2 * QEMU IDE disk and CD-ROM Emulator
4 * Copyright (c) 2003 Fabrice Bellard
6 * Permission is hereby granted, free of charge, to any person obtaining a copy
7 * of this software and associated documentation files (the "Software"), to deal
8 * in the Software without restriction, including without limitation the rights
9 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
10 * copies of the Software, and to permit persons to whom the Software is
11 * furnished to do so, subject to the following conditions:
13 * The above copyright notice and this permission notice shall be included in
14 * all copies or substantial portions of the Software.
16 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
17 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
18 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
19 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
20 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
21 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
26 /* debug IDE devices */
28 //#define DEBUG_IDE_ATAPI
30 /* Bits of HD_STATUS */
32 #define INDEX_STAT 0x02
33 #define ECC_STAT 0x04 /* Corrected error */
35 #define SEEK_STAT 0x10
37 #define WRERR_STAT 0x20
38 #define READY_STAT 0x40
39 #define BUSY_STAT 0x80
41 /* Bits for HD_ERROR */
42 #define MARK_ERR 0x01 /* Bad address mark */
43 #define TRK0_ERR 0x02 /* couldn't find track 0 */
44 #define ABRT_ERR 0x04 /* Command aborted */
45 #define MCR_ERR 0x08 /* media change request */
46 #define ID_ERR 0x10 /* ID field not found */
47 #define MC_ERR 0x20 /* media changed */
48 #define ECC_ERR 0x40 /* Uncorrectable ECC error */
49 #define BBD_ERR 0x80 /* pre-EIDE meaning: block marked bad */
50 #define ICRC_ERR 0x80 /* new meaning: CRC error during transfer */
52 /* Bits of HD_NSECTOR */
58 #define IDE_CMD_RESET 0x04
59 #define IDE_CMD_DISABLE_IRQ 0x02
61 /* ATA/ATAPI Commands pre T13 Spec */
66 #define CFA_REQ_EXT_ERROR_CODE 0x03 /* CFA Request Extended Error Code */
70 #define WIN_SRST 0x08 /* ATAPI soft reset command */
71 #define WIN_DEVICE_RESET 0x08
75 #define WIN_RECAL 0x10
76 #define WIN_RESTORE WIN_RECAL
80 #define WIN_READ 0x20 /* 28-Bit */
81 #define WIN_READ_ONCE 0x21 /* 28-Bit without retries */
82 #define WIN_READ_LONG 0x22 /* 28-Bit */
83 #define WIN_READ_LONG_ONCE 0x23 /* 28-Bit without retries */
84 #define WIN_READ_EXT 0x24 /* 48-Bit */
85 #define WIN_READDMA_EXT 0x25 /* 48-Bit */
86 #define WIN_READDMA_QUEUED_EXT 0x26 /* 48-Bit */
87 #define WIN_READ_NATIVE_MAX_EXT 0x27 /* 48-Bit */
91 #define WIN_MULTREAD_EXT 0x29 /* 48-Bit */
95 #define WIN_WRITE 0x30 /* 28-Bit */
96 #define WIN_WRITE_ONCE 0x31 /* 28-Bit without retries */
97 #define WIN_WRITE_LONG 0x32 /* 28-Bit */
98 #define WIN_WRITE_LONG_ONCE 0x33 /* 28-Bit without retries */
99 #define WIN_WRITE_EXT 0x34 /* 48-Bit */
100 #define WIN_WRITEDMA_EXT 0x35 /* 48-Bit */
101 #define WIN_WRITEDMA_QUEUED_EXT 0x36 /* 48-Bit */
102 #define WIN_SET_MAX_EXT 0x37 /* 48-Bit */
103 #define CFA_WRITE_SECT_WO_ERASE 0x38 /* CFA Write Sectors without erase */
104 #define WIN_MULTWRITE_EXT 0x39 /* 48-Bit */
106 * 0x3A->0x3B Reserved
108 #define WIN_WRITE_VERIFY 0x3C /* 28-Bit */
110 * 0x3D->0x3F Reserved
112 #define WIN_VERIFY 0x40 /* 28-Bit - Read Verify Sectors */
113 #define WIN_VERIFY_ONCE 0x41 /* 28-Bit - without retries */
114 #define WIN_VERIFY_EXT 0x42 /* 48-Bit */
116 * 0x43->0x4F Reserved
118 #define WIN_FORMAT 0x50
120 * 0x51->0x5F Reserved
122 #define WIN_INIT 0x60
124 * 0x61->0x5F Reserved
126 #define WIN_SEEK 0x70 /* 0x70-0x7F Reserved */
127 #define CFA_TRANSLATE_SECTOR 0x87 /* CFA Translate Sector */
128 #define WIN_DIAGNOSE 0x90
129 #define WIN_SPECIFY 0x91 /* set drive geometry translation */
130 #define WIN_DOWNLOAD_MICROCODE 0x92
131 #define WIN_STANDBYNOW2 0x94
132 #define WIN_STANDBY2 0x96
133 #define WIN_SETIDLE2 0x97
134 #define WIN_CHECKPOWERMODE2 0x98
135 #define WIN_SLEEPNOW2 0x99
139 #define WIN_PACKETCMD 0xA0 /* Send a packet command. */
140 #define WIN_PIDENTIFY 0xA1 /* identify ATAPI device */
141 #define WIN_QUEUED_SERVICE 0xA2
142 #define WIN_SMART 0xB0 /* self-monitoring and reporting */
143 #define CFA_ERASE_SECTORS 0xC0
144 #define WIN_MULTREAD 0xC4 /* read sectors using multiple mode*/
145 #define WIN_MULTWRITE 0xC5 /* write sectors using multiple mode */
146 #define WIN_SETMULT 0xC6 /* enable/disable multiple mode */
147 #define WIN_READDMA_QUEUED 0xC7 /* read sectors using Queued DMA transfers */
148 #define WIN_READDMA 0xC8 /* read sectors using DMA transfers */
149 #define WIN_READDMA_ONCE 0xC9 /* 28-Bit - without retries */
150 #define WIN_WRITEDMA 0xCA /* write sectors using DMA transfers */
151 #define WIN_WRITEDMA_ONCE 0xCB /* 28-Bit - without retries */
152 #define WIN_WRITEDMA_QUEUED 0xCC /* write sectors using Queued DMA transfers */
153 #define CFA_WRITE_MULTI_WO_ERASE 0xCD /* CFA Write multiple without erase */
154 #define WIN_GETMEDIASTATUS 0xDA
155 #define WIN_ACKMEDIACHANGE 0xDB /* ATA-1, ATA-2 vendor */
156 #define WIN_POSTBOOT 0xDC
157 #define WIN_PREBOOT 0xDD
158 #define WIN_DOORLOCK 0xDE /* lock door on removable drives */
159 #define WIN_DOORUNLOCK 0xDF /* unlock door on removable drives */
160 #define WIN_STANDBYNOW1 0xE0
161 #define WIN_IDLEIMMEDIATE 0xE1 /* force drive to become "ready" */
162 #define WIN_STANDBY 0xE2 /* Set device in Standby Mode */
163 #define WIN_SETIDLE1 0xE3
164 #define WIN_READ_BUFFER 0xE4 /* force read only 1 sector */
165 #define WIN_CHECKPOWERMODE1 0xE5
166 #define WIN_SLEEPNOW1 0xE6
167 #define WIN_FLUSH_CACHE 0xE7
168 #define WIN_WRITE_BUFFER 0xE8 /* force write only 1 sector */
169 #define WIN_WRITE_SAME 0xE9 /* read ata-2 to use */
170 /* SET_FEATURES 0x22 or 0xDD */
171 #define WIN_FLUSH_CACHE_EXT 0xEA /* 48-Bit */
172 #define WIN_IDENTIFY 0xEC /* ask drive to identify itself */
173 #define WIN_MEDIAEJECT 0xED
174 #define WIN_IDENTIFY_DMA 0xEE /* same as WIN_IDENTIFY, but DMA */
175 #define WIN_SETFEATURES 0xEF /* set special drive features */
176 #define EXABYTE_ENABLE_NEST 0xF0
177 #define WIN_SECURITY_SET_PASS 0xF1
178 #define WIN_SECURITY_UNLOCK 0xF2
179 #define WIN_SECURITY_ERASE_PREPARE 0xF3
180 #define WIN_SECURITY_ERASE_UNIT 0xF4
181 #define WIN_SECURITY_FREEZE_LOCK 0xF5
182 #define WIN_SECURITY_DISABLE 0xF6
183 #define WIN_READ_NATIVE_MAX 0xF8 /* return the native maximum address */
184 #define WIN_SET_MAX 0xF9
185 #define DISABLE_SEAGATE 0xFB
187 /* set to 1 set disable mult support */
188 #define MAX_MULT_SECTORS 8
192 #define ATAPI_PACKET_SIZE 12
194 /* The generic packet command opcodes for CD/DVD Logical Units,
195 * From Table 57 of the SFF8090 Ver. 3 (Mt. Fuji) draft standard. */
196 #define GPCMD_BLANK 0xa1
197 #define GPCMD_CLOSE_TRACK 0x5b
198 #define GPCMD_FLUSH_CACHE 0x35
199 #define GPCMD_FORMAT_UNIT 0x04
200 #define GPCMD_GET_CONFIGURATION 0x46
201 #define GPCMD_GET_EVENT_STATUS_NOTIFICATION 0x4a
202 #define GPCMD_GET_PERFORMANCE 0xac
203 #define GPCMD_INQUIRY 0x12
204 #define GPCMD_LOAD_UNLOAD 0xa6
205 #define GPCMD_MECHANISM_STATUS 0xbd
206 #define GPCMD_MODE_SELECT_10 0x55
207 #define GPCMD_MODE_SENSE_10 0x5a
208 #define GPCMD_PAUSE_RESUME 0x4b
209 #define GPCMD_PLAY_AUDIO_10 0x45
210 #define GPCMD_PLAY_AUDIO_MSF 0x47
211 #define GPCMD_PLAY_AUDIO_TI 0x48
212 #define GPCMD_PLAY_CD 0xbc
213 #define GPCMD_PREVENT_ALLOW_MEDIUM_REMOVAL 0x1e
214 #define GPCMD_READ_10 0x28
215 #define GPCMD_READ_12 0xa8
216 #define GPCMD_READ_CDVD_CAPACITY 0x25
217 #define GPCMD_READ_CD 0xbe
218 #define GPCMD_READ_CD_MSF 0xb9
219 #define GPCMD_READ_DISC_INFO 0x51
220 #define GPCMD_READ_DVD_STRUCTURE 0xad
221 #define GPCMD_READ_FORMAT_CAPACITIES 0x23
222 #define GPCMD_READ_HEADER 0x44
223 #define GPCMD_READ_TRACK_RZONE_INFO 0x52
224 #define GPCMD_READ_SUBCHANNEL 0x42
225 #define GPCMD_READ_TOC_PMA_ATIP 0x43
226 #define GPCMD_REPAIR_RZONE_TRACK 0x58
227 #define GPCMD_REPORT_KEY 0xa4
228 #define GPCMD_REQUEST_SENSE 0x03
229 #define GPCMD_RESERVE_RZONE_TRACK 0x53
230 #define GPCMD_SCAN 0xba
231 #define GPCMD_SEEK 0x2b
232 #define GPCMD_SEND_DVD_STRUCTURE 0xad
233 #define GPCMD_SEND_EVENT 0xa2
234 #define GPCMD_SEND_KEY 0xa3
235 #define GPCMD_SEND_OPC 0x54
236 #define GPCMD_SET_READ_AHEAD 0xa7
237 #define GPCMD_SET_STREAMING 0xb6
238 #define GPCMD_START_STOP_UNIT 0x1b
239 #define GPCMD_STOP_PLAY_SCAN 0x4e
240 #define GPCMD_TEST_UNIT_READY 0x00
241 #define GPCMD_VERIFY_10 0x2f
242 #define GPCMD_WRITE_10 0x2a
243 #define GPCMD_WRITE_AND_VERIFY_10 0x2e
244 /* This is listed as optional in ATAPI 2.6, but is (curiously)
245 * missing from Mt. Fuji, Table 57. It _is_ mentioned in Mt. Fuji
246 * Table 377 as an MMC command for SCSi devices though... Most ATAPI
247 * drives support it. */
248 #define GPCMD_SET_SPEED 0xbb
249 /* This seems to be a SCSI specific CD-ROM opcode
250 * to play data at track/index */
251 #define GPCMD_PLAYAUDIO_TI 0x48
253 * From MS Media Status Notification Support Specification. For
256 #define GPCMD_GET_MEDIA_STATUS 0xda
258 /* Mode page codes for mode sense/set */
259 #define GPMODE_R_W_ERROR_PAGE 0x01
260 #define GPMODE_WRITE_PARMS_PAGE 0x05
261 #define GPMODE_AUDIO_CTL_PAGE 0x0e
262 #define GPMODE_POWER_PAGE 0x1a
263 #define GPMODE_FAULT_FAIL_PAGE 0x1c
264 #define GPMODE_TO_PROTECT_PAGE 0x1d
265 #define GPMODE_CAPABILITIES_PAGE 0x2a
266 #define GPMODE_ALL_PAGES 0x3f
267 /* Not in Mt. Fuji, but in ATAPI 2.6 -- depricated now in favor
268 * of MODE_SENSE_POWER_PAGE */
269 #define GPMODE_CDROM_PAGE 0x0d
271 #define ATAPI_INT_REASON_CD 0x01 /* 0 = data transfer */
272 #define ATAPI_INT_REASON_IO 0x02 /* 1 = transfer to the host */
273 #define ATAPI_INT_REASON_REL 0x04
274 #define ATAPI_INT_REASON_TAG 0xf8
276 /* same constants as bochs */
277 #define ASC_ILLEGAL_OPCODE 0x20
278 #define ASC_LOGICAL_BLOCK_OOR 0x21
279 #define ASC_INV_FIELD_IN_CMD_PACKET 0x24
280 #define ASC_MEDIUM_NOT_PRESENT 0x3a
281 #define ASC_SAVING_PARAMETERS_NOT_SUPPORTED 0x39
284 #define SENSE_NOT_READY 2
285 #define SENSE_ILLEGAL_REQUEST 5
286 #define SENSE_UNIT_ATTENTION 6
290 typedef void EndTransferFunc(struct IDEState *);
292 /* NOTE: IDEState represents in fact one drive */
293 typedef struct IDEState {
296 int cylinders, heads, sectors;
304 uint16_t nsector; /* 0 is 256 to ease computations */
310 /* 0x3f6 command, only meaningful for drive 0 */
312 /* depends on bit 4 in select, only meaningful for drive 0 */
313 struct IDEState *cur_drive;
314 BlockDriverState *bs;
318 int packet_transfer_size;
319 int elementary_transfer_size;
322 /* transfer handling */
323 int req_nb_sectors; /* number of sectors per interrupt */
324 EndTransferFunc *end_transfer_func;
327 uint8_t io_buffer[MAX_MULT_SECTORS*512 + 4];
330 static void padstr(char *str, const char *src, int len)
333 for(i = 0; i < len; i++) {
338 *(char *)((long)str ^ 1) = v;
343 static void padstr8(uint8_t *buf, int buf_size, const char *src)
346 for(i = 0; i < buf_size; i++) {
354 static void put_le16(uint16_t *p, unsigned int v)
359 static void ide_identify(IDEState *s)
362 unsigned int oldsize;
365 memset(s->io_buffer, 0, 512);
366 p = (uint16_t *)s->io_buffer;
367 put_le16(p + 0, 0x0040);
368 put_le16(p + 1, s->cylinders);
369 put_le16(p + 3, s->heads);
370 put_le16(p + 4, 512 * s->sectors); /* XXX: retired, remove ? */
371 put_le16(p + 5, 512); /* XXX: retired, remove ? */
372 put_le16(p + 6, s->sectors);
373 snprintf(buf, sizeof(buf), "QM%05d", s->drive_serial);
374 padstr((uint8_t *)(p + 10), buf, 20); /* serial number */
375 put_le16(p + 20, 3); /* XXX: retired, remove ? */
376 put_le16(p + 21, 512); /* cache size in sectors */
377 put_le16(p + 22, 4); /* ecc bytes */
378 padstr((uint8_t *)(p + 23), QEMU_VERSION, 8); /* firmware version */
379 padstr((uint8_t *)(p + 27), "QEMU HARDDISK", 40); /* model */
380 #if MAX_MULT_SECTORS > 1
381 put_le16(p + 47, 0x8000 | MAX_MULT_SECTORS);
383 put_le16(p + 48, 1); /* dword I/O */
384 put_le16(p + 49, 1 << 9); /* LBA supported, no DMA */
385 put_le16(p + 51, 0x200); /* PIO transfer cycle */
386 put_le16(p + 52, 0x200); /* DMA transfer cycle */
387 put_le16(p + 53, 1); /* words 54-58 are valid */
388 put_le16(p + 54, s->cylinders);
389 put_le16(p + 55, s->heads);
390 put_le16(p + 56, s->sectors);
391 oldsize = s->cylinders * s->heads * s->sectors;
392 put_le16(p + 57, oldsize);
393 put_le16(p + 58, oldsize >> 16);
395 put_le16(p + 59, 0x100 | s->mult_sectors);
396 put_le16(p + 60, s->nb_sectors);
397 put_le16(p + 61, s->nb_sectors >> 16);
398 put_le16(p + 80, (1 << 1) | (1 << 2));
399 put_le16(p + 82, (1 << 14));
400 put_le16(p + 83, (1 << 14));
401 put_le16(p + 84, (1 << 14));
402 put_le16(p + 85, (1 << 14));
404 put_le16(p + 87, (1 << 14));
407 static void ide_atapi_identify(IDEState *s)
412 memset(s->io_buffer, 0, 512);
413 p = (uint16_t *)s->io_buffer;
414 /* Removable CDROM, 50us response, 12 byte packets */
415 put_le16(p + 0, (2 << 14) | (5 << 8) | (1 << 7) | (2 << 5) | (0 << 0));
416 snprintf(buf, sizeof(buf), "QM%05d", s->drive_serial);
417 padstr((uint8_t *)(p + 10), buf, 20); /* serial number */
418 put_le16(p + 20, 3); /* buffer type */
419 put_le16(p + 21, 512); /* cache size in sectors */
420 put_le16(p + 22, 4); /* ecc bytes */
421 padstr((uint8_t *)(p + 23), QEMU_VERSION, 8); /* firmware version */
422 padstr((uint8_t *)(p + 27), "QEMU CD-ROM", 40); /* model */
423 put_le16(p + 48, 1); /* dword I/O (XXX: should not be set on CDROM) */
424 put_le16(p + 49, 1 << 9); /* LBA supported, no DMA */
425 put_le16(p + 53, 3); /* words 64-70, 54-58 valid */
426 put_le16(p + 63, 0x103); /* DMA modes XXX: may be incorrect */
427 put_le16(p + 64, 1); /* PIO modes */
428 put_le16(p + 65, 0xb4); /* minimum DMA multiword tx cycle time */
429 put_le16(p + 66, 0xb4); /* recommended DMA multiword tx cycle time */
430 put_le16(p + 67, 0x12c); /* minimum PIO cycle time without flow control */
431 put_le16(p + 68, 0xb4); /* minimum PIO cycle time with IORDY flow control */
433 put_le16(p + 71, 30); /* in ns */
434 put_le16(p + 72, 30); /* in ns */
436 put_le16(p + 80, 0x1e); /* support up to ATA/ATAPI-4 */
439 static void ide_set_signature(IDEState *s)
441 s->select &= 0xf0; /* clear head */
457 static inline void ide_abort_command(IDEState *s)
459 s->status = READY_STAT | ERR_STAT;
463 static inline void ide_set_irq(IDEState *s)
465 if (!(s->cmd & IDE_CMD_DISABLE_IRQ)) {
466 pic_set_irq(s->irq, 1);
470 /* prepare data transfer and tell what to do after */
471 static void ide_transfer_start(IDEState *s, uint8_t *buf, int size,
472 EndTransferFunc *end_transfer_func)
474 s->end_transfer_func = end_transfer_func;
476 s->data_end = buf + size;
477 s->status |= DRQ_STAT;
480 static void ide_transfer_stop(IDEState *s)
482 s->end_transfer_func = ide_transfer_stop;
483 s->data_ptr = s->io_buffer;
484 s->data_end = s->io_buffer;
485 s->status &= ~DRQ_STAT;
488 static int64_t ide_get_sector(IDEState *s)
491 if (s->select & 0x40) {
493 sector_num = ((s->select & 0x0f) << 24) | (s->hcyl << 16) |
494 (s->lcyl << 8) | s->sector;
496 sector_num = ((s->hcyl << 8) | s->lcyl) * s->heads * s->sectors +
497 (s->select & 0x0f) * s->sectors +
503 static void ide_set_sector(IDEState *s, int64_t sector_num)
506 if (s->select & 0x40) {
507 s->select = (s->select & 0xf0) | (sector_num >> 24);
508 s->hcyl = (sector_num >> 16);
509 s->lcyl = (sector_num >> 8);
510 s->sector = (sector_num);
512 cyl = sector_num / (s->heads * s->sectors);
513 r = sector_num % (s->heads * s->sectors);
516 s->select = (s->select & 0xf0) | ((r / s->sectors) & 0x0f);
517 s->sector = (r % s->sectors) + 1;
521 static void ide_sector_read(IDEState *s)
526 s->status = READY_STAT | SEEK_STAT;
527 s->error = 0; /* not needed by IDE spec, but needed by Windows */
528 sector_num = ide_get_sector(s);
531 /* no more sector to read from disk */
532 ide_transfer_stop(s);
534 #if defined(DEBUG_IDE)
535 printf("read sector=%Ld\n", sector_num);
537 if (n > s->req_nb_sectors)
538 n = s->req_nb_sectors;
539 ret = bdrv_read(s->bs, sector_num, s->io_buffer, n);
540 ide_transfer_start(s, s->io_buffer, 512 * n, ide_sector_read);
542 ide_set_sector(s, sector_num + n);
547 static void ide_sector_write(IDEState *s)
552 s->status = READY_STAT | SEEK_STAT;
553 sector_num = ide_get_sector(s);
554 #if defined(DEBUG_IDE)
555 printf("write sector=%Ld\n", sector_num);
558 if (n > s->req_nb_sectors)
559 n = s->req_nb_sectors;
560 ret = bdrv_write(s->bs, sector_num, s->io_buffer, n);
562 if (s->nsector == 0) {
563 /* no more sector to write */
564 ide_transfer_stop(s);
567 if (n1 > s->req_nb_sectors)
568 n1 = s->req_nb_sectors;
569 ide_transfer_start(s, s->io_buffer, 512 * n1, ide_sector_write);
571 ide_set_sector(s, sector_num + n);
575 static void ide_atapi_cmd_ok(IDEState *s)
578 s->status = READY_STAT;
579 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
583 static void ide_atapi_cmd_error(IDEState *s, int sense_key, int asc)
585 #ifdef DEBUG_IDE_ATAPI
586 printf("atapi_cmd_error: sense=0x%x asc=0x%x\n", sense_key, asc);
588 s->error = sense_key << 4;
589 s->status = READY_STAT | ERR_STAT;
590 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
591 s->sense_key = sense_key;
596 static inline void cpu_to_ube16(uint8_t *buf, int val)
602 static inline void cpu_to_ube32(uint8_t *buf, unsigned int val)
610 static inline int ube16_to_cpu(const uint8_t *buf)
612 return (buf[0] << 8) | buf[1];
615 static inline int ube32_to_cpu(const uint8_t *buf)
617 return (buf[0] << 24) | (buf[1] << 16) | (buf[2] << 8) | buf[3];
620 /* The whole ATAPI transfer logic is handled in this function */
621 static void ide_atapi_cmd_reply_end(IDEState *s)
623 int byte_count_limit, size;
624 #ifdef DEBUG_IDE_ATAPI
625 printf("reply: tx_size=%d elem_tx_size=%d index=%d\n",
626 s->packet_transfer_size,
627 s->elementary_transfer_size,
630 if (s->packet_transfer_size <= 0) {
631 /* end of transfer */
632 ide_transfer_stop(s);
633 s->status = READY_STAT;
634 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
636 #ifdef DEBUG_IDE_ATAPI
637 printf("status=0x%x\n", s->status);
640 /* see if a new sector must be read */
641 if (s->lba != -1 && s->io_buffer_index >= 2048) {
642 bdrv_read(s->bs, (int64_t)s->lba << 2, s->io_buffer, 4);
644 s->io_buffer_index = 0;
646 if (s->elementary_transfer_size > 0) {
647 /* there are some data left to transmit in this elementary
649 size = 2048 - s->io_buffer_index;
650 if (size > s->elementary_transfer_size)
651 size = s->elementary_transfer_size;
652 ide_transfer_start(s, s->io_buffer + s->io_buffer_index,
653 size, ide_atapi_cmd_reply_end);
654 s->packet_transfer_size -= size;
655 s->elementary_transfer_size -= size;
656 s->io_buffer_index += size;
658 /* a new transfer is needed */
659 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO;
660 byte_count_limit = s->lcyl | (s->hcyl << 8);
661 #ifdef DEBUG_IDE_ATAPI
662 printf("byte_count_limit=%d\n", byte_count_limit);
664 if (byte_count_limit == 0xffff)
666 size = s->packet_transfer_size;
667 if (size > byte_count_limit) {
668 /* byte count limit must be even if this case */
669 if (byte_count_limit & 1)
671 size = byte_count_limit;
675 s->elementary_transfer_size = size;
676 /* we cannot transmit more than one sector at a time */
678 if (size > (2048 - s->io_buffer_index))
679 size = (2048 - s->io_buffer_index);
681 ide_transfer_start(s, s->io_buffer + s->io_buffer_index,
682 size, ide_atapi_cmd_reply_end);
683 s->packet_transfer_size -= size;
684 s->elementary_transfer_size -= size;
685 s->io_buffer_index += size;
687 #ifdef DEBUG_IDE_ATAPI
688 printf("status=0x%x\n", s->status);
694 /* send a reply of 'size' bytes in s->io_buffer to an ATAPI command */
695 static void ide_atapi_cmd_reply(IDEState *s, int size, int max_size)
699 s->lba = -1; /* no sector read */
700 s->packet_transfer_size = size;
701 s->elementary_transfer_size = 0;
702 s->io_buffer_index = 0;
704 s->status = READY_STAT;
705 ide_atapi_cmd_reply_end(s);
708 /* start a CD-CDROM read command */
709 static void ide_atapi_cmd_read(IDEState *s, int lba, int nb_sectors)
711 #ifdef DEBUG_IDE_ATAPI
712 printf("read: LBA=%d nb_sectors=%d\n", lba, nb_sectors);
715 s->packet_transfer_size = nb_sectors * 2048;
716 s->elementary_transfer_size = 0;
717 s->io_buffer_index = 2048;
719 s->status = READY_STAT;
720 ide_atapi_cmd_reply_end(s);
723 /* same toc as bochs. Return -1 if error or the toc length */
724 static int cdrom_read_toc(IDEState *s, uint8_t *buf, int msf, int start_track)
729 if (start_track > 1 && start_track != 0xaa)
734 if (start_track <= 1) {
735 *q++ = 0; /* reserved */
736 *q++ = 0x14; /* ADR, control */
737 *q++ = 1; /* track number */
738 *q++ = 0; /* reserved */
740 *q++ = 0; /* reserved */
741 *q++ = 0; /* minute */
742 *q++ = 2; /* second */
743 *q++ = 0; /* frame */
751 *q++ = 0; /* reserved */
752 *q++ = 0x16; /* ADR, control */
753 *q++ = 0xaa; /* track number */
754 *q++ = 0; /* reserved */
755 nb_sectors = s->nb_sectors >> 2;
757 *q++ = 0; /* reserved */
758 *q++ = ((nb_sectors + 150) / 75) / 60;
759 *q++ = ((nb_sectors + 150) / 75) % 60;
760 *q++ = (nb_sectors + 150) % 75;
762 cpu_to_ube32(q, nb_sectors);
766 cpu_to_ube16(buf, len - 2);
770 static void ide_atapi_cmd(IDEState *s)
772 const uint8_t *packet;
776 packet = s->io_buffer;
778 #ifdef DEBUG_IDE_ATAPI
781 printf("ATAPI limit=0x%x packet:", s->lcyl | (s->hcyl << 8));
782 for(i = 0; i < ATAPI_PACKET_SIZE; i++) {
783 printf(" %02x", packet[i]);
788 switch(s->io_buffer[0]) {
789 case GPCMD_TEST_UNIT_READY:
790 if (bdrv_is_inserted(s->bs)) {
793 ide_atapi_cmd_error(s, SENSE_NOT_READY,
794 ASC_MEDIUM_NOT_PRESENT);
797 case GPCMD_MODE_SENSE_10:
800 max_len = ube16_to_cpu(packet + 7);
801 action = packet[2] >> 6;
802 code = packet[2] & 0x3f;
804 case 0: /* current values */
806 case 0x01: /* error recovery */
807 cpu_to_ube16(&buf[0], 16 + 6);
823 ide_atapi_cmd_reply(s, 16, max_len);
826 cpu_to_ube16(&buf[0], 28 + 6);
841 buf[14] = (1 << 0) | (1 << 3) | (1 << 5);
842 if (bdrv_is_locked(s->bs))
845 cpu_to_ube16(&buf[16], 706);
848 cpu_to_ube16(&buf[20], 512);
849 cpu_to_ube16(&buf[22], 706);
854 ide_atapi_cmd_reply(s, 28, max_len);
860 case 1: /* changeable values */
862 case 2: /* default values */
865 case 3: /* saved values */
866 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
867 ASC_SAVING_PARAMETERS_NOT_SUPPORTED);
872 case GPCMD_REQUEST_SENSE:
875 buf[0] = 0x70 | (1 << 7);
876 buf[2] = s->sense_key;
879 ide_atapi_cmd_reply(s, 18, max_len);
881 case GPCMD_PREVENT_ALLOW_MEDIUM_REMOVAL:
882 if (bdrv_is_inserted(s->bs)) {
883 bdrv_set_locked(s->bs, packet[4] & 1);
886 ide_atapi_cmd_error(s, SENSE_NOT_READY,
887 ASC_MEDIUM_NOT_PRESENT);
895 if (!bdrv_is_inserted(s->bs)) {
896 ide_atapi_cmd_error(s, SENSE_NOT_READY,
897 ASC_MEDIUM_NOT_PRESENT);
900 if (packet[0] == GPCMD_READ_10)
901 nb_sectors = ube16_to_cpu(packet + 7);
903 nb_sectors = ube32_to_cpu(packet + 6);
904 lba = ube32_to_cpu(packet + 2);
905 if (nb_sectors == 0) {
909 if (((int64_t)(lba + nb_sectors) << 2) > s->nb_sectors) {
910 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
911 ASC_LOGICAL_BLOCK_OOR);
914 ide_atapi_cmd_read(s, lba, nb_sectors);
920 if (!bdrv_is_inserted(s->bs)) {
921 ide_atapi_cmd_error(s, SENSE_NOT_READY,
922 ASC_MEDIUM_NOT_PRESENT);
925 lba = ube32_to_cpu(packet + 2);
926 if (((int64_t)lba << 2) > s->nb_sectors) {
927 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
928 ASC_LOGICAL_BLOCK_OOR);
934 case GPCMD_START_STOP_UNIT:
937 start = packet[4] & 1;
938 eject = (packet[4] >> 1) & 1;
940 if (eject && !start) {
947 case GPCMD_MECHANISM_STATUS:
949 max_len = ube16_to_cpu(packet + 8);
950 cpu_to_ube16(buf, 0);
956 cpu_to_ube16(buf + 6, 0);
957 ide_atapi_cmd_reply(s, 8, max_len);
960 case GPCMD_READ_TOC_PMA_ATIP:
962 int format, msf, start_track, len;
964 if (!bdrv_is_inserted(s->bs)) {
965 ide_atapi_cmd_error(s, SENSE_NOT_READY,
966 ASC_MEDIUM_NOT_PRESENT);
969 max_len = ube16_to_cpu(packet + 7);
970 format = packet[9] >> 6;
971 msf = (packet[1] >> 1) & 1;
972 start_track = packet[6];
975 len = cdrom_read_toc(s, buf, msf, start_track);
978 ide_atapi_cmd_reply(s, len, max_len);
981 /* multi session : only a single session defined */
986 ide_atapi_cmd_reply(s, 12, max_len);
990 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
991 ASC_INV_FIELD_IN_CMD_PACKET);
996 case GPCMD_READ_CDVD_CAPACITY:
997 if (!bdrv_is_inserted(s->bs)) {
998 ide_atapi_cmd_error(s, SENSE_NOT_READY,
999 ASC_MEDIUM_NOT_PRESENT);
1002 /* NOTE: it is really the number of sectors minus 1 */
1003 cpu_to_ube32(buf, (s->nb_sectors >> 2) - 1);
1004 cpu_to_ube32(buf + 4, 2048);
1005 ide_atapi_cmd_reply(s, 8, 8);
1008 max_len = packet[4];
1009 buf[0] = 0x05; /* CD-ROM */
1010 buf[1] = 0x80; /* removable */
1011 buf[2] = 0x00; /* ISO */
1012 buf[3] = 0x21; /* ATAPI-2 (XXX: put ATAPI-4 ?) */
1013 buf[4] = 31; /* additionnal length */
1014 buf[5] = 0; /* reserved */
1015 buf[6] = 0; /* reserved */
1016 buf[7] = 0; /* reserved */
1017 padstr8(buf + 8, 8, "QEMU");
1018 padstr8(buf + 16, 16, "QEMU CD-ROM");
1019 padstr8(buf + 32, 4, QEMU_VERSION);
1020 ide_atapi_cmd_reply(s, 36, max_len);
1023 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1024 ASC_ILLEGAL_OPCODE);
1029 /* called when the inserted state of the media has changed */
1030 static void cdrom_change_cb(void *opaque)
1032 IDEState *s = opaque;
1035 /* XXX: send interrupt too */
1036 bdrv_get_geometry(s->bs, &nb_sectors);
1037 s->nb_sectors = nb_sectors;
1040 static void ide_ioport_write(void *opaque, uint32_t addr, uint32_t val)
1042 IDEState *ide_if = opaque;
1047 printf("IDE: write addr=0x%x val=0x%02x\n", addr, val);
1054 /* NOTE: data is written to the two drives */
1055 ide_if[0].feature = val;
1056 ide_if[1].feature = val;
1061 ide_if[0].nsector = val;
1062 ide_if[1].nsector = val;
1065 ide_if[0].sector = val;
1066 ide_if[1].sector = val;
1069 ide_if[0].lcyl = val;
1070 ide_if[1].lcyl = val;
1073 ide_if[0].hcyl = val;
1074 ide_if[1].hcyl = val;
1077 ide_if[0].select = (val & ~0x10) | 0xa0;
1078 ide_if[1].select = (val | 0x10) | 0xa0;
1080 unit = (val >> 4) & 1;
1082 ide_if->cur_drive = s;
1087 #if defined(DEBUG_IDE)
1088 printf("ide: CMD=%02x\n", val);
1090 s = ide_if->cur_drive;
1091 /* ignore commands to non existant slave */
1092 if (s != ide_if && !s->bs)
1096 if (s->bs && !s->is_cdrom) {
1098 s->status = READY_STAT;
1099 ide_transfer_start(s, s->io_buffer, 512, ide_transfer_stop);
1102 ide_set_signature(s);
1104 ide_abort_command(s);
1111 s->status = READY_STAT;
1115 if (s->nsector > MAX_MULT_SECTORS ||
1117 (s->nsector & (s->nsector - 1)) != 0) {
1118 ide_abort_command(s);
1120 s->mult_sectors = s->nsector;
1121 s->status = READY_STAT;
1126 case WIN_VERIFY_ONCE:
1127 /* do sector number check ? */
1128 s->status = READY_STAT;
1135 s->req_nb_sectors = 1;
1139 case WIN_WRITE_ONCE:
1141 s->status = SEEK_STAT;
1142 s->req_nb_sectors = 1;
1143 ide_transfer_start(s, s->io_buffer, 512, ide_sector_write);
1146 if (!s->mult_sectors)
1148 s->req_nb_sectors = s->mult_sectors;
1152 if (!s->mult_sectors)
1155 s->status = SEEK_STAT;
1156 s->req_nb_sectors = s->mult_sectors;
1158 if (n > s->req_nb_sectors)
1159 n = s->req_nb_sectors;
1160 ide_transfer_start(s, s->io_buffer, 512 * n, ide_sector_write);
1162 case WIN_READ_NATIVE_MAX:
1163 ide_set_sector(s, s->nb_sectors - 1);
1164 s->status = READY_STAT;
1167 case WIN_CHECKPOWERMODE1:
1168 s->nsector = 0xff; /* device active or idle */
1169 s->status = READY_STAT;
1173 /* ATAPI commands */
1176 ide_atapi_identify(s);
1177 s->status = READY_STAT;
1178 ide_transfer_start(s, s->io_buffer, 512, ide_transfer_stop);
1180 ide_abort_command(s);
1187 ide_set_signature(s);
1188 s->status = 0x00; /* NOTE: READY is _not_ set */
1194 /* DMA or overlapping commands not supported */
1195 if ((s->feature & 0x03) != 0)
1198 ide_transfer_start(s, s->io_buffer, ATAPI_PACKET_SIZE,
1203 ide_abort_command(s);
1210 static uint32_t ide_ioport_read(void *opaque, uint32_t addr1)
1212 IDEState *ide_if = opaque;
1213 IDEState *s = ide_if->cur_drive;
1223 if (!ide_if[0].bs && !ide_if[1].bs)
1229 if (!ide_if[0].bs && !ide_if[1].bs)
1232 ret = s->nsector & 0xff;
1235 if (!ide_if[0].bs && !ide_if[1].bs)
1241 if (!ide_if[0].bs && !ide_if[1].bs)
1247 if (!ide_if[0].bs && !ide_if[1].bs)
1253 if (!ide_if[0].bs && !ide_if[1].bs)
1260 if ((!ide_if[0].bs && !ide_if[1].bs) ||
1261 (s != ide_if && !s->bs))
1265 pic_set_irq(s->irq, 0);
1269 printf("ide: read addr=0x%x val=%02x\n", addr1, ret);
1274 static uint32_t ide_status_read(void *opaque, uint32_t addr)
1276 IDEState *ide_if = opaque;
1277 IDEState *s = ide_if->cur_drive;
1280 if ((!ide_if[0].bs && !ide_if[1].bs) ||
1281 (s != ide_if && !s->bs))
1286 printf("ide: read status addr=0x%x val=%02x\n", addr, ret);
1291 static void ide_cmd_write(void *opaque, uint32_t addr, uint32_t val)
1293 IDEState *ide_if = opaque;
1298 printf("ide: write control addr=0x%x val=%02x\n", addr, val);
1300 /* common for both drives */
1301 if (!(ide_if[0].cmd & IDE_CMD_RESET) &&
1302 (val & IDE_CMD_RESET)) {
1303 /* reset low to high */
1304 for(i = 0;i < 2; i++) {
1306 s->status = BUSY_STAT | SEEK_STAT;
1309 } else if ((ide_if[0].cmd & IDE_CMD_RESET) &&
1310 !(val & IDE_CMD_RESET)) {
1312 for(i = 0;i < 2; i++) {
1315 s->status = 0x00; /* NOTE: READY is _not_ set */
1317 s->status = READY_STAT | SEEK_STAT;
1318 ide_set_signature(s);
1322 ide_if[0].cmd = val;
1323 ide_if[1].cmd = val;
1326 static void ide_data_writew(void *opaque, uint32_t addr, uint32_t val)
1328 IDEState *s = ((IDEState *)opaque)->cur_drive;
1332 *(uint16_t *)p = le16_to_cpu(val);
1335 if (p >= s->data_end)
1336 s->end_transfer_func(s);
1339 static uint32_t ide_data_readw(void *opaque, uint32_t addr)
1341 IDEState *s = ((IDEState *)opaque)->cur_drive;
1345 ret = cpu_to_le16(*(uint16_t *)p);
1348 if (p >= s->data_end)
1349 s->end_transfer_func(s);
1353 static void ide_data_writel(void *opaque, uint32_t addr, uint32_t val)
1355 IDEState *s = ((IDEState *)opaque)->cur_drive;
1359 *(uint32_t *)p = le32_to_cpu(val);
1362 if (p >= s->data_end)
1363 s->end_transfer_func(s);
1366 static uint32_t ide_data_readl(void *opaque, uint32_t addr)
1368 IDEState *s = ((IDEState *)opaque)->cur_drive;
1373 ret = cpu_to_le32(*(uint32_t *)p);
1376 if (p >= s->data_end)
1377 s->end_transfer_func(s);
1381 static void ide_reset(IDEState *s)
1383 s->mult_sectors = MAX_MULT_SECTORS;
1386 s->status = READY_STAT;
1387 ide_set_signature(s);
1391 uint8_t boot_ind; /* 0x80 - active */
1392 uint8_t head; /* starting head */
1393 uint8_t sector; /* starting sector */
1394 uint8_t cyl; /* starting cylinder */
1395 uint8_t sys_ind; /* What partition type */
1396 uint8_t end_head; /* end head */
1397 uint8_t end_sector; /* end sector */
1398 uint8_t end_cyl; /* end cylinder */
1399 uint32_t start_sect; /* starting sector counting from 0 */
1400 uint32_t nr_sects; /* nr of sectors in partition */
1401 } __attribute__((packed));
1403 /* try to guess the IDE geometry from the MSDOS partition table */
1404 static void ide_guess_geometry(IDEState *s)
1408 struct partition *p;
1411 if (s->cylinders != 0)
1413 ret = bdrv_read(s->bs, 0, buf, 1);
1416 /* test msdos magic */
1417 if (buf[510] != 0x55 || buf[511] != 0xaa)
1419 for(i = 0; i < 4; i++) {
1420 p = ((struct partition *)(buf + 0x1be)) + i;
1421 nr_sects = le32_to_cpu(p->nr_sects);
1422 if (nr_sects && p->end_head) {
1423 /* We make the assumption that the partition terminates on
1424 a cylinder boundary */
1425 s->heads = p->end_head + 1;
1426 s->sectors = p->end_sector & 63;
1427 s->cylinders = s->nb_sectors / (s->heads * s->sectors);
1429 printf("guessed partition: CHS=%d %d %d\n",
1430 s->cylinders, s->heads, s->sectors);
1436 static void ide_init2(IDEState *ide_state, int irq,
1437 BlockDriverState *hd0, BlockDriverState *hd1)
1440 static int drive_serial = 1;
1441 int i, cylinders, heads, secs;
1444 for(i = 0; i < 2; i++) {
1451 bdrv_get_geometry(s->bs, &nb_sectors);
1452 s->nb_sectors = nb_sectors;
1453 /* if a geometry hint is available, use it */
1454 bdrv_get_geometry_hint(s->bs, &cylinders, &heads, &secs);
1455 if (cylinders != 0) {
1456 s->cylinders = cylinders;
1460 ide_guess_geometry(s);
1461 if (s->cylinders == 0) {
1462 /* if no geometry, use a LBA compatible one */
1463 cylinders = nb_sectors / (16 * 63);
1464 if (cylinders > 16383)
1466 else if (cylinders < 2)
1468 s->cylinders = cylinders;
1473 if (bdrv_get_type_hint(s->bs) == BDRV_TYPE_CDROM) {
1475 bdrv_set_change_cb(s->bs, cdrom_change_cb, s);
1478 s->drive_serial = drive_serial++;
1484 /***********************************************************/
1485 /* ISA IDE definitions */
1487 void isa_ide_init(int iobase, int iobase2, int irq,
1488 BlockDriverState *hd0, BlockDriverState *hd1)
1490 IDEState *ide_state;
1492 ide_state = qemu_mallocz(sizeof(IDEState) * 2);
1496 ide_init2(ide_state, irq, hd0, hd1);
1498 register_ioport_write(iobase, 8, 1, ide_ioport_write, ide_state);
1499 register_ioport_read(iobase, 8, 1, ide_ioport_read, ide_state);
1501 register_ioport_read(iobase2, 1, 1, ide_status_read, ide_state);
1502 register_ioport_write(iobase2, 1, 1, ide_cmd_write, ide_state);
1506 register_ioport_write(iobase, 2, 2, ide_data_writew, ide_state);
1507 register_ioport_read(iobase, 2, 2, ide_data_readw, ide_state);
1508 register_ioport_write(iobase, 4, 4, ide_data_writel, ide_state);
1509 register_ioport_read(iobase, 4, 4, ide_data_readl, ide_state);
1512 /***********************************************************/
1513 /* PCI IDE definitions */
1515 typedef struct PCIIDEState {
1520 static void ide_map(PCIDevice *pci_dev, int region_num,
1521 uint32_t addr, uint32_t size, int type)
1523 PCIIDEState *d = (PCIIDEState *)pci_dev;
1524 IDEState *ide_state;
1526 if (region_num <= 3) {
1527 ide_state = &d->ide_if[(region_num >> 1) * 2];
1528 if (region_num & 1) {
1529 register_ioport_read(addr + 2, 1, 1, ide_status_read, ide_state);
1530 register_ioport_write(addr + 2, 1, 1, ide_cmd_write, ide_state);
1532 register_ioport_write(addr, 8, 1, ide_ioport_write, ide_state);
1533 register_ioport_read(addr, 8, 1, ide_ioport_read, ide_state);
1536 register_ioport_write(addr, 2, 2, ide_data_writew, ide_state);
1537 register_ioport_read(addr, 2, 2, ide_data_readw, ide_state);
1538 register_ioport_write(addr, 4, 4, ide_data_writel, ide_state);
1539 register_ioport_read(addr, 4, 4, ide_data_readl, ide_state);
1544 /* hd_table must contain 4 block drivers */
1545 void pci_ide_init(BlockDriverState **hd_table)
1550 d = (PCIIDEState *)pci_register_device("IDE", sizeof(PCIIDEState),
1553 pci_conf = d->dev.config;
1554 pci_conf[0x00] = 0x86; // Intel
1555 pci_conf[0x01] = 0x80;
1556 pci_conf[0x02] = 0x00; // fake
1557 pci_conf[0x03] = 0x01; // fake
1558 pci_conf[0x0a] = 0x01; // class_sub = PCI_IDE
1559 pci_conf[0x0b] = 0x01; // class_base = PCI_mass_storage
1560 pci_conf[0x0e] = 0x80; // header_type = PCI_multifunction, generic
1562 pci_conf[0x2c] = 0x86; // subsys vendor
1563 pci_conf[0x2d] = 0x80; // subsys vendor
1564 pci_conf[0x2e] = 0x00; // fake
1565 pci_conf[0x2f] = 0x01; // fake
1567 pci_register_io_region((PCIDevice *)d, 0, 0x8,
1568 PCI_ADDRESS_SPACE_IO, ide_map);
1569 pci_register_io_region((PCIDevice *)d, 1, 0x4,
1570 PCI_ADDRESS_SPACE_IO, ide_map);
1571 pci_register_io_region((PCIDevice *)d, 2, 0x8,
1572 PCI_ADDRESS_SPACE_IO, ide_map);
1573 pci_register_io_region((PCIDevice *)d, 3, 0x4,
1574 PCI_ADDRESS_SPACE_IO, ide_map);
1576 ide_init2(&d->ide_if[0], 14, hd_table[0], hd_table[1]);
1577 ide_init2(&d->ide_if[2], 15, hd_table[2], hd_table[3]);
projects / qemu / blob