2 * QEMU IDE disk and CD-ROM Emulator
4 * Copyright (c) 2003 Fabrice Bellard
5 * Copyright (c) 2006 Openedhand Ltd.
7 * Permission is hereby granted, free of charge, to any person obtaining a copy
8 * of this software and associated documentation files (the "Software"), to deal
9 * in the Software without restriction, including without limitation the rights
10 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
11 * copies of the Software, and to permit persons to whom the Software is
12 * furnished to do so, subject to the following conditions:
14 * The above copyright notice and this permission notice shall be included in
15 * all copies or substantial portions of the Software.
17 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
18 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
19 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
20 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
21 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
22 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
27 /* debug IDE devices */
29 //#define DEBUG_IDE_ATAPI
33 /* Bits of HD_STATUS */
35 #define INDEX_STAT 0x02
36 #define ECC_STAT 0x04 /* Corrected error */
38 #define SEEK_STAT 0x10
40 #define WRERR_STAT 0x20
41 #define READY_STAT 0x40
42 #define BUSY_STAT 0x80
44 /* Bits for HD_ERROR */
45 #define MARK_ERR 0x01 /* Bad address mark */
46 #define TRK0_ERR 0x02 /* couldn't find track 0 */
47 #define ABRT_ERR 0x04 /* Command aborted */
48 #define MCR_ERR 0x08 /* media change request */
49 #define ID_ERR 0x10 /* ID field not found */
50 #define MC_ERR 0x20 /* media changed */
51 #define ECC_ERR 0x40 /* Uncorrectable ECC error */
52 #define BBD_ERR 0x80 /* pre-EIDE meaning: block marked bad */
53 #define ICRC_ERR 0x80 /* new meaning: CRC error during transfer */
55 /* Bits of HD_NSECTOR */
61 #define IDE_CMD_RESET 0x04
62 #define IDE_CMD_DISABLE_IRQ 0x02
64 /* ATA/ATAPI Commands pre T13 Spec */
69 #define CFA_REQ_EXT_ERROR_CODE 0x03 /* CFA Request Extended Error Code */
73 #define WIN_SRST 0x08 /* ATAPI soft reset command */
74 #define WIN_DEVICE_RESET 0x08
78 #define WIN_RECAL 0x10
79 #define WIN_RESTORE WIN_RECAL
83 #define WIN_READ 0x20 /* 28-Bit */
84 #define WIN_READ_ONCE 0x21 /* 28-Bit without retries */
85 #define WIN_READ_LONG 0x22 /* 28-Bit */
86 #define WIN_READ_LONG_ONCE 0x23 /* 28-Bit without retries */
87 #define WIN_READ_EXT 0x24 /* 48-Bit */
88 #define WIN_READDMA_EXT 0x25 /* 48-Bit */
89 #define WIN_READDMA_QUEUED_EXT 0x26 /* 48-Bit */
90 #define WIN_READ_NATIVE_MAX_EXT 0x27 /* 48-Bit */
94 #define WIN_MULTREAD_EXT 0x29 /* 48-Bit */
98 #define WIN_WRITE 0x30 /* 28-Bit */
99 #define WIN_WRITE_ONCE 0x31 /* 28-Bit without retries */
100 #define WIN_WRITE_LONG 0x32 /* 28-Bit */
101 #define WIN_WRITE_LONG_ONCE 0x33 /* 28-Bit without retries */
102 #define WIN_WRITE_EXT 0x34 /* 48-Bit */
103 #define WIN_WRITEDMA_EXT 0x35 /* 48-Bit */
104 #define WIN_WRITEDMA_QUEUED_EXT 0x36 /* 48-Bit */
105 #define WIN_SET_MAX_EXT 0x37 /* 48-Bit */
106 #define CFA_WRITE_SECT_WO_ERASE 0x38 /* CFA Write Sectors without erase */
107 #define WIN_MULTWRITE_EXT 0x39 /* 48-Bit */
109 * 0x3A->0x3B Reserved
111 #define WIN_WRITE_VERIFY 0x3C /* 28-Bit */
113 * 0x3D->0x3F Reserved
115 #define WIN_VERIFY 0x40 /* 28-Bit - Read Verify Sectors */
116 #define WIN_VERIFY_ONCE 0x41 /* 28-Bit - without retries */
117 #define WIN_VERIFY_EXT 0x42 /* 48-Bit */
119 * 0x43->0x4F Reserved
121 #define WIN_FORMAT 0x50
123 * 0x51->0x5F Reserved
125 #define WIN_INIT 0x60
127 * 0x61->0x5F Reserved
129 #define WIN_SEEK 0x70 /* 0x70-0x7F Reserved */
130 #define CFA_TRANSLATE_SECTOR 0x87 /* CFA Translate Sector */
131 #define WIN_DIAGNOSE 0x90
132 #define WIN_SPECIFY 0x91 /* set drive geometry translation */
133 #define WIN_DOWNLOAD_MICROCODE 0x92
134 #define WIN_STANDBYNOW2 0x94
135 #define CFA_IDLEIMMEDIATE 0x95 /* force drive to become "ready" */
136 #define WIN_STANDBY2 0x96
137 #define WIN_SETIDLE2 0x97
138 #define WIN_CHECKPOWERMODE2 0x98
139 #define WIN_SLEEPNOW2 0x99
143 #define WIN_PACKETCMD 0xA0 /* Send a packet command. */
144 #define WIN_PIDENTIFY 0xA1 /* identify ATAPI device */
145 #define WIN_QUEUED_SERVICE 0xA2
146 #define WIN_SMART 0xB0 /* self-monitoring and reporting */
147 #define CFA_ACCESS_METADATA_STORAGE 0xB8
148 #define CFA_ERASE_SECTORS 0xC0 /* microdrives implement as NOP */
149 #define WIN_MULTREAD 0xC4 /* read sectors using multiple mode*/
150 #define WIN_MULTWRITE 0xC5 /* write sectors using multiple mode */
151 #define WIN_SETMULT 0xC6 /* enable/disable multiple mode */
152 #define WIN_READDMA_QUEUED 0xC7 /* read sectors using Queued DMA transfers */
153 #define WIN_READDMA 0xC8 /* read sectors using DMA transfers */
154 #define WIN_READDMA_ONCE 0xC9 /* 28-Bit - without retries */
155 #define WIN_WRITEDMA 0xCA /* write sectors using DMA transfers */
156 #define WIN_WRITEDMA_ONCE 0xCB /* 28-Bit - without retries */
157 #define WIN_WRITEDMA_QUEUED 0xCC /* write sectors using Queued DMA transfers */
158 #define CFA_WRITE_MULTI_WO_ERASE 0xCD /* CFA Write multiple without erase */
159 #define WIN_GETMEDIASTATUS 0xDA
160 #define WIN_ACKMEDIACHANGE 0xDB /* ATA-1, ATA-2 vendor */
161 #define WIN_POSTBOOT 0xDC
162 #define WIN_PREBOOT 0xDD
163 #define WIN_DOORLOCK 0xDE /* lock door on removable drives */
164 #define WIN_DOORUNLOCK 0xDF /* unlock door on removable drives */
165 #define WIN_STANDBYNOW1 0xE0
166 #define WIN_IDLEIMMEDIATE 0xE1 /* force drive to become "ready" */
167 #define WIN_STANDBY 0xE2 /* Set device in Standby Mode */
168 #define WIN_SETIDLE1 0xE3
169 #define WIN_READ_BUFFER 0xE4 /* force read only 1 sector */
170 #define WIN_CHECKPOWERMODE1 0xE5
171 #define WIN_SLEEPNOW1 0xE6
172 #define WIN_FLUSH_CACHE 0xE7
173 #define WIN_WRITE_BUFFER 0xE8 /* force write only 1 sector */
174 #define WIN_WRITE_SAME 0xE9 /* read ata-2 to use */
175 /* SET_FEATURES 0x22 or 0xDD */
176 #define WIN_FLUSH_CACHE_EXT 0xEA /* 48-Bit */
177 #define WIN_IDENTIFY 0xEC /* ask drive to identify itself */
178 #define WIN_MEDIAEJECT 0xED
179 #define WIN_IDENTIFY_DMA 0xEE /* same as WIN_IDENTIFY, but DMA */
180 #define WIN_SETFEATURES 0xEF /* set special drive features */
181 #define EXABYTE_ENABLE_NEST 0xF0
182 #define IBM_SENSE_CONDITION 0xF0 /* measure disk temperature */
183 #define WIN_SECURITY_SET_PASS 0xF1
184 #define WIN_SECURITY_UNLOCK 0xF2
185 #define WIN_SECURITY_ERASE_PREPARE 0xF3
186 #define WIN_SECURITY_ERASE_UNIT 0xF4
187 #define WIN_SECURITY_FREEZE_LOCK 0xF5
188 #define CFA_WEAR_LEVEL 0xF5 /* microdrives implement as NOP */
189 #define WIN_SECURITY_DISABLE 0xF6
190 #define WIN_READ_NATIVE_MAX 0xF8 /* return the native maximum address */
191 #define WIN_SET_MAX 0xF9
192 #define DISABLE_SEAGATE 0xFB
194 /* set to 1 set disable mult support */
195 #define MAX_MULT_SECTORS 16
199 #define ATAPI_PACKET_SIZE 12
201 /* The generic packet command opcodes for CD/DVD Logical Units,
202 * From Table 57 of the SFF8090 Ver. 3 (Mt. Fuji) draft standard. */
203 #define GPCMD_BLANK 0xa1
204 #define GPCMD_CLOSE_TRACK 0x5b
205 #define GPCMD_FLUSH_CACHE 0x35
206 #define GPCMD_FORMAT_UNIT 0x04
207 #define GPCMD_GET_CONFIGURATION 0x46
208 #define GPCMD_GET_EVENT_STATUS_NOTIFICATION 0x4a
209 #define GPCMD_GET_PERFORMANCE 0xac
210 #define GPCMD_INQUIRY 0x12
211 #define GPCMD_LOAD_UNLOAD 0xa6
212 #define GPCMD_MECHANISM_STATUS 0xbd
213 #define GPCMD_MODE_SELECT_10 0x55
214 #define GPCMD_MODE_SENSE_10 0x5a
215 #define GPCMD_PAUSE_RESUME 0x4b
216 #define GPCMD_PLAY_AUDIO_10 0x45
217 #define GPCMD_PLAY_AUDIO_MSF 0x47
218 #define GPCMD_PLAY_AUDIO_TI 0x48
219 #define GPCMD_PLAY_CD 0xbc
220 #define GPCMD_PREVENT_ALLOW_MEDIUM_REMOVAL 0x1e
221 #define GPCMD_READ_10 0x28
222 #define GPCMD_READ_12 0xa8
223 #define GPCMD_READ_CDVD_CAPACITY 0x25
224 #define GPCMD_READ_CD 0xbe
225 #define GPCMD_READ_CD_MSF 0xb9
226 #define GPCMD_READ_DISC_INFO 0x51
227 #define GPCMD_READ_DVD_STRUCTURE 0xad
228 #define GPCMD_READ_FORMAT_CAPACITIES 0x23
229 #define GPCMD_READ_HEADER 0x44
230 #define GPCMD_READ_TRACK_RZONE_INFO 0x52
231 #define GPCMD_READ_SUBCHANNEL 0x42
232 #define GPCMD_READ_TOC_PMA_ATIP 0x43
233 #define GPCMD_REPAIR_RZONE_TRACK 0x58
234 #define GPCMD_REPORT_KEY 0xa4
235 #define GPCMD_REQUEST_SENSE 0x03
236 #define GPCMD_RESERVE_RZONE_TRACK 0x53
237 #define GPCMD_SCAN 0xba
238 #define GPCMD_SEEK 0x2b
239 #define GPCMD_SEND_DVD_STRUCTURE 0xad
240 #define GPCMD_SEND_EVENT 0xa2
241 #define GPCMD_SEND_KEY 0xa3
242 #define GPCMD_SEND_OPC 0x54
243 #define GPCMD_SET_READ_AHEAD 0xa7
244 #define GPCMD_SET_STREAMING 0xb6
245 #define GPCMD_START_STOP_UNIT 0x1b
246 #define GPCMD_STOP_PLAY_SCAN 0x4e
247 #define GPCMD_TEST_UNIT_READY 0x00
248 #define GPCMD_VERIFY_10 0x2f
249 #define GPCMD_WRITE_10 0x2a
250 #define GPCMD_WRITE_AND_VERIFY_10 0x2e
251 /* This is listed as optional in ATAPI 2.6, but is (curiously)
252 * missing from Mt. Fuji, Table 57. It _is_ mentioned in Mt. Fuji
253 * Table 377 as an MMC command for SCSi devices though... Most ATAPI
254 * drives support it. */
255 #define GPCMD_SET_SPEED 0xbb
256 /* This seems to be a SCSI specific CD-ROM opcode
257 * to play data at track/index */
258 #define GPCMD_PLAYAUDIO_TI 0x48
260 * From MS Media Status Notification Support Specification. For
263 #define GPCMD_GET_MEDIA_STATUS 0xda
264 #define GPCMD_MODE_SENSE_6 0x1a
266 /* Mode page codes for mode sense/set */
267 #define GPMODE_R_W_ERROR_PAGE 0x01
268 #define GPMODE_WRITE_PARMS_PAGE 0x05
269 #define GPMODE_AUDIO_CTL_PAGE 0x0e
270 #define GPMODE_POWER_PAGE 0x1a
271 #define GPMODE_FAULT_FAIL_PAGE 0x1c
272 #define GPMODE_TO_PROTECT_PAGE 0x1d
273 #define GPMODE_CAPABILITIES_PAGE 0x2a
274 #define GPMODE_ALL_PAGES 0x3f
275 /* Not in Mt. Fuji, but in ATAPI 2.6 -- depricated now in favor
276 * of MODE_SENSE_POWER_PAGE */
277 #define GPMODE_CDROM_PAGE 0x0d
279 #define ATAPI_INT_REASON_CD 0x01 /* 0 = data transfer */
280 #define ATAPI_INT_REASON_IO 0x02 /* 1 = transfer to the host */
281 #define ATAPI_INT_REASON_REL 0x04
282 #define ATAPI_INT_REASON_TAG 0xf8
284 /* same constants as bochs */
285 #define ASC_ILLEGAL_OPCODE 0x20
286 #define ASC_LOGICAL_BLOCK_OOR 0x21
287 #define ASC_INV_FIELD_IN_CMD_PACKET 0x24
288 #define ASC_MEDIUM_NOT_PRESENT 0x3a
289 #define ASC_SAVING_PARAMETERS_NOT_SUPPORTED 0x39
291 #define CFA_NO_ERROR 0x00
292 #define CFA_MISC_ERROR 0x09
293 #define CFA_INVALID_COMMAND 0x20
294 #define CFA_INVALID_ADDRESS 0x21
295 #define CFA_ADDRESS_OVERFLOW 0x2f
298 #define SENSE_NOT_READY 2
299 #define SENSE_ILLEGAL_REQUEST 5
300 #define SENSE_UNIT_ATTENTION 6
304 typedef void EndTransferFunc(struct IDEState *);
306 /* NOTE: IDEState represents in fact one drive */
307 typedef struct IDEState {
311 int cylinders, heads, sectors;
315 uint16_t identify_data[256];
318 struct BMDMAState *bmdma;
327 /* other part of tf for lba48 support */
337 /* 0x3f6 command, only meaningful for drive 0 */
339 /* set for lba48 access */
341 /* depends on bit 4 in select, only meaningful for drive 0 */
342 struct IDEState *cur_drive;
343 BlockDriverState *bs;
347 int packet_transfer_size;
348 int elementary_transfer_size;
352 int atapi_dma; /* true if dma is requested for the packet cmd */
355 /* PIO transfer handling */
356 int req_nb_sectors; /* number of sectors per interrupt */
357 EndTransferFunc *end_transfer_func;
360 uint8_t io_buffer[MAX_MULT_SECTORS*512 + 4];
361 QEMUTimer *sector_write_timer; /* only used for win2k instal hack */
362 uint32_t irq_count; /* counts IRQs when using win2k install hack */
363 /* CF-ATA extended error */
365 /* CF-ATA metadata storage */
367 uint8_t *mdata_storage;
371 #define BM_STATUS_DMAING 0x01
372 #define BM_STATUS_ERROR 0x02
373 #define BM_STATUS_INT 0x04
375 #define BM_CMD_START 0x01
376 #define BM_CMD_READ 0x08
378 #define IDE_TYPE_PIIX3 0
379 #define IDE_TYPE_CMD646 1
380 #define IDE_TYPE_PIIX4 2
382 /* CMD646 specific */
384 #define MRDMODE_INTR_CH0 0x04
385 #define MRDMODE_INTR_CH1 0x08
386 #define MRDMODE_BLK_CH0 0x10
387 #define MRDMODE_BLK_CH1 0x20
388 #define UDIDETCR0 0x73
389 #define UDIDETCR1 0x7B
391 typedef struct BMDMAState {
396 struct PCIIDEState *pci_dev;
397 /* current transfer state */
399 uint32_t cur_prd_last;
400 uint32_t cur_prd_addr;
401 uint32_t cur_prd_len;
403 BlockDriverCompletionFunc *dma_cb;
404 BlockDriverAIOCB *aiocb;
407 typedef struct PCIIDEState {
411 int type; /* see IDE_TYPE_xxx */
414 static void ide_dma_start(IDEState *s, BlockDriverCompletionFunc *dma_cb);
415 static void ide_atapi_cmd_read_dma_cb(void *opaque, int ret);
417 static void padstr(char *str, const char *src, int len)
420 for(i = 0; i < len; i++) {
425 *(char *)((long)str ^ 1) = v;
430 static void padstr8(uint8_t *buf, int buf_size, const char *src)
433 for(i = 0; i < buf_size; i++) {
441 static void put_le16(uint16_t *p, unsigned int v)
446 static void ide_identify(IDEState *s)
449 unsigned int oldsize;
452 if (s->identify_set) {
453 memcpy(s->io_buffer, s->identify_data, sizeof(s->identify_data));
457 memset(s->io_buffer, 0, 512);
458 p = (uint16_t *)s->io_buffer;
459 put_le16(p + 0, 0x0040);
460 put_le16(p + 1, s->cylinders);
461 put_le16(p + 3, s->heads);
462 put_le16(p + 4, 512 * s->sectors); /* XXX: retired, remove ? */
463 put_le16(p + 5, 512); /* XXX: retired, remove ? */
464 put_le16(p + 6, s->sectors);
465 snprintf(buf, sizeof(buf), "QM%05d", s->drive_serial);
466 padstr((uint8_t *)(p + 10), buf, 20); /* serial number */
467 put_le16(p + 20, 3); /* XXX: retired, remove ? */
468 put_le16(p + 21, 512); /* cache size in sectors */
469 put_le16(p + 22, 4); /* ecc bytes */
470 padstr((uint8_t *)(p + 23), QEMU_VERSION, 8); /* firmware version */
471 padstr((uint8_t *)(p + 27), "QEMU HARDDISK", 40); /* model */
472 #if MAX_MULT_SECTORS > 1
473 put_le16(p + 47, 0x8000 | MAX_MULT_SECTORS);
475 put_le16(p + 48, 1); /* dword I/O */
476 put_le16(p + 49, (1 << 11) | (1 << 9) | (1 << 8)); /* DMA and LBA supported */
477 put_le16(p + 51, 0x200); /* PIO transfer cycle */
478 put_le16(p + 52, 0x200); /* DMA transfer cycle */
479 put_le16(p + 53, 1 | (1 << 1) | (1 << 2)); /* words 54-58,64-70,88 are valid */
480 put_le16(p + 54, s->cylinders);
481 put_le16(p + 55, s->heads);
482 put_le16(p + 56, s->sectors);
483 oldsize = s->cylinders * s->heads * s->sectors;
484 put_le16(p + 57, oldsize);
485 put_le16(p + 58, oldsize >> 16);
487 put_le16(p + 59, 0x100 | s->mult_sectors);
488 put_le16(p + 60, s->nb_sectors);
489 put_le16(p + 61, s->nb_sectors >> 16);
490 put_le16(p + 63, 0x07); /* mdma0-2 supported */
491 put_le16(p + 65, 120);
492 put_le16(p + 66, 120);
493 put_le16(p + 67, 120);
494 put_le16(p + 68, 120);
495 put_le16(p + 80, 0xf0); /* ata3 -> ata6 supported */
496 put_le16(p + 81, 0x16); /* conforms to ata5 */
497 put_le16(p + 82, (1 << 14));
498 /* 13=flush_cache_ext,12=flush_cache,10=lba48 */
499 put_le16(p + 83, (1 << 14) | (1 << 13) | (1 <<12) | (1 << 10));
500 put_le16(p + 84, (1 << 14));
501 put_le16(p + 85, (1 << 14));
502 /* 13=flush_cache_ext,12=flush_cache,10=lba48 */
503 put_le16(p + 86, (1 << 14) | (1 << 13) | (1 <<12) | (1 << 10));
504 put_le16(p + 87, (1 << 14));
505 put_le16(p + 88, 0x3f | (1 << 13)); /* udma5 set and supported */
506 put_le16(p + 93, 1 | (1 << 14) | 0x2000);
507 put_le16(p + 100, s->nb_sectors);
508 put_le16(p + 101, s->nb_sectors >> 16);
509 put_le16(p + 102, s->nb_sectors >> 32);
510 put_le16(p + 103, s->nb_sectors >> 48);
512 memcpy(s->identify_data, p, sizeof(s->identify_data));
516 static void ide_atapi_identify(IDEState *s)
521 if (s->identify_set) {
522 memcpy(s->io_buffer, s->identify_data, sizeof(s->identify_data));
526 memset(s->io_buffer, 0, 512);
527 p = (uint16_t *)s->io_buffer;
528 /* Removable CDROM, 50us response, 12 byte packets */
529 put_le16(p + 0, (2 << 14) | (5 << 8) | (1 << 7) | (2 << 5) | (0 << 0));
530 snprintf(buf, sizeof(buf), "QM%05d", s->drive_serial);
531 padstr((uint8_t *)(p + 10), buf, 20); /* serial number */
532 put_le16(p + 20, 3); /* buffer type */
533 put_le16(p + 21, 512); /* cache size in sectors */
534 put_le16(p + 22, 4); /* ecc bytes */
535 padstr((uint8_t *)(p + 23), QEMU_VERSION, 8); /* firmware version */
536 padstr((uint8_t *)(p + 27), "QEMU CD-ROM", 40); /* model */
537 put_le16(p + 48, 1); /* dword I/O (XXX: should not be set on CDROM) */
539 put_le16(p + 49, 1 << 9 | 1 << 8); /* DMA and LBA supported */
540 put_le16(p + 53, 7); /* words 64-70, 54-58, 88 valid */
541 put_le16(p + 63, 7); /* mdma0-2 supported */
542 put_le16(p + 64, 0x3f); /* PIO modes supported */
544 put_le16(p + 49, 1 << 9); /* LBA supported, no DMA */
545 put_le16(p + 53, 3); /* words 64-70, 54-58 valid */
546 put_le16(p + 63, 0x103); /* DMA modes XXX: may be incorrect */
547 put_le16(p + 64, 1); /* PIO modes */
549 put_le16(p + 65, 0xb4); /* minimum DMA multiword tx cycle time */
550 put_le16(p + 66, 0xb4); /* recommended DMA multiword tx cycle time */
551 put_le16(p + 67, 0x12c); /* minimum PIO cycle time without flow control */
552 put_le16(p + 68, 0xb4); /* minimum PIO cycle time with IORDY flow control */
554 put_le16(p + 71, 30); /* in ns */
555 put_le16(p + 72, 30); /* in ns */
557 put_le16(p + 80, 0x1e); /* support up to ATA/ATAPI-4 */
559 put_le16(p + 88, 0x3f | (1 << 13)); /* udma5 set and supported */
561 memcpy(s->identify_data, p, sizeof(s->identify_data));
565 static void ide_cfata_identify(IDEState *s)
571 p = (uint16_t *) s->identify_data;
575 memset(p, 0, sizeof(s->identify_data));
577 cur_sec = s->cylinders * s->heads * s->sectors;
579 put_le16(p + 0, 0x848a); /* CF Storage Card signature */
580 put_le16(p + 1, s->cylinders); /* Default cylinders */
581 put_le16(p + 3, s->heads); /* Default heads */
582 put_le16(p + 6, s->sectors); /* Default sectors per track */
583 put_le16(p + 7, s->nb_sectors >> 16); /* Sectors per card */
584 put_le16(p + 8, s->nb_sectors); /* Sectors per card */
585 snprintf(buf, sizeof(buf), "QM%05d", s->drive_serial);
586 padstr((uint8_t *)(p + 10), buf, 20); /* Serial number in ASCII */
587 put_le16(p + 22, 0x0004); /* ECC bytes */
588 padstr((uint8_t *) (p + 23), QEMU_VERSION, 8); /* Firmware Revision */
589 padstr((uint8_t *) (p + 27), "QEMU MICRODRIVE", 40);/* Model number */
590 #if MAX_MULT_SECTORS > 1
591 put_le16(p + 47, 0x8000 | MAX_MULT_SECTORS);
593 put_le16(p + 47, 0x0000);
595 put_le16(p + 49, 0x0f00); /* Capabilities */
596 put_le16(p + 51, 0x0002); /* PIO cycle timing mode */
597 put_le16(p + 52, 0x0001); /* DMA cycle timing mode */
598 put_le16(p + 53, 0x0003); /* Translation params valid */
599 put_le16(p + 54, s->cylinders); /* Current cylinders */
600 put_le16(p + 55, s->heads); /* Current heads */
601 put_le16(p + 56, s->sectors); /* Current sectors */
602 put_le16(p + 57, cur_sec); /* Current capacity */
603 put_le16(p + 58, cur_sec >> 16); /* Current capacity */
604 if (s->mult_sectors) /* Multiple sector setting */
605 put_le16(p + 59, 0x100 | s->mult_sectors);
606 put_le16(p + 60, s->nb_sectors); /* Total LBA sectors */
607 put_le16(p + 61, s->nb_sectors >> 16); /* Total LBA sectors */
608 put_le16(p + 63, 0x0203); /* Multiword DMA capability */
609 put_le16(p + 64, 0x0001); /* Flow Control PIO support */
610 put_le16(p + 65, 0x0096); /* Min. Multiword DMA cycle */
611 put_le16(p + 66, 0x0096); /* Rec. Multiword DMA cycle */
612 put_le16(p + 68, 0x00b4); /* Min. PIO cycle time */
613 put_le16(p + 82, 0x400c); /* Command Set supported */
614 put_le16(p + 83, 0x7068); /* Command Set supported */
615 put_le16(p + 84, 0x4000); /* Features supported */
616 put_le16(p + 85, 0x000c); /* Command Set enabled */
617 put_le16(p + 86, 0x7044); /* Command Set enabled */
618 put_le16(p + 87, 0x4000); /* Features enabled */
619 put_le16(p + 91, 0x4060); /* Current APM level */
620 put_le16(p + 129, 0x0002); /* Current features option */
621 put_le16(p + 130, 0x0005); /* Reassigned sectors */
622 put_le16(p + 131, 0x0001); /* Initial power mode */
623 put_le16(p + 132, 0x0000); /* User signature */
624 put_le16(p + 160, 0x8100); /* Power requirement */
625 put_le16(p + 161, 0x8001); /* CF command set */
630 memcpy(s->io_buffer, p, sizeof(s->identify_data));
633 static void ide_set_signature(IDEState *s)
635 s->select &= 0xf0; /* clear head */
651 static inline void ide_abort_command(IDEState *s)
653 s->status = READY_STAT | ERR_STAT;
657 static inline void ide_set_irq(IDEState *s)
659 BMDMAState *bm = s->bmdma;
660 if (!(s->cmd & IDE_CMD_DISABLE_IRQ)) {
662 bm->status |= BM_STATUS_INT;
664 qemu_irq_raise(s->irq);
668 /* prepare data transfer and tell what to do after */
669 static void ide_transfer_start(IDEState *s, uint8_t *buf, int size,
670 EndTransferFunc *end_transfer_func)
672 s->end_transfer_func = end_transfer_func;
674 s->data_end = buf + size;
675 if (!(s->status & ERR_STAT))
676 s->status |= DRQ_STAT;
679 static void ide_transfer_stop(IDEState *s)
681 s->end_transfer_func = ide_transfer_stop;
682 s->data_ptr = s->io_buffer;
683 s->data_end = s->io_buffer;
684 s->status &= ~DRQ_STAT;
687 static int64_t ide_get_sector(IDEState *s)
690 if (s->select & 0x40) {
693 sector_num = ((s->select & 0x0f) << 24) | (s->hcyl << 16) |
694 (s->lcyl << 8) | s->sector;
696 sector_num = ((int64_t)s->hob_hcyl << 40) |
697 ((int64_t) s->hob_lcyl << 32) |
698 ((int64_t) s->hob_sector << 24) |
699 ((int64_t) s->hcyl << 16) |
700 ((int64_t) s->lcyl << 8) | s->sector;
703 sector_num = ((s->hcyl << 8) | s->lcyl) * s->heads * s->sectors +
704 (s->select & 0x0f) * s->sectors + (s->sector - 1);
709 static void ide_set_sector(IDEState *s, int64_t sector_num)
712 if (s->select & 0x40) {
714 s->select = (s->select & 0xf0) | (sector_num >> 24);
715 s->hcyl = (sector_num >> 16);
716 s->lcyl = (sector_num >> 8);
717 s->sector = (sector_num);
719 s->sector = sector_num;
720 s->lcyl = sector_num >> 8;
721 s->hcyl = sector_num >> 16;
722 s->hob_sector = sector_num >> 24;
723 s->hob_lcyl = sector_num >> 32;
724 s->hob_hcyl = sector_num >> 40;
727 cyl = sector_num / (s->heads * s->sectors);
728 r = sector_num % (s->heads * s->sectors);
731 s->select = (s->select & 0xf0) | ((r / s->sectors) & 0x0f);
732 s->sector = (r % s->sectors) + 1;
736 static void ide_sector_read(IDEState *s)
741 s->status = READY_STAT | SEEK_STAT;
742 s->error = 0; /* not needed by IDE spec, but needed by Windows */
743 sector_num = ide_get_sector(s);
746 /* no more sector to read from disk */
747 ide_transfer_stop(s);
749 #if defined(DEBUG_IDE)
750 printf("read sector=%Ld\n", sector_num);
752 if (n > s->req_nb_sectors)
753 n = s->req_nb_sectors;
754 ret = bdrv_read(s->bs, sector_num, s->io_buffer, n);
755 ide_transfer_start(s, s->io_buffer, 512 * n, ide_sector_read);
757 ide_set_sector(s, sector_num + n);
762 /* return 0 if buffer completed */
763 static int dma_buf_rw(BMDMAState *bm, int is_write)
765 IDEState *s = bm->ide_if;
773 l = s->io_buffer_size - s->io_buffer_index;
776 if (bm->cur_prd_len == 0) {
777 /* end of table (with a fail safe of one page) */
778 if (bm->cur_prd_last ||
779 (bm->cur_addr - bm->addr) >= 4096)
781 cpu_physical_memory_read(bm->cur_addr, (uint8_t *)&prd, 8);
783 prd.addr = le32_to_cpu(prd.addr);
784 prd.size = le32_to_cpu(prd.size);
785 len = prd.size & 0xfffe;
788 bm->cur_prd_len = len;
789 bm->cur_prd_addr = prd.addr;
790 bm->cur_prd_last = (prd.size & 0x80000000);
792 if (l > bm->cur_prd_len)
796 cpu_physical_memory_write(bm->cur_prd_addr,
797 s->io_buffer + s->io_buffer_index, l);
799 cpu_physical_memory_read(bm->cur_prd_addr,
800 s->io_buffer + s->io_buffer_index, l);
802 bm->cur_prd_addr += l;
803 bm->cur_prd_len -= l;
804 s->io_buffer_index += l;
810 /* XXX: handle errors */
811 static void ide_read_dma_cb(void *opaque, int ret)
813 BMDMAState *bm = opaque;
814 IDEState *s = bm->ide_if;
818 n = s->io_buffer_size >> 9;
819 sector_num = ide_get_sector(s);
822 ide_set_sector(s, sector_num);
824 if (dma_buf_rw(bm, 1) == 0)
828 /* end of transfer ? */
829 if (s->nsector == 0) {
830 s->status = READY_STAT | SEEK_STAT;
833 bm->status &= ~BM_STATUS_DMAING;
834 bm->status |= BM_STATUS_INT;
841 /* launch next transfer */
843 if (n > MAX_MULT_SECTORS)
844 n = MAX_MULT_SECTORS;
845 s->io_buffer_index = 0;
846 s->io_buffer_size = n * 512;
848 printf("aio_read: sector_num=%lld n=%d\n", sector_num, n);
850 bm->aiocb = bdrv_aio_read(s->bs, sector_num, s->io_buffer, n,
851 ide_read_dma_cb, bm);
854 static void ide_sector_read_dma(IDEState *s)
856 s->status = READY_STAT | SEEK_STAT | DRQ_STAT | BUSY_STAT;
857 s->io_buffer_index = 0;
858 s->io_buffer_size = 0;
859 ide_dma_start(s, ide_read_dma_cb);
862 static void ide_sector_write_timer_cb(void *opaque)
864 IDEState *s = opaque;
868 static void ide_sector_write_aio_cb(void *opaque, int ret)
870 BMDMAState *bm = opaque;
871 IDEState *s = bm->ide_if;
874 if (win2k_install_hack && ((++s->irq_count % 16) == 0)) {
875 /* It seems there is a bug in the Windows 2000 installer HDD
876 IDE driver which fills the disk with empty logs when the
877 IDE write IRQ comes too early. This hack tries to correct
878 that at the expense of slower write performances. Use this
879 option _only_ to install Windows 2000. You must disable it
881 qemu_mod_timer(s->sector_write_timer,
882 qemu_get_clock(vm_clock) + (ticks_per_sec / 1000));
891 static void ide_sector_write(IDEState *s)
897 s->io_buffer_index = 0;
898 s->io_buffer_size = 0;
901 bm = qemu_mallocz(sizeof(BMDMAState));
905 bm->dma_cb = ide_sector_write_aio_cb;
907 s->status = READY_STAT | SEEK_STAT;
908 sector_num = ide_get_sector(s);
909 #if defined(DEBUG_IDE)
910 printf("write sector=%Ld\n", sector_num);
913 if (n > s->req_nb_sectors)
914 n = s->req_nb_sectors;
916 if (s->nsector == 0) {
917 /* no more sectors to write */
918 ide_transfer_stop(s);
921 if (n1 > s->req_nb_sectors)
922 n1 = s->req_nb_sectors;
923 ide_transfer_start(s, s->io_buffer, 512 * n1, ide_sector_write);
925 ide_set_sector(s, sector_num + n);
927 bm->aiocb = bdrv_aio_write(s->bs, sector_num, s->io_buffer, n,
928 ide_sector_write_aio_cb, bm);
931 /* XXX: handle errors */
932 static void ide_write_dma_cb(void *opaque, int ret)
934 BMDMAState *bm = opaque;
935 IDEState *s = bm->ide_if;
939 n = s->io_buffer_size >> 9;
940 sector_num = ide_get_sector(s);
943 ide_set_sector(s, sector_num);
947 /* end of transfer ? */
948 if (s->nsector == 0) {
949 s->status = READY_STAT | SEEK_STAT;
952 bm->status &= ~BM_STATUS_DMAING;
953 bm->status |= BM_STATUS_INT;
960 /* launch next transfer */
962 if (n > MAX_MULT_SECTORS)
963 n = MAX_MULT_SECTORS;
964 s->io_buffer_index = 0;
965 s->io_buffer_size = n * 512;
967 if (dma_buf_rw(bm, 0) == 0)
970 printf("aio_write: sector_num=%lld n=%d\n", sector_num, n);
972 bm->aiocb = bdrv_aio_write(s->bs, sector_num, s->io_buffer, n,
973 ide_write_dma_cb, bm);
976 static void ide_sector_write_dma(IDEState *s)
978 s->status = READY_STAT | SEEK_STAT | DRQ_STAT | BUSY_STAT;
979 s->io_buffer_index = 0;
980 s->io_buffer_size = 0;
981 ide_dma_start(s, ide_write_dma_cb);
984 static void ide_atapi_cmd_ok(IDEState *s)
987 s->status = READY_STAT;
988 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
992 static void ide_atapi_cmd_error(IDEState *s, int sense_key, int asc)
994 #ifdef DEBUG_IDE_ATAPI
995 printf("atapi_cmd_error: sense=0x%x asc=0x%x\n", sense_key, asc);
997 s->error = sense_key << 4;
998 s->status = READY_STAT | ERR_STAT;
999 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
1000 s->sense_key = sense_key;
1005 static inline void cpu_to_ube16(uint8_t *buf, int val)
1011 static inline void cpu_to_ube32(uint8_t *buf, unsigned int val)
1019 static inline int ube16_to_cpu(const uint8_t *buf)
1021 return (buf[0] << 8) | buf[1];
1024 static inline int ube32_to_cpu(const uint8_t *buf)
1026 return (buf[0] << 24) | (buf[1] << 16) | (buf[2] << 8) | buf[3];
1029 static void lba_to_msf(uint8_t *buf, int lba)
1032 buf[0] = (lba / 75) / 60;
1033 buf[1] = (lba / 75) % 60;
1037 static void cd_data_to_raw(uint8_t *buf, int lba)
1041 memset(buf + 1, 0xff, 10);
1045 lba_to_msf(buf, lba);
1046 buf[3] = 0x01; /* mode 1 data */
1050 /* XXX: ECC not computed */
1051 memset(buf, 0, 288);
1054 static int cd_read_sector(BlockDriverState *bs, int lba, uint8_t *buf,
1059 switch(sector_size) {
1061 ret = bdrv_read(bs, (int64_t)lba << 2, buf, 4);
1064 ret = bdrv_read(bs, (int64_t)lba << 2, buf + 16, 4);
1067 cd_data_to_raw(buf, lba);
1076 static void ide_atapi_io_error(IDEState *s, int ret)
1078 /* XXX: handle more errors */
1079 if (ret == -ENOMEDIUM) {
1080 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1081 ASC_MEDIUM_NOT_PRESENT);
1083 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1084 ASC_LOGICAL_BLOCK_OOR);
1088 /* The whole ATAPI transfer logic is handled in this function */
1089 static void ide_atapi_cmd_reply_end(IDEState *s)
1091 int byte_count_limit, size, ret;
1092 #ifdef DEBUG_IDE_ATAPI
1093 printf("reply: tx_size=%d elem_tx_size=%d index=%d\n",
1094 s->packet_transfer_size,
1095 s->elementary_transfer_size,
1096 s->io_buffer_index);
1098 if (s->packet_transfer_size <= 0) {
1099 /* end of transfer */
1100 ide_transfer_stop(s);
1101 s->status = READY_STAT;
1102 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
1104 #ifdef DEBUG_IDE_ATAPI
1105 printf("status=0x%x\n", s->status);
1108 /* see if a new sector must be read */
1109 if (s->lba != -1 && s->io_buffer_index >= s->cd_sector_size) {
1110 ret = cd_read_sector(s->bs, s->lba, s->io_buffer, s->cd_sector_size);
1112 ide_transfer_stop(s);
1113 ide_atapi_io_error(s, ret);
1117 s->io_buffer_index = 0;
1119 if (s->elementary_transfer_size > 0) {
1120 /* there are some data left to transmit in this elementary
1122 size = s->cd_sector_size - s->io_buffer_index;
1123 if (size > s->elementary_transfer_size)
1124 size = s->elementary_transfer_size;
1125 ide_transfer_start(s, s->io_buffer + s->io_buffer_index,
1126 size, ide_atapi_cmd_reply_end);
1127 s->packet_transfer_size -= size;
1128 s->elementary_transfer_size -= size;
1129 s->io_buffer_index += size;
1131 /* a new transfer is needed */
1132 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO;
1133 byte_count_limit = s->lcyl | (s->hcyl << 8);
1134 #ifdef DEBUG_IDE_ATAPI
1135 printf("byte_count_limit=%d\n", byte_count_limit);
1137 if (byte_count_limit == 0xffff)
1139 size = s->packet_transfer_size;
1140 if (size > byte_count_limit) {
1141 /* byte count limit must be even if this case */
1142 if (byte_count_limit & 1)
1144 size = byte_count_limit;
1147 s->hcyl = size >> 8;
1148 s->elementary_transfer_size = size;
1149 /* we cannot transmit more than one sector at a time */
1151 if (size > (s->cd_sector_size - s->io_buffer_index))
1152 size = (s->cd_sector_size - s->io_buffer_index);
1154 ide_transfer_start(s, s->io_buffer + s->io_buffer_index,
1155 size, ide_atapi_cmd_reply_end);
1156 s->packet_transfer_size -= size;
1157 s->elementary_transfer_size -= size;
1158 s->io_buffer_index += size;
1160 #ifdef DEBUG_IDE_ATAPI
1161 printf("status=0x%x\n", s->status);
1167 /* send a reply of 'size' bytes in s->io_buffer to an ATAPI command */
1168 static void ide_atapi_cmd_reply(IDEState *s, int size, int max_size)
1170 if (size > max_size)
1172 s->lba = -1; /* no sector read */
1173 s->packet_transfer_size = size;
1174 s->io_buffer_size = size; /* dma: send the reply data as one chunk */
1175 s->elementary_transfer_size = 0;
1176 s->io_buffer_index = 0;
1179 s->status = READY_STAT | DRQ_STAT;
1180 ide_dma_start(s, ide_atapi_cmd_read_dma_cb);
1182 s->status = READY_STAT;
1183 ide_atapi_cmd_reply_end(s);
1187 /* start a CD-CDROM read command */
1188 static void ide_atapi_cmd_read_pio(IDEState *s, int lba, int nb_sectors,
1192 s->packet_transfer_size = nb_sectors * sector_size;
1193 s->elementary_transfer_size = 0;
1194 s->io_buffer_index = sector_size;
1195 s->cd_sector_size = sector_size;
1197 s->status = READY_STAT;
1198 ide_atapi_cmd_reply_end(s);
1201 /* ATAPI DMA support */
1203 /* XXX: handle read errors */
1204 static void ide_atapi_cmd_read_dma_cb(void *opaque, int ret)
1206 BMDMAState *bm = opaque;
1207 IDEState *s = bm->ide_if;
1211 ide_atapi_io_error(s, ret);
1215 if (s->io_buffer_size > 0) {
1217 * For a cdrom read sector command (s->lba != -1),
1218 * adjust the lba for the next s->io_buffer_size chunk
1219 * and dma the current chunk.
1220 * For a command != read (s->lba == -1), just transfer
1224 if (s->cd_sector_size == 2352) {
1226 cd_data_to_raw(s->io_buffer, s->lba);
1228 n = s->io_buffer_size >> 11;
1232 s->packet_transfer_size -= s->io_buffer_size;
1233 if (dma_buf_rw(bm, 1) == 0)
1237 if (s->packet_transfer_size <= 0) {
1238 s->status = READY_STAT;
1239 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
1242 bm->status &= ~BM_STATUS_DMAING;
1243 bm->status |= BM_STATUS_INT;
1250 s->io_buffer_index = 0;
1251 if (s->cd_sector_size == 2352) {
1253 s->io_buffer_size = s->cd_sector_size;
1256 n = s->packet_transfer_size >> 11;
1257 if (n > (MAX_MULT_SECTORS / 4))
1258 n = (MAX_MULT_SECTORS / 4);
1259 s->io_buffer_size = n * 2048;
1263 printf("aio_read_cd: lba=%u n=%d\n", s->lba, n);
1265 bm->aiocb = bdrv_aio_read(s->bs, (int64_t)s->lba << 2,
1266 s->io_buffer + data_offset, n * 4,
1267 ide_atapi_cmd_read_dma_cb, bm);
1269 /* Note: media not present is the most likely case */
1270 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1271 ASC_MEDIUM_NOT_PRESENT);
1276 /* start a CD-CDROM read command with DMA */
1277 /* XXX: test if DMA is available */
1278 static void ide_atapi_cmd_read_dma(IDEState *s, int lba, int nb_sectors,
1282 s->packet_transfer_size = nb_sectors * sector_size;
1283 s->io_buffer_index = 0;
1284 s->io_buffer_size = 0;
1285 s->cd_sector_size = sector_size;
1287 /* XXX: check if BUSY_STAT should be set */
1288 s->status = READY_STAT | DRQ_STAT | BUSY_STAT;
1289 ide_dma_start(s, ide_atapi_cmd_read_dma_cb);
1292 static void ide_atapi_cmd_read(IDEState *s, int lba, int nb_sectors,
1295 #ifdef DEBUG_IDE_ATAPI
1296 printf("read %s: LBA=%d nb_sectors=%d\n", s->atapi_dma ? "dma" : "pio",
1300 ide_atapi_cmd_read_dma(s, lba, nb_sectors, sector_size);
1302 ide_atapi_cmd_read_pio(s, lba, nb_sectors, sector_size);
1306 static void ide_atapi_cmd(IDEState *s)
1308 const uint8_t *packet;
1312 packet = s->io_buffer;
1314 #ifdef DEBUG_IDE_ATAPI
1317 printf("ATAPI limit=0x%x packet:", s->lcyl | (s->hcyl << 8));
1318 for(i = 0; i < ATAPI_PACKET_SIZE; i++) {
1319 printf(" %02x", packet[i]);
1324 switch(s->io_buffer[0]) {
1325 case GPCMD_TEST_UNIT_READY:
1326 if (bdrv_is_inserted(s->bs)) {
1327 ide_atapi_cmd_ok(s);
1329 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1330 ASC_MEDIUM_NOT_PRESENT);
1333 case GPCMD_MODE_SENSE_6:
1334 case GPCMD_MODE_SENSE_10:
1337 if (packet[0] == GPCMD_MODE_SENSE_10)
1338 max_len = ube16_to_cpu(packet + 7);
1340 max_len = packet[4];
1341 action = packet[2] >> 6;
1342 code = packet[2] & 0x3f;
1344 case 0: /* current values */
1346 case 0x01: /* error recovery */
1347 cpu_to_ube16(&buf[0], 16 + 6);
1363 ide_atapi_cmd_reply(s, 16, max_len);
1366 cpu_to_ube16(&buf[0], 28 + 6);
1381 buf[14] = (1 << 0) | (1 << 3) | (1 << 5);
1382 if (bdrv_is_locked(s->bs))
1385 cpu_to_ube16(&buf[16], 706);
1388 cpu_to_ube16(&buf[20], 512);
1389 cpu_to_ube16(&buf[22], 706);
1394 ide_atapi_cmd_reply(s, 28, max_len);
1400 case 1: /* changeable values */
1402 case 2: /* default values */
1405 case 3: /* saved values */
1406 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1407 ASC_SAVING_PARAMETERS_NOT_SUPPORTED);
1412 case GPCMD_REQUEST_SENSE:
1413 max_len = packet[4];
1415 buf[0] = 0x70 | (1 << 7);
1416 buf[2] = s->sense_key;
1419 ide_atapi_cmd_reply(s, 18, max_len);
1421 case GPCMD_PREVENT_ALLOW_MEDIUM_REMOVAL:
1422 if (bdrv_is_inserted(s->bs)) {
1423 bdrv_set_locked(s->bs, packet[4] & 1);
1424 ide_atapi_cmd_ok(s);
1426 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1427 ASC_MEDIUM_NOT_PRESENT);
1433 int nb_sectors, lba;
1435 if (packet[0] == GPCMD_READ_10)
1436 nb_sectors = ube16_to_cpu(packet + 7);
1438 nb_sectors = ube32_to_cpu(packet + 6);
1439 lba = ube32_to_cpu(packet + 2);
1440 if (nb_sectors == 0) {
1441 ide_atapi_cmd_ok(s);
1444 ide_atapi_cmd_read(s, lba, nb_sectors, 2048);
1449 int nb_sectors, lba, transfer_request;
1451 nb_sectors = (packet[6] << 16) | (packet[7] << 8) | packet[8];
1452 lba = ube32_to_cpu(packet + 2);
1453 if (nb_sectors == 0) {
1454 ide_atapi_cmd_ok(s);
1457 transfer_request = packet[9];
1458 switch(transfer_request & 0xf8) {
1461 ide_atapi_cmd_ok(s);
1465 ide_atapi_cmd_read(s, lba, nb_sectors, 2048);
1469 ide_atapi_cmd_read(s, lba, nb_sectors, 2352);
1472 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1473 ASC_INV_FIELD_IN_CMD_PACKET);
1481 int64_t total_sectors;
1483 bdrv_get_geometry(s->bs, &total_sectors);
1484 total_sectors >>= 2;
1485 if (total_sectors <= 0) {
1486 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1487 ASC_MEDIUM_NOT_PRESENT);
1490 lba = ube32_to_cpu(packet + 2);
1491 if (lba >= total_sectors) {
1492 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1493 ASC_LOGICAL_BLOCK_OOR);
1496 ide_atapi_cmd_ok(s);
1499 case GPCMD_START_STOP_UNIT:
1502 start = packet[4] & 1;
1503 eject = (packet[4] >> 1) & 1;
1505 if (eject && !start) {
1506 /* eject the disk */
1507 bdrv_eject(s->bs, 1);
1508 } else if (eject && start) {
1509 /* close the tray */
1510 bdrv_eject(s->bs, 0);
1512 ide_atapi_cmd_ok(s);
1515 case GPCMD_MECHANISM_STATUS:
1517 max_len = ube16_to_cpu(packet + 8);
1518 cpu_to_ube16(buf, 0);
1519 /* no current LBA */
1524 cpu_to_ube16(buf + 6, 0);
1525 ide_atapi_cmd_reply(s, 8, max_len);
1528 case GPCMD_READ_TOC_PMA_ATIP:
1530 int format, msf, start_track, len;
1531 int64_t total_sectors;
1533 bdrv_get_geometry(s->bs, &total_sectors);
1534 total_sectors >>= 2;
1535 if (total_sectors <= 0) {
1536 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1537 ASC_MEDIUM_NOT_PRESENT);
1540 max_len = ube16_to_cpu(packet + 7);
1541 format = packet[9] >> 6;
1542 msf = (packet[1] >> 1) & 1;
1543 start_track = packet[6];
1546 len = cdrom_read_toc(total_sectors, buf, msf, start_track);
1549 ide_atapi_cmd_reply(s, len, max_len);
1552 /* multi session : only a single session defined */
1557 ide_atapi_cmd_reply(s, 12, max_len);
1560 len = cdrom_read_toc_raw(total_sectors, buf, msf, start_track);
1563 ide_atapi_cmd_reply(s, len, max_len);
1567 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1568 ASC_INV_FIELD_IN_CMD_PACKET);
1573 case GPCMD_READ_CDVD_CAPACITY:
1575 int64_t total_sectors;
1577 bdrv_get_geometry(s->bs, &total_sectors);
1578 total_sectors >>= 2;
1579 if (total_sectors <= 0) {
1580 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1581 ASC_MEDIUM_NOT_PRESENT);
1584 /* NOTE: it is really the number of sectors minus 1 */
1585 cpu_to_ube32(buf, total_sectors - 1);
1586 cpu_to_ube32(buf + 4, 2048);
1587 ide_atapi_cmd_reply(s, 8, 8);
1590 case GPCMD_READ_DVD_STRUCTURE:
1592 int media = packet[1];
1593 int layer = packet[6];
1594 int format = packet[2];
1595 int64_t total_sectors;
1597 if (media != 0 || layer != 0)
1599 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1600 ASC_INV_FIELD_IN_CMD_PACKET);
1605 bdrv_get_geometry(s->bs, &total_sectors);
1606 total_sectors >>= 2;
1608 memset(buf, 0, 2052);
1610 buf[4] = 1; // DVD-ROM, part version 1
1611 buf[5] = 0xf; // 120mm disc, maximum rate unspecified
1612 buf[6] = 0; // one layer, embossed data
1615 cpu_to_ube32(buf + 8, 0);
1616 cpu_to_ube32(buf + 12, total_sectors - 1);
1617 cpu_to_ube32(buf + 16, total_sectors - 1);
1619 cpu_to_be16wu((uint16_t *)buf, 2048 + 4);
1621 ide_atapi_cmd_reply(s, 2048 + 3, 2048 + 4);
1625 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1626 ASC_INV_FIELD_IN_CMD_PACKET);
1631 case GPCMD_SET_SPEED:
1632 ide_atapi_cmd_ok(s);
1635 max_len = packet[4];
1636 buf[0] = 0x05; /* CD-ROM */
1637 buf[1] = 0x80; /* removable */
1638 buf[2] = 0x00; /* ISO */
1639 buf[3] = 0x21; /* ATAPI-2 (XXX: put ATAPI-4 ?) */
1640 buf[4] = 31; /* additional length */
1641 buf[5] = 0; /* reserved */
1642 buf[6] = 0; /* reserved */
1643 buf[7] = 0; /* reserved */
1644 padstr8(buf + 8, 8, "QEMU");
1645 padstr8(buf + 16, 16, "QEMU CD-ROM");
1646 padstr8(buf + 32, 4, QEMU_VERSION);
1647 ide_atapi_cmd_reply(s, 36, max_len);
1649 case GPCMD_GET_CONFIGURATION:
1651 int64_t total_sectors;
1653 /* only feature 0 is supported */
1654 if (packet[2] != 0 || packet[3] != 0) {
1655 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1656 ASC_INV_FIELD_IN_CMD_PACKET);
1660 bdrv_get_geometry(s->bs, &total_sectors);
1662 buf[7] = total_sectors <= 1433600 ? 0x08 : 0x10; /* current profile */
1663 buf[10] = 0x10 | 0x1;
1664 buf[11] = 0x08; /* size of profile list */
1665 buf[13] = 0x10; /* DVD-ROM profile */
1666 buf[14] = buf[7] == 0x10; /* (in)active */
1667 buf[17] = 0x08; /* CD-ROM profile */
1668 buf[18] = buf[7] == 0x08; /* (in)active */
1669 ide_atapi_cmd_reply(s, 32, 32);
1673 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1674 ASC_ILLEGAL_OPCODE);
1679 static void ide_cfata_metadata_inquiry(IDEState *s)
1684 p = (uint16_t *) s->io_buffer;
1685 memset(p, 0, 0x200);
1686 spd = ((s->mdata_size - 1) >> 9) + 1;
1688 put_le16(p + 0, 0x0001); /* Data format revision */
1689 put_le16(p + 1, 0x0000); /* Media property: silicon */
1690 put_le16(p + 2, s->media_changed); /* Media status */
1691 put_le16(p + 3, s->mdata_size & 0xffff); /* Capacity in bytes (low) */
1692 put_le16(p + 4, s->mdata_size >> 16); /* Capacity in bytes (high) */
1693 put_le16(p + 5, spd & 0xffff); /* Sectors per device (low) */
1694 put_le16(p + 6, spd >> 16); /* Sectors per device (high) */
1697 static void ide_cfata_metadata_read(IDEState *s)
1701 if (((s->hcyl << 16) | s->lcyl) << 9 > s->mdata_size + 2) {
1702 s->status = ERR_STAT;
1703 s->error = ABRT_ERR;
1707 p = (uint16_t *) s->io_buffer;
1708 memset(p, 0, 0x200);
1710 put_le16(p + 0, s->media_changed); /* Media status */
1711 memcpy(p + 1, s->mdata_storage + (((s->hcyl << 16) | s->lcyl) << 9),
1712 MIN(MIN(s->mdata_size - (((s->hcyl << 16) | s->lcyl) << 9),
1713 s->nsector << 9), 0x200 - 2));
1716 static void ide_cfata_metadata_write(IDEState *s)
1718 if (((s->hcyl << 16) | s->lcyl) << 9 > s->mdata_size + 2) {
1719 s->status = ERR_STAT;
1720 s->error = ABRT_ERR;
1724 s->media_changed = 0;
1726 memcpy(s->mdata_storage + (((s->hcyl << 16) | s->lcyl) << 9),
1728 MIN(MIN(s->mdata_size - (((s->hcyl << 16) | s->lcyl) << 9),
1729 s->nsector << 9), 0x200 - 2));
1732 /* called when the inserted state of the media has changed */
1733 static void cdrom_change_cb(void *opaque)
1735 IDEState *s = opaque;
1738 /* XXX: send interrupt too */
1739 bdrv_get_geometry(s->bs, &nb_sectors);
1740 s->nb_sectors = nb_sectors;
1743 static void ide_cmd_lba48_transform(IDEState *s, int lba48)
1747 /* handle the 'magic' 0 nsector count conversion here. to avoid
1748 * fiddling with the rest of the read logic, we just store the
1749 * full sector count in ->nsector and ignore ->hob_nsector from now
1755 if (!s->nsector && !s->hob_nsector)
1758 int lo = s->nsector;
1759 int hi = s->hob_nsector;
1761 s->nsector = (hi << 8) | lo;
1766 static void ide_clear_hob(IDEState *ide_if)
1768 /* any write clears HOB high bit of device control register */
1769 ide_if[0].select &= ~(1 << 7);
1770 ide_if[1].select &= ~(1 << 7);
1773 static void ide_ioport_write(void *opaque, uint32_t addr, uint32_t val)
1775 IDEState *ide_if = opaque;
1781 printf("IDE: write addr=0x%x val=0x%02x\n", addr, val);
1789 ide_clear_hob(ide_if);
1790 /* NOTE: data is written to the two drives */
1791 ide_if[0].hob_feature = ide_if[0].feature;
1792 ide_if[1].hob_feature = ide_if[1].feature;
1793 ide_if[0].feature = val;
1794 ide_if[1].feature = val;
1797 ide_clear_hob(ide_if);
1798 ide_if[0].hob_nsector = ide_if[0].nsector;
1799 ide_if[1].hob_nsector = ide_if[1].nsector;
1800 ide_if[0].nsector = val;
1801 ide_if[1].nsector = val;
1804 ide_clear_hob(ide_if);
1805 ide_if[0].hob_sector = ide_if[0].sector;
1806 ide_if[1].hob_sector = ide_if[1].sector;
1807 ide_if[0].sector = val;
1808 ide_if[1].sector = val;
1811 ide_clear_hob(ide_if);
1812 ide_if[0].hob_lcyl = ide_if[0].lcyl;
1813 ide_if[1].hob_lcyl = ide_if[1].lcyl;
1814 ide_if[0].lcyl = val;
1815 ide_if[1].lcyl = val;
1818 ide_clear_hob(ide_if);
1819 ide_if[0].hob_hcyl = ide_if[0].hcyl;
1820 ide_if[1].hob_hcyl = ide_if[1].hcyl;
1821 ide_if[0].hcyl = val;
1822 ide_if[1].hcyl = val;
1825 /* FIXME: HOB readback uses bit 7 */
1826 ide_if[0].select = (val & ~0x10) | 0xa0;
1827 ide_if[1].select = (val | 0x10) | 0xa0;
1829 unit = (val >> 4) & 1;
1831 ide_if->cur_drive = s;
1836 #if defined(DEBUG_IDE)
1837 printf("ide: CMD=%02x\n", val);
1839 s = ide_if->cur_drive;
1840 /* ignore commands to non existant slave */
1841 if (s != ide_if && !s->bs)
1846 if (s->bs && !s->is_cdrom) {
1850 ide_cfata_identify(s);
1851 s->status = READY_STAT | SEEK_STAT;
1852 ide_transfer_start(s, s->io_buffer, 512, ide_transfer_stop);
1855 ide_set_signature(s);
1857 ide_abort_command(s);
1864 s->status = READY_STAT | SEEK_STAT;
1868 if (s->is_cf && s->nsector == 0) {
1869 /* Disable Read and Write Multiple */
1870 s->mult_sectors = 0;
1871 s->status = READY_STAT;
1872 } else if ((s->nsector & 0xff) != 0 &&
1873 ((s->nsector & 0xff) > MAX_MULT_SECTORS ||
1874 (s->nsector & (s->nsector - 1)) != 0)) {
1875 ide_abort_command(s);
1877 s->mult_sectors = s->nsector & 0xff;
1878 s->status = READY_STAT;
1882 case WIN_VERIFY_EXT:
1885 case WIN_VERIFY_ONCE:
1886 /* do sector number check ? */
1887 ide_cmd_lba48_transform(s, lba48);
1888 s->status = READY_STAT;
1897 ide_cmd_lba48_transform(s, lba48);
1898 s->req_nb_sectors = 1;
1904 case WIN_WRITE_ONCE:
1905 case CFA_WRITE_SECT_WO_ERASE:
1906 case WIN_WRITE_VERIFY:
1907 ide_cmd_lba48_transform(s, lba48);
1909 s->status = SEEK_STAT | READY_STAT;
1910 s->req_nb_sectors = 1;
1911 ide_transfer_start(s, s->io_buffer, 512, ide_sector_write);
1912 s->media_changed = 1;
1914 case WIN_MULTREAD_EXT:
1917 if (!s->mult_sectors)
1919 ide_cmd_lba48_transform(s, lba48);
1920 s->req_nb_sectors = s->mult_sectors;
1923 case WIN_MULTWRITE_EXT:
1926 case CFA_WRITE_MULTI_WO_ERASE:
1927 if (!s->mult_sectors)
1929 ide_cmd_lba48_transform(s, lba48);
1931 s->status = SEEK_STAT | READY_STAT;
1932 s->req_nb_sectors = s->mult_sectors;
1934 if (n > s->req_nb_sectors)
1935 n = s->req_nb_sectors;
1936 ide_transfer_start(s, s->io_buffer, 512 * n, ide_sector_write);
1937 s->media_changed = 1;
1939 case WIN_READDMA_EXT:
1942 case WIN_READDMA_ONCE:
1945 ide_cmd_lba48_transform(s, lba48);
1946 ide_sector_read_dma(s);
1948 case WIN_WRITEDMA_EXT:
1951 case WIN_WRITEDMA_ONCE:
1954 ide_cmd_lba48_transform(s, lba48);
1955 ide_sector_write_dma(s);
1956 s->media_changed = 1;
1958 case WIN_READ_NATIVE_MAX_EXT:
1960 case WIN_READ_NATIVE_MAX:
1961 ide_cmd_lba48_transform(s, lba48);
1962 ide_set_sector(s, s->nb_sectors - 1);
1963 s->status = READY_STAT;
1966 case WIN_CHECKPOWERMODE1:
1967 case WIN_CHECKPOWERMODE2:
1968 s->nsector = 0xff; /* device active or idle */
1969 s->status = READY_STAT;
1972 case WIN_SETFEATURES:
1975 /* XXX: valid for CDROM ? */
1976 switch(s->feature) {
1977 case 0xcc: /* reverting to power-on defaults enable */
1978 case 0x66: /* reverting to power-on defaults disable */
1979 case 0x02: /* write cache enable */
1980 case 0x82: /* write cache disable */
1981 case 0xaa: /* read look-ahead enable */
1982 case 0x55: /* read look-ahead disable */
1983 case 0x05: /* set advanced power management mode */
1984 case 0x85: /* disable advanced power management mode */
1985 case 0x69: /* NOP */
1986 case 0x67: /* NOP */
1987 case 0x96: /* NOP */
1988 case 0x9a: /* NOP */
1989 case 0x42: /* enable Automatic Acoustic Mode */
1990 case 0xc2: /* disable Automatic Acoustic Mode */
1991 s->status = READY_STAT | SEEK_STAT;
1994 case 0x03: { /* set transfer mode */
1995 uint8_t val = s->nsector & 0x07;
1997 switch (s->nsector >> 3) {
1998 case 0x00: /* pio default */
1999 case 0x01: /* pio mode */
2000 put_le16(s->identify_data + 63,0x07);
2001 put_le16(s->identify_data + 88,0x3f);
2003 case 0x04: /* mdma mode */
2004 put_le16(s->identify_data + 63,0x07 | (1 << (val + 8)));
2005 put_le16(s->identify_data + 88,0x3f);
2007 case 0x08: /* udma mode */
2008 put_le16(s->identify_data + 63,0x07);
2009 put_le16(s->identify_data + 88,0x3f | (1 << (val + 8)));
2014 s->status = READY_STAT | SEEK_STAT;
2022 case WIN_FLUSH_CACHE:
2023 case WIN_FLUSH_CACHE_EXT:
2026 s->status = READY_STAT;
2031 case WIN_STANDBYNOW1:
2032 case WIN_STANDBYNOW2:
2033 case WIN_IDLEIMMEDIATE:
2034 case CFA_IDLEIMMEDIATE:
2039 s->status = READY_STAT;
2042 /* ATAPI commands */
2045 ide_atapi_identify(s);
2046 s->status = READY_STAT | SEEK_STAT;
2047 ide_transfer_start(s, s->io_buffer, 512, ide_transfer_stop);
2049 ide_abort_command(s);
2054 ide_set_signature(s);
2055 s->status = 0x00; /* NOTE: READY is _not_ set */
2061 ide_set_signature(s);
2062 s->status = 0x00; /* NOTE: READY is _not_ set */
2068 /* overlapping commands not supported */
2069 if (s->feature & 0x02)
2071 s->status = READY_STAT;
2072 s->atapi_dma = s->feature & 1;
2074 ide_transfer_start(s, s->io_buffer, ATAPI_PACKET_SIZE,
2077 /* CF-ATA commands */
2078 case CFA_REQ_EXT_ERROR_CODE:
2081 s->error = 0x09; /* miscellaneous error */
2082 s->status = READY_STAT;
2085 case CFA_ERASE_SECTORS:
2086 case CFA_WEAR_LEVEL:
2089 if (val == CFA_WEAR_LEVEL)
2091 if (val == CFA_ERASE_SECTORS)
2092 s->media_changed = 1;
2094 s->status = READY_STAT;
2097 case CFA_TRANSLATE_SECTOR:
2101 s->status = READY_STAT;
2102 memset(s->io_buffer, 0, 0x200);
2103 s->io_buffer[0x00] = s->hcyl; /* Cyl MSB */
2104 s->io_buffer[0x01] = s->lcyl; /* Cyl LSB */
2105 s->io_buffer[0x02] = s->select; /* Head */
2106 s->io_buffer[0x03] = s->sector; /* Sector */
2107 s->io_buffer[0x04] = ide_get_sector(s) >> 16; /* LBA MSB */
2108 s->io_buffer[0x05] = ide_get_sector(s) >> 8; /* LBA */
2109 s->io_buffer[0x06] = ide_get_sector(s) >> 0; /* LBA LSB */
2110 s->io_buffer[0x13] = 0x00; /* Erase flag */
2111 s->io_buffer[0x18] = 0x00; /* Hot count */
2112 s->io_buffer[0x19] = 0x00; /* Hot count */
2113 s->io_buffer[0x1a] = 0x01; /* Hot count */
2114 ide_transfer_start(s, s->io_buffer, 0x200, ide_transfer_stop);
2117 case CFA_ACCESS_METADATA_STORAGE:
2120 switch (s->feature) {
2121 case 0x02: /* Inquiry Metadata Storage */
2122 ide_cfata_metadata_inquiry(s);
2124 case 0x03: /* Read Metadata Storage */
2125 ide_cfata_metadata_read(s);
2127 case 0x04: /* Write Metadata Storage */
2128 ide_cfata_metadata_write(s);
2133 ide_transfer_start(s, s->io_buffer, 0x200, ide_transfer_stop);
2134 s->status = 0x00; /* NOTE: READY is _not_ set */
2137 case IBM_SENSE_CONDITION:
2140 switch (s->feature) {
2141 case 0x01: /* sense temperature in device */
2142 s->nsector = 0x50; /* +20 C */
2147 s->status = READY_STAT;
2152 ide_abort_command(s);
2159 static uint32_t ide_ioport_read(void *opaque, uint32_t addr1)
2161 IDEState *ide_if = opaque;
2162 IDEState *s = ide_if->cur_drive;
2167 /* FIXME: HOB readback uses bit 7, but it's always set right now */
2168 //hob = s->select & (1 << 7);
2175 if (!ide_if[0].bs && !ide_if[1].bs)
2180 ret = s->hob_feature;
2183 if (!ide_if[0].bs && !ide_if[1].bs)
2186 ret = s->nsector & 0xff;
2188 ret = s->hob_nsector;
2191 if (!ide_if[0].bs && !ide_if[1].bs)
2196 ret = s->hob_sector;
2199 if (!ide_if[0].bs && !ide_if[1].bs)
2207 if (!ide_if[0].bs && !ide_if[1].bs)
2215 if (!ide_if[0].bs && !ide_if[1].bs)
2222 if ((!ide_if[0].bs && !ide_if[1].bs) ||
2223 (s != ide_if && !s->bs))
2227 qemu_irq_lower(s->irq);
2231 printf("ide: read addr=0x%x val=%02x\n", addr1, ret);
2236 static uint32_t ide_status_read(void *opaque, uint32_t addr)
2238 IDEState *ide_if = opaque;
2239 IDEState *s = ide_if->cur_drive;
2242 if ((!ide_if[0].bs && !ide_if[1].bs) ||
2243 (s != ide_if && !s->bs))
2248 printf("ide: read status addr=0x%x val=%02x\n", addr, ret);
2253 static void ide_cmd_write(void *opaque, uint32_t addr, uint32_t val)
2255 IDEState *ide_if = opaque;
2260 printf("ide: write control addr=0x%x val=%02x\n", addr, val);
2262 /* common for both drives */
2263 if (!(ide_if[0].cmd & IDE_CMD_RESET) &&
2264 (val & IDE_CMD_RESET)) {
2265 /* reset low to high */
2266 for(i = 0;i < 2; i++) {
2268 s->status = BUSY_STAT | SEEK_STAT;
2271 } else if ((ide_if[0].cmd & IDE_CMD_RESET) &&
2272 !(val & IDE_CMD_RESET)) {
2274 for(i = 0;i < 2; i++) {
2277 s->status = 0x00; /* NOTE: READY is _not_ set */
2279 s->status = READY_STAT | SEEK_STAT;
2280 ide_set_signature(s);
2284 ide_if[0].cmd = val;
2285 ide_if[1].cmd = val;
2288 static void ide_data_writew(void *opaque, uint32_t addr, uint32_t val)
2290 IDEState *s = ((IDEState *)opaque)->cur_drive;
2294 *(uint16_t *)p = le16_to_cpu(val);
2297 if (p >= s->data_end)
2298 s->end_transfer_func(s);
2301 static uint32_t ide_data_readw(void *opaque, uint32_t addr)
2303 IDEState *s = ((IDEState *)opaque)->cur_drive;
2307 ret = cpu_to_le16(*(uint16_t *)p);
2310 if (p >= s->data_end)
2311 s->end_transfer_func(s);
2315 static void ide_data_writel(void *opaque, uint32_t addr, uint32_t val)
2317 IDEState *s = ((IDEState *)opaque)->cur_drive;
2321 *(uint32_t *)p = le32_to_cpu(val);
2324 if (p >= s->data_end)
2325 s->end_transfer_func(s);
2328 static uint32_t ide_data_readl(void *opaque, uint32_t addr)
2330 IDEState *s = ((IDEState *)opaque)->cur_drive;
2335 ret = cpu_to_le32(*(uint32_t *)p);
2338 if (p >= s->data_end)
2339 s->end_transfer_func(s);
2343 static void ide_dummy_transfer_stop(IDEState *s)
2345 s->data_ptr = s->io_buffer;
2346 s->data_end = s->io_buffer;
2347 s->io_buffer[0] = 0xff;
2348 s->io_buffer[1] = 0xff;
2349 s->io_buffer[2] = 0xff;
2350 s->io_buffer[3] = 0xff;
2353 static void ide_reset(IDEState *s)
2356 s->mult_sectors = 0;
2358 s->mult_sectors = MAX_MULT_SECTORS;
2361 s->status = READY_STAT;
2362 ide_set_signature(s);
2363 /* init the transfer handler so that 0xffff is returned on data
2365 s->end_transfer_func = ide_dummy_transfer_stop;
2366 ide_dummy_transfer_stop(s);
2367 s->media_changed = 0;
2371 uint8_t boot_ind; /* 0x80 - active */
2372 uint8_t head; /* starting head */
2373 uint8_t sector; /* starting sector */
2374 uint8_t cyl; /* starting cylinder */
2375 uint8_t sys_ind; /* What partition type */
2376 uint8_t end_head; /* end head */
2377 uint8_t end_sector; /* end sector */
2378 uint8_t end_cyl; /* end cylinder */
2379 uint32_t start_sect; /* starting sector counting from 0 */
2380 uint32_t nr_sects; /* nr of sectors in partition */
2381 } __attribute__((packed));
2383 /* try to guess the disk logical geometry from the MSDOS partition table. Return 0 if OK, -1 if could not guess */
2384 static int guess_disk_lchs(IDEState *s,
2385 int *pcylinders, int *pheads, int *psectors)
2388 int ret, i, heads, sectors, cylinders;
2389 struct partition *p;
2392 ret = bdrv_read(s->bs, 0, buf, 1);
2395 /* test msdos magic */
2396 if (buf[510] != 0x55 || buf[511] != 0xaa)
2398 for(i = 0; i < 4; i++) {
2399 p = ((struct partition *)(buf + 0x1be)) + i;
2400 nr_sects = le32_to_cpu(p->nr_sects);
2401 if (nr_sects && p->end_head) {
2402 /* We make the assumption that the partition terminates on
2403 a cylinder boundary */
2404 heads = p->end_head + 1;
2405 sectors = p->end_sector & 63;
2408 cylinders = s->nb_sectors / (heads * sectors);
2409 if (cylinders < 1 || cylinders > 16383)
2412 *psectors = sectors;
2413 *pcylinders = cylinders;
2415 printf("guessed geometry: LCHS=%d %d %d\n",
2416 cylinders, heads, sectors);
2424 static void ide_init2(IDEState *ide_state,
2425 BlockDriverState *hd0, BlockDriverState *hd1,
2429 static int drive_serial = 1;
2430 int i, cylinders, heads, secs, translation, lba_detected = 0;
2433 for(i = 0; i < 2; i++) {
2440 bdrv_get_geometry(s->bs, &nb_sectors);
2441 s->nb_sectors = nb_sectors;
2442 /* if a geometry hint is available, use it */
2443 bdrv_get_geometry_hint(s->bs, &cylinders, &heads, &secs);
2444 translation = bdrv_get_translation_hint(s->bs);
2445 if (cylinders != 0) {
2446 s->cylinders = cylinders;
2450 if (guess_disk_lchs(s, &cylinders, &heads, &secs) == 0) {
2452 /* if heads > 16, it means that a BIOS LBA
2453 translation was active, so the default
2454 hardware geometry is OK */
2456 goto default_geometry;
2458 s->cylinders = cylinders;
2461 /* disable any translation to be in sync with
2462 the logical geometry */
2463 if (translation == BIOS_ATA_TRANSLATION_AUTO) {
2464 bdrv_set_translation_hint(s->bs,
2465 BIOS_ATA_TRANSLATION_NONE);
2470 /* if no geometry, use a standard physical disk geometry */
2471 cylinders = nb_sectors / (16 * 63);
2472 if (cylinders > 16383)
2474 else if (cylinders < 2)
2476 s->cylinders = cylinders;
2479 if ((lba_detected == 1) && (translation == BIOS_ATA_TRANSLATION_AUTO)) {
2480 if ((s->cylinders * s->heads) <= 131072) {
2481 bdrv_set_translation_hint(s->bs,
2482 BIOS_ATA_TRANSLATION_LARGE);
2484 bdrv_set_translation_hint(s->bs,
2485 BIOS_ATA_TRANSLATION_LBA);
2489 bdrv_set_geometry_hint(s->bs, s->cylinders, s->heads, s->sectors);
2491 if (bdrv_get_type_hint(s->bs) == BDRV_TYPE_CDROM) {
2493 bdrv_set_change_cb(s->bs, cdrom_change_cb, s);
2496 s->drive_serial = drive_serial++;
2498 s->sector_write_timer = qemu_new_timer(vm_clock,
2499 ide_sector_write_timer_cb, s);
2504 static void ide_init_ioport(IDEState *ide_state, int iobase, int iobase2)
2506 register_ioport_write(iobase, 8, 1, ide_ioport_write, ide_state);
2507 register_ioport_read(iobase, 8, 1, ide_ioport_read, ide_state);
2509 register_ioport_read(iobase2, 1, 1, ide_status_read, ide_state);
2510 register_ioport_write(iobase2, 1, 1, ide_cmd_write, ide_state);
2514 register_ioport_write(iobase, 2, 2, ide_data_writew, ide_state);
2515 register_ioport_read(iobase, 2, 2, ide_data_readw, ide_state);
2516 register_ioport_write(iobase, 4, 4, ide_data_writel, ide_state);
2517 register_ioport_read(iobase, 4, 4, ide_data_readl, ide_state);
2520 /* save per IDE drive data */
2521 static void ide_save(QEMUFile* f, IDEState *s)
2523 qemu_put_be32s(f, &s->mult_sectors);
2524 qemu_put_be32s(f, &s->identify_set);
2525 if (s->identify_set) {
2526 qemu_put_buffer(f, (const uint8_t *)s->identify_data, 512);
2528 qemu_put_8s(f, &s->feature);
2529 qemu_put_8s(f, &s->error);
2530 qemu_put_be32s(f, &s->nsector);
2531 qemu_put_8s(f, &s->sector);
2532 qemu_put_8s(f, &s->lcyl);
2533 qemu_put_8s(f, &s->hcyl);
2534 qemu_put_8s(f, &s->hob_feature);
2535 qemu_put_8s(f, &s->hob_nsector);
2536 qemu_put_8s(f, &s->hob_sector);
2537 qemu_put_8s(f, &s->hob_lcyl);
2538 qemu_put_8s(f, &s->hob_hcyl);
2539 qemu_put_8s(f, &s->select);
2540 qemu_put_8s(f, &s->status);
2541 qemu_put_8s(f, &s->lba48);
2543 qemu_put_8s(f, &s->sense_key);
2544 qemu_put_8s(f, &s->asc);
2545 /* XXX: if a transfer is pending, we do not save it yet */
2548 /* load per IDE drive data */
2549 static void ide_load(QEMUFile* f, IDEState *s)
2551 qemu_get_be32s(f, &s->mult_sectors);
2552 qemu_get_be32s(f, &s->identify_set);
2553 if (s->identify_set) {
2554 qemu_get_buffer(f, (uint8_t *)s->identify_data, 512);
2556 qemu_get_8s(f, &s->feature);
2557 qemu_get_8s(f, &s->error);
2558 qemu_get_be32s(f, &s->nsector);
2559 qemu_get_8s(f, &s->sector);
2560 qemu_get_8s(f, &s->lcyl);
2561 qemu_get_8s(f, &s->hcyl);
2562 qemu_get_8s(f, &s->hob_feature);
2563 qemu_get_8s(f, &s->hob_nsector);
2564 qemu_get_8s(f, &s->hob_sector);
2565 qemu_get_8s(f, &s->hob_lcyl);
2566 qemu_get_8s(f, &s->hob_hcyl);
2567 qemu_get_8s(f, &s->select);
2568 qemu_get_8s(f, &s->status);
2569 qemu_get_8s(f, &s->lba48);
2571 qemu_get_8s(f, &s->sense_key);
2572 qemu_get_8s(f, &s->asc);
2573 /* XXX: if a transfer is pending, we do not save it yet */
2576 /***********************************************************/
2577 /* ISA IDE definitions */
2579 void isa_ide_init(int iobase, int iobase2, qemu_irq irq,
2580 BlockDriverState *hd0, BlockDriverState *hd1)
2582 IDEState *ide_state;
2584 ide_state = qemu_mallocz(sizeof(IDEState) * 2);
2588 ide_init2(ide_state, hd0, hd1, irq);
2589 ide_init_ioport(ide_state, iobase, iobase2);
2592 /***********************************************************/
2593 /* PCI IDE definitions */
2595 static void cmd646_update_irq(PCIIDEState *d);
2597 static void ide_map(PCIDevice *pci_dev, int region_num,
2598 uint32_t addr, uint32_t size, int type)
2600 PCIIDEState *d = (PCIIDEState *)pci_dev;
2601 IDEState *ide_state;
2603 if (region_num <= 3) {
2604 ide_state = &d->ide_if[(region_num >> 1) * 2];
2605 if (region_num & 1) {
2606 register_ioport_read(addr + 2, 1, 1, ide_status_read, ide_state);
2607 register_ioport_write(addr + 2, 1, 1, ide_cmd_write, ide_state);
2609 register_ioport_write(addr, 8, 1, ide_ioport_write, ide_state);
2610 register_ioport_read(addr, 8, 1, ide_ioport_read, ide_state);
2613 register_ioport_write(addr, 2, 2, ide_data_writew, ide_state);
2614 register_ioport_read(addr, 2, 2, ide_data_readw, ide_state);
2615 register_ioport_write(addr, 4, 4, ide_data_writel, ide_state);
2616 register_ioport_read(addr, 4, 4, ide_data_readl, ide_state);
2621 static void ide_dma_start(IDEState *s, BlockDriverCompletionFunc *dma_cb)
2623 BMDMAState *bm = s->bmdma;
2627 bm->dma_cb = dma_cb;
2628 bm->cur_prd_last = 0;
2629 bm->cur_prd_addr = 0;
2630 bm->cur_prd_len = 0;
2631 if (bm->status & BM_STATUS_DMAING) {
2636 static void bmdma_cmd_writeb(void *opaque, uint32_t addr, uint32_t val)
2638 BMDMAState *bm = opaque;
2640 printf("%s: 0x%08x\n", __func__, val);
2642 if (!(val & BM_CMD_START)) {
2643 /* XXX: do it better */
2644 if (bm->status & BM_STATUS_DMAING) {
2645 bm->status &= ~BM_STATUS_DMAING;
2646 /* cancel DMA request */
2651 printf("aio_cancel\n");
2653 bdrv_aio_cancel(bm->aiocb);
2657 bm->cmd = val & 0x09;
2659 if (!(bm->status & BM_STATUS_DMAING)) {
2660 bm->status |= BM_STATUS_DMAING;
2661 /* start dma transfer if possible */
2665 bm->cmd = val & 0x09;
2669 static uint32_t bmdma_readb(void *opaque, uint32_t addr)
2671 BMDMAState *bm = opaque;
2672 PCIIDEState *pci_dev;
2680 pci_dev = bm->pci_dev;
2681 if (pci_dev->type == IDE_TYPE_CMD646) {
2682 val = pci_dev->dev.config[MRDMODE];
2691 pci_dev = bm->pci_dev;
2692 if (pci_dev->type == IDE_TYPE_CMD646) {
2693 if (bm == &pci_dev->bmdma[0])
2694 val = pci_dev->dev.config[UDIDETCR0];
2696 val = pci_dev->dev.config[UDIDETCR1];
2706 printf("bmdma: readb 0x%02x : 0x%02x\n", addr, val);
2711 static void bmdma_writeb(void *opaque, uint32_t addr, uint32_t val)
2713 BMDMAState *bm = opaque;
2714 PCIIDEState *pci_dev;
2716 printf("bmdma: writeb 0x%02x : 0x%02x\n", addr, val);
2720 pci_dev = bm->pci_dev;
2721 if (pci_dev->type == IDE_TYPE_CMD646) {
2722 pci_dev->dev.config[MRDMODE] =
2723 (pci_dev->dev.config[MRDMODE] & ~0x30) | (val & 0x30);
2724 cmd646_update_irq(pci_dev);
2728 bm->status = (val & 0x60) | (bm->status & 1) | (bm->status & ~val & 0x06);
2731 pci_dev = bm->pci_dev;
2732 if (pci_dev->type == IDE_TYPE_CMD646) {
2733 if (bm == &pci_dev->bmdma[0])
2734 pci_dev->dev.config[UDIDETCR0] = val;
2736 pci_dev->dev.config[UDIDETCR1] = val;
2742 static uint32_t bmdma_addr_readl(void *opaque, uint32_t addr)
2744 BMDMAState *bm = opaque;
2748 printf("%s: 0x%08x\n", __func__, val);
2753 static void bmdma_addr_writel(void *opaque, uint32_t addr, uint32_t val)
2755 BMDMAState *bm = opaque;
2757 printf("%s: 0x%08x\n", __func__, val);
2759 bm->addr = val & ~3;
2760 bm->cur_addr = bm->addr;
2763 static void bmdma_map(PCIDevice *pci_dev, int region_num,
2764 uint32_t addr, uint32_t size, int type)
2766 PCIIDEState *d = (PCIIDEState *)pci_dev;
2769 for(i = 0;i < 2; i++) {
2770 BMDMAState *bm = &d->bmdma[i];
2771 d->ide_if[2 * i].bmdma = bm;
2772 d->ide_if[2 * i + 1].bmdma = bm;
2773 bm->pci_dev = (PCIIDEState *)pci_dev;
2775 register_ioport_write(addr, 1, 1, bmdma_cmd_writeb, bm);
2777 register_ioport_write(addr + 1, 3, 1, bmdma_writeb, bm);
2778 register_ioport_read(addr, 4, 1, bmdma_readb, bm);
2780 register_ioport_write(addr + 4, 4, 4, bmdma_addr_writel, bm);
2781 register_ioport_read(addr + 4, 4, 4, bmdma_addr_readl, bm);
2786 /* XXX: call it also when the MRDMODE is changed from the PCI config
2788 static void cmd646_update_irq(PCIIDEState *d)
2791 pci_level = ((d->dev.config[MRDMODE] & MRDMODE_INTR_CH0) &&
2792 !(d->dev.config[MRDMODE] & MRDMODE_BLK_CH0)) ||
2793 ((d->dev.config[MRDMODE] & MRDMODE_INTR_CH1) &&
2794 !(d->dev.config[MRDMODE] & MRDMODE_BLK_CH1));
2795 qemu_set_irq(d->dev.irq[0], pci_level);
2798 /* the PCI irq level is the logical OR of the two channels */
2799 static void cmd646_set_irq(void *opaque, int channel, int level)
2801 PCIIDEState *d = opaque;
2804 irq_mask = MRDMODE_INTR_CH0 << channel;
2806 d->dev.config[MRDMODE] |= irq_mask;
2808 d->dev.config[MRDMODE] &= ~irq_mask;
2809 cmd646_update_irq(d);
2812 /* CMD646 PCI IDE controller */
2813 void pci_cmd646_ide_init(PCIBus *bus, BlockDriverState **hd_table,
2814 int secondary_ide_enabled)
2821 d = (PCIIDEState *)pci_register_device(bus, "CMD646 IDE",
2822 sizeof(PCIIDEState),
2825 d->type = IDE_TYPE_CMD646;
2826 pci_conf = d->dev.config;
2827 pci_conf[0x00] = 0x95; // CMD646
2828 pci_conf[0x01] = 0x10;
2829 pci_conf[0x02] = 0x46;
2830 pci_conf[0x03] = 0x06;
2832 pci_conf[0x08] = 0x07; // IDE controller revision
2833 pci_conf[0x09] = 0x8f;
2835 pci_conf[0x0a] = 0x01; // class_sub = PCI_IDE
2836 pci_conf[0x0b] = 0x01; // class_base = PCI_mass_storage
2837 pci_conf[0x0e] = 0x00; // header_type
2839 if (secondary_ide_enabled) {
2840 /* XXX: if not enabled, really disable the seconday IDE controller */
2841 pci_conf[0x51] = 0x80; /* enable IDE1 */
2844 pci_register_io_region((PCIDevice *)d, 0, 0x8,
2845 PCI_ADDRESS_SPACE_IO, ide_map);
2846 pci_register_io_region((PCIDevice *)d, 1, 0x4,
2847 PCI_ADDRESS_SPACE_IO, ide_map);
2848 pci_register_io_region((PCIDevice *)d, 2, 0x8,
2849 PCI_ADDRESS_SPACE_IO, ide_map);
2850 pci_register_io_region((PCIDevice *)d, 3, 0x4,
2851 PCI_ADDRESS_SPACE_IO, ide_map);
2852 pci_register_io_region((PCIDevice *)d, 4, 0x10,
2853 PCI_ADDRESS_SPACE_IO, bmdma_map);
2855 pci_conf[0x3d] = 0x01; // interrupt on pin 1
2857 for(i = 0; i < 4; i++)
2858 d->ide_if[i].pci_dev = (PCIDevice *)d;
2860 irq = qemu_allocate_irqs(cmd646_set_irq, d, 2);
2861 ide_init2(&d->ide_if[0], hd_table[0], hd_table[1], irq[0]);
2862 ide_init2(&d->ide_if[2], hd_table[2], hd_table[3], irq[1]);
2865 static void pci_ide_save(QEMUFile* f, void *opaque)
2867 PCIIDEState *d = opaque;
2870 pci_device_save(&d->dev, f);
2872 for(i = 0; i < 2; i++) {
2873 BMDMAState *bm = &d->bmdma[i];
2874 qemu_put_8s(f, &bm->cmd);
2875 qemu_put_8s(f, &bm->status);
2876 qemu_put_be32s(f, &bm->addr);
2877 /* XXX: if a transfer is pending, we do not save it yet */
2880 /* per IDE interface data */
2881 for(i = 0; i < 2; i++) {
2882 IDEState *s = &d->ide_if[i * 2];
2883 uint8_t drive1_selected;
2884 qemu_put_8s(f, &s->cmd);
2885 drive1_selected = (s->cur_drive != s);
2886 qemu_put_8s(f, &drive1_selected);
2889 /* per IDE drive data */
2890 for(i = 0; i < 4; i++) {
2891 ide_save(f, &d->ide_if[i]);
2895 static int pci_ide_load(QEMUFile* f, void *opaque, int version_id)
2897 PCIIDEState *d = opaque;
2900 if (version_id != 1)
2902 ret = pci_device_load(&d->dev, f);
2906 for(i = 0; i < 2; i++) {
2907 BMDMAState *bm = &d->bmdma[i];
2908 qemu_get_8s(f, &bm->cmd);
2909 qemu_get_8s(f, &bm->status);
2910 qemu_get_be32s(f, &bm->addr);
2911 /* XXX: if a transfer is pending, we do not save it yet */
2914 /* per IDE interface data */
2915 for(i = 0; i < 2; i++) {
2916 IDEState *s = &d->ide_if[i * 2];
2917 uint8_t drive1_selected;
2918 qemu_get_8s(f, &s->cmd);
2919 qemu_get_8s(f, &drive1_selected);
2920 s->cur_drive = &d->ide_if[i * 2 + (drive1_selected != 0)];
2923 /* per IDE drive data */
2924 for(i = 0; i < 4; i++) {
2925 ide_load(f, &d->ide_if[i]);
2930 static void piix3_reset(PCIIDEState *d)
2932 uint8_t *pci_conf = d->dev.config;
2934 pci_conf[0x04] = 0x00;
2935 pci_conf[0x05] = 0x00;
2936 pci_conf[0x06] = 0x80; /* FBC */
2937 pci_conf[0x07] = 0x02; // PCI_status_devsel_medium
2938 pci_conf[0x20] = 0x01; /* BMIBA: 20-23h */
2941 /* hd_table must contain 4 block drivers */
2942 /* NOTE: for the PIIX3, the IRQs and IOports are hardcoded */
2943 void pci_piix3_ide_init(PCIBus *bus, BlockDriverState **hd_table, int devfn,
2949 /* register a function 1 of PIIX3 */
2950 d = (PCIIDEState *)pci_register_device(bus, "PIIX3 IDE",
2951 sizeof(PCIIDEState),
2954 d->type = IDE_TYPE_PIIX3;
2956 pci_conf = d->dev.config;
2957 pci_conf[0x00] = 0x86; // Intel
2958 pci_conf[0x01] = 0x80;
2959 pci_conf[0x02] = 0x10;
2960 pci_conf[0x03] = 0x70;
2961 pci_conf[0x09] = 0x80; // legacy ATA mode
2962 pci_conf[0x0a] = 0x01; // class_sub = PCI_IDE
2963 pci_conf[0x0b] = 0x01; // class_base = PCI_mass_storage
2964 pci_conf[0x0e] = 0x00; // header_type
2968 pci_register_io_region((PCIDevice *)d, 4, 0x10,
2969 PCI_ADDRESS_SPACE_IO, bmdma_map);
2971 ide_init2(&d->ide_if[0], hd_table[0], hd_table[1], pic[14]);
2972 ide_init2(&d->ide_if[2], hd_table[2], hd_table[3], pic[15]);
2973 ide_init_ioport(&d->ide_if[0], 0x1f0, 0x3f6);
2974 ide_init_ioport(&d->ide_if[2], 0x170, 0x376);
2976 register_savevm("ide", 0, 1, pci_ide_save, pci_ide_load, d);
2979 /* hd_table must contain 4 block drivers */
2980 /* NOTE: for the PIIX4, the IRQs and IOports are hardcoded */
2981 void pci_piix4_ide_init(PCIBus *bus, BlockDriverState **hd_table, int devfn,
2987 /* register a function 1 of PIIX4 */
2988 d = (PCIIDEState *)pci_register_device(bus, "PIIX4 IDE",
2989 sizeof(PCIIDEState),
2992 d->type = IDE_TYPE_PIIX4;
2994 pci_conf = d->dev.config;
2995 pci_conf[0x00] = 0x86; // Intel
2996 pci_conf[0x01] = 0x80;
2997 pci_conf[0x02] = 0x11;
2998 pci_conf[0x03] = 0x71;
2999 pci_conf[0x09] = 0x80; // legacy ATA mode
3000 pci_conf[0x0a] = 0x01; // class_sub = PCI_IDE
3001 pci_conf[0x0b] = 0x01; // class_base = PCI_mass_storage
3002 pci_conf[0x0e] = 0x00; // header_type
3006 pci_register_io_region((PCIDevice *)d, 4, 0x10,
3007 PCI_ADDRESS_SPACE_IO, bmdma_map);
3009 ide_init2(&d->ide_if[0], hd_table[0], hd_table[1], pic[14]);
3010 ide_init2(&d->ide_if[2], hd_table[2], hd_table[3], pic[15]);
3011 ide_init_ioport(&d->ide_if[0], 0x1f0, 0x3f6);
3012 ide_init_ioport(&d->ide_if[2], 0x170, 0x376);
3014 register_savevm("ide", 0, 1, pci_ide_save, pci_ide_load, d);
3017 /***********************************************************/
3018 /* MacIO based PowerPC IDE */
3020 /* PowerMac IDE memory IO */
3021 static void pmac_ide_writeb (void *opaque,
3022 target_phys_addr_t addr, uint32_t val)
3024 addr = (addr & 0xFFF) >> 4;
3027 ide_ioport_write(opaque, addr, val);
3031 ide_cmd_write(opaque, 0, val);
3038 static uint32_t pmac_ide_readb (void *opaque,target_phys_addr_t addr)
3042 addr = (addr & 0xFFF) >> 4;
3045 retval = ide_ioport_read(opaque, addr);
3049 retval = ide_status_read(opaque, 0);
3058 static void pmac_ide_writew (void *opaque,
3059 target_phys_addr_t addr, uint32_t val)
3061 addr = (addr & 0xFFF) >> 4;
3062 #ifdef TARGET_WORDS_BIGENDIAN
3066 ide_data_writew(opaque, 0, val);
3070 static uint32_t pmac_ide_readw (void *opaque,target_phys_addr_t addr)
3074 addr = (addr & 0xFFF) >> 4;
3076 retval = ide_data_readw(opaque, 0);
3080 #ifdef TARGET_WORDS_BIGENDIAN
3081 retval = bswap16(retval);
3086 static void pmac_ide_writel (void *opaque,
3087 target_phys_addr_t addr, uint32_t val)
3089 addr = (addr & 0xFFF) >> 4;
3090 #ifdef TARGET_WORDS_BIGENDIAN
3094 ide_data_writel(opaque, 0, val);
3098 static uint32_t pmac_ide_readl (void *opaque,target_phys_addr_t addr)
3102 addr = (addr & 0xFFF) >> 4;
3104 retval = ide_data_readl(opaque, 0);
3106 retval = 0xFFFFFFFF;
3108 #ifdef TARGET_WORDS_BIGENDIAN
3109 retval = bswap32(retval);
3114 static CPUWriteMemoryFunc *pmac_ide_write[] = {
3120 static CPUReadMemoryFunc *pmac_ide_read[] = {
3126 /* hd_table must contain 4 block drivers */
3127 /* PowerMac uses memory mapped registers, not I/O. Return the memory
3128 I/O index to access the ide. */
3129 int pmac_ide_init (BlockDriverState **hd_table, qemu_irq irq)
3132 int pmac_ide_memory;
3134 ide_if = qemu_mallocz(sizeof(IDEState) * 2);
3135 ide_init2(&ide_if[0], hd_table[0], hd_table[1], irq);
3137 pmac_ide_memory = cpu_register_io_memory(0, pmac_ide_read,
3138 pmac_ide_write, &ide_if[0]);
3139 return pmac_ide_memory;
3142 /***********************************************************/
3143 /* CF-ATA Microdrive */
3145 #define METADATA_SIZE 0x20
3147 /* DSCM-1XXXX Microdrive hard disk with CF+ II / PCMCIA interface. */
3150 struct pcmcia_card_s card;
3164 /* Register bitfields */
3167 OPT_MODE_IOMAP16 = 1,
3168 OPT_MODE_IOMAP1 = 2,
3169 OPT_MODE_IOMAP2 = 3,
3180 STAT_CHANGED = 0x80,
3191 static inline void md_interrupt_update(struct md_s *s)
3196 qemu_set_irq(s->card.slot->irq,
3197 !(s->stat & STAT_INT) && /* Inverted */
3198 !(s->ctrl & (CTRL_IEN | CTRL_SRST)) &&
3199 !(s->opt & OPT_SRESET));
3202 static void md_set_irq(void *opaque, int irq, int level)
3204 struct md_s *s = (struct md_s *) opaque;
3206 s->stat |= STAT_INT;
3208 s->stat &= ~STAT_INT;
3210 md_interrupt_update(s);
3213 static void md_reset(struct md_s *s)
3215 s->opt = OPT_MODE_MMAP;
3223 static uint8_t md_attr_read(void *opaque, uint32_t at)
3225 struct md_s *s = (struct md_s *) opaque;
3226 if (at < s->attr_base) {
3227 if (at < s->card.cis_len)
3228 return s->card.cis[at];
3236 case 0x00: /* Configuration Option Register */
3238 case 0x02: /* Card Configuration Status Register */
3239 if (s->ctrl & CTRL_IEN)
3240 return s->stat & ~STAT_INT;
3243 case 0x04: /* Pin Replacement Register */
3244 return (s->pins & PINS_CRDY) | 0x0c;
3245 case 0x06: /* Socket and Copy Register */
3249 printf("%s: Bad attribute space register %02x\n", __FUNCTION__, at);
3256 static void md_attr_write(void *opaque, uint32_t at, uint8_t value)
3258 struct md_s *s = (struct md_s *) opaque;
3262 case 0x00: /* Configuration Option Register */
3263 s->opt = value & 0xcf;
3264 if (value & OPT_SRESET)
3266 md_interrupt_update(s);
3268 case 0x02: /* Card Configuration Status Register */
3269 if ((s->stat ^ value) & STAT_PWRDWN)
3270 s->pins |= PINS_CRDY;
3272 s->stat |= value & 0x74;
3273 md_interrupt_update(s);
3274 /* Word 170 in Identify Device must be equal to STAT_XE */
3276 case 0x04: /* Pin Replacement Register */
3277 s->pins &= PINS_CRDY;
3278 s->pins |= value & PINS_MRDY;
3280 case 0x06: /* Socket and Copy Register */
3283 printf("%s: Bad attribute space register %02x\n", __FUNCTION__, at);
3287 static uint16_t md_common_read(void *opaque, uint32_t at)
3289 struct md_s *s = (struct md_s *) opaque;
3293 switch (s->opt & OPT_MODE) {
3295 if ((at & ~0x3ff) == 0x400)
3298 case OPT_MODE_IOMAP16:
3301 case OPT_MODE_IOMAP1:
3302 if ((at & ~0xf) == 0x3f0)
3304 else if ((at & ~0xf) == 0x1f0)
3307 case OPT_MODE_IOMAP2:
3308 if ((at & ~0xf) == 0x370)
3310 else if ((at & ~0xf) == 0x170)
3315 case 0x0: /* Even RD Data */
3317 return ide_data_readw(s->ide, 0);
3319 /* TODO: 8-bit accesses */
3323 s->io = ide_data_readw(s->ide, 0);
3326 s->cycle = !s->cycle;
3328 case 0x9: /* Odd RD Data */
3330 case 0xd: /* Error */
3331 return ide_ioport_read(s->ide, 0x1);
3332 case 0xe: /* Alternate Status */
3333 if (s->ide->cur_drive->bs)
3334 return s->ide->cur_drive->status;
3337 case 0xf: /* Device Address */
3338 return 0xc2 | ((~s->ide->select << 2) & 0x3c);
3340 return ide_ioport_read(s->ide, at);
3346 static void md_common_write(void *opaque, uint32_t at, uint16_t value)
3348 struct md_s *s = (struct md_s *) opaque;
3351 switch (s->opt & OPT_MODE) {
3353 if ((at & ~0x3ff) == 0x400)
3356 case OPT_MODE_IOMAP16:
3359 case OPT_MODE_IOMAP1:
3360 if ((at & ~0xf) == 0x3f0)
3362 else if ((at & ~0xf) == 0x1f0)
3365 case OPT_MODE_IOMAP2:
3366 if ((at & ~0xf) == 0x370)
3368 else if ((at & ~0xf) == 0x170)
3373 case 0x0: /* Even WR Data */
3375 ide_data_writew(s->ide, 0, value);
3378 /* TODO: 8-bit accesses */
3380 ide_data_writew(s->ide, 0, s->io | (value << 8));
3382 s->io = value & 0xff;
3383 s->cycle = !s->cycle;
3386 s->io = value & 0xff;
3387 s->cycle = !s->cycle;
3389 case 0xd: /* Features */
3390 ide_ioport_write(s->ide, 0x1, value);
3392 case 0xe: /* Device Control */
3394 if (value & CTRL_SRST)
3396 md_interrupt_update(s);
3399 if (s->stat & STAT_PWRDWN) {
3400 s->pins |= PINS_CRDY;
3401 s->stat &= ~STAT_PWRDWN;
3403 ide_ioport_write(s->ide, at, value);
3407 static void md_save(QEMUFile *f, void *opaque)
3409 struct md_s *s = (struct md_s *) opaque;
3411 uint8_t drive1_selected;
3413 qemu_put_8s(f, &s->opt);
3414 qemu_put_8s(f, &s->stat);
3415 qemu_put_8s(f, &s->pins);
3417 qemu_put_8s(f, &s->ctrl);
3418 qemu_put_be16s(f, &s->io);
3419 qemu_put_byte(f, s->cycle);
3421 drive1_selected = (s->ide->cur_drive != s->ide);
3422 qemu_put_8s(f, &s->ide->cmd);
3423 qemu_put_8s(f, &drive1_selected);
3425 for (i = 0; i < 2; i ++)
3426 ide_save(f, &s->ide[i]);
3429 static int md_load(QEMUFile *f, void *opaque, int version_id)
3431 struct md_s *s = (struct md_s *) opaque;
3433 uint8_t drive1_selected;
3435 qemu_get_8s(f, &s->opt);
3436 qemu_get_8s(f, &s->stat);
3437 qemu_get_8s(f, &s->pins);
3439 qemu_get_8s(f, &s->ctrl);
3440 qemu_get_be16s(f, &s->io);
3441 s->cycle = qemu_get_byte(f);
3443 qemu_get_8s(f, &s->ide->cmd);
3444 qemu_get_8s(f, &drive1_selected);
3445 s->ide->cur_drive = &s->ide[(drive1_selected != 0)];
3447 for (i = 0; i < 2; i ++)
3448 ide_load(f, &s->ide[i]);
3453 static int md_iid = 0;
3455 static const uint8_t dscm1xxxx_cis[0x14a] = {
3456 [0x000] = CISTPL_DEVICE, /* 5V Device Information */
3457 [0x002] = 0x03, /* Tuple length = 4 bytes */
3458 [0x004] = 0xdb, /* ID: DTYPE_FUNCSPEC, non WP, DSPEED_150NS */
3459 [0x006] = 0x01, /* Size = 2K bytes */
3460 [0x008] = CISTPL_ENDMARK,
3462 [0x00a] = CISTPL_DEVICE_OC, /* Additional Device Information */
3463 [0x00c] = 0x04, /* Tuple length = 4 byest */
3464 [0x00e] = 0x03, /* Conditions: Ext = 0, Vcc 3.3V, MWAIT = 1 */
3465 [0x010] = 0xdb, /* ID: DTYPE_FUNCSPEC, non WP, DSPEED_150NS */
3466 [0x012] = 0x01, /* Size = 2K bytes */
3467 [0x014] = CISTPL_ENDMARK,
3469 [0x016] = CISTPL_JEDEC_C, /* JEDEC ID */
3470 [0x018] = 0x02, /* Tuple length = 2 bytes */
3471 [0x01a] = 0xdf, /* PC Card ATA with no Vpp required */
3474 [0x01e] = CISTPL_MANFID, /* Manufacture ID */
3475 [0x020] = 0x04, /* Tuple length = 4 bytes */
3476 [0x022] = 0xa4, /* TPLMID_MANF = 00a4 (IBM) */
3478 [0x026] = 0x00, /* PLMID_CARD = 0000 */
3481 [0x02a] = CISTPL_VERS_1, /* Level 1 Version */
3482 [0x02c] = 0x12, /* Tuple length = 23 bytes */
3483 [0x02e] = 0x04, /* Major Version = JEIDA 4.2 / PCMCIA 2.1 */
3484 [0x030] = 0x01, /* Minor Version = 1 */
3500 [0x050] = CISTPL_ENDMARK,
3502 [0x052] = CISTPL_FUNCID, /* Function ID */
3503 [0x054] = 0x02, /* Tuple length = 2 bytes */
3504 [0x056] = 0x04, /* TPLFID_FUNCTION = Fixed Disk */
3505 [0x058] = 0x01, /* TPLFID_SYSINIT: POST = 1, ROM = 0 */
3507 [0x05a] = CISTPL_FUNCE, /* Function Extension */
3508 [0x05c] = 0x02, /* Tuple length = 2 bytes */
3509 [0x05e] = 0x01, /* TPLFE_TYPE = Disk Device Interface */
3510 [0x060] = 0x01, /* TPLFE_DATA = PC Card ATA Interface */
3512 [0x062] = CISTPL_FUNCE, /* Function Extension */
3513 [0x064] = 0x03, /* Tuple length = 3 bytes */
3514 [0x066] = 0x02, /* TPLFE_TYPE = Basic PC Card ATA Interface */
3515 [0x068] = 0x08, /* TPLFE_DATA: Rotating, Unique, Single */
3516 [0x06a] = 0x0f, /* TPLFE_DATA: Sleep, Standby, Idle, Auto */
3518 [0x06c] = CISTPL_CONFIG, /* Configuration */
3519 [0x06e] = 0x05, /* Tuple length = 5 bytes */
3520 [0x070] = 0x01, /* TPCC_RASZ = 2 bytes, TPCC_RMSZ = 1 byte */
3521 [0x072] = 0x07, /* TPCC_LAST = 7 */
3522 [0x074] = 0x00, /* TPCC_RADR = 0200 */
3524 [0x078] = 0x0f, /* TPCC_RMSK = 200, 202, 204, 206 */
3526 [0x07a] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
3527 [0x07c] = 0x0b, /* Tuple length = 11 bytes */
3528 [0x07e] = 0xc0, /* TPCE_INDX = Memory Mode, Default, Iface */
3529 [0x080] = 0xc0, /* TPCE_IF = Memory, no BVDs, no WP, READY */
3530 [0x082] = 0xa1, /* TPCE_FS = Vcc only, no I/O, Memory, Misc */
3531 [0x084] = 0x27, /* NomV = 1, MinV = 1, MaxV = 1, Peakl = 1 */
3532 [0x086] = 0x55, /* NomV: 5.0 V */
3533 [0x088] = 0x4d, /* MinV: 4.5 V */
3534 [0x08a] = 0x5d, /* MaxV: 5.5 V */
3535 [0x08c] = 0x4e, /* Peakl: 450 mA */
3536 [0x08e] = 0x08, /* TPCE_MS = 1 window, 1 byte, Host address */
3537 [0x090] = 0x00, /* Window descriptor: Window length = 0 */
3538 [0x092] = 0x20, /* TPCE_MI: support power down mode, RW */
3540 [0x094] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
3541 [0x096] = 0x06, /* Tuple length = 6 bytes */
3542 [0x098] = 0x00, /* TPCE_INDX = Memory Mode, no Default */
3543 [0x09a] = 0x01, /* TPCE_FS = Vcc only, no I/O, no Memory */
3544 [0x09c] = 0x21, /* NomV = 1, MinV = 0, MaxV = 0, Peakl = 1 */
3545 [0x09e] = 0xb5, /* NomV: 3.3 V */
3547 [0x0a2] = 0x3e, /* Peakl: 350 mA */
3549 [0x0a4] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
3550 [0x0a6] = 0x0d, /* Tuple length = 13 bytes */
3551 [0x0a8] = 0xc1, /* TPCE_INDX = I/O and Memory Mode, Default */
3552 [0x0aa] = 0x41, /* TPCE_IF = I/O and Memory, no BVD, no WP */
3553 [0x0ac] = 0x99, /* TPCE_FS = Vcc only, I/O, Interrupt, Misc */
3554 [0x0ae] = 0x27, /* NomV = 1, MinV = 1, MaxV = 1, Peakl = 1 */
3555 [0x0b0] = 0x55, /* NomV: 5.0 V */
3556 [0x0b2] = 0x4d, /* MinV: 4.5 V */
3557 [0x0b4] = 0x5d, /* MaxV: 5.5 V */
3558 [0x0b6] = 0x4e, /* Peakl: 450 mA */
3559 [0x0b8] = 0x64, /* TPCE_IO = 16-byte boundary, 16/8 accesses */
3560 [0x0ba] = 0xf0, /* TPCE_IR = MASK, Level, Pulse, Share */
3561 [0x0bc] = 0xff, /* IRQ0..IRQ7 supported */
3562 [0x0be] = 0xff, /* IRQ8..IRQ15 supported */
3563 [0x0c0] = 0x20, /* TPCE_MI = support power down mode */
3565 [0x0c2] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
3566 [0x0c4] = 0x06, /* Tuple length = 6 bytes */
3567 [0x0c6] = 0x01, /* TPCE_INDX = I/O and Memory Mode */
3568 [0x0c8] = 0x01, /* TPCE_FS = Vcc only, no I/O, no Memory */
3569 [0x0ca] = 0x21, /* NomV = 1, MinV = 0, MaxV = 0, Peakl = 1 */
3570 [0x0cc] = 0xb5, /* NomV: 3.3 V */
3572 [0x0d0] = 0x3e, /* Peakl: 350 mA */
3574 [0x0d2] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
3575 [0x0d4] = 0x12, /* Tuple length = 18 bytes */
3576 [0x0d6] = 0xc2, /* TPCE_INDX = I/O Primary Mode */
3577 [0x0d8] = 0x41, /* TPCE_IF = I/O and Memory, no BVD, no WP */
3578 [0x0da] = 0x99, /* TPCE_FS = Vcc only, I/O, Interrupt, Misc */
3579 [0x0dc] = 0x27, /* NomV = 1, MinV = 1, MaxV = 1, Peakl = 1 */
3580 [0x0de] = 0x55, /* NomV: 5.0 V */
3581 [0x0e0] = 0x4d, /* MinV: 4.5 V */
3582 [0x0e2] = 0x5d, /* MaxV: 5.5 V */
3583 [0x0e4] = 0x4e, /* Peakl: 450 mA */
3584 [0x0e6] = 0xea, /* TPCE_IO = 1K boundary, 16/8 access, Range */
3585 [0x0e8] = 0x61, /* Range: 2 fields, 2 bytes addr, 1 byte len */
3586 [0x0ea] = 0xf0, /* Field 1 address = 0x01f0 */
3588 [0x0ee] = 0x07, /* Address block length = 8 */
3589 [0x0f0] = 0xf6, /* Field 2 address = 0x03f6 */
3591 [0x0f4] = 0x01, /* Address block length = 2 */
3592 [0x0f6] = 0xee, /* TPCE_IR = IRQ E, Level, Pulse, Share */
3593 [0x0f8] = 0x20, /* TPCE_MI = support power down mode */
3595 [0x0fa] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
3596 [0x0fc] = 0x06, /* Tuple length = 6 bytes */
3597 [0x0fe] = 0x02, /* TPCE_INDX = I/O Primary Mode, no Default */
3598 [0x100] = 0x01, /* TPCE_FS = Vcc only, no I/O, no Memory */
3599 [0x102] = 0x21, /* NomV = 1, MinV = 0, MaxV = 0, Peakl = 1 */
3600 [0x104] = 0xb5, /* NomV: 3.3 V */
3602 [0x108] = 0x3e, /* Peakl: 350 mA */
3604 [0x10a] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
3605 [0x10c] = 0x12, /* Tuple length = 18 bytes */
3606 [0x10e] = 0xc3, /* TPCE_INDX = I/O Secondary Mode, Default */
3607 [0x110] = 0x41, /* TPCE_IF = I/O and Memory, no BVD, no WP */
3608 [0x112] = 0x99, /* TPCE_FS = Vcc only, I/O, Interrupt, Misc */
3609 [0x114] = 0x27, /* NomV = 1, MinV = 1, MaxV = 1, Peakl = 1 */
3610 [0x116] = 0x55, /* NomV: 5.0 V */
3611 [0x118] = 0x4d, /* MinV: 4.5 V */
3612 [0x11a] = 0x5d, /* MaxV: 5.5 V */
3613 [0x11c] = 0x4e, /* Peakl: 450 mA */
3614 [0x11e] = 0xea, /* TPCE_IO = 1K boundary, 16/8 access, Range */
3615 [0x120] = 0x61, /* Range: 2 fields, 2 byte addr, 1 byte len */
3616 [0x122] = 0x70, /* Field 1 address = 0x0170 */
3618 [0x126] = 0x07, /* Address block length = 8 */
3619 [0x128] = 0x76, /* Field 2 address = 0x0376 */
3621 [0x12c] = 0x01, /* Address block length = 2 */
3622 [0x12e] = 0xee, /* TPCE_IR = IRQ E, Level, Pulse, Share */
3623 [0x130] = 0x20, /* TPCE_MI = support power down mode */
3625 [0x132] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
3626 [0x134] = 0x06, /* Tuple length = 6 bytes */
3627 [0x136] = 0x03, /* TPCE_INDX = I/O Secondary Mode */
3628 [0x138] = 0x01, /* TPCE_FS = Vcc only, no I/O, no Memory */
3629 [0x13a] = 0x21, /* NomV = 1, MinV = 0, MaxV = 0, Peakl = 1 */
3630 [0x13c] = 0xb5, /* NomV: 3.3 V */
3632 [0x140] = 0x3e, /* Peakl: 350 mA */
3634 [0x142] = CISTPL_NO_LINK, /* No Link */
3635 [0x144] = 0x00, /* Tuple length = 0 bytes */
3637 [0x146] = CISTPL_END, /* Tuple End */
3640 static int dscm1xxxx_attach(void *opaque)
3642 struct md_s *md = (struct md_s *) opaque;
3643 md->card.attr_read = md_attr_read;
3644 md->card.attr_write = md_attr_write;
3645 md->card.common_read = md_common_read;
3646 md->card.common_write = md_common_write;
3647 md->card.io_read = md_common_read;
3648 md->card.io_write = md_common_write;
3650 md->attr_base = md->card.cis[0x74] | (md->card.cis[0x76] << 8);
3654 md_interrupt_update(md);
3656 md->card.slot->card_string = "DSCM-1xxxx Hitachi Microdrive";
3660 static int dscm1xxxx_detach(void *opaque)
3662 struct md_s *md = (struct md_s *) opaque;
3667 struct pcmcia_card_s *dscm1xxxx_init(BlockDriverState *bdrv)
3669 struct md_s *md = (struct md_s *) qemu_mallocz(sizeof(struct md_s));
3670 md->card.state = md;
3671 md->card.attach = dscm1xxxx_attach;
3672 md->card.detach = dscm1xxxx_detach;
3673 md->card.cis = dscm1xxxx_cis;
3674 md->card.cis_len = sizeof(dscm1xxxx_cis);
3676 ide_init2(md->ide, bdrv, 0, qemu_allocate_irqs(md_set_irq, md, 1)[0]);
3678 md->ide->mdata_size = METADATA_SIZE;
3679 md->ide->mdata_storage = (uint8_t *) qemu_mallocz(METADATA_SIZE);
3681 register_savevm("microdrive", md_iid ++, 0, md_save, md_load, md);
projects / qemu / blob