]> git.proxmox.com Git - mirror_qemu.git/blame - hw/ide.c
projects / mirror_qemu.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
target-sh4: Add SH bit handling to TLB
[mirror_qemu.git] / hw / ide.c
CommitLineData
5391d806 1/*
38cdea7c 2 * QEMU IDE disk and CD/DVD-ROM Emulator
5fafdf24 3 *
5391d806 4 * Copyright (c) 2003 Fabrice Bellard
201a51fc 5 * Copyright (c) 2006 Openedhand Ltd.
5fafdf24 6 *
5391d806
FB		 7 * Permission is hereby granted, free of charge, to any person obtaining a copy
8 * of this software and associated documentation files (the "Software"), to deal
9 * in the Software without restriction, including without limitation the rights
10 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
11 * copies of the Software, and to permit persons to whom the Software is
12 * furnished to do so, subject to the following conditions:
13 *
14 * The above copyright notice and this permission notice shall be included in
15 * all copies or substantial portions of the Software.
16 *
17 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
18 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
19 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
20 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
21 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
22 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
23 * THE SOFTWARE.
24 */
87ecb68b
PB		 25#include "hw.h"
26#include "pc.h"
27#include "pci.h"
28#include "scsi-disk.h"
29#include "pcmcia.h"
30#include "block.h"
31#include "qemu-timer.h"
32#include "sysemu.h"
9596ebb7 33#include "ppc_mac.h"
b79e1752 34#include "sh.h"
5391d806 35
5391d806
FB		 36/* debug IDE devices */
37//#define DEBUG_IDE
38//#define DEBUG_IDE_ATAPI
8ccad811
FB		 39//#define DEBUG_AIO
40#define USE_DMA_CDROM
5391d806
FB		 41
42/* Bits of HD_STATUS */
43#define ERR_STAT 0x01
44#define INDEX_STAT 0x02
45#define ECC_STAT 0x04 /* Corrected error */
46#define DRQ_STAT 0x08
47#define SEEK_STAT 0x10
48#define SRV_STAT 0x10
49#define WRERR_STAT 0x20
50#define READY_STAT 0x40
51#define BUSY_STAT 0x80
52
53/* Bits for HD_ERROR */
54#define MARK_ERR 0x01 /* Bad address mark */
55#define TRK0_ERR 0x02 /* couldn't find track 0 */
56#define ABRT_ERR 0x04 /* Command aborted */
57#define MCR_ERR 0x08 /* media change request */
58#define ID_ERR 0x10 /* ID field not found */
59#define MC_ERR 0x20 /* media changed */
60#define ECC_ERR 0x40 /* Uncorrectable ECC error */
61#define BBD_ERR 0x80 /* pre-EIDE meaning: block marked bad */
62#define ICRC_ERR 0x80 /* new meaning: CRC error during transfer */
63
64/* Bits of HD_NSECTOR */
65#define CD 0x01
66#define IO 0x02
67#define REL 0x04
68#define TAG_MASK 0xf8
69
70#define IDE_CMD_RESET 0x04
71#define IDE_CMD_DISABLE_IRQ 0x02
72
73/* ATA/ATAPI Commands pre T13 Spec */
74#define WIN_NOP 0x00
75/*
76 * 0x01->0x02 Reserved
77 */
78#define CFA_REQ_EXT_ERROR_CODE 0x03 /* CFA Request Extended Error Code */
79/*
80 * 0x04->0x07 Reserved
81 */
82#define WIN_SRST 0x08 /* ATAPI soft reset command */
83#define WIN_DEVICE_RESET 0x08
84/*
85 * 0x09->0x0F Reserved
86 */
87#define WIN_RECAL 0x10
88#define WIN_RESTORE WIN_RECAL
89/*
90 * 0x10->0x1F Reserved
91 */
92#define WIN_READ 0x20 /* 28-Bit */
93#define WIN_READ_ONCE 0x21 /* 28-Bit without retries */
94#define WIN_READ_LONG 0x22 /* 28-Bit */
95#define WIN_READ_LONG_ONCE 0x23 /* 28-Bit without retries */
96#define WIN_READ_EXT 0x24 /* 48-Bit */
97#define WIN_READDMA_EXT 0x25 /* 48-Bit */
98#define WIN_READDMA_QUEUED_EXT 0x26 /* 48-Bit */
99#define WIN_READ_NATIVE_MAX_EXT 0x27 /* 48-Bit */
100/*
101 * 0x28
102 */
103#define WIN_MULTREAD_EXT 0x29 /* 48-Bit */
104/*
105 * 0x2A->0x2F Reserved
106 */
107#define WIN_WRITE 0x30 /* 28-Bit */
108#define WIN_WRITE_ONCE 0x31 /* 28-Bit without retries */
109#define WIN_WRITE_LONG 0x32 /* 28-Bit */
110#define WIN_WRITE_LONG_ONCE 0x33 /* 28-Bit without retries */
111#define WIN_WRITE_EXT 0x34 /* 48-Bit */
112#define WIN_WRITEDMA_EXT 0x35 /* 48-Bit */
113#define WIN_WRITEDMA_QUEUED_EXT 0x36 /* 48-Bit */
114#define WIN_SET_MAX_EXT 0x37 /* 48-Bit */
115#define CFA_WRITE_SECT_WO_ERASE 0x38 /* CFA Write Sectors without erase */
116#define WIN_MULTWRITE_EXT 0x39 /* 48-Bit */
117/*
118 * 0x3A->0x3B Reserved
119 */
120#define WIN_WRITE_VERIFY 0x3C /* 28-Bit */
121/*
122 * 0x3D->0x3F Reserved
123 */
124#define WIN_VERIFY 0x40 /* 28-Bit - Read Verify Sectors */
125#define WIN_VERIFY_ONCE 0x41 /* 28-Bit - without retries */
126#define WIN_VERIFY_EXT 0x42 /* 48-Bit */
127/*
128 * 0x43->0x4F Reserved
129 */
130#define WIN_FORMAT 0x50
131/*
132 * 0x51->0x5F Reserved
133 */
134#define WIN_INIT 0x60
135/*
136 * 0x61->0x5F Reserved
137 */
138#define WIN_SEEK 0x70 /* 0x70-0x7F Reserved */
139#define CFA_TRANSLATE_SECTOR 0x87 /* CFA Translate Sector */
140#define WIN_DIAGNOSE 0x90
141#define WIN_SPECIFY 0x91 /* set drive geometry translation */
142#define WIN_DOWNLOAD_MICROCODE 0x92
143#define WIN_STANDBYNOW2 0x94
201a51fc 144#define CFA_IDLEIMMEDIATE 0x95 /* force drive to become "ready" */
5391d806
FB		 145#define WIN_STANDBY2 0x96
146#define WIN_SETIDLE2 0x97
147#define WIN_CHECKPOWERMODE2 0x98
148#define WIN_SLEEPNOW2 0x99
149/*
150 * 0x9A VENDOR
151 */
152#define WIN_PACKETCMD 0xA0 /* Send a packet command. */
153#define WIN_PIDENTIFY 0xA1 /* identify ATAPI device */
154#define WIN_QUEUED_SERVICE 0xA2
155#define WIN_SMART 0xB0 /* self-monitoring and reporting */
201a51fc
AZ		 156#define CFA_ACCESS_METADATA_STORAGE 0xB8
157#define CFA_ERASE_SECTORS 0xC0 /* microdrives implement as NOP */
5391d806
FB		 158#define WIN_MULTREAD 0xC4 /* read sectors using multiple mode*/
159#define WIN_MULTWRITE 0xC5 /* write sectors using multiple mode */
160#define WIN_SETMULT 0xC6 /* enable/disable multiple mode */
161#define WIN_READDMA_QUEUED 0xC7 /* read sectors using Queued DMA transfers */
162#define WIN_READDMA 0xC8 /* read sectors using DMA transfers */
163#define WIN_READDMA_ONCE 0xC9 /* 28-Bit - without retries */
164#define WIN_WRITEDMA 0xCA /* write sectors using DMA transfers */
165#define WIN_WRITEDMA_ONCE 0xCB /* 28-Bit - without retries */
166#define WIN_WRITEDMA_QUEUED 0xCC /* write sectors using Queued DMA transfers */
167#define CFA_WRITE_MULTI_WO_ERASE 0xCD /* CFA Write multiple without erase */
5fafdf24 168#define WIN_GETMEDIASTATUS 0xDA
5391d806
FB		 169#define WIN_ACKMEDIACHANGE 0xDB /* ATA-1, ATA-2 vendor */
170#define WIN_POSTBOOT 0xDC
171#define WIN_PREBOOT 0xDD
172#define WIN_DOORLOCK 0xDE /* lock door on removable drives */
173#define WIN_DOORUNLOCK 0xDF /* unlock door on removable drives */
174#define WIN_STANDBYNOW1 0xE0
175#define WIN_IDLEIMMEDIATE 0xE1 /* force drive to become "ready" */
176#define WIN_STANDBY 0xE2 /* Set device in Standby Mode */
177#define WIN_SETIDLE1 0xE3
178#define WIN_READ_BUFFER 0xE4 /* force read only 1 sector */
179#define WIN_CHECKPOWERMODE1 0xE5
180#define WIN_SLEEPNOW1 0xE6
181#define WIN_FLUSH_CACHE 0xE7
182#define WIN_WRITE_BUFFER 0xE8 /* force write only 1 sector */
183#define WIN_WRITE_SAME 0xE9 /* read ata-2 to use */
184 /* SET_FEATURES 0x22 or 0xDD */
185#define WIN_FLUSH_CACHE_EXT 0xEA /* 48-Bit */
186#define WIN_IDENTIFY 0xEC /* ask drive to identify itself */
187#define WIN_MEDIAEJECT 0xED
188#define WIN_IDENTIFY_DMA 0xEE /* same as WIN_IDENTIFY, but DMA */
189#define WIN_SETFEATURES 0xEF /* set special drive features */
190#define EXABYTE_ENABLE_NEST 0xF0
201a51fc 191#define IBM_SENSE_CONDITION 0xF0 /* measure disk temperature */
5391d806
FB		 192#define WIN_SECURITY_SET_PASS 0xF1
193#define WIN_SECURITY_UNLOCK 0xF2
194#define WIN_SECURITY_ERASE_PREPARE 0xF3
195#define WIN_SECURITY_ERASE_UNIT 0xF4
196#define WIN_SECURITY_FREEZE_LOCK 0xF5
201a51fc 197#define CFA_WEAR_LEVEL 0xF5 /* microdrives implement as NOP */
5391d806
FB		 198#define WIN_SECURITY_DISABLE 0xF6
199#define WIN_READ_NATIVE_MAX 0xF8 /* return the native maximum address */
200#define WIN_SET_MAX 0xF9
201#define DISABLE_SEAGATE 0xFB
202
203/* set to 1 set disable mult support */
f66723fa 204#define MAX_MULT_SECTORS 16
5391d806 205
1d8cde5b
AJ		 206#define IDE_DMA_BUF_SECTORS 256
207
208#if (IDE_DMA_BUF_SECTORS < MAX_MULT_SECTORS)
209#error "IDE_DMA_BUF_SECTORS must be bigger or equal to MAX_MULT_SECTORS"
210#endif
211
5391d806
FB		 212/* ATAPI defines */
213
214#define ATAPI_PACKET_SIZE 12
215
216/* The generic packet command opcodes for CD/DVD Logical Units,
217 * From Table 57 of the SFF8090 Ver. 3 (Mt. Fuji) draft standard. */
218#define GPCMD_BLANK 0xa1
219#define GPCMD_CLOSE_TRACK 0x5b
220#define GPCMD_FLUSH_CACHE 0x35
221#define GPCMD_FORMAT_UNIT 0x04
222#define GPCMD_GET_CONFIGURATION 0x46
223#define GPCMD_GET_EVENT_STATUS_NOTIFICATION 0x4a
224#define GPCMD_GET_PERFORMANCE 0xac
225#define GPCMD_INQUIRY 0x12
226#define GPCMD_LOAD_UNLOAD 0xa6
227#define GPCMD_MECHANISM_STATUS 0xbd
228#define GPCMD_MODE_SELECT_10 0x55
229#define GPCMD_MODE_SENSE_10 0x5a
230#define GPCMD_PAUSE_RESUME 0x4b
231#define GPCMD_PLAY_AUDIO_10 0x45
232#define GPCMD_PLAY_AUDIO_MSF 0x47
233#define GPCMD_PLAY_AUDIO_TI 0x48
234#define GPCMD_PLAY_CD 0xbc
235#define GPCMD_PREVENT_ALLOW_MEDIUM_REMOVAL 0x1e
236#define GPCMD_READ_10 0x28
237#define GPCMD_READ_12 0xa8
238#define GPCMD_READ_CDVD_CAPACITY 0x25
239#define GPCMD_READ_CD 0xbe
240#define GPCMD_READ_CD_MSF 0xb9
241#define GPCMD_READ_DISC_INFO 0x51
242#define GPCMD_READ_DVD_STRUCTURE 0xad
243#define GPCMD_READ_FORMAT_CAPACITIES 0x23
244#define GPCMD_READ_HEADER 0x44
245#define GPCMD_READ_TRACK_RZONE_INFO 0x52
246#define GPCMD_READ_SUBCHANNEL 0x42
247#define GPCMD_READ_TOC_PMA_ATIP 0x43
248#define GPCMD_REPAIR_RZONE_TRACK 0x58
249#define GPCMD_REPORT_KEY 0xa4
250#define GPCMD_REQUEST_SENSE 0x03
251#define GPCMD_RESERVE_RZONE_TRACK 0x53
252#define GPCMD_SCAN 0xba
253#define GPCMD_SEEK 0x2b
254#define GPCMD_SEND_DVD_STRUCTURE 0xad
255#define GPCMD_SEND_EVENT 0xa2
256#define GPCMD_SEND_KEY 0xa3
257#define GPCMD_SEND_OPC 0x54
258#define GPCMD_SET_READ_AHEAD 0xa7
259#define GPCMD_SET_STREAMING 0xb6
260#define GPCMD_START_STOP_UNIT 0x1b
261#define GPCMD_STOP_PLAY_SCAN 0x4e
262#define GPCMD_TEST_UNIT_READY 0x00
263#define GPCMD_VERIFY_10 0x2f
264#define GPCMD_WRITE_10 0x2a
265#define GPCMD_WRITE_AND_VERIFY_10 0x2e
5fafdf24 266/* This is listed as optional in ATAPI 2.6, but is (curiously)
5391d806
FB		 267 * missing from Mt. Fuji, Table 57. It _is_ mentioned in Mt. Fuji
268 * Table 377 as an MMC command for SCSi devices though... Most ATAPI
269 * drives support it. */
270#define GPCMD_SET_SPEED 0xbb
5fafdf24 271/* This seems to be a SCSI specific CD-ROM opcode
5391d806
FB		 272 * to play data at track/index */
273#define GPCMD_PLAYAUDIO_TI 0x48
274/*
275 * From MS Media Status Notification Support Specification. For
276 * older drives only.
277 */
278#define GPCMD_GET_MEDIA_STATUS 0xda
d14049ea 279#define GPCMD_MODE_SENSE_6 0x1a
5391d806
FB		 280
281/* Mode page codes for mode sense/set */
282#define GPMODE_R_W_ERROR_PAGE 0x01
283#define GPMODE_WRITE_PARMS_PAGE 0x05
284#define GPMODE_AUDIO_CTL_PAGE 0x0e
285#define GPMODE_POWER_PAGE 0x1a
286#define GPMODE_FAULT_FAIL_PAGE 0x1c
287#define GPMODE_TO_PROTECT_PAGE 0x1d
288#define GPMODE_CAPABILITIES_PAGE 0x2a
289#define GPMODE_ALL_PAGES 0x3f
290/* Not in Mt. Fuji, but in ATAPI 2.6 -- depricated now in favor
291 * of MODE_SENSE_POWER_PAGE */
292#define GPMODE_CDROM_PAGE 0x0d
293
38cdea7c
AZ		 294/*
295 * Based on values from <linux/cdrom.h> but extending CD_MINS
296 * to the maximum common size allowed by the Orange's Book ATIP
297 *
298 * 90 and 99 min CDs are also available but using them as the
299 * upper limit reduces the effectiveness of the heuristic to
300 * detect DVDs burned to less than 25% of their maximum capacity
301 */
302
303/* Some generally useful CD-ROM information */
304#define CD_MINS 80 /* max. minutes per CD */
305#define CD_SECS 60 /* seconds per minute */
306#define CD_FRAMES 75 /* frames per second */
307#define CD_FRAMESIZE 2048 /* bytes per frame, "cooked" mode */
308#define CD_MAX_BYTES (CD_MINS * CD_SECS * CD_FRAMES * CD_FRAMESIZE)
309#define CD_MAX_SECTORS (CD_MAX_BYTES / 512)
310
311/*
312 * The MMC values are not IDE specific and might need to be moved
313 * to a common header if they are also needed for the SCSI emulation
314 */
315
316/* Profile list from MMC-6 revision 1 table 91 */
317#define MMC_PROFILE_NONE 0x0000
318#define MMC_PROFILE_CD_ROM 0x0008
319#define MMC_PROFILE_CD_R 0x0009
320#define MMC_PROFILE_CD_RW 0x000A
321#define MMC_PROFILE_DVD_ROM 0x0010
322#define MMC_PROFILE_DVD_R_SR 0x0011
323#define MMC_PROFILE_DVD_RAM 0x0012
324#define MMC_PROFILE_DVD_RW_RO 0x0013
325#define MMC_PROFILE_DVD_RW_SR 0x0014
326#define MMC_PROFILE_DVD_R_DL_SR 0x0015
327#define MMC_PROFILE_DVD_R_DL_JR 0x0016
328#define MMC_PROFILE_DVD_RW_DL 0x0017
329#define MMC_PROFILE_DVD_DDR 0x0018
330#define MMC_PROFILE_DVD_PLUS_RW 0x001A
331#define MMC_PROFILE_DVD_PLUS_R 0x001B
332#define MMC_PROFILE_DVD_PLUS_RW_DL 0x002A
333#define MMC_PROFILE_DVD_PLUS_R_DL 0x002B
334#define MMC_PROFILE_BD_ROM 0x0040
335#define MMC_PROFILE_BD_R_SRM 0x0041
336#define MMC_PROFILE_BD_R_RRM 0x0042
337#define MMC_PROFILE_BD_RE 0x0043
338#define MMC_PROFILE_HDDVD_ROM 0x0050
339#define MMC_PROFILE_HDDVD_R 0x0051
340#define MMC_PROFILE_HDDVD_RAM 0x0052
341#define MMC_PROFILE_HDDVD_RW 0x0053
342#define MMC_PROFILE_HDDVD_R_DL 0x0058
343#define MMC_PROFILE_HDDVD_RW_DL 0x005A
344#define MMC_PROFILE_INVALID 0xFFFF
345
5391d806
FB		 346#define ATAPI_INT_REASON_CD 0x01 /* 0 = data transfer */
347#define ATAPI_INT_REASON_IO 0x02 /* 1 = transfer to the host */
348#define ATAPI_INT_REASON_REL 0x04
349#define ATAPI_INT_REASON_TAG 0xf8
350
351/* same constants as bochs */
7f777bf3 352#define ASC_ILLEGAL_OPCODE 0x20
5391d806
FB		 353#define ASC_LOGICAL_BLOCK_OOR 0x21
354#define ASC_INV_FIELD_IN_CMD_PACKET 0x24
9118e7f0 355#define ASC_MEDIUM_MAY_HAVE_CHANGED 0x28
8114e9e8 356#define ASC_INCOMPATIBLE_FORMAT 0x30
5391d806
FB		 357#define ASC_MEDIUM_NOT_PRESENT 0x3a
358#define ASC_SAVING_PARAMETERS_NOT_SUPPORTED 0x39
359
201a51fc
AZ		 360#define CFA_NO_ERROR 0x00
361#define CFA_MISC_ERROR 0x09
362#define CFA_INVALID_COMMAND 0x20
363#define CFA_INVALID_ADDRESS 0x21
364#define CFA_ADDRESS_OVERFLOW 0x2f
365
5391d806
FB		 366#define SENSE_NONE 0
367#define SENSE_NOT_READY 2
368#define SENSE_ILLEGAL_REQUEST 5
369#define SENSE_UNIT_ATTENTION 6
370
371struct IDEState;
372
373typedef void EndTransferFunc(struct IDEState *);
374
caed8802 375/* NOTE: IDEState represents in fact one drive */
5391d806
FB		 376typedef struct IDEState {
377 /* ide config */
378 int is_cdrom;
201a51fc 379 int is_cf;
5391d806
FB		 380 int cylinders, heads, sectors;
381 int64_t nb_sectors;
382 int mult_sectors;
94458802
FB		 383 int identify_set;
384 uint16_t identify_data[256];
d537cf6c 385 qemu_irq irq;
34e538ae 386 PCIDevice *pci_dev;
98087450 387 struct BMDMAState *bmdma;
aedf5382 388 int drive_serial;
5391d806
FB		 389 /* ide regs */
390 uint8_t feature;
391 uint8_t error;
c2ff060f 392 uint32_t nsector;
5391d806
FB		 393 uint8_t sector;
394 uint8_t lcyl;
395 uint8_t hcyl;
c2ff060f
FB		 396 /* other part of tf for lba48 support */
397 uint8_t hob_feature;
398 uint8_t hob_nsector;
399 uint8_t hob_sector;
400 uint8_t hob_lcyl;
401 uint8_t hob_hcyl;
402
5391d806
FB		 403 uint8_t select;
404 uint8_t status;
c2ff060f 405
5391d806
FB		 406 /* 0x3f6 command, only meaningful for drive 0 */
407 uint8_t cmd;
c2ff060f
FB		 408 /* set for lba48 access */
409 uint8_t lba48;
5391d806 410 /* depends on bit 4 in select, only meaningful for drive 0 */
5fafdf24 411 struct IDEState *cur_drive;
5391d806
FB		 412 BlockDriverState *bs;
413 /* ATAPI specific */
414 uint8_t sense_key;
415 uint8_t asc;
416 int packet_transfer_size;
417 int elementary_transfer_size;
418 int io_buffer_index;
419 int lba;
98087450
FB		 420 int cd_sector_size;
421 int atapi_dma; /* true if dma is requested for the packet cmd */
422 /* ATA DMA state */
423 int io_buffer_size;
424 /* PIO transfer handling */
5391d806
FB		 425 int req_nb_sectors; /* number of sectors per interrupt */
426 EndTransferFunc *end_transfer_func;
427 uint8_t *data_ptr;
428 uint8_t *data_end;
33f00271 429 uint8_t *io_buffer;
31c2a146 430 QEMUTimer *sector_write_timer; /* only used for win2k install hack */
e774a278 431 uint32_t irq_count; /* counts IRQs when using win2k install hack */
201a51fc
AZ		 432 /* CF-ATA extended error */
433 uint8_t ext_error;
434 /* CF-ATA metadata storage */
435 uint32_t mdata_size;
436 uint8_t *mdata_storage;
437 int media_changed;
5391d806
FB		 438} IDEState;
439
8114e9e8
TS		 440/* XXX: DVDs that could fit on a CD will be reported as a CD */
441static inline int media_present(IDEState *s)
442{
443 return (s->nb_sectors > 0);
444}
445
446static inline int media_is_dvd(IDEState *s)
447{
448 return (media_present(s) && s->nb_sectors > CD_MAX_SECTORS);
449}
450
451static inline int media_is_cd(IDEState *s)
452{
453 return (media_present(s) && s->nb_sectors <= CD_MAX_SECTORS);
454}
455
98087450
FB		 456#define BM_STATUS_DMAING 0x01
457#define BM_STATUS_ERROR 0x02
458#define BM_STATUS_INT 0x04
459
460#define BM_CMD_START 0x01
461#define BM_CMD_READ 0x08
462
5457c8ce
FB		 463#define IDE_TYPE_PIIX3 0
464#define IDE_TYPE_CMD646 1
afcc3cdf 465#define IDE_TYPE_PIIX4 2
5457c8ce
FB		 466
467/* CMD646 specific */
468#define MRDMODE 0x71
469#define MRDMODE_INTR_CH0 0x04
470#define MRDMODE_INTR_CH1 0x08
471#define MRDMODE_BLK_CH0 0x10
472#define MRDMODE_BLK_CH1 0x20
473#define UDIDETCR0 0x73
474#define UDIDETCR1 0x7B
475
98087450
FB		 476typedef struct BMDMAState {
477 uint8_t cmd;
478 uint8_t status;
479 uint32_t addr;
3b46e624 480
5457c8ce 481 struct PCIIDEState *pci_dev;
98087450 482 /* current transfer state */
8ccad811
FB		 483 uint32_t cur_addr;
484 uint32_t cur_prd_last;
485 uint32_t cur_prd_addr;
486 uint32_t cur_prd_len;
98087450 487 IDEState *ide_if;
8ccad811
FB		 488 BlockDriverCompletionFunc *dma_cb;
489 BlockDriverAIOCB *aiocb;
98087450
FB		 490} BMDMAState;
491
492typedef struct PCIIDEState {
493 PCIDevice dev;
494 IDEState ide_if[4];
495 BMDMAState bmdma[2];
5457c8ce 496 int type; /* see IDE_TYPE_xxx */
98087450
FB		 497} PCIIDEState;
498
8ccad811 499static void ide_dma_start(IDEState *s, BlockDriverCompletionFunc *dma_cb);
5f12ab4b 500static void ide_atapi_cmd_read_dma_cb(void *opaque, int ret);
98087450 501
5391d806
FB		 502static void padstr(char *str, const char *src, int len)
503{
504 int i, v;
505 for(i = 0; i < len; i++) {
506 if (*src)
507 v = *src++;
508 else
509 v = ' ';
69b34976 510 str[i^1] = v;
5391d806
FB		 511 }
512}
513
bd0d90b2
FB		 514static void padstr8(uint8_t *buf, int buf_size, const char *src)
515{
516 int i;
517 for(i = 0; i < buf_size; i++) {
518 if (*src)
519 buf[i] = *src++;
520 else
521 buf[i] = ' ';
522 }
523}
524
67b915a5
FB		 525static void put_le16(uint16_t *p, unsigned int v)
526{
0c4ad8dc 527 *p = cpu_to_le16(v);
67b915a5
FB		 528}
529
5391d806
FB		 530static void ide_identify(IDEState *s)
531{
532 uint16_t *p;
533 unsigned int oldsize;
aedf5382 534 char buf[20];
5391d806 535
94458802
FB		 536 if (s->identify_set) {
537 memcpy(s->io_buffer, s->identify_data, sizeof(s->identify_data));
538 return;
539 }
540
5391d806
FB		 541 memset(s->io_buffer, 0, 512);
542 p = (uint16_t *)s->io_buffer;
67b915a5 543 put_le16(p + 0, 0x0040);
5fafdf24 544 put_le16(p + 1, s->cylinders);
67b915a5
FB		 545 put_le16(p + 3, s->heads);
546 put_le16(p + 4, 512 * s->sectors); /* XXX: retired, remove ? */
547 put_le16(p + 5, 512); /* XXX: retired, remove ? */
5fafdf24 548 put_le16(p + 6, s->sectors);
aedf5382 549 snprintf(buf, sizeof(buf), "QM%05d", s->drive_serial);
60fe76f3 550 padstr((char *)(p + 10), buf, 20); /* serial number */
67b915a5
FB		 551 put_le16(p + 20, 3); /* XXX: retired, remove ? */
552 put_le16(p + 21, 512); /* cache size in sectors */
553 put_le16(p + 22, 4); /* ecc bytes */
60fe76f3
TS		 554 padstr((char *)(p + 23), QEMU_VERSION, 8); /* firmware version */
555 padstr((char *)(p + 27), "QEMU HARDDISK", 40); /* model */
3b46e624 556#if MAX_MULT_SECTORS > 1
67b915a5 557 put_le16(p + 47, 0x8000 | MAX_MULT_SECTORS);
5391d806 558#endif
67b915a5 559 put_le16(p + 48, 1); /* dword I/O */
94458802 560 put_le16(p + 49, (1 << 11) | (1 << 9) | (1 << 8)); /* DMA and LBA supported */
67b915a5
FB		 561 put_le16(p + 51, 0x200); /* PIO transfer cycle */
562 put_le16(p + 52, 0x200); /* DMA transfer cycle */
94458802 563 put_le16(p + 53, 1 | (1 << 1) | (1 << 2)); /* words 54-58,64-70,88 are valid */
67b915a5
FB		 564 put_le16(p + 54, s->cylinders);
565 put_le16(p + 55, s->heads);
566 put_le16(p + 56, s->sectors);
5391d806 567 oldsize = s->cylinders * s->heads * s->sectors;
67b915a5
FB		 568 put_le16(p + 57, oldsize);
569 put_le16(p + 58, oldsize >> 16);
5391d806 570 if (s->mult_sectors)
67b915a5
FB		 571 put_le16(p + 59, 0x100 | s->mult_sectors);
572 put_le16(p + 60, s->nb_sectors);
573 put_le16(p + 61, s->nb_sectors >> 16);
d1b5c20d 574 put_le16(p + 62, 0x07); /* single word dma0-2 supported */
94458802
FB		 575 put_le16(p + 63, 0x07); /* mdma0-2 supported */
576 put_le16(p + 65, 120);
577 put_le16(p + 66, 120);
578 put_le16(p + 67, 120);
579 put_le16(p + 68, 120);
580 put_le16(p + 80, 0xf0); /* ata3 -> ata6 supported */
581 put_le16(p + 81, 0x16); /* conforms to ata5 */
67b915a5 582 put_le16(p + 82, (1 << 14));
c2ff060f
FB		 583 /* 13=flush_cache_ext,12=flush_cache,10=lba48 */
584 put_le16(p + 83, (1 << 14) | (1 << 13) | (1 <<12) | (1 << 10));
67b915a5
FB		 585 put_le16(p + 84, (1 << 14));
586 put_le16(p + 85, (1 << 14));
c2ff060f
FB		 587 /* 13=flush_cache_ext,12=flush_cache,10=lba48 */
588 put_le16(p + 86, (1 << 14) | (1 << 13) | (1 <<12) | (1 << 10));
67b915a5 589 put_le16(p + 87, (1 << 14));
94458802
FB		 590 put_le16(p + 88, 0x3f | (1 << 13)); /* udma5 set and supported */
591 put_le16(p + 93, 1 | (1 << 14) | 0x2000);
c2ff060f
FB		 592 put_le16(p + 100, s->nb_sectors);
593 put_le16(p + 101, s->nb_sectors >> 16);
594 put_le16(p + 102, s->nb_sectors >> 32);
595 put_le16(p + 103, s->nb_sectors >> 48);
94458802
FB		 596
597 memcpy(s->identify_data, p, sizeof(s->identify_data));
598 s->identify_set = 1;
5391d806
FB		 599}
600
601static void ide_atapi_identify(IDEState *s)
602{
603 uint16_t *p;
aedf5382 604 char buf[20];
5391d806 605
94458802
FB		 606 if (s->identify_set) {
607 memcpy(s->io_buffer, s->identify_data, sizeof(s->identify_data));
608 return;
609 }
610
5391d806
FB		 611 memset(s->io_buffer, 0, 512);
612 p = (uint16_t *)s->io_buffer;
613 /* Removable CDROM, 50us response, 12 byte packets */
67b915a5 614 put_le16(p + 0, (2 << 14) | (5 << 8) | (1 << 7) | (2 << 5) | (0 << 0));
aedf5382 615 snprintf(buf, sizeof(buf), "QM%05d", s->drive_serial);
60fe76f3 616 padstr((char *)(p + 10), buf, 20); /* serial number */
67b915a5
FB		 617 put_le16(p + 20, 3); /* buffer type */
618 put_le16(p + 21, 512); /* cache size in sectors */
619 put_le16(p + 22, 4); /* ecc bytes */
60fe76f3 620 padstr((char *)(p + 23), QEMU_VERSION, 8); /* firmware version */
38cdea7c 621 padstr((char *)(p + 27), "QEMU DVD-ROM", 40); /* model */
67b915a5 622 put_le16(p + 48, 1); /* dword I/O (XXX: should not be set on CDROM) */
8ccad811
FB		 623#ifdef USE_DMA_CDROM
624 put_le16(p + 49, 1 << 9 | 1 << 8); /* DMA and LBA supported */
625 put_le16(p + 53, 7); /* words 64-70, 54-58, 88 valid */
d1b5c20d 626 put_le16(p + 62, 7); /* single word dma0-2 supported */
8ccad811
FB		 627 put_le16(p + 63, 7); /* mdma0-2 supported */
628 put_le16(p + 64, 0x3f); /* PIO modes supported */
629#else
67b915a5
FB		 630 put_le16(p + 49, 1 << 9); /* LBA supported, no DMA */
631 put_le16(p + 53, 3); /* words 64-70, 54-58 valid */
632 put_le16(p + 63, 0x103); /* DMA modes XXX: may be incorrect */
633 put_le16(p + 64, 1); /* PIO modes */
8ccad811 634#endif
67b915a5
FB		 635 put_le16(p + 65, 0xb4); /* minimum DMA multiword tx cycle time */
636 put_le16(p + 66, 0xb4); /* recommended DMA multiword tx cycle time */
637 put_le16(p + 67, 0x12c); /* minimum PIO cycle time without flow control */
638 put_le16(p + 68, 0xb4); /* minimum PIO cycle time with IORDY flow control */
94458802 639
67b915a5
FB		 640 put_le16(p + 71, 30); /* in ns */
641 put_le16(p + 72, 30); /* in ns */
5391d806 642
67b915a5 643 put_le16(p + 80, 0x1e); /* support up to ATA/ATAPI-4 */
8ccad811
FB		 644#ifdef USE_DMA_CDROM
645 put_le16(p + 88, 0x3f | (1 << 13)); /* udma5 set and supported */
646#endif
94458802
FB		 647 memcpy(s->identify_data, p, sizeof(s->identify_data));
648 s->identify_set = 1;
5391d806
FB		 649}
650
201a51fc
AZ		 651static void ide_cfata_identify(IDEState *s)
652{
653 uint16_t *p;
654 uint32_t cur_sec;
655 char buf[20];
656
657 p = (uint16_t *) s->identify_data;
658 if (s->identify_set)
659 goto fill_buffer;
660
661 memset(p, 0, sizeof(s->identify_data));
662
663 cur_sec = s->cylinders * s->heads * s->sectors;
664
665 put_le16(p + 0, 0x848a); /* CF Storage Card signature */
666 put_le16(p + 1, s->cylinders); /* Default cylinders */
667 put_le16(p + 3, s->heads); /* Default heads */
668 put_le16(p + 6, s->sectors); /* Default sectors per track */
669 put_le16(p + 7, s->nb_sectors >> 16); /* Sectors per card */
670 put_le16(p + 8, s->nb_sectors); /* Sectors per card */
671 snprintf(buf, sizeof(buf), "QM%05d", s->drive_serial);
60fe76f3 672 padstr((char *)(p + 10), buf, 20); /* Serial number in ASCII */
201a51fc 673 put_le16(p + 22, 0x0004); /* ECC bytes */
60fe76f3
TS		 674 padstr((char *) (p + 23), QEMU_VERSION, 8); /* Firmware Revision */
675 padstr((char *) (p + 27), "QEMU MICRODRIVE", 40);/* Model number */
201a51fc
AZ		 676#if MAX_MULT_SECTORS > 1
677 put_le16(p + 47, 0x8000 | MAX_MULT_SECTORS);
678#else
679 put_le16(p + 47, 0x0000);
680#endif
681 put_le16(p + 49, 0x0f00); /* Capabilities */
682 put_le16(p + 51, 0x0002); /* PIO cycle timing mode */
683 put_le16(p + 52, 0x0001); /* DMA cycle timing mode */
684 put_le16(p + 53, 0x0003); /* Translation params valid */
685 put_le16(p + 54, s->cylinders); /* Current cylinders */
686 put_le16(p + 55, s->heads); /* Current heads */
687 put_le16(p + 56, s->sectors); /* Current sectors */
688 put_le16(p + 57, cur_sec); /* Current capacity */
689 put_le16(p + 58, cur_sec >> 16); /* Current capacity */
690 if (s->mult_sectors) /* Multiple sector setting */
691 put_le16(p + 59, 0x100 | s->mult_sectors);
692 put_le16(p + 60, s->nb_sectors); /* Total LBA sectors */
693 put_le16(p + 61, s->nb_sectors >> 16); /* Total LBA sectors */
694 put_le16(p + 63, 0x0203); /* Multiword DMA capability */
695 put_le16(p + 64, 0x0001); /* Flow Control PIO support */
696 put_le16(p + 65, 0x0096); /* Min. Multiword DMA cycle */
697 put_le16(p + 66, 0x0096); /* Rec. Multiword DMA cycle */
698 put_le16(p + 68, 0x00b4); /* Min. PIO cycle time */
699 put_le16(p + 82, 0x400c); /* Command Set supported */
700 put_le16(p + 83, 0x7068); /* Command Set supported */
701 put_le16(p + 84, 0x4000); /* Features supported */
702 put_le16(p + 85, 0x000c); /* Command Set enabled */
703 put_le16(p + 86, 0x7044); /* Command Set enabled */
704 put_le16(p + 87, 0x4000); /* Features enabled */
705 put_le16(p + 91, 0x4060); /* Current APM level */
706 put_le16(p + 129, 0x0002); /* Current features option */
707 put_le16(p + 130, 0x0005); /* Reassigned sectors */
708 put_le16(p + 131, 0x0001); /* Initial power mode */
709 put_le16(p + 132, 0x0000); /* User signature */
710 put_le16(p + 160, 0x8100); /* Power requirement */
711 put_le16(p + 161, 0x8001); /* CF command set */
712
713 s->identify_set = 1;
714
715fill_buffer:
716 memcpy(s->io_buffer, p, sizeof(s->identify_data));
717}
718
5391d806
FB		 719static void ide_set_signature(IDEState *s)
720{
721 s->select &= 0xf0; /* clear head */
722 /* put signature */
723 s->nsector = 1;
724 s->sector = 1;
725 if (s->is_cdrom) {
726 s->lcyl = 0x14;
727 s->hcyl = 0xeb;
728 } else if (s->bs) {
729 s->lcyl = 0;
730 s->hcyl = 0;
731 } else {
732 s->lcyl = 0xff;
733 s->hcyl = 0xff;
734 }
735}
736
737static inline void ide_abort_command(IDEState *s)
738{
739 s->status = READY_STAT | ERR_STAT;
740 s->error = ABRT_ERR;
741}
742
5604e090
AZ		 743static inline void ide_dma_submit_check(IDEState *s,
744 BlockDriverCompletionFunc *dma_cb, BMDMAState *bm)
745{
746 if (bm->aiocb)
747 return;
748 dma_cb(bm, -1);
749}
750
5391d806
FB		 751static inline void ide_set_irq(IDEState *s)
752{
98ff7d30 753 BMDMAState *bm = s->bmdma;
5391d806 754 if (!(s->cmd & IDE_CMD_DISABLE_IRQ)) {
5457c8ce 755 if (bm) {
98ff7d30 756 bm->status |= BM_STATUS_INT;
5457c8ce 757 }
d537cf6c 758 qemu_irq_raise(s->irq);
5391d806
FB		 759 }
760}
761
762/* prepare data transfer and tell what to do after */
5fafdf24 763static void ide_transfer_start(IDEState *s, uint8_t *buf, int size,
5391d806
FB		 764 EndTransferFunc *end_transfer_func)
765{
766 s->end_transfer_func = end_transfer_func;
767 s->data_ptr = buf;
768 s->data_end = buf + size;
7603d156
TS		 769 if (!(s->status & ERR_STAT))
770 s->status |= DRQ_STAT;
5391d806
FB		 771}
772
773static void ide_transfer_stop(IDEState *s)
774{
775 s->end_transfer_func = ide_transfer_stop;
776 s->data_ptr = s->io_buffer;
777 s->data_end = s->io_buffer;
778 s->status &= ~DRQ_STAT;
779}
780
781static int64_t ide_get_sector(IDEState *s)
782{
783 int64_t sector_num;
784 if (s->select & 0x40) {
785 /* lba */
c2ff060f
FB		 786 if (!s->lba48) {
787 sector_num = ((s->select & 0x0f) << 24) | (s->hcyl << 16) |
788 (s->lcyl << 8) | s->sector;
789 } else {
790 sector_num = ((int64_t)s->hob_hcyl << 40) |
791 ((int64_t) s->hob_lcyl << 32) |
792 ((int64_t) s->hob_sector << 24) |
793 ((int64_t) s->hcyl << 16) |
794 ((int64_t) s->lcyl << 8) | s->sector;
795 }
5391d806
FB		 796 } else {
797 sector_num = ((s->hcyl << 8) | s->lcyl) * s->heads * s->sectors +
c2ff060f 798 (s->select & 0x0f) * s->sectors + (s->sector - 1);
5391d806
FB		 799 }
800 return sector_num;
801}
802
803static void ide_set_sector(IDEState *s, int64_t sector_num)
804{
805 unsigned int cyl, r;
806 if (s->select & 0x40) {
c2ff060f
FB		 807 if (!s->lba48) {
808 s->select = (s->select & 0xf0) | (sector_num >> 24);
809 s->hcyl = (sector_num >> 16);
810 s->lcyl = (sector_num >> 8);
811 s->sector = (sector_num);
812 } else {
813 s->sector = sector_num;
814 s->lcyl = sector_num >> 8;
815 s->hcyl = sector_num >> 16;
816 s->hob_sector = sector_num >> 24;
817 s->hob_lcyl = sector_num >> 32;
818 s->hob_hcyl = sector_num >> 40;
819 }
5391d806
FB		 820 } else {
821 cyl = sector_num / (s->heads * s->sectors);
822 r = sector_num % (s->heads * s->sectors);
823 s->hcyl = cyl >> 8;
824 s->lcyl = cyl;
1b8eb456 825 s->select = (s->select & 0xf0) | ((r / s->sectors) & 0x0f);
5391d806
FB		 826 s->sector = (r % s->sectors) + 1;
827 }
828}
829
e162cfb0
AZ		 830static void ide_rw_error(IDEState *s) {
831 ide_abort_command(s);
832 ide_set_irq(s);
833}
834
5391d806
FB		 835static void ide_sector_read(IDEState *s)
836{
837 int64_t sector_num;
838 int ret, n;
839
840 s->status = READY_STAT | SEEK_STAT;
a136e5a8 841 s->error = 0; /* not needed by IDE spec, but needed by Windows */
5391d806
FB		 842 sector_num = ide_get_sector(s);
843 n = s->nsector;
844 if (n == 0) {
845 /* no more sector to read from disk */
846 ide_transfer_stop(s);
847 } else {
848#if defined(DEBUG_IDE)
18c5f8ea 849 printf("read sector=%" PRId64 "\n", sector_num);
5391d806
FB		 850#endif
851 if (n > s->req_nb_sectors)
852 n = s->req_nb_sectors;
853 ret = bdrv_read(s->bs, sector_num, s->io_buffer, n);
e162cfb0
AZ		 854 if (ret != 0) {
855 ide_rw_error(s);
856 return;
857 }
5391d806
FB		 858 ide_transfer_start(s, s->io_buffer, 512 * n, ide_sector_read);
859 ide_set_irq(s);
860 ide_set_sector(s, sector_num + n);
861 s->nsector -= n;
862 }
863}
864
e162cfb0
AZ		 865static void ide_dma_error(IDEState *s)
866{
867 ide_transfer_stop(s);
868 s->error = ABRT_ERR;
869 s->status = READY_STAT | ERR_STAT;
870 ide_set_irq(s);
871}
872
8ccad811
FB		 873/* return 0 if buffer completed */
874static int dma_buf_rw(BMDMAState *bm, int is_write)
98087450 875{
8ccad811
FB		 876 IDEState *s = bm->ide_if;
877 struct {
878 uint32_t addr;
879 uint32_t size;
880 } prd;
881 int l, len;
98087450 882
8ccad811
FB		 883 for(;;) {
884 l = s->io_buffer_size - s->io_buffer_index;
5fafdf24 885 if (l <= 0)
8ccad811
FB		 886 break;
887 if (bm->cur_prd_len == 0) {
888 /* end of table (with a fail safe of one page) */
889 if (bm->cur_prd_last ||
890 (bm->cur_addr - bm->addr) >= 4096)
891 return 0;
892 cpu_physical_memory_read(bm->cur_addr, (uint8_t *)&prd, 8);
893 bm->cur_addr += 8;
894 prd.addr = le32_to_cpu(prd.addr);
895 prd.size = le32_to_cpu(prd.size);
896 len = prd.size & 0xfffe;
897 if (len == 0)
898 len = 0x10000;
899 bm->cur_prd_len = len;
900 bm->cur_prd_addr = prd.addr;
901 bm->cur_prd_last = (prd.size & 0x80000000);
902 }
903 if (l > bm->cur_prd_len)
904 l = bm->cur_prd_len;
905 if (l > 0) {
906 if (is_write) {
5fafdf24 907 cpu_physical_memory_write(bm->cur_prd_addr,
8ccad811
FB		 908 s->io_buffer + s->io_buffer_index, l);
909 } else {
5fafdf24 910 cpu_physical_memory_read(bm->cur_prd_addr,
8ccad811
FB		 911 s->io_buffer + s->io_buffer_index, l);
912 }
913 bm->cur_prd_addr += l;
914 bm->cur_prd_len -= l;
915 s->io_buffer_index += l;
98087450 916 }
98087450 917 }
8ccad811
FB		 918 return 1;
919}
920
8ccad811
FB		 921static void ide_read_dma_cb(void *opaque, int ret)
922{
923 BMDMAState *bm = opaque;
924 IDEState *s = bm->ide_if;
925 int n;
926 int64_t sector_num;
927
e162cfb0
AZ		 928 if (ret < 0) {
929 ide_dma_error(s);
930 return;
931 }
932
8ccad811
FB		 933 n = s->io_buffer_size >> 9;
934 sector_num = ide_get_sector(s);
935 if (n > 0) {
936 sector_num += n;
937 ide_set_sector(s, sector_num);
938 s->nsector -= n;
939 if (dma_buf_rw(bm, 1) == 0)
940 goto eot;
941 }
942
943 /* end of transfer ? */
944 if (s->nsector == 0) {
98087450
FB		 945 s->status = READY_STAT | SEEK_STAT;
946 ide_set_irq(s);
8ccad811
FB		 947 eot:
948 bm->status &= ~BM_STATUS_DMAING;
949 bm->status |= BM_STATUS_INT;
950 bm->dma_cb = NULL;
951 bm->ide_if = NULL;
952 bm->aiocb = NULL;
953 return;
98087450 954 }
8ccad811
FB		 955
956 /* launch next transfer */
957 n = s->nsector;
1d8cde5b
AJ		 958 if (n > IDE_DMA_BUF_SECTORS)
959 n = IDE_DMA_BUF_SECTORS;
8ccad811
FB		 960 s->io_buffer_index = 0;
961 s->io_buffer_size = n * 512;
962#ifdef DEBUG_AIO
963 printf("aio_read: sector_num=%lld n=%d\n", sector_num, n);
964#endif
5fafdf24 965 bm->aiocb = bdrv_aio_read(s->bs, sector_num, s->io_buffer, n,
8ccad811 966 ide_read_dma_cb, bm);
5604e090 967 ide_dma_submit_check(s, ide_read_dma_cb, bm);
98087450
FB		 968}
969
970static void ide_sector_read_dma(IDEState *s)
971{
8ccad811 972 s->status = READY_STAT | SEEK_STAT | DRQ_STAT | BUSY_STAT;
98087450
FB		 973 s->io_buffer_index = 0;
974 s->io_buffer_size = 0;
975 ide_dma_start(s, ide_read_dma_cb);
976}
977
a09db21f
FB		 978static void ide_sector_write_timer_cb(void *opaque)
979{
980 IDEState *s = opaque;
981 ide_set_irq(s);
982}
983
5391d806
FB		 984static void ide_sector_write(IDEState *s)
985{
986 int64_t sector_num;
31c2a146 987 int ret, n, n1;
5391d806
FB		 988
989 s->status = READY_STAT | SEEK_STAT;
990 sector_num = ide_get_sector(s);
991#if defined(DEBUG_IDE)
18c5f8ea 992 printf("write sector=%" PRId64 "\n", sector_num);
5391d806
FB		 993#endif
994 n = s->nsector;
995 if (n > s->req_nb_sectors)
996 n = s->req_nb_sectors;
31c2a146 997 ret = bdrv_write(s->bs, sector_num, s->io_buffer, n);
e162cfb0
AZ		 998 if (ret != 0) {
999 ide_rw_error(s);
1000 return;
1001 }
1002
5391d806
FB		 1003 s->nsector -= n;
1004 if (s->nsector == 0) {
292eef5a 1005 /* no more sectors to write */
5391d806
FB		 1006 ide_transfer_stop(s);
1007 } else {
1008 n1 = s->nsector;
1009 if (n1 > s->req_nb_sectors)
1010 n1 = s->req_nb_sectors;
1011 ide_transfer_start(s, s->io_buffer, 512 * n1, ide_sector_write);
1012 }
1013 ide_set_sector(s, sector_num + n);
3b46e624 1014
31c2a146
TS		 1015#ifdef TARGET_I386
1016 if (win2k_install_hack && ((++s->irq_count % 16) == 0)) {
1017 /* It seems there is a bug in the Windows 2000 installer HDD
1018 IDE driver which fills the disk with empty logs when the
1019 IDE write IRQ comes too early. This hack tries to correct
1020 that at the expense of slower write performances. Use this
1021 option _only_ to install Windows 2000. You must disable it
1022 for normal use. */
1023 qemu_mod_timer(s->sector_write_timer,
1024 qemu_get_clock(vm_clock) + (ticks_per_sec / 1000));
1025 } else
1026#endif
1027 {
1028 ide_set_irq(s);
1029 }
5391d806
FB		 1030}
1031
8ccad811 1032static void ide_write_dma_cb(void *opaque, int ret)
98087450 1033{
8ccad811
FB		 1034 BMDMAState *bm = opaque;
1035 IDEState *s = bm->ide_if;
1036 int n;
98087450
FB		 1037 int64_t sector_num;
1038
e162cfb0
AZ		 1039 if (ret < 0) {
1040 ide_dma_error(s);
1041 return;
1042 }
1043
8ccad811
FB		 1044 n = s->io_buffer_size >> 9;
1045 sector_num = ide_get_sector(s);
1046 if (n > 0) {
1047 sector_num += n;
1048 ide_set_sector(s, sector_num);
1049 s->nsector -= n;
98087450 1050 }
98087450 1051
8ccad811
FB		 1052 /* end of transfer ? */
1053 if (s->nsector == 0) {
1054 s->status = READY_STAT | SEEK_STAT;
1055 ide_set_irq(s);
1056 eot:
1057 bm->status &= ~BM_STATUS_DMAING;
1058 bm->status |= BM_STATUS_INT;
1059 bm->dma_cb = NULL;
1060 bm->ide_if = NULL;
1061 bm->aiocb = NULL;
1062 return;
1063 }
1064
1065 /* launch next transfer */
98087450 1066 n = s->nsector;
1d8cde5b
AJ		 1067 if (n > IDE_DMA_BUF_SECTORS)
1068 n = IDE_DMA_BUF_SECTORS;
98087450
FB		 1069 s->io_buffer_index = 0;
1070 s->io_buffer_size = n * 512;
8ccad811
FB		 1071
1072 if (dma_buf_rw(bm, 0) == 0)
1073 goto eot;
1074#ifdef DEBUG_AIO
1075 printf("aio_write: sector_num=%lld n=%d\n", sector_num, n);
1076#endif
5fafdf24 1077 bm->aiocb = bdrv_aio_write(s->bs, sector_num, s->io_buffer, n,
8ccad811 1078 ide_write_dma_cb, bm);
5604e090 1079 ide_dma_submit_check(s, ide_write_dma_cb, bm);
8ccad811
FB		 1080}
1081
1082static void ide_sector_write_dma(IDEState *s)
1083{
1084 s->status = READY_STAT | SEEK_STAT | DRQ_STAT | BUSY_STAT;
1085 s->io_buffer_index = 0;
1086 s->io_buffer_size = 0;
98087450
FB		 1087 ide_dma_start(s, ide_write_dma_cb);
1088}
1089
5391d806
FB		 1090static void ide_atapi_cmd_ok(IDEState *s)
1091{
1092 s->error = 0;
41a2b959 1093 s->status = READY_STAT | SEEK_STAT;
5391d806
FB		 1094 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
1095 ide_set_irq(s);
1096}
1097
1098static void ide_atapi_cmd_error(IDEState *s, int sense_key, int asc)
1099{
1100#ifdef DEBUG_IDE_ATAPI
1101 printf("atapi_cmd_error: sense=0x%x asc=0x%x\n", sense_key, asc);
1102#endif
1103 s->error = sense_key << 4;
1104 s->status = READY_STAT | ERR_STAT;
1105 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
1106 s->sense_key = sense_key;
1107 s->asc = asc;
1108 ide_set_irq(s);
1109}
1110
9118e7f0
AL		 1111static void ide_atapi_cmd_check_status(IDEState *s)
1112{
1113#ifdef DEBUG_IDE_ATAPI
1114 printf("atapi_cmd_check_status\n");
1115#endif
1116 s->error = MC_ERR | (SENSE_UNIT_ATTENTION << 4);
1117 s->status = ERR_STAT;
1118 s->nsector = 0;
1119 ide_set_irq(s);
1120}
1121
5391d806
FB		 1122static inline void cpu_to_ube16(uint8_t *buf, int val)
1123{
1124 buf[0] = val >> 8;
1125 buf[1] = val;
1126}
1127
1128static inline void cpu_to_ube32(uint8_t *buf, unsigned int val)
1129{
1130 buf[0] = val >> 24;
1131 buf[1] = val >> 16;
1132 buf[2] = val >> 8;
1133 buf[3] = val;
1134}
1135
1136static inline int ube16_to_cpu(const uint8_t *buf)
1137{
1138 return (buf[0] << 8) | buf[1];
1139}
1140
1141static inline int ube32_to_cpu(const uint8_t *buf)
1142{
1143 return (buf[0] << 24) | (buf[1] << 16) | (buf[2] << 8) | buf[3];
1144}
1145
98087450
FB		 1146static void lba_to_msf(uint8_t *buf, int lba)
1147{
1148 lba += 150;
1149 buf[0] = (lba / 75) / 60;
1150 buf[1] = (lba / 75) % 60;
1151 buf[2] = lba % 75;
1152}
1153
8ccad811
FB		 1154static void cd_data_to_raw(uint8_t *buf, int lba)
1155{
1156 /* sync bytes */
1157 buf[0] = 0x00;
1158 memset(buf + 1, 0xff, 10);
1159 buf[11] = 0x00;
1160 buf += 12;
1161 /* MSF */
1162 lba_to_msf(buf, lba);
1163 buf[3] = 0x01; /* mode 1 data */
1164 buf += 4;
1165 /* data */
1166 buf += 2048;
1167 /* XXX: ECC not computed */
1168 memset(buf, 0, 288);
1169}
1170
5fafdf24 1171static int cd_read_sector(BlockDriverState *bs, int lba, uint8_t *buf,
98087450
FB		 1172 int sector_size)
1173{
66c6ef76
FB		 1174 int ret;
1175
98087450
FB		 1176 switch(sector_size) {
1177 case 2048:
66c6ef76 1178 ret = bdrv_read(bs, (int64_t)lba << 2, buf, 4);
98087450
FB		 1179 break;
1180 case 2352:
66c6ef76
FB		 1181 ret = bdrv_read(bs, (int64_t)lba << 2, buf + 16, 4);
1182 if (ret < 0)
1183 return ret;
8ccad811 1184 cd_data_to_raw(buf, lba);
98087450
FB		 1185 break;
1186 default:
66c6ef76 1187 ret = -EIO;
98087450
FB		 1188 break;
1189 }
66c6ef76
FB		 1190 return ret;
1191}
1192
1193static void ide_atapi_io_error(IDEState *s, int ret)
1194{
1195 /* XXX: handle more errors */
1196 if (ret == -ENOMEDIUM) {
5fafdf24 1197 ide_atapi_cmd_error(s, SENSE_NOT_READY,
66c6ef76
FB		 1198 ASC_MEDIUM_NOT_PRESENT);
1199 } else {
5fafdf24 1200 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
66c6ef76
FB		 1201 ASC_LOGICAL_BLOCK_OOR);
1202 }
98087450
FB		 1203}
1204
5391d806
FB		 1205/* The whole ATAPI transfer logic is handled in this function */
1206static void ide_atapi_cmd_reply_end(IDEState *s)
1207{
66c6ef76 1208 int byte_count_limit, size, ret;
5391d806 1209#ifdef DEBUG_IDE_ATAPI
5fafdf24 1210 printf("reply: tx_size=%d elem_tx_size=%d index=%d\n",
5391d806
FB		 1211 s->packet_transfer_size,
1212 s->elementary_transfer_size,
1213 s->io_buffer_index);
1214#endif
1215 if (s->packet_transfer_size <= 0) {
1216 /* end of transfer */
1217 ide_transfer_stop(s);
41a2b959 1218 s->status = READY_STAT | SEEK_STAT;
5391d806
FB		 1219 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
1220 ide_set_irq(s);
1221#ifdef DEBUG_IDE_ATAPI
1222 printf("status=0x%x\n", s->status);
1223#endif
1224 } else {
1225 /* see if a new sector must be read */
98087450 1226 if (s->lba != -1 && s->io_buffer_index >= s->cd_sector_size) {
66c6ef76
FB		 1227 ret = cd_read_sector(s->bs, s->lba, s->io_buffer, s->cd_sector_size);
1228 if (ret < 0) {
1229 ide_transfer_stop(s);
1230 ide_atapi_io_error(s, ret);
1231 return;
1232 }
5391d806
FB		 1233 s->lba++;
1234 s->io_buffer_index = 0;
1235 }
1236 if (s->elementary_transfer_size > 0) {
1237 /* there are some data left to transmit in this elementary
1238 transfer */
98087450 1239 size = s->cd_sector_size - s->io_buffer_index;
5391d806
FB		 1240 if (size > s->elementary_transfer_size)
1241 size = s->elementary_transfer_size;
5fafdf24 1242 ide_transfer_start(s, s->io_buffer + s->io_buffer_index,
5391d806
FB		 1243 size, ide_atapi_cmd_reply_end);
1244 s->packet_transfer_size -= size;
1245 s->elementary_transfer_size -= size;
1246 s->io_buffer_index += size;
1247 } else {
1248 /* a new transfer is needed */
1249 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO;
1250 byte_count_limit = s->lcyl | (s->hcyl << 8);
1251#ifdef DEBUG_IDE_ATAPI
1252 printf("byte_count_limit=%d\n", byte_count_limit);
1253#endif
1254 if (byte_count_limit == 0xffff)
1255 byte_count_limit--;
1256 size = s->packet_transfer_size;
1257 if (size > byte_count_limit) {
1258 /* byte count limit must be even if this case */
1259 if (byte_count_limit & 1)
1260 byte_count_limit--;
1261 size = byte_count_limit;
5391d806 1262 }
a136e5a8
FB		 1263 s->lcyl = size;
1264 s->hcyl = size >> 8;
5391d806
FB		 1265 s->elementary_transfer_size = size;
1266 /* we cannot transmit more than one sector at a time */
1267 if (s->lba != -1) {
98087450
FB		 1268 if (size > (s->cd_sector_size - s->io_buffer_index))
1269 size = (s->cd_sector_size - s->io_buffer_index);
5391d806 1270 }
5fafdf24 1271 ide_transfer_start(s, s->io_buffer + s->io_buffer_index,
5391d806
FB		 1272 size, ide_atapi_cmd_reply_end);
1273 s->packet_transfer_size -= size;
1274 s->elementary_transfer_size -= size;
1275 s->io_buffer_index += size;
1276 ide_set_irq(s);
1277#ifdef DEBUG_IDE_ATAPI
1278 printf("status=0x%x\n", s->status);
1279#endif
1280 }
1281 }
1282}
1283
1284/* send a reply of 'size' bytes in s->io_buffer to an ATAPI command */
1285static void ide_atapi_cmd_reply(IDEState *s, int size, int max_size)
1286{
1287 if (size > max_size)
1288 size = max_size;
1289 s->lba = -1; /* no sector read */
1290 s->packet_transfer_size = size;
5f12ab4b 1291 s->io_buffer_size = size; /* dma: send the reply data as one chunk */
5391d806
FB		 1292 s->elementary_transfer_size = 0;
1293 s->io_buffer_index = 0;
1294
5f12ab4b 1295 if (s->atapi_dma) {
41a2b959 1296 s->status = READY_STAT | SEEK_STAT | DRQ_STAT;
5f12ab4b
TS		 1297 ide_dma_start(s, ide_atapi_cmd_read_dma_cb);
1298 } else {
41a2b959 1299 s->status = READY_STAT | SEEK_STAT;
5f12ab4b
TS		 1300 ide_atapi_cmd_reply_end(s);
1301 }
5391d806
FB		 1302}
1303
1304/* start a CD-CDROM read command */
98087450
FB		 1305static void ide_atapi_cmd_read_pio(IDEState *s, int lba, int nb_sectors,
1306 int sector_size)
5391d806 1307{
5391d806 1308 s->lba = lba;
98087450 1309 s->packet_transfer_size = nb_sectors * sector_size;
5391d806 1310 s->elementary_transfer_size = 0;
98087450
FB		 1311 s->io_buffer_index = sector_size;
1312 s->cd_sector_size = sector_size;
5391d806 1313
41a2b959 1314 s->status = READY_STAT | SEEK_STAT;
5391d806
FB		 1315 ide_atapi_cmd_reply_end(s);
1316}
1317
98087450 1318/* ATAPI DMA support */
8ccad811
FB		 1319
1320/* XXX: handle read errors */
1321static void ide_atapi_cmd_read_dma_cb(void *opaque, int ret)
98087450 1322{
8ccad811
FB		 1323 BMDMAState *bm = opaque;
1324 IDEState *s = bm->ide_if;
1325 int data_offset, n;
1326
66c6ef76
FB		 1327 if (ret < 0) {
1328 ide_atapi_io_error(s, ret);
1329 goto eot;
1330 }
1331
8ccad811 1332 if (s->io_buffer_size > 0) {
5f12ab4b
TS		 1333 /*
1334 * For a cdrom read sector command (s->lba != -1),
1335 * adjust the lba for the next s->io_buffer_size chunk
1336 * and dma the current chunk.
1337 * For a command != read (s->lba == -1), just transfer
1338 * the reply data.
1339 */
1340 if (s->lba != -1) {
1341 if (s->cd_sector_size == 2352) {
1342 n = 1;
1343 cd_data_to_raw(s->io_buffer, s->lba);
1344 } else {
1345 n = s->io_buffer_size >> 11;
1346 }
1347 s->lba += n;
1348 }
8ccad811 1349 s->packet_transfer_size -= s->io_buffer_size;
8ccad811
FB		 1350 if (dma_buf_rw(bm, 1) == 0)
1351 goto eot;
98087450 1352 }
8ccad811 1353
98087450 1354 if (s->packet_transfer_size <= 0) {
41a2b959 1355 s->status = READY_STAT | SEEK_STAT;
98087450
FB		 1356 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
1357 ide_set_irq(s);
8ccad811
FB		 1358 eot:
1359 bm->status &= ~BM_STATUS_DMAING;
1360 bm->status |= BM_STATUS_INT;
1361 bm->dma_cb = NULL;
1362 bm->ide_if = NULL;
1363 bm->aiocb = NULL;
1364 return;
1365 }
3b46e624 1366
8ccad811
FB		 1367 s->io_buffer_index = 0;
1368 if (s->cd_sector_size == 2352) {
1369 n = 1;
1370 s->io_buffer_size = s->cd_sector_size;
1371 data_offset = 16;
1372 } else {
1373 n = s->packet_transfer_size >> 11;
1d8cde5b
AJ		 1374 if (n > (IDE_DMA_BUF_SECTORS / 4))
1375 n = (IDE_DMA_BUF_SECTORS / 4);
8ccad811
FB		 1376 s->io_buffer_size = n * 2048;
1377 data_offset = 0;
98087450 1378 }
8ccad811
FB		 1379#ifdef DEBUG_AIO
1380 printf("aio_read_cd: lba=%u n=%d\n", s->lba, n);
1381#endif
5fafdf24
TS		 1382 bm->aiocb = bdrv_aio_read(s->bs, (int64_t)s->lba << 2,
1383 s->io_buffer + data_offset, n * 4,
8ccad811 1384 ide_atapi_cmd_read_dma_cb, bm);
66c6ef76
FB		 1385 if (!bm->aiocb) {
1386 /* Note: media not present is the most likely case */
5fafdf24 1387 ide_atapi_cmd_error(s, SENSE_NOT_READY,
66c6ef76
FB		 1388 ASC_MEDIUM_NOT_PRESENT);
1389 goto eot;
1390 }
98087450
FB		 1391}
1392
1393/* start a CD-CDROM read command with DMA */
1394/* XXX: test if DMA is available */
1395static void ide_atapi_cmd_read_dma(IDEState *s, int lba, int nb_sectors,
1396 int sector_size)
1397{
1398 s->lba = lba;
1399 s->packet_transfer_size = nb_sectors * sector_size;
8ccad811
FB		 1400 s->io_buffer_index = 0;
1401 s->io_buffer_size = 0;
98087450
FB		 1402 s->cd_sector_size = sector_size;
1403
8ccad811 1404 /* XXX: check if BUSY_STAT should be set */
41a2b959 1405 s->status = READY_STAT | SEEK_STAT | DRQ_STAT | BUSY_STAT;
98087450
FB		 1406 ide_dma_start(s, ide_atapi_cmd_read_dma_cb);
1407}
1408
5fafdf24 1409static void ide_atapi_cmd_read(IDEState *s, int lba, int nb_sectors,
98087450
FB		 1410 int sector_size)
1411{
1412#ifdef DEBUG_IDE_ATAPI
5f12ab4b
TS		 1413 printf("read %s: LBA=%d nb_sectors=%d\n", s->atapi_dma ? "dma" : "pio",
1414 lba, nb_sectors);
98087450
FB		 1415#endif
1416 if (s->atapi_dma) {
1417 ide_atapi_cmd_read_dma(s, lba, nb_sectors, sector_size);
1418 } else {
1419 ide_atapi_cmd_read_pio(s, lba, nb_sectors, sector_size);
1420 }
1421}
1422
38cdea7c
AZ		 1423static inline uint8_t ide_atapi_set_profile(uint8_t *buf, uint8_t *index,
1424 uint16_t profile)
1425{
1426 uint8_t *buf_profile = buf + 12; /* start of profiles */
1427
1428 buf_profile += ((*index) * 4); /* start of indexed profile */
1429 cpu_to_ube16 (buf_profile, profile);
1430 buf_profile[2] = ((buf_profile[0] == buf[6]) && (buf_profile[1] == buf[7]));
1431
1432 /* each profile adds 4 bytes to the response */
1433 (*index)++;
1434 buf[11] += 4; /* Additional Length */
1435
1436 return 4;
1437}
1438
8114e9e8
TS		 1439static int ide_dvd_read_structure(IDEState *s, int format,
1440 const uint8_t *packet, uint8_t *buf)
1441{
1442 switch (format) {
1443 case 0x0: /* Physical format information */
1444 {
1445 int layer = packet[6];
1446 uint64_t total_sectors;
1447
1448 if (layer != 0)
1449 return -ASC_INV_FIELD_IN_CMD_PACKET;
1450
1451 bdrv_get_geometry(s->bs, &total_sectors);
1452 total_sectors >>= 2;
1453 if (total_sectors == 0)
1454 return -ASC_MEDIUM_NOT_PRESENT;
1455
1456 buf[4] = 1; /* DVD-ROM, part version 1 */
1457 buf[5] = 0xf; /* 120mm disc, minimum rate unspecified */
1458 buf[6] = 1; /* one layer, read-only (per MMC-2 spec) */
1459 buf[7] = 0; /* default densities */
1460
1461 /* FIXME: 0x30000 per spec? */
1462 cpu_to_ube32(buf + 8, 0); /* start sector */
1463 cpu_to_ube32(buf + 12, total_sectors - 1); /* end sector */
1464 cpu_to_ube32(buf + 16, total_sectors - 1); /* l0 end sector */
1465
1466 /* Size of buffer, not including 2 byte size field */
1467 cpu_to_be16wu((uint16_t *)buf, 2048 + 2);
1468
1469 /* 2k data + 4 byte header */
1470 return (2048 + 4);
1471 }
1472
1473 case 0x01: /* DVD copyright information */
1474 buf[4] = 0; /* no copyright data */
1475 buf[5] = 0; /* no region restrictions */
1476
1477 /* Size of buffer, not including 2 byte size field */
1478 cpu_to_be16wu((uint16_t *)buf, 4 + 2);
1479
1480 /* 4 byte header + 4 byte data */
1481 return (4 + 4);
1482
1483 case 0x03: /* BCA information - invalid field for no BCA info */
1484 return -ASC_INV_FIELD_IN_CMD_PACKET;
1485
1486 case 0x04: /* DVD disc manufacturing information */
1487 /* Size of buffer, not including 2 byte size field */
1488 cpu_to_be16wu((uint16_t *)buf, 2048 + 2);
1489
1490 /* 2k data + 4 byte header */
1491 return (2048 + 4);
1492
1493 case 0xff:
1494 /*
1495 * This lists all the command capabilities above. Add new ones
1496 * in order and update the length and buffer return values.
1497 */
1498
1499 buf[4] = 0x00; /* Physical format */
1500 buf[5] = 0x40; /* Not writable, is readable */
1501 cpu_to_be16wu((uint16_t *)(buf + 6), 2048 + 4);
1502
1503 buf[8] = 0x01; /* Copyright info */
1504 buf[9] = 0x40; /* Not writable, is readable */
1505 cpu_to_be16wu((uint16_t *)(buf + 10), 4 + 4);
1506
1507 buf[12] = 0x03; /* BCA info */
1508 buf[13] = 0x40; /* Not writable, is readable */
1509 cpu_to_be16wu((uint16_t *)(buf + 14), 188 + 4);
1510
1511 buf[16] = 0x04; /* Manufacturing info */
1512 buf[17] = 0x40; /* Not writable, is readable */
1513 cpu_to_be16wu((uint16_t *)(buf + 18), 2048 + 4);
1514
1515 /* Size of buffer, not including 2 byte size field */
1516 cpu_to_be16wu((uint16_t *)buf, 16 + 2);
1517
1518 /* data written + 4 byte header */
1519 return (16 + 4);
1520
1521 default: /* TODO: formats beyond DVD-ROM requires */
1522 return -ASC_INV_FIELD_IN_CMD_PACKET;
1523 }
1524}
1525
5391d806
FB		 1526static void ide_atapi_cmd(IDEState *s)
1527{
1528 const uint8_t *packet;
1529 uint8_t *buf;
1530 int max_len;
1531
1532 packet = s->io_buffer;
1533 buf = s->io_buffer;
1534#ifdef DEBUG_IDE_ATAPI
1535 {
1536 int i;
1537 printf("ATAPI limit=0x%x packet:", s->lcyl | (s->hcyl << 8));
1538 for(i = 0; i < ATAPI_PACKET_SIZE; i++) {
1539 printf(" %02x", packet[i]);
1540 }
1541 printf("\n");
1542 }
1543#endif
9118e7f0
AL		 1544 /* If there's a UNIT_ATTENTION condition pending, only
1545 REQUEST_SENSE and INQUIRY commands are allowed to complete. */
1546 if (s->sense_key == SENSE_UNIT_ATTENTION &&
1547 s->io_buffer[0] != GPCMD_REQUEST_SENSE &&
1548 s->io_buffer[0] != GPCMD_INQUIRY) {
1549 ide_atapi_cmd_check_status(s);
1550 return;
1551 }
5391d806
FB		 1552 switch(s->io_buffer[0]) {
1553 case GPCMD_TEST_UNIT_READY:
caed8802 1554 if (bdrv_is_inserted(s->bs)) {
5391d806
FB		 1555 ide_atapi_cmd_ok(s);
1556 } else {
5fafdf24 1557 ide_atapi_cmd_error(s, SENSE_NOT_READY,
5391d806
FB		 1558 ASC_MEDIUM_NOT_PRESENT);
1559 }
1560 break;
d14049ea 1561 case GPCMD_MODE_SENSE_6:
5391d806
FB		 1562 case GPCMD_MODE_SENSE_10:
1563 {
1564 int action, code;
d14049ea
TS		 1565 if (packet[0] == GPCMD_MODE_SENSE_10)
1566 max_len = ube16_to_cpu(packet + 7);
1567 else
1568 max_len = packet[4];
5391d806
FB		 1569 action = packet[2] >> 6;
1570 code = packet[2] & 0x3f;
1571 switch(action) {
1572 case 0: /* current values */
1573 switch(code) {
1574 case 0x01: /* error recovery */
1575 cpu_to_ube16(&buf[0], 16 + 6);
1576 buf[2] = 0x70;
1577 buf[3] = 0;
1578 buf[4] = 0;
1579 buf[5] = 0;
1580 buf[6] = 0;
1581 buf[7] = 0;
1582
1583 buf[8] = 0x01;
1584 buf[9] = 0x06;
1585 buf[10] = 0x00;
1586 buf[11] = 0x05;
1587 buf[12] = 0x00;
1588 buf[13] = 0x00;
1589 buf[14] = 0x00;
1590 buf[15] = 0x00;
1591 ide_atapi_cmd_reply(s, 16, max_len);
1592 break;
1593 case 0x2a:
1594 cpu_to_ube16(&buf[0], 28 + 6);
1595 buf[2] = 0x70;
1596 buf[3] = 0;
1597 buf[4] = 0;
1598 buf[5] = 0;
1599 buf[6] = 0;
1600 buf[7] = 0;
1601
1602 buf[8] = 0x2a;
1603 buf[9] = 0x12;
0d4a05a1 1604 buf[10] = 0x00;
5391d806 1605 buf[11] = 0x00;
3b46e624 1606
d5b4eb40
AL		 1607 /* Claim PLAY_AUDIO capability (0x01) since some Linux
1608 code checks for this to automount media. */
1609 buf[12] = 0x71;
5391d806
FB		 1610 buf[13] = 3 << 5;
1611 buf[14] = (1 << 0) | (1 << 3) | (1 << 5);
caed8802 1612 if (bdrv_is_locked(s->bs))
5391d806
FB		 1613 buf[6] |= 1 << 1;
1614 buf[15] = 0x00;
1615 cpu_to_ube16(&buf[16], 706);
1616 buf[18] = 0;
1617 buf[19] = 2;
1618 cpu_to_ube16(&buf[20], 512);
1619 cpu_to_ube16(&buf[22], 706);
1620 buf[24] = 0;
1621 buf[25] = 0;
1622 buf[26] = 0;
1623 buf[27] = 0;
1624 ide_atapi_cmd_reply(s, 28, max_len);
1625 break;
1626 default:
1627 goto error_cmd;
1628 }
1629 break;
1630 case 1: /* changeable values */
1631 goto error_cmd;
1632 case 2: /* default values */
1633 goto error_cmd;
1634 default:
1635 case 3: /* saved values */
5fafdf24 1636 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
5391d806
FB		 1637 ASC_SAVING_PARAMETERS_NOT_SUPPORTED);
1638 break;
1639 }
1640 }
1641 break;
1642 case GPCMD_REQUEST_SENSE:
1643 max_len = packet[4];
1644 memset(buf, 0, 18);
1645 buf[0] = 0x70 | (1 << 7);
1646 buf[2] = s->sense_key;
1647 buf[7] = 10;
1648 buf[12] = s->asc;
9118e7f0
AL		 1649 if (s->sense_key == SENSE_UNIT_ATTENTION)
1650 s->sense_key = SENSE_NONE;
5391d806
FB		 1651 ide_atapi_cmd_reply(s, 18, max_len);
1652 break;
1653 case GPCMD_PREVENT_ALLOW_MEDIUM_REMOVAL:
caed8802
FB		 1654 if (bdrv_is_inserted(s->bs)) {
1655 bdrv_set_locked(s->bs, packet[4] & 1);
5391d806
FB		 1656 ide_atapi_cmd_ok(s);
1657 } else {
5fafdf24 1658 ide_atapi_cmd_error(s, SENSE_NOT_READY,
5391d806
FB		 1659 ASC_MEDIUM_NOT_PRESENT);
1660 }
1661 break;
1662 case GPCMD_READ_10:
1663 case GPCMD_READ_12:
1664 {
1665 int nb_sectors, lba;
1666
5391d806
FB		 1667 if (packet[0] == GPCMD_READ_10)
1668 nb_sectors = ube16_to_cpu(packet + 7);
1669 else
1670 nb_sectors = ube32_to_cpu(packet + 6);
1671 lba = ube32_to_cpu(packet + 2);
1672 if (nb_sectors == 0) {
1673 ide_atapi_cmd_ok(s);
1674 break;
1675 }
98087450
FB		 1676 ide_atapi_cmd_read(s, lba, nb_sectors, 2048);
1677 }
1678 break;
1679 case GPCMD_READ_CD:
1680 {
1681 int nb_sectors, lba, transfer_request;
1682
98087450
FB		 1683 nb_sectors = (packet[6] << 16) | (packet[7] << 8) | packet[8];
1684 lba = ube32_to_cpu(packet + 2);
1685 if (nb_sectors == 0) {
1686 ide_atapi_cmd_ok(s);
1687 break;
1688 }
98087450
FB		 1689 transfer_request = packet[9];
1690 switch(transfer_request & 0xf8) {
1691 case 0x00:
1692 /* nothing */
1693 ide_atapi_cmd_ok(s);
1694 break;
1695 case 0x10:
1696 /* normal read */
1697 ide_atapi_cmd_read(s, lba, nb_sectors, 2048);
1698 break;
1699 case 0xf8:
1700 /* read all data */
1701 ide_atapi_cmd_read(s, lba, nb_sectors, 2352);
1702 break;
1703 default:
5fafdf24 1704 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
98087450
FB		 1705 ASC_INV_FIELD_IN_CMD_PACKET);
1706 break;
1707 }
5391d806
FB		 1708 }
1709 break;
1710 case GPCMD_SEEK:
1711 {
96b8f136
TS		 1712 unsigned int lba;
1713 uint64_t total_sectors;
66c6ef76
FB		 1714
1715 bdrv_get_geometry(s->bs, &total_sectors);
1716 total_sectors >>= 2;
96b8f136 1717 if (total_sectors == 0) {
5fafdf24 1718 ide_atapi_cmd_error(s, SENSE_NOT_READY,
5391d806
FB		 1719 ASC_MEDIUM_NOT_PRESENT);
1720 break;
1721 }
1722 lba = ube32_to_cpu(packet + 2);
66c6ef76 1723 if (lba >= total_sectors) {
5fafdf24 1724 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
5391d806
FB		 1725 ASC_LOGICAL_BLOCK_OOR);
1726 break;
1727 }
1728 ide_atapi_cmd_ok(s);
1729 }
1730 break;
1731 case GPCMD_START_STOP_UNIT:
1732 {
1733 int start, eject;
1734 start = packet[4] & 1;
1735 eject = (packet[4] >> 1) & 1;
3b46e624 1736
caed8802
FB		 1737 if (eject && !start) {
1738 /* eject the disk */
66c6ef76
FB		 1739 bdrv_eject(s->bs, 1);
1740 } else if (eject && start) {
1741 /* close the tray */
1742 bdrv_eject(s->bs, 0);
caed8802 1743 }
5391d806
FB		 1744 ide_atapi_cmd_ok(s);
1745 }
1746 break;
1747 case GPCMD_MECHANISM_STATUS:
1748 {
1749 max_len = ube16_to_cpu(packet + 8);
1750 cpu_to_ube16(buf, 0);
1751 /* no current LBA */
1752 buf[2] = 0;
1753 buf[3] = 0;
1754 buf[4] = 0;
1755 buf[5] = 1;
1756 cpu_to_ube16(buf + 6, 0);
1757 ide_atapi_cmd_reply(s, 8, max_len);
1758 }
1759 break;
1760 case GPCMD_READ_TOC_PMA_ATIP:
1761 {
1762 int format, msf, start_track, len;
96b8f136 1763 uint64_t total_sectors;
5391d806 1764
66c6ef76
FB		 1765 bdrv_get_geometry(s->bs, &total_sectors);
1766 total_sectors >>= 2;
96b8f136 1767 if (total_sectors == 0) {
5fafdf24 1768 ide_atapi_cmd_error(s, SENSE_NOT_READY,
5391d806
FB		 1769 ASC_MEDIUM_NOT_PRESENT);
1770 break;
1771 }
1772 max_len = ube16_to_cpu(packet + 7);
1773 format = packet[9] >> 6;
1774 msf = (packet[1] >> 1) & 1;
1775 start_track = packet[6];
1776 switch(format) {
1777 case 0:
66c6ef76 1778 len = cdrom_read_toc(total_sectors, buf, msf, start_track);
5391d806
FB		 1779 if (len < 0)
1780 goto error_cmd;
1781 ide_atapi_cmd_reply(s, len, max_len);
1782 break;
1783 case 1:
1784 /* multi session : only a single session defined */
1785 memset(buf, 0, 12);
1786 buf[1] = 0x0a;
1787 buf[2] = 0x01;
1788 buf[3] = 0x01;
1789 ide_atapi_cmd_reply(s, 12, max_len);
1790 break;
98087450 1791 case 2:
66c6ef76 1792 len = cdrom_read_toc_raw(total_sectors, buf, msf, start_track);
98087450
FB		 1793 if (len < 0)
1794 goto error_cmd;
1795 ide_atapi_cmd_reply(s, len, max_len);
1796 break;
5391d806 1797 default:
7f777bf3 1798 error_cmd:
5fafdf24 1799 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
7f777bf3
FB		 1800 ASC_INV_FIELD_IN_CMD_PACKET);
1801 break;
5391d806
FB		 1802 }
1803 }
1804 break;
1805 case GPCMD_READ_CDVD_CAPACITY:
66c6ef76 1806 {
96b8f136 1807 uint64_t total_sectors;
66c6ef76
FB		 1808
1809 bdrv_get_geometry(s->bs, &total_sectors);
1810 total_sectors >>= 2;
96b8f136 1811 if (total_sectors == 0) {
5fafdf24 1812 ide_atapi_cmd_error(s, SENSE_NOT_READY,
66c6ef76
FB		 1813 ASC_MEDIUM_NOT_PRESENT);
1814 break;
1815 }
1816 /* NOTE: it is really the number of sectors minus 1 */
1817 cpu_to_ube32(buf, total_sectors - 1);
1818 cpu_to_ube32(buf + 4, 2048);
1819 ide_atapi_cmd_reply(s, 8, 8);
5391d806 1820 }
5391d806 1821 break;
d14049ea
TS		 1822 case GPCMD_READ_DVD_STRUCTURE:
1823 {
1824 int media = packet[1];
8114e9e8
TS		 1825 int format = packet[7];
1826 int ret;
d14049ea 1827
8114e9e8 1828 max_len = ube16_to_cpu(packet + 8);
d14049ea 1829
8114e9e8
TS		 1830 if (format < 0xff) {
1831 if (media_is_cd(s)) {
1832 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1833 ASC_INCOMPATIBLE_FORMAT);
1834 break;
1835 } else if (!media_present(s)) {
1836 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1837 ASC_INV_FIELD_IN_CMD_PACKET);
1838 break;
1839 }
1840 }
d14049ea 1841
8114e9e8
TS		 1842 memset(buf, 0, max_len > IDE_DMA_BUF_SECTORS * 512 + 4 ?
1843 IDE_DMA_BUF_SECTORS * 512 + 4 : max_len);
d14049ea 1844
8114e9e8
TS		 1845 switch (format) {
1846 case 0x00 ... 0x7f:
1847 case 0xff:
1848 if (media == 0) {
1849 ret = ide_dvd_read_structure(s, format, packet, buf);
d14049ea 1850
8114e9e8
TS		 1851 if (ret < 0)
1852 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST, -ret);
1853 else
1854 ide_atapi_cmd_reply(s, ret, max_len);
d14049ea 1855
8114e9e8
TS		 1856 break;
1857 }
1858 /* TODO: BD support, fall through for now */
1859
1860 /* Generic disk structures */
1861 case 0x80: /* TODO: AACS volume identifier */
1862 case 0x81: /* TODO: AACS media serial number */
1863 case 0x82: /* TODO: AACS media identifier */
1864 case 0x83: /* TODO: AACS media key block */
1865 case 0x90: /* TODO: List of recognized format layers */
1866 case 0xc0: /* TODO: Write protection status */
d14049ea
TS		 1867 default:
1868 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1869 ASC_INV_FIELD_IN_CMD_PACKET);
1870 break;
1871 }
1872 }
1873 break;
1874 case GPCMD_SET_SPEED:
1875 ide_atapi_cmd_ok(s);
1876 break;
bd0d90b2
FB		 1877 case GPCMD_INQUIRY:
1878 max_len = packet[4];
1879 buf[0] = 0x05; /* CD-ROM */
1880 buf[1] = 0x80; /* removable */
1881 buf[2] = 0x00; /* ISO */
1882 buf[3] = 0x21; /* ATAPI-2 (XXX: put ATAPI-4 ?) */
aa1f17c1 1883 buf[4] = 31; /* additional length */
bd0d90b2
FB		 1884 buf[5] = 0; /* reserved */
1885 buf[6] = 0; /* reserved */
1886 buf[7] = 0; /* reserved */
1887 padstr8(buf + 8, 8, "QEMU");
38cdea7c 1888 padstr8(buf + 16, 16, "QEMU DVD-ROM");
bd0d90b2
FB		 1889 padstr8(buf + 32, 4, QEMU_VERSION);
1890 ide_atapi_cmd_reply(s, 36, max_len);
1891 break;
d14049ea
TS		 1892 case GPCMD_GET_CONFIGURATION:
1893 {
38cdea7c 1894 uint32_t len;
091d055b 1895 uint8_t index = 0;
d14049ea
TS		 1896
1897 /* only feature 0 is supported */
1898 if (packet[2] != 0 || packet[3] != 0) {
1899 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1900 ASC_INV_FIELD_IN_CMD_PACKET);
1901 break;
1902 }
38cdea7c
AZ		 1903
1904 /* XXX: could result in alignment problems in some architectures */
1905 max_len = ube16_to_cpu(packet + 7);
091d055b 1906
38cdea7c 1907 /*
091d055b
AZ		 1908 * XXX: avoid overflow for io_buffer if max_len is bigger than
1909 * the size of that buffer (dimensioned to max number of
1910 * sectors to transfer at once)
38cdea7c 1911 *
091d055b 1912 * Only a problem if the feature/profiles grow.
38cdea7c
AZ		 1913 */
1914 if (max_len > 512) /* XXX: assume 1 sector */
1915 max_len = 512;
1916
1917 memset(buf, 0, max_len);
1918 /*
1919 * the number of sectors from the media tells us which profile
1920 * to use as current. 0 means there is no media
38cdea7c 1921 */
8114e9e8
TS		 1922 if (media_is_dvd(s))
1923 cpu_to_ube16(buf + 6, MMC_PROFILE_DVD_ROM);
1924 else if (media_is_cd(s))
1925 cpu_to_ube16(buf + 6, MMC_PROFILE_CD_ROM);
38cdea7c 1926
091d055b
AZ		 1927 buf[10] = 0x02 | 0x01; /* persistent and current */
1928 len = 12; /* headers: 8 + 4 */
1929 len += ide_atapi_set_profile(buf, &index, MMC_PROFILE_DVD_ROM);
1930 len += ide_atapi_set_profile(buf, &index, MMC_PROFILE_CD_ROM);
38cdea7c
AZ		 1931 cpu_to_ube32(buf, len - 4); /* data length */
1932
1933 ide_atapi_cmd_reply(s, len, max_len);
d14049ea
TS		 1934 break;
1935 }
5391d806 1936 default:
5fafdf24 1937 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
7f777bf3 1938 ASC_ILLEGAL_OPCODE);
5391d806
FB		 1939 break;
1940 }
1941}
1942
201a51fc
AZ		 1943static void ide_cfata_metadata_inquiry(IDEState *s)
1944{
1945 uint16_t *p;
1946 uint32_t spd;
1947
1948 p = (uint16_t *) s->io_buffer;
1949 memset(p, 0, 0x200);
1950 spd = ((s->mdata_size - 1) >> 9) + 1;
1951
1952 put_le16(p + 0, 0x0001); /* Data format revision */
1953 put_le16(p + 1, 0x0000); /* Media property: silicon */
1954 put_le16(p + 2, s->media_changed); /* Media status */
1955 put_le16(p + 3, s->mdata_size & 0xffff); /* Capacity in bytes (low) */
1956 put_le16(p + 4, s->mdata_size >> 16); /* Capacity in bytes (high) */
1957 put_le16(p + 5, spd & 0xffff); /* Sectors per device (low) */
1958 put_le16(p + 6, spd >> 16); /* Sectors per device (high) */
1959}
1960
1961static void ide_cfata_metadata_read(IDEState *s)
1962{
1963 uint16_t *p;
1964
1965 if (((s->hcyl << 16) | s->lcyl) << 9 > s->mdata_size + 2) {
1966 s->status = ERR_STAT;
1967 s->error = ABRT_ERR;
1968 return;
1969 }
1970
1971 p = (uint16_t *) s->io_buffer;
1972 memset(p, 0, 0x200);
1973
1974 put_le16(p + 0, s->media_changed); /* Media status */
1975 memcpy(p + 1, s->mdata_storage + (((s->hcyl << 16) | s->lcyl) << 9),
1976 MIN(MIN(s->mdata_size - (((s->hcyl << 16) | s->lcyl) << 9),
1977 s->nsector << 9), 0x200 - 2));
1978}
1979
1980static void ide_cfata_metadata_write(IDEState *s)
1981{
1982 if (((s->hcyl << 16) | s->lcyl) << 9 > s->mdata_size + 2) {
1983 s->status = ERR_STAT;
1984 s->error = ABRT_ERR;
1985 return;
1986 }
1987
1988 s->media_changed = 0;
1989
1990 memcpy(s->mdata_storage + (((s->hcyl << 16) | s->lcyl) << 9),
1991 s->io_buffer + 2,
1992 MIN(MIN(s->mdata_size - (((s->hcyl << 16) | s->lcyl) << 9),
1993 s->nsector << 9), 0x200 - 2));
1994}
1995
bd491d6a
TS		 1996/* called when the inserted state of the media has changed */
1997static void cdrom_change_cb(void *opaque)
1998{
1999 IDEState *s = opaque;
96b8f136 2000 uint64_t nb_sectors;
bd491d6a 2001
bd491d6a
TS		 2002 bdrv_get_geometry(s->bs, &nb_sectors);
2003 s->nb_sectors = nb_sectors;
9118e7f0
AL		 2004
2005 s->sense_key = SENSE_UNIT_ATTENTION;
2006 s->asc = ASC_MEDIUM_MAY_HAVE_CHANGED;
2007
2008 ide_set_irq(s);
bd491d6a
TS		 2009}
2010
c2ff060f
FB		 2011static void ide_cmd_lba48_transform(IDEState *s, int lba48)
2012{
2013 s->lba48 = lba48;
2014
2015 /* handle the 'magic' 0 nsector count conversion here. to avoid
2016 * fiddling with the rest of the read logic, we just store the
2017 * full sector count in ->nsector and ignore ->hob_nsector from now
2018 */
2019 if (!s->lba48) {
2020 if (!s->nsector)
2021 s->nsector = 256;
2022 } else {
2023 if (!s->nsector && !s->hob_nsector)
2024 s->nsector = 65536;
2025 else {
2026 int lo = s->nsector;
2027 int hi = s->hob_nsector;
2028
2029 s->nsector = (hi << 8) | lo;
2030 }
2031 }
2032}
2033
2034static void ide_clear_hob(IDEState *ide_if)
2035{
2036 /* any write clears HOB high bit of device control register */
2037 ide_if[0].select &= ~(1 << 7);
2038 ide_if[1].select &= ~(1 << 7);
2039}
2040
caed8802
FB		 2041static void ide_ioport_write(void *opaque, uint32_t addr, uint32_t val)
2042{
2043 IDEState *ide_if = opaque;
c45c3d00 2044 IDEState *s;
5391d806 2045 int unit, n;
c2ff060f 2046 int lba48 = 0;
5391d806
FB		 2047
2048#ifdef DEBUG_IDE
2049 printf("IDE: write addr=0x%x val=0x%02x\n", addr, val);
2050#endif
c2ff060f 2051
5391d806 2052 addr &= 7;
fcdd25ab
AL		 2053
2054 /* ignore writes to command block while busy with previous command */
2055 if (addr != 7 && (ide_if->cur_drive->status & (BUSY_STAT|DRQ_STAT)))
2056 return;
2057
5391d806
FB		 2058 switch(addr) {
2059 case 0:
2060 break;
2061 case 1:
c2ff060f 2062 ide_clear_hob(ide_if);
c45c3d00 2063 /* NOTE: data is written to the two drives */
c2ff060f
FB		 2064 ide_if[0].hob_feature = ide_if[0].feature;
2065 ide_if[1].hob_feature = ide_if[1].feature;
c45c3d00
FB		 2066 ide_if[0].feature = val;
2067 ide_if[1].feature = val;
5391d806
FB		 2068 break;
2069 case 2:
c2ff060f
FB		 2070 ide_clear_hob(ide_if);
2071 ide_if[0].hob_nsector = ide_if[0].nsector;
2072 ide_if[1].hob_nsector = ide_if[1].nsector;
c45c3d00
FB		 2073 ide_if[0].nsector = val;
2074 ide_if[1].nsector = val;
5391d806
FB		 2075 break;
2076 case 3:
c2ff060f
FB		 2077 ide_clear_hob(ide_if);
2078 ide_if[0].hob_sector = ide_if[0].sector;
2079 ide_if[1].hob_sector = ide_if[1].sector;
c45c3d00
FB		 2080 ide_if[0].sector = val;
2081 ide_if[1].sector = val;
5391d806
FB		 2082 break;
2083 case 4:
c2ff060f
FB		 2084 ide_clear_hob(ide_if);
2085 ide_if[0].hob_lcyl = ide_if[0].lcyl;
2086 ide_if[1].hob_lcyl = ide_if[1].lcyl;
c45c3d00
FB		 2087 ide_if[0].lcyl = val;
2088 ide_if[1].lcyl = val;
5391d806
FB		 2089 break;
2090 case 5:
c2ff060f
FB		 2091 ide_clear_hob(ide_if);
2092 ide_if[0].hob_hcyl = ide_if[0].hcyl;
2093 ide_if[1].hob_hcyl = ide_if[1].hcyl;
c45c3d00
FB		 2094 ide_if[0].hcyl = val;
2095 ide_if[1].hcyl = val;
5391d806
FB		 2096 break;
2097 case 6:
c2ff060f 2098 /* FIXME: HOB readback uses bit 7 */
7ae98627
FB		 2099 ide_if[0].select = (val & ~0x10) | 0xa0;
2100 ide_if[1].select = (val | 0x10) | 0xa0;
5391d806
FB		 2101 /* select drive */
2102 unit = (val >> 4) & 1;
2103 s = ide_if + unit;
2104 ide_if->cur_drive = s;
5391d806
FB		 2105 break;
2106 default:
2107 case 7:
2108 /* command */
2109#if defined(DEBUG_IDE)
2110 printf("ide: CMD=%02x\n", val);
2111#endif
c45c3d00 2112 s = ide_if->cur_drive;
66201e2d 2113 /* ignore commands to non existant slave */
5fafdf24 2114 if (s != ide_if && !s->bs)
66201e2d 2115 break;
c2ff060f 2116
fcdd25ab
AL		 2117 /* Only DEVICE RESET is allowed while BSY or/and DRQ are set */
2118 if ((s->status & (BUSY_STAT|DRQ_STAT)) && val != WIN_DEVICE_RESET)
2119 break;
2120
5391d806
FB		 2121 switch(val) {
2122 case WIN_IDENTIFY:
2123 if (s->bs && !s->is_cdrom) {
201a51fc
AZ		 2124 if (!s->is_cf)
2125 ide_identify(s);
2126 else
2127 ide_cfata_identify(s);
2a282056 2128 s->status = READY_STAT | SEEK_STAT;
5391d806
FB		 2129 ide_transfer_start(s, s->io_buffer, 512, ide_transfer_stop);
2130 } else {
2131 if (s->is_cdrom) {
2132 ide_set_signature(s);
2133 }
2134 ide_abort_command(s);
2135 }
2136 ide_set_irq(s);
2137 break;
2138 case WIN_SPECIFY:
2139 case WIN_RECAL:
a136e5a8 2140 s->error = 0;
769bec72 2141 s->status = READY_STAT | SEEK_STAT;
5391d806
FB		 2142 ide_set_irq(s);
2143 break;
2144 case WIN_SETMULT:
201a51fc
AZ		 2145 if (s->is_cf && s->nsector == 0) {
2146 /* Disable Read and Write Multiple */
2147 s->mult_sectors = 0;
41a2b959 2148 s->status = READY_STAT | SEEK_STAT;
201a51fc 2149 } else if ((s->nsector & 0xff) != 0 &&
39dfc926
TS		 2150 ((s->nsector & 0xff) > MAX_MULT_SECTORS ||
2151 (s->nsector & (s->nsector - 1)) != 0)) {
5391d806
FB		 2152 ide_abort_command(s);
2153 } else {
292eef5a 2154 s->mult_sectors = s->nsector & 0xff;
41a2b959 2155 s->status = READY_STAT | SEEK_STAT;
5391d806
FB		 2156 }
2157 ide_set_irq(s);
2158 break;
c2ff060f
FB		 2159 case WIN_VERIFY_EXT:
2160 lba48 = 1;
4ce900b4
FB		 2161 case WIN_VERIFY:
2162 case WIN_VERIFY_ONCE:
2163 /* do sector number check ? */
c2ff060f 2164 ide_cmd_lba48_transform(s, lba48);
41a2b959 2165 s->status = READY_STAT | SEEK_STAT;
4ce900b4
FB		 2166 ide_set_irq(s);
2167 break;
c2ff060f
FB		 2168 case WIN_READ_EXT:
2169 lba48 = 1;
5391d806
FB		 2170 case WIN_READ:
2171 case WIN_READ_ONCE:
5fafdf24 2172 if (!s->bs)
6b136f9e 2173 goto abort_cmd;
c2ff060f 2174 ide_cmd_lba48_transform(s, lba48);
5391d806
FB		 2175 s->req_nb_sectors = 1;
2176 ide_sector_read(s);
2177 break;
c2ff060f
FB		 2178 case WIN_WRITE_EXT:
2179 lba48 = 1;
5391d806
FB		 2180 case WIN_WRITE:
2181 case WIN_WRITE_ONCE:
201a51fc
AZ		 2182 case CFA_WRITE_SECT_WO_ERASE:
2183 case WIN_WRITE_VERIFY:
c2ff060f 2184 ide_cmd_lba48_transform(s, lba48);
a136e5a8 2185 s->error = 0;
f66723fa 2186 s->status = SEEK_STAT | READY_STAT;
5391d806
FB		 2187 s->req_nb_sectors = 1;
2188 ide_transfer_start(s, s->io_buffer, 512, ide_sector_write);
201a51fc 2189 s->media_changed = 1;
5391d806 2190 break;
c2ff060f
FB		 2191 case WIN_MULTREAD_EXT:
2192 lba48 = 1;
5391d806
FB		 2193 case WIN_MULTREAD:
2194 if (!s->mult_sectors)
2195 goto abort_cmd;
c2ff060f 2196 ide_cmd_lba48_transform(s, lba48);
5391d806
FB		 2197 s->req_nb_sectors = s->mult_sectors;
2198 ide_sector_read(s);
2199 break;
c2ff060f
FB		 2200 case WIN_MULTWRITE_EXT:
2201 lba48 = 1;
5391d806 2202 case WIN_MULTWRITE:
201a51fc 2203 case CFA_WRITE_MULTI_WO_ERASE:
5391d806
FB		 2204 if (!s->mult_sectors)
2205 goto abort_cmd;
c2ff060f 2206 ide_cmd_lba48_transform(s, lba48);
a136e5a8 2207 s->error = 0;
f66723fa 2208 s->status = SEEK_STAT | READY_STAT;
5391d806
FB		 2209 s->req_nb_sectors = s->mult_sectors;
2210 n = s->nsector;
2211 if (n > s->req_nb_sectors)
2212 n = s->req_nb_sectors;
2213 ide_transfer_start(s, s->io_buffer, 512 * n, ide_sector_write);
201a51fc 2214 s->media_changed = 1;
5391d806 2215 break;
c2ff060f
FB		 2216 case WIN_READDMA_EXT:
2217 lba48 = 1;
98087450
FB		 2218 case WIN_READDMA:
2219 case WIN_READDMA_ONCE:
5fafdf24 2220 if (!s->bs)
98087450 2221 goto abort_cmd;
c2ff060f 2222 ide_cmd_lba48_transform(s, lba48);
98087450
FB		 2223 ide_sector_read_dma(s);
2224 break;
c2ff060f
FB		 2225 case WIN_WRITEDMA_EXT:
2226 lba48 = 1;
98087450
FB		 2227 case WIN_WRITEDMA:
2228 case WIN_WRITEDMA_ONCE:
5fafdf24 2229 if (!s->bs)
98087450 2230 goto abort_cmd;
c2ff060f 2231 ide_cmd_lba48_transform(s, lba48);
98087450 2232 ide_sector_write_dma(s);
201a51fc 2233 s->media_changed = 1;
98087450 2234 break;
c2ff060f
FB		 2235 case WIN_READ_NATIVE_MAX_EXT:
2236 lba48 = 1;
5391d806 2237 case WIN_READ_NATIVE_MAX:
c2ff060f 2238 ide_cmd_lba48_transform(s, lba48);
5391d806 2239 ide_set_sector(s, s->nb_sectors - 1);
41a2b959 2240 s->status = READY_STAT | SEEK_STAT;
5391d806
FB		 2241 ide_set_irq(s);
2242 break;
a136e5a8 2243 case WIN_CHECKPOWERMODE1:
201a51fc 2244 case WIN_CHECKPOWERMODE2:
a136e5a8 2245 s->nsector = 0xff; /* device active or idle */
41a2b959 2246 s->status = READY_STAT | SEEK_STAT;
a136e5a8
FB		 2247 ide_set_irq(s);
2248 break;
34e538ae
FB		 2249 case WIN_SETFEATURES:
2250 if (!s->bs)
2251 goto abort_cmd;
2252 /* XXX: valid for CDROM ? */
2253 switch(s->feature) {
e1f63470
TS		 2254 case 0xcc: /* reverting to power-on defaults enable */
2255 case 0x66: /* reverting to power-on defaults disable */
34e538ae
FB		 2256 case 0x02: /* write cache enable */
2257 case 0x82: /* write cache disable */
2258 case 0xaa: /* read look-ahead enable */
2259 case 0x55: /* read look-ahead disable */
201a51fc
AZ		 2260 case 0x05: /* set advanced power management mode */
2261 case 0x85: /* disable advanced power management mode */
2262 case 0x69: /* NOP */
2263 case 0x67: /* NOP */
2264 case 0x96: /* NOP */
2265 case 0x9a: /* NOP */
c3e88d8c
TS		 2266 case 0x42: /* enable Automatic Acoustic Mode */
2267 case 0xc2: /* disable Automatic Acoustic Mode */
e0fe67aa 2268 s->status = READY_STAT | SEEK_STAT;
34e538ae
FB		 2269 ide_set_irq(s);
2270 break;
94458802
FB		 2271 case 0x03: { /* set transfer mode */
2272 uint8_t val = s->nsector & 0x07;
2273
2274 switch (s->nsector >> 3) {
2275 case 0x00: /* pio default */
2276 case 0x01: /* pio mode */
d1b5c20d
TS		 2277 put_le16(s->identify_data + 62,0x07);
2278 put_le16(s->identify_data + 63,0x07);
2279 put_le16(s->identify_data + 88,0x3f);
2280 break;
2281 case 0x02: /* sigle word dma mode*/
2282 put_le16(s->identify_data + 62,0x07 | (1 << (val + 8)));
94458802
FB		 2283 put_le16(s->identify_data + 63,0x07);
2284 put_le16(s->identify_data + 88,0x3f);
2285 break;
2286 case 0x04: /* mdma mode */
d1b5c20d 2287 put_le16(s->identify_data + 62,0x07);
94458802
FB		 2288 put_le16(s->identify_data + 63,0x07 | (1 << (val + 8)));
2289 put_le16(s->identify_data + 88,0x3f);
2290 break;
2291 case 0x08: /* udma mode */
d1b5c20d 2292 put_le16(s->identify_data + 62,0x07);
94458802
FB		 2293 put_le16(s->identify_data + 63,0x07);
2294 put_le16(s->identify_data + 88,0x3f | (1 << (val + 8)));
2295 break;
2296 default:
2297 goto abort_cmd;
2298 }
2299 s->status = READY_STAT | SEEK_STAT;
2300 ide_set_irq(s);
2301 break;
2302 }
34e538ae
FB		 2303 default:
2304 goto abort_cmd;
2305 }
2306 break;
c2ff060f
FB		 2307 case WIN_FLUSH_CACHE:
2308 case WIN_FLUSH_CACHE_EXT:
7a6cba61
PB		 2309 if (s->bs)
2310 bdrv_flush(s->bs);
41a2b959 2311 s->status = READY_STAT | SEEK_STAT;
7a6cba61
PB		 2312 ide_set_irq(s);
2313 break;
c3e88d8c
TS		 2314 case WIN_STANDBY:
2315 case WIN_STANDBY2:
2316 case WIN_STANDBYNOW1:
201a51fc 2317 case WIN_STANDBYNOW2:
c451ee71 2318 case WIN_IDLEIMMEDIATE:
201a51fc
AZ		 2319 case CFA_IDLEIMMEDIATE:
2320 case WIN_SETIDLE1:
2321 case WIN_SETIDLE2:
c3e88d8c
TS		 2322 case WIN_SLEEPNOW1:
2323 case WIN_SLEEPNOW2:
2324 s->status = READY_STAT;
a7dfe172
FB		 2325 ide_set_irq(s);
2326 break;
5391d806
FB		 2327 /* ATAPI commands */
2328 case WIN_PIDENTIFY:
2329 if (s->is_cdrom) {
2330 ide_atapi_identify(s);
1298fe63 2331 s->status = READY_STAT | SEEK_STAT;
5391d806
FB		 2332 ide_transfer_start(s, s->io_buffer, 512, ide_transfer_stop);
2333 } else {
2334 ide_abort_command(s);
2335 }
2336 ide_set_irq(s);
2337 break;
c451ee71
FB		 2338 case WIN_DIAGNOSE:
2339 ide_set_signature(s);
33256a25
AL		 2340 if (s->is_cdrom)
2341 s->status = 0; /* ATAPI spec (v6) section 9.10 defines packet
2342 * devices to return a clear status register
2343 * with READY_STAT *not* set. */
2344 else
2345 s->status = READY_STAT | SEEK_STAT;
2346 s->error = 0x01; /* Device 0 passed, Device 1 passed or not
2347 * present.
2348 */
f5fdd0a8 2349 ide_set_irq(s);
c451ee71 2350 break;
5391d806
FB		 2351 case WIN_SRST:
2352 if (!s->is_cdrom)
2353 goto abort_cmd;
2354 ide_set_signature(s);
6b136f9e 2355 s->status = 0x00; /* NOTE: READY is _not_ set */
5391d806
FB		 2356 s->error = 0x01;
2357 break;
2358 case WIN_PACKETCMD:
2359 if (!s->is_cdrom)
2360 goto abort_cmd;
98087450
FB		 2361 /* overlapping commands not supported */
2362 if (s->feature & 0x02)
5391d806 2363 goto abort_cmd;
41a2b959 2364 s->status = READY_STAT | SEEK_STAT;
98087450 2365 s->atapi_dma = s->feature & 1;
5391d806 2366 s->nsector = 1;
5fafdf24 2367 ide_transfer_start(s, s->io_buffer, ATAPI_PACKET_SIZE,
5391d806
FB		 2368 ide_atapi_cmd);
2369 break;
201a51fc
AZ		 2370 /* CF-ATA commands */
2371 case CFA_REQ_EXT_ERROR_CODE:
2372 if (!s->is_cf)
2373 goto abort_cmd;
2374 s->error = 0x09; /* miscellaneous error */
41a2b959 2375 s->status = READY_STAT | SEEK_STAT;
201a51fc
AZ		 2376 ide_set_irq(s);
2377 break;
2378 case CFA_ERASE_SECTORS:
2379 case CFA_WEAR_LEVEL:
2380 if (!s->is_cf)
2381 goto abort_cmd;
2382 if (val == CFA_WEAR_LEVEL)
2383 s->nsector = 0;
2384 if (val == CFA_ERASE_SECTORS)
2385 s->media_changed = 1;
2386 s->error = 0x00;
41a2b959 2387 s->status = READY_STAT | SEEK_STAT;
201a51fc
AZ		 2388 ide_set_irq(s);
2389 break;
2390 case CFA_TRANSLATE_SECTOR:
2391 if (!s->is_cf)
2392 goto abort_cmd;
2393 s->error = 0x00;
41a2b959 2394 s->status = READY_STAT | SEEK_STAT;
201a51fc
AZ		 2395 memset(s->io_buffer, 0, 0x200);
2396 s->io_buffer[0x00] = s->hcyl; /* Cyl MSB */
2397 s->io_buffer[0x01] = s->lcyl; /* Cyl LSB */
2398 s->io_buffer[0x02] = s->select; /* Head */
2399 s->io_buffer[0x03] = s->sector; /* Sector */
2400 s->io_buffer[0x04] = ide_get_sector(s) >> 16; /* LBA MSB */
2401 s->io_buffer[0x05] = ide_get_sector(s) >> 8; /* LBA */
2402 s->io_buffer[0x06] = ide_get_sector(s) >> 0; /* LBA LSB */
2403 s->io_buffer[0x13] = 0x00; /* Erase flag */
2404 s->io_buffer[0x18] = 0x00; /* Hot count */
2405 s->io_buffer[0x19] = 0x00; /* Hot count */
2406 s->io_buffer[0x1a] = 0x01; /* Hot count */
2407 ide_transfer_start(s, s->io_buffer, 0x200, ide_transfer_stop);
2408 ide_set_irq(s);
2409 break;
2410 case CFA_ACCESS_METADATA_STORAGE:
2411 if (!s->is_cf)
2412 goto abort_cmd;
2413 switch (s->feature) {
2414 case 0x02: /* Inquiry Metadata Storage */
2415 ide_cfata_metadata_inquiry(s);
2416 break;
2417 case 0x03: /* Read Metadata Storage */
2418 ide_cfata_metadata_read(s);
2419 break;
2420 case 0x04: /* Write Metadata Storage */
2421 ide_cfata_metadata_write(s);
2422 break;
2423 default:
2424 goto abort_cmd;
2425 }
2426 ide_transfer_start(s, s->io_buffer, 0x200, ide_transfer_stop);
2427 s->status = 0x00; /* NOTE: READY is _not_ set */
2428 ide_set_irq(s);
2429 break;
2430 case IBM_SENSE_CONDITION:
2431 if (!s->is_cf)
2432 goto abort_cmd;
2433 switch (s->feature) {
2434 case 0x01: /* sense temperature in device */
2435 s->nsector = 0x50; /* +20 C */
2436 break;
2437 default:
2438 goto abort_cmd;
2439 }
41a2b959 2440 s->status = READY_STAT | SEEK_STAT;
201a51fc
AZ		 2441 ide_set_irq(s);
2442 break;
5391d806
FB		 2443 default:
2444 abort_cmd:
2445 ide_abort_command(s);
2446 ide_set_irq(s);
2447 break;
2448 }
2449 }
2450}
2451
caed8802 2452static uint32_t ide_ioport_read(void *opaque, uint32_t addr1)
5391d806 2453{
7ae98627
FB		 2454 IDEState *ide_if = opaque;
2455 IDEState *s = ide_if->cur_drive;
5391d806 2456 uint32_t addr;
c2ff060f 2457 int ret, hob;
5391d806
FB		 2458
2459 addr = addr1 & 7;
c2ff060f
FB		 2460 /* FIXME: HOB readback uses bit 7, but it's always set right now */
2461 //hob = s->select & (1 << 7);
2462 hob = 0;
5391d806
FB		 2463 switch(addr) {
2464 case 0:
2465 ret = 0xff;
2466 break;
2467 case 1:
7ae98627 2468 if (!ide_if[0].bs && !ide_if[1].bs)
c45c3d00 2469 ret = 0;
c2ff060f 2470 else if (!hob)
c45c3d00 2471 ret = s->error;
c2ff060f
FB		 2472 else
2473 ret = s->hob_feature;
5391d806
FB		 2474 break;
2475 case 2:
7ae98627 2476 if (!ide_if[0].bs && !ide_if[1].bs)
c45c3d00 2477 ret = 0;
c2ff060f 2478 else if (!hob)
c45c3d00 2479 ret = s->nsector & 0xff;
c2ff060f
FB		 2480 else
2481 ret = s->hob_nsector;
5391d806
FB		 2482 break;
2483 case 3:
7ae98627 2484 if (!ide_if[0].bs && !ide_if[1].bs)
c45c3d00 2485 ret = 0;
c2ff060f 2486 else if (!hob)
c45c3d00 2487 ret = s->sector;
c2ff060f
FB		 2488 else
2489 ret = s->hob_sector;
5391d806
FB		 2490 break;
2491 case 4:
7ae98627 2492 if (!ide_if[0].bs && !ide_if[1].bs)
c45c3d00 2493 ret = 0;
c2ff060f 2494 else if (!hob)
c45c3d00 2495 ret = s->lcyl;
c2ff060f
FB		 2496 else
2497 ret = s->hob_lcyl;
5391d806
FB		 2498 break;
2499 case 5:
7ae98627 2500 if (!ide_if[0].bs && !ide_if[1].bs)
c45c3d00 2501 ret = 0;
c2ff060f 2502 else if (!hob)
c45c3d00 2503 ret = s->hcyl;
c2ff060f
FB		 2504 else
2505 ret = s->hob_hcyl;
5391d806
FB		 2506 break;
2507 case 6:
7ae98627 2508 if (!ide_if[0].bs && !ide_if[1].bs)
c45c3d00
FB		 2509 ret = 0;
2510 else
7ae98627 2511 ret = s->select;
5391d806
FB		 2512 break;
2513 default:
2514 case 7:
66201e2d
FB		 2515 if ((!ide_if[0].bs && !ide_if[1].bs) ||
2516 (s != ide_if && !s->bs))
c45c3d00
FB		 2517 ret = 0;
2518 else
2519 ret = s->status;
d537cf6c 2520 qemu_irq_lower(s->irq);
5391d806
FB		 2521 break;
2522 }
2523#ifdef DEBUG_IDE
2524 printf("ide: read addr=0x%x val=%02x\n", addr1, ret);
2525#endif
2526 return ret;
2527}
2528
caed8802 2529static uint32_t ide_status_read(void *opaque, uint32_t addr)
5391d806 2530{
7ae98627
FB		 2531 IDEState *ide_if = opaque;
2532 IDEState *s = ide_if->cur_drive;
5391d806 2533 int ret;
7ae98627 2534
66201e2d
FB		 2535 if ((!ide_if[0].bs && !ide_if[1].bs) ||
2536 (s != ide_if && !s->bs))
7ae98627
FB		 2537 ret = 0;
2538 else
2539 ret = s->status;
5391d806
FB		 2540#ifdef DEBUG_IDE
2541 printf("ide: read status addr=0x%x val=%02x\n", addr, ret);
2542#endif
2543 return ret;
2544}
2545
caed8802 2546static void ide_cmd_write(void *opaque, uint32_t addr, uint32_t val)
5391d806 2547{
caed8802 2548 IDEState *ide_if = opaque;
5391d806
FB		 2549 IDEState *s;
2550 int i;
2551
2552#ifdef DEBUG_IDE
2553 printf("ide: write control addr=0x%x val=%02x\n", addr, val);
2554#endif
2555 /* common for both drives */
2556 if (!(ide_if[0].cmd & IDE_CMD_RESET) &&
2557 (val & IDE_CMD_RESET)) {
2558 /* reset low to high */
2559 for(i = 0;i < 2; i++) {
2560 s = &ide_if[i];
2561 s->status = BUSY_STAT | SEEK_STAT;
2562 s->error = 0x01;
2563 }
2564 } else if ((ide_if[0].cmd & IDE_CMD_RESET) &&
2565 !(val & IDE_CMD_RESET)) {
2566 /* high to low */
2567 for(i = 0;i < 2; i++) {
2568 s = &ide_if[i];
6b136f9e
FB		 2569 if (s->is_cdrom)
2570 s->status = 0x00; /* NOTE: READY is _not_ set */
2571 else
56bf1d37 2572 s->status = READY_STAT | SEEK_STAT;
5391d806
FB		 2573 ide_set_signature(s);
2574 }
2575 }
2576
2577 ide_if[0].cmd = val;
2578 ide_if[1].cmd = val;
2579}
2580
caed8802 2581static void ide_data_writew(void *opaque, uint32_t addr, uint32_t val)
5391d806 2582{
caed8802 2583 IDEState *s = ((IDEState *)opaque)->cur_drive;
5391d806
FB		 2584 uint8_t *p;
2585
fcdd25ab
AL		 2586 /* PIO data access allowed only when DRQ bit is set */
2587 if (!(s->status & DRQ_STAT))
2588 return;
2589
5391d806 2590 p = s->data_ptr;
0c4ad8dc 2591 *(uint16_t *)p = le16_to_cpu(val);
5391d806
FB		 2592 p += 2;
2593 s->data_ptr = p;
2594 if (p >= s->data_end)
2595 s->end_transfer_func(s);
2596}
2597
caed8802 2598static uint32_t ide_data_readw(void *opaque, uint32_t addr)
5391d806 2599{
caed8802 2600 IDEState *s = ((IDEState *)opaque)->cur_drive;
5391d806
FB		 2601 uint8_t *p;
2602 int ret;
fcdd25ab
AL		 2603
2604 /* PIO data access allowed only when DRQ bit is set */
2605 if (!(s->status & DRQ_STAT))
2606 return 0;
2607
5391d806 2608 p = s->data_ptr;
0c4ad8dc 2609 ret = cpu_to_le16(*(uint16_t *)p);
5391d806
FB		 2610 p += 2;
2611 s->data_ptr = p;
2612 if (p >= s->data_end)
2613 s->end_transfer_func(s);
2614 return ret;
2615}
2616
caed8802 2617static void ide_data_writel(void *opaque, uint32_t addr, uint32_t val)
5391d806 2618{
caed8802 2619 IDEState *s = ((IDEState *)opaque)->cur_drive;
5391d806
FB		 2620 uint8_t *p;
2621
fcdd25ab
AL		 2622 /* PIO data access allowed only when DRQ bit is set */
2623 if (!(s->status & DRQ_STAT))
2624 return;
2625
5391d806 2626 p = s->data_ptr;
0c4ad8dc 2627 *(uint32_t *)p = le32_to_cpu(val);
5391d806
FB		 2628 p += 4;
2629 s->data_ptr = p;
2630 if (p >= s->data_end)
2631 s->end_transfer_func(s);
2632}
2633
caed8802 2634static uint32_t ide_data_readl(void *opaque, uint32_t addr)
5391d806 2635{
caed8802 2636 IDEState *s = ((IDEState *)opaque)->cur_drive;
5391d806
FB		 2637 uint8_t *p;
2638 int ret;
3b46e624 2639
fcdd25ab
AL		 2640 /* PIO data access allowed only when DRQ bit is set */
2641 if (!(s->status & DRQ_STAT))
2642 return 0;
2643
5391d806 2644 p = s->data_ptr;
0c4ad8dc 2645 ret = cpu_to_le32(*(uint32_t *)p);
5391d806
FB		 2646 p += 4;
2647 s->data_ptr = p;
2648 if (p >= s->data_end)
2649 s->end_transfer_func(s);
2650 return ret;
2651}
2652
a7dfe172
FB		 2653static void ide_dummy_transfer_stop(IDEState *s)
2654{
2655 s->data_ptr = s->io_buffer;
2656 s->data_end = s->io_buffer;
2657 s->io_buffer[0] = 0xff;
2658 s->io_buffer[1] = 0xff;
2659 s->io_buffer[2] = 0xff;
2660 s->io_buffer[3] = 0xff;
2661}
2662
5391d806
FB		 2663static void ide_reset(IDEState *s)
2664{
201a51fc
AZ		 2665 if (s->is_cf)
2666 s->mult_sectors = 0;
2667 else
2668 s->mult_sectors = MAX_MULT_SECTORS;
5391d806
FB		 2669 s->cur_drive = s;
2670 s->select = 0xa0;
41a2b959 2671 s->status = READY_STAT | SEEK_STAT;
5391d806 2672 ide_set_signature(s);
a7dfe172
FB		 2673 /* init the transfer handler so that 0xffff is returned on data
2674 accesses */
2675 s->end_transfer_func = ide_dummy_transfer_stop;
2676 ide_dummy_transfer_stop(s);
201a51fc 2677 s->media_changed = 0;
5391d806
FB		 2678}
2679
5457c8ce
FB		 2680static void ide_init2(IDEState *ide_state,
2681 BlockDriverState *hd0, BlockDriverState *hd1,
d537cf6c 2682 qemu_irq irq)
5391d806 2683{
69b91039 2684 IDEState *s;
aedf5382 2685 static int drive_serial = 1;
f3d54fc4 2686 int i, cylinders, heads, secs;
96b8f136 2687 uint64_t nb_sectors;
5391d806 2688
caed8802
FB		 2689 for(i = 0; i < 2; i++) {
2690 s = ide_state + i;
1d8cde5b 2691 s->io_buffer = qemu_memalign(512, IDE_DMA_BUF_SECTORS*512 + 4);
caed8802
FB		 2692 if (i == 0)
2693 s->bs = hd0;
2694 else
2695 s->bs = hd1;
5391d806
FB		 2696 if (s->bs) {
2697 bdrv_get_geometry(s->bs, &nb_sectors);
f3d54fc4
AL		 2698 bdrv_guess_geometry(s->bs, &cylinders, &heads, &secs);
2699 s->cylinders = cylinders;
2700 s->heads = heads;
2701 s->sectors = secs;
5391d806 2702 s->nb_sectors = nb_sectors;
f3d54fc4 2703
caed8802
FB		 2704 if (bdrv_get_type_hint(s->bs) == BDRV_TYPE_CDROM) {
2705 s->is_cdrom = 1;
bd491d6a 2706 bdrv_set_change_cb(s->bs, cdrom_change_cb, s);
5391d806
FB		 2707 }
2708 }
aedf5382 2709 s->drive_serial = drive_serial++;
caed8802 2710 s->irq = irq;
5fafdf24 2711 s->sector_write_timer = qemu_new_timer(vm_clock,
a09db21f 2712 ide_sector_write_timer_cb, s);
5391d806
FB		 2713 ide_reset(s);
2714 }
69b91039
FB		 2715}
2716
34e538ae 2717static void ide_init_ioport(IDEState *ide_state, int iobase, int iobase2)
69b91039 2718{
caed8802
FB		 2719 register_ioport_write(iobase, 8, 1, ide_ioport_write, ide_state);
2720 register_ioport_read(iobase, 8, 1, ide_ioport_read, ide_state);
2721 if (iobase2) {
2722 register_ioport_read(iobase2, 1, 1, ide_status_read, ide_state);
2723 register_ioport_write(iobase2, 1, 1, ide_cmd_write, ide_state);
5391d806 2724 }
3b46e624 2725
caed8802
FB		 2726 /* data ports */
2727 register_ioport_write(iobase, 2, 2, ide_data_writew, ide_state);
2728 register_ioport_read(iobase, 2, 2, ide_data_readw, ide_state);
2729 register_ioport_write(iobase, 4, 4, ide_data_writel, ide_state);
2730 register_ioport_read(iobase, 4, 4, ide_data_readl, ide_state);
5391d806 2731}
69b91039 2732
aa941b94
AZ		 2733/* save per IDE drive data */
2734static void ide_save(QEMUFile* f, IDEState *s)
2735{
bee8d684
TS		 2736 qemu_put_be32(f, s->mult_sectors);
2737 qemu_put_be32(f, s->identify_set);
aa941b94
AZ		 2738 if (s->identify_set) {
2739 qemu_put_buffer(f, (const uint8_t *)s->identify_data, 512);
2740 }
2741 qemu_put_8s(f, &s->feature);
2742 qemu_put_8s(f, &s->error);
2743 qemu_put_be32s(f, &s->nsector);
2744 qemu_put_8s(f, &s->sector);
2745 qemu_put_8s(f, &s->lcyl);
2746 qemu_put_8s(f, &s->hcyl);
2747 qemu_put_8s(f, &s->hob_feature);
2748 qemu_put_8s(f, &s->hob_nsector);
2749 qemu_put_8s(f, &s->hob_sector);
2750 qemu_put_8s(f, &s->hob_lcyl);
2751 qemu_put_8s(f, &s->hob_hcyl);
2752 qemu_put_8s(f, &s->select);
2753 qemu_put_8s(f, &s->status);
2754 qemu_put_8s(f, &s->lba48);
2755
2756 qemu_put_8s(f, &s->sense_key);
2757 qemu_put_8s(f, &s->asc);
2758 /* XXX: if a transfer is pending, we do not save it yet */
2759}
2760
2761/* load per IDE drive data */
2762static void ide_load(QEMUFile* f, IDEState *s)
2763{
bee8d684
TS		 2764 s->mult_sectors=qemu_get_be32(f);
2765 s->identify_set=qemu_get_be32(f);
aa941b94
AZ		 2766 if (s->identify_set) {
2767 qemu_get_buffer(f, (uint8_t *)s->identify_data, 512);
2768 }
2769 qemu_get_8s(f, &s->feature);
2770 qemu_get_8s(f, &s->error);
2771 qemu_get_be32s(f, &s->nsector);
2772 qemu_get_8s(f, &s->sector);
2773 qemu_get_8s(f, &s->lcyl);
2774 qemu_get_8s(f, &s->hcyl);
2775 qemu_get_8s(f, &s->hob_feature);
2776 qemu_get_8s(f, &s->hob_nsector);
2777 qemu_get_8s(f, &s->hob_sector);
2778 qemu_get_8s(f, &s->hob_lcyl);
2779 qemu_get_8s(f, &s->hob_hcyl);
2780 qemu_get_8s(f, &s->select);
2781 qemu_get_8s(f, &s->status);
2782 qemu_get_8s(f, &s->lba48);
2783
2784 qemu_get_8s(f, &s->sense_key);
2785 qemu_get_8s(f, &s->asc);
2786 /* XXX: if a transfer is pending, we do not save it yet */
2787}
2788
34e538ae
FB		 2789/***********************************************************/
2790/* ISA IDE definitions */
2791
d537cf6c 2792void isa_ide_init(int iobase, int iobase2, qemu_irq irq,
34e538ae
FB		 2793 BlockDriverState *hd0, BlockDriverState *hd1)
2794{
2795 IDEState *ide_state;
2796
2797 ide_state = qemu_mallocz(sizeof(IDEState) * 2);
2798 if (!ide_state)
2799 return;
3b46e624 2800
d537cf6c 2801 ide_init2(ide_state, hd0, hd1, irq);
34e538ae
FB		 2802 ide_init_ioport(ide_state, iobase, iobase2);
2803}
2804
69b91039
FB		 2805/***********************************************************/
2806/* PCI IDE definitions */
2807
5457c8ce
FB		 2808static void cmd646_update_irq(PCIIDEState *d);
2809
5fafdf24 2810static void ide_map(PCIDevice *pci_dev, int region_num,
69b91039
FB		 2811 uint32_t addr, uint32_t size, int type)
2812{
2813 PCIIDEState *d = (PCIIDEState *)pci_dev;
2814 IDEState *ide_state;
2815
2816 if (region_num <= 3) {
2817 ide_state = &d->ide_if[(region_num >> 1) * 2];
2818 if (region_num & 1) {
2819 register_ioport_read(addr + 2, 1, 1, ide_status_read, ide_state);
2820 register_ioport_write(addr + 2, 1, 1, ide_cmd_write, ide_state);
2821 } else {
2822 register_ioport_write(addr, 8, 1, ide_ioport_write, ide_state);
2823 register_ioport_read(addr, 8, 1, ide_ioport_read, ide_state);
2824
2825 /* data ports */
2826 register_ioport_write(addr, 2, 2, ide_data_writew, ide_state);
2827 register_ioport_read(addr, 2, 2, ide_data_readw, ide_state);
2828 register_ioport_write(addr, 4, 4, ide_data_writel, ide_state);
2829 register_ioport_read(addr, 4, 4, ide_data_readl, ide_state);
2830 }
2831 }
2832}
2833
8ccad811 2834static void ide_dma_start(IDEState *s, BlockDriverCompletionFunc *dma_cb)
98087450
FB		 2835{
2836 BMDMAState *bm = s->bmdma;
2837 if(!bm)
2838 return;
2839 bm->ide_if = s;
2840 bm->dma_cb = dma_cb;
8ccad811
FB		 2841 bm->cur_prd_last = 0;
2842 bm->cur_prd_addr = 0;
2843 bm->cur_prd_len = 0;
98087450 2844 if (bm->status & BM_STATUS_DMAING) {
8ccad811 2845 bm->dma_cb(bm, 0);
98087450
FB		 2846 }
2847}
2848
72c7b06c
AL		 2849static void ide_dma_cancel(BMDMAState *bm)
2850{
2851 if (bm->status & BM_STATUS_DMAING) {
2852 bm->status &= ~BM_STATUS_DMAING;
2853 /* cancel DMA request */
2854 bm->ide_if = NULL;
2855 bm->dma_cb = NULL;
2856 if (bm->aiocb) {
2857#ifdef DEBUG_AIO
2858 printf("aio_cancel\n");
2859#endif
2860 bdrv_aio_cancel(bm->aiocb);
2861 bm->aiocb = NULL;
2862 }
2863 }
2864}
2865
98087450
FB		 2866static void bmdma_cmd_writeb(void *opaque, uint32_t addr, uint32_t val)
2867{
2868 BMDMAState *bm = opaque;
2869#ifdef DEBUG_IDE
2870 printf("%s: 0x%08x\n", __func__, val);
2871#endif
2872 if (!(val & BM_CMD_START)) {
2873 /* XXX: do it better */
72c7b06c 2874 ide_dma_cancel(bm);
98087450
FB		 2875 bm->cmd = val & 0x09;
2876 } else {
8ccad811
FB		 2877 if (!(bm->status & BM_STATUS_DMAING)) {
2878 bm->status |= BM_STATUS_DMAING;
2879 /* start dma transfer if possible */
2880 if (bm->dma_cb)
2881 bm->dma_cb(bm, 0);
2882 }
98087450 2883 bm->cmd = val & 0x09;
98087450
FB		 2884 }
2885}
2886
5457c8ce 2887static uint32_t bmdma_readb(void *opaque, uint32_t addr)
98087450
FB		 2888{
2889 BMDMAState *bm = opaque;
5457c8ce 2890 PCIIDEState *pci_dev;
98087450 2891 uint32_t val;
3b46e624 2892
5457c8ce 2893 switch(addr & 3) {
5fafdf24 2894 case 0:
5457c8ce
FB		 2895 val = bm->cmd;
2896 break;
2897 case 1:
2898 pci_dev = bm->pci_dev;
2899 if (pci_dev->type == IDE_TYPE_CMD646) {
2900 val = pci_dev->dev.config[MRDMODE];
2901 } else {
2902 val = 0xff;
2903 }
2904 break;
2905 case 2:
2906 val = bm->status;
2907 break;
2908 case 3:
2909 pci_dev = bm->pci_dev;
2910 if (pci_dev->type == IDE_TYPE_CMD646) {
2911 if (bm == &pci_dev->bmdma[0])
2912 val = pci_dev->dev.config[UDIDETCR0];
2913 else
2914 val = pci_dev->dev.config[UDIDETCR1];
2915 } else {
2916 val = 0xff;
2917 }
2918 break;
2919 default:
2920 val = 0xff;
2921 break;
2922 }
98087450 2923#ifdef DEBUG_IDE
5457c8ce 2924 printf("bmdma: readb 0x%02x : 0x%02x\n", addr, val);
98087450
FB		 2925#endif
2926 return val;
2927}
2928
5457c8ce 2929static void bmdma_writeb(void *opaque, uint32_t addr, uint32_t val)
98087450
FB		 2930{
2931 BMDMAState *bm = opaque;
5457c8ce 2932 PCIIDEState *pci_dev;
98087450 2933#ifdef DEBUG_IDE
5457c8ce 2934 printf("bmdma: writeb 0x%02x : 0x%02x\n", addr, val);
98087450 2935#endif
5457c8ce
FB		 2936 switch(addr & 3) {
2937 case 1:
2938 pci_dev = bm->pci_dev;
2939 if (pci_dev->type == IDE_TYPE_CMD646) {
5fafdf24 2940 pci_dev->dev.config[MRDMODE] =
5457c8ce
FB		 2941 (pci_dev->dev.config[MRDMODE] & ~0x30) | (val & 0x30);
2942 cmd646_update_irq(pci_dev);
2943 }
2944 break;
2945 case 2:
2946 bm->status = (val & 0x60) | (bm->status & 1) | (bm->status & ~val & 0x06);
2947 break;
2948 case 3:
2949 pci_dev = bm->pci_dev;
2950 if (pci_dev->type == IDE_TYPE_CMD646) {
2951 if (bm == &pci_dev->bmdma[0])
2952 pci_dev->dev.config[UDIDETCR0] = val;
2953 else
2954 pci_dev->dev.config[UDIDETCR1] = val;
2955 }
2956 break;
2957 }
98087450
FB		 2958}
2959
5b9a1293
AJ		 2960static uint32_t bmdma_addr_readb(void *opaque, uint32_t addr)
2961{
2962 BMDMAState *bm = opaque;
2963 uint32_t val;
2964 val = (bm->addr >> ((addr & 3) * 8)) & 0xff;
2965#ifdef DEBUG_IDE
2966 printf("%s: 0x%08x\n", __func__, val);
2967#endif
2968 return val;
2969}
2970
2971static void bmdma_addr_writeb(void *opaque, uint32_t addr, uint32_t val)
2972{
2973 BMDMAState *bm = opaque;
2974 int shift = (addr & 3) * 8;
2975#ifdef DEBUG_IDE
2976 printf("%s: 0x%08x\n", __func__, val);
2977#endif
2978 bm->addr &= ~(0xFF << shift);
2979 bm->addr |= ((val & 0xFF) << shift) & ~3;
2980 bm->cur_addr = bm->addr;
2981}
2982
2983static uint32_t bmdma_addr_readw(void *opaque, uint32_t addr)
2984{
2985 BMDMAState *bm = opaque;
2986 uint32_t val;
2987 val = (bm->addr >> ((addr & 3) * 8)) & 0xffff;
2988#ifdef DEBUG_IDE
2989 printf("%s: 0x%08x\n", __func__, val);
2990#endif
2991 return val;
2992}
2993
2994static void bmdma_addr_writew(void *opaque, uint32_t addr, uint32_t val)
2995{
2996 BMDMAState *bm = opaque;
2997 int shift = (addr & 3) * 8;
2998#ifdef DEBUG_IDE
2999 printf("%s: 0x%08x\n", __func__, val);
3000#endif
3001 bm->addr &= ~(0xFFFF << shift);
3002 bm->addr |= ((val & 0xFFFF) << shift) & ~3;
3003 bm->cur_addr = bm->addr;
3004}
3005
98087450
FB		 3006static uint32_t bmdma_addr_readl(void *opaque, uint32_t addr)
3007{
3008 BMDMAState *bm = opaque;
3009 uint32_t val;
3010 val = bm->addr;
3011#ifdef DEBUG_IDE
3012 printf("%s: 0x%08x\n", __func__, val);
3013#endif
3014 return val;
3015}
3016
3017static void bmdma_addr_writel(void *opaque, uint32_t addr, uint32_t val)
3018{
3019 BMDMAState *bm = opaque;
3020#ifdef DEBUG_IDE
3021 printf("%s: 0x%08x\n", __func__, val);
3022#endif
3023 bm->addr = val & ~3;
30c4bbac 3024 bm->cur_addr = bm->addr;
98087450
FB		 3025}
3026
5fafdf24 3027static void bmdma_map(PCIDevice *pci_dev, int region_num,
98087450
FB		 3028 uint32_t addr, uint32_t size, int type)
3029{
3030 PCIIDEState *d = (PCIIDEState *)pci_dev;
3031 int i;
3032
3033 for(i = 0;i < 2; i++) {
3034 BMDMAState *bm = &d->bmdma[i];
3035 d->ide_if[2 * i].bmdma = bm;
3036 d->ide_if[2 * i + 1].bmdma = bm;
5457c8ce
FB		 3037 bm->pci_dev = (PCIIDEState *)pci_dev;
3038
98087450 3039 register_ioport_write(addr, 1, 1, bmdma_cmd_writeb, bm);
98087450 3040
5457c8ce
FB		 3041 register_ioport_write(addr + 1, 3, 1, bmdma_writeb, bm);
3042 register_ioport_read(addr, 4, 1, bmdma_readb, bm);
98087450 3043
5b9a1293
AJ		 3044 register_ioport_write(addr + 4, 4, 1, bmdma_addr_writeb, bm);
3045 register_ioport_read(addr + 4, 4, 1, bmdma_addr_readb, bm);
3046 register_ioport_write(addr + 4, 4, 2, bmdma_addr_writew, bm);
3047 register_ioport_read(addr + 4, 4, 2, bmdma_addr_readw, bm);
98087450
FB		 3048 register_ioport_write(addr + 4, 4, 4, bmdma_addr_writel, bm);
3049 register_ioport_read(addr + 4, 4, 4, bmdma_addr_readl, bm);
3050 addr += 8;
3051 }
3052}
3053
5457c8ce
FB		 3054/* XXX: call it also when the MRDMODE is changed from the PCI config
3055 registers */
3056static void cmd646_update_irq(PCIIDEState *d)
3057{
3058 int pci_level;
3059 pci_level = ((d->dev.config[MRDMODE] & MRDMODE_INTR_CH0) &&
3060 !(d->dev.config[MRDMODE] & MRDMODE_BLK_CH0)) ||
3061 ((d->dev.config[MRDMODE] & MRDMODE_INTR_CH1) &&
3062 !(d->dev.config[MRDMODE] & MRDMODE_BLK_CH1));
d537cf6c 3063 qemu_set_irq(d->dev.irq[0], pci_level);
5457c8ce
FB		 3064}
3065
3066/* the PCI irq level is the logical OR of the two channels */
3067static void cmd646_set_irq(void *opaque, int channel, int level)
3068{
3069 PCIIDEState *d = opaque;
3070 int irq_mask;
3071
3072 irq_mask = MRDMODE_INTR_CH0 << channel;
3073 if (level)
3074 d->dev.config[MRDMODE] |= irq_mask;
3075 else
3076 d->dev.config[MRDMODE] &= ~irq_mask;
3077 cmd646_update_irq(d);
3078}
3079
3080/* CMD646 PCI IDE controller */
3081void pci_cmd646_ide_init(PCIBus *bus, BlockDriverState **hd_table,
3082 int secondary_ide_enabled)
69b91039
FB		 3083{
3084 PCIIDEState *d;
3085 uint8_t *pci_conf;
34e538ae 3086 int i;
d537cf6c 3087 qemu_irq *irq;
34e538ae 3088
5fafdf24 3089 d = (PCIIDEState *)pci_register_device(bus, "CMD646 IDE",
5457c8ce 3090 sizeof(PCIIDEState),
5fafdf24 3091 -1,
73c11f63 3092 NULL, NULL);
5457c8ce 3093 d->type = IDE_TYPE_CMD646;
69b91039 3094 pci_conf = d->dev.config;
5457c8ce
FB		 3095 pci_conf[0x00] = 0x95; // CMD646
3096 pci_conf[0x01] = 0x10;
3097 pci_conf[0x02] = 0x46;
3098 pci_conf[0x03] = 0x06;
3099
3100 pci_conf[0x08] = 0x07; // IDE controller revision
5fafdf24 3101 pci_conf[0x09] = 0x8f;
5457c8ce 3102
69b91039
FB		 3103 pci_conf[0x0a] = 0x01; // class_sub = PCI_IDE
3104 pci_conf[0x0b] = 0x01; // class_base = PCI_mass_storage
5457c8ce 3105 pci_conf[0x0e] = 0x00; // header_type
3b46e624 3106
5457c8ce
FB		 3107 if (secondary_ide_enabled) {
3108 /* XXX: if not enabled, really disable the seconday IDE controller */
3109 pci_conf[0x51] = 0x80; /* enable IDE1 */
3110 }
69b91039 3111
5fafdf24 3112 pci_register_io_region((PCIDevice *)d, 0, 0x8,
69b91039 3113 PCI_ADDRESS_SPACE_IO, ide_map);
5fafdf24 3114 pci_register_io_region((PCIDevice *)d, 1, 0x4,
69b91039 3115 PCI_ADDRESS_SPACE_IO, ide_map);
5fafdf24 3116 pci_register_io_region((PCIDevice *)d, 2, 0x8,
69b91039 3117 PCI_ADDRESS_SPACE_IO, ide_map);
5fafdf24 3118 pci_register_io_region((PCIDevice *)d, 3, 0x4,
69b91039 3119 PCI_ADDRESS_SPACE_IO, ide_map);
5fafdf24 3120 pci_register_io_region((PCIDevice *)d, 4, 0x10,
98087450 3121 PCI_ADDRESS_SPACE_IO, bmdma_map);
69b91039 3122
34e538ae 3123 pci_conf[0x3d] = 0x01; // interrupt on pin 1
3b46e624 3124
34e538ae
FB		 3125 for(i = 0; i < 4; i++)
3126 d->ide_if[i].pci_dev = (PCIDevice *)d;
d537cf6c
PB		 3127
3128 irq = qemu_allocate_irqs(cmd646_set_irq, d, 2);
3129 ide_init2(&d->ide_if[0], hd_table[0], hd_table[1], irq[0]);
3130 ide_init2(&d->ide_if[2], hd_table[2], hd_table[3], irq[1]);
34e538ae
FB		 3131}
3132
c3d78997
FB		 3133static void pci_ide_save(QEMUFile* f, void *opaque)
3134{
3135 PCIIDEState *d = opaque;
3136 int i;
3137
3138 pci_device_save(&d->dev, f);
3139
3140 for(i = 0; i < 2; i++) {
3141 BMDMAState *bm = &d->bmdma[i];
3142 qemu_put_8s(f, &bm->cmd);
3143 qemu_put_8s(f, &bm->status);
3144 qemu_put_be32s(f, &bm->addr);
3145 /* XXX: if a transfer is pending, we do not save it yet */
3146 }
3147
3148 /* per IDE interface data */
3149 for(i = 0; i < 2; i++) {
3150 IDEState *s = &d->ide_if[i * 2];
3151 uint8_t drive1_selected;
3152 qemu_put_8s(f, &s->cmd);
3153 drive1_selected = (s->cur_drive != s);
3154 qemu_put_8s(f, &drive1_selected);
3155 }
3156
3157 /* per IDE drive data */
3158 for(i = 0; i < 4; i++) {
aa941b94 3159 ide_save(f, &d->ide_if[i]);
c3d78997
FB		 3160 }
3161}
3162
3163static int pci_ide_load(QEMUFile* f, void *opaque, int version_id)
3164{
3165 PCIIDEState *d = opaque;
3166 int ret, i;
3167
3168 if (version_id != 1)
3169 return -EINVAL;
3170 ret = pci_device_load(&d->dev, f);
3171 if (ret < 0)
3172 return ret;
3173
3174 for(i = 0; i < 2; i++) {
3175 BMDMAState *bm = &d->bmdma[i];
3176 qemu_get_8s(f, &bm->cmd);
3177 qemu_get_8s(f, &bm->status);
3178 qemu_get_be32s(f, &bm->addr);
3179 /* XXX: if a transfer is pending, we do not save it yet */
3180 }
3181
3182 /* per IDE interface data */
3183 for(i = 0; i < 2; i++) {
3184 IDEState *s = &d->ide_if[i * 2];
3185 uint8_t drive1_selected;
3186 qemu_get_8s(f, &s->cmd);
3187 qemu_get_8s(f, &drive1_selected);
3188 s->cur_drive = &d->ide_if[i * 2 + (drive1_selected != 0)];
3189 }
3190
3191 /* per IDE drive data */
3192 for(i = 0; i < 4; i++) {
aa941b94 3193 ide_load(f, &d->ide_if[i]);
c3d78997
FB		 3194 }
3195 return 0;
3196}
3197
72c7b06c 3198static void piix3_reset(void *opaque)
e6a71ae3 3199{
72c7b06c 3200 PCIIDEState *d = opaque;
e6a71ae3 3201 uint8_t *pci_conf = d->dev.config;
72c7b06c
AL		 3202 int i;
3203
3204 for (i = 0; i < 2; i++)
3205 ide_dma_cancel(&d->bmdma[i]);
e6a71ae3
TS		 3206
3207 pci_conf[0x04] = 0x00;
3208 pci_conf[0x05] = 0x00;
3209 pci_conf[0x06] = 0x80; /* FBC */
3210 pci_conf[0x07] = 0x02; // PCI_status_devsel_medium
3211 pci_conf[0x20] = 0x01; /* BMIBA: 20-23h */
3212}
3213
34e538ae
FB		 3214/* hd_table must contain 4 block drivers */
3215/* NOTE: for the PIIX3, the IRQs and IOports are hardcoded */
d537cf6c
PB		 3216void pci_piix3_ide_init(PCIBus *bus, BlockDriverState **hd_table, int devfn,
3217 qemu_irq *pic)
34e538ae
FB		 3218{
3219 PCIIDEState *d;
3220 uint8_t *pci_conf;
3b46e624 3221
34e538ae 3222 /* register a function 1 of PIIX3 */
5fafdf24 3223 d = (PCIIDEState *)pci_register_device(bus, "PIIX3 IDE",
46e50e9d 3224 sizeof(PCIIDEState),
502a5395 3225 devfn,
34e538ae 3226 NULL, NULL);
5457c8ce
FB		 3227 d->type = IDE_TYPE_PIIX3;
3228
34e538ae
FB		 3229 pci_conf = d->dev.config;
3230 pci_conf[0x00] = 0x86; // Intel
3231 pci_conf[0x01] = 0x80;
3232 pci_conf[0x02] = 0x10;
3233 pci_conf[0x03] = 0x70;
92510b8c 3234 pci_conf[0x09] = 0x80; // legacy ATA mode
34e538ae
FB		 3235 pci_conf[0x0a] = 0x01; // class_sub = PCI_IDE
3236 pci_conf[0x0b] = 0x01; // class_base = PCI_mass_storage
3237 pci_conf[0x0e] = 0x00; // header_type
3238
72c7b06c 3239 qemu_register_reset(piix3_reset, d);
e6a71ae3
TS		 3240 piix3_reset(d);
3241
5fafdf24 3242 pci_register_io_region((PCIDevice *)d, 4, 0x10,
98087450 3243 PCI_ADDRESS_SPACE_IO, bmdma_map);
34e538ae 3244
d537cf6c
PB		 3245 ide_init2(&d->ide_if[0], hd_table[0], hd_table[1], pic[14]);
3246 ide_init2(&d->ide_if[2], hd_table[2], hd_table[3], pic[15]);
34e538ae
FB		 3247 ide_init_ioport(&d->ide_if[0], 0x1f0, 0x3f6);
3248 ide_init_ioport(&d->ide_if[2], 0x170, 0x376);
c3d78997
FB		 3249
3250 register_savevm("ide", 0, 1, pci_ide_save, pci_ide_load, d);
69b91039 3251}
1ade1de2 3252
afcc3cdf
TS		 3253/* hd_table must contain 4 block drivers */
3254/* NOTE: for the PIIX4, the IRQs and IOports are hardcoded */
3255void pci_piix4_ide_init(PCIBus *bus, BlockDriverState **hd_table, int devfn,
3256 qemu_irq *pic)
3257{
3258 PCIIDEState *d;
3259 uint8_t *pci_conf;
3260
3261 /* register a function 1 of PIIX4 */
3262 d = (PCIIDEState *)pci_register_device(bus, "PIIX4 IDE",
3263 sizeof(PCIIDEState),
3264 devfn,
3265 NULL, NULL);
3266 d->type = IDE_TYPE_PIIX4;
3267
3268 pci_conf = d->dev.config;
3269 pci_conf[0x00] = 0x86; // Intel
3270 pci_conf[0x01] = 0x80;
3271 pci_conf[0x02] = 0x11;
3272 pci_conf[0x03] = 0x71;
3273 pci_conf[0x09] = 0x80; // legacy ATA mode
3274 pci_conf[0x0a] = 0x01; // class_sub = PCI_IDE
3275 pci_conf[0x0b] = 0x01; // class_base = PCI_mass_storage
3276 pci_conf[0x0e] = 0x00; // header_type
3277
72c7b06c 3278 qemu_register_reset(piix3_reset, d);
afcc3cdf
TS		 3279 piix3_reset(d);
3280
3281 pci_register_io_region((PCIDevice *)d, 4, 0x10,
3282 PCI_ADDRESS_SPACE_IO, bmdma_map);
3283
3284 ide_init2(&d->ide_if[0], hd_table[0], hd_table[1], pic[14]);
3285 ide_init2(&d->ide_if[2], hd_table[2], hd_table[3], pic[15]);
3286 ide_init_ioport(&d->ide_if[0], 0x1f0, 0x3f6);
3287 ide_init_ioport(&d->ide_if[2], 0x170, 0x376);
3288
3289 register_savevm("ide", 0, 1, pci_ide_save, pci_ide_load, d);
3290}
3291
1ade1de2
FB		 3292/***********************************************************/
3293/* MacIO based PowerPC IDE */
3294
3295/* PowerMac IDE memory IO */
3296static void pmac_ide_writeb (void *opaque,
3297 target_phys_addr_t addr, uint32_t val)
3298{
5fafdf24 3299 addr = (addr & 0xFFF) >> 4;
1ade1de2
FB		 3300 switch (addr) {
3301 case 1 ... 7:
3302 ide_ioport_write(opaque, addr, val);
3303 break;
3304 case 8:
3305 case 22:
3306 ide_cmd_write(opaque, 0, val);
3307 break;
3308 default:
3309 break;
3310 }
3311}
3312
3313static uint32_t pmac_ide_readb (void *opaque,target_phys_addr_t addr)
3314{
3315 uint8_t retval;
3316
3317 addr = (addr & 0xFFF) >> 4;
3318 switch (addr) {
3319 case 1 ... 7:
3320 retval = ide_ioport_read(opaque, addr);
3321 break;
3322 case 8:
3323 case 22:
3324 retval = ide_status_read(opaque, 0);
3325 break;
3326 default:
3327 retval = 0xFF;
3328 break;
3329 }
3330 return retval;
3331}
3332
3333static void pmac_ide_writew (void *opaque,
3334 target_phys_addr_t addr, uint32_t val)
3335{
5fafdf24 3336 addr = (addr & 0xFFF) >> 4;
1ade1de2
FB		 3337#ifdef TARGET_WORDS_BIGENDIAN
3338 val = bswap16(val);
3339#endif
3340 if (addr == 0) {
3341 ide_data_writew(opaque, 0, val);
3342 }
3343}
3344
3345static uint32_t pmac_ide_readw (void *opaque,target_phys_addr_t addr)
3346{
3347 uint16_t retval;
3348
5fafdf24 3349 addr = (addr & 0xFFF) >> 4;
1ade1de2
FB		 3350 if (addr == 0) {
3351 retval = ide_data_readw(opaque, 0);
3352 } else {
3353 retval = 0xFFFF;
3354 }
3355#ifdef TARGET_WORDS_BIGENDIAN
3356 retval = bswap16(retval);
3357#endif
3358 return retval;
3359}
3360
3361static void pmac_ide_writel (void *opaque,
3362 target_phys_addr_t addr, uint32_t val)
3363{
5fafdf24 3364 addr = (addr & 0xFFF) >> 4;
1ade1de2
FB		 3365#ifdef TARGET_WORDS_BIGENDIAN
3366 val = bswap32(val);
3367#endif
3368 if (addr == 0) {
3369 ide_data_writel(opaque, 0, val);
3370 }
3371}
3372
3373static uint32_t pmac_ide_readl (void *opaque,target_phys_addr_t addr)
3374{
3375 uint32_t retval;
3376
5fafdf24 3377 addr = (addr & 0xFFF) >> 4;
1ade1de2
FB		 3378 if (addr == 0) {
3379 retval = ide_data_readl(opaque, 0);
3380 } else {
3381 retval = 0xFFFFFFFF;
3382 }
3383#ifdef TARGET_WORDS_BIGENDIAN
3384 retval = bswap32(retval);
3385#endif
3386 return retval;
3387}
3388
3389static CPUWriteMemoryFunc *pmac_ide_write[] = {
3390 pmac_ide_writeb,
3391 pmac_ide_writew,
3392 pmac_ide_writel,
3393};
3394
3395static CPUReadMemoryFunc *pmac_ide_read[] = {
3396 pmac_ide_readb,
3397 pmac_ide_readw,
3398 pmac_ide_readl,
3399};
3400
3401/* hd_table must contain 4 block drivers */
3402/* PowerMac uses memory mapped registers, not I/O. Return the memory
3403 I/O index to access the ide. */
d537cf6c 3404int pmac_ide_init (BlockDriverState **hd_table, qemu_irq irq)
1ade1de2
FB		 3405{
3406 IDEState *ide_if;
3407 int pmac_ide_memory;
3408
3409 ide_if = qemu_mallocz(sizeof(IDEState) * 2);
d537cf6c 3410 ide_init2(&ide_if[0], hd_table[0], hd_table[1], irq);
3b46e624 3411
1ade1de2
FB		 3412 pmac_ide_memory = cpu_register_io_memory(0, pmac_ide_read,
3413 pmac_ide_write, &ide_if[0]);
3414 return pmac_ide_memory;
3415}
201a51fc 3416
a4a771c0
AZ		 3417/***********************************************************/
3418/* MMIO based ide port
3419 * This emulates IDE device connected directly to the CPU bus without
3420 * dedicated ide controller, which is often seen on embedded boards.
3421 */
3422
3423typedef struct {
3424 void *dev;
3425 int shift;
3426} MMIOState;
3427
3428static uint32_t mmio_ide_read (void *opaque, target_phys_addr_t addr)
3429{
3430 MMIOState *s = (MMIOState*)opaque;
3431 IDEState *ide = (IDEState*)s->dev;
3432 addr >>= s->shift;
3433 if (addr & 7)
3434 return ide_ioport_read(ide, addr);
3435 else
3436 return ide_data_readw(ide, 0);
3437}
3438
3439static void mmio_ide_write (void *opaque, target_phys_addr_t addr,
3440 uint32_t val)
3441{
3442 MMIOState *s = (MMIOState*)opaque;
3443 IDEState *ide = (IDEState*)s->dev;
3444 addr >>= s->shift;
3445 if (addr & 7)
3446 ide_ioport_write(ide, addr, val);
3447 else
3448 ide_data_writew(ide, 0, val);
3449}
3450
3451static CPUReadMemoryFunc *mmio_ide_reads[] = {
3452 mmio_ide_read,
3453 mmio_ide_read,
3454 mmio_ide_read,
3455};
3456
3457static CPUWriteMemoryFunc *mmio_ide_writes[] = {
3458 mmio_ide_write,
3459 mmio_ide_write,
3460 mmio_ide_write,
3461};
3462
3463static uint32_t mmio_ide_status_read (void *opaque, target_phys_addr_t addr)
3464{
3465 MMIOState *s= (MMIOState*)opaque;
3466 IDEState *ide = (IDEState*)s->dev;
3467 return ide_status_read(ide, 0);
3468}
3469
3470static void mmio_ide_cmd_write (void *opaque, target_phys_addr_t addr,
3471 uint32_t val)
3472{
3473 MMIOState *s = (MMIOState*)opaque;
3474 IDEState *ide = (IDEState*)s->dev;
3475 ide_cmd_write(ide, 0, val);
3476}
3477
3478static CPUReadMemoryFunc *mmio_ide_status[] = {
3479 mmio_ide_status_read,
3480 mmio_ide_status_read,
3481 mmio_ide_status_read,
3482};
3483
3484static CPUWriteMemoryFunc *mmio_ide_cmd[] = {
3485 mmio_ide_cmd_write,
3486 mmio_ide_cmd_write,
3487 mmio_ide_cmd_write,
3488};
3489
3490void mmio_ide_init (target_phys_addr_t membase, target_phys_addr_t membase2,
3491 qemu_irq irq, int shift,
3492 BlockDriverState *hd0, BlockDriverState *hd1)
3493{
3494 MMIOState *s = qemu_mallocz(sizeof(MMIOState));
3495 IDEState *ide = qemu_mallocz(sizeof(IDEState) * 2);
3496 int mem1, mem2;
3497
3498 ide_init2(ide, hd0, hd1, irq);
3499
3500 s->dev = ide;
3501 s->shift = shift;
3502
3503 mem1 = cpu_register_io_memory(0, mmio_ide_reads, mmio_ide_writes, s);
3504 mem2 = cpu_register_io_memory(0, mmio_ide_status, mmio_ide_cmd, s);
3505 cpu_register_physical_memory(membase, 16 << shift, mem1);
3506 cpu_register_physical_memory(membase2, 2 << shift, mem2);
3507}
3508
201a51fc
AZ		 3509/***********************************************************/
3510/* CF-ATA Microdrive */
3511
3512#define METADATA_SIZE 0x20
3513
3514/* DSCM-1XXXX Microdrive hard disk with CF+ II / PCMCIA interface. */
3515struct md_s {
3516 IDEState ide[2];
3517 struct pcmcia_card_s card;
3518 uint32_t attr_base;
3519 uint32_t io_base;
3520
3521 /* Card state */
3522 uint8_t opt;
3523 uint8_t stat;
3524 uint8_t pins;
3525
3526 uint8_t ctrl;
3527 uint16_t io;
3528 int cycle;
3529};
3530
3531/* Register bitfields */
3532enum md_opt {
3533 OPT_MODE_MMAP = 0,
3534 OPT_MODE_IOMAP16 = 1,
3535 OPT_MODE_IOMAP1 = 2,
3536 OPT_MODE_IOMAP2 = 3,
3537 OPT_MODE = 0x3f,
3538 OPT_LEVIREQ = 0x40,
3539 OPT_SRESET = 0x80,
3540};
3541enum md_cstat {
3542 STAT_INT = 0x02,
3543 STAT_PWRDWN = 0x04,
3544 STAT_XE = 0x10,
3545 STAT_IOIS8 = 0x20,
3546 STAT_SIGCHG = 0x40,
3547 STAT_CHANGED = 0x80,
3548};
3549enum md_pins {
3550 PINS_MRDY = 0x02,
3551 PINS_CRDY = 0x20,
3552};
3553enum md_ctrl {
3554 CTRL_IEN = 0x02,
3555 CTRL_SRST = 0x04,
3556};
3557
3558static inline void md_interrupt_update(struct md_s *s)
3559{
3560 if (!s->card.slot)
3561 return;
3562
3563 qemu_set_irq(s->card.slot->irq,
3564 !(s->stat & STAT_INT) && /* Inverted */
3565 !(s->ctrl & (CTRL_IEN | CTRL_SRST)) &&
3566 !(s->opt & OPT_SRESET));
3567}
3568
3569static void md_set_irq(void *opaque, int irq, int level)
3570{
3571 struct md_s *s = (struct md_s *) opaque;
3572 if (level)
3573 s->stat |= STAT_INT;
3574 else
3575 s->stat &= ~STAT_INT;
3576
3577 md_interrupt_update(s);
3578}
3579
3580static void md_reset(struct md_s *s)
3581{
3582 s->opt = OPT_MODE_MMAP;
3583 s->stat = 0;
3584 s->pins = 0;
3585 s->cycle = 0;
3586 s->ctrl = 0;
3587 ide_reset(s->ide);
3588}
3589
9e315fa9 3590static uint8_t md_attr_read(void *opaque, uint32_t at)
201a51fc
AZ		 3591{
3592 struct md_s *s = (struct md_s *) opaque;
3593 if (at < s->attr_base) {
3594 if (at < s->card.cis_len)
3595 return s->card.cis[at];
3596 else
3597 return 0x00;
3598 }
3599
3600 at -= s->attr_base;
3601
3602 switch (at) {
3603 case 0x00: /* Configuration Option Register */
3604 return s->opt;
3605 case 0x02: /* Card Configuration Status Register */
3606 if (s->ctrl & CTRL_IEN)
3607 return s->stat & ~STAT_INT;
3608 else
3609 return s->stat;
3610 case 0x04: /* Pin Replacement Register */
3611 return (s->pins & PINS_CRDY) | 0x0c;
3612 case 0x06: /* Socket and Copy Register */
3613 return 0x00;
3614#ifdef VERBOSE
3615 default:
3616 printf("%s: Bad attribute space register %02x\n", __FUNCTION__, at);
3617#endif
3618 }
3619
3620 return 0;
3621}
3622
9e315fa9 3623static void md_attr_write(void *opaque, uint32_t at, uint8_t value)
201a51fc
AZ		 3624{
3625 struct md_s *s = (struct md_s *) opaque;
3626 at -= s->attr_base;
3627
3628 switch (at) {
3629 case 0x00: /* Configuration Option Register */
3630 s->opt = value & 0xcf;
3631 if (value & OPT_SRESET)
3632 md_reset(s);
3633 md_interrupt_update(s);
3634 break;
3635 case 0x02: /* Card Configuration Status Register */
3636 if ((s->stat ^ value) & STAT_PWRDWN)
3637 s->pins |= PINS_CRDY;
3638 s->stat &= 0x82;
3639 s->stat |= value & 0x74;
3640 md_interrupt_update(s);
3641 /* Word 170 in Identify Device must be equal to STAT_XE */
3642 break;
3643 case 0x04: /* Pin Replacement Register */
3644 s->pins &= PINS_CRDY;
3645 s->pins |= value & PINS_MRDY;
3646 break;
3647 case 0x06: /* Socket and Copy Register */
3648 break;
3649 default:
3650 printf("%s: Bad attribute space register %02x\n", __FUNCTION__, at);
3651 }
3652}
3653
9e315fa9 3654static uint16_t md_common_read(void *opaque, uint32_t at)
201a51fc
AZ		 3655{
3656 struct md_s *s = (struct md_s *) opaque;
3657 uint16_t ret;
3658 at -= s->io_base;
3659
3660 switch (s->opt & OPT_MODE) {
3661 case OPT_MODE_MMAP:
3662 if ((at & ~0x3ff) == 0x400)
3663 at = 0;
3664 break;
3665 case OPT_MODE_IOMAP16:
3666 at &= 0xf;
3667 break;
3668 case OPT_MODE_IOMAP1:
3669 if ((at & ~0xf) == 0x3f0)
3670 at -= 0x3e8;
3671 else if ((at & ~0xf) == 0x1f0)
3672 at -= 0x1f0;
3673 break;
3674 case OPT_MODE_IOMAP2:
3675 if ((at & ~0xf) == 0x370)
3676 at -= 0x368;
3677 else if ((at & ~0xf) == 0x170)
3678 at -= 0x170;
3679 }
3680
3681 switch (at) {
3682 case 0x0: /* Even RD Data */
3683 case 0x8:
3684 return ide_data_readw(s->ide, 0);
3685
3686 /* TODO: 8-bit accesses */
3687 if (s->cycle)
3688 ret = s->io >> 8;
3689 else {
3690 s->io = ide_data_readw(s->ide, 0);
3691 ret = s->io & 0xff;
3692 }
3693 s->cycle = !s->cycle;
3694 return ret;
3695 case 0x9: /* Odd RD Data */
3696 return s->io >> 8;
3697 case 0xd: /* Error */
3698 return ide_ioport_read(s->ide, 0x1);
3699 case 0xe: /* Alternate Status */
3700 if (s->ide->cur_drive->bs)
3701 return s->ide->cur_drive->status;
3702 else
3703 return 0;
3704 case 0xf: /* Device Address */
3705 return 0xc2 | ((~s->ide->select << 2) & 0x3c);
3706 default:
3707 return ide_ioport_read(s->ide, at);
3708 }
3709
3710 return 0;
3711}
3712
9e315fa9 3713static void md_common_write(void *opaque, uint32_t at, uint16_t value)
201a51fc
AZ		 3714{
3715 struct md_s *s = (struct md_s *) opaque;
3716 at -= s->io_base;
3717
3718 switch (s->opt & OPT_MODE) {
3719 case OPT_MODE_MMAP:
3720 if ((at & ~0x3ff) == 0x400)
3721 at = 0;
3722 break;
3723 case OPT_MODE_IOMAP16:
3724 at &= 0xf;
3725 break;
3726 case OPT_MODE_IOMAP1:
3727 if ((at & ~0xf) == 0x3f0)
3728 at -= 0x3e8;
3729 else if ((at & ~0xf) == 0x1f0)
3730 at -= 0x1f0;
3731 break;
3732 case OPT_MODE_IOMAP2:
3733 if ((at & ~0xf) == 0x370)
3734 at -= 0x368;
3735 else if ((at & ~0xf) == 0x170)
3736 at -= 0x170;
3737 }
3738
3739 switch (at) {
3740 case 0x0: /* Even WR Data */
3741 case 0x8:
3742 ide_data_writew(s->ide, 0, value);
3743 break;
3744
3745 /* TODO: 8-bit accesses */
3746 if (s->cycle)
3747 ide_data_writew(s->ide, 0, s->io | (value << 8));
3748 else
3749 s->io = value & 0xff;
3750 s->cycle = !s->cycle;
3751 break;
3752 case 0x9:
3753 s->io = value & 0xff;
3754 s->cycle = !s->cycle;
3755 break;
3756 case 0xd: /* Features */
3757 ide_ioport_write(s->ide, 0x1, value);
3758 break;
3759 case 0xe: /* Device Control */
3760 s->ctrl = value;
3761 if (value & CTRL_SRST)
3762 md_reset(s);
3763 md_interrupt_update(s);
3764 break;
3765 default:
3766 if (s->stat & STAT_PWRDWN) {
3767 s->pins |= PINS_CRDY;
3768 s->stat &= ~STAT_PWRDWN;
3769 }
3770 ide_ioport_write(s->ide, at, value);
3771 }
3772}
3773
aa941b94
AZ		 3774static void md_save(QEMUFile *f, void *opaque)
3775{
3776 struct md_s *s = (struct md_s *) opaque;
3777 int i;
3778 uint8_t drive1_selected;
3779
3780 qemu_put_8s(f, &s->opt);
3781 qemu_put_8s(f, &s->stat);
3782 qemu_put_8s(f, &s->pins);
3783
3784 qemu_put_8s(f, &s->ctrl);
3785 qemu_put_be16s(f, &s->io);
3786 qemu_put_byte(f, s->cycle);
3787
3788 drive1_selected = (s->ide->cur_drive != s->ide);
3789 qemu_put_8s(f, &s->ide->cmd);
3790 qemu_put_8s(f, &drive1_selected);
3791
3792 for (i = 0; i < 2; i ++)
3793 ide_save(f, &s->ide[i]);
3794}
3795
3796static int md_load(QEMUFile *f, void *opaque, int version_id)
3797{
3798 struct md_s *s = (struct md_s *) opaque;
3799 int i;
3800 uint8_t drive1_selected;
3801
3802 qemu_get_8s(f, &s->opt);
3803 qemu_get_8s(f, &s->stat);
3804 qemu_get_8s(f, &s->pins);
3805
3806 qemu_get_8s(f, &s->ctrl);
3807 qemu_get_be16s(f, &s->io);
3808 s->cycle = qemu_get_byte(f);
3809
3810 qemu_get_8s(f, &s->ide->cmd);
3811 qemu_get_8s(f, &drive1_selected);
3812 s->ide->cur_drive = &s->ide[(drive1_selected != 0)];
3813
3814 for (i = 0; i < 2; i ++)
3815 ide_load(f, &s->ide[i]);
3816
3817 return 0;
3818}
3819
201a51fc
AZ		 3820static const uint8_t dscm1xxxx_cis[0x14a] = {
3821 [0x000] = CISTPL_DEVICE, /* 5V Device Information */
3822 [0x002] = 0x03, /* Tuple length = 4 bytes */
3823 [0x004] = 0xdb, /* ID: DTYPE_FUNCSPEC, non WP, DSPEED_150NS */
3824 [0x006] = 0x01, /* Size = 2K bytes */
3825 [0x008] = CISTPL_ENDMARK,
3826
3827 [0x00a] = CISTPL_DEVICE_OC, /* Additional Device Information */
3828 [0x00c] = 0x04, /* Tuple length = 4 byest */
3829 [0x00e] = 0x03, /* Conditions: Ext = 0, Vcc 3.3V, MWAIT = 1 */
3830 [0x010] = 0xdb, /* ID: DTYPE_FUNCSPEC, non WP, DSPEED_150NS */
3831 [0x012] = 0x01, /* Size = 2K bytes */
3832 [0x014] = CISTPL_ENDMARK,
3833
3834 [0x016] = CISTPL_JEDEC_C, /* JEDEC ID */
3835 [0x018] = 0x02, /* Tuple length = 2 bytes */
3836 [0x01a] = 0xdf, /* PC Card ATA with no Vpp required */
3837 [0x01c] = 0x01,
3838
3839 [0x01e] = CISTPL_MANFID, /* Manufacture ID */
3840 [0x020] = 0x04, /* Tuple length = 4 bytes */
3841 [0x022] = 0xa4, /* TPLMID_MANF = 00a4 (IBM) */
3842 [0x024] = 0x00,
3843 [0x026] = 0x00, /* PLMID_CARD = 0000 */
3844 [0x028] = 0x00,
3845
3846 [0x02a] = CISTPL_VERS_1, /* Level 1 Version */
3847 [0x02c] = 0x12, /* Tuple length = 23 bytes */
3848 [0x02e] = 0x04, /* Major Version = JEIDA 4.2 / PCMCIA 2.1 */
3849 [0x030] = 0x01, /* Minor Version = 1 */
3850 [0x032] = 'I',
3851 [0x034] = 'B',
3852 [0x036] = 'M',
3853 [0x038] = 0x00,
3854 [0x03a] = 'm',
3855 [0x03c] = 'i',
3856 [0x03e] = 'c',
3857 [0x040] = 'r',
3858 [0x042] = 'o',
3859 [0x044] = 'd',
3860 [0x046] = 'r',
3861 [0x048] = 'i',
3862 [0x04a] = 'v',
3863 [0x04c] = 'e',
3864 [0x04e] = 0x00,
3865 [0x050] = CISTPL_ENDMARK,
3866
3867 [0x052] = CISTPL_FUNCID, /* Function ID */
3868 [0x054] = 0x02, /* Tuple length = 2 bytes */
3869 [0x056] = 0x04, /* TPLFID_FUNCTION = Fixed Disk */
3870 [0x058] = 0x01, /* TPLFID_SYSINIT: POST = 1, ROM = 0 */
3871
3872 [0x05a] = CISTPL_FUNCE, /* Function Extension */
3873 [0x05c] = 0x02, /* Tuple length = 2 bytes */
3874 [0x05e] = 0x01, /* TPLFE_TYPE = Disk Device Interface */
3875 [0x060] = 0x01, /* TPLFE_DATA = PC Card ATA Interface */
3876
3877 [0x062] = CISTPL_FUNCE, /* Function Extension */
3878 [0x064] = 0x03, /* Tuple length = 3 bytes */
3879 [0x066] = 0x02, /* TPLFE_TYPE = Basic PC Card ATA Interface */
3880 [0x068] = 0x08, /* TPLFE_DATA: Rotating, Unique, Single */
3881 [0x06a] = 0x0f, /* TPLFE_DATA: Sleep, Standby, Idle, Auto */
3882
3883 [0x06c] = CISTPL_CONFIG, /* Configuration */
3884 [0x06e] = 0x05, /* Tuple length = 5 bytes */
3885 [0x070] = 0x01, /* TPCC_RASZ = 2 bytes, TPCC_RMSZ = 1 byte */
3886 [0x072] = 0x07, /* TPCC_LAST = 7 */
3887 [0x074] = 0x00, /* TPCC_RADR = 0200 */
3888 [0x076] = 0x02,
3889 [0x078] = 0x0f, /* TPCC_RMSK = 200, 202, 204, 206 */
3890
3891 [0x07a] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
3892 [0x07c] = 0x0b, /* Tuple length = 11 bytes */
3893 [0x07e] = 0xc0, /* TPCE_INDX = Memory Mode, Default, Iface */
3894 [0x080] = 0xc0, /* TPCE_IF = Memory, no BVDs, no WP, READY */
3895 [0x082] = 0xa1, /* TPCE_FS = Vcc only, no I/O, Memory, Misc */
3896 [0x084] = 0x27, /* NomV = 1, MinV = 1, MaxV = 1, Peakl = 1 */
3897 [0x086] = 0x55, /* NomV: 5.0 V */
3898 [0x088] = 0x4d, /* MinV: 4.5 V */
3899 [0x08a] = 0x5d, /* MaxV: 5.5 V */
3900 [0x08c] = 0x4e, /* Peakl: 450 mA */
3901 [0x08e] = 0x08, /* TPCE_MS = 1 window, 1 byte, Host address */
3902 [0x090] = 0x00, /* Window descriptor: Window length = 0 */
3903 [0x092] = 0x20, /* TPCE_MI: support power down mode, RW */
3904
3905 [0x094] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
3906 [0x096] = 0x06, /* Tuple length = 6 bytes */
3907 [0x098] = 0x00, /* TPCE_INDX = Memory Mode, no Default */
3908 [0x09a] = 0x01, /* TPCE_FS = Vcc only, no I/O, no Memory */
3909 [0x09c] = 0x21, /* NomV = 1, MinV = 0, MaxV = 0, Peakl = 1 */
3910 [0x09e] = 0xb5, /* NomV: 3.3 V */
3911 [0x0a0] = 0x1e,
3912 [0x0a2] = 0x3e, /* Peakl: 350 mA */
3913
3914 [0x0a4] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
3915 [0x0a6] = 0x0d, /* Tuple length = 13 bytes */
3916 [0x0a8] = 0xc1, /* TPCE_INDX = I/O and Memory Mode, Default */
3917 [0x0aa] = 0x41, /* TPCE_IF = I/O and Memory, no BVD, no WP */
3918 [0x0ac] = 0x99, /* TPCE_FS = Vcc only, I/O, Interrupt, Misc */
3919 [0x0ae] = 0x27, /* NomV = 1, MinV = 1, MaxV = 1, Peakl = 1 */
3920 [0x0b0] = 0x55, /* NomV: 5.0 V */
3921 [0x0b2] = 0x4d, /* MinV: 4.5 V */
3922 [0x0b4] = 0x5d, /* MaxV: 5.5 V */
3923 [0x0b6] = 0x4e, /* Peakl: 450 mA */
3924 [0x0b8] = 0x64, /* TPCE_IO = 16-byte boundary, 16/8 accesses */
3925 [0x0ba] = 0xf0, /* TPCE_IR = MASK, Level, Pulse, Share */
3926 [0x0bc] = 0xff, /* IRQ0..IRQ7 supported */
3927 [0x0be] = 0xff, /* IRQ8..IRQ15 supported */
3928 [0x0c0] = 0x20, /* TPCE_MI = support power down mode */
3929
3930 [0x0c2] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
3931 [0x0c4] = 0x06, /* Tuple length = 6 bytes */
3932 [0x0c6] = 0x01, /* TPCE_INDX = I/O and Memory Mode */
3933 [0x0c8] = 0x01, /* TPCE_FS = Vcc only, no I/O, no Memory */
3934 [0x0ca] = 0x21, /* NomV = 1, MinV = 0, MaxV = 0, Peakl = 1 */
3935 [0x0cc] = 0xb5, /* NomV: 3.3 V */
3936 [0x0ce] = 0x1e,
3937 [0x0d0] = 0x3e, /* Peakl: 350 mA */
3938
3939 [0x0d2] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
3940 [0x0d4] = 0x12, /* Tuple length = 18 bytes */
3941 [0x0d6] = 0xc2, /* TPCE_INDX = I/O Primary Mode */
3942 [0x0d8] = 0x41, /* TPCE_IF = I/O and Memory, no BVD, no WP */
3943 [0x0da] = 0x99, /* TPCE_FS = Vcc only, I/O, Interrupt, Misc */
3944 [0x0dc] = 0x27, /* NomV = 1, MinV = 1, MaxV = 1, Peakl = 1 */
3945 [0x0de] = 0x55, /* NomV: 5.0 V */
3946 [0x0e0] = 0x4d, /* MinV: 4.5 V */
3947 [0x0e2] = 0x5d, /* MaxV: 5.5 V */
3948 [0x0e4] = 0x4e, /* Peakl: 450 mA */
3949 [0x0e6] = 0xea, /* TPCE_IO = 1K boundary, 16/8 access, Range */
3950 [0x0e8] = 0x61, /* Range: 2 fields, 2 bytes addr, 1 byte len */
3951 [0x0ea] = 0xf0, /* Field 1 address = 0x01f0 */
3952 [0x0ec] = 0x01,
3953 [0x0ee] = 0x07, /* Address block length = 8 */
3954 [0x0f0] = 0xf6, /* Field 2 address = 0x03f6 */
3955 [0x0f2] = 0x03,
3956 [0x0f4] = 0x01, /* Address block length = 2 */
3957 [0x0f6] = 0xee, /* TPCE_IR = IRQ E, Level, Pulse, Share */
3958 [0x0f8] = 0x20, /* TPCE_MI = support power down mode */
3959
3960 [0x0fa] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
3961 [0x0fc] = 0x06, /* Tuple length = 6 bytes */
3962 [0x0fe] = 0x02, /* TPCE_INDX = I/O Primary Mode, no Default */
3963 [0x100] = 0x01, /* TPCE_FS = Vcc only, no I/O, no Memory */
3964 [0x102] = 0x21, /* NomV = 1, MinV = 0, MaxV = 0, Peakl = 1 */
3965 [0x104] = 0xb5, /* NomV: 3.3 V */
3966 [0x106] = 0x1e,
3967 [0x108] = 0x3e, /* Peakl: 350 mA */
3968
3969 [0x10a] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
3970 [0x10c] = 0x12, /* Tuple length = 18 bytes */
3971 [0x10e] = 0xc3, /* TPCE_INDX = I/O Secondary Mode, Default */
3972 [0x110] = 0x41, /* TPCE_IF = I/O and Memory, no BVD, no WP */
3973 [0x112] = 0x99, /* TPCE_FS = Vcc only, I/O, Interrupt, Misc */
3974 [0x114] = 0x27, /* NomV = 1, MinV = 1, MaxV = 1, Peakl = 1 */
3975 [0x116] = 0x55, /* NomV: 5.0 V */
3976 [0x118] = 0x4d, /* MinV: 4.5 V */
3977 [0x11a] = 0x5d, /* MaxV: 5.5 V */
3978 [0x11c] = 0x4e, /* Peakl: 450 mA */
3979 [0x11e] = 0xea, /* TPCE_IO = 1K boundary, 16/8 access, Range */
3980 [0x120] = 0x61, /* Range: 2 fields, 2 byte addr, 1 byte len */
3981 [0x122] = 0x70, /* Field 1 address = 0x0170 */
3982 [0x124] = 0x01,
3983 [0x126] = 0x07, /* Address block length = 8 */
3984 [0x128] = 0x76, /* Field 2 address = 0x0376 */
3985 [0x12a] = 0x03,
3986 [0x12c] = 0x01, /* Address block length = 2 */
3987 [0x12e] = 0xee, /* TPCE_IR = IRQ E, Level, Pulse, Share */
3988 [0x130] = 0x20, /* TPCE_MI = support power down mode */
3989
3990 [0x132] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
3991 [0x134] = 0x06, /* Tuple length = 6 bytes */
3992 [0x136] = 0x03, /* TPCE_INDX = I/O Secondary Mode */
3993 [0x138] = 0x01, /* TPCE_FS = Vcc only, no I/O, no Memory */
3994 [0x13a] = 0x21, /* NomV = 1, MinV = 0, MaxV = 0, Peakl = 1 */
3995 [0x13c] = 0xb5, /* NomV: 3.3 V */
3996 [0x13e] = 0x1e,
3997 [0x140] = 0x3e, /* Peakl: 350 mA */
3998
3999 [0x142] = CISTPL_NO_LINK, /* No Link */
4000 [0x144] = 0x00, /* Tuple length = 0 bytes */
4001
4002 [0x146] = CISTPL_END, /* Tuple End */
4003};
4004
4005static int dscm1xxxx_attach(void *opaque)
4006{
4007 struct md_s *md = (struct md_s *) opaque;
4008 md->card.attr_read = md_attr_read;
4009 md->card.attr_write = md_attr_write;
4010 md->card.common_read = md_common_read;
4011 md->card.common_write = md_common_write;
4012 md->card.io_read = md_common_read;
4013 md->card.io_write = md_common_write;
4014
4015 md->attr_base = md->card.cis[0x74] | (md->card.cis[0x76] << 8);
4016 md->io_base = 0x0;
4017
4018 md_reset(md);
4019 md_interrupt_update(md);
4020
4021 md->card.slot->card_string = "DSCM-1xxxx Hitachi Microdrive";
4022 return 0;
4023}
4024
4025static int dscm1xxxx_detach(void *opaque)
4026{
4027 struct md_s *md = (struct md_s *) opaque;
4028 md_reset(md);
4029 return 0;
4030}
4031
4032struct pcmcia_card_s *dscm1xxxx_init(BlockDriverState *bdrv)
4033{
4034 struct md_s *md = (struct md_s *) qemu_mallocz(sizeof(struct md_s));
4035 md->card.state = md;
4036 md->card.attach = dscm1xxxx_attach;
4037 md->card.detach = dscm1xxxx_detach;
4038 md->card.cis = dscm1xxxx_cis;
4039 md->card.cis_len = sizeof(dscm1xxxx_cis);
4040
4041 ide_init2(md->ide, bdrv, 0, qemu_allocate_irqs(md_set_irq, md, 1)[0]);
4042 md->ide->is_cf = 1;
4043 md->ide->mdata_size = METADATA_SIZE;
4044 md->ide->mdata_storage = (uint8_t *) qemu_mallocz(METADATA_SIZE);
aa941b94 4045
18be5187 4046 register_savevm("microdrive", -1, 0, md_save, md_load, md);
aa941b94 4047
201a51fc
AZ		 4048 return &md->card;
4049}
QEMU mirror