4 * Copyright (c) 2005 Fabrice Bellard
6 * Permission is hereby granted, free of charge, to any person obtaining a copy
7 * of this software and associated documentation files (the "Software"), to deal
8 * in the Software without restriction, including without limitation the rights
9 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
10 * copies of the Software, and to permit persons to whom the Software is
11 * furnished to do so, subject to the following conditions:
13 * The above copyright notice and this permission notice shall be included in
14 * all copies or substantial portions of the Software.
16 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
17 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
18 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
19 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
20 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
21 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
30 #define DPRINTF(fmt, args...) \
31 do { printf("ESP: " fmt , ##args); } while (0)
32 #define pic_set_irq(irq, level) \
33 do { printf("ESP: set_irq(%d): %d\n", (irq), (level)); pic_set_irq((irq),(level));} while (0)
35 #define DPRINTF(fmt, args...)
39 #define ESPDMA_MAXADDR (ESPDMA_REGS * 4 - 1)
40 #define ESP_MAXREG 0x3f
41 #define TI_BUFSZ 65536
42 #define DMA_VER 0xa0000000
44 #define DMA_INTREN 0x10
45 #define DMA_LOADED 0x04000000
47 typedef struct ESPState {
48 BlockDriverState **bd;
49 uint8_t rregs[ESP_MAXREG];
50 uint8_t wregs[ESP_MAXREG];
52 uint32_t espdmaregs[ESPDMA_REGS];
54 uint32_t ti_rptr, ti_wptr;
56 uint8_t ti_buf[TI_BUFSZ];
78 /* XXX: stolen from ide.c, move to common ATAPI/SCSI library */
79 static void lba_to_msf(uint8_t *buf, int lba)
82 buf[0] = (lba / 75) / 60;
83 buf[1] = (lba / 75) % 60;
87 static inline void cpu_to_ube16(uint8_t *buf, int val)
93 static inline void cpu_to_ube32(uint8_t *buf, unsigned int val)
101 /* same toc as bochs. Return -1 if error or the toc length */
102 /* XXX: check this */
103 static int cdrom_read_toc(int nb_sectors, uint8_t *buf, int msf, int start_track)
108 if (start_track > 1 && start_track != 0xaa)
111 *q++ = 1; /* first session */
112 *q++ = 1; /* last session */
113 if (start_track <= 1) {
114 *q++ = 0; /* reserved */
115 *q++ = 0x14; /* ADR, control */
116 *q++ = 1; /* track number */
117 *q++ = 0; /* reserved */
119 *q++ = 0; /* reserved */
129 *q++ = 0; /* reserved */
130 *q++ = 0x16; /* ADR, control */
131 *q++ = 0xaa; /* track number */
132 *q++ = 0; /* reserved */
134 *q++ = 0; /* reserved */
135 lba_to_msf(q, nb_sectors);
138 cpu_to_ube32(q, nb_sectors);
142 cpu_to_ube16(buf, len - 2);
146 /* mostly same info as PearPc */
147 static int cdrom_read_toc_raw(int nb_sectors, uint8_t *buf, int msf,
154 *q++ = 1; /* first session */
155 *q++ = 1; /* last session */
157 *q++ = 1; /* session number */
158 *q++ = 0x14; /* data track */
159 *q++ = 0; /* track number */
160 *q++ = 0xa0; /* lead-in */
163 *q++ = 0; /* frame */
165 *q++ = 1; /* first track */
166 *q++ = 0x00; /* disk type */
169 *q++ = 1; /* session number */
170 *q++ = 0x14; /* data track */
171 *q++ = 0; /* track number */
175 *q++ = 0; /* frame */
177 *q++ = 1; /* last track */
181 *q++ = 1; /* session number */
182 *q++ = 0x14; /* data track */
183 *q++ = 0; /* track number */
184 *q++ = 0xa2; /* lead-out */
187 *q++ = 0; /* frame */
189 *q++ = 0; /* reserved */
190 lba_to_msf(q, nb_sectors);
193 cpu_to_ube32(q, nb_sectors);
197 *q++ = 1; /* session number */
198 *q++ = 0x14; /* ADR, control */
199 *q++ = 0; /* track number */
200 *q++ = 1; /* point */
203 *q++ = 0; /* frame */
216 cpu_to_ube16(buf, len - 2);
220 static void handle_satn(ESPState *s)
223 uint32_t dmaptr, dmalen;
228 dmalen = s->wregs[0] | (s->wregs[1] << 8);
229 target = s->wregs[4] & 7;
230 DPRINTF("Select with ATN len %d target %d\n", dmalen, target);
232 dmaptr = iommu_translate(s->espdmaregs[1]);
233 DPRINTF("DMA Direction: %c, addr 0x%8.8x\n", s->espdmaregs[0] & 0x100? 'w': 'r', dmaptr);
234 cpu_physical_memory_read(dmaptr, buf, dmalen);
237 memcpy(&buf[1], s->ti_buf, dmalen);
240 for (i = 0; i < dmalen; i++) {
241 DPRINTF("Command %2.2x\n", buf[i]);
248 if (target >= 4 || !s->bd[target]) { // No such drive
249 s->rregs[4] = STAT_IN;
250 s->rregs[5] = INTR_DC;
252 s->espdmaregs[0] |= DMA_INTR;
253 pic_set_irq(s->irq, 1);
258 DPRINTF("Test Unit Ready (len %d)\n", buf[5]);
261 DPRINTF("Inquiry (len %d)\n", buf[5]);
262 memset(s->ti_buf, 0, 36);
263 if (bdrv_get_type_hint(s->bd[target]) == BDRV_TYPE_CDROM) {
265 memcpy(&s->ti_buf[16], "QEMU CDROM ", 16);
268 memcpy(&s->ti_buf[16], "QEMU HARDDISK ", 16);
270 memcpy(&s->ti_buf[8], "QEMU ", 8);
278 DPRINTF("Mode Sense(6) (page %d, len %d)\n", buf[3], buf[5]);
281 DPRINTF("Read Capacity (len %d)\n", buf[5]);
282 memset(s->ti_buf, 0, 8);
283 bdrv_get_geometry(s->bd[target], &nb_sectors);
284 s->ti_buf[0] = (nb_sectors >> 24) & 0xff;
285 s->ti_buf[1] = (nb_sectors >> 16) & 0xff;
286 s->ti_buf[2] = (nb_sectors >> 8) & 0xff;
287 s->ti_buf[3] = nb_sectors & 0xff;
290 if (bdrv_get_type_hint(s->bd[target]) == BDRV_TYPE_CDROM)
291 s->ti_buf[6] = 8; // sector size 2048
293 s->ti_buf[6] = 2; // sector size 512
302 if (bdrv_get_type_hint(s->bd[target]) == BDRV_TYPE_CDROM) {
303 offset = ((buf[3] << 24) | (buf[4] << 16) | (buf[5] << 8) | buf[6]) * 4;
304 len = ((buf[8] << 8) | buf[9]) * 4;
305 s->ti_size = len * 2048;
307 offset = (buf[3] << 24) | (buf[4] << 16) | (buf[5] << 8) | buf[6];
308 len = (buf[8] << 8) | buf[9];
309 s->ti_size = len * 512;
311 DPRINTF("Read (10) (offset %lld len %lld)\n", offset, len);
312 bdrv_read(s->bd[target], offset, s->ti_buf, len);
313 // XXX error handling
321 if (bdrv_get_type_hint(s->bd[target]) == BDRV_TYPE_CDROM) {
322 offset = ((buf[3] << 24) | (buf[4] << 16) | (buf[5] << 8) | buf[6]) * 4;
323 len = ((buf[8] << 8) | buf[9]) * 4;
324 s->ti_size = len * 2048;
326 offset = (buf[3] << 24) | (buf[4] << 16) | (buf[5] << 8) | buf[6];
327 len = (buf[8] << 8) | buf[9];
328 s->ti_size = len * 512;
330 DPRINTF("Write (10) (offset %lld len %lld)\n", offset, len);
331 bdrv_write(s->bd[target], offset, s->ti_buf, len);
332 // XXX error handling
338 int start_track, format, msf, len;
341 format = buf[3] & 0xf;
342 start_track = buf[7];
343 bdrv_get_geometry(s->bd[target], &nb_sectors);
344 DPRINTF("Read TOC (track %d format %d msf %d)\n", start_track, format, msf >> 1);
347 len = cdrom_read_toc(nb_sectors, buf, msf, start_track);
353 /* multi session : only a single session defined */
361 len = cdrom_read_toc_raw(nb_sectors, buf, msf, start_track);
368 DPRINTF("Read TOC error\n");
369 // XXX error handling
376 DPRINTF("Unknown SCSI command (%2.2x)\n", buf[1]);
379 s->rregs[4] = STAT_IN | STAT_TC | STAT_DI;
380 s->rregs[5] = INTR_BS | INTR_FC;
381 s->rregs[6] = SEQ_CD;
382 s->espdmaregs[0] |= DMA_INTR;
383 pic_set_irq(s->irq, 1);
386 static void dma_write(ESPState *s, const uint8_t *buf, uint32_t len)
388 uint32_t dmaptr, dmalen;
390 dmalen = s->wregs[0] | (s->wregs[1] << 8);
391 DPRINTF("Transfer status len %d\n", dmalen);
393 dmaptr = iommu_translate(s->espdmaregs[1]);
394 DPRINTF("DMA Direction: %c\n", s->espdmaregs[0] & 0x100? 'w': 'r');
395 cpu_physical_memory_write(dmaptr, buf, len);
396 s->rregs[4] = STAT_IN | STAT_TC | STAT_ST;
397 s->rregs[5] = INTR_BS | INTR_FC;
398 s->rregs[6] = SEQ_CD;
400 memcpy(s->ti_buf, buf, len);
404 s->rregs[7] = dmalen;
406 s->espdmaregs[0] |= DMA_INTR;
407 pic_set_irq(s->irq, 1);
411 static const uint8_t okbuf[] = {0, 0};
413 static void handle_ti(ESPState *s)
415 uint32_t dmaptr, dmalen;
418 dmalen = s->wregs[0] | (s->wregs[1] << 8);
419 DPRINTF("Transfer Information len %d\n", dmalen);
421 dmaptr = iommu_translate(s->espdmaregs[1]);
422 DPRINTF("DMA Direction: %c, addr 0x%8.8x\n", s->espdmaregs[0] & 0x100? 'w': 'r', dmaptr);
423 for (i = 0; i < s->ti_size; i++) {
424 dmaptr = iommu_translate(s->espdmaregs[1] + i);
426 cpu_physical_memory_write(dmaptr, &s->ti_buf[i], 1);
428 cpu_physical_memory_read(dmaptr, &s->ti_buf[i], 1);
430 s->rregs[4] = STAT_IN | STAT_TC | STAT_ST;
431 s->rregs[5] = INTR_BS;
433 s->espdmaregs[0] |= DMA_INTR;
438 s->rregs[7] = dmalen;
440 pic_set_irq(s->irq, 1);
443 static void esp_reset(void *opaque)
445 ESPState *s = opaque;
446 memset(s->rregs, 0, ESP_MAXREG);
447 s->rregs[0x0e] = 0x4; // Indicate fas100a
448 memset(s->espdmaregs, 0, ESPDMA_REGS * 4);
451 static uint32_t esp_mem_readb(void *opaque, target_phys_addr_t addr)
453 ESPState *s = opaque;
456 saddr = (addr & ESP_MAXREG) >> 2;
457 DPRINTF("read reg[%d]: 0x%2.2x\n", saddr, s->rregs[saddr]);
461 if (s->ti_size > 0) {
463 s->rregs[saddr] = s->ti_buf[s->ti_rptr++];
464 pic_set_irq(s->irq, 1);
466 if (s->ti_size == 0) {
473 // Clear status bits except TC
474 s->rregs[4] &= STAT_TC;
475 pic_set_irq(s->irq, 0);
476 s->espdmaregs[0] &= ~DMA_INTR;
481 return s->rregs[saddr];
484 static void esp_mem_writeb(void *opaque, target_phys_addr_t addr, uint32_t val)
486 ESPState *s = opaque;
489 saddr = (addr & ESP_MAXREG) >> 2;
490 DPRINTF("write reg[%d]: 0x%2.2x -> 0x%2.2x\n", saddr, s->wregs[saddr], val);
494 s->rregs[saddr] = val;
499 s->ti_buf[s->ti_wptr++] = val & 0xff;
502 s->rregs[saddr] = val;
511 DPRINTF("NOP (%2.2x)\n", val);
514 DPRINTF("Flush FIFO (%2.2x)\n", val);
516 s->rregs[5] = INTR_FC;
520 DPRINTF("Chip reset (%2.2x)\n", val);
524 DPRINTF("Bus reset (%2.2x)\n", val);
525 s->rregs[5] = INTR_RST;
526 if (!(s->wregs[8] & 0x40)) {
527 s->espdmaregs[0] |= DMA_INTR;
528 pic_set_irq(s->irq, 1);
535 DPRINTF("Initiator Command Complete Sequence (%2.2x)\n", val);
536 dma_write(s, okbuf, 2);
539 DPRINTF("Message Accepted (%2.2x)\n", val);
540 dma_write(s, okbuf, 2);
541 s->rregs[5] = INTR_DC;
545 DPRINTF("Set ATN (%2.2x)\n", val);
551 DPRINTF("Set ATN & stop (%2.2x)\n", val);
555 DPRINTF("Unhandled ESP command (%2.2x)\n", val);
562 s->rregs[saddr] = val;
567 s->rregs[saddr] = val & 0x15;
570 s->rregs[saddr] = val;
575 s->wregs[saddr] = val;
578 static CPUReadMemoryFunc *esp_mem_read[3] = {
584 static CPUWriteMemoryFunc *esp_mem_write[3] = {
590 static uint32_t espdma_mem_readl(void *opaque, target_phys_addr_t addr)
592 ESPState *s = opaque;
595 saddr = (addr & ESPDMA_MAXADDR) >> 2;
596 DPRINTF("read dmareg[%d]: 0x%8.8x\n", saddr, s->espdmaregs[saddr]);
598 return s->espdmaregs[saddr];
601 static void espdma_mem_writel(void *opaque, target_phys_addr_t addr, uint32_t val)
603 ESPState *s = opaque;
606 saddr = (addr & ESPDMA_MAXADDR) >> 2;
607 DPRINTF("write dmareg[%d]: 0x%8.8x -> 0x%8.8x\n", saddr, s->espdmaregs[saddr], val);
610 if (!(val & DMA_INTREN))
611 pic_set_irq(s->irq, 0);
614 } else if (val & 0x40) {
622 s->espdmaregs[0] = DMA_LOADED;
627 s->espdmaregs[saddr] = val;
630 static CPUReadMemoryFunc *espdma_mem_read[3] = {
636 static CPUWriteMemoryFunc *espdma_mem_write[3] = {
642 static void esp_save(QEMUFile *f, void *opaque)
644 ESPState *s = opaque;
647 qemu_put_buffer(f, s->rregs, ESP_MAXREG);
648 qemu_put_buffer(f, s->wregs, ESP_MAXREG);
649 qemu_put_be32s(f, &s->irq);
650 for (i = 0; i < ESPDMA_REGS; i++)
651 qemu_put_be32s(f, &s->espdmaregs[i]);
652 qemu_put_be32s(f, &s->ti_size);
653 qemu_put_be32s(f, &s->ti_rptr);
654 qemu_put_be32s(f, &s->ti_wptr);
655 qemu_put_be32s(f, &s->ti_dir);
656 qemu_put_buffer(f, s->ti_buf, TI_BUFSZ);
657 qemu_put_be32s(f, &s->dma);
660 static int esp_load(QEMUFile *f, void *opaque, int version_id)
662 ESPState *s = opaque;
668 qemu_get_buffer(f, s->rregs, ESP_MAXREG);
669 qemu_get_buffer(f, s->wregs, ESP_MAXREG);
670 qemu_get_be32s(f, &s->irq);
671 for (i = 0; i < ESPDMA_REGS; i++)
672 qemu_get_be32s(f, &s->espdmaregs[i]);
673 qemu_get_be32s(f, &s->ti_size);
674 qemu_get_be32s(f, &s->ti_rptr);
675 qemu_get_be32s(f, &s->ti_wptr);
676 qemu_get_be32s(f, &s->ti_dir);
677 qemu_get_buffer(f, s->ti_buf, TI_BUFSZ);
678 qemu_get_be32s(f, &s->dma);
683 void esp_init(BlockDriverState **bd, int irq, uint32_t espaddr, uint32_t espdaddr)
686 int esp_io_memory, espdma_io_memory;
688 s = qemu_mallocz(sizeof(ESPState));
695 esp_io_memory = cpu_register_io_memory(0, esp_mem_read, esp_mem_write, s);
696 cpu_register_physical_memory(espaddr, ESP_MAXREG*4, esp_io_memory);
698 espdma_io_memory = cpu_register_io_memory(0, espdma_mem_read, espdma_mem_write, s);
699 cpu_register_physical_memory(espdaddr, 16, espdma_io_memory);
703 register_savevm("esp", espaddr, 1, esp_save, esp_load, s);
704 qemu_register_reset(esp_reset, s);
projects / qemu / blob