]> git.proxmox.com Git - mirror_qemu.git/blob - hw/ide.c
projects / mirror_qemu.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
cpu_exec_init() change
[mirror_qemu.git] / hw / ide.c
1 /*
2 * QEMU IDE disk and CD-ROM Emulator
3 *
4 * Copyright (c) 2003 Fabrice Bellard
5 *
6 * Permission is hereby granted, free of charge, to any person obtaining a copy
7 * of this software and associated documentation files (the "Software"), to deal
8 * in the Software without restriction, including without limitation the rights
9 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
10 * copies of the Software, and to permit persons to whom the Software is
11 * furnished to do so, subject to the following conditions:
12 *
13 * The above copyright notice and this permission notice shall be included in
14 * all copies or substantial portions of the Software.
15 *
16 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
17 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
18 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
19 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
20 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
21 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
22 * THE SOFTWARE.
23 */
24 #include "vl.h"
25
26 /* debug IDE devices */
27 //#define DEBUG_IDE
28 //#define DEBUG_IDE_ATAPI
29
30 /* Bits of HD_STATUS */
31 #define ERR_STAT 0x01
32 #define INDEX_STAT 0x02
33 #define ECC_STAT 0x04 /* Corrected error */
34 #define DRQ_STAT 0x08
35 #define SEEK_STAT 0x10
36 #define SRV_STAT 0x10
37 #define WRERR_STAT 0x20
38 #define READY_STAT 0x40
39 #define BUSY_STAT 0x80
40
41 /* Bits for HD_ERROR */
42 #define MARK_ERR 0x01 /* Bad address mark */
43 #define TRK0_ERR 0x02 /* couldn't find track 0 */
44 #define ABRT_ERR 0x04 /* Command aborted */
45 #define MCR_ERR 0x08 /* media change request */
46 #define ID_ERR 0x10 /* ID field not found */
47 #define MC_ERR 0x20 /* media changed */
48 #define ECC_ERR 0x40 /* Uncorrectable ECC error */
49 #define BBD_ERR 0x80 /* pre-EIDE meaning: block marked bad */
50 #define ICRC_ERR 0x80 /* new meaning: CRC error during transfer */
51
52 /* Bits of HD_NSECTOR */
53 #define CD 0x01
54 #define IO 0x02
55 #define REL 0x04
56 #define TAG_MASK 0xf8
57
58 #define IDE_CMD_RESET 0x04
59 #define IDE_CMD_DISABLE_IRQ 0x02
60
61 /* ATA/ATAPI Commands pre T13 Spec */
62 #define WIN_NOP 0x00
63 /*
64 * 0x01->0x02 Reserved
65 */
66 #define CFA_REQ_EXT_ERROR_CODE 0x03 /* CFA Request Extended Error Code */
67 /*
68 * 0x04->0x07 Reserved
69 */
70 #define WIN_SRST 0x08 /* ATAPI soft reset command */
71 #define WIN_DEVICE_RESET 0x08
72 /*
73 * 0x09->0x0F Reserved
74 */
75 #define WIN_RECAL 0x10
76 #define WIN_RESTORE WIN_RECAL
77 /*
78 * 0x10->0x1F Reserved
79 */
80 #define WIN_READ 0x20 /* 28-Bit */
81 #define WIN_READ_ONCE 0x21 /* 28-Bit without retries */
82 #define WIN_READ_LONG 0x22 /* 28-Bit */
83 #define WIN_READ_LONG_ONCE 0x23 /* 28-Bit without retries */
84 #define WIN_READ_EXT 0x24 /* 48-Bit */
85 #define WIN_READDMA_EXT 0x25 /* 48-Bit */
86 #define WIN_READDMA_QUEUED_EXT 0x26 /* 48-Bit */
87 #define WIN_READ_NATIVE_MAX_EXT 0x27 /* 48-Bit */
88 /*
89 * 0x28
90 */
91 #define WIN_MULTREAD_EXT 0x29 /* 48-Bit */
92 /*
93 * 0x2A->0x2F Reserved
94 */
95 #define WIN_WRITE 0x30 /* 28-Bit */
96 #define WIN_WRITE_ONCE 0x31 /* 28-Bit without retries */
97 #define WIN_WRITE_LONG 0x32 /* 28-Bit */
98 #define WIN_WRITE_LONG_ONCE 0x33 /* 28-Bit without retries */
99 #define WIN_WRITE_EXT 0x34 /* 48-Bit */
100 #define WIN_WRITEDMA_EXT 0x35 /* 48-Bit */
101 #define WIN_WRITEDMA_QUEUED_EXT 0x36 /* 48-Bit */
102 #define WIN_SET_MAX_EXT 0x37 /* 48-Bit */
103 #define CFA_WRITE_SECT_WO_ERASE 0x38 /* CFA Write Sectors without erase */
104 #define WIN_MULTWRITE_EXT 0x39 /* 48-Bit */
105 /*
106 * 0x3A->0x3B Reserved
107 */
108 #define WIN_WRITE_VERIFY 0x3C /* 28-Bit */
109 /*
110 * 0x3D->0x3F Reserved
111 */
112 #define WIN_VERIFY 0x40 /* 28-Bit - Read Verify Sectors */
113 #define WIN_VERIFY_ONCE 0x41 /* 28-Bit - without retries */
114 #define WIN_VERIFY_EXT 0x42 /* 48-Bit */
115 /*
116 * 0x43->0x4F Reserved
117 */
118 #define WIN_FORMAT 0x50
119 /*
120 * 0x51->0x5F Reserved
121 */
122 #define WIN_INIT 0x60
123 /*
124 * 0x61->0x5F Reserved
125 */
126 #define WIN_SEEK 0x70 /* 0x70-0x7F Reserved */
127 #define CFA_TRANSLATE_SECTOR 0x87 /* CFA Translate Sector */
128 #define WIN_DIAGNOSE 0x90
129 #define WIN_SPECIFY 0x91 /* set drive geometry translation */
130 #define WIN_DOWNLOAD_MICROCODE 0x92
131 #define WIN_STANDBYNOW2 0x94
132 #define WIN_STANDBY2 0x96
133 #define WIN_SETIDLE2 0x97
134 #define WIN_CHECKPOWERMODE2 0x98
135 #define WIN_SLEEPNOW2 0x99
136 /*
137 * 0x9A VENDOR
138 */
139 #define WIN_PACKETCMD 0xA0 /* Send a packet command. */
140 #define WIN_PIDENTIFY 0xA1 /* identify ATAPI device */
141 #define WIN_QUEUED_SERVICE 0xA2
142 #define WIN_SMART 0xB0 /* self-monitoring and reporting */
143 #define CFA_ERASE_SECTORS 0xC0
144 #define WIN_MULTREAD 0xC4 /* read sectors using multiple mode*/
145 #define WIN_MULTWRITE 0xC5 /* write sectors using multiple mode */
146 #define WIN_SETMULT 0xC6 /* enable/disable multiple mode */
147 #define WIN_READDMA_QUEUED 0xC7 /* read sectors using Queued DMA transfers */
148 #define WIN_READDMA 0xC8 /* read sectors using DMA transfers */
149 #define WIN_READDMA_ONCE 0xC9 /* 28-Bit - without retries */
150 #define WIN_WRITEDMA 0xCA /* write sectors using DMA transfers */
151 #define WIN_WRITEDMA_ONCE 0xCB /* 28-Bit - without retries */
152 #define WIN_WRITEDMA_QUEUED 0xCC /* write sectors using Queued DMA transfers */
153 #define CFA_WRITE_MULTI_WO_ERASE 0xCD /* CFA Write multiple without erase */
154 #define WIN_GETMEDIASTATUS 0xDA
155 #define WIN_ACKMEDIACHANGE 0xDB /* ATA-1, ATA-2 vendor */
156 #define WIN_POSTBOOT 0xDC
157 #define WIN_PREBOOT 0xDD
158 #define WIN_DOORLOCK 0xDE /* lock door on removable drives */
159 #define WIN_DOORUNLOCK 0xDF /* unlock door on removable drives */
160 #define WIN_STANDBYNOW1 0xE0
161 #define WIN_IDLEIMMEDIATE 0xE1 /* force drive to become "ready" */
162 #define WIN_STANDBY 0xE2 /* Set device in Standby Mode */
163 #define WIN_SETIDLE1 0xE3
164 #define WIN_READ_BUFFER 0xE4 /* force read only 1 sector */
165 #define WIN_CHECKPOWERMODE1 0xE5
166 #define WIN_SLEEPNOW1 0xE6
167 #define WIN_FLUSH_CACHE 0xE7
168 #define WIN_WRITE_BUFFER 0xE8 /* force write only 1 sector */
169 #define WIN_WRITE_SAME 0xE9 /* read ata-2 to use */
170 /* SET_FEATURES 0x22 or 0xDD */
171 #define WIN_FLUSH_CACHE_EXT 0xEA /* 48-Bit */
172 #define WIN_IDENTIFY 0xEC /* ask drive to identify itself */
173 #define WIN_MEDIAEJECT 0xED
174 #define WIN_IDENTIFY_DMA 0xEE /* same as WIN_IDENTIFY, but DMA */
175 #define WIN_SETFEATURES 0xEF /* set special drive features */
176 #define EXABYTE_ENABLE_NEST 0xF0
177 #define WIN_SECURITY_SET_PASS 0xF1
178 #define WIN_SECURITY_UNLOCK 0xF2
179 #define WIN_SECURITY_ERASE_PREPARE 0xF3
180 #define WIN_SECURITY_ERASE_UNIT 0xF4
181 #define WIN_SECURITY_FREEZE_LOCK 0xF5
182 #define WIN_SECURITY_DISABLE 0xF6
183 #define WIN_READ_NATIVE_MAX 0xF8 /* return the native maximum address */
184 #define WIN_SET_MAX 0xF9
185 #define DISABLE_SEAGATE 0xFB
186
187 /* set to 1 set disable mult support */
188 #define MAX_MULT_SECTORS 16
189
190 /* ATAPI defines */
191
192 #define ATAPI_PACKET_SIZE 12
193
194 /* The generic packet command opcodes for CD/DVD Logical Units,
195 * From Table 57 of the SFF8090 Ver. 3 (Mt. Fuji) draft standard. */
196 #define GPCMD_BLANK 0xa1
197 #define GPCMD_CLOSE_TRACK 0x5b
198 #define GPCMD_FLUSH_CACHE 0x35
199 #define GPCMD_FORMAT_UNIT 0x04
200 #define GPCMD_GET_CONFIGURATION 0x46
201 #define GPCMD_GET_EVENT_STATUS_NOTIFICATION 0x4a
202 #define GPCMD_GET_PERFORMANCE 0xac
203 #define GPCMD_INQUIRY 0x12
204 #define GPCMD_LOAD_UNLOAD 0xa6
205 #define GPCMD_MECHANISM_STATUS 0xbd
206 #define GPCMD_MODE_SELECT_10 0x55
207 #define GPCMD_MODE_SENSE_10 0x5a
208 #define GPCMD_PAUSE_RESUME 0x4b
209 #define GPCMD_PLAY_AUDIO_10 0x45
210 #define GPCMD_PLAY_AUDIO_MSF 0x47
211 #define GPCMD_PLAY_AUDIO_TI 0x48
212 #define GPCMD_PLAY_CD 0xbc
213 #define GPCMD_PREVENT_ALLOW_MEDIUM_REMOVAL 0x1e
214 #define GPCMD_READ_10 0x28
215 #define GPCMD_READ_12 0xa8
216 #define GPCMD_READ_CDVD_CAPACITY 0x25
217 #define GPCMD_READ_CD 0xbe
218 #define GPCMD_READ_CD_MSF 0xb9
219 #define GPCMD_READ_DISC_INFO 0x51
220 #define GPCMD_READ_DVD_STRUCTURE 0xad
221 #define GPCMD_READ_FORMAT_CAPACITIES 0x23
222 #define GPCMD_READ_HEADER 0x44
223 #define GPCMD_READ_TRACK_RZONE_INFO 0x52
224 #define GPCMD_READ_SUBCHANNEL 0x42
225 #define GPCMD_READ_TOC_PMA_ATIP 0x43
226 #define GPCMD_REPAIR_RZONE_TRACK 0x58
227 #define GPCMD_REPORT_KEY 0xa4
228 #define GPCMD_REQUEST_SENSE 0x03
229 #define GPCMD_RESERVE_RZONE_TRACK 0x53
230 #define GPCMD_SCAN 0xba
231 #define GPCMD_SEEK 0x2b
232 #define GPCMD_SEND_DVD_STRUCTURE 0xad
233 #define GPCMD_SEND_EVENT 0xa2
234 #define GPCMD_SEND_KEY 0xa3
235 #define GPCMD_SEND_OPC 0x54
236 #define GPCMD_SET_READ_AHEAD 0xa7
237 #define GPCMD_SET_STREAMING 0xb6
238 #define GPCMD_START_STOP_UNIT 0x1b
239 #define GPCMD_STOP_PLAY_SCAN 0x4e
240 #define GPCMD_TEST_UNIT_READY 0x00
241 #define GPCMD_VERIFY_10 0x2f
242 #define GPCMD_WRITE_10 0x2a
243 #define GPCMD_WRITE_AND_VERIFY_10 0x2e
244 /* This is listed as optional in ATAPI 2.6, but is (curiously)
245 * missing from Mt. Fuji, Table 57. It _is_ mentioned in Mt. Fuji
246 * Table 377 as an MMC command for SCSi devices though... Most ATAPI
247 * drives support it. */
248 #define GPCMD_SET_SPEED 0xbb
249 /* This seems to be a SCSI specific CD-ROM opcode
250 * to play data at track/index */
251 #define GPCMD_PLAYAUDIO_TI 0x48
252 /*
253 * From MS Media Status Notification Support Specification. For
254 * older drives only.
255 */
256 #define GPCMD_GET_MEDIA_STATUS 0xda
257
258 /* Mode page codes for mode sense/set */
259 #define GPMODE_R_W_ERROR_PAGE 0x01
260 #define GPMODE_WRITE_PARMS_PAGE 0x05
261 #define GPMODE_AUDIO_CTL_PAGE 0x0e
262 #define GPMODE_POWER_PAGE 0x1a
263 #define GPMODE_FAULT_FAIL_PAGE 0x1c
264 #define GPMODE_TO_PROTECT_PAGE 0x1d
265 #define GPMODE_CAPABILITIES_PAGE 0x2a
266 #define GPMODE_ALL_PAGES 0x3f
267 /* Not in Mt. Fuji, but in ATAPI 2.6 -- depricated now in favor
268 * of MODE_SENSE_POWER_PAGE */
269 #define GPMODE_CDROM_PAGE 0x0d
270
271 #define ATAPI_INT_REASON_CD 0x01 /* 0 = data transfer */
272 #define ATAPI_INT_REASON_IO 0x02 /* 1 = transfer to the host */
273 #define ATAPI_INT_REASON_REL 0x04
274 #define ATAPI_INT_REASON_TAG 0xf8
275
276 /* same constants as bochs */
277 #define ASC_ILLEGAL_OPCODE 0x20
278 #define ASC_LOGICAL_BLOCK_OOR 0x21
279 #define ASC_INV_FIELD_IN_CMD_PACKET 0x24
280 #define ASC_MEDIUM_NOT_PRESENT 0x3a
281 #define ASC_SAVING_PARAMETERS_NOT_SUPPORTED 0x39
282
283 #define SENSE_NONE 0
284 #define SENSE_NOT_READY 2
285 #define SENSE_ILLEGAL_REQUEST 5
286 #define SENSE_UNIT_ATTENTION 6
287
288 struct IDEState;
289
290 typedef void EndTransferFunc(struct IDEState *);
291
292 /* NOTE: IDEState represents in fact one drive */
293 typedef struct IDEState {
294 /* ide config */
295 int is_cdrom;
296 int cylinders, heads, sectors;
297 int64_t nb_sectors;
298 int mult_sectors;
299 SetIRQFunc *set_irq;
300 void *irq_opaque;
301 int irq;
302 PCIDevice *pci_dev;
303 struct BMDMAState *bmdma;
304 int drive_serial;
305 /* ide regs */
306 uint8_t feature;
307 uint8_t error;
308 uint16_t nsector; /* 0 is 256 to ease computations */
309 uint8_t sector;
310 uint8_t lcyl;
311 uint8_t hcyl;
312 uint8_t select;
313 uint8_t status;
314 /* 0x3f6 command, only meaningful for drive 0 */
315 uint8_t cmd;
316 /* depends on bit 4 in select, only meaningful for drive 0 */
317 struct IDEState *cur_drive;
318 BlockDriverState *bs;
319 /* ATAPI specific */
320 uint8_t sense_key;
321 uint8_t asc;
322 int packet_transfer_size;
323 int elementary_transfer_size;
324 int io_buffer_index;
325 int lba;
326 int cd_sector_size;
327 int atapi_dma; /* true if dma is requested for the packet cmd */
328 /* ATA DMA state */
329 int io_buffer_size;
330 /* PIO transfer handling */
331 int req_nb_sectors; /* number of sectors per interrupt */
332 EndTransferFunc *end_transfer_func;
333 uint8_t *data_ptr;
334 uint8_t *data_end;
335 uint8_t io_buffer[MAX_MULT_SECTORS*512 + 4];
336 QEMUTimer *sector_write_timer; /* only used for win2k instal hack */
337 } IDEState;
338
339 #define BM_STATUS_DMAING 0x01
340 #define BM_STATUS_ERROR 0x02
341 #define BM_STATUS_INT 0x04
342
343 #define BM_CMD_START 0x01
344 #define BM_CMD_READ 0x08
345
346 #define IDE_TYPE_PIIX3 0
347 #define IDE_TYPE_CMD646 1
348
349 /* CMD646 specific */
350 #define MRDMODE 0x71
351 #define MRDMODE_INTR_CH0 0x04
352 #define MRDMODE_INTR_CH1 0x08
353 #define MRDMODE_BLK_CH0 0x10
354 #define MRDMODE_BLK_CH1 0x20
355 #define UDIDETCR0 0x73
356 #define UDIDETCR1 0x7B
357
358 typedef int IDEDMAFunc(IDEState *s,
359 target_phys_addr_t phys_addr,
360 int transfer_size1);
361
362 typedef struct BMDMAState {
363 uint8_t cmd;
364 uint8_t status;
365 uint32_t addr;
366
367 struct PCIIDEState *pci_dev;
368 /* current transfer state */
369 IDEState *ide_if;
370 IDEDMAFunc *dma_cb;
371 } BMDMAState;
372
373 typedef struct PCIIDEState {
374 PCIDevice dev;
375 IDEState ide_if[4];
376 BMDMAState bmdma[2];
377 int type; /* see IDE_TYPE_xxx */
378 } PCIIDEState;
379
380 static void ide_dma_start(IDEState *s, IDEDMAFunc *dma_cb);
381
382 static void padstr(char *str, const char *src, int len)
383 {
384 int i, v;
385 for(i = 0; i < len; i++) {
386 if (*src)
387 v = *src++;
388 else
389 v = ' ';
390 *(char *)((long)str ^ 1) = v;
391 str++;
392 }
393 }
394
395 static void padstr8(uint8_t *buf, int buf_size, const char *src)
396 {
397 int i;
398 for(i = 0; i < buf_size; i++) {
399 if (*src)
400 buf[i] = *src++;
401 else
402 buf[i] = ' ';
403 }
404 }
405
406 static void put_le16(uint16_t *p, unsigned int v)
407 {
408 *p = cpu_to_le16(v);
409 }
410
411 static void ide_identify(IDEState *s)
412 {
413 uint16_t *p;
414 unsigned int oldsize;
415 char buf[20];
416
417 memset(s->io_buffer, 0, 512);
418 p = (uint16_t *)s->io_buffer;
419 put_le16(p + 0, 0x0040);
420 put_le16(p + 1, s->cylinders);
421 put_le16(p + 3, s->heads);
422 put_le16(p + 4, 512 * s->sectors); /* XXX: retired, remove ? */
423 put_le16(p + 5, 512); /* XXX: retired, remove ? */
424 put_le16(p + 6, s->sectors);
425 snprintf(buf, sizeof(buf), "QM%05d", s->drive_serial);
426 padstr((uint8_t *)(p + 10), buf, 20); /* serial number */
427 put_le16(p + 20, 3); /* XXX: retired, remove ? */
428 put_le16(p + 21, 512); /* cache size in sectors */
429 put_le16(p + 22, 4); /* ecc bytes */
430 padstr((uint8_t *)(p + 23), QEMU_VERSION, 8); /* firmware version */
431 padstr((uint8_t *)(p + 27), "QEMU HARDDISK", 40); /* model */
432 #if MAX_MULT_SECTORS > 1
433 put_le16(p + 47, 0x8000 | MAX_MULT_SECTORS);
434 #endif
435 put_le16(p + 48, 1); /* dword I/O */
436 put_le16(p + 49, 1 << 9 | 1 << 8); /* DMA and LBA supported */
437 put_le16(p + 51, 0x200); /* PIO transfer cycle */
438 put_le16(p + 52, 0x200); /* DMA transfer cycle */
439 put_le16(p + 53, 1 | 1 << 2); /* words 54-58,88 are valid */
440 put_le16(p + 54, s->cylinders);
441 put_le16(p + 55, s->heads);
442 put_le16(p + 56, s->sectors);
443 oldsize = s->cylinders * s->heads * s->sectors;
444 put_le16(p + 57, oldsize);
445 put_le16(p + 58, oldsize >> 16);
446 if (s->mult_sectors)
447 put_le16(p + 59, 0x100 | s->mult_sectors);
448 put_le16(p + 60, s->nb_sectors);
449 put_le16(p + 61, s->nb_sectors >> 16);
450 put_le16(p + 80, (1 << 1) | (1 << 2));
451 put_le16(p + 82, (1 << 14));
452 put_le16(p + 83, (1 << 14));
453 put_le16(p + 84, (1 << 14));
454 put_le16(p + 85, (1 << 14));
455 put_le16(p + 86, 0);
456 put_le16(p + 87, (1 << 14));
457 put_le16(p + 88, 0x1f | (1 << 13));
458 put_le16(p + 93, 1 | (1 << 14) | 0x2000 | 0x4000);
459 }
460
461 static void ide_atapi_identify(IDEState *s)
462 {
463 uint16_t *p;
464 char buf[20];
465
466 memset(s->io_buffer, 0, 512);
467 p = (uint16_t *)s->io_buffer;
468 /* Removable CDROM, 50us response, 12 byte packets */
469 put_le16(p + 0, (2 << 14) | (5 << 8) | (1 << 7) | (2 << 5) | (0 << 0));
470 snprintf(buf, sizeof(buf), "QM%05d", s->drive_serial);
471 padstr((uint8_t *)(p + 10), buf, 20); /* serial number */
472 put_le16(p + 20, 3); /* buffer type */
473 put_le16(p + 21, 512); /* cache size in sectors */
474 put_le16(p + 22, 4); /* ecc bytes */
475 padstr((uint8_t *)(p + 23), QEMU_VERSION, 8); /* firmware version */
476 padstr((uint8_t *)(p + 27), "QEMU CD-ROM", 40); /* model */
477 put_le16(p + 48, 1); /* dword I/O (XXX: should not be set on CDROM) */
478 put_le16(p + 49, 1 << 9); /* LBA supported, no DMA */
479 put_le16(p + 53, 3); /* words 64-70, 54-58 valid */
480 put_le16(p + 63, 0x103); /* DMA modes XXX: may be incorrect */
481 put_le16(p + 64, 1); /* PIO modes */
482 put_le16(p + 65, 0xb4); /* minimum DMA multiword tx cycle time */
483 put_le16(p + 66, 0xb4); /* recommended DMA multiword tx cycle time */
484 put_le16(p + 67, 0x12c); /* minimum PIO cycle time without flow control */
485 put_le16(p + 68, 0xb4); /* minimum PIO cycle time with IORDY flow control */
486
487 put_le16(p + 71, 30); /* in ns */
488 put_le16(p + 72, 30); /* in ns */
489
490 put_le16(p + 80, 0x1e); /* support up to ATA/ATAPI-4 */
491 }
492
493 static void ide_set_signature(IDEState *s)
494 {
495 s->select &= 0xf0; /* clear head */
496 /* put signature */
497 s->nsector = 1;
498 s->sector = 1;
499 if (s->is_cdrom) {
500 s->lcyl = 0x14;
501 s->hcyl = 0xeb;
502 } else if (s->bs) {
503 s->lcyl = 0;
504 s->hcyl = 0;
505 } else {
506 s->lcyl = 0xff;
507 s->hcyl = 0xff;
508 }
509 }
510
511 static inline void ide_abort_command(IDEState *s)
512 {
513 s->status = READY_STAT | ERR_STAT;
514 s->error = ABRT_ERR;
515 }
516
517 static inline void ide_set_irq(IDEState *s)
518 {
519 BMDMAState *bm = s->bmdma;
520 if (!(s->cmd & IDE_CMD_DISABLE_IRQ)) {
521 if (bm) {
522 bm->status |= BM_STATUS_INT;
523 }
524 s->set_irq(s->irq_opaque, s->irq, 1);
525 }
526 }
527
528 /* prepare data transfer and tell what to do after */
529 static void ide_transfer_start(IDEState *s, uint8_t *buf, int size,
530 EndTransferFunc *end_transfer_func)
531 {
532 s->end_transfer_func = end_transfer_func;
533 s->data_ptr = buf;
534 s->data_end = buf + size;
535 s->status |= DRQ_STAT;
536 }
537
538 static void ide_transfer_stop(IDEState *s)
539 {
540 s->end_transfer_func = ide_transfer_stop;
541 s->data_ptr = s->io_buffer;
542 s->data_end = s->io_buffer;
543 s->status &= ~DRQ_STAT;
544 }
545
546 static int64_t ide_get_sector(IDEState *s)
547 {
548 int64_t sector_num;
549 if (s->select & 0x40) {
550 /* lba */
551 sector_num = ((s->select & 0x0f) << 24) | (s->hcyl << 16) |
552 (s->lcyl << 8) | s->sector;
553 } else {
554 sector_num = ((s->hcyl << 8) | s->lcyl) * s->heads * s->sectors +
555 (s->select & 0x0f) * s->sectors +
556 (s->sector - 1);
557 }
558 return sector_num;
559 }
560
561 static void ide_set_sector(IDEState *s, int64_t sector_num)
562 {
563 unsigned int cyl, r;
564 if (s->select & 0x40) {
565 s->select = (s->select & 0xf0) | (sector_num >> 24);
566 s->hcyl = (sector_num >> 16);
567 s->lcyl = (sector_num >> 8);
568 s->sector = (sector_num);
569 } else {
570 cyl = sector_num / (s->heads * s->sectors);
571 r = sector_num % (s->heads * s->sectors);
572 s->hcyl = cyl >> 8;
573 s->lcyl = cyl;
574 s->select = (s->select & 0xf0) | ((r / s->sectors) & 0x0f);
575 s->sector = (r % s->sectors) + 1;
576 }
577 }
578
579 static void ide_sector_read(IDEState *s)
580 {
581 int64_t sector_num;
582 int ret, n;
583
584 s->status = READY_STAT | SEEK_STAT;
585 s->error = 0; /* not needed by IDE spec, but needed by Windows */
586 sector_num = ide_get_sector(s);
587 n = s->nsector;
588 if (n == 0) {
589 /* no more sector to read from disk */
590 ide_transfer_stop(s);
591 } else {
592 #if defined(DEBUG_IDE)
593 printf("read sector=%Ld\n", sector_num);
594 #endif
595 if (n > s->req_nb_sectors)
596 n = s->req_nb_sectors;
597 ret = bdrv_read(s->bs, sector_num, s->io_buffer, n);
598 ide_transfer_start(s, s->io_buffer, 512 * n, ide_sector_read);
599 ide_set_irq(s);
600 ide_set_sector(s, sector_num + n);
601 s->nsector -= n;
602 }
603 }
604
605 static int ide_read_dma_cb(IDEState *s,
606 target_phys_addr_t phys_addr,
607 int transfer_size1)
608 {
609 int len, transfer_size, n;
610 int64_t sector_num;
611
612 transfer_size = transfer_size1;
613 while (transfer_size > 0) {
614 len = s->io_buffer_size - s->io_buffer_index;
615 if (len <= 0) {
616 /* transfert next data */
617 n = s->nsector;
618 if (n == 0)
619 break;
620 if (n > MAX_MULT_SECTORS)
621 n = MAX_MULT_SECTORS;
622 sector_num = ide_get_sector(s);
623 bdrv_read(s->bs, sector_num, s->io_buffer, n);
624 s->io_buffer_index = 0;
625 s->io_buffer_size = n * 512;
626 len = s->io_buffer_size;
627 sector_num += n;
628 ide_set_sector(s, sector_num);
629 s->nsector -= n;
630 }
631 if (len > transfer_size)
632 len = transfer_size;
633 cpu_physical_memory_write(phys_addr,
634 s->io_buffer + s->io_buffer_index, len);
635 s->io_buffer_index += len;
636 transfer_size -= len;
637 phys_addr += len;
638 }
639 if (s->io_buffer_index >= s->io_buffer_size && s->nsector == 0) {
640 s->status = READY_STAT | SEEK_STAT;
641 ide_set_irq(s);
642 #ifdef DEBUG_IDE_ATAPI
643 printf("dma status=0x%x\n", s->status);
644 #endif
645 return 0;
646 }
647 return transfer_size1 - transfer_size;
648 }
649
650 static void ide_sector_read_dma(IDEState *s)
651 {
652 s->status = READY_STAT | SEEK_STAT | DRQ_STAT;
653 s->io_buffer_index = 0;
654 s->io_buffer_size = 0;
655 ide_dma_start(s, ide_read_dma_cb);
656 }
657
658 static void ide_sector_write_timer_cb(void *opaque)
659 {
660 IDEState *s = opaque;
661 ide_set_irq(s);
662 }
663
664 static void ide_sector_write(IDEState *s)
665 {
666 int64_t sector_num;
667 int ret, n, n1;
668
669 s->status = READY_STAT | SEEK_STAT;
670 sector_num = ide_get_sector(s);
671 #if defined(DEBUG_IDE)
672 printf("write sector=%Ld\n", sector_num);
673 #endif
674 n = s->nsector;
675 if (n > s->req_nb_sectors)
676 n = s->req_nb_sectors;
677 ret = bdrv_write(s->bs, sector_num, s->io_buffer, n);
678 s->nsector -= n;
679 if (s->nsector == 0) {
680 /* no more sector to write */
681 ide_transfer_stop(s);
682 } else {
683 n1 = s->nsector;
684 if (n1 > s->req_nb_sectors)
685 n1 = s->req_nb_sectors;
686 ide_transfer_start(s, s->io_buffer, 512 * n1, ide_sector_write);
687 }
688 ide_set_sector(s, sector_num + n);
689
690 #ifdef TARGET_I386
691 if (win2k_install_hack) {
692 /* It seems there is a bug in the Windows 2000 installer HDD
693 IDE driver which fills the disk with empty logs when the
694 IDE write IRQ comes too early. This hack tries to correct
695 that at the expense of slower write performances. Use this
696 option _only_ to install Windows 2000. You must disable it
697 for normal use. */
698 qemu_mod_timer(s->sector_write_timer,
699 qemu_get_clock(vm_clock) + (ticks_per_sec / 1000));
700 } else
701 #endif
702 {
703 ide_set_irq(s);
704 }
705 }
706
707 static int ide_write_dma_cb(IDEState *s,
708 target_phys_addr_t phys_addr,
709 int transfer_size1)
710 {
711 int len, transfer_size, n;
712 int64_t sector_num;
713
714 transfer_size = transfer_size1;
715 for(;;) {
716 len = s->io_buffer_size - s->io_buffer_index;
717 if (len == 0) {
718 n = s->io_buffer_size >> 9;
719 sector_num = ide_get_sector(s);
720 bdrv_write(s->bs, sector_num, s->io_buffer,
721 s->io_buffer_size >> 9);
722 sector_num += n;
723 ide_set_sector(s, sector_num);
724 s->nsector -= n;
725 n = s->nsector;
726 if (n == 0) {
727 /* end of transfer */
728 s->status = READY_STAT | SEEK_STAT;
729 ide_set_irq(s);
730 return 0;
731 }
732 if (n > MAX_MULT_SECTORS)
733 n = MAX_MULT_SECTORS;
734 s->io_buffer_index = 0;
735 s->io_buffer_size = n * 512;
736 len = s->io_buffer_size;
737 }
738 if (transfer_size <= 0)
739 break;
740 if (len > transfer_size)
741 len = transfer_size;
742 cpu_physical_memory_read(phys_addr,
743 s->io_buffer + s->io_buffer_index, len);
744 s->io_buffer_index += len;
745 transfer_size -= len;
746 phys_addr += len;
747 }
748 return transfer_size1 - transfer_size;
749 }
750
751 static void ide_sector_write_dma(IDEState *s)
752 {
753 int n;
754 s->status = READY_STAT | SEEK_STAT | DRQ_STAT;
755 n = s->nsector;
756 if (n > MAX_MULT_SECTORS)
757 n = MAX_MULT_SECTORS;
758 s->io_buffer_index = 0;
759 s->io_buffer_size = n * 512;
760 ide_dma_start(s, ide_write_dma_cb);
761 }
762
763 static void ide_atapi_cmd_ok(IDEState *s)
764 {
765 s->error = 0;
766 s->status = READY_STAT;
767 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
768 ide_set_irq(s);
769 }
770
771 static void ide_atapi_cmd_error(IDEState *s, int sense_key, int asc)
772 {
773 #ifdef DEBUG_IDE_ATAPI
774 printf("atapi_cmd_error: sense=0x%x asc=0x%x\n", sense_key, asc);
775 #endif
776 s->error = sense_key << 4;
777 s->status = READY_STAT | ERR_STAT;
778 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
779 s->sense_key = sense_key;
780 s->asc = asc;
781 ide_set_irq(s);
782 }
783
784 static inline void cpu_to_ube16(uint8_t *buf, int val)
785 {
786 buf[0] = val >> 8;
787 buf[1] = val;
788 }
789
790 static inline void cpu_to_ube32(uint8_t *buf, unsigned int val)
791 {
792 buf[0] = val >> 24;
793 buf[1] = val >> 16;
794 buf[2] = val >> 8;
795 buf[3] = val;
796 }
797
798 static inline int ube16_to_cpu(const uint8_t *buf)
799 {
800 return (buf[0] << 8) | buf[1];
801 }
802
803 static inline int ube32_to_cpu(const uint8_t *buf)
804 {
805 return (buf[0] << 24) | (buf[1] << 16) | (buf[2] << 8) | buf[3];
806 }
807
808 static void lba_to_msf(uint8_t *buf, int lba)
809 {
810 lba += 150;
811 buf[0] = (lba / 75) / 60;
812 buf[1] = (lba / 75) % 60;
813 buf[2] = lba % 75;
814 }
815
816 static void cd_read_sector(BlockDriverState *bs, int lba, uint8_t *buf,
817 int sector_size)
818 {
819 switch(sector_size) {
820 case 2048:
821 bdrv_read(bs, (int64_t)lba << 2, buf, 4);
822 break;
823 case 2352:
824 /* sync bytes */
825 buf[0] = 0x00;
826 memset(buf + 1, 0xff, 10);
827 buf[11] = 0x00;
828 buf += 12;
829 /* MSF */
830 lba_to_msf(buf, lba);
831 buf[3] = 0x01; /* mode 1 data */
832 buf += 4;
833 /* data */
834 bdrv_read(bs, (int64_t)lba << 2, buf, 4);
835 buf += 2048;
836 /* ECC */
837 memset(buf, 0, 288);
838 break;
839 default:
840 break;
841 }
842 }
843
844 /* The whole ATAPI transfer logic is handled in this function */
845 static void ide_atapi_cmd_reply_end(IDEState *s)
846 {
847 int byte_count_limit, size;
848 #ifdef DEBUG_IDE_ATAPI
849 printf("reply: tx_size=%d elem_tx_size=%d index=%d\n",
850 s->packet_transfer_size,
851 s->elementary_transfer_size,
852 s->io_buffer_index);
853 #endif
854 if (s->packet_transfer_size <= 0) {
855 /* end of transfer */
856 ide_transfer_stop(s);
857 s->status = READY_STAT;
858 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
859 ide_set_irq(s);
860 #ifdef DEBUG_IDE_ATAPI
861 printf("status=0x%x\n", s->status);
862 #endif
863 } else {
864 /* see if a new sector must be read */
865 if (s->lba != -1 && s->io_buffer_index >= s->cd_sector_size) {
866 cd_read_sector(s->bs, s->lba, s->io_buffer, s->cd_sector_size);
867 s->lba++;
868 s->io_buffer_index = 0;
869 }
870 if (s->elementary_transfer_size > 0) {
871 /* there are some data left to transmit in this elementary
872 transfer */
873 size = s->cd_sector_size - s->io_buffer_index;
874 if (size > s->elementary_transfer_size)
875 size = s->elementary_transfer_size;
876 ide_transfer_start(s, s->io_buffer + s->io_buffer_index,
877 size, ide_atapi_cmd_reply_end);
878 s->packet_transfer_size -= size;
879 s->elementary_transfer_size -= size;
880 s->io_buffer_index += size;
881 } else {
882 /* a new transfer is needed */
883 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO;
884 byte_count_limit = s->lcyl | (s->hcyl << 8);
885 #ifdef DEBUG_IDE_ATAPI
886 printf("byte_count_limit=%d\n", byte_count_limit);
887 #endif
888 if (byte_count_limit == 0xffff)
889 byte_count_limit--;
890 size = s->packet_transfer_size;
891 if (size > byte_count_limit) {
892 /* byte count limit must be even if this case */
893 if (byte_count_limit & 1)
894 byte_count_limit--;
895 size = byte_count_limit;
896 }
897 s->lcyl = size;
898 s->hcyl = size >> 8;
899 s->elementary_transfer_size = size;
900 /* we cannot transmit more than one sector at a time */
901 if (s->lba != -1) {
902 if (size > (s->cd_sector_size - s->io_buffer_index))
903 size = (s->cd_sector_size - s->io_buffer_index);
904 }
905 ide_transfer_start(s, s->io_buffer + s->io_buffer_index,
906 size, ide_atapi_cmd_reply_end);
907 s->packet_transfer_size -= size;
908 s->elementary_transfer_size -= size;
909 s->io_buffer_index += size;
910 ide_set_irq(s);
911 #ifdef DEBUG_IDE_ATAPI
912 printf("status=0x%x\n", s->status);
913 #endif
914 }
915 }
916 }
917
918 /* send a reply of 'size' bytes in s->io_buffer to an ATAPI command */
919 static void ide_atapi_cmd_reply(IDEState *s, int size, int max_size)
920 {
921 if (size > max_size)
922 size = max_size;
923 s->lba = -1; /* no sector read */
924 s->packet_transfer_size = size;
925 s->elementary_transfer_size = 0;
926 s->io_buffer_index = 0;
927
928 s->status = READY_STAT;
929 ide_atapi_cmd_reply_end(s);
930 }
931
932 /* start a CD-CDROM read command */
933 static void ide_atapi_cmd_read_pio(IDEState *s, int lba, int nb_sectors,
934 int sector_size)
935 {
936 s->lba = lba;
937 s->packet_transfer_size = nb_sectors * sector_size;
938 s->elementary_transfer_size = 0;
939 s->io_buffer_index = sector_size;
940 s->cd_sector_size = sector_size;
941
942 s->status = READY_STAT;
943 ide_atapi_cmd_reply_end(s);
944 }
945
946 /* ATAPI DMA support */
947 static int ide_atapi_cmd_read_dma_cb(IDEState *s,
948 target_phys_addr_t phys_addr,
949 int transfer_size1)
950 {
951 int len, transfer_size;
952
953 transfer_size = transfer_size1;
954 while (transfer_size > 0) {
955 #ifdef DEBUG_IDE_ATAPI
956 printf("transfer_size: %d phys_addr=%08x\n", transfer_size, phys_addr);
957 #endif
958 if (s->packet_transfer_size <= 0)
959 break;
960 len = s->cd_sector_size - s->io_buffer_index;
961 if (len <= 0) {
962 /* transfert next data */
963 cd_read_sector(s->bs, s->lba, s->io_buffer, s->cd_sector_size);
964 s->lba++;
965 s->io_buffer_index = 0;
966 len = s->cd_sector_size;
967 }
968 if (len > transfer_size)
969 len = transfer_size;
970 cpu_physical_memory_write(phys_addr,
971 s->io_buffer + s->io_buffer_index, len);
972 s->packet_transfer_size -= len;
973 s->io_buffer_index += len;
974 transfer_size -= len;
975 phys_addr += len;
976 }
977 if (s->packet_transfer_size <= 0) {
978 s->status = READY_STAT;
979 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
980 ide_set_irq(s);
981 #ifdef DEBUG_IDE_ATAPI
982 printf("dma status=0x%x\n", s->status);
983 #endif
984 return 0;
985 }
986 return transfer_size1 - transfer_size;
987 }
988
989 /* start a CD-CDROM read command with DMA */
990 /* XXX: test if DMA is available */
991 static void ide_atapi_cmd_read_dma(IDEState *s, int lba, int nb_sectors,
992 int sector_size)
993 {
994 s->lba = lba;
995 s->packet_transfer_size = nb_sectors * sector_size;
996 s->io_buffer_index = sector_size;
997 s->cd_sector_size = sector_size;
998
999 s->status = READY_STAT | DRQ_STAT;
1000 ide_dma_start(s, ide_atapi_cmd_read_dma_cb);
1001 }
1002
1003 static void ide_atapi_cmd_read(IDEState *s, int lba, int nb_sectors,
1004 int sector_size)
1005 {
1006 #ifdef DEBUG_IDE_ATAPI
1007 printf("read: LBA=%d nb_sectors=%d\n", lba, nb_sectors);
1008 #endif
1009 if (s->atapi_dma) {
1010 ide_atapi_cmd_read_dma(s, lba, nb_sectors, sector_size);
1011 } else {
1012 ide_atapi_cmd_read_pio(s, lba, nb_sectors, sector_size);
1013 }
1014 }
1015
1016 /* same toc as bochs. Return -1 if error or the toc length */
1017 /* XXX: check this */
1018 static int cdrom_read_toc(IDEState *s, uint8_t *buf, int msf, int start_track)
1019 {
1020 uint8_t *q;
1021 int nb_sectors, len;
1022
1023 if (start_track > 1 && start_track != 0xaa)
1024 return -1;
1025 q = buf + 2;
1026 *q++ = 1; /* first session */
1027 *q++ = 1; /* last session */
1028 if (start_track <= 1) {
1029 *q++ = 0; /* reserved */
1030 *q++ = 0x14; /* ADR, control */
1031 *q++ = 1; /* track number */
1032 *q++ = 0; /* reserved */
1033 if (msf) {
1034 *q++ = 0; /* reserved */
1035 lba_to_msf(q, 0);
1036 q += 3;
1037 } else {
1038 /* sector 0 */
1039 cpu_to_ube32(q, 0);
1040 q += 4;
1041 }
1042 }
1043 /* lead out track */
1044 *q++ = 0; /* reserved */
1045 *q++ = 0x16; /* ADR, control */
1046 *q++ = 0xaa; /* track number */
1047 *q++ = 0; /* reserved */
1048 nb_sectors = s->nb_sectors >> 2;
1049 if (msf) {
1050 *q++ = 0; /* reserved */
1051 lba_to_msf(q, nb_sectors);
1052 q += 3;
1053 } else {
1054 cpu_to_ube32(q, nb_sectors);
1055 q += 4;
1056 }
1057 len = q - buf;
1058 cpu_to_ube16(buf, len - 2);
1059 return len;
1060 }
1061
1062 /* mostly same info as PearPc */
1063 static int cdrom_read_toc_raw(IDEState *s, uint8_t *buf, int msf,
1064 int session_num)
1065 {
1066 uint8_t *q;
1067 int nb_sectors, len;
1068
1069 q = buf + 2;
1070 *q++ = 1; /* first session */
1071 *q++ = 1; /* last session */
1072
1073 *q++ = 1; /* session number */
1074 *q++ = 0x14; /* data track */
1075 *q++ = 0; /* track number */
1076 *q++ = 0xa0; /* lead-in */
1077 *q++ = 0; /* min */
1078 *q++ = 0; /* sec */
1079 *q++ = 0; /* frame */
1080 *q++ = 0;
1081 *q++ = 1; /* first track */
1082 *q++ = 0x00; /* disk type */
1083 *q++ = 0x00;
1084
1085 *q++ = 1; /* session number */
1086 *q++ = 0x14; /* data track */
1087 *q++ = 0; /* track number */
1088 *q++ = 0xa1;
1089 *q++ = 0; /* min */
1090 *q++ = 0; /* sec */
1091 *q++ = 0; /* frame */
1092 *q++ = 0;
1093 *q++ = 1; /* last track */
1094 *q++ = 0x00;
1095 *q++ = 0x00;
1096
1097 *q++ = 1; /* session number */
1098 *q++ = 0x14; /* data track */
1099 *q++ = 0; /* track number */
1100 *q++ = 0xa2; /* lead-out */
1101 *q++ = 0; /* min */
1102 *q++ = 0; /* sec */
1103 *q++ = 0; /* frame */
1104 nb_sectors = s->nb_sectors >> 2;
1105 if (msf) {
1106 *q++ = 0; /* reserved */
1107 lba_to_msf(q, nb_sectors);
1108 q += 3;
1109 } else {
1110 cpu_to_ube32(q, nb_sectors);
1111 q += 4;
1112 }
1113
1114 *q++ = 1; /* session number */
1115 *q++ = 0x14; /* ADR, control */
1116 *q++ = 0; /* track number */
1117 *q++ = 1; /* point */
1118 *q++ = 0; /* min */
1119 *q++ = 0; /* sec */
1120 *q++ = 0; /* frame */
1121 if (msf) {
1122 *q++ = 0;
1123 lba_to_msf(q, 0);
1124 q += 3;
1125 } else {
1126 *q++ = 0;
1127 *q++ = 0;
1128 *q++ = 0;
1129 *q++ = 0;
1130 }
1131
1132 len = q - buf;
1133 cpu_to_ube16(buf, len - 2);
1134 return len;
1135 }
1136
1137 static void ide_atapi_cmd(IDEState *s)
1138 {
1139 const uint8_t *packet;
1140 uint8_t *buf;
1141 int max_len;
1142
1143 packet = s->io_buffer;
1144 buf = s->io_buffer;
1145 #ifdef DEBUG_IDE_ATAPI
1146 {
1147 int i;
1148 printf("ATAPI limit=0x%x packet:", s->lcyl | (s->hcyl << 8));
1149 for(i = 0; i < ATAPI_PACKET_SIZE; i++) {
1150 printf(" %02x", packet[i]);
1151 }
1152 printf("\n");
1153 }
1154 #endif
1155 switch(s->io_buffer[0]) {
1156 case GPCMD_TEST_UNIT_READY:
1157 if (bdrv_is_inserted(s->bs)) {
1158 ide_atapi_cmd_ok(s);
1159 } else {
1160 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1161 ASC_MEDIUM_NOT_PRESENT);
1162 }
1163 break;
1164 case GPCMD_MODE_SENSE_10:
1165 {
1166 int action, code;
1167 max_len = ube16_to_cpu(packet + 7);
1168 action = packet[2] >> 6;
1169 code = packet[2] & 0x3f;
1170 switch(action) {
1171 case 0: /* current values */
1172 switch(code) {
1173 case 0x01: /* error recovery */
1174 cpu_to_ube16(&buf[0], 16 + 6);
1175 buf[2] = 0x70;
1176 buf[3] = 0;
1177 buf[4] = 0;
1178 buf[5] = 0;
1179 buf[6] = 0;
1180 buf[7] = 0;
1181
1182 buf[8] = 0x01;
1183 buf[9] = 0x06;
1184 buf[10] = 0x00;
1185 buf[11] = 0x05;
1186 buf[12] = 0x00;
1187 buf[13] = 0x00;
1188 buf[14] = 0x00;
1189 buf[15] = 0x00;
1190 ide_atapi_cmd_reply(s, 16, max_len);
1191 break;
1192 case 0x2a:
1193 cpu_to_ube16(&buf[0], 28 + 6);
1194 buf[2] = 0x70;
1195 buf[3] = 0;
1196 buf[4] = 0;
1197 buf[5] = 0;
1198 buf[6] = 0;
1199 buf[7] = 0;
1200
1201 buf[8] = 0x2a;
1202 buf[9] = 0x12;
1203 buf[10] = 0x00;
1204 buf[11] = 0x00;
1205
1206 buf[12] = 0x70;
1207 buf[13] = 3 << 5;
1208 buf[14] = (1 << 0) | (1 << 3) | (1 << 5);
1209 if (bdrv_is_locked(s->bs))
1210 buf[6] |= 1 << 1;
1211 buf[15] = 0x00;
1212 cpu_to_ube16(&buf[16], 706);
1213 buf[18] = 0;
1214 buf[19] = 2;
1215 cpu_to_ube16(&buf[20], 512);
1216 cpu_to_ube16(&buf[22], 706);
1217 buf[24] = 0;
1218 buf[25] = 0;
1219 buf[26] = 0;
1220 buf[27] = 0;
1221 ide_atapi_cmd_reply(s, 28, max_len);
1222 break;
1223 default:
1224 goto error_cmd;
1225 }
1226 break;
1227 case 1: /* changeable values */
1228 goto error_cmd;
1229 case 2: /* default values */
1230 goto error_cmd;
1231 default:
1232 case 3: /* saved values */
1233 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1234 ASC_SAVING_PARAMETERS_NOT_SUPPORTED);
1235 break;
1236 }
1237 }
1238 break;
1239 case GPCMD_REQUEST_SENSE:
1240 max_len = packet[4];
1241 memset(buf, 0, 18);
1242 buf[0] = 0x70 | (1 << 7);
1243 buf[2] = s->sense_key;
1244 buf[7] = 10;
1245 buf[12] = s->asc;
1246 ide_atapi_cmd_reply(s, 18, max_len);
1247 break;
1248 case GPCMD_PREVENT_ALLOW_MEDIUM_REMOVAL:
1249 if (bdrv_is_inserted(s->bs)) {
1250 bdrv_set_locked(s->bs, packet[4] & 1);
1251 ide_atapi_cmd_ok(s);
1252 } else {
1253 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1254 ASC_MEDIUM_NOT_PRESENT);
1255 }
1256 break;
1257 case GPCMD_READ_10:
1258 case GPCMD_READ_12:
1259 {
1260 int nb_sectors, lba;
1261
1262 if (!bdrv_is_inserted(s->bs)) {
1263 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1264 ASC_MEDIUM_NOT_PRESENT);
1265 break;
1266 }
1267 if (packet[0] == GPCMD_READ_10)
1268 nb_sectors = ube16_to_cpu(packet + 7);
1269 else
1270 nb_sectors = ube32_to_cpu(packet + 6);
1271 lba = ube32_to_cpu(packet + 2);
1272 if (nb_sectors == 0) {
1273 ide_atapi_cmd_ok(s);
1274 break;
1275 }
1276 if (((int64_t)(lba + nb_sectors) << 2) > s->nb_sectors) {
1277 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1278 ASC_LOGICAL_BLOCK_OOR);
1279 break;
1280 }
1281 ide_atapi_cmd_read(s, lba, nb_sectors, 2048);
1282 }
1283 break;
1284 case GPCMD_READ_CD:
1285 {
1286 int nb_sectors, lba, transfer_request;
1287
1288 if (!bdrv_is_inserted(s->bs)) {
1289 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1290 ASC_MEDIUM_NOT_PRESENT);
1291 break;
1292 }
1293 nb_sectors = (packet[6] << 16) | (packet[7] << 8) | packet[8];
1294 lba = ube32_to_cpu(packet + 2);
1295 if (nb_sectors == 0) {
1296 ide_atapi_cmd_ok(s);
1297 break;
1298 }
1299 if (((int64_t)(lba + nb_sectors) << 2) > s->nb_sectors) {
1300 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1301 ASC_LOGICAL_BLOCK_OOR);
1302 break;
1303 }
1304 transfer_request = packet[9];
1305 switch(transfer_request & 0xf8) {
1306 case 0x00:
1307 /* nothing */
1308 ide_atapi_cmd_ok(s);
1309 break;
1310 case 0x10:
1311 /* normal read */
1312 ide_atapi_cmd_read(s, lba, nb_sectors, 2048);
1313 break;
1314 case 0xf8:
1315 /* read all data */
1316 ide_atapi_cmd_read(s, lba, nb_sectors, 2352);
1317 break;
1318 default:
1319 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1320 ASC_INV_FIELD_IN_CMD_PACKET);
1321 break;
1322 }
1323 }
1324 break;
1325 case GPCMD_SEEK:
1326 {
1327 int lba;
1328 if (!bdrv_is_inserted(s->bs)) {
1329 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1330 ASC_MEDIUM_NOT_PRESENT);
1331 break;
1332 }
1333 lba = ube32_to_cpu(packet + 2);
1334 if (((int64_t)lba << 2) > s->nb_sectors) {
1335 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1336 ASC_LOGICAL_BLOCK_OOR);
1337 break;
1338 }
1339 ide_atapi_cmd_ok(s);
1340 }
1341 break;
1342 case GPCMD_START_STOP_UNIT:
1343 {
1344 int start, eject;
1345 start = packet[4] & 1;
1346 eject = (packet[4] >> 1) & 1;
1347
1348 if (eject && !start) {
1349 /* eject the disk */
1350 bdrv_close(s->bs);
1351 }
1352 ide_atapi_cmd_ok(s);
1353 }
1354 break;
1355 case GPCMD_MECHANISM_STATUS:
1356 {
1357 max_len = ube16_to_cpu(packet + 8);
1358 cpu_to_ube16(buf, 0);
1359 /* no current LBA */
1360 buf[2] = 0;
1361 buf[3] = 0;
1362 buf[4] = 0;
1363 buf[5] = 1;
1364 cpu_to_ube16(buf + 6, 0);
1365 ide_atapi_cmd_reply(s, 8, max_len);
1366 }
1367 break;
1368 case GPCMD_READ_TOC_PMA_ATIP:
1369 {
1370 int format, msf, start_track, len;
1371
1372 if (!bdrv_is_inserted(s->bs)) {
1373 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1374 ASC_MEDIUM_NOT_PRESENT);
1375 break;
1376 }
1377 max_len = ube16_to_cpu(packet + 7);
1378 format = packet[9] >> 6;
1379 msf = (packet[1] >> 1) & 1;
1380 start_track = packet[6];
1381 switch(format) {
1382 case 0:
1383 len = cdrom_read_toc(s, buf, msf, start_track);
1384 if (len < 0)
1385 goto error_cmd;
1386 ide_atapi_cmd_reply(s, len, max_len);
1387 break;
1388 case 1:
1389 /* multi session : only a single session defined */
1390 memset(buf, 0, 12);
1391 buf[1] = 0x0a;
1392 buf[2] = 0x01;
1393 buf[3] = 0x01;
1394 ide_atapi_cmd_reply(s, 12, max_len);
1395 break;
1396 case 2:
1397 len = cdrom_read_toc_raw(s, buf, msf, start_track);
1398 if (len < 0)
1399 goto error_cmd;
1400 ide_atapi_cmd_reply(s, len, max_len);
1401 break;
1402 default:
1403 error_cmd:
1404 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1405 ASC_INV_FIELD_IN_CMD_PACKET);
1406 break;
1407 }
1408 }
1409 break;
1410 case GPCMD_READ_CDVD_CAPACITY:
1411 if (!bdrv_is_inserted(s->bs)) {
1412 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1413 ASC_MEDIUM_NOT_PRESENT);
1414 break;
1415 }
1416 /* NOTE: it is really the number of sectors minus 1 */
1417 cpu_to_ube32(buf, (s->nb_sectors >> 2) - 1);
1418 cpu_to_ube32(buf + 4, 2048);
1419 ide_atapi_cmd_reply(s, 8, 8);
1420 break;
1421 case GPCMD_INQUIRY:
1422 max_len = packet[4];
1423 buf[0] = 0x05; /* CD-ROM */
1424 buf[1] = 0x80; /* removable */
1425 buf[2] = 0x00; /* ISO */
1426 buf[3] = 0x21; /* ATAPI-2 (XXX: put ATAPI-4 ?) */
1427 buf[4] = 31; /* additionnal length */
1428 buf[5] = 0; /* reserved */
1429 buf[6] = 0; /* reserved */
1430 buf[7] = 0; /* reserved */
1431 padstr8(buf + 8, 8, "QEMU");
1432 padstr8(buf + 16, 16, "QEMU CD-ROM");
1433 padstr8(buf + 32, 4, QEMU_VERSION);
1434 ide_atapi_cmd_reply(s, 36, max_len);
1435 break;
1436 default:
1437 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1438 ASC_ILLEGAL_OPCODE);
1439 break;
1440 }
1441 }
1442
1443 /* called when the inserted state of the media has changed */
1444 static void cdrom_change_cb(void *opaque)
1445 {
1446 IDEState *s = opaque;
1447 int64_t nb_sectors;
1448
1449 /* XXX: send interrupt too */
1450 bdrv_get_geometry(s->bs, &nb_sectors);
1451 s->nb_sectors = nb_sectors;
1452 }
1453
1454 static void ide_ioport_write(void *opaque, uint32_t addr, uint32_t val)
1455 {
1456 IDEState *ide_if = opaque;
1457 IDEState *s;
1458 int unit, n;
1459
1460 #ifdef DEBUG_IDE
1461 printf("IDE: write addr=0x%x val=0x%02x\n", addr, val);
1462 #endif
1463 addr &= 7;
1464 switch(addr) {
1465 case 0:
1466 break;
1467 case 1:
1468 /* NOTE: data is written to the two drives */
1469 ide_if[0].feature = val;
1470 ide_if[1].feature = val;
1471 break;
1472 case 2:
1473 if (val == 0)
1474 val = 256;
1475 ide_if[0].nsector = val;
1476 ide_if[1].nsector = val;
1477 break;
1478 case 3:
1479 ide_if[0].sector = val;
1480 ide_if[1].sector = val;
1481 break;
1482 case 4:
1483 ide_if[0].lcyl = val;
1484 ide_if[1].lcyl = val;
1485 break;
1486 case 5:
1487 ide_if[0].hcyl = val;
1488 ide_if[1].hcyl = val;
1489 break;
1490 case 6:
1491 ide_if[0].select = (val & ~0x10) | 0xa0;
1492 ide_if[1].select = (val | 0x10) | 0xa0;
1493 /* select drive */
1494 unit = (val >> 4) & 1;
1495 s = ide_if + unit;
1496 ide_if->cur_drive = s;
1497 break;
1498 default:
1499 case 7:
1500 /* command */
1501 #if defined(DEBUG_IDE)
1502 printf("ide: CMD=%02x\n", val);
1503 #endif
1504 s = ide_if->cur_drive;
1505 /* ignore commands to non existant slave */
1506 if (s != ide_if && !s->bs)
1507 break;
1508 switch(val) {
1509 case WIN_IDENTIFY:
1510 if (s->bs && !s->is_cdrom) {
1511 ide_identify(s);
1512 s->status = READY_STAT | SEEK_STAT;
1513 ide_transfer_start(s, s->io_buffer, 512, ide_transfer_stop);
1514 } else {
1515 if (s->is_cdrom) {
1516 ide_set_signature(s);
1517 }
1518 ide_abort_command(s);
1519 }
1520 ide_set_irq(s);
1521 break;
1522 case WIN_SPECIFY:
1523 case WIN_RECAL:
1524 s->error = 0;
1525 s->status = READY_STAT | SEEK_STAT;
1526 ide_set_irq(s);
1527 break;
1528 case WIN_SETMULT:
1529 if (s->nsector > MAX_MULT_SECTORS ||
1530 s->nsector == 0 ||
1531 (s->nsector & (s->nsector - 1)) != 0) {
1532 ide_abort_command(s);
1533 } else {
1534 s->mult_sectors = s->nsector;
1535 s->status = READY_STAT;
1536 }
1537 ide_set_irq(s);
1538 break;
1539 case WIN_VERIFY:
1540 case WIN_VERIFY_ONCE:
1541 /* do sector number check ? */
1542 s->status = READY_STAT;
1543 ide_set_irq(s);
1544 break;
1545 case WIN_READ:
1546 case WIN_READ_ONCE:
1547 if (!s->bs)
1548 goto abort_cmd;
1549 s->req_nb_sectors = 1;
1550 ide_sector_read(s);
1551 break;
1552 case WIN_WRITE:
1553 case WIN_WRITE_ONCE:
1554 s->error = 0;
1555 s->status = SEEK_STAT | READY_STAT;
1556 s->req_nb_sectors = 1;
1557 ide_transfer_start(s, s->io_buffer, 512, ide_sector_write);
1558 break;
1559 case WIN_MULTREAD:
1560 if (!s->mult_sectors)
1561 goto abort_cmd;
1562 s->req_nb_sectors = s->mult_sectors;
1563 ide_sector_read(s);
1564 break;
1565 case WIN_MULTWRITE:
1566 if (!s->mult_sectors)
1567 goto abort_cmd;
1568 s->error = 0;
1569 s->status = SEEK_STAT | READY_STAT;
1570 s->req_nb_sectors = s->mult_sectors;
1571 n = s->nsector;
1572 if (n > s->req_nb_sectors)
1573 n = s->req_nb_sectors;
1574 ide_transfer_start(s, s->io_buffer, 512 * n, ide_sector_write);
1575 break;
1576 case WIN_READDMA:
1577 case WIN_READDMA_ONCE:
1578 if (!s->bs)
1579 goto abort_cmd;
1580 ide_sector_read_dma(s);
1581 break;
1582 case WIN_WRITEDMA:
1583 case WIN_WRITEDMA_ONCE:
1584 if (!s->bs)
1585 goto abort_cmd;
1586 ide_sector_write_dma(s);
1587 break;
1588 case WIN_READ_NATIVE_MAX:
1589 ide_set_sector(s, s->nb_sectors - 1);
1590 s->status = READY_STAT;
1591 ide_set_irq(s);
1592 break;
1593 case WIN_CHECKPOWERMODE1:
1594 s->nsector = 0xff; /* device active or idle */
1595 s->status = READY_STAT;
1596 ide_set_irq(s);
1597 break;
1598 case WIN_SETFEATURES:
1599 if (!s->bs)
1600 goto abort_cmd;
1601 /* XXX: valid for CDROM ? */
1602 switch(s->feature) {
1603 case 0x02: /* write cache enable */
1604 case 0x03: /* set transfer mode */
1605 case 0x82: /* write cache disable */
1606 case 0xaa: /* read look-ahead enable */
1607 case 0x55: /* read look-ahead disable */
1608 s->status = READY_STAT | SEEK_STAT;
1609 ide_set_irq(s);
1610 break;
1611 default:
1612 goto abort_cmd;
1613 }
1614 break;
1615 case WIN_STANDBYNOW1:
1616 case WIN_IDLEIMMEDIATE:
1617 case WIN_FLUSH_CACHE:
1618 s->status = READY_STAT;
1619 ide_set_irq(s);
1620 break;
1621 /* ATAPI commands */
1622 case WIN_PIDENTIFY:
1623 if (s->is_cdrom) {
1624 ide_atapi_identify(s);
1625 s->status = READY_STAT;
1626 ide_transfer_start(s, s->io_buffer, 512, ide_transfer_stop);
1627 } else {
1628 ide_abort_command(s);
1629 }
1630 ide_set_irq(s);
1631 break;
1632 case WIN_DIAGNOSE:
1633 ide_set_signature(s);
1634 s->status = 0x00; /* NOTE: READY is _not_ set */
1635 s->error = 0x01;
1636 break;
1637 case WIN_SRST:
1638 if (!s->is_cdrom)
1639 goto abort_cmd;
1640 ide_set_signature(s);
1641 s->status = 0x00; /* NOTE: READY is _not_ set */
1642 s->error = 0x01;
1643 break;
1644 case WIN_PACKETCMD:
1645 if (!s->is_cdrom)
1646 goto abort_cmd;
1647 /* overlapping commands not supported */
1648 if (s->feature & 0x02)
1649 goto abort_cmd;
1650 s->atapi_dma = s->feature & 1;
1651 s->nsector = 1;
1652 ide_transfer_start(s, s->io_buffer, ATAPI_PACKET_SIZE,
1653 ide_atapi_cmd);
1654 break;
1655 default:
1656 abort_cmd:
1657 ide_abort_command(s);
1658 ide_set_irq(s);
1659 break;
1660 }
1661 }
1662 }
1663
1664 static uint32_t ide_ioport_read(void *opaque, uint32_t addr1)
1665 {
1666 IDEState *ide_if = opaque;
1667 IDEState *s = ide_if->cur_drive;
1668 uint32_t addr;
1669 int ret;
1670
1671 addr = addr1 & 7;
1672 switch(addr) {
1673 case 0:
1674 ret = 0xff;
1675 break;
1676 case 1:
1677 if (!ide_if[0].bs && !ide_if[1].bs)
1678 ret = 0;
1679 else
1680 ret = s->error;
1681 break;
1682 case 2:
1683 if (!ide_if[0].bs && !ide_if[1].bs)
1684 ret = 0;
1685 else
1686 ret = s->nsector & 0xff;
1687 break;
1688 case 3:
1689 if (!ide_if[0].bs && !ide_if[1].bs)
1690 ret = 0;
1691 else
1692 ret = s->sector;
1693 break;
1694 case 4:
1695 if (!ide_if[0].bs && !ide_if[1].bs)
1696 ret = 0;
1697 else
1698 ret = s->lcyl;
1699 break;
1700 case 5:
1701 if (!ide_if[0].bs && !ide_if[1].bs)
1702 ret = 0;
1703 else
1704 ret = s->hcyl;
1705 break;
1706 case 6:
1707 if (!ide_if[0].bs && !ide_if[1].bs)
1708 ret = 0;
1709 else
1710 ret = s->select;
1711 break;
1712 default:
1713 case 7:
1714 if ((!ide_if[0].bs && !ide_if[1].bs) ||
1715 (s != ide_if && !s->bs))
1716 ret = 0;
1717 else
1718 ret = s->status;
1719 s->set_irq(s->irq_opaque, s->irq, 0);
1720 break;
1721 }
1722 #ifdef DEBUG_IDE
1723 printf("ide: read addr=0x%x val=%02x\n", addr1, ret);
1724 #endif
1725 return ret;
1726 }
1727
1728 static uint32_t ide_status_read(void *opaque, uint32_t addr)
1729 {
1730 IDEState *ide_if = opaque;
1731 IDEState *s = ide_if->cur_drive;
1732 int ret;
1733
1734 if ((!ide_if[0].bs && !ide_if[1].bs) ||
1735 (s != ide_if && !s->bs))
1736 ret = 0;
1737 else
1738 ret = s->status;
1739 #ifdef DEBUG_IDE
1740 printf("ide: read status addr=0x%x val=%02x\n", addr, ret);
1741 #endif
1742 return ret;
1743 }
1744
1745 static void ide_cmd_write(void *opaque, uint32_t addr, uint32_t val)
1746 {
1747 IDEState *ide_if = opaque;
1748 IDEState *s;
1749 int i;
1750
1751 #ifdef DEBUG_IDE
1752 printf("ide: write control addr=0x%x val=%02x\n", addr, val);
1753 #endif
1754 /* common for both drives */
1755 if (!(ide_if[0].cmd & IDE_CMD_RESET) &&
1756 (val & IDE_CMD_RESET)) {
1757 /* reset low to high */
1758 for(i = 0;i < 2; i++) {
1759 s = &ide_if[i];
1760 s->status = BUSY_STAT | SEEK_STAT;
1761 s->error = 0x01;
1762 }
1763 } else if ((ide_if[0].cmd & IDE_CMD_RESET) &&
1764 !(val & IDE_CMD_RESET)) {
1765 /* high to low */
1766 for(i = 0;i < 2; i++) {
1767 s = &ide_if[i];
1768 if (s->is_cdrom)
1769 s->status = 0x00; /* NOTE: READY is _not_ set */
1770 else
1771 s->status = READY_STAT | SEEK_STAT;
1772 ide_set_signature(s);
1773 }
1774 }
1775
1776 ide_if[0].cmd = val;
1777 ide_if[1].cmd = val;
1778 }
1779
1780 static void ide_data_writew(void *opaque, uint32_t addr, uint32_t val)
1781 {
1782 IDEState *s = ((IDEState *)opaque)->cur_drive;
1783 uint8_t *p;
1784
1785 p = s->data_ptr;
1786 *(uint16_t *)p = le16_to_cpu(val);
1787 p += 2;
1788 s->data_ptr = p;
1789 if (p >= s->data_end)
1790 s->end_transfer_func(s);
1791 }
1792
1793 static uint32_t ide_data_readw(void *opaque, uint32_t addr)
1794 {
1795 IDEState *s = ((IDEState *)opaque)->cur_drive;
1796 uint8_t *p;
1797 int ret;
1798 p = s->data_ptr;
1799 ret = cpu_to_le16(*(uint16_t *)p);
1800 p += 2;
1801 s->data_ptr = p;
1802 if (p >= s->data_end)
1803 s->end_transfer_func(s);
1804 return ret;
1805 }
1806
1807 static void ide_data_writel(void *opaque, uint32_t addr, uint32_t val)
1808 {
1809 IDEState *s = ((IDEState *)opaque)->cur_drive;
1810 uint8_t *p;
1811
1812 p = s->data_ptr;
1813 *(uint32_t *)p = le32_to_cpu(val);
1814 p += 4;
1815 s->data_ptr = p;
1816 if (p >= s->data_end)
1817 s->end_transfer_func(s);
1818 }
1819
1820 static uint32_t ide_data_readl(void *opaque, uint32_t addr)
1821 {
1822 IDEState *s = ((IDEState *)opaque)->cur_drive;
1823 uint8_t *p;
1824 int ret;
1825
1826 p = s->data_ptr;
1827 ret = cpu_to_le32(*(uint32_t *)p);
1828 p += 4;
1829 s->data_ptr = p;
1830 if (p >= s->data_end)
1831 s->end_transfer_func(s);
1832 return ret;
1833 }
1834
1835 static void ide_dummy_transfer_stop(IDEState *s)
1836 {
1837 s->data_ptr = s->io_buffer;
1838 s->data_end = s->io_buffer;
1839 s->io_buffer[0] = 0xff;
1840 s->io_buffer[1] = 0xff;
1841 s->io_buffer[2] = 0xff;
1842 s->io_buffer[3] = 0xff;
1843 }
1844
1845 static void ide_reset(IDEState *s)
1846 {
1847 s->mult_sectors = MAX_MULT_SECTORS;
1848 s->cur_drive = s;
1849 s->select = 0xa0;
1850 s->status = READY_STAT;
1851 ide_set_signature(s);
1852 /* init the transfer handler so that 0xffff is returned on data
1853 accesses */
1854 s->end_transfer_func = ide_dummy_transfer_stop;
1855 ide_dummy_transfer_stop(s);
1856 }
1857
1858 struct partition {
1859 uint8_t boot_ind; /* 0x80 - active */
1860 uint8_t head; /* starting head */
1861 uint8_t sector; /* starting sector */
1862 uint8_t cyl; /* starting cylinder */
1863 uint8_t sys_ind; /* What partition type */
1864 uint8_t end_head; /* end head */
1865 uint8_t end_sector; /* end sector */
1866 uint8_t end_cyl; /* end cylinder */
1867 uint32_t start_sect; /* starting sector counting from 0 */
1868 uint32_t nr_sects; /* nr of sectors in partition */
1869 } __attribute__((packed));
1870
1871 /* try to guess the disk logical geometry from the MSDOS partition table. Return 0 if OK, -1 if could not guess */
1872 static int guess_disk_lchs(IDEState *s,
1873 int *pcylinders, int *pheads, int *psectors)
1874 {
1875 uint8_t buf[512];
1876 int ret, i, heads, sectors, cylinders;
1877 struct partition *p;
1878 uint32_t nr_sects;
1879
1880 ret = bdrv_read(s->bs, 0, buf, 1);
1881 if (ret < 0)
1882 return -1;
1883 /* test msdos magic */
1884 if (buf[510] != 0x55 || buf[511] != 0xaa)
1885 return -1;
1886 for(i = 0; i < 4; i++) {
1887 p = ((struct partition *)(buf + 0x1be)) + i;
1888 nr_sects = le32_to_cpu(p->nr_sects);
1889 if (nr_sects && p->end_head) {
1890 /* We make the assumption that the partition terminates on
1891 a cylinder boundary */
1892 heads = p->end_head + 1;
1893 sectors = p->end_sector & 63;
1894 if (sectors == 0)
1895 continue;
1896 cylinders = s->nb_sectors / (heads * sectors);
1897 if (cylinders < 1 || cylinders > 16383)
1898 continue;
1899 *pheads = heads;
1900 *psectors = sectors;
1901 *pcylinders = cylinders;
1902 #if 0
1903 printf("guessed geometry: LCHS=%d %d %d\n",
1904 cylinders, heads, sectors);
1905 #endif
1906 return 0;
1907 }
1908 }
1909 return -1;
1910 }
1911
1912 static void ide_init2(IDEState *ide_state,
1913 BlockDriverState *hd0, BlockDriverState *hd1,
1914 SetIRQFunc *set_irq, void *irq_opaque, int irq)
1915 {
1916 IDEState *s;
1917 static int drive_serial = 1;
1918 int i, cylinders, heads, secs, translation;
1919 int64_t nb_sectors;
1920
1921 for(i = 0; i < 2; i++) {
1922 s = ide_state + i;
1923 if (i == 0)
1924 s->bs = hd0;
1925 else
1926 s->bs = hd1;
1927 if (s->bs) {
1928 bdrv_get_geometry(s->bs, &nb_sectors);
1929 s->nb_sectors = nb_sectors;
1930 /* if a geometry hint is available, use it */
1931 bdrv_get_geometry_hint(s->bs, &cylinders, &heads, &secs);
1932 if (cylinders != 0) {
1933 s->cylinders = cylinders;
1934 s->heads = heads;
1935 s->sectors = secs;
1936 } else {
1937 if (guess_disk_lchs(s, &cylinders, &heads, &secs) == 0) {
1938 if (heads > 16) {
1939 /* if heads > 16, it means that a BIOS LBA
1940 translation was active, so the default
1941 hardware geometry is OK */
1942 goto default_geometry;
1943 } else {
1944 s->cylinders = cylinders;
1945 s->heads = heads;
1946 s->sectors = secs;
1947 /* disable any translation to be in sync with
1948 the logical geometry */
1949 translation = bdrv_get_translation_hint(s->bs);
1950 if (translation == BIOS_ATA_TRANSLATION_AUTO) {
1951 bdrv_set_translation_hint(s->bs,
1952 BIOS_ATA_TRANSLATION_NONE);
1953 }
1954 }
1955 } else {
1956 default_geometry:
1957 /* if no geometry, use a standard physical disk geometry */
1958 cylinders = nb_sectors / (16 * 63);
1959 if (cylinders > 16383)
1960 cylinders = 16383;
1961 else if (cylinders < 2)
1962 cylinders = 2;
1963 s->cylinders = cylinders;
1964 s->heads = 16;
1965 s->sectors = 63;
1966 }
1967 bdrv_set_geometry_hint(s->bs, s->cylinders, s->heads, s->sectors);
1968 }
1969 if (bdrv_get_type_hint(s->bs) == BDRV_TYPE_CDROM) {
1970 s->is_cdrom = 1;
1971 bdrv_set_change_cb(s->bs, cdrom_change_cb, s);
1972 }
1973 }
1974 s->drive_serial = drive_serial++;
1975 s->set_irq = set_irq;
1976 s->irq_opaque = irq_opaque;
1977 s->irq = irq;
1978 s->sector_write_timer = qemu_new_timer(vm_clock,
1979 ide_sector_write_timer_cb, s);
1980 ide_reset(s);
1981 }
1982 }
1983
1984 static void ide_init_ioport(IDEState *ide_state, int iobase, int iobase2)
1985 {
1986 register_ioport_write(iobase, 8, 1, ide_ioport_write, ide_state);
1987 register_ioport_read(iobase, 8, 1, ide_ioport_read, ide_state);
1988 if (iobase2) {
1989 register_ioport_read(iobase2, 1, 1, ide_status_read, ide_state);
1990 register_ioport_write(iobase2, 1, 1, ide_cmd_write, ide_state);
1991 }
1992
1993 /* data ports */
1994 register_ioport_write(iobase, 2, 2, ide_data_writew, ide_state);
1995 register_ioport_read(iobase, 2, 2, ide_data_readw, ide_state);
1996 register_ioport_write(iobase, 4, 4, ide_data_writel, ide_state);
1997 register_ioport_read(iobase, 4, 4, ide_data_readl, ide_state);
1998 }
1999
2000 /***********************************************************/
2001 /* ISA IDE definitions */
2002
2003 void isa_ide_init(int iobase, int iobase2, int irq,
2004 BlockDriverState *hd0, BlockDriverState *hd1)
2005 {
2006 IDEState *ide_state;
2007
2008 ide_state = qemu_mallocz(sizeof(IDEState) * 2);
2009 if (!ide_state)
2010 return;
2011
2012 ide_init2(ide_state, hd0, hd1, pic_set_irq_new, isa_pic, irq);
2013 ide_init_ioport(ide_state, iobase, iobase2);
2014 }
2015
2016 /***********************************************************/
2017 /* PCI IDE definitions */
2018
2019 static void cmd646_update_irq(PCIIDEState *d);
2020
2021 static void ide_map(PCIDevice *pci_dev, int region_num,
2022 uint32_t addr, uint32_t size, int type)
2023 {
2024 PCIIDEState *d = (PCIIDEState *)pci_dev;
2025 IDEState *ide_state;
2026
2027 if (region_num <= 3) {
2028 ide_state = &d->ide_if[(region_num >> 1) * 2];
2029 if (region_num & 1) {
2030 register_ioport_read(addr + 2, 1, 1, ide_status_read, ide_state);
2031 register_ioport_write(addr + 2, 1, 1, ide_cmd_write, ide_state);
2032 } else {
2033 register_ioport_write(addr, 8, 1, ide_ioport_write, ide_state);
2034 register_ioport_read(addr, 8, 1, ide_ioport_read, ide_state);
2035
2036 /* data ports */
2037 register_ioport_write(addr, 2, 2, ide_data_writew, ide_state);
2038 register_ioport_read(addr, 2, 2, ide_data_readw, ide_state);
2039 register_ioport_write(addr, 4, 4, ide_data_writel, ide_state);
2040 register_ioport_read(addr, 4, 4, ide_data_readl, ide_state);
2041 }
2042 }
2043 }
2044
2045 /* XXX: full callback usage to prepare non blocking I/Os support -
2046 error handling */
2047 static void ide_dma_loop(BMDMAState *bm)
2048 {
2049 struct {
2050 uint32_t addr;
2051 uint32_t size;
2052 } prd;
2053 target_phys_addr_t cur_addr;
2054 int len, i, len1;
2055
2056 cur_addr = bm->addr;
2057 /* at most one page to avoid hanging if erroneous parameters */
2058 for(i = 0; i < 512; i++) {
2059 cpu_physical_memory_read(cur_addr, (uint8_t *)&prd, 8);
2060 prd.addr = le32_to_cpu(prd.addr);
2061 prd.size = le32_to_cpu(prd.size);
2062 #ifdef DEBUG_IDE
2063 printf("ide: dma: prd: %08x: addr=0x%08x size=0x%08x\n",
2064 (int)cur_addr, prd.addr, prd.size);
2065 #endif
2066 len = prd.size & 0xfffe;
2067 if (len == 0)
2068 len = 0x10000;
2069 while (len > 0) {
2070 len1 = bm->dma_cb(bm->ide_if, prd.addr, len);
2071 if (len1 == 0)
2072 goto the_end;
2073 prd.addr += len1;
2074 len -= len1;
2075 }
2076 /* end of transfer */
2077 if (prd.size & 0x80000000)
2078 break;
2079 cur_addr += 8;
2080 }
2081 /* end of transfer */
2082 the_end:
2083 bm->status &= ~BM_STATUS_DMAING;
2084 bm->status |= BM_STATUS_INT;
2085 bm->dma_cb = NULL;
2086 bm->ide_if = NULL;
2087 }
2088
2089 static void ide_dma_start(IDEState *s, IDEDMAFunc *dma_cb)
2090 {
2091 BMDMAState *bm = s->bmdma;
2092 if(!bm)
2093 return;
2094 bm->ide_if = s;
2095 bm->dma_cb = dma_cb;
2096 if (bm->status & BM_STATUS_DMAING) {
2097 ide_dma_loop(bm);
2098 }
2099 }
2100
2101 static void bmdma_cmd_writeb(void *opaque, uint32_t addr, uint32_t val)
2102 {
2103 BMDMAState *bm = opaque;
2104 #ifdef DEBUG_IDE
2105 printf("%s: 0x%08x\n", __func__, val);
2106 #endif
2107 if (!(val & BM_CMD_START)) {
2108 /* XXX: do it better */
2109 bm->status &= ~BM_STATUS_DMAING;
2110 bm->cmd = val & 0x09;
2111 } else {
2112 bm->status |= BM_STATUS_DMAING;
2113 bm->cmd = val & 0x09;
2114 /* start dma transfer if possible */
2115 if (bm->dma_cb)
2116 ide_dma_loop(bm);
2117 }
2118 }
2119
2120 static uint32_t bmdma_readb(void *opaque, uint32_t addr)
2121 {
2122 BMDMAState *bm = opaque;
2123 PCIIDEState *pci_dev;
2124 uint32_t val;
2125
2126 switch(addr & 3) {
2127 case 0:
2128 val = bm->cmd;
2129 break;
2130 case 1:
2131 pci_dev = bm->pci_dev;
2132 if (pci_dev->type == IDE_TYPE_CMD646) {
2133 val = pci_dev->dev.config[MRDMODE];
2134 } else {
2135 val = 0xff;
2136 }
2137 break;
2138 case 2:
2139 val = bm->status;
2140 break;
2141 case 3:
2142 pci_dev = bm->pci_dev;
2143 if (pci_dev->type == IDE_TYPE_CMD646) {
2144 if (bm == &pci_dev->bmdma[0])
2145 val = pci_dev->dev.config[UDIDETCR0];
2146 else
2147 val = pci_dev->dev.config[UDIDETCR1];
2148 } else {
2149 val = 0xff;
2150 }
2151 break;
2152 default:
2153 val = 0xff;
2154 break;
2155 }
2156 #ifdef DEBUG_IDE
2157 printf("bmdma: readb 0x%02x : 0x%02x\n", addr, val);
2158 #endif
2159 return val;
2160 }
2161
2162 static void bmdma_writeb(void *opaque, uint32_t addr, uint32_t val)
2163 {
2164 BMDMAState *bm = opaque;
2165 PCIIDEState *pci_dev;
2166 #ifdef DEBUG_IDE
2167 printf("bmdma: writeb 0x%02x : 0x%02x\n", addr, val);
2168 #endif
2169 switch(addr & 3) {
2170 case 1:
2171 pci_dev = bm->pci_dev;
2172 if (pci_dev->type == IDE_TYPE_CMD646) {
2173 pci_dev->dev.config[MRDMODE] =
2174 (pci_dev->dev.config[MRDMODE] & ~0x30) | (val & 0x30);
2175 cmd646_update_irq(pci_dev);
2176 }
2177 break;
2178 case 2:
2179 bm->status = (val & 0x60) | (bm->status & 1) | (bm->status & ~val & 0x06);
2180 break;
2181 case 3:
2182 pci_dev = bm->pci_dev;
2183 if (pci_dev->type == IDE_TYPE_CMD646) {
2184 if (bm == &pci_dev->bmdma[0])
2185 pci_dev->dev.config[UDIDETCR0] = val;
2186 else
2187 pci_dev->dev.config[UDIDETCR1] = val;
2188 }
2189 break;
2190 }
2191 }
2192
2193 static uint32_t bmdma_addr_readl(void *opaque, uint32_t addr)
2194 {
2195 BMDMAState *bm = opaque;
2196 uint32_t val;
2197 val = bm->addr;
2198 #ifdef DEBUG_IDE
2199 printf("%s: 0x%08x\n", __func__, val);
2200 #endif
2201 return val;
2202 }
2203
2204 static void bmdma_addr_writel(void *opaque, uint32_t addr, uint32_t val)
2205 {
2206 BMDMAState *bm = opaque;
2207 #ifdef DEBUG_IDE
2208 printf("%s: 0x%08x\n", __func__, val);
2209 #endif
2210 bm->addr = val & ~3;
2211 }
2212
2213 static void bmdma_map(PCIDevice *pci_dev, int region_num,
2214 uint32_t addr, uint32_t size, int type)
2215 {
2216 PCIIDEState *d = (PCIIDEState *)pci_dev;
2217 int i;
2218
2219 for(i = 0;i < 2; i++) {
2220 BMDMAState *bm = &d->bmdma[i];
2221 d->ide_if[2 * i].bmdma = bm;
2222 d->ide_if[2 * i + 1].bmdma = bm;
2223 bm->pci_dev = (PCIIDEState *)pci_dev;
2224
2225 register_ioport_write(addr, 1, 1, bmdma_cmd_writeb, bm);
2226
2227 register_ioport_write(addr + 1, 3, 1, bmdma_writeb, bm);
2228 register_ioport_read(addr, 4, 1, bmdma_readb, bm);
2229
2230 register_ioport_write(addr + 4, 4, 4, bmdma_addr_writel, bm);
2231 register_ioport_read(addr + 4, 4, 4, bmdma_addr_readl, bm);
2232 addr += 8;
2233 }
2234 }
2235
2236 /* XXX: call it also when the MRDMODE is changed from the PCI config
2237 registers */
2238 static void cmd646_update_irq(PCIIDEState *d)
2239 {
2240 int pci_level;
2241 pci_level = ((d->dev.config[MRDMODE] & MRDMODE_INTR_CH0) &&
2242 !(d->dev.config[MRDMODE] & MRDMODE_BLK_CH0)) ||
2243 ((d->dev.config[MRDMODE] & MRDMODE_INTR_CH1) &&
2244 !(d->dev.config[MRDMODE] & MRDMODE_BLK_CH1));
2245 pci_set_irq((PCIDevice *)d, 0, pci_level);
2246 }
2247
2248 /* the PCI irq level is the logical OR of the two channels */
2249 static void cmd646_set_irq(void *opaque, int channel, int level)
2250 {
2251 PCIIDEState *d = opaque;
2252 int irq_mask;
2253
2254 irq_mask = MRDMODE_INTR_CH0 << channel;
2255 if (level)
2256 d->dev.config[MRDMODE] |= irq_mask;
2257 else
2258 d->dev.config[MRDMODE] &= ~irq_mask;
2259 cmd646_update_irq(d);
2260 }
2261
2262 /* CMD646 PCI IDE controller */
2263 void pci_cmd646_ide_init(PCIBus *bus, BlockDriverState **hd_table,
2264 int secondary_ide_enabled)
2265 {
2266 PCIIDEState *d;
2267 uint8_t *pci_conf;
2268 int i;
2269
2270 d = (PCIIDEState *)pci_register_device(bus, "CMD646 IDE",
2271 sizeof(PCIIDEState),
2272 -1,
2273 NULL, NULL);
2274 d->type = IDE_TYPE_CMD646;
2275 pci_conf = d->dev.config;
2276 pci_conf[0x00] = 0x95; // CMD646
2277 pci_conf[0x01] = 0x10;
2278 pci_conf[0x02] = 0x46;
2279 pci_conf[0x03] = 0x06;
2280
2281 pci_conf[0x08] = 0x07; // IDE controller revision
2282 pci_conf[0x09] = 0x8f;
2283
2284 pci_conf[0x0a] = 0x01; // class_sub = PCI_IDE
2285 pci_conf[0x0b] = 0x01; // class_base = PCI_mass_storage
2286 pci_conf[0x0e] = 0x00; // header_type
2287
2288 if (secondary_ide_enabled) {
2289 /* XXX: if not enabled, really disable the seconday IDE controller */
2290 pci_conf[0x51] = 0x80; /* enable IDE1 */
2291 }
2292
2293 pci_register_io_region((PCIDevice *)d, 0, 0x8,
2294 PCI_ADDRESS_SPACE_IO, ide_map);
2295 pci_register_io_region((PCIDevice *)d, 1, 0x4,
2296 PCI_ADDRESS_SPACE_IO, ide_map);
2297 pci_register_io_region((PCIDevice *)d, 2, 0x8,
2298 PCI_ADDRESS_SPACE_IO, ide_map);
2299 pci_register_io_region((PCIDevice *)d, 3, 0x4,
2300 PCI_ADDRESS_SPACE_IO, ide_map);
2301 pci_register_io_region((PCIDevice *)d, 4, 0x10,
2302 PCI_ADDRESS_SPACE_IO, bmdma_map);
2303
2304 pci_conf[0x3d] = 0x01; // interrupt on pin 1
2305
2306 for(i = 0; i < 4; i++)
2307 d->ide_if[i].pci_dev = (PCIDevice *)d;
2308 ide_init2(&d->ide_if[0], hd_table[0], hd_table[1],
2309 cmd646_set_irq, d, 0);
2310 ide_init2(&d->ide_if[2], hd_table[2], hd_table[3],
2311 cmd646_set_irq, d, 1);
2312 }
2313
2314 /* hd_table must contain 4 block drivers */
2315 /* NOTE: for the PIIX3, the IRQs and IOports are hardcoded */
2316 void pci_piix3_ide_init(PCIBus *bus, BlockDriverState **hd_table)
2317 {
2318 PCIIDEState *d;
2319 uint8_t *pci_conf;
2320
2321 /* register a function 1 of PIIX3 */
2322 d = (PCIIDEState *)pci_register_device(bus, "PIIX3 IDE",
2323 sizeof(PCIIDEState),
2324 ((PCIDevice *)piix3_state)->devfn + 1,
2325 NULL, NULL);
2326 d->type = IDE_TYPE_PIIX3;
2327
2328 pci_conf = d->dev.config;
2329 pci_conf[0x00] = 0x86; // Intel
2330 pci_conf[0x01] = 0x80;
2331 pci_conf[0x02] = 0x10;
2332 pci_conf[0x03] = 0x70;
2333 pci_conf[0x09] = 0x80; // legacy ATA mode
2334 pci_conf[0x0a] = 0x01; // class_sub = PCI_IDE
2335 pci_conf[0x0b] = 0x01; // class_base = PCI_mass_storage
2336 pci_conf[0x0e] = 0x00; // header_type
2337
2338 pci_register_io_region((PCIDevice *)d, 4, 0x10,
2339 PCI_ADDRESS_SPACE_IO, bmdma_map);
2340
2341 ide_init2(&d->ide_if[0], hd_table[0], hd_table[1],
2342 pic_set_irq_new, isa_pic, 14);
2343 ide_init2(&d->ide_if[2], hd_table[2], hd_table[3],
2344 pic_set_irq_new, isa_pic, 15);
2345 ide_init_ioport(&d->ide_if[0], 0x1f0, 0x3f6);
2346 ide_init_ioport(&d->ide_if[2], 0x170, 0x376);
2347 }
2348
2349 /***********************************************************/
2350 /* MacIO based PowerPC IDE */
2351
2352 /* PowerMac IDE memory IO */
2353 static void pmac_ide_writeb (void *opaque,
2354 target_phys_addr_t addr, uint32_t val)
2355 {
2356 addr = (addr & 0xFFF) >> 4;
2357 switch (addr) {
2358 case 1 ... 7:
2359 ide_ioport_write(opaque, addr, val);
2360 break;
2361 case 8:
2362 case 22:
2363 ide_cmd_write(opaque, 0, val);
2364 break;
2365 default:
2366 break;
2367 }
2368 }
2369
2370 static uint32_t pmac_ide_readb (void *opaque,target_phys_addr_t addr)
2371 {
2372 uint8_t retval;
2373
2374 addr = (addr & 0xFFF) >> 4;
2375 switch (addr) {
2376 case 1 ... 7:
2377 retval = ide_ioport_read(opaque, addr);
2378 break;
2379 case 8:
2380 case 22:
2381 retval = ide_status_read(opaque, 0);
2382 break;
2383 default:
2384 retval = 0xFF;
2385 break;
2386 }
2387 return retval;
2388 }
2389
2390 static void pmac_ide_writew (void *opaque,
2391 target_phys_addr_t addr, uint32_t val)
2392 {
2393 addr = (addr & 0xFFF) >> 4;
2394 #ifdef TARGET_WORDS_BIGENDIAN
2395 val = bswap16(val);
2396 #endif
2397 if (addr == 0) {
2398 ide_data_writew(opaque, 0, val);
2399 }
2400 }
2401
2402 static uint32_t pmac_ide_readw (void *opaque,target_phys_addr_t addr)
2403 {
2404 uint16_t retval;
2405
2406 addr = (addr & 0xFFF) >> 4;
2407 if (addr == 0) {
2408 retval = ide_data_readw(opaque, 0);
2409 } else {
2410 retval = 0xFFFF;
2411 }
2412 #ifdef TARGET_WORDS_BIGENDIAN
2413 retval = bswap16(retval);
2414 #endif
2415 return retval;
2416 }
2417
2418 static void pmac_ide_writel (void *opaque,
2419 target_phys_addr_t addr, uint32_t val)
2420 {
2421 addr = (addr & 0xFFF) >> 4;
2422 #ifdef TARGET_WORDS_BIGENDIAN
2423 val = bswap32(val);
2424 #endif
2425 if (addr == 0) {
2426 ide_data_writel(opaque, 0, val);
2427 }
2428 }
2429
2430 static uint32_t pmac_ide_readl (void *opaque,target_phys_addr_t addr)
2431 {
2432 uint32_t retval;
2433
2434 addr = (addr & 0xFFF) >> 4;
2435 if (addr == 0) {
2436 retval = ide_data_readl(opaque, 0);
2437 } else {
2438 retval = 0xFFFFFFFF;
2439 }
2440 #ifdef TARGET_WORDS_BIGENDIAN
2441 retval = bswap32(retval);
2442 #endif
2443 return retval;
2444 }
2445
2446 static CPUWriteMemoryFunc *pmac_ide_write[] = {
2447 pmac_ide_writeb,
2448 pmac_ide_writew,
2449 pmac_ide_writel,
2450 };
2451
2452 static CPUReadMemoryFunc *pmac_ide_read[] = {
2453 pmac_ide_readb,
2454 pmac_ide_readw,
2455 pmac_ide_readl,
2456 };
2457
2458 /* hd_table must contain 4 block drivers */
2459 /* PowerMac uses memory mapped registers, not I/O. Return the memory
2460 I/O index to access the ide. */
2461 int pmac_ide_init (BlockDriverState **hd_table,
2462 SetIRQFunc *set_irq, void *irq_opaque, int irq)
2463 {
2464 IDEState *ide_if;
2465 int pmac_ide_memory;
2466
2467 ide_if = qemu_mallocz(sizeof(IDEState) * 2);
2468 ide_init2(&ide_if[0], hd_table[0], hd_table[1],
2469 set_irq, irq_opaque, irq);
2470
2471 pmac_ide_memory = cpu_register_io_memory(0, pmac_ide_read,
2472 pmac_ide_write, &ide_if[0]);
2473 return pmac_ide_memory;
2474 }
QEMU mirror