]> git.proxmox.com Git - mirror_qemu.git/blame - hw/ide.c
projects / mirror_qemu.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
find -type f | xargs sed -i 's/[\t ]$//g' # on most files
[mirror_qemu.git] / hw / ide.c
CommitLineData
5391d806
FB		 1/*
2 * QEMU IDE disk and CD-ROM Emulator
5fafdf24 3 *
5391d806 4 * Copyright (c) 2003 Fabrice Bellard
201a51fc 5 * Copyright (c) 2006 Openedhand Ltd.
5fafdf24 6 *
5391d806
FB		 7 * Permission is hereby granted, free of charge, to any person obtaining a copy
8 * of this software and associated documentation files (the "Software"), to deal
9 * in the Software without restriction, including without limitation the rights
10 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
11 * copies of the Software, and to permit persons to whom the Software is
12 * furnished to do so, subject to the following conditions:
13 *
14 * The above copyright notice and this permission notice shall be included in
15 * all copies or substantial portions of the Software.
16 *
17 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
18 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
19 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
20 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
21 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
22 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
23 * THE SOFTWARE.
24 */
5391d806
FB		 25#include "vl.h"
26
5391d806
FB		 27/* debug IDE devices */
28//#define DEBUG_IDE
29//#define DEBUG_IDE_ATAPI
8ccad811
FB		 30//#define DEBUG_AIO
31#define USE_DMA_CDROM
5391d806
FB		 32
33/* Bits of HD_STATUS */
34#define ERR_STAT 0x01
35#define INDEX_STAT 0x02
36#define ECC_STAT 0x04 /* Corrected error */
37#define DRQ_STAT 0x08
38#define SEEK_STAT 0x10
39#define SRV_STAT 0x10
40#define WRERR_STAT 0x20
41#define READY_STAT 0x40
42#define BUSY_STAT 0x80
43
44/* Bits for HD_ERROR */
45#define MARK_ERR 0x01 /* Bad address mark */
46#define TRK0_ERR 0x02 /* couldn't find track 0 */
47#define ABRT_ERR 0x04 /* Command aborted */
48#define MCR_ERR 0x08 /* media change request */
49#define ID_ERR 0x10 /* ID field not found */
50#define MC_ERR 0x20 /* media changed */
51#define ECC_ERR 0x40 /* Uncorrectable ECC error */
52#define BBD_ERR 0x80 /* pre-EIDE meaning: block marked bad */
53#define ICRC_ERR 0x80 /* new meaning: CRC error during transfer */
54
55/* Bits of HD_NSECTOR */
56#define CD 0x01
57#define IO 0x02
58#define REL 0x04
59#define TAG_MASK 0xf8
60
61#define IDE_CMD_RESET 0x04
62#define IDE_CMD_DISABLE_IRQ 0x02
63
64/* ATA/ATAPI Commands pre T13 Spec */
65#define WIN_NOP 0x00
66/*
67 * 0x01->0x02 Reserved
68 */
69#define CFA_REQ_EXT_ERROR_CODE 0x03 /* CFA Request Extended Error Code */
70/*
71 * 0x04->0x07 Reserved
72 */
73#define WIN_SRST 0x08 /* ATAPI soft reset command */
74#define WIN_DEVICE_RESET 0x08
75/*
76 * 0x09->0x0F Reserved
77 */
78#define WIN_RECAL 0x10
79#define WIN_RESTORE WIN_RECAL
80/*
81 * 0x10->0x1F Reserved
82 */
83#define WIN_READ 0x20 /* 28-Bit */
84#define WIN_READ_ONCE 0x21 /* 28-Bit without retries */
85#define WIN_READ_LONG 0x22 /* 28-Bit */
86#define WIN_READ_LONG_ONCE 0x23 /* 28-Bit without retries */
87#define WIN_READ_EXT 0x24 /* 48-Bit */
88#define WIN_READDMA_EXT 0x25 /* 48-Bit */
89#define WIN_READDMA_QUEUED_EXT 0x26 /* 48-Bit */
90#define WIN_READ_NATIVE_MAX_EXT 0x27 /* 48-Bit */
91/*
92 * 0x28
93 */
94#define WIN_MULTREAD_EXT 0x29 /* 48-Bit */
95/*
96 * 0x2A->0x2F Reserved
97 */
98#define WIN_WRITE 0x30 /* 28-Bit */
99#define WIN_WRITE_ONCE 0x31 /* 28-Bit without retries */
100#define WIN_WRITE_LONG 0x32 /* 28-Bit */
101#define WIN_WRITE_LONG_ONCE 0x33 /* 28-Bit without retries */
102#define WIN_WRITE_EXT 0x34 /* 48-Bit */
103#define WIN_WRITEDMA_EXT 0x35 /* 48-Bit */
104#define WIN_WRITEDMA_QUEUED_EXT 0x36 /* 48-Bit */
105#define WIN_SET_MAX_EXT 0x37 /* 48-Bit */
106#define CFA_WRITE_SECT_WO_ERASE 0x38 /* CFA Write Sectors without erase */
107#define WIN_MULTWRITE_EXT 0x39 /* 48-Bit */
108/*
109 * 0x3A->0x3B Reserved
110 */
111#define WIN_WRITE_VERIFY 0x3C /* 28-Bit */
112/*
113 * 0x3D->0x3F Reserved
114 */
115#define WIN_VERIFY 0x40 /* 28-Bit - Read Verify Sectors */
116#define WIN_VERIFY_ONCE 0x41 /* 28-Bit - without retries */
117#define WIN_VERIFY_EXT 0x42 /* 48-Bit */
118/*
119 * 0x43->0x4F Reserved
120 */
121#define WIN_FORMAT 0x50
122/*
123 * 0x51->0x5F Reserved
124 */
125#define WIN_INIT 0x60
126/*
127 * 0x61->0x5F Reserved
128 */
129#define WIN_SEEK 0x70 /* 0x70-0x7F Reserved */
130#define CFA_TRANSLATE_SECTOR 0x87 /* CFA Translate Sector */
131#define WIN_DIAGNOSE 0x90
132#define WIN_SPECIFY 0x91 /* set drive geometry translation */
133#define WIN_DOWNLOAD_MICROCODE 0x92
134#define WIN_STANDBYNOW2 0x94
201a51fc 135#define CFA_IDLEIMMEDIATE 0x95 /* force drive to become "ready" */
5391d806
FB		 136#define WIN_STANDBY2 0x96
137#define WIN_SETIDLE2 0x97
138#define WIN_CHECKPOWERMODE2 0x98
139#define WIN_SLEEPNOW2 0x99
140/*
141 * 0x9A VENDOR
142 */
143#define WIN_PACKETCMD 0xA0 /* Send a packet command. */
144#define WIN_PIDENTIFY 0xA1 /* identify ATAPI device */
145#define WIN_QUEUED_SERVICE 0xA2
146#define WIN_SMART 0xB0 /* self-monitoring and reporting */
201a51fc
AZ		 147#define CFA_ACCESS_METADATA_STORAGE 0xB8
148#define CFA_ERASE_SECTORS 0xC0 /* microdrives implement as NOP */
5391d806
FB		 149#define WIN_MULTREAD 0xC4 /* read sectors using multiple mode*/
150#define WIN_MULTWRITE 0xC5 /* write sectors using multiple mode */
151#define WIN_SETMULT 0xC6 /* enable/disable multiple mode */
152#define WIN_READDMA_QUEUED 0xC7 /* read sectors using Queued DMA transfers */
153#define WIN_READDMA 0xC8 /* read sectors using DMA transfers */
154#define WIN_READDMA_ONCE 0xC9 /* 28-Bit - without retries */
155#define WIN_WRITEDMA 0xCA /* write sectors using DMA transfers */
156#define WIN_WRITEDMA_ONCE 0xCB /* 28-Bit - without retries */
157#define WIN_WRITEDMA_QUEUED 0xCC /* write sectors using Queued DMA transfers */
158#define CFA_WRITE_MULTI_WO_ERASE 0xCD /* CFA Write multiple without erase */
5fafdf24 159#define WIN_GETMEDIASTATUS 0xDA
5391d806
FB		 160#define WIN_ACKMEDIACHANGE 0xDB /* ATA-1, ATA-2 vendor */
161#define WIN_POSTBOOT 0xDC
162#define WIN_PREBOOT 0xDD
163#define WIN_DOORLOCK 0xDE /* lock door on removable drives */
164#define WIN_DOORUNLOCK 0xDF /* unlock door on removable drives */
165#define WIN_STANDBYNOW1 0xE0
166#define WIN_IDLEIMMEDIATE 0xE1 /* force drive to become "ready" */
167#define WIN_STANDBY 0xE2 /* Set device in Standby Mode */
168#define WIN_SETIDLE1 0xE3
169#define WIN_READ_BUFFER 0xE4 /* force read only 1 sector */
170#define WIN_CHECKPOWERMODE1 0xE5
171#define WIN_SLEEPNOW1 0xE6
172#define WIN_FLUSH_CACHE 0xE7
173#define WIN_WRITE_BUFFER 0xE8 /* force write only 1 sector */
174#define WIN_WRITE_SAME 0xE9 /* read ata-2 to use */
175 /* SET_FEATURES 0x22 or 0xDD */
176#define WIN_FLUSH_CACHE_EXT 0xEA /* 48-Bit */
177#define WIN_IDENTIFY 0xEC /* ask drive to identify itself */
178#define WIN_MEDIAEJECT 0xED
179#define WIN_IDENTIFY_DMA 0xEE /* same as WIN_IDENTIFY, but DMA */
180#define WIN_SETFEATURES 0xEF /* set special drive features */
181#define EXABYTE_ENABLE_NEST 0xF0
201a51fc 182#define IBM_SENSE_CONDITION 0xF0 /* measure disk temperature */
5391d806
FB		 183#define WIN_SECURITY_SET_PASS 0xF1
184#define WIN_SECURITY_UNLOCK 0xF2
185#define WIN_SECURITY_ERASE_PREPARE 0xF3
186#define WIN_SECURITY_ERASE_UNIT 0xF4
187#define WIN_SECURITY_FREEZE_LOCK 0xF5
201a51fc 188#define CFA_WEAR_LEVEL 0xF5 /* microdrives implement as NOP */
5391d806
FB		 189#define WIN_SECURITY_DISABLE 0xF6
190#define WIN_READ_NATIVE_MAX 0xF8 /* return the native maximum address */
191#define WIN_SET_MAX 0xF9
192#define DISABLE_SEAGATE 0xFB
193
194/* set to 1 set disable mult support */
f66723fa 195#define MAX_MULT_SECTORS 16
5391d806
FB		 196
197/* ATAPI defines */
198
199#define ATAPI_PACKET_SIZE 12
200
201/* The generic packet command opcodes for CD/DVD Logical Units,
202 * From Table 57 of the SFF8090 Ver. 3 (Mt. Fuji) draft standard. */
203#define GPCMD_BLANK 0xa1
204#define GPCMD_CLOSE_TRACK 0x5b
205#define GPCMD_FLUSH_CACHE 0x35
206#define GPCMD_FORMAT_UNIT 0x04
207#define GPCMD_GET_CONFIGURATION 0x46
208#define GPCMD_GET_EVENT_STATUS_NOTIFICATION 0x4a
209#define GPCMD_GET_PERFORMANCE 0xac
210#define GPCMD_INQUIRY 0x12
211#define GPCMD_LOAD_UNLOAD 0xa6
212#define GPCMD_MECHANISM_STATUS 0xbd
213#define GPCMD_MODE_SELECT_10 0x55
214#define GPCMD_MODE_SENSE_10 0x5a
215#define GPCMD_PAUSE_RESUME 0x4b
216#define GPCMD_PLAY_AUDIO_10 0x45
217#define GPCMD_PLAY_AUDIO_MSF 0x47
218#define GPCMD_PLAY_AUDIO_TI 0x48
219#define GPCMD_PLAY_CD 0xbc
220#define GPCMD_PREVENT_ALLOW_MEDIUM_REMOVAL 0x1e
221#define GPCMD_READ_10 0x28
222#define GPCMD_READ_12 0xa8
223#define GPCMD_READ_CDVD_CAPACITY 0x25
224#define GPCMD_READ_CD 0xbe
225#define GPCMD_READ_CD_MSF 0xb9
226#define GPCMD_READ_DISC_INFO 0x51
227#define GPCMD_READ_DVD_STRUCTURE 0xad
228#define GPCMD_READ_FORMAT_CAPACITIES 0x23
229#define GPCMD_READ_HEADER 0x44
230#define GPCMD_READ_TRACK_RZONE_INFO 0x52
231#define GPCMD_READ_SUBCHANNEL 0x42
232#define GPCMD_READ_TOC_PMA_ATIP 0x43
233#define GPCMD_REPAIR_RZONE_TRACK 0x58
234#define GPCMD_REPORT_KEY 0xa4
235#define GPCMD_REQUEST_SENSE 0x03
236#define GPCMD_RESERVE_RZONE_TRACK 0x53
237#define GPCMD_SCAN 0xba
238#define GPCMD_SEEK 0x2b
239#define GPCMD_SEND_DVD_STRUCTURE 0xad
240#define GPCMD_SEND_EVENT 0xa2
241#define GPCMD_SEND_KEY 0xa3
242#define GPCMD_SEND_OPC 0x54
243#define GPCMD_SET_READ_AHEAD 0xa7
244#define GPCMD_SET_STREAMING 0xb6
245#define GPCMD_START_STOP_UNIT 0x1b
246#define GPCMD_STOP_PLAY_SCAN 0x4e
247#define GPCMD_TEST_UNIT_READY 0x00
248#define GPCMD_VERIFY_10 0x2f
249#define GPCMD_WRITE_10 0x2a
250#define GPCMD_WRITE_AND_VERIFY_10 0x2e
5fafdf24 251/* This is listed as optional in ATAPI 2.6, but is (curiously)
5391d806
FB		 252 * missing from Mt. Fuji, Table 57. It _is_ mentioned in Mt. Fuji
253 * Table 377 as an MMC command for SCSi devices though... Most ATAPI
254 * drives support it. */
255#define GPCMD_SET_SPEED 0xbb
5fafdf24 256/* This seems to be a SCSI specific CD-ROM opcode
5391d806
FB		 257 * to play data at track/index */
258#define GPCMD_PLAYAUDIO_TI 0x48
259/*
260 * From MS Media Status Notification Support Specification. For
261 * older drives only.
262 */
263#define GPCMD_GET_MEDIA_STATUS 0xda
d14049ea 264#define GPCMD_MODE_SENSE_6 0x1a
5391d806
FB		 265
266/* Mode page codes for mode sense/set */
267#define GPMODE_R_W_ERROR_PAGE 0x01
268#define GPMODE_WRITE_PARMS_PAGE 0x05
269#define GPMODE_AUDIO_CTL_PAGE 0x0e
270#define GPMODE_POWER_PAGE 0x1a
271#define GPMODE_FAULT_FAIL_PAGE 0x1c
272#define GPMODE_TO_PROTECT_PAGE 0x1d
273#define GPMODE_CAPABILITIES_PAGE 0x2a
274#define GPMODE_ALL_PAGES 0x3f
275/* Not in Mt. Fuji, but in ATAPI 2.6 -- depricated now in favor
276 * of MODE_SENSE_POWER_PAGE */
277#define GPMODE_CDROM_PAGE 0x0d
278
279#define ATAPI_INT_REASON_CD 0x01 /* 0 = data transfer */
280#define ATAPI_INT_REASON_IO 0x02 /* 1 = transfer to the host */
281#define ATAPI_INT_REASON_REL 0x04
282#define ATAPI_INT_REASON_TAG 0xf8
283
284/* same constants as bochs */
7f777bf3 285#define ASC_ILLEGAL_OPCODE 0x20
5391d806
FB		 286#define ASC_LOGICAL_BLOCK_OOR 0x21
287#define ASC_INV_FIELD_IN_CMD_PACKET 0x24
288#define ASC_MEDIUM_NOT_PRESENT 0x3a
289#define ASC_SAVING_PARAMETERS_NOT_SUPPORTED 0x39
290
201a51fc
AZ		 291#define CFA_NO_ERROR 0x00
292#define CFA_MISC_ERROR 0x09
293#define CFA_INVALID_COMMAND 0x20
294#define CFA_INVALID_ADDRESS 0x21
295#define CFA_ADDRESS_OVERFLOW 0x2f
296
5391d806
FB		 297#define SENSE_NONE 0
298#define SENSE_NOT_READY 2
299#define SENSE_ILLEGAL_REQUEST 5
300#define SENSE_UNIT_ATTENTION 6
301
302struct IDEState;
303
304typedef void EndTransferFunc(struct IDEState *);
305
caed8802 306/* NOTE: IDEState represents in fact one drive */
5391d806
FB		 307typedef struct IDEState {
308 /* ide config */
309 int is_cdrom;
201a51fc 310 int is_cf;
5391d806
FB		 311 int cylinders, heads, sectors;
312 int64_t nb_sectors;
313 int mult_sectors;
94458802
FB		 314 int identify_set;
315 uint16_t identify_data[256];
d537cf6c 316 qemu_irq irq;
34e538ae 317 PCIDevice *pci_dev;
98087450 318 struct BMDMAState *bmdma;
aedf5382 319 int drive_serial;
5391d806
FB		 320 /* ide regs */
321 uint8_t feature;
322 uint8_t error;
c2ff060f 323 uint32_t nsector;
5391d806
FB		 324 uint8_t sector;
325 uint8_t lcyl;
326 uint8_t hcyl;
c2ff060f
FB		 327 /* other part of tf for lba48 support */
328 uint8_t hob_feature;
329 uint8_t hob_nsector;
330 uint8_t hob_sector;
331 uint8_t hob_lcyl;
332 uint8_t hob_hcyl;
333
5391d806
FB		 334 uint8_t select;
335 uint8_t status;
c2ff060f 336
5391d806
FB		 337 /* 0x3f6 command, only meaningful for drive 0 */
338 uint8_t cmd;
c2ff060f
FB		 339 /* set for lba48 access */
340 uint8_t lba48;
5391d806 341 /* depends on bit 4 in select, only meaningful for drive 0 */
5fafdf24 342 struct IDEState *cur_drive;
5391d806
FB		 343 BlockDriverState *bs;
344 /* ATAPI specific */
345 uint8_t sense_key;
346 uint8_t asc;
347 int packet_transfer_size;
348 int elementary_transfer_size;
349 int io_buffer_index;
350 int lba;
98087450
FB		 351 int cd_sector_size;
352 int atapi_dma; /* true if dma is requested for the packet cmd */
353 /* ATA DMA state */
354 int io_buffer_size;
355 /* PIO transfer handling */
5391d806
FB		 356 int req_nb_sectors; /* number of sectors per interrupt */
357 EndTransferFunc *end_transfer_func;
358 uint8_t *data_ptr;
359 uint8_t *data_end;
360 uint8_t io_buffer[MAX_MULT_SECTORS*512 + 4];
a09db21f 361 QEMUTimer *sector_write_timer; /* only used for win2k instal hack */
e774a278 362 uint32_t irq_count; /* counts IRQs when using win2k install hack */
201a51fc
AZ		 363 /* CF-ATA extended error */
364 uint8_t ext_error;
365 /* CF-ATA metadata storage */
366 uint32_t mdata_size;
367 uint8_t *mdata_storage;
368 int media_changed;
5391d806
FB		 369} IDEState;
370
98087450
FB		 371#define BM_STATUS_DMAING 0x01
372#define BM_STATUS_ERROR 0x02
373#define BM_STATUS_INT 0x04
374
375#define BM_CMD_START 0x01
376#define BM_CMD_READ 0x08
377
5457c8ce
FB		 378#define IDE_TYPE_PIIX3 0
379#define IDE_TYPE_CMD646 1
afcc3cdf 380#define IDE_TYPE_PIIX4 2
5457c8ce
FB		 381
382/* CMD646 specific */
383#define MRDMODE 0x71
384#define MRDMODE_INTR_CH0 0x04
385#define MRDMODE_INTR_CH1 0x08
386#define MRDMODE_BLK_CH0 0x10
387#define MRDMODE_BLK_CH1 0x20
388#define UDIDETCR0 0x73
389#define UDIDETCR1 0x7B
390
98087450
FB		 391typedef struct BMDMAState {
392 uint8_t cmd;
393 uint8_t status;
394 uint32_t addr;
5fafdf24 395
5457c8ce 396 struct PCIIDEState *pci_dev;
98087450 397 /* current transfer state */
8ccad811
FB		 398 uint32_t cur_addr;
399 uint32_t cur_prd_last;
400 uint32_t cur_prd_addr;
401 uint32_t cur_prd_len;
98087450 402 IDEState *ide_if;
8ccad811
FB		 403 BlockDriverCompletionFunc *dma_cb;
404 BlockDriverAIOCB *aiocb;
98087450
FB		 405} BMDMAState;
406
407typedef struct PCIIDEState {
408 PCIDevice dev;
409 IDEState ide_if[4];
410 BMDMAState bmdma[2];
5457c8ce 411 int type; /* see IDE_TYPE_xxx */
98087450
FB		 412} PCIIDEState;
413
8ccad811 414static void ide_dma_start(IDEState *s, BlockDriverCompletionFunc *dma_cb);
5f12ab4b 415static void ide_atapi_cmd_read_dma_cb(void *opaque, int ret);
98087450 416
5391d806
FB		 417static void padstr(char *str, const char *src, int len)
418{
419 int i, v;
420 for(i = 0; i < len; i++) {
421 if (*src)
422 v = *src++;
423 else
424 v = ' ';
425 *(char *)((long)str ^ 1) = v;
426 str++;
427 }
428}
429
bd0d90b2
FB		 430static void padstr8(uint8_t *buf, int buf_size, const char *src)
431{
432 int i;
433 for(i = 0; i < buf_size; i++) {
434 if (*src)
435 buf[i] = *src++;
436 else
437 buf[i] = ' ';
438 }
439}
440
67b915a5
FB		 441static void put_le16(uint16_t *p, unsigned int v)
442{
0c4ad8dc 443 *p = cpu_to_le16(v);
67b915a5
FB		 444}
445
5391d806
FB		 446static void ide_identify(IDEState *s)
447{
448 uint16_t *p;
449 unsigned int oldsize;
aedf5382 450 char buf[20];
5391d806 451
94458802
FB		 452 if (s->identify_set) {
453 memcpy(s->io_buffer, s->identify_data, sizeof(s->identify_data));
454 return;
455 }
456
5391d806
FB		 457 memset(s->io_buffer, 0, 512);
458 p = (uint16_t *)s->io_buffer;
67b915a5 459 put_le16(p + 0, 0x0040);
5fafdf24 460 put_le16(p + 1, s->cylinders);
67b915a5
FB		 461 put_le16(p + 3, s->heads);
462 put_le16(p + 4, 512 * s->sectors); /* XXX: retired, remove ? */
463 put_le16(p + 5, 512); /* XXX: retired, remove ? */
5fafdf24 464 put_le16(p + 6, s->sectors);
aedf5382
FB		 465 snprintf(buf, sizeof(buf), "QM%05d", s->drive_serial);
466 padstr((uint8_t *)(p + 10), buf, 20); /* serial number */
67b915a5
FB		 467 put_le16(p + 20, 3); /* XXX: retired, remove ? */
468 put_le16(p + 21, 512); /* cache size in sectors */
469 put_le16(p + 22, 4); /* ecc bytes */
5391d806
FB		 470 padstr((uint8_t *)(p + 23), QEMU_VERSION, 8); /* firmware version */
471 padstr((uint8_t *)(p + 27), "QEMU HARDDISK", 40); /* model */
5fafdf24 472#if MAX_MULT_SECTORS > 1
67b915a5 473 put_le16(p + 47, 0x8000 | MAX_MULT_SECTORS);
5391d806 474#endif
67b915a5 475 put_le16(p + 48, 1); /* dword I/O */
94458802 476 put_le16(p + 49, (1 << 11) | (1 << 9) | (1 << 8)); /* DMA and LBA supported */
67b915a5
FB		 477 put_le16(p + 51, 0x200); /* PIO transfer cycle */
478 put_le16(p + 52, 0x200); /* DMA transfer cycle */
94458802 479 put_le16(p + 53, 1 | (1 << 1) | (1 << 2)); /* words 54-58,64-70,88 are valid */
67b915a5
FB		 480 put_le16(p + 54, s->cylinders);
481 put_le16(p + 55, s->heads);
482 put_le16(p + 56, s->sectors);
5391d806 483 oldsize = s->cylinders * s->heads * s->sectors;
67b915a5
FB		 484 put_le16(p + 57, oldsize);
485 put_le16(p + 58, oldsize >> 16);
5391d806 486 if (s->mult_sectors)
67b915a5
FB		 487 put_le16(p + 59, 0x100 | s->mult_sectors);
488 put_le16(p + 60, s->nb_sectors);
489 put_le16(p + 61, s->nb_sectors >> 16);
94458802
FB		 490 put_le16(p + 63, 0x07); /* mdma0-2 supported */
491 put_le16(p + 65, 120);
492 put_le16(p + 66, 120);
493 put_le16(p + 67, 120);
494 put_le16(p + 68, 120);
495 put_le16(p + 80, 0xf0); /* ata3 -> ata6 supported */
496 put_le16(p + 81, 0x16); /* conforms to ata5 */
67b915a5 497 put_le16(p + 82, (1 << 14));
c2ff060f
FB		 498 /* 13=flush_cache_ext,12=flush_cache,10=lba48 */
499 put_le16(p + 83, (1 << 14) | (1 << 13) | (1 <<12) | (1 << 10));
67b915a5
FB		 500 put_le16(p + 84, (1 << 14));
501 put_le16(p + 85, (1 << 14));
c2ff060f
FB		 502 /* 13=flush_cache_ext,12=flush_cache,10=lba48 */
503 put_le16(p + 86, (1 << 14) | (1 << 13) | (1 <<12) | (1 << 10));
67b915a5 504 put_le16(p + 87, (1 << 14));
94458802
FB		 505 put_le16(p + 88, 0x3f | (1 << 13)); /* udma5 set and supported */
506 put_le16(p + 93, 1 | (1 << 14) | 0x2000);
c2ff060f
FB		 507 put_le16(p + 100, s->nb_sectors);
508 put_le16(p + 101, s->nb_sectors >> 16);
509 put_le16(p + 102, s->nb_sectors >> 32);
510 put_le16(p + 103, s->nb_sectors >> 48);
94458802
FB		 511
512 memcpy(s->identify_data, p, sizeof(s->identify_data));
513 s->identify_set = 1;
5391d806
FB		 514}
515
516static void ide_atapi_identify(IDEState *s)
517{
518 uint16_t *p;
aedf5382 519 char buf[20];
5391d806 520
94458802
FB		 521 if (s->identify_set) {
522 memcpy(s->io_buffer, s->identify_data, sizeof(s->identify_data));
523 return;
524 }
525
5391d806
FB		 526 memset(s->io_buffer, 0, 512);
527 p = (uint16_t *)s->io_buffer;
528 /* Removable CDROM, 50us response, 12 byte packets */
67b915a5 529 put_le16(p + 0, (2 << 14) | (5 << 8) | (1 << 7) | (2 << 5) | (0 << 0));
aedf5382
FB		 530 snprintf(buf, sizeof(buf), "QM%05d", s->drive_serial);
531 padstr((uint8_t *)(p + 10), buf, 20); /* serial number */
67b915a5
FB		 532 put_le16(p + 20, 3); /* buffer type */
533 put_le16(p + 21, 512); /* cache size in sectors */
534 put_le16(p + 22, 4); /* ecc bytes */
5391d806
FB		 535 padstr((uint8_t *)(p + 23), QEMU_VERSION, 8); /* firmware version */
536 padstr((uint8_t *)(p + 27), "QEMU CD-ROM", 40); /* model */
67b915a5 537 put_le16(p + 48, 1); /* dword I/O (XXX: should not be set on CDROM) */
8ccad811
FB		 538#ifdef USE_DMA_CDROM
539 put_le16(p + 49, 1 << 9 | 1 << 8); /* DMA and LBA supported */
540 put_le16(p + 53, 7); /* words 64-70, 54-58, 88 valid */
541 put_le16(p + 63, 7); /* mdma0-2 supported */
542 put_le16(p + 64, 0x3f); /* PIO modes supported */
543#else
67b915a5
FB		 544 put_le16(p + 49, 1 << 9); /* LBA supported, no DMA */
545 put_le16(p + 53, 3); /* words 64-70, 54-58 valid */
546 put_le16(p + 63, 0x103); /* DMA modes XXX: may be incorrect */
547 put_le16(p + 64, 1); /* PIO modes */
8ccad811 548#endif
67b915a5
FB		 549 put_le16(p + 65, 0xb4); /* minimum DMA multiword tx cycle time */
550 put_le16(p + 66, 0xb4); /* recommended DMA multiword tx cycle time */
551 put_le16(p + 67, 0x12c); /* minimum PIO cycle time without flow control */
552 put_le16(p + 68, 0xb4); /* minimum PIO cycle time with IORDY flow control */
94458802 553
67b915a5
FB		 554 put_le16(p + 71, 30); /* in ns */
555 put_le16(p + 72, 30); /* in ns */
5391d806 556
67b915a5 557 put_le16(p + 80, 0x1e); /* support up to ATA/ATAPI-4 */
8ccad811
FB		 558#ifdef USE_DMA_CDROM
559 put_le16(p + 88, 0x3f | (1 << 13)); /* udma5 set and supported */
560#endif
94458802
FB		 561 memcpy(s->identify_data, p, sizeof(s->identify_data));
562 s->identify_set = 1;
5391d806
FB		 563}
564
201a51fc
AZ		 565static void ide_cfata_identify(IDEState *s)
566{
567 uint16_t *p;
568 uint32_t cur_sec;
569 char buf[20];
570
571 p = (uint16_t *) s->identify_data;
572 if (s->identify_set)
573 goto fill_buffer;
574
575 memset(p, 0, sizeof(s->identify_data));
576
577 cur_sec = s->cylinders * s->heads * s->sectors;
578
579 put_le16(p + 0, 0x848a); /* CF Storage Card signature */
580 put_le16(p + 1, s->cylinders); /* Default cylinders */
581 put_le16(p + 3, s->heads); /* Default heads */
582 put_le16(p + 6, s->sectors); /* Default sectors per track */
583 put_le16(p + 7, s->nb_sectors >> 16); /* Sectors per card */
584 put_le16(p + 8, s->nb_sectors); /* Sectors per card */
585 snprintf(buf, sizeof(buf), "QM%05d", s->drive_serial);
586 padstr((uint8_t *)(p + 10), buf, 20); /* Serial number in ASCII */
587 put_le16(p + 22, 0x0004); /* ECC bytes */
588 padstr((uint8_t *) (p + 23), QEMU_VERSION, 8); /* Firmware Revision */
589 padstr((uint8_t *) (p + 27), "QEMU MICRODRIVE", 40);/* Model number */
590#if MAX_MULT_SECTORS > 1
591 put_le16(p + 47, 0x8000 | MAX_MULT_SECTORS);
592#else
593 put_le16(p + 47, 0x0000);
594#endif
595 put_le16(p + 49, 0x0f00); /* Capabilities */
596 put_le16(p + 51, 0x0002); /* PIO cycle timing mode */
597 put_le16(p + 52, 0x0001); /* DMA cycle timing mode */
598 put_le16(p + 53, 0x0003); /* Translation params valid */
599 put_le16(p + 54, s->cylinders); /* Current cylinders */
600 put_le16(p + 55, s->heads); /* Current heads */
601 put_le16(p + 56, s->sectors); /* Current sectors */
602 put_le16(p + 57, cur_sec); /* Current capacity */
603 put_le16(p + 58, cur_sec >> 16); /* Current capacity */
604 if (s->mult_sectors) /* Multiple sector setting */
605 put_le16(p + 59, 0x100 | s->mult_sectors);
606 put_le16(p + 60, s->nb_sectors); /* Total LBA sectors */
607 put_le16(p + 61, s->nb_sectors >> 16); /* Total LBA sectors */
608 put_le16(p + 63, 0x0203); /* Multiword DMA capability */
609 put_le16(p + 64, 0x0001); /* Flow Control PIO support */
610 put_le16(p + 65, 0x0096); /* Min. Multiword DMA cycle */
611 put_le16(p + 66, 0x0096); /* Rec. Multiword DMA cycle */
612 put_le16(p + 68, 0x00b4); /* Min. PIO cycle time */
613 put_le16(p + 82, 0x400c); /* Command Set supported */
614 put_le16(p + 83, 0x7068); /* Command Set supported */
615 put_le16(p + 84, 0x4000); /* Features supported */
616 put_le16(p + 85, 0x000c); /* Command Set enabled */
617 put_le16(p + 86, 0x7044); /* Command Set enabled */
618 put_le16(p + 87, 0x4000); /* Features enabled */
619 put_le16(p + 91, 0x4060); /* Current APM level */
620 put_le16(p + 129, 0x0002); /* Current features option */
621 put_le16(p + 130, 0x0005); /* Reassigned sectors */
622 put_le16(p + 131, 0x0001); /* Initial power mode */
623 put_le16(p + 132, 0x0000); /* User signature */
624 put_le16(p + 160, 0x8100); /* Power requirement */
625 put_le16(p + 161, 0x8001); /* CF command set */
626
627 s->identify_set = 1;
628
629fill_buffer:
630 memcpy(s->io_buffer, p, sizeof(s->identify_data));
631}
632
5391d806
FB		 633static void ide_set_signature(IDEState *s)
634{
635 s->select &= 0xf0; /* clear head */
636 /* put signature */
637 s->nsector = 1;
638 s->sector = 1;
639 if (s->is_cdrom) {
640 s->lcyl = 0x14;
641 s->hcyl = 0xeb;
642 } else if (s->bs) {
643 s->lcyl = 0;
644 s->hcyl = 0;
645 } else {
646 s->lcyl = 0xff;
647 s->hcyl = 0xff;
648 }
649}
650
651static inline void ide_abort_command(IDEState *s)
652{
653 s->status = READY_STAT | ERR_STAT;
654 s->error = ABRT_ERR;
655}
656
657static inline void ide_set_irq(IDEState *s)
658{
98ff7d30 659 BMDMAState *bm = s->bmdma;
5391d806 660 if (!(s->cmd & IDE_CMD_DISABLE_IRQ)) {
5457c8ce 661 if (bm) {
98ff7d30 662 bm->status |= BM_STATUS_INT;
5457c8ce 663 }
d537cf6c 664 qemu_irq_raise(s->irq);
5391d806
FB		 665 }
666}
667
668/* prepare data transfer and tell what to do after */
5fafdf24 669static void ide_transfer_start(IDEState *s, uint8_t *buf, int size,
5391d806
FB		 670 EndTransferFunc *end_transfer_func)
671{
672 s->end_transfer_func = end_transfer_func;
673 s->data_ptr = buf;
674 s->data_end = buf + size;
7603d156
TS		 675 if (!(s->status & ERR_STAT))
676 s->status |= DRQ_STAT;
5391d806
FB		 677}
678
679static void ide_transfer_stop(IDEState *s)
680{
681 s->end_transfer_func = ide_transfer_stop;
682 s->data_ptr = s->io_buffer;
683 s->data_end = s->io_buffer;
684 s->status &= ~DRQ_STAT;
685}
686
687static int64_t ide_get_sector(IDEState *s)
688{
689 int64_t sector_num;
690 if (s->select & 0x40) {
691 /* lba */
c2ff060f
FB		 692 if (!s->lba48) {
693 sector_num = ((s->select & 0x0f) << 24) | (s->hcyl << 16) |
694 (s->lcyl << 8) | s->sector;
695 } else {
696 sector_num = ((int64_t)s->hob_hcyl << 40) |
697 ((int64_t) s->hob_lcyl << 32) |
698 ((int64_t) s->hob_sector << 24) |
699 ((int64_t) s->hcyl << 16) |
700 ((int64_t) s->lcyl << 8) | s->sector;
701 }
5391d806
FB		 702 } else {
703 sector_num = ((s->hcyl << 8) | s->lcyl) * s->heads * s->sectors +
c2ff060f 704 (s->select & 0x0f) * s->sectors + (s->sector - 1);
5391d806
FB		 705 }
706 return sector_num;
707}
708
709static void ide_set_sector(IDEState *s, int64_t sector_num)
710{
711 unsigned int cyl, r;
712 if (s->select & 0x40) {
c2ff060f
FB		 713 if (!s->lba48) {
714 s->select = (s->select & 0xf0) | (sector_num >> 24);
715 s->hcyl = (sector_num >> 16);
716 s->lcyl = (sector_num >> 8);
717 s->sector = (sector_num);
718 } else {
719 s->sector = sector_num;
720 s->lcyl = sector_num >> 8;
721 s->hcyl = sector_num >> 16;
722 s->hob_sector = sector_num >> 24;
723 s->hob_lcyl = sector_num >> 32;
724 s->hob_hcyl = sector_num >> 40;
725 }
5391d806
FB		 726 } else {
727 cyl = sector_num / (s->heads * s->sectors);
728 r = sector_num % (s->heads * s->sectors);
729 s->hcyl = cyl >> 8;
730 s->lcyl = cyl;
1b8eb456 731 s->select = (s->select & 0xf0) | ((r / s->sectors) & 0x0f);
5391d806
FB		 732 s->sector = (r % s->sectors) + 1;
733 }
734}
735
736static void ide_sector_read(IDEState *s)
737{
738 int64_t sector_num;
739 int ret, n;
740
741 s->status = READY_STAT | SEEK_STAT;
a136e5a8 742 s->error = 0; /* not needed by IDE spec, but needed by Windows */
5391d806
FB		 743 sector_num = ide_get_sector(s);
744 n = s->nsector;
745 if (n == 0) {
746 /* no more sector to read from disk */
747 ide_transfer_stop(s);
748 } else {
749#if defined(DEBUG_IDE)
750 printf("read sector=%Ld\n", sector_num);
751#endif
752 if (n > s->req_nb_sectors)
753 n = s->req_nb_sectors;
754 ret = bdrv_read(s->bs, sector_num, s->io_buffer, n);
755 ide_transfer_start(s, s->io_buffer, 512 * n, ide_sector_read);
756 ide_set_irq(s);
757 ide_set_sector(s, sector_num + n);
758 s->nsector -= n;
759 }
760}
761
8ccad811
FB		 762/* return 0 if buffer completed */
763static int dma_buf_rw(BMDMAState *bm, int is_write)
98087450 764{
8ccad811
FB		 765 IDEState *s = bm->ide_if;
766 struct {
767 uint32_t addr;
768 uint32_t size;
769 } prd;
770 int l, len;
98087450 771
8ccad811
FB		 772 for(;;) {
773 l = s->io_buffer_size - s->io_buffer_index;
5fafdf24 774 if (l <= 0)
8ccad811
FB		 775 break;
776 if (bm->cur_prd_len == 0) {
777 /* end of table (with a fail safe of one page) */
778 if (bm->cur_prd_last ||
779 (bm->cur_addr - bm->addr) >= 4096)
780 return 0;
781 cpu_physical_memory_read(bm->cur_addr, (uint8_t *)&prd, 8);
782 bm->cur_addr += 8;
783 prd.addr = le32_to_cpu(prd.addr);
784 prd.size = le32_to_cpu(prd.size);
785 len = prd.size & 0xfffe;
786 if (len == 0)
787 len = 0x10000;
788 bm->cur_prd_len = len;
789 bm->cur_prd_addr = prd.addr;
790 bm->cur_prd_last = (prd.size & 0x80000000);
791 }
792 if (l > bm->cur_prd_len)
793 l = bm->cur_prd_len;
794 if (l > 0) {
795 if (is_write) {
5fafdf24 796 cpu_physical_memory_write(bm->cur_prd_addr,
8ccad811
FB		 797 s->io_buffer + s->io_buffer_index, l);
798 } else {
5fafdf24 799 cpu_physical_memory_read(bm->cur_prd_addr,
8ccad811
FB		 800 s->io_buffer + s->io_buffer_index, l);
801 }
802 bm->cur_prd_addr += l;
803 bm->cur_prd_len -= l;
804 s->io_buffer_index += l;
98087450 805 }
98087450 806 }
8ccad811
FB		 807 return 1;
808}
809
810/* XXX: handle errors */
811static void ide_read_dma_cb(void *opaque, int ret)
812{
813 BMDMAState *bm = opaque;
814 IDEState *s = bm->ide_if;
815 int n;
816 int64_t sector_num;
817
818 n = s->io_buffer_size >> 9;
819 sector_num = ide_get_sector(s);
820 if (n > 0) {
821 sector_num += n;
822 ide_set_sector(s, sector_num);
823 s->nsector -= n;
824 if (dma_buf_rw(bm, 1) == 0)
825 goto eot;
826 }
827
828 /* end of transfer ? */
829 if (s->nsector == 0) {
98087450
FB		 830 s->status = READY_STAT | SEEK_STAT;
831 ide_set_irq(s);
8ccad811
FB		 832 eot:
833 bm->status &= ~BM_STATUS_DMAING;
834 bm->status |= BM_STATUS_INT;
835 bm->dma_cb = NULL;
836 bm->ide_if = NULL;
837 bm->aiocb = NULL;
838 return;
98087450 839 }
8ccad811
FB		 840
841 /* launch next transfer */
842 n = s->nsector;
843 if (n > MAX_MULT_SECTORS)
844 n = MAX_MULT_SECTORS;
845 s->io_buffer_index = 0;
846 s->io_buffer_size = n * 512;
847#ifdef DEBUG_AIO
848 printf("aio_read: sector_num=%lld n=%d\n", sector_num, n);
849#endif
5fafdf24 850 bm->aiocb = bdrv_aio_read(s->bs, sector_num, s->io_buffer, n,
8ccad811 851 ide_read_dma_cb, bm);
98087450
FB		 852}
853
854static void ide_sector_read_dma(IDEState *s)
855{
8ccad811 856 s->status = READY_STAT | SEEK_STAT | DRQ_STAT | BUSY_STAT;
98087450
FB		 857 s->io_buffer_index = 0;
858 s->io_buffer_size = 0;
859 ide_dma_start(s, ide_read_dma_cb);
860}
861
a09db21f
FB		 862static void ide_sector_write_timer_cb(void *opaque)
863{
864 IDEState *s = opaque;
865 ide_set_irq(s);
866}
867
f0c596cb
TS		 868static void ide_sector_write_aio_cb(void *opaque, int ret)
869{
870 BMDMAState *bm = opaque;
871 IDEState *s = bm->ide_if;
872
873#ifdef TARGET_I386
874 if (win2k_install_hack && ((++s->irq_count % 16) == 0)) {
875 /* It seems there is a bug in the Windows 2000 installer HDD
876 IDE driver which fills the disk with empty logs when the
877 IDE write IRQ comes too early. This hack tries to correct
878 that at the expense of slower write performances. Use this
879 option _only_ to install Windows 2000. You must disable it
880 for normal use. */
881 qemu_mod_timer(s->sector_write_timer,
882 qemu_get_clock(vm_clock) + (ticks_per_sec / 1000));
883 } else
884#endif
885 {
886 ide_set_irq(s);
887 }
888 bm->aiocb = NULL;
889}
890
5391d806
FB		 891static void ide_sector_write(IDEState *s)
892{
f0c596cb 893 BMDMAState *bm;
5391d806 894 int64_t sector_num;
f0c596cb
TS		 895 int n, n1;
896
897 s->io_buffer_index = 0;
898 s->io_buffer_size = 0;
899 bm = s->bmdma;
900 if(bm == NULL) {
901 bm = qemu_mallocz(sizeof(BMDMAState));
902 s->bmdma = bm;
903 }
904 bm->ide_if = s;
905 bm->dma_cb = ide_sector_write_aio_cb;
5391d806
FB		 906
907 s->status = READY_STAT | SEEK_STAT;
908 sector_num = ide_get_sector(s);
909#if defined(DEBUG_IDE)
910 printf("write sector=%Ld\n", sector_num);
911#endif
912 n = s->nsector;
913 if (n > s->req_nb_sectors)
914 n = s->req_nb_sectors;
5391d806
FB		 915 s->nsector -= n;
916 if (s->nsector == 0) {
292eef5a 917 /* no more sectors to write */
5391d806
FB		 918 ide_transfer_stop(s);
919 } else {
920 n1 = s->nsector;
921 if (n1 > s->req_nb_sectors)
922 n1 = s->req_nb_sectors;
923 ide_transfer_start(s, s->io_buffer, 512 * n1, ide_sector_write);
924 }
925 ide_set_sector(s, sector_num + n);
5fafdf24 926
f0c596cb
TS		 927 bm->aiocb = bdrv_aio_write(s->bs, sector_num, s->io_buffer, n,
928 ide_sector_write_aio_cb, bm);
5391d806
FB		 929}
930
8ccad811
FB		 931/* XXX: handle errors */
932static void ide_write_dma_cb(void *opaque, int ret)
98087450 933{
8ccad811
FB		 934 BMDMAState *bm = opaque;
935 IDEState *s = bm->ide_if;
936 int n;
98087450
FB		 937 int64_t sector_num;
938
8ccad811
FB		 939 n = s->io_buffer_size >> 9;
940 sector_num = ide_get_sector(s);
941 if (n > 0) {
942 sector_num += n;
943 ide_set_sector(s, sector_num);
944 s->nsector -= n;
98087450 945 }
98087450 946
8ccad811
FB		 947 /* end of transfer ? */
948 if (s->nsector == 0) {
949 s->status = READY_STAT | SEEK_STAT;
950 ide_set_irq(s);
951 eot:
952 bm->status &= ~BM_STATUS_DMAING;
953 bm->status |= BM_STATUS_INT;
954 bm->dma_cb = NULL;
955 bm->ide_if = NULL;
956 bm->aiocb = NULL;
957 return;
958 }
959
960 /* launch next transfer */
98087450
FB		 961 n = s->nsector;
962 if (n > MAX_MULT_SECTORS)
963 n = MAX_MULT_SECTORS;
964 s->io_buffer_index = 0;
965 s->io_buffer_size = n * 512;
8ccad811
FB		 966
967 if (dma_buf_rw(bm, 0) == 0)
968 goto eot;
969#ifdef DEBUG_AIO
970 printf("aio_write: sector_num=%lld n=%d\n", sector_num, n);
971#endif
5fafdf24 972 bm->aiocb = bdrv_aio_write(s->bs, sector_num, s->io_buffer, n,
8ccad811
FB		 973 ide_write_dma_cb, bm);
974}
975
976static void ide_sector_write_dma(IDEState *s)
977{
978 s->status = READY_STAT | SEEK_STAT | DRQ_STAT | BUSY_STAT;
979 s->io_buffer_index = 0;
980 s->io_buffer_size = 0;
98087450
FB		 981 ide_dma_start(s, ide_write_dma_cb);
982}
983
5391d806
FB		 984static void ide_atapi_cmd_ok(IDEState *s)
985{
986 s->error = 0;
987 s->status = READY_STAT;
988 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
989 ide_set_irq(s);
990}
991
992static void ide_atapi_cmd_error(IDEState *s, int sense_key, int asc)
993{
994#ifdef DEBUG_IDE_ATAPI
995 printf("atapi_cmd_error: sense=0x%x asc=0x%x\n", sense_key, asc);
996#endif
997 s->error = sense_key << 4;
998 s->status = READY_STAT | ERR_STAT;
999 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
1000 s->sense_key = sense_key;
1001 s->asc = asc;
1002 ide_set_irq(s);
1003}
1004
1005static inline void cpu_to_ube16(uint8_t *buf, int val)
1006{
1007 buf[0] = val >> 8;
1008 buf[1] = val;
1009}
1010
1011static inline void cpu_to_ube32(uint8_t *buf, unsigned int val)
1012{
1013 buf[0] = val >> 24;
1014 buf[1] = val >> 16;
1015 buf[2] = val >> 8;
1016 buf[3] = val;
1017}
1018
1019static inline int ube16_to_cpu(const uint8_t *buf)
1020{
1021 return (buf[0] << 8) | buf[1];
1022}
1023
1024static inline int ube32_to_cpu(const uint8_t *buf)
1025{
1026 return (buf[0] << 24) | (buf[1] << 16) | (buf[2] << 8) | buf[3];
1027}
1028
98087450
FB		 1029static void lba_to_msf(uint8_t *buf, int lba)
1030{
1031 lba += 150;
1032 buf[0] = (lba / 75) / 60;
1033 buf[1] = (lba / 75) % 60;
1034 buf[2] = lba % 75;
1035}
1036
8ccad811
FB		 1037static void cd_data_to_raw(uint8_t *buf, int lba)
1038{
1039 /* sync bytes */
1040 buf[0] = 0x00;
1041 memset(buf + 1, 0xff, 10);
1042 buf[11] = 0x00;
1043 buf += 12;
1044 /* MSF */
1045 lba_to_msf(buf, lba);
1046 buf[3] = 0x01; /* mode 1 data */
1047 buf += 4;
1048 /* data */
1049 buf += 2048;
1050 /* XXX: ECC not computed */
1051 memset(buf, 0, 288);
1052}
1053
5fafdf24 1054static int cd_read_sector(BlockDriverState *bs, int lba, uint8_t *buf,
98087450
FB		 1055 int sector_size)
1056{
66c6ef76
FB		 1057 int ret;
1058
98087450
FB		 1059 switch(sector_size) {
1060 case 2048:
66c6ef76 1061 ret = bdrv_read(bs, (int64_t)lba << 2, buf, 4);
98087450
FB		 1062 break;
1063 case 2352:
66c6ef76
FB		 1064 ret = bdrv_read(bs, (int64_t)lba << 2, buf + 16, 4);
1065 if (ret < 0)
1066 return ret;
8ccad811 1067 cd_data_to_raw(buf, lba);
98087450
FB		 1068 break;
1069 default:
66c6ef76 1070 ret = -EIO;
98087450
FB		 1071 break;
1072 }
66c6ef76
FB		 1073 return ret;
1074}
1075
1076static void ide_atapi_io_error(IDEState *s, int ret)
1077{
1078 /* XXX: handle more errors */
1079 if (ret == -ENOMEDIUM) {
5fafdf24 1080 ide_atapi_cmd_error(s, SENSE_NOT_READY,
66c6ef76
FB		 1081 ASC_MEDIUM_NOT_PRESENT);
1082 } else {
5fafdf24 1083 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
66c6ef76
FB		 1084 ASC_LOGICAL_BLOCK_OOR);
1085 }
98087450
FB		 1086}
1087
5391d806
FB		 1088/* The whole ATAPI transfer logic is handled in this function */
1089static void ide_atapi_cmd_reply_end(IDEState *s)
1090{
66c6ef76 1091 int byte_count_limit, size, ret;
5391d806 1092#ifdef DEBUG_IDE_ATAPI
5fafdf24 1093 printf("reply: tx_size=%d elem_tx_size=%d index=%d\n",
5391d806
FB		 1094 s->packet_transfer_size,
1095 s->elementary_transfer_size,
1096 s->io_buffer_index);
1097#endif
1098 if (s->packet_transfer_size <= 0) {
1099 /* end of transfer */
1100 ide_transfer_stop(s);
1101 s->status = READY_STAT;
1102 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
1103 ide_set_irq(s);
1104#ifdef DEBUG_IDE_ATAPI
1105 printf("status=0x%x\n", s->status);
1106#endif
1107 } else {
1108 /* see if a new sector must be read */
98087450 1109 if (s->lba != -1 && s->io_buffer_index >= s->cd_sector_size) {
66c6ef76
FB		 1110 ret = cd_read_sector(s->bs, s->lba, s->io_buffer, s->cd_sector_size);
1111 if (ret < 0) {
1112 ide_transfer_stop(s);
1113 ide_atapi_io_error(s, ret);
1114 return;
1115 }
5391d806
FB		 1116 s->lba++;
1117 s->io_buffer_index = 0;
1118 }
1119 if (s->elementary_transfer_size > 0) {
1120 /* there are some data left to transmit in this elementary
1121 transfer */
98087450 1122 size = s->cd_sector_size - s->io_buffer_index;
5391d806
FB		 1123 if (size > s->elementary_transfer_size)
1124 size = s->elementary_transfer_size;
5fafdf24 1125 ide_transfer_start(s, s->io_buffer + s->io_buffer_index,
5391d806
FB		 1126 size, ide_atapi_cmd_reply_end);
1127 s->packet_transfer_size -= size;
1128 s->elementary_transfer_size -= size;
1129 s->io_buffer_index += size;
1130 } else {
1131 /* a new transfer is needed */
1132 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO;
1133 byte_count_limit = s->lcyl | (s->hcyl << 8);
1134#ifdef DEBUG_IDE_ATAPI
1135 printf("byte_count_limit=%d\n", byte_count_limit);
1136#endif
1137 if (byte_count_limit == 0xffff)
1138 byte_count_limit--;
1139 size = s->packet_transfer_size;
1140 if (size > byte_count_limit) {
1141 /* byte count limit must be even if this case */
1142 if (byte_count_limit & 1)
1143 byte_count_limit--;
1144 size = byte_count_limit;
5391d806 1145 }
a136e5a8
FB		 1146 s->lcyl = size;
1147 s->hcyl = size >> 8;
5391d806
FB		 1148 s->elementary_transfer_size = size;
1149 /* we cannot transmit more than one sector at a time */
1150 if (s->lba != -1) {
98087450
FB		 1151 if (size > (s->cd_sector_size - s->io_buffer_index))
1152 size = (s->cd_sector_size - s->io_buffer_index);
5391d806 1153 }
5fafdf24 1154 ide_transfer_start(s, s->io_buffer + s->io_buffer_index,
5391d806
FB		 1155 size, ide_atapi_cmd_reply_end);
1156 s->packet_transfer_size -= size;
1157 s->elementary_transfer_size -= size;
1158 s->io_buffer_index += size;
1159 ide_set_irq(s);
1160#ifdef DEBUG_IDE_ATAPI
1161 printf("status=0x%x\n", s->status);
1162#endif
1163 }
1164 }
1165}
1166
1167/* send a reply of 'size' bytes in s->io_buffer to an ATAPI command */
1168static void ide_atapi_cmd_reply(IDEState *s, int size, int max_size)
1169{
1170 if (size > max_size)
1171 size = max_size;
1172 s->lba = -1; /* no sector read */
1173 s->packet_transfer_size = size;
5f12ab4b 1174 s->io_buffer_size = size; /* dma: send the reply data as one chunk */
5391d806
FB		 1175 s->elementary_transfer_size = 0;
1176 s->io_buffer_index = 0;
1177
5f12ab4b
TS		 1178 if (s->atapi_dma) {
1179 s->status = READY_STAT | DRQ_STAT;
1180 ide_dma_start(s, ide_atapi_cmd_read_dma_cb);
1181 } else {
1182 s->status = READY_STAT;
1183 ide_atapi_cmd_reply_end(s);
1184 }
5391d806
FB		 1185}
1186
1187/* start a CD-CDROM read command */
98087450
FB		 1188static void ide_atapi_cmd_read_pio(IDEState *s, int lba, int nb_sectors,
1189 int sector_size)
5391d806 1190{
5391d806 1191 s->lba = lba;
98087450 1192 s->packet_transfer_size = nb_sectors * sector_size;
5391d806 1193 s->elementary_transfer_size = 0;
98087450
FB		 1194 s->io_buffer_index = sector_size;
1195 s->cd_sector_size = sector_size;
5391d806
FB		 1196
1197 s->status = READY_STAT;
1198 ide_atapi_cmd_reply_end(s);
1199}
1200
98087450 1201/* ATAPI DMA support */
8ccad811
FB		 1202
1203/* XXX: handle read errors */
1204static void ide_atapi_cmd_read_dma_cb(void *opaque, int ret)
98087450 1205{
8ccad811
FB		 1206 BMDMAState *bm = opaque;
1207 IDEState *s = bm->ide_if;
1208 int data_offset, n;
1209
66c6ef76
FB		 1210 if (ret < 0) {
1211 ide_atapi_io_error(s, ret);
1212 goto eot;
1213 }
1214
8ccad811 1215 if (s->io_buffer_size > 0) {
5f12ab4b
TS		 1216 /*
1217 * For a cdrom read sector command (s->lba != -1),
1218 * adjust the lba for the next s->io_buffer_size chunk
1219 * and dma the current chunk.
1220 * For a command != read (s->lba == -1), just transfer
1221 * the reply data.
1222 */
1223 if (s->lba != -1) {
1224 if (s->cd_sector_size == 2352) {
1225 n = 1;
1226 cd_data_to_raw(s->io_buffer, s->lba);
1227 } else {
1228 n = s->io_buffer_size >> 11;
1229 }
1230 s->lba += n;
1231 }
8ccad811 1232 s->packet_transfer_size -= s->io_buffer_size;
8ccad811
FB		 1233 if (dma_buf_rw(bm, 1) == 0)
1234 goto eot;
98087450 1235 }
8ccad811 1236
98087450
FB		 1237 if (s->packet_transfer_size <= 0) {
1238 s->status = READY_STAT;
1239 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
1240 ide_set_irq(s);
8ccad811
FB		 1241 eot:
1242 bm->status &= ~BM_STATUS_DMAING;
1243 bm->status |= BM_STATUS_INT;
1244 bm->dma_cb = NULL;
1245 bm->ide_if = NULL;
1246 bm->aiocb = NULL;
1247 return;
1248 }
5fafdf24 1249
8ccad811
FB		 1250 s->io_buffer_index = 0;
1251 if (s->cd_sector_size == 2352) {
1252 n = 1;
1253 s->io_buffer_size = s->cd_sector_size;
1254 data_offset = 16;
1255 } else {
1256 n = s->packet_transfer_size >> 11;
1257 if (n > (MAX_MULT_SECTORS / 4))
1258 n = (MAX_MULT_SECTORS / 4);
1259 s->io_buffer_size = n * 2048;
1260 data_offset = 0;
98087450 1261 }
8ccad811
FB		 1262#ifdef DEBUG_AIO
1263 printf("aio_read_cd: lba=%u n=%d\n", s->lba, n);
1264#endif
5fafdf24
TS		 1265 bm->aiocb = bdrv_aio_read(s->bs, (int64_t)s->lba << 2,
1266 s->io_buffer + data_offset, n * 4,
8ccad811 1267 ide_atapi_cmd_read_dma_cb, bm);
66c6ef76
FB		 1268 if (!bm->aiocb) {
1269 /* Note: media not present is the most likely case */
5fafdf24 1270 ide_atapi_cmd_error(s, SENSE_NOT_READY,
66c6ef76
FB		 1271 ASC_MEDIUM_NOT_PRESENT);
1272 goto eot;
1273 }
98087450
FB		 1274}
1275
1276/* start a CD-CDROM read command with DMA */
1277/* XXX: test if DMA is available */
1278static void ide_atapi_cmd_read_dma(IDEState *s, int lba, int nb_sectors,
1279 int sector_size)
1280{
1281 s->lba = lba;
1282 s->packet_transfer_size = nb_sectors * sector_size;
8ccad811
FB		 1283 s->io_buffer_index = 0;
1284 s->io_buffer_size = 0;
98087450
FB		 1285 s->cd_sector_size = sector_size;
1286
8ccad811
FB		 1287 /* XXX: check if BUSY_STAT should be set */
1288 s->status = READY_STAT | DRQ_STAT | BUSY_STAT;
98087450
FB		 1289 ide_dma_start(s, ide_atapi_cmd_read_dma_cb);
1290}
1291
5fafdf24 1292static void ide_atapi_cmd_read(IDEState *s, int lba, int nb_sectors,
98087450
FB		 1293 int sector_size)
1294{
1295#ifdef DEBUG_IDE_ATAPI
5f12ab4b
TS		 1296 printf("read %s: LBA=%d nb_sectors=%d\n", s->atapi_dma ? "dma" : "pio",
1297 lba, nb_sectors);
98087450
FB		 1298#endif
1299 if (s->atapi_dma) {
1300 ide_atapi_cmd_read_dma(s, lba, nb_sectors, sector_size);
1301 } else {
1302 ide_atapi_cmd_read_pio(s, lba, nb_sectors, sector_size);
1303 }
1304}
1305
5391d806
FB		 1306static void ide_atapi_cmd(IDEState *s)
1307{
1308 const uint8_t *packet;
1309 uint8_t *buf;
1310 int max_len;
1311
1312 packet = s->io_buffer;
1313 buf = s->io_buffer;
1314#ifdef DEBUG_IDE_ATAPI
1315 {
1316 int i;
1317 printf("ATAPI limit=0x%x packet:", s->lcyl | (s->hcyl << 8));
1318 for(i = 0; i < ATAPI_PACKET_SIZE; i++) {
1319 printf(" %02x", packet[i]);
1320 }
1321 printf("\n");
1322 }
1323#endif
1324 switch(s->io_buffer[0]) {
1325 case GPCMD_TEST_UNIT_READY:
caed8802 1326 if (bdrv_is_inserted(s->bs)) {
5391d806
FB		 1327 ide_atapi_cmd_ok(s);
1328 } else {
5fafdf24 1329 ide_atapi_cmd_error(s, SENSE_NOT_READY,
5391d806
FB		 1330 ASC_MEDIUM_NOT_PRESENT);
1331 }
1332 break;
d14049ea 1333 case GPCMD_MODE_SENSE_6:
5391d806
FB		 1334 case GPCMD_MODE_SENSE_10:
1335 {
1336 int action, code;
d14049ea
TS		 1337 if (packet[0] == GPCMD_MODE_SENSE_10)
1338 max_len = ube16_to_cpu(packet + 7);
1339 else
1340 max_len = packet[4];
5391d806
FB		 1341 action = packet[2] >> 6;
1342 code = packet[2] & 0x3f;
1343 switch(action) {
1344 case 0: /* current values */
1345 switch(code) {
1346 case 0x01: /* error recovery */
1347 cpu_to_ube16(&buf[0], 16 + 6);
1348 buf[2] = 0x70;
1349 buf[3] = 0;
1350 buf[4] = 0;
1351 buf[5] = 0;
1352 buf[6] = 0;
1353 buf[7] = 0;
1354
1355 buf[8] = 0x01;
1356 buf[9] = 0x06;
1357 buf[10] = 0x00;
1358 buf[11] = 0x05;
1359 buf[12] = 0x00;
1360 buf[13] = 0x00;
1361 buf[14] = 0x00;
1362 buf[15] = 0x00;
1363 ide_atapi_cmd_reply(s, 16, max_len);
1364 break;
1365 case 0x2a:
1366 cpu_to_ube16(&buf[0], 28 + 6);
1367 buf[2] = 0x70;
1368 buf[3] = 0;
1369 buf[4] = 0;
1370 buf[5] = 0;
1371 buf[6] = 0;
1372 buf[7] = 0;
1373
1374 buf[8] = 0x2a;
1375 buf[9] = 0x12;
d14049ea 1376 buf[10] = 0x08;
5391d806 1377 buf[11] = 0x00;
5fafdf24 1378
5391d806
FB		 1379 buf[12] = 0x70;
1380 buf[13] = 3 << 5;
1381 buf[14] = (1 << 0) | (1 << 3) | (1 << 5);
caed8802 1382 if (bdrv_is_locked(s->bs))
5391d806
FB		 1383 buf[6] |= 1 << 1;
1384 buf[15] = 0x00;
1385 cpu_to_ube16(&buf[16], 706);
1386 buf[18] = 0;
1387 buf[19] = 2;
1388 cpu_to_ube16(&buf[20], 512);
1389 cpu_to_ube16(&buf[22], 706);
1390 buf[24] = 0;
1391 buf[25] = 0;
1392 buf[26] = 0;
1393 buf[27] = 0;
1394 ide_atapi_cmd_reply(s, 28, max_len);
1395 break;
1396 default:
1397 goto error_cmd;
1398 }
1399 break;
1400 case 1: /* changeable values */
1401 goto error_cmd;
1402 case 2: /* default values */
1403 goto error_cmd;
1404 default:
1405 case 3: /* saved values */
5fafdf24 1406 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
5391d806
FB		 1407 ASC_SAVING_PARAMETERS_NOT_SUPPORTED);
1408 break;
1409 }
1410 }
1411 break;
1412 case GPCMD_REQUEST_SENSE:
1413 max_len = packet[4];
1414 memset(buf, 0, 18);
1415 buf[0] = 0x70 | (1 << 7);
1416 buf[2] = s->sense_key;
1417 buf[7] = 10;
1418 buf[12] = s->asc;
1419 ide_atapi_cmd_reply(s, 18, max_len);
1420 break;
1421 case GPCMD_PREVENT_ALLOW_MEDIUM_REMOVAL:
caed8802
FB		 1422 if (bdrv_is_inserted(s->bs)) {
1423 bdrv_set_locked(s->bs, packet[4] & 1);
5391d806
FB		 1424 ide_atapi_cmd_ok(s);
1425 } else {
5fafdf24 1426 ide_atapi_cmd_error(s, SENSE_NOT_READY,
5391d806
FB		 1427 ASC_MEDIUM_NOT_PRESENT);
1428 }
1429 break;
1430 case GPCMD_READ_10:
1431 case GPCMD_READ_12:
1432 {
1433 int nb_sectors, lba;
1434
5391d806
FB		 1435 if (packet[0] == GPCMD_READ_10)
1436 nb_sectors = ube16_to_cpu(packet + 7);
1437 else
1438 nb_sectors = ube32_to_cpu(packet + 6);
1439 lba = ube32_to_cpu(packet + 2);
1440 if (nb_sectors == 0) {
1441 ide_atapi_cmd_ok(s);
1442 break;
1443 }
98087450
FB		 1444 ide_atapi_cmd_read(s, lba, nb_sectors, 2048);
1445 }
1446 break;
1447 case GPCMD_READ_CD:
1448 {
1449 int nb_sectors, lba, transfer_request;
1450
98087450
FB		 1451 nb_sectors = (packet[6] << 16) | (packet[7] << 8) | packet[8];
1452 lba = ube32_to_cpu(packet + 2);
1453 if (nb_sectors == 0) {
1454 ide_atapi_cmd_ok(s);
1455 break;
1456 }
98087450
FB		 1457 transfer_request = packet[9];
1458 switch(transfer_request & 0xf8) {
1459 case 0x00:
1460 /* nothing */
1461 ide_atapi_cmd_ok(s);
1462 break;
1463 case 0x10:
1464 /* normal read */
1465 ide_atapi_cmd_read(s, lba, nb_sectors, 2048);
1466 break;
1467 case 0xf8:
1468 /* read all data */
1469 ide_atapi_cmd_read(s, lba, nb_sectors, 2352);
1470 break;
1471 default:
5fafdf24 1472 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
98087450
FB		 1473 ASC_INV_FIELD_IN_CMD_PACKET);
1474 break;
1475 }
5391d806
FB		 1476 }
1477 break;
1478 case GPCMD_SEEK:
1479 {
1480 int lba;
66c6ef76
FB		 1481 int64_t total_sectors;
1482
1483 bdrv_get_geometry(s->bs, &total_sectors);
1484 total_sectors >>= 2;
1485 if (total_sectors <= 0) {
5fafdf24 1486 ide_atapi_cmd_error(s, SENSE_NOT_READY,
5391d806
FB		 1487 ASC_MEDIUM_NOT_PRESENT);
1488 break;
1489 }
1490 lba = ube32_to_cpu(packet + 2);
66c6ef76 1491 if (lba >= total_sectors) {
5fafdf24 1492 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
5391d806
FB		 1493 ASC_LOGICAL_BLOCK_OOR);
1494 break;
1495 }
1496 ide_atapi_cmd_ok(s);
1497 }
1498 break;
1499 case GPCMD_START_STOP_UNIT:
1500 {
1501 int start, eject;
1502 start = packet[4] & 1;
1503 eject = (packet[4] >> 1) & 1;
5fafdf24 1504
caed8802
FB		 1505 if (eject && !start) {
1506 /* eject the disk */
66c6ef76
FB		 1507 bdrv_eject(s->bs, 1);
1508 } else if (eject && start) {
1509 /* close the tray */
1510 bdrv_eject(s->bs, 0);
caed8802 1511 }
5391d806
FB		 1512 ide_atapi_cmd_ok(s);
1513 }
1514 break;
1515 case GPCMD_MECHANISM_STATUS:
1516 {
1517 max_len = ube16_to_cpu(packet + 8);
1518 cpu_to_ube16(buf, 0);
1519 /* no current LBA */
1520 buf[2] = 0;
1521 buf[3] = 0;
1522 buf[4] = 0;
1523 buf[5] = 1;
1524 cpu_to_ube16(buf + 6, 0);
1525 ide_atapi_cmd_reply(s, 8, max_len);
1526 }
1527 break;
1528 case GPCMD_READ_TOC_PMA_ATIP:
1529 {
1530 int format, msf, start_track, len;
66c6ef76 1531 int64_t total_sectors;
5391d806 1532
66c6ef76
FB		 1533 bdrv_get_geometry(s->bs, &total_sectors);
1534 total_sectors >>= 2;
1535 if (total_sectors <= 0) {
5fafdf24 1536 ide_atapi_cmd_error(s, SENSE_NOT_READY,
5391d806
FB		 1537 ASC_MEDIUM_NOT_PRESENT);
1538 break;
1539 }
1540 max_len = ube16_to_cpu(packet + 7);
1541 format = packet[9] >> 6;
1542 msf = (packet[1] >> 1) & 1;
1543 start_track = packet[6];
1544 switch(format) {
1545 case 0:
66c6ef76 1546 len = cdrom_read_toc(total_sectors, buf, msf, start_track);
5391d806
FB		 1547 if (len < 0)
1548 goto error_cmd;
1549 ide_atapi_cmd_reply(s, len, max_len);
1550 break;
1551 case 1:
1552 /* multi session : only a single session defined */
1553 memset(buf, 0, 12);
1554 buf[1] = 0x0a;
1555 buf[2] = 0x01;
1556 buf[3] = 0x01;
1557 ide_atapi_cmd_reply(s, 12, max_len);
1558 break;
98087450 1559 case 2:
66c6ef76 1560 len = cdrom_read_toc_raw(total_sectors, buf, msf, start_track);
98087450
FB		 1561 if (len < 0)
1562 goto error_cmd;
1563 ide_atapi_cmd_reply(s, len, max_len);
1564 break;
5391d806 1565 default:
7f777bf3 1566 error_cmd:
5fafdf24 1567 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
7f777bf3
FB		 1568 ASC_INV_FIELD_IN_CMD_PACKET);
1569 break;
5391d806
FB		 1570 }
1571 }
1572 break;
1573 case GPCMD_READ_CDVD_CAPACITY:
66c6ef76
FB		 1574 {
1575 int64_t total_sectors;
1576
1577 bdrv_get_geometry(s->bs, &total_sectors);
1578 total_sectors >>= 2;
1579 if (total_sectors <= 0) {
5fafdf24 1580 ide_atapi_cmd_error(s, SENSE_NOT_READY,
66c6ef76
FB		 1581 ASC_MEDIUM_NOT_PRESENT);
1582 break;
1583 }
1584 /* NOTE: it is really the number of sectors minus 1 */
1585 cpu_to_ube32(buf, total_sectors - 1);
1586 cpu_to_ube32(buf + 4, 2048);
1587 ide_atapi_cmd_reply(s, 8, 8);
5391d806 1588 }
5391d806 1589 break;
d14049ea
TS		 1590 case GPCMD_READ_DVD_STRUCTURE:
1591 {
1592 int media = packet[1];
1593 int layer = packet[6];
1594 int format = packet[2];
1595 int64_t total_sectors;
1596
1597 if (media != 0 || layer != 0)
1598 {
1599 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1600 ASC_INV_FIELD_IN_CMD_PACKET);
1601 }
1602
1603 switch (format) {
1604 case 0:
1605 bdrv_get_geometry(s->bs, &total_sectors);
1606 total_sectors >>= 2;
1607
1608 memset(buf, 0, 2052);
1609
1610 buf[4] = 1; // DVD-ROM, part version 1
1611 buf[5] = 0xf; // 120mm disc, maximum rate unspecified
1612 buf[6] = 0; // one layer, embossed data
1613 buf[7] = 0;
1614
1615 cpu_to_ube32(buf + 8, 0);
1616 cpu_to_ube32(buf + 12, total_sectors - 1);
1617 cpu_to_ube32(buf + 16, total_sectors - 1);
1618
1619 cpu_to_be16wu((uint16_t *)buf, 2048 + 4);
1620
1621 ide_atapi_cmd_reply(s, 2048 + 3, 2048 + 4);
1622 break;
1623
1624 default:
1625 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1626 ASC_INV_FIELD_IN_CMD_PACKET);
1627 break;
1628 }
1629 }
1630 break;
1631 case GPCMD_SET_SPEED:
1632 ide_atapi_cmd_ok(s);
1633 break;
bd0d90b2
FB		 1634 case GPCMD_INQUIRY:
1635 max_len = packet[4];
1636 buf[0] = 0x05; /* CD-ROM */
1637 buf[1] = 0x80; /* removable */
1638 buf[2] = 0x00; /* ISO */
1639 buf[3] = 0x21; /* ATAPI-2 (XXX: put ATAPI-4 ?) */
aa1f17c1 1640 buf[4] = 31; /* additional length */
bd0d90b2
FB		 1641 buf[5] = 0; /* reserved */
1642 buf[6] = 0; /* reserved */
1643 buf[7] = 0; /* reserved */
1644 padstr8(buf + 8, 8, "QEMU");
1645 padstr8(buf + 16, 16, "QEMU CD-ROM");
1646 padstr8(buf + 32, 4, QEMU_VERSION);
1647 ide_atapi_cmd_reply(s, 36, max_len);
1648 break;
d14049ea
TS		 1649 case GPCMD_GET_CONFIGURATION:
1650 {
1651 int64_t total_sectors;
1652
1653 /* only feature 0 is supported */
1654 if (packet[2] != 0 || packet[3] != 0) {
1655 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1656 ASC_INV_FIELD_IN_CMD_PACKET);
1657 break;
1658 }
1659 memset(buf, 0, 32);
1660 bdrv_get_geometry(s->bs, &total_sectors);
1661 buf[3] = 16;
1662 buf[7] = total_sectors <= 1433600 ? 0x08 : 0x10; /* current profile */
1663 buf[10] = 0x10 | 0x1;
1664 buf[11] = 0x08; /* size of profile list */
1665 buf[13] = 0x10; /* DVD-ROM profile */
1666 buf[14] = buf[7] == 0x10; /* (in)active */
1667 buf[17] = 0x08; /* CD-ROM profile */
1668 buf[18] = buf[7] == 0x08; /* (in)active */
1669 ide_atapi_cmd_reply(s, 32, 32);
1670 break;
1671 }
5391d806 1672 default:
5fafdf24 1673 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
7f777bf3 1674 ASC_ILLEGAL_OPCODE);
5391d806
FB		 1675 break;
1676 }
1677}
1678
201a51fc
AZ		 1679static void ide_cfata_metadata_inquiry(IDEState *s)
1680{
1681 uint16_t *p;
1682 uint32_t spd;
1683
1684 p = (uint16_t *) s->io_buffer;
1685 memset(p, 0, 0x200);
1686 spd = ((s->mdata_size - 1) >> 9) + 1;
1687
1688 put_le16(p + 0, 0x0001); /* Data format revision */
1689 put_le16(p + 1, 0x0000); /* Media property: silicon */
1690 put_le16(p + 2, s->media_changed); /* Media status */
1691 put_le16(p + 3, s->mdata_size & 0xffff); /* Capacity in bytes (low) */
1692 put_le16(p + 4, s->mdata_size >> 16); /* Capacity in bytes (high) */
1693 put_le16(p + 5, spd & 0xffff); /* Sectors per device (low) */
1694 put_le16(p + 6, spd >> 16); /* Sectors per device (high) */
1695}
1696
1697static void ide_cfata_metadata_read(IDEState *s)
1698{
1699 uint16_t *p;
1700
1701 if (((s->hcyl << 16) | s->lcyl) << 9 > s->mdata_size + 2) {
1702 s->status = ERR_STAT;
1703 s->error = ABRT_ERR;
1704 return;
1705 }
1706
1707 p = (uint16_t *) s->io_buffer;
1708 memset(p, 0, 0x200);
1709
1710 put_le16(p + 0, s->media_changed); /* Media status */
1711 memcpy(p + 1, s->mdata_storage + (((s->hcyl << 16) | s->lcyl) << 9),
1712 MIN(MIN(s->mdata_size - (((s->hcyl << 16) | s->lcyl) << 9),
1713 s->nsector << 9), 0x200 - 2));
1714}
1715
1716static void ide_cfata_metadata_write(IDEState *s)
1717{
1718 if (((s->hcyl << 16) | s->lcyl) << 9 > s->mdata_size + 2) {
1719 s->status = ERR_STAT;
1720 s->error = ABRT_ERR;
1721 return;
1722 }
1723
1724 s->media_changed = 0;
1725
1726 memcpy(s->mdata_storage + (((s->hcyl << 16) | s->lcyl) << 9),
1727 s->io_buffer + 2,
1728 MIN(MIN(s->mdata_size - (((s->hcyl << 16) | s->lcyl) << 9),
1729 s->nsector << 9), 0x200 - 2));
1730}
1731
bd491d6a
TS		 1732/* called when the inserted state of the media has changed */
1733static void cdrom_change_cb(void *opaque)
1734{
1735 IDEState *s = opaque;
1736 int64_t nb_sectors;
1737
1738 /* XXX: send interrupt too */
1739 bdrv_get_geometry(s->bs, &nb_sectors);
1740 s->nb_sectors = nb_sectors;
1741}
1742
c2ff060f
FB		 1743static void ide_cmd_lba48_transform(IDEState *s, int lba48)
1744{
1745 s->lba48 = lba48;
1746
1747 /* handle the 'magic' 0 nsector count conversion here. to avoid
1748 * fiddling with the rest of the read logic, we just store the
1749 * full sector count in ->nsector and ignore ->hob_nsector from now
1750 */
1751 if (!s->lba48) {
1752 if (!s->nsector)
1753 s->nsector = 256;
1754 } else {
1755 if (!s->nsector && !s->hob_nsector)
1756 s->nsector = 65536;
1757 else {
1758 int lo = s->nsector;
1759 int hi = s->hob_nsector;
1760
1761 s->nsector = (hi << 8) | lo;
1762 }
1763 }
1764}
1765
1766static void ide_clear_hob(IDEState *ide_if)
1767{
1768 /* any write clears HOB high bit of device control register */
1769 ide_if[0].select &= ~(1 << 7);
1770 ide_if[1].select &= ~(1 << 7);
1771}
1772
caed8802
FB		 1773static void ide_ioport_write(void *opaque, uint32_t addr, uint32_t val)
1774{
1775 IDEState *ide_if = opaque;
c45c3d00 1776 IDEState *s;
5391d806 1777 int unit, n;
c2ff060f 1778 int lba48 = 0;
5391d806
FB		 1779
1780#ifdef DEBUG_IDE
1781 printf("IDE: write addr=0x%x val=0x%02x\n", addr, val);
1782#endif
c2ff060f 1783
5391d806
FB		 1784 addr &= 7;
1785 switch(addr) {
1786 case 0:
1787 break;
1788 case 1:
c2ff060f 1789 ide_clear_hob(ide_if);
c45c3d00 1790 /* NOTE: data is written to the two drives */
c2ff060f
FB		 1791 ide_if[0].hob_feature = ide_if[0].feature;
1792 ide_if[1].hob_feature = ide_if[1].feature;
c45c3d00
FB		 1793 ide_if[0].feature = val;
1794 ide_if[1].feature = val;
5391d806
FB		 1795 break;
1796 case 2:
c2ff060f
FB		 1797 ide_clear_hob(ide_if);
1798 ide_if[0].hob_nsector = ide_if[0].nsector;
1799 ide_if[1].hob_nsector = ide_if[1].nsector;
c45c3d00
FB		 1800 ide_if[0].nsector = val;
1801 ide_if[1].nsector = val;
5391d806
FB		 1802 break;
1803 case 3:
c2ff060f
FB		 1804 ide_clear_hob(ide_if);
1805 ide_if[0].hob_sector = ide_if[0].sector;
1806 ide_if[1].hob_sector = ide_if[1].sector;
c45c3d00
FB		 1807 ide_if[0].sector = val;
1808 ide_if[1].sector = val;
5391d806
FB		 1809 break;
1810 case 4:
c2ff060f
FB		 1811 ide_clear_hob(ide_if);
1812 ide_if[0].hob_lcyl = ide_if[0].lcyl;
1813 ide_if[1].hob_lcyl = ide_if[1].lcyl;
c45c3d00
FB		 1814 ide_if[0].lcyl = val;
1815 ide_if[1].lcyl = val;
5391d806
FB		 1816 break;
1817 case 5:
c2ff060f
FB		 1818 ide_clear_hob(ide_if);
1819 ide_if[0].hob_hcyl = ide_if[0].hcyl;
1820 ide_if[1].hob_hcyl = ide_if[1].hcyl;
c45c3d00
FB		 1821 ide_if[0].hcyl = val;
1822 ide_if[1].hcyl = val;
5391d806
FB		 1823 break;
1824 case 6:
c2ff060f 1825 /* FIXME: HOB readback uses bit 7 */
7ae98627
FB		 1826 ide_if[0].select = (val & ~0x10) | 0xa0;
1827 ide_if[1].select = (val | 0x10) | 0xa0;
5391d806
FB		 1828 /* select drive */
1829 unit = (val >> 4) & 1;
1830 s = ide_if + unit;
1831 ide_if->cur_drive = s;
5391d806
FB		 1832 break;
1833 default:
1834 case 7:
1835 /* command */
1836#if defined(DEBUG_IDE)
1837 printf("ide: CMD=%02x\n", val);
1838#endif
c45c3d00 1839 s = ide_if->cur_drive;
66201e2d 1840 /* ignore commands to non existant slave */
5fafdf24 1841 if (s != ide_if && !s->bs)
66201e2d 1842 break;
c2ff060f 1843
5391d806
FB		 1844 switch(val) {
1845 case WIN_IDENTIFY:
1846 if (s->bs && !s->is_cdrom) {
201a51fc
AZ		 1847 if (!s->is_cf)
1848 ide_identify(s);
1849 else
1850 ide_cfata_identify(s);
2a282056 1851 s->status = READY_STAT | SEEK_STAT;
5391d806
FB		 1852 ide_transfer_start(s, s->io_buffer, 512, ide_transfer_stop);
1853 } else {
1854 if (s->is_cdrom) {
1855 ide_set_signature(s);
1856 }
1857 ide_abort_command(s);
1858 }
1859 ide_set_irq(s);
1860 break;
1861 case WIN_SPECIFY:
1862 case WIN_RECAL:
a136e5a8 1863 s->error = 0;
769bec72 1864 s->status = READY_STAT | SEEK_STAT;
5391d806
FB		 1865 ide_set_irq(s);
1866 break;
1867 case WIN_SETMULT:
201a51fc
AZ		 1868 if (s->is_cf && s->nsector == 0) {
1869 /* Disable Read and Write Multiple */
1870 s->mult_sectors = 0;
1871 s->status = READY_STAT;
1872 } else if ((s->nsector & 0xff) != 0 &&
39dfc926
TS		 1873 ((s->nsector & 0xff) > MAX_MULT_SECTORS ||
1874 (s->nsector & (s->nsector - 1)) != 0)) {
5391d806
FB		 1875 ide_abort_command(s);
1876 } else {
292eef5a 1877 s->mult_sectors = s->nsector & 0xff;
5391d806
FB		 1878 s->status = READY_STAT;
1879 }
1880 ide_set_irq(s);
1881 break;
c2ff060f
FB		 1882 case WIN_VERIFY_EXT:
1883 lba48 = 1;
4ce900b4
FB		 1884 case WIN_VERIFY:
1885 case WIN_VERIFY_ONCE:
1886 /* do sector number check ? */
c2ff060f 1887 ide_cmd_lba48_transform(s, lba48);
4ce900b4
FB		 1888 s->status = READY_STAT;
1889 ide_set_irq(s);
1890 break;
c2ff060f
FB		 1891 case WIN_READ_EXT:
1892 lba48 = 1;
5391d806
FB		 1893 case WIN_READ:
1894 case WIN_READ_ONCE:
5fafdf24 1895 if (!s->bs)
6b136f9e 1896 goto abort_cmd;
c2ff060f 1897 ide_cmd_lba48_transform(s, lba48);
5391d806
FB		 1898 s->req_nb_sectors = 1;
1899 ide_sector_read(s);
1900 break;
c2ff060f
FB		 1901 case WIN_WRITE_EXT:
1902 lba48 = 1;
5391d806
FB		 1903 case WIN_WRITE:
1904 case WIN_WRITE_ONCE:
201a51fc
AZ		 1905 case CFA_WRITE_SECT_WO_ERASE:
1906 case WIN_WRITE_VERIFY:
c2ff060f 1907 ide_cmd_lba48_transform(s, lba48);
a136e5a8 1908 s->error = 0;
f66723fa 1909 s->status = SEEK_STAT | READY_STAT;
5391d806
FB		 1910 s->req_nb_sectors = 1;
1911 ide_transfer_start(s, s->io_buffer, 512, ide_sector_write);
201a51fc 1912 s->media_changed = 1;
5391d806 1913 break;
c2ff060f
FB		 1914 case WIN_MULTREAD_EXT:
1915 lba48 = 1;
5391d806
FB		 1916 case WIN_MULTREAD:
1917 if (!s->mult_sectors)
1918 goto abort_cmd;
c2ff060f 1919 ide_cmd_lba48_transform(s, lba48);
5391d806
FB		 1920 s->req_nb_sectors = s->mult_sectors;
1921 ide_sector_read(s);
1922 break;
c2ff060f
FB		 1923 case WIN_MULTWRITE_EXT:
1924 lba48 = 1;
5391d806 1925 case WIN_MULTWRITE:
201a51fc 1926 case CFA_WRITE_MULTI_WO_ERASE:
5391d806
FB		 1927 if (!s->mult_sectors)
1928 goto abort_cmd;
c2ff060f 1929 ide_cmd_lba48_transform(s, lba48);
a136e5a8 1930 s->error = 0;
f66723fa 1931 s->status = SEEK_STAT | READY_STAT;
5391d806
FB		 1932 s->req_nb_sectors = s->mult_sectors;
1933 n = s->nsector;
1934 if (n > s->req_nb_sectors)
1935 n = s->req_nb_sectors;
1936 ide_transfer_start(s, s->io_buffer, 512 * n, ide_sector_write);
201a51fc 1937 s->media_changed = 1;
5391d806 1938 break;
c2ff060f
FB		 1939 case WIN_READDMA_EXT:
1940 lba48 = 1;
98087450
FB		 1941 case WIN_READDMA:
1942 case WIN_READDMA_ONCE:
5fafdf24 1943 if (!s->bs)
98087450 1944 goto abort_cmd;
c2ff060f 1945 ide_cmd_lba48_transform(s, lba48);
98087450
FB		 1946 ide_sector_read_dma(s);
1947 break;
c2ff060f
FB		 1948 case WIN_WRITEDMA_EXT:
1949 lba48 = 1;
98087450
FB		 1950 case WIN_WRITEDMA:
1951 case WIN_WRITEDMA_ONCE:
5fafdf24 1952 if (!s->bs)
98087450 1953 goto abort_cmd;
c2ff060f 1954 ide_cmd_lba48_transform(s, lba48);
98087450 1955 ide_sector_write_dma(s);
201a51fc 1956 s->media_changed = 1;
98087450 1957 break;
c2ff060f
FB		 1958 case WIN_READ_NATIVE_MAX_EXT:
1959 lba48 = 1;
5391d806 1960 case WIN_READ_NATIVE_MAX:
c2ff060f 1961 ide_cmd_lba48_transform(s, lba48);
5391d806
FB		 1962 ide_set_sector(s, s->nb_sectors - 1);
1963 s->status = READY_STAT;
1964 ide_set_irq(s);
1965 break;
a136e5a8 1966 case WIN_CHECKPOWERMODE1:
201a51fc 1967 case WIN_CHECKPOWERMODE2:
a136e5a8
FB		 1968 s->nsector = 0xff; /* device active or idle */
1969 s->status = READY_STAT;
1970 ide_set_irq(s);
1971 break;
34e538ae
FB		 1972 case WIN_SETFEATURES:
1973 if (!s->bs)
1974 goto abort_cmd;
1975 /* XXX: valid for CDROM ? */
1976 switch(s->feature) {
e1f63470
TS		 1977 case 0xcc: /* reverting to power-on defaults enable */
1978 case 0x66: /* reverting to power-on defaults disable */
34e538ae
FB		 1979 case 0x02: /* write cache enable */
1980 case 0x82: /* write cache disable */
1981 case 0xaa: /* read look-ahead enable */
1982 case 0x55: /* read look-ahead disable */
201a51fc
AZ		 1983 case 0x05: /* set advanced power management mode */
1984 case 0x85: /* disable advanced power management mode */
1985 case 0x69: /* NOP */
1986 case 0x67: /* NOP */
1987 case 0x96: /* NOP */
1988 case 0x9a: /* NOP */
c3e88d8c
TS		 1989 case 0x42: /* enable Automatic Acoustic Mode */
1990 case 0xc2: /* disable Automatic Acoustic Mode */
e0fe67aa 1991 s->status = READY_STAT | SEEK_STAT;
34e538ae
FB		 1992 ide_set_irq(s);
1993 break;
94458802
FB		 1994 case 0x03: { /* set transfer mode */
1995 uint8_t val = s->nsector & 0x07;
1996
1997 switch (s->nsector >> 3) {
1998 case 0x00: /* pio default */
1999 case 0x01: /* pio mode */
2000 put_le16(s->identify_data + 63,0x07);
2001 put_le16(s->identify_data + 88,0x3f);
2002 break;
2003 case 0x04: /* mdma mode */
2004 put_le16(s->identify_data + 63,0x07 | (1 << (val + 8)));
2005 put_le16(s->identify_data + 88,0x3f);
2006 break;
2007 case 0x08: /* udma mode */
2008 put_le16(s->identify_data + 63,0x07);
2009 put_le16(s->identify_data + 88,0x3f | (1 << (val + 8)));
2010 break;
2011 default:
2012 goto abort_cmd;
2013 }
2014 s->status = READY_STAT | SEEK_STAT;
2015 ide_set_irq(s);
2016 break;
2017 }
34e538ae
FB		 2018 default:
2019 goto abort_cmd;
2020 }
2021 break;
c2ff060f
FB		 2022 case WIN_FLUSH_CACHE:
2023 case WIN_FLUSH_CACHE_EXT:
7a6cba61
PB		 2024 if (s->bs)
2025 bdrv_flush(s->bs);
2026 s->status = READY_STAT;
2027 ide_set_irq(s);
2028 break;
c3e88d8c
TS		 2029 case WIN_STANDBY:
2030 case WIN_STANDBY2:
2031 case WIN_STANDBYNOW1:
201a51fc 2032 case WIN_STANDBYNOW2:
c451ee71 2033 case WIN_IDLEIMMEDIATE:
201a51fc
AZ		 2034 case CFA_IDLEIMMEDIATE:
2035 case WIN_SETIDLE1:
2036 case WIN_SETIDLE2:
c3e88d8c
TS		 2037 case WIN_SLEEPNOW1:
2038 case WIN_SLEEPNOW2:
2039 s->status = READY_STAT;
a7dfe172
FB		 2040 ide_set_irq(s);
2041 break;
5391d806
FB		 2042 /* ATAPI commands */
2043 case WIN_PIDENTIFY:
2044 if (s->is_cdrom) {
2045 ide_atapi_identify(s);
1298fe63 2046 s->status = READY_STAT | SEEK_STAT;
5391d806
FB		 2047 ide_transfer_start(s, s->io_buffer, 512, ide_transfer_stop);
2048 } else {
2049 ide_abort_command(s);
2050 }
2051 ide_set_irq(s);
2052 break;
c451ee71
FB		 2053 case WIN_DIAGNOSE:
2054 ide_set_signature(s);
2055 s->status = 0x00; /* NOTE: READY is _not_ set */
2056 s->error = 0x01;
2057 break;
5391d806
FB		 2058 case WIN_SRST:
2059 if (!s->is_cdrom)
2060 goto abort_cmd;
2061 ide_set_signature(s);
6b136f9e 2062 s->status = 0x00; /* NOTE: READY is _not_ set */
5391d806
FB		 2063 s->error = 0x01;
2064 break;
2065 case WIN_PACKETCMD:
2066 if (!s->is_cdrom)
2067 goto abort_cmd;
98087450
FB		 2068 /* overlapping commands not supported */
2069 if (s->feature & 0x02)
5391d806 2070 goto abort_cmd;
7603d156 2071 s->status = READY_STAT;
98087450 2072 s->atapi_dma = s->feature & 1;
5391d806 2073 s->nsector = 1;
5fafdf24 2074 ide_transfer_start(s, s->io_buffer, ATAPI_PACKET_SIZE,
5391d806
FB		 2075 ide_atapi_cmd);
2076 break;
201a51fc
AZ		 2077 /* CF-ATA commands */
2078 case CFA_REQ_EXT_ERROR_CODE:
2079 if (!s->is_cf)
2080 goto abort_cmd;
2081 s->error = 0x09; /* miscellaneous error */
2082 s->status = READY_STAT;
2083 ide_set_irq(s);
2084 break;
2085 case CFA_ERASE_SECTORS:
2086 case CFA_WEAR_LEVEL:
2087 if (!s->is_cf)
2088 goto abort_cmd;
2089 if (val == CFA_WEAR_LEVEL)
2090 s->nsector = 0;
2091 if (val == CFA_ERASE_SECTORS)
2092 s->media_changed = 1;
2093 s->error = 0x00;
2094 s->status = READY_STAT;
2095 ide_set_irq(s);
2096 break;
2097 case CFA_TRANSLATE_SECTOR:
2098 if (!s->is_cf)
2099 goto abort_cmd;
2100 s->error = 0x00;
2101 s->status = READY_STAT;
2102 memset(s->io_buffer, 0, 0x200);
2103 s->io_buffer[0x00] = s->hcyl; /* Cyl MSB */
2104 s->io_buffer[0x01] = s->lcyl; /* Cyl LSB */
2105 s->io_buffer[0x02] = s->select; /* Head */
2106 s->io_buffer[0x03] = s->sector; /* Sector */
2107 s->io_buffer[0x04] = ide_get_sector(s) >> 16; /* LBA MSB */
2108 s->io_buffer[0x05] = ide_get_sector(s) >> 8; /* LBA */
2109 s->io_buffer[0x06] = ide_get_sector(s) >> 0; /* LBA LSB */
2110 s->io_buffer[0x13] = 0x00; /* Erase flag */
2111 s->io_buffer[0x18] = 0x00; /* Hot count */
2112 s->io_buffer[0x19] = 0x00; /* Hot count */
2113 s->io_buffer[0x1a] = 0x01; /* Hot count */
2114 ide_transfer_start(s, s->io_buffer, 0x200, ide_transfer_stop);
2115 ide_set_irq(s);
2116 break;
2117 case CFA_ACCESS_METADATA_STORAGE:
2118 if (!s->is_cf)
2119 goto abort_cmd;
2120 switch (s->feature) {
2121 case 0x02: /* Inquiry Metadata Storage */
2122 ide_cfata_metadata_inquiry(s);
2123 break;
2124 case 0x03: /* Read Metadata Storage */
2125 ide_cfata_metadata_read(s);
2126 break;
2127 case 0x04: /* Write Metadata Storage */
2128 ide_cfata_metadata_write(s);
2129 break;
2130 default:
2131 goto abort_cmd;
2132 }
2133 ide_transfer_start(s, s->io_buffer, 0x200, ide_transfer_stop);
2134 s->status = 0x00; /* NOTE: READY is _not_ set */
2135 ide_set_irq(s);
2136 break;
2137 case IBM_SENSE_CONDITION:
2138 if (!s->is_cf)
2139 goto abort_cmd;
2140 switch (s->feature) {
2141 case 0x01: /* sense temperature in device */
2142 s->nsector = 0x50; /* +20 C */
2143 break;
2144 default:
2145 goto abort_cmd;
2146 }
2147 s->status = READY_STAT;
2148 ide_set_irq(s);
2149 break;
5391d806
FB		 2150 default:
2151 abort_cmd:
2152 ide_abort_command(s);
2153 ide_set_irq(s);
2154 break;
2155 }
2156 }
2157}
2158
caed8802 2159static uint32_t ide_ioport_read(void *opaque, uint32_t addr1)
5391d806 2160{
7ae98627
FB		 2161 IDEState *ide_if = opaque;
2162 IDEState *s = ide_if->cur_drive;
5391d806 2163 uint32_t addr;
c2ff060f 2164 int ret, hob;
5391d806
FB		 2165
2166 addr = addr1 & 7;
c2ff060f
FB		 2167 /* FIXME: HOB readback uses bit 7, but it's always set right now */
2168 //hob = s->select & (1 << 7);
2169 hob = 0;
5391d806
FB		 2170 switch(addr) {
2171 case 0:
2172 ret = 0xff;
2173 break;
2174 case 1:
7ae98627 2175 if (!ide_if[0].bs && !ide_if[1].bs)
c45c3d00 2176 ret = 0;
c2ff060f 2177 else if (!hob)
c45c3d00 2178 ret = s->error;
c2ff060f
FB		 2179 else
2180 ret = s->hob_feature;
5391d806
FB		 2181 break;
2182 case 2:
7ae98627 2183 if (!ide_if[0].bs && !ide_if[1].bs)
c45c3d00 2184 ret = 0;
c2ff060f 2185 else if (!hob)
c45c3d00 2186 ret = s->nsector & 0xff;
c2ff060f
FB		 2187 else
2188 ret = s->hob_nsector;
5391d806
FB		 2189 break;
2190 case 3:
7ae98627 2191 if (!ide_if[0].bs && !ide_if[1].bs)
c45c3d00 2192 ret = 0;
c2ff060f 2193 else if (!hob)
c45c3d00 2194 ret = s->sector;
c2ff060f
FB		 2195 else
2196 ret = s->hob_sector;
5391d806
FB		 2197 break;
2198 case 4:
7ae98627 2199 if (!ide_if[0].bs && !ide_if[1].bs)
c45c3d00 2200 ret = 0;
c2ff060f 2201 else if (!hob)
c45c3d00 2202 ret = s->lcyl;
c2ff060f
FB		 2203 else
2204 ret = s->hob_lcyl;
5391d806
FB		 2205 break;
2206 case 5:
7ae98627 2207 if (!ide_if[0].bs && !ide_if[1].bs)
c45c3d00 2208 ret = 0;
c2ff060f 2209 else if (!hob)
c45c3d00 2210 ret = s->hcyl;
c2ff060f
FB		 2211 else
2212 ret = s->hob_hcyl;
5391d806
FB		 2213 break;
2214 case 6:
7ae98627 2215 if (!ide_if[0].bs && !ide_if[1].bs)
c45c3d00
FB		 2216 ret = 0;
2217 else
7ae98627 2218 ret = s->select;
5391d806
FB		 2219 break;
2220 default:
2221 case 7:
66201e2d
FB		 2222 if ((!ide_if[0].bs && !ide_if[1].bs) ||
2223 (s != ide_if && !s->bs))
c45c3d00
FB		 2224 ret = 0;
2225 else
2226 ret = s->status;
d537cf6c 2227 qemu_irq_lower(s->irq);
5391d806
FB		 2228 break;
2229 }
2230#ifdef DEBUG_IDE
2231 printf("ide: read addr=0x%x val=%02x\n", addr1, ret);
2232#endif
2233 return ret;
2234}
2235
caed8802 2236static uint32_t ide_status_read(void *opaque, uint32_t addr)
5391d806 2237{
7ae98627
FB		 2238 IDEState *ide_if = opaque;
2239 IDEState *s = ide_if->cur_drive;
5391d806 2240 int ret;
7ae98627 2241
66201e2d
FB		 2242 if ((!ide_if[0].bs && !ide_if[1].bs) ||
2243 (s != ide_if && !s->bs))
7ae98627
FB		 2244 ret = 0;
2245 else
2246 ret = s->status;
5391d806
FB		 2247#ifdef DEBUG_IDE
2248 printf("ide: read status addr=0x%x val=%02x\n", addr, ret);
2249#endif
2250 return ret;
2251}
2252
caed8802 2253static void ide_cmd_write(void *opaque, uint32_t addr, uint32_t val)
5391d806 2254{
caed8802 2255 IDEState *ide_if = opaque;
5391d806
FB		 2256 IDEState *s;
2257 int i;
2258
2259#ifdef DEBUG_IDE
2260 printf("ide: write control addr=0x%x val=%02x\n", addr, val);
2261#endif
2262 /* common for both drives */
2263 if (!(ide_if[0].cmd & IDE_CMD_RESET) &&
2264 (val & IDE_CMD_RESET)) {
2265 /* reset low to high */
2266 for(i = 0;i < 2; i++) {
2267 s = &ide_if[i];
2268 s->status = BUSY_STAT | SEEK_STAT;
2269 s->error = 0x01;
2270 }
2271 } else if ((ide_if[0].cmd & IDE_CMD_RESET) &&
2272 !(val & IDE_CMD_RESET)) {
2273 /* high to low */
2274 for(i = 0;i < 2; i++) {
2275 s = &ide_if[i];
6b136f9e
FB		 2276 if (s->is_cdrom)
2277 s->status = 0x00; /* NOTE: READY is _not_ set */
2278 else
56bf1d37 2279 s->status = READY_STAT | SEEK_STAT;
5391d806
FB		 2280 ide_set_signature(s);
2281 }
2282 }
2283
2284 ide_if[0].cmd = val;
2285 ide_if[1].cmd = val;
2286}
2287
caed8802 2288static void ide_data_writew(void *opaque, uint32_t addr, uint32_t val)
5391d806 2289{
caed8802 2290 IDEState *s = ((IDEState *)opaque)->cur_drive;
5391d806
FB		 2291 uint8_t *p;
2292
2293 p = s->data_ptr;
0c4ad8dc 2294 *(uint16_t *)p = le16_to_cpu(val);
5391d806
FB		 2295 p += 2;
2296 s->data_ptr = p;
2297 if (p >= s->data_end)
2298 s->end_transfer_func(s);
2299}
2300
caed8802 2301static uint32_t ide_data_readw(void *opaque, uint32_t addr)
5391d806 2302{
caed8802 2303 IDEState *s = ((IDEState *)opaque)->cur_drive;
5391d806
FB		 2304 uint8_t *p;
2305 int ret;
2306 p = s->data_ptr;
0c4ad8dc 2307 ret = cpu_to_le16(*(uint16_t *)p);
5391d806
FB		 2308 p += 2;
2309 s->data_ptr = p;
2310 if (p >= s->data_end)
2311 s->end_transfer_func(s);
2312 return ret;
2313}
2314
caed8802 2315static void ide_data_writel(void *opaque, uint32_t addr, uint32_t val)
5391d806 2316{
caed8802 2317 IDEState *s = ((IDEState *)opaque)->cur_drive;
5391d806
FB		 2318 uint8_t *p;
2319
2320 p = s->data_ptr;
0c4ad8dc 2321 *(uint32_t *)p = le32_to_cpu(val);
5391d806
FB		 2322 p += 4;
2323 s->data_ptr = p;
2324 if (p >= s->data_end)
2325 s->end_transfer_func(s);
2326}
2327
caed8802 2328static uint32_t ide_data_readl(void *opaque, uint32_t addr)
5391d806 2329{
caed8802 2330 IDEState *s = ((IDEState *)opaque)->cur_drive;
5391d806
FB		 2331 uint8_t *p;
2332 int ret;
5fafdf24 2333
5391d806 2334 p = s->data_ptr;
0c4ad8dc 2335 ret = cpu_to_le32(*(uint32_t *)p);
5391d806
FB		 2336 p += 4;
2337 s->data_ptr = p;
2338 if (p >= s->data_end)
2339 s->end_transfer_func(s);
2340 return ret;
2341}
2342
a7dfe172
FB		 2343static void ide_dummy_transfer_stop(IDEState *s)
2344{
2345 s->data_ptr = s->io_buffer;
2346 s->data_end = s->io_buffer;
2347 s->io_buffer[0] = 0xff;
2348 s->io_buffer[1] = 0xff;
2349 s->io_buffer[2] = 0xff;
2350 s->io_buffer[3] = 0xff;
2351}
2352
5391d806
FB		 2353static void ide_reset(IDEState *s)
2354{
201a51fc
AZ		 2355 if (s->is_cf)
2356 s->mult_sectors = 0;
2357 else
2358 s->mult_sectors = MAX_MULT_SECTORS;
5391d806
FB		 2359 s->cur_drive = s;
2360 s->select = 0xa0;
2361 s->status = READY_STAT;
2362 ide_set_signature(s);
a7dfe172
FB		 2363 /* init the transfer handler so that 0xffff is returned on data
2364 accesses */
2365 s->end_transfer_func = ide_dummy_transfer_stop;
2366 ide_dummy_transfer_stop(s);
201a51fc 2367 s->media_changed = 0;
5391d806
FB		 2368}
2369
2370struct partition {
2371 uint8_t boot_ind; /* 0x80 - active */
2372 uint8_t head; /* starting head */
2373 uint8_t sector; /* starting sector */
2374 uint8_t cyl; /* starting cylinder */
2375 uint8_t sys_ind; /* What partition type */
2376 uint8_t end_head; /* end head */
2377 uint8_t end_sector; /* end sector */
2378 uint8_t end_cyl; /* end cylinder */
2379 uint32_t start_sect; /* starting sector counting from 0 */
2380 uint32_t nr_sects; /* nr of sectors in partition */
2381} __attribute__((packed));
2382
bf1b938f 2383/* try to guess the disk logical geometry from the MSDOS partition table. Return 0 if OK, -1 if could not guess */
5fafdf24 2384static int guess_disk_lchs(IDEState *s,
bf1b938f 2385 int *pcylinders, int *pheads, int *psectors)
5391d806
FB		 2386{
2387 uint8_t buf[512];
46d4767d 2388 int ret, i, heads, sectors, cylinders;
5391d806
FB		 2389 struct partition *p;
2390 uint32_t nr_sects;
2391
5391d806
FB		 2392 ret = bdrv_read(s->bs, 0, buf, 1);
2393 if (ret < 0)
bf1b938f 2394 return -1;
5391d806
FB		 2395 /* test msdos magic */
2396 if (buf[510] != 0x55 || buf[511] != 0xaa)
bf1b938f 2397 return -1;
5391d806
FB		 2398 for(i = 0; i < 4; i++) {
2399 p = ((struct partition *)(buf + 0x1be)) + i;
0c4ad8dc 2400 nr_sects = le32_to_cpu(p->nr_sects);
5391d806
FB		 2401 if (nr_sects && p->end_head) {
2402 /* We make the assumption that the partition terminates on
2403 a cylinder boundary */
46d4767d 2404 heads = p->end_head + 1;
46d4767d
FB		 2405 sectors = p->end_sector & 63;
2406 if (sectors == 0)
2407 continue;
2408 cylinders = s->nb_sectors / (heads * sectors);
2409 if (cylinders < 1 || cylinders > 16383)
2410 continue;
bf1b938f
FB		 2411 *pheads = heads;
2412 *psectors = sectors;
2413 *pcylinders = cylinders;
5391d806 2414#if 0
5fafdf24 2415 printf("guessed geometry: LCHS=%d %d %d\n",
bf1b938f 2416 cylinders, heads, sectors);
5391d806 2417#endif
bf1b938f 2418 return 0;
5391d806
FB		 2419 }
2420 }
bf1b938f 2421 return -1;
5391d806
FB		 2422}
2423
5457c8ce
FB		 2424static void ide_init2(IDEState *ide_state,
2425 BlockDriverState *hd0, BlockDriverState *hd1,
d537cf6c 2426 qemu_irq irq)
5391d806 2427{
69b91039 2428 IDEState *s;
aedf5382 2429 static int drive_serial = 1;
4dbb0f50 2430 int i, cylinders, heads, secs, translation, lba_detected = 0;
5391d806 2431 int64_t nb_sectors;
5391d806 2432
caed8802
FB		 2433 for(i = 0; i < 2; i++) {
2434 s = ide_state + i;
2435 if (i == 0)
2436 s->bs = hd0;
2437 else
2438 s->bs = hd1;
5391d806
FB		 2439 if (s->bs) {
2440 bdrv_get_geometry(s->bs, &nb_sectors);
2441 s->nb_sectors = nb_sectors;
caed8802
FB		 2442 /* if a geometry hint is available, use it */
2443 bdrv_get_geometry_hint(s->bs, &cylinders, &heads, &secs);
4dbb0f50 2444 translation = bdrv_get_translation_hint(s->bs);
caed8802 2445 if (cylinders != 0) {
5391d806 2446 s->cylinders = cylinders;
caed8802
FB		 2447 s->heads = heads;
2448 s->sectors = secs;
2449 } else {
bf1b938f
FB		 2450 if (guess_disk_lchs(s, &cylinders, &heads, &secs) == 0) {
2451 if (heads > 16) {
2452 /* if heads > 16, it means that a BIOS LBA
2453 translation was active, so the default
2454 hardware geometry is OK */
4dbb0f50 2455 lba_detected = 1;
bf1b938f
FB		 2456 goto default_geometry;
2457 } else {
2458 s->cylinders = cylinders;
2459 s->heads = heads;
2460 s->sectors = secs;
2461 /* disable any translation to be in sync with
2462 the logical geometry */
bf1b938f
FB		 2463 if (translation == BIOS_ATA_TRANSLATION_AUTO) {
2464 bdrv_set_translation_hint(s->bs,
2465 BIOS_ATA_TRANSLATION_NONE);
2466 }
2467 }
2468 } else {
2469 default_geometry:
46d4767d 2470 /* if no geometry, use a standard physical disk geometry */
caed8802
FB		 2471 cylinders = nb_sectors / (16 * 63);
2472 if (cylinders > 16383)
2473 cylinders = 16383;
2474 else if (cylinders < 2)
2475 cylinders = 2;
2476 s->cylinders = cylinders;
2477 s->heads = 16;
2478 s->sectors = 63;
4dbb0f50
TS		 2479 if ((lba_detected == 1) && (translation == BIOS_ATA_TRANSLATION_AUTO)) {
2480 if ((s->cylinders * s->heads) <= 131072) {
2481 bdrv_set_translation_hint(s->bs,
2482 BIOS_ATA_TRANSLATION_LARGE);
2483 } else {
2484 bdrv_set_translation_hint(s->bs,
2485 BIOS_ATA_TRANSLATION_LBA);
2486 }
2487 }
caed8802 2488 }
769bec72 2489 bdrv_set_geometry_hint(s->bs, s->cylinders, s->heads, s->sectors);
caed8802
FB		 2490 }
2491 if (bdrv_get_type_hint(s->bs) == BDRV_TYPE_CDROM) {
2492 s->is_cdrom = 1;
bd491d6a 2493 bdrv_set_change_cb(s->bs, cdrom_change_cb, s);
5391d806
FB		 2494 }
2495 }
aedf5382 2496 s->drive_serial = drive_serial++;
caed8802 2497 s->irq = irq;
5fafdf24 2498 s->sector_write_timer = qemu_new_timer(vm_clock,
a09db21f 2499 ide_sector_write_timer_cb, s);
5391d806
FB		 2500 ide_reset(s);
2501 }
69b91039
FB		 2502}
2503
34e538ae 2504static void ide_init_ioport(IDEState *ide_state, int iobase, int iobase2)
69b91039 2505{
caed8802
FB		 2506 register_ioport_write(iobase, 8, 1, ide_ioport_write, ide_state);
2507 register_ioport_read(iobase, 8, 1, ide_ioport_read, ide_state);
2508 if (iobase2) {
2509 register_ioport_read(iobase2, 1, 1, ide_status_read, ide_state);
2510 register_ioport_write(iobase2, 1, 1, ide_cmd_write, ide_state);
5391d806 2511 }
5fafdf24 2512
caed8802
FB		 2513 /* data ports */
2514 register_ioport_write(iobase, 2, 2, ide_data_writew, ide_state);
2515 register_ioport_read(iobase, 2, 2, ide_data_readw, ide_state);
2516 register_ioport_write(iobase, 4, 4, ide_data_writel, ide_state);
2517 register_ioport_read(iobase, 4, 4, ide_data_readl, ide_state);
5391d806 2518}
69b91039 2519
aa941b94
AZ		 2520/* save per IDE drive data */
2521static void ide_save(QEMUFile* f, IDEState *s)
2522{
2523 qemu_put_be32s(f, &s->mult_sectors);
2524 qemu_put_be32s(f, &s->identify_set);
2525 if (s->identify_set) {
2526 qemu_put_buffer(f, (const uint8_t *)s->identify_data, 512);
2527 }
2528 qemu_put_8s(f, &s->feature);
2529 qemu_put_8s(f, &s->error);
2530 qemu_put_be32s(f, &s->nsector);
2531 qemu_put_8s(f, &s->sector);
2532 qemu_put_8s(f, &s->lcyl);
2533 qemu_put_8s(f, &s->hcyl);
2534 qemu_put_8s(f, &s->hob_feature);
2535 qemu_put_8s(f, &s->hob_nsector);
2536 qemu_put_8s(f, &s->hob_sector);
2537 qemu_put_8s(f, &s->hob_lcyl);
2538 qemu_put_8s(f, &s->hob_hcyl);
2539 qemu_put_8s(f, &s->select);
2540 qemu_put_8s(f, &s->status);
2541 qemu_put_8s(f, &s->lba48);
2542
2543 qemu_put_8s(f, &s->sense_key);
2544 qemu_put_8s(f, &s->asc);
2545 /* XXX: if a transfer is pending, we do not save it yet */
2546}
2547
2548/* load per IDE drive data */
2549static void ide_load(QEMUFile* f, IDEState *s)
2550{
2551 qemu_get_be32s(f, &s->mult_sectors);
2552 qemu_get_be32s(f, &s->identify_set);
2553 if (s->identify_set) {
2554 qemu_get_buffer(f, (uint8_t *)s->identify_data, 512);
2555 }
2556 qemu_get_8s(f, &s->feature);
2557 qemu_get_8s(f, &s->error);
2558 qemu_get_be32s(f, &s->nsector);
2559 qemu_get_8s(f, &s->sector);
2560 qemu_get_8s(f, &s->lcyl);
2561 qemu_get_8s(f, &s->hcyl);
2562 qemu_get_8s(f, &s->hob_feature);
2563 qemu_get_8s(f, &s->hob_nsector);
2564 qemu_get_8s(f, &s->hob_sector);
2565 qemu_get_8s(f, &s->hob_lcyl);
2566 qemu_get_8s(f, &s->hob_hcyl);
2567 qemu_get_8s(f, &s->select);
2568 qemu_get_8s(f, &s->status);
2569 qemu_get_8s(f, &s->lba48);
2570
2571 qemu_get_8s(f, &s->sense_key);
2572 qemu_get_8s(f, &s->asc);
2573 /* XXX: if a transfer is pending, we do not save it yet */
2574}
2575
34e538ae
FB		 2576/***********************************************************/
2577/* ISA IDE definitions */
2578
d537cf6c 2579void isa_ide_init(int iobase, int iobase2, qemu_irq irq,
34e538ae
FB		 2580 BlockDriverState *hd0, BlockDriverState *hd1)
2581{
2582 IDEState *ide_state;
2583
2584 ide_state = qemu_mallocz(sizeof(IDEState) * 2);
2585 if (!ide_state)
2586 return;
5fafdf24 2587
d537cf6c 2588 ide_init2(ide_state, hd0, hd1, irq);
34e538ae
FB		 2589 ide_init_ioport(ide_state, iobase, iobase2);
2590}
2591
69b91039
FB		 2592/***********************************************************/
2593/* PCI IDE definitions */
2594
5457c8ce
FB		 2595static void cmd646_update_irq(PCIIDEState *d);
2596
5fafdf24 2597static void ide_map(PCIDevice *pci_dev, int region_num,
69b91039
FB		 2598 uint32_t addr, uint32_t size, int type)
2599{
2600 PCIIDEState *d = (PCIIDEState *)pci_dev;
2601 IDEState *ide_state;
2602
2603 if (region_num <= 3) {
2604 ide_state = &d->ide_if[(region_num >> 1) * 2];
2605 if (region_num & 1) {
2606 register_ioport_read(addr + 2, 1, 1, ide_status_read, ide_state);
2607 register_ioport_write(addr + 2, 1, 1, ide_cmd_write, ide_state);
2608 } else {
2609 register_ioport_write(addr, 8, 1, ide_ioport_write, ide_state);
2610 register_ioport_read(addr, 8, 1, ide_ioport_read, ide_state);
2611
2612 /* data ports */
2613 register_ioport_write(addr, 2, 2, ide_data_writew, ide_state);
2614 register_ioport_read(addr, 2, 2, ide_data_readw, ide_state);
2615 register_ioport_write(addr, 4, 4, ide_data_writel, ide_state);
2616 register_ioport_read(addr, 4, 4, ide_data_readl, ide_state);
2617 }
2618 }
2619}
2620
8ccad811 2621static void ide_dma_start(IDEState *s, BlockDriverCompletionFunc *dma_cb)
98087450
FB		 2622{
2623 BMDMAState *bm = s->bmdma;
2624 if(!bm)
2625 return;
2626 bm->ide_if = s;
2627 bm->dma_cb = dma_cb;
8ccad811
FB		 2628 bm->cur_prd_last = 0;
2629 bm->cur_prd_addr = 0;
2630 bm->cur_prd_len = 0;
98087450 2631 if (bm->status & BM_STATUS_DMAING) {
8ccad811 2632 bm->dma_cb(bm, 0);
98087450
FB		 2633 }
2634}
2635
98087450
FB		 2636static void bmdma_cmd_writeb(void *opaque, uint32_t addr, uint32_t val)
2637{
2638 BMDMAState *bm = opaque;
2639#ifdef DEBUG_IDE
2640 printf("%s: 0x%08x\n", __func__, val);
2641#endif
2642 if (!(val & BM_CMD_START)) {
2643 /* XXX: do it better */
8ccad811
FB		 2644 if (bm->status & BM_STATUS_DMAING) {
2645 bm->status &= ~BM_STATUS_DMAING;
2646 /* cancel DMA request */
2647 bm->ide_if = NULL;
2648 bm->dma_cb = NULL;
2649 if (bm->aiocb) {
2650#ifdef DEBUG_AIO
2651 printf("aio_cancel\n");
2652#endif
2653 bdrv_aio_cancel(bm->aiocb);
2654 bm->aiocb = NULL;
2655 }
2656 }
98087450
FB		 2657 bm->cmd = val & 0x09;
2658 } else {
8ccad811
FB		 2659 if (!(bm->status & BM_STATUS_DMAING)) {
2660 bm->status |= BM_STATUS_DMAING;
2661 /* start dma transfer if possible */
2662 if (bm->dma_cb)
2663 bm->dma_cb(bm, 0);
2664 }
98087450 2665 bm->cmd = val & 0x09;
98087450
FB		 2666 }
2667}
2668
5457c8ce 2669static uint32_t bmdma_readb(void *opaque, uint32_t addr)
98087450
FB		 2670{
2671 BMDMAState *bm = opaque;
5457c8ce 2672 PCIIDEState *pci_dev;
98087450 2673 uint32_t val;
5fafdf24 2674
5457c8ce 2675 switch(addr & 3) {
5fafdf24 2676 case 0:
5457c8ce
FB		 2677 val = bm->cmd;
2678 break;
2679 case 1:
2680 pci_dev = bm->pci_dev;
2681 if (pci_dev->type == IDE_TYPE_CMD646) {
2682 val = pci_dev->dev.config[MRDMODE];
2683 } else {
2684 val = 0xff;
2685 }
2686 break;
2687 case 2:
2688 val = bm->status;
2689 break;
2690 case 3:
2691 pci_dev = bm->pci_dev;
2692 if (pci_dev->type == IDE_TYPE_CMD646) {
2693 if (bm == &pci_dev->bmdma[0])
2694 val = pci_dev->dev.config[UDIDETCR0];
2695 else
2696 val = pci_dev->dev.config[UDIDETCR1];
2697 } else {
2698 val = 0xff;
2699 }
2700 break;
2701 default:
2702 val = 0xff;
2703 break;
2704 }
98087450 2705#ifdef DEBUG_IDE
5457c8ce 2706 printf("bmdma: readb 0x%02x : 0x%02x\n", addr, val);
98087450
FB		 2707#endif
2708 return val;
2709}
2710
5457c8ce 2711static void bmdma_writeb(void *opaque, uint32_t addr, uint32_t val)
98087450
FB		 2712{
2713 BMDMAState *bm = opaque;
5457c8ce 2714 PCIIDEState *pci_dev;
98087450 2715#ifdef DEBUG_IDE
5457c8ce 2716 printf("bmdma: writeb 0x%02x : 0x%02x\n", addr, val);
98087450 2717#endif
5457c8ce
FB		 2718 switch(addr & 3) {
2719 case 1:
2720 pci_dev = bm->pci_dev;
2721 if (pci_dev->type == IDE_TYPE_CMD646) {
5fafdf24 2722 pci_dev->dev.config[MRDMODE] =
5457c8ce
FB		 2723 (pci_dev->dev.config[MRDMODE] & ~0x30) | (val & 0x30);
2724 cmd646_update_irq(pci_dev);
2725 }
2726 break;
2727 case 2:
2728 bm->status = (val & 0x60) | (bm->status & 1) | (bm->status & ~val & 0x06);
2729 break;
2730 case 3:
2731 pci_dev = bm->pci_dev;
2732 if (pci_dev->type == IDE_TYPE_CMD646) {
2733 if (bm == &pci_dev->bmdma[0])
2734 pci_dev->dev.config[UDIDETCR0] = val;
2735 else
2736 pci_dev->dev.config[UDIDETCR1] = val;
2737 }
2738 break;
2739 }
98087450
FB		 2740}
2741
2742static uint32_t bmdma_addr_readl(void *opaque, uint32_t addr)
2743{
2744 BMDMAState *bm = opaque;
2745 uint32_t val;
2746 val = bm->addr;
2747#ifdef DEBUG_IDE
2748 printf("%s: 0x%08x\n", __func__, val);
2749#endif
2750 return val;
2751}
2752
2753static void bmdma_addr_writel(void *opaque, uint32_t addr, uint32_t val)
2754{
2755 BMDMAState *bm = opaque;
2756#ifdef DEBUG_IDE
2757 printf("%s: 0x%08x\n", __func__, val);
2758#endif
2759 bm->addr = val & ~3;
30c4bbac 2760 bm->cur_addr = bm->addr;
98087450
FB		 2761}
2762
5fafdf24 2763static void bmdma_map(PCIDevice *pci_dev, int region_num,
98087450
FB		 2764 uint32_t addr, uint32_t size, int type)
2765{
2766 PCIIDEState *d = (PCIIDEState *)pci_dev;
2767 int i;
2768
2769 for(i = 0;i < 2; i++) {
2770 BMDMAState *bm = &d->bmdma[i];
2771 d->ide_if[2 * i].bmdma = bm;
2772 d->ide_if[2 * i + 1].bmdma = bm;
5457c8ce
FB		 2773 bm->pci_dev = (PCIIDEState *)pci_dev;
2774
98087450 2775 register_ioport_write(addr, 1, 1, bmdma_cmd_writeb, bm);
98087450 2776
5457c8ce
FB		 2777 register_ioport_write(addr + 1, 3, 1, bmdma_writeb, bm);
2778 register_ioport_read(addr, 4, 1, bmdma_readb, bm);
98087450
FB		 2779
2780 register_ioport_write(addr + 4, 4, 4, bmdma_addr_writel, bm);
2781 register_ioport_read(addr + 4, 4, 4, bmdma_addr_readl, bm);
2782 addr += 8;
2783 }
2784}
2785
5457c8ce
FB		 2786/* XXX: call it also when the MRDMODE is changed from the PCI config
2787 registers */
2788static void cmd646_update_irq(PCIIDEState *d)
2789{
2790 int pci_level;
2791 pci_level = ((d->dev.config[MRDMODE] & MRDMODE_INTR_CH0) &&
2792 !(d->dev.config[MRDMODE] & MRDMODE_BLK_CH0)) ||
2793 ((d->dev.config[MRDMODE] & MRDMODE_INTR_CH1) &&
2794 !(d->dev.config[MRDMODE] & MRDMODE_BLK_CH1));
d537cf6c 2795 qemu_set_irq(d->dev.irq[0], pci_level);
5457c8ce
FB		 2796}
2797
2798/* the PCI irq level is the logical OR of the two channels */
2799static void cmd646_set_irq(void *opaque, int channel, int level)
2800{
2801 PCIIDEState *d = opaque;
2802 int irq_mask;
2803
2804 irq_mask = MRDMODE_INTR_CH0 << channel;
2805 if (level)
2806 d->dev.config[MRDMODE] |= irq_mask;
2807 else
2808 d->dev.config[MRDMODE] &= ~irq_mask;
2809 cmd646_update_irq(d);
2810}
2811
2812/* CMD646 PCI IDE controller */
2813void pci_cmd646_ide_init(PCIBus *bus, BlockDriverState **hd_table,
2814 int secondary_ide_enabled)
69b91039
FB		 2815{
2816 PCIIDEState *d;
2817 uint8_t *pci_conf;
34e538ae 2818 int i;
d537cf6c 2819 qemu_irq *irq;
34e538ae 2820
5fafdf24 2821 d = (PCIIDEState *)pci_register_device(bus, "CMD646 IDE",
5457c8ce 2822 sizeof(PCIIDEState),
5fafdf24 2823 -1,
73c11f63 2824 NULL, NULL);
5457c8ce 2825 d->type = IDE_TYPE_CMD646;
69b91039 2826 pci_conf = d->dev.config;
5457c8ce
FB		 2827 pci_conf[0x00] = 0x95; // CMD646
2828 pci_conf[0x01] = 0x10;
2829 pci_conf[0x02] = 0x46;
2830 pci_conf[0x03] = 0x06;
2831
2832 pci_conf[0x08] = 0x07; // IDE controller revision
5fafdf24 2833 pci_conf[0x09] = 0x8f;
5457c8ce 2834
69b91039
FB		 2835 pci_conf[0x0a] = 0x01; // class_sub = PCI_IDE
2836 pci_conf[0x0b] = 0x01; // class_base = PCI_mass_storage
5457c8ce 2837 pci_conf[0x0e] = 0x00; // header_type
5fafdf24 2838
5457c8ce
FB		 2839 if (secondary_ide_enabled) {
2840 /* XXX: if not enabled, really disable the seconday IDE controller */
2841 pci_conf[0x51] = 0x80; /* enable IDE1 */
2842 }
69b91039 2843
5fafdf24 2844 pci_register_io_region((PCIDevice *)d, 0, 0x8,
69b91039 2845 PCI_ADDRESS_SPACE_IO, ide_map);
5fafdf24 2846 pci_register_io_region((PCIDevice *)d, 1, 0x4,
69b91039 2847 PCI_ADDRESS_SPACE_IO, ide_map);
5fafdf24 2848 pci_register_io_region((PCIDevice *)d, 2, 0x8,
69b91039 2849 PCI_ADDRESS_SPACE_IO, ide_map);
5fafdf24 2850 pci_register_io_region((PCIDevice *)d, 3, 0x4,
69b91039 2851 PCI_ADDRESS_SPACE_IO, ide_map);
5fafdf24 2852 pci_register_io_region((PCIDevice *)d, 4, 0x10,
98087450 2853 PCI_ADDRESS_SPACE_IO, bmdma_map);
69b91039 2854
34e538ae 2855 pci_conf[0x3d] = 0x01; // interrupt on pin 1
5fafdf24 2856
34e538ae
FB		 2857 for(i = 0; i < 4; i++)
2858 d->ide_if[i].pci_dev = (PCIDevice *)d;
d537cf6c
PB		 2859
2860 irq = qemu_allocate_irqs(cmd646_set_irq, d, 2);
2861 ide_init2(&d->ide_if[0], hd_table[0], hd_table[1], irq[0]);
2862 ide_init2(&d->ide_if[2], hd_table[2], hd_table[3], irq[1]);
34e538ae
FB		 2863}
2864
c3d78997
FB		 2865static void pci_ide_save(QEMUFile* f, void *opaque)
2866{
2867 PCIIDEState *d = opaque;
2868 int i;
2869
2870 pci_device_save(&d->dev, f);
2871
2872 for(i = 0; i < 2; i++) {
2873 BMDMAState *bm = &d->bmdma[i];
2874 qemu_put_8s(f, &bm->cmd);
2875 qemu_put_8s(f, &bm->status);
2876 qemu_put_be32s(f, &bm->addr);
2877 /* XXX: if a transfer is pending, we do not save it yet */
2878 }
2879
2880 /* per IDE interface data */
2881 for(i = 0; i < 2; i++) {
2882 IDEState *s = &d->ide_if[i * 2];
2883 uint8_t drive1_selected;
2884 qemu_put_8s(f, &s->cmd);
2885 drive1_selected = (s->cur_drive != s);
2886 qemu_put_8s(f, &drive1_selected);
2887 }
2888
2889 /* per IDE drive data */
2890 for(i = 0; i < 4; i++) {
aa941b94 2891 ide_save(f, &d->ide_if[i]);
c3d78997
FB		 2892 }
2893}
2894
2895static int pci_ide_load(QEMUFile* f, void *opaque, int version_id)
2896{
2897 PCIIDEState *d = opaque;
2898 int ret, i;
2899
2900 if (version_id != 1)
2901 return -EINVAL;
2902 ret = pci_device_load(&d->dev, f);
2903 if (ret < 0)
2904 return ret;
2905
2906 for(i = 0; i < 2; i++) {
2907 BMDMAState *bm = &d->bmdma[i];
2908 qemu_get_8s(f, &bm->cmd);
2909 qemu_get_8s(f, &bm->status);
2910 qemu_get_be32s(f, &bm->addr);
2911 /* XXX: if a transfer is pending, we do not save it yet */
2912 }
2913
2914 /* per IDE interface data */
2915 for(i = 0; i < 2; i++) {
2916 IDEState *s = &d->ide_if[i * 2];
2917 uint8_t drive1_selected;
2918 qemu_get_8s(f, &s->cmd);
2919 qemu_get_8s(f, &drive1_selected);
2920 s->cur_drive = &d->ide_if[i * 2 + (drive1_selected != 0)];
2921 }
2922
2923 /* per IDE drive data */
2924 for(i = 0; i < 4; i++) {
aa941b94 2925 ide_load(f, &d->ide_if[i]);
c3d78997
FB		 2926 }
2927 return 0;
2928}
2929
e6a71ae3
TS		 2930static void piix3_reset(PCIIDEState *d)
2931{
2932 uint8_t *pci_conf = d->dev.config;
2933
2934 pci_conf[0x04] = 0x00;
2935 pci_conf[0x05] = 0x00;
2936 pci_conf[0x06] = 0x80; /* FBC */
2937 pci_conf[0x07] = 0x02; // PCI_status_devsel_medium
2938 pci_conf[0x20] = 0x01; /* BMIBA: 20-23h */
2939}
2940
34e538ae
FB		 2941/* hd_table must contain 4 block drivers */
2942/* NOTE: for the PIIX3, the IRQs and IOports are hardcoded */
d537cf6c
PB		 2943void pci_piix3_ide_init(PCIBus *bus, BlockDriverState **hd_table, int devfn,
2944 qemu_irq *pic)
34e538ae
FB		 2945{
2946 PCIIDEState *d;
2947 uint8_t *pci_conf;
5fafdf24 2948
34e538ae 2949 /* register a function 1 of PIIX3 */
5fafdf24 2950 d = (PCIIDEState *)pci_register_device(bus, "PIIX3 IDE",
46e50e9d 2951 sizeof(PCIIDEState),
502a5395 2952 devfn,
34e538ae 2953 NULL, NULL);
5457c8ce
FB		 2954 d->type = IDE_TYPE_PIIX3;
2955
34e538ae
FB		 2956 pci_conf = d->dev.config;
2957 pci_conf[0x00] = 0x86; // Intel
2958 pci_conf[0x01] = 0x80;
2959 pci_conf[0x02] = 0x10;
2960 pci_conf[0x03] = 0x70;
92510b8c 2961 pci_conf[0x09] = 0x80; // legacy ATA mode
34e538ae
FB		 2962 pci_conf[0x0a] = 0x01; // class_sub = PCI_IDE
2963 pci_conf[0x0b] = 0x01; // class_base = PCI_mass_storage
2964 pci_conf[0x0e] = 0x00; // header_type
2965
e6a71ae3
TS		 2966 piix3_reset(d);
2967
5fafdf24 2968 pci_register_io_region((PCIDevice *)d, 4, 0x10,
98087450 2969 PCI_ADDRESS_SPACE_IO, bmdma_map);
34e538ae 2970
d537cf6c
PB		 2971 ide_init2(&d->ide_if[0], hd_table[0], hd_table[1], pic[14]);
2972 ide_init2(&d->ide_if[2], hd_table[2], hd_table[3], pic[15]);
34e538ae
FB		 2973 ide_init_ioport(&d->ide_if[0], 0x1f0, 0x3f6);
2974 ide_init_ioport(&d->ide_if[2], 0x170, 0x376);
c3d78997
FB		 2975
2976 register_savevm("ide", 0, 1, pci_ide_save, pci_ide_load, d);
69b91039 2977}
1ade1de2 2978
afcc3cdf
TS		 2979/* hd_table must contain 4 block drivers */
2980/* NOTE: for the PIIX4, the IRQs and IOports are hardcoded */
2981void pci_piix4_ide_init(PCIBus *bus, BlockDriverState **hd_table, int devfn,
2982 qemu_irq *pic)
2983{
2984 PCIIDEState *d;
2985 uint8_t *pci_conf;
2986
2987 /* register a function 1 of PIIX4 */
2988 d = (PCIIDEState *)pci_register_device(bus, "PIIX4 IDE",
2989 sizeof(PCIIDEState),
2990 devfn,
2991 NULL, NULL);
2992 d->type = IDE_TYPE_PIIX4;
2993
2994 pci_conf = d->dev.config;
2995 pci_conf[0x00] = 0x86; // Intel
2996 pci_conf[0x01] = 0x80;
2997 pci_conf[0x02] = 0x11;
2998 pci_conf[0x03] = 0x71;
2999 pci_conf[0x09] = 0x80; // legacy ATA mode
3000 pci_conf[0x0a] = 0x01; // class_sub = PCI_IDE
3001 pci_conf[0x0b] = 0x01; // class_base = PCI_mass_storage
3002 pci_conf[0x0e] = 0x00; // header_type
3003
3004 piix3_reset(d);
3005
3006 pci_register_io_region((PCIDevice *)d, 4, 0x10,
3007 PCI_ADDRESS_SPACE_IO, bmdma_map);
3008
3009 ide_init2(&d->ide_if[0], hd_table[0], hd_table[1], pic[14]);
3010 ide_init2(&d->ide_if[2], hd_table[2], hd_table[3], pic[15]);
3011 ide_init_ioport(&d->ide_if[0], 0x1f0, 0x3f6);
3012 ide_init_ioport(&d->ide_if[2], 0x170, 0x376);
3013
3014 register_savevm("ide", 0, 1, pci_ide_save, pci_ide_load, d);
3015}
3016
1ade1de2
FB		 3017/***********************************************************/
3018/* MacIO based PowerPC IDE */
3019
3020/* PowerMac IDE memory IO */
3021static void pmac_ide_writeb (void *opaque,
3022 target_phys_addr_t addr, uint32_t val)
3023{
5fafdf24 3024 addr = (addr & 0xFFF) >> 4;
1ade1de2
FB		 3025 switch (addr) {
3026 case 1 ... 7:
3027 ide_ioport_write(opaque, addr, val);
3028 break;
3029 case 8:
3030 case 22:
3031 ide_cmd_write(opaque, 0, val);
3032 break;
3033 default:
3034 break;
3035 }
3036}
3037
3038static uint32_t pmac_ide_readb (void *opaque,target_phys_addr_t addr)
3039{
3040 uint8_t retval;
3041
3042 addr = (addr & 0xFFF) >> 4;
3043 switch (addr) {
3044 case 1 ... 7:
3045 retval = ide_ioport_read(opaque, addr);
3046 break;
3047 case 8:
3048 case 22:
3049 retval = ide_status_read(opaque, 0);
3050 break;
3051 default:
3052 retval = 0xFF;
3053 break;
3054 }
3055 return retval;
3056}
3057
3058static void pmac_ide_writew (void *opaque,
3059 target_phys_addr_t addr, uint32_t val)
3060{
5fafdf24 3061 addr = (addr & 0xFFF) >> 4;
1ade1de2
FB		 3062#ifdef TARGET_WORDS_BIGENDIAN
3063 val = bswap16(val);
3064#endif
3065 if (addr == 0) {
3066 ide_data_writew(opaque, 0, val);
3067 }
3068}
3069
3070static uint32_t pmac_ide_readw (void *opaque,target_phys_addr_t addr)
3071{
3072 uint16_t retval;
3073
5fafdf24 3074 addr = (addr & 0xFFF) >> 4;
1ade1de2
FB		 3075 if (addr == 0) {
3076 retval = ide_data_readw(opaque, 0);
3077 } else {
3078 retval = 0xFFFF;
3079 }
3080#ifdef TARGET_WORDS_BIGENDIAN
3081 retval = bswap16(retval);
3082#endif
3083 return retval;
3084}
3085
3086static void pmac_ide_writel (void *opaque,
3087 target_phys_addr_t addr, uint32_t val)
3088{
5fafdf24 3089 addr = (addr & 0xFFF) >> 4;
1ade1de2
FB		 3090#ifdef TARGET_WORDS_BIGENDIAN
3091 val = bswap32(val);
3092#endif
3093 if (addr == 0) {
3094 ide_data_writel(opaque, 0, val);
3095 }
3096}
3097
3098static uint32_t pmac_ide_readl (void *opaque,target_phys_addr_t addr)
3099{
3100 uint32_t retval;
3101
5fafdf24 3102 addr = (addr & 0xFFF) >> 4;
1ade1de2
FB		 3103 if (addr == 0) {
3104 retval = ide_data_readl(opaque, 0);
3105 } else {
3106 retval = 0xFFFFFFFF;
3107 }
3108#ifdef TARGET_WORDS_BIGENDIAN
3109 retval = bswap32(retval);
3110#endif
3111 return retval;
3112}
3113
3114static CPUWriteMemoryFunc *pmac_ide_write[] = {
3115 pmac_ide_writeb,
3116 pmac_ide_writew,
3117 pmac_ide_writel,
3118};
3119
3120static CPUReadMemoryFunc *pmac_ide_read[] = {
3121 pmac_ide_readb,
3122 pmac_ide_readw,
3123 pmac_ide_readl,
3124};
3125
3126/* hd_table must contain 4 block drivers */
3127/* PowerMac uses memory mapped registers, not I/O. Return the memory
3128 I/O index to access the ide. */
d537cf6c 3129int pmac_ide_init (BlockDriverState **hd_table, qemu_irq irq)
1ade1de2
FB		 3130{
3131 IDEState *ide_if;
3132 int pmac_ide_memory;
3133
3134 ide_if = qemu_mallocz(sizeof(IDEState) * 2);
d537cf6c 3135 ide_init2(&ide_if[0], hd_table[0], hd_table[1], irq);
5fafdf24 3136
1ade1de2
FB		 3137 pmac_ide_memory = cpu_register_io_memory(0, pmac_ide_read,
3138 pmac_ide_write, &ide_if[0]);
3139 return pmac_ide_memory;
3140}
201a51fc
AZ		 3141
3142/***********************************************************/
3143/* CF-ATA Microdrive */
3144
3145#define METADATA_SIZE 0x20
3146
3147/* DSCM-1XXXX Microdrive hard disk with CF+ II / PCMCIA interface. */
3148struct md_s {
3149 IDEState ide[2];
3150 struct pcmcia_card_s card;
3151 uint32_t attr_base;
3152 uint32_t io_base;
3153
3154 /* Card state */
3155 uint8_t opt;
3156 uint8_t stat;
3157 uint8_t pins;
3158
3159 uint8_t ctrl;
3160 uint16_t io;
3161 int cycle;
3162};
3163
3164/* Register bitfields */
3165enum md_opt {
3166 OPT_MODE_MMAP = 0,
3167 OPT_MODE_IOMAP16 = 1,
3168 OPT_MODE_IOMAP1 = 2,
3169 OPT_MODE_IOMAP2 = 3,
3170 OPT_MODE = 0x3f,
3171 OPT_LEVIREQ = 0x40,
3172 OPT_SRESET = 0x80,
3173};
3174enum md_cstat {
3175 STAT_INT = 0x02,
3176 STAT_PWRDWN = 0x04,
3177 STAT_XE = 0x10,
3178 STAT_IOIS8 = 0x20,
3179 STAT_SIGCHG = 0x40,
3180 STAT_CHANGED = 0x80,
3181};
3182enum md_pins {
3183 PINS_MRDY = 0x02,
3184 PINS_CRDY = 0x20,
3185};
3186enum md_ctrl {
3187 CTRL_IEN = 0x02,
3188 CTRL_SRST = 0x04,
3189};
3190
3191static inline void md_interrupt_update(struct md_s *s)
3192{
3193 if (!s->card.slot)
3194 return;
3195
3196 qemu_set_irq(s->card.slot->irq,
3197 !(s->stat & STAT_INT) && /* Inverted */
3198 !(s->ctrl & (CTRL_IEN | CTRL_SRST)) &&
3199 !(s->opt & OPT_SRESET));
3200}
3201
3202static void md_set_irq(void *opaque, int irq, int level)
3203{
3204 struct md_s *s = (struct md_s *) opaque;
3205 if (level)
3206 s->stat |= STAT_INT;
3207 else
3208 s->stat &= ~STAT_INT;
3209
3210 md_interrupt_update(s);
3211}
3212
3213static void md_reset(struct md_s *s)
3214{
3215 s->opt = OPT_MODE_MMAP;
3216 s->stat = 0;
3217 s->pins = 0;
3218 s->cycle = 0;
3219 s->ctrl = 0;
3220 ide_reset(s->ide);
3221}
3222
9e315fa9 3223static uint8_t md_attr_read(void *opaque, uint32_t at)
201a51fc
AZ		 3224{
3225 struct md_s *s = (struct md_s *) opaque;
3226 if (at < s->attr_base) {
3227 if (at < s->card.cis_len)
3228 return s->card.cis[at];
3229 else
3230 return 0x00;
3231 }
3232
3233 at -= s->attr_base;
3234
3235 switch (at) {
3236 case 0x00: /* Configuration Option Register */
3237 return s->opt;
3238 case 0x02: /* Card Configuration Status Register */
3239 if (s->ctrl & CTRL_IEN)
3240 return s->stat & ~STAT_INT;
3241 else
3242 return s->stat;
3243 case 0x04: /* Pin Replacement Register */
3244 return (s->pins & PINS_CRDY) | 0x0c;
3245 case 0x06: /* Socket and Copy Register */
3246 return 0x00;
3247#ifdef VERBOSE
3248 default:
3249 printf("%s: Bad attribute space register %02x\n", __FUNCTION__, at);
3250#endif
3251 }
3252
3253 return 0;
3254}
3255
9e315fa9 3256static void md_attr_write(void *opaque, uint32_t at, uint8_t value)
201a51fc
AZ		 3257{
3258 struct md_s *s = (struct md_s *) opaque;
3259 at -= s->attr_base;
3260
3261 switch (at) {
3262 case 0x00: /* Configuration Option Register */
3263 s->opt = value & 0xcf;
3264 if (value & OPT_SRESET)
3265 md_reset(s);
3266 md_interrupt_update(s);
3267 break;
3268 case 0x02: /* Card Configuration Status Register */
3269 if ((s->stat ^ value) & STAT_PWRDWN)
3270 s->pins |= PINS_CRDY;
3271 s->stat &= 0x82;
3272 s->stat |= value & 0x74;
3273 md_interrupt_update(s);
3274 /* Word 170 in Identify Device must be equal to STAT_XE */
3275 break;
3276 case 0x04: /* Pin Replacement Register */
3277 s->pins &= PINS_CRDY;
3278 s->pins |= value & PINS_MRDY;
3279 break;
3280 case 0x06: /* Socket and Copy Register */
3281 break;
3282 default:
3283 printf("%s: Bad attribute space register %02x\n", __FUNCTION__, at);
3284 }
3285}
3286
9e315fa9 3287static uint16_t md_common_read(void *opaque, uint32_t at)
201a51fc
AZ		 3288{
3289 struct md_s *s = (struct md_s *) opaque;
3290 uint16_t ret;
3291 at -= s->io_base;
3292
3293 switch (s->opt & OPT_MODE) {
3294 case OPT_MODE_MMAP:
3295 if ((at & ~0x3ff) == 0x400)
3296 at = 0;
3297 break;
3298 case OPT_MODE_IOMAP16:
3299 at &= 0xf;
3300 break;
3301 case OPT_MODE_IOMAP1:
3302 if ((at & ~0xf) == 0x3f0)
3303 at -= 0x3e8;
3304 else if ((at & ~0xf) == 0x1f0)
3305 at -= 0x1f0;
3306 break;
3307 case OPT_MODE_IOMAP2:
3308 if ((at & ~0xf) == 0x370)
3309 at -= 0x368;
3310 else if ((at & ~0xf) == 0x170)
3311 at -= 0x170;
3312 }
3313
3314 switch (at) {
3315 case 0x0: /* Even RD Data */
3316 case 0x8:
3317 return ide_data_readw(s->ide, 0);
3318
3319 /* TODO: 8-bit accesses */
3320 if (s->cycle)
3321 ret = s->io >> 8;
3322 else {
3323 s->io = ide_data_readw(s->ide, 0);
3324 ret = s->io & 0xff;
3325 }
3326 s->cycle = !s->cycle;
3327 return ret;
3328 case 0x9: /* Odd RD Data */
3329 return s->io >> 8;
3330 case 0xd: /* Error */
3331 return ide_ioport_read(s->ide, 0x1);
3332 case 0xe: /* Alternate Status */
3333 if (s->ide->cur_drive->bs)
3334 return s->ide->cur_drive->status;
3335 else
3336 return 0;
3337 case 0xf: /* Device Address */
3338 return 0xc2 | ((~s->ide->select << 2) & 0x3c);
3339 default:
3340 return ide_ioport_read(s->ide, at);
3341 }
3342
3343 return 0;
3344}
3345
9e315fa9 3346static void md_common_write(void *opaque, uint32_t at, uint16_t value)
201a51fc
AZ		 3347{
3348 struct md_s *s = (struct md_s *) opaque;
3349 at -= s->io_base;
3350
3351 switch (s->opt & OPT_MODE) {
3352 case OPT_MODE_MMAP:
3353 if ((at & ~0x3ff) == 0x400)
3354 at = 0;
3355 break;
3356 case OPT_MODE_IOMAP16:
3357 at &= 0xf;
3358 break;
3359 case OPT_MODE_IOMAP1:
3360 if ((at & ~0xf) == 0x3f0)
3361 at -= 0x3e8;
3362 else if ((at & ~0xf) == 0x1f0)
3363 at -= 0x1f0;
3364 break;
3365 case OPT_MODE_IOMAP2:
3366 if ((at & ~0xf) == 0x370)
3367 at -= 0x368;
3368 else if ((at & ~0xf) == 0x170)
3369 at -= 0x170;
3370 }
3371
3372 switch (at) {
3373 case 0x0: /* Even WR Data */
3374 case 0x8:
3375 ide_data_writew(s->ide, 0, value);
3376 break;
3377
3378 /* TODO: 8-bit accesses */
3379 if (s->cycle)
3380 ide_data_writew(s->ide, 0, s->io | (value << 8));
3381 else
3382 s->io = value & 0xff;
3383 s->cycle = !s->cycle;
3384 break;
3385 case 0x9:
3386 s->io = value & 0xff;
3387 s->cycle = !s->cycle;
3388 break;
3389 case 0xd: /* Features */
3390 ide_ioport_write(s->ide, 0x1, value);
3391 break;
3392 case 0xe: /* Device Control */
3393 s->ctrl = value;
3394 if (value & CTRL_SRST)
3395 md_reset(s);
3396 md_interrupt_update(s);
3397 break;
3398 default:
3399 if (s->stat & STAT_PWRDWN) {
3400 s->pins |= PINS_CRDY;
3401 s->stat &= ~STAT_PWRDWN;
3402 }
3403 ide_ioport_write(s->ide, at, value);
3404 }
3405}
3406
aa941b94
AZ		 3407static void md_save(QEMUFile *f, void *opaque)
3408{
3409 struct md_s *s = (struct md_s *) opaque;
3410 int i;
3411 uint8_t drive1_selected;
3412
3413 qemu_put_8s(f, &s->opt);
3414 qemu_put_8s(f, &s->stat);
3415 qemu_put_8s(f, &s->pins);
3416
3417 qemu_put_8s(f, &s->ctrl);
3418 qemu_put_be16s(f, &s->io);
3419 qemu_put_byte(f, s->cycle);
3420
3421 drive1_selected = (s->ide->cur_drive != s->ide);
3422 qemu_put_8s(f, &s->ide->cmd);
3423 qemu_put_8s(f, &drive1_selected);
3424
3425 for (i = 0; i < 2; i ++)
3426 ide_save(f, &s->ide[i]);
3427}
3428
3429static int md_load(QEMUFile *f, void *opaque, int version_id)
3430{
3431 struct md_s *s = (struct md_s *) opaque;
3432 int i;
3433 uint8_t drive1_selected;
3434
3435 qemu_get_8s(f, &s->opt);
3436 qemu_get_8s(f, &s->stat);
3437 qemu_get_8s(f, &s->pins);
3438
3439 qemu_get_8s(f, &s->ctrl);
3440 qemu_get_be16s(f, &s->io);
3441 s->cycle = qemu_get_byte(f);
3442
3443 qemu_get_8s(f, &s->ide->cmd);
3444 qemu_get_8s(f, &drive1_selected);
3445 s->ide->cur_drive = &s->ide[(drive1_selected != 0)];
3446
3447 for (i = 0; i < 2; i ++)
3448 ide_load(f, &s->ide[i]);
3449
3450 return 0;
3451}
3452
3453static int md_iid = 0;
3454
201a51fc
AZ		 3455static const uint8_t dscm1xxxx_cis[0x14a] = {
3456 [0x000] = CISTPL_DEVICE, /* 5V Device Information */
3457 [0x002] = 0x03, /* Tuple length = 4 bytes */
3458 [0x004] = 0xdb, /* ID: DTYPE_FUNCSPEC, non WP, DSPEED_150NS */
3459 [0x006] = 0x01, /* Size = 2K bytes */
3460 [0x008] = CISTPL_ENDMARK,
3461
3462 [0x00a] = CISTPL_DEVICE_OC, /* Additional Device Information */
3463 [0x00c] = 0x04, /* Tuple length = 4 byest */
3464 [0x00e] = 0x03, /* Conditions: Ext = 0, Vcc 3.3V, MWAIT = 1 */
3465 [0x010] = 0xdb, /* ID: DTYPE_FUNCSPEC, non WP, DSPEED_150NS */
3466 [0x012] = 0x01, /* Size = 2K bytes */
3467 [0x014] = CISTPL_ENDMARK,
3468
3469 [0x016] = CISTPL_JEDEC_C, /* JEDEC ID */
3470 [0x018] = 0x02, /* Tuple length = 2 bytes */
3471 [0x01a] = 0xdf, /* PC Card ATA with no Vpp required */
3472 [0x01c] = 0x01,
3473
3474 [0x01e] = CISTPL_MANFID, /* Manufacture ID */
3475 [0x020] = 0x04, /* Tuple length = 4 bytes */
3476 [0x022] = 0xa4, /* TPLMID_MANF = 00a4 (IBM) */
3477 [0x024] = 0x00,
3478 [0x026] = 0x00, /* PLMID_CARD = 0000 */
3479 [0x028] = 0x00,
3480
3481 [0x02a] = CISTPL_VERS_1, /* Level 1 Version */
3482 [0x02c] = 0x12, /* Tuple length = 23 bytes */
3483 [0x02e] = 0x04, /* Major Version = JEIDA 4.2 / PCMCIA 2.1 */
3484 [0x030] = 0x01, /* Minor Version = 1 */
3485 [0x032] = 'I',
3486 [0x034] = 'B',
3487 [0x036] = 'M',
3488 [0x038] = 0x00,
3489 [0x03a] = 'm',
3490 [0x03c] = 'i',
3491 [0x03e] = 'c',
3492 [0x040] = 'r',
3493 [0x042] = 'o',
3494 [0x044] = 'd',
3495 [0x046] = 'r',
3496 [0x048] = 'i',
3497 [0x04a] = 'v',
3498 [0x04c] = 'e',
3499 [0x04e] = 0x00,
3500 [0x050] = CISTPL_ENDMARK,
3501
3502 [0x052] = CISTPL_FUNCID, /* Function ID */
3503 [0x054] = 0x02, /* Tuple length = 2 bytes */
3504 [0x056] = 0x04, /* TPLFID_FUNCTION = Fixed Disk */
3505 [0x058] = 0x01, /* TPLFID_SYSINIT: POST = 1, ROM = 0 */
3506
3507 [0x05a] = CISTPL_FUNCE, /* Function Extension */
3508 [0x05c] = 0x02, /* Tuple length = 2 bytes */
3509 [0x05e] = 0x01, /* TPLFE_TYPE = Disk Device Interface */
3510 [0x060] = 0x01, /* TPLFE_DATA = PC Card ATA Interface */
3511
3512 [0x062] = CISTPL_FUNCE, /* Function Extension */
3513 [0x064] = 0x03, /* Tuple length = 3 bytes */
3514 [0x066] = 0x02, /* TPLFE_TYPE = Basic PC Card ATA Interface */
3515 [0x068] = 0x08, /* TPLFE_DATA: Rotating, Unique, Single */
3516 [0x06a] = 0x0f, /* TPLFE_DATA: Sleep, Standby, Idle, Auto */
3517
3518 [0x06c] = CISTPL_CONFIG, /* Configuration */
3519 [0x06e] = 0x05, /* Tuple length = 5 bytes */
3520 [0x070] = 0x01, /* TPCC_RASZ = 2 bytes, TPCC_RMSZ = 1 byte */
3521 [0x072] = 0x07, /* TPCC_LAST = 7 */
3522 [0x074] = 0x00, /* TPCC_RADR = 0200 */
3523 [0x076] = 0x02,
3524 [0x078] = 0x0f, /* TPCC_RMSK = 200, 202, 204, 206 */
3525
3526 [0x07a] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
3527 [0x07c] = 0x0b, /* Tuple length = 11 bytes */
3528 [0x07e] = 0xc0, /* TPCE_INDX = Memory Mode, Default, Iface */
3529 [0x080] = 0xc0, /* TPCE_IF = Memory, no BVDs, no WP, READY */
3530 [0x082] = 0xa1, /* TPCE_FS = Vcc only, no I/O, Memory, Misc */
3531 [0x084] = 0x27, /* NomV = 1, MinV = 1, MaxV = 1, Peakl = 1 */
3532 [0x086] = 0x55, /* NomV: 5.0 V */
3533 [0x088] = 0x4d, /* MinV: 4.5 V */
3534 [0x08a] = 0x5d, /* MaxV: 5.5 V */
3535 [0x08c] = 0x4e, /* Peakl: 450 mA */
3536 [0x08e] = 0x08, /* TPCE_MS = 1 window, 1 byte, Host address */
3537 [0x090] = 0x00, /* Window descriptor: Window length = 0 */
3538 [0x092] = 0x20, /* TPCE_MI: support power down mode, RW */
3539
3540 [0x094] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
3541 [0x096] = 0x06, /* Tuple length = 6 bytes */
3542 [0x098] = 0x00, /* TPCE_INDX = Memory Mode, no Default */
3543 [0x09a] = 0x01, /* TPCE_FS = Vcc only, no I/O, no Memory */
3544 [0x09c] = 0x21, /* NomV = 1, MinV = 0, MaxV = 0, Peakl = 1 */
3545 [0x09e] = 0xb5, /* NomV: 3.3 V */
3546 [0x0a0] = 0x1e,
3547 [0x0a2] = 0x3e, /* Peakl: 350 mA */
3548
3549 [0x0a4] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
3550 [0x0a6] = 0x0d, /* Tuple length = 13 bytes */
3551 [0x0a8] = 0xc1, /* TPCE_INDX = I/O and Memory Mode, Default */
3552 [0x0aa] = 0x41, /* TPCE_IF = I/O and Memory, no BVD, no WP */
3553 [0x0ac] = 0x99, /* TPCE_FS = Vcc only, I/O, Interrupt, Misc */
3554 [0x0ae] = 0x27, /* NomV = 1, MinV = 1, MaxV = 1, Peakl = 1 */
3555 [0x0b0] = 0x55, /* NomV: 5.0 V */
3556 [0x0b2] = 0x4d, /* MinV: 4.5 V */
3557 [0x0b4] = 0x5d, /* MaxV: 5.5 V */
3558 [0x0b6] = 0x4e, /* Peakl: 450 mA */
3559 [0x0b8] = 0x64, /* TPCE_IO = 16-byte boundary, 16/8 accesses */
3560 [0x0ba] = 0xf0, /* TPCE_IR = MASK, Level, Pulse, Share */
3561 [0x0bc] = 0xff, /* IRQ0..IRQ7 supported */
3562 [0x0be] = 0xff, /* IRQ8..IRQ15 supported */
3563 [0x0c0] = 0x20, /* TPCE_MI = support power down mode */
3564
3565 [0x0c2] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
3566 [0x0c4] = 0x06, /* Tuple length = 6 bytes */
3567 [0x0c6] = 0x01, /* TPCE_INDX = I/O and Memory Mode */
3568 [0x0c8] = 0x01, /* TPCE_FS = Vcc only, no I/O, no Memory */
3569 [0x0ca] = 0x21, /* NomV = 1, MinV = 0, MaxV = 0, Peakl = 1 */
3570 [0x0cc] = 0xb5, /* NomV: 3.3 V */
3571 [0x0ce] = 0x1e,
3572 [0x0d0] = 0x3e, /* Peakl: 350 mA */
3573
3574 [0x0d2] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
3575 [0x0d4] = 0x12, /* Tuple length = 18 bytes */
3576 [0x0d6] = 0xc2, /* TPCE_INDX = I/O Primary Mode */
3577 [0x0d8] = 0x41, /* TPCE_IF = I/O and Memory, no BVD, no WP */
3578 [0x0da] = 0x99, /* TPCE_FS = Vcc only, I/O, Interrupt, Misc */
3579 [0x0dc] = 0x27, /* NomV = 1, MinV = 1, MaxV = 1, Peakl = 1 */
3580 [0x0de] = 0x55, /* NomV: 5.0 V */
3581 [0x0e0] = 0x4d, /* MinV: 4.5 V */
3582 [0x0e2] = 0x5d, /* MaxV: 5.5 V */
3583 [0x0e4] = 0x4e, /* Peakl: 450 mA */
3584 [0x0e6] = 0xea, /* TPCE_IO = 1K boundary, 16/8 access, Range */
3585 [0x0e8] = 0x61, /* Range: 2 fields, 2 bytes addr, 1 byte len */
3586 [0x0ea] = 0xf0, /* Field 1 address = 0x01f0 */
3587 [0x0ec] = 0x01,
3588 [0x0ee] = 0x07, /* Address block length = 8 */
3589 [0x0f0] = 0xf6, /* Field 2 address = 0x03f6 */
3590 [0x0f2] = 0x03,
3591 [0x0f4] = 0x01, /* Address block length = 2 */
3592 [0x0f6] = 0xee, /* TPCE_IR = IRQ E, Level, Pulse, Share */
3593 [0x0f8] = 0x20, /* TPCE_MI = support power down mode */
3594
3595 [0x0fa] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
3596 [0x0fc] = 0x06, /* Tuple length = 6 bytes */
3597 [0x0fe] = 0x02, /* TPCE_INDX = I/O Primary Mode, no Default */
3598 [0x100] = 0x01, /* TPCE_FS = Vcc only, no I/O, no Memory */
3599 [0x102] = 0x21, /* NomV = 1, MinV = 0, MaxV = 0, Peakl = 1 */
3600 [0x104] = 0xb5, /* NomV: 3.3 V */
3601 [0x106] = 0x1e,
3602 [0x108] = 0x3e, /* Peakl: 350 mA */
3603
3604 [0x10a] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
3605 [0x10c] = 0x12, /* Tuple length = 18 bytes */
3606 [0x10e] = 0xc3, /* TPCE_INDX = I/O Secondary Mode, Default */
3607 [0x110] = 0x41, /* TPCE_IF = I/O and Memory, no BVD, no WP */
3608 [0x112] = 0x99, /* TPCE_FS = Vcc only, I/O, Interrupt, Misc */
3609 [0x114] = 0x27, /* NomV = 1, MinV = 1, MaxV = 1, Peakl = 1 */
3610 [0x116] = 0x55, /* NomV: 5.0 V */
3611 [0x118] = 0x4d, /* MinV: 4.5 V */
3612 [0x11a] = 0x5d, /* MaxV: 5.5 V */
3613 [0x11c] = 0x4e, /* Peakl: 450 mA */
3614 [0x11e] = 0xea, /* TPCE_IO = 1K boundary, 16/8 access, Range */
3615 [0x120] = 0x61, /* Range: 2 fields, 2 byte addr, 1 byte len */
3616 [0x122] = 0x70, /* Field 1 address = 0x0170 */
3617 [0x124] = 0x01,
3618 [0x126] = 0x07, /* Address block length = 8 */
3619 [0x128] = 0x76, /* Field 2 address = 0x0376 */
3620 [0x12a] = 0x03,
3621 [0x12c] = 0x01, /* Address block length = 2 */
3622 [0x12e] = 0xee, /* TPCE_IR = IRQ E, Level, Pulse, Share */
3623 [0x130] = 0x20, /* TPCE_MI = support power down mode */
3624
3625 [0x132] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
3626 [0x134] = 0x06, /* Tuple length = 6 bytes */
3627 [0x136] = 0x03, /* TPCE_INDX = I/O Secondary Mode */
3628 [0x138] = 0x01, /* TPCE_FS = Vcc only, no I/O, no Memory */
3629 [0x13a] = 0x21, /* NomV = 1, MinV = 0, MaxV = 0, Peakl = 1 */
3630 [0x13c] = 0xb5, /* NomV: 3.3 V */
3631 [0x13e] = 0x1e,
3632 [0x140] = 0x3e, /* Peakl: 350 mA */
3633
3634 [0x142] = CISTPL_NO_LINK, /* No Link */
3635 [0x144] = 0x00, /* Tuple length = 0 bytes */
3636
3637 [0x146] = CISTPL_END, /* Tuple End */
3638};
3639
3640static int dscm1xxxx_attach(void *opaque)
3641{
3642 struct md_s *md = (struct md_s *) opaque;
3643 md->card.attr_read = md_attr_read;
3644 md->card.attr_write = md_attr_write;
3645 md->card.common_read = md_common_read;
3646 md->card.common_write = md_common_write;
3647 md->card.io_read = md_common_read;
3648 md->card.io_write = md_common_write;
3649
3650 md->attr_base = md->card.cis[0x74] | (md->card.cis[0x76] << 8);
3651 md->io_base = 0x0;
3652
3653 md_reset(md);
3654 md_interrupt_update(md);
3655
3656 md->card.slot->card_string = "DSCM-1xxxx Hitachi Microdrive";
3657 return 0;
3658}
3659
3660static int dscm1xxxx_detach(void *opaque)
3661{
3662 struct md_s *md = (struct md_s *) opaque;
3663 md_reset(md);
3664 return 0;
3665}
3666
3667struct pcmcia_card_s *dscm1xxxx_init(BlockDriverState *bdrv)
3668{
3669 struct md_s *md = (struct md_s *) qemu_mallocz(sizeof(struct md_s));
3670 md->card.state = md;
3671 md->card.attach = dscm1xxxx_attach;
3672 md->card.detach = dscm1xxxx_detach;
3673 md->card.cis = dscm1xxxx_cis;
3674 md->card.cis_len = sizeof(dscm1xxxx_cis);
3675
3676 ide_init2(md->ide, bdrv, 0, qemu_allocate_irqs(md_set_irq, md, 1)[0]);
3677 md->ide->is_cf = 1;
3678 md->ide->mdata_size = METADATA_SIZE;
3679 md->ide->mdata_storage = (uint8_t *) qemu_mallocz(METADATA_SIZE);
aa941b94
AZ		 3680
3681 register_savevm("microdrive", md_iid ++, 0, md_save, md_load, md);
3682
201a51fc
AZ		 3683 return &md->card;
3684}
QEMU mirror