2 * QEMU IDE disk and CD/DVD-ROM Emulator
4 * Copyright (c) 2003 Fabrice Bellard
5 * Copyright (c) 2006 Openedhand Ltd.
7 * Permission is hereby granted, free of charge, to any person obtaining a copy
8 * of this software and associated documentation files (the "Software"), to deal
9 * in the Software without restriction, including without limitation the rights
10 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
11 * copies of the Software, and to permit persons to whom the Software is
12 * furnished to do so, subject to the following conditions:
14 * The above copyright notice and this permission notice shall be included in
15 * all copies or substantial portions of the Software.
17 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
18 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
19 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
20 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
21 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
22 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
28 #include "scsi-disk.h"
31 #include "block_int.h"
32 #include "qemu-timer.h"
35 #include "mac_dbdma.h"
39 /* debug IDE devices */
41 //#define DEBUG_IDE_ATAPI
45 /* Bits of HD_STATUS */
47 #define INDEX_STAT 0x02
48 #define ECC_STAT 0x04 /* Corrected error */
50 #define SEEK_STAT 0x10
52 #define WRERR_STAT 0x20
53 #define READY_STAT 0x40
54 #define BUSY_STAT 0x80
56 /* Bits for HD_ERROR */
57 #define MARK_ERR 0x01 /* Bad address mark */
58 #define TRK0_ERR 0x02 /* couldn't find track 0 */
59 #define ABRT_ERR 0x04 /* Command aborted */
60 #define MCR_ERR 0x08 /* media change request */
61 #define ID_ERR 0x10 /* ID field not found */
62 #define MC_ERR 0x20 /* media changed */
63 #define ECC_ERR 0x40 /* Uncorrectable ECC error */
64 #define BBD_ERR 0x80 /* pre-EIDE meaning: block marked bad */
65 #define ICRC_ERR 0x80 /* new meaning: CRC error during transfer */
67 /* Bits of HD_NSECTOR */
73 #define IDE_CMD_RESET 0x04
74 #define IDE_CMD_DISABLE_IRQ 0x02
76 /* ATA/ATAPI Commands pre T13 Spec */
81 #define CFA_REQ_EXT_ERROR_CODE 0x03 /* CFA Request Extended Error Code */
85 #define WIN_SRST 0x08 /* ATAPI soft reset command */
86 #define WIN_DEVICE_RESET 0x08
90 #define WIN_RECAL 0x10
91 #define WIN_RESTORE WIN_RECAL
95 #define WIN_READ 0x20 /* 28-Bit */
96 #define WIN_READ_ONCE 0x21 /* 28-Bit without retries */
97 #define WIN_READ_LONG 0x22 /* 28-Bit */
98 #define WIN_READ_LONG_ONCE 0x23 /* 28-Bit without retries */
99 #define WIN_READ_EXT 0x24 /* 48-Bit */
100 #define WIN_READDMA_EXT 0x25 /* 48-Bit */
101 #define WIN_READDMA_QUEUED_EXT 0x26 /* 48-Bit */
102 #define WIN_READ_NATIVE_MAX_EXT 0x27 /* 48-Bit */
106 #define WIN_MULTREAD_EXT 0x29 /* 48-Bit */
108 * 0x2A->0x2F Reserved
110 #define WIN_WRITE 0x30 /* 28-Bit */
111 #define WIN_WRITE_ONCE 0x31 /* 28-Bit without retries */
112 #define WIN_WRITE_LONG 0x32 /* 28-Bit */
113 #define WIN_WRITE_LONG_ONCE 0x33 /* 28-Bit without retries */
114 #define WIN_WRITE_EXT 0x34 /* 48-Bit */
115 #define WIN_WRITEDMA_EXT 0x35 /* 48-Bit */
116 #define WIN_WRITEDMA_QUEUED_EXT 0x36 /* 48-Bit */
117 #define WIN_SET_MAX_EXT 0x37 /* 48-Bit */
118 #define CFA_WRITE_SECT_WO_ERASE 0x38 /* CFA Write Sectors without erase */
119 #define WIN_MULTWRITE_EXT 0x39 /* 48-Bit */
121 * 0x3A->0x3B Reserved
123 #define WIN_WRITE_VERIFY 0x3C /* 28-Bit */
125 * 0x3D->0x3F Reserved
127 #define WIN_VERIFY 0x40 /* 28-Bit - Read Verify Sectors */
128 #define WIN_VERIFY_ONCE 0x41 /* 28-Bit - without retries */
129 #define WIN_VERIFY_EXT 0x42 /* 48-Bit */
131 * 0x43->0x4F Reserved
133 #define WIN_FORMAT 0x50
135 * 0x51->0x5F Reserved
137 #define WIN_INIT 0x60
139 * 0x61->0x5F Reserved
141 #define WIN_SEEK 0x70 /* 0x70-0x7F Reserved */
142 #define CFA_TRANSLATE_SECTOR 0x87 /* CFA Translate Sector */
143 #define WIN_DIAGNOSE 0x90
144 #define WIN_SPECIFY 0x91 /* set drive geometry translation */
145 #define WIN_DOWNLOAD_MICROCODE 0x92
146 #define WIN_STANDBYNOW2 0x94
147 #define CFA_IDLEIMMEDIATE 0x95 /* force drive to become "ready" */
148 #define WIN_STANDBY2 0x96
149 #define WIN_SETIDLE2 0x97
150 #define WIN_CHECKPOWERMODE2 0x98
151 #define WIN_SLEEPNOW2 0x99
155 #define WIN_PACKETCMD 0xA0 /* Send a packet command. */
156 #define WIN_PIDENTIFY 0xA1 /* identify ATAPI device */
157 #define WIN_QUEUED_SERVICE 0xA2
158 #define WIN_SMART 0xB0 /* self-monitoring and reporting */
159 #define CFA_ACCESS_METADATA_STORAGE 0xB8
160 #define CFA_ERASE_SECTORS 0xC0 /* microdrives implement as NOP */
161 #define WIN_MULTREAD 0xC4 /* read sectors using multiple mode*/
162 #define WIN_MULTWRITE 0xC5 /* write sectors using multiple mode */
163 #define WIN_SETMULT 0xC6 /* enable/disable multiple mode */
164 #define WIN_READDMA_QUEUED 0xC7 /* read sectors using Queued DMA transfers */
165 #define WIN_READDMA 0xC8 /* read sectors using DMA transfers */
166 #define WIN_READDMA_ONCE 0xC9 /* 28-Bit - without retries */
167 #define WIN_WRITEDMA 0xCA /* write sectors using DMA transfers */
168 #define WIN_WRITEDMA_ONCE 0xCB /* 28-Bit - without retries */
169 #define WIN_WRITEDMA_QUEUED 0xCC /* write sectors using Queued DMA transfers */
170 #define CFA_WRITE_MULTI_WO_ERASE 0xCD /* CFA Write multiple without erase */
171 #define WIN_GETMEDIASTATUS 0xDA
172 #define WIN_ACKMEDIACHANGE 0xDB /* ATA-1, ATA-2 vendor */
173 #define WIN_POSTBOOT 0xDC
174 #define WIN_PREBOOT 0xDD
175 #define WIN_DOORLOCK 0xDE /* lock door on removable drives */
176 #define WIN_DOORUNLOCK 0xDF /* unlock door on removable drives */
177 #define WIN_STANDBYNOW1 0xE0
178 #define WIN_IDLEIMMEDIATE 0xE1 /* force drive to become "ready" */
179 #define WIN_STANDBY 0xE2 /* Set device in Standby Mode */
180 #define WIN_SETIDLE1 0xE3
181 #define WIN_READ_BUFFER 0xE4 /* force read only 1 sector */
182 #define WIN_CHECKPOWERMODE1 0xE5
183 #define WIN_SLEEPNOW1 0xE6
184 #define WIN_FLUSH_CACHE 0xE7
185 #define WIN_WRITE_BUFFER 0xE8 /* force write only 1 sector */
186 #define WIN_WRITE_SAME 0xE9 /* read ata-2 to use */
187 /* SET_FEATURES 0x22 or 0xDD */
188 #define WIN_FLUSH_CACHE_EXT 0xEA /* 48-Bit */
189 #define WIN_IDENTIFY 0xEC /* ask drive to identify itself */
190 #define WIN_MEDIAEJECT 0xED
191 #define WIN_IDENTIFY_DMA 0xEE /* same as WIN_IDENTIFY, but DMA */
192 #define WIN_SETFEATURES 0xEF /* set special drive features */
193 #define EXABYTE_ENABLE_NEST 0xF0
194 #define IBM_SENSE_CONDITION 0xF0 /* measure disk temperature */
195 #define WIN_SECURITY_SET_PASS 0xF1
196 #define WIN_SECURITY_UNLOCK 0xF2
197 #define WIN_SECURITY_ERASE_PREPARE 0xF3
198 #define WIN_SECURITY_ERASE_UNIT 0xF4
199 #define WIN_SECURITY_FREEZE_LOCK 0xF5
200 #define CFA_WEAR_LEVEL 0xF5 /* microdrives implement as NOP */
201 #define WIN_SECURITY_DISABLE 0xF6
202 #define WIN_READ_NATIVE_MAX 0xF8 /* return the native maximum address */
203 #define WIN_SET_MAX 0xF9
204 #define DISABLE_SEAGATE 0xFB
206 /* set to 1 set disable mult support */
207 #define MAX_MULT_SECTORS 16
209 #define IDE_DMA_BUF_SECTORS 256
211 #if (IDE_DMA_BUF_SECTORS < MAX_MULT_SECTORS)
212 #error "IDE_DMA_BUF_SECTORS must be bigger or equal to MAX_MULT_SECTORS"
217 #define ATAPI_PACKET_SIZE 12
219 /* The generic packet command opcodes for CD/DVD Logical Units,
220 * From Table 57 of the SFF8090 Ver. 3 (Mt. Fuji) draft standard. */
221 #define GPCMD_BLANK 0xa1
222 #define GPCMD_CLOSE_TRACK 0x5b
223 #define GPCMD_FLUSH_CACHE 0x35
224 #define GPCMD_FORMAT_UNIT 0x04
225 #define GPCMD_GET_CONFIGURATION 0x46
226 #define GPCMD_GET_EVENT_STATUS_NOTIFICATION 0x4a
227 #define GPCMD_GET_PERFORMANCE 0xac
228 #define GPCMD_INQUIRY 0x12
229 #define GPCMD_LOAD_UNLOAD 0xa6
230 #define GPCMD_MECHANISM_STATUS 0xbd
231 #define GPCMD_MODE_SELECT_10 0x55
232 #define GPCMD_MODE_SENSE_10 0x5a
233 #define GPCMD_PAUSE_RESUME 0x4b
234 #define GPCMD_PLAY_AUDIO_10 0x45
235 #define GPCMD_PLAY_AUDIO_MSF 0x47
236 #define GPCMD_PLAY_AUDIO_TI 0x48
237 #define GPCMD_PLAY_CD 0xbc
238 #define GPCMD_PREVENT_ALLOW_MEDIUM_REMOVAL 0x1e
239 #define GPCMD_READ_10 0x28
240 #define GPCMD_READ_12 0xa8
241 #define GPCMD_READ_CDVD_CAPACITY 0x25
242 #define GPCMD_READ_CD 0xbe
243 #define GPCMD_READ_CD_MSF 0xb9
244 #define GPCMD_READ_DISC_INFO 0x51
245 #define GPCMD_READ_DVD_STRUCTURE 0xad
246 #define GPCMD_READ_FORMAT_CAPACITIES 0x23
247 #define GPCMD_READ_HEADER 0x44
248 #define GPCMD_READ_TRACK_RZONE_INFO 0x52
249 #define GPCMD_READ_SUBCHANNEL 0x42
250 #define GPCMD_READ_TOC_PMA_ATIP 0x43
251 #define GPCMD_REPAIR_RZONE_TRACK 0x58
252 #define GPCMD_REPORT_KEY 0xa4
253 #define GPCMD_REQUEST_SENSE 0x03
254 #define GPCMD_RESERVE_RZONE_TRACK 0x53
255 #define GPCMD_SCAN 0xba
256 #define GPCMD_SEEK 0x2b
257 #define GPCMD_SEND_DVD_STRUCTURE 0xad
258 #define GPCMD_SEND_EVENT 0xa2
259 #define GPCMD_SEND_KEY 0xa3
260 #define GPCMD_SEND_OPC 0x54
261 #define GPCMD_SET_READ_AHEAD 0xa7
262 #define GPCMD_SET_STREAMING 0xb6
263 #define GPCMD_START_STOP_UNIT 0x1b
264 #define GPCMD_STOP_PLAY_SCAN 0x4e
265 #define GPCMD_TEST_UNIT_READY 0x00
266 #define GPCMD_VERIFY_10 0x2f
267 #define GPCMD_WRITE_10 0x2a
268 #define GPCMD_WRITE_AND_VERIFY_10 0x2e
269 /* This is listed as optional in ATAPI 2.6, but is (curiously)
270 * missing from Mt. Fuji, Table 57. It _is_ mentioned in Mt. Fuji
271 * Table 377 as an MMC command for SCSi devices though... Most ATAPI
272 * drives support it. */
273 #define GPCMD_SET_SPEED 0xbb
274 /* This seems to be a SCSI specific CD-ROM opcode
275 * to play data at track/index */
276 #define GPCMD_PLAYAUDIO_TI 0x48
278 * From MS Media Status Notification Support Specification. For
281 #define GPCMD_GET_MEDIA_STATUS 0xda
282 #define GPCMD_MODE_SENSE_6 0x1a
284 /* Mode page codes for mode sense/set */
285 #define GPMODE_R_W_ERROR_PAGE 0x01
286 #define GPMODE_WRITE_PARMS_PAGE 0x05
287 #define GPMODE_AUDIO_CTL_PAGE 0x0e
288 #define GPMODE_POWER_PAGE 0x1a
289 #define GPMODE_FAULT_FAIL_PAGE 0x1c
290 #define GPMODE_TO_PROTECT_PAGE 0x1d
291 #define GPMODE_CAPABILITIES_PAGE 0x2a
292 #define GPMODE_ALL_PAGES 0x3f
293 /* Not in Mt. Fuji, but in ATAPI 2.6 -- depricated now in favor
294 * of MODE_SENSE_POWER_PAGE */
295 #define GPMODE_CDROM_PAGE 0x0d
298 * Based on values from <linux/cdrom.h> but extending CD_MINS
299 * to the maximum common size allowed by the Orange's Book ATIP
301 * 90 and 99 min CDs are also available but using them as the
302 * upper limit reduces the effectiveness of the heuristic to
303 * detect DVDs burned to less than 25% of their maximum capacity
306 /* Some generally useful CD-ROM information */
307 #define CD_MINS 80 /* max. minutes per CD */
308 #define CD_SECS 60 /* seconds per minute */
309 #define CD_FRAMES 75 /* frames per second */
310 #define CD_FRAMESIZE 2048 /* bytes per frame, "cooked" mode */
311 #define CD_MAX_BYTES (CD_MINS * CD_SECS * CD_FRAMES * CD_FRAMESIZE)
312 #define CD_MAX_SECTORS (CD_MAX_BYTES / 512)
315 * The MMC values are not IDE specific and might need to be moved
316 * to a common header if they are also needed for the SCSI emulation
319 /* Profile list from MMC-6 revision 1 table 91 */
320 #define MMC_PROFILE_NONE 0x0000
321 #define MMC_PROFILE_CD_ROM 0x0008
322 #define MMC_PROFILE_CD_R 0x0009
323 #define MMC_PROFILE_CD_RW 0x000A
324 #define MMC_PROFILE_DVD_ROM 0x0010
325 #define MMC_PROFILE_DVD_R_SR 0x0011
326 #define MMC_PROFILE_DVD_RAM 0x0012
327 #define MMC_PROFILE_DVD_RW_RO 0x0013
328 #define MMC_PROFILE_DVD_RW_SR 0x0014
329 #define MMC_PROFILE_DVD_R_DL_SR 0x0015
330 #define MMC_PROFILE_DVD_R_DL_JR 0x0016
331 #define MMC_PROFILE_DVD_RW_DL 0x0017
332 #define MMC_PROFILE_DVD_DDR 0x0018
333 #define MMC_PROFILE_DVD_PLUS_RW 0x001A
334 #define MMC_PROFILE_DVD_PLUS_R 0x001B
335 #define MMC_PROFILE_DVD_PLUS_RW_DL 0x002A
336 #define MMC_PROFILE_DVD_PLUS_R_DL 0x002B
337 #define MMC_PROFILE_BD_ROM 0x0040
338 #define MMC_PROFILE_BD_R_SRM 0x0041
339 #define MMC_PROFILE_BD_R_RRM 0x0042
340 #define MMC_PROFILE_BD_RE 0x0043
341 #define MMC_PROFILE_HDDVD_ROM 0x0050
342 #define MMC_PROFILE_HDDVD_R 0x0051
343 #define MMC_PROFILE_HDDVD_RAM 0x0052
344 #define MMC_PROFILE_HDDVD_RW 0x0053
345 #define MMC_PROFILE_HDDVD_R_DL 0x0058
346 #define MMC_PROFILE_HDDVD_RW_DL 0x005A
347 #define MMC_PROFILE_INVALID 0xFFFF
349 #define ATAPI_INT_REASON_CD 0x01 /* 0 = data transfer */
350 #define ATAPI_INT_REASON_IO 0x02 /* 1 = transfer to the host */
351 #define ATAPI_INT_REASON_REL 0x04
352 #define ATAPI_INT_REASON_TAG 0xf8
354 /* same constants as bochs */
355 #define ASC_ILLEGAL_OPCODE 0x20
356 #define ASC_LOGICAL_BLOCK_OOR 0x21
357 #define ASC_INV_FIELD_IN_CMD_PACKET 0x24
358 #define ASC_MEDIUM_MAY_HAVE_CHANGED 0x28
359 #define ASC_INCOMPATIBLE_FORMAT 0x30
360 #define ASC_MEDIUM_NOT_PRESENT 0x3a
361 #define ASC_SAVING_PARAMETERS_NOT_SUPPORTED 0x39
363 #define CFA_NO_ERROR 0x00
364 #define CFA_MISC_ERROR 0x09
365 #define CFA_INVALID_COMMAND 0x20
366 #define CFA_INVALID_ADDRESS 0x21
367 #define CFA_ADDRESS_OVERFLOW 0x2f
370 #define SENSE_NOT_READY 2
371 #define SENSE_ILLEGAL_REQUEST 5
372 #define SENSE_UNIT_ATTENTION 6
376 typedef void EndTransferFunc(struct IDEState *);
378 /* NOTE: IDEState represents in fact one drive */
379 typedef struct IDEState {
383 int cylinders, heads, sectors;
387 uint16_t identify_data[256];
390 struct BMDMAState *bmdma;
392 char drive_serial_str[21];
400 /* other part of tf for lba48 support */
410 /* 0x3f6 command, only meaningful for drive 0 */
412 /* set for lba48 access */
414 /* depends on bit 4 in select, only meaningful for drive 0 */
415 struct IDEState *cur_drive;
416 BlockDriverState *bs;
420 int packet_transfer_size;
421 int elementary_transfer_size;
425 int atapi_dma; /* true if dma is requested for the packet cmd */
429 /* PIO transfer handling */
430 int req_nb_sectors; /* number of sectors per interrupt */
431 EndTransferFunc *end_transfer_func;
435 QEMUTimer *sector_write_timer; /* only used for win2k install hack */
436 uint32_t irq_count; /* counts IRQs when using win2k install hack */
437 /* CF-ATA extended error */
439 /* CF-ATA metadata storage */
441 uint8_t *mdata_storage;
447 /* XXX: DVDs that could fit on a CD will be reported as a CD */
448 static inline int media_present(IDEState *s)
450 return (s->nb_sectors > 0);
453 static inline int media_is_dvd(IDEState *s)
455 return (media_present(s) && s->nb_sectors > CD_MAX_SECTORS);
458 static inline int media_is_cd(IDEState *s)
460 return (media_present(s) && s->nb_sectors <= CD_MAX_SECTORS);
463 #define BM_STATUS_DMAING 0x01
464 #define BM_STATUS_ERROR 0x02
465 #define BM_STATUS_INT 0x04
466 #define BM_STATUS_DMA_RETRY 0x08
467 #define BM_STATUS_PIO_RETRY 0x10
469 #define BM_CMD_START 0x01
470 #define BM_CMD_READ 0x08
472 #define IDE_TYPE_PIIX3 0
473 #define IDE_TYPE_CMD646 1
474 #define IDE_TYPE_PIIX4 2
476 /* CMD646 specific */
478 #define MRDMODE_INTR_CH0 0x04
479 #define MRDMODE_INTR_CH1 0x08
480 #define MRDMODE_BLK_CH0 0x10
481 #define MRDMODE_BLK_CH1 0x20
482 #define UDIDETCR0 0x73
483 #define UDIDETCR1 0x7B
485 typedef struct BMDMAState {
490 struct PCIIDEState *pci_dev;
491 /* current transfer state */
493 uint32_t cur_prd_last;
494 uint32_t cur_prd_addr;
495 uint32_t cur_prd_len;
497 BlockDriverCompletionFunc *dma_cb;
498 BlockDriverAIOCB *aiocb;
505 typedef struct PCIIDEState {
509 int type; /* see IDE_TYPE_xxx */
512 static void ide_dma_start(IDEState *s, BlockDriverCompletionFunc *dma_cb);
513 static void ide_dma_restart(IDEState *s);
514 static void ide_atapi_cmd_read_dma_cb(void *opaque, int ret);
516 static void padstr(char *str, const char *src, int len)
519 for(i = 0; i < len; i++) {
528 static void padstr8(uint8_t *buf, int buf_size, const char *src)
531 for(i = 0; i < buf_size; i++) {
539 static void put_le16(uint16_t *p, unsigned int v)
544 static void ide_identify(IDEState *s)
547 unsigned int oldsize;
549 if (s->identify_set) {
550 memcpy(s->io_buffer, s->identify_data, sizeof(s->identify_data));
554 memset(s->io_buffer, 0, 512);
555 p = (uint16_t *)s->io_buffer;
556 put_le16(p + 0, 0x0040);
557 put_le16(p + 1, s->cylinders);
558 put_le16(p + 3, s->heads);
559 put_le16(p + 4, 512 * s->sectors); /* XXX: retired, remove ? */
560 put_le16(p + 5, 512); /* XXX: retired, remove ? */
561 put_le16(p + 6, s->sectors);
562 padstr((char *)(p + 10), s->drive_serial_str, 20); /* serial number */
563 put_le16(p + 20, 3); /* XXX: retired, remove ? */
564 put_le16(p + 21, 512); /* cache size in sectors */
565 put_le16(p + 22, 4); /* ecc bytes */
566 padstr((char *)(p + 23), QEMU_VERSION, 8); /* firmware version */
567 padstr((char *)(p + 27), "QEMU HARDDISK", 40); /* model */
568 #if MAX_MULT_SECTORS > 1
569 put_le16(p + 47, 0x8000 | MAX_MULT_SECTORS);
571 put_le16(p + 48, 1); /* dword I/O */
572 put_le16(p + 49, (1 << 11) | (1 << 9) | (1 << 8)); /* DMA and LBA supported */
573 put_le16(p + 51, 0x200); /* PIO transfer cycle */
574 put_le16(p + 52, 0x200); /* DMA transfer cycle */
575 put_le16(p + 53, 1 | (1 << 1) | (1 << 2)); /* words 54-58,64-70,88 are valid */
576 put_le16(p + 54, s->cylinders);
577 put_le16(p + 55, s->heads);
578 put_le16(p + 56, s->sectors);
579 oldsize = s->cylinders * s->heads * s->sectors;
580 put_le16(p + 57, oldsize);
581 put_le16(p + 58, oldsize >> 16);
583 put_le16(p + 59, 0x100 | s->mult_sectors);
584 put_le16(p + 60, s->nb_sectors);
585 put_le16(p + 61, s->nb_sectors >> 16);
586 put_le16(p + 62, 0x07); /* single word dma0-2 supported */
587 put_le16(p + 63, 0x07); /* mdma0-2 supported */
588 put_le16(p + 65, 120);
589 put_le16(p + 66, 120);
590 put_le16(p + 67, 120);
591 put_le16(p + 68, 120);
592 put_le16(p + 80, 0xf0); /* ata3 -> ata6 supported */
593 put_le16(p + 81, 0x16); /* conforms to ata5 */
594 put_le16(p + 82, (1 << 14));
595 /* 13=flush_cache_ext,12=flush_cache,10=lba48 */
596 put_le16(p + 83, (1 << 14) | (1 << 13) | (1 <<12) | (1 << 10));
597 put_le16(p + 84, (1 << 14));
598 put_le16(p + 85, (1 << 14));
599 /* 13=flush_cache_ext,12=flush_cache,10=lba48 */
600 put_le16(p + 86, (1 << 14) | (1 << 13) | (1 <<12) | (1 << 10));
601 put_le16(p + 87, (1 << 14));
602 put_le16(p + 88, 0x3f | (1 << 13)); /* udma5 set and supported */
603 put_le16(p + 93, 1 | (1 << 14) | 0x2000);
604 put_le16(p + 100, s->nb_sectors);
605 put_le16(p + 101, s->nb_sectors >> 16);
606 put_le16(p + 102, s->nb_sectors >> 32);
607 put_le16(p + 103, s->nb_sectors >> 48);
609 memcpy(s->identify_data, p, sizeof(s->identify_data));
613 static void ide_atapi_identify(IDEState *s)
617 if (s->identify_set) {
618 memcpy(s->io_buffer, s->identify_data, sizeof(s->identify_data));
622 memset(s->io_buffer, 0, 512);
623 p = (uint16_t *)s->io_buffer;
624 /* Removable CDROM, 50us response, 12 byte packets */
625 put_le16(p + 0, (2 << 14) | (5 << 8) | (1 << 7) | (2 << 5) | (0 << 0));
626 padstr((char *)(p + 10), s->drive_serial_str, 20); /* serial number */
627 put_le16(p + 20, 3); /* buffer type */
628 put_le16(p + 21, 512); /* cache size in sectors */
629 put_le16(p + 22, 4); /* ecc bytes */
630 padstr((char *)(p + 23), QEMU_VERSION, 8); /* firmware version */
631 padstr((char *)(p + 27), "QEMU DVD-ROM", 40); /* model */
632 put_le16(p + 48, 1); /* dword I/O (XXX: should not be set on CDROM) */
634 put_le16(p + 49, 1 << 9 | 1 << 8); /* DMA and LBA supported */
635 put_le16(p + 53, 7); /* words 64-70, 54-58, 88 valid */
636 put_le16(p + 62, 7); /* single word dma0-2 supported */
637 put_le16(p + 63, 7); /* mdma0-2 supported */
638 put_le16(p + 64, 0x3f); /* PIO modes supported */
640 put_le16(p + 49, 1 << 9); /* LBA supported, no DMA */
641 put_le16(p + 53, 3); /* words 64-70, 54-58 valid */
642 put_le16(p + 63, 0x103); /* DMA modes XXX: may be incorrect */
643 put_le16(p + 64, 1); /* PIO modes */
645 put_le16(p + 65, 0xb4); /* minimum DMA multiword tx cycle time */
646 put_le16(p + 66, 0xb4); /* recommended DMA multiword tx cycle time */
647 put_le16(p + 67, 0x12c); /* minimum PIO cycle time without flow control */
648 put_le16(p + 68, 0xb4); /* minimum PIO cycle time with IORDY flow control */
650 put_le16(p + 71, 30); /* in ns */
651 put_le16(p + 72, 30); /* in ns */
653 put_le16(p + 80, 0x1e); /* support up to ATA/ATAPI-4 */
655 put_le16(p + 88, 0x3f | (1 << 13)); /* udma5 set and supported */
657 memcpy(s->identify_data, p, sizeof(s->identify_data));
661 static void ide_cfata_identify(IDEState *s)
666 p = (uint16_t *) s->identify_data;
670 memset(p, 0, sizeof(s->identify_data));
672 cur_sec = s->cylinders * s->heads * s->sectors;
674 put_le16(p + 0, 0x848a); /* CF Storage Card signature */
675 put_le16(p + 1, s->cylinders); /* Default cylinders */
676 put_le16(p + 3, s->heads); /* Default heads */
677 put_le16(p + 6, s->sectors); /* Default sectors per track */
678 put_le16(p + 7, s->nb_sectors >> 16); /* Sectors per card */
679 put_le16(p + 8, s->nb_sectors); /* Sectors per card */
680 padstr((char *)(p + 10), s->drive_serial_str, 20); /* serial number */
681 put_le16(p + 22, 0x0004); /* ECC bytes */
682 padstr((char *) (p + 23), QEMU_VERSION, 8); /* Firmware Revision */
683 padstr((char *) (p + 27), "QEMU MICRODRIVE", 40);/* Model number */
684 #if MAX_MULT_SECTORS > 1
685 put_le16(p + 47, 0x8000 | MAX_MULT_SECTORS);
687 put_le16(p + 47, 0x0000);
689 put_le16(p + 49, 0x0f00); /* Capabilities */
690 put_le16(p + 51, 0x0002); /* PIO cycle timing mode */
691 put_le16(p + 52, 0x0001); /* DMA cycle timing mode */
692 put_le16(p + 53, 0x0003); /* Translation params valid */
693 put_le16(p + 54, s->cylinders); /* Current cylinders */
694 put_le16(p + 55, s->heads); /* Current heads */
695 put_le16(p + 56, s->sectors); /* Current sectors */
696 put_le16(p + 57, cur_sec); /* Current capacity */
697 put_le16(p + 58, cur_sec >> 16); /* Current capacity */
698 if (s->mult_sectors) /* Multiple sector setting */
699 put_le16(p + 59, 0x100 | s->mult_sectors);
700 put_le16(p + 60, s->nb_sectors); /* Total LBA sectors */
701 put_le16(p + 61, s->nb_sectors >> 16); /* Total LBA sectors */
702 put_le16(p + 63, 0x0203); /* Multiword DMA capability */
703 put_le16(p + 64, 0x0001); /* Flow Control PIO support */
704 put_le16(p + 65, 0x0096); /* Min. Multiword DMA cycle */
705 put_le16(p + 66, 0x0096); /* Rec. Multiword DMA cycle */
706 put_le16(p + 68, 0x00b4); /* Min. PIO cycle time */
707 put_le16(p + 82, 0x400c); /* Command Set supported */
708 put_le16(p + 83, 0x7068); /* Command Set supported */
709 put_le16(p + 84, 0x4000); /* Features supported */
710 put_le16(p + 85, 0x000c); /* Command Set enabled */
711 put_le16(p + 86, 0x7044); /* Command Set enabled */
712 put_le16(p + 87, 0x4000); /* Features enabled */
713 put_le16(p + 91, 0x4060); /* Current APM level */
714 put_le16(p + 129, 0x0002); /* Current features option */
715 put_le16(p + 130, 0x0005); /* Reassigned sectors */
716 put_le16(p + 131, 0x0001); /* Initial power mode */
717 put_le16(p + 132, 0x0000); /* User signature */
718 put_le16(p + 160, 0x8100); /* Power requirement */
719 put_le16(p + 161, 0x8001); /* CF command set */
724 memcpy(s->io_buffer, p, sizeof(s->identify_data));
727 static void ide_set_signature(IDEState *s)
729 s->select &= 0xf0; /* clear head */
745 static inline void ide_abort_command(IDEState *s)
747 s->status = READY_STAT | ERR_STAT;
751 static inline void ide_dma_submit_check(IDEState *s,
752 BlockDriverCompletionFunc *dma_cb, BMDMAState *bm)
759 static inline void ide_set_irq(IDEState *s)
761 BMDMAState *bm = s->bmdma;
762 if (!(s->cmd & IDE_CMD_DISABLE_IRQ)) {
764 bm->status |= BM_STATUS_INT;
766 qemu_irq_raise(s->irq);
770 /* prepare data transfer and tell what to do after */
771 static void ide_transfer_start(IDEState *s, uint8_t *buf, int size,
772 EndTransferFunc *end_transfer_func)
774 s->end_transfer_func = end_transfer_func;
776 s->data_end = buf + size;
777 if (!(s->status & ERR_STAT))
778 s->status |= DRQ_STAT;
781 static void ide_transfer_stop(IDEState *s)
783 s->end_transfer_func = ide_transfer_stop;
784 s->data_ptr = s->io_buffer;
785 s->data_end = s->io_buffer;
786 s->status &= ~DRQ_STAT;
789 static int64_t ide_get_sector(IDEState *s)
792 if (s->select & 0x40) {
795 sector_num = ((s->select & 0x0f) << 24) | (s->hcyl << 16) |
796 (s->lcyl << 8) | s->sector;
798 sector_num = ((int64_t)s->hob_hcyl << 40) |
799 ((int64_t) s->hob_lcyl << 32) |
800 ((int64_t) s->hob_sector << 24) |
801 ((int64_t) s->hcyl << 16) |
802 ((int64_t) s->lcyl << 8) | s->sector;
805 sector_num = ((s->hcyl << 8) | s->lcyl) * s->heads * s->sectors +
806 (s->select & 0x0f) * s->sectors + (s->sector - 1);
811 static void ide_set_sector(IDEState *s, int64_t sector_num)
814 if (s->select & 0x40) {
816 s->select = (s->select & 0xf0) | (sector_num >> 24);
817 s->hcyl = (sector_num >> 16);
818 s->lcyl = (sector_num >> 8);
819 s->sector = (sector_num);
821 s->sector = sector_num;
822 s->lcyl = sector_num >> 8;
823 s->hcyl = sector_num >> 16;
824 s->hob_sector = sector_num >> 24;
825 s->hob_lcyl = sector_num >> 32;
826 s->hob_hcyl = sector_num >> 40;
829 cyl = sector_num / (s->heads * s->sectors);
830 r = sector_num % (s->heads * s->sectors);
833 s->select = (s->select & 0xf0) | ((r / s->sectors) & 0x0f);
834 s->sector = (r % s->sectors) + 1;
838 static void ide_rw_error(IDEState *s) {
839 ide_abort_command(s);
843 static void ide_sector_read(IDEState *s)
848 s->status = READY_STAT | SEEK_STAT;
849 s->error = 0; /* not needed by IDE spec, but needed by Windows */
850 sector_num = ide_get_sector(s);
853 /* no more sector to read from disk */
854 ide_transfer_stop(s);
856 #if defined(DEBUG_IDE)
857 printf("read sector=%" PRId64 "\n", sector_num);
859 if (n > s->req_nb_sectors)
860 n = s->req_nb_sectors;
861 ret = bdrv_read(s->bs, sector_num, s->io_buffer, n);
866 ide_transfer_start(s, s->io_buffer, 512 * n, ide_sector_read);
868 ide_set_sector(s, sector_num + n);
874 /* return 0 if buffer completed */
875 static int dma_buf_prepare(BMDMAState *bm, int is_write)
877 IDEState *s = bm->ide_if;
884 qemu_sglist_init(&s->sg, s->nsector / (TARGET_PAGE_SIZE/512) + 1);
885 s->io_buffer_size = 0;
887 if (bm->cur_prd_len == 0) {
888 /* end of table (with a fail safe of one page) */
889 if (bm->cur_prd_last ||
890 (bm->cur_addr - bm->addr) >= 4096)
891 return s->io_buffer_size != 0;
892 cpu_physical_memory_read(bm->cur_addr, (uint8_t *)&prd, 8);
894 prd.addr = le32_to_cpu(prd.addr);
895 prd.size = le32_to_cpu(prd.size);
896 len = prd.size & 0xfffe;
899 bm->cur_prd_len = len;
900 bm->cur_prd_addr = prd.addr;
901 bm->cur_prd_last = (prd.size & 0x80000000);
905 qemu_sglist_add(&s->sg, bm->cur_prd_addr, l);
906 bm->cur_prd_addr += l;
907 bm->cur_prd_len -= l;
908 s->io_buffer_size += l;
914 static void dma_buf_commit(IDEState *s, int is_write)
916 qemu_sglist_destroy(&s->sg);
919 static void ide_dma_error(IDEState *s)
921 ide_transfer_stop(s);
923 s->status = READY_STAT | ERR_STAT;
927 static int ide_handle_write_error(IDEState *s, int error, int op)
929 BlockInterfaceErrorAction action = drive_get_onerror(s->bs);
931 if (action == BLOCK_ERR_IGNORE)
934 if ((error == ENOSPC && action == BLOCK_ERR_STOP_ENOSPC)
935 || action == BLOCK_ERR_STOP_ANY) {
936 s->bmdma->ide_if = s;
937 s->bmdma->status |= op;
940 if (op == BM_STATUS_DMA_RETRY) {
941 dma_buf_commit(s, 0);
951 /* return 0 if buffer completed */
952 static int dma_buf_rw(BMDMAState *bm, int is_write)
954 IDEState *s = bm->ide_if;
962 l = s->io_buffer_size - s->io_buffer_index;
965 if (bm->cur_prd_len == 0) {
966 /* end of table (with a fail safe of one page) */
967 if (bm->cur_prd_last ||
968 (bm->cur_addr - bm->addr) >= 4096)
970 cpu_physical_memory_read(bm->cur_addr, (uint8_t *)&prd, 8);
972 prd.addr = le32_to_cpu(prd.addr);
973 prd.size = le32_to_cpu(prd.size);
974 len = prd.size & 0xfffe;
977 bm->cur_prd_len = len;
978 bm->cur_prd_addr = prd.addr;
979 bm->cur_prd_last = (prd.size & 0x80000000);
981 if (l > bm->cur_prd_len)
985 cpu_physical_memory_write(bm->cur_prd_addr,
986 s->io_buffer + s->io_buffer_index, l);
988 cpu_physical_memory_read(bm->cur_prd_addr,
989 s->io_buffer + s->io_buffer_index, l);
991 bm->cur_prd_addr += l;
992 bm->cur_prd_len -= l;
993 s->io_buffer_index += l;
999 static void ide_read_dma_cb(void *opaque, int ret)
1001 BMDMAState *bm = opaque;
1002 IDEState *s = bm->ide_if;
1007 dma_buf_commit(s, 1);
1012 n = s->io_buffer_size >> 9;
1013 sector_num = ide_get_sector(s);
1015 dma_buf_commit(s, 1);
1017 ide_set_sector(s, sector_num);
1021 /* end of transfer ? */
1022 if (s->nsector == 0) {
1023 s->status = READY_STAT | SEEK_STAT;
1026 bm->status &= ~BM_STATUS_DMAING;
1027 bm->status |= BM_STATUS_INT;
1034 /* launch next transfer */
1036 s->io_buffer_index = 0;
1037 s->io_buffer_size = n * 512;
1038 if (dma_buf_prepare(bm, 1) == 0)
1041 printf("aio_read: sector_num=%" PRId64 " n=%d\n", sector_num, n);
1043 bm->aiocb = dma_bdrv_read(s->bs, &s->sg, sector_num, ide_read_dma_cb, bm);
1044 ide_dma_submit_check(s, ide_read_dma_cb, bm);
1047 static void ide_sector_read_dma(IDEState *s)
1049 s->status = READY_STAT | SEEK_STAT | DRQ_STAT | BUSY_STAT;
1050 s->io_buffer_index = 0;
1051 s->io_buffer_size = 0;
1053 ide_dma_start(s, ide_read_dma_cb);
1056 static void ide_sector_write_timer_cb(void *opaque)
1058 IDEState *s = opaque;
1062 static void ide_sector_write(IDEState *s)
1067 s->status = READY_STAT | SEEK_STAT;
1068 sector_num = ide_get_sector(s);
1069 #if defined(DEBUG_IDE)
1070 printf("write sector=%" PRId64 "\n", sector_num);
1073 if (n > s->req_nb_sectors)
1074 n = s->req_nb_sectors;
1075 ret = bdrv_write(s->bs, sector_num, s->io_buffer, n);
1078 if (ide_handle_write_error(s, -ret, BM_STATUS_PIO_RETRY))
1083 if (s->nsector == 0) {
1084 /* no more sectors to write */
1085 ide_transfer_stop(s);
1088 if (n1 > s->req_nb_sectors)
1089 n1 = s->req_nb_sectors;
1090 ide_transfer_start(s, s->io_buffer, 512 * n1, ide_sector_write);
1092 ide_set_sector(s, sector_num + n);
1095 if (win2k_install_hack && ((++s->irq_count % 16) == 0)) {
1096 /* It seems there is a bug in the Windows 2000 installer HDD
1097 IDE driver which fills the disk with empty logs when the
1098 IDE write IRQ comes too early. This hack tries to correct
1099 that at the expense of slower write performances. Use this
1100 option _only_ to install Windows 2000. You must disable it
1102 qemu_mod_timer(s->sector_write_timer,
1103 qemu_get_clock(vm_clock) + (ticks_per_sec / 1000));
1111 static void ide_dma_restart_cb(void *opaque, int running, int reason)
1113 BMDMAState *bm = opaque;
1116 if (bm->status & BM_STATUS_DMA_RETRY) {
1117 bm->status &= ~BM_STATUS_DMA_RETRY;
1118 ide_dma_restart(bm->ide_if);
1119 } else if (bm->status & BM_STATUS_PIO_RETRY) {
1120 bm->status &= ~BM_STATUS_PIO_RETRY;
1121 ide_sector_write(bm->ide_if);
1125 static void ide_write_dma_cb(void *opaque, int ret)
1127 BMDMAState *bm = opaque;
1128 IDEState *s = bm->ide_if;
1133 if (ide_handle_write_error(s, -ret, BM_STATUS_DMA_RETRY))
1137 n = s->io_buffer_size >> 9;
1138 sector_num = ide_get_sector(s);
1140 dma_buf_commit(s, 0);
1142 ide_set_sector(s, sector_num);
1146 /* end of transfer ? */
1147 if (s->nsector == 0) {
1148 s->status = READY_STAT | SEEK_STAT;
1151 bm->status &= ~BM_STATUS_DMAING;
1152 bm->status |= BM_STATUS_INT;
1160 s->io_buffer_size = n * 512;
1161 /* launch next transfer */
1162 if (dma_buf_prepare(bm, 0) == 0)
1165 printf("aio_write: sector_num=%" PRId64 " n=%d\n", sector_num, n);
1167 bm->aiocb = dma_bdrv_write(s->bs, &s->sg, sector_num, ide_write_dma_cb, bm);
1168 ide_dma_submit_check(s, ide_write_dma_cb, bm);
1171 static void ide_sector_write_dma(IDEState *s)
1173 s->status = READY_STAT | SEEK_STAT | DRQ_STAT | BUSY_STAT;
1174 s->io_buffer_index = 0;
1175 s->io_buffer_size = 0;
1177 ide_dma_start(s, ide_write_dma_cb);
1180 static void ide_atapi_cmd_ok(IDEState *s)
1183 s->status = READY_STAT | SEEK_STAT;
1184 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
1188 static void ide_atapi_cmd_error(IDEState *s, int sense_key, int asc)
1190 #ifdef DEBUG_IDE_ATAPI
1191 printf("atapi_cmd_error: sense=0x%x asc=0x%x\n", sense_key, asc);
1193 s->error = sense_key << 4;
1194 s->status = READY_STAT | ERR_STAT;
1195 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
1196 s->sense_key = sense_key;
1201 static void ide_atapi_cmd_check_status(IDEState *s)
1203 #ifdef DEBUG_IDE_ATAPI
1204 printf("atapi_cmd_check_status\n");
1206 s->error = MC_ERR | (SENSE_UNIT_ATTENTION << 4);
1207 s->status = ERR_STAT;
1212 static inline void cpu_to_ube16(uint8_t *buf, int val)
1215 buf[1] = val & 0xff;
1218 static inline void cpu_to_ube32(uint8_t *buf, unsigned int val)
1223 buf[3] = val & 0xff;
1226 static inline int ube16_to_cpu(const uint8_t *buf)
1228 return (buf[0] << 8) | buf[1];
1231 static inline int ube32_to_cpu(const uint8_t *buf)
1233 return (buf[0] << 24) | (buf[1] << 16) | (buf[2] << 8) | buf[3];
1236 static void lba_to_msf(uint8_t *buf, int lba)
1239 buf[0] = (lba / 75) / 60;
1240 buf[1] = (lba / 75) % 60;
1244 static void cd_data_to_raw(uint8_t *buf, int lba)
1248 memset(buf + 1, 0xff, 10);
1252 lba_to_msf(buf, lba);
1253 buf[3] = 0x01; /* mode 1 data */
1257 /* XXX: ECC not computed */
1258 memset(buf, 0, 288);
1261 static int cd_read_sector(BlockDriverState *bs, int lba, uint8_t *buf,
1266 switch(sector_size) {
1268 ret = bdrv_read(bs, (int64_t)lba << 2, buf, 4);
1271 ret = bdrv_read(bs, (int64_t)lba << 2, buf + 16, 4);
1274 cd_data_to_raw(buf, lba);
1283 static void ide_atapi_io_error(IDEState *s, int ret)
1285 /* XXX: handle more errors */
1286 if (ret == -ENOMEDIUM) {
1287 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1288 ASC_MEDIUM_NOT_PRESENT);
1290 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1291 ASC_LOGICAL_BLOCK_OOR);
1295 /* The whole ATAPI transfer logic is handled in this function */
1296 static void ide_atapi_cmd_reply_end(IDEState *s)
1298 int byte_count_limit, size, ret;
1299 #ifdef DEBUG_IDE_ATAPI
1300 printf("reply: tx_size=%d elem_tx_size=%d index=%d\n",
1301 s->packet_transfer_size,
1302 s->elementary_transfer_size,
1303 s->io_buffer_index);
1305 if (s->packet_transfer_size <= 0) {
1306 /* end of transfer */
1307 ide_transfer_stop(s);
1308 s->status = READY_STAT | SEEK_STAT;
1309 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
1311 #ifdef DEBUG_IDE_ATAPI
1312 printf("status=0x%x\n", s->status);
1315 /* see if a new sector must be read */
1316 if (s->lba != -1 && s->io_buffer_index >= s->cd_sector_size) {
1317 ret = cd_read_sector(s->bs, s->lba, s->io_buffer, s->cd_sector_size);
1319 ide_transfer_stop(s);
1320 ide_atapi_io_error(s, ret);
1324 s->io_buffer_index = 0;
1326 if (s->elementary_transfer_size > 0) {
1327 /* there are some data left to transmit in this elementary
1329 size = s->cd_sector_size - s->io_buffer_index;
1330 if (size > s->elementary_transfer_size)
1331 size = s->elementary_transfer_size;
1332 ide_transfer_start(s, s->io_buffer + s->io_buffer_index,
1333 size, ide_atapi_cmd_reply_end);
1334 s->packet_transfer_size -= size;
1335 s->elementary_transfer_size -= size;
1336 s->io_buffer_index += size;
1338 /* a new transfer is needed */
1339 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO;
1340 byte_count_limit = s->lcyl | (s->hcyl << 8);
1341 #ifdef DEBUG_IDE_ATAPI
1342 printf("byte_count_limit=%d\n", byte_count_limit);
1344 if (byte_count_limit == 0xffff)
1346 size = s->packet_transfer_size;
1347 if (size > byte_count_limit) {
1348 /* byte count limit must be even if this case */
1349 if (byte_count_limit & 1)
1351 size = byte_count_limit;
1354 s->hcyl = size >> 8;
1355 s->elementary_transfer_size = size;
1356 /* we cannot transmit more than one sector at a time */
1358 if (size > (s->cd_sector_size - s->io_buffer_index))
1359 size = (s->cd_sector_size - s->io_buffer_index);
1361 ide_transfer_start(s, s->io_buffer + s->io_buffer_index,
1362 size, ide_atapi_cmd_reply_end);
1363 s->packet_transfer_size -= size;
1364 s->elementary_transfer_size -= size;
1365 s->io_buffer_index += size;
1367 #ifdef DEBUG_IDE_ATAPI
1368 printf("status=0x%x\n", s->status);
1374 /* send a reply of 'size' bytes in s->io_buffer to an ATAPI command */
1375 static void ide_atapi_cmd_reply(IDEState *s, int size, int max_size)
1377 if (size > max_size)
1379 s->lba = -1; /* no sector read */
1380 s->packet_transfer_size = size;
1381 s->io_buffer_size = size; /* dma: send the reply data as one chunk */
1382 s->elementary_transfer_size = 0;
1383 s->io_buffer_index = 0;
1386 s->status = READY_STAT | SEEK_STAT | DRQ_STAT;
1387 ide_dma_start(s, ide_atapi_cmd_read_dma_cb);
1389 s->status = READY_STAT | SEEK_STAT;
1390 ide_atapi_cmd_reply_end(s);
1394 /* start a CD-CDROM read command */
1395 static void ide_atapi_cmd_read_pio(IDEState *s, int lba, int nb_sectors,
1399 s->packet_transfer_size = nb_sectors * sector_size;
1400 s->elementary_transfer_size = 0;
1401 s->io_buffer_index = sector_size;
1402 s->cd_sector_size = sector_size;
1404 s->status = READY_STAT | SEEK_STAT;
1405 ide_atapi_cmd_reply_end(s);
1408 /* ATAPI DMA support */
1410 /* XXX: handle read errors */
1411 static void ide_atapi_cmd_read_dma_cb(void *opaque, int ret)
1413 BMDMAState *bm = opaque;
1414 IDEState *s = bm->ide_if;
1418 ide_atapi_io_error(s, ret);
1422 if (s->io_buffer_size > 0) {
1424 * For a cdrom read sector command (s->lba != -1),
1425 * adjust the lba for the next s->io_buffer_size chunk
1426 * and dma the current chunk.
1427 * For a command != read (s->lba == -1), just transfer
1431 if (s->cd_sector_size == 2352) {
1433 cd_data_to_raw(s->io_buffer, s->lba);
1435 n = s->io_buffer_size >> 11;
1439 s->packet_transfer_size -= s->io_buffer_size;
1440 if (dma_buf_rw(bm, 1) == 0)
1444 if (s->packet_transfer_size <= 0) {
1445 s->status = READY_STAT | SEEK_STAT;
1446 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
1449 bm->status &= ~BM_STATUS_DMAING;
1450 bm->status |= BM_STATUS_INT;
1457 s->io_buffer_index = 0;
1458 if (s->cd_sector_size == 2352) {
1460 s->io_buffer_size = s->cd_sector_size;
1463 n = s->packet_transfer_size >> 11;
1464 if (n > (IDE_DMA_BUF_SECTORS / 4))
1465 n = (IDE_DMA_BUF_SECTORS / 4);
1466 s->io_buffer_size = n * 2048;
1470 printf("aio_read_cd: lba=%u n=%d\n", s->lba, n);
1472 bm->iov.iov_base = (void *)(s->io_buffer + data_offset);
1473 bm->iov.iov_len = n * 4 * 512;
1474 qemu_iovec_init_external(&bm->qiov, &bm->iov, 1);
1475 bm->aiocb = bdrv_aio_readv(s->bs, (int64_t)s->lba << 2, &bm->qiov,
1476 n * 4, ide_atapi_cmd_read_dma_cb, bm);
1478 /* Note: media not present is the most likely case */
1479 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1480 ASC_MEDIUM_NOT_PRESENT);
1485 /* start a CD-CDROM read command with DMA */
1486 /* XXX: test if DMA is available */
1487 static void ide_atapi_cmd_read_dma(IDEState *s, int lba, int nb_sectors,
1491 s->packet_transfer_size = nb_sectors * sector_size;
1492 s->io_buffer_index = 0;
1493 s->io_buffer_size = 0;
1494 s->cd_sector_size = sector_size;
1496 /* XXX: check if BUSY_STAT should be set */
1497 s->status = READY_STAT | SEEK_STAT | DRQ_STAT | BUSY_STAT;
1498 ide_dma_start(s, ide_atapi_cmd_read_dma_cb);
1501 static void ide_atapi_cmd_read(IDEState *s, int lba, int nb_sectors,
1504 #ifdef DEBUG_IDE_ATAPI
1505 printf("read %s: LBA=%d nb_sectors=%d\n", s->atapi_dma ? "dma" : "pio",
1509 ide_atapi_cmd_read_dma(s, lba, nb_sectors, sector_size);
1511 ide_atapi_cmd_read_pio(s, lba, nb_sectors, sector_size);
1515 static inline uint8_t ide_atapi_set_profile(uint8_t *buf, uint8_t *index,
1518 uint8_t *buf_profile = buf + 12; /* start of profiles */
1520 buf_profile += ((*index) * 4); /* start of indexed profile */
1521 cpu_to_ube16 (buf_profile, profile);
1522 buf_profile[2] = ((buf_profile[0] == buf[6]) && (buf_profile[1] == buf[7]));
1524 /* each profile adds 4 bytes to the response */
1526 buf[11] += 4; /* Additional Length */
1531 static int ide_dvd_read_structure(IDEState *s, int format,
1532 const uint8_t *packet, uint8_t *buf)
1535 case 0x0: /* Physical format information */
1537 int layer = packet[6];
1538 uint64_t total_sectors;
1541 return -ASC_INV_FIELD_IN_CMD_PACKET;
1543 bdrv_get_geometry(s->bs, &total_sectors);
1544 total_sectors >>= 2;
1545 if (total_sectors == 0)
1546 return -ASC_MEDIUM_NOT_PRESENT;
1548 buf[4] = 1; /* DVD-ROM, part version 1 */
1549 buf[5] = 0xf; /* 120mm disc, minimum rate unspecified */
1550 buf[6] = 1; /* one layer, read-only (per MMC-2 spec) */
1551 buf[7] = 0; /* default densities */
1553 /* FIXME: 0x30000 per spec? */
1554 cpu_to_ube32(buf + 8, 0); /* start sector */
1555 cpu_to_ube32(buf + 12, total_sectors - 1); /* end sector */
1556 cpu_to_ube32(buf + 16, total_sectors - 1); /* l0 end sector */
1558 /* Size of buffer, not including 2 byte size field */
1559 cpu_to_be16wu((uint16_t *)buf, 2048 + 2);
1561 /* 2k data + 4 byte header */
1565 case 0x01: /* DVD copyright information */
1566 buf[4] = 0; /* no copyright data */
1567 buf[5] = 0; /* no region restrictions */
1569 /* Size of buffer, not including 2 byte size field */
1570 cpu_to_be16wu((uint16_t *)buf, 4 + 2);
1572 /* 4 byte header + 4 byte data */
1575 case 0x03: /* BCA information - invalid field for no BCA info */
1576 return -ASC_INV_FIELD_IN_CMD_PACKET;
1578 case 0x04: /* DVD disc manufacturing information */
1579 /* Size of buffer, not including 2 byte size field */
1580 cpu_to_be16wu((uint16_t *)buf, 2048 + 2);
1582 /* 2k data + 4 byte header */
1587 * This lists all the command capabilities above. Add new ones
1588 * in order and update the length and buffer return values.
1591 buf[4] = 0x00; /* Physical format */
1592 buf[5] = 0x40; /* Not writable, is readable */
1593 cpu_to_be16wu((uint16_t *)(buf + 6), 2048 + 4);
1595 buf[8] = 0x01; /* Copyright info */
1596 buf[9] = 0x40; /* Not writable, is readable */
1597 cpu_to_be16wu((uint16_t *)(buf + 10), 4 + 4);
1599 buf[12] = 0x03; /* BCA info */
1600 buf[13] = 0x40; /* Not writable, is readable */
1601 cpu_to_be16wu((uint16_t *)(buf + 14), 188 + 4);
1603 buf[16] = 0x04; /* Manufacturing info */
1604 buf[17] = 0x40; /* Not writable, is readable */
1605 cpu_to_be16wu((uint16_t *)(buf + 18), 2048 + 4);
1607 /* Size of buffer, not including 2 byte size field */
1608 cpu_to_be16wu((uint16_t *)buf, 16 + 2);
1610 /* data written + 4 byte header */
1613 default: /* TODO: formats beyond DVD-ROM requires */
1614 return -ASC_INV_FIELD_IN_CMD_PACKET;
1618 static void ide_atapi_cmd(IDEState *s)
1620 const uint8_t *packet;
1624 packet = s->io_buffer;
1626 #ifdef DEBUG_IDE_ATAPI
1629 printf("ATAPI limit=0x%x packet:", s->lcyl | (s->hcyl << 8));
1630 for(i = 0; i < ATAPI_PACKET_SIZE; i++) {
1631 printf(" %02x", packet[i]);
1636 /* If there's a UNIT_ATTENTION condition pending, only
1637 REQUEST_SENSE and INQUIRY commands are allowed to complete. */
1638 if (s->sense_key == SENSE_UNIT_ATTENTION &&
1639 s->io_buffer[0] != GPCMD_REQUEST_SENSE &&
1640 s->io_buffer[0] != GPCMD_INQUIRY) {
1641 ide_atapi_cmd_check_status(s);
1644 switch(s->io_buffer[0]) {
1645 case GPCMD_TEST_UNIT_READY:
1646 if (bdrv_is_inserted(s->bs)) {
1647 ide_atapi_cmd_ok(s);
1649 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1650 ASC_MEDIUM_NOT_PRESENT);
1653 case GPCMD_MODE_SENSE_6:
1654 case GPCMD_MODE_SENSE_10:
1657 if (packet[0] == GPCMD_MODE_SENSE_10)
1658 max_len = ube16_to_cpu(packet + 7);
1660 max_len = packet[4];
1661 action = packet[2] >> 6;
1662 code = packet[2] & 0x3f;
1664 case 0: /* current values */
1666 case 0x01: /* error recovery */
1667 cpu_to_ube16(&buf[0], 16 + 6);
1683 ide_atapi_cmd_reply(s, 16, max_len);
1686 cpu_to_ube16(&buf[0], 28 + 6);
1699 /* Claim PLAY_AUDIO capability (0x01) since some Linux
1700 code checks for this to automount media. */
1703 buf[14] = (1 << 0) | (1 << 3) | (1 << 5);
1704 if (bdrv_is_locked(s->bs))
1707 cpu_to_ube16(&buf[16], 706);
1710 cpu_to_ube16(&buf[20], 512);
1711 cpu_to_ube16(&buf[22], 706);
1716 ide_atapi_cmd_reply(s, 28, max_len);
1722 case 1: /* changeable values */
1724 case 2: /* default values */
1727 case 3: /* saved values */
1728 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1729 ASC_SAVING_PARAMETERS_NOT_SUPPORTED);
1734 case GPCMD_REQUEST_SENSE:
1735 max_len = packet[4];
1737 buf[0] = 0x70 | (1 << 7);
1738 buf[2] = s->sense_key;
1741 if (s->sense_key == SENSE_UNIT_ATTENTION)
1742 s->sense_key = SENSE_NONE;
1743 ide_atapi_cmd_reply(s, 18, max_len);
1745 case GPCMD_PREVENT_ALLOW_MEDIUM_REMOVAL:
1746 if (bdrv_is_inserted(s->bs)) {
1747 bdrv_set_locked(s->bs, packet[4] & 1);
1748 ide_atapi_cmd_ok(s);
1750 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1751 ASC_MEDIUM_NOT_PRESENT);
1757 int nb_sectors, lba;
1759 if (packet[0] == GPCMD_READ_10)
1760 nb_sectors = ube16_to_cpu(packet + 7);
1762 nb_sectors = ube32_to_cpu(packet + 6);
1763 lba = ube32_to_cpu(packet + 2);
1764 if (nb_sectors == 0) {
1765 ide_atapi_cmd_ok(s);
1768 ide_atapi_cmd_read(s, lba, nb_sectors, 2048);
1773 int nb_sectors, lba, transfer_request;
1775 nb_sectors = (packet[6] << 16) | (packet[7] << 8) | packet[8];
1776 lba = ube32_to_cpu(packet + 2);
1777 if (nb_sectors == 0) {
1778 ide_atapi_cmd_ok(s);
1781 transfer_request = packet[9];
1782 switch(transfer_request & 0xf8) {
1785 ide_atapi_cmd_ok(s);
1789 ide_atapi_cmd_read(s, lba, nb_sectors, 2048);
1793 ide_atapi_cmd_read(s, lba, nb_sectors, 2352);
1796 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1797 ASC_INV_FIELD_IN_CMD_PACKET);
1805 uint64_t total_sectors;
1807 bdrv_get_geometry(s->bs, &total_sectors);
1808 total_sectors >>= 2;
1809 if (total_sectors == 0) {
1810 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1811 ASC_MEDIUM_NOT_PRESENT);
1814 lba = ube32_to_cpu(packet + 2);
1815 if (lba >= total_sectors) {
1816 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1817 ASC_LOGICAL_BLOCK_OOR);
1820 ide_atapi_cmd_ok(s);
1823 case GPCMD_START_STOP_UNIT:
1826 start = packet[4] & 1;
1827 eject = (packet[4] >> 1) & 1;
1829 if (eject && !start) {
1830 /* eject the disk */
1831 bdrv_eject(s->bs, 1);
1832 } else if (eject && start) {
1833 /* close the tray */
1834 bdrv_eject(s->bs, 0);
1836 ide_atapi_cmd_ok(s);
1839 case GPCMD_MECHANISM_STATUS:
1841 max_len = ube16_to_cpu(packet + 8);
1842 cpu_to_ube16(buf, 0);
1843 /* no current LBA */
1848 cpu_to_ube16(buf + 6, 0);
1849 ide_atapi_cmd_reply(s, 8, max_len);
1852 case GPCMD_READ_TOC_PMA_ATIP:
1854 int format, msf, start_track, len;
1855 uint64_t total_sectors;
1857 bdrv_get_geometry(s->bs, &total_sectors);
1858 total_sectors >>= 2;
1859 if (total_sectors == 0) {
1860 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1861 ASC_MEDIUM_NOT_PRESENT);
1864 max_len = ube16_to_cpu(packet + 7);
1865 format = packet[9] >> 6;
1866 msf = (packet[1] >> 1) & 1;
1867 start_track = packet[6];
1870 len = cdrom_read_toc(total_sectors, buf, msf, start_track);
1873 ide_atapi_cmd_reply(s, len, max_len);
1876 /* multi session : only a single session defined */
1881 ide_atapi_cmd_reply(s, 12, max_len);
1884 len = cdrom_read_toc_raw(total_sectors, buf, msf, start_track);
1887 ide_atapi_cmd_reply(s, len, max_len);
1891 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1892 ASC_INV_FIELD_IN_CMD_PACKET);
1897 case GPCMD_READ_CDVD_CAPACITY:
1899 uint64_t total_sectors;
1901 bdrv_get_geometry(s->bs, &total_sectors);
1902 total_sectors >>= 2;
1903 if (total_sectors == 0) {
1904 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1905 ASC_MEDIUM_NOT_PRESENT);
1908 /* NOTE: it is really the number of sectors minus 1 */
1909 cpu_to_ube32(buf, total_sectors - 1);
1910 cpu_to_ube32(buf + 4, 2048);
1911 ide_atapi_cmd_reply(s, 8, 8);
1914 case GPCMD_READ_DVD_STRUCTURE:
1916 int media = packet[1];
1917 int format = packet[7];
1920 max_len = ube16_to_cpu(packet + 8);
1922 if (format < 0xff) {
1923 if (media_is_cd(s)) {
1924 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1925 ASC_INCOMPATIBLE_FORMAT);
1927 } else if (!media_present(s)) {
1928 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1929 ASC_INV_FIELD_IN_CMD_PACKET);
1934 memset(buf, 0, max_len > IDE_DMA_BUF_SECTORS * 512 + 4 ?
1935 IDE_DMA_BUF_SECTORS * 512 + 4 : max_len);
1941 ret = ide_dvd_read_structure(s, format, packet, buf);
1944 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST, -ret);
1946 ide_atapi_cmd_reply(s, ret, max_len);
1950 /* TODO: BD support, fall through for now */
1952 /* Generic disk structures */
1953 case 0x80: /* TODO: AACS volume identifier */
1954 case 0x81: /* TODO: AACS media serial number */
1955 case 0x82: /* TODO: AACS media identifier */
1956 case 0x83: /* TODO: AACS media key block */
1957 case 0x90: /* TODO: List of recognized format layers */
1958 case 0xc0: /* TODO: Write protection status */
1960 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1961 ASC_INV_FIELD_IN_CMD_PACKET);
1966 case GPCMD_SET_SPEED:
1967 ide_atapi_cmd_ok(s);
1970 max_len = packet[4];
1971 buf[0] = 0x05; /* CD-ROM */
1972 buf[1] = 0x80; /* removable */
1973 buf[2] = 0x00; /* ISO */
1974 buf[3] = 0x21; /* ATAPI-2 (XXX: put ATAPI-4 ?) */
1975 buf[4] = 31; /* additional length */
1976 buf[5] = 0; /* reserved */
1977 buf[6] = 0; /* reserved */
1978 buf[7] = 0; /* reserved */
1979 padstr8(buf + 8, 8, "QEMU");
1980 padstr8(buf + 16, 16, "QEMU DVD-ROM");
1981 padstr8(buf + 32, 4, QEMU_VERSION);
1982 ide_atapi_cmd_reply(s, 36, max_len);
1984 case GPCMD_GET_CONFIGURATION:
1989 /* only feature 0 is supported */
1990 if (packet[2] != 0 || packet[3] != 0) {
1991 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1992 ASC_INV_FIELD_IN_CMD_PACKET);
1996 /* XXX: could result in alignment problems in some architectures */
1997 max_len = ube16_to_cpu(packet + 7);
2000 * XXX: avoid overflow for io_buffer if max_len is bigger than
2001 * the size of that buffer (dimensioned to max number of
2002 * sectors to transfer at once)
2004 * Only a problem if the feature/profiles grow.
2006 if (max_len > 512) /* XXX: assume 1 sector */
2009 memset(buf, 0, max_len);
2011 * the number of sectors from the media tells us which profile
2012 * to use as current. 0 means there is no media
2014 if (media_is_dvd(s))
2015 cpu_to_ube16(buf + 6, MMC_PROFILE_DVD_ROM);
2016 else if (media_is_cd(s))
2017 cpu_to_ube16(buf + 6, MMC_PROFILE_CD_ROM);
2019 buf[10] = 0x02 | 0x01; /* persistent and current */
2020 len = 12; /* headers: 8 + 4 */
2021 len += ide_atapi_set_profile(buf, &index, MMC_PROFILE_DVD_ROM);
2022 len += ide_atapi_set_profile(buf, &index, MMC_PROFILE_CD_ROM);
2023 cpu_to_ube32(buf, len - 4); /* data length */
2025 ide_atapi_cmd_reply(s, len, max_len);
2029 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
2030 ASC_ILLEGAL_OPCODE);
2035 static void ide_cfata_metadata_inquiry(IDEState *s)
2040 p = (uint16_t *) s->io_buffer;
2041 memset(p, 0, 0x200);
2042 spd = ((s->mdata_size - 1) >> 9) + 1;
2044 put_le16(p + 0, 0x0001); /* Data format revision */
2045 put_le16(p + 1, 0x0000); /* Media property: silicon */
2046 put_le16(p + 2, s->media_changed); /* Media status */
2047 put_le16(p + 3, s->mdata_size & 0xffff); /* Capacity in bytes (low) */
2048 put_le16(p + 4, s->mdata_size >> 16); /* Capacity in bytes (high) */
2049 put_le16(p + 5, spd & 0xffff); /* Sectors per device (low) */
2050 put_le16(p + 6, spd >> 16); /* Sectors per device (high) */
2053 static void ide_cfata_metadata_read(IDEState *s)
2057 if (((s->hcyl << 16) | s->lcyl) << 9 > s->mdata_size + 2) {
2058 s->status = ERR_STAT;
2059 s->error = ABRT_ERR;
2063 p = (uint16_t *) s->io_buffer;
2064 memset(p, 0, 0x200);
2066 put_le16(p + 0, s->media_changed); /* Media status */
2067 memcpy(p + 1, s->mdata_storage + (((s->hcyl << 16) | s->lcyl) << 9),
2068 MIN(MIN(s->mdata_size - (((s->hcyl << 16) | s->lcyl) << 9),
2069 s->nsector << 9), 0x200 - 2));
2072 static void ide_cfata_metadata_write(IDEState *s)
2074 if (((s->hcyl << 16) | s->lcyl) << 9 > s->mdata_size + 2) {
2075 s->status = ERR_STAT;
2076 s->error = ABRT_ERR;
2080 s->media_changed = 0;
2082 memcpy(s->mdata_storage + (((s->hcyl << 16) | s->lcyl) << 9),
2084 MIN(MIN(s->mdata_size - (((s->hcyl << 16) | s->lcyl) << 9),
2085 s->nsector << 9), 0x200 - 2));
2088 /* called when the inserted state of the media has changed */
2089 static void cdrom_change_cb(void *opaque)
2091 IDEState *s = opaque;
2092 uint64_t nb_sectors;
2094 bdrv_get_geometry(s->bs, &nb_sectors);
2095 s->nb_sectors = nb_sectors;
2097 s->sense_key = SENSE_UNIT_ATTENTION;
2098 s->asc = ASC_MEDIUM_MAY_HAVE_CHANGED;
2103 static void ide_cmd_lba48_transform(IDEState *s, int lba48)
2107 /* handle the 'magic' 0 nsector count conversion here. to avoid
2108 * fiddling with the rest of the read logic, we just store the
2109 * full sector count in ->nsector and ignore ->hob_nsector from now
2115 if (!s->nsector && !s->hob_nsector)
2118 int lo = s->nsector;
2119 int hi = s->hob_nsector;
2121 s->nsector = (hi << 8) | lo;
2126 static void ide_clear_hob(IDEState *ide_if)
2128 /* any write clears HOB high bit of device control register */
2129 ide_if[0].select &= ~(1 << 7);
2130 ide_if[1].select &= ~(1 << 7);
2133 static void ide_ioport_write(void *opaque, uint32_t addr, uint32_t val)
2135 IDEState *ide_if = opaque;
2141 printf("IDE: write addr=0x%x val=0x%02x\n", addr, val);
2146 /* ignore writes to command block while busy with previous command */
2147 if (addr != 7 && (ide_if->cur_drive->status & (BUSY_STAT|DRQ_STAT)))
2154 ide_clear_hob(ide_if);
2155 /* NOTE: data is written to the two drives */
2156 ide_if[0].hob_feature = ide_if[0].feature;
2157 ide_if[1].hob_feature = ide_if[1].feature;
2158 ide_if[0].feature = val;
2159 ide_if[1].feature = val;
2162 ide_clear_hob(ide_if);
2163 ide_if[0].hob_nsector = ide_if[0].nsector;
2164 ide_if[1].hob_nsector = ide_if[1].nsector;
2165 ide_if[0].nsector = val;
2166 ide_if[1].nsector = val;
2169 ide_clear_hob(ide_if);
2170 ide_if[0].hob_sector = ide_if[0].sector;
2171 ide_if[1].hob_sector = ide_if[1].sector;
2172 ide_if[0].sector = val;
2173 ide_if[1].sector = val;
2176 ide_clear_hob(ide_if);
2177 ide_if[0].hob_lcyl = ide_if[0].lcyl;
2178 ide_if[1].hob_lcyl = ide_if[1].lcyl;
2179 ide_if[0].lcyl = val;
2180 ide_if[1].lcyl = val;
2183 ide_clear_hob(ide_if);
2184 ide_if[0].hob_hcyl = ide_if[0].hcyl;
2185 ide_if[1].hob_hcyl = ide_if[1].hcyl;
2186 ide_if[0].hcyl = val;
2187 ide_if[1].hcyl = val;
2190 /* FIXME: HOB readback uses bit 7 */
2191 ide_if[0].select = (val & ~0x10) | 0xa0;
2192 ide_if[1].select = (val | 0x10) | 0xa0;
2194 unit = (val >> 4) & 1;
2196 ide_if->cur_drive = s;
2201 #if defined(DEBUG_IDE)
2202 printf("ide: CMD=%02x\n", val);
2204 s = ide_if->cur_drive;
2205 /* ignore commands to non existant slave */
2206 if (s != ide_if && !s->bs)
2209 /* Only DEVICE RESET is allowed while BSY or/and DRQ are set */
2210 if ((s->status & (BUSY_STAT|DRQ_STAT)) && val != WIN_DEVICE_RESET)
2215 if (s->bs && !s->is_cdrom) {
2219 ide_cfata_identify(s);
2220 s->status = READY_STAT | SEEK_STAT;
2221 ide_transfer_start(s, s->io_buffer, 512, ide_transfer_stop);
2224 ide_set_signature(s);
2226 ide_abort_command(s);
2233 s->status = READY_STAT | SEEK_STAT;
2237 if (s->is_cf && s->nsector == 0) {
2238 /* Disable Read and Write Multiple */
2239 s->mult_sectors = 0;
2240 s->status = READY_STAT | SEEK_STAT;
2241 } else if ((s->nsector & 0xff) != 0 &&
2242 ((s->nsector & 0xff) > MAX_MULT_SECTORS ||
2243 (s->nsector & (s->nsector - 1)) != 0)) {
2244 ide_abort_command(s);
2246 s->mult_sectors = s->nsector & 0xff;
2247 s->status = READY_STAT | SEEK_STAT;
2251 case WIN_VERIFY_EXT:
2254 case WIN_VERIFY_ONCE:
2255 /* do sector number check ? */
2256 ide_cmd_lba48_transform(s, lba48);
2257 s->status = READY_STAT | SEEK_STAT;
2266 ide_cmd_lba48_transform(s, lba48);
2267 s->req_nb_sectors = 1;
2273 case WIN_WRITE_ONCE:
2274 case CFA_WRITE_SECT_WO_ERASE:
2275 case WIN_WRITE_VERIFY:
2276 ide_cmd_lba48_transform(s, lba48);
2278 s->status = SEEK_STAT | READY_STAT;
2279 s->req_nb_sectors = 1;
2280 ide_transfer_start(s, s->io_buffer, 512, ide_sector_write);
2281 s->media_changed = 1;
2283 case WIN_MULTREAD_EXT:
2286 if (!s->mult_sectors)
2288 ide_cmd_lba48_transform(s, lba48);
2289 s->req_nb_sectors = s->mult_sectors;
2292 case WIN_MULTWRITE_EXT:
2295 case CFA_WRITE_MULTI_WO_ERASE:
2296 if (!s->mult_sectors)
2298 ide_cmd_lba48_transform(s, lba48);
2300 s->status = SEEK_STAT | READY_STAT;
2301 s->req_nb_sectors = s->mult_sectors;
2303 if (n > s->req_nb_sectors)
2304 n = s->req_nb_sectors;
2305 ide_transfer_start(s, s->io_buffer, 512 * n, ide_sector_write);
2306 s->media_changed = 1;
2308 case WIN_READDMA_EXT:
2311 case WIN_READDMA_ONCE:
2314 ide_cmd_lba48_transform(s, lba48);
2315 ide_sector_read_dma(s);
2317 case WIN_WRITEDMA_EXT:
2320 case WIN_WRITEDMA_ONCE:
2323 ide_cmd_lba48_transform(s, lba48);
2324 ide_sector_write_dma(s);
2325 s->media_changed = 1;
2327 case WIN_READ_NATIVE_MAX_EXT:
2329 case WIN_READ_NATIVE_MAX:
2330 ide_cmd_lba48_transform(s, lba48);
2331 ide_set_sector(s, s->nb_sectors - 1);
2332 s->status = READY_STAT | SEEK_STAT;
2335 case WIN_CHECKPOWERMODE1:
2336 case WIN_CHECKPOWERMODE2:
2337 s->nsector = 0xff; /* device active or idle */
2338 s->status = READY_STAT | SEEK_STAT;
2341 case WIN_SETFEATURES:
2344 /* XXX: valid for CDROM ? */
2345 switch(s->feature) {
2346 case 0xcc: /* reverting to power-on defaults enable */
2347 case 0x66: /* reverting to power-on defaults disable */
2348 case 0x02: /* write cache enable */
2349 case 0x82: /* write cache disable */
2350 case 0xaa: /* read look-ahead enable */
2351 case 0x55: /* read look-ahead disable */
2352 case 0x05: /* set advanced power management mode */
2353 case 0x85: /* disable advanced power management mode */
2354 case 0x69: /* NOP */
2355 case 0x67: /* NOP */
2356 case 0x96: /* NOP */
2357 case 0x9a: /* NOP */
2358 case 0x42: /* enable Automatic Acoustic Mode */
2359 case 0xc2: /* disable Automatic Acoustic Mode */
2360 s->status = READY_STAT | SEEK_STAT;
2363 case 0x03: { /* set transfer mode */
2364 uint8_t val = s->nsector & 0x07;
2366 switch (s->nsector >> 3) {
2367 case 0x00: /* pio default */
2368 case 0x01: /* pio mode */
2369 put_le16(s->identify_data + 62,0x07);
2370 put_le16(s->identify_data + 63,0x07);
2371 put_le16(s->identify_data + 88,0x3f);
2373 case 0x02: /* sigle word dma mode*/
2374 put_le16(s->identify_data + 62,0x07 | (1 << (val + 8)));
2375 put_le16(s->identify_data + 63,0x07);
2376 put_le16(s->identify_data + 88,0x3f);
2378 case 0x04: /* mdma mode */
2379 put_le16(s->identify_data + 62,0x07);
2380 put_le16(s->identify_data + 63,0x07 | (1 << (val + 8)));
2381 put_le16(s->identify_data + 88,0x3f);
2383 case 0x08: /* udma mode */
2384 put_le16(s->identify_data + 62,0x07);
2385 put_le16(s->identify_data + 63,0x07);
2386 put_le16(s->identify_data + 88,0x3f | (1 << (val + 8)));
2391 s->status = READY_STAT | SEEK_STAT;
2399 case WIN_FLUSH_CACHE:
2400 case WIN_FLUSH_CACHE_EXT:
2403 s->status = READY_STAT | SEEK_STAT;
2408 case WIN_STANDBYNOW1:
2409 case WIN_STANDBYNOW2:
2410 case WIN_IDLEIMMEDIATE:
2411 case CFA_IDLEIMMEDIATE:
2416 s->status = READY_STAT;
2422 /* XXX: Check that seek is within bounds */
2423 s->status = READY_STAT | SEEK_STAT;
2426 /* ATAPI commands */
2429 ide_atapi_identify(s);
2430 s->status = READY_STAT | SEEK_STAT;
2431 ide_transfer_start(s, s->io_buffer, 512, ide_transfer_stop);
2433 ide_abort_command(s);
2438 ide_set_signature(s);
2440 s->status = 0; /* ATAPI spec (v6) section 9.10 defines packet
2441 * devices to return a clear status register
2442 * with READY_STAT *not* set. */
2444 s->status = READY_STAT | SEEK_STAT;
2445 s->error = 0x01; /* Device 0 passed, Device 1 passed or not
2453 ide_set_signature(s);
2454 s->status = 0x00; /* NOTE: READY is _not_ set */
2460 /* overlapping commands not supported */
2461 if (s->feature & 0x02)
2463 s->status = READY_STAT | SEEK_STAT;
2464 s->atapi_dma = s->feature & 1;
2466 ide_transfer_start(s, s->io_buffer, ATAPI_PACKET_SIZE,
2469 /* CF-ATA commands */
2470 case CFA_REQ_EXT_ERROR_CODE:
2473 s->error = 0x09; /* miscellaneous error */
2474 s->status = READY_STAT | SEEK_STAT;
2477 case CFA_ERASE_SECTORS:
2478 case CFA_WEAR_LEVEL:
2481 if (val == CFA_WEAR_LEVEL)
2483 if (val == CFA_ERASE_SECTORS)
2484 s->media_changed = 1;
2486 s->status = READY_STAT | SEEK_STAT;
2489 case CFA_TRANSLATE_SECTOR:
2493 s->status = READY_STAT | SEEK_STAT;
2494 memset(s->io_buffer, 0, 0x200);
2495 s->io_buffer[0x00] = s->hcyl; /* Cyl MSB */
2496 s->io_buffer[0x01] = s->lcyl; /* Cyl LSB */
2497 s->io_buffer[0x02] = s->select; /* Head */
2498 s->io_buffer[0x03] = s->sector; /* Sector */
2499 s->io_buffer[0x04] = ide_get_sector(s) >> 16; /* LBA MSB */
2500 s->io_buffer[0x05] = ide_get_sector(s) >> 8; /* LBA */
2501 s->io_buffer[0x06] = ide_get_sector(s) >> 0; /* LBA LSB */
2502 s->io_buffer[0x13] = 0x00; /* Erase flag */
2503 s->io_buffer[0x18] = 0x00; /* Hot count */
2504 s->io_buffer[0x19] = 0x00; /* Hot count */
2505 s->io_buffer[0x1a] = 0x01; /* Hot count */
2506 ide_transfer_start(s, s->io_buffer, 0x200, ide_transfer_stop);
2509 case CFA_ACCESS_METADATA_STORAGE:
2512 switch (s->feature) {
2513 case 0x02: /* Inquiry Metadata Storage */
2514 ide_cfata_metadata_inquiry(s);
2516 case 0x03: /* Read Metadata Storage */
2517 ide_cfata_metadata_read(s);
2519 case 0x04: /* Write Metadata Storage */
2520 ide_cfata_metadata_write(s);
2525 ide_transfer_start(s, s->io_buffer, 0x200, ide_transfer_stop);
2526 s->status = 0x00; /* NOTE: READY is _not_ set */
2529 case IBM_SENSE_CONDITION:
2532 switch (s->feature) {
2533 case 0x01: /* sense temperature in device */
2534 s->nsector = 0x50; /* +20 C */
2539 s->status = READY_STAT | SEEK_STAT;
2544 ide_abort_command(s);
2551 static uint32_t ide_ioport_read(void *opaque, uint32_t addr1)
2553 IDEState *ide_if = opaque;
2554 IDEState *s = ide_if->cur_drive;
2559 /* FIXME: HOB readback uses bit 7, but it's always set right now */
2560 //hob = s->select & (1 << 7);
2567 if ((!ide_if[0].bs && !ide_if[1].bs) ||
2568 (s != ide_if && !s->bs))
2573 ret = s->hob_feature;
2576 if (!ide_if[0].bs && !ide_if[1].bs)
2579 ret = s->nsector & 0xff;
2581 ret = s->hob_nsector;
2584 if (!ide_if[0].bs && !ide_if[1].bs)
2589 ret = s->hob_sector;
2592 if (!ide_if[0].bs && !ide_if[1].bs)
2600 if (!ide_if[0].bs && !ide_if[1].bs)
2608 if (!ide_if[0].bs && !ide_if[1].bs)
2615 if ((!ide_if[0].bs && !ide_if[1].bs) ||
2616 (s != ide_if && !s->bs))
2620 qemu_irq_lower(s->irq);
2624 printf("ide: read addr=0x%x val=%02x\n", addr1, ret);
2629 static uint32_t ide_status_read(void *opaque, uint32_t addr)
2631 IDEState *ide_if = opaque;
2632 IDEState *s = ide_if->cur_drive;
2635 if ((!ide_if[0].bs && !ide_if[1].bs) ||
2636 (s != ide_if && !s->bs))
2641 printf("ide: read status addr=0x%x val=%02x\n", addr, ret);
2646 static void ide_cmd_write(void *opaque, uint32_t addr, uint32_t val)
2648 IDEState *ide_if = opaque;
2653 printf("ide: write control addr=0x%x val=%02x\n", addr, val);
2655 /* common for both drives */
2656 if (!(ide_if[0].cmd & IDE_CMD_RESET) &&
2657 (val & IDE_CMD_RESET)) {
2658 /* reset low to high */
2659 for(i = 0;i < 2; i++) {
2661 s->status = BUSY_STAT | SEEK_STAT;
2664 } else if ((ide_if[0].cmd & IDE_CMD_RESET) &&
2665 !(val & IDE_CMD_RESET)) {
2667 for(i = 0;i < 2; i++) {
2670 s->status = 0x00; /* NOTE: READY is _not_ set */
2672 s->status = READY_STAT | SEEK_STAT;
2673 ide_set_signature(s);
2677 ide_if[0].cmd = val;
2678 ide_if[1].cmd = val;
2681 static void ide_data_writew(void *opaque, uint32_t addr, uint32_t val)
2683 IDEState *s = ((IDEState *)opaque)->cur_drive;
2686 /* PIO data access allowed only when DRQ bit is set */
2687 if (!(s->status & DRQ_STAT))
2691 *(uint16_t *)p = le16_to_cpu(val);
2694 if (p >= s->data_end)
2695 s->end_transfer_func(s);
2698 static uint32_t ide_data_readw(void *opaque, uint32_t addr)
2700 IDEState *s = ((IDEState *)opaque)->cur_drive;
2704 /* PIO data access allowed only when DRQ bit is set */
2705 if (!(s->status & DRQ_STAT))
2709 ret = cpu_to_le16(*(uint16_t *)p);
2712 if (p >= s->data_end)
2713 s->end_transfer_func(s);
2717 static void ide_data_writel(void *opaque, uint32_t addr, uint32_t val)
2719 IDEState *s = ((IDEState *)opaque)->cur_drive;
2722 /* PIO data access allowed only when DRQ bit is set */
2723 if (!(s->status & DRQ_STAT))
2727 *(uint32_t *)p = le32_to_cpu(val);
2730 if (p >= s->data_end)
2731 s->end_transfer_func(s);
2734 static uint32_t ide_data_readl(void *opaque, uint32_t addr)
2736 IDEState *s = ((IDEState *)opaque)->cur_drive;
2740 /* PIO data access allowed only when DRQ bit is set */
2741 if (!(s->status & DRQ_STAT))
2745 ret = cpu_to_le32(*(uint32_t *)p);
2748 if (p >= s->data_end)
2749 s->end_transfer_func(s);
2753 static void ide_dummy_transfer_stop(IDEState *s)
2755 s->data_ptr = s->io_buffer;
2756 s->data_end = s->io_buffer;
2757 s->io_buffer[0] = 0xff;
2758 s->io_buffer[1] = 0xff;
2759 s->io_buffer[2] = 0xff;
2760 s->io_buffer[3] = 0xff;
2763 static void ide_reset(IDEState *s)
2766 s->mult_sectors = 0;
2768 s->mult_sectors = MAX_MULT_SECTORS;
2771 s->status = READY_STAT | SEEK_STAT;
2772 ide_set_signature(s);
2773 /* init the transfer handler so that 0xffff is returned on data
2775 s->end_transfer_func = ide_dummy_transfer_stop;
2776 ide_dummy_transfer_stop(s);
2777 s->media_changed = 0;
2780 static void ide_init2(IDEState *ide_state,
2781 BlockDriverState *hd0, BlockDriverState *hd1,
2785 static int drive_serial = 1;
2786 int i, cylinders, heads, secs;
2787 uint64_t nb_sectors;
2789 for(i = 0; i < 2; i++) {
2795 s->io_buffer = qemu_blockalign(s->bs, IDE_DMA_BUF_SECTORS*512 + 4);
2797 bdrv_get_geometry(s->bs, &nb_sectors);
2798 bdrv_guess_geometry(s->bs, &cylinders, &heads, &secs);
2799 s->cylinders = cylinders;
2802 s->nb_sectors = nb_sectors;
2804 if (bdrv_get_type_hint(s->bs) == BDRV_TYPE_CDROM) {
2806 bdrv_set_change_cb(s->bs, cdrom_change_cb, s);
2809 s->drive_serial = drive_serial++;
2810 strncpy(s->drive_serial_str, drive_get_serial(s->bs),
2811 sizeof(s->drive_serial_str));
2812 if (strlen(s->drive_serial_str) == 0)
2813 snprintf(s->drive_serial_str, sizeof(s->drive_serial_str),
2814 "QM%05d", s->drive_serial);
2816 s->sector_write_timer = qemu_new_timer(vm_clock,
2817 ide_sector_write_timer_cb, s);
2822 static void ide_init_ioport(IDEState *ide_state, int iobase, int iobase2)
2824 register_ioport_write(iobase, 8, 1, ide_ioport_write, ide_state);
2825 register_ioport_read(iobase, 8, 1, ide_ioport_read, ide_state);
2827 register_ioport_read(iobase2, 1, 1, ide_status_read, ide_state);
2828 register_ioport_write(iobase2, 1, 1, ide_cmd_write, ide_state);
2832 register_ioport_write(iobase, 2, 2, ide_data_writew, ide_state);
2833 register_ioport_read(iobase, 2, 2, ide_data_readw, ide_state);
2834 register_ioport_write(iobase, 4, 4, ide_data_writel, ide_state);
2835 register_ioport_read(iobase, 4, 4, ide_data_readl, ide_state);
2838 /* save per IDE drive data */
2839 static void ide_save(QEMUFile* f, IDEState *s)
2841 qemu_put_be32(f, s->mult_sectors);
2842 qemu_put_be32(f, s->identify_set);
2843 if (s->identify_set) {
2844 qemu_put_buffer(f, (const uint8_t *)s->identify_data, 512);
2846 qemu_put_8s(f, &s->feature);
2847 qemu_put_8s(f, &s->error);
2848 qemu_put_be32s(f, &s->nsector);
2849 qemu_put_8s(f, &s->sector);
2850 qemu_put_8s(f, &s->lcyl);
2851 qemu_put_8s(f, &s->hcyl);
2852 qemu_put_8s(f, &s->hob_feature);
2853 qemu_put_8s(f, &s->hob_nsector);
2854 qemu_put_8s(f, &s->hob_sector);
2855 qemu_put_8s(f, &s->hob_lcyl);
2856 qemu_put_8s(f, &s->hob_hcyl);
2857 qemu_put_8s(f, &s->select);
2858 qemu_put_8s(f, &s->status);
2859 qemu_put_8s(f, &s->lba48);
2861 qemu_put_8s(f, &s->sense_key);
2862 qemu_put_8s(f, &s->asc);
2863 /* XXX: if a transfer is pending, we do not save it yet */
2866 /* load per IDE drive data */
2867 static void ide_load(QEMUFile* f, IDEState *s)
2869 s->mult_sectors=qemu_get_be32(f);
2870 s->identify_set=qemu_get_be32(f);
2871 if (s->identify_set) {
2872 qemu_get_buffer(f, (uint8_t *)s->identify_data, 512);
2874 qemu_get_8s(f, &s->feature);
2875 qemu_get_8s(f, &s->error);
2876 qemu_get_be32s(f, &s->nsector);
2877 qemu_get_8s(f, &s->sector);
2878 qemu_get_8s(f, &s->lcyl);
2879 qemu_get_8s(f, &s->hcyl);
2880 qemu_get_8s(f, &s->hob_feature);
2881 qemu_get_8s(f, &s->hob_nsector);
2882 qemu_get_8s(f, &s->hob_sector);
2883 qemu_get_8s(f, &s->hob_lcyl);
2884 qemu_get_8s(f, &s->hob_hcyl);
2885 qemu_get_8s(f, &s->select);
2886 qemu_get_8s(f, &s->status);
2887 qemu_get_8s(f, &s->lba48);
2889 qemu_get_8s(f, &s->sense_key);
2890 qemu_get_8s(f, &s->asc);
2891 /* XXX: if a transfer is pending, we do not save it yet */
2894 /***********************************************************/
2895 /* ISA IDE definitions */
2897 void isa_ide_init(int iobase, int iobase2, qemu_irq irq,
2898 BlockDriverState *hd0, BlockDriverState *hd1)
2900 IDEState *ide_state;
2902 ide_state = qemu_mallocz(sizeof(IDEState) * 2);
2904 ide_init2(ide_state, hd0, hd1, irq);
2905 ide_init_ioport(ide_state, iobase, iobase2);
2908 /***********************************************************/
2909 /* PCI IDE definitions */
2911 static void cmd646_update_irq(PCIIDEState *d);
2913 static void ide_map(PCIDevice *pci_dev, int region_num,
2914 uint32_t addr, uint32_t size, int type)
2916 PCIIDEState *d = (PCIIDEState *)pci_dev;
2917 IDEState *ide_state;
2919 if (region_num <= 3) {
2920 ide_state = &d->ide_if[(region_num >> 1) * 2];
2921 if (region_num & 1) {
2922 register_ioport_read(addr + 2, 1, 1, ide_status_read, ide_state);
2923 register_ioport_write(addr + 2, 1, 1, ide_cmd_write, ide_state);
2925 register_ioport_write(addr, 8, 1, ide_ioport_write, ide_state);
2926 register_ioport_read(addr, 8, 1, ide_ioport_read, ide_state);
2929 register_ioport_write(addr, 2, 2, ide_data_writew, ide_state);
2930 register_ioport_read(addr, 2, 2, ide_data_readw, ide_state);
2931 register_ioport_write(addr, 4, 4, ide_data_writel, ide_state);
2932 register_ioport_read(addr, 4, 4, ide_data_readl, ide_state);
2937 static void ide_dma_start(IDEState *s, BlockDriverCompletionFunc *dma_cb)
2939 BMDMAState *bm = s->bmdma;
2943 bm->dma_cb = dma_cb;
2944 bm->cur_prd_last = 0;
2945 bm->cur_prd_addr = 0;
2946 bm->cur_prd_len = 0;
2947 bm->sector_num = ide_get_sector(s);
2948 bm->nsector = s->nsector;
2949 if (bm->status & BM_STATUS_DMAING) {
2954 static void ide_dma_restart(IDEState *s)
2956 BMDMAState *bm = s->bmdma;
2957 ide_set_sector(s, bm->sector_num);
2958 s->io_buffer_index = 0;
2959 s->io_buffer_size = 0;
2960 s->nsector = bm->nsector;
2961 bm->cur_addr = bm->addr;
2962 bm->dma_cb = ide_write_dma_cb;
2963 ide_dma_start(s, bm->dma_cb);
2966 static void ide_dma_cancel(BMDMAState *bm)
2968 if (bm->status & BM_STATUS_DMAING) {
2969 bm->status &= ~BM_STATUS_DMAING;
2970 /* cancel DMA request */
2975 printf("aio_cancel\n");
2977 bdrv_aio_cancel(bm->aiocb);
2983 static void bmdma_cmd_writeb(void *opaque, uint32_t addr, uint32_t val)
2985 BMDMAState *bm = opaque;
2987 printf("%s: 0x%08x\n", __func__, val);
2989 if (!(val & BM_CMD_START)) {
2990 /* XXX: do it better */
2992 bm->cmd = val & 0x09;
2994 if (!(bm->status & BM_STATUS_DMAING)) {
2995 bm->status |= BM_STATUS_DMAING;
2996 /* start dma transfer if possible */
3000 bm->cmd = val & 0x09;
3004 static uint32_t bmdma_readb(void *opaque, uint32_t addr)
3006 BMDMAState *bm = opaque;
3007 PCIIDEState *pci_dev;
3015 pci_dev = bm->pci_dev;
3016 if (pci_dev->type == IDE_TYPE_CMD646) {
3017 val = pci_dev->dev.config[MRDMODE];
3026 pci_dev = bm->pci_dev;
3027 if (pci_dev->type == IDE_TYPE_CMD646) {
3028 if (bm == &pci_dev->bmdma[0])
3029 val = pci_dev->dev.config[UDIDETCR0];
3031 val = pci_dev->dev.config[UDIDETCR1];
3041 printf("bmdma: readb 0x%02x : 0x%02x\n", addr, val);
3046 static void bmdma_writeb(void *opaque, uint32_t addr, uint32_t val)
3048 BMDMAState *bm = opaque;
3049 PCIIDEState *pci_dev;
3051 printf("bmdma: writeb 0x%02x : 0x%02x\n", addr, val);
3055 pci_dev = bm->pci_dev;
3056 if (pci_dev->type == IDE_TYPE_CMD646) {
3057 pci_dev->dev.config[MRDMODE] =
3058 (pci_dev->dev.config[MRDMODE] & ~0x30) | (val & 0x30);
3059 cmd646_update_irq(pci_dev);
3063 bm->status = (val & 0x60) | (bm->status & 1) | (bm->status & ~val & 0x06);
3066 pci_dev = bm->pci_dev;
3067 if (pci_dev->type == IDE_TYPE_CMD646) {
3068 if (bm == &pci_dev->bmdma[0])
3069 pci_dev->dev.config[UDIDETCR0] = val;
3071 pci_dev->dev.config[UDIDETCR1] = val;
3077 static uint32_t bmdma_addr_readb(void *opaque, uint32_t addr)
3079 BMDMAState *bm = opaque;
3081 val = (bm->addr >> ((addr & 3) * 8)) & 0xff;
3083 printf("%s: 0x%08x\n", __func__, val);
3088 static void bmdma_addr_writeb(void *opaque, uint32_t addr, uint32_t val)
3090 BMDMAState *bm = opaque;
3091 int shift = (addr & 3) * 8;
3093 printf("%s: 0x%08x\n", __func__, val);
3095 bm->addr &= ~(0xFF << shift);
3096 bm->addr |= ((val & 0xFF) << shift) & ~3;
3097 bm->cur_addr = bm->addr;
3100 static uint32_t bmdma_addr_readw(void *opaque, uint32_t addr)
3102 BMDMAState *bm = opaque;
3104 val = (bm->addr >> ((addr & 3) * 8)) & 0xffff;
3106 printf("%s: 0x%08x\n", __func__, val);
3111 static void bmdma_addr_writew(void *opaque, uint32_t addr, uint32_t val)
3113 BMDMAState *bm = opaque;
3114 int shift = (addr & 3) * 8;
3116 printf("%s: 0x%08x\n", __func__, val);
3118 bm->addr &= ~(0xFFFF << shift);
3119 bm->addr |= ((val & 0xFFFF) << shift) & ~3;
3120 bm->cur_addr = bm->addr;
3123 static uint32_t bmdma_addr_readl(void *opaque, uint32_t addr)
3125 BMDMAState *bm = opaque;
3129 printf("%s: 0x%08x\n", __func__, val);
3134 static void bmdma_addr_writel(void *opaque, uint32_t addr, uint32_t val)
3136 BMDMAState *bm = opaque;
3138 printf("%s: 0x%08x\n", __func__, val);
3140 bm->addr = val & ~3;
3141 bm->cur_addr = bm->addr;
3144 static void bmdma_map(PCIDevice *pci_dev, int region_num,
3145 uint32_t addr, uint32_t size, int type)
3147 PCIIDEState *d = (PCIIDEState *)pci_dev;
3150 for(i = 0;i < 2; i++) {
3151 BMDMAState *bm = &d->bmdma[i];
3152 d->ide_if[2 * i].bmdma = bm;
3153 d->ide_if[2 * i + 1].bmdma = bm;
3154 bm->pci_dev = (PCIIDEState *)pci_dev;
3155 qemu_add_vm_change_state_handler(ide_dma_restart_cb, bm);
3157 register_ioport_write(addr, 1, 1, bmdma_cmd_writeb, bm);
3159 register_ioport_write(addr + 1, 3, 1, bmdma_writeb, bm);
3160 register_ioport_read(addr, 4, 1, bmdma_readb, bm);
3162 register_ioport_write(addr + 4, 4, 1, bmdma_addr_writeb, bm);
3163 register_ioport_read(addr + 4, 4, 1, bmdma_addr_readb, bm);
3164 register_ioport_write(addr + 4, 4, 2, bmdma_addr_writew, bm);
3165 register_ioport_read(addr + 4, 4, 2, bmdma_addr_readw, bm);
3166 register_ioport_write(addr + 4, 4, 4, bmdma_addr_writel, bm);
3167 register_ioport_read(addr + 4, 4, 4, bmdma_addr_readl, bm);
3172 static void pci_ide_save(QEMUFile* f, void *opaque)
3174 PCIIDEState *d = opaque;
3177 pci_device_save(&d->dev, f);
3179 for(i = 0; i < 2; i++) {
3180 BMDMAState *bm = &d->bmdma[i];
3182 qemu_put_8s(f, &bm->cmd);
3183 qemu_put_8s(f, &bm->status);
3184 qemu_put_be32s(f, &bm->addr);
3185 qemu_put_sbe64s(f, &bm->sector_num);
3186 qemu_put_be32s(f, &bm->nsector);
3187 ifidx = bm->ide_if ? bm->ide_if - d->ide_if : 0;
3188 qemu_put_8s(f, &ifidx);
3189 /* XXX: if a transfer is pending, we do not save it yet */
3192 /* per IDE interface data */
3193 for(i = 0; i < 2; i++) {
3194 IDEState *s = &d->ide_if[i * 2];
3195 uint8_t drive1_selected;
3196 qemu_put_8s(f, &s->cmd);
3197 drive1_selected = (s->cur_drive != s);
3198 qemu_put_8s(f, &drive1_selected);
3201 /* per IDE drive data */
3202 for(i = 0; i < 4; i++) {
3203 ide_save(f, &d->ide_if[i]);
3207 static int pci_ide_load(QEMUFile* f, void *opaque, int version_id)
3209 PCIIDEState *d = opaque;
3212 if (version_id != 2)
3214 ret = pci_device_load(&d->dev, f);
3218 for(i = 0; i < 2; i++) {
3219 BMDMAState *bm = &d->bmdma[i];
3221 qemu_get_8s(f, &bm->cmd);
3222 qemu_get_8s(f, &bm->status);
3223 qemu_get_be32s(f, &bm->addr);
3224 qemu_get_sbe64s(f, &bm->sector_num);
3225 qemu_get_be32s(f, &bm->nsector);
3226 qemu_get_8s(f, &ifidx);
3227 bm->ide_if = &d->ide_if[ifidx];
3228 /* XXX: if a transfer is pending, we do not save it yet */
3231 /* per IDE interface data */
3232 for(i = 0; i < 2; i++) {
3233 IDEState *s = &d->ide_if[i * 2];
3234 uint8_t drive1_selected;
3235 qemu_get_8s(f, &s->cmd);
3236 qemu_get_8s(f, &drive1_selected);
3237 s->cur_drive = &d->ide_if[i * 2 + (drive1_selected != 0)];
3240 /* per IDE drive data */
3241 for(i = 0; i < 4; i++) {
3242 ide_load(f, &d->ide_if[i]);
3247 /* XXX: call it also when the MRDMODE is changed from the PCI config
3249 static void cmd646_update_irq(PCIIDEState *d)
3252 pci_level = ((d->dev.config[MRDMODE] & MRDMODE_INTR_CH0) &&
3253 !(d->dev.config[MRDMODE] & MRDMODE_BLK_CH0)) ||
3254 ((d->dev.config[MRDMODE] & MRDMODE_INTR_CH1) &&
3255 !(d->dev.config[MRDMODE] & MRDMODE_BLK_CH1));
3256 qemu_set_irq(d->dev.irq[0], pci_level);
3259 /* the PCI irq level is the logical OR of the two channels */
3260 static void cmd646_set_irq(void *opaque, int channel, int level)
3262 PCIIDEState *d = opaque;
3265 irq_mask = MRDMODE_INTR_CH0 << channel;
3267 d->dev.config[MRDMODE] |= irq_mask;
3269 d->dev.config[MRDMODE] &= ~irq_mask;
3270 cmd646_update_irq(d);
3273 static void cmd646_reset(void *opaque)
3275 PCIIDEState *d = opaque;
3278 for (i = 0; i < 2; i++)
3279 ide_dma_cancel(&d->bmdma[i]);
3282 /* CMD646 PCI IDE controller */
3283 void pci_cmd646_ide_init(PCIBus *bus, BlockDriverState **hd_table,
3284 int secondary_ide_enabled)
3291 d = (PCIIDEState *)pci_register_device(bus, "CMD646 IDE",
3292 sizeof(PCIIDEState),
3295 d->type = IDE_TYPE_CMD646;
3296 pci_conf = d->dev.config;
3297 pci_config_set_vendor_id(pci_conf, PCI_VENDOR_ID_CMD);
3298 pci_config_set_device_id(pci_conf, PCI_DEVICE_ID_CMD_646);
3300 pci_conf[0x08] = 0x07; // IDE controller revision
3301 pci_conf[0x09] = 0x8f;
3303 pci_config_set_class(pci_conf, PCI_CLASS_STORAGE_IDE);
3304 pci_conf[0x0e] = 0x00; // header_type
3306 pci_conf[0x51] = 0x04; // enable IDE0
3307 if (secondary_ide_enabled) {
3308 /* XXX: if not enabled, really disable the seconday IDE controller */
3309 pci_conf[0x51] |= 0x08; /* enable IDE1 */
3312 pci_register_io_region((PCIDevice *)d, 0, 0x8,
3313 PCI_ADDRESS_SPACE_IO, ide_map);
3314 pci_register_io_region((PCIDevice *)d, 1, 0x4,
3315 PCI_ADDRESS_SPACE_IO, ide_map);
3316 pci_register_io_region((PCIDevice *)d, 2, 0x8,
3317 PCI_ADDRESS_SPACE_IO, ide_map);
3318 pci_register_io_region((PCIDevice *)d, 3, 0x4,
3319 PCI_ADDRESS_SPACE_IO, ide_map);
3320 pci_register_io_region((PCIDevice *)d, 4, 0x10,
3321 PCI_ADDRESS_SPACE_IO, bmdma_map);
3323 pci_conf[0x3d] = 0x01; // interrupt on pin 1
3325 for(i = 0; i < 4; i++)
3326 d->ide_if[i].pci_dev = (PCIDevice *)d;
3328 irq = qemu_allocate_irqs(cmd646_set_irq, d, 2);
3329 ide_init2(&d->ide_if[0], hd_table[0], hd_table[1], irq[0]);
3330 ide_init2(&d->ide_if[2], hd_table[2], hd_table[3], irq[1]);
3332 register_savevm("ide", 0, 2, pci_ide_save, pci_ide_load, d);
3333 qemu_register_reset(cmd646_reset, d);
3337 static void piix3_reset(void *opaque)
3339 PCIIDEState *d = opaque;
3340 uint8_t *pci_conf = d->dev.config;
3343 for (i = 0; i < 2; i++)
3344 ide_dma_cancel(&d->bmdma[i]);
3346 pci_conf[0x04] = 0x00;
3347 pci_conf[0x05] = 0x00;
3348 pci_conf[0x06] = 0x80; /* FBC */
3349 pci_conf[0x07] = 0x02; // PCI_status_devsel_medium
3350 pci_conf[0x20] = 0x01; /* BMIBA: 20-23h */
3353 /* hd_table must contain 4 block drivers */
3354 /* NOTE: for the PIIX3, the IRQs and IOports are hardcoded */
3355 void pci_piix3_ide_init(PCIBus *bus, BlockDriverState **hd_table, int devfn,
3362 /* register a function 1 of PIIX3 */
3363 d = (PCIIDEState *)pci_register_device(bus, "PIIX3 IDE",
3364 sizeof(PCIIDEState),
3367 d->type = IDE_TYPE_PIIX3;
3369 pci_conf = d->dev.config;
3370 pci_config_set_vendor_id(pci_conf, PCI_VENDOR_ID_INTEL);
3371 pci_config_set_device_id(pci_conf, PCI_DEVICE_ID_INTEL_82371SB_1);
3372 pci_conf[0x09] = 0x80; // legacy ATA mode
3373 pci_config_set_class(pci_conf, PCI_CLASS_STORAGE_IDE);
3374 pci_conf[0x0e] = 0x00; // header_type
3376 qemu_register_reset(piix3_reset, d);
3379 pci_register_io_region((PCIDevice *)d, 4, 0x10,
3380 PCI_ADDRESS_SPACE_IO, bmdma_map);
3382 ide_init2(&d->ide_if[0], hd_table[0], hd_table[1], pic[14]);
3383 ide_init2(&d->ide_if[2], hd_table[2], hd_table[3], pic[15]);
3384 ide_init_ioport(&d->ide_if[0], 0x1f0, 0x3f6);
3385 ide_init_ioport(&d->ide_if[2], 0x170, 0x376);
3387 for (i = 0; i < 4; i++)
3389 hd_table[i]->private = &d->dev;
3391 register_savevm("ide", 0, 2, pci_ide_save, pci_ide_load, d);
3394 /* hd_table must contain 4 block drivers */
3395 /* NOTE: for the PIIX4, the IRQs and IOports are hardcoded */
3396 void pci_piix4_ide_init(PCIBus *bus, BlockDriverState **hd_table, int devfn,
3402 /* register a function 1 of PIIX4 */
3403 d = (PCIIDEState *)pci_register_device(bus, "PIIX4 IDE",
3404 sizeof(PCIIDEState),
3407 d->type = IDE_TYPE_PIIX4;
3409 pci_conf = d->dev.config;
3410 pci_config_set_vendor_id(pci_conf, PCI_VENDOR_ID_INTEL);
3411 pci_config_set_device_id(pci_conf, PCI_DEVICE_ID_INTEL_82371AB);
3412 pci_conf[0x09] = 0x80; // legacy ATA mode
3413 pci_config_set_class(pci_conf, PCI_CLASS_STORAGE_IDE);
3414 pci_conf[0x0e] = 0x00; // header_type
3416 qemu_register_reset(piix3_reset, d);
3419 pci_register_io_region((PCIDevice *)d, 4, 0x10,
3420 PCI_ADDRESS_SPACE_IO, bmdma_map);
3422 ide_init2(&d->ide_if[0], hd_table[0], hd_table[1], pic[14]);
3423 ide_init2(&d->ide_if[2], hd_table[2], hd_table[3], pic[15]);
3424 ide_init_ioport(&d->ide_if[0], 0x1f0, 0x3f6);
3425 ide_init_ioport(&d->ide_if[2], 0x170, 0x376);
3427 register_savevm("ide", 0, 2, pci_ide_save, pci_ide_load, d);
3430 #if defined(TARGET_PPC)
3431 /***********************************************************/
3432 /* MacIO based PowerPC IDE */
3434 typedef struct MACIOIDEState {
3436 BlockDriverAIOCB *aiocb;
3439 static void pmac_ide_atapi_transfer_cb(void *opaque, int ret)
3441 DBDMA_io *io = opaque;
3442 MACIOIDEState *m = io->opaque;
3443 IDEState *s = m->ide_if->cur_drive;
3447 qemu_sglist_destroy(&s->sg);
3448 ide_atapi_io_error(s, ret);
3449 io->dma_end(opaque);
3453 if (s->io_buffer_size > 0) {
3455 qemu_sglist_destroy(&s->sg);
3457 s->packet_transfer_size -= s->io_buffer_size;
3459 s->io_buffer_index += s->io_buffer_size;
3460 s->lba += s->io_buffer_index >> 11;
3461 s->io_buffer_index &= 0x7ff;
3464 if (s->packet_transfer_size <= 0)
3465 ide_atapi_cmd_ok(s);
3468 io->dma_end(opaque);
3472 /* launch next transfer */
3474 s->io_buffer_size = io->len;
3476 qemu_sglist_init(&s->sg, io->len / TARGET_PAGE_SIZE + 1);
3477 qemu_sglist_add(&s->sg, io->addr, io->len);
3478 io->addr += io->len;
3481 m->aiocb = dma_bdrv_read(s->bs, &s->sg,
3482 (int64_t)(s->lba << 2) + (s->io_buffer_index >> 9),
3483 pmac_ide_atapi_transfer_cb, io);
3485 qemu_sglist_destroy(&s->sg);
3486 /* Note: media not present is the most likely case */
3487 ide_atapi_cmd_error(s, SENSE_NOT_READY,
3488 ASC_MEDIUM_NOT_PRESENT);
3489 io->dma_end(opaque);
3494 static void pmac_ide_transfer_cb(void *opaque, int ret)
3496 DBDMA_io *io = opaque;
3497 MACIOIDEState *m = io->opaque;
3498 IDEState *s = m->ide_if->cur_drive;
3504 qemu_sglist_destroy(&s->sg);
3510 sector_num = ide_get_sector(s);
3511 if (s->io_buffer_size > 0) {
3513 qemu_sglist_destroy(&s->sg);
3514 n = (s->io_buffer_size + 0x1ff) >> 9;
3516 ide_set_sector(s, sector_num);
3520 /* end of transfer ? */
3521 if (s->nsector == 0) {
3522 s->status = READY_STAT | SEEK_STAT;
3533 /* launch next transfer */
3535 s->io_buffer_index = 0;
3536 s->io_buffer_size = io->len;
3538 qemu_sglist_init(&s->sg, io->len / TARGET_PAGE_SIZE + 1);
3539 qemu_sglist_add(&s->sg, io->addr, io->len);
3540 io->addr += io->len;
3544 m->aiocb = dma_bdrv_read(s->bs, &s->sg, sector_num,
3545 pmac_ide_transfer_cb, io);
3547 m->aiocb = dma_bdrv_write(s->bs, &s->sg, sector_num,
3548 pmac_ide_transfer_cb, io);
3550 pmac_ide_transfer_cb(io, -1);
3553 static void pmac_ide_transfer(DBDMA_io *io)
3555 MACIOIDEState *m = io->opaque;
3556 IDEState *s = m->ide_if->cur_drive;
3558 s->io_buffer_size = 0;
3560 pmac_ide_atapi_transfer_cb(io, 0);
3564 pmac_ide_transfer_cb(io, 0);
3567 static void pmac_ide_flush(DBDMA_io *io)
3569 MACIOIDEState *m = io->opaque;
3575 /* PowerMac IDE memory IO */
3576 static void pmac_ide_writeb (void *opaque,
3577 target_phys_addr_t addr, uint32_t val)
3579 MACIOIDEState *d = opaque;
3581 addr = (addr & 0xFFF) >> 4;
3584 ide_ioport_write(d->ide_if, addr, val);
3588 ide_cmd_write(d->ide_if, 0, val);
3595 static uint32_t pmac_ide_readb (void *opaque,target_phys_addr_t addr)
3598 MACIOIDEState *d = opaque;
3600 addr = (addr & 0xFFF) >> 4;
3603 retval = ide_ioport_read(d->ide_if, addr);
3607 retval = ide_status_read(d->ide_if, 0);
3616 static void pmac_ide_writew (void *opaque,
3617 target_phys_addr_t addr, uint32_t val)
3619 MACIOIDEState *d = opaque;
3621 addr = (addr & 0xFFF) >> 4;
3622 #ifdef TARGET_WORDS_BIGENDIAN
3626 ide_data_writew(d->ide_if, 0, val);
3630 static uint32_t pmac_ide_readw (void *opaque,target_phys_addr_t addr)
3633 MACIOIDEState *d = opaque;
3635 addr = (addr & 0xFFF) >> 4;
3637 retval = ide_data_readw(d->ide_if, 0);
3641 #ifdef TARGET_WORDS_BIGENDIAN
3642 retval = bswap16(retval);
3647 static void pmac_ide_writel (void *opaque,
3648 target_phys_addr_t addr, uint32_t val)
3650 MACIOIDEState *d = opaque;
3652 addr = (addr & 0xFFF) >> 4;
3653 #ifdef TARGET_WORDS_BIGENDIAN
3657 ide_data_writel(d->ide_if, 0, val);
3661 static uint32_t pmac_ide_readl (void *opaque,target_phys_addr_t addr)
3664 MACIOIDEState *d = opaque;
3666 addr = (addr & 0xFFF) >> 4;
3668 retval = ide_data_readl(d->ide_if, 0);
3670 retval = 0xFFFFFFFF;
3672 #ifdef TARGET_WORDS_BIGENDIAN
3673 retval = bswap32(retval);
3678 static CPUWriteMemoryFunc *pmac_ide_write[] = {
3684 static CPUReadMemoryFunc *pmac_ide_read[] = {
3690 static void pmac_ide_save(QEMUFile *f, void *opaque)
3692 MACIOIDEState *d = opaque;
3693 IDEState *s = d->ide_if;
3694 uint8_t drive1_selected;
3697 /* per IDE interface data */
3698 qemu_put_8s(f, &s->cmd);
3699 drive1_selected = (s->cur_drive != s);
3700 qemu_put_8s(f, &drive1_selected);
3702 /* per IDE drive data */
3703 for(i = 0; i < 2; i++) {
3708 static int pmac_ide_load(QEMUFile *f, void *opaque, int version_id)
3710 MACIOIDEState *d = opaque;
3711 IDEState *s = d->ide_if;
3712 uint8_t drive1_selected;
3715 if (version_id != 1)
3718 /* per IDE interface data */
3719 qemu_get_8s(f, &s->cmd);
3720 qemu_get_8s(f, &drive1_selected);
3721 s->cur_drive = &s[(drive1_selected != 0)];
3723 /* per IDE drive data */
3724 for(i = 0; i < 2; i++) {
3730 static void pmac_ide_reset(void *opaque)
3732 MACIOIDEState *d = opaque;
3733 IDEState *s = d->ide_if;
3739 /* hd_table must contain 4 block drivers */
3740 /* PowerMac uses memory mapped registers, not I/O. Return the memory
3741 I/O index to access the ide. */
3742 int pmac_ide_init (BlockDriverState **hd_table, qemu_irq irq,
3743 void *dbdma, int channel, qemu_irq dma_irq)
3746 int pmac_ide_memory;
3748 d = qemu_mallocz(sizeof(MACIOIDEState));
3749 ide_init2(d->ide_if, hd_table[0], hd_table[1], irq);
3752 DBDMA_register_channel(dbdma, channel, dma_irq, pmac_ide_transfer, pmac_ide_flush, d);
3754 pmac_ide_memory = cpu_register_io_memory(0, pmac_ide_read,
3756 register_savevm("ide", 0, 1, pmac_ide_save, pmac_ide_load, d);
3757 qemu_register_reset(pmac_ide_reset, d);
3760 return pmac_ide_memory;
3762 #endif /* TARGET_PPC */
3764 /***********************************************************/
3765 /* MMIO based ide port
3766 * This emulates IDE device connected directly to the CPU bus without
3767 * dedicated ide controller, which is often seen on embedded boards.
3775 static uint32_t mmio_ide_read (void *opaque, target_phys_addr_t addr)
3777 MMIOState *s = (MMIOState*)opaque;
3778 IDEState *ide = (IDEState*)s->dev;
3781 return ide_ioport_read(ide, addr);
3783 return ide_data_readw(ide, 0);
3786 static void mmio_ide_write (void *opaque, target_phys_addr_t addr,
3789 MMIOState *s = (MMIOState*)opaque;
3790 IDEState *ide = (IDEState*)s->dev;
3793 ide_ioport_write(ide, addr, val);
3795 ide_data_writew(ide, 0, val);
3798 static CPUReadMemoryFunc *mmio_ide_reads[] = {
3804 static CPUWriteMemoryFunc *mmio_ide_writes[] = {
3810 static uint32_t mmio_ide_status_read (void *opaque, target_phys_addr_t addr)
3812 MMIOState *s= (MMIOState*)opaque;
3813 IDEState *ide = (IDEState*)s->dev;
3814 return ide_status_read(ide, 0);
3817 static void mmio_ide_cmd_write (void *opaque, target_phys_addr_t addr,
3820 MMIOState *s = (MMIOState*)opaque;
3821 IDEState *ide = (IDEState*)s->dev;
3822 ide_cmd_write(ide, 0, val);
3825 static CPUReadMemoryFunc *mmio_ide_status[] = {
3826 mmio_ide_status_read,
3827 mmio_ide_status_read,
3828 mmio_ide_status_read,
3831 static CPUWriteMemoryFunc *mmio_ide_cmd[] = {
3837 void mmio_ide_init (target_phys_addr_t membase, target_phys_addr_t membase2,
3838 qemu_irq irq, int shift,
3839 BlockDriverState *hd0, BlockDriverState *hd1)
3841 MMIOState *s = qemu_mallocz(sizeof(MMIOState));
3842 IDEState *ide = qemu_mallocz(sizeof(IDEState) * 2);
3845 ide_init2(ide, hd0, hd1, irq);
3850 mem1 = cpu_register_io_memory(0, mmio_ide_reads, mmio_ide_writes, s);
3851 mem2 = cpu_register_io_memory(0, mmio_ide_status, mmio_ide_cmd, s);
3852 cpu_register_physical_memory(membase, 16 << shift, mem1);
3853 cpu_register_physical_memory(membase2, 2 << shift, mem2);
3856 /***********************************************************/
3857 /* CF-ATA Microdrive */
3859 #define METADATA_SIZE 0x20
3861 /* DSCM-1XXXX Microdrive hard disk with CF+ II / PCMCIA interface. */
3864 struct pcmcia_card_s card;
3878 /* Register bitfields */
3881 OPT_MODE_IOMAP16 = 1,
3882 OPT_MODE_IOMAP1 = 2,
3883 OPT_MODE_IOMAP2 = 3,
3894 STAT_CHANGED = 0x80,
3905 static inline void md_interrupt_update(struct md_s *s)
3910 qemu_set_irq(s->card.slot->irq,
3911 !(s->stat & STAT_INT) && /* Inverted */
3912 !(s->ctrl & (CTRL_IEN | CTRL_SRST)) &&
3913 !(s->opt & OPT_SRESET));
3916 static void md_set_irq(void *opaque, int irq, int level)
3918 struct md_s *s = (struct md_s *) opaque;
3920 s->stat |= STAT_INT;
3922 s->stat &= ~STAT_INT;
3924 md_interrupt_update(s);
3927 static void md_reset(struct md_s *s)
3929 s->opt = OPT_MODE_MMAP;
3937 static uint8_t md_attr_read(void *opaque, uint32_t at)
3939 struct md_s *s = (struct md_s *) opaque;
3940 if (at < s->attr_base) {
3941 if (at < s->card.cis_len)
3942 return s->card.cis[at];
3950 case 0x00: /* Configuration Option Register */
3952 case 0x02: /* Card Configuration Status Register */
3953 if (s->ctrl & CTRL_IEN)
3954 return s->stat & ~STAT_INT;
3957 case 0x04: /* Pin Replacement Register */
3958 return (s->pins & PINS_CRDY) | 0x0c;
3959 case 0x06: /* Socket and Copy Register */
3963 printf("%s: Bad attribute space register %02x\n", __FUNCTION__, at);
3970 static void md_attr_write(void *opaque, uint32_t at, uint8_t value)
3972 struct md_s *s = (struct md_s *) opaque;
3976 case 0x00: /* Configuration Option Register */
3977 s->opt = value & 0xcf;
3978 if (value & OPT_SRESET)
3980 md_interrupt_update(s);
3982 case 0x02: /* Card Configuration Status Register */
3983 if ((s->stat ^ value) & STAT_PWRDWN)
3984 s->pins |= PINS_CRDY;
3986 s->stat |= value & 0x74;
3987 md_interrupt_update(s);
3988 /* Word 170 in Identify Device must be equal to STAT_XE */
3990 case 0x04: /* Pin Replacement Register */
3991 s->pins &= PINS_CRDY;
3992 s->pins |= value & PINS_MRDY;
3994 case 0x06: /* Socket and Copy Register */
3997 printf("%s: Bad attribute space register %02x\n", __FUNCTION__, at);
4001 static uint16_t md_common_read(void *opaque, uint32_t at)
4003 struct md_s *s = (struct md_s *) opaque;
4007 switch (s->opt & OPT_MODE) {
4009 if ((at & ~0x3ff) == 0x400)
4012 case OPT_MODE_IOMAP16:
4015 case OPT_MODE_IOMAP1:
4016 if ((at & ~0xf) == 0x3f0)
4018 else if ((at & ~0xf) == 0x1f0)
4021 case OPT_MODE_IOMAP2:
4022 if ((at & ~0xf) == 0x370)
4024 else if ((at & ~0xf) == 0x170)
4029 case 0x0: /* Even RD Data */
4031 return ide_data_readw(s->ide, 0);
4033 /* TODO: 8-bit accesses */
4037 s->io = ide_data_readw(s->ide, 0);
4040 s->cycle = !s->cycle;
4042 case 0x9: /* Odd RD Data */
4044 case 0xd: /* Error */
4045 return ide_ioport_read(s->ide, 0x1);
4046 case 0xe: /* Alternate Status */
4047 if (s->ide->cur_drive->bs)
4048 return s->ide->cur_drive->status;
4051 case 0xf: /* Device Address */
4052 return 0xc2 | ((~s->ide->select << 2) & 0x3c);
4054 return ide_ioport_read(s->ide, at);
4060 static void md_common_write(void *opaque, uint32_t at, uint16_t value)
4062 struct md_s *s = (struct md_s *) opaque;
4065 switch (s->opt & OPT_MODE) {
4067 if ((at & ~0x3ff) == 0x400)
4070 case OPT_MODE_IOMAP16:
4073 case OPT_MODE_IOMAP1:
4074 if ((at & ~0xf) == 0x3f0)
4076 else if ((at & ~0xf) == 0x1f0)
4079 case OPT_MODE_IOMAP2:
4080 if ((at & ~0xf) == 0x370)
4082 else if ((at & ~0xf) == 0x170)
4087 case 0x0: /* Even WR Data */
4089 ide_data_writew(s->ide, 0, value);
4092 /* TODO: 8-bit accesses */
4094 ide_data_writew(s->ide, 0, s->io | (value << 8));
4096 s->io = value & 0xff;
4097 s->cycle = !s->cycle;
4100 s->io = value & 0xff;
4101 s->cycle = !s->cycle;
4103 case 0xd: /* Features */
4104 ide_ioport_write(s->ide, 0x1, value);
4106 case 0xe: /* Device Control */
4108 if (value & CTRL_SRST)
4110 md_interrupt_update(s);
4113 if (s->stat & STAT_PWRDWN) {
4114 s->pins |= PINS_CRDY;
4115 s->stat &= ~STAT_PWRDWN;
4117 ide_ioport_write(s->ide, at, value);
4121 static void md_save(QEMUFile *f, void *opaque)
4123 struct md_s *s = (struct md_s *) opaque;
4125 uint8_t drive1_selected;
4127 qemu_put_8s(f, &s->opt);
4128 qemu_put_8s(f, &s->stat);
4129 qemu_put_8s(f, &s->pins);
4131 qemu_put_8s(f, &s->ctrl);
4132 qemu_put_be16s(f, &s->io);
4133 qemu_put_byte(f, s->cycle);
4135 drive1_selected = (s->ide->cur_drive != s->ide);
4136 qemu_put_8s(f, &s->ide->cmd);
4137 qemu_put_8s(f, &drive1_selected);
4139 for (i = 0; i < 2; i ++)
4140 ide_save(f, &s->ide[i]);
4143 static int md_load(QEMUFile *f, void *opaque, int version_id)
4145 struct md_s *s = (struct md_s *) opaque;
4147 uint8_t drive1_selected;
4149 qemu_get_8s(f, &s->opt);
4150 qemu_get_8s(f, &s->stat);
4151 qemu_get_8s(f, &s->pins);
4153 qemu_get_8s(f, &s->ctrl);
4154 qemu_get_be16s(f, &s->io);
4155 s->cycle = qemu_get_byte(f);
4157 qemu_get_8s(f, &s->ide->cmd);
4158 qemu_get_8s(f, &drive1_selected);
4159 s->ide->cur_drive = &s->ide[(drive1_selected != 0)];
4161 for (i = 0; i < 2; i ++)
4162 ide_load(f, &s->ide[i]);
4167 static const uint8_t dscm1xxxx_cis[0x14a] = {
4168 [0x000] = CISTPL_DEVICE, /* 5V Device Information */
4169 [0x002] = 0x03, /* Tuple length = 4 bytes */
4170 [0x004] = 0xdb, /* ID: DTYPE_FUNCSPEC, non WP, DSPEED_150NS */
4171 [0x006] = 0x01, /* Size = 2K bytes */
4172 [0x008] = CISTPL_ENDMARK,
4174 [0x00a] = CISTPL_DEVICE_OC, /* Additional Device Information */
4175 [0x00c] = 0x04, /* Tuple length = 4 byest */
4176 [0x00e] = 0x03, /* Conditions: Ext = 0, Vcc 3.3V, MWAIT = 1 */
4177 [0x010] = 0xdb, /* ID: DTYPE_FUNCSPEC, non WP, DSPEED_150NS */
4178 [0x012] = 0x01, /* Size = 2K bytes */
4179 [0x014] = CISTPL_ENDMARK,
4181 [0x016] = CISTPL_JEDEC_C, /* JEDEC ID */
4182 [0x018] = 0x02, /* Tuple length = 2 bytes */
4183 [0x01a] = 0xdf, /* PC Card ATA with no Vpp required */
4186 [0x01e] = CISTPL_MANFID, /* Manufacture ID */
4187 [0x020] = 0x04, /* Tuple length = 4 bytes */
4188 [0x022] = 0xa4, /* TPLMID_MANF = 00a4 (IBM) */
4190 [0x026] = 0x00, /* PLMID_CARD = 0000 */
4193 [0x02a] = CISTPL_VERS_1, /* Level 1 Version */
4194 [0x02c] = 0x12, /* Tuple length = 23 bytes */
4195 [0x02e] = 0x04, /* Major Version = JEIDA 4.2 / PCMCIA 2.1 */
4196 [0x030] = 0x01, /* Minor Version = 1 */
4212 [0x050] = CISTPL_ENDMARK,
4214 [0x052] = CISTPL_FUNCID, /* Function ID */
4215 [0x054] = 0x02, /* Tuple length = 2 bytes */
4216 [0x056] = 0x04, /* TPLFID_FUNCTION = Fixed Disk */
4217 [0x058] = 0x01, /* TPLFID_SYSINIT: POST = 1, ROM = 0 */
4219 [0x05a] = CISTPL_FUNCE, /* Function Extension */
4220 [0x05c] = 0x02, /* Tuple length = 2 bytes */
4221 [0x05e] = 0x01, /* TPLFE_TYPE = Disk Device Interface */
4222 [0x060] = 0x01, /* TPLFE_DATA = PC Card ATA Interface */
4224 [0x062] = CISTPL_FUNCE, /* Function Extension */
4225 [0x064] = 0x03, /* Tuple length = 3 bytes */
4226 [0x066] = 0x02, /* TPLFE_TYPE = Basic PC Card ATA Interface */
4227 [0x068] = 0x08, /* TPLFE_DATA: Rotating, Unique, Single */
4228 [0x06a] = 0x0f, /* TPLFE_DATA: Sleep, Standby, Idle, Auto */
4230 [0x06c] = CISTPL_CONFIG, /* Configuration */
4231 [0x06e] = 0x05, /* Tuple length = 5 bytes */
4232 [0x070] = 0x01, /* TPCC_RASZ = 2 bytes, TPCC_RMSZ = 1 byte */
4233 [0x072] = 0x07, /* TPCC_LAST = 7 */
4234 [0x074] = 0x00, /* TPCC_RADR = 0200 */
4236 [0x078] = 0x0f, /* TPCC_RMSK = 200, 202, 204, 206 */
4238 [0x07a] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
4239 [0x07c] = 0x0b, /* Tuple length = 11 bytes */
4240 [0x07e] = 0xc0, /* TPCE_INDX = Memory Mode, Default, Iface */
4241 [0x080] = 0xc0, /* TPCE_IF = Memory, no BVDs, no WP, READY */
4242 [0x082] = 0xa1, /* TPCE_FS = Vcc only, no I/O, Memory, Misc */
4243 [0x084] = 0x27, /* NomV = 1, MinV = 1, MaxV = 1, Peakl = 1 */
4244 [0x086] = 0x55, /* NomV: 5.0 V */
4245 [0x088] = 0x4d, /* MinV: 4.5 V */
4246 [0x08a] = 0x5d, /* MaxV: 5.5 V */
4247 [0x08c] = 0x4e, /* Peakl: 450 mA */
4248 [0x08e] = 0x08, /* TPCE_MS = 1 window, 1 byte, Host address */
4249 [0x090] = 0x00, /* Window descriptor: Window length = 0 */
4250 [0x092] = 0x20, /* TPCE_MI: support power down mode, RW */
4252 [0x094] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
4253 [0x096] = 0x06, /* Tuple length = 6 bytes */
4254 [0x098] = 0x00, /* TPCE_INDX = Memory Mode, no Default */
4255 [0x09a] = 0x01, /* TPCE_FS = Vcc only, no I/O, no Memory */
4256 [0x09c] = 0x21, /* NomV = 1, MinV = 0, MaxV = 0, Peakl = 1 */
4257 [0x09e] = 0xb5, /* NomV: 3.3 V */
4259 [0x0a2] = 0x3e, /* Peakl: 350 mA */
4261 [0x0a4] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
4262 [0x0a6] = 0x0d, /* Tuple length = 13 bytes */
4263 [0x0a8] = 0xc1, /* TPCE_INDX = I/O and Memory Mode, Default */
4264 [0x0aa] = 0x41, /* TPCE_IF = I/O and Memory, no BVD, no WP */
4265 [0x0ac] = 0x99, /* TPCE_FS = Vcc only, I/O, Interrupt, Misc */
4266 [0x0ae] = 0x27, /* NomV = 1, MinV = 1, MaxV = 1, Peakl = 1 */
4267 [0x0b0] = 0x55, /* NomV: 5.0 V */
4268 [0x0b2] = 0x4d, /* MinV: 4.5 V */
4269 [0x0b4] = 0x5d, /* MaxV: 5.5 V */
4270 [0x0b6] = 0x4e, /* Peakl: 450 mA */
4271 [0x0b8] = 0x64, /* TPCE_IO = 16-byte boundary, 16/8 accesses */
4272 [0x0ba] = 0xf0, /* TPCE_IR = MASK, Level, Pulse, Share */
4273 [0x0bc] = 0xff, /* IRQ0..IRQ7 supported */
4274 [0x0be] = 0xff, /* IRQ8..IRQ15 supported */
4275 [0x0c0] = 0x20, /* TPCE_MI = support power down mode */
4277 [0x0c2] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
4278 [0x0c4] = 0x06, /* Tuple length = 6 bytes */
4279 [0x0c6] = 0x01, /* TPCE_INDX = I/O and Memory Mode */
4280 [0x0c8] = 0x01, /* TPCE_FS = Vcc only, no I/O, no Memory */
4281 [0x0ca] = 0x21, /* NomV = 1, MinV = 0, MaxV = 0, Peakl = 1 */
4282 [0x0cc] = 0xb5, /* NomV: 3.3 V */
4284 [0x0d0] = 0x3e, /* Peakl: 350 mA */
4286 [0x0d2] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
4287 [0x0d4] = 0x12, /* Tuple length = 18 bytes */
4288 [0x0d6] = 0xc2, /* TPCE_INDX = I/O Primary Mode */
4289 [0x0d8] = 0x41, /* TPCE_IF = I/O and Memory, no BVD, no WP */
4290 [0x0da] = 0x99, /* TPCE_FS = Vcc only, I/O, Interrupt, Misc */
4291 [0x0dc] = 0x27, /* NomV = 1, MinV = 1, MaxV = 1, Peakl = 1 */
4292 [0x0de] = 0x55, /* NomV: 5.0 V */
4293 [0x0e0] = 0x4d, /* MinV: 4.5 V */
4294 [0x0e2] = 0x5d, /* MaxV: 5.5 V */
4295 [0x0e4] = 0x4e, /* Peakl: 450 mA */
4296 [0x0e6] = 0xea, /* TPCE_IO = 1K boundary, 16/8 access, Range */
4297 [0x0e8] = 0x61, /* Range: 2 fields, 2 bytes addr, 1 byte len */
4298 [0x0ea] = 0xf0, /* Field 1 address = 0x01f0 */
4300 [0x0ee] = 0x07, /* Address block length = 8 */
4301 [0x0f0] = 0xf6, /* Field 2 address = 0x03f6 */
4303 [0x0f4] = 0x01, /* Address block length = 2 */
4304 [0x0f6] = 0xee, /* TPCE_IR = IRQ E, Level, Pulse, Share */
4305 [0x0f8] = 0x20, /* TPCE_MI = support power down mode */
4307 [0x0fa] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
4308 [0x0fc] = 0x06, /* Tuple length = 6 bytes */
4309 [0x0fe] = 0x02, /* TPCE_INDX = I/O Primary Mode, no Default */
4310 [0x100] = 0x01, /* TPCE_FS = Vcc only, no I/O, no Memory */
4311 [0x102] = 0x21, /* NomV = 1, MinV = 0, MaxV = 0, Peakl = 1 */
4312 [0x104] = 0xb5, /* NomV: 3.3 V */
4314 [0x108] = 0x3e, /* Peakl: 350 mA */
4316 [0x10a] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
4317 [0x10c] = 0x12, /* Tuple length = 18 bytes */
4318 [0x10e] = 0xc3, /* TPCE_INDX = I/O Secondary Mode, Default */
4319 [0x110] = 0x41, /* TPCE_IF = I/O and Memory, no BVD, no WP */
4320 [0x112] = 0x99, /* TPCE_FS = Vcc only, I/O, Interrupt, Misc */
4321 [0x114] = 0x27, /* NomV = 1, MinV = 1, MaxV = 1, Peakl = 1 */
4322 [0x116] = 0x55, /* NomV: 5.0 V */
4323 [0x118] = 0x4d, /* MinV: 4.5 V */
4324 [0x11a] = 0x5d, /* MaxV: 5.5 V */
4325 [0x11c] = 0x4e, /* Peakl: 450 mA */
4326 [0x11e] = 0xea, /* TPCE_IO = 1K boundary, 16/8 access, Range */
4327 [0x120] = 0x61, /* Range: 2 fields, 2 byte addr, 1 byte len */
4328 [0x122] = 0x70, /* Field 1 address = 0x0170 */
4330 [0x126] = 0x07, /* Address block length = 8 */
4331 [0x128] = 0x76, /* Field 2 address = 0x0376 */
4333 [0x12c] = 0x01, /* Address block length = 2 */
4334 [0x12e] = 0xee, /* TPCE_IR = IRQ E, Level, Pulse, Share */
4335 [0x130] = 0x20, /* TPCE_MI = support power down mode */
4337 [0x132] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
4338 [0x134] = 0x06, /* Tuple length = 6 bytes */
4339 [0x136] = 0x03, /* TPCE_INDX = I/O Secondary Mode */
4340 [0x138] = 0x01, /* TPCE_FS = Vcc only, no I/O, no Memory */
4341 [0x13a] = 0x21, /* NomV = 1, MinV = 0, MaxV = 0, Peakl = 1 */
4342 [0x13c] = 0xb5, /* NomV: 3.3 V */
4344 [0x140] = 0x3e, /* Peakl: 350 mA */
4346 [0x142] = CISTPL_NO_LINK, /* No Link */
4347 [0x144] = 0x00, /* Tuple length = 0 bytes */
4349 [0x146] = CISTPL_END, /* Tuple End */
4352 static int dscm1xxxx_attach(void *opaque)
4354 struct md_s *md = (struct md_s *) opaque;
4355 md->card.attr_read = md_attr_read;
4356 md->card.attr_write = md_attr_write;
4357 md->card.common_read = md_common_read;
4358 md->card.common_write = md_common_write;
4359 md->card.io_read = md_common_read;
4360 md->card.io_write = md_common_write;
4362 md->attr_base = md->card.cis[0x74] | (md->card.cis[0x76] << 8);
4366 md_interrupt_update(md);
4368 md->card.slot->card_string = "DSCM-1xxxx Hitachi Microdrive";
4372 static int dscm1xxxx_detach(void *opaque)
4374 struct md_s *md = (struct md_s *) opaque;
4379 struct pcmcia_card_s *dscm1xxxx_init(BlockDriverState *bdrv)
4381 struct md_s *md = (struct md_s *) qemu_mallocz(sizeof(struct md_s));
4382 md->card.state = md;
4383 md->card.attach = dscm1xxxx_attach;
4384 md->card.detach = dscm1xxxx_detach;
4385 md->card.cis = dscm1xxxx_cis;
4386 md->card.cis_len = sizeof(dscm1xxxx_cis);
4388 ide_init2(md->ide, bdrv, 0, qemu_allocate_irqs(md_set_irq, md, 1)[0]);
4390 md->ide->mdata_size = METADATA_SIZE;
4391 md->ide->mdata_storage = (uint8_t *) qemu_mallocz(METADATA_SIZE);
4393 register_savevm("microdrive", -1, 0, md_save, md_load, md);
projects / qemu / blob