ia64/xen-unstable

view tools/ioemu/hw/ide.c @ 17283:aedab7d280cb

ioemu: IDE should accept SETMULT 0
as upstream qemu now does

Signed-off-by: Samuel Thibault <samuel.thibault@eu.citrix.com>
author Keir Fraser <keir.fraser@citrix.com>
date Thu Mar 20 17:47:05 2008 +0000 (2008-03-20)
parents 866e90d5deb4
children f4a92f0db20f
line source
1 /*
2 * QEMU IDE disk and CD-ROM Emulator
3 *
4 * Copyright (c) 2003 Fabrice Bellard
5 *
6 * Permission is hereby granted, free of charge, to any person obtaining a copy
7 * of this software and associated documentation files (the "Software"), to deal
8 * in the Software without restriction, including without limitation the rights
9 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
10 * copies of the Software, and to permit persons to whom the Software is
11 * furnished to do so, subject to the following conditions:
12 *
13 * The above copyright notice and this permission notice shall be included in
14 * all copies or substantial portions of the Software.
15 *
16 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
17 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
18 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
19 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
20 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
21 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
22 * THE SOFTWARE.
23 */
24 #include "vl.h"
25 #include <malloc.h>
27 /* debug IDE devices */
28 //#define DEBUG_IDE
29 //#define DEBUG_IDE_ATAPI
30 //#define DEBUG_AIO
31 #define USE_DMA_CDROM
33 /* Bits of HD_STATUS */
34 #define ERR_STAT 0x01
35 #define INDEX_STAT 0x02
36 #define ECC_STAT 0x04 /* Corrected error */
37 #define DRQ_STAT 0x08
38 #define SEEK_STAT 0x10
39 #define SRV_STAT 0x10
40 #define WRERR_STAT 0x20
41 #define READY_STAT 0x40
42 #define BUSY_STAT 0x80
44 /* Bits for HD_ERROR */
45 #define MARK_ERR 0x01 /* Bad address mark */
46 #define TRK0_ERR 0x02 /* couldn't find track 0 */
47 #define ABRT_ERR 0x04 /* Command aborted */
48 #define MCR_ERR 0x08 /* media change request */
49 #define ID_ERR 0x10 /* ID field not found */
50 #define MC_ERR 0x20 /* media changed */
51 #define ECC_ERR 0x40 /* Uncorrectable ECC error */
52 #define BBD_ERR 0x80 /* pre-EIDE meaning: block marked bad */
53 #define ICRC_ERR 0x80 /* new meaning: CRC error during transfer */
55 /* Bits of HD_NSECTOR */
56 #define CD 0x01
57 #define IO 0x02
58 #define REL 0x04
59 #define TAG_MASK 0xf8
61 #define IDE_CMD_RESET 0x04
62 #define IDE_CMD_DISABLE_IRQ 0x02
64 /* ATA/ATAPI Commands pre T13 Spec */
65 #define WIN_NOP 0x00
66 /*
67 * 0x01->0x02 Reserved
68 */
69 #define CFA_REQ_EXT_ERROR_CODE 0x03 /* CFA Request Extended Error Code */
70 /*
71 * 0x04->0x07 Reserved
72 */
73 #define WIN_SRST 0x08 /* ATAPI soft reset command */
74 #define WIN_DEVICE_RESET 0x08
75 /*
76 * 0x09->0x0F Reserved
77 */
78 #define WIN_RECAL 0x10
79 #define WIN_RESTORE WIN_RECAL
80 /*
81 * 0x10->0x1F Reserved
82 */
83 #define WIN_READ 0x20 /* 28-Bit */
84 #define WIN_READ_ONCE 0x21 /* 28-Bit without retries */
85 #define WIN_READ_LONG 0x22 /* 28-Bit */
86 #define WIN_READ_LONG_ONCE 0x23 /* 28-Bit without retries */
87 #define WIN_READ_EXT 0x24 /* 48-Bit */
88 #define WIN_READDMA_EXT 0x25 /* 48-Bit */
89 #define WIN_READDMA_QUEUED_EXT 0x26 /* 48-Bit */
90 #define WIN_READ_NATIVE_MAX_EXT 0x27 /* 48-Bit */
91 /*
92 * 0x28
93 */
94 #define WIN_MULTREAD_EXT 0x29 /* 48-Bit */
95 /*
96 * 0x2A->0x2F Reserved
97 */
98 #define WIN_WRITE 0x30 /* 28-Bit */
99 #define WIN_WRITE_ONCE 0x31 /* 28-Bit without retries */
100 #define WIN_WRITE_LONG 0x32 /* 28-Bit */
101 #define WIN_WRITE_LONG_ONCE 0x33 /* 28-Bit without retries */
102 #define WIN_WRITE_EXT 0x34 /* 48-Bit */
103 #define WIN_WRITEDMA_EXT 0x35 /* 48-Bit */
104 #define WIN_WRITEDMA_QUEUED_EXT 0x36 /* 48-Bit */
105 #define WIN_SET_MAX_EXT 0x37 /* 48-Bit */
106 #define CFA_WRITE_SECT_WO_ERASE 0x38 /* CFA Write Sectors without erase */
107 #define WIN_MULTWRITE_EXT 0x39 /* 48-Bit */
108 /*
109 * 0x3A->0x3B Reserved
110 */
111 #define WIN_WRITE_VERIFY 0x3C /* 28-Bit */
112 /*
113 * 0x3D->0x3F Reserved
114 */
115 #define WIN_VERIFY 0x40 /* 28-Bit - Read Verify Sectors */
116 #define WIN_VERIFY_ONCE 0x41 /* 28-Bit - without retries */
117 #define WIN_VERIFY_EXT 0x42 /* 48-Bit */
118 /*
119 * 0x43->0x4F Reserved
120 */
121 #define WIN_FORMAT 0x50
122 /*
123 * 0x51->0x5F Reserved
124 */
125 #define WIN_INIT 0x60
126 /*
127 * 0x61->0x5F Reserved
128 */
129 #define WIN_SEEK 0x70 /* 0x70-0x7F Reserved */
130 #define CFA_TRANSLATE_SECTOR 0x87 /* CFA Translate Sector */
131 #define WIN_DIAGNOSE 0x90
132 #define WIN_SPECIFY 0x91 /* set drive geometry translation */
133 #define WIN_DOWNLOAD_MICROCODE 0x92
134 #define WIN_STANDBYNOW2 0x94
135 #define WIN_STANDBY2 0x96
136 #define WIN_SETIDLE2 0x97
137 #define WIN_CHECKPOWERMODE2 0x98
138 #define WIN_SLEEPNOW2 0x99
139 /*
140 * 0x9A VENDOR
141 */
142 #define WIN_PACKETCMD 0xA0 /* Send a packet command. */
143 #define WIN_PIDENTIFY 0xA1 /* identify ATAPI device */
144 #define WIN_QUEUED_SERVICE 0xA2
145 #define WIN_SMART 0xB0 /* self-monitoring and reporting */
146 #define CFA_ERASE_SECTORS 0xC0
147 #define WIN_MULTREAD 0xC4 /* read sectors using multiple mode*/
148 #define WIN_MULTWRITE 0xC5 /* write sectors using multiple mode */
149 #define WIN_SETMULT 0xC6 /* enable/disable multiple mode */
150 #define WIN_READDMA_QUEUED 0xC7 /* read sectors using Queued DMA transfers */
151 #define WIN_READDMA 0xC8 /* read sectors using DMA transfers */
152 #define WIN_READDMA_ONCE 0xC9 /* 28-Bit - without retries */
153 #define WIN_WRITEDMA 0xCA /* write sectors using DMA transfers */
154 #define WIN_WRITEDMA_ONCE 0xCB /* 28-Bit - without retries */
155 #define WIN_WRITEDMA_QUEUED 0xCC /* write sectors using Queued DMA transfers */
156 #define CFA_WRITE_MULTI_WO_ERASE 0xCD /* CFA Write multiple without erase */
157 #define WIN_GETMEDIASTATUS 0xDA
158 #define WIN_ACKMEDIACHANGE 0xDB /* ATA-1, ATA-2 vendor */
159 #define WIN_POSTBOOT 0xDC
160 #define WIN_PREBOOT 0xDD
161 #define WIN_DOORLOCK 0xDE /* lock door on removable drives */
162 #define WIN_DOORUNLOCK 0xDF /* unlock door on removable drives */
163 #define WIN_STANDBYNOW1 0xE0
164 #define WIN_IDLEIMMEDIATE 0xE1 /* force drive to become "ready" */
165 #define WIN_STANDBY 0xE2 /* Set device in Standby Mode */
166 #define WIN_SETIDLE1 0xE3
167 #define WIN_READ_BUFFER 0xE4 /* force read only 1 sector */
168 #define WIN_CHECKPOWERMODE1 0xE5
169 #define WIN_SLEEPNOW1 0xE6
170 #define WIN_FLUSH_CACHE 0xE7
171 #define WIN_WRITE_BUFFER 0xE8 /* force write only 1 sector */
172 #define WIN_WRITE_SAME 0xE9 /* read ata-2 to use */
173 /* SET_FEATURES 0x22 or 0xDD */
174 #define WIN_FLUSH_CACHE_EXT 0xEA /* 48-Bit */
175 #define WIN_IDENTIFY 0xEC /* ask drive to identify itself */
176 #define WIN_MEDIAEJECT 0xED
177 #define WIN_IDENTIFY_DMA 0xEE /* same as WIN_IDENTIFY, but DMA */
178 #define WIN_SETFEATURES 0xEF /* set special drive features */
179 #define EXABYTE_ENABLE_NEST 0xF0
180 #define WIN_SECURITY_SET_PASS 0xF1
181 #define WIN_SECURITY_UNLOCK 0xF2
182 #define WIN_SECURITY_ERASE_PREPARE 0xF3
183 #define WIN_SECURITY_ERASE_UNIT 0xF4
184 #define WIN_SECURITY_FREEZE_LOCK 0xF5
185 #define WIN_SECURITY_DISABLE 0xF6
186 #define WIN_READ_NATIVE_MAX 0xF8 /* return the native maximum address */
187 #define WIN_SET_MAX 0xF9
188 #define DISABLE_SEAGATE 0xFB
190 /* set to 1 set disable mult support */
191 #define MAX_MULT_SECTORS 16
193 /* ATAPI defines */
195 #define ATAPI_PACKET_SIZE 12
197 /* The generic packet command opcodes for CD/DVD Logical Units,
198 * From Table 57 of the SFF8090 Ver. 3 (Mt. Fuji) draft standard. */
199 #define GPCMD_BLANK 0xa1
200 #define GPCMD_CLOSE_TRACK 0x5b
201 #define GPCMD_FLUSH_CACHE 0x35
202 #define GPCMD_FORMAT_UNIT 0x04
203 #define GPCMD_GET_CONFIGURATION 0x46
204 #define GPCMD_GET_EVENT_STATUS_NOTIFICATION 0x4a
205 #define GPCMD_GET_PERFORMANCE 0xac
206 #define GPCMD_INQUIRY 0x12
207 #define GPCMD_LOAD_UNLOAD 0xa6
208 #define GPCMD_MECHANISM_STATUS 0xbd
209 #define GPCMD_MODE_SELECT_10 0x55
210 #define GPCMD_MODE_SENSE_10 0x5a
211 #define GPCMD_PAUSE_RESUME 0x4b
212 #define GPCMD_PLAY_AUDIO_10 0x45
213 #define GPCMD_PLAY_AUDIO_MSF 0x47
214 #define GPCMD_PLAY_AUDIO_TI 0x48
215 #define GPCMD_PLAY_CD 0xbc
216 #define GPCMD_PREVENT_ALLOW_MEDIUM_REMOVAL 0x1e
217 #define GPCMD_READ_10 0x28
218 #define GPCMD_READ_12 0xa8
219 #define GPCMD_READ_CDVD_CAPACITY 0x25
220 #define GPCMD_READ_CD 0xbe
221 #define GPCMD_READ_CD_MSF 0xb9
222 #define GPCMD_READ_DISC_INFO 0x51
223 #define GPCMD_READ_DVD_STRUCTURE 0xad
224 #define GPCMD_READ_FORMAT_CAPACITIES 0x23
225 #define GPCMD_READ_HEADER 0x44
226 #define GPCMD_READ_TRACK_RZONE_INFO 0x52
227 #define GPCMD_READ_SUBCHANNEL 0x42
228 #define GPCMD_READ_TOC_PMA_ATIP 0x43
229 #define GPCMD_REPAIR_RZONE_TRACK 0x58
230 #define GPCMD_REPORT_KEY 0xa4
231 #define GPCMD_REQUEST_SENSE 0x03
232 #define GPCMD_RESERVE_RZONE_TRACK 0x53
233 #define GPCMD_SCAN 0xba
234 #define GPCMD_SEEK 0x2b
235 #define GPCMD_SEND_DVD_STRUCTURE 0xad
236 #define GPCMD_SEND_EVENT 0xa2
237 #define GPCMD_SEND_KEY 0xa3
238 #define GPCMD_SEND_OPC 0x54
239 #define GPCMD_SET_READ_AHEAD 0xa7
240 #define GPCMD_SET_STREAMING 0xb6
241 #define GPCMD_START_STOP_UNIT 0x1b
242 #define GPCMD_STOP_PLAY_SCAN 0x4e
243 #define GPCMD_TEST_UNIT_READY 0x00
244 #define GPCMD_VERIFY_10 0x2f
245 #define GPCMD_WRITE_10 0x2a
246 #define GPCMD_WRITE_AND_VERIFY_10 0x2e
247 /* This is listed as optional in ATAPI 2.6, but is (curiously)
248 * missing from Mt. Fuji, Table 57. It _is_ mentioned in Mt. Fuji
249 * Table 377 as an MMC command for SCSi devices though... Most ATAPI
250 * drives support it. */
251 #define GPCMD_SET_SPEED 0xbb
252 /* This seems to be a SCSI specific CD-ROM opcode
253 * to play data at track/index */
254 #define GPCMD_PLAYAUDIO_TI 0x48
255 /*
256 * From MS Media Status Notification Support Specification. For
257 * older drives only.
258 */
259 #define GPCMD_GET_MEDIA_STATUS 0xda
261 /* Mode page codes for mode sense/set */
262 #define GPMODE_R_W_ERROR_PAGE 0x01
263 #define GPMODE_WRITE_PARMS_PAGE 0x05
264 #define GPMODE_AUDIO_CTL_PAGE 0x0e
265 #define GPMODE_POWER_PAGE 0x1a
266 #define GPMODE_FAULT_FAIL_PAGE 0x1c
267 #define GPMODE_TO_PROTECT_PAGE 0x1d
268 #define GPMODE_CAPABILITIES_PAGE 0x2a
269 #define GPMODE_ALL_PAGES 0x3f
270 /* Not in Mt. Fuji, but in ATAPI 2.6 -- depricated now in favor
271 * of MODE_SENSE_POWER_PAGE */
272 #define GPMODE_CDROM_PAGE 0x0d
274 #define ATAPI_INT_REASON_CD 0x01 /* 0 = data transfer */
275 #define ATAPI_INT_REASON_IO 0x02 /* 1 = transfer to the host */
276 #define ATAPI_INT_REASON_REL 0x04
277 #define ATAPI_INT_REASON_TAG 0xf8
279 /* same constants as bochs */
280 #define ASC_ILLEGAL_OPCODE 0x20
281 #define ASC_LOGICAL_BLOCK_OOR 0x21
282 #define ASC_INV_FIELD_IN_CMD_PACKET 0x24
283 #define ASC_MEDIUM_NOT_PRESENT 0x3a
284 #define ASC_SAVING_PARAMETERS_NOT_SUPPORTED 0x39
286 #define SENSE_NONE 0
287 #define SENSE_NOT_READY 2
288 #define SENSE_ILLEGAL_REQUEST 5
289 #define SENSE_UNIT_ATTENTION 6
291 struct IDEState;
293 typedef void EndTransferFunc(struct IDEState *);
295 /* NOTE: IDEState represents in fact one drive */
296 typedef struct IDEState {
297 /* ide config */
298 int is_cdrom;
299 int cylinders, heads, sectors;
300 int64_t nb_sectors;
301 int mult_sectors;
302 int identify_set;
303 uint16_t identify_data[256];
304 SetIRQFunc *set_irq;
305 void *irq_opaque;
306 int irq;
307 PCIDevice *pci_dev;
308 struct BMDMAState *bmdma;
309 int drive_serial;
310 int write_cache;
311 /* ide regs */
312 uint8_t feature;
313 uint8_t error;
314 uint32_t nsector;
315 uint8_t sector;
316 uint8_t lcyl;
317 uint8_t hcyl;
318 /* other part of tf for lba48 support */
319 uint8_t hob_feature;
320 uint8_t hob_nsector;
321 uint8_t hob_sector;
322 uint8_t hob_lcyl;
323 uint8_t hob_hcyl;
325 uint8_t select;
326 uint8_t status;
328 /* 0x3f6 command, only meaningful for drive 0 */
329 uint8_t cmd;
330 /* set for lba48 access */
331 uint8_t lba48;
332 /* depends on bit 4 in select, only meaningful for drive 0 */
333 struct IDEState *cur_drive;
334 BlockDriverState *bs;
335 /* ATAPI specific */
336 uint8_t sense_key;
337 uint8_t asc;
338 int packet_transfer_size;
339 int elementary_transfer_size;
340 int io_buffer_index;
341 int lba;
342 int cd_sector_size;
343 int atapi_dma; /* true if dma is requested for the packet cmd */
344 /* ATA DMA state */
345 int io_buffer_size;
346 /* PIO transfer handling */
347 int req_nb_sectors; /* number of sectors per interrupt */
348 EndTransferFunc *end_transfer_func;
349 uint8_t *data_ptr;
350 uint8_t *data_end;
351 uint8_t *io_buffer;
352 QEMUTimer *sector_write_timer; /* only used for win2k instal hack */
353 uint32_t irq_count; /* counts IRQs when using win2k install hack */
354 } IDEState;
356 #define BM_STATUS_DMAING 0x01
357 #define BM_STATUS_ERROR 0x02
358 #define BM_STATUS_INT 0x04
360 #define BM_CMD_START 0x01
361 #define BM_CMD_READ 0x08
363 #define IDE_TYPE_PIIX3 0
364 #define IDE_TYPE_CMD646 1
366 /* CMD646 specific */
367 #define MRDMODE 0x71
368 #define MRDMODE_INTR_CH0 0x04
369 #define MRDMODE_INTR_CH1 0x08
370 #define MRDMODE_BLK_CH0 0x10
371 #define MRDMODE_BLK_CH1 0x20
372 #define UDIDETCR0 0x73
373 #define UDIDETCR1 0x7B
375 typedef struct BMDMAState {
376 uint8_t cmd;
377 uint8_t status;
378 uint32_t addr;
380 struct PCIIDEState *pci_dev;
381 /* current transfer state */
382 uint32_t cur_addr;
383 uint32_t cur_prd_last;
384 uint32_t cur_prd_addr;
385 uint32_t cur_prd_len;
386 IDEState *ide_if;
387 BlockDriverCompletionFunc *dma_cb;
388 BlockDriverAIOCB *aiocb;
389 } BMDMAState;
391 typedef struct PCIIDEState {
392 PCIDevice dev;
393 IDEState ide_if[4];
394 BMDMAState bmdma[2];
395 int type; /* see IDE_TYPE_xxx */
396 } PCIIDEState;
398 #if defined(__ia64__)
399 #include <xen/hvm/ioreq.h>
401 struct buffered_piopage *buffered_pio_page;
403 static inline struct pio_buffer *
404 piobuf_by_addr(uint32_t addr)
405 {
406 if (addr == 0x1F0)
407 return &buffered_pio_page->pio[PIO_BUFFER_IDE_PRIMARY];
408 if (addr == 0x170)
409 return &buffered_pio_page->pio[PIO_BUFFER_IDE_SECONDARY];
410 return NULL;
411 }
413 static void
414 buffered_pio_init(void)
415 {
416 struct pio_buffer *p1, *p2;
417 uint32_t off1, off2;
419 if (!buffered_pio_page)
420 return;
422 p1 = &buffered_pio_page->pio[PIO_BUFFER_IDE_PRIMARY];
423 p2 = &buffered_pio_page->pio[PIO_BUFFER_IDE_SECONDARY];
424 off1 = offsetof(struct buffered_piopage, buffer);
425 off2 = (off1 + TARGET_PAGE_SIZE)/2;
427 p1->buf_size = off2 - off1;
428 p1->page_offset = off1;
430 p2->buf_size = TARGET_PAGE_SIZE - off2;
431 p2->page_offset = off2;
432 }
434 static inline void
435 __buffered_pio_flush(struct pio_buffer *piobuf, IDEState *s, uint32_t pointer)
436 {
437 uint8_t *buf = (uint8_t *)buffered_pio_page + piobuf->page_offset;
438 memcpy(s->data_ptr, buf, pointer);
439 s->data_ptr += pointer;
440 }
442 static inline void
443 buffered_pio_flush(struct pio_buffer *piobuf)
444 {
445 IDEState *s = piobuf->opaque;
446 uint32_t pointer = piobuf->pointer;
448 if (s != NULL && pointer > 0)
449 __buffered_pio_flush(piobuf, s, pointer);
450 }
452 static inline void
453 buffered_pio_reset(IDEState *s)
454 {
455 struct pio_buffer *piobuf;
457 if ((unsigned)s->drive_serial - 1 < 2) /* 1,2 */
458 piobuf = &buffered_pio_page->pio[PIO_BUFFER_IDE_PRIMARY];
459 else if ((unsigned)s->drive_serial - 3 < 2) /* 3,4 */
460 piobuf = &buffered_pio_page->pio[PIO_BUFFER_IDE_SECONDARY];
461 else
462 return;
463 buffered_pio_flush(piobuf);
464 piobuf->pointer = 0;
465 piobuf->data_end = 0;
466 piobuf->opaque = NULL;
467 }
469 static inline void
470 buffered_pio_write(IDEState *s, uint32_t addr, int size)
471 {
472 struct pio_buffer *piobuf = piobuf_by_addr(addr);
473 int data_end;
475 if (!piobuf)
476 return;
477 buffered_pio_flush(piobuf);
478 data_end = s->data_end - s->data_ptr - size;
479 if (data_end <= 0)
480 data_end = 0;
481 else if (data_end > piobuf->buf_size)
482 data_end = piobuf->buf_size;
483 piobuf->pointer = 0;
484 piobuf->data_end = data_end;
485 piobuf->opaque = s;
486 }
488 static inline void
489 buffered_pio_read(IDEState *s, uint32_t addr, int size)
490 {
491 struct pio_buffer *piobuf = piobuf_by_addr(addr);
492 int data_end;
494 if (!piobuf)
495 return;
496 s->data_ptr += piobuf->pointer;
497 data_end = s->data_end - s->data_ptr - size;
498 if (data_end <= 0) {
499 data_end = 0;
500 } else {
501 uint8_t *buf = (uint8_t *)buffered_pio_page + piobuf->page_offset;
502 if (data_end > piobuf->buf_size)
503 data_end = piobuf->buf_size;
504 memcpy(buf, s->data_ptr + size, data_end);
505 }
506 piobuf->pointer = 0;
507 piobuf->data_end = data_end;
508 piobuf->opaque = NULL;
509 }
511 /*
512 * buffered pio reads are undone. It results in normal pio when the domain
513 * is restored.
514 * buffered pio writes are handled before saving domain.
515 * However currently pci_ide_save/load() just discards a pending transfer. XXX
516 */
517 static void
518 __handle_buffered_pio(struct pio_buffer *piobuf)
519 {
520 IDEState *s = piobuf->opaque;
521 uint32_t pointer = piobuf->pointer;
524 if (pointer == 0)
525 return;/* no buffered pio */
527 if (s != NULL) {
528 /* written data are pending in pio_buffer. process it */
529 __buffered_pio_flush(piobuf, s, pointer);
530 } else {
531 /* data are buffered for pio read in pio_buffer.
532 * undone buffering by buffered_pio_read()
533 */
534 if (pointer > s->data_ptr - s->io_buffer)
535 pointer = s->data_ptr - s->io_buffer;
536 s->data_ptr -= pointer;
537 }
539 piobuf->pointer = 0;
540 piobuf->data_end = 0;
541 piobuf->opaque = NULL;
542 }
544 void
545 handle_buffered_pio(void)
546 {
547 struct pio_buffer *p1, *p2;
549 if (!buffered_pio_page)
550 return;
552 p1 = &buffered_pio_page->pio[PIO_BUFFER_IDE_PRIMARY];
553 p2 = &buffered_pio_page->pio[PIO_BUFFER_IDE_SECONDARY];
555 __handle_buffered_pio(p1);
556 __handle_buffered_pio(p2);
557 }
559 #else /* !__ia64__ */
560 #define buffered_pio_init() do {} while (0)
561 #define buffered_pio_reset(I) do {} while (0)
562 #define buffered_pio_write(I,A,S) do {} while (0)
563 #define buffered_pio_read(I,A,S) do {} while (0)
564 #endif
566 static void ide_dma_start(IDEState *s, BlockDriverCompletionFunc *dma_cb);
567 static void ide_atapi_cmd_read_dma_cb(void *opaque, int ret);
569 static void padstr(char *str, const char *src, int len)
570 {
571 int i, v;
572 for(i = 0; i < len; i++) {
573 if (*src)
574 v = *src++;
575 else
576 v = ' ';
577 *(char *)((long)str ^ 1) = v;
578 str++;
579 }
580 }
582 static void padstr8(uint8_t *buf, int buf_size, const char *src)
583 {
584 int i;
585 for(i = 0; i < buf_size; i++) {
586 if (*src)
587 buf[i] = *src++;
588 else
589 buf[i] = ' ';
590 }
591 }
593 static void put_le16(uint16_t *p, unsigned int v)
594 {
595 *p = cpu_to_le16(v);
596 }
598 static void ide_identify(IDEState *s)
599 {
600 uint16_t *p;
601 unsigned int oldsize;
602 char buf[20];
604 if (s->identify_set) {
605 memcpy(s->io_buffer, s->identify_data, sizeof(s->identify_data));
606 return;
607 }
609 memset(s->io_buffer, 0, 512);
610 p = (uint16_t *)s->io_buffer;
611 put_le16(p + 0, 0x0040);
612 put_le16(p + 1, s->cylinders);
613 put_le16(p + 3, s->heads);
614 put_le16(p + 4, 512 * s->sectors); /* XXX: retired, remove ? */
615 put_le16(p + 5, 512); /* XXX: retired, remove ? */
616 put_le16(p + 6, s->sectors);
617 snprintf(buf, sizeof(buf), "QM%05d", s->drive_serial);
618 padstr((uint8_t *)(p + 10), buf, 20); /* serial number */
619 put_le16(p + 20, 3); /* XXX: retired, remove ? */
620 put_le16(p + 21, 512); /* cache size in sectors */
621 put_le16(p + 22, 4); /* ecc bytes */
622 padstr((uint8_t *)(p + 23), QEMU_VERSION, 8); /* firmware version */
623 padstr((uint8_t *)(p + 27), "QEMU HARDDISK", 40); /* model */
624 #if MAX_MULT_SECTORS > 1
625 put_le16(p + 47, 0x8000 | MAX_MULT_SECTORS);
626 #endif
627 put_le16(p + 48, 1); /* dword I/O */
628 put_le16(p + 49, (1 << 11) | (1 << 9) | (1 << 8)); /* DMA and LBA supported */
629 put_le16(p + 51, 0x200); /* PIO transfer cycle */
630 put_le16(p + 52, 0x200); /* DMA transfer cycle */
631 put_le16(p + 53, 1 | (1 << 1) | (1 << 2)); /* words 54-58,64-70,88 are valid */
632 put_le16(p + 54, s->cylinders);
633 put_le16(p + 55, s->heads);
634 put_le16(p + 56, s->sectors);
635 oldsize = s->cylinders * s->heads * s->sectors;
636 put_le16(p + 57, oldsize);
637 put_le16(p + 58, oldsize >> 16);
638 if (s->mult_sectors)
639 put_le16(p + 59, 0x100 | s->mult_sectors);
640 put_le16(p + 60, s->nb_sectors);
641 put_le16(p + 61, s->nb_sectors >> 16);
642 put_le16(p + 63, 0x07); /* mdma0-2 supported */
643 put_le16(p + 65, 120);
644 put_le16(p + 66, 120);
645 put_le16(p + 67, 120);
646 put_le16(p + 68, 120);
647 put_le16(p + 80, 0xf0); /* ata3 -> ata6 supported */
648 put_le16(p + 81, 0x16); /* conforms to ata5 */
649 put_le16(p + 82, (1 << 14));
650 /* 13=flush_cache_ext,12=flush_cache,10=lba48 */
651 put_le16(p + 83, (1 << 14) | (1 << 13) | (1 <<12) | (1 << 10));
652 put_le16(p + 84, (1 << 14));
653 /* 14=nop 5=write_cache */
654 put_le16(p + 85, (1 << 14) | (1 << 5));
655 /* 13=flush_cache_ext,12=flush_cache,10=lba48 */
656 put_le16(p + 86, (1 << 14) | (1 << 13) | (1 <<12) | (1 << 10));
657 put_le16(p + 87, (1 << 14));
658 put_le16(p + 88, 0x3f | (1 << 13)); /* udma5 set and supported */
659 put_le16(p + 93, 1 | (1 << 14) | 0x2000);
660 put_le16(p + 100, s->nb_sectors);
661 put_le16(p + 101, s->nb_sectors >> 16);
662 put_le16(p + 102, s->nb_sectors >> 32);
663 put_le16(p + 103, s->nb_sectors >> 48);
665 memcpy(s->identify_data, p, sizeof(s->identify_data));
666 s->identify_set = 1;
667 }
669 static void ide_atapi_identify(IDEState *s)
670 {
671 uint16_t *p;
672 char buf[20];
674 if (s->identify_set) {
675 memcpy(s->io_buffer, s->identify_data, sizeof(s->identify_data));
676 return;
677 }
679 memset(s->io_buffer, 0, 512);
680 p = (uint16_t *)s->io_buffer;
681 /* Removable CDROM, 50us response, 12 byte packets */
682 put_le16(p + 0, (2 << 14) | (5 << 8) | (1 << 7) | (2 << 5) | (0 << 0));
683 snprintf(buf, sizeof(buf), "QM%05d", s->drive_serial);
684 padstr((uint8_t *)(p + 10), buf, 20); /* serial number */
685 put_le16(p + 20, 3); /* buffer type */
686 put_le16(p + 21, 512); /* cache size in sectors */
687 put_le16(p + 22, 4); /* ecc bytes */
688 padstr((uint8_t *)(p + 23), QEMU_VERSION, 8); /* firmware version */
689 padstr((uint8_t *)(p + 27), "QEMU CD-ROM", 40); /* model */
690 put_le16(p + 48, 1); /* dword I/O (XXX: should not be set on CDROM) */
691 #ifdef USE_DMA_CDROM
692 put_le16(p + 49, 1 << 9 | 1 << 8); /* DMA and LBA supported */
693 put_le16(p + 53, 7); /* words 64-70, 54-58, 88 valid */
694 put_le16(p + 63, 7); /* mdma0-2 supported */
695 put_le16(p + 64, 0x3f); /* PIO modes supported */
696 #else
697 put_le16(p + 49, 1 << 9); /* LBA supported, no DMA */
698 put_le16(p + 53, 3); /* words 64-70, 54-58 valid */
699 put_le16(p + 63, 0x103); /* DMA modes XXX: may be incorrect */
700 put_le16(p + 64, 1); /* PIO modes */
701 #endif
702 put_le16(p + 65, 0xb4); /* minimum DMA multiword tx cycle time */
703 put_le16(p + 66, 0xb4); /* recommended DMA multiword tx cycle time */
704 put_le16(p + 67, 0x12c); /* minimum PIO cycle time without flow control */
705 put_le16(p + 68, 0xb4); /* minimum PIO cycle time with IORDY flow control */
707 put_le16(p + 71, 30); /* in ns */
708 put_le16(p + 72, 30); /* in ns */
710 put_le16(p + 80, 0x1e); /* support up to ATA/ATAPI-4 */
711 #ifdef USE_DMA_CDROM
712 put_le16(p + 88, 0x3f | (1 << 13)); /* udma5 set and supported */
713 #endif
714 memcpy(s->identify_data, p, sizeof(s->identify_data));
715 s->identify_set = 1;
716 }
718 static void ide_set_signature(IDEState *s)
719 {
720 s->select &= 0xf0; /* clear head */
721 /* put signature */
722 s->nsector = 1;
723 s->sector = 1;
724 if (s->is_cdrom) {
725 s->lcyl = 0x14;
726 s->hcyl = 0xeb;
727 } else if (s->bs) {
728 s->lcyl = 0;
729 s->hcyl = 0;
730 } else {
731 s->lcyl = 0xff;
732 s->hcyl = 0xff;
733 }
734 }
736 static inline void ide_abort_command(IDEState *s)
737 {
738 s->status = READY_STAT | ERR_STAT;
739 s->error = ABRT_ERR;
740 }
742 static inline void ide_set_irq(IDEState *s)
743 {
744 BMDMAState *bm = s->bmdma;
745 if (!(s->cmd & IDE_CMD_DISABLE_IRQ)) {
746 if (bm) {
747 bm->status |= BM_STATUS_INT;
748 }
749 s->set_irq(s->irq_opaque, s->irq, 1);
750 }
751 }
753 /* prepare data transfer and tell what to do after */
754 static void ide_transfer_start(IDEState *s, uint8_t *buf, int size,
755 EndTransferFunc *end_transfer_func)
756 {
757 s->end_transfer_func = end_transfer_func;
758 s->data_ptr = buf;
759 s->data_end = buf + size;
760 /* don't violate the HSM */
761 if (!(s->status & ERR_STAT))
762 s->status |= DRQ_STAT;
763 buffered_pio_reset(s);
764 }
766 static void ide_transfer_stop(IDEState *s)
767 {
768 s->end_transfer_func = ide_transfer_stop;
769 s->data_ptr = s->io_buffer;
770 s->data_end = s->io_buffer;
771 s->status &= ~DRQ_STAT;
772 buffered_pio_reset(s);
773 }
775 static int64_t ide_get_sector(IDEState *s)
776 {
777 int64_t sector_num;
778 if (s->select & 0x40) {
779 /* lba */
780 if (!s->lba48) {
781 sector_num = ((s->select & 0x0f) << 24) | (s->hcyl << 16) |
782 (s->lcyl << 8) | s->sector;
783 } else {
784 sector_num = ((int64_t)s->hob_hcyl << 40) |
785 ((int64_t) s->hob_lcyl << 32) |
786 ((int64_t) s->hob_sector << 24) |
787 ((int64_t) s->hcyl << 16) |
788 ((int64_t) s->lcyl << 8) | s->sector;
789 }
790 } else {
791 sector_num = ((s->hcyl << 8) | s->lcyl) * s->heads * s->sectors +
792 (s->select & 0x0f) * s->sectors + (s->sector - 1);
793 }
794 return sector_num;
795 }
797 static void ide_set_sector(IDEState *s, int64_t sector_num)
798 {
799 unsigned int cyl, r;
800 if (s->select & 0x40) {
801 if (!s->lba48) {
802 s->select = (s->select & 0xf0) | (sector_num >> 24);
803 s->hcyl = (sector_num >> 16);
804 s->lcyl = (sector_num >> 8);
805 s->sector = (sector_num);
806 } else {
807 s->sector = sector_num;
808 s->lcyl = sector_num >> 8;
809 s->hcyl = sector_num >> 16;
810 s->hob_sector = sector_num >> 24;
811 s->hob_lcyl = sector_num >> 32;
812 s->hob_hcyl = sector_num >> 40;
813 }
814 } else {
815 cyl = sector_num / (s->heads * s->sectors);
816 r = sector_num % (s->heads * s->sectors);
817 s->hcyl = cyl >> 8;
818 s->lcyl = cyl;
819 s->select = (s->select & 0xf0) | ((r / s->sectors) & 0x0f);
820 s->sector = (r % s->sectors) + 1;
821 }
822 }
824 static void ide_sector_read(IDEState *s)
825 {
826 int64_t sector_num;
827 int n;
829 s->status = READY_STAT | SEEK_STAT;
830 s->error = 0; /* not needed by IDE spec, but needed by Windows */
831 sector_num = ide_get_sector(s);
832 n = s->nsector;
833 if (n == 0) {
834 /* no more sector to read from disk */
835 ide_transfer_stop(s);
836 } else {
837 #if defined(DEBUG_IDE)
838 printf("read sector=%Ld\n", sector_num);
839 #endif
840 if (n > s->req_nb_sectors)
841 n = s->req_nb_sectors;
842 if (bdrv_read(s->bs, sector_num, s->io_buffer, n) != 0) {
843 ide_abort_command(s);
844 ide_set_irq(s);
845 return;
846 }
847 ide_transfer_start(s, s->io_buffer, 512 * n, ide_sector_read);
848 ide_set_irq(s);
849 ide_set_sector(s, sector_num + n);
850 s->nsector -= n;
851 }
852 }
854 /* return 0 if buffer completed */
855 static int dma_buf_rw(BMDMAState *bm, int is_write)
856 {
857 IDEState *s = bm->ide_if;
858 struct {
859 uint32_t addr;
860 uint32_t size;
861 } prd;
862 int l, len;
864 for(;;) {
865 l = s->io_buffer_size - s->io_buffer_index;
866 if (l <= 0)
867 break;
868 if (bm->cur_prd_len == 0) {
869 /* end of table (with a fail safe of one page) */
870 if (bm->cur_prd_last ||
871 (bm->cur_addr - bm->addr) >= 4096)
872 return 0;
873 cpu_physical_memory_read(bm->cur_addr, (uint8_t *)&prd, 8);
874 bm->cur_addr += 8;
875 prd.addr = le32_to_cpu(prd.addr);
876 prd.size = le32_to_cpu(prd.size);
877 len = prd.size & 0xfffe;
878 if (len == 0)
879 len = 0x10000;
880 bm->cur_prd_len = len;
881 bm->cur_prd_addr = prd.addr;
882 bm->cur_prd_last = (prd.size & 0x80000000);
883 }
884 if (l > bm->cur_prd_len)
885 l = bm->cur_prd_len;
886 if (l > 0) {
887 if (is_write) {
888 cpu_physical_memory_write(bm->cur_prd_addr,
889 s->io_buffer + s->io_buffer_index, l);
890 } else {
891 cpu_physical_memory_read(bm->cur_prd_addr,
892 s->io_buffer + s->io_buffer_index, l);
893 }
894 bm->cur_prd_addr += l;
895 bm->cur_prd_len -= l;
896 s->io_buffer_index += l;
897 }
898 }
899 return 1;
900 }
902 /* XXX: handle errors */
903 static void ide_read_dma_cb(void *opaque, int ret)
904 {
905 BMDMAState *bm = opaque;
906 IDEState *s = bm->ide_if;
907 int n;
908 int64_t sector_num;
910 n = s->io_buffer_size >> 9;
911 sector_num = ide_get_sector(s);
912 if (n > 0) {
913 sector_num += n;
914 ide_set_sector(s, sector_num);
915 s->nsector -= n;
916 if (dma_buf_rw(bm, 1) == 0)
917 goto eot;
918 }
920 /* end of transfer ? */
921 if (s->nsector == 0) {
922 s->status = READY_STAT | SEEK_STAT;
923 ide_set_irq(s);
924 eot:
925 bm->status &= ~BM_STATUS_DMAING;
926 bm->status |= BM_STATUS_INT;
927 bm->dma_cb = NULL;
928 bm->ide_if = NULL;
929 bm->aiocb = NULL;
930 return;
931 }
933 /* launch next transfer */
934 n = s->nsector;
935 if (n > MAX_MULT_SECTORS)
936 n = MAX_MULT_SECTORS;
937 s->io_buffer_index = 0;
938 s->io_buffer_size = n * 512;
939 #ifdef DEBUG_AIO
940 printf("aio_read: sector_num=%lld n=%d\n", sector_num, n);
941 #endif
942 bm->aiocb = bdrv_aio_read(s->bs, sector_num, s->io_buffer, n,
943 ide_read_dma_cb, bm);
944 }
946 static void ide_sector_read_dma(IDEState *s)
947 {
948 s->status = READY_STAT | SEEK_STAT | DRQ_STAT | BUSY_STAT;
949 s->io_buffer_index = 0;
950 s->io_buffer_size = 0;
951 ide_dma_start(s, ide_read_dma_cb);
952 }
954 static void ide_sector_write_timer_cb(void *opaque)
955 {
956 IDEState *s = opaque;
957 ide_set_irq(s);
958 }
960 static void ide_sector_write(IDEState *s)
961 {
962 int64_t sector_num;
963 int n, n1;
965 s->status = READY_STAT | SEEK_STAT;
966 sector_num = ide_get_sector(s);
967 #if defined(DEBUG_IDE)
968 printf("write sector=%Ld\n", sector_num);
969 #endif
970 n = s->nsector;
971 if (n > s->req_nb_sectors)
972 n = s->req_nb_sectors;
973 if (bdrv_write(s->bs, sector_num, s->io_buffer, n) != 0) {
974 ide_abort_command(s);
975 ide_set_irq(s);
976 return;
977 }
978 s->nsector -= n;
979 if (s->nsector == 0) {
980 /* no more sector to write */
981 ide_transfer_stop(s);
982 } else {
983 n1 = s->nsector;
984 if (n1 > s->req_nb_sectors)
985 n1 = s->req_nb_sectors;
986 ide_transfer_start(s, s->io_buffer, 512 * n1, ide_sector_write);
987 }
988 ide_set_sector(s, sector_num + n);
990 if (!s->write_cache)
991 bdrv_flush(s->bs);
993 #ifdef TARGET_I386
994 if (win2k_install_hack && ((++s->irq_count % 16) == 0)) {
995 /* It seems there is a bug in the Windows 2000 installer HDD
996 IDE driver which fills the disk with empty logs when the
997 IDE write IRQ comes too early. This hack tries to correct
998 that at the expense of slower write performances. Use this
999 option _only_ to install Windows 2000. You must disable it
1000 for normal use. */
1001 qemu_mod_timer(s->sector_write_timer,
1002 qemu_get_clock(vm_clock) + (ticks_per_sec / 1000));
1003 } else
1004 #endif
1006 ide_set_irq(s);
1010 /* XXX: handle errors */
1011 static void ide_write_dma_cb(void *opaque, int ret)
1013 BMDMAState *bm = opaque;
1014 IDEState *s = bm->ide_if;
1015 int n;
1016 int64_t sector_num;
1018 n = s->io_buffer_size >> 9;
1019 sector_num = ide_get_sector(s);
1020 if (n > 0) {
1021 sector_num += n;
1022 ide_set_sector(s, sector_num);
1023 s->nsector -= n;
1026 /* end of transfer ? */
1027 if (s->nsector == 0) {
1028 /* Ensure the data hit disk before telling the guest OS so. */
1029 if (!s->write_cache)
1030 bdrv_flush(s->bs);
1031 s->status = READY_STAT | SEEK_STAT;
1032 ide_set_irq(s);
1033 eot:
1034 bm->status &= ~BM_STATUS_DMAING;
1035 bm->status |= BM_STATUS_INT;
1036 bm->dma_cb = NULL;
1037 bm->ide_if = NULL;
1038 bm->aiocb = NULL;
1039 return;
1042 /* launch next transfer */
1043 n = s->nsector;
1044 if (n > MAX_MULT_SECTORS)
1045 n = MAX_MULT_SECTORS;
1046 s->io_buffer_index = 0;
1047 s->io_buffer_size = n * 512;
1049 if (dma_buf_rw(bm, 0) == 0)
1050 goto eot;
1051 #ifdef DEBUG_AIO
1052 printf("aio_write: sector_num=%lld n=%d\n", sector_num, n);
1053 #endif
1054 bm->aiocb = bdrv_aio_write(s->bs, sector_num, s->io_buffer, n,
1055 ide_write_dma_cb, bm);
1058 static void ide_sector_write_dma(IDEState *s)
1060 s->status = READY_STAT | SEEK_STAT | DRQ_STAT | BUSY_STAT;
1061 s->io_buffer_index = 0;
1062 s->io_buffer_size = 0;
1063 ide_dma_start(s, ide_write_dma_cb);
1066 static void ide_atapi_cmd_ok(IDEState *s)
1068 s->error = 0;
1069 s->status = READY_STAT;
1070 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
1071 ide_set_irq(s);
1074 static void ide_atapi_cmd_error(IDEState *s, int sense_key, int asc)
1076 #ifdef DEBUG_IDE_ATAPI
1077 printf("atapi_cmd_error: sense=0x%x asc=0x%x\n", sense_key, asc);
1078 #endif
1079 s->error = sense_key << 4;
1080 s->status = READY_STAT | ERR_STAT;
1081 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
1082 s->sense_key = sense_key;
1083 s->asc = asc;
1084 ide_set_irq(s);
1087 static inline void cpu_to_ube16(uint8_t *buf, int val)
1089 buf[0] = val >> 8;
1090 buf[1] = val;
1093 static inline void cpu_to_ube32(uint8_t *buf, unsigned int val)
1095 buf[0] = val >> 24;
1096 buf[1] = val >> 16;
1097 buf[2] = val >> 8;
1098 buf[3] = val;
1101 static inline int ube16_to_cpu(const uint8_t *buf)
1103 return (buf[0] << 8) | buf[1];
1106 static inline int ube32_to_cpu(const uint8_t *buf)
1108 return (buf[0] << 24) | (buf[1] << 16) | (buf[2] << 8) | buf[3];
1111 static void lba_to_msf(uint8_t *buf, int lba)
1113 lba += 150;
1114 buf[0] = (lba / 75) / 60;
1115 buf[1] = (lba / 75) % 60;
1116 buf[2] = lba % 75;
1119 static void cd_data_to_raw(uint8_t *buf, int lba)
1121 /* sync bytes */
1122 buf[0] = 0x00;
1123 memset(buf + 1, 0xff, 10);
1124 buf[11] = 0x00;
1125 buf += 12;
1126 /* MSF */
1127 lba_to_msf(buf, lba);
1128 buf[3] = 0x01; /* mode 1 data */
1129 buf += 4;
1130 /* data */
1131 buf += 2048;
1132 /* XXX: ECC not computed */
1133 memset(buf, 0, 288);
1136 static int cd_read_sector(BlockDriverState *bs, int lba, uint8_t *buf,
1137 int sector_size)
1139 int ret;
1141 switch(sector_size) {
1142 case 2048:
1143 ret = bdrv_read(bs, (int64_t)lba << 2, buf, 4);
1144 break;
1145 case 2352:
1146 ret = bdrv_read(bs, (int64_t)lba << 2, buf + 16, 4);
1147 if (ret < 0)
1148 return ret;
1149 cd_data_to_raw(buf, lba);
1150 break;
1151 default:
1152 ret = -EIO;
1153 break;
1155 return ret;
1158 static void ide_atapi_io_error(IDEState *s, int ret)
1160 /* XXX: handle more errors */
1161 if (ret == -ENOMEDIUM) {
1162 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1163 ASC_MEDIUM_NOT_PRESENT);
1164 } else {
1165 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1166 ASC_LOGICAL_BLOCK_OOR);
1170 /* The whole ATAPI transfer logic is handled in this function */
1171 static void ide_atapi_cmd_reply_end(IDEState *s)
1173 int byte_count_limit, size, ret;
1174 #ifdef DEBUG_IDE_ATAPI
1175 printf("reply: tx_size=%d elem_tx_size=%d index=%d\n",
1176 s->packet_transfer_size,
1177 s->elementary_transfer_size,
1178 s->io_buffer_index);
1179 #endif
1180 if (s->packet_transfer_size <= 0) {
1181 /* end of transfer */
1182 ide_transfer_stop(s);
1183 s->status = READY_STAT;
1184 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
1185 ide_set_irq(s);
1186 #ifdef DEBUG_IDE_ATAPI
1187 printf("status=0x%x\n", s->status);
1188 #endif
1189 } else {
1190 /* see if a new sector must be read */
1191 if (s->lba != -1 && s->io_buffer_index >= s->cd_sector_size) {
1192 ret = cd_read_sector(s->bs, s->lba, s->io_buffer, s->cd_sector_size);
1193 if (ret < 0) {
1194 ide_transfer_stop(s);
1195 ide_atapi_io_error(s, ret);
1196 return;
1198 s->lba++;
1199 s->io_buffer_index = 0;
1201 if (s->elementary_transfer_size > 0) {
1202 /* there are some data left to transmit in this elementary
1203 transfer */
1204 size = s->cd_sector_size - s->io_buffer_index;
1205 if (size > s->elementary_transfer_size)
1206 size = s->elementary_transfer_size;
1207 ide_transfer_start(s, s->io_buffer + s->io_buffer_index,
1208 size, ide_atapi_cmd_reply_end);
1209 s->packet_transfer_size -= size;
1210 s->elementary_transfer_size -= size;
1211 s->io_buffer_index += size;
1212 } else {
1213 /* a new transfer is needed */
1214 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO;
1215 byte_count_limit = s->lcyl | (s->hcyl << 8);
1216 #ifdef DEBUG_IDE_ATAPI
1217 printf("byte_count_limit=%d\n", byte_count_limit);
1218 #endif
1219 if (byte_count_limit == 0xffff)
1220 byte_count_limit--;
1221 size = s->packet_transfer_size;
1222 if (size > byte_count_limit) {
1223 /* byte count limit must be even if this case */
1224 if (byte_count_limit & 1)
1225 byte_count_limit--;
1226 size = byte_count_limit;
1228 s->lcyl = size;
1229 s->hcyl = size >> 8;
1230 s->elementary_transfer_size = size;
1231 /* we cannot transmit more than one sector at a time */
1232 if (s->lba != -1) {
1233 if (size > (s->cd_sector_size - s->io_buffer_index))
1234 size = (s->cd_sector_size - s->io_buffer_index);
1236 ide_transfer_start(s, s->io_buffer + s->io_buffer_index,
1237 size, ide_atapi_cmd_reply_end);
1238 s->packet_transfer_size -= size;
1239 s->elementary_transfer_size -= size;
1240 s->io_buffer_index += size;
1241 ide_set_irq(s);
1242 #ifdef DEBUG_IDE_ATAPI
1243 printf("status=0x%x\n", s->status);
1244 #endif
1249 /* send a reply of 'size' bytes in s->io_buffer to an ATAPI command */
1250 static void ide_atapi_cmd_reply(IDEState *s, int size, int max_size)
1252 if (size > max_size)
1253 size = max_size;
1254 s->lba = -1; /* no sector read */
1255 s->packet_transfer_size = size;
1256 s->io_buffer_size = size; /* dma: send the reply data as one chunk */
1257 s->elementary_transfer_size = 0;
1258 s->io_buffer_index = 0;
1260 if (s->atapi_dma) {
1261 s->status = READY_STAT | DRQ_STAT;
1262 ide_dma_start(s, ide_atapi_cmd_read_dma_cb);
1263 } else {
1264 s->status = READY_STAT;
1265 ide_atapi_cmd_reply_end(s);
1269 /* start a CD-CDROM read command */
1270 static void ide_atapi_cmd_read_pio(IDEState *s, int lba, int nb_sectors,
1271 int sector_size)
1273 s->lba = lba;
1274 s->packet_transfer_size = nb_sectors * sector_size;
1275 s->elementary_transfer_size = 0;
1276 s->io_buffer_index = sector_size;
1277 s->cd_sector_size = sector_size;
1279 s->status = READY_STAT;
1280 ide_atapi_cmd_reply_end(s);
1283 /* ATAPI DMA support */
1285 /* XXX: handle read errors */
1286 static void ide_atapi_cmd_read_dma_cb(void *opaque, int ret)
1288 BMDMAState *bm = opaque;
1289 IDEState *s = bm->ide_if;
1290 int data_offset, n;
1292 if (ret < 0) {
1293 ide_atapi_io_error(s, ret);
1294 goto eot;
1297 if (s->io_buffer_size > 0) {
1298 /*
1299 * For a cdrom read sector command (s->lba != -1),
1300 * adjust the lba for the next s->io_buffer_size chunk
1301 * and dma the current chunk.
1302 * For a command != read (s->lba == -1), just transfer
1303 * the reply data.
1304 */
1305 if (s->lba != -1) {
1306 if (s->cd_sector_size == 2352) {
1307 n = 1;
1308 cd_data_to_raw(s->io_buffer, s->lba);
1309 } else {
1310 n = s->io_buffer_size >> 11;
1312 s->lba += n;
1314 s->packet_transfer_size -= s->io_buffer_size;
1315 if (dma_buf_rw(bm, 1) == 0)
1316 goto eot;
1319 if (s->packet_transfer_size <= 0) {
1320 s->status = READY_STAT;
1321 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
1322 ide_set_irq(s);
1323 eot:
1324 bm->status &= ~BM_STATUS_DMAING;
1325 bm->status |= BM_STATUS_INT;
1326 bm->dma_cb = NULL;
1327 bm->ide_if = NULL;
1328 bm->aiocb = NULL;
1329 return;
1332 s->io_buffer_index = 0;
1333 if (s->cd_sector_size == 2352) {
1334 n = 1;
1335 s->io_buffer_size = s->cd_sector_size;
1336 data_offset = 16;
1337 } else {
1338 n = s->packet_transfer_size >> 11;
1339 if (n > (MAX_MULT_SECTORS / 4))
1340 n = (MAX_MULT_SECTORS / 4);
1341 s->io_buffer_size = n * 2048;
1342 data_offset = 0;
1344 #ifdef DEBUG_AIO
1345 printf("aio_read_cd: lba=%u n=%d\n", s->lba, n);
1346 #endif
1347 bm->aiocb = bdrv_aio_read(s->bs, (int64_t)s->lba << 2,
1348 s->io_buffer + data_offset, n * 4,
1349 ide_atapi_cmd_read_dma_cb, bm);
1350 if (!bm->aiocb) {
1351 /* Note: media not present is the most likely case */
1352 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1353 ASC_MEDIUM_NOT_PRESENT);
1354 goto eot;
1358 /* start a CD-CDROM read command with DMA */
1359 /* XXX: test if DMA is available */
1360 static void ide_atapi_cmd_read_dma(IDEState *s, int lba, int nb_sectors,
1361 int sector_size)
1363 s->lba = lba;
1364 s->packet_transfer_size = nb_sectors * sector_size;
1365 s->io_buffer_index = 0;
1366 s->io_buffer_size = 0;
1367 s->cd_sector_size = sector_size;
1369 /* XXX: check if BUSY_STAT should be set */
1370 s->status = READY_STAT | DRQ_STAT | BUSY_STAT;
1371 ide_dma_start(s, ide_atapi_cmd_read_dma_cb);
1374 static void ide_atapi_cmd_read(IDEState *s, int lba, int nb_sectors,
1375 int sector_size)
1377 #ifdef DEBUG_IDE_ATAPI
1378 printf("read %s: LBA=%d nb_sectors=%d\n", s->atapi_dma ? "dma" : "pio",
1379 lba, nb_sectors);
1380 #endif
1381 if (s->atapi_dma) {
1382 ide_atapi_cmd_read_dma(s, lba, nb_sectors, sector_size);
1383 } else {
1384 ide_atapi_cmd_read_pio(s, lba, nb_sectors, sector_size);
1388 static void ide_atapi_cmd(IDEState *s)
1390 const uint8_t *packet;
1391 uint8_t *buf;
1392 int max_len;
1394 packet = s->io_buffer;
1395 buf = s->io_buffer;
1396 #ifdef DEBUG_IDE_ATAPI
1398 int i;
1399 printf("ATAPI limit=0x%x packet:", s->lcyl | (s->hcyl << 8));
1400 for(i = 0; i < ATAPI_PACKET_SIZE; i++) {
1401 printf(" %02x", packet[i]);
1403 printf("\n");
1405 #endif
1406 switch(s->io_buffer[0]) {
1407 case GPCMD_TEST_UNIT_READY:
1408 if (bdrv_is_inserted(s->bs)) {
1409 ide_atapi_cmd_ok(s);
1410 } else {
1411 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1412 ASC_MEDIUM_NOT_PRESENT);
1413 xenstore_check_new_media_present(1000);
1415 break;
1416 case GPCMD_MODE_SENSE_10:
1418 int action, code;
1419 max_len = ube16_to_cpu(packet + 7);
1420 action = packet[2] >> 6;
1421 code = packet[2] & 0x3f;
1422 switch(action) {
1423 case 0: /* current values */
1424 switch(code) {
1425 case 0x01: /* error recovery */
1426 cpu_to_ube16(&buf[0], 16 + 6);
1427 buf[2] = 0x70;
1428 buf[3] = 0;
1429 buf[4] = 0;
1430 buf[5] = 0;
1431 buf[6] = 0;
1432 buf[7] = 0;
1434 buf[8] = 0x01;
1435 buf[9] = 0x06;
1436 buf[10] = 0x00;
1437 buf[11] = 0x05;
1438 buf[12] = 0x00;
1439 buf[13] = 0x00;
1440 buf[14] = 0x00;
1441 buf[15] = 0x00;
1442 ide_atapi_cmd_reply(s, 16, max_len);
1443 break;
1444 case 0x2a:
1445 cpu_to_ube16(&buf[0], 28 + 6);
1446 buf[2] = 0x70;
1447 buf[3] = 0;
1448 buf[4] = 0;
1449 buf[5] = 0;
1450 buf[6] = 0;
1451 buf[7] = 0;
1453 buf[8] = 0x2a;
1454 buf[9] = 0x12;
1455 buf[10] = 0x00;
1456 buf[11] = 0x00;
1458 buf[12] = 0x70;
1459 buf[13] = 3 << 5;
1460 buf[14] = (1 << 0) | (1 << 3) | (1 << 5);
1461 if (bdrv_is_locked(s->bs))
1462 buf[6] |= 1 << 1;
1463 buf[15] = 0x00;
1464 cpu_to_ube16(&buf[16], 706);
1465 buf[18] = 0;
1466 buf[19] = 2;
1467 cpu_to_ube16(&buf[20], 512);
1468 cpu_to_ube16(&buf[22], 706);
1469 buf[24] = 0;
1470 buf[25] = 0;
1471 buf[26] = 0;
1472 buf[27] = 0;
1473 ide_atapi_cmd_reply(s, 28, max_len);
1474 break;
1475 default:
1476 goto error_cmd;
1478 break;
1479 case 1: /* changeable values */
1480 goto error_cmd;
1481 case 2: /* default values */
1482 goto error_cmd;
1483 default:
1484 case 3: /* saved values */
1485 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1486 ASC_SAVING_PARAMETERS_NOT_SUPPORTED);
1487 break;
1490 break;
1491 case GPCMD_REQUEST_SENSE:
1492 max_len = packet[4];
1493 memset(buf, 0, 18);
1494 buf[0] = 0x70 | (1 << 7);
1495 buf[2] = s->sense_key;
1496 buf[7] = 10;
1497 buf[12] = s->asc;
1498 ide_atapi_cmd_reply(s, 18, max_len);
1499 break;
1500 case GPCMD_PREVENT_ALLOW_MEDIUM_REMOVAL:
1501 if (bdrv_is_inserted(s->bs)) {
1502 bdrv_set_locked(s->bs, packet[4] & 1);
1503 ide_atapi_cmd_ok(s);
1504 } else {
1505 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1506 ASC_MEDIUM_NOT_PRESENT);
1508 break;
1509 case GPCMD_READ_10:
1510 case GPCMD_READ_12:
1512 int nb_sectors, lba;
1514 if (packet[0] == GPCMD_READ_10)
1515 nb_sectors = ube16_to_cpu(packet + 7);
1516 else
1517 nb_sectors = ube32_to_cpu(packet + 6);
1518 lba = ube32_to_cpu(packet + 2);
1519 if (nb_sectors == 0) {
1520 ide_atapi_cmd_ok(s);
1521 break;
1523 ide_atapi_cmd_read(s, lba, nb_sectors, 2048);
1525 break;
1526 case GPCMD_READ_CD:
1528 int nb_sectors, lba, transfer_request;
1530 nb_sectors = (packet[6] << 16) | (packet[7] << 8) | packet[8];
1531 lba = ube32_to_cpu(packet + 2);
1532 if (nb_sectors == 0) {
1533 ide_atapi_cmd_ok(s);
1534 break;
1536 transfer_request = packet[9];
1537 switch(transfer_request & 0xf8) {
1538 case 0x00:
1539 /* nothing */
1540 ide_atapi_cmd_ok(s);
1541 break;
1542 case 0x10:
1543 /* normal read */
1544 ide_atapi_cmd_read(s, lba, nb_sectors, 2048);
1545 break;
1546 case 0xf8:
1547 /* read all data */
1548 ide_atapi_cmd_read(s, lba, nb_sectors, 2352);
1549 break;
1550 default:
1551 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1552 ASC_INV_FIELD_IN_CMD_PACKET);
1553 break;
1556 break;
1557 case GPCMD_SEEK:
1559 int lba;
1560 int64_t total_sectors;
1562 bdrv_get_geometry(s->bs, &total_sectors);
1563 total_sectors >>= 2;
1564 if (total_sectors <= 0) {
1565 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1566 ASC_MEDIUM_NOT_PRESENT);
1567 break;
1569 lba = ube32_to_cpu(packet + 2);
1570 if (lba >= total_sectors) {
1571 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1572 ASC_LOGICAL_BLOCK_OOR);
1573 break;
1575 ide_atapi_cmd_ok(s);
1577 break;
1578 case GPCMD_START_STOP_UNIT:
1580 int start, eject;
1581 start = packet[4] & 1;
1582 eject = (packet[4] >> 1) & 1;
1584 if (eject && !start) {
1585 /* eject the disk */
1586 bdrv_eject(s->bs, 1);
1587 } else if (eject && start) {
1588 /* close the tray */
1589 bdrv_eject(s->bs, 0);
1591 ide_atapi_cmd_ok(s);
1593 break;
1594 case GPCMD_MECHANISM_STATUS:
1596 max_len = ube16_to_cpu(packet + 8);
1597 cpu_to_ube16(buf, 0);
1598 /* no current LBA */
1599 buf[2] = 0;
1600 buf[3] = 0;
1601 buf[4] = 0;
1602 buf[5] = 1;
1603 cpu_to_ube16(buf + 6, 0);
1604 ide_atapi_cmd_reply(s, 8, max_len);
1606 break;
1607 case GPCMD_READ_TOC_PMA_ATIP:
1609 int format, msf, start_track, len;
1610 int64_t total_sectors;
1612 bdrv_get_geometry(s->bs, &total_sectors);
1613 total_sectors >>= 2;
1614 if (total_sectors <= 0) {
1615 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1616 ASC_MEDIUM_NOT_PRESENT);
1617 break;
1619 max_len = ube16_to_cpu(packet + 7);
1620 format = packet[9] >> 6;
1621 msf = (packet[1] >> 1) & 1;
1622 start_track = packet[6];
1623 switch(format) {
1624 case 0:
1625 len = cdrom_read_toc(total_sectors, buf, msf, start_track);
1626 if (len < 0)
1627 goto error_cmd;
1628 ide_atapi_cmd_reply(s, len, max_len);
1629 break;
1630 case 1:
1631 /* multi session : only a single session defined */
1632 memset(buf, 0, 12);
1633 buf[1] = 0x0a;
1634 buf[2] = 0x01;
1635 buf[3] = 0x01;
1636 ide_atapi_cmd_reply(s, 12, max_len);
1637 break;
1638 case 2:
1639 len = cdrom_read_toc_raw(total_sectors, buf, msf, start_track);
1640 if (len < 0)
1641 goto error_cmd;
1642 ide_atapi_cmd_reply(s, len, max_len);
1643 break;
1644 default:
1645 error_cmd:
1646 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1647 ASC_INV_FIELD_IN_CMD_PACKET);
1648 break;
1651 break;
1652 case GPCMD_READ_CDVD_CAPACITY:
1654 int64_t total_sectors;
1656 bdrv_get_geometry(s->bs, &total_sectors);
1657 total_sectors >>= 2;
1658 if (total_sectors <= 0) {
1659 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1660 ASC_MEDIUM_NOT_PRESENT);
1661 break;
1663 /* NOTE: it is really the number of sectors minus 1 */
1664 cpu_to_ube32(buf, total_sectors - 1);
1665 cpu_to_ube32(buf + 4, 2048);
1666 ide_atapi_cmd_reply(s, 8, 8);
1668 break;
1669 case GPCMD_INQUIRY:
1670 max_len = packet[4];
1671 buf[0] = 0x05; /* CD-ROM */
1672 buf[1] = 0x80; /* removable */
1673 buf[2] = 0x00; /* ISO */
1674 buf[3] = 0x21; /* ATAPI-2 (XXX: put ATAPI-4 ?) */
1675 buf[4] = 31; /* additionnal length */
1676 buf[5] = 0; /* reserved */
1677 buf[6] = 0; /* reserved */
1678 buf[7] = 0; /* reserved */
1679 padstr8(buf + 8, 8, "QEMU");
1680 padstr8(buf + 16, 16, "QEMU CD-ROM");
1681 padstr8(buf + 32, 4, QEMU_VERSION);
1682 ide_atapi_cmd_reply(s, 36, max_len);
1683 break;
1684 default:
1685 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1686 ASC_ILLEGAL_OPCODE);
1687 break;
1691 /* called when the inserted state of the media has changed */
1692 static void cdrom_change_cb(void *opaque)
1694 IDEState *s = opaque;
1695 int64_t nb_sectors;
1697 /* XXX: send interrupt too */
1698 bdrv_get_geometry(s->bs, &nb_sectors);
1699 s->nb_sectors = nb_sectors;
1702 static void ide_cmd_lba48_transform(IDEState *s, int lba48)
1704 s->lba48 = lba48;
1706 /* handle the 'magic' 0 nsector count conversion here. to avoid
1707 * fiddling with the rest of the read logic, we just store the
1708 * full sector count in ->nsector and ignore ->hob_nsector from now
1709 */
1710 if (!s->lba48) {
1711 if (!s->nsector)
1712 s->nsector = 256;
1713 } else {
1714 if (!s->nsector && !s->hob_nsector)
1715 s->nsector = 65536;
1716 else {
1717 int lo = s->nsector;
1718 int hi = s->hob_nsector;
1720 s->nsector = (hi << 8) | lo;
1725 static void ide_clear_hob(IDEState *ide_if)
1727 /* any write clears HOB high bit of device control register */
1728 ide_if[0].select &= ~(1 << 7);
1729 ide_if[1].select &= ~(1 << 7);
1732 static void ide_ioport_write(void *opaque, uint32_t addr, uint32_t val)
1734 IDEState *ide_if = opaque;
1735 IDEState *s;
1736 int unit, n;
1737 int lba48 = 0;
1739 #ifdef DEBUG_IDE
1740 printf("IDE: write addr=0x%x val=0x%02x\n", addr, val);
1741 #endif
1743 addr &= 7;
1744 switch(addr) {
1745 case 0:
1746 break;
1747 case 1:
1748 ide_clear_hob(ide_if);
1749 /* NOTE: data is written to the two drives */
1750 ide_if[0].hob_feature = ide_if[0].feature;
1751 ide_if[1].hob_feature = ide_if[1].feature;
1752 ide_if[0].feature = val;
1753 ide_if[1].feature = val;
1754 break;
1755 case 2:
1756 ide_clear_hob(ide_if);
1757 ide_if[0].hob_nsector = ide_if[0].nsector;
1758 ide_if[1].hob_nsector = ide_if[1].nsector;
1759 ide_if[0].nsector = val;
1760 ide_if[1].nsector = val;
1761 break;
1762 case 3:
1763 ide_clear_hob(ide_if);
1764 ide_if[0].hob_sector = ide_if[0].sector;
1765 ide_if[1].hob_sector = ide_if[1].sector;
1766 ide_if[0].sector = val;
1767 ide_if[1].sector = val;
1768 break;
1769 case 4:
1770 ide_clear_hob(ide_if);
1771 ide_if[0].hob_lcyl = ide_if[0].lcyl;
1772 ide_if[1].hob_lcyl = ide_if[1].lcyl;
1773 ide_if[0].lcyl = val;
1774 ide_if[1].lcyl = val;
1775 break;
1776 case 5:
1777 ide_clear_hob(ide_if);
1778 ide_if[0].hob_hcyl = ide_if[0].hcyl;
1779 ide_if[1].hob_hcyl = ide_if[1].hcyl;
1780 ide_if[0].hcyl = val;
1781 ide_if[1].hcyl = val;
1782 break;
1783 case 6:
1784 /* FIXME: HOB readback uses bit 7 */
1785 ide_if[0].select = (val & ~0x10) | 0xa0;
1786 ide_if[1].select = (val | 0x10) | 0xa0;
1787 /* select drive */
1788 buffered_pio_reset(ide_if->cur_drive);
1789 unit = (val >> 4) & 1;
1790 s = ide_if + unit;
1791 ide_if->cur_drive = s;
1792 break;
1793 default:
1794 case 7:
1795 /* command */
1796 #if defined(DEBUG_IDE)
1797 printf("ide: CMD=%02x\n", val);
1798 #endif
1799 s = ide_if->cur_drive;
1800 /* ignore commands to non existant slave */
1801 if (s != ide_if && !s->bs)
1802 break;
1804 switch(val) {
1805 case WIN_IDENTIFY:
1806 if (s->bs && !s->is_cdrom) {
1807 ide_identify(s);
1808 s->status = READY_STAT | SEEK_STAT;
1809 ide_transfer_start(s, s->io_buffer, 512, ide_transfer_stop);
1810 } else {
1811 if (s->is_cdrom) {
1812 ide_set_signature(s);
1814 ide_abort_command(s);
1816 ide_set_irq(s);
1817 break;
1818 case WIN_SPECIFY:
1819 case WIN_RECAL:
1820 s->error = 0;
1821 s->status = READY_STAT | SEEK_STAT;
1822 ide_set_irq(s);
1823 break;
1824 case WIN_SETMULT:
1825 if (s->nsector > MAX_MULT_SECTORS ||
1826 (s->nsector & (s->nsector - 1)) != 0) {
1827 ide_abort_command(s);
1828 } else {
1829 s->mult_sectors = s->nsector;
1830 s->status = READY_STAT;
1832 ide_set_irq(s);
1833 break;
1834 case WIN_VERIFY_EXT:
1835 lba48 = 1;
1836 case WIN_VERIFY:
1837 case WIN_VERIFY_ONCE:
1838 /* do sector number check ? */
1839 ide_cmd_lba48_transform(s, lba48);
1840 s->status = READY_STAT;
1841 ide_set_irq(s);
1842 break;
1843 case WIN_READ_EXT:
1844 lba48 = 1;
1845 case WIN_READ:
1846 case WIN_READ_ONCE:
1847 if (!s->bs)
1848 goto abort_cmd;
1849 ide_cmd_lba48_transform(s, lba48);
1850 s->req_nb_sectors = 1;
1851 ide_sector_read(s);
1852 break;
1853 case WIN_WRITE_EXT:
1854 lba48 = 1;
1855 case WIN_WRITE:
1856 case WIN_WRITE_ONCE:
1857 ide_cmd_lba48_transform(s, lba48);
1858 s->error = 0;
1859 s->status = SEEK_STAT | READY_STAT;
1860 s->req_nb_sectors = 1;
1861 ide_transfer_start(s, s->io_buffer, 512, ide_sector_write);
1862 break;
1863 case WIN_MULTREAD_EXT:
1864 lba48 = 1;
1865 case WIN_MULTREAD:
1866 if (!s->mult_sectors)
1867 goto abort_cmd;
1868 ide_cmd_lba48_transform(s, lba48);
1869 s->req_nb_sectors = s->mult_sectors;
1870 ide_sector_read(s);
1871 break;
1872 case WIN_MULTWRITE_EXT:
1873 lba48 = 1;
1874 case WIN_MULTWRITE:
1875 if (!s->mult_sectors)
1876 goto abort_cmd;
1877 ide_cmd_lba48_transform(s, lba48);
1878 s->error = 0;
1879 s->status = SEEK_STAT | READY_STAT;
1880 s->req_nb_sectors = s->mult_sectors;
1881 n = s->nsector;
1882 if (n > s->req_nb_sectors)
1883 n = s->req_nb_sectors;
1884 ide_transfer_start(s, s->io_buffer, 512 * n, ide_sector_write);
1885 break;
1886 case WIN_READDMA_EXT:
1887 lba48 = 1;
1888 case WIN_READDMA:
1889 case WIN_READDMA_ONCE:
1890 if (!s->bs)
1891 goto abort_cmd;
1892 ide_cmd_lba48_transform(s, lba48);
1893 ide_sector_read_dma(s);
1894 break;
1895 case WIN_WRITEDMA_EXT:
1896 lba48 = 1;
1897 case WIN_WRITEDMA:
1898 case WIN_WRITEDMA_ONCE:
1899 if (!s->bs)
1900 goto abort_cmd;
1901 ide_cmd_lba48_transform(s, lba48);
1902 ide_sector_write_dma(s);
1903 break;
1904 case WIN_READ_NATIVE_MAX_EXT:
1905 lba48 = 1;
1906 case WIN_READ_NATIVE_MAX:
1907 ide_cmd_lba48_transform(s, lba48);
1908 ide_set_sector(s, s->nb_sectors - 1);
1909 s->status = READY_STAT;
1910 ide_set_irq(s);
1911 break;
1912 case WIN_CHECKPOWERMODE1:
1913 s->nsector = 0xff; /* device active or idle */
1914 s->status = READY_STAT;
1915 ide_set_irq(s);
1916 break;
1917 case WIN_SETFEATURES:
1918 if (!s->bs)
1919 goto abort_cmd;
1920 /* XXX: valid for CDROM ? */
1921 switch(s->feature) {
1922 case 0x02: /* write cache enable */
1923 s->write_cache = 1;
1924 s->status = READY_STAT | SEEK_STAT;
1925 ide_set_irq(s);
1926 break;
1927 case 0x82: /* write cache disable */
1928 s->write_cache = 0;
1929 s->status = READY_STAT | SEEK_STAT;
1930 ide_set_irq(s);
1931 break;
1932 case 0xaa: /* read look-ahead enable */
1933 case 0x55: /* read look-ahead disable */
1934 case 0x42: /* EN_AAM: enable Automatic Acoustic Mode */
1935 case 0xc2: /* DIS_AAM: disable Automatic Acoustic Mode */
1936 case 0x85: /* DIS_APM: disable APM */
1937 s->status = READY_STAT | SEEK_STAT;
1938 ide_set_irq(s);
1939 break;
1940 case 0x03: { /* set transfer mode */
1941 uint8_t val = s->nsector & 0x07;
1943 switch (s->nsector >> 3) {
1944 case 0x00: /* pio default */
1945 case 0x01: /* pio mode */
1946 put_le16(s->identify_data + 63,0x07);
1947 put_le16(s->identify_data + 88,0x3f);
1948 break;
1949 case 0x04: /* mdma mode */
1950 put_le16(s->identify_data + 63,0x07 | (1 << (val + 8)));
1951 put_le16(s->identify_data + 88,0x3f);
1952 break;
1953 case 0x08: /* udma mode */
1954 put_le16(s->identify_data + 63,0x07);
1955 put_le16(s->identify_data + 88,0x3f | (1 << (val + 8)));
1956 break;
1957 default:
1958 goto abort_cmd;
1960 s->status = READY_STAT | SEEK_STAT;
1961 ide_set_irq(s);
1962 break;
1964 default:
1965 goto abort_cmd;
1967 break;
1968 case WIN_FLUSH_CACHE:
1969 case WIN_FLUSH_CACHE_EXT:
1970 if (s->bs)
1971 bdrv_flush(s->bs);
1972 s->status = READY_STAT;
1973 ide_set_irq(s);
1974 break;
1975 case WIN_IDLEIMMEDIATE:
1976 case WIN_STANDBY:
1977 case WIN_SETIDLE1:
1978 case WIN_STANDBYNOW1:
1979 case WIN_SLEEPNOW1:
1980 case WIN_STANDBY2:
1981 case WIN_SETIDLE2:
1982 case WIN_STANDBYNOW2:
1983 case WIN_SLEEPNOW2:
1984 s->status = READY_STAT;
1985 ide_set_irq(s);
1986 break;
1987 /* ATAPI commands */
1988 case WIN_PIDENTIFY:
1989 if (s->is_cdrom) {
1990 ide_atapi_identify(s);
1991 s->status = READY_STAT | SEEK_STAT;
1992 ide_transfer_start(s, s->io_buffer, 512, ide_transfer_stop);
1993 } else {
1994 ide_abort_command(s);
1996 ide_set_irq(s);
1997 break;
1998 case WIN_DIAGNOSE:
1999 ide_set_signature(s);
2000 s->status = 0x00; /* NOTE: READY is _not_ set */
2001 s->error = 0x01;
2002 break;
2003 case WIN_SRST:
2004 if (!s->is_cdrom)
2005 goto abort_cmd;
2006 ide_set_signature(s);
2007 s->status = 0x00; /* NOTE: READY is _not_ set */
2008 s->error = 0x01;
2009 break;
2010 case WIN_PACKETCMD:
2011 if (!s->is_cdrom)
2012 goto abort_cmd;
2013 /* overlapping commands not supported */
2014 if (s->feature & 0x02)
2015 goto abort_cmd;
2016 s->status = READY_STAT;
2017 s->atapi_dma = s->feature & 1;
2018 s->nsector = 1;
2019 ide_transfer_start(s, s->io_buffer, ATAPI_PACKET_SIZE,
2020 ide_atapi_cmd);
2021 break;
2022 default:
2023 abort_cmd:
2024 ide_abort_command(s);
2025 ide_set_irq(s);
2026 break;
2031 static uint32_t ide_ioport_read(void *opaque, uint32_t addr1)
2033 IDEState *ide_if = opaque;
2034 IDEState *s = ide_if->cur_drive;
2035 uint32_t addr;
2036 int ret, hob;
2038 addr = addr1 & 7;
2039 /* FIXME: HOB readback uses bit 7, but it's always set right now */
2040 //hob = s->select & (1 << 7);
2041 hob = 0;
2042 switch(addr) {
2043 case 0:
2044 ret = 0xff;
2045 break;
2046 case 1:
2047 if (!ide_if[0].bs && !ide_if[1].bs)
2048 ret = 0;
2049 else if (!hob)
2050 ret = s->error;
2051 else
2052 ret = s->hob_feature;
2053 break;
2054 case 2:
2055 if (!ide_if[0].bs && !ide_if[1].bs)
2056 ret = 0;
2057 else if (!hob)
2058 ret = s->nsector & 0xff;
2059 else
2060 ret = s->hob_nsector;
2061 break;
2062 case 3:
2063 if (!ide_if[0].bs && !ide_if[1].bs)
2064 ret = 0;
2065 else if (!hob)
2066 ret = s->sector;
2067 else
2068 ret = s->hob_sector;
2069 break;
2070 case 4:
2071 if (!ide_if[0].bs && !ide_if[1].bs)
2072 ret = 0;
2073 else if (!hob)
2074 ret = s->lcyl;
2075 else
2076 ret = s->hob_lcyl;
2077 break;
2078 case 5:
2079 if (!ide_if[0].bs && !ide_if[1].bs)
2080 ret = 0;
2081 else if (!hob)
2082 ret = s->hcyl;
2083 else
2084 ret = s->hob_hcyl;
2085 break;
2086 case 6:
2087 if (!ide_if[0].bs && !ide_if[1].bs)
2088 ret = 0;
2089 else
2090 ret = s->select;
2091 break;
2092 default:
2093 case 7:
2094 if ((!ide_if[0].bs && !ide_if[1].bs) ||
2095 (s != ide_if && !s->bs))
2096 ret = 0;
2097 else
2098 ret = s->status;
2099 s->set_irq(s->irq_opaque, s->irq, 0);
2100 break;
2102 #ifdef DEBUG_IDE
2103 printf("ide: read addr=0x%x val=%02x\n", addr1, ret);
2104 #endif
2105 return ret;
2108 static uint32_t ide_status_read(void *opaque, uint32_t addr)
2110 IDEState *ide_if = opaque;
2111 IDEState *s = ide_if->cur_drive;
2112 int ret;
2114 if ((!ide_if[0].bs && !ide_if[1].bs) ||
2115 (s != ide_if && !s->bs))
2116 ret = 0;
2117 else
2118 ret = s->status;
2119 #ifdef DEBUG_IDE
2120 printf("ide: read status addr=0x%x val=%02x\n", addr, ret);
2121 #endif
2122 return ret;
2125 static void ide_cmd_write(void *opaque, uint32_t addr, uint32_t val)
2127 IDEState *ide_if = opaque;
2128 IDEState *s;
2129 int i;
2131 #ifdef DEBUG_IDE
2132 printf("ide: write control addr=0x%x val=%02x\n", addr, val);
2133 #endif
2134 /* common for both drives */
2135 if (!(ide_if[0].cmd & IDE_CMD_RESET) &&
2136 (val & IDE_CMD_RESET)) {
2137 /* reset low to high */
2138 for(i = 0;i < 2; i++) {
2139 s = &ide_if[i];
2140 s->status = BUSY_STAT | SEEK_STAT;
2141 s->error = 0x01;
2143 } else if ((ide_if[0].cmd & IDE_CMD_RESET) &&
2144 !(val & IDE_CMD_RESET)) {
2145 /* high to low */
2146 for(i = 0;i < 2; i++) {
2147 s = &ide_if[i];
2148 if (s->is_cdrom)
2149 s->status = 0x00; /* NOTE: READY is _not_ set */
2150 else
2151 s->status = READY_STAT | SEEK_STAT;
2152 ide_set_signature(s);
2156 ide_if[0].cmd = val;
2157 ide_if[1].cmd = val;
2160 static void ide_data_writew(void *opaque, uint32_t addr, uint32_t val)
2162 IDEState *s = ((IDEState *)opaque)->cur_drive;
2163 uint8_t *p;
2165 buffered_pio_write(s, addr, 2);
2166 p = s->data_ptr;
2167 *(uint16_t *)p = le16_to_cpu(val);
2168 p += 2;
2169 s->data_ptr = p;
2170 if (p >= s->data_end)
2171 s->end_transfer_func(s);
2174 static uint32_t ide_data_readw(void *opaque, uint32_t addr)
2176 IDEState *s = ((IDEState *)opaque)->cur_drive;
2177 uint8_t *p;
2178 int ret;
2180 buffered_pio_read(s, addr, 2);
2181 p = s->data_ptr;
2182 ret = cpu_to_le16(*(uint16_t *)p);
2183 p += 2;
2184 s->data_ptr = p;
2185 if (p >= s->data_end)
2186 s->end_transfer_func(s);
2187 return ret;
2190 static void ide_data_writel(void *opaque, uint32_t addr, uint32_t val)
2192 IDEState *s = ((IDEState *)opaque)->cur_drive;
2193 uint8_t *p;
2195 buffered_pio_write(s, addr, 4);
2196 p = s->data_ptr;
2197 *(uint32_t *)p = le32_to_cpu(val);
2198 p += 4;
2199 s->data_ptr = p;
2200 if (p >= s->data_end)
2201 s->end_transfer_func(s);
2204 static uint32_t ide_data_readl(void *opaque, uint32_t addr)
2206 IDEState *s = ((IDEState *)opaque)->cur_drive;
2207 uint8_t *p;
2208 int ret;
2210 buffered_pio_read(s, addr, 4);
2211 p = s->data_ptr;
2212 ret = cpu_to_le32(*(uint32_t *)p);
2213 p += 4;
2214 s->data_ptr = p;
2215 if (p >= s->data_end)
2216 s->end_transfer_func(s);
2217 return ret;
2220 static void ide_dummy_transfer_stop(IDEState *s)
2222 s->data_ptr = s->io_buffer;
2223 s->data_end = s->io_buffer;
2224 s->io_buffer[0] = 0xff;
2225 s->io_buffer[1] = 0xff;
2226 s->io_buffer[2] = 0xff;
2227 s->io_buffer[3] = 0xff;
2230 static void ide_reset(IDEState *s)
2232 s->mult_sectors = MAX_MULT_SECTORS;
2233 s->cur_drive = s;
2234 s->select = 0xa0;
2235 s->status = READY_STAT;
2236 ide_set_signature(s);
2237 /* init the transfer handler so that 0xffff is returned on data
2238 accesses */
2239 s->end_transfer_func = ide_dummy_transfer_stop;
2240 ide_dummy_transfer_stop(s);
2243 struct partition {
2244 uint8_t boot_ind; /* 0x80 - active */
2245 uint8_t head; /* starting head */
2246 uint8_t sector; /* starting sector */
2247 uint8_t cyl; /* starting cylinder */
2248 uint8_t sys_ind; /* What partition type */
2249 uint8_t end_head; /* end head */
2250 uint8_t end_sector; /* end sector */
2251 uint8_t end_cyl; /* end cylinder */
2252 uint32_t start_sect; /* starting sector counting from 0 */
2253 uint32_t nr_sects; /* nr of sectors in partition */
2254 } __attribute__((packed));
2256 /* try to guess the disk logical geometry from the MSDOS partition table. Return 0 if OK, -1 if could not guess */
2257 static int guess_disk_lchs(IDEState *s,
2258 int *pcylinders, int *pheads, int *psectors)
2260 uint8_t buf[512];
2261 int ret, i, heads, sectors, cylinders;
2262 struct partition *p;
2263 uint32_t nr_sects;
2265 ret = bdrv_read(s->bs, 0, buf, 1);
2266 if (ret < 0)
2267 return -1;
2268 /* test msdos magic */
2269 if (buf[510] != 0x55 || buf[511] != 0xaa)
2270 return -1;
2271 for(i = 0; i < 4; i++) {
2272 p = ((struct partition *)(buf + 0x1be)) + i;
2273 nr_sects = le32_to_cpu(p->nr_sects);
2274 if (nr_sects && p->end_head) {
2275 /* We make the assumption that the partition terminates on
2276 a cylinder boundary */
2277 heads = p->end_head + 1;
2278 sectors = p->end_sector & 63;
2279 if (sectors == 0)
2280 continue;
2281 cylinders = s->nb_sectors / (heads * sectors);
2282 if (cylinders < 1 || cylinders > 16383)
2283 continue;
2284 *pheads = heads;
2285 *psectors = sectors;
2286 *pcylinders = cylinders;
2287 #if 0
2288 printf("guessed geometry: LCHS=%d %d %d\n",
2289 cylinders, heads, sectors);
2290 #endif
2291 return 0;
2294 return -1;
2297 static void ide_init2(IDEState *ide_state,
2298 BlockDriverState *hd0, BlockDriverState *hd1,
2299 SetIRQFunc *set_irq, void *irq_opaque, int irq)
2301 IDEState *s;
2302 static int drive_serial = 1;
2303 int i, cylinders, heads, secs, translation, lba_detected = 0;
2304 int64_t nb_sectors;
2306 for(i = 0; i < 2; i++) {
2307 s = ide_state + i;
2308 s->io_buffer = qemu_memalign(getpagesize(), MAX_MULT_SECTORS*512 + 4);
2309 if (i == 0)
2310 s->bs = hd0;
2311 else
2312 s->bs = hd1;
2313 if (s->bs) {
2314 bdrv_get_geometry(s->bs, &nb_sectors);
2315 s->nb_sectors = nb_sectors;
2316 /* if a geometry hint is available, use it */
2317 bdrv_get_geometry_hint(s->bs, &cylinders, &heads, &secs);
2318 translation = bdrv_get_translation_hint(s->bs);
2319 if (cylinders != 0) {
2320 s->cylinders = cylinders;
2321 s->heads = heads;
2322 s->sectors = secs;
2323 } else {
2324 if (guess_disk_lchs(s, &cylinders, &heads, &secs) == 0) {
2325 if (heads > 16) {
2326 /* if heads > 16, it means that a BIOS LBA
2327 translation was active, so the default
2328 hardware geometry is OK */
2329 lba_detected = 1;
2330 goto default_geometry;
2331 } else {
2332 s->cylinders = cylinders;
2333 s->heads = heads;
2334 s->sectors = secs;
2335 /* disable any translation to be in sync with
2336 the logical geometry */
2337 if (translation == BIOS_ATA_TRANSLATION_AUTO) {
2338 bdrv_set_translation_hint(s->bs,
2339 BIOS_ATA_TRANSLATION_NONE);
2342 } else {
2343 default_geometry:
2344 /* if no geometry, use a standard physical disk geometry */
2345 cylinders = nb_sectors / (16 * 63);
2346 if (cylinders > 16383)
2347 cylinders = 16383;
2348 else if (cylinders < 2)
2349 cylinders = 2;
2350 s->cylinders = cylinders;
2351 s->heads = 16;
2352 s->sectors = 63;
2353 if ((lba_detected == 1) && (translation == BIOS_ATA_TRANSLATION_AUTO)) {
2354 if ((s->cylinders * s->heads) <= 131072) {
2355 bdrv_set_translation_hint(s->bs,
2356 BIOS_ATA_TRANSLATION_LARGE);
2357 } else {
2358 bdrv_set_translation_hint(s->bs,
2359 BIOS_ATA_TRANSLATION_LBA);
2363 bdrv_set_geometry_hint(s->bs, s->cylinders, s->heads, s->sectors);
2365 if (bdrv_get_type_hint(s->bs) == BDRV_TYPE_CDROM) {
2366 s->is_cdrom = 1;
2367 bdrv_set_change_cb(s->bs, cdrom_change_cb, s);
2370 s->drive_serial = drive_serial++;
2371 s->set_irq = set_irq;
2372 s->irq_opaque = irq_opaque;
2373 s->irq = irq;
2374 s->sector_write_timer = qemu_new_timer(vm_clock,
2375 ide_sector_write_timer_cb, s);
2376 s->write_cache = 0;
2377 ide_reset(s);
2381 static void ide_init_ioport(IDEState *ide_state, int iobase, int iobase2)
2383 register_ioport_write(iobase, 8, 1, ide_ioport_write, ide_state);
2384 register_ioport_read(iobase, 8, 1, ide_ioport_read, ide_state);
2385 if (iobase2) {
2386 register_ioport_read(iobase2, 1, 1, ide_status_read, ide_state);
2387 register_ioport_write(iobase2, 1, 1, ide_cmd_write, ide_state);
2390 /* data ports */
2391 register_ioport_write(iobase, 2, 2, ide_data_writew, ide_state);
2392 register_ioport_read(iobase, 2, 2, ide_data_readw, ide_state);
2393 register_ioport_write(iobase, 4, 4, ide_data_writel, ide_state);
2394 register_ioport_read(iobase, 4, 4, ide_data_readl, ide_state);
2397 /***********************************************************/
2398 /* ISA IDE definitions */
2400 void isa_ide_init(int iobase, int iobase2, int irq,
2401 BlockDriverState *hd0, BlockDriverState *hd1)
2403 IDEState *ide_state;
2405 ide_state = qemu_mallocz(sizeof(IDEState) * 2);
2406 if (!ide_state)
2407 return;
2409 ide_init2(ide_state, hd0, hd1, pic_set_irq_new, isa_pic, irq);
2410 ide_init_ioport(ide_state, iobase, iobase2);
2413 /***********************************************************/
2414 /* PCI IDE definitions */
2416 static void cmd646_update_irq(PCIIDEState *d);
2418 static void ide_map(PCIDevice *pci_dev, int region_num,
2419 uint32_t addr, uint32_t size, int type)
2421 PCIIDEState *d = (PCIIDEState *)pci_dev;
2422 IDEState *ide_state;
2424 if (region_num <= 3) {
2425 ide_state = &d->ide_if[(region_num >> 1) * 2];
2426 if (region_num & 1) {
2427 register_ioport_read(addr + 2, 1, 1, ide_status_read, ide_state);
2428 register_ioport_write(addr + 2, 1, 1, ide_cmd_write, ide_state);
2429 } else {
2430 register_ioport_write(addr, 8, 1, ide_ioport_write, ide_state);
2431 register_ioport_read(addr, 8, 1, ide_ioport_read, ide_state);
2433 /* data ports */
2434 register_ioport_write(addr, 2, 2, ide_data_writew, ide_state);
2435 register_ioport_read(addr, 2, 2, ide_data_readw, ide_state);
2436 register_ioport_write(addr, 4, 4, ide_data_writel, ide_state);
2437 register_ioport_read(addr, 4, 4, ide_data_readl, ide_state);
2442 static void ide_dma_start(IDEState *s, BlockDriverCompletionFunc *dma_cb)
2444 BMDMAState *bm = s->bmdma;
2445 if(!bm)
2446 return;
2447 bm->ide_if = s;
2448 bm->dma_cb = dma_cb;
2449 bm->cur_prd_last = 0;
2450 bm->cur_prd_addr = 0;
2451 bm->cur_prd_len = 0;
2452 if (bm->status & BM_STATUS_DMAING) {
2453 bm->dma_cb(bm, 0);
2457 static void bmdma_cmd_writeb(void *opaque, uint32_t addr, uint32_t val)
2459 BMDMAState *bm = opaque;
2460 #ifdef DEBUG_IDE
2461 printf("%s: 0x%08x\n", __func__, val);
2462 #endif
2463 if (!(val & BM_CMD_START)) {
2464 /* XXX: do it better */
2465 if (bm->status & BM_STATUS_DMAING) {
2466 bm->status &= ~BM_STATUS_DMAING;
2467 /* cancel DMA request */
2468 bm->ide_if = NULL;
2469 bm->dma_cb = NULL;
2470 if (bm->aiocb) {
2471 #ifdef DEBUG_AIO
2472 printf("aio_cancel\n");
2473 #endif
2474 bdrv_aio_cancel(bm->aiocb);
2475 bm->aiocb = NULL;
2478 bm->cmd = val & 0x09;
2479 } else {
2480 if (!(bm->status & BM_STATUS_DMAING)) {
2481 bm->status |= BM_STATUS_DMAING;
2482 /* start dma transfer if possible */
2483 if (bm->dma_cb)
2484 bm->dma_cb(bm, 0);
2486 bm->cmd = val & 0x09;
2490 static uint32_t bmdma_readb(void *opaque, uint32_t addr)
2492 BMDMAState *bm = opaque;
2493 PCIIDEState *pci_dev;
2494 uint32_t val;
2496 switch(addr & 3) {
2497 case 0:
2498 val = bm->cmd;
2499 break;
2500 case 1:
2501 pci_dev = bm->pci_dev;
2502 if (pci_dev->type == IDE_TYPE_CMD646) {
2503 val = pci_dev->dev.config[MRDMODE];
2504 } else {
2505 val = 0xff;
2507 break;
2508 case 2:
2509 val = bm->status;
2510 break;
2511 case 3:
2512 pci_dev = bm->pci_dev;
2513 if (pci_dev->type == IDE_TYPE_CMD646) {
2514 if (bm == &pci_dev->bmdma[0])
2515 val = pci_dev->dev.config[UDIDETCR0];
2516 else
2517 val = pci_dev->dev.config[UDIDETCR1];
2518 } else {
2519 val = 0xff;
2521 break;
2522 default:
2523 val = 0xff;
2524 break;
2526 #ifdef DEBUG_IDE
2527 printf("bmdma: readb 0x%02x : 0x%02x\n", addr, val);
2528 #endif
2529 return val;
2532 static void bmdma_writeb(void *opaque, uint32_t addr, uint32_t val)
2534 BMDMAState *bm = opaque;
2535 PCIIDEState *pci_dev;
2536 #ifdef DEBUG_IDE
2537 printf("bmdma: writeb 0x%02x : 0x%02x\n", addr, val);
2538 #endif
2539 switch(addr & 3) {
2540 case 1:
2541 pci_dev = bm->pci_dev;
2542 if (pci_dev->type == IDE_TYPE_CMD646) {
2543 pci_dev->dev.config[MRDMODE] =
2544 (pci_dev->dev.config[MRDMODE] & ~0x30) | (val & 0x30);
2545 cmd646_update_irq(pci_dev);
2547 break;
2548 case 2:
2549 bm->status = (val & 0x60) | (bm->status & 1) | (bm->status & ~val & 0x06);
2550 break;
2551 case 3:
2552 pci_dev = bm->pci_dev;
2553 if (pci_dev->type == IDE_TYPE_CMD646) {
2554 if (bm == &pci_dev->bmdma[0])
2555 pci_dev->dev.config[UDIDETCR0] = val;
2556 else
2557 pci_dev->dev.config[UDIDETCR1] = val;
2559 break;
2563 static uint32_t bmdma_addr_readl(void *opaque, uint32_t addr)
2565 BMDMAState *bm = opaque;
2566 uint32_t val;
2567 val = bm->addr;
2568 #ifdef DEBUG_IDE
2569 printf("%s: 0x%08x\n", __func__, val);
2570 #endif
2571 return val;
2574 static void bmdma_addr_writel(void *opaque, uint32_t addr, uint32_t val)
2576 BMDMAState *bm = opaque;
2577 #ifdef DEBUG_IDE
2578 printf("%s: 0x%08x\n", __func__, val);
2579 #endif
2580 bm->addr = val & ~3;
2581 bm->cur_addr = bm->addr;
2584 static void bmdma_map(PCIDevice *pci_dev, int region_num,
2585 uint32_t addr, uint32_t size, int type)
2587 PCIIDEState *d = (PCIIDEState *)pci_dev;
2588 int i;
2590 for(i = 0;i < 2; i++) {
2591 BMDMAState *bm = &d->bmdma[i];
2592 d->ide_if[2 * i].bmdma = bm;
2593 d->ide_if[2 * i + 1].bmdma = bm;
2594 bm->pci_dev = (PCIIDEState *)pci_dev;
2596 register_ioport_write(addr, 1, 1, bmdma_cmd_writeb, bm);
2598 register_ioport_write(addr + 1, 3, 1, bmdma_writeb, bm);
2599 register_ioport_read(addr, 4, 1, bmdma_readb, bm);
2601 register_ioport_write(addr + 4, 4, 4, bmdma_addr_writel, bm);
2602 register_ioport_read(addr + 4, 4, 4, bmdma_addr_readl, bm);
2603 addr += 8;
2607 /* XXX: call it also when the MRDMODE is changed from the PCI config
2608 registers */
2609 static void cmd646_update_irq(PCIIDEState *d)
2611 int pci_level;
2612 pci_level = ((d->dev.config[MRDMODE] & MRDMODE_INTR_CH0) &&
2613 !(d->dev.config[MRDMODE] & MRDMODE_BLK_CH0)) ||
2614 ((d->dev.config[MRDMODE] & MRDMODE_INTR_CH1) &&
2615 !(d->dev.config[MRDMODE] & MRDMODE_BLK_CH1));
2616 pci_set_irq((PCIDevice *)d, 0, pci_level);
2619 /* the PCI irq level is the logical OR of the two channels */
2620 static void cmd646_set_irq(void *opaque, int channel, int level)
2622 PCIIDEState *d = opaque;
2623 int irq_mask;
2625 irq_mask = MRDMODE_INTR_CH0 << channel;
2626 if (level)
2627 d->dev.config[MRDMODE] |= irq_mask;
2628 else
2629 d->dev.config[MRDMODE] &= ~irq_mask;
2630 cmd646_update_irq(d);
2633 /* CMD646 PCI IDE controller */
2634 void pci_cmd646_ide_init(PCIBus *bus, BlockDriverState **hd_table,
2635 int secondary_ide_enabled)
2637 PCIIDEState *d;
2638 uint8_t *pci_conf;
2639 int i;
2641 d = (PCIIDEState *)pci_register_device(bus, "CMD646 IDE",
2642 sizeof(PCIIDEState),
2643 -1,
2644 NULL, NULL);
2645 d->type = IDE_TYPE_CMD646;
2646 pci_conf = d->dev.config;
2647 pci_conf[0x00] = 0x95; // CMD646
2648 pci_conf[0x01] = 0x10;
2649 pci_conf[0x02] = 0x46;
2650 pci_conf[0x03] = 0x06;
2652 pci_conf[0x08] = 0x07; // IDE controller revision
2653 pci_conf[0x09] = 0x8f;
2655 pci_conf[0x0a] = 0x01; // class_sub = PCI_IDE
2656 pci_conf[0x0b] = 0x01; // class_base = PCI_mass_storage
2657 pci_conf[0x0e] = 0x00; // header_type
2659 if (secondary_ide_enabled) {
2660 /* XXX: if not enabled, really disable the seconday IDE controller */
2661 pci_conf[0x51] = 0x80; /* enable IDE1 */
2664 pci_register_io_region((PCIDevice *)d, 0, 0x8,
2665 PCI_ADDRESS_SPACE_IO, ide_map);
2666 pci_register_io_region((PCIDevice *)d, 1, 0x4,
2667 PCI_ADDRESS_SPACE_IO, ide_map);
2668 pci_register_io_region((PCIDevice *)d, 2, 0x8,
2669 PCI_ADDRESS_SPACE_IO, ide_map);
2670 pci_register_io_region((PCIDevice *)d, 3, 0x4,
2671 PCI_ADDRESS_SPACE_IO, ide_map);
2672 pci_register_io_region((PCIDevice *)d, 4, 0x10,
2673 PCI_ADDRESS_SPACE_IO, bmdma_map);
2675 pci_conf[0x3d] = 0x01; // interrupt on pin 1
2677 for(i = 0; i < 4; i++)
2678 d->ide_if[i].pci_dev = (PCIDevice *)d;
2679 ide_init2(&d->ide_if[0], hd_table[0], hd_table[1],
2680 cmd646_set_irq, d, 0);
2681 ide_init2(&d->ide_if[2], hd_table[2], hd_table[3],
2682 cmd646_set_irq, d, 1);
2685 static void pci_ide_save(QEMUFile* f, void *opaque)
2687 PCIIDEState *d = opaque;
2688 int i;
2690 pci_device_save(&d->dev, f);
2692 for(i = 0; i < 2; i++) {
2693 BMDMAState *bm = &d->bmdma[i];
2694 qemu_put_8s(f, &bm->cmd);
2695 qemu_put_8s(f, &bm->status);
2696 qemu_put_be32s(f, &bm->addr);
2697 /* XXX: if a transfer is pending, we do not save it yet */
2700 /* per IDE interface data */
2701 for(i = 0; i < 2; i++) {
2702 IDEState *s = &d->ide_if[i * 2];
2703 uint8_t drive1_selected;
2704 qemu_put_8s(f, &s->cmd);
2705 drive1_selected = (s->cur_drive != s);
2706 qemu_put_8s(f, &drive1_selected);
2709 /* per IDE drive data */
2710 for(i = 0; i < 4; i++) {
2711 IDEState *s = &d->ide_if[i];
2712 qemu_put_be32s(f, &s->mult_sectors);
2713 qemu_put_be32s(f, &s->identify_set);
2714 if (s->identify_set) {
2715 qemu_put_buffer(f, (const uint8_t *)s->identify_data, 512);
2717 qemu_put_8s(f, &s->feature);
2718 qemu_put_8s(f, &s->error);
2719 qemu_put_be32s(f, &s->nsector);
2720 qemu_put_8s(f, &s->sector);
2721 qemu_put_8s(f, &s->lcyl);
2722 qemu_put_8s(f, &s->hcyl);
2723 qemu_put_8s(f, &s->hob_feature);
2724 qemu_put_8s(f, &s->hob_nsector);
2725 qemu_put_8s(f, &s->hob_sector);
2726 qemu_put_8s(f, &s->hob_lcyl);
2727 qemu_put_8s(f, &s->hob_hcyl);
2728 qemu_put_8s(f, &s->select);
2729 qemu_put_8s(f, &s->status);
2730 qemu_put_8s(f, &s->lba48);
2732 qemu_put_8s(f, &s->sense_key);
2733 qemu_put_8s(f, &s->asc);
2734 /* XXX: if a transfer is pending, we do not save it yet */
2738 static int pci_ide_load(QEMUFile* f, void *opaque, int version_id)
2740 PCIIDEState *d = opaque;
2741 int ret, i;
2743 if (version_id != 1)
2744 return -EINVAL;
2745 ret = pci_device_load(&d->dev, f);
2746 if (ret < 0)
2747 return ret;
2749 for(i = 0; i < 2; i++) {
2750 BMDMAState *bm = &d->bmdma[i];
2751 qemu_get_8s(f, &bm->cmd);
2752 qemu_get_8s(f, &bm->status);
2753 qemu_get_be32s(f, &bm->addr);
2754 /* XXX: if a transfer is pending, we do not save it yet */
2757 /* per IDE interface data */
2758 for(i = 0; i < 2; i++) {
2759 IDEState *s = &d->ide_if[i * 2];
2760 uint8_t drive1_selected;
2761 qemu_get_8s(f, &s->cmd);
2762 qemu_get_8s(f, &drive1_selected);
2763 s->cur_drive = &d->ide_if[i * 2 + (drive1_selected != 0)];
2766 /* per IDE drive data */
2767 for(i = 0; i < 4; i++) {
2768 IDEState *s = &d->ide_if[i];
2769 qemu_get_be32s(f, &s->mult_sectors);
2770 qemu_get_be32s(f, &s->identify_set);
2771 if (s->identify_set) {
2772 qemu_get_buffer(f, (uint8_t *)s->identify_data, 512);
2774 qemu_get_8s(f, &s->feature);
2775 qemu_get_8s(f, &s->error);
2776 qemu_get_be32s(f, &s->nsector);
2777 qemu_get_8s(f, &s->sector);
2778 qemu_get_8s(f, &s->lcyl);
2779 qemu_get_8s(f, &s->hcyl);
2780 qemu_get_8s(f, &s->hob_feature);
2781 qemu_get_8s(f, &s->hob_nsector);
2782 qemu_get_8s(f, &s->hob_sector);
2783 qemu_get_8s(f, &s->hob_lcyl);
2784 qemu_get_8s(f, &s->hob_hcyl);
2785 qemu_get_8s(f, &s->select);
2786 qemu_get_8s(f, &s->status);
2787 qemu_get_8s(f, &s->lba48);
2789 qemu_get_8s(f, &s->sense_key);
2790 qemu_get_8s(f, &s->asc);
2791 /* XXX: if a transfer is pending, we do not save it yet */
2793 return 0;
2796 static void piix3_reset(PCIIDEState *d)
2798 uint8_t *pci_conf = d->dev.config;
2800 pci_conf[0x04] = 0x00;
2801 pci_conf[0x05] = 0x00;
2802 pci_conf[0x06] = 0x80; /* FBC */
2803 pci_conf[0x07] = 0x02; // PCI_status_devsel_medium
2804 pci_conf[0x20] = 0x01; /* BMIBA: 20-23h */
2807 void pci_piix_ide_init(PCIBus *bus, BlockDriverState **hd_table, int devfn)
2809 PCIIDEState *d;
2810 uint8_t *pci_conf;
2812 /* register a function 1 of PIIX */
2813 d = (PCIIDEState *)pci_register_device(bus, "PIIX IDE",
2814 sizeof(PCIIDEState),
2815 devfn,
2816 NULL, NULL);
2817 d->type = IDE_TYPE_PIIX3;
2819 pci_conf = d->dev.config;
2820 pci_conf[0x00] = 0x86; // Intel
2821 pci_conf[0x01] = 0x80;
2822 pci_conf[0x02] = 0x30;
2823 pci_conf[0x03] = 0x12;
2824 pci_conf[0x08] = 0x02; // Step A1
2825 pci_conf[0x09] = 0x80; // legacy ATA mode
2826 pci_conf[0x0a] = 0x01; // class_sub = PCI_IDE
2827 pci_conf[0x0b] = 0x01; // class_base = PCI_mass_storage
2828 pci_conf[0x0e] = 0x00; // header_type
2829 pci_conf[0x2c] = 0x53; /* subsystem vendor: XenSource */
2830 pci_conf[0x2d] = 0x58;
2831 pci_conf[0x2e] = 0x01; /* subsystem device */
2832 pci_conf[0x2f] = 0x00;
2834 piix3_reset(d);
2836 pci_register_io_region((PCIDevice *)d, 4, 0x10,
2837 PCI_ADDRESS_SPACE_IO, bmdma_map);
2839 ide_init2(&d->ide_if[0], hd_table[0], hd_table[1],
2840 pic_set_irq_new, isa_pic, 14);
2841 ide_init2(&d->ide_if[2], hd_table[2], hd_table[3],
2842 pic_set_irq_new, isa_pic, 15);
2843 ide_init_ioport(&d->ide_if[0], 0x1f0, 0x3f6);
2844 ide_init_ioport(&d->ide_if[2], 0x170, 0x376);
2846 buffered_pio_init();
2848 register_savevm("ide", 0, 1, pci_ide_save, pci_ide_load, d);
2851 /* hd_table must contain 4 block drivers */
2852 /* NOTE: for the PIIX3, the IRQs and IOports are hardcoded */
2853 void pci_piix3_ide_init(PCIBus *bus, BlockDriverState **hd_table, int devfn)
2855 PCIIDEState *d;
2856 uint8_t *pci_conf;
2858 /* register a function 1 of PIIX3 */
2859 d = (PCIIDEState *)pci_register_device(bus, "PIIX3 IDE",
2860 sizeof(PCIIDEState),
2861 devfn,
2862 NULL, NULL);
2863 d->type = IDE_TYPE_PIIX3;
2865 pci_conf = d->dev.config;
2866 pci_conf[0x00] = 0x86; // Intel
2867 pci_conf[0x01] = 0x80;
2868 pci_conf[0x02] = 0x10;
2869 pci_conf[0x03] = 0x70;
2870 pci_conf[0x09] = 0x80; // legacy ATA mode
2871 pci_conf[0x0a] = 0x01; // class_sub = PCI_IDE
2872 pci_conf[0x0b] = 0x01; // class_base = PCI_mass_storage
2873 pci_conf[0x0e] = 0x00; // header_type
2875 piix3_reset(d);
2877 pci_register_io_region((PCIDevice *)d, 4, 0x10,
2878 PCI_ADDRESS_SPACE_IO, bmdma_map);
2880 ide_init2(&d->ide_if[0], hd_table[0], hd_table[1],
2881 pic_set_irq_new, isa_pic, 14);
2882 ide_init2(&d->ide_if[2], hd_table[2], hd_table[3],
2883 pic_set_irq_new, isa_pic, 15);
2884 ide_init_ioport(&d->ide_if[0], 0x1f0, 0x3f6);
2885 ide_init_ioport(&d->ide_if[2], 0x170, 0x376);
2887 buffered_pio_init();
2889 register_savevm("ide", 0, 1, pci_ide_save, pci_ide_load, d);
2892 /***********************************************************/
2893 /* MacIO based PowerPC IDE */
2895 /* PowerMac IDE memory IO */
2896 static void pmac_ide_writeb (void *opaque,
2897 target_phys_addr_t addr, uint32_t val)
2899 addr = (addr & 0xFFF) >> 4;
2900 switch (addr) {
2901 case 1 ... 7:
2902 ide_ioport_write(opaque, addr, val);
2903 break;
2904 case 8:
2905 case 22:
2906 ide_cmd_write(opaque, 0, val);
2907 break;
2908 default:
2909 break;
2913 static uint32_t pmac_ide_readb (void *opaque,target_phys_addr_t addr)
2915 uint8_t retval;
2917 addr = (addr & 0xFFF) >> 4;
2918 switch (addr) {
2919 case 1 ... 7:
2920 retval = ide_ioport_read(opaque, addr);
2921 break;
2922 case 8:
2923 case 22:
2924 retval = ide_status_read(opaque, 0);
2925 break;
2926 default:
2927 retval = 0xFF;
2928 break;
2930 return retval;
2933 static void pmac_ide_writew (void *opaque,
2934 target_phys_addr_t addr, uint32_t val)
2936 addr = (addr & 0xFFF) >> 4;
2937 #ifdef TARGET_WORDS_BIGENDIAN
2938 val = bswap16(val);
2939 #endif
2940 if (addr == 0) {
2941 ide_data_writew(opaque, 0, val);
2945 static uint32_t pmac_ide_readw (void *opaque,target_phys_addr_t addr)
2947 uint16_t retval;
2949 addr = (addr & 0xFFF) >> 4;
2950 if (addr == 0) {
2951 retval = ide_data_readw(opaque, 0);
2952 } else {
2953 retval = 0xFFFF;
2955 #ifdef TARGET_WORDS_BIGENDIAN
2956 retval = bswap16(retval);
2957 #endif
2958 return retval;
2961 static void pmac_ide_writel (void *opaque,
2962 target_phys_addr_t addr, uint32_t val)
2964 addr = (addr & 0xFFF) >> 4;
2965 #ifdef TARGET_WORDS_BIGENDIAN
2966 val = bswap32(val);
2967 #endif
2968 if (addr == 0) {
2969 ide_data_writel(opaque, 0, val);
2973 static uint32_t pmac_ide_readl (void *opaque,target_phys_addr_t addr)
2975 uint32_t retval;
2977 addr = (addr & 0xFFF) >> 4;
2978 if (addr == 0) {
2979 retval = ide_data_readl(opaque, 0);
2980 } else {
2981 retval = 0xFFFFFFFF;
2983 #ifdef TARGET_WORDS_BIGENDIAN
2984 retval = bswap32(retval);
2985 #endif
2986 return retval;
2989 static CPUWriteMemoryFunc *pmac_ide_write[] = {
2990 pmac_ide_writeb,
2991 pmac_ide_writew,
2992 pmac_ide_writel,
2993 };
2995 static CPUReadMemoryFunc *pmac_ide_read[] = {
2996 pmac_ide_readb,
2997 pmac_ide_readw,
2998 pmac_ide_readl,
2999 };
3001 /* hd_table must contain 4 block drivers */
3002 /* PowerMac uses memory mapped registers, not I/O. Return the memory
3003 I/O index to access the ide. */
3004 int pmac_ide_init (BlockDriverState **hd_table,
3005 SetIRQFunc *set_irq, void *irq_opaque, int irq)
3007 IDEState *ide_if;
3008 int pmac_ide_memory;
3010 ide_if = qemu_mallocz(sizeof(IDEState) * 2);
3011 ide_init2(&ide_if[0], hd_table[0], hd_table[1],
3012 set_irq, irq_opaque, irq);
3014 pmac_ide_memory = cpu_register_io_memory(0, pmac_ide_read,
3015 pmac_ide_write, &ide_if[0]);
3016 return pmac_ide_memory;