]> git.proxmox.com Git - mirror_qemu.git/blob - hw/ide/core.c
projects / mirror_qemu.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
hw/arm/virt: Disable LPA2 for -machine virt-6.2
[mirror_qemu.git] / hw / ide / core.c
1 /*
2 * QEMU IDE disk and CD/DVD-ROM Emulator
3 *
4 * Copyright (c) 2003 Fabrice Bellard
5 * Copyright (c) 2006 Openedhand Ltd.
6 *
7 * Permission is hereby granted, free of charge, to any person obtaining a copy
8 * of this software and associated documentation files (the "Software"), to deal
9 * in the Software without restriction, including without limitation the rights
10 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
11 * copies of the Software, and to permit persons to whom the Software is
12 * furnished to do so, subject to the following conditions:
13 *
14 * The above copyright notice and this permission notice shall be included in
15 * all copies or substantial portions of the Software.
16 *
17 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
18 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
19 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
20 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
21 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
22 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
23 * THE SOFTWARE.
24 */
25
26 #include "qemu/osdep.h"
27 #include "hw/isa/isa.h"
28 #include "migration/vmstate.h"
29 #include "qemu/error-report.h"
30 #include "qemu/main-loop.h"
31 #include "qemu/timer.h"
32 #include "qemu/hw-version.h"
33 #include "qemu/memalign.h"
34 #include "sysemu/sysemu.h"
35 #include "sysemu/blockdev.h"
36 #include "sysemu/dma.h"
37 #include "hw/block/block.h"
38 #include "sysemu/block-backend.h"
39 #include "qapi/error.h"
40 #include "qemu/cutils.h"
41 #include "sysemu/replay.h"
42 #include "sysemu/runstate.h"
43 #include "hw/ide/internal.h"
44 #include "trace.h"
45
46 /* These values were based on a Seagate ST3500418AS but have been modified
47 to make more sense in QEMU */
48 static const int smart_attributes[][12] = {
49 /* id, flags, hflags, val, wrst, raw (6 bytes), threshold */
50 /* raw read error rate*/
51 { 0x01, 0x03, 0x00, 0x64, 0x64, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x06},
52 /* spin up */
53 { 0x03, 0x03, 0x00, 0x64, 0x64, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
54 /* start stop count */
55 { 0x04, 0x02, 0x00, 0x64, 0x64, 0x64, 0x00, 0x00, 0x00, 0x00, 0x00, 0x14},
56 /* remapped sectors */
57 { 0x05, 0x03, 0x00, 0x64, 0x64, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x24},
58 /* power on hours */
59 { 0x09, 0x03, 0x00, 0x64, 0x64, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
60 /* power cycle count */
61 { 0x0c, 0x03, 0x00, 0x64, 0x64, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
62 /* airflow-temperature-celsius */
63 { 190, 0x03, 0x00, 0x45, 0x45, 0x1f, 0x00, 0x1f, 0x1f, 0x00, 0x00, 0x32},
64 };
65
66 const char *IDE_DMA_CMD_lookup[IDE_DMA__COUNT] = {
67 [IDE_DMA_READ] = "DMA READ",
68 [IDE_DMA_WRITE] = "DMA WRITE",
69 [IDE_DMA_TRIM] = "DMA TRIM",
70 [IDE_DMA_ATAPI] = "DMA ATAPI"
71 };
72
73 static const char *IDE_DMA_CMD_str(enum ide_dma_cmd enval)
74 {
75 if ((unsigned)enval < IDE_DMA__COUNT) {
76 return IDE_DMA_CMD_lookup[enval];
77 }
78 return "DMA UNKNOWN CMD";
79 }
80
81 static void ide_dummy_transfer_stop(IDEState *s);
82
83 static void padstr(char *str, const char *src, int len)
84 {
85 int i, v;
86 for(i = 0; i < len; i++) {
87 if (*src)
88 v = *src++;
89 else
90 v = ' ';
91 str[i^1] = v;
92 }
93 }
94
95 static void put_le16(uint16_t *p, unsigned int v)
96 {
97 *p = cpu_to_le16(v);
98 }
99
100 static void ide_identify_size(IDEState *s)
101 {
102 uint16_t *p = (uint16_t *)s->identify_data;
103 int64_t nb_sectors_lba28 = s->nb_sectors;
104 if (nb_sectors_lba28 >= 1 << 28) {
105 nb_sectors_lba28 = (1 << 28) - 1;
106 }
107 put_le16(p + 60, nb_sectors_lba28);
108 put_le16(p + 61, nb_sectors_lba28 >> 16);
109 put_le16(p + 100, s->nb_sectors);
110 put_le16(p + 101, s->nb_sectors >> 16);
111 put_le16(p + 102, s->nb_sectors >> 32);
112 put_le16(p + 103, s->nb_sectors >> 48);
113 }
114
115 static void ide_identify(IDEState *s)
116 {
117 uint16_t *p;
118 unsigned int oldsize;
119 IDEDevice *dev = s->unit ? s->bus->slave : s->bus->master;
120
121 p = (uint16_t *)s->identify_data;
122 if (s->identify_set) {
123 goto fill_buffer;
124 }
125 memset(p, 0, sizeof(s->identify_data));
126
127 put_le16(p + 0, 0x0040);
128 put_le16(p + 1, s->cylinders);
129 put_le16(p + 3, s->heads);
130 put_le16(p + 4, 512 * s->sectors); /* XXX: retired, remove ? */
131 put_le16(p + 5, 512); /* XXX: retired, remove ? */
132 put_le16(p + 6, s->sectors);
133 padstr((char *)(p + 10), s->drive_serial_str, 20); /* serial number */
134 put_le16(p + 20, 3); /* XXX: retired, remove ? */
135 put_le16(p + 21, 512); /* cache size in sectors */
136 put_le16(p + 22, 4); /* ecc bytes */
137 padstr((char *)(p + 23), s->version, 8); /* firmware version */
138 padstr((char *)(p + 27), s->drive_model_str, 40); /* model */
139 #if MAX_MULT_SECTORS > 1
140 put_le16(p + 47, 0x8000 | MAX_MULT_SECTORS);
141 #endif
142 put_le16(p + 48, 1); /* dword I/O */
143 put_le16(p + 49, (1 << 11) | (1 << 9) | (1 << 8)); /* DMA and LBA supported */
144 put_le16(p + 51, 0x200); /* PIO transfer cycle */
145 put_le16(p + 52, 0x200); /* DMA transfer cycle */
146 put_le16(p + 53, 1 | (1 << 1) | (1 << 2)); /* words 54-58,64-70,88 are valid */
147 put_le16(p + 54, s->cylinders);
148 put_le16(p + 55, s->heads);
149 put_le16(p + 56, s->sectors);
150 oldsize = s->cylinders * s->heads * s->sectors;
151 put_le16(p + 57, oldsize);
152 put_le16(p + 58, oldsize >> 16);
153 if (s->mult_sectors)
154 put_le16(p + 59, 0x100 | s->mult_sectors);
155 /* *(p + 60) := nb_sectors -- see ide_identify_size */
156 /* *(p + 61) := nb_sectors >> 16 -- see ide_identify_size */
157 put_le16(p + 62, 0x07); /* single word dma0-2 supported */
158 put_le16(p + 63, 0x07); /* mdma0-2 supported */
159 put_le16(p + 64, 0x03); /* pio3-4 supported */
160 put_le16(p + 65, 120);
161 put_le16(p + 66, 120);
162 put_le16(p + 67, 120);
163 put_le16(p + 68, 120);
164 if (dev && dev->conf.discard_granularity) {
165 put_le16(p + 69, (1 << 14)); /* determinate TRIM behavior */
166 }
167
168 if (s->ncq_queues) {
169 put_le16(p + 75, s->ncq_queues - 1);
170 /* NCQ supported */
171 put_le16(p + 76, (1 << 8));
172 }
173
174 put_le16(p + 80, 0xf0); /* ata3 -> ata6 supported */
175 put_le16(p + 81, 0x16); /* conforms to ata5 */
176 /* 14=NOP supported, 5=WCACHE supported, 0=SMART supported */
177 put_le16(p + 82, (1 << 14) | (1 << 5) | 1);
178 /* 13=flush_cache_ext,12=flush_cache,10=lba48 */
179 put_le16(p + 83, (1 << 14) | (1 << 13) | (1 <<12) | (1 << 10));
180 /* 14=set to 1, 8=has WWN, 1=SMART self test, 0=SMART error logging */
181 if (s->wwn) {
182 put_le16(p + 84, (1 << 14) | (1 << 8) | 0);
183 } else {
184 put_le16(p + 84, (1 << 14) | 0);
185 }
186 /* 14 = NOP supported, 5=WCACHE enabled, 0=SMART feature set enabled */
187 if (blk_enable_write_cache(s->blk)) {
188 put_le16(p + 85, (1 << 14) | (1 << 5) | 1);
189 } else {
190 put_le16(p + 85, (1 << 14) | 1);
191 }
192 /* 13=flush_cache_ext,12=flush_cache,10=lba48 */
193 put_le16(p + 86, (1 << 13) | (1 <<12) | (1 << 10));
194 /* 14=set to 1, 8=has WWN, 1=SMART self test, 0=SMART error logging */
195 if (s->wwn) {
196 put_le16(p + 87, (1 << 14) | (1 << 8) | 0);
197 } else {
198 put_le16(p + 87, (1 << 14) | 0);
199 }
200 put_le16(p + 88, 0x3f | (1 << 13)); /* udma5 set and supported */
201 put_le16(p + 93, 1 | (1 << 14) | 0x2000);
202 /* *(p + 100) := nb_sectors -- see ide_identify_size */
203 /* *(p + 101) := nb_sectors >> 16 -- see ide_identify_size */
204 /* *(p + 102) := nb_sectors >> 32 -- see ide_identify_size */
205 /* *(p + 103) := nb_sectors >> 48 -- see ide_identify_size */
206
207 if (dev && dev->conf.physical_block_size)
208 put_le16(p + 106, 0x6000 | get_physical_block_exp(&dev->conf));
209 if (s->wwn) {
210 /* LE 16-bit words 111-108 contain 64-bit World Wide Name */
211 put_le16(p + 108, s->wwn >> 48);
212 put_le16(p + 109, s->wwn >> 32);
213 put_le16(p + 110, s->wwn >> 16);
214 put_le16(p + 111, s->wwn);
215 }
216 if (dev && dev->conf.discard_granularity) {
217 put_le16(p + 169, 1); /* TRIM support */
218 }
219 if (dev) {
220 put_le16(p + 217, dev->rotation_rate); /* Nominal media rotation rate */
221 }
222
223 ide_identify_size(s);
224 s->identify_set = 1;
225
226 fill_buffer:
227 memcpy(s->io_buffer, p, sizeof(s->identify_data));
228 }
229
230 static void ide_atapi_identify(IDEState *s)
231 {
232 uint16_t *p;
233
234 p = (uint16_t *)s->identify_data;
235 if (s->identify_set) {
236 goto fill_buffer;
237 }
238 memset(p, 0, sizeof(s->identify_data));
239
240 /* Removable CDROM, 50us response, 12 byte packets */
241 put_le16(p + 0, (2 << 14) | (5 << 8) | (1 << 7) | (2 << 5) | (0 << 0));
242 padstr((char *)(p + 10), s->drive_serial_str, 20); /* serial number */
243 put_le16(p + 20, 3); /* buffer type */
244 put_le16(p + 21, 512); /* cache size in sectors */
245 put_le16(p + 22, 4); /* ecc bytes */
246 padstr((char *)(p + 23), s->version, 8); /* firmware version */
247 padstr((char *)(p + 27), s->drive_model_str, 40); /* model */
248 put_le16(p + 48, 1); /* dword I/O (XXX: should not be set on CDROM) */
249 #ifdef USE_DMA_CDROM
250 put_le16(p + 49, 1 << 9 | 1 << 8); /* DMA and LBA supported */
251 put_le16(p + 53, 7); /* words 64-70, 54-58, 88 valid */
252 put_le16(p + 62, 7); /* single word dma0-2 supported */
253 put_le16(p + 63, 7); /* mdma0-2 supported */
254 #else
255 put_le16(p + 49, 1 << 9); /* LBA supported, no DMA */
256 put_le16(p + 53, 3); /* words 64-70, 54-58 valid */
257 put_le16(p + 63, 0x103); /* DMA modes XXX: may be incorrect */
258 #endif
259 put_le16(p + 64, 3); /* pio3-4 supported */
260 put_le16(p + 65, 0xb4); /* minimum DMA multiword tx cycle time */
261 put_le16(p + 66, 0xb4); /* recommended DMA multiword tx cycle time */
262 put_le16(p + 67, 0x12c); /* minimum PIO cycle time without flow control */
263 put_le16(p + 68, 0xb4); /* minimum PIO cycle time with IORDY flow control */
264
265 put_le16(p + 71, 30); /* in ns */
266 put_le16(p + 72, 30); /* in ns */
267
268 if (s->ncq_queues) {
269 put_le16(p + 75, s->ncq_queues - 1);
270 /* NCQ supported */
271 put_le16(p + 76, (1 << 8));
272 }
273
274 put_le16(p + 80, 0x1e); /* support up to ATA/ATAPI-4 */
275 if (s->wwn) {
276 put_le16(p + 84, (1 << 8)); /* supports WWN for words 108-111 */
277 put_le16(p + 87, (1 << 8)); /* WWN enabled */
278 }
279
280 #ifdef USE_DMA_CDROM
281 put_le16(p + 88, 0x3f | (1 << 13)); /* udma5 set and supported */
282 #endif
283
284 if (s->wwn) {
285 /* LE 16-bit words 111-108 contain 64-bit World Wide Name */
286 put_le16(p + 108, s->wwn >> 48);
287 put_le16(p + 109, s->wwn >> 32);
288 put_le16(p + 110, s->wwn >> 16);
289 put_le16(p + 111, s->wwn);
290 }
291
292 s->identify_set = 1;
293
294 fill_buffer:
295 memcpy(s->io_buffer, p, sizeof(s->identify_data));
296 }
297
298 static void ide_cfata_identify_size(IDEState *s)
299 {
300 uint16_t *p = (uint16_t *)s->identify_data;
301 put_le16(p + 7, s->nb_sectors >> 16); /* Sectors per card */
302 put_le16(p + 8, s->nb_sectors); /* Sectors per card */
303 put_le16(p + 60, s->nb_sectors); /* Total LBA sectors */
304 put_le16(p + 61, s->nb_sectors >> 16); /* Total LBA sectors */
305 }
306
307 static void ide_cfata_identify(IDEState *s)
308 {
309 uint16_t *p;
310 uint32_t cur_sec;
311
312 p = (uint16_t *)s->identify_data;
313 if (s->identify_set) {
314 goto fill_buffer;
315 }
316 memset(p, 0, sizeof(s->identify_data));
317
318 cur_sec = s->cylinders * s->heads * s->sectors;
319
320 put_le16(p + 0, 0x848a); /* CF Storage Card signature */
321 put_le16(p + 1, s->cylinders); /* Default cylinders */
322 put_le16(p + 3, s->heads); /* Default heads */
323 put_le16(p + 6, s->sectors); /* Default sectors per track */
324 /* *(p + 7) := nb_sectors >> 16 -- see ide_cfata_identify_size */
325 /* *(p + 8) := nb_sectors -- see ide_cfata_identify_size */
326 padstr((char *)(p + 10), s->drive_serial_str, 20); /* serial number */
327 put_le16(p + 22, 0x0004); /* ECC bytes */
328 padstr((char *) (p + 23), s->version, 8); /* Firmware Revision */
329 padstr((char *) (p + 27), s->drive_model_str, 40);/* Model number */
330 #if MAX_MULT_SECTORS > 1
331 put_le16(p + 47, 0x8000 | MAX_MULT_SECTORS);
332 #else
333 put_le16(p + 47, 0x0000);
334 #endif
335 put_le16(p + 49, 0x0f00); /* Capabilities */
336 put_le16(p + 51, 0x0002); /* PIO cycle timing mode */
337 put_le16(p + 52, 0x0001); /* DMA cycle timing mode */
338 put_le16(p + 53, 0x0003); /* Translation params valid */
339 put_le16(p + 54, s->cylinders); /* Current cylinders */
340 put_le16(p + 55, s->heads); /* Current heads */
341 put_le16(p + 56, s->sectors); /* Current sectors */
342 put_le16(p + 57, cur_sec); /* Current capacity */
343 put_le16(p + 58, cur_sec >> 16); /* Current capacity */
344 if (s->mult_sectors) /* Multiple sector setting */
345 put_le16(p + 59, 0x100 | s->mult_sectors);
346 /* *(p + 60) := nb_sectors -- see ide_cfata_identify_size */
347 /* *(p + 61) := nb_sectors >> 16 -- see ide_cfata_identify_size */
348 put_le16(p + 63, 0x0203); /* Multiword DMA capability */
349 put_le16(p + 64, 0x0001); /* Flow Control PIO support */
350 put_le16(p + 65, 0x0096); /* Min. Multiword DMA cycle */
351 put_le16(p + 66, 0x0096); /* Rec. Multiword DMA cycle */
352 put_le16(p + 68, 0x00b4); /* Min. PIO cycle time */
353 put_le16(p + 82, 0x400c); /* Command Set supported */
354 put_le16(p + 83, 0x7068); /* Command Set supported */
355 put_le16(p + 84, 0x4000); /* Features supported */
356 put_le16(p + 85, 0x000c); /* Command Set enabled */
357 put_le16(p + 86, 0x7044); /* Command Set enabled */
358 put_le16(p + 87, 0x4000); /* Features enabled */
359 put_le16(p + 91, 0x4060); /* Current APM level */
360 put_le16(p + 129, 0x0002); /* Current features option */
361 put_le16(p + 130, 0x0005); /* Reassigned sectors */
362 put_le16(p + 131, 0x0001); /* Initial power mode */
363 put_le16(p + 132, 0x0000); /* User signature */
364 put_le16(p + 160, 0x8100); /* Power requirement */
365 put_le16(p + 161, 0x8001); /* CF command set */
366
367 ide_cfata_identify_size(s);
368 s->identify_set = 1;
369
370 fill_buffer:
371 memcpy(s->io_buffer, p, sizeof(s->identify_data));
372 }
373
374 static void ide_set_signature(IDEState *s)
375 {
376 s->select &= ~(ATA_DEV_HS); /* clear head */
377 /* put signature */
378 s->nsector = 1;
379 s->sector = 1;
380 if (s->drive_kind == IDE_CD) {
381 s->lcyl = 0x14;
382 s->hcyl = 0xeb;
383 } else if (s->blk) {
384 s->lcyl = 0;
385 s->hcyl = 0;
386 } else {
387 s->lcyl = 0xff;
388 s->hcyl = 0xff;
389 }
390 }
391
392 static bool ide_sect_range_ok(IDEState *s,
393 uint64_t sector, uint64_t nb_sectors)
394 {
395 uint64_t total_sectors;
396
397 blk_get_geometry(s->blk, &total_sectors);
398 if (sector > total_sectors || nb_sectors > total_sectors - sector) {
399 return false;
400 }
401 return true;
402 }
403
404 typedef struct TrimAIOCB {
405 BlockAIOCB common;
406 IDEState *s;
407 QEMUBH *bh;
408 int ret;
409 QEMUIOVector *qiov;
410 BlockAIOCB *aiocb;
411 int i, j;
412 } TrimAIOCB;
413
414 static void trim_aio_cancel(BlockAIOCB *acb)
415 {
416 TrimAIOCB *iocb = container_of(acb, TrimAIOCB, common);
417
418 /* Exit the loop so ide_issue_trim_cb will not continue */
419 iocb->j = iocb->qiov->niov - 1;
420 iocb->i = (iocb->qiov->iov[iocb->j].iov_len / 8) - 1;
421
422 iocb->ret = -ECANCELED;
423
424 if (iocb->aiocb) {
425 blk_aio_cancel_async(iocb->aiocb);
426 iocb->aiocb = NULL;
427 }
428 }
429
430 static const AIOCBInfo trim_aiocb_info = {
431 .aiocb_size = sizeof(TrimAIOCB),
432 .cancel_async = trim_aio_cancel,
433 };
434
435 static void ide_trim_bh_cb(void *opaque)
436 {
437 TrimAIOCB *iocb = opaque;
438
439 iocb->common.cb(iocb->common.opaque, iocb->ret);
440
441 qemu_bh_delete(iocb->bh);
442 iocb->bh = NULL;
443 qemu_aio_unref(iocb);
444 }
445
446 static void ide_issue_trim_cb(void *opaque, int ret)
447 {
448 TrimAIOCB *iocb = opaque;
449 IDEState *s = iocb->s;
450
451 if (iocb->i >= 0) {
452 if (ret >= 0) {
453 block_acct_done(blk_get_stats(s->blk), &s->acct);
454 } else {
455 block_acct_failed(blk_get_stats(s->blk), &s->acct);
456 }
457 }
458
459 if (ret >= 0) {
460 while (iocb->j < iocb->qiov->niov) {
461 int j = iocb->j;
462 while (++iocb->i < iocb->qiov->iov[j].iov_len / 8) {
463 int i = iocb->i;
464 uint64_t *buffer = iocb->qiov->iov[j].iov_base;
465
466 /* 6-byte LBA + 2-byte range per entry */
467 uint64_t entry = le64_to_cpu(buffer[i]);
468 uint64_t sector = entry & 0x0000ffffffffffffULL;
469 uint16_t count = entry >> 48;
470
471 if (count == 0) {
472 continue;
473 }
474
475 if (!ide_sect_range_ok(s, sector, count)) {
476 block_acct_invalid(blk_get_stats(s->blk), BLOCK_ACCT_UNMAP);
477 iocb->ret = -EINVAL;
478 goto done;
479 }
480
481 block_acct_start(blk_get_stats(s->blk), &s->acct,
482 count << BDRV_SECTOR_BITS, BLOCK_ACCT_UNMAP);
483
484 /* Got an entry! Submit and exit. */
485 iocb->aiocb = blk_aio_pdiscard(s->blk,
486 sector << BDRV_SECTOR_BITS,
487 count << BDRV_SECTOR_BITS,
488 ide_issue_trim_cb, opaque);
489 return;
490 }
491
492 iocb->j++;
493 iocb->i = -1;
494 }
495 } else {
496 iocb->ret = ret;
497 }
498
499 done:
500 iocb->aiocb = NULL;
501 if (iocb->bh) {
502 replay_bh_schedule_event(iocb->bh);
503 }
504 }
505
506 BlockAIOCB *ide_issue_trim(
507 int64_t offset, QEMUIOVector *qiov,
508 BlockCompletionFunc *cb, void *cb_opaque, void *opaque)
509 {
510 IDEState *s = opaque;
511 TrimAIOCB *iocb;
512
513 iocb = blk_aio_get(&trim_aiocb_info, s->blk, cb, cb_opaque);
514 iocb->s = s;
515 iocb->bh = qemu_bh_new(ide_trim_bh_cb, iocb);
516 iocb->ret = 0;
517 iocb->qiov = qiov;
518 iocb->i = -1;
519 iocb->j = 0;
520 ide_issue_trim_cb(iocb, 0);
521 return &iocb->common;
522 }
523
524 void ide_abort_command(IDEState *s)
525 {
526 ide_transfer_stop(s);
527 s->status = READY_STAT | ERR_STAT;
528 s->error = ABRT_ERR;
529 }
530
531 static void ide_set_retry(IDEState *s)
532 {
533 s->bus->retry_unit = s->unit;
534 s->bus->retry_sector_num = ide_get_sector(s);
535 s->bus->retry_nsector = s->nsector;
536 }
537
538 static void ide_clear_retry(IDEState *s)
539 {
540 s->bus->retry_unit = -1;
541 s->bus->retry_sector_num = 0;
542 s->bus->retry_nsector = 0;
543 }
544
545 /* prepare data transfer and tell what to do after */
546 bool ide_transfer_start_norecurse(IDEState *s, uint8_t *buf, int size,
547 EndTransferFunc *end_transfer_func)
548 {
549 s->data_ptr = buf;
550 s->data_end = buf + size;
551 ide_set_retry(s);
552 if (!(s->status & ERR_STAT)) {
553 s->status |= DRQ_STAT;
554 }
555 if (!s->bus->dma->ops->pio_transfer) {
556 s->end_transfer_func = end_transfer_func;
557 return false;
558 }
559 s->bus->dma->ops->pio_transfer(s->bus->dma);
560 return true;
561 }
562
563 void ide_transfer_start(IDEState *s, uint8_t *buf, int size,
564 EndTransferFunc *end_transfer_func)
565 {
566 if (ide_transfer_start_norecurse(s, buf, size, end_transfer_func)) {
567 end_transfer_func(s);
568 }
569 }
570
571 static void ide_cmd_done(IDEState *s)
572 {
573 if (s->bus->dma->ops->cmd_done) {
574 s->bus->dma->ops->cmd_done(s->bus->dma);
575 }
576 }
577
578 static void ide_transfer_halt(IDEState *s)
579 {
580 s->end_transfer_func = ide_transfer_stop;
581 s->data_ptr = s->io_buffer;
582 s->data_end = s->io_buffer;
583 s->status &= ~DRQ_STAT;
584 }
585
586 void ide_transfer_stop(IDEState *s)
587 {
588 ide_transfer_halt(s);
589 ide_cmd_done(s);
590 }
591
592 int64_t ide_get_sector(IDEState *s)
593 {
594 int64_t sector_num;
595 if (s->select & (ATA_DEV_LBA)) {
596 if (s->lba48) {
597 sector_num = ((int64_t)s->hob_hcyl << 40) |
598 ((int64_t) s->hob_lcyl << 32) |
599 ((int64_t) s->hob_sector << 24) |
600 ((int64_t) s->hcyl << 16) |
601 ((int64_t) s->lcyl << 8) | s->sector;
602 } else {
603 /* LBA28 */
604 sector_num = ((s->select & (ATA_DEV_LBA_MSB)) << 24) |
605 (s->hcyl << 16) | (s->lcyl << 8) | s->sector;
606 }
607 } else {
608 /* CHS */
609 sector_num = ((s->hcyl << 8) | s->lcyl) * s->heads * s->sectors +
610 (s->select & (ATA_DEV_HS)) * s->sectors + (s->sector - 1);
611 }
612
613 return sector_num;
614 }
615
616 void ide_set_sector(IDEState *s, int64_t sector_num)
617 {
618 unsigned int cyl, r;
619 if (s->select & (ATA_DEV_LBA)) {
620 if (s->lba48) {
621 s->sector = sector_num;
622 s->lcyl = sector_num >> 8;
623 s->hcyl = sector_num >> 16;
624 s->hob_sector = sector_num >> 24;
625 s->hob_lcyl = sector_num >> 32;
626 s->hob_hcyl = sector_num >> 40;
627 } else {
628 /* LBA28 */
629 s->select = (s->select & ~(ATA_DEV_LBA_MSB)) |
630 ((sector_num >> 24) & (ATA_DEV_LBA_MSB));
631 s->hcyl = (sector_num >> 16);
632 s->lcyl = (sector_num >> 8);
633 s->sector = (sector_num);
634 }
635 } else {
636 /* CHS */
637 cyl = sector_num / (s->heads * s->sectors);
638 r = sector_num % (s->heads * s->sectors);
639 s->hcyl = cyl >> 8;
640 s->lcyl = cyl;
641 s->select = (s->select & ~(ATA_DEV_HS)) |
642 ((r / s->sectors) & (ATA_DEV_HS));
643 s->sector = (r % s->sectors) + 1;
644 }
645 }
646
647 static void ide_rw_error(IDEState *s) {
648 ide_abort_command(s);
649 ide_set_irq(s->bus);
650 }
651
652 static void ide_buffered_readv_cb(void *opaque, int ret)
653 {
654 IDEBufferedRequest *req = opaque;
655 if (!req->orphaned) {
656 if (!ret) {
657 assert(req->qiov.size == req->original_qiov->size);
658 qemu_iovec_from_buf(req->original_qiov, 0,
659 req->qiov.local_iov.iov_base,
660 req->original_qiov->size);
661 }
662 req->original_cb(req->original_opaque, ret);
663 }
664 QLIST_REMOVE(req, list);
665 qemu_vfree(qemu_iovec_buf(&req->qiov));
666 g_free(req);
667 }
668
669 #define MAX_BUFFERED_REQS 16
670
671 BlockAIOCB *ide_buffered_readv(IDEState *s, int64_t sector_num,
672 QEMUIOVector *iov, int nb_sectors,
673 BlockCompletionFunc *cb, void *opaque)
674 {
675 BlockAIOCB *aioreq;
676 IDEBufferedRequest *req;
677 int c = 0;
678
679 QLIST_FOREACH(req, &s->buffered_requests, list) {
680 c++;
681 }
682 if (c > MAX_BUFFERED_REQS) {
683 return blk_abort_aio_request(s->blk, cb, opaque, -EIO);
684 }
685
686 req = g_new0(IDEBufferedRequest, 1);
687 req->original_qiov = iov;
688 req->original_cb = cb;
689 req->original_opaque = opaque;
690 qemu_iovec_init_buf(&req->qiov, blk_blockalign(s->blk, iov->size),
691 iov->size);
692
693 aioreq = blk_aio_preadv(s->blk, sector_num << BDRV_SECTOR_BITS,
694 &req->qiov, 0, ide_buffered_readv_cb, req);
695
696 QLIST_INSERT_HEAD(&s->buffered_requests, req, list);
697 return aioreq;
698 }
699
700 /**
701 * Cancel all pending DMA requests.
702 * Any buffered DMA requests are instantly canceled,
703 * but any pending unbuffered DMA requests must be waited on.
704 */
705 void ide_cancel_dma_sync(IDEState *s)
706 {
707 IDEBufferedRequest *req;
708
709 /* First invoke the callbacks of all buffered requests
710 * and flag those requests as orphaned. Ideally there
711 * are no unbuffered (Scatter Gather DMA Requests or
712 * write requests) pending and we can avoid to drain. */
713 QLIST_FOREACH(req, &s->buffered_requests, list) {
714 if (!req->orphaned) {
715 trace_ide_cancel_dma_sync_buffered(req->original_cb, req);
716 req->original_cb(req->original_opaque, -ECANCELED);
717 }
718 req->orphaned = true;
719 }
720
721 /*
722 * We can't cancel Scatter Gather DMA in the middle of the
723 * operation or a partial (not full) DMA transfer would reach
724 * the storage so we wait for completion instead (we behave
725 * like if the DMA was completed by the time the guest trying
726 * to cancel dma with bmdma_cmd_writeb with BM_CMD_START not
727 * set).
728 *
729 * In the future we'll be able to safely cancel the I/O if the
730 * whole DMA operation will be submitted to disk with a single
731 * aio operation with preadv/pwritev.
732 */
733 if (s->bus->dma->aiocb) {
734 trace_ide_cancel_dma_sync_remaining();
735 blk_drain(s->blk);
736 assert(s->bus->dma->aiocb == NULL);
737 }
738 }
739
740 static void ide_sector_read(IDEState *s);
741
742 static void ide_sector_read_cb(void *opaque, int ret)
743 {
744 IDEState *s = opaque;
745 int n;
746
747 s->pio_aiocb = NULL;
748 s->status &= ~BUSY_STAT;
749
750 if (ret != 0) {
751 if (ide_handle_rw_error(s, -ret, IDE_RETRY_PIO |
752 IDE_RETRY_READ)) {
753 return;
754 }
755 }
756
757 block_acct_done(blk_get_stats(s->blk), &s->acct);
758
759 n = s->nsector;
760 if (n > s->req_nb_sectors) {
761 n = s->req_nb_sectors;
762 }
763
764 ide_set_sector(s, ide_get_sector(s) + n);
765 s->nsector -= n;
766 /* Allow the guest to read the io_buffer */
767 ide_transfer_start(s, s->io_buffer, n * BDRV_SECTOR_SIZE, ide_sector_read);
768 ide_set_irq(s->bus);
769 }
770
771 static void ide_sector_read(IDEState *s)
772 {
773 int64_t sector_num;
774 int n;
775
776 s->status = READY_STAT | SEEK_STAT;
777 s->error = 0; /* not needed by IDE spec, but needed by Windows */
778 sector_num = ide_get_sector(s);
779 n = s->nsector;
780
781 if (n == 0) {
782 ide_transfer_stop(s);
783 return;
784 }
785
786 s->status |= BUSY_STAT;
787
788 if (n > s->req_nb_sectors) {
789 n = s->req_nb_sectors;
790 }
791
792 trace_ide_sector_read(sector_num, n);
793
794 if (!ide_sect_range_ok(s, sector_num, n)) {
795 ide_rw_error(s);
796 block_acct_invalid(blk_get_stats(s->blk), BLOCK_ACCT_READ);
797 return;
798 }
799
800 qemu_iovec_init_buf(&s->qiov, s->io_buffer, n * BDRV_SECTOR_SIZE);
801
802 block_acct_start(blk_get_stats(s->blk), &s->acct,
803 n * BDRV_SECTOR_SIZE, BLOCK_ACCT_READ);
804 s->pio_aiocb = ide_buffered_readv(s, sector_num, &s->qiov, n,
805 ide_sector_read_cb, s);
806 }
807
808 void dma_buf_commit(IDEState *s, uint32_t tx_bytes)
809 {
810 if (s->bus->dma->ops->commit_buf) {
811 s->bus->dma->ops->commit_buf(s->bus->dma, tx_bytes);
812 }
813 s->io_buffer_offset += tx_bytes;
814 qemu_sglist_destroy(&s->sg);
815 }
816
817 void ide_set_inactive(IDEState *s, bool more)
818 {
819 s->bus->dma->aiocb = NULL;
820 ide_clear_retry(s);
821 if (s->bus->dma->ops->set_inactive) {
822 s->bus->dma->ops->set_inactive(s->bus->dma, more);
823 }
824 ide_cmd_done(s);
825 }
826
827 void ide_dma_error(IDEState *s)
828 {
829 dma_buf_commit(s, 0);
830 ide_abort_command(s);
831 ide_set_inactive(s, false);
832 ide_set_irq(s->bus);
833 }
834
835 int ide_handle_rw_error(IDEState *s, int error, int op)
836 {
837 bool is_read = (op & IDE_RETRY_READ) != 0;
838 BlockErrorAction action = blk_get_error_action(s->blk, is_read, error);
839
840 if (action == BLOCK_ERROR_ACTION_STOP) {
841 assert(s->bus->retry_unit == s->unit);
842 s->bus->error_status = op;
843 } else if (action == BLOCK_ERROR_ACTION_REPORT) {
844 block_acct_failed(blk_get_stats(s->blk), &s->acct);
845 if (IS_IDE_RETRY_DMA(op)) {
846 ide_dma_error(s);
847 } else if (IS_IDE_RETRY_ATAPI(op)) {
848 ide_atapi_io_error(s, -error);
849 } else {
850 ide_rw_error(s);
851 }
852 }
853 blk_error_action(s->blk, action, is_read, error);
854 return action != BLOCK_ERROR_ACTION_IGNORE;
855 }
856
857 static void ide_dma_cb(void *opaque, int ret)
858 {
859 IDEState *s = opaque;
860 int n;
861 int64_t sector_num;
862 uint64_t offset;
863 bool stay_active = false;
864 int32_t prep_size = 0;
865
866 if (ret == -EINVAL) {
867 ide_dma_error(s);
868 return;
869 }
870
871 if (ret < 0) {
872 if (ide_handle_rw_error(s, -ret, ide_dma_cmd_to_retry(s->dma_cmd))) {
873 s->bus->dma->aiocb = NULL;
874 dma_buf_commit(s, 0);
875 return;
876 }
877 }
878
879 if (s->io_buffer_size > s->nsector * 512) {
880 /*
881 * The PRDs were longer than needed for this request.
882 * The Active bit must remain set after the request completes.
883 */
884 n = s->nsector;
885 stay_active = true;
886 } else {
887 n = s->io_buffer_size >> 9;
888 }
889
890 sector_num = ide_get_sector(s);
891 if (n > 0) {
892 assert(n * 512 == s->sg.size);
893 dma_buf_commit(s, s->sg.size);
894 sector_num += n;
895 ide_set_sector(s, sector_num);
896 s->nsector -= n;
897 }
898
899 /* end of transfer ? */
900 if (s->nsector == 0) {
901 s->status = READY_STAT | SEEK_STAT;
902 ide_set_irq(s->bus);
903 goto eot;
904 }
905
906 /* launch next transfer */
907 n = s->nsector;
908 s->io_buffer_index = 0;
909 s->io_buffer_size = n * 512;
910 prep_size = s->bus->dma->ops->prepare_buf(s->bus->dma, s->io_buffer_size);
911 /* prepare_buf() must succeed and respect the limit */
912 assert(prep_size >= 0 && prep_size <= n * 512);
913
914 /*
915 * Now prep_size stores the number of bytes in the sglist, and
916 * s->io_buffer_size stores the number of bytes described by the PRDs.
917 */
918
919 if (prep_size < n * 512) {
920 /*
921 * The PRDs are too short for this request. Error condition!
922 * Reset the Active bit and don't raise the interrupt.
923 */
924 s->status = READY_STAT | SEEK_STAT;
925 dma_buf_commit(s, 0);
926 goto eot;
927 }
928
929 trace_ide_dma_cb(s, sector_num, n, IDE_DMA_CMD_str(s->dma_cmd));
930
931 if ((s->dma_cmd == IDE_DMA_READ || s->dma_cmd == IDE_DMA_WRITE) &&
932 !ide_sect_range_ok(s, sector_num, n)) {
933 ide_dma_error(s);
934 block_acct_invalid(blk_get_stats(s->blk), s->acct.type);
935 return;
936 }
937
938 offset = sector_num << BDRV_SECTOR_BITS;
939 switch (s->dma_cmd) {
940 case IDE_DMA_READ:
941 s->bus->dma->aiocb = dma_blk_read(s->blk, &s->sg, offset,
942 BDRV_SECTOR_SIZE, ide_dma_cb, s);
943 break;
944 case IDE_DMA_WRITE:
945 s->bus->dma->aiocb = dma_blk_write(s->blk, &s->sg, offset,
946 BDRV_SECTOR_SIZE, ide_dma_cb, s);
947 break;
948 case IDE_DMA_TRIM:
949 s->bus->dma->aiocb = dma_blk_io(blk_get_aio_context(s->blk),
950 &s->sg, offset, BDRV_SECTOR_SIZE,
951 ide_issue_trim, s, ide_dma_cb, s,
952 DMA_DIRECTION_TO_DEVICE);
953 break;
954 default:
955 abort();
956 }
957 return;
958
959 eot:
960 if (s->dma_cmd == IDE_DMA_READ || s->dma_cmd == IDE_DMA_WRITE) {
961 block_acct_done(blk_get_stats(s->blk), &s->acct);
962 }
963 ide_set_inactive(s, stay_active);
964 }
965
966 static void ide_sector_start_dma(IDEState *s, enum ide_dma_cmd dma_cmd)
967 {
968 s->status = READY_STAT | SEEK_STAT | DRQ_STAT;
969 s->io_buffer_size = 0;
970 s->dma_cmd = dma_cmd;
971
972 switch (dma_cmd) {
973 case IDE_DMA_READ:
974 block_acct_start(blk_get_stats(s->blk), &s->acct,
975 s->nsector * BDRV_SECTOR_SIZE, BLOCK_ACCT_READ);
976 break;
977 case IDE_DMA_WRITE:
978 block_acct_start(blk_get_stats(s->blk), &s->acct,
979 s->nsector * BDRV_SECTOR_SIZE, BLOCK_ACCT_WRITE);
980 break;
981 default:
982 break;
983 }
984
985 ide_start_dma(s, ide_dma_cb);
986 }
987
988 void ide_start_dma(IDEState *s, BlockCompletionFunc *cb)
989 {
990 s->io_buffer_index = 0;
991 ide_set_retry(s);
992 if (s->bus->dma->ops->start_dma) {
993 s->bus->dma->ops->start_dma(s->bus->dma, s, cb);
994 }
995 }
996
997 static void ide_sector_write(IDEState *s);
998
999 static void ide_sector_write_timer_cb(void *opaque)
1000 {
1001 IDEState *s = opaque;
1002 ide_set_irq(s->bus);
1003 }
1004
1005 static void ide_sector_write_cb(void *opaque, int ret)
1006 {
1007 IDEState *s = opaque;
1008 int n;
1009
1010 s->pio_aiocb = NULL;
1011 s->status &= ~BUSY_STAT;
1012
1013 if (ret != 0) {
1014 if (ide_handle_rw_error(s, -ret, IDE_RETRY_PIO)) {
1015 return;
1016 }
1017 }
1018
1019 block_acct_done(blk_get_stats(s->blk), &s->acct);
1020
1021 n = s->nsector;
1022 if (n > s->req_nb_sectors) {
1023 n = s->req_nb_sectors;
1024 }
1025 s->nsector -= n;
1026
1027 ide_set_sector(s, ide_get_sector(s) + n);
1028 if (s->nsector == 0) {
1029 /* no more sectors to write */
1030 ide_transfer_stop(s);
1031 } else {
1032 int n1 = s->nsector;
1033 if (n1 > s->req_nb_sectors) {
1034 n1 = s->req_nb_sectors;
1035 }
1036 ide_transfer_start(s, s->io_buffer, n1 * BDRV_SECTOR_SIZE,
1037 ide_sector_write);
1038 }
1039
1040 if (win2k_install_hack && ((++s->irq_count % 16) == 0)) {
1041 /* It seems there is a bug in the Windows 2000 installer HDD
1042 IDE driver which fills the disk with empty logs when the
1043 IDE write IRQ comes too early. This hack tries to correct
1044 that at the expense of slower write performances. Use this
1045 option _only_ to install Windows 2000. You must disable it
1046 for normal use. */
1047 timer_mod(s->sector_write_timer, qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL) +
1048 (NANOSECONDS_PER_SECOND / 1000));
1049 } else {
1050 ide_set_irq(s->bus);
1051 }
1052 }
1053
1054 static void ide_sector_write(IDEState *s)
1055 {
1056 int64_t sector_num;
1057 int n;
1058
1059 s->status = READY_STAT | SEEK_STAT | BUSY_STAT;
1060 sector_num = ide_get_sector(s);
1061
1062 n = s->nsector;
1063 if (n > s->req_nb_sectors) {
1064 n = s->req_nb_sectors;
1065 }
1066
1067 trace_ide_sector_write(sector_num, n);
1068
1069 if (!ide_sect_range_ok(s, sector_num, n)) {
1070 ide_rw_error(s);
1071 block_acct_invalid(blk_get_stats(s->blk), BLOCK_ACCT_WRITE);
1072 return;
1073 }
1074
1075 qemu_iovec_init_buf(&s->qiov, s->io_buffer, n * BDRV_SECTOR_SIZE);
1076
1077 block_acct_start(blk_get_stats(s->blk), &s->acct,
1078 n * BDRV_SECTOR_SIZE, BLOCK_ACCT_WRITE);
1079 s->pio_aiocb = blk_aio_pwritev(s->blk, sector_num << BDRV_SECTOR_BITS,
1080 &s->qiov, 0, ide_sector_write_cb, s);
1081 }
1082
1083 static void ide_flush_cb(void *opaque, int ret)
1084 {
1085 IDEState *s = opaque;
1086
1087 s->pio_aiocb = NULL;
1088
1089 if (ret < 0) {
1090 /* XXX: What sector number to set here? */
1091 if (ide_handle_rw_error(s, -ret, IDE_RETRY_FLUSH)) {
1092 return;
1093 }
1094 }
1095
1096 if (s->blk) {
1097 block_acct_done(blk_get_stats(s->blk), &s->acct);
1098 }
1099 s->status = READY_STAT | SEEK_STAT;
1100 ide_cmd_done(s);
1101 ide_set_irq(s->bus);
1102 }
1103
1104 static void ide_flush_cache(IDEState *s)
1105 {
1106 if (s->blk == NULL) {
1107 ide_flush_cb(s, 0);
1108 return;
1109 }
1110
1111 s->status |= BUSY_STAT;
1112 ide_set_retry(s);
1113 block_acct_start(blk_get_stats(s->blk), &s->acct, 0, BLOCK_ACCT_FLUSH);
1114 s->pio_aiocb = blk_aio_flush(s->blk, ide_flush_cb, s);
1115 }
1116
1117 static void ide_cfata_metadata_inquiry(IDEState *s)
1118 {
1119 uint16_t *p;
1120 uint32_t spd;
1121
1122 p = (uint16_t *) s->io_buffer;
1123 memset(p, 0, 0x200);
1124 spd = ((s->mdata_size - 1) >> 9) + 1;
1125
1126 put_le16(p + 0, 0x0001); /* Data format revision */
1127 put_le16(p + 1, 0x0000); /* Media property: silicon */
1128 put_le16(p + 2, s->media_changed); /* Media status */
1129 put_le16(p + 3, s->mdata_size & 0xffff); /* Capacity in bytes (low) */
1130 put_le16(p + 4, s->mdata_size >> 16); /* Capacity in bytes (high) */
1131 put_le16(p + 5, spd & 0xffff); /* Sectors per device (low) */
1132 put_le16(p + 6, spd >> 16); /* Sectors per device (high) */
1133 }
1134
1135 static void ide_cfata_metadata_read(IDEState *s)
1136 {
1137 uint16_t *p;
1138
1139 if (((s->hcyl << 16) | s->lcyl) << 9 > s->mdata_size + 2) {
1140 s->status = ERR_STAT;
1141 s->error = ABRT_ERR;
1142 return;
1143 }
1144
1145 p = (uint16_t *) s->io_buffer;
1146 memset(p, 0, 0x200);
1147
1148 put_le16(p + 0, s->media_changed); /* Media status */
1149 memcpy(p + 1, s->mdata_storage + (((s->hcyl << 16) | s->lcyl) << 9),
1150 MIN(MIN(s->mdata_size - (((s->hcyl << 16) | s->lcyl) << 9),
1151 s->nsector << 9), 0x200 - 2));
1152 }
1153
1154 static void ide_cfata_metadata_write(IDEState *s)
1155 {
1156 if (((s->hcyl << 16) | s->lcyl) << 9 > s->mdata_size + 2) {
1157 s->status = ERR_STAT;
1158 s->error = ABRT_ERR;
1159 return;
1160 }
1161
1162 s->media_changed = 0;
1163
1164 memcpy(s->mdata_storage + (((s->hcyl << 16) | s->lcyl) << 9),
1165 s->io_buffer + 2,
1166 MIN(MIN(s->mdata_size - (((s->hcyl << 16) | s->lcyl) << 9),
1167 s->nsector << 9), 0x200 - 2));
1168 }
1169
1170 /* called when the inserted state of the media has changed */
1171 static void ide_cd_change_cb(void *opaque, bool load, Error **errp)
1172 {
1173 IDEState *s = opaque;
1174 uint64_t nb_sectors;
1175
1176 s->tray_open = !load;
1177 blk_get_geometry(s->blk, &nb_sectors);
1178 s->nb_sectors = nb_sectors;
1179
1180 /*
1181 * First indicate to the guest that a CD has been removed. That's
1182 * done on the next command the guest sends us.
1183 *
1184 * Then we set UNIT_ATTENTION, by which the guest will
1185 * detect a new CD in the drive. See ide_atapi_cmd() for details.
1186 */
1187 s->cdrom_changed = 1;
1188 s->events.new_media = true;
1189 s->events.eject_request = false;
1190 ide_set_irq(s->bus);
1191 }
1192
1193 static void ide_cd_eject_request_cb(void *opaque, bool force)
1194 {
1195 IDEState *s = opaque;
1196
1197 s->events.eject_request = true;
1198 if (force) {
1199 s->tray_locked = false;
1200 }
1201 ide_set_irq(s->bus);
1202 }
1203
1204 static void ide_cmd_lba48_transform(IDEState *s, int lba48)
1205 {
1206 s->lba48 = lba48;
1207
1208 /* handle the 'magic' 0 nsector count conversion here. to avoid
1209 * fiddling with the rest of the read logic, we just store the
1210 * full sector count in ->nsector and ignore ->hob_nsector from now
1211 */
1212 if (!s->lba48) {
1213 if (!s->nsector)
1214 s->nsector = 256;
1215 } else {
1216 if (!s->nsector && !s->hob_nsector)
1217 s->nsector = 65536;
1218 else {
1219 int lo = s->nsector;
1220 int hi = s->hob_nsector;
1221
1222 s->nsector = (hi << 8) | lo;
1223 }
1224 }
1225 }
1226
1227 static void ide_clear_hob(IDEBus *bus)
1228 {
1229 /* any write clears HOB high bit of device control register */
1230 bus->cmd &= ~(IDE_CTRL_HOB);
1231 }
1232
1233 /* IOport [W]rite [R]egisters */
1234 enum ATA_IOPORT_WR {
1235 ATA_IOPORT_WR_DATA = 0,
1236 ATA_IOPORT_WR_FEATURES = 1,
1237 ATA_IOPORT_WR_SECTOR_COUNT = 2,
1238 ATA_IOPORT_WR_SECTOR_NUMBER = 3,
1239 ATA_IOPORT_WR_CYLINDER_LOW = 4,
1240 ATA_IOPORT_WR_CYLINDER_HIGH = 5,
1241 ATA_IOPORT_WR_DEVICE_HEAD = 6,
1242 ATA_IOPORT_WR_COMMAND = 7,
1243 ATA_IOPORT_WR_NUM_REGISTERS,
1244 };
1245
1246 const char *ATA_IOPORT_WR_lookup[ATA_IOPORT_WR_NUM_REGISTERS] = {
1247 [ATA_IOPORT_WR_DATA] = "Data",
1248 [ATA_IOPORT_WR_FEATURES] = "Features",
1249 [ATA_IOPORT_WR_SECTOR_COUNT] = "Sector Count",
1250 [ATA_IOPORT_WR_SECTOR_NUMBER] = "Sector Number",
1251 [ATA_IOPORT_WR_CYLINDER_LOW] = "Cylinder Low",
1252 [ATA_IOPORT_WR_CYLINDER_HIGH] = "Cylinder High",
1253 [ATA_IOPORT_WR_DEVICE_HEAD] = "Device/Head",
1254 [ATA_IOPORT_WR_COMMAND] = "Command"
1255 };
1256
1257 void ide_ioport_write(void *opaque, uint32_t addr, uint32_t val)
1258 {
1259 IDEBus *bus = opaque;
1260 IDEState *s = idebus_active_if(bus);
1261 int reg_num = addr & 7;
1262
1263 trace_ide_ioport_write(addr, ATA_IOPORT_WR_lookup[reg_num], val, bus, s);
1264
1265 /* ignore writes to command block while busy with previous command */
1266 if (reg_num != 7 && (s->status & (BUSY_STAT|DRQ_STAT))) {
1267 return;
1268 }
1269
1270 /* NOTE: Device0 and Device1 both receive incoming register writes.
1271 * (They're on the same bus! They have to!) */
1272
1273 switch (reg_num) {
1274 case 0:
1275 break;
1276 case ATA_IOPORT_WR_FEATURES:
1277 ide_clear_hob(bus);
1278 bus->ifs[0].hob_feature = bus->ifs[0].feature;
1279 bus->ifs[1].hob_feature = bus->ifs[1].feature;
1280 bus->ifs[0].feature = val;
1281 bus->ifs[1].feature = val;
1282 break;
1283 case ATA_IOPORT_WR_SECTOR_COUNT:
1284 ide_clear_hob(bus);
1285 bus->ifs[0].hob_nsector = bus->ifs[0].nsector;
1286 bus->ifs[1].hob_nsector = bus->ifs[1].nsector;
1287 bus->ifs[0].nsector = val;
1288 bus->ifs[1].nsector = val;
1289 break;
1290 case ATA_IOPORT_WR_SECTOR_NUMBER:
1291 ide_clear_hob(bus);
1292 bus->ifs[0].hob_sector = bus->ifs[0].sector;
1293 bus->ifs[1].hob_sector = bus->ifs[1].sector;
1294 bus->ifs[0].sector = val;
1295 bus->ifs[1].sector = val;
1296 break;
1297 case ATA_IOPORT_WR_CYLINDER_LOW:
1298 ide_clear_hob(bus);
1299 bus->ifs[0].hob_lcyl = bus->ifs[0].lcyl;
1300 bus->ifs[1].hob_lcyl = bus->ifs[1].lcyl;
1301 bus->ifs[0].lcyl = val;
1302 bus->ifs[1].lcyl = val;
1303 break;
1304 case ATA_IOPORT_WR_CYLINDER_HIGH:
1305 ide_clear_hob(bus);
1306 bus->ifs[0].hob_hcyl = bus->ifs[0].hcyl;
1307 bus->ifs[1].hob_hcyl = bus->ifs[1].hcyl;
1308 bus->ifs[0].hcyl = val;
1309 bus->ifs[1].hcyl = val;
1310 break;
1311 case ATA_IOPORT_WR_DEVICE_HEAD:
1312 ide_clear_hob(bus);
1313 bus->ifs[0].select = val | (ATA_DEV_ALWAYS_ON);
1314 bus->ifs[1].select = val | (ATA_DEV_ALWAYS_ON);
1315 /* select drive */
1316 bus->unit = (val & (ATA_DEV_SELECT)) ? 1 : 0;
1317 break;
1318 default:
1319 case ATA_IOPORT_WR_COMMAND:
1320 ide_clear_hob(bus);
1321 qemu_irq_lower(bus->irq);
1322 ide_exec_cmd(bus, val);
1323 break;
1324 }
1325 }
1326
1327 static void ide_reset(IDEState *s)
1328 {
1329 trace_ide_reset(s);
1330
1331 if (s->pio_aiocb) {
1332 blk_aio_cancel(s->pio_aiocb);
1333 s->pio_aiocb = NULL;
1334 }
1335
1336 if (s->drive_kind == IDE_CFATA)
1337 s->mult_sectors = 0;
1338 else
1339 s->mult_sectors = MAX_MULT_SECTORS;
1340 /* ide regs */
1341 s->feature = 0;
1342 s->error = 0;
1343 s->nsector = 0;
1344 s->sector = 0;
1345 s->lcyl = 0;
1346 s->hcyl = 0;
1347
1348 /* lba48 */
1349 s->hob_feature = 0;
1350 s->hob_sector = 0;
1351 s->hob_nsector = 0;
1352 s->hob_lcyl = 0;
1353 s->hob_hcyl = 0;
1354
1355 s->select = (ATA_DEV_ALWAYS_ON);
1356 s->status = READY_STAT | SEEK_STAT;
1357
1358 s->lba48 = 0;
1359
1360 /* ATAPI specific */
1361 s->sense_key = 0;
1362 s->asc = 0;
1363 s->cdrom_changed = 0;
1364 s->packet_transfer_size = 0;
1365 s->elementary_transfer_size = 0;
1366 s->io_buffer_index = 0;
1367 s->cd_sector_size = 0;
1368 s->atapi_dma = 0;
1369 s->tray_locked = 0;
1370 s->tray_open = 0;
1371 /* ATA DMA state */
1372 s->io_buffer_size = 0;
1373 s->req_nb_sectors = 0;
1374
1375 ide_set_signature(s);
1376 /* init the transfer handler so that 0xffff is returned on data
1377 accesses */
1378 s->end_transfer_func = ide_dummy_transfer_stop;
1379 ide_dummy_transfer_stop(s);
1380 s->media_changed = 0;
1381 }
1382
1383 static bool cmd_nop(IDEState *s, uint8_t cmd)
1384 {
1385 return true;
1386 }
1387
1388 static bool cmd_device_reset(IDEState *s, uint8_t cmd)
1389 {
1390 /* Halt PIO (in the DRQ phase), then DMA */
1391 ide_transfer_halt(s);
1392 ide_cancel_dma_sync(s);
1393
1394 /* Reset any PIO commands, reset signature, etc */
1395 ide_reset(s);
1396
1397 /* RESET: ATA8-ACS3 7.10.4 "Normal Outputs";
1398 * ATA8-ACS3 Table 184 "Device Signatures for Normal Output" */
1399 s->status = 0x00;
1400
1401 /* Do not overwrite status register */
1402 return false;
1403 }
1404
1405 static bool cmd_data_set_management(IDEState *s, uint8_t cmd)
1406 {
1407 switch (s->feature) {
1408 case DSM_TRIM:
1409 if (s->blk) {
1410 ide_sector_start_dma(s, IDE_DMA_TRIM);
1411 return false;
1412 }
1413 break;
1414 }
1415
1416 ide_abort_command(s);
1417 return true;
1418 }
1419
1420 static bool cmd_identify(IDEState *s, uint8_t cmd)
1421 {
1422 if (s->blk && s->drive_kind != IDE_CD) {
1423 if (s->drive_kind != IDE_CFATA) {
1424 ide_identify(s);
1425 } else {
1426 ide_cfata_identify(s);
1427 }
1428 s->status = READY_STAT | SEEK_STAT;
1429 ide_transfer_start(s, s->io_buffer, 512, ide_transfer_stop);
1430 ide_set_irq(s->bus);
1431 return false;
1432 } else {
1433 if (s->drive_kind == IDE_CD) {
1434 ide_set_signature(s);
1435 }
1436 ide_abort_command(s);
1437 }
1438
1439 return true;
1440 }
1441
1442 static bool cmd_verify(IDEState *s, uint8_t cmd)
1443 {
1444 bool lba48 = (cmd == WIN_VERIFY_EXT);
1445
1446 /* do sector number check ? */
1447 ide_cmd_lba48_transform(s, lba48);
1448
1449 return true;
1450 }
1451
1452 static bool cmd_set_multiple_mode(IDEState *s, uint8_t cmd)
1453 {
1454 if (s->drive_kind == IDE_CFATA && s->nsector == 0) {
1455 /* Disable Read and Write Multiple */
1456 s->mult_sectors = 0;
1457 } else if ((s->nsector & 0xff) != 0 &&
1458 ((s->nsector & 0xff) > MAX_MULT_SECTORS ||
1459 (s->nsector & (s->nsector - 1)) != 0)) {
1460 ide_abort_command(s);
1461 } else {
1462 s->mult_sectors = s->nsector & 0xff;
1463 }
1464
1465 return true;
1466 }
1467
1468 static bool cmd_read_multiple(IDEState *s, uint8_t cmd)
1469 {
1470 bool lba48 = (cmd == WIN_MULTREAD_EXT);
1471
1472 if (!s->blk || !s->mult_sectors) {
1473 ide_abort_command(s);
1474 return true;
1475 }
1476
1477 ide_cmd_lba48_transform(s, lba48);
1478 s->req_nb_sectors = s->mult_sectors;
1479 ide_sector_read(s);
1480 return false;
1481 }
1482
1483 static bool cmd_write_multiple(IDEState *s, uint8_t cmd)
1484 {
1485 bool lba48 = (cmd == WIN_MULTWRITE_EXT);
1486 int n;
1487
1488 if (!s->blk || !s->mult_sectors) {
1489 ide_abort_command(s);
1490 return true;
1491 }
1492
1493 ide_cmd_lba48_transform(s, lba48);
1494
1495 s->req_nb_sectors = s->mult_sectors;
1496 n = MIN(s->nsector, s->req_nb_sectors);
1497
1498 s->status = SEEK_STAT | READY_STAT;
1499 ide_transfer_start(s, s->io_buffer, 512 * n, ide_sector_write);
1500
1501 s->media_changed = 1;
1502
1503 return false;
1504 }
1505
1506 static bool cmd_read_pio(IDEState *s, uint8_t cmd)
1507 {
1508 bool lba48 = (cmd == WIN_READ_EXT);
1509
1510 if (s->drive_kind == IDE_CD) {
1511 ide_set_signature(s); /* odd, but ATA4 8.27.5.2 requires it */
1512 ide_abort_command(s);
1513 return true;
1514 }
1515
1516 if (!s->blk) {
1517 ide_abort_command(s);
1518 return true;
1519 }
1520
1521 ide_cmd_lba48_transform(s, lba48);
1522 s->req_nb_sectors = 1;
1523 ide_sector_read(s);
1524
1525 return false;
1526 }
1527
1528 static bool cmd_write_pio(IDEState *s, uint8_t cmd)
1529 {
1530 bool lba48 = (cmd == WIN_WRITE_EXT);
1531
1532 if (!s->blk) {
1533 ide_abort_command(s);
1534 return true;
1535 }
1536
1537 ide_cmd_lba48_transform(s, lba48);
1538
1539 s->req_nb_sectors = 1;
1540 s->status = SEEK_STAT | READY_STAT;
1541 ide_transfer_start(s, s->io_buffer, 512, ide_sector_write);
1542
1543 s->media_changed = 1;
1544
1545 return false;
1546 }
1547
1548 static bool cmd_read_dma(IDEState *s, uint8_t cmd)
1549 {
1550 bool lba48 = (cmd == WIN_READDMA_EXT);
1551
1552 if (!s->blk) {
1553 ide_abort_command(s);
1554 return true;
1555 }
1556
1557 ide_cmd_lba48_transform(s, lba48);
1558 ide_sector_start_dma(s, IDE_DMA_READ);
1559
1560 return false;
1561 }
1562
1563 static bool cmd_write_dma(IDEState *s, uint8_t cmd)
1564 {
1565 bool lba48 = (cmd == WIN_WRITEDMA_EXT);
1566
1567 if (!s->blk) {
1568 ide_abort_command(s);
1569 return true;
1570 }
1571
1572 ide_cmd_lba48_transform(s, lba48);
1573 ide_sector_start_dma(s, IDE_DMA_WRITE);
1574
1575 s->media_changed = 1;
1576
1577 return false;
1578 }
1579
1580 static bool cmd_flush_cache(IDEState *s, uint8_t cmd)
1581 {
1582 ide_flush_cache(s);
1583 return false;
1584 }
1585
1586 static bool cmd_seek(IDEState *s, uint8_t cmd)
1587 {
1588 /* XXX: Check that seek is within bounds */
1589 return true;
1590 }
1591
1592 static bool cmd_read_native_max(IDEState *s, uint8_t cmd)
1593 {
1594 bool lba48 = (cmd == WIN_READ_NATIVE_MAX_EXT);
1595
1596 /* Refuse if no sectors are addressable (e.g. medium not inserted) */
1597 if (s->nb_sectors == 0) {
1598 ide_abort_command(s);
1599 return true;
1600 }
1601
1602 ide_cmd_lba48_transform(s, lba48);
1603 ide_set_sector(s, s->nb_sectors - 1);
1604
1605 return true;
1606 }
1607
1608 static bool cmd_check_power_mode(IDEState *s, uint8_t cmd)
1609 {
1610 s->nsector = 0xff; /* device active or idle */
1611 return true;
1612 }
1613
1614 static bool cmd_set_features(IDEState *s, uint8_t cmd)
1615 {
1616 uint16_t *identify_data;
1617
1618 if (!s->blk) {
1619 ide_abort_command(s);
1620 return true;
1621 }
1622
1623 /* XXX: valid for CDROM ? */
1624 switch (s->feature) {
1625 case 0x02: /* write cache enable */
1626 blk_set_enable_write_cache(s->blk, true);
1627 identify_data = (uint16_t *)s->identify_data;
1628 put_le16(identify_data + 85, (1 << 14) | (1 << 5) | 1);
1629 return true;
1630 case 0x82: /* write cache disable */
1631 blk_set_enable_write_cache(s->blk, false);
1632 identify_data = (uint16_t *)s->identify_data;
1633 put_le16(identify_data + 85, (1 << 14) | 1);
1634 ide_flush_cache(s);
1635 return false;
1636 case 0xcc: /* reverting to power-on defaults enable */
1637 case 0x66: /* reverting to power-on defaults disable */
1638 case 0xaa: /* read look-ahead enable */
1639 case 0x55: /* read look-ahead disable */
1640 case 0x05: /* set advanced power management mode */
1641 case 0x85: /* disable advanced power management mode */
1642 case 0x69: /* NOP */
1643 case 0x67: /* NOP */
1644 case 0x96: /* NOP */
1645 case 0x9a: /* NOP */
1646 case 0x42: /* enable Automatic Acoustic Mode */
1647 case 0xc2: /* disable Automatic Acoustic Mode */
1648 return true;
1649 case 0x03: /* set transfer mode */
1650 {
1651 uint8_t val = s->nsector & 0x07;
1652 identify_data = (uint16_t *)s->identify_data;
1653
1654 switch (s->nsector >> 3) {
1655 case 0x00: /* pio default */
1656 case 0x01: /* pio mode */
1657 put_le16(identify_data + 62, 0x07);
1658 put_le16(identify_data + 63, 0x07);
1659 put_le16(identify_data + 88, 0x3f);
1660 break;
1661 case 0x02: /* sigle word dma mode*/
1662 put_le16(identify_data + 62, 0x07 | (1 << (val + 8)));
1663 put_le16(identify_data + 63, 0x07);
1664 put_le16(identify_data + 88, 0x3f);
1665 break;
1666 case 0x04: /* mdma mode */
1667 put_le16(identify_data + 62, 0x07);
1668 put_le16(identify_data + 63, 0x07 | (1 << (val + 8)));
1669 put_le16(identify_data + 88, 0x3f);
1670 break;
1671 case 0x08: /* udma mode */
1672 put_le16(identify_data + 62, 0x07);
1673 put_le16(identify_data + 63, 0x07);
1674 put_le16(identify_data + 88, 0x3f | (1 << (val + 8)));
1675 break;
1676 default:
1677 goto abort_cmd;
1678 }
1679 return true;
1680 }
1681 }
1682
1683 abort_cmd:
1684 ide_abort_command(s);
1685 return true;
1686 }
1687
1688
1689 /*** ATAPI commands ***/
1690
1691 static bool cmd_identify_packet(IDEState *s, uint8_t cmd)
1692 {
1693 ide_atapi_identify(s);
1694 s->status = READY_STAT | SEEK_STAT;
1695 ide_transfer_start(s, s->io_buffer, 512, ide_transfer_stop);
1696 ide_set_irq(s->bus);
1697 return false;
1698 }
1699
1700 static bool cmd_exec_dev_diagnostic(IDEState *s, uint8_t cmd)
1701 {
1702 ide_set_signature(s);
1703
1704 if (s->drive_kind == IDE_CD) {
1705 s->status = 0; /* ATAPI spec (v6) section 9.10 defines packet
1706 * devices to return a clear status register
1707 * with READY_STAT *not* set. */
1708 s->error = 0x01;
1709 } else {
1710 s->status = READY_STAT | SEEK_STAT;
1711 /* The bits of the error register are not as usual for this command!
1712 * They are part of the regular output (this is why ERR_STAT isn't set)
1713 * Device 0 passed, Device 1 passed or not present. */
1714 s->error = 0x01;
1715 ide_set_irq(s->bus);
1716 }
1717
1718 return false;
1719 }
1720
1721 static bool cmd_packet(IDEState *s, uint8_t cmd)
1722 {
1723 /* overlapping commands not supported */
1724 if (s->feature & 0x02) {
1725 ide_abort_command(s);
1726 return true;
1727 }
1728
1729 s->status = READY_STAT | SEEK_STAT;
1730 s->atapi_dma = s->feature & 1;
1731 if (s->atapi_dma) {
1732 s->dma_cmd = IDE_DMA_ATAPI;
1733 }
1734 s->nsector = 1;
1735 ide_transfer_start(s, s->io_buffer, ATAPI_PACKET_SIZE,
1736 ide_atapi_cmd);
1737 return false;
1738 }
1739
1740
1741 /*** CF-ATA commands ***/
1742
1743 static bool cmd_cfa_req_ext_error_code(IDEState *s, uint8_t cmd)
1744 {
1745 s->error = 0x09; /* miscellaneous error */
1746 s->status = READY_STAT | SEEK_STAT;
1747 ide_set_irq(s->bus);
1748
1749 return false;
1750 }
1751
1752 static bool cmd_cfa_erase_sectors(IDEState *s, uint8_t cmd)
1753 {
1754 /* WIN_SECURITY_FREEZE_LOCK has the same ID as CFA_WEAR_LEVEL and is
1755 * required for Windows 8 to work with AHCI */
1756
1757 if (cmd == CFA_WEAR_LEVEL) {
1758 s->nsector = 0;
1759 }
1760
1761 if (cmd == CFA_ERASE_SECTORS) {
1762 s->media_changed = 1;
1763 }
1764
1765 return true;
1766 }
1767
1768 static bool cmd_cfa_translate_sector(IDEState *s, uint8_t cmd)
1769 {
1770 s->status = READY_STAT | SEEK_STAT;
1771
1772 memset(s->io_buffer, 0, 0x200);
1773 s->io_buffer[0x00] = s->hcyl; /* Cyl MSB */
1774 s->io_buffer[0x01] = s->lcyl; /* Cyl LSB */
1775 s->io_buffer[0x02] = s->select; /* Head */
1776 s->io_buffer[0x03] = s->sector; /* Sector */
1777 s->io_buffer[0x04] = ide_get_sector(s) >> 16; /* LBA MSB */
1778 s->io_buffer[0x05] = ide_get_sector(s) >> 8; /* LBA */
1779 s->io_buffer[0x06] = ide_get_sector(s) >> 0; /* LBA LSB */
1780 s->io_buffer[0x13] = 0x00; /* Erase flag */
1781 s->io_buffer[0x18] = 0x00; /* Hot count */
1782 s->io_buffer[0x19] = 0x00; /* Hot count */
1783 s->io_buffer[0x1a] = 0x01; /* Hot count */
1784
1785 ide_transfer_start(s, s->io_buffer, 0x200, ide_transfer_stop);
1786 ide_set_irq(s->bus);
1787
1788 return false;
1789 }
1790
1791 static bool cmd_cfa_access_metadata_storage(IDEState *s, uint8_t cmd)
1792 {
1793 switch (s->feature) {
1794 case 0x02: /* Inquiry Metadata Storage */
1795 ide_cfata_metadata_inquiry(s);
1796 break;
1797 case 0x03: /* Read Metadata Storage */
1798 ide_cfata_metadata_read(s);
1799 break;
1800 case 0x04: /* Write Metadata Storage */
1801 ide_cfata_metadata_write(s);
1802 break;
1803 default:
1804 ide_abort_command(s);
1805 return true;
1806 }
1807
1808 ide_transfer_start(s, s->io_buffer, 0x200, ide_transfer_stop);
1809 s->status = 0x00; /* NOTE: READY is _not_ set */
1810 ide_set_irq(s->bus);
1811
1812 return false;
1813 }
1814
1815 static bool cmd_ibm_sense_condition(IDEState *s, uint8_t cmd)
1816 {
1817 switch (s->feature) {
1818 case 0x01: /* sense temperature in device */
1819 s->nsector = 0x50; /* +20 C */
1820 break;
1821 default:
1822 ide_abort_command(s);
1823 return true;
1824 }
1825
1826 return true;
1827 }
1828
1829
1830 /*** SMART commands ***/
1831
1832 static bool cmd_smart(IDEState *s, uint8_t cmd)
1833 {
1834 int n;
1835
1836 if (s->hcyl != 0xc2 || s->lcyl != 0x4f) {
1837 goto abort_cmd;
1838 }
1839
1840 if (!s->smart_enabled && s->feature != SMART_ENABLE) {
1841 goto abort_cmd;
1842 }
1843
1844 switch (s->feature) {
1845 case SMART_DISABLE:
1846 s->smart_enabled = 0;
1847 return true;
1848
1849 case SMART_ENABLE:
1850 s->smart_enabled = 1;
1851 return true;
1852
1853 case SMART_ATTR_AUTOSAVE:
1854 switch (s->sector) {
1855 case 0x00:
1856 s->smart_autosave = 0;
1857 break;
1858 case 0xf1:
1859 s->smart_autosave = 1;
1860 break;
1861 default:
1862 goto abort_cmd;
1863 }
1864 return true;
1865
1866 case SMART_STATUS:
1867 if (!s->smart_errors) {
1868 s->hcyl = 0xc2;
1869 s->lcyl = 0x4f;
1870 } else {
1871 s->hcyl = 0x2c;
1872 s->lcyl = 0xf4;
1873 }
1874 return true;
1875
1876 case SMART_READ_THRESH:
1877 memset(s->io_buffer, 0, 0x200);
1878 s->io_buffer[0] = 0x01; /* smart struct version */
1879
1880 for (n = 0; n < ARRAY_SIZE(smart_attributes); n++) {
1881 s->io_buffer[2 + 0 + (n * 12)] = smart_attributes[n][0];
1882 s->io_buffer[2 + 1 + (n * 12)] = smart_attributes[n][11];
1883 }
1884
1885 /* checksum */
1886 for (n = 0; n < 511; n++) {
1887 s->io_buffer[511] += s->io_buffer[n];
1888 }
1889 s->io_buffer[511] = 0x100 - s->io_buffer[511];
1890
1891 s->status = READY_STAT | SEEK_STAT;
1892 ide_transfer_start(s, s->io_buffer, 0x200, ide_transfer_stop);
1893 ide_set_irq(s->bus);
1894 return false;
1895
1896 case SMART_READ_DATA:
1897 memset(s->io_buffer, 0, 0x200);
1898 s->io_buffer[0] = 0x01; /* smart struct version */
1899
1900 for (n = 0; n < ARRAY_SIZE(smart_attributes); n++) {
1901 int i;
1902 for (i = 0; i < 11; i++) {
1903 s->io_buffer[2 + i + (n * 12)] = smart_attributes[n][i];
1904 }
1905 }
1906
1907 s->io_buffer[362] = 0x02 | (s->smart_autosave ? 0x80 : 0x00);
1908 if (s->smart_selftest_count == 0) {
1909 s->io_buffer[363] = 0;
1910 } else {
1911 s->io_buffer[363] =
1912 s->smart_selftest_data[3 +
1913 (s->smart_selftest_count - 1) *
1914 24];
1915 }
1916 s->io_buffer[364] = 0x20;
1917 s->io_buffer[365] = 0x01;
1918 /* offline data collection capacity: execute + self-test*/
1919 s->io_buffer[367] = (1 << 4 | 1 << 3 | 1);
1920 s->io_buffer[368] = 0x03; /* smart capability (1) */
1921 s->io_buffer[369] = 0x00; /* smart capability (2) */
1922 s->io_buffer[370] = 0x01; /* error logging supported */
1923 s->io_buffer[372] = 0x02; /* minutes for poll short test */
1924 s->io_buffer[373] = 0x36; /* minutes for poll ext test */
1925 s->io_buffer[374] = 0x01; /* minutes for poll conveyance */
1926
1927 for (n = 0; n < 511; n++) {
1928 s->io_buffer[511] += s->io_buffer[n];
1929 }
1930 s->io_buffer[511] = 0x100 - s->io_buffer[511];
1931
1932 s->status = READY_STAT | SEEK_STAT;
1933 ide_transfer_start(s, s->io_buffer, 0x200, ide_transfer_stop);
1934 ide_set_irq(s->bus);
1935 return false;
1936
1937 case SMART_READ_LOG:
1938 switch (s->sector) {
1939 case 0x01: /* summary smart error log */
1940 memset(s->io_buffer, 0, 0x200);
1941 s->io_buffer[0] = 0x01;
1942 s->io_buffer[1] = 0x00; /* no error entries */
1943 s->io_buffer[452] = s->smart_errors & 0xff;
1944 s->io_buffer[453] = (s->smart_errors & 0xff00) >> 8;
1945
1946 for (n = 0; n < 511; n++) {
1947 s->io_buffer[511] += s->io_buffer[n];
1948 }
1949 s->io_buffer[511] = 0x100 - s->io_buffer[511];
1950 break;
1951 case 0x06: /* smart self test log */
1952 memset(s->io_buffer, 0, 0x200);
1953 s->io_buffer[0] = 0x01;
1954 if (s->smart_selftest_count == 0) {
1955 s->io_buffer[508] = 0;
1956 } else {
1957 s->io_buffer[508] = s->smart_selftest_count;
1958 for (n = 2; n < 506; n++) {
1959 s->io_buffer[n] = s->smart_selftest_data[n];
1960 }
1961 }
1962
1963 for (n = 0; n < 511; n++) {
1964 s->io_buffer[511] += s->io_buffer[n];
1965 }
1966 s->io_buffer[511] = 0x100 - s->io_buffer[511];
1967 break;
1968 default:
1969 goto abort_cmd;
1970 }
1971 s->status = READY_STAT | SEEK_STAT;
1972 ide_transfer_start(s, s->io_buffer, 0x200, ide_transfer_stop);
1973 ide_set_irq(s->bus);
1974 return false;
1975
1976 case SMART_EXECUTE_OFFLINE:
1977 switch (s->sector) {
1978 case 0: /* off-line routine */
1979 case 1: /* short self test */
1980 case 2: /* extended self test */
1981 s->smart_selftest_count++;
1982 if (s->smart_selftest_count > 21) {
1983 s->smart_selftest_count = 1;
1984 }
1985 n = 2 + (s->smart_selftest_count - 1) * 24;
1986 s->smart_selftest_data[n] = s->sector;
1987 s->smart_selftest_data[n + 1] = 0x00; /* OK and finished */
1988 s->smart_selftest_data[n + 2] = 0x34; /* hour count lsb */
1989 s->smart_selftest_data[n + 3] = 0x12; /* hour count msb */
1990 break;
1991 default:
1992 goto abort_cmd;
1993 }
1994 return true;
1995 }
1996
1997 abort_cmd:
1998 ide_abort_command(s);
1999 return true;
2000 }
2001
2002 #define HD_OK (1u << IDE_HD)
2003 #define CD_OK (1u << IDE_CD)
2004 #define CFA_OK (1u << IDE_CFATA)
2005 #define HD_CFA_OK (HD_OK | CFA_OK)
2006 #define ALL_OK (HD_OK | CD_OK | CFA_OK)
2007
2008 /* Set the Disk Seek Completed status bit during completion */
2009 #define SET_DSC (1u << 8)
2010
2011 /* See ACS-2 T13/2015-D Table B.2 Command codes */
2012 static const struct {
2013 /* Returns true if the completion code should be run */
2014 bool (*handler)(IDEState *s, uint8_t cmd);
2015 int flags;
2016 } ide_cmd_table[0x100] = {
2017 /* NOP not implemented, mandatory for CD */
2018 [CFA_REQ_EXT_ERROR_CODE] = { cmd_cfa_req_ext_error_code, CFA_OK },
2019 [WIN_DSM] = { cmd_data_set_management, HD_CFA_OK },
2020 [WIN_DEVICE_RESET] = { cmd_device_reset, CD_OK },
2021 [WIN_RECAL] = { cmd_nop, HD_CFA_OK | SET_DSC},
2022 [WIN_READ] = { cmd_read_pio, ALL_OK },
2023 [WIN_READ_ONCE] = { cmd_read_pio, HD_CFA_OK },
2024 [WIN_READ_EXT] = { cmd_read_pio, HD_CFA_OK },
2025 [WIN_READDMA_EXT] = { cmd_read_dma, HD_CFA_OK },
2026 [WIN_READ_NATIVE_MAX_EXT] = { cmd_read_native_max, HD_CFA_OK | SET_DSC },
2027 [WIN_MULTREAD_EXT] = { cmd_read_multiple, HD_CFA_OK },
2028 [WIN_WRITE] = { cmd_write_pio, HD_CFA_OK },
2029 [WIN_WRITE_ONCE] = { cmd_write_pio, HD_CFA_OK },
2030 [WIN_WRITE_EXT] = { cmd_write_pio, HD_CFA_OK },
2031 [WIN_WRITEDMA_EXT] = { cmd_write_dma, HD_CFA_OK },
2032 [CFA_WRITE_SECT_WO_ERASE] = { cmd_write_pio, CFA_OK },
2033 [WIN_MULTWRITE_EXT] = { cmd_write_multiple, HD_CFA_OK },
2034 [WIN_WRITE_VERIFY] = { cmd_write_pio, HD_CFA_OK },
2035 [WIN_VERIFY] = { cmd_verify, HD_CFA_OK | SET_DSC },
2036 [WIN_VERIFY_ONCE] = { cmd_verify, HD_CFA_OK | SET_DSC },
2037 [WIN_VERIFY_EXT] = { cmd_verify, HD_CFA_OK | SET_DSC },
2038 [WIN_SEEK] = { cmd_seek, HD_CFA_OK | SET_DSC },
2039 [CFA_TRANSLATE_SECTOR] = { cmd_cfa_translate_sector, CFA_OK },
2040 [WIN_DIAGNOSE] = { cmd_exec_dev_diagnostic, ALL_OK },
2041 [WIN_SPECIFY] = { cmd_nop, HD_CFA_OK | SET_DSC },
2042 [WIN_STANDBYNOW2] = { cmd_nop, HD_CFA_OK },
2043 [WIN_IDLEIMMEDIATE2] = { cmd_nop, HD_CFA_OK },
2044 [WIN_STANDBY2] = { cmd_nop, HD_CFA_OK },
2045 [WIN_SETIDLE2] = { cmd_nop, HD_CFA_OK },
2046 [WIN_CHECKPOWERMODE2] = { cmd_check_power_mode, HD_CFA_OK | SET_DSC },
2047 [WIN_SLEEPNOW2] = { cmd_nop, HD_CFA_OK },
2048 [WIN_PACKETCMD] = { cmd_packet, CD_OK },
2049 [WIN_PIDENTIFY] = { cmd_identify_packet, CD_OK },
2050 [WIN_SMART] = { cmd_smart, HD_CFA_OK | SET_DSC },
2051 [CFA_ACCESS_METADATA_STORAGE] = { cmd_cfa_access_metadata_storage, CFA_OK },
2052 [CFA_ERASE_SECTORS] = { cmd_cfa_erase_sectors, CFA_OK | SET_DSC },
2053 [WIN_MULTREAD] = { cmd_read_multiple, HD_CFA_OK },
2054 [WIN_MULTWRITE] = { cmd_write_multiple, HD_CFA_OK },
2055 [WIN_SETMULT] = { cmd_set_multiple_mode, HD_CFA_OK | SET_DSC },
2056 [WIN_READDMA] = { cmd_read_dma, HD_CFA_OK },
2057 [WIN_READDMA_ONCE] = { cmd_read_dma, HD_CFA_OK },
2058 [WIN_WRITEDMA] = { cmd_write_dma, HD_CFA_OK },
2059 [WIN_WRITEDMA_ONCE] = { cmd_write_dma, HD_CFA_OK },
2060 [CFA_WRITE_MULTI_WO_ERASE] = { cmd_write_multiple, CFA_OK },
2061 [WIN_STANDBYNOW1] = { cmd_nop, HD_CFA_OK },
2062 [WIN_IDLEIMMEDIATE] = { cmd_nop, HD_CFA_OK },
2063 [WIN_STANDBY] = { cmd_nop, HD_CFA_OK },
2064 [WIN_SETIDLE1] = { cmd_nop, HD_CFA_OK },
2065 [WIN_CHECKPOWERMODE1] = { cmd_check_power_mode, HD_CFA_OK | SET_DSC },
2066 [WIN_SLEEPNOW1] = { cmd_nop, HD_CFA_OK },
2067 [WIN_FLUSH_CACHE] = { cmd_flush_cache, ALL_OK },
2068 [WIN_FLUSH_CACHE_EXT] = { cmd_flush_cache, HD_CFA_OK },
2069 [WIN_IDENTIFY] = { cmd_identify, ALL_OK },
2070 [WIN_SETFEATURES] = { cmd_set_features, ALL_OK | SET_DSC },
2071 [IBM_SENSE_CONDITION] = { cmd_ibm_sense_condition, CFA_OK | SET_DSC },
2072 [CFA_WEAR_LEVEL] = { cmd_cfa_erase_sectors, HD_CFA_OK | SET_DSC },
2073 [WIN_READ_NATIVE_MAX] = { cmd_read_native_max, HD_CFA_OK | SET_DSC },
2074 };
2075
2076 static bool ide_cmd_permitted(IDEState *s, uint32_t cmd)
2077 {
2078 return cmd < ARRAY_SIZE(ide_cmd_table)
2079 && (ide_cmd_table[cmd].flags & (1u << s->drive_kind));
2080 }
2081
2082 void ide_exec_cmd(IDEBus *bus, uint32_t val)
2083 {
2084 IDEState *s;
2085 bool complete;
2086
2087 s = idebus_active_if(bus);
2088 trace_ide_exec_cmd(bus, s, val);
2089
2090 /* ignore commands to non existent slave */
2091 if (s != bus->ifs && !s->blk) {
2092 return;
2093 }
2094
2095 /* Only RESET is allowed while BSY and/or DRQ are set,
2096 * and only to ATAPI devices. */
2097 if (s->status & (BUSY_STAT|DRQ_STAT)) {
2098 if (val != WIN_DEVICE_RESET || s->drive_kind != IDE_CD) {
2099 return;
2100 }
2101 }
2102
2103 if (!ide_cmd_permitted(s, val)) {
2104 ide_abort_command(s);
2105 ide_set_irq(s->bus);
2106 return;
2107 }
2108
2109 s->status = READY_STAT | BUSY_STAT;
2110 s->error = 0;
2111 s->io_buffer_offset = 0;
2112
2113 complete = ide_cmd_table[val].handler(s, val);
2114 if (complete) {
2115 s->status &= ~BUSY_STAT;
2116 assert(!!s->error == !!(s->status & ERR_STAT));
2117
2118 if ((ide_cmd_table[val].flags & SET_DSC) && !s->error) {
2119 s->status |= SEEK_STAT;
2120 }
2121
2122 ide_cmd_done(s);
2123 ide_set_irq(s->bus);
2124 }
2125 }
2126
2127 /* IOport [R]ead [R]egisters */
2128 enum ATA_IOPORT_RR {
2129 ATA_IOPORT_RR_DATA = 0,
2130 ATA_IOPORT_RR_ERROR = 1,
2131 ATA_IOPORT_RR_SECTOR_COUNT = 2,
2132 ATA_IOPORT_RR_SECTOR_NUMBER = 3,
2133 ATA_IOPORT_RR_CYLINDER_LOW = 4,
2134 ATA_IOPORT_RR_CYLINDER_HIGH = 5,
2135 ATA_IOPORT_RR_DEVICE_HEAD = 6,
2136 ATA_IOPORT_RR_STATUS = 7,
2137 ATA_IOPORT_RR_NUM_REGISTERS,
2138 };
2139
2140 const char *ATA_IOPORT_RR_lookup[ATA_IOPORT_RR_NUM_REGISTERS] = {
2141 [ATA_IOPORT_RR_DATA] = "Data",
2142 [ATA_IOPORT_RR_ERROR] = "Error",
2143 [ATA_IOPORT_RR_SECTOR_COUNT] = "Sector Count",
2144 [ATA_IOPORT_RR_SECTOR_NUMBER] = "Sector Number",
2145 [ATA_IOPORT_RR_CYLINDER_LOW] = "Cylinder Low",
2146 [ATA_IOPORT_RR_CYLINDER_HIGH] = "Cylinder High",
2147 [ATA_IOPORT_RR_DEVICE_HEAD] = "Device/Head",
2148 [ATA_IOPORT_RR_STATUS] = "Status"
2149 };
2150
2151 uint32_t ide_ioport_read(void *opaque, uint32_t addr)
2152 {
2153 IDEBus *bus = opaque;
2154 IDEState *s = idebus_active_if(bus);
2155 uint32_t reg_num;
2156 int ret, hob;
2157
2158 reg_num = addr & 7;
2159 hob = bus->cmd & (IDE_CTRL_HOB);
2160 switch (reg_num) {
2161 case ATA_IOPORT_RR_DATA:
2162 ret = 0xff;
2163 break;
2164 case ATA_IOPORT_RR_ERROR:
2165 if ((!bus->ifs[0].blk && !bus->ifs[1].blk) ||
2166 (s != bus->ifs && !s->blk)) {
2167 ret = 0;
2168 } else if (!hob) {
2169 ret = s->error;
2170 } else {
2171 ret = s->hob_feature;
2172 }
2173 break;
2174 case ATA_IOPORT_RR_SECTOR_COUNT:
2175 if (!bus->ifs[0].blk && !bus->ifs[1].blk) {
2176 ret = 0;
2177 } else if (!hob) {
2178 ret = s->nsector & 0xff;
2179 } else {
2180 ret = s->hob_nsector;
2181 }
2182 break;
2183 case ATA_IOPORT_RR_SECTOR_NUMBER:
2184 if (!bus->ifs[0].blk && !bus->ifs[1].blk) {
2185 ret = 0;
2186 } else if (!hob) {
2187 ret = s->sector;
2188 } else {
2189 ret = s->hob_sector;
2190 }
2191 break;
2192 case ATA_IOPORT_RR_CYLINDER_LOW:
2193 if (!bus->ifs[0].blk && !bus->ifs[1].blk) {
2194 ret = 0;
2195 } else if (!hob) {
2196 ret = s->lcyl;
2197 } else {
2198 ret = s->hob_lcyl;
2199 }
2200 break;
2201 case ATA_IOPORT_RR_CYLINDER_HIGH:
2202 if (!bus->ifs[0].blk && !bus->ifs[1].blk) {
2203 ret = 0;
2204 } else if (!hob) {
2205 ret = s->hcyl;
2206 } else {
2207 ret = s->hob_hcyl;
2208 }
2209 break;
2210 case ATA_IOPORT_RR_DEVICE_HEAD:
2211 if (!bus->ifs[0].blk && !bus->ifs[1].blk) {
2212 ret = 0;
2213 } else {
2214 ret = s->select;
2215 }
2216 break;
2217 default:
2218 case ATA_IOPORT_RR_STATUS:
2219 if ((!bus->ifs[0].blk && !bus->ifs[1].blk) ||
2220 (s != bus->ifs && !s->blk)) {
2221 ret = 0;
2222 } else {
2223 ret = s->status;
2224 }
2225 qemu_irq_lower(bus->irq);
2226 break;
2227 }
2228
2229 trace_ide_ioport_read(addr, ATA_IOPORT_RR_lookup[reg_num], ret, bus, s);
2230 return ret;
2231 }
2232
2233 uint32_t ide_status_read(void *opaque, uint32_t addr)
2234 {
2235 IDEBus *bus = opaque;
2236 IDEState *s = idebus_active_if(bus);
2237 int ret;
2238
2239 if ((!bus->ifs[0].blk && !bus->ifs[1].blk) ||
2240 (s != bus->ifs && !s->blk)) {
2241 ret = 0;
2242 } else {
2243 ret = s->status;
2244 }
2245
2246 trace_ide_status_read(addr, ret, bus, s);
2247 return ret;
2248 }
2249
2250 static void ide_perform_srst(IDEState *s)
2251 {
2252 s->status |= BUSY_STAT;
2253
2254 /* Halt PIO (Via register state); PIO BH remains scheduled. */
2255 ide_transfer_halt(s);
2256
2257 /* Cancel DMA -- may drain block device and invoke callbacks */
2258 ide_cancel_dma_sync(s);
2259
2260 /* Cancel PIO callback, reset registers/signature, etc */
2261 ide_reset(s);
2262
2263 /* perform diagnostic */
2264 cmd_exec_dev_diagnostic(s, WIN_DIAGNOSE);
2265 }
2266
2267 static void ide_bus_perform_srst(void *opaque)
2268 {
2269 IDEBus *bus = opaque;
2270 IDEState *s;
2271 int i;
2272
2273 for (i = 0; i < 2; i++) {
2274 s = &bus->ifs[i];
2275 ide_perform_srst(s);
2276 }
2277
2278 bus->cmd &= ~IDE_CTRL_RESET;
2279 }
2280
2281 void ide_ctrl_write(void *opaque, uint32_t addr, uint32_t val)
2282 {
2283 IDEBus *bus = opaque;
2284 IDEState *s;
2285 int i;
2286
2287 trace_ide_ctrl_write(addr, val, bus);
2288
2289 /* Device0 and Device1 each have their own control register,
2290 * but QEMU models it as just one register in the controller. */
2291 if (!(bus->cmd & IDE_CTRL_RESET) && (val & IDE_CTRL_RESET)) {
2292 for (i = 0; i < 2; i++) {
2293 s = &bus->ifs[i];
2294 s->status |= BUSY_STAT;
2295 }
2296 replay_bh_schedule_oneshot_event(qemu_get_aio_context(),
2297 ide_bus_perform_srst, bus);
2298 }
2299
2300 bus->cmd = val;
2301 }
2302
2303 /*
2304 * Returns true if the running PIO transfer is a PIO out (i.e. data is
2305 * transferred from the device to the guest), false if it's a PIO in
2306 */
2307 static bool ide_is_pio_out(IDEState *s)
2308 {
2309 if (s->end_transfer_func == ide_sector_write ||
2310 s->end_transfer_func == ide_atapi_cmd) {
2311 return false;
2312 } else if (s->end_transfer_func == ide_sector_read ||
2313 s->end_transfer_func == ide_transfer_stop ||
2314 s->end_transfer_func == ide_atapi_cmd_reply_end ||
2315 s->end_transfer_func == ide_dummy_transfer_stop) {
2316 return true;
2317 }
2318
2319 abort();
2320 }
2321
2322 void ide_data_writew(void *opaque, uint32_t addr, uint32_t val)
2323 {
2324 IDEBus *bus = opaque;
2325 IDEState *s = idebus_active_if(bus);
2326 uint8_t *p;
2327
2328 trace_ide_data_writew(addr, val, bus, s);
2329
2330 /* PIO data access allowed only when DRQ bit is set. The result of a write
2331 * during PIO out is indeterminate, just ignore it. */
2332 if (!(s->status & DRQ_STAT) || ide_is_pio_out(s)) {
2333 return;
2334 }
2335
2336 p = s->data_ptr;
2337 if (p + 2 > s->data_end) {
2338 return;
2339 }
2340
2341 *(uint16_t *)p = le16_to_cpu(val);
2342 p += 2;
2343 s->data_ptr = p;
2344 if (p >= s->data_end) {
2345 s->status &= ~DRQ_STAT;
2346 s->end_transfer_func(s);
2347 }
2348 }
2349
2350 uint32_t ide_data_readw(void *opaque, uint32_t addr)
2351 {
2352 IDEBus *bus = opaque;
2353 IDEState *s = idebus_active_if(bus);
2354 uint8_t *p;
2355 int ret;
2356
2357 /* PIO data access allowed only when DRQ bit is set. The result of a read
2358 * during PIO in is indeterminate, return 0 and don't move forward. */
2359 if (!(s->status & DRQ_STAT) || !ide_is_pio_out(s)) {
2360 return 0;
2361 }
2362
2363 p = s->data_ptr;
2364 if (p + 2 > s->data_end) {
2365 return 0;
2366 }
2367
2368 ret = cpu_to_le16(*(uint16_t *)p);
2369 p += 2;
2370 s->data_ptr = p;
2371 if (p >= s->data_end) {
2372 s->status &= ~DRQ_STAT;
2373 s->end_transfer_func(s);
2374 }
2375
2376 trace_ide_data_readw(addr, ret, bus, s);
2377 return ret;
2378 }
2379
2380 void ide_data_writel(void *opaque, uint32_t addr, uint32_t val)
2381 {
2382 IDEBus *bus = opaque;
2383 IDEState *s = idebus_active_if(bus);
2384 uint8_t *p;
2385
2386 trace_ide_data_writel(addr, val, bus, s);
2387
2388 /* PIO data access allowed only when DRQ bit is set. The result of a write
2389 * during PIO out is indeterminate, just ignore it. */
2390 if (!(s->status & DRQ_STAT) || ide_is_pio_out(s)) {
2391 return;
2392 }
2393
2394 p = s->data_ptr;
2395 if (p + 4 > s->data_end) {
2396 return;
2397 }
2398
2399 *(uint32_t *)p = le32_to_cpu(val);
2400 p += 4;
2401 s->data_ptr = p;
2402 if (p >= s->data_end) {
2403 s->status &= ~DRQ_STAT;
2404 s->end_transfer_func(s);
2405 }
2406 }
2407
2408 uint32_t ide_data_readl(void *opaque, uint32_t addr)
2409 {
2410 IDEBus *bus = opaque;
2411 IDEState *s = idebus_active_if(bus);
2412 uint8_t *p;
2413 int ret;
2414
2415 /* PIO data access allowed only when DRQ bit is set. The result of a read
2416 * during PIO in is indeterminate, return 0 and don't move forward. */
2417 if (!(s->status & DRQ_STAT) || !ide_is_pio_out(s)) {
2418 ret = 0;
2419 goto out;
2420 }
2421
2422 p = s->data_ptr;
2423 if (p + 4 > s->data_end) {
2424 return 0;
2425 }
2426
2427 ret = cpu_to_le32(*(uint32_t *)p);
2428 p += 4;
2429 s->data_ptr = p;
2430 if (p >= s->data_end) {
2431 s->status &= ~DRQ_STAT;
2432 s->end_transfer_func(s);
2433 }
2434
2435 out:
2436 trace_ide_data_readl(addr, ret, bus, s);
2437 return ret;
2438 }
2439
2440 static void ide_dummy_transfer_stop(IDEState *s)
2441 {
2442 s->data_ptr = s->io_buffer;
2443 s->data_end = s->io_buffer;
2444 s->io_buffer[0] = 0xff;
2445 s->io_buffer[1] = 0xff;
2446 s->io_buffer[2] = 0xff;
2447 s->io_buffer[3] = 0xff;
2448 }
2449
2450 void ide_bus_reset(IDEBus *bus)
2451 {
2452 bus->unit = 0;
2453 bus->cmd = 0;
2454 ide_reset(&bus->ifs[0]);
2455 ide_reset(&bus->ifs[1]);
2456 ide_clear_hob(bus);
2457
2458 /* pending async DMA */
2459 if (bus->dma->aiocb) {
2460 trace_ide_bus_reset_aio();
2461 blk_aio_cancel(bus->dma->aiocb);
2462 bus->dma->aiocb = NULL;
2463 }
2464
2465 /* reset dma provider too */
2466 if (bus->dma->ops->reset) {
2467 bus->dma->ops->reset(bus->dma);
2468 }
2469 }
2470
2471 static bool ide_cd_is_tray_open(void *opaque)
2472 {
2473 return ((IDEState *)opaque)->tray_open;
2474 }
2475
2476 static bool ide_cd_is_medium_locked(void *opaque)
2477 {
2478 return ((IDEState *)opaque)->tray_locked;
2479 }
2480
2481 static void ide_resize_cb(void *opaque)
2482 {
2483 IDEState *s = opaque;
2484 uint64_t nb_sectors;
2485
2486 if (!s->identify_set) {
2487 return;
2488 }
2489
2490 blk_get_geometry(s->blk, &nb_sectors);
2491 s->nb_sectors = nb_sectors;
2492
2493 /* Update the identify data buffer. */
2494 if (s->drive_kind == IDE_CFATA) {
2495 ide_cfata_identify_size(s);
2496 } else {
2497 /* IDE_CD uses a different set of callbacks entirely. */
2498 assert(s->drive_kind != IDE_CD);
2499 ide_identify_size(s);
2500 }
2501 }
2502
2503 static const BlockDevOps ide_cd_block_ops = {
2504 .change_media_cb = ide_cd_change_cb,
2505 .eject_request_cb = ide_cd_eject_request_cb,
2506 .is_tray_open = ide_cd_is_tray_open,
2507 .is_medium_locked = ide_cd_is_medium_locked,
2508 };
2509
2510 static const BlockDevOps ide_hd_block_ops = {
2511 .resize_cb = ide_resize_cb,
2512 };
2513
2514 int ide_init_drive(IDEState *s, BlockBackend *blk, IDEDriveKind kind,
2515 const char *version, const char *serial, const char *model,
2516 uint64_t wwn,
2517 uint32_t cylinders, uint32_t heads, uint32_t secs,
2518 int chs_trans, Error **errp)
2519 {
2520 uint64_t nb_sectors;
2521
2522 s->blk = blk;
2523 s->drive_kind = kind;
2524
2525 blk_get_geometry(blk, &nb_sectors);
2526 s->cylinders = cylinders;
2527 s->heads = heads;
2528 s->sectors = secs;
2529 s->chs_trans = chs_trans;
2530 s->nb_sectors = nb_sectors;
2531 s->wwn = wwn;
2532 /* The SMART values should be preserved across power cycles
2533 but they aren't. */
2534 s->smart_enabled = 1;
2535 s->smart_autosave = 1;
2536 s->smart_errors = 0;
2537 s->smart_selftest_count = 0;
2538 if (kind == IDE_CD) {
2539 blk_set_dev_ops(blk, &ide_cd_block_ops, s);
2540 blk_set_guest_block_size(blk, 2048);
2541 } else {
2542 if (!blk_is_inserted(s->blk)) {
2543 error_setg(errp, "Device needs media, but drive is empty");
2544 return -1;
2545 }
2546 if (!blk_is_writable(blk)) {
2547 error_setg(errp, "Can't use a read-only drive");
2548 return -1;
2549 }
2550 blk_set_dev_ops(blk, &ide_hd_block_ops, s);
2551 }
2552 if (serial) {
2553 pstrcpy(s->drive_serial_str, sizeof(s->drive_serial_str), serial);
2554 } else {
2555 snprintf(s->drive_serial_str, sizeof(s->drive_serial_str),
2556 "QM%05d", s->drive_serial);
2557 }
2558 if (model) {
2559 pstrcpy(s->drive_model_str, sizeof(s->drive_model_str), model);
2560 } else {
2561 switch (kind) {
2562 case IDE_CD:
2563 strcpy(s->drive_model_str, "QEMU DVD-ROM");
2564 break;
2565 case IDE_CFATA:
2566 strcpy(s->drive_model_str, "QEMU MICRODRIVE");
2567 break;
2568 default:
2569 strcpy(s->drive_model_str, "QEMU HARDDISK");
2570 break;
2571 }
2572 }
2573
2574 if (version) {
2575 pstrcpy(s->version, sizeof(s->version), version);
2576 } else {
2577 pstrcpy(s->version, sizeof(s->version), qemu_hw_version());
2578 }
2579
2580 ide_reset(s);
2581 blk_iostatus_enable(blk);
2582 return 0;
2583 }
2584
2585 static void ide_init1(IDEBus *bus, int unit)
2586 {
2587 static int drive_serial = 1;
2588 IDEState *s = &bus->ifs[unit];
2589
2590 s->bus = bus;
2591 s->unit = unit;
2592 s->drive_serial = drive_serial++;
2593 /* we need at least 2k alignment for accessing CDROMs using O_DIRECT */
2594 s->io_buffer_total_len = IDE_DMA_BUF_SECTORS*512 + 4;
2595 s->io_buffer = qemu_memalign(2048, s->io_buffer_total_len);
2596 memset(s->io_buffer, 0, s->io_buffer_total_len);
2597
2598 s->smart_selftest_data = blk_blockalign(s->blk, 512);
2599 memset(s->smart_selftest_data, 0, 512);
2600
2601 s->sector_write_timer = timer_new_ns(QEMU_CLOCK_VIRTUAL,
2602 ide_sector_write_timer_cb, s);
2603 }
2604
2605 static int ide_nop_int(const IDEDMA *dma, bool is_write)
2606 {
2607 return 0;
2608 }
2609
2610 static void ide_nop(const IDEDMA *dma)
2611 {
2612 }
2613
2614 static int32_t ide_nop_int32(const IDEDMA *dma, int32_t l)
2615 {
2616 return 0;
2617 }
2618
2619 static const IDEDMAOps ide_dma_nop_ops = {
2620 .prepare_buf = ide_nop_int32,
2621 .restart_dma = ide_nop,
2622 .rw_buf = ide_nop_int,
2623 };
2624
2625 static void ide_restart_dma(IDEState *s, enum ide_dma_cmd dma_cmd)
2626 {
2627 s->unit = s->bus->retry_unit;
2628 ide_set_sector(s, s->bus->retry_sector_num);
2629 s->nsector = s->bus->retry_nsector;
2630 s->bus->dma->ops->restart_dma(s->bus->dma);
2631 s->io_buffer_size = 0;
2632 s->dma_cmd = dma_cmd;
2633 ide_start_dma(s, ide_dma_cb);
2634 }
2635
2636 static void ide_restart_bh(void *opaque)
2637 {
2638 IDEBus *bus = opaque;
2639 IDEState *s;
2640 bool is_read;
2641 int error_status;
2642
2643 qemu_bh_delete(bus->bh);
2644 bus->bh = NULL;
2645
2646 error_status = bus->error_status;
2647 if (bus->error_status == 0) {
2648 return;
2649 }
2650
2651 s = idebus_active_if(bus);
2652 is_read = (bus->error_status & IDE_RETRY_READ) != 0;
2653
2654 /* The error status must be cleared before resubmitting the request: The
2655 * request may fail again, and this case can only be distinguished if the
2656 * called function can set a new error status. */
2657 bus->error_status = 0;
2658
2659 /* The HBA has generically asked to be kicked on retry */
2660 if (error_status & IDE_RETRY_HBA) {
2661 if (s->bus->dma->ops->restart) {
2662 s->bus->dma->ops->restart(s->bus->dma);
2663 }
2664 } else if (IS_IDE_RETRY_DMA(error_status)) {
2665 if (error_status & IDE_RETRY_TRIM) {
2666 ide_restart_dma(s, IDE_DMA_TRIM);
2667 } else {
2668 ide_restart_dma(s, is_read ? IDE_DMA_READ : IDE_DMA_WRITE);
2669 }
2670 } else if (IS_IDE_RETRY_PIO(error_status)) {
2671 if (is_read) {
2672 ide_sector_read(s);
2673 } else {
2674 ide_sector_write(s);
2675 }
2676 } else if (error_status & IDE_RETRY_FLUSH) {
2677 ide_flush_cache(s);
2678 } else if (IS_IDE_RETRY_ATAPI(error_status)) {
2679 assert(s->end_transfer_func == ide_atapi_cmd);
2680 ide_atapi_dma_restart(s);
2681 } else {
2682 abort();
2683 }
2684 }
2685
2686 static void ide_restart_cb(void *opaque, bool running, RunState state)
2687 {
2688 IDEBus *bus = opaque;
2689
2690 if (!running)
2691 return;
2692
2693 if (!bus->bh) {
2694 bus->bh = qemu_bh_new(ide_restart_bh, bus);
2695 qemu_bh_schedule(bus->bh);
2696 }
2697 }
2698
2699 void ide_register_restart_cb(IDEBus *bus)
2700 {
2701 if (bus->dma->ops->restart_dma) {
2702 bus->vmstate = qemu_add_vm_change_state_handler(ide_restart_cb, bus);
2703 }
2704 }
2705
2706 static IDEDMA ide_dma_nop = {
2707 .ops = &ide_dma_nop_ops,
2708 .aiocb = NULL,
2709 };
2710
2711 void ide_init2(IDEBus *bus, qemu_irq irq)
2712 {
2713 int i;
2714
2715 for(i = 0; i < 2; i++) {
2716 ide_init1(bus, i);
2717 ide_reset(&bus->ifs[i]);
2718 }
2719 bus->irq = irq;
2720 bus->dma = &ide_dma_nop;
2721 }
2722
2723 void ide_exit(IDEState *s)
2724 {
2725 timer_free(s->sector_write_timer);
2726 qemu_vfree(s->smart_selftest_data);
2727 qemu_vfree(s->io_buffer);
2728 }
2729
2730 static bool is_identify_set(void *opaque, int version_id)
2731 {
2732 IDEState *s = opaque;
2733
2734 return s->identify_set != 0;
2735 }
2736
2737 static EndTransferFunc* transfer_end_table[] = {
2738 ide_sector_read,
2739 ide_sector_write,
2740 ide_transfer_stop,
2741 ide_atapi_cmd_reply_end,
2742 ide_atapi_cmd,
2743 ide_dummy_transfer_stop,
2744 };
2745
2746 static int transfer_end_table_idx(EndTransferFunc *fn)
2747 {
2748 int i;
2749
2750 for (i = 0; i < ARRAY_SIZE(transfer_end_table); i++)
2751 if (transfer_end_table[i] == fn)
2752 return i;
2753
2754 return -1;
2755 }
2756
2757 static int ide_drive_post_load(void *opaque, int version_id)
2758 {
2759 IDEState *s = opaque;
2760
2761 if (s->blk && s->identify_set) {
2762 blk_set_enable_write_cache(s->blk, !!(s->identify_data[85] & (1 << 5)));
2763 }
2764 return 0;
2765 }
2766
2767 static int ide_drive_pio_post_load(void *opaque, int version_id)
2768 {
2769 IDEState *s = opaque;
2770
2771 if (s->end_transfer_fn_idx >= ARRAY_SIZE(transfer_end_table)) {
2772 return -EINVAL;
2773 }
2774 s->end_transfer_func = transfer_end_table[s->end_transfer_fn_idx];
2775 s->data_ptr = s->io_buffer + s->cur_io_buffer_offset;
2776 s->data_end = s->data_ptr + s->cur_io_buffer_len;
2777 s->atapi_dma = s->feature & 1; /* as per cmd_packet */
2778
2779 return 0;
2780 }
2781
2782 static int ide_drive_pio_pre_save(void *opaque)
2783 {
2784 IDEState *s = opaque;
2785 int idx;
2786
2787 s->cur_io_buffer_offset = s->data_ptr - s->io_buffer;
2788 s->cur_io_buffer_len = s->data_end - s->data_ptr;
2789
2790 idx = transfer_end_table_idx(s->end_transfer_func);
2791 if (idx == -1) {
2792 fprintf(stderr, "%s: invalid end_transfer_func for DRQ_STAT\n",
2793 __func__);
2794 s->end_transfer_fn_idx = 2;
2795 } else {
2796 s->end_transfer_fn_idx = idx;
2797 }
2798
2799 return 0;
2800 }
2801
2802 static bool ide_drive_pio_state_needed(void *opaque)
2803 {
2804 IDEState *s = opaque;
2805
2806 return ((s->status & DRQ_STAT) != 0)
2807 || (s->bus->error_status & IDE_RETRY_PIO);
2808 }
2809
2810 static bool ide_tray_state_needed(void *opaque)
2811 {
2812 IDEState *s = opaque;
2813
2814 return s->tray_open || s->tray_locked;
2815 }
2816
2817 static bool ide_atapi_gesn_needed(void *opaque)
2818 {
2819 IDEState *s = opaque;
2820
2821 return s->events.new_media || s->events.eject_request;
2822 }
2823
2824 static bool ide_error_needed(void *opaque)
2825 {
2826 IDEBus *bus = opaque;
2827
2828 return (bus->error_status != 0);
2829 }
2830
2831 /* Fields for GET_EVENT_STATUS_NOTIFICATION ATAPI command */
2832 static const VMStateDescription vmstate_ide_atapi_gesn_state = {
2833 .name ="ide_drive/atapi/gesn_state",
2834 .version_id = 1,
2835 .minimum_version_id = 1,
2836 .needed = ide_atapi_gesn_needed,
2837 .fields = (VMStateField[]) {
2838 VMSTATE_BOOL(events.new_media, IDEState),
2839 VMSTATE_BOOL(events.eject_request, IDEState),
2840 VMSTATE_END_OF_LIST()
2841 }
2842 };
2843
2844 static const VMStateDescription vmstate_ide_tray_state = {
2845 .name = "ide_drive/tray_state",
2846 .version_id = 1,
2847 .minimum_version_id = 1,
2848 .needed = ide_tray_state_needed,
2849 .fields = (VMStateField[]) {
2850 VMSTATE_BOOL(tray_open, IDEState),
2851 VMSTATE_BOOL(tray_locked, IDEState),
2852 VMSTATE_END_OF_LIST()
2853 }
2854 };
2855
2856 static const VMStateDescription vmstate_ide_drive_pio_state = {
2857 .name = "ide_drive/pio_state",
2858 .version_id = 1,
2859 .minimum_version_id = 1,
2860 .pre_save = ide_drive_pio_pre_save,
2861 .post_load = ide_drive_pio_post_load,
2862 .needed = ide_drive_pio_state_needed,
2863 .fields = (VMStateField[]) {
2864 VMSTATE_INT32(req_nb_sectors, IDEState),
2865 VMSTATE_VARRAY_INT32(io_buffer, IDEState, io_buffer_total_len, 1,
2866 vmstate_info_uint8, uint8_t),
2867 VMSTATE_INT32(cur_io_buffer_offset, IDEState),
2868 VMSTATE_INT32(cur_io_buffer_len, IDEState),
2869 VMSTATE_UINT8(end_transfer_fn_idx, IDEState),
2870 VMSTATE_INT32(elementary_transfer_size, IDEState),
2871 VMSTATE_INT32(packet_transfer_size, IDEState),
2872 VMSTATE_END_OF_LIST()
2873 }
2874 };
2875
2876 const VMStateDescription vmstate_ide_drive = {
2877 .name = "ide_drive",
2878 .version_id = 3,
2879 .minimum_version_id = 0,
2880 .post_load = ide_drive_post_load,
2881 .fields = (VMStateField[]) {
2882 VMSTATE_INT32(mult_sectors, IDEState),
2883 VMSTATE_INT32(identify_set, IDEState),
2884 VMSTATE_BUFFER_TEST(identify_data, IDEState, is_identify_set),
2885 VMSTATE_UINT8(feature, IDEState),
2886 VMSTATE_UINT8(error, IDEState),
2887 VMSTATE_UINT32(nsector, IDEState),
2888 VMSTATE_UINT8(sector, IDEState),
2889 VMSTATE_UINT8(lcyl, IDEState),
2890 VMSTATE_UINT8(hcyl, IDEState),
2891 VMSTATE_UINT8(hob_feature, IDEState),
2892 VMSTATE_UINT8(hob_sector, IDEState),
2893 VMSTATE_UINT8(hob_nsector, IDEState),
2894 VMSTATE_UINT8(hob_lcyl, IDEState),
2895 VMSTATE_UINT8(hob_hcyl, IDEState),
2896 VMSTATE_UINT8(select, IDEState),
2897 VMSTATE_UINT8(status, IDEState),
2898 VMSTATE_UINT8(lba48, IDEState),
2899 VMSTATE_UINT8(sense_key, IDEState),
2900 VMSTATE_UINT8(asc, IDEState),
2901 VMSTATE_UINT8_V(cdrom_changed, IDEState, 3),
2902 VMSTATE_END_OF_LIST()
2903 },
2904 .subsections = (const VMStateDescription*[]) {
2905 &vmstate_ide_drive_pio_state,
2906 &vmstate_ide_tray_state,
2907 &vmstate_ide_atapi_gesn_state,
2908 NULL
2909 }
2910 };
2911
2912 static const VMStateDescription vmstate_ide_error_status = {
2913 .name ="ide_bus/error",
2914 .version_id = 2,
2915 .minimum_version_id = 1,
2916 .needed = ide_error_needed,
2917 .fields = (VMStateField[]) {
2918 VMSTATE_INT32(error_status, IDEBus),
2919 VMSTATE_INT64_V(retry_sector_num, IDEBus, 2),
2920 VMSTATE_UINT32_V(retry_nsector, IDEBus, 2),
2921 VMSTATE_UINT8_V(retry_unit, IDEBus, 2),
2922 VMSTATE_END_OF_LIST()
2923 }
2924 };
2925
2926 const VMStateDescription vmstate_ide_bus = {
2927 .name = "ide_bus",
2928 .version_id = 1,
2929 .minimum_version_id = 1,
2930 .fields = (VMStateField[]) {
2931 VMSTATE_UINT8(cmd, IDEBus),
2932 VMSTATE_UINT8(unit, IDEBus),
2933 VMSTATE_END_OF_LIST()
2934 },
2935 .subsections = (const VMStateDescription*[]) {
2936 &vmstate_ide_error_status,
2937 NULL
2938 }
2939 };
2940
2941 void ide_drive_get(DriveInfo **hd, int n)
2942 {
2943 int i;
2944
2945 for (i = 0; i < n; i++) {
2946 hd[i] = drive_get_by_index(IF_IDE, i);
2947 }
2948 }
QEMU mirror