2 * QEMU IDE disk and CD-ROM Emulator
4 * Copyright (c) 2003 Fabrice Bellard
6 * Permission is hereby granted, free of charge, to any person obtaining a copy
7 * of this software and associated documentation files (the "Software"), to deal
8 * in the Software without restriction, including without limitation the rights
9 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
10 * copies of the Software, and to permit persons to whom the Software is
11 * furnished to do so, subject to the following conditions:
13 * The above copyright notice and this permission notice shall be included in
14 * all copies or substantial portions of the Software.
16 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
17 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
18 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
19 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
20 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
21 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
26 /* debug IDE devices */
28 //#define DEBUG_IDE_ATAPI
32 /* Bits of HD_STATUS */
34 #define INDEX_STAT 0x02
35 #define ECC_STAT 0x04 /* Corrected error */
37 #define SEEK_STAT 0x10
39 #define WRERR_STAT 0x20
40 #define READY_STAT 0x40
41 #define BUSY_STAT 0x80
43 /* Bits for HD_ERROR */
44 #define MARK_ERR 0x01 /* Bad address mark */
45 #define TRK0_ERR 0x02 /* couldn't find track 0 */
46 #define ABRT_ERR 0x04 /* Command aborted */
47 #define MCR_ERR 0x08 /* media change request */
48 #define ID_ERR 0x10 /* ID field not found */
49 #define MC_ERR 0x20 /* media changed */
50 #define ECC_ERR 0x40 /* Uncorrectable ECC error */
51 #define BBD_ERR 0x80 /* pre-EIDE meaning: block marked bad */
52 #define ICRC_ERR 0x80 /* new meaning: CRC error during transfer */
54 /* Bits of HD_NSECTOR */
60 #define IDE_CMD_RESET 0x04
61 #define IDE_CMD_DISABLE_IRQ 0x02
63 /* ATA/ATAPI Commands pre T13 Spec */
68 #define CFA_REQ_EXT_ERROR_CODE 0x03 /* CFA Request Extended Error Code */
72 #define WIN_SRST 0x08 /* ATAPI soft reset command */
73 #define WIN_DEVICE_RESET 0x08
77 #define WIN_RECAL 0x10
78 #define WIN_RESTORE WIN_RECAL
82 #define WIN_READ 0x20 /* 28-Bit */
83 #define WIN_READ_ONCE 0x21 /* 28-Bit without retries */
84 #define WIN_READ_LONG 0x22 /* 28-Bit */
85 #define WIN_READ_LONG_ONCE 0x23 /* 28-Bit without retries */
86 #define WIN_READ_EXT 0x24 /* 48-Bit */
87 #define WIN_READDMA_EXT 0x25 /* 48-Bit */
88 #define WIN_READDMA_QUEUED_EXT 0x26 /* 48-Bit */
89 #define WIN_READ_NATIVE_MAX_EXT 0x27 /* 48-Bit */
93 #define WIN_MULTREAD_EXT 0x29 /* 48-Bit */
97 #define WIN_WRITE 0x30 /* 28-Bit */
98 #define WIN_WRITE_ONCE 0x31 /* 28-Bit without retries */
99 #define WIN_WRITE_LONG 0x32 /* 28-Bit */
100 #define WIN_WRITE_LONG_ONCE 0x33 /* 28-Bit without retries */
101 #define WIN_WRITE_EXT 0x34 /* 48-Bit */
102 #define WIN_WRITEDMA_EXT 0x35 /* 48-Bit */
103 #define WIN_WRITEDMA_QUEUED_EXT 0x36 /* 48-Bit */
104 #define WIN_SET_MAX_EXT 0x37 /* 48-Bit */
105 #define CFA_WRITE_SECT_WO_ERASE 0x38 /* CFA Write Sectors without erase */
106 #define WIN_MULTWRITE_EXT 0x39 /* 48-Bit */
108 * 0x3A->0x3B Reserved
110 #define WIN_WRITE_VERIFY 0x3C /* 28-Bit */
112 * 0x3D->0x3F Reserved
114 #define WIN_VERIFY 0x40 /* 28-Bit - Read Verify Sectors */
115 #define WIN_VERIFY_ONCE 0x41 /* 28-Bit - without retries */
116 #define WIN_VERIFY_EXT 0x42 /* 48-Bit */
118 * 0x43->0x4F Reserved
120 #define WIN_FORMAT 0x50
122 * 0x51->0x5F Reserved
124 #define WIN_INIT 0x60
126 * 0x61->0x5F Reserved
128 #define WIN_SEEK 0x70 /* 0x70-0x7F Reserved */
129 #define CFA_TRANSLATE_SECTOR 0x87 /* CFA Translate Sector */
130 #define WIN_DIAGNOSE 0x90
131 #define WIN_SPECIFY 0x91 /* set drive geometry translation */
132 #define WIN_DOWNLOAD_MICROCODE 0x92
133 #define WIN_STANDBYNOW2 0x94
134 #define WIN_STANDBY2 0x96
135 #define WIN_SETIDLE2 0x97
136 #define WIN_CHECKPOWERMODE2 0x98
137 #define WIN_SLEEPNOW2 0x99
141 #define WIN_PACKETCMD 0xA0 /* Send a packet command. */
142 #define WIN_PIDENTIFY 0xA1 /* identify ATAPI device */
143 #define WIN_QUEUED_SERVICE 0xA2
144 #define WIN_SMART 0xB0 /* self-monitoring and reporting */
145 #define CFA_ERASE_SECTORS 0xC0
146 #define WIN_MULTREAD 0xC4 /* read sectors using multiple mode*/
147 #define WIN_MULTWRITE 0xC5 /* write sectors using multiple mode */
148 #define WIN_SETMULT 0xC6 /* enable/disable multiple mode */
149 #define WIN_READDMA_QUEUED 0xC7 /* read sectors using Queued DMA transfers */
150 #define WIN_READDMA 0xC8 /* read sectors using DMA transfers */
151 #define WIN_READDMA_ONCE 0xC9 /* 28-Bit - without retries */
152 #define WIN_WRITEDMA 0xCA /* write sectors using DMA transfers */
153 #define WIN_WRITEDMA_ONCE 0xCB /* 28-Bit - without retries */
154 #define WIN_WRITEDMA_QUEUED 0xCC /* write sectors using Queued DMA transfers */
155 #define CFA_WRITE_MULTI_WO_ERASE 0xCD /* CFA Write multiple without erase */
156 #define WIN_GETMEDIASTATUS 0xDA
157 #define WIN_ACKMEDIACHANGE 0xDB /* ATA-1, ATA-2 vendor */
158 #define WIN_POSTBOOT 0xDC
159 #define WIN_PREBOOT 0xDD
160 #define WIN_DOORLOCK 0xDE /* lock door on removable drives */
161 #define WIN_DOORUNLOCK 0xDF /* unlock door on removable drives */
162 #define WIN_STANDBYNOW1 0xE0
163 #define WIN_IDLEIMMEDIATE 0xE1 /* force drive to become "ready" */
164 #define WIN_STANDBY 0xE2 /* Set device in Standby Mode */
165 #define WIN_SETIDLE1 0xE3
166 #define WIN_READ_BUFFER 0xE4 /* force read only 1 sector */
167 #define WIN_CHECKPOWERMODE1 0xE5
168 #define WIN_SLEEPNOW1 0xE6
169 #define WIN_FLUSH_CACHE 0xE7
170 #define WIN_WRITE_BUFFER 0xE8 /* force write only 1 sector */
171 #define WIN_WRITE_SAME 0xE9 /* read ata-2 to use */
172 /* SET_FEATURES 0x22 or 0xDD */
173 #define WIN_FLUSH_CACHE_EXT 0xEA /* 48-Bit */
174 #define WIN_IDENTIFY 0xEC /* ask drive to identify itself */
175 #define WIN_MEDIAEJECT 0xED
176 #define WIN_IDENTIFY_DMA 0xEE /* same as WIN_IDENTIFY, but DMA */
177 #define WIN_SETFEATURES 0xEF /* set special drive features */
178 #define EXABYTE_ENABLE_NEST 0xF0
179 #define WIN_SECURITY_SET_PASS 0xF1
180 #define WIN_SECURITY_UNLOCK 0xF2
181 #define WIN_SECURITY_ERASE_PREPARE 0xF3
182 #define WIN_SECURITY_ERASE_UNIT 0xF4
183 #define WIN_SECURITY_FREEZE_LOCK 0xF5
184 #define WIN_SECURITY_DISABLE 0xF6
185 #define WIN_READ_NATIVE_MAX 0xF8 /* return the native maximum address */
186 #define WIN_SET_MAX 0xF9
187 #define DISABLE_SEAGATE 0xFB
189 /* set to 1 set disable mult support */
190 #define MAX_MULT_SECTORS 16
194 #define ATAPI_PACKET_SIZE 12
196 /* The generic packet command opcodes for CD/DVD Logical Units,
197 * From Table 57 of the SFF8090 Ver. 3 (Mt. Fuji) draft standard. */
198 #define GPCMD_BLANK 0xa1
199 #define GPCMD_CLOSE_TRACK 0x5b
200 #define GPCMD_FLUSH_CACHE 0x35
201 #define GPCMD_FORMAT_UNIT 0x04
202 #define GPCMD_GET_CONFIGURATION 0x46
203 #define GPCMD_GET_EVENT_STATUS_NOTIFICATION 0x4a
204 #define GPCMD_GET_PERFORMANCE 0xac
205 #define GPCMD_INQUIRY 0x12
206 #define GPCMD_LOAD_UNLOAD 0xa6
207 #define GPCMD_MECHANISM_STATUS 0xbd
208 #define GPCMD_MODE_SELECT_10 0x55
209 #define GPCMD_MODE_SENSE_10 0x5a
210 #define GPCMD_PAUSE_RESUME 0x4b
211 #define GPCMD_PLAY_AUDIO_10 0x45
212 #define GPCMD_PLAY_AUDIO_MSF 0x47
213 #define GPCMD_PLAY_AUDIO_TI 0x48
214 #define GPCMD_PLAY_CD 0xbc
215 #define GPCMD_PREVENT_ALLOW_MEDIUM_REMOVAL 0x1e
216 #define GPCMD_READ_10 0x28
217 #define GPCMD_READ_12 0xa8
218 #define GPCMD_READ_CDVD_CAPACITY 0x25
219 #define GPCMD_READ_CD 0xbe
220 #define GPCMD_READ_CD_MSF 0xb9
221 #define GPCMD_READ_DISC_INFO 0x51
222 #define GPCMD_READ_DVD_STRUCTURE 0xad
223 #define GPCMD_READ_FORMAT_CAPACITIES 0x23
224 #define GPCMD_READ_HEADER 0x44
225 #define GPCMD_READ_TRACK_RZONE_INFO 0x52
226 #define GPCMD_READ_SUBCHANNEL 0x42
227 #define GPCMD_READ_TOC_PMA_ATIP 0x43
228 #define GPCMD_REPAIR_RZONE_TRACK 0x58
229 #define GPCMD_REPORT_KEY 0xa4
230 #define GPCMD_REQUEST_SENSE 0x03
231 #define GPCMD_RESERVE_RZONE_TRACK 0x53
232 #define GPCMD_SCAN 0xba
233 #define GPCMD_SEEK 0x2b
234 #define GPCMD_SEND_DVD_STRUCTURE 0xad
235 #define GPCMD_SEND_EVENT 0xa2
236 #define GPCMD_SEND_KEY 0xa3
237 #define GPCMD_SEND_OPC 0x54
238 #define GPCMD_SET_READ_AHEAD 0xa7
239 #define GPCMD_SET_STREAMING 0xb6
240 #define GPCMD_START_STOP_UNIT 0x1b
241 #define GPCMD_STOP_PLAY_SCAN 0x4e
242 #define GPCMD_TEST_UNIT_READY 0x00
243 #define GPCMD_VERIFY_10 0x2f
244 #define GPCMD_WRITE_10 0x2a
245 #define GPCMD_WRITE_AND_VERIFY_10 0x2e
246 /* This is listed as optional in ATAPI 2.6, but is (curiously)
247 * missing from Mt. Fuji, Table 57. It _is_ mentioned in Mt. Fuji
248 * Table 377 as an MMC command for SCSi devices though... Most ATAPI
249 * drives support it. */
250 #define GPCMD_SET_SPEED 0xbb
251 /* This seems to be a SCSI specific CD-ROM opcode
252 * to play data at track/index */
253 #define GPCMD_PLAYAUDIO_TI 0x48
255 * From MS Media Status Notification Support Specification. For
258 #define GPCMD_GET_MEDIA_STATUS 0xda
260 /* Mode page codes for mode sense/set */
261 #define GPMODE_R_W_ERROR_PAGE 0x01
262 #define GPMODE_WRITE_PARMS_PAGE 0x05
263 #define GPMODE_AUDIO_CTL_PAGE 0x0e
264 #define GPMODE_POWER_PAGE 0x1a
265 #define GPMODE_FAULT_FAIL_PAGE 0x1c
266 #define GPMODE_TO_PROTECT_PAGE 0x1d
267 #define GPMODE_CAPABILITIES_PAGE 0x2a
268 #define GPMODE_ALL_PAGES 0x3f
269 /* Not in Mt. Fuji, but in ATAPI 2.6 -- depricated now in favor
270 * of MODE_SENSE_POWER_PAGE */
271 #define GPMODE_CDROM_PAGE 0x0d
273 #define ATAPI_INT_REASON_CD 0x01 /* 0 = data transfer */
274 #define ATAPI_INT_REASON_IO 0x02 /* 1 = transfer to the host */
275 #define ATAPI_INT_REASON_REL 0x04
276 #define ATAPI_INT_REASON_TAG 0xf8
278 /* same constants as bochs */
279 #define ASC_ILLEGAL_OPCODE 0x20
280 #define ASC_LOGICAL_BLOCK_OOR 0x21
281 #define ASC_INV_FIELD_IN_CMD_PACKET 0x24
282 #define ASC_MEDIUM_NOT_PRESENT 0x3a
283 #define ASC_SAVING_PARAMETERS_NOT_SUPPORTED 0x39
286 #define SENSE_NOT_READY 2
287 #define SENSE_ILLEGAL_REQUEST 5
288 #define SENSE_UNIT_ATTENTION 6
292 typedef void EndTransferFunc(struct IDEState *);
294 /* NOTE: IDEState represents in fact one drive */
295 typedef struct IDEState {
298 int cylinders, heads, sectors;
302 uint16_t identify_data[256];
307 struct BMDMAState *bmdma;
316 /* other part of tf for lba48 support */
326 /* 0x3f6 command, only meaningful for drive 0 */
328 /* set for lba48 access */
330 /* depends on bit 4 in select, only meaningful for drive 0 */
331 struct IDEState *cur_drive;
332 BlockDriverState *bs;
336 int packet_transfer_size;
337 int elementary_transfer_size;
341 int atapi_dma; /* true if dma is requested for the packet cmd */
344 /* PIO transfer handling */
345 int req_nb_sectors; /* number of sectors per interrupt */
346 EndTransferFunc *end_transfer_func;
349 uint8_t io_buffer[MAX_MULT_SECTORS*512 + 4];
350 QEMUTimer *sector_write_timer; /* only used for win2k instal hack */
351 uint32_t irq_count; /* counts IRQs when using win2k install hack */
354 #define BM_STATUS_DMAING 0x01
355 #define BM_STATUS_ERROR 0x02
356 #define BM_STATUS_INT 0x04
358 #define BM_CMD_START 0x01
359 #define BM_CMD_READ 0x08
361 #define IDE_TYPE_PIIX3 0
362 #define IDE_TYPE_CMD646 1
364 /* CMD646 specific */
366 #define MRDMODE_INTR_CH0 0x04
367 #define MRDMODE_INTR_CH1 0x08
368 #define MRDMODE_BLK_CH0 0x10
369 #define MRDMODE_BLK_CH1 0x20
370 #define UDIDETCR0 0x73
371 #define UDIDETCR1 0x7B
373 typedef struct BMDMAState {
378 struct PCIIDEState *pci_dev;
379 /* current transfer state */
381 uint32_t cur_prd_last;
382 uint32_t cur_prd_addr;
383 uint32_t cur_prd_len;
385 BlockDriverCompletionFunc *dma_cb;
386 BlockDriverAIOCB *aiocb;
389 typedef struct PCIIDEState {
393 int type; /* see IDE_TYPE_xxx */
396 static void ide_dma_start(IDEState *s, BlockDriverCompletionFunc *dma_cb);
397 static void ide_atapi_cmd_read_dma_cb(void *opaque, int ret);
399 static void padstr(char *str, const char *src, int len)
402 for(i = 0; i < len; i++) {
407 *(char *)((long)str ^ 1) = v;
412 static void padstr8(uint8_t *buf, int buf_size, const char *src)
415 for(i = 0; i < buf_size; i++) {
423 static void put_le16(uint16_t *p, unsigned int v)
428 static void ide_identify(IDEState *s)
431 unsigned int oldsize;
434 if (s->identify_set) {
435 memcpy(s->io_buffer, s->identify_data, sizeof(s->identify_data));
439 memset(s->io_buffer, 0, 512);
440 p = (uint16_t *)s->io_buffer;
441 put_le16(p + 0, 0x0040);
442 put_le16(p + 1, s->cylinders);
443 put_le16(p + 3, s->heads);
444 put_le16(p + 4, 512 * s->sectors); /* XXX: retired, remove ? */
445 put_le16(p + 5, 512); /* XXX: retired, remove ? */
446 put_le16(p + 6, s->sectors);
447 snprintf(buf, sizeof(buf), "QM%05d", s->drive_serial);
448 padstr((uint8_t *)(p + 10), buf, 20); /* serial number */
449 put_le16(p + 20, 3); /* XXX: retired, remove ? */
450 put_le16(p + 21, 512); /* cache size in sectors */
451 put_le16(p + 22, 4); /* ecc bytes */
452 padstr((uint8_t *)(p + 23), QEMU_VERSION, 8); /* firmware version */
453 padstr((uint8_t *)(p + 27), "QEMU HARDDISK", 40); /* model */
454 #if MAX_MULT_SECTORS > 1
455 put_le16(p + 47, 0x8000 | MAX_MULT_SECTORS);
457 put_le16(p + 48, 1); /* dword I/O */
458 put_le16(p + 49, (1 << 11) | (1 << 9) | (1 << 8)); /* DMA and LBA supported */
459 put_le16(p + 51, 0x200); /* PIO transfer cycle */
460 put_le16(p + 52, 0x200); /* DMA transfer cycle */
461 put_le16(p + 53, 1 | (1 << 1) | (1 << 2)); /* words 54-58,64-70,88 are valid */
462 put_le16(p + 54, s->cylinders);
463 put_le16(p + 55, s->heads);
464 put_le16(p + 56, s->sectors);
465 oldsize = s->cylinders * s->heads * s->sectors;
466 put_le16(p + 57, oldsize);
467 put_le16(p + 58, oldsize >> 16);
469 put_le16(p + 59, 0x100 | s->mult_sectors);
470 put_le16(p + 60, s->nb_sectors);
471 put_le16(p + 61, s->nb_sectors >> 16);
472 put_le16(p + 63, 0x07); /* mdma0-2 supported */
473 put_le16(p + 65, 120);
474 put_le16(p + 66, 120);
475 put_le16(p + 67, 120);
476 put_le16(p + 68, 120);
477 put_le16(p + 80, 0xf0); /* ata3 -> ata6 supported */
478 put_le16(p + 81, 0x16); /* conforms to ata5 */
479 put_le16(p + 82, (1 << 14));
480 /* 13=flush_cache_ext,12=flush_cache,10=lba48 */
481 put_le16(p + 83, (1 << 14) | (1 << 13) | (1 <<12) | (1 << 10));
482 put_le16(p + 84, (1 << 14));
483 put_le16(p + 85, (1 << 14));
484 /* 13=flush_cache_ext,12=flush_cache,10=lba48 */
485 put_le16(p + 86, (1 << 14) | (1 << 13) | (1 <<12) | (1 << 10));
486 put_le16(p + 87, (1 << 14));
487 put_le16(p + 88, 0x3f | (1 << 13)); /* udma5 set and supported */
488 put_le16(p + 93, 1 | (1 << 14) | 0x2000);
489 put_le16(p + 100, s->nb_sectors);
490 put_le16(p + 101, s->nb_sectors >> 16);
491 put_le16(p + 102, s->nb_sectors >> 32);
492 put_le16(p + 103, s->nb_sectors >> 48);
494 memcpy(s->identify_data, p, sizeof(s->identify_data));
498 static void ide_atapi_identify(IDEState *s)
503 if (s->identify_set) {
504 memcpy(s->io_buffer, s->identify_data, sizeof(s->identify_data));
508 memset(s->io_buffer, 0, 512);
509 p = (uint16_t *)s->io_buffer;
510 /* Removable CDROM, 50us response, 12 byte packets */
511 put_le16(p + 0, (2 << 14) | (5 << 8) | (1 << 7) | (2 << 5) | (0 << 0));
512 snprintf(buf, sizeof(buf), "QM%05d", s->drive_serial);
513 padstr((uint8_t *)(p + 10), buf, 20); /* serial number */
514 put_le16(p + 20, 3); /* buffer type */
515 put_le16(p + 21, 512); /* cache size in sectors */
516 put_le16(p + 22, 4); /* ecc bytes */
517 padstr((uint8_t *)(p + 23), QEMU_VERSION, 8); /* firmware version */
518 padstr((uint8_t *)(p + 27), "QEMU CD-ROM", 40); /* model */
519 put_le16(p + 48, 1); /* dword I/O (XXX: should not be set on CDROM) */
521 put_le16(p + 49, 1 << 9 | 1 << 8); /* DMA and LBA supported */
522 put_le16(p + 53, 7); /* words 64-70, 54-58, 88 valid */
523 put_le16(p + 63, 7); /* mdma0-2 supported */
524 put_le16(p + 64, 0x3f); /* PIO modes supported */
526 put_le16(p + 49, 1 << 9); /* LBA supported, no DMA */
527 put_le16(p + 53, 3); /* words 64-70, 54-58 valid */
528 put_le16(p + 63, 0x103); /* DMA modes XXX: may be incorrect */
529 put_le16(p + 64, 1); /* PIO modes */
531 put_le16(p + 65, 0xb4); /* minimum DMA multiword tx cycle time */
532 put_le16(p + 66, 0xb4); /* recommended DMA multiword tx cycle time */
533 put_le16(p + 67, 0x12c); /* minimum PIO cycle time without flow control */
534 put_le16(p + 68, 0xb4); /* minimum PIO cycle time with IORDY flow control */
536 put_le16(p + 71, 30); /* in ns */
537 put_le16(p + 72, 30); /* in ns */
539 put_le16(p + 80, 0x1e); /* support up to ATA/ATAPI-4 */
541 put_le16(p + 88, 0x3f | (1 << 13)); /* udma5 set and supported */
543 memcpy(s->identify_data, p, sizeof(s->identify_data));
547 static void ide_set_signature(IDEState *s)
549 s->select &= 0xf0; /* clear head */
565 static inline void ide_abort_command(IDEState *s)
567 s->status = READY_STAT | ERR_STAT;
571 static inline void ide_set_irq(IDEState *s)
573 BMDMAState *bm = s->bmdma;
574 if (!(s->cmd & IDE_CMD_DISABLE_IRQ)) {
576 bm->status |= BM_STATUS_INT;
578 s->set_irq(s->irq_opaque, s->irq, 1);
582 /* prepare data transfer and tell what to do after */
583 static void ide_transfer_start(IDEState *s, uint8_t *buf, int size,
584 EndTransferFunc *end_transfer_func)
586 s->end_transfer_func = end_transfer_func;
588 s->data_end = buf + size;
589 s->status |= DRQ_STAT;
592 static void ide_transfer_stop(IDEState *s)
594 s->end_transfer_func = ide_transfer_stop;
595 s->data_ptr = s->io_buffer;
596 s->data_end = s->io_buffer;
597 s->status &= ~DRQ_STAT;
600 static int64_t ide_get_sector(IDEState *s)
603 if (s->select & 0x40) {
606 sector_num = ((s->select & 0x0f) << 24) | (s->hcyl << 16) |
607 (s->lcyl << 8) | s->sector;
609 sector_num = ((int64_t)s->hob_hcyl << 40) |
610 ((int64_t) s->hob_lcyl << 32) |
611 ((int64_t) s->hob_sector << 24) |
612 ((int64_t) s->hcyl << 16) |
613 ((int64_t) s->lcyl << 8) | s->sector;
616 sector_num = ((s->hcyl << 8) | s->lcyl) * s->heads * s->sectors +
617 (s->select & 0x0f) * s->sectors + (s->sector - 1);
622 static void ide_set_sector(IDEState *s, int64_t sector_num)
625 if (s->select & 0x40) {
627 s->select = (s->select & 0xf0) | (sector_num >> 24);
628 s->hcyl = (sector_num >> 16);
629 s->lcyl = (sector_num >> 8);
630 s->sector = (sector_num);
632 s->sector = sector_num;
633 s->lcyl = sector_num >> 8;
634 s->hcyl = sector_num >> 16;
635 s->hob_sector = sector_num >> 24;
636 s->hob_lcyl = sector_num >> 32;
637 s->hob_hcyl = sector_num >> 40;
640 cyl = sector_num / (s->heads * s->sectors);
641 r = sector_num % (s->heads * s->sectors);
644 s->select = (s->select & 0xf0) | ((r / s->sectors) & 0x0f);
645 s->sector = (r % s->sectors) + 1;
649 static void ide_sector_read(IDEState *s)
654 s->status = READY_STAT | SEEK_STAT;
655 s->error = 0; /* not needed by IDE spec, but needed by Windows */
656 sector_num = ide_get_sector(s);
659 /* no more sector to read from disk */
660 ide_transfer_stop(s);
662 #if defined(DEBUG_IDE)
663 printf("read sector=%Ld\n", sector_num);
665 if (n > s->req_nb_sectors)
666 n = s->req_nb_sectors;
667 ret = bdrv_read(s->bs, sector_num, s->io_buffer, n);
668 ide_transfer_start(s, s->io_buffer, 512 * n, ide_sector_read);
670 ide_set_sector(s, sector_num + n);
675 /* return 0 if buffer completed */
676 static int dma_buf_rw(BMDMAState *bm, int is_write)
678 IDEState *s = bm->ide_if;
686 l = s->io_buffer_size - s->io_buffer_index;
689 if (bm->cur_prd_len == 0) {
690 /* end of table (with a fail safe of one page) */
691 if (bm->cur_prd_last ||
692 (bm->cur_addr - bm->addr) >= 4096)
694 cpu_physical_memory_read(bm->cur_addr, (uint8_t *)&prd, 8);
696 prd.addr = le32_to_cpu(prd.addr);
697 prd.size = le32_to_cpu(prd.size);
698 len = prd.size & 0xfffe;
701 bm->cur_prd_len = len;
702 bm->cur_prd_addr = prd.addr;
703 bm->cur_prd_last = (prd.size & 0x80000000);
705 if (l > bm->cur_prd_len)
709 cpu_physical_memory_write(bm->cur_prd_addr,
710 s->io_buffer + s->io_buffer_index, l);
712 cpu_physical_memory_read(bm->cur_prd_addr,
713 s->io_buffer + s->io_buffer_index, l);
715 bm->cur_prd_addr += l;
716 bm->cur_prd_len -= l;
717 s->io_buffer_index += l;
723 /* XXX: handle errors */
724 static void ide_read_dma_cb(void *opaque, int ret)
726 BMDMAState *bm = opaque;
727 IDEState *s = bm->ide_if;
731 n = s->io_buffer_size >> 9;
732 sector_num = ide_get_sector(s);
735 ide_set_sector(s, sector_num);
737 if (dma_buf_rw(bm, 1) == 0)
741 /* end of transfer ? */
742 if (s->nsector == 0) {
743 s->status = READY_STAT | SEEK_STAT;
746 bm->status &= ~BM_STATUS_DMAING;
747 bm->status |= BM_STATUS_INT;
754 /* launch next transfer */
756 if (n > MAX_MULT_SECTORS)
757 n = MAX_MULT_SECTORS;
758 s->io_buffer_index = 0;
759 s->io_buffer_size = n * 512;
761 printf("aio_read: sector_num=%lld n=%d\n", sector_num, n);
763 bm->aiocb = bdrv_aio_read(s->bs, sector_num, s->io_buffer, n,
764 ide_read_dma_cb, bm);
767 static void ide_sector_read_dma(IDEState *s)
769 s->status = READY_STAT | SEEK_STAT | DRQ_STAT | BUSY_STAT;
770 s->io_buffer_index = 0;
771 s->io_buffer_size = 0;
772 ide_dma_start(s, ide_read_dma_cb);
775 static void ide_sector_write_timer_cb(void *opaque)
777 IDEState *s = opaque;
781 static void ide_sector_write(IDEState *s)
786 s->status = READY_STAT | SEEK_STAT;
787 sector_num = ide_get_sector(s);
788 #if defined(DEBUG_IDE)
789 printf("write sector=%Ld\n", sector_num);
792 if (n > s->req_nb_sectors)
793 n = s->req_nb_sectors;
794 ret = bdrv_write(s->bs, sector_num, s->io_buffer, n);
796 if (s->nsector == 0) {
797 /* no more sector to write */
798 ide_transfer_stop(s);
801 if (n1 > s->req_nb_sectors)
802 n1 = s->req_nb_sectors;
803 ide_transfer_start(s, s->io_buffer, 512 * n1, ide_sector_write);
805 ide_set_sector(s, sector_num + n);
808 if (win2k_install_hack && ((++s->irq_count % 16) == 0)) {
809 /* It seems there is a bug in the Windows 2000 installer HDD
810 IDE driver which fills the disk with empty logs when the
811 IDE write IRQ comes too early. This hack tries to correct
812 that at the expense of slower write performances. Use this
813 option _only_ to install Windows 2000. You must disable it
815 qemu_mod_timer(s->sector_write_timer,
816 qemu_get_clock(vm_clock) + (ticks_per_sec / 1000));
824 /* XXX: handle errors */
825 static void ide_write_dma_cb(void *opaque, int ret)
827 BMDMAState *bm = opaque;
828 IDEState *s = bm->ide_if;
832 n = s->io_buffer_size >> 9;
833 sector_num = ide_get_sector(s);
836 ide_set_sector(s, sector_num);
840 /* end of transfer ? */
841 if (s->nsector == 0) {
842 s->status = READY_STAT | SEEK_STAT;
845 bm->status &= ~BM_STATUS_DMAING;
846 bm->status |= BM_STATUS_INT;
853 /* launch next transfer */
855 if (n > MAX_MULT_SECTORS)
856 n = MAX_MULT_SECTORS;
857 s->io_buffer_index = 0;
858 s->io_buffer_size = n * 512;
860 if (dma_buf_rw(bm, 0) == 0)
863 printf("aio_write: sector_num=%lld n=%d\n", sector_num, n);
865 bm->aiocb = bdrv_aio_write(s->bs, sector_num, s->io_buffer, n,
866 ide_write_dma_cb, bm);
869 static void ide_sector_write_dma(IDEState *s)
871 s->status = READY_STAT | SEEK_STAT | DRQ_STAT | BUSY_STAT;
872 s->io_buffer_index = 0;
873 s->io_buffer_size = 0;
874 ide_dma_start(s, ide_write_dma_cb);
877 static void ide_atapi_cmd_ok(IDEState *s)
880 s->status = READY_STAT;
881 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
885 static void ide_atapi_cmd_error(IDEState *s, int sense_key, int asc)
887 #ifdef DEBUG_IDE_ATAPI
888 printf("atapi_cmd_error: sense=0x%x asc=0x%x\n", sense_key, asc);
890 s->error = sense_key << 4;
891 s->status = READY_STAT | ERR_STAT;
892 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
893 s->sense_key = sense_key;
898 static inline void cpu_to_ube16(uint8_t *buf, int val)
904 static inline void cpu_to_ube32(uint8_t *buf, unsigned int val)
912 static inline int ube16_to_cpu(const uint8_t *buf)
914 return (buf[0] << 8) | buf[1];
917 static inline int ube32_to_cpu(const uint8_t *buf)
919 return (buf[0] << 24) | (buf[1] << 16) | (buf[2] << 8) | buf[3];
922 static void lba_to_msf(uint8_t *buf, int lba)
925 buf[0] = (lba / 75) / 60;
926 buf[1] = (lba / 75) % 60;
930 static void cd_data_to_raw(uint8_t *buf, int lba)
934 memset(buf + 1, 0xff, 10);
938 lba_to_msf(buf, lba);
939 buf[3] = 0x01; /* mode 1 data */
943 /* XXX: ECC not computed */
947 static int cd_read_sector(BlockDriverState *bs, int lba, uint8_t *buf,
952 switch(sector_size) {
954 ret = bdrv_read(bs, (int64_t)lba << 2, buf, 4);
957 ret = bdrv_read(bs, (int64_t)lba << 2, buf + 16, 4);
960 cd_data_to_raw(buf, lba);
969 static void ide_atapi_io_error(IDEState *s, int ret)
971 /* XXX: handle more errors */
972 if (ret == -ENOMEDIUM) {
973 ide_atapi_cmd_error(s, SENSE_NOT_READY,
974 ASC_MEDIUM_NOT_PRESENT);
976 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
977 ASC_LOGICAL_BLOCK_OOR);
981 /* The whole ATAPI transfer logic is handled in this function */
982 static void ide_atapi_cmd_reply_end(IDEState *s)
984 int byte_count_limit, size, ret;
985 #ifdef DEBUG_IDE_ATAPI
986 printf("reply: tx_size=%d elem_tx_size=%d index=%d\n",
987 s->packet_transfer_size,
988 s->elementary_transfer_size,
991 if (s->packet_transfer_size <= 0) {
992 /* end of transfer */
993 ide_transfer_stop(s);
994 s->status = READY_STAT;
995 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
997 #ifdef DEBUG_IDE_ATAPI
998 printf("status=0x%x\n", s->status);
1001 /* see if a new sector must be read */
1002 if (s->lba != -1 && s->io_buffer_index >= s->cd_sector_size) {
1003 ret = cd_read_sector(s->bs, s->lba, s->io_buffer, s->cd_sector_size);
1005 ide_transfer_stop(s);
1006 ide_atapi_io_error(s, ret);
1010 s->io_buffer_index = 0;
1012 if (s->elementary_transfer_size > 0) {
1013 /* there are some data left to transmit in this elementary
1015 size = s->cd_sector_size - s->io_buffer_index;
1016 if (size > s->elementary_transfer_size)
1017 size = s->elementary_transfer_size;
1018 ide_transfer_start(s, s->io_buffer + s->io_buffer_index,
1019 size, ide_atapi_cmd_reply_end);
1020 s->packet_transfer_size -= size;
1021 s->elementary_transfer_size -= size;
1022 s->io_buffer_index += size;
1024 /* a new transfer is needed */
1025 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO;
1026 byte_count_limit = s->lcyl | (s->hcyl << 8);
1027 #ifdef DEBUG_IDE_ATAPI
1028 printf("byte_count_limit=%d\n", byte_count_limit);
1030 if (byte_count_limit == 0xffff)
1032 size = s->packet_transfer_size;
1033 if (size > byte_count_limit) {
1034 /* byte count limit must be even if this case */
1035 if (byte_count_limit & 1)
1037 size = byte_count_limit;
1040 s->hcyl = size >> 8;
1041 s->elementary_transfer_size = size;
1042 /* we cannot transmit more than one sector at a time */
1044 if (size > (s->cd_sector_size - s->io_buffer_index))
1045 size = (s->cd_sector_size - s->io_buffer_index);
1047 ide_transfer_start(s, s->io_buffer + s->io_buffer_index,
1048 size, ide_atapi_cmd_reply_end);
1049 s->packet_transfer_size -= size;
1050 s->elementary_transfer_size -= size;
1051 s->io_buffer_index += size;
1053 #ifdef DEBUG_IDE_ATAPI
1054 printf("status=0x%x\n", s->status);
1060 /* send a reply of 'size' bytes in s->io_buffer to an ATAPI command */
1061 static void ide_atapi_cmd_reply(IDEState *s, int size, int max_size)
1063 if (size > max_size)
1065 s->lba = -1; /* no sector read */
1066 s->packet_transfer_size = size;
1067 s->io_buffer_size = size; /* dma: send the reply data as one chunk */
1068 s->elementary_transfer_size = 0;
1069 s->io_buffer_index = 0;
1072 s->status = READY_STAT | DRQ_STAT;
1073 ide_dma_start(s, ide_atapi_cmd_read_dma_cb);
1075 s->status = READY_STAT;
1076 ide_atapi_cmd_reply_end(s);
1080 /* start a CD-CDROM read command */
1081 static void ide_atapi_cmd_read_pio(IDEState *s, int lba, int nb_sectors,
1085 s->packet_transfer_size = nb_sectors * sector_size;
1086 s->elementary_transfer_size = 0;
1087 s->io_buffer_index = sector_size;
1088 s->cd_sector_size = sector_size;
1090 s->status = READY_STAT;
1091 ide_atapi_cmd_reply_end(s);
1094 /* ATAPI DMA support */
1096 /* XXX: handle read errors */
1097 static void ide_atapi_cmd_read_dma_cb(void *opaque, int ret)
1099 BMDMAState *bm = opaque;
1100 IDEState *s = bm->ide_if;
1104 ide_atapi_io_error(s, ret);
1108 if (s->io_buffer_size > 0) {
1110 * For a cdrom read sector command (s->lba != -1),
1111 * adjust the lba for the next s->io_buffer_size chunk
1112 * and dma the current chunk.
1113 * For a command != read (s->lba == -1), just transfer
1117 if (s->cd_sector_size == 2352) {
1119 cd_data_to_raw(s->io_buffer, s->lba);
1121 n = s->io_buffer_size >> 11;
1125 s->packet_transfer_size -= s->io_buffer_size;
1126 if (dma_buf_rw(bm, 1) == 0)
1130 if (s->packet_transfer_size <= 0) {
1131 s->status = READY_STAT;
1132 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
1135 bm->status &= ~BM_STATUS_DMAING;
1136 bm->status |= BM_STATUS_INT;
1143 s->io_buffer_index = 0;
1144 if (s->cd_sector_size == 2352) {
1146 s->io_buffer_size = s->cd_sector_size;
1149 n = s->packet_transfer_size >> 11;
1150 if (n > (MAX_MULT_SECTORS / 4))
1151 n = (MAX_MULT_SECTORS / 4);
1152 s->io_buffer_size = n * 2048;
1156 printf("aio_read_cd: lba=%u n=%d\n", s->lba, n);
1158 bm->aiocb = bdrv_aio_read(s->bs, (int64_t)s->lba << 2,
1159 s->io_buffer + data_offset, n * 4,
1160 ide_atapi_cmd_read_dma_cb, bm);
1162 /* Note: media not present is the most likely case */
1163 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1164 ASC_MEDIUM_NOT_PRESENT);
1169 /* start a CD-CDROM read command with DMA */
1170 /* XXX: test if DMA is available */
1171 static void ide_atapi_cmd_read_dma(IDEState *s, int lba, int nb_sectors,
1175 s->packet_transfer_size = nb_sectors * sector_size;
1176 s->io_buffer_index = 0;
1177 s->io_buffer_size = 0;
1178 s->cd_sector_size = sector_size;
1180 /* XXX: check if BUSY_STAT should be set */
1181 s->status = READY_STAT | DRQ_STAT | BUSY_STAT;
1182 ide_dma_start(s, ide_atapi_cmd_read_dma_cb);
1185 static void ide_atapi_cmd_read(IDEState *s, int lba, int nb_sectors,
1188 #ifdef DEBUG_IDE_ATAPI
1189 printf("read %s: LBA=%d nb_sectors=%d\n", s->atapi_dma ? "dma" : "pio",
1193 ide_atapi_cmd_read_dma(s, lba, nb_sectors, sector_size);
1195 ide_atapi_cmd_read_pio(s, lba, nb_sectors, sector_size);
1199 static void ide_atapi_cmd(IDEState *s)
1201 const uint8_t *packet;
1205 packet = s->io_buffer;
1207 #ifdef DEBUG_IDE_ATAPI
1210 printf("ATAPI limit=0x%x packet:", s->lcyl | (s->hcyl << 8));
1211 for(i = 0; i < ATAPI_PACKET_SIZE; i++) {
1212 printf(" %02x", packet[i]);
1217 switch(s->io_buffer[0]) {
1218 case GPCMD_TEST_UNIT_READY:
1219 if (bdrv_is_inserted(s->bs)) {
1220 ide_atapi_cmd_ok(s);
1222 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1223 ASC_MEDIUM_NOT_PRESENT);
1226 case GPCMD_MODE_SENSE_10:
1229 max_len = ube16_to_cpu(packet + 7);
1230 action = packet[2] >> 6;
1231 code = packet[2] & 0x3f;
1233 case 0: /* current values */
1235 case 0x01: /* error recovery */
1236 cpu_to_ube16(&buf[0], 16 + 6);
1252 ide_atapi_cmd_reply(s, 16, max_len);
1255 cpu_to_ube16(&buf[0], 28 + 6);
1270 buf[14] = (1 << 0) | (1 << 3) | (1 << 5);
1271 if (bdrv_is_locked(s->bs))
1274 cpu_to_ube16(&buf[16], 706);
1277 cpu_to_ube16(&buf[20], 512);
1278 cpu_to_ube16(&buf[22], 706);
1283 ide_atapi_cmd_reply(s, 28, max_len);
1289 case 1: /* changeable values */
1291 case 2: /* default values */
1294 case 3: /* saved values */
1295 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1296 ASC_SAVING_PARAMETERS_NOT_SUPPORTED);
1301 case GPCMD_REQUEST_SENSE:
1302 max_len = packet[4];
1304 buf[0] = 0x70 | (1 << 7);
1305 buf[2] = s->sense_key;
1308 ide_atapi_cmd_reply(s, 18, max_len);
1310 case GPCMD_PREVENT_ALLOW_MEDIUM_REMOVAL:
1311 if (bdrv_is_inserted(s->bs)) {
1312 bdrv_set_locked(s->bs, packet[4] & 1);
1313 ide_atapi_cmd_ok(s);
1315 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1316 ASC_MEDIUM_NOT_PRESENT);
1322 int nb_sectors, lba;
1324 if (packet[0] == GPCMD_READ_10)
1325 nb_sectors = ube16_to_cpu(packet + 7);
1327 nb_sectors = ube32_to_cpu(packet + 6);
1328 lba = ube32_to_cpu(packet + 2);
1329 if (nb_sectors == 0) {
1330 ide_atapi_cmd_ok(s);
1333 ide_atapi_cmd_read(s, lba, nb_sectors, 2048);
1338 int nb_sectors, lba, transfer_request;
1340 nb_sectors = (packet[6] << 16) | (packet[7] << 8) | packet[8];
1341 lba = ube32_to_cpu(packet + 2);
1342 if (nb_sectors == 0) {
1343 ide_atapi_cmd_ok(s);
1346 transfer_request = packet[9];
1347 switch(transfer_request & 0xf8) {
1350 ide_atapi_cmd_ok(s);
1354 ide_atapi_cmd_read(s, lba, nb_sectors, 2048);
1358 ide_atapi_cmd_read(s, lba, nb_sectors, 2352);
1361 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1362 ASC_INV_FIELD_IN_CMD_PACKET);
1370 int64_t total_sectors;
1372 bdrv_get_geometry(s->bs, &total_sectors);
1373 total_sectors >>= 2;
1374 if (total_sectors <= 0) {
1375 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1376 ASC_MEDIUM_NOT_PRESENT);
1379 lba = ube32_to_cpu(packet + 2);
1380 if (lba >= total_sectors) {
1381 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1382 ASC_LOGICAL_BLOCK_OOR);
1385 ide_atapi_cmd_ok(s);
1388 case GPCMD_START_STOP_UNIT:
1391 start = packet[4] & 1;
1392 eject = (packet[4] >> 1) & 1;
1394 if (eject && !start) {
1395 /* eject the disk */
1396 bdrv_eject(s->bs, 1);
1397 } else if (eject && start) {
1398 /* close the tray */
1399 bdrv_eject(s->bs, 0);
1401 ide_atapi_cmd_ok(s);
1404 case GPCMD_MECHANISM_STATUS:
1406 max_len = ube16_to_cpu(packet + 8);
1407 cpu_to_ube16(buf, 0);
1408 /* no current LBA */
1413 cpu_to_ube16(buf + 6, 0);
1414 ide_atapi_cmd_reply(s, 8, max_len);
1417 case GPCMD_READ_TOC_PMA_ATIP:
1419 int format, msf, start_track, len;
1420 int64_t total_sectors;
1422 bdrv_get_geometry(s->bs, &total_sectors);
1423 total_sectors >>= 2;
1424 if (total_sectors <= 0) {
1425 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1426 ASC_MEDIUM_NOT_PRESENT);
1429 max_len = ube16_to_cpu(packet + 7);
1430 format = packet[9] >> 6;
1431 msf = (packet[1] >> 1) & 1;
1432 start_track = packet[6];
1435 len = cdrom_read_toc(total_sectors, buf, msf, start_track);
1438 ide_atapi_cmd_reply(s, len, max_len);
1441 /* multi session : only a single session defined */
1446 ide_atapi_cmd_reply(s, 12, max_len);
1449 len = cdrom_read_toc_raw(total_sectors, buf, msf, start_track);
1452 ide_atapi_cmd_reply(s, len, max_len);
1456 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1457 ASC_INV_FIELD_IN_CMD_PACKET);
1462 case GPCMD_READ_CDVD_CAPACITY:
1464 int64_t total_sectors;
1466 bdrv_get_geometry(s->bs, &total_sectors);
1467 total_sectors >>= 2;
1468 if (total_sectors <= 0) {
1469 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1470 ASC_MEDIUM_NOT_PRESENT);
1473 /* NOTE: it is really the number of sectors minus 1 */
1474 cpu_to_ube32(buf, total_sectors - 1);
1475 cpu_to_ube32(buf + 4, 2048);
1476 ide_atapi_cmd_reply(s, 8, 8);
1480 max_len = packet[4];
1481 buf[0] = 0x05; /* CD-ROM */
1482 buf[1] = 0x80; /* removable */
1483 buf[2] = 0x00; /* ISO */
1484 buf[3] = 0x21; /* ATAPI-2 (XXX: put ATAPI-4 ?) */
1485 buf[4] = 31; /* additionnal length */
1486 buf[5] = 0; /* reserved */
1487 buf[6] = 0; /* reserved */
1488 buf[7] = 0; /* reserved */
1489 padstr8(buf + 8, 8, "QEMU");
1490 padstr8(buf + 16, 16, "QEMU CD-ROM");
1491 padstr8(buf + 32, 4, QEMU_VERSION);
1492 ide_atapi_cmd_reply(s, 36, max_len);
1495 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1496 ASC_ILLEGAL_OPCODE);
1501 /* called when the inserted state of the media has changed */
1502 static void cdrom_change_cb(void *opaque)
1504 IDEState *s = opaque;
1507 /* XXX: send interrupt too */
1508 bdrv_get_geometry(s->bs, &nb_sectors);
1509 s->nb_sectors = nb_sectors;
1512 static void ide_cmd_lba48_transform(IDEState *s, int lba48)
1516 /* handle the 'magic' 0 nsector count conversion here. to avoid
1517 * fiddling with the rest of the read logic, we just store the
1518 * full sector count in ->nsector and ignore ->hob_nsector from now
1524 if (!s->nsector && !s->hob_nsector)
1527 int lo = s->nsector;
1528 int hi = s->hob_nsector;
1530 s->nsector = (hi << 8) | lo;
1535 static void ide_clear_hob(IDEState *ide_if)
1537 /* any write clears HOB high bit of device control register */
1538 ide_if[0].select &= ~(1 << 7);
1539 ide_if[1].select &= ~(1 << 7);
1542 static void ide_ioport_write(void *opaque, uint32_t addr, uint32_t val)
1544 IDEState *ide_if = opaque;
1550 printf("IDE: write addr=0x%x val=0x%02x\n", addr, val);
1558 ide_clear_hob(ide_if);
1559 /* NOTE: data is written to the two drives */
1560 ide_if[0].hob_feature = ide_if[0].feature;
1561 ide_if[1].hob_feature = ide_if[1].feature;
1562 ide_if[0].feature = val;
1563 ide_if[1].feature = val;
1566 ide_clear_hob(ide_if);
1567 ide_if[0].hob_nsector = ide_if[0].nsector;
1568 ide_if[1].hob_nsector = ide_if[1].nsector;
1569 ide_if[0].nsector = val;
1570 ide_if[1].nsector = val;
1573 ide_clear_hob(ide_if);
1574 ide_if[0].hob_sector = ide_if[0].sector;
1575 ide_if[1].hob_sector = ide_if[1].sector;
1576 ide_if[0].sector = val;
1577 ide_if[1].sector = val;
1580 ide_clear_hob(ide_if);
1581 ide_if[0].hob_lcyl = ide_if[0].lcyl;
1582 ide_if[1].hob_lcyl = ide_if[1].lcyl;
1583 ide_if[0].lcyl = val;
1584 ide_if[1].lcyl = val;
1587 ide_clear_hob(ide_if);
1588 ide_if[0].hob_hcyl = ide_if[0].hcyl;
1589 ide_if[1].hob_hcyl = ide_if[1].hcyl;
1590 ide_if[0].hcyl = val;
1591 ide_if[1].hcyl = val;
1594 /* FIXME: HOB readback uses bit 7 */
1595 ide_if[0].select = (val & ~0x10) | 0xa0;
1596 ide_if[1].select = (val | 0x10) | 0xa0;
1598 unit = (val >> 4) & 1;
1600 ide_if->cur_drive = s;
1605 #if defined(DEBUG_IDE)
1606 printf("ide: CMD=%02x\n", val);
1608 s = ide_if->cur_drive;
1609 /* ignore commands to non existant slave */
1610 if (s != ide_if && !s->bs)
1615 if (s->bs && !s->is_cdrom) {
1617 s->status = READY_STAT | SEEK_STAT;
1618 ide_transfer_start(s, s->io_buffer, 512, ide_transfer_stop);
1621 ide_set_signature(s);
1623 ide_abort_command(s);
1630 s->status = READY_STAT | SEEK_STAT;
1634 if (s->nsector > MAX_MULT_SECTORS ||
1636 (s->nsector & (s->nsector - 1)) != 0) {
1637 ide_abort_command(s);
1639 s->mult_sectors = s->nsector;
1640 s->status = READY_STAT;
1644 case WIN_VERIFY_EXT:
1647 case WIN_VERIFY_ONCE:
1648 /* do sector number check ? */
1649 ide_cmd_lba48_transform(s, lba48);
1650 s->status = READY_STAT;
1659 ide_cmd_lba48_transform(s, lba48);
1660 s->req_nb_sectors = 1;
1666 case WIN_WRITE_ONCE:
1667 ide_cmd_lba48_transform(s, lba48);
1669 s->status = SEEK_STAT | READY_STAT;
1670 s->req_nb_sectors = 1;
1671 ide_transfer_start(s, s->io_buffer, 512, ide_sector_write);
1673 case WIN_MULTREAD_EXT:
1676 if (!s->mult_sectors)
1678 ide_cmd_lba48_transform(s, lba48);
1679 s->req_nb_sectors = s->mult_sectors;
1682 case WIN_MULTWRITE_EXT:
1685 if (!s->mult_sectors)
1687 ide_cmd_lba48_transform(s, lba48);
1689 s->status = SEEK_STAT | READY_STAT;
1690 s->req_nb_sectors = s->mult_sectors;
1692 if (n > s->req_nb_sectors)
1693 n = s->req_nb_sectors;
1694 ide_transfer_start(s, s->io_buffer, 512 * n, ide_sector_write);
1696 case WIN_READDMA_EXT:
1699 case WIN_READDMA_ONCE:
1702 ide_cmd_lba48_transform(s, lba48);
1703 ide_sector_read_dma(s);
1705 case WIN_WRITEDMA_EXT:
1708 case WIN_WRITEDMA_ONCE:
1711 ide_cmd_lba48_transform(s, lba48);
1712 ide_sector_write_dma(s);
1714 case WIN_READ_NATIVE_MAX_EXT:
1716 case WIN_READ_NATIVE_MAX:
1717 ide_cmd_lba48_transform(s, lba48);
1718 ide_set_sector(s, s->nb_sectors - 1);
1719 s->status = READY_STAT;
1722 case WIN_CHECKPOWERMODE1:
1723 s->nsector = 0xff; /* device active or idle */
1724 s->status = READY_STAT;
1727 case WIN_SETFEATURES:
1730 /* XXX: valid for CDROM ? */
1731 switch(s->feature) {
1732 case 0x02: /* write cache enable */
1733 case 0x82: /* write cache disable */
1734 case 0xaa: /* read look-ahead enable */
1735 case 0x55: /* read look-ahead disable */
1736 s->status = READY_STAT | SEEK_STAT;
1739 case 0x03: { /* set transfer mode */
1740 uint8_t val = s->nsector & 0x07;
1742 switch (s->nsector >> 3) {
1743 case 0x00: /* pio default */
1744 case 0x01: /* pio mode */
1745 put_le16(s->identify_data + 63,0x07);
1746 put_le16(s->identify_data + 88,0x3f);
1748 case 0x04: /* mdma mode */
1749 put_le16(s->identify_data + 63,0x07 | (1 << (val + 8)));
1750 put_le16(s->identify_data + 88,0x3f);
1752 case 0x08: /* udma mode */
1753 put_le16(s->identify_data + 63,0x07);
1754 put_le16(s->identify_data + 88,0x3f | (1 << (val + 8)));
1759 s->status = READY_STAT | SEEK_STAT;
1767 case WIN_FLUSH_CACHE:
1768 case WIN_FLUSH_CACHE_EXT:
1771 s->status = READY_STAT;
1774 case WIN_STANDBYNOW1:
1775 case WIN_IDLEIMMEDIATE:
1776 s->status = READY_STAT;
1779 /* ATAPI commands */
1782 ide_atapi_identify(s);
1783 s->status = READY_STAT | SEEK_STAT;
1784 ide_transfer_start(s, s->io_buffer, 512, ide_transfer_stop);
1786 ide_abort_command(s);
1791 ide_set_signature(s);
1792 s->status = 0x00; /* NOTE: READY is _not_ set */
1798 ide_set_signature(s);
1799 s->status = 0x00; /* NOTE: READY is _not_ set */
1805 /* overlapping commands not supported */
1806 if (s->feature & 0x02)
1808 s->atapi_dma = s->feature & 1;
1810 ide_transfer_start(s, s->io_buffer, ATAPI_PACKET_SIZE,
1815 ide_abort_command(s);
1822 static uint32_t ide_ioport_read(void *opaque, uint32_t addr1)
1824 IDEState *ide_if = opaque;
1825 IDEState *s = ide_if->cur_drive;
1830 /* FIXME: HOB readback uses bit 7, but it's always set right now */
1831 //hob = s->select & (1 << 7);
1838 if (!ide_if[0].bs && !ide_if[1].bs)
1843 ret = s->hob_feature;
1846 if (!ide_if[0].bs && !ide_if[1].bs)
1849 ret = s->nsector & 0xff;
1851 ret = s->hob_nsector;
1854 if (!ide_if[0].bs && !ide_if[1].bs)
1859 ret = s->hob_sector;
1862 if (!ide_if[0].bs && !ide_if[1].bs)
1870 if (!ide_if[0].bs && !ide_if[1].bs)
1878 if (!ide_if[0].bs && !ide_if[1].bs)
1885 if ((!ide_if[0].bs && !ide_if[1].bs) ||
1886 (s != ide_if && !s->bs))
1890 s->set_irq(s->irq_opaque, s->irq, 0);
1894 printf("ide: read addr=0x%x val=%02x\n", addr1, ret);
1899 static uint32_t ide_status_read(void *opaque, uint32_t addr)
1901 IDEState *ide_if = opaque;
1902 IDEState *s = ide_if->cur_drive;
1905 if ((!ide_if[0].bs && !ide_if[1].bs) ||
1906 (s != ide_if && !s->bs))
1911 printf("ide: read status addr=0x%x val=%02x\n", addr, ret);
1916 static void ide_cmd_write(void *opaque, uint32_t addr, uint32_t val)
1918 IDEState *ide_if = opaque;
1923 printf("ide: write control addr=0x%x val=%02x\n", addr, val);
1925 /* common for both drives */
1926 if (!(ide_if[0].cmd & IDE_CMD_RESET) &&
1927 (val & IDE_CMD_RESET)) {
1928 /* reset low to high */
1929 for(i = 0;i < 2; i++) {
1931 s->status = BUSY_STAT | SEEK_STAT;
1934 } else if ((ide_if[0].cmd & IDE_CMD_RESET) &&
1935 !(val & IDE_CMD_RESET)) {
1937 for(i = 0;i < 2; i++) {
1940 s->status = 0x00; /* NOTE: READY is _not_ set */
1942 s->status = READY_STAT | SEEK_STAT;
1943 ide_set_signature(s);
1947 ide_if[0].cmd = val;
1948 ide_if[1].cmd = val;
1951 static void ide_data_writew(void *opaque, uint32_t addr, uint32_t val)
1953 IDEState *s = ((IDEState *)opaque)->cur_drive;
1957 *(uint16_t *)p = le16_to_cpu(val);
1960 if (p >= s->data_end)
1961 s->end_transfer_func(s);
1964 static uint32_t ide_data_readw(void *opaque, uint32_t addr)
1966 IDEState *s = ((IDEState *)opaque)->cur_drive;
1970 ret = cpu_to_le16(*(uint16_t *)p);
1973 if (p >= s->data_end)
1974 s->end_transfer_func(s);
1978 static void ide_data_writel(void *opaque, uint32_t addr, uint32_t val)
1980 IDEState *s = ((IDEState *)opaque)->cur_drive;
1984 *(uint32_t *)p = le32_to_cpu(val);
1987 if (p >= s->data_end)
1988 s->end_transfer_func(s);
1991 static uint32_t ide_data_readl(void *opaque, uint32_t addr)
1993 IDEState *s = ((IDEState *)opaque)->cur_drive;
1998 ret = cpu_to_le32(*(uint32_t *)p);
2001 if (p >= s->data_end)
2002 s->end_transfer_func(s);
2006 static void ide_dummy_transfer_stop(IDEState *s)
2008 s->data_ptr = s->io_buffer;
2009 s->data_end = s->io_buffer;
2010 s->io_buffer[0] = 0xff;
2011 s->io_buffer[1] = 0xff;
2012 s->io_buffer[2] = 0xff;
2013 s->io_buffer[3] = 0xff;
2016 static void ide_reset(IDEState *s)
2018 s->mult_sectors = MAX_MULT_SECTORS;
2021 s->status = READY_STAT;
2022 ide_set_signature(s);
2023 /* init the transfer handler so that 0xffff is returned on data
2025 s->end_transfer_func = ide_dummy_transfer_stop;
2026 ide_dummy_transfer_stop(s);
2030 uint8_t boot_ind; /* 0x80 - active */
2031 uint8_t head; /* starting head */
2032 uint8_t sector; /* starting sector */
2033 uint8_t cyl; /* starting cylinder */
2034 uint8_t sys_ind; /* What partition type */
2035 uint8_t end_head; /* end head */
2036 uint8_t end_sector; /* end sector */
2037 uint8_t end_cyl; /* end cylinder */
2038 uint32_t start_sect; /* starting sector counting from 0 */
2039 uint32_t nr_sects; /* nr of sectors in partition */
2040 } __attribute__((packed));
2042 /* try to guess the disk logical geometry from the MSDOS partition table. Return 0 if OK, -1 if could not guess */
2043 static int guess_disk_lchs(IDEState *s,
2044 int *pcylinders, int *pheads, int *psectors)
2047 int ret, i, heads, sectors, cylinders;
2048 struct partition *p;
2051 ret = bdrv_read(s->bs, 0, buf, 1);
2054 /* test msdos magic */
2055 if (buf[510] != 0x55 || buf[511] != 0xaa)
2057 for(i = 0; i < 4; i++) {
2058 p = ((struct partition *)(buf + 0x1be)) + i;
2059 nr_sects = le32_to_cpu(p->nr_sects);
2060 if (nr_sects && p->end_head) {
2061 /* We make the assumption that the partition terminates on
2062 a cylinder boundary */
2063 heads = p->end_head + 1;
2064 sectors = p->end_sector & 63;
2067 cylinders = s->nb_sectors / (heads * sectors);
2068 if (cylinders < 1 || cylinders > 16383)
2071 *psectors = sectors;
2072 *pcylinders = cylinders;
2074 printf("guessed geometry: LCHS=%d %d %d\n",
2075 cylinders, heads, sectors);
2083 static void ide_init2(IDEState *ide_state,
2084 BlockDriverState *hd0, BlockDriverState *hd1,
2085 SetIRQFunc *set_irq, void *irq_opaque, int irq)
2088 static int drive_serial = 1;
2089 int i, cylinders, heads, secs, translation, lba_detected = 0;
2092 for(i = 0; i < 2; i++) {
2099 bdrv_get_geometry(s->bs, &nb_sectors);
2100 s->nb_sectors = nb_sectors;
2101 /* if a geometry hint is available, use it */
2102 bdrv_get_geometry_hint(s->bs, &cylinders, &heads, &secs);
2103 translation = bdrv_get_translation_hint(s->bs);
2104 if (cylinders != 0) {
2105 s->cylinders = cylinders;
2109 if (guess_disk_lchs(s, &cylinders, &heads, &secs) == 0) {
2111 /* if heads > 16, it means that a BIOS LBA
2112 translation was active, so the default
2113 hardware geometry is OK */
2115 goto default_geometry;
2117 s->cylinders = cylinders;
2120 /* disable any translation to be in sync with
2121 the logical geometry */
2122 if (translation == BIOS_ATA_TRANSLATION_AUTO) {
2123 bdrv_set_translation_hint(s->bs,
2124 BIOS_ATA_TRANSLATION_NONE);
2129 /* if no geometry, use a standard physical disk geometry */
2130 cylinders = nb_sectors / (16 * 63);
2131 if (cylinders > 16383)
2133 else if (cylinders < 2)
2135 s->cylinders = cylinders;
2138 if ((lba_detected == 1) && (translation == BIOS_ATA_TRANSLATION_AUTO)) {
2139 if ((s->cylinders * s->heads) <= 131072) {
2140 bdrv_set_translation_hint(s->bs,
2141 BIOS_ATA_TRANSLATION_LARGE);
2143 bdrv_set_translation_hint(s->bs,
2144 BIOS_ATA_TRANSLATION_LBA);
2148 bdrv_set_geometry_hint(s->bs, s->cylinders, s->heads, s->sectors);
2150 if (bdrv_get_type_hint(s->bs) == BDRV_TYPE_CDROM) {
2152 bdrv_set_change_cb(s->bs, cdrom_change_cb, s);
2155 s->drive_serial = drive_serial++;
2156 s->set_irq = set_irq;
2157 s->irq_opaque = irq_opaque;
2159 s->sector_write_timer = qemu_new_timer(vm_clock,
2160 ide_sector_write_timer_cb, s);
2165 static void ide_init_ioport(IDEState *ide_state, int iobase, int iobase2)
2167 register_ioport_write(iobase, 8, 1, ide_ioport_write, ide_state);
2168 register_ioport_read(iobase, 8, 1, ide_ioport_read, ide_state);
2170 register_ioport_read(iobase2, 1, 1, ide_status_read, ide_state);
2171 register_ioport_write(iobase2, 1, 1, ide_cmd_write, ide_state);
2175 register_ioport_write(iobase, 2, 2, ide_data_writew, ide_state);
2176 register_ioport_read(iobase, 2, 2, ide_data_readw, ide_state);
2177 register_ioport_write(iobase, 4, 4, ide_data_writel, ide_state);
2178 register_ioport_read(iobase, 4, 4, ide_data_readl, ide_state);
2181 /***********************************************************/
2182 /* ISA IDE definitions */
2184 void isa_ide_init(int iobase, int iobase2, int irq,
2185 BlockDriverState *hd0, BlockDriverState *hd1)
2187 IDEState *ide_state;
2189 ide_state = qemu_mallocz(sizeof(IDEState) * 2);
2193 ide_init2(ide_state, hd0, hd1, pic_set_irq_new, isa_pic, irq);
2194 ide_init_ioport(ide_state, iobase, iobase2);
2197 /***********************************************************/
2198 /* PCI IDE definitions */
2200 static void cmd646_update_irq(PCIIDEState *d);
2202 static void ide_map(PCIDevice *pci_dev, int region_num,
2203 uint32_t addr, uint32_t size, int type)
2205 PCIIDEState *d = (PCIIDEState *)pci_dev;
2206 IDEState *ide_state;
2208 if (region_num <= 3) {
2209 ide_state = &d->ide_if[(region_num >> 1) * 2];
2210 if (region_num & 1) {
2211 register_ioport_read(addr + 2, 1, 1, ide_status_read, ide_state);
2212 register_ioport_write(addr + 2, 1, 1, ide_cmd_write, ide_state);
2214 register_ioport_write(addr, 8, 1, ide_ioport_write, ide_state);
2215 register_ioport_read(addr, 8, 1, ide_ioport_read, ide_state);
2218 register_ioport_write(addr, 2, 2, ide_data_writew, ide_state);
2219 register_ioport_read(addr, 2, 2, ide_data_readw, ide_state);
2220 register_ioport_write(addr, 4, 4, ide_data_writel, ide_state);
2221 register_ioport_read(addr, 4, 4, ide_data_readl, ide_state);
2226 static void ide_dma_start(IDEState *s, BlockDriverCompletionFunc *dma_cb)
2228 BMDMAState *bm = s->bmdma;
2232 bm->dma_cb = dma_cb;
2233 bm->cur_prd_last = 0;
2234 bm->cur_prd_addr = 0;
2235 bm->cur_prd_len = 0;
2236 if (bm->status & BM_STATUS_DMAING) {
2241 static void bmdma_cmd_writeb(void *opaque, uint32_t addr, uint32_t val)
2243 BMDMAState *bm = opaque;
2245 printf("%s: 0x%08x\n", __func__, val);
2247 if (!(val & BM_CMD_START)) {
2248 /* XXX: do it better */
2249 if (bm->status & BM_STATUS_DMAING) {
2250 bm->status &= ~BM_STATUS_DMAING;
2251 /* cancel DMA request */
2256 printf("aio_cancel\n");
2258 bdrv_aio_cancel(bm->aiocb);
2262 bm->cmd = val & 0x09;
2264 if (!(bm->status & BM_STATUS_DMAING)) {
2265 bm->status |= BM_STATUS_DMAING;
2266 /* start dma transfer if possible */
2270 bm->cmd = val & 0x09;
2274 static uint32_t bmdma_readb(void *opaque, uint32_t addr)
2276 BMDMAState *bm = opaque;
2277 PCIIDEState *pci_dev;
2285 pci_dev = bm->pci_dev;
2286 if (pci_dev->type == IDE_TYPE_CMD646) {
2287 val = pci_dev->dev.config[MRDMODE];
2296 pci_dev = bm->pci_dev;
2297 if (pci_dev->type == IDE_TYPE_CMD646) {
2298 if (bm == &pci_dev->bmdma[0])
2299 val = pci_dev->dev.config[UDIDETCR0];
2301 val = pci_dev->dev.config[UDIDETCR1];
2311 printf("bmdma: readb 0x%02x : 0x%02x\n", addr, val);
2316 static void bmdma_writeb(void *opaque, uint32_t addr, uint32_t val)
2318 BMDMAState *bm = opaque;
2319 PCIIDEState *pci_dev;
2321 printf("bmdma: writeb 0x%02x : 0x%02x\n", addr, val);
2325 pci_dev = bm->pci_dev;
2326 if (pci_dev->type == IDE_TYPE_CMD646) {
2327 pci_dev->dev.config[MRDMODE] =
2328 (pci_dev->dev.config[MRDMODE] & ~0x30) | (val & 0x30);
2329 cmd646_update_irq(pci_dev);
2333 bm->status = (val & 0x60) | (bm->status & 1) | (bm->status & ~val & 0x06);
2336 pci_dev = bm->pci_dev;
2337 if (pci_dev->type == IDE_TYPE_CMD646) {
2338 if (bm == &pci_dev->bmdma[0])
2339 pci_dev->dev.config[UDIDETCR0] = val;
2341 pci_dev->dev.config[UDIDETCR1] = val;
2347 static uint32_t bmdma_addr_readl(void *opaque, uint32_t addr)
2349 BMDMAState *bm = opaque;
2353 printf("%s: 0x%08x\n", __func__, val);
2358 static void bmdma_addr_writel(void *opaque, uint32_t addr, uint32_t val)
2360 BMDMAState *bm = opaque;
2362 printf("%s: 0x%08x\n", __func__, val);
2364 bm->addr = val & ~3;
2365 bm->cur_addr = bm->addr;
2368 static void bmdma_map(PCIDevice *pci_dev, int region_num,
2369 uint32_t addr, uint32_t size, int type)
2371 PCIIDEState *d = (PCIIDEState *)pci_dev;
2374 for(i = 0;i < 2; i++) {
2375 BMDMAState *bm = &d->bmdma[i];
2376 d->ide_if[2 * i].bmdma = bm;
2377 d->ide_if[2 * i + 1].bmdma = bm;
2378 bm->pci_dev = (PCIIDEState *)pci_dev;
2380 register_ioport_write(addr, 1, 1, bmdma_cmd_writeb, bm);
2382 register_ioport_write(addr + 1, 3, 1, bmdma_writeb, bm);
2383 register_ioport_read(addr, 4, 1, bmdma_readb, bm);
2385 register_ioport_write(addr + 4, 4, 4, bmdma_addr_writel, bm);
2386 register_ioport_read(addr + 4, 4, 4, bmdma_addr_readl, bm);
2391 /* XXX: call it also when the MRDMODE is changed from the PCI config
2393 static void cmd646_update_irq(PCIIDEState *d)
2396 pci_level = ((d->dev.config[MRDMODE] & MRDMODE_INTR_CH0) &&
2397 !(d->dev.config[MRDMODE] & MRDMODE_BLK_CH0)) ||
2398 ((d->dev.config[MRDMODE] & MRDMODE_INTR_CH1) &&
2399 !(d->dev.config[MRDMODE] & MRDMODE_BLK_CH1));
2400 pci_set_irq((PCIDevice *)d, 0, pci_level);
2403 /* the PCI irq level is the logical OR of the two channels */
2404 static void cmd646_set_irq(void *opaque, int channel, int level)
2406 PCIIDEState *d = opaque;
2409 irq_mask = MRDMODE_INTR_CH0 << channel;
2411 d->dev.config[MRDMODE] |= irq_mask;
2413 d->dev.config[MRDMODE] &= ~irq_mask;
2414 cmd646_update_irq(d);
2417 /* CMD646 PCI IDE controller */
2418 void pci_cmd646_ide_init(PCIBus *bus, BlockDriverState **hd_table,
2419 int secondary_ide_enabled)
2425 d = (PCIIDEState *)pci_register_device(bus, "CMD646 IDE",
2426 sizeof(PCIIDEState),
2429 d->type = IDE_TYPE_CMD646;
2430 pci_conf = d->dev.config;
2431 pci_conf[0x00] = 0x95; // CMD646
2432 pci_conf[0x01] = 0x10;
2433 pci_conf[0x02] = 0x46;
2434 pci_conf[0x03] = 0x06;
2436 pci_conf[0x08] = 0x07; // IDE controller revision
2437 pci_conf[0x09] = 0x8f;
2439 pci_conf[0x0a] = 0x01; // class_sub = PCI_IDE
2440 pci_conf[0x0b] = 0x01; // class_base = PCI_mass_storage
2441 pci_conf[0x0e] = 0x00; // header_type
2443 if (secondary_ide_enabled) {
2444 /* XXX: if not enabled, really disable the seconday IDE controller */
2445 pci_conf[0x51] = 0x80; /* enable IDE1 */
2448 pci_register_io_region((PCIDevice *)d, 0, 0x8,
2449 PCI_ADDRESS_SPACE_IO, ide_map);
2450 pci_register_io_region((PCIDevice *)d, 1, 0x4,
2451 PCI_ADDRESS_SPACE_IO, ide_map);
2452 pci_register_io_region((PCIDevice *)d, 2, 0x8,
2453 PCI_ADDRESS_SPACE_IO, ide_map);
2454 pci_register_io_region((PCIDevice *)d, 3, 0x4,
2455 PCI_ADDRESS_SPACE_IO, ide_map);
2456 pci_register_io_region((PCIDevice *)d, 4, 0x10,
2457 PCI_ADDRESS_SPACE_IO, bmdma_map);
2459 pci_conf[0x3d] = 0x01; // interrupt on pin 1
2461 for(i = 0; i < 4; i++)
2462 d->ide_if[i].pci_dev = (PCIDevice *)d;
2463 ide_init2(&d->ide_if[0], hd_table[0], hd_table[1],
2464 cmd646_set_irq, d, 0);
2465 ide_init2(&d->ide_if[2], hd_table[2], hd_table[3],
2466 cmd646_set_irq, d, 1);
2469 static void pci_ide_save(QEMUFile* f, void *opaque)
2471 PCIIDEState *d = opaque;
2474 pci_device_save(&d->dev, f);
2476 for(i = 0; i < 2; i++) {
2477 BMDMAState *bm = &d->bmdma[i];
2478 qemu_put_8s(f, &bm->cmd);
2479 qemu_put_8s(f, &bm->status);
2480 qemu_put_be32s(f, &bm->addr);
2481 /* XXX: if a transfer is pending, we do not save it yet */
2484 /* per IDE interface data */
2485 for(i = 0; i < 2; i++) {
2486 IDEState *s = &d->ide_if[i * 2];
2487 uint8_t drive1_selected;
2488 qemu_put_8s(f, &s->cmd);
2489 drive1_selected = (s->cur_drive != s);
2490 qemu_put_8s(f, &drive1_selected);
2493 /* per IDE drive data */
2494 for(i = 0; i < 4; i++) {
2495 IDEState *s = &d->ide_if[i];
2496 qemu_put_be32s(f, &s->mult_sectors);
2497 qemu_put_be32s(f, &s->identify_set);
2498 if (s->identify_set) {
2499 qemu_put_buffer(f, (const uint8_t *)s->identify_data, 512);
2501 qemu_put_8s(f, &s->feature);
2502 qemu_put_8s(f, &s->error);
2503 qemu_put_be32s(f, &s->nsector);
2504 qemu_put_8s(f, &s->sector);
2505 qemu_put_8s(f, &s->lcyl);
2506 qemu_put_8s(f, &s->hcyl);
2507 qemu_put_8s(f, &s->hob_feature);
2508 qemu_put_8s(f, &s->hob_nsector);
2509 qemu_put_8s(f, &s->hob_sector);
2510 qemu_put_8s(f, &s->hob_lcyl);
2511 qemu_put_8s(f, &s->hob_hcyl);
2512 qemu_put_8s(f, &s->select);
2513 qemu_put_8s(f, &s->status);
2514 qemu_put_8s(f, &s->lba48);
2516 qemu_put_8s(f, &s->sense_key);
2517 qemu_put_8s(f, &s->asc);
2518 /* XXX: if a transfer is pending, we do not save it yet */
2522 static int pci_ide_load(QEMUFile* f, void *opaque, int version_id)
2524 PCIIDEState *d = opaque;
2527 if (version_id != 1)
2529 ret = pci_device_load(&d->dev, f);
2533 for(i = 0; i < 2; i++) {
2534 BMDMAState *bm = &d->bmdma[i];
2535 qemu_get_8s(f, &bm->cmd);
2536 qemu_get_8s(f, &bm->status);
2537 qemu_get_be32s(f, &bm->addr);
2538 /* XXX: if a transfer is pending, we do not save it yet */
2541 /* per IDE interface data */
2542 for(i = 0; i < 2; i++) {
2543 IDEState *s = &d->ide_if[i * 2];
2544 uint8_t drive1_selected;
2545 qemu_get_8s(f, &s->cmd);
2546 qemu_get_8s(f, &drive1_selected);
2547 s->cur_drive = &d->ide_if[i * 2 + (drive1_selected != 0)];
2550 /* per IDE drive data */
2551 for(i = 0; i < 4; i++) {
2552 IDEState *s = &d->ide_if[i];
2553 qemu_get_be32s(f, &s->mult_sectors);
2554 qemu_get_be32s(f, &s->identify_set);
2555 if (s->identify_set) {
2556 qemu_get_buffer(f, (uint8_t *)s->identify_data, 512);
2558 qemu_get_8s(f, &s->feature);
2559 qemu_get_8s(f, &s->error);
2560 qemu_get_be32s(f, &s->nsector);
2561 qemu_get_8s(f, &s->sector);
2562 qemu_get_8s(f, &s->lcyl);
2563 qemu_get_8s(f, &s->hcyl);
2564 qemu_get_8s(f, &s->hob_feature);
2565 qemu_get_8s(f, &s->hob_nsector);
2566 qemu_get_8s(f, &s->hob_sector);
2567 qemu_get_8s(f, &s->hob_lcyl);
2568 qemu_get_8s(f, &s->hob_hcyl);
2569 qemu_get_8s(f, &s->select);
2570 qemu_get_8s(f, &s->status);
2571 qemu_get_8s(f, &s->lba48);
2573 qemu_get_8s(f, &s->sense_key);
2574 qemu_get_8s(f, &s->asc);
2575 /* XXX: if a transfer is pending, we do not save it yet */
2580 static void piix3_reset(PCIIDEState *d)
2582 uint8_t *pci_conf = d->dev.config;
2584 pci_conf[0x04] = 0x00;
2585 pci_conf[0x05] = 0x00;
2586 pci_conf[0x06] = 0x80; /* FBC */
2587 pci_conf[0x07] = 0x02; // PCI_status_devsel_medium
2588 pci_conf[0x20] = 0x01; /* BMIBA: 20-23h */
2591 void pci_piix_ide_init(PCIBus *bus, BlockDriverState **hd_table, int devfn)
2596 /* register a function 1 of PIIX */
2597 d = (PCIIDEState *)pci_register_device(bus, "PIIX IDE",
2598 sizeof(PCIIDEState),
2601 d->type = IDE_TYPE_PIIX3;
2603 pci_conf = d->dev.config;
2604 pci_conf[0x00] = 0x86; // Intel
2605 pci_conf[0x01] = 0x80;
2606 pci_conf[0x02] = 0x30;
2607 pci_conf[0x03] = 0x12;
2608 pci_conf[0x08] = 0x02; // Step A1
2609 pci_conf[0x09] = 0x80; // legacy ATA mode
2610 pci_conf[0x0a] = 0x01; // class_sub = PCI_IDE
2611 pci_conf[0x0b] = 0x01; // class_base = PCI_mass_storage
2612 pci_conf[0x0e] = 0x00; // header_type
2616 pci_register_io_region((PCIDevice *)d, 4, 0x10,
2617 PCI_ADDRESS_SPACE_IO, bmdma_map);
2619 ide_init2(&d->ide_if[0], hd_table[0], hd_table[1],
2620 pic_set_irq_new, isa_pic, 14);
2621 ide_init2(&d->ide_if[2], hd_table[2], hd_table[3],
2622 pic_set_irq_new, isa_pic, 15);
2623 ide_init_ioport(&d->ide_if[0], 0x1f0, 0x3f6);
2624 ide_init_ioport(&d->ide_if[2], 0x170, 0x376);
2626 register_savevm("ide", 0, 1, pci_ide_save, pci_ide_load, d);
2629 /* hd_table must contain 4 block drivers */
2630 /* NOTE: for the PIIX3, the IRQs and IOports are hardcoded */
2631 void pci_piix3_ide_init(PCIBus *bus, BlockDriverState **hd_table, int devfn)
2636 /* register a function 1 of PIIX3 */
2637 d = (PCIIDEState *)pci_register_device(bus, "PIIX3 IDE",
2638 sizeof(PCIIDEState),
2641 d->type = IDE_TYPE_PIIX3;
2643 pci_conf = d->dev.config;
2644 pci_conf[0x00] = 0x86; // Intel
2645 pci_conf[0x01] = 0x80;
2646 pci_conf[0x02] = 0x10;
2647 pci_conf[0x03] = 0x70;
2648 pci_conf[0x09] = 0x80; // legacy ATA mode
2649 pci_conf[0x0a] = 0x01; // class_sub = PCI_IDE
2650 pci_conf[0x0b] = 0x01; // class_base = PCI_mass_storage
2651 pci_conf[0x0e] = 0x00; // header_type
2655 pci_register_io_region((PCIDevice *)d, 4, 0x10,
2656 PCI_ADDRESS_SPACE_IO, bmdma_map);
2658 ide_init2(&d->ide_if[0], hd_table[0], hd_table[1],
2659 pic_set_irq_new, isa_pic, 14);
2660 ide_init2(&d->ide_if[2], hd_table[2], hd_table[3],
2661 pic_set_irq_new, isa_pic, 15);
2662 ide_init_ioport(&d->ide_if[0], 0x1f0, 0x3f6);
2663 ide_init_ioport(&d->ide_if[2], 0x170, 0x376);
2665 register_savevm("ide", 0, 1, pci_ide_save, pci_ide_load, d);
2668 /***********************************************************/
2669 /* MacIO based PowerPC IDE */
2671 /* PowerMac IDE memory IO */
2672 static void pmac_ide_writeb (void *opaque,
2673 target_phys_addr_t addr, uint32_t val)
2675 addr = (addr & 0xFFF) >> 4;
2678 ide_ioport_write(opaque, addr, val);
2682 ide_cmd_write(opaque, 0, val);
2689 static uint32_t pmac_ide_readb (void *opaque,target_phys_addr_t addr)
2693 addr = (addr & 0xFFF) >> 4;
2696 retval = ide_ioport_read(opaque, addr);
2700 retval = ide_status_read(opaque, 0);
2709 static void pmac_ide_writew (void *opaque,
2710 target_phys_addr_t addr, uint32_t val)
2712 addr = (addr & 0xFFF) >> 4;
2713 #ifdef TARGET_WORDS_BIGENDIAN
2717 ide_data_writew(opaque, 0, val);
2721 static uint32_t pmac_ide_readw (void *opaque,target_phys_addr_t addr)
2725 addr = (addr & 0xFFF) >> 4;
2727 retval = ide_data_readw(opaque, 0);
2731 #ifdef TARGET_WORDS_BIGENDIAN
2732 retval = bswap16(retval);
2737 static void pmac_ide_writel (void *opaque,
2738 target_phys_addr_t addr, uint32_t val)
2740 addr = (addr & 0xFFF) >> 4;
2741 #ifdef TARGET_WORDS_BIGENDIAN
2745 ide_data_writel(opaque, 0, val);
2749 static uint32_t pmac_ide_readl (void *opaque,target_phys_addr_t addr)
2753 addr = (addr & 0xFFF) >> 4;
2755 retval = ide_data_readl(opaque, 0);
2757 retval = 0xFFFFFFFF;
2759 #ifdef TARGET_WORDS_BIGENDIAN
2760 retval = bswap32(retval);
2765 static CPUWriteMemoryFunc *pmac_ide_write[] = {
2771 static CPUReadMemoryFunc *pmac_ide_read[] = {
2777 /* hd_table must contain 4 block drivers */
2778 /* PowerMac uses memory mapped registers, not I/O. Return the memory
2779 I/O index to access the ide. */
2780 int pmac_ide_init (BlockDriverState **hd_table,
2781 SetIRQFunc *set_irq, void *irq_opaque, int irq)
2784 int pmac_ide_memory;
2786 ide_if = qemu_mallocz(sizeof(IDEState) * 2);
2787 ide_init2(&ide_if[0], hd_table[0], hd_table[1],
2788 set_irq, irq_opaque, irq);
2790 pmac_ide_memory = cpu_register_io_memory(0, pmac_ide_read,
2791 pmac_ide_write, &ide_if[0]);
2792 return pmac_ide_memory;
projects / qemu / blob