]> git.proxmox.com Git - qemu.git/blob - hw/ide.c
projects / qemu.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
mem leak fixes
[qemu.git] / hw / ide.c
1 /*
2 * QEMU IDE disk and CD-ROM Emulator
3 *
4 * Copyright (c) 2003 Fabrice Bellard
5 *
6 * Permission is hereby granted, free of charge, to any person obtaining a copy
7 * of this software and associated documentation files (the "Software"), to deal
8 * in the Software without restriction, including without limitation the rights
9 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
10 * copies of the Software, and to permit persons to whom the Software is
11 * furnished to do so, subject to the following conditions:
12 *
13 * The above copyright notice and this permission notice shall be included in
14 * all copies or substantial portions of the Software.
15 *
16 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
17 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
18 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
19 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
20 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
21 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
22 * THE SOFTWARE.
23 */
24 #include "vl.h"
25
26 /* debug IDE devices */
27 //#define DEBUG_IDE
28 //#define DEBUG_IDE_ATAPI
29
30 /* Bits of HD_STATUS */
31 #define ERR_STAT 0x01
32 #define INDEX_STAT 0x02
33 #define ECC_STAT 0x04 /* Corrected error */
34 #define DRQ_STAT 0x08
35 #define SEEK_STAT 0x10
36 #define SRV_STAT 0x10
37 #define WRERR_STAT 0x20
38 #define READY_STAT 0x40
39 #define BUSY_STAT 0x80
40
41 /* Bits for HD_ERROR */
42 #define MARK_ERR 0x01 /* Bad address mark */
43 #define TRK0_ERR 0x02 /* couldn't find track 0 */
44 #define ABRT_ERR 0x04 /* Command aborted */
45 #define MCR_ERR 0x08 /* media change request */
46 #define ID_ERR 0x10 /* ID field not found */
47 #define MC_ERR 0x20 /* media changed */
48 #define ECC_ERR 0x40 /* Uncorrectable ECC error */
49 #define BBD_ERR 0x80 /* pre-EIDE meaning: block marked bad */
50 #define ICRC_ERR 0x80 /* new meaning: CRC error during transfer */
51
52 /* Bits of HD_NSECTOR */
53 #define CD 0x01
54 #define IO 0x02
55 #define REL 0x04
56 #define TAG_MASK 0xf8
57
58 #define IDE_CMD_RESET 0x04
59 #define IDE_CMD_DISABLE_IRQ 0x02
60
61 /* ATA/ATAPI Commands pre T13 Spec */
62 #define WIN_NOP 0x00
63 /*
64 * 0x01->0x02 Reserved
65 */
66 #define CFA_REQ_EXT_ERROR_CODE 0x03 /* CFA Request Extended Error Code */
67 /*
68 * 0x04->0x07 Reserved
69 */
70 #define WIN_SRST 0x08 /* ATAPI soft reset command */
71 #define WIN_DEVICE_RESET 0x08
72 /*
73 * 0x09->0x0F Reserved
74 */
75 #define WIN_RECAL 0x10
76 #define WIN_RESTORE WIN_RECAL
77 /*
78 * 0x10->0x1F Reserved
79 */
80 #define WIN_READ 0x20 /* 28-Bit */
81 #define WIN_READ_ONCE 0x21 /* 28-Bit without retries */
82 #define WIN_READ_LONG 0x22 /* 28-Bit */
83 #define WIN_READ_LONG_ONCE 0x23 /* 28-Bit without retries */
84 #define WIN_READ_EXT 0x24 /* 48-Bit */
85 #define WIN_READDMA_EXT 0x25 /* 48-Bit */
86 #define WIN_READDMA_QUEUED_EXT 0x26 /* 48-Bit */
87 #define WIN_READ_NATIVE_MAX_EXT 0x27 /* 48-Bit */
88 /*
89 * 0x28
90 */
91 #define WIN_MULTREAD_EXT 0x29 /* 48-Bit */
92 /*
93 * 0x2A->0x2F Reserved
94 */
95 #define WIN_WRITE 0x30 /* 28-Bit */
96 #define WIN_WRITE_ONCE 0x31 /* 28-Bit without retries */
97 #define WIN_WRITE_LONG 0x32 /* 28-Bit */
98 #define WIN_WRITE_LONG_ONCE 0x33 /* 28-Bit without retries */
99 #define WIN_WRITE_EXT 0x34 /* 48-Bit */
100 #define WIN_WRITEDMA_EXT 0x35 /* 48-Bit */
101 #define WIN_WRITEDMA_QUEUED_EXT 0x36 /* 48-Bit */
102 #define WIN_SET_MAX_EXT 0x37 /* 48-Bit */
103 #define CFA_WRITE_SECT_WO_ERASE 0x38 /* CFA Write Sectors without erase */
104 #define WIN_MULTWRITE_EXT 0x39 /* 48-Bit */
105 /*
106 * 0x3A->0x3B Reserved
107 */
108 #define WIN_WRITE_VERIFY 0x3C /* 28-Bit */
109 /*
110 * 0x3D->0x3F Reserved
111 */
112 #define WIN_VERIFY 0x40 /* 28-Bit - Read Verify Sectors */
113 #define WIN_VERIFY_ONCE 0x41 /* 28-Bit - without retries */
114 #define WIN_VERIFY_EXT 0x42 /* 48-Bit */
115 /*
116 * 0x43->0x4F Reserved
117 */
118 #define WIN_FORMAT 0x50
119 /*
120 * 0x51->0x5F Reserved
121 */
122 #define WIN_INIT 0x60
123 /*
124 * 0x61->0x5F Reserved
125 */
126 #define WIN_SEEK 0x70 /* 0x70-0x7F Reserved */
127 #define CFA_TRANSLATE_SECTOR 0x87 /* CFA Translate Sector */
128 #define WIN_DIAGNOSE 0x90
129 #define WIN_SPECIFY 0x91 /* set drive geometry translation */
130 #define WIN_DOWNLOAD_MICROCODE 0x92
131 #define WIN_STANDBYNOW2 0x94
132 #define WIN_STANDBY2 0x96
133 #define WIN_SETIDLE2 0x97
134 #define WIN_CHECKPOWERMODE2 0x98
135 #define WIN_SLEEPNOW2 0x99
136 /*
137 * 0x9A VENDOR
138 */
139 #define WIN_PACKETCMD 0xA0 /* Send a packet command. */
140 #define WIN_PIDENTIFY 0xA1 /* identify ATAPI device */
141 #define WIN_QUEUED_SERVICE 0xA2
142 #define WIN_SMART 0xB0 /* self-monitoring and reporting */
143 #define CFA_ERASE_SECTORS 0xC0
144 #define WIN_MULTREAD 0xC4 /* read sectors using multiple mode*/
145 #define WIN_MULTWRITE 0xC5 /* write sectors using multiple mode */
146 #define WIN_SETMULT 0xC6 /* enable/disable multiple mode */
147 #define WIN_READDMA_QUEUED 0xC7 /* read sectors using Queued DMA transfers */
148 #define WIN_READDMA 0xC8 /* read sectors using DMA transfers */
149 #define WIN_READDMA_ONCE 0xC9 /* 28-Bit - without retries */
150 #define WIN_WRITEDMA 0xCA /* write sectors using DMA transfers */
151 #define WIN_WRITEDMA_ONCE 0xCB /* 28-Bit - without retries */
152 #define WIN_WRITEDMA_QUEUED 0xCC /* write sectors using Queued DMA transfers */
153 #define CFA_WRITE_MULTI_WO_ERASE 0xCD /* CFA Write multiple without erase */
154 #define WIN_GETMEDIASTATUS 0xDA
155 #define WIN_ACKMEDIACHANGE 0xDB /* ATA-1, ATA-2 vendor */
156 #define WIN_POSTBOOT 0xDC
157 #define WIN_PREBOOT 0xDD
158 #define WIN_DOORLOCK 0xDE /* lock door on removable drives */
159 #define WIN_DOORUNLOCK 0xDF /* unlock door on removable drives */
160 #define WIN_STANDBYNOW1 0xE0
161 #define WIN_IDLEIMMEDIATE 0xE1 /* force drive to become "ready" */
162 #define WIN_STANDBY 0xE2 /* Set device in Standby Mode */
163 #define WIN_SETIDLE1 0xE3
164 #define WIN_READ_BUFFER 0xE4 /* force read only 1 sector */
165 #define WIN_CHECKPOWERMODE1 0xE5
166 #define WIN_SLEEPNOW1 0xE6
167 #define WIN_FLUSH_CACHE 0xE7
168 #define WIN_WRITE_BUFFER 0xE8 /* force write only 1 sector */
169 #define WIN_WRITE_SAME 0xE9 /* read ata-2 to use */
170 /* SET_FEATURES 0x22 or 0xDD */
171 #define WIN_FLUSH_CACHE_EXT 0xEA /* 48-Bit */
172 #define WIN_IDENTIFY 0xEC /* ask drive to identify itself */
173 #define WIN_MEDIAEJECT 0xED
174 #define WIN_IDENTIFY_DMA 0xEE /* same as WIN_IDENTIFY, but DMA */
175 #define WIN_SETFEATURES 0xEF /* set special drive features */
176 #define EXABYTE_ENABLE_NEST 0xF0
177 #define WIN_SECURITY_SET_PASS 0xF1
178 #define WIN_SECURITY_UNLOCK 0xF2
179 #define WIN_SECURITY_ERASE_PREPARE 0xF3
180 #define WIN_SECURITY_ERASE_UNIT 0xF4
181 #define WIN_SECURITY_FREEZE_LOCK 0xF5
182 #define WIN_SECURITY_DISABLE 0xF6
183 #define WIN_READ_NATIVE_MAX 0xF8 /* return the native maximum address */
184 #define WIN_SET_MAX 0xF9
185 #define DISABLE_SEAGATE 0xFB
186
187 /* set to 1 set disable mult support */
188 #define MAX_MULT_SECTORS 16
189
190 /* ATAPI defines */
191
192 #define ATAPI_PACKET_SIZE 12
193
194 /* The generic packet command opcodes for CD/DVD Logical Units,
195 * From Table 57 of the SFF8090 Ver. 3 (Mt. Fuji) draft standard. */
196 #define GPCMD_BLANK 0xa1
197 #define GPCMD_CLOSE_TRACK 0x5b
198 #define GPCMD_FLUSH_CACHE 0x35
199 #define GPCMD_FORMAT_UNIT 0x04
200 #define GPCMD_GET_CONFIGURATION 0x46
201 #define GPCMD_GET_EVENT_STATUS_NOTIFICATION 0x4a
202 #define GPCMD_GET_PERFORMANCE 0xac
203 #define GPCMD_INQUIRY 0x12
204 #define GPCMD_LOAD_UNLOAD 0xa6
205 #define GPCMD_MECHANISM_STATUS 0xbd
206 #define GPCMD_MODE_SELECT_10 0x55
207 #define GPCMD_MODE_SENSE_10 0x5a
208 #define GPCMD_PAUSE_RESUME 0x4b
209 #define GPCMD_PLAY_AUDIO_10 0x45
210 #define GPCMD_PLAY_AUDIO_MSF 0x47
211 #define GPCMD_PLAY_AUDIO_TI 0x48
212 #define GPCMD_PLAY_CD 0xbc
213 #define GPCMD_PREVENT_ALLOW_MEDIUM_REMOVAL 0x1e
214 #define GPCMD_READ_10 0x28
215 #define GPCMD_READ_12 0xa8
216 #define GPCMD_READ_CDVD_CAPACITY 0x25
217 #define GPCMD_READ_CD 0xbe
218 #define GPCMD_READ_CD_MSF 0xb9
219 #define GPCMD_READ_DISC_INFO 0x51
220 #define GPCMD_READ_DVD_STRUCTURE 0xad
221 #define GPCMD_READ_FORMAT_CAPACITIES 0x23
222 #define GPCMD_READ_HEADER 0x44
223 #define GPCMD_READ_TRACK_RZONE_INFO 0x52
224 #define GPCMD_READ_SUBCHANNEL 0x42
225 #define GPCMD_READ_TOC_PMA_ATIP 0x43
226 #define GPCMD_REPAIR_RZONE_TRACK 0x58
227 #define GPCMD_REPORT_KEY 0xa4
228 #define GPCMD_REQUEST_SENSE 0x03
229 #define GPCMD_RESERVE_RZONE_TRACK 0x53
230 #define GPCMD_SCAN 0xba
231 #define GPCMD_SEEK 0x2b
232 #define GPCMD_SEND_DVD_STRUCTURE 0xad
233 #define GPCMD_SEND_EVENT 0xa2
234 #define GPCMD_SEND_KEY 0xa3
235 #define GPCMD_SEND_OPC 0x54
236 #define GPCMD_SET_READ_AHEAD 0xa7
237 #define GPCMD_SET_STREAMING 0xb6
238 #define GPCMD_START_STOP_UNIT 0x1b
239 #define GPCMD_STOP_PLAY_SCAN 0x4e
240 #define GPCMD_TEST_UNIT_READY 0x00
241 #define GPCMD_VERIFY_10 0x2f
242 #define GPCMD_WRITE_10 0x2a
243 #define GPCMD_WRITE_AND_VERIFY_10 0x2e
244 /* This is listed as optional in ATAPI 2.6, but is (curiously)
245 * missing from Mt. Fuji, Table 57. It _is_ mentioned in Mt. Fuji
246 * Table 377 as an MMC command for SCSi devices though... Most ATAPI
247 * drives support it. */
248 #define GPCMD_SET_SPEED 0xbb
249 /* This seems to be a SCSI specific CD-ROM opcode
250 * to play data at track/index */
251 #define GPCMD_PLAYAUDIO_TI 0x48
252 /*
253 * From MS Media Status Notification Support Specification. For
254 * older drives only.
255 */
256 #define GPCMD_GET_MEDIA_STATUS 0xda
257
258 /* Mode page codes for mode sense/set */
259 #define GPMODE_R_W_ERROR_PAGE 0x01
260 #define GPMODE_WRITE_PARMS_PAGE 0x05
261 #define GPMODE_AUDIO_CTL_PAGE 0x0e
262 #define GPMODE_POWER_PAGE 0x1a
263 #define GPMODE_FAULT_FAIL_PAGE 0x1c
264 #define GPMODE_TO_PROTECT_PAGE 0x1d
265 #define GPMODE_CAPABILITIES_PAGE 0x2a
266 #define GPMODE_ALL_PAGES 0x3f
267 /* Not in Mt. Fuji, but in ATAPI 2.6 -- depricated now in favor
268 * of MODE_SENSE_POWER_PAGE */
269 #define GPMODE_CDROM_PAGE 0x0d
270
271 #define ATAPI_INT_REASON_CD 0x01 /* 0 = data transfer */
272 #define ATAPI_INT_REASON_IO 0x02 /* 1 = transfer to the host */
273 #define ATAPI_INT_REASON_REL 0x04
274 #define ATAPI_INT_REASON_TAG 0xf8
275
276 /* same constants as bochs */
277 #define ASC_ILLEGAL_OPCODE 0x20
278 #define ASC_LOGICAL_BLOCK_OOR 0x21
279 #define ASC_INV_FIELD_IN_CMD_PACKET 0x24
280 #define ASC_MEDIUM_NOT_PRESENT 0x3a
281 #define ASC_SAVING_PARAMETERS_NOT_SUPPORTED 0x39
282
283 #define SENSE_NONE 0
284 #define SENSE_NOT_READY 2
285 #define SENSE_ILLEGAL_REQUEST 5
286 #define SENSE_UNIT_ATTENTION 6
287
288 struct IDEState;
289
290 typedef void EndTransferFunc(struct IDEState *);
291
292 /* NOTE: IDEState represents in fact one drive */
293 typedef struct IDEState {
294 /* ide config */
295 int is_cdrom;
296 int cylinders, heads, sectors;
297 int64_t nb_sectors;
298 int mult_sectors;
299 int identify_set;
300 uint16_t identify_data[256];
301 SetIRQFunc *set_irq;
302 void *irq_opaque;
303 int irq;
304 PCIDevice *pci_dev;
305 struct BMDMAState *bmdma;
306 int drive_serial;
307 /* ide regs */
308 uint8_t feature;
309 uint8_t error;
310 uint32_t nsector;
311 uint8_t sector;
312 uint8_t lcyl;
313 uint8_t hcyl;
314 /* other part of tf for lba48 support */
315 uint8_t hob_feature;
316 uint8_t hob_nsector;
317 uint8_t hob_sector;
318 uint8_t hob_lcyl;
319 uint8_t hob_hcyl;
320
321 uint8_t select;
322 uint8_t status;
323
324 /* 0x3f6 command, only meaningful for drive 0 */
325 uint8_t cmd;
326 /* set for lba48 access */
327 uint8_t lba48;
328 /* depends on bit 4 in select, only meaningful for drive 0 */
329 struct IDEState *cur_drive;
330 BlockDriverState *bs;
331 /* ATAPI specific */
332 uint8_t sense_key;
333 uint8_t asc;
334 int packet_transfer_size;
335 int elementary_transfer_size;
336 int io_buffer_index;
337 int lba;
338 int cd_sector_size;
339 int atapi_dma; /* true if dma is requested for the packet cmd */
340 /* ATA DMA state */
341 int io_buffer_size;
342 /* PIO transfer handling */
343 int req_nb_sectors; /* number of sectors per interrupt */
344 EndTransferFunc *end_transfer_func;
345 uint8_t *data_ptr;
346 uint8_t *data_end;
347 uint8_t io_buffer[MAX_MULT_SECTORS*512 + 4];
348 QEMUTimer *sector_write_timer; /* only used for win2k instal hack */
349 uint32_t irq_count; /* counts IRQs when using win2k install hack */
350 } IDEState;
351
352 #define BM_STATUS_DMAING 0x01
353 #define BM_STATUS_ERROR 0x02
354 #define BM_STATUS_INT 0x04
355
356 #define BM_CMD_START 0x01
357 #define BM_CMD_READ 0x08
358
359 #define IDE_TYPE_PIIX3 0
360 #define IDE_TYPE_CMD646 1
361
362 /* CMD646 specific */
363 #define MRDMODE 0x71
364 #define MRDMODE_INTR_CH0 0x04
365 #define MRDMODE_INTR_CH1 0x08
366 #define MRDMODE_BLK_CH0 0x10
367 #define MRDMODE_BLK_CH1 0x20
368 #define UDIDETCR0 0x73
369 #define UDIDETCR1 0x7B
370
371 typedef int IDEDMAFunc(IDEState *s,
372 target_phys_addr_t phys_addr,
373 int transfer_size1);
374
375 typedef struct BMDMAState {
376 uint8_t cmd;
377 uint8_t status;
378 uint32_t addr;
379
380 struct PCIIDEState *pci_dev;
381 /* current transfer state */
382 IDEState *ide_if;
383 IDEDMAFunc *dma_cb;
384 } BMDMAState;
385
386 typedef struct PCIIDEState {
387 PCIDevice dev;
388 IDEState ide_if[4];
389 BMDMAState bmdma[2];
390 int type; /* see IDE_TYPE_xxx */
391 } PCIIDEState;
392
393 static void ide_dma_start(IDEState *s, IDEDMAFunc *dma_cb);
394
395 static void padstr(char *str, const char *src, int len)
396 {
397 int i, v;
398 for(i = 0; i < len; i++) {
399 if (*src)
400 v = *src++;
401 else
402 v = ' ';
403 *(char *)((long)str ^ 1) = v;
404 str++;
405 }
406 }
407
408 static void padstr8(uint8_t *buf, int buf_size, const char *src)
409 {
410 int i;
411 for(i = 0; i < buf_size; i++) {
412 if (*src)
413 buf[i] = *src++;
414 else
415 buf[i] = ' ';
416 }
417 }
418
419 static void put_le16(uint16_t *p, unsigned int v)
420 {
421 *p = cpu_to_le16(v);
422 }
423
424 static void ide_identify(IDEState *s)
425 {
426 uint16_t *p;
427 unsigned int oldsize;
428 char buf[20];
429
430 if (s->identify_set) {
431 memcpy(s->io_buffer, s->identify_data, sizeof(s->identify_data));
432 return;
433 }
434
435 memset(s->io_buffer, 0, 512);
436 p = (uint16_t *)s->io_buffer;
437 put_le16(p + 0, 0x0040);
438 put_le16(p + 1, s->cylinders);
439 put_le16(p + 3, s->heads);
440 put_le16(p + 4, 512 * s->sectors); /* XXX: retired, remove ? */
441 put_le16(p + 5, 512); /* XXX: retired, remove ? */
442 put_le16(p + 6, s->sectors);
443 snprintf(buf, sizeof(buf), "QM%05d", s->drive_serial);
444 padstr((uint8_t *)(p + 10), buf, 20); /* serial number */
445 put_le16(p + 20, 3); /* XXX: retired, remove ? */
446 put_le16(p + 21, 512); /* cache size in sectors */
447 put_le16(p + 22, 4); /* ecc bytes */
448 padstr((uint8_t *)(p + 23), QEMU_VERSION, 8); /* firmware version */
449 padstr((uint8_t *)(p + 27), "QEMU HARDDISK", 40); /* model */
450 #if MAX_MULT_SECTORS > 1
451 put_le16(p + 47, 0x8000 | MAX_MULT_SECTORS);
452 #endif
453 put_le16(p + 48, 1); /* dword I/O */
454 put_le16(p + 49, (1 << 11) | (1 << 9) | (1 << 8)); /* DMA and LBA supported */
455 put_le16(p + 51, 0x200); /* PIO transfer cycle */
456 put_le16(p + 52, 0x200); /* DMA transfer cycle */
457 put_le16(p + 53, 1 | (1 << 1) | (1 << 2)); /* words 54-58,64-70,88 are valid */
458 put_le16(p + 54, s->cylinders);
459 put_le16(p + 55, s->heads);
460 put_le16(p + 56, s->sectors);
461 oldsize = s->cylinders * s->heads * s->sectors;
462 put_le16(p + 57, oldsize);
463 put_le16(p + 58, oldsize >> 16);
464 if (s->mult_sectors)
465 put_le16(p + 59, 0x100 | s->mult_sectors);
466 put_le16(p + 60, s->nb_sectors);
467 put_le16(p + 61, s->nb_sectors >> 16);
468 put_le16(p + 63, 0x07); /* mdma0-2 supported */
469 put_le16(p + 65, 120);
470 put_le16(p + 66, 120);
471 put_le16(p + 67, 120);
472 put_le16(p + 68, 120);
473 put_le16(p + 80, 0xf0); /* ata3 -> ata6 supported */
474 put_le16(p + 81, 0x16); /* conforms to ata5 */
475 put_le16(p + 82, (1 << 14));
476 /* 13=flush_cache_ext,12=flush_cache,10=lba48 */
477 put_le16(p + 83, (1 << 14) | (1 << 13) | (1 <<12) | (1 << 10));
478 put_le16(p + 84, (1 << 14));
479 put_le16(p + 85, (1 << 14));
480 /* 13=flush_cache_ext,12=flush_cache,10=lba48 */
481 put_le16(p + 86, (1 << 14) | (1 << 13) | (1 <<12) | (1 << 10));
482 put_le16(p + 87, (1 << 14));
483 put_le16(p + 88, 0x3f | (1 << 13)); /* udma5 set and supported */
484 put_le16(p + 93, 1 | (1 << 14) | 0x2000);
485 put_le16(p + 100, s->nb_sectors);
486 put_le16(p + 101, s->nb_sectors >> 16);
487 put_le16(p + 102, s->nb_sectors >> 32);
488 put_le16(p + 103, s->nb_sectors >> 48);
489
490 memcpy(s->identify_data, p, sizeof(s->identify_data));
491 s->identify_set = 1;
492 }
493
494 static void ide_atapi_identify(IDEState *s)
495 {
496 uint16_t *p;
497 char buf[20];
498
499 if (s->identify_set) {
500 memcpy(s->io_buffer, s->identify_data, sizeof(s->identify_data));
501 return;
502 }
503
504 memset(s->io_buffer, 0, 512);
505 p = (uint16_t *)s->io_buffer;
506 /* Removable CDROM, 50us response, 12 byte packets */
507 put_le16(p + 0, (2 << 14) | (5 << 8) | (1 << 7) | (2 << 5) | (0 << 0));
508 snprintf(buf, sizeof(buf), "QM%05d", s->drive_serial);
509 padstr((uint8_t *)(p + 10), buf, 20); /* serial number */
510 put_le16(p + 20, 3); /* buffer type */
511 put_le16(p + 21, 512); /* cache size in sectors */
512 put_le16(p + 22, 4); /* ecc bytes */
513 padstr((uint8_t *)(p + 23), QEMU_VERSION, 8); /* firmware version */
514 padstr((uint8_t *)(p + 27), "QEMU CD-ROM", 40); /* model */
515 put_le16(p + 48, 1); /* dword I/O (XXX: should not be set on CDROM) */
516 put_le16(p + 49, 1 << 9); /* LBA supported, no DMA */
517 put_le16(p + 53, 3); /* words 64-70, 54-58 valid */
518 put_le16(p + 63, 0x103); /* DMA modes XXX: may be incorrect */
519 put_le16(p + 64, 1); /* PIO modes */
520 put_le16(p + 65, 0xb4); /* minimum DMA multiword tx cycle time */
521 put_le16(p + 66, 0xb4); /* recommended DMA multiword tx cycle time */
522 put_le16(p + 67, 0x12c); /* minimum PIO cycle time without flow control */
523 put_le16(p + 68, 0xb4); /* minimum PIO cycle time with IORDY flow control */
524
525 put_le16(p + 71, 30); /* in ns */
526 put_le16(p + 72, 30); /* in ns */
527
528 put_le16(p + 80, 0x1e); /* support up to ATA/ATAPI-4 */
529
530 memcpy(s->identify_data, p, sizeof(s->identify_data));
531 s->identify_set = 1;
532 }
533
534 static void ide_set_signature(IDEState *s)
535 {
536 s->select &= 0xf0; /* clear head */
537 /* put signature */
538 s->nsector = 1;
539 s->sector = 1;
540 if (s->is_cdrom) {
541 s->lcyl = 0x14;
542 s->hcyl = 0xeb;
543 } else if (s->bs) {
544 s->lcyl = 0;
545 s->hcyl = 0;
546 } else {
547 s->lcyl = 0xff;
548 s->hcyl = 0xff;
549 }
550 }
551
552 static inline void ide_abort_command(IDEState *s)
553 {
554 s->status = READY_STAT | ERR_STAT;
555 s->error = ABRT_ERR;
556 }
557
558 static inline void ide_set_irq(IDEState *s)
559 {
560 BMDMAState *bm = s->bmdma;
561 if (!(s->cmd & IDE_CMD_DISABLE_IRQ)) {
562 if (bm) {
563 bm->status |= BM_STATUS_INT;
564 }
565 s->set_irq(s->irq_opaque, s->irq, 1);
566 }
567 }
568
569 /* prepare data transfer and tell what to do after */
570 static void ide_transfer_start(IDEState *s, uint8_t *buf, int size,
571 EndTransferFunc *end_transfer_func)
572 {
573 s->end_transfer_func = end_transfer_func;
574 s->data_ptr = buf;
575 s->data_end = buf + size;
576 s->status |= DRQ_STAT;
577 }
578
579 static void ide_transfer_stop(IDEState *s)
580 {
581 s->end_transfer_func = ide_transfer_stop;
582 s->data_ptr = s->io_buffer;
583 s->data_end = s->io_buffer;
584 s->status &= ~DRQ_STAT;
585 }
586
587 static int64_t ide_get_sector(IDEState *s)
588 {
589 int64_t sector_num;
590 if (s->select & 0x40) {
591 /* lba */
592 if (!s->lba48) {
593 sector_num = ((s->select & 0x0f) << 24) | (s->hcyl << 16) |
594 (s->lcyl << 8) | s->sector;
595 } else {
596 sector_num = ((int64_t)s->hob_hcyl << 40) |
597 ((int64_t) s->hob_lcyl << 32) |
598 ((int64_t) s->hob_sector << 24) |
599 ((int64_t) s->hcyl << 16) |
600 ((int64_t) s->lcyl << 8) | s->sector;
601 }
602 } else {
603 sector_num = ((s->hcyl << 8) | s->lcyl) * s->heads * s->sectors +
604 (s->select & 0x0f) * s->sectors + (s->sector - 1);
605 }
606 return sector_num;
607 }
608
609 static void ide_set_sector(IDEState *s, int64_t sector_num)
610 {
611 unsigned int cyl, r;
612 if (s->select & 0x40) {
613 if (!s->lba48) {
614 s->select = (s->select & 0xf0) | (sector_num >> 24);
615 s->hcyl = (sector_num >> 16);
616 s->lcyl = (sector_num >> 8);
617 s->sector = (sector_num);
618 } else {
619 s->sector = sector_num;
620 s->lcyl = sector_num >> 8;
621 s->hcyl = sector_num >> 16;
622 s->hob_sector = sector_num >> 24;
623 s->hob_lcyl = sector_num >> 32;
624 s->hob_hcyl = sector_num >> 40;
625 }
626 } else {
627 cyl = sector_num / (s->heads * s->sectors);
628 r = sector_num % (s->heads * s->sectors);
629 s->hcyl = cyl >> 8;
630 s->lcyl = cyl;
631 s->select = (s->select & 0xf0) | ((r / s->sectors) & 0x0f);
632 s->sector = (r % s->sectors) + 1;
633 }
634 }
635
636 static void ide_sector_read(IDEState *s)
637 {
638 int64_t sector_num;
639 int ret, n;
640
641 s->status = READY_STAT | SEEK_STAT;
642 s->error = 0; /* not needed by IDE spec, but needed by Windows */
643 sector_num = ide_get_sector(s);
644 n = s->nsector;
645 if (n == 0) {
646 /* no more sector to read from disk */
647 ide_transfer_stop(s);
648 } else {
649 #if defined(DEBUG_IDE)
650 printf("read sector=%Ld\n", sector_num);
651 #endif
652 if (n > s->req_nb_sectors)
653 n = s->req_nb_sectors;
654 ret = bdrv_read(s->bs, sector_num, s->io_buffer, n);
655 ide_transfer_start(s, s->io_buffer, 512 * n, ide_sector_read);
656 ide_set_irq(s);
657 ide_set_sector(s, sector_num + n);
658 s->nsector -= n;
659 }
660 }
661
662 static int ide_read_dma_cb(IDEState *s,
663 target_phys_addr_t phys_addr,
664 int transfer_size1)
665 {
666 int len, transfer_size, n;
667 int64_t sector_num;
668
669 transfer_size = transfer_size1;
670 while (transfer_size > 0) {
671 len = s->io_buffer_size - s->io_buffer_index;
672 if (len <= 0) {
673 /* transfert next data */
674 n = s->nsector;
675 if (n == 0)
676 break;
677 if (n > MAX_MULT_SECTORS)
678 n = MAX_MULT_SECTORS;
679 sector_num = ide_get_sector(s);
680 bdrv_read(s->bs, sector_num, s->io_buffer, n);
681 s->io_buffer_index = 0;
682 s->io_buffer_size = n * 512;
683 len = s->io_buffer_size;
684 sector_num += n;
685 ide_set_sector(s, sector_num);
686 s->nsector -= n;
687 }
688 if (len > transfer_size)
689 len = transfer_size;
690 cpu_physical_memory_write(phys_addr,
691 s->io_buffer + s->io_buffer_index, len);
692 s->io_buffer_index += len;
693 transfer_size -= len;
694 phys_addr += len;
695 }
696 if (s->io_buffer_index >= s->io_buffer_size && s->nsector == 0) {
697 s->status = READY_STAT | SEEK_STAT;
698 ide_set_irq(s);
699 #ifdef DEBUG_IDE_ATAPI
700 printf("dma status=0x%x\n", s->status);
701 #endif
702 return 0;
703 }
704 return transfer_size1 - transfer_size;
705 }
706
707 static void ide_sector_read_dma(IDEState *s)
708 {
709 s->status = READY_STAT | SEEK_STAT | DRQ_STAT;
710 s->io_buffer_index = 0;
711 s->io_buffer_size = 0;
712 ide_dma_start(s, ide_read_dma_cb);
713 }
714
715 static void ide_sector_write_timer_cb(void *opaque)
716 {
717 IDEState *s = opaque;
718 ide_set_irq(s);
719 }
720
721 static void ide_sector_write(IDEState *s)
722 {
723 int64_t sector_num;
724 int ret, n, n1;
725
726 s->status = READY_STAT | SEEK_STAT;
727 sector_num = ide_get_sector(s);
728 #if defined(DEBUG_IDE)
729 printf("write sector=%Ld\n", sector_num);
730 #endif
731 n = s->nsector;
732 if (n > s->req_nb_sectors)
733 n = s->req_nb_sectors;
734 ret = bdrv_write(s->bs, sector_num, s->io_buffer, n);
735 s->nsector -= n;
736 if (s->nsector == 0) {
737 /* no more sector to write */
738 ide_transfer_stop(s);
739 } else {
740 n1 = s->nsector;
741 if (n1 > s->req_nb_sectors)
742 n1 = s->req_nb_sectors;
743 ide_transfer_start(s, s->io_buffer, 512 * n1, ide_sector_write);
744 }
745 ide_set_sector(s, sector_num + n);
746
747 #ifdef TARGET_I386
748 if (win2k_install_hack && ((++s->irq_count % 16) == 0)) {
749 /* It seems there is a bug in the Windows 2000 installer HDD
750 IDE driver which fills the disk with empty logs when the
751 IDE write IRQ comes too early. This hack tries to correct
752 that at the expense of slower write performances. Use this
753 option _only_ to install Windows 2000. You must disable it
754 for normal use. */
755 qemu_mod_timer(s->sector_write_timer,
756 qemu_get_clock(vm_clock) + (ticks_per_sec / 1000));
757 } else
758 #endif
759 {
760 ide_set_irq(s);
761 }
762 }
763
764 static int ide_write_dma_cb(IDEState *s,
765 target_phys_addr_t phys_addr,
766 int transfer_size1)
767 {
768 int len, transfer_size, n;
769 int64_t sector_num;
770
771 transfer_size = transfer_size1;
772 for(;;) {
773 len = s->io_buffer_size - s->io_buffer_index;
774 if (len == 0) {
775 n = s->io_buffer_size >> 9;
776 sector_num = ide_get_sector(s);
777 bdrv_write(s->bs, sector_num, s->io_buffer,
778 s->io_buffer_size >> 9);
779 sector_num += n;
780 ide_set_sector(s, sector_num);
781 s->nsector -= n;
782 n = s->nsector;
783 if (n == 0) {
784 /* end of transfer */
785 s->status = READY_STAT | SEEK_STAT;
786 #ifdef TARGET_I386
787 if (win2k_install_hack && ((++s->irq_count % 16) == 0)) {
788 /* It seems there is a bug in the Windows 2000 installer
789 HDD IDE driver which fills the disk with empty logs
790 when the IDE write IRQ comes too early. This hack tries
791 to correct that at the expense of slower write
792 performances. Use this option _only_ to install Windows
793 2000. You must disable it for normal use. */
794 qemu_mod_timer(s->sector_write_timer,
795 qemu_get_clock(vm_clock) + (ticks_per_sec / 1000));
796 } else
797 #endif
798 ide_set_irq(s);
799 return 0;
800 }
801 if (n > MAX_MULT_SECTORS)
802 n = MAX_MULT_SECTORS;
803 s->io_buffer_index = 0;
804 s->io_buffer_size = n * 512;
805 len = s->io_buffer_size;
806 }
807 if (transfer_size <= 0)
808 break;
809 if (len > transfer_size)
810 len = transfer_size;
811 cpu_physical_memory_read(phys_addr,
812 s->io_buffer + s->io_buffer_index, len);
813 s->io_buffer_index += len;
814 transfer_size -= len;
815 phys_addr += len;
816 }
817 return transfer_size1 - transfer_size;
818 }
819
820 static void ide_sector_write_dma(IDEState *s)
821 {
822 int n;
823 s->status = READY_STAT | SEEK_STAT | DRQ_STAT;
824 n = s->nsector;
825 if (n > MAX_MULT_SECTORS)
826 n = MAX_MULT_SECTORS;
827 s->io_buffer_index = 0;
828 s->io_buffer_size = n * 512;
829 ide_dma_start(s, ide_write_dma_cb);
830 }
831
832 static void ide_atapi_cmd_ok(IDEState *s)
833 {
834 s->error = 0;
835 s->status = READY_STAT;
836 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
837 ide_set_irq(s);
838 }
839
840 static void ide_atapi_cmd_error(IDEState *s, int sense_key, int asc)
841 {
842 #ifdef DEBUG_IDE_ATAPI
843 printf("atapi_cmd_error: sense=0x%x asc=0x%x\n", sense_key, asc);
844 #endif
845 s->error = sense_key << 4;
846 s->status = READY_STAT | ERR_STAT;
847 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
848 s->sense_key = sense_key;
849 s->asc = asc;
850 ide_set_irq(s);
851 }
852
853 static inline void cpu_to_ube16(uint8_t *buf, int val)
854 {
855 buf[0] = val >> 8;
856 buf[1] = val;
857 }
858
859 static inline void cpu_to_ube32(uint8_t *buf, unsigned int val)
860 {
861 buf[0] = val >> 24;
862 buf[1] = val >> 16;
863 buf[2] = val >> 8;
864 buf[3] = val;
865 }
866
867 static inline int ube16_to_cpu(const uint8_t *buf)
868 {
869 return (buf[0] << 8) | buf[1];
870 }
871
872 static inline int ube32_to_cpu(const uint8_t *buf)
873 {
874 return (buf[0] << 24) | (buf[1] << 16) | (buf[2] << 8) | buf[3];
875 }
876
877 static void lba_to_msf(uint8_t *buf, int lba)
878 {
879 lba += 150;
880 buf[0] = (lba / 75) / 60;
881 buf[1] = (lba / 75) % 60;
882 buf[2] = lba % 75;
883 }
884
885 static void cd_read_sector(BlockDriverState *bs, int lba, uint8_t *buf,
886 int sector_size)
887 {
888 switch(sector_size) {
889 case 2048:
890 bdrv_read(bs, (int64_t)lba << 2, buf, 4);
891 break;
892 case 2352:
893 /* sync bytes */
894 buf[0] = 0x00;
895 memset(buf + 1, 0xff, 10);
896 buf[11] = 0x00;
897 buf += 12;
898 /* MSF */
899 lba_to_msf(buf, lba);
900 buf[3] = 0x01; /* mode 1 data */
901 buf += 4;
902 /* data */
903 bdrv_read(bs, (int64_t)lba << 2, buf, 4);
904 buf += 2048;
905 /* ECC */
906 memset(buf, 0, 288);
907 break;
908 default:
909 break;
910 }
911 }
912
913 /* The whole ATAPI transfer logic is handled in this function */
914 static void ide_atapi_cmd_reply_end(IDEState *s)
915 {
916 int byte_count_limit, size;
917 #ifdef DEBUG_IDE_ATAPI
918 printf("reply: tx_size=%d elem_tx_size=%d index=%d\n",
919 s->packet_transfer_size,
920 s->elementary_transfer_size,
921 s->io_buffer_index);
922 #endif
923 if (s->packet_transfer_size <= 0) {
924 /* end of transfer */
925 ide_transfer_stop(s);
926 s->status = READY_STAT;
927 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
928 ide_set_irq(s);
929 #ifdef DEBUG_IDE_ATAPI
930 printf("status=0x%x\n", s->status);
931 #endif
932 } else {
933 /* see if a new sector must be read */
934 if (s->lba != -1 && s->io_buffer_index >= s->cd_sector_size) {
935 cd_read_sector(s->bs, s->lba, s->io_buffer, s->cd_sector_size);
936 s->lba++;
937 s->io_buffer_index = 0;
938 }
939 if (s->elementary_transfer_size > 0) {
940 /* there are some data left to transmit in this elementary
941 transfer */
942 size = s->cd_sector_size - s->io_buffer_index;
943 if (size > s->elementary_transfer_size)
944 size = s->elementary_transfer_size;
945 ide_transfer_start(s, s->io_buffer + s->io_buffer_index,
946 size, ide_atapi_cmd_reply_end);
947 s->packet_transfer_size -= size;
948 s->elementary_transfer_size -= size;
949 s->io_buffer_index += size;
950 } else {
951 /* a new transfer is needed */
952 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO;
953 byte_count_limit = s->lcyl | (s->hcyl << 8);
954 #ifdef DEBUG_IDE_ATAPI
955 printf("byte_count_limit=%d\n", byte_count_limit);
956 #endif
957 if (byte_count_limit == 0xffff)
958 byte_count_limit--;
959 size = s->packet_transfer_size;
960 if (size > byte_count_limit) {
961 /* byte count limit must be even if this case */
962 if (byte_count_limit & 1)
963 byte_count_limit--;
964 size = byte_count_limit;
965 }
966 s->lcyl = size;
967 s->hcyl = size >> 8;
968 s->elementary_transfer_size = size;
969 /* we cannot transmit more than one sector at a time */
970 if (s->lba != -1) {
971 if (size > (s->cd_sector_size - s->io_buffer_index))
972 size = (s->cd_sector_size - s->io_buffer_index);
973 }
974 ide_transfer_start(s, s->io_buffer + s->io_buffer_index,
975 size, ide_atapi_cmd_reply_end);
976 s->packet_transfer_size -= size;
977 s->elementary_transfer_size -= size;
978 s->io_buffer_index += size;
979 ide_set_irq(s);
980 #ifdef DEBUG_IDE_ATAPI
981 printf("status=0x%x\n", s->status);
982 #endif
983 }
984 }
985 }
986
987 /* send a reply of 'size' bytes in s->io_buffer to an ATAPI command */
988 static void ide_atapi_cmd_reply(IDEState *s, int size, int max_size)
989 {
990 if (size > max_size)
991 size = max_size;
992 s->lba = -1; /* no sector read */
993 s->packet_transfer_size = size;
994 s->elementary_transfer_size = 0;
995 s->io_buffer_index = 0;
996
997 s->status = READY_STAT;
998 ide_atapi_cmd_reply_end(s);
999 }
1000
1001 /* start a CD-CDROM read command */
1002 static void ide_atapi_cmd_read_pio(IDEState *s, int lba, int nb_sectors,
1003 int sector_size)
1004 {
1005 s->lba = lba;
1006 s->packet_transfer_size = nb_sectors * sector_size;
1007 s->elementary_transfer_size = 0;
1008 s->io_buffer_index = sector_size;
1009 s->cd_sector_size = sector_size;
1010
1011 s->status = READY_STAT;
1012 ide_atapi_cmd_reply_end(s);
1013 }
1014
1015 /* ATAPI DMA support */
1016 static int ide_atapi_cmd_read_dma_cb(IDEState *s,
1017 target_phys_addr_t phys_addr,
1018 int transfer_size1)
1019 {
1020 int len, transfer_size;
1021
1022 transfer_size = transfer_size1;
1023 while (transfer_size > 0) {
1024 #ifdef DEBUG_IDE_ATAPI
1025 printf("transfer_size: %d phys_addr=%08x\n", transfer_size, phys_addr);
1026 #endif
1027 if (s->packet_transfer_size <= 0)
1028 break;
1029 len = s->cd_sector_size - s->io_buffer_index;
1030 if (len <= 0) {
1031 /* transfert next data */
1032 cd_read_sector(s->bs, s->lba, s->io_buffer, s->cd_sector_size);
1033 s->lba++;
1034 s->io_buffer_index = 0;
1035 len = s->cd_sector_size;
1036 }
1037 if (len > transfer_size)
1038 len = transfer_size;
1039 cpu_physical_memory_write(phys_addr,
1040 s->io_buffer + s->io_buffer_index, len);
1041 s->packet_transfer_size -= len;
1042 s->io_buffer_index += len;
1043 transfer_size -= len;
1044 phys_addr += len;
1045 }
1046 if (s->packet_transfer_size <= 0) {
1047 s->status = READY_STAT;
1048 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
1049 ide_set_irq(s);
1050 #ifdef DEBUG_IDE_ATAPI
1051 printf("dma status=0x%x\n", s->status);
1052 #endif
1053 return 0;
1054 }
1055 return transfer_size1 - transfer_size;
1056 }
1057
1058 /* start a CD-CDROM read command with DMA */
1059 /* XXX: test if DMA is available */
1060 static void ide_atapi_cmd_read_dma(IDEState *s, int lba, int nb_sectors,
1061 int sector_size)
1062 {
1063 s->lba = lba;
1064 s->packet_transfer_size = nb_sectors * sector_size;
1065 s->io_buffer_index = sector_size;
1066 s->cd_sector_size = sector_size;
1067
1068 s->status = READY_STAT | DRQ_STAT;
1069 ide_dma_start(s, ide_atapi_cmd_read_dma_cb);
1070 }
1071
1072 static void ide_atapi_cmd_read(IDEState *s, int lba, int nb_sectors,
1073 int sector_size)
1074 {
1075 #ifdef DEBUG_IDE_ATAPI
1076 printf("read: LBA=%d nb_sectors=%d\n", lba, nb_sectors);
1077 #endif
1078 if (s->atapi_dma) {
1079 ide_atapi_cmd_read_dma(s, lba, nb_sectors, sector_size);
1080 } else {
1081 ide_atapi_cmd_read_pio(s, lba, nb_sectors, sector_size);
1082 }
1083 }
1084
1085 static void ide_atapi_cmd(IDEState *s)
1086 {
1087 const uint8_t *packet;
1088 uint8_t *buf;
1089 int max_len;
1090
1091 packet = s->io_buffer;
1092 buf = s->io_buffer;
1093 #ifdef DEBUG_IDE_ATAPI
1094 {
1095 int i;
1096 printf("ATAPI limit=0x%x packet:", s->lcyl | (s->hcyl << 8));
1097 for(i = 0; i < ATAPI_PACKET_SIZE; i++) {
1098 printf(" %02x", packet[i]);
1099 }
1100 printf("\n");
1101 }
1102 #endif
1103 switch(s->io_buffer[0]) {
1104 case GPCMD_TEST_UNIT_READY:
1105 if (bdrv_is_inserted(s->bs)) {
1106 ide_atapi_cmd_ok(s);
1107 } else {
1108 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1109 ASC_MEDIUM_NOT_PRESENT);
1110 }
1111 break;
1112 case GPCMD_MODE_SENSE_10:
1113 {
1114 int action, code;
1115 max_len = ube16_to_cpu(packet + 7);
1116 action = packet[2] >> 6;
1117 code = packet[2] & 0x3f;
1118 switch(action) {
1119 case 0: /* current values */
1120 switch(code) {
1121 case 0x01: /* error recovery */
1122 cpu_to_ube16(&buf[0], 16 + 6);
1123 buf[2] = 0x70;
1124 buf[3] = 0;
1125 buf[4] = 0;
1126 buf[5] = 0;
1127 buf[6] = 0;
1128 buf[7] = 0;
1129
1130 buf[8] = 0x01;
1131 buf[9] = 0x06;
1132 buf[10] = 0x00;
1133 buf[11] = 0x05;
1134 buf[12] = 0x00;
1135 buf[13] = 0x00;
1136 buf[14] = 0x00;
1137 buf[15] = 0x00;
1138 ide_atapi_cmd_reply(s, 16, max_len);
1139 break;
1140 case 0x2a:
1141 cpu_to_ube16(&buf[0], 28 + 6);
1142 buf[2] = 0x70;
1143 buf[3] = 0;
1144 buf[4] = 0;
1145 buf[5] = 0;
1146 buf[6] = 0;
1147 buf[7] = 0;
1148
1149 buf[8] = 0x2a;
1150 buf[9] = 0x12;
1151 buf[10] = 0x00;
1152 buf[11] = 0x00;
1153
1154 buf[12] = 0x70;
1155 buf[13] = 3 << 5;
1156 buf[14] = (1 << 0) | (1 << 3) | (1 << 5);
1157 if (bdrv_is_locked(s->bs))
1158 buf[6] |= 1 << 1;
1159 buf[15] = 0x00;
1160 cpu_to_ube16(&buf[16], 706);
1161 buf[18] = 0;
1162 buf[19] = 2;
1163 cpu_to_ube16(&buf[20], 512);
1164 cpu_to_ube16(&buf[22], 706);
1165 buf[24] = 0;
1166 buf[25] = 0;
1167 buf[26] = 0;
1168 buf[27] = 0;
1169 ide_atapi_cmd_reply(s, 28, max_len);
1170 break;
1171 default:
1172 goto error_cmd;
1173 }
1174 break;
1175 case 1: /* changeable values */
1176 goto error_cmd;
1177 case 2: /* default values */
1178 goto error_cmd;
1179 default:
1180 case 3: /* saved values */
1181 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1182 ASC_SAVING_PARAMETERS_NOT_SUPPORTED);
1183 break;
1184 }
1185 }
1186 break;
1187 case GPCMD_REQUEST_SENSE:
1188 max_len = packet[4];
1189 memset(buf, 0, 18);
1190 buf[0] = 0x70 | (1 << 7);
1191 buf[2] = s->sense_key;
1192 buf[7] = 10;
1193 buf[12] = s->asc;
1194 ide_atapi_cmd_reply(s, 18, max_len);
1195 break;
1196 case GPCMD_PREVENT_ALLOW_MEDIUM_REMOVAL:
1197 if (bdrv_is_inserted(s->bs)) {
1198 bdrv_set_locked(s->bs, packet[4] & 1);
1199 ide_atapi_cmd_ok(s);
1200 } else {
1201 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1202 ASC_MEDIUM_NOT_PRESENT);
1203 }
1204 break;
1205 case GPCMD_READ_10:
1206 case GPCMD_READ_12:
1207 {
1208 int nb_sectors, lba;
1209
1210 if (!bdrv_is_inserted(s->bs)) {
1211 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1212 ASC_MEDIUM_NOT_PRESENT);
1213 break;
1214 }
1215 if (packet[0] == GPCMD_READ_10)
1216 nb_sectors = ube16_to_cpu(packet + 7);
1217 else
1218 nb_sectors = ube32_to_cpu(packet + 6);
1219 lba = ube32_to_cpu(packet + 2);
1220 if (nb_sectors == 0) {
1221 ide_atapi_cmd_ok(s);
1222 break;
1223 }
1224 if (((int64_t)(lba + nb_sectors) << 2) > s->nb_sectors) {
1225 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1226 ASC_LOGICAL_BLOCK_OOR);
1227 break;
1228 }
1229 ide_atapi_cmd_read(s, lba, nb_sectors, 2048);
1230 }
1231 break;
1232 case GPCMD_READ_CD:
1233 {
1234 int nb_sectors, lba, transfer_request;
1235
1236 if (!bdrv_is_inserted(s->bs)) {
1237 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1238 ASC_MEDIUM_NOT_PRESENT);
1239 break;
1240 }
1241 nb_sectors = (packet[6] << 16) | (packet[7] << 8) | packet[8];
1242 lba = ube32_to_cpu(packet + 2);
1243 if (nb_sectors == 0) {
1244 ide_atapi_cmd_ok(s);
1245 break;
1246 }
1247 if (((int64_t)(lba + nb_sectors) << 2) > s->nb_sectors) {
1248 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1249 ASC_LOGICAL_BLOCK_OOR);
1250 break;
1251 }
1252 transfer_request = packet[9];
1253 switch(transfer_request & 0xf8) {
1254 case 0x00:
1255 /* nothing */
1256 ide_atapi_cmd_ok(s);
1257 break;
1258 case 0x10:
1259 /* normal read */
1260 ide_atapi_cmd_read(s, lba, nb_sectors, 2048);
1261 break;
1262 case 0xf8:
1263 /* read all data */
1264 ide_atapi_cmd_read(s, lba, nb_sectors, 2352);
1265 break;
1266 default:
1267 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1268 ASC_INV_FIELD_IN_CMD_PACKET);
1269 break;
1270 }
1271 }
1272 break;
1273 case GPCMD_SEEK:
1274 {
1275 int lba;
1276 if (!bdrv_is_inserted(s->bs)) {
1277 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1278 ASC_MEDIUM_NOT_PRESENT);
1279 break;
1280 }
1281 lba = ube32_to_cpu(packet + 2);
1282 if (((int64_t)lba << 2) > s->nb_sectors) {
1283 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1284 ASC_LOGICAL_BLOCK_OOR);
1285 break;
1286 }
1287 ide_atapi_cmd_ok(s);
1288 }
1289 break;
1290 case GPCMD_START_STOP_UNIT:
1291 {
1292 int start, eject;
1293 start = packet[4] & 1;
1294 eject = (packet[4] >> 1) & 1;
1295
1296 if (eject && !start) {
1297 /* eject the disk */
1298 bdrv_close(s->bs);
1299 }
1300 ide_atapi_cmd_ok(s);
1301 }
1302 break;
1303 case GPCMD_MECHANISM_STATUS:
1304 {
1305 max_len = ube16_to_cpu(packet + 8);
1306 cpu_to_ube16(buf, 0);
1307 /* no current LBA */
1308 buf[2] = 0;
1309 buf[3] = 0;
1310 buf[4] = 0;
1311 buf[5] = 1;
1312 cpu_to_ube16(buf + 6, 0);
1313 ide_atapi_cmd_reply(s, 8, max_len);
1314 }
1315 break;
1316 case GPCMD_READ_TOC_PMA_ATIP:
1317 {
1318 int format, msf, start_track, len;
1319
1320 if (!bdrv_is_inserted(s->bs)) {
1321 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1322 ASC_MEDIUM_NOT_PRESENT);
1323 break;
1324 }
1325 max_len = ube16_to_cpu(packet + 7);
1326 format = packet[9] >> 6;
1327 msf = (packet[1] >> 1) & 1;
1328 start_track = packet[6];
1329 switch(format) {
1330 case 0:
1331 len = cdrom_read_toc(s->nb_sectors >> 2, buf, msf, start_track);
1332 if (len < 0)
1333 goto error_cmd;
1334 ide_atapi_cmd_reply(s, len, max_len);
1335 break;
1336 case 1:
1337 /* multi session : only a single session defined */
1338 memset(buf, 0, 12);
1339 buf[1] = 0x0a;
1340 buf[2] = 0x01;
1341 buf[3] = 0x01;
1342 ide_atapi_cmd_reply(s, 12, max_len);
1343 break;
1344 case 2:
1345 len = cdrom_read_toc_raw(s->nb_sectors >> 2, buf, msf, start_track);
1346 if (len < 0)
1347 goto error_cmd;
1348 ide_atapi_cmd_reply(s, len, max_len);
1349 break;
1350 default:
1351 error_cmd:
1352 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1353 ASC_INV_FIELD_IN_CMD_PACKET);
1354 break;
1355 }
1356 }
1357 break;
1358 case GPCMD_READ_CDVD_CAPACITY:
1359 if (!bdrv_is_inserted(s->bs)) {
1360 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1361 ASC_MEDIUM_NOT_PRESENT);
1362 break;
1363 }
1364 /* NOTE: it is really the number of sectors minus 1 */
1365 cpu_to_ube32(buf, (s->nb_sectors >> 2) - 1);
1366 cpu_to_ube32(buf + 4, 2048);
1367 ide_atapi_cmd_reply(s, 8, 8);
1368 break;
1369 case GPCMD_INQUIRY:
1370 max_len = packet[4];
1371 buf[0] = 0x05; /* CD-ROM */
1372 buf[1] = 0x80; /* removable */
1373 buf[2] = 0x00; /* ISO */
1374 buf[3] = 0x21; /* ATAPI-2 (XXX: put ATAPI-4 ?) */
1375 buf[4] = 31; /* additionnal length */
1376 buf[5] = 0; /* reserved */
1377 buf[6] = 0; /* reserved */
1378 buf[7] = 0; /* reserved */
1379 padstr8(buf + 8, 8, "QEMU");
1380 padstr8(buf + 16, 16, "QEMU CD-ROM");
1381 padstr8(buf + 32, 4, QEMU_VERSION);
1382 ide_atapi_cmd_reply(s, 36, max_len);
1383 break;
1384 default:
1385 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1386 ASC_ILLEGAL_OPCODE);
1387 break;
1388 }
1389 }
1390
1391 /* called when the inserted state of the media has changed */
1392 static void cdrom_change_cb(void *opaque)
1393 {
1394 IDEState *s = opaque;
1395 int64_t nb_sectors;
1396
1397 /* XXX: send interrupt too */
1398 bdrv_get_geometry(s->bs, &nb_sectors);
1399 s->nb_sectors = nb_sectors;
1400 }
1401
1402 static void ide_cmd_lba48_transform(IDEState *s, int lba48)
1403 {
1404 s->lba48 = lba48;
1405
1406 /* handle the 'magic' 0 nsector count conversion here. to avoid
1407 * fiddling with the rest of the read logic, we just store the
1408 * full sector count in ->nsector and ignore ->hob_nsector from now
1409 */
1410 if (!s->lba48) {
1411 if (!s->nsector)
1412 s->nsector = 256;
1413 } else {
1414 if (!s->nsector && !s->hob_nsector)
1415 s->nsector = 65536;
1416 else {
1417 int lo = s->nsector;
1418 int hi = s->hob_nsector;
1419
1420 s->nsector = (hi << 8) | lo;
1421 }
1422 }
1423 }
1424
1425 static void ide_clear_hob(IDEState *ide_if)
1426 {
1427 /* any write clears HOB high bit of device control register */
1428 ide_if[0].select &= ~(1 << 7);
1429 ide_if[1].select &= ~(1 << 7);
1430 }
1431
1432 static void ide_ioport_write(void *opaque, uint32_t addr, uint32_t val)
1433 {
1434 IDEState *ide_if = opaque;
1435 IDEState *s;
1436 int unit, n;
1437 int lba48 = 0;
1438
1439 #ifdef DEBUG_IDE
1440 printf("IDE: write addr=0x%x val=0x%02x\n", addr, val);
1441 #endif
1442
1443 addr &= 7;
1444 switch(addr) {
1445 case 0:
1446 break;
1447 case 1:
1448 ide_clear_hob(ide_if);
1449 /* NOTE: data is written to the two drives */
1450 ide_if[0].hob_feature = ide_if[0].feature;
1451 ide_if[1].hob_feature = ide_if[1].feature;
1452 ide_if[0].feature = val;
1453 ide_if[1].feature = val;
1454 break;
1455 case 2:
1456 ide_clear_hob(ide_if);
1457 ide_if[0].hob_nsector = ide_if[0].nsector;
1458 ide_if[1].hob_nsector = ide_if[1].nsector;
1459 ide_if[0].nsector = val;
1460 ide_if[1].nsector = val;
1461 break;
1462 case 3:
1463 ide_clear_hob(ide_if);
1464 ide_if[0].hob_sector = ide_if[0].sector;
1465 ide_if[1].hob_sector = ide_if[1].sector;
1466 ide_if[0].sector = val;
1467 ide_if[1].sector = val;
1468 break;
1469 case 4:
1470 ide_clear_hob(ide_if);
1471 ide_if[0].hob_lcyl = ide_if[0].lcyl;
1472 ide_if[1].hob_lcyl = ide_if[1].lcyl;
1473 ide_if[0].lcyl = val;
1474 ide_if[1].lcyl = val;
1475 break;
1476 case 5:
1477 ide_clear_hob(ide_if);
1478 ide_if[0].hob_hcyl = ide_if[0].hcyl;
1479 ide_if[1].hob_hcyl = ide_if[1].hcyl;
1480 ide_if[0].hcyl = val;
1481 ide_if[1].hcyl = val;
1482 break;
1483 case 6:
1484 /* FIXME: HOB readback uses bit 7 */
1485 ide_if[0].select = (val & ~0x10) | 0xa0;
1486 ide_if[1].select = (val | 0x10) | 0xa0;
1487 /* select drive */
1488 unit = (val >> 4) & 1;
1489 s = ide_if + unit;
1490 ide_if->cur_drive = s;
1491 break;
1492 default:
1493 case 7:
1494 /* command */
1495 #if defined(DEBUG_IDE)
1496 printf("ide: CMD=%02x\n", val);
1497 #endif
1498 s = ide_if->cur_drive;
1499 /* ignore commands to non existant slave */
1500 if (s != ide_if && !s->bs)
1501 break;
1502
1503 switch(val) {
1504 case WIN_IDENTIFY:
1505 if (s->bs && !s->is_cdrom) {
1506 ide_identify(s);
1507 s->status = READY_STAT | SEEK_STAT;
1508 ide_transfer_start(s, s->io_buffer, 512, ide_transfer_stop);
1509 } else {
1510 if (s->is_cdrom) {
1511 ide_set_signature(s);
1512 }
1513 ide_abort_command(s);
1514 }
1515 ide_set_irq(s);
1516 break;
1517 case WIN_SPECIFY:
1518 case WIN_RECAL:
1519 s->error = 0;
1520 s->status = READY_STAT | SEEK_STAT;
1521 ide_set_irq(s);
1522 break;
1523 case WIN_SETMULT:
1524 if (s->nsector > MAX_MULT_SECTORS ||
1525 s->nsector == 0 ||
1526 (s->nsector & (s->nsector - 1)) != 0) {
1527 ide_abort_command(s);
1528 } else {
1529 s->mult_sectors = s->nsector;
1530 s->status = READY_STAT;
1531 }
1532 ide_set_irq(s);
1533 break;
1534 case WIN_VERIFY_EXT:
1535 lba48 = 1;
1536 case WIN_VERIFY:
1537 case WIN_VERIFY_ONCE:
1538 /* do sector number check ? */
1539 ide_cmd_lba48_transform(s, lba48);
1540 s->status = READY_STAT;
1541 ide_set_irq(s);
1542 break;
1543 case WIN_READ_EXT:
1544 lba48 = 1;
1545 case WIN_READ:
1546 case WIN_READ_ONCE:
1547 if (!s->bs)
1548 goto abort_cmd;
1549 ide_cmd_lba48_transform(s, lba48);
1550 s->req_nb_sectors = 1;
1551 ide_sector_read(s);
1552 break;
1553 case WIN_WRITE_EXT:
1554 lba48 = 1;
1555 case WIN_WRITE:
1556 case WIN_WRITE_ONCE:
1557 ide_cmd_lba48_transform(s, lba48);
1558 s->error = 0;
1559 s->status = SEEK_STAT | READY_STAT;
1560 s->req_nb_sectors = 1;
1561 ide_transfer_start(s, s->io_buffer, 512, ide_sector_write);
1562 break;
1563 case WIN_MULTREAD_EXT:
1564 lba48 = 1;
1565 case WIN_MULTREAD:
1566 if (!s->mult_sectors)
1567 goto abort_cmd;
1568 ide_cmd_lba48_transform(s, lba48);
1569 s->req_nb_sectors = s->mult_sectors;
1570 ide_sector_read(s);
1571 break;
1572 case WIN_MULTWRITE_EXT:
1573 lba48 = 1;
1574 case WIN_MULTWRITE:
1575 if (!s->mult_sectors)
1576 goto abort_cmd;
1577 ide_cmd_lba48_transform(s, lba48);
1578 s->error = 0;
1579 s->status = SEEK_STAT | READY_STAT;
1580 s->req_nb_sectors = s->mult_sectors;
1581 n = s->nsector;
1582 if (n > s->req_nb_sectors)
1583 n = s->req_nb_sectors;
1584 ide_transfer_start(s, s->io_buffer, 512 * n, ide_sector_write);
1585 break;
1586 case WIN_READDMA_EXT:
1587 lba48 = 1;
1588 case WIN_READDMA:
1589 case WIN_READDMA_ONCE:
1590 if (!s->bs)
1591 goto abort_cmd;
1592 ide_cmd_lba48_transform(s, lba48);
1593 ide_sector_read_dma(s);
1594 break;
1595 case WIN_WRITEDMA_EXT:
1596 lba48 = 1;
1597 case WIN_WRITEDMA:
1598 case WIN_WRITEDMA_ONCE:
1599 if (!s->bs)
1600 goto abort_cmd;
1601 ide_cmd_lba48_transform(s, lba48);
1602 ide_sector_write_dma(s);
1603 break;
1604 case WIN_READ_NATIVE_MAX_EXT:
1605 lba48 = 1;
1606 case WIN_READ_NATIVE_MAX:
1607 ide_cmd_lba48_transform(s, lba48);
1608 ide_set_sector(s, s->nb_sectors - 1);
1609 s->status = READY_STAT;
1610 ide_set_irq(s);
1611 break;
1612 case WIN_CHECKPOWERMODE1:
1613 s->nsector = 0xff; /* device active or idle */
1614 s->status = READY_STAT;
1615 ide_set_irq(s);
1616 break;
1617 case WIN_SETFEATURES:
1618 if (!s->bs)
1619 goto abort_cmd;
1620 /* XXX: valid for CDROM ? */
1621 switch(s->feature) {
1622 case 0x02: /* write cache enable */
1623 case 0x82: /* write cache disable */
1624 case 0xaa: /* read look-ahead enable */
1625 case 0x55: /* read look-ahead disable */
1626 s->status = READY_STAT | SEEK_STAT;
1627 ide_set_irq(s);
1628 break;
1629 case 0x03: { /* set transfer mode */
1630 uint8_t val = s->nsector & 0x07;
1631
1632 switch (s->nsector >> 3) {
1633 case 0x00: /* pio default */
1634 case 0x01: /* pio mode */
1635 put_le16(s->identify_data + 63,0x07);
1636 put_le16(s->identify_data + 88,0x3f);
1637 break;
1638 case 0x04: /* mdma mode */
1639 put_le16(s->identify_data + 63,0x07 | (1 << (val + 8)));
1640 put_le16(s->identify_data + 88,0x3f);
1641 break;
1642 case 0x08: /* udma mode */
1643 put_le16(s->identify_data + 63,0x07);
1644 put_le16(s->identify_data + 88,0x3f | (1 << (val + 8)));
1645 break;
1646 default:
1647 goto abort_cmd;
1648 }
1649 s->status = READY_STAT | SEEK_STAT;
1650 ide_set_irq(s);
1651 break;
1652 }
1653 default:
1654 goto abort_cmd;
1655 }
1656 break;
1657 case WIN_FLUSH_CACHE:
1658 case WIN_FLUSH_CACHE_EXT:
1659 if (s->bs)
1660 bdrv_flush(s->bs);
1661 s->status = READY_STAT;
1662 ide_set_irq(s);
1663 break;
1664 case WIN_STANDBYNOW1:
1665 case WIN_IDLEIMMEDIATE:
1666 s->status = READY_STAT;
1667 ide_set_irq(s);
1668 break;
1669 /* ATAPI commands */
1670 case WIN_PIDENTIFY:
1671 if (s->is_cdrom) {
1672 ide_atapi_identify(s);
1673 s->status = READY_STAT | SEEK_STAT;
1674 ide_transfer_start(s, s->io_buffer, 512, ide_transfer_stop);
1675 } else {
1676 ide_abort_command(s);
1677 }
1678 ide_set_irq(s);
1679 break;
1680 case WIN_DIAGNOSE:
1681 ide_set_signature(s);
1682 s->status = 0x00; /* NOTE: READY is _not_ set */
1683 s->error = 0x01;
1684 break;
1685 case WIN_SRST:
1686 if (!s->is_cdrom)
1687 goto abort_cmd;
1688 ide_set_signature(s);
1689 s->status = 0x00; /* NOTE: READY is _not_ set */
1690 s->error = 0x01;
1691 break;
1692 case WIN_PACKETCMD:
1693 if (!s->is_cdrom)
1694 goto abort_cmd;
1695 /* overlapping commands not supported */
1696 if (s->feature & 0x02)
1697 goto abort_cmd;
1698 s->atapi_dma = s->feature & 1;
1699 s->nsector = 1;
1700 ide_transfer_start(s, s->io_buffer, ATAPI_PACKET_SIZE,
1701 ide_atapi_cmd);
1702 break;
1703 default:
1704 abort_cmd:
1705 ide_abort_command(s);
1706 ide_set_irq(s);
1707 break;
1708 }
1709 }
1710 }
1711
1712 static uint32_t ide_ioport_read(void *opaque, uint32_t addr1)
1713 {
1714 IDEState *ide_if = opaque;
1715 IDEState *s = ide_if->cur_drive;
1716 uint32_t addr;
1717 int ret, hob;
1718
1719 addr = addr1 & 7;
1720 /* FIXME: HOB readback uses bit 7, but it's always set right now */
1721 //hob = s->select & (1 << 7);
1722 hob = 0;
1723 switch(addr) {
1724 case 0:
1725 ret = 0xff;
1726 break;
1727 case 1:
1728 if (!ide_if[0].bs && !ide_if[1].bs)
1729 ret = 0;
1730 else if (!hob)
1731 ret = s->error;
1732 else
1733 ret = s->hob_feature;
1734 break;
1735 case 2:
1736 if (!ide_if[0].bs && !ide_if[1].bs)
1737 ret = 0;
1738 else if (!hob)
1739 ret = s->nsector & 0xff;
1740 else
1741 ret = s->hob_nsector;
1742 break;
1743 case 3:
1744 if (!ide_if[0].bs && !ide_if[1].bs)
1745 ret = 0;
1746 else if (!hob)
1747 ret = s->sector;
1748 else
1749 ret = s->hob_sector;
1750 break;
1751 case 4:
1752 if (!ide_if[0].bs && !ide_if[1].bs)
1753 ret = 0;
1754 else if (!hob)
1755 ret = s->lcyl;
1756 else
1757 ret = s->hob_lcyl;
1758 break;
1759 case 5:
1760 if (!ide_if[0].bs && !ide_if[1].bs)
1761 ret = 0;
1762 else if (!hob)
1763 ret = s->hcyl;
1764 else
1765 ret = s->hob_hcyl;
1766 break;
1767 case 6:
1768 if (!ide_if[0].bs && !ide_if[1].bs)
1769 ret = 0;
1770 else
1771 ret = s->select;
1772 break;
1773 default:
1774 case 7:
1775 if ((!ide_if[0].bs && !ide_if[1].bs) ||
1776 (s != ide_if && !s->bs))
1777 ret = 0;
1778 else
1779 ret = s->status;
1780 s->set_irq(s->irq_opaque, s->irq, 0);
1781 break;
1782 }
1783 #ifdef DEBUG_IDE
1784 printf("ide: read addr=0x%x val=%02x\n", addr1, ret);
1785 #endif
1786 return ret;
1787 }
1788
1789 static uint32_t ide_status_read(void *opaque, uint32_t addr)
1790 {
1791 IDEState *ide_if = opaque;
1792 IDEState *s = ide_if->cur_drive;
1793 int ret;
1794
1795 if ((!ide_if[0].bs && !ide_if[1].bs) ||
1796 (s != ide_if && !s->bs))
1797 ret = 0;
1798 else
1799 ret = s->status;
1800 #ifdef DEBUG_IDE
1801 printf("ide: read status addr=0x%x val=%02x\n", addr, ret);
1802 #endif
1803 return ret;
1804 }
1805
1806 static void ide_cmd_write(void *opaque, uint32_t addr, uint32_t val)
1807 {
1808 IDEState *ide_if = opaque;
1809 IDEState *s;
1810 int i;
1811
1812 #ifdef DEBUG_IDE
1813 printf("ide: write control addr=0x%x val=%02x\n", addr, val);
1814 #endif
1815 /* common for both drives */
1816 if (!(ide_if[0].cmd & IDE_CMD_RESET) &&
1817 (val & IDE_CMD_RESET)) {
1818 /* reset low to high */
1819 for(i = 0;i < 2; i++) {
1820 s = &ide_if[i];
1821 s->status = BUSY_STAT | SEEK_STAT;
1822 s->error = 0x01;
1823 }
1824 } else if ((ide_if[0].cmd & IDE_CMD_RESET) &&
1825 !(val & IDE_CMD_RESET)) {
1826 /* high to low */
1827 for(i = 0;i < 2; i++) {
1828 s = &ide_if[i];
1829 if (s->is_cdrom)
1830 s->status = 0x00; /* NOTE: READY is _not_ set */
1831 else
1832 s->status = READY_STAT | SEEK_STAT;
1833 ide_set_signature(s);
1834 }
1835 }
1836
1837 ide_if[0].cmd = val;
1838 ide_if[1].cmd = val;
1839 }
1840
1841 static void ide_data_writew(void *opaque, uint32_t addr, uint32_t val)
1842 {
1843 IDEState *s = ((IDEState *)opaque)->cur_drive;
1844 uint8_t *p;
1845
1846 p = s->data_ptr;
1847 *(uint16_t *)p = le16_to_cpu(val);
1848 p += 2;
1849 s->data_ptr = p;
1850 if (p >= s->data_end)
1851 s->end_transfer_func(s);
1852 }
1853
1854 static uint32_t ide_data_readw(void *opaque, uint32_t addr)
1855 {
1856 IDEState *s = ((IDEState *)opaque)->cur_drive;
1857 uint8_t *p;
1858 int ret;
1859 p = s->data_ptr;
1860 ret = cpu_to_le16(*(uint16_t *)p);
1861 p += 2;
1862 s->data_ptr = p;
1863 if (p >= s->data_end)
1864 s->end_transfer_func(s);
1865 return ret;
1866 }
1867
1868 static void ide_data_writel(void *opaque, uint32_t addr, uint32_t val)
1869 {
1870 IDEState *s = ((IDEState *)opaque)->cur_drive;
1871 uint8_t *p;
1872
1873 p = s->data_ptr;
1874 *(uint32_t *)p = le32_to_cpu(val);
1875 p += 4;
1876 s->data_ptr = p;
1877 if (p >= s->data_end)
1878 s->end_transfer_func(s);
1879 }
1880
1881 static uint32_t ide_data_readl(void *opaque, uint32_t addr)
1882 {
1883 IDEState *s = ((IDEState *)opaque)->cur_drive;
1884 uint8_t *p;
1885 int ret;
1886
1887 p = s->data_ptr;
1888 ret = cpu_to_le32(*(uint32_t *)p);
1889 p += 4;
1890 s->data_ptr = p;
1891 if (p >= s->data_end)
1892 s->end_transfer_func(s);
1893 return ret;
1894 }
1895
1896 static void ide_dummy_transfer_stop(IDEState *s)
1897 {
1898 s->data_ptr = s->io_buffer;
1899 s->data_end = s->io_buffer;
1900 s->io_buffer[0] = 0xff;
1901 s->io_buffer[1] = 0xff;
1902 s->io_buffer[2] = 0xff;
1903 s->io_buffer[3] = 0xff;
1904 }
1905
1906 static void ide_reset(IDEState *s)
1907 {
1908 s->mult_sectors = MAX_MULT_SECTORS;
1909 s->cur_drive = s;
1910 s->select = 0xa0;
1911 s->status = READY_STAT;
1912 ide_set_signature(s);
1913 /* init the transfer handler so that 0xffff is returned on data
1914 accesses */
1915 s->end_transfer_func = ide_dummy_transfer_stop;
1916 ide_dummy_transfer_stop(s);
1917 }
1918
1919 struct partition {
1920 uint8_t boot_ind; /* 0x80 - active */
1921 uint8_t head; /* starting head */
1922 uint8_t sector; /* starting sector */
1923 uint8_t cyl; /* starting cylinder */
1924 uint8_t sys_ind; /* What partition type */
1925 uint8_t end_head; /* end head */
1926 uint8_t end_sector; /* end sector */
1927 uint8_t end_cyl; /* end cylinder */
1928 uint32_t start_sect; /* starting sector counting from 0 */
1929 uint32_t nr_sects; /* nr of sectors in partition */
1930 } __attribute__((packed));
1931
1932 /* try to guess the disk logical geometry from the MSDOS partition table. Return 0 if OK, -1 if could not guess */
1933 static int guess_disk_lchs(IDEState *s,
1934 int *pcylinders, int *pheads, int *psectors)
1935 {
1936 uint8_t buf[512];
1937 int ret, i, heads, sectors, cylinders;
1938 struct partition *p;
1939 uint32_t nr_sects;
1940
1941 ret = bdrv_read(s->bs, 0, buf, 1);
1942 if (ret < 0)
1943 return -1;
1944 /* test msdos magic */
1945 if (buf[510] != 0x55 || buf[511] != 0xaa)
1946 return -1;
1947 for(i = 0; i < 4; i++) {
1948 p = ((struct partition *)(buf + 0x1be)) + i;
1949 nr_sects = le32_to_cpu(p->nr_sects);
1950 if (nr_sects && p->end_head) {
1951 /* We make the assumption that the partition terminates on
1952 a cylinder boundary */
1953 heads = p->end_head + 1;
1954 sectors = p->end_sector & 63;
1955 if (sectors == 0)
1956 continue;
1957 cylinders = s->nb_sectors / (heads * sectors);
1958 if (cylinders < 1 || cylinders > 16383)
1959 continue;
1960 *pheads = heads;
1961 *psectors = sectors;
1962 *pcylinders = cylinders;
1963 #if 0
1964 printf("guessed geometry: LCHS=%d %d %d\n",
1965 cylinders, heads, sectors);
1966 #endif
1967 return 0;
1968 }
1969 }
1970 return -1;
1971 }
1972
1973 static void ide_init2(IDEState *ide_state,
1974 BlockDriverState *hd0, BlockDriverState *hd1,
1975 SetIRQFunc *set_irq, void *irq_opaque, int irq)
1976 {
1977 IDEState *s;
1978 static int drive_serial = 1;
1979 int i, cylinders, heads, secs, translation;
1980 int64_t nb_sectors;
1981
1982 for(i = 0; i < 2; i++) {
1983 s = ide_state + i;
1984 if (i == 0)
1985 s->bs = hd0;
1986 else
1987 s->bs = hd1;
1988 if (s->bs) {
1989 bdrv_get_geometry(s->bs, &nb_sectors);
1990 s->nb_sectors = nb_sectors;
1991 /* if a geometry hint is available, use it */
1992 bdrv_get_geometry_hint(s->bs, &cylinders, &heads, &secs);
1993 if (cylinders != 0) {
1994 s->cylinders = cylinders;
1995 s->heads = heads;
1996 s->sectors = secs;
1997 } else {
1998 if (guess_disk_lchs(s, &cylinders, &heads, &secs) == 0) {
1999 if (heads > 16) {
2000 /* if heads > 16, it means that a BIOS LBA
2001 translation was active, so the default
2002 hardware geometry is OK */
2003 goto default_geometry;
2004 } else {
2005 s->cylinders = cylinders;
2006 s->heads = heads;
2007 s->sectors = secs;
2008 /* disable any translation to be in sync with
2009 the logical geometry */
2010 translation = bdrv_get_translation_hint(s->bs);
2011 if (translation == BIOS_ATA_TRANSLATION_AUTO) {
2012 bdrv_set_translation_hint(s->bs,
2013 BIOS_ATA_TRANSLATION_NONE);
2014 }
2015 }
2016 } else {
2017 default_geometry:
2018 /* if no geometry, use a standard physical disk geometry */
2019 cylinders = nb_sectors / (16 * 63);
2020 if (cylinders > 16383)
2021 cylinders = 16383;
2022 else if (cylinders < 2)
2023 cylinders = 2;
2024 s->cylinders = cylinders;
2025 s->heads = 16;
2026 s->sectors = 63;
2027 }
2028 bdrv_set_geometry_hint(s->bs, s->cylinders, s->heads, s->sectors);
2029 }
2030 if (bdrv_get_type_hint(s->bs) == BDRV_TYPE_CDROM) {
2031 s->is_cdrom = 1;
2032 bdrv_set_change_cb(s->bs, cdrom_change_cb, s);
2033 }
2034 }
2035 s->drive_serial = drive_serial++;
2036 s->set_irq = set_irq;
2037 s->irq_opaque = irq_opaque;
2038 s->irq = irq;
2039 s->sector_write_timer = qemu_new_timer(vm_clock,
2040 ide_sector_write_timer_cb, s);
2041 ide_reset(s);
2042 }
2043 }
2044
2045 static void ide_init_ioport(IDEState *ide_state, int iobase, int iobase2)
2046 {
2047 register_ioport_write(iobase, 8, 1, ide_ioport_write, ide_state);
2048 register_ioport_read(iobase, 8, 1, ide_ioport_read, ide_state);
2049 if (iobase2) {
2050 register_ioport_read(iobase2, 1, 1, ide_status_read, ide_state);
2051 register_ioport_write(iobase2, 1, 1, ide_cmd_write, ide_state);
2052 }
2053
2054 /* data ports */
2055 register_ioport_write(iobase, 2, 2, ide_data_writew, ide_state);
2056 register_ioport_read(iobase, 2, 2, ide_data_readw, ide_state);
2057 register_ioport_write(iobase, 4, 4, ide_data_writel, ide_state);
2058 register_ioport_read(iobase, 4, 4, ide_data_readl, ide_state);
2059 }
2060
2061 /***********************************************************/
2062 /* ISA IDE definitions */
2063
2064 void isa_ide_init(int iobase, int iobase2, int irq,
2065 BlockDriverState *hd0, BlockDriverState *hd1)
2066 {
2067 IDEState *ide_state;
2068
2069 ide_state = qemu_mallocz(sizeof(IDEState) * 2);
2070 if (!ide_state)
2071 return;
2072
2073 ide_init2(ide_state, hd0, hd1, pic_set_irq_new, isa_pic, irq);
2074 ide_init_ioport(ide_state, iobase, iobase2);
2075 }
2076
2077 /***********************************************************/
2078 /* PCI IDE definitions */
2079
2080 static void cmd646_update_irq(PCIIDEState *d);
2081
2082 static void ide_map(PCIDevice *pci_dev, int region_num,
2083 uint32_t addr, uint32_t size, int type)
2084 {
2085 PCIIDEState *d = (PCIIDEState *)pci_dev;
2086 IDEState *ide_state;
2087
2088 if (region_num <= 3) {
2089 ide_state = &d->ide_if[(region_num >> 1) * 2];
2090 if (region_num & 1) {
2091 register_ioport_read(addr + 2, 1, 1, ide_status_read, ide_state);
2092 register_ioport_write(addr + 2, 1, 1, ide_cmd_write, ide_state);
2093 } else {
2094 register_ioport_write(addr, 8, 1, ide_ioport_write, ide_state);
2095 register_ioport_read(addr, 8, 1, ide_ioport_read, ide_state);
2096
2097 /* data ports */
2098 register_ioport_write(addr, 2, 2, ide_data_writew, ide_state);
2099 register_ioport_read(addr, 2, 2, ide_data_readw, ide_state);
2100 register_ioport_write(addr, 4, 4, ide_data_writel, ide_state);
2101 register_ioport_read(addr, 4, 4, ide_data_readl, ide_state);
2102 }
2103 }
2104 }
2105
2106 /* XXX: full callback usage to prepare non blocking I/Os support -
2107 error handling */
2108 static void ide_dma_loop(BMDMAState *bm)
2109 {
2110 struct {
2111 uint32_t addr;
2112 uint32_t size;
2113 } prd;
2114 target_phys_addr_t cur_addr;
2115 int len, i, len1;
2116
2117 cur_addr = bm->addr;
2118 /* at most one page to avoid hanging if erroneous parameters */
2119 for(i = 0; i < 512; i++) {
2120 cpu_physical_memory_read(cur_addr, (uint8_t *)&prd, 8);
2121 prd.addr = le32_to_cpu(prd.addr);
2122 prd.size = le32_to_cpu(prd.size);
2123 #ifdef DEBUG_IDE
2124 printf("ide: dma: prd: %08x: addr=0x%08x size=0x%08x\n",
2125 (int)cur_addr, prd.addr, prd.size);
2126 #endif
2127 len = prd.size & 0xfffe;
2128 if (len == 0)
2129 len = 0x10000;
2130 while (len > 0) {
2131 len1 = bm->dma_cb(bm->ide_if, prd.addr, len);
2132 if (len1 == 0)
2133 goto the_end;
2134 prd.addr += len1;
2135 len -= len1;
2136 }
2137 /* end of transfer */
2138 if (prd.size & 0x80000000)
2139 break;
2140 cur_addr += 8;
2141 }
2142 /* end of transfer */
2143 the_end:
2144 bm->status &= ~BM_STATUS_DMAING;
2145 bm->status |= BM_STATUS_INT;
2146 bm->dma_cb = NULL;
2147 bm->ide_if = NULL;
2148 }
2149
2150 static void ide_dma_start(IDEState *s, IDEDMAFunc *dma_cb)
2151 {
2152 BMDMAState *bm = s->bmdma;
2153 if(!bm)
2154 return;
2155 bm->ide_if = s;
2156 bm->dma_cb = dma_cb;
2157 if (bm->status & BM_STATUS_DMAING) {
2158 ide_dma_loop(bm);
2159 }
2160 }
2161
2162 static void bmdma_cmd_writeb(void *opaque, uint32_t addr, uint32_t val)
2163 {
2164 BMDMAState *bm = opaque;
2165 #ifdef DEBUG_IDE
2166 printf("%s: 0x%08x\n", __func__, val);
2167 #endif
2168 if (!(val & BM_CMD_START)) {
2169 /* XXX: do it better */
2170 bm->status &= ~BM_STATUS_DMAING;
2171 bm->cmd = val & 0x09;
2172 } else {
2173 bm->status |= BM_STATUS_DMAING;
2174 bm->cmd = val & 0x09;
2175 /* start dma transfer if possible */
2176 if (bm->dma_cb)
2177 ide_dma_loop(bm);
2178 }
2179 }
2180
2181 static uint32_t bmdma_readb(void *opaque, uint32_t addr)
2182 {
2183 BMDMAState *bm = opaque;
2184 PCIIDEState *pci_dev;
2185 uint32_t val;
2186
2187 switch(addr & 3) {
2188 case 0:
2189 val = bm->cmd;
2190 break;
2191 case 1:
2192 pci_dev = bm->pci_dev;
2193 if (pci_dev->type == IDE_TYPE_CMD646) {
2194 val = pci_dev->dev.config[MRDMODE];
2195 } else {
2196 val = 0xff;
2197 }
2198 break;
2199 case 2:
2200 val = bm->status;
2201 break;
2202 case 3:
2203 pci_dev = bm->pci_dev;
2204 if (pci_dev->type == IDE_TYPE_CMD646) {
2205 if (bm == &pci_dev->bmdma[0])
2206 val = pci_dev->dev.config[UDIDETCR0];
2207 else
2208 val = pci_dev->dev.config[UDIDETCR1];
2209 } else {
2210 val = 0xff;
2211 }
2212 break;
2213 default:
2214 val = 0xff;
2215 break;
2216 }
2217 #ifdef DEBUG_IDE
2218 printf("bmdma: readb 0x%02x : 0x%02x\n", addr, val);
2219 #endif
2220 return val;
2221 }
2222
2223 static void bmdma_writeb(void *opaque, uint32_t addr, uint32_t val)
2224 {
2225 BMDMAState *bm = opaque;
2226 PCIIDEState *pci_dev;
2227 #ifdef DEBUG_IDE
2228 printf("bmdma: writeb 0x%02x : 0x%02x\n", addr, val);
2229 #endif
2230 switch(addr & 3) {
2231 case 1:
2232 pci_dev = bm->pci_dev;
2233 if (pci_dev->type == IDE_TYPE_CMD646) {
2234 pci_dev->dev.config[MRDMODE] =
2235 (pci_dev->dev.config[MRDMODE] & ~0x30) | (val & 0x30);
2236 cmd646_update_irq(pci_dev);
2237 }
2238 break;
2239 case 2:
2240 bm->status = (val & 0x60) | (bm->status & 1) | (bm->status & ~val & 0x06);
2241 break;
2242 case 3:
2243 pci_dev = bm->pci_dev;
2244 if (pci_dev->type == IDE_TYPE_CMD646) {
2245 if (bm == &pci_dev->bmdma[0])
2246 pci_dev->dev.config[UDIDETCR0] = val;
2247 else
2248 pci_dev->dev.config[UDIDETCR1] = val;
2249 }
2250 break;
2251 }
2252 }
2253
2254 static uint32_t bmdma_addr_readl(void *opaque, uint32_t addr)
2255 {
2256 BMDMAState *bm = opaque;
2257 uint32_t val;
2258 val = bm->addr;
2259 #ifdef DEBUG_IDE
2260 printf("%s: 0x%08x\n", __func__, val);
2261 #endif
2262 return val;
2263 }
2264
2265 static void bmdma_addr_writel(void *opaque, uint32_t addr, uint32_t val)
2266 {
2267 BMDMAState *bm = opaque;
2268 #ifdef DEBUG_IDE
2269 printf("%s: 0x%08x\n", __func__, val);
2270 #endif
2271 bm->addr = val & ~3;
2272 }
2273
2274 static void bmdma_map(PCIDevice *pci_dev, int region_num,
2275 uint32_t addr, uint32_t size, int type)
2276 {
2277 PCIIDEState *d = (PCIIDEState *)pci_dev;
2278 int i;
2279
2280 for(i = 0;i < 2; i++) {
2281 BMDMAState *bm = &d->bmdma[i];
2282 d->ide_if[2 * i].bmdma = bm;
2283 d->ide_if[2 * i + 1].bmdma = bm;
2284 bm->pci_dev = (PCIIDEState *)pci_dev;
2285
2286 register_ioport_write(addr, 1, 1, bmdma_cmd_writeb, bm);
2287
2288 register_ioport_write(addr + 1, 3, 1, bmdma_writeb, bm);
2289 register_ioport_read(addr, 4, 1, bmdma_readb, bm);
2290
2291 register_ioport_write(addr + 4, 4, 4, bmdma_addr_writel, bm);
2292 register_ioport_read(addr + 4, 4, 4, bmdma_addr_readl, bm);
2293 addr += 8;
2294 }
2295 }
2296
2297 /* XXX: call it also when the MRDMODE is changed from the PCI config
2298 registers */
2299 static void cmd646_update_irq(PCIIDEState *d)
2300 {
2301 int pci_level;
2302 pci_level = ((d->dev.config[MRDMODE] & MRDMODE_INTR_CH0) &&
2303 !(d->dev.config[MRDMODE] & MRDMODE_BLK_CH0)) ||
2304 ((d->dev.config[MRDMODE] & MRDMODE_INTR_CH1) &&
2305 !(d->dev.config[MRDMODE] & MRDMODE_BLK_CH1));
2306 pci_set_irq((PCIDevice *)d, 0, pci_level);
2307 }
2308
2309 /* the PCI irq level is the logical OR of the two channels */
2310 static void cmd646_set_irq(void *opaque, int channel, int level)
2311 {
2312 PCIIDEState *d = opaque;
2313 int irq_mask;
2314
2315 irq_mask = MRDMODE_INTR_CH0 << channel;
2316 if (level)
2317 d->dev.config[MRDMODE] |= irq_mask;
2318 else
2319 d->dev.config[MRDMODE] &= ~irq_mask;
2320 cmd646_update_irq(d);
2321 }
2322
2323 /* CMD646 PCI IDE controller */
2324 void pci_cmd646_ide_init(PCIBus *bus, BlockDriverState **hd_table,
2325 int secondary_ide_enabled)
2326 {
2327 PCIIDEState *d;
2328 uint8_t *pci_conf;
2329 int i;
2330
2331 d = (PCIIDEState *)pci_register_device(bus, "CMD646 IDE",
2332 sizeof(PCIIDEState),
2333 -1,
2334 NULL, NULL);
2335 d->type = IDE_TYPE_CMD646;
2336 pci_conf = d->dev.config;
2337 pci_conf[0x00] = 0x95; // CMD646
2338 pci_conf[0x01] = 0x10;
2339 pci_conf[0x02] = 0x46;
2340 pci_conf[0x03] = 0x06;
2341
2342 pci_conf[0x08] = 0x07; // IDE controller revision
2343 pci_conf[0x09] = 0x8f;
2344
2345 pci_conf[0x0a] = 0x01; // class_sub = PCI_IDE
2346 pci_conf[0x0b] = 0x01; // class_base = PCI_mass_storage
2347 pci_conf[0x0e] = 0x00; // header_type
2348
2349 if (secondary_ide_enabled) {
2350 /* XXX: if not enabled, really disable the seconday IDE controller */
2351 pci_conf[0x51] = 0x80; /* enable IDE1 */
2352 }
2353
2354 pci_register_io_region((PCIDevice *)d, 0, 0x8,
2355 PCI_ADDRESS_SPACE_IO, ide_map);
2356 pci_register_io_region((PCIDevice *)d, 1, 0x4,
2357 PCI_ADDRESS_SPACE_IO, ide_map);
2358 pci_register_io_region((PCIDevice *)d, 2, 0x8,
2359 PCI_ADDRESS_SPACE_IO, ide_map);
2360 pci_register_io_region((PCIDevice *)d, 3, 0x4,
2361 PCI_ADDRESS_SPACE_IO, ide_map);
2362 pci_register_io_region((PCIDevice *)d, 4, 0x10,
2363 PCI_ADDRESS_SPACE_IO, bmdma_map);
2364
2365 pci_conf[0x3d] = 0x01; // interrupt on pin 1
2366
2367 for(i = 0; i < 4; i++)
2368 d->ide_if[i].pci_dev = (PCIDevice *)d;
2369 ide_init2(&d->ide_if[0], hd_table[0], hd_table[1],
2370 cmd646_set_irq, d, 0);
2371 ide_init2(&d->ide_if[2], hd_table[2], hd_table[3],
2372 cmd646_set_irq, d, 1);
2373 }
2374
2375 /* hd_table must contain 4 block drivers */
2376 /* NOTE: for the PIIX3, the IRQs and IOports are hardcoded */
2377 void pci_piix3_ide_init(PCIBus *bus, BlockDriverState **hd_table, int devfn)
2378 {
2379 PCIIDEState *d;
2380 uint8_t *pci_conf;
2381
2382 /* register a function 1 of PIIX3 */
2383 d = (PCIIDEState *)pci_register_device(bus, "PIIX3 IDE",
2384 sizeof(PCIIDEState),
2385 devfn,
2386 NULL, NULL);
2387 d->type = IDE_TYPE_PIIX3;
2388
2389 pci_conf = d->dev.config;
2390 pci_conf[0x00] = 0x86; // Intel
2391 pci_conf[0x01] = 0x80;
2392 pci_conf[0x02] = 0x10;
2393 pci_conf[0x03] = 0x70;
2394 pci_conf[0x09] = 0x80; // legacy ATA mode
2395 pci_conf[0x0a] = 0x01; // class_sub = PCI_IDE
2396 pci_conf[0x0b] = 0x01; // class_base = PCI_mass_storage
2397 pci_conf[0x0e] = 0x00; // header_type
2398
2399 pci_register_io_region((PCIDevice *)d, 4, 0x10,
2400 PCI_ADDRESS_SPACE_IO, bmdma_map);
2401
2402 ide_init2(&d->ide_if[0], hd_table[0], hd_table[1],
2403 pic_set_irq_new, isa_pic, 14);
2404 ide_init2(&d->ide_if[2], hd_table[2], hd_table[3],
2405 pic_set_irq_new, isa_pic, 15);
2406 ide_init_ioport(&d->ide_if[0], 0x1f0, 0x3f6);
2407 ide_init_ioport(&d->ide_if[2], 0x170, 0x376);
2408 }
2409
2410 /***********************************************************/
2411 /* MacIO based PowerPC IDE */
2412
2413 /* PowerMac IDE memory IO */
2414 static void pmac_ide_writeb (void *opaque,
2415 target_phys_addr_t addr, uint32_t val)
2416 {
2417 addr = (addr & 0xFFF) >> 4;
2418 switch (addr) {
2419 case 1 ... 7:
2420 ide_ioport_write(opaque, addr, val);
2421 break;
2422 case 8:
2423 case 22:
2424 ide_cmd_write(opaque, 0, val);
2425 break;
2426 default:
2427 break;
2428 }
2429 }
2430
2431 static uint32_t pmac_ide_readb (void *opaque,target_phys_addr_t addr)
2432 {
2433 uint8_t retval;
2434
2435 addr = (addr & 0xFFF) >> 4;
2436 switch (addr) {
2437 case 1 ... 7:
2438 retval = ide_ioport_read(opaque, addr);
2439 break;
2440 case 8:
2441 case 22:
2442 retval = ide_status_read(opaque, 0);
2443 break;
2444 default:
2445 retval = 0xFF;
2446 break;
2447 }
2448 return retval;
2449 }
2450
2451 static void pmac_ide_writew (void *opaque,
2452 target_phys_addr_t addr, uint32_t val)
2453 {
2454 addr = (addr & 0xFFF) >> 4;
2455 #ifdef TARGET_WORDS_BIGENDIAN
2456 val = bswap16(val);
2457 #endif
2458 if (addr == 0) {
2459 ide_data_writew(opaque, 0, val);
2460 }
2461 }
2462
2463 static uint32_t pmac_ide_readw (void *opaque,target_phys_addr_t addr)
2464 {
2465 uint16_t retval;
2466
2467 addr = (addr & 0xFFF) >> 4;
2468 if (addr == 0) {
2469 retval = ide_data_readw(opaque, 0);
2470 } else {
2471 retval = 0xFFFF;
2472 }
2473 #ifdef TARGET_WORDS_BIGENDIAN
2474 retval = bswap16(retval);
2475 #endif
2476 return retval;
2477 }
2478
2479 static void pmac_ide_writel (void *opaque,
2480 target_phys_addr_t addr, uint32_t val)
2481 {
2482 addr = (addr & 0xFFF) >> 4;
2483 #ifdef TARGET_WORDS_BIGENDIAN
2484 val = bswap32(val);
2485 #endif
2486 if (addr == 0) {
2487 ide_data_writel(opaque, 0, val);
2488 }
2489 }
2490
2491 static uint32_t pmac_ide_readl (void *opaque,target_phys_addr_t addr)
2492 {
2493 uint32_t retval;
2494
2495 addr = (addr & 0xFFF) >> 4;
2496 if (addr == 0) {
2497 retval = ide_data_readl(opaque, 0);
2498 } else {
2499 retval = 0xFFFFFFFF;
2500 }
2501 #ifdef TARGET_WORDS_BIGENDIAN
2502 retval = bswap32(retval);
2503 #endif
2504 return retval;
2505 }
2506
2507 static CPUWriteMemoryFunc *pmac_ide_write[] = {
2508 pmac_ide_writeb,
2509 pmac_ide_writew,
2510 pmac_ide_writel,
2511 };
2512
2513 static CPUReadMemoryFunc *pmac_ide_read[] = {
2514 pmac_ide_readb,
2515 pmac_ide_readw,
2516 pmac_ide_readl,
2517 };
2518
2519 /* hd_table must contain 4 block drivers */
2520 /* PowerMac uses memory mapped registers, not I/O. Return the memory
2521 I/O index to access the ide. */
2522 int pmac_ide_init (BlockDriverState **hd_table,
2523 SetIRQFunc *set_irq, void *irq_opaque, int irq)
2524 {
2525 IDEState *ide_if;
2526 int pmac_ide_memory;
2527
2528 ide_if = qemu_mallocz(sizeof(IDEState) * 2);
2529 ide_init2(&ide_if[0], hd_table[0], hd_table[1],
2530 set_irq, irq_opaque, irq);
2531
2532 pmac_ide_memory = cpu_register_io_memory(0, pmac_ide_read,
2533 pmac_ide_write, &ide_if[0]);
2534 return pmac_ide_memory;
2535 }
Qemu copy for testing