xref: /illumos-kvm-cmd/hw/ide/core.c (revision 26424130)
1 /*
2  * QEMU IDE disk and CD/DVD-ROM Emulator
3  *
4  * Copyright (c) 2003 Fabrice Bellard
5  * Copyright (c) 2006 Openedhand Ltd.
6  *
7  * Permission is hereby granted, free of charge, to any person obtaining a copy
8  * of this software and associated documentation files (the "Software"), to deal
9  * in the Software without restriction, including without limitation the rights
10  * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
11  * copies of the Software, and to permit persons to whom the Software is
12  * furnished to do so, subject to the following conditions:
13  *
14  * The above copyright notice and this permission notice shall be included in
15  * all copies or substantial portions of the Software.
16  *
17  * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
18  * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
19  * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
20  * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
21  * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
22  * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
23  * THE SOFTWARE.
24  */
25 #include <hw/hw.h>
26 #include <hw/pc.h>
27 #include <hw/pci.h>
28 #include <hw/scsi.h>
29 #include "qemu-error.h"
30 #include "qemu-timer.h"
31 #include "sysemu.h"
32 #include "dma.h"
33 #include "blockdev.h"
34 
35 #include <hw/ide/internal.h>
36 
37 static const int smart_attributes[][5] = {
38     /* id,  flags, val, wrst, thrsh */
39     { 0x01, 0x03, 0x64, 0x64, 0x06}, /* raw read */
40     { 0x03, 0x03, 0x64, 0x64, 0x46}, /* spin up */
41     { 0x04, 0x02, 0x64, 0x64, 0x14}, /* start stop count */
42     { 0x05, 0x03, 0x64, 0x64, 0x36}, /* remapped sectors */
43     { 0x00, 0x00, 0x00, 0x00, 0x00}
44 };
45 
46 /* XXX: DVDs that could fit on a CD will be reported as a CD */
media_present(IDEState * s)47 static inline int media_present(IDEState *s)
48 {
49     return (s->nb_sectors > 0);
50 }
51 
media_is_dvd(IDEState * s)52 static inline int media_is_dvd(IDEState *s)
53 {
54     return (media_present(s) && s->nb_sectors > CD_MAX_SECTORS);
55 }
56 
media_is_cd(IDEState * s)57 static inline int media_is_cd(IDEState *s)
58 {
59     return (media_present(s) && s->nb_sectors <= CD_MAX_SECTORS);
60 }
61 
62 static void ide_atapi_cmd_read_dma_cb(void *opaque, int ret);
63 static int ide_handle_rw_error(IDEState *s, int error, int op);
64 
padstr(char * str,const char * src,int len)65 static void padstr(char *str, const char *src, int len)
66 {
67     int i, v;
68     for(i = 0; i < len; i++) {
69         if (*src)
70             v = *src++;
71         else
72             v = ' ';
73         str[i^1] = v;
74     }
75 }
76 
padstr8(uint8_t * buf,int buf_size,const char * src)77 static void padstr8(uint8_t *buf, int buf_size, const char *src)
78 {
79     int i;
80     for(i = 0; i < buf_size; i++) {
81         if (*src)
82             buf[i] = *src++;
83         else
84             buf[i] = ' ';
85     }
86 }
87 
put_le16(uint16_t * p,unsigned int v)88 static void put_le16(uint16_t *p, unsigned int v)
89 {
90     *p = cpu_to_le16(v);
91 }
92 
ide_identify(IDEState * s)93 static void ide_identify(IDEState *s)
94 {
95     uint16_t *p;
96     unsigned int oldsize;
97     IDEDevice *dev;
98 
99     if (s->identify_set) {
100 	memcpy(s->io_buffer, s->identify_data, sizeof(s->identify_data));
101 	return;
102     }
103 
104     memset(s->io_buffer, 0, 512);
105     p = (uint16_t *)s->io_buffer;
106     put_le16(p + 0, 0x0040);
107     put_le16(p + 1, s->cylinders);
108     put_le16(p + 3, s->heads);
109     put_le16(p + 4, 512 * s->sectors); /* XXX: retired, remove ? */
110     put_le16(p + 5, 512); /* XXX: retired, remove ? */
111     put_le16(p + 6, s->sectors);
112     padstr((char *)(p + 10), s->drive_serial_str, 20); /* serial number */
113     put_le16(p + 20, 3); /* XXX: retired, remove ? */
114     put_le16(p + 21, 512); /* cache size in sectors */
115     put_le16(p + 22, 4); /* ecc bytes */
116     padstr((char *)(p + 23), s->version, 8); /* firmware version */
117     padstr((char *)(p + 27), "QEMU HARDDISK", 40); /* model */
118 #if MAX_MULT_SECTORS > 1
119     put_le16(p + 47, 0x8000 | MAX_MULT_SECTORS);
120 #endif
121     put_le16(p + 48, 1); /* dword I/O */
122     put_le16(p + 49, (1 << 11) | (1 << 9) | (1 << 8)); /* DMA and LBA supported */
123     put_le16(p + 51, 0x200); /* PIO transfer cycle */
124     put_le16(p + 52, 0x200); /* DMA transfer cycle */
125     put_le16(p + 53, 1 | (1 << 1) | (1 << 2)); /* words 54-58,64-70,88 are valid */
126     put_le16(p + 54, s->cylinders);
127     put_le16(p + 55, s->heads);
128     put_le16(p + 56, s->sectors);
129     oldsize = s->cylinders * s->heads * s->sectors;
130     put_le16(p + 57, oldsize);
131     put_le16(p + 58, oldsize >> 16);
132     if (s->mult_sectors)
133         put_le16(p + 59, 0x100 | s->mult_sectors);
134     put_le16(p + 60, s->nb_sectors);
135     put_le16(p + 61, s->nb_sectors >> 16);
136     put_le16(p + 62, 0x07); /* single word dma0-2 supported */
137     put_le16(p + 63, 0x07); /* mdma0-2 supported */
138     put_le16(p + 64, 0x03); /* pio3-4 supported */
139     put_le16(p + 65, 120);
140     put_le16(p + 66, 120);
141     put_le16(p + 67, 120);
142     put_le16(p + 68, 120);
143 
144     if (s->ncq_queues) {
145         put_le16(p + 75, s->ncq_queues - 1);
146         /* NCQ supported */
147         put_le16(p + 76, (1 << 8));
148     }
149 
150     put_le16(p + 80, 0xf0); /* ata3 -> ata6 supported */
151     put_le16(p + 81, 0x16); /* conforms to ata5 */
152     /* 14=NOP supported, 5=WCACHE supported, 0=SMART supported */
153     put_le16(p + 82, (1 << 14) | (1 << 5) | 1);
154     /* 13=flush_cache_ext,12=flush_cache,10=lba48 */
155     put_le16(p + 83, (1 << 14) | (1 << 13) | (1 <<12) | (1 << 10));
156     /* 14=set to 1, 1=SMART self test, 0=SMART error logging */
157     put_le16(p + 84, (1 << 14) | 0);
158     /* 14 = NOP supported, 5=WCACHE enabled, 0=SMART feature set enabled */
159     if (bdrv_enable_write_cache(s->bs))
160          put_le16(p + 85, (1 << 14) | (1 << 5) | 1);
161     else
162          put_le16(p + 85, (1 << 14) | 1);
163     /* 13=flush_cache_ext,12=flush_cache,10=lba48 */
164     put_le16(p + 86, (1 << 14) | (1 << 13) | (1 <<12) | (1 << 10));
165     /* 14=set to 1, 1=smart self test, 0=smart error logging */
166     put_le16(p + 87, (1 << 14) | 0);
167     put_le16(p + 88, 0x3f | (1 << 13)); /* udma5 set and supported */
168     put_le16(p + 93, 1 | (1 << 14) | 0x2000);
169     put_le16(p + 100, s->nb_sectors);
170     put_le16(p + 101, s->nb_sectors >> 16);
171     put_le16(p + 102, s->nb_sectors >> 32);
172     put_le16(p + 103, s->nb_sectors >> 48);
173     dev = s->unit ? s->bus->slave : s->bus->master;
174     if (dev && dev->conf.physical_block_size)
175         put_le16(p + 106, 0x6000 | get_physical_block_exp(&dev->conf));
176 
177     memcpy(s->identify_data, p, sizeof(s->identify_data));
178     s->identify_set = 1;
179 }
180 
ide_atapi_identify(IDEState * s)181 static void ide_atapi_identify(IDEState *s)
182 {
183     uint16_t *p;
184 
185     if (s->identify_set) {
186 	memcpy(s->io_buffer, s->identify_data, sizeof(s->identify_data));
187 	return;
188     }
189 
190     memset(s->io_buffer, 0, 512);
191     p = (uint16_t *)s->io_buffer;
192     /* Removable CDROM, 50us response, 12 byte packets */
193     put_le16(p + 0, (2 << 14) | (5 << 8) | (1 << 7) | (2 << 5) | (0 << 0));
194     padstr((char *)(p + 10), s->drive_serial_str, 20); /* serial number */
195     put_le16(p + 20, 3); /* buffer type */
196     put_le16(p + 21, 512); /* cache size in sectors */
197     put_le16(p + 22, 4); /* ecc bytes */
198     padstr((char *)(p + 23), s->version, 8); /* firmware version */
199     padstr((char *)(p + 27), "QEMU DVD-ROM", 40); /* model */
200     put_le16(p + 48, 1); /* dword I/O (XXX: should not be set on CDROM) */
201 #ifdef USE_DMA_CDROM
202     put_le16(p + 49, 1 << 9 | 1 << 8); /* DMA and LBA supported */
203     put_le16(p + 53, 7); /* words 64-70, 54-58, 88 valid */
204     put_le16(p + 62, 7);  /* single word dma0-2 supported */
205     put_le16(p + 63, 7);  /* mdma0-2 supported */
206 #else
207     put_le16(p + 49, 1 << 9); /* LBA supported, no DMA */
208     put_le16(p + 53, 3); /* words 64-70, 54-58 valid */
209     put_le16(p + 63, 0x103); /* DMA modes XXX: may be incorrect */
210 #endif
211     put_le16(p + 64, 3); /* pio3-4 supported */
212     put_le16(p + 65, 0xb4); /* minimum DMA multiword tx cycle time */
213     put_le16(p + 66, 0xb4); /* recommended DMA multiword tx cycle time */
214     put_le16(p + 67, 0x12c); /* minimum PIO cycle time without flow control */
215     put_le16(p + 68, 0xb4); /* minimum PIO cycle time with IORDY flow control */
216 
217     put_le16(p + 71, 30); /* in ns */
218     put_le16(p + 72, 30); /* in ns */
219 
220     if (s->ncq_queues) {
221         put_le16(p + 75, s->ncq_queues - 1);
222         /* NCQ supported */
223         put_le16(p + 76, (1 << 8));
224     }
225 
226     put_le16(p + 80, 0x1e); /* support up to ATA/ATAPI-4 */
227 #ifdef USE_DMA_CDROM
228     put_le16(p + 88, 0x3f | (1 << 13)); /* udma5 set and supported */
229 #endif
230     memcpy(s->identify_data, p, sizeof(s->identify_data));
231     s->identify_set = 1;
232 }
233 
ide_cfata_identify(IDEState * s)234 static void ide_cfata_identify(IDEState *s)
235 {
236     uint16_t *p;
237     uint32_t cur_sec;
238 
239     p = (uint16_t *) s->identify_data;
240     if (s->identify_set)
241         goto fill_buffer;
242 
243     memset(p, 0, sizeof(s->identify_data));
244 
245     cur_sec = s->cylinders * s->heads * s->sectors;
246 
247     put_le16(p + 0, 0x848a);			/* CF Storage Card signature */
248     put_le16(p + 1, s->cylinders);		/* Default cylinders */
249     put_le16(p + 3, s->heads);			/* Default heads */
250     put_le16(p + 6, s->sectors);		/* Default sectors per track */
251     put_le16(p + 7, s->nb_sectors >> 16);	/* Sectors per card */
252     put_le16(p + 8, s->nb_sectors);		/* Sectors per card */
253     padstr((char *)(p + 10), s->drive_serial_str, 20); /* serial number */
254     put_le16(p + 22, 0x0004);			/* ECC bytes */
255     padstr((char *) (p + 23), s->version, 8);	/* Firmware Revision */
256     padstr((char *) (p + 27), "QEMU MICRODRIVE", 40);/* Model number */
257 #if MAX_MULT_SECTORS > 1
258     put_le16(p + 47, 0x8000 | MAX_MULT_SECTORS);
259 #else
260     put_le16(p + 47, 0x0000);
261 #endif
262     put_le16(p + 49, 0x0f00);			/* Capabilities */
263     put_le16(p + 51, 0x0002);			/* PIO cycle timing mode */
264     put_le16(p + 52, 0x0001);			/* DMA cycle timing mode */
265     put_le16(p + 53, 0x0003);			/* Translation params valid */
266     put_le16(p + 54, s->cylinders);		/* Current cylinders */
267     put_le16(p + 55, s->heads);			/* Current heads */
268     put_le16(p + 56, s->sectors);		/* Current sectors */
269     put_le16(p + 57, cur_sec);			/* Current capacity */
270     put_le16(p + 58, cur_sec >> 16);		/* Current capacity */
271     if (s->mult_sectors)			/* Multiple sector setting */
272         put_le16(p + 59, 0x100 | s->mult_sectors);
273     put_le16(p + 60, s->nb_sectors);		/* Total LBA sectors */
274     put_le16(p + 61, s->nb_sectors >> 16);	/* Total LBA sectors */
275     put_le16(p + 63, 0x0203);			/* Multiword DMA capability */
276     put_le16(p + 64, 0x0001);			/* Flow Control PIO support */
277     put_le16(p + 65, 0x0096);			/* Min. Multiword DMA cycle */
278     put_le16(p + 66, 0x0096);			/* Rec. Multiword DMA cycle */
279     put_le16(p + 68, 0x00b4);			/* Min. PIO cycle time */
280     put_le16(p + 82, 0x400c);			/* Command Set supported */
281     put_le16(p + 83, 0x7068);			/* Command Set supported */
282     put_le16(p + 84, 0x4000);			/* Features supported */
283     put_le16(p + 85, 0x000c);			/* Command Set enabled */
284     put_le16(p + 86, 0x7044);			/* Command Set enabled */
285     put_le16(p + 87, 0x4000);			/* Features enabled */
286     put_le16(p + 91, 0x4060);			/* Current APM level */
287     put_le16(p + 129, 0x0002);			/* Current features option */
288     put_le16(p + 130, 0x0005);			/* Reassigned sectors */
289     put_le16(p + 131, 0x0001);			/* Initial power mode */
290     put_le16(p + 132, 0x0000);			/* User signature */
291     put_le16(p + 160, 0x8100);			/* Power requirement */
292     put_le16(p + 161, 0x8001);			/* CF command set */
293 
294     s->identify_set = 1;
295 
296 fill_buffer:
297     memcpy(s->io_buffer, p, sizeof(s->identify_data));
298 }
299 
ide_set_signature(IDEState * s)300 static void ide_set_signature(IDEState *s)
301 {
302     s->select &= 0xf0; /* clear head */
303     /* put signature */
304     s->nsector = 1;
305     s->sector = 1;
306     if (s->drive_kind == IDE_CD) {
307         s->lcyl = 0x14;
308         s->hcyl = 0xeb;
309     } else if (s->bs) {
310         s->lcyl = 0;
311         s->hcyl = 0;
312     } else {
313         s->lcyl = 0xff;
314         s->hcyl = 0xff;
315     }
316 }
317 
ide_abort_command(IDEState * s)318 static inline void ide_abort_command(IDEState *s)
319 {
320     s->status = READY_STAT | ERR_STAT;
321     s->error = ABRT_ERR;
322 }
323 
324 /* prepare data transfer and tell what to do after */
ide_transfer_start(IDEState * s,uint8_t * buf,int size,EndTransferFunc * end_transfer_func)325 static void ide_transfer_start(IDEState *s, uint8_t *buf, int size,
326                                EndTransferFunc *end_transfer_func)
327 {
328     s->end_transfer_func = end_transfer_func;
329     s->data_ptr = buf;
330     s->data_end = buf + size;
331     if (!(s->status & ERR_STAT)) {
332         s->status |= DRQ_STAT;
333     }
334     s->bus->dma->ops->start_transfer(s->bus->dma);
335 }
336 
ide_transfer_stop(IDEState * s)337 static void ide_transfer_stop(IDEState *s)
338 {
339     s->end_transfer_func = ide_transfer_stop;
340     s->data_ptr = s->io_buffer;
341     s->data_end = s->io_buffer;
342     s->status &= ~DRQ_STAT;
343 }
344 
ide_get_sector(IDEState * s)345 int64_t ide_get_sector(IDEState *s)
346 {
347     int64_t sector_num;
348     if (s->select & 0x40) {
349         /* lba */
350 	if (!s->lba48) {
351 	    sector_num = ((s->select & 0x0f) << 24) | (s->hcyl << 16) |
352 		(s->lcyl << 8) | s->sector;
353 	} else {
354 	    sector_num = ((int64_t)s->hob_hcyl << 40) |
355 		((int64_t) s->hob_lcyl << 32) |
356 		((int64_t) s->hob_sector << 24) |
357 		((int64_t) s->hcyl << 16) |
358 		((int64_t) s->lcyl << 8) | s->sector;
359 	}
360     } else {
361         sector_num = ((s->hcyl << 8) | s->lcyl) * s->heads * s->sectors +
362             (s->select & 0x0f) * s->sectors + (s->sector - 1);
363     }
364     return sector_num;
365 }
366 
ide_set_sector(IDEState * s,int64_t sector_num)367 void ide_set_sector(IDEState *s, int64_t sector_num)
368 {
369     unsigned int cyl, r;
370     if (s->select & 0x40) {
371 	if (!s->lba48) {
372             s->select = (s->select & 0xf0) | (sector_num >> 24);
373             s->hcyl = (sector_num >> 16);
374             s->lcyl = (sector_num >> 8);
375             s->sector = (sector_num);
376 	} else {
377 	    s->sector = sector_num;
378 	    s->lcyl = sector_num >> 8;
379 	    s->hcyl = sector_num >> 16;
380 	    s->hob_sector = sector_num >> 24;
381 	    s->hob_lcyl = sector_num >> 32;
382 	    s->hob_hcyl = sector_num >> 40;
383 	}
384     } else {
385         cyl = sector_num / (s->heads * s->sectors);
386         r = sector_num % (s->heads * s->sectors);
387         s->hcyl = cyl >> 8;
388         s->lcyl = cyl;
389         s->select = (s->select & 0xf0) | ((r / s->sectors) & 0x0f);
390         s->sector = (r % s->sectors) + 1;
391     }
392 }
393 
ide_rw_error(IDEState * s)394 static void ide_rw_error(IDEState *s) {
395     ide_abort_command(s);
396     ide_set_irq(s->bus);
397 }
398 
ide_sector_read(IDEState * s)399 void ide_sector_read(IDEState *s)
400 {
401     int64_t sector_num;
402     int ret, n;
403 
404     s->status = READY_STAT | SEEK_STAT;
405     s->error = 0; /* not needed by IDE spec, but needed by Windows */
406     sector_num = ide_get_sector(s);
407     n = s->nsector;
408     if (n == 0) {
409         /* no more sector to read from disk */
410         ide_transfer_stop(s);
411     } else {
412 #if defined(DEBUG_IDE)
413         printf("read sector=%" PRId64 "\n", sector_num);
414 #endif
415         if (n > s->req_nb_sectors)
416             n = s->req_nb_sectors;
417         ret = bdrv_read(s->bs, sector_num, s->io_buffer, n);
418         if (ret != 0) {
419             if (ide_handle_rw_error(s, -ret,
420                 BM_STATUS_PIO_RETRY | BM_STATUS_RETRY_READ))
421             {
422                 return;
423             }
424         }
425         ide_transfer_start(s, s->io_buffer, 512 * n, ide_sector_read);
426         ide_set_irq(s->bus);
427         ide_set_sector(s, sector_num + n);
428         s->nsector -= n;
429     }
430 }
431 
dma_buf_commit(IDEState * s,int is_write)432 static void dma_buf_commit(IDEState *s, int is_write)
433 {
434     qemu_sglist_destroy(&s->sg);
435 }
436 
ide_set_inactive(IDEState * s)437 static void ide_set_inactive(IDEState *s)
438 {
439     s->bus->dma->aiocb = NULL;
440     s->bus->dma->ops->set_inactive(s->bus->dma);
441 }
442 
ide_dma_error(IDEState * s)443 void ide_dma_error(IDEState *s)
444 {
445     ide_transfer_stop(s);
446     s->error = ABRT_ERR;
447     s->status = READY_STAT | ERR_STAT;
448     ide_set_inactive(s);
449     s->bus->dma->ops->add_status(s->bus->dma, BM_STATUS_INT);
450     ide_set_irq(s->bus);
451 }
452 
ide_handle_rw_error(IDEState * s,int error,int op)453 static int ide_handle_rw_error(IDEState *s, int error, int op)
454 {
455     int is_read = (op & BM_STATUS_RETRY_READ);
456     BlockErrorAction action = bdrv_get_on_error(s->bs, is_read);
457 
458     if (action == BLOCK_ERR_IGNORE) {
459         bdrv_mon_event(s->bs, BDRV_ACTION_IGNORE, is_read);
460         return 0;
461     }
462 
463     if ((error == ENOSPC && action == BLOCK_ERR_STOP_ENOSPC)
464             || action == BLOCK_ERR_STOP_ANY) {
465         s->bus->dma->ops->set_unit(s->bus->dma, s->unit);
466         s->bus->dma->ops->add_status(s->bus->dma, op);
467         bdrv_mon_event(s->bs, BDRV_ACTION_STOP, is_read);
468         vm_stop(0);
469     } else {
470         if (op & BM_STATUS_DMA_RETRY) {
471             dma_buf_commit(s, 0);
472             ide_dma_error(s);
473         } else {
474             ide_rw_error(s);
475         }
476         bdrv_mon_event(s->bs, BDRV_ACTION_REPORT, is_read);
477     }
478 
479     return 1;
480 }
481 
ide_dma_cb(void * opaque,int ret)482 void ide_dma_cb(void *opaque, int ret)
483 {
484     IDEState *s = opaque;
485     int n;
486     int64_t sector_num;
487 
488 handle_rw_error:
489     if (ret < 0) {
490         int op = BM_STATUS_DMA_RETRY;
491 
492         if (s->is_read)
493             op |= BM_STATUS_RETRY_READ;
494         if (ide_handle_rw_error(s, -ret, op)) {
495             return;
496         }
497     }
498 
499     n = s->io_buffer_size >> 9;
500     sector_num = ide_get_sector(s);
501     if (n > 0) {
502         dma_buf_commit(s, s->is_read);
503         sector_num += n;
504         ide_set_sector(s, sector_num);
505         s->nsector -= n;
506     }
507 
508     /* end of transfer ? */
509     if (s->nsector == 0) {
510         s->status = READY_STAT | SEEK_STAT;
511         ide_set_irq(s->bus);
512         goto eot;
513     }
514 
515     /* launch next transfer */
516     n = s->nsector;
517     s->io_buffer_index = 0;
518     s->io_buffer_size = n * 512;
519     if (s->bus->dma->ops->prepare_buf(s->bus->dma, s->is_read) == 0)
520         goto eot;
521 
522 #ifdef DEBUG_AIO
523     printf("ide_dma_cb: sector_num=%" PRId64 " n=%d, is_read=%d\n",
524            sector_num, n, s->is_read);
525 #endif
526 
527     if (s->is_read) {
528         s->bus->dma->aiocb = dma_bdrv_read(s->bs, &s->sg, sector_num,
529                                            ide_dma_cb, s);
530     } else {
531         s->bus->dma->aiocb = dma_bdrv_write(s->bs, &s->sg, sector_num,
532                                             ide_dma_cb, s);
533     }
534 
535     if (!s->bus->dma->aiocb) {
536         ret = -1;
537         goto handle_rw_error;
538     }
539     return;
540 
541 eot:
542    s->bus->dma->ops->add_status(s->bus->dma, BM_STATUS_INT);
543    ide_set_inactive(s);
544 }
545 
ide_sector_start_dma(IDEState * s,int is_read)546 static void ide_sector_start_dma(IDEState *s, int is_read)
547 {
548     s->status = READY_STAT | SEEK_STAT | DRQ_STAT | BUSY_STAT;
549     s->io_buffer_index = 0;
550     s->io_buffer_size = 0;
551     s->is_read = is_read;
552     s->bus->dma->ops->start_dma(s->bus->dma, s, ide_dma_cb);
553 }
554 
ide_sector_write_timer_cb(void * opaque)555 static void ide_sector_write_timer_cb(void *opaque)
556 {
557     IDEState *s = opaque;
558     ide_set_irq(s->bus);
559 }
560 
ide_sector_write(IDEState * s)561 void ide_sector_write(IDEState *s)
562 {
563     int64_t sector_num;
564     int ret, n, n1;
565 
566     s->status = READY_STAT | SEEK_STAT;
567     sector_num = ide_get_sector(s);
568 #if defined(DEBUG_IDE)
569     printf("write sector=%" PRId64 "\n", sector_num);
570 #endif
571     n = s->nsector;
572     if (n > s->req_nb_sectors)
573         n = s->req_nb_sectors;
574     ret = bdrv_write(s->bs, sector_num, s->io_buffer, n);
575 
576     if (ret != 0) {
577         if (ide_handle_rw_error(s, -ret, BM_STATUS_PIO_RETRY))
578             return;
579     }
580 
581     s->nsector -= n;
582     if (s->nsector == 0) {
583         /* no more sectors to write */
584         ide_transfer_stop(s);
585     } else {
586         n1 = s->nsector;
587         if (n1 > s->req_nb_sectors)
588             n1 = s->req_nb_sectors;
589         ide_transfer_start(s, s->io_buffer, 512 * n1, ide_sector_write);
590     }
591     ide_set_sector(s, sector_num + n);
592 
593     if (win2k_install_hack && ((++s->irq_count % 16) == 0)) {
594         /* It seems there is a bug in the Windows 2000 installer HDD
595            IDE driver which fills the disk with empty logs when the
596            IDE write IRQ comes too early. This hack tries to correct
597            that at the expense of slower write performances. Use this
598            option _only_ to install Windows 2000. You must disable it
599            for normal use. */
600         qemu_mod_timer(s->sector_write_timer,
601                        qemu_get_clock(vm_clock) + (get_ticks_per_sec() / 1000));
602     } else {
603         ide_set_irq(s->bus);
604     }
605 }
606 
ide_atapi_cmd_ok(IDEState * s)607 void ide_atapi_cmd_ok(IDEState *s)
608 {
609     s->error = 0;
610     s->status = READY_STAT | SEEK_STAT;
611     s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
612     ide_set_irq(s->bus);
613 }
614 
ide_atapi_cmd_error(IDEState * s,int sense_key,int asc)615 void ide_atapi_cmd_error(IDEState *s, int sense_key, int asc)
616 {
617 #ifdef DEBUG_IDE_ATAPI
618     printf("atapi_cmd_error: sense=0x%x asc=0x%x\n", sense_key, asc);
619 #endif
620     s->error = sense_key << 4;
621     s->status = READY_STAT | ERR_STAT;
622     s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
623     s->sense_key = sense_key;
624     s->asc = asc;
625     ide_set_irq(s->bus);
626 }
627 
ide_atapi_cmd_check_status(IDEState * s)628 static void ide_atapi_cmd_check_status(IDEState *s)
629 {
630 #ifdef DEBUG_IDE_ATAPI
631     printf("atapi_cmd_check_status\n");
632 #endif
633     s->error = MC_ERR | (SENSE_UNIT_ATTENTION << 4);
634     s->status = ERR_STAT;
635     s->nsector = 0;
636     ide_set_irq(s->bus);
637 }
638 
ide_flush_cb(void * opaque,int ret)639 static void ide_flush_cb(void *opaque, int ret)
640 {
641     IDEState *s = opaque;
642 
643     if (ret < 0) {
644         /* XXX: What sector number to set here? */
645         if (ide_handle_rw_error(s, -ret, BM_STATUS_RETRY_FLUSH)) {
646             return;
647         }
648     }
649 
650     s->status = READY_STAT | SEEK_STAT;
651     ide_set_irq(s->bus);
652 }
653 
ide_flush_cache(IDEState * s)654 void ide_flush_cache(IDEState *s)
655 {
656     BlockDriverAIOCB *acb;
657 
658     if (s->bs == NULL) {
659         ide_flush_cb(s, 0);
660         return;
661     }
662 
663     acb = bdrv_aio_flush(s->bs, ide_flush_cb, s);
664     if (acb == NULL) {
665         ide_flush_cb(s, -EIO);
666     }
667 }
668 
cpu_to_ube16(uint8_t * buf,int val)669 static inline void cpu_to_ube16(uint8_t *buf, int val)
670 {
671     buf[0] = val >> 8;
672     buf[1] = val & 0xff;
673 }
674 
cpu_to_ube32(uint8_t * buf,unsigned int val)675 static inline void cpu_to_ube32(uint8_t *buf, unsigned int val)
676 {
677     buf[0] = val >> 24;
678     buf[1] = val >> 16;
679     buf[2] = val >> 8;
680     buf[3] = val & 0xff;
681 }
682 
ube16_to_cpu(const uint8_t * buf)683 static inline int ube16_to_cpu(const uint8_t *buf)
684 {
685     return (buf[0] << 8) | buf[1];
686 }
687 
ube32_to_cpu(const uint8_t * buf)688 static inline int ube32_to_cpu(const uint8_t *buf)
689 {
690     return (buf[0] << 24) | (buf[1] << 16) | (buf[2] << 8) | buf[3];
691 }
692 
lba_to_msf(uint8_t * buf,int lba)693 static void lba_to_msf(uint8_t *buf, int lba)
694 {
695     lba += 150;
696     buf[0] = (lba / 75) / 60;
697     buf[1] = (lba / 75) % 60;
698     buf[2] = lba % 75;
699 }
700 
cd_data_to_raw(uint8_t * buf,int lba)701 static void cd_data_to_raw(uint8_t *buf, int lba)
702 {
703     /* sync bytes */
704     buf[0] = 0x00;
705     memset(buf + 1, 0xff, 10);
706     buf[11] = 0x00;
707     buf += 12;
708     /* MSF */
709     lba_to_msf(buf, lba);
710     buf[3] = 0x01; /* mode 1 data */
711     buf += 4;
712     /* data */
713     buf += 2048;
714     /* XXX: ECC not computed */
715     memset(buf, 0, 288);
716 }
717 
cd_read_sector(BlockDriverState * bs,int lba,uint8_t * buf,int sector_size)718 static int cd_read_sector(BlockDriverState *bs, int lba, uint8_t *buf,
719                            int sector_size)
720 {
721     int ret;
722 
723     switch(sector_size) {
724     case 2048:
725         ret = bdrv_read(bs, (int64_t)lba << 2, buf, 4);
726         break;
727     case 2352:
728         ret = bdrv_read(bs, (int64_t)lba << 2, buf + 16, 4);
729         if (ret < 0)
730             return ret;
731         cd_data_to_raw(buf, lba);
732         break;
733     default:
734         ret = -EIO;
735         break;
736     }
737     return ret;
738 }
739 
ide_atapi_io_error(IDEState * s,int ret)740 void ide_atapi_io_error(IDEState *s, int ret)
741 {
742     /* XXX: handle more errors */
743     if (ret == -ENOMEDIUM) {
744         ide_atapi_cmd_error(s, SENSE_NOT_READY,
745                             ASC_MEDIUM_NOT_PRESENT);
746     } else {
747         ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
748                             ASC_LOGICAL_BLOCK_OOR);
749     }
750 }
751 
752 /* The whole ATAPI transfer logic is handled in this function */
ide_atapi_cmd_reply_end(IDEState * s)753 static void ide_atapi_cmd_reply_end(IDEState *s)
754 {
755     int byte_count_limit, size, ret;
756 #ifdef DEBUG_IDE_ATAPI
757     printf("reply: tx_size=%d elem_tx_size=%d index=%d\n",
758            s->packet_transfer_size,
759            s->elementary_transfer_size,
760            s->io_buffer_index);
761 #endif
762     if (s->packet_transfer_size <= 0) {
763         /* end of transfer */
764         ide_transfer_stop(s);
765         s->status = READY_STAT | SEEK_STAT;
766         s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
767         ide_set_irq(s->bus);
768 #ifdef DEBUG_IDE_ATAPI
769         printf("status=0x%x\n", s->status);
770 #endif
771     } else {
772         /* see if a new sector must be read */
773         if (s->lba != -1 && s->io_buffer_index >= s->cd_sector_size) {
774             ret = cd_read_sector(s->bs, s->lba, s->io_buffer, s->cd_sector_size);
775             if (ret < 0) {
776                 ide_transfer_stop(s);
777                 ide_atapi_io_error(s, ret);
778                 return;
779             }
780             s->lba++;
781             s->io_buffer_index = 0;
782         }
783         if (s->elementary_transfer_size > 0) {
784             /* there are some data left to transmit in this elementary
785                transfer */
786             size = s->cd_sector_size - s->io_buffer_index;
787             if (size > s->elementary_transfer_size)
788                 size = s->elementary_transfer_size;
789             s->packet_transfer_size -= size;
790             s->elementary_transfer_size -= size;
791             s->io_buffer_index += size;
792             ide_transfer_start(s, s->io_buffer + s->io_buffer_index - size,
793                                size, ide_atapi_cmd_reply_end);
794         } else {
795             /* a new transfer is needed */
796             s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO;
797             byte_count_limit = s->lcyl | (s->hcyl << 8);
798 #ifdef DEBUG_IDE_ATAPI
799             printf("byte_count_limit=%d\n", byte_count_limit);
800 #endif
801             if (byte_count_limit == 0xffff)
802                 byte_count_limit--;
803             size = s->packet_transfer_size;
804             if (size > byte_count_limit) {
805                 /* byte count limit must be even if this case */
806                 if (byte_count_limit & 1)
807                     byte_count_limit--;
808                 size = byte_count_limit;
809             }
810             s->lcyl = size;
811             s->hcyl = size >> 8;
812             s->elementary_transfer_size = size;
813             /* we cannot transmit more than one sector at a time */
814             if (s->lba != -1) {
815                 if (size > (s->cd_sector_size - s->io_buffer_index))
816                     size = (s->cd_sector_size - s->io_buffer_index);
817             }
818             s->packet_transfer_size -= size;
819             s->elementary_transfer_size -= size;
820             s->io_buffer_index += size;
821             ide_transfer_start(s, s->io_buffer + s->io_buffer_index - size,
822                                size, ide_atapi_cmd_reply_end);
823             ide_set_irq(s->bus);
824 #ifdef DEBUG_IDE_ATAPI
825             printf("status=0x%x\n", s->status);
826 #endif
827         }
828     }
829 }
830 
831 /* send a reply of 'size' bytes in s->io_buffer to an ATAPI command */
ide_atapi_cmd_reply(IDEState * s,int size,int max_size)832 static void ide_atapi_cmd_reply(IDEState *s, int size, int max_size)
833 {
834     if (size > max_size)
835         size = max_size;
836     s->lba = -1; /* no sector read */
837     s->packet_transfer_size = size;
838     s->io_buffer_size = size;    /* dma: send the reply data as one chunk */
839     s->elementary_transfer_size = 0;
840     s->io_buffer_index = 0;
841 
842     if (s->atapi_dma) {
843     	s->status = READY_STAT | SEEK_STAT | DRQ_STAT;
844         s->bus->dma->ops->start_dma(s->bus->dma, s,
845                                    ide_atapi_cmd_read_dma_cb);
846     } else {
847     	s->status = READY_STAT | SEEK_STAT;
848     	ide_atapi_cmd_reply_end(s);
849     }
850 }
851 
852 /* start a CD-CDROM read command */
ide_atapi_cmd_read_pio(IDEState * s,int lba,int nb_sectors,int sector_size)853 static void ide_atapi_cmd_read_pio(IDEState *s, int lba, int nb_sectors,
854                                    int sector_size)
855 {
856     s->lba = lba;
857     s->packet_transfer_size = nb_sectors * sector_size;
858     s->elementary_transfer_size = 0;
859     s->io_buffer_index = sector_size;
860     s->cd_sector_size = sector_size;
861 
862     s->status = READY_STAT | SEEK_STAT;
863     ide_atapi_cmd_reply_end(s);
864 }
865 
866 /* ATAPI DMA support */
867 
868 /* XXX: handle read errors */
ide_atapi_cmd_read_dma_cb(void * opaque,int ret)869 static void ide_atapi_cmd_read_dma_cb(void *opaque, int ret)
870 {
871     IDEState *s = opaque;
872     int data_offset, n;
873 
874     if (ret < 0) {
875         ide_atapi_io_error(s, ret);
876         goto eot;
877     }
878 
879     if (s->io_buffer_size > 0) {
880 	/*
881 	 * For a cdrom read sector command (s->lba != -1),
882 	 * adjust the lba for the next s->io_buffer_size chunk
883 	 * and dma the current chunk.
884 	 * For a command != read (s->lba == -1), just transfer
885 	 * the reply data.
886 	 */
887 	if (s->lba != -1) {
888 	    if (s->cd_sector_size == 2352) {
889 		n = 1;
890 		cd_data_to_raw(s->io_buffer, s->lba);
891 	    } else {
892 		n = s->io_buffer_size >> 11;
893 	    }
894 	    s->lba += n;
895 	}
896         s->packet_transfer_size -= s->io_buffer_size;
897         if (s->bus->dma->ops->rw_buf(s->bus->dma, 1) == 0)
898             goto eot;
899     }
900 
901     if (s->packet_transfer_size <= 0) {
902         s->status = READY_STAT | SEEK_STAT;
903         s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
904         ide_set_irq(s->bus);
905     eot:
906         s->bus->dma->ops->add_status(s->bus->dma, BM_STATUS_INT);
907         ide_set_inactive(s);
908         return;
909     }
910 
911     s->io_buffer_index = 0;
912     if (s->cd_sector_size == 2352) {
913         n = 1;
914         s->io_buffer_size = s->cd_sector_size;
915         data_offset = 16;
916     } else {
917         n = s->packet_transfer_size >> 11;
918         if (n > (IDE_DMA_BUF_SECTORS / 4))
919             n = (IDE_DMA_BUF_SECTORS / 4);
920         s->io_buffer_size = n * 2048;
921         data_offset = 0;
922     }
923 #ifdef DEBUG_AIO
924     printf("aio_read_cd: lba=%u n=%d\n", s->lba, n);
925 #endif
926     s->bus->dma->iov.iov_base = (void *)(s->io_buffer + data_offset);
927     s->bus->dma->iov.iov_len = n * 4 * 512;
928     qemu_iovec_init_external(&s->bus->dma->qiov, &s->bus->dma->iov, 1);
929     s->bus->dma->aiocb = bdrv_aio_readv(s->bs, (int64_t)s->lba << 2,
930                                        &s->bus->dma->qiov, n * 4,
931                                        ide_atapi_cmd_read_dma_cb, s);
932     if (!s->bus->dma->aiocb) {
933         /* Note: media not present is the most likely case */
934         ide_atapi_cmd_error(s, SENSE_NOT_READY,
935                             ASC_MEDIUM_NOT_PRESENT);
936         goto eot;
937     }
938 }
939 
940 /* start a CD-CDROM read command with DMA */
941 /* XXX: test if DMA is available */
ide_atapi_cmd_read_dma(IDEState * s,int lba,int nb_sectors,int sector_size)942 static void ide_atapi_cmd_read_dma(IDEState *s, int lba, int nb_sectors,
943                                    int sector_size)
944 {
945     s->lba = lba;
946     s->packet_transfer_size = nb_sectors * sector_size;
947     s->io_buffer_index = 0;
948     s->io_buffer_size = 0;
949     s->cd_sector_size = sector_size;
950 
951     /* XXX: check if BUSY_STAT should be set */
952     s->status = READY_STAT | SEEK_STAT | DRQ_STAT | BUSY_STAT;
953     s->bus->dma->ops->start_dma(s->bus->dma, s,
954                                ide_atapi_cmd_read_dma_cb);
955 }
956 
ide_atapi_cmd_read(IDEState * s,int lba,int nb_sectors,int sector_size)957 static void ide_atapi_cmd_read(IDEState *s, int lba, int nb_sectors,
958                                int sector_size)
959 {
960 #ifdef DEBUG_IDE_ATAPI
961     printf("read %s: LBA=%d nb_sectors=%d\n", s->atapi_dma ? "dma" : "pio",
962 	lba, nb_sectors);
963 #endif
964     if (s->atapi_dma) {
965         ide_atapi_cmd_read_dma(s, lba, nb_sectors, sector_size);
966     } else {
967         ide_atapi_cmd_read_pio(s, lba, nb_sectors, sector_size);
968     }
969 }
970 
ide_atapi_set_profile(uint8_t * buf,uint8_t * index,uint16_t profile)971 static inline uint8_t ide_atapi_set_profile(uint8_t *buf, uint8_t *index,
972                                             uint16_t profile)
973 {
974     uint8_t *buf_profile = buf + 12; /* start of profiles */
975 
976     buf_profile += ((*index) * 4); /* start of indexed profile */
977     cpu_to_ube16 (buf_profile, profile);
978     buf_profile[2] = ((buf_profile[0] == buf[6]) && (buf_profile[1] == buf[7]));
979 
980     /* each profile adds 4 bytes to the response */
981     (*index)++;
982     buf[11] += 4; /* Additional Length */
983 
984     return 4;
985 }
986 
ide_dvd_read_structure(IDEState * s,int format,const uint8_t * packet,uint8_t * buf)987 static int ide_dvd_read_structure(IDEState *s, int format,
988                                   const uint8_t *packet, uint8_t *buf)
989 {
990     switch (format) {
991         case 0x0: /* Physical format information */
992             {
993                 int layer = packet[6];
994                 uint64_t total_sectors;
995 
996                 if (layer != 0)
997                     return -ASC_INV_FIELD_IN_CMD_PACKET;
998 
999                 bdrv_get_geometry(s->bs, &total_sectors);
1000                 total_sectors >>= 2;
1001                 if (total_sectors == 0)
1002                     return -ASC_MEDIUM_NOT_PRESENT;
1003 
1004                 buf[4] = 1;   /* DVD-ROM, part version 1 */
1005                 buf[5] = 0xf; /* 120mm disc, minimum rate unspecified */
1006                 buf[6] = 1;   /* one layer, read-only (per MMC-2 spec) */
1007                 buf[7] = 0;   /* default densities */
1008 
1009                 /* FIXME: 0x30000 per spec? */
1010                 cpu_to_ube32(buf + 8, 0); /* start sector */
1011                 cpu_to_ube32(buf + 12, total_sectors - 1); /* end sector */
1012                 cpu_to_ube32(buf + 16, total_sectors - 1); /* l0 end sector */
1013 
1014                 /* Size of buffer, not including 2 byte size field */
1015                 cpu_to_be16wu((uint16_t *)buf, 2048 + 2);
1016 
1017                 /* 2k data + 4 byte header */
1018                 return (2048 + 4);
1019             }
1020 
1021         case 0x01: /* DVD copyright information */
1022             buf[4] = 0; /* no copyright data */
1023             buf[5] = 0; /* no region restrictions */
1024 
1025             /* Size of buffer, not including 2 byte size field */
1026             cpu_to_be16wu((uint16_t *)buf, 4 + 2);
1027 
1028             /* 4 byte header + 4 byte data */
1029             return (4 + 4);
1030 
1031         case 0x03: /* BCA information - invalid field for no BCA info */
1032             return -ASC_INV_FIELD_IN_CMD_PACKET;
1033 
1034         case 0x04: /* DVD disc manufacturing information */
1035             /* Size of buffer, not including 2 byte size field */
1036             cpu_to_be16wu((uint16_t *)buf, 2048 + 2);
1037 
1038             /* 2k data + 4 byte header */
1039             return (2048 + 4);
1040 
1041         case 0xff:
1042             /*
1043              * This lists all the command capabilities above.  Add new ones
1044              * in order and update the length and buffer return values.
1045              */
1046 
1047             buf[4] = 0x00; /* Physical format */
1048             buf[5] = 0x40; /* Not writable, is readable */
1049             cpu_to_be16wu((uint16_t *)(buf + 6), 2048 + 4);
1050 
1051             buf[8] = 0x01; /* Copyright info */
1052             buf[9] = 0x40; /* Not writable, is readable */
1053             cpu_to_be16wu((uint16_t *)(buf + 10), 4 + 4);
1054 
1055             buf[12] = 0x03; /* BCA info */
1056             buf[13] = 0x40; /* Not writable, is readable */
1057             cpu_to_be16wu((uint16_t *)(buf + 14), 188 + 4);
1058 
1059             buf[16] = 0x04; /* Manufacturing info */
1060             buf[17] = 0x40; /* Not writable, is readable */
1061             cpu_to_be16wu((uint16_t *)(buf + 18), 2048 + 4);
1062 
1063             /* Size of buffer, not including 2 byte size field */
1064             cpu_to_be16wu((uint16_t *)buf, 16 + 2);
1065 
1066             /* data written + 4 byte header */
1067             return (16 + 4);
1068 
1069         default: /* TODO: formats beyond DVD-ROM requires */
1070             return -ASC_INV_FIELD_IN_CMD_PACKET;
1071     }
1072 }
1073 
ide_atapi_cmd(IDEState * s)1074 static void ide_atapi_cmd(IDEState *s)
1075 {
1076     const uint8_t *packet;
1077     uint8_t *buf;
1078     int max_len;
1079 
1080     packet = s->io_buffer;
1081     buf = s->io_buffer;
1082 #ifdef DEBUG_IDE_ATAPI
1083     {
1084         int i;
1085         printf("ATAPI limit=0x%x packet:", s->lcyl | (s->hcyl << 8));
1086         for(i = 0; i < ATAPI_PACKET_SIZE; i++) {
1087             printf(" %02x", packet[i]);
1088         }
1089         printf("\n");
1090     }
1091 #endif
1092     /* If there's a UNIT_ATTENTION condition pending, only
1093        REQUEST_SENSE and INQUIRY commands are allowed to complete. */
1094     if (s->sense_key == SENSE_UNIT_ATTENTION &&
1095 	s->io_buffer[0] != GPCMD_REQUEST_SENSE &&
1096 	s->io_buffer[0] != GPCMD_INQUIRY) {
1097 	ide_atapi_cmd_check_status(s);
1098 	return;
1099     }
1100     switch(s->io_buffer[0]) {
1101     case GPCMD_TEST_UNIT_READY:
1102         if (bdrv_is_inserted(s->bs) && !s->cdrom_changed) {
1103             ide_atapi_cmd_ok(s);
1104         } else {
1105             s->cdrom_changed = 0;
1106             ide_atapi_cmd_error(s, SENSE_NOT_READY,
1107                                 ASC_MEDIUM_NOT_PRESENT);
1108         }
1109         break;
1110     case GPCMD_MODE_SENSE_6:
1111     case GPCMD_MODE_SENSE_10:
1112         {
1113             int action, code;
1114             if (packet[0] == GPCMD_MODE_SENSE_10)
1115                 max_len = ube16_to_cpu(packet + 7);
1116             else
1117                 max_len = packet[4];
1118             action = packet[2] >> 6;
1119             code = packet[2] & 0x3f;
1120             switch(action) {
1121             case 0: /* current values */
1122                 switch(code) {
1123                 case GPMODE_R_W_ERROR_PAGE: /* error recovery */
1124                     cpu_to_ube16(&buf[0], 16 + 6);
1125                     buf[2] = 0x70;
1126                     buf[3] = 0;
1127                     buf[4] = 0;
1128                     buf[5] = 0;
1129                     buf[6] = 0;
1130                     buf[7] = 0;
1131 
1132                     buf[8] = 0x01;
1133                     buf[9] = 0x06;
1134                     buf[10] = 0x00;
1135                     buf[11] = 0x05;
1136                     buf[12] = 0x00;
1137                     buf[13] = 0x00;
1138                     buf[14] = 0x00;
1139                     buf[15] = 0x00;
1140                     ide_atapi_cmd_reply(s, 16, max_len);
1141                     break;
1142                 case GPMODE_AUDIO_CTL_PAGE:
1143                     cpu_to_ube16(&buf[0], 24 + 6);
1144                     buf[2] = 0x70;
1145                     buf[3] = 0;
1146                     buf[4] = 0;
1147                     buf[5] = 0;
1148                     buf[6] = 0;
1149                     buf[7] = 0;
1150 
1151                     /* Fill with CDROM audio volume */
1152                     buf[17] = 0;
1153                     buf[19] = 0;
1154                     buf[21] = 0;
1155                     buf[23] = 0;
1156 
1157                     ide_atapi_cmd_reply(s, 24, max_len);
1158                     break;
1159                 case GPMODE_CAPABILITIES_PAGE:
1160                     cpu_to_ube16(&buf[0], 28 + 6);
1161                     buf[2] = 0x70;
1162                     buf[3] = 0;
1163                     buf[4] = 0;
1164                     buf[5] = 0;
1165                     buf[6] = 0;
1166                     buf[7] = 0;
1167 
1168                     buf[8] = 0x2a;
1169                     buf[9] = 0x12;
1170                     buf[10] = 0x00;
1171                     buf[11] = 0x00;
1172 
1173                     /* Claim PLAY_AUDIO capability (0x01) since some Linux
1174                        code checks for this to automount media. */
1175                     buf[12] = 0x71;
1176                     buf[13] = 3 << 5;
1177                     buf[14] = (1 << 0) | (1 << 3) | (1 << 5);
1178                     if (bdrv_is_locked(s->bs))
1179                         buf[6] |= 1 << 1;
1180                     buf[15] = 0x00;
1181                     cpu_to_ube16(&buf[16], 706);
1182                     buf[18] = 0;
1183                     buf[19] = 2;
1184                     cpu_to_ube16(&buf[20], 512);
1185                     cpu_to_ube16(&buf[22], 706);
1186                     buf[24] = 0;
1187                     buf[25] = 0;
1188                     buf[26] = 0;
1189                     buf[27] = 0;
1190                     ide_atapi_cmd_reply(s, 28, max_len);
1191                     break;
1192                 default:
1193                     goto error_cmd;
1194                 }
1195                 break;
1196             case 1: /* changeable values */
1197                 goto error_cmd;
1198             case 2: /* default values */
1199                 goto error_cmd;
1200             default:
1201             case 3: /* saved values */
1202                 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1203                                     ASC_SAVING_PARAMETERS_NOT_SUPPORTED);
1204                 break;
1205             }
1206         }
1207         break;
1208     case GPCMD_REQUEST_SENSE:
1209         max_len = packet[4];
1210         memset(buf, 0, 18);
1211         buf[0] = 0x70 | (1 << 7);
1212         buf[2] = s->sense_key;
1213         buf[7] = 10;
1214         buf[12] = s->asc;
1215         if (s->sense_key == SENSE_UNIT_ATTENTION)
1216             s->sense_key = SENSE_NONE;
1217         ide_atapi_cmd_reply(s, 18, max_len);
1218         break;
1219     case GPCMD_PREVENT_ALLOW_MEDIUM_REMOVAL:
1220         if (bdrv_is_inserted(s->bs)) {
1221             bdrv_set_locked(s->bs, packet[4] & 1);
1222             ide_atapi_cmd_ok(s);
1223         } else {
1224             ide_atapi_cmd_error(s, SENSE_NOT_READY,
1225                                 ASC_MEDIUM_NOT_PRESENT);
1226         }
1227         break;
1228     case GPCMD_READ_10:
1229     case GPCMD_READ_12:
1230         {
1231             int nb_sectors, lba;
1232 
1233             if (packet[0] == GPCMD_READ_10)
1234                 nb_sectors = ube16_to_cpu(packet + 7);
1235             else
1236                 nb_sectors = ube32_to_cpu(packet + 6);
1237             lba = ube32_to_cpu(packet + 2);
1238             if (nb_sectors == 0) {
1239                 ide_atapi_cmd_ok(s);
1240                 break;
1241             }
1242             ide_atapi_cmd_read(s, lba, nb_sectors, 2048);
1243         }
1244         break;
1245     case GPCMD_READ_CD:
1246         {
1247             int nb_sectors, lba, transfer_request;
1248 
1249             nb_sectors = (packet[6] << 16) | (packet[7] << 8) | packet[8];
1250             lba = ube32_to_cpu(packet + 2);
1251             if (nb_sectors == 0) {
1252                 ide_atapi_cmd_ok(s);
1253                 break;
1254             }
1255             transfer_request = packet[9];
1256             switch(transfer_request & 0xf8) {
1257             case 0x00:
1258                 /* nothing */
1259                 ide_atapi_cmd_ok(s);
1260                 break;
1261             case 0x10:
1262                 /* normal read */
1263                 ide_atapi_cmd_read(s, lba, nb_sectors, 2048);
1264                 break;
1265             case 0xf8:
1266                 /* read all data */
1267                 ide_atapi_cmd_read(s, lba, nb_sectors, 2352);
1268                 break;
1269             default:
1270                 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1271                                     ASC_INV_FIELD_IN_CMD_PACKET);
1272                 break;
1273             }
1274         }
1275         break;
1276     case GPCMD_SEEK:
1277         {
1278             unsigned int lba;
1279             uint64_t total_sectors;
1280 
1281             bdrv_get_geometry(s->bs, &total_sectors);
1282             total_sectors >>= 2;
1283             if (total_sectors == 0) {
1284                 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1285                                     ASC_MEDIUM_NOT_PRESENT);
1286                 break;
1287             }
1288             lba = ube32_to_cpu(packet + 2);
1289             if (lba >= total_sectors) {
1290                 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1291                                     ASC_LOGICAL_BLOCK_OOR);
1292                 break;
1293             }
1294             ide_atapi_cmd_ok(s);
1295         }
1296         break;
1297     case GPCMD_START_STOP_UNIT:
1298         {
1299             int start, eject, err = 0;
1300             start = packet[4] & 1;
1301             eject = (packet[4] >> 1) & 1;
1302 
1303             if (eject) {
1304                 err = bdrv_eject(s->bs, !start);
1305             }
1306 
1307             switch (err) {
1308             case 0:
1309                 ide_atapi_cmd_ok(s);
1310                 break;
1311             case -EBUSY:
1312                 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1313                                     ASC_MEDIA_REMOVAL_PREVENTED);
1314                 break;
1315             default:
1316                 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1317                                     ASC_MEDIUM_NOT_PRESENT);
1318                 break;
1319             }
1320         }
1321         break;
1322     case GPCMD_MECHANISM_STATUS:
1323         {
1324             max_len = ube16_to_cpu(packet + 8);
1325             cpu_to_ube16(buf, 0);
1326             /* no current LBA */
1327             buf[2] = 0;
1328             buf[3] = 0;
1329             buf[4] = 0;
1330             buf[5] = 1;
1331             cpu_to_ube16(buf + 6, 0);
1332             ide_atapi_cmd_reply(s, 8, max_len);
1333         }
1334         break;
1335     case GPCMD_READ_TOC_PMA_ATIP:
1336         {
1337             int format, msf, start_track, len;
1338             uint64_t total_sectors;
1339 
1340             bdrv_get_geometry(s->bs, &total_sectors);
1341             total_sectors >>= 2;
1342             if (total_sectors == 0) {
1343                 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1344                                     ASC_MEDIUM_NOT_PRESENT);
1345                 break;
1346             }
1347             max_len = ube16_to_cpu(packet + 7);
1348             format = packet[9] >> 6;
1349             msf = (packet[1] >> 1) & 1;
1350             start_track = packet[6];
1351             switch(format) {
1352             case 0:
1353                 len = cdrom_read_toc(total_sectors, buf, msf, start_track);
1354                 if (len < 0)
1355                     goto error_cmd;
1356                 ide_atapi_cmd_reply(s, len, max_len);
1357                 break;
1358             case 1:
1359                 /* multi session : only a single session defined */
1360                 memset(buf, 0, 12);
1361                 buf[1] = 0x0a;
1362                 buf[2] = 0x01;
1363                 buf[3] = 0x01;
1364                 ide_atapi_cmd_reply(s, 12, max_len);
1365                 break;
1366             case 2:
1367                 len = cdrom_read_toc_raw(total_sectors, buf, msf, start_track);
1368                 if (len < 0)
1369                     goto error_cmd;
1370                 ide_atapi_cmd_reply(s, len, max_len);
1371                 break;
1372             default:
1373             error_cmd:
1374                 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1375                                     ASC_INV_FIELD_IN_CMD_PACKET);
1376                 break;
1377             }
1378         }
1379         break;
1380     case GPCMD_READ_CDVD_CAPACITY:
1381         {
1382             uint64_t total_sectors;
1383 
1384             bdrv_get_geometry(s->bs, &total_sectors);
1385             total_sectors >>= 2;
1386             if (total_sectors == 0) {
1387                 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1388                                     ASC_MEDIUM_NOT_PRESENT);
1389                 break;
1390             }
1391             /* NOTE: it is really the number of sectors minus 1 */
1392             cpu_to_ube32(buf, total_sectors - 1);
1393             cpu_to_ube32(buf + 4, 2048);
1394             ide_atapi_cmd_reply(s, 8, 8);
1395         }
1396         break;
1397     case GPCMD_READ_DVD_STRUCTURE:
1398         {
1399             int media = packet[1];
1400             int format = packet[7];
1401             int ret;
1402 
1403             max_len = ube16_to_cpu(packet + 8);
1404 
1405             if (format < 0xff) {
1406                 if (media_is_cd(s)) {
1407                     ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1408                                         ASC_INCOMPATIBLE_FORMAT);
1409                     break;
1410                 } else if (!media_present(s)) {
1411                     ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1412                                         ASC_INV_FIELD_IN_CMD_PACKET);
1413                     break;
1414                 }
1415             }
1416 
1417             memset(buf, 0, max_len > IDE_DMA_BUF_SECTORS * 512 + 4 ?
1418                    IDE_DMA_BUF_SECTORS * 512 + 4 : max_len);
1419 
1420             switch (format) {
1421                 case 0x00 ... 0x7f:
1422                 case 0xff:
1423                     if (media == 0) {
1424                         ret = ide_dvd_read_structure(s, format, packet, buf);
1425 
1426                         if (ret < 0)
1427                             ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST, -ret);
1428                         else
1429                             ide_atapi_cmd_reply(s, ret, max_len);
1430 
1431                         break;
1432                     }
1433                     /* TODO: BD support, fall through for now */
1434 
1435                 /* Generic disk structures */
1436                 case 0x80: /* TODO: AACS volume identifier */
1437                 case 0x81: /* TODO: AACS media serial number */
1438                 case 0x82: /* TODO: AACS media identifier */
1439                 case 0x83: /* TODO: AACS media key block */
1440                 case 0x90: /* TODO: List of recognized format layers */
1441                 case 0xc0: /* TODO: Write protection status */
1442                 default:
1443                     ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1444                                         ASC_INV_FIELD_IN_CMD_PACKET);
1445                     break;
1446             }
1447         }
1448         break;
1449     case GPCMD_SET_SPEED:
1450         ide_atapi_cmd_ok(s);
1451         break;
1452     case GPCMD_INQUIRY:
1453         max_len = packet[4];
1454         buf[0] = 0x05; /* CD-ROM */
1455         buf[1] = 0x80; /* removable */
1456         buf[2] = 0x00; /* ISO */
1457         buf[3] = 0x21; /* ATAPI-2 (XXX: put ATAPI-4 ?) */
1458         buf[4] = 31; /* additional length */
1459         buf[5] = 0; /* reserved */
1460         buf[6] = 0; /* reserved */
1461         buf[7] = 0; /* reserved */
1462         padstr8(buf + 8, 8, "QEMU");
1463         padstr8(buf + 16, 16, "QEMU DVD-ROM");
1464         padstr8(buf + 32, 4, s->version);
1465         ide_atapi_cmd_reply(s, 36, max_len);
1466         break;
1467     case GPCMD_GET_CONFIGURATION:
1468         {
1469             uint32_t len;
1470             uint8_t index = 0;
1471 
1472             /* only feature 0 is supported */
1473             if (packet[2] != 0 || packet[3] != 0) {
1474                 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1475                                     ASC_INV_FIELD_IN_CMD_PACKET);
1476                 break;
1477             }
1478 
1479             /* XXX: could result in alignment problems in some architectures */
1480             max_len = ube16_to_cpu(packet + 7);
1481 
1482             /*
1483              * XXX: avoid overflow for io_buffer if max_len is bigger than
1484              *      the size of that buffer (dimensioned to max number of
1485              *      sectors to transfer at once)
1486              *
1487              *      Only a problem if the feature/profiles grow.
1488              */
1489             if (max_len > 512) /* XXX: assume 1 sector */
1490                 max_len = 512;
1491 
1492             memset(buf, 0, max_len);
1493             /*
1494              * the number of sectors from the media tells us which profile
1495              * to use as current.  0 means there is no media
1496              */
1497             if (media_is_dvd(s))
1498                 cpu_to_ube16(buf + 6, MMC_PROFILE_DVD_ROM);
1499             else if (media_is_cd(s))
1500                 cpu_to_ube16(buf + 6, MMC_PROFILE_CD_ROM);
1501 
1502             buf[10] = 0x02 | 0x01; /* persistent and current */
1503             len = 12; /* headers: 8 + 4 */
1504             len += ide_atapi_set_profile(buf, &index, MMC_PROFILE_DVD_ROM);
1505             len += ide_atapi_set_profile(buf, &index, MMC_PROFILE_CD_ROM);
1506             cpu_to_ube32(buf, len - 4); /* data length */
1507 
1508             ide_atapi_cmd_reply(s, len, max_len);
1509             break;
1510         }
1511     case GPCMD_GET_EVENT_STATUS_NOTIFICATION:
1512         max_len = ube16_to_cpu(packet + 7);
1513 
1514         if (packet[1] & 0x01) { /* polling */
1515             /* We don't support any event class (yet). */
1516             cpu_to_ube16(buf, 0x00); /* No event descriptor returned */
1517             buf[2] = 0x80;           /* No Event Available (NEA) */
1518             buf[3] = 0x00;           /* Empty supported event classes */
1519             ide_atapi_cmd_reply(s, 4, max_len);
1520         } else { /* asynchronous mode */
1521             /* Only polling is supported, asynchronous mode is not. */
1522             ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1523                                 ASC_INV_FIELD_IN_CMD_PACKET);
1524         }
1525         break;
1526     default:
1527         ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1528                             ASC_ILLEGAL_OPCODE);
1529         break;
1530     }
1531 }
1532 
ide_cfata_metadata_inquiry(IDEState * s)1533 static void ide_cfata_metadata_inquiry(IDEState *s)
1534 {
1535     uint16_t *p;
1536     uint32_t spd;
1537 
1538     p = (uint16_t *) s->io_buffer;
1539     memset(p, 0, 0x200);
1540     spd = ((s->mdata_size - 1) >> 9) + 1;
1541 
1542     put_le16(p + 0, 0x0001);			/* Data format revision */
1543     put_le16(p + 1, 0x0000);			/* Media property: silicon */
1544     put_le16(p + 2, s->media_changed);		/* Media status */
1545     put_le16(p + 3, s->mdata_size & 0xffff);	/* Capacity in bytes (low) */
1546     put_le16(p + 4, s->mdata_size >> 16);	/* Capacity in bytes (high) */
1547     put_le16(p + 5, spd & 0xffff);		/* Sectors per device (low) */
1548     put_le16(p + 6, spd >> 16);			/* Sectors per device (high) */
1549 }
1550 
ide_cfata_metadata_read(IDEState * s)1551 static void ide_cfata_metadata_read(IDEState *s)
1552 {
1553     uint16_t *p;
1554 
1555     if (((s->hcyl << 16) | s->lcyl) << 9 > s->mdata_size + 2) {
1556         s->status = ERR_STAT;
1557         s->error = ABRT_ERR;
1558         return;
1559     }
1560 
1561     p = (uint16_t *) s->io_buffer;
1562     memset(p, 0, 0x200);
1563 
1564     put_le16(p + 0, s->media_changed);		/* Media status */
1565     memcpy(p + 1, s->mdata_storage + (((s->hcyl << 16) | s->lcyl) << 9),
1566                     MIN(MIN(s->mdata_size - (((s->hcyl << 16) | s->lcyl) << 9),
1567                                     s->nsector << 9), 0x200 - 2));
1568 }
1569 
ide_cfata_metadata_write(IDEState * s)1570 static void ide_cfata_metadata_write(IDEState *s)
1571 {
1572     if (((s->hcyl << 16) | s->lcyl) << 9 > s->mdata_size + 2) {
1573         s->status = ERR_STAT;
1574         s->error = ABRT_ERR;
1575         return;
1576     }
1577 
1578     s->media_changed = 0;
1579 
1580     memcpy(s->mdata_storage + (((s->hcyl << 16) | s->lcyl) << 9),
1581                     s->io_buffer + 2,
1582                     MIN(MIN(s->mdata_size - (((s->hcyl << 16) | s->lcyl) << 9),
1583                                     s->nsector << 9), 0x200 - 2));
1584 }
1585 
1586 /* called when the inserted state of the media has changed */
cdrom_change_cb(void * opaque,int reason)1587 static void cdrom_change_cb(void *opaque, int reason)
1588 {
1589     IDEState *s = opaque;
1590     uint64_t nb_sectors;
1591 
1592     if (!(reason & CHANGE_MEDIA)) {
1593         return;
1594     }
1595 
1596     bdrv_get_geometry(s->bs, &nb_sectors);
1597     s->nb_sectors = nb_sectors;
1598 
1599     s->sense_key = SENSE_UNIT_ATTENTION;
1600     s->asc = ASC_MEDIUM_MAY_HAVE_CHANGED;
1601     s->cdrom_changed = 1;
1602     ide_set_irq(s->bus);
1603 }
1604 
ide_cmd_lba48_transform(IDEState * s,int lba48)1605 static void ide_cmd_lba48_transform(IDEState *s, int lba48)
1606 {
1607     s->lba48 = lba48;
1608 
1609     /* handle the 'magic' 0 nsector count conversion here. to avoid
1610      * fiddling with the rest of the read logic, we just store the
1611      * full sector count in ->nsector and ignore ->hob_nsector from now
1612      */
1613     if (!s->lba48) {
1614 	if (!s->nsector)
1615 	    s->nsector = 256;
1616     } else {
1617 	if (!s->nsector && !s->hob_nsector)
1618 	    s->nsector = 65536;
1619 	else {
1620 	    int lo = s->nsector;
1621 	    int hi = s->hob_nsector;
1622 
1623 	    s->nsector = (hi << 8) | lo;
1624 	}
1625     }
1626 }
1627 
ide_clear_hob(IDEBus * bus)1628 static void ide_clear_hob(IDEBus *bus)
1629 {
1630     /* any write clears HOB high bit of device control register */
1631     bus->ifs[0].select &= ~(1 << 7);
1632     bus->ifs[1].select &= ~(1 << 7);
1633 }
1634 
ide_ioport_write(void * opaque,uint32_t addr,uint32_t val)1635 void ide_ioport_write(void *opaque, uint32_t addr, uint32_t val)
1636 {
1637     IDEBus *bus = opaque;
1638 
1639 #ifdef DEBUG_IDE
1640     printf("IDE: write addr=0x%x val=0x%02x\n", addr, val);
1641 #endif
1642 
1643     addr &= 7;
1644 
1645     /* ignore writes to command block while busy with previous command */
1646     if (addr != 7 && (idebus_active_if(bus)->status & (BUSY_STAT|DRQ_STAT)))
1647         return;
1648 
1649     switch(addr) {
1650     case 0:
1651         break;
1652     case 1:
1653 	ide_clear_hob(bus);
1654         /* NOTE: data is written to the two drives */
1655 	bus->ifs[0].hob_feature = bus->ifs[0].feature;
1656 	bus->ifs[1].hob_feature = bus->ifs[1].feature;
1657         bus->ifs[0].feature = val;
1658         bus->ifs[1].feature = val;
1659         break;
1660     case 2:
1661 	ide_clear_hob(bus);
1662 	bus->ifs[0].hob_nsector = bus->ifs[0].nsector;
1663 	bus->ifs[1].hob_nsector = bus->ifs[1].nsector;
1664         bus->ifs[0].nsector = val;
1665         bus->ifs[1].nsector = val;
1666         break;
1667     case 3:
1668 	ide_clear_hob(bus);
1669 	bus->ifs[0].hob_sector = bus->ifs[0].sector;
1670 	bus->ifs[1].hob_sector = bus->ifs[1].sector;
1671         bus->ifs[0].sector = val;
1672         bus->ifs[1].sector = val;
1673         break;
1674     case 4:
1675 	ide_clear_hob(bus);
1676 	bus->ifs[0].hob_lcyl = bus->ifs[0].lcyl;
1677 	bus->ifs[1].hob_lcyl = bus->ifs[1].lcyl;
1678         bus->ifs[0].lcyl = val;
1679         bus->ifs[1].lcyl = val;
1680         break;
1681     case 5:
1682 	ide_clear_hob(bus);
1683 	bus->ifs[0].hob_hcyl = bus->ifs[0].hcyl;
1684 	bus->ifs[1].hob_hcyl = bus->ifs[1].hcyl;
1685         bus->ifs[0].hcyl = val;
1686         bus->ifs[1].hcyl = val;
1687         break;
1688     case 6:
1689 	/* FIXME: HOB readback uses bit 7 */
1690         bus->ifs[0].select = (val & ~0x10) | 0xa0;
1691         bus->ifs[1].select = (val | 0x10) | 0xa0;
1692         /* select drive */
1693         bus->unit = (val >> 4) & 1;
1694         break;
1695     default:
1696     case 7:
1697         /* command */
1698         ide_exec_cmd(bus, val);
1699         break;
1700     }
1701 }
1702 
1703 
ide_exec_cmd(IDEBus * bus,uint32_t val)1704 void ide_exec_cmd(IDEBus *bus, uint32_t val)
1705 {
1706     IDEState *s;
1707     int n;
1708     int lba48 = 0;
1709 
1710 #if defined(DEBUG_IDE)
1711     printf("ide: CMD=%02x\n", val);
1712 #endif
1713     s = idebus_active_if(bus);
1714     /* ignore commands to non existant slave */
1715     if (s != bus->ifs && !s->bs)
1716         return;
1717 
1718     /* Only DEVICE RESET is allowed while BSY or/and DRQ are set */
1719     if ((s->status & (BUSY_STAT|DRQ_STAT)) && val != WIN_DEVICE_RESET)
1720         return;
1721 
1722     switch(val) {
1723     case WIN_IDENTIFY:
1724         if (s->bs && s->drive_kind != IDE_CD) {
1725             if (s->drive_kind != IDE_CFATA)
1726                 ide_identify(s);
1727             else
1728                 ide_cfata_identify(s);
1729             s->status = READY_STAT | SEEK_STAT;
1730             ide_transfer_start(s, s->io_buffer, 512, ide_transfer_stop);
1731         } else {
1732             if (s->drive_kind == IDE_CD) {
1733                 ide_set_signature(s);
1734             }
1735             ide_abort_command(s);
1736         }
1737         ide_set_irq(s->bus);
1738         break;
1739     case WIN_SPECIFY:
1740     case WIN_RECAL:
1741         s->error = 0;
1742         s->status = READY_STAT | SEEK_STAT;
1743         ide_set_irq(s->bus);
1744         break;
1745     case WIN_SETMULT:
1746         if (s->drive_kind == IDE_CFATA && s->nsector == 0) {
1747             /* Disable Read and Write Multiple */
1748             s->mult_sectors = 0;
1749             s->status = READY_STAT | SEEK_STAT;
1750         } else if ((s->nsector & 0xff) != 0 &&
1751             ((s->nsector & 0xff) > MAX_MULT_SECTORS ||
1752              (s->nsector & (s->nsector - 1)) != 0)) {
1753             ide_abort_command(s);
1754         } else {
1755             s->mult_sectors = s->nsector & 0xff;
1756             s->status = READY_STAT | SEEK_STAT;
1757         }
1758         ide_set_irq(s->bus);
1759         break;
1760     case WIN_VERIFY_EXT:
1761 	lba48 = 1;
1762     case WIN_VERIFY:
1763     case WIN_VERIFY_ONCE:
1764         /* do sector number check ? */
1765 	ide_cmd_lba48_transform(s, lba48);
1766         s->status = READY_STAT | SEEK_STAT;
1767         ide_set_irq(s->bus);
1768         break;
1769 	case WIN_READ_EXT:
1770 	lba48 = 1;
1771     case WIN_READ:
1772     case WIN_READ_ONCE:
1773         if (!s->bs)
1774             goto abort_cmd;
1775 	ide_cmd_lba48_transform(s, lba48);
1776         s->req_nb_sectors = 1;
1777         ide_sector_read(s);
1778         break;
1779 	case WIN_WRITE_EXT:
1780 	lba48 = 1;
1781     case WIN_WRITE:
1782     case WIN_WRITE_ONCE:
1783     case CFA_WRITE_SECT_WO_ERASE:
1784     case WIN_WRITE_VERIFY:
1785 	ide_cmd_lba48_transform(s, lba48);
1786         s->error = 0;
1787         s->status = SEEK_STAT | READY_STAT;
1788         s->req_nb_sectors = 1;
1789         ide_transfer_start(s, s->io_buffer, 512, ide_sector_write);
1790         s->media_changed = 1;
1791         break;
1792 	case WIN_MULTREAD_EXT:
1793 	lba48 = 1;
1794     case WIN_MULTREAD:
1795         if (!s->mult_sectors)
1796             goto abort_cmd;
1797 	ide_cmd_lba48_transform(s, lba48);
1798         s->req_nb_sectors = s->mult_sectors;
1799         ide_sector_read(s);
1800         break;
1801     case WIN_MULTWRITE_EXT:
1802 	lba48 = 1;
1803     case WIN_MULTWRITE:
1804     case CFA_WRITE_MULTI_WO_ERASE:
1805         if (!s->mult_sectors)
1806             goto abort_cmd;
1807 	ide_cmd_lba48_transform(s, lba48);
1808         s->error = 0;
1809         s->status = SEEK_STAT | READY_STAT;
1810         s->req_nb_sectors = s->mult_sectors;
1811         n = s->nsector;
1812         if (n > s->req_nb_sectors)
1813             n = s->req_nb_sectors;
1814         ide_transfer_start(s, s->io_buffer, 512 * n, ide_sector_write);
1815         s->media_changed = 1;
1816         break;
1817 	case WIN_READDMA_EXT:
1818 	lba48 = 1;
1819     case WIN_READDMA:
1820     case WIN_READDMA_ONCE:
1821         if (!s->bs)
1822             goto abort_cmd;
1823 	ide_cmd_lba48_transform(s, lba48);
1824         ide_sector_start_dma(s, 1);
1825         break;
1826 	case WIN_WRITEDMA_EXT:
1827 	lba48 = 1;
1828     case WIN_WRITEDMA:
1829     case WIN_WRITEDMA_ONCE:
1830         if (!s->bs)
1831             goto abort_cmd;
1832 	ide_cmd_lba48_transform(s, lba48);
1833         ide_sector_start_dma(s, 0);
1834         s->media_changed = 1;
1835         break;
1836     case WIN_READ_NATIVE_MAX_EXT:
1837 	lba48 = 1;
1838     case WIN_READ_NATIVE_MAX:
1839 	ide_cmd_lba48_transform(s, lba48);
1840         ide_set_sector(s, s->nb_sectors - 1);
1841         s->status = READY_STAT | SEEK_STAT;
1842         ide_set_irq(s->bus);
1843         break;
1844     case WIN_CHECKPOWERMODE1:
1845     case WIN_CHECKPOWERMODE2:
1846         s->nsector = 0xff; /* device active or idle */
1847         s->status = READY_STAT | SEEK_STAT;
1848         ide_set_irq(s->bus);
1849         break;
1850     case WIN_SETFEATURES:
1851         if (!s->bs)
1852             goto abort_cmd;
1853         /* XXX: valid for CDROM ? */
1854         switch(s->feature) {
1855         case 0xcc: /* reverting to power-on defaults enable */
1856         case 0x66: /* reverting to power-on defaults disable */
1857         case 0x02: /* write cache enable */
1858         case 0x82: /* write cache disable */
1859         case 0xaa: /* read look-ahead enable */
1860         case 0x55: /* read look-ahead disable */
1861         case 0x05: /* set advanced power management mode */
1862         case 0x85: /* disable advanced power management mode */
1863         case 0x69: /* NOP */
1864         case 0x67: /* NOP */
1865         case 0x96: /* NOP */
1866         case 0x9a: /* NOP */
1867         case 0x42: /* enable Automatic Acoustic Mode */
1868         case 0xc2: /* disable Automatic Acoustic Mode */
1869             s->status = READY_STAT | SEEK_STAT;
1870             ide_set_irq(s->bus);
1871             break;
1872         case 0x03: { /* set transfer mode */
1873 		uint8_t val = s->nsector & 0x07;
1874             uint16_t *identify_data = (uint16_t *)s->identify_data;
1875 
1876 		switch (s->nsector >> 3) {
1877 		case 0x00: /* pio default */
1878 		case 0x01: /* pio mode */
1879 			put_le16(identify_data + 62,0x07);
1880 			put_le16(identify_data + 63,0x07);
1881 			put_le16(identify_data + 88,0x3f);
1882 			break;
1883                 case 0x02: /* sigle word dma mode*/
1884 			put_le16(identify_data + 62,0x07 | (1 << (val + 8)));
1885 			put_le16(identify_data + 63,0x07);
1886 			put_le16(identify_data + 88,0x3f);
1887 			break;
1888 		case 0x04: /* mdma mode */
1889 			put_le16(identify_data + 62,0x07);
1890 			put_le16(identify_data + 63,0x07 | (1 << (val + 8)));
1891 			put_le16(identify_data + 88,0x3f);
1892 			break;
1893 		case 0x08: /* udma mode */
1894 			put_le16(identify_data + 62,0x07);
1895 			put_le16(identify_data + 63,0x07);
1896 			put_le16(identify_data + 88,0x3f | (1 << (val + 8)));
1897 			break;
1898 		default:
1899 			goto abort_cmd;
1900 		}
1901             s->status = READY_STAT | SEEK_STAT;
1902             ide_set_irq(s->bus);
1903             break;
1904 	}
1905         default:
1906             goto abort_cmd;
1907         }
1908         break;
1909     case WIN_FLUSH_CACHE:
1910     case WIN_FLUSH_CACHE_EXT:
1911         ide_flush_cache(s);
1912         break;
1913     case WIN_STANDBY:
1914     case WIN_STANDBY2:
1915     case WIN_STANDBYNOW1:
1916     case WIN_STANDBYNOW2:
1917     case WIN_IDLEIMMEDIATE:
1918     case CFA_IDLEIMMEDIATE:
1919     case WIN_SETIDLE1:
1920     case WIN_SETIDLE2:
1921     case WIN_SLEEPNOW1:
1922     case WIN_SLEEPNOW2:
1923         s->status = READY_STAT;
1924         ide_set_irq(s->bus);
1925         break;
1926     case WIN_SEEK:
1927         if(s->drive_kind == IDE_CD)
1928             goto abort_cmd;
1929         /* XXX: Check that seek is within bounds */
1930         s->status = READY_STAT | SEEK_STAT;
1931         ide_set_irq(s->bus);
1932         break;
1933         /* ATAPI commands */
1934     case WIN_PIDENTIFY:
1935         if (s->drive_kind == IDE_CD) {
1936             ide_atapi_identify(s);
1937             s->status = READY_STAT | SEEK_STAT;
1938             ide_transfer_start(s, s->io_buffer, 512, ide_transfer_stop);
1939         } else {
1940             ide_abort_command(s);
1941         }
1942         ide_set_irq(s->bus);
1943         break;
1944     case WIN_DIAGNOSE:
1945         ide_set_signature(s);
1946         if (s->drive_kind == IDE_CD)
1947             s->status = 0; /* ATAPI spec (v6) section 9.10 defines packet
1948                             * devices to return a clear status register
1949                             * with READY_STAT *not* set. */
1950         else
1951             s->status = READY_STAT | SEEK_STAT;
1952         s->error = 0x01; /* Device 0 passed, Device 1 passed or not
1953                           * present.
1954                           */
1955         ide_set_irq(s->bus);
1956         break;
1957     case WIN_SRST:
1958         if (s->drive_kind != IDE_CD)
1959             goto abort_cmd;
1960         ide_set_signature(s);
1961         s->status = 0x00; /* NOTE: READY is _not_ set */
1962         s->error = 0x01;
1963         break;
1964     case WIN_PACKETCMD:
1965         if (s->drive_kind != IDE_CD)
1966             goto abort_cmd;
1967         /* overlapping commands not supported */
1968         if (s->feature & 0x02)
1969             goto abort_cmd;
1970         s->status = READY_STAT | SEEK_STAT;
1971         s->atapi_dma = s->feature & 1;
1972         s->nsector = 1;
1973         ide_transfer_start(s, s->io_buffer, ATAPI_PACKET_SIZE,
1974                            ide_atapi_cmd);
1975         break;
1976     /* CF-ATA commands */
1977     case CFA_REQ_EXT_ERROR_CODE:
1978         if (s->drive_kind != IDE_CFATA)
1979             goto abort_cmd;
1980         s->error = 0x09;    /* miscellaneous error */
1981         s->status = READY_STAT | SEEK_STAT;
1982         ide_set_irq(s->bus);
1983         break;
1984     case CFA_ERASE_SECTORS:
1985     case CFA_WEAR_LEVEL:
1986         if (s->drive_kind != IDE_CFATA)
1987             goto abort_cmd;
1988         if (val == CFA_WEAR_LEVEL)
1989             s->nsector = 0;
1990         if (val == CFA_ERASE_SECTORS)
1991             s->media_changed = 1;
1992         s->error = 0x00;
1993         s->status = READY_STAT | SEEK_STAT;
1994         ide_set_irq(s->bus);
1995         break;
1996     case CFA_TRANSLATE_SECTOR:
1997         if (s->drive_kind != IDE_CFATA)
1998             goto abort_cmd;
1999         s->error = 0x00;
2000         s->status = READY_STAT | SEEK_STAT;
2001         memset(s->io_buffer, 0, 0x200);
2002         s->io_buffer[0x00] = s->hcyl;			/* Cyl MSB */
2003         s->io_buffer[0x01] = s->lcyl;			/* Cyl LSB */
2004         s->io_buffer[0x02] = s->select;			/* Head */
2005         s->io_buffer[0x03] = s->sector;			/* Sector */
2006         s->io_buffer[0x04] = ide_get_sector(s) >> 16;	/* LBA MSB */
2007         s->io_buffer[0x05] = ide_get_sector(s) >> 8;	/* LBA */
2008         s->io_buffer[0x06] = ide_get_sector(s) >> 0;	/* LBA LSB */
2009         s->io_buffer[0x13] = 0x00;				/* Erase flag */
2010         s->io_buffer[0x18] = 0x00;				/* Hot count */
2011         s->io_buffer[0x19] = 0x00;				/* Hot count */
2012         s->io_buffer[0x1a] = 0x01;				/* Hot count */
2013         ide_transfer_start(s, s->io_buffer, 0x200, ide_transfer_stop);
2014         ide_set_irq(s->bus);
2015         break;
2016     case CFA_ACCESS_METADATA_STORAGE:
2017         if (s->drive_kind != IDE_CFATA)
2018             goto abort_cmd;
2019         switch (s->feature) {
2020         case 0x02:	/* Inquiry Metadata Storage */
2021             ide_cfata_metadata_inquiry(s);
2022             break;
2023         case 0x03:	/* Read Metadata Storage */
2024             ide_cfata_metadata_read(s);
2025             break;
2026         case 0x04:	/* Write Metadata Storage */
2027             ide_cfata_metadata_write(s);
2028             break;
2029         default:
2030             goto abort_cmd;
2031         }
2032         ide_transfer_start(s, s->io_buffer, 0x200, ide_transfer_stop);
2033         s->status = 0x00; /* NOTE: READY is _not_ set */
2034         ide_set_irq(s->bus);
2035         break;
2036     case IBM_SENSE_CONDITION:
2037         if (s->drive_kind != IDE_CFATA)
2038             goto abort_cmd;
2039         switch (s->feature) {
2040         case 0x01:  /* sense temperature in device */
2041             s->nsector = 0x50;      /* +20 C */
2042             break;
2043         default:
2044             goto abort_cmd;
2045         }
2046         s->status = READY_STAT | SEEK_STAT;
2047         ide_set_irq(s->bus);
2048         break;
2049 
2050 	case WIN_SMART:
2051 	if (s->drive_kind == IDE_CD)
2052 		goto abort_cmd;
2053 	if (s->hcyl != 0xc2 || s->lcyl != 0x4f)
2054 		goto abort_cmd;
2055 	if (!s->smart_enabled && s->feature != SMART_ENABLE)
2056 		goto abort_cmd;
2057 	switch (s->feature) {
2058 	case SMART_DISABLE:
2059 		s->smart_enabled = 0;
2060 		s->status = READY_STAT | SEEK_STAT;
2061 		ide_set_irq(s->bus);
2062 		break;
2063 	case SMART_ENABLE:
2064 		s->smart_enabled = 1;
2065 		s->status = READY_STAT | SEEK_STAT;
2066 		ide_set_irq(s->bus);
2067 		break;
2068 	case SMART_ATTR_AUTOSAVE:
2069 		switch (s->sector) {
2070 		case 0x00:
2071 		s->smart_autosave = 0;
2072 		break;
2073 		case 0xf1:
2074 		s->smart_autosave = 1;
2075 		break;
2076 		default:
2077 		goto abort_cmd;
2078 		}
2079 		s->status = READY_STAT | SEEK_STAT;
2080 		ide_set_irq(s->bus);
2081 		break;
2082 	case SMART_STATUS:
2083 		if (!s->smart_errors) {
2084 		s->hcyl = 0xc2;
2085 		s->lcyl = 0x4f;
2086 		} else {
2087 		s->hcyl = 0x2c;
2088 		s->lcyl = 0xf4;
2089 		}
2090 		s->status = READY_STAT | SEEK_STAT;
2091 		ide_set_irq(s->bus);
2092 		break;
2093 	case SMART_READ_THRESH:
2094 		memset(s->io_buffer, 0, 0x200);
2095 		s->io_buffer[0] = 0x01; /* smart struct version */
2096 		for (n=0; n<30; n++) {
2097 		if (smart_attributes[n][0] == 0)
2098 			break;
2099 		s->io_buffer[2+0+(n*12)] = smart_attributes[n][0];
2100 		s->io_buffer[2+1+(n*12)] = smart_attributes[n][4];
2101 		}
2102 		for (n=0; n<511; n++) /* checksum */
2103 		s->io_buffer[511] += s->io_buffer[n];
2104 		s->io_buffer[511] = 0x100 - s->io_buffer[511];
2105 		s->status = READY_STAT | SEEK_STAT;
2106 		ide_transfer_start(s, s->io_buffer, 0x200, ide_transfer_stop);
2107 		ide_set_irq(s->bus);
2108 		break;
2109 	case SMART_READ_DATA:
2110 		memset(s->io_buffer, 0, 0x200);
2111 		s->io_buffer[0] = 0x01; /* smart struct version */
2112 		for (n=0; n<30; n++) {
2113 		if (smart_attributes[n][0] == 0)
2114 			break;
2115 		s->io_buffer[2+0+(n*12)] = smart_attributes[n][0];
2116 		s->io_buffer[2+1+(n*12)] = smart_attributes[n][1];
2117 		s->io_buffer[2+3+(n*12)] = smart_attributes[n][2];
2118 		s->io_buffer[2+4+(n*12)] = smart_attributes[n][3];
2119 		}
2120 		s->io_buffer[362] = 0x02 | (s->smart_autosave?0x80:0x00);
2121 		if (s->smart_selftest_count == 0) {
2122 		s->io_buffer[363] = 0;
2123 		} else {
2124 		s->io_buffer[363] =
2125 			s->smart_selftest_data[3 +
2126 					   (s->smart_selftest_count - 1) *
2127 					   24];
2128 		}
2129 		s->io_buffer[364] = 0x20;
2130 		s->io_buffer[365] = 0x01;
2131 		/* offline data collection capacity: execute + self-test*/
2132 		s->io_buffer[367] = (1<<4 | 1<<3 | 1);
2133 		s->io_buffer[368] = 0x03; /* smart capability (1) */
2134 		s->io_buffer[369] = 0x00; /* smart capability (2) */
2135 		s->io_buffer[370] = 0x01; /* error logging supported */
2136 		s->io_buffer[372] = 0x02; /* minutes for poll short test */
2137 		s->io_buffer[373] = 0x36; /* minutes for poll ext test */
2138 		s->io_buffer[374] = 0x01; /* minutes for poll conveyance */
2139 
2140 		for (n=0; n<511; n++)
2141 		s->io_buffer[511] += s->io_buffer[n];
2142 		s->io_buffer[511] = 0x100 - s->io_buffer[511];
2143 		s->status = READY_STAT | SEEK_STAT;
2144 		ide_transfer_start(s, s->io_buffer, 0x200, ide_transfer_stop);
2145 		ide_set_irq(s->bus);
2146 		break;
2147 	case SMART_READ_LOG:
2148 		switch (s->sector) {
2149 		case 0x01: /* summary smart error log */
2150 		memset(s->io_buffer, 0, 0x200);
2151 		s->io_buffer[0] = 0x01;
2152 		s->io_buffer[1] = 0x00; /* no error entries */
2153 		s->io_buffer[452] = s->smart_errors & 0xff;
2154 		s->io_buffer[453] = (s->smart_errors & 0xff00) >> 8;
2155 
2156 		for (n=0; n<511; n++)
2157 			s->io_buffer[511] += s->io_buffer[n];
2158 		s->io_buffer[511] = 0x100 - s->io_buffer[511];
2159 		break;
2160 		case 0x06: /* smart self test log */
2161 		memset(s->io_buffer, 0, 0x200);
2162 		s->io_buffer[0] = 0x01;
2163 		if (s->smart_selftest_count == 0) {
2164 			s->io_buffer[508] = 0;
2165 		} else {
2166 			s->io_buffer[508] = s->smart_selftest_count;
2167 			for (n=2; n<506; n++)
2168 			s->io_buffer[n] = s->smart_selftest_data[n];
2169 		}
2170 		for (n=0; n<511; n++)
2171 			s->io_buffer[511] += s->io_buffer[n];
2172 		s->io_buffer[511] = 0x100 - s->io_buffer[511];
2173 		break;
2174 		default:
2175 		goto abort_cmd;
2176 		}
2177 		s->status = READY_STAT | SEEK_STAT;
2178 		ide_transfer_start(s, s->io_buffer, 0x200, ide_transfer_stop);
2179 		ide_set_irq(s->bus);
2180 		break;
2181 	case SMART_EXECUTE_OFFLINE:
2182 		switch (s->sector) {
2183 		case 0: /* off-line routine */
2184 		case 1: /* short self test */
2185 		case 2: /* extended self test */
2186 		s->smart_selftest_count++;
2187 		if(s->smart_selftest_count > 21)
2188 			s->smart_selftest_count = 0;
2189 		n = 2 + (s->smart_selftest_count - 1) * 24;
2190 		s->smart_selftest_data[n] = s->sector;
2191 		s->smart_selftest_data[n+1] = 0x00; /* OK and finished */
2192 		s->smart_selftest_data[n+2] = 0x34; /* hour count lsb */
2193 		s->smart_selftest_data[n+3] = 0x12; /* hour count msb */
2194 		s->status = READY_STAT | SEEK_STAT;
2195 		ide_set_irq(s->bus);
2196 		break;
2197 		default:
2198 		goto abort_cmd;
2199 		}
2200 		break;
2201 	default:
2202 		goto abort_cmd;
2203 	}
2204 	break;
2205     default:
2206     abort_cmd:
2207         ide_abort_command(s);
2208         ide_set_irq(s->bus);
2209         break;
2210     }
2211 }
2212 
ide_ioport_read(void * opaque,uint32_t addr1)2213 uint32_t ide_ioport_read(void *opaque, uint32_t addr1)
2214 {
2215     IDEBus *bus = opaque;
2216     IDEState *s = idebus_active_if(bus);
2217     uint32_t addr;
2218     int ret, hob;
2219 
2220     addr = addr1 & 7;
2221     /* FIXME: HOB readback uses bit 7, but it's always set right now */
2222     //hob = s->select & (1 << 7);
2223     hob = 0;
2224     switch(addr) {
2225     case 0:
2226         ret = 0xff;
2227         break;
2228     case 1:
2229         if ((!bus->ifs[0].bs && !bus->ifs[1].bs) ||
2230             (s != bus->ifs && !s->bs))
2231             ret = 0;
2232         else if (!hob)
2233             ret = s->error;
2234 	else
2235 	    ret = s->hob_feature;
2236         break;
2237     case 2:
2238         if (!bus->ifs[0].bs && !bus->ifs[1].bs)
2239             ret = 0;
2240         else if (!hob)
2241             ret = s->nsector & 0xff;
2242 	else
2243 	    ret = s->hob_nsector;
2244         break;
2245     case 3:
2246         if (!bus->ifs[0].bs && !bus->ifs[1].bs)
2247             ret = 0;
2248         else if (!hob)
2249             ret = s->sector;
2250 	else
2251 	    ret = s->hob_sector;
2252         break;
2253     case 4:
2254         if (!bus->ifs[0].bs && !bus->ifs[1].bs)
2255             ret = 0;
2256         else if (!hob)
2257             ret = s->lcyl;
2258 	else
2259 	    ret = s->hob_lcyl;
2260         break;
2261     case 5:
2262         if (!bus->ifs[0].bs && !bus->ifs[1].bs)
2263             ret = 0;
2264         else if (!hob)
2265             ret = s->hcyl;
2266 	else
2267 	    ret = s->hob_hcyl;
2268         break;
2269     case 6:
2270         if (!bus->ifs[0].bs && !bus->ifs[1].bs)
2271             ret = 0;
2272         else
2273             ret = s->select;
2274         break;
2275     default:
2276     case 7:
2277         if ((!bus->ifs[0].bs && !bus->ifs[1].bs) ||
2278             (s != bus->ifs && !s->bs))
2279             ret = 0;
2280         else
2281             ret = s->status;
2282         qemu_irq_lower(bus->irq);
2283         break;
2284     }
2285 #ifdef DEBUG_IDE
2286     printf("ide: read addr=0x%x val=%02x\n", addr1, ret);
2287 #endif
2288     return ret;
2289 }
2290 
ide_status_read(void * opaque,uint32_t addr)2291 uint32_t ide_status_read(void *opaque, uint32_t addr)
2292 {
2293     IDEBus *bus = opaque;
2294     IDEState *s = idebus_active_if(bus);
2295     int ret;
2296 
2297     if ((!bus->ifs[0].bs && !bus->ifs[1].bs) ||
2298         (s != bus->ifs && !s->bs))
2299         ret = 0;
2300     else
2301         ret = s->status;
2302 #ifdef DEBUG_IDE
2303     printf("ide: read status addr=0x%x val=%02x\n", addr, ret);
2304 #endif
2305     return ret;
2306 }
2307 
ide_cmd_write(void * opaque,uint32_t addr,uint32_t val)2308 void ide_cmd_write(void *opaque, uint32_t addr, uint32_t val)
2309 {
2310     IDEBus *bus = opaque;
2311     IDEState *s;
2312     int i;
2313 
2314 #ifdef DEBUG_IDE
2315     printf("ide: write control addr=0x%x val=%02x\n", addr, val);
2316 #endif
2317     /* common for both drives */
2318     if (!(bus->cmd & IDE_CMD_RESET) &&
2319         (val & IDE_CMD_RESET)) {
2320         /* reset low to high */
2321         for(i = 0;i < 2; i++) {
2322             s = &bus->ifs[i];
2323             s->status = BUSY_STAT | SEEK_STAT;
2324             s->error = 0x01;
2325         }
2326     } else if ((bus->cmd & IDE_CMD_RESET) &&
2327                !(val & IDE_CMD_RESET)) {
2328         /* high to low */
2329         for(i = 0;i < 2; i++) {
2330             s = &bus->ifs[i];
2331             if (s->drive_kind == IDE_CD)
2332                 s->status = 0x00; /* NOTE: READY is _not_ set */
2333             else
2334                 s->status = READY_STAT | SEEK_STAT;
2335             ide_set_signature(s);
2336         }
2337     }
2338 
2339     bus->cmd = val;
2340 }
2341 
ide_data_writew(void * opaque,uint32_t addr,uint32_t val)2342 void ide_data_writew(void *opaque, uint32_t addr, uint32_t val)
2343 {
2344     IDEBus *bus = opaque;
2345     IDEState *s = idebus_active_if(bus);
2346     uint8_t *p;
2347 
2348     /* PIO data access allowed only when DRQ bit is set */
2349     if (!(s->status & DRQ_STAT))
2350         return;
2351 
2352     p = s->data_ptr;
2353     if (p + 2 > s->data_end) {
2354         return;
2355     }
2356 
2357     *(uint16_t *)p = le16_to_cpu(val);
2358     p += 2;
2359     s->data_ptr = p;
2360     if (p >= s->data_end) {
2361         s->status &= ~DRQ_STAT;
2362         s->end_transfer_func(s);
2363     }
2364 }
2365 
ide_data_readw(void * opaque,uint32_t addr)2366 uint32_t ide_data_readw(void *opaque, uint32_t addr)
2367 {
2368     IDEBus *bus = opaque;
2369     IDEState *s = idebus_active_if(bus);
2370     uint8_t *p;
2371     int ret;
2372 
2373     /* PIO data access allowed only when DRQ bit is set */
2374     if (!(s->status & DRQ_STAT))
2375         return 0;
2376 
2377     p = s->data_ptr;
2378     if (p + 2 > s->data_end) {
2379         return 0;
2380     }
2381 
2382     ret = cpu_to_le16(*(uint16_t *)p);
2383     p += 2;
2384     s->data_ptr = p;
2385     if (p >= s->data_end) {
2386         s->status &= ~DRQ_STAT;
2387         s->end_transfer_func(s);
2388     }
2389     return ret;
2390 }
2391 
ide_data_writel(void * opaque,uint32_t addr,uint32_t val)2392 void ide_data_writel(void *opaque, uint32_t addr, uint32_t val)
2393 {
2394     IDEBus *bus = opaque;
2395     IDEState *s = idebus_active_if(bus);
2396     uint8_t *p;
2397 
2398     /* PIO data access allowed only when DRQ bit is set */
2399     if (!(s->status & DRQ_STAT))
2400         return;
2401 
2402     p = s->data_ptr;
2403     if (p + 4 > s->data_end) {
2404         return;
2405     }
2406 
2407     *(uint32_t *)p = le32_to_cpu(val);
2408     p += 4;
2409     s->data_ptr = p;
2410     if (p >= s->data_end) {
2411         s->status &= ~DRQ_STAT;
2412         s->end_transfer_func(s);
2413     }
2414 }
2415 
ide_data_readl(void * opaque,uint32_t addr)2416 uint32_t ide_data_readl(void *opaque, uint32_t addr)
2417 {
2418     IDEBus *bus = opaque;
2419     IDEState *s = idebus_active_if(bus);
2420     uint8_t *p;
2421     int ret;
2422 
2423     /* PIO data access allowed only when DRQ bit is set */
2424     if (!(s->status & DRQ_STAT))
2425         return 0;
2426 
2427     p = s->data_ptr;
2428     if (p + 4 > s->data_end) {
2429         return 0;
2430     }
2431 
2432     ret = cpu_to_le32(*(uint32_t *)p);
2433     p += 4;
2434     s->data_ptr = p;
2435     if (p >= s->data_end) {
2436         s->status &= ~DRQ_STAT;
2437         s->end_transfer_func(s);
2438     }
2439     return ret;
2440 }
2441 
ide_dummy_transfer_stop(IDEState * s)2442 static void ide_dummy_transfer_stop(IDEState *s)
2443 {
2444     s->data_ptr = s->io_buffer;
2445     s->data_end = s->io_buffer;
2446     s->io_buffer[0] = 0xff;
2447     s->io_buffer[1] = 0xff;
2448     s->io_buffer[2] = 0xff;
2449     s->io_buffer[3] = 0xff;
2450 }
2451 
ide_reset(IDEState * s)2452 static void ide_reset(IDEState *s)
2453 {
2454 #ifdef DEBUG_IDE
2455     printf("ide: reset\n");
2456 #endif
2457     if (s->drive_kind == IDE_CFATA)
2458         s->mult_sectors = 0;
2459     else
2460         s->mult_sectors = MAX_MULT_SECTORS;
2461     /* ide regs */
2462     s->feature = 0;
2463     s->error = 0;
2464     s->nsector = 0;
2465     s->sector = 0;
2466     s->lcyl = 0;
2467     s->hcyl = 0;
2468 
2469     /* lba48 */
2470     s->hob_feature = 0;
2471     s->hob_sector = 0;
2472     s->hob_nsector = 0;
2473     s->hob_lcyl = 0;
2474     s->hob_hcyl = 0;
2475 
2476     s->select = 0xa0;
2477     s->status = READY_STAT | SEEK_STAT;
2478 
2479     s->lba48 = 0;
2480 
2481     /* ATAPI specific */
2482     s->sense_key = 0;
2483     s->asc = 0;
2484     s->cdrom_changed = 0;
2485     s->packet_transfer_size = 0;
2486     s->elementary_transfer_size = 0;
2487     s->io_buffer_index = 0;
2488     s->cd_sector_size = 0;
2489     s->atapi_dma = 0;
2490     /* ATA DMA state */
2491     s->io_buffer_size = 0;
2492     s->req_nb_sectors = 0;
2493 
2494     ide_set_signature(s);
2495     /* init the transfer handler so that 0xffff is returned on data
2496        accesses */
2497     s->end_transfer_func = ide_dummy_transfer_stop;
2498     ide_dummy_transfer_stop(s);
2499     s->media_changed = 0;
2500 }
2501 
ide_bus_reset(IDEBus * bus)2502 void ide_bus_reset(IDEBus *bus)
2503 {
2504     bus->unit = 0;
2505     bus->cmd = 0;
2506     ide_reset(&bus->ifs[0]);
2507     ide_reset(&bus->ifs[1]);
2508     ide_clear_hob(bus);
2509 
2510     /* pending async DMA */
2511     if (bus->dma->aiocb) {
2512 #ifdef DEBUG_AIO
2513         printf("aio_cancel\n");
2514 #endif
2515         bdrv_aio_cancel(bus->dma->aiocb);
2516         bus->dma->aiocb = NULL;
2517     }
2518 
2519     /* reset dma provider too */
2520     bus->dma->ops->reset(bus->dma);
2521 }
2522 
ide_init_drive(IDEState * s,BlockDriverState * bs,const char * version,const char * serial)2523 int ide_init_drive(IDEState *s, BlockDriverState *bs,
2524                    const char *version, const char *serial)
2525 {
2526     int cylinders, heads, secs;
2527     uint64_t nb_sectors;
2528 
2529     s->bs = bs;
2530     bdrv_get_geometry(bs, &nb_sectors);
2531     bdrv_guess_geometry(bs, &cylinders, &heads, &secs);
2532     if (cylinders < 1 || cylinders > 16383) {
2533         error_report("cyls must be between 1 and 16383");
2534         return -1;
2535     }
2536     if (heads < 1 || heads > 16) {
2537         error_report("heads must be between 1 and 16");
2538         return -1;
2539     }
2540     if (secs < 1 || secs > 63) {
2541         error_report("secs must be between 1 and 63");
2542         return -1;
2543     }
2544     s->cylinders = cylinders;
2545     s->heads = heads;
2546     s->sectors = secs;
2547     s->nb_sectors = nb_sectors;
2548     /* The SMART values should be preserved across power cycles
2549        but they aren't.  */
2550     s->smart_enabled = 1;
2551     s->smart_autosave = 1;
2552     s->smart_errors = 0;
2553     s->smart_selftest_count = 0;
2554     if (bdrv_get_type_hint(bs) == BDRV_TYPE_CDROM) {
2555         s->drive_kind = IDE_CD;
2556         bdrv_set_change_cb(bs, cdrom_change_cb, s);
2557         bs->buffer_alignment = 2048;
2558     } else {
2559         if (!bdrv_is_inserted(s->bs)) {
2560             error_report("Device needs media, but drive is empty");
2561             return -1;
2562         }
2563         if (bdrv_is_read_only(bs)) {
2564             error_report("Can't use a read-only drive");
2565             return -1;
2566         }
2567     }
2568     if (serial) {
2569         strncpy(s->drive_serial_str, serial, sizeof(s->drive_serial_str));
2570     } else {
2571         snprintf(s->drive_serial_str, sizeof(s->drive_serial_str),
2572                  "QM%05d", s->drive_serial);
2573     }
2574     if (version) {
2575         pstrcpy(s->version, sizeof(s->version), version);
2576     } else {
2577         pstrcpy(s->version, sizeof(s->version), QEMU_VERSION);
2578     }
2579 
2580     ide_reset(s);
2581     bdrv_set_removable(bs, s->drive_kind == IDE_CD);
2582     return 0;
2583 }
2584 
ide_init1(IDEBus * bus,int unit)2585 static void ide_init1(IDEBus *bus, int unit)
2586 {
2587     static int drive_serial = 1;
2588     IDEState *s = &bus->ifs[unit];
2589 
2590     s->bus = bus;
2591     s->unit = unit;
2592     s->drive_serial = drive_serial++;
2593     /* we need at least 2k alignment for accessing CDROMs using O_DIRECT */
2594     s->io_buffer = qemu_memalign(2048, IDE_DMA_BUF_SECTORS*512 + 4);
2595     s->io_buffer_total_len = IDE_DMA_BUF_SECTORS*512 + 4;
2596     s->smart_selftest_data = qemu_blockalign(s->bs, 512);
2597     s->sector_write_timer = qemu_new_timer(vm_clock,
2598                                            ide_sector_write_timer_cb, s);
2599 }
2600 
ide_nop_start(IDEDMA * dma,IDEState * s,BlockDriverCompletionFunc * cb)2601 static void ide_nop_start(IDEDMA *dma, IDEState *s,
2602                           BlockDriverCompletionFunc *cb)
2603 {
2604 }
2605 
ide_nop(IDEDMA * dma)2606 static int ide_nop(IDEDMA *dma)
2607 {
2608     return 0;
2609 }
2610 
ide_nop_int(IDEDMA * dma,int x)2611 static int ide_nop_int(IDEDMA *dma, int x)
2612 {
2613     return 0;
2614 }
2615 
ide_nop_restart(void * opaque,int x,int y)2616 static void ide_nop_restart(void *opaque, int x, int y)
2617 {
2618 }
2619 
2620 static const IDEDMAOps ide_dma_nop_ops = {
2621     .start_dma      = ide_nop_start,
2622     .start_transfer = ide_nop,
2623     .prepare_buf    = ide_nop_int,
2624     .rw_buf         = ide_nop_int,
2625     .set_unit       = ide_nop_int,
2626     .add_status     = ide_nop_int,
2627     .set_inactive   = ide_nop,
2628     .restart_cb     = ide_nop_restart,
2629     .reset          = ide_nop,
2630 };
2631 
2632 static IDEDMA ide_dma_nop = {
2633     .ops = &ide_dma_nop_ops,
2634     .aiocb = NULL,
2635 };
2636 
ide_init2(IDEBus * bus,qemu_irq irq)2637 void ide_init2(IDEBus *bus, qemu_irq irq)
2638 {
2639     int i;
2640 
2641     for(i = 0; i < 2; i++) {
2642         ide_init1(bus, i);
2643         ide_reset(&bus->ifs[i]);
2644     }
2645     bus->irq = irq;
2646     bus->dma = &ide_dma_nop;
2647 }
2648 
2649 /* TODO convert users to qdev and remove */
ide_init2_with_non_qdev_drives(IDEBus * bus,DriveInfo * hd0,DriveInfo * hd1,qemu_irq irq)2650 void ide_init2_with_non_qdev_drives(IDEBus *bus, DriveInfo *hd0,
2651                                     DriveInfo *hd1, qemu_irq irq)
2652 {
2653     int i;
2654     DriveInfo *dinfo;
2655 
2656     for(i = 0; i < 2; i++) {
2657         dinfo = i == 0 ? hd0 : hd1;
2658         ide_init1(bus, i);
2659         if (dinfo) {
2660             if (ide_init_drive(&bus->ifs[i], dinfo->bdrv, NULL,
2661                                *dinfo->serial ? dinfo->serial : NULL) < 0) {
2662                 error_report("Can't set up IDE drive %s", dinfo->id);
2663                 exit(1);
2664             }
2665         } else {
2666             ide_reset(&bus->ifs[i]);
2667         }
2668     }
2669     bus->irq = irq;
2670     bus->dma = &ide_dma_nop;
2671 }
2672 
ide_init_ioport(IDEBus * bus,int iobase,int iobase2)2673 void ide_init_ioport(IDEBus *bus, int iobase, int iobase2)
2674 {
2675     register_ioport_write(iobase, 8, 1, ide_ioport_write, bus);
2676     register_ioport_read(iobase, 8, 1, ide_ioport_read, bus);
2677     if (iobase2) {
2678         register_ioport_read(iobase2, 1, 1, ide_status_read, bus);
2679         register_ioport_write(iobase2, 1, 1, ide_cmd_write, bus);
2680     }
2681 
2682     /* data ports */
2683     register_ioport_write(iobase, 2, 2, ide_data_writew, bus);
2684     register_ioport_read(iobase, 2, 2, ide_data_readw, bus);
2685     register_ioport_write(iobase, 4, 4, ide_data_writel, bus);
2686     register_ioport_read(iobase, 4, 4, ide_data_readl, bus);
2687 }
2688 
is_identify_set(void * opaque,int version_id)2689 static bool is_identify_set(void *opaque, int version_id)
2690 {
2691     IDEState *s = opaque;
2692 
2693     return s->identify_set != 0;
2694 }
2695 
2696 static EndTransferFunc* transfer_end_table[] = {
2697         ide_sector_read,
2698         ide_sector_write,
2699         ide_transfer_stop,
2700         ide_atapi_cmd_reply_end,
2701         ide_atapi_cmd,
2702         ide_dummy_transfer_stop,
2703 };
2704 
transfer_end_table_idx(EndTransferFunc * fn)2705 static int transfer_end_table_idx(EndTransferFunc *fn)
2706 {
2707     int i;
2708 
2709     for (i = 0; i < ARRAY_SIZE(transfer_end_table); i++)
2710         if (transfer_end_table[i] == fn)
2711             return i;
2712 
2713     return -1;
2714 }
2715 
ide_drive_post_load(void * opaque,int version_id)2716 static int ide_drive_post_load(void *opaque, int version_id)
2717 {
2718     IDEState *s = opaque;
2719 
2720     if (version_id < 3) {
2721         if (s->sense_key == SENSE_UNIT_ATTENTION &&
2722             s->asc == ASC_MEDIUM_MAY_HAVE_CHANGED) {
2723             s->cdrom_changed = 1;
2724         }
2725     }
2726     return 0;
2727 }
2728 
ide_drive_pio_post_load(void * opaque,int version_id)2729 static int ide_drive_pio_post_load(void *opaque, int version_id)
2730 {
2731     IDEState *s = opaque;
2732 
2733     if (s->end_transfer_fn_idx > ARRAY_SIZE(transfer_end_table)) {
2734         return -EINVAL;
2735     }
2736     s->end_transfer_func = transfer_end_table[s->end_transfer_fn_idx];
2737     s->data_ptr = s->io_buffer + s->cur_io_buffer_offset;
2738     s->data_end = s->data_ptr + s->cur_io_buffer_len;
2739 
2740     return 0;
2741 }
2742 
ide_drive_pio_pre_save(void * opaque)2743 static void ide_drive_pio_pre_save(void *opaque)
2744 {
2745     IDEState *s = opaque;
2746     int idx;
2747 
2748     s->cur_io_buffer_offset = s->data_ptr - s->io_buffer;
2749     s->cur_io_buffer_len = s->data_end - s->data_ptr;
2750 
2751     idx = transfer_end_table_idx(s->end_transfer_func);
2752     if (idx == -1) {
2753         fprintf(stderr, "%s: invalid end_transfer_func for DRQ_STAT\n",
2754                         __func__);
2755         s->end_transfer_fn_idx = 2;
2756     } else {
2757         s->end_transfer_fn_idx = idx;
2758     }
2759 }
2760 
ide_drive_pio_state_needed(void * opaque)2761 static bool ide_drive_pio_state_needed(void *opaque)
2762 {
2763     IDEState *s = opaque;
2764 
2765     return (s->status & DRQ_STAT) != 0;
2766 }
2767 
2768 const VMStateDescription vmstate_ide_drive_pio_state = {
2769     .name = "ide_drive/pio_state",
2770     .version_id = 1,
2771     .minimum_version_id = 1,
2772     .minimum_version_id_old = 1,
2773     .pre_save = ide_drive_pio_pre_save,
2774     .post_load = ide_drive_pio_post_load,
2775     .fields      = (VMStateField []) {
2776         VMSTATE_INT32(req_nb_sectors, IDEState),
2777         VMSTATE_VARRAY_INT32(io_buffer, IDEState, io_buffer_total_len, 1,
2778 			     vmstate_info_uint8, uint8_t),
2779         VMSTATE_INT32(cur_io_buffer_offset, IDEState),
2780         VMSTATE_INT32(cur_io_buffer_len, IDEState),
2781         VMSTATE_UINT8(end_transfer_fn_idx, IDEState),
2782         VMSTATE_INT32(elementary_transfer_size, IDEState),
2783         VMSTATE_INT32(packet_transfer_size, IDEState),
2784         VMSTATE_END_OF_LIST()
2785     }
2786 };
2787 
2788 const VMStateDescription vmstate_ide_drive = {
2789     .name = "ide_drive",
2790     .version_id = 3,
2791     .minimum_version_id = 0,
2792     .minimum_version_id_old = 0,
2793     .post_load = ide_drive_post_load,
2794     .fields      = (VMStateField []) {
2795         VMSTATE_INT32(mult_sectors, IDEState),
2796         VMSTATE_INT32(identify_set, IDEState),
2797         VMSTATE_BUFFER_TEST(identify_data, IDEState, is_identify_set),
2798         VMSTATE_UINT8(feature, IDEState),
2799         VMSTATE_UINT8(error, IDEState),
2800         VMSTATE_UINT32(nsector, IDEState),
2801         VMSTATE_UINT8(sector, IDEState),
2802         VMSTATE_UINT8(lcyl, IDEState),
2803         VMSTATE_UINT8(hcyl, IDEState),
2804         VMSTATE_UINT8(hob_feature, IDEState),
2805         VMSTATE_UINT8(hob_sector, IDEState),
2806         VMSTATE_UINT8(hob_nsector, IDEState),
2807         VMSTATE_UINT8(hob_lcyl, IDEState),
2808         VMSTATE_UINT8(hob_hcyl, IDEState),
2809         VMSTATE_UINT8(select, IDEState),
2810         VMSTATE_UINT8(status, IDEState),
2811         VMSTATE_UINT8(lba48, IDEState),
2812         VMSTATE_UINT8(sense_key, IDEState),
2813         VMSTATE_UINT8(asc, IDEState),
2814         VMSTATE_UINT8_V(cdrom_changed, IDEState, 3),
2815         VMSTATE_END_OF_LIST()
2816     },
2817     .subsections = (VMStateSubsection []) {
2818         {
2819             .vmsd = &vmstate_ide_drive_pio_state,
2820             .needed = ide_drive_pio_state_needed,
2821         }, {
2822             /* empty */
2823         }
2824     }
2825 };
2826 
2827 const VMStateDescription vmstate_ide_bus = {
2828     .name = "ide_bus",
2829     .version_id = 1,
2830     .minimum_version_id = 1,
2831     .minimum_version_id_old = 1,
2832     .fields      = (VMStateField []) {
2833         VMSTATE_UINT8(cmd, IDEBus),
2834         VMSTATE_UINT8(unit, IDEBus),
2835         VMSTATE_END_OF_LIST()
2836     }
2837 };
2838