rtoss - Blame information for rev 79

Subversion Repositories:
Rev:
Rev Author Line No. Line
74 roytam 1 /*
2  * QEMU IDE disk and CD/DVD-ROM Emulator
3  *
4  * Copyright (c) 2003 Fabrice Bellard
5  * Copyright (c) 2006 Openedhand Ltd.
6  *
7  * Permission is hereby granted, free of charge, to any person obtaining a copy
8  * of this software and associated documentation files (the "Software"), to deal
9  * in the Software without restriction, including without limitation the rights
10  * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
11  * copies of the Software, and to permit persons to whom the Software is
12  * furnished to do so, subject to the following conditions:
13  *
14  * The above copyright notice and this permission notice shall be included in
15  * all copies or substantial portions of the Software.
16  *
17  * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
18  * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
19  * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
20  * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
21  * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
22  * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
23  * THE SOFTWARE.
24  */
25 #include <hw/hw.h>
26 #include <hw/pc.h>
27 #include <hw/pci.h>
28 #include <hw/scsi-disk.h>
29 #include <hw/sh.h>
30 #include "block.h"
31 #include "block_int.h"
32 #include "qemu-timer.h"
33 #include "sysemu.h"
34 #include "dma.h"
35  
36 #include <hw/ide/internal.h>
37  
38 static int smart_attributes[][5] = {
39     /* id,  flags, val, wrst, thrsh */
40     { 0x01, 0x03, 0x64, 0x64, 0x06}, /* raw read */
41     { 0x03, 0x03, 0x64, 0x64, 0x46}, /* spin up */
42     { 0x04, 0x02, 0x64, 0x64, 0x14}, /* start stop count */
43     { 0x05, 0x03, 0x64, 0x64, 0x36}, /* remapped sectors */
44     { 0x00, 0x00, 0x00, 0x00, 0x00}
45 };
46  
47 /* XXX: DVDs that could fit on a CD will be reported as a CD */
48 static inline int media_present(IDEState *s)
49 {
50     return (s->nb_sectors > 0);
51 }
52  
53 static inline int media_is_dvd(IDEState *s)
54 {
55     return (media_present(s) && s->nb_sectors > CD_MAX_SECTORS);
56 }
57  
58 static inline int media_is_cd(IDEState *s)
59 {
60     return (media_present(s) && s->nb_sectors <= CD_MAX_SECTORS);
61 }
62  
63 static void ide_dma_start(IDEState *s, BlockDriverCompletionFunc *dma_cb);
64 static void ide_dma_restart(IDEState *s);
65 static void ide_atapi_cmd_read_dma_cb(void *opaque, int ret);
66  
67 static void padstr(char *str, const char *src, int len)
68 {
69     int i, v;
70     for(i = 0; i < len; i++) {
71         if (*src)
72             v = *src++;
73         else
74             v = ' ';
75         str[i^1] = v;
76     }
77 }
78  
79 static void padstr8(uint8_t *buf, int buf_size, const char *src)
80 {
81     int i;
82     for(i = 0; i < buf_size; i++) {
83         if (*src)
84             buf[i] = *src++;
85         else
86             buf[i] = ' ';
87     }
88 }
89  
90 static void put_le16(uint16_t *p, unsigned int v)
91 {
92     *p = cpu_to_le16(v);
93 }
94  
95 static void ide_identify(IDEState *s)
96 {
97     uint16_t *p;
98     unsigned int oldsize;
99  
100     if (s->identify_set) {
101         memcpy(s->io_buffer, s->identify_data, sizeof(s->identify_data));
102         return;
103     }
104  
105     memset(s->io_buffer, 0, 512);
106     p = (uint16_t *)s->io_buffer;
107     put_le16(p + 0, 0x0040);
108     put_le16(p + 1, s->cylinders);
109     put_le16(p + 3, s->heads);
110     put_le16(p + 4, 512 * s->sectors); /* XXX: retired, remove ? */
111     put_le16(p + 5, 512); /* XXX: retired, remove ? */
112     put_le16(p + 6, s->sectors);
113     padstr((char *)(p + 10), s->drive_serial_str, 20); /* serial number */
114     put_le16(p + 20, 3); /* XXX: retired, remove ? */
115     put_le16(p + 21, 512); /* cache size in sectors */
116     put_le16(p + 22, 4); /* ecc bytes */
117     padstr((char *)(p + 23), QEMU_VERSION, 8); /* firmware version */
118     padstr((char *)(p + 27), "QEMU HARDDISK", 40); /* model */
119 #if MAX_MULT_SECTORS > 1
120     put_le16(p + 47, 0x8000 | MAX_MULT_SECTORS);
121 #endif
122     put_le16(p + 48, 1); /* dword I/O */
123     put_le16(p + 49, (1 << 11) | (1 << 9) | (1 << 8)); /* DMA and LBA supported */
124     put_le16(p + 51, 0x200); /* PIO transfer cycle */
125     put_le16(p + 52, 0x200); /* DMA transfer cycle */
126     put_le16(p + 53, 1 | (1 << 1) | (1 << 2)); /* words 54-58,64-70,88 are valid */
127     put_le16(p + 54, s->cylinders);
128     put_le16(p + 55, s->heads);
129     put_le16(p + 56, s->sectors);
130     oldsize = s->cylinders * s->heads * s->sectors;
131     put_le16(p + 57, oldsize);
132     put_le16(p + 58, oldsize >> 16);
133     if (s->mult_sectors)
134         put_le16(p + 59, 0x100 | s->mult_sectors);
135     put_le16(p + 60, s->nb_sectors);
136     put_le16(p + 61, s->nb_sectors >> 16);
137     put_le16(p + 62, 0x07); /* single word dma0-2 supported */
138     put_le16(p + 63, 0x07); /* mdma0-2 supported */
139     put_le16(p + 65, 120);
140     put_le16(p + 66, 120);
141     put_le16(p + 67, 120);
142     put_le16(p + 68, 120);
143     put_le16(p + 80, 0xf0); /* ata3 -> ata6 supported */
144     put_le16(p + 81, 0x16); /* conforms to ata5 */
145     /* 14=NOP supported, 0=SMART supported */
146     put_le16(p + 82, (1 << 14) | 1);
147     /* 13=flush_cache_ext,12=flush_cache,10=lba48 */
148     put_le16(p + 83, (1 << 14) | (1 << 13) | (1 <<12) | (1 << 10));
149     /* 14=set to 1, 1=SMART self test, 0=SMART error logging */
150     put_le16(p + 84, (1 << 14) | 0);
151     /* 14 = NOP supported, 5=WCACHE enabled, 0=SMART feature set enabled */
152     if (bdrv_enable_write_cache(s->bs))
153          put_le16(p + 85, (1 << 14) | (1 << 5) | 1);
154     else
155          put_le16(p + 85, (1 << 14) | 1);
156     /* 13=flush_cache_ext,12=flush_cache,10=lba48 */
157     put_le16(p + 86, (1 << 14) | (1 << 13) | (1 <<12) | (1 << 10));
158     /* 14=set to 1, 1=smart self test, 0=smart error logging */
159     put_le16(p + 87, (1 << 14) | 0);
160     put_le16(p + 88, 0x3f | (1 << 13)); /* udma5 set and supported */
161     put_le16(p + 93, 1 | (1 << 14) | 0x2000);
162     put_le16(p + 100, s->nb_sectors);
163     put_le16(p + 101, s->nb_sectors >> 16);
164     put_le16(p + 102, s->nb_sectors >> 32);
165     put_le16(p + 103, s->nb_sectors >> 48);
166  
167     memcpy(s->identify_data, p, sizeof(s->identify_data));
168     s->identify_set = 1;
169 }
170  
171 static void ide_atapi_identify(IDEState *s)
172 {
173     uint16_t *p;
174  
175     if (s->identify_set) {
176         memcpy(s->io_buffer, s->identify_data, sizeof(s->identify_data));
177         return;
178     }
179  
180     memset(s->io_buffer, 0, 512);
181     p = (uint16_t *)s->io_buffer;
182     /* Removable CDROM, 50us response, 12 byte packets */
183     put_le16(p + 0, (2 << 14) | (5 << 8) | (1 << 7) | (2 << 5) | (0 << 0));
184     padstr((char *)(p + 10), s->drive_serial_str, 20); /* serial number */
185     put_le16(p + 20, 3); /* buffer type */
186     put_le16(p + 21, 512); /* cache size in sectors */
187     put_le16(p + 22, 4); /* ecc bytes */
188     padstr((char *)(p + 23), QEMU_VERSION, 8); /* firmware version */
189     padstr((char *)(p + 27), "QEMU DVD-ROM", 40); /* model */
190     put_le16(p + 48, 1); /* dword I/O (XXX: should not be set on CDROM) */
191 #ifdef USE_DMA_CDROM
192     put_le16(p + 49, 1 << 9 | 1 << 8); /* DMA and LBA supported */
193     put_le16(p + 53, 7); /* words 64-70, 54-58, 88 valid */
194     put_le16(p + 62, 7);  /* single word dma0-2 supported */
195     put_le16(p + 63, 7);  /* mdma0-2 supported */
196     put_le16(p + 64, 0x3f); /* PIO modes supported */
197 #else
198     put_le16(p + 49, 1 << 9); /* LBA supported, no DMA */
199     put_le16(p + 53, 3); /* words 64-70, 54-58 valid */
200     put_le16(p + 63, 0x103); /* DMA modes XXX: may be incorrect */
201     put_le16(p + 64, 1); /* PIO modes */
202 #endif
203     put_le16(p + 65, 0xb4); /* minimum DMA multiword tx cycle time */
204     put_le16(p + 66, 0xb4); /* recommended DMA multiword tx cycle time */
205     put_le16(p + 67, 0x12c); /* minimum PIO cycle time without flow control */
206     put_le16(p + 68, 0xb4); /* minimum PIO cycle time with IORDY flow control */
207  
208     put_le16(p + 71, 30); /* in ns */
209     put_le16(p + 72, 30); /* in ns */
210  
211     put_le16(p + 80, 0x1e); /* support up to ATA/ATAPI-4 */
212 #ifdef USE_DMA_CDROM
213     put_le16(p + 88, 0x3f | (1 << 13)); /* udma5 set and supported */
214 #endif
215     memcpy(s->identify_data, p, sizeof(s->identify_data));
216     s->identify_set = 1;
217 }
218  
219 static void ide_cfata_identify(IDEState *s)
220 {
221     uint16_t *p;
222     uint32_t cur_sec;
223  
224     p = (uint16_t *) s->identify_data;
225     if (s->identify_set)
226         goto fill_buffer;
227  
228     memset(p, 0, sizeof(s->identify_data));
229  
230     cur_sec = s->cylinders * s->heads * s->sectors;
231  
232     put_le16(p + 0, 0x848a);                    /* CF Storage Card signature */
233     put_le16(p + 1, s->cylinders);              /* Default cylinders */
234     put_le16(p + 3, s->heads);                  /* Default heads */
235     put_le16(p + 6, s->sectors);                /* Default sectors per track */
236     put_le16(p + 7, s->nb_sectors >> 16);       /* Sectors per card */
237     put_le16(p + 8, s->nb_sectors);             /* Sectors per card */
238     padstr((char *)(p + 10), s->drive_serial_str, 20); /* serial number */
239     put_le16(p + 22, 0x0004);                   /* ECC bytes */
240     padstr((char *) (p + 23), QEMU_VERSION, 8); /* Firmware Revision */
241     padstr((char *) (p + 27), "QEMU MICRODRIVE", 40);/* Model number */
242 #if MAX_MULT_SECTORS > 1
243     put_le16(p + 47, 0x8000 | MAX_MULT_SECTORS);
244 #else
245     put_le16(p + 47, 0x0000);
246 #endif
247     put_le16(p + 49, 0x0f00);                   /* Capabilities */
248     put_le16(p + 51, 0x0002);                   /* PIO cycle timing mode */
249     put_le16(p + 52, 0x0001);                   /* DMA cycle timing mode */
250     put_le16(p + 53, 0x0003);                   /* Translation params valid */
251     put_le16(p + 54, s->cylinders);             /* Current cylinders */
252     put_le16(p + 55, s->heads);                 /* Current heads */
253     put_le16(p + 56, s->sectors);               /* Current sectors */
254     put_le16(p + 57, cur_sec);                  /* Current capacity */
255     put_le16(p + 58, cur_sec >> 16);            /* Current capacity */
256     if (s->mult_sectors)                        /* Multiple sector setting */
257         put_le16(p + 59, 0x100 | s->mult_sectors);
258     put_le16(p + 60, s->nb_sectors);            /* Total LBA sectors */
259     put_le16(p + 61, s->nb_sectors >> 16);      /* Total LBA sectors */
260     put_le16(p + 63, 0x0203);                   /* Multiword DMA capability */
261     put_le16(p + 64, 0x0001);                   /* Flow Control PIO support */
262     put_le16(p + 65, 0x0096);                   /* Min. Multiword DMA cycle */
263     put_le16(p + 66, 0x0096);                   /* Rec. Multiword DMA cycle */
264     put_le16(p + 68, 0x00b4);                   /* Min. PIO cycle time */
265     put_le16(p + 82, 0x400c);                   /* Command Set supported */
266     put_le16(p + 83, 0x7068);                   /* Command Set supported */
267     put_le16(p + 84, 0x4000);                   /* Features supported */
268     put_le16(p + 85, 0x000c);                   /* Command Set enabled */
269     put_le16(p + 86, 0x7044);                   /* Command Set enabled */
270     put_le16(p + 87, 0x4000);                   /* Features enabled */
271     put_le16(p + 91, 0x4060);                   /* Current APM level */
272     put_le16(p + 129, 0x0002);                  /* Current features option */
273     put_le16(p + 130, 0x0005);                  /* Reassigned sectors */
274     put_le16(p + 131, 0x0001);                  /* Initial power mode */
275     put_le16(p + 132, 0x0000);                  /* User signature */
276     put_le16(p + 160, 0x8100);                  /* Power requirement */
277     put_le16(p + 161, 0x8001);                  /* CF command set */
278  
279     s->identify_set = 1;
280  
281 fill_buffer:
282     memcpy(s->io_buffer, p, sizeof(s->identify_data));
283 }
284  
285 static void ide_set_signature(IDEState *s)
286 {
287     s->select &= 0xf0; /* clear head */
288     /* put signature */
289     s->nsector = 1;
290     s->sector = 1;
291     if (s->is_cdrom) {
292         s->lcyl = 0x14;
293         s->hcyl = 0xeb;
294     } else if (s->bs) {
295         s->lcyl = 0;
296         s->hcyl = 0;
297     } else {
298         s->lcyl = 0xff;
299         s->hcyl = 0xff;
300     }
301 }
302  
303 static inline void ide_abort_command(IDEState *s)
304 {
305     s->status = READY_STAT | ERR_STAT;
306     s->error = ABRT_ERR;
307 }
308  
309 static inline void ide_dma_submit_check(IDEState *s,
310           BlockDriverCompletionFunc *dma_cb, BMDMAState *bm)
311 {
312     if (bm->aiocb)
313         return;
314     dma_cb(bm, -1);
315 }
316  
317 /* prepare data transfer and tell what to do after */
318 static void ide_transfer_start(IDEState *s, uint8_t *buf, int size,
319                                EndTransferFunc *end_transfer_func)
320 {
321     s->end_transfer_func = end_transfer_func;
322     s->data_ptr = buf;
323     s->data_end = buf + size;
324     if (!(s->status & ERR_STAT))
325         s->status |= DRQ_STAT;
326 }
327  
328 static void ide_transfer_stop(IDEState *s)
329 {
330     s->end_transfer_func = ide_transfer_stop;
331     s->data_ptr = s->io_buffer;
332     s->data_end = s->io_buffer;
333     s->status &= ~DRQ_STAT;
334 }
335  
336 int64_t ide_get_sector(IDEState *s)
337 {
338     int64_t sector_num;
339     if (s->select & 0x40) {
340         /* lba */
341         if (!s->lba48) {
342             sector_num = ((s->select & 0x0f) << 24) | (s->hcyl << 16) |
343                 (s->lcyl << 8) | s->sector;
344         } else {
345             sector_num = ((int64_t)s->hob_hcyl << 40) |
346                 ((int64_t) s->hob_lcyl << 32) |
347                 ((int64_t) s->hob_sector << 24) |
348                 ((int64_t) s->hcyl << 16) |
349                 ((int64_t) s->lcyl << 8) | s->sector;
350         }
351     } else {
352         sector_num = ((s->hcyl << 8) | s->lcyl) * s->heads * s->sectors +
353             (s->select & 0x0f) * s->sectors + (s->sector - 1);
354     }
355     return sector_num;
356 }
357  
358 void ide_set_sector(IDEState *s, int64_t sector_num)
359 {
360     unsigned int cyl, r;
361     if (s->select & 0x40) {
362         if (!s->lba48) {
363             s->select = (s->select & 0xf0) | (sector_num >> 24);
364             s->hcyl = (sector_num >> 16);
365             s->lcyl = (sector_num >> 8);
366             s->sector = (sector_num);
367         } else {
368             s->sector = sector_num;
369             s->lcyl = sector_num >> 8;
370             s->hcyl = sector_num >> 16;
371             s->hob_sector = sector_num >> 24;
372             s->hob_lcyl = sector_num >> 32;
373             s->hob_hcyl = sector_num >> 40;
374         }
375     } else {
376         cyl = sector_num / (s->heads * s->sectors);
377         r = sector_num % (s->heads * s->sectors);
378         s->hcyl = cyl >> 8;
379         s->lcyl = cyl;
380         s->select = (s->select & 0xf0) | ((r / s->sectors) & 0x0f);
381         s->sector = (r % s->sectors) + 1;
382     }
383 }
384  
385 static void ide_rw_error(IDEState *s) {
386     ide_abort_command(s);
387     ide_set_irq(s->bus);
388 }
389  
390 static void ide_sector_read(IDEState *s)
391 {
392     int64_t sector_num;
393     int ret, n;
394  
395     s->status = READY_STAT | SEEK_STAT;
396     s->error = 0; /* not needed by IDE spec, but needed by Windows */
397     sector_num = ide_get_sector(s);
398     n = s->nsector;
399     if (n == 0) {
400         /* no more sector to read from disk */
401         ide_transfer_stop(s);
402     } else {
403 #if defined(DEBUG_IDE)
404         printf("read sector=%" PRId64 "\n", sector_num);
405 #endif
406         if (n > s->req_nb_sectors)
407             n = s->req_nb_sectors;
408         ret = bdrv_read(s->bs, sector_num, s->io_buffer, n);
409         if (ret != 0) {
410             ide_rw_error(s);
411             return;
412         }
413         ide_transfer_start(s, s->io_buffer, 512 * n, ide_sector_read);
414         ide_set_irq(s->bus);
415         ide_set_sector(s, sector_num + n);
416         s->nsector -= n;
417     }
418 }
419  
420  
421 /* return 0 if buffer completed */
422 static int dma_buf_prepare(BMDMAState *bm, int is_write)
423 {
424     IDEState *s = bmdma_active_if(bm);
425     struct {
426         uint32_t addr;
427         uint32_t size;
428     } prd;
429     int l, len;
430  
431     qemu_sglist_init(&s->sg, s->nsector / (TARGET_PAGE_SIZE/512) + 1);
432     s->io_buffer_size = 0;
433     for(;;) {
434         if (bm->cur_prd_len == 0) {
435             /* end of table (with a fail safe of one page) */
436             if (bm->cur_prd_last ||
437                 (bm->cur_addr - bm->addr) >= 4096)
438                 return s->io_buffer_size != 0;
439             cpu_physical_memory_read(bm->cur_addr, (uint8_t *)&prd, 8);
440             bm->cur_addr += 8;
441             prd.addr = le32_to_cpu(prd.addr);
442             prd.size = le32_to_cpu(prd.size);
443             len = prd.size & 0xfffe;
444             if (len == 0)
445                 len = 0x10000;
446             bm->cur_prd_len = len;
447             bm->cur_prd_addr = prd.addr;
448             bm->cur_prd_last = (prd.size & 0x80000000);
449         }
450         l = bm->cur_prd_len;
451         if (l > 0) {
452             qemu_sglist_add(&s->sg, bm->cur_prd_addr, l);
453             bm->cur_prd_addr += l;
454             bm->cur_prd_len -= l;
455             s->io_buffer_size += l;
456         }
457     }
458     return 1;
459 }
460  
461 static void dma_buf_commit(IDEState *s, int is_write)
462 {
463     qemu_sglist_destroy(&s->sg);
464 }
465  
466 void ide_dma_error(IDEState *s)
467 {
468     ide_transfer_stop(s);
469     s->error = ABRT_ERR;
470     s->status = READY_STAT | ERR_STAT;
471     ide_set_irq(s->bus);
472 }
473  
474 static int ide_handle_write_error(IDEState *s, int error, int op)
475 {
476     BlockInterfaceErrorAction action = drive_get_onerror(s->bs);
477  
478     if (action == BLOCK_ERR_IGNORE)
479         return 0;
480  
481     if ((error == ENOSPC && action == BLOCK_ERR_STOP_ENOSPC)
482             || action == BLOCK_ERR_STOP_ANY) {
483         s->bus->bmdma->unit = s->unit;
484         s->bus->bmdma->status |= op;
485         vm_stop(0);
486     } else {
487         if (op == BM_STATUS_DMA_RETRY) {
488             dma_buf_commit(s, 0);
489             ide_dma_error(s);
490         } else {
491             ide_rw_error(s);
492         }
493     }
494  
495     return 1;
496 }
497  
498 /* return 0 if buffer completed */
499 static int dma_buf_rw(BMDMAState *bm, int is_write)
500 {
501     IDEState *s = bmdma_active_if(bm);
502     struct {
503         uint32_t addr;
504         uint32_t size;
505     } prd;
506     int l, len;
507  
508     for(;;) {
509         l = s->io_buffer_size - s->io_buffer_index;
510         if (l <= 0)
511             break;
512         if (bm->cur_prd_len == 0) {
513             /* end of table (with a fail safe of one page) */
514             if (bm->cur_prd_last ||
515                 (bm->cur_addr - bm->addr) >= 4096)
516                 return 0;
517             cpu_physical_memory_read(bm->cur_addr, (uint8_t *)&prd, 8);
518             bm->cur_addr += 8;
519             prd.addr = le32_to_cpu(prd.addr);
520             prd.size = le32_to_cpu(prd.size);
521             len = prd.size & 0xfffe;
522             if (len == 0)
523                 len = 0x10000;
524             bm->cur_prd_len = len;
525             bm->cur_prd_addr = prd.addr;
526             bm->cur_prd_last = (prd.size & 0x80000000);
527         }
528         if (l > bm->cur_prd_len)
529             l = bm->cur_prd_len;
530         if (l > 0) {
531             if (is_write) {
532                 cpu_physical_memory_write(bm->cur_prd_addr,
533                                           s->io_buffer + s->io_buffer_index, l);
534             } else {
535                 cpu_physical_memory_read(bm->cur_prd_addr,
536                                           s->io_buffer + s->io_buffer_index, l);
537             }
538             bm->cur_prd_addr += l;
539             bm->cur_prd_len -= l;
540             s->io_buffer_index += l;
541         }
542     }
543     return 1;
544 }
545  
546 static void ide_read_dma_cb(void *opaque, int ret)
547 {
548     BMDMAState *bm = opaque;
549     IDEState *s = bmdma_active_if(bm);
550     int n;
551     int64_t sector_num;
552  
553     if (ret < 0) {
554         dma_buf_commit(s, 1);
555         ide_dma_error(s);
556         return;
557     }
558  
559     n = s->io_buffer_size >> 9;
560     sector_num = ide_get_sector(s);
561     if (n > 0) {
562         dma_buf_commit(s, 1);
563         sector_num += n;
564         ide_set_sector(s, sector_num);
565         s->nsector -= n;
566     }
567  
568     /* end of transfer ? */
569     if (s->nsector == 0) {
570         s->status = READY_STAT | SEEK_STAT;
571         ide_set_irq(s->bus);
572     eot:
573         bm->status &= ~BM_STATUS_DMAING;
574         bm->status |= BM_STATUS_INT;
575         bm->dma_cb = NULL;
576         bm->unit = -1;
577         bm->aiocb = NULL;
578         return;
579     }
580  
581     /* launch next transfer */
582     n = s->nsector;
583     s->io_buffer_index = 0;
584     s->io_buffer_size = n * 512;
585     if (dma_buf_prepare(bm, 1) == 0)
586         goto eot;
587 #ifdef DEBUG_AIO
588     printf("aio_read: sector_num=%" PRId64 " n=%d\n", sector_num, n);
589 #endif
590     bm->aiocb = dma_bdrv_read(s->bs, &s->sg, sector_num, ide_read_dma_cb, bm);
591     ide_dma_submit_check(s, ide_read_dma_cb, bm);
592 }
593  
594 static void ide_sector_read_dma(IDEState *s)
595 {
596     s->status = READY_STAT | SEEK_STAT | DRQ_STAT | BUSY_STAT;
597     s->io_buffer_index = 0;
598     s->io_buffer_size = 0;
599     s->is_read = 1;
600     ide_dma_start(s, ide_read_dma_cb);
601 }
602  
603 static void ide_sector_write_timer_cb(void *opaque)
604 {
605     IDEState *s = opaque;
606     ide_set_irq(s->bus);
607 }
608  
609 static void ide_sector_write(IDEState *s)
610 {
611     int64_t sector_num;
612     int ret, n, n1;
613  
614     s->status = READY_STAT | SEEK_STAT;
615     sector_num = ide_get_sector(s);
616 #if defined(DEBUG_IDE)
617     printf("write sector=%" PRId64 "\n", sector_num);
618 #endif
619     n = s->nsector;
620     if (n > s->req_nb_sectors)
621         n = s->req_nb_sectors;
622     ret = bdrv_write(s->bs, sector_num, s->io_buffer, n);
623  
624     if (ret != 0) {
625         if (ide_handle_write_error(s, -ret, BM_STATUS_PIO_RETRY))
626             return;
627     }
628  
629     s->nsector -= n;
630     if (s->nsector == 0) {
631         /* no more sectors to write */
632         ide_transfer_stop(s);
633     } else {
634         n1 = s->nsector;
635         if (n1 > s->req_nb_sectors)
636             n1 = s->req_nb_sectors;
637         ide_transfer_start(s, s->io_buffer, 512 * n1, ide_sector_write);
638     }
639     ide_set_sector(s, sector_num + n);
640  
641 #ifdef TARGET_I386
642     if (win2k_install_hack && ((++s->irq_count % 16) == 0)) {
643         /* It seems there is a bug in the Windows 2000 installer HDD
644            IDE driver which fills the disk with empty logs when the
645            IDE write IRQ comes too early. This hack tries to correct
646            that at the expense of slower write performances. Use this
647            option _only_ to install Windows 2000. You must disable it
648            for normal use. */
649         qemu_mod_timer(s->sector_write_timer,
650                        qemu_get_clock(vm_clock) + (get_ticks_per_sec() / 1000));
651     } else
652 #endif
653     {
654         ide_set_irq(s->bus);
655     }
656 }
657  
658 static void ide_dma_restart_bh(void *opaque)
659 {
660     BMDMAState *bm = opaque;
661  
662     qemu_bh_delete(bm->bh);
663     bm->bh = NULL;
664  
665     if (bm->status & BM_STATUS_DMA_RETRY) {
666         bm->status &= ~BM_STATUS_DMA_RETRY;
667         ide_dma_restart(bmdma_active_if(bm));
668     } else if (bm->status & BM_STATUS_PIO_RETRY) {
669         bm->status &= ~BM_STATUS_PIO_RETRY;
670         ide_sector_write(bmdma_active_if(bm));
671     }
672 }
673  
674 void ide_dma_restart_cb(void *opaque, int running, int reason)
675 {
676     BMDMAState *bm = opaque;
677  
678     if (!running)
679         return;
680  
681     if (!bm->bh) {
682         bm->bh = qemu_bh_new(ide_dma_restart_bh, bm);
683         qemu_bh_schedule(bm->bh);
684     }
685 }
686  
687 static void ide_write_dma_cb(void *opaque, int ret)
688 {
689     BMDMAState *bm = opaque;
690     IDEState *s = bmdma_active_if(bm);
691     int n;
692     int64_t sector_num;
693  
694     if (ret < 0) {
695         if (ide_handle_write_error(s, -ret,  BM_STATUS_DMA_RETRY))
696             return;
697     }
698  
699     n = s->io_buffer_size >> 9;
700     sector_num = ide_get_sector(s);
701     if (n > 0) {
702         dma_buf_commit(s, 0);
703         sector_num += n;
704         ide_set_sector(s, sector_num);
705         s->nsector -= n;
706     }
707  
708     /* end of transfer ? */
709     if (s->nsector == 0) {
710         s->status = READY_STAT | SEEK_STAT;
711         ide_set_irq(s->bus);
712     eot:
713         bm->status &= ~BM_STATUS_DMAING;
714         bm->status |= BM_STATUS_INT;
715         bm->dma_cb = NULL;
716         bm->unit = -1;
717         bm->aiocb = NULL;
718         return;
719     }
720  
721     n = s->nsector;
722     s->io_buffer_size = n * 512;
723     /* launch next transfer */
724     if (dma_buf_prepare(bm, 0) == 0)
725         goto eot;
726 #ifdef DEBUG_AIO
727     printf("aio_write: sector_num=%" PRId64 " n=%d\n", sector_num, n);
728 #endif
729     bm->aiocb = dma_bdrv_write(s->bs, &s->sg, sector_num, ide_write_dma_cb, bm);
730     ide_dma_submit_check(s, ide_write_dma_cb, bm);
731 }
732  
733 static void ide_sector_write_dma(IDEState *s)
734 {
735     s->status = READY_STAT | SEEK_STAT | DRQ_STAT | BUSY_STAT;
736     s->io_buffer_index = 0;
737     s->io_buffer_size = 0;
738     s->is_read = 0;
739     ide_dma_start(s, ide_write_dma_cb);
740 }
741  
742 void ide_atapi_cmd_ok(IDEState *s)
743 {
744     s->error = 0;
745     s->status = READY_STAT | SEEK_STAT;
746     s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
747     ide_set_irq(s->bus);
748 }
749  
750 void ide_atapi_cmd_error(IDEState *s, int sense_key, int asc)
751 {
752 #ifdef DEBUG_IDE_ATAPI
753     printf("atapi_cmd_error: sense=0x%x asc=0x%x\n", sense_key, asc);
754 #endif
755     s->error = sense_key << 4;
756     s->status = READY_STAT | ERR_STAT;
757     s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
758     s->sense_key = sense_key;
759     s->asc = asc;
760     ide_set_irq(s->bus);
761 }
762  
763 static void ide_atapi_cmd_check_status(IDEState *s)
764 {
765 #ifdef DEBUG_IDE_ATAPI
766     printf("atapi_cmd_check_status\n");
767 #endif
768     s->error = MC_ERR | (SENSE_UNIT_ATTENTION << 4);
769     s->status = ERR_STAT;
770     s->nsector = 0;
771     ide_set_irq(s->bus);
772 }
773  
774 static void ide_flush_cb(void *opaque, int ret)
775 {
776     IDEState *s = opaque;
777  
778     /* XXX: how do we signal I/O errors here? */
779  
780     s->status = READY_STAT | SEEK_STAT;
781     ide_set_irq(s->bus);
782 }
783  
784 static inline void cpu_to_ube16(uint8_t *buf, int val)
785 {
786     buf[0] = val >> 8;
787     buf[1] = val & 0xff;
788 }
789  
790 static inline void cpu_to_ube32(uint8_t *buf, unsigned int val)
791 {
792     buf[0] = val >> 24;
793     buf[1] = val >> 16;
794     buf[2] = val >> 8;
795     buf[3] = val & 0xff;
796 }
797  
798 static inline int ube16_to_cpu(const uint8_t *buf)
799 {
800     return (buf[0] << 8) | buf[1];
801 }
802  
803 static inline int ube32_to_cpu(const uint8_t *buf)
804 {
805     return (buf[0] << 24) | (buf[1] << 16) | (buf[2] << 8) | buf[3];
806 }
807  
808 static void lba_to_msf(uint8_t *buf, int lba)
809 {
810     lba += 150;
811     buf[0] = (lba / 75) / 60;
812     buf[1] = (lba / 75) % 60;
813     buf[2] = lba % 75;
814 }
815  
816 static void cd_data_to_raw(uint8_t *buf, int lba)
817 {
818     /* sync bytes */
819     buf[0] = 0x00;
820     memset(buf + 1, 0xff, 10);
821     buf[11] = 0x00;
822     buf += 12;
823     /* MSF */
824     lba_to_msf(buf, lba);
825     buf[3] = 0x01; /* mode 1 data */
826     buf += 4;
827     /* data */
828     buf += 2048;
829     /* XXX: ECC not computed */
830     memset(buf, 0, 288);
831 }
832  
833 static int cd_read_sector(BlockDriverState *bs, int lba, uint8_t *buf,
834                            int sector_size)
835 {
836     int ret;
837  
838     switch(sector_size) {
839     case 2048:
840         ret = bdrv_read(bs, (int64_t)lba << 2, buf, 4);
841         break;
842     case 2352:
843         ret = bdrv_read(bs, (int64_t)lba << 2, buf + 16, 4);
844         if (ret < 0)
845             return ret;
846         cd_data_to_raw(buf, lba);
847         break;
848     default:
849         ret = -EIO;
850         break;
851     }
852     return ret;
853 }
854  
855 void ide_atapi_io_error(IDEState *s, int ret)
856 {
857     /* XXX: handle more errors */
858     if (ret == -ENOMEDIUM) {
859         ide_atapi_cmd_error(s, SENSE_NOT_READY,
860                             ASC_MEDIUM_NOT_PRESENT);
861     } else {
862         ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
863                             ASC_LOGICAL_BLOCK_OOR);
864     }
865 }
866  
867 /* The whole ATAPI transfer logic is handled in this function */
868 static void ide_atapi_cmd_reply_end(IDEState *s)
869 {
870     int byte_count_limit, size, ret;
871 #ifdef DEBUG_IDE_ATAPI
872     printf("reply: tx_size=%d elem_tx_size=%d index=%d\n",
873            s->packet_transfer_size,
874            s->elementary_transfer_size,
875            s->io_buffer_index);
876 #endif
877     if (s->packet_transfer_size <= 0) {
878         /* end of transfer */
879         ide_transfer_stop(s);
880         s->status = READY_STAT | SEEK_STAT;
881         s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
882         ide_set_irq(s->bus);
883 #ifdef DEBUG_IDE_ATAPI
884         printf("status=0x%x\n", s->status);
885 #endif
886     } else {
887         /* see if a new sector must be read */
888         if (s->lba != -1 && s->io_buffer_index >= s->cd_sector_size) {
889             ret = cd_read_sector(s->bs, s->lba, s->io_buffer, s->cd_sector_size);
890             if (ret < 0) {
891                 ide_transfer_stop(s);
892                 ide_atapi_io_error(s, ret);
893                 return;
894             }
895             s->lba++;
896             s->io_buffer_index = 0;
897         }
898         if (s->elementary_transfer_size > 0) {
899             /* there are some data left to transmit in this elementary
900                transfer */
901             size = s->cd_sector_size - s->io_buffer_index;
902             if (size > s->elementary_transfer_size)
903                 size = s->elementary_transfer_size;
904             ide_transfer_start(s, s->io_buffer + s->io_buffer_index,
905                                size, ide_atapi_cmd_reply_end);
906             s->packet_transfer_size -= size;
907             s->elementary_transfer_size -= size;
908             s->io_buffer_index += size;
909         } else {
910             /* a new transfer is needed */
911             s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO;
912             byte_count_limit = s->lcyl | (s->hcyl << 8);
913 #ifdef DEBUG_IDE_ATAPI
914             printf("byte_count_limit=%d\n", byte_count_limit);
915 #endif
916             if (byte_count_limit == 0xffff)
917                 byte_count_limit--;
918             size = s->packet_transfer_size;
919             if (size > byte_count_limit) {
920                 /* byte count limit must be even if this case */
921                 if (byte_count_limit & 1)
922                     byte_count_limit--;
923                 size = byte_count_limit;
924             }
925             s->lcyl = size;
926             s->hcyl = size >> 8;
927             s->elementary_transfer_size = size;
928             /* we cannot transmit more than one sector at a time */
929             if (s->lba != -1) {
930                 if (size > (s->cd_sector_size - s->io_buffer_index))
931                     size = (s->cd_sector_size - s->io_buffer_index);
932             }
933             ide_transfer_start(s, s->io_buffer + s->io_buffer_index,
934                                size, ide_atapi_cmd_reply_end);
935             s->packet_transfer_size -= size;
936             s->elementary_transfer_size -= size;
937             s->io_buffer_index += size;
938             ide_set_irq(s->bus);
939 #ifdef DEBUG_IDE_ATAPI
940             printf("status=0x%x\n", s->status);
941 #endif
942         }
943     }
944 }
945  
946 /* send a reply of 'size' bytes in s->io_buffer to an ATAPI command */
947 static void ide_atapi_cmd_reply(IDEState *s, int size, int max_size)
948 {
949     if (size > max_size)
950         size = max_size;
951     s->lba = -1; /* no sector read */
952     s->packet_transfer_size = size;
953     s->io_buffer_size = size;    /* dma: send the reply data as one chunk */
954     s->elementary_transfer_size = 0;
955     s->io_buffer_index = 0;
956  
957     if (s->atapi_dma) {
958         s->status = READY_STAT | SEEK_STAT | DRQ_STAT;
959         ide_dma_start(s, ide_atapi_cmd_read_dma_cb);
960     } else {
961         s->status = READY_STAT | SEEK_STAT;
962         ide_atapi_cmd_reply_end(s);
963     }
964 }
965  
966 /* start a CD-CDROM read command */
967 static void ide_atapi_cmd_read_pio(IDEState *s, int lba, int nb_sectors,
968                                    int sector_size)
969 {
970     s->lba = lba;
971     s->packet_transfer_size = nb_sectors * sector_size;
972     s->elementary_transfer_size = 0;
973     s->io_buffer_index = sector_size;
974     s->cd_sector_size = sector_size;
975  
976     s->status = READY_STAT | SEEK_STAT;
977     ide_atapi_cmd_reply_end(s);
978 }
979  
980 /* ATAPI DMA support */
981  
982 /* XXX: handle read errors */
983 static void ide_atapi_cmd_read_dma_cb(void *opaque, int ret)
984 {
985     BMDMAState *bm = opaque;
986     IDEState *s = bmdma_active_if(bm);
987     int data_offset, n;
988  
989     if (ret < 0) {
990         ide_atapi_io_error(s, ret);
991         goto eot;
992     }
993  
994     if (s->io_buffer_size > 0) {
995         /*
996          * For a cdrom read sector command (s->lba != -1),
997          * adjust the lba for the next s->io_buffer_size chunk
998          * and dma the current chunk.
999          * For a command != read (s->lba == -1), just transfer
1000          * the reply data.
1001          */
1002         if (s->lba != -1) {
1003             if (s->cd_sector_size == 2352) {
1004                 n = 1;
1005                 cd_data_to_raw(s->io_buffer, s->lba);
1006             } else {
1007                 n = s->io_buffer_size >> 11;
1008             }
1009             s->lba += n;
1010         }
1011         s->packet_transfer_size -= s->io_buffer_size;
1012         if (dma_buf_rw(bm, 1) == 0)
1013             goto eot;
1014     }
1015  
1016     if (s->packet_transfer_size <= 0) {
1017         s->status = READY_STAT | SEEK_STAT;
1018         s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
1019         ide_set_irq(s->bus);
1020     eot:
1021         bm->status &= ~BM_STATUS_DMAING;
1022         bm->status |= BM_STATUS_INT;
1023         bm->dma_cb = NULL;
1024         bm->unit = -1;
1025         bm->aiocb = NULL;
1026         return;
1027     }
1028  
1029     s->io_buffer_index = 0;
1030     if (s->cd_sector_size == 2352) {
1031         n = 1;
1032         s->io_buffer_size = s->cd_sector_size;
1033         data_offset = 16;
1034     } else {
1035         n = s->packet_transfer_size >> 11;
1036         if (n > (IDE_DMA_BUF_SECTORS / 4))
1037             n = (IDE_DMA_BUF_SECTORS / 4);
1038         s->io_buffer_size = n * 2048;
1039         data_offset = 0;
1040     }
1041 #ifdef DEBUG_AIO
1042     printf("aio_read_cd: lba=%u n=%d\n", s->lba, n);
1043 #endif
1044     bm->iov.iov_base = (void *)(s->io_buffer + data_offset);
1045     bm->iov.iov_len = n * 4 * 512;
1046     qemu_iovec_init_external(&bm->qiov, &bm->iov, 1);
1047     bm->aiocb = bdrv_aio_readv(s->bs, (int64_t)s->lba << 2, &bm->qiov,
1048                                n * 4, ide_atapi_cmd_read_dma_cb, bm);
1049     if (!bm->aiocb) {
1050         /* Note: media not present is the most likely case */
1051         ide_atapi_cmd_error(s, SENSE_NOT_READY,
1052                             ASC_MEDIUM_NOT_PRESENT);
1053         goto eot;
1054     }
1055 }
1056  
1057 /* start a CD-CDROM read command with DMA */
1058 /* XXX: test if DMA is available */
1059 static void ide_atapi_cmd_read_dma(IDEState *s, int lba, int nb_sectors,
1060                                    int sector_size)
1061 {
1062     s->lba = lba;
1063     s->packet_transfer_size = nb_sectors * sector_size;
1064     s->io_buffer_index = 0;
1065     s->io_buffer_size = 0;
1066     s->cd_sector_size = sector_size;
1067  
1068     /* XXX: check if BUSY_STAT should be set */
1069     s->status = READY_STAT | SEEK_STAT | DRQ_STAT | BUSY_STAT;
1070     ide_dma_start(s, ide_atapi_cmd_read_dma_cb);
1071 }
1072  
1073 static void ide_atapi_cmd_read(IDEState *s, int lba, int nb_sectors,
1074                                int sector_size)
1075 {
1076 #ifdef DEBUG_IDE_ATAPI
1077     printf("read %s: LBA=%d nb_sectors=%d\n", s->atapi_dma ? "dma" : "pio",
1078         lba, nb_sectors);
1079 #endif
1080     if (s->atapi_dma) {
1081         ide_atapi_cmd_read_dma(s, lba, nb_sectors, sector_size);
1082     } else {
1083         ide_atapi_cmd_read_pio(s, lba, nb_sectors, sector_size);
1084     }
1085 }
1086  
1087 static inline uint8_t ide_atapi_set_profile(uint8_t *buf, uint8_t *index,
1088                                             uint16_t profile)
1089 {
1090     uint8_t *buf_profile = buf + 12; /* start of profiles */
1091  
1092     buf_profile += ((*index) * 4); /* start of indexed profile */
1093     cpu_to_ube16 (buf_profile, profile);
1094     buf_profile[2] = ((buf_profile[0] == buf[6]) && (buf_profile[1] == buf[7]));
1095  
1096     /* each profile adds 4 bytes to the response */
1097     (*index)++;
1098     buf[11] += 4; /* Additional Length */
1099  
1100     return 4;
1101 }
1102  
1103 static int ide_dvd_read_structure(IDEState *s, int format,
1104                                   const uint8_t *packet, uint8_t *buf)
1105 {
1106     switch (format) {
1107         case 0x0: /* Physical format information */
1108             {
1109                 int layer = packet[6];
1110                 uint64_t total_sectors;
1111  
1112                 if (layer != 0)
1113                     return -ASC_INV_FIELD_IN_CMD_PACKET;
1114  
1115                 bdrv_get_geometry(s->bs, &total_sectors);
1116                 total_sectors >>= 2;
1117                 if (total_sectors == 0)
1118                     return -ASC_MEDIUM_NOT_PRESENT;
1119  
1120                 buf[4] = 1;   /* DVD-ROM, part version 1 */
1121                 buf[5] = 0xf; /* 120mm disc, minimum rate unspecified */
1122                 buf[6] = 1;   /* one layer, read-only (per MMC-2 spec) */
1123                 buf[7] = 0;   /* default densities */
1124  
1125                 /* FIXME: 0x30000 per spec? */
1126                 cpu_to_ube32(buf + 8, 0); /* start sector */
1127                 cpu_to_ube32(buf + 12, total_sectors - 1); /* end sector */
1128                 cpu_to_ube32(buf + 16, total_sectors - 1); /* l0 end sector */
1129  
1130                 /* Size of buffer, not including 2 byte size field */
1131                 cpu_to_be16wu((uint16_t *)buf, 2048 + 2);
1132  
1133                 /* 2k data + 4 byte header */
1134                 return (2048 + 4);
1135             }
1136  
1137         case 0x01: /* DVD copyright information */
1138             buf[4] = 0; /* no copyright data */
1139             buf[5] = 0; /* no region restrictions */
1140  
1141             /* Size of buffer, not including 2 byte size field */
1142             cpu_to_be16wu((uint16_t *)buf, 4 + 2);
1143  
1144             /* 4 byte header + 4 byte data */
1145             return (4 + 4);
1146  
1147         case 0x03: /* BCA information - invalid field for no BCA info */
1148             return -ASC_INV_FIELD_IN_CMD_PACKET;
1149  
1150         case 0x04: /* DVD disc manufacturing information */
1151             /* Size of buffer, not including 2 byte size field */
1152             cpu_to_be16wu((uint16_t *)buf, 2048 + 2);
1153  
1154             /* 2k data + 4 byte header */
1155             return (2048 + 4);
1156  
1157         case 0xff:
1158             /*
1159              * This lists all the command capabilities above.  Add new ones
1160              * in order and update the length and buffer return values.
1161              */
1162  
1163             buf[4] = 0x00; /* Physical format */
1164             buf[5] = 0x40; /* Not writable, is readable */
1165             cpu_to_be16wu((uint16_t *)(buf + 6), 2048 + 4);
1166  
1167             buf[8] = 0x01; /* Copyright info */
1168             buf[9] = 0x40; /* Not writable, is readable */
1169             cpu_to_be16wu((uint16_t *)(buf + 10), 4 + 4);
1170  
1171             buf[12] = 0x03; /* BCA info */
1172             buf[13] = 0x40; /* Not writable, is readable */
1173             cpu_to_be16wu((uint16_t *)(buf + 14), 188 + 4);
1174  
1175             buf[16] = 0x04; /* Manufacturing info */
1176             buf[17] = 0x40; /* Not writable, is readable */
1177             cpu_to_be16wu((uint16_t *)(buf + 18), 2048 + 4);
1178  
1179             /* Size of buffer, not including 2 byte size field */
1180             cpu_to_be16wu((uint16_t *)buf, 16 + 2);
1181  
1182             /* data written + 4 byte header */
1183             return (16 + 4);
1184  
1185         default: /* TODO: formats beyond DVD-ROM requires */
1186             return -ASC_INV_FIELD_IN_CMD_PACKET;
1187     }
1188 }
1189  
1190 static void ide_atapi_cmd(IDEState *s)
1191 {
1192     const uint8_t *packet;
1193     uint8_t *buf;
1194     int max_len;
1195  
1196     packet = s->io_buffer;
1197     buf = s->io_buffer;
1198 #ifdef DEBUG_IDE_ATAPI
1199     {
1200         int i;
1201         printf("ATAPI limit=0x%x packet:", s->lcyl | (s->hcyl << 8));
1202         for(i = 0; i < ATAPI_PACKET_SIZE; i++) {
1203             printf(" %02x", packet[i]);
1204         }
1205         printf("\n");
1206     }
1207 #endif
1208     /* If there's a UNIT_ATTENTION condition pending, only
1209        REQUEST_SENSE and INQUIRY commands are allowed to complete. */
1210     if (s->sense_key == SENSE_UNIT_ATTENTION &&
1211         s->io_buffer[0] != GPCMD_REQUEST_SENSE &&
1212         s->io_buffer[0] != GPCMD_INQUIRY) {
1213         ide_atapi_cmd_check_status(s);
1214         return;
1215     }
1216     switch(s->io_buffer[0]) {
1217     case GPCMD_TEST_UNIT_READY:
1218         if (bdrv_is_inserted(s->bs) && !s->cdrom_changed) {
1219             ide_atapi_cmd_ok(s);
1220         } else {
1221             s->cdrom_changed = 0;
1222             ide_atapi_cmd_error(s, SENSE_NOT_READY,
1223                                 ASC_MEDIUM_NOT_PRESENT);
1224         }
1225         break;
1226     case GPCMD_MODE_SENSE_6:
1227     case GPCMD_MODE_SENSE_10:
1228         {
1229             int action, code;
1230             if (packet[0] == GPCMD_MODE_SENSE_10)
1231                 max_len = ube16_to_cpu(packet + 7);
1232             else
1233                 max_len = packet[4];
1234             action = packet[2] >> 6;
1235             code = packet[2] & 0x3f;
1236             switch(action) {
1237             case 0: /* current values */
1238                 switch(code) {
1239                 case 0x01: /* error recovery */
1240                     cpu_to_ube16(&buf[0], 16 + 6);
1241                     buf[2] = 0x70;
1242                     buf[3] = 0;
1243                     buf[4] = 0;
1244                     buf[5] = 0;
1245                     buf[6] = 0;
1246                     buf[7] = 0;
1247  
1248                     buf[8] = 0x01;
1249                     buf[9] = 0x06;
1250                     buf[10] = 0x00;
1251                     buf[11] = 0x05;
1252                     buf[12] = 0x00;
1253                     buf[13] = 0x00;
1254                     buf[14] = 0x00;
1255                     buf[15] = 0x00;
1256                     ide_atapi_cmd_reply(s, 16, max_len);
1257                     break;
1258                 case 0x2a:
1259                     cpu_to_ube16(&buf[0], 28 + 6);
1260                     buf[2] = 0x70;
1261                     buf[3] = 0;
1262                     buf[4] = 0;
1263                     buf[5] = 0;
1264                     buf[6] = 0;
1265                     buf[7] = 0;
1266  
1267                     buf[8] = 0x2a;
1268                     buf[9] = 0x12;
1269                     buf[10] = 0x00;
1270                     buf[11] = 0x00;
1271  
1272                     /* Claim PLAY_AUDIO capability (0x01) since some Linux
1273                        code checks for this to automount media. */
1274                     buf[12] = 0x71;
1275                     buf[13] = 3 << 5;
1276                     buf[14] = (1 << 0) | (1 << 3) | (1 << 5);
1277                     if (bdrv_is_locked(s->bs))
1278                         buf[6] |= 1 << 1;
1279                     buf[15] = 0x00;
1280                     cpu_to_ube16(&buf[16], 706);
1281                     buf[18] = 0;
1282                     buf[19] = 2;
1283                     cpu_to_ube16(&buf[20], 512);
1284                     cpu_to_ube16(&buf[22], 706);
1285                     buf[24] = 0;
1286                     buf[25] = 0;
1287                     buf[26] = 0;
1288                     buf[27] = 0;
1289                     ide_atapi_cmd_reply(s, 28, max_len);
1290                     break;
1291                 default:
1292                     goto error_cmd;
1293                 }
1294                 break;
1295             case 1: /* changeable values */
1296                 goto error_cmd;
1297             case 2: /* default values */
1298                 goto error_cmd;
1299             default:
1300             case 3: /* saved values */
1301                 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1302                                     ASC_SAVING_PARAMETERS_NOT_SUPPORTED);
1303                 break;
1304             }
1305         }
1306         break;
1307     case GPCMD_REQUEST_SENSE:
1308         max_len = packet[4];
1309         memset(buf, 0, 18);
1310         buf[0] = 0x70 | (1 << 7);
1311         buf[2] = s->sense_key;
1312         buf[7] = 10;
1313         buf[12] = s->asc;
1314         if (s->sense_key == SENSE_UNIT_ATTENTION)
1315             s->sense_key = SENSE_NONE;
1316         ide_atapi_cmd_reply(s, 18, max_len);
1317         break;
1318     case GPCMD_PREVENT_ALLOW_MEDIUM_REMOVAL:
1319         if (bdrv_is_inserted(s->bs)) {
1320             bdrv_set_locked(s->bs, packet[4] & 1);
1321             ide_atapi_cmd_ok(s);
1322         } else {
1323             ide_atapi_cmd_error(s, SENSE_NOT_READY,
1324                                 ASC_MEDIUM_NOT_PRESENT);
1325         }
1326         break;
1327     case GPCMD_READ_10:
1328     case GPCMD_READ_12:
1329         {
1330             int nb_sectors, lba;
1331  
1332             if (packet[0] == GPCMD_READ_10)
1333                 nb_sectors = ube16_to_cpu(packet + 7);
1334             else
1335                 nb_sectors = ube32_to_cpu(packet + 6);
1336             lba = ube32_to_cpu(packet + 2);
1337             if (nb_sectors == 0) {
1338                 ide_atapi_cmd_ok(s);
1339                 break;
1340             }
1341             ide_atapi_cmd_read(s, lba, nb_sectors, 2048);
1342         }
1343         break;
1344     case GPCMD_READ_CD:
1345         {
1346             int nb_sectors, lba, transfer_request;
1347  
1348             nb_sectors = (packet[6] << 16) | (packet[7] << 8) | packet[8];
1349             lba = ube32_to_cpu(packet + 2);
1350             if (nb_sectors == 0) {
1351                 ide_atapi_cmd_ok(s);
1352                 break;
1353             }
1354             transfer_request = packet[9];
1355             switch(transfer_request & 0xf8) {
1356             case 0x00:
1357                 /* nothing */
1358                 ide_atapi_cmd_ok(s);
1359                 break;
1360             case 0x10:
1361                 /* normal read */
1362                 ide_atapi_cmd_read(s, lba, nb_sectors, 2048);
1363                 break;
1364             case 0xf8:
1365                 /* read all data */
1366                 ide_atapi_cmd_read(s, lba, nb_sectors, 2352);
1367                 break;
1368             default:
1369                 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1370                                     ASC_INV_FIELD_IN_CMD_PACKET);
1371                 break;
1372             }
1373         }
1374         break;
1375     case GPCMD_SEEK:
1376         {
1377             unsigned int lba;
1378             uint64_t total_sectors;
1379  
1380             bdrv_get_geometry(s->bs, &total_sectors);
1381             total_sectors >>= 2;
1382             if (total_sectors == 0) {
1383                 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1384                                     ASC_MEDIUM_NOT_PRESENT);
1385                 break;
1386             }
1387             lba = ube32_to_cpu(packet + 2);
1388             if (lba >= total_sectors) {
1389                 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1390                                     ASC_LOGICAL_BLOCK_OOR);
1391                 break;
1392             }
1393             ide_atapi_cmd_ok(s);
1394         }
1395         break;
1396     case GPCMD_START_STOP_UNIT:
1397         {
1398             int start, eject, err = 0;
1399             start = packet[4] & 1;
1400             eject = (packet[4] >> 1) & 1;
1401  
1402             if (eject) {
1403                 err = bdrv_eject(s->bs, !start);
1404             }
1405  
1406             switch (err) {
1407             case 0:
1408                 ide_atapi_cmd_ok(s);
1409                 break;
1410             case -EBUSY:
1411                 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1412                                     ASC_MEDIA_REMOVAL_PREVENTED);
1413                 break;
1414             default:
1415                 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1416                                     ASC_MEDIUM_NOT_PRESENT);
1417                 break;
1418             }
1419         }
1420         break;
1421     case GPCMD_MECHANISM_STATUS:
1422         {
1423             max_len = ube16_to_cpu(packet + 8);
1424             cpu_to_ube16(buf, 0);
1425             /* no current LBA */
1426             buf[2] = 0;
1427             buf[3] = 0;
1428             buf[4] = 0;
1429             buf[5] = 1;
1430             cpu_to_ube16(buf + 6, 0);
1431             ide_atapi_cmd_reply(s, 8, max_len);
1432         }
1433         break;
1434     case GPCMD_READ_TOC_PMA_ATIP:
1435         {
1436             int format, msf, start_track, len;
1437             uint64_t total_sectors;
1438  
1439             bdrv_get_geometry(s->bs, &total_sectors);
1440             total_sectors >>= 2;
1441             if (total_sectors == 0) {
1442                 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1443                                     ASC_MEDIUM_NOT_PRESENT);
1444                 break;
1445             }
1446             max_len = ube16_to_cpu(packet + 7);
1447             format = packet[9] >> 6;
1448             msf = (packet[1] >> 1) & 1;
1449             start_track = packet[6];
1450             switch(format) {
1451             case 0:
1452                 len = cdrom_read_toc(total_sectors, buf, msf, start_track);
1453                 if (len < 0)
1454                     goto error_cmd;
1455                 ide_atapi_cmd_reply(s, len, max_len);
1456                 break;
1457             case 1:
1458                 /* multi session : only a single session defined */
1459                 memset(buf, 0, 12);
1460                 buf[1] = 0x0a;
1461                 buf[2] = 0x01;
1462                 buf[3] = 0x01;
1463                 ide_atapi_cmd_reply(s, 12, max_len);
1464                 break;
1465             case 2:
1466                 len = cdrom_read_toc_raw(total_sectors, buf, msf, start_track);
1467                 if (len < 0)
1468                     goto error_cmd;
1469                 ide_atapi_cmd_reply(s, len, max_len);
1470                 break;
1471             default:
1472             error_cmd:
1473                 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1474                                     ASC_INV_FIELD_IN_CMD_PACKET);
1475                 break;
1476             }
1477         }
1478         break;
1479     case GPCMD_READ_CDVD_CAPACITY:
1480         {
1481             uint64_t total_sectors;
1482  
1483             bdrv_get_geometry(s->bs, &total_sectors);
1484             total_sectors >>= 2;
1485             if (total_sectors == 0) {
1486                 ide_atapi_cmd_error(s, SENSE_NOT_READY,
1487                                     ASC_MEDIUM_NOT_PRESENT);
1488                 break;
1489             }
1490             /* NOTE: it is really the number of sectors minus 1 */
1491             cpu_to_ube32(buf, total_sectors - 1);
1492             cpu_to_ube32(buf + 4, 2048);
1493             ide_atapi_cmd_reply(s, 8, 8);
1494         }
1495         break;
1496     case GPCMD_READ_DVD_STRUCTURE:
1497         {
1498             int media = packet[1];
1499             int format = packet[7];
1500             int ret;
1501  
1502             max_len = ube16_to_cpu(packet + 8);
1503  
1504             if (format < 0xff) {
1505                 if (media_is_cd(s)) {
1506                     ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1507                                         ASC_INCOMPATIBLE_FORMAT);
1508                     break;
1509                 } else if (!media_present(s)) {
1510                     ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1511                                         ASC_INV_FIELD_IN_CMD_PACKET);
1512                     break;
1513                 }
1514             }
1515  
1516             memset(buf, 0, max_len > IDE_DMA_BUF_SECTORS * 512 + 4 ?
1517                    IDE_DMA_BUF_SECTORS * 512 + 4 : max_len);
1518  
1519             switch (format) {
1520                 case 0x00 ... 0x7f:
1521                 case 0xff:
1522                     if (media == 0) {
1523                         ret = ide_dvd_read_structure(s, format, packet, buf);
1524  
1525                         if (ret < 0)
1526                             ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST, -ret);
1527                         else
1528                             ide_atapi_cmd_reply(s, ret, max_len);
1529  
1530                         break;
1531                     }
1532                     /* TODO: BD support, fall through for now */
1533  
1534                 /* Generic disk structures */
1535                 case 0x80: /* TODO: AACS volume identifier */
1536                 case 0x81: /* TODO: AACS media serial number */
1537                 case 0x82: /* TODO: AACS media identifier */
1538                 case 0x83: /* TODO: AACS media key block */
1539                 case 0x90: /* TODO: List of recognized format layers */
1540                 case 0xc0: /* TODO: Write protection status */
1541                 default:
1542                     ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1543                                         ASC_INV_FIELD_IN_CMD_PACKET);
1544                     break;
1545             }
1546         }
1547         break;
1548     case GPCMD_SET_SPEED:
1549         ide_atapi_cmd_ok(s);
1550         break;
1551     case GPCMD_INQUIRY:
1552         max_len = packet[4];
1553         buf[0] = 0x05; /* CD-ROM */
1554         buf[1] = 0x80; /* removable */
1555         buf[2] = 0x00; /* ISO */
1556         buf[3] = 0x21; /* ATAPI-2 (XXX: put ATAPI-4 ?) */
1557         buf[4] = 31; /* additional length */
1558         buf[5] = 0; /* reserved */
1559         buf[6] = 0; /* reserved */
1560         buf[7] = 0; /* reserved */
1561         padstr8(buf + 8, 8, "QEMU");
1562         padstr8(buf + 16, 16, "QEMU DVD-ROM");
1563         padstr8(buf + 32, 4, QEMU_VERSION);
1564         ide_atapi_cmd_reply(s, 36, max_len);
1565         break;
1566     case GPCMD_GET_CONFIGURATION:
1567         {
1568             uint32_t len;
1569             uint8_t index = 0;
1570  
1571             /* only feature 0 is supported */
1572             if (packet[2] != 0 || packet[3] != 0) {
1573                 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1574                                     ASC_INV_FIELD_IN_CMD_PACKET);
1575                 break;
1576             }
1577  
1578             /* XXX: could result in alignment problems in some architectures */
1579             max_len = ube16_to_cpu(packet + 7);
1580  
1581             /*
1582              * XXX: avoid overflow for io_buffer if max_len is bigger than
1583              *      the size of that buffer (dimensioned to max number of
1584              *      sectors to transfer at once)
1585              *
1586              *      Only a problem if the feature/profiles grow.
1587              */
1588             if (max_len > 512) /* XXX: assume 1 sector */
1589                 max_len = 512;
1590  
1591             memset(buf, 0, max_len);
1592             /*
1593              * the number of sectors from the media tells us which profile
1594              * to use as current.  0 means there is no media
1595              */
1596             if (media_is_dvd(s))
1597                 cpu_to_ube16(buf + 6, MMC_PROFILE_DVD_ROM);
1598             else if (media_is_cd(s))
1599                 cpu_to_ube16(buf + 6, MMC_PROFILE_CD_ROM);
1600  
1601             buf[10] = 0x02 | 0x01; /* persistent and current */
1602             len = 12; /* headers: 8 + 4 */
1603             len += ide_atapi_set_profile(buf, &index, MMC_PROFILE_DVD_ROM);
1604             len += ide_atapi_set_profile(buf, &index, MMC_PROFILE_CD_ROM);
1605             cpu_to_ube32(buf, len - 4); /* data length */
1606  
1607             ide_atapi_cmd_reply(s, len, max_len);
1608             break;
1609         }
1610     default:
1611         ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST,
1612                             ASC_ILLEGAL_OPCODE);
1613         break;
1614     }
1615 }
1616  
1617 static void ide_cfata_metadata_inquiry(IDEState *s)
1618 {
1619     uint16_t *p;
1620     uint32_t spd;
1621  
1622     p = (uint16_t *) s->io_buffer;
1623     memset(p, 0, 0x200);
1624     spd = ((s->mdata_size - 1) >> 9) + 1;
1625  
1626     put_le16(p + 0, 0x0001);                    /* Data format revision */
1627     put_le16(p + 1, 0x0000);                    /* Media property: silicon */
1628     put_le16(p + 2, s->media_changed);          /* Media status */
1629     put_le16(p + 3, s->mdata_size & 0xffff);    /* Capacity in bytes (low) */
1630     put_le16(p + 4, s->mdata_size >> 16);       /* Capacity in bytes (high) */
1631     put_le16(p + 5, spd & 0xffff);              /* Sectors per device (low) */
1632     put_le16(p + 6, spd >> 16);                 /* Sectors per device (high) */
1633 }
1634  
1635 static void ide_cfata_metadata_read(IDEState *s)
1636 {
1637     uint16_t *p;
1638  
1639     if (((s->hcyl << 16) | s->lcyl) << 9 > s->mdata_size + 2) {
1640         s->status = ERR_STAT;
1641         s->error = ABRT_ERR;
1642         return;
1643     }
1644  
1645     p = (uint16_t *) s->io_buffer;
1646     memset(p, 0, 0x200);
1647  
1648     put_le16(p + 0, s->media_changed);          /* Media status */
1649     memcpy(p + 1, s->mdata_storage + (((s->hcyl << 16) | s->lcyl) << 9),
1650                     MIN(MIN(s->mdata_size - (((s->hcyl << 16) | s->lcyl) << 9),
1651                                     s->nsector << 9), 0x200 - 2));
1652 }
1653  
1654 static void ide_cfata_metadata_write(IDEState *s)
1655 {
1656     if (((s->hcyl << 16) | s->lcyl) << 9 > s->mdata_size + 2) {
1657         s->status = ERR_STAT;
1658         s->error = ABRT_ERR;
1659         return;
1660     }
1661  
1662     s->media_changed = 0;
1663  
1664     memcpy(s->mdata_storage + (((s->hcyl << 16) | s->lcyl) << 9),
1665                     s->io_buffer + 2,
1666                     MIN(MIN(s->mdata_size - (((s->hcyl << 16) | s->lcyl) << 9),
1667                                     s->nsector << 9), 0x200 - 2));
1668 }
1669  
1670 /* called when the inserted state of the media has changed */
1671 static void cdrom_change_cb(void *opaque)
1672 {
1673     IDEState *s = opaque;
1674     uint64_t nb_sectors;
1675  
1676     bdrv_get_geometry(s->bs, &nb_sectors);
1677     s->nb_sectors = nb_sectors;
1678  
1679     s->sense_key = SENSE_UNIT_ATTENTION;
1680     s->asc = ASC_MEDIUM_MAY_HAVE_CHANGED;
1681     s->cdrom_changed = 1;
1682     ide_set_irq(s->bus);
1683 }
1684  
1685 static void ide_cmd_lba48_transform(IDEState *s, int lba48)
1686 {
1687     s->lba48 = lba48;
1688  
1689     /* handle the 'magic' 0 nsector count conversion here. to avoid
1690      * fiddling with the rest of the read logic, we just store the
1691      * full sector count in ->nsector and ignore ->hob_nsector from now
1692      */
1693     if (!s->lba48) {
1694         if (!s->nsector)
1695             s->nsector = 256;
1696     } else {
1697         if (!s->nsector && !s->hob_nsector)
1698             s->nsector = 65536;
1699         else {
1700             int lo = s->nsector;
1701             int hi = s->hob_nsector;
1702  
1703             s->nsector = (hi << 8) | lo;
1704         }
1705     }
1706 }
1707  
1708 static void ide_clear_hob(IDEBus *bus)
1709 {
1710     /* any write clears HOB high bit of device control register */
1711     bus->ifs[0].select &= ~(1 << 7);
1712     bus->ifs[1].select &= ~(1 << 7);
1713 }
1714  
1715 void ide_ioport_write(void *opaque, uint32_t addr, uint32_t val)
1716 {
1717     IDEBus *bus = opaque;
1718     IDEState *s;
1719     int n;
1720     int lba48 = 0;
1721  
1722 #ifdef DEBUG_IDE
1723     printf("IDE: write addr=0x%x val=0x%02x\n", addr, val);
1724 #endif
1725  
1726     addr &= 7;
1727  
1728     /* ignore writes to command block while busy with previous command */
1729     if (addr != 7 && (idebus_active_if(bus)->status & (BUSY_STAT|DRQ_STAT)))
1730         return;
1731  
1732     switch(addr) {
1733     case 0:
1734         break;
1735     case 1:
1736         ide_clear_hob(bus);
1737         /* NOTE: data is written to the two drives */
1738         bus->ifs[0].hob_feature = bus->ifs[0].feature;
1739         bus->ifs[1].hob_feature = bus->ifs[1].feature;
1740         bus->ifs[0].feature = val;
1741         bus->ifs[1].feature = val;
1742         break;
1743     case 2:
1744         ide_clear_hob(bus);
1745         bus->ifs[0].hob_nsector = bus->ifs[0].nsector;
1746         bus->ifs[1].hob_nsector = bus->ifs[1].nsector;
1747         bus->ifs[0].nsector = val;
1748         bus->ifs[1].nsector = val;
1749         break;
1750     case 3:
1751         ide_clear_hob(bus);
1752         bus->ifs[0].hob_sector = bus->ifs[0].sector;
1753         bus->ifs[1].hob_sector = bus->ifs[1].sector;
1754         bus->ifs[0].sector = val;
1755         bus->ifs[1].sector = val;
1756         break;
1757     case 4:
1758         ide_clear_hob(bus);
1759         bus->ifs[0].hob_lcyl = bus->ifs[0].lcyl;
1760         bus->ifs[1].hob_lcyl = bus->ifs[1].lcyl;
1761         bus->ifs[0].lcyl = val;
1762         bus->ifs[1].lcyl = val;
1763         break;
1764     case 5:
1765         ide_clear_hob(bus);
1766         bus->ifs[0].hob_hcyl = bus->ifs[0].hcyl;
1767         bus->ifs[1].hob_hcyl = bus->ifs[1].hcyl;
1768         bus->ifs[0].hcyl = val;
1769         bus->ifs[1].hcyl = val;
1770         break;
1771     case 6:
1772         /* FIXME: HOB readback uses bit 7 */
78 roytam 1773         bus->ifs[0].select = (val & ~0x10) |
1774                              (bus->ifs[0].support_chs ? 0x80 : 0xa0);
1775         bus->ifs[1].select = (val | 0x10) |
1776                              (bus->ifs[1].support_chs ? 0x80 : 0xa0);
74 roytam 1777         /* select drive */
1778         bus->unit = (val >> 4) & 1;
1779         break;
1780     default:
1781     case 7:
1782         /* command */
1783 #if defined(DEBUG_IDE)
1784         printf("ide: CMD=%02x\n", val);
1785 #endif
1786         s = idebus_active_if(bus);
1787         /* ignore commands to non existant slave */
1788         if (s != bus->ifs && !s->bs)
1789             break;
1790  
1791         /* Only DEVICE RESET is allowed while BSY or/and DRQ are set */
1792         if ((s->status & (BUSY_STAT|DRQ_STAT)) && val != WIN_DEVICE_RESET)
1793             break;
1794  
1795         switch(val) {
1796         case WIN_IDENTIFY:
1797             if (s->bs && !s->is_cdrom) {
1798                 if (!s->is_cf)
1799                     ide_identify(s);
1800                 else
1801                     ide_cfata_identify(s);
1802                 s->status = READY_STAT | SEEK_STAT;
1803                 ide_transfer_start(s, s->io_buffer, 512, ide_transfer_stop);
1804             } else {
1805                 if (s->is_cdrom) {
1806                     ide_set_signature(s);
1807                 }
1808                 ide_abort_command(s);
1809             }
1810             ide_set_irq(s->bus);
1811             break;
1812         case WIN_SPECIFY:
78 roytam 1813             if (s->support_chs && !(s->select & 0x40)) {
77 roytam 1814                 uint64_t sectors;
1815                 bdrv_get_geometry(s->bs, &sectors);
1816                 s->heads = (s->select & 0xf) + 1;
1817                 s->sectors = s->nsector;
1818                 s->cylinders = sectors / (s->heads * s->sectors);
1819             }
74 roytam 1820         case WIN_RECAL:
1821             s->error = 0;
1822             s->status = READY_STAT | SEEK_STAT;
1823             ide_set_irq(s->bus);
1824             break;
1825         case WIN_SETMULT:
1826             if (s->is_cf && s->nsector == 0) {
1827                 /* Disable Read and Write Multiple */
1828                 s->mult_sectors = 0;
1829                 s->status = READY_STAT | SEEK_STAT;
1830             } else if ((s->nsector & 0xff) != 0 &&
1831                 ((s->nsector & 0xff) > MAX_MULT_SECTORS ||
1832                  (s->nsector & (s->nsector - 1)) != 0)) {
1833                 ide_abort_command(s);
1834             } else {
1835                 s->mult_sectors = s->nsector & 0xff;
1836                 s->status = READY_STAT | SEEK_STAT;
1837             }
1838             ide_set_irq(s->bus);
1839             break;
1840         case WIN_VERIFY_EXT:
1841             lba48 = 1;
1842         case WIN_VERIFY:
1843         case WIN_VERIFY_ONCE:
1844             /* do sector number check ? */
1845             ide_cmd_lba48_transform(s, lba48);
1846             s->status = READY_STAT | SEEK_STAT;
1847             ide_set_irq(s->bus);
1848             break;
1849         case WIN_READ_EXT:
1850             lba48 = 1;
1851         case WIN_READ:
1852         case WIN_READ_ONCE:
1853             if (!s->bs)
1854                 goto abort_cmd;
1855             ide_cmd_lba48_transform(s, lba48);
1856             s->req_nb_sectors = 1;
1857             ide_sector_read(s);
1858             break;
1859         case WIN_WRITE_EXT:
1860             lba48 = 1;
1861         case WIN_WRITE:
1862         case WIN_WRITE_ONCE:
1863         case CFA_WRITE_SECT_WO_ERASE:
1864         case WIN_WRITE_VERIFY:
1865             ide_cmd_lba48_transform(s, lba48);
1866             s->error = 0;
1867             s->status = SEEK_STAT | READY_STAT;
1868             s->req_nb_sectors = 1;
1869             ide_transfer_start(s, s->io_buffer, 512, ide_sector_write);
1870             s->media_changed = 1;
1871             break;
1872         case WIN_MULTREAD_EXT:
1873             lba48 = 1;
1874         case WIN_MULTREAD:
1875             if (!s->mult_sectors)
1876                 goto abort_cmd;
1877             ide_cmd_lba48_transform(s, lba48);
1878             s->req_nb_sectors = s->mult_sectors;
1879             ide_sector_read(s);
1880             break;
1881         case WIN_MULTWRITE_EXT:
1882             lba48 = 1;
1883         case WIN_MULTWRITE:
1884         case CFA_WRITE_MULTI_WO_ERASE:
1885             if (!s->mult_sectors)
1886                 goto abort_cmd;
1887             ide_cmd_lba48_transform(s, lba48);
1888             s->error = 0;
1889             s->status = SEEK_STAT | READY_STAT;
1890             s->req_nb_sectors = s->mult_sectors;
1891             n = s->nsector;
1892             if (n > s->req_nb_sectors)
1893                 n = s->req_nb_sectors;
1894             ide_transfer_start(s, s->io_buffer, 512 * n, ide_sector_write);
1895             s->media_changed = 1;
1896             break;
1897         case WIN_READDMA_EXT:
1898             lba48 = 1;
1899         case WIN_READDMA:
1900         case WIN_READDMA_ONCE:
1901             if (!s->bs)
1902                 goto abort_cmd;
1903             ide_cmd_lba48_transform(s, lba48);
1904             ide_sector_read_dma(s);
1905             break;
1906         case WIN_WRITEDMA_EXT:
1907             lba48 = 1;
1908         case WIN_WRITEDMA:
1909         case WIN_WRITEDMA_ONCE:
1910             if (!s->bs)
1911                 goto abort_cmd;
1912             ide_cmd_lba48_transform(s, lba48);
1913             ide_sector_write_dma(s);
1914             s->media_changed = 1;
1915             break;
1916         case WIN_READ_NATIVE_MAX_EXT:
1917             lba48 = 1;
1918         case WIN_READ_NATIVE_MAX:
1919             ide_cmd_lba48_transform(s, lba48);
1920             ide_set_sector(s, s->nb_sectors - 1);
1921             s->status = READY_STAT | SEEK_STAT;
1922             ide_set_irq(s->bus);
1923             break;
1924         case WIN_CHECKPOWERMODE1:
1925         case WIN_CHECKPOWERMODE2:
1926             s->nsector = 0xff; /* device active or idle */
1927             s->status = READY_STAT | SEEK_STAT;
1928             ide_set_irq(s->bus);
1929             break;
1930         case WIN_SETFEATURES:
1931             if (!s->bs)
1932                 goto abort_cmd;
1933             /* XXX: valid for CDROM ? */
1934             switch(s->feature) {
1935             case 0xcc: /* reverting to power-on defaults enable */
1936             case 0x66: /* reverting to power-on defaults disable */
1937             case 0x02: /* write cache enable */
1938             case 0x82: /* write cache disable */
1939             case 0xaa: /* read look-ahead enable */
1940             case 0x55: /* read look-ahead disable */
1941             case 0x05: /* set advanced power management mode */
1942             case 0x85: /* disable advanced power management mode */
1943             case 0x69: /* NOP */
1944             case 0x67: /* NOP */
1945             case 0x96: /* NOP */
1946             case 0x9a: /* NOP */
1947             case 0x42: /* enable Automatic Acoustic Mode */
1948             case 0xc2: /* disable Automatic Acoustic Mode */
1949                 s->status = READY_STAT | SEEK_STAT;
1950                 ide_set_irq(s->bus);
1951                 break;
1952             case 0x03: { /* set transfer mode */
1953                 uint8_t val = s->nsector & 0x07;
79 roytam 1954                 uint16_t *identify_data = (uint16_t *)s->identify_data;
74 roytam 1955  
1956                 switch (s->nsector >> 3) {
1957                     case 0x00: /* pio default */
1958                     case 0x01: /* pio mode */
79 roytam 1959                         put_le16(identify_data + 62,0x07);
1960                         put_le16(identify_data + 63,0x07);
1961                         put_le16(identify_data + 88,0x3f);
74 roytam 1962                         break;
1963                     case 0x02: /* sigle word dma mode*/
79 roytam 1964                         put_le16(identify_data + 62,0x07 | (1 << (val + 8)));
1965                         put_le16(identify_data + 63,0x07);
1966                         put_le16(identify_data + 88,0x3f);
74 roytam 1967                         break;
1968                     case 0x04: /* mdma mode */
79 roytam 1969                         put_le16(identify_data + 62,0x07);
1970                         put_le16(identify_data + 63,0x07 | (1 << (val + 8)));
1971                         put_le16(identify_data + 88,0x3f);
74 roytam 1972                         break;
1973                     case 0x08: /* udma mode */
79 roytam 1974                         put_le16(identify_data + 62,0x07);
1975                         put_le16(identify_data + 63,0x07);
1976                         put_le16(identify_data + 88,0x3f | (1 << (val + 8)));
74 roytam 1977                         break;
1978                     default:
1979                         goto abort_cmd;
1980                 }
1981                 s->status = READY_STAT | SEEK_STAT;
1982                 ide_set_irq(s->bus);
1983                 break;
1984             }
1985             default:
1986                 goto abort_cmd;
1987             }
1988             break;
1989         case WIN_FLUSH_CACHE:
1990         case WIN_FLUSH_CACHE_EXT:
1991             if (s->bs)
1992                 bdrv_aio_flush(s->bs, ide_flush_cb, s);
1993             else
1994                 ide_flush_cb(s, 0);
1995             break;
1996         case WIN_STANDBY:
1997         case WIN_STANDBY2:
1998         case WIN_STANDBYNOW1:
1999         case WIN_STANDBYNOW2:
2000         case WIN_IDLEIMMEDIATE:
2001         case CFA_IDLEIMMEDIATE:
2002         case WIN_SETIDLE1:
2003         case WIN_SETIDLE2:
2004         case WIN_SLEEPNOW1:
2005         case WIN_SLEEPNOW2:
2006             s->status = READY_STAT;
2007             ide_set_irq(s->bus);
2008             break;
2009         case WIN_SEEK:
2010             if(s->is_cdrom)
2011                 goto abort_cmd;
2012             /* XXX: Check that seek is within bounds */
2013             s->status = READY_STAT | SEEK_STAT;
2014             ide_set_irq(s->bus);
2015             break;
2016             /* ATAPI commands */
2017         case WIN_PIDENTIFY:
2018             if (s->is_cdrom) {
2019                 ide_atapi_identify(s);
2020                 s->status = READY_STAT | SEEK_STAT;
2021                 ide_transfer_start(s, s->io_buffer, 512, ide_transfer_stop);
2022             } else {
2023                 ide_abort_command(s);
2024             }
2025             ide_set_irq(s->bus);
2026             break;
2027         case WIN_DIAGNOSE:
2028             ide_set_signature(s);
2029             if (s->is_cdrom)
2030                 s->status = 0; /* ATAPI spec (v6) section 9.10 defines packet
2031                                 * devices to return a clear status register
2032                                 * with READY_STAT *not* set. */
2033             else
2034                 s->status = READY_STAT | SEEK_STAT;
2035             s->error = 0x01; /* Device 0 passed, Device 1 passed or not
2036                               * present.
2037                               */
2038             ide_set_irq(s->bus);
2039             break;
2040         case WIN_SRST:
2041             if (!s->is_cdrom)
2042                 goto abort_cmd;
2043             ide_set_signature(s);
2044             s->status = 0x00; /* NOTE: READY is _not_ set */
2045             s->error = 0x01;
2046             break;
2047         case WIN_PACKETCMD:
2048             if (!s->is_cdrom)
2049                 goto abort_cmd;
2050             /* overlapping commands not supported */
2051             if (s->feature & 0x02)
2052                 goto abort_cmd;
2053             s->status = READY_STAT | SEEK_STAT;
2054             s->atapi_dma = s->feature & 1;
2055             s->nsector = 1;
2056             ide_transfer_start(s, s->io_buffer, ATAPI_PACKET_SIZE,
2057                                ide_atapi_cmd);
2058             break;
2059         /* CF-ATA commands */
2060         case CFA_REQ_EXT_ERROR_CODE:
2061             if (!s->is_cf)
2062                 goto abort_cmd;
2063             s->error = 0x09;    /* miscellaneous error */
2064             s->status = READY_STAT | SEEK_STAT;
2065             ide_set_irq(s->bus);
2066             break;
2067         case CFA_ERASE_SECTORS:
2068         case CFA_WEAR_LEVEL:
2069             if (!s->is_cf)
2070                 goto abort_cmd;
2071             if (val == CFA_WEAR_LEVEL)
2072                 s->nsector = 0;
2073             if (val == CFA_ERASE_SECTORS)
2074                 s->media_changed = 1;
2075             s->error = 0x00;
2076             s->status = READY_STAT | SEEK_STAT;
2077             ide_set_irq(s->bus);
2078             break;
2079         case CFA_TRANSLATE_SECTOR:
2080             if (!s->is_cf)
2081                 goto abort_cmd;
2082             s->error = 0x00;
2083             s->status = READY_STAT | SEEK_STAT;
2084             memset(s->io_buffer, 0, 0x200);
2085             s->io_buffer[0x00] = s->hcyl;                       /* Cyl MSB */
2086             s->io_buffer[0x01] = s->lcyl;                       /* Cyl LSB */
2087             s->io_buffer[0x02] = s->select;                     /* Head */
2088             s->io_buffer[0x03] = s->sector;                     /* Sector */
2089             s->io_buffer[0x04] = ide_get_sector(s) >> 16;       /* LBA MSB */
2090             s->io_buffer[0x05] = ide_get_sector(s) >> 8;        /* LBA */
2091             s->io_buffer[0x06] = ide_get_sector(s) >> 0;        /* LBA LSB */
2092             s->io_buffer[0x13] = 0x00;                          /* Erase flag */
2093             s->io_buffer[0x18] = 0x00;                          /* Hot count */
2094             s->io_buffer[0x19] = 0x00;                          /* Hot count */
2095             s->io_buffer[0x1a] = 0x01;                          /* Hot count */
2096             ide_transfer_start(s, s->io_buffer, 0x200, ide_transfer_stop);
2097             ide_set_irq(s->bus);
2098             break;
2099         case CFA_ACCESS_METADATA_STORAGE:
2100             if (!s->is_cf)
2101                 goto abort_cmd;
2102             switch (s->feature) {
2103             case 0x02:  /* Inquiry Metadata Storage */
2104                 ide_cfata_metadata_inquiry(s);
2105                 break;
2106             case 0x03:  /* Read Metadata Storage */
2107                 ide_cfata_metadata_read(s);
2108                 break;
2109             case 0x04:  /* Write Metadata Storage */
2110                 ide_cfata_metadata_write(s);
2111                 break;
2112             default:
2113                 goto abort_cmd;
2114             }
2115             ide_transfer_start(s, s->io_buffer, 0x200, ide_transfer_stop);
2116             s->status = 0x00; /* NOTE: READY is _not_ set */
2117             ide_set_irq(s->bus);
2118             break;
2119         case IBM_SENSE_CONDITION:
2120             if (!s->is_cf)
2121                 goto abort_cmd;
2122             switch (s->feature) {
2123             case 0x01:  /* sense temperature in device */
2124                 s->nsector = 0x50;      /* +20 C */
2125                 break;
2126             default:
2127                 goto abort_cmd;
2128             }
2129             s->status = READY_STAT | SEEK_STAT;
2130             ide_set_irq(s->bus);
2131             break;
2132  
2133         case WIN_SMART:
2134             if (s->is_cdrom)
2135                 goto abort_cmd;
2136             if (s->hcyl != 0xc2 || s->lcyl != 0x4f)
2137                 goto abort_cmd;
2138             if (!s->smart_enabled && s->feature != SMART_ENABLE)
2139                 goto abort_cmd;
2140             switch (s->feature) {
2141             case SMART_DISABLE:
2142                 s->smart_enabled = 0;
2143                 s->status = READY_STAT | SEEK_STAT;
2144                 ide_set_irq(s->bus);
2145                 break;
2146             case SMART_ENABLE:
2147                 s->smart_enabled = 1;
2148                 s->status = READY_STAT | SEEK_STAT;
2149                 ide_set_irq(s->bus);
2150                 break;
2151             case SMART_ATTR_AUTOSAVE:
2152                 switch (s->sector) {
2153                 case 0x00:
2154                     s->smart_autosave = 0;
2155                     break;
2156                 case 0xf1:
2157                     s->smart_autosave = 1;
2158                     break;
2159                 default:
2160                     goto abort_cmd;
2161                 }
2162                 s->status = READY_STAT | SEEK_STAT;
2163                 ide_set_irq(s->bus);
2164                 break;
2165             case SMART_STATUS:
2166                 if (!s->smart_errors) {
2167                     s->hcyl = 0xc2;
2168                     s->lcyl = 0x4f;
2169                 } else {
2170                     s->hcyl = 0x2c;
2171                     s->lcyl = 0xf4;
2172                 }
2173                 s->status = READY_STAT | SEEK_STAT;
2174                 ide_set_irq(s->bus);
2175                 break;
2176             case SMART_READ_THRESH:
2177                 memset(s->io_buffer, 0, 0x200);
2178                 s->io_buffer[0] = 0x01; /* smart struct version */
2179                 for (n=0; n<30; n++) {
2180                     if (smart_attributes[n][0] == 0)
2181                         break;
2182                     s->io_buffer[2+0+(n*12)] = smart_attributes[n][0];
2183                     s->io_buffer[2+1+(n*12)] = smart_attributes[n][4];
2184                 }
2185                 for (n=0; n<511; n++) /* checksum */
2186                     s->io_buffer[511] += s->io_buffer[n];
2187                 s->io_buffer[511] = 0x100 - s->io_buffer[511];
2188                 s->status = READY_STAT | SEEK_STAT;
2189                 ide_transfer_start(s, s->io_buffer, 0x200, ide_transfer_stop);
2190                 ide_set_irq(s->bus);
2191                 break;
2192             case SMART_READ_DATA:
2193                 memset(s->io_buffer, 0, 0x200);
2194                 s->io_buffer[0] = 0x01; /* smart struct version */
2195                 for (n=0; n<30; n++) {
2196                     if (smart_attributes[n][0] == 0)
2197                         break;
2198                     s->io_buffer[2+0+(n*12)] = smart_attributes[n][0];
2199                     s->io_buffer[2+1+(n*12)] = smart_attributes[n][1];
2200                     s->io_buffer[2+3+(n*12)] = smart_attributes[n][2];
2201                     s->io_buffer[2+4+(n*12)] = smart_attributes[n][3];
2202                 }
2203                 s->io_buffer[362] = 0x02 | (s->smart_autosave?0x80:0x00);
2204                 if (s->smart_selftest_count == 0) {
2205                     s->io_buffer[363] = 0;
2206                 } else {
2207                     s->io_buffer[363] =
2208                         s->smart_selftest_data[3 +
2209                                                (s->smart_selftest_count - 1) *
2210                                                24];
2211                 }
2212                 s->io_buffer[364] = 0x20;
2213                 s->io_buffer[365] = 0x01;
2214                 /* offline data collection capacity: execute + self-test*/
2215                 s->io_buffer[367] = (1<<4 | 1<<3 | 1);
2216                 s->io_buffer[368] = 0x03; /* smart capability (1) */
2217                 s->io_buffer[369] = 0x00; /* smart capability (2) */
2218                 s->io_buffer[370] = 0x01; /* error logging supported */
2219                 s->io_buffer[372] = 0x02; /* minutes for poll short test */
2220                 s->io_buffer[373] = 0x36; /* minutes for poll ext test */
2221                 s->io_buffer[374] = 0x01; /* minutes for poll conveyance */
2222  
2223                 for (n=0; n<511; n++)
2224                     s->io_buffer[511] += s->io_buffer[n];
2225                 s->io_buffer[511] = 0x100 - s->io_buffer[511];
2226                 s->status = READY_STAT | SEEK_STAT;
2227                 ide_transfer_start(s, s->io_buffer, 0x200, ide_transfer_stop);
2228                 ide_set_irq(s->bus);
2229                 break;
2230             case SMART_READ_LOG:
2231                 switch (s->sector) {
2232                 case 0x01: /* summary smart error log */
2233                     memset(s->io_buffer, 0, 0x200);
2234                     s->io_buffer[0] = 0x01;
2235                     s->io_buffer[1] = 0x00; /* no error entries */
2236                     s->io_buffer[452] = s->smart_errors & 0xff;
2237                     s->io_buffer[453] = (s->smart_errors & 0xff00) >> 8;
2238  
2239                     for (n=0; n<511; n++)
2240                         s->io_buffer[511] += s->io_buffer[n];
2241                     s->io_buffer[511] = 0x100 - s->io_buffer[511];
2242                     break;
2243                 case 0x06: /* smart self test log */
2244                     memset(s->io_buffer, 0, 0x200);
2245                     s->io_buffer[0] = 0x01;
2246                     if (s->smart_selftest_count == 0) {
2247                         s->io_buffer[508] = 0;
2248                     } else {
2249                         s->io_buffer[508] = s->smart_selftest_count;
2250                         for (n=2; n<506; n++)
2251                             s->io_buffer[n] = s->smart_selftest_data[n];
2252                     }              
2253                     for (n=0; n<511; n++)
2254                         s->io_buffer[511] += s->io_buffer[n];
2255                     s->io_buffer[511] = 0x100 - s->io_buffer[511];
2256                     break;
2257                 default:
2258                     goto abort_cmd;
2259                 }
2260                 s->status = READY_STAT | SEEK_STAT;
2261                 ide_transfer_start(s, s->io_buffer, 0x200, ide_transfer_stop);
2262                 ide_set_irq(s->bus);
2263                 break;
2264             case SMART_EXECUTE_OFFLINE:
2265                 switch (s->sector) {
2266                 case 0: /* off-line routine */
2267                 case 1: /* short self test */
2268                 case 2: /* extended self test */
2269                     s->smart_selftest_count++;
2270                     if(s->smart_selftest_count > 21)
2271                         s->smart_selftest_count = 0;
2272                     n = 2 + (s->smart_selftest_count - 1) * 24;
2273                     s->smart_selftest_data[n] = s->sector;
2274                     s->smart_selftest_data[n+1] = 0x00; /* OK and finished */
2275                     s->smart_selftest_data[n+2] = 0x34; /* hour count lsb */
2276                     s->smart_selftest_data[n+3] = 0x12; /* hour count msb */
2277                     s->status = READY_STAT | SEEK_STAT;
2278                     ide_set_irq(s->bus);
2279                     break;
2280                 default:
2281                     goto abort_cmd;
2282                 }
2283                 break;
2284             default:
2285                 goto abort_cmd;
2286             }
2287             break;
2288         default:
2289         abort_cmd:
2290             ide_abort_command(s);
2291             ide_set_irq(s->bus);
2292             break;
2293         }
2294     }
2295 }
2296  
2297 uint32_t ide_ioport_read(void *opaque, uint32_t addr1)
2298 {
2299     IDEBus *bus = opaque;
2300     IDEState *s = idebus_active_if(bus);
2301     uint32_t addr;
2302     int ret, hob;
2303  
2304     addr = addr1 & 7;
2305     /* FIXME: HOB readback uses bit 7, but it's always set right now */
2306     //hob = s->select & (1 << 7);
2307     hob = 0;
2308     switch(addr) {
2309     case 0:
2310         ret = 0xff;
2311         break;
2312     case 1:
2313         if ((!bus->ifs[0].bs && !bus->ifs[1].bs) ||
2314             (s != bus->ifs && !s->bs))
2315             ret = 0;
2316         else if (!hob)
2317             ret = s->error;
2318         else
2319             ret = s->hob_feature;
2320         break;
2321     case 2:
2322         if (!bus->ifs[0].bs && !bus->ifs[1].bs)
2323             ret = 0;
2324         else if (!hob)
2325             ret = s->nsector & 0xff;
2326         else
2327             ret = s->hob_nsector;
2328         break;
2329     case 3:
2330         if (!bus->ifs[0].bs && !bus->ifs[1].bs)
2331             ret = 0;
2332         else if (!hob)
2333             ret = s->sector;
2334         else
2335             ret = s->hob_sector;
2336         break;
2337     case 4:
2338         if (!bus->ifs[0].bs && !bus->ifs[1].bs)
2339             ret = 0;
2340         else if (!hob)
2341             ret = s->lcyl;
2342         else
2343             ret = s->hob_lcyl;
2344         break;
2345     case 5:
2346         if (!bus->ifs[0].bs && !bus->ifs[1].bs)
2347             ret = 0;
2348         else if (!hob)
2349             ret = s->hcyl;
2350         else
2351             ret = s->hob_hcyl;
2352         break;
2353     case 6:
2354         if (!bus->ifs[0].bs && !bus->ifs[1].bs)
2355             ret = 0;
2356         else
2357             ret = s->select;
2358         break;
2359     default:
2360     case 7:
2361         if ((!bus->ifs[0].bs && !bus->ifs[1].bs) ||
2362             (s != bus->ifs && !s->bs))
2363             ret = 0;
2364         else
2365             ret = s->status;
2366         qemu_irq_lower(bus->irq);
2367         break;
2368     }
2369 #ifdef DEBUG_IDE
2370     printf("ide: read addr=0x%x val=%02x\n", addr1, ret);
2371 #endif
2372     return ret;
2373 }
2374  
2375 uint32_t ide_status_read(void *opaque, uint32_t addr)
2376 {
2377     IDEBus *bus = opaque;
2378     IDEState *s = idebus_active_if(bus);
2379     int ret;
2380  
2381     if ((!bus->ifs[0].bs && !bus->ifs[1].bs) ||
2382         (s != bus->ifs && !s->bs))
2383         ret = 0;
2384     else
2385         ret = s->status;
2386 #ifdef DEBUG_IDE
2387     printf("ide: read status addr=0x%x val=%02x\n", addr, ret);
2388 #endif
2389     return ret;
2390 }
2391  
2392 void ide_cmd_write(void *opaque, uint32_t addr, uint32_t val)
2393 {
2394     IDEBus *bus = opaque;
2395     IDEState *s;
2396     int i;
2397  
2398 #ifdef DEBUG_IDE
2399     printf("ide: write control addr=0x%x val=%02x\n", addr, val);
2400 #endif
2401     /* common for both drives */
2402     if (!(bus->cmd & IDE_CMD_RESET) &&
2403         (val & IDE_CMD_RESET)) {
2404         /* reset low to high */
2405         for(i = 0;i < 2; i++) {
2406             s = &bus->ifs[i];
2407             s->status = BUSY_STAT | SEEK_STAT;
2408             s->error = 0x01;
2409         }
2410     } else if ((bus->cmd & IDE_CMD_RESET) &&
2411                !(val & IDE_CMD_RESET)) {
2412         /* high to low */
2413         for(i = 0;i < 2; i++) {
2414             s = &bus->ifs[i];
2415             if (s->is_cdrom)
2416                 s->status = 0x00; /* NOTE: READY is _not_ set */
2417             else
2418                 s->status = READY_STAT | SEEK_STAT;
2419             ide_set_signature(s);
2420         }
2421     }
2422  
2423     bus->cmd = val;
2424 }
2425  
2426 void ide_data_writew(void *opaque, uint32_t addr, uint32_t val)
2427 {
2428     IDEBus *bus = opaque;
2429     IDEState *s = idebus_active_if(bus);
2430     uint8_t *p;
2431  
2432     /* PIO data access allowed only when DRQ bit is set */
2433     if (!(s->status & DRQ_STAT))
2434         return;
2435  
2436     p = s->data_ptr;
2437     *(uint16_t *)p = le16_to_cpu(val);
2438     p += 2;
2439     s->data_ptr = p;
2440     if (p >= s->data_end)
2441         s->end_transfer_func(s);
2442 }
2443  
2444 uint32_t ide_data_readw(void *opaque, uint32_t addr)
2445 {
2446     IDEBus *bus = opaque;
2447     IDEState *s = idebus_active_if(bus);
2448     uint8_t *p;
2449     int ret;
2450  
2451     /* PIO data access allowed only when DRQ bit is set */
2452     if (!(s->status & DRQ_STAT))
2453         return 0;
2454  
2455     p = s->data_ptr;
2456     ret = cpu_to_le16(*(uint16_t *)p);
2457     p += 2;
2458     s->data_ptr = p;
2459     if (p >= s->data_end)
2460         s->end_transfer_func(s);
2461     return ret;
2462 }
2463  
2464 void ide_data_writel(void *opaque, uint32_t addr, uint32_t val)
2465 {
2466     IDEBus *bus = opaque;
2467     IDEState *s = idebus_active_if(bus);
2468     uint8_t *p;
2469  
2470     /* PIO data access allowed only when DRQ bit is set */
2471     if (!(s->status & DRQ_STAT))
2472         return;
2473  
2474     p = s->data_ptr;
2475     *(uint32_t *)p = le32_to_cpu(val);
2476     p += 4;
2477     s->data_ptr = p;
2478     if (p >= s->data_end)
2479         s->end_transfer_func(s);
2480 }
2481  
2482 uint32_t ide_data_readl(void *opaque, uint32_t addr)
2483 {
2484     IDEBus *bus = opaque;
2485     IDEState *s = idebus_active_if(bus);
2486     uint8_t *p;
2487     int ret;
2488  
2489     /* PIO data access allowed only when DRQ bit is set */
2490     if (!(s->status & DRQ_STAT))
2491         return 0;
2492  
2493     p = s->data_ptr;
2494     ret = cpu_to_le32(*(uint32_t *)p);
2495     p += 4;
2496     s->data_ptr = p;
2497     if (p >= s->data_end)
2498         s->end_transfer_func(s);
2499     return ret;
2500 }
2501  
2502 static void ide_dummy_transfer_stop(IDEState *s)
2503 {
2504     s->data_ptr = s->io_buffer;
2505     s->data_end = s->io_buffer;
2506     s->io_buffer[0] = 0xff;
2507     s->io_buffer[1] = 0xff;
2508     s->io_buffer[2] = 0xff;
2509     s->io_buffer[3] = 0xff;
2510 }
2511  
2512 void ide_reset(IDEState *s)
2513 {
2514     IDEBus *bus = s->bus;
2515  
2516     if (s->is_cf)
2517         s->mult_sectors = 0;
2518     else
2519         s->mult_sectors = MAX_MULT_SECTORS;
2520     bus->unit = s->unit;
2521     s->select = 0xa0;
2522     s->status = READY_STAT | SEEK_STAT;
2523     ide_set_signature(s);
2524     /* init the transfer handler so that 0xffff is returned on data
2525        accesses */
2526     s->end_transfer_func = ide_dummy_transfer_stop;
2527     ide_dummy_transfer_stop(s);
2528     s->media_changed = 0;
2529 }
2530  
2531 void ide_init_drive(IDEState *s, DriveInfo *dinfo)
2532 {
2533     int cylinders, heads, secs;
2534     uint64_t nb_sectors;
2535  
2536     if (dinfo && dinfo->bdrv) {
2537         s->bs = dinfo->bdrv;
2538         bdrv_get_geometry(s->bs, &nb_sectors);
2539         bdrv_guess_geometry(s->bs, &cylinders, &heads, &secs);
2540         s->cylinders = cylinders;
2541         s->heads = heads;
2542         s->sectors = secs;
2543         s->nb_sectors = nb_sectors;
2544         /* The SMART values should be preserved across power cycles
2545            but they aren't.  */
2546         s->smart_enabled = 1;
2547         s->smart_autosave = 1;
2548         s->smart_errors = 0;
2549         s->smart_selftest_count = 0;
2550         if (bdrv_get_type_hint(s->bs) == BDRV_TYPE_CDROM) {
2551             s->is_cdrom = 1;
2552             bdrv_set_change_cb(s->bs, cdrom_change_cb, s);
2553         }
2554         strncpy(s->drive_serial_str, drive_get_serial(s->bs),
2555                 sizeof(s->drive_serial_str));
2556     }
2557     if (strlen(s->drive_serial_str) == 0)
2558         snprintf(s->drive_serial_str, sizeof(s->drive_serial_str),
2559                  "QM%05d", s->drive_serial);
2560     ide_reset(s);
2561 }
2562  
2563 void ide_init2(IDEBus *bus, DriveInfo *hd0, DriveInfo *hd1,
2564                qemu_irq irq)
2565 {
2566     IDEState *s;
2567     static int drive_serial = 1;
2568     int i;
2569  
2570     for(i = 0; i < 2; i++) {
2571         s = bus->ifs + i;
2572         s->bus = bus;
2573         s->unit = i;
2574         s->drive_serial = drive_serial++;
2575         s->io_buffer = qemu_blockalign(s->bs, IDE_DMA_BUF_SECTORS*512 + 4);
2576         s->smart_selftest_data = qemu_blockalign(s->bs, 512);
2577         s->sector_write_timer = qemu_new_timer(vm_clock,
2578                                                ide_sector_write_timer_cb, s);
2579         if (i == 0)
2580             ide_init_drive(s, hd0);
2581         if (i == 1)
2582             ide_init_drive(s, hd1);
2583     }
2584     bus->irq = irq;
2585 }
2586  
2587 void ide_init_ioport(IDEBus *bus, int iobase, int iobase2)
2588 {
2589     register_ioport_write(iobase, 8, 1, ide_ioport_write, bus);
2590     register_ioport_read(iobase, 8, 1, ide_ioport_read, bus);
2591     if (iobase2) {
2592         register_ioport_read(iobase2, 1, 1, ide_status_read, bus);
2593         register_ioport_write(iobase2, 1, 1, ide_cmd_write, bus);
2594     }
2595  
2596     /* data ports */
2597     register_ioport_write(iobase, 2, 2, ide_data_writew, bus);
2598     register_ioport_read(iobase, 2, 2, ide_data_readw, bus);
2599     register_ioport_write(iobase, 4, 4, ide_data_writel, bus);
2600     register_ioport_read(iobase, 4, 4, ide_data_readl, bus);
2601 }
2602  
79 roytam 2603 static bool is_identify_set(void *opaque, int version_id)
74 roytam 2604 {
79 roytam 2605     IDEState *s = opaque;
74 roytam 2606  
79 roytam 2607     return s->identify_set != 0;
74 roytam 2608 }
2609  
79 roytam 2610 static int ide_drive_post_load(void *opaque, int version_id)
74 roytam 2611 {
79 roytam 2612     IDEState *s = opaque;
74 roytam 2613  
79 roytam 2614     if (version_id < 3) {
74 roytam 2615         if (s->sense_key == SENSE_UNIT_ATTENTION &&
79 roytam 2616             s->asc == ASC_MEDIUM_MAY_HAVE_CHANGED) {
74 roytam 2617             s->cdrom_changed = 1;
79 roytam 2618         }
74 roytam 2619     }
79 roytam 2620     return 0;
74 roytam 2621 }
2622  
79 roytam 2623 const VMStateDescription vmstate_ide_drive = {
2624     .name = "ide_drive",
2625     .version_id = 3,
2626     .minimum_version_id = 0,
2627     .minimum_version_id_old = 0,
2628     .post_load = ide_drive_post_load,
2629     .fields      = (VMStateField []) {
2630         VMSTATE_INT32(mult_sectors, IDEState),
2631         VMSTATE_INT32(identify_set, IDEState),
2632         VMSTATE_BUFFER_TEST(identify_data, IDEState, is_identify_set),
2633         VMSTATE_UINT8(feature, IDEState),
2634         VMSTATE_UINT8(error, IDEState),
2635         VMSTATE_UINT32(nsector, IDEState),
2636         VMSTATE_UINT8(sector, IDEState),
2637         VMSTATE_UINT8(lcyl, IDEState),
2638         VMSTATE_UINT8(hcyl, IDEState),
2639         VMSTATE_UINT8(hob_feature, IDEState),
2640         VMSTATE_UINT8(hob_sector, IDEState),
2641         VMSTATE_UINT8(hob_nsector, IDEState),
2642         VMSTATE_UINT8(hob_lcyl, IDEState),
2643         VMSTATE_UINT8(hob_hcyl, IDEState),
2644         VMSTATE_UINT8(select, IDEState),
2645         VMSTATE_UINT8(status, IDEState),
2646         VMSTATE_UINT8(lba48, IDEState),
2647         VMSTATE_UINT8(sense_key, IDEState),
2648         VMSTATE_UINT8(asc, IDEState),
2649         VMSTATE_UINT8_V(cdrom_changed, IDEState, 3),
2650         /* XXX: if a transfer is pending, we do not save it yet */
2651         VMSTATE_END_OF_LIST()
2652     }
2653 };
74 roytam 2654  
79 roytam 2655 const VMStateDescription vmstate_ide_bus = {
2656     .name = "ide_bus",
2657     .version_id = 1,
2658     .minimum_version_id = 1,
2659     .minimum_version_id_old = 1,
2660     .fields      = (VMStateField []) {
2661         VMSTATE_UINT8(cmd, IDEBus),
2662         VMSTATE_UINT8(unit, IDEBus),
2663         VMSTATE_END_OF_LIST()
2664     }
2665 };
74 roytam 2666  
2667 /***********************************************************/
2668 /* PCI IDE definitions */
2669  
2670 static void ide_dma_start(IDEState *s, BlockDriverCompletionFunc *dma_cb)
2671 {
2672     BMDMAState *bm = s->bus->bmdma;
2673     if(!bm)
2674         return;
2675     bm->unit = s->unit;
2676     bm->dma_cb = dma_cb;
2677     bm->cur_prd_last = 0;
2678     bm->cur_prd_addr = 0;
2679     bm->cur_prd_len = 0;
2680     bm->sector_num = ide_get_sector(s);
2681     bm->nsector = s->nsector;
2682     if (bm->status & BM_STATUS_DMAING) {
2683         bm->dma_cb(bm, 0);
2684     }
2685 }
2686  
2687 static void ide_dma_restart(IDEState *s)
2688 {
2689     BMDMAState *bm = s->bus->bmdma;
2690     ide_set_sector(s, bm->sector_num);
2691     s->io_buffer_index = 0;
2692     s->io_buffer_size = 0;
2693     s->nsector = bm->nsector;
2694     bm->cur_addr = bm->addr;
2695     bm->dma_cb = ide_write_dma_cb;
2696     ide_dma_start(s, bm->dma_cb);
2697 }
2698  
2699 void ide_dma_cancel(BMDMAState *bm)
2700 {
2701     if (bm->status & BM_STATUS_DMAING) {
2702         bm->status &= ~BM_STATUS_DMAING;
2703         /* cancel DMA request */
2704         bm->unit = -1;
2705         bm->dma_cb = NULL;
2706         if (bm->aiocb) {
2707 #ifdef DEBUG_AIO
2708             printf("aio_cancel\n");
2709 #endif
2710             bdrv_aio_cancel(bm->aiocb);
2711             bm->aiocb = NULL;
2712         }
2713     }
2714 }
2715