2 * QEMU IDE disk and CD-ROM Emulator
4 * Copyright (c) 2003 Fabrice Bellard
5 * Copyright (c) 2006 Openedhand Ltd.
7 * Permission is hereby granted, free of charge, to any person obtaining a copy
8 * of this software and associated documentation files (the "Software"), to deal
9 * in the Software without restriction, including without limitation the rights
10 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
11 * copies of the Software, and to permit persons to whom the Software is
12 * furnished to do so, subject to the following conditions:
14 * The above copyright notice and this permission notice shall be included in
15 * all copies or substantial portions of the Software.
17 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
18 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
19 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
20 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
21 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
22 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
28 #include "scsi-disk.h"
31 #include "qemu-timer.h"
35 /* debug IDE devices */
37 //#define DEBUG_IDE_ATAPI
41 /* Bits of HD_STATUS */
43 #define INDEX_STAT 0x02
44 #define ECC_STAT 0x04 /* Corrected error */
46 #define SEEK_STAT 0x10
48 #define WRERR_STAT 0x20
49 #define READY_STAT 0x40
50 #define BUSY_STAT 0x80
52 /* Bits for HD_ERROR */
53 #define MARK_ERR 0x01 /* Bad address mark */
54 #define TRK0_ERR 0x02 /* couldn't find track 0 */
55 #define ABRT_ERR 0x04 /* Command aborted */
56 #define MCR_ERR 0x08 /* media change request */
57 #define ID_ERR 0x10 /* ID field not found */
58 #define MC_ERR 0x20 /* media changed */
59 #define ECC_ERR 0x40 /* Uncorrectable ECC error */
60 #define BBD_ERR 0x80 /* pre-EIDE meaning: block marked bad */
61 #define ICRC_ERR 0x80 /* new meaning: CRC error during transfer */
63 /* Bits of HD_NSECTOR */
69 #define IDE_CMD_RESET 0x04
70 #define IDE_CMD_DISABLE_IRQ 0x02
72 /* ATA/ATAPI Commands pre T13 Spec */
77 #define CFA_REQ_EXT_ERROR_CODE 0x03 /* CFA Request Extended Error Code */
81 #define WIN_SRST 0x08 /* ATAPI soft reset command */
82 #define WIN_DEVICE_RESET 0x08
86 #define WIN_RECAL 0x10
87 #define WIN_RESTORE WIN_RECAL
91 #define WIN_READ 0x20 /* 28-Bit */
92 #define WIN_READ_ONCE 0x21 /* 28-Bit without retries */
93 #define WIN_READ_LONG 0x22 /* 28-Bit */
94 #define WIN_READ_LONG_ONCE 0x23 /* 28-Bit without retries */
95 #define WIN_READ_EXT 0x24 /* 48-Bit */
96 #define WIN_READDMA_EXT 0x25 /* 48-Bit */
97 #define WIN_READDMA_QUEUED_EXT 0x26 /* 48-Bit */
98 #define WIN_READ_NATIVE_MAX_EXT 0x27 /* 48-Bit */
102 #define WIN_MULTREAD_EXT 0x29 /* 48-Bit */
104 * 0x2A->0x2F Reserved
106 #define WIN_WRITE 0x30 /* 28-Bit */
107 #define WIN_WRITE_ONCE 0x31 /* 28-Bit without retries */
108 #define WIN_WRITE_LONG 0x32 /* 28-Bit */
109 #define WIN_WRITE_LONG_ONCE 0x33 /* 28-Bit without retries */
110 #define WIN_WRITE_EXT 0x34 /* 48-Bit */
111 #define WIN_WRITEDMA_EXT 0x35 /* 48-Bit */
112 #define WIN_WRITEDMA_QUEUED_EXT 0x36 /* 48-Bit */
113 #define WIN_SET_MAX_EXT 0x37 /* 48-Bit */
114 #define CFA_WRITE_SECT_WO_ERASE 0x38 /* CFA Write Sectors without erase */
115 #define WIN_MULTWRITE_EXT 0x39 /* 48-Bit */
117 * 0x3A->0x3B Reserved
119 #define WIN_WRITE_VERIFY 0x3C /* 28-Bit */
121 * 0x3D->0x3F Reserved
123 #define WIN_VERIFY 0x40 /* 28-Bit - Read Verify Sectors */
124 #define WIN_VERIFY_ONCE 0x41 /* 28-Bit - without retries */
125 #define WIN_VERIFY_EXT 0x42 /* 48-Bit */
127 * 0x43->0x4F Reserved
129 #define WIN_FORMAT 0x50
131 * 0x51->0x5F Reserved
133 #define WIN_INIT 0x60
135 * 0x61->0x5F Reserved
137 #define WIN_SEEK 0x70 /* 0x70-0x7F Reserved */
138 #define CFA_TRANSLATE_SECTOR 0x87 /* CFA Translate Sector */
139 #define WIN_DIAGNOSE 0x90
140 #define WIN_SPECIFY 0x91 /* set drive geometry translation */
141 #define WIN_DOWNLOAD_MICROCODE 0x92
142 #define WIN_STANDBYNOW2 0x94
143 #define CFA_IDLEIMMEDIATE 0x95 /* force drive to become "ready" */
144 #define WIN_STANDBY2 0x96
145 #define WIN_SETIDLE2 0x97
146 #define WIN_CHECKPOWERMODE2 0x98
147 #define WIN_SLEEPNOW2 0x99
151 #define WIN_PACKETCMD 0xA0 /* Send a packet command. */
152 #define WIN_PIDENTIFY 0xA1 /* identify ATAPI device */
153 #define WIN_QUEUED_SERVICE 0xA2
154 #define WIN_SMART 0xB0 /* self-monitoring and reporting */
155 #define CFA_ACCESS_METADATA_STORAGE 0xB8
156 #define CFA_ERASE_SECTORS 0xC0 /* microdrives implement as NOP */
157 #define WIN_MULTREAD 0xC4 /* read sectors using multiple mode*/
158 #define WIN_MULTWRITE 0xC5 /* write sectors using multiple mode */
159 #define WIN_SETMULT 0xC6 /* enable/disable multiple mode */
160 #define WIN_READDMA_QUEUED 0xC7 /* read sectors using Queued DMA transfers */
161 #define WIN_READDMA 0xC8 /* read sectors using DMA transfers */
162 #define WIN_READDMA_ONCE 0xC9 /* 28-Bit - without retries */
163 #define WIN_WRITEDMA 0xCA /* write sectors using DMA transfers */
164 #define WIN_WRITEDMA_ONCE 0xCB /* 28-Bit - without retries */
165 #define WIN_WRITEDMA_QUEUED 0xCC /* write sectors using Queued DMA transfers */
166 #define CFA_WRITE_MULTI_WO_ERASE 0xCD /* CFA Write multiple without erase */
167 #define WIN_GETMEDIASTATUS 0xDA
168 #define WIN_ACKMEDIACHANGE 0xDB /* ATA-1, ATA-2 vendor */
169 #define WIN_POSTBOOT 0xDC
170 #define WIN_PREBOOT 0xDD
171 #define WIN_DOORLOCK 0xDE /* lock door on removable drives */
172 #define WIN_DOORUNLOCK 0xDF /* unlock door on removable drives */
173 #define WIN_STANDBYNOW1 0xE0
174 #define WIN_IDLEIMMEDIATE 0xE1 /* force drive to become "ready" */
175 #define WIN_STANDBY 0xE2 /* Set device in Standby Mode */
176 #define WIN_SETIDLE1 0xE3
177 #define WIN_READ_BUFFER 0xE4 /* force read only 1 sector */
178 #define WIN_CHECKPOWERMODE1 0xE5
179 #define WIN_SLEEPNOW1 0xE6
180 #define WIN_FLUSH_CACHE 0xE7
181 #define WIN_WRITE_BUFFER 0xE8 /* force write only 1 sector */
182 #define WIN_WRITE_SAME 0xE9 /* read ata-2 to use */
183 /* SET_FEATURES 0x22 or 0xDD */
184 #define WIN_FLUSH_CACHE_EXT 0xEA /* 48-Bit */
185 #define WIN_IDENTIFY 0xEC /* ask drive to identify itself */
186 #define WIN_MEDIAEJECT 0xED
187 #define WIN_IDENTIFY_DMA 0xEE /* same as WIN_IDENTIFY, but DMA */
188 #define WIN_SETFEATURES 0xEF /* set special drive features */
189 #define EXABYTE_ENABLE_NEST 0xF0
190 #define IBM_SENSE_CONDITION 0xF0 /* measure disk temperature */
191 #define WIN_SECURITY_SET_PASS 0xF1
192 #define WIN_SECURITY_UNLOCK 0xF2
193 #define WIN_SECURITY_ERASE_PREPARE 0xF3
194 #define WIN_SECURITY_ERASE_UNIT 0xF4
195 #define WIN_SECURITY_FREEZE_LOCK 0xF5
196 #define CFA_WEAR_LEVEL 0xF5 /* microdrives implement as NOP */
197 #define WIN_SECURITY_DISABLE 0xF6
198 #define WIN_READ_NATIVE_MAX 0xF8 /* return the native maximum address */
199 #define WIN_SET_MAX 0xF9
200 #define DISABLE_SEAGATE 0xFB
202 /* set to 1 set disable mult support */
203 #define MAX_MULT_SECTORS 16
207 #define ATAPI_PACKET_SIZE 12
209 /* The generic packet command opcodes for CD/DVD Logical Units,
210 * From Table 57 of the SFF8090 Ver. 3 (Mt. Fuji) draft standard. */
211 #define GPCMD_BLANK 0xa1
212 #define GPCMD_CLOSE_TRACK 0x5b
213 #define GPCMD_FLUSH_CACHE 0x35
214 #define GPCMD_FORMAT_UNIT 0x04
215 #define GPCMD_GET_CONFIGURATION 0x46
216 #define GPCMD_GET_EVENT_STATUS_NOTIFICATION 0x4a
217 #define GPCMD_GET_PERFORMANCE 0xac
218 #define GPCMD_INQUIRY 0x12
219 #define GPCMD_LOAD_UNLOAD 0xa6
220 #define GPCMD_MECHANISM_STATUS 0xbd
221 #define GPCMD_MODE_SELECT_10 0x55
222 #define GPCMD_MODE_SENSE_10 0x5a
223 #define GPCMD_PAUSE_RESUME 0x4b
224 #define GPCMD_PLAY_AUDIO_10 0x45
225 #define GPCMD_PLAY_AUDIO_MSF 0x47
226 #define GPCMD_PLAY_AUDIO_TI 0x48
227 #define GPCMD_PLAY_CD 0xbc
228 #define GPCMD_PREVENT_ALLOW_MEDIUM_REMOVAL 0x1e
229 #define GPCMD_READ_10 0x28
230 #define GPCMD_READ_12 0xa8
231 #define GPCMD_READ_CDVD_CAPACITY 0x25
232 #define GPCMD_READ_CD 0xbe
233 #define GPCMD_READ_CD_MSF 0xb9
234 #define GPCMD_READ_DISC_INFO 0x51
235 #define GPCMD_READ_DVD_STRUCTURE 0xad
236 #define GPCMD_READ_FORMAT_CAPACITIES 0x23
237 #define GPCMD_READ_HEADER 0x44
238 #define GPCMD_READ_TRACK_RZONE_INFO 0x52
239 #define GPCMD_READ_SUBCHANNEL 0x42
240 #define GPCMD_READ_TOC_PMA_ATIP 0x43
241 #define GPCMD_REPAIR_RZONE_TRACK 0x58
242 #define GPCMD_REPORT_KEY 0xa4
243 #define GPCMD_REQUEST_SENSE 0x03
244 #define GPCMD_RESERVE_RZONE_TRACK 0x53
245 #define GPCMD_SCAN 0xba
246 #define GPCMD_SEEK 0x2b
247 #define GPCMD_SEND_DVD_STRUCTURE 0xad
248 #define GPCMD_SEND_EVENT 0xa2
249 #define GPCMD_SEND_KEY 0xa3
250 #define GPCMD_SEND_OPC 0x54
251 #define GPCMD_SET_READ_AHEAD 0xa7
252 #define GPCMD_SET_STREAMING 0xb6
253 #define GPCMD_START_STOP_UNIT 0x1b
254 #define GPCMD_STOP_PLAY_SCAN 0x4e
255 #define GPCMD_TEST_UNIT_READY 0x00
256 #define GPCMD_VERIFY_10 0x2f
257 #define GPCMD_WRITE_10 0x2a
258 #define GPCMD_WRITE_AND_VERIFY_10 0x2e
259 /* This is listed as optional in ATAPI 2.6, but is (curiously)
260 * missing from Mt. Fuji, Table 57. It _is_ mentioned in Mt. Fuji
261 * Table 377 as an MMC command for SCSi devices though... Most ATAPI
262 * drives support it. */
263 #define GPCMD_SET_SPEED 0xbb
264 /* This seems to be a SCSI specific CD-ROM opcode
265 * to play data at track/index */
266 #define GPCMD_PLAYAUDIO_TI 0x48
268 * From MS Media Status Notification Support Specification. For
271 #define GPCMD_GET_MEDIA_STATUS 0xda
272 #define GPCMD_MODE_SENSE_6 0x1a
274 /* Mode page codes for mode sense/set */
275 #define GPMODE_R_W_ERROR_PAGE 0x01
276 #define GPMODE_WRITE_PARMS_PAGE 0x05
277 #define GPMODE_AUDIO_CTL_PAGE 0x0e
278 #define GPMODE_POWER_PAGE 0x1a
279 #define GPMODE_FAULT_FAIL_PAGE 0x1c
280 #define GPMODE_TO_PROTECT_PAGE 0x1d
281 #define GPMODE_CAPABILITIES_PAGE 0x2a
282 #define GPMODE_ALL_PAGES 0x3f
283 /* Not in Mt. Fuji, but in ATAPI 2.6 -- depricated now in favor
284 * of MODE_SENSE_POWER_PAGE */
285 #define GPMODE_CDROM_PAGE 0x0d
287 #define ATAPI_INT_REASON_CD 0x01 /* 0 = data transfer */
288 #define ATAPI_INT_REASON_IO 0x02 /* 1 = transfer to the host */
289 #define ATAPI_INT_REASON_REL 0x04
290 #define ATAPI_INT_REASON_TAG 0xf8
292 /* same constants as bochs */
293 #define ASC_ILLEGAL_OPCODE 0x20
294 #define ASC_LOGICAL_BLOCK_OOR 0x21
295 #define ASC_INV_FIELD_IN_CMD_PACKET 0x24
296 #define ASC_MEDIUM_NOT_PRESENT 0x3a
297 #define ASC_SAVING_PARAMETERS_NOT_SUPPORTED 0x39
299 #define CFA_NO_ERROR 0x00
300 #define CFA_MISC_ERROR 0x09
301 #define CFA_INVALID_COMMAND 0x20
302 #define CFA_INVALID_ADDRESS 0x21
303 #define CFA_ADDRESS_OVERFLOW 0x2f
306 #define SENSE_NOT_READY 2
307 #define SENSE_ILLEGAL_REQUEST 5
308 #define SENSE_UNIT_ATTENTION 6
312 typedef void EndTransferFunc(struct IDEState *);
314 /* NOTE: IDEState represents in fact one drive */
315 typedef struct IDEState {
319 int cylinders, heads, sectors;
323 uint16_t identify_data[256];
326 struct BMDMAState *bmdma;
335 /* other part of tf for lba48 support */
345 /* 0x3f6 command, only meaningful for drive 0 */
347 /* set for lba48 access */
349 /* depends on bit 4 in select, only meaningful for drive 0 */
350 struct IDEState *cur_drive;
351 BlockDriverState *bs;
355 int packet_transfer_size;
356 int elementary_transfer_size;
360 int atapi_dma; /* true if dma is requested for the packet cmd */
363 /* PIO transfer handling */
364 int req_nb_sectors; /* number of sectors per interrupt */
365 EndTransferFunc *end_transfer_func;
368 uint8_t io_buffer[MAX_MULT_SECTORS*512 + 4];
369 QEMUTimer *sector_write_timer; /* only used for win2k install hack */
370 uint32_t irq_count; /* counts IRQs when using win2k install hack */
371 /* CF-ATA extended error */
373 /* CF-ATA metadata storage */
375 uint8_t *mdata_storage;
379 #define BM_STATUS_DMAING 0x01
380 #define BM_STATUS_ERROR 0x02
381 #define BM_STATUS_INT 0x04
383 #define BM_CMD_START 0x01
384 #define BM_CMD_READ 0x08
386 #define IDE_TYPE_PIIX3 0
387 #define IDE_TYPE_CMD646 1
388 #define IDE_TYPE_PIIX4 2
390 /* CMD646 specific */
392 #define MRDMODE_INTR_CH0 0x04
393 #define MRDMODE_INTR_CH1 0x08
394 #define MRDMODE_BLK_CH0 0x10
395 #define MRDMODE_BLK_CH1 0x20
396 #define UDIDETCR0 0x73
397 #define UDIDETCR1 0x7B
399 typedef struct BMDMAState {
404 struct PCIIDEState *pci_dev;
405 /* current transfer state */
407 uint32_t cur_prd_last;
408 uint32_t cur_prd_addr;
409 uint32_t cur_prd_len;
411 BlockDriverCompletionFunc *dma_cb;
412 BlockDriverAIOCB *aiocb;
415 typedef struct PCIIDEState {
419 int type; /* see IDE_TYPE_xxx */
422 static void ide_dma_start(IDEState *s, BlockDriverCompletionFunc *dma_cb);
423 static void ide_atapi_cmd_read_dma_cb(void *opaque, int ret);
425 static void padstr(char *str, const char *src, int len)
428 for(i = 0; i < len; i++) {
433 *(char *)((long)str ^ 1) = v;
438 static void padstr8(uint8_t *buf, int buf_size, const char *src)
441 for(i = 0; i < buf_size; i++) {
449 static void put_le16(uint16_t *p, unsigned int v)
454 static void ide_identify(IDEState *s)
457 unsigned int oldsize;
460 if (s->identify_set) {
461 memcpy(s->io_buffer, s->identify_data, sizeof(s->identify_data));
465 memset(s->io_buffer, 0, 512);
466 p = (uint16_t *)s->io_buffer;
467 put_le16(p + 0, 0x0040);
468 put_le16(p + 1, s->cylinders);
469 put_le16(p + 3, s->heads);
470 put_le16(p + 4, 512 * s->sectors); /* XXX: retired, remove ? */
471 put_le16(p + 5, 512); /* XXX: retired, remove ? */
472 put_le16(p + 6, s->sectors);
473 snprintf(buf, sizeof(buf), "QM%05d", s->drive_serial);
474 padstr((char *)(p + 10), buf, 20); /* serial number */
475 put_le16(p + 20, 3); /* XXX: retired, remove ? */
476 put_le16(p + 21, 512); /* cache size in sectors */
477 put_le16(p + 22, 4); /* ecc bytes */
478 padstr((char *)(p + 23), QEMU_VERSION, 8); /* firmware version */
479 padstr((char *)(p + 27), "QEMU HARDDISK", 40); /* model */
480 #if MAX_MULT_SECTORS > 1
481 put_le16(p + 47, 0x8000 | MAX_MULT_SECTORS);
483 put_le16(p + 48, 1); /* dword I/O */
484 put_le16(p + 49, (1 << 11) | (1 << 9) | (1 << 8)); /* DMA and LBA supported */
485 put_le16(p + 51, 0x200); /* PIO transfer cycle */
486 put_le16(p + 52, 0x200); /* DMA transfer cycle */
487 put_le16(p + 53, 1 | (1 << 1) | (1 << 2)); /* words 54-58,64-70,88 are valid */
488 put_le16(p + 54, s->cylinders);
489 put_le16(p + 55, s->heads);
490 put_le16(p + 56, s->sectors);
491 oldsize = s->cylinders * s->heads * s->sectors;
492 put_le16(p + 57, oldsize);
493 put_le16(p + 58, oldsize >> 16);
495 put_le16(p + 59, 0x100 | s->mult_sectors);
496 put_le16(p + 60, s->nb_sectors);
497 put_le16(p + 61, s->nb_sectors >> 16);
498 put_le16(p + 63, 0x07); /* mdma0-2 supported */
499 put_le16(p + 65, 120);
500 put_le16(p + 66, 120);
501 put_le16(p + 67, 120);
502 put_le16(p + 68, 120);
503 put_le16(p + 80, 0xf0); /* ata3 -> ata6 supported */
504 put_le16(p + 81, 0x16); /* conforms to ata5 */
505 put_le16(p + 82, (1 << 14));
506 /* 13=flush_cache_ext,12=flush_cache,10=lba48 */
507 put_le16(p + 83, (1 << 14) | (1 << 13) | (1 <<12) | (1 << 10));
508 put_le16(p + 84, (1 << 14));
509 put_le16(p + 85, (1 << 14));
510 /* 13=flush_cache_ext,12=flush_cache,10=lba48 */
511 put_le16(p + 86, (1 << 14) | (1 << 13) | (1 <<12) | (1 << 10));
512 put_le16(p + 87, (1 << 14));
513 put_le16(p + 88, 0x3f | (1 << 13)); /* udma5 set and supported */
514 put_le16(p + 93, 1 | (1 << 14) | 0x2000);
515 put_le16(p + 100, s->nb_sectors);
516 put_le16(p + 101, s->nb_sectors >> 16);
517 put_le16(p + 102, s->nb_sectors >> 32);
518 put_le16(p + 103, s->nb_sectors >> 48);
520 memcpy(s->identify_data, p, sizeof(s->identify_data));
524 static void ide_atapi_identify(IDEState *s)
529 if (s->identify_set) {
530 memcpy(s->io_buffer, s->identify_data, sizeof(s->identify_data));
534 memset(s->io_buffer, 0, 512);
535 p = (uint16_t *)s->io_buffer;
536 /* Removable CDROM, 50us response, 12 byte packets */
537 put_le16(p + 0, (2 << 14) | (5 << 8) | (1 << 7) | (2 << 5) | (0 << 0));
538 snprintf(buf, sizeof(buf), "QM%05d", s->drive_serial);
539 padstr((char *)(p + 10), buf, 20); /* serial number */
540 put_le16(p + 20, 3); /* buffer type */
541 put_le16(p + 21, 512); /* cache size in sectors */
542 put_le16(p + 22, 4); /* ecc bytes */
543 padstr((char *)(p + 23), QEMU_VERSION, 8); /* firmware version */
544 padstr((char *)(p + 27), "QEMU CD-ROM", 40); /* model */
545 put_le16(p + 48, 1); /* dword I/O (XXX: should not be set on CDROM) */
547 put_le16(p + 49, 1 << 9 | 1 << 8); /* DMA and LBA supported */
548 put_le16(p + 53, 7); /* words 64-70, 54-58, 88 valid */
549 put_le16(p + 63, 7); /* mdma0-2 supported */
550 put_le16(p + 64, 0x3f); /* PIO modes supported */
552 put_le16(p + 49, 1 << 9); /* LBA supported, no DMA */
553 put_le16(p + 53, 3); /* words 64-70, 54-58 valid */
554 put_le16(p + 63, 0x103); /* DMA modes XXX: may be incorrect */
555 put_le16(p + 64, 1); /* PIO modes */
557 put_le16(p + 65, 0xb4); /* minimum DMA multiword tx cycle time */
558 put_le16(p + 66, 0xb4); /* recommended DMA multiword tx cycle time */
559 put_le16(p + 67, 0x12c); /* minimum PIO cycle time without flow control */
560 put_le16(p + 68, 0xb4); /* minimum PIO cycle time with IORDY flow control */
562 put_le16(p + 71, 30); /* in ns */
563 put_le16(p + 72, 30); /* in ns */
565 put_le16(p + 80, 0x1e); /* support up to ATA/ATAPI-4 */
567 put_le16(p + 88, 0x3f | (1 << 13)); /* udma5 set and supported */
569 memcpy(s->identify_data, p, sizeof(s->identify_data));
573 static void ide_cfata_identify(IDEState *s)
579 p = (uint16_t *) s->identify_data;
583 memset(p, 0, sizeof(s->identify_data));
585 cur_sec = s->cylinders * s->heads * s->sectors;
587 put_le16(p + 0, 0x848a); /* CF Storage Card signature */
588 put_le16(p + 1, s->cylinders); /* Default cylinders */
589 put_le16(p + 3, s->heads); /* Default heads */
590 put_le16(p + 6, s->sectors); /* Default sectors per track */
591 put_le16(p + 7, s->nb_sectors >> 16); /* Sectors per card */
592 put_le16(p + 8, s->nb_sectors); /* Sectors per card */
593 snprintf(buf, sizeof(buf), "QM%05d", s->drive_serial);
594 padstr((char *)(p + 10), buf, 20); /* Serial number in ASCII */
595 put_le16(p + 22, 0x0004); /* ECC bytes */
596 padstr((char *) (p + 23), QEMU_VERSION, 8); /* Firmware Revision */
597 padstr((char *) (p + 27), "QEMU MICRODRIVE", 40);/* Model number */
598 #if MAX_MULT_SECTORS > 1
599 put_le16(p + 47, 0x8000 | MAX_MULT_SECTORS);
601 put_le16(p + 47, 0x0000);
603 put_le16(p + 49, 0x0f00); /* Capabilities */
604 put_le16(p + 51, 0x0002); /* PIO cycle timing mode */
605 put_le16(p + 52, 0x0001); /* DMA cycle timing mode */
606 put_le16(p + 53, 0x0003); /* Translation params valid */
607 put_le16(p + 54, s->cylinders); /* Current cylinders */
608 put_le16(p + 55, s->heads); /* Current heads */
609 put_le16(p + 56, s->sectors); /* Current sectors */
610 put_le16(p + 57, cur_sec); /* Current capacity */
611 put_le16(p + 58, cur_sec >> 16); /* Current capacity */
612 if (s->mult_sectors) /* Multiple sector setting */
613 put_le16(p + 59, 0x100 | s->mult_sectors);
614 put_le16(p + 60, s->nb_sectors); /* Total LBA sectors */
615 put_le16(p + 61, s->nb_sectors >> 16); /* Total LBA sectors */
616 put_le16(p + 63, 0x0203); /* Multiword DMA capability */
617 put_le16(p + 64, 0x0001); /* Flow Control PIO support */
618 put_le16(p + 65, 0x0096); /* Min. Multiword DMA cycle */
619 put_le16(p + 66, 0x0096); /* Rec. Multiword DMA cycle */
620 put_le16(p + 68, 0x00b4); /* Min. PIO cycle time */
621 put_le16(p + 82, 0x400c); /* Command Set supported */
622 put_le16(p + 83, 0x7068); /* Command Set supported */
623 put_le16(p + 84, 0x4000); /* Features supported */
624 put_le16(p + 85, 0x000c); /* Command Set enabled */
625 put_le16(p + 86, 0x7044); /* Command Set enabled */
626 put_le16(p + 87, 0x4000); /* Features enabled */
627 put_le16(p + 91, 0x4060); /* Current APM level */
628 put_le16(p + 129, 0x0002); /* Current features option */
629 put_le16(p + 130, 0x0005); /* Reassigned sectors */
630 put_le16(p + 131, 0x0001); /* Initial power mode */
631 put_le16(p + 132, 0x0000); /* User signature */
632 put_le16(p + 160, 0x8100); /* Power requirement */
633 put_le16(p + 161, 0x8001); /* CF command set */
638 memcpy(s->io_buffer, p, sizeof(s->identify_data));
641 static void ide_set_signature(IDEState *s)
643 s->select &= 0xf0; /* clear head */
659 static inline void ide_abort_command(IDEState *s)
661 s->status = READY_STAT | ERR_STAT;
665 static inline void ide_set_irq(IDEState *s)
667 BMDMAState *bm = s->bmdma;
668 if (!(s->cmd & IDE_CMD_DISABLE_IRQ)) {
670 bm->status |= BM_STATUS_INT;
672 qemu_irq_raise(s->irq);
676 /* prepare data transfer and tell what to do after */
677 static void ide_transfer_start(IDEState *s, uint8_t *buf, int size,
678 EndTransferFunc *end_transfer_func)
680 s->end_transfer_func = end_transfer_func;
682 s->data_end = buf + size;
683 if (!(s->status & ERR_STAT))
684 s->status |= DRQ_STAT;
687 static void ide_transfer_stop(IDEState *s)
689 s->end_transfer_func = ide_transfer_stop;
690 s->data_ptr = s->io_buffer;
691 s->data_end = s->io_buffer;
692 s->status &= ~DRQ_STAT;
695 static int64_t ide_get_sector(IDEState *s)
698 if (s->select & 0x40) {
701 sector_num = ((s->select & 0x0f) << 24) | (s->hcyl << 16) |
702 (s->lcyl << 8) | s->sector;
704 sector_num = ((int64_t)s->hob_hcyl << 40) |
705 ((int64_t) s->hob_lcyl << 32) |
706 ((int64_t) s->hob_sector << 24) |
707 ((int64_t) s->hcyl << 16) |
708 ((int64_t) s->lcyl << 8) | s->sector;
711 sector_num = ((s->hcyl << 8) | s->lcyl) * s->heads * s->sectors +
712 (s->select & 0x0f) * s->sectors + (s->sector - 1);
717 static void ide_set_sector(IDEState *s, int64_t sector_num)
720 if (s->select & 0x40) {
722 s->select = (s->select & 0xf0) | (sector_num >> 24);
723 s->hcyl = (sector_num >> 16);
724 s->lcyl = (sector_num >> 8);
725 s->sector = (sector_num);
727 s->sector = sector_num;
728 s->lcyl = sector_num >> 8;
729 s->hcyl = sector_num >> 16;
730 s->hob_sector = sector_num >> 24;
731 s->hob_lcyl = sector_num >> 32;
732 s->hob_hcyl = sector_num >> 40;
735 cyl = sector_num / (s->heads * s->sectors);
736 r = sector_num % (s->heads * s->sectors);
739 s->select = (s->select & 0xf0) | ((r / s->sectors) & 0x0f);
740 s->sector = (r % s->sectors) + 1;
744 static void ide_sector_read(IDEState *s)
749 s->status = READY_STAT | SEEK_STAT;
750 s->error = 0; /* not needed by IDE spec, but needed by Windows */
751 sector_num = ide_get_sector(s);
754 /* no more sector to read from disk */
755 ide_transfer_stop(s);
757 #if defined(DEBUG_IDE)
758 printf("read sector=%Ld\n", sector_num);
760 if (n > s->req_nb_sectors)
761 n = s->req_nb_sectors;
762 ret = bdrv_read(s->bs, sector_num, s->io_buffer, n);
763 ide_transfer_start(s, s->io_buffer, 512 * n, ide_sector_read);
765 ide_set_sector(s, sector_num + n);
770 /* return 0 if buffer completed */
771 static int dma_buf_rw(BMDMAState *bm, int is_write)
773 IDEState *s = bm->ide_if;
781 l = s->io_buffer_size - s->io_buffer_index;
784 if (bm->cur_prd_len == 0) {
785 /* end of table (with a fail safe of one page) */
786 if (bm->cur_prd_last ||
787 (bm->cur_addr - bm->addr) >= 4096)
789 cpu_physical_memory_read(bm->cur_addr, (uint8_t *)&prd, 8);
791 prd.addr = le32_to_cpu(prd.addr);
792 prd.size = le32_to_cpu(prd.size);
793 len = prd.size & 0xfffe;
796 bm->cur_prd_len = len;
797 bm->cur_prd_addr = prd.addr;
798 bm->cur_prd_last = (prd.size & 0x80000000);
800 if (l > bm->cur_prd_len)
804 cpu_physical_memory_write(bm->cur_prd_addr,
805 s->io_buffer + s->io_buffer_index, l);
807 cpu_physical_memory_read(bm->cur_prd_addr,
808 s->io_buffer + s->io_buffer_index, l);
810 bm->cur_prd_addr += l;
811 bm->cur_prd_len -= l;
812 s->io_buffer_index += l;
818 /* XXX: handle errors */
819 static void ide_read_dma_cb(void *opaque, int ret)
821 BMDMAState *bm = opaque;
822 IDEState *s = bm->ide_if;
826 n = s->io_buffer_size >> 9;
827 sector_num = ide_get_sector(s);
830 ide_set_sector(s, sector_num);
832 if (dma_buf_rw(bm, 1) == 0)
836 /* end of transfer ? */
837 if (s->nsector == 0) {
838 s->status = READY_STAT | SEEK_STAT;
841 bm->status &= ~BM_STATUS_DMAING;
842 bm->status |= BM_STATUS_INT;
849 /* launch next transfer */
851 if (n > MAX_MULT_SECTORS)
852 n = MAX_MULT_SECTORS;
853 s->io_buffer_index = 0;
854 s->io_buffer_size = n * 512;
856 printf("aio_read: sector_num=%lld n=%d\n", sector_num, n);
858 bm->aiocb = bdrv_aio_read(s->bs, sector_num, s->io_buffer, n,
859 ide_read_dma_cb, bm);
862 static void ide_sector_read_dma(IDEState *s)
864 s->status = READY_STAT | SEEK_STAT | DRQ_STAT | BUSY_STAT;
865 s->io_buffer_index = 0;
866 s->io_buffer_size = 0;
867 ide_dma_start(s, ide_read_dma_cb);
870 static void ide_sector_write_timer_cb(void *opaque)
872 IDEState *s = opaque;
876 static void ide_sector_write(IDEState *s)
881 s->status = READY_STAT | SEEK_STAT;
882 sector_num = ide_get_sector(s);
883 #if defined(DEBUG_IDE)
884 printf("write sector=%Ld\n", sector_num);
887 if (n > s->req_nb_sectors)
888 n = s->req_nb_sectors;
889 ret = bdrv_write(s->bs, sector_num, s->io_buffer, n);
891 if (s->nsector == 0) {
892 /* no more sectors to write */
893 ide_transfer_stop(s);
896 if (n1 > s->req_nb_sectors)
897 n1 = s->req_nb_sectors;
898 ide_transfer_start(s, s->io_buffer, 512 * n1, ide_sector_write);
900 ide_set_sector(s, sector_num + n);
903 if (win2k_install_hack && ((++s->irq_count % 16) == 0)) {
904 /* It seems there is a bug in the Windows 2000 installer HDD
905 IDE driver which fills the disk with empty logs when the
906 IDE write IRQ comes too early. This hack tries to correct
907 that at the expense of slower write performances. Use this
908 option _only_ to install Windows 2000. You must disable it
910 qemu_mod_timer(s->sector_write_timer,
911 qemu_get_clock(vm_clock) + (ticks_per_sec / 1000));
919 /* XXX: handle errors */
920 static void ide_write_dma_cb(void *opaque, int ret)
922 BMDMAState *bm = opaque;
923 IDEState *s = bm->ide_if;
927 n = s->io_buffer_size >> 9;
928 sector_num = ide_get_sector(s);
931 ide_set_sector(s, sector_num);
935 /* end of transfer ? */
936 if (s->nsector == 0) {
937 s->status = READY_STAT | SEEK_STAT;
940 bm->status &= ~BM_STATUS_DMAING;
941 bm->status |= BM_STATUS_INT;
948 /* launch next transfer */
950 if (n > MAX_MULT_SECTORS)
951 n = MAX_MULT_SECTORS;
952 s->io_buffer_index = 0;
953 s->io_buffer_size = n * 512;
955 if (dma_buf_rw(bm, 0) == 0)
958 printf("aio_write: sector_num=%lld n=%d\n", sector_num, n);
960 bm->aiocb = bdrv_aio_write(s->bs, sector_num, s->io_buffer, n,
961 ide_write_dma_cb, bm);
964 static void ide_sector_write_dma(IDEState *s)
966 s->status = READY_STAT | SEEK_STAT | DRQ_STAT | BUSY_STAT;
967 s->io_buffer_index = 0;
968 s->io_buffer_size = 0;
969 ide_dma_start(s, ide_write_dma_cb);
972 static void ide_atapi_cmd_ok(IDEState *s)
975 s->status = READY_STAT;
976 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
980 static void ide_atapi_cmd_error(IDEState *s, int sense_key, int asc)
982 #ifdef DEBUG_IDE_ATAPI
983 printf("atapi_cmd_error: sense=0x%x asc=0x%x\n", sense_key, asc);
985 s->error = sense_key << 4;
986 s->status = READY_STAT | ERR_STAT;
987 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
988 s->sense_key = sense_key;
993 static inline void cpu_to_ube16(uint8_t *buf, int val)
999 static inline void cpu_to_ube32(uint8_t *buf, unsigned int val)
1007 static inline int ube16_to_cpu(const uint8_t *buf)
1009 return (buf[0] << 8) | buf[1];
1012 static inline int ube32_to_cpu(const uint8_t *buf)
1014 return (buf[0] << 24) | (buf[1] << 16) | (buf[2] << 8) | buf[3];
1017 static void lba_to_msf(uint8_t *buf, int lba)
1020 buf[0] = (lba / 75) / 60;
1021 buf[1] = (lba / 75) % 60;
1025 static void cd_data_to_raw(uint8_t *buf, int lba)
1029 memset(buf + 1, 0xff, 10);
1033 lba_to_msf(buf, lba);
1034 buf[3] = 0x01; /* mode 1 data */
1038 /* XXX: ECC not computed */
1039 memset(buf, 0, 288);
1042 static int cd_read_sector(BlockDriverState *bs, int lba, uint8_t *buf,
1047 switch(sector_size) {
1049 ret = bdrv_read(bs, (int64_t)lba << 2, buf, 4);
1052 ret = bdrv_read(bs, (int64_t)lba << 2, buf + 16, 4);
1055 cd_data_to_raw(buf, lba);
1064 static void ide_atapi_io_error(IDEState *s, int ret)
1066 /* XXX: handle more errors */
1067 if (ret == -ENOMEDIUM) {
1068 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1069 ASC_MEDIUM_NOT_PRESENT);
1071 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1072 ASC_LOGICAL_BLOCK_OOR);
1076 /* The whole ATAPI transfer logic is handled in this function */
1077 static void ide_atapi_cmd_reply_end(IDEState *s)
1079 int byte_count_limit, size, ret;
1080 #ifdef DEBUG_IDE_ATAPI
1081 printf("reply: tx_size=%d elem_tx_size=%d index=%d\n",
1082 s->packet_transfer_size,
1083 s->elementary_transfer_size,
1084 s->io_buffer_index);
1086 if (s->packet_transfer_size <= 0) {
1087 /* end of transfer */
1088 ide_transfer_stop(s);
1089 s->status = READY_STAT;
1090 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
1092 #ifdef DEBUG_IDE_ATAPI
1093 printf("status=0x%x\n", s->status);
1096 /* see if a new sector must be read */
1097 if (s->lba != -1 && s->io_buffer_index >= s->cd_sector_size) {
1098 ret = cd_read_sector(s->bs, s->lba, s->io_buffer, s->cd_sector_size);
1100 ide_transfer_stop(s);
1101 ide_atapi_io_error(s, ret);
1105 s->io_buffer_index = 0;
1107 if (s->elementary_transfer_size > 0) {
1108 /* there are some data left to transmit in this elementary
1110 size = s->cd_sector_size - s->io_buffer_index;
1111 if (size > s->elementary_transfer_size)
1112 size = s->elementary_transfer_size;
1113 ide_transfer_start(s, s->io_buffer + s->io_buffer_index,
1114 size, ide_atapi_cmd_reply_end);
1115 s->packet_transfer_size -= size;
1116 s->elementary_transfer_size -= size;
1117 s->io_buffer_index += size;
1119 /* a new transfer is needed */
1120 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO;
1121 byte_count_limit = s->lcyl | (s->hcyl << 8);
1122 #ifdef DEBUG_IDE_ATAPI
1123 printf("byte_count_limit=%d\n", byte_count_limit);
1125 if (byte_count_limit == 0xffff)
1127 size = s->packet_transfer_size;
1128 if (size > byte_count_limit) {
1129 /* byte count limit must be even if this case */
1130 if (byte_count_limit & 1)
1132 size = byte_count_limit;
1135 s->hcyl = size >> 8;
1136 s->elementary_transfer_size = size;
1137 /* we cannot transmit more than one sector at a time */
1139 if (size > (s->cd_sector_size - s->io_buffer_index))
1140 size = (s->cd_sector_size - s->io_buffer_index);
1142 ide_transfer_start(s, s->io_buffer + s->io_buffer_index,
1143 size, ide_atapi_cmd_reply_end);
1144 s->packet_transfer_size -= size;
1145 s->elementary_transfer_size -= size;
1146 s->io_buffer_index += size;
1148 #ifdef DEBUG_IDE_ATAPI
1149 printf("status=0x%x\n", s->status);
1155 /* send a reply of 'size' bytes in s->io_buffer to an ATAPI command */
1156 static void ide_atapi_cmd_reply(IDEState *s, int size, int max_size)
1158 if (size > max_size)
1160 s->lba = -1; /* no sector read */
1161 s->packet_transfer_size = size;
1162 s->io_buffer_size = size; /* dma: send the reply data as one chunk */
1163 s->elementary_transfer_size = 0;
1164 s->io_buffer_index = 0;
1167 s->status = READY_STAT | DRQ_STAT;
1168 ide_dma_start(s, ide_atapi_cmd_read_dma_cb);
1170 s->status = READY_STAT;
1171 ide_atapi_cmd_reply_end(s);
1175 /* start a CD-CDROM read command */
1176 static void ide_atapi_cmd_read_pio(IDEState *s, int lba, int nb_sectors,
1180 s->packet_transfer_size = nb_sectors * sector_size;
1181 s->elementary_transfer_size = 0;
1182 s->io_buffer_index = sector_size;
1183 s->cd_sector_size = sector_size;
1185 s->status = READY_STAT;
1186 ide_atapi_cmd_reply_end(s);
1189 /* ATAPI DMA support */
1191 /* XXX: handle read errors */
1192 static void ide_atapi_cmd_read_dma_cb(void *opaque, int ret)
1194 BMDMAState *bm = opaque;
1195 IDEState *s = bm->ide_if;
1199 ide_atapi_io_error(s, ret);
1203 if (s->io_buffer_size > 0) {
1205 * For a cdrom read sector command (s->lba != -1),
1206 * adjust the lba for the next s->io_buffer_size chunk
1207 * and dma the current chunk.
1208 * For a command != read (s->lba == -1), just transfer
1212 if (s->cd_sector_size == 2352) {
1214 cd_data_to_raw(s->io_buffer, s->lba);
1216 n = s->io_buffer_size >> 11;
1220 s->packet_transfer_size -= s->io_buffer_size;
1221 if (dma_buf_rw(bm, 1) == 0)
1225 if (s->packet_transfer_size <= 0) {
1226 s->status = READY_STAT;
1227 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
1230 bm->status &= ~BM_STATUS_DMAING;
1231 bm->status |= BM_STATUS_INT;
1238 s->io_buffer_index = 0;
1239 if (s->cd_sector_size == 2352) {
1241 s->io_buffer_size = s->cd_sector_size;
1244 n = s->packet_transfer_size >> 11;
1245 if (n > (MAX_MULT_SECTORS / 4))
1246 n = (MAX_MULT_SECTORS / 4);
1247 s->io_buffer_size = n * 2048;
1251 printf("aio_read_cd: lba=%u n=%d\n", s->lba, n);
1253 bm->aiocb = bdrv_aio_read(s->bs, (int64_t)s->lba << 2,
1254 s->io_buffer + data_offset, n * 4,
1255 ide_atapi_cmd_read_dma_cb, bm);
1257 /* Note: media not present is the most likely case */
1258 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1259 ASC_MEDIUM_NOT_PRESENT);
1264 /* start a CD-CDROM read command with DMA */
1265 /* XXX: test if DMA is available */
1266 static void ide_atapi_cmd_read_dma(IDEState *s, int lba, int nb_sectors,
1270 s->packet_transfer_size = nb_sectors * sector_size;
1271 s->io_buffer_index = 0;
1272 s->io_buffer_size = 0;
1273 s->cd_sector_size = sector_size;
1275 /* XXX: check if BUSY_STAT should be set */
1276 s->status = READY_STAT | DRQ_STAT | BUSY_STAT;
1277 ide_dma_start(s, ide_atapi_cmd_read_dma_cb);
1280 static void ide_atapi_cmd_read(IDEState *s, int lba, int nb_sectors,
1283 #ifdef DEBUG_IDE_ATAPI
1284 printf("read %s: LBA=%d nb_sectors=%d\n", s->atapi_dma ? "dma" : "pio",
1288 ide_atapi_cmd_read_dma(s, lba, nb_sectors, sector_size);
1290 ide_atapi_cmd_read_pio(s, lba, nb_sectors, sector_size);
1294 static void ide_atapi_cmd(IDEState *s)
1296 const uint8_t *packet;
1300 packet = s->io_buffer;
1302 #ifdef DEBUG_IDE_ATAPI
1305 printf("ATAPI limit=0x%x packet:", s->lcyl | (s->hcyl << 8));
1306 for(i = 0; i < ATAPI_PACKET_SIZE; i++) {
1307 printf(" %02x", packet[i]);
1312 switch(s->io_buffer[0]) {
1313 case GPCMD_TEST_UNIT_READY:
1314 if (bdrv_is_inserted(s->bs)) {
1315 ide_atapi_cmd_ok(s);
1317 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1318 ASC_MEDIUM_NOT_PRESENT);
1321 case GPCMD_MODE_SENSE_6:
1322 case GPCMD_MODE_SENSE_10:
1325 if (packet[0] == GPCMD_MODE_SENSE_10)
1326 max_len = ube16_to_cpu(packet + 7);
1328 max_len = packet[4];
1329 action = packet[2] >> 6;
1330 code = packet[2] & 0x3f;
1332 case 0: /* current values */
1334 case 0x01: /* error recovery */
1335 cpu_to_ube16(&buf[0], 16 + 6);
1351 ide_atapi_cmd_reply(s, 16, max_len);
1354 cpu_to_ube16(&buf[0], 28 + 6);
1369 buf[14] = (1 << 0) | (1 << 3) | (1 << 5);
1370 if (bdrv_is_locked(s->bs))
1373 cpu_to_ube16(&buf[16], 706);
1376 cpu_to_ube16(&buf[20], 512);
1377 cpu_to_ube16(&buf[22], 706);
1382 ide_atapi_cmd_reply(s, 28, max_len);
1388 case 1: /* changeable values */
1390 case 2: /* default values */
1393 case 3: /* saved values */
1394 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1395 ASC_SAVING_PARAMETERS_NOT_SUPPORTED);
1400 case GPCMD_REQUEST_SENSE:
1401 max_len = packet[4];
1403 buf[0] = 0x70 | (1 << 7);
1404 buf[2] = s->sense_key;
1407 ide_atapi_cmd_reply(s, 18, max_len);
1409 case GPCMD_PREVENT_ALLOW_MEDIUM_REMOVAL:
1410 if (bdrv_is_inserted(s->bs)) {
1411 bdrv_set_locked(s->bs, packet[4] & 1);
1412 ide_atapi_cmd_ok(s);
1414 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1415 ASC_MEDIUM_NOT_PRESENT);
1421 int nb_sectors, lba;
1423 if (packet[0] == GPCMD_READ_10)
1424 nb_sectors = ube16_to_cpu(packet + 7);
1426 nb_sectors = ube32_to_cpu(packet + 6);
1427 lba = ube32_to_cpu(packet + 2);
1428 if (nb_sectors == 0) {
1429 ide_atapi_cmd_ok(s);
1432 ide_atapi_cmd_read(s, lba, nb_sectors, 2048);
1437 int nb_sectors, lba, transfer_request;
1439 nb_sectors = (packet[6] << 16) | (packet[7] << 8) | packet[8];
1440 lba = ube32_to_cpu(packet + 2);
1441 if (nb_sectors == 0) {
1442 ide_atapi_cmd_ok(s);
1445 transfer_request = packet[9];
1446 switch(transfer_request & 0xf8) {
1449 ide_atapi_cmd_ok(s);
1453 ide_atapi_cmd_read(s, lba, nb_sectors, 2048);
1457 ide_atapi_cmd_read(s, lba, nb_sectors, 2352);
1460 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1461 ASC_INV_FIELD_IN_CMD_PACKET);
1469 int64_t total_sectors;
1471 bdrv_get_geometry(s->bs, &total_sectors);
1472 total_sectors >>= 2;
1473 if (total_sectors <= 0) {
1474 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1475 ASC_MEDIUM_NOT_PRESENT);
1478 lba = ube32_to_cpu(packet + 2);
1479 if (lba >= total_sectors) {
1480 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1481 ASC_LOGICAL_BLOCK_OOR);
1484 ide_atapi_cmd_ok(s);
1487 case GPCMD_START_STOP_UNIT:
1490 start = packet[4] & 1;
1491 eject = (packet[4] >> 1) & 1;
1493 if (eject && !start) {
1494 /* eject the disk */
1495 bdrv_eject(s->bs, 1);
1496 } else if (eject && start) {
1497 /* close the tray */
1498 bdrv_eject(s->bs, 0);
1500 ide_atapi_cmd_ok(s);
1503 case GPCMD_MECHANISM_STATUS:
1505 max_len = ube16_to_cpu(packet + 8);
1506 cpu_to_ube16(buf, 0);
1507 /* no current LBA */
1512 cpu_to_ube16(buf + 6, 0);
1513 ide_atapi_cmd_reply(s, 8, max_len);
1516 case GPCMD_READ_TOC_PMA_ATIP:
1518 int format, msf, start_track, len;
1519 int64_t total_sectors;
1521 bdrv_get_geometry(s->bs, &total_sectors);
1522 total_sectors >>= 2;
1523 if (total_sectors <= 0) {
1524 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1525 ASC_MEDIUM_NOT_PRESENT);
1528 max_len = ube16_to_cpu(packet + 7);
1529 format = packet[9] >> 6;
1530 msf = (packet[1] >> 1) & 1;
1531 start_track = packet[6];
1534 len = cdrom_read_toc(total_sectors, buf, msf, start_track);
1537 ide_atapi_cmd_reply(s, len, max_len);
1540 /* multi session : only a single session defined */
1545 ide_atapi_cmd_reply(s, 12, max_len);
1548 len = cdrom_read_toc_raw(total_sectors, buf, msf, start_track);
1551 ide_atapi_cmd_reply(s, len, max_len);
1555 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1556 ASC_INV_FIELD_IN_CMD_PACKET);
1561 case GPCMD_READ_CDVD_CAPACITY:
1563 int64_t total_sectors;
1565 bdrv_get_geometry(s->bs, &total_sectors);
1566 total_sectors >>= 2;
1567 if (total_sectors <= 0) {
1568 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1569 ASC_MEDIUM_NOT_PRESENT);
1572 /* NOTE: it is really the number of sectors minus 1 */
1573 cpu_to_ube32(buf, total_sectors - 1);
1574 cpu_to_ube32(buf + 4, 2048);
1575 ide_atapi_cmd_reply(s, 8, 8);
1578 case GPCMD_READ_DVD_STRUCTURE:
1580 int media = packet[1];
1581 int layer = packet[6];
1582 int format = packet[2];
1583 int64_t total_sectors;
1585 if (media != 0 || layer != 0)
1587 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1588 ASC_INV_FIELD_IN_CMD_PACKET);
1593 bdrv_get_geometry(s->bs, &total_sectors);
1594 total_sectors >>= 2;
1596 memset(buf, 0, 2052);
1598 buf[4] = 1; // DVD-ROM, part version 1
1599 buf[5] = 0xf; // 120mm disc, maximum rate unspecified
1600 buf[6] = 0; // one layer, embossed data
1603 cpu_to_ube32(buf + 8, 0);
1604 cpu_to_ube32(buf + 12, total_sectors - 1);
1605 cpu_to_ube32(buf + 16, total_sectors - 1);
1607 cpu_to_be16wu((uint16_t *)buf, 2048 + 4);
1609 ide_atapi_cmd_reply(s, 2048 + 3, 2048 + 4);
1613 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1614 ASC_INV_FIELD_IN_CMD_PACKET);
1619 case GPCMD_SET_SPEED:
1620 ide_atapi_cmd_ok(s);
1623 max_len = packet[4];
1624 buf[0] = 0x05; /* CD-ROM */
1625 buf[1] = 0x80; /* removable */
1626 buf[2] = 0x00; /* ISO */
1627 buf[3] = 0x21; /* ATAPI-2 (XXX: put ATAPI-4 ?) */
1628 buf[4] = 31; /* additional length */
1629 buf[5] = 0; /* reserved */
1630 buf[6] = 0; /* reserved */
1631 buf[7] = 0; /* reserved */
1632 padstr8(buf + 8, 8, "QEMU");
1633 padstr8(buf + 16, 16, "QEMU CD-ROM");
1634 padstr8(buf + 32, 4, QEMU_VERSION);
1635 ide_atapi_cmd_reply(s, 36, max_len);
1637 case GPCMD_GET_CONFIGURATION:
1639 int64_t total_sectors;
1641 /* only feature 0 is supported */
1642 if (packet[2] != 0 || packet[3] != 0) {
1643 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1644 ASC_INV_FIELD_IN_CMD_PACKET);
1648 bdrv_get_geometry(s->bs, &total_sectors);
1650 buf[7] = total_sectors <= 1433600 ? 0x08 : 0x10; /* current profile */
1651 buf[10] = 0x10 | 0x1;
1652 buf[11] = 0x08; /* size of profile list */
1653 buf[13] = 0x10; /* DVD-ROM profile */
1654 buf[14] = buf[7] == 0x10; /* (in)active */
1655 buf[17] = 0x08; /* CD-ROM profile */
1656 buf[18] = buf[7] == 0x08; /* (in)active */
1657 ide_atapi_cmd_reply(s, 32, 32);
1661 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1662 ASC_ILLEGAL_OPCODE);
1667 static void ide_cfata_metadata_inquiry(IDEState *s)
1672 p = (uint16_t *) s->io_buffer;
1673 memset(p, 0, 0x200);
1674 spd = ((s->mdata_size - 1) >> 9) + 1;
1676 put_le16(p + 0, 0x0001); /* Data format revision */
1677 put_le16(p + 1, 0x0000); /* Media property: silicon */
1678 put_le16(p + 2, s->media_changed); /* Media status */
1679 put_le16(p + 3, s->mdata_size & 0xffff); /* Capacity in bytes (low) */
1680 put_le16(p + 4, s->mdata_size >> 16); /* Capacity in bytes (high) */
1681 put_le16(p + 5, spd & 0xffff); /* Sectors per device (low) */
1682 put_le16(p + 6, spd >> 16); /* Sectors per device (high) */
1685 static void ide_cfata_metadata_read(IDEState *s)
1689 if (((s->hcyl << 16) | s->lcyl) << 9 > s->mdata_size + 2) {
1690 s->status = ERR_STAT;
1691 s->error = ABRT_ERR;
1695 p = (uint16_t *) s->io_buffer;
1696 memset(p, 0, 0x200);
1698 put_le16(p + 0, s->media_changed); /* Media status */
1699 memcpy(p + 1, s->mdata_storage + (((s->hcyl << 16) | s->lcyl) << 9),
1700 MIN(MIN(s->mdata_size - (((s->hcyl << 16) | s->lcyl) << 9),
1701 s->nsector << 9), 0x200 - 2));
1704 static void ide_cfata_metadata_write(IDEState *s)
1706 if (((s->hcyl << 16) | s->lcyl) << 9 > s->mdata_size + 2) {
1707 s->status = ERR_STAT;
1708 s->error = ABRT_ERR;
1712 s->media_changed = 0;
1714 memcpy(s->mdata_storage + (((s->hcyl << 16) | s->lcyl) << 9),
1716 MIN(MIN(s->mdata_size - (((s->hcyl << 16) | s->lcyl) << 9),
1717 s->nsector << 9), 0x200 - 2));
1720 /* called when the inserted state of the media has changed */
1721 static void cdrom_change_cb(void *opaque)
1723 IDEState *s = opaque;
1726 /* XXX: send interrupt too */
1727 bdrv_get_geometry(s->bs, &nb_sectors);
1728 s->nb_sectors = nb_sectors;
1731 static void ide_cmd_lba48_transform(IDEState *s, int lba48)
1735 /* handle the 'magic' 0 nsector count conversion here. to avoid
1736 * fiddling with the rest of the read logic, we just store the
1737 * full sector count in ->nsector and ignore ->hob_nsector from now
1743 if (!s->nsector && !s->hob_nsector)
1746 int lo = s->nsector;
1747 int hi = s->hob_nsector;
1749 s->nsector = (hi << 8) | lo;
1754 static void ide_clear_hob(IDEState *ide_if)
1756 /* any write clears HOB high bit of device control register */
1757 ide_if[0].select &= ~(1 << 7);
1758 ide_if[1].select &= ~(1 << 7);
1761 static void ide_ioport_write(void *opaque, uint32_t addr, uint32_t val)
1763 IDEState *ide_if = opaque;
1769 printf("IDE: write addr=0x%x val=0x%02x\n", addr, val);
1777 ide_clear_hob(ide_if);
1778 /* NOTE: data is written to the two drives */
1779 ide_if[0].hob_feature = ide_if[0].feature;
1780 ide_if[1].hob_feature = ide_if[1].feature;
1781 ide_if[0].feature = val;
1782 ide_if[1].feature = val;
1785 ide_clear_hob(ide_if);
1786 ide_if[0].hob_nsector = ide_if[0].nsector;
1787 ide_if[1].hob_nsector = ide_if[1].nsector;
1788 ide_if[0].nsector = val;
1789 ide_if[1].nsector = val;
1792 ide_clear_hob(ide_if);
1793 ide_if[0].hob_sector = ide_if[0].sector;
1794 ide_if[1].hob_sector = ide_if[1].sector;
1795 ide_if[0].sector = val;
1796 ide_if[1].sector = val;
1799 ide_clear_hob(ide_if);
1800 ide_if[0].hob_lcyl = ide_if[0].lcyl;
1801 ide_if[1].hob_lcyl = ide_if[1].lcyl;
1802 ide_if[0].lcyl = val;
1803 ide_if[1].lcyl = val;
1806 ide_clear_hob(ide_if);
1807 ide_if[0].hob_hcyl = ide_if[0].hcyl;
1808 ide_if[1].hob_hcyl = ide_if[1].hcyl;
1809 ide_if[0].hcyl = val;
1810 ide_if[1].hcyl = val;
1813 /* FIXME: HOB readback uses bit 7 */
1814 ide_if[0].select = (val & ~0x10) | 0xa0;
1815 ide_if[1].select = (val | 0x10) | 0xa0;
1817 unit = (val >> 4) & 1;
1819 ide_if->cur_drive = s;
1824 #if defined(DEBUG_IDE)
1825 printf("ide: CMD=%02x\n", val);
1827 s = ide_if->cur_drive;
1828 /* ignore commands to non existant slave */
1829 if (s != ide_if && !s->bs)
1834 if (s->bs && !s->is_cdrom) {
1838 ide_cfata_identify(s);
1839 s->status = READY_STAT | SEEK_STAT;
1840 ide_transfer_start(s, s->io_buffer, 512, ide_transfer_stop);
1843 ide_set_signature(s);
1845 ide_abort_command(s);
1852 s->status = READY_STAT | SEEK_STAT;
1856 if (s->is_cf && s->nsector == 0) {
1857 /* Disable Read and Write Multiple */
1858 s->mult_sectors = 0;
1859 s->status = READY_STAT;
1860 } else if ((s->nsector & 0xff) != 0 &&
1861 ((s->nsector & 0xff) > MAX_MULT_SECTORS ||
1862 (s->nsector & (s->nsector - 1)) != 0)) {
1863 ide_abort_command(s);
1865 s->mult_sectors = s->nsector & 0xff;
1866 s->status = READY_STAT;
1870 case WIN_VERIFY_EXT:
1873 case WIN_VERIFY_ONCE:
1874 /* do sector number check ? */
1875 ide_cmd_lba48_transform(s, lba48);
1876 s->status = READY_STAT;
1885 ide_cmd_lba48_transform(s, lba48);
1886 s->req_nb_sectors = 1;
1892 case WIN_WRITE_ONCE:
1893 case CFA_WRITE_SECT_WO_ERASE:
1894 case WIN_WRITE_VERIFY:
1895 ide_cmd_lba48_transform(s, lba48);
1897 s->status = SEEK_STAT | READY_STAT;
1898 s->req_nb_sectors = 1;
1899 ide_transfer_start(s, s->io_buffer, 512, ide_sector_write);
1900 s->media_changed = 1;
1902 case WIN_MULTREAD_EXT:
1905 if (!s->mult_sectors)
1907 ide_cmd_lba48_transform(s, lba48);
1908 s->req_nb_sectors = s->mult_sectors;
1911 case WIN_MULTWRITE_EXT:
1914 case CFA_WRITE_MULTI_WO_ERASE:
1915 if (!s->mult_sectors)
1917 ide_cmd_lba48_transform(s, lba48);
1919 s->status = SEEK_STAT | READY_STAT;
1920 s->req_nb_sectors = s->mult_sectors;
1922 if (n > s->req_nb_sectors)
1923 n = s->req_nb_sectors;
1924 ide_transfer_start(s, s->io_buffer, 512 * n, ide_sector_write);
1925 s->media_changed = 1;
1927 case WIN_READDMA_EXT:
1930 case WIN_READDMA_ONCE:
1933 ide_cmd_lba48_transform(s, lba48);
1934 ide_sector_read_dma(s);
1936 case WIN_WRITEDMA_EXT:
1939 case WIN_WRITEDMA_ONCE:
1942 ide_cmd_lba48_transform(s, lba48);
1943 ide_sector_write_dma(s);
1944 s->media_changed = 1;
1946 case WIN_READ_NATIVE_MAX_EXT:
1948 case WIN_READ_NATIVE_MAX:
1949 ide_cmd_lba48_transform(s, lba48);
1950 ide_set_sector(s, s->nb_sectors - 1);
1951 s->status = READY_STAT;
1954 case WIN_CHECKPOWERMODE1:
1955 case WIN_CHECKPOWERMODE2:
1956 s->nsector = 0xff; /* device active or idle */
1957 s->status = READY_STAT;
1960 case WIN_SETFEATURES:
1963 /* XXX: valid for CDROM ? */
1964 switch(s->feature) {
1965 case 0xcc: /* reverting to power-on defaults enable */
1966 case 0x66: /* reverting to power-on defaults disable */
1967 case 0x02: /* write cache enable */
1968 case 0x82: /* write cache disable */
1969 case 0xaa: /* read look-ahead enable */
1970 case 0x55: /* read look-ahead disable */
1971 case 0x05: /* set advanced power management mode */
1972 case 0x85: /* disable advanced power management mode */
1973 case 0x69: /* NOP */
1974 case 0x67: /* NOP */
1975 case 0x96: /* NOP */
1976 case 0x9a: /* NOP */
1977 case 0x42: /* enable Automatic Acoustic Mode */
1978 case 0xc2: /* disable Automatic Acoustic Mode */
1979 s->status = READY_STAT | SEEK_STAT;
1982 case 0x03: { /* set transfer mode */
1983 uint8_t val = s->nsector & 0x07;
1985 switch (s->nsector >> 3) {
1986 case 0x00: /* pio default */
1987 case 0x01: /* pio mode */
1988 put_le16(s->identify_data + 63,0x07);
1989 put_le16(s->identify_data + 88,0x3f);
1991 case 0x04: /* mdma mode */
1992 put_le16(s->identify_data + 63,0x07 | (1 << (val + 8)));
1993 put_le16(s->identify_data + 88,0x3f);
1995 case 0x08: /* udma mode */
1996 put_le16(s->identify_data + 63,0x07);
1997 put_le16(s->identify_data + 88,0x3f | (1 << (val + 8)));
2002 s->status = READY_STAT | SEEK_STAT;
2010 case WIN_FLUSH_CACHE:
2011 case WIN_FLUSH_CACHE_EXT:
2014 s->status = READY_STAT;
2019 case WIN_STANDBYNOW1:
2020 case WIN_STANDBYNOW2:
2021 case WIN_IDLEIMMEDIATE:
2022 case CFA_IDLEIMMEDIATE:
2027 s->status = READY_STAT;
2030 /* ATAPI commands */
2033 ide_atapi_identify(s);
2034 s->status = READY_STAT | SEEK_STAT;
2035 ide_transfer_start(s, s->io_buffer, 512, ide_transfer_stop);
2037 ide_abort_command(s);
2042 ide_set_signature(s);
2043 s->status = 0x00; /* NOTE: READY is _not_ set */
2050 ide_set_signature(s);
2051 s->status = 0x00; /* NOTE: READY is _not_ set */
2057 /* overlapping commands not supported */
2058 if (s->feature & 0x02)
2060 s->status = READY_STAT;
2061 s->atapi_dma = s->feature & 1;
2063 ide_transfer_start(s, s->io_buffer, ATAPI_PACKET_SIZE,
2066 /* CF-ATA commands */
2067 case CFA_REQ_EXT_ERROR_CODE:
2070 s->error = 0x09; /* miscellaneous error */
2071 s->status = READY_STAT;
2074 case CFA_ERASE_SECTORS:
2075 case CFA_WEAR_LEVEL:
2078 if (val == CFA_WEAR_LEVEL)
2080 if (val == CFA_ERASE_SECTORS)
2081 s->media_changed = 1;
2083 s->status = READY_STAT;
2086 case CFA_TRANSLATE_SECTOR:
2090 s->status = READY_STAT;
2091 memset(s->io_buffer, 0, 0x200);
2092 s->io_buffer[0x00] = s->hcyl; /* Cyl MSB */
2093 s->io_buffer[0x01] = s->lcyl; /* Cyl LSB */
2094 s->io_buffer[0x02] = s->select; /* Head */
2095 s->io_buffer[0x03] = s->sector; /* Sector */
2096 s->io_buffer[0x04] = ide_get_sector(s) >> 16; /* LBA MSB */
2097 s->io_buffer[0x05] = ide_get_sector(s) >> 8; /* LBA */
2098 s->io_buffer[0x06] = ide_get_sector(s) >> 0; /* LBA LSB */
2099 s->io_buffer[0x13] = 0x00; /* Erase flag */
2100 s->io_buffer[0x18] = 0x00; /* Hot count */
2101 s->io_buffer[0x19] = 0x00; /* Hot count */
2102 s->io_buffer[0x1a] = 0x01; /* Hot count */
2103 ide_transfer_start(s, s->io_buffer, 0x200, ide_transfer_stop);
2106 case CFA_ACCESS_METADATA_STORAGE:
2109 switch (s->feature) {
2110 case 0x02: /* Inquiry Metadata Storage */
2111 ide_cfata_metadata_inquiry(s);
2113 case 0x03: /* Read Metadata Storage */
2114 ide_cfata_metadata_read(s);
2116 case 0x04: /* Write Metadata Storage */
2117 ide_cfata_metadata_write(s);
2122 ide_transfer_start(s, s->io_buffer, 0x200, ide_transfer_stop);
2123 s->status = 0x00; /* NOTE: READY is _not_ set */
2126 case IBM_SENSE_CONDITION:
2129 switch (s->feature) {
2130 case 0x01: /* sense temperature in device */
2131 s->nsector = 0x50; /* +20 C */
2136 s->status = READY_STAT;
2141 ide_abort_command(s);
2148 static uint32_t ide_ioport_read(void *opaque, uint32_t addr1)
2150 IDEState *ide_if = opaque;
2151 IDEState *s = ide_if->cur_drive;
2156 /* FIXME: HOB readback uses bit 7, but it's always set right now */
2157 //hob = s->select & (1 << 7);
2164 if (!ide_if[0].bs && !ide_if[1].bs)
2169 ret = s->hob_feature;
2172 if (!ide_if[0].bs && !ide_if[1].bs)
2175 ret = s->nsector & 0xff;
2177 ret = s->hob_nsector;
2180 if (!ide_if[0].bs && !ide_if[1].bs)
2185 ret = s->hob_sector;
2188 if (!ide_if[0].bs && !ide_if[1].bs)
2196 if (!ide_if[0].bs && !ide_if[1].bs)
2204 if (!ide_if[0].bs && !ide_if[1].bs)
2211 if ((!ide_if[0].bs && !ide_if[1].bs) ||
2212 (s != ide_if && !s->bs))
2216 qemu_irq_lower(s->irq);
2220 printf("ide: read addr=0x%x val=%02x\n", addr1, ret);
2225 static uint32_t ide_status_read(void *opaque, uint32_t addr)
2227 IDEState *ide_if = opaque;
2228 IDEState *s = ide_if->cur_drive;
2231 if ((!ide_if[0].bs && !ide_if[1].bs) ||
2232 (s != ide_if && !s->bs))
2237 printf("ide: read status addr=0x%x val=%02x\n", addr, ret);
2242 static void ide_cmd_write(void *opaque, uint32_t addr, uint32_t val)
2244 IDEState *ide_if = opaque;
2249 printf("ide: write control addr=0x%x val=%02x\n", addr, val);
2251 /* common for both drives */
2252 if (!(ide_if[0].cmd & IDE_CMD_RESET) &&
2253 (val & IDE_CMD_RESET)) {
2254 /* reset low to high */
2255 for(i = 0;i < 2; i++) {
2257 s->status = BUSY_STAT | SEEK_STAT;
2260 } else if ((ide_if[0].cmd & IDE_CMD_RESET) &&
2261 !(val & IDE_CMD_RESET)) {
2263 for(i = 0;i < 2; i++) {
2266 s->status = 0x00; /* NOTE: READY is _not_ set */
2268 s->status = READY_STAT | SEEK_STAT;
2269 ide_set_signature(s);
2273 ide_if[0].cmd = val;
2274 ide_if[1].cmd = val;
2277 static void ide_data_writew(void *opaque, uint32_t addr, uint32_t val)
2279 IDEState *s = ((IDEState *)opaque)->cur_drive;
2283 *(uint16_t *)p = le16_to_cpu(val);
2286 if (p >= s->data_end)
2287 s->end_transfer_func(s);
2290 static uint32_t ide_data_readw(void *opaque, uint32_t addr)
2292 IDEState *s = ((IDEState *)opaque)->cur_drive;
2296 ret = cpu_to_le16(*(uint16_t *)p);
2299 if (p >= s->data_end)
2300 s->end_transfer_func(s);
2304 static void ide_data_writel(void *opaque, uint32_t addr, uint32_t val)
2306 IDEState *s = ((IDEState *)opaque)->cur_drive;
2310 *(uint32_t *)p = le32_to_cpu(val);
2313 if (p >= s->data_end)
2314 s->end_transfer_func(s);
2317 static uint32_t ide_data_readl(void *opaque, uint32_t addr)
2319 IDEState *s = ((IDEState *)opaque)->cur_drive;
2324 ret = cpu_to_le32(*(uint32_t *)p);
2327 if (p >= s->data_end)
2328 s->end_transfer_func(s);
2332 static void ide_dummy_transfer_stop(IDEState *s)
2334 s->data_ptr = s->io_buffer;
2335 s->data_end = s->io_buffer;
2336 s->io_buffer[0] = 0xff;
2337 s->io_buffer[1] = 0xff;
2338 s->io_buffer[2] = 0xff;
2339 s->io_buffer[3] = 0xff;
2342 static void ide_reset(IDEState *s)
2345 s->mult_sectors = 0;
2347 s->mult_sectors = MAX_MULT_SECTORS;
2350 s->status = READY_STAT;
2351 ide_set_signature(s);
2352 /* init the transfer handler so that 0xffff is returned on data
2354 s->end_transfer_func = ide_dummy_transfer_stop;
2355 ide_dummy_transfer_stop(s);
2356 s->media_changed = 0;
2360 uint8_t boot_ind; /* 0x80 - active */
2361 uint8_t head; /* starting head */
2362 uint8_t sector; /* starting sector */
2363 uint8_t cyl; /* starting cylinder */
2364 uint8_t sys_ind; /* What partition type */
2365 uint8_t end_head; /* end head */
2366 uint8_t end_sector; /* end sector */
2367 uint8_t end_cyl; /* end cylinder */
2368 uint32_t start_sect; /* starting sector counting from 0 */
2369 uint32_t nr_sects; /* nr of sectors in partition */
2370 } __attribute__((packed));
2372 /* try to guess the disk logical geometry from the MSDOS partition table. Return 0 if OK, -1 if could not guess */
2373 static int guess_disk_lchs(IDEState *s,
2374 int *pcylinders, int *pheads, int *psectors)
2377 int ret, i, heads, sectors, cylinders;
2378 struct partition *p;
2381 ret = bdrv_read(s->bs, 0, buf, 1);
2384 /* test msdos magic */
2385 if (buf[510] != 0x55 || buf[511] != 0xaa)
2387 for(i = 0; i < 4; i++) {
2388 p = ((struct partition *)(buf + 0x1be)) + i;
2389 nr_sects = le32_to_cpu(p->nr_sects);
2390 if (nr_sects && p->end_head) {
2391 /* We make the assumption that the partition terminates on
2392 a cylinder boundary */
2393 heads = p->end_head + 1;
2394 sectors = p->end_sector & 63;
2397 cylinders = s->nb_sectors / (heads * sectors);
2398 if (cylinders < 1 || cylinders > 16383)
2401 *psectors = sectors;
2402 *pcylinders = cylinders;
2404 printf("guessed geometry: LCHS=%d %d %d\n",
2405 cylinders, heads, sectors);
2413 static void ide_init2(IDEState *ide_state,
2414 BlockDriverState *hd0, BlockDriverState *hd1,
2418 static int drive_serial = 1;
2419 int i, cylinders, heads, secs, translation, lba_detected = 0;
2422 for(i = 0; i < 2; i++) {
2429 bdrv_get_geometry(s->bs, &nb_sectors);
2430 s->nb_sectors = nb_sectors;
2431 /* if a geometry hint is available, use it */
2432 bdrv_get_geometry_hint(s->bs, &cylinders, &heads, &secs);
2433 translation = bdrv_get_translation_hint(s->bs);
2434 if (cylinders != 0) {
2435 s->cylinders = cylinders;
2439 if (guess_disk_lchs(s, &cylinders, &heads, &secs) == 0) {
2441 /* if heads > 16, it means that a BIOS LBA
2442 translation was active, so the default
2443 hardware geometry is OK */
2445 goto default_geometry;
2447 s->cylinders = cylinders;
2450 /* disable any translation to be in sync with
2451 the logical geometry */
2452 if (translation == BIOS_ATA_TRANSLATION_AUTO) {
2453 bdrv_set_translation_hint(s->bs,
2454 BIOS_ATA_TRANSLATION_NONE);
2459 /* if no geometry, use a standard physical disk geometry */
2460 cylinders = nb_sectors / (16 * 63);
2461 if (cylinders > 16383)
2463 else if (cylinders < 2)
2465 s->cylinders = cylinders;
2468 if ((lba_detected == 1) && (translation == BIOS_ATA_TRANSLATION_AUTO)) {
2469 if ((s->cylinders * s->heads) <= 131072) {
2470 bdrv_set_translation_hint(s->bs,
2471 BIOS_ATA_TRANSLATION_LARGE);
2473 bdrv_set_translation_hint(s->bs,
2474 BIOS_ATA_TRANSLATION_LBA);
2478 bdrv_set_geometry_hint(s->bs, s->cylinders, s->heads, s->sectors);
2480 if (bdrv_get_type_hint(s->bs) == BDRV_TYPE_CDROM) {
2482 bdrv_set_change_cb(s->bs, cdrom_change_cb, s);
2485 s->drive_serial = drive_serial++;
2487 s->sector_write_timer = qemu_new_timer(vm_clock,
2488 ide_sector_write_timer_cb, s);
2493 static void ide_init_ioport(IDEState *ide_state, int iobase, int iobase2)
2495 register_ioport_write(iobase, 8, 1, ide_ioport_write, ide_state);
2496 register_ioport_read(iobase, 8, 1, ide_ioport_read, ide_state);
2498 register_ioport_read(iobase2, 1, 1, ide_status_read, ide_state);
2499 register_ioport_write(iobase2, 1, 1, ide_cmd_write, ide_state);
2503 register_ioport_write(iobase, 2, 2, ide_data_writew, ide_state);
2504 register_ioport_read(iobase, 2, 2, ide_data_readw, ide_state);
2505 register_ioport_write(iobase, 4, 4, ide_data_writel, ide_state);
2506 register_ioport_read(iobase, 4, 4, ide_data_readl, ide_state);
2509 /* save per IDE drive data */
2510 static void ide_save(QEMUFile* f, IDEState *s)
2512 qemu_put_be32(f, s->mult_sectors);
2513 qemu_put_be32(f, s->identify_set);
2514 if (s->identify_set) {
2515 qemu_put_buffer(f, (const uint8_t *)s->identify_data, 512);
2517 qemu_put_8s(f, &s->feature);
2518 qemu_put_8s(f, &s->error);
2519 qemu_put_be32s(f, &s->nsector);
2520 qemu_put_8s(f, &s->sector);
2521 qemu_put_8s(f, &s->lcyl);
2522 qemu_put_8s(f, &s->hcyl);
2523 qemu_put_8s(f, &s->hob_feature);
2524 qemu_put_8s(f, &s->hob_nsector);
2525 qemu_put_8s(f, &s->hob_sector);
2526 qemu_put_8s(f, &s->hob_lcyl);
2527 qemu_put_8s(f, &s->hob_hcyl);
2528 qemu_put_8s(f, &s->select);
2529 qemu_put_8s(f, &s->status);
2530 qemu_put_8s(f, &s->lba48);
2532 qemu_put_8s(f, &s->sense_key);
2533 qemu_put_8s(f, &s->asc);
2534 /* XXX: if a transfer is pending, we do not save it yet */
2537 /* load per IDE drive data */
2538 static void ide_load(QEMUFile* f, IDEState *s)
2540 s->mult_sectors=qemu_get_be32(f);
2541 s->identify_set=qemu_get_be32(f);
2542 if (s->identify_set) {
2543 qemu_get_buffer(f, (uint8_t *)s->identify_data, 512);
2545 qemu_get_8s(f, &s->feature);
2546 qemu_get_8s(f, &s->error);
2547 qemu_get_be32s(f, &s->nsector);
2548 qemu_get_8s(f, &s->sector);
2549 qemu_get_8s(f, &s->lcyl);
2550 qemu_get_8s(f, &s->hcyl);
2551 qemu_get_8s(f, &s->hob_feature);
2552 qemu_get_8s(f, &s->hob_nsector);
2553 qemu_get_8s(f, &s->hob_sector);
2554 qemu_get_8s(f, &s->hob_lcyl);
2555 qemu_get_8s(f, &s->hob_hcyl);
2556 qemu_get_8s(f, &s->select);
2557 qemu_get_8s(f, &s->status);
2558 qemu_get_8s(f, &s->lba48);
2560 qemu_get_8s(f, &s->sense_key);
2561 qemu_get_8s(f, &s->asc);
2562 /* XXX: if a transfer is pending, we do not save it yet */
2565 /***********************************************************/
2566 /* ISA IDE definitions */
2568 void isa_ide_init(int iobase, int iobase2, qemu_irq irq,
2569 BlockDriverState *hd0, BlockDriverState *hd1)
2571 IDEState *ide_state;
2573 ide_state = qemu_mallocz(sizeof(IDEState) * 2);
2577 ide_init2(ide_state, hd0, hd1, irq);
2578 ide_init_ioport(ide_state, iobase, iobase2);
2581 /***********************************************************/
2582 /* PCI IDE definitions */
2584 static void cmd646_update_irq(PCIIDEState *d);
2586 static void ide_map(PCIDevice *pci_dev, int region_num,
2587 uint32_t addr, uint32_t size, int type)
2589 PCIIDEState *d = (PCIIDEState *)pci_dev;
2590 IDEState *ide_state;
2592 if (region_num <= 3) {
2593 ide_state = &d->ide_if[(region_num >> 1) * 2];
2594 if (region_num & 1) {
2595 register_ioport_read(addr + 2, 1, 1, ide_status_read, ide_state);
2596 register_ioport_write(addr + 2, 1, 1, ide_cmd_write, ide_state);
2598 register_ioport_write(addr, 8, 1, ide_ioport_write, ide_state);
2599 register_ioport_read(addr, 8, 1, ide_ioport_read, ide_state);
2602 register_ioport_write(addr, 2, 2, ide_data_writew, ide_state);
2603 register_ioport_read(addr, 2, 2, ide_data_readw, ide_state);
2604 register_ioport_write(addr, 4, 4, ide_data_writel, ide_state);
2605 register_ioport_read(addr, 4, 4, ide_data_readl, ide_state);
2610 static void ide_dma_start(IDEState *s, BlockDriverCompletionFunc *dma_cb)
2612 BMDMAState *bm = s->bmdma;
2616 bm->dma_cb = dma_cb;
2617 bm->cur_prd_last = 0;
2618 bm->cur_prd_addr = 0;
2619 bm->cur_prd_len = 0;
2620 if (bm->status & BM_STATUS_DMAING) {
2625 static void bmdma_cmd_writeb(void *opaque, uint32_t addr, uint32_t val)
2627 BMDMAState *bm = opaque;
2629 printf("%s: 0x%08x\n", __func__, val);
2631 if (!(val & BM_CMD_START)) {
2632 /* XXX: do it better */
2633 if (bm->status & BM_STATUS_DMAING) {
2634 bm->status &= ~BM_STATUS_DMAING;
2635 /* cancel DMA request */
2640 printf("aio_cancel\n");
2642 bdrv_aio_cancel(bm->aiocb);
2646 bm->cmd = val & 0x09;
2648 if (!(bm->status & BM_STATUS_DMAING)) {
2649 bm->status |= BM_STATUS_DMAING;
2650 /* start dma transfer if possible */
2654 bm->cmd = val & 0x09;
2658 static uint32_t bmdma_readb(void *opaque, uint32_t addr)
2660 BMDMAState *bm = opaque;
2661 PCIIDEState *pci_dev;
2669 pci_dev = bm->pci_dev;
2670 if (pci_dev->type == IDE_TYPE_CMD646) {
2671 val = pci_dev->dev.config[MRDMODE];
2680 pci_dev = bm->pci_dev;
2681 if (pci_dev->type == IDE_TYPE_CMD646) {
2682 if (bm == &pci_dev->bmdma[0])
2683 val = pci_dev->dev.config[UDIDETCR0];
2685 val = pci_dev->dev.config[UDIDETCR1];
2695 printf("bmdma: readb 0x%02x : 0x%02x\n", addr, val);
2700 static void bmdma_writeb(void *opaque, uint32_t addr, uint32_t val)
2702 BMDMAState *bm = opaque;
2703 PCIIDEState *pci_dev;
2705 printf("bmdma: writeb 0x%02x : 0x%02x\n", addr, val);
2709 pci_dev = bm->pci_dev;
2710 if (pci_dev->type == IDE_TYPE_CMD646) {
2711 pci_dev->dev.config[MRDMODE] =
2712 (pci_dev->dev.config[MRDMODE] & ~0x30) | (val & 0x30);
2713 cmd646_update_irq(pci_dev);
2717 bm->status = (val & 0x60) | (bm->status & 1) | (bm->status & ~val & 0x06);
2720 pci_dev = bm->pci_dev;
2721 if (pci_dev->type == IDE_TYPE_CMD646) {
2722 if (bm == &pci_dev->bmdma[0])
2723 pci_dev->dev.config[UDIDETCR0] = val;
2725 pci_dev->dev.config[UDIDETCR1] = val;
2731 static uint32_t bmdma_addr_readl(void *opaque, uint32_t addr)
2733 BMDMAState *bm = opaque;
2737 printf("%s: 0x%08x\n", __func__, val);
2742 static void bmdma_addr_writel(void *opaque, uint32_t addr, uint32_t val)
2744 BMDMAState *bm = opaque;
2746 printf("%s: 0x%08x\n", __func__, val);
2748 bm->addr = val & ~3;
2749 bm->cur_addr = bm->addr;
2752 static void bmdma_map(PCIDevice *pci_dev, int region_num,
2753 uint32_t addr, uint32_t size, int type)
2755 PCIIDEState *d = (PCIIDEState *)pci_dev;
2758 for(i = 0;i < 2; i++) {
2759 BMDMAState *bm = &d->bmdma[i];
2760 d->ide_if[2 * i].bmdma = bm;
2761 d->ide_if[2 * i + 1].bmdma = bm;
2762 bm->pci_dev = (PCIIDEState *)pci_dev;
2764 register_ioport_write(addr, 1, 1, bmdma_cmd_writeb, bm);
2766 register_ioport_write(addr + 1, 3, 1, bmdma_writeb, bm);
2767 register_ioport_read(addr, 4, 1, bmdma_readb, bm);
2769 register_ioport_write(addr + 4, 4, 4, bmdma_addr_writel, bm);
2770 register_ioport_read(addr + 4, 4, 4, bmdma_addr_readl, bm);
2775 /* XXX: call it also when the MRDMODE is changed from the PCI config
2777 static void cmd646_update_irq(PCIIDEState *d)
2780 pci_level = ((d->dev.config[MRDMODE] & MRDMODE_INTR_CH0) &&
2781 !(d->dev.config[MRDMODE] & MRDMODE_BLK_CH0)) ||
2782 ((d->dev.config[MRDMODE] & MRDMODE_INTR_CH1) &&
2783 !(d->dev.config[MRDMODE] & MRDMODE_BLK_CH1));
2784 qemu_set_irq(d->dev.irq[0], pci_level);
2787 /* the PCI irq level is the logical OR of the two channels */
2788 static void cmd646_set_irq(void *opaque, int channel, int level)
2790 PCIIDEState *d = opaque;
2793 irq_mask = MRDMODE_INTR_CH0 << channel;
2795 d->dev.config[MRDMODE] |= irq_mask;
2797 d->dev.config[MRDMODE] &= ~irq_mask;
2798 cmd646_update_irq(d);
2801 /* CMD646 PCI IDE controller */
2802 void pci_cmd646_ide_init(PCIBus *bus, BlockDriverState **hd_table,
2803 int secondary_ide_enabled)
2810 d = (PCIIDEState *)pci_register_device(bus, "CMD646 IDE",
2811 sizeof(PCIIDEState),
2814 d->type = IDE_TYPE_CMD646;
2815 pci_conf = d->dev.config;
2816 pci_conf[0x00] = 0x95; // CMD646
2817 pci_conf[0x01] = 0x10;
2818 pci_conf[0x02] = 0x46;
2819 pci_conf[0x03] = 0x06;
2821 pci_conf[0x08] = 0x07; // IDE controller revision
2822 pci_conf[0x09] = 0x8f;
2824 pci_conf[0x0a] = 0x01; // class_sub = PCI_IDE
2825 pci_conf[0x0b] = 0x01; // class_base = PCI_mass_storage
2826 pci_conf[0x0e] = 0x00; // header_type
2828 if (secondary_ide_enabled) {
2829 /* XXX: if not enabled, really disable the seconday IDE controller */
2830 pci_conf[0x51] = 0x80; /* enable IDE1 */
2833 pci_register_io_region((PCIDevice *)d, 0, 0x8,
2834 PCI_ADDRESS_SPACE_IO, ide_map);
2835 pci_register_io_region((PCIDevice *)d, 1, 0x4,
2836 PCI_ADDRESS_SPACE_IO, ide_map);
2837 pci_register_io_region((PCIDevice *)d, 2, 0x8,
2838 PCI_ADDRESS_SPACE_IO, ide_map);
2839 pci_register_io_region((PCIDevice *)d, 3, 0x4,
2840 PCI_ADDRESS_SPACE_IO, ide_map);
2841 pci_register_io_region((PCIDevice *)d, 4, 0x10,
2842 PCI_ADDRESS_SPACE_IO, bmdma_map);
2844 pci_conf[0x3d] = 0x01; // interrupt on pin 1
2846 for(i = 0; i < 4; i++)
2847 d->ide_if[i].pci_dev = (PCIDevice *)d;
2849 irq = qemu_allocate_irqs(cmd646_set_irq, d, 2);
2850 ide_init2(&d->ide_if[0], hd_table[0], hd_table[1], irq[0]);
2851 ide_init2(&d->ide_if[2], hd_table[2], hd_table[3], irq[1]);
2854 static void pci_ide_save(QEMUFile* f, void *opaque)
2856 PCIIDEState *d = opaque;
2859 pci_device_save(&d->dev, f);
2861 for(i = 0; i < 2; i++) {
2862 BMDMAState *bm = &d->bmdma[i];
2863 qemu_put_8s(f, &bm->cmd);
2864 qemu_put_8s(f, &bm->status);
2865 qemu_put_be32s(f, &bm->addr);
2866 /* XXX: if a transfer is pending, we do not save it yet */
2869 /* per IDE interface data */
2870 for(i = 0; i < 2; i++) {
2871 IDEState *s = &d->ide_if[i * 2];
2872 uint8_t drive1_selected;
2873 qemu_put_8s(f, &s->cmd);
2874 drive1_selected = (s->cur_drive != s);
2875 qemu_put_8s(f, &drive1_selected);
2878 /* per IDE drive data */
2879 for(i = 0; i < 4; i++) {
2880 ide_save(f, &d->ide_if[i]);
2884 static int pci_ide_load(QEMUFile* f, void *opaque, int version_id)
2886 PCIIDEState *d = opaque;
2889 if (version_id != 1)
2891 ret = pci_device_load(&d->dev, f);
2895 for(i = 0; i < 2; i++) {
2896 BMDMAState *bm = &d->bmdma[i];
2897 qemu_get_8s(f, &bm->cmd);
2898 qemu_get_8s(f, &bm->status);
2899 qemu_get_be32s(f, &bm->addr);
2900 /* XXX: if a transfer is pending, we do not save it yet */
2903 /* per IDE interface data */
2904 for(i = 0; i < 2; i++) {
2905 IDEState *s = &d->ide_if[i * 2];
2906 uint8_t drive1_selected;
2907 qemu_get_8s(f, &s->cmd);
2908 qemu_get_8s(f, &drive1_selected);
2909 s->cur_drive = &d->ide_if[i * 2 + (drive1_selected != 0)];
2912 /* per IDE drive data */
2913 for(i = 0; i < 4; i++) {
2914 ide_load(f, &d->ide_if[i]);
2919 static void piix3_reset(PCIIDEState *d)
2921 uint8_t *pci_conf = d->dev.config;
2923 pci_conf[0x04] = 0x00;
2924 pci_conf[0x05] = 0x00;
2925 pci_conf[0x06] = 0x80; /* FBC */
2926 pci_conf[0x07] = 0x02; // PCI_status_devsel_medium
2927 pci_conf[0x20] = 0x01; /* BMIBA: 20-23h */
2930 /* hd_table must contain 4 block drivers */
2931 /* NOTE: for the PIIX3, the IRQs and IOports are hardcoded */
2932 void pci_piix3_ide_init(PCIBus *bus, BlockDriverState **hd_table, int devfn,
2938 /* register a function 1 of PIIX3 */
2939 d = (PCIIDEState *)pci_register_device(bus, "PIIX3 IDE",
2940 sizeof(PCIIDEState),
2943 d->type = IDE_TYPE_PIIX3;
2945 pci_conf = d->dev.config;
2946 pci_conf[0x00] = 0x86; // Intel
2947 pci_conf[0x01] = 0x80;
2948 pci_conf[0x02] = 0x10;
2949 pci_conf[0x03] = 0x70;
2950 pci_conf[0x09] = 0x80; // legacy ATA mode
2951 pci_conf[0x0a] = 0x01; // class_sub = PCI_IDE
2952 pci_conf[0x0b] = 0x01; // class_base = PCI_mass_storage
2953 pci_conf[0x0e] = 0x00; // header_type
2957 pci_register_io_region((PCIDevice *)d, 4, 0x10,
2958 PCI_ADDRESS_SPACE_IO, bmdma_map);
2960 ide_init2(&d->ide_if[0], hd_table[0], hd_table[1], pic[14]);
2961 ide_init2(&d->ide_if[2], hd_table[2], hd_table[3], pic[15]);
2962 ide_init_ioport(&d->ide_if[0], 0x1f0, 0x3f6);
2963 ide_init_ioport(&d->ide_if[2], 0x170, 0x376);
2965 register_savevm("ide", 0, 1, pci_ide_save, pci_ide_load, d);
2968 /* hd_table must contain 4 block drivers */
2969 /* NOTE: for the PIIX4, the IRQs and IOports are hardcoded */
2970 void pci_piix4_ide_init(PCIBus *bus, BlockDriverState **hd_table, int devfn,
2976 /* register a function 1 of PIIX4 */
2977 d = (PCIIDEState *)pci_register_device(bus, "PIIX4 IDE",
2978 sizeof(PCIIDEState),
2981 d->type = IDE_TYPE_PIIX4;
2983 pci_conf = d->dev.config;
2984 pci_conf[0x00] = 0x86; // Intel
2985 pci_conf[0x01] = 0x80;
2986 pci_conf[0x02] = 0x11;
2987 pci_conf[0x03] = 0x71;
2988 pci_conf[0x09] = 0x80; // legacy ATA mode
2989 pci_conf[0x0a] = 0x01; // class_sub = PCI_IDE
2990 pci_conf[0x0b] = 0x01; // class_base = PCI_mass_storage
2991 pci_conf[0x0e] = 0x00; // header_type
2995 pci_register_io_region((PCIDevice *)d, 4, 0x10,
2996 PCI_ADDRESS_SPACE_IO, bmdma_map);
2998 ide_init2(&d->ide_if[0], hd_table[0], hd_table[1], pic[14]);
2999 ide_init2(&d->ide_if[2], hd_table[2], hd_table[3], pic[15]);
3000 ide_init_ioport(&d->ide_if[0], 0x1f0, 0x3f6);
3001 ide_init_ioport(&d->ide_if[2], 0x170, 0x376);
3003 register_savevm("ide", 0, 1, pci_ide_save, pci_ide_load, d);
3006 /***********************************************************/
3007 /* MacIO based PowerPC IDE */
3009 /* PowerMac IDE memory IO */
3010 static void pmac_ide_writeb (void *opaque,
3011 target_phys_addr_t addr, uint32_t val)
3013 addr = (addr & 0xFFF) >> 4;
3016 ide_ioport_write(opaque, addr, val);
3020 ide_cmd_write(opaque, 0, val);
3027 static uint32_t pmac_ide_readb (void *opaque,target_phys_addr_t addr)
3031 addr = (addr & 0xFFF) >> 4;
3034 retval = ide_ioport_read(opaque, addr);
3038 retval = ide_status_read(opaque, 0);
3047 static void pmac_ide_writew (void *opaque,
3048 target_phys_addr_t addr, uint32_t val)
3050 addr = (addr & 0xFFF) >> 4;
3051 #ifdef TARGET_WORDS_BIGENDIAN
3055 ide_data_writew(opaque, 0, val);
3059 static uint32_t pmac_ide_readw (void *opaque,target_phys_addr_t addr)
3063 addr = (addr & 0xFFF) >> 4;
3065 retval = ide_data_readw(opaque, 0);
3069 #ifdef TARGET_WORDS_BIGENDIAN
3070 retval = bswap16(retval);
3075 static void pmac_ide_writel (void *opaque,
3076 target_phys_addr_t addr, uint32_t val)
3078 addr = (addr & 0xFFF) >> 4;
3079 #ifdef TARGET_WORDS_BIGENDIAN
3083 ide_data_writel(opaque, 0, val);
3087 static uint32_t pmac_ide_readl (void *opaque,target_phys_addr_t addr)
3091 addr = (addr & 0xFFF) >> 4;
3093 retval = ide_data_readl(opaque, 0);
3095 retval = 0xFFFFFFFF;
3097 #ifdef TARGET_WORDS_BIGENDIAN
3098 retval = bswap32(retval);
3103 static CPUWriteMemoryFunc *pmac_ide_write[] = {
3109 static CPUReadMemoryFunc *pmac_ide_read[] = {
3115 /* hd_table must contain 4 block drivers */
3116 /* PowerMac uses memory mapped registers, not I/O. Return the memory
3117 I/O index to access the ide. */
3118 int pmac_ide_init (BlockDriverState **hd_table, qemu_irq irq)
3121 int pmac_ide_memory;
3123 ide_if = qemu_mallocz(sizeof(IDEState) * 2);
3124 ide_init2(&ide_if[0], hd_table[0], hd_table[1], irq);
3126 pmac_ide_memory = cpu_register_io_memory(0, pmac_ide_read,
3127 pmac_ide_write, &ide_if[0]);
3128 return pmac_ide_memory;
3131 /***********************************************************/
3132 /* CF-ATA Microdrive */
3134 #define METADATA_SIZE 0x20
3136 /* DSCM-1XXXX Microdrive hard disk with CF+ II / PCMCIA interface. */
3139 struct pcmcia_card_s card;
3153 /* Register bitfields */
3156 OPT_MODE_IOMAP16 = 1,
3157 OPT_MODE_IOMAP1 = 2,
3158 OPT_MODE_IOMAP2 = 3,
3169 STAT_CHANGED = 0x80,
3180 static inline void md_interrupt_update(struct md_s *s)
3185 qemu_set_irq(s->card.slot->irq,
3186 !(s->stat & STAT_INT) && /* Inverted */
3187 !(s->ctrl & (CTRL_IEN | CTRL_SRST)) &&
3188 !(s->opt & OPT_SRESET));
3191 static void md_set_irq(void *opaque, int irq, int level)
3193 struct md_s *s = (struct md_s *) opaque;
3195 s->stat |= STAT_INT;
3197 s->stat &= ~STAT_INT;
3199 md_interrupt_update(s);
3202 static void md_reset(struct md_s *s)
3204 s->opt = OPT_MODE_MMAP;
3212 static uint8_t md_attr_read(void *opaque, uint32_t at)
3214 struct md_s *s = (struct md_s *) opaque;
3215 if (at < s->attr_base) {
3216 if (at < s->card.cis_len)
3217 return s->card.cis[at];
3225 case 0x00: /* Configuration Option Register */
3227 case 0x02: /* Card Configuration Status Register */
3228 if (s->ctrl & CTRL_IEN)
3229 return s->stat & ~STAT_INT;
3232 case 0x04: /* Pin Replacement Register */
3233 return (s->pins & PINS_CRDY) | 0x0c;
3234 case 0x06: /* Socket and Copy Register */
3238 printf("%s: Bad attribute space register %02x\n", __FUNCTION__, at);
3245 static void md_attr_write(void *opaque, uint32_t at, uint8_t value)
3247 struct md_s *s = (struct md_s *) opaque;
3251 case 0x00: /* Configuration Option Register */
3252 s->opt = value & 0xcf;
3253 if (value & OPT_SRESET)
3255 md_interrupt_update(s);
3257 case 0x02: /* Card Configuration Status Register */
3258 if ((s->stat ^ value) & STAT_PWRDWN)
3259 s->pins |= PINS_CRDY;
3261 s->stat |= value & 0x74;
3262 md_interrupt_update(s);
3263 /* Word 170 in Identify Device must be equal to STAT_XE */
3265 case 0x04: /* Pin Replacement Register */
3266 s->pins &= PINS_CRDY;
3267 s->pins |= value & PINS_MRDY;
3269 case 0x06: /* Socket and Copy Register */
3272 printf("%s: Bad attribute space register %02x\n", __FUNCTION__, at);
3276 static uint16_t md_common_read(void *opaque, uint32_t at)
3278 struct md_s *s = (struct md_s *) opaque;
3282 switch (s->opt & OPT_MODE) {
3284 if ((at & ~0x3ff) == 0x400)
3287 case OPT_MODE_IOMAP16:
3290 case OPT_MODE_IOMAP1:
3291 if ((at & ~0xf) == 0x3f0)
3293 else if ((at & ~0xf) == 0x1f0)
3296 case OPT_MODE_IOMAP2:
3297 if ((at & ~0xf) == 0x370)
3299 else if ((at & ~0xf) == 0x170)
3304 case 0x0: /* Even RD Data */
3306 return ide_data_readw(s->ide, 0);
3308 /* TODO: 8-bit accesses */
3312 s->io = ide_data_readw(s->ide, 0);
3315 s->cycle = !s->cycle;
3317 case 0x9: /* Odd RD Data */
3319 case 0xd: /* Error */
3320 return ide_ioport_read(s->ide, 0x1);
3321 case 0xe: /* Alternate Status */
3322 if (s->ide->cur_drive->bs)
3323 return s->ide->cur_drive->status;
3326 case 0xf: /* Device Address */
3327 return 0xc2 | ((~s->ide->select << 2) & 0x3c);
3329 return ide_ioport_read(s->ide, at);
3335 static void md_common_write(void *opaque, uint32_t at, uint16_t value)
3337 struct md_s *s = (struct md_s *) opaque;
3340 switch (s->opt & OPT_MODE) {
3342 if ((at & ~0x3ff) == 0x400)
3345 case OPT_MODE_IOMAP16:
3348 case OPT_MODE_IOMAP1:
3349 if ((at & ~0xf) == 0x3f0)
3351 else if ((at & ~0xf) == 0x1f0)
3354 case OPT_MODE_IOMAP2:
3355 if ((at & ~0xf) == 0x370)
3357 else if ((at & ~0xf) == 0x170)
3362 case 0x0: /* Even WR Data */
3364 ide_data_writew(s->ide, 0, value);
3367 /* TODO: 8-bit accesses */
3369 ide_data_writew(s->ide, 0, s->io | (value << 8));
3371 s->io = value & 0xff;
3372 s->cycle = !s->cycle;
3375 s->io = value & 0xff;
3376 s->cycle = !s->cycle;
3378 case 0xd: /* Features */
3379 ide_ioport_write(s->ide, 0x1, value);
3381 case 0xe: /* Device Control */
3383 if (value & CTRL_SRST)
3385 md_interrupt_update(s);
3388 if (s->stat & STAT_PWRDWN) {
3389 s->pins |= PINS_CRDY;
3390 s->stat &= ~STAT_PWRDWN;
3392 ide_ioport_write(s->ide, at, value);
3396 static void md_save(QEMUFile *f, void *opaque)
3398 struct md_s *s = (struct md_s *) opaque;
3400 uint8_t drive1_selected;
3402 qemu_put_8s(f, &s->opt);
3403 qemu_put_8s(f, &s->stat);
3404 qemu_put_8s(f, &s->pins);
3406 qemu_put_8s(f, &s->ctrl);
3407 qemu_put_be16s(f, &s->io);
3408 qemu_put_byte(f, s->cycle);
3410 drive1_selected = (s->ide->cur_drive != s->ide);
3411 qemu_put_8s(f, &s->ide->cmd);
3412 qemu_put_8s(f, &drive1_selected);
3414 for (i = 0; i < 2; i ++)
3415 ide_save(f, &s->ide[i]);
3418 static int md_load(QEMUFile *f, void *opaque, int version_id)
3420 struct md_s *s = (struct md_s *) opaque;
3422 uint8_t drive1_selected;
3424 qemu_get_8s(f, &s->opt);
3425 qemu_get_8s(f, &s->stat);
3426 qemu_get_8s(f, &s->pins);
3428 qemu_get_8s(f, &s->ctrl);
3429 qemu_get_be16s(f, &s->io);
3430 s->cycle = qemu_get_byte(f);
3432 qemu_get_8s(f, &s->ide->cmd);
3433 qemu_get_8s(f, &drive1_selected);
3434 s->ide->cur_drive = &s->ide[(drive1_selected != 0)];
3436 for (i = 0; i < 2; i ++)
3437 ide_load(f, &s->ide[i]);
3442 static int md_iid = 0;
3444 static const uint8_t dscm1xxxx_cis[0x14a] = {
3445 [0x000] = CISTPL_DEVICE, /* 5V Device Information */
3446 [0x002] = 0x03, /* Tuple length = 4 bytes */
3447 [0x004] = 0xdb, /* ID: DTYPE_FUNCSPEC, non WP, DSPEED_150NS */
3448 [0x006] = 0x01, /* Size = 2K bytes */
3449 [0x008] = CISTPL_ENDMARK,
3451 [0x00a] = CISTPL_DEVICE_OC, /* Additional Device Information */
3452 [0x00c] = 0x04, /* Tuple length = 4 byest */
3453 [0x00e] = 0x03, /* Conditions: Ext = 0, Vcc 3.3V, MWAIT = 1 */
3454 [0x010] = 0xdb, /* ID: DTYPE_FUNCSPEC, non WP, DSPEED_150NS */
3455 [0x012] = 0x01, /* Size = 2K bytes */
3456 [0x014] = CISTPL_ENDMARK,
3458 [0x016] = CISTPL_JEDEC_C, /* JEDEC ID */
3459 [0x018] = 0x02, /* Tuple length = 2 bytes */
3460 [0x01a] = 0xdf, /* PC Card ATA with no Vpp required */
3463 [0x01e] = CISTPL_MANFID, /* Manufacture ID */
3464 [0x020] = 0x04, /* Tuple length = 4 bytes */
3465 [0x022] = 0xa4, /* TPLMID_MANF = 00a4 (IBM) */
3467 [0x026] = 0x00, /* PLMID_CARD = 0000 */
3470 [0x02a] = CISTPL_VERS_1, /* Level 1 Version */
3471 [0x02c] = 0x12, /* Tuple length = 23 bytes */
3472 [0x02e] = 0x04, /* Major Version = JEIDA 4.2 / PCMCIA 2.1 */
3473 [0x030] = 0x01, /* Minor Version = 1 */
3489 [0x050] = CISTPL_ENDMARK,
3491 [0x052] = CISTPL_FUNCID, /* Function ID */
3492 [0x054] = 0x02, /* Tuple length = 2 bytes */
3493 [0x056] = 0x04, /* TPLFID_FUNCTION = Fixed Disk */
3494 [0x058] = 0x01, /* TPLFID_SYSINIT: POST = 1, ROM = 0 */
3496 [0x05a] = CISTPL_FUNCE, /* Function Extension */
3497 [0x05c] = 0x02, /* Tuple length = 2 bytes */
3498 [0x05e] = 0x01, /* TPLFE_TYPE = Disk Device Interface */
3499 [0x060] = 0x01, /* TPLFE_DATA = PC Card ATA Interface */
3501 [0x062] = CISTPL_FUNCE, /* Function Extension */
3502 [0x064] = 0x03, /* Tuple length = 3 bytes */
3503 [0x066] = 0x02, /* TPLFE_TYPE = Basic PC Card ATA Interface */
3504 [0x068] = 0x08, /* TPLFE_DATA: Rotating, Unique, Single */
3505 [0x06a] = 0x0f, /* TPLFE_DATA: Sleep, Standby, Idle, Auto */
3507 [0x06c] = CISTPL_CONFIG, /* Configuration */
3508 [0x06e] = 0x05, /* Tuple length = 5 bytes */
3509 [0x070] = 0x01, /* TPCC_RASZ = 2 bytes, TPCC_RMSZ = 1 byte */
3510 [0x072] = 0x07, /* TPCC_LAST = 7 */
3511 [0x074] = 0x00, /* TPCC_RADR = 0200 */
3513 [0x078] = 0x0f, /* TPCC_RMSK = 200, 202, 204, 206 */
3515 [0x07a] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
3516 [0x07c] = 0x0b, /* Tuple length = 11 bytes */
3517 [0x07e] = 0xc0, /* TPCE_INDX = Memory Mode, Default, Iface */
3518 [0x080] = 0xc0, /* TPCE_IF = Memory, no BVDs, no WP, READY */
3519 [0x082] = 0xa1, /* TPCE_FS = Vcc only, no I/O, Memory, Misc */
3520 [0x084] = 0x27, /* NomV = 1, MinV = 1, MaxV = 1, Peakl = 1 */
3521 [0x086] = 0x55, /* NomV: 5.0 V */
3522 [0x088] = 0x4d, /* MinV: 4.5 V */
3523 [0x08a] = 0x5d, /* MaxV: 5.5 V */
3524 [0x08c] = 0x4e, /* Peakl: 450 mA */
3525 [0x08e] = 0x08, /* TPCE_MS = 1 window, 1 byte, Host address */
3526 [0x090] = 0x00, /* Window descriptor: Window length = 0 */
3527 [0x092] = 0x20, /* TPCE_MI: support power down mode, RW */
3529 [0x094] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
3530 [0x096] = 0x06, /* Tuple length = 6 bytes */
3531 [0x098] = 0x00, /* TPCE_INDX = Memory Mode, no Default */
3532 [0x09a] = 0x01, /* TPCE_FS = Vcc only, no I/O, no Memory */
3533 [0x09c] = 0x21, /* NomV = 1, MinV = 0, MaxV = 0, Peakl = 1 */
3534 [0x09e] = 0xb5, /* NomV: 3.3 V */
3536 [0x0a2] = 0x3e, /* Peakl: 350 mA */
3538 [0x0a4] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
3539 [0x0a6] = 0x0d, /* Tuple length = 13 bytes */
3540 [0x0a8] = 0xc1, /* TPCE_INDX = I/O and Memory Mode, Default */
3541 [0x0aa] = 0x41, /* TPCE_IF = I/O and Memory, no BVD, no WP */
3542 [0x0ac] = 0x99, /* TPCE_FS = Vcc only, I/O, Interrupt, Misc */
3543 [0x0ae] = 0x27, /* NomV = 1, MinV = 1, MaxV = 1, Peakl = 1 */
3544 [0x0b0] = 0x55, /* NomV: 5.0 V */
3545 [0x0b2] = 0x4d, /* MinV: 4.5 V */
3546 [0x0b4] = 0x5d, /* MaxV: 5.5 V */
3547 [0x0b6] = 0x4e, /* Peakl: 450 mA */
3548 [0x0b8] = 0x64, /* TPCE_IO = 16-byte boundary, 16/8 accesses */
3549 [0x0ba] = 0xf0, /* TPCE_IR = MASK, Level, Pulse, Share */
3550 [0x0bc] = 0xff, /* IRQ0..IRQ7 supported */
3551 [0x0be] = 0xff, /* IRQ8..IRQ15 supported */
3552 [0x0c0] = 0x20, /* TPCE_MI = support power down mode */
3554 [0x0c2] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
3555 [0x0c4] = 0x06, /* Tuple length = 6 bytes */
3556 [0x0c6] = 0x01, /* TPCE_INDX = I/O and Memory Mode */
3557 [0x0c8] = 0x01, /* TPCE_FS = Vcc only, no I/O, no Memory */
3558 [0x0ca] = 0x21, /* NomV = 1, MinV = 0, MaxV = 0, Peakl = 1 */
3559 [0x0cc] = 0xb5, /* NomV: 3.3 V */
3561 [0x0d0] = 0x3e, /* Peakl: 350 mA */
3563 [0x0d2] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
3564 [0x0d4] = 0x12, /* Tuple length = 18 bytes */
3565 [0x0d6] = 0xc2, /* TPCE_INDX = I/O Primary Mode */
3566 [0x0d8] = 0x41, /* TPCE_IF = I/O and Memory, no BVD, no WP */
3567 [0x0da] = 0x99, /* TPCE_FS = Vcc only, I/O, Interrupt, Misc */
3568 [0x0dc] = 0x27, /* NomV = 1, MinV = 1, MaxV = 1, Peakl = 1 */
3569 [0x0de] = 0x55, /* NomV: 5.0 V */
3570 [0x0e0] = 0x4d, /* MinV: 4.5 V */
3571 [0x0e2] = 0x5d, /* MaxV: 5.5 V */
3572 [0x0e4] = 0x4e, /* Peakl: 450 mA */
3573 [0x0e6] = 0xea, /* TPCE_IO = 1K boundary, 16/8 access, Range */
3574 [0x0e8] = 0x61, /* Range: 2 fields, 2 bytes addr, 1 byte len */
3575 [0x0ea] = 0xf0, /* Field 1 address = 0x01f0 */
3577 [0x0ee] = 0x07, /* Address block length = 8 */
3578 [0x0f0] = 0xf6, /* Field 2 address = 0x03f6 */
3580 [0x0f4] = 0x01, /* Address block length = 2 */
3581 [0x0f6] = 0xee, /* TPCE_IR = IRQ E, Level, Pulse, Share */
3582 [0x0f8] = 0x20, /* TPCE_MI = support power down mode */
3584 [0x0fa] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
3585 [0x0fc] = 0x06, /* Tuple length = 6 bytes */
3586 [0x0fe] = 0x02, /* TPCE_INDX = I/O Primary Mode, no Default */
3587 [0x100] = 0x01, /* TPCE_FS = Vcc only, no I/O, no Memory */
3588 [0x102] = 0x21, /* NomV = 1, MinV = 0, MaxV = 0, Peakl = 1 */
3589 [0x104] = 0xb5, /* NomV: 3.3 V */
3591 [0x108] = 0x3e, /* Peakl: 350 mA */
3593 [0x10a] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
3594 [0x10c] = 0x12, /* Tuple length = 18 bytes */
3595 [0x10e] = 0xc3, /* TPCE_INDX = I/O Secondary Mode, Default */
3596 [0x110] = 0x41, /* TPCE_IF = I/O and Memory, no BVD, no WP */
3597 [0x112] = 0x99, /* TPCE_FS = Vcc only, I/O, Interrupt, Misc */
3598 [0x114] = 0x27, /* NomV = 1, MinV = 1, MaxV = 1, Peakl = 1 */
3599 [0x116] = 0x55, /* NomV: 5.0 V */
3600 [0x118] = 0x4d, /* MinV: 4.5 V */
3601 [0x11a] = 0x5d, /* MaxV: 5.5 V */
3602 [0x11c] = 0x4e, /* Peakl: 450 mA */
3603 [0x11e] = 0xea, /* TPCE_IO = 1K boundary, 16/8 access, Range */
3604 [0x120] = 0x61, /* Range: 2 fields, 2 byte addr, 1 byte len */
3605 [0x122] = 0x70, /* Field 1 address = 0x0170 */
3607 [0x126] = 0x07, /* Address block length = 8 */
3608 [0x128] = 0x76, /* Field 2 address = 0x0376 */
3610 [0x12c] = 0x01, /* Address block length = 2 */
3611 [0x12e] = 0xee, /* TPCE_IR = IRQ E, Level, Pulse, Share */
3612 [0x130] = 0x20, /* TPCE_MI = support power down mode */
3614 [0x132] = CISTPL_CFTABLE_ENTRY, /* 16-bit PC Card Configuration */
3615 [0x134] = 0x06, /* Tuple length = 6 bytes */
3616 [0x136] = 0x03, /* TPCE_INDX = I/O Secondary Mode */
3617 [0x138] = 0x01, /* TPCE_FS = Vcc only, no I/O, no Memory */
3618 [0x13a] = 0x21, /* NomV = 1, MinV = 0, MaxV = 0, Peakl = 1 */
3619 [0x13c] = 0xb5, /* NomV: 3.3 V */
3621 [0x140] = 0x3e, /* Peakl: 350 mA */
3623 [0x142] = CISTPL_NO_LINK, /* No Link */
3624 [0x144] = 0x00, /* Tuple length = 0 bytes */
3626 [0x146] = CISTPL_END, /* Tuple End */
3629 static int dscm1xxxx_attach(void *opaque)
3631 struct md_s *md = (struct md_s *) opaque;
3632 md->card.attr_read = md_attr_read;
3633 md->card.attr_write = md_attr_write;
3634 md->card.common_read = md_common_read;
3635 md->card.common_write = md_common_write;
3636 md->card.io_read = md_common_read;
3637 md->card.io_write = md_common_write;
3639 md->attr_base = md->card.cis[0x74] | (md->card.cis[0x76] << 8);
3643 md_interrupt_update(md);
3645 md->card.slot->card_string = "DSCM-1xxxx Hitachi Microdrive";
3649 static int dscm1xxxx_detach(void *opaque)
3651 struct md_s *md = (struct md_s *) opaque;
3656 struct pcmcia_card_s *dscm1xxxx_init(BlockDriverState *bdrv)
3658 struct md_s *md = (struct md_s *) qemu_mallocz(sizeof(struct md_s));
3659 md->card.state = md;
3660 md->card.attach = dscm1xxxx_attach;
3661 md->card.detach = dscm1xxxx_detach;
3662 md->card.cis = dscm1xxxx_cis;
3663 md->card.cis_len = sizeof(dscm1xxxx_cis);
3665 ide_init2(md->ide, bdrv, 0, qemu_allocate_irqs(md_set_irq, md, 1)[0]);
3667 md->ide->mdata_size = METADATA_SIZE;
3668 md->ide->mdata_storage = (uint8_t *) qemu_mallocz(METADATA_SIZE);
3670 register_savevm("microdrive", md_iid ++, 0, md_save, md_load, md);
projects / qemu / blob