]> git.proxmox.com Git - qemu.git/blame - hw/ide.c
projects / qemu.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
CRTC register write protection fix - line_compare, multi_scan and double_scan fixes
[qemu.git] / hw / ide.c
CommitLineData
5391d806
FB		 1/*
2 * QEMU IDE disk and CD-ROM Emulator
3 *
4 * Copyright (c) 2003 Fabrice Bellard
5 *
6 * Permission is hereby granted, free of charge, to any person obtaining a copy
7 * of this software and associated documentation files (the "Software"), to deal
8 * in the Software without restriction, including without limitation the rights
9 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
10 * copies of the Software, and to permit persons to whom the Software is
11 * furnished to do so, subject to the following conditions:
12 *
13 * The above copyright notice and this permission notice shall be included in
14 * all copies or substantial portions of the Software.
15 *
16 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
17 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
18 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
19 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
20 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
21 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
22 * THE SOFTWARE.
23 */
5391d806
FB		 24#include "vl.h"
25
5391d806
FB		 26/* debug IDE devices */
27//#define DEBUG_IDE
28//#define DEBUG_IDE_ATAPI
29
30/* Bits of HD_STATUS */
31#define ERR_STAT 0x01
32#define INDEX_STAT 0x02
33#define ECC_STAT 0x04 /* Corrected error */
34#define DRQ_STAT 0x08
35#define SEEK_STAT 0x10
36#define SRV_STAT 0x10
37#define WRERR_STAT 0x20
38#define READY_STAT 0x40
39#define BUSY_STAT 0x80
40
41/* Bits for HD_ERROR */
42#define MARK_ERR 0x01 /* Bad address mark */
43#define TRK0_ERR 0x02 /* couldn't find track 0 */
44#define ABRT_ERR 0x04 /* Command aborted */
45#define MCR_ERR 0x08 /* media change request */
46#define ID_ERR 0x10 /* ID field not found */
47#define MC_ERR 0x20 /* media changed */
48#define ECC_ERR 0x40 /* Uncorrectable ECC error */
49#define BBD_ERR 0x80 /* pre-EIDE meaning: block marked bad */
50#define ICRC_ERR 0x80 /* new meaning: CRC error during transfer */
51
52/* Bits of HD_NSECTOR */
53#define CD 0x01
54#define IO 0x02
55#define REL 0x04
56#define TAG_MASK 0xf8
57
58#define IDE_CMD_RESET 0x04
59#define IDE_CMD_DISABLE_IRQ 0x02
60
61/* ATA/ATAPI Commands pre T13 Spec */
62#define WIN_NOP 0x00
63/*
64 * 0x01->0x02 Reserved
65 */
66#define CFA_REQ_EXT_ERROR_CODE 0x03 /* CFA Request Extended Error Code */
67/*
68 * 0x04->0x07 Reserved
69 */
70#define WIN_SRST 0x08 /* ATAPI soft reset command */
71#define WIN_DEVICE_RESET 0x08
72/*
73 * 0x09->0x0F Reserved
74 */
75#define WIN_RECAL 0x10
76#define WIN_RESTORE WIN_RECAL
77/*
78 * 0x10->0x1F Reserved
79 */
80#define WIN_READ 0x20 /* 28-Bit */
81#define WIN_READ_ONCE 0x21 /* 28-Bit without retries */
82#define WIN_READ_LONG 0x22 /* 28-Bit */
83#define WIN_READ_LONG_ONCE 0x23 /* 28-Bit without retries */
84#define WIN_READ_EXT 0x24 /* 48-Bit */
85#define WIN_READDMA_EXT 0x25 /* 48-Bit */
86#define WIN_READDMA_QUEUED_EXT 0x26 /* 48-Bit */
87#define WIN_READ_NATIVE_MAX_EXT 0x27 /* 48-Bit */
88/*
89 * 0x28
90 */
91#define WIN_MULTREAD_EXT 0x29 /* 48-Bit */
92/*
93 * 0x2A->0x2F Reserved
94 */
95#define WIN_WRITE 0x30 /* 28-Bit */
96#define WIN_WRITE_ONCE 0x31 /* 28-Bit without retries */
97#define WIN_WRITE_LONG 0x32 /* 28-Bit */
98#define WIN_WRITE_LONG_ONCE 0x33 /* 28-Bit without retries */
99#define WIN_WRITE_EXT 0x34 /* 48-Bit */
100#define WIN_WRITEDMA_EXT 0x35 /* 48-Bit */
101#define WIN_WRITEDMA_QUEUED_EXT 0x36 /* 48-Bit */
102#define WIN_SET_MAX_EXT 0x37 /* 48-Bit */
103#define CFA_WRITE_SECT_WO_ERASE 0x38 /* CFA Write Sectors without erase */
104#define WIN_MULTWRITE_EXT 0x39 /* 48-Bit */
105/*
106 * 0x3A->0x3B Reserved
107 */
108#define WIN_WRITE_VERIFY 0x3C /* 28-Bit */
109/*
110 * 0x3D->0x3F Reserved
111 */
112#define WIN_VERIFY 0x40 /* 28-Bit - Read Verify Sectors */
113#define WIN_VERIFY_ONCE 0x41 /* 28-Bit - without retries */
114#define WIN_VERIFY_EXT 0x42 /* 48-Bit */
115/*
116 * 0x43->0x4F Reserved
117 */
118#define WIN_FORMAT 0x50
119/*
120 * 0x51->0x5F Reserved
121 */
122#define WIN_INIT 0x60
123/*
124 * 0x61->0x5F Reserved
125 */
126#define WIN_SEEK 0x70 /* 0x70-0x7F Reserved */
127#define CFA_TRANSLATE_SECTOR 0x87 /* CFA Translate Sector */
128#define WIN_DIAGNOSE 0x90
129#define WIN_SPECIFY 0x91 /* set drive geometry translation */
130#define WIN_DOWNLOAD_MICROCODE 0x92
131#define WIN_STANDBYNOW2 0x94
132#define WIN_STANDBY2 0x96
133#define WIN_SETIDLE2 0x97
134#define WIN_CHECKPOWERMODE2 0x98
135#define WIN_SLEEPNOW2 0x99
136/*
137 * 0x9A VENDOR
138 */
139#define WIN_PACKETCMD 0xA0 /* Send a packet command. */
140#define WIN_PIDENTIFY 0xA1 /* identify ATAPI device */
141#define WIN_QUEUED_SERVICE 0xA2
142#define WIN_SMART 0xB0 /* self-monitoring and reporting */
143#define CFA_ERASE_SECTORS 0xC0
144#define WIN_MULTREAD 0xC4 /* read sectors using multiple mode*/
145#define WIN_MULTWRITE 0xC5 /* write sectors using multiple mode */
146#define WIN_SETMULT 0xC6 /* enable/disable multiple mode */
147#define WIN_READDMA_QUEUED 0xC7 /* read sectors using Queued DMA transfers */
148#define WIN_READDMA 0xC8 /* read sectors using DMA transfers */
149#define WIN_READDMA_ONCE 0xC9 /* 28-Bit - without retries */
150#define WIN_WRITEDMA 0xCA /* write sectors using DMA transfers */
151#define WIN_WRITEDMA_ONCE 0xCB /* 28-Bit - without retries */
152#define WIN_WRITEDMA_QUEUED 0xCC /* write sectors using Queued DMA transfers */
153#define CFA_WRITE_MULTI_WO_ERASE 0xCD /* CFA Write multiple without erase */
154#define WIN_GETMEDIASTATUS 0xDA
155#define WIN_ACKMEDIACHANGE 0xDB /* ATA-1, ATA-2 vendor */
156#define WIN_POSTBOOT 0xDC
157#define WIN_PREBOOT 0xDD
158#define WIN_DOORLOCK 0xDE /* lock door on removable drives */
159#define WIN_DOORUNLOCK 0xDF /* unlock door on removable drives */
160#define WIN_STANDBYNOW1 0xE0
161#define WIN_IDLEIMMEDIATE 0xE1 /* force drive to become "ready" */
162#define WIN_STANDBY 0xE2 /* Set device in Standby Mode */
163#define WIN_SETIDLE1 0xE3
164#define WIN_READ_BUFFER 0xE4 /* force read only 1 sector */
165#define WIN_CHECKPOWERMODE1 0xE5
166#define WIN_SLEEPNOW1 0xE6
167#define WIN_FLUSH_CACHE 0xE7
168#define WIN_WRITE_BUFFER 0xE8 /* force write only 1 sector */
169#define WIN_WRITE_SAME 0xE9 /* read ata-2 to use */
170 /* SET_FEATURES 0x22 or 0xDD */
171#define WIN_FLUSH_CACHE_EXT 0xEA /* 48-Bit */
172#define WIN_IDENTIFY 0xEC /* ask drive to identify itself */
173#define WIN_MEDIAEJECT 0xED
174#define WIN_IDENTIFY_DMA 0xEE /* same as WIN_IDENTIFY, but DMA */
175#define WIN_SETFEATURES 0xEF /* set special drive features */
176#define EXABYTE_ENABLE_NEST 0xF0
177#define WIN_SECURITY_SET_PASS 0xF1
178#define WIN_SECURITY_UNLOCK 0xF2
179#define WIN_SECURITY_ERASE_PREPARE 0xF3
180#define WIN_SECURITY_ERASE_UNIT 0xF4
181#define WIN_SECURITY_FREEZE_LOCK 0xF5
182#define WIN_SECURITY_DISABLE 0xF6
183#define WIN_READ_NATIVE_MAX 0xF8 /* return the native maximum address */
184#define WIN_SET_MAX 0xF9
185#define DISABLE_SEAGATE 0xFB
186
187/* set to 1 set disable mult support */
f66723fa 188#define MAX_MULT_SECTORS 16
5391d806
FB		 189
190/* ATAPI defines */
191
192#define ATAPI_PACKET_SIZE 12
193
194/* The generic packet command opcodes for CD/DVD Logical Units,
195 * From Table 57 of the SFF8090 Ver. 3 (Mt. Fuji) draft standard. */
196#define GPCMD_BLANK 0xa1
197#define GPCMD_CLOSE_TRACK 0x5b
198#define GPCMD_FLUSH_CACHE 0x35
199#define GPCMD_FORMAT_UNIT 0x04
200#define GPCMD_GET_CONFIGURATION 0x46
201#define GPCMD_GET_EVENT_STATUS_NOTIFICATION 0x4a
202#define GPCMD_GET_PERFORMANCE 0xac
203#define GPCMD_INQUIRY 0x12
204#define GPCMD_LOAD_UNLOAD 0xa6
205#define GPCMD_MECHANISM_STATUS 0xbd
206#define GPCMD_MODE_SELECT_10 0x55
207#define GPCMD_MODE_SENSE_10 0x5a
208#define GPCMD_PAUSE_RESUME 0x4b
209#define GPCMD_PLAY_AUDIO_10 0x45
210#define GPCMD_PLAY_AUDIO_MSF 0x47
211#define GPCMD_PLAY_AUDIO_TI 0x48
212#define GPCMD_PLAY_CD 0xbc
213#define GPCMD_PREVENT_ALLOW_MEDIUM_REMOVAL 0x1e
214#define GPCMD_READ_10 0x28
215#define GPCMD_READ_12 0xa8
216#define GPCMD_READ_CDVD_CAPACITY 0x25
217#define GPCMD_READ_CD 0xbe
218#define GPCMD_READ_CD_MSF 0xb9
219#define GPCMD_READ_DISC_INFO 0x51
220#define GPCMD_READ_DVD_STRUCTURE 0xad
221#define GPCMD_READ_FORMAT_CAPACITIES 0x23
222#define GPCMD_READ_HEADER 0x44
223#define GPCMD_READ_TRACK_RZONE_INFO 0x52
224#define GPCMD_READ_SUBCHANNEL 0x42
225#define GPCMD_READ_TOC_PMA_ATIP 0x43
226#define GPCMD_REPAIR_RZONE_TRACK 0x58
227#define GPCMD_REPORT_KEY 0xa4
228#define GPCMD_REQUEST_SENSE 0x03
229#define GPCMD_RESERVE_RZONE_TRACK 0x53
230#define GPCMD_SCAN 0xba
231#define GPCMD_SEEK 0x2b
232#define GPCMD_SEND_DVD_STRUCTURE 0xad
233#define GPCMD_SEND_EVENT 0xa2
234#define GPCMD_SEND_KEY 0xa3
235#define GPCMD_SEND_OPC 0x54
236#define GPCMD_SET_READ_AHEAD 0xa7
237#define GPCMD_SET_STREAMING 0xb6
238#define GPCMD_START_STOP_UNIT 0x1b
239#define GPCMD_STOP_PLAY_SCAN 0x4e
240#define GPCMD_TEST_UNIT_READY 0x00
241#define GPCMD_VERIFY_10 0x2f
242#define GPCMD_WRITE_10 0x2a
243#define GPCMD_WRITE_AND_VERIFY_10 0x2e
244/* This is listed as optional in ATAPI 2.6, but is (curiously)
245 * missing from Mt. Fuji, Table 57. It _is_ mentioned in Mt. Fuji
246 * Table 377 as an MMC command for SCSi devices though... Most ATAPI
247 * drives support it. */
248#define GPCMD_SET_SPEED 0xbb
249/* This seems to be a SCSI specific CD-ROM opcode
250 * to play data at track/index */
251#define GPCMD_PLAYAUDIO_TI 0x48
252/*
253 * From MS Media Status Notification Support Specification. For
254 * older drives only.
255 */
256#define GPCMD_GET_MEDIA_STATUS 0xda
257
258/* Mode page codes for mode sense/set */
259#define GPMODE_R_W_ERROR_PAGE 0x01
260#define GPMODE_WRITE_PARMS_PAGE 0x05
261#define GPMODE_AUDIO_CTL_PAGE 0x0e
262#define GPMODE_POWER_PAGE 0x1a
263#define GPMODE_FAULT_FAIL_PAGE 0x1c
264#define GPMODE_TO_PROTECT_PAGE 0x1d
265#define GPMODE_CAPABILITIES_PAGE 0x2a
266#define GPMODE_ALL_PAGES 0x3f
267/* Not in Mt. Fuji, but in ATAPI 2.6 -- depricated now in favor
268 * of MODE_SENSE_POWER_PAGE */
269#define GPMODE_CDROM_PAGE 0x0d
270
271#define ATAPI_INT_REASON_CD 0x01 /* 0 = data transfer */
272#define ATAPI_INT_REASON_IO 0x02 /* 1 = transfer to the host */
273#define ATAPI_INT_REASON_REL 0x04
274#define ATAPI_INT_REASON_TAG 0xf8
275
276/* same constants as bochs */
7f777bf3 277#define ASC_ILLEGAL_OPCODE 0x20
5391d806
FB		 278#define ASC_LOGICAL_BLOCK_OOR 0x21
279#define ASC_INV_FIELD_IN_CMD_PACKET 0x24
280#define ASC_MEDIUM_NOT_PRESENT 0x3a
281#define ASC_SAVING_PARAMETERS_NOT_SUPPORTED 0x39
282
283#define SENSE_NONE 0
284#define SENSE_NOT_READY 2
285#define SENSE_ILLEGAL_REQUEST 5
286#define SENSE_UNIT_ATTENTION 6
287
288struct IDEState;
289
290typedef void EndTransferFunc(struct IDEState *);
291
caed8802 292/* NOTE: IDEState represents in fact one drive */
5391d806
FB		 293typedef struct IDEState {
294 /* ide config */
295 int is_cdrom;
5391d806
FB		 296 int cylinders, heads, sectors;
297 int64_t nb_sectors;
298 int mult_sectors;
299 int irq;
1ade1de2 300 openpic_t *openpic;
34e538ae 301 PCIDevice *pci_dev;
98087450 302 struct BMDMAState *bmdma;
aedf5382 303 int drive_serial;
5391d806
FB		 304 /* ide regs */
305 uint8_t feature;
306 uint8_t error;
307 uint16_t nsector; /* 0 is 256 to ease computations */
308 uint8_t sector;
309 uint8_t lcyl;
310 uint8_t hcyl;
311 uint8_t select;
312 uint8_t status;
313 /* 0x3f6 command, only meaningful for drive 0 */
314 uint8_t cmd;
315 /* depends on bit 4 in select, only meaningful for drive 0 */
316 struct IDEState *cur_drive;
317 BlockDriverState *bs;
318 /* ATAPI specific */
319 uint8_t sense_key;
320 uint8_t asc;
321 int packet_transfer_size;
322 int elementary_transfer_size;
323 int io_buffer_index;
324 int lba;
98087450
FB		 325 int cd_sector_size;
326 int atapi_dma; /* true if dma is requested for the packet cmd */
327 /* ATA DMA state */
328 int io_buffer_size;
329 /* PIO transfer handling */
5391d806
FB		 330 int req_nb_sectors; /* number of sectors per interrupt */
331 EndTransferFunc *end_transfer_func;
332 uint8_t *data_ptr;
333 uint8_t *data_end;
334 uint8_t io_buffer[MAX_MULT_SECTORS*512 + 4];
335} IDEState;
336
98087450
FB		 337#define BM_STATUS_DMAING 0x01
338#define BM_STATUS_ERROR 0x02
339#define BM_STATUS_INT 0x04
340
341#define BM_CMD_START 0x01
342#define BM_CMD_READ 0x08
343
344typedef int IDEDMAFunc(IDEState *s,
345 target_phys_addr_t phys_addr,
346 int transfer_size1);
347
348typedef struct BMDMAState {
349 uint8_t cmd;
350 uint8_t status;
351 uint32_t addr;
352 /* current transfer state */
353 IDEState *ide_if;
354 IDEDMAFunc *dma_cb;
355} BMDMAState;
356
357typedef struct PCIIDEState {
358 PCIDevice dev;
359 IDEState ide_if[4];
360 BMDMAState bmdma[2];
361} PCIIDEState;
362
363static void ide_dma_start(IDEState *s, IDEDMAFunc *dma_cb);
364
5391d806
FB		 365static void padstr(char *str, const char *src, int len)
366{
367 int i, v;
368 for(i = 0; i < len; i++) {
369 if (*src)
370 v = *src++;
371 else
372 v = ' ';
373 *(char *)((long)str ^ 1) = v;
374 str++;
375 }
376}
377
bd0d90b2
FB		 378static void padstr8(uint8_t *buf, int buf_size, const char *src)
379{
380 int i;
381 for(i = 0; i < buf_size; i++) {
382 if (*src)
383 buf[i] = *src++;
384 else
385 buf[i] = ' ';
386 }
387}
388
67b915a5
FB		 389static void put_le16(uint16_t *p, unsigned int v)
390{
0c4ad8dc 391 *p = cpu_to_le16(v);
67b915a5
FB		 392}
393
5391d806
FB		 394static void ide_identify(IDEState *s)
395{
396 uint16_t *p;
397 unsigned int oldsize;
aedf5382 398 char buf[20];
5391d806
FB		 399
400 memset(s->io_buffer, 0, 512);
401 p = (uint16_t *)s->io_buffer;
67b915a5
FB		 402 put_le16(p + 0, 0x0040);
403 put_le16(p + 1, s->cylinders);
404 put_le16(p + 3, s->heads);
405 put_le16(p + 4, 512 * s->sectors); /* XXX: retired, remove ? */
406 put_le16(p + 5, 512); /* XXX: retired, remove ? */
407 put_le16(p + 6, s->sectors);
aedf5382
FB		 408 snprintf(buf, sizeof(buf), "QM%05d", s->drive_serial);
409 padstr((uint8_t *)(p + 10), buf, 20); /* serial number */
67b915a5
FB		 410 put_le16(p + 20, 3); /* XXX: retired, remove ? */
411 put_le16(p + 21, 512); /* cache size in sectors */
412 put_le16(p + 22, 4); /* ecc bytes */
5391d806
FB		 413 padstr((uint8_t *)(p + 23), QEMU_VERSION, 8); /* firmware version */
414 padstr((uint8_t *)(p + 27), "QEMU HARDDISK", 40); /* model */
415#if MAX_MULT_SECTORS > 1
67b915a5 416 put_le16(p + 47, 0x8000 | MAX_MULT_SECTORS);
5391d806 417#endif
67b915a5
FB		 418 put_le16(p + 48, 1); /* dword I/O */
419 put_le16(p + 49, 1 << 9); /* LBA supported, no DMA */
420 put_le16(p + 51, 0x200); /* PIO transfer cycle */
421 put_le16(p + 52, 0x200); /* DMA transfer cycle */
422 put_le16(p + 53, 1); /* words 54-58 are valid */
423 put_le16(p + 54, s->cylinders);
424 put_le16(p + 55, s->heads);
425 put_le16(p + 56, s->sectors);
5391d806 426 oldsize = s->cylinders * s->heads * s->sectors;
67b915a5
FB		 427 put_le16(p + 57, oldsize);
428 put_le16(p + 58, oldsize >> 16);
5391d806 429 if (s->mult_sectors)
67b915a5
FB		 430 put_le16(p + 59, 0x100 | s->mult_sectors);
431 put_le16(p + 60, s->nb_sectors);
432 put_le16(p + 61, s->nb_sectors >> 16);
433 put_le16(p + 80, (1 << 1) | (1 << 2));
434 put_le16(p + 82, (1 << 14));
435 put_le16(p + 83, (1 << 14));
436 put_le16(p + 84, (1 << 14));
437 put_le16(p + 85, (1 << 14));
438 put_le16(p + 86, 0);
439 put_le16(p + 87, (1 << 14));
5391d806
FB		 440}
441
442static void ide_atapi_identify(IDEState *s)
443{
444 uint16_t *p;
aedf5382 445 char buf[20];
5391d806
FB		 446
447 memset(s->io_buffer, 0, 512);
448 p = (uint16_t *)s->io_buffer;
449 /* Removable CDROM, 50us response, 12 byte packets */
67b915a5 450 put_le16(p + 0, (2 << 14) | (5 << 8) | (1 << 7) | (2 << 5) | (0 << 0));
aedf5382
FB		 451 snprintf(buf, sizeof(buf), "QM%05d", s->drive_serial);
452 padstr((uint8_t *)(p + 10), buf, 20); /* serial number */
67b915a5
FB		 453 put_le16(p + 20, 3); /* buffer type */
454 put_le16(p + 21, 512); /* cache size in sectors */
455 put_le16(p + 22, 4); /* ecc bytes */
5391d806
FB		 456 padstr((uint8_t *)(p + 23), QEMU_VERSION, 8); /* firmware version */
457 padstr((uint8_t *)(p + 27), "QEMU CD-ROM", 40); /* model */
67b915a5
FB		 458 put_le16(p + 48, 1); /* dword I/O (XXX: should not be set on CDROM) */
459 put_le16(p + 49, 1 << 9); /* LBA supported, no DMA */
460 put_le16(p + 53, 3); /* words 64-70, 54-58 valid */
461 put_le16(p + 63, 0x103); /* DMA modes XXX: may be incorrect */
462 put_le16(p + 64, 1); /* PIO modes */
463 put_le16(p + 65, 0xb4); /* minimum DMA multiword tx cycle time */
464 put_le16(p + 66, 0xb4); /* recommended DMA multiword tx cycle time */
465 put_le16(p + 67, 0x12c); /* minimum PIO cycle time without flow control */
466 put_le16(p + 68, 0xb4); /* minimum PIO cycle time with IORDY flow control */
5391d806 467
67b915a5
FB		 468 put_le16(p + 71, 30); /* in ns */
469 put_le16(p + 72, 30); /* in ns */
5391d806 470
67b915a5 471 put_le16(p + 80, 0x1e); /* support up to ATA/ATAPI-4 */
5391d806
FB		 472}
473
474static void ide_set_signature(IDEState *s)
475{
476 s->select &= 0xf0; /* clear head */
477 /* put signature */
478 s->nsector = 1;
479 s->sector = 1;
480 if (s->is_cdrom) {
481 s->lcyl = 0x14;
482 s->hcyl = 0xeb;
483 } else if (s->bs) {
484 s->lcyl = 0;
485 s->hcyl = 0;
486 } else {
487 s->lcyl = 0xff;
488 s->hcyl = 0xff;
489 }
490}
491
492static inline void ide_abort_command(IDEState *s)
493{
494 s->status = READY_STAT | ERR_STAT;
495 s->error = ABRT_ERR;
496}
497
498static inline void ide_set_irq(IDEState *s)
499{
500 if (!(s->cmd & IDE_CMD_DISABLE_IRQ)) {
1ade1de2
FB		 501#ifdef TARGET_PPC
502 if (s->openpic)
503 openpic_set_irq(s->openpic, s->irq, 1);
504 else
505#endif
34e538ae
FB		 506 if (s->irq == 16)
507 pci_set_irq(s->pci_dev, 0, 1);
508 else
509 pic_set_irq(s->irq, 1);
5391d806
FB		 510 }
511}
512
513/* prepare data transfer and tell what to do after */
514static void ide_transfer_start(IDEState *s, uint8_t *buf, int size,
515 EndTransferFunc *end_transfer_func)
516{
517 s->end_transfer_func = end_transfer_func;
518 s->data_ptr = buf;
519 s->data_end = buf + size;
520 s->status |= DRQ_STAT;
521}
522
523static void ide_transfer_stop(IDEState *s)
524{
525 s->end_transfer_func = ide_transfer_stop;
526 s->data_ptr = s->io_buffer;
527 s->data_end = s->io_buffer;
528 s->status &= ~DRQ_STAT;
529}
530
531static int64_t ide_get_sector(IDEState *s)
532{
533 int64_t sector_num;
534 if (s->select & 0x40) {
535 /* lba */
536 sector_num = ((s->select & 0x0f) << 24) | (s->hcyl << 16) |
537 (s->lcyl << 8) | s->sector;
538 } else {
539 sector_num = ((s->hcyl << 8) | s->lcyl) * s->heads * s->sectors +
540 (s->select & 0x0f) * s->sectors +
541 (s->sector - 1);
542 }
543 return sector_num;
544}
545
546static void ide_set_sector(IDEState *s, int64_t sector_num)
547{
548 unsigned int cyl, r;
549 if (s->select & 0x40) {
550 s->select = (s->select & 0xf0) | (sector_num >> 24);
551 s->hcyl = (sector_num >> 16);
552 s->lcyl = (sector_num >> 8);
553 s->sector = (sector_num);
554 } else {
555 cyl = sector_num / (s->heads * s->sectors);
556 r = sector_num % (s->heads * s->sectors);
557 s->hcyl = cyl >> 8;
558 s->lcyl = cyl;
1b8eb456 559 s->select = (s->select & 0xf0) | ((r / s->sectors) & 0x0f);
5391d806
FB		 560 s->sector = (r % s->sectors) + 1;
561 }
562}
563
564static void ide_sector_read(IDEState *s)
565{
566 int64_t sector_num;
567 int ret, n;
568
569 s->status = READY_STAT | SEEK_STAT;
a136e5a8 570 s->error = 0; /* not needed by IDE spec, but needed by Windows */
5391d806
FB		 571 sector_num = ide_get_sector(s);
572 n = s->nsector;
573 if (n == 0) {
574 /* no more sector to read from disk */
575 ide_transfer_stop(s);
576 } else {
577#if defined(DEBUG_IDE)
578 printf("read sector=%Ld\n", sector_num);
579#endif
580 if (n > s->req_nb_sectors)
581 n = s->req_nb_sectors;
582 ret = bdrv_read(s->bs, sector_num, s->io_buffer, n);
583 ide_transfer_start(s, s->io_buffer, 512 * n, ide_sector_read);
584 ide_set_irq(s);
585 ide_set_sector(s, sector_num + n);
586 s->nsector -= n;
587 }
588}
589
98087450
FB		 590static int ide_read_dma_cb(IDEState *s,
591 target_phys_addr_t phys_addr,
592 int transfer_size1)
593{
594 int len, transfer_size, n;
595 int64_t sector_num;
596
597 transfer_size = transfer_size1;
598 while (transfer_size > 0) {
599 len = s->io_buffer_size - s->io_buffer_index;
600 if (len <= 0) {
601 /* transfert next data */
602 n = s->nsector;
603 if (n == 0)
604 break;
605 if (n > MAX_MULT_SECTORS)
606 n = MAX_MULT_SECTORS;
607 sector_num = ide_get_sector(s);
608 bdrv_read(s->bs, sector_num, s->io_buffer, n);
609 s->io_buffer_index = 0;
610 s->io_buffer_size = n * 512;
611 len = s->io_buffer_size;
612 sector_num += n;
613 ide_set_sector(s, sector_num);
614 s->nsector -= n;
615 }
616 if (len > transfer_size)
617 len = transfer_size;
618 cpu_physical_memory_write(phys_addr,
619 s->io_buffer + s->io_buffer_index, len);
620 s->io_buffer_index += len;
621 transfer_size -= len;
622 phys_addr += len;
623 }
624 if (s->io_buffer_index >= s->io_buffer_size && s->nsector == 0) {
625 s->status = READY_STAT | SEEK_STAT;
626 ide_set_irq(s);
627#ifdef DEBUG_IDE_ATAPI
628 printf("dma status=0x%x\n", s->status);
629#endif
630 return 0;
631 }
632 return transfer_size1 - transfer_size;
633}
634
635static void ide_sector_read_dma(IDEState *s)
636{
637 s->status = READY_STAT | SEEK_STAT | DRQ_STAT;
638 s->io_buffer_index = 0;
639 s->io_buffer_size = 0;
640 ide_dma_start(s, ide_read_dma_cb);
641}
642
5391d806
FB		 643static void ide_sector_write(IDEState *s)
644{
645 int64_t sector_num;
646 int ret, n, n1;
647
648 s->status = READY_STAT | SEEK_STAT;
649 sector_num = ide_get_sector(s);
650#if defined(DEBUG_IDE)
651 printf("write sector=%Ld\n", sector_num);
652#endif
653 n = s->nsector;
654 if (n > s->req_nb_sectors)
655 n = s->req_nb_sectors;
656 ret = bdrv_write(s->bs, sector_num, s->io_buffer, n);
657 s->nsector -= n;
658 if (s->nsector == 0) {
659 /* no more sector to write */
660 ide_transfer_stop(s);
661 } else {
662 n1 = s->nsector;
663 if (n1 > s->req_nb_sectors)
664 n1 = s->req_nb_sectors;
665 ide_transfer_start(s, s->io_buffer, 512 * n1, ide_sector_write);
666 }
667 ide_set_sector(s, sector_num + n);
668 ide_set_irq(s);
669}
670
98087450
FB		 671static int ide_write_dma_cb(IDEState *s,
672 target_phys_addr_t phys_addr,
673 int transfer_size1)
674{
675 int len, transfer_size, n;
676 int64_t sector_num;
677
678 transfer_size = transfer_size1;
679 for(;;) {
680 len = s->io_buffer_size - s->io_buffer_index;
681 if (len == 0) {
682 n = s->io_buffer_size >> 9;
683 sector_num = ide_get_sector(s);
684 bdrv_write(s->bs, sector_num, s->io_buffer,
685 s->io_buffer_size >> 9);
686 sector_num += n;
687 ide_set_sector(s, sector_num);
688 s->nsector -= n;
689 n = s->nsector;
690 if (n == 0) {
691 /* end of transfer */
692 s->status = READY_STAT | SEEK_STAT;
693 ide_set_irq(s);
694 return 0;
695 }
696 if (n > MAX_MULT_SECTORS)
697 n = MAX_MULT_SECTORS;
698 s->io_buffer_index = 0;
699 s->io_buffer_size = n * 512;
700 len = s->io_buffer_size;
701 }
702 if (transfer_size <= 0)
703 break;
704 if (len > transfer_size)
705 len = transfer_size;
706 cpu_physical_memory_read(phys_addr,
707 s->io_buffer + s->io_buffer_index, len);
708 s->io_buffer_index += len;
709 transfer_size -= len;
710 phys_addr += len;
711 }
712 return transfer_size1 - transfer_size;
713}
714
715static void ide_sector_write_dma(IDEState *s)
716{
717 int n;
718 s->status = READY_STAT | SEEK_STAT | DRQ_STAT;
719 n = s->nsector;
720 if (n > MAX_MULT_SECTORS)
721 n = MAX_MULT_SECTORS;
722 s->io_buffer_index = 0;
723 s->io_buffer_size = n * 512;
724 ide_dma_start(s, ide_write_dma_cb);
725}
726
5391d806
FB		 727static void ide_atapi_cmd_ok(IDEState *s)
728{
729 s->error = 0;
730 s->status = READY_STAT;
731 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
732 ide_set_irq(s);
733}
734
735static void ide_atapi_cmd_error(IDEState *s, int sense_key, int asc)
736{
737#ifdef DEBUG_IDE_ATAPI
738 printf("atapi_cmd_error: sense=0x%x asc=0x%x\n", sense_key, asc);
739#endif
740 s->error = sense_key << 4;
741 s->status = READY_STAT | ERR_STAT;
742 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
743 s->sense_key = sense_key;
744 s->asc = asc;
745 ide_set_irq(s);
746}
747
748static inline void cpu_to_ube16(uint8_t *buf, int val)
749{
750 buf[0] = val >> 8;
751 buf[1] = val;
752}
753
754static inline void cpu_to_ube32(uint8_t *buf, unsigned int val)
755{
756 buf[0] = val >> 24;
757 buf[1] = val >> 16;
758 buf[2] = val >> 8;
759 buf[3] = val;
760}
761
762static inline int ube16_to_cpu(const uint8_t *buf)
763{
764 return (buf[0] << 8) | buf[1];
765}
766
767static inline int ube32_to_cpu(const uint8_t *buf)
768{
769 return (buf[0] << 24) | (buf[1] << 16) | (buf[2] << 8) | buf[3];
770}
771
98087450
FB		 772static void lba_to_msf(uint8_t *buf, int lba)
773{
774 lba += 150;
775 buf[0] = (lba / 75) / 60;
776 buf[1] = (lba / 75) % 60;
777 buf[2] = lba % 75;
778}
779
780static void cd_read_sector(BlockDriverState *bs, int lba, uint8_t *buf,
781 int sector_size)
782{
783 switch(sector_size) {
784 case 2048:
785 bdrv_read(bs, (int64_t)lba << 2, buf, 4);
786 break;
787 case 2352:
788 /* sync bytes */
789 buf[0] = 0x00;
790 memset(buf + 1, 0xff, 11);
791 buf += 12;
792 /* MSF */
793 lba_to_msf(buf, lba);
794 buf[3] = 0x01; /* mode 1 data */
795 buf += 4;
796 /* data */
797 bdrv_read(bs, (int64_t)lba << 2, buf, 4);
798 buf += 2048;
799 /* ECC */
800 memset(buf, 0, 288);
801 break;
802 default:
803 break;
804 }
805}
806
5391d806
FB		 807/* The whole ATAPI transfer logic is handled in this function */
808static void ide_atapi_cmd_reply_end(IDEState *s)
809{
810 int byte_count_limit, size;
811#ifdef DEBUG_IDE_ATAPI
812 printf("reply: tx_size=%d elem_tx_size=%d index=%d\n",
813 s->packet_transfer_size,
814 s->elementary_transfer_size,
815 s->io_buffer_index);
816#endif
817 if (s->packet_transfer_size <= 0) {
818 /* end of transfer */
819 ide_transfer_stop(s);
820 s->status = READY_STAT;
821 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
822 ide_set_irq(s);
823#ifdef DEBUG_IDE_ATAPI
824 printf("status=0x%x\n", s->status);
825#endif
826 } else {
827 /* see if a new sector must be read */
98087450
FB		 828 if (s->lba != -1 && s->io_buffer_index >= s->cd_sector_size) {
829 cd_read_sector(s->bs, s->lba, s->io_buffer, s->cd_sector_size);
5391d806
FB		 830 s->lba++;
831 s->io_buffer_index = 0;
832 }
833 if (s->elementary_transfer_size > 0) {
834 /* there are some data left to transmit in this elementary
835 transfer */
98087450 836 size = s->cd_sector_size - s->io_buffer_index;
5391d806
FB		 837 if (size > s->elementary_transfer_size)
838 size = s->elementary_transfer_size;
839 ide_transfer_start(s, s->io_buffer + s->io_buffer_index,
840 size, ide_atapi_cmd_reply_end);
841 s->packet_transfer_size -= size;
842 s->elementary_transfer_size -= size;
843 s->io_buffer_index += size;
844 } else {
845 /* a new transfer is needed */
846 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO;
847 byte_count_limit = s->lcyl | (s->hcyl << 8);
848#ifdef DEBUG_IDE_ATAPI
849 printf("byte_count_limit=%d\n", byte_count_limit);
850#endif
851 if (byte_count_limit == 0xffff)
852 byte_count_limit--;
853 size = s->packet_transfer_size;
854 if (size > byte_count_limit) {
855 /* byte count limit must be even if this case */
856 if (byte_count_limit & 1)
857 byte_count_limit--;
858 size = byte_count_limit;
5391d806 859 }
a136e5a8
FB		 860 s->lcyl = size;
861 s->hcyl = size >> 8;
5391d806
FB		 862 s->elementary_transfer_size = size;
863 /* we cannot transmit more than one sector at a time */
864 if (s->lba != -1) {
98087450
FB		 865 if (size > (s->cd_sector_size - s->io_buffer_index))
866 size = (s->cd_sector_size - s->io_buffer_index);
5391d806
FB		 867 }
868 ide_transfer_start(s, s->io_buffer + s->io_buffer_index,
869 size, ide_atapi_cmd_reply_end);
870 s->packet_transfer_size -= size;
871 s->elementary_transfer_size -= size;
872 s->io_buffer_index += size;
873 ide_set_irq(s);
874#ifdef DEBUG_IDE_ATAPI
875 printf("status=0x%x\n", s->status);
876#endif
877 }
878 }
879}
880
881/* send a reply of 'size' bytes in s->io_buffer to an ATAPI command */
882static void ide_atapi_cmd_reply(IDEState *s, int size, int max_size)
883{
884 if (size > max_size)
885 size = max_size;
886 s->lba = -1; /* no sector read */
887 s->packet_transfer_size = size;
888 s->elementary_transfer_size = 0;
889 s->io_buffer_index = 0;
890
891 s->status = READY_STAT;
892 ide_atapi_cmd_reply_end(s);
893}
894
895/* start a CD-CDROM read command */
98087450
FB		 896static void ide_atapi_cmd_read_pio(IDEState *s, int lba, int nb_sectors,
897 int sector_size)
5391d806 898{
5391d806 899 s->lba = lba;
98087450 900 s->packet_transfer_size = nb_sectors * sector_size;
5391d806 901 s->elementary_transfer_size = 0;
98087450
FB		 902 s->io_buffer_index = sector_size;
903 s->cd_sector_size = sector_size;
5391d806
FB		 904
905 s->status = READY_STAT;
906 ide_atapi_cmd_reply_end(s);
907}
908
98087450
FB		 909/* ATAPI DMA support */
910static int ide_atapi_cmd_read_dma_cb(IDEState *s,
911 target_phys_addr_t phys_addr,
912 int transfer_size1)
913{
914 int len, transfer_size;
915
916 transfer_size = transfer_size1;
917 while (transfer_size > 0) {
918 if (s->packet_transfer_size <= 0)
919 break;
920 len = s->cd_sector_size - s->io_buffer_index;
921 if (len <= 0) {
922 /* transfert next data */
923 cd_read_sector(s->bs, s->lba, s->io_buffer, s->cd_sector_size);
924 s->lba++;
925 s->io_buffer_index = 0;
926 len = s->cd_sector_size;
927 }
928 if (len > transfer_size)
929 len = transfer_size;
930 cpu_physical_memory_write(phys_addr,
931 s->io_buffer + s->io_buffer_index, len);
932 s->packet_transfer_size -= len;
933 s->io_buffer_index += len;
934 transfer_size -= len;
935 phys_addr += len;
936 }
937 if (s->packet_transfer_size <= 0) {
938 s->status = READY_STAT;
939 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
940 ide_set_irq(s);
941#ifdef DEBUG_IDE_ATAPI
942 printf("dma status=0x%x\n", s->status);
943#endif
944 return 0;
945 }
946 return transfer_size1 - transfer_size;
947}
948
949/* start a CD-CDROM read command with DMA */
950/* XXX: test if DMA is available */
951static void ide_atapi_cmd_read_dma(IDEState *s, int lba, int nb_sectors,
952 int sector_size)
953{
954 s->lba = lba;
955 s->packet_transfer_size = nb_sectors * sector_size;
956 s->io_buffer_index = sector_size;
957 s->cd_sector_size = sector_size;
958
959 s->status = READY_STAT | DRQ_STAT;
960 ide_dma_start(s, ide_atapi_cmd_read_dma_cb);
961}
962
963static void ide_atapi_cmd_read(IDEState *s, int lba, int nb_sectors,
964 int sector_size)
965{
966#ifdef DEBUG_IDE_ATAPI
967 printf("read: LBA=%d nb_sectors=%d\n", lba, nb_sectors);
968#endif
969 if (s->atapi_dma) {
970 ide_atapi_cmd_read_dma(s, lba, nb_sectors, sector_size);
971 } else {
972 ide_atapi_cmd_read_pio(s, lba, nb_sectors, sector_size);
973 }
974}
975
5391d806 976/* same toc as bochs. Return -1 if error or the toc length */
98087450 977/* XXX: check this */
5391d806
FB		 978static int cdrom_read_toc(IDEState *s, uint8_t *buf, int msf, int start_track)
979{
980 uint8_t *q;
981 int nb_sectors, len;
982
983 if (start_track > 1 && start_track != 0xaa)
984 return -1;
985 q = buf + 2;
98087450
FB		 986 *q++ = 1; /* first session */
987 *q++ = 1; /* last session */
5391d806
FB		 988 if (start_track <= 1) {
989 *q++ = 0; /* reserved */
990 *q++ = 0x14; /* ADR, control */
991 *q++ = 1; /* track number */
992 *q++ = 0; /* reserved */
993 if (msf) {
994 *q++ = 0; /* reserved */
995 *q++ = 0; /* minute */
996 *q++ = 2; /* second */
997 *q++ = 0; /* frame */
998 } else {
999 /* sector 0 */
1000 cpu_to_ube32(q, 0);
1001 q += 4;
1002 }
1003 }
1004 /* lead out track */
1005 *q++ = 0; /* reserved */
1006 *q++ = 0x16; /* ADR, control */
1007 *q++ = 0xaa; /* track number */
1008 *q++ = 0; /* reserved */
1009 nb_sectors = s->nb_sectors >> 2;
1010 if (msf) {
1011 *q++ = 0; /* reserved */
98087450
FB		 1012 lba_to_msf(q, nb_sectors);
1013 q += 3;
1014 } else {
1015 cpu_to_ube32(q, nb_sectors);
1016 q += 4;
1017 }
1018 len = q - buf;
1019 cpu_to_ube16(buf, len - 2);
1020 return len;
1021}
1022
1023/* mostly same info as PearPc */
1024static int cdrom_read_toc_raw(IDEState *s, uint8_t *buf, int msf,
1025 int session_num)
1026{
1027 uint8_t *q;
1028 int nb_sectors, len;
1029
1030 q = buf + 2;
1031 *q++ = 1; /* first session */
1032 *q++ = 1; /* last session */
1033
1034 *q++ = 1; /* session number */
1035 *q++ = 0x14; /* data track */
1036 *q++ = 0; /* track number */
1037 *q++ = 0xa0; /* lead-in */
1038 *q++ = 0; /* min */
1039 *q++ = 0; /* sec */
1040 *q++ = 0; /* frame */
1041 *q++ = 0;
1042 *q++ = 1; /* first track */
1043 *q++ = 0x00; /* disk type */
1044 *q++ = 0x00;
1045
1046 *q++ = 1; /* session number */
1047 *q++ = 0x14; /* data track */
1048 *q++ = 0; /* track number */
1049 *q++ = 0xa1;
1050 *q++ = 0; /* min */
1051 *q++ = 0; /* sec */
1052 *q++ = 0; /* frame */
1053 *q++ = 0;
1054 *q++ = 1; /* last track */
1055 *q++ = 0x00;
1056 *q++ = 0x00;
1057
1058 *q++ = 1; /* session number */
1059 *q++ = 0x14; /* data track */
1060 *q++ = 0; /* track number */
1061 *q++ = 0xa2; /* lead-out */
1062 *q++ = 0; /* min */
1063 *q++ = 0; /* sec */
1064 *q++ = 0; /* frame */
1065 nb_sectors = s->nb_sectors >> 2;
1066 if (msf) {
1067 *q++ = 0; /* reserved */
1068 lba_to_msf(q, nb_sectors);
1069 q += 3;
5391d806
FB		 1070 } else {
1071 cpu_to_ube32(q, nb_sectors);
1072 q += 4;
1073 }
98087450
FB		 1074
1075 *q++ = 1; /* session number */
1076 *q++ = 0x14; /* ADR, control */
1077 *q++ = 0; /* track number */
1078 *q++ = 1; /* point */
1079 *q++ = 0; /* min */
1080 *q++ = 0; /* sec */
1081 *q++ = 0; /* frame */
1082 *q++ = 0;
1083 *q++ = 0;
1084 *q++ = 0;
1085 *q++ = 0;
1086
5391d806
FB		 1087 len = q - buf;
1088 cpu_to_ube16(buf, len - 2);
1089 return len;
1090}
1091
1092static void ide_atapi_cmd(IDEState *s)
1093{
1094 const uint8_t *packet;
1095 uint8_t *buf;
1096 int max_len;
1097
1098 packet = s->io_buffer;
1099 buf = s->io_buffer;
1100#ifdef DEBUG_IDE_ATAPI
1101 {
1102 int i;
1103 printf("ATAPI limit=0x%x packet:", s->lcyl | (s->hcyl << 8));
1104 for(i = 0; i < ATAPI_PACKET_SIZE; i++) {
1105 printf(" %02x", packet[i]);
1106 }
1107 printf("\n");
1108 }
1109#endif
1110 switch(s->io_buffer[0]) {
1111 case GPCMD_TEST_UNIT_READY:
caed8802 1112 if (bdrv_is_inserted(s->bs)) {
5391d806
FB		 1113 ide_atapi_cmd_ok(s);
1114 } else {
1115 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1116 ASC_MEDIUM_NOT_PRESENT);
1117 }
1118 break;
1119 case GPCMD_MODE_SENSE_10:
1120 {
1121 int action, code;
1122 max_len = ube16_to_cpu(packet + 7);
1123 action = packet[2] >> 6;
1124 code = packet[2] & 0x3f;
1125 switch(action) {
1126 case 0: /* current values */
1127 switch(code) {
1128 case 0x01: /* error recovery */
1129 cpu_to_ube16(&buf[0], 16 + 6);
1130 buf[2] = 0x70;
1131 buf[3] = 0;
1132 buf[4] = 0;
1133 buf[5] = 0;
1134 buf[6] = 0;
1135 buf[7] = 0;
1136
1137 buf[8] = 0x01;
1138 buf[9] = 0x06;
1139 buf[10] = 0x00;
1140 buf[11] = 0x05;
1141 buf[12] = 0x00;
1142 buf[13] = 0x00;
1143 buf[14] = 0x00;
1144 buf[15] = 0x00;
1145 ide_atapi_cmd_reply(s, 16, max_len);
1146 break;
1147 case 0x2a:
1148 cpu_to_ube16(&buf[0], 28 + 6);
1149 buf[2] = 0x70;
1150 buf[3] = 0;
1151 buf[4] = 0;
1152 buf[5] = 0;
1153 buf[6] = 0;
1154 buf[7] = 0;
1155
1156 buf[8] = 0x2a;
1157 buf[9] = 0x12;
1158 buf[10] = 0x00;
1159 buf[11] = 0x00;
1160
1161 buf[12] = 0x70;
1162 buf[13] = 3 << 5;
1163 buf[14] = (1 << 0) | (1 << 3) | (1 << 5);
caed8802 1164 if (bdrv_is_locked(s->bs))
5391d806
FB		 1165 buf[6] |= 1 << 1;
1166 buf[15] = 0x00;
1167 cpu_to_ube16(&buf[16], 706);
1168 buf[18] = 0;
1169 buf[19] = 2;
1170 cpu_to_ube16(&buf[20], 512);
1171 cpu_to_ube16(&buf[22], 706);
1172 buf[24] = 0;
1173 buf[25] = 0;
1174 buf[26] = 0;
1175 buf[27] = 0;
1176 ide_atapi_cmd_reply(s, 28, max_len);
1177 break;
1178 default:
1179 goto error_cmd;
1180 }
1181 break;
1182 case 1: /* changeable values */
1183 goto error_cmd;
1184 case 2: /* default values */
1185 goto error_cmd;
1186 default:
1187 case 3: /* saved values */
1188 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1189 ASC_SAVING_PARAMETERS_NOT_SUPPORTED);
1190 break;
1191 }
1192 }
1193 break;
1194 case GPCMD_REQUEST_SENSE:
1195 max_len = packet[4];
1196 memset(buf, 0, 18);
1197 buf[0] = 0x70 | (1 << 7);
1198 buf[2] = s->sense_key;
1199 buf[7] = 10;
1200 buf[12] = s->asc;
1201 ide_atapi_cmd_reply(s, 18, max_len);
1202 break;
1203 case GPCMD_PREVENT_ALLOW_MEDIUM_REMOVAL:
caed8802
FB		 1204 if (bdrv_is_inserted(s->bs)) {
1205 bdrv_set_locked(s->bs, packet[4] & 1);
5391d806
FB		 1206 ide_atapi_cmd_ok(s);
1207 } else {
1208 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1209 ASC_MEDIUM_NOT_PRESENT);
1210 }
1211 break;
1212 case GPCMD_READ_10:
1213 case GPCMD_READ_12:
1214 {
1215 int nb_sectors, lba;
1216
caed8802 1217 if (!bdrv_is_inserted(s->bs)) {
5391d806
FB		 1218 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1219 ASC_MEDIUM_NOT_PRESENT);
1220 break;
1221 }
1222 if (packet[0] == GPCMD_READ_10)
1223 nb_sectors = ube16_to_cpu(packet + 7);
1224 else
1225 nb_sectors = ube32_to_cpu(packet + 6);
1226 lba = ube32_to_cpu(packet + 2);
1227 if (nb_sectors == 0) {
1228 ide_atapi_cmd_ok(s);
1229 break;
1230 }
1231 if (((int64_t)(lba + nb_sectors) << 2) > s->nb_sectors) {
1232 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1233 ASC_LOGICAL_BLOCK_OOR);
1234 break;
1235 }
98087450
FB		 1236 ide_atapi_cmd_read(s, lba, nb_sectors, 2048);
1237 }
1238 break;
1239 case GPCMD_READ_CD:
1240 {
1241 int nb_sectors, lba, transfer_request;
1242
1243 if (!bdrv_is_inserted(s->bs)) {
1244 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1245 ASC_MEDIUM_NOT_PRESENT);
1246 break;
1247 }
1248 nb_sectors = (packet[6] << 16) | (packet[7] << 8) | packet[8];
1249 lba = ube32_to_cpu(packet + 2);
1250 if (nb_sectors == 0) {
1251 ide_atapi_cmd_ok(s);
1252 break;
1253 }
1254 if (((int64_t)(lba + nb_sectors) << 2) > s->nb_sectors) {
1255 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1256 ASC_LOGICAL_BLOCK_OOR);
1257 break;
1258 }
1259 transfer_request = packet[9];
1260 switch(transfer_request & 0xf8) {
1261 case 0x00:
1262 /* nothing */
1263 ide_atapi_cmd_ok(s);
1264 break;
1265 case 0x10:
1266 /* normal read */
1267 ide_atapi_cmd_read(s, lba, nb_sectors, 2048);
1268 break;
1269 case 0xf8:
1270 /* read all data */
1271 ide_atapi_cmd_read(s, lba, nb_sectors, 2352);
1272 break;
1273 default:
1274 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1275 ASC_INV_FIELD_IN_CMD_PACKET);
1276 break;
1277 }
5391d806
FB		 1278 }
1279 break;
1280 case GPCMD_SEEK:
1281 {
1282 int lba;
caed8802 1283 if (!bdrv_is_inserted(s->bs)) {
5391d806
FB		 1284 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1285 ASC_MEDIUM_NOT_PRESENT);
1286 break;
1287 }
1288 lba = ube32_to_cpu(packet + 2);
1289 if (((int64_t)lba << 2) > s->nb_sectors) {
1290 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1291 ASC_LOGICAL_BLOCK_OOR);
1292 break;
1293 }
1294 ide_atapi_cmd_ok(s);
1295 }
1296 break;
1297 case GPCMD_START_STOP_UNIT:
1298 {
1299 int start, eject;
1300 start = packet[4] & 1;
1301 eject = (packet[4] >> 1) & 1;
1302
caed8802
FB		 1303 if (eject && !start) {
1304 /* eject the disk */
1305 bdrv_close(s->bs);
1306 }
5391d806
FB		 1307 ide_atapi_cmd_ok(s);
1308 }
1309 break;
1310 case GPCMD_MECHANISM_STATUS:
1311 {
1312 max_len = ube16_to_cpu(packet + 8);
1313 cpu_to_ube16(buf, 0);
1314 /* no current LBA */
1315 buf[2] = 0;
1316 buf[3] = 0;
1317 buf[4] = 0;
1318 buf[5] = 1;
1319 cpu_to_ube16(buf + 6, 0);
1320 ide_atapi_cmd_reply(s, 8, max_len);
1321 }
1322 break;
1323 case GPCMD_READ_TOC_PMA_ATIP:
1324 {
1325 int format, msf, start_track, len;
1326
caed8802 1327 if (!bdrv_is_inserted(s->bs)) {
5391d806
FB		 1328 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1329 ASC_MEDIUM_NOT_PRESENT);
1330 break;
1331 }
1332 max_len = ube16_to_cpu(packet + 7);
1333 format = packet[9] >> 6;
1334 msf = (packet[1] >> 1) & 1;
1335 start_track = packet[6];
1336 switch(format) {
1337 case 0:
1338 len = cdrom_read_toc(s, buf, msf, start_track);
1339 if (len < 0)
1340 goto error_cmd;
1341 ide_atapi_cmd_reply(s, len, max_len);
1342 break;
1343 case 1:
1344 /* multi session : only a single session defined */
1345 memset(buf, 0, 12);
1346 buf[1] = 0x0a;
1347 buf[2] = 0x01;
1348 buf[3] = 0x01;
1349 ide_atapi_cmd_reply(s, 12, max_len);
1350 break;
98087450
FB		 1351 case 2:
1352 len = cdrom_read_toc_raw(s, buf, msf, start_track);
1353 if (len < 0)
1354 goto error_cmd;
1355 ide_atapi_cmd_reply(s, len, max_len);
1356 break;
5391d806 1357 default:
7f777bf3
FB		 1358 error_cmd:
1359 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1360 ASC_INV_FIELD_IN_CMD_PACKET);
1361 break;
5391d806
FB		 1362 }
1363 }
1364 break;
1365 case GPCMD_READ_CDVD_CAPACITY:
caed8802 1366 if (!bdrv_is_inserted(s->bs)) {
5391d806
FB		 1367 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1368 ASC_MEDIUM_NOT_PRESENT);
1369 break;
1370 }
1371 /* NOTE: it is really the number of sectors minus 1 */
1372 cpu_to_ube32(buf, (s->nb_sectors >> 2) - 1);
1373 cpu_to_ube32(buf + 4, 2048);
1374 ide_atapi_cmd_reply(s, 8, 8);
1375 break;
bd0d90b2
FB		 1376 case GPCMD_INQUIRY:
1377 max_len = packet[4];
1378 buf[0] = 0x05; /* CD-ROM */
1379 buf[1] = 0x80; /* removable */
1380 buf[2] = 0x00; /* ISO */
1381 buf[3] = 0x21; /* ATAPI-2 (XXX: put ATAPI-4 ?) */
1382 buf[4] = 31; /* additionnal length */
1383 buf[5] = 0; /* reserved */
1384 buf[6] = 0; /* reserved */
1385 buf[7] = 0; /* reserved */
1386 padstr8(buf + 8, 8, "QEMU");
1387 padstr8(buf + 16, 16, "QEMU CD-ROM");
1388 padstr8(buf + 32, 4, QEMU_VERSION);
1389 ide_atapi_cmd_reply(s, 36, max_len);
1390 break;
5391d806 1391 default:
5391d806 1392 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
7f777bf3 1393 ASC_ILLEGAL_OPCODE);
5391d806
FB		 1394 break;
1395 }
1396}
1397
caed8802
FB		 1398/* called when the inserted state of the media has changed */
1399static void cdrom_change_cb(void *opaque)
5391d806 1400{
caed8802
FB		 1401 IDEState *s = opaque;
1402 int64_t nb_sectors;
1403
1404 /* XXX: send interrupt too */
1405 bdrv_get_geometry(s->bs, &nb_sectors);
1406 s->nb_sectors = nb_sectors;
1407}
1408
1409static void ide_ioport_write(void *opaque, uint32_t addr, uint32_t val)
1410{
1411 IDEState *ide_if = opaque;
c45c3d00 1412 IDEState *s;
5391d806
FB		 1413 int unit, n;
1414
1415#ifdef DEBUG_IDE
1416 printf("IDE: write addr=0x%x val=0x%02x\n", addr, val);
1417#endif
1418 addr &= 7;
1419 switch(addr) {
1420 case 0:
1421 break;
1422 case 1:
c45c3d00
FB		 1423 /* NOTE: data is written to the two drives */
1424 ide_if[0].feature = val;
1425 ide_if[1].feature = val;
5391d806
FB		 1426 break;
1427 case 2:
1428 if (val == 0)
1429 val = 256;
c45c3d00
FB		 1430 ide_if[0].nsector = val;
1431 ide_if[1].nsector = val;
5391d806
FB		 1432 break;
1433 case 3:
c45c3d00
FB		 1434 ide_if[0].sector = val;
1435 ide_if[1].sector = val;
5391d806
FB		 1436 break;
1437 case 4:
c45c3d00
FB		 1438 ide_if[0].lcyl = val;
1439 ide_if[1].lcyl = val;
5391d806
FB		 1440 break;
1441 case 5:
c45c3d00
FB		 1442 ide_if[0].hcyl = val;
1443 ide_if[1].hcyl = val;
5391d806
FB		 1444 break;
1445 case 6:
7ae98627
FB		 1446 ide_if[0].select = (val & ~0x10) | 0xa0;
1447 ide_if[1].select = (val | 0x10) | 0xa0;
5391d806
FB		 1448 /* select drive */
1449 unit = (val >> 4) & 1;
1450 s = ide_if + unit;
1451 ide_if->cur_drive = s;
5391d806
FB		 1452 break;
1453 default:
1454 case 7:
1455 /* command */
1456#if defined(DEBUG_IDE)
1457 printf("ide: CMD=%02x\n", val);
1458#endif
c45c3d00 1459 s = ide_if->cur_drive;
66201e2d
FB		 1460 /* ignore commands to non existant slave */
1461 if (s != ide_if && !s->bs)
1462 break;
5391d806
FB		 1463 switch(val) {
1464 case WIN_IDENTIFY:
1465 if (s->bs && !s->is_cdrom) {
1466 ide_identify(s);
2a282056 1467 s->status = READY_STAT | SEEK_STAT;
5391d806
FB		 1468 ide_transfer_start(s, s->io_buffer, 512, ide_transfer_stop);
1469 } else {
1470 if (s->is_cdrom) {
1471 ide_set_signature(s);
1472 }
1473 ide_abort_command(s);
1474 }
1475 ide_set_irq(s);
1476 break;
1477 case WIN_SPECIFY:
1478 case WIN_RECAL:
a136e5a8 1479 s->error = 0;
769bec72 1480 s->status = READY_STAT | SEEK_STAT;
5391d806
FB		 1481 ide_set_irq(s);
1482 break;
1483 case WIN_SETMULT:
1484 if (s->nsector > MAX_MULT_SECTORS ||
1485 s->nsector == 0 ||
1486 (s->nsector & (s->nsector - 1)) != 0) {
1487 ide_abort_command(s);
1488 } else {
1489 s->mult_sectors = s->nsector;
1490 s->status = READY_STAT;
1491 }
1492 ide_set_irq(s);
1493 break;
4ce900b4
FB		 1494 case WIN_VERIFY:
1495 case WIN_VERIFY_ONCE:
1496 /* do sector number check ? */
1497 s->status = READY_STAT;
1498 ide_set_irq(s);
1499 break;
5391d806
FB		 1500 case WIN_READ:
1501 case WIN_READ_ONCE:
6b136f9e
FB		 1502 if (!s->bs)
1503 goto abort_cmd;
5391d806
FB		 1504 s->req_nb_sectors = 1;
1505 ide_sector_read(s);
1506 break;
1507 case WIN_WRITE:
1508 case WIN_WRITE_ONCE:
a136e5a8 1509 s->error = 0;
f66723fa 1510 s->status = SEEK_STAT | READY_STAT;
5391d806
FB		 1511 s->req_nb_sectors = 1;
1512 ide_transfer_start(s, s->io_buffer, 512, ide_sector_write);
1513 break;
1514 case WIN_MULTREAD:
1515 if (!s->mult_sectors)
1516 goto abort_cmd;
1517 s->req_nb_sectors = s->mult_sectors;
1518 ide_sector_read(s);
1519 break;
1520 case WIN_MULTWRITE:
1521 if (!s->mult_sectors)
1522 goto abort_cmd;
a136e5a8 1523 s->error = 0;
f66723fa 1524 s->status = SEEK_STAT | READY_STAT;
5391d806
FB		 1525 s->req_nb_sectors = s->mult_sectors;
1526 n = s->nsector;
1527 if (n > s->req_nb_sectors)
1528 n = s->req_nb_sectors;
1529 ide_transfer_start(s, s->io_buffer, 512 * n, ide_sector_write);
1530 break;
98087450
FB		 1531 case WIN_READDMA:
1532 case WIN_READDMA_ONCE:
1533 if (!s->bs)
1534 goto abort_cmd;
1535 ide_sector_read_dma(s);
1536 break;
1537 case WIN_WRITEDMA:
1538 case WIN_WRITEDMA_ONCE:
1539 if (!s->bs)
1540 goto abort_cmd;
1541 ide_sector_write_dma(s);
1542 break;
5391d806
FB		 1543 case WIN_READ_NATIVE_MAX:
1544 ide_set_sector(s, s->nb_sectors - 1);
1545 s->status = READY_STAT;
1546 ide_set_irq(s);
1547 break;
a136e5a8
FB		 1548 case WIN_CHECKPOWERMODE1:
1549 s->nsector = 0xff; /* device active or idle */
1550 s->status = READY_STAT;
1551 ide_set_irq(s);
1552 break;
34e538ae
FB		 1553 case WIN_SETFEATURES:
1554 if (!s->bs)
1555 goto abort_cmd;
1556 /* XXX: valid for CDROM ? */
1557 switch(s->feature) {
1558 case 0x02: /* write cache enable */
98087450 1559 case 0x03: /* set transfer mode */
34e538ae
FB		 1560 case 0x82: /* write cache disable */
1561 case 0xaa: /* read look-ahead enable */
1562 case 0x55: /* read look-ahead disable */
1563 s->status = READY_STAT;
1564 ide_set_irq(s);
1565 break;
1566 default:
1567 goto abort_cmd;
1568 }
1569 break;
a7dfe172
FB		 1570 case WIN_STANDBYNOW1:
1571 s->status = READY_STAT;
1572 ide_set_irq(s);
1573 break;
5391d806
FB		 1574 /* ATAPI commands */
1575 case WIN_PIDENTIFY:
1576 if (s->is_cdrom) {
1577 ide_atapi_identify(s);
1578 s->status = READY_STAT;
1579 ide_transfer_start(s, s->io_buffer, 512, ide_transfer_stop);
1580 } else {
1581 ide_abort_command(s);
1582 }
1583 ide_set_irq(s);
1584 break;
1585 case WIN_SRST:
1586 if (!s->is_cdrom)
1587 goto abort_cmd;
1588 ide_set_signature(s);
6b136f9e 1589 s->status = 0x00; /* NOTE: READY is _not_ set */
5391d806
FB		 1590 s->error = 0x01;
1591 break;
1592 case WIN_PACKETCMD:
1593 if (!s->is_cdrom)
1594 goto abort_cmd;
98087450
FB		 1595 /* overlapping commands not supported */
1596 if (s->feature & 0x02)
5391d806 1597 goto abort_cmd;
98087450 1598 s->atapi_dma = s->feature & 1;
5391d806
FB		 1599 s->nsector = 1;
1600 ide_transfer_start(s, s->io_buffer, ATAPI_PACKET_SIZE,
1601 ide_atapi_cmd);
1602 break;
1603 default:
1604 abort_cmd:
1605 ide_abort_command(s);
1606 ide_set_irq(s);
1607 break;
1608 }
1609 }
1610}
1611
caed8802 1612static uint32_t ide_ioport_read(void *opaque, uint32_t addr1)
5391d806 1613{
7ae98627
FB		 1614 IDEState *ide_if = opaque;
1615 IDEState *s = ide_if->cur_drive;
5391d806
FB		 1616 uint32_t addr;
1617 int ret;
1618
1619 addr = addr1 & 7;
1620 switch(addr) {
1621 case 0:
1622 ret = 0xff;
1623 break;
1624 case 1:
7ae98627 1625 if (!ide_if[0].bs && !ide_if[1].bs)
c45c3d00
FB		 1626 ret = 0;
1627 else
1628 ret = s->error;
5391d806
FB		 1629 break;
1630 case 2:
7ae98627 1631 if (!ide_if[0].bs && !ide_if[1].bs)
c45c3d00
FB		 1632 ret = 0;
1633 else
1634 ret = s->nsector & 0xff;
5391d806
FB		 1635 break;
1636 case 3:
7ae98627 1637 if (!ide_if[0].bs && !ide_if[1].bs)
c45c3d00
FB		 1638 ret = 0;
1639 else
1640 ret = s->sector;
5391d806
FB		 1641 break;
1642 case 4:
7ae98627 1643 if (!ide_if[0].bs && !ide_if[1].bs)
c45c3d00
FB		 1644 ret = 0;
1645 else
1646 ret = s->lcyl;
5391d806
FB		 1647 break;
1648 case 5:
7ae98627 1649 if (!ide_if[0].bs && !ide_if[1].bs)
c45c3d00
FB		 1650 ret = 0;
1651 else
1652 ret = s->hcyl;
5391d806
FB		 1653 break;
1654 case 6:
7ae98627 1655 if (!ide_if[0].bs && !ide_if[1].bs)
c45c3d00
FB		 1656 ret = 0;
1657 else
7ae98627 1658 ret = s->select;
5391d806
FB		 1659 break;
1660 default:
1661 case 7:
66201e2d
FB		 1662 if ((!ide_if[0].bs && !ide_if[1].bs) ||
1663 (s != ide_if && !s->bs))
c45c3d00
FB		 1664 ret = 0;
1665 else
1666 ret = s->status;
1ade1de2
FB		 1667#ifdef TARGET_PPC
1668 if (s->openpic)
1669 openpic_set_irq(s->openpic, s->irq, 0);
1670 else
1671#endif
34e538ae
FB		 1672 if (s->irq == 16)
1673 pci_set_irq(s->pci_dev, 0, 0);
1674 else
1675 pic_set_irq(s->irq, 0);
5391d806
FB		 1676 break;
1677 }
1678#ifdef DEBUG_IDE
1679 printf("ide: read addr=0x%x val=%02x\n", addr1, ret);
1680#endif
1681 return ret;
1682}
1683
caed8802 1684static uint32_t ide_status_read(void *opaque, uint32_t addr)
5391d806 1685{
7ae98627
FB		 1686 IDEState *ide_if = opaque;
1687 IDEState *s = ide_if->cur_drive;
5391d806 1688 int ret;
7ae98627 1689
66201e2d
FB		 1690 if ((!ide_if[0].bs && !ide_if[1].bs) ||
1691 (s != ide_if && !s->bs))
7ae98627
FB		 1692 ret = 0;
1693 else
1694 ret = s->status;
5391d806
FB		 1695#ifdef DEBUG_IDE
1696 printf("ide: read status addr=0x%x val=%02x\n", addr, ret);
1697#endif
1698 return ret;
1699}
1700
caed8802 1701static void ide_cmd_write(void *opaque, uint32_t addr, uint32_t val)
5391d806 1702{
caed8802 1703 IDEState *ide_if = opaque;
5391d806
FB		 1704 IDEState *s;
1705 int i;
1706
1707#ifdef DEBUG_IDE
1708 printf("ide: write control addr=0x%x val=%02x\n", addr, val);
1709#endif
1710 /* common for both drives */
1711 if (!(ide_if[0].cmd & IDE_CMD_RESET) &&
1712 (val & IDE_CMD_RESET)) {
1713 /* reset low to high */
1714 for(i = 0;i < 2; i++) {
1715 s = &ide_if[i];
1716 s->status = BUSY_STAT | SEEK_STAT;
1717 s->error = 0x01;
1718 }
1719 } else if ((ide_if[0].cmd & IDE_CMD_RESET) &&
1720 !(val & IDE_CMD_RESET)) {
1721 /* high to low */
1722 for(i = 0;i < 2; i++) {
1723 s = &ide_if[i];
6b136f9e
FB		 1724 if (s->is_cdrom)
1725 s->status = 0x00; /* NOTE: READY is _not_ set */
1726 else
56bf1d37 1727 s->status = READY_STAT | SEEK_STAT;
5391d806
FB		 1728 ide_set_signature(s);
1729 }
1730 }
1731
1732 ide_if[0].cmd = val;
1733 ide_if[1].cmd = val;
1734}
1735
caed8802 1736static void ide_data_writew(void *opaque, uint32_t addr, uint32_t val)
5391d806 1737{
caed8802 1738 IDEState *s = ((IDEState *)opaque)->cur_drive;
5391d806
FB		 1739 uint8_t *p;
1740
1741 p = s->data_ptr;
0c4ad8dc 1742 *(uint16_t *)p = le16_to_cpu(val);
5391d806
FB		 1743 p += 2;
1744 s->data_ptr = p;
1745 if (p >= s->data_end)
1746 s->end_transfer_func(s);
1747}
1748
caed8802 1749static uint32_t ide_data_readw(void *opaque, uint32_t addr)
5391d806 1750{
caed8802 1751 IDEState *s = ((IDEState *)opaque)->cur_drive;
5391d806
FB		 1752 uint8_t *p;
1753 int ret;
1754 p = s->data_ptr;
0c4ad8dc 1755 ret = cpu_to_le16(*(uint16_t *)p);
5391d806
FB		 1756 p += 2;
1757 s->data_ptr = p;
1758 if (p >= s->data_end)
1759 s->end_transfer_func(s);
1760 return ret;
1761}
1762
caed8802 1763static void ide_data_writel(void *opaque, uint32_t addr, uint32_t val)
5391d806 1764{
caed8802 1765 IDEState *s = ((IDEState *)opaque)->cur_drive;
5391d806
FB		 1766 uint8_t *p;
1767
1768 p = s->data_ptr;
0c4ad8dc 1769 *(uint32_t *)p = le32_to_cpu(val);
5391d806
FB		 1770 p += 4;
1771 s->data_ptr = p;
1772 if (p >= s->data_end)
1773 s->end_transfer_func(s);
1774}
1775
caed8802 1776static uint32_t ide_data_readl(void *opaque, uint32_t addr)
5391d806 1777{
caed8802 1778 IDEState *s = ((IDEState *)opaque)->cur_drive;
5391d806
FB		 1779 uint8_t *p;
1780 int ret;
1781
1782 p = s->data_ptr;
0c4ad8dc 1783 ret = cpu_to_le32(*(uint32_t *)p);
5391d806
FB		 1784 p += 4;
1785 s->data_ptr = p;
1786 if (p >= s->data_end)
1787 s->end_transfer_func(s);
1788 return ret;
1789}
1790
a7dfe172
FB		 1791static void ide_dummy_transfer_stop(IDEState *s)
1792{
1793 s->data_ptr = s->io_buffer;
1794 s->data_end = s->io_buffer;
1795 s->io_buffer[0] = 0xff;
1796 s->io_buffer[1] = 0xff;
1797 s->io_buffer[2] = 0xff;
1798 s->io_buffer[3] = 0xff;
1799}
1800
5391d806
FB		 1801static void ide_reset(IDEState *s)
1802{
1803 s->mult_sectors = MAX_MULT_SECTORS;
1804 s->cur_drive = s;
1805 s->select = 0xa0;
1806 s->status = READY_STAT;
1807 ide_set_signature(s);
a7dfe172
FB		 1808 /* init the transfer handler so that 0xffff is returned on data
1809 accesses */
1810 s->end_transfer_func = ide_dummy_transfer_stop;
1811 ide_dummy_transfer_stop(s);
5391d806
FB		 1812}
1813
1814struct partition {
1815 uint8_t boot_ind; /* 0x80 - active */
1816 uint8_t head; /* starting head */
1817 uint8_t sector; /* starting sector */
1818 uint8_t cyl; /* starting cylinder */
1819 uint8_t sys_ind; /* What partition type */
1820 uint8_t end_head; /* end head */
1821 uint8_t end_sector; /* end sector */
1822 uint8_t end_cyl; /* end cylinder */
1823 uint32_t start_sect; /* starting sector counting from 0 */
1824 uint32_t nr_sects; /* nr of sectors in partition */
1825} __attribute__((packed));
1826
1827/* try to guess the IDE geometry from the MSDOS partition table */
1828static void ide_guess_geometry(IDEState *s)
1829{
1830 uint8_t buf[512];
1831 int ret, i;
1832 struct partition *p;
1833 uint32_t nr_sects;
1834
1835 if (s->cylinders != 0)
1836 return;
1837 ret = bdrv_read(s->bs, 0, buf, 1);
1838 if (ret < 0)
1839 return;
1840 /* test msdos magic */
1841 if (buf[510] != 0x55 || buf[511] != 0xaa)
1842 return;
1843 for(i = 0; i < 4; i++) {
1844 p = ((struct partition *)(buf + 0x1be)) + i;
0c4ad8dc 1845 nr_sects = le32_to_cpu(p->nr_sects);
5391d806
FB		 1846 if (nr_sects && p->end_head) {
1847 /* We make the assumption that the partition terminates on
1848 a cylinder boundary */
1849 s->heads = p->end_head + 1;
1850 s->sectors = p->end_sector & 63;
1851 s->cylinders = s->nb_sectors / (s->heads * s->sectors);
1852#if 0
1853 printf("guessed partition: CHS=%d %d %d\n",
1854 s->cylinders, s->heads, s->sectors);
1855#endif
1856 }
1857 }
1858}
1859
69b91039
FB		 1860static void ide_init2(IDEState *ide_state, int irq,
1861 BlockDriverState *hd0, BlockDriverState *hd1)
5391d806 1862{
69b91039 1863 IDEState *s;
aedf5382 1864 static int drive_serial = 1;
caed8802 1865 int i, cylinders, heads, secs;
5391d806 1866 int64_t nb_sectors;
5391d806 1867
caed8802
FB		 1868 for(i = 0; i < 2; i++) {
1869 s = ide_state + i;
1870 if (i == 0)
1871 s->bs = hd0;
1872 else
1873 s->bs = hd1;
5391d806
FB		 1874 if (s->bs) {
1875 bdrv_get_geometry(s->bs, &nb_sectors);
1876 s->nb_sectors = nb_sectors;
caed8802
FB		 1877 /* if a geometry hint is available, use it */
1878 bdrv_get_geometry_hint(s->bs, &cylinders, &heads, &secs);
1879 if (cylinders != 0) {
5391d806 1880 s->cylinders = cylinders;
caed8802
FB		 1881 s->heads = heads;
1882 s->sectors = secs;
1883 } else {
1884 ide_guess_geometry(s);
1885 if (s->cylinders == 0) {
1886 /* if no geometry, use a LBA compatible one */
1887 cylinders = nb_sectors / (16 * 63);
1888 if (cylinders > 16383)
1889 cylinders = 16383;
1890 else if (cylinders < 2)
1891 cylinders = 2;
1892 s->cylinders = cylinders;
1893 s->heads = 16;
1894 s->sectors = 63;
1895 }
769bec72 1896 bdrv_set_geometry_hint(s->bs, s->cylinders, s->heads, s->sectors);
caed8802
FB		 1897 }
1898 if (bdrv_get_type_hint(s->bs) == BDRV_TYPE_CDROM) {
1899 s->is_cdrom = 1;
1900 bdrv_set_change_cb(s->bs, cdrom_change_cb, s);
5391d806
FB		 1901 }
1902 }
aedf5382 1903 s->drive_serial = drive_serial++;
caed8802 1904 s->irq = irq;
5391d806
FB		 1905 ide_reset(s);
1906 }
69b91039
FB		 1907}
1908
34e538ae 1909static void ide_init_ioport(IDEState *ide_state, int iobase, int iobase2)
69b91039 1910{
caed8802
FB		 1911 register_ioport_write(iobase, 8, 1, ide_ioport_write, ide_state);
1912 register_ioport_read(iobase, 8, 1, ide_ioport_read, ide_state);
1913 if (iobase2) {
1914 register_ioport_read(iobase2, 1, 1, ide_status_read, ide_state);
1915 register_ioport_write(iobase2, 1, 1, ide_cmd_write, ide_state);
5391d806 1916 }
caed8802
FB		 1917
1918 /* data ports */
1919 register_ioport_write(iobase, 2, 2, ide_data_writew, ide_state);
1920 register_ioport_read(iobase, 2, 2, ide_data_readw, ide_state);
1921 register_ioport_write(iobase, 4, 4, ide_data_writel, ide_state);
1922 register_ioport_read(iobase, 4, 4, ide_data_readl, ide_state);
5391d806 1923}
69b91039 1924
34e538ae
FB		 1925/***********************************************************/
1926/* ISA IDE definitions */
1927
1928void isa_ide_init(int iobase, int iobase2, int irq,
1929 BlockDriverState *hd0, BlockDriverState *hd1)
1930{
1931 IDEState *ide_state;
1932
1933 ide_state = qemu_mallocz(sizeof(IDEState) * 2);
1934 if (!ide_state)
1935 return;
1936
1937 ide_init2(ide_state, irq, hd0, hd1);
1938 ide_init_ioport(ide_state, iobase, iobase2);
1939}
1940
69b91039
FB		 1941/***********************************************************/
1942/* PCI IDE definitions */
1943
69b91039
FB		 1944static void ide_map(PCIDevice *pci_dev, int region_num,
1945 uint32_t addr, uint32_t size, int type)
1946{
1947 PCIIDEState *d = (PCIIDEState *)pci_dev;
1948 IDEState *ide_state;
1949
1950 if (region_num <= 3) {
1951 ide_state = &d->ide_if[(region_num >> 1) * 2];
1952 if (region_num & 1) {
1953 register_ioport_read(addr + 2, 1, 1, ide_status_read, ide_state);
1954 register_ioport_write(addr + 2, 1, 1, ide_cmd_write, ide_state);
1955 } else {
1956 register_ioport_write(addr, 8, 1, ide_ioport_write, ide_state);
1957 register_ioport_read(addr, 8, 1, ide_ioport_read, ide_state);
1958
1959 /* data ports */
1960 register_ioport_write(addr, 2, 2, ide_data_writew, ide_state);
1961 register_ioport_read(addr, 2, 2, ide_data_readw, ide_state);
1962 register_ioport_write(addr, 4, 4, ide_data_writel, ide_state);
1963 register_ioport_read(addr, 4, 4, ide_data_readl, ide_state);
1964 }
1965 }
1966}
1967
98087450
FB		 1968/* XXX: full callback usage to prepare non blocking I/Os support -
1969 error handling */
1970static void ide_dma_loop(BMDMAState *bm)
1971{
1972 struct {
1973 uint32_t addr;
1974 uint32_t size;
1975 } prd;
1976 target_phys_addr_t cur_addr;
1977 int len, i, len1;
1978
1979 cur_addr = bm->addr;
1980 /* at most one page to avoid hanging if erroneous parameters */
1981 for(i = 0; i < 512; i++) {
1982 cpu_physical_memory_read(cur_addr, (uint8_t *)&prd, 8);
1983 prd.addr = le32_to_cpu(prd.addr);
1984 prd.size = le32_to_cpu(prd.size);
1985#ifdef DEBUG_IDE
1986 printf("ide: dma: prd: %08x: addr=0x%08x size=0x%08x\n",
1987 (int)cur_addr, prd.addr, prd.size);
1988#endif
1989 len = prd.size & 0xfffe;
1990 if (len == 0)
1991 len = 0x10000;
1992 while (len > 0) {
1993 len1 = bm->dma_cb(bm->ide_if, prd.addr, len);
1994 if (len1 == 0)
1995 goto the_end;
1996 prd.addr += len1;
1997 len -= len1;
1998 }
1999 /* end of transfer */
2000 if (prd.size & 0x80000000)
2001 break;
2002 cur_addr += 8;
2003 }
2004 /* end of transfer */
2005 the_end:
2006 bm->status &= ~BM_STATUS_DMAING;
2007 bm->status |= BM_STATUS_INT;
2008 bm->dma_cb = NULL;
2009 bm->ide_if = NULL;
2010}
2011
2012static void ide_dma_start(IDEState *s, IDEDMAFunc *dma_cb)
2013{
2014 BMDMAState *bm = s->bmdma;
2015 if(!bm)
2016 return;
2017 bm->ide_if = s;
2018 bm->dma_cb = dma_cb;
2019 if (bm->status & BM_STATUS_DMAING) {
2020 ide_dma_loop(bm);
2021 }
2022}
2023
2024static uint32_t bmdma_cmd_readb(void *opaque, uint32_t addr)
2025{
2026 BMDMAState *bm = opaque;
2027 uint32_t val;
2028 val = bm->cmd;
2029#ifdef DEBUG_IDE
2030 printf("%s: 0x%08x\n", __func__, val);
2031#endif
2032 return val;
2033}
2034
2035static void bmdma_cmd_writeb(void *opaque, uint32_t addr, uint32_t val)
2036{
2037 BMDMAState *bm = opaque;
2038#ifdef DEBUG_IDE
2039 printf("%s: 0x%08x\n", __func__, val);
2040#endif
2041 if (!(val & BM_CMD_START)) {
2042 /* XXX: do it better */
2043 bm->status &= ~BM_STATUS_DMAING;
2044 bm->cmd = val & 0x09;
2045 } else {
2046 bm->status |= BM_STATUS_DMAING;
2047 bm->cmd = val & 0x09;
2048 /* start dma transfer if possible */
2049 if (bm->dma_cb)
2050 ide_dma_loop(bm);
2051 }
2052}
2053
2054static uint32_t bmdma_status_readb(void *opaque, uint32_t addr)
2055{
2056 BMDMAState *bm = opaque;
2057 uint32_t val;
2058 val = bm->status;
2059#ifdef DEBUG_IDE
2060 printf("%s: 0x%08x\n", __func__, val);
2061#endif
2062 return val;
2063}
2064
2065static void bmdma_status_writeb(void *opaque, uint32_t addr, uint32_t val)
2066{
2067 BMDMAState *bm = opaque;
2068#ifdef DEBUG_IDE
2069 printf("%s: 0x%08x\n", __func__, val);
2070#endif
2071 bm->status = (val & 0x60) | (bm->status & 1) | (bm->status & ~val & 0x06);
2072}
2073
2074static uint32_t bmdma_addr_readl(void *opaque, uint32_t addr)
2075{
2076 BMDMAState *bm = opaque;
2077 uint32_t val;
2078 val = bm->addr;
2079#ifdef DEBUG_IDE
2080 printf("%s: 0x%08x\n", __func__, val);
2081#endif
2082 return val;
2083}
2084
2085static void bmdma_addr_writel(void *opaque, uint32_t addr, uint32_t val)
2086{
2087 BMDMAState *bm = opaque;
2088#ifdef DEBUG_IDE
2089 printf("%s: 0x%08x\n", __func__, val);
2090#endif
2091 bm->addr = val & ~3;
2092}
2093
2094static void bmdma_map(PCIDevice *pci_dev, int region_num,
2095 uint32_t addr, uint32_t size, int type)
2096{
2097 PCIIDEState *d = (PCIIDEState *)pci_dev;
2098 int i;
2099
2100 for(i = 0;i < 2; i++) {
2101 BMDMAState *bm = &d->bmdma[i];
2102 d->ide_if[2 * i].bmdma = bm;
2103 d->ide_if[2 * i + 1].bmdma = bm;
2104
2105 register_ioport_write(addr, 1, 1, bmdma_cmd_writeb, bm);
2106 register_ioport_read(addr, 1, 1, bmdma_cmd_readb, bm);
2107
2108 register_ioport_write(addr + 2, 1, 1, bmdma_status_writeb, bm);
2109 register_ioport_read(addr + 2, 1, 1, bmdma_status_readb, bm);
2110
2111 register_ioport_write(addr + 4, 4, 4, bmdma_addr_writel, bm);
2112 register_ioport_read(addr + 4, 4, 4, bmdma_addr_readl, bm);
2113 addr += 8;
2114 }
2115}
2116
69b91039 2117/* hd_table must contain 4 block drivers */
46e50e9d 2118void pci_ide_init(PCIBus *bus, BlockDriverState **hd_table)
69b91039
FB		 2119{
2120 PCIIDEState *d;
2121 uint8_t *pci_conf;
34e538ae
FB		 2122 int i;
2123
46e50e9d
FB		 2124 d = (PCIIDEState *)pci_register_device(bus, "IDE", sizeof(PCIIDEState),
2125 -1,
73c11f63 2126 NULL, NULL);
69b91039
FB		 2127 pci_conf = d->dev.config;
2128 pci_conf[0x00] = 0x86; // Intel
2129 pci_conf[0x01] = 0x80;
2130 pci_conf[0x02] = 0x00; // fake
2131 pci_conf[0x03] = 0x01; // fake
2132 pci_conf[0x0a] = 0x01; // class_sub = PCI_IDE
2133 pci_conf[0x0b] = 0x01; // class_base = PCI_mass_storage
2134 pci_conf[0x0e] = 0x80; // header_type = PCI_multifunction, generic
2135
2136 pci_conf[0x2c] = 0x86; // subsys vendor
2137 pci_conf[0x2d] = 0x80; // subsys vendor
2138 pci_conf[0x2e] = 0x00; // fake
2139 pci_conf[0x2f] = 0x01; // fake
2140
2141 pci_register_io_region((PCIDevice *)d, 0, 0x8,
2142 PCI_ADDRESS_SPACE_IO, ide_map);
2143 pci_register_io_region((PCIDevice *)d, 1, 0x4,
2144 PCI_ADDRESS_SPACE_IO, ide_map);
2145 pci_register_io_region((PCIDevice *)d, 2, 0x8,
2146 PCI_ADDRESS_SPACE_IO, ide_map);
2147 pci_register_io_region((PCIDevice *)d, 3, 0x4,
2148 PCI_ADDRESS_SPACE_IO, ide_map);
98087450
FB		 2149 pci_register_io_region((PCIDevice *)d, 4, 0x10,
2150 PCI_ADDRESS_SPACE_IO, bmdma_map);
69b91039 2151
34e538ae
FB		 2152 pci_conf[0x3d] = 0x01; // interrupt on pin 1
2153
2154 for(i = 0; i < 4; i++)
2155 d->ide_if[i].pci_dev = (PCIDevice *)d;
2156 ide_init2(&d->ide_if[0], 16, hd_table[0], hd_table[1]);
2157 ide_init2(&d->ide_if[2], 16, hd_table[2], hd_table[3]);
2158}
2159
2160/* hd_table must contain 4 block drivers */
2161/* NOTE: for the PIIX3, the IRQs and IOports are hardcoded */
46e50e9d 2162void pci_piix3_ide_init(PCIBus *bus, BlockDriverState **hd_table)
34e538ae
FB		 2163{
2164 PCIIDEState *d;
2165 uint8_t *pci_conf;
2166
2167 /* register a function 1 of PIIX3 */
46e50e9d
FB		 2168 d = (PCIIDEState *)pci_register_device(bus, "PIIX3 IDE",
2169 sizeof(PCIIDEState),
2170 ((PCIDevice *)piix3_state)->devfn + 1,
34e538ae
FB		 2171 NULL, NULL);
2172 pci_conf = d->dev.config;
2173 pci_conf[0x00] = 0x86; // Intel
2174 pci_conf[0x01] = 0x80;
2175 pci_conf[0x02] = 0x10;
2176 pci_conf[0x03] = 0x70;
2177 pci_conf[0x0a] = 0x01; // class_sub = PCI_IDE
2178 pci_conf[0x0b] = 0x01; // class_base = PCI_mass_storage
2179 pci_conf[0x0e] = 0x00; // header_type
2180
98087450
FB		 2181 pci_register_io_region((PCIDevice *)d, 4, 0x10,
2182 PCI_ADDRESS_SPACE_IO, bmdma_map);
34e538ae 2183
69b91039
FB		 2184 ide_init2(&d->ide_if[0], 14, hd_table[0], hd_table[1]);
2185 ide_init2(&d->ide_if[2], 15, hd_table[2], hd_table[3]);
34e538ae
FB		 2186 ide_init_ioport(&d->ide_if[0], 0x1f0, 0x3f6);
2187 ide_init_ioport(&d->ide_if[2], 0x170, 0x376);
69b91039 2188}
1ade1de2
FB		 2189
2190/***********************************************************/
2191/* MacIO based PowerPC IDE */
2192
2193/* PowerMac IDE memory IO */
2194static void pmac_ide_writeb (void *opaque,
2195 target_phys_addr_t addr, uint32_t val)
2196{
2197 addr = (addr & 0xFFF) >> 4;
2198 switch (addr) {
2199 case 1 ... 7:
2200 ide_ioport_write(opaque, addr, val);
2201 break;
2202 case 8:
2203 case 22:
2204 ide_cmd_write(opaque, 0, val);
2205 break;
2206 default:
2207 break;
2208 }
2209}
2210
2211static uint32_t pmac_ide_readb (void *opaque,target_phys_addr_t addr)
2212{
2213 uint8_t retval;
2214
2215 addr = (addr & 0xFFF) >> 4;
2216 switch (addr) {
2217 case 1 ... 7:
2218 retval = ide_ioport_read(opaque, addr);
2219 break;
2220 case 8:
2221 case 22:
2222 retval = ide_status_read(opaque, 0);
2223 break;
2224 default:
2225 retval = 0xFF;
2226 break;
2227 }
2228 return retval;
2229}
2230
2231static void pmac_ide_writew (void *opaque,
2232 target_phys_addr_t addr, uint32_t val)
2233{
2234 addr = (addr & 0xFFF) >> 4;
2235#ifdef TARGET_WORDS_BIGENDIAN
2236 val = bswap16(val);
2237#endif
2238 if (addr == 0) {
2239 ide_data_writew(opaque, 0, val);
2240 }
2241}
2242
2243static uint32_t pmac_ide_readw (void *opaque,target_phys_addr_t addr)
2244{
2245 uint16_t retval;
2246
2247 addr = (addr & 0xFFF) >> 4;
2248 if (addr == 0) {
2249 retval = ide_data_readw(opaque, 0);
2250 } else {
2251 retval = 0xFFFF;
2252 }
2253#ifdef TARGET_WORDS_BIGENDIAN
2254 retval = bswap16(retval);
2255#endif
2256 return retval;
2257}
2258
2259static void pmac_ide_writel (void *opaque,
2260 target_phys_addr_t addr, uint32_t val)
2261{
2262 addr = (addr & 0xFFF) >> 4;
2263#ifdef TARGET_WORDS_BIGENDIAN
2264 val = bswap32(val);
2265#endif
2266 if (addr == 0) {
2267 ide_data_writel(opaque, 0, val);
2268 }
2269}
2270
2271static uint32_t pmac_ide_readl (void *opaque,target_phys_addr_t addr)
2272{
2273 uint32_t retval;
2274
2275 addr = (addr & 0xFFF) >> 4;
2276 if (addr == 0) {
2277 retval = ide_data_readl(opaque, 0);
2278 } else {
2279 retval = 0xFFFFFFFF;
2280 }
2281#ifdef TARGET_WORDS_BIGENDIAN
2282 retval = bswap32(retval);
2283#endif
2284 return retval;
2285}
2286
2287static CPUWriteMemoryFunc *pmac_ide_write[] = {
2288 pmac_ide_writeb,
2289 pmac_ide_writew,
2290 pmac_ide_writel,
2291};
2292
2293static CPUReadMemoryFunc *pmac_ide_read[] = {
2294 pmac_ide_readb,
2295 pmac_ide_readw,
2296 pmac_ide_readl,
2297};
2298
2299/* hd_table must contain 4 block drivers */
2300/* PowerMac uses memory mapped registers, not I/O. Return the memory
2301 I/O index to access the ide. */
2302int pmac_ide_init (BlockDriverState **hd_table,
2303 openpic_t *openpic, int irq)
2304{
2305 IDEState *ide_if;
2306 int pmac_ide_memory;
2307
2308 ide_if = qemu_mallocz(sizeof(IDEState) * 2);
2309 ide_init2(&ide_if[0], irq, hd_table[0], hd_table[1]);
2310 ide_if[0].openpic = openpic;
2311 ide_if[1].openpic = openpic;
2312
2313 pmac_ide_memory = cpu_register_io_memory(0, pmac_ide_read,
2314 pmac_ide_write, &ide_if[0]);
2315 return pmac_ide_memory;
2316}
Qemu copy for testing