2 * QEMU IDE disk and CD/DVD-ROM Emulator
4 * Copyright (c) 2003 Fabrice Bellard
5 * Copyright (c) 2006 Openedhand Ltd.
7 * Permission is hereby granted, free of charge, to any person obtaining a copy
8 * of this software and associated documentation files (the "Software"), to deal
9 * in the Software without restriction, including without limitation the rights
10 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
11 * copies of the Software, and to permit persons to whom the Software is
12 * furnished to do so, subject to the following conditions:
14 * The above copyright notice and this permission notice shall be included in
15 * all copies or substantial portions of the Software.
17 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
18 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
19 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
20 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
21 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
22 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
28 #include "scsi-disk.h"
31 #include "qemu-timer.h"
36 /* debug IDE devices */
38 //#define DEBUG_IDE_ATAPI
42 /* Bits of HD_STATUS */
44 #define INDEX_STAT 0x02
45 #define ECC_STAT 0x04 /* Corrected error */
47 #define SEEK_STAT 0x10
49 #define WRERR_STAT 0x20
50 #define READY_STAT 0x40
51 #define BUSY_STAT 0x80
53 /* Bits for HD_ERROR */
54 #define MARK_ERR 0x01 /* Bad address mark */
55 #define TRK0_ERR 0x02 /* couldn't find track 0 */
56 #define ABRT_ERR 0x04 /* Command aborted */
57 #define MCR_ERR 0x08 /* media change request */
58 #define ID_ERR 0x10 /* ID field not found */
59 #define MC_ERR 0x20 /* media changed */
60 #define ECC_ERR 0x40 /* Uncorrectable ECC error */
61 #define BBD_ERR 0x80 /* pre-EIDE meaning: block marked bad */
62 #define ICRC_ERR 0x80 /* new meaning: CRC error during transfer */
64 /* Bits of HD_NSECTOR */
70 #define IDE_CMD_RESET 0x04
71 #define IDE_CMD_DISABLE_IRQ 0x02
73 /* ATA/ATAPI Commands pre T13 Spec */
78 #define CFA_REQ_EXT_ERROR_CODE 0x03 /* CFA Request Extended Error Code */
82 #define WIN_SRST 0x08 /* ATAPI soft reset command */
83 #define WIN_DEVICE_RESET 0x08
87 #define WIN_RECAL 0x10
88 #define WIN_RESTORE WIN_RECAL
92 #define WIN_READ 0x20 /* 28-Bit */
93 #define WIN_READ_ONCE 0x21 /* 28-Bit without retries */
94 #define WIN_READ_LONG 0x22 /* 28-Bit */
95 #define WIN_READ_LONG_ONCE 0x23 /* 28-Bit without retries */
96 #define WIN_READ_EXT 0x24 /* 48-Bit */
97 #define WIN_READDMA_EXT 0x25 /* 48-Bit */
98 #define WIN_READDMA_QUEUED_EXT 0x26 /* 48-Bit */
99 #define WIN_READ_NATIVE_MAX_EXT 0x27 /* 48-Bit */
103 #define WIN_MULTREAD_EXT 0x29 /* 48-Bit */
105 * 0x2A->0x2F Reserved
107 #define WIN_WRITE 0x30 /* 28-Bit */
108 #define WIN_WRITE_ONCE 0x31 /* 28-Bit without retries */
109 #define WIN_WRITE_LONG 0x32 /* 28-Bit */
110 #define WIN_WRITE_LONG_ONCE 0x33 /* 28-Bit without retries */
111 #define WIN_WRITE_EXT 0x34 /* 48-Bit */
112 #define WIN_WRITEDMA_EXT 0x35 /* 48-Bit */
113 #define WIN_WRITEDMA_QUEUED_EXT 0x36 /* 48-Bit */
114 #define WIN_SET_MAX_EXT 0x37 /* 48-Bit */
115 #define CFA_WRITE_SECT_WO_ERASE 0x38 /* CFA Write Sectors without erase */
116 #define WIN_MULTWRITE_EXT 0x39 /* 48-Bit */
118 * 0x3A->0x3B Reserved
120 #define WIN_WRITE_VERIFY 0x3C /* 28-Bit */
122 * 0x3D->0x3F Reserved
124 #define WIN_VERIFY 0x40 /* 28-Bit - Read Verify Sectors */
125 #define WIN_VERIFY_ONCE 0x41 /* 28-Bit - without retries */
126 #define WIN_VERIFY_EXT 0x42 /* 48-Bit */
128 * 0x43->0x4F Reserved
130 #define WIN_FORMAT 0x50
132 * 0x51->0x5F Reserved
134 #define WIN_INIT 0x60
136 * 0x61->0x5F Reserved
138 #define WIN_SEEK 0x70 /* 0x70-0x7F Reserved */
139 #define CFA_TRANSLATE_SECTOR 0x87 /* CFA Translate Sector */
140 #define WIN_DIAGNOSE 0x90
141 #define WIN_SPECIFY 0x91 /* set drive geometry translation */
142 #define WIN_DOWNLOAD_MICROCODE 0x92
143 #define WIN_STANDBYNOW2 0x94
144 #define CFA_IDLEIMMEDIATE 0x95 /* force drive to become "ready" */
145 #define WIN_STANDBY2 0x96
146 #define WIN_SETIDLE2 0x97
147 #define WIN_CHECKPOWERMODE2 0x98
148 #define WIN_SLEEPNOW2 0x99
152 #define WIN_PACKETCMD 0xA0 /* Send a packet command. */
153 #define WIN_PIDENTIFY 0xA1 /* identify ATAPI device */
154 #define WIN_QUEUED_SERVICE 0xA2
155 #define WIN_SMART 0xB0 /* self-monitoring and reporting */
156 #define CFA_ACCESS_METADATA_STORAGE 0xB8
157 #define CFA_ERASE_SECTORS 0xC0 /* microdrives implement as NOP */
158 #define WIN_MULTREAD 0xC4 /* read sectors using multiple mode*/
159 #define WIN_MULTWRITE 0xC5 /* write sectors using multiple mode */
160 #define WIN_SETMULT 0xC6 /* enable/disable multiple mode */
161 #define WIN_READDMA_QUEUED 0xC7 /* read sectors using Queued DMA transfers */
162 #define WIN_READDMA 0xC8 /* read sectors using DMA transfers */
163 #define WIN_READDMA_ONCE 0xC9 /* 28-Bit - without retries */
164 #define WIN_WRITEDMA 0xCA /* write sectors using DMA transfers */
165 #define WIN_WRITEDMA_ONCE 0xCB /* 28-Bit - without retries */
166 #define WIN_WRITEDMA_QUEUED 0xCC /* write sectors using Queued DMA transfers */
167 #define CFA_WRITE_MULTI_WO_ERASE 0xCD /* CFA Write multiple without erase */
168 #define WIN_GETMEDIASTATUS 0xDA
169 #define WIN_ACKMEDIACHANGE 0xDB /* ATA-1, ATA-2 vendor */
170 #define WIN_POSTBOOT 0xDC
171 #define WIN_PREBOOT 0xDD
172 #define WIN_DOORLOCK 0xDE /* lock door on removable drives */
173 #define WIN_DOORUNLOCK 0xDF /* unlock door on removable drives */
174 #define WIN_STANDBYNOW1 0xE0
175 #define WIN_IDLEIMMEDIATE 0xE1 /* force drive to become "ready" */
176 #define WIN_STANDBY 0xE2 /* Set device in Standby Mode */
177 #define WIN_SETIDLE1 0xE3
178 #define WIN_READ_BUFFER 0xE4 /* force read only 1 sector */
179 #define WIN_CHECKPOWERMODE1 0xE5
180 #define WIN_SLEEPNOW1 0xE6
181 #define WIN_FLUSH_CACHE 0xE7
182 #define WIN_WRITE_BUFFER 0xE8 /* force write only 1 sector */
183 #define WIN_WRITE_SAME 0xE9 /* read ata-2 to use */
184 /* SET_FEATURES 0x22 or 0xDD */
185 #define WIN_FLUSH_CACHE_EXT 0xEA /* 48-Bit */
186 #define WIN_IDENTIFY 0xEC /* ask drive to identify itself */
187 #define WIN_MEDIAEJECT 0xED
188 #define WIN_IDENTIFY_DMA 0xEE /* same as WIN_IDENTIFY, but DMA */
189 #define WIN_SETFEATURES 0xEF /* set special drive features */
190 #define EXABYTE_ENABLE_NEST 0xF0
191 #define IBM_SENSE_CONDITION 0xF0 /* measure disk temperature */
192 #define WIN_SECURITY_SET_PASS 0xF1
193 #define WIN_SECURITY_UNLOCK 0xF2
194 #define WIN_SECURITY_ERASE_PREPARE 0xF3
195 #define WIN_SECURITY_ERASE_UNIT 0xF4
196 #define WIN_SECURITY_FREEZE_LOCK 0xF5
197 #define CFA_WEAR_LEVEL 0xF5 /* microdrives implement as NOP */
198 #define WIN_SECURITY_DISABLE 0xF6
199 #define WIN_READ_NATIVE_MAX 0xF8 /* return the native maximum address */
200 #define WIN_SET_MAX 0xF9
201 #define DISABLE_SEAGATE 0xFB
203 /* set to 1 set disable mult support */
204 #define MAX_MULT_SECTORS 16
206 #define IDE_DMA_BUF_SECTORS 256
208 #if (IDE_DMA_BUF_SECTORS < MAX_MULT_SECTORS)
209 #error "IDE_DMA_BUF_SECTORS must be bigger or equal to MAX_MULT_SECTORS"
214 #define ATAPI_PACKET_SIZE 12
216 /* The generic packet command opcodes for CD/DVD Logical Units,
217 * From Table 57 of the SFF8090 Ver. 3 (Mt. Fuji) draft standard. */
218 #define GPCMD_BLANK 0xa1
219 #define GPCMD_CLOSE_TRACK 0x5b
220 #define GPCMD_FLUSH_CACHE 0x35
221 #define GPCMD_FORMAT_UNIT 0x04
222 #define GPCMD_GET_CONFIGURATION 0x46
223 #define GPCMD_GET_EVENT_STATUS_NOTIFICATION 0x4a
224 #define GPCMD_GET_PERFORMANCE 0xac
225 #define GPCMD_INQUIRY 0x12
226 #define GPCMD_LOAD_UNLOAD 0xa6
227 #define GPCMD_MECHANISM_STATUS 0xbd
228 #define GPCMD_MODE_SELECT_10 0x55
229 #define GPCMD_MODE_SENSE_10 0x5a
230 #define GPCMD_PAUSE_RESUME 0x4b
231 #define GPCMD_PLAY_AUDIO_10 0x45
232 #define GPCMD_PLAY_AUDIO_MSF 0x47
233 #define GPCMD_PLAY_AUDIO_TI 0x48
234 #define GPCMD_PLAY_CD 0xbc
235 #define GPCMD_PREVENT_ALLOW_MEDIUM_REMOVAL 0x1e
236 #define GPCMD_READ_10 0x28
237 #define GPCMD_READ_12 0xa8
238 #define GPCMD_READ_CDVD_CAPACITY 0x25
239 #define GPCMD_READ_CD 0xbe
240 #define GPCMD_READ_CD_MSF 0xb9
241 #define GPCMD_READ_DISC_INFO 0x51
242 #define GPCMD_READ_DVD_STRUCTURE 0xad
243 #define GPCMD_READ_FORMAT_CAPACITIES 0x23
244 #define GPCMD_READ_HEADER 0x44
245 #define GPCMD_READ_TRACK_RZONE_INFO 0x52
246 #define GPCMD_READ_SUBCHANNEL 0x42
247 #define GPCMD_READ_TOC_PMA_ATIP 0x43
248 #define GPCMD_REPAIR_RZONE_TRACK 0x58
249 #define GPCMD_REPORT_KEY 0xa4
250 #define GPCMD_REQUEST_SENSE 0x03
251 #define GPCMD_RESERVE_RZONE_TRACK 0x53
252 #define GPCMD_SCAN 0xba
253 #define GPCMD_SEEK 0x2b
254 #define GPCMD_SEND_DVD_STRUCTURE 0xad
255 #define GPCMD_SEND_EVENT 0xa2
256 #define GPCMD_SEND_KEY 0xa3
257 #define GPCMD_SEND_OPC 0x54
258 #define GPCMD_SET_READ_AHEAD 0xa7
259 #define GPCMD_SET_STREAMING 0xb6
260 #define GPCMD_START_STOP_UNIT 0x1b
261 #define GPCMD_STOP_PLAY_SCAN 0x4e
262 #define GPCMD_TEST_UNIT_READY 0x00
263 #define GPCMD_VERIFY_10 0x2f
264 #define GPCMD_WRITE_10 0x2a
265 #define GPCMD_WRITE_AND_VERIFY_10 0x2e
266 /* This is listed as optional in ATAPI 2.6, but is (curiously)
267 * missing from Mt. Fuji, Table 57. It _is_ mentioned in Mt. Fuji
268 * Table 377 as an MMC command for SCSi devices though... Most ATAPI
269 * drives support it. */
270 #define GPCMD_SET_SPEED 0xbb
271 /* This seems to be a SCSI specific CD-ROM opcode
272 * to play data at track/index */
273 #define GPCMD_PLAYAUDIO_TI 0x48
275 * From MS Media Status Notification Support Specification. For
278 #define GPCMD_GET_MEDIA_STATUS 0xda
279 #define GPCMD_MODE_SENSE_6 0x1a
281 /* Mode page codes for mode sense/set */
282 #define GPMODE_R_W_ERROR_PAGE 0x01
283 #define GPMODE_WRITE_PARMS_PAGE 0x05
284 #define GPMODE_AUDIO_CTL_PAGE 0x0e
285 #define GPMODE_POWER_PAGE 0x1a
286 #define GPMODE_FAULT_FAIL_PAGE 0x1c
287 #define GPMODE_TO_PROTECT_PAGE 0x1d
288 #define GPMODE_CAPABILITIES_PAGE 0x2a
289 #define GPMODE_ALL_PAGES 0x3f
290 /* Not in Mt. Fuji, but in ATAPI 2.6 -- depricated now in favor
291 * of MODE_SENSE_POWER_PAGE */
292 #define GPMODE_CDROM_PAGE 0x0d
295 * Based on values from <linux/cdrom.h> but extending CD_MINS
296 * to the maximum common size allowed by the Orange's Book ATIP
298 * 90 and 99 min CDs are also available but using them as the
299 * upper limit reduces the effectiveness of the heuristic to
300 * detect DVDs burned to less than 25% of their maximum capacity
303 /* Some generally useful CD-ROM information */
304 #define CD_MINS 80 /* max. minutes per CD */
305 #define CD_SECS 60 /* seconds per minute */
306 #define CD_FRAMES 75 /* frames per second */
307 #define CD_FRAMESIZE 2048 /* bytes per frame, "cooked" mode */
308 #define CD_MAX_BYTES (CD_MINS * CD_SECS * CD_FRAMES * CD_FRAMESIZE)
309 #define CD_MAX_SECTORS (CD_MAX_BYTES / 512)
312 * The MMC values are not IDE specific and might need to be moved
313 * to a common header if they are also needed for the SCSI emulation
316 /* Profile list from MMC-6 revision 1 table 91 */
317 #define MMC_PROFILE_NONE 0x0000
318 #define MMC_PROFILE_CD_ROM 0x0008
319 #define MMC_PROFILE_CD_R 0x0009
320 #define MMC_PROFILE_CD_RW 0x000A
321 #define MMC_PROFILE_DVD_ROM 0x0010
322 #define MMC_PROFILE_DVD_R_SR 0x0011
323 #define MMC_PROFILE_DVD_RAM 0x0012
324 #define MMC_PROFILE_DVD_RW_RO 0x0013
325 #define MMC_PROFILE_DVD_RW_SR 0x0014
326 #define MMC_PROFILE_DVD_R_DL_SR 0x0015
327 #define MMC_PROFILE_DVD_R_DL_JR 0x0016
328 #define MMC_PROFILE_DVD_RW_DL 0x0017
329 #define MMC_PROFILE_DVD_DDR 0x0018
330 #define MMC_PROFILE_DVD_PLUS_RW 0x001A
331 #define MMC_PROFILE_DVD_PLUS_R 0x001B
332 #define MMC_PROFILE_DVD_PLUS_RW_DL 0x002A
333 #define MMC_PROFILE_DVD_PLUS_R_DL 0x002B
334 #define MMC_PROFILE_BD_ROM 0x0040
335 #define MMC_PROFILE_BD_R_SRM 0x0041
336 #define MMC_PROFILE_BD_R_RRM 0x0042
337 #define MMC_PROFILE_BD_RE 0x0043
338 #define MMC_PROFILE_HDDVD_ROM 0x0050
339 #define MMC_PROFILE_HDDVD_R 0x0051
340 #define MMC_PROFILE_HDDVD_RAM 0x0052
341 #define MMC_PROFILE_HDDVD_RW 0x0053
342 #define MMC_PROFILE_HDDVD_R_DL 0x0058
343 #define MMC_PROFILE_HDDVD_RW_DL 0x005A
344 #define MMC_PROFILE_INVALID 0xFFFF
346 #define ATAPI_INT_REASON_CD 0x01 /* 0 = data transfer */
347 #define ATAPI_INT_REASON_IO 0x02 /* 1 = transfer to the host */
348 #define ATAPI_INT_REASON_REL 0x04
349 #define ATAPI_INT_REASON_TAG 0xf8
351 /* same constants as bochs */
352 #define ASC_ILLEGAL_OPCODE 0x20
353 #define ASC_LOGICAL_BLOCK_OOR 0x21
354 #define ASC_INV_FIELD_IN_CMD_PACKET 0x24
355 #define ASC_MEDIUM_MAY_HAVE_CHANGED 0x28
356 #define ASC_INCOMPATIBLE_FORMAT 0x30
357 #define ASC_MEDIUM_NOT_PRESENT 0x3a
358 #define ASC_SAVING_PARAMETERS_NOT_SUPPORTED 0x39
360 #define CFA_NO_ERROR 0x00
361 #define CFA_MISC_ERROR 0x09
362 #define CFA_INVALID_COMMAND 0x20
363 #define CFA_INVALID_ADDRESS 0x21
364 #define CFA_ADDRESS_OVERFLOW 0x2f
367 #define SENSE_NOT_READY 2
368 #define SENSE_ILLEGAL_REQUEST 5
369 #define SENSE_UNIT_ATTENTION 6
373 typedef void EndTransferFunc(struct IDEState *);
375 /* NOTE: IDEState represents in fact one drive */
376 typedef struct IDEState {
380 int cylinders, heads, sectors;
384 uint16_t identify_data[256];
387 struct BMDMAState *bmdma;
389 char drive_serial_str[21];
397 /* other part of tf for lba48 support */
407 /* 0x3f6 command, only meaningful for drive 0 */
409 /* set for lba48 access */
411 /* depends on bit 4 in select, only meaningful for drive 0 */
412 struct IDEState *cur_drive;
413 BlockDriverState *bs;
417 int packet_transfer_size;
418 int elementary_transfer_size;
422 int atapi_dma; /* true if dma is requested for the packet cmd */
426 /* PIO transfer handling */
427 int req_nb_sectors; /* number of sectors per interrupt */
428 EndTransferFunc *end_transfer_func;
432 QEMUTimer *sector_write_timer; /* only used for win2k install hack */
433 uint32_t irq_count; /* counts IRQs when using win2k install hack */
434 /* CF-ATA extended error */
436 /* CF-ATA metadata storage */
438 uint8_t *mdata_storage;
442 /* XXX: DVDs that could fit on a CD will be reported as a CD */
443 static inline int media_present(IDEState *s)
445 return (s->nb_sectors > 0);
448 static inline int media_is_dvd(IDEState *s)
450 return (media_present(s) && s->nb_sectors > CD_MAX_SECTORS);
453 static inline int media_is_cd(IDEState *s)
455 return (media_present(s) && s->nb_sectors <= CD_MAX_SECTORS);
458 #define BM_STATUS_DMAING 0x01
459 #define BM_STATUS_ERROR 0x02
460 #define BM_STATUS_INT 0x04
461 #define BM_STATUS_DMA_RETRY 0x08
462 #define BM_STATUS_PIO_RETRY 0x10
464 #define BM_CMD_START 0x01
465 #define BM_CMD_READ 0x08
467 #define IDE_TYPE_PIIX3 0
468 #define IDE_TYPE_CMD646 1
469 #define IDE_TYPE_PIIX4 2
471 /* CMD646 specific */
473 #define MRDMODE_INTR_CH0 0x04
474 #define MRDMODE_INTR_CH1 0x08
475 #define MRDMODE_BLK_CH0 0x10
476 #define MRDMODE_BLK_CH1 0x20
477 #define UDIDETCR0 0x73
478 #define UDIDETCR1 0x7B
480 typedef struct BMDMAState {
485 struct PCIIDEState *pci_dev;
486 /* current transfer state */
488 uint32_t cur_prd_last;
489 uint32_t cur_prd_addr;
490 uint32_t cur_prd_len;
492 BlockDriverCompletionFunc *dma_cb;
493 BlockDriverAIOCB *aiocb;
498 typedef struct PCIIDEState {
502 int type; /* see IDE_TYPE_xxx */
505 static void ide_dma_start(IDEState *s, BlockDriverCompletionFunc *dma_cb);
506 static void ide_dma_restart(IDEState *s);
507 static void ide_atapi_cmd_read_dma_cb(void *opaque, int ret);
509 static void padstr(char *str, const char *src, int len)
512 for(i = 0; i < len; i++) {
521 static void padstr8(uint8_t *buf, int buf_size, const char *src)
524 for(i = 0; i < buf_size; i++) {
532 static void put_le16(uint16_t *p, unsigned int v)
537 static void ide_identify(IDEState *s)
540 unsigned int oldsize;
542 if (s->identify_set) {
543 memcpy(s->io_buffer, s->identify_data, sizeof(s->identify_data));
547 memset(s->io_buffer, 0, 512);
548 p = (uint16_t *)s->io_buffer;
549 put_le16(p + 0, 0x0040);
550 put_le16(p + 1, s->cylinders);
551 put_le16(p + 3, s->heads);
552 put_le16(p + 4, 512 * s->sectors); /* XXX: retired, remove ? */
553 put_le16(p + 5, 512); /* XXX: retired, remove ? */
554 put_le16(p + 6, s->sectors);
555 padstr((char *)(p + 10), s->drive_serial_str, 20); /* serial number */
556 put_le16(p + 20, 3); /* XXX: retired, remove ? */
557 put_le16(p + 21, 512); /* cache size in sectors */
558 put_le16(p + 22, 4); /* ecc bytes */
559 padstr((char *)(p + 23), QEMU_VERSION, 8); /* firmware version */
560 padstr((char *)(p + 27), "QEMU HARDDISK", 40); /* model */
561 #if MAX_MULT_SECTORS > 1
562 put_le16(p + 47, 0x8000 | MAX_MULT_SECTORS);
564 put_le16(p + 48, 1); /* dword I/O */
565 put_le16(p + 49, (1 << 11) | (1 << 9) | (1 << 8)); /* DMA and LBA supported */
566 put_le16(p + 51, 0x200); /* PIO transfer cycle */
567 put_le16(p + 52, 0x200); /* DMA transfer cycle */
568 put_le16(p + 53, 1 | (1 << 1) | (1 << 2)); /* words 54-58,64-70,88 are valid */
569 put_le16(p + 54, s->cylinders);
570 put_le16(p + 55, s->heads);
571 put_le16(p + 56, s->sectors);
572 oldsize = s->cylinders * s->heads * s->sectors;
573 put_le16(p + 57, oldsize);
574 put_le16(p + 58, oldsize >> 16);
576 put_le16(p + 59, 0x100 | s->mult_sectors);
577 put_le16(p + 60, s->nb_sectors);
578 put_le16(p + 61, s->nb_sectors >> 16);
579 put_le16(p + 62, 0x07); /* single word dma0-2 supported */
580 put_le16(p + 63, 0x07); /* mdma0-2 supported */
581 put_le16(p + 65, 120);
582 put_le16(p + 66, 120);
583 put_le16(p + 67, 120);
584 put_le16(p + 68, 120);
585 put_le16(p + 80, 0xf0); /* ata3 -> ata6 supported */
586 put_le16(p + 81, 0x16); /* conforms to ata5 */
587 put_le16(p + 82, (1 << 14));
588 /* 13=flush_cache_ext,12=flush_cache,10=lba48 */
589 put_le16(p + 83, (1 << 14) | (1 << 13) | (1 <<12) | (1 << 10));
590 put_le16(p + 84, (1 << 14));
591 put_le16(p + 85, (1 << 14));
592 /* 13=flush_cache_ext,12=flush_cache,10=lba48 */
593 put_le16(p + 86, (1 << 14) | (1 << 13) | (1 <<12) | (1 << 10));
594 put_le16(p + 87, (1 << 14));
595 put_le16(p + 88, 0x3f | (1 << 13)); /* udma5 set and supported */
596 put_le16(p + 93, 1 | (1 << 14) | 0x2000);
597 put_le16(p + 100, s->nb_sectors);
598 put_le16(p + 101, s->nb_sectors >> 16);
599 put_le16(p + 102, s->nb_sectors >> 32);
600 put_le16(p + 103, s->nb_sectors >> 48);
602 memcpy(s->identify_data, p, sizeof(s->identify_data));
606 static void ide_atapi_identify(IDEState *s)
610 if (s->identify_set) {
611 memcpy(s->io_buffer, s->identify_data, sizeof(s->identify_data));
615 memset(s->io_buffer, 0, 512);
616 p = (uint16_t *)s->io_buffer;
617 /* Removable CDROM, 50us response, 12 byte packets */
618 put_le16(p + 0, (2 << 14) | (5 << 8) | (1 << 7) | (2 << 5) | (0 << 0));
619 padstr((char *)(p + 10), s->drive_serial_str, 20); /* serial number */
620 put_le16(p + 20, 3); /* buffer type */
621 put_le16(p + 21, 512); /* cache size in sectors */
622 put_le16(p + 22, 4); /* ecc bytes */
623 padstr((char *)(p + 23), QEMU_VERSION, 8); /* firmware version */
624 padstr((char *)(p + 27), "QEMU DVD-ROM", 40); /* model */
625 put_le16(p + 48, 1); /* dword I/O (XXX: should not be set on CDROM) */
627 put_le16(p + 49, 1 << 9 | 1 << 8); /* DMA and LBA supported */
628 put_le16(p + 53, 7); /* words 64-70, 54-58, 88 valid */
629 put_le16(p + 62, 7); /* single word dma0-2 supported */
630 put_le16(p + 63, 7); /* mdma0-2 supported */
631 put_le16(p + 64, 0x3f); /* PIO modes supported */
633 put_le16(p + 49, 1 << 9); /* LBA supported, no DMA */
634 put_le16(p + 53, 3); /* words 64-70, 54-58 valid */
635 put_le16(p + 63, 0x103); /* DMA modes XXX: may be incorrect */
636 put_le16(p + 64, 1); /* PIO modes */
638 put_le16(p + 65, 0xb4); /* minimum DMA multiword tx cycle time */
639 put_le16(p + 66, 0xb4); /* recommended DMA multiword tx cycle time */
640 put_le16(p + 67, 0x12c); /* minimum PIO cycle time without flow control */
641 put_le16(p + 68, 0xb4); /* minimum PIO cycle time with IORDY flow control */
643 put_le16(p + 71, 30); /* in ns */
644 put_le16(p + 72, 30); /* in ns */
646 put_le16(p + 80, 0x1e); /* support up to ATA/ATAPI-4 */
648 put_le16(p + 88, 0x3f | (1 << 13)); /* udma5 set and supported */
650 memcpy(s->identify_data, p, sizeof(s->identify_data));
654 static void ide_cfata_identify(IDEState *s)
659 p = (uint16_t *) s->identify_data;
663 memset(p, 0, sizeof(s->identify_data));
665 cur_sec = s->cylinders * s->heads * s->sectors;
667 put_le16(p + 0, 0x848a); /* CF Storage Card signature */
668 put_le16(p + 1, s->cylinders); /* Default cylinders */
669 put_le16(p + 3, s->heads); /* Default heads */
670 put_le16(p + 6, s->sectors); /* Default sectors per track */
671 put_le16(p + 7, s->nb_sectors >> 16); /* Sectors per card */
672 put_le16(p + 8, s->nb_sectors); /* Sectors per card */
673 padstr((char *)(p + 10), s->drive_serial_str, 20); /* serial number */
674 put_le16(p + 22, 0x0004); /* ECC bytes */
675 padstr((char *) (p + 23), QEMU_VERSION, 8); /* Firmware Revision */
676 padstr((char *) (p + 27), "QEMU MICRODRIVE", 40);/* Model number */
677 #if MAX_MULT_SECTORS > 1
678 put_le16(p + 47, 0x8000 | MAX_MULT_SECTORS);
680 put_le16(p + 47, 0x0000);
682 put_le16(p + 49, 0x0f00); /* Capabilities */
683 put_le16(p + 51, 0x0002); /* PIO cycle timing mode */
684 put_le16(p + 52, 0x0001); /* DMA cycle timing mode */
685 put_le16(p + 53, 0x0003); /* Translation params valid */
686 put_le16(p + 54, s->cylinders); /* Current cylinders */
687 put_le16(p + 55, s->heads); /* Current heads */
688 put_le16(p + 56, s->sectors); /* Current sectors */
689 put_le16(p + 57, cur_sec); /* Current capacity */
690 put_le16(p + 58, cur_sec >> 16); /* Current capacity */
691 if (s->mult_sectors) /* Multiple sector setting */
692 put_le16(p + 59, 0x100 | s->mult_sectors);
693 put_le16(p + 60, s->nb_sectors); /* Total LBA sectors */
694 put_le16(p + 61, s->nb_sectors >> 16); /* Total LBA sectors */
695 put_le16(p + 63, 0x0203); /* Multiword DMA capability */
696 put_le16(p + 64, 0x0001); /* Flow Control PIO support */
697 put_le16(p + 65, 0x0096); /* Min. Multiword DMA cycle */
698 put_le16(p + 66, 0x0096); /* Rec. Multiword DMA cycle */
699 put_le16(p + 68, 0x00b4); /* Min. PIO cycle time */
700 put_le16(p + 82, 0x400c); /* Command Set supported */
701 put_le16(p + 83, 0x7068); /* Command Set supported */
702 put_le16(p + 84, 0x4000); /* Features supported */
703 put_le16(p + 85, 0x000c); /* Command Set enabled */
704 put_le16(p + 86, 0x7044); /* Command Set enabled */
705 put_le16(p + 87, 0x4000); /* Features enabled */
706 put_le16(p + 91, 0x4060); /* Current APM level */
707 put_le16(p + 129, 0x0002); /* Current features option */
708 put_le16(p + 130, 0x0005); /* Reassigned sectors */
709 put_le16(p + 131, 0x0001); /* Initial power mode */
710 put_le16(p + 132, 0x0000); /* User signature */
711 put_le16(p + 160, 0x8100); /* Power requirement */
712 put_le16(p + 161, 0x8001); /* CF command set */
717 memcpy(s->io_buffer, p, sizeof(s->identify_data));
720 static void ide_set_signature(IDEState *s)
722 s->select &= 0xf0; /* clear head */
738 static inline void ide_abort_command(IDEState *s)
740 s->status = READY_STAT | ERR_STAT;
744 static inline void ide_dma_submit_check(IDEState *s,
745 BlockDriverCompletionFunc *dma_cb, BMDMAState *bm)
752 static inline void ide_set_irq(IDEState *s)
754 BMDMAState *bm = s->bmdma;
755 if (!(s->cmd & IDE_CMD_DISABLE_IRQ)) {
757 bm->status |= BM_STATUS_INT;
759 qemu_irq_raise(s->irq);
763 /* prepare data transfer and tell what to do after */
764 static void ide_transfer_start(IDEState *s, uint8_t *buf, int size,
765 EndTransferFunc *end_transfer_func)
767 s->end_transfer_func = end_transfer_func;
769 s->data_end = buf + size;
770 if (!(s->status & ERR_STAT))
771 s->status |= DRQ_STAT;
774 static void ide_transfer_stop(IDEState *s)
776 s->end_transfer_func = ide_transfer_stop;
777 s->data_ptr = s->io_buffer;
778 s->data_end = s->io_buffer;
779 s->status &= ~DRQ_STAT;
782 static int64_t ide_get_sector(IDEState *s)
785 if (s->select & 0x40) {
788 sector_num = ((s->select & 0x0f) << 24) | (s->hcyl << 16) |
789 (s->lcyl << 8) | s->sector;
791 sector_num = ((int64_t)s->hob_hcyl << 40) |
792 ((int64_t) s->hob_lcyl << 32) |
793 ((int64_t) s->hob_sector << 24) |
794 ((int64_t) s->hcyl << 16) |
795 ((int64_t) s->lcyl << 8) | s->sector;
798 sector_num = ((s->hcyl << 8) | s->lcyl) * s->heads * s->sectors +
799 (s->select & 0x0f) * s->sectors + (s->sector - 1);
804 static void ide_set_sector(IDEState *s, int64_t sector_num)
807 if (s->select & 0x40) {
809 s->select = (s->select & 0xf0) | (sector_num >> 24);
810 s->hcyl = (sector_num >> 16);
811 s->lcyl = (sector_num >> 8);
812 s->sector = (sector_num);
814 s->sector = sector_num;
815 s->lcyl = sector_num >> 8;
816 s->hcyl = sector_num >> 16;
817 s->hob_sector = sector_num >> 24;
818 s->hob_lcyl = sector_num >> 32;
819 s->hob_hcyl = sector_num >> 40;
822 cyl = sector_num / (s->heads * s->sectors);
823 r = sector_num % (s->heads * s->sectors);
826 s->select = (s->select & 0xf0) | ((r / s->sectors) & 0x0f);
827 s->sector = (r % s->sectors) + 1;
831 static void ide_rw_error(IDEState *s) {
832 ide_abort_command(s);
836 static void ide_sector_read(IDEState *s)
841 s->status = READY_STAT | SEEK_STAT;
842 s->error = 0; /* not needed by IDE spec, but needed by Windows */
843 sector_num = ide_get_sector(s);
846 /* no more sector to read from disk */
847 ide_transfer_stop(s);
849 #if defined(DEBUG_IDE)
850 printf("read sector=%" PRId64 "\n", sector_num);
852 if (n > s->req_nb_sectors)
853 n = s->req_nb_sectors;
854 ret = bdrv_read(s->bs, sector_num, s->io_buffer, n);
859 ide_transfer_start(s, s->io_buffer, 512 * n, ide_sector_read);
861 ide_set_sector(s, sector_num + n);
867 /* return 0 if buffer completed */
868 static int dma_buf_prepare(BMDMAState *bm, int is_write)
870 IDEState *s = bm->ide_if;
877 target_phys_addr_t l1;
879 qemu_iovec_init(&s->iovec, s->nsector / (TARGET_PAGE_SIZE/512) + 1);
880 s->io_buffer_size = 0;
882 if (bm->cur_prd_len == 0) {
883 /* end of table (with a fail safe of one page) */
884 if (bm->cur_prd_last ||
885 (bm->cur_addr - bm->addr) >= 4096)
886 return s->io_buffer_size != 0;
887 cpu_physical_memory_read(bm->cur_addr, (uint8_t *)&prd, 8);
889 prd.addr = le32_to_cpu(prd.addr);
890 prd.size = le32_to_cpu(prd.size);
891 len = prd.size & 0xfffe;
894 bm->cur_prd_len = len;
895 bm->cur_prd_addr = prd.addr;
896 bm->cur_prd_last = (prd.size & 0x80000000);
901 mem = cpu_physical_memory_map(bm->cur_prd_addr, &l1, is_write);
905 qemu_iovec_add(&s->iovec, mem, l1);
906 bm->cur_prd_addr += l1;
907 bm->cur_prd_len -= l1;
908 s->io_buffer_size += l1;
914 static void dma_buf_commit(IDEState *s, int is_write)
918 for (i = 0; i < s->iovec.niov; ++i) {
919 cpu_physical_memory_unmap(s->iovec.iov[i].iov_base,
920 s->iovec.iov[i].iov_len, is_write,
921 s->iovec.iov[i].iov_len);
923 qemu_iovec_destroy(&s->iovec);
926 static void ide_dma_error(IDEState *s)
928 ide_transfer_stop(s);
930 s->status = READY_STAT | ERR_STAT;
934 static int ide_handle_write_error(IDEState *s, int error, int op)
936 BlockInterfaceErrorAction action = drive_get_onerror(s->bs);
938 if (action == BLOCK_ERR_IGNORE)
941 if ((error == ENOSPC && action == BLOCK_ERR_STOP_ENOSPC)
942 || action == BLOCK_ERR_STOP_ANY) {
943 s->bmdma->ide_if = s;
944 s->bmdma->status |= op;
947 if (op == BM_STATUS_DMA_RETRY) {
948 dma_buf_commit(s, 0);
958 /* return 0 if buffer completed */
959 static int dma_buf_rw(BMDMAState *bm, int is_write)
961 IDEState *s = bm->ide_if;
969 l = s->io_buffer_size - s->io_buffer_index;
972 if (bm->cur_prd_len == 0) {
973 /* end of table (with a fail safe of one page) */
974 if (bm->cur_prd_last ||
975 (bm->cur_addr - bm->addr) >= 4096)
977 cpu_physical_memory_read(bm->cur_addr, (uint8_t *)&prd, 8);
979 prd.addr = le32_to_cpu(prd.addr);
980 prd.size = le32_to_cpu(prd.size);
981 len = prd.size & 0xfffe;
984 bm->cur_prd_len = len;
985 bm->cur_prd_addr = prd.addr;
986 bm->cur_prd_last = (prd.size & 0x80000000);
988 if (l > bm->cur_prd_len)
992 cpu_physical_memory_write(bm->cur_prd_addr,
993 s->io_buffer + s->io_buffer_index, l);
995 cpu_physical_memory_read(bm->cur_prd_addr,
996 s->io_buffer + s->io_buffer_index, l);
998 bm->cur_prd_addr += l;
999 bm->cur_prd_len -= l;
1000 s->io_buffer_index += l;
1008 void (*cb)(void *opaque, int ret);
1010 } MapFailureContinuation;
1012 static void reschedule_dma(void *opaque)
1014 MapFailureContinuation *cont = opaque;
1016 cont->cb(cont->bm, 0);
1017 qemu_bh_delete(cont->bh);
1021 static void continue_after_map_failure(void *opaque)
1023 MapFailureContinuation *cont = opaque;
1025 cont->bh = qemu_bh_new(reschedule_dma, opaque);
1026 qemu_bh_schedule(cont->bh);
1029 static void wait_for_bounce_buffer(BMDMAState *bmdma,
1030 void (*cb)(void *opaque, int ret))
1032 MapFailureContinuation *cont = qemu_malloc(sizeof(*cont));
1036 cpu_register_map_client(cont, continue_after_map_failure);
1039 static void ide_read_dma_cb(void *opaque, int ret)
1041 BMDMAState *bm = opaque;
1042 IDEState *s = bm->ide_if;
1047 dma_buf_commit(s, 1);
1052 n = s->io_buffer_size >> 9;
1053 sector_num = ide_get_sector(s);
1055 dma_buf_commit(s, 1);
1057 ide_set_sector(s, sector_num);
1061 /* end of transfer ? */
1062 if (s->nsector == 0) {
1063 s->status = READY_STAT | SEEK_STAT;
1066 bm->status &= ~BM_STATUS_DMAING;
1067 bm->status |= BM_STATUS_INT;
1074 /* launch next transfer */
1076 s->io_buffer_index = 0;
1077 s->io_buffer_size = n * 512;
1078 if (dma_buf_prepare(bm, 1) == 0)
1080 if (!s->iovec.niov) {
1081 wait_for_bounce_buffer(bm, ide_read_dma_cb);
1085 printf("aio_read: sector_num=%" PRId64 " n=%d\n", sector_num, n);
1087 bm->aiocb = bdrv_aio_readv(s->bs, sector_num, &s->iovec, n,
1088 ide_read_dma_cb, bm);
1089 ide_dma_submit_check(s, ide_read_dma_cb, bm);
1092 static void ide_sector_read_dma(IDEState *s)
1094 s->status = READY_STAT | SEEK_STAT | DRQ_STAT | BUSY_STAT;
1095 s->io_buffer_index = 0;
1096 s->io_buffer_size = 0;
1097 ide_dma_start(s, ide_read_dma_cb);
1100 static void ide_sector_write_timer_cb(void *opaque)
1102 IDEState *s = opaque;
1106 static void ide_sector_write(IDEState *s)
1111 s->status = READY_STAT | SEEK_STAT;
1112 sector_num = ide_get_sector(s);
1113 #if defined(DEBUG_IDE)
1114 printf("write sector=%" PRId64 "\n", sector_num);
1117 if (n > s->req_nb_sectors)
1118 n = s->req_nb_sectors;
1119 ret = bdrv_write(s->bs, sector_num, s->io_buffer, n);
1122 if (ide_handle_write_error(s, -ret, BM_STATUS_PIO_RETRY))
1127 if (s->nsector == 0) {
1128 /* no more sectors to write */
1129 ide_transfer_stop(s);
1132 if (n1 > s->req_nb_sectors)
1133 n1 = s->req_nb_sectors;
1134 ide_transfer_start(s, s->io_buffer, 512 * n1, ide_sector_write);
1136 ide_set_sector(s, sector_num + n);
1139 if (win2k_install_hack && ((++s->irq_count % 16) == 0)) {
1140 /* It seems there is a bug in the Windows 2000 installer HDD
1141 IDE driver which fills the disk with empty logs when the
1142 IDE write IRQ comes too early. This hack tries to correct
1143 that at the expense of slower write performances. Use this
1144 option _only_ to install Windows 2000. You must disable it
1146 qemu_mod_timer(s->sector_write_timer,
1147 qemu_get_clock(vm_clock) + (ticks_per_sec / 1000));
1155 static void ide_dma_restart_cb(void *opaque, int running, int reason)
1157 BMDMAState *bm = opaque;
1160 if (bm->status & BM_STATUS_DMA_RETRY) {
1161 bm->status &= ~BM_STATUS_DMA_RETRY;
1162 ide_dma_restart(bm->ide_if);
1163 } else if (bm->status & BM_STATUS_PIO_RETRY) {
1164 bm->status &= ~BM_STATUS_PIO_RETRY;
1165 ide_sector_write(bm->ide_if);
1169 static void ide_write_dma_cb(void *opaque, int ret)
1171 BMDMAState *bm = opaque;
1172 IDEState *s = bm->ide_if;
1177 if (ide_handle_write_error(s, -ret, BM_STATUS_DMA_RETRY))
1181 n = s->io_buffer_size >> 9;
1182 sector_num = ide_get_sector(s);
1184 dma_buf_commit(s, 0);
1186 ide_set_sector(s, sector_num);
1190 /* end of transfer ? */
1191 if (s->nsector == 0) {
1192 s->status = READY_STAT | SEEK_STAT;
1195 bm->status &= ~BM_STATUS_DMAING;
1196 bm->status |= BM_STATUS_INT;
1204 s->io_buffer_size = n * 512;
1205 /* launch next transfer */
1206 if (dma_buf_prepare(bm, 0) == 0)
1208 if (!s->iovec.niov) {
1209 wait_for_bounce_buffer(bm, ide_write_dma_cb);
1213 printf("aio_write: sector_num=%" PRId64 " n=%d\n", sector_num, n);
1215 bm->aiocb = bdrv_aio_writev(s->bs, sector_num, &s->iovec, n,
1216 ide_write_dma_cb, bm);
1217 ide_dma_submit_check(s, ide_write_dma_cb, bm);
1220 static void ide_sector_write_dma(IDEState *s)
1222 s->status = READY_STAT | SEEK_STAT | DRQ_STAT | BUSY_STAT;
1223 s->io_buffer_index = 0;
1224 s->io_buffer_size = 0;
1225 ide_dma_start(s, ide_write_dma_cb);
1228 static void ide_atapi_cmd_ok(IDEState *s)
1231 s->status = READY_STAT | SEEK_STAT;
1232 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
1236 static void ide_atapi_cmd_error(IDEState *s, int sense_key, int asc)
1238 #ifdef DEBUG_IDE_ATAPI
1239 printf("atapi_cmd_error: sense=0x%x asc=0x%x\n", sense_key, asc);
1241 s->error = sense_key << 4;
1242 s->status = READY_STAT | ERR_STAT;
1243 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
1244 s->sense_key = sense_key;
1249 static void ide_atapi_cmd_check_status(IDEState *s)
1251 #ifdef DEBUG_IDE_ATAPI
1252 printf("atapi_cmd_check_status\n");
1254 s->error = MC_ERR | (SENSE_UNIT_ATTENTION << 4);
1255 s->status = ERR_STAT;
1260 static inline void cpu_to_ube16(uint8_t *buf, int val)
1266 static inline void cpu_to_ube32(uint8_t *buf, unsigned int val)
1274 static inline int ube16_to_cpu(const uint8_t *buf)
1276 return (buf[0] << 8) | buf[1];
1279 static inline int ube32_to_cpu(const uint8_t *buf)
1281 return (buf[0] << 24) | (buf[1] << 16) | (buf[2] << 8) | buf[3];
1284 static void lba_to_msf(uint8_t *buf, int lba)
1287 buf[0] = (lba / 75) / 60;
1288 buf[1] = (lba / 75) % 60;
1292 static void cd_data_to_raw(uint8_t *buf, int lba)
1296 memset(buf + 1, 0xff, 10);
1300 lba_to_msf(buf, lba);
1301 buf[3] = 0x01; /* mode 1 data */
1305 /* XXX: ECC not computed */
1306 memset(buf, 0, 288);
1309 static int cd_read_sector(BlockDriverState *bs, int lba, uint8_t *buf,
1314 switch(sector_size) {
1316 ret = bdrv_read(bs, (int64_t)lba << 2, buf, 4);
1319 ret = bdrv_read(bs, (int64_t)lba << 2, buf + 16, 4);
1322 cd_data_to_raw(buf, lba);
1331 static void ide_atapi_io_error(IDEState *s, int ret)
1333 /* XXX: handle more errors */
1334 if (ret == -ENOMEDIUM) {
1335 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1336 ASC_MEDIUM_NOT_PRESENT);
1338 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1339 ASC_LOGICAL_BLOCK_OOR);
1343 /* The whole ATAPI transfer logic is handled in this function */
1344 static void ide_atapi_cmd_reply_end(IDEState *s)
1346 int byte_count_limit, size, ret;
1347 #ifdef DEBUG_IDE_ATAPI
1348 printf("reply: tx_size=%d elem_tx_size=%d index=%d\n",
1349 s->packet_transfer_size,
1350 s->elementary_transfer_size,
1351 s->io_buffer_index);
1353 if (s->packet_transfer_size <= 0) {
1354 /* end of transfer */
1355 ide_transfer_stop(s);
1356 s->status = READY_STAT | SEEK_STAT;
1357 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
1359 #ifdef DEBUG_IDE_ATAPI
1360 printf("status=0x%x\n", s->status);
1363 /* see if a new sector must be read */
1364 if (s->lba != -1 && s->io_buffer_index >= s->cd_sector_size) {
1365 ret = cd_read_sector(s->bs, s->lba, s->io_buffer, s->cd_sector_size);
1367 ide_transfer_stop(s);
1368 ide_atapi_io_error(s, ret);
1372 s->io_buffer_index = 0;
1374 if (s->elementary_transfer_size > 0) {
1375 /* there are some data left to transmit in this elementary
1377 size = s->cd_sector_size - s->io_buffer_index;
1378 if (size > s->elementary_transfer_size)
1379 size = s->elementary_transfer_size;
1380 ide_transfer_start(s, s->io_buffer + s->io_buffer_index,
1381 size, ide_atapi_cmd_reply_end);
1382 s->packet_transfer_size -= size;
1383 s->elementary_transfer_size -= size;
1384 s->io_buffer_index += size;
1386 /* a new transfer is needed */
1387 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO;
1388 byte_count_limit = s->lcyl | (s->hcyl << 8);
1389 #ifdef DEBUG_IDE_ATAPI
1390 printf("byte_count_limit=%d\n", byte_count_limit);
1392 if (byte_count_limit == 0xffff)
1394 size = s->packet_transfer_size;
1395 if (size > byte_count_limit) {
1396 /* byte count limit must be even if this case */
1397 if (byte_count_limit & 1)
1399 size = byte_count_limit;
1402 s->hcyl = size >> 8;
1403 s->elementary_transfer_size = size;
1404 /* we cannot transmit more than one sector at a time */
1406 if (size > (s->cd_sector_size - s->io_buffer_index))
1407 size = (s->cd_sector_size - s->io_buffer_index);
1409 ide_transfer_start(s, s->io_buffer + s->io_buffer_index,
1410 size, ide_atapi_cmd_reply_end);
1411 s->packet_transfer_size -= size;
1412 s->elementary_transfer_size -= size;
1413 s->io_buffer_index += size;
1415 #ifdef DEBUG_IDE_ATAPI
1416 printf("status=0x%x\n", s->status);
1422 /* send a reply of 'size' bytes in s->io_buffer to an ATAPI command */
1423 static void ide_atapi_cmd_reply(IDEState *s, int size, int max_size)
1425 if (size > max_size)
1427 s->lba = -1; /* no sector read */
1428 s->packet_transfer_size = size;
1429 s->io_buffer_size = size; /* dma: send the reply data as one chunk */
1430 s->elementary_transfer_size = 0;
1431 s->io_buffer_index = 0;
1434 s->status = READY_STAT | SEEK_STAT | DRQ_STAT;
1435 ide_dma_start(s, ide_atapi_cmd_read_dma_cb);
1437 s->status = READY_STAT | SEEK_STAT;
1438 ide_atapi_cmd_reply_end(s);
1442 /* start a CD-CDROM read command */
1443 static void ide_atapi_cmd_read_pio(IDEState *s, int lba, int nb_sectors,
1447 s->packet_transfer_size = nb_sectors * sector_size;
1448 s->elementary_transfer_size = 0;
1449 s->io_buffer_index = sector_size;
1450 s->cd_sector_size = sector_size;
1452 s->status = READY_STAT | SEEK_STAT;
1453 ide_atapi_cmd_reply_end(s);
1456 /* ATAPI DMA support */
1458 /* XXX: handle read errors */
1459 static void ide_atapi_cmd_read_dma_cb(void *opaque, int ret)
1461 BMDMAState *bm = opaque;
1462 IDEState *s = bm->ide_if;
1466 ide_atapi_io_error(s, ret);
1470 if (s->io_buffer_size > 0) {
1472 * For a cdrom read sector command (s->lba != -1),
1473 * adjust the lba for the next s->io_buffer_size chunk
1474 * and dma the current chunk.
1475 * For a command != read (s->lba == -1), just transfer
1479 if (s->cd_sector_size == 2352) {
1481 cd_data_to_raw(s->io_buffer, s->lba);
1483 n = s->io_buffer_size >> 11;
1487 s->packet_transfer_size -= s->io_buffer_size;
1488 if (dma_buf_rw(bm, 1) == 0)
1492 if (s->packet_transfer_size <= 0) {
1493 s->status = READY_STAT | SEEK_STAT;
1494 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
1497 bm->status &= ~BM_STATUS_DMAING;
1498 bm->status |= BM_STATUS_INT;
1505 s->io_buffer_index = 0;
1506 if (s->cd_sector_size == 2352) {
1508 s->io_buffer_size = s->cd_sector_size;
1511 n = s->packet_transfer_size >> 11;
1512 if (n > (IDE_DMA_BUF_SECTORS / 4))
1513 n = (IDE_DMA_BUF_SECTORS / 4);
1514 s->io_buffer_size = n * 2048;
1518 printf("aio_read_cd: lba=%u n=%d\n", s->lba, n);
1520 bm->aiocb = bdrv_aio_read(s->bs, (int64_t)s->lba << 2,
1521 s->io_buffer + data_offset, n * 4,
1522 ide_atapi_cmd_read_dma_cb, bm);
1524 /* Note: media not present is the most likely case */
1525 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1526 ASC_MEDIUM_NOT_PRESENT);
1531 /* start a CD-CDROM read command with DMA */
1532 /* XXX: test if DMA is available */
1533 static void ide_atapi_cmd_read_dma(IDEState *s, int lba, int nb_sectors,
1537 s->packet_transfer_size = nb_sectors * sector_size;
1538 s->io_buffer_index = 0;
1539 s->io_buffer_size = 0;
1540 s->cd_sector_size = sector_size;
1542 /* XXX: check if BUSY_STAT should be set */
1543 s->status = READY_STAT | SEEK_STAT | DRQ_STAT | BUSY_STAT;
1544 ide_dma_start(s, ide_atapi_cmd_read_dma_cb);
1547 static void ide_atapi_cmd_read(IDEState *s, int lba, int nb_sectors,
1550 #ifdef DEBUG_IDE_ATAPI
1551 printf("read %s: LBA=%d nb_sectors=%d\n", s->atapi_dma ? "dma" : "pio",
1555 ide_atapi_cmd_read_dma(s, lba, nb_sectors, sector_size);
1557 ide_atapi_cmd_read_pio(s, lba, nb_sectors, sector_size);
1561 static inline uint8_t ide_atapi_set_profile(uint8_t *buf, uint8_t *index,
1564 uint8_t *buf_profile = buf + 12; /* start of profiles */
1566 buf_profile += ((*index) * 4); /* start of indexed profile */
1567 cpu_to_ube16 (buf_profile, profile);
1568 buf_profile[2] = ((buf_profile[0] == buf[6]) && (buf_profile[1] == buf[7]));
1570 /* each profile adds 4 bytes to the response */
1572 buf[11] += 4; /* Additional Length */
1577 static int ide_dvd_read_structure(IDEState *s, int format,
1578 const uint8_t *packet, uint8_t *buf)
1581 case 0x0: /* Physical format information */
1583 int layer = packet[6];
1584 uint64_t total_sectors;
1587 return -ASC_INV_FIELD_IN_CMD_PACKET;
1589 bdrv_get_geometry(s->bs, &total_sectors);
1590 total_sectors >>= 2;
1591 if (total_sectors == 0)
1592 return -ASC_MEDIUM_NOT_PRESENT;
1594 buf[4] = 1; /* DVD-ROM, part version 1 */
1595 buf[5] = 0xf; /* 120mm disc, minimum rate unspecified */
1596 buf[6] = 1; /* one layer, read-only (per MMC-2 spec) */
1597 buf[7] = 0; /* default densities */
1599 /* FIXME: 0x30000 per spec? */
1600 cpu_to_ube32(buf + 8, 0); /* start sector */
1601 cpu_to_ube32(buf + 12, total_sectors - 1); /* end sector */
1602 cpu_to_ube32(buf + 16, total_sectors - 1); /* l0 end sector */
1604 /* Size of buffer, not including 2 byte size field */
1605 cpu_to_be16wu((uint16_t *)buf, 2048 + 2);
1607 /* 2k data + 4 byte header */
1611 case 0x01: /* DVD copyright information */
1612 buf[4] = 0; /* no copyright data */
1613 buf[5] = 0; /* no region restrictions */
1615 /* Size of buffer, not including 2 byte size field */
1616 cpu_to_be16wu((uint16_t *)buf, 4 + 2);
1618 /* 4 byte header + 4 byte data */
1621 case 0x03: /* BCA information - invalid field for no BCA info */
1622 return -ASC_INV_FIELD_IN_CMD_PACKET;
1624 case 0x04: /* DVD disc manufacturing information */
1625 /* Size of buffer, not including 2 byte size field */
1626 cpu_to_be16wu((uint16_t *)buf, 2048 + 2);
1628 /* 2k data + 4 byte header */
1633 * This lists all the command capabilities above. Add new ones
1634 * in order and update the length and buffer return values.
1637 buf[4] = 0x00; /* Physical format */
1638 buf[5] = 0x40; /* Not writable, is readable */
1639 cpu_to_be16wu((uint16_t *)(buf + 6), 2048 + 4);
1641 buf[8] = 0x01; /* Copyright info */
1642 buf[9] = 0x40; /* Not writable, is readable */
1643 cpu_to_be16wu((uint16_t *)(buf + 10), 4 + 4);
1645 buf[12] = 0x03; /* BCA info */
1646 buf[13] = 0x40; /* Not writable, is readable */
1647 cpu_to_be16wu((uint16_t *)(buf + 14), 188 + 4);
1649 buf[16] = 0x04; /* Manufacturing info */
1650 buf[17] = 0x40; /* Not writable, is readable */
1651 cpu_to_be16wu((uint16_t *)(buf + 18), 2048 + 4);
1653 /* Size of buffer, not including 2 byte size field */
1654 cpu_to_be16wu((uint16_t *)buf, 16 + 2);
1656 /* data written + 4 byte header */
1659 default: /* TODO: formats beyond DVD-ROM requires */
1660 return -ASC_INV_FIELD_IN_CMD_PACKET;
1664 static void ide_atapi_cmd(IDEState *s)
1666 const uint8_t *packet;
1670 packet = s->io_buffer;
1672 #ifdef DEBUG_IDE_ATAPI
1675 printf("ATAPI limit=0x%x packet:", s->lcyl | (s->hcyl << 8));
1676 for(i = 0; i < ATAPI_PACKET_SIZE; i++) {
1677 printf(" %02x", packet[i]);
1682 /* If there's a UNIT_ATTENTION condition pending, only
1683 REQUEST_SENSE and INQUIRY commands are allowed to complete. */
1684 if (s->sense_key == SENSE_UNIT_ATTENTION &&
1685 s->io_buffer[0] != GPCMD_REQUEST_SENSE &&
1686 s->io_buffer[0] != GPCMD_INQUIRY) {
1687 ide_atapi_cmd_check_status(s);
1690 switch(s->io_buffer[0]) {
1691 case GPCMD_TEST_UNIT_READY:
1692 if (bdrv_is_inserted(s->bs)) {
1693 ide_atapi_cmd_ok(s);
1695 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1696 ASC_MEDIUM_NOT_PRESENT);
1699 case GPCMD_MODE_SENSE_6:
1700 case GPCMD_MODE_SENSE_10:
1703 if (packet[0] == GPCMD_MODE_SENSE_10)
1704 max_len = ube16_to_cpu(packet + 7);
1706 max_len = packet[4];
1707 action = packet[2] >> 6;
1708 code = packet[2] & 0x3f;
1710 case 0: /* current values */
1712 case 0x01: /* error recovery */
1713 cpu_to_ube16(&buf[0], 16 + 6);
1729 ide_atapi_cmd_reply(s, 16, max_len);
1732 cpu_to_ube16(&buf[0], 28 + 6);
1745 /* Claim PLAY_AUDIO capability (0x01) since some Linux
1746 code checks for this to automount media. */
1749 buf[14] = (1 << 0) | (1 << 3) | (1 << 5);
1750 if (bdrv_is_locked(s->bs))
1753 cpu_to_ube16(&buf[16], 706);
1756 cpu_to_ube16(&buf[20], 512);
1757 cpu_to_ube16(&buf[22], 706);
1762 ide_atapi_cmd_reply(s, 28, max_len);
1768 case 1: /* changeable values */
1770 case 2: /* default values */
1773 case 3: /* saved values */
1774 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1775 ASC_SAVING_PARAMETERS_NOT_SUPPORTED);
1780 case GPCMD_REQUEST_SENSE:
1781 max_len = packet[4];
1783 buf[0] = 0x70 | (1 << 7);
1784 buf[2] = s->sense_key;
1787 if (s->sense_key == SENSE_UNIT_ATTENTION)
1788 s->sense_key = SENSE_NONE;
1789 ide_atapi_cmd_reply(s, 18, max_len);
1791 case GPCMD_PREVENT_ALLOW_MEDIUM_REMOVAL:
1792 if (bdrv_is_inserted(s->bs)) {
1793 bdrv_set_locked(s->bs, packet[4] & 1);
1794 ide_atapi_cmd_ok(s);
1796 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1797 ASC_MEDIUM_NOT_PRESENT);
1803 int nb_sectors, lba;
1805 if (packet[0] == GPCMD_READ_10)
1806 nb_sectors = ube16_to_cpu(packet + 7);
1808 nb_sectors = ube32_to_cpu(packet + 6);
1809 lba = ube32_to_cpu(packet + 2);
1810 if (nb_sectors == 0) {
1811 ide_atapi_cmd_ok(s);
1814 ide_atapi_cmd_read(s, lba, nb_sectors, 2048);
1819 int nb_sectors, lba, transfer_request;
1821 nb_sectors = (packet[6] << 16) | (packet[7] << 8) | packet[8];
1822 lba = ube32_to_cpu(packet + 2);
1823 if (nb_sectors == 0) {
1824 ide_atapi_cmd_ok(s);
1827 transfer_request = packet[9];
1828 switch(transfer_request & 0xf8) {
1831 ide_atapi_cmd_ok(s);
1835 ide_atapi_cmd_read(s, lba, nb_sectors, 2048);
1839 ide_atapi_cmd_read(s, lba, nb_sectors, 2352);
1842 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1843 ASC_INV_FIELD_IN_CMD_PACKET);
1851 uint64_t total_sectors;
1853 bdrv_get_geometry(s->bs, &total_sectors);
1854 total_sectors >>= 2;
1855 if (total_sectors == 0) {
1856 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1857 ASC_MEDIUM_NOT_PRESENT);
1860 lba = ube32_to_cpu(packet + 2);
1861 if (lba >= total_sectors) {
1862 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1863 ASC_LOGICAL_BLOCK_OOR);
1866 ide_atapi_cmd_ok(s);
1869 case GPCMD_START_STOP_UNIT:
1872 start = packet[4] & 1;
1873 eject = (packet[4] >> 1) & 1;
1875 if (eject && !start) {
1876 /* eject the disk */
1877 bdrv_eject(s->bs, 1);
1878 } else if (eject && start) {
1879 /* close the tray */
1880 bdrv_eject(s->bs, 0);
1882 ide_atapi_cmd_ok(s);
1885 case GPCMD_MECHANISM_STATUS:
1887 max_len = ube16_to_cpu(packet + 8);
1888 cpu_to_ube16(buf, 0);
1889 /* no current LBA */
1894 cpu_to_ube16(buf + 6, 0);
1895 ide_atapi_cmd_reply(s, 8, max_len);
1898 case GPCMD_READ_TOC_PMA_ATIP:
1900 int format, msf, start_track, len;
1901 uint64_t total_sectors;
1903 bdrv_get_geometry(s->bs, &total_sectors);
1904 total_sectors >>= 2;
1905 if (total_sectors == 0) {
1906 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1907 ASC_MEDIUM_NOT_PRESENT);
1910 max_len = ube16_to_cpu(packet + 7);
1911 format = packet[9] >> 6;
1912 msf = (packet[1] >> 1) & 1;
1913 start_track = packet[6];
1916 len = cdrom_read_toc(total_sectors, buf, msf, start_track);
1919 ide_atapi_cmd_reply(s, len, max_len);
1922 /* multi session : only a single session defined */
1927 ide_atapi_cmd_reply(s, 12, max_len);
1930 len = cdrom_read_toc_raw(total_sectors, buf, msf, start_track);
1933 ide_atapi_cmd_reply(s, len, max_len);
1937 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1938 ASC_INV_FIELD_IN_CMD_PACKET);
1943 case GPCMD_READ_CDVD_CAPACITY:
1945 uint64_t total_sectors;
1947 bdrv_get_geometry(s->bs, &total_sectors);
1948 total_sectors >>= 2;
1949 if (total_sectors == 0) {
1950 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1951 ASC_MEDIUM_NOT_PRESENT);
1954 /* NOTE: it is really the number of sectors minus 1 */
1955 cpu_to_ube32(buf, total_sectors - 1);
1956 cpu_to_ube32(buf + 4, 2048);
1957 ide_atapi_cmd_reply(s, 8, 8);
1960 case GPCMD_READ_DVD_STRUCTURE:
1962 int media = packet[1];
1963 int format = packet[7];
1966 max_len = ube16_to_cpu(packet + 8);
1968 if (format < 0xff) {
1969 if (media_is_cd(s)) {
1970 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1971 ASC_INCOMPATIBLE_FORMAT);
1973 } else if (!media_present(s)) {
1974 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1975 ASC_INV_FIELD_IN_CMD_PACKET);
1980 memset(buf, 0, max_len > IDE_DMA_BUF_SECTORS * 512 + 4 ?
1981 IDE_DMA_BUF_SECTORS * 512 + 4 : max_len);
1987 ret = ide_dvd_read_structure(s, format, packet, buf);
1990 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST, -ret);
1992 ide_atapi_cmd_reply(s, ret, max_len);
1996 /* TODO: BD support, fall through for now */
1998 /* Generic disk structures */
1999 case 0x80: /* TODO: AACS volume identifier */
2000 case 0x81: /* TODO: AACS media serial number */
2001 case 0x82: /* TODO: AACS media identifier */
2002 case 0x83: /* TODO: AACS media key block */
2003 case 0x90: /* TODO: List of recognized format layers */
2004 case 0xc0: /* TODO: Write protection status */
2006 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
2007 ASC_INV_FIELD_IN_CMD_PACKET);
2012 case GPCMD_SET_SPEED:
2013 ide_atapi_cmd_ok(s);
2016 max_len = packet[4];
2017 buf[0] = 0x05; /* CD-ROM */
2018 buf[1] = 0x80; /* removable */
2019 buf[2] = 0x00; /* ISO */
2020 buf[3] = 0x21; /* ATAPI-2 (XXX: put ATAPI-4 ?) */
2021 buf[4] = 31; /* additional length */
2022 buf[5] = 0; /* reserved */
2023 buf[6] = 0; /* reserved */
2024 buf[7] = 0; /* reserved */
2025 padstr8(buf + 8, 8, "QEMU");
2026 padstr8(buf + 16, 16, "QEMU DVD-ROM");
2027 padstr8(buf + 32, 4, QEMU_VERSION);
2028 ide_atapi_cmd_reply(s, 36, max_len);
2030 case GPCMD_GET_CONFIGURATION:
2035 /* only feature 0 is supported */
2036 if (packet[2] != 0 || packet[3] != 0) {
2037 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
2038 ASC_INV_FIELD_IN_CMD_PACKET);
2042 /* XXX: could result in alignment problems in some architectures */
2043 max_len = ube16_to_cpu(packet + 7);
2046 * XXX: avoid overflow for io_buffer if max_len is bigger than
2047 * the size of that buffer (dimensioned to max number of
2048 * sectors to transfer at once)
2050 * Only a problem if the feature/profiles grow.
2052 if (max_len > 512) /* XXX: assume 1 sector */
2055 memset(buf, 0, max_len);
2057 * the number of sectors from the media tells us which profile
2058 * to use as current. 0 means there is no media
2060 if (media_is_dvd(s))
2061 cpu_to_ube16(buf + 6, MMC_PROFILE_DVD_ROM);
2062 else if (media_is_cd(s))
2063 cpu_to_ube16(buf + 6, MMC_PROFILE_CD_ROM);
2065 buf[10] = 0x02 | 0x01; /* persistent and current */
2066 len = 12; /* headers: 8 + 4 */
2067 len += ide_atapi_set_profile(buf, &index, MMC_PROFILE_DVD_ROM);
2068 len += ide_atapi_set_profile(buf, &index, MMC_PROFILE_CD_ROM);
2069 cpu_to_ube32(buf, len - 4); /* data length */
2071 ide_atapi_cmd_reply(s, len, max_len);
2075 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
2076 ASC_ILLEGAL_OPCODE);
2081 static void ide_cfata_metadata_inquiry(IDEState *s)
2086 p = (uint16_t *) s->io_buffer;
2087 memset(p, 0, 0x200);
2088 spd = ((s->mdata_size - 1) >> 9) + 1;
2090 put_le16(p + 0, 0x0001); /* Data format revision */
2091 put_le16(p + 1, 0x0000); /* Media property: silicon */
2092 put_le16(p + 2, s->media_changed); /* Media status */
2093 put_le16(p + 3, s->mdata_size & 0xffff); /* Capacity in bytes (low) */
2094 put_le16(p + 4, s->mdata_size >> 16); /* Capacity in bytes (high) */
2095 put_le16(p + 5, spd & 0xffff); /* Sectors per device (low) */
2096 put_le16(p + 6, spd >> 16); /* Sectors per device (high) */
2099 static void ide_cfata_metadata_read(IDEState *s)
2103 if (((s->hcyl << 16) | s->lcyl) << 9 > s->mdata_size + 2) {
2104 s->status = ERR_STAT;
2105 s->error = ABRT_ERR;
2109 p = (uint16_t *) s->io_buffer;
2110 memset(p, 0, 0x200);
2112 put_le16(p + 0, s->media_changed); /* Media status */
2113 memcpy(p + 1, s->mdata_storage + (((s->hcyl << 16) | s->lcyl) << 9),
2114 MIN(MIN(s->mdata_size - (((s->hcyl << 16) | s->lcyl) << 9),
2115 s->nsector << 9), 0x200 - 2));
2118 static void ide_cfata_metadata_write(IDEState *s)
2120 if (((s->hcyl << 16) | s->lcyl) << 9 > s->mdata_size + 2) {
2121 s->status = ERR_STAT;
2122 s->error = ABRT_ERR;
2126 s->media_changed = 0;
2128 memcpy(s->mdata_storage + (((s->hcyl << 16) | s->lcyl) << 9),
2130 MIN(MIN(s->mdata_size - (((s->hcyl << 16) | s->lcyl) << 9),
2131 s->nsector << 9), 0x200 - 2));
2134 /* called when the inserted state of the media has changed */
2135 static void cdrom_change_cb(void *opaque)
2137 IDEState *s = opaque;
2138 uint64_t nb_sectors;
2140 bdrv_get_geometry(s->bs, &nb_sectors);
2141 s->nb_sectors = nb_sectors;
2143 s->sense_key = SENSE_UNIT_ATTENTION;
2144 s->asc = ASC_MEDIUM_MAY_HAVE_CHANGED;
2149 static void ide_cmd_lba48_transform(IDEState *s, int lba48)
2153 /* handle the 'magic' 0 nsector count conversion here. to avoid
2154 * fiddling with the rest of the read logic, we just store the
2155 * full sector count in ->nsector and ignore ->hob_nsector from now
2161 if (!s->nsector && !s->hob_nsector)
2164 int lo = s->nsector;
2165 int hi = s->hob_nsector;
2167 s->nsector = (hi << 8) | lo;
2172 static void ide_clear_hob(IDEState *ide_if)
2174 /* any write clears HOB high bit of device control register */
2175 ide_if[0].select &= ~(1 << 7);
2176 ide_if[1].select &= ~(1 << 7);
2179 static void ide_ioport_write(void *opaque, uint32_t addr, uint32_t val)
2181 IDEState *ide_if = opaque;
2187 printf("IDE: write addr=0x%x val=0x%02x\n", addr, val);
2192 /* ignore writes to command block while busy with previous command */
2193 if (addr != 7 && (ide_if->cur_drive->status & (BUSY_STAT|DRQ_STAT)))
2200 ide_clear_hob(ide_if);
2201 /* NOTE: data is written to the two drives */
2202 ide_if[0].hob_feature = ide_if[0].feature;
2203 ide_if[1].hob_feature = ide_if[1].feature;
2204 ide_if[0].feature = val;
2205 ide_if[1].feature = val;
2208 ide_clear_hob(ide_if);
2209 ide_if[0].hob_nsector = ide_if[0].nsector;
2210 ide_if[1].hob_nsector = ide_if[1].nsector;
2211 ide_if[0].nsector = val;
2212 ide_if[1].nsector = val;
2215 ide_clear_hob(ide_if);
2216 ide_if[0].hob_sector = ide_if[0].sector;
2217 ide_if[1].hob_sector = ide_if[1].sector;
2218 ide_if[0].sector = val;
2219 ide_if[1].sector = val;
2222 ide_clear_hob(ide_if);
2223 ide_if[0].hob_lcyl = ide_if[0].lcyl;
2224 ide_if[1].hob_lcyl = ide_if[1].lcyl;
2225 ide_if[0].lcyl = val;
2226 ide_if[1].lcyl = val;
2229 ide_clear_hob(ide_if);
2230 ide_if[0].hob_hcyl = ide_if[0].hcyl;
2231 ide_if[1].hob_hcyl = ide_if[1].hcyl;
2232 ide_if[0].hcyl = val;
2233 ide_if[1].hcyl = val;
2236 /* FIXME: HOB readback uses bit 7 */
2237 ide_if[0].select = (val & ~0x10) | 0xa0;
2238 ide_if[1].select = (val | 0x10) | 0xa0;
2240 unit = (val >> 4) & 1;
2242 ide_if->cur_drive = s;
2247 #if defined(DEBUG_IDE)
2248 printf("ide: CMD=%02x\n", val);
2250 s = ide_if->cur_drive;
2251 /* ignore commands to non existant slave */
2252 if (s != ide_if && !s->bs)
2255 /* Only DEVICE RESET is allowed while BSY or/and DRQ are set */
2256 if ((s->status & (BUSY_STAT|DRQ_STAT)) && val != WIN_DEVICE_RESET)
2261 if (s->bs && !s->is_cdrom) {
2265 ide_cfata_identify(s);
2266 s->status = READY_STAT | SEEK_STAT;
2267 ide_transfer_start(s, s->io_buffer, 512, ide_transfer_stop);
2270 ide_set_signature(s);
2272 ide_abort_command(s);
2279 s->status = READY_STAT | SEEK_STAT;
2283 if (s->is_cf && s->nsector == 0) {
2284 /* Disable Read and Write Multiple */
2285 s->mult_sectors = 0;
2286 s->status = READY_STAT | SEEK_STAT;
2287 } else if ((s->nsector & 0xff) != 0 &&
2288 ((s->nsector & 0xff) > MAX_MULT_SECTORS ||
2289 (s->nsector & (s->nsector - 1)) != 0)) {
2290 ide_abort_command(s);
2292 s->mult_sectors = s->nsector & 0xff;
2293 s->status = READY_STAT | SEEK_STAT;
2297 case WIN_VERIFY_EXT:
2300 case WIN_VERIFY_ONCE:
2301 /* do sector number check ? */
2302 ide_cmd_lba48_transform(s, lba48);
2303 s->status = READY_STAT | SEEK_STAT;
2312 ide_cmd_lba48_transform(s, lba48);
2313 s->req_nb_sectors = 1;
2319 case WIN_WRITE_ONCE:
2320 case CFA_WRITE_SECT_WO_ERASE:
2321 case WIN_WRITE_VERIFY:
2322 ide_cmd_lba48_transform(s, lba48);
2324 s->status = SEEK_STAT | READY_STAT;
2325 s->req_nb_sectors = 1;
2326 ide_transfer_start(s, s->io_buffer, 512, ide_sector_write);
2327 s->media_changed = 1;
2329 case WIN_MULTREAD_EXT:
2332 if (!s->mult_sectors)
2334 ide_cmd_lba48_transform(s, lba48);
2335 s->req_nb_sectors = s->mult_sectors;
2338 case WIN_MULTWRITE_EXT:
2341 case CFA_WRITE_MULTI_WO_ERASE:
2342 if (!s->mult_sectors)
2344 ide_cmd_lba48_transform(s, lba48);
2346 s->status = SEEK_STAT | READY_STAT;
2347 s->req_nb_sectors = s->mult_sectors;
2349 if (n > s->req_nb_sectors)
2350 n = s->req_nb_sectors;
2351 ide_transfer_start(s, s->io_buffer, 512 * n, ide_sector_write);
2352 s->media_changed = 1;
2354 case WIN_READDMA_EXT:
2357 case WIN_READDMA_ONCE:
2360 ide_cmd_lba48_transform(s, lba48);
2361 ide_sector_read_dma(s);
2363 case WIN_WRITEDMA_EXT:
2366 case WIN_WRITEDMA_ONCE:
2369 ide_cmd_lba48_transform(s, lba48);
2370 ide_sector_write_dma(s);
2371 s->media_changed = 1;
2373 case WIN_READ_NATIVE_MAX_EXT:
2375 case WIN_READ_NATIVE_MAX:
2376 ide_cmd_lba48_transform(s, lba48);
2377 ide_set_sector(s, s->nb_sectors - 1);
2378 s->status = READY_STAT | SEEK_STAT;
2381 case WIN_CHECKPOWERMODE1:
2382 case WIN_CHECKPOWERMODE2:
2383 s->nsector = 0xff; /* device active or idle */
2384 s->status = READY_STAT | SEEK_STAT;
2387 case WIN_SETFEATURES:
2390 /* XXX: valid for CDROM ? */
2391 switch(s->feature) {
2392 case 0xcc: /* reverting to power-on defaults enable */
2393 case 0x66: /* reverting to power-on defaults disable */
2394 case 0x02: /* write cache enable */
2395 case 0x82: /* write cache disable */
2396 case 0xaa: /* read look-ahead enable */
2397 case 0x55: /* read look-ahead disable */
2398 case 0x05: /* set advanced power management mode */
2399 case 0x85: /* disable advanced power management mode */
2400 case 0x69: /* NOP */
2401 case 0x67: /* NOP */
2402 case 0x96: /* NOP */
2403 case 0x9a: /* NOP */
2404 case 0x42: /* enable Automatic Acoustic Mode */
2405 case 0xc2: /* disable Automatic Acoustic Mode */
2406 s->status = READY_STAT | SEEK_STAT;
2409 case 0x03: { /* set transfer mode */
2410 uint8_t val = s->nsector & 0x07;
2412 switch (s->nsector >> 3) {
2413 case 0x00: /* pio default */
2414 case 0x01: /* pio mode */
2415 put_le16(s->identify_data + 62,0x07);
2416 put_le16(s->identify_data + 63,0x07);
2417 put_le16(s->identify_data + 88,0x3f);
2419 case 0x02: /* sigle word dma mode*/
2420 put_le16(s->identify_data + 62,0x07 | (1 << (val + 8)));
2421 put_le16(s->identify_data + 63,0x07);
2422 put_le16(s->identify_data + 88,0x3f);
2424 case 0x04: /* mdma mode */
2425 put_le16(s->identify_data + 62,0x07);
2426 put_le16(s->identify_data + 63,0x07 | (1 << (val + 8)));
2427 put_le16(s->identify_data + 88,0x3f);
2429 case 0x08: /* udma mode */
2430 put_le16(s->identify_data + 62,0x07);
2431 put_le16(s->identify_data + 63,0x07);
2432 put_le16(s->identify_data + 88,0x3f | (1 << (val + 8)));
2437 s->status = READY_STAT | SEEK_STAT;
2445 case WIN_FLUSH_CACHE:
2446 case WIN_FLUSH_CACHE_EXT:
2449 s->status = READY_STAT | SEEK_STAT;
2454 case WIN_STANDBYNOW1:
2455 case WIN_STANDBYNOW2:
2456 case WIN_IDLEIMMEDIATE:
2457 case CFA_IDLEIMMEDIATE:
2462 s->status = READY_STAT;
2468 /* XXX: Check that seek is within bounds */
2469 s->status = READY_STAT | SEEK_STAT;
2472 /* ATAPI commands */
2475 ide_atapi_identify(s);
2476 s->status = READY_STAT | SEEK_STAT;
2477 ide_transfer_start(s, s->io_buffer, 512, ide_transfer_stop);
2479 ide_abort_command(s);
2484 ide_set_signature(s);
2486 s->status = 0; /* ATAPI spec (v6) section 9.10 defines packet
2487 * devices to return a clear status register
2488 * with READY_STAT *not* set. */
2490 s->status = READY_STAT | SEEK_STAT;
2491 s->error = 0x01; /* Device 0 passed, Device 1 passed or not
2499 ide_set_signature(s);
2500 s->status = 0x00; /* NOTE: READY is _not_ set */
2506 /* overlapping commands not supported */
2507 if (s->feature & 0x02)
2509 s->status = READY_STAT | SEEK_STAT;
2510 s->atapi_dma = s->feature & 1;
2512 ide_transfer_start(s, s->io_buffer, ATAPI_PACKET_SIZE,
2515 /* CF-ATA commands */
2516 case CFA_REQ_EXT_ERROR_CODE:
2519 s->error = 0x09; /* miscellaneous error */
2520 s->status = READY_STAT | SEEK_STAT;
2523 case CFA_ERASE_SECTORS:
2524 case CFA_WEAR_LEVEL:
2527 if (val == CFA_WEAR_LEVEL)
2529 if (val == CFA_ERASE_SECTORS)
2530 s->media_changed = 1;
2532 s->status = READY_STAT | SEEK_STAT;
2535 case CFA_TRANSLATE_SECTOR:
2539 s->status = READY_STAT | SEEK_STAT;
2540 memset(s->io_buffer, 0, 0x200);
2541 s->io_buffer[0x00] = s->hcyl; /* Cyl MSB */
2542 s->io_buffer[0x01] = s->lcyl; /* Cyl LSB */
2543 s->io_buffer[0x02] = s->select; /* Head */
2544 s->io_buffer[0x03] = s->sector; /* Sector */
2545 s->io_buffer[0x04] = ide_get_sector(s) >> 16; /* LBA MSB */
2546 s->io_buffer[0x05] = ide_get_sector(s) >> 8; /* LBA */
2547 s->io_buffer[0x06] = ide_get_sector(s) >> 0; /* LBA LSB */
2548 s->io_buffer[0x13] = 0x00; /* Erase flag */
2549 s->io_buffer[0x18] = 0x00; /* Hot count */
2550 s->io_buffer[0x19] = 0x00; /* Hot count */
2551 s->io_buffer[0x1a] = 0x01; /* Hot count */
2552 ide_transfer_start(s, s->io_buffer, 0x200, ide_transfer_stop);
2555 case CFA_ACCESS_METADATA_STORAGE:
2558 switch (s->feature) {
2559 case 0x02: /* Inquiry Metadata Storage */
2560 ide_cfata_metadata_inquiry(s);
2562 case 0x03: /* Read Metadata Storage */
2563 ide_cfata_metadata_read(s);
2565 case 0x04: /* Write Metadata Storage */
2566 ide_cfata_metadata_write(s);
2571 ide_transfer_start(s, s->io_buffer, 0x200, ide_transfer_stop);
2572 s->status = 0x00; /* NOTE: READY is _not_ set */
2575 case IBM_SENSE_CONDITION:
2578 switch (s->feature) {
2579 case 0x01: /* sense temperature in device */
2580 s->nsector = 0x50; /* +20 C */
2585 s->status = READY_STAT | SEEK_STAT;
2590 ide_abort_command(s);
2597 static uint32_t ide_ioport_read(void *opaque, uint32_t addr1)
2599 IDEState *ide_if = opaque;
2600 IDEState *s = ide_if->cur_drive;
2605 /* FIXME: HOB readback uses bit 7, but it's always set right now */
2606 //hob = s->select & (1 << 7);
2613 if ((!ide_if[0].bs && !ide_if[1].bs) ||
2614 (s != ide_if && !s->bs))
2619 ret = s->hob_feature;
2622 if (!ide_if[0].bs && !ide_if[1].bs)
2625 ret = s->nsector & 0xff;
2627 ret = s->hob_nsector;
2630 if (!ide_if[0].bs && !ide_if[1].bs)
2635 ret = s->hob_sector;
2638 if (!ide_if[0].bs && !ide_if[1].bs)
2646 if (!ide_if[0].bs && !ide_if[1].bs)
2654 if (!ide_if[0].bs && !ide_if[1].bs)
2661 if ((!ide_if[0].bs && !ide_if[1].bs) ||
2662 (s != ide_if && !s->bs))
2666 qemu_irq_lower(s->irq);
2670 printf("ide: read addr=0x%x val=%02x\n", addr1, ret);
2675 static uint32_t ide_status_read(void *opaque, uint32_t addr)
2677 IDEState *ide_if = opaque;
2678 IDEState *s = ide_if->cur_drive;
2681 if ((!ide_if[0].bs && !ide_if[1].bs) ||
2682 (s != ide_if && !s->bs))
2687 printf("ide: read status addr=0x%x val=%02x\n", addr, ret);
2692 static void ide_cmd_write(void *opaque, uint32_t addr, uint32_t val)
2694 IDEState *ide_if = opaque;
2699 printf("ide: write control addr=0x%x val=%02x\n", addr, val);
2701 /* common for both drives */
2702 if (!(ide_if[0].cmd & IDE_CMD_RESET) &&
2703 (val & IDE_CMD_RESET)) {
2704 /* reset low to high */
2705 for(i = 0;i < 2; i++) {
2707 s->status = BUSY_STAT | SEEK_STAT;
2710 } else if ((ide_if[0].cmd & IDE_CMD_RESET) &&
2711 !(val & IDE_CMD_RESET)) {
2713 for(i = 0;i < 2; i++) {
2716 s->status = 0x00; /* NOTE: READY is _not_ set */
2718 s->status = READY_STAT | SEEK_STAT;
2719 ide_set_signature(s);
2723 ide_if[0].cmd = val;
2724 ide_if[1].cmd = val;
2727 static void ide_data_writew(void *opaque, uint32_t addr, uint32_t val)
2729 IDEState *s = ((IDEState *)opaque)->cur_drive;
2732 /* PIO data access allowed only when DRQ bit is set */
2733 if (!(s->status & DRQ_STAT))
2737 *(uint16_t *)p = le16_to_cpu(val);
2740 if (p >= s->data_end)
2741 s->end_transfer_func(s);
2744 static uint32_t ide_data_readw(void *opaque, uint32_t addr)
2746 IDEState *s = ((IDEState *)opaque)->cur_drive;
2750 /* PIO data access allowed only when DRQ bit is set */
2751 if (!(s->status & DRQ_STAT))
2755 ret = cpu_to_le16(*(uint16_t *)p);
2758 if (p >= s->data_end)
2759 s->end_transfer_func(s);
2763 static void ide_data_writel(void *opaque, uint32_t addr, uint32_t val)
2765 IDEState *s = ((IDEState *)opaque)->cur_drive;
2768 /* PIO data access allowed only when DRQ bit is set */
2769 if (!(s->status & DRQ_STAT))
2773 *(uint32_t *)p = le32_to_cpu(val);
2776 if (p >= s->data_end)
2777 s->end_transfer_func(s);
2780 static uint32_t ide_data_readl(void *opaque, uint32_t addr)
2782 IDEState *s = ((IDEState *)opaque)->cur_drive;
2786 /* PIO data access allowed only when DRQ bit is set */
2787 if (!(s->status & DRQ_STAT))
2791 ret = cpu_to_le32(*(uint32_t *)p);
2794 if (p >= s->data_end)
2795 s->end_transfer_func(s);
2799 static void ide_dummy_transfer_stop(IDEState *s)
2801 s->data_ptr = s->io_buffer;
2802 s->data_end = s->io_buffer;
2803 s->io_buffer[0] = 0xff;
2804 s->io_buffer[1] = 0xff;
2805 s->io_buffer[2] = 0xff;
2806 s->io_buffer[3] = 0xff;
2809 static void ide_reset(IDEState *s)
2812 s->mult_sectors = 0;
2814 s->mult_sectors = MAX_MULT_SECTORS;
2817 s->status = READY_STAT | SEEK_STAT;
2818 ide_set_signature(s);
2819 /* init the transfer handler so that 0xffff is returned on data
2821 s->end_transfer_func = ide_dummy_transfer_stop;
2822 ide_dummy_transfer_stop(s);
2823 s->media_changed = 0;
2826 static void ide_init2(IDEState *ide_state,
2827 BlockDriverState *hd0, BlockDriverState *hd1,
2831 static int drive_serial = 1;
2832 int i, cylinders, heads, secs;
2833 uint64_t nb_sectors;
2835 for(i = 0; i < 2; i++) {
2837 s->io_buffer = qemu_memalign(512, IDE_DMA_BUF_SECTORS*512 + 4);
2843 bdrv_get_geometry(s->bs, &nb_sectors);
2844 bdrv_guess_geometry(s->bs, &cylinders, &heads, &secs);
2845 s->cylinders = cylinders;
2848 s->nb_sectors = nb_sectors;
2850 if (bdrv_get_type_hint(s->bs) == BDRV_TYPE_CDROM) {
2852 bdrv_set_change_cb(s->bs, cdrom_change_cb, s);
2855 s->drive_serial = drive_serial++;
2856 strncpy(s->drive_serial_str, drive_get_serial(s->bs),
2857 sizeof(s->drive_serial_str));
2858 if (strlen(s->drive_serial_str) == 0)
2859 snprintf(s->drive_serial_str, sizeof(s->drive_serial_str),
2860 "QM%05d", s->drive_serial);
2862 s->sector_write_timer = qemu_new_timer(vm_clock,
2863 ide_sector_write_timer_cb, s);
2868 static void ide_init_ioport(IDEState *ide_state, int iobase, int iobase2)
2870 register_ioport_write(iobase, 8, 1, ide_ioport_write, ide_state);
2871 register_ioport_read(iobase, 8, 1, ide_ioport_read, ide_state);
2873 register_ioport_read(iobase2, 1, 1, ide_status_read, ide_state);
2874 register_ioport_write(iobase2, 1, 1, ide_cmd_write, ide_state);
2878 register_ioport_write(iobase, 2, 2, ide_data_writew, ide_state);
2879 register_ioport_read(iobase, 2, 2, ide_data_readw, ide_state);
2880 register_ioport_write(iobase, 4, 4, ide_data_writel, ide_state);
2881 register_ioport_read(iobase, 4, 4, ide_data_readl, ide_state);
2884 /* save per IDE drive data */
2885 static void ide_save(QEMUFile* f, IDEState *s)
2887 qemu_put_be32(f, s->mult_sectors);
2888 qemu_put_be32(f, s->identify_set);
2889 if (s->identify_set) {
2890 qemu_put_buffer(f, (const uint8_t *)s->identify_data, 512);
2892 qemu_put_8s(f, &s->feature);
2893 qemu_put_8s(f, &s->error);
2894 qemu_put_be32s(f, &s->nsector);
2895 qemu_put_8s(f, &s->sector);
2896 qemu_put_8s(f, &s->lcyl);
2897 qemu_put_8s(f, &s->hcyl);
2898 qemu_put_8s(f, &s->hob_feature);
2899 qemu_put_8s(f, &s->hob_nsector);
2900 qemu_put_8s(f, &s->hob_sector);
2901 qemu_put_8s(f, &s->hob_lcyl);
2902 qemu_put_8s(f, &s->hob_hcyl);
2903 qemu_put_8s(f, &s->select);
2904 qemu_put_8s(f, &s->status);
2905 qemu_put_8s(f, &s->lba48);
2907 qemu_put_8s(f, &s->sense_key);
2908 qemu_put_8s(f, &s->asc);
2909 /* XXX: if a transfer is pending, we do not save it yet */
2912 /* load per IDE drive data */
2913 static void ide_load(QEMUFile* f, IDEState *s)
2915 s->mult_sectors=qemu_get_be32(f);
2916 s->identify_set=qemu_get_be32(f);
2917 if (s->identify_set) {
2918 qemu_get_buffer(f, (uint8_t *)s->identify_data, 512);
2920 qemu_get_8s(f, &s->feature);
2921 qemu_get_8s(f, &s->error);
2922 qemu_get_be32s(f, &s->nsector);
2923 qemu_get_8s(f, &s->sector);
2924 qemu_get_8s(f, &s->lcyl);
2925 qemu_get_8s(f, &s->hcyl);
2926 qemu_get_8s(f, &s->hob_feature);
2927 qemu_get_8s(f, &s->hob_nsector);
2928 qemu_get_8s(f, &s->hob_sector);
2929 qemu_get_8s(f, &s->hob_lcyl);
2930 qemu_get_8s(f, &s->hob_hcyl);
2931 qemu_get_8s(f, &s->select);
2932 qemu_get_8s(f, &s->status);
2933 qemu_get_8s(f, &s->lba48);
2935 qemu_get_8s(f, &s->sense_key);
2936 qemu_get_8s(f, &s->asc);
2937 /* XXX: if a transfer is pending, we do not save it yet */
2940 /***********************************************************/
2941 /* ISA IDE definitions */
2943 void isa_ide_init(int iobase, int iobase2, qemu_irq irq,
2944 BlockDriverState *hd0, BlockDriverState *hd1)
2946 IDEState *ide_state;
2948 ide_state = qemu_mallocz(sizeof(IDEState) * 2);
2952 ide_init2(ide_state, hd0, hd1, irq);
2953 ide_init_ioport(ide_state, iobase, iobase2);
2956 /***********************************************************/
2957 /* PCI IDE definitions */
2959 static void cmd646_update_irq(PCIIDEState *d);
2961 static void ide_map(PCIDevice *pci_dev, int region_num,
2962 uint32_t addr, uint32_t size, int type)
2964 PCIIDEState *d = (PCIIDEState *)pci_dev;
2965 IDEState *ide_state;
2967 if (region_num <= 3) {
2968 ide_state = &d->ide_if[(region_num >> 1) * 2];
2969 if (region_num & 1) {
2970 register_ioport_read(addr + 2, 1, 1, ide_status_read, ide_state);
2971 register_ioport_write(addr + 2, 1, 1, ide_cmd_write, ide_state);
2973 register_ioport_write(addr, 8, 1, ide_ioport_write, ide_state);
2974 register_ioport_read(addr, 8, 1, ide_ioport_read, ide_state);
2977 register_ioport_write(addr, 2, 2, ide_data_writew, ide_state);
2978 register_ioport_read(addr, 2, 2, ide_data_readw, ide_state);
2979 register_ioport_write(addr, 4, 4, ide_data_writel, ide_state);
2980 register_ioport_read(addr, 4, 4, ide_data_readl, ide_state);
2985 static void ide_dma_start(IDEState *s, BlockDriverCompletionFunc *dma_cb)
2987 BMDMAState *bm = s->bmdma;
2991 bm->dma_cb = dma_cb;
2992 bm->cur_prd_last = 0;
2993 bm->cur_prd_addr = 0;
2994 bm->cur_prd_len = 0;
2995 bm->sector_num = ide_get_sector(s);
2996 bm->nsector = s->nsector;
2997 if (bm->status & BM_STATUS_DMAING) {
3002 static void ide_dma_restart(IDEState *s)
3004 BMDMAState *bm = s->bmdma;
3005 ide_set_sector(s, bm->sector_num);
3006 s->io_buffer_index = 0;
3007 s->io_buffer_size = 0;
3008 s->nsector = bm->nsector;
3009 bm->cur_addr = bm->addr;
3010 bm->dma_cb = ide_write_dma_cb;
3011 ide_dma_start(s, bm->dma_cb);
3014 static void ide_dma_cancel(BMDMAState *bm)
3016 if (bm->status & BM_STATUS_DMAING) {
3017 bm->status &= ~BM_STATUS_DMAING;
3018 /* cancel DMA request */
3023 printf("aio_cancel\n");
3025 bdrv_aio_cancel(bm->aiocb);
3031 static void bmdma_cmd_writeb(void *opaque, uint32_t addr, uint32_t val)
3033 BMDMAState *bm = opaque;
3035 printf("%s: 0x%08x\n", __func__, val);
3037 if (!(val & BM_CMD_START)) {
3038 /* XXX: do it better */
3040 bm->cmd = val & 0x09;
3042 if (!(bm->status & BM_STATUS_DMAING)) {
3043 bm->status |= BM_STATUS_DMAING;
3044 /* start dma transfer if possible */
3048 bm->cmd = val & 0x09;
3052 static uint32_t bmdma_readb(void *opaque, uint32_t addr)
3054 BMDMAState *bm = opaque;
3055 PCIIDEState *pci_dev;
3063 pci_dev = bm->pci_dev;
3064 if (pci_dev->type == IDE_TYPE_CMD646) {
3065 val = pci_dev->dev.config[MRDMODE];
3074 pci_dev = bm->pci_dev;
3075 if (pci_dev->type == IDE_TYPE_CMD646) {
3076 if (bm == &pci_dev->bmdma[0])
3077 val = pci_dev->dev.config[UDIDETCR0];
3079 val = pci_dev->dev.config[UDIDETCR1];
3089 printf("bmdma: readb 0x%02x : 0x%02x\n", addr, val);
3094 static void bmdma_writeb(void *opaque, uint32_t addr, uint32_t val)
3096 BMDMAState *bm = opaque;
3097 PCIIDEState *pci_dev;
3099 printf("bmdma: writeb 0x%02x : 0x%02x\n", addr, val);
3103 pci_dev = bm->pci_dev;
3104 if (pci_dev->type == IDE_TYPE_CMD646) {
3105 pci_dev->dev.config[MRDMODE] =
3106 (pci_dev->dev.config[MRDMODE] & ~0x30) | (val & 0x30);
3107 cmd646_update_irq(pci_dev);
3111 bm->status = (val & 0x60) | (bm->status & 1) | (bm->status & ~val & 0x06);
3114 pci_dev = bm->pci_dev;
3115 if (pci_dev->type == IDE_TYPE_CMD646) {
3116 if (bm == &pci_dev->bmdma[0])
3117 pci_dev->dev.config[UDIDETCR0] = val;
3119 pci_dev->dev.config[UDIDETCR1] = val;
3125 static uint32_t bmdma_addr_readb(void *opaque, uint32_t addr)
3127 BMDMAState *bm = opaque;
3129 val = (bm->addr >> ((addr & 3) * 8)) & 0xff;
3131 printf("%s: 0x%08x\n", __func__, val);
3136 static void bmdma_addr_writeb(void *opaque, uint32_t addr, uint32_t val)
3138 BMDMAState *bm = opaque;
3139 int shift = (addr & 3) * 8;
3141 printf("%s: 0x%08x\n", __func__, val);
3143 bm->addr &= ~(0xFF << shift);
3144 bm->addr |= ((val & 0xFF) << shift) & ~3;
3145 bm->cur_addr = bm->addr;
3148 static uint32_t bmdma_addr_readw(void *opaque, uint32_t addr)
3150 BMDMAState *bm = opaque;
3152 val = (bm->addr >> ((addr & 3) * 8)) & 0xffff;
3154 printf("%s: 0x%08x\n", __func__, val);
3159 static void bmdma_addr_writew(void *opaque, uint32_t addr, uint32_t val)
3161 BMDMAState *bm = opaque;
3162 int shift = (addr & 3) * 8;
3164 printf("%s: 0x%08x\n", __func__, val);
3166 bm->addr &= ~(0xFFFF << shift);
3167 bm->addr |= ((val & 0xFFFF) << shift) & ~3;
3168 bm->cur_addr = bm->addr;
3171 static uint32_t bmdma_addr_readl(void *opaque, uint32_t addr)
3173 BMDMAState *bm = opaque;
3177 printf("%s: 0x%08x\n", __func__, val);
3182 static void bmdma_addr_writel(void *opaque, uint32_t addr, uint32_t val)
3184 BMDMAState *bm = opaque;
3186 printf("%s: 0x%08x\n", __func__, val);
3188 bm->addr = val & ~3;
3189 bm->cur_addr = bm->addr;
3192 static void bmdma_map(PCIDevice *pci_dev, int region_num,
3193 uint32_t addr, uint32_t size, int type)
3195 PCIIDEState *d = (PCIIDEState *)pci_dev;
3198 for(i = 0;i < 2; i++) {
3199 BMDMAState *bm = &d->bmdma[i];
3200 d->ide_if[2 * i].bmdma = bm;
3201 d->ide_if[2 * i + 1].bmdma = bm;
3202 bm->pci_dev = (PCIIDEState *)pci_dev;
3203 qemu_add_vm_change_state_handler(ide_dma_restart_cb, bm);
3205 register_ioport_write(addr, 1, 1, bmdma_cmd_writeb, bm);
3207 register_ioport_write(addr + 1, 3, 1, bmdma_writeb, bm);
3208 register_ioport_read(addr, 4, 1, bmdma_readb, bm);
3210 register_ioport_write(addr + 4, 4, 1, bmdma_addr_writeb, bm);
3211 register_ioport_read(addr + 4, 4, 1, bmdma_addr_readb, bm);
3212 register_ioport_write(addr + 4, 4, 2, bmdma_addr_writew, bm);
3213 register_ioport_read(addr + 4, 4, 2, bmdma_addr_readw, bm);
3214 register_ioport_write(addr + 4, 4, 4, bmdma_addr_writel, bm);
3215 register_ioport_read(addr + 4, 4, 4, bmdma_addr_readl, bm);
3220 static void pci_ide_save(QEMUFile* f, void *opaque)
3222 PCIIDEState *d = opaque;
3225 pci_device_save(&d->dev, f);
3227 for(i = 0; i < 2; i++) {
3228 BMDMAState *bm = &d->bmdma[i];
3230 qemu_put_8s(f, &bm->cmd);
3231 qemu_put_8s(f, &bm->status);
3232 qemu_put_be32s(f, &bm->addr);
3233 qemu_put_sbe64s(f, &bm->sector_num);
3234 qemu_put_be32s(f, &bm->nsector);
3235 ifidx = bm->ide_if ? bm->ide_if - d->ide_if : 0;
3236 qemu_put_8s(f, &ifidx);
3237 /* XXX: if a transfer is pending, we do not save it yet */
3240 /* per IDE interface data */
3241 for(i = 0; i < 2; i++) {
3242 IDEState *s = &d->ide_if[i * 2];
3243 uint8_t drive1_selected;
3244 qemu_put_8s(f, &s->cmd);
3245 drive1_selected = (s->cur_drive != s);
3246 qemu_put_8s(f, &drive1_selected);
3249 /* per IDE drive data */
3250 for(i = 0; i < 4; i++) {
3251 ide_save(f, &d->ide_if[i]);
3255 static int pci_ide_load(QEMUFile* f, void *opaque, int version_id)
3257 PCIIDEState *d = opaque;
3260 if (version_id != 2)
3262 ret = pci_device_load(&d->dev, f);
3266 for(i = 0; i < 2; i++) {
3267 BMDMAState *bm = &d->bmdma[i];
3269 qemu_get_8s(f, &bm->cmd);
3270 qemu_get_8s(f, &bm->status);
3271 qemu_get_be32s(f, &bm->addr);
3272 qemu_get_sbe64s(f, &bm->sector_num);
3273 qemu_get_be32s(f, &bm->nsector);
3274 qemu_get_8s(f, &ifidx);
3275 bm->ide_if = &d->ide_if[ifidx];
3276 /* XXX: if a transfer is pending, we do not save it yet */
3279 /* per IDE interface data */
3280 for(i = 0; i < 2; i++) {
3281 IDEState *s = &d->ide_if[i * 2];
3282 uint8_t drive1_selected;
3283 qemu_get_8s(f, &s->cmd);
3284 qemu_get_8s(f, &drive1_selected);
3285 s->cur_drive = &d->ide_if[i * 2 + (drive1_selected != 0)];
3288 /* per IDE drive data */
3289 for(i = 0; i < 4; i++) {
3290 ide_load(f, &d->ide_if[i]);
3295 /* XXX: call it also when the MRDMODE is changed from the PCI config
3297 static void cmd646_update_irq(PCIIDEState *d)
3300 pci_level = ((d->dev.config[MRDMODE] & MRDMODE_INTR_CH0) &&
3301 !(d->dev.config[MRDMODE] & MRDMODE_BLK_CH0)) ||
3302 ((d->dev.config[MRDMODE] & MRDMODE_INTR_CH1) &&
3303 !(d->dev.config[MRDMODE] & MRDMODE_BLK_CH1));
3304 qemu_set_irq(d->dev.irq[0], pci_level);
3307 /* the PCI irq level is the logical OR of the two channels */
3308 static void cmd646_set_irq(void *opaque, int channel, int level)
3310 PCIIDEState *d = opaque;
3313 irq_mask = MRDMODE_INTR_CH0 << channel;
3315 d->dev.config[MRDMODE] |= irq_mask;
3317 d->dev.config[MRDMODE] &= ~irq_mask;
3318 cmd646_update_irq(d);
3321 static void cmd646_reset(void *opaque)
3323 PCIIDEState *d = opaque;
3326 for (i = 0; i < 2; i++)
3327 ide_dma_cancel(&d->bmdma[i]);
3330 /* CMD646 PCI IDE controller */
3331 void pci_cmd646_ide_init(PCIBus *bus, BlockDriverState **hd_table,
3332 int secondary_ide_enabled)
3339 d = (PCIIDEState *)pci_register_device(bus, "CMD646 IDE",
3340 sizeof(PCIIDEState),
3343 d->type = IDE_TYPE_CMD646;
3344 pci_conf = d->dev.config;
3345 pci_config_set_vendor_id(pci_conf, PCI_VENDOR_ID_CMD);
3346 pci_config_set_device_id(pci_conf, PCI_DEVICE_ID_CMD_646);
3348 pci_conf[0x08] = 0x07; // IDE controller revision
3349 pci_conf[0x09] = 0x8f;
3351 pci_conf[0x0a] = 0x01; // class_sub = PCI_IDE
3352 pci_conf[0x0b] = 0x01; // class_base = PCI_mass_storage
3353 pci_conf[0x0e] = 0x00; // header_type
3355 pci_conf[0x51] = 0x04; // enable IDE0
3356 if (secondary_ide_enabled) {
3357 /* XXX: if not enabled, really disable the seconday IDE controller */
3358 pci_conf[0x51] |= 0x08; /* enable IDE1 */
3361 pci_register_io_region((PCIDevice *)d, 0, 0x8,
3362 PCI_ADDRESS_SPACE_IO, ide_map);
3363 pci_register_io_region((PCIDevice *)d, 1, 0x4,
3364 PCI_ADDRESS_SPACE_IO, ide_map);
3365 pci_register_io_region((PCIDevice *)d, 2, 0x8,
3366 PCI_ADDRESS_SPACE_IO, ide_map);
3367 pci_register_io_region((PCIDevice *)d, 3, 0x4,
3368 PCI_ADDRESS_SPACE_IO, ide_map);
3369 pci_register_io_region((PCIDevice *)d, 4, 0x10,
3370 PCI_ADDRESS_SPACE_IO, bmdma_map);
3372 pci_conf[0x3d] = 0x01; // interrupt on pin 1
3374 for(i = 0; i < 4; i++)
3375 d->ide_if[i].pci_dev = (PCIDevice *)d;
3377 irq = qemu_allocate_irqs(cmd646_set_irq, d, 2);
3378 ide_init2(&d->ide_if[0], hd_table[0], hd_table[1], irq[0]);
3379 ide_init2(&d->ide_if[2], hd_table[2], hd_table[3], irq[1]);
3381 register_savevm("ide", 0, 2, pci_ide_save, pci_ide_load, d);
3382 qemu_register_reset(cmd646_reset, d);
3386 static void piix3_reset(void *opaque)
3388 PCIIDEState *d = opaque;
3389 uint8_t *pci_conf = d->dev.config;
3392 for (i = 0; i < 2; i++)
3393 ide_dma_cancel(&d->bmdma[i]);
3395 pci_conf[0x04] = 0x00;
3396 pci_conf[0x05] = 0x00;
3397 pci_conf[0x06] = 0x80; /* FBC */
3398 pci_conf[0x07] = 0x02; // PCI_status_devsel_medium
3399 pci_conf[0x20] = 0x01; /* BMIBA: 20-23h */
3402 /* hd_table must contain 4 block drivers */
3403 /* NOTE: for the PIIX3, the IRQs and IOports are hardcoded */
3404 void pci_piix3_ide_init(PCIBus *bus, BlockDriverState **hd_table, int devfn,
3410 /* register a function 1 of PIIX3 */
3411 d = (PCIIDEState *)pci_register_device(bus, "PIIX3 IDE",
3412 sizeof(PCIIDEState),
3415 d->type = IDE_TYPE_PIIX3;
3417 pci_conf = d->dev.config;
3418 pci_config_set_vendor_id(pci_conf, PCI_VENDOR_ID_INTEL);
3419 pci_config_set_device_id(pci_conf, PCI_DEVICE_ID_INTEL_82371SB_1);
3420 pci_conf[0x09] = 0x80; // legacy ATA mode
3421 pci_conf[0x0a] = 0x01; // class_sub = PCI_IDE
3422 pci_conf[0x0b] = 0x01; // class_base = PCI_mass_storage
3423 pci_conf[0x0e] = 0x00; // header_type
3425 qemu_register_reset(piix3_reset, d);
3428 pci_register_io_region((PCIDevice *)d, 4, 0x10,
3429 PCI_ADDRESS_SPACE_IO, bmdma_map);
3431 ide_init2(&d->ide_if[0], hd_table[0], hd_table[1], pic[14]);
3432 ide_init2(&d->ide_if[2], hd_table[2], hd_table[3], pic[15]);
3433 ide_init_ioport(&d->ide_if[0], 0x1f0, 0x3f6);
3434 ide_init_ioport(&d->ide_if[2], 0x170, 0x376);
3436 register_savevm("ide", 0, 2, pci_ide_save, pci_ide_load, d);
3439 /* hd_table must contain 4 block drivers */
3440 /* NOTE: for the PIIX4, the IRQs and IOports are hardcoded */
3441 void pci_piix4_ide_init(PCIBus *bus, BlockDriverState **hd_table, int devfn,
3447 /* register a function 1 of PIIX4 */
3448 d = (PCIIDEState *)pci_register_device(bus, "PIIX4 IDE",
3449 sizeof(PCIIDEState),
3452 d->type = IDE_TYPE_PIIX4;
3454 pci_conf = d->dev.config;
3455 pci_config_set_vendor_id(pci_conf, PCI_VENDOR_ID_INTEL);
3456 pci_config_set_device_id(pci_conf, PCI_DEVICE_ID_INTEL_82371AB);
3457 pci_conf[0x09] = 0x80; // legacy ATA mode
3458 pci_conf[0x0a] = 0x01; // class_sub = PCI_IDE
3459 pci_conf[0x0b] = 0x01; // class_base = PCI_mass_storage
3460 pci_conf[0x0e] = 0x00; // header_type
3462 qemu_register_reset(piix3_reset, d);
3465 pci_register_io_region((PCIDevice *)d, 4, 0x10,
3466 PCI_ADDRESS_SPACE_IO, bmdma_map);
3468 ide_init2(&d->ide_if[0], hd_table[0], hd_table[1], pic[14]);
3469 ide_init2(&d->ide_if[2], hd_table[2], hd_table[3], pic[15]);
3470 ide_init_ioport(&d->ide_if[0], 0x1f0, 0x3f6);
3471 ide_init_ioport(&d->ide_if[2], 0x170, 0x376);
3473 register_savevm("ide", 0, 2, pci_ide_save, pci_ide_load, d);
3476 /***********************************************************/
3477 /* MacIO based PowerPC IDE */
3479 /* PowerMac IDE memory IO */
3480 static void pmac_ide_writeb (void *opaque,
3481 target_phys_addr_t addr, uint32_t val)
3483 addr = (addr & 0xFFF) >> 4;
3486 ide_ioport_write(opaque, addr, val);
3490 ide_cmd_write(opaque, 0, val);
3497 static uint32_t pmac_ide_readb (void *opaque,target_phys_addr_t addr)
3501 addr = (addr & 0xFFF) >> 4;
3504 retval = ide_ioport_read(opaque, addr);
3508 retval = ide_status_read(opaque, 0);
3517 static void pmac_ide_writew (void *opaque,
3518 target_phys_addr_t addr, uint32_t val)
3520 addr = (addr & 0xFFF) >> 4;
3521 #ifdef TARGET_WORDS_BIGENDIAN
3525 ide_data_writew(opaque, 0, val);
3529 static uint32_t pmac_ide_readw (void *opaque,target_phys_addr_t addr)
3533 addr = (addr & 0xFFF) >> 4;
3535 retval = ide_data_readw(opaque, 0);
3539 #ifdef TARGET_WORDS_BIGENDIAN
3540 retval = bswap16(retval);
3545 static void pmac_ide_writel (void *opaque,
3546 target_phys_addr_t addr, uint32_t val)
3548 addr = (addr & 0xFFF) >> 4;
3549 #ifdef TARGET_WORDS_BIGENDIAN
3553 ide_data_writel(opaque, 0, val);
3557 static uint32_t pmac_ide_readl (void *opaque,target_phys_addr_t addr)
3561 addr = (addr & 0xFFF) >> 4;
3563 retval = ide_data_readl(opaque, 0);
3565 retval = 0xFFFFFFFF;
3567 #ifdef TARGET_WORDS_BIGENDIAN
3568 retval = bswap32(retval);
3573 static CPUWriteMemoryFunc *pmac_ide_write[] = {
3579 static CPUReadMemoryFunc *pmac_ide_read[] = {
3585 static void pmac_ide_save(QEMUFile *f, void *opaque)
3587 IDEState *s = (IDEState *)opaque;
3588 uint8_t drive1_selected;
3591 /* per IDE interface data */
3592 qemu_put_8s(f, &s->cmd);
3593 drive1_selected = (s->cur_drive != s);
3594 qemu_put_8s(f, &drive1_selected);
3596 /* per IDE drive data */
3597 for(i = 0; i < 2; i++) {
3602 static int pmac_ide_load(QEMUFile *f, void *opaque, int version_id)
3604 IDEState *s = (IDEState *)opaque;
3605 uint8_t drive1_selected;
3608 if (version_id != 1)
3611 /* per IDE interface data */
3612 qemu_get_8s(f, &s->cmd);
3613 qemu_get_8s(f, &drive1_selected);
3614 s->cur_drive = &s[(drive1_selected != 0)];
3616 /* per IDE drive data */
3617 for(i = 0; i < 2; i++) {
3623 static void pmac_ide_reset(void *opaque)
3625 IDEState *s = (IDEState *)opaque;
3631 /* hd_table must contain 4 block drivers */
3632 /* PowerMac uses memory mapped registers, not I/O. Return the memory
3633 I/O index to access the ide. */
3634 int pmac_ide_init (BlockDriverState **hd_table, qemu_irq irq)
3637 int pmac_ide_memory;
3639 ide_if = qemu_mallocz(sizeof(IDEState) * 2);
3640 ide_init2(&ide_if[0], hd_table[0], hd_table[1], irq);
3642 pmac_ide_memory = cpu_register_io_memory(0, pmac_ide_read,
3643 pmac_ide_write, &ide_if[0]);
3644 register_savevm("ide", 0, 1, pmac_ide_save, pmac_ide_load, &ide_if[0]);
3645 qemu_register_reset(pmac_ide_reset, &ide_if[0]);
3646 pmac_ide_reset(&ide_if[0]);
3647 return pmac_ide_memory;
3650 /***********************************************************/
3651 /* MMIO based ide port
3652 * This emulates IDE device connected directly to the CPU bus without
3653 * dedicated ide controller, which is often seen on embedded boards.
3661 static uint32_t mmio_ide_read (void *opaque, target_phys_addr_t addr)
3663 MMIOState *s = (MMIOState*)opaque;
3664 IDEState *ide = (IDEState*)s->dev;
3667 return ide_ioport_read(ide, addr);
3669 return ide_data_readw(ide, 0);
3672 static void mmio_ide_write (void *opaque, target_phys_addr_t addr,
3675 MMIOState *s = (MMIOState*)opaque;
3676 IDEState *ide = (IDEState*)s->dev;
3679 ide_ioport_write(ide, addr, val);
3681 ide_data_writew(ide, 0, val);
3684 static CPUReadMemoryFunc *mmio_ide_reads[] = {
3690 static CPUWriteMemoryFunc *mmio_ide_writes[] = {
3696 static uint32_t mmio_ide_status_read (void *opaque, target_phys_addr_t addr)
3698 MMIOState *s= (MMIOState*)opaque;
3699 IDEState *ide = (IDEState*)s->dev;
3700 return ide_status_read(ide, 0);
3703 static void mmio_ide_cmd_write (void *opaque, target_phys_addr_t addr,
3706 MMIOState *s = (MMIOState*)opaque;
3707 IDEState *ide = (IDEState*)s->dev;
3708 ide_cmd_write(ide, 0, val);
3711 static CPUReadMemoryFunc *mmio_ide_status[] = {
3712 mmio_ide_status_read,
3713 mmio_ide_status_read,
3714 mmio_ide_status_read,
3717 static CPUWriteMemoryFunc *mmio_ide_cmd[] = {
3723 void mmio_ide_init (target_phys_addr_t membase, target_phys_addr_t membase2,
3724 qemu_irq irq, int shift,
3725 BlockDriverState *hd0, BlockDriverState *hd1)
3727 MMIOState *s = qemu_mallocz(sizeof(MMIOState));
3728 IDEState *ide = qemu_mallocz(sizeof(IDEState) * 2);
3731 ide_init2(ide, hd0, hd1, irq);
3736 mem1 = cpu_register_io_memory(0, mmio_ide_reads, mmio_ide_writes, s);
3737 mem2 = cpu_register_io_memory(0, mmio_ide_status, mmio_ide_cmd, s);
3738 cpu_register_physical_memory(membase, 16 << shift, mem1);
3739 cpu_register_physical_memory(membase2, 2 << shift, mem2);
3742 /***********************************************************/
3743 /* CF-ATA Microdrive */
3745 #define METADATA_SIZE 0x20
3747 /* DSCM-1XXXX Microdrive hard disk with CF+ II / PCMCIA interface. */
3750 struct pcmcia_card_s card;
3764 /* Register bitfields */
3767 OPT_MODE_IOMAP16 = 1,
3768 OPT_MODE_IOMAP1 = 2,
3769 OPT_MODE_IOMAP2 = 3,
3780 STAT_CHANGED = 0x80,
3791 static inline void md_interrupt_update(struct md_s *s)
3796 qemu_set_irq(s->card.slot->irq,
3797 !(s->stat & STAT_INT) && /* Inverted */
3798 !(s->ctrl & (CTRL_IEN | CTRL_SRST)) &&
3799 !(s->opt & OPT_SRESET));
3802 static void md_set_irq(void *opaque, int irq, int level)
3804 struct md_s *s = (struct md_s *) opaque;
3806 s->stat |= STAT_INT;
3808 s->stat &= ~STAT_INT;
3810 md_interrupt_update(s);
3813 static void md_reset(struct md_s *s)
3815 s->opt = OPT_MODE_MMAP;
3823 static uint8_t md_attr_read(void *opaque, uint32_t at)
3825 struct md_s *s = (struct md_s *) opaque;
3826 if (at < s->attr_base) {
3827 if (at < s->card.cis_len)
3828 return s->card.cis[at];
3836 case 0x00: /* Configuration Option Register */
3838 case 0x02: /* Card Configuration Status Register */
3839 if (s->ctrl & CTRL_IEN)
3840 return s->stat & ~STAT_INT;
3843 case 0x04: /* Pin Replacement Register */
3844 return (s->pins & PINS_CRDY) | 0x0c;
3845 case 0x06: /* Socket and Copy Register */
3849 printf("%s: Bad attribute space register %02x\n", __FUNCTION__, at);
3856 static void md_attr_write(void *opaque, uint32_t at, uint8_t value)
3858 struct md_s *s = (struct md_s *) opaque;
3862 case 0x00: /* Configuration Option Register */
3863 s->opt = value & 0xcf;
3864 if (value & OPT_SRESET)
3866 md_interrupt_update(s);
3868 case 0x02: /* Card Configuration Status Register */
3869 if ((s->stat ^ value) & STAT_PWRDWN)
3870 s->pins |= PINS_CRDY;
3872 s->stat |= value & 0x74;
3873 md_interrupt_update(s);
3874 /* Word 170 in Identify Device must be equal to STAT_XE */
3876 case 0x04: /* Pin Replacement Register */
3877 s->pins &= PINS_CRDY;
3878 s->pins |= value & PINS_MRDY;
3880 case 0x06: /* Socket and Copy Register */
3883 printf("%s: Bad attribute space register %02x\n", __FUNCTION__, at);
3887 static uint16_t md_common_read(void *opaque, uint32_t at)
3889 struct md_s *s = (struct md_s *) opaque;
3893 switch (s->opt & OPT_MODE) {
3895 if ((at & ~0x3ff) == 0x400)
3898 case OPT_MODE_IOMAP16:
3901 case OPT_MODE_IOMAP1:
3902 if ((at & ~0xf) == 0x3f0)
3904 else if ((at & ~0xf) == 0x1f0)
3907 case OPT_MODE_IOMAP2:
3908 if ((at & ~0xf) == 0x370)
3910 else if ((at & ~0xf) == 0x170)
3915 case 0x0: /* Even RD Data */
3917 return ide_data_readw(s->ide, 0);
3919 /* TODO: 8-bit accesses */
3923 s->io = ide_data_readw(s->ide, 0);
3926 s->cycle = !s->cycle;
3928 case 0x9: /* Odd RD Data */
3930 case 0xd: /* Error */
3931 return ide_ioport_read(s->ide, 0x1);
3932 case 0xe: /* Alternate Status */
3933 if (s->ide->cur_drive->bs)
3934 return s->ide->cur_drive->status;
3937 case 0xf: /* Device Address */
3938 return 0xc2 | ((~s->ide->select << 2) & 0x3c);
3940 return ide_ioport_read(s->ide, at);
3946 static void md_common_write(void *opaque, uint32_t at, uint16_t value)
3948 struct md_s *s = (struct md_s *) opaque;
3951 switch (s->opt & OPT_MODE) {
3953 if ((at & ~0x3ff) == 0x400)
3956 case OPT_MODE_IOMAP16:
3959 case OPT_MODE_IOMAP1:
3960 if ((at & ~0xf) == 0x3f0)
3962 else if ((at & ~0xf) == 0x1f0)
3965 case OPT_MODE_IOMAP2:
3966 if ((at & ~0xf) == 0x370)
3968 else if ((at & ~0xf) == 0x170)
3973 case 0x0: /* Even WR Data */
3975 ide_data_writew(s->ide, 0, value);
3978 /* TODO: 8-bit accesses */
3980 ide_data_writew(s->ide, 0, s->io | (value << 8));
3982 s->io = value & 0xff;
3983 s->cycle = !s->cycle;
3986 s->io = value & 0xff;
3987 s->cycle = !s->cycle;
3989 case 0xd: /* Features */
3990 ide_ioport_write(s->ide, 0x1, value);
3992 case 0xe: /* Device Control */
3994 if (value & CTRL_SRST)
3996 md_interrupt_update(s);
3999 if (s->stat & STAT_PWRDWN) {
4000 s->pins |= PINS_CRDY;
4001 s->stat &= ~STAT_PWRDWN;
4003 ide_ioport_write(s->ide, at, value);
4007 static void md_save(QEMUFile *f, void *opaque)
4009 struct md_s *s = (struct md_s *) opaque;
4011 uint8_t drive1_selected;
4013 qemu_put_8s(f, &s->opt);
4014 qemu_put_8s(f, &s->stat);
4015 qemu_put_8s(f, &s->pins);
4017 qemu_put_8s(f, &s->ctrl);
4018 qemu_put_be16s(f, &s->io);
4019 qemu_put_byte(f, s->cycle);
4021 drive1_selected = (s->ide->cur_drive != s->ide);
4022 qemu_put_8s(f, &s->ide->cmd);
4023 qemu_put_8s(f, &drive1_selected);
4025 for (i = 0; i < 2; i ++)
4026 ide_save(f, &s->ide[i]);
4029 static int md_load(QEMUFile *f, void *opaque, int version_id)
4031 struct md_s *s = (struct md_s *) opaque;
4033 uint8_t drive1_selected;
4035 qemu_get_8s(f, &s->opt);
4036 qemu_get_8s(f, &s->stat);
4037 qemu_get_8s(f, &s->pins);
4039 qemu_get_8s(f, &s->ctrl);
4040 qemu_get_be16s(f, &s->io);
4041 s->cycle = qemu_get_byte(f);
4043 qemu_get_8s(f, &s->ide->cmd);
4044 qemu_get_8s(f, &drive1_selected);
4045 s->ide->cur_drive = &s->ide[(drive1_selected != 0)];
4047 for (i = 0; i < 2; i ++)
4048 ide_load(f, &s->ide[i]);
4053 static const uint8_t dscm1xxxx_cis[0x14a] = {
4054 [0x000] = CISTPL_DEVICE, /* 5V Device Information */
4055 [0x002] = 0x03, /* Tuple length = 4 bytes */
4056 [0x004] = 0xdb, /* ID: DTYPE_FUNCSPEC, non WP, DSPEED_150NS */
4057 [0x006] = 0x01, /* Size = 2K bytes */
4058 [0x008] = CISTPL_ENDMARK,
4060 [0x00a] = CISTPL_DEVICE_OC, /* Additional Device Information */
4061 [0x00c] = 0x04, /* Tuple length = 4 byest */
4062 [0x00e] = 0x03, /* Conditions: Ext = 0, Vcc 3.3V, MWAIT = 1 */
4063 [0x010] = 0xdb, /* ID: DTYPE_FUNCSPEC, non WP, DSPEED_150NS */
4064 [0x012] = 0x01, /* Size = 2K bytes */
4065 [0x014] = CISTPL_ENDMARK,
4067 [0x016] = CISTPL_JEDEC_C, /* JEDEC ID */
4068 [0x018] = 0x02, /* Tuple length = 2 bytes */
4069 [0x01a] = 0xdf, /* PC Card ATA with no Vpp required */
4072 [0x01e] = CISTPL_MANFID, /* Manufacture ID */
4073 [0x020] = 0x04, /* Tuple length = 4 bytes */
4074 [0x022] = 0xa4, /* TPLMID_MANF = 00a4 (IBM) */
4076 [0x026] = 0x00, /* PLMID_CARD = 0000 */
4079 [0x02a] = CISTPL_VERS_1, /* Level 1 Version */
4080 [0x02c] = 0x12, /* Tuple length = 23 bytes */
4081 [0x02e] = 0x04, /* Major Version = JEIDA 4.2 / PCMCIA 2.1 */
4082 [0x030] = 0x01, /* Minor Version = 1 */
4098 [0x050] = CISTPL_ENDMARK,
4100 [0x052] = CISTPL_FUNCID, /* Function ID */
4101 [0x054] = 0x02, /* Tuple length = 2 bytes */
4102 [0x056] = 0x04, /* TPLFID_FUNCTION = Fixed Disk */
4103 [0x058] = 0x01, /* TPLFID_SYSINIT: POST = 1, ROM = 0 */
4105 [0x05a] = CISTPL_FUNCE, /* Function Extension */
4106 [0x05c] = 0x02, /* Tuple length = 2 bytes */
4107 [0x05e] = 0x01, /* TPLFE_TYPE = Disk Device Interface */
4108 [0x060] = 0x01, /* TPLFE_DATA = PC Card ATA Interface */
4110 [0x062] = CISTPL_FUNCE, /* Function Extension */
4111 [0x064] = 0x03, /* Tuple length = 3 bytes */
4112 [0x066] = 0x02, /* TPLFE_TYPE = Basic PC Card ATA Interface */
4113 [0x068] = 0x08, /* TPLFE_DATA: Rotating, Unique, Single */
4114 [0x06a] = 0x0f, /* TPLFE_DATA: Sleep, Standby, Idle, Auto */
4116 [0x06c] = CISTPL_CONFIG, /* Configuration */
4117 [0x06e] = 0x05, /* Tuple length = 5 bytes */
4118 [0x070] = 0x01, /* TPCC_RASZ = 2 bytes, TPCC_RMSZ = 1 byte */
4119 [0x072] = 0x07, /* TPCC_LAST = 7 */
4120 [0x074] = 0x00, /* TPCC_RADR = 0200 */
4122 [0x078] = 0x0f, /* TPCC_RMSK = 200, 202, 204, 206 */
4124 [0x07a] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
4125 [0x07c] = 0x0b, /* Tuple length = 11 bytes */
4126 [0x07e] = 0xc0, /* TPCE_INDX = Memory Mode, Default, Iface */
4127 [0x080] = 0xc0, /* TPCE_IF = Memory, no BVDs, no WP, READY */
4128 [0x082] = 0xa1, /* TPCE_FS = Vcc only, no I/O, Memory, Misc */
4129 [0x084] = 0x27, /* NomV = 1, MinV = 1, MaxV = 1, Peakl = 1 */
4130 [0x086] = 0x55, /* NomV: 5.0 V */
4131 [0x088] = 0x4d, /* MinV: 4.5 V */
4132 [0x08a] = 0x5d, /* MaxV: 5.5 V */
4133 [0x08c] = 0x4e, /* Peakl: 450 mA */
4134 [0x08e] = 0x08, /* TPCE_MS = 1 window, 1 byte, Host address */
4135 [0x090] = 0x00, /* Window descriptor: Window length = 0 */
4136 [0x092] = 0x20, /* TPCE_MI: support power down mode, RW */
4138 [0x094] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
4139 [0x096] = 0x06, /* Tuple length = 6 bytes */
4140 [0x098] = 0x00, /* TPCE_INDX = Memory Mode, no Default */
4141 [0x09a] = 0x01, /* TPCE_FS = Vcc only, no I/O, no Memory */
4142 [0x09c] = 0x21, /* NomV = 1, MinV = 0, MaxV = 0, Peakl = 1 */
4143 [0x09e] = 0xb5, /* NomV: 3.3 V */
4145 [0x0a2] = 0x3e, /* Peakl: 350 mA */
4147 [0x0a4] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
4148 [0x0a6] = 0x0d, /* Tuple length = 13 bytes */
4149 [0x0a8] = 0xc1, /* TPCE_INDX = I/O and Memory Mode, Default */
4150 [0x0aa] = 0x41, /* TPCE_IF = I/O and Memory, no BVD, no WP */
4151 [0x0ac] = 0x99, /* TPCE_FS = Vcc only, I/O, Interrupt, Misc */
4152 [0x0ae] = 0x27, /* NomV = 1, MinV = 1, MaxV = 1, Peakl = 1 */
4153 [0x0b0] = 0x55, /* NomV: 5.0 V */
4154 [0x0b2] = 0x4d, /* MinV: 4.5 V */
4155 [0x0b4] = 0x5d, /* MaxV: 5.5 V */
4156 [0x0b6] = 0x4e, /* Peakl: 450 mA */
4157 [0x0b8] = 0x64, /* TPCE_IO = 16-byte boundary, 16/8 accesses */
4158 [0x0ba] = 0xf0, /* TPCE_IR = MASK, Level, Pulse, Share */
4159 [0x0bc] = 0xff, /* IRQ0..IRQ7 supported */
4160 [0x0be] = 0xff, /* IRQ8..IRQ15 supported */
4161 [0x0c0] = 0x20, /* TPCE_MI = support power down mode */
4163 [0x0c2] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
4164 [0x0c4] = 0x06, /* Tuple length = 6 bytes */
4165 [0x0c6] = 0x01, /* TPCE_INDX = I/O and Memory Mode */
4166 [0x0c8] = 0x01, /* TPCE_FS = Vcc only, no I/O, no Memory */
4167 [0x0ca] = 0x21, /* NomV = 1, MinV = 0, MaxV = 0, Peakl = 1 */
4168 [0x0cc] = 0xb5, /* NomV: 3.3 V */
4170 [0x0d0] = 0x3e, /* Peakl: 350 mA */
4172 [0x0d2] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
4173 [0x0d4] = 0x12, /* Tuple length = 18 bytes */
4174 [0x0d6] = 0xc2, /* TPCE_INDX = I/O Primary Mode */
4175 [0x0d8] = 0x41, /* TPCE_IF = I/O and Memory, no BVD, no WP */
4176 [0x0da] = 0x99, /* TPCE_FS = Vcc only, I/O, Interrupt, Misc */
4177 [0x0dc] = 0x27, /* NomV = 1, MinV = 1, MaxV = 1, Peakl = 1 */
4178 [0x0de] = 0x55, /* NomV: 5.0 V */
4179 [0x0e0] = 0x4d, /* MinV: 4.5 V */
4180 [0x0e2] = 0x5d, /* MaxV: 5.5 V */
4181 [0x0e4] = 0x4e, /* Peakl: 450 mA */
4182 [0x0e6] = 0xea, /* TPCE_IO = 1K boundary, 16/8 access, Range */
4183 [0x0e8] = 0x61, /* Range: 2 fields, 2 bytes addr, 1 byte len */
4184 [0x0ea] = 0xf0, /* Field 1 address = 0x01f0 */
4186 [0x0ee] = 0x07, /* Address block length = 8 */
4187 [0x0f0] = 0xf6, /* Field 2 address = 0x03f6 */
4189 [0x0f4] = 0x01, /* Address block length = 2 */
4190 [0x0f6] = 0xee, /* TPCE_IR = IRQ E, Level, Pulse, Share */
4191 [0x0f8] = 0x20, /* TPCE_MI = support power down mode */
4193 [0x0fa] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
4194 [0x0fc] = 0x06, /* Tuple length = 6 bytes */
4195 [0x0fe] = 0x02, /* TPCE_INDX = I/O Primary Mode, no Default */
4196 [0x100] = 0x01, /* TPCE_FS = Vcc only, no I/O, no Memory */
4197 [0x102] = 0x21, /* NomV = 1, MinV = 0, MaxV = 0, Peakl = 1 */
4198 [0x104] = 0xb5, /* NomV: 3.3 V */
4200 [0x108] = 0x3e, /* Peakl: 350 mA */
4202 [0x10a] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
4203 [0x10c] = 0x12, /* Tuple length = 18 bytes */
4204 [0x10e] = 0xc3, /* TPCE_INDX = I/O Secondary Mode, Default */
4205 [0x110] = 0x41, /* TPCE_IF = I/O and Memory, no BVD, no WP */
4206 [0x112] = 0x99, /* TPCE_FS = Vcc only, I/O, Interrupt, Misc */
4207 [0x114] = 0x27, /* NomV = 1, MinV = 1, MaxV = 1, Peakl = 1 */
4208 [0x116] = 0x55, /* NomV: 5.0 V */
4209 [0x118] = 0x4d, /* MinV: 4.5 V */
4210 [0x11a] = 0x5d, /* MaxV: 5.5 V */
4211 [0x11c] = 0x4e, /* Peakl: 450 mA */
4212 [0x11e] = 0xea, /* TPCE_IO = 1K boundary, 16/8 access, Range */
4213 [0x120] = 0x61, /* Range: 2 fields, 2 byte addr, 1 byte len */
4214 [0x122] = 0x70, /* Field 1 address = 0x0170 */
4216 [0x126] = 0x07, /* Address block length = 8 */
4217 [0x128] = 0x76, /* Field 2 address = 0x0376 */
4219 [0x12c] = 0x01, /* Address block length = 2 */
4220 [0x12e] = 0xee, /* TPCE_IR = IRQ E, Level, Pulse, Share */
4221 [0x130] = 0x20, /* TPCE_MI = support power down mode */
4223 [0x132] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
4224 [0x134] = 0x06, /* Tuple length = 6 bytes */
4225 [0x136] = 0x03, /* TPCE_INDX = I/O Secondary Mode */
4226 [0x138] = 0x01, /* TPCE_FS = Vcc only, no I/O, no Memory */
4227 [0x13a] = 0x21, /* NomV = 1, MinV = 0, MaxV = 0, Peakl = 1 */
4228 [0x13c] = 0xb5, /* NomV: 3.3 V */
4230 [0x140] = 0x3e, /* Peakl: 350 mA */
4232 [0x142] = CISTPL_NO_LINK, /* No Link */
4233 [0x144] = 0x00, /* Tuple length = 0 bytes */
4235 [0x146] = CISTPL_END, /* Tuple End */
4238 static int dscm1xxxx_attach(void *opaque)
4240 struct md_s *md = (struct md_s *) opaque;
4241 md->card.attr_read = md_attr_read;
4242 md->card.attr_write = md_attr_write;
4243 md->card.common_read = md_common_read;
4244 md->card.common_write = md_common_write;
4245 md->card.io_read = md_common_read;
4246 md->card.io_write = md_common_write;
4248 md->attr_base = md->card.cis[0x74] | (md->card.cis[0x76] << 8);
4252 md_interrupt_update(md);
4254 md->card.slot->card_string = "DSCM-1xxxx Hitachi Microdrive";
4258 static int dscm1xxxx_detach(void *opaque)
4260 struct md_s *md = (struct md_s *) opaque;
4265 struct pcmcia_card_s *dscm1xxxx_init(BlockDriverState *bdrv)
4267 struct md_s *md = (struct md_s *) qemu_mallocz(sizeof(struct md_s));
4268 md->card.state = md;
4269 md->card.attach = dscm1xxxx_attach;
4270 md->card.detach = dscm1xxxx_detach;
4271 md->card.cis = dscm1xxxx_cis;
4272 md->card.cis_len = sizeof(dscm1xxxx_cis);
4274 ide_init2(md->ide, bdrv, 0, qemu_allocate_irqs(md_set_irq, md, 1)[0]);
4276 md->ide->mdata_size = METADATA_SIZE;
4277 md->ide->mdata_storage = (uint8_t *) qemu_mallocz(METADATA_SIZE);
4279 register_savevm("microdrive", -1, 0, md_save, md_load, md);
projects / qemu / blob