1 /* 2 * QEMU ATAPI Emulation 3 * 4 * Copyright (c) 2003 Fabrice Bellard 5 * Copyright (c) 2006 Openedhand Ltd. 6 * 7 * Permission is hereby granted, free of charge, to any person obtaining a copy 8 * of this software and associated documentation files (the "Software"), to deal 9 * in the Software without restriction, including without limitation the rights 10 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 11 * copies of the Software, and to permit persons to whom the Software is 12 * furnished to do so, subject to the following conditions: 13 * 14 * The above copyright notice and this permission notice shall be included in 15 * all copies or substantial portions of the Software. 16 * 17 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 18 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 19 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL 20 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 21 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 22 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 23 * THE SOFTWARE. 24 */ 25 26 #include "hw/ide/internal.h" 27 #include "hw/scsi.h" 28 29 static void ide_atapi_cmd_read_dma_cb(void *opaque, int ret); 30 31 static void padstr8(uint8_t *buf, int buf_size, const char *src) 32 { 33 int i; 34 for(i = 0; i < buf_size; i++) { 35 if (*src) 36 buf[i] = *src++; 37 else 38 buf[i] = ' '; 39 } 40 } 41 42 static inline void cpu_to_ube16(uint8_t *buf, int val) 43 { 44 buf[0] = val >> 8; 45 buf[1] = val & 0xff; 46 } 47 48 static inline void cpu_to_ube32(uint8_t *buf, unsigned int val) 49 { 50 buf[0] = val >> 24; 51 buf[1] = val >> 16; 52 buf[2] = val >> 8; 53 buf[3] = val & 0xff; 54 } 55 56 static inline int ube16_to_cpu(const uint8_t *buf) 57 { 58 return (buf[0] << 8) | buf[1]; 59 } 60 61 static inline int ube32_to_cpu(const uint8_t *buf) 62 { 63 return (buf[0] << 24) | (buf[1] << 16) | (buf[2] << 8) | buf[3]; 64 } 65 66 static void lba_to_msf(uint8_t *buf, int lba) 67 { 68 lba += 150; 69 buf[0] = (lba / 75) / 60; 70 buf[1] = (lba / 75) % 60; 71 buf[2] = lba % 75; 72 } 73 74 static inline int media_present(IDEState *s) 75 { 76 return (s->nb_sectors > 0); 77 } 78 79 /* XXX: DVDs that could fit on a CD will be reported as a CD */ 80 static inline int media_is_dvd(IDEState *s) 81 { 82 return (media_present(s) && s->nb_sectors > CD_MAX_SECTORS); 83 } 84 85 static inline int media_is_cd(IDEState *s) 86 { 87 return (media_present(s) && s->nb_sectors <= CD_MAX_SECTORS); 88 } 89 90 static void cd_data_to_raw(uint8_t *buf, int lba) 91 { 92 /* sync bytes */ 93 buf[0] = 0x00; 94 memset(buf + 1, 0xff, 10); 95 buf[11] = 0x00; 96 buf += 12; 97 /* MSF */ 98 lba_to_msf(buf, lba); 99 buf[3] = 0x01; /* mode 1 data */ 100 buf += 4; 101 /* data */ 102 buf += 2048; 103 /* XXX: ECC not computed */ 104 memset(buf, 0, 288); 105 } 106 107 static int cd_read_sector(BlockDriverState *bs, int lba, uint8_t *buf, 108 int sector_size) 109 { 110 int ret; 111 112 switch(sector_size) { 113 case 2048: 114 ret = bdrv_read(bs, (int64_t)lba << 2, buf, 4); 115 break; 116 case 2352: 117 ret = bdrv_read(bs, (int64_t)lba << 2, buf + 16, 4); 118 if (ret < 0) 119 return ret; 120 cd_data_to_raw(buf, lba); 121 break; 122 default: 123 ret = -EIO; 124 break; 125 } 126 return ret; 127 } 128 129 void ide_atapi_cmd_ok(IDEState *s) 130 { 131 s->error = 0; 132 s->status = READY_STAT | SEEK_STAT; 133 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD; 134 ide_set_irq(s->bus); 135 } 136 137 void ide_atapi_cmd_error(IDEState *s, int sense_key, int asc) 138 { 139 #ifdef DEBUG_IDE_ATAPI 140 printf("atapi_cmd_error: sense=0x%x asc=0x%x\n", sense_key, asc); 141 #endif 142 s->error = sense_key << 4; 143 s->status = READY_STAT | ERR_STAT; 144 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD; 145 s->sense_key = sense_key; 146 s->asc = asc; 147 ide_set_irq(s->bus); 148 } 149 150 void ide_atapi_io_error(IDEState *s, int ret) 151 { 152 /* XXX: handle more errors */ 153 if (ret == -ENOMEDIUM) { 154 ide_atapi_cmd_error(s, SENSE_NOT_READY, 155 ASC_MEDIUM_NOT_PRESENT); 156 } else { 157 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST, 158 ASC_LOGICAL_BLOCK_OOR); 159 } 160 } 161 162 /* The whole ATAPI transfer logic is handled in this function */ 163 void ide_atapi_cmd_reply_end(IDEState *s) 164 { 165 int byte_count_limit, size, ret; 166 #ifdef DEBUG_IDE_ATAPI 167 printf("reply: tx_size=%d elem_tx_size=%d index=%d\n", 168 s->packet_transfer_size, 169 s->elementary_transfer_size, 170 s->io_buffer_index); 171 #endif 172 if (s->packet_transfer_size <= 0) { 173 /* end of transfer */ 174 ide_transfer_stop(s); 175 s->status = READY_STAT | SEEK_STAT; 176 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD; 177 ide_set_irq(s->bus); 178 #ifdef DEBUG_IDE_ATAPI 179 printf("status=0x%x\n", s->status); 180 #endif 181 } else { 182 /* see if a new sector must be read */ 183 if (s->lba != -1 && s->io_buffer_index >= s->cd_sector_size) { 184 ret = cd_read_sector(s->bs, s->lba, s->io_buffer, s->cd_sector_size); 185 if (ret < 0) { 186 ide_transfer_stop(s); 187 ide_atapi_io_error(s, ret); 188 return; 189 } 190 s->lba++; 191 s->io_buffer_index = 0; 192 } 193 if (s->elementary_transfer_size > 0) { 194 /* there are some data left to transmit in this elementary 195 transfer */ 196 size = s->cd_sector_size - s->io_buffer_index; 197 if (size > s->elementary_transfer_size) 198 size = s->elementary_transfer_size; 199 s->packet_transfer_size -= size; 200 s->elementary_transfer_size -= size; 201 s->io_buffer_index += size; 202 ide_transfer_start(s, s->io_buffer + s->io_buffer_index - size, 203 size, ide_atapi_cmd_reply_end); 204 } else { 205 /* a new transfer is needed */ 206 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO; 207 byte_count_limit = s->lcyl | (s->hcyl << 8); 208 #ifdef DEBUG_IDE_ATAPI 209 printf("byte_count_limit=%d\n", byte_count_limit); 210 #endif 211 if (byte_count_limit == 0xffff) 212 byte_count_limit--; 213 size = s->packet_transfer_size; 214 if (size > byte_count_limit) { 215 /* byte count limit must be even if this case */ 216 if (byte_count_limit & 1) 217 byte_count_limit--; 218 size = byte_count_limit; 219 } 220 s->lcyl = size; 221 s->hcyl = size >> 8; 222 s->elementary_transfer_size = size; 223 /* we cannot transmit more than one sector at a time */ 224 if (s->lba != -1) { 225 if (size > (s->cd_sector_size - s->io_buffer_index)) 226 size = (s->cd_sector_size - s->io_buffer_index); 227 } 228 s->packet_transfer_size -= size; 229 s->elementary_transfer_size -= size; 230 s->io_buffer_index += size; 231 ide_transfer_start(s, s->io_buffer + s->io_buffer_index - size, 232 size, ide_atapi_cmd_reply_end); 233 ide_set_irq(s->bus); 234 #ifdef DEBUG_IDE_ATAPI 235 printf("status=0x%x\n", s->status); 236 #endif 237 } 238 } 239 } 240 241 /* send a reply of 'size' bytes in s->io_buffer to an ATAPI command */ 242 static void ide_atapi_cmd_reply(IDEState *s, int size, int max_size) 243 { 244 if (size > max_size) 245 size = max_size; 246 s->lba = -1; /* no sector read */ 247 s->packet_transfer_size = size; 248 s->io_buffer_size = size; /* dma: send the reply data as one chunk */ 249 s->elementary_transfer_size = 0; 250 s->io_buffer_index = 0; 251 252 if (s->atapi_dma) { 253 s->status = READY_STAT | SEEK_STAT | DRQ_STAT; 254 s->bus->dma->ops->start_dma(s->bus->dma, s, 255 ide_atapi_cmd_read_dma_cb); 256 } else { 257 s->status = READY_STAT | SEEK_STAT; 258 ide_atapi_cmd_reply_end(s); 259 } 260 } 261 262 /* start a CD-CDROM read command */ 263 static void ide_atapi_cmd_read_pio(IDEState *s, int lba, int nb_sectors, 264 int sector_size) 265 { 266 s->lba = lba; 267 s->packet_transfer_size = nb_sectors * sector_size; 268 s->elementary_transfer_size = 0; 269 s->io_buffer_index = sector_size; 270 s->cd_sector_size = sector_size; 271 272 s->status = READY_STAT | SEEK_STAT; 273 ide_atapi_cmd_reply_end(s); 274 } 275 276 static void ide_atapi_cmd_check_status(IDEState *s) 277 { 278 #ifdef DEBUG_IDE_ATAPI 279 printf("atapi_cmd_check_status\n"); 280 #endif 281 s->error = MC_ERR | (SENSE_UNIT_ATTENTION << 4); 282 s->status = ERR_STAT; 283 s->nsector = 0; 284 ide_set_irq(s->bus); 285 } 286 /* ATAPI DMA support */ 287 288 /* XXX: handle read errors */ 289 static void ide_atapi_cmd_read_dma_cb(void *opaque, int ret) 290 { 291 IDEState *s = opaque; 292 int data_offset, n; 293 294 if (ret < 0) { 295 ide_atapi_io_error(s, ret); 296 goto eot; 297 } 298 299 if (s->io_buffer_size > 0) { 300 /* 301 * For a cdrom read sector command (s->lba != -1), 302 * adjust the lba for the next s->io_buffer_size chunk 303 * and dma the current chunk. 304 * For a command != read (s->lba == -1), just transfer 305 * the reply data. 306 */ 307 if (s->lba != -1) { 308 if (s->cd_sector_size == 2352) { 309 n = 1; 310 cd_data_to_raw(s->io_buffer, s->lba); 311 } else { 312 n = s->io_buffer_size >> 11; 313 } 314 s->lba += n; 315 } 316 s->packet_transfer_size -= s->io_buffer_size; 317 if (s->bus->dma->ops->rw_buf(s->bus->dma, 1) == 0) 318 goto eot; 319 } 320 321 if (s->packet_transfer_size <= 0) { 322 s->status = READY_STAT | SEEK_STAT; 323 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD; 324 ide_set_irq(s->bus); 325 eot: 326 s->bus->dma->ops->add_status(s->bus->dma, BM_STATUS_INT); 327 ide_set_inactive(s); 328 return; 329 } 330 331 s->io_buffer_index = 0; 332 if (s->cd_sector_size == 2352) { 333 n = 1; 334 s->io_buffer_size = s->cd_sector_size; 335 data_offset = 16; 336 } else { 337 n = s->packet_transfer_size >> 11; 338 if (n > (IDE_DMA_BUF_SECTORS / 4)) 339 n = (IDE_DMA_BUF_SECTORS / 4); 340 s->io_buffer_size = n * 2048; 341 data_offset = 0; 342 } 343 #ifdef DEBUG_AIO 344 printf("aio_read_cd: lba=%u n=%d\n", s->lba, n); 345 #endif 346 s->bus->dma->iov.iov_base = (void *)(s->io_buffer + data_offset); 347 s->bus->dma->iov.iov_len = n * 4 * 512; 348 qemu_iovec_init_external(&s->bus->dma->qiov, &s->bus->dma->iov, 1); 349 s->bus->dma->aiocb = bdrv_aio_readv(s->bs, (int64_t)s->lba << 2, 350 &s->bus->dma->qiov, n * 4, 351 ide_atapi_cmd_read_dma_cb, s); 352 if (!s->bus->dma->aiocb) { 353 /* Note: media not present is the most likely case */ 354 ide_atapi_cmd_error(s, SENSE_NOT_READY, 355 ASC_MEDIUM_NOT_PRESENT); 356 goto eot; 357 } 358 } 359 360 /* start a CD-CDROM read command with DMA */ 361 /* XXX: test if DMA is available */ 362 static void ide_atapi_cmd_read_dma(IDEState *s, int lba, int nb_sectors, 363 int sector_size) 364 { 365 s->lba = lba; 366 s->packet_transfer_size = nb_sectors * sector_size; 367 s->io_buffer_index = 0; 368 s->io_buffer_size = 0; 369 s->cd_sector_size = sector_size; 370 371 /* XXX: check if BUSY_STAT should be set */ 372 s->status = READY_STAT | SEEK_STAT | DRQ_STAT | BUSY_STAT; 373 s->bus->dma->ops->start_dma(s->bus->dma, s, 374 ide_atapi_cmd_read_dma_cb); 375 } 376 377 static void ide_atapi_cmd_read(IDEState *s, int lba, int nb_sectors, 378 int sector_size) 379 { 380 #ifdef DEBUG_IDE_ATAPI 381 printf("read %s: LBA=%d nb_sectors=%d\n", s->atapi_dma ? "dma" : "pio", 382 lba, nb_sectors); 383 #endif 384 if (s->atapi_dma) { 385 ide_atapi_cmd_read_dma(s, lba, nb_sectors, sector_size); 386 } else { 387 ide_atapi_cmd_read_pio(s, lba, nb_sectors, sector_size); 388 } 389 } 390 391 static inline uint8_t ide_atapi_set_profile(uint8_t *buf, uint8_t *index, 392 uint16_t profile) 393 { 394 uint8_t *buf_profile = buf + 12; /* start of profiles */ 395 396 buf_profile += ((*index) * 4); /* start of indexed profile */ 397 cpu_to_ube16 (buf_profile, profile); 398 buf_profile[2] = ((buf_profile[0] == buf[6]) && (buf_profile[1] == buf[7])); 399 400 /* each profile adds 4 bytes to the response */ 401 (*index)++; 402 buf[11] += 4; /* Additional Length */ 403 404 return 4; 405 } 406 407 static int ide_dvd_read_structure(IDEState *s, int format, 408 const uint8_t *packet, uint8_t *buf) 409 { 410 switch (format) { 411 case 0x0: /* Physical format information */ 412 { 413 int layer = packet[6]; 414 uint64_t total_sectors; 415 416 if (layer != 0) 417 return -ASC_INV_FIELD_IN_CMD_PACKET; 418 419 total_sectors = s->nb_sectors >> 2; 420 if (total_sectors == 0) { 421 return -ASC_MEDIUM_NOT_PRESENT; 422 } 423 424 buf[4] = 1; /* DVD-ROM, part version 1 */ 425 buf[5] = 0xf; /* 120mm disc, minimum rate unspecified */ 426 buf[6] = 1; /* one layer, read-only (per MMC-2 spec) */ 427 buf[7] = 0; /* default densities */ 428 429 /* FIXME: 0x30000 per spec? */ 430 cpu_to_ube32(buf + 8, 0); /* start sector */ 431 cpu_to_ube32(buf + 12, total_sectors - 1); /* end sector */ 432 cpu_to_ube32(buf + 16, total_sectors - 1); /* l0 end sector */ 433 434 /* Size of buffer, not including 2 byte size field */ 435 cpu_to_be16wu((uint16_t *)buf, 2048 + 2); 436 437 /* 2k data + 4 byte header */ 438 return (2048 + 4); 439 } 440 441 case 0x01: /* DVD copyright information */ 442 buf[4] = 0; /* no copyright data */ 443 buf[5] = 0; /* no region restrictions */ 444 445 /* Size of buffer, not including 2 byte size field */ 446 cpu_to_be16wu((uint16_t *)buf, 4 + 2); 447 448 /* 4 byte header + 4 byte data */ 449 return (4 + 4); 450 451 case 0x03: /* BCA information - invalid field for no BCA info */ 452 return -ASC_INV_FIELD_IN_CMD_PACKET; 453 454 case 0x04: /* DVD disc manufacturing information */ 455 /* Size of buffer, not including 2 byte size field */ 456 cpu_to_be16wu((uint16_t *)buf, 2048 + 2); 457 458 /* 2k data + 4 byte header */ 459 return (2048 + 4); 460 461 case 0xff: 462 /* 463 * This lists all the command capabilities above. Add new ones 464 * in order and update the length and buffer return values. 465 */ 466 467 buf[4] = 0x00; /* Physical format */ 468 buf[5] = 0x40; /* Not writable, is readable */ 469 cpu_to_be16wu((uint16_t *)(buf + 6), 2048 + 4); 470 471 buf[8] = 0x01; /* Copyright info */ 472 buf[9] = 0x40; /* Not writable, is readable */ 473 cpu_to_be16wu((uint16_t *)(buf + 10), 4 + 4); 474 475 buf[12] = 0x03; /* BCA info */ 476 buf[13] = 0x40; /* Not writable, is readable */ 477 cpu_to_be16wu((uint16_t *)(buf + 14), 188 + 4); 478 479 buf[16] = 0x04; /* Manufacturing info */ 480 buf[17] = 0x40; /* Not writable, is readable */ 481 cpu_to_be16wu((uint16_t *)(buf + 18), 2048 + 4); 482 483 /* Size of buffer, not including 2 byte size field */ 484 cpu_to_be16wu((uint16_t *)buf, 16 + 2); 485 486 /* data written + 4 byte header */ 487 return (16 + 4); 488 489 default: /* TODO: formats beyond DVD-ROM requires */ 490 return -ASC_INV_FIELD_IN_CMD_PACKET; 491 } 492 } 493 494 static unsigned int event_status_media(IDEState *s, 495 uint8_t *buf) 496 { 497 enum media_event_code { 498 MEC_NO_CHANGE = 0, /* Status unchanged */ 499 MEC_EJECT_REQUESTED, /* received a request from user to eject */ 500 MEC_NEW_MEDIA, /* new media inserted and ready for access */ 501 MEC_MEDIA_REMOVAL, /* only for media changers */ 502 MEC_MEDIA_CHANGED, /* only for media changers */ 503 MEC_BG_FORMAT_COMPLETED, /* MRW or DVD+RW b/g format completed */ 504 MEC_BG_FORMAT_RESTARTED, /* MRW or DVD+RW b/g format restarted */ 505 }; 506 enum media_status { 507 MS_TRAY_OPEN = 1, 508 MS_MEDIA_PRESENT = 2, 509 }; 510 uint8_t event_code, media_status; 511 512 media_status = 0; 513 if (s->bs->tray_open) { 514 media_status = MS_TRAY_OPEN; 515 } else if (bdrv_is_inserted(s->bs)) { 516 media_status = MS_MEDIA_PRESENT; 517 } 518 519 /* Event notification descriptor */ 520 event_code = MEC_NO_CHANGE; 521 if (media_status != MS_TRAY_OPEN && s->events.new_media) { 522 event_code = MEC_NEW_MEDIA; 523 s->events.new_media = false; 524 } 525 526 buf[4] = event_code; 527 buf[5] = media_status; 528 529 /* These fields are reserved, just clear them. */ 530 buf[6] = 0; 531 buf[7] = 0; 532 533 return 8; /* We wrote to 4 extra bytes from the header */ 534 } 535 536 static void cmd_get_event_status_notification(IDEState *s, 537 uint8_t *buf) 538 { 539 const uint8_t *packet = buf; 540 541 struct { 542 uint8_t opcode; 543 uint8_t polled; /* lsb bit is polled; others are reserved */ 544 uint8_t reserved2[2]; 545 uint8_t class; 546 uint8_t reserved3[2]; 547 uint16_t len; 548 uint8_t control; 549 } __attribute__((packed)) *gesn_cdb; 550 551 struct { 552 uint16_t len; 553 uint8_t notification_class; 554 uint8_t supported_events; 555 } __attribute((packed)) *gesn_event_header; 556 557 enum notification_class_request_type { 558 NCR_RESERVED1 = 1 << 0, 559 NCR_OPERATIONAL_CHANGE = 1 << 1, 560 NCR_POWER_MANAGEMENT = 1 << 2, 561 NCR_EXTERNAL_REQUEST = 1 << 3, 562 NCR_MEDIA = 1 << 4, 563 NCR_MULTI_HOST = 1 << 5, 564 NCR_DEVICE_BUSY = 1 << 6, 565 NCR_RESERVED2 = 1 << 7, 566 }; 567 enum event_notification_class_field { 568 ENC_NO_EVENTS = 0, 569 ENC_OPERATIONAL_CHANGE, 570 ENC_POWER_MANAGEMENT, 571 ENC_EXTERNAL_REQUEST, 572 ENC_MEDIA, 573 ENC_MULTIPLE_HOSTS, 574 ENC_DEVICE_BUSY, 575 ENC_RESERVED, 576 }; 577 unsigned int max_len, used_len; 578 579 gesn_cdb = (void *)packet; 580 gesn_event_header = (void *)buf; 581 582 max_len = be16_to_cpu(gesn_cdb->len); 583 584 /* It is fine by the MMC spec to not support async mode operations */ 585 if (!(gesn_cdb->polled & 0x01)) { /* asynchronous mode */ 586 /* Only polling is supported, asynchronous mode is not. */ 587 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST, 588 ASC_INV_FIELD_IN_CMD_PACKET); 589 return; 590 } 591 592 /* polling mode operation */ 593 594 /* 595 * These are the supported events. 596 * 597 * We currently only support requests of the 'media' type. 598 */ 599 gesn_event_header->supported_events = NCR_MEDIA; 600 601 /* 602 * We use |= below to set the class field; other bits in this byte 603 * are reserved now but this is useful to do if we have to use the 604 * reserved fields later. 605 */ 606 gesn_event_header->notification_class = 0; 607 608 /* 609 * Responses to requests are to be based on request priority. The 610 * notification_class_request_type enum above specifies the 611 * priority: upper elements are higher prio than lower ones. 612 */ 613 if (gesn_cdb->class & NCR_MEDIA) { 614 gesn_event_header->notification_class |= ENC_MEDIA; 615 used_len = event_status_media(s, buf); 616 } else { 617 gesn_event_header->notification_class = 0x80; /* No event available */ 618 used_len = sizeof(*gesn_event_header); 619 } 620 gesn_event_header->len = cpu_to_be16(used_len 621 - sizeof(*gesn_event_header)); 622 ide_atapi_cmd_reply(s, used_len, max_len); 623 } 624 625 static void cmd_request_sense(IDEState *s, uint8_t *buf) 626 { 627 int max_len = buf[4]; 628 629 memset(buf, 0, 18); 630 buf[0] = 0x70 | (1 << 7); 631 buf[2] = s->sense_key; 632 buf[7] = 10; 633 buf[12] = s->asc; 634 635 if (s->sense_key == SENSE_UNIT_ATTENTION) { 636 s->sense_key = SENSE_NONE; 637 } 638 639 ide_atapi_cmd_reply(s, 18, max_len); 640 } 641 642 static void cmd_inquiry(IDEState *s, uint8_t *buf) 643 { 644 int max_len = buf[4]; 645 646 buf[0] = 0x05; /* CD-ROM */ 647 buf[1] = 0x80; /* removable */ 648 buf[2] = 0x00; /* ISO */ 649 buf[3] = 0x21; /* ATAPI-2 (XXX: put ATAPI-4 ?) */ 650 buf[4] = 31; /* additional length */ 651 buf[5] = 0; /* reserved */ 652 buf[6] = 0; /* reserved */ 653 buf[7] = 0; /* reserved */ 654 padstr8(buf + 8, 8, "QEMU"); 655 padstr8(buf + 16, 16, "QEMU DVD-ROM"); 656 padstr8(buf + 32, 4, s->version); 657 ide_atapi_cmd_reply(s, 36, max_len); 658 } 659 660 static void cmd_get_configuration(IDEState *s, uint8_t *buf) 661 { 662 uint32_t len; 663 uint8_t index = 0; 664 int max_len; 665 666 /* only feature 0 is supported */ 667 if (buf[2] != 0 || buf[3] != 0) { 668 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST, 669 ASC_INV_FIELD_IN_CMD_PACKET); 670 return; 671 } 672 673 /* XXX: could result in alignment problems in some architectures */ 674 max_len = ube16_to_cpu(buf + 7); 675 676 /* 677 * XXX: avoid overflow for io_buffer if max_len is bigger than 678 * the size of that buffer (dimensioned to max number of 679 * sectors to transfer at once) 680 * 681 * Only a problem if the feature/profiles grow. 682 */ 683 if (max_len > 512) { 684 /* XXX: assume 1 sector */ 685 max_len = 512; 686 } 687 688 memset(buf, 0, max_len); 689 /* 690 * the number of sectors from the media tells us which profile 691 * to use as current. 0 means there is no media 692 */ 693 if (media_is_dvd(s)) { 694 cpu_to_ube16(buf + 6, MMC_PROFILE_DVD_ROM); 695 } else if (media_is_cd(s)) { 696 cpu_to_ube16(buf + 6, MMC_PROFILE_CD_ROM); 697 } 698 699 buf[10] = 0x02 | 0x01; /* persistent and current */ 700 len = 12; /* headers: 8 + 4 */ 701 len += ide_atapi_set_profile(buf, &index, MMC_PROFILE_DVD_ROM); 702 len += ide_atapi_set_profile(buf, &index, MMC_PROFILE_CD_ROM); 703 cpu_to_ube32(buf, len - 4); /* data length */ 704 705 ide_atapi_cmd_reply(s, len, max_len); 706 } 707 708 static void cmd_mode_sense(IDEState *s, uint8_t *buf) 709 { 710 int action, code; 711 int max_len; 712 713 if (buf[0] == GPCMD_MODE_SENSE_10) { 714 max_len = ube16_to_cpu(buf + 7); 715 } else { 716 max_len = buf[4]; 717 } 718 719 action = buf[2] >> 6; 720 code = buf[2] & 0x3f; 721 722 switch(action) { 723 case 0: /* current values */ 724 switch(code) { 725 case GPMODE_R_W_ERROR_PAGE: /* error recovery */ 726 cpu_to_ube16(&buf[0], 16 + 6); 727 buf[2] = 0x70; 728 buf[3] = 0; 729 buf[4] = 0; 730 buf[5] = 0; 731 buf[6] = 0; 732 buf[7] = 0; 733 734 buf[8] = 0x01; 735 buf[9] = 0x06; 736 buf[10] = 0x00; 737 buf[11] = 0x05; 738 buf[12] = 0x00; 739 buf[13] = 0x00; 740 buf[14] = 0x00; 741 buf[15] = 0x00; 742 ide_atapi_cmd_reply(s, 16, max_len); 743 break; 744 case GPMODE_AUDIO_CTL_PAGE: 745 cpu_to_ube16(&buf[0], 24 + 6); 746 buf[2] = 0x70; 747 buf[3] = 0; 748 buf[4] = 0; 749 buf[5] = 0; 750 buf[6] = 0; 751 buf[7] = 0; 752 753 /* Fill with CDROM audio volume */ 754 buf[17] = 0; 755 buf[19] = 0; 756 buf[21] = 0; 757 buf[23] = 0; 758 759 ide_atapi_cmd_reply(s, 24, max_len); 760 break; 761 case GPMODE_CAPABILITIES_PAGE: 762 cpu_to_ube16(&buf[0], 28 + 6); 763 buf[2] = 0x70; 764 buf[3] = 0; 765 buf[4] = 0; 766 buf[5] = 0; 767 buf[6] = 0; 768 buf[7] = 0; 769 770 buf[8] = 0x2a; 771 buf[9] = 0x12; 772 buf[10] = 0x00; 773 buf[11] = 0x00; 774 775 /* Claim PLAY_AUDIO capability (0x01) since some Linux 776 code checks for this to automount media. */ 777 buf[12] = 0x71; 778 buf[13] = 3 << 5; 779 buf[14] = (1 << 0) | (1 << 3) | (1 << 5); 780 if (bdrv_is_locked(s->bs)) 781 buf[6] |= 1 << 1; 782 buf[15] = 0x00; 783 cpu_to_ube16(&buf[16], 706); 784 buf[18] = 0; 785 buf[19] = 2; 786 cpu_to_ube16(&buf[20], 512); 787 cpu_to_ube16(&buf[22], 706); 788 buf[24] = 0; 789 buf[25] = 0; 790 buf[26] = 0; 791 buf[27] = 0; 792 ide_atapi_cmd_reply(s, 28, max_len); 793 break; 794 default: 795 goto error_cmd; 796 } 797 break; 798 case 1: /* changeable values */ 799 goto error_cmd; 800 case 2: /* default values */ 801 goto error_cmd; 802 default: 803 case 3: /* saved values */ 804 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST, 805 ASC_SAVING_PARAMETERS_NOT_SUPPORTED); 806 break; 807 } 808 return; 809 810 error_cmd: 811 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST, ASC_INV_FIELD_IN_CMD_PACKET); 812 } 813 814 static void cmd_test_unit_ready(IDEState *s, uint8_t *buf) 815 { 816 /* Not Ready Conditions are already handled in ide_atapi_cmd(), so if we 817 * come here, we know that it's ready. */ 818 ide_atapi_cmd_ok(s); 819 } 820 821 static void cmd_prevent_allow_medium_removal(IDEState *s, uint8_t* buf) 822 { 823 bdrv_set_locked(s->bs, buf[4] & 1); 824 ide_atapi_cmd_ok(s); 825 } 826 827 static void cmd_read(IDEState *s, uint8_t* buf) 828 { 829 int nb_sectors, lba; 830 831 if (buf[0] == GPCMD_READ_10) { 832 nb_sectors = ube16_to_cpu(buf + 7); 833 } else { 834 nb_sectors = ube32_to_cpu(buf + 6); 835 } 836 837 lba = ube32_to_cpu(buf + 2); 838 if (nb_sectors == 0) { 839 ide_atapi_cmd_ok(s); 840 return; 841 } 842 843 ide_atapi_cmd_read(s, lba, nb_sectors, 2048); 844 } 845 846 static void cmd_read_cd(IDEState *s, uint8_t* buf) 847 { 848 int nb_sectors, lba, transfer_request; 849 850 nb_sectors = (buf[6] << 16) | (buf[7] << 8) | buf[8]; 851 lba = ube32_to_cpu(buf + 2); 852 853 if (nb_sectors == 0) { 854 ide_atapi_cmd_ok(s); 855 return; 856 } 857 858 transfer_request = buf[9]; 859 switch(transfer_request & 0xf8) { 860 case 0x00: 861 /* nothing */ 862 ide_atapi_cmd_ok(s); 863 break; 864 case 0x10: 865 /* normal read */ 866 ide_atapi_cmd_read(s, lba, nb_sectors, 2048); 867 break; 868 case 0xf8: 869 /* read all data */ 870 ide_atapi_cmd_read(s, lba, nb_sectors, 2352); 871 break; 872 default: 873 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST, 874 ASC_INV_FIELD_IN_CMD_PACKET); 875 break; 876 } 877 } 878 879 static void cmd_seek(IDEState *s, uint8_t* buf) 880 { 881 unsigned int lba; 882 uint64_t total_sectors = s->nb_sectors >> 2; 883 884 lba = ube32_to_cpu(buf + 2); 885 if (lba >= total_sectors) { 886 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST, ASC_LOGICAL_BLOCK_OOR); 887 return; 888 } 889 890 ide_atapi_cmd_ok(s); 891 } 892 893 static void cmd_start_stop_unit(IDEState *s, uint8_t* buf) 894 { 895 int start, eject, sense, err = 0; 896 start = buf[4] & 1; 897 eject = (buf[4] >> 1) & 1; 898 899 if (eject) { 900 err = bdrv_eject(s->bs, !start); 901 } 902 903 switch (err) { 904 case 0: 905 ide_atapi_cmd_ok(s); 906 break; 907 case -EBUSY: 908 sense = SENSE_NOT_READY; 909 if (bdrv_is_inserted(s->bs)) { 910 sense = SENSE_ILLEGAL_REQUEST; 911 } 912 ide_atapi_cmd_error(s, sense, ASC_MEDIA_REMOVAL_PREVENTED); 913 break; 914 default: 915 ide_atapi_cmd_error(s, SENSE_NOT_READY, ASC_MEDIUM_NOT_PRESENT); 916 break; 917 } 918 } 919 920 static void cmd_mechanism_status(IDEState *s, uint8_t* buf) 921 { 922 int max_len = ube16_to_cpu(buf + 8); 923 924 cpu_to_ube16(buf, 0); 925 /* no current LBA */ 926 buf[2] = 0; 927 buf[3] = 0; 928 buf[4] = 0; 929 buf[5] = 1; 930 cpu_to_ube16(buf + 6, 0); 931 ide_atapi_cmd_reply(s, 8, max_len); 932 } 933 934 static void cmd_read_toc_pma_atip(IDEState *s, uint8_t* buf) 935 { 936 int format, msf, start_track, len; 937 int max_len; 938 uint64_t total_sectors = s->nb_sectors >> 2; 939 940 max_len = ube16_to_cpu(buf + 7); 941 format = buf[9] >> 6; 942 msf = (buf[1] >> 1) & 1; 943 start_track = buf[6]; 944 945 switch(format) { 946 case 0: 947 len = cdrom_read_toc(total_sectors, buf, msf, start_track); 948 if (len < 0) 949 goto error_cmd; 950 ide_atapi_cmd_reply(s, len, max_len); 951 break; 952 case 1: 953 /* multi session : only a single session defined */ 954 memset(buf, 0, 12); 955 buf[1] = 0x0a; 956 buf[2] = 0x01; 957 buf[3] = 0x01; 958 ide_atapi_cmd_reply(s, 12, max_len); 959 break; 960 case 2: 961 len = cdrom_read_toc_raw(total_sectors, buf, msf, start_track); 962 if (len < 0) 963 goto error_cmd; 964 ide_atapi_cmd_reply(s, len, max_len); 965 break; 966 default: 967 error_cmd: 968 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST, 969 ASC_INV_FIELD_IN_CMD_PACKET); 970 } 971 } 972 973 static void cmd_read_cdvd_capacity(IDEState *s, uint8_t* buf) 974 { 975 uint64_t total_sectors = s->nb_sectors >> 2; 976 977 /* NOTE: it is really the number of sectors minus 1 */ 978 cpu_to_ube32(buf, total_sectors - 1); 979 cpu_to_ube32(buf + 4, 2048); 980 ide_atapi_cmd_reply(s, 8, 8); 981 } 982 983 static void cmd_read_dvd_structure(IDEState *s, uint8_t* buf) 984 { 985 int max_len; 986 int media = buf[1]; 987 int format = buf[7]; 988 int ret; 989 990 max_len = ube16_to_cpu(buf + 8); 991 992 if (format < 0xff) { 993 if (media_is_cd(s)) { 994 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST, 995 ASC_INCOMPATIBLE_FORMAT); 996 return; 997 } else if (!media_present(s)) { 998 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST, 999 ASC_INV_FIELD_IN_CMD_PACKET); 1000 return; 1001 } 1002 } 1003 1004 memset(buf, 0, max_len > IDE_DMA_BUF_SECTORS * 512 + 4 ? 1005 IDE_DMA_BUF_SECTORS * 512 + 4 : max_len); 1006 1007 switch (format) { 1008 case 0x00 ... 0x7f: 1009 case 0xff: 1010 if (media == 0) { 1011 ret = ide_dvd_read_structure(s, format, buf, buf); 1012 1013 if (ret < 0) { 1014 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST, -ret); 1015 } else { 1016 ide_atapi_cmd_reply(s, ret, max_len); 1017 } 1018 1019 break; 1020 } 1021 /* TODO: BD support, fall through for now */ 1022 1023 /* Generic disk structures */ 1024 case 0x80: /* TODO: AACS volume identifier */ 1025 case 0x81: /* TODO: AACS media serial number */ 1026 case 0x82: /* TODO: AACS media identifier */ 1027 case 0x83: /* TODO: AACS media key block */ 1028 case 0x90: /* TODO: List of recognized format layers */ 1029 case 0xc0: /* TODO: Write protection status */ 1030 default: 1031 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST, 1032 ASC_INV_FIELD_IN_CMD_PACKET); 1033 break; 1034 } 1035 } 1036 1037 static void cmd_set_speed(IDEState *s, uint8_t* buf) 1038 { 1039 ide_atapi_cmd_ok(s); 1040 } 1041 1042 enum { 1043 /* 1044 * Only commands flagged as ALLOW_UA are allowed to run under a 1045 * unit attention condition. (See MMC-5, section 4.1.6.1) 1046 */ 1047 ALLOW_UA = 0x01, 1048 1049 /* 1050 * Commands flagged with CHECK_READY can only execute if a medium is present. 1051 * Otherwise they report the Not Ready Condition. (See MMC-5, section 1052 * 4.1.8) 1053 */ 1054 CHECK_READY = 0x02, 1055 }; 1056 1057 static const struct { 1058 void (*handler)(IDEState *s, uint8_t *buf); 1059 int flags; 1060 } atapi_cmd_table[0x100] = { 1061 [ 0x00 ] = { cmd_test_unit_ready, CHECK_READY }, 1062 [ 0x03 ] = { cmd_request_sense, ALLOW_UA }, 1063 [ 0x12 ] = { cmd_inquiry, ALLOW_UA }, 1064 [ 0x1a ] = { cmd_mode_sense, /* (6) */ 0 }, 1065 [ 0x1b ] = { cmd_start_stop_unit, 0 }, 1066 [ 0x1e ] = { cmd_prevent_allow_medium_removal, 0 }, 1067 [ 0x25 ] = { cmd_read_cdvd_capacity, CHECK_READY }, 1068 [ 0x28 ] = { cmd_read, /* (10) */ 0 }, 1069 [ 0x2b ] = { cmd_seek, CHECK_READY }, 1070 [ 0x43 ] = { cmd_read_toc_pma_atip, CHECK_READY }, 1071 [ 0x46 ] = { cmd_get_configuration, ALLOW_UA }, 1072 [ 0x4a ] = { cmd_get_event_status_notification, ALLOW_UA }, 1073 [ 0x5a ] = { cmd_mode_sense, /* (10) */ 0 }, 1074 [ 0xa8 ] = { cmd_read, /* (12) */ 0 }, 1075 [ 0xad ] = { cmd_read_dvd_structure, 0 }, 1076 [ 0xbb ] = { cmd_set_speed, 0 }, 1077 [ 0xbd ] = { cmd_mechanism_status, 0 }, 1078 [ 0xbe ] = { cmd_read_cd, 0 }, 1079 }; 1080 1081 void ide_atapi_cmd(IDEState *s) 1082 { 1083 uint8_t *buf; 1084 1085 buf = s->io_buffer; 1086 #ifdef DEBUG_IDE_ATAPI 1087 { 1088 int i; 1089 printf("ATAPI limit=0x%x packet:", s->lcyl | (s->hcyl << 8)); 1090 for(i = 0; i < ATAPI_PACKET_SIZE; i++) { 1091 printf(" %02x", buf[i]); 1092 } 1093 printf("\n"); 1094 } 1095 #endif 1096 /* 1097 * If there's a UNIT_ATTENTION condition pending, only command flagged with 1098 * ALLOW_UA are allowed to complete. with other commands getting a CHECK 1099 * condition response unless a higher priority status, defined by the drive 1100 * here, is pending. 1101 */ 1102 if (s->sense_key == SENSE_UNIT_ATTENTION && 1103 !(atapi_cmd_table[s->io_buffer[0]].flags & ALLOW_UA)) { 1104 ide_atapi_cmd_check_status(s); 1105 return; 1106 } 1107 /* 1108 * When a CD gets changed, we have to report an ejected state and 1109 * then a loaded state to guests so that they detect tray 1110 * open/close and media change events. Guests that do not use 1111 * GET_EVENT_STATUS_NOTIFICATION to detect such tray open/close 1112 * states rely on this behavior. 1113 */ 1114 if (bdrv_is_inserted(s->bs) && s->cdrom_changed) { 1115 ide_atapi_cmd_error(s, SENSE_NOT_READY, ASC_MEDIUM_NOT_PRESENT); 1116 1117 s->cdrom_changed = 0; 1118 s->sense_key = SENSE_UNIT_ATTENTION; 1119 s->asc = ASC_MEDIUM_MAY_HAVE_CHANGED; 1120 return; 1121 } 1122 1123 /* Report a Not Ready condition if appropriate for the command */ 1124 if ((atapi_cmd_table[s->io_buffer[0]].flags & CHECK_READY) && 1125 (!media_present(s) || !bdrv_is_inserted(s->bs))) 1126 { 1127 ide_atapi_cmd_error(s, SENSE_NOT_READY, ASC_MEDIUM_NOT_PRESENT); 1128 return; 1129 } 1130 1131 /* Execute the command */ 1132 if (atapi_cmd_table[s->io_buffer[0]].handler) { 1133 atapi_cmd_table[s->io_buffer[0]].handler(s, buf); 1134 return; 1135 } 1136 1137 ide_atapi_cmd_error(s, SENSE_ILLEGAL_REQUEST, ASC_ILLEGAL_OPCODE); 1138 } 1139