debuggers.hg

view tools/ioemu/hw/ide.c @ 0:7d21f7218375

Exact replica of unstable on 051908 + README-this
author Mukesh Rathor
date Mon May 19 15:34:57 2008 -0700 (2008-05-19)
parents
children 790c2f0eaf7c
line source
1 /*
2 * QEMU IDE disk and CD-ROM Emulator
3 *
4 * Copyright (c) 2003 Fabrice Bellard
5 *
6 * Permission is hereby granted, free of charge, to any person obtaining a copy
7 * of this software and associated documentation files (the "Software"), to deal
8 * in the Software without restriction, including without limitation the rights
9 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
10 * copies of the Software, and to permit persons to whom the Software is
11 * furnished to do so, subject to the following conditions:
12 *
13 * The above copyright notice and this permission notice shall be included in
14 * all copies or substantial portions of the Software.
15 *
16 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
17 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
18 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
19 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
20 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
21 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
22 * THE SOFTWARE.
23 */
24 #include "vl.h"
25 #include <malloc.h>
27 /* debug IDE devices */
28 //#define DEBUG_IDE
29 //#define DEBUG_IDE_ATAPI
30 //#define DEBUG_AIO
31 #define USE_DMA_CDROM
33 /* Bits of HD_STATUS */
34 #define ERR_STAT 0x01
35 #define INDEX_STAT 0x02
36 #define ECC_STAT 0x04 /* Corrected error */
37 #define DRQ_STAT 0x08
38 #define SEEK_STAT 0x10
39 #define SRV_STAT 0x10
40 #define WRERR_STAT 0x20
41 #define READY_STAT 0x40
42 #define BUSY_STAT 0x80
44 /* Bits for HD_ERROR */
45 #define MARK_ERR 0x01 /* Bad address mark */
46 #define TRK0_ERR 0x02 /* couldn't find track 0 */
47 #define ABRT_ERR 0x04 /* Command aborted */
48 #define MCR_ERR 0x08 /* media change request */
49 #define ID_ERR 0x10 /* ID field not found */
50 #define MC_ERR 0x20 /* media changed */
51 #define ECC_ERR 0x40 /* Uncorrectable ECC error */
52 #define BBD_ERR 0x80 /* pre-EIDE meaning: block marked bad */
53 #define ICRC_ERR 0x80 /* new meaning: CRC error during transfer */
55 /* Bits of HD_NSECTOR */
56 #define CD 0x01
57 #define IO 0x02
58 #define REL 0x04
59 #define TAG_MASK 0xf8
61 #define IDE_CMD_RESET 0x04
62 #define IDE_CMD_DISABLE_IRQ 0x02
64 /* ATA/ATAPI Commands pre T13 Spec */
65 #define WIN_NOP 0x00
66 /*
67 * 0x01->0x02 Reserved
68 */
69 #define CFA_REQ_EXT_ERROR_CODE 0x03 /* CFA Request Extended Error Code */
70 /*
71 * 0x04->0x07 Reserved
72 */
73 #define WIN_SRST 0x08 /* ATAPI soft reset command */
74 #define WIN_DEVICE_RESET 0x08
75 /*
76 * 0x09->0x0F Reserved
77 */
78 #define WIN_RECAL 0x10
79 #define WIN_RESTORE WIN_RECAL
80 /*
81 * 0x10->0x1F Reserved
82 */
83 #define WIN_READ 0x20 /* 28-Bit */
84 #define WIN_READ_ONCE 0x21 /* 28-Bit without retries */
85 #define WIN_READ_LONG 0x22 /* 28-Bit */
86 #define WIN_READ_LONG_ONCE 0x23 /* 28-Bit without retries */
87 #define WIN_READ_EXT 0x24 /* 48-Bit */
88 #define WIN_READDMA_EXT 0x25 /* 48-Bit */
89 #define WIN_READDMA_QUEUED_EXT 0x26 /* 48-Bit */
90 #define WIN_READ_NATIVE_MAX_EXT 0x27 /* 48-Bit */
91 /*
92 * 0x28
93 */
94 #define WIN_MULTREAD_EXT 0x29 /* 48-Bit */
95 /*
96 * 0x2A->0x2F Reserved
97 */
98 #define WIN_WRITE 0x30 /* 28-Bit */
99 #define WIN_WRITE_ONCE 0x31 /* 28-Bit without retries */
100 #define WIN_WRITE_LONG 0x32 /* 28-Bit */
101 #define WIN_WRITE_LONG_ONCE 0x33 /* 28-Bit without retries */
102 #define WIN_WRITE_EXT 0x34 /* 48-Bit */
103 #define WIN_WRITEDMA_EXT 0x35 /* 48-Bit */
104 #define WIN_WRITEDMA_QUEUED_EXT 0x36 /* 48-Bit */
105 #define WIN_SET_MAX_EXT 0x37 /* 48-Bit */
106 #define CFA_WRITE_SECT_WO_ERASE 0x38 /* CFA Write Sectors without erase */
107 #define WIN_MULTWRITE_EXT 0x39 /* 48-Bit */
108 /*
109 * 0x3A->0x3B Reserved
110 */
111 #define WIN_WRITE_VERIFY 0x3C /* 28-Bit */
112 /*
113 * 0x3D->0x3F Reserved
114 */
115 #define WIN_VERIFY 0x40 /* 28-Bit - Read Verify Sectors */
116 #define WIN_VERIFY_ONCE 0x41 /* 28-Bit - without retries */
117 #define WIN_VERIFY_EXT 0x42 /* 48-Bit */
118 /*
119 * 0x43->0x4F Reserved
120 */
121 #define WIN_FORMAT 0x50
122 /*
123 * 0x51->0x5F Reserved
124 */
125 #define WIN_INIT 0x60
126 /*
127 * 0x61->0x5F Reserved
128 */
129 #define WIN_SEEK 0x70 /* 0x70-0x7F Reserved */
130 #define CFA_TRANSLATE_SECTOR 0x87 /* CFA Translate Sector */
131 #define WIN_DIAGNOSE 0x90
132 #define WIN_SPECIFY 0x91 /* set drive geometry translation */
133 #define WIN_DOWNLOAD_MICROCODE 0x92
134 #define WIN_STANDBYNOW2 0x94
135 #define WIN_STANDBY2 0x96
136 #define WIN_SETIDLE2 0x97
137 #define WIN_CHECKPOWERMODE2 0x98
138 #define WIN_SLEEPNOW2 0x99
139 /*
140 * 0x9A VENDOR
141 */
142 #define WIN_PACKETCMD 0xA0 /* Send a packet command. */
143 #define WIN_PIDENTIFY 0xA1 /* identify ATAPI device */
144 #define WIN_QUEUED_SERVICE 0xA2
145 #define WIN_SMART 0xB0 /* self-monitoring and reporting */
146 #define CFA_ERASE_SECTORS 0xC0
147 #define WIN_MULTREAD 0xC4 /* read sectors using multiple mode*/
148 #define WIN_MULTWRITE 0xC5 /* write sectors using multiple mode */
149 #define WIN_SETMULT 0xC6 /* enable/disable multiple mode */
150 #define WIN_READDMA_QUEUED 0xC7 /* read sectors using Queued DMA transfers */
151 #define WIN_READDMA 0xC8 /* read sectors using DMA transfers */
152 #define WIN_READDMA_ONCE 0xC9 /* 28-Bit - without retries */
153 #define WIN_WRITEDMA 0xCA /* write sectors using DMA transfers */
154 #define WIN_WRITEDMA_ONCE 0xCB /* 28-Bit - without retries */
155 #define WIN_WRITEDMA_QUEUED 0xCC /* write sectors using Queued DMA transfers */
156 #define CFA_WRITE_MULTI_WO_ERASE 0xCD /* CFA Write multiple without erase */
157 #define WIN_GETMEDIASTATUS 0xDA
158 #define WIN_ACKMEDIACHANGE 0xDB /* ATA-1, ATA-2 vendor */
159 #define WIN_POSTBOOT 0xDC
160 #define WIN_PREBOOT 0xDD
161 #define WIN_DOORLOCK 0xDE /* lock door on removable drives */
162 #define WIN_DOORUNLOCK 0xDF /* unlock door on removable drives */
163 #define WIN_STANDBYNOW1 0xE0
164 #define WIN_IDLEIMMEDIATE 0xE1 /* force drive to become "ready" */
165 #define WIN_STANDBY 0xE2 /* Set device in Standby Mode */
166 #define WIN_SETIDLE1 0xE3
167 #define WIN_READ_BUFFER 0xE4 /* force read only 1 sector */
168 #define WIN_CHECKPOWERMODE1 0xE5
169 #define WIN_SLEEPNOW1 0xE6
170 #define WIN_FLUSH_CACHE 0xE7
171 #define WIN_WRITE_BUFFER 0xE8 /* force write only 1 sector */
172 #define WIN_WRITE_SAME 0xE9 /* read ata-2 to use */
173 /* SET_FEATURES 0x22 or 0xDD */
174 #define WIN_FLUSH_CACHE_EXT 0xEA /* 48-Bit */
175 #define WIN_IDENTIFY 0xEC /* ask drive to identify itself */
176 #define WIN_MEDIAEJECT 0xED
177 #define WIN_IDENTIFY_DMA 0xEE /* same as WIN_IDENTIFY, but DMA */
178 #define WIN_SETFEATURES 0xEF /* set special drive features */
179 #define EXABYTE_ENABLE_NEST 0xF0
180 #define WIN_SECURITY_SET_PASS 0xF1
181 #define WIN_SECURITY_UNLOCK 0xF2
182 #define WIN_SECURITY_ERASE_PREPARE 0xF3
183 #define WIN_SECURITY_ERASE_UNIT 0xF4
184 #define WIN_SECURITY_FREEZE_LOCK 0xF5
185 #define WIN_SECURITY_DISABLE 0xF6
186 #define WIN_READ_NATIVE_MAX 0xF8 /* return the native maximum address */
187 #define WIN_SET_MAX 0xF9
188 #define DISABLE_SEAGATE 0xFB
190 /* set to 1 set disable mult support */
191 #define MAX_MULT_SECTORS 16
192 #ifdef CONFIG_STUBDOM
193 #include <xen/io/blkif.h>
194 #define IDE_DMA_BUF_SIZE (BLKIF_MAX_SEGMENTS_PER_REQUEST * TARGET_PAGE_SIZE)
195 #else
196 #define IDE_DMA_BUF_SIZE 131072
197 #endif
198 #if (IDE_DMA_BUF_SIZE < MAX_MULT_SECTORS * 512)
199 #error "IDE_DMA_BUF_SIZE must be bigger or equal to MAX_MULT_SECTORS * 512"
200 #endif
202 /* ATAPI defines */
204 #define ATAPI_PACKET_SIZE 12
206 /* The generic packet command opcodes for CD/DVD Logical Units,
207 * From Table 57 of the SFF8090 Ver. 3 (Mt. Fuji) draft standard. */
208 #define GPCMD_BLANK 0xa1
209 #define GPCMD_CLOSE_TRACK 0x5b
210 #define GPCMD_FLUSH_CACHE 0x35
211 #define GPCMD_FORMAT_UNIT 0x04
212 #define GPCMD_GET_CONFIGURATION 0x46
213 #define GPCMD_GET_EVENT_STATUS_NOTIFICATION 0x4a
214 #define GPCMD_GET_PERFORMANCE 0xac
215 #define GPCMD_INQUIRY 0x12
216 #define GPCMD_LOAD_UNLOAD 0xa6
217 #define GPCMD_MECHANISM_STATUS 0xbd
218 #define GPCMD_MODE_SELECT_10 0x55
219 #define GPCMD_MODE_SENSE_10 0x5a
220 #define GPCMD_PAUSE_RESUME 0x4b
221 #define GPCMD_PLAY_AUDIO_10 0x45
222 #define GPCMD_PLAY_AUDIO_MSF 0x47
223 #define GPCMD_PLAY_AUDIO_TI 0x48
224 #define GPCMD_PLAY_CD 0xbc
225 #define GPCMD_PREVENT_ALLOW_MEDIUM_REMOVAL 0x1e
226 #define GPCMD_READ_10 0x28
227 #define GPCMD_READ_12 0xa8
228 #define GPCMD_READ_CDVD_CAPACITY 0x25
229 #define GPCMD_READ_CD 0xbe
230 #define GPCMD_READ_CD_MSF 0xb9
231 #define GPCMD_READ_DISC_INFO 0x51
232 #define GPCMD_READ_DVD_STRUCTURE 0xad
233 #define GPCMD_READ_FORMAT_CAPACITIES 0x23
234 #define GPCMD_READ_HEADER 0x44
235 #define GPCMD_READ_TRACK_RZONE_INFO 0x52
236 #define GPCMD_READ_SUBCHANNEL 0x42
237 #define GPCMD_READ_TOC_PMA_ATIP 0x43
238 #define GPCMD_REPAIR_RZONE_TRACK 0x58
239 #define GPCMD_REPORT_KEY 0xa4
240 #define GPCMD_REQUEST_SENSE 0x03
241 #define GPCMD_RESERVE_RZONE_TRACK 0x53
242 #define GPCMD_SCAN 0xba
243 #define GPCMD_SEEK 0x2b
244 #define GPCMD_SEND_DVD_STRUCTURE 0xad
245 #define GPCMD_SEND_EVENT 0xa2
246 #define GPCMD_SEND_KEY 0xa3
247 #define GPCMD_SEND_OPC 0x54
248 #define GPCMD_SET_READ_AHEAD 0xa7
249 #define GPCMD_SET_STREAMING 0xb6
250 #define GPCMD_START_STOP_UNIT 0x1b
251 #define GPCMD_STOP_PLAY_SCAN 0x4e
252 #define GPCMD_TEST_UNIT_READY 0x00
253 #define GPCMD_VERIFY_10 0x2f
254 #define GPCMD_WRITE_10 0x2a
255 #define GPCMD_WRITE_AND_VERIFY_10 0x2e
256 /* This is listed as optional in ATAPI 2.6, but is (curiously)
257 * missing from Mt. Fuji, Table 57. It _is_ mentioned in Mt. Fuji
258 * Table 377 as an MMC command for SCSi devices though... Most ATAPI
259 * drives support it. */
260 #define GPCMD_SET_SPEED 0xbb
261 /* This seems to be a SCSI specific CD-ROM opcode
262 * to play data at track/index */
263 #define GPCMD_PLAYAUDIO_TI 0x48
264 /*
265 * From MS Media Status Notification Support Specification. For
266 * older drives only.
267 */
268 #define GPCMD_GET_MEDIA_STATUS 0xda
270 /* Mode page codes for mode sense/set */
271 #define GPMODE_R_W_ERROR_PAGE 0x01
272 #define GPMODE_WRITE_PARMS_PAGE 0x05
273 #define GPMODE_AUDIO_CTL_PAGE 0x0e
274 #define GPMODE_POWER_PAGE 0x1a
275 #define GPMODE_FAULT_FAIL_PAGE 0x1c
276 #define GPMODE_TO_PROTECT_PAGE 0x1d
277 #define GPMODE_CAPABILITIES_PAGE 0x2a
278 #define GPMODE_ALL_PAGES 0x3f
279 /* Not in Mt. Fuji, but in ATAPI 2.6 -- depricated now in favor
280 * of MODE_SENSE_POWER_PAGE */
281 #define GPMODE_CDROM_PAGE 0x0d
283 #define ATAPI_INT_REASON_CD 0x01 /* 0 = data transfer */
284 #define ATAPI_INT_REASON_IO 0x02 /* 1 = transfer to the host */
285 #define ATAPI_INT_REASON_REL 0x04
286 #define ATAPI_INT_REASON_TAG 0xf8
288 /* same constants as bochs */
289 #define ASC_ILLEGAL_OPCODE 0x20
290 #define ASC_LOGICAL_BLOCK_OOR 0x21
291 #define ASC_INV_FIELD_IN_CMD_PACKET 0x24
292 #define ASC_MEDIUM_MAY_HAVE_CHANGED 0x28
293 #define ASC_MEDIUM_NOT_PRESENT 0x3a
294 #define ASC_SAVING_PARAMETERS_NOT_SUPPORTED 0x39
296 #define SENSE_NONE 0
297 #define SENSE_NOT_READY 2
298 #define SENSE_ILLEGAL_REQUEST 5
299 #define SENSE_UNIT_ATTENTION 6
301 struct IDEState;
303 typedef void EndTransferFunc(struct IDEState *);
305 /* NOTE: IDEState represents in fact one drive */
306 typedef struct IDEState {
307 /* ide config */
308 int is_cdrom;
309 int cylinders, heads, sectors;
310 int64_t nb_sectors;
311 int mult_sectors;
312 int identify_set;
313 uint16_t identify_data[256];
314 SetIRQFunc *set_irq;
315 void *irq_opaque;
316 int irq;
317 PCIDevice *pci_dev;
318 struct BMDMAState *bmdma;
319 int drive_serial;
320 int write_cache;
321 /* ide regs */
322 uint8_t feature;
323 uint8_t error;
324 uint32_t nsector;
325 uint8_t sector;
326 uint8_t lcyl;
327 uint8_t hcyl;
328 /* other part of tf for lba48 support */
329 uint8_t hob_feature;
330 uint8_t hob_nsector;
331 uint8_t hob_sector;
332 uint8_t hob_lcyl;
333 uint8_t hob_hcyl;
335 uint8_t select;
336 uint8_t status;
338 /* 0x3f6 command, only meaningful for drive 0 */
339 uint8_t cmd;
340 /* set for lba48 access */
341 uint8_t lba48;
342 /* depends on bit 4 in select, only meaningful for drive 0 */
343 struct IDEState *cur_drive;
344 BlockDriverState *bs;
345 /* ATAPI specific */
346 uint8_t sense_key;
347 uint8_t asc;
348 int packet_transfer_size;
349 int elementary_transfer_size;
350 int io_buffer_index;
351 int lba;
352 int cd_sector_size;
353 int atapi_dma; /* true if dma is requested for the packet cmd */
354 /* ATA DMA state */
355 int io_buffer_size;
356 /* PIO transfer handling */
357 int req_nb_sectors; /* number of sectors per interrupt */
358 EndTransferFunc *end_transfer_func;
359 uint8_t *data_ptr;
360 uint8_t *data_end;
361 uint8_t *io_buffer;
362 QEMUTimer *sector_write_timer; /* only used for win2k instal hack */
363 uint32_t irq_count; /* counts IRQs when using win2k install hack */
364 } IDEState;
366 #define BM_STATUS_DMAING 0x01
367 #define BM_STATUS_ERROR 0x02
368 #define BM_STATUS_INT 0x04
370 #define BM_CMD_START 0x01
371 #define BM_CMD_READ 0x08
373 #define IDE_TYPE_PIIX3 0
374 #define IDE_TYPE_CMD646 1
376 /* CMD646 specific */
377 #define MRDMODE 0x71
378 #define MRDMODE_INTR_CH0 0x04
379 #define MRDMODE_INTR_CH1 0x08
380 #define MRDMODE_BLK_CH0 0x10
381 #define MRDMODE_BLK_CH1 0x20
382 #define UDIDETCR0 0x73
383 #define UDIDETCR1 0x7B
385 typedef struct BMDMAState {
386 uint8_t cmd;
387 uint8_t status;
388 uint32_t addr;
390 struct PCIIDEState *pci_dev;
391 /* current transfer state */
392 uint32_t cur_addr;
393 uint32_t cur_prd_last;
394 uint32_t cur_prd_addr;
395 uint32_t cur_prd_len;
396 IDEState *ide_if;
397 BlockDriverCompletionFunc *dma_cb;
398 BlockDriverAIOCB *aiocb;
399 } BMDMAState;
401 typedef struct PCIIDEState {
402 PCIDevice dev;
403 IDEState ide_if[4];
404 BMDMAState bmdma[2];
405 int type; /* see IDE_TYPE_xxx */
406 } PCIIDEState;
408 #if defined(__ia64__)
409 #include <xen/hvm/ioreq.h>
411 struct buffered_piopage *buffered_pio_page;
413 static inline struct pio_buffer *
414 piobuf_by_addr(uint32_t addr)
415 {
416 if (addr == 0x1F0)
417 return &buffered_pio_page->pio[PIO_BUFFER_IDE_PRIMARY];
418 if (addr == 0x170)
419 return &buffered_pio_page->pio[PIO_BUFFER_IDE_SECONDARY];
420 return NULL;
421 }
423 static void
424 buffered_pio_init(void)
425 {
426 struct pio_buffer *p1, *p2;
427 uint32_t off1, off2;
429 if (!buffered_pio_page)
430 return;
432 p1 = &buffered_pio_page->pio[PIO_BUFFER_IDE_PRIMARY];
433 p2 = &buffered_pio_page->pio[PIO_BUFFER_IDE_SECONDARY];
434 off1 = offsetof(struct buffered_piopage, buffer);
435 off2 = (off1 + TARGET_PAGE_SIZE)/2;
437 p1->buf_size = off2 - off1;
438 p1->page_offset = off1;
440 p2->buf_size = TARGET_PAGE_SIZE - off2;
441 p2->page_offset = off2;
442 }
444 static inline void
445 __buffered_pio_flush(struct pio_buffer *piobuf, IDEState *s, uint32_t pointer)
446 {
447 uint8_t *buf = (uint8_t *)buffered_pio_page + piobuf->page_offset;
448 memcpy(s->data_ptr, buf, pointer);
449 s->data_ptr += pointer;
450 }
452 static inline void
453 buffered_pio_flush(struct pio_buffer *piobuf)
454 {
455 IDEState *s = piobuf->opaque;
456 uint32_t pointer = piobuf->pointer;
458 if (s != NULL && pointer > 0)
459 __buffered_pio_flush(piobuf, s, pointer);
460 }
462 static inline void
463 buffered_pio_reset(IDEState *s)
464 {
465 struct pio_buffer *piobuf;
467 if ((unsigned)s->drive_serial - 1 < 2) /* 1,2 */
468 piobuf = &buffered_pio_page->pio[PIO_BUFFER_IDE_PRIMARY];
469 else if ((unsigned)s->drive_serial - 3 < 2) /* 3,4 */
470 piobuf = &buffered_pio_page->pio[PIO_BUFFER_IDE_SECONDARY];
471 else
472 return;
473 buffered_pio_flush(piobuf);
474 piobuf->pointer = 0;
475 piobuf->data_end = 0;
476 piobuf->opaque = NULL;
477 }
479 static inline void
480 buffered_pio_write(IDEState *s, uint32_t addr, int size)
481 {
482 struct pio_buffer *piobuf = piobuf_by_addr(addr);
483 int data_end;
485 if (!piobuf)
486 return;
487 buffered_pio_flush(piobuf);
488 data_end = s->data_end - s->data_ptr - size;
489 if (data_end <= 0)
490 data_end = 0;
491 else if (data_end > piobuf->buf_size)
492 data_end = piobuf->buf_size;
493 piobuf->pointer = 0;
494 piobuf->data_end = data_end;
495 piobuf->opaque = s;
496 }
498 static inline void
499 buffered_pio_read(IDEState *s, uint32_t addr, int size)
500 {
501 struct pio_buffer *piobuf = piobuf_by_addr(addr);
502 int data_end;
504 if (!piobuf)
505 return;
506 s->data_ptr += piobuf->pointer;
507 data_end = s->data_end - s->data_ptr - size;
508 if (data_end <= 0) {
509 data_end = 0;
510 } else {
511 uint8_t *buf = (uint8_t *)buffered_pio_page + piobuf->page_offset;
512 if (data_end > piobuf->buf_size)
513 data_end = piobuf->buf_size;
514 memcpy(buf, s->data_ptr + size, data_end);
515 }
516 piobuf->pointer = 0;
517 piobuf->data_end = data_end;
518 piobuf->opaque = NULL;
519 }
521 /*
522 * buffered pio reads are undone. It results in normal pio when the domain
523 * is restored.
524 * buffered pio writes are handled before saving domain.
525 * However currently pci_ide_save/load() just discards a pending transfer. XXX
526 */
527 static void
528 __handle_buffered_pio(struct pio_buffer *piobuf)
529 {
530 IDEState *s = piobuf->opaque;
531 uint32_t pointer = piobuf->pointer;
534 if (pointer == 0)
535 return;/* no buffered pio */
537 if (s != NULL) {
538 /* written data are pending in pio_buffer. process it */
539 __buffered_pio_flush(piobuf, s, pointer);
540 } else {
541 /* data are buffered for pio read in pio_buffer.
542 * undone buffering by buffered_pio_read()
543 */
544 if (pointer > s->data_ptr - s->io_buffer)
545 pointer = s->data_ptr - s->io_buffer;
546 s->data_ptr -= pointer;
547 }
549 piobuf->pointer = 0;
550 piobuf->data_end = 0;
551 piobuf->opaque = NULL;
552 }
554 void
555 handle_buffered_pio(void)
556 {
557 struct pio_buffer *p1, *p2;
559 if (!buffered_pio_page)
560 return;
562 p1 = &buffered_pio_page->pio[PIO_BUFFER_IDE_PRIMARY];
563 p2 = &buffered_pio_page->pio[PIO_BUFFER_IDE_SECONDARY];
565 __handle_buffered_pio(p1);
566 __handle_buffered_pio(p2);
567 }
569 #else /* !__ia64__ */
570 #define buffered_pio_init() do {} while (0)
571 #define buffered_pio_reset(I) do {} while (0)
572 #define buffered_pio_write(I,A,S) do {} while (0)
573 #define buffered_pio_read(I,A,S) do {} while (0)
574 #endif
576 static void ide_dma_start(IDEState *s, BlockDriverCompletionFunc *dma_cb);
577 static void ide_atapi_cmd_read_dma_cb(void *opaque, int ret);
579 static void padstr(char *str, const char *src, int len)
580 {
581 int i, v;
582 for(i = 0; i < len; i++) {
583 if (*src)
584 v = *src++;
585 else
586 v = ' ';
587 *(char *)((long)str ^ 1) = v;
588 str++;
589 }
590 }
592 static void padstr8(uint8_t *buf, int buf_size, const char *src)
593 {
594 int i;
595 for(i = 0; i < buf_size; i++) {
596 if (*src)
597 buf[i] = *src++;
598 else
599 buf[i] = ' ';
600 }
601 }
603 static void put_le16(uint16_t *p, unsigned int v)
604 {
605 *p = cpu_to_le16(v);
606 }
608 static void ide_identify(IDEState *s)
609 {
610 uint16_t *p;
611 unsigned int oldsize;
612 char buf[20];
614 if (s->identify_set) {
615 memcpy(s->io_buffer, s->identify_data, sizeof(s->identify_data));
616 return;
617 }
619 memset(s->io_buffer, 0, 512);
620 p = (uint16_t *)s->io_buffer;
621 put_le16(p + 0, 0x0040);
622 put_le16(p + 1, s->cylinders);
623 put_le16(p + 3, s->heads);
624 put_le16(p + 4, 512 * s->sectors); /* XXX: retired, remove ? */
625 put_le16(p + 5, 512); /* XXX: retired, remove ? */
626 put_le16(p + 6, s->sectors);
627 snprintf(buf, sizeof(buf), "QM%05d", s->drive_serial);
628 padstr((uint8_t *)(p + 10), buf, 20); /* serial number */
629 put_le16(p + 20, 3); /* XXX: retired, remove ? */
630 put_le16(p + 21, 512); /* cache size in sectors */
631 put_le16(p + 22, 4); /* ecc bytes */
632 padstr((uint8_t *)(p + 23), QEMU_VERSION, 8); /* firmware version */
633 padstr((uint8_t *)(p + 27), "QEMU HARDDISK", 40); /* model */
634 #if MAX_MULT_SECTORS > 1
635 put_le16(p + 47, 0x8000 | MAX_MULT_SECTORS);
636 #endif
637 put_le16(p + 48, 1); /* dword I/O */
638 put_le16(p + 49, (1 << 11) | (1 << 9) | (1 << 8)); /* DMA and LBA supported */
639 put_le16(p + 51, 0x200); /* PIO transfer cycle */
640 put_le16(p + 52, 0x200); /* DMA transfer cycle */
641 put_le16(p + 53, 1 | (1 << 1) | (1 << 2)); /* words 54-58,64-70,88 are valid */
642 put_le16(p + 54, s->cylinders);
643 put_le16(p + 55, s->heads);
644 put_le16(p + 56, s->sectors);
645 oldsize = s->cylinders * s->heads * s->sectors;
646 put_le16(p + 57, oldsize);
647 put_le16(p + 58, oldsize >> 16);
648 if (s->mult_sectors)
649 put_le16(p + 59, 0x100 | s->mult_sectors);
650 put_le16(p + 60, s->nb_sectors);
651 put_le16(p + 61, s->nb_sectors >> 16);
652 put_le16(p + 63, 0x07); /* mdma0-2 supported */
653 put_le16(p + 65, 120);
654 put_le16(p + 66, 120);
655 put_le16(p + 67, 120);
656 put_le16(p + 68, 120);
657 put_le16(p + 80, 0xf0); /* ata3 -> ata6 supported */
658 put_le16(p + 81, 0x16); /* conforms to ata5 */
659 /* 14=nop 5=write_cache */
660 put_le16(p + 82, (1 << 14) | (1 << 5));
661 /* 13=flush_cache_ext,12=flush_cache,10=lba48 */
662 put_le16(p + 83, (1 << 14) | (1 << 13) | (1 <<12) | (1 << 10));
663 put_le16(p + 84, (1 << 14));
664 /* 14=nop 5=write_cache */
665 put_le16(p + 85, (1 << 14) | (s->write_cache << 5));
666 /* 13=flush_cache_ext,12=flush_cache,10=lba48 */
667 put_le16(p + 86, (1 << 14) | (1 << 13) | (1 <<12) | (1 << 10));
668 put_le16(p + 87, (1 << 14));
669 put_le16(p + 88, 0x3f | (1 << 13)); /* udma5 set and supported */
670 put_le16(p + 93, 1 | (1 << 14) | 0x2000);
671 put_le16(p + 100, s->nb_sectors);
672 put_le16(p + 101, s->nb_sectors >> 16);
673 put_le16(p + 102, s->nb_sectors >> 32);
674 put_le16(p + 103, s->nb_sectors >> 48);
676 memcpy(s->identify_data, p, sizeof(s->identify_data));
677 s->identify_set = 1;
678 }
680 static void ide_atapi_identify(IDEState *s)
681 {
682 uint16_t *p;
683 char buf[20];
685 if (s->identify_set) {
686 memcpy(s->io_buffer, s->identify_data, sizeof(s->identify_data));
687 return;
688 }
690 memset(s->io_buffer, 0, 512);
691 p = (uint16_t *)s->io_buffer;
692 /* Removable CDROM, 50us response, 12 byte packets */
693 put_le16(p + 0, (2 << 14) | (5 << 8) | (1 << 7) | (2 << 5) | (0 << 0));
694 snprintf(buf, sizeof(buf), "QM%05d", s->drive_serial);
695 padstr((uint8_t *)(p + 10), buf, 20); /* serial number */
696 put_le16(p + 20, 3); /* buffer type */
697 put_le16(p + 21, 512); /* cache size in sectors */
698 put_le16(p + 22, 4); /* ecc bytes */
699 padstr((uint8_t *)(p + 23), QEMU_VERSION, 8); /* firmware version */
700 padstr((uint8_t *)(p + 27), "QEMU CD-ROM", 40); /* model */
701 put_le16(p + 48, 1); /* dword I/O (XXX: should not be set on CDROM) */
702 #ifdef USE_DMA_CDROM
703 put_le16(p + 49, 1 << 9 | 1 << 8); /* DMA and LBA supported */
704 put_le16(p + 53, 7); /* words 64-70, 54-58, 88 valid */
705 put_le16(p + 63, 7); /* mdma0-2 supported */
706 put_le16(p + 64, 0x3f); /* PIO modes supported */
707 #else
708 put_le16(p + 49, 1 << 9); /* LBA supported, no DMA */
709 put_le16(p + 53, 3); /* words 64-70, 54-58 valid */
710 put_le16(p + 63, 0x103); /* DMA modes XXX: may be incorrect */
711 put_le16(p + 64, 1); /* PIO modes */
712 #endif
713 put_le16(p + 65, 0xb4); /* minimum DMA multiword tx cycle time */
714 put_le16(p + 66, 0xb4); /* recommended DMA multiword tx cycle time */
715 put_le16(p + 67, 0x12c); /* minimum PIO cycle time without flow control */
716 put_le16(p + 68, 0xb4); /* minimum PIO cycle time with IORDY flow control */
718 put_le16(p + 71, 30); /* in ns */
719 put_le16(p + 72, 30); /* in ns */
721 put_le16(p + 80, 0x1e); /* support up to ATA/ATAPI-4 */
722 #ifdef USE_DMA_CDROM
723 put_le16(p + 88, 0x3f | (1 << 13)); /* udma5 set and supported */
724 #endif
725 memcpy(s->identify_data, p, sizeof(s->identify_data));
726 s->identify_set = 1;
727 }
729 static void ide_set_signature(IDEState *s)
730 {
731 s->select &= 0xf0; /* clear head */
732 /* put signature */
733 s->nsector = 1;
734 s->sector = 1;
735 if (s->is_cdrom) {
736 s->lcyl = 0x14;
737 s->hcyl = 0xeb;
738 } else if (s->bs) {
739 s->lcyl = 0;
740 s->hcyl = 0;
741 } else {
742 s->lcyl = 0xff;
743 s->hcyl = 0xff;
744 }
745 }
747 static inline void ide_abort_command(IDEState *s)
748 {
749 s->status = READY_STAT | ERR_STAT;
750 s->error = ABRT_ERR;
751 }
753 static inline void ide_set_irq(IDEState *s)
754 {
755 BMDMAState *bm = s->bmdma;
756 if (!s->bs) return; /* yikes */
757 if (!(s->cmd & IDE_CMD_DISABLE_IRQ)) {
758 if (bm) {
759 bm->status |= BM_STATUS_INT;
760 }
761 s->set_irq(s->irq_opaque, s->irq, 1);
762 }
763 }
765 /* prepare data transfer and tell what to do after */
766 static void ide_transfer_start(IDEState *s, uint8_t *buf, int size,
767 EndTransferFunc *end_transfer_func)
768 {
769 s->end_transfer_func = end_transfer_func;
770 s->data_ptr = buf;
771 s->data_end = buf + size;
772 /* don't violate the HSM */
773 if (!(s->status & ERR_STAT))
774 s->status |= DRQ_STAT;
775 buffered_pio_reset(s);
776 }
778 static void ide_transfer_stop(IDEState *s)
779 {
780 s->end_transfer_func = ide_transfer_stop;
781 s->data_ptr = s->io_buffer;
782 s->data_end = s->io_buffer;
783 s->status &= ~DRQ_STAT;
784 buffered_pio_reset(s);
785 }
787 static int64_t ide_get_sector(IDEState *s)
788 {
789 int64_t sector_num;
790 if (s->select & 0x40) {
791 /* lba */
792 if (!s->lba48) {
793 sector_num = ((s->select & 0x0f) << 24) | (s->hcyl << 16) |
794 (s->lcyl << 8) | s->sector;
795 } else {
796 sector_num = ((int64_t)s->hob_hcyl << 40) |
797 ((int64_t) s->hob_lcyl << 32) |
798 ((int64_t) s->hob_sector << 24) |
799 ((int64_t) s->hcyl << 16) |
800 ((int64_t) s->lcyl << 8) | s->sector;
801 }
802 } else {
803 sector_num = ((s->hcyl << 8) | s->lcyl) * s->heads * s->sectors +
804 (s->select & 0x0f) * s->sectors + (s->sector - 1);
805 }
806 return sector_num;
807 }
809 static void ide_set_sector(IDEState *s, int64_t sector_num)
810 {
811 unsigned int cyl, r;
812 if (s->select & 0x40) {
813 if (!s->lba48) {
814 s->select = (s->select & 0xf0) | (sector_num >> 24);
815 s->hcyl = (sector_num >> 16);
816 s->lcyl = (sector_num >> 8);
817 s->sector = (sector_num);
818 } else {
819 s->sector = sector_num;
820 s->lcyl = sector_num >> 8;
821 s->hcyl = sector_num >> 16;
822 s->hob_sector = sector_num >> 24;
823 s->hob_lcyl = sector_num >> 32;
824 s->hob_hcyl = sector_num >> 40;
825 }
826 } else {
827 cyl = sector_num / (s->heads * s->sectors);
828 r = sector_num % (s->heads * s->sectors);
829 s->hcyl = cyl >> 8;
830 s->lcyl = cyl;
831 s->select = (s->select & 0xf0) | ((r / s->sectors) & 0x0f);
832 s->sector = (r % s->sectors) + 1;
833 }
834 }
836 static void ide_sector_read(IDEState *s)
837 {
838 int64_t sector_num;
839 int n;
841 s->status = READY_STAT | SEEK_STAT;
842 s->error = 0; /* not needed by IDE spec, but needed by Windows */
843 sector_num = ide_get_sector(s);
844 n = s->nsector;
845 if (n == 0) {
846 /* no more sector to read from disk */
847 ide_transfer_stop(s);
848 } else {
849 #if defined(DEBUG_IDE)
850 printf("read sector=%Ld\n", sector_num);
851 #endif
852 if (n > s->req_nb_sectors)
853 n = s->req_nb_sectors;
854 if (bdrv_read(s->bs, sector_num, s->io_buffer, n) != 0) {
855 ide_abort_command(s);
856 ide_set_irq(s);
857 return;
858 }
859 ide_transfer_start(s, s->io_buffer, 512 * n, ide_sector_read);
860 ide_set_irq(s);
861 ide_set_sector(s, sector_num + n);
862 s->nsector -= n;
863 }
864 }
866 /* return 0 if buffer completed */
867 static int dma_buf_rw(BMDMAState *bm, int is_write)
868 {
869 IDEState *s = bm->ide_if;
870 struct {
871 uint32_t addr;
872 uint32_t size;
873 } prd;
874 int l, len;
876 for(;;) {
877 l = s->io_buffer_size - s->io_buffer_index;
878 if (l <= 0)
879 break;
880 if (bm->cur_prd_len == 0) {
881 /* end of table (with a fail safe of one page) */
882 if (bm->cur_prd_last ||
883 (bm->cur_addr - bm->addr) >= 4096)
884 return 0;
885 cpu_physical_memory_read(bm->cur_addr, (uint8_t *)&prd, 8);
886 bm->cur_addr += 8;
887 prd.addr = le32_to_cpu(prd.addr);
888 prd.size = le32_to_cpu(prd.size);
889 len = prd.size & 0xfffe;
890 if (len == 0)
891 len = 0x10000;
892 bm->cur_prd_len = len;
893 bm->cur_prd_addr = prd.addr;
894 bm->cur_prd_last = (prd.size & 0x80000000);
895 }
896 if (l > bm->cur_prd_len)
897 l = bm->cur_prd_len;
898 if (l > 0) {
899 if (is_write) {
900 cpu_physical_memory_write(bm->cur_prd_addr,
901 s->io_buffer + s->io_buffer_index, l);
902 } else {
903 cpu_physical_memory_read(bm->cur_prd_addr,
904 s->io_buffer + s->io_buffer_index, l);
905 }
906 bm->cur_prd_addr += l;
907 bm->cur_prd_len -= l;
908 s->io_buffer_index += l;
909 }
910 }
911 return 1;
912 }
914 /* XXX: handle errors */
915 static void ide_read_dma_cb(void *opaque, int ret)
916 {
917 BMDMAState *bm = opaque;
918 IDEState *s = bm->ide_if;
919 int n;
920 int64_t sector_num;
922 if (!s->bs) return; /* yikes */
924 n = s->io_buffer_size >> 9;
925 sector_num = ide_get_sector(s);
926 if (n > 0) {
927 sector_num += n;
928 ide_set_sector(s, sector_num);
929 s->nsector -= n;
930 if (dma_buf_rw(bm, 1) == 0)
931 goto eot;
932 }
934 /* end of transfer ? */
935 if (s->nsector == 0) {
936 s->status = READY_STAT | SEEK_STAT;
937 ide_set_irq(s);
938 eot:
939 bm->status &= ~BM_STATUS_DMAING;
940 bm->status |= BM_STATUS_INT;
941 bm->dma_cb = NULL;
942 bm->ide_if = NULL;
943 bm->aiocb = NULL;
944 return;
945 }
947 /* launch next transfer */
948 n = s->nsector;
949 if (n > IDE_DMA_BUF_SIZE / 512)
950 n = IDE_DMA_BUF_SIZE / 512;
951 s->io_buffer_index = 0;
952 s->io_buffer_size = n * 512;
953 #ifdef DEBUG_AIO
954 printf("aio_read: sector_num=%lld n=%d\n", sector_num, n);
955 #endif
956 bm->aiocb = bdrv_aio_read(s->bs, sector_num, s->io_buffer, n,
957 ide_read_dma_cb, bm);
958 }
960 static void ide_sector_read_dma(IDEState *s)
961 {
962 s->status = READY_STAT | SEEK_STAT | DRQ_STAT | BUSY_STAT;
963 s->io_buffer_index = 0;
964 s->io_buffer_size = 0;
965 ide_dma_start(s, ide_read_dma_cb);
966 }
968 static void ide_sector_write_timer_cb(void *opaque)
969 {
970 IDEState *s = opaque;
971 ide_set_irq(s);
972 }
974 static void ide_sector_write(IDEState *s)
975 {
976 int64_t sector_num;
977 int n, n1;
979 s->status = READY_STAT | SEEK_STAT;
980 sector_num = ide_get_sector(s);
981 #if defined(DEBUG_IDE)
982 printf("write sector=%Ld\n", sector_num);
983 #endif
984 n = s->nsector;
985 if (n > s->req_nb_sectors)
986 n = s->req_nb_sectors;
987 if (bdrv_write(s->bs, sector_num, s->io_buffer, n) != 0) {
988 ide_abort_command(s);
989 ide_set_irq(s);
990 return;
991 }
992 s->nsector -= n;
993 if (s->nsector == 0) {
994 /* no more sector to write */
995 ide_transfer_stop(s);
996 } else {
997 n1 = s->nsector;
998 if (n1 > s->req_nb_sectors)
999 n1 = s->req_nb_sectors;
1000 ide_transfer_start(s, s->io_buffer, 512 * n1, ide_sector_write);
1002 ide_set_sector(s, sector_num + n);
1004 if (!s->write_cache)
1005 bdrv_flush(s->bs);
1007 #ifdef TARGET_I386
1008 if (win2k_install_hack && ((++s->irq_count % 16) == 0)) {
1009 /* It seems there is a bug in the Windows 2000 installer HDD
1010 IDE driver which fills the disk with empty logs when the
1011 IDE write IRQ comes too early. This hack tries to correct
1012 that at the expense of slower write performances. Use this
1013 option _only_ to install Windows 2000. You must disable it
1014 for normal use. */
1015 qemu_mod_timer(s->sector_write_timer,
1016 qemu_get_clock(vm_clock) + (ticks_per_sec / 1000));
1017 } else
1018 #endif
1020 ide_set_irq(s);
1024 /* XXX: handle errors */
1025 static void ide_write_dma_cb(void *opaque, int ret)
1027 BMDMAState *bm = opaque;
1028 IDEState *s = bm->ide_if;
1029 int n;
1030 int64_t sector_num;
1032 if (!s->bs) return; /* yikes */
1034 n = s->io_buffer_size >> 9;
1035 sector_num = ide_get_sector(s);
1036 if (n > 0) {
1037 sector_num += n;
1038 ide_set_sector(s, sector_num);
1039 s->nsector -= n;
1042 /* end of transfer ? */
1043 if (s->nsector == 0) {
1044 /* Ensure the data hit disk before telling the guest OS so. */
1045 if (!s->write_cache)
1046 bdrv_flush(s->bs);
1047 s->status = READY_STAT | SEEK_STAT;
1048 ide_set_irq(s);
1049 eot:
1050 bm->status &= ~BM_STATUS_DMAING;
1051 bm->status |= BM_STATUS_INT;
1052 bm->dma_cb = NULL;
1053 bm->ide_if = NULL;
1054 bm->aiocb = NULL;
1055 return;
1058 /* launch next transfer */
1059 n = s->nsector;
1060 if (n > IDE_DMA_BUF_SIZE / 512)
1061 n = IDE_DMA_BUF_SIZE / 512;
1062 s->io_buffer_index = 0;
1063 s->io_buffer_size = n * 512;
1065 if (dma_buf_rw(bm, 0) == 0)
1066 goto eot;
1067 #ifdef DEBUG_AIO
1068 printf("aio_write: sector_num=%lld n=%d\n", sector_num, n);
1069 #endif
1070 bm->aiocb = bdrv_aio_write(s->bs, sector_num, s->io_buffer, n,
1071 ide_write_dma_cb, bm);
1074 static void ide_sector_write_dma(IDEState *s)
1076 s->status = READY_STAT | SEEK_STAT | DRQ_STAT | BUSY_STAT;
1077 s->io_buffer_index = 0;
1078 s->io_buffer_size = 0;
1079 ide_dma_start(s, ide_write_dma_cb);
1082 static void ide_device_utterly_broken(IDEState *s) {
1083 s->status |= BUSY_STAT;
1084 s->bs = NULL;
1085 /* This prevents all future commands from working. All of the
1086 * asynchronous callbacks (and ide_set_irq, as a safety measure)
1087 * check to see whether this has happened and bail if so.
1088 */
1091 static void ide_flush_cb(void *opaque, int ret)
1093 IDEState *s = opaque;
1095 if (!s->bs) return; /* yikes */
1097 if (ret) {
1098 /* We are completely doomed. The IDE spec does not permit us
1099 * to return an error from a flush except via a protocol which
1100 * requires us to say where the error is and which
1101 * contemplates the guest repeating the flush attempt to
1102 * attempt flush the remaining data. We can't support that
1103 * because f(data)sync (which is what the block drivers use
1104 * eventually) doesn't report the necessary information or
1105 * give us the necessary control. So we make the disk vanish.
1106 */
1107 ide_device_utterly_broken(s);
1108 return;
1110 else
1111 s->status = READY_STAT;
1112 ide_set_irq(s);
1115 static void ide_atapi_cmd_ok(IDEState *s)
1117 s->error = 0;
1118 s->status = READY_STAT;
1119 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
1120 ide_set_irq(s);
1123 static void ide_atapi_cmd_error(IDEState *s, int sense_key, int asc)
1125 #ifdef DEBUG_IDE_ATAPI
1126 printf("atapi_cmd_error: sense=0x%x asc=0x%x\n", sense_key, asc);
1127 #endif
1128 s->error = sense_key << 4;
1129 s->status = READY_STAT | ERR_STAT;
1130 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
1131 s->sense_key = sense_key;
1132 s->asc = asc;
1133 ide_set_irq(s);
1136 static inline void cpu_to_ube16(uint8_t *buf, int val)
1138 buf[0] = val >> 8;
1139 buf[1] = val;
1142 static inline void cpu_to_ube32(uint8_t *buf, unsigned int val)
1144 buf[0] = val >> 24;
1145 buf[1] = val >> 16;
1146 buf[2] = val >> 8;
1147 buf[3] = val;
1150 static inline int ube16_to_cpu(const uint8_t *buf)
1152 return (buf[0] << 8) | buf[1];
1155 static inline int ube32_to_cpu(const uint8_t *buf)
1157 return (buf[0] << 24) | (buf[1] << 16) | (buf[2] << 8) | buf[3];
1160 static void lba_to_msf(uint8_t *buf, int lba)
1162 lba += 150;
1163 buf[0] = (lba / 75) / 60;
1164 buf[1] = (lba / 75) % 60;
1165 buf[2] = lba % 75;
1168 static void cd_data_to_raw(uint8_t *buf, int lba)
1170 /* sync bytes */
1171 buf[0] = 0x00;
1172 memset(buf + 1, 0xff, 10);
1173 buf[11] = 0x00;
1174 buf += 12;
1175 /* MSF */
1176 lba_to_msf(buf, lba);
1177 buf[3] = 0x01; /* mode 1 data */
1178 buf += 4;
1179 /* data */
1180 buf += 2048;
1181 /* XXX: ECC not computed */
1182 memset(buf, 0, 288);
1185 static int cd_read_sector(BlockDriverState *bs, int lba, uint8_t *buf,
1186 int sector_size)
1188 int ret;
1190 switch(sector_size) {
1191 case 2048:
1192 ret = bdrv_read(bs, (int64_t)lba << 2, buf, 4);
1193 break;
1194 case 2352:
1195 ret = bdrv_read(bs, (int64_t)lba << 2, buf + 16, 4);
1196 if (ret < 0)
1197 return ret;
1198 cd_data_to_raw(buf, lba);
1199 break;
1200 default:
1201 ret = -EIO;
1202 break;
1204 return ret;
1207 static void ide_atapi_io_error(IDEState *s, int ret)
1209 /* XXX: handle more errors */
1210 if (ret == -ENOMEDIUM) {
1211 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1212 ASC_MEDIUM_NOT_PRESENT);
1213 } else {
1214 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1215 ASC_LOGICAL_BLOCK_OOR);
1219 /* The whole ATAPI transfer logic is handled in this function */
1220 static void ide_atapi_cmd_reply_end(IDEState *s)
1222 int byte_count_limit, size, ret;
1223 #ifdef DEBUG_IDE_ATAPI
1224 printf("reply: tx_size=%d elem_tx_size=%d index=%d\n",
1225 s->packet_transfer_size,
1226 s->elementary_transfer_size,
1227 s->io_buffer_index);
1228 #endif
1229 if (s->packet_transfer_size <= 0) {
1230 /* end of transfer */
1231 ide_transfer_stop(s);
1232 s->status = READY_STAT;
1233 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
1234 ide_set_irq(s);
1235 #ifdef DEBUG_IDE_ATAPI
1236 printf("status=0x%x\n", s->status);
1237 #endif
1238 } else {
1239 /* see if a new sector must be read */
1240 if (s->lba != -1 && s->io_buffer_index >= s->cd_sector_size) {
1241 ret = cd_read_sector(s->bs, s->lba, s->io_buffer, s->cd_sector_size);
1242 if (ret < 0) {
1243 ide_transfer_stop(s);
1244 ide_atapi_io_error(s, ret);
1245 return;
1247 s->lba++;
1248 s->io_buffer_index = 0;
1250 if (s->elementary_transfer_size > 0) {
1251 /* there are some data left to transmit in this elementary
1252 transfer */
1253 size = s->cd_sector_size - s->io_buffer_index;
1254 if (size > s->elementary_transfer_size)
1255 size = s->elementary_transfer_size;
1256 ide_transfer_start(s, s->io_buffer + s->io_buffer_index,
1257 size, ide_atapi_cmd_reply_end);
1258 s->packet_transfer_size -= size;
1259 s->elementary_transfer_size -= size;
1260 s->io_buffer_index += size;
1261 } else {
1262 /* a new transfer is needed */
1263 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO;
1264 byte_count_limit = s->lcyl | (s->hcyl << 8);
1265 #ifdef DEBUG_IDE_ATAPI
1266 printf("byte_count_limit=%d\n", byte_count_limit);
1267 #endif
1268 if (byte_count_limit == 0xffff)
1269 byte_count_limit--;
1270 size = s->packet_transfer_size;
1271 if (size > byte_count_limit) {
1272 /* byte count limit must be even if this case */
1273 if (byte_count_limit & 1)
1274 byte_count_limit--;
1275 size = byte_count_limit;
1277 s->lcyl = size;
1278 s->hcyl = size >> 8;
1279 s->elementary_transfer_size = size;
1280 /* we cannot transmit more than one sector at a time */
1281 if (s->lba != -1) {
1282 if (size > (s->cd_sector_size - s->io_buffer_index))
1283 size = (s->cd_sector_size - s->io_buffer_index);
1285 ide_transfer_start(s, s->io_buffer + s->io_buffer_index,
1286 size, ide_atapi_cmd_reply_end);
1287 s->packet_transfer_size -= size;
1288 s->elementary_transfer_size -= size;
1289 s->io_buffer_index += size;
1290 ide_set_irq(s);
1291 #ifdef DEBUG_IDE_ATAPI
1292 printf("status=0x%x\n", s->status);
1293 #endif
1298 /* send a reply of 'size' bytes in s->io_buffer to an ATAPI command */
1299 static void ide_atapi_cmd_reply(IDEState *s, int size, int max_size)
1301 if (size > max_size)
1302 size = max_size;
1303 s->lba = -1; /* no sector read */
1304 s->packet_transfer_size = size;
1305 s->io_buffer_size = size; /* dma: send the reply data as one chunk */
1306 s->elementary_transfer_size = 0;
1307 s->io_buffer_index = 0;
1309 if (s->atapi_dma) {
1310 s->status = READY_STAT | DRQ_STAT;
1311 ide_dma_start(s, ide_atapi_cmd_read_dma_cb);
1312 } else {
1313 s->status = READY_STAT;
1314 ide_atapi_cmd_reply_end(s);
1318 /* start a CD-CDROM read command */
1319 static void ide_atapi_cmd_read_pio(IDEState *s, int lba, int nb_sectors,
1320 int sector_size)
1322 s->lba = lba;
1323 s->packet_transfer_size = nb_sectors * sector_size;
1324 s->elementary_transfer_size = 0;
1325 s->io_buffer_index = sector_size;
1326 s->cd_sector_size = sector_size;
1328 s->status = READY_STAT;
1329 ide_atapi_cmd_reply_end(s);
1332 /* ATAPI DMA support */
1334 /* XXX: handle read errors */
1335 static void ide_atapi_cmd_read_dma_cb(void *opaque, int ret)
1337 BMDMAState *bm = opaque;
1338 IDEState *s = bm->ide_if;
1339 int data_offset, n;
1341 if (!s->bs) return; /* yikes */
1343 if (ret < 0) {
1344 ide_atapi_io_error(s, ret);
1345 goto eot;
1348 if (s->io_buffer_size > 0) {
1349 /*
1350 * For a cdrom read sector command (s->lba != -1),
1351 * adjust the lba for the next s->io_buffer_size chunk
1352 * and dma the current chunk.
1353 * For a command != read (s->lba == -1), just transfer
1354 * the reply data.
1355 */
1356 if (s->lba != -1) {
1357 if (s->cd_sector_size == 2352) {
1358 n = 1;
1359 cd_data_to_raw(s->io_buffer, s->lba);
1360 } else {
1361 n = s->io_buffer_size >> 11;
1363 s->lba += n;
1365 s->packet_transfer_size -= s->io_buffer_size;
1366 if (dma_buf_rw(bm, 1) == 0)
1367 goto eot;
1370 if (s->packet_transfer_size <= 0) {
1371 s->status = READY_STAT;
1372 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
1373 ide_set_irq(s);
1374 eot:
1375 bm->status &= ~BM_STATUS_DMAING;
1376 bm->status |= BM_STATUS_INT;
1377 bm->dma_cb = NULL;
1378 bm->ide_if = NULL;
1379 bm->aiocb = NULL;
1380 return;
1383 s->io_buffer_index = 0;
1384 if (s->cd_sector_size == 2352) {
1385 n = 1;
1386 s->io_buffer_size = s->cd_sector_size;
1387 data_offset = 16;
1388 } else {
1389 n = s->packet_transfer_size >> 11;
1390 if (n > (IDE_DMA_BUF_SIZE / 2048))
1391 n = (IDE_DMA_BUF_SIZE / 2048);
1392 s->io_buffer_size = n * 2048;
1393 data_offset = 0;
1395 #ifdef DEBUG_AIO
1396 printf("aio_read_cd: lba=%u n=%d\n", s->lba, n);
1397 #endif
1398 bm->aiocb = bdrv_aio_read(s->bs, (int64_t)s->lba << 2,
1399 s->io_buffer + data_offset, n * 4,
1400 ide_atapi_cmd_read_dma_cb, bm);
1401 if (!bm->aiocb) {
1402 /* Note: media not present is the most likely case */
1403 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1404 ASC_MEDIUM_NOT_PRESENT);
1405 goto eot;
1409 /* start a CD-CDROM read command with DMA */
1410 /* XXX: test if DMA is available */
1411 static void ide_atapi_cmd_read_dma(IDEState *s, int lba, int nb_sectors,
1412 int sector_size)
1414 s->lba = lba;
1415 s->packet_transfer_size = nb_sectors * sector_size;
1416 s->io_buffer_index = 0;
1417 s->io_buffer_size = 0;
1418 s->cd_sector_size = sector_size;
1420 /* XXX: check if BUSY_STAT should be set */
1421 s->status = READY_STAT | DRQ_STAT | BUSY_STAT;
1422 ide_dma_start(s, ide_atapi_cmd_read_dma_cb);
1425 static void ide_atapi_cmd_read(IDEState *s, int lba, int nb_sectors,
1426 int sector_size)
1428 #ifdef DEBUG_IDE_ATAPI
1429 printf("read %s: LBA=%d nb_sectors=%d\n", s->atapi_dma ? "dma" : "pio",
1430 lba, nb_sectors);
1431 #endif
1432 if (s->atapi_dma) {
1433 ide_atapi_cmd_read_dma(s, lba, nb_sectors, sector_size);
1434 } else {
1435 ide_atapi_cmd_read_pio(s, lba, nb_sectors, sector_size);
1439 static void ide_atapi_cmd(IDEState *s)
1441 const uint8_t *packet;
1442 uint8_t *buf;
1443 int max_len;
1445 packet = s->io_buffer;
1446 buf = s->io_buffer;
1447 #ifdef DEBUG_IDE_ATAPI
1449 int i;
1450 printf("ATAPI limit=0x%x packet:", s->lcyl | (s->hcyl << 8));
1451 for(i = 0; i < ATAPI_PACKET_SIZE; i++) {
1452 printf(" %02x", packet[i]);
1454 printf("\n");
1456 #endif
1457 switch(s->io_buffer[0]) {
1458 case GPCMD_TEST_UNIT_READY:
1459 if (bdrv_is_inserted(s->bs)) {
1460 if (s->is_cdrom && s->sense_key == SENSE_NOT_READY) {
1461 ide_atapi_cmd_error(s, SENSE_UNIT_ATTENTION,
1462 ASC_MEDIUM_MAY_HAVE_CHANGED);
1463 break;
1465 ide_atapi_cmd_ok(s);
1466 } else {
1467 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1468 ASC_MEDIUM_NOT_PRESENT);
1469 xenstore_check_new_media_present(1000);
1471 break;
1472 case GPCMD_MODE_SENSE_10:
1474 int action, code;
1475 max_len = ube16_to_cpu(packet + 7);
1476 action = packet[2] >> 6;
1477 code = packet[2] & 0x3f;
1478 switch(action) {
1479 case 0: /* current values */
1480 switch(code) {
1481 case 0x01: /* error recovery */
1482 cpu_to_ube16(&buf[0], 16 + 6);
1483 buf[2] = 0x70;
1484 buf[3] = 0;
1485 buf[4] = 0;
1486 buf[5] = 0;
1487 buf[6] = 0;
1488 buf[7] = 0;
1490 buf[8] = 0x01;
1491 buf[9] = 0x06;
1492 buf[10] = 0x00;
1493 buf[11] = 0x05;
1494 buf[12] = 0x00;
1495 buf[13] = 0x00;
1496 buf[14] = 0x00;
1497 buf[15] = 0x00;
1498 ide_atapi_cmd_reply(s, 16, max_len);
1499 break;
1500 case 0x2a:
1501 cpu_to_ube16(&buf[0], 28 + 6);
1502 buf[2] = 0x70;
1503 buf[3] = 0;
1504 buf[4] = 0;
1505 buf[5] = 0;
1506 buf[6] = 0;
1507 buf[7] = 0;
1509 buf[8] = 0x2a;
1510 buf[9] = 0x12;
1511 buf[10] = 0x00;
1512 buf[11] = 0x00;
1514 buf[12] = 0x70;
1515 buf[13] = 3 << 5;
1516 buf[14] = (1 << 0) | (1 << 3) | (1 << 5);
1517 if (bdrv_is_locked(s->bs))
1518 buf[6] |= 1 << 1;
1519 buf[15] = 0x00;
1520 cpu_to_ube16(&buf[16], 706);
1521 buf[18] = 0;
1522 buf[19] = 2;
1523 cpu_to_ube16(&buf[20], 512);
1524 cpu_to_ube16(&buf[22], 706);
1525 buf[24] = 0;
1526 buf[25] = 0;
1527 buf[26] = 0;
1528 buf[27] = 0;
1529 ide_atapi_cmd_reply(s, 28, max_len);
1530 break;
1531 default:
1532 goto error_cmd;
1534 break;
1535 case 1: /* changeable values */
1536 goto error_cmd;
1537 case 2: /* default values */
1538 goto error_cmd;
1539 default:
1540 case 3: /* saved values */
1541 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1542 ASC_SAVING_PARAMETERS_NOT_SUPPORTED);
1543 break;
1546 break;
1547 case GPCMD_REQUEST_SENSE:
1548 max_len = packet[4];
1549 memset(buf, 0, 18);
1550 buf[0] = 0x70 | (1 << 7);
1551 buf[2] = s->sense_key;
1552 buf[7] = 10;
1553 buf[12] = s->asc;
1554 ide_atapi_cmd_reply(s, 18, max_len);
1555 break;
1556 case GPCMD_PREVENT_ALLOW_MEDIUM_REMOVAL:
1557 if (bdrv_is_inserted(s->bs)) {
1558 bdrv_set_locked(s->bs, packet[4] & 1);
1559 ide_atapi_cmd_ok(s);
1560 } else {
1561 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1562 ASC_MEDIUM_NOT_PRESENT);
1564 break;
1565 case GPCMD_READ_10:
1566 case GPCMD_READ_12:
1568 int nb_sectors, lba;
1570 if (packet[0] == GPCMD_READ_10)
1571 nb_sectors = ube16_to_cpu(packet + 7);
1572 else
1573 nb_sectors = ube32_to_cpu(packet + 6);
1574 lba = ube32_to_cpu(packet + 2);
1575 if (nb_sectors == 0) {
1576 ide_atapi_cmd_ok(s);
1577 break;
1579 ide_atapi_cmd_read(s, lba, nb_sectors, 2048);
1581 break;
1582 case GPCMD_READ_CD:
1584 int nb_sectors, lba, transfer_request;
1586 nb_sectors = (packet[6] << 16) | (packet[7] << 8) | packet[8];
1587 lba = ube32_to_cpu(packet + 2);
1588 if (nb_sectors == 0) {
1589 ide_atapi_cmd_ok(s);
1590 break;
1592 transfer_request = packet[9];
1593 switch(transfer_request & 0xf8) {
1594 case 0x00:
1595 /* nothing */
1596 ide_atapi_cmd_ok(s);
1597 break;
1598 case 0x10:
1599 /* normal read */
1600 ide_atapi_cmd_read(s, lba, nb_sectors, 2048);
1601 break;
1602 case 0xf8:
1603 /* read all data */
1604 ide_atapi_cmd_read(s, lba, nb_sectors, 2352);
1605 break;
1606 default:
1607 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1608 ASC_INV_FIELD_IN_CMD_PACKET);
1609 break;
1612 break;
1613 case GPCMD_SEEK:
1615 int lba;
1616 int64_t total_sectors;
1618 bdrv_get_geometry(s->bs, &total_sectors);
1619 total_sectors >>= 2;
1620 if (total_sectors <= 0) {
1621 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1622 ASC_MEDIUM_NOT_PRESENT);
1623 break;
1625 lba = ube32_to_cpu(packet + 2);
1626 if (lba >= total_sectors) {
1627 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1628 ASC_LOGICAL_BLOCK_OOR);
1629 break;
1631 ide_atapi_cmd_ok(s);
1633 break;
1634 case GPCMD_START_STOP_UNIT:
1636 int start, eject;
1637 start = packet[4] & 1;
1638 eject = (packet[4] >> 1) & 1;
1640 if (eject && !start) {
1641 /* eject the disk */
1642 bdrv_eject(s->bs, 1);
1643 } else if (eject && start) {
1644 /* close the tray */
1645 bdrv_eject(s->bs, 0);
1647 ide_atapi_cmd_ok(s);
1649 break;
1650 case GPCMD_MECHANISM_STATUS:
1652 max_len = ube16_to_cpu(packet + 8);
1653 cpu_to_ube16(buf, 0);
1654 /* no current LBA */
1655 buf[2] = 0;
1656 buf[3] = 0;
1657 buf[4] = 0;
1658 buf[5] = 1;
1659 cpu_to_ube16(buf + 6, 0);
1660 ide_atapi_cmd_reply(s, 8, max_len);
1662 break;
1663 case GPCMD_READ_TOC_PMA_ATIP:
1665 int format, msf, start_track, len;
1666 int64_t total_sectors;
1668 bdrv_get_geometry(s->bs, &total_sectors);
1669 total_sectors >>= 2;
1670 if (total_sectors <= 0) {
1671 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1672 ASC_MEDIUM_NOT_PRESENT);
1673 break;
1675 max_len = ube16_to_cpu(packet + 7);
1676 format = packet[9] >> 6;
1677 msf = (packet[1] >> 1) & 1;
1678 start_track = packet[6];
1679 switch(format) {
1680 case 0:
1681 len = cdrom_read_toc(total_sectors, buf, msf, start_track);
1682 if (len < 0)
1683 goto error_cmd;
1684 ide_atapi_cmd_reply(s, len, max_len);
1685 break;
1686 case 1:
1687 /* multi session : only a single session defined */
1688 memset(buf, 0, 12);
1689 buf[1] = 0x0a;
1690 buf[2] = 0x01;
1691 buf[3] = 0x01;
1692 ide_atapi_cmd_reply(s, 12, max_len);
1693 break;
1694 case 2:
1695 len = cdrom_read_toc_raw(total_sectors, buf, msf, start_track);
1696 if (len < 0)
1697 goto error_cmd;
1698 ide_atapi_cmd_reply(s, len, max_len);
1699 break;
1700 default:
1701 error_cmd:
1702 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1703 ASC_INV_FIELD_IN_CMD_PACKET);
1704 break;
1707 break;
1708 case GPCMD_READ_CDVD_CAPACITY:
1710 int64_t total_sectors;
1712 bdrv_get_geometry(s->bs, &total_sectors);
1713 total_sectors >>= 2;
1714 if (total_sectors <= 0) {
1715 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1716 ASC_MEDIUM_NOT_PRESENT);
1717 break;
1719 /* NOTE: it is really the number of sectors minus 1 */
1720 cpu_to_ube32(buf, total_sectors - 1);
1721 cpu_to_ube32(buf + 4, 2048);
1722 ide_atapi_cmd_reply(s, 8, 8);
1724 break;
1725 case GPCMD_INQUIRY:
1726 max_len = packet[4];
1727 buf[0] = 0x05; /* CD-ROM */
1728 buf[1] = 0x80; /* removable */
1729 buf[2] = 0x00; /* ISO */
1730 buf[3] = 0x21; /* ATAPI-2 (XXX: put ATAPI-4 ?) */
1731 buf[4] = 31; /* additionnal length */
1732 buf[5] = 0; /* reserved */
1733 buf[6] = 0; /* reserved */
1734 buf[7] = 0; /* reserved */
1735 padstr8(buf + 8, 8, "QEMU");
1736 padstr8(buf + 16, 16, "QEMU CD-ROM");
1737 padstr8(buf + 32, 4, QEMU_VERSION);
1738 ide_atapi_cmd_reply(s, 36, max_len);
1739 break;
1740 default:
1741 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1742 ASC_ILLEGAL_OPCODE);
1743 break;
1747 /* called when the inserted state of the media has changed */
1748 static void cdrom_change_cb(void *opaque)
1750 IDEState *s = opaque;
1751 int64_t nb_sectors;
1753 if (!s->bs) return; /* yikes */
1755 /* XXX: send interrupt too */
1756 bdrv_get_geometry(s->bs, &nb_sectors);
1757 s->nb_sectors = nb_sectors;
1760 static void ide_cmd_lba48_transform(IDEState *s, int lba48)
1762 s->lba48 = lba48;
1764 /* handle the 'magic' 0 nsector count conversion here. to avoid
1765 * fiddling with the rest of the read logic, we just store the
1766 * full sector count in ->nsector and ignore ->hob_nsector from now
1767 */
1768 if (!s->lba48) {
1769 if (!s->nsector)
1770 s->nsector = 256;
1771 } else {
1772 if (!s->nsector && !s->hob_nsector)
1773 s->nsector = 65536;
1774 else {
1775 int lo = s->nsector;
1776 int hi = s->hob_nsector;
1778 s->nsector = (hi << 8) | lo;
1783 static void ide_clear_hob(IDEState *ide_if)
1785 /* any write clears HOB high bit of device control register */
1786 ide_if[0].select &= ~(1 << 7);
1787 ide_if[1].select &= ~(1 << 7);
1790 static void ide_ioport_write(void *opaque, uint32_t addr, uint32_t val)
1792 IDEState *ide_if = opaque;
1793 IDEState *s;
1794 int unit, n;
1795 int lba48 = 0;
1796 int ret;
1798 #ifdef DEBUG_IDE
1799 printf("IDE: write addr=0x%x val=0x%02x\n", addr, val);
1800 #endif
1802 addr &= 7;
1803 switch(addr) {
1804 case 0:
1805 break;
1806 case 1:
1807 ide_clear_hob(ide_if);
1808 /* NOTE: data is written to the two drives */
1809 ide_if[0].hob_feature = ide_if[0].feature;
1810 ide_if[1].hob_feature = ide_if[1].feature;
1811 ide_if[0].feature = val;
1812 ide_if[1].feature = val;
1813 break;
1814 case 2:
1815 ide_clear_hob(ide_if);
1816 ide_if[0].hob_nsector = ide_if[0].nsector;
1817 ide_if[1].hob_nsector = ide_if[1].nsector;
1818 ide_if[0].nsector = val;
1819 ide_if[1].nsector = val;
1820 break;
1821 case 3:
1822 ide_clear_hob(ide_if);
1823 ide_if[0].hob_sector = ide_if[0].sector;
1824 ide_if[1].hob_sector = ide_if[1].sector;
1825 ide_if[0].sector = val;
1826 ide_if[1].sector = val;
1827 break;
1828 case 4:
1829 ide_clear_hob(ide_if);
1830 ide_if[0].hob_lcyl = ide_if[0].lcyl;
1831 ide_if[1].hob_lcyl = ide_if[1].lcyl;
1832 ide_if[0].lcyl = val;
1833 ide_if[1].lcyl = val;
1834 break;
1835 case 5:
1836 ide_clear_hob(ide_if);
1837 ide_if[0].hob_hcyl = ide_if[0].hcyl;
1838 ide_if[1].hob_hcyl = ide_if[1].hcyl;
1839 ide_if[0].hcyl = val;
1840 ide_if[1].hcyl = val;
1841 break;
1842 case 6:
1843 /* FIXME: HOB readback uses bit 7 */
1844 ide_if[0].select = (val & ~0x10) | 0xa0;
1845 ide_if[1].select = (val | 0x10) | 0xa0;
1846 /* select drive */
1847 buffered_pio_reset(ide_if->cur_drive);
1848 unit = (val >> 4) & 1;
1849 s = ide_if + unit;
1850 ide_if->cur_drive = s;
1851 break;
1852 default:
1853 case 7:
1854 /* command */
1855 #if defined(DEBUG_IDE)
1856 printf("ide: CMD=%02x\n", val);
1857 #endif
1858 s = ide_if->cur_drive;
1859 /* ignore commands to non existant device */
1860 if (!s->bs)
1861 break;
1863 switch(val) {
1864 case WIN_IDENTIFY:
1865 if (s->bs && !s->is_cdrom) {
1866 ide_identify(s);
1867 s->status = READY_STAT | SEEK_STAT;
1868 ide_transfer_start(s, s->io_buffer, 512, ide_transfer_stop);
1869 } else {
1870 if (s->is_cdrom) {
1871 ide_set_signature(s);
1873 ide_abort_command(s);
1875 ide_set_irq(s);
1876 break;
1877 case WIN_SPECIFY:
1878 case WIN_RECAL:
1879 s->error = 0;
1880 s->status = READY_STAT | SEEK_STAT;
1881 ide_set_irq(s);
1882 break;
1883 case WIN_SETMULT:
1884 if (s->nsector > MAX_MULT_SECTORS ||
1885 (s->nsector & (s->nsector - 1)) != 0) {
1886 ide_abort_command(s);
1887 } else {
1888 s->mult_sectors = s->nsector;
1889 s->status = READY_STAT;
1891 ide_set_irq(s);
1892 break;
1893 case WIN_VERIFY_EXT:
1894 lba48 = 1;
1895 case WIN_VERIFY:
1896 case WIN_VERIFY_ONCE:
1897 /* do sector number check ? */
1898 ide_cmd_lba48_transform(s, lba48);
1899 s->status = READY_STAT;
1900 ide_set_irq(s);
1901 break;
1902 case WIN_READ_EXT:
1903 lba48 = 1;
1904 case WIN_READ:
1905 case WIN_READ_ONCE:
1906 if (!s->bs)
1907 goto abort_cmd;
1908 ide_cmd_lba48_transform(s, lba48);
1909 s->req_nb_sectors = 1;
1910 ide_sector_read(s);
1911 break;
1912 case WIN_WRITE_EXT:
1913 lba48 = 1;
1914 case WIN_WRITE:
1915 case WIN_WRITE_ONCE:
1916 ide_cmd_lba48_transform(s, lba48);
1917 s->error = 0;
1918 s->status = SEEK_STAT | READY_STAT;
1919 s->req_nb_sectors = 1;
1920 ide_transfer_start(s, s->io_buffer, 512, ide_sector_write);
1921 break;
1922 case WIN_MULTREAD_EXT:
1923 lba48 = 1;
1924 case WIN_MULTREAD:
1925 if (!s->mult_sectors)
1926 goto abort_cmd;
1927 ide_cmd_lba48_transform(s, lba48);
1928 s->req_nb_sectors = s->mult_sectors;
1929 ide_sector_read(s);
1930 break;
1931 case WIN_MULTWRITE_EXT:
1932 lba48 = 1;
1933 case WIN_MULTWRITE:
1934 if (!s->mult_sectors)
1935 goto abort_cmd;
1936 ide_cmd_lba48_transform(s, lba48);
1937 s->error = 0;
1938 s->status = SEEK_STAT | READY_STAT;
1939 s->req_nb_sectors = s->mult_sectors;
1940 n = s->nsector;
1941 if (n > s->req_nb_sectors)
1942 n = s->req_nb_sectors;
1943 ide_transfer_start(s, s->io_buffer, 512 * n, ide_sector_write);
1944 break;
1945 case WIN_READDMA_EXT:
1946 lba48 = 1;
1947 case WIN_READDMA:
1948 case WIN_READDMA_ONCE:
1949 if (!s->bs)
1950 goto abort_cmd;
1951 ide_cmd_lba48_transform(s, lba48);
1952 ide_sector_read_dma(s);
1953 break;
1954 case WIN_WRITEDMA_EXT:
1955 lba48 = 1;
1956 case WIN_WRITEDMA:
1957 case WIN_WRITEDMA_ONCE:
1958 if (!s->bs)
1959 goto abort_cmd;
1960 ide_cmd_lba48_transform(s, lba48);
1961 ide_sector_write_dma(s);
1962 break;
1963 case WIN_READ_NATIVE_MAX_EXT:
1964 lba48 = 1;
1965 case WIN_READ_NATIVE_MAX:
1966 ide_cmd_lba48_transform(s, lba48);
1967 ide_set_sector(s, s->nb_sectors - 1);
1968 s->status = READY_STAT;
1969 ide_set_irq(s);
1970 break;
1971 case WIN_CHECKPOWERMODE1:
1972 s->nsector = 0xff; /* device active or idle */
1973 s->status = READY_STAT;
1974 ide_set_irq(s);
1975 break;
1976 case WIN_SETFEATURES:
1977 if (!s->bs)
1978 goto abort_cmd;
1979 /* XXX: valid for CDROM ? */
1980 switch(s->feature) {
1981 case 0x02: /* write cache enable */
1982 s->write_cache = 1;
1983 s->status = READY_STAT | SEEK_STAT;
1984 ide_set_irq(s);
1985 break;
1986 case 0x82: /* write cache disable */
1987 s->write_cache = 0;
1988 s->status = READY_STAT | SEEK_STAT;
1989 ide_set_irq(s);
1990 break;
1991 case 0xaa: /* read look-ahead enable */
1992 case 0x55: /* read look-ahead disable */
1993 case 0x42: /* EN_AAM: enable Automatic Acoustic Mode */
1994 case 0xc2: /* DIS_AAM: disable Automatic Acoustic Mode */
1995 case 0x85: /* DIS_APM: disable APM */
1996 s->status = READY_STAT | SEEK_STAT;
1997 ide_set_irq(s);
1998 break;
1999 case 0x03: { /* set transfer mode */
2000 uint8_t val = s->nsector & 0x07;
2002 switch (s->nsector >> 3) {
2003 case 0x00: /* pio default */
2004 case 0x01: /* pio mode */
2005 put_le16(s->identify_data + 63,0x07);
2006 put_le16(s->identify_data + 88,0x3f);
2007 break;
2008 case 0x04: /* mdma mode */
2009 put_le16(s->identify_data + 63,0x07 | (1 << (val + 8)));
2010 put_le16(s->identify_data + 88,0x3f);
2011 break;
2012 case 0x08: /* udma mode */
2013 put_le16(s->identify_data + 63,0x07);
2014 put_le16(s->identify_data + 88,0x3f | (1 << (val + 8)));
2015 break;
2016 default:
2017 goto abort_cmd;
2019 s->status = READY_STAT | SEEK_STAT;
2020 ide_set_irq(s);
2021 break;
2023 default:
2024 goto abort_cmd;
2026 break;
2027 case WIN_FLUSH_CACHE:
2028 case WIN_FLUSH_CACHE_EXT:
2029 s->status = BUSY_STAT;
2030 bdrv_aio_flush(s->bs, ide_flush_cb, s);
2031 break;
2032 case WIN_IDLEIMMEDIATE:
2033 case WIN_STANDBY:
2034 case WIN_SETIDLE1:
2035 case WIN_STANDBYNOW1:
2036 case WIN_SLEEPNOW1:
2037 case WIN_STANDBY2:
2038 case WIN_SETIDLE2:
2039 case WIN_STANDBYNOW2:
2040 case WIN_SLEEPNOW2:
2041 s->status = READY_STAT;
2042 ide_set_irq(s);
2043 break;
2044 /* ATAPI commands */
2045 case WIN_PIDENTIFY:
2046 if (s->is_cdrom) {
2047 ide_atapi_identify(s);
2048 s->status = READY_STAT | SEEK_STAT;
2049 ide_transfer_start(s, s->io_buffer, 512, ide_transfer_stop);
2050 } else {
2051 ide_abort_command(s);
2053 ide_set_irq(s);
2054 break;
2055 case WIN_DIAGNOSE:
2056 ide_set_signature(s);
2057 s->status = 0x00; /* NOTE: READY is _not_ set */
2058 s->error = 0x01;
2059 break;
2060 case WIN_SRST:
2061 if (!s->is_cdrom)
2062 goto abort_cmd;
2063 ide_set_signature(s);
2064 s->status = 0x00; /* NOTE: READY is _not_ set */
2065 s->error = 0x01;
2066 break;
2067 case WIN_PACKETCMD:
2068 if (!s->is_cdrom)
2069 goto abort_cmd;
2070 /* overlapping commands not supported */
2071 if (s->feature & 0x02)
2072 goto abort_cmd;
2073 s->status = READY_STAT;
2074 s->atapi_dma = s->feature & 1;
2075 s->nsector = 1;
2076 ide_transfer_start(s, s->io_buffer, ATAPI_PACKET_SIZE,
2077 ide_atapi_cmd);
2078 break;
2079 default:
2080 abort_cmd:
2081 ide_abort_command(s);
2082 ide_set_irq(s);
2083 break;
2088 static uint32_t ide_ioport_read(void *opaque, uint32_t addr1)
2090 IDEState *ide_if = opaque;
2091 IDEState *s = ide_if->cur_drive;
2092 uint32_t addr;
2093 int ret, hob;
2095 addr = addr1 & 7;
2096 /* FIXME: HOB readback uses bit 7, but it's always set right now */
2097 //hob = s->select & (1 << 7);
2098 hob = 0;
2099 switch(addr) {
2100 case 0:
2101 ret = 0xff;
2102 break;
2103 case 1:
2104 if (!ide_if[0].bs && !ide_if[1].bs)
2105 ret = 0;
2106 else if (!hob)
2107 ret = s->error;
2108 else
2109 ret = s->hob_feature;
2110 break;
2111 case 2:
2112 if (!ide_if[0].bs && !ide_if[1].bs)
2113 ret = 0;
2114 else if (!hob)
2115 ret = s->nsector & 0xff;
2116 else
2117 ret = s->hob_nsector;
2118 break;
2119 case 3:
2120 if (!ide_if[0].bs && !ide_if[1].bs)
2121 ret = 0;
2122 else if (!hob)
2123 ret = s->sector;
2124 else
2125 ret = s->hob_sector;
2126 break;
2127 case 4:
2128 if (!ide_if[0].bs && !ide_if[1].bs)
2129 ret = 0;
2130 else if (!hob)
2131 ret = s->lcyl;
2132 else
2133 ret = s->hob_lcyl;
2134 break;
2135 case 5:
2136 if (!ide_if[0].bs && !ide_if[1].bs)
2137 ret = 0;
2138 else if (!hob)
2139 ret = s->hcyl;
2140 else
2141 ret = s->hob_hcyl;
2142 break;
2143 case 6:
2144 if (!ide_if[0].bs && !ide_if[1].bs)
2145 ret = 0;
2146 else
2147 ret = s->select;
2148 break;
2149 default:
2150 case 7:
2151 if ((!ide_if[0].bs && !ide_if[1].bs) ||
2152 (s != ide_if && !s->bs))
2153 ret = 0;
2154 else
2155 ret = s->status;
2156 s->set_irq(s->irq_opaque, s->irq, 0);
2157 break;
2159 #ifdef DEBUG_IDE
2160 printf("ide: read addr=0x%x val=%02x\n", addr1, ret);
2161 #endif
2162 return ret;
2165 static uint32_t ide_status_read(void *opaque, uint32_t addr)
2167 IDEState *ide_if = opaque;
2168 IDEState *s = ide_if->cur_drive;
2169 int ret;
2171 if ((!ide_if[0].bs && !ide_if[1].bs) ||
2172 (s != ide_if && !s->bs))
2173 ret = 0;
2174 else
2175 ret = s->status;
2176 #ifdef DEBUG_IDE
2177 printf("ide: read status addr=0x%x val=%02x\n", addr, ret);
2178 #endif
2179 return ret;
2182 static void ide_cmd_write(void *opaque, uint32_t addr, uint32_t val)
2184 IDEState *ide_if = opaque;
2185 IDEState *s;
2186 int i;
2188 #ifdef DEBUG_IDE
2189 printf("ide: write control addr=0x%x val=%02x\n", addr, val);
2190 #endif
2191 /* common for both drives */
2192 if (!(ide_if[0].cmd & IDE_CMD_RESET) &&
2193 (val & IDE_CMD_RESET)) {
2194 /* reset low to high */
2195 for(i = 0;i < 2; i++) {
2196 s = &ide_if[i];
2197 s->status = BUSY_STAT | SEEK_STAT;
2198 s->error = 0x01;
2200 } else if ((ide_if[0].cmd & IDE_CMD_RESET) &&
2201 !(val & IDE_CMD_RESET)) {
2202 /* high to low */
2203 for(i = 0;i < 2; i++) {
2204 s = &ide_if[i];
2205 if (s->is_cdrom)
2206 s->status = 0x00; /* NOTE: READY is _not_ set */
2207 else
2208 s->status = READY_STAT | SEEK_STAT;
2209 ide_set_signature(s);
2213 ide_if[0].cmd = val;
2214 ide_if[1].cmd = val;
2217 static void ide_data_writew(void *opaque, uint32_t addr, uint32_t val)
2219 IDEState *s = ((IDEState *)opaque)->cur_drive;
2220 uint8_t *p;
2222 buffered_pio_write(s, addr, 2);
2223 p = s->data_ptr;
2224 *(uint16_t *)p = le16_to_cpu(val);
2225 p += 2;
2226 s->data_ptr = p;
2227 if (p >= s->data_end)
2228 s->end_transfer_func(s);
2231 static uint32_t ide_data_readw(void *opaque, uint32_t addr)
2233 IDEState *s = ((IDEState *)opaque)->cur_drive;
2234 uint8_t *p;
2235 int ret;
2237 buffered_pio_read(s, addr, 2);
2238 p = s->data_ptr;
2239 ret = cpu_to_le16(*(uint16_t *)p);
2240 p += 2;
2241 s->data_ptr = p;
2242 if (p >= s->data_end)
2243 s->end_transfer_func(s);
2244 return ret;
2247 static void ide_data_writel(void *opaque, uint32_t addr, uint32_t val)
2249 IDEState *s = ((IDEState *)opaque)->cur_drive;
2250 uint8_t *p;
2252 buffered_pio_write(s, addr, 4);
2253 p = s->data_ptr;
2254 *(uint32_t *)p = le32_to_cpu(val);
2255 p += 4;
2256 s->data_ptr = p;
2257 if (p >= s->data_end)
2258 s->end_transfer_func(s);
2261 static uint32_t ide_data_readl(void *opaque, uint32_t addr)
2263 IDEState *s = ((IDEState *)opaque)->cur_drive;
2264 uint8_t *p;
2265 int ret;
2267 buffered_pio_read(s, addr, 4);
2268 p = s->data_ptr;
2269 ret = cpu_to_le32(*(uint32_t *)p);
2270 p += 4;
2271 s->data_ptr = p;
2272 if (p >= s->data_end)
2273 s->end_transfer_func(s);
2274 return ret;
2277 static void ide_dummy_transfer_stop(IDEState *s)
2279 s->data_ptr = s->io_buffer;
2280 s->data_end = s->io_buffer;
2281 s->io_buffer[0] = 0xff;
2282 s->io_buffer[1] = 0xff;
2283 s->io_buffer[2] = 0xff;
2284 s->io_buffer[3] = 0xff;
2287 static void ide_reset(IDEState *s)
2289 s->mult_sectors = MAX_MULT_SECTORS;
2290 s->cur_drive = s;
2291 s->select = 0xa0;
2292 s->status = READY_STAT;
2293 ide_set_signature(s);
2294 /* init the transfer handler so that 0xffff is returned on data
2295 accesses */
2296 s->end_transfer_func = ide_dummy_transfer_stop;
2297 ide_dummy_transfer_stop(s);
2300 struct partition {
2301 uint8_t boot_ind; /* 0x80 - active */
2302 uint8_t head; /* starting head */
2303 uint8_t sector; /* starting sector */
2304 uint8_t cyl; /* starting cylinder */
2305 uint8_t sys_ind; /* What partition type */
2306 uint8_t end_head; /* end head */
2307 uint8_t end_sector; /* end sector */
2308 uint8_t end_cyl; /* end cylinder */
2309 uint32_t start_sect; /* starting sector counting from 0 */
2310 uint32_t nr_sects; /* nr of sectors in partition */
2311 } __attribute__((packed));
2313 /* try to guess the disk logical geometry from the MSDOS partition table. Return 0 if OK, -1 if could not guess */
2314 static int guess_disk_lchs(IDEState *s,
2315 int *pcylinders, int *pheads, int *psectors)
2317 uint8_t buf[512];
2318 int ret, i, heads, sectors, cylinders;
2319 struct partition *p;
2320 uint32_t nr_sects;
2322 ret = bdrv_read(s->bs, 0, buf, 1);
2323 if (ret < 0)
2324 return -1;
2325 /* test msdos magic */
2326 if (buf[510] != 0x55 || buf[511] != 0xaa)
2327 return -1;
2328 for(i = 0; i < 4; i++) {
2329 p = ((struct partition *)(buf + 0x1be)) + i;
2330 nr_sects = le32_to_cpu(p->nr_sects);
2331 if (nr_sects && p->end_head) {
2332 /* We make the assumption that the partition terminates on
2333 a cylinder boundary */
2334 heads = p->end_head + 1;
2335 sectors = p->end_sector & 63;
2336 if (sectors == 0)
2337 continue;
2338 cylinders = s->nb_sectors / (heads * sectors);
2339 if (cylinders < 1 || cylinders > 16383)
2340 continue;
2341 *pheads = heads;
2342 *psectors = sectors;
2343 *pcylinders = cylinders;
2344 #if 0
2345 printf("guessed geometry: LCHS=%d %d %d\n",
2346 cylinders, heads, sectors);
2347 #endif
2348 return 0;
2351 return -1;
2354 static void ide_init2(IDEState *ide_state,
2355 BlockDriverState *hd0, BlockDriverState *hd1,
2356 SetIRQFunc *set_irq, void *irq_opaque, int irq)
2358 IDEState *s;
2359 static int drive_serial = 1;
2360 int i, cylinders, heads, secs, translation, lba_detected = 0;
2361 int64_t nb_sectors;
2363 for(i = 0; i < 2; i++) {
2364 s = ide_state + i;
2365 s->io_buffer = qemu_memalign(getpagesize(), IDE_DMA_BUF_SIZE + 4);
2366 if (i == 0)
2367 s->bs = hd0;
2368 else
2369 s->bs = hd1;
2370 if (s->bs) {
2371 bdrv_get_geometry(s->bs, &nb_sectors);
2372 s->nb_sectors = nb_sectors;
2373 /* if a geometry hint is available, use it */
2374 bdrv_get_geometry_hint(s->bs, &cylinders, &heads, &secs);
2375 translation = bdrv_get_translation_hint(s->bs);
2376 if (cylinders != 0) {
2377 s->cylinders = cylinders;
2378 s->heads = heads;
2379 s->sectors = secs;
2380 } else {
2381 if (guess_disk_lchs(s, &cylinders, &heads, &secs) == 0) {
2382 if (heads > 16) {
2383 /* if heads > 16, it means that a BIOS LBA
2384 translation was active, so the default
2385 hardware geometry is OK */
2386 lba_detected = 1;
2387 goto default_geometry;
2388 } else {
2389 s->cylinders = cylinders;
2390 s->heads = heads;
2391 s->sectors = secs;
2392 /* disable any translation to be in sync with
2393 the logical geometry */
2394 if (translation == BIOS_ATA_TRANSLATION_AUTO) {
2395 bdrv_set_translation_hint(s->bs,
2396 BIOS_ATA_TRANSLATION_NONE);
2399 } else {
2400 default_geometry:
2401 /* if no geometry, use a standard physical disk geometry */
2402 cylinders = nb_sectors / (16 * 63);
2403 if (cylinders > 16383)
2404 cylinders = 16383;
2405 else if (cylinders < 2)
2406 cylinders = 2;
2407 s->cylinders = cylinders;
2408 s->heads = 16;
2409 s->sectors = 63;
2410 if ((lba_detected == 1) && (translation == BIOS_ATA_TRANSLATION_AUTO)) {
2411 if ((s->cylinders * s->heads) <= 131072) {
2412 bdrv_set_translation_hint(s->bs,
2413 BIOS_ATA_TRANSLATION_LARGE);
2414 } else {
2415 bdrv_set_translation_hint(s->bs,
2416 BIOS_ATA_TRANSLATION_LBA);
2420 bdrv_set_geometry_hint(s->bs, s->cylinders, s->heads, s->sectors);
2422 if (bdrv_get_type_hint(s->bs) == BDRV_TYPE_CDROM) {
2423 s->is_cdrom = 1;
2424 bdrv_set_change_cb(s->bs, cdrom_change_cb, s);
2427 s->drive_serial = drive_serial++;
2428 s->set_irq = set_irq;
2429 s->irq_opaque = irq_opaque;
2430 s->irq = irq;
2431 s->sector_write_timer = qemu_new_timer(vm_clock,
2432 ide_sector_write_timer_cb, s);
2433 s->write_cache = 0;
2434 ide_reset(s);
2438 static void ide_init_ioport(IDEState *ide_state, int iobase, int iobase2)
2440 register_ioport_write(iobase, 8, 1, ide_ioport_write, ide_state);
2441 register_ioport_read(iobase, 8, 1, ide_ioport_read, ide_state);
2442 if (iobase2) {
2443 register_ioport_read(iobase2, 1, 1, ide_status_read, ide_state);
2444 register_ioport_write(iobase2, 1, 1, ide_cmd_write, ide_state);
2447 /* data ports */
2448 register_ioport_write(iobase, 2, 2, ide_data_writew, ide_state);
2449 register_ioport_read(iobase, 2, 2, ide_data_readw, ide_state);
2450 register_ioport_write(iobase, 4, 4, ide_data_writel, ide_state);
2451 register_ioport_read(iobase, 4, 4, ide_data_readl, ide_state);
2454 /***********************************************************/
2455 /* ISA IDE definitions */
2457 void isa_ide_init(int iobase, int iobase2, int irq,
2458 BlockDriverState *hd0, BlockDriverState *hd1)
2460 IDEState *ide_state;
2462 ide_state = qemu_mallocz(sizeof(IDEState) * 2);
2463 if (!ide_state)
2464 return;
2466 ide_init2(ide_state, hd0, hd1, pic_set_irq_new, isa_pic, irq);
2467 ide_init_ioport(ide_state, iobase, iobase2);
2470 /***********************************************************/
2471 /* PCI IDE definitions */
2473 static void cmd646_update_irq(PCIIDEState *d);
2475 static void ide_map(PCIDevice *pci_dev, int region_num,
2476 uint32_t addr, uint32_t size, int type)
2478 PCIIDEState *d = (PCIIDEState *)pci_dev;
2479 IDEState *ide_state;
2481 if (region_num <= 3) {
2482 ide_state = &d->ide_if[(region_num >> 1) * 2];
2483 if (region_num & 1) {
2484 register_ioport_read(addr + 2, 1, 1, ide_status_read, ide_state);
2485 register_ioport_write(addr + 2, 1, 1, ide_cmd_write, ide_state);
2486 } else {
2487 register_ioport_write(addr, 8, 1, ide_ioport_write, ide_state);
2488 register_ioport_read(addr, 8, 1, ide_ioport_read, ide_state);
2490 /* data ports */
2491 register_ioport_write(addr, 2, 2, ide_data_writew, ide_state);
2492 register_ioport_read(addr, 2, 2, ide_data_readw, ide_state);
2493 register_ioport_write(addr, 4, 4, ide_data_writel, ide_state);
2494 register_ioport_read(addr, 4, 4, ide_data_readl, ide_state);
2499 static void ide_dma_start(IDEState *s, BlockDriverCompletionFunc *dma_cb)
2501 BMDMAState *bm = s->bmdma;
2502 if(!bm)
2503 return;
2504 bm->ide_if = s;
2505 bm->dma_cb = dma_cb;
2506 bm->cur_prd_last = 0;
2507 bm->cur_prd_addr = 0;
2508 bm->cur_prd_len = 0;
2509 if (bm->status & BM_STATUS_DMAING) {
2510 bm->dma_cb(bm, 0);
2514 static void bmdma_cmd_writeb(void *opaque, uint32_t addr, uint32_t val)
2516 BMDMAState *bm = opaque;
2517 #ifdef DEBUG_IDE
2518 printf("%s: 0x%08x\n", __func__, val);
2519 #endif
2520 if (!(val & BM_CMD_START)) {
2521 /* XXX: do it better */
2522 if (bm->status & BM_STATUS_DMAING) {
2523 bm->status &= ~BM_STATUS_DMAING;
2524 /* cancel DMA request */
2525 bm->ide_if = NULL;
2526 bm->dma_cb = NULL;
2527 if (bm->aiocb) {
2528 #ifdef DEBUG_AIO
2529 printf("aio_cancel\n");
2530 #endif
2531 bdrv_aio_cancel(bm->aiocb);
2532 bm->aiocb = NULL;
2535 bm->cmd = val & 0x09;
2536 } else {
2537 if (!(bm->status & BM_STATUS_DMAING)) {
2538 bm->status |= BM_STATUS_DMAING;
2539 /* start dma transfer if possible */
2540 if (bm->dma_cb)
2541 bm->dma_cb(bm, 0);
2543 bm->cmd = val & 0x09;
2547 static uint32_t bmdma_readb(void *opaque, uint32_t addr)
2549 BMDMAState *bm = opaque;
2550 PCIIDEState *pci_dev;
2551 uint32_t val;
2553 switch(addr & 3) {
2554 case 0:
2555 val = bm->cmd;
2556 break;
2557 case 1:
2558 pci_dev = bm->pci_dev;
2559 if (pci_dev->type == IDE_TYPE_CMD646) {
2560 val = pci_dev->dev.config[MRDMODE];
2561 } else {
2562 val = 0xff;
2564 break;
2565 case 2:
2566 val = bm->status;
2567 break;
2568 case 3:
2569 pci_dev = bm->pci_dev;
2570 if (pci_dev->type == IDE_TYPE_CMD646) {
2571 if (bm == &pci_dev->bmdma[0])
2572 val = pci_dev->dev.config[UDIDETCR0];
2573 else
2574 val = pci_dev->dev.config[UDIDETCR1];
2575 } else {
2576 val = 0xff;
2578 break;
2579 default:
2580 val = 0xff;
2581 break;
2583 #ifdef DEBUG_IDE
2584 printf("bmdma: readb 0x%02x : 0x%02x\n", addr, val);
2585 #endif
2586 return val;
2589 static void bmdma_writeb(void *opaque, uint32_t addr, uint32_t val)
2591 BMDMAState *bm = opaque;
2592 PCIIDEState *pci_dev;
2593 #ifdef DEBUG_IDE
2594 printf("bmdma: writeb 0x%02x : 0x%02x\n", addr, val);
2595 #endif
2596 switch(addr & 3) {
2597 case 1:
2598 pci_dev = bm->pci_dev;
2599 if (pci_dev->type == IDE_TYPE_CMD646) {
2600 pci_dev->dev.config[MRDMODE] =
2601 (pci_dev->dev.config[MRDMODE] & ~0x30) | (val & 0x30);
2602 cmd646_update_irq(pci_dev);
2604 break;
2605 case 2:
2606 bm->status = (val & 0x60) | (bm->status & 1) | (bm->status & ~val & 0x06);
2607 break;
2608 case 3:
2609 pci_dev = bm->pci_dev;
2610 if (pci_dev->type == IDE_TYPE_CMD646) {
2611 if (bm == &pci_dev->bmdma[0])
2612 pci_dev->dev.config[UDIDETCR0] = val;
2613 else
2614 pci_dev->dev.config[UDIDETCR1] = val;
2616 break;
2620 static uint32_t bmdma_addr_readl(void *opaque, uint32_t addr)
2622 BMDMAState *bm = opaque;
2623 uint32_t val;
2624 val = bm->addr;
2625 #ifdef DEBUG_IDE
2626 printf("%s: 0x%08x\n", __func__, val);
2627 #endif
2628 return val;
2631 static void bmdma_addr_writel(void *opaque, uint32_t addr, uint32_t val)
2633 BMDMAState *bm = opaque;
2634 #ifdef DEBUG_IDE
2635 printf("%s: 0x%08x\n", __func__, val);
2636 #endif
2637 bm->addr = val & ~3;
2638 bm->cur_addr = bm->addr;
2641 static void bmdma_map(PCIDevice *pci_dev, int region_num,
2642 uint32_t addr, uint32_t size, int type)
2644 PCIIDEState *d = (PCIIDEState *)pci_dev;
2645 int i;
2647 for(i = 0;i < 2; i++) {
2648 BMDMAState *bm = &d->bmdma[i];
2649 d->ide_if[2 * i].bmdma = bm;
2650 d->ide_if[2 * i + 1].bmdma = bm;
2651 bm->pci_dev = (PCIIDEState *)pci_dev;
2653 register_ioport_write(addr, 1, 1, bmdma_cmd_writeb, bm);
2655 register_ioport_write(addr + 1, 3, 1, bmdma_writeb, bm);
2656 register_ioport_read(addr, 4, 1, bmdma_readb, bm);
2658 register_ioport_write(addr + 4, 4, 4, bmdma_addr_writel, bm);
2659 register_ioport_read(addr + 4, 4, 4, bmdma_addr_readl, bm);
2660 addr += 8;
2664 /* XXX: call it also when the MRDMODE is changed from the PCI config
2665 registers */
2666 static void cmd646_update_irq(PCIIDEState *d)
2668 int pci_level;
2669 pci_level = ((d->dev.config[MRDMODE] & MRDMODE_INTR_CH0) &&
2670 !(d->dev.config[MRDMODE] & MRDMODE_BLK_CH0)) ||
2671 ((d->dev.config[MRDMODE] & MRDMODE_INTR_CH1) &&
2672 !(d->dev.config[MRDMODE] & MRDMODE_BLK_CH1));
2673 pci_set_irq((PCIDevice *)d, 0, pci_level);
2676 /* the PCI irq level is the logical OR of the two channels */
2677 static void cmd646_set_irq(void *opaque, int channel, int level)
2679 PCIIDEState *d = opaque;
2680 int irq_mask;
2682 irq_mask = MRDMODE_INTR_CH0 << channel;
2683 if (level)
2684 d->dev.config[MRDMODE] |= irq_mask;
2685 else
2686 d->dev.config[MRDMODE] &= ~irq_mask;
2687 cmd646_update_irq(d);
2690 /* CMD646 PCI IDE controller */
2691 void pci_cmd646_ide_init(PCIBus *bus, BlockDriverState **hd_table,
2692 int secondary_ide_enabled)
2694 PCIIDEState *d;
2695 uint8_t *pci_conf;
2696 int i;
2698 d = (PCIIDEState *)pci_register_device(bus, "CMD646 IDE",
2699 sizeof(PCIIDEState),
2700 -1,
2701 NULL, NULL);
2702 d->type = IDE_TYPE_CMD646;
2703 pci_conf = d->dev.config;
2704 pci_conf[0x00] = 0x95; // CMD646
2705 pci_conf[0x01] = 0x10;
2706 pci_conf[0x02] = 0x46;
2707 pci_conf[0x03] = 0x06;
2709 pci_conf[0x08] = 0x07; // IDE controller revision
2710 pci_conf[0x09] = 0x8f;
2712 pci_conf[0x0a] = 0x01; // class_sub = PCI_IDE
2713 pci_conf[0x0b] = 0x01; // class_base = PCI_mass_storage
2714 pci_conf[0x0e] = 0x00; // header_type
2716 if (secondary_ide_enabled) {
2717 /* XXX: if not enabled, really disable the seconday IDE controller */
2718 pci_conf[0x51] = 0x80; /* enable IDE1 */
2721 pci_register_io_region((PCIDevice *)d, 0, 0x8,
2722 PCI_ADDRESS_SPACE_IO, ide_map);
2723 pci_register_io_region((PCIDevice *)d, 1, 0x4,
2724 PCI_ADDRESS_SPACE_IO, ide_map);
2725 pci_register_io_region((PCIDevice *)d, 2, 0x8,
2726 PCI_ADDRESS_SPACE_IO, ide_map);
2727 pci_register_io_region((PCIDevice *)d, 3, 0x4,
2728 PCI_ADDRESS_SPACE_IO, ide_map);
2729 pci_register_io_region((PCIDevice *)d, 4, 0x10,
2730 PCI_ADDRESS_SPACE_IO, bmdma_map);
2732 pci_conf[0x3d] = 0x01; // interrupt on pin 1
2734 for(i = 0; i < 4; i++)
2735 d->ide_if[i].pci_dev = (PCIDevice *)d;
2736 ide_init2(&d->ide_if[0], hd_table[0], hd_table[1],
2737 cmd646_set_irq, d, 0);
2738 ide_init2(&d->ide_if[2], hd_table[2], hd_table[3],
2739 cmd646_set_irq, d, 1);
2742 static void pci_ide_save(QEMUFile* f, void *opaque)
2744 PCIIDEState *d = opaque;
2745 int i;
2747 pci_device_save(&d->dev, f);
2749 for(i = 0; i < 2; i++) {
2750 BMDMAState *bm = &d->bmdma[i];
2751 qemu_put_8s(f, &bm->cmd);
2752 qemu_put_8s(f, &bm->status);
2753 qemu_put_be32s(f, &bm->addr);
2754 /* XXX: if a transfer is pending, we do not save it yet */
2757 /* per IDE interface data */
2758 for(i = 0; i < 2; i++) {
2759 IDEState *s = &d->ide_if[i * 2];
2760 uint8_t drive1_selected;
2761 qemu_put_8s(f, &s->cmd);
2762 drive1_selected = (s->cur_drive != s);
2763 qemu_put_8s(f, &drive1_selected);
2766 /* per IDE drive data */
2767 for(i = 0; i < 4; i++) {
2768 IDEState *s = &d->ide_if[i];
2769 qemu_put_be32s(f, &s->mult_sectors);
2770 qemu_put_be32s(f, &s->identify_set);
2771 if (s->identify_set) {
2772 qemu_put_buffer(f, (const uint8_t *)s->identify_data, 512);
2774 qemu_put_8s(f, &s->write_cache);
2775 qemu_put_8s(f, &s->feature);
2776 qemu_put_8s(f, &s->error);
2777 qemu_put_be32s(f, &s->nsector);
2778 qemu_put_8s(f, &s->sector);
2779 qemu_put_8s(f, &s->lcyl);
2780 qemu_put_8s(f, &s->hcyl);
2781 qemu_put_8s(f, &s->hob_feature);
2782 qemu_put_8s(f, &s->hob_nsector);
2783 qemu_put_8s(f, &s->hob_sector);
2784 qemu_put_8s(f, &s->hob_lcyl);
2785 qemu_put_8s(f, &s->hob_hcyl);
2786 qemu_put_8s(f, &s->select);
2787 qemu_put_8s(f, &s->status);
2788 qemu_put_8s(f, &s->lba48);
2790 qemu_put_8s(f, &s->sense_key);
2791 qemu_put_8s(f, &s->asc);
2792 /* XXX: if a transfer is pending, we do not save it yet */
2796 static int pci_ide_load(QEMUFile* f, void *opaque, int version_id)
2798 PCIIDEState *d = opaque;
2799 int ret, i;
2801 if (version_id != 1 && version_id != 2)
2802 return -EINVAL;
2803 ret = pci_device_load(&d->dev, f);
2804 if (ret < 0)
2805 return ret;
2807 for(i = 0; i < 2; i++) {
2808 BMDMAState *bm = &d->bmdma[i];
2809 qemu_get_8s(f, &bm->cmd);
2810 qemu_get_8s(f, &bm->status);
2811 qemu_get_be32s(f, &bm->addr);
2812 /* XXX: if a transfer is pending, we do not save it yet */
2815 /* per IDE interface data */
2816 for(i = 0; i < 2; i++) {
2817 IDEState *s = &d->ide_if[i * 2];
2818 uint8_t drive1_selected;
2819 qemu_get_8s(f, &s->cmd);
2820 qemu_get_8s(f, &drive1_selected);
2821 s->cur_drive = &d->ide_if[i * 2 + (drive1_selected != 0)];
2824 /* per IDE drive data */
2825 for(i = 0; i < 4; i++) {
2826 IDEState *s = &d->ide_if[i];
2827 qemu_get_be32s(f, &s->mult_sectors);
2828 qemu_get_be32s(f, &s->identify_set);
2829 if (s->identify_set) {
2830 qemu_get_buffer(f, (uint8_t *)s->identify_data, 512);
2832 if (version_id >= 2)
2833 qemu_get_8s(f, &s->write_cache);
2834 qemu_get_8s(f, &s->feature);
2835 qemu_get_8s(f, &s->error);
2836 qemu_get_be32s(f, &s->nsector);
2837 qemu_get_8s(f, &s->sector);
2838 qemu_get_8s(f, &s->lcyl);
2839 qemu_get_8s(f, &s->hcyl);
2840 qemu_get_8s(f, &s->hob_feature);
2841 qemu_get_8s(f, &s->hob_nsector);
2842 qemu_get_8s(f, &s->hob_sector);
2843 qemu_get_8s(f, &s->hob_lcyl);
2844 qemu_get_8s(f, &s->hob_hcyl);
2845 qemu_get_8s(f, &s->select);
2846 qemu_get_8s(f, &s->status);
2847 qemu_get_8s(f, &s->lba48);
2849 qemu_get_8s(f, &s->sense_key);
2850 qemu_get_8s(f, &s->asc);
2851 /* XXX: if a transfer is pending, we do not save it yet */
2853 return 0;
2856 static void piix3_reset(PCIIDEState *d)
2858 uint8_t *pci_conf = d->dev.config;
2860 pci_conf[0x04] = 0x00;
2861 pci_conf[0x05] = 0x00;
2862 pci_conf[0x06] = 0x80; /* FBC */
2863 pci_conf[0x07] = 0x02; // PCI_status_devsel_medium
2864 pci_conf[0x20] = 0x01; /* BMIBA: 20-23h */
2867 void pci_piix_ide_init(PCIBus *bus, BlockDriverState **hd_table, int devfn)
2869 PCIIDEState *d;
2870 uint8_t *pci_conf;
2872 /* register a function 1 of PIIX */
2873 d = (PCIIDEState *)pci_register_device(bus, "PIIX IDE",
2874 sizeof(PCIIDEState),
2875 devfn,
2876 NULL, NULL);
2877 d->type = IDE_TYPE_PIIX3;
2879 pci_conf = d->dev.config;
2880 pci_conf[0x00] = 0x86; // Intel
2881 pci_conf[0x01] = 0x80;
2882 pci_conf[0x02] = 0x30;
2883 pci_conf[0x03] = 0x12;
2884 pci_conf[0x08] = 0x02; // Step A1
2885 pci_conf[0x09] = 0x80; // legacy ATA mode
2886 pci_conf[0x0a] = 0x01; // class_sub = PCI_IDE
2887 pci_conf[0x0b] = 0x01; // class_base = PCI_mass_storage
2888 pci_conf[0x0e] = 0x00; // header_type
2889 pci_conf[0x2c] = 0x53; /* subsystem vendor: XenSource */
2890 pci_conf[0x2d] = 0x58;
2891 pci_conf[0x2e] = 0x01; /* subsystem device */
2892 pci_conf[0x2f] = 0x00;
2894 piix3_reset(d);
2896 pci_register_io_region((PCIDevice *)d, 4, 0x10,
2897 PCI_ADDRESS_SPACE_IO, bmdma_map);
2899 ide_init2(&d->ide_if[0], hd_table[0], hd_table[1],
2900 pic_set_irq_new, isa_pic, 14);
2901 ide_init2(&d->ide_if[2], hd_table[2], hd_table[3],
2902 pic_set_irq_new, isa_pic, 15);
2903 ide_init_ioport(&d->ide_if[0], 0x1f0, 0x3f6);
2904 ide_init_ioport(&d->ide_if[2], 0x170, 0x376);
2906 buffered_pio_init();
2908 register_savevm("ide", 0, 2, pci_ide_save, pci_ide_load, d);
2911 /* hd_table must contain 4 block drivers */
2912 /* NOTE: for the PIIX3, the IRQs and IOports are hardcoded */
2913 void pci_piix3_ide_init(PCIBus *bus, BlockDriverState **hd_table, int devfn)
2915 PCIIDEState *d;
2916 uint8_t *pci_conf;
2918 /* register a function 1 of PIIX3 */
2919 d = (PCIIDEState *)pci_register_device(bus, "PIIX3 IDE",
2920 sizeof(PCIIDEState),
2921 devfn,
2922 NULL, NULL);
2923 d->type = IDE_TYPE_PIIX3;
2925 pci_conf = d->dev.config;
2926 pci_conf[0x00] = 0x86; // Intel
2927 pci_conf[0x01] = 0x80;
2928 pci_conf[0x02] = 0x10;
2929 pci_conf[0x03] = 0x70;
2930 pci_conf[0x09] = 0x80; // legacy ATA mode
2931 pci_conf[0x0a] = 0x01; // class_sub = PCI_IDE
2932 pci_conf[0x0b] = 0x01; // class_base = PCI_mass_storage
2933 pci_conf[0x0e] = 0x00; // header_type
2935 piix3_reset(d);
2937 pci_register_io_region((PCIDevice *)d, 4, 0x10,
2938 PCI_ADDRESS_SPACE_IO, bmdma_map);
2940 ide_init2(&d->ide_if[0], hd_table[0], hd_table[1],
2941 pic_set_irq_new, isa_pic, 14);
2942 ide_init2(&d->ide_if[2], hd_table[2], hd_table[3],
2943 pic_set_irq_new, isa_pic, 15);
2944 ide_init_ioport(&d->ide_if[0], 0x1f0, 0x3f6);
2945 ide_init_ioport(&d->ide_if[2], 0x170, 0x376);
2947 buffered_pio_init();
2949 register_savevm("ide", 0, 2, pci_ide_save, pci_ide_load, d);
2952 /***********************************************************/
2953 /* MacIO based PowerPC IDE */
2955 /* PowerMac IDE memory IO */
2956 static void pmac_ide_writeb (void *opaque,
2957 target_phys_addr_t addr, uint32_t val)
2959 addr = (addr & 0xFFF) >> 4;
2960 switch (addr) {
2961 case 1 ... 7:
2962 ide_ioport_write(opaque, addr, val);
2963 break;
2964 case 8:
2965 case 22:
2966 ide_cmd_write(opaque, 0, val);
2967 break;
2968 default:
2969 break;
2973 static uint32_t pmac_ide_readb (void *opaque,target_phys_addr_t addr)
2975 uint8_t retval;
2977 addr = (addr & 0xFFF) >> 4;
2978 switch (addr) {
2979 case 1 ... 7:
2980 retval = ide_ioport_read(opaque, addr);
2981 break;
2982 case 8:
2983 case 22:
2984 retval = ide_status_read(opaque, 0);
2985 break;
2986 default:
2987 retval = 0xFF;
2988 break;
2990 return retval;
2993 static void pmac_ide_writew (void *opaque,
2994 target_phys_addr_t addr, uint32_t val)
2996 addr = (addr & 0xFFF) >> 4;
2997 #ifdef TARGET_WORDS_BIGENDIAN
2998 val = bswap16(val);
2999 #endif
3000 if (addr == 0) {
3001 ide_data_writew(opaque, 0, val);
3005 static uint32_t pmac_ide_readw (void *opaque,target_phys_addr_t addr)
3007 uint16_t retval;
3009 addr = (addr & 0xFFF) >> 4;
3010 if (addr == 0) {
3011 retval = ide_data_readw(opaque, 0);
3012 } else {
3013 retval = 0xFFFF;
3015 #ifdef TARGET_WORDS_BIGENDIAN
3016 retval = bswap16(retval);
3017 #endif
3018 return retval;
3021 static void pmac_ide_writel (void *opaque,
3022 target_phys_addr_t addr, uint32_t val)
3024 addr = (addr & 0xFFF) >> 4;
3025 #ifdef TARGET_WORDS_BIGENDIAN
3026 val = bswap32(val);
3027 #endif
3028 if (addr == 0) {
3029 ide_data_writel(opaque, 0, val);
3033 static uint32_t pmac_ide_readl (void *opaque,target_phys_addr_t addr)
3035 uint32_t retval;
3037 addr = (addr & 0xFFF) >> 4;
3038 if (addr == 0) {
3039 retval = ide_data_readl(opaque, 0);
3040 } else {
3041 retval = 0xFFFFFFFF;
3043 #ifdef TARGET_WORDS_BIGENDIAN
3044 retval = bswap32(retval);
3045 #endif
3046 return retval;
3049 static CPUWriteMemoryFunc *pmac_ide_write[] = {
3050 pmac_ide_writeb,
3051 pmac_ide_writew,
3052 pmac_ide_writel,
3053 };
3055 static CPUReadMemoryFunc *pmac_ide_read[] = {
3056 pmac_ide_readb,
3057 pmac_ide_readw,
3058 pmac_ide_readl,
3059 };
3061 /* hd_table must contain 4 block drivers */
3062 /* PowerMac uses memory mapped registers, not I/O. Return the memory
3063 I/O index to access the ide. */
3064 int pmac_ide_init (BlockDriverState **hd_table,
3065 SetIRQFunc *set_irq, void *irq_opaque, int irq)
3067 IDEState *ide_if;
3068 int pmac_ide_memory;
3070 ide_if = qemu_mallocz(sizeof(IDEState) * 2);
3071 ide_init2(&ide_if[0], hd_table[0], hd_table[1],
3072 set_irq, irq_opaque, irq);
3074 pmac_ide_memory = cpu_register_io_memory(0, pmac_ide_read,
3075 pmac_ide_write, &ide_if[0]);
3076 return pmac_ide_memory;