2 * QEMU IDE disk and CD-ROM Emulator
4 * Copyright (c) 2003 Fabrice Bellard
6 * Permission is hereby granted, free of charge, to any person obtaining a copy
7 * of this software and associated documentation files (the "Software"), to deal
8 * in the Software without restriction, including without limitation the rights
9 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
10 * copies of the Software, and to permit persons to whom the Software is
11 * furnished to do so, subject to the following conditions:
13 * The above copyright notice and this permission notice shall be included in
14 * all copies or substantial portions of the Software.
16 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
17 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
18 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
19 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
20 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
21 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
26 /* debug IDE devices */
28 //#define DEBUG_IDE_ATAPI
30 /* Bits of HD_STATUS */
32 #define INDEX_STAT 0x02
33 #define ECC_STAT 0x04 /* Corrected error */
35 #define SEEK_STAT 0x10
37 #define WRERR_STAT 0x20
38 #define READY_STAT 0x40
39 #define BUSY_STAT 0x80
41 /* Bits for HD_ERROR */
42 #define MARK_ERR 0x01 /* Bad address mark */
43 #define TRK0_ERR 0x02 /* couldn't find track 0 */
44 #define ABRT_ERR 0x04 /* Command aborted */
45 #define MCR_ERR 0x08 /* media change request */
46 #define ID_ERR 0x10 /* ID field not found */
47 #define MC_ERR 0x20 /* media changed */
48 #define ECC_ERR 0x40 /* Uncorrectable ECC error */
49 #define BBD_ERR 0x80 /* pre-EIDE meaning: block marked bad */
50 #define ICRC_ERR 0x80 /* new meaning: CRC error during transfer */
52 /* Bits of HD_NSECTOR */
58 #define IDE_CMD_RESET 0x04
59 #define IDE_CMD_DISABLE_IRQ 0x02
61 /* ATA/ATAPI Commands pre T13 Spec */
66 #define CFA_REQ_EXT_ERROR_CODE 0x03 /* CFA Request Extended Error Code */
70 #define WIN_SRST 0x08 /* ATAPI soft reset command */
71 #define WIN_DEVICE_RESET 0x08
75 #define WIN_RECAL 0x10
76 #define WIN_RESTORE WIN_RECAL
80 #define WIN_READ 0x20 /* 28-Bit */
81 #define WIN_READ_ONCE 0x21 /* 28-Bit without retries */
82 #define WIN_READ_LONG 0x22 /* 28-Bit */
83 #define WIN_READ_LONG_ONCE 0x23 /* 28-Bit without retries */
84 #define WIN_READ_EXT 0x24 /* 48-Bit */
85 #define WIN_READDMA_EXT 0x25 /* 48-Bit */
86 #define WIN_READDMA_QUEUED_EXT 0x26 /* 48-Bit */
87 #define WIN_READ_NATIVE_MAX_EXT 0x27 /* 48-Bit */
91 #define WIN_MULTREAD_EXT 0x29 /* 48-Bit */
95 #define WIN_WRITE 0x30 /* 28-Bit */
96 #define WIN_WRITE_ONCE 0x31 /* 28-Bit without retries */
97 #define WIN_WRITE_LONG 0x32 /* 28-Bit */
98 #define WIN_WRITE_LONG_ONCE 0x33 /* 28-Bit without retries */
99 #define WIN_WRITE_EXT 0x34 /* 48-Bit */
100 #define WIN_WRITEDMA_EXT 0x35 /* 48-Bit */
101 #define WIN_WRITEDMA_QUEUED_EXT 0x36 /* 48-Bit */
102 #define WIN_SET_MAX_EXT 0x37 /* 48-Bit */
103 #define CFA_WRITE_SECT_WO_ERASE 0x38 /* CFA Write Sectors without erase */
104 #define WIN_MULTWRITE_EXT 0x39 /* 48-Bit */
106 * 0x3A->0x3B Reserved
108 #define WIN_WRITE_VERIFY 0x3C /* 28-Bit */
110 * 0x3D->0x3F Reserved
112 #define WIN_VERIFY 0x40 /* 28-Bit - Read Verify Sectors */
113 #define WIN_VERIFY_ONCE 0x41 /* 28-Bit - without retries */
114 #define WIN_VERIFY_EXT 0x42 /* 48-Bit */
116 * 0x43->0x4F Reserved
118 #define WIN_FORMAT 0x50
120 * 0x51->0x5F Reserved
122 #define WIN_INIT 0x60
124 * 0x61->0x5F Reserved
126 #define WIN_SEEK 0x70 /* 0x70-0x7F Reserved */
127 #define CFA_TRANSLATE_SECTOR 0x87 /* CFA Translate Sector */
128 #define WIN_DIAGNOSE 0x90
129 #define WIN_SPECIFY 0x91 /* set drive geometry translation */
130 #define WIN_DOWNLOAD_MICROCODE 0x92
131 #define WIN_STANDBYNOW2 0x94
132 #define WIN_STANDBY2 0x96
133 #define WIN_SETIDLE2 0x97
134 #define WIN_CHECKPOWERMODE2 0x98
135 #define WIN_SLEEPNOW2 0x99
139 #define WIN_PACKETCMD 0xA0 /* Send a packet command. */
140 #define WIN_PIDENTIFY 0xA1 /* identify ATAPI device */
141 #define WIN_QUEUED_SERVICE 0xA2
142 #define WIN_SMART 0xB0 /* self-monitoring and reporting */
143 #define CFA_ERASE_SECTORS 0xC0
144 #define WIN_MULTREAD 0xC4 /* read sectors using multiple mode*/
145 #define WIN_MULTWRITE 0xC5 /* write sectors using multiple mode */
146 #define WIN_SETMULT 0xC6 /* enable/disable multiple mode */
147 #define WIN_READDMA_QUEUED 0xC7 /* read sectors using Queued DMA transfers */
148 #define WIN_READDMA 0xC8 /* read sectors using DMA transfers */
149 #define WIN_READDMA_ONCE 0xC9 /* 28-Bit - without retries */
150 #define WIN_WRITEDMA 0xCA /* write sectors using DMA transfers */
151 #define WIN_WRITEDMA_ONCE 0xCB /* 28-Bit - without retries */
152 #define WIN_WRITEDMA_QUEUED 0xCC /* write sectors using Queued DMA transfers */
153 #define CFA_WRITE_MULTI_WO_ERASE 0xCD /* CFA Write multiple without erase */
154 #define WIN_GETMEDIASTATUS 0xDA
155 #define WIN_ACKMEDIACHANGE 0xDB /* ATA-1, ATA-2 vendor */
156 #define WIN_POSTBOOT 0xDC
157 #define WIN_PREBOOT 0xDD
158 #define WIN_DOORLOCK 0xDE /* lock door on removable drives */
159 #define WIN_DOORUNLOCK 0xDF /* unlock door on removable drives */
160 #define WIN_STANDBYNOW1 0xE0
161 #define WIN_IDLEIMMEDIATE 0xE1 /* force drive to become "ready" */
162 #define WIN_STANDBY 0xE2 /* Set device in Standby Mode */
163 #define WIN_SETIDLE1 0xE3
164 #define WIN_READ_BUFFER 0xE4 /* force read only 1 sector */
165 #define WIN_CHECKPOWERMODE1 0xE5
166 #define WIN_SLEEPNOW1 0xE6
167 #define WIN_FLUSH_CACHE 0xE7
168 #define WIN_WRITE_BUFFER 0xE8 /* force write only 1 sector */
169 #define WIN_WRITE_SAME 0xE9 /* read ata-2 to use */
170 /* SET_FEATURES 0x22 or 0xDD */
171 #define WIN_FLUSH_CACHE_EXT 0xEA /* 48-Bit */
172 #define WIN_IDENTIFY 0xEC /* ask drive to identify itself */
173 #define WIN_MEDIAEJECT 0xED
174 #define WIN_IDENTIFY_DMA 0xEE /* same as WIN_IDENTIFY, but DMA */
175 #define WIN_SETFEATURES 0xEF /* set special drive features */
176 #define EXABYTE_ENABLE_NEST 0xF0
177 #define WIN_SECURITY_SET_PASS 0xF1
178 #define WIN_SECURITY_UNLOCK 0xF2
179 #define WIN_SECURITY_ERASE_PREPARE 0xF3
180 #define WIN_SECURITY_ERASE_UNIT 0xF4
181 #define WIN_SECURITY_FREEZE_LOCK 0xF5
182 #define WIN_SECURITY_DISABLE 0xF6
183 #define WIN_READ_NATIVE_MAX 0xF8 /* return the native maximum address */
184 #define WIN_SET_MAX 0xF9
185 #define DISABLE_SEAGATE 0xFB
187 /* set to 1 set disable mult support */
188 #define MAX_MULT_SECTORS 16
192 #define ATAPI_PACKET_SIZE 12
194 /* The generic packet command opcodes for CD/DVD Logical Units,
195 * From Table 57 of the SFF8090 Ver. 3 (Mt. Fuji) draft standard. */
196 #define GPCMD_BLANK 0xa1
197 #define GPCMD_CLOSE_TRACK 0x5b
198 #define GPCMD_FLUSH_CACHE 0x35
199 #define GPCMD_FORMAT_UNIT 0x04
200 #define GPCMD_GET_CONFIGURATION 0x46
201 #define GPCMD_GET_EVENT_STATUS_NOTIFICATION 0x4a
202 #define GPCMD_GET_PERFORMANCE 0xac
203 #define GPCMD_INQUIRY 0x12
204 #define GPCMD_LOAD_UNLOAD 0xa6
205 #define GPCMD_MECHANISM_STATUS 0xbd
206 #define GPCMD_MODE_SELECT_10 0x55
207 #define GPCMD_MODE_SENSE_10 0x5a
208 #define GPCMD_PAUSE_RESUME 0x4b
209 #define GPCMD_PLAY_AUDIO_10 0x45
210 #define GPCMD_PLAY_AUDIO_MSF 0x47
211 #define GPCMD_PLAY_AUDIO_TI 0x48
212 #define GPCMD_PLAY_CD 0xbc
213 #define GPCMD_PREVENT_ALLOW_MEDIUM_REMOVAL 0x1e
214 #define GPCMD_READ_10 0x28
215 #define GPCMD_READ_12 0xa8
216 #define GPCMD_READ_CDVD_CAPACITY 0x25
217 #define GPCMD_READ_CD 0xbe
218 #define GPCMD_READ_CD_MSF 0xb9
219 #define GPCMD_READ_DISC_INFO 0x51
220 #define GPCMD_READ_DVD_STRUCTURE 0xad
221 #define GPCMD_READ_FORMAT_CAPACITIES 0x23
222 #define GPCMD_READ_HEADER 0x44
223 #define GPCMD_READ_TRACK_RZONE_INFO 0x52
224 #define GPCMD_READ_SUBCHANNEL 0x42
225 #define GPCMD_READ_TOC_PMA_ATIP 0x43
226 #define GPCMD_REPAIR_RZONE_TRACK 0x58
227 #define GPCMD_REPORT_KEY 0xa4
228 #define GPCMD_REQUEST_SENSE 0x03
229 #define GPCMD_RESERVE_RZONE_TRACK 0x53
230 #define GPCMD_SCAN 0xba
231 #define GPCMD_SEEK 0x2b
232 #define GPCMD_SEND_DVD_STRUCTURE 0xad
233 #define GPCMD_SEND_EVENT 0xa2
234 #define GPCMD_SEND_KEY 0xa3
235 #define GPCMD_SEND_OPC 0x54
236 #define GPCMD_SET_READ_AHEAD 0xa7
237 #define GPCMD_SET_STREAMING 0xb6
238 #define GPCMD_START_STOP_UNIT 0x1b
239 #define GPCMD_STOP_PLAY_SCAN 0x4e
240 #define GPCMD_TEST_UNIT_READY 0x00
241 #define GPCMD_VERIFY_10 0x2f
242 #define GPCMD_WRITE_10 0x2a
243 #define GPCMD_WRITE_AND_VERIFY_10 0x2e
244 /* This is listed as optional in ATAPI 2.6, but is (curiously)
245 * missing from Mt. Fuji, Table 57. It _is_ mentioned in Mt. Fuji
246 * Table 377 as an MMC command for SCSi devices though... Most ATAPI
247 * drives support it. */
248 #define GPCMD_SET_SPEED 0xbb
249 /* This seems to be a SCSI specific CD-ROM opcode
250 * to play data at track/index */
251 #define GPCMD_PLAYAUDIO_TI 0x48
253 * From MS Media Status Notification Support Specification. For
256 #define GPCMD_GET_MEDIA_STATUS 0xda
258 /* Mode page codes for mode sense/set */
259 #define GPMODE_R_W_ERROR_PAGE 0x01
260 #define GPMODE_WRITE_PARMS_PAGE 0x05
261 #define GPMODE_AUDIO_CTL_PAGE 0x0e
262 #define GPMODE_POWER_PAGE 0x1a
263 #define GPMODE_FAULT_FAIL_PAGE 0x1c
264 #define GPMODE_TO_PROTECT_PAGE 0x1d
265 #define GPMODE_CAPABILITIES_PAGE 0x2a
266 #define GPMODE_ALL_PAGES 0x3f
267 /* Not in Mt. Fuji, but in ATAPI 2.6 -- depricated now in favor
268 * of MODE_SENSE_POWER_PAGE */
269 #define GPMODE_CDROM_PAGE 0x0d
271 #define ATAPI_INT_REASON_CD 0x01 /* 0 = data transfer */
272 #define ATAPI_INT_REASON_IO 0x02 /* 1 = transfer to the host */
273 #define ATAPI_INT_REASON_REL 0x04
274 #define ATAPI_INT_REASON_TAG 0xf8
276 /* same constants as bochs */
277 #define ASC_ILLEGAL_OPCODE 0x20
278 #define ASC_LOGICAL_BLOCK_OOR 0x21
279 #define ASC_INV_FIELD_IN_CMD_PACKET 0x24
280 #define ASC_MEDIUM_NOT_PRESENT 0x3a
281 #define ASC_SAVING_PARAMETERS_NOT_SUPPORTED 0x39
284 #define SENSE_NOT_READY 2
285 #define SENSE_ILLEGAL_REQUEST 5
286 #define SENSE_UNIT_ATTENTION 6
290 typedef void EndTransferFunc(struct IDEState *);
292 /* NOTE: IDEState represents in fact one drive */
293 typedef struct IDEState {
296 int cylinders, heads, sectors;
303 struct BMDMAState *bmdma;
308 uint16_t nsector; /* 0 is 256 to ease computations */
314 /* 0x3f6 command, only meaningful for drive 0 */
316 /* depends on bit 4 in select, only meaningful for drive 0 */
317 struct IDEState *cur_drive;
318 BlockDriverState *bs;
322 int packet_transfer_size;
323 int elementary_transfer_size;
327 int atapi_dma; /* true if dma is requested for the packet cmd */
330 /* PIO transfer handling */
331 int req_nb_sectors; /* number of sectors per interrupt */
332 EndTransferFunc *end_transfer_func;
335 uint8_t io_buffer[MAX_MULT_SECTORS*512 + 4];
336 QEMUTimer *sector_write_timer; /* only used for win2k instal hack */
339 #define BM_STATUS_DMAING 0x01
340 #define BM_STATUS_ERROR 0x02
341 #define BM_STATUS_INT 0x04
343 #define BM_CMD_START 0x01
344 #define BM_CMD_READ 0x08
346 #define IDE_TYPE_PIIX3 0
347 #define IDE_TYPE_CMD646 1
349 /* CMD646 specific */
351 #define MRDMODE_INTR_CH0 0x04
352 #define MRDMODE_INTR_CH1 0x08
353 #define MRDMODE_BLK_CH0 0x10
354 #define MRDMODE_BLK_CH1 0x20
355 #define UDIDETCR0 0x73
356 #define UDIDETCR1 0x7B
358 typedef int IDEDMAFunc(IDEState *s,
359 target_phys_addr_t phys_addr,
362 typedef struct BMDMAState {
367 struct PCIIDEState *pci_dev;
368 /* current transfer state */
373 typedef struct PCIIDEState {
377 int type; /* see IDE_TYPE_xxx */
380 static void ide_dma_start(IDEState *s, IDEDMAFunc *dma_cb);
382 static void padstr(char *str, const char *src, int len)
385 for(i = 0; i < len; i++) {
390 *(char *)((long)str ^ 1) = v;
395 static void padstr8(uint8_t *buf, int buf_size, const char *src)
398 for(i = 0; i < buf_size; i++) {
406 static void put_le16(uint16_t *p, unsigned int v)
411 static void ide_identify(IDEState *s)
414 unsigned int oldsize;
417 memset(s->io_buffer, 0, 512);
418 p = (uint16_t *)s->io_buffer;
419 put_le16(p + 0, 0x0040);
420 put_le16(p + 1, s->cylinders);
421 put_le16(p + 3, s->heads);
422 put_le16(p + 4, 512 * s->sectors); /* XXX: retired, remove ? */
423 put_le16(p + 5, 512); /* XXX: retired, remove ? */
424 put_le16(p + 6, s->sectors);
425 snprintf(buf, sizeof(buf), "QM%05d", s->drive_serial);
426 padstr((uint8_t *)(p + 10), buf, 20); /* serial number */
427 put_le16(p + 20, 3); /* XXX: retired, remove ? */
428 put_le16(p + 21, 512); /* cache size in sectors */
429 put_le16(p + 22, 4); /* ecc bytes */
430 padstr((uint8_t *)(p + 23), QEMU_VERSION, 8); /* firmware version */
431 padstr((uint8_t *)(p + 27), "QEMU HARDDISK", 40); /* model */
432 #if MAX_MULT_SECTORS > 1
433 put_le16(p + 47, 0x8000 | MAX_MULT_SECTORS);
435 put_le16(p + 48, 1); /* dword I/O */
436 put_le16(p + 49, 1 << 9 | 1 << 8); /* DMA and LBA supported */
437 put_le16(p + 51, 0x200); /* PIO transfer cycle */
438 put_le16(p + 52, 0x200); /* DMA transfer cycle */
439 put_le16(p + 53, 1 | 1 << 2); /* words 54-58,88 are valid */
440 put_le16(p + 54, s->cylinders);
441 put_le16(p + 55, s->heads);
442 put_le16(p + 56, s->sectors);
443 oldsize = s->cylinders * s->heads * s->sectors;
444 put_le16(p + 57, oldsize);
445 put_le16(p + 58, oldsize >> 16);
447 put_le16(p + 59, 0x100 | s->mult_sectors);
448 put_le16(p + 60, s->nb_sectors);
449 put_le16(p + 61, s->nb_sectors >> 16);
450 put_le16(p + 80, (1 << 1) | (1 << 2));
451 put_le16(p + 82, (1 << 14));
452 put_le16(p + 83, (1 << 14));
453 put_le16(p + 84, (1 << 14));
454 put_le16(p + 85, (1 << 14));
456 put_le16(p + 87, (1 << 14));
457 put_le16(p + 88, 0x1f | (1 << 13));
458 put_le16(p + 93, 1 | (1 << 14) | 0x2000 | 0x4000);
461 static void ide_atapi_identify(IDEState *s)
466 memset(s->io_buffer, 0, 512);
467 p = (uint16_t *)s->io_buffer;
468 /* Removable CDROM, 50us response, 12 byte packets */
469 put_le16(p + 0, (2 << 14) | (5 << 8) | (1 << 7) | (2 << 5) | (0 << 0));
470 snprintf(buf, sizeof(buf), "QM%05d", s->drive_serial);
471 padstr((uint8_t *)(p + 10), buf, 20); /* serial number */
472 put_le16(p + 20, 3); /* buffer type */
473 put_le16(p + 21, 512); /* cache size in sectors */
474 put_le16(p + 22, 4); /* ecc bytes */
475 padstr((uint8_t *)(p + 23), QEMU_VERSION, 8); /* firmware version */
476 padstr((uint8_t *)(p + 27), "QEMU CD-ROM", 40); /* model */
477 put_le16(p + 48, 1); /* dword I/O (XXX: should not be set on CDROM) */
478 put_le16(p + 49, 1 << 9); /* LBA supported, no DMA */
479 put_le16(p + 53, 3); /* words 64-70, 54-58 valid */
480 put_le16(p + 63, 0x103); /* DMA modes XXX: may be incorrect */
481 put_le16(p + 64, 1); /* PIO modes */
482 put_le16(p + 65, 0xb4); /* minimum DMA multiword tx cycle time */
483 put_le16(p + 66, 0xb4); /* recommended DMA multiword tx cycle time */
484 put_le16(p + 67, 0x12c); /* minimum PIO cycle time without flow control */
485 put_le16(p + 68, 0xb4); /* minimum PIO cycle time with IORDY flow control */
487 put_le16(p + 71, 30); /* in ns */
488 put_le16(p + 72, 30); /* in ns */
490 put_le16(p + 80, 0x1e); /* support up to ATA/ATAPI-4 */
493 static void ide_set_signature(IDEState *s)
495 s->select &= 0xf0; /* clear head */
511 static inline void ide_abort_command(IDEState *s)
513 s->status = READY_STAT | ERR_STAT;
517 static inline void ide_set_irq(IDEState *s)
519 BMDMAState *bm = s->bmdma;
520 if (!(s->cmd & IDE_CMD_DISABLE_IRQ)) {
522 bm->status |= BM_STATUS_INT;
524 s->set_irq(s->irq_opaque, s->irq, 1);
528 /* prepare data transfer and tell what to do after */
529 static void ide_transfer_start(IDEState *s, uint8_t *buf, int size,
530 EndTransferFunc *end_transfer_func)
532 s->end_transfer_func = end_transfer_func;
534 s->data_end = buf + size;
535 s->status |= DRQ_STAT;
538 static void ide_transfer_stop(IDEState *s)
540 s->end_transfer_func = ide_transfer_stop;
541 s->data_ptr = s->io_buffer;
542 s->data_end = s->io_buffer;
543 s->status &= ~DRQ_STAT;
546 static int64_t ide_get_sector(IDEState *s)
549 if (s->select & 0x40) {
551 sector_num = ((s->select & 0x0f) << 24) | (s->hcyl << 16) |
552 (s->lcyl << 8) | s->sector;
554 sector_num = ((s->hcyl << 8) | s->lcyl) * s->heads * s->sectors +
555 (s->select & 0x0f) * s->sectors +
561 static void ide_set_sector(IDEState *s, int64_t sector_num)
564 if (s->select & 0x40) {
565 s->select = (s->select & 0xf0) | (sector_num >> 24);
566 s->hcyl = (sector_num >> 16);
567 s->lcyl = (sector_num >> 8);
568 s->sector = (sector_num);
570 cyl = sector_num / (s->heads * s->sectors);
571 r = sector_num % (s->heads * s->sectors);
574 s->select = (s->select & 0xf0) | ((r / s->sectors) & 0x0f);
575 s->sector = (r % s->sectors) + 1;
579 static void ide_sector_read(IDEState *s)
584 s->status = READY_STAT | SEEK_STAT;
585 s->error = 0; /* not needed by IDE spec, but needed by Windows */
586 sector_num = ide_get_sector(s);
589 /* no more sector to read from disk */
590 ide_transfer_stop(s);
592 #if defined(DEBUG_IDE)
593 printf("read sector=%Ld\n", sector_num);
595 if (n > s->req_nb_sectors)
596 n = s->req_nb_sectors;
597 ret = bdrv_read(s->bs, sector_num, s->io_buffer, n);
598 ide_transfer_start(s, s->io_buffer, 512 * n, ide_sector_read);
600 ide_set_sector(s, sector_num + n);
605 static int ide_read_dma_cb(IDEState *s,
606 target_phys_addr_t phys_addr,
609 int len, transfer_size, n;
612 transfer_size = transfer_size1;
613 while (transfer_size > 0) {
614 len = s->io_buffer_size - s->io_buffer_index;
616 /* transfert next data */
620 if (n > MAX_MULT_SECTORS)
621 n = MAX_MULT_SECTORS;
622 sector_num = ide_get_sector(s);
623 bdrv_read(s->bs, sector_num, s->io_buffer, n);
624 s->io_buffer_index = 0;
625 s->io_buffer_size = n * 512;
626 len = s->io_buffer_size;
628 ide_set_sector(s, sector_num);
631 if (len > transfer_size)
633 cpu_physical_memory_write(phys_addr,
634 s->io_buffer + s->io_buffer_index, len);
635 s->io_buffer_index += len;
636 transfer_size -= len;
639 if (s->io_buffer_index >= s->io_buffer_size && s->nsector == 0) {
640 s->status = READY_STAT | SEEK_STAT;
642 #ifdef DEBUG_IDE_ATAPI
643 printf("dma status=0x%x\n", s->status);
647 return transfer_size1 - transfer_size;
650 static void ide_sector_read_dma(IDEState *s)
652 s->status = READY_STAT | SEEK_STAT | DRQ_STAT;
653 s->io_buffer_index = 0;
654 s->io_buffer_size = 0;
655 ide_dma_start(s, ide_read_dma_cb);
658 static void ide_sector_write_timer_cb(void *opaque)
660 IDEState *s = opaque;
664 static void ide_sector_write(IDEState *s)
669 s->status = READY_STAT | SEEK_STAT;
670 sector_num = ide_get_sector(s);
671 #if defined(DEBUG_IDE)
672 printf("write sector=%Ld\n", sector_num);
675 if (n > s->req_nb_sectors)
676 n = s->req_nb_sectors;
677 ret = bdrv_write(s->bs, sector_num, s->io_buffer, n);
679 if (s->nsector == 0) {
680 /* no more sector to write */
681 ide_transfer_stop(s);
684 if (n1 > s->req_nb_sectors)
685 n1 = s->req_nb_sectors;
686 ide_transfer_start(s, s->io_buffer, 512 * n1, ide_sector_write);
688 ide_set_sector(s, sector_num + n);
691 if (win2k_install_hack) {
692 /* It seems there is a bug in the Windows 2000 installer HDD
693 IDE driver which fills the disk with empty logs when the
694 IDE write IRQ comes too early. This hack tries to correct
695 that at the expense of slower write performances. Use this
696 option _only_ to install Windows 2000. You must disable it
698 qemu_mod_timer(s->sector_write_timer,
699 qemu_get_clock(vm_clock) + (ticks_per_sec / 1000));
707 static int ide_write_dma_cb(IDEState *s,
708 target_phys_addr_t phys_addr,
711 int len, transfer_size, n;
714 transfer_size = transfer_size1;
716 len = s->io_buffer_size - s->io_buffer_index;
718 n = s->io_buffer_size >> 9;
719 sector_num = ide_get_sector(s);
720 bdrv_write(s->bs, sector_num, s->io_buffer,
721 s->io_buffer_size >> 9);
723 ide_set_sector(s, sector_num);
727 /* end of transfer */
728 s->status = READY_STAT | SEEK_STAT;
732 if (n > MAX_MULT_SECTORS)
733 n = MAX_MULT_SECTORS;
734 s->io_buffer_index = 0;
735 s->io_buffer_size = n * 512;
736 len = s->io_buffer_size;
738 if (transfer_size <= 0)
740 if (len > transfer_size)
742 cpu_physical_memory_read(phys_addr,
743 s->io_buffer + s->io_buffer_index, len);
744 s->io_buffer_index += len;
745 transfer_size -= len;
748 return transfer_size1 - transfer_size;
751 static void ide_sector_write_dma(IDEState *s)
754 s->status = READY_STAT | SEEK_STAT | DRQ_STAT;
756 if (n > MAX_MULT_SECTORS)
757 n = MAX_MULT_SECTORS;
758 s->io_buffer_index = 0;
759 s->io_buffer_size = n * 512;
760 ide_dma_start(s, ide_write_dma_cb);
763 static void ide_atapi_cmd_ok(IDEState *s)
766 s->status = READY_STAT;
767 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
771 static void ide_atapi_cmd_error(IDEState *s, int sense_key, int asc)
773 #ifdef DEBUG_IDE_ATAPI
774 printf("atapi_cmd_error: sense=0x%x asc=0x%x\n", sense_key, asc);
776 s->error = sense_key << 4;
777 s->status = READY_STAT | ERR_STAT;
778 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
779 s->sense_key = sense_key;
784 static inline void cpu_to_ube16(uint8_t *buf, int val)
790 static inline void cpu_to_ube32(uint8_t *buf, unsigned int val)
798 static inline int ube16_to_cpu(const uint8_t *buf)
800 return (buf[0] << 8) | buf[1];
803 static inline int ube32_to_cpu(const uint8_t *buf)
805 return (buf[0] << 24) | (buf[1] << 16) | (buf[2] << 8) | buf[3];
808 static void lba_to_msf(uint8_t *buf, int lba)
811 buf[0] = (lba / 75) / 60;
812 buf[1] = (lba / 75) % 60;
816 static void cd_read_sector(BlockDriverState *bs, int lba, uint8_t *buf,
819 switch(sector_size) {
821 bdrv_read(bs, (int64_t)lba << 2, buf, 4);
826 memset(buf + 1, 0xff, 10);
830 lba_to_msf(buf, lba);
831 buf[3] = 0x01; /* mode 1 data */
834 bdrv_read(bs, (int64_t)lba << 2, buf, 4);
844 /* The whole ATAPI transfer logic is handled in this function */
845 static void ide_atapi_cmd_reply_end(IDEState *s)
847 int byte_count_limit, size;
848 #ifdef DEBUG_IDE_ATAPI
849 printf("reply: tx_size=%d elem_tx_size=%d index=%d\n",
850 s->packet_transfer_size,
851 s->elementary_transfer_size,
854 if (s->packet_transfer_size <= 0) {
855 /* end of transfer */
856 ide_transfer_stop(s);
857 s->status = READY_STAT;
858 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
860 #ifdef DEBUG_IDE_ATAPI
861 printf("status=0x%x\n", s->status);
864 /* see if a new sector must be read */
865 if (s->lba != -1 && s->io_buffer_index >= s->cd_sector_size) {
866 cd_read_sector(s->bs, s->lba, s->io_buffer, s->cd_sector_size);
868 s->io_buffer_index = 0;
870 if (s->elementary_transfer_size > 0) {
871 /* there are some data left to transmit in this elementary
873 size = s->cd_sector_size - s->io_buffer_index;
874 if (size > s->elementary_transfer_size)
875 size = s->elementary_transfer_size;
876 ide_transfer_start(s, s->io_buffer + s->io_buffer_index,
877 size, ide_atapi_cmd_reply_end);
878 s->packet_transfer_size -= size;
879 s->elementary_transfer_size -= size;
880 s->io_buffer_index += size;
882 /* a new transfer is needed */
883 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO;
884 byte_count_limit = s->lcyl | (s->hcyl << 8);
885 #ifdef DEBUG_IDE_ATAPI
886 printf("byte_count_limit=%d\n", byte_count_limit);
888 if (byte_count_limit == 0xffff)
890 size = s->packet_transfer_size;
891 if (size > byte_count_limit) {
892 /* byte count limit must be even if this case */
893 if (byte_count_limit & 1)
895 size = byte_count_limit;
899 s->elementary_transfer_size = size;
900 /* we cannot transmit more than one sector at a time */
902 if (size > (s->cd_sector_size - s->io_buffer_index))
903 size = (s->cd_sector_size - s->io_buffer_index);
905 ide_transfer_start(s, s->io_buffer + s->io_buffer_index,
906 size, ide_atapi_cmd_reply_end);
907 s->packet_transfer_size -= size;
908 s->elementary_transfer_size -= size;
909 s->io_buffer_index += size;
911 #ifdef DEBUG_IDE_ATAPI
912 printf("status=0x%x\n", s->status);
918 /* send a reply of 'size' bytes in s->io_buffer to an ATAPI command */
919 static void ide_atapi_cmd_reply(IDEState *s, int size, int max_size)
923 s->lba = -1; /* no sector read */
924 s->packet_transfer_size = size;
925 s->elementary_transfer_size = 0;
926 s->io_buffer_index = 0;
928 s->status = READY_STAT;
929 ide_atapi_cmd_reply_end(s);
932 /* start a CD-CDROM read command */
933 static void ide_atapi_cmd_read_pio(IDEState *s, int lba, int nb_sectors,
937 s->packet_transfer_size = nb_sectors * sector_size;
938 s->elementary_transfer_size = 0;
939 s->io_buffer_index = sector_size;
940 s->cd_sector_size = sector_size;
942 s->status = READY_STAT;
943 ide_atapi_cmd_reply_end(s);
946 /* ATAPI DMA support */
947 static int ide_atapi_cmd_read_dma_cb(IDEState *s,
948 target_phys_addr_t phys_addr,
951 int len, transfer_size;
953 transfer_size = transfer_size1;
954 while (transfer_size > 0) {
955 #ifdef DEBUG_IDE_ATAPI
956 printf("transfer_size: %d phys_addr=%08x\n", transfer_size, phys_addr);
958 if (s->packet_transfer_size <= 0)
960 len = s->cd_sector_size - s->io_buffer_index;
962 /* transfert next data */
963 cd_read_sector(s->bs, s->lba, s->io_buffer, s->cd_sector_size);
965 s->io_buffer_index = 0;
966 len = s->cd_sector_size;
968 if (len > transfer_size)
970 cpu_physical_memory_write(phys_addr,
971 s->io_buffer + s->io_buffer_index, len);
972 s->packet_transfer_size -= len;
973 s->io_buffer_index += len;
974 transfer_size -= len;
977 if (s->packet_transfer_size <= 0) {
978 s->status = READY_STAT;
979 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
981 #ifdef DEBUG_IDE_ATAPI
982 printf("dma status=0x%x\n", s->status);
986 return transfer_size1 - transfer_size;
989 /* start a CD-CDROM read command with DMA */
990 /* XXX: test if DMA is available */
991 static void ide_atapi_cmd_read_dma(IDEState *s, int lba, int nb_sectors,
995 s->packet_transfer_size = nb_sectors * sector_size;
996 s->io_buffer_index = sector_size;
997 s->cd_sector_size = sector_size;
999 s->status = READY_STAT | DRQ_STAT;
1000 ide_dma_start(s, ide_atapi_cmd_read_dma_cb);
1003 static void ide_atapi_cmd_read(IDEState *s, int lba, int nb_sectors,
1006 #ifdef DEBUG_IDE_ATAPI
1007 printf("read: LBA=%d nb_sectors=%d\n", lba, nb_sectors);
1010 ide_atapi_cmd_read_dma(s, lba, nb_sectors, sector_size);
1012 ide_atapi_cmd_read_pio(s, lba, nb_sectors, sector_size);
1016 /* same toc as bochs. Return -1 if error or the toc length */
1017 /* XXX: check this */
1018 static int cdrom_read_toc(IDEState *s, uint8_t *buf, int msf, int start_track)
1021 int nb_sectors, len;
1023 if (start_track > 1 && start_track != 0xaa)
1026 *q++ = 1; /* first session */
1027 *q++ = 1; /* last session */
1028 if (start_track <= 1) {
1029 *q++ = 0; /* reserved */
1030 *q++ = 0x14; /* ADR, control */
1031 *q++ = 1; /* track number */
1032 *q++ = 0; /* reserved */
1034 *q++ = 0; /* reserved */
1043 /* lead out track */
1044 *q++ = 0; /* reserved */
1045 *q++ = 0x16; /* ADR, control */
1046 *q++ = 0xaa; /* track number */
1047 *q++ = 0; /* reserved */
1048 nb_sectors = s->nb_sectors >> 2;
1050 *q++ = 0; /* reserved */
1051 lba_to_msf(q, nb_sectors);
1054 cpu_to_ube32(q, nb_sectors);
1058 cpu_to_ube16(buf, len - 2);
1062 /* mostly same info as PearPc */
1063 static int cdrom_read_toc_raw(IDEState *s, uint8_t *buf, int msf,
1067 int nb_sectors, len;
1070 *q++ = 1; /* first session */
1071 *q++ = 1; /* last session */
1073 *q++ = 1; /* session number */
1074 *q++ = 0x14; /* data track */
1075 *q++ = 0; /* track number */
1076 *q++ = 0xa0; /* lead-in */
1079 *q++ = 0; /* frame */
1081 *q++ = 1; /* first track */
1082 *q++ = 0x00; /* disk type */
1085 *q++ = 1; /* session number */
1086 *q++ = 0x14; /* data track */
1087 *q++ = 0; /* track number */
1091 *q++ = 0; /* frame */
1093 *q++ = 1; /* last track */
1097 *q++ = 1; /* session number */
1098 *q++ = 0x14; /* data track */
1099 *q++ = 0; /* track number */
1100 *q++ = 0xa2; /* lead-out */
1103 *q++ = 0; /* frame */
1104 nb_sectors = s->nb_sectors >> 2;
1106 *q++ = 0; /* reserved */
1107 lba_to_msf(q, nb_sectors);
1110 cpu_to_ube32(q, nb_sectors);
1114 *q++ = 1; /* session number */
1115 *q++ = 0x14; /* ADR, control */
1116 *q++ = 0; /* track number */
1117 *q++ = 1; /* point */
1120 *q++ = 0; /* frame */
1127 cpu_to_ube16(buf, len - 2);
1131 static void ide_atapi_cmd(IDEState *s)
1133 const uint8_t *packet;
1137 packet = s->io_buffer;
1139 #ifdef DEBUG_IDE_ATAPI
1142 printf("ATAPI limit=0x%x packet:", s->lcyl | (s->hcyl << 8));
1143 for(i = 0; i < ATAPI_PACKET_SIZE; i++) {
1144 printf(" %02x", packet[i]);
1149 switch(s->io_buffer[0]) {
1150 case GPCMD_TEST_UNIT_READY:
1151 if (bdrv_is_inserted(s->bs)) {
1152 ide_atapi_cmd_ok(s);
1154 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1155 ASC_MEDIUM_NOT_PRESENT);
1158 case GPCMD_MODE_SENSE_10:
1161 max_len = ube16_to_cpu(packet + 7);
1162 action = packet[2] >> 6;
1163 code = packet[2] & 0x3f;
1165 case 0: /* current values */
1167 case 0x01: /* error recovery */
1168 cpu_to_ube16(&buf[0], 16 + 6);
1184 ide_atapi_cmd_reply(s, 16, max_len);
1187 cpu_to_ube16(&buf[0], 28 + 6);
1202 buf[14] = (1 << 0) | (1 << 3) | (1 << 5);
1203 if (bdrv_is_locked(s->bs))
1206 cpu_to_ube16(&buf[16], 706);
1209 cpu_to_ube16(&buf[20], 512);
1210 cpu_to_ube16(&buf[22], 706);
1215 ide_atapi_cmd_reply(s, 28, max_len);
1221 case 1: /* changeable values */
1223 case 2: /* default values */
1226 case 3: /* saved values */
1227 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1228 ASC_SAVING_PARAMETERS_NOT_SUPPORTED);
1233 case GPCMD_REQUEST_SENSE:
1234 max_len = packet[4];
1236 buf[0] = 0x70 | (1 << 7);
1237 buf[2] = s->sense_key;
1240 ide_atapi_cmd_reply(s, 18, max_len);
1242 case GPCMD_PREVENT_ALLOW_MEDIUM_REMOVAL:
1243 if (bdrv_is_inserted(s->bs)) {
1244 bdrv_set_locked(s->bs, packet[4] & 1);
1245 ide_atapi_cmd_ok(s);
1247 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1248 ASC_MEDIUM_NOT_PRESENT);
1254 int nb_sectors, lba;
1256 if (!bdrv_is_inserted(s->bs)) {
1257 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1258 ASC_MEDIUM_NOT_PRESENT);
1261 if (packet[0] == GPCMD_READ_10)
1262 nb_sectors = ube16_to_cpu(packet + 7);
1264 nb_sectors = ube32_to_cpu(packet + 6);
1265 lba = ube32_to_cpu(packet + 2);
1266 if (nb_sectors == 0) {
1267 ide_atapi_cmd_ok(s);
1270 if (((int64_t)(lba + nb_sectors) << 2) > s->nb_sectors) {
1271 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1272 ASC_LOGICAL_BLOCK_OOR);
1275 ide_atapi_cmd_read(s, lba, nb_sectors, 2048);
1280 int nb_sectors, lba, transfer_request;
1282 if (!bdrv_is_inserted(s->bs)) {
1283 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1284 ASC_MEDIUM_NOT_PRESENT);
1287 nb_sectors = (packet[6] << 16) | (packet[7] << 8) | packet[8];
1288 lba = ube32_to_cpu(packet + 2);
1289 if (nb_sectors == 0) {
1290 ide_atapi_cmd_ok(s);
1293 if (((int64_t)(lba + nb_sectors) << 2) > s->nb_sectors) {
1294 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1295 ASC_LOGICAL_BLOCK_OOR);
1298 transfer_request = packet[9];
1299 switch(transfer_request & 0xf8) {
1302 ide_atapi_cmd_ok(s);
1306 ide_atapi_cmd_read(s, lba, nb_sectors, 2048);
1310 ide_atapi_cmd_read(s, lba, nb_sectors, 2352);
1313 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1314 ASC_INV_FIELD_IN_CMD_PACKET);
1322 if (!bdrv_is_inserted(s->bs)) {
1323 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1324 ASC_MEDIUM_NOT_PRESENT);
1327 lba = ube32_to_cpu(packet + 2);
1328 if (((int64_t)lba << 2) > s->nb_sectors) {
1329 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1330 ASC_LOGICAL_BLOCK_OOR);
1333 ide_atapi_cmd_ok(s);
1336 case GPCMD_START_STOP_UNIT:
1339 start = packet[4] & 1;
1340 eject = (packet[4] >> 1) & 1;
1342 if (eject && !start) {
1343 /* eject the disk */
1346 ide_atapi_cmd_ok(s);
1349 case GPCMD_MECHANISM_STATUS:
1351 max_len = ube16_to_cpu(packet + 8);
1352 cpu_to_ube16(buf, 0);
1353 /* no current LBA */
1358 cpu_to_ube16(buf + 6, 0);
1359 ide_atapi_cmd_reply(s, 8, max_len);
1362 case GPCMD_READ_TOC_PMA_ATIP:
1364 int format, msf, start_track, len;
1366 if (!bdrv_is_inserted(s->bs)) {
1367 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1368 ASC_MEDIUM_NOT_PRESENT);
1371 max_len = ube16_to_cpu(packet + 7);
1372 format = packet[9] >> 6;
1373 msf = (packet[1] >> 1) & 1;
1374 start_track = packet[6];
1377 len = cdrom_read_toc(s, buf, msf, start_track);
1380 ide_atapi_cmd_reply(s, len, max_len);
1383 /* multi session : only a single session defined */
1388 ide_atapi_cmd_reply(s, 12, max_len);
1391 len = cdrom_read_toc_raw(s, buf, msf, start_track);
1394 ide_atapi_cmd_reply(s, len, max_len);
1398 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1399 ASC_INV_FIELD_IN_CMD_PACKET);
1404 case GPCMD_READ_CDVD_CAPACITY:
1405 if (!bdrv_is_inserted(s->bs)) {
1406 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1407 ASC_MEDIUM_NOT_PRESENT);
1410 /* NOTE: it is really the number of sectors minus 1 */
1411 cpu_to_ube32(buf, (s->nb_sectors >> 2) - 1);
1412 cpu_to_ube32(buf + 4, 2048);
1413 ide_atapi_cmd_reply(s, 8, 8);
1416 max_len = packet[4];
1417 buf[0] = 0x05; /* CD-ROM */
1418 buf[1] = 0x80; /* removable */
1419 buf[2] = 0x00; /* ISO */
1420 buf[3] = 0x21; /* ATAPI-2 (XXX: put ATAPI-4 ?) */
1421 buf[4] = 31; /* additionnal length */
1422 buf[5] = 0; /* reserved */
1423 buf[6] = 0; /* reserved */
1424 buf[7] = 0; /* reserved */
1425 padstr8(buf + 8, 8, "QEMU");
1426 padstr8(buf + 16, 16, "QEMU CD-ROM");
1427 padstr8(buf + 32, 4, QEMU_VERSION);
1428 ide_atapi_cmd_reply(s, 36, max_len);
1431 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1432 ASC_ILLEGAL_OPCODE);
1437 /* called when the inserted state of the media has changed */
1438 static void cdrom_change_cb(void *opaque)
1440 IDEState *s = opaque;
1443 /* XXX: send interrupt too */
1444 bdrv_get_geometry(s->bs, &nb_sectors);
1445 s->nb_sectors = nb_sectors;
1448 static void ide_ioport_write(void *opaque, uint32_t addr, uint32_t val)
1450 IDEState *ide_if = opaque;
1455 printf("IDE: write addr=0x%x val=0x%02x\n", addr, val);
1462 /* NOTE: data is written to the two drives */
1463 ide_if[0].feature = val;
1464 ide_if[1].feature = val;
1469 ide_if[0].nsector = val;
1470 ide_if[1].nsector = val;
1473 ide_if[0].sector = val;
1474 ide_if[1].sector = val;
1477 ide_if[0].lcyl = val;
1478 ide_if[1].lcyl = val;
1481 ide_if[0].hcyl = val;
1482 ide_if[1].hcyl = val;
1485 ide_if[0].select = (val & ~0x10) | 0xa0;
1486 ide_if[1].select = (val | 0x10) | 0xa0;
1488 unit = (val >> 4) & 1;
1490 ide_if->cur_drive = s;
1492 /* XXX: currently a workaround for Darwin/PPC. Need to check
1493 the IDE spec to see if it is correct */
1494 ide_set_signature(s);
1500 #if defined(DEBUG_IDE)
1501 printf("ide: CMD=%02x\n", val);
1503 s = ide_if->cur_drive;
1504 /* ignore commands to non existant slave */
1505 if (s != ide_if && !s->bs)
1509 if (s->bs && !s->is_cdrom) {
1511 s->status = READY_STAT | SEEK_STAT;
1512 ide_transfer_start(s, s->io_buffer, 512, ide_transfer_stop);
1515 ide_set_signature(s);
1517 ide_abort_command(s);
1524 s->status = READY_STAT | SEEK_STAT;
1528 if (s->nsector > MAX_MULT_SECTORS ||
1530 (s->nsector & (s->nsector - 1)) != 0) {
1531 ide_abort_command(s);
1533 s->mult_sectors = s->nsector;
1534 s->status = READY_STAT;
1539 case WIN_VERIFY_ONCE:
1540 /* do sector number check ? */
1541 s->status = READY_STAT;
1548 s->req_nb_sectors = 1;
1552 case WIN_WRITE_ONCE:
1554 s->status = SEEK_STAT | READY_STAT;
1555 s->req_nb_sectors = 1;
1556 ide_transfer_start(s, s->io_buffer, 512, ide_sector_write);
1559 if (!s->mult_sectors)
1561 s->req_nb_sectors = s->mult_sectors;
1565 if (!s->mult_sectors)
1568 s->status = SEEK_STAT | READY_STAT;
1569 s->req_nb_sectors = s->mult_sectors;
1571 if (n > s->req_nb_sectors)
1572 n = s->req_nb_sectors;
1573 ide_transfer_start(s, s->io_buffer, 512 * n, ide_sector_write);
1576 case WIN_READDMA_ONCE:
1579 ide_sector_read_dma(s);
1582 case WIN_WRITEDMA_ONCE:
1585 ide_sector_write_dma(s);
1587 case WIN_READ_NATIVE_MAX:
1588 ide_set_sector(s, s->nb_sectors - 1);
1589 s->status = READY_STAT;
1592 case WIN_CHECKPOWERMODE1:
1593 s->nsector = 0xff; /* device active or idle */
1594 s->status = READY_STAT;
1597 case WIN_SETFEATURES:
1600 /* XXX: valid for CDROM ? */
1601 switch(s->feature) {
1602 case 0x02: /* write cache enable */
1603 case 0x03: /* set transfer mode */
1604 case 0x82: /* write cache disable */
1605 case 0xaa: /* read look-ahead enable */
1606 case 0x55: /* read look-ahead disable */
1607 s->status = READY_STAT | SEEK_STAT;
1614 case WIN_STANDBYNOW1:
1615 case WIN_IDLEIMMEDIATE:
1616 case WIN_FLUSH_CACHE:
1617 s->status = READY_STAT;
1620 /* ATAPI commands */
1623 ide_atapi_identify(s);
1624 s->status = READY_STAT;
1625 ide_transfer_start(s, s->io_buffer, 512, ide_transfer_stop);
1627 ide_abort_command(s);
1632 ide_set_signature(s);
1633 s->status = 0x00; /* NOTE: READY is _not_ set */
1639 ide_set_signature(s);
1640 s->status = 0x00; /* NOTE: READY is _not_ set */
1646 /* overlapping commands not supported */
1647 if (s->feature & 0x02)
1649 s->atapi_dma = s->feature & 1;
1651 ide_transfer_start(s, s->io_buffer, ATAPI_PACKET_SIZE,
1656 ide_abort_command(s);
1663 static uint32_t ide_ioport_read(void *opaque, uint32_t addr1)
1665 IDEState *ide_if = opaque;
1666 IDEState *s = ide_if->cur_drive;
1676 if (!ide_if[0].bs && !ide_if[1].bs)
1682 if (!ide_if[0].bs && !ide_if[1].bs)
1685 ret = s->nsector & 0xff;
1688 if (!ide_if[0].bs && !ide_if[1].bs)
1694 if (!ide_if[0].bs && !ide_if[1].bs)
1700 if (!ide_if[0].bs && !ide_if[1].bs)
1706 if (!ide_if[0].bs && !ide_if[1].bs)
1713 if ((!ide_if[0].bs && !ide_if[1].bs) ||
1714 (s != ide_if && !s->bs))
1718 s->set_irq(s->irq_opaque, s->irq, 0);
1722 printf("ide: read addr=0x%x val=%02x\n", addr1, ret);
1727 static uint32_t ide_status_read(void *opaque, uint32_t addr)
1729 IDEState *ide_if = opaque;
1730 IDEState *s = ide_if->cur_drive;
1733 if ((!ide_if[0].bs && !ide_if[1].bs) ||
1734 (s != ide_if && !s->bs))
1739 printf("ide: read status addr=0x%x val=%02x\n", addr, ret);
1744 static void ide_cmd_write(void *opaque, uint32_t addr, uint32_t val)
1746 IDEState *ide_if = opaque;
1751 printf("ide: write control addr=0x%x val=%02x\n", addr, val);
1753 /* common for both drives */
1754 if (!(ide_if[0].cmd & IDE_CMD_RESET) &&
1755 (val & IDE_CMD_RESET)) {
1756 /* reset low to high */
1757 for(i = 0;i < 2; i++) {
1759 s->status = BUSY_STAT | SEEK_STAT;
1762 } else if ((ide_if[0].cmd & IDE_CMD_RESET) &&
1763 !(val & IDE_CMD_RESET)) {
1765 for(i = 0;i < 2; i++) {
1768 s->status = 0x00; /* NOTE: READY is _not_ set */
1770 s->status = READY_STAT | SEEK_STAT;
1771 ide_set_signature(s);
1775 ide_if[0].cmd = val;
1776 ide_if[1].cmd = val;
1779 static void ide_data_writew(void *opaque, uint32_t addr, uint32_t val)
1781 IDEState *s = ((IDEState *)opaque)->cur_drive;
1785 *(uint16_t *)p = le16_to_cpu(val);
1788 if (p >= s->data_end)
1789 s->end_transfer_func(s);
1792 static uint32_t ide_data_readw(void *opaque, uint32_t addr)
1794 IDEState *s = ((IDEState *)opaque)->cur_drive;
1798 ret = cpu_to_le16(*(uint16_t *)p);
1801 if (p >= s->data_end)
1802 s->end_transfer_func(s);
1806 static void ide_data_writel(void *opaque, uint32_t addr, uint32_t val)
1808 IDEState *s = ((IDEState *)opaque)->cur_drive;
1812 *(uint32_t *)p = le32_to_cpu(val);
1815 if (p >= s->data_end)
1816 s->end_transfer_func(s);
1819 static uint32_t ide_data_readl(void *opaque, uint32_t addr)
1821 IDEState *s = ((IDEState *)opaque)->cur_drive;
1826 ret = cpu_to_le32(*(uint32_t *)p);
1829 if (p >= s->data_end)
1830 s->end_transfer_func(s);
1834 static void ide_dummy_transfer_stop(IDEState *s)
1836 s->data_ptr = s->io_buffer;
1837 s->data_end = s->io_buffer;
1838 s->io_buffer[0] = 0xff;
1839 s->io_buffer[1] = 0xff;
1840 s->io_buffer[2] = 0xff;
1841 s->io_buffer[3] = 0xff;
1844 static void ide_reset(IDEState *s)
1846 s->mult_sectors = MAX_MULT_SECTORS;
1849 s->status = READY_STAT;
1850 ide_set_signature(s);
1851 /* init the transfer handler so that 0xffff is returned on data
1853 s->end_transfer_func = ide_dummy_transfer_stop;
1854 ide_dummy_transfer_stop(s);
1858 uint8_t boot_ind; /* 0x80 - active */
1859 uint8_t head; /* starting head */
1860 uint8_t sector; /* starting sector */
1861 uint8_t cyl; /* starting cylinder */
1862 uint8_t sys_ind; /* What partition type */
1863 uint8_t end_head; /* end head */
1864 uint8_t end_sector; /* end sector */
1865 uint8_t end_cyl; /* end cylinder */
1866 uint32_t start_sect; /* starting sector counting from 0 */
1867 uint32_t nr_sects; /* nr of sectors in partition */
1868 } __attribute__((packed));
1870 /* try to guess the disk logical geometry from the MSDOS partition table. Return 0 if OK, -1 if could not guess */
1871 static int guess_disk_lchs(IDEState *s,
1872 int *pcylinders, int *pheads, int *psectors)
1875 int ret, i, heads, sectors, cylinders;
1876 struct partition *p;
1879 ret = bdrv_read(s->bs, 0, buf, 1);
1882 /* test msdos magic */
1883 if (buf[510] != 0x55 || buf[511] != 0xaa)
1885 for(i = 0; i < 4; i++) {
1886 p = ((struct partition *)(buf + 0x1be)) + i;
1887 nr_sects = le32_to_cpu(p->nr_sects);
1888 if (nr_sects && p->end_head) {
1889 /* We make the assumption that the partition terminates on
1890 a cylinder boundary */
1891 heads = p->end_head + 1;
1892 sectors = p->end_sector & 63;
1895 cylinders = s->nb_sectors / (heads * sectors);
1896 if (cylinders < 1 || cylinders > 16383)
1899 *psectors = sectors;
1900 *pcylinders = cylinders;
1902 printf("guessed geometry: LCHS=%d %d %d\n",
1903 cylinders, heads, sectors);
1911 static void ide_init2(IDEState *ide_state,
1912 BlockDriverState *hd0, BlockDriverState *hd1,
1913 SetIRQFunc *set_irq, void *irq_opaque, int irq)
1916 static int drive_serial = 1;
1917 int i, cylinders, heads, secs, translation;
1920 for(i = 0; i < 2; i++) {
1927 bdrv_get_geometry(s->bs, &nb_sectors);
1928 s->nb_sectors = nb_sectors;
1929 /* if a geometry hint is available, use it */
1930 bdrv_get_geometry_hint(s->bs, &cylinders, &heads, &secs);
1931 if (cylinders != 0) {
1932 s->cylinders = cylinders;
1936 if (guess_disk_lchs(s, &cylinders, &heads, &secs) == 0) {
1938 /* if heads > 16, it means that a BIOS LBA
1939 translation was active, so the default
1940 hardware geometry is OK */
1941 goto default_geometry;
1943 s->cylinders = cylinders;
1946 /* disable any translation to be in sync with
1947 the logical geometry */
1948 translation = bdrv_get_translation_hint(s->bs);
1949 if (translation == BIOS_ATA_TRANSLATION_AUTO) {
1950 bdrv_set_translation_hint(s->bs,
1951 BIOS_ATA_TRANSLATION_NONE);
1956 /* if no geometry, use a standard physical disk geometry */
1957 cylinders = nb_sectors / (16 * 63);
1958 if (cylinders > 16383)
1960 else if (cylinders < 2)
1962 s->cylinders = cylinders;
1966 bdrv_set_geometry_hint(s->bs, s->cylinders, s->heads, s->sectors);
1968 if (bdrv_get_type_hint(s->bs) == BDRV_TYPE_CDROM) {
1970 bdrv_set_change_cb(s->bs, cdrom_change_cb, s);
1973 s->drive_serial = drive_serial++;
1974 s->set_irq = set_irq;
1975 s->irq_opaque = irq_opaque;
1977 s->sector_write_timer = qemu_new_timer(vm_clock,
1978 ide_sector_write_timer_cb, s);
1983 static void ide_init_ioport(IDEState *ide_state, int iobase, int iobase2)
1985 register_ioport_write(iobase, 8, 1, ide_ioport_write, ide_state);
1986 register_ioport_read(iobase, 8, 1, ide_ioport_read, ide_state);
1988 register_ioport_read(iobase2, 1, 1, ide_status_read, ide_state);
1989 register_ioport_write(iobase2, 1, 1, ide_cmd_write, ide_state);
1993 register_ioport_write(iobase, 2, 2, ide_data_writew, ide_state);
1994 register_ioport_read(iobase, 2, 2, ide_data_readw, ide_state);
1995 register_ioport_write(iobase, 4, 4, ide_data_writel, ide_state);
1996 register_ioport_read(iobase, 4, 4, ide_data_readl, ide_state);
1999 /***********************************************************/
2000 /* ISA IDE definitions */
2002 void isa_ide_init(int iobase, int iobase2, int irq,
2003 BlockDriverState *hd0, BlockDriverState *hd1)
2005 IDEState *ide_state;
2007 ide_state = qemu_mallocz(sizeof(IDEState) * 2);
2011 ide_init2(ide_state, hd0, hd1, pic_set_irq_new, isa_pic, irq);
2012 ide_init_ioport(ide_state, iobase, iobase2);
2015 /***********************************************************/
2016 /* PCI IDE definitions */
2018 static void cmd646_update_irq(PCIIDEState *d);
2020 static void ide_map(PCIDevice *pci_dev, int region_num,
2021 uint32_t addr, uint32_t size, int type)
2023 PCIIDEState *d = (PCIIDEState *)pci_dev;
2024 IDEState *ide_state;
2026 if (region_num <= 3) {
2027 ide_state = &d->ide_if[(region_num >> 1) * 2];
2028 if (region_num & 1) {
2029 register_ioport_read(addr + 2, 1, 1, ide_status_read, ide_state);
2030 register_ioport_write(addr + 2, 1, 1, ide_cmd_write, ide_state);
2032 register_ioport_write(addr, 8, 1, ide_ioport_write, ide_state);
2033 register_ioport_read(addr, 8, 1, ide_ioport_read, ide_state);
2036 register_ioport_write(addr, 2, 2, ide_data_writew, ide_state);
2037 register_ioport_read(addr, 2, 2, ide_data_readw, ide_state);
2038 register_ioport_write(addr, 4, 4, ide_data_writel, ide_state);
2039 register_ioport_read(addr, 4, 4, ide_data_readl, ide_state);
2044 /* XXX: full callback usage to prepare non blocking I/Os support -
2046 static void ide_dma_loop(BMDMAState *bm)
2052 target_phys_addr_t cur_addr;
2055 cur_addr = bm->addr;
2056 /* at most one page to avoid hanging if erroneous parameters */
2057 for(i = 0; i < 512; i++) {
2058 cpu_physical_memory_read(cur_addr, (uint8_t *)&prd, 8);
2059 prd.addr = le32_to_cpu(prd.addr);
2060 prd.size = le32_to_cpu(prd.size);
2062 printf("ide: dma: prd: %08x: addr=0x%08x size=0x%08x\n",
2063 (int)cur_addr, prd.addr, prd.size);
2065 len = prd.size & 0xfffe;
2069 len1 = bm->dma_cb(bm->ide_if, prd.addr, len);
2075 /* end of transfer */
2076 if (prd.size & 0x80000000)
2080 /* end of transfer */
2082 bm->status &= ~BM_STATUS_DMAING;
2083 bm->status |= BM_STATUS_INT;
2088 static void ide_dma_start(IDEState *s, IDEDMAFunc *dma_cb)
2090 BMDMAState *bm = s->bmdma;
2094 bm->dma_cb = dma_cb;
2095 if (bm->status & BM_STATUS_DMAING) {
2100 static void bmdma_cmd_writeb(void *opaque, uint32_t addr, uint32_t val)
2102 BMDMAState *bm = opaque;
2104 printf("%s: 0x%08x\n", __func__, val);
2106 if (!(val & BM_CMD_START)) {
2107 /* XXX: do it better */
2108 bm->status &= ~BM_STATUS_DMAING;
2109 bm->cmd = val & 0x09;
2111 bm->status |= BM_STATUS_DMAING;
2112 bm->cmd = val & 0x09;
2113 /* start dma transfer if possible */
2119 static uint32_t bmdma_readb(void *opaque, uint32_t addr)
2121 BMDMAState *bm = opaque;
2122 PCIIDEState *pci_dev;
2130 pci_dev = bm->pci_dev;
2131 if (pci_dev->type == IDE_TYPE_CMD646) {
2132 val = pci_dev->dev.config[MRDMODE];
2141 pci_dev = bm->pci_dev;
2142 if (pci_dev->type == IDE_TYPE_CMD646) {
2143 if (bm == &pci_dev->bmdma[0])
2144 val = pci_dev->dev.config[UDIDETCR0];
2146 val = pci_dev->dev.config[UDIDETCR1];
2156 printf("bmdma: readb 0x%02x : 0x%02x\n", addr, val);
2161 static void bmdma_writeb(void *opaque, uint32_t addr, uint32_t val)
2163 BMDMAState *bm = opaque;
2164 PCIIDEState *pci_dev;
2166 printf("bmdma: writeb 0x%02x : 0x%02x\n", addr, val);
2170 pci_dev = bm->pci_dev;
2171 if (pci_dev->type == IDE_TYPE_CMD646) {
2172 pci_dev->dev.config[MRDMODE] =
2173 (pci_dev->dev.config[MRDMODE] & ~0x30) | (val & 0x30);
2174 cmd646_update_irq(pci_dev);
2178 bm->status = (val & 0x60) | (bm->status & 1) | (bm->status & ~val & 0x06);
2181 pci_dev = bm->pci_dev;
2182 if (pci_dev->type == IDE_TYPE_CMD646) {
2183 if (bm == &pci_dev->bmdma[0])
2184 pci_dev->dev.config[UDIDETCR0] = val;
2186 pci_dev->dev.config[UDIDETCR1] = val;
2192 static uint32_t bmdma_addr_readl(void *opaque, uint32_t addr)
2194 BMDMAState *bm = opaque;
2198 printf("%s: 0x%08x\n", __func__, val);
2203 static void bmdma_addr_writel(void *opaque, uint32_t addr, uint32_t val)
2205 BMDMAState *bm = opaque;
2207 printf("%s: 0x%08x\n", __func__, val);
2209 bm->addr = val & ~3;
2212 static void bmdma_map(PCIDevice *pci_dev, int region_num,
2213 uint32_t addr, uint32_t size, int type)
2215 PCIIDEState *d = (PCIIDEState *)pci_dev;
2218 for(i = 0;i < 2; i++) {
2219 BMDMAState *bm = &d->bmdma[i];
2220 d->ide_if[2 * i].bmdma = bm;
2221 d->ide_if[2 * i + 1].bmdma = bm;
2222 bm->pci_dev = (PCIIDEState *)pci_dev;
2224 register_ioport_write(addr, 1, 1, bmdma_cmd_writeb, bm);
2226 register_ioport_write(addr + 1, 3, 1, bmdma_writeb, bm);
2227 register_ioport_read(addr, 4, 1, bmdma_readb, bm);
2229 register_ioport_write(addr + 4, 4, 4, bmdma_addr_writel, bm);
2230 register_ioport_read(addr + 4, 4, 4, bmdma_addr_readl, bm);
2235 /* XXX: call it also when the MRDMODE is changed from the PCI config
2237 static void cmd646_update_irq(PCIIDEState *d)
2240 pci_level = ((d->dev.config[MRDMODE] & MRDMODE_INTR_CH0) &&
2241 !(d->dev.config[MRDMODE] & MRDMODE_BLK_CH0)) ||
2242 ((d->dev.config[MRDMODE] & MRDMODE_INTR_CH1) &&
2243 !(d->dev.config[MRDMODE] & MRDMODE_BLK_CH1));
2244 pci_set_irq((PCIDevice *)d, 0, pci_level);
2247 /* the PCI irq level is the logical OR of the two channels */
2248 static void cmd646_set_irq(void *opaque, int channel, int level)
2250 PCIIDEState *d = opaque;
2253 irq_mask = MRDMODE_INTR_CH0 << channel;
2255 d->dev.config[MRDMODE] |= irq_mask;
2257 d->dev.config[MRDMODE] &= ~irq_mask;
2258 cmd646_update_irq(d);
2261 /* CMD646 PCI IDE controller */
2262 void pci_cmd646_ide_init(PCIBus *bus, BlockDriverState **hd_table,
2263 int secondary_ide_enabled)
2269 d = (PCIIDEState *)pci_register_device(bus, "CMD646 IDE",
2270 sizeof(PCIIDEState),
2273 d->type = IDE_TYPE_CMD646;
2274 pci_conf = d->dev.config;
2275 pci_conf[0x00] = 0x95; // CMD646
2276 pci_conf[0x01] = 0x10;
2277 pci_conf[0x02] = 0x46;
2278 pci_conf[0x03] = 0x06;
2280 pci_conf[0x08] = 0x07; // IDE controller revision
2281 pci_conf[0x09] = 0x8f;
2283 pci_conf[0x0a] = 0x01; // class_sub = PCI_IDE
2284 pci_conf[0x0b] = 0x01; // class_base = PCI_mass_storage
2285 pci_conf[0x0e] = 0x00; // header_type
2287 if (secondary_ide_enabled) {
2288 /* XXX: if not enabled, really disable the seconday IDE controller */
2289 pci_conf[0x51] = 0x80; /* enable IDE1 */
2292 pci_register_io_region((PCIDevice *)d, 0, 0x8,
2293 PCI_ADDRESS_SPACE_IO, ide_map);
2294 pci_register_io_region((PCIDevice *)d, 1, 0x4,
2295 PCI_ADDRESS_SPACE_IO, ide_map);
2296 pci_register_io_region((PCIDevice *)d, 2, 0x8,
2297 PCI_ADDRESS_SPACE_IO, ide_map);
2298 pci_register_io_region((PCIDevice *)d, 3, 0x4,
2299 PCI_ADDRESS_SPACE_IO, ide_map);
2300 pci_register_io_region((PCIDevice *)d, 4, 0x10,
2301 PCI_ADDRESS_SPACE_IO, bmdma_map);
2303 pci_conf[0x3d] = 0x01; // interrupt on pin 1
2305 for(i = 0; i < 4; i++)
2306 d->ide_if[i].pci_dev = (PCIDevice *)d;
2307 ide_init2(&d->ide_if[0], hd_table[0], hd_table[1],
2308 cmd646_set_irq, d, 0);
2309 ide_init2(&d->ide_if[2], hd_table[2], hd_table[3],
2310 cmd646_set_irq, d, 1);
2313 /* hd_table must contain 4 block drivers */
2314 /* NOTE: for the PIIX3, the IRQs and IOports are hardcoded */
2315 void pci_piix3_ide_init(PCIBus *bus, BlockDriverState **hd_table)
2320 /* register a function 1 of PIIX3 */
2321 d = (PCIIDEState *)pci_register_device(bus, "PIIX3 IDE",
2322 sizeof(PCIIDEState),
2323 ((PCIDevice *)piix3_state)->devfn + 1,
2325 d->type = IDE_TYPE_PIIX3;
2327 pci_conf = d->dev.config;
2328 pci_conf[0x00] = 0x86; // Intel
2329 pci_conf[0x01] = 0x80;
2330 pci_conf[0x02] = 0x10;
2331 pci_conf[0x03] = 0x70;
2332 pci_conf[0x0a] = 0x01; // class_sub = PCI_IDE
2333 pci_conf[0x0b] = 0x01; // class_base = PCI_mass_storage
2334 pci_conf[0x0e] = 0x00; // header_type
2336 pci_register_io_region((PCIDevice *)d, 4, 0x10,
2337 PCI_ADDRESS_SPACE_IO, bmdma_map);
2339 ide_init2(&d->ide_if[0], hd_table[0], hd_table[1],
2340 pic_set_irq_new, isa_pic, 14);
2341 ide_init2(&d->ide_if[2], hd_table[2], hd_table[3],
2342 pic_set_irq_new, isa_pic, 15);
2343 ide_init_ioport(&d->ide_if[0], 0x1f0, 0x3f6);
2344 ide_init_ioport(&d->ide_if[2], 0x170, 0x376);
2347 /***********************************************************/
2348 /* MacIO based PowerPC IDE */
2350 /* PowerMac IDE memory IO */
2351 static void pmac_ide_writeb (void *opaque,
2352 target_phys_addr_t addr, uint32_t val)
2354 addr = (addr & 0xFFF) >> 4;
2357 ide_ioport_write(opaque, addr, val);
2361 ide_cmd_write(opaque, 0, val);
2368 static uint32_t pmac_ide_readb (void *opaque,target_phys_addr_t addr)
2372 addr = (addr & 0xFFF) >> 4;
2375 retval = ide_ioport_read(opaque, addr);
2379 retval = ide_status_read(opaque, 0);
2388 static void pmac_ide_writew (void *opaque,
2389 target_phys_addr_t addr, uint32_t val)
2391 addr = (addr & 0xFFF) >> 4;
2392 #ifdef TARGET_WORDS_BIGENDIAN
2396 ide_data_writew(opaque, 0, val);
2400 static uint32_t pmac_ide_readw (void *opaque,target_phys_addr_t addr)
2404 addr = (addr & 0xFFF) >> 4;
2406 retval = ide_data_readw(opaque, 0);
2410 #ifdef TARGET_WORDS_BIGENDIAN
2411 retval = bswap16(retval);
2416 static void pmac_ide_writel (void *opaque,
2417 target_phys_addr_t addr, uint32_t val)
2419 addr = (addr & 0xFFF) >> 4;
2420 #ifdef TARGET_WORDS_BIGENDIAN
2424 ide_data_writel(opaque, 0, val);
2428 static uint32_t pmac_ide_readl (void *opaque,target_phys_addr_t addr)
2432 addr = (addr & 0xFFF) >> 4;
2434 retval = ide_data_readl(opaque, 0);
2436 retval = 0xFFFFFFFF;
2438 #ifdef TARGET_WORDS_BIGENDIAN
2439 retval = bswap32(retval);
2444 static CPUWriteMemoryFunc *pmac_ide_write[] = {
2450 static CPUReadMemoryFunc *pmac_ide_read[] = {
2456 /* hd_table must contain 4 block drivers */
2457 /* PowerMac uses memory mapped registers, not I/O. Return the memory
2458 I/O index to access the ide. */
2459 int pmac_ide_init (BlockDriverState **hd_table,
2460 SetIRQFunc *set_irq, void *irq_opaque, int irq)
2463 int pmac_ide_memory;
2465 ide_if = qemu_mallocz(sizeof(IDEState) * 2);
2466 ide_init2(&ide_if[0], hd_table[0], hd_table[1],
2467 set_irq, irq_opaque, irq);
2469 pmac_ide_memory = cpu_register_io_memory(0, pmac_ide_read,
2470 pmac_ide_write, &ide_if[0]);
2471 return pmac_ide_memory;
projects / qemu / blob