STAT | SEEK_STAT | DRQ_STAT | BUSY_STAT;
98087450
FB		 865 s->io_buffer_index = 0;
866 s->io_buffer_size = 0;
867 ide_dma_start(s, ide_read_dma_cb);
868}
869
a09db21f
FB		 870static void ide_sector_write_timer_cb(void *opaque)
871{
872 IDEState *s = opaque;
873 ide_set_irq(s);
874}
875
5391d806
FB		 876static void ide_sector_write(IDEState *s)
877{
878 int64_t sector_num;
31c2a146 879 int ret, n, n1;
5391d806
FB		 880
881 s->status = READY_STAT | SEEK_STAT;
882 sector_num = ide_get_sector(s);
883#if defined(DEBUG_IDE)
884 printf("write sector=%Ld\n", sector_num);
885#endif
886 n = s->nsector;
887 if (n > s->req_nb_sectors)
888 n = s->req_nb_sectors;
31c2a146 889 ret = bdrv_write(s->bs, sector_num, s->io_buffer, n);
5391d806
FB		 890 s->nsector -= n;
891 if (s->nsector == 0) {
292eef5a 892 /* no more sectors to write */
5391d806
FB		 893 ide_transfer_stop(s);
894 } else {
895 n1 = s->nsector;
896 if (n1 > s->req_nb_sectors)
897 n1 = s->req_nb_sectors;
898 ide_transfer_start(s, s->io_buffer, 512 * n1, ide_sector_write);
899 }
900 ide_set_sector(s, sector_num + n);
3b46e624 901
31c2a146
TS		 902#ifdef TARGET_I386
903 if (win2k_install_hack && ((++s->irq_count % 16) == 0)) {
904 /* It seems there is a bug in the Windows 2000 installer HDD
905 IDE driver which fills the disk with empty logs when the
906 IDE write IRQ comes too early. This hack tries to correct
907 that at the expense of slower write performances. Use this
908 option _only_ to install Windows 2000. You must disable it
909 for normal use. */
910 qemu_mod_timer(s->sector_write_timer,
911 qemu_get_clock(vm_clock) + (ticks_per_sec / 1000));
912 } else
913#endif
914 {
915 ide_set_irq(s);
916 }
5391d806
FB		 917}
918
8ccad811
FB		 919/* XXX: handle errors */
920static void ide_write_dma_cb(void *opaque, int ret)
98087450 921{
8ccad811
FB		 922 BMDMAState *bm = opaque;
923 IDEState *s = bm->ide_if;
924 int n;
98087450
FB		 925 int64_t sector_num;
926
8ccad811
FB		 927 n = s->io_buffer_size >> 9;
928 sector_num = ide_get_sector(s);
929 if (n > 0) {
930 sector_num += n;
931 ide_set_sector(s, sector_num);
932 s->nsector -= n;
98087450 933 }
98087450 934
8ccad811
FB		 935 /* end of transfer ? */
936 if (s->nsector == 0) {
937 s->status = READY_STAT | SEEK_STAT;
938 ide_set_irq(s);
939 eot:
940 bm->status &= ~BM_STATUS_DMAING;
941 bm->status |= BM_STATUS_INT;
942 bm->dma_cb = NULL;
943 bm->ide_if = NULL;
944 bm->aiocb = NULL;
945 return;
946 }
947
948 /* launch next transfer */
98087450
FB		 949 n = s->nsector;
950 if (n > MAX_MULT_SECTORS)
951 n = MAX_MULT_SECTORS;
952 s->io_buffer_index = 0;
953 s->io_buffer_size = n * 512;
8ccad811
FB		 954
955 if (dma_buf_rw(bm, 0) == 0)
956 goto eot;
957#ifdef DEBUG_AIO
958 printf("aio_write: sector_num=%lld n=%d\n", sector_num, n);
959#endif
5fafdf24 960 bm->aiocb = bdrv_aio_write(s->bs, sector_num, s->io_buffer, n,
8ccad811
FB		 961 ide_write_dma_cb, bm);
962}
963
964static void ide_sector_write_dma(IDEState *s)
965{
966 s->status = READY_STAT | SEEK_STAT | DRQ_STAT | BUSY_STAT;
967 s->io_buffer_index = 0;
968 s->io_buffer_size = 0;
98087450
FB		 969 ide_dma_start(s, ide_write_dma_cb);
970}
971
5391d806
FB		 972static void ide_atapi_cmd_ok(IDEState *s)
973{
974 s->error = 0;
975 s->status = READY_STAT;
976 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
977 ide_set_irq(s);
978}
979
980static void ide_atapi_cmd_error(IDEState *s, int sense_key, int asc)
981{
982#ifdef DEBUG_IDE_ATAPI
983 printf("atapi_cmd_error: sense=0x%x asc=0x%x\n", sense_key, asc);
984#endif
985 s->error = sense_key << 4;
986 s->status = READY_STAT | ERR_STAT;
987 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
988 s->sense_key = sense_key;
989 s->asc = asc;
990 ide_set_irq(s);
991}
992
993static inline void cpu_to_ube16(uint8_t *buf, int val)
994{
995 buf[0] = val >> 8;
996 buf[1] = val;
997}
998
999static inline void cpu_to_ube32(uint8_t *buf, unsigned int val)
1000{
1001 buf[0] = val >> 24;
1002 buf[1] = val >> 16;
1003 buf[2] = val >> 8;
1004 buf[3] = val;
1005}
1006
1007static inline int ube16_to_cpu(const uint8_t *buf)
1008{
1009 return (buf[0] << 8) | buf[1];
1010}
1011
1012static inline int ube32_to_cpu(const uint8_t *buf)
1013{
1014 return (buf[0] << 24) | (buf[1] << 16) | (buf[2] << 8) | buf[3];
1015}
1016
98087450
FB		 1017static void lba_to_msf(uint8_t *buf, int lba)
1018{
1019 lba += 150;
1020 buf[0] = (lba / 75) / 60;
1021 buf[1] = (lba / 75) % 60;
1022 buf[2] = lba % 75;
1023}
1024
8ccad811
FB		 1025static void cd_data_to_raw(uint8_t *buf, int lba)
1026{
1027 /* sync bytes */
1028 buf[0] = 0x00;
1029 memset(buf + 1, 0xff, 10);
1030 buf[11] = 0x00;
1031 buf += 12;
1032 /* MSF */
1033 lba_to_msf(buf, lba);
1034 buf[3] = 0x01; /* mode 1 data */
1035 buf += 4;
1036 /* data */
1037 buf += 2048;
1038 /* XXX: ECC not computed */
1039 memset(buf, 0, 288);
1040}
1041
5fafdf24 1042static int cd_read_sector(BlockDriverState *bs, int lba, uint8_t *buf,
98087450
FB		 1043 int sector_size)
1044{
66c6ef76
FB		 1045 int ret;
1046
98087450
FB		 1047 switch(sector_size) {
1048 case 2048:
66c6ef76 1049 ret = bdrv_read(bs, (int64_t)lba << 2, buf, 4);
98087450
FB		 1050 break;
1051 case 2352:
66c6ef76
FB		 1052 ret = bdrv_read(bs, (int64_t)lba << 2, buf + 16, 4);
1053 if (ret < 0)
1054 return ret;
8ccad811 1055 cd_data_to_raw(buf, lba);
98087450
FB		 1056 break;
1057 default:
66c6ef76 1058 ret = -EIO;
98087450
FB		 1059 break;
1060 }
66c6ef76
FB		 1061 return ret;
1062}
1063
1064static void ide_atapi_io_error(IDEState *s, int ret)
1065{
1066 /* XXX: handle more errors */
1067 if (ret == -ENOMEDIUM) {
5fafdf24 1068 ide_atapi_cmd_error(s, SENSE_NOT_READY,
66c6ef76
FB		 1069 ASC_MEDIUM_NOT_PRESENT);
1070 } else {
5fafdf24 1071 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
66c6ef76
FB		 1072 ASC_LOGICAL_BLOCK_OOR);
1073 }
98087450
FB		 1074}
1075
5391d806
FB		 1076/* The whole ATAPI transfer logic is handled in this function */
1077static void ide_atapi_cmd_reply_end(IDEState *s)
1078{
66c6ef76 1079 int byte_count_limit, size, ret;
5391d806 1080#ifdef DEBUG_IDE_ATAPI
5fafdf24 1081 printf("reply: tx_size=%d elem_tx_size=%d index=%d\n",
5391d806
FB		 1082 s->packet_transfer_size,
1083 s->elementary_transfer_size,
1084 s->io_buffer_index);
1085#endif
1086 if (s->packet_transfer_size <= 0) {
1087 /* end of transfer */
1088 ide_transfer_stop(s);
1089 s->status = READY_STAT;
1090 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
1091 ide_set_irq(s);
1092#ifdef DEBUG_IDE_ATAPI
1093 printf("status=0x%x\n", s->status);
1094#endif
1095 } else {
1096 /* see if a new sector must be read */
98087450 1097 if (s->lba != -1 && s->io_buffer_index >= s->cd_sector_size) {
66c6ef76
FB		 1098 ret = cd_read_sector(s->bs, s->lba, s->io_buffer, s->cd_sector_size);
1099 if (ret < 0) {
1100 ide_transfer_stop(s);
1101 ide_atapi_io_error(s, ret);
1102 return;
1103 }
5391d806
FB		 1104 s->lba++;
1105 s->io_buffer_index = 0;
1106 }
1107 if (s->elementary_transfer_size > 0) {
1108 /* there are some data left to transmit in this elementary
1109 transfer */
98087450 1110 size = s->cd_sector_size - s->io_buffer_index;
5391d806
FB		 1111 if (size > s->elementary_transfer_size)
1112 size = s->elementary_transfer_size;
5fafdf24 1113 ide_transfer_start(s, s->io_buffer + s->io_buffer_index,
5391d806
FB		 1114 size, ide_atapi_cmd_reply_end);
1115 s->packet_transfer_size -= size;
1116 s->elementary_transfer_size -= size;
1117 s->io_buffer_index += size;
1118 } else {
1119 /* a new transfer is needed */
1120 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO;
1121 byte_count_limit = s->lcyl | (s->hcyl << 8);
1122#ifdef DEBUG_IDE_ATAPI
1123 printf("byte_count_limit=%d\n", byte_count_limit);
1124#endif
1125 if (byte_count_limit == 0xffff)
1126 byte_count_limit--;
1127 size = s->packet_transfer_size;
1128 if (size > byte_count_limit) {
1129 /* byte count limit must be even if this case */
1130 if (byte_count_limit & 1)
1131 byte_count_limit--;
1132 size = byte_count_limit;
5391d806 1133 }
a136e5a8
FB		 1134 s->lcyl = size;
1135 s->hcyl = size >> 8;
5391d806
FB		 1136 s->elementary_transfer_size = size;
1137 /* we cannot transmit more than one sector at a time */
1138 if (s->lba != -1) {
98087450
FB		 1139 if (size > (s->cd_sector_size - s->io_buffer_index))
1140 size = (s->cd_sector_size - s->io_buffer_index);
5391d806 1141 }
5fafdf24 1142 ide_transfer_start(s, s->io_buffer + s->io_buffer_index,
5391d806
FB		 1143 size, ide_atapi_cmd_reply_end);
1144 s->packet_transfer_size -= size;
1145 s->elementary_transfer_size -= size;
1146 s->io_buffer_index += size;
1147 ide_set_irq(s);
1148#ifdef DEBUG_IDE_ATAPI
1149 printf("status=0x%x\n", s->status);
1150#endif
1151 }
1152 }
1153}
1154
1155/* send a reply of 'size' bytes in s->io_buffer to an ATAPI command */
1156static void ide_atapi_cmd_reply(IDEState *s, int size, int max_size)
1157{
1158 if (size > max_size)
1159 size = max_size;
1160 s->lba = -1; /* no sector read */
1161 s->packet_transfer_size = size;
5f12ab4b 1162 s->io_buffer_size = size; /* dma: send the reply data as one chunk */
5391d806
FB		 1163 s->elementary_transfer_size = 0;
1164 s->io_buffer_index = 0;
1165
5f12ab4b
TS		 1166 if (s->atapi_dma) {
1167 s->status = READY_STAT | DRQ_STAT;
1168 ide_dma_start(s, ide_atapi_cmd_read_dma_cb);
1169 } else {
1170 s->status = READY_STAT;
1171 ide_atapi_cmd_reply_end(s);
1172 }
5391d806
FB		 1173}
1174
1175/* start a CD-CDROM read command */
98087450
FB		 1176static void ide_atapi_cmd_read_pio(IDEState *s, int lba, int nb_sectors,
1177 int sector_size)
5391d806 1178{
5391d806 1179 s->lba = lba;
98087450 1180 s->packet_transfer_size = nb_sectors * sector_size;
5391d806 1181 s->elementary_transfer_size = 0;
98087450
FB		 1182 s->io_buffer_index = sector_size;
1183 s->cd_sector_size = sector_size;
5391d806
FB		 1184
1185 s->status = READY_STAT;
1186 ide_atapi_cmd_reply_end(s);
1187}
1188
98087450 1189/* ATAPI DMA support */
8ccad811
FB		 1190
1191/* XXX: handle read errors */
1192static void ide_atapi_cmd_read_dma_cb(void *opaque, int ret)
98087450 1193{
8ccad811
FB		 1194 BMDMAState *bm = opaque;
1195 IDEState *s = bm->ide_if;
1196 int data_offset, n;
1197
66c6ef76
FB		 1198 if (ret < 0) {
1199 ide_atapi_io_error(s, ret);
1200 goto eot;
1201 }
1202
8ccad811 1203 if (s->io_buffer_size > 0) {
5f12ab4b
TS		 1204 /*
1205 * For a cdrom read sector command (s->lba != -1),
1206 * adjust the lba for the next s->io_buffer_size chunk
1207 * and dma the current chunk.
1208 * For a command != read (s->lba == -1), just transfer
1209 * the reply data.
1210 */
1211 if (s->lba != -1) {
1212 if (s->cd_sector_size == 2352) {
1213 n = 1;
1214 cd_data_to_raw(s->io_buffer, s->lba);
1215 } else {
1216 n = s->io_buffer_size >> 11;
1217 }
1218 s->lba += n;
1219 }
8ccad811 1220 s->packet_transfer_size -= s->io_buffer_size;
8ccad811
FB		 1221 if (dma_buf_rw(bm, 1) == 0)
1222 goto eot;
98087450 1223 }
8ccad811 1224
98087450
FB		 1225 if (s->packet_transfer_size <= 0) {
1226 s->status = READY_STAT;
1227 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
1228 ide_set_irq(s);
8ccad811
FB		 1229 eot:
1230 bm->status &= ~BM_STATUS_DMAING;
1231 bm->status |= BM_STATUS_INT;
1232 bm->dma_cb = NULL;
1233 bm->ide_if = NULL;
1234 bm->aiocb = NULL;
1235 return;
1236 }
3b46e624 1237
8ccad811
FB		 1238 s->io_buffer_index = 0;
1239 if (s->cd_sector_size == 2352) {
1240 n = 1;
1241 s->io_buffer_size = s->cd_sector_size;
1242 data_offset = 16;
1243 } else {
1244 n = s->packet_transfer_size >> 11;
1245 if (n > (MAX_MULT_SECTORS / 4))
1246 n = (MAX_MULT_SECTORS / 4);
1247 s->io_buffer_size = n * 2048;
1248 data_offset = 0;
98087450 1249 }
8ccad811
FB		 1250#ifdef DEBUG_AIO
1251 printf("aio_read_cd: lba=%u n=%d\n", s->lba, n);
1252#endif
5fafdf24
TS		 1253 bm->aiocb = bdrv_aio_read(s->bs, (int64_t)s->lba << 2,
1254 s->io_buffer + data_offset, n * 4,
8ccad811 1255 ide_atapi_cmd_read_dma_cb, bm);
66c6ef76
FB		 1256 if (!bm->aiocb) {
1257 /* Note: media not present is the most likely case */
5fafdf24 1258 ide_atapi_cmd_error(s, SENSE_NOT_READY,
66c6ef76
FB		 1259 ASC_MEDIUM_NOT_PRESENT);
1260 goto eot;
1261 }
98087450
FB		 1262}
1263
1264/* start a CD-CDROM read command with DMA */
1265/* XXX: test if DMA is available */
1266static void ide_atapi_cmd_read_dma(IDEState *s, int lba, int nb_sectors,
1267 int sector_size)
1268{
1269 s->lba = lba;
1270 s->packet_transfer_size = nb_sectors * sector_size;
8ccad811
FB		 1271 s->io_buffer_index = 0;
1272 s->io_buffer_size = 0;
98087450
FB		 1273 s->cd_sector_size = sector_size;
1274
8ccad811
FB		 1275 /* XXX: check if BUSY_STAT should be set */
1276 s->status = READY_STAT | DRQ_STAT | BUSY_STAT;
98087450
FB		 1277 ide_dma_start(s, ide_atapi_cmd_read_dma_cb);
1278}
1279
5fafdf24 1280static void ide_atapi_cmd_read(IDEState *s, int lba, int nb_sectors,
98087450
FB		 1281 int sector_size)
1282{
1283#ifdef DEBUG_IDE_ATAPI
5f12ab4b
TS		 1284 printf("read %s: LBA=%d nb_sectors=%d\n", s->atapi_dma ? "dma" : "pio",
1285 lba, nb_sectors);
98087450
FB		 1286#endif
1287 if (s->atapi_dma) {
1288 ide_atapi_cmd_read_dma(s, lba, nb_sectors, sector_size);
1289 } else {
1290 ide_atapi_cmd_read_pio(s, lba, nb_sectors, sector_size);
1291 }
1292}
1293
5391d806
FB		 1294static void ide_atapi_cmd(IDEState *s)
1295{
1296 const uint8_t *packet;
1297 uint8_t *buf;
1298 int max_len;
1299
1300 packet = s->io_buffer;
1301 buf = s->io_buffer;
1302#ifdef DEBUG_IDE_ATAPI
1303 {
1304 int i;
1305 printf("ATAPI limit=0x%x packet:", s->lcyl | (s->hcyl << 8));
1306 for(i = 0; i < ATAPI_PACKET_SIZE; i++) {
1307 printf(" %02x", packet[i]);
1308 }
1309 printf("\n");
1310 }
1311#endif
1312 switch(s->io_buffer[0]) {
1313 case GPCMD_TEST_UNIT_READY:
caed8802 1314 if (bdrv_is_inserted(s->bs)) {
5391d806
FB		 1315 ide_atapi_cmd_ok(s);
1316 } else {
5fafdf24 1317 ide_atapi_cmd_error(s, SENSE_NOT_READY,
5391d806
FB		 1318 ASC_MEDIUM_NOT_PRESENT);
1319 }
1320 break;
d14049ea 1321 case GPCMD_MODE_SENSE_6:
5391d806
FB		 1322 case GPCMD_MODE_SENSE_10:
1323 {
1324 int action, code;
d14049ea
TS		 1325 if (packet[0] == GPCMD_MODE_SENSE_10)
1326 max_len = ube16_to_cpu(packet + 7);
1327 else
1328 max_len = packet[4];
5391d806
FB		 1329 action = packet[2] >> 6;
1330 code = packet[2] & 0x3f;
1331 switch(action) {
1332 case 0: /* current values */
1333 switch(code) {
1334 case 0x01: /* error recovery */
1335 cpu_to_ube16(&buf[0], 16 + 6);
1336 buf[2] = 0x70;
1337 buf[3] = 0;
1338 buf[4] = 0;
1339 buf[5] = 0;
1340 buf[6] = 0;
1341 buf[7] = 0;
1342
1343 buf[8] = 0x01;
1344 buf[9] = 0x06;
1345 buf[10] = 0x00;
1346 buf[11] = 0x05;
1347 buf[12] = 0x00;
1348 buf[13] = 0x00;
1349 buf[14] = 0x00;
1350 buf[15] = 0x00;
1351 ide_atapi_cmd_reply(s, 16, max_len);
1352 break;
1353 case 0x2a:
1354 cpu_to_ube16(&buf[0], 28 + 6);
1355 buf[2] = 0x70;
1356 buf[3] = 0;
1357 buf[4] = 0;
1358 buf[5] = 0;
1359 buf[6] = 0;
1360 buf[7] = 0;
1361
1362 buf[8] = 0x2a;
1363 buf[9] = 0x12;
0d4a05a1 1364 buf[10] = 0x00;
5391d806 1365 buf[11] = 0x00;
3b46e624 1366
5391d806
FB		 1367 buf[12] = 0x70;
1368 buf[13] = 3 << 5;
1369 buf[14] = (1 << 0) | (1 << 3) | (1 << 5);
caed8802 1370 if (bdrv_is_locked(s->bs))
5391d806
FB		 1371 buf[6] |= 1 << 1;
1372 buf[15] = 0x00;
1373 cpu_to_ube16(&buf[16], 706);
1374 buf[18] = 0;
1375 buf[19] = 2;
1376 cpu_to_ube16(&buf[20], 512);
1377 cpu_to_ube16(&buf[22], 706);
1378 buf[24] = 0;
1379 buf[25] = 0;
1380 buf[26] = 0;
1381 buf[27] = 0;
1382 ide_atapi_cmd_reply(s, 28, max_len);
1383 break;
1384 default:
1385 goto error_cmd;
1386 }
1387 break;
1388 case 1: /* changeable values */
1389 goto error_cmd;
1390 case 2: /* default values */
1391 goto error_cmd;
1392 default:
1393 case 3: /* saved values */
5fafdf24 1394 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
5391d806
FB		 1395 ASC_SAVING_PARAMETERS_NOT_SUPPORTED);
1396 break;
1397 }
1398 }
1399 break;
1400 case GPCMD_REQUEST_SENSE:
1401 max_len = packet[4];
1402 memset(buf, 0, 18);
1403 buf[0] = 0x70 | (1 << 7);
1404 buf[2] = s->sense_key;
1405 buf[7] = 10;
1406 buf[12] = s->asc;
1407 ide_atapi_cmd_reply(s, 18, max_len);
1408 break;
1409 case GPCMD_PREVENT_ALLOW_MEDIUM_REMOVAL:
caed8802
FB		 1410 if (bdrv_is_inserted(s->bs)) {
1411 bdrv_set_locked(s->bs, packet[4] & 1);
5391d806
FB		 1412 ide_atapi_cmd_ok(s);
1413 } else {
5fafdf24 1414 ide_atapi_cmd_error(s, SENSE_NOT_READY,
5391d806
FB		 1415 ASC_MEDIUM_NOT_PRESENT);
1416 }
1417 break;
1418 case GPCMD_READ_10:
1419 case GPCMD_READ_12:
1420 {
1421 int nb_sectors, lba;
1422
5391d806
FB		 1423 if (packet[0] == GPCMD_READ_10)
1424 nb_sectors = ube16_to_cpu(packet + 7);
1425 else
1426 nb_sectors = ube32_to_cpu(packet + 6);
1427 lba = ube32_to_cpu(packet + 2);
1428 if (nb_sectors == 0) {
1429 ide_atapi_cmd_ok(s);
1430 break;
1431 }
98087450
FB		 1432 ide_atapi_cmd_read(s, lba, nb_sectors, 2048);
1433 }
1434 break;
1435 case GPCMD_READ_CD:
1436 {
1437 int nb_sectors, lba, transfer_request;
1438
98087450
FB		 1439 nb_sectors = (packet[6] << 16) | (packet[7] << 8) | packet[8];
1440 lba = ube32_to_cpu(packet + 2);
1441 if (nb_sectors == 0) {
1442 ide_atapi_cmd_ok(s);
1443 break;
1444 }
98087450
FB		 1445 transfer_request = packet[9];
1446 switch(transfer_request & 0xf8) {
1447 case 0x00:
1448 /* nothing */
1449 ide_atapi_cmd_ok(s);
1450 break;
1451 case 0x10:
1452 /* normal read */
1453 ide_atapi_cmd_read(s, lba, nb_sectors, 2048);
1454 break;
1455 case 0xf8:
1456 /* read all data */
1457 ide_atapi_cmd_read(s, lba, nb_sectors, 2352);
1458 break;
1459 default:
5fafdf24 1460 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
98087450
FB		 1461 ASC_INV_FIELD_IN_CMD_PACKET);
1462 break;
1463 }
5391d806
FB		 1464 }
1465 break;
1466 case GPCMD_SEEK:
1467 {
1468 int lba;
66c6ef76
FB		 1469 int64_t total_sectors;
1470
1471 bdrv_get_geometry(s->bs, &total_sectors);
1472 total_sectors >>= 2;
1473 if (total_sectors <= 0) {
5fafdf24 1474 ide_atapi_cmd_error(s, SENSE_NOT_READY,
5391d806
FB		 1475 ASC_MEDIUM_NOT_PRESENT);
1476 break;
1477 }
1478 lba = ube32_to_cpu(packet + 2);
66c6ef76 1479 if (lba >= total_sectors) {
5fafdf24 1480 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
5391d806
FB		 1481 ASC_LOGICAL_BLOCK_OOR);
1482 break;
1483 }
1484 ide_atapi_cmd_ok(s);
1485 }
1486 break;
1487 case GPCMD_START_STOP_UNIT:
1488 {
1489 int start, eject;
1490 start = packet[4] & 1;
1491 eject = (packet[4] >> 1) & 1;
3b46e624 1492
caed8802
FB		 1493 if (eject && !start) {
1494 /* eject the disk */
66c6ef76
FB		 1495 bdrv_eject(s->bs, 1);
1496 } else if (eject && start) {
1497 /* close the tray */
1498 bdrv_eject(s->bs, 0);
caed8802 1499 }
5391d806
FB		 1500 ide_atapi_cmd_ok(s);
1501 }
1502 break;
1503 case GPCMD_MECHANISM_STATUS:
1504 {
1505 max_len = ube16_to_cpu(packet + 8);
1506 cpu_to_ube16(buf, 0);
1507 /* no current LBA */
1508 buf[2] = 0;
1509 buf[3] = 0;
1510 buf[4] = 0;
1511 buf[5] = 1;
1512 cpu_to_ube16(buf + 6, 0);
1513 ide_atapi_cmd_reply(s, 8, max_len);
1514 }
1515 break;
1516 case GPCMD_READ_TOC_PMA_ATIP:
1517 {
1518 int format, msf, start_track, len;
66c6ef76 1519 int64_t total_sectors;
5391d806 1520
66c6ef76
FB		 1521 bdrv_get_geometry(s->bs, &total_sectors);
1522 total_sectors >>= 2;
1523 if (total_sectors <= 0) {
5fafdf24 1524 ide_atapi_cmd_error(s, SENSE_NOT_READY,
5391d806
FB		 1525 ASC_MEDIUM_NOT_PRESENT);
1526 break;
1527 }
1528 max_len = ube16_to_cpu(packet + 7);
1529 format = packet[9] >> 6;
1530 msf = (packet[1] >> 1) & 1;
1531 start_track = packet[6];
1532 switch(format) {
1533 case 0:
66c6ef76 1534 len = cdrom_read_toc(total_sectors, buf, msf, start_track);
5391d806
FB		 1535 if (len < 0)
1536 goto error_cmd;
1537 ide_atapi_cmd_reply(s, len, max_len);
1538 break;
1539 case 1:
1540 /* multi session : only a single session defined */
1541 memset(buf, 0, 12);
1542 buf[1] = 0x0a;
1543 buf[2] = 0x01;
1544 buf[3] = 0x01;
1545 ide_atapi_cmd_reply(s, 12, max_len);
1546 break;
98087450 1547 case 2:
66c6ef76 1548 len = cdrom_read_toc_raw(total_sectors, buf, msf, start_track);
98087450
FB		 1549 if (len < 0)
1550 goto error_cmd;
1551 ide_atapi_cmd_reply(s, len, max_len);
1552 break;
5391d806 1553 default:
7f777bf3 1554 error_cmd:
5fafdf24 1555 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
7f777bf3
FB		 1556 ASC_INV_FIELD_IN_CMD_PACKET);
1557 break;
5391d806
FB		 1558 }
1559 }
1560 break;
1561 case GPCMD_READ_CDVD_CAPACITY:
66c6ef76
FB		 1562 {
1563 int64_t total_sectors;
1564
1565 bdrv_get_geometry(s->bs, &total_sectors);
1566 total_sectors >>= 2;
1567 if (total_sectors <= 0) {
5fafdf24 1568 ide_atapi_cmd_error(s, SENSE_NOT_READY,
66c6ef76
FB		 1569 ASC_MEDIUM_NOT_PRESENT);
1570 break;
1571 }
1572 /* NOTE: it is really the number of sectors minus 1 */
1573 cpu_to_ube32(buf, total_sectors - 1);
1574 cpu_to_ube32(buf + 4, 2048);
1575 ide_atapi_cmd_reply(s, 8, 8);
5391d806 1576 }
5391d806 1577 break;
d14049ea
TS		 1578 case GPCMD_READ_DVD_STRUCTURE:
1579 {
1580 int media = packet[1];
1581 int layer = packet[6];
1582 int format = packet[2];
1583 int64_t total_sectors;
1584
1585 if (media != 0 || layer != 0)
1586 {
1587 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1588 ASC_INV_FIELD_IN_CMD_PACKET);
1589 }
1590
1591 switch (format) {
1592 case 0:
1593 bdrv_get_geometry(s->bs, &total_sectors);
1594 total_sectors >>= 2;
1595
1596 memset(buf, 0, 2052);
1597
1598 buf[4] = 1; // DVD-ROM, part version 1
1599 buf[5] = 0xf; // 120mm disc, maximum rate unspecified
1600 buf[6] = 0; // one layer, embossed data
1601 buf[7] = 0;
1602
1603 cpu_to_ube32(buf + 8, 0);
1604 cpu_to_ube32(buf + 12, total_sectors - 1);
1605 cpu_to_ube32(buf + 16, total_sectors - 1);
1606
1607 cpu_to_be16wu((uint16_t *)buf, 2048 + 4);
1608
1609 ide_atapi_cmd_reply(s, 2048 + 3, 2048 + 4);
1610 break;
1611
1612 default:
1613 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1614 ASC_INV_FIELD_IN_CMD_PACKET);
1615 break;
1616 }
1617 }
1618 break;
1619 case GPCMD_SET_SPEED:
1620 ide_atapi_cmd_ok(s);
1621 break;
bd0d90b2
FB		 1622 case GPCMD_INQUIRY:
1623 max_len = packet[4];
1624 buf[0] = 0x05; /* CD-ROM */
1625 buf[1] = 0x80; /* removable */
1626 buf[2] = 0x00; /* ISO */
1627 buf[3] = 0x21; /* ATAPI-2 (XXX: put ATAPI-4 ?) */
aa1f17c1 1628 buf[4] = 31; /* additional length */
bd0d90b2
FB		 1629 buf[5] = 0; /* reserved */
1630 buf[6] = 0; /* reserved */
1631 buf[7] = 0; /* reserved */
1632 padstr8(buf + 8, 8, "QEMU");
1633 padstr8(buf + 16, 16, "QEMU CD-ROM");
1634 padstr8(buf + 32, 4, QEMU_VERSION);
1635 ide_atapi_cmd_reply(s, 36, max_len);
1636 break;
d14049ea
TS		 1637 case GPCMD_GET_CONFIGURATION:
1638 {
1639 int64_t total_sectors;
1640
1641 /* only feature 0 is supported */
1642 if (packet[2] != 0 || packet[3] != 0) {
1643 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1644 ASC_INV_FIELD_IN_CMD_PACKET);
1645 break;
1646 }
1647 memset(buf, 0, 32);
1648 bdrv_get_geometry(s->bs, &total_sectors);
1649 buf[3] = 16;
1650 buf[7] = total_sectors <= 1433600 ? 0x08 : 0x10; /* current profile */
1651 buf[10] = 0x10 | 0x1;
1652 buf[11] = 0x08; /* size of profile list */
1653 buf[13] = 0x10; /* DVD-ROM profile */
1654 buf[14] = buf[7] == 0x10; /* (in)active */
1655 buf[17] = 0x08; /* CD-ROM profile */
1656 buf[18] = buf[7] == 0x08; /* (in)active */
1657 ide_atapi_cmd_reply(s, 32, 32);
1658 break;
1659 }
5391d806 1660 default:
5fafdf24 1661 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
7f777bf3 1662 ASC_ILLEGAL_OPCODE);
5391d806
FB		 1663 break;
1664 }
1665}
1666
201a51fc
AZ		 1667static void ide_cfata_metadata_inquiry(IDEState *s)
1668{
1669 uint16_t *p;
1670 uint32_t spd;
1671
1672 p = (uint16_t *) s->io_buffer;
1673 memset(p, 0, 0x200);
1674 spd = ((s->mdata_size - 1) >> 9) + 1;
1675
1676 put_le16(p + 0, 0x0001); /* Data format revision */
1677 put_le16(p + 1, 0x0000); /* Media property: silicon */
1678 put_le16(p + 2, s->media_changed); /* Media status */
1679 put_le16(p + 3, s->mdata_size & 0xffff); /* Capacity in bytes (low) */
1680 put_le16(p + 4, s->mdata_size >> 16); /* Capacity in bytes (high) */
1681 put_le16(p + 5, spd & 0xffff); /* Sectors per device (low) */
1682 put_le16(p + 6, spd >> 16); /* Sectors per device (high) */
1683}
1684
1685static void ide_cfata_metadata_read(IDEState *s)
1686{
1687 uint16_t *p;
1688
1689 if (((s->hcyl << 16) | s->lcyl) << 9 > s->mdata_size + 2) {
1690 s->status = ERR_STAT;
1691 s->error = ABRT_ERR;
1692 return;
1693 }
1694
1695 p = (uint16_t *) s->io_buffer;
1696 memset(p, 0, 0x200);
1697
1698 put_le16(p + 0, s->media_changed); /* Media status */
1699 memcpy(p + 1, s->mdata_storage + (((s->hcyl << 16) | s->lcyl) << 9),
1700 MIN(MIN(s->mdata_size - (((s->hcyl << 16) | s->lcyl) << 9),
1701 s->nsector << 9), 0x200 - 2));
1702}
1703
1704static void ide_cfata_metadata_write(IDEState *s)
1705{
1706 if (((s->hcyl << 16) | s->lcyl) << 9 > s->mdata_size + 2) {
1707 s->status = ERR_STAT;
1708 s->error = ABRT_ERR;
1709 return;
1710 }
1711
1712 s->media_changed = 0;
1713
1714 memcpy(s->mdata_storage + (((s->hcyl << 16) | s->lcyl) << 9),
1715 s->io_buffer + 2,
1716 MIN(MIN(s->mdata_size - (((s->hcyl << 16) | s->lcyl) << 9),
1717 s->nsector << 9), 0x200 - 2));
1718}
1719
bd491d6a
TS		 1720/* called when the inserted state of the media has changed */
1721static void cdrom_change_cb(void *opaque)
1722{
1723 IDEState *s = opaque;
1724 int64_t nb_sectors;
1725
1726 /* XXX: send interrupt too */
1727 bdrv_get_geometry(s->bs, &nb_sectors);
1728 s->nb_sectors = nb_sectors;
1729}
1730
c2ff060f
FB		 1731static void ide_cmd_lba48_transform(IDEState *s, int lba48)
1732{
1733 s->lba48 = lba48;
1734
1735 /* handle the 'magic' 0 nsector count conversion here. to avoid
1736 * fiddling with the rest of the read logic, we just store the
1737 * full sector count in ->nsector and ignore ->hob_nsector from now
1738 */
1739 if (!s->lba48) {
1740 if (!s->nsector)
1741 s->nsector = 256;
1742 } else {
1743 if (!s->nsector && !s->hob_nsector)
1744 s->nsector = 65536;
1745 else {
1746 int lo = s->nsector;
1747 int hi = s->hob_nsector;
1748
1749 s->nsector = (hi << 8) | lo;
1750 }
1751 }
1752}
1753
1754static void ide_clear_hob(IDEState *ide_if)
1755{
1756 /* any write clears HOB high bit of device control register */
1757 ide_if[0].select &= ~(1 << 7);
1758 ide_if[1].select &= ~(1 << 7);
1759}
1760
caed8802
FB		 1761static void ide_ioport_write(void *opaque, uint32_t addr, uint32_t val)
1762{
1763 IDEState *ide_if = opaque;
c45c3d00 1764 IDEState *s;
5391d806 1765 int unit, n;
c2ff060f 1766 int lba48 = 0;
5391d806
FB		 1767
1768#ifdef DEBUG_IDE
1769 printf("IDE: write addr=0x%x val=0x%02x\n", addr, val);
1770#endif
c2ff060f 1771
5391d806
FB		 1772 addr &= 7;
1773 switch(addr) {
1774 case 0:
1775 break;
1776 case 1:
c2ff060f 1777 ide_clear_hob(ide_if);
c45c3d00 1778 /* NOTE: data is written to the two drives */
c2ff060f
FB		 1779 ide_if[0].hob_feature = ide_if[0].feature;
1780 ide_if[1].hob_feature = ide_if[1].feature;
c45c3d00
FB		 1781 ide_if[0].feature = val;
1782 ide_if[1].feature = val;
5391d806
FB		 1783 break;
1784 case 2:
c2ff060f
FB		 1785 ide_clear_hob(ide_if);
1786 ide_if[0].hob_nsector = ide_if[0].nsector;
1787 ide_if[1].hob_nsector = ide_if[1].nsector;
c45c3d00
FB		 1788 ide_if[0].nsector = val;
1789 ide_if[1].nsector = val;
5391d806
FB		 1790 break;
1791 case 3:
c2ff060f
FB		 1792 ide_clear_hob(ide_if);
1793 ide_if[0].hob_sector = ide_if[0].sector;
1794 ide_if[1].hob_sector = ide_if[1].sector;
c45c3d00
FB		 1795 ide_if[0].sector = val;
1796 ide_if[1].sector = val;
5391d806
FB		 1797 break;
1798 case 4:
c2ff060f
FB		 1799 ide_clear_hob(ide_if);
1800 ide_if[0].hob_lcyl = ide_if[0].lcyl;
1801 ide_if[1].hob_lcyl = ide_if[1].lcyl;
c45c3d00
FB		 1802 ide_if[0].lcyl = val;
1803 ide_if[1].lcyl = val;
5391d806
FB		 1804 break;
1805 case 5:
c2ff060f
FB		 1806 ide_clear_hob(ide_if);
1807 ide_if[0].hob_hcyl = ide_if[0].hcyl;
1808 ide_if[1].hob_hcyl = ide_if[1].hcyl;
c45c3d00
FB		 1809 ide_if[0].hcyl = val;
1810 ide_if[1].hcyl = val;
5391d806
FB		 1811 break;
1812 case 6:
c2ff060f 1813 /* FIXME: HOB readback uses bit 7 */
7ae98627
FB		 1814 ide_if[0].select = (val & ~0x10) | 0xa0;
1815 ide_if[1].select = (val | 0x10) | 0xa0;
5391d806
FB		 1816 /* select drive */
1817 unit = (val >> 4) & 1;
1818 s = ide_if + unit;
1819 ide_if->cur_drive = s;
5391d806
FB		 1820 break;
1821 default:
1822 case 7:
1823 /* command */
1824#if defined(DEBUG_IDE)
1825 printf("ide: CMD=%02x\n", val);
1826#endif
c45c3d00 1827 s = ide_if->cur_drive;
66201e2d 1828 /* ignore commands to non existant slave */
5fafdf24 1829 if (s != ide_if && !s->bs)
66201e2d 1830 break;
c2ff060f 1831
5391d806
FB		 1832 switch(val) {
1833 case WIN_IDENTIFY:
1834 if (s->bs && !s->is_cdrom) {
201a51fc
AZ		 1835 if (!s->is_cf)
1836 ide_identify(s);
1837 else
1838 ide_cfata_identify(s);
2a282056 1839 s->status = READY_STAT | SEEK_STAT;
5391d806
FB		 1840 ide_transfer_start(s, s->io_buffer, 512, ide_transfer_stop);
1841 } else {
1842 if (s->is_cdrom) {
1843 ide_set_signature(s);
1844 }
1845 ide_abort_command(s);
1846 }
1847 ide_set_irq(s);
1848 break;
1849 case WIN_SPECIFY:
1850 case WIN_RECAL:
a136e5a8 1851 s->error = 0;
769bec72 1852 s->status = READY_STAT | SEEK_STAT;
5391d806
FB		 1853 ide_set_irq(s);
1854 break;
1855 case WIN_SETMULT:
201a51fc
AZ		 1856 if (s->is_cf && s->nsector == 0) {
1857 /* Disable Read and Write Multiple */
1858 s->mult_sectors = 0;
1859 s->status = READY_STAT;
1860 } else if ((s->nsector & 0xff) != 0 &&
39dfc926
TS		 1861 ((s->nsector & 0xff) > MAX_MULT_SECTORS ||
1862 (s->nsector & (s->nsector - 1)) != 0)) {
5391d806
FB		 1863 ide_abort_command(s);
1864 } else {
292eef5a 1865 s->mult_sectors = s->nsector & 0xff;
5391d806
FB		 1866 s->status = READY_STAT;
1867 }
1868 ide_set_irq(s);
1869 break;
c2ff060f
FB		 1870 case WIN_VERIFY_EXT:
1871 lba48 = 1;
4ce900b4
FB		 1872 case WIN_VERIFY:
1873 case WIN_VERIFY_ONCE:
1874 /* do sector number check ? */
c2ff060f 1875 ide_cmd_lba48_transform(s, lba48);
4ce900b4
FB		 1876 s->status = READY_STAT;
1877 ide_set_irq(s);
1878 break;
c2ff060f
FB		 1879 case WIN_READ_EXT:
1880 lba48 = 1;
5391d806
FB		 1881 case WIN_READ:
1882 case WIN_READ_ONCE:
5fafdf24 1883 if (!s->bs)
6b136f9e 1884 goto abort_cmd;
c2ff060f 1885 ide_cmd_lba48_transform(s, lba48);
5391d806
FB		 1886 s->req_nb_sectors = 1;
1887 ide_sector_read(s);
1888 break;
c2ff060f
FB		 1889 case WIN_WRITE_EXT:
1890 lba48 = 1;
5391d806
FB		 1891 case WIN_WRITE:
1892 case WIN_WRITE_ONCE:
201a51fc
AZ		 1893 case CFA_WRITE_SECT_WO_ERASE:
1894 case WIN_WRITE_VERIFY:
c2ff060f 1895 ide_cmd_lba48_transform(s, lba48);
a136e5a8 1896 s->error = 0;
f66723fa 1897 s->status = SEEK_STAT | READY_STAT;
5391d806
FB		 1898 s->req_nb_sectors = 1;
1899 ide_transfer_start(s, s->io_buffer, 512, ide_sector_write);
201a51fc 1900 s->media_changed = 1;
5391d806 1901 break;
c2ff060f
FB		 1902 case WIN_MULTREAD_EXT:
1903 lba48 = 1;
5391d806
FB		 1904 case WIN_MULTREAD:
1905 if (!s->mult_sectors)
1906 goto abort_cmd;
c2ff060f 1907 ide_cmd_lba48_transform(s, lba48);
5391d806
FB		 1908 s->req_nb_sectors = s->mult_sectors;
1909 ide_sector_read(s);
1910 break;
c2ff060f
FB		 1911 case WIN_MULTWRITE_EXT:
1912 lba48 = 1;
5391d806 1913 case WIN_MULTWRITE:
201a51fc 1914 case CFA_WRITE_MULTI_WO_ERASE:
5391d806
FB		 1915 if (!s->mult_sectors)
1916 goto abort_cmd;
c2ff060f 1917 ide_cmd_lba48_transform(s, lba48);
a136e5a8 1918 s->error = 0;
f66723fa 1919 s->status = SEEK_STAT | READY_STAT;
5391d806
FB		 1920 s->req_nb_sectors = s->mult_sectors;
1921 n = s->nsector;
1922 if (n > s->req_nb_sectors)
1923 n = s->req_nb_sectors;
1924 ide_transfer_start(s, s->io_buffer, 512 * n, ide_sector_write);
201a51fc 1925 s->media_changed = 1;
5391d806 1926 break;
c2ff060f
FB		 1927 case WIN_READDMA_EXT:
1928 lba48 = 1;
98087450
FB		 1929 case WIN_READDMA:
1930 case WIN_READDMA_ONCE:
5fafdf24 1931 if (!s->bs)
98087450 1932 goto abort_cmd;
c2ff060f 1933 ide_cmd_lba48_transform(s, lba48);
98087450
FB		 1934 ide_sector_read_dma(s);
1935 break;
c2ff060f
FB		 1936 case WIN_WRITEDMA_EXT:
1937 lba48 = 1;
98087450
FB		 1938 case WIN_WRITEDMA:
1939 case WIN_WRITEDMA_ONCE:
5fafdf24 1940 if (!s->bs)
98087450 1941 goto abort_cmd;
c2ff060f 1942 ide_cmd_lba48_transform(s, lba48);
98087450 1943 ide_sector_write_dma(s);
201a51fc 1944 s->media_changed = 1;
98087450 1945 break;
c2ff060f
FB		 1946 case WIN_READ_NATIVE_MAX_EXT:
1947 lba48 = 1;
5391d806 1948 case WIN_READ_NATIVE_MAX:
c2ff060f 1949 ide_cmd_lba48_transform(s, lba48);
5391d806
FB		 1950 ide_set_sector(s, s->nb_sectors - 1);
1951 s->status = READY_STAT;
1952 ide_set_irq(s);
1953 break;
a136e5a8 1954 case WIN_CHECKPOWERMODE1:
201a51fc 1955 case WIN_CHECKPOWERMODE2:
a136e5a8
FB		 1956 s->nsector = 0xff; /* device active or idle */
1957 s->status = READY_STAT;
1958 ide_set_irq(s);
1959 break;
34e538ae
FB		 1960 case WIN_SETFEATURES:
1961 if (!s->bs)
1962 goto abort_cmd;
1963 /* XXX: valid for CDROM ? */
1964 switch(s->feature) {
e1f63470
TS		 1965 case 0xcc: /* reverting to power-on defaults enable */
1966 case 0x66: /* reverting to power-on defaults disable */
34e538ae
FB		 1967 case 0x02: /* write cache enable */
1968 case 0x82: /* write cache disable */
1969 case 0xaa: /* read look-ahead enable */
1970 case 0x55: /* read look-ahead disable */
201a51fc
AZ		 1971 case 0x05: /* set advanced power management mode */
1972 case 0x85: /* disable advanced power management mode */
1973 case 0x69: /* NOP */
1974 case 0x67: /* NOP */
1975 case 0x96: /* NOP */
1976 case 0x9a: /* NOP */
c3e88d8c
TS		 1977 case 0x42: /* enable Automatic Acoustic Mode */
1978 case 0xc2: /* disable Automatic Acoustic Mode */
e0fe67aa 1979 s->status = READY_STAT | SEEK_STAT;
34e538ae
FB		 1980 ide_set_irq(s);
1981 break;
94458802
FB		 1982 case 0x03: { /* set transfer mode */
1983 uint8_t val = s->nsector & 0x07;
1984
1985 switch (s->nsector >> 3) {
1986 case 0x00: /* pio default */
1987 case 0x01: /* pio mode */
1988 put_le16(s->identify_data + 63,0x07);
1989 put_le16(s->identify_data + 88,0x3f);
1990 break;
1991 case 0x04: /* mdma mode */
1992 put_le16(s->identify_data + 63,0x07 | (1 << (val + 8)));
1993 put_le16(s->identify_data + 88,0x3f);
1994 break;
1995 case 0x08: /* udma mode */
1996 put_le16(s->identify_data + 63,0x07);
1997 put_le16(s->identify_data + 88,0x3f | (1 << (val + 8)));
1998 break;
1999 default:
2000 goto abort_cmd;
2001 }
2002 s->status = READY_STAT | SEEK_STAT;
2003 ide_set_irq(s);
2004 break;
2005 }
34e538ae
FB		 2006 default:
2007 goto abort_cmd;
2008 }
2009 break;
c2ff060f
FB		 2010 case WIN_FLUSH_CACHE:
2011 case WIN_FLUSH_CACHE_EXT:
7a6cba61
PB		 2012 if (s->bs)
2013 bdrv_flush(s->bs);
2014 s->status = READY_STAT;
2015 ide_set_irq(s);
2016 break;
c3e88d8c
TS		 2017 case WIN_STANDBY:
2018 case WIN_STANDBY2:
2019 case WIN_STANDBYNOW1:
201a51fc 2020 case WIN_STANDBYNOW2:
c451ee71 2021 case WIN_IDLEIMMEDIATE:
201a51fc
AZ		 2022 case CFA_IDLEIMMEDIATE:
2023 case WIN_SETIDLE1:
2024 case WIN_SETIDLE2:
c3e88d8c
TS		 2025 case WIN_SLEEPNOW1:
2026 case WIN_SLEEPNOW2:
2027 s->status = READY_STAT;
a7dfe172
FB		 2028 ide_set_irq(s);
2029 break;
5391d806
FB		 2030 /* ATAPI commands */
2031 case WIN_PIDENTIFY:
2032 if (s->is_cdrom) {
2033 ide_atapi_identify(s);
1298fe63 2034 s->status = READY_STAT | SEEK_STAT;
5391d806
FB		 2035 ide_transfer_start(s, s->io_buffer, 512, ide_transfer_stop);
2036 } else {
2037 ide_abort_command(s);
2038 }
2039 ide_set_irq(s);
2040 break;
c451ee71
FB		 2041 case WIN_DIAGNOSE:
2042 ide_set_signature(s);
2043 s->status = 0x00; /* NOTE: READY is _not_ set */
2044 s->error = 0x01;
f5fdd0a8 2045 ide_set_irq(s);
c451ee71 2046 break;
5391d806
FB		 2047 case WIN_SRST:
2048 if (!s->is_cdrom)
2049 goto abort_cmd;
2050 ide_set_signature(s);
6b136f9e 2051 s->status = 0x00; /* NOTE: READY is _not_ set */
5391d806
FB		 2052 s->error = 0x01;
2053 break;
2054 case WIN_PACKETCMD:
2055 if (!s->is_cdrom)
2056 goto abort_cmd;
98087450
FB		 2057 /* overlapping commands not supported */
2058 if (s->feature & 0x02)
5391d806 2059 goto abort_cmd;
7603d156 2060 s->status = READY_STAT;
98087450 2061 s->atapi_dma = s->feature & 1;
5391d806 2062 s->nsector = 1;
5fafdf24 2063 ide_transfer_start(s, s->io_buffer, ATAPI_PACKET_SIZE,
5391d806
FB		 2064 ide_atapi_cmd);
2065 break;
201a51fc
AZ		 2066 /* CF-ATA commands */
2067 case CFA_REQ_EXT_ERROR_CODE:
2068 if (!s->is_cf)
2069 goto abort_cmd;
2070 s->error = 0x09; /* miscellaneous error */
2071 s->status = READY_STAT;
2072 ide_set_irq(s);
2073 break;
2074 case CFA_ERASE_SECTORS:
2075 case CFA_WEAR_LEVEL:
2076 if (!s->is_cf)
2077 goto abort_cmd;
2078 if (val == CFA_WEAR_LEVEL)
2079 s->nsector = 0;
2080 if (val == CFA_ERASE_SECTORS)
2081 s->media_changed = 1;
2082 s->error = 0x00;
2083 s->status = READY_STAT;
2084 ide_set_irq(s);
2085 break;
2086 case CFA_TRANSLATE_SECTOR:
2087 if (!s->is_cf)
2088 goto abort_cmd;
2089 s->error = 0x00;
2090 s->status = READY_STAT;
2091 memset(s->io_buffer, 0, 0x200);
2092 s->io_buffer[0x00] = s->hcyl; /* Cyl MSB */
2093 s->io_buffer[0x01] = s->lcyl; /* Cyl LSB */
2094 s->io_buffer[0x02] = s->select; /* Head */
2095 s->io_buffer[0x03] = s->sector; /* Sector */
2096 s->io_buffer[0x04] = ide_get_sector(s) >> 16; /* LBA MSB */
2097 s->io_buffer[0x05] = ide_get_sector(s) >> 8; /* LBA */
2098 s->io_buffer[0x06] = ide_get_sector(s) >> 0; /* LBA LSB */
2099 s->io_buffer[0x13] = 0x00; /* Erase flag */
2100 s->io_buffer[0x18] = 0x00; /* Hot count */
2101 s->io_buffer[0x19] = 0x00; /* Hot count */
2102 s->io_buffer[0x1a] = 0x01; /* Hot count */
2103 ide_transfer_start(s, s->io_buffer, 0x200, ide_transfer_stop);
2104 ide_set_irq(s);
2105 break;
2106 case CFA_ACCESS_METADATA_STORAGE:
2107 if (!s->is_cf)
2108 goto abort_cmd;
2109 switch (s->feature) {
2110 case 0x02: /* Inquiry Metadata Storage */
2111 ide_cfata_metadata_inquiry(s);
2112 break;
2113 case 0x03: /* Read Metadata Storage */
2114 ide_cfata_metadata_read(s);
2115 break;
2116 case 0x04: /* Write Metadata Storage */
2117 ide_cfata_metadata_write(s);
2118 break;
2119 default:
2120 goto abort_cmd;
2121 }
2122 ide_transfer_start(s, s->io_buffer, 0x200, ide_transfer_stop);
2123 s->status = 0x00; /* NOTE: READY is _not_ set */
2124 ide_set_irq(s);
2125 break;
2126 case IBM_SENSE_CONDITION:
2127 if (!s->is_cf)
2128 goto abort_cmd;
2129 switch (s->feature) {
2130 case 0x01: /* sense temperature in device */
2131 s->nsector = 0x50; /* +20 C */
2132 break;
2133 default:
2134 goto abort_cmd;
2135 }
2136 s->status = READY_STAT;
2137 ide_set_irq(s);
2138 break;
5391d806
FB		 2139 default:
2140 abort_cmd:
2141 ide_abort_command(s);
2142 ide_set_irq(s);
2143 break;
2144 }
2145 }
2146}
2147
caed8802 2148static uint32_t ide_ioport_read(void *opaque, uint32_t addr1)
5391d806 2149{
7ae98627
FB		 2150 IDEState *ide_if = opaque;
2151 IDEState *s = ide_if->cur_drive;
5391d806 2152 uint32_t addr;
c2ff060f 2153 int ret, hob;
5391d806
FB		 2154
2155 addr = addr1 & 7;
c2ff060f
FB		 2156 /* FIXME: HOB readback uses bit 7, but it's always set right now */
2157 //hob = s->select & (1 << 7);
2158 hob = 0;
5391d806
FB		 2159 switch(addr) {
2160 case 0:
2161 ret = 0xff;
2162 break;
2163 case 1:
7ae98627 2164 if (!ide_if[0].bs && !ide_if[1].bs)
c45c3d00 2165 ret = 0;
c2ff060f 2166 else if (!hob)
c45c3d00 2167 ret = s->error;
c2ff060f
FB		 2168 else
2169 ret = s->hob_feature;
5391d806
FB		 2170 break;
2171 case 2:
7ae98627 2172 if (!ide_if[0].bs && !ide_if[1].bs)
c45c3d00 2173 ret = 0;
c2ff060f 2174 else if (!hob)
c45c3d00 2175 ret = s->nsector & 0xff;
c2ff060f
FB		 2176 else
2177 ret = s->hob_nsector;
5391d806
FB		 2178 break;
2179 case 3:
7ae98627 2180 if (!ide_if[0].bs && !ide_if[1].bs)
c45c3d00 2181 ret = 0;
c2ff060f 2182 else if (!hob)
c45c3d00 2183 ret = s->sector;
c2ff060f
FB		 2184 else
2185 ret = s->hob_sector;
5391d806
FB		 2186 break;
2187 case 4:
7ae98627 2188 if (!ide_if[0].bs && !ide_if[1].bs)
c45c3d00 2189 ret = 0;
c2ff060f 2190 else if (!hob)
c45c3d00 2191 ret = s->lcyl;
c2ff060f
FB		 2192 else
2193 ret = s->hob_lcyl;
5391d806
FB		 2194 break;
2195 case 5:
7ae98627 2196 if (!ide_if[0].bs && !ide_if[1].bs)
c45c3d00 2197 ret = 0;
c2ff060f 2198 else if (!hob)
c45c3d00 2199 ret = s->hcyl;
c2ff060f
FB		 2200 else
2201 ret = s->hob_hcyl;
5391d806
FB		 2202 break;
2203 case 6:
7ae98627 2204 if (!ide_if[0].bs && !ide_if[1].bs)
c45c3d00
FB		 2205 ret = 0;
2206 else
7ae98627 2207 ret = s->select;
5391d806
FB		 2208 break;
2209 default:
2210 case 7:
66201e2d
FB		 2211 if ((!ide_if[0].bs && !ide_if[1].bs) ||
2212 (s != ide_if && !s->bs))
c45c3d00
FB		 2213 ret = 0;
2214 else
2215 ret = s->status;
d537cf6c 2216 qemu_irq_lower(s->irq);
5391d806
FB		 2217 break;
2218 }
2219#ifdef DEBUG_IDE
2220 printf("ide: read addr=0x%x val=%02x\n", addr1, ret);
2221#endif
2222 return ret;
2223}
2224
caed8802 2225static uint32_t ide_status_read(void *opaque, uint32_t addr)
5391d806 2226{
7ae98627
FB		 2227 IDEState *ide_if = opaque;
2228 IDEState *s = ide_if->cur_drive;
5391d806 2229 int ret;
7ae98627 2230
66201e2d
FB		 2231 if ((!ide_if[0].bs && !ide_if[1].bs) ||
2232 (s != ide_if && !s->bs))
7ae98627
FB		 2233 ret = 0;
2234 else
2235 ret = s->status;
5391d806
FB		 2236#ifdef DEBUG_IDE
2237 printf("ide: read status addr=0x%x val=%02x\n", addr, ret);
2238#endif
2239 return ret;
2240}
2241
caed8802 2242static void ide_cmd_write(void *opaque, uint32_t addr, uint32_t val)
5391d806 2243{
caed8802 2244 IDEState *ide_if = opaque;
5391d806
FB		 2245 IDEState *s;
2246 int i;
2247
2248#ifdef DEBUG_IDE
2249 printf("ide: write control addr=0x%x val=%02x\n", addr, val);
2250#endif
2251 /* common for both drives */
2252 if (!(ide_if[0].cmd & IDE_CMD_RESET) &&
2253 (val & IDE_CMD_RESET)) {
2254 /* reset low to high */
2255 for(i = 0;i < 2; i++) {
2256 s = &ide_if[i];
2257 s->status = BUSY_STAT | SEEK_STAT;
2258 s->error = 0x01;
2259 }
2260 } else if ((ide_if[0].cmd & IDE_CMD_RESET) &&
2261 !(val & IDE_CMD_RESET)) {
2262 /* high to low */
2263 for(i = 0;i < 2; i++) {
2264 s = &ide_if[i];
6b136f9e
FB		 2265 if (s->is_cdrom)
2266 s->status = 0x00; /* NOTE: READY is _not_ set */
2267 else
56bf1d37 2268 s->status = READY_STAT | SEEK_STAT;
5391d806
FB		 2269 ide_set_signature(s);
2270 }
2271 }
2272
2273 ide_if[0].cmd = val;
2274 ide_if[1].cmd = val;
2275}
2276
caed8802 2277static void ide_data_writew(void *opaque, uint32_t addr, uint32_t val)
5391d806 2278{
caed8802 2279 IDEState *s = ((IDEState *)opaque)->cur_drive;
5391d806
FB		 2280 uint8_t *p;
2281
2282 p = s->data_ptr;
0c4ad8dc 2283 *(uint16_t *)p = le16_to_cpu(val);
5391d806
FB		 2284 p += 2;
2285 s->data_ptr = p;
2286 if (p >= s->data_end)
2287 s->end_transfer_func(s);
2288}
2289
caed8802 2290static uint32_t ide_data_readw(void *opaque, uint32_t addr)
5391d806 2291{
caed8802 2292 IDEState *s = ((IDEState *)opaque)->cur_drive;
5391d806
FB		 2293 uint8_t *p;
2294 int ret;
2295 p = s->data_ptr;
0c4ad8dc 2296 ret = cpu_to_le16(*(uint16_t *)p);
5391d806
FB		 2297 p += 2;
2298 s->data_ptr = p;
2299 if (p >= s->data_end)
2300 s->end_transfer_func(s);
2301 return ret;
2302}
2303
caed8802 2304static void ide_data_writel(void *opaque, uint32_t addr, uint32_t val)
5391d806 2305{
caed8802 2306 IDEState *s = ((IDEState *)opaque)->cur_drive;
5391d806
FB		 2307 uint8_t *p;
2308
2309 p = s->data_ptr;
0c4ad8dc 2310 *(uint32_t *)p = le32_to_cpu(val);
5391d806
FB		 2311 p += 4;
2312 s->data_ptr = p;
2313 if (p >= s->data_end)
2314 s->end_transfer_func(s);
2315}
2316
caed8802 2317static uint32_t ide_data_readl(void *opaque, uint32_t addr)
5391d806 2318{
caed8802 2319 IDEState *s = ((IDEState *)opaque)->cur_drive;
5391d806
FB		 2320 uint8_t *p;
2321 int ret;
3b46e624 2322
5391d806 2323 p = s->data_ptr;
0c4ad8dc 2324 ret = cpu_to_le32(*(uint32_t *)p);
5391d806
FB		 2325 p += 4;
2326 s->data_ptr = p;
2327 if (p >= s->data_end)
2328 s->end_transfer_func(s);
2329 return ret;
2330}
2331
a7dfe172
FB		 2332static void ide_dummy_transfer_stop(IDEState *s)
2333{
2334 s->data_ptr = s->io_buffer;
2335 s->data_end = s->io_buffer;
2336 s->io_buffer[0] = 0xff;
2337 s->io_buffer[1] = 0xff;
2338 s->io_buffer[2] = 0xff;
2339 s->io_buffer[3] = 0xff;
2340}
2341
5391d806
FB		 2342static void ide_reset(IDEState *s)
2343{
201a51fc
AZ		 2344 if (s->is_cf)
2345 s->mult_sectors = 0;
2346 else
2347 s->mult_sectors = MAX_MULT_SECTORS;
5391d806
FB		 2348 s->cur_drive = s;
2349 s->select = 0xa0;
2350 s->status = READY_STAT;
2351 ide_set_signature(s);
a7dfe172
FB		 2352 /* init the transfer handler so that 0xffff is returned on data
2353 accesses */
2354 s->end_transfer_func = ide_dummy_transfer_stop;
2355 ide_dummy_transfer_stop(s);
201a51fc 2356 s->media_changed = 0;
5391d806
FB		 2357}
2358
2359struct partition {
2360 uint8_t boot_ind; /* 0x80 - active */
2361 uint8_t head; /* starting head */
2362 uint8_t sector; /* starting sector */
2363 uint8_t cyl; /* starting cylinder */
2364 uint8_t sys_ind; /* What partition type */
2365 uint8_t end_head; /* end head */
2366 uint8_t end_sector; /* end sector */
2367 uint8_t end_cyl; /* end cylinder */
2368 uint32_t start_sect; /* starting sector counting from 0 */
2369 uint32_t nr_sects; /* nr of sectors in partition */
2370} __attribute__((packed));
2371
bf1b938f 2372/* try to guess the disk logical geometry from the MSDOS partition table. Return 0 if OK, -1 if could not guess */
5fafdf24 2373static int guess_disk_lchs(IDEState *s,
bf1b938f 2374 int *pcylinders, int *pheads, int *psectors)
5391d806
FB		 2375{
2376 uint8_t buf[512];
46d4767d 2377 int ret, i, heads, sectors, cylinders;
5391d806
FB		 2378 struct partition *p;
2379 uint32_t nr_sects;
2380
5391d806
FB		 2381 ret = bdrv_read(s->bs, 0, buf, 1);
2382 if (ret < 0)
bf1b938f 2383 return -1;
5391d806
FB		 2384 /* test msdos magic */
2385 if (buf[510] != 0x55 || buf[511] != 0xaa)
bf1b938f 2386 return -1;
5391d806
FB		 2387 for(i = 0; i < 4; i++) {
2388 p = ((struct partition *)(buf + 0x1be)) + i;
0c4ad8dc 2389 nr_sects = le32_to_cpu(p->nr_sects);
5391d806
FB		 2390 if (nr_sects && p->end_head) {
2391 /* We make the assumption that the partition terminates on
2392 a cylinder boundary */
46d4767d 2393 heads = p->end_head + 1;
46d4767d
FB		 2394 sectors = p->end_sector & 63;
2395 if (sectors == 0)
2396 continue;
2397 cylinders = s->nb_sectors / (heads * sectors);
2398 if (cylinders < 1 || cylinders > 16383)
2399 continue;
bf1b938f
FB		 2400 *pheads = heads;
2401 *psectors = sectors;
2402 *pcylinders = cylinders;
5391d806 2403#if 0
5fafdf24 2404 printf("guessed geometry: LCHS=%d %d %d\n",
bf1b938f 2405 cylinders, heads, sectors);
5391d806 2406#endif
bf1b938f 2407 return 0;
5391d806
FB		 2408 }
2409 }
bf1b938f 2410 return -1;
5391d806
FB		 2411}
2412
5457c8ce
FB		 2413static void ide_init2(IDEState *ide_state,
2414 BlockDriverState *hd0, BlockDriverState *hd1,
d537cf6c 2415 qemu_irq irq)
5391d806 2416{
69b91039 2417 IDEState *s;
aedf5382 2418 static int drive_serial = 1;
4dbb0f50 2419 int i, cylinders, heads, secs, translation, lba_detected = 0;
5391d806 2420 int64_t nb_sectors;
5391d806 2421
caed8802
FB		 2422 for(i = 0; i < 2; i++) {
2423 s = ide_state + i;
2424 if (i == 0)
2425 s->bs = hd0;
2426 else
2427 s->bs = hd1;
5391d806
FB		 2428 if (s->bs) {
2429 bdrv_get_geometry(s->bs, &nb_sectors);
2430 s->nb_sectors = nb_sectors;
caed8802
FB		 2431 /* if a geometry hint is available, use it */
2432 bdrv_get_geometry_hint(s->bs, &cylinders, &heads, &secs);
4dbb0f50 2433 translation = bdrv_get_translation_hint(s->bs);
caed8802 2434 if (cylinders != 0) {
5391d806 2435 s->cylinders = cylinders;
caed8802
FB		 2436 s->heads = heads;
2437 s->sectors = secs;
2438 } else {
bf1b938f
FB		 2439 if (guess_disk_lchs(s, &cylinders, &heads, &secs) == 0) {
2440 if (heads > 16) {
2441 /* if heads > 16, it means that a BIOS LBA
2442 translation was active, so the default
2443 hardware geometry is OK */
4dbb0f50 2444 lba_detected = 1;
bf1b938f
FB		 2445 goto default_geometry;
2446 } else {
2447 s->cylinders = cylinders;
2448 s->heads = heads;
2449 s->sectors = secs;
2450 /* disable any translation to be in sync with
2451 the logical geometry */
bf1b938f
FB		 2452 if (translation == BIOS_ATA_TRANSLATION_AUTO) {
2453 bdrv_set_translation_hint(s->bs,
2454 BIOS_ATA_TRANSLATION_NONE);
2455 }
2456 }
2457 } else {
2458 default_geometry:
46d4767d 2459 /* if no geometry, use a standard physical disk geometry */
caed8802
FB		 2460 cylinders = nb_sectors / (16 * 63);
2461 if (cylinders > 16383)
2462 cylinders = 16383;
2463 else if (cylinders < 2)
2464 cylinders = 2;
2465 s->cylinders = cylinders;
2466 s->heads = 16;
2467 s->sectors = 63;
4dbb0f50
TS		 2468 if ((lba_detected == 1) && (translation == BIOS_ATA_TRANSLATION_AUTO)) {
2469 if ((s->cylinders * s->heads) <= 131072) {
2470 bdrv_set_translation_hint(s->bs,
2471 BIOS_ATA_TRANSLATION_LARGE);
2472 } else {
2473 bdrv_set_translation_hint(s->bs,
2474 BIOS_ATA_TRANSLATION_LBA);
2475 }
2476 }
caed8802 2477 }
769bec72 2478 bdrv_set_geometry_hint(s->bs, s->cylinders, s->heads, s->sectors);
caed8802
FB		 2479 }
2480 if (bdrv_get_type_hint(s->bs) == BDRV_TYPE_CDROM) {
2481 s->is_cdrom = 1;
bd491d6a 2482 bdrv_set_change_cb(s->bs, cdrom_change_cb, s);
5391d806
FB		 2483 }
2484 }
aedf5382 2485 s->drive_serial = drive_serial++;
caed8802 2486 s->irq = irq;
5fafdf24 2487 s->sector_write_timer = qemu_new_timer(vm_clock,
a09db21f 2488 ide_sector_write_timer_cb, s);
5391d806
FB		 2489 ide_reset(s);
2490 }
69b91039
FB		 2491}
2492
34e538ae 2493static void ide_init_ioport(IDEState *ide_state, int iobase, int iobase2)
69b91039 2494{
caed8802
FB		 2495 register_ioport_write(iobase, 8, 1, ide_ioport_write, ide_state);
2496 register_ioport_read(iobase, 8, 1, ide_ioport_read, ide_state);
2497 if (iobase2) {
2498 register_ioport_read(iobase2, 1, 1, ide_status_read, ide_state);
2499 register_ioport_write(iobase2, 1, 1, ide_cmd_write, ide_state);
5391d806 2500 }
3b46e624 2501
caed8802
FB		 2502 /* data ports */
2503 register_ioport_write(iobase, 2, 2, ide_data_writew, ide_state);
2504 register_ioport_read(iobase, 2, 2, ide_data_readw, ide_state);
2505 register_ioport_write(iobase, 4, 4, ide_data_writel, ide_state);
2506 register_ioport_read(iobase, 4, 4, ide_data_readl, ide_state);
5391d806 2507}
69b91039 2508
aa941b94
AZ		 2509/* save per IDE drive data */
2510static void ide_save(QEMUFile* f, IDEState *s)
2511{
bee8d684
TS		 2512 qemu_put_be32(f, s->mult_sectors);
2513 qemu_put_be32(f, s->identify_set);
aa941b94
AZ		 2514 if (s->identify_set) {
2515 qemu_put_buffer(f, (const uint8_t *)s->identify_data, 512);
2516 }
2517 qemu_put_8s(f, &s->feature);
2518 qemu_put_8s(f, &s->error);
2519 qemu_put_be32s(f, &s->nsector);
2520 qemu_put_8s(f, &s->sector);
2521 qemu_put_8s(f, &s->lcyl);
2522 qemu_put_8s(f, &s->hcyl);
2523 qemu_put_8s(f, &s->hob_feature);
2524 qemu_put_8s(f, &s->hob_nsector);
2525 qemu_put_8s(f, &s->hob_sector);
2526 qemu_put_8s(f, &s->hob_lcyl);
2527 qemu_put_8s(f, &s->hob_hcyl);
2528 qemu_put_8s(f, &s->select);
2529 qemu_put_8s(f, &s->status);
2530 qemu_put_8s(f, &s->lba48);
2531
2532 qemu_put_8s(f, &s->sense_key);
2533 qemu_put_8s(f, &s->asc);
2534 /* XXX: if a transfer is pending, we do not save it yet */
2535}
2536
2537/* load per IDE drive data */
2538static void ide_load(QEMUFile* f, IDEState *s)
2539{
bee8d684
TS		 2540 s->mult_sectors=qemu_get_be32(f);
2541 s->identify_set=qemu_get_be32(f);
aa941b94
AZ		 2542 if (s->identify_set) {
2543 qemu_get_buffer(f, (uint8_t *)s->identify_data, 512);
2544 }
2545 qemu_get_8s(f, &s->feature);
2546 qemu_get_8s(f, &s->error);
2547 qemu_get_be32s(f, &s->nsector);
2548 qemu_get_8s(f, &s->sector);
2549 qemu_get_8s(f, &s->lcyl);
2550 qemu_get_8s(f, &s->hcyl);
2551 qemu_get_8s(f, &s->hob_feature);
2552 qemu_get_8s(f, &s->hob_nsector);
2553 qemu_get_8s(f, &s->hob_sector);
2554 qemu_get_8s(f, &s->hob_lcyl);
2555 qemu_get_8s(f, &s->hob_hcyl);
2556 qemu_get_8s(f, &s->select);
2557 qemu_get_8s(f, &s->status);
2558 qemu_get_8s(f, &s->lba48);
2559
2560 qemu_get_8s(f, &s->sense_key);
2561 qemu_get_8s(f, &s->asc);
2562 /* XXX: if a transfer is pending, we do not save it yet */
2563}
2564
34e538ae
FB		 2565/***********************************************************/
2566/* ISA IDE definitions */
2567
d537cf6c 2568void isa_ide_init(int iobase, int iobase2, qemu_irq irq,
34e538ae
FB		 2569 BlockDriverState *hd0, BlockDriverState *hd1)
2570{
2571 IDEState *ide_state;
2572
2573 ide_state = qemu_mallocz(sizeof(IDEState) * 2);
2574 if (!ide_state)
2575 return;
3b46e624 2576
d537cf6c 2577 ide_init2(ide_state, hd0, hd1, irq);
34e538ae
FB		 2578 ide_init_ioport(ide_state, iobase, iobase2);
2579}
2580
69b91039
FB		 2581/***********************************************************/
2582/* PCI IDE definitions */
2583
5457c8ce
FB		 2584static void cmd646_update_irq(PCIIDEState *d);
2585
5fafdf24 2586static void ide_map(PCIDevice *pci_dev, int region_num,
69b91039
FB		 2587 uint32_t addr, uint32_t size, int type)
2588{
2589 PCIIDEState *d = (PCIIDEState *)pci_dev;
2590 IDEState *ide_state;
2591
2592 if (region_num <= 3) {
2593 ide_state = &d->ide_if[(region_num >> 1) * 2];
2594 if (region_num & 1) {
2595 register_ioport_read(addr + 2, 1, 1, ide_status_read, ide_state);
2596 register_ioport_write(addr + 2, 1, 1, ide_cmd_write, ide_state);
2597 } else {
2598 register_ioport_write(addr, 8, 1, ide_ioport_write, ide_state);
2599 register_ioport_read(addr, 8, 1, ide_ioport_read, ide_state);
2600
2601 /* data ports */
2602 register_ioport_write(addr, 2, 2, ide_data_writew, ide_state);
2603 register_ioport_read(addr, 2, 2, ide_data_readw, ide_state);
2604 register_ioport_write(addr, 4, 4, ide_data_writel, ide_state);
2605 register_ioport_read(addr, 4, 4, ide_data_readl, ide_state);
2606 }
2607 }
2608}
2609
8ccad811 2610static void ide_dma_start(IDEState *s, BlockDriverCompletionFunc *dma_cb)
98087450
FB		 2611{
2612 BMDMAState *bm = s->bmdma;
2613 if(!bm)
2614 return;
2615 bm->ide_if = s;
2616 bm->dma_cb = dma_cb;
8ccad811
FB		 2617 bm->cur_prd_last = 0;
2618 bm->cur_prd_addr = 0;
2619 bm->cur_prd_len = 0;
98087450 2620 if (bm->status & BM_STATUS_DMAING) {
8ccad811 2621 bm->dma_cb(bm, 0);
98087450
FB		 2622 }
2623}
2624
98087450
FB		 2625static void bmdma_cmd_writeb(void *opaque, uint32_t addr, uint32_t val)
2626{
2627 BMDMAState *bm = opaque;
2628#ifdef DEBUG_IDE
2629 printf("%s: 0x%08x\n", __func__, val);
2630#endif
2631 if (!(val & BM_CMD_START)) {
2632 /* XXX: do it better */
8ccad811
FB		 2633 if (bm->status & BM_STATUS_DMAING) {
2634 bm->status &= ~BM_STATUS_DMAING;
2635 /* cancel DMA request */
2636 bm->ide_if = NULL;
2637 bm->dma_cb = NULL;
2638 if (bm->aiocb) {
2639#ifdef DEBUG_AIO
2640 printf("aio_cancel\n");
2641#endif
2642 bdrv_aio_cancel(bm->aiocb);
2643 bm->aiocb = NULL;
2644 }
2645 }
98087450
FB		 2646 bm->cmd = val & 0x09;
2647 } else {
8ccad811
FB		 2648 if (!(bm->status & BM_STATUS_DMAING)) {
2649 bm->status |= BM_STATUS_DMAING;
2650 /* start dma transfer if possible */
2651 if (bm->dma_cb)
2652 bm->dma_cb(bm, 0);
2653 }
98087450 2654 bm->cmd = val & 0x09;
98087450
FB		 2655 }
2656}
2657
5457c8ce 2658static uint32_t bmdma_readb(void *opaque, uint32_t addr)
98087450
FB		 2659{
2660 BMDMAState *bm = opaque;
5457c8ce 2661 PCIIDEState *pci_dev;
98087450 2662 uint32_t val;
3b46e624 2663
5457c8ce 2664 switch(addr & 3) {
5fafdf24 2665 case 0:
5457c8ce
FB		 2666 val = bm->cmd;
2667 break;
2668 case 1:
2669 pci_dev = bm->pci_dev;
2670 if (pci_dev->type == IDE_TYPE_CMD646) {
2671 val = pci_dev->dev.config[MRDMODE];
2672 } else {
2673 val = 0xff;
2674 }
2675 break;
2676 case 2:
2677 val = bm->status;
2678 break;
2679 case 3:
2680 pci_dev = bm->pci_dev;
2681 if (pci_dev->type == IDE_TYPE_CMD646) {
2682 if (bm == &pci_dev->bmdma[0])
2683 val = pci_dev->dev.config[UDIDETCR0];
2684 else
2685 val = pci_dev->dev.config[UDIDETCR1];
2686 } else {
2687 val = 0xff;
2688 }
2689 break;
2690 default:
2691 val = 0xff;
2692 break;
2693 }
98087450 2694#ifdef DEBUG_IDE
5457c8ce 2695 printf("bmdma: readb 0x%02x : 0x%02x\n", addr, val);
98087450
FB		 2696#endif
2697 return val;
2698}
2699
5457c8ce 2700static void bmdma_writeb(void *opaque, uint32_t addr, uint32_t val)
98087450
FB		 2701{
2702 BMDMAState *bm = opaque;
5457c8ce 2703 PCIIDEState *pci_dev;
98087450 2704#ifdef DEBUG_IDE
5457c8ce 2705 printf("bmdma: writeb 0x%02x : 0x%02x\n", addr, val);
98087450 2706#endif
5457c8ce
FB		 2707 switch(addr & 3) {
2708 case 1:
2709 pci_dev = bm->pci_dev;
2710 if (pci_dev->type == IDE_TYPE_CMD646) {
5fafdf24 2711 pci_dev->dev.config[MRDMODE] =
5457c8ce
FB		 2712 (pci_dev->dev.config[MRDMODE] & ~0x30) | (val & 0x30);
2713 cmd646_update_irq(pci_dev);
2714 }
2715 break;
2716 case 2:
2717 bm->status = (val & 0x60) | (bm->status & 1) | (bm->status & ~val & 0x06);
2718 break;
2719 case 3:
2720 pci_dev = bm->pci_dev;
2721 if (pci_dev->type == IDE_TYPE_CMD646) {
2722 if (bm == &pci_dev->bmdma[0])
2723 pci_dev->dev.config[UDIDETCR0] = val;
2724 else
2725 pci_dev->dev.config[UDIDETCR1] = val;
2726 }
2727 break;
2728 }
98087450
FB		 2729}
2730
2731static uint32_t bmdma_addr_readl(void *opaque, uint32_t addr)
2732{
2733 BMDMAState *bm = opaque;
2734 uint32_t val;
2735 val = bm->addr;
2736#ifdef DEBUG_IDE
2737 printf("%s: 0x%08x\n", __func__, val);
2738#endif
2739 return val;
2740}
2741
2742static void bmdma_addr_writel(void *opaque, uint32_t addr, uint32_t val)
2743{
2744 BMDMAState *bm = opaque;
2745#ifdef DEBUG_IDE
2746 printf("%s: 0x%08x\n", __func__, val);
2747#endif
2748 bm->addr = val & ~3;
30c4bbac 2749 bm->cur_addr = bm->addr;
98087450
FB		 2750}
2751
5fafdf24 2752static void bmdma_map(PCIDevice *pci_dev, int region_num,
98087450
FB		 2753 uint32_t addr, uint32_t size, int type)
2754{
2755 PCIIDEState *d = (PCIIDEState *)pci_dev;
2756 int i;
2757
2758 for(i = 0;i < 2; i++) {
2759 BMDMAState *bm = &d->bmdma[i];
2760 d->ide_if[2 * i].bmdma = bm;
2761 d->ide_if[2 * i + 1].bmdma = bm;
5457c8ce
FB		 2762 bm->pci_dev = (PCIIDEState *)pci_dev;
2763
98087450 2764 register_ioport_write(addr, 1, 1, bmdma_cmd_writeb, bm);
98087450 2765
5457c8ce
FB		 2766 register_ioport_write(addr + 1, 3, 1, bmdma_writeb, bm);
2767 register_ioport_read(addr, 4, 1, bmdma_readb, bm);
98087450
FB		 2768
2769 register_ioport_write(addr + 4, 4, 4, bmdma_addr_writel, bm);
2770 register_ioport_read(addr + 4, 4, 4, bmdma_addr_readl, bm);
2771 addr += 8;
2772 }
2773}
2774
5457c8ce
FB		 2775/* XXX: call it also when the MRDMODE is changed from the PCI config
2776 registers */
2777static void cmd646_update_irq(PCIIDEState *d)
2778{
2779 int pci_level;
2780 pci_level = ((d->dev.config[MRDMODE] & MRDMODE_INTR_CH0) &&
2781 !(d->dev.config[MRDMODE] & MRDMODE_BLK_CH0)) ||
2782 ((d->dev.config[MRDMODE] & MRDMODE_INTR_CH1) &&
2783 !(d->dev.config[MRDMODE] & MRDMODE_BLK_CH1));
d537cf6c 2784 qemu_set_irq(d->dev.irq[0], pci_level);
5457c8ce
FB		 2785}
2786
2787/* the PCI irq level is the logical OR of the two channels */
2788static void cmd646_set_irq(void *opaque, int channel, int level)
2789{
2790 PCIIDEState *d = opaque;
2791 int irq_mask;
2792
2793 irq_mask = MRDMODE_INTR_CH0 << channel;
2794 if (level)
2795 d->dev.config[MRDMODE] |= irq_mask;
2796 else
2797 d->dev.config[MRDMODE] &= ~irq_mask;
2798 cmd646_update_irq(d);
2799}
2800
2801/* CMD646 PCI IDE controller */
2802void pci_cmd646_ide_init(PCIBus *bus, BlockDriverState **hd_table,
2803 int secondary_ide_enabled)
69b91039
FB		 2804{
2805 PCIIDEState *d;
2806 uint8_t *pci_conf;
34e538ae 2807 int i;
d537cf6c 2808 qemu_irq *irq;
34e538ae 2809
5fafdf24 2810 d = (PCIIDEState *)pci_register_device(bus, "CMD646 IDE",
5457c8ce 2811 sizeof(PCIIDEState),
5fafdf24 2812 -1,
73c11f63 2813 NULL, NULL);
5457c8ce 2814 d->type = IDE_TYPE_CMD646;
69b91039 2815 pci_conf = d->dev.config;
5457c8ce
FB		 2816 pci_conf[0x00] = 0x95; // CMD646
2817 pci_conf[0x01] = 0x10;
2818 pci_conf[0x02] = 0x46;
2819 pci_conf[0x03] = 0x06;
2820
2821 pci_conf[0x08] = 0x07; // IDE controller revision
5fafdf24 2822 pci_conf[0x09] = 0x8f;
5457c8ce 2823
69b91039
FB		 2824 pci_conf[0x0a] = 0x01; // class_sub = PCI_IDE
2825 pci_conf[0x0b] = 0x01; // class_base = PCI_mass_storage
5457c8ce 2826 pci_conf[0x0e] = 0x00; // header_type
3b46e624 2827
5457c8ce
FB		 2828 if (secondary_ide_enabled) {
2829 /* XXX: if not enabled, really disable the seconday IDE controller */
2830 pci_conf[0x51] = 0x80; /* enable IDE1 */
2831 }
69b91039 2832
5fafdf24 2833 pci_register_io_region((PCIDevice *)d, 0, 0x8,
69b91039 2834 PCI_ADDRESS_SPACE_IO, ide_map);
5fafdf24 2835 pci_register_io_region((PCIDevice *)d, 1, 0x4,
69b91039 2836 PCI_ADDRESS_SPACE_IO, ide_map);
5fafdf24 2837 pci_register_io_region((PCIDevice *)d, 2, 0x8,
69b91039 2838 PCI_ADDRESS_SPACE_IO, ide_map);
5fafdf24 2839 pci_register_io_region((PCIDevice *)d, 3, 0x4,
69b91039 2840 PCI_ADDRESS_SPACE_IO, ide_map);
5fafdf24 2841 pci_register_io_region((PCIDevice *)d, 4, 0x10,
98087450 2842 PCI_ADDRESS_SPACE_IO, bmdma_map);
69b91039 2843
34e538ae 2844 pci_conf[0x3d] = 0x01; // interrupt on pin 1
3b46e624 2845
34e538ae
FB		 2846 for(i = 0; i < 4; i++)
2847 d->ide_if[i].pci_dev = (PCIDevice *)d;
d537cf6c
PB		 2848
2849 irq = qemu_allocate_irqs(cmd646_set_irq, d, 2);
2850 ide_init2(&d->ide_if[0], hd_table[0], hd_table[1], irq[0]);
2851 ide_init2(&d->ide_if[2], hd_table[2], hd_table[3], irq[1]);
34e538ae
FB		 2852}
2853
c3d78997
FB		 2854static void pci_ide_save(QEMUFile* f, void *opaque)
2855{
2856 PCIIDEState *d = opaque;
2857 int i;
2858
2859 pci_device_save(&d->dev, f);
2860
2861 for(i = 0; i < 2; i++) {
2862 BMDMAState *bm = &d->bmdma[i];
2863 qemu_put_8s(f, &bm->cmd);
2864 qemu_put_8s(f, &bm->status);
2865 qemu_put_be32s(f, &bm->addr);
2866 /* XXX: if a transfer is pending, we do not save it yet */
2867 }
2868
2869 /* per IDE interface data */
2870 for(i = 0; i < 2; i++) {
2871 IDEState *s = &d->ide_if[i * 2];
2872 uint8_t drive1_selected;
2873 qemu_put_8s(f, &s->cmd);
2874 drive1_selected = (s->cur_drive != s);
2875 qemu_put_8s(f, &drive1_selected);
2876 }
2877
2878 /* per IDE drive data */
2879 for(i = 0; i < 4; i++) {
aa941b94 2880 ide_save(f, &d->ide_if[i]);
c3d78997
FB		 2881 }
2882}
2883
2884static int pci_ide_load(QEMUFile* f, void *opaque, int version_id)
2885{
2886 PCIIDEState *d = opaque;
2887 int ret, i;
2888
2889 if (version_id != 1)
2890 return -EINVAL;
2891 ret = pci_device_load(&d->dev, f);
2892 if (ret < 0)
2893 return ret;
2894
2895 for(i = 0; i < 2; i++) {
2896 BMDMAState *bm = &d->bmdma[i];
2897 qemu_get_8s(f, &bm->cmd);
2898 qemu_get_8s(f, &bm->status);
2899 qemu_get_be32s(f, &bm->addr);
2900 /* XXX: if a transfer is pending, we do not save it yet */
2901 }
2902
2903 /* per IDE interface data */
2904 for(i = 0; i < 2; i++) {
2905 IDEState *s = &d->ide_if[i * 2];
2906 uint8_t drive1_selected;
2907 qemu_get_8s(f, &s->cmd);
2908 qemu_get_8s(f, &drive1_selected);
2909 s->cur_drive = &d->ide_if[i * 2 + (drive1_selected != 0)];
2910 }
2911
2912 /* per IDE drive data */
2913 for(i = 0; i < 4; i++) {
aa941b94 2914 ide_load(f, &d->ide_if[i]);
c3d78997
FB		 2915 }
2916 return 0;
2917}
2918
e6a71ae3
TS		 2919static void piix3_reset(PCIIDEState *d)
2920{
2921 uint8_t *pci_conf = d->dev.config;
2922
2923 pci_conf[0x04] = 0x00;
2924 pci_conf[0x05] = 0x00;
2925 pci_conf[0x06] = 0x80; /* FBC */
2926 pci_conf[0x07] = 0x02; // PCI_status_devsel_medium
2927 pci_conf[0x20] = 0x01; /* BMIBA: 20-23h */
2928}
2929
34e538ae
FB		 2930/* hd_table must contain 4 block drivers */
2931/* NOTE: for the PIIX3, the IRQs and IOports are hardcoded */
d537cf6c
PB		 2932void pci_piix3_ide_init(PCIBus *bus, BlockDriverState **hd_table, int devfn,
2933 qemu_irq *pic)
34e538ae
FB		 2934{
2935 PCIIDEState *d;
2936 uint8_t *pci_conf;
3b46e624 2937
34e538ae 2938 /* register a function 1 of PIIX3 */
5fafdf24 2939 d = (PCIIDEState *)pci_register_device(bus, "PIIX3 IDE",
46e50e9d 2940 sizeof(PCIIDEState),
502a5395 2941 devfn,
34e538ae 2942 NULL, NULL);
5457c8ce
FB		 2943 d->type = IDE_TYPE_PIIX3;
2944
34e538ae
FB		 2945 pci_conf = d->dev.config;
2946 pci_conf[0x00] = 0x86; // Intel
2947 pci_conf[0x01] = 0x80;
2948 pci_conf[0x02] = 0x10;
2949 pci_conf[0x03] = 0x70;
92510b8c 2950 pci_conf[0x09] = 0x80; // legacy ATA mode
34e538ae
FB		 2951 pci_conf[0x0a] = 0x01; // class_sub = PCI_IDE
2952 pci_conf[0x0b] = 0x01; // class_base = PCI_mass_storage
2953 pci_conf[0x0e] = 0x00; // header_type
2954
e6a71ae3
TS		 2955 piix3_reset(d);
2956
5fafdf24 2957 pci_register_io_region((PCIDevice *)d, 4, 0x10,
98087450 2958 PCI_ADDRESS_SPACE_IO, bmdma_map);
34e538ae 2959
d537cf6c
PB		 2960 ide_init2(&d->ide_if[0], hd_table[0], hd_table[1], pic[14]);
2961 ide_init2(&d->ide_if[2], hd_table[2], hd_table[3], pic[15]);
34e538ae
FB		 2962 ide_init_ioport(&d->ide_if[0], 0x1f0, 0x3f6);
2963 ide_init_ioport(&d->ide_if[2], 0x170, 0x376);
c3d78997
FB		 2964
2965 register_savevm("ide", 0, 1, pci_ide_save, pci_ide_load, d);
69b91039 2966}
1ade1de2 2967
afcc3cdf
TS		 2968/* hd_table must contain 4 block drivers */
2969/* NOTE: for the PIIX4, the IRQs and IOports are hardcoded */
2970void pci_piix4_ide_init(PCIBus *bus, BlockDriverState **hd_table, int devfn,
2971 qemu_irq *pic)
2972{
2973 PCIIDEState *d;
2974 uint8_t *pci_conf;
2975
2976 /* register a function 1 of PIIX4 */
2977 d = (PCIIDEState *)pci_register_device(bus, "PIIX4 IDE",
2978 sizeof(PCIIDEState),
2979 devfn,
2980 NULL, NULL);
2981 d->type = IDE_TYPE_PIIX4;
2982
2983 pci_conf = d->dev.config;
2984 pci_conf[0x00] = 0x86; // Intel
2985 pci_conf[0x01] = 0x80;
2986 pci_conf[0x02] = 0x11;
2987 pci_conf[0x03] = 0x71;
2988 pci_conf[0x09] = 0x80; // legacy ATA mode
2989 pci_conf[0x0a] = 0x01; // class_sub = PCI_IDE
2990 pci_conf[0x0b] = 0x01; // class_base = PCI_mass_storage
2991 pci_conf[0x0e] = 0x00; // header_type
2992
2993 piix3_reset(d);
2994
2995 pci_register_io_region((PCIDevice *)d, 4, 0x10,
2996 PCI_ADDRESS_SPACE_IO, bmdma_map);
2997
2998 ide_init2(&d->ide_if[0], hd_table[0], hd_table[1], pic[14]);
2999 ide_init2(&d->ide_if[2], hd_table[2], hd_table[3], pic[15]);
3000 ide_init_ioport(&d->ide_if[0], 0x1f0, 0x3f6);
3001 ide_init_ioport(&d->ide_if[2], 0x170, 0x376);
3002
3003 register_savevm("ide", 0, 1, pci_ide_save, pci_ide_load, d);
3004}
3005
1ade1de2
FB		 3006/***********************************************************/
3007/* MacIO based PowerPC IDE */
3008
3009/* PowerMac IDE memory IO */
3010static void pmac_ide_writeb (void *opaque,
3011 target_phys_addr_t addr, uint32_t val)
3012{
5fafdf24 3013 addr = (addr & 0xFFF) >> 4;
1ade1de2
FB		 3014 switch (addr) {
3015 case 1 ... 7:
3016 ide_ioport_write(opaque, addr, val);
3017 break;
3018 case 8:
3019 case 22:
3020 ide_cmd_write(opaque, 0, val);
3021 break;
3022 default:
3023 break;
3024 }
3025}
3026
3027static uint32_t pmac_ide_readb (void *opaque,target_phys_addr_t addr)
3028{
3029 uint8_t retval;
3030
3031 addr = (addr & 0xFFF) >> 4;
3032 switch (addr) {
3033 case 1 ... 7:
3034 retval = ide_ioport_read(opaque, addr);
3035 break;
3036 case 8:
3037 case 22:
3038 retval = ide_status_read(opaque, 0);
3039 break;
3040 default:
3041 retval = 0xFF;
3042 break;
3043 }
3044 return retval;
3045}
3046
3047static void pmac_ide_writew (void *opaque,
3048 target_phys_addr_t addr, uint32_t val)
3049{
5fafdf24 3050 addr = (addr & 0xFFF) >> 4;
1ade1de2
FB		 3051#ifdef TARGET_WORDS_BIGENDIAN
3052 val = bswap16(val);
3053#endif
3054 if (addr == 0) {
3055 ide_data_writew(opaque, 0, val);
3056 }
3057}
3058
3059static uint32_t pmac_ide_readw (void *opaque,target_phys_addr_t addr)
3060{
3061 uint16_t retval;
3062
5fafdf24 3063 addr = (addr & 0xFFF) >> 4;
1ade1de2
FB		 3064 if (addr == 0) {
3065 retval = ide_data_readw(opaque, 0);
3066 } else {
3067 retval = 0xFFFF;
3068 }
3069#ifdef TARGET_WORDS_BIGENDIAN
3070 retval = bswap16(retval);
3071#endif
3072 return retval;
3073}
3074
3075static void pmac_ide_writel (void *opaque,
3076 target_phys_addr_t addr, uint32_t val)
3077{
5fafdf24 3078 addr = (addr & 0xFFF) >> 4;
1ade1de2
FB		 3079#ifdef TARGET_WORDS_BIGENDIAN
3080 val = bswap32(val);
3081#endif
3082 if (addr == 0) {
3083 ide_data_writel(opaque, 0, val);
3084 }
3085}
3086
3087static uint32_t pmac_ide_readl (void *opaque,target_phys_addr_t addr)
3088{
3089 uint32_t retval;
3090
5fafdf24 3091 addr = (addr & 0xFFF) >> 4;
1ade1de2
FB		 3092 if (addr == 0) {
3093 retval = ide_data_readl(opaque, 0);
3094 } else {
3095 retval = 0xFFFFFFFF;
3096 }
3097#ifdef TARGET_WORDS_BIGENDIAN
3098 retval = bswap32(retval);
3099#endif
3100 return retval;
3101}
3102
3103static CPUWriteMemoryFunc *pmac_ide_write[] = {
3104 pmac_ide_writeb,
3105 pmac_ide_writew,
3106 pmac_ide_writel,
3107};
3108
3109static CPUReadMemoryFunc *pmac_ide_read[] = {
3110 pmac_ide_readb,
3111 pmac_ide_readw,
3112 pmac_ide_readl,
3113};
3114
3115/* hd_table must contain 4 block drivers */
3116/* PowerMac uses memory mapped registers, not I/O. Return the memory
3117 I/O index to access the ide. */
d537cf6c 3118int pmac_ide_init (BlockDriverState **hd_table, qemu_irq irq)
1ade1de2
FB		 3119{
3120 IDEState *ide_if;
3121 int pmac_ide_memory;
3122
3123 ide_if = qemu_mallocz(sizeof(IDEState) * 2);
d537cf6c 3124 ide_init2(&ide_if[0], hd_table[0], hd_table[1], irq);
3b46e624 3125
1ade1de2
FB		 3126 pmac_ide_memory = cpu_register_io_memory(0, pmac_ide_read,
3127 pmac_ide_write, &ide_if[0]);
3128 return pmac_ide_memory;
3129}
201a51fc
AZ		 3130
3131/***********************************************************/
3132/* CF-ATA Microdrive */
3133
3134#define METADATA_SIZE 0x20
3135
3136/* DSCM-1XXXX Microdrive hard disk with CF+ II / PCMCIA interface. */
3137struct md_s {
3138 IDEState ide[2];
3139 struct pcmcia_card_s card;
3140 uint32_t attr_base;
3141 uint32_t io_base;
3142
3143 /* Card state */
3144 uint8_t opt;
3145 uint8_t stat;
3146 uint8_t pins;
3147
3148 uint8_t ctrl;
3149 uint16_t io;
3150 int cycle;
3151};
3152
3153/* Register bitfields */
3154enum md_opt {
3155 OPT_MODE_MMAP = 0,
3156 OPT_MODE_IOMAP16 = 1,
3157 OPT_MODE_IOMAP1 = 2,
3158 OPT_MODE_IOMAP2 = 3,
3159 OPT_MODE = 0x3f,
3160 OPT_LEVIREQ = 0x40,
3161 OPT_SRESET = 0x80,
3162};
3163enum md_cstat {
3164 STAT_INT = 0x02,
3165 STAT_PWRDWN = 0x04,
3166 STAT_XE = 0x10,
3167 STAT_IOIS8 = 0x20,
3168 STAT_SIGCHG = 0x40,
3169 STAT_CHANGED = 0x80,
3170};
3171enum md_pins {
3172 PINS_MRDY = 0x02,
3173 PINS_CRDY = 0x20,
3174};
3175enum md_ctrl {
3176 CTRL_IEN = 0x02,
3177 CTRL_SRST = 0x04,
3178};
3179
3180static inline void md_interrupt_update(struct md_s *s)
3181{
3182 if (!s->card.slot)
3183 return;
3184
3185 qemu_set_irq(s->card.slot->irq,
3186 !(s->stat & STAT_INT) && /* Inverted */
3187 !(s->ctrl & (CTRL_IEN | CTRL_SRST)) &&
3188 !(s->opt & OPT_SRESET));
3189}
3190
3191static void md_set_irq(void *opaque, int irq, int level)
3192{
3193 struct md_s *s = (struct md_s *) opaque;
3194 if (level)
3195 s->stat |= STAT_INT;
3196 else
3197 s->stat &= ~STAT_INT;
3198
3199 md_interrupt_update(s);
3200}
3201
3202static void md_reset(struct md_s *s)
3203{
3204 s->opt = OPT_MODE_MMAP;
3205 s->stat = 0;
3206 s->pins = 0;
3207 s->cycle = 0;
3208 s->ctrl = 0;
3209 ide_reset(s->ide);
3210}
3211
9e315fa9 3212static uint8_t md_attr_read(void *opaque, uint32_t at)
201a51fc
AZ		 3213{
3214 struct md_s *s = (struct md_s *) opaque;
3215 if (at < s->attr_base) {
3216 if (at < s->card.cis_len)
3217 return s->card.cis[at];
3218 else
3219 return 0x00;
3220 }
3221
3222 at -= s->attr_base;
3223
3224 switch (at) {
3225 case 0x00: /* Configuration Option Register */
3226 return s->opt;
3227 case 0x02: /* Card Configuration Status Register */
3228 if (s->ctrl & CTRL_IEN)
3229 return s->stat & ~STAT_INT;
3230 else
3231 return s->stat;
3232 case 0x04: /* Pin Replacement Register */
3233 return (s->pins & PINS_CRDY) | 0x0c;
3234 case 0x06: /* Socket and Copy Register */
3235 return 0x00;
3236#ifdef VERBOSE
3237 default:
3238 printf("%s: Bad attribute space register %02x\n", __FUNCTION__, at);
3239#endif
3240 }
3241
3242 return 0;
3243}
3244
9e315fa9 3245static void md_attr_write(void *opaque, uint32_t at, uint8_t value)
201a51fc
AZ		 3246{
3247 struct md_s *s = (struct md_s *) opaque;
3248 at -= s->attr_base;
3249
3250 switch (at) {
3251 case 0x00: /* Configuration Option Register */
3252 s->opt = value & 0xcf;
3253 if (value & OPT_SRESET)
3254 md_reset(s);
3255 md_interrupt_update(s);
3256 break;
3257 case 0x02: /* Card Configuration Status Register */
3258 if ((s->stat ^ value) & STAT_PWRDWN)
3259 s->pins |= PINS_CRDY;
3260 s->stat &= 0x82;
3261 s->stat |= value & 0x74;
3262 md_interrupt_update(s);
3263 /* Word 170 in Identify Device must be equal to STAT_XE */
3264 break;
3265 case 0x04: /* Pin Replacement Register */
3266 s->pins &= PINS_CRDY;
3267 s->pins |= value & PINS_MRDY;
3268 break;
3269 case 0x06: /* Socket and Copy Register */
3270 break;
3271 default:
3272 printf("%s: Bad attribute space register %02x\n", __FUNCTION__, at);
3273 }
3274}
3275
9e315fa9 3276static uint16_t md_common_read(void *opaque, uint32_t at)
201a51fc
AZ		 3277{
3278 struct md_s *s = (struct md_s *) opaque;
3279 uint16_t ret;
3280 at -= s->io_base;
3281
3282 switch (s->opt & OPT_MODE) {
3283 case OPT_MODE_MMAP:
3284 if ((at & ~0x3ff) == 0x400)
3285 at = 0;
3286 break;
3287 case OPT_MODE_IOMAP16:
3288 at &= 0xf;
3289 break;
3290 case OPT_MODE_IOMAP1:
3291 if ((at & ~0xf) == 0x3f0)
3292 at -= 0x3e8;
3293 else if ((at & ~0xf) == 0x1f0)
3294 at -= 0x1f0;
3295 break;
3296 case OPT_MODE_IOMAP2:
3297 if ((at & ~0xf) == 0x370)
3298 at -= 0x368;
3299 else if ((at & ~0xf) == 0x170)
3300 at -= 0x170;
3301 }
3302
3303 switch (at) {
3304 case 0x0: /* Even RD Data */
3305 case 0x8:
3306 return ide_data_readw(s->ide, 0);
3307
3308 /* TODO: 8-bit accesses */
3309 if (s->cycle)
3310 ret = s->io >> 8;
3311 else {
3312 s->io = ide_data_readw(s->ide, 0);
3313 ret = s->io & 0xff;
3314 }
3315 s->cycle = !s->cycle;
3316 return ret;
3317 case 0x9: /* Odd RD Data */
3318 return s->io >> 8;
3319 case 0xd: /* Error */
3320 return ide_ioport_read(s->ide, 0x1);
3321 case 0xe: /* Alternate Status */
3322 if (s->ide->cur_drive->bs)
3323 return s->ide->cur_drive->status;
3324 else
3325 return 0;
3326 case 0xf: /* Device Address */
3327 return 0xc2 | ((~s->ide->select << 2) & 0x3c);
3328 default:
3329 return ide_ioport_read(s->ide, at);
3330 }
3331
3332 return 0;
3333}
3334
9e315fa9 3335static void md_common_write(void *opaque, uint32_t at, uint16_t value)
201a51fc
AZ		 3336{
3337 struct md_s *s = (struct md_s *) opaque;
3338 at -= s->io_base;
3339
3340 switch (s->opt & OPT_MODE) {
3341 case OPT_MODE_MMAP:
3342 if ((at & ~0x3ff) == 0x400)
3343 at = 0;
3344 break;
3345 case OPT_MODE_IOMAP16:
3346 at &= 0xf;
3347 break;
3348 case OPT_MODE_IOMAP1:
3349 if ((at & ~0xf) == 0x3f0)
3350 at -= 0x3e8;
3351 else if ((at & ~0xf) == 0x1f0)
3352 at -= 0x1f0;
3353 break;
3354 case OPT_MODE_IOMAP2:
3355 if ((at & ~0xf) == 0x370)
3356 at -= 0x368;
3357 else if ((at & ~0xf) == 0x170)
3358 at -= 0x170;
3359 }
3360
3361 switch (at) {
3362 case 0x0: /* Even WR Data */
3363 case 0x8:
3364 ide_data_writew(s->ide, 0, value);
3365 break;
3366
3367 /* TODO: 8-bit accesses */
3368 if (s->cycle)
3369 ide_data_writew(s->ide, 0, s->io | (value << 8));
3370 else
3371 s->io = value & 0xff;
3372 s->cycle = !s->cycle;
3373 break;
3374 case 0x9:
3375 s->io = value & 0xff;
3376 s->cycle = !s->cycle;
3377 break;
3378 case 0xd: /* Features */
3379 ide_ioport_write(s->ide, 0x1, value);
3380 break;
3381 case 0xe: /* Device Control */
3382 s->ctrl = value;
3383 if (value & CTRL_SRST)
3384 md_reset(s);
3385 md_interrupt_update(s);
3386 break;
3387 default:
3388 if (s->stat & STAT_PWRDWN) {
3389 s->pins |= PINS_CRDY;
3390 s->stat &= ~STAT_PWRDWN;
3391 }
3392 ide_ioport_write(s->ide, at, value);
3393 }
3394}
3395
aa941b94
AZ		 3396static void md_save(QEMUFile *f, void *opaque)
3397{
3398 struct md_s *s = (struct md_s *) opaque;
3399 int i;
3400 uint8_t drive1_selected;
3401
3402 qemu_put_8s(f, &s->opt);
3403 qemu_put_8s(f, &s->stat);
3404 qemu_put_8s(f, &s->pins);
3405
3406 qemu_put_8s(f, &s->ctrl);
3407 qemu_put_be16s(f, &s->io);
3408 qemu_put_byte(f, s->cycle);
3409
3410 drive1_selected = (s->ide->cur_drive != s->ide);
3411 qemu_put_8s(f, &s->ide->cmd);
3412 qemu_put_8s(f, &drive1_selected);
3413
3414 for (i = 0; i < 2; i ++)
3415 ide_save(f, &s->ide[i]);
3416}
3417
3418static int md_load(QEMUFile *f, void *opaque, int version_id)
3419{
3420 struct md_s *s = (struct md_s *) opaque;
3421 int i;
3422 uint8_t drive1_selected;
3423
3424 qemu_get_8s(f, &s->opt);
3425 qemu_get_8s(f, &s->stat);
3426 qemu_get_8s(f, &s->pins);
3427
3428 qemu_get_8s(f, &s->ctrl);
3429 qemu_get_be16s(f, &s->io);
3430 s->cycle = qemu_get_byte(f);
3431
3432 qemu_get_8s(f, &s->ide->cmd);
3433 qemu_get_8s(f, &drive1_selected);
3434 s->ide->cur_drive = &s->ide[(drive1_selected != 0)];
3435
3436 for (i = 0; i < 2; i ++)
3437 ide_load(f, &s->ide[i]);
3438
3439 return 0;
3440}
3441
3442static int md_iid = 0;
3443
201a51fc
AZ		 3444static const uint8_t dscm1xxxx_cis[0x14a] = {
3445 [0x000] = CISTPL_DEVICE, /* 5V Device Information */
3446 [0x002] = 0x03, /* Tuple length = 4 bytes */
3447 [0x004] = 0xdb, /* ID: DTYPE_FUNCSPEC, non WP, DSPEED_150NS */
3448 [0x006] = 0x01, /* Size = 2K bytes */
3449 [0x008] = CISTPL_ENDMARK,
3450
3451 [0x00a] = CISTPL_DEVICE_OC, /* Additional Device Information */
3452 [0x00c] = 0x04, /* Tuple length = 4 byest */
3453 [0x00e] = 0x03, /* Conditions: Ext = 0, Vcc 3.3V, MWAIT = 1 */
3454 [0x010] = 0xdb, /* ID: DTYPE_FUNCSPEC, non WP, DSPEED_150NS */
3455 [0x012] = 0x01, /* Size = 2K bytes */
3456 [0x014] = CISTPL_ENDMARK,
3457
3458 [0x016] = CISTPL_JEDEC_C, /* JEDEC ID */
3459 [0x018] = 0x02, /* Tuple length = 2 bytes */
3460 [0x01a] = 0xdf, /* PC Card ATA with no Vpp required */
3461 [0x01c] = 0x01,
3462
3463 [0x01e] = CISTPL_MANFID, /* Manufacture ID */
3464 [0x020] = 0x04, /* Tuple length = 4 bytes */
3465 [0x022] = 0xa4, /* TPLMID_MANF = 00a4 (IBM) */
3466 [0x024] = 0x00,
3467 [0x026] = 0x00, /* PLMID_CARD = 0000 */
3468 [0x028] = 0x00,
3469
3470 [0x02a] = CISTPL_VERS_1, /* Level 1 Version */
3471 [0x02c] = 0x12, /* Tuple length = 23 bytes */
3472 [0x02e] = 0x04, /* Major Version = JEIDA 4.2 / PCMCIA 2.1 */
3473 [0x030] = 0x01, /* Minor Version = 1 */
3474 [0x032] = 'I',
3475 [0x034] = 'B',
3476 [0x036] = 'M',
3477 [0x038] = 0x00,
3478 [0x03a] = 'm',
3479 [0x03c] = 'i',
3480 [0x03e] = 'c',
3481 [0x040] = 'r',
3482 [0x042] = 'o',
3483 [0x044] = 'd',
3484 [0x046] = 'r',
3485 [0x048] = 'i',
3486 [0x04a] = 'v',
3487 [0x04c] = 'e',
3488 [0x04e] = 0x00,
3489 [0x050] = CISTPL_ENDMARK,
3490
3491 [0x052] = CISTPL_FUNCID, /* Function ID */
3492 [0x054] = 0x02, /* Tuple length = 2 bytes */
3493 [0x056] = 0x04, /* TPLFID_FUNCTION = Fixed Disk */
3494 [0x058] = 0x01, /* TPLFID_SYSINIT: POST = 1, ROM = 0 */
3495
3496 [0x05a] = CISTPL_FUNCE, /* Function Extension */
3497 [0x05c] = 0x02, /* Tuple length = 2 bytes */
3498 [0x05e] = 0x01, /* TPLFE_TYPE = Disk Device Interface */
3499 [0x060] = 0x01, /* TPLFE_DATA = PC Card ATA Interface */
3500
3501 [0x062] = CISTPL_FUNCE, /* Function Extension */
3502 [0x064] = 0x03, /* Tuple length = 3 bytes */
3503 [0x066] = 0x02, /* TPLFE_TYPE = Basic PC Card ATA Interface */
3504 [0x068] = 0x08, /* TPLFE_DATA: Rotating, Unique, Single */
3505 [0x06a] = 0x0f, /* TPLFE_DATA: Sleep, Standby, Idle, Auto */
3506
3507 [0x06c] = CISTPL_CONFIG, /* Configuration */
3508 [0x06e] = 0x05, /* Tuple length = 5 bytes */
3509 [0x070] = 0x01, /* TPCC_RASZ = 2 bytes, TPCC_RMSZ = 1 byte */
3510 [0x072] = 0x07, /* TPCC_LAST = 7 */
3511 [0x074] = 0x00, /* TPCC_RADR = 0200 */
3512 [0x076] = 0x02,
3513 [0x078] = 0x0f, /* TPCC_RMSK = 200, 202, 204, 206 */
3514
3515 [0x07a] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
3516 [0x07c] = 0x0b, /* Tuple length = 11 bytes */
3517 [0x07e] = 0xc0, /* TPCE_INDX = Memory Mode, Default, Iface */
3518 [0x080] = 0xc0, /* TPCE_IF = Memory, no BVDs, no WP, READY */
3519 [0x082] = 0xa1, /* TPCE_FS = Vcc only, no I/O, Memory, Misc */
3520 [0x084] = 0x27, /* NomV = 1, MinV = 1, MaxV = 1, Peakl = 1 */
3521 [0x086] = 0x55, /* NomV: 5.0 V */
3522 [0x088] = 0x4d, /* MinV: 4.5 V */
3523 [0x08a] = 0x5d, /* MaxV: 5.5 V */
3524 [0x08c] = 0x4e, /* Peakl: 450 mA */
3525 [0x08e] = 0x08, /* TPCE_MS = 1 window, 1 byte, Host address */
3526 [0x090] = 0x00, /* Window descriptor: Window length = 0 */
3527 [0x092] = 0x20, /* TPCE_MI: support power down mode, RW */
3528
3529 [0x094] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
3530 [0x096] = 0x06, /* Tuple length = 6 bytes */
3531 [0x098] = 0x00, /* TPCE_INDX = Memory Mode, no Default */
3532 [0x09a] = 0x01, /* TPCE_FS = Vcc only, no I/O, no Memory */
3533 [0x09c] = 0x21, /* NomV = 1, MinV = 0, MaxV = 0, Peakl = 1 */
3534 [0x09e] = 0xb5, /* NomV: 3.3 V */
3535 [0x0a0] = 0x1e,
3536 [0x0a2] = 0x3e, /* Peakl: 350 mA */
3537
3538 [0x0a4] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
3539 [0x0a6] = 0x0d, /* Tuple length = 13 bytes */
3540 [0x0a8] = 0xc1, /* TPCE_INDX = I/O and Memory Mode, Default */
3541 [0x0aa] = 0x41, /* TPCE_IF = I/O and Memory, no BVD, no WP */
3542 [0x0ac] = 0x99, /* TPCE_FS = Vcc only, I/O, Interrupt, Misc */
3543 [0x0ae] = 0x27, /* NomV = 1, MinV = 1, MaxV = 1, Peakl = 1 */
3544 [0x0b0] = 0x55, /* NomV: 5.0 V */
3545 [0x0b2] = 0x4d, /* MinV: 4.5 V */
3546 [0x0b4] = 0x5d, /* MaxV: 5.5 V */
3547 [0x0b6] = 0x4e, /* Peakl: 450 mA */
3548 [0x0b8] = 0x64, /* TPCE_IO = 16-byte boundary, 16/8 accesses */
3549 [0x0ba] = 0xf0, /* TPCE_IR = MASK, Level, Pulse, Share */
3550 [0x0bc] = 0xff, /* IRQ0..IRQ7 supported */
3551 [0x0be] = 0xff, /* IRQ8..IRQ15 supported */
3552 [0x0c0] = 0x20, /* TPCE_MI = support power down mode */
3553
3554 [0x0c2] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
3555 [0x0c4] = 0x06, /* Tuple length = 6 bytes */
3556 [0x0c6] = 0x01, /* TPCE_INDX = I/O and Memory Mode */
3557 [0x0c8] = 0x01, /* TPCE_FS = Vcc only, no I/O, no Memory */
3558 [0x0ca] = 0x21, /* NomV = 1, MinV = 0, MaxV = 0, Peakl = 1 */
3559 [0x0cc] = 0xb5, /* NomV: 3.3 V */
3560 [0x0ce] = 0x1e,
3561 [0x0d0] = 0x3e, /* Peakl: 350 mA */
3562
3563 [0x0d2] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
3564 [0x0d4] = 0x12, /* Tuple length = 18 bytes */
3565 [0x0d6] = 0xc2, /* TPCE_INDX = I/O Primary Mode */
3566 [0x0d8] = 0x41, /* TPCE_IF = I/O and Memory, no BVD, no WP */
3567 [0x0da] = 0x99, /* TPCE_FS = Vcc only, I/O, Interrupt, Misc */
3568 [0x0dc] = 0x27, /* NomV = 1, MinV = 1, MaxV = 1, Peakl = 1 */
3569 [0x0de] = 0x55, /* NomV: 5.0 V */
3570 [0x0e0] = 0x4d, /* MinV: 4.5 V */
3571 [0x0e2] = 0x5d, /* MaxV: 5.5 V */
3572 [0x0e4] = 0x4e, /* Peakl: 450 mA */
3573 [0x0e6] = 0xea, /* TPCE_IO = 1K boundary, 16/8 access, Range */
3574 [0x0e8] = 0x61, /* Range: 2 fields, 2 bytes addr, 1 byte len */
3575 [0x0ea] = 0xf0, /* Field 1 address = 0x01f0 */
3576 [0x0ec] = 0x01,
3577 [0x0ee] = 0x07, /* Address block length = 8 */
3578 [0x0f0] = 0xf6, /* Field 2 address = 0x03f6 */
3579 [0x0f2] = 0x03,
3580 [0x0f4] = 0x01, /* Address block length = 2 */
3581 [0x0f6] = 0xee, /* TPCE_IR = IRQ E, Level, Pulse, Share */
3582 [0x0f8] = 0x20, /* TPCE_MI = support power down mode */
3583
3584 [0x0fa] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
3585 [0x0fc] = 0x06, /* Tuple length = 6 bytes */
3586 [0x0fe] = 0x02, /* TPCE_INDX = I/O Primary Mode, no Default */
3587 [0x100] = 0x01, /* TPCE_FS = Vcc only, no I/O, no Memory */
3588 [0x102] = 0x21, /* NomV = 1, MinV = 0, MaxV = 0, Peakl = 1 */
3589 [0x104] = 0xb5, /* NomV: 3.3 V */
3590 [0x106] = 0x1e,
3591 [0x108] = 0x3e, /* Peakl: 350 mA */
3592
3593 [0x10a] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
3594 [0x10c] = 0x12, /* Tuple length = 18 bytes */
3595 [0x10e] = 0xc3, /* TPCE_INDX = I/O Secondary Mode, Default */
3596 [0x110] = 0x41, /* TPCE_IF = I/O and Memory, no BVD, no WP */
3597 [0x112] = 0x99, /* TPCE_FS = Vcc only, I/O, Interrupt, Misc */
3598 [0x114] = 0x27, /* NomV = 1, MinV = 1, MaxV = 1, Peakl = 1 */
3599 [0x116] = 0x55, /* NomV: 5.0 V */
3600 [0x118] = 0x4d, /* MinV: 4.5 V */
3601 [0x11a] = 0x5d, /* MaxV: 5.5 V */
3602 [0x11c] = 0x4e, /* Peakl: 450 mA */
3603 [0x11e] = 0xea, /* TPCE_IO = 1K boundary, 16/8 access, Range */
3604 [0x120] = 0x61, /* Range: 2 fields, 2 byte addr, 1 byte len */
3605 [0x122] = 0x70, /* Field 1 address = 0x0170 */
3606 [0x124] = 0x01,
3607 [0x126] = 0x07, /* Address block length = 8 */
3608 [0x128] = 0x76, /* Field 2 address = 0x0376 */
3609 [0x12a] = 0x03,
3610 [0x12c] = 0x01, /* Address block length = 2 */
3611 [0x12e] = 0xee, /* TPCE_IR = IRQ E, Level, Pulse, Share */
3612 [0x130] = 0x20, /* TPCE_MI = support power down mode */
3613
3614 [0x132] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
3615 [0x134] = 0x06, /* Tuple length = 6 bytes */
3616 [0x136] = 0x03, /* TPCE_INDX = I/O Secondary Mode */
3617 [0x138] = 0x01, /* TPCE_FS = Vcc only, no I/O, no Memory */
3618 [0x13a] = 0x21, /* NomV = 1, MinV = 0, MaxV = 0, Peakl = 1 */
3619 [0x13c] = 0xb5, /* NomV: 3.3 V */
3620 [0x13e] = 0x1e,
3621 [0x140] = 0x3e, /* Peakl: 350 mA */
3622
3623 [0x142] = CISTPL_NO_LINK, /* No Link */
3624 [0x144] = 0x00, /* Tuple length = 0 bytes */
3625
3626 [0x146] = CISTPL_END, /* Tuple End */
3627};
3628
3629static int dscm1xxxx_attach(void *opaque)
3630{
3631 struct md_s *md = (struct md_s *) opaque;
3632 md->card.attr_read = md_attr_read;
3633 md->card.attr_write = md_attr_write;
3634 md->card.common_read = md_common_read;
3635 md->card.common_write = md_common_write;
3636 md->card.io_read = md_common_read;
3637 md->card.io_write = md_common_write;
3638
3639 md->attr_base = md->card.cis[0x74] | (md->card.cis[0x76] << 8);
3640 md->io_base = 0x0;
3641
3642 md_reset(md);
3643 md_interrupt_update(md);
3644
3645 md->card.slot->card_string = "DSCM-1xxxx Hitachi Microdrive";
3646 return 0;
3647}
3648
3649static int dscm1xxxx_detach(void *opaque)
3650{
3651 struct md_s *md = (struct md_s *) opaque;
3652 md_reset(md);
3653 return 0;
3654}
3655
3656struct pcmcia_card_s *dscm1xxxx_init(BlockDriverState *bdrv)
3657{
3658 struct md_s *md = (struct md_s *) qemu_mallocz(sizeof(struct md_s));
3659 md->card.state = md;
3660 md->card.attach = dscm1xxxx_attach;
3661 md->card.detach = dscm1xxxx_detach;
3662 md->card.cis = dscm1xxxx_cis;
3663 md->card.cis_len = sizeof(dscm1xxxx_cis);
3664
3665 ide_init2(md->ide, bdrv, 0, qemu_allocate_irqs(md_set_irq, md, 1)[0]);
3666 md->ide->is_cf = 1;
3667 md->ide->mdata_size = METADATA_SIZE;
3668 md->ide->mdata_storage = (uint8_t *) qemu_mallocz(METADATA_SIZE);
aa941b94
AZ		 3669
3670 register_savevm("microdrive", md_iid ++, 0, md_save, md_load, md);
3671
201a51fc
AZ		 3672 return &md->card;
3673}
Qemu copy for testing