2 * QEMU IDE disk and CD-ROM Emulator
4 * Copyright (c) 2003 Fabrice Bellard
5 * Copyright (c) 2006 Openedhand Ltd.
7 * Permission is hereby granted, free of charge, to any person obtaining a copy
8 * of this software and associated documentation files (the "Software"), to deal
9 * in the Software without restriction, including without limitation the rights
10 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
11 * copies of the Software, and to permit persons to whom the Software is
12 * furnished to do so, subject to the following conditions:
14 * The above copyright notice and this permission notice shall be included in
15 * all copies or substantial portions of the Software.
17 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
18 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
19 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
20 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
21 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
22 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
27 /* debug IDE devices */
29 //#define DEBUG_IDE_ATAPI
33 /* Bits of HD_STATUS */
35 #define INDEX_STAT 0x02
36 #define ECC_STAT 0x04 /* Corrected error */
38 #define SEEK_STAT 0x10
40 #define WRERR_STAT 0x20
41 #define READY_STAT 0x40
42 #define BUSY_STAT 0x80
44 /* Bits for HD_ERROR */
45 #define MARK_ERR 0x01 /* Bad address mark */
46 #define TRK0_ERR 0x02 /* couldn't find track 0 */
47 #define ABRT_ERR 0x04 /* Command aborted */
48 #define MCR_ERR 0x08 /* media change request */
49 #define ID_ERR 0x10 /* ID field not found */
50 #define MC_ERR 0x20 /* media changed */
51 #define ECC_ERR 0x40 /* Uncorrectable ECC error */
52 #define BBD_ERR 0x80 /* pre-EIDE meaning: block marked bad */
53 #define ICRC_ERR 0x80 /* new meaning: CRC error during transfer */
55 /* Bits of HD_NSECTOR */
61 #define IDE_CMD_RESET 0x04
62 #define IDE_CMD_DISABLE_IRQ 0x02
64 /* ATA/ATAPI Commands pre T13 Spec */
69 #define CFA_REQ_EXT_ERROR_CODE 0x03 /* CFA Request Extended Error Code */
73 #define WIN_SRST 0x08 /* ATAPI soft reset command */
74 #define WIN_DEVICE_RESET 0x08
78 #define WIN_RECAL 0x10
79 #define WIN_RESTORE WIN_RECAL
83 #define WIN_READ 0x20 /* 28-Bit */
84 #define WIN_READ_ONCE 0x21 /* 28-Bit without retries */
85 #define WIN_READ_LONG 0x22 /* 28-Bit */
86 #define WIN_READ_LONG_ONCE 0x23 /* 28-Bit without retries */
87 #define WIN_READ_EXT 0x24 /* 48-Bit */
88 #define WIN_READDMA_EXT 0x25 /* 48-Bit */
89 #define WIN_READDMA_QUEUED_EXT 0x26 /* 48-Bit */
90 #define WIN_READ_NATIVE_MAX_EXT 0x27 /* 48-Bit */
94 #define WIN_MULTREAD_EXT 0x29 /* 48-Bit */
98 #define WIN_WRITE 0x30 /* 28-Bit */
99 #define WIN_WRITE_ONCE 0x31 /* 28-Bit without retries */
100 #define WIN_WRITE_LONG 0x32 /* 28-Bit */
101 #define WIN_WRITE_LONG_ONCE 0x33 /* 28-Bit without retries */
102 #define WIN_WRITE_EXT 0x34 /* 48-Bit */
103 #define WIN_WRITEDMA_EXT 0x35 /* 48-Bit */
104 #define WIN_WRITEDMA_QUEUED_EXT 0x36 /* 48-Bit */
105 #define WIN_SET_MAX_EXT 0x37 /* 48-Bit */
106 #define CFA_WRITE_SECT_WO_ERASE 0x38 /* CFA Write Sectors without erase */
107 #define WIN_MULTWRITE_EXT 0x39 /* 48-Bit */
109 * 0x3A->0x3B Reserved
111 #define WIN_WRITE_VERIFY 0x3C /* 28-Bit */
113 * 0x3D->0x3F Reserved
115 #define WIN_VERIFY 0x40 /* 28-Bit - Read Verify Sectors */
116 #define WIN_VERIFY_ONCE 0x41 /* 28-Bit - without retries */
117 #define WIN_VERIFY_EXT 0x42 /* 48-Bit */
119 * 0x43->0x4F Reserved
121 #define WIN_FORMAT 0x50
123 * 0x51->0x5F Reserved
125 #define WIN_INIT 0x60
127 * 0x61->0x5F Reserved
129 #define WIN_SEEK 0x70 /* 0x70-0x7F Reserved */
130 #define CFA_TRANSLATE_SECTOR 0x87 /* CFA Translate Sector */
131 #define WIN_DIAGNOSE 0x90
132 #define WIN_SPECIFY 0x91 /* set drive geometry translation */
133 #define WIN_DOWNLOAD_MICROCODE 0x92
134 #define WIN_STANDBYNOW2 0x94
135 #define CFA_IDLEIMMEDIATE 0x95 /* force drive to become "ready" */
136 #define WIN_STANDBY2 0x96
137 #define WIN_SETIDLE2 0x97
138 #define WIN_CHECKPOWERMODE2 0x98
139 #define WIN_SLEEPNOW2 0x99
143 #define WIN_PACKETCMD 0xA0 /* Send a packet command. */
144 #define WIN_PIDENTIFY 0xA1 /* identify ATAPI device */
145 #define WIN_QUEUED_SERVICE 0xA2
146 #define WIN_SMART 0xB0 /* self-monitoring and reporting */
147 #define CFA_ACCESS_METADATA_STORAGE 0xB8
148 #define CFA_ERASE_SECTORS 0xC0 /* microdrives implement as NOP */
149 #define WIN_MULTREAD 0xC4 /* read sectors using multiple mode*/
150 #define WIN_MULTWRITE 0xC5 /* write sectors using multiple mode */
151 #define WIN_SETMULT 0xC6 /* enable/disable multiple mode */
152 #define WIN_READDMA_QUEUED 0xC7 /* read sectors using Queued DMA transfers */
153 #define WIN_READDMA 0xC8 /* read sectors using DMA transfers */
154 #define WIN_READDMA_ONCE 0xC9 /* 28-Bit - without retries */
155 #define WIN_WRITEDMA 0xCA /* write sectors using DMA transfers */
156 #define WIN_WRITEDMA_ONCE 0xCB /* 28-Bit - without retries */
157 #define WIN_WRITEDMA_QUEUED 0xCC /* write sectors using Queued DMA transfers */
158 #define CFA_WRITE_MULTI_WO_ERASE 0xCD /* CFA Write multiple without erase */
159 #define WIN_GETMEDIASTATUS 0xDA
160 #define WIN_ACKMEDIACHANGE 0xDB /* ATA-1, ATA-2 vendor */
161 #define WIN_POSTBOOT 0xDC
162 #define WIN_PREBOOT 0xDD
163 #define WIN_DOORLOCK 0xDE /* lock door on removable drives */
164 #define WIN_DOORUNLOCK 0xDF /* unlock door on removable drives */
165 #define WIN_STANDBYNOW1 0xE0
166 #define WIN_IDLEIMMEDIATE 0xE1 /* force drive to become "ready" */
167 #define WIN_STANDBY 0xE2 /* Set device in Standby Mode */
168 #define WIN_SETIDLE1 0xE3
169 #define WIN_READ_BUFFER 0xE4 /* force read only 1 sector */
170 #define WIN_CHECKPOWERMODE1 0xE5
171 #define WIN_SLEEPNOW1 0xE6
172 #define WIN_FLUSH_CACHE 0xE7
173 #define WIN_WRITE_BUFFER 0xE8 /* force write only 1 sector */
174 #define WIN_WRITE_SAME 0xE9 /* read ata-2 to use */
175 /* SET_FEATURES 0x22 or 0xDD */
176 #define WIN_FLUSH_CACHE_EXT 0xEA /* 48-Bit */
177 #define WIN_IDENTIFY 0xEC /* ask drive to identify itself */
178 #define WIN_MEDIAEJECT 0xED
179 #define WIN_IDENTIFY_DMA 0xEE /* same as WIN_IDENTIFY, but DMA */
180 #define WIN_SETFEATURES 0xEF /* set special drive features */
181 #define EXABYTE_ENABLE_NEST 0xF0
182 #define IBM_SENSE_CONDITION 0xF0 /* measure disk temperature */
183 #define WIN_SECURITY_SET_PASS 0xF1
184 #define WIN_SECURITY_UNLOCK 0xF2
185 #define WIN_SECURITY_ERASE_PREPARE 0xF3
186 #define WIN_SECURITY_ERASE_UNIT 0xF4
187 #define WIN_SECURITY_FREEZE_LOCK 0xF5
188 #define CFA_WEAR_LEVEL 0xF5 /* microdrives implement as NOP */
189 #define WIN_SECURITY_DISABLE 0xF6
190 #define WIN_READ_NATIVE_MAX 0xF8 /* return the native maximum address */
191 #define WIN_SET_MAX 0xF9
192 #define DISABLE_SEAGATE 0xFB
194 /* set to 1 set disable mult support */
195 #define MAX_MULT_SECTORS 16
199 #define ATAPI_PACKET_SIZE 12
201 /* The generic packet command opcodes for CD/DVD Logical Units,
202 * From Table 57 of the SFF8090 Ver. 3 (Mt. Fuji) draft standard. */
203 #define GPCMD_BLANK 0xa1
204 #define GPCMD_CLOSE_TRACK 0x5b
205 #define GPCMD_FLUSH_CACHE 0x35
206 #define GPCMD_FORMAT_UNIT 0x04
207 #define GPCMD_GET_CONFIGURATION 0x46
208 #define GPCMD_GET_EVENT_STATUS_NOTIFICATION 0x4a
209 #define GPCMD_GET_PERFORMANCE 0xac
210 #define GPCMD_INQUIRY 0x12
211 #define GPCMD_LOAD_UNLOAD 0xa6
212 #define GPCMD_MECHANISM_STATUS 0xbd
213 #define GPCMD_MODE_SELECT_10 0x55
214 #define GPCMD_MODE_SENSE_10 0x5a
215 #define GPCMD_PAUSE_RESUME 0x4b
216 #define GPCMD_PLAY_AUDIO_10 0x45
217 #define GPCMD_PLAY_AUDIO_MSF 0x47
218 #define GPCMD_PLAY_AUDIO_TI 0x48
219 #define GPCMD_PLAY_CD 0xbc
220 #define GPCMD_PREVENT_ALLOW_MEDIUM_REMOVAL 0x1e
221 #define GPCMD_READ_10 0x28
222 #define GPCMD_READ_12 0xa8
223 #define GPCMD_READ_CDVD_CAPACITY 0x25
224 #define GPCMD_READ_CD 0xbe
225 #define GPCMD_READ_CD_MSF 0xb9
226 #define GPCMD_READ_DISC_INFO 0x51
227 #define GPCMD_READ_DVD_STRUCTURE 0xad
228 #define GPCMD_READ_FORMAT_CAPACITIES 0x23
229 #define GPCMD_READ_HEADER 0x44
230 #define GPCMD_READ_TRACK_RZONE_INFO 0x52
231 #define GPCMD_READ_SUBCHANNEL 0x42
232 #define GPCMD_READ_TOC_PMA_ATIP 0x43
233 #define GPCMD_REPAIR_RZONE_TRACK 0x58
234 #define GPCMD_REPORT_KEY 0xa4
235 #define GPCMD_REQUEST_SENSE 0x03
236 #define GPCMD_RESERVE_RZONE_TRACK 0x53
237 #define GPCMD_SCAN 0xba
238 #define GPCMD_SEEK 0x2b
239 #define GPCMD_SEND_DVD_STRUCTURE 0xad
240 #define GPCMD_SEND_EVENT 0xa2
241 #define GPCMD_SEND_KEY 0xa3
242 #define GPCMD_SEND_OPC 0x54
243 #define GPCMD_SET_READ_AHEAD 0xa7
244 #define GPCMD_SET_STREAMING 0xb6
245 #define GPCMD_START_STOP_UNIT 0x1b
246 #define GPCMD_STOP_PLAY_SCAN 0x4e
247 #define GPCMD_TEST_UNIT_READY 0x00
248 #define GPCMD_VERIFY_10 0x2f
249 #define GPCMD_WRITE_10 0x2a
250 #define GPCMD_WRITE_AND_VERIFY_10 0x2e
251 /* This is listed as optional in ATAPI 2.6, but is (curiously)
252 * missing from Mt. Fuji, Table 57. It _is_ mentioned in Mt. Fuji
253 * Table 377 as an MMC command for SCSi devices though... Most ATAPI
254 * drives support it. */
255 #define GPCMD_SET_SPEED 0xbb
256 /* This seems to be a SCSI specific CD-ROM opcode
257 * to play data at track/index */
258 #define GPCMD_PLAYAUDIO_TI 0x48
260 * From MS Media Status Notification Support Specification. For
263 #define GPCMD_GET_MEDIA_STATUS 0xda
264 #define GPCMD_MODE_SENSE_6 0x1a
266 /* Mode page codes for mode sense/set */
267 #define GPMODE_R_W_ERROR_PAGE 0x01
268 #define GPMODE_WRITE_PARMS_PAGE 0x05
269 #define GPMODE_AUDIO_CTL_PAGE 0x0e
270 #define GPMODE_POWER_PAGE 0x1a
271 #define GPMODE_FAULT_FAIL_PAGE 0x1c
272 #define GPMODE_TO_PROTECT_PAGE 0x1d
273 #define GPMODE_CAPABILITIES_PAGE 0x2a
274 #define GPMODE_ALL_PAGES 0x3f
275 /* Not in Mt. Fuji, but in ATAPI 2.6 -- depricated now in favor
276 * of MODE_SENSE_POWER_PAGE */
277 #define GPMODE_CDROM_PAGE 0x0d
279 #define ATAPI_INT_REASON_CD 0x01 /* 0 = data transfer */
280 #define ATAPI_INT_REASON_IO 0x02 /* 1 = transfer to the host */
281 #define ATAPI_INT_REASON_REL 0x04
282 #define ATAPI_INT_REASON_TAG 0xf8
284 /* same constants as bochs */
285 #define ASC_ILLEGAL_OPCODE 0x20
286 #define ASC_LOGICAL_BLOCK_OOR 0x21
287 #define ASC_INV_FIELD_IN_CMD_PACKET 0x24
288 #define ASC_MEDIUM_NOT_PRESENT 0x3a
289 #define ASC_SAVING_PARAMETERS_NOT_SUPPORTED 0x39
291 #define CFA_NO_ERROR 0x00
292 #define CFA_MISC_ERROR 0x09
293 #define CFA_INVALID_COMMAND 0x20
294 #define CFA_INVALID_ADDRESS 0x21
295 #define CFA_ADDRESS_OVERFLOW 0x2f
298 #define SENSE_NOT_READY 2
299 #define SENSE_ILLEGAL_REQUEST 5
300 #define SENSE_UNIT_ATTENTION 6
304 typedef void EndTransferFunc(struct IDEState *);
306 /* NOTE: IDEState represents in fact one drive */
307 typedef struct IDEState {
311 int cylinders, heads, sectors;
315 uint16_t identify_data[256];
318 struct BMDMAState *bmdma;
327 /* other part of tf for lba48 support */
337 /* 0x3f6 command, only meaningful for drive 0 */
339 /* set for lba48 access */
341 /* depends on bit 4 in select, only meaningful for drive 0 */
342 struct IDEState *cur_drive;
343 BlockDriverState *bs;
347 int packet_transfer_size;
348 int elementary_transfer_size;
352 int atapi_dma; /* true if dma is requested for the packet cmd */
355 /* PIO transfer handling */
356 int req_nb_sectors; /* number of sectors per interrupt */
357 EndTransferFunc *end_transfer_func;
360 uint8_t io_buffer[MAX_MULT_SECTORS*512 + 4];
361 QEMUTimer *sector_write_timer; /* only used for win2k install hack */
362 uint32_t irq_count; /* counts IRQs when using win2k install hack */
363 /* CF-ATA extended error */
365 /* CF-ATA metadata storage */
367 uint8_t *mdata_storage;
371 #define BM_STATUS_DMAING 0x01
372 #define BM_STATUS_ERROR 0x02
373 #define BM_STATUS_INT 0x04
375 #define BM_CMD_START 0x01
376 #define BM_CMD_READ 0x08
378 #define IDE_TYPE_PIIX3 0
379 #define IDE_TYPE_CMD646 1
380 #define IDE_TYPE_PIIX4 2
382 /* CMD646 specific */
384 #define MRDMODE_INTR_CH0 0x04
385 #define MRDMODE_INTR_CH1 0x08
386 #define MRDMODE_BLK_CH0 0x10
387 #define MRDMODE_BLK_CH1 0x20
388 #define UDIDETCR0 0x73
389 #define UDIDETCR1 0x7B
391 typedef struct BMDMAState {
396 struct PCIIDEState *pci_dev;
397 /* current transfer state */
399 uint32_t cur_prd_last;
400 uint32_t cur_prd_addr;
401 uint32_t cur_prd_len;
403 BlockDriverCompletionFunc *dma_cb;
404 BlockDriverAIOCB *aiocb;
407 typedef struct PCIIDEState {
411 int type; /* see IDE_TYPE_xxx */
414 static void ide_dma_start(IDEState *s, BlockDriverCompletionFunc *dma_cb);
415 static void ide_atapi_cmd_read_dma_cb(void *opaque, int ret);
417 static void padstr(char *str, const char *src, int len)
420 for(i = 0; i < len; i++) {
425 *(char *)((long)str ^ 1) = v;
430 static void padstr8(uint8_t *buf, int buf_size, const char *src)
433 for(i = 0; i < buf_size; i++) {
441 static void put_le16(uint16_t *p, unsigned int v)
446 static void ide_identify(IDEState *s)
449 unsigned int oldsize;
452 if (s->identify_set) {
453 memcpy(s->io_buffer, s->identify_data, sizeof(s->identify_data));
457 memset(s->io_buffer, 0, 512);
458 p = (uint16_t *)s->io_buffer;
459 put_le16(p + 0, 0x0040);
460 put_le16(p + 1, s->cylinders);
461 put_le16(p + 3, s->heads);
462 put_le16(p + 4, 512 * s->sectors); /* XXX: retired, remove ? */
463 put_le16(p + 5, 512); /* XXX: retired, remove ? */
464 put_le16(p + 6, s->sectors);
465 snprintf(buf, sizeof(buf), "QM%05d", s->drive_serial);
466 padstr((uint8_t *)(p + 10), buf, 20); /* serial number */
467 put_le16(p + 20, 3); /* XXX: retired, remove ? */
468 put_le16(p + 21, 512); /* cache size in sectors */
469 put_le16(p + 22, 4); /* ecc bytes */
470 padstr((uint8_t *)(p + 23), QEMU_VERSION, 8); /* firmware version */
471 padstr((uint8_t *)(p + 27), "QEMU HARDDISK", 40); /* model */
472 #if MAX_MULT_SECTORS > 1
473 put_le16(p + 47, 0x8000 | MAX_MULT_SECTORS);
475 put_le16(p + 48, 1); /* dword I/O */
476 put_le16(p + 49, (1 << 11) | (1 << 9) | (1 << 8)); /* DMA and LBA supported */
477 put_le16(p + 51, 0x200); /* PIO transfer cycle */
478 put_le16(p + 52, 0x200); /* DMA transfer cycle */
479 put_le16(p + 53, 1 | (1 << 1) | (1 << 2)); /* words 54-58,64-70,88 are valid */
480 put_le16(p + 54, s->cylinders);
481 put_le16(p + 55, s->heads);
482 put_le16(p + 56, s->sectors);
483 oldsize = s->cylinders * s->heads * s->sectors;
484 put_le16(p + 57, oldsize);
485 put_le16(p + 58, oldsize >> 16);
487 put_le16(p + 59, 0x100 | s->mult_sectors);
488 put_le16(p + 60, s->nb_sectors);
489 put_le16(p + 61, s->nb_sectors >> 16);
490 put_le16(p + 63, 0x07); /* mdma0-2 supported */
491 put_le16(p + 65, 120);
492 put_le16(p + 66, 120);
493 put_le16(p + 67, 120);
494 put_le16(p + 68, 120);
495 put_le16(p + 80, 0xf0); /* ata3 -> ata6 supported */
496 put_le16(p + 81, 0x16); /* conforms to ata5 */
497 put_le16(p + 82, (1 << 14));
498 /* 13=flush_cache_ext,12=flush_cache,10=lba48 */
499 put_le16(p + 83, (1 << 14) | (1 << 13) | (1 <<12) | (1 << 10));
500 put_le16(p + 84, (1 << 14));
501 put_le16(p + 85, (1 << 14));
502 /* 13=flush_cache_ext,12=flush_cache,10=lba48 */
503 put_le16(p + 86, (1 << 14) | (1 << 13) | (1 <<12) | (1 << 10));
504 put_le16(p + 87, (1 << 14));
505 put_le16(p + 88, 0x3f | (1 << 13)); /* udma5 set and supported */
506 put_le16(p + 93, 1 | (1 << 14) | 0x2000);
507 put_le16(p + 100, s->nb_sectors);
508 put_le16(p + 101, s->nb_sectors >> 16);
509 put_le16(p + 102, s->nb_sectors >> 32);
510 put_le16(p + 103, s->nb_sectors >> 48);
512 memcpy(s->identify_data, p, sizeof(s->identify_data));
516 static void ide_atapi_identify(IDEState *s)
521 if (s->identify_set) {
522 memcpy(s->io_buffer, s->identify_data, sizeof(s->identify_data));
526 memset(s->io_buffer, 0, 512);
527 p = (uint16_t *)s->io_buffer;
528 /* Removable CDROM, 50us response, 12 byte packets */
529 put_le16(p + 0, (2 << 14) | (5 << 8) | (1 << 7) | (2 << 5) | (0 << 0));
530 snprintf(buf, sizeof(buf), "QM%05d", s->drive_serial);
531 padstr((uint8_t *)(p + 10), buf, 20); /* serial number */
532 put_le16(p + 20, 3); /* buffer type */
533 put_le16(p + 21, 512); /* cache size in sectors */
534 put_le16(p + 22, 4); /* ecc bytes */
535 padstr((uint8_t *)(p + 23), QEMU_VERSION, 8); /* firmware version */
536 padstr((uint8_t *)(p + 27), "QEMU CD-ROM", 40); /* model */
537 put_le16(p + 48, 1); /* dword I/O (XXX: should not be set on CDROM) */
539 put_le16(p + 49, 1 << 9 | 1 << 8); /* DMA and LBA supported */
540 put_le16(p + 53, 7); /* words 64-70, 54-58, 88 valid */
541 put_le16(p + 63, 7); /* mdma0-2 supported */
542 put_le16(p + 64, 0x3f); /* PIO modes supported */
544 put_le16(p + 49, 1 << 9); /* LBA supported, no DMA */
545 put_le16(p + 53, 3); /* words 64-70, 54-58 valid */
546 put_le16(p + 63, 0x103); /* DMA modes XXX: may be incorrect */
547 put_le16(p + 64, 1); /* PIO modes */
549 put_le16(p + 65, 0xb4); /* minimum DMA multiword tx cycle time */
550 put_le16(p + 66, 0xb4); /* recommended DMA multiword tx cycle time */
551 put_le16(p + 67, 0x12c); /* minimum PIO cycle time without flow control */
552 put_le16(p + 68, 0xb4); /* minimum PIO cycle time with IORDY flow control */
554 put_le16(p + 71, 30); /* in ns */
555 put_le16(p + 72, 30); /* in ns */
557 put_le16(p + 80, 0x1e); /* support up to ATA/ATAPI-4 */
559 put_le16(p + 88, 0x3f | (1 << 13)); /* udma5 set and supported */
561 memcpy(s->identify_data, p, sizeof(s->identify_data));
565 static void ide_cfata_identify(IDEState *s)
571 p = (uint16_t *) s->identify_data;
575 memset(p, 0, sizeof(s->identify_data));
577 cur_sec = s->cylinders * s->heads * s->sectors;
579 put_le16(p + 0, 0x848a); /* CF Storage Card signature */
580 put_le16(p + 1, s->cylinders); /* Default cylinders */
581 put_le16(p + 3, s->heads); /* Default heads */
582 put_le16(p + 6, s->sectors); /* Default sectors per track */
583 put_le16(p + 7, s->nb_sectors >> 16); /* Sectors per card */
584 put_le16(p + 8, s->nb_sectors); /* Sectors per card */
585 snprintf(buf, sizeof(buf), "QM%05d", s->drive_serial);
586 padstr((uint8_t *)(p + 10), buf, 20); /* Serial number in ASCII */
587 put_le16(p + 22, 0x0004); /* ECC bytes */
588 padstr((uint8_t *) (p + 23), QEMU_VERSION, 8); /* Firmware Revision */
589 padstr((uint8_t *) (p + 27), "QEMU MICRODRIVE", 40);/* Model number */
590 #if MAX_MULT_SECTORS > 1
591 put_le16(p + 47, 0x8000 | MAX_MULT_SECTORS);
593 put_le16(p + 47, 0x0000);
595 put_le16(p + 49, 0x0f00); /* Capabilities */
596 put_le16(p + 51, 0x0002); /* PIO cycle timing mode */
597 put_le16(p + 52, 0x0001); /* DMA cycle timing mode */
598 put_le16(p + 53, 0x0003); /* Translation params valid */
599 put_le16(p + 54, s->cylinders); /* Current cylinders */
600 put_le16(p + 55, s->heads); /* Current heads */
601 put_le16(p + 56, s->sectors); /* Current sectors */
602 put_le16(p + 57, cur_sec); /* Current capacity */
603 put_le16(p + 58, cur_sec >> 16); /* Current capacity */
604 if (s->mult_sectors) /* Multiple sector setting */
605 put_le16(p + 59, 0x100 | s->mult_sectors);
606 put_le16(p + 60, s->nb_sectors); /* Total LBA sectors */
607 put_le16(p + 61, s->nb_sectors >> 16); /* Total LBA sectors */
608 put_le16(p + 63, 0x0203); /* Multiword DMA capability */
609 put_le16(p + 64, 0x0001); /* Flow Control PIO support */
610 put_le16(p + 65, 0x0096); /* Min. Multiword DMA cycle */
611 put_le16(p + 66, 0x0096); /* Rec. Multiword DMA cycle */
612 put_le16(p + 68, 0x00b4); /* Min. PIO cycle time */
613 put_le16(p + 82, 0x400c); /* Command Set supported */
614 put_le16(p + 83, 0x7068); /* Command Set supported */
615 put_le16(p + 84, 0x4000); /* Features supported */
616 put_le16(p + 85, 0x000c); /* Command Set enabled */
617 put_le16(p + 86, 0x7044); /* Command Set enabled */
618 put_le16(p + 87, 0x4000); /* Features enabled */
619 put_le16(p + 91, 0x4060); /* Current APM level */
620 put_le16(p + 129, 0x0002); /* Current features option */
621 put_le16(p + 130, 0x0005); /* Reassigned sectors */
622 put_le16(p + 131, 0x0001); /* Initial power mode */
623 put_le16(p + 132, 0x0000); /* User signature */
624 put_le16(p + 160, 0x8100); /* Power requirement */
625 put_le16(p + 161, 0x8001); /* CF command set */
630 memcpy(s->io_buffer, p, sizeof(s->identify_data));
633 static void ide_set_signature(IDEState *s)
635 s->select &= 0xf0; /* clear head */
651 static inline void ide_abort_command(IDEState *s)
653 s->status = READY_STAT | ERR_STAT;
657 static inline void ide_set_irq(IDEState *s)
659 BMDMAState *bm = s->bmdma;
660 if (!(s->cmd & IDE_CMD_DISABLE_IRQ)) {
662 bm->status |= BM_STATUS_INT;
664 qemu_irq_raise(s->irq);
668 /* prepare data transfer and tell what to do after */
669 static void ide_transfer_start(IDEState *s, uint8_t *buf, int size,
670 EndTransferFunc *end_transfer_func)
672 s->end_transfer_func = end_transfer_func;
674 s->data_end = buf + size;
675 if (!(s->status & ERR_STAT))
676 s->status |= DRQ_STAT;
679 static void ide_transfer_stop(IDEState *s)
681 s->end_transfer_func = ide_transfer_stop;
682 s->data_ptr = s->io_buffer;
683 s->data_end = s->io_buffer;
684 s->status &= ~DRQ_STAT;
687 static int64_t ide_get_sector(IDEState *s)
690 if (s->select & 0x40) {
693 sector_num = ((s->select & 0x0f) << 24) | (s->hcyl << 16) |
694 (s->lcyl << 8) | s->sector;
696 sector_num = ((int64_t)s->hob_hcyl << 40) |
697 ((int64_t) s->hob_lcyl << 32) |
698 ((int64_t) s->hob_sector << 24) |
699 ((int64_t) s->hcyl << 16) |
700 ((int64_t) s->lcyl << 8) | s->sector;
703 sector_num = ((s->hcyl << 8) | s->lcyl) * s->heads * s->sectors +
704 (s->select & 0x0f) * s->sectors + (s->sector - 1);
709 static void ide_set_sector(IDEState *s, int64_t sector_num)
712 if (s->select & 0x40) {
714 s->select = (s->select & 0xf0) | (sector_num >> 24);
715 s->hcyl = (sector_num >> 16);
716 s->lcyl = (sector_num >> 8);
717 s->sector = (sector_num);
719 s->sector = sector_num;
720 s->lcyl = sector_num >> 8;
721 s->hcyl = sector_num >> 16;
722 s->hob_sector = sector_num >> 24;
723 s->hob_lcyl = sector_num >> 32;
724 s->hob_hcyl = sector_num >> 40;
727 cyl = sector_num / (s->heads * s->sectors);
728 r = sector_num % (s->heads * s->sectors);
731 s->select = (s->select & 0xf0) | ((r / s->sectors) & 0x0f);
732 s->sector = (r % s->sectors) + 1;
736 static void ide_sector_read(IDEState *s)
741 s->status = READY_STAT | SEEK_STAT;
742 s->error = 0; /* not needed by IDE spec, but needed by Windows */
743 sector_num = ide_get_sector(s);
746 /* no more sector to read from disk */
747 ide_transfer_stop(s);
749 #if defined(DEBUG_IDE)
750 printf("read sector=%Ld\n", sector_num);
752 if (n > s->req_nb_sectors)
753 n = s->req_nb_sectors;
754 ret = bdrv_read(s->bs, sector_num, s->io_buffer, n);
755 ide_transfer_start(s, s->io_buffer, 512 * n, ide_sector_read);
757 ide_set_sector(s, sector_num + n);
762 /* return 0 if buffer completed */
763 static int dma_buf_rw(BMDMAState *bm, int is_write)
765 IDEState *s = bm->ide_if;
773 l = s->io_buffer_size - s->io_buffer_index;
776 if (bm->cur_prd_len == 0) {
777 /* end of table (with a fail safe of one page) */
778 if (bm->cur_prd_last ||
779 (bm->cur_addr - bm->addr) >= 4096)
781 cpu_physical_memory_read(bm->cur_addr, (uint8_t *)&prd, 8);
783 prd.addr = le32_to_cpu(prd.addr);
784 prd.size = le32_to_cpu(prd.size);
785 len = prd.size & 0xfffe;
788 bm->cur_prd_len = len;
789 bm->cur_prd_addr = prd.addr;
790 bm->cur_prd_last = (prd.size & 0x80000000);
792 if (l > bm->cur_prd_len)
796 cpu_physical_memory_write(bm->cur_prd_addr,
797 s->io_buffer + s->io_buffer_index, l);
799 cpu_physical_memory_read(bm->cur_prd_addr,
800 s->io_buffer + s->io_buffer_index, l);
802 bm->cur_prd_addr += l;
803 bm->cur_prd_len -= l;
804 s->io_buffer_index += l;
810 /* XXX: handle errors */
811 static void ide_read_dma_cb(void *opaque, int ret)
813 BMDMAState *bm = opaque;
814 IDEState *s = bm->ide_if;
818 n = s->io_buffer_size >> 9;
819 sector_num = ide_get_sector(s);
822 ide_set_sector(s, sector_num);
824 if (dma_buf_rw(bm, 1) == 0)
828 /* end of transfer ? */
829 if (s->nsector == 0) {
830 s->status = READY_STAT | SEEK_STAT;
833 bm->status &= ~BM_STATUS_DMAING;
834 bm->status |= BM_STATUS_INT;
841 /* launch next transfer */
843 if (n > MAX_MULT_SECTORS)
844 n = MAX_MULT_SECTORS;
845 s->io_buffer_index = 0;
846 s->io_buffer_size = n * 512;
848 printf("aio_read: sector_num=%lld n=%d\n", sector_num, n);
850 bm->aiocb = bdrv_aio_read(s->bs, sector_num, s->io_buffer, n,
851 ide_read_dma_cb, bm);
854 static void ide_sector_read_dma(IDEState *s)
856 s->status = READY_STAT | SEEK_STAT | DRQ_STAT | BUSY_STAT;
857 s->io_buffer_index = 0;
858 s->io_buffer_size = 0;
859 ide_dma_start(s, ide_read_dma_cb);
862 static void ide_sector_write_timer_cb(void *opaque)
864 IDEState *s = opaque;
868 static void ide_sector_write(IDEState *s)
873 s->status = READY_STAT | SEEK_STAT;
874 sector_num = ide_get_sector(s);
875 #if defined(DEBUG_IDE)
876 printf("write sector=%Ld\n", sector_num);
879 if (n > s->req_nb_sectors)
880 n = s->req_nb_sectors;
881 ret = bdrv_write(s->bs, sector_num, s->io_buffer, n);
883 if (s->nsector == 0) {
884 /* no more sectors to write */
885 ide_transfer_stop(s);
888 if (n1 > s->req_nb_sectors)
889 n1 = s->req_nb_sectors;
890 ide_transfer_start(s, s->io_buffer, 512 * n1, ide_sector_write);
892 ide_set_sector(s, sector_num + n);
895 if (win2k_install_hack && ((++s->irq_count % 16) == 0)) {
896 /* It seems there is a bug in the Windows 2000 installer HDD
897 IDE driver which fills the disk with empty logs when the
898 IDE write IRQ comes too early. This hack tries to correct
899 that at the expense of slower write performances. Use this
900 option _only_ to install Windows 2000. You must disable it
902 qemu_mod_timer(s->sector_write_timer,
903 qemu_get_clock(vm_clock) + (ticks_per_sec / 1000));
911 /* XXX: handle errors */
912 static void ide_write_dma_cb(void *opaque, int ret)
914 BMDMAState *bm = opaque;
915 IDEState *s = bm->ide_if;
919 n = s->io_buffer_size >> 9;
920 sector_num = ide_get_sector(s);
923 ide_set_sector(s, sector_num);
927 /* end of transfer ? */
928 if (s->nsector == 0) {
929 s->status = READY_STAT | SEEK_STAT;
932 bm->status &= ~BM_STATUS_DMAING;
933 bm->status |= BM_STATUS_INT;
940 /* launch next transfer */
942 if (n > MAX_MULT_SECTORS)
943 n = MAX_MULT_SECTORS;
944 s->io_buffer_index = 0;
945 s->io_buffer_size = n * 512;
947 if (dma_buf_rw(bm, 0) == 0)
950 printf("aio_write: sector_num=%lld n=%d\n", sector_num, n);
952 bm->aiocb = bdrv_aio_write(s->bs, sector_num, s->io_buffer, n,
953 ide_write_dma_cb, bm);
956 static void ide_sector_write_dma(IDEState *s)
958 s->status = READY_STAT | SEEK_STAT | DRQ_STAT | BUSY_STAT;
959 s->io_buffer_index = 0;
960 s->io_buffer_size = 0;
961 ide_dma_start(s, ide_write_dma_cb);
964 static void ide_atapi_cmd_ok(IDEState *s)
967 s->status = READY_STAT;
968 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
972 static void ide_atapi_cmd_error(IDEState *s, int sense_key, int asc)
974 #ifdef DEBUG_IDE_ATAPI
975 printf("atapi_cmd_error: sense=0x%x asc=0x%x\n", sense_key, asc);
977 s->error = sense_key << 4;
978 s->status = READY_STAT | ERR_STAT;
979 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
980 s->sense_key = sense_key;
985 static inline void cpu_to_ube16(uint8_t *buf, int val)
991 static inline void cpu_to_ube32(uint8_t *buf, unsigned int val)
999 static inline int ube16_to_cpu(const uint8_t *buf)
1001 return (buf[0] << 8) | buf[1];
1004 static inline int ube32_to_cpu(const uint8_t *buf)
1006 return (buf[0] << 24) | (buf[1] << 16) | (buf[2] << 8) | buf[3];
1009 static void lba_to_msf(uint8_t *buf, int lba)
1012 buf[0] = (lba / 75) / 60;
1013 buf[1] = (lba / 75) % 60;
1017 static void cd_data_to_raw(uint8_t *buf, int lba)
1021 memset(buf + 1, 0xff, 10);
1025 lba_to_msf(buf, lba);
1026 buf[3] = 0x01; /* mode 1 data */
1030 /* XXX: ECC not computed */
1031 memset(buf, 0, 288);
1034 static int cd_read_sector(BlockDriverState *bs, int lba, uint8_t *buf,
1039 switch(sector_size) {
1041 ret = bdrv_read(bs, (int64_t)lba << 2, buf, 4);
1044 ret = bdrv_read(bs, (int64_t)lba << 2, buf + 16, 4);
1047 cd_data_to_raw(buf, lba);
1056 static void ide_atapi_io_error(IDEState *s, int ret)
1058 /* XXX: handle more errors */
1059 if (ret == -ENOMEDIUM) {
1060 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1061 ASC_MEDIUM_NOT_PRESENT);
1063 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1064 ASC_LOGICAL_BLOCK_OOR);
1068 /* The whole ATAPI transfer logic is handled in this function */
1069 static void ide_atapi_cmd_reply_end(IDEState *s)
1071 int byte_count_limit, size, ret;
1072 #ifdef DEBUG_IDE_ATAPI
1073 printf("reply: tx_size=%d elem_tx_size=%d index=%d\n",
1074 s->packet_transfer_size,
1075 s->elementary_transfer_size,
1076 s->io_buffer_index);
1078 if (s->packet_transfer_size <= 0) {
1079 /* end of transfer */
1080 ide_transfer_stop(s);
1081 s->status = READY_STAT;
1082 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
1084 #ifdef DEBUG_IDE_ATAPI
1085 printf("status=0x%x\n", s->status);
1088 /* see if a new sector must be read */
1089 if (s->lba != -1 && s->io_buffer_index >= s->cd_sector_size) {
1090 ret = cd_read_sector(s->bs, s->lba, s->io_buffer, s->cd_sector_size);
1092 ide_transfer_stop(s);
1093 ide_atapi_io_error(s, ret);
1097 s->io_buffer_index = 0;
1099 if (s->elementary_transfer_size > 0) {
1100 /* there are some data left to transmit in this elementary
1102 size = s->cd_sector_size - s->io_buffer_index;
1103 if (size > s->elementary_transfer_size)
1104 size = s->elementary_transfer_size;
1105 ide_transfer_start(s, s->io_buffer + s->io_buffer_index,
1106 size, ide_atapi_cmd_reply_end);
1107 s->packet_transfer_size -= size;
1108 s->elementary_transfer_size -= size;
1109 s->io_buffer_index += size;
1111 /* a new transfer is needed */
1112 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO;
1113 byte_count_limit = s->lcyl | (s->hcyl << 8);
1114 #ifdef DEBUG_IDE_ATAPI
1115 printf("byte_count_limit=%d\n", byte_count_limit);
1117 if (byte_count_limit == 0xffff)
1119 size = s->packet_transfer_size;
1120 if (size > byte_count_limit) {
1121 /* byte count limit must be even if this case */
1122 if (byte_count_limit & 1)
1124 size = byte_count_limit;
1127 s->hcyl = size >> 8;
1128 s->elementary_transfer_size = size;
1129 /* we cannot transmit more than one sector at a time */
1131 if (size > (s->cd_sector_size - s->io_buffer_index))
1132 size = (s->cd_sector_size - s->io_buffer_index);
1134 ide_transfer_start(s, s->io_buffer + s->io_buffer_index,
1135 size, ide_atapi_cmd_reply_end);
1136 s->packet_transfer_size -= size;
1137 s->elementary_transfer_size -= size;
1138 s->io_buffer_index += size;
1140 #ifdef DEBUG_IDE_ATAPI
1141 printf("status=0x%x\n", s->status);
1147 /* send a reply of 'size' bytes in s->io_buffer to an ATAPI command */
1148 static void ide_atapi_cmd_reply(IDEState *s, int size, int max_size)
1150 if (size > max_size)
1152 s->lba = -1; /* no sector read */
1153 s->packet_transfer_size = size;
1154 s->io_buffer_size = size; /* dma: send the reply data as one chunk */
1155 s->elementary_transfer_size = 0;
1156 s->io_buffer_index = 0;
1159 s->status = READY_STAT | DRQ_STAT;
1160 ide_dma_start(s, ide_atapi_cmd_read_dma_cb);
1162 s->status = READY_STAT;
1163 ide_atapi_cmd_reply_end(s);
1167 /* start a CD-CDROM read command */
1168 static void ide_atapi_cmd_read_pio(IDEState *s, int lba, int nb_sectors,
1172 s->packet_transfer_size = nb_sectors * sector_size;
1173 s->elementary_transfer_size = 0;
1174 s->io_buffer_index = sector_size;
1175 s->cd_sector_size = sector_size;
1177 s->status = READY_STAT;
1178 ide_atapi_cmd_reply_end(s);
1181 /* ATAPI DMA support */
1183 /* XXX: handle read errors */
1184 static void ide_atapi_cmd_read_dma_cb(void *opaque, int ret)
1186 BMDMAState *bm = opaque;
1187 IDEState *s = bm->ide_if;
1191 ide_atapi_io_error(s, ret);
1195 if (s->io_buffer_size > 0) {
1197 * For a cdrom read sector command (s->lba != -1),
1198 * adjust the lba for the next s->io_buffer_size chunk
1199 * and dma the current chunk.
1200 * For a command != read (s->lba == -1), just transfer
1204 if (s->cd_sector_size == 2352) {
1206 cd_data_to_raw(s->io_buffer, s->lba);
1208 n = s->io_buffer_size >> 11;
1212 s->packet_transfer_size -= s->io_buffer_size;
1213 if (dma_buf_rw(bm, 1) == 0)
1217 if (s->packet_transfer_size <= 0) {
1218 s->status = READY_STAT;
1219 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
1222 bm->status &= ~BM_STATUS_DMAING;
1223 bm->status |= BM_STATUS_INT;
1230 s->io_buffer_index = 0;
1231 if (s->cd_sector_size == 2352) {
1233 s->io_buffer_size = s->cd_sector_size;
1236 n = s->packet_transfer_size >> 11;
1237 if (n > (MAX_MULT_SECTORS / 4))
1238 n = (MAX_MULT_SECTORS / 4);
1239 s->io_buffer_size = n * 2048;
1243 printf("aio_read_cd: lba=%u n=%d\n", s->lba, n);
1245 bm->aiocb = bdrv_aio_read(s->bs, (int64_t)s->lba << 2,
1246 s->io_buffer + data_offset, n * 4,
1247 ide_atapi_cmd_read_dma_cb, bm);
1249 /* Note: media not present is the most likely case */
1250 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1251 ASC_MEDIUM_NOT_PRESENT);
1256 /* start a CD-CDROM read command with DMA */
1257 /* XXX: test if DMA is available */
1258 static void ide_atapi_cmd_read_dma(IDEState *s, int lba, int nb_sectors,
1262 s->packet_transfer_size = nb_sectors * sector_size;
1263 s->io_buffer_index = 0;
1264 s->io_buffer_size = 0;
1265 s->cd_sector_size = sector_size;
1267 /* XXX: check if BUSY_STAT should be set */
1268 s->status = READY_STAT | DRQ_STAT | BUSY_STAT;
1269 ide_dma_start(s, ide_atapi_cmd_read_dma_cb);
1272 static void ide_atapi_cmd_read(IDEState *s, int lba, int nb_sectors,
1275 #ifdef DEBUG_IDE_ATAPI
1276 printf("read %s: LBA=%d nb_sectors=%d\n", s->atapi_dma ? "dma" : "pio",
1280 ide_atapi_cmd_read_dma(s, lba, nb_sectors, sector_size);
1282 ide_atapi_cmd_read_pio(s, lba, nb_sectors, sector_size);
1286 static void ide_atapi_cmd(IDEState *s)
1288 const uint8_t *packet;
1292 packet = s->io_buffer;
1294 #ifdef DEBUG_IDE_ATAPI
1297 printf("ATAPI limit=0x%x packet:", s->lcyl | (s->hcyl << 8));
1298 for(i = 0; i < ATAPI_PACKET_SIZE; i++) {
1299 printf(" %02x", packet[i]);
1304 switch(s->io_buffer[0]) {
1305 case GPCMD_TEST_UNIT_READY:
1306 if (bdrv_is_inserted(s->bs)) {
1307 ide_atapi_cmd_ok(s);
1309 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1310 ASC_MEDIUM_NOT_PRESENT);
1313 case GPCMD_MODE_SENSE_6:
1314 case GPCMD_MODE_SENSE_10:
1317 if (packet[0] == GPCMD_MODE_SENSE_10)
1318 max_len = ube16_to_cpu(packet + 7);
1320 max_len = packet[4];
1321 action = packet[2] >> 6;
1322 code = packet[2] & 0x3f;
1324 case 0: /* current values */
1326 case 0x01: /* error recovery */
1327 cpu_to_ube16(&buf[0], 16 + 6);
1343 ide_atapi_cmd_reply(s, 16, max_len);
1346 cpu_to_ube16(&buf[0], 28 + 6);
1361 buf[14] = (1 << 0) | (1 << 3) | (1 << 5);
1362 if (bdrv_is_locked(s->bs))
1365 cpu_to_ube16(&buf[16], 706);
1368 cpu_to_ube16(&buf[20], 512);
1369 cpu_to_ube16(&buf[22], 706);
1374 ide_atapi_cmd_reply(s, 28, max_len);
1380 case 1: /* changeable values */
1382 case 2: /* default values */
1385 case 3: /* saved values */
1386 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1387 ASC_SAVING_PARAMETERS_NOT_SUPPORTED);
1392 case GPCMD_REQUEST_SENSE:
1393 max_len = packet[4];
1395 buf[0] = 0x70 | (1 << 7);
1396 buf[2] = s->sense_key;
1399 ide_atapi_cmd_reply(s, 18, max_len);
1401 case GPCMD_PREVENT_ALLOW_MEDIUM_REMOVAL:
1402 if (bdrv_is_inserted(s->bs)) {
1403 bdrv_set_locked(s->bs, packet[4] & 1);
1404 ide_atapi_cmd_ok(s);
1406 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1407 ASC_MEDIUM_NOT_PRESENT);
1413 int nb_sectors, lba;
1415 if (packet[0] == GPCMD_READ_10)
1416 nb_sectors = ube16_to_cpu(packet + 7);
1418 nb_sectors = ube32_to_cpu(packet + 6);
1419 lba = ube32_to_cpu(packet + 2);
1420 if (nb_sectors == 0) {
1421 ide_atapi_cmd_ok(s);
1424 ide_atapi_cmd_read(s, lba, nb_sectors, 2048);
1429 int nb_sectors, lba, transfer_request;
1431 nb_sectors = (packet[6] << 16) | (packet[7] << 8) | packet[8];
1432 lba = ube32_to_cpu(packet + 2);
1433 if (nb_sectors == 0) {
1434 ide_atapi_cmd_ok(s);
1437 transfer_request = packet[9];
1438 switch(transfer_request & 0xf8) {
1441 ide_atapi_cmd_ok(s);
1445 ide_atapi_cmd_read(s, lba, nb_sectors, 2048);
1449 ide_atapi_cmd_read(s, lba, nb_sectors, 2352);
1452 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1453 ASC_INV_FIELD_IN_CMD_PACKET);
1461 int64_t total_sectors;
1463 bdrv_get_geometry(s->bs, &total_sectors);
1464 total_sectors >>= 2;
1465 if (total_sectors <= 0) {
1466 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1467 ASC_MEDIUM_NOT_PRESENT);
1470 lba = ube32_to_cpu(packet + 2);
1471 if (lba >= total_sectors) {
1472 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1473 ASC_LOGICAL_BLOCK_OOR);
1476 ide_atapi_cmd_ok(s);
1479 case GPCMD_START_STOP_UNIT:
1482 start = packet[4] & 1;
1483 eject = (packet[4] >> 1) & 1;
1485 if (eject && !start) {
1486 /* eject the disk */
1487 bdrv_eject(s->bs, 1);
1488 } else if (eject && start) {
1489 /* close the tray */
1490 bdrv_eject(s->bs, 0);
1492 ide_atapi_cmd_ok(s);
1495 case GPCMD_MECHANISM_STATUS:
1497 max_len = ube16_to_cpu(packet + 8);
1498 cpu_to_ube16(buf, 0);
1499 /* no current LBA */
1504 cpu_to_ube16(buf + 6, 0);
1505 ide_atapi_cmd_reply(s, 8, max_len);
1508 case GPCMD_READ_TOC_PMA_ATIP:
1510 int format, msf, start_track, len;
1511 int64_t total_sectors;
1513 bdrv_get_geometry(s->bs, &total_sectors);
1514 total_sectors >>= 2;
1515 if (total_sectors <= 0) {
1516 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1517 ASC_MEDIUM_NOT_PRESENT);
1520 max_len = ube16_to_cpu(packet + 7);
1521 format = packet[9] >> 6;
1522 msf = (packet[1] >> 1) & 1;
1523 start_track = packet[6];
1526 len = cdrom_read_toc(total_sectors, buf, msf, start_track);
1529 ide_atapi_cmd_reply(s, len, max_len);
1532 /* multi session : only a single session defined */
1537 ide_atapi_cmd_reply(s, 12, max_len);
1540 len = cdrom_read_toc_raw(total_sectors, buf, msf, start_track);
1543 ide_atapi_cmd_reply(s, len, max_len);
1547 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1548 ASC_INV_FIELD_IN_CMD_PACKET);
1553 case GPCMD_READ_CDVD_CAPACITY:
1555 int64_t total_sectors;
1557 bdrv_get_geometry(s->bs, &total_sectors);
1558 total_sectors >>= 2;
1559 if (total_sectors <= 0) {
1560 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1561 ASC_MEDIUM_NOT_PRESENT);
1564 /* NOTE: it is really the number of sectors minus 1 */
1565 cpu_to_ube32(buf, total_sectors - 1);
1566 cpu_to_ube32(buf + 4, 2048);
1567 ide_atapi_cmd_reply(s, 8, 8);
1570 case GPCMD_READ_DVD_STRUCTURE:
1572 int media = packet[1];
1573 int layer = packet[6];
1574 int format = packet[2];
1575 int64_t total_sectors;
1577 if (media != 0 || layer != 0)
1579 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1580 ASC_INV_FIELD_IN_CMD_PACKET);
1585 bdrv_get_geometry(s->bs, &total_sectors);
1586 total_sectors >>= 2;
1588 memset(buf, 0, 2052);
1590 buf[4] = 1; // DVD-ROM, part version 1
1591 buf[5] = 0xf; // 120mm disc, maximum rate unspecified
1592 buf[6] = 0; // one layer, embossed data
1595 cpu_to_ube32(buf + 8, 0);
1596 cpu_to_ube32(buf + 12, total_sectors - 1);
1597 cpu_to_ube32(buf + 16, total_sectors - 1);
1599 cpu_to_be16wu((uint16_t *)buf, 2048 + 4);
1601 ide_atapi_cmd_reply(s, 2048 + 3, 2048 + 4);
1605 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1606 ASC_INV_FIELD_IN_CMD_PACKET);
1611 case GPCMD_SET_SPEED:
1612 ide_atapi_cmd_ok(s);
1615 max_len = packet[4];
1616 buf[0] = 0x05; /* CD-ROM */
1617 buf[1] = 0x80; /* removable */
1618 buf[2] = 0x00; /* ISO */
1619 buf[3] = 0x21; /* ATAPI-2 (XXX: put ATAPI-4 ?) */
1620 buf[4] = 31; /* additional length */
1621 buf[5] = 0; /* reserved */
1622 buf[6] = 0; /* reserved */
1623 buf[7] = 0; /* reserved */
1624 padstr8(buf + 8, 8, "QEMU");
1625 padstr8(buf + 16, 16, "QEMU CD-ROM");
1626 padstr8(buf + 32, 4, QEMU_VERSION);
1627 ide_atapi_cmd_reply(s, 36, max_len);
1629 case GPCMD_GET_CONFIGURATION:
1631 int64_t total_sectors;
1633 /* only feature 0 is supported */
1634 if (packet[2] != 0 || packet[3] != 0) {
1635 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1636 ASC_INV_FIELD_IN_CMD_PACKET);
1640 bdrv_get_geometry(s->bs, &total_sectors);
1642 buf[7] = total_sectors <= 1433600 ? 0x08 : 0x10; /* current profile */
1643 buf[10] = 0x10 | 0x1;
1644 buf[11] = 0x08; /* size of profile list */
1645 buf[13] = 0x10; /* DVD-ROM profile */
1646 buf[14] = buf[7] == 0x10; /* (in)active */
1647 buf[17] = 0x08; /* CD-ROM profile */
1648 buf[18] = buf[7] == 0x08; /* (in)active */
1649 ide_atapi_cmd_reply(s, 32, 32);
1653 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1654 ASC_ILLEGAL_OPCODE);
1659 static void ide_cfata_metadata_inquiry(IDEState *s)
1664 p = (uint16_t *) s->io_buffer;
1665 memset(p, 0, 0x200);
1666 spd = ((s->mdata_size - 1) >> 9) + 1;
1668 put_le16(p + 0, 0x0001); /* Data format revision */
1669 put_le16(p + 1, 0x0000); /* Media property: silicon */
1670 put_le16(p + 2, s->media_changed); /* Media status */
1671 put_le16(p + 3, s->mdata_size & 0xffff); /* Capacity in bytes (low) */
1672 put_le16(p + 4, s->mdata_size >> 16); /* Capacity in bytes (high) */
1673 put_le16(p + 5, spd & 0xffff); /* Sectors per device (low) */
1674 put_le16(p + 6, spd >> 16); /* Sectors per device (high) */
1677 static void ide_cfata_metadata_read(IDEState *s)
1681 if (((s->hcyl << 16) | s->lcyl) << 9 > s->mdata_size + 2) {
1682 s->status = ERR_STAT;
1683 s->error = ABRT_ERR;
1687 p = (uint16_t *) s->io_buffer;
1688 memset(p, 0, 0x200);
1690 put_le16(p + 0, s->media_changed); /* Media status */
1691 memcpy(p + 1, s->mdata_storage + (((s->hcyl << 16) | s->lcyl) << 9),
1692 MIN(MIN(s->mdata_size - (((s->hcyl << 16) | s->lcyl) << 9),
1693 s->nsector << 9), 0x200 - 2));
1696 static void ide_cfata_metadata_write(IDEState *s)
1698 if (((s->hcyl << 16) | s->lcyl) << 9 > s->mdata_size + 2) {
1699 s->status = ERR_STAT;
1700 s->error = ABRT_ERR;
1704 s->media_changed = 0;
1706 memcpy(s->mdata_storage + (((s->hcyl << 16) | s->lcyl) << 9),
1708 MIN(MIN(s->mdata_size - (((s->hcyl << 16) | s->lcyl) << 9),
1709 s->nsector << 9), 0x200 - 2));
1712 /* called when the inserted state of the media has changed */
1713 static void cdrom_change_cb(void *opaque)
1715 IDEState *s = opaque;
1718 /* XXX: send interrupt too */
1719 bdrv_get_geometry(s->bs, &nb_sectors);
1720 s->nb_sectors = nb_sectors;
1723 static void ide_cmd_lba48_transform(IDEState *s, int lba48)
1727 /* handle the 'magic' 0 nsector count conversion here. to avoid
1728 * fiddling with the rest of the read logic, we just store the
1729 * full sector count in ->nsector and ignore ->hob_nsector from now
1735 if (!s->nsector && !s->hob_nsector)
1738 int lo = s->nsector;
1739 int hi = s->hob_nsector;
1741 s->nsector = (hi << 8) | lo;
1746 static void ide_clear_hob(IDEState *ide_if)
1748 /* any write clears HOB high bit of device control register */
1749 ide_if[0].select &= ~(1 << 7);
1750 ide_if[1].select &= ~(1 << 7);
1753 static void ide_ioport_write(void *opaque, uint32_t addr, uint32_t val)
1755 IDEState *ide_if = opaque;
1761 printf("IDE: write addr=0x%x val=0x%02x\n", addr, val);
1769 ide_clear_hob(ide_if);
1770 /* NOTE: data is written to the two drives */
1771 ide_if[0].hob_feature = ide_if[0].feature;
1772 ide_if[1].hob_feature = ide_if[1].feature;
1773 ide_if[0].feature = val;
1774 ide_if[1].feature = val;
1777 ide_clear_hob(ide_if);
1778 ide_if[0].hob_nsector = ide_if[0].nsector;
1779 ide_if[1].hob_nsector = ide_if[1].nsector;
1780 ide_if[0].nsector = val;
1781 ide_if[1].nsector = val;
1784 ide_clear_hob(ide_if);
1785 ide_if[0].hob_sector = ide_if[0].sector;
1786 ide_if[1].hob_sector = ide_if[1].sector;
1787 ide_if[0].sector = val;
1788 ide_if[1].sector = val;
1791 ide_clear_hob(ide_if);
1792 ide_if[0].hob_lcyl = ide_if[0].lcyl;
1793 ide_if[1].hob_lcyl = ide_if[1].lcyl;
1794 ide_if[0].lcyl = val;
1795 ide_if[1].lcyl = val;
1798 ide_clear_hob(ide_if);
1799 ide_if[0].hob_hcyl = ide_if[0].hcyl;
1800 ide_if[1].hob_hcyl = ide_if[1].hcyl;
1801 ide_if[0].hcyl = val;
1802 ide_if[1].hcyl = val;
1805 /* FIXME: HOB readback uses bit 7 */
1806 ide_if[0].select = (val & ~0x10) | 0xa0;
1807 ide_if[1].select = (val | 0x10) | 0xa0;
1809 unit = (val >> 4) & 1;
1811 ide_if->cur_drive = s;
1816 #if defined(DEBUG_IDE)
1817 printf("ide: CMD=%02x\n", val);
1819 s = ide_if->cur_drive;
1820 /* ignore commands to non existant slave */
1821 if (s != ide_if && !s->bs)
1826 if (s->bs && !s->is_cdrom) {
1830 ide_cfata_identify(s);
1831 s->status = READY_STAT | SEEK_STAT;
1832 ide_transfer_start(s, s->io_buffer, 512, ide_transfer_stop);
1835 ide_set_signature(s);
1837 ide_abort_command(s);
1844 s->status = READY_STAT | SEEK_STAT;
1848 if (s->is_cf && s->nsector == 0) {
1849 /* Disable Read and Write Multiple */
1850 s->mult_sectors = 0;
1851 s->status = READY_STAT;
1852 } else if ((s->nsector & 0xff) != 0 &&
1853 ((s->nsector & 0xff) > MAX_MULT_SECTORS ||
1854 (s->nsector & (s->nsector - 1)) != 0)) {
1855 ide_abort_command(s);
1857 s->mult_sectors = s->nsector & 0xff;
1858 s->status = READY_STAT;
1862 case WIN_VERIFY_EXT:
1865 case WIN_VERIFY_ONCE:
1866 /* do sector number check ? */
1867 ide_cmd_lba48_transform(s, lba48);
1868 s->status = READY_STAT;
1877 ide_cmd_lba48_transform(s, lba48);
1878 s->req_nb_sectors = 1;
1884 case WIN_WRITE_ONCE:
1885 case CFA_WRITE_SECT_WO_ERASE:
1886 case WIN_WRITE_VERIFY:
1887 ide_cmd_lba48_transform(s, lba48);
1889 s->status = SEEK_STAT | READY_STAT;
1890 s->req_nb_sectors = 1;
1891 ide_transfer_start(s, s->io_buffer, 512, ide_sector_write);
1892 s->media_changed = 1;
1894 case WIN_MULTREAD_EXT:
1897 if (!s->mult_sectors)
1899 ide_cmd_lba48_transform(s, lba48);
1900 s->req_nb_sectors = s->mult_sectors;
1903 case WIN_MULTWRITE_EXT:
1906 case CFA_WRITE_MULTI_WO_ERASE:
1907 if (!s->mult_sectors)
1909 ide_cmd_lba48_transform(s, lba48);
1911 s->status = SEEK_STAT | READY_STAT;
1912 s->req_nb_sectors = s->mult_sectors;
1914 if (n > s->req_nb_sectors)
1915 n = s->req_nb_sectors;
1916 ide_transfer_start(s, s->io_buffer, 512 * n, ide_sector_write);
1917 s->media_changed = 1;
1919 case WIN_READDMA_EXT:
1922 case WIN_READDMA_ONCE:
1925 ide_cmd_lba48_transform(s, lba48);
1926 ide_sector_read_dma(s);
1928 case WIN_WRITEDMA_EXT:
1931 case WIN_WRITEDMA_ONCE:
1934 ide_cmd_lba48_transform(s, lba48);
1935 ide_sector_write_dma(s);
1936 s->media_changed = 1;
1938 case WIN_READ_NATIVE_MAX_EXT:
1940 case WIN_READ_NATIVE_MAX:
1941 ide_cmd_lba48_transform(s, lba48);
1942 ide_set_sector(s, s->nb_sectors - 1);
1943 s->status = READY_STAT;
1946 case WIN_CHECKPOWERMODE1:
1947 case WIN_CHECKPOWERMODE2:
1948 s->nsector = 0xff; /* device active or idle */
1949 s->status = READY_STAT;
1952 case WIN_SETFEATURES:
1955 /* XXX: valid for CDROM ? */
1956 switch(s->feature) {
1957 case 0xcc: /* reverting to power-on defaults enable */
1958 case 0x66: /* reverting to power-on defaults disable */
1959 case 0x02: /* write cache enable */
1960 case 0x82: /* write cache disable */
1961 case 0xaa: /* read look-ahead enable */
1962 case 0x55: /* read look-ahead disable */
1963 case 0x05: /* set advanced power management mode */
1964 case 0x85: /* disable advanced power management mode */
1965 case 0x69: /* NOP */
1966 case 0x67: /* NOP */
1967 case 0x96: /* NOP */
1968 case 0x9a: /* NOP */
1969 case 0x42: /* enable Automatic Acoustic Mode */
1970 case 0xc2: /* disable Automatic Acoustic Mode */
1971 s->status = READY_STAT | SEEK_STAT;
1974 case 0x03: { /* set transfer mode */
1975 uint8_t val = s->nsector & 0x07;
1977 switch (s->nsector >> 3) {
1978 case 0x00: /* pio default */
1979 case 0x01: /* pio mode */
1980 put_le16(s->identify_data + 63,0x07);
1981 put_le16(s->identify_data + 88,0x3f);
1983 case 0x04: /* mdma mode */
1984 put_le16(s->identify_data + 63,0x07 | (1 << (val + 8)));
1985 put_le16(s->identify_data + 88,0x3f);
1987 case 0x08: /* udma mode */
1988 put_le16(s->identify_data + 63,0x07);
1989 put_le16(s->identify_data + 88,0x3f | (1 << (val + 8)));
1994 s->status = READY_STAT | SEEK_STAT;
2002 case WIN_FLUSH_CACHE:
2003 case WIN_FLUSH_CACHE_EXT:
2006 s->status = READY_STAT;
2011 case WIN_STANDBYNOW1:
2012 case WIN_STANDBYNOW2:
2013 case WIN_IDLEIMMEDIATE:
2014 case CFA_IDLEIMMEDIATE:
2019 s->status = READY_STAT;
2022 /* ATAPI commands */
2025 ide_atapi_identify(s);
2026 s->status = READY_STAT | SEEK_STAT;
2027 ide_transfer_start(s, s->io_buffer, 512, ide_transfer_stop);
2029 ide_abort_command(s);
2034 ide_set_signature(s);
2035 s->status = 0x00; /* NOTE: READY is _not_ set */
2041 ide_set_signature(s);
2042 s->status = 0x00; /* NOTE: READY is _not_ set */
2048 /* overlapping commands not supported */
2049 if (s->feature & 0x02)
2051 s->status = READY_STAT;
2052 s->atapi_dma = s->feature & 1;
2054 ide_transfer_start(s, s->io_buffer, ATAPI_PACKET_SIZE,
2057 /* CF-ATA commands */
2058 case CFA_REQ_EXT_ERROR_CODE:
2061 s->error = 0x09; /* miscellaneous error */
2062 s->status = READY_STAT;
2065 case CFA_ERASE_SECTORS:
2066 case CFA_WEAR_LEVEL:
2069 if (val == CFA_WEAR_LEVEL)
2071 if (val == CFA_ERASE_SECTORS)
2072 s->media_changed = 1;
2074 s->status = READY_STAT;
2077 case CFA_TRANSLATE_SECTOR:
2081 s->status = READY_STAT;
2082 memset(s->io_buffer, 0, 0x200);
2083 s->io_buffer[0x00] = s->hcyl; /* Cyl MSB */
2084 s->io_buffer[0x01] = s->lcyl; /* Cyl LSB */
2085 s->io_buffer[0x02] = s->select; /* Head */
2086 s->io_buffer[0x03] = s->sector; /* Sector */
2087 s->io_buffer[0x04] = ide_get_sector(s) >> 16; /* LBA MSB */
2088 s->io_buffer[0x05] = ide_get_sector(s) >> 8; /* LBA */
2089 s->io_buffer[0x06] = ide_get_sector(s) >> 0; /* LBA LSB */
2090 s->io_buffer[0x13] = 0x00; /* Erase flag */
2091 s->io_buffer[0x18] = 0x00; /* Hot count */
2092 s->io_buffer[0x19] = 0x00; /* Hot count */
2093 s->io_buffer[0x1a] = 0x01; /* Hot count */
2094 ide_transfer_start(s, s->io_buffer, 0x200, ide_transfer_stop);
2097 case CFA_ACCESS_METADATA_STORAGE:
2100 switch (s->feature) {
2101 case 0x02: /* Inquiry Metadata Storage */
2102 ide_cfata_metadata_inquiry(s);
2104 case 0x03: /* Read Metadata Storage */
2105 ide_cfata_metadata_read(s);
2107 case 0x04: /* Write Metadata Storage */
2108 ide_cfata_metadata_write(s);
2113 ide_transfer_start(s, s->io_buffer, 0x200, ide_transfer_stop);
2114 s->status = 0x00; /* NOTE: READY is _not_ set */
2117 case IBM_SENSE_CONDITION:
2120 switch (s->feature) {
2121 case 0x01: /* sense temperature in device */
2122 s->nsector = 0x50; /* +20 C */
2127 s->status = READY_STAT;
2132 ide_abort_command(s);
2139 static uint32_t ide_ioport_read(void *opaque, uint32_t addr1)
2141 IDEState *ide_if = opaque;
2142 IDEState *s = ide_if->cur_drive;
2147 /* FIXME: HOB readback uses bit 7, but it's always set right now */
2148 //hob = s->select & (1 << 7);
2155 if (!ide_if[0].bs && !ide_if[1].bs)
2160 ret = s->hob_feature;
2163 if (!ide_if[0].bs && !ide_if[1].bs)
2166 ret = s->nsector & 0xff;
2168 ret = s->hob_nsector;
2171 if (!ide_if[0].bs && !ide_if[1].bs)
2176 ret = s->hob_sector;
2179 if (!ide_if[0].bs && !ide_if[1].bs)
2187 if (!ide_if[0].bs && !ide_if[1].bs)
2195 if (!ide_if[0].bs && !ide_if[1].bs)
2202 if ((!ide_if[0].bs && !ide_if[1].bs) ||
2203 (s != ide_if && !s->bs))
2207 qemu_irq_lower(s->irq);
2211 printf("ide: read addr=0x%x val=%02x\n", addr1, ret);
2216 static uint32_t ide_status_read(void *opaque, uint32_t addr)
2218 IDEState *ide_if = opaque;
2219 IDEState *s = ide_if->cur_drive;
2222 if ((!ide_if[0].bs && !ide_if[1].bs) ||
2223 (s != ide_if && !s->bs))
2228 printf("ide: read status addr=0x%x val=%02x\n", addr, ret);
2233 static void ide_cmd_write(void *opaque, uint32_t addr, uint32_t val)
2235 IDEState *ide_if = opaque;
2240 printf("ide: write control addr=0x%x val=%02x\n", addr, val);
2242 /* common for both drives */
2243 if (!(ide_if[0].cmd & IDE_CMD_RESET) &&
2244 (val & IDE_CMD_RESET)) {
2245 /* reset low to high */
2246 for(i = 0;i < 2; i++) {
2248 s->status = BUSY_STAT | SEEK_STAT;
2251 } else if ((ide_if[0].cmd & IDE_CMD_RESET) &&
2252 !(val & IDE_CMD_RESET)) {
2254 for(i = 0;i < 2; i++) {
2257 s->status = 0x00; /* NOTE: READY is _not_ set */
2259 s->status = READY_STAT | SEEK_STAT;
2260 ide_set_signature(s);
2264 ide_if[0].cmd = val;
2265 ide_if[1].cmd = val;
2268 static void ide_data_writew(void *opaque, uint32_t addr, uint32_t val)
2270 IDEState *s = ((IDEState *)opaque)->cur_drive;
2274 *(uint16_t *)p = le16_to_cpu(val);
2277 if (p >= s->data_end)
2278 s->end_transfer_func(s);
2281 static uint32_t ide_data_readw(void *opaque, uint32_t addr)
2283 IDEState *s = ((IDEState *)opaque)->cur_drive;
2287 ret = cpu_to_le16(*(uint16_t *)p);
2290 if (p >= s->data_end)
2291 s->end_transfer_func(s);
2295 static void ide_data_writel(void *opaque, uint32_t addr, uint32_t val)
2297 IDEState *s = ((IDEState *)opaque)->cur_drive;
2301 *(uint32_t *)p = le32_to_cpu(val);
2304 if (p >= s->data_end)
2305 s->end_transfer_func(s);
2308 static uint32_t ide_data_readl(void *opaque, uint32_t addr)
2310 IDEState *s = ((IDEState *)opaque)->cur_drive;
2315 ret = cpu_to_le32(*(uint32_t *)p);
2318 if (p >= s->data_end)
2319 s->end_transfer_func(s);
2323 static void ide_dummy_transfer_stop(IDEState *s)
2325 s->data_ptr = s->io_buffer;
2326 s->data_end = s->io_buffer;
2327 s->io_buffer[0] = 0xff;
2328 s->io_buffer[1] = 0xff;
2329 s->io_buffer[2] = 0xff;
2330 s->io_buffer[3] = 0xff;
2333 static void ide_reset(IDEState *s)
2336 s->mult_sectors = 0;
2338 s->mult_sectors = MAX_MULT_SECTORS;
2341 s->status = READY_STAT;
2342 ide_set_signature(s);
2343 /* init the transfer handler so that 0xffff is returned on data
2345 s->end_transfer_func = ide_dummy_transfer_stop;
2346 ide_dummy_transfer_stop(s);
2347 s->media_changed = 0;
2351 uint8_t boot_ind; /* 0x80 - active */
2352 uint8_t head; /* starting head */
2353 uint8_t sector; /* starting sector */
2354 uint8_t cyl; /* starting cylinder */
2355 uint8_t sys_ind; /* What partition type */
2356 uint8_t end_head; /* end head */
2357 uint8_t end_sector; /* end sector */
2358 uint8_t end_cyl; /* end cylinder */
2359 uint32_t start_sect; /* starting sector counting from 0 */
2360 uint32_t nr_sects; /* nr of sectors in partition */
2361 } __attribute__((packed));
2363 /* try to guess the disk logical geometry from the MSDOS partition table. Return 0 if OK, -1 if could not guess */
2364 static int guess_disk_lchs(IDEState *s,
2365 int *pcylinders, int *pheads, int *psectors)
2368 int ret, i, heads, sectors, cylinders;
2369 struct partition *p;
2372 ret = bdrv_read(s->bs, 0, buf, 1);
2375 /* test msdos magic */
2376 if (buf[510] != 0x55 || buf[511] != 0xaa)
2378 for(i = 0; i < 4; i++) {
2379 p = ((struct partition *)(buf + 0x1be)) + i;
2380 nr_sects = le32_to_cpu(p->nr_sects);
2381 if (nr_sects && p->end_head) {
2382 /* We make the assumption that the partition terminates on
2383 a cylinder boundary */
2384 heads = p->end_head + 1;
2385 sectors = p->end_sector & 63;
2388 cylinders = s->nb_sectors / (heads * sectors);
2389 if (cylinders < 1 || cylinders > 16383)
2392 *psectors = sectors;
2393 *pcylinders = cylinders;
2395 printf("guessed geometry: LCHS=%d %d %d\n",
2396 cylinders, heads, sectors);
2404 static void ide_init2(IDEState *ide_state,
2405 BlockDriverState *hd0, BlockDriverState *hd1,
2409 static int drive_serial = 1;
2410 int i, cylinders, heads, secs, translation, lba_detected = 0;
2413 for(i = 0; i < 2; i++) {
2420 bdrv_get_geometry(s->bs, &nb_sectors);
2421 s->nb_sectors = nb_sectors;
2422 /* if a geometry hint is available, use it */
2423 bdrv_get_geometry_hint(s->bs, &cylinders, &heads, &secs);
2424 translation = bdrv_get_translation_hint(s->bs);
2425 if (cylinders != 0) {
2426 s->cylinders = cylinders;
2430 if (guess_disk_lchs(s, &cylinders, &heads, &secs) == 0) {
2432 /* if heads > 16, it means that a BIOS LBA
2433 translation was active, so the default
2434 hardware geometry is OK */
2436 goto default_geometry;
2438 s->cylinders = cylinders;
2441 /* disable any translation to be in sync with
2442 the logical geometry */
2443 if (translation == BIOS_ATA_TRANSLATION_AUTO) {
2444 bdrv_set_translation_hint(s->bs,
2445 BIOS_ATA_TRANSLATION_NONE);
2450 /* if no geometry, use a standard physical disk geometry */
2451 cylinders = nb_sectors / (16 * 63);
2452 if (cylinders > 16383)
2454 else if (cylinders < 2)
2456 s->cylinders = cylinders;
2459 if ((lba_detected == 1) && (translation == BIOS_ATA_TRANSLATION_AUTO)) {
2460 if ((s->cylinders * s->heads) <= 131072) {
2461 bdrv_set_translation_hint(s->bs,
2462 BIOS_ATA_TRANSLATION_LARGE);
2464 bdrv_set_translation_hint(s->bs,
2465 BIOS_ATA_TRANSLATION_LBA);
2469 bdrv_set_geometry_hint(s->bs, s->cylinders, s->heads, s->sectors);
2471 if (bdrv_get_type_hint(s->bs) == BDRV_TYPE_CDROM) {
2473 bdrv_set_change_cb(s->bs, cdrom_change_cb, s);
2476 s->drive_serial = drive_serial++;
2478 s->sector_write_timer = qemu_new_timer(vm_clock,
2479 ide_sector_write_timer_cb, s);
2484 static void ide_init_ioport(IDEState *ide_state, int iobase, int iobase2)
2486 register_ioport_write(iobase, 8, 1, ide_ioport_write, ide_state);
2487 register_ioport_read(iobase, 8, 1, ide_ioport_read, ide_state);
2489 register_ioport_read(iobase2, 1, 1, ide_status_read, ide_state);
2490 register_ioport_write(iobase2, 1, 1, ide_cmd_write, ide_state);
2494 register_ioport_write(iobase, 2, 2, ide_data_writew, ide_state);
2495 register_ioport_read(iobase, 2, 2, ide_data_readw, ide_state);
2496 register_ioport_write(iobase, 4, 4, ide_data_writel, ide_state);
2497 register_ioport_read(iobase, 4, 4, ide_data_readl, ide_state);
2500 /* save per IDE drive data */
2501 static void ide_save(QEMUFile* f, IDEState *s)
2503 qemu_put_be32s(f, &s->mult_sectors);
2504 qemu_put_be32s(f, &s->identify_set);
2505 if (s->identify_set) {
2506 qemu_put_buffer(f, (const uint8_t *)s->identify_data, 512);
2508 qemu_put_8s(f, &s->feature);
2509 qemu_put_8s(f, &s->error);
2510 qemu_put_be32s(f, &s->nsector);
2511 qemu_put_8s(f, &s->sector);
2512 qemu_put_8s(f, &s->lcyl);
2513 qemu_put_8s(f, &s->hcyl);
2514 qemu_put_8s(f, &s->hob_feature);
2515 qemu_put_8s(f, &s->hob_nsector);
2516 qemu_put_8s(f, &s->hob_sector);
2517 qemu_put_8s(f, &s->hob_lcyl);
2518 qemu_put_8s(f, &s->hob_hcyl);
2519 qemu_put_8s(f, &s->select);
2520 qemu_put_8s(f, &s->status);
2521 qemu_put_8s(f, &s->lba48);
2523 qemu_put_8s(f, &s->sense_key);
2524 qemu_put_8s(f, &s->asc);
2525 /* XXX: if a transfer is pending, we do not save it yet */
2528 /* load per IDE drive data */
2529 static void ide_load(QEMUFile* f, IDEState *s)
2531 qemu_get_be32s(f, &s->mult_sectors);
2532 qemu_get_be32s(f, &s->identify_set);
2533 if (s->identify_set) {
2534 qemu_get_buffer(f, (uint8_t *)s->identify_data, 512);
2536 qemu_get_8s(f, &s->feature);
2537 qemu_get_8s(f, &s->error);
2538 qemu_get_be32s(f, &s->nsector);
2539 qemu_get_8s(f, &s->sector);
2540 qemu_get_8s(f, &s->lcyl);
2541 qemu_get_8s(f, &s->hcyl);
2542 qemu_get_8s(f, &s->hob_feature);
2543 qemu_get_8s(f, &s->hob_nsector);
2544 qemu_get_8s(f, &s->hob_sector);
2545 qemu_get_8s(f, &s->hob_lcyl);
2546 qemu_get_8s(f, &s->hob_hcyl);
2547 qemu_get_8s(f, &s->select);
2548 qemu_get_8s(f, &s->status);
2549 qemu_get_8s(f, &s->lba48);
2551 qemu_get_8s(f, &s->sense_key);
2552 qemu_get_8s(f, &s->asc);
2553 /* XXX: if a transfer is pending, we do not save it yet */
2556 /***********************************************************/
2557 /* ISA IDE definitions */
2559 void isa_ide_init(int iobase, int iobase2, qemu_irq irq,
2560 BlockDriverState *hd0, BlockDriverState *hd1)
2562 IDEState *ide_state;
2564 ide_state = qemu_mallocz(sizeof(IDEState) * 2);
2568 ide_init2(ide_state, hd0, hd1, irq);
2569 ide_init_ioport(ide_state, iobase, iobase2);
2572 /***********************************************************/
2573 /* PCI IDE definitions */
2575 static void cmd646_update_irq(PCIIDEState *d);
2577 static void ide_map(PCIDevice *pci_dev, int region_num,
2578 uint32_t addr, uint32_t size, int type)
2580 PCIIDEState *d = (PCIIDEState *)pci_dev;
2581 IDEState *ide_state;
2583 if (region_num <= 3) {
2584 ide_state = &d->ide_if[(region_num >> 1) * 2];
2585 if (region_num & 1) {
2586 register_ioport_read(addr + 2, 1, 1, ide_status_read, ide_state);
2587 register_ioport_write(addr + 2, 1, 1, ide_cmd_write, ide_state);
2589 register_ioport_write(addr, 8, 1, ide_ioport_write, ide_state);
2590 register_ioport_read(addr, 8, 1, ide_ioport_read, ide_state);
2593 register_ioport_write(addr, 2, 2, ide_data_writew, ide_state);
2594 register_ioport_read(addr, 2, 2, ide_data_readw, ide_state);
2595 register_ioport_write(addr, 4, 4, ide_data_writel, ide_state);
2596 register_ioport_read(addr, 4, 4, ide_data_readl, ide_state);
2601 static void ide_dma_start(IDEState *s, BlockDriverCompletionFunc *dma_cb)
2603 BMDMAState *bm = s->bmdma;
2607 bm->dma_cb = dma_cb;
2608 bm->cur_prd_last = 0;
2609 bm->cur_prd_addr = 0;
2610 bm->cur_prd_len = 0;
2611 if (bm->status & BM_STATUS_DMAING) {
2616 static void bmdma_cmd_writeb(void *opaque, uint32_t addr, uint32_t val)
2618 BMDMAState *bm = opaque;
2620 printf("%s: 0x%08x\n", __func__, val);
2622 if (!(val & BM_CMD_START)) {
2623 /* XXX: do it better */
2624 if (bm->status & BM_STATUS_DMAING) {
2625 bm->status &= ~BM_STATUS_DMAING;
2626 /* cancel DMA request */
2631 printf("aio_cancel\n");
2633 bdrv_aio_cancel(bm->aiocb);
2637 bm->cmd = val & 0x09;
2639 if (!(bm->status & BM_STATUS_DMAING)) {
2640 bm->status |= BM_STATUS_DMAING;
2641 /* start dma transfer if possible */
2645 bm->cmd = val & 0x09;
2649 static uint32_t bmdma_readb(void *opaque, uint32_t addr)
2651 BMDMAState *bm = opaque;
2652 PCIIDEState *pci_dev;
2660 pci_dev = bm->pci_dev;
2661 if (pci_dev->type == IDE_TYPE_CMD646) {
2662 val = pci_dev->dev.config[MRDMODE];
2671 pci_dev = bm->pci_dev;
2672 if (pci_dev->type == IDE_TYPE_CMD646) {
2673 if (bm == &pci_dev->bmdma[0])
2674 val = pci_dev->dev.config[UDIDETCR0];
2676 val = pci_dev->dev.config[UDIDETCR1];
2686 printf("bmdma: readb 0x%02x : 0x%02x\n", addr, val);
2691 static void bmdma_writeb(void *opaque, uint32_t addr, uint32_t val)
2693 BMDMAState *bm = opaque;
2694 PCIIDEState *pci_dev;
2696 printf("bmdma: writeb 0x%02x : 0x%02x\n", addr, val);
2700 pci_dev = bm->pci_dev;
2701 if (pci_dev->type == IDE_TYPE_CMD646) {
2702 pci_dev->dev.config[MRDMODE] =
2703 (pci_dev->dev.config[MRDMODE] & ~0x30) | (val & 0x30);
2704 cmd646_update_irq(pci_dev);
2708 bm->status = (val & 0x60) | (bm->status & 1) | (bm->status & ~val & 0x06);
2711 pci_dev = bm->pci_dev;
2712 if (pci_dev->type == IDE_TYPE_CMD646) {
2713 if (bm == &pci_dev->bmdma[0])
2714 pci_dev->dev.config[UDIDETCR0] = val;
2716 pci_dev->dev.config[UDIDETCR1] = val;
2722 static uint32_t bmdma_addr_readl(void *opaque, uint32_t addr)
2724 BMDMAState *bm = opaque;
2728 printf("%s: 0x%08x\n", __func__, val);
2733 static void bmdma_addr_writel(void *opaque, uint32_t addr, uint32_t val)
2735 BMDMAState *bm = opaque;
2737 printf("%s: 0x%08x\n", __func__, val);
2739 bm->addr = val & ~3;
2740 bm->cur_addr = bm->addr;
2743 static void bmdma_map(PCIDevice *pci_dev, int region_num,
2744 uint32_t addr, uint32_t size, int type)
2746 PCIIDEState *d = (PCIIDEState *)pci_dev;
2749 for(i = 0;i < 2; i++) {
2750 BMDMAState *bm = &d->bmdma[i];
2751 d->ide_if[2 * i].bmdma = bm;
2752 d->ide_if[2 * i + 1].bmdma = bm;
2753 bm->pci_dev = (PCIIDEState *)pci_dev;
2755 register_ioport_write(addr, 1, 1, bmdma_cmd_writeb, bm);
2757 register_ioport_write(addr + 1, 3, 1, bmdma_writeb, bm);
2758 register_ioport_read(addr, 4, 1, bmdma_readb, bm);
2760 register_ioport_write(addr + 4, 4, 4, bmdma_addr_writel, bm);
2761 register_ioport_read(addr + 4, 4, 4, bmdma_addr_readl, bm);
2766 /* XXX: call it also when the MRDMODE is changed from the PCI config
2768 static void cmd646_update_irq(PCIIDEState *d)
2771 pci_level = ((d->dev.config[MRDMODE] & MRDMODE_INTR_CH0) &&
2772 !(d->dev.config[MRDMODE] & MRDMODE_BLK_CH0)) ||
2773 ((d->dev.config[MRDMODE] & MRDMODE_INTR_CH1) &&
2774 !(d->dev.config[MRDMODE] & MRDMODE_BLK_CH1));
2775 qemu_set_irq(d->dev.irq[0], pci_level);
2778 /* the PCI irq level is the logical OR of the two channels */
2779 static void cmd646_set_irq(void *opaque, int channel, int level)
2781 PCIIDEState *d = opaque;
2784 irq_mask = MRDMODE_INTR_CH0 << channel;
2786 d->dev.config[MRDMODE] |= irq_mask;
2788 d->dev.config[MRDMODE] &= ~irq_mask;
2789 cmd646_update_irq(d);
2792 /* CMD646 PCI IDE controller */
2793 void pci_cmd646_ide_init(PCIBus *bus, BlockDriverState **hd_table,
2794 int secondary_ide_enabled)
2801 d = (PCIIDEState *)pci_register_device(bus, "CMD646 IDE",
2802 sizeof(PCIIDEState),
2805 d->type = IDE_TYPE_CMD646;
2806 pci_conf = d->dev.config;
2807 pci_conf[0x00] = 0x95; // CMD646
2808 pci_conf[0x01] = 0x10;
2809 pci_conf[0x02] = 0x46;
2810 pci_conf[0x03] = 0x06;
2812 pci_conf[0x08] = 0x07; // IDE controller revision
2813 pci_conf[0x09] = 0x8f;
2815 pci_conf[0x0a] = 0x01; // class_sub = PCI_IDE
2816 pci_conf[0x0b] = 0x01; // class_base = PCI_mass_storage
2817 pci_conf[0x0e] = 0x00; // header_type
2819 if (secondary_ide_enabled) {
2820 /* XXX: if not enabled, really disable the seconday IDE controller */
2821 pci_conf[0x51] = 0x80; /* enable IDE1 */
2824 pci_register_io_region((PCIDevice *)d, 0, 0x8,
2825 PCI_ADDRESS_SPACE_IO, ide_map);
2826 pci_register_io_region((PCIDevice *)d, 1, 0x4,
2827 PCI_ADDRESS_SPACE_IO, ide_map);
2828 pci_register_io_region((PCIDevice *)d, 2, 0x8,
2829 PCI_ADDRESS_SPACE_IO, ide_map);
2830 pci_register_io_region((PCIDevice *)d, 3, 0x4,
2831 PCI_ADDRESS_SPACE_IO, ide_map);
2832 pci_register_io_region((PCIDevice *)d, 4, 0x10,
2833 PCI_ADDRESS_SPACE_IO, bmdma_map);
2835 pci_conf[0x3d] = 0x01; // interrupt on pin 1
2837 for(i = 0; i < 4; i++)
2838 d->ide_if[i].pci_dev = (PCIDevice *)d;
2840 irq = qemu_allocate_irqs(cmd646_set_irq, d, 2);
2841 ide_init2(&d->ide_if[0], hd_table[0], hd_table[1], irq[0]);
2842 ide_init2(&d->ide_if[2], hd_table[2], hd_table[3], irq[1]);
2845 static void pci_ide_save(QEMUFile* f, void *opaque)
2847 PCIIDEState *d = opaque;
2850 pci_device_save(&d->dev, f);
2852 for(i = 0; i < 2; i++) {
2853 BMDMAState *bm = &d->bmdma[i];
2854 qemu_put_8s(f, &bm->cmd);
2855 qemu_put_8s(f, &bm->status);
2856 qemu_put_be32s(f, &bm->addr);
2857 /* XXX: if a transfer is pending, we do not save it yet */
2860 /* per IDE interface data */
2861 for(i = 0; i < 2; i++) {
2862 IDEState *s = &d->ide_if[i * 2];
2863 uint8_t drive1_selected;
2864 qemu_put_8s(f, &s->cmd);
2865 drive1_selected = (s->cur_drive != s);
2866 qemu_put_8s(f, &drive1_selected);
2869 /* per IDE drive data */
2870 for(i = 0; i < 4; i++) {
2871 ide_save(f, &d->ide_if[i]);
2875 static int pci_ide_load(QEMUFile* f, void *opaque, int version_id)
2877 PCIIDEState *d = opaque;
2880 if (version_id != 1)
2882 ret = pci_device_load(&d->dev, f);
2886 for(i = 0; i < 2; i++) {
2887 BMDMAState *bm = &d->bmdma[i];
2888 qemu_get_8s(f, &bm->cmd);
2889 qemu_get_8s(f, &bm->status);
2890 qemu_get_be32s(f, &bm->addr);
2891 /* XXX: if a transfer is pending, we do not save it yet */
2894 /* per IDE interface data */
2895 for(i = 0; i < 2; i++) {
2896 IDEState *s = &d->ide_if[i * 2];
2897 uint8_t drive1_selected;
2898 qemu_get_8s(f, &s->cmd);
2899 qemu_get_8s(f, &drive1_selected);
2900 s->cur_drive = &d->ide_if[i * 2 + (drive1_selected != 0)];
2903 /* per IDE drive data */
2904 for(i = 0; i < 4; i++) {
2905 ide_load(f, &d->ide_if[i]);
2910 static void piix3_reset(PCIIDEState *d)
2912 uint8_t *pci_conf = d->dev.config;
2914 pci_conf[0x04] = 0x00;
2915 pci_conf[0x05] = 0x00;
2916 pci_conf[0x06] = 0x80; /* FBC */
2917 pci_conf[0x07] = 0x02; // PCI_status_devsel_medium
2918 pci_conf[0x20] = 0x01; /* BMIBA: 20-23h */
2921 /* hd_table must contain 4 block drivers */
2922 /* NOTE: for the PIIX3, the IRQs and IOports are hardcoded */
2923 void pci_piix3_ide_init(PCIBus *bus, BlockDriverState **hd_table, int devfn,
2929 /* register a function 1 of PIIX3 */
2930 d = (PCIIDEState *)pci_register_device(bus, "PIIX3 IDE",
2931 sizeof(PCIIDEState),
2934 d->type = IDE_TYPE_PIIX3;
2936 pci_conf = d->dev.config;
2937 pci_conf[0x00] = 0x86; // Intel
2938 pci_conf[0x01] = 0x80;
2939 pci_conf[0x02] = 0x10;
2940 pci_conf[0x03] = 0x70;
2941 pci_conf[0x09] = 0x80; // legacy ATA mode
2942 pci_conf[0x0a] = 0x01; // class_sub = PCI_IDE
2943 pci_conf[0x0b] = 0x01; // class_base = PCI_mass_storage
2944 pci_conf[0x0e] = 0x00; // header_type
2948 pci_register_io_region((PCIDevice *)d, 4, 0x10,
2949 PCI_ADDRESS_SPACE_IO, bmdma_map);
2951 ide_init2(&d->ide_if[0], hd_table[0], hd_table[1], pic[14]);
2952 ide_init2(&d->ide_if[2], hd_table[2], hd_table[3], pic[15]);
2953 ide_init_ioport(&d->ide_if[0], 0x1f0, 0x3f6);
2954 ide_init_ioport(&d->ide_if[2], 0x170, 0x376);
2956 register_savevm("ide", 0, 1, pci_ide_save, pci_ide_load, d);
2959 /* hd_table must contain 4 block drivers */
2960 /* NOTE: for the PIIX4, the IRQs and IOports are hardcoded */
2961 void pci_piix4_ide_init(PCIBus *bus, BlockDriverState **hd_table, int devfn,
2967 /* register a function 1 of PIIX4 */
2968 d = (PCIIDEState *)pci_register_device(bus, "PIIX4 IDE",
2969 sizeof(PCIIDEState),
2972 d->type = IDE_TYPE_PIIX4;
2974 pci_conf = d->dev.config;
2975 pci_conf[0x00] = 0x86; // Intel
2976 pci_conf[0x01] = 0x80;
2977 pci_conf[0x02] = 0x11;
2978 pci_conf[0x03] = 0x71;
2979 pci_conf[0x09] = 0x80; // legacy ATA mode
2980 pci_conf[0x0a] = 0x01; // class_sub = PCI_IDE
2981 pci_conf[0x0b] = 0x01; // class_base = PCI_mass_storage
2982 pci_conf[0x0e] = 0x00; // header_type
2986 pci_register_io_region((PCIDevice *)d, 4, 0x10,
2987 PCI_ADDRESS_SPACE_IO, bmdma_map);
2989 ide_init2(&d->ide_if[0], hd_table[0], hd_table[1], pic[14]);
2990 ide_init2(&d->ide_if[2], hd_table[2], hd_table[3], pic[15]);
2991 ide_init_ioport(&d->ide_if[0], 0x1f0, 0x3f6);
2992 ide_init_ioport(&d->ide_if[2], 0x170, 0x376);
2994 register_savevm("ide", 0, 1, pci_ide_save, pci_ide_load, d);
2997 /***********************************************************/
2998 /* MacIO based PowerPC IDE */
3000 /* PowerMac IDE memory IO */
3001 static void pmac_ide_writeb (void *opaque,
3002 target_phys_addr_t addr, uint32_t val)
3004 addr = (addr & 0xFFF) >> 4;
3007 ide_ioport_write(opaque, addr, val);
3011 ide_cmd_write(opaque, 0, val);
3018 static uint32_t pmac_ide_readb (void *opaque,target_phys_addr_t addr)
3022 addr = (addr & 0xFFF) >> 4;
3025 retval = ide_ioport_read(opaque, addr);
3029 retval = ide_status_read(opaque, 0);
3038 static void pmac_ide_writew (void *opaque,
3039 target_phys_addr_t addr, uint32_t val)
3041 addr = (addr & 0xFFF) >> 4;
3042 #ifdef TARGET_WORDS_BIGENDIAN
3046 ide_data_writew(opaque, 0, val);
3050 static uint32_t pmac_ide_readw (void *opaque,target_phys_addr_t addr)
3054 addr = (addr & 0xFFF) >> 4;
3056 retval = ide_data_readw(opaque, 0);
3060 #ifdef TARGET_WORDS_BIGENDIAN
3061 retval = bswap16(retval);
3066 static void pmac_ide_writel (void *opaque,
3067 target_phys_addr_t addr, uint32_t val)
3069 addr = (addr & 0xFFF) >> 4;
3070 #ifdef TARGET_WORDS_BIGENDIAN
3074 ide_data_writel(opaque, 0, val);
3078 static uint32_t pmac_ide_readl (void *opaque,target_phys_addr_t addr)
3082 addr = (addr & 0xFFF) >> 4;
3084 retval = ide_data_readl(opaque, 0);
3086 retval = 0xFFFFFFFF;
3088 #ifdef TARGET_WORDS_BIGENDIAN
3089 retval = bswap32(retval);
3094 static CPUWriteMemoryFunc *pmac_ide_write[] = {
3100 static CPUReadMemoryFunc *pmac_ide_read[] = {
3106 /* hd_table must contain 4 block drivers */
3107 /* PowerMac uses memory mapped registers, not I/O. Return the memory
3108 I/O index to access the ide. */
3109 int pmac_ide_init (BlockDriverState **hd_table, qemu_irq irq)
3112 int pmac_ide_memory;
3114 ide_if = qemu_mallocz(sizeof(IDEState) * 2);
3115 ide_init2(&ide_if[0], hd_table[0], hd_table[1], irq);
3117 pmac_ide_memory = cpu_register_io_memory(0, pmac_ide_read,
3118 pmac_ide_write, &ide_if[0]);
3119 return pmac_ide_memory;
3122 /***********************************************************/
3123 /* CF-ATA Microdrive */
3125 #define METADATA_SIZE 0x20
3127 /* DSCM-1XXXX Microdrive hard disk with CF+ II / PCMCIA interface. */
3130 struct pcmcia_card_s card;
3144 /* Register bitfields */
3147 OPT_MODE_IOMAP16 = 1,
3148 OPT_MODE_IOMAP1 = 2,
3149 OPT_MODE_IOMAP2 = 3,
3160 STAT_CHANGED = 0x80,
3171 static inline void md_interrupt_update(struct md_s *s)
3176 qemu_set_irq(s->card.slot->irq,
3177 !(s->stat & STAT_INT) && /* Inverted */
3178 !(s->ctrl & (CTRL_IEN | CTRL_SRST)) &&
3179 !(s->opt & OPT_SRESET));
3182 static void md_set_irq(void *opaque, int irq, int level)
3184 struct md_s *s = (struct md_s *) opaque;
3186 s->stat |= STAT_INT;
3188 s->stat &= ~STAT_INT;
3190 md_interrupt_update(s);
3193 static void md_reset(struct md_s *s)
3195 s->opt = OPT_MODE_MMAP;
3203 static uint8_t md_attr_read(void *opaque, uint32_t at)
3205 struct md_s *s = (struct md_s *) opaque;
3206 if (at < s->attr_base) {
3207 if (at < s->card.cis_len)
3208 return s->card.cis[at];
3216 case 0x00: /* Configuration Option Register */
3218 case 0x02: /* Card Configuration Status Register */
3219 if (s->ctrl & CTRL_IEN)
3220 return s->stat & ~STAT_INT;
3223 case 0x04: /* Pin Replacement Register */
3224 return (s->pins & PINS_CRDY) | 0x0c;
3225 case 0x06: /* Socket and Copy Register */
3229 printf("%s: Bad attribute space register %02x\n", __FUNCTION__, at);
3236 static void md_attr_write(void *opaque, uint32_t at, uint8_t value)
3238 struct md_s *s = (struct md_s *) opaque;
3242 case 0x00: /* Configuration Option Register */
3243 s->opt = value & 0xcf;
3244 if (value & OPT_SRESET)
3246 md_interrupt_update(s);
3248 case 0x02: /* Card Configuration Status Register */
3249 if ((s->stat ^ value) & STAT_PWRDWN)
3250 s->pins |= PINS_CRDY;
3252 s->stat |= value & 0x74;
3253 md_interrupt_update(s);
3254 /* Word 170 in Identify Device must be equal to STAT_XE */
3256 case 0x04: /* Pin Replacement Register */
3257 s->pins &= PINS_CRDY;
3258 s->pins |= value & PINS_MRDY;
3260 case 0x06: /* Socket and Copy Register */
3263 printf("%s: Bad attribute space register %02x\n", __FUNCTION__, at);
3267 static uint16_t md_common_read(void *opaque, uint32_t at)
3269 struct md_s *s = (struct md_s *) opaque;
3273 switch (s->opt & OPT_MODE) {
3275 if ((at & ~0x3ff) == 0x400)
3278 case OPT_MODE_IOMAP16:
3281 case OPT_MODE_IOMAP1:
3282 if ((at & ~0xf) == 0x3f0)
3284 else if ((at & ~0xf) == 0x1f0)
3287 case OPT_MODE_IOMAP2:
3288 if ((at & ~0xf) == 0x370)
3290 else if ((at & ~0xf) == 0x170)
3295 case 0x0: /* Even RD Data */
3297 return ide_data_readw(s->ide, 0);
3299 /* TODO: 8-bit accesses */
3303 s->io = ide_data_readw(s->ide, 0);
3306 s->cycle = !s->cycle;
3308 case 0x9: /* Odd RD Data */
3310 case 0xd: /* Error */
3311 return ide_ioport_read(s->ide, 0x1);
3312 case 0xe: /* Alternate Status */
3313 if (s->ide->cur_drive->bs)
3314 return s->ide->cur_drive->status;
3317 case 0xf: /* Device Address */
3318 return 0xc2 | ((~s->ide->select << 2) & 0x3c);
3320 return ide_ioport_read(s->ide, at);
3326 static void md_common_write(void *opaque, uint32_t at, uint16_t value)
3328 struct md_s *s = (struct md_s *) opaque;
3331 switch (s->opt & OPT_MODE) {
3333 if ((at & ~0x3ff) == 0x400)
3336 case OPT_MODE_IOMAP16:
3339 case OPT_MODE_IOMAP1:
3340 if ((at & ~0xf) == 0x3f0)
3342 else if ((at & ~0xf) == 0x1f0)
3345 case OPT_MODE_IOMAP2:
3346 if ((at & ~0xf) == 0x370)
3348 else if ((at & ~0xf) == 0x170)
3353 case 0x0: /* Even WR Data */
3355 ide_data_writew(s->ide, 0, value);
3358 /* TODO: 8-bit accesses */
3360 ide_data_writew(s->ide, 0, s->io | (value << 8));
3362 s->io = value & 0xff;
3363 s->cycle = !s->cycle;
3366 s->io = value & 0xff;
3367 s->cycle = !s->cycle;
3369 case 0xd: /* Features */
3370 ide_ioport_write(s->ide, 0x1, value);
3372 case 0xe: /* Device Control */
3374 if (value & CTRL_SRST)
3376 md_interrupt_update(s);
3379 if (s->stat & STAT_PWRDWN) {
3380 s->pins |= PINS_CRDY;
3381 s->stat &= ~STAT_PWRDWN;
3383 ide_ioport_write(s->ide, at, value);
3387 static void md_save(QEMUFile *f, void *opaque)
3389 struct md_s *s = (struct md_s *) opaque;
3391 uint8_t drive1_selected;
3393 qemu_put_8s(f, &s->opt);
3394 qemu_put_8s(f, &s->stat);
3395 qemu_put_8s(f, &s->pins);
3397 qemu_put_8s(f, &s->ctrl);
3398 qemu_put_be16s(f, &s->io);
3399 qemu_put_byte(f, s->cycle);
3401 drive1_selected = (s->ide->cur_drive != s->ide);
3402 qemu_put_8s(f, &s->ide->cmd);
3403 qemu_put_8s(f, &drive1_selected);
3405 for (i = 0; i < 2; i ++)
3406 ide_save(f, &s->ide[i]);
3409 static int md_load(QEMUFile *f, void *opaque, int version_id)
3411 struct md_s *s = (struct md_s *) opaque;
3413 uint8_t drive1_selected;
3415 qemu_get_8s(f, &s->opt);
3416 qemu_get_8s(f, &s->stat);
3417 qemu_get_8s(f, &s->pins);
3419 qemu_get_8s(f, &s->ctrl);
3420 qemu_get_be16s(f, &s->io);
3421 s->cycle = qemu_get_byte(f);
3423 qemu_get_8s(f, &s->ide->cmd);
3424 qemu_get_8s(f, &drive1_selected);
3425 s->ide->cur_drive = &s->ide[(drive1_selected != 0)];
3427 for (i = 0; i < 2; i ++)
3428 ide_load(f, &s->ide[i]);
3433 static int md_iid = 0;
3435 static const uint8_t dscm1xxxx_cis[0x14a] = {
3436 [0x000] = CISTPL_DEVICE, /* 5V Device Information */
3437 [0x002] = 0x03, /* Tuple length = 4 bytes */
3438 [0x004] = 0xdb, /* ID: DTYPE_FUNCSPEC, non WP, DSPEED_150NS */
3439 [0x006] = 0x01, /* Size = 2K bytes */
3440 [0x008] = CISTPL_ENDMARK,
3442 [0x00a] = CISTPL_DEVICE_OC, /* Additional Device Information */
3443 [0x00c] = 0x04, /* Tuple length = 4 byest */
3444 [0x00e] = 0x03, /* Conditions: Ext = 0, Vcc 3.3V, MWAIT = 1 */
3445 [0x010] = 0xdb, /* ID: DTYPE_FUNCSPEC, non WP, DSPEED_150NS */
3446 [0x012] = 0x01, /* Size = 2K bytes */
3447 [0x014] = CISTPL_ENDMARK,
3449 [0x016] = CISTPL_JEDEC_C, /* JEDEC ID */
3450 [0x018] = 0x02, /* Tuple length = 2 bytes */
3451 [0x01a] = 0xdf, /* PC Card ATA with no Vpp required */
3454 [0x01e] = CISTPL_MANFID, /* Manufacture ID */
3455 [0x020] = 0x04, /* Tuple length = 4 bytes */
3456 [0x022] = 0xa4, /* TPLMID_MANF = 00a4 (IBM) */
3458 [0x026] = 0x00, /* PLMID_CARD = 0000 */
3461 [0x02a] = CISTPL_VERS_1, /* Level 1 Version */
3462 [0x02c] = 0x12, /* Tuple length = 23 bytes */
3463 [0x02e] = 0x04, /* Major Version = JEIDA 4.2 / PCMCIA 2.1 */
3464 [0x030] = 0x01, /* Minor Version = 1 */
3480 [0x050] = CISTPL_ENDMARK,
3482 [0x052] = CISTPL_FUNCID, /* Function ID */
3483 [0x054] = 0x02, /* Tuple length = 2 bytes */
3484 [0x056] = 0x04, /* TPLFID_FUNCTION = Fixed Disk */
3485 [0x058] = 0x01, /* TPLFID_SYSINIT: POST = 1, ROM = 0 */
3487 [0x05a] = CISTPL_FUNCE, /* Function Extension */
3488 [0x05c] = 0x02, /* Tuple length = 2 bytes */
3489 [0x05e] = 0x01, /* TPLFE_TYPE = Disk Device Interface */
3490 [0x060] = 0x01, /* TPLFE_DATA = PC Card ATA Interface */
3492 [0x062] = CISTPL_FUNCE, /* Function Extension */
3493 [0x064] = 0x03, /* Tuple length = 3 bytes */
3494 [0x066] = 0x02, /* TPLFE_TYPE = Basic PC Card ATA Interface */
3495 [0x068] = 0x08, /* TPLFE_DATA: Rotating, Unique, Single */
3496 [0x06a] = 0x0f, /* TPLFE_DATA: Sleep, Standby, Idle, Auto */
3498 [0x06c] = CISTPL_CONFIG, /* Configuration */
3499 [0x06e] = 0x05, /* Tuple length = 5 bytes */
3500 [0x070] = 0x01, /* TPCC_RASZ = 2 bytes, TPCC_RMSZ = 1 byte */
3501 [0x072] = 0x07, /* TPCC_LAST = 7 */
3502 [0x074] = 0x00, /* TPCC_RADR = 0200 */
3504 [0x078] = 0x0f, /* TPCC_RMSK = 200, 202, 204, 206 */
3506 [0x07a] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
3507 [0x07c] = 0x0b, /* Tuple length = 11 bytes */
3508 [0x07e] = 0xc0, /* TPCE_INDX = Memory Mode, Default, Iface */
3509 [0x080] = 0xc0, /* TPCE_IF = Memory, no BVDs, no WP, READY */
3510 [0x082] = 0xa1, /* TPCE_FS = Vcc only, no I/O, Memory, Misc */
3511 [0x084] = 0x27, /* NomV = 1, MinV = 1, MaxV = 1, Peakl = 1 */
3512 [0x086] = 0x55, /* NomV: 5.0 V */
3513 [0x088] = 0x4d, /* MinV: 4.5 V */
3514 [0x08a] = 0x5d, /* MaxV: 5.5 V */
3515 [0x08c] = 0x4e, /* Peakl: 450 mA */
3516 [0x08e] = 0x08, /* TPCE_MS = 1 window, 1 byte, Host address */
3517 [0x090] = 0x00, /* Window descriptor: Window length = 0 */
3518 [0x092] = 0x20, /* TPCE_MI: support power down mode, RW */
3520 [0x094] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
3521 [0x096] = 0x06, /* Tuple length = 6 bytes */
3522 [0x098] = 0x00, /* TPCE_INDX = Memory Mode, no Default */
3523 [0x09a] = 0x01, /* TPCE_FS = Vcc only, no I/O, no Memory */
3524 [0x09c] = 0x21, /* NomV = 1, MinV = 0, MaxV = 0, Peakl = 1 */
3525 [0x09e] = 0xb5, /* NomV: 3.3 V */
3527 [0x0a2] = 0x3e, /* Peakl: 350 mA */
3529 [0x0a4] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
3530 [0x0a6] = 0x0d, /* Tuple length = 13 bytes */
3531 [0x0a8] = 0xc1, /* TPCE_INDX = I/O and Memory Mode, Default */
3532 [0x0aa] = 0x41, /* TPCE_IF = I/O and Memory, no BVD, no WP */
3533 [0x0ac] = 0x99, /* TPCE_FS = Vcc only, I/O, Interrupt, Misc */
3534 [0x0ae] = 0x27, /* NomV = 1, MinV = 1, MaxV = 1, Peakl = 1 */
3535 [0x0b0] = 0x55, /* NomV: 5.0 V */
3536 [0x0b2] = 0x4d, /* MinV: 4.5 V */
3537 [0x0b4] = 0x5d, /* MaxV: 5.5 V */
3538 [0x0b6] = 0x4e, /* Peakl: 450 mA */
3539 [0x0b8] = 0x64, /* TPCE_IO = 16-byte boundary, 16/8 accesses */
3540 [0x0ba] = 0xf0, /* TPCE_IR = MASK, Level, Pulse, Share */
3541 [0x0bc] = 0xff, /* IRQ0..IRQ7 supported */
3542 [0x0be] = 0xff, /* IRQ8..IRQ15 supported */
3543 [0x0c0] = 0x20, /* TPCE_MI = support power down mode */
3545 [0x0c2] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
3546 [0x0c4] = 0x06, /* Tuple length = 6 bytes */
3547 [0x0c6] = 0x01, /* TPCE_INDX = I/O and Memory Mode */
3548 [0x0c8] = 0x01, /* TPCE_FS = Vcc only, no I/O, no Memory */
3549 [0x0ca] = 0x21, /* NomV = 1, MinV = 0, MaxV = 0, Peakl = 1 */
3550 [0x0cc] = 0xb5, /* NomV: 3.3 V */
3552 [0x0d0] = 0x3e, /* Peakl: 350 mA */
3554 [0x0d2] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
3555 [0x0d4] = 0x12, /* Tuple length = 18 bytes */
3556 [0x0d6] = 0xc2, /* TPCE_INDX = I/O Primary Mode */
3557 [0x0d8] = 0x41, /* TPCE_IF = I/O and Memory, no BVD, no WP */
3558 [0x0da] = 0x99, /* TPCE_FS = Vcc only, I/O, Interrupt, Misc */
3559 [0x0dc] = 0x27, /* NomV = 1, MinV = 1, MaxV = 1, Peakl = 1 */
3560 [0x0de] = 0x55, /* NomV: 5.0 V */
3561 [0x0e0] = 0x4d, /* MinV: 4.5 V */
3562 [0x0e2] = 0x5d, /* MaxV: 5.5 V */
3563 [0x0e4] = 0x4e, /* Peakl: 450 mA */
3564 [0x0e6] = 0xea, /* TPCE_IO = 1K boundary, 16/8 access, Range */
3565 [0x0e8] = 0x61, /* Range: 2 fields, 2 bytes addr, 1 byte len */
3566 [0x0ea] = 0xf0, /* Field 1 address = 0x01f0 */
3568 [0x0ee] = 0x07, /* Address block length = 8 */
3569 [0x0f0] = 0xf6, /* Field 2 address = 0x03f6 */
3571 [0x0f4] = 0x01, /* Address block length = 2 */
3572 [0x0f6] = 0xee, /* TPCE_IR = IRQ E, Level, Pulse, Share */
3573 [0x0f8] = 0x20, /* TPCE_MI = support power down mode */
3575 [0x0fa] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
3576 [0x0fc] = 0x06, /* Tuple length = 6 bytes */
3577 [0x0fe] = 0x02, /* TPCE_INDX = I/O Primary Mode, no Default */
3578 [0x100] = 0x01, /* TPCE_FS = Vcc only, no I/O, no Memory */
3579 [0x102] = 0x21, /* NomV = 1, MinV = 0, MaxV = 0, Peakl = 1 */
3580 [0x104] = 0xb5, /* NomV: 3.3 V */
3582 [0x108] = 0x3e, /* Peakl: 350 mA */
3584 [0x10a] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
3585 [0x10c] = 0x12, /* Tuple length = 18 bytes */
3586 [0x10e] = 0xc3, /* TPCE_INDX = I/O Secondary Mode, Default */
3587 [0x110] = 0x41, /* TPCE_IF = I/O and Memory, no BVD, no WP */
3588 [0x112] = 0x99, /* TPCE_FS = Vcc only, I/O, Interrupt, Misc */
3589 [0x114] = 0x27, /* NomV = 1, MinV = 1, MaxV = 1, Peakl = 1 */
3590 [0x116] = 0x55, /* NomV: 5.0 V */
3591 [0x118] = 0x4d, /* MinV: 4.5 V */
3592 [0x11a] = 0x5d, /* MaxV: 5.5 V */
3593 [0x11c] = 0x4e, /* Peakl: 450 mA */
3594 [0x11e] = 0xea, /* TPCE_IO = 1K boundary, 16/8 access, Range */
3595 [0x120] = 0x61, /* Range: 2 fields, 2 byte addr, 1 byte len */
3596 [0x122] = 0x70, /* Field 1 address = 0x0170 */
3598 [0x126] = 0x07, /* Address block length = 8 */
3599 [0x128] = 0x76, /* Field 2 address = 0x0376 */
3601 [0x12c] = 0x01, /* Address block length = 2 */
3602 [0x12e] = 0xee, /* TPCE_IR = IRQ E, Level, Pulse, Share */
3603 [0x130] = 0x20, /* TPCE_MI = support power down mode */
3605 [0x132] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
3606 [0x134] = 0x06, /* Tuple length = 6 bytes */
3607 [0x136] = 0x03, /* TPCE_INDX = I/O Secondary Mode */
3608 [0x138] = 0x01, /* TPCE_FS = Vcc only, no I/O, no Memory */
3609 [0x13a] = 0x21, /* NomV = 1, MinV = 0, MaxV = 0, Peakl = 1 */
3610 [0x13c] = 0xb5, /* NomV: 3.3 V */
3612 [0x140] = 0x3e, /* Peakl: 350 mA */
3614 [0x142] = CISTPL_NO_LINK, /* No Link */
3615 [0x144] = 0x00, /* Tuple length = 0 bytes */
3617 [0x146] = CISTPL_END, /* Tuple End */
3620 static int dscm1xxxx_attach(void *opaque)
3622 struct md_s *md = (struct md_s *) opaque;
3623 md->card.attr_read = md_attr_read;
3624 md->card.attr_write = md_attr_write;
3625 md->card.common_read = md_common_read;
3626 md->card.common_write = md_common_write;
3627 md->card.io_read = md_common_read;
3628 md->card.io_write = md_common_write;
3630 md->attr_base = md->card.cis[0x74] | (md->card.cis[0x76] << 8);
3634 md_interrupt_update(md);
3636 md->card.slot->card_string = "DSCM-1xxxx Hitachi Microdrive";
3640 static int dscm1xxxx_detach(void *opaque)
3642 struct md_s *md = (struct md_s *) opaque;
3647 struct pcmcia_card_s *dscm1xxxx_init(BlockDriverState *bdrv)
3649 struct md_s *md = (struct md_s *) qemu_mallocz(sizeof(struct md_s));
3650 md->card.state = md;
3651 md->card.attach = dscm1xxxx_attach;
3652 md->card.detach = dscm1xxxx_detach;
3653 md->card.cis = dscm1xxxx_cis;
3654 md->card.cis_len = sizeof(dscm1xxxx_cis);
3656 ide_init2(md->ide, bdrv, 0, qemu_allocate_irqs(md_set_irq, md, 1)[0]);
3658 md->ide->mdata_size = METADATA_SIZE;
3659 md->ide->mdata_storage = (uint8_t *) qemu_mallocz(METADATA_SIZE);
3661 register_savevm("microdrive", md_iid ++, 0, md_save, md_load, md);
projects / qemu / blob