direct-io.hg

view tools/ioemu/hw/ide.c @ 12722:fd28a1b139de

[QEMU] Error reporting in IDE device model.

Following on from my patch to make blktap report I/O errors back to
guest OS, a similar problem exists in the QEMU codebase. The IDE
driver never reports I/O errors during read/write operations back to
the guest OS. Instead all I/O operations are reported as
succesfull. If, for example, the host FS holding the disk image fills
up, then writes may fail due to lack of space. Since the guest OS
never sees these failures, it assumes all is well & will continue
writing. Eventually this can lead to severe & unrecoverable filesystem
corruption.

The attached patch fixes QEMU ide driver such that any failure of a
read or write operation sets the appropriate IDE status/error
registers. Having read the ATA-6 spec I think the most compliant
behaviour is to set the status register to 'READY_STAT | ERR_STAT',
and the error register to ABRT_ERR. There is already a convenience
function ide_abort_command() in the QEMU codebase which does just
this, so the attached patch simply calls that function.

With this patch the guest OS sees the I/O failure & the kernel logs
IDE errors and then retries the operation. This at least ensures that
the guest can be shutdown the out of space issue in the host corrected
and the guest restarted, without any serious filesystem damage having
occurred.

From: Daniel Berrange <berrange@redhat.com>
Signed-off-by: Keir Fraser <keir@xensource.com>
author kfraser@localhost.localdomain
date Mon Dec 04 09:29:26 2006 +0000 (2006-12-04)
parents 1e8ba8d21175
children 239c8504f48d
line source
1 /*
2 * QEMU IDE disk and CD-ROM Emulator
3 *
4 * Copyright (c) 2003 Fabrice Bellard
5 *
6 * Permission is hereby granted, free of charge, to any person obtaining a copy
7 * of this software and associated documentation files (the "Software"), to deal
8 * in the Software without restriction, including without limitation the rights
9 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
10 * copies of the Software, and to permit persons to whom the Software is
11 * furnished to do so, subject to the following conditions:
12 *
13 * The above copyright notice and this permission notice shall be included in
14 * all copies or substantial portions of the Software.
15 *
16 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
17 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
18 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
19 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
20 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
21 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
22 * THE SOFTWARE.
23 */
24 #include "vl.h"
25 #include <pthread.h>
27 /* debug IDE devices */
28 //#define DEBUG_IDE
29 //#define DEBUG_IDE_ATAPI
31 /* Bits of HD_STATUS */
32 #define ERR_STAT 0x01
33 #define INDEX_STAT 0x02
34 #define ECC_STAT 0x04 /* Corrected error */
35 #define DRQ_STAT 0x08
36 #define SEEK_STAT 0x10
37 #define SRV_STAT 0x10
38 #define WRERR_STAT 0x20
39 #define READY_STAT 0x40
40 #define BUSY_STAT 0x80
42 /* Bits for HD_ERROR */
43 #define MARK_ERR 0x01 /* Bad address mark */
44 #define TRK0_ERR 0x02 /* couldn't find track 0 */
45 #define ABRT_ERR 0x04 /* Command aborted */
46 #define MCR_ERR 0x08 /* media change request */
47 #define ID_ERR 0x10 /* ID field not found */
48 #define MC_ERR 0x20 /* media changed */
49 #define ECC_ERR 0x40 /* Uncorrectable ECC error */
50 #define BBD_ERR 0x80 /* pre-EIDE meaning: block marked bad */
51 #define ICRC_ERR 0x80 /* new meaning: CRC error during transfer */
53 /* Bits of HD_NSECTOR */
54 #define CD 0x01
55 #define IO 0x02
56 #define REL 0x04
57 #define TAG_MASK 0xf8
59 #define IDE_CMD_RESET 0x04
60 #define IDE_CMD_DISABLE_IRQ 0x02
62 /* ATA/ATAPI Commands pre T13 Spec */
63 #define WIN_NOP 0x00
64 /*
65 * 0x01->0x02 Reserved
66 */
67 #define CFA_REQ_EXT_ERROR_CODE 0x03 /* CFA Request Extended Error Code */
68 /*
69 * 0x04->0x07 Reserved
70 */
71 #define WIN_SRST 0x08 /* ATAPI soft reset command */
72 #define WIN_DEVICE_RESET 0x08
73 /*
74 * 0x09->0x0F Reserved
75 */
76 #define WIN_RECAL 0x10
77 #define WIN_RESTORE WIN_RECAL
78 /*
79 * 0x10->0x1F Reserved
80 */
81 #define WIN_READ 0x20 /* 28-Bit */
82 #define WIN_READ_ONCE 0x21 /* 28-Bit without retries */
83 #define WIN_READ_LONG 0x22 /* 28-Bit */
84 #define WIN_READ_LONG_ONCE 0x23 /* 28-Bit without retries */
85 #define WIN_READ_EXT 0x24 /* 48-Bit */
86 #define WIN_READDMA_EXT 0x25 /* 48-Bit */
87 #define WIN_READDMA_QUEUED_EXT 0x26 /* 48-Bit */
88 #define WIN_READ_NATIVE_MAX_EXT 0x27 /* 48-Bit */
89 /*
90 * 0x28
91 */
92 #define WIN_MULTREAD_EXT 0x29 /* 48-Bit */
93 /*
94 * 0x2A->0x2F Reserved
95 */
96 #define WIN_WRITE 0x30 /* 28-Bit */
97 #define WIN_WRITE_ONCE 0x31 /* 28-Bit without retries */
98 #define WIN_WRITE_LONG 0x32 /* 28-Bit */
99 #define WIN_WRITE_LONG_ONCE 0x33 /* 28-Bit without retries */
100 #define WIN_WRITE_EXT 0x34 /* 48-Bit */
101 #define WIN_WRITEDMA_EXT 0x35 /* 48-Bit */
102 #define WIN_WRITEDMA_QUEUED_EXT 0x36 /* 48-Bit */
103 #define WIN_SET_MAX_EXT 0x37 /* 48-Bit */
104 #define CFA_WRITE_SECT_WO_ERASE 0x38 /* CFA Write Sectors without erase */
105 #define WIN_MULTWRITE_EXT 0x39 /* 48-Bit */
106 /*
107 * 0x3A->0x3B Reserved
108 */
109 #define WIN_WRITE_VERIFY 0x3C /* 28-Bit */
110 /*
111 * 0x3D->0x3F Reserved
112 */
113 #define WIN_VERIFY 0x40 /* 28-Bit - Read Verify Sectors */
114 #define WIN_VERIFY_ONCE 0x41 /* 28-Bit - without retries */
115 #define WIN_VERIFY_EXT 0x42 /* 48-Bit */
116 /*
117 * 0x43->0x4F Reserved
118 */
119 #define WIN_FORMAT 0x50
120 /*
121 * 0x51->0x5F Reserved
122 */
123 #define WIN_INIT 0x60
124 /*
125 * 0x61->0x5F Reserved
126 */
127 #define WIN_SEEK 0x70 /* 0x70-0x7F Reserved */
128 #define CFA_TRANSLATE_SECTOR 0x87 /* CFA Translate Sector */
129 #define WIN_DIAGNOSE 0x90
130 #define WIN_SPECIFY 0x91 /* set drive geometry translation */
131 #define WIN_DOWNLOAD_MICROCODE 0x92
132 #define WIN_STANDBYNOW2 0x94
133 #define WIN_STANDBY2 0x96
134 #define WIN_SETIDLE2 0x97
135 #define WIN_CHECKPOWERMODE2 0x98
136 #define WIN_SLEEPNOW2 0x99
137 /*
138 * 0x9A VENDOR
139 */
140 #define WIN_PACKETCMD 0xA0 /* Send a packet command. */
141 #define WIN_PIDENTIFY 0xA1 /* identify ATAPI device */
142 #define WIN_QUEUED_SERVICE 0xA2
143 #define WIN_SMART 0xB0 /* self-monitoring and reporting */
144 #define CFA_ERASE_SECTORS 0xC0
145 #define WIN_MULTREAD 0xC4 /* read sectors using multiple mode*/
146 #define WIN_MULTWRITE 0xC5 /* write sectors using multiple mode */
147 #define WIN_SETMULT 0xC6 /* enable/disable multiple mode */
148 #define WIN_READDMA_QUEUED 0xC7 /* read sectors using Queued DMA transfers */
149 #define WIN_READDMA 0xC8 /* read sectors using DMA transfers */
150 #define WIN_READDMA_ONCE 0xC9 /* 28-Bit - without retries */
151 #define WIN_WRITEDMA 0xCA /* write sectors using DMA transfers */
152 #define WIN_WRITEDMA_ONCE 0xCB /* 28-Bit - without retries */
153 #define WIN_WRITEDMA_QUEUED 0xCC /* write sectors using Queued DMA transfers */
154 #define CFA_WRITE_MULTI_WO_ERASE 0xCD /* CFA Write multiple without erase */
155 #define WIN_GETMEDIASTATUS 0xDA
156 #define WIN_ACKMEDIACHANGE 0xDB /* ATA-1, ATA-2 vendor */
157 #define WIN_POSTBOOT 0xDC
158 #define WIN_PREBOOT 0xDD
159 #define WIN_DOORLOCK 0xDE /* lock door on removable drives */
160 #define WIN_DOORUNLOCK 0xDF /* unlock door on removable drives */
161 #define WIN_STANDBYNOW1 0xE0
162 #define WIN_IDLEIMMEDIATE 0xE1 /* force drive to become "ready" */
163 #define WIN_STANDBY 0xE2 /* Set device in Standby Mode */
164 #define WIN_SETIDLE1 0xE3
165 #define WIN_READ_BUFFER 0xE4 /* force read only 1 sector */
166 #define WIN_CHECKPOWERMODE1 0xE5
167 #define WIN_SLEEPNOW1 0xE6
168 #define WIN_FLUSH_CACHE 0xE7
169 #define WIN_WRITE_BUFFER 0xE8 /* force write only 1 sector */
170 #define WIN_WRITE_SAME 0xE9 /* read ata-2 to use */
171 /* SET_FEATURES 0x22 or 0xDD */
172 #define WIN_FLUSH_CACHE_EXT 0xEA /* 48-Bit */
173 #define WIN_IDENTIFY 0xEC /* ask drive to identify itself */
174 #define WIN_MEDIAEJECT 0xED
175 #define WIN_IDENTIFY_DMA 0xEE /* same as WIN_IDENTIFY, but DMA */
176 #define WIN_SETFEATURES 0xEF /* set special drive features */
177 #define EXABYTE_ENABLE_NEST 0xF0
178 #define WIN_SECURITY_SET_PASS 0xF1
179 #define WIN_SECURITY_UNLOCK 0xF2
180 #define WIN_SECURITY_ERASE_PREPARE 0xF3
181 #define WIN_SECURITY_ERASE_UNIT 0xF4
182 #define WIN_SECURITY_FREEZE_LOCK 0xF5
183 #define WIN_SECURITY_DISABLE 0xF6
184 #define WIN_READ_NATIVE_MAX 0xF8 /* return the native maximum address */
185 #define WIN_SET_MAX 0xF9
186 #define DISABLE_SEAGATE 0xFB
188 /* set to 1 set disable mult support */
189 #define MAX_MULT_SECTORS 16
191 /* ATAPI defines */
193 #define ATAPI_PACKET_SIZE 12
195 /* The generic packet command opcodes for CD/DVD Logical Units,
196 * From Table 57 of the SFF8090 Ver. 3 (Mt. Fuji) draft standard. */
197 #define GPCMD_BLANK 0xa1
198 #define GPCMD_CLOSE_TRACK 0x5b
199 #define GPCMD_FLUSH_CACHE 0x35
200 #define GPCMD_FORMAT_UNIT 0x04
201 #define GPCMD_GET_CONFIGURATION 0x46
202 #define GPCMD_GET_EVENT_STATUS_NOTIFICATION 0x4a
203 #define GPCMD_GET_PERFORMANCE 0xac
204 #define GPCMD_INQUIRY 0x12
205 #define GPCMD_LOAD_UNLOAD 0xa6
206 #define GPCMD_MECHANISM_STATUS 0xbd
207 #define GPCMD_MODE_SELECT_10 0x55
208 #define GPCMD_MODE_SENSE_10 0x5a
209 #define GPCMD_PAUSE_RESUME 0x4b
210 #define GPCMD_PLAY_AUDIO_10 0x45
211 #define GPCMD_PLAY_AUDIO_MSF 0x47
212 #define GPCMD_PLAY_AUDIO_TI 0x48
213 #define GPCMD_PLAY_CD 0xbc
214 #define GPCMD_PREVENT_ALLOW_MEDIUM_REMOVAL 0x1e
215 #define GPCMD_READ_10 0x28
216 #define GPCMD_READ_12 0xa8
217 #define GPCMD_READ_CDVD_CAPACITY 0x25
218 #define GPCMD_READ_CD 0xbe
219 #define GPCMD_READ_CD_MSF 0xb9
220 #define GPCMD_READ_DISC_INFO 0x51
221 #define GPCMD_READ_DVD_STRUCTURE 0xad
222 #define GPCMD_READ_FORMAT_CAPACITIES 0x23
223 #define GPCMD_READ_HEADER 0x44
224 #define GPCMD_READ_TRACK_RZONE_INFO 0x52
225 #define GPCMD_READ_SUBCHANNEL 0x42
226 #define GPCMD_READ_TOC_PMA_ATIP 0x43
227 #define GPCMD_REPAIR_RZONE_TRACK 0x58
228 #define GPCMD_REPORT_KEY 0xa4
229 #define GPCMD_REQUEST_SENSE 0x03
230 #define GPCMD_RESERVE_RZONE_TRACK 0x53
231 #define GPCMD_SCAN 0xba
232 #define GPCMD_SEEK 0x2b
233 #define GPCMD_SEND_DVD_STRUCTURE 0xad
234 #define GPCMD_SEND_EVENT 0xa2
235 #define GPCMD_SEND_KEY 0xa3
236 #define GPCMD_SEND_OPC 0x54
237 #define GPCMD_SET_READ_AHEAD 0xa7
238 #define GPCMD_SET_STREAMING 0xb6
239 #define GPCMD_START_STOP_UNIT 0x1b
240 #define GPCMD_STOP_PLAY_SCAN 0x4e
241 #define GPCMD_TEST_UNIT_READY 0x00
242 #define GPCMD_VERIFY_10 0x2f
243 #define GPCMD_WRITE_10 0x2a
244 #define GPCMD_WRITE_AND_VERIFY_10 0x2e
245 /* This is listed as optional in ATAPI 2.6, but is (curiously)
246 * missing from Mt. Fuji, Table 57. It _is_ mentioned in Mt. Fuji
247 * Table 377 as an MMC command for SCSi devices though... Most ATAPI
248 * drives support it. */
249 #define GPCMD_SET_SPEED 0xbb
250 /* This seems to be a SCSI specific CD-ROM opcode
251 * to play data at track/index */
252 #define GPCMD_PLAYAUDIO_TI 0x48
253 /*
254 * From MS Media Status Notification Support Specification. For
255 * older drives only.
256 */
257 #define GPCMD_GET_MEDIA_STATUS 0xda
259 /* Mode page codes for mode sense/set */
260 #define GPMODE_R_W_ERROR_PAGE 0x01
261 #define GPMODE_WRITE_PARMS_PAGE 0x05
262 #define GPMODE_AUDIO_CTL_PAGE 0x0e
263 #define GPMODE_POWER_PAGE 0x1a
264 #define GPMODE_FAULT_FAIL_PAGE 0x1c
265 #define GPMODE_TO_PROTECT_PAGE 0x1d
266 #define GPMODE_CAPABILITIES_PAGE 0x2a
267 #define GPMODE_ALL_PAGES 0x3f
268 /* Not in Mt. Fuji, but in ATAPI 2.6 -- depricated now in favor
269 * of MODE_SENSE_POWER_PAGE */
270 #define GPMODE_CDROM_PAGE 0x0d
272 #define ATAPI_INT_REASON_CD 0x01 /* 0 = data transfer */
273 #define ATAPI_INT_REASON_IO 0x02 /* 1 = transfer to the host */
274 #define ATAPI_INT_REASON_REL 0x04
275 #define ATAPI_INT_REASON_TAG 0xf8
277 /* same constants as bochs */
278 #define ASC_ILLEGAL_OPCODE 0x20
279 #define ASC_LOGICAL_BLOCK_OOR 0x21
280 #define ASC_INV_FIELD_IN_CMD_PACKET 0x24
281 #define ASC_MEDIUM_NOT_PRESENT 0x3a
282 #define ASC_SAVING_PARAMETERS_NOT_SUPPORTED 0x39
284 #define SENSE_NONE 0
285 #define SENSE_NOT_READY 2
286 #define SENSE_ILLEGAL_REQUEST 5
287 #define SENSE_UNIT_ATTENTION 6
289 struct IDEState;
291 typedef void EndTransferFunc(struct IDEState *);
293 /* NOTE: IDEState represents in fact one drive */
294 typedef struct IDEState {
295 /* ide config */
296 int is_cdrom;
297 int cylinders, heads, sectors;
298 int64_t nb_sectors;
299 int mult_sectors;
300 int identify_set;
301 uint16_t identify_data[256];
302 SetIRQFunc *set_irq;
303 void *irq_opaque;
304 int irq;
305 PCIDevice *pci_dev;
306 struct BMDMAState *bmdma;
307 int drive_serial;
308 int write_cache;
309 /* ide regs */
310 uint8_t feature;
311 uint8_t error;
312 uint32_t nsector;
313 uint8_t sector;
314 uint8_t lcyl;
315 uint8_t hcyl;
316 /* other part of tf for lba48 support */
317 uint8_t hob_feature;
318 uint8_t hob_nsector;
319 uint8_t hob_sector;
320 uint8_t hob_lcyl;
321 uint8_t hob_hcyl;
323 uint8_t select;
324 uint8_t status;
326 /* 0x3f6 command, only meaningful for drive 0 */
327 uint8_t cmd;
328 /* set for lba48 access */
329 uint8_t lba48;
330 /* depends on bit 4 in select, only meaningful for drive 0 */
331 struct IDEState *cur_drive;
332 BlockDriverState *bs;
333 /* ATAPI specific */
334 uint8_t sense_key;
335 uint8_t asc;
336 int packet_transfer_size;
337 int elementary_transfer_size;
338 int io_buffer_index;
339 int lba;
340 int cd_sector_size;
341 int atapi_dma; /* true if dma is requested for the packet cmd */
342 /* ATA DMA state */
343 int io_buffer_size;
344 /* PIO transfer handling */
345 int req_nb_sectors; /* number of sectors per interrupt */
346 EndTransferFunc *end_transfer_func;
347 uint8_t *data_ptr;
348 uint8_t *data_end;
349 uint8_t io_buffer[MAX_MULT_SECTORS*512 + 4];
350 QEMUTimer *sector_write_timer; /* only used for win2k instal hack */
351 uint32_t irq_count; /* counts IRQs when using win2k install hack */
352 } IDEState;
354 #define BM_STATUS_DMAING 0x01
355 #define BM_STATUS_ERROR 0x02
356 #define BM_STATUS_INT 0x04
358 #define BM_CMD_START 0x01
359 #define BM_CMD_READ 0x08
361 #define IDE_TYPE_PIIX3 0
362 #define IDE_TYPE_CMD646 1
364 /* CMD646 specific */
365 #define MRDMODE 0x71
366 #define MRDMODE_INTR_CH0 0x04
367 #define MRDMODE_INTR_CH1 0x08
368 #define MRDMODE_BLK_CH0 0x10
369 #define MRDMODE_BLK_CH1 0x20
370 #define UDIDETCR0 0x73
371 #define UDIDETCR1 0x7B
373 typedef int IDEDMAFunc(IDEState *s,
374 target_phys_addr_t phys_addr,
375 int transfer_size1);
377 typedef struct BMDMAState {
378 uint8_t cmd;
379 uint8_t status;
380 uint32_t addr;
382 struct PCIIDEState *pci_dev;
383 /* current transfer state */
384 IDEState *ide_if;
385 IDEDMAFunc *dma_cb;
386 } BMDMAState;
388 typedef struct PCIIDEState {
389 PCIDevice dev;
390 IDEState ide_if[4];
391 BMDMAState bmdma[2];
392 int type; /* see IDE_TYPE_xxx */
393 } PCIIDEState;
395 #define DMA_MULTI_THREAD
397 #ifdef DMA_MULTI_THREAD
399 static int file_pipes[2];
401 static void ide_dma_loop(BMDMAState *bm);
402 static void dma_thread_loop(BMDMAState *bm);
404 static void *dma_thread_func(void* opaque)
405 {
406 BMDMAState* req;
408 while (read(file_pipes[0], &req, sizeof(req))) {
409 dma_thread_loop(req);
410 }
412 return NULL;
413 }
415 static void dma_create_thread(void)
416 {
417 pthread_t tid;
418 int rt;
420 if (pipe(file_pipes) != 0) {
421 fprintf(stderr, "create pipe failed\n");
422 exit(1);
423 }
425 if ((rt = pthread_create(&tid, NULL, dma_thread_func, NULL))) {
426 fprintf(stderr, "Oops, dma thread creation failed, errno=%d\n", rt);
427 exit(1);
428 }
430 if ((rt = pthread_detach(tid))) {
431 fprintf(stderr, "Oops, dma thread detachment failed, errno=%d\n", rt);
432 exit(1);
433 }
434 }
435 #endif /* DMA_MULTI_THREAD */
437 static void ide_dma_start(IDEState *s, IDEDMAFunc *dma_cb);
439 static void padstr(char *str, const char *src, int len)
440 {
441 int i, v;
442 for(i = 0; i < len; i++) {
443 if (*src)
444 v = *src++;
445 else
446 v = ' ';
447 *(char *)((long)str ^ 1) = v;
448 str++;
449 }
450 }
452 static void padstr8(uint8_t *buf, int buf_size, const char *src)
453 {
454 int i;
455 for(i = 0; i < buf_size; i++) {
456 if (*src)
457 buf[i] = *src++;
458 else
459 buf[i] = ' ';
460 }
461 }
463 static void put_le16(uint16_t *p, unsigned int v)
464 {
465 *p = cpu_to_le16(v);
466 }
468 static void ide_identify(IDEState *s)
469 {
470 uint16_t *p;
471 unsigned int oldsize;
472 char buf[20];
474 if (s->identify_set) {
475 memcpy(s->io_buffer, s->identify_data, sizeof(s->identify_data));
476 return;
477 }
479 memset(s->io_buffer, 0, 512);
480 p = (uint16_t *)s->io_buffer;
481 put_le16(p + 0, 0x0040);
482 put_le16(p + 1, s->cylinders);
483 put_le16(p + 3, s->heads);
484 put_le16(p + 4, 512 * s->sectors); /* XXX: retired, remove ? */
485 put_le16(p + 5, 512); /* XXX: retired, remove ? */
486 put_le16(p + 6, s->sectors);
487 snprintf(buf, sizeof(buf), "QM%05d", s->drive_serial);
488 padstr((uint8_t *)(p + 10), buf, 20); /* serial number */
489 put_le16(p + 20, 3); /* XXX: retired, remove ? */
490 put_le16(p + 21, 512); /* cache size in sectors */
491 put_le16(p + 22, 4); /* ecc bytes */
492 padstr((uint8_t *)(p + 23), QEMU_VERSION, 8); /* firmware version */
493 padstr((uint8_t *)(p + 27), "QEMU HARDDISK", 40); /* model */
494 #if MAX_MULT_SECTORS > 1
495 put_le16(p + 47, 0x8000 | MAX_MULT_SECTORS);
496 #endif
497 put_le16(p + 48, 1); /* dword I/O */
498 put_le16(p + 49, (1 << 11) | (1 << 9) | (1 << 8)); /* DMA and LBA supported */
499 put_le16(p + 51, 0x200); /* PIO transfer cycle */
500 put_le16(p + 52, 0x200); /* DMA transfer cycle */
501 put_le16(p + 53, 1 | (1 << 1) | (1 << 2)); /* words 54-58,64-70,88 are valid */
502 put_le16(p + 54, s->cylinders);
503 put_le16(p + 55, s->heads);
504 put_le16(p + 56, s->sectors);
505 oldsize = s->cylinders * s->heads * s->sectors;
506 put_le16(p + 57, oldsize);
507 put_le16(p + 58, oldsize >> 16);
508 if (s->mult_sectors)
509 put_le16(p + 59, 0x100 | s->mult_sectors);
510 put_le16(p + 60, s->nb_sectors);
511 put_le16(p + 61, s->nb_sectors >> 16);
512 put_le16(p + 63, 0x07); /* mdma0-2 supported */
513 put_le16(p + 65, 120);
514 put_le16(p + 66, 120);
515 put_le16(p + 67, 120);
516 put_le16(p + 68, 120);
517 put_le16(p + 80, 0xf0); /* ata3 -> ata6 supported */
518 put_le16(p + 81, 0x16); /* conforms to ata5 */
519 put_le16(p + 82, (1 << 14));
520 /* 13=flush_cache_ext,12=flush_cache,10=lba48 */
521 put_le16(p + 83, (1 << 14) | (1 << 13) | (1 <<12) | (1 << 10));
522 put_le16(p + 84, (1 << 14));
523 put_le16(p + 85, (1 << 14));
524 /* 13=flush_cache_ext,12=flush_cache,10=lba48 */
525 put_le16(p + 86, (1 << 14) | (1 << 13) | (1 <<12) | (1 << 10));
526 put_le16(p + 87, (1 << 14));
527 put_le16(p + 88, 0x3f | (1 << 13)); /* udma5 set and supported */
528 put_le16(p + 93, 1 | (1 << 14) | 0x2000);
529 put_le16(p + 100, s->nb_sectors);
530 put_le16(p + 101, s->nb_sectors >> 16);
531 put_le16(p + 102, s->nb_sectors >> 32);
532 put_le16(p + 103, s->nb_sectors >> 48);
534 memcpy(s->identify_data, p, sizeof(s->identify_data));
535 s->identify_set = 1;
536 }
538 static void ide_atapi_identify(IDEState *s)
539 {
540 uint16_t *p;
541 char buf[20];
543 if (s->identify_set) {
544 memcpy(s->io_buffer, s->identify_data, sizeof(s->identify_data));
545 return;
546 }
548 memset(s->io_buffer, 0, 512);
549 p = (uint16_t *)s->io_buffer;
550 /* Removable CDROM, 50us response, 12 byte packets */
551 put_le16(p + 0, (2 << 14) | (5 << 8) | (1 << 7) | (2 << 5) | (0 << 0));
552 snprintf(buf, sizeof(buf), "QM%05d", s->drive_serial);
553 padstr((uint8_t *)(p + 10), buf, 20); /* serial number */
554 put_le16(p + 20, 3); /* buffer type */
555 put_le16(p + 21, 512); /* cache size in sectors */
556 put_le16(p + 22, 4); /* ecc bytes */
557 padstr((uint8_t *)(p + 23), QEMU_VERSION, 8); /* firmware version */
558 padstr((uint8_t *)(p + 27), "QEMU CD-ROM", 40); /* model */
559 put_le16(p + 48, 1); /* dword I/O (XXX: should not be set on CDROM) */
560 put_le16(p + 49, (1 << 11) | (1 << 9) | (1 << 8)); /* DMA and LBA supported */
561 put_le16(p + 53, 3); /* words 64-70, 54-58 valid */
562 put_le16(p + 63, 0x07); /* mdma0-2 supported */
563 put_le16(p + 64, 1); /* PIO modes */
564 put_le16(p + 65, 0xb4); /* minimum DMA multiword tx cycle time */
565 put_le16(p + 66, 0xb4); /* recommended DMA multiword tx cycle time */
566 put_le16(p + 67, 0x12c); /* minimum PIO cycle time without flow control */
567 put_le16(p + 68, 0xb4); /* minimum PIO cycle time with IORDY flow control */
569 put_le16(p + 71, 30); /* in ns */
570 put_le16(p + 72, 30); /* in ns */
572 put_le16(p + 80, 0x1e); /* support up to ATA/ATAPI-4 */
574 memcpy(s->identify_data, p, sizeof(s->identify_data));
575 s->identify_set = 1;
576 }
578 static void ide_set_signature(IDEState *s)
579 {
580 s->select &= 0xf0; /* clear head */
581 /* put signature */
582 s->nsector = 1;
583 s->sector = 1;
584 if (s->is_cdrom) {
585 s->lcyl = 0x14;
586 s->hcyl = 0xeb;
587 } else if (s->bs) {
588 s->lcyl = 0;
589 s->hcyl = 0;
590 } else {
591 s->lcyl = 0xff;
592 s->hcyl = 0xff;
593 }
594 }
596 static inline void ide_abort_command(IDEState *s)
597 {
598 s->status = READY_STAT | ERR_STAT;
599 s->error = ABRT_ERR;
600 }
602 static inline void ide_set_irq(IDEState *s)
603 {
604 BMDMAState *bm = s->bmdma;
605 if (!(s->cmd & IDE_CMD_DISABLE_IRQ)) {
606 if (bm) {
607 bm->status |= BM_STATUS_INT;
608 }
609 s->set_irq(s->irq_opaque, s->irq, 1);
610 }
611 }
613 /* prepare data transfer and tell what to do after */
614 static void ide_transfer_start(IDEState *s, uint8_t *buf, int size,
615 EndTransferFunc *end_transfer_func)
616 {
617 s->end_transfer_func = end_transfer_func;
618 s->data_ptr = buf;
619 s->data_end = buf + size;
620 s->status |= DRQ_STAT;
621 }
623 static void ide_transfer_stop(IDEState *s)
624 {
625 s->end_transfer_func = ide_transfer_stop;
626 s->data_ptr = s->io_buffer;
627 s->data_end = s->io_buffer;
628 s->status &= ~DRQ_STAT;
629 }
631 static int64_t ide_get_sector(IDEState *s)
632 {
633 int64_t sector_num;
634 if (s->select & 0x40) {
635 /* lba */
636 if (!s->lba48) {
637 sector_num = ((s->select & 0x0f) << 24) | (s->hcyl << 16) |
638 (s->lcyl << 8) | s->sector;
639 } else {
640 sector_num = ((int64_t)s->hob_hcyl << 40) |
641 ((int64_t) s->hob_lcyl << 32) |
642 ((int64_t) s->hob_sector << 24) |
643 ((int64_t) s->hcyl << 16) |
644 ((int64_t) s->lcyl << 8) | s->sector;
645 }
646 } else {
647 sector_num = ((s->hcyl << 8) | s->lcyl) * s->heads * s->sectors +
648 (s->select & 0x0f) * s->sectors + (s->sector - 1);
649 }
650 return sector_num;
651 }
653 static void ide_set_sector(IDEState *s, int64_t sector_num)
654 {
655 unsigned int cyl, r;
656 if (s->select & 0x40) {
657 if (!s->lba48) {
658 s->select = (s->select & 0xf0) | (sector_num >> 24);
659 s->hcyl = (sector_num >> 16);
660 s->lcyl = (sector_num >> 8);
661 s->sector = (sector_num);
662 } else {
663 s->sector = sector_num;
664 s->lcyl = sector_num >> 8;
665 s->hcyl = sector_num >> 16;
666 s->hob_sector = sector_num >> 24;
667 s->hob_lcyl = sector_num >> 32;
668 s->hob_hcyl = sector_num >> 40;
669 }
670 } else {
671 cyl = sector_num / (s->heads * s->sectors);
672 r = sector_num % (s->heads * s->sectors);
673 s->hcyl = cyl >> 8;
674 s->lcyl = cyl;
675 s->select = (s->select & 0xf0) | ((r / s->sectors) & 0x0f);
676 s->sector = (r % s->sectors) + 1;
677 }
678 }
680 static void ide_sector_read(IDEState *s)
681 {
682 int64_t sector_num;
683 int n;
685 s->status = READY_STAT | SEEK_STAT;
686 s->error = 0; /* not needed by IDE spec, but needed by Windows */
687 sector_num = ide_get_sector(s);
688 n = s->nsector;
689 if (n == 0) {
690 /* no more sector to read from disk */
691 ide_transfer_stop(s);
692 } else {
693 #if defined(DEBUG_IDE)
694 printf("read sector=%Ld\n", sector_num);
695 #endif
696 if (n > s->req_nb_sectors)
697 n = s->req_nb_sectors;
698 if (bdrv_read(s->bs, sector_num, s->io_buffer, n) != 0) {
699 ide_abort_command(s);
700 ide_set_irq(s);
701 return;
702 }
703 ide_transfer_start(s, s->io_buffer, 512 * n, ide_sector_read);
704 ide_set_irq(s);
705 ide_set_sector(s, sector_num + n);
706 s->nsector -= n;
707 }
708 }
710 static int ide_read_dma_cb(IDEState *s,
711 target_phys_addr_t phys_addr,
712 int transfer_size1)
713 {
714 int len, transfer_size, n;
715 int64_t sector_num;
717 transfer_size = transfer_size1;
718 while (transfer_size > 0) {
719 len = s->io_buffer_size - s->io_buffer_index;
720 if (len <= 0) {
721 /* transfert next data */
722 n = s->nsector;
723 if (n == 0)
724 break;
725 if (n > MAX_MULT_SECTORS)
726 n = MAX_MULT_SECTORS;
727 sector_num = ide_get_sector(s);
728 if (bdrv_read(s->bs, sector_num, s->io_buffer, n) != 0) {
729 ide_abort_command(s);
730 ide_set_irq(s);
731 return 0;
732 }
733 s->io_buffer_index = 0;
734 s->io_buffer_size = n * 512;
735 len = s->io_buffer_size;
736 sector_num += n;
737 ide_set_sector(s, sector_num);
738 s->nsector -= n;
739 }
740 if (len > transfer_size)
741 len = transfer_size;
742 cpu_physical_memory_write(phys_addr,
743 s->io_buffer + s->io_buffer_index, len);
744 s->io_buffer_index += len;
745 transfer_size -= len;
746 phys_addr += len;
747 }
748 if (s->io_buffer_index >= s->io_buffer_size && s->nsector == 0) {
749 s->status = READY_STAT | SEEK_STAT;
750 #ifndef DMA_MULTI_THREAD
751 ide_set_irq(s);
752 #endif /* !DMA_MULTI_THREAD */
753 #ifdef DEBUG_IDE_ATAPI
754 printf("dma status=0x%x\n", s->status);
755 #endif
756 return 0;
757 }
758 return transfer_size1 - transfer_size;
759 }
761 static void ide_sector_read_dma(IDEState *s)
762 {
763 s->status = READY_STAT | SEEK_STAT | DRQ_STAT;
764 s->io_buffer_index = 0;
765 s->io_buffer_size = 0;
766 ide_dma_start(s, ide_read_dma_cb);
767 }
769 static void ide_sector_write_timer_cb(void *opaque)
770 {
771 IDEState *s = opaque;
772 ide_set_irq(s);
773 }
775 static void ide_sector_write(IDEState *s)
776 {
777 int64_t sector_num;
778 int n, n1;
780 s->status = READY_STAT | SEEK_STAT;
781 sector_num = ide_get_sector(s);
782 #if defined(DEBUG_IDE)
783 printf("write sector=%Ld\n", sector_num);
784 #endif
785 n = s->nsector;
786 if (n > s->req_nb_sectors)
787 n = s->req_nb_sectors;
788 if (bdrv_write(s->bs, sector_num, s->io_buffer, n) != 0) {
789 ide_abort_command(s);
790 ide_set_irq(s);
791 return;
792 }
793 s->nsector -= n;
794 if (s->nsector == 0) {
795 /* no more sector to write */
796 ide_transfer_stop(s);
797 } else {
798 n1 = s->nsector;
799 if (n1 > s->req_nb_sectors)
800 n1 = s->req_nb_sectors;
801 ide_transfer_start(s, s->io_buffer, 512 * n1, ide_sector_write);
802 }
803 ide_set_sector(s, sector_num + n);
805 if (!s->write_cache)
806 bdrv_flush(s->bs);
808 #ifdef TARGET_I386
809 if (win2k_install_hack && ((++s->irq_count % 16) == 0)) {
810 /* It seems there is a bug in the Windows 2000 installer HDD
811 IDE driver which fills the disk with empty logs when the
812 IDE write IRQ comes too early. This hack tries to correct
813 that at the expense of slower write performances. Use this
814 option _only_ to install Windows 2000. You must disable it
815 for normal use. */
816 qemu_mod_timer(s->sector_write_timer,
817 qemu_get_clock(vm_clock) + (ticks_per_sec / 1000));
818 } else
819 #endif
820 {
821 ide_set_irq(s);
822 }
823 }
825 static int ide_write_dma_cb(IDEState *s,
826 target_phys_addr_t phys_addr,
827 int transfer_size1)
828 {
829 int len, transfer_size, n;
830 int64_t sector_num;
832 transfer_size = transfer_size1;
833 for(;;) {
834 len = s->io_buffer_size - s->io_buffer_index;
835 if (len == 0) {
836 n = s->io_buffer_size >> 9;
837 sector_num = ide_get_sector(s);
838 if (bdrv_write(s->bs, sector_num, s->io_buffer,
839 s->io_buffer_size >> 9) != 0) {
840 ide_abort_command(s);
841 ide_set_irq(s);
842 return 0;
843 }
845 sector_num += n;
846 ide_set_sector(s, sector_num);
847 s->nsector -= n;
848 n = s->nsector;
849 if (n == 0) {
850 /* end of transfer */
851 s->status = READY_STAT | SEEK_STAT;
852 #ifdef TARGET_I386
853 if (win2k_install_hack && ((++s->irq_count % 16) == 0)) {
854 /* It seems there is a bug in the Windows 2000 installer
855 HDD IDE driver which fills the disk with empty logs
856 when the IDE write IRQ comes too early. This hack tries
857 to correct that at the expense of slower write
858 performances. Use this option _only_ to install Windows
859 2000. You must disable it for normal use. */
860 qemu_mod_timer(s->sector_write_timer,
861 qemu_get_clock(vm_clock) + (ticks_per_sec / 1000));
862 } else
863 #endif
864 #ifndef DMA_MULTI_THREAD
865 ide_set_irq(s);
866 #else /* !DMA_MULTI_THREAD */
867 ;
868 #endif /* DMA_MULTI_THREAD */
869 return 0;
870 }
871 if (n > MAX_MULT_SECTORS)
872 n = MAX_MULT_SECTORS;
873 s->io_buffer_index = 0;
874 s->io_buffer_size = n * 512;
875 len = s->io_buffer_size;
876 }
877 if (transfer_size <= 0)
878 break;
879 if (len > transfer_size)
880 len = transfer_size;
881 cpu_physical_memory_read(phys_addr,
882 s->io_buffer + s->io_buffer_index, len);
883 s->io_buffer_index += len;
884 transfer_size -= len;
885 phys_addr += len;
886 }
887 /* Ensure the data hit disk before telling the guest OS so. */
888 if (!s->write_cache)
889 bdrv_flush(s->bs);
891 return transfer_size1 - transfer_size;
892 }
894 static void ide_sector_write_dma(IDEState *s)
895 {
896 int n;
897 s->status = READY_STAT | SEEK_STAT | DRQ_STAT;
898 n = s->nsector;
899 if (n > MAX_MULT_SECTORS)
900 n = MAX_MULT_SECTORS;
901 s->io_buffer_index = 0;
902 s->io_buffer_size = n * 512;
903 ide_dma_start(s, ide_write_dma_cb);
904 }
906 static void ide_atapi_cmd_ok(IDEState *s)
907 {
908 s->error = 0;
909 s->status = READY_STAT;
910 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
911 ide_set_irq(s);
912 }
914 static void ide_atapi_cmd_error(IDEState *s, int sense_key, int asc)
915 {
916 #ifdef DEBUG_IDE_ATAPI
917 printf("atapi_cmd_error: sense=0x%x asc=0x%x\n", sense_key, asc);
918 #endif
919 s->error = sense_key << 4;
920 s->status = READY_STAT | ERR_STAT;
921 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
922 s->sense_key = sense_key;
923 s->asc = asc;
924 ide_set_irq(s);
925 }
927 static inline void cpu_to_ube16(uint8_t *buf, int val)
928 {
929 buf[0] = val >> 8;
930 buf[1] = val;
931 }
933 static inline void cpu_to_ube32(uint8_t *buf, unsigned int val)
934 {
935 buf[0] = val >> 24;
936 buf[1] = val >> 16;
937 buf[2] = val >> 8;
938 buf[3] = val;
939 }
941 static inline int ube16_to_cpu(const uint8_t *buf)
942 {
943 return (buf[0] << 8) | buf[1];
944 }
946 static inline int ube32_to_cpu(const uint8_t *buf)
947 {
948 return (buf[0] << 24) | (buf[1] << 16) | (buf[2] << 8) | buf[3];
949 }
951 static void lba_to_msf(uint8_t *buf, int lba)
952 {
953 lba += 150;
954 buf[0] = (lba / 75) / 60;
955 buf[1] = (lba / 75) % 60;
956 buf[2] = lba % 75;
957 }
959 static void cd_read_sector(BlockDriverState *bs, int lba, uint8_t *buf,
960 int sector_size)
961 {
962 switch(sector_size) {
963 case 2048:
964 bdrv_read(bs, (int64_t)lba << 2, buf, 4);
965 break;
966 case 2352:
967 /* sync bytes */
968 buf[0] = 0x00;
969 memset(buf + 1, 0xff, 10);
970 buf[11] = 0x00;
971 buf += 12;
972 /* MSF */
973 lba_to_msf(buf, lba);
974 buf[3] = 0x01; /* mode 1 data */
975 buf += 4;
976 /* data */
977 bdrv_read(bs, (int64_t)lba << 2, buf, 4);
978 buf += 2048;
979 /* ECC */
980 memset(buf, 0, 288);
981 break;
982 default:
983 break;
984 }
985 }
987 /* The whole ATAPI transfer logic is handled in this function */
988 static void ide_atapi_cmd_reply_end(IDEState *s)
989 {
990 int byte_count_limit, size;
991 #ifdef DEBUG_IDE_ATAPI
992 printf("reply: tx_size=%d elem_tx_size=%d index=%d\n",
993 s->packet_transfer_size,
994 s->elementary_transfer_size,
995 s->io_buffer_index);
996 #endif
997 if (s->packet_transfer_size <= 0) {
998 /* end of transfer */
999 ide_transfer_stop(s);
1000 s->status = READY_STAT;
1001 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
1002 ide_set_irq(s);
1003 #ifdef DEBUG_IDE_ATAPI
1004 printf("status=0x%x\n", s->status);
1005 #endif
1006 } else {
1007 /* see if a new sector must be read */
1008 if (s->lba != -1 && s->io_buffer_index >= s->cd_sector_size) {
1009 cd_read_sector(s->bs, s->lba, s->io_buffer, s->cd_sector_size);
1010 s->lba++;
1011 s->io_buffer_index = 0;
1013 if (s->elementary_transfer_size > 0) {
1014 /* there are some data left to transmit in this elementary
1015 transfer */
1016 size = s->cd_sector_size - s->io_buffer_index;
1017 if (size > s->elementary_transfer_size)
1018 size = s->elementary_transfer_size;
1019 ide_transfer_start(s, s->io_buffer + s->io_buffer_index,
1020 size, ide_atapi_cmd_reply_end);
1021 s->packet_transfer_size -= size;
1022 s->elementary_transfer_size -= size;
1023 s->io_buffer_index += size;
1024 } else {
1025 /* a new transfer is needed */
1026 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO;
1027 byte_count_limit = s->lcyl | (s->hcyl << 8);
1028 #ifdef DEBUG_IDE_ATAPI
1029 printf("byte_count_limit=%d\n", byte_count_limit);
1030 #endif
1031 if (byte_count_limit == 0xffff)
1032 byte_count_limit--;
1033 size = s->packet_transfer_size;
1034 if (size > byte_count_limit) {
1035 /* byte count limit must be even if this case */
1036 if (byte_count_limit & 1)
1037 byte_count_limit--;
1038 size = byte_count_limit;
1040 s->lcyl = size;
1041 s->hcyl = size >> 8;
1042 s->elementary_transfer_size = size;
1043 /* we cannot transmit more than one sector at a time */
1044 if (s->lba != -1) {
1045 if (size > (s->cd_sector_size - s->io_buffer_index))
1046 size = (s->cd_sector_size - s->io_buffer_index);
1048 ide_transfer_start(s, s->io_buffer + s->io_buffer_index,
1049 size, ide_atapi_cmd_reply_end);
1050 s->packet_transfer_size -= size;
1051 s->elementary_transfer_size -= size;
1052 s->io_buffer_index += size;
1053 ide_set_irq(s);
1054 #ifdef DEBUG_IDE_ATAPI
1055 printf("status=0x%x\n", s->status);
1056 #endif
1061 /* send a reply of 'size' bytes in s->io_buffer to an ATAPI command */
1062 static void ide_atapi_cmd_reply(IDEState *s, int size, int max_size)
1064 if (size > max_size)
1065 size = max_size;
1066 s->lba = -1; /* no sector read */
1067 s->packet_transfer_size = size;
1068 s->elementary_transfer_size = 0;
1069 s->io_buffer_index = 0;
1071 s->status = READY_STAT;
1072 ide_atapi_cmd_reply_end(s);
1075 /* start a CD-CDROM read command */
1076 static void ide_atapi_cmd_read_pio(IDEState *s, int lba, int nb_sectors,
1077 int sector_size)
1079 s->lba = lba;
1080 s->packet_transfer_size = nb_sectors * sector_size;
1081 s->elementary_transfer_size = 0;
1082 s->io_buffer_index = sector_size;
1083 s->cd_sector_size = sector_size;
1085 s->status = READY_STAT;
1086 ide_atapi_cmd_reply_end(s);
1089 /* ATAPI DMA support */
1090 static int ide_atapi_cmd_read_dma_cb(IDEState *s,
1091 target_phys_addr_t phys_addr,
1092 int transfer_size1)
1094 int len, transfer_size;
1096 transfer_size = transfer_size1;
1097 while (transfer_size > 0) {
1098 #ifdef DEBUG_IDE_ATAPI
1099 printf("transfer_size: %d phys_addr=%08x\n", transfer_size, phys_addr);
1100 #endif
1101 if (s->packet_transfer_size <= 0)
1102 break;
1103 len = s->cd_sector_size - s->io_buffer_index;
1104 if (len <= 0) {
1105 /* transfert next data */
1106 cd_read_sector(s->bs, s->lba, s->io_buffer, s->cd_sector_size);
1107 s->lba++;
1108 s->io_buffer_index = 0;
1109 len = s->cd_sector_size;
1111 if (len > transfer_size)
1112 len = transfer_size;
1113 cpu_physical_memory_write(phys_addr,
1114 s->io_buffer + s->io_buffer_index, len);
1115 s->packet_transfer_size -= len;
1116 s->io_buffer_index += len;
1117 transfer_size -= len;
1118 phys_addr += len;
1120 if (s->packet_transfer_size <= 0) {
1121 s->status = READY_STAT;
1122 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
1123 #ifndef DMA_MULTI_THREAD
1124 ide_set_irq(s);
1125 #endif /* !DMA_MULTI_THREAD */
1126 #ifdef DEBUG_IDE_ATAPI
1127 printf("dma status=0x%x\n", s->status);
1128 #endif
1129 return 0;
1131 return transfer_size1 - transfer_size;
1134 /* start a CD-CDROM read command with DMA */
1135 /* XXX: test if DMA is available */
1136 static void ide_atapi_cmd_read_dma(IDEState *s, int lba, int nb_sectors,
1137 int sector_size)
1139 s->lba = lba;
1140 s->packet_transfer_size = nb_sectors * sector_size;
1141 s->io_buffer_index = sector_size;
1142 s->cd_sector_size = sector_size;
1144 s->status = READY_STAT | DRQ_STAT;
1145 ide_dma_start(s, ide_atapi_cmd_read_dma_cb);
1148 static void ide_atapi_cmd_read(IDEState *s, int lba, int nb_sectors,
1149 int sector_size)
1151 #ifdef DEBUG_IDE_ATAPI
1152 printf("read: LBA=%d nb_sectors=%d\n", lba, nb_sectors);
1153 #endif
1154 if (s->atapi_dma) {
1155 ide_atapi_cmd_read_dma(s, lba, nb_sectors, sector_size);
1156 } else {
1157 ide_atapi_cmd_read_pio(s, lba, nb_sectors, sector_size);
1161 static void ide_atapi_cmd(IDEState *s)
1163 const uint8_t *packet;
1164 uint8_t *buf;
1165 int max_len;
1167 packet = s->io_buffer;
1168 buf = s->io_buffer;
1169 #ifdef DEBUG_IDE_ATAPI
1171 int i;
1172 printf("ATAPI limit=0x%x packet:", s->lcyl | (s->hcyl << 8));
1173 for(i = 0; i < ATAPI_PACKET_SIZE; i++) {
1174 printf(" %02x", packet[i]);
1176 printf("\n");
1178 #endif
1179 switch(s->io_buffer[0]) {
1180 case GPCMD_TEST_UNIT_READY:
1181 if (bdrv_is_inserted(s->bs)) {
1182 ide_atapi_cmd_ok(s);
1183 } else {
1184 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1185 ASC_MEDIUM_NOT_PRESENT);
1186 xenstore_check_new_media_present(1000);
1188 break;
1189 case GPCMD_MODE_SENSE_10:
1191 int action, code;
1192 max_len = ube16_to_cpu(packet + 7);
1193 action = packet[2] >> 6;
1194 code = packet[2] & 0x3f;
1195 switch(action) {
1196 case 0: /* current values */
1197 switch(code) {
1198 case 0x01: /* error recovery */
1199 cpu_to_ube16(&buf[0], 16 + 6);
1200 buf[2] = 0x70;
1201 buf[3] = 0;
1202 buf[4] = 0;
1203 buf[5] = 0;
1204 buf[6] = 0;
1205 buf[7] = 0;
1207 buf[8] = 0x01;
1208 buf[9] = 0x06;
1209 buf[10] = 0x00;
1210 buf[11] = 0x05;
1211 buf[12] = 0x00;
1212 buf[13] = 0x00;
1213 buf[14] = 0x00;
1214 buf[15] = 0x00;
1215 ide_atapi_cmd_reply(s, 16, max_len);
1216 break;
1217 case 0x2a:
1218 cpu_to_ube16(&buf[0], 28 + 6);
1219 buf[2] = 0x70;
1220 buf[3] = 0;
1221 buf[4] = 0;
1222 buf[5] = 0;
1223 buf[6] = 0;
1224 buf[7] = 0;
1226 buf[8] = 0x2a;
1227 buf[9] = 0x12;
1228 buf[10] = 0x00;
1229 buf[11] = 0x00;
1231 buf[12] = 0x70;
1232 buf[13] = 3 << 5;
1233 buf[14] = (1 << 0) | (1 << 3) | (1 << 5);
1234 if (bdrv_is_locked(s->bs))
1235 buf[6] |= 1 << 1;
1236 buf[15] = 0x00;
1237 cpu_to_ube16(&buf[16], 706);
1238 buf[18] = 0;
1239 buf[19] = 2;
1240 cpu_to_ube16(&buf[20], 512);
1241 cpu_to_ube16(&buf[22], 706);
1242 buf[24] = 0;
1243 buf[25] = 0;
1244 buf[26] = 0;
1245 buf[27] = 0;
1246 ide_atapi_cmd_reply(s, 28, max_len);
1247 break;
1248 default:
1249 goto error_cmd;
1251 break;
1252 case 1: /* changeable values */
1253 goto error_cmd;
1254 case 2: /* default values */
1255 goto error_cmd;
1256 default:
1257 case 3: /* saved values */
1258 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1259 ASC_SAVING_PARAMETERS_NOT_SUPPORTED);
1260 break;
1263 break;
1264 case GPCMD_REQUEST_SENSE:
1265 max_len = packet[4];
1266 memset(buf, 0, 18);
1267 buf[0] = 0x70 | (1 << 7);
1268 buf[2] = s->sense_key;
1269 buf[7] = 10;
1270 buf[12] = s->asc;
1271 ide_atapi_cmd_reply(s, 18, max_len);
1272 break;
1273 case GPCMD_PREVENT_ALLOW_MEDIUM_REMOVAL:
1274 if (bdrv_is_inserted(s->bs)) {
1275 bdrv_set_locked(s->bs, packet[4] & 1);
1276 ide_atapi_cmd_ok(s);
1277 } else {
1278 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1279 ASC_MEDIUM_NOT_PRESENT);
1281 break;
1282 case GPCMD_READ_10:
1283 case GPCMD_READ_12:
1285 int nb_sectors, lba;
1287 if (!bdrv_is_inserted(s->bs)) {
1288 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1289 ASC_MEDIUM_NOT_PRESENT);
1290 break;
1292 if (packet[0] == GPCMD_READ_10)
1293 nb_sectors = ube16_to_cpu(packet + 7);
1294 else
1295 nb_sectors = ube32_to_cpu(packet + 6);
1296 lba = ube32_to_cpu(packet + 2);
1297 if (nb_sectors == 0) {
1298 ide_atapi_cmd_ok(s);
1299 break;
1301 if (((int64_t)(lba + nb_sectors) << 2) > s->nb_sectors) {
1302 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1303 ASC_LOGICAL_BLOCK_OOR);
1304 break;
1306 ide_atapi_cmd_read(s, lba, nb_sectors, 2048);
1308 break;
1309 case GPCMD_READ_CD:
1311 int nb_sectors, lba, transfer_request;
1313 if (!bdrv_is_inserted(s->bs)) {
1314 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1315 ASC_MEDIUM_NOT_PRESENT);
1316 break;
1318 nb_sectors = (packet[6] << 16) | (packet[7] << 8) | packet[8];
1319 lba = ube32_to_cpu(packet + 2);
1320 if (nb_sectors == 0) {
1321 ide_atapi_cmd_ok(s);
1322 break;
1324 if (((int64_t)(lba + nb_sectors) << 2) > s->nb_sectors) {
1325 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1326 ASC_LOGICAL_BLOCK_OOR);
1327 break;
1329 transfer_request = packet[9];
1330 switch(transfer_request & 0xf8) {
1331 case 0x00:
1332 /* nothing */
1333 ide_atapi_cmd_ok(s);
1334 break;
1335 case 0x10:
1336 /* normal read */
1337 ide_atapi_cmd_read(s, lba, nb_sectors, 2048);
1338 break;
1339 case 0xf8:
1340 /* read all data */
1341 ide_atapi_cmd_read(s, lba, nb_sectors, 2352);
1342 break;
1343 default:
1344 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1345 ASC_INV_FIELD_IN_CMD_PACKET);
1346 break;
1349 break;
1350 case GPCMD_SEEK:
1352 int lba;
1353 if (!bdrv_is_inserted(s->bs)) {
1354 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1355 ASC_MEDIUM_NOT_PRESENT);
1356 break;
1358 lba = ube32_to_cpu(packet + 2);
1359 if (((int64_t)lba << 2) > s->nb_sectors) {
1360 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1361 ASC_LOGICAL_BLOCK_OOR);
1362 break;
1364 ide_atapi_cmd_ok(s);
1366 break;
1367 case GPCMD_START_STOP_UNIT:
1369 int start, eject;
1370 start = packet[4] & 1;
1371 eject = (packet[4] >> 1) & 1;
1373 if (eject && !start) {
1374 /* eject the disk */
1375 bdrv_close(s->bs);
1377 ide_atapi_cmd_ok(s);
1379 break;
1380 case GPCMD_MECHANISM_STATUS:
1382 max_len = ube16_to_cpu(packet + 8);
1383 cpu_to_ube16(buf, 0);
1384 /* no current LBA */
1385 buf[2] = 0;
1386 buf[3] = 0;
1387 buf[4] = 0;
1388 buf[5] = 1;
1389 cpu_to_ube16(buf + 6, 0);
1390 ide_atapi_cmd_reply(s, 8, max_len);
1392 break;
1393 case GPCMD_READ_TOC_PMA_ATIP:
1395 int format, msf, start_track, len;
1397 if (!bdrv_is_inserted(s->bs)) {
1398 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1399 ASC_MEDIUM_NOT_PRESENT);
1400 break;
1402 max_len = ube16_to_cpu(packet + 7);
1403 format = packet[9] >> 6;
1404 msf = (packet[1] >> 1) & 1;
1405 start_track = packet[6];
1406 switch(format) {
1407 case 0:
1408 len = cdrom_read_toc(s->nb_sectors >> 2, buf, msf, start_track);
1409 if (len < 0)
1410 goto error_cmd;
1411 ide_atapi_cmd_reply(s, len, max_len);
1412 break;
1413 case 1:
1414 /* multi session : only a single session defined */
1415 memset(buf, 0, 12);
1416 buf[1] = 0x0a;
1417 buf[2] = 0x01;
1418 buf[3] = 0x01;
1419 ide_atapi_cmd_reply(s, 12, max_len);
1420 break;
1421 case 2:
1422 len = cdrom_read_toc_raw(s->nb_sectors >> 2, buf, msf, start_track);
1423 if (len < 0)
1424 goto error_cmd;
1425 ide_atapi_cmd_reply(s, len, max_len);
1426 break;
1427 default:
1428 error_cmd:
1429 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1430 ASC_INV_FIELD_IN_CMD_PACKET);
1431 break;
1434 break;
1435 case GPCMD_READ_CDVD_CAPACITY:
1436 if (!bdrv_is_inserted(s->bs)) {
1437 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1438 ASC_MEDIUM_NOT_PRESENT);
1439 break;
1441 /* NOTE: it is really the number of sectors minus 1 */
1442 cpu_to_ube32(buf, (s->nb_sectors >> 2) - 1);
1443 cpu_to_ube32(buf + 4, 2048);
1444 ide_atapi_cmd_reply(s, 8, 8);
1445 break;
1446 case GPCMD_INQUIRY:
1447 max_len = packet[4];
1448 buf[0] = 0x05; /* CD-ROM */
1449 buf[1] = 0x80; /* removable */
1450 buf[2] = 0x00; /* ISO */
1451 buf[3] = 0x21; /* ATAPI-2 (XXX: put ATAPI-4 ?) */
1452 buf[4] = 31; /* additionnal length */
1453 buf[5] = 0; /* reserved */
1454 buf[6] = 0; /* reserved */
1455 buf[7] = 0; /* reserved */
1456 padstr8(buf + 8, 8, "QEMU");
1457 padstr8(buf + 16, 16, "QEMU CD-ROM");
1458 padstr8(buf + 32, 4, QEMU_VERSION);
1459 ide_atapi_cmd_reply(s, 36, max_len);
1460 break;
1461 default:
1462 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1463 ASC_ILLEGAL_OPCODE);
1464 break;
1468 /* called when the inserted state of the media has changed */
1469 static void cdrom_change_cb(void *opaque)
1471 IDEState *s = opaque;
1472 int64_t nb_sectors;
1474 /* XXX: send interrupt too */
1475 bdrv_get_geometry(s->bs, &nb_sectors);
1476 s->nb_sectors = nb_sectors;
1479 static void ide_cmd_lba48_transform(IDEState *s, int lba48)
1481 s->lba48 = lba48;
1483 /* handle the 'magic' 0 nsector count conversion here. to avoid
1484 * fiddling with the rest of the read logic, we just store the
1485 * full sector count in ->nsector and ignore ->hob_nsector from now
1486 */
1487 if (!s->lba48) {
1488 if (!s->nsector)
1489 s->nsector = 256;
1490 } else {
1491 if (!s->nsector && !s->hob_nsector)
1492 s->nsector = 65536;
1493 else {
1494 int lo = s->nsector;
1495 int hi = s->hob_nsector;
1497 s->nsector = (hi << 8) | lo;
1502 static void ide_clear_hob(IDEState *ide_if)
1504 /* any write clears HOB high bit of device control register */
1505 ide_if[0].select &= ~(1 << 7);
1506 ide_if[1].select &= ~(1 << 7);
1509 static void ide_ioport_write(void *opaque, uint32_t addr, uint32_t val)
1511 IDEState *ide_if = opaque;
1512 IDEState *s;
1513 int unit, n;
1514 int lba48 = 0;
1516 #ifdef DEBUG_IDE
1517 printf("IDE: write addr=0x%x val=0x%02x\n", addr, val);
1518 #endif
1520 addr &= 7;
1521 switch(addr) {
1522 case 0:
1523 break;
1524 case 1:
1525 ide_clear_hob(ide_if);
1526 /* NOTE: data is written to the two drives */
1527 ide_if[0].hob_feature = ide_if[0].feature;
1528 ide_if[1].hob_feature = ide_if[1].feature;
1529 ide_if[0].feature = val;
1530 ide_if[1].feature = val;
1531 break;
1532 case 2:
1533 ide_clear_hob(ide_if);
1534 ide_if[0].hob_nsector = ide_if[0].nsector;
1535 ide_if[1].hob_nsector = ide_if[1].nsector;
1536 ide_if[0].nsector = val;
1537 ide_if[1].nsector = val;
1538 break;
1539 case 3:
1540 ide_clear_hob(ide_if);
1541 ide_if[0].hob_sector = ide_if[0].sector;
1542 ide_if[1].hob_sector = ide_if[1].sector;
1543 ide_if[0].sector = val;
1544 ide_if[1].sector = val;
1545 break;
1546 case 4:
1547 ide_clear_hob(ide_if);
1548 ide_if[0].hob_lcyl = ide_if[0].lcyl;
1549 ide_if[1].hob_lcyl = ide_if[1].lcyl;
1550 ide_if[0].lcyl = val;
1551 ide_if[1].lcyl = val;
1552 break;
1553 case 5:
1554 ide_clear_hob(ide_if);
1555 ide_if[0].hob_hcyl = ide_if[0].hcyl;
1556 ide_if[1].hob_hcyl = ide_if[1].hcyl;
1557 ide_if[0].hcyl = val;
1558 ide_if[1].hcyl = val;
1559 break;
1560 case 6:
1561 /* FIXME: HOB readback uses bit 7 */
1562 ide_if[0].select = (val & ~0x10) | 0xa0;
1563 ide_if[1].select = (val | 0x10) | 0xa0;
1564 /* select drive */
1565 unit = (val >> 4) & 1;
1566 s = ide_if + unit;
1567 ide_if->cur_drive = s;
1568 break;
1569 default:
1570 case 7:
1571 /* command */
1572 #if defined(DEBUG_IDE)
1573 printf("ide: CMD=%02x\n", val);
1574 #endif
1575 s = ide_if->cur_drive;
1576 /* ignore commands to non existant slave */
1577 if (s != ide_if && !s->bs)
1578 break;
1580 switch(val) {
1581 case WIN_IDENTIFY:
1582 if (s->bs && !s->is_cdrom) {
1583 ide_identify(s);
1584 s->status = READY_STAT | SEEK_STAT;
1585 ide_transfer_start(s, s->io_buffer, 512, ide_transfer_stop);
1586 } else {
1587 if (s->is_cdrom) {
1588 ide_set_signature(s);
1590 ide_abort_command(s);
1592 ide_set_irq(s);
1593 break;
1594 case WIN_SPECIFY:
1595 case WIN_RECAL:
1596 s->error = 0;
1597 s->status = READY_STAT | SEEK_STAT;
1598 ide_set_irq(s);
1599 break;
1600 case WIN_SETMULT:
1601 if (s->nsector > MAX_MULT_SECTORS ||
1602 s->nsector == 0 ||
1603 (s->nsector & (s->nsector - 1)) != 0) {
1604 ide_abort_command(s);
1605 } else {
1606 s->mult_sectors = s->nsector;
1607 s->status = READY_STAT;
1609 ide_set_irq(s);
1610 break;
1611 case WIN_VERIFY_EXT:
1612 lba48 = 1;
1613 case WIN_VERIFY:
1614 case WIN_VERIFY_ONCE:
1615 /* do sector number check ? */
1616 ide_cmd_lba48_transform(s, lba48);
1617 s->status = READY_STAT;
1618 ide_set_irq(s);
1619 break;
1620 case WIN_READ_EXT:
1621 lba48 = 1;
1622 case WIN_READ:
1623 case WIN_READ_ONCE:
1624 if (!s->bs)
1625 goto abort_cmd;
1626 ide_cmd_lba48_transform(s, lba48);
1627 s->req_nb_sectors = 1;
1628 ide_sector_read(s);
1629 break;
1630 case WIN_WRITE_EXT:
1631 lba48 = 1;
1632 case WIN_WRITE:
1633 case WIN_WRITE_ONCE:
1634 ide_cmd_lba48_transform(s, lba48);
1635 s->error = 0;
1636 s->status = SEEK_STAT | READY_STAT;
1637 s->req_nb_sectors = 1;
1638 ide_transfer_start(s, s->io_buffer, 512, ide_sector_write);
1639 break;
1640 case WIN_MULTREAD_EXT:
1641 lba48 = 1;
1642 case WIN_MULTREAD:
1643 if (!s->mult_sectors)
1644 goto abort_cmd;
1645 ide_cmd_lba48_transform(s, lba48);
1646 s->req_nb_sectors = s->mult_sectors;
1647 ide_sector_read(s);
1648 break;
1649 case WIN_MULTWRITE_EXT:
1650 lba48 = 1;
1651 case WIN_MULTWRITE:
1652 if (!s->mult_sectors)
1653 goto abort_cmd;
1654 ide_cmd_lba48_transform(s, lba48);
1655 s->error = 0;
1656 s->status = SEEK_STAT | READY_STAT;
1657 s->req_nb_sectors = s->mult_sectors;
1658 n = s->nsector;
1659 if (n > s->req_nb_sectors)
1660 n = s->req_nb_sectors;
1661 ide_transfer_start(s, s->io_buffer, 512 * n, ide_sector_write);
1662 break;
1663 case WIN_READDMA_EXT:
1664 lba48 = 1;
1665 case WIN_READDMA:
1666 case WIN_READDMA_ONCE:
1667 if (!s->bs)
1668 goto abort_cmd;
1669 ide_cmd_lba48_transform(s, lba48);
1670 ide_sector_read_dma(s);
1671 break;
1672 case WIN_WRITEDMA_EXT:
1673 lba48 = 1;
1674 case WIN_WRITEDMA:
1675 case WIN_WRITEDMA_ONCE:
1676 if (!s->bs)
1677 goto abort_cmd;
1678 ide_cmd_lba48_transform(s, lba48);
1679 ide_sector_write_dma(s);
1680 break;
1681 case WIN_READ_NATIVE_MAX_EXT:
1682 lba48 = 1;
1683 case WIN_READ_NATIVE_MAX:
1684 ide_cmd_lba48_transform(s, lba48);
1685 ide_set_sector(s, s->nb_sectors - 1);
1686 s->status = READY_STAT;
1687 ide_set_irq(s);
1688 break;
1689 case WIN_CHECKPOWERMODE1:
1690 s->nsector = 0xff; /* device active or idle */
1691 s->status = READY_STAT;
1692 ide_set_irq(s);
1693 break;
1694 case WIN_SETFEATURES:
1695 if (!s->bs)
1696 goto abort_cmd;
1697 /* XXX: valid for CDROM ? */
1698 switch(s->feature) {
1699 case 0x02: /* write cache enable */
1700 s->write_cache = 1;
1701 s->status = READY_STAT | SEEK_STAT;
1702 ide_set_irq(s);
1703 break;
1704 case 0x82: /* write cache disable */
1705 s->write_cache = 0;
1706 s->status = READY_STAT | SEEK_STAT;
1707 ide_set_irq(s);
1708 break;
1709 case 0xaa: /* read look-ahead enable */
1710 case 0x55: /* read look-ahead disable */
1711 s->status = READY_STAT | SEEK_STAT;
1712 ide_set_irq(s);
1713 break;
1714 case 0x03: { /* set transfer mode */
1715 uint8_t val = s->nsector & 0x07;
1717 switch (s->nsector >> 3) {
1718 case 0x00: /* pio default */
1719 case 0x01: /* pio mode */
1720 put_le16(s->identify_data + 63,0x07);
1721 put_le16(s->identify_data + 88,0x3f);
1722 break;
1723 case 0x04: /* mdma mode */
1724 put_le16(s->identify_data + 63,0x07 | (1 << (val + 8)));
1725 put_le16(s->identify_data + 88,0x3f);
1726 break;
1727 case 0x08: /* udma mode */
1728 put_le16(s->identify_data + 63,0x07);
1729 put_le16(s->identify_data + 88,0x3f | (1 << (val + 8)));
1730 break;
1731 default:
1732 goto abort_cmd;
1734 s->status = READY_STAT | SEEK_STAT;
1735 ide_set_irq(s);
1736 break;
1738 default:
1739 goto abort_cmd;
1741 break;
1742 case WIN_FLUSH_CACHE:
1743 case WIN_FLUSH_CACHE_EXT:
1744 if (s->bs)
1745 bdrv_flush(s->bs);
1746 s->status = READY_STAT;
1747 ide_set_irq(s);
1748 break;
1749 case WIN_STANDBYNOW1:
1750 case WIN_IDLEIMMEDIATE:
1751 s->status = READY_STAT;
1752 ide_set_irq(s);
1753 break;
1754 /* ATAPI commands */
1755 case WIN_PIDENTIFY:
1756 if (s->is_cdrom) {
1757 ide_atapi_identify(s);
1758 s->status = READY_STAT | SEEK_STAT;
1759 ide_transfer_start(s, s->io_buffer, 512, ide_transfer_stop);
1760 } else {
1761 ide_abort_command(s);
1763 ide_set_irq(s);
1764 break;
1765 case WIN_DIAGNOSE:
1766 ide_set_signature(s);
1767 s->status = 0x00; /* NOTE: READY is _not_ set */
1768 s->error = 0x01;
1769 break;
1770 case WIN_SRST:
1771 if (!s->is_cdrom)
1772 goto abort_cmd;
1773 ide_set_signature(s);
1774 s->status = 0x00; /* NOTE: READY is _not_ set */
1775 s->error = 0x01;
1776 break;
1777 case WIN_PACKETCMD:
1778 if (!s->is_cdrom)
1779 goto abort_cmd;
1780 /* overlapping commands not supported */
1781 if (s->feature & 0x02)
1782 goto abort_cmd;
1783 s->atapi_dma = s->feature & 1;
1784 s->nsector = 1;
1785 ide_transfer_start(s, s->io_buffer, ATAPI_PACKET_SIZE,
1786 ide_atapi_cmd);
1787 break;
1788 default:
1789 abort_cmd:
1790 ide_abort_command(s);
1791 ide_set_irq(s);
1792 break;
1797 static uint32_t ide_ioport_read(void *opaque, uint32_t addr1)
1799 IDEState *ide_if = opaque;
1800 IDEState *s = ide_if->cur_drive;
1801 uint32_t addr;
1802 int ret, hob;
1804 addr = addr1 & 7;
1805 /* FIXME: HOB readback uses bit 7, but it's always set right now */
1806 //hob = s->select & (1 << 7);
1807 hob = 0;
1808 switch(addr) {
1809 case 0:
1810 ret = 0xff;
1811 break;
1812 case 1:
1813 if (!ide_if[0].bs && !ide_if[1].bs)
1814 ret = 0;
1815 else if (!hob)
1816 ret = s->error;
1817 else
1818 ret = s->hob_feature;
1819 break;
1820 case 2:
1821 if (!ide_if[0].bs && !ide_if[1].bs)
1822 ret = 0;
1823 else if (!hob)
1824 ret = s->nsector & 0xff;
1825 else
1826 ret = s->hob_nsector;
1827 break;
1828 case 3:
1829 if (!ide_if[0].bs && !ide_if[1].bs)
1830 ret = 0;
1831 else if (!hob)
1832 ret = s->sector;
1833 else
1834 ret = s->hob_sector;
1835 break;
1836 case 4:
1837 if (!ide_if[0].bs && !ide_if[1].bs)
1838 ret = 0;
1839 else if (!hob)
1840 ret = s->lcyl;
1841 else
1842 ret = s->hob_lcyl;
1843 break;
1844 case 5:
1845 if (!ide_if[0].bs && !ide_if[1].bs)
1846 ret = 0;
1847 else if (!hob)
1848 ret = s->hcyl;
1849 else
1850 ret = s->hob_hcyl;
1851 break;
1852 case 6:
1853 if (!ide_if[0].bs && !ide_if[1].bs)
1854 ret = 0;
1855 else
1856 ret = s->select;
1857 break;
1858 default:
1859 case 7:
1860 if ((!ide_if[0].bs && !ide_if[1].bs) ||
1861 (s != ide_if && !s->bs))
1862 ret = 0;
1863 else
1864 ret = s->status;
1865 s->set_irq(s->irq_opaque, s->irq, 0);
1866 break;
1868 #ifdef DEBUG_IDE
1869 printf("ide: read addr=0x%x val=%02x\n", addr1, ret);
1870 #endif
1871 return ret;
1874 static uint32_t ide_status_read(void *opaque, uint32_t addr)
1876 IDEState *ide_if = opaque;
1877 IDEState *s = ide_if->cur_drive;
1878 int ret;
1880 if ((!ide_if[0].bs && !ide_if[1].bs) ||
1881 (s != ide_if && !s->bs))
1882 ret = 0;
1883 else
1884 ret = s->status;
1885 #ifdef DEBUG_IDE
1886 printf("ide: read status addr=0x%x val=%02x\n", addr, ret);
1887 #endif
1888 return ret;
1891 static void ide_cmd_write(void *opaque, uint32_t addr, uint32_t val)
1893 IDEState *ide_if = opaque;
1894 IDEState *s;
1895 int i;
1897 #ifdef DEBUG_IDE
1898 printf("ide: write control addr=0x%x val=%02x\n", addr, val);
1899 #endif
1900 /* common for both drives */
1901 if (!(ide_if[0].cmd & IDE_CMD_RESET) &&
1902 (val & IDE_CMD_RESET)) {
1903 /* reset low to high */
1904 for(i = 0;i < 2; i++) {
1905 s = &ide_if[i];
1906 s->status = BUSY_STAT | SEEK_STAT;
1907 s->error = 0x01;
1909 } else if ((ide_if[0].cmd & IDE_CMD_RESET) &&
1910 !(val & IDE_CMD_RESET)) {
1911 /* high to low */
1912 for(i = 0;i < 2; i++) {
1913 s = &ide_if[i];
1914 if (s->is_cdrom)
1915 s->status = 0x00; /* NOTE: READY is _not_ set */
1916 else
1917 s->status = READY_STAT | SEEK_STAT;
1918 ide_set_signature(s);
1922 ide_if[0].cmd = val;
1923 ide_if[1].cmd = val;
1926 static void ide_data_writew(void *opaque, uint32_t addr, uint32_t val)
1928 IDEState *s = ((IDEState *)opaque)->cur_drive;
1929 uint8_t *p;
1931 p = s->data_ptr;
1932 *(uint16_t *)p = le16_to_cpu(val);
1933 p += 2;
1934 s->data_ptr = p;
1935 if (p >= s->data_end)
1936 s->end_transfer_func(s);
1939 static uint32_t ide_data_readw(void *opaque, uint32_t addr)
1941 IDEState *s = ((IDEState *)opaque)->cur_drive;
1942 uint8_t *p;
1943 int ret;
1944 p = s->data_ptr;
1945 ret = cpu_to_le16(*(uint16_t *)p);
1946 p += 2;
1947 s->data_ptr = p;
1948 if (p >= s->data_end)
1949 s->end_transfer_func(s);
1950 return ret;
1953 static void ide_data_writel(void *opaque, uint32_t addr, uint32_t val)
1955 IDEState *s = ((IDEState *)opaque)->cur_drive;
1956 uint8_t *p;
1958 p = s->data_ptr;
1959 *(uint32_t *)p = le32_to_cpu(val);
1960 p += 4;
1961 s->data_ptr = p;
1962 if (p >= s->data_end)
1963 s->end_transfer_func(s);
1966 static uint32_t ide_data_readl(void *opaque, uint32_t addr)
1968 IDEState *s = ((IDEState *)opaque)->cur_drive;
1969 uint8_t *p;
1970 int ret;
1972 p = s->data_ptr;
1973 ret = cpu_to_le32(*(uint32_t *)p);
1974 p += 4;
1975 s->data_ptr = p;
1976 if (p >= s->data_end)
1977 s->end_transfer_func(s);
1978 return ret;
1981 static void ide_dummy_transfer_stop(IDEState *s)
1983 s->data_ptr = s->io_buffer;
1984 s->data_end = s->io_buffer;
1985 s->io_buffer[0] = 0xff;
1986 s->io_buffer[1] = 0xff;
1987 s->io_buffer[2] = 0xff;
1988 s->io_buffer[3] = 0xff;
1991 static void ide_reset(IDEState *s)
1993 s->mult_sectors = MAX_MULT_SECTORS;
1994 s->cur_drive = s;
1995 s->select = 0xa0;
1996 s->status = READY_STAT;
1997 ide_set_signature(s);
1998 /* init the transfer handler so that 0xffff is returned on data
1999 accesses */
2000 s->end_transfer_func = ide_dummy_transfer_stop;
2001 ide_dummy_transfer_stop(s);
2004 struct partition {
2005 uint8_t boot_ind; /* 0x80 - active */
2006 uint8_t head; /* starting head */
2007 uint8_t sector; /* starting sector */
2008 uint8_t cyl; /* starting cylinder */
2009 uint8_t sys_ind; /* What partition type */
2010 uint8_t end_head; /* end head */
2011 uint8_t end_sector; /* end sector */
2012 uint8_t end_cyl; /* end cylinder */
2013 uint32_t start_sect; /* starting sector counting from 0 */
2014 uint32_t nr_sects; /* nr of sectors in partition */
2015 } __attribute__((packed));
2017 /* try to guess the disk logical geometry from the MSDOS partition table. Return 0 if OK, -1 if could not guess */
2018 static int guess_disk_lchs(IDEState *s,
2019 int *pcylinders, int *pheads, int *psectors)
2021 uint8_t buf[512];
2022 int ret, i, heads, sectors, cylinders;
2023 struct partition *p;
2024 uint32_t nr_sects;
2026 ret = bdrv_read(s->bs, 0, buf, 1);
2027 if (ret < 0)
2028 return -1;
2029 /* test msdos magic */
2030 if (buf[510] != 0x55 || buf[511] != 0xaa)
2031 return -1;
2032 for(i = 0; i < 4; i++) {
2033 p = ((struct partition *)(buf + 0x1be)) + i;
2034 nr_sects = le32_to_cpu(p->nr_sects);
2035 if (nr_sects && p->end_head) {
2036 /* We make the assumption that the partition terminates on
2037 a cylinder boundary */
2038 heads = p->end_head + 1;
2039 sectors = p->end_sector & 63;
2040 if (sectors == 0)
2041 continue;
2042 cylinders = s->nb_sectors / (heads * sectors);
2043 if (cylinders < 1 || cylinders > 16383)
2044 continue;
2045 *pheads = heads;
2046 *psectors = sectors;
2047 *pcylinders = cylinders;
2048 #if 0
2049 printf("guessed geometry: LCHS=%d %d %d\n",
2050 cylinders, heads, sectors);
2051 #endif
2052 return 0;
2055 return -1;
2058 static void ide_init2(IDEState *ide_state,
2059 BlockDriverState *hd0, BlockDriverState *hd1,
2060 SetIRQFunc *set_irq, void *irq_opaque, int irq)
2062 IDEState *s;
2063 static int drive_serial = 1;
2064 int i, cylinders, heads, secs, translation;
2065 int64_t nb_sectors;
2067 for(i = 0; i < 2; i++) {
2068 s = ide_state + i;
2069 if (i == 0)
2070 s->bs = hd0;
2071 else
2072 s->bs = hd1;
2073 if (s->bs) {
2074 bdrv_get_geometry(s->bs, &nb_sectors);
2075 s->nb_sectors = nb_sectors;
2076 /* if a geometry hint is available, use it */
2077 bdrv_get_geometry_hint(s->bs, &cylinders, &heads, &secs);
2078 if (cylinders != 0) {
2079 s->cylinders = cylinders;
2080 s->heads = heads;
2081 s->sectors = secs;
2082 } else {
2083 if (guess_disk_lchs(s, &cylinders, &heads, &secs) == 0) {
2084 if (heads > 16) {
2085 /* if heads > 16, it means that a BIOS LBA
2086 translation was active, so the default
2087 hardware geometry is OK */
2088 goto default_geometry;
2089 } else {
2090 s->cylinders = cylinders;
2091 s->heads = heads;
2092 s->sectors = secs;
2093 /* disable any translation to be in sync with
2094 the logical geometry */
2095 translation = bdrv_get_translation_hint(s->bs);
2096 if (translation == BIOS_ATA_TRANSLATION_AUTO) {
2097 bdrv_set_translation_hint(s->bs,
2098 BIOS_ATA_TRANSLATION_NONE);
2101 } else {
2102 default_geometry:
2103 /* if no geometry, use a standard physical disk geometry */
2104 cylinders = nb_sectors / (16 * 63);
2105 if (cylinders > 16383)
2106 cylinders = 16383;
2107 else if (cylinders < 2)
2108 cylinders = 2;
2109 s->cylinders = cylinders;
2110 s->heads = 16;
2111 s->sectors = 63;
2113 bdrv_set_geometry_hint(s->bs, s->cylinders, s->heads, s->sectors);
2115 if (bdrv_get_type_hint(s->bs) == BDRV_TYPE_CDROM) {
2116 s->is_cdrom = 1;
2117 bdrv_set_change_cb(s->bs, cdrom_change_cb, s);
2120 s->drive_serial = drive_serial++;
2121 s->set_irq = set_irq;
2122 s->irq_opaque = irq_opaque;
2123 s->irq = irq;
2124 s->sector_write_timer = qemu_new_timer(vm_clock,
2125 ide_sector_write_timer_cb, s);
2126 s->write_cache = 0;
2127 ide_reset(s);
2131 static void ide_init_ioport(IDEState *ide_state, int iobase, int iobase2)
2133 register_ioport_write(iobase, 8, 1, ide_ioport_write, ide_state);
2134 register_ioport_read(iobase, 8, 1, ide_ioport_read, ide_state);
2135 if (iobase2) {
2136 register_ioport_read(iobase2, 1, 1, ide_status_read, ide_state);
2137 register_ioport_write(iobase2, 1, 1, ide_cmd_write, ide_state);
2140 /* data ports */
2141 register_ioport_write(iobase, 2, 2, ide_data_writew, ide_state);
2142 register_ioport_read(iobase, 2, 2, ide_data_readw, ide_state);
2143 register_ioport_write(iobase, 4, 4, ide_data_writel, ide_state);
2144 register_ioport_read(iobase, 4, 4, ide_data_readl, ide_state);
2147 /***********************************************************/
2148 /* ISA IDE definitions */
2150 void isa_ide_init(int iobase, int iobase2, int irq,
2151 BlockDriverState *hd0, BlockDriverState *hd1)
2153 IDEState *ide_state;
2155 ide_state = qemu_mallocz(sizeof(IDEState) * 2);
2156 if (!ide_state)
2157 return;
2159 ide_init2(ide_state, hd0, hd1, pic_set_irq_new, isa_pic, irq);
2160 ide_init_ioport(ide_state, iobase, iobase2);
2163 /***********************************************************/
2164 /* PCI IDE definitions */
2166 static void cmd646_update_irq(PCIIDEState *d);
2168 static void ide_map(PCIDevice *pci_dev, int region_num,
2169 uint32_t addr, uint32_t size, int type)
2171 PCIIDEState *d = (PCIIDEState *)pci_dev;
2172 IDEState *ide_state;
2174 if (region_num <= 3) {
2175 ide_state = &d->ide_if[(region_num >> 1) * 2];
2176 if (region_num & 1) {
2177 register_ioport_read(addr + 2, 1, 1, ide_status_read, ide_state);
2178 register_ioport_write(addr + 2, 1, 1, ide_cmd_write, ide_state);
2179 } else {
2180 register_ioport_write(addr, 8, 1, ide_ioport_write, ide_state);
2181 register_ioport_read(addr, 8, 1, ide_ioport_read, ide_state);
2183 /* data ports */
2184 register_ioport_write(addr, 2, 2, ide_data_writew, ide_state);
2185 register_ioport_read(addr, 2, 2, ide_data_readw, ide_state);
2186 register_ioport_write(addr, 4, 4, ide_data_writel, ide_state);
2187 register_ioport_read(addr, 4, 4, ide_data_readl, ide_state);
2192 static void ide_dma_finish(BMDMAState *bm)
2194 IDEState *s = bm->ide_if;
2196 bm->status &= ~BM_STATUS_DMAING;
2197 bm->status |= BM_STATUS_INT;
2198 bm->dma_cb = NULL;
2199 bm->ide_if = NULL;
2200 #ifdef DMA_MULTI_THREAD
2201 ide_set_irq(s);
2202 #endif /* DMA_MULTI_THREAD */
2205 /* XXX: full callback usage to prepare non blocking I/Os support -
2206 error handling */
2207 #ifdef DMA_MULTI_THREAD
2208 static void ide_dma_loop(BMDMAState *bm)
2210 write(file_pipes[1], &bm, sizeof(bm));
2212 static void dma_thread_loop(BMDMAState *bm)
2213 #else /* DMA_MULTI_THREAD */
2214 static void ide_dma_loop(BMDMAState *bm)
2215 #endif /* !DMA_MULTI_THREAD */
2217 struct {
2218 uint32_t addr;
2219 uint32_t size;
2220 } prd;
2221 target_phys_addr_t cur_addr;
2222 int len, i, len1;
2224 cur_addr = bm->addr;
2225 /* at most one page to avoid hanging if erroneous parameters */
2226 for(i = 0; i < 512; i++) {
2227 cpu_physical_memory_read(cur_addr, (uint8_t *)&prd, 8);
2228 prd.addr = le32_to_cpu(prd.addr);
2229 prd.size = le32_to_cpu(prd.size);
2230 #ifdef DEBUG_IDE
2231 printf("ide: dma: prd: %08x: addr=0x%08x size=0x%08x\n",
2232 (int)cur_addr, prd.addr, prd.size);
2233 #endif
2234 len = prd.size & 0xfffe;
2235 if (len == 0)
2236 len = 0x10000;
2237 while (len > 0) {
2238 len1 = bm->dma_cb(bm->ide_if, prd.addr, len);
2239 if (len1 == 0)
2240 goto the_end;
2241 prd.addr += len1;
2242 len -= len1;
2244 /* end of transfer */
2245 if (prd.size & 0x80000000)
2246 break;
2247 cur_addr += 8;
2249 /* end of transfer */
2250 the_end:
2251 ide_dma_finish(bm);
2254 static void ide_dma_start(IDEState *s, IDEDMAFunc *dma_cb)
2256 BMDMAState *bm = s->bmdma;
2257 if(!bm)
2258 return;
2259 bm->ide_if = s;
2260 bm->dma_cb = dma_cb;
2261 if (bm->status & BM_STATUS_DMAING) {
2262 ide_dma_loop(bm);
2266 static void bmdma_cmd_writeb(void *opaque, uint32_t addr, uint32_t val)
2268 BMDMAState *bm = opaque;
2269 #ifdef DEBUG_IDE
2270 printf("%s: 0x%08x\n", __func__, val);
2271 #endif
2272 if (!(val & BM_CMD_START)) {
2273 /* XXX: do it better */
2274 bm->status &= ~BM_STATUS_DMAING;
2275 bm->cmd = val & 0x09;
2276 } else {
2277 bm->status |= BM_STATUS_DMAING;
2278 bm->cmd = val & 0x09;
2279 /* start dma transfer if possible */
2280 if (bm->dma_cb)
2281 ide_dma_loop(bm);
2285 static uint32_t bmdma_readb(void *opaque, uint32_t addr)
2287 BMDMAState *bm = opaque;
2288 PCIIDEState *pci_dev;
2289 uint32_t val;
2291 switch(addr & 3) {
2292 case 0:
2293 val = bm->cmd;
2294 break;
2295 case 1:
2296 pci_dev = bm->pci_dev;
2297 if (pci_dev->type == IDE_TYPE_CMD646) {
2298 val = pci_dev->dev.config[MRDMODE];
2299 } else {
2300 val = 0xff;
2302 break;
2303 case 2:
2304 val = bm->status;
2305 break;
2306 case 3:
2307 pci_dev = bm->pci_dev;
2308 if (pci_dev->type == IDE_TYPE_CMD646) {
2309 if (bm == &pci_dev->bmdma[0])
2310 val = pci_dev->dev.config[UDIDETCR0];
2311 else
2312 val = pci_dev->dev.config[UDIDETCR1];
2313 } else {
2314 val = 0xff;
2316 break;
2317 default:
2318 val = 0xff;
2319 break;
2321 #ifdef DEBUG_IDE
2322 printf("bmdma: readb 0x%02x : 0x%02x\n", addr, val);
2323 #endif
2324 return val;
2327 static void bmdma_writeb(void *opaque, uint32_t addr, uint32_t val)
2329 BMDMAState *bm = opaque;
2330 PCIIDEState *pci_dev;
2331 #ifdef DEBUG_IDE
2332 printf("bmdma: writeb 0x%02x : 0x%02x\n", addr, val);
2333 #endif
2334 switch(addr & 3) {
2335 case 1:
2336 pci_dev = bm->pci_dev;
2337 if (pci_dev->type == IDE_TYPE_CMD646) {
2338 pci_dev->dev.config[MRDMODE] =
2339 (pci_dev->dev.config[MRDMODE] & ~0x30) | (val & 0x30);
2340 cmd646_update_irq(pci_dev);
2342 break;
2343 case 2:
2344 bm->status = (val & 0x60) | (bm->status & 1) | (bm->status & ~val & 0x06);
2345 break;
2346 case 3:
2347 pci_dev = bm->pci_dev;
2348 if (pci_dev->type == IDE_TYPE_CMD646) {
2349 if (bm == &pci_dev->bmdma[0])
2350 pci_dev->dev.config[UDIDETCR0] = val;
2351 else
2352 pci_dev->dev.config[UDIDETCR1] = val;
2354 break;
2358 static uint32_t bmdma_addr_readl(void *opaque, uint32_t addr)
2360 BMDMAState *bm = opaque;
2361 uint32_t val;
2362 val = bm->addr;
2363 #ifdef DEBUG_IDE
2364 printf("%s: 0x%08x\n", __func__, val);
2365 #endif
2366 return val;
2369 static void bmdma_addr_writel(void *opaque, uint32_t addr, uint32_t val)
2371 BMDMAState *bm = opaque;
2372 #ifdef DEBUG_IDE
2373 printf("%s: 0x%08x\n", __func__, val);
2374 #endif
2375 bm->addr = val & ~3;
2378 static void bmdma_map(PCIDevice *pci_dev, int region_num,
2379 uint32_t addr, uint32_t size, int type)
2381 PCIIDEState *d = (PCIIDEState *)pci_dev;
2382 int i;
2384 for(i = 0;i < 2; i++) {
2385 BMDMAState *bm = &d->bmdma[i];
2386 d->ide_if[2 * i].bmdma = bm;
2387 d->ide_if[2 * i + 1].bmdma = bm;
2388 bm->pci_dev = (PCIIDEState *)pci_dev;
2390 register_ioport_write(addr, 1, 1, bmdma_cmd_writeb, bm);
2392 register_ioport_write(addr + 1, 3, 1, bmdma_writeb, bm);
2393 register_ioport_read(addr, 4, 1, bmdma_readb, bm);
2395 register_ioport_write(addr + 4, 4, 4, bmdma_addr_writel, bm);
2396 register_ioport_read(addr + 4, 4, 4, bmdma_addr_readl, bm);
2397 addr += 8;
2401 /* XXX: call it also when the MRDMODE is changed from the PCI config
2402 registers */
2403 static void cmd646_update_irq(PCIIDEState *d)
2405 int pci_level;
2406 pci_level = ((d->dev.config[MRDMODE] & MRDMODE_INTR_CH0) &&
2407 !(d->dev.config[MRDMODE] & MRDMODE_BLK_CH0)) ||
2408 ((d->dev.config[MRDMODE] & MRDMODE_INTR_CH1) &&
2409 !(d->dev.config[MRDMODE] & MRDMODE_BLK_CH1));
2410 pci_set_irq((PCIDevice *)d, 0, pci_level);
2413 /* the PCI irq level is the logical OR of the two channels */
2414 static void cmd646_set_irq(void *opaque, int channel, int level)
2416 PCIIDEState *d = opaque;
2417 int irq_mask;
2419 irq_mask = MRDMODE_INTR_CH0 << channel;
2420 if (level)
2421 d->dev.config[MRDMODE] |= irq_mask;
2422 else
2423 d->dev.config[MRDMODE] &= ~irq_mask;
2424 cmd646_update_irq(d);
2427 /* CMD646 PCI IDE controller */
2428 void pci_cmd646_ide_init(PCIBus *bus, BlockDriverState **hd_table,
2429 int secondary_ide_enabled)
2431 PCIIDEState *d;
2432 uint8_t *pci_conf;
2433 int i;
2435 d = (PCIIDEState *)pci_register_device(bus, "CMD646 IDE",
2436 sizeof(PCIIDEState),
2437 -1,
2438 NULL, NULL);
2439 d->type = IDE_TYPE_CMD646;
2440 pci_conf = d->dev.config;
2441 pci_conf[0x00] = 0x95; // CMD646
2442 pci_conf[0x01] = 0x10;
2443 pci_conf[0x02] = 0x46;
2444 pci_conf[0x03] = 0x06;
2446 pci_conf[0x08] = 0x07; // IDE controller revision
2447 pci_conf[0x09] = 0x8f;
2449 pci_conf[0x0a] = 0x01; // class_sub = PCI_IDE
2450 pci_conf[0x0b] = 0x01; // class_base = PCI_mass_storage
2451 pci_conf[0x0e] = 0x00; // header_type
2453 if (secondary_ide_enabled) {
2454 /* XXX: if not enabled, really disable the seconday IDE controller */
2455 pci_conf[0x51] = 0x80; /* enable IDE1 */
2458 pci_register_io_region((PCIDevice *)d, 0, 0x8,
2459 PCI_ADDRESS_SPACE_IO, ide_map);
2460 pci_register_io_region((PCIDevice *)d, 1, 0x4,
2461 PCI_ADDRESS_SPACE_IO, ide_map);
2462 pci_register_io_region((PCIDevice *)d, 2, 0x8,
2463 PCI_ADDRESS_SPACE_IO, ide_map);
2464 pci_register_io_region((PCIDevice *)d, 3, 0x4,
2465 PCI_ADDRESS_SPACE_IO, ide_map);
2466 pci_register_io_region((PCIDevice *)d, 4, 0x10,
2467 PCI_ADDRESS_SPACE_IO, bmdma_map);
2469 pci_conf[0x3d] = 0x01; // interrupt on pin 1
2471 for(i = 0; i < 4; i++)
2472 d->ide_if[i].pci_dev = (PCIDevice *)d;
2473 ide_init2(&d->ide_if[0], hd_table[0], hd_table[1],
2474 cmd646_set_irq, d, 0);
2475 ide_init2(&d->ide_if[2], hd_table[2], hd_table[3],
2476 cmd646_set_irq, d, 1);
2477 #ifdef DMA_MULTI_THREAD
2478 dma_create_thread();
2479 #endif /* DMA_MULTI_THREAD */
2482 /* hd_table must contain 4 block drivers */
2483 /* NOTE: for the PIIX3, the IRQs and IOports are hardcoded */
2484 void pci_piix3_ide_init(PCIBus *bus, BlockDriverState **hd_table, int devfn)
2486 PCIIDEState *d;
2487 uint8_t *pci_conf;
2489 /* register a function 1 of PIIX3 */
2490 d = (PCIIDEState *)pci_register_device(bus, "PIIX3 IDE",
2491 sizeof(PCIIDEState),
2492 devfn,
2493 NULL, NULL);
2494 d->type = IDE_TYPE_PIIX3;
2496 pci_conf = d->dev.config;
2497 pci_conf[0x00] = 0x86; // Intel
2498 pci_conf[0x01] = 0x80;
2499 pci_conf[0x02] = 0x10;
2500 pci_conf[0x03] = 0x70;
2501 pci_conf[0x09] = 0x80; // legacy ATA mode
2502 pci_conf[0x0a] = 0x01; // class_sub = PCI_IDE
2503 pci_conf[0x0b] = 0x01; // class_base = PCI_mass_storage
2504 pci_conf[0x0e] = 0x00; // header_type
2506 pci_register_io_region((PCIDevice *)d, 4, 0x10,
2507 PCI_ADDRESS_SPACE_IO, bmdma_map);
2509 ide_init2(&d->ide_if[0], hd_table[0], hd_table[1],
2510 pic_set_irq_new, isa_pic, 14);
2511 ide_init2(&d->ide_if[2], hd_table[2], hd_table[3],
2512 pic_set_irq_new, isa_pic, 15);
2513 ide_init_ioport(&d->ide_if[0], 0x1f0, 0x3f6);
2514 ide_init_ioport(&d->ide_if[2], 0x170, 0x376);
2515 #ifdef DMA_MULTI_THREAD
2516 dma_create_thread();
2517 #endif //DMA_MULTI_THREAD
2520 /***********************************************************/
2521 /* MacIO based PowerPC IDE */
2523 /* PowerMac IDE memory IO */
2524 static void pmac_ide_writeb (void *opaque,
2525 target_phys_addr_t addr, uint32_t val)
2527 addr = (addr & 0xFFF) >> 4;
2528 switch (addr) {
2529 case 1 ... 7:
2530 ide_ioport_write(opaque, addr, val);
2531 break;
2532 case 8:
2533 case 22:
2534 ide_cmd_write(opaque, 0, val);
2535 break;
2536 default:
2537 break;
2541 static uint32_t pmac_ide_readb (void *opaque,target_phys_addr_t addr)
2543 uint8_t retval;
2545 addr = (addr & 0xFFF) >> 4;
2546 switch (addr) {
2547 case 1 ... 7:
2548 retval = ide_ioport_read(opaque, addr);
2549 break;
2550 case 8:
2551 case 22:
2552 retval = ide_status_read(opaque, 0);
2553 break;
2554 default:
2555 retval = 0xFF;
2556 break;
2558 return retval;
2561 static void pmac_ide_writew (void *opaque,
2562 target_phys_addr_t addr, uint32_t val)
2564 addr = (addr & 0xFFF) >> 4;
2565 #ifdef TARGET_WORDS_BIGENDIAN
2566 val = bswap16(val);
2567 #endif
2568 if (addr == 0) {
2569 ide_data_writew(opaque, 0, val);
2573 static uint32_t pmac_ide_readw (void *opaque,target_phys_addr_t addr)
2575 uint16_t retval;
2577 addr = (addr & 0xFFF) >> 4;
2578 if (addr == 0) {
2579 retval = ide_data_readw(opaque, 0);
2580 } else {
2581 retval = 0xFFFF;
2583 #ifdef TARGET_WORDS_BIGENDIAN
2584 retval = bswap16(retval);
2585 #endif
2586 return retval;
2589 static void pmac_ide_writel (void *opaque,
2590 target_phys_addr_t addr, uint32_t val)
2592 addr = (addr & 0xFFF) >> 4;
2593 #ifdef TARGET_WORDS_BIGENDIAN
2594 val = bswap32(val);
2595 #endif
2596 if (addr == 0) {
2597 ide_data_writel(opaque, 0, val);
2601 static uint32_t pmac_ide_readl (void *opaque,target_phys_addr_t addr)
2603 uint32_t retval;
2605 addr = (addr & 0xFFF) >> 4;
2606 if (addr == 0) {
2607 retval = ide_data_readl(opaque, 0);
2608 } else {
2609 retval = 0xFFFFFFFF;
2611 #ifdef TARGET_WORDS_BIGENDIAN
2612 retval = bswap32(retval);
2613 #endif
2614 return retval;
2617 static CPUWriteMemoryFunc *pmac_ide_write[] = {
2618 pmac_ide_writeb,
2619 pmac_ide_writew,
2620 pmac_ide_writel,
2621 };
2623 static CPUReadMemoryFunc *pmac_ide_read[] = {
2624 pmac_ide_readb,
2625 pmac_ide_readw,
2626 pmac_ide_readl,
2627 };
2629 /* hd_table must contain 4 block drivers */
2630 /* PowerMac uses memory mapped registers, not I/O. Return the memory
2631 I/O index to access the ide. */
2632 int pmac_ide_init (BlockDriverState **hd_table,
2633 SetIRQFunc *set_irq, void *irq_opaque, int irq)
2635 IDEState *ide_if;
2636 int pmac_ide_memory;
2638 ide_if = qemu_mallocz(sizeof(IDEState) * 2);
2639 ide_init2(&ide_if[0], hd_table[0], hd_table[1],
2640 set_irq, irq_opaque, irq);
2642 pmac_ide_memory = cpu_register_io_memory(0, pmac_ide_read,
2643 pmac_ide_write, &ide_if[0]);
2644 return pmac_ide_memory;