2 * QEMU IDE disk and CD/DVD-ROM Emulator
4 * Copyright (c) 2003 Fabrice Bellard
5 * Copyright (c) 2006 Openedhand Ltd.
7 * Permission is hereby granted, free of charge, to any person obtaining a copy
8 * of this software and associated documentation files (the "Software"), to deal
9 * in the Software without restriction, including without limitation the rights
10 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
11 * copies of the Software, and to permit persons to whom the Software is
12 * furnished to do so, subject to the following conditions:
14 * The above copyright notice and this permission notice shall be included in
15 * all copies or substantial portions of the Software.
17 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
18 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
19 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
20 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
21 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
22 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
28 #include "scsi-disk.h"
31 #include "block_int.h"
32 #include "qemu-timer.h"
35 #include "mac_dbdma.h"
39 /* debug IDE devices */
41 //#define DEBUG_IDE_ATAPI
45 /* Bits of HD_STATUS */
47 #define INDEX_STAT 0x02
48 #define ECC_STAT 0x04 /* Corrected error */
50 #define SEEK_STAT 0x10
52 #define WRERR_STAT 0x20
53 #define READY_STAT 0x40
54 #define BUSY_STAT 0x80
56 /* Bits for HD_ERROR */
57 #define MARK_ERR 0x01 /* Bad address mark */
58 #define TRK0_ERR 0x02 /* couldn't find track 0 */
59 #define ABRT_ERR 0x04 /* Command aborted */
60 #define MCR_ERR 0x08 /* media change request */
61 #define ID_ERR 0x10 /* ID field not found */
62 #define MC_ERR 0x20 /* media changed */
63 #define ECC_ERR 0x40 /* Uncorrectable ECC error */
64 #define BBD_ERR 0x80 /* pre-EIDE meaning: block marked bad */
65 #define ICRC_ERR 0x80 /* new meaning: CRC error during transfer */
67 /* Bits of HD_NSECTOR */
73 #define IDE_CMD_RESET 0x04
74 #define IDE_CMD_DISABLE_IRQ 0x02
76 /* ATA/ATAPI Commands pre T13 Spec */
81 #define CFA_REQ_EXT_ERROR_CODE 0x03 /* CFA Request Extended Error Code */
85 #define WIN_SRST 0x08 /* ATAPI soft reset command */
86 #define WIN_DEVICE_RESET 0x08
90 #define WIN_RECAL 0x10
91 #define WIN_RESTORE WIN_RECAL
95 #define WIN_READ 0x20 /* 28-Bit */
96 #define WIN_READ_ONCE 0x21 /* 28-Bit without retries */
97 #define WIN_READ_LONG 0x22 /* 28-Bit */
98 #define WIN_READ_LONG_ONCE 0x23 /* 28-Bit without retries */
99 #define WIN_READ_EXT 0x24 /* 48-Bit */
100 #define WIN_READDMA_EXT 0x25 /* 48-Bit */
101 #define WIN_READDMA_QUEUED_EXT 0x26 /* 48-Bit */
102 #define WIN_READ_NATIVE_MAX_EXT 0x27 /* 48-Bit */
106 #define WIN_MULTREAD_EXT 0x29 /* 48-Bit */
108 * 0x2A->0x2F Reserved
110 #define WIN_WRITE 0x30 /* 28-Bit */
111 #define WIN_WRITE_ONCE 0x31 /* 28-Bit without retries */
112 #define WIN_WRITE_LONG 0x32 /* 28-Bit */
113 #define WIN_WRITE_LONG_ONCE 0x33 /* 28-Bit without retries */
114 #define WIN_WRITE_EXT 0x34 /* 48-Bit */
115 #define WIN_WRITEDMA_EXT 0x35 /* 48-Bit */
116 #define WIN_WRITEDMA_QUEUED_EXT 0x36 /* 48-Bit */
117 #define WIN_SET_MAX_EXT 0x37 /* 48-Bit */
118 #define CFA_WRITE_SECT_WO_ERASE 0x38 /* CFA Write Sectors without erase */
119 #define WIN_MULTWRITE_EXT 0x39 /* 48-Bit */
121 * 0x3A->0x3B Reserved
123 #define WIN_WRITE_VERIFY 0x3C /* 28-Bit */
125 * 0x3D->0x3F Reserved
127 #define WIN_VERIFY 0x40 /* 28-Bit - Read Verify Sectors */
128 #define WIN_VERIFY_ONCE 0x41 /* 28-Bit - without retries */
129 #define WIN_VERIFY_EXT 0x42 /* 48-Bit */
131 * 0x43->0x4F Reserved
133 #define WIN_FORMAT 0x50
135 * 0x51->0x5F Reserved
137 #define WIN_INIT 0x60
139 * 0x61->0x5F Reserved
141 #define WIN_SEEK 0x70 /* 0x70-0x7F Reserved */
142 #define CFA_TRANSLATE_SECTOR 0x87 /* CFA Translate Sector */
143 #define WIN_DIAGNOSE 0x90
144 #define WIN_SPECIFY 0x91 /* set drive geometry translation */
145 #define WIN_DOWNLOAD_MICROCODE 0x92
146 #define WIN_STANDBYNOW2 0x94
147 #define CFA_IDLEIMMEDIATE 0x95 /* force drive to become "ready" */
148 #define WIN_STANDBY2 0x96
149 #define WIN_SETIDLE2 0x97
150 #define WIN_CHECKPOWERMODE2 0x98
151 #define WIN_SLEEPNOW2 0x99
155 #define WIN_PACKETCMD 0xA0 /* Send a packet command. */
156 #define WIN_PIDENTIFY 0xA1 /* identify ATAPI device */
157 #define WIN_QUEUED_SERVICE 0xA2
158 #define WIN_SMART 0xB0 /* self-monitoring and reporting */
159 #define CFA_ACCESS_METADATA_STORAGE 0xB8
160 #define CFA_ERASE_SECTORS 0xC0 /* microdrives implement as NOP */
161 #define WIN_MULTREAD 0xC4 /* read sectors using multiple mode*/
162 #define WIN_MULTWRITE 0xC5 /* write sectors using multiple mode */
163 #define WIN_SETMULT 0xC6 /* enable/disable multiple mode */
164 #define WIN_READDMA_QUEUED 0xC7 /* read sectors using Queued DMA transfers */
165 #define WIN_READDMA 0xC8 /* read sectors using DMA transfers */
166 #define WIN_READDMA_ONCE 0xC9 /* 28-Bit - without retries */
167 #define WIN_WRITEDMA 0xCA /* write sectors using DMA transfers */
168 #define WIN_WRITEDMA_ONCE 0xCB /* 28-Bit - without retries */
169 #define WIN_WRITEDMA_QUEUED 0xCC /* write sectors using Queued DMA transfers */
170 #define CFA_WRITE_MULTI_WO_ERASE 0xCD /* CFA Write multiple without erase */
171 #define WIN_GETMEDIASTATUS 0xDA
172 #define WIN_ACKMEDIACHANGE 0xDB /* ATA-1, ATA-2 vendor */
173 #define WIN_POSTBOOT 0xDC
174 #define WIN_PREBOOT 0xDD
175 #define WIN_DOORLOCK 0xDE /* lock door on removable drives */
176 #define WIN_DOORUNLOCK 0xDF /* unlock door on removable drives */
177 #define WIN_STANDBYNOW1 0xE0
178 #define WIN_IDLEIMMEDIATE 0xE1 /* force drive to become "ready" */
179 #define WIN_STANDBY 0xE2 /* Set device in Standby Mode */
180 #define WIN_SETIDLE1 0xE3
181 #define WIN_READ_BUFFER 0xE4 /* force read only 1 sector */
182 #define WIN_CHECKPOWERMODE1 0xE5
183 #define WIN_SLEEPNOW1 0xE6
184 #define WIN_FLUSH_CACHE 0xE7
185 #define WIN_WRITE_BUFFER 0xE8 /* force write only 1 sector */
186 #define WIN_WRITE_SAME 0xE9 /* read ata-2 to use */
187 /* SET_FEATURES 0x22 or 0xDD */
188 #define WIN_FLUSH_CACHE_EXT 0xEA /* 48-Bit */
189 #define WIN_IDENTIFY 0xEC /* ask drive to identify itself */
190 #define WIN_MEDIAEJECT 0xED
191 #define WIN_IDENTIFY_DMA 0xEE /* same as WIN_IDENTIFY, but DMA */
192 #define WIN_SETFEATURES 0xEF /* set special drive features */
193 #define EXABYTE_ENABLE_NEST 0xF0
194 #define IBM_SENSE_CONDITION 0xF0 /* measure disk temperature */
195 #define WIN_SECURITY_SET_PASS 0xF1
196 #define WIN_SECURITY_UNLOCK 0xF2
197 #define WIN_SECURITY_ERASE_PREPARE 0xF3
198 #define WIN_SECURITY_ERASE_UNIT 0xF4
199 #define WIN_SECURITY_FREEZE_LOCK 0xF5
200 #define CFA_WEAR_LEVEL 0xF5 /* microdrives implement as NOP */
201 #define WIN_SECURITY_DISABLE 0xF6
202 #define WIN_READ_NATIVE_MAX 0xF8 /* return the native maximum address */
203 #define WIN_SET_MAX 0xF9
204 #define DISABLE_SEAGATE 0xFB
206 /* set to 1 set disable mult support */
207 #define MAX_MULT_SECTORS 16
209 #define IDE_DMA_BUF_SECTORS 256
211 #if (IDE_DMA_BUF_SECTORS < MAX_MULT_SECTORS)
212 #error "IDE_DMA_BUF_SECTORS must be bigger or equal to MAX_MULT_SECTORS"
217 #define ATAPI_PACKET_SIZE 12
219 /* The generic packet command opcodes for CD/DVD Logical Units,
220 * From Table 57 of the SFF8090 Ver. 3 (Mt. Fuji) draft standard. */
221 #define GPCMD_BLANK 0xa1
222 #define GPCMD_CLOSE_TRACK 0x5b
223 #define GPCMD_FLUSH_CACHE 0x35
224 #define GPCMD_FORMAT_UNIT 0x04
225 #define GPCMD_GET_CONFIGURATION 0x46
226 #define GPCMD_GET_EVENT_STATUS_NOTIFICATION 0x4a
227 #define GPCMD_GET_PERFORMANCE 0xac
228 #define GPCMD_INQUIRY 0x12
229 #define GPCMD_LOAD_UNLOAD 0xa6
230 #define GPCMD_MECHANISM_STATUS 0xbd
231 #define GPCMD_MODE_SELECT_10 0x55
232 #define GPCMD_MODE_SENSE_10 0x5a
233 #define GPCMD_PAUSE_RESUME 0x4b
234 #define GPCMD_PLAY_AUDIO_10 0x45
235 #define GPCMD_PLAY_AUDIO_MSF 0x47
236 #define GPCMD_PLAY_AUDIO_TI 0x48
237 #define GPCMD_PLAY_CD 0xbc
238 #define GPCMD_PREVENT_ALLOW_MEDIUM_REMOVAL 0x1e
239 #define GPCMD_READ_10 0x28
240 #define GPCMD_READ_12 0xa8
241 #define GPCMD_READ_CDVD_CAPACITY 0x25
242 #define GPCMD_READ_CD 0xbe
243 #define GPCMD_READ_CD_MSF 0xb9
244 #define GPCMD_READ_DISC_INFO 0x51
245 #define GPCMD_READ_DVD_STRUCTURE 0xad
246 #define GPCMD_READ_FORMAT_CAPACITIES 0x23
247 #define GPCMD_READ_HEADER 0x44
248 #define GPCMD_READ_TRACK_RZONE_INFO 0x52
249 #define GPCMD_READ_SUBCHANNEL 0x42
250 #define GPCMD_READ_TOC_PMA_ATIP 0x43
251 #define GPCMD_REPAIR_RZONE_TRACK 0x58
252 #define GPCMD_REPORT_KEY 0xa4
253 #define GPCMD_REQUEST_SENSE 0x03
254 #define GPCMD_RESERVE_RZONE_TRACK 0x53
255 #define GPCMD_SCAN 0xba
256 #define GPCMD_SEEK 0x2b
257 #define GPCMD_SEND_DVD_STRUCTURE 0xad
258 #define GPCMD_SEND_EVENT 0xa2
259 #define GPCMD_SEND_KEY 0xa3
260 #define GPCMD_SEND_OPC 0x54
261 #define GPCMD_SET_READ_AHEAD 0xa7
262 #define GPCMD_SET_STREAMING 0xb6
263 #define GPCMD_START_STOP_UNIT 0x1b
264 #define GPCMD_STOP_PLAY_SCAN 0x4e
265 #define GPCMD_TEST_UNIT_READY 0x00
266 #define GPCMD_VERIFY_10 0x2f
267 #define GPCMD_WRITE_10 0x2a
268 #define GPCMD_WRITE_AND_VERIFY_10 0x2e
269 /* This is listed as optional in ATAPI 2.6, but is (curiously)
270 * missing from Mt. Fuji, Table 57. It _is_ mentioned in Mt. Fuji
271 * Table 377 as an MMC command for SCSi devices though... Most ATAPI
272 * drives support it. */
273 #define GPCMD_SET_SPEED 0xbb
274 /* This seems to be a SCSI specific CD-ROM opcode
275 * to play data at track/index */
276 #define GPCMD_PLAYAUDIO_TI 0x48
278 * From MS Media Status Notification Support Specification. For
281 #define GPCMD_GET_MEDIA_STATUS 0xda
282 #define GPCMD_MODE_SENSE_6 0x1a
284 /* Mode page codes for mode sense/set */
285 #define GPMODE_R_W_ERROR_PAGE 0x01
286 #define GPMODE_WRITE_PARMS_PAGE 0x05
287 #define GPMODE_AUDIO_CTL_PAGE 0x0e
288 #define GPMODE_POWER_PAGE 0x1a
289 #define GPMODE_FAULT_FAIL_PAGE 0x1c
290 #define GPMODE_TO_PROTECT_PAGE 0x1d
291 #define GPMODE_CAPABILITIES_PAGE 0x2a
292 #define GPMODE_ALL_PAGES 0x3f
293 /* Not in Mt. Fuji, but in ATAPI 2.6 -- depricated now in favor
294 * of MODE_SENSE_POWER_PAGE */
295 #define GPMODE_CDROM_PAGE 0x0d
298 * Based on values from <linux/cdrom.h> but extending CD_MINS
299 * to the maximum common size allowed by the Orange's Book ATIP
301 * 90 and 99 min CDs are also available but using them as the
302 * upper limit reduces the effectiveness of the heuristic to
303 * detect DVDs burned to less than 25% of their maximum capacity
306 /* Some generally useful CD-ROM information */
307 #define CD_MINS 80 /* max. minutes per CD */
308 #define CD_SECS 60 /* seconds per minute */
309 #define CD_FRAMES 75 /* frames per second */
310 #define CD_FRAMESIZE 2048 /* bytes per frame, "cooked" mode */
311 #define CD_MAX_BYTES (CD_MINS * CD_SECS * CD_FRAMES * CD_FRAMESIZE)
312 #define CD_MAX_SECTORS (CD_MAX_BYTES / 512)
315 * The MMC values are not IDE specific and might need to be moved
316 * to a common header if they are also needed for the SCSI emulation
319 /* Profile list from MMC-6 revision 1 table 91 */
320 #define MMC_PROFILE_NONE 0x0000
321 #define MMC_PROFILE_CD_ROM 0x0008
322 #define MMC_PROFILE_CD_R 0x0009
323 #define MMC_PROFILE_CD_RW 0x000A
324 #define MMC_PROFILE_DVD_ROM 0x0010
325 #define MMC_PROFILE_DVD_R_SR 0x0011
326 #define MMC_PROFILE_DVD_RAM 0x0012
327 #define MMC_PROFILE_DVD_RW_RO 0x0013
328 #define MMC_PROFILE_DVD_RW_SR 0x0014
329 #define MMC_PROFILE_DVD_R_DL_SR 0x0015
330 #define MMC_PROFILE_DVD_R_DL_JR 0x0016
331 #define MMC_PROFILE_DVD_RW_DL 0x0017
332 #define MMC_PROFILE_DVD_DDR 0x0018
333 #define MMC_PROFILE_DVD_PLUS_RW 0x001A
334 #define MMC_PROFILE_DVD_PLUS_R 0x001B
335 #define MMC_PROFILE_DVD_PLUS_RW_DL 0x002A
336 #define MMC_PROFILE_DVD_PLUS_R_DL 0x002B
337 #define MMC_PROFILE_BD_ROM 0x0040
338 #define MMC_PROFILE_BD_R_SRM 0x0041
339 #define MMC_PROFILE_BD_R_RRM 0x0042
340 #define MMC_PROFILE_BD_RE 0x0043
341 #define MMC_PROFILE_HDDVD_ROM 0x0050
342 #define MMC_PROFILE_HDDVD_R 0x0051
343 #define MMC_PROFILE_HDDVD_RAM 0x0052
344 #define MMC_PROFILE_HDDVD_RW 0x0053
345 #define MMC_PROFILE_HDDVD_R_DL 0x0058
346 #define MMC_PROFILE_HDDVD_RW_DL 0x005A
347 #define MMC_PROFILE_INVALID 0xFFFF
349 #define ATAPI_INT_REASON_CD 0x01 /* 0 = data transfer */
350 #define ATAPI_INT_REASON_IO 0x02 /* 1 = transfer to the host */
351 #define ATAPI_INT_REASON_REL 0x04
352 #define ATAPI_INT_REASON_TAG 0xf8
354 /* same constants as bochs */
355 #define ASC_ILLEGAL_OPCODE 0x20
356 #define ASC_LOGICAL_BLOCK_OOR 0x21
357 #define ASC_INV_FIELD_IN_CMD_PACKET 0x24
358 #define ASC_MEDIUM_MAY_HAVE_CHANGED 0x28
359 #define ASC_INCOMPATIBLE_FORMAT 0x30
360 #define ASC_MEDIUM_NOT_PRESENT 0x3a
361 #define ASC_SAVING_PARAMETERS_NOT_SUPPORTED 0x39
363 #define CFA_NO_ERROR 0x00
364 #define CFA_MISC_ERROR 0x09
365 #define CFA_INVALID_COMMAND 0x20
366 #define CFA_INVALID_ADDRESS 0x21
367 #define CFA_ADDRESS_OVERFLOW 0x2f
370 #define SENSE_NOT_READY 2
371 #define SENSE_ILLEGAL_REQUEST 5
372 #define SENSE_UNIT_ATTENTION 6
376 typedef void EndTransferFunc(struct IDEState *);
378 /* NOTE: IDEState represents in fact one drive */
379 typedef struct IDEState {
383 int cylinders, heads, sectors;
387 uint16_t identify_data[256];
390 struct BMDMAState *bmdma;
392 char drive_serial_str[21];
400 /* other part of tf for lba48 support */
410 /* 0x3f6 command, only meaningful for drive 0 */
412 /* set for lba48 access */
414 /* depends on bit 4 in select, only meaningful for drive 0 */
415 struct IDEState *cur_drive;
416 BlockDriverState *bs;
420 int packet_transfer_size;
421 int elementary_transfer_size;
425 int atapi_dma; /* true if dma is requested for the packet cmd */
429 /* PIO transfer handling */
430 int req_nb_sectors; /* number of sectors per interrupt */
431 EndTransferFunc *end_transfer_func;
435 QEMUTimer *sector_write_timer; /* only used for win2k install hack */
436 uint32_t irq_count; /* counts IRQs when using win2k install hack */
437 /* CF-ATA extended error */
439 /* CF-ATA metadata storage */
441 uint8_t *mdata_storage;
447 /* XXX: DVDs that could fit on a CD will be reported as a CD */
448 static inline int media_present(IDEState *s)
450 return (s->nb_sectors > 0);
453 static inline int media_is_dvd(IDEState *s)
455 return (media_present(s) && s->nb_sectors > CD_MAX_SECTORS);
458 static inline int media_is_cd(IDEState *s)
460 return (media_present(s) && s->nb_sectors <= CD_MAX_SECTORS);
463 #define BM_STATUS_DMAING 0x01
464 #define BM_STATUS_ERROR 0x02
465 #define BM_STATUS_INT 0x04
466 #define BM_STATUS_DMA_RETRY 0x08
467 #define BM_STATUS_PIO_RETRY 0x10
469 #define BM_CMD_START 0x01
470 #define BM_CMD_READ 0x08
472 #define IDE_TYPE_PIIX3 0
473 #define IDE_TYPE_CMD646 1
474 #define IDE_TYPE_PIIX4 2
476 /* CMD646 specific */
478 #define MRDMODE_INTR_CH0 0x04
479 #define MRDMODE_INTR_CH1 0x08
480 #define MRDMODE_BLK_CH0 0x10
481 #define MRDMODE_BLK_CH1 0x20
482 #define UDIDETCR0 0x73
483 #define UDIDETCR1 0x7B
485 typedef struct BMDMAState {
490 struct PCIIDEState *pci_dev;
491 /* current transfer state */
493 uint32_t cur_prd_last;
494 uint32_t cur_prd_addr;
495 uint32_t cur_prd_len;
497 BlockDriverCompletionFunc *dma_cb;
498 BlockDriverAIOCB *aiocb;
503 typedef struct PCIIDEState {
507 int type; /* see IDE_TYPE_xxx */
510 static void ide_dma_start(IDEState *s, BlockDriverCompletionFunc *dma_cb);
511 static void ide_dma_restart(IDEState *s);
512 static void ide_atapi_cmd_read_dma_cb(void *opaque, int ret);
514 static void padstr(char *str, const char *src, int len)
517 for(i = 0; i < len; i++) {
526 static void padstr8(uint8_t *buf, int buf_size, const char *src)
529 for(i = 0; i < buf_size; i++) {
537 static void put_le16(uint16_t *p, unsigned int v)
542 static void ide_identify(IDEState *s)
545 unsigned int oldsize;
547 if (s->identify_set) {
548 memcpy(s->io_buffer, s->identify_data, sizeof(s->identify_data));
552 memset(s->io_buffer, 0, 512);
553 p = (uint16_t *)s->io_buffer;
554 put_le16(p + 0, 0x0040);
555 put_le16(p + 1, s->cylinders);
556 put_le16(p + 3, s->heads);
557 put_le16(p + 4, 512 * s->sectors); /* XXX: retired, remove ? */
558 put_le16(p + 5, 512); /* XXX: retired, remove ? */
559 put_le16(p + 6, s->sectors);
560 padstr((char *)(p + 10), s->drive_serial_str, 20); /* serial number */
561 put_le16(p + 20, 3); /* XXX: retired, remove ? */
562 put_le16(p + 21, 512); /* cache size in sectors */
563 put_le16(p + 22, 4); /* ecc bytes */
564 padstr((char *)(p + 23), QEMU_VERSION, 8); /* firmware version */
565 padstr((char *)(p + 27), "QEMU HARDDISK", 40); /* model */
566 #if MAX_MULT_SECTORS > 1
567 put_le16(p + 47, 0x8000 | MAX_MULT_SECTORS);
569 put_le16(p + 48, 1); /* dword I/O */
570 put_le16(p + 49, (1 << 11) | (1 << 9) | (1 << 8)); /* DMA and LBA supported */
571 put_le16(p + 51, 0x200); /* PIO transfer cycle */
572 put_le16(p + 52, 0x200); /* DMA transfer cycle */
573 put_le16(p + 53, 1 | (1 << 1) | (1 << 2)); /* words 54-58,64-70,88 are valid */
574 put_le16(p + 54, s->cylinders);
575 put_le16(p + 55, s->heads);
576 put_le16(p + 56, s->sectors);
577 oldsize = s->cylinders * s->heads * s->sectors;
578 put_le16(p + 57, oldsize);
579 put_le16(p + 58, oldsize >> 16);
581 put_le16(p + 59, 0x100 | s->mult_sectors);
582 put_le16(p + 60, s->nb_sectors);
583 put_le16(p + 61, s->nb_sectors >> 16);
584 put_le16(p + 62, 0x07); /* single word dma0-2 supported */
585 put_le16(p + 63, 0x07); /* mdma0-2 supported */
586 put_le16(p + 65, 120);
587 put_le16(p + 66, 120);
588 put_le16(p + 67, 120);
589 put_le16(p + 68, 120);
590 put_le16(p + 80, 0xf0); /* ata3 -> ata6 supported */
591 put_le16(p + 81, 0x16); /* conforms to ata5 */
592 put_le16(p + 82, (1 << 14));
593 /* 13=flush_cache_ext,12=flush_cache,10=lba48 */
594 put_le16(p + 83, (1 << 14) | (1 << 13) | (1 <<12) | (1 << 10));
595 put_le16(p + 84, (1 << 14));
596 put_le16(p + 85, (1 << 14));
597 /* 13=flush_cache_ext,12=flush_cache,10=lba48 */
598 put_le16(p + 86, (1 << 14) | (1 << 13) | (1 <<12) | (1 << 10));
599 put_le16(p + 87, (1 << 14));
600 put_le16(p + 88, 0x3f | (1 << 13)); /* udma5 set and supported */
601 put_le16(p + 93, 1 | (1 << 14) | 0x2000);
602 put_le16(p + 100, s->nb_sectors);
603 put_le16(p + 101, s->nb_sectors >> 16);
604 put_le16(p + 102, s->nb_sectors >> 32);
605 put_le16(p + 103, s->nb_sectors >> 48);
607 memcpy(s->identify_data, p, sizeof(s->identify_data));
611 static void ide_atapi_identify(IDEState *s)
615 if (s->identify_set) {
616 memcpy(s->io_buffer, s->identify_data, sizeof(s->identify_data));
620 memset(s->io_buffer, 0, 512);
621 p = (uint16_t *)s->io_buffer;
622 /* Removable CDROM, 50us response, 12 byte packets */
623 put_le16(p + 0, (2 << 14) | (5 << 8) | (1 << 7) | (2 << 5) | (0 << 0));
624 padstr((char *)(p + 10), s->drive_serial_str, 20); /* serial number */
625 put_le16(p + 20, 3); /* buffer type */
626 put_le16(p + 21, 512); /* cache size in sectors */
627 put_le16(p + 22, 4); /* ecc bytes */
628 padstr((char *)(p + 23), QEMU_VERSION, 8); /* firmware version */
629 padstr((char *)(p + 27), "QEMU DVD-ROM", 40); /* model */
630 put_le16(p + 48, 1); /* dword I/O (XXX: should not be set on CDROM) */
632 put_le16(p + 49, 1 << 9 | 1 << 8); /* DMA and LBA supported */
633 put_le16(p + 53, 7); /* words 64-70, 54-58, 88 valid */
634 put_le16(p + 62, 7); /* single word dma0-2 supported */
635 put_le16(p + 63, 7); /* mdma0-2 supported */
636 put_le16(p + 64, 0x3f); /* PIO modes supported */
638 put_le16(p + 49, 1 << 9); /* LBA supported, no DMA */
639 put_le16(p + 53, 3); /* words 64-70, 54-58 valid */
640 put_le16(p + 63, 0x103); /* DMA modes XXX: may be incorrect */
641 put_le16(p + 64, 1); /* PIO modes */
643 put_le16(p + 65, 0xb4); /* minimum DMA multiword tx cycle time */
644 put_le16(p + 66, 0xb4); /* recommended DMA multiword tx cycle time */
645 put_le16(p + 67, 0x12c); /* minimum PIO cycle time without flow control */
646 put_le16(p + 68, 0xb4); /* minimum PIO cycle time with IORDY flow control */
648 put_le16(p + 71, 30); /* in ns */
649 put_le16(p + 72, 30); /* in ns */
651 put_le16(p + 80, 0x1e); /* support up to ATA/ATAPI-4 */
653 put_le16(p + 88, 0x3f | (1 << 13)); /* udma5 set and supported */
655 memcpy(s->identify_data, p, sizeof(s->identify_data));
659 static void ide_cfata_identify(IDEState *s)
664 p = (uint16_t *) s->identify_data;
668 memset(p, 0, sizeof(s->identify_data));
670 cur_sec = s->cylinders * s->heads * s->sectors;
672 put_le16(p + 0, 0x848a); /* CF Storage Card signature */
673 put_le16(p + 1, s->cylinders); /* Default cylinders */
674 put_le16(p + 3, s->heads); /* Default heads */
675 put_le16(p + 6, s->sectors); /* Default sectors per track */
676 put_le16(p + 7, s->nb_sectors >> 16); /* Sectors per card */
677 put_le16(p + 8, s->nb_sectors); /* Sectors per card */
678 padstr((char *)(p + 10), s->drive_serial_str, 20); /* serial number */
679 put_le16(p + 22, 0x0004); /* ECC bytes */
680 padstr((char *) (p + 23), QEMU_VERSION, 8); /* Firmware Revision */
681 padstr((char *) (p + 27), "QEMU MICRODRIVE", 40);/* Model number */
682 #if MAX_MULT_SECTORS > 1
683 put_le16(p + 47, 0x8000 | MAX_MULT_SECTORS);
685 put_le16(p + 47, 0x0000);
687 put_le16(p + 49, 0x0f00); /* Capabilities */
688 put_le16(p + 51, 0x0002); /* PIO cycle timing mode */
689 put_le16(p + 52, 0x0001); /* DMA cycle timing mode */
690 put_le16(p + 53, 0x0003); /* Translation params valid */
691 put_le16(p + 54, s->cylinders); /* Current cylinders */
692 put_le16(p + 55, s->heads); /* Current heads */
693 put_le16(p + 56, s->sectors); /* Current sectors */
694 put_le16(p + 57, cur_sec); /* Current capacity */
695 put_le16(p + 58, cur_sec >> 16); /* Current capacity */
696 if (s->mult_sectors) /* Multiple sector setting */
697 put_le16(p + 59, 0x100 | s->mult_sectors);
698 put_le16(p + 60, s->nb_sectors); /* Total LBA sectors */
699 put_le16(p + 61, s->nb_sectors >> 16); /* Total LBA sectors */
700 put_le16(p + 63, 0x0203); /* Multiword DMA capability */
701 put_le16(p + 64, 0x0001); /* Flow Control PIO support */
702 put_le16(p + 65, 0x0096); /* Min. Multiword DMA cycle */
703 put_le16(p + 66, 0x0096); /* Rec. Multiword DMA cycle */
704 put_le16(p + 68, 0x00b4); /* Min. PIO cycle time */
705 put_le16(p + 82, 0x400c); /* Command Set supported */
706 put_le16(p + 83, 0x7068); /* Command Set supported */
707 put_le16(p + 84, 0x4000); /* Features supported */
708 put_le16(p + 85, 0x000c); /* Command Set enabled */
709 put_le16(p + 86, 0x7044); /* Command Set enabled */
710 put_le16(p + 87, 0x4000); /* Features enabled */
711 put_le16(p + 91, 0x4060); /* Current APM level */
712 put_le16(p + 129, 0x0002); /* Current features option */
713 put_le16(p + 130, 0x0005); /* Reassigned sectors */
714 put_le16(p + 131, 0x0001); /* Initial power mode */
715 put_le16(p + 132, 0x0000); /* User signature */
716 put_le16(p + 160, 0x8100); /* Power requirement */
717 put_le16(p + 161, 0x8001); /* CF command set */
722 memcpy(s->io_buffer, p, sizeof(s->identify_data));
725 static void ide_set_signature(IDEState *s)
727 s->select &= 0xf0; /* clear head */
743 static inline void ide_abort_command(IDEState *s)
745 s->status = READY_STAT | ERR_STAT;
749 static inline void ide_dma_submit_check(IDEState *s,
750 BlockDriverCompletionFunc *dma_cb, BMDMAState *bm)
757 static inline void ide_set_irq(IDEState *s)
759 BMDMAState *bm = s->bmdma;
760 if (!(s->cmd & IDE_CMD_DISABLE_IRQ)) {
762 bm->status |= BM_STATUS_INT;
764 qemu_irq_raise(s->irq);
768 /* prepare data transfer and tell what to do after */
769 static void ide_transfer_start(IDEState *s, uint8_t *buf, int size,
770 EndTransferFunc *end_transfer_func)
772 s->end_transfer_func = end_transfer_func;
774 s->data_end = buf + size;
775 if (!(s->status & ERR_STAT))
776 s->status |= DRQ_STAT;
779 static void ide_transfer_stop(IDEState *s)
781 s->end_transfer_func = ide_transfer_stop;
782 s->data_ptr = s->io_buffer;
783 s->data_end = s->io_buffer;
784 s->status &= ~DRQ_STAT;
787 static int64_t ide_get_sector(IDEState *s)
790 if (s->select & 0x40) {
793 sector_num = ((s->select & 0x0f) << 24) | (s->hcyl << 16) |
794 (s->lcyl << 8) | s->sector;
796 sector_num = ((int64_t)s->hob_hcyl << 40) |
797 ((int64_t) s->hob_lcyl << 32) |
798 ((int64_t) s->hob_sector << 24) |
799 ((int64_t) s->hcyl << 16) |
800 ((int64_t) s->lcyl << 8) | s->sector;
803 sector_num = ((s->hcyl << 8) | s->lcyl) * s->heads * s->sectors +
804 (s->select & 0x0f) * s->sectors + (s->sector - 1);
809 static void ide_set_sector(IDEState *s, int64_t sector_num)
812 if (s->select & 0x40) {
814 s->select = (s->select & 0xf0) | (sector_num >> 24);
815 s->hcyl = (sector_num >> 16);
816 s->lcyl = (sector_num >> 8);
817 s->sector = (sector_num);
819 s->sector = sector_num;
820 s->lcyl = sector_num >> 8;
821 s->hcyl = sector_num >> 16;
822 s->hob_sector = sector_num >> 24;
823 s->hob_lcyl = sector_num >> 32;
824 s->hob_hcyl = sector_num >> 40;
827 cyl = sector_num / (s->heads * s->sectors);
828 r = sector_num % (s->heads * s->sectors);
831 s->select = (s->select & 0xf0) | ((r / s->sectors) & 0x0f);
832 s->sector = (r % s->sectors) + 1;
836 static void ide_rw_error(IDEState *s) {
837 ide_abort_command(s);
841 static void ide_sector_read(IDEState *s)
846 s->status = READY_STAT | SEEK_STAT;
847 s->error = 0; /* not needed by IDE spec, but needed by Windows */
848 sector_num = ide_get_sector(s);
851 /* no more sector to read from disk */
852 ide_transfer_stop(s);
854 #if defined(DEBUG_IDE)
855 printf("read sector=%" PRId64 "\n", sector_num);
857 if (n > s->req_nb_sectors)
858 n = s->req_nb_sectors;
859 ret = bdrv_read(s->bs, sector_num, s->io_buffer, n);
864 ide_transfer_start(s, s->io_buffer, 512 * n, ide_sector_read);
866 ide_set_sector(s, sector_num + n);
872 /* return 0 if buffer completed */
873 static int dma_buf_prepare(BMDMAState *bm, int is_write)
875 IDEState *s = bm->ide_if;
882 qemu_sglist_init(&s->sg, s->nsector / (TARGET_PAGE_SIZE/512) + 1);
883 s->io_buffer_size = 0;
885 if (bm->cur_prd_len == 0) {
886 /* end of table (with a fail safe of one page) */
887 if (bm->cur_prd_last ||
888 (bm->cur_addr - bm->addr) >= 4096)
889 return s->io_buffer_size != 0;
890 cpu_physical_memory_read(bm->cur_addr, (uint8_t *)&prd, 8);
892 prd.addr = le32_to_cpu(prd.addr);
893 prd.size = le32_to_cpu(prd.size);
894 len = prd.size & 0xfffe;
897 bm->cur_prd_len = len;
898 bm->cur_prd_addr = prd.addr;
899 bm->cur_prd_last = (prd.size & 0x80000000);
903 qemu_sglist_add(&s->sg, bm->cur_prd_addr, l);
904 bm->cur_prd_addr += l;
905 bm->cur_prd_len -= l;
906 s->io_buffer_size += l;
912 static void dma_buf_commit(IDEState *s, int is_write)
914 qemu_sglist_destroy(&s->sg);
917 static void ide_dma_error(IDEState *s)
919 ide_transfer_stop(s);
921 s->status = READY_STAT | ERR_STAT;
925 static int ide_handle_write_error(IDEState *s, int error, int op)
927 BlockInterfaceErrorAction action = drive_get_onerror(s->bs);
929 if (action == BLOCK_ERR_IGNORE)
932 if ((error == ENOSPC && action == BLOCK_ERR_STOP_ENOSPC)
933 || action == BLOCK_ERR_STOP_ANY) {
934 s->bmdma->ide_if = s;
935 s->bmdma->status |= op;
938 if (op == BM_STATUS_DMA_RETRY) {
939 dma_buf_commit(s, 0);
949 /* return 0 if buffer completed */
950 static int dma_buf_rw(BMDMAState *bm, int is_write)
952 IDEState *s = bm->ide_if;
960 l = s->io_buffer_size - s->io_buffer_index;
963 if (bm->cur_prd_len == 0) {
964 /* end of table (with a fail safe of one page) */
965 if (bm->cur_prd_last ||
966 (bm->cur_addr - bm->addr) >= 4096)
968 cpu_physical_memory_read(bm->cur_addr, (uint8_t *)&prd, 8);
970 prd.addr = le32_to_cpu(prd.addr);
971 prd.size = le32_to_cpu(prd.size);
972 len = prd.size & 0xfffe;
975 bm->cur_prd_len = len;
976 bm->cur_prd_addr = prd.addr;
977 bm->cur_prd_last = (prd.size & 0x80000000);
979 if (l > bm->cur_prd_len)
983 cpu_physical_memory_write(bm->cur_prd_addr,
984 s->io_buffer + s->io_buffer_index, l);
986 cpu_physical_memory_read(bm->cur_prd_addr,
987 s->io_buffer + s->io_buffer_index, l);
989 bm->cur_prd_addr += l;
990 bm->cur_prd_len -= l;
991 s->io_buffer_index += l;
997 static void ide_read_dma_cb(void *opaque, int ret)
999 BMDMAState *bm = opaque;
1000 IDEState *s = bm->ide_if;
1005 dma_buf_commit(s, 1);
1010 n = s->io_buffer_size >> 9;
1011 sector_num = ide_get_sector(s);
1013 dma_buf_commit(s, 1);
1015 ide_set_sector(s, sector_num);
1019 /* end of transfer ? */
1020 if (s->nsector == 0) {
1021 s->status = READY_STAT | SEEK_STAT;
1024 bm->status &= ~BM_STATUS_DMAING;
1025 bm->status |= BM_STATUS_INT;
1032 /* launch next transfer */
1034 s->io_buffer_index = 0;
1035 s->io_buffer_size = n * 512;
1036 if (dma_buf_prepare(bm, 1) == 0)
1039 printf("aio_read: sector_num=%" PRId64 " n=%d\n", sector_num, n);
1041 bm->aiocb = dma_bdrv_read(s->bs, &s->sg, sector_num, ide_read_dma_cb, bm);
1042 ide_dma_submit_check(s, ide_read_dma_cb, bm);
1045 static void ide_sector_read_dma(IDEState *s)
1047 s->status = READY_STAT | SEEK_STAT | DRQ_STAT | BUSY_STAT;
1048 s->io_buffer_index = 0;
1049 s->io_buffer_size = 0;
1051 ide_dma_start(s, ide_read_dma_cb);
1054 static void ide_sector_write_timer_cb(void *opaque)
1056 IDEState *s = opaque;
1060 static void ide_sector_write(IDEState *s)
1065 s->status = READY_STAT | SEEK_STAT;
1066 sector_num = ide_get_sector(s);
1067 #if defined(DEBUG_IDE)
1068 printf("write sector=%" PRId64 "\n", sector_num);
1071 if (n > s->req_nb_sectors)
1072 n = s->req_nb_sectors;
1073 ret = bdrv_write(s->bs, sector_num, s->io_buffer, n);
1076 if (ide_handle_write_error(s, -ret, BM_STATUS_PIO_RETRY))
1081 if (s->nsector == 0) {
1082 /* no more sectors to write */
1083 ide_transfer_stop(s);
1086 if (n1 > s->req_nb_sectors)
1087 n1 = s->req_nb_sectors;
1088 ide_transfer_start(s, s->io_buffer, 512 * n1, ide_sector_write);
1090 ide_set_sector(s, sector_num + n);
1093 if (win2k_install_hack && ((++s->irq_count % 16) == 0)) {
1094 /* It seems there is a bug in the Windows 2000 installer HDD
1095 IDE driver which fills the disk with empty logs when the
1096 IDE write IRQ comes too early. This hack tries to correct
1097 that at the expense of slower write performances. Use this
1098 option _only_ to install Windows 2000. You must disable it
1100 qemu_mod_timer(s->sector_write_timer,
1101 qemu_get_clock(vm_clock) + (ticks_per_sec / 1000));
1109 static void ide_dma_restart_cb(void *opaque, int running, int reason)
1111 BMDMAState *bm = opaque;
1114 if (bm->status & BM_STATUS_DMA_RETRY) {
1115 bm->status &= ~BM_STATUS_DMA_RETRY;
1116 ide_dma_restart(bm->ide_if);
1117 } else if (bm->status & BM_STATUS_PIO_RETRY) {
1118 bm->status &= ~BM_STATUS_PIO_RETRY;
1119 ide_sector_write(bm->ide_if);
1123 static void ide_write_dma_cb(void *opaque, int ret)
1125 BMDMAState *bm = opaque;
1126 IDEState *s = bm->ide_if;
1131 if (ide_handle_write_error(s, -ret, BM_STATUS_DMA_RETRY))
1135 n = s->io_buffer_size >> 9;
1136 sector_num = ide_get_sector(s);
1138 dma_buf_commit(s, 0);
1140 ide_set_sector(s, sector_num);
1144 /* end of transfer ? */
1145 if (s->nsector == 0) {
1146 s->status = READY_STAT | SEEK_STAT;
1149 bm->status &= ~BM_STATUS_DMAING;
1150 bm->status |= BM_STATUS_INT;
1158 s->io_buffer_size = n * 512;
1159 /* launch next transfer */
1160 if (dma_buf_prepare(bm, 0) == 0)
1163 printf("aio_write: sector_num=%" PRId64 " n=%d\n", sector_num, n);
1165 bm->aiocb = dma_bdrv_write(s->bs, &s->sg, sector_num, ide_write_dma_cb, bm);
1166 ide_dma_submit_check(s, ide_write_dma_cb, bm);
1169 static void ide_sector_write_dma(IDEState *s)
1171 s->status = READY_STAT | SEEK_STAT | DRQ_STAT | BUSY_STAT;
1172 s->io_buffer_index = 0;
1173 s->io_buffer_size = 0;
1175 ide_dma_start(s, ide_write_dma_cb);
1178 static void ide_atapi_cmd_ok(IDEState *s)
1181 s->status = READY_STAT | SEEK_STAT;
1182 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
1186 static void ide_atapi_cmd_error(IDEState *s, int sense_key, int asc)
1188 #ifdef DEBUG_IDE_ATAPI
1189 printf("atapi_cmd_error: sense=0x%x asc=0x%x\n", sense_key, asc);
1191 s->error = sense_key << 4;
1192 s->status = READY_STAT | ERR_STAT;
1193 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
1194 s->sense_key = sense_key;
1199 static void ide_atapi_cmd_check_status(IDEState *s)
1201 #ifdef DEBUG_IDE_ATAPI
1202 printf("atapi_cmd_check_status\n");
1204 s->error = MC_ERR | (SENSE_UNIT_ATTENTION << 4);
1205 s->status = ERR_STAT;
1210 static inline void cpu_to_ube16(uint8_t *buf, int val)
1216 static inline void cpu_to_ube32(uint8_t *buf, unsigned int val)
1224 static inline int ube16_to_cpu(const uint8_t *buf)
1226 return (buf[0] << 8) | buf[1];
1229 static inline int ube32_to_cpu(const uint8_t *buf)
1231 return (buf[0] << 24) | (buf[1] << 16) | (buf[2] << 8) | buf[3];
1234 static void lba_to_msf(uint8_t *buf, int lba)
1237 buf[0] = (lba / 75) / 60;
1238 buf[1] = (lba / 75) % 60;
1242 static void cd_data_to_raw(uint8_t *buf, int lba)
1246 memset(buf + 1, 0xff, 10);
1250 lba_to_msf(buf, lba);
1251 buf[3] = 0x01; /* mode 1 data */
1255 /* XXX: ECC not computed */
1256 memset(buf, 0, 288);
1259 static int cd_read_sector(BlockDriverState *bs, int lba, uint8_t *buf,
1264 switch(sector_size) {
1266 ret = bdrv_read(bs, (int64_t)lba << 2, buf, 4);
1269 ret = bdrv_read(bs, (int64_t)lba << 2, buf + 16, 4);
1272 cd_data_to_raw(buf, lba);
1281 static void ide_atapi_io_error(IDEState *s, int ret)
1283 /* XXX: handle more errors */
1284 if (ret == -ENOMEDIUM) {
1285 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1286 ASC_MEDIUM_NOT_PRESENT);
1288 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1289 ASC_LOGICAL_BLOCK_OOR);
1293 /* The whole ATAPI transfer logic is handled in this function */
1294 static void ide_atapi_cmd_reply_end(IDEState *s)
1296 int byte_count_limit, size, ret;
1297 #ifdef DEBUG_IDE_ATAPI
1298 printf("reply: tx_size=%d elem_tx_size=%d index=%d\n",
1299 s->packet_transfer_size,
1300 s->elementary_transfer_size,
1301 s->io_buffer_index);
1303 if (s->packet_transfer_size <= 0) {
1304 /* end of transfer */
1305 ide_transfer_stop(s);
1306 s->status = READY_STAT | SEEK_STAT;
1307 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
1309 #ifdef DEBUG_IDE_ATAPI
1310 printf("status=0x%x\n", s->status);
1313 /* see if a new sector must be read */
1314 if (s->lba != -1 && s->io_buffer_index >= s->cd_sector_size) {
1315 ret = cd_read_sector(s->bs, s->lba, s->io_buffer, s->cd_sector_size);
1317 ide_transfer_stop(s);
1318 ide_atapi_io_error(s, ret);
1322 s->io_buffer_index = 0;
1324 if (s->elementary_transfer_size > 0) {
1325 /* there are some data left to transmit in this elementary
1327 size = s->cd_sector_size - s->io_buffer_index;
1328 if (size > s->elementary_transfer_size)
1329 size = s->elementary_transfer_size;
1330 ide_transfer_start(s, s->io_buffer + s->io_buffer_index,
1331 size, ide_atapi_cmd_reply_end);
1332 s->packet_transfer_size -= size;
1333 s->elementary_transfer_size -= size;
1334 s->io_buffer_index += size;
1336 /* a new transfer is needed */
1337 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO;
1338 byte_count_limit = s->lcyl | (s->hcyl << 8);
1339 #ifdef DEBUG_IDE_ATAPI
1340 printf("byte_count_limit=%d\n", byte_count_limit);
1342 if (byte_count_limit == 0xffff)
1344 size = s->packet_transfer_size;
1345 if (size > byte_count_limit) {
1346 /* byte count limit must be even if this case */
1347 if (byte_count_limit & 1)
1349 size = byte_count_limit;
1352 s->hcyl = size >> 8;
1353 s->elementary_transfer_size = size;
1354 /* we cannot transmit more than one sector at a time */
1356 if (size > (s->cd_sector_size - s->io_buffer_index))
1357 size = (s->cd_sector_size - s->io_buffer_index);
1359 ide_transfer_start(s, s->io_buffer + s->io_buffer_index,
1360 size, ide_atapi_cmd_reply_end);
1361 s->packet_transfer_size -= size;
1362 s->elementary_transfer_size -= size;
1363 s->io_buffer_index += size;
1365 #ifdef DEBUG_IDE_ATAPI
1366 printf("status=0x%x\n", s->status);
1372 /* send a reply of 'size' bytes in s->io_buffer to an ATAPI command */
1373 static void ide_atapi_cmd_reply(IDEState *s, int size, int max_size)
1375 if (size > max_size)
1377 s->lba = -1; /* no sector read */
1378 s->packet_transfer_size = size;
1379 s->io_buffer_size = size; /* dma: send the reply data as one chunk */
1380 s->elementary_transfer_size = 0;
1381 s->io_buffer_index = 0;
1384 s->status = READY_STAT | SEEK_STAT | DRQ_STAT;
1385 ide_dma_start(s, ide_atapi_cmd_read_dma_cb);
1387 s->status = READY_STAT | SEEK_STAT;
1388 ide_atapi_cmd_reply_end(s);
1392 /* start a CD-CDROM read command */
1393 static void ide_atapi_cmd_read_pio(IDEState *s, int lba, int nb_sectors,
1397 s->packet_transfer_size = nb_sectors * sector_size;
1398 s->elementary_transfer_size = 0;
1399 s->io_buffer_index = sector_size;
1400 s->cd_sector_size = sector_size;
1402 s->status = READY_STAT | SEEK_STAT;
1403 ide_atapi_cmd_reply_end(s);
1406 /* ATAPI DMA support */
1408 /* XXX: handle read errors */
1409 static void ide_atapi_cmd_read_dma_cb(void *opaque, int ret)
1411 BMDMAState *bm = opaque;
1412 IDEState *s = bm->ide_if;
1416 ide_atapi_io_error(s, ret);
1420 if (s->io_buffer_size > 0) {
1422 * For a cdrom read sector command (s->lba != -1),
1423 * adjust the lba for the next s->io_buffer_size chunk
1424 * and dma the current chunk.
1425 * For a command != read (s->lba == -1), just transfer
1429 if (s->cd_sector_size == 2352) {
1431 cd_data_to_raw(s->io_buffer, s->lba);
1433 n = s->io_buffer_size >> 11;
1437 s->packet_transfer_size -= s->io_buffer_size;
1438 if (dma_buf_rw(bm, 1) == 0)
1442 if (s->packet_transfer_size <= 0) {
1443 s->status = READY_STAT | SEEK_STAT;
1444 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
1447 bm->status &= ~BM_STATUS_DMAING;
1448 bm->status |= BM_STATUS_INT;
1455 s->io_buffer_index = 0;
1456 if (s->cd_sector_size == 2352) {
1458 s->io_buffer_size = s->cd_sector_size;
1461 n = s->packet_transfer_size >> 11;
1462 if (n > (IDE_DMA_BUF_SECTORS / 4))
1463 n = (IDE_DMA_BUF_SECTORS / 4);
1464 s->io_buffer_size = n * 2048;
1468 printf("aio_read_cd: lba=%u n=%d\n", s->lba, n);
1470 bm->aiocb = bdrv_aio_read(s->bs, (int64_t)s->lba << 2,
1471 s->io_buffer + data_offset, n * 4,
1472 ide_atapi_cmd_read_dma_cb, bm);
1474 /* Note: media not present is the most likely case */
1475 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1476 ASC_MEDIUM_NOT_PRESENT);
1481 /* start a CD-CDROM read command with DMA */
1482 /* XXX: test if DMA is available */
1483 static void ide_atapi_cmd_read_dma(IDEState *s, int lba, int nb_sectors,
1487 s->packet_transfer_size = nb_sectors * sector_size;
1488 s->io_buffer_index = 0;
1489 s->io_buffer_size = 0;
1490 s->cd_sector_size = sector_size;
1492 /* XXX: check if BUSY_STAT should be set */
1493 s->status = READY_STAT | SEEK_STAT | DRQ_STAT | BUSY_STAT;
1494 ide_dma_start(s, ide_atapi_cmd_read_dma_cb);
1497 static void ide_atapi_cmd_read(IDEState *s, int lba, int nb_sectors,
1500 #ifdef DEBUG_IDE_ATAPI
1501 printf("read %s: LBA=%d nb_sectors=%d\n", s->atapi_dma ? "dma" : "pio",
1505 ide_atapi_cmd_read_dma(s, lba, nb_sectors, sector_size);
1507 ide_atapi_cmd_read_pio(s, lba, nb_sectors, sector_size);
1511 static inline uint8_t ide_atapi_set_profile(uint8_t *buf, uint8_t *index,
1514 uint8_t *buf_profile = buf + 12; /* start of profiles */
1516 buf_profile += ((*index) * 4); /* start of indexed profile */
1517 cpu_to_ube16 (buf_profile, profile);
1518 buf_profile[2] = ((buf_profile[0] == buf[6]) && (buf_profile[1] == buf[7]));
1520 /* each profile adds 4 bytes to the response */
1522 buf[11] += 4; /* Additional Length */
1527 static int ide_dvd_read_structure(IDEState *s, int format,
1528 const uint8_t *packet, uint8_t *buf)
1531 case 0x0: /* Physical format information */
1533 int layer = packet[6];
1534 uint64_t total_sectors;
1537 return -ASC_INV_FIELD_IN_CMD_PACKET;
1539 bdrv_get_geometry(s->bs, &total_sectors);
1540 total_sectors >>= 2;
1541 if (total_sectors == 0)
1542 return -ASC_MEDIUM_NOT_PRESENT;
1544 buf[4] = 1; /* DVD-ROM, part version 1 */
1545 buf[5] = 0xf; /* 120mm disc, minimum rate unspecified */
1546 buf[6] = 1; /* one layer, read-only (per MMC-2 spec) */
1547 buf[7] = 0; /* default densities */
1549 /* FIXME: 0x30000 per spec? */
1550 cpu_to_ube32(buf + 8, 0); /* start sector */
1551 cpu_to_ube32(buf + 12, total_sectors - 1); /* end sector */
1552 cpu_to_ube32(buf + 16, total_sectors - 1); /* l0 end sector */
1554 /* Size of buffer, not including 2 byte size field */
1555 cpu_to_be16wu((uint16_t *)buf, 2048 + 2);
1557 /* 2k data + 4 byte header */
1561 case 0x01: /* DVD copyright information */
1562 buf[4] = 0; /* no copyright data */
1563 buf[5] = 0; /* no region restrictions */
1565 /* Size of buffer, not including 2 byte size field */
1566 cpu_to_be16wu((uint16_t *)buf, 4 + 2);
1568 /* 4 byte header + 4 byte data */
1571 case 0x03: /* BCA information - invalid field for no BCA info */
1572 return -ASC_INV_FIELD_IN_CMD_PACKET;
1574 case 0x04: /* DVD disc manufacturing information */
1575 /* Size of buffer, not including 2 byte size field */
1576 cpu_to_be16wu((uint16_t *)buf, 2048 + 2);
1578 /* 2k data + 4 byte header */
1583 * This lists all the command capabilities above. Add new ones
1584 * in order and update the length and buffer return values.
1587 buf[4] = 0x00; /* Physical format */
1588 buf[5] = 0x40; /* Not writable, is readable */
1589 cpu_to_be16wu((uint16_t *)(buf + 6), 2048 + 4);
1591 buf[8] = 0x01; /* Copyright info */
1592 buf[9] = 0x40; /* Not writable, is readable */
1593 cpu_to_be16wu((uint16_t *)(buf + 10), 4 + 4);
1595 buf[12] = 0x03; /* BCA info */
1596 buf[13] = 0x40; /* Not writable, is readable */
1597 cpu_to_be16wu((uint16_t *)(buf + 14), 188 + 4);
1599 buf[16] = 0x04; /* Manufacturing info */
1600 buf[17] = 0x40; /* Not writable, is readable */
1601 cpu_to_be16wu((uint16_t *)(buf + 18), 2048 + 4);
1603 /* Size of buffer, not including 2 byte size field */
1604 cpu_to_be16wu((uint16_t *)buf, 16 + 2);
1606 /* data written + 4 byte header */
1609 default: /* TODO: formats beyond DVD-ROM requires */
1610 return -ASC_INV_FIELD_IN_CMD_PACKET;
1614 static void ide_atapi_cmd(IDEState *s)
1616 const uint8_t *packet;
1620 packet = s->io_buffer;
1622 #ifdef DEBUG_IDE_ATAPI
1625 printf("ATAPI limit=0x%x packet:", s->lcyl | (s->hcyl << 8));
1626 for(i = 0; i < ATAPI_PACKET_SIZE; i++) {
1627 printf(" %02x", packet[i]);
1632 /* If there's a UNIT_ATTENTION condition pending, only
1633 REQUEST_SENSE and INQUIRY commands are allowed to complete. */
1634 if (s->sense_key == SENSE_UNIT_ATTENTION &&
1635 s->io_buffer[0] != GPCMD_REQUEST_SENSE &&
1636 s->io_buffer[0] != GPCMD_INQUIRY) {
1637 ide_atapi_cmd_check_status(s);
1640 switch(s->io_buffer[0]) {
1641 case GPCMD_TEST_UNIT_READY:
1642 if (bdrv_is_inserted(s->bs)) {
1643 ide_atapi_cmd_ok(s);
1645 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1646 ASC_MEDIUM_NOT_PRESENT);
1649 case GPCMD_MODE_SENSE_6:
1650 case GPCMD_MODE_SENSE_10:
1653 if (packet[0] == GPCMD_MODE_SENSE_10)
1654 max_len = ube16_to_cpu(packet + 7);
1656 max_len = packet[4];
1657 action = packet[2] >> 6;
1658 code = packet[2] & 0x3f;
1660 case 0: /* current values */
1662 case 0x01: /* error recovery */
1663 cpu_to_ube16(&buf[0], 16 + 6);
1679 ide_atapi_cmd_reply(s, 16, max_len);
1682 cpu_to_ube16(&buf[0], 28 + 6);
1695 /* Claim PLAY_AUDIO capability (0x01) since some Linux
1696 code checks for this to automount media. */
1699 buf[14] = (1 << 0) | (1 << 3) | (1 << 5);
1700 if (bdrv_is_locked(s->bs))
1703 cpu_to_ube16(&buf[16], 706);
1706 cpu_to_ube16(&buf[20], 512);
1707 cpu_to_ube16(&buf[22], 706);
1712 ide_atapi_cmd_reply(s, 28, max_len);
1718 case 1: /* changeable values */
1720 case 2: /* default values */
1723 case 3: /* saved values */
1724 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1725 ASC_SAVING_PARAMETERS_NOT_SUPPORTED);
1730 case GPCMD_REQUEST_SENSE:
1731 max_len = packet[4];
1733 buf[0] = 0x70 | (1 << 7);
1734 buf[2] = s->sense_key;
1737 if (s->sense_key == SENSE_UNIT_ATTENTION)
1738 s->sense_key = SENSE_NONE;
1739 ide_atapi_cmd_reply(s, 18, max_len);
1741 case GPCMD_PREVENT_ALLOW_MEDIUM_REMOVAL:
1742 if (bdrv_is_inserted(s->bs)) {
1743 bdrv_set_locked(s->bs, packet[4] & 1);
1744 ide_atapi_cmd_ok(s);
1746 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1747 ASC_MEDIUM_NOT_PRESENT);
1753 int nb_sectors, lba;
1755 if (packet[0] == GPCMD_READ_10)
1756 nb_sectors = ube16_to_cpu(packet + 7);
1758 nb_sectors = ube32_to_cpu(packet + 6);
1759 lba = ube32_to_cpu(packet + 2);
1760 if (nb_sectors == 0) {
1761 ide_atapi_cmd_ok(s);
1764 ide_atapi_cmd_read(s, lba, nb_sectors, 2048);
1769 int nb_sectors, lba, transfer_request;
1771 nb_sectors = (packet[6] << 16) | (packet[7] << 8) | packet[8];
1772 lba = ube32_to_cpu(packet + 2);
1773 if (nb_sectors == 0) {
1774 ide_atapi_cmd_ok(s);
1777 transfer_request = packet[9];
1778 switch(transfer_request & 0xf8) {
1781 ide_atapi_cmd_ok(s);
1785 ide_atapi_cmd_read(s, lba, nb_sectors, 2048);
1789 ide_atapi_cmd_read(s, lba, nb_sectors, 2352);
1792 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1793 ASC_INV_FIELD_IN_CMD_PACKET);
1801 uint64_t total_sectors;
1803 bdrv_get_geometry(s->bs, &total_sectors);
1804 total_sectors >>= 2;
1805 if (total_sectors == 0) {
1806 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1807 ASC_MEDIUM_NOT_PRESENT);
1810 lba = ube32_to_cpu(packet + 2);
1811 if (lba >= total_sectors) {
1812 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1813 ASC_LOGICAL_BLOCK_OOR);
1816 ide_atapi_cmd_ok(s);
1819 case GPCMD_START_STOP_UNIT:
1822 start = packet[4] & 1;
1823 eject = (packet[4] >> 1) & 1;
1825 if (eject && !start) {
1826 /* eject the disk */
1827 bdrv_eject(s->bs, 1);
1828 } else if (eject && start) {
1829 /* close the tray */
1830 bdrv_eject(s->bs, 0);
1832 ide_atapi_cmd_ok(s);
1835 case GPCMD_MECHANISM_STATUS:
1837 max_len = ube16_to_cpu(packet + 8);
1838 cpu_to_ube16(buf, 0);
1839 /* no current LBA */
1844 cpu_to_ube16(buf + 6, 0);
1845 ide_atapi_cmd_reply(s, 8, max_len);
1848 case GPCMD_READ_TOC_PMA_ATIP:
1850 int format, msf, start_track, len;
1851 uint64_t total_sectors;
1853 bdrv_get_geometry(s->bs, &total_sectors);
1854 total_sectors >>= 2;
1855 if (total_sectors == 0) {
1856 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1857 ASC_MEDIUM_NOT_PRESENT);
1860 max_len = ube16_to_cpu(packet + 7);
1861 format = packet[9] >> 6;
1862 msf = (packet[1] >> 1) & 1;
1863 start_track = packet[6];
1866 len = cdrom_read_toc(total_sectors, buf, msf, start_track);
1869 ide_atapi_cmd_reply(s, len, max_len);
1872 /* multi session : only a single session defined */
1877 ide_atapi_cmd_reply(s, 12, max_len);
1880 len = cdrom_read_toc_raw(total_sectors, buf, msf, start_track);
1883 ide_atapi_cmd_reply(s, len, max_len);
1887 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1888 ASC_INV_FIELD_IN_CMD_PACKET);
1893 case GPCMD_READ_CDVD_CAPACITY:
1895 uint64_t total_sectors;
1897 bdrv_get_geometry(s->bs, &total_sectors);
1898 total_sectors >>= 2;
1899 if (total_sectors == 0) {
1900 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1901 ASC_MEDIUM_NOT_PRESENT);
1904 /* NOTE: it is really the number of sectors minus 1 */
1905 cpu_to_ube32(buf, total_sectors - 1);
1906 cpu_to_ube32(buf + 4, 2048);
1907 ide_atapi_cmd_reply(s, 8, 8);
1910 case GPCMD_READ_DVD_STRUCTURE:
1912 int media = packet[1];
1913 int format = packet[7];
1916 max_len = ube16_to_cpu(packet + 8);
1918 if (format < 0xff) {
1919 if (media_is_cd(s)) {
1920 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1921 ASC_INCOMPATIBLE_FORMAT);
1923 } else if (!media_present(s)) {
1924 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1925 ASC_INV_FIELD_IN_CMD_PACKET);
1930 memset(buf, 0, max_len > IDE_DMA_BUF_SECTORS * 512 + 4 ?
1931 IDE_DMA_BUF_SECTORS * 512 + 4 : max_len);
1937 ret = ide_dvd_read_structure(s, format, packet, buf);
1940 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST, -ret);
1942 ide_atapi_cmd_reply(s, ret, max_len);
1946 /* TODO: BD support, fall through for now */
1948 /* Generic disk structures */
1949 case 0x80: /* TODO: AACS volume identifier */
1950 case 0x81: /* TODO: AACS media serial number */
1951 case 0x82: /* TODO: AACS media identifier */
1952 case 0x83: /* TODO: AACS media key block */
1953 case 0x90: /* TODO: List of recognized format layers */
1954 case 0xc0: /* TODO: Write protection status */
1956 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1957 ASC_INV_FIELD_IN_CMD_PACKET);
1962 case GPCMD_SET_SPEED:
1963 ide_atapi_cmd_ok(s);
1966 max_len = packet[4];
1967 buf[0] = 0x05; /* CD-ROM */
1968 buf[1] = 0x80; /* removable */
1969 buf[2] = 0x00; /* ISO */
1970 buf[3] = 0x21; /* ATAPI-2 (XXX: put ATAPI-4 ?) */
1971 buf[4] = 31; /* additional length */
1972 buf[5] = 0; /* reserved */
1973 buf[6] = 0; /* reserved */
1974 buf[7] = 0; /* reserved */
1975 padstr8(buf + 8, 8, "QEMU");
1976 padstr8(buf + 16, 16, "QEMU DVD-ROM");
1977 padstr8(buf + 32, 4, QEMU_VERSION);
1978 ide_atapi_cmd_reply(s, 36, max_len);
1980 case GPCMD_GET_CONFIGURATION:
1985 /* only feature 0 is supported */
1986 if (packet[2] != 0 || packet[3] != 0) {
1987 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1988 ASC_INV_FIELD_IN_CMD_PACKET);
1992 /* XXX: could result in alignment problems in some architectures */
1993 max_len = ube16_to_cpu(packet + 7);
1996 * XXX: avoid overflow for io_buffer if max_len is bigger than
1997 * the size of that buffer (dimensioned to max number of
1998 * sectors to transfer at once)
2000 * Only a problem if the feature/profiles grow.
2002 if (max_len > 512) /* XXX: assume 1 sector */
2005 memset(buf, 0, max_len);
2007 * the number of sectors from the media tells us which profile
2008 * to use as current. 0 means there is no media
2010 if (media_is_dvd(s))
2011 cpu_to_ube16(buf + 6, MMC_PROFILE_DVD_ROM);
2012 else if (media_is_cd(s))
2013 cpu_to_ube16(buf + 6, MMC_PROFILE_CD_ROM);
2015 buf[10] = 0x02 | 0x01; /* persistent and current */
2016 len = 12; /* headers: 8 + 4 */
2017 len += ide_atapi_set_profile(buf, &index, MMC_PROFILE_DVD_ROM);
2018 len += ide_atapi_set_profile(buf, &index, MMC_PROFILE_CD_ROM);
2019 cpu_to_ube32(buf, len - 4); /* data length */
2021 ide_atapi_cmd_reply(s, len, max_len);
2025 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
2026 ASC_ILLEGAL_OPCODE);
2031 static void ide_cfata_metadata_inquiry(IDEState *s)
2036 p = (uint16_t *) s->io_buffer;
2037 memset(p, 0, 0x200);
2038 spd = ((s->mdata_size - 1) >> 9) + 1;
2040 put_le16(p + 0, 0x0001); /* Data format revision */
2041 put_le16(p + 1, 0x0000); /* Media property: silicon */
2042 put_le16(p + 2, s->media_changed); /* Media status */
2043 put_le16(p + 3, s->mdata_size & 0xffff); /* Capacity in bytes (low) */
2044 put_le16(p + 4, s->mdata_size >> 16); /* Capacity in bytes (high) */
2045 put_le16(p + 5, spd & 0xffff); /* Sectors per device (low) */
2046 put_le16(p + 6, spd >> 16); /* Sectors per device (high) */
2049 static void ide_cfata_metadata_read(IDEState *s)
2053 if (((s->hcyl << 16) | s->lcyl) << 9 > s->mdata_size + 2) {
2054 s->status = ERR_STAT;
2055 s->error = ABRT_ERR;
2059 p = (uint16_t *) s->io_buffer;
2060 memset(p, 0, 0x200);
2062 put_le16(p + 0, s->media_changed); /* Media status */
2063 memcpy(p + 1, s->mdata_storage + (((s->hcyl << 16) | s->lcyl) << 9),
2064 MIN(MIN(s->mdata_size - (((s->hcyl << 16) | s->lcyl) << 9),
2065 s->nsector << 9), 0x200 - 2));
2068 static void ide_cfata_metadata_write(IDEState *s)
2070 if (((s->hcyl << 16) | s->lcyl) << 9 > s->mdata_size + 2) {
2071 s->status = ERR_STAT;
2072 s->error = ABRT_ERR;
2076 s->media_changed = 0;
2078 memcpy(s->mdata_storage + (((s->hcyl << 16) | s->lcyl) << 9),
2080 MIN(MIN(s->mdata_size - (((s->hcyl << 16) | s->lcyl) << 9),
2081 s->nsector << 9), 0x200 - 2));
2084 /* called when the inserted state of the media has changed */
2085 static void cdrom_change_cb(void *opaque)
2087 IDEState *s = opaque;
2088 uint64_t nb_sectors;
2090 bdrv_get_geometry(s->bs, &nb_sectors);
2091 s->nb_sectors = nb_sectors;
2093 s->sense_key = SENSE_UNIT_ATTENTION;
2094 s->asc = ASC_MEDIUM_MAY_HAVE_CHANGED;
2099 static void ide_cmd_lba48_transform(IDEState *s, int lba48)
2103 /* handle the 'magic' 0 nsector count conversion here. to avoid
2104 * fiddling with the rest of the read logic, we just store the
2105 * full sector count in ->nsector and ignore ->hob_nsector from now
2111 if (!s->nsector && !s->hob_nsector)
2114 int lo = s->nsector;
2115 int hi = s->hob_nsector;
2117 s->nsector = (hi << 8) | lo;
2122 static void ide_clear_hob(IDEState *ide_if)
2124 /* any write clears HOB high bit of device control register */
2125 ide_if[0].select &= ~(1 << 7);
2126 ide_if[1].select &= ~(1 << 7);
2129 static void ide_ioport_write(void *opaque, uint32_t addr, uint32_t val)
2131 IDEState *ide_if = opaque;
2137 printf("IDE: write addr=0x%x val=0x%02x\n", addr, val);
2142 /* ignore writes to command block while busy with previous command */
2143 if (addr != 7 && (ide_if->cur_drive->status & (BUSY_STAT|DRQ_STAT)))
2150 ide_clear_hob(ide_if);
2151 /* NOTE: data is written to the two drives */
2152 ide_if[0].hob_feature = ide_if[0].feature;
2153 ide_if[1].hob_feature = ide_if[1].feature;
2154 ide_if[0].feature = val;
2155 ide_if[1].feature = val;
2158 ide_clear_hob(ide_if);
2159 ide_if[0].hob_nsector = ide_if[0].nsector;
2160 ide_if[1].hob_nsector = ide_if[1].nsector;
2161 ide_if[0].nsector = val;
2162 ide_if[1].nsector = val;
2165 ide_clear_hob(ide_if);
2166 ide_if[0].hob_sector = ide_if[0].sector;
2167 ide_if[1].hob_sector = ide_if[1].sector;
2168 ide_if[0].sector = val;
2169 ide_if[1].sector = val;
2172 ide_clear_hob(ide_if);
2173 ide_if[0].hob_lcyl = ide_if[0].lcyl;
2174 ide_if[1].hob_lcyl = ide_if[1].lcyl;
2175 ide_if[0].lcyl = val;
2176 ide_if[1].lcyl = val;
2179 ide_clear_hob(ide_if);
2180 ide_if[0].hob_hcyl = ide_if[0].hcyl;
2181 ide_if[1].hob_hcyl = ide_if[1].hcyl;
2182 ide_if[0].hcyl = val;
2183 ide_if[1].hcyl = val;
2186 /* FIXME: HOB readback uses bit 7 */
2187 ide_if[0].select = (val & ~0x10) | 0xa0;
2188 ide_if[1].select = (val | 0x10) | 0xa0;
2190 unit = (val >> 4) & 1;
2192 ide_if->cur_drive = s;
2197 #if defined(DEBUG_IDE)
2198 printf("ide: CMD=%02x\n", val);
2200 s = ide_if->cur_drive;
2201 /* ignore commands to non existant slave */
2202 if (s != ide_if && !s->bs)
2205 /* Only DEVICE RESET is allowed while BSY or/and DRQ are set */
2206 if ((s->status & (BUSY_STAT|DRQ_STAT)) && val != WIN_DEVICE_RESET)
2211 if (s->bs && !s->is_cdrom) {
2215 ide_cfata_identify(s);
2216 s->status = READY_STAT | SEEK_STAT;
2217 ide_transfer_start(s, s->io_buffer, 512, ide_transfer_stop);
2220 ide_set_signature(s);
2222 ide_abort_command(s);
2229 s->status = READY_STAT | SEEK_STAT;
2233 if (s->is_cf && s->nsector == 0) {
2234 /* Disable Read and Write Multiple */
2235 s->mult_sectors = 0;
2236 s->status = READY_STAT | SEEK_STAT;
2237 } else if ((s->nsector & 0xff) != 0 &&
2238 ((s->nsector & 0xff) > MAX_MULT_SECTORS ||
2239 (s->nsector & (s->nsector - 1)) != 0)) {
2240 ide_abort_command(s);
2242 s->mult_sectors = s->nsector & 0xff;
2243 s->status = READY_STAT | SEEK_STAT;
2247 case WIN_VERIFY_EXT:
2250 case WIN_VERIFY_ONCE:
2251 /* do sector number check ? */
2252 ide_cmd_lba48_transform(s, lba48);
2253 s->status = READY_STAT | SEEK_STAT;
2262 ide_cmd_lba48_transform(s, lba48);
2263 s->req_nb_sectors = 1;
2269 case WIN_WRITE_ONCE:
2270 case CFA_WRITE_SECT_WO_ERASE:
2271 case WIN_WRITE_VERIFY:
2272 ide_cmd_lba48_transform(s, lba48);
2274 s->status = SEEK_STAT | READY_STAT;
2275 s->req_nb_sectors = 1;
2276 ide_transfer_start(s, s->io_buffer, 512, ide_sector_write);
2277 s->media_changed = 1;
2279 case WIN_MULTREAD_EXT:
2282 if (!s->mult_sectors)
2284 ide_cmd_lba48_transform(s, lba48);
2285 s->req_nb_sectors = s->mult_sectors;
2288 case WIN_MULTWRITE_EXT:
2291 case CFA_WRITE_MULTI_WO_ERASE:
2292 if (!s->mult_sectors)
2294 ide_cmd_lba48_transform(s, lba48);
2296 s->status = SEEK_STAT | READY_STAT;
2297 s->req_nb_sectors = s->mult_sectors;
2299 if (n > s->req_nb_sectors)
2300 n = s->req_nb_sectors;
2301 ide_transfer_start(s, s->io_buffer, 512 * n, ide_sector_write);
2302 s->media_changed = 1;
2304 case WIN_READDMA_EXT:
2307 case WIN_READDMA_ONCE:
2310 ide_cmd_lba48_transform(s, lba48);
2311 ide_sector_read_dma(s);
2313 case WIN_WRITEDMA_EXT:
2316 case WIN_WRITEDMA_ONCE:
2319 ide_cmd_lba48_transform(s, lba48);
2320 ide_sector_write_dma(s);
2321 s->media_changed = 1;
2323 case WIN_READ_NATIVE_MAX_EXT:
2325 case WIN_READ_NATIVE_MAX:
2326 ide_cmd_lba48_transform(s, lba48);
2327 ide_set_sector(s, s->nb_sectors - 1);
2328 s->status = READY_STAT | SEEK_STAT;
2331 case WIN_CHECKPOWERMODE1:
2332 case WIN_CHECKPOWERMODE2:
2333 s->nsector = 0xff; /* device active or idle */
2334 s->status = READY_STAT | SEEK_STAT;
2337 case WIN_SETFEATURES:
2340 /* XXX: valid for CDROM ? */
2341 switch(s->feature) {
2342 case 0xcc: /* reverting to power-on defaults enable */
2343 case 0x66: /* reverting to power-on defaults disable */
2344 case 0x02: /* write cache enable */
2345 case 0x82: /* write cache disable */
2346 case 0xaa: /* read look-ahead enable */
2347 case 0x55: /* read look-ahead disable */
2348 case 0x05: /* set advanced power management mode */
2349 case 0x85: /* disable advanced power management mode */
2350 case 0x69: /* NOP */
2351 case 0x67: /* NOP */
2352 case 0x96: /* NOP */
2353 case 0x9a: /* NOP */
2354 case 0x42: /* enable Automatic Acoustic Mode */
2355 case 0xc2: /* disable Automatic Acoustic Mode */
2356 s->status = READY_STAT | SEEK_STAT;
2359 case 0x03: { /* set transfer mode */
2360 uint8_t val = s->nsector & 0x07;
2362 switch (s->nsector >> 3) {
2363 case 0x00: /* pio default */
2364 case 0x01: /* pio mode */
2365 put_le16(s->identify_data + 62,0x07);
2366 put_le16(s->identify_data + 63,0x07);
2367 put_le16(s->identify_data + 88,0x3f);
2369 case 0x02: /* sigle word dma mode*/
2370 put_le16(s->identify_data + 62,0x07 | (1 << (val + 8)));
2371 put_le16(s->identify_data + 63,0x07);
2372 put_le16(s->identify_data + 88,0x3f);
2374 case 0x04: /* mdma mode */
2375 put_le16(s->identify_data + 62,0x07);
2376 put_le16(s->identify_data + 63,0x07 | (1 << (val + 8)));
2377 put_le16(s->identify_data + 88,0x3f);
2379 case 0x08: /* udma mode */
2380 put_le16(s->identify_data + 62,0x07);
2381 put_le16(s->identify_data + 63,0x07);
2382 put_le16(s->identify_data + 88,0x3f | (1 << (val + 8)));
2387 s->status = READY_STAT | SEEK_STAT;
2395 case WIN_FLUSH_CACHE:
2396 case WIN_FLUSH_CACHE_EXT:
2399 s->status = READY_STAT | SEEK_STAT;
2404 case WIN_STANDBYNOW1:
2405 case WIN_STANDBYNOW2:
2406 case WIN_IDLEIMMEDIATE:
2407 case CFA_IDLEIMMEDIATE:
2412 s->status = READY_STAT;
2418 /* XXX: Check that seek is within bounds */
2419 s->status = READY_STAT | SEEK_STAT;
2422 /* ATAPI commands */
2425 ide_atapi_identify(s);
2426 s->status = READY_STAT | SEEK_STAT;
2427 ide_transfer_start(s, s->io_buffer, 512, ide_transfer_stop);
2429 ide_abort_command(s);
2434 ide_set_signature(s);
2436 s->status = 0; /* ATAPI spec (v6) section 9.10 defines packet
2437 * devices to return a clear status register
2438 * with READY_STAT *not* set. */
2440 s->status = READY_STAT | SEEK_STAT;
2441 s->error = 0x01; /* Device 0 passed, Device 1 passed or not
2449 ide_set_signature(s);
2450 s->status = 0x00; /* NOTE: READY is _not_ set */
2456 /* overlapping commands not supported */
2457 if (s->feature & 0x02)
2459 s->status = READY_STAT | SEEK_STAT;
2460 s->atapi_dma = s->feature & 1;
2462 ide_transfer_start(s, s->io_buffer, ATAPI_PACKET_SIZE,
2465 /* CF-ATA commands */
2466 case CFA_REQ_EXT_ERROR_CODE:
2469 s->error = 0x09; /* miscellaneous error */
2470 s->status = READY_STAT | SEEK_STAT;
2473 case CFA_ERASE_SECTORS:
2474 case CFA_WEAR_LEVEL:
2477 if (val == CFA_WEAR_LEVEL)
2479 if (val == CFA_ERASE_SECTORS)
2480 s->media_changed = 1;
2482 s->status = READY_STAT | SEEK_STAT;
2485 case CFA_TRANSLATE_SECTOR:
2489 s->status = READY_STAT | SEEK_STAT;
2490 memset(s->io_buffer, 0, 0x200);
2491 s->io_buffer[0x00] = s->hcyl; /* Cyl MSB */
2492 s->io_buffer[0x01] = s->lcyl; /* Cyl LSB */
2493 s->io_buffer[0x02] = s->select; /* Head */
2494 s->io_buffer[0x03] = s->sector; /* Sector */
2495 s->io_buffer[0x04] = ide_get_sector(s) >> 16; /* LBA MSB */
2496 s->io_buffer[0x05] = ide_get_sector(s) >> 8; /* LBA */
2497 s->io_buffer[0x06] = ide_get_sector(s) >> 0; /* LBA LSB */
2498 s->io_buffer[0x13] = 0x00; /* Erase flag */
2499 s->io_buffer[0x18] = 0x00; /* Hot count */
2500 s->io_buffer[0x19] = 0x00; /* Hot count */
2501 s->io_buffer[0x1a] = 0x01; /* Hot count */
2502 ide_transfer_start(s, s->io_buffer, 0x200, ide_transfer_stop);
2505 case CFA_ACCESS_METADATA_STORAGE:
2508 switch (s->feature) {
2509 case 0x02: /* Inquiry Metadata Storage */
2510 ide_cfata_metadata_inquiry(s);
2512 case 0x03: /* Read Metadata Storage */
2513 ide_cfata_metadata_read(s);
2515 case 0x04: /* Write Metadata Storage */
2516 ide_cfata_metadata_write(s);
2521 ide_transfer_start(s, s->io_buffer, 0x200, ide_transfer_stop);
2522 s->status = 0x00; /* NOTE: READY is _not_ set */
2525 case IBM_SENSE_CONDITION:
2528 switch (s->feature) {
2529 case 0x01: /* sense temperature in device */
2530 s->nsector = 0x50; /* +20 C */
2535 s->status = READY_STAT | SEEK_STAT;
2540 ide_abort_command(s);
2547 static uint32_t ide_ioport_read(void *opaque, uint32_t addr1)
2549 IDEState *ide_if = opaque;
2550 IDEState *s = ide_if->cur_drive;
2555 /* FIXME: HOB readback uses bit 7, but it's always set right now */
2556 //hob = s->select & (1 << 7);
2563 if ((!ide_if[0].bs && !ide_if[1].bs) ||
2564 (s != ide_if && !s->bs))
2569 ret = s->hob_feature;
2572 if (!ide_if[0].bs && !ide_if[1].bs)
2575 ret = s->nsector & 0xff;
2577 ret = s->hob_nsector;
2580 if (!ide_if[0].bs && !ide_if[1].bs)
2585 ret = s->hob_sector;
2588 if (!ide_if[0].bs && !ide_if[1].bs)
2596 if (!ide_if[0].bs && !ide_if[1].bs)
2604 if (!ide_if[0].bs && !ide_if[1].bs)
2611 if ((!ide_if[0].bs && !ide_if[1].bs) ||
2612 (s != ide_if && !s->bs))
2616 qemu_irq_lower(s->irq);
2620 printf("ide: read addr=0x%x val=%02x\n", addr1, ret);
2625 static uint32_t ide_status_read(void *opaque, uint32_t addr)
2627 IDEState *ide_if = opaque;
2628 IDEState *s = ide_if->cur_drive;
2631 if ((!ide_if[0].bs && !ide_if[1].bs) ||
2632 (s != ide_if && !s->bs))
2637 printf("ide: read status addr=0x%x val=%02x\n", addr, ret);
2642 static void ide_cmd_write(void *opaque, uint32_t addr, uint32_t val)
2644 IDEState *ide_if = opaque;
2649 printf("ide: write control addr=0x%x val=%02x\n", addr, val);
2651 /* common for both drives */
2652 if (!(ide_if[0].cmd & IDE_CMD_RESET) &&
2653 (val & IDE_CMD_RESET)) {
2654 /* reset low to high */
2655 for(i = 0;i < 2; i++) {
2657 s->status = BUSY_STAT | SEEK_STAT;
2660 } else if ((ide_if[0].cmd & IDE_CMD_RESET) &&
2661 !(val & IDE_CMD_RESET)) {
2663 for(i = 0;i < 2; i++) {
2666 s->status = 0x00; /* NOTE: READY is _not_ set */
2668 s->status = READY_STAT | SEEK_STAT;
2669 ide_set_signature(s);
2673 ide_if[0].cmd = val;
2674 ide_if[1].cmd = val;
2677 static void ide_data_writew(void *opaque, uint32_t addr, uint32_t val)
2679 IDEState *s = ((IDEState *)opaque)->cur_drive;
2682 /* PIO data access allowed only when DRQ bit is set */
2683 if (!(s->status & DRQ_STAT))
2687 *(uint16_t *)p = le16_to_cpu(val);
2690 if (p >= s->data_end)
2691 s->end_transfer_func(s);
2694 static uint32_t ide_data_readw(void *opaque, uint32_t addr)
2696 IDEState *s = ((IDEState *)opaque)->cur_drive;
2700 /* PIO data access allowed only when DRQ bit is set */
2701 if (!(s->status & DRQ_STAT))
2705 ret = cpu_to_le16(*(uint16_t *)p);
2708 if (p >= s->data_end)
2709 s->end_transfer_func(s);
2713 static void ide_data_writel(void *opaque, uint32_t addr, uint32_t val)
2715 IDEState *s = ((IDEState *)opaque)->cur_drive;
2718 /* PIO data access allowed only when DRQ bit is set */
2719 if (!(s->status & DRQ_STAT))
2723 *(uint32_t *)p = le32_to_cpu(val);
2726 if (p >= s->data_end)
2727 s->end_transfer_func(s);
2730 static uint32_t ide_data_readl(void *opaque, uint32_t addr)
2732 IDEState *s = ((IDEState *)opaque)->cur_drive;
2736 /* PIO data access allowed only when DRQ bit is set */
2737 if (!(s->status & DRQ_STAT))
2741 ret = cpu_to_le32(*(uint32_t *)p);
2744 if (p >= s->data_end)
2745 s->end_transfer_func(s);
2749 static void ide_dummy_transfer_stop(IDEState *s)
2751 s->data_ptr = s->io_buffer;
2752 s->data_end = s->io_buffer;
2753 s->io_buffer[0] = 0xff;
2754 s->io_buffer[1] = 0xff;
2755 s->io_buffer[2] = 0xff;
2756 s->io_buffer[3] = 0xff;
2759 static void ide_reset(IDEState *s)
2762 s->mult_sectors = 0;
2764 s->mult_sectors = MAX_MULT_SECTORS;
2767 s->status = READY_STAT | SEEK_STAT;
2768 ide_set_signature(s);
2769 /* init the transfer handler so that 0xffff is returned on data
2771 s->end_transfer_func = ide_dummy_transfer_stop;
2772 ide_dummy_transfer_stop(s);
2773 s->media_changed = 0;
2776 static void ide_init2(IDEState *ide_state,
2777 BlockDriverState *hd0, BlockDriverState *hd1,
2781 static int drive_serial = 1;
2782 int i, cylinders, heads, secs;
2783 uint64_t nb_sectors;
2785 for(i = 0; i < 2; i++) {
2787 s->io_buffer = qemu_memalign(512, IDE_DMA_BUF_SECTORS*512 + 4);
2793 bdrv_get_geometry(s->bs, &nb_sectors);
2794 bdrv_guess_geometry(s->bs, &cylinders, &heads, &secs);
2795 s->cylinders = cylinders;
2798 s->nb_sectors = nb_sectors;
2800 if (bdrv_get_type_hint(s->bs) == BDRV_TYPE_CDROM) {
2802 bdrv_set_change_cb(s->bs, cdrom_change_cb, s);
2805 s->drive_serial = drive_serial++;
2806 strncpy(s->drive_serial_str, drive_get_serial(s->bs),
2807 sizeof(s->drive_serial_str));
2808 if (strlen(s->drive_serial_str) == 0)
2809 snprintf(s->drive_serial_str, sizeof(s->drive_serial_str),
2810 "QM%05d", s->drive_serial);
2812 s->sector_write_timer = qemu_new_timer(vm_clock,
2813 ide_sector_write_timer_cb, s);
2818 static void ide_init_ioport(IDEState *ide_state, int iobase, int iobase2)
2820 register_ioport_write(iobase, 8, 1, ide_ioport_write, ide_state);
2821 register_ioport_read(iobase, 8, 1, ide_ioport_read, ide_state);
2823 register_ioport_read(iobase2, 1, 1, ide_status_read, ide_state);
2824 register_ioport_write(iobase2, 1, 1, ide_cmd_write, ide_state);
2828 register_ioport_write(iobase, 2, 2, ide_data_writew, ide_state);
2829 register_ioport_read(iobase, 2, 2, ide_data_readw, ide_state);
2830 register_ioport_write(iobase, 4, 4, ide_data_writel, ide_state);
2831 register_ioport_read(iobase, 4, 4, ide_data_readl, ide_state);
2834 /* save per IDE drive data */
2835 static void ide_save(QEMUFile* f, IDEState *s)
2837 qemu_put_be32(f, s->mult_sectors);
2838 qemu_put_be32(f, s->identify_set);
2839 if (s->identify_set) {
2840 qemu_put_buffer(f, (const uint8_t *)s->identify_data, 512);
2842 qemu_put_8s(f, &s->feature);
2843 qemu_put_8s(f, &s->error);
2844 qemu_put_be32s(f, &s->nsector);
2845 qemu_put_8s(f, &s->sector);
2846 qemu_put_8s(f, &s->lcyl);
2847 qemu_put_8s(f, &s->hcyl);
2848 qemu_put_8s(f, &s->hob_feature);
2849 qemu_put_8s(f, &s->hob_nsector);
2850 qemu_put_8s(f, &s->hob_sector);
2851 qemu_put_8s(f, &s->hob_lcyl);
2852 qemu_put_8s(f, &s->hob_hcyl);
2853 qemu_put_8s(f, &s->select);
2854 qemu_put_8s(f, &s->status);
2855 qemu_put_8s(f, &s->lba48);
2857 qemu_put_8s(f, &s->sense_key);
2858 qemu_put_8s(f, &s->asc);
2859 /* XXX: if a transfer is pending, we do not save it yet */
2862 /* load per IDE drive data */
2863 static void ide_load(QEMUFile* f, IDEState *s)
2865 s->mult_sectors=qemu_get_be32(f);
2866 s->identify_set=qemu_get_be32(f);
2867 if (s->identify_set) {
2868 qemu_get_buffer(f, (uint8_t *)s->identify_data, 512);
2870 qemu_get_8s(f, &s->feature);
2871 qemu_get_8s(f, &s->error);
2872 qemu_get_be32s(f, &s->nsector);
2873 qemu_get_8s(f, &s->sector);
2874 qemu_get_8s(f, &s->lcyl);
2875 qemu_get_8s(f, &s->hcyl);
2876 qemu_get_8s(f, &s->hob_feature);
2877 qemu_get_8s(f, &s->hob_nsector);
2878 qemu_get_8s(f, &s->hob_sector);
2879 qemu_get_8s(f, &s->hob_lcyl);
2880 qemu_get_8s(f, &s->hob_hcyl);
2881 qemu_get_8s(f, &s->select);
2882 qemu_get_8s(f, &s->status);
2883 qemu_get_8s(f, &s->lba48);
2885 qemu_get_8s(f, &s->sense_key);
2886 qemu_get_8s(f, &s->asc);
2887 /* XXX: if a transfer is pending, we do not save it yet */
2890 /***********************************************************/
2891 /* ISA IDE definitions */
2893 void isa_ide_init(int iobase, int iobase2, qemu_irq irq,
2894 BlockDriverState *hd0, BlockDriverState *hd1)
2896 IDEState *ide_state;
2898 ide_state = qemu_mallocz(sizeof(IDEState) * 2);
2900 ide_init2(ide_state, hd0, hd1, irq);
2901 ide_init_ioport(ide_state, iobase, iobase2);
2904 /***********************************************************/
2905 /* PCI IDE definitions */
2907 static void cmd646_update_irq(PCIIDEState *d);
2909 static void ide_map(PCIDevice *pci_dev, int region_num,
2910 uint32_t addr, uint32_t size, int type)
2912 PCIIDEState *d = (PCIIDEState *)pci_dev;
2913 IDEState *ide_state;
2915 if (region_num <= 3) {
2916 ide_state = &d->ide_if[(region_num >> 1) * 2];
2917 if (region_num & 1) {
2918 register_ioport_read(addr + 2, 1, 1, ide_status_read, ide_state);
2919 register_ioport_write(addr + 2, 1, 1, ide_cmd_write, ide_state);
2921 register_ioport_write(addr, 8, 1, ide_ioport_write, ide_state);
2922 register_ioport_read(addr, 8, 1, ide_ioport_read, ide_state);
2925 register_ioport_write(addr, 2, 2, ide_data_writew, ide_state);
2926 register_ioport_read(addr, 2, 2, ide_data_readw, ide_state);
2927 register_ioport_write(addr, 4, 4, ide_data_writel, ide_state);
2928 register_ioport_read(addr, 4, 4, ide_data_readl, ide_state);
2933 static void ide_dma_start(IDEState *s, BlockDriverCompletionFunc *dma_cb)
2935 BMDMAState *bm = s->bmdma;
2939 bm->dma_cb = dma_cb;
2940 bm->cur_prd_last = 0;
2941 bm->cur_prd_addr = 0;
2942 bm->cur_prd_len = 0;
2943 bm->sector_num = ide_get_sector(s);
2944 bm->nsector = s->nsector;
2945 if (bm->status & BM_STATUS_DMAING) {
2950 static void ide_dma_restart(IDEState *s)
2952 BMDMAState *bm = s->bmdma;
2953 ide_set_sector(s, bm->sector_num);
2954 s->io_buffer_index = 0;
2955 s->io_buffer_size = 0;
2956 s->nsector = bm->nsector;
2957 bm->cur_addr = bm->addr;
2958 bm->dma_cb = ide_write_dma_cb;
2959 ide_dma_start(s, bm->dma_cb);
2962 static void ide_dma_cancel(BMDMAState *bm)
2964 if (bm->status & BM_STATUS_DMAING) {
2965 bm->status &= ~BM_STATUS_DMAING;
2966 /* cancel DMA request */
2971 printf("aio_cancel\n");
2973 bdrv_aio_cancel(bm->aiocb);
2979 static void bmdma_cmd_writeb(void *opaque, uint32_t addr, uint32_t val)
2981 BMDMAState *bm = opaque;
2983 printf("%s: 0x%08x\n", __func__, val);
2985 if (!(val & BM_CMD_START)) {
2986 /* XXX: do it better */
2988 bm->cmd = val & 0x09;
2990 if (!(bm->status & BM_STATUS_DMAING)) {
2991 bm->status |= BM_STATUS_DMAING;
2992 /* start dma transfer if possible */
2996 bm->cmd = val & 0x09;
3000 static uint32_t bmdma_readb(void *opaque, uint32_t addr)
3002 BMDMAState *bm = opaque;
3003 PCIIDEState *pci_dev;
3011 pci_dev = bm->pci_dev;
3012 if (pci_dev->type == IDE_TYPE_CMD646) {
3013 val = pci_dev->dev.config[MRDMODE];
3022 pci_dev = bm->pci_dev;
3023 if (pci_dev->type == IDE_TYPE_CMD646) {
3024 if (bm == &pci_dev->bmdma[0])
3025 val = pci_dev->dev.config[UDIDETCR0];
3027 val = pci_dev->dev.config[UDIDETCR1];
3037 printf("bmdma: readb 0x%02x : 0x%02x\n", addr, val);
3042 static void bmdma_writeb(void *opaque, uint32_t addr, uint32_t val)
3044 BMDMAState *bm = opaque;
3045 PCIIDEState *pci_dev;
3047 printf("bmdma: writeb 0x%02x : 0x%02x\n", addr, val);
3051 pci_dev = bm->pci_dev;
3052 if (pci_dev->type == IDE_TYPE_CMD646) {
3053 pci_dev->dev.config[MRDMODE] =
3054 (pci_dev->dev.config[MRDMODE] & ~0x30) | (val & 0x30);
3055 cmd646_update_irq(pci_dev);
3059 bm->status = (val & 0x60) | (bm->status & 1) | (bm->status & ~val & 0x06);
3062 pci_dev = bm->pci_dev;
3063 if (pci_dev->type == IDE_TYPE_CMD646) {
3064 if (bm == &pci_dev->bmdma[0])
3065 pci_dev->dev.config[UDIDETCR0] = val;
3067 pci_dev->dev.config[UDIDETCR1] = val;
3073 static uint32_t bmdma_addr_readb(void *opaque, uint32_t addr)
3075 BMDMAState *bm = opaque;
3077 val = (bm->addr >> ((addr & 3) * 8)) & 0xff;
3079 printf("%s: 0x%08x\n", __func__, val);
3084 static void bmdma_addr_writeb(void *opaque, uint32_t addr, uint32_t val)
3086 BMDMAState *bm = opaque;
3087 int shift = (addr & 3) * 8;
3089 printf("%s: 0x%08x\n", __func__, val);
3091 bm->addr &= ~(0xFF << shift);
3092 bm->addr |= ((val & 0xFF) << shift) & ~3;
3093 bm->cur_addr = bm->addr;
3096 static uint32_t bmdma_addr_readw(void *opaque, uint32_t addr)
3098 BMDMAState *bm = opaque;
3100 val = (bm->addr >> ((addr & 3) * 8)) & 0xffff;
3102 printf("%s: 0x%08x\n", __func__, val);
3107 static void bmdma_addr_writew(void *opaque, uint32_t addr, uint32_t val)
3109 BMDMAState *bm = opaque;
3110 int shift = (addr & 3) * 8;
3112 printf("%s: 0x%08x\n", __func__, val);
3114 bm->addr &= ~(0xFFFF << shift);
3115 bm->addr |= ((val & 0xFFFF) << shift) & ~3;
3116 bm->cur_addr = bm->addr;
3119 static uint32_t bmdma_addr_readl(void *opaque, uint32_t addr)
3121 BMDMAState *bm = opaque;
3125 printf("%s: 0x%08x\n", __func__, val);
3130 static void bmdma_addr_writel(void *opaque, uint32_t addr, uint32_t val)
3132 BMDMAState *bm = opaque;
3134 printf("%s: 0x%08x\n", __func__, val);
3136 bm->addr = val & ~3;
3137 bm->cur_addr = bm->addr;
3140 static void bmdma_map(PCIDevice *pci_dev, int region_num,
3141 uint32_t addr, uint32_t size, int type)
3143 PCIIDEState *d = (PCIIDEState *)pci_dev;
3146 for(i = 0;i < 2; i++) {
3147 BMDMAState *bm = &d->bmdma[i];
3148 d->ide_if[2 * i].bmdma = bm;
3149 d->ide_if[2 * i + 1].bmdma = bm;
3150 bm->pci_dev = (PCIIDEState *)pci_dev;
3151 qemu_add_vm_change_state_handler(ide_dma_restart_cb, bm);
3153 register_ioport_write(addr, 1, 1, bmdma_cmd_writeb, bm);
3155 register_ioport_write(addr + 1, 3, 1, bmdma_writeb, bm);
3156 register_ioport_read(addr, 4, 1, bmdma_readb, bm);
3158 register_ioport_write(addr + 4, 4, 1, bmdma_addr_writeb, bm);
3159 register_ioport_read(addr + 4, 4, 1, bmdma_addr_readb, bm);
3160 register_ioport_write(addr + 4, 4, 2, bmdma_addr_writew, bm);
3161 register_ioport_read(addr + 4, 4, 2, bmdma_addr_readw, bm);
3162 register_ioport_write(addr + 4, 4, 4, bmdma_addr_writel, bm);
3163 register_ioport_read(addr + 4, 4, 4, bmdma_addr_readl, bm);
3168 static void pci_ide_save(QEMUFile* f, void *opaque)
3170 PCIIDEState *d = opaque;
3173 pci_device_save(&d->dev, f);
3175 for(i = 0; i < 2; i++) {
3176 BMDMAState *bm = &d->bmdma[i];
3178 qemu_put_8s(f, &bm->cmd);
3179 qemu_put_8s(f, &bm->status);
3180 qemu_put_be32s(f, &bm->addr);
3181 qemu_put_sbe64s(f, &bm->sector_num);
3182 qemu_put_be32s(f, &bm->nsector);
3183 ifidx = bm->ide_if ? bm->ide_if - d->ide_if : 0;
3184 qemu_put_8s(f, &ifidx);
3185 /* XXX: if a transfer is pending, we do not save it yet */
3188 /* per IDE interface data */
3189 for(i = 0; i < 2; i++) {
3190 IDEState *s = &d->ide_if[i * 2];
3191 uint8_t drive1_selected;
3192 qemu_put_8s(f, &s->cmd);
3193 drive1_selected = (s->cur_drive != s);
3194 qemu_put_8s(f, &drive1_selected);
3197 /* per IDE drive data */
3198 for(i = 0; i < 4; i++) {
3199 ide_save(f, &d->ide_if[i]);
3203 static int pci_ide_load(QEMUFile* f, void *opaque, int version_id)
3205 PCIIDEState *d = opaque;
3208 if (version_id != 2)
3210 ret = pci_device_load(&d->dev, f);
3214 for(i = 0; i < 2; i++) {
3215 BMDMAState *bm = &d->bmdma[i];
3217 qemu_get_8s(f, &bm->cmd);
3218 qemu_get_8s(f, &bm->status);
3219 qemu_get_be32s(f, &bm->addr);
3220 qemu_get_sbe64s(f, &bm->sector_num);
3221 qemu_get_be32s(f, &bm->nsector);
3222 qemu_get_8s(f, &ifidx);
3223 bm->ide_if = &d->ide_if[ifidx];
3224 /* XXX: if a transfer is pending, we do not save it yet */
3227 /* per IDE interface data */
3228 for(i = 0; i < 2; i++) {
3229 IDEState *s = &d->ide_if[i * 2];
3230 uint8_t drive1_selected;
3231 qemu_get_8s(f, &s->cmd);
3232 qemu_get_8s(f, &drive1_selected);
3233 s->cur_drive = &d->ide_if[i * 2 + (drive1_selected != 0)];
3236 /* per IDE drive data */
3237 for(i = 0; i < 4; i++) {
3238 ide_load(f, &d->ide_if[i]);
3243 /* XXX: call it also when the MRDMODE is changed from the PCI config
3245 static void cmd646_update_irq(PCIIDEState *d)
3248 pci_level = ((d->dev.config[MRDMODE] & MRDMODE_INTR_CH0) &&
3249 !(d->dev.config[MRDMODE] & MRDMODE_BLK_CH0)) ||
3250 ((d->dev.config[MRDMODE] & MRDMODE_INTR_CH1) &&
3251 !(d->dev.config[MRDMODE] & MRDMODE_BLK_CH1));
3252 qemu_set_irq(d->dev.irq[0], pci_level);
3255 /* the PCI irq level is the logical OR of the two channels */
3256 static void cmd646_set_irq(void *opaque, int channel, int level)
3258 PCIIDEState *d = opaque;
3261 irq_mask = MRDMODE_INTR_CH0 << channel;
3263 d->dev.config[MRDMODE] |= irq_mask;
3265 d->dev.config[MRDMODE] &= ~irq_mask;
3266 cmd646_update_irq(d);
3269 static void cmd646_reset(void *opaque)
3271 PCIIDEState *d = opaque;
3274 for (i = 0; i < 2; i++)
3275 ide_dma_cancel(&d->bmdma[i]);
3278 /* CMD646 PCI IDE controller */
3279 void pci_cmd646_ide_init(PCIBus *bus, BlockDriverState **hd_table,
3280 int secondary_ide_enabled)
3287 d = (PCIIDEState *)pci_register_device(bus, "CMD646 IDE",
3288 sizeof(PCIIDEState),
3291 d->type = IDE_TYPE_CMD646;
3292 pci_conf = d->dev.config;
3293 pci_config_set_vendor_id(pci_conf, PCI_VENDOR_ID_CMD);
3294 pci_config_set_device_id(pci_conf, PCI_DEVICE_ID_CMD_646);
3296 pci_conf[0x08] = 0x07; // IDE controller revision
3297 pci_conf[0x09] = 0x8f;
3299 pci_config_set_class(pci_conf, PCI_CLASS_STORAGE_IDE);
3300 pci_conf[0x0e] = 0x00; // header_type
3302 pci_conf[0x51] = 0x04; // enable IDE0
3303 if (secondary_ide_enabled) {
3304 /* XXX: if not enabled, really disable the seconday IDE controller */
3305 pci_conf[0x51] |= 0x08; /* enable IDE1 */
3308 pci_register_io_region((PCIDevice *)d, 0, 0x8,
3309 PCI_ADDRESS_SPACE_IO, ide_map);
3310 pci_register_io_region((PCIDevice *)d, 1, 0x4,
3311 PCI_ADDRESS_SPACE_IO, ide_map);
3312 pci_register_io_region((PCIDevice *)d, 2, 0x8,
3313 PCI_ADDRESS_SPACE_IO, ide_map);
3314 pci_register_io_region((PCIDevice *)d, 3, 0x4,
3315 PCI_ADDRESS_SPACE_IO, ide_map);
3316 pci_register_io_region((PCIDevice *)d, 4, 0x10,
3317 PCI_ADDRESS_SPACE_IO, bmdma_map);
3319 pci_conf[0x3d] = 0x01; // interrupt on pin 1
3321 for(i = 0; i < 4; i++)
3322 d->ide_if[i].pci_dev = (PCIDevice *)d;
3324 irq = qemu_allocate_irqs(cmd646_set_irq, d, 2);
3325 ide_init2(&d->ide_if[0], hd_table[0], hd_table[1], irq[0]);
3326 ide_init2(&d->ide_if[2], hd_table[2], hd_table[3], irq[1]);
3328 register_savevm("ide", 0, 2, pci_ide_save, pci_ide_load, d);
3329 qemu_register_reset(cmd646_reset, d);
3333 static void piix3_reset(void *opaque)
3335 PCIIDEState *d = opaque;
3336 uint8_t *pci_conf = d->dev.config;
3339 for (i = 0; i < 2; i++)
3340 ide_dma_cancel(&d->bmdma[i]);
3342 pci_conf[0x04] = 0x00;
3343 pci_conf[0x05] = 0x00;
3344 pci_conf[0x06] = 0x80; /* FBC */
3345 pci_conf[0x07] = 0x02; // PCI_status_devsel_medium
3346 pci_conf[0x20] = 0x01; /* BMIBA: 20-23h */
3349 /* hd_table must contain 4 block drivers */
3350 /* NOTE: for the PIIX3, the IRQs and IOports are hardcoded */
3351 void pci_piix3_ide_init(PCIBus *bus, BlockDriverState **hd_table, int devfn,
3358 /* register a function 1 of PIIX3 */
3359 d = (PCIIDEState *)pci_register_device(bus, "PIIX3 IDE",
3360 sizeof(PCIIDEState),
3363 d->type = IDE_TYPE_PIIX3;
3365 pci_conf = d->dev.config;
3366 pci_config_set_vendor_id(pci_conf, PCI_VENDOR_ID_INTEL);
3367 pci_config_set_device_id(pci_conf, PCI_DEVICE_ID_INTEL_82371SB_1);
3368 pci_conf[0x09] = 0x80; // legacy ATA mode
3369 pci_config_set_class(pci_conf, PCI_CLASS_STORAGE_IDE);
3370 pci_conf[0x0e] = 0x00; // header_type
3372 qemu_register_reset(piix3_reset, d);
3375 pci_register_io_region((PCIDevice *)d, 4, 0x10,
3376 PCI_ADDRESS_SPACE_IO, bmdma_map);
3378 ide_init2(&d->ide_if[0], hd_table[0], hd_table[1], pic[14]);
3379 ide_init2(&d->ide_if[2], hd_table[2], hd_table[3], pic[15]);
3380 ide_init_ioport(&d->ide_if[0], 0x1f0, 0x3f6);
3381 ide_init_ioport(&d->ide_if[2], 0x170, 0x376);
3383 for (i = 0; i < 4; i++)
3385 hd_table[i]->private = &d->dev;
3387 register_savevm("ide", 0, 2, pci_ide_save, pci_ide_load, d);
3390 /* hd_table must contain 4 block drivers */
3391 /* NOTE: for the PIIX4, the IRQs and IOports are hardcoded */
3392 void pci_piix4_ide_init(PCIBus *bus, BlockDriverState **hd_table, int devfn,
3398 /* register a function 1 of PIIX4 */
3399 d = (PCIIDEState *)pci_register_device(bus, "PIIX4 IDE",
3400 sizeof(PCIIDEState),
3403 d->type = IDE_TYPE_PIIX4;
3405 pci_conf = d->dev.config;
3406 pci_config_set_vendor_id(pci_conf, PCI_VENDOR_ID_INTEL);
3407 pci_config_set_device_id(pci_conf, PCI_DEVICE_ID_INTEL_82371AB);
3408 pci_conf[0x09] = 0x80; // legacy ATA mode
3409 pci_config_set_class(pci_conf, PCI_CLASS_STORAGE_IDE);
3410 pci_conf[0x0e] = 0x00; // header_type
3412 qemu_register_reset(piix3_reset, d);
3415 pci_register_io_region((PCIDevice *)d, 4, 0x10,
3416 PCI_ADDRESS_SPACE_IO, bmdma_map);
3418 ide_init2(&d->ide_if[0], hd_table[0], hd_table[1], pic[14]);
3419 ide_init2(&d->ide_if[2], hd_table[2], hd_table[3], pic[15]);
3420 ide_init_ioport(&d->ide_if[0], 0x1f0, 0x3f6);
3421 ide_init_ioport(&d->ide_if[2], 0x170, 0x376);
3423 register_savevm("ide", 0, 2, pci_ide_save, pci_ide_load, d);
3426 #if defined(TARGET_PPC)
3427 /***********************************************************/
3428 /* MacIO based PowerPC IDE */
3430 typedef struct MACIOIDEState {
3432 BlockDriverAIOCB *aiocb;
3435 static void pmac_ide_atapi_transfer_cb(void *opaque, int ret)
3437 DBDMA_io *io = opaque;
3438 MACIOIDEState *m = io->opaque;
3439 IDEState *s = m->ide_if->cur_drive;
3443 qemu_sglist_destroy(&s->sg);
3444 ide_atapi_io_error(s, ret);
3445 io->dma_end(opaque);
3449 if (s->io_buffer_size > 0) {
3451 qemu_sglist_destroy(&s->sg);
3453 s->packet_transfer_size -= s->io_buffer_size;
3455 s->io_buffer_index += s->io_buffer_size;
3456 s->lba += s->io_buffer_index >> 11;
3457 s->io_buffer_index &= 0x7ff;
3460 if (s->packet_transfer_size <= 0)
3461 ide_atapi_cmd_ok(s);
3464 io->dma_end(opaque);
3468 /* launch next transfer */
3470 s->io_buffer_size = io->len;
3472 qemu_sglist_init(&s->sg, io->len / TARGET_PAGE_SIZE + 1);
3473 qemu_sglist_add(&s->sg, io->addr, io->len);
3474 io->addr += io->len;
3477 m->aiocb = dma_bdrv_read(s->bs, &s->sg,
3478 (int64_t)(s->lba << 2) + (s->io_buffer_index >> 9),
3479 pmac_ide_atapi_transfer_cb, io);
3481 qemu_sglist_destroy(&s->sg);
3482 /* Note: media not present is the most likely case */
3483 ide_atapi_cmd_error(s, SENSE_NOT_READY,
3484 ASC_MEDIUM_NOT_PRESENT);
3485 io->dma_end(opaque);
3490 static void pmac_ide_transfer_cb(void *opaque, int ret)
3492 DBDMA_io *io = opaque;
3493 MACIOIDEState *m = io->opaque;
3494 IDEState *s = m->ide_if->cur_drive;
3500 qemu_sglist_destroy(&s->sg);
3506 sector_num = ide_get_sector(s);
3507 if (s->io_buffer_size > 0) {
3509 qemu_sglist_destroy(&s->sg);
3510 n = (s->io_buffer_size + 0x1ff) >> 9;
3512 ide_set_sector(s, sector_num);
3516 /* end of transfer ? */
3517 if (s->nsector == 0) {
3518 s->status = READY_STAT | SEEK_STAT;
3529 /* launch next transfer */
3531 s->io_buffer_index = 0;
3532 s->io_buffer_size = io->len;
3534 qemu_sglist_init(&s->sg, io->len / TARGET_PAGE_SIZE + 1);
3535 qemu_sglist_add(&s->sg, io->addr, io->len);
3536 io->addr += io->len;
3540 m->aiocb = dma_bdrv_read(s->bs, &s->sg, sector_num,
3541 pmac_ide_transfer_cb, io);
3543 m->aiocb = dma_bdrv_write(s->bs, &s->sg, sector_num,
3544 pmac_ide_transfer_cb, io);
3546 pmac_ide_transfer_cb(io, -1);
3549 static void pmac_ide_transfer(DBDMA_io *io)
3551 MACIOIDEState *m = io->opaque;
3552 IDEState *s = m->ide_if->cur_drive;
3554 s->io_buffer_size = 0;
3556 pmac_ide_atapi_transfer_cb(io, 0);
3560 pmac_ide_transfer_cb(io, 0);
3563 static void pmac_ide_flush(DBDMA_io *io)
3565 MACIOIDEState *m = io->opaque;
3571 /* PowerMac IDE memory IO */
3572 static void pmac_ide_writeb (void *opaque,
3573 target_phys_addr_t addr, uint32_t val)
3575 MACIOIDEState *d = opaque;
3577 addr = (addr & 0xFFF) >> 4;
3580 ide_ioport_write(d->ide_if, addr, val);
3584 ide_cmd_write(d->ide_if, 0, val);
3591 static uint32_t pmac_ide_readb (void *opaque,target_phys_addr_t addr)
3594 MACIOIDEState *d = opaque;
3596 addr = (addr & 0xFFF) >> 4;
3599 retval = ide_ioport_read(d->ide_if, addr);
3603 retval = ide_status_read(d->ide_if, 0);
3612 static void pmac_ide_writew (void *opaque,
3613 target_phys_addr_t addr, uint32_t val)
3615 MACIOIDEState *d = opaque;
3617 addr = (addr & 0xFFF) >> 4;
3618 #ifdef TARGET_WORDS_BIGENDIAN
3622 ide_data_writew(d->ide_if, 0, val);
3626 static uint32_t pmac_ide_readw (void *opaque,target_phys_addr_t addr)
3629 MACIOIDEState *d = opaque;
3631 addr = (addr & 0xFFF) >> 4;
3633 retval = ide_data_readw(d->ide_if, 0);
3637 #ifdef TARGET_WORDS_BIGENDIAN
3638 retval = bswap16(retval);
3643 static void pmac_ide_writel (void *opaque,
3644 target_phys_addr_t addr, uint32_t val)
3646 MACIOIDEState *d = opaque;
3648 addr = (addr & 0xFFF) >> 4;
3649 #ifdef TARGET_WORDS_BIGENDIAN
3653 ide_data_writel(d->ide_if, 0, val);
3657 static uint32_t pmac_ide_readl (void *opaque,target_phys_addr_t addr)
3660 MACIOIDEState *d = opaque;
3662 addr = (addr & 0xFFF) >> 4;
3664 retval = ide_data_readl(d->ide_if, 0);
3666 retval = 0xFFFFFFFF;
3668 #ifdef TARGET_WORDS_BIGENDIAN
3669 retval = bswap32(retval);
3674 static CPUWriteMemoryFunc *pmac_ide_write[] = {
3680 static CPUReadMemoryFunc *pmac_ide_read[] = {
3686 static void pmac_ide_save(QEMUFile *f, void *opaque)
3688 MACIOIDEState *d = opaque;
3689 IDEState *s = d->ide_if;
3690 uint8_t drive1_selected;
3693 /* per IDE interface data */
3694 qemu_put_8s(f, &s->cmd);
3695 drive1_selected = (s->cur_drive != s);
3696 qemu_put_8s(f, &drive1_selected);
3698 /* per IDE drive data */
3699 for(i = 0; i < 2; i++) {
3704 static int pmac_ide_load(QEMUFile *f, void *opaque, int version_id)
3706 MACIOIDEState *d = opaque;
3707 IDEState *s = d->ide_if;
3708 uint8_t drive1_selected;
3711 if (version_id != 1)
3714 /* per IDE interface data */
3715 qemu_get_8s(f, &s->cmd);
3716 qemu_get_8s(f, &drive1_selected);
3717 s->cur_drive = &s[(drive1_selected != 0)];
3719 /* per IDE drive data */
3720 for(i = 0; i < 2; i++) {
3726 static void pmac_ide_reset(void *opaque)
3728 MACIOIDEState *d = opaque;
3729 IDEState *s = d->ide_if;
3735 /* hd_table must contain 4 block drivers */
3736 /* PowerMac uses memory mapped registers, not I/O. Return the memory
3737 I/O index to access the ide. */
3738 int pmac_ide_init (BlockDriverState **hd_table, qemu_irq irq,
3739 void *dbdma, int channel, qemu_irq dma_irq)
3742 int pmac_ide_memory;
3744 d = qemu_mallocz(sizeof(MACIOIDEState));
3745 ide_init2(d->ide_if, hd_table[0], hd_table[1], irq);
3748 DBDMA_register_channel(dbdma, channel, dma_irq, pmac_ide_transfer, pmac_ide_flush, d);
3750 pmac_ide_memory = cpu_register_io_memory(0, pmac_ide_read,
3752 register_savevm("ide", 0, 1, pmac_ide_save, pmac_ide_load, d);
3753 qemu_register_reset(pmac_ide_reset, d);
3756 return pmac_ide_memory;
3758 #endif /* TARGET_PPC */
3760 /***********************************************************/
3761 /* MMIO based ide port
3762 * This emulates IDE device connected directly to the CPU bus without
3763 * dedicated ide controller, which is often seen on embedded boards.
3771 static uint32_t mmio_ide_read (void *opaque, target_phys_addr_t addr)
3773 MMIOState *s = (MMIOState*)opaque;
3774 IDEState *ide = (IDEState*)s->dev;
3777 return ide_ioport_read(ide, addr);
3779 return ide_data_readw(ide, 0);
3782 static void mmio_ide_write (void *opaque, target_phys_addr_t addr,
3785 MMIOState *s = (MMIOState*)opaque;
3786 IDEState *ide = (IDEState*)s->dev;
3789 ide_ioport_write(ide, addr, val);
3791 ide_data_writew(ide, 0, val);
3794 static CPUReadMemoryFunc *mmio_ide_reads[] = {
3800 static CPUWriteMemoryFunc *mmio_ide_writes[] = {
3806 static uint32_t mmio_ide_status_read (void *opaque, target_phys_addr_t addr)
3808 MMIOState *s= (MMIOState*)opaque;
3809 IDEState *ide = (IDEState*)s->dev;
3810 return ide_status_read(ide, 0);
3813 static void mmio_ide_cmd_write (void *opaque, target_phys_addr_t addr,
3816 MMIOState *s = (MMIOState*)opaque;
3817 IDEState *ide = (IDEState*)s->dev;
3818 ide_cmd_write(ide, 0, val);
3821 static CPUReadMemoryFunc *mmio_ide_status[] = {
3822 mmio_ide_status_read,
3823 mmio_ide_status_read,
3824 mmio_ide_status_read,
3827 static CPUWriteMemoryFunc *mmio_ide_cmd[] = {
3833 void mmio_ide_init (target_phys_addr_t membase, target_phys_addr_t membase2,
3834 qemu_irq irq, int shift,
3835 BlockDriverState *hd0, BlockDriverState *hd1)
3837 MMIOState *s = qemu_mallocz(sizeof(MMIOState));
3838 IDEState *ide = qemu_mallocz(sizeof(IDEState) * 2);
3841 ide_init2(ide, hd0, hd1, irq);
3846 mem1 = cpu_register_io_memory(0, mmio_ide_reads, mmio_ide_writes, s);
3847 mem2 = cpu_register_io_memory(0, mmio_ide_status, mmio_ide_cmd, s);
3848 cpu_register_physical_memory(membase, 16 << shift, mem1);
3849 cpu_register_physical_memory(membase2, 2 << shift, mem2);
3852 /***********************************************************/
3853 /* CF-ATA Microdrive */
3855 #define METADATA_SIZE 0x20
3857 /* DSCM-1XXXX Microdrive hard disk with CF+ II / PCMCIA interface. */
3860 struct pcmcia_card_s card;
3874 /* Register bitfields */
3877 OPT_MODE_IOMAP16 = 1,
3878 OPT_MODE_IOMAP1 = 2,
3879 OPT_MODE_IOMAP2 = 3,
3890 STAT_CHANGED = 0x80,
3901 static inline void md_interrupt_update(struct md_s *s)
3906 qemu_set_irq(s->card.slot->irq,
3907 !(s->stat & STAT_INT) && /* Inverted */
3908 !(s->ctrl & (CTRL_IEN | CTRL_SRST)) &&
3909 !(s->opt & OPT_SRESET));
3912 static void md_set_irq(void *opaque, int irq, int level)
3914 struct md_s *s = (struct md_s *) opaque;
3916 s->stat |= STAT_INT;
3918 s->stat &= ~STAT_INT;
3920 md_interrupt_update(s);
3923 static void md_reset(struct md_s *s)
3925 s->opt = OPT_MODE_MMAP;
3933 static uint8_t md_attr_read(void *opaque, uint32_t at)
3935 struct md_s *s = (struct md_s *) opaque;
3936 if (at < s->attr_base) {
3937 if (at < s->card.cis_len)
3938 return s->card.cis[at];
3946 case 0x00: /* Configuration Option Register */
3948 case 0x02: /* Card Configuration Status Register */
3949 if (s->ctrl & CTRL_IEN)
3950 return s->stat & ~STAT_INT;
3953 case 0x04: /* Pin Replacement Register */
3954 return (s->pins & PINS_CRDY) | 0x0c;
3955 case 0x06: /* Socket and Copy Register */
3959 printf("%s: Bad attribute space register %02x\n", __FUNCTION__, at);
3966 static void md_attr_write(void *opaque, uint32_t at, uint8_t value)
3968 struct md_s *s = (struct md_s *) opaque;
3972 case 0x00: /* Configuration Option Register */
3973 s->opt = value & 0xcf;
3974 if (value & OPT_SRESET)
3976 md_interrupt_update(s);
3978 case 0x02: /* Card Configuration Status Register */
3979 if ((s->stat ^ value) & STAT_PWRDWN)
3980 s->pins |= PINS_CRDY;
3982 s->stat |= value & 0x74;
3983 md_interrupt_update(s);
3984 /* Word 170 in Identify Device must be equal to STAT_XE */
3986 case 0x04: /* Pin Replacement Register */
3987 s->pins &= PINS_CRDY;
3988 s->pins |= value & PINS_MRDY;
3990 case 0x06: /* Socket and Copy Register */
3993 printf("%s: Bad attribute space register %02x\n", __FUNCTION__, at);
3997 static uint16_t md_common_read(void *opaque, uint32_t at)
3999 struct md_s *s = (struct md_s *) opaque;
4003 switch (s->opt & OPT_MODE) {
4005 if ((at & ~0x3ff) == 0x400)
4008 case OPT_MODE_IOMAP16:
4011 case OPT_MODE_IOMAP1:
4012 if ((at & ~0xf) == 0x3f0)
4014 else if ((at & ~0xf) == 0x1f0)
4017 case OPT_MODE_IOMAP2:
4018 if ((at & ~0xf) == 0x370)
4020 else if ((at & ~0xf) == 0x170)
4025 case 0x0: /* Even RD Data */
4027 return ide_data_readw(s->ide, 0);
4029 /* TODO: 8-bit accesses */
4033 s->io = ide_data_readw(s->ide, 0);
4036 s->cycle = !s->cycle;
4038 case 0x9: /* Odd RD Data */
4040 case 0xd: /* Error */
4041 return ide_ioport_read(s->ide, 0x1);
4042 case 0xe: /* Alternate Status */
4043 if (s->ide->cur_drive->bs)
4044 return s->ide->cur_drive->status;
4047 case 0xf: /* Device Address */
4048 return 0xc2 | ((~s->ide->select << 2) & 0x3c);
4050 return ide_ioport_read(s->ide, at);
4056 static void md_common_write(void *opaque, uint32_t at, uint16_t value)
4058 struct md_s *s = (struct md_s *) opaque;
4061 switch (s->opt & OPT_MODE) {
4063 if ((at & ~0x3ff) == 0x400)
4066 case OPT_MODE_IOMAP16:
4069 case OPT_MODE_IOMAP1:
4070 if ((at & ~0xf) == 0x3f0)
4072 else if ((at & ~0xf) == 0x1f0)
4075 case OPT_MODE_IOMAP2:
4076 if ((at & ~0xf) == 0x370)
4078 else if ((at & ~0xf) == 0x170)
4083 case 0x0: /* Even WR Data */
4085 ide_data_writew(s->ide, 0, value);
4088 /* TODO: 8-bit accesses */
4090 ide_data_writew(s->ide, 0, s->io | (value << 8));
4092 s->io = value & 0xff;
4093 s->cycle = !s->cycle;
4096 s->io = value & 0xff;
4097 s->cycle = !s->cycle;
4099 case 0xd: /* Features */
4100 ide_ioport_write(s->ide, 0x1, value);
4102 case 0xe: /* Device Control */
4104 if (value & CTRL_SRST)
4106 md_interrupt_update(s);
4109 if (s->stat & STAT_PWRDWN) {
4110 s->pins |= PINS_CRDY;
4111 s->stat &= ~STAT_PWRDWN;
4113 ide_ioport_write(s->ide, at, value);
4117 static void md_save(QEMUFile *f, void *opaque)
4119 struct md_s *s = (struct md_s *) opaque;
4121 uint8_t drive1_selected;
4123 qemu_put_8s(f, &s->opt);
4124 qemu_put_8s(f, &s->stat);
4125 qemu_put_8s(f, &s->pins);
4127 qemu_put_8s(f, &s->ctrl);
4128 qemu_put_be16s(f, &s->io);
4129 qemu_put_byte(f, s->cycle);
4131 drive1_selected = (s->ide->cur_drive != s->ide);
4132 qemu_put_8s(f, &s->ide->cmd);
4133 qemu_put_8s(f, &drive1_selected);
4135 for (i = 0; i < 2; i ++)
4136 ide_save(f, &s->ide[i]);
4139 static int md_load(QEMUFile *f, void *opaque, int version_id)
4141 struct md_s *s = (struct md_s *) opaque;
4143 uint8_t drive1_selected;
4145 qemu_get_8s(f, &s->opt);
4146 qemu_get_8s(f, &s->stat);
4147 qemu_get_8s(f, &s->pins);
4149 qemu_get_8s(f, &s->ctrl);
4150 qemu_get_be16s(f, &s->io);
4151 s->cycle = qemu_get_byte(f);
4153 qemu_get_8s(f, &s->ide->cmd);
4154 qemu_get_8s(f, &drive1_selected);
4155 s->ide->cur_drive = &s->ide[(drive1_selected != 0)];
4157 for (i = 0; i < 2; i ++)
4158 ide_load(f, &s->ide[i]);
4163 static const uint8_t dscm1xxxx_cis[0x14a] = {
4164 [0x000] = CISTPL_DEVICE, /* 5V Device Information */
4165 [0x002] = 0x03, /* Tuple length = 4 bytes */
4166 [0x004] = 0xdb, /* ID: DTYPE_FUNCSPEC, non WP, DSPEED_150NS */
4167 [0x006] = 0x01, /* Size = 2K bytes */
4168 [0x008] = CISTPL_ENDMARK,
4170 [0x00a] = CISTPL_DEVICE_OC, /* Additional Device Information */
4171 [0x00c] = 0x04, /* Tuple length = 4 byest */
4172 [0x00e] = 0x03, /* Conditions: Ext = 0, Vcc 3.3V, MWAIT = 1 */
4173 [0x010] = 0xdb, /* ID: DTYPE_FUNCSPEC, non WP, DSPEED_150NS */
4174 [0x012] = 0x01, /* Size = 2K bytes */
4175 [0x014] = CISTPL_ENDMARK,
4177 [0x016] = CISTPL_JEDEC_C, /* JEDEC ID */
4178 [0x018] = 0x02, /* Tuple length = 2 bytes */
4179 [0x01a] = 0xdf, /* PC Card ATA with no Vpp required */
4182 [0x01e] = CISTPL_MANFID, /* Manufacture ID */
4183 [0x020] = 0x04, /* Tuple length = 4 bytes */
4184 [0x022] = 0xa4, /* TPLMID_MANF = 00a4 (IBM) */
4186 [0x026] = 0x00, /* PLMID_CARD = 0000 */
4189 [0x02a] = CISTPL_VERS_1, /* Level 1 Version */
4190 [0x02c] = 0x12, /* Tuple length = 23 bytes */
4191 [0x02e] = 0x04, /* Major Version = JEIDA 4.2 / PCMCIA 2.1 */
4192 [0x030] = 0x01, /* Minor Version = 1 */
4208 [0x050] = CISTPL_ENDMARK,
4210 [0x052] = CISTPL_FUNCID, /* Function ID */
4211 [0x054] = 0x02, /* Tuple length = 2 bytes */
4212 [0x056] = 0x04, /* TPLFID_FUNCTION = Fixed Disk */
4213 [0x058] = 0x01, /* TPLFID_SYSINIT: POST = 1, ROM = 0 */
4215 [0x05a] = CISTPL_FUNCE, /* Function Extension */
4216 [0x05c] = 0x02, /* Tuple length = 2 bytes */
4217 [0x05e] = 0x01, /* TPLFE_TYPE = Disk Device Interface */
4218 [0x060] = 0x01, /* TPLFE_DATA = PC Card ATA Interface */
4220 [0x062] = CISTPL_FUNCE, /* Function Extension */
4221 [0x064] = 0x03, /* Tuple length = 3 bytes */
4222 [0x066] = 0x02, /* TPLFE_TYPE = Basic PC Card ATA Interface */
4223 [0x068] = 0x08, /* TPLFE_DATA: Rotating, Unique, Single */
4224 [0x06a] = 0x0f, /* TPLFE_DATA: Sleep, Standby, Idle, Auto */
4226 [0x06c] = CISTPL_CONFIG, /* Configuration */
4227 [0x06e] = 0x05, /* Tuple length = 5 bytes */
4228 [0x070] = 0x01, /* TPCC_RASZ = 2 bytes, TPCC_RMSZ = 1 byte */
4229 [0x072] = 0x07, /* TPCC_LAST = 7 */
4230 [0x074] = 0x00, /* TPCC_RADR = 0200 */
4232 [0x078] = 0x0f, /* TPCC_RMSK = 200, 202, 204, 206 */
4234 [0x07a] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
4235 [0x07c] = 0x0b, /* Tuple length = 11 bytes */
4236 [0x07e] = 0xc0, /* TPCE_INDX = Memory Mode, Default, Iface */
4237 [0x080] = 0xc0, /* TPCE_IF = Memory, no BVDs, no WP, READY */
4238 [0x082] = 0xa1, /* TPCE_FS = Vcc only, no I/O, Memory, Misc */
4239 [0x084] = 0x27, /* NomV = 1, MinV = 1, MaxV = 1, Peakl = 1 */
4240 [0x086] = 0x55, /* NomV: 5.0 V */
4241 [0x088] = 0x4d, /* MinV: 4.5 V */
4242 [0x08a] = 0x5d, /* MaxV: 5.5 V */
4243 [0x08c] = 0x4e, /* Peakl: 450 mA */
4244 [0x08e] = 0x08, /* TPCE_MS = 1 window, 1 byte, Host address */
4245 [0x090] = 0x00, /* Window descriptor: Window length = 0 */
4246 [0x092] = 0x20, /* TPCE_MI: support power down mode, RW */
4248 [0x094] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
4249 [0x096] = 0x06, /* Tuple length = 6 bytes */
4250 [0x098] = 0x00, /* TPCE_INDX = Memory Mode, no Default */
4251 [0x09a] = 0x01, /* TPCE_FS = Vcc only, no I/O, no Memory */
4252 [0x09c] = 0x21, /* NomV = 1, MinV = 0, MaxV = 0, Peakl = 1 */
4253 [0x09e] = 0xb5, /* NomV: 3.3 V */
4255 [0x0a2] = 0x3e, /* Peakl: 350 mA */
4257 [0x0a4] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
4258 [0x0a6] = 0x0d, /* Tuple length = 13 bytes */
4259 [0x0a8] = 0xc1, /* TPCE_INDX = I/O and Memory Mode, Default */
4260 [0x0aa] = 0x41, /* TPCE_IF = I/O and Memory, no BVD, no WP */
4261 [0x0ac] = 0x99, /* TPCE_FS = Vcc only, I/O, Interrupt, Misc */
4262 [0x0ae] = 0x27, /* NomV = 1, MinV = 1, MaxV = 1, Peakl = 1 */
4263 [0x0b0] = 0x55, /* NomV: 5.0 V */
4264 [0x0b2] = 0x4d, /* MinV: 4.5 V */
4265 [0x0b4] = 0x5d, /* MaxV: 5.5 V */
4266 [0x0b6] = 0x4e, /* Peakl: 450 mA */
4267 [0x0b8] = 0x64, /* TPCE_IO = 16-byte boundary, 16/8 accesses */
4268 [0x0ba] = 0xf0, /* TPCE_IR = MASK, Level, Pulse, Share */
4269 [0x0bc] = 0xff, /* IRQ0..IRQ7 supported */
4270 [0x0be] = 0xff, /* IRQ8..IRQ15 supported */
4271 [0x0c0] = 0x20, /* TPCE_MI = support power down mode */
4273 [0x0c2] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
4274 [0x0c4] = 0x06, /* Tuple length = 6 bytes */
4275 [0x0c6] = 0x01, /* TPCE_INDX = I/O and Memory Mode */
4276 [0x0c8] = 0x01, /* TPCE_FS = Vcc only, no I/O, no Memory */
4277 [0x0ca] = 0x21, /* NomV = 1, MinV = 0, MaxV = 0, Peakl = 1 */
4278 [0x0cc] = 0xb5, /* NomV: 3.3 V */
4280 [0x0d0] = 0x3e, /* Peakl: 350 mA */
4282 [0x0d2] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
4283 [0x0d4] = 0x12, /* Tuple length = 18 bytes */
4284 [0x0d6] = 0xc2, /* TPCE_INDX = I/O Primary Mode */
4285 [0x0d8] = 0x41, /* TPCE_IF = I/O and Memory, no BVD, no WP */
4286 [0x0da] = 0x99, /* TPCE_FS = Vcc only, I/O, Interrupt, Misc */
4287 [0x0dc] = 0x27, /* NomV = 1, MinV = 1, MaxV = 1, Peakl = 1 */
4288 [0x0de] = 0x55, /* NomV: 5.0 V */
4289 [0x0e0] = 0x4d, /* MinV: 4.5 V */
4290 [0x0e2] = 0x5d, /* MaxV: 5.5 V */
4291 [0x0e4] = 0x4e, /* Peakl: 450 mA */
4292 [0x0e6] = 0xea, /* TPCE_IO = 1K boundary, 16/8 access, Range */
4293 [0x0e8] = 0x61, /* Range: 2 fields, 2 bytes addr, 1 byte len */
4294 [0x0ea] = 0xf0, /* Field 1 address = 0x01f0 */
4296 [0x0ee] = 0x07, /* Address block length = 8 */
4297 [0x0f0] = 0xf6, /* Field 2 address = 0x03f6 */
4299 [0x0f4] = 0x01, /* Address block length = 2 */
4300 [0x0f6] = 0xee, /* TPCE_IR = IRQ E, Level, Pulse, Share */
4301 [0x0f8] = 0x20, /* TPCE_MI = support power down mode */
4303 [0x0fa] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
4304 [0x0fc] = 0x06, /* Tuple length = 6 bytes */
4305 [0x0fe] = 0x02, /* TPCE_INDX = I/O Primary Mode, no Default */
4306 [0x100] = 0x01, /* TPCE_FS = Vcc only, no I/O, no Memory */
4307 [0x102] = 0x21, /* NomV = 1, MinV = 0, MaxV = 0, Peakl = 1 */
4308 [0x104] = 0xb5, /* NomV: 3.3 V */
4310 [0x108] = 0x3e, /* Peakl: 350 mA */
4312 [0x10a] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
4313 [0x10c] = 0x12, /* Tuple length = 18 bytes */
4314 [0x10e] = 0xc3, /* TPCE_INDX = I/O Secondary Mode, Default */
4315 [0x110] = 0x41, /* TPCE_IF = I/O and Memory, no BVD, no WP */
4316 [0x112] = 0x99, /* TPCE_FS = Vcc only, I/O, Interrupt, Misc */
4317 [0x114] = 0x27, /* NomV = 1, MinV = 1, MaxV = 1, Peakl = 1 */
4318 [0x116] = 0x55, /* NomV: 5.0 V */
4319 [0x118] = 0x4d, /* MinV: 4.5 V */
4320 [0x11a] = 0x5d, /* MaxV: 5.5 V */
4321 [0x11c] = 0x4e, /* Peakl: 450 mA */
4322 [0x11e] = 0xea, /* TPCE_IO = 1K boundary, 16/8 access, Range */
4323 [0x120] = 0x61, /* Range: 2 fields, 2 byte addr, 1 byte len */
4324 [0x122] = 0x70, /* Field 1 address = 0x0170 */
4326 [0x126] = 0x07, /* Address block length = 8 */
4327 [0x128] = 0x76, /* Field 2 address = 0x0376 */
4329 [0x12c] = 0x01, /* Address block length = 2 */
4330 [0x12e] = 0xee, /* TPCE_IR = IRQ E, Level, Pulse, Share */
4331 [0x130] = 0x20, /* TPCE_MI = support power down mode */
4333 [0x132] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
4334 [0x134] = 0x06, /* Tuple length = 6 bytes */
4335 [0x136] = 0x03, /* TPCE_INDX = I/O Secondary Mode */
4336 [0x138] = 0x01, /* TPCE_FS = Vcc only, no I/O, no Memory */
4337 [0x13a] = 0x21, /* NomV = 1, MinV = 0, MaxV = 0, Peakl = 1 */
4338 [0x13c] = 0xb5, /* NomV: 3.3 V */
4340 [0x140] = 0x3e, /* Peakl: 350 mA */
4342 [0x142] = CISTPL_NO_LINK, /* No Link */
4343 [0x144] = 0x00, /* Tuple length = 0 bytes */
4345 [0x146] = CISTPL_END, /* Tuple End */
4348 static int dscm1xxxx_attach(void *opaque)
4350 struct md_s *md = (struct md_s *) opaque;
4351 md->card.attr_read = md_attr_read;
4352 md->card.attr_write = md_attr_write;
4353 md->card.common_read = md_common_read;
4354 md->card.common_write = md_common_write;
4355 md->card.io_read = md_common_read;
4356 md->card.io_write = md_common_write;
4358 md->attr_base = md->card.cis[0x74] | (md->card.cis[0x76] << 8);
4362 md_interrupt_update(md);
4364 md->card.slot->card_string = "DSCM-1xxxx Hitachi Microdrive";
4368 static int dscm1xxxx_detach(void *opaque)
4370 struct md_s *md = (struct md_s *) opaque;
4375 struct pcmcia_card_s *dscm1xxxx_init(BlockDriverState *bdrv)
4377 struct md_s *md = (struct md_s *) qemu_mallocz(sizeof(struct md_s));
4378 md->card.state = md;
4379 md->card.attach = dscm1xxxx_attach;
4380 md->card.detach = dscm1xxxx_detach;
4381 md->card.cis = dscm1xxxx_cis;
4382 md->card.cis_len = sizeof(dscm1xxxx_cis);
4384 ide_init2(md->ide, bdrv, 0, qemu_allocate_irqs(md_set_irq, md, 1)[0]);
4386 md->ide->mdata_size = METADATA_SIZE;
4387 md->ide->mdata_storage = (uint8_t *) qemu_mallocz(METADATA_SIZE);
4389 register_savevm("microdrive", -1, 0, md_save, md_load, md);
projects / qemu / blob