2 * QEMU IDE disk and CD-ROM Emulator
4 * Copyright (c) 2003 Fabrice Bellard
6 * Permission is hereby granted, free of charge, to any person obtaining a copy
7 * of this software and associated documentation files (the "Software"), to deal
8 * in the Software without restriction, including without limitation the rights
9 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
10 * copies of the Software, and to permit persons to whom the Software is
11 * furnished to do so, subject to the following conditions:
13 * The above copyright notice and this permission notice shall be included in
14 * all copies or substantial portions of the Software.
16 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
17 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
18 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
19 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
20 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
21 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
26 /* debug IDE devices */
28 //#define DEBUG_IDE_ATAPI
30 /* Bits of HD_STATUS */
32 #define INDEX_STAT 0x02
33 #define ECC_STAT 0x04 /* Corrected error */
35 #define SEEK_STAT 0x10
37 #define WRERR_STAT 0x20
38 #define READY_STAT 0x40
39 #define BUSY_STAT 0x80
41 /* Bits for HD_ERROR */
42 #define MARK_ERR 0x01 /* Bad address mark */
43 #define TRK0_ERR 0x02 /* couldn't find track 0 */
44 #define ABRT_ERR 0x04 /* Command aborted */
45 #define MCR_ERR 0x08 /* media change request */
46 #define ID_ERR 0x10 /* ID field not found */
47 #define MC_ERR 0x20 /* media changed */
48 #define ECC_ERR 0x40 /* Uncorrectable ECC error */
49 #define BBD_ERR 0x80 /* pre-EIDE meaning: block marked bad */
50 #define ICRC_ERR 0x80 /* new meaning: CRC error during transfer */
52 /* Bits of HD_NSECTOR */
58 #define IDE_CMD_RESET 0x04
59 #define IDE_CMD_DISABLE_IRQ 0x02
61 /* ATA/ATAPI Commands pre T13 Spec */
66 #define CFA_REQ_EXT_ERROR_CODE 0x03 /* CFA Request Extended Error Code */
70 #define WIN_SRST 0x08 /* ATAPI soft reset command */
71 #define WIN_DEVICE_RESET 0x08
75 #define WIN_RECAL 0x10
76 #define WIN_RESTORE WIN_RECAL
80 #define WIN_READ 0x20 /* 28-Bit */
81 #define WIN_READ_ONCE 0x21 /* 28-Bit without retries */
82 #define WIN_READ_LONG 0x22 /* 28-Bit */
83 #define WIN_READ_LONG_ONCE 0x23 /* 28-Bit without retries */
84 #define WIN_READ_EXT 0x24 /* 48-Bit */
85 #define WIN_READDMA_EXT 0x25 /* 48-Bit */
86 #define WIN_READDMA_QUEUED_EXT 0x26 /* 48-Bit */
87 #define WIN_READ_NATIVE_MAX_EXT 0x27 /* 48-Bit */
91 #define WIN_MULTREAD_EXT 0x29 /* 48-Bit */
95 #define WIN_WRITE 0x30 /* 28-Bit */
96 #define WIN_WRITE_ONCE 0x31 /* 28-Bit without retries */
97 #define WIN_WRITE_LONG 0x32 /* 28-Bit */
98 #define WIN_WRITE_LONG_ONCE 0x33 /* 28-Bit without retries */
99 #define WIN_WRITE_EXT 0x34 /* 48-Bit */
100 #define WIN_WRITEDMA_EXT 0x35 /* 48-Bit */
101 #define WIN_WRITEDMA_QUEUED_EXT 0x36 /* 48-Bit */
102 #define WIN_SET_MAX_EXT 0x37 /* 48-Bit */
103 #define CFA_WRITE_SECT_WO_ERASE 0x38 /* CFA Write Sectors without erase */
104 #define WIN_MULTWRITE_EXT 0x39 /* 48-Bit */
106 * 0x3A->0x3B Reserved
108 #define WIN_WRITE_VERIFY 0x3C /* 28-Bit */
110 * 0x3D->0x3F Reserved
112 #define WIN_VERIFY 0x40 /* 28-Bit - Read Verify Sectors */
113 #define WIN_VERIFY_ONCE 0x41 /* 28-Bit - without retries */
114 #define WIN_VERIFY_EXT 0x42 /* 48-Bit */
116 * 0x43->0x4F Reserved
118 #define WIN_FORMAT 0x50
120 * 0x51->0x5F Reserved
122 #define WIN_INIT 0x60
124 * 0x61->0x5F Reserved
126 #define WIN_SEEK 0x70 /* 0x70-0x7F Reserved */
127 #define CFA_TRANSLATE_SECTOR 0x87 /* CFA Translate Sector */
128 #define WIN_DIAGNOSE 0x90
129 #define WIN_SPECIFY 0x91 /* set drive geometry translation */
130 #define WIN_DOWNLOAD_MICROCODE 0x92
131 #define WIN_STANDBYNOW2 0x94
132 #define WIN_STANDBY2 0x96
133 #define WIN_SETIDLE2 0x97
134 #define WIN_CHECKPOWERMODE2 0x98
135 #define WIN_SLEEPNOW2 0x99
139 #define WIN_PACKETCMD 0xA0 /* Send a packet command. */
140 #define WIN_PIDENTIFY 0xA1 /* identify ATAPI device */
141 #define WIN_QUEUED_SERVICE 0xA2
142 #define WIN_SMART 0xB0 /* self-monitoring and reporting */
143 #define CFA_ERASE_SECTORS 0xC0
144 #define WIN_MULTREAD 0xC4 /* read sectors using multiple mode*/
145 #define WIN_MULTWRITE 0xC5 /* write sectors using multiple mode */
146 #define WIN_SETMULT 0xC6 /* enable/disable multiple mode */
147 #define WIN_READDMA_QUEUED 0xC7 /* read sectors using Queued DMA transfers */
148 #define WIN_READDMA 0xC8 /* read sectors using DMA transfers */
149 #define WIN_READDMA_ONCE 0xC9 /* 28-Bit - without retries */
150 #define WIN_WRITEDMA 0xCA /* write sectors using DMA transfers */
151 #define WIN_WRITEDMA_ONCE 0xCB /* 28-Bit - without retries */
152 #define WIN_WRITEDMA_QUEUED 0xCC /* write sectors using Queued DMA transfers */
153 #define CFA_WRITE_MULTI_WO_ERASE 0xCD /* CFA Write multiple without erase */
154 #define WIN_GETMEDIASTATUS 0xDA
155 #define WIN_ACKMEDIACHANGE 0xDB /* ATA-1, ATA-2 vendor */
156 #define WIN_POSTBOOT 0xDC
157 #define WIN_PREBOOT 0xDD
158 #define WIN_DOORLOCK 0xDE /* lock door on removable drives */
159 #define WIN_DOORUNLOCK 0xDF /* unlock door on removable drives */
160 #define WIN_STANDBYNOW1 0xE0
161 #define WIN_IDLEIMMEDIATE 0xE1 /* force drive to become "ready" */
162 #define WIN_STANDBY 0xE2 /* Set device in Standby Mode */
163 #define WIN_SETIDLE1 0xE3
164 #define WIN_READ_BUFFER 0xE4 /* force read only 1 sector */
165 #define WIN_CHECKPOWERMODE1 0xE5
166 #define WIN_SLEEPNOW1 0xE6
167 #define WIN_FLUSH_CACHE 0xE7
168 #define WIN_WRITE_BUFFER 0xE8 /* force write only 1 sector */
169 #define WIN_WRITE_SAME 0xE9 /* read ata-2 to use */
170 /* SET_FEATURES 0x22 or 0xDD */
171 #define WIN_FLUSH_CACHE_EXT 0xEA /* 48-Bit */
172 #define WIN_IDENTIFY 0xEC /* ask drive to identify itself */
173 #define WIN_MEDIAEJECT 0xED
174 #define WIN_IDENTIFY_DMA 0xEE /* same as WIN_IDENTIFY, but DMA */
175 #define WIN_SETFEATURES 0xEF /* set special drive features */
176 #define EXABYTE_ENABLE_NEST 0xF0
177 #define WIN_SECURITY_SET_PASS 0xF1
178 #define WIN_SECURITY_UNLOCK 0xF2
179 #define WIN_SECURITY_ERASE_PREPARE 0xF3
180 #define WIN_SECURITY_ERASE_UNIT 0xF4
181 #define WIN_SECURITY_FREEZE_LOCK 0xF5
182 #define WIN_SECURITY_DISABLE 0xF6
183 #define WIN_READ_NATIVE_MAX 0xF8 /* return the native maximum address */
184 #define WIN_SET_MAX 0xF9
185 #define DISABLE_SEAGATE 0xFB
187 /* set to 1 set disable mult support */
188 #define MAX_MULT_SECTORS 16
192 #define ATAPI_PACKET_SIZE 12
194 /* The generic packet command opcodes for CD/DVD Logical Units,
195 * From Table 57 of the SFF8090 Ver. 3 (Mt. Fuji) draft standard. */
196 #define GPCMD_BLANK 0xa1
197 #define GPCMD_CLOSE_TRACK 0x5b
198 #define GPCMD_FLUSH_CACHE 0x35
199 #define GPCMD_FORMAT_UNIT 0x04
200 #define GPCMD_GET_CONFIGURATION 0x46
201 #define GPCMD_GET_EVENT_STATUS_NOTIFICATION 0x4a
202 #define GPCMD_GET_PERFORMANCE 0xac
203 #define GPCMD_INQUIRY 0x12
204 #define GPCMD_LOAD_UNLOAD 0xa6
205 #define GPCMD_MECHANISM_STATUS 0xbd
206 #define GPCMD_MODE_SELECT_10 0x55
207 #define GPCMD_MODE_SENSE_10 0x5a
208 #define GPCMD_PAUSE_RESUME 0x4b
209 #define GPCMD_PLAY_AUDIO_10 0x45
210 #define GPCMD_PLAY_AUDIO_MSF 0x47
211 #define GPCMD_PLAY_AUDIO_TI 0x48
212 #define GPCMD_PLAY_CD 0xbc
213 #define GPCMD_PREVENT_ALLOW_MEDIUM_REMOVAL 0x1e
214 #define GPCMD_READ_10 0x28
215 #define GPCMD_READ_12 0xa8
216 #define GPCMD_READ_CDVD_CAPACITY 0x25
217 #define GPCMD_READ_CD 0xbe
218 #define GPCMD_READ_CD_MSF 0xb9
219 #define GPCMD_READ_DISC_INFO 0x51
220 #define GPCMD_READ_DVD_STRUCTURE 0xad
221 #define GPCMD_READ_FORMAT_CAPACITIES 0x23
222 #define GPCMD_READ_HEADER 0x44
223 #define GPCMD_READ_TRACK_RZONE_INFO 0x52
224 #define GPCMD_READ_SUBCHANNEL 0x42
225 #define GPCMD_READ_TOC_PMA_ATIP 0x43
226 #define GPCMD_REPAIR_RZONE_TRACK 0x58
227 #define GPCMD_REPORT_KEY 0xa4
228 #define GPCMD_REQUEST_SENSE 0x03
229 #define GPCMD_RESERVE_RZONE_TRACK 0x53
230 #define GPCMD_SCAN 0xba
231 #define GPCMD_SEEK 0x2b
232 #define GPCMD_SEND_DVD_STRUCTURE 0xad
233 #define GPCMD_SEND_EVENT 0xa2
234 #define GPCMD_SEND_KEY 0xa3
235 #define GPCMD_SEND_OPC 0x54
236 #define GPCMD_SET_READ_AHEAD 0xa7
237 #define GPCMD_SET_STREAMING 0xb6
238 #define GPCMD_START_STOP_UNIT 0x1b
239 #define GPCMD_STOP_PLAY_SCAN 0x4e
240 #define GPCMD_TEST_UNIT_READY 0x00
241 #define GPCMD_VERIFY_10 0x2f
242 #define GPCMD_WRITE_10 0x2a
243 #define GPCMD_WRITE_AND_VERIFY_10 0x2e
244 /* This is listed as optional in ATAPI 2.6, but is (curiously)
245 * missing from Mt. Fuji, Table 57. It _is_ mentioned in Mt. Fuji
246 * Table 377 as an MMC command for SCSi devices though... Most ATAPI
247 * drives support it. */
248 #define GPCMD_SET_SPEED 0xbb
249 /* This seems to be a SCSI specific CD-ROM opcode
250 * to play data at track/index */
251 #define GPCMD_PLAYAUDIO_TI 0x48
253 * From MS Media Status Notification Support Specification. For
256 #define GPCMD_GET_MEDIA_STATUS 0xda
258 /* Mode page codes for mode sense/set */
259 #define GPMODE_R_W_ERROR_PAGE 0x01
260 #define GPMODE_WRITE_PARMS_PAGE 0x05
261 #define GPMODE_AUDIO_CTL_PAGE 0x0e
262 #define GPMODE_POWER_PAGE 0x1a
263 #define GPMODE_FAULT_FAIL_PAGE 0x1c
264 #define GPMODE_TO_PROTECT_PAGE 0x1d
265 #define GPMODE_CAPABILITIES_PAGE 0x2a
266 #define GPMODE_ALL_PAGES 0x3f
267 /* Not in Mt. Fuji, but in ATAPI 2.6 -- depricated now in favor
268 * of MODE_SENSE_POWER_PAGE */
269 #define GPMODE_CDROM_PAGE 0x0d
271 #define ATAPI_INT_REASON_CD 0x01 /* 0 = data transfer */
272 #define ATAPI_INT_REASON_IO 0x02 /* 1 = transfer to the host */
273 #define ATAPI_INT_REASON_REL 0x04
274 #define ATAPI_INT_REASON_TAG 0xf8
276 /* same constants as bochs */
277 #define ASC_ILLEGAL_OPCODE 0x20
278 #define ASC_LOGICAL_BLOCK_OOR 0x21
279 #define ASC_INV_FIELD_IN_CMD_PACKET 0x24
280 #define ASC_MEDIUM_NOT_PRESENT 0x3a
281 #define ASC_SAVING_PARAMETERS_NOT_SUPPORTED 0x39
284 #define SENSE_NOT_READY 2
285 #define SENSE_ILLEGAL_REQUEST 5
286 #define SENSE_UNIT_ATTENTION 6
290 typedef void EndTransferFunc(struct IDEState *);
292 /* NOTE: IDEState represents in fact one drive */
293 typedef struct IDEState {
296 int cylinders, heads, sectors;
303 struct BMDMAState *bmdma;
308 uint16_t nsector; /* 0 is 256 to ease computations */
314 /* 0x3f6 command, only meaningful for drive 0 */
316 /* depends on bit 4 in select, only meaningful for drive 0 */
317 struct IDEState *cur_drive;
318 BlockDriverState *bs;
322 int packet_transfer_size;
323 int elementary_transfer_size;
327 int atapi_dma; /* true if dma is requested for the packet cmd */
330 /* PIO transfer handling */
331 int req_nb_sectors; /* number of sectors per interrupt */
332 EndTransferFunc *end_transfer_func;
335 uint8_t io_buffer[MAX_MULT_SECTORS*512 + 4];
336 QEMUTimer *sector_write_timer; /* only used for win2k instal hack */
339 #define BM_STATUS_DMAING 0x01
340 #define BM_STATUS_ERROR 0x02
341 #define BM_STATUS_INT 0x04
343 #define BM_CMD_START 0x01
344 #define BM_CMD_READ 0x08
346 #define IDE_TYPE_PIIX3 0
347 #define IDE_TYPE_CMD646 1
349 /* CMD646 specific */
351 #define MRDMODE_INTR_CH0 0x04
352 #define MRDMODE_INTR_CH1 0x08
353 #define MRDMODE_BLK_CH0 0x10
354 #define MRDMODE_BLK_CH1 0x20
355 #define UDIDETCR0 0x73
356 #define UDIDETCR1 0x7B
358 typedef int IDEDMAFunc(IDEState *s,
359 target_phys_addr_t phys_addr,
362 typedef struct BMDMAState {
367 struct PCIIDEState *pci_dev;
368 /* current transfer state */
373 typedef struct PCIIDEState {
377 int type; /* see IDE_TYPE_xxx */
380 static void ide_dma_start(IDEState *s, IDEDMAFunc *dma_cb);
382 static void padstr(char *str, const char *src, int len)
385 for(i = 0; i < len; i++) {
390 *(char *)((long)str ^ 1) = v;
395 static void padstr8(uint8_t *buf, int buf_size, const char *src)
398 for(i = 0; i < buf_size; i++) {
406 static void put_le16(uint16_t *p, unsigned int v)
411 static void ide_identify(IDEState *s)
414 unsigned int oldsize;
417 memset(s->io_buffer, 0, 512);
418 p = (uint16_t *)s->io_buffer;
419 put_le16(p + 0, 0x0040);
420 put_le16(p + 1, s->cylinders);
421 put_le16(p + 3, s->heads);
422 put_le16(p + 4, 512 * s->sectors); /* XXX: retired, remove ? */
423 put_le16(p + 5, 512); /* XXX: retired, remove ? */
424 put_le16(p + 6, s->sectors);
425 snprintf(buf, sizeof(buf), "QM%05d", s->drive_serial);
426 padstr((uint8_t *)(p + 10), buf, 20); /* serial number */
427 put_le16(p + 20, 3); /* XXX: retired, remove ? */
428 put_le16(p + 21, 512); /* cache size in sectors */
429 put_le16(p + 22, 4); /* ecc bytes */
430 padstr((uint8_t *)(p + 23), QEMU_VERSION, 8); /* firmware version */
431 padstr((uint8_t *)(p + 27), "QEMU HARDDISK", 40); /* model */
432 #if MAX_MULT_SECTORS > 1
433 put_le16(p + 47, 0x8000 | MAX_MULT_SECTORS);
435 put_le16(p + 48, 1); /* dword I/O */
436 put_le16(p + 49, 1 << 9 | 1 << 8); /* DMA and LBA supported */
437 put_le16(p + 51, 0x200); /* PIO transfer cycle */
438 put_le16(p + 52, 0x200); /* DMA transfer cycle */
439 put_le16(p + 53, 1 | 1 << 2); /* words 54-58,88 are valid */
440 put_le16(p + 54, s->cylinders);
441 put_le16(p + 55, s->heads);
442 put_le16(p + 56, s->sectors);
443 oldsize = s->cylinders * s->heads * s->sectors;
444 put_le16(p + 57, oldsize);
445 put_le16(p + 58, oldsize >> 16);
447 put_le16(p + 59, 0x100 | s->mult_sectors);
448 put_le16(p + 60, s->nb_sectors);
449 put_le16(p + 61, s->nb_sectors >> 16);
450 put_le16(p + 80, (1 << 1) | (1 << 2));
451 put_le16(p + 82, (1 << 14));
452 put_le16(p + 83, (1 << 14));
453 put_le16(p + 84, (1 << 14));
454 put_le16(p + 85, (1 << 14));
456 put_le16(p + 87, (1 << 14));
457 put_le16(p + 88, 0x1f | (1 << 13));
458 put_le16(p + 93, 1 | (1 << 14) | 0x2000 | 0x4000);
461 static void ide_atapi_identify(IDEState *s)
466 memset(s->io_buffer, 0, 512);
467 p = (uint16_t *)s->io_buffer;
468 /* Removable CDROM, 50us response, 12 byte packets */
469 put_le16(p + 0, (2 << 14) | (5 << 8) | (1 << 7) | (2 << 5) | (0 << 0));
470 snprintf(buf, sizeof(buf), "QM%05d", s->drive_serial);
471 padstr((uint8_t *)(p + 10), buf, 20); /* serial number */
472 put_le16(p + 20, 3); /* buffer type */
473 put_le16(p + 21, 512); /* cache size in sectors */
474 put_le16(p + 22, 4); /* ecc bytes */
475 padstr((uint8_t *)(p + 23), QEMU_VERSION, 8); /* firmware version */
476 padstr((uint8_t *)(p + 27), "QEMU CD-ROM", 40); /* model */
477 put_le16(p + 48, 1); /* dword I/O (XXX: should not be set on CDROM) */
478 put_le16(p + 49, 1 << 9); /* LBA supported, no DMA */
479 put_le16(p + 53, 3); /* words 64-70, 54-58 valid */
480 put_le16(p + 63, 0x103); /* DMA modes XXX: may be incorrect */
481 put_le16(p + 64, 1); /* PIO modes */
482 put_le16(p + 65, 0xb4); /* minimum DMA multiword tx cycle time */
483 put_le16(p + 66, 0xb4); /* recommended DMA multiword tx cycle time */
484 put_le16(p + 67, 0x12c); /* minimum PIO cycle time without flow control */
485 put_le16(p + 68, 0xb4); /* minimum PIO cycle time with IORDY flow control */
487 put_le16(p + 71, 30); /* in ns */
488 put_le16(p + 72, 30); /* in ns */
490 put_le16(p + 80, 0x1e); /* support up to ATA/ATAPI-4 */
493 static void ide_set_signature(IDEState *s)
495 s->select &= 0xf0; /* clear head */
511 static inline void ide_abort_command(IDEState *s)
513 s->status = READY_STAT | ERR_STAT;
517 static inline void ide_set_irq(IDEState *s)
519 BMDMAState *bm = s->bmdma;
520 if (!(s->cmd & IDE_CMD_DISABLE_IRQ)) {
522 bm->status |= BM_STATUS_INT;
524 s->set_irq(s->irq_opaque, s->irq, 1);
528 /* prepare data transfer and tell what to do after */
529 static void ide_transfer_start(IDEState *s, uint8_t *buf, int size,
530 EndTransferFunc *end_transfer_func)
532 s->end_transfer_func = end_transfer_func;
534 s->data_end = buf + size;
535 s->status |= DRQ_STAT;
538 static void ide_transfer_stop(IDEState *s)
540 s->end_transfer_func = ide_transfer_stop;
541 s->data_ptr = s->io_buffer;
542 s->data_end = s->io_buffer;
543 s->status &= ~DRQ_STAT;
546 static int64_t ide_get_sector(IDEState *s)
549 if (s->select & 0x40) {
551 sector_num = ((s->select & 0x0f) << 24) | (s->hcyl << 16) |
552 (s->lcyl << 8) | s->sector;
554 sector_num = ((s->hcyl << 8) | s->lcyl) * s->heads * s->sectors +
555 (s->select & 0x0f) * s->sectors +
561 static void ide_set_sector(IDEState *s, int64_t sector_num)
564 if (s->select & 0x40) {
565 s->select = (s->select & 0xf0) | (sector_num >> 24);
566 s->hcyl = (sector_num >> 16);
567 s->lcyl = (sector_num >> 8);
568 s->sector = (sector_num);
570 cyl = sector_num / (s->heads * s->sectors);
571 r = sector_num % (s->heads * s->sectors);
574 s->select = (s->select & 0xf0) | ((r / s->sectors) & 0x0f);
575 s->sector = (r % s->sectors) + 1;
579 static void ide_sector_read(IDEState *s)
584 s->status = READY_STAT | SEEK_STAT;
585 s->error = 0; /* not needed by IDE spec, but needed by Windows */
586 sector_num = ide_get_sector(s);
589 /* no more sector to read from disk */
590 ide_transfer_stop(s);
592 #if defined(DEBUG_IDE)
593 printf("read sector=%Ld\n", sector_num);
595 if (n > s->req_nb_sectors)
596 n = s->req_nb_sectors;
597 ret = bdrv_read(s->bs, sector_num, s->io_buffer, n);
598 ide_transfer_start(s, s->io_buffer, 512 * n, ide_sector_read);
600 ide_set_sector(s, sector_num + n);
605 static int ide_read_dma_cb(IDEState *s,
606 target_phys_addr_t phys_addr,
609 int len, transfer_size, n;
612 transfer_size = transfer_size1;
613 while (transfer_size > 0) {
614 len = s->io_buffer_size - s->io_buffer_index;
616 /* transfert next data */
620 if (n > MAX_MULT_SECTORS)
621 n = MAX_MULT_SECTORS;
622 sector_num = ide_get_sector(s);
623 bdrv_read(s->bs, sector_num, s->io_buffer, n);
624 s->io_buffer_index = 0;
625 s->io_buffer_size = n * 512;
626 len = s->io_buffer_size;
628 ide_set_sector(s, sector_num);
631 if (len > transfer_size)
633 cpu_physical_memory_write(phys_addr,
634 s->io_buffer + s->io_buffer_index, len);
635 s->io_buffer_index += len;
636 transfer_size -= len;
639 if (s->io_buffer_index >= s->io_buffer_size && s->nsector == 0) {
640 s->status = READY_STAT | SEEK_STAT;
642 #ifdef DEBUG_IDE_ATAPI
643 printf("dma status=0x%x\n", s->status);
647 return transfer_size1 - transfer_size;
650 static void ide_sector_read_dma(IDEState *s)
652 s->status = READY_STAT | SEEK_STAT | DRQ_STAT;
653 s->io_buffer_index = 0;
654 s->io_buffer_size = 0;
655 ide_dma_start(s, ide_read_dma_cb);
658 static void ide_sector_write_timer_cb(void *opaque)
660 IDEState *s = opaque;
664 static void ide_sector_write(IDEState *s)
669 s->status = READY_STAT | SEEK_STAT;
670 sector_num = ide_get_sector(s);
671 #if defined(DEBUG_IDE)
672 printf("write sector=%Ld\n", sector_num);
675 if (n > s->req_nb_sectors)
676 n = s->req_nb_sectors;
677 ret = bdrv_write(s->bs, sector_num, s->io_buffer, n);
679 if (s->nsector == 0) {
680 /* no more sector to write */
681 ide_transfer_stop(s);
684 if (n1 > s->req_nb_sectors)
685 n1 = s->req_nb_sectors;
686 ide_transfer_start(s, s->io_buffer, 512 * n1, ide_sector_write);
688 ide_set_sector(s, sector_num + n);
691 if (win2k_install_hack) {
692 /* It seems there is a bug in the Windows 2000 installer HDD
693 IDE driver which fills the disk with empty logs when the
694 IDE write IRQ comes too early. This hack tries to correct
695 that at the expense of slower write performances. Use this
696 option _only_ to install Windows 2000. You must disable it
698 qemu_mod_timer(s->sector_write_timer,
699 qemu_get_clock(vm_clock) + (ticks_per_sec / 1000));
707 static int ide_write_dma_cb(IDEState *s,
708 target_phys_addr_t phys_addr,
711 int len, transfer_size, n;
714 transfer_size = transfer_size1;
716 len = s->io_buffer_size - s->io_buffer_index;
718 n = s->io_buffer_size >> 9;
719 sector_num = ide_get_sector(s);
720 bdrv_write(s->bs, sector_num, s->io_buffer,
721 s->io_buffer_size >> 9);
723 ide_set_sector(s, sector_num);
727 /* end of transfer */
728 s->status = READY_STAT | SEEK_STAT;
732 if (n > MAX_MULT_SECTORS)
733 n = MAX_MULT_SECTORS;
734 s->io_buffer_index = 0;
735 s->io_buffer_size = n * 512;
736 len = s->io_buffer_size;
738 if (transfer_size <= 0)
740 if (len > transfer_size)
742 cpu_physical_memory_read(phys_addr,
743 s->io_buffer + s->io_buffer_index, len);
744 s->io_buffer_index += len;
745 transfer_size -= len;
748 return transfer_size1 - transfer_size;
751 static void ide_sector_write_dma(IDEState *s)
754 s->status = READY_STAT | SEEK_STAT | DRQ_STAT;
756 if (n > MAX_MULT_SECTORS)
757 n = MAX_MULT_SECTORS;
758 s->io_buffer_index = 0;
759 s->io_buffer_size = n * 512;
760 ide_dma_start(s, ide_write_dma_cb);
763 static void ide_atapi_cmd_ok(IDEState *s)
766 s->status = READY_STAT;
767 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
771 static void ide_atapi_cmd_error(IDEState *s, int sense_key, int asc)
773 #ifdef DEBUG_IDE_ATAPI
774 printf("atapi_cmd_error: sense=0x%x asc=0x%x\n", sense_key, asc);
776 s->error = sense_key << 4;
777 s->status = READY_STAT | ERR_STAT;
778 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
779 s->sense_key = sense_key;
784 static inline void cpu_to_ube16(uint8_t *buf, int val)
790 static inline void cpu_to_ube32(uint8_t *buf, unsigned int val)
798 static inline int ube16_to_cpu(const uint8_t *buf)
800 return (buf[0] << 8) | buf[1];
803 static inline int ube32_to_cpu(const uint8_t *buf)
805 return (buf[0] << 24) | (buf[1] << 16) | (buf[2] << 8) | buf[3];
808 static void lba_to_msf(uint8_t *buf, int lba)
811 buf[0] = (lba / 75) / 60;
812 buf[1] = (lba / 75) % 60;
816 static void cd_read_sector(BlockDriverState *bs, int lba, uint8_t *buf,
819 switch(sector_size) {
821 bdrv_read(bs, (int64_t)lba << 2, buf, 4);
826 memset(buf + 1, 0xff, 10);
830 lba_to_msf(buf, lba);
831 buf[3] = 0x01; /* mode 1 data */
834 bdrv_read(bs, (int64_t)lba << 2, buf, 4);
844 /* The whole ATAPI transfer logic is handled in this function */
845 static void ide_atapi_cmd_reply_end(IDEState *s)
847 int byte_count_limit, size;
848 #ifdef DEBUG_IDE_ATAPI
849 printf("reply: tx_size=%d elem_tx_size=%d index=%d\n",
850 s->packet_transfer_size,
851 s->elementary_transfer_size,
854 if (s->packet_transfer_size <= 0) {
855 /* end of transfer */
856 ide_transfer_stop(s);
857 s->status = READY_STAT;
858 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
860 #ifdef DEBUG_IDE_ATAPI
861 printf("status=0x%x\n", s->status);
864 /* see if a new sector must be read */
865 if (s->lba != -1 && s->io_buffer_index >= s->cd_sector_size) {
866 cd_read_sector(s->bs, s->lba, s->io_buffer, s->cd_sector_size);
868 s->io_buffer_index = 0;
870 if (s->elementary_transfer_size > 0) {
871 /* there are some data left to transmit in this elementary
873 size = s->cd_sector_size - s->io_buffer_index;
874 if (size > s->elementary_transfer_size)
875 size = s->elementary_transfer_size;
876 ide_transfer_start(s, s->io_buffer + s->io_buffer_index,
877 size, ide_atapi_cmd_reply_end);
878 s->packet_transfer_size -= size;
879 s->elementary_transfer_size -= size;
880 s->io_buffer_index += size;
882 /* a new transfer is needed */
883 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO;
884 byte_count_limit = s->lcyl | (s->hcyl << 8);
885 #ifdef DEBUG_IDE_ATAPI
886 printf("byte_count_limit=%d\n", byte_count_limit);
888 if (byte_count_limit == 0xffff)
890 size = s->packet_transfer_size;
891 if (size > byte_count_limit) {
892 /* byte count limit must be even if this case */
893 if (byte_count_limit & 1)
895 size = byte_count_limit;
899 s->elementary_transfer_size = size;
900 /* we cannot transmit more than one sector at a time */
902 if (size > (s->cd_sector_size - s->io_buffer_index))
903 size = (s->cd_sector_size - s->io_buffer_index);
905 ide_transfer_start(s, s->io_buffer + s->io_buffer_index,
906 size, ide_atapi_cmd_reply_end);
907 s->packet_transfer_size -= size;
908 s->elementary_transfer_size -= size;
909 s->io_buffer_index += size;
911 #ifdef DEBUG_IDE_ATAPI
912 printf("status=0x%x\n", s->status);
918 /* send a reply of 'size' bytes in s->io_buffer to an ATAPI command */
919 static void ide_atapi_cmd_reply(IDEState *s, int size, int max_size)
923 s->lba = -1; /* no sector read */
924 s->packet_transfer_size = size;
925 s->elementary_transfer_size = 0;
926 s->io_buffer_index = 0;
928 s->status = READY_STAT;
929 ide_atapi_cmd_reply_end(s);
932 /* start a CD-CDROM read command */
933 static void ide_atapi_cmd_read_pio(IDEState *s, int lba, int nb_sectors,
937 s->packet_transfer_size = nb_sectors * sector_size;
938 s->elementary_transfer_size = 0;
939 s->io_buffer_index = sector_size;
940 s->cd_sector_size = sector_size;
942 s->status = READY_STAT;
943 ide_atapi_cmd_reply_end(s);
946 /* ATAPI DMA support */
947 static int ide_atapi_cmd_read_dma_cb(IDEState *s,
948 target_phys_addr_t phys_addr,
951 int len, transfer_size;
953 transfer_size = transfer_size1;
954 while (transfer_size > 0) {
955 #ifdef DEBUG_IDE_ATAPI
956 printf("transfer_size: %d phys_addr=%08x\n", transfer_size, phys_addr);
958 if (s->packet_transfer_size <= 0)
960 len = s->cd_sector_size - s->io_buffer_index;
962 /* transfert next data */
963 cd_read_sector(s->bs, s->lba, s->io_buffer, s->cd_sector_size);
965 s->io_buffer_index = 0;
966 len = s->cd_sector_size;
968 if (len > transfer_size)
970 cpu_physical_memory_write(phys_addr,
971 s->io_buffer + s->io_buffer_index, len);
972 s->packet_transfer_size -= len;
973 s->io_buffer_index += len;
974 transfer_size -= len;
977 if (s->packet_transfer_size <= 0) {
978 s->status = READY_STAT;
979 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
981 #ifdef DEBUG_IDE_ATAPI
982 printf("dma status=0x%x\n", s->status);
986 return transfer_size1 - transfer_size;
989 /* start a CD-CDROM read command with DMA */
990 /* XXX: test if DMA is available */
991 static void ide_atapi_cmd_read_dma(IDEState *s, int lba, int nb_sectors,
995 s->packet_transfer_size = nb_sectors * sector_size;
996 s->io_buffer_index = sector_size;
997 s->cd_sector_size = sector_size;
999 s->status = READY_STAT | DRQ_STAT;
1000 ide_dma_start(s, ide_atapi_cmd_read_dma_cb);
1003 static void ide_atapi_cmd_read(IDEState *s, int lba, int nb_sectors,
1006 #ifdef DEBUG_IDE_ATAPI
1007 printf("read: LBA=%d nb_sectors=%d\n", lba, nb_sectors);
1010 ide_atapi_cmd_read_dma(s, lba, nb_sectors, sector_size);
1012 ide_atapi_cmd_read_pio(s, lba, nb_sectors, sector_size);
1016 /* same toc as bochs. Return -1 if error or the toc length */
1017 /* XXX: check this */
1018 static int cdrom_read_toc(IDEState *s, uint8_t *buf, int msf, int start_track)
1021 int nb_sectors, len;
1023 if (start_track > 1 && start_track != 0xaa)
1026 *q++ = 1; /* first session */
1027 *q++ = 1; /* last session */
1028 if (start_track <= 1) {
1029 *q++ = 0; /* reserved */
1030 *q++ = 0x14; /* ADR, control */
1031 *q++ = 1; /* track number */
1032 *q++ = 0; /* reserved */
1034 *q++ = 0; /* reserved */
1043 /* lead out track */
1044 *q++ = 0; /* reserved */
1045 *q++ = 0x16; /* ADR, control */
1046 *q++ = 0xaa; /* track number */
1047 *q++ = 0; /* reserved */
1048 nb_sectors = s->nb_sectors >> 2;
1050 *q++ = 0; /* reserved */
1051 lba_to_msf(q, nb_sectors);
1054 cpu_to_ube32(q, nb_sectors);
1058 cpu_to_ube16(buf, len - 2);
1062 /* mostly same info as PearPc */
1063 static int cdrom_read_toc_raw(IDEState *s, uint8_t *buf, int msf,
1067 int nb_sectors, len;
1070 *q++ = 1; /* first session */
1071 *q++ = 1; /* last session */
1073 *q++ = 1; /* session number */
1074 *q++ = 0x14; /* data track */
1075 *q++ = 0; /* track number */
1076 *q++ = 0xa0; /* lead-in */
1079 *q++ = 0; /* frame */
1081 *q++ = 1; /* first track */
1082 *q++ = 0x00; /* disk type */
1085 *q++ = 1; /* session number */
1086 *q++ = 0x14; /* data track */
1087 *q++ = 0; /* track number */
1091 *q++ = 0; /* frame */
1093 *q++ = 1; /* last track */
1097 *q++ = 1; /* session number */
1098 *q++ = 0x14; /* data track */
1099 *q++ = 0; /* track number */
1100 *q++ = 0xa2; /* lead-out */
1103 *q++ = 0; /* frame */
1104 nb_sectors = s->nb_sectors >> 2;
1106 *q++ = 0; /* reserved */
1107 lba_to_msf(q, nb_sectors);
1110 cpu_to_ube32(q, nb_sectors);
1114 *q++ = 1; /* session number */
1115 *q++ = 0x14; /* ADR, control */
1116 *q++ = 0; /* track number */
1117 *q++ = 1; /* point */
1120 *q++ = 0; /* frame */
1133 cpu_to_ube16(buf, len - 2);
1137 static void ide_atapi_cmd(IDEState *s)
1139 const uint8_t *packet;
1143 packet = s->io_buffer;
1145 #ifdef DEBUG_IDE_ATAPI
1148 printf("ATAPI limit=0x%x packet:", s->lcyl | (s->hcyl << 8));
1149 for(i = 0; i < ATAPI_PACKET_SIZE; i++) {
1150 printf(" %02x", packet[i]);
1155 switch(s->io_buffer[0]) {
1156 case GPCMD_TEST_UNIT_READY:
1157 if (bdrv_is_inserted(s->bs)) {
1158 ide_atapi_cmd_ok(s);
1160 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1161 ASC_MEDIUM_NOT_PRESENT);
1164 case GPCMD_MODE_SENSE_10:
1167 max_len = ube16_to_cpu(packet + 7);
1168 action = packet[2] >> 6;
1169 code = packet[2] & 0x3f;
1171 case 0: /* current values */
1173 case 0x01: /* error recovery */
1174 cpu_to_ube16(&buf[0], 16 + 6);
1190 ide_atapi_cmd_reply(s, 16, max_len);
1193 cpu_to_ube16(&buf[0], 28 + 6);
1208 buf[14] = (1 << 0) | (1 << 3) | (1 << 5);
1209 if (bdrv_is_locked(s->bs))
1212 cpu_to_ube16(&buf[16], 706);
1215 cpu_to_ube16(&buf[20], 512);
1216 cpu_to_ube16(&buf[22], 706);
1221 ide_atapi_cmd_reply(s, 28, max_len);
1227 case 1: /* changeable values */
1229 case 2: /* default values */
1232 case 3: /* saved values */
1233 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1234 ASC_SAVING_PARAMETERS_NOT_SUPPORTED);
1239 case GPCMD_REQUEST_SENSE:
1240 max_len = packet[4];
1242 buf[0] = 0x70 | (1 << 7);
1243 buf[2] = s->sense_key;
1246 ide_atapi_cmd_reply(s, 18, max_len);
1248 case GPCMD_PREVENT_ALLOW_MEDIUM_REMOVAL:
1249 if (bdrv_is_inserted(s->bs)) {
1250 bdrv_set_locked(s->bs, packet[4] & 1);
1251 ide_atapi_cmd_ok(s);
1253 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1254 ASC_MEDIUM_NOT_PRESENT);
1260 int nb_sectors, lba;
1262 if (!bdrv_is_inserted(s->bs)) {
1263 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1264 ASC_MEDIUM_NOT_PRESENT);
1267 if (packet[0] == GPCMD_READ_10)
1268 nb_sectors = ube16_to_cpu(packet + 7);
1270 nb_sectors = ube32_to_cpu(packet + 6);
1271 lba = ube32_to_cpu(packet + 2);
1272 if (nb_sectors == 0) {
1273 ide_atapi_cmd_ok(s);
1276 if (((int64_t)(lba + nb_sectors) << 2) > s->nb_sectors) {
1277 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1278 ASC_LOGICAL_BLOCK_OOR);
1281 ide_atapi_cmd_read(s, lba, nb_sectors, 2048);
1286 int nb_sectors, lba, transfer_request;
1288 if (!bdrv_is_inserted(s->bs)) {
1289 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1290 ASC_MEDIUM_NOT_PRESENT);
1293 nb_sectors = (packet[6] << 16) | (packet[7] << 8) | packet[8];
1294 lba = ube32_to_cpu(packet + 2);
1295 if (nb_sectors == 0) {
1296 ide_atapi_cmd_ok(s);
1299 if (((int64_t)(lba + nb_sectors) << 2) > s->nb_sectors) {
1300 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1301 ASC_LOGICAL_BLOCK_OOR);
1304 transfer_request = packet[9];
1305 switch(transfer_request & 0xf8) {
1308 ide_atapi_cmd_ok(s);
1312 ide_atapi_cmd_read(s, lba, nb_sectors, 2048);
1316 ide_atapi_cmd_read(s, lba, nb_sectors, 2352);
1319 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1320 ASC_INV_FIELD_IN_CMD_PACKET);
1328 if (!bdrv_is_inserted(s->bs)) {
1329 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1330 ASC_MEDIUM_NOT_PRESENT);
1333 lba = ube32_to_cpu(packet + 2);
1334 if (((int64_t)lba << 2) > s->nb_sectors) {
1335 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1336 ASC_LOGICAL_BLOCK_OOR);
1339 ide_atapi_cmd_ok(s);
1342 case GPCMD_START_STOP_UNIT:
1345 start = packet[4] & 1;
1346 eject = (packet[4] >> 1) & 1;
1348 if (eject && !start) {
1349 /* eject the disk */
1352 ide_atapi_cmd_ok(s);
1355 case GPCMD_MECHANISM_STATUS:
1357 max_len = ube16_to_cpu(packet + 8);
1358 cpu_to_ube16(buf, 0);
1359 /* no current LBA */
1364 cpu_to_ube16(buf + 6, 0);
1365 ide_atapi_cmd_reply(s, 8, max_len);
1368 case GPCMD_READ_TOC_PMA_ATIP:
1370 int format, msf, start_track, len;
1372 if (!bdrv_is_inserted(s->bs)) {
1373 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1374 ASC_MEDIUM_NOT_PRESENT);
1377 max_len = ube16_to_cpu(packet + 7);
1378 format = packet[9] >> 6;
1379 msf = (packet[1] >> 1) & 1;
1380 start_track = packet[6];
1383 len = cdrom_read_toc(s, buf, msf, start_track);
1386 ide_atapi_cmd_reply(s, len, max_len);
1389 /* multi session : only a single session defined */
1394 ide_atapi_cmd_reply(s, 12, max_len);
1397 len = cdrom_read_toc_raw(s, buf, msf, start_track);
1400 ide_atapi_cmd_reply(s, len, max_len);
1404 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1405 ASC_INV_FIELD_IN_CMD_PACKET);
1410 case GPCMD_READ_CDVD_CAPACITY:
1411 if (!bdrv_is_inserted(s->bs)) {
1412 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1413 ASC_MEDIUM_NOT_PRESENT);
1416 /* NOTE: it is really the number of sectors minus 1 */
1417 cpu_to_ube32(buf, (s->nb_sectors >> 2) - 1);
1418 cpu_to_ube32(buf + 4, 2048);
1419 ide_atapi_cmd_reply(s, 8, 8);
1422 max_len = packet[4];
1423 buf[0] = 0x05; /* CD-ROM */
1424 buf[1] = 0x80; /* removable */
1425 buf[2] = 0x00; /* ISO */
1426 buf[3] = 0x21; /* ATAPI-2 (XXX: put ATAPI-4 ?) */
1427 buf[4] = 31; /* additionnal length */
1428 buf[5] = 0; /* reserved */
1429 buf[6] = 0; /* reserved */
1430 buf[7] = 0; /* reserved */
1431 padstr8(buf + 8, 8, "QEMU");
1432 padstr8(buf + 16, 16, "QEMU CD-ROM");
1433 padstr8(buf + 32, 4, QEMU_VERSION);
1434 ide_atapi_cmd_reply(s, 36, max_len);
1437 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1438 ASC_ILLEGAL_OPCODE);
1443 /* called when the inserted state of the media has changed */
1444 static void cdrom_change_cb(void *opaque)
1446 IDEState *s = opaque;
1449 /* XXX: send interrupt too */
1450 bdrv_get_geometry(s->bs, &nb_sectors);
1451 s->nb_sectors = nb_sectors;
1454 static void ide_ioport_write(void *opaque, uint32_t addr, uint32_t val)
1456 IDEState *ide_if = opaque;
1461 printf("IDE: write addr=0x%x val=0x%02x\n", addr, val);
1468 /* NOTE: data is written to the two drives */
1469 ide_if[0].feature = val;
1470 ide_if[1].feature = val;
1475 ide_if[0].nsector = val;
1476 ide_if[1].nsector = val;
1479 ide_if[0].sector = val;
1480 ide_if[1].sector = val;
1483 ide_if[0].lcyl = val;
1484 ide_if[1].lcyl = val;
1487 ide_if[0].hcyl = val;
1488 ide_if[1].hcyl = val;
1491 ide_if[0].select = (val & ~0x10) | 0xa0;
1492 ide_if[1].select = (val | 0x10) | 0xa0;
1494 unit = (val >> 4) & 1;
1496 ide_if->cur_drive = s;
1501 #if defined(DEBUG_IDE)
1502 printf("ide: CMD=%02x\n", val);
1504 s = ide_if->cur_drive;
1505 /* ignore commands to non existant slave */
1506 if (s != ide_if && !s->bs)
1510 if (s->bs && !s->is_cdrom) {
1512 s->status = READY_STAT | SEEK_STAT;
1513 ide_transfer_start(s, s->io_buffer, 512, ide_transfer_stop);
1516 ide_set_signature(s);
1518 ide_abort_command(s);
1525 s->status = READY_STAT | SEEK_STAT;
1529 if (s->nsector > MAX_MULT_SECTORS ||
1531 (s->nsector & (s->nsector - 1)) != 0) {
1532 ide_abort_command(s);
1534 s->mult_sectors = s->nsector;
1535 s->status = READY_STAT;
1540 case WIN_VERIFY_ONCE:
1541 /* do sector number check ? */
1542 s->status = READY_STAT;
1549 s->req_nb_sectors = 1;
1553 case WIN_WRITE_ONCE:
1555 s->status = SEEK_STAT | READY_STAT;
1556 s->req_nb_sectors = 1;
1557 ide_transfer_start(s, s->io_buffer, 512, ide_sector_write);
1560 if (!s->mult_sectors)
1562 s->req_nb_sectors = s->mult_sectors;
1566 if (!s->mult_sectors)
1569 s->status = SEEK_STAT | READY_STAT;
1570 s->req_nb_sectors = s->mult_sectors;
1572 if (n > s->req_nb_sectors)
1573 n = s->req_nb_sectors;
1574 ide_transfer_start(s, s->io_buffer, 512 * n, ide_sector_write);
1577 case WIN_READDMA_ONCE:
1580 ide_sector_read_dma(s);
1583 case WIN_WRITEDMA_ONCE:
1586 ide_sector_write_dma(s);
1588 case WIN_READ_NATIVE_MAX:
1589 ide_set_sector(s, s->nb_sectors - 1);
1590 s->status = READY_STAT;
1593 case WIN_CHECKPOWERMODE1:
1594 s->nsector = 0xff; /* device active or idle */
1595 s->status = READY_STAT;
1598 case WIN_SETFEATURES:
1601 /* XXX: valid for CDROM ? */
1602 switch(s->feature) {
1603 case 0x02: /* write cache enable */
1604 case 0x03: /* set transfer mode */
1605 case 0x82: /* write cache disable */
1606 case 0xaa: /* read look-ahead enable */
1607 case 0x55: /* read look-ahead disable */
1608 s->status = READY_STAT | SEEK_STAT;
1615 case WIN_STANDBYNOW1:
1616 case WIN_IDLEIMMEDIATE:
1617 case WIN_FLUSH_CACHE:
1618 s->status = READY_STAT;
1621 /* ATAPI commands */
1624 ide_atapi_identify(s);
1625 s->status = READY_STAT;
1626 ide_transfer_start(s, s->io_buffer, 512, ide_transfer_stop);
1628 ide_abort_command(s);
1633 ide_set_signature(s);
1634 s->status = 0x00; /* NOTE: READY is _not_ set */
1640 ide_set_signature(s);
1641 s->status = 0x00; /* NOTE: READY is _not_ set */
1647 /* overlapping commands not supported */
1648 if (s->feature & 0x02)
1650 s->atapi_dma = s->feature & 1;
1652 ide_transfer_start(s, s->io_buffer, ATAPI_PACKET_SIZE,
1657 ide_abort_command(s);
1664 static uint32_t ide_ioport_read(void *opaque, uint32_t addr1)
1666 IDEState *ide_if = opaque;
1667 IDEState *s = ide_if->cur_drive;
1677 if (!ide_if[0].bs && !ide_if[1].bs)
1683 if (!ide_if[0].bs && !ide_if[1].bs)
1686 ret = s->nsector & 0xff;
1689 if (!ide_if[0].bs && !ide_if[1].bs)
1695 if (!ide_if[0].bs && !ide_if[1].bs)
1701 if (!ide_if[0].bs && !ide_if[1].bs)
1707 if (!ide_if[0].bs && !ide_if[1].bs)
1714 if ((!ide_if[0].bs && !ide_if[1].bs) ||
1715 (s != ide_if && !s->bs))
1719 s->set_irq(s->irq_opaque, s->irq, 0);
1723 printf("ide: read addr=0x%x val=%02x\n", addr1, ret);
1728 static uint32_t ide_status_read(void *opaque, uint32_t addr)
1730 IDEState *ide_if = opaque;
1731 IDEState *s = ide_if->cur_drive;
1734 if ((!ide_if[0].bs && !ide_if[1].bs) ||
1735 (s != ide_if && !s->bs))
1740 printf("ide: read status addr=0x%x val=%02x\n", addr, ret);
1745 static void ide_cmd_write(void *opaque, uint32_t addr, uint32_t val)
1747 IDEState *ide_if = opaque;
1752 printf("ide: write control addr=0x%x val=%02x\n", addr, val);
1754 /* common for both drives */
1755 if (!(ide_if[0].cmd & IDE_CMD_RESET) &&
1756 (val & IDE_CMD_RESET)) {
1757 /* reset low to high */
1758 for(i = 0;i < 2; i++) {
1760 s->status = BUSY_STAT | SEEK_STAT;
1763 } else if ((ide_if[0].cmd & IDE_CMD_RESET) &&
1764 !(val & IDE_CMD_RESET)) {
1766 for(i = 0;i < 2; i++) {
1769 s->status = 0x00; /* NOTE: READY is _not_ set */
1771 s->status = READY_STAT | SEEK_STAT;
1772 ide_set_signature(s);
1776 ide_if[0].cmd = val;
1777 ide_if[1].cmd = val;
1780 static void ide_data_writew(void *opaque, uint32_t addr, uint32_t val)
1782 IDEState *s = ((IDEState *)opaque)->cur_drive;
1786 *(uint16_t *)p = le16_to_cpu(val);
1789 if (p >= s->data_end)
1790 s->end_transfer_func(s);
1793 static uint32_t ide_data_readw(void *opaque, uint32_t addr)
1795 IDEState *s = ((IDEState *)opaque)->cur_drive;
1799 ret = cpu_to_le16(*(uint16_t *)p);
1802 if (p >= s->data_end)
1803 s->end_transfer_func(s);
1807 static void ide_data_writel(void *opaque, uint32_t addr, uint32_t val)
1809 IDEState *s = ((IDEState *)opaque)->cur_drive;
1813 *(uint32_t *)p = le32_to_cpu(val);
1816 if (p >= s->data_end)
1817 s->end_transfer_func(s);
1820 static uint32_t ide_data_readl(void *opaque, uint32_t addr)
1822 IDEState *s = ((IDEState *)opaque)->cur_drive;
1827 ret = cpu_to_le32(*(uint32_t *)p);
1830 if (p >= s->data_end)
1831 s->end_transfer_func(s);
1835 static void ide_dummy_transfer_stop(IDEState *s)
1837 s->data_ptr = s->io_buffer;
1838 s->data_end = s->io_buffer;
1839 s->io_buffer[0] = 0xff;
1840 s->io_buffer[1] = 0xff;
1841 s->io_buffer[2] = 0xff;
1842 s->io_buffer[3] = 0xff;
1845 static void ide_reset(IDEState *s)
1847 s->mult_sectors = MAX_MULT_SECTORS;
1850 s->status = READY_STAT;
1851 ide_set_signature(s);
1852 /* init the transfer handler so that 0xffff is returned on data
1854 s->end_transfer_func = ide_dummy_transfer_stop;
1855 ide_dummy_transfer_stop(s);
1859 uint8_t boot_ind; /* 0x80 - active */
1860 uint8_t head; /* starting head */
1861 uint8_t sector; /* starting sector */
1862 uint8_t cyl; /* starting cylinder */
1863 uint8_t sys_ind; /* What partition type */
1864 uint8_t end_head; /* end head */
1865 uint8_t end_sector; /* end sector */
1866 uint8_t end_cyl; /* end cylinder */
1867 uint32_t start_sect; /* starting sector counting from 0 */
1868 uint32_t nr_sects; /* nr of sectors in partition */
1869 } __attribute__((packed));
1871 /* try to guess the disk logical geometry from the MSDOS partition table. Return 0 if OK, -1 if could not guess */
1872 static int guess_disk_lchs(IDEState *s,
1873 int *pcylinders, int *pheads, int *psectors)
1876 int ret, i, heads, sectors, cylinders;
1877 struct partition *p;
1880 ret = bdrv_read(s->bs, 0, buf, 1);
1883 /* test msdos magic */
1884 if (buf[510] != 0x55 || buf[511] != 0xaa)
1886 for(i = 0; i < 4; i++) {
1887 p = ((struct partition *)(buf + 0x1be)) + i;
1888 nr_sects = le32_to_cpu(p->nr_sects);
1889 if (nr_sects && p->end_head) {
1890 /* We make the assumption that the partition terminates on
1891 a cylinder boundary */
1892 heads = p->end_head + 1;
1893 sectors = p->end_sector & 63;
1896 cylinders = s->nb_sectors / (heads * sectors);
1897 if (cylinders < 1 || cylinders > 16383)
1900 *psectors = sectors;
1901 *pcylinders = cylinders;
1903 printf("guessed geometry: LCHS=%d %d %d\n",
1904 cylinders, heads, sectors);
1912 static void ide_init2(IDEState *ide_state,
1913 BlockDriverState *hd0, BlockDriverState *hd1,
1914 SetIRQFunc *set_irq, void *irq_opaque, int irq)
1917 static int drive_serial = 1;
1918 int i, cylinders, heads, secs, translation;
1921 for(i = 0; i < 2; i++) {
1928 bdrv_get_geometry(s->bs, &nb_sectors);
1929 s->nb_sectors = nb_sectors;
1930 /* if a geometry hint is available, use it */
1931 bdrv_get_geometry_hint(s->bs, &cylinders, &heads, &secs);
1932 if (cylinders != 0) {
1933 s->cylinders = cylinders;
1937 if (guess_disk_lchs(s, &cylinders, &heads, &secs) == 0) {
1939 /* if heads > 16, it means that a BIOS LBA
1940 translation was active, so the default
1941 hardware geometry is OK */
1942 goto default_geometry;
1944 s->cylinders = cylinders;
1947 /* disable any translation to be in sync with
1948 the logical geometry */
1949 translation = bdrv_get_translation_hint(s->bs);
1950 if (translation == BIOS_ATA_TRANSLATION_AUTO) {
1951 bdrv_set_translation_hint(s->bs,
1952 BIOS_ATA_TRANSLATION_NONE);
1957 /* if no geometry, use a standard physical disk geometry */
1958 cylinders = nb_sectors / (16 * 63);
1959 if (cylinders > 16383)
1961 else if (cylinders < 2)
1963 s->cylinders = cylinders;
1967 bdrv_set_geometry_hint(s->bs, s->cylinders, s->heads, s->sectors);
1969 if (bdrv_get_type_hint(s->bs) == BDRV_TYPE_CDROM) {
1971 bdrv_set_change_cb(s->bs, cdrom_change_cb, s);
1974 s->drive_serial = drive_serial++;
1975 s->set_irq = set_irq;
1976 s->irq_opaque = irq_opaque;
1978 s->sector_write_timer = qemu_new_timer(vm_clock,
1979 ide_sector_write_timer_cb, s);
1984 static void ide_init_ioport(IDEState *ide_state, int iobase, int iobase2)
1986 register_ioport_write(iobase, 8, 1, ide_ioport_write, ide_state);
1987 register_ioport_read(iobase, 8, 1, ide_ioport_read, ide_state);
1989 register_ioport_read(iobase2, 1, 1, ide_status_read, ide_state);
1990 register_ioport_write(iobase2, 1, 1, ide_cmd_write, ide_state);
1994 register_ioport_write(iobase, 2, 2, ide_data_writew, ide_state);
1995 register_ioport_read(iobase, 2, 2, ide_data_readw, ide_state);
1996 register_ioport_write(iobase, 4, 4, ide_data_writel, ide_state);
1997 register_ioport_read(iobase, 4, 4, ide_data_readl, ide_state);
2000 /***********************************************************/
2001 /* ISA IDE definitions */
2003 void isa_ide_init(int iobase, int iobase2, int irq,
2004 BlockDriverState *hd0, BlockDriverState *hd1)
2006 IDEState *ide_state;
2008 ide_state = qemu_mallocz(sizeof(IDEState) * 2);
2012 ide_init2(ide_state, hd0, hd1, pic_set_irq_new, isa_pic, irq);
2013 ide_init_ioport(ide_state, iobase, iobase2);
2016 /***********************************************************/
2017 /* PCI IDE definitions */
2019 static void cmd646_update_irq(PCIIDEState *d);
2021 static void ide_map(PCIDevice *pci_dev, int region_num,
2022 uint32_t addr, uint32_t size, int type)
2024 PCIIDEState *d = (PCIIDEState *)pci_dev;
2025 IDEState *ide_state;
2027 if (region_num <= 3) {
2028 ide_state = &d->ide_if[(region_num >> 1) * 2];
2029 if (region_num & 1) {
2030 register_ioport_read(addr + 2, 1, 1, ide_status_read, ide_state);
2031 register_ioport_write(addr + 2, 1, 1, ide_cmd_write, ide_state);
2033 register_ioport_write(addr, 8, 1, ide_ioport_write, ide_state);
2034 register_ioport_read(addr, 8, 1, ide_ioport_read, ide_state);
2037 register_ioport_write(addr, 2, 2, ide_data_writew, ide_state);
2038 register_ioport_read(addr, 2, 2, ide_data_readw, ide_state);
2039 register_ioport_write(addr, 4, 4, ide_data_writel, ide_state);
2040 register_ioport_read(addr, 4, 4, ide_data_readl, ide_state);
2045 /* XXX: full callback usage to prepare non blocking I/Os support -
2047 static void ide_dma_loop(BMDMAState *bm)
2053 target_phys_addr_t cur_addr;
2056 cur_addr = bm->addr;
2057 /* at most one page to avoid hanging if erroneous parameters */
2058 for(i = 0; i < 512; i++) {
2059 cpu_physical_memory_read(cur_addr, (uint8_t *)&prd, 8);
2060 prd.addr = le32_to_cpu(prd.addr);
2061 prd.size = le32_to_cpu(prd.size);
2063 printf("ide: dma: prd: %08x: addr=0x%08x size=0x%08x\n",
2064 (int)cur_addr, prd.addr, prd.size);
2066 len = prd.size & 0xfffe;
2070 len1 = bm->dma_cb(bm->ide_if, prd.addr, len);
2076 /* end of transfer */
2077 if (prd.size & 0x80000000)
2081 /* end of transfer */
2083 bm->status &= ~BM_STATUS_DMAING;
2084 bm->status |= BM_STATUS_INT;
2089 static void ide_dma_start(IDEState *s, IDEDMAFunc *dma_cb)
2091 BMDMAState *bm = s->bmdma;
2095 bm->dma_cb = dma_cb;
2096 if (bm->status & BM_STATUS_DMAING) {
2101 static void bmdma_cmd_writeb(void *opaque, uint32_t addr, uint32_t val)
2103 BMDMAState *bm = opaque;
2105 printf("%s: 0x%08x\n", __func__, val);
2107 if (!(val & BM_CMD_START)) {
2108 /* XXX: do it better */
2109 bm->status &= ~BM_STATUS_DMAING;
2110 bm->cmd = val & 0x09;
2112 bm->status |= BM_STATUS_DMAING;
2113 bm->cmd = val & 0x09;
2114 /* start dma transfer if possible */
2120 static uint32_t bmdma_readb(void *opaque, uint32_t addr)
2122 BMDMAState *bm = opaque;
2123 PCIIDEState *pci_dev;
2131 pci_dev = bm->pci_dev;
2132 if (pci_dev->type == IDE_TYPE_CMD646) {
2133 val = pci_dev->dev.config[MRDMODE];
2142 pci_dev = bm->pci_dev;
2143 if (pci_dev->type == IDE_TYPE_CMD646) {
2144 if (bm == &pci_dev->bmdma[0])
2145 val = pci_dev->dev.config[UDIDETCR0];
2147 val = pci_dev->dev.config[UDIDETCR1];
2157 printf("bmdma: readb 0x%02x : 0x%02x\n", addr, val);
2162 static void bmdma_writeb(void *opaque, uint32_t addr, uint32_t val)
2164 BMDMAState *bm = opaque;
2165 PCIIDEState *pci_dev;
2167 printf("bmdma: writeb 0x%02x : 0x%02x\n", addr, val);
2171 pci_dev = bm->pci_dev;
2172 if (pci_dev->type == IDE_TYPE_CMD646) {
2173 pci_dev->dev.config[MRDMODE] =
2174 (pci_dev->dev.config[MRDMODE] & ~0x30) | (val & 0x30);
2175 cmd646_update_irq(pci_dev);
2179 bm->status = (val & 0x60) | (bm->status & 1) | (bm->status & ~val & 0x06);
2182 pci_dev = bm->pci_dev;
2183 if (pci_dev->type == IDE_TYPE_CMD646) {
2184 if (bm == &pci_dev->bmdma[0])
2185 pci_dev->dev.config[UDIDETCR0] = val;
2187 pci_dev->dev.config[UDIDETCR1] = val;
2193 static uint32_t bmdma_addr_readl(void *opaque, uint32_t addr)
2195 BMDMAState *bm = opaque;
2199 printf("%s: 0x%08x\n", __func__, val);
2204 static void bmdma_addr_writel(void *opaque, uint32_t addr, uint32_t val)
2206 BMDMAState *bm = opaque;
2208 printf("%s: 0x%08x\n", __func__, val);
2210 bm->addr = val & ~3;
2213 static void bmdma_map(PCIDevice *pci_dev, int region_num,
2214 uint32_t addr, uint32_t size, int type)
2216 PCIIDEState *d = (PCIIDEState *)pci_dev;
2219 for(i = 0;i < 2; i++) {
2220 BMDMAState *bm = &d->bmdma[i];
2221 d->ide_if[2 * i].bmdma = bm;
2222 d->ide_if[2 * i + 1].bmdma = bm;
2223 bm->pci_dev = (PCIIDEState *)pci_dev;
2225 register_ioport_write(addr, 1, 1, bmdma_cmd_writeb, bm);
2227 register_ioport_write(addr + 1, 3, 1, bmdma_writeb, bm);
2228 register_ioport_read(addr, 4, 1, bmdma_readb, bm);
2230 register_ioport_write(addr + 4, 4, 4, bmdma_addr_writel, bm);
2231 register_ioport_read(addr + 4, 4, 4, bmdma_addr_readl, bm);
2236 /* XXX: call it also when the MRDMODE is changed from the PCI config
2238 static void cmd646_update_irq(PCIIDEState *d)
2241 pci_level = ((d->dev.config[MRDMODE] & MRDMODE_INTR_CH0) &&
2242 !(d->dev.config[MRDMODE] & MRDMODE_BLK_CH0)) ||
2243 ((d->dev.config[MRDMODE] & MRDMODE_INTR_CH1) &&
2244 !(d->dev.config[MRDMODE] & MRDMODE_BLK_CH1));
2245 pci_set_irq((PCIDevice *)d, 0, pci_level);
2248 /* the PCI irq level is the logical OR of the two channels */
2249 static void cmd646_set_irq(void *opaque, int channel, int level)
2251 PCIIDEState *d = opaque;
2254 irq_mask = MRDMODE_INTR_CH0 << channel;
2256 d->dev.config[MRDMODE] |= irq_mask;
2258 d->dev.config[MRDMODE] &= ~irq_mask;
2259 cmd646_update_irq(d);
2262 /* CMD646 PCI IDE controller */
2263 void pci_cmd646_ide_init(PCIBus *bus, BlockDriverState **hd_table,
2264 int secondary_ide_enabled)
2270 d = (PCIIDEState *)pci_register_device(bus, "CMD646 IDE",
2271 sizeof(PCIIDEState),
2274 d->type = IDE_TYPE_CMD646;
2275 pci_conf = d->dev.config;
2276 pci_conf[0x00] = 0x95; // CMD646
2277 pci_conf[0x01] = 0x10;
2278 pci_conf[0x02] = 0x46;
2279 pci_conf[0x03] = 0x06;
2281 pci_conf[0x08] = 0x07; // IDE controller revision
2282 pci_conf[0x09] = 0x8f;
2284 pci_conf[0x0a] = 0x01; // class_sub = PCI_IDE
2285 pci_conf[0x0b] = 0x01; // class_base = PCI_mass_storage
2286 pci_conf[0x0e] = 0x00; // header_type
2288 if (secondary_ide_enabled) {
2289 /* XXX: if not enabled, really disable the seconday IDE controller */
2290 pci_conf[0x51] = 0x80; /* enable IDE1 */
2293 pci_register_io_region((PCIDevice *)d, 0, 0x8,
2294 PCI_ADDRESS_SPACE_IO, ide_map);
2295 pci_register_io_region((PCIDevice *)d, 1, 0x4,
2296 PCI_ADDRESS_SPACE_IO, ide_map);
2297 pci_register_io_region((PCIDevice *)d, 2, 0x8,
2298 PCI_ADDRESS_SPACE_IO, ide_map);
2299 pci_register_io_region((PCIDevice *)d, 3, 0x4,
2300 PCI_ADDRESS_SPACE_IO, ide_map);
2301 pci_register_io_region((PCIDevice *)d, 4, 0x10,
2302 PCI_ADDRESS_SPACE_IO, bmdma_map);
2304 pci_conf[0x3d] = 0x01; // interrupt on pin 1
2306 for(i = 0; i < 4; i++)
2307 d->ide_if[i].pci_dev = (PCIDevice *)d;
2308 ide_init2(&d->ide_if[0], hd_table[0], hd_table[1],
2309 cmd646_set_irq, d, 0);
2310 ide_init2(&d->ide_if[2], hd_table[2], hd_table[3],
2311 cmd646_set_irq, d, 1);
2314 /* hd_table must contain 4 block drivers */
2315 /* NOTE: for the PIIX3, the IRQs and IOports are hardcoded */
2316 void pci_piix3_ide_init(PCIBus *bus, BlockDriverState **hd_table)
2321 /* register a function 1 of PIIX3 */
2322 d = (PCIIDEState *)pci_register_device(bus, "PIIX3 IDE",
2323 sizeof(PCIIDEState),
2324 ((PCIDevice *)piix3_state)->devfn + 1,
2326 d->type = IDE_TYPE_PIIX3;
2328 pci_conf = d->dev.config;
2329 pci_conf[0x00] = 0x86; // Intel
2330 pci_conf[0x01] = 0x80;
2331 pci_conf[0x02] = 0x10;
2332 pci_conf[0x03] = 0x70;
2333 pci_conf[0x0a] = 0x01; // class_sub = PCI_IDE
2334 pci_conf[0x0b] = 0x01; // class_base = PCI_mass_storage
2335 pci_conf[0x0e] = 0x00; // header_type
2337 pci_register_io_region((PCIDevice *)d, 4, 0x10,
2338 PCI_ADDRESS_SPACE_IO, bmdma_map);
2340 ide_init2(&d->ide_if[0], hd_table[0], hd_table[1],
2341 pic_set_irq_new, isa_pic, 14);
2342 ide_init2(&d->ide_if[2], hd_table[2], hd_table[3],
2343 pic_set_irq_new, isa_pic, 15);
2344 ide_init_ioport(&d->ide_if[0], 0x1f0, 0x3f6);
2345 ide_init_ioport(&d->ide_if[2], 0x170, 0x376);
2348 /***********************************************************/
2349 /* MacIO based PowerPC IDE */
2351 /* PowerMac IDE memory IO */
2352 static void pmac_ide_writeb (void *opaque,
2353 target_phys_addr_t addr, uint32_t val)
2355 addr = (addr & 0xFFF) >> 4;
2358 ide_ioport_write(opaque, addr, val);
2362 ide_cmd_write(opaque, 0, val);
2369 static uint32_t pmac_ide_readb (void *opaque,target_phys_addr_t addr)
2373 addr = (addr & 0xFFF) >> 4;
2376 retval = ide_ioport_read(opaque, addr);
2380 retval = ide_status_read(opaque, 0);
2389 static void pmac_ide_writew (void *opaque,
2390 target_phys_addr_t addr, uint32_t val)
2392 addr = (addr & 0xFFF) >> 4;
2393 #ifdef TARGET_WORDS_BIGENDIAN
2397 ide_data_writew(opaque, 0, val);
2401 static uint32_t pmac_ide_readw (void *opaque,target_phys_addr_t addr)
2405 addr = (addr & 0xFFF) >> 4;
2407 retval = ide_data_readw(opaque, 0);
2411 #ifdef TARGET_WORDS_BIGENDIAN
2412 retval = bswap16(retval);
2417 static void pmac_ide_writel (void *opaque,
2418 target_phys_addr_t addr, uint32_t val)
2420 addr = (addr & 0xFFF) >> 4;
2421 #ifdef TARGET_WORDS_BIGENDIAN
2425 ide_data_writel(opaque, 0, val);
2429 static uint32_t pmac_ide_readl (void *opaque,target_phys_addr_t addr)
2433 addr = (addr & 0xFFF) >> 4;
2435 retval = ide_data_readl(opaque, 0);
2437 retval = 0xFFFFFFFF;
2439 #ifdef TARGET_WORDS_BIGENDIAN
2440 retval = bswap32(retval);
2445 static CPUWriteMemoryFunc *pmac_ide_write[] = {
2451 static CPUReadMemoryFunc *pmac_ide_read[] = {
2457 /* hd_table must contain 4 block drivers */
2458 /* PowerMac uses memory mapped registers, not I/O. Return the memory
2459 I/O index to access the ide. */
2460 int pmac_ide_init (BlockDriverState **hd_table,
2461 SetIRQFunc *set_irq, void *irq_opaque, int irq)
2464 int pmac_ide_memory;
2466 ide_if = qemu_mallocz(sizeof(IDEState) * 2);
2467 ide_init2(&ide_if[0], hd_table[0], hd_table[1],
2468 set_irq, irq_opaque, irq);
2470 pmac_ide_memory = cpu_register_io_memory(0, pmac_ide_read,
2471 pmac_ide_write, &ide_if[0]);
2472 return pmac_ide_memory;
projects / qemu / blob