xref: /openbmc/qemu/hw/ide/core.c (revision 01afdadc)
1 /*
2  * QEMU IDE disk and CD/DVD-ROM Emulator
3  *
4  * Copyright (c) 2003 Fabrice Bellard
5  * Copyright (c) 2006 Openedhand Ltd.
6  *
7  * Permission is hereby granted, free of charge, to any person obtaining a copy
8  * of this software and associated documentation files (the "Software"), to deal
9  * in the Software without restriction, including without limitation the rights
10  * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
11  * copies of the Software, and to permit persons to whom the Software is
12  * furnished to do so, subject to the following conditions:
13  *
14  * The above copyright notice and this permission notice shall be included in
15  * all copies or substantial portions of the Software.
16  *
17  * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
18  * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
19  * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
20  * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
21  * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
22  * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
23  * THE SOFTWARE.
24  */
25 #include <hw/hw.h>
26 #include <hw/pc.h>
27 #include <hw/pci.h>
28 #include <hw/isa.h>
29 #include "qemu-error.h"
30 #include "qemu-timer.h"
31 #include "sysemu.h"
32 #include "dma.h"
33 #include "hw/block-common.h"
34 #include "blockdev.h"
35 
36 #include <hw/ide/internal.h>
37 
38 /* These values were based on a Seagate ST3500418AS but have been modified
39    to make more sense in QEMU */
40 static const int smart_attributes[][12] = {
41     /* id,  flags, hflags, val, wrst, raw (6 bytes), threshold */
42     /* raw read error rate*/
43     { 0x01, 0x03, 0x00, 0x64, 0x64, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x06},
44     /* spin up */
45     { 0x03, 0x03, 0x00, 0x64, 0x64, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
46     /* start stop count */
47     { 0x04, 0x02, 0x00, 0x64, 0x64, 0x64, 0x00, 0x00, 0x00, 0x00, 0x00, 0x14},
48     /* remapped sectors */
49     { 0x05, 0x03, 0x00, 0x64, 0x64, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x24},
50     /* power on hours */
51     { 0x09, 0x03, 0x00, 0x64, 0x64, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
52     /* power cycle count */
53     { 0x0c, 0x03, 0x00, 0x64, 0x64, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
54     /* airflow-temperature-celsius */
55     { 190,  0x03, 0x00, 0x45, 0x45, 0x1f, 0x00, 0x1f, 0x1f, 0x00, 0x00, 0x32},
56     /* end of list */
57     { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}
58 };
59 
60 static int ide_handle_rw_error(IDEState *s, int error, int op);
61 static void ide_dummy_transfer_stop(IDEState *s);
62 
63 static void padstr(char *str, const char *src, int len)
64 {
65     int i, v;
66     for(i = 0; i < len; i++) {
67         if (*src)
68             v = *src++;
69         else
70             v = ' ';
71         str[i^1] = v;
72     }
73 }
74 
75 static void put_le16(uint16_t *p, unsigned int v)
76 {
77     *p = cpu_to_le16(v);
78 }
79 
80 static void ide_identify(IDEState *s)
81 {
82     uint16_t *p;
83     unsigned int oldsize;
84     IDEDevice *dev = s->unit ? s->bus->slave : s->bus->master;
85 
86     if (s->identify_set) {
87 	memcpy(s->io_buffer, s->identify_data, sizeof(s->identify_data));
88 	return;
89     }
90 
91     memset(s->io_buffer, 0, 512);
92     p = (uint16_t *)s->io_buffer;
93     put_le16(p + 0, 0x0040);
94     put_le16(p + 1, s->cylinders);
95     put_le16(p + 3, s->heads);
96     put_le16(p + 4, 512 * s->sectors); /* XXX: retired, remove ? */
97     put_le16(p + 5, 512); /* XXX: retired, remove ? */
98     put_le16(p + 6, s->sectors);
99     padstr((char *)(p + 10), s->drive_serial_str, 20); /* serial number */
100     put_le16(p + 20, 3); /* XXX: retired, remove ? */
101     put_le16(p + 21, 512); /* cache size in sectors */
102     put_le16(p + 22, 4); /* ecc bytes */
103     padstr((char *)(p + 23), s->version, 8); /* firmware version */
104     padstr((char *)(p + 27), s->drive_model_str, 40); /* model */
105 #if MAX_MULT_SECTORS > 1
106     put_le16(p + 47, 0x8000 | MAX_MULT_SECTORS);
107 #endif
108     put_le16(p + 48, 1); /* dword I/O */
109     put_le16(p + 49, (1 << 11) | (1 << 9) | (1 << 8)); /* DMA and LBA supported */
110     put_le16(p + 51, 0x200); /* PIO transfer cycle */
111     put_le16(p + 52, 0x200); /* DMA transfer cycle */
112     put_le16(p + 53, 1 | (1 << 1) | (1 << 2)); /* words 54-58,64-70,88 are valid */
113     put_le16(p + 54, s->cylinders);
114     put_le16(p + 55, s->heads);
115     put_le16(p + 56, s->sectors);
116     oldsize = s->cylinders * s->heads * s->sectors;
117     put_le16(p + 57, oldsize);
118     put_le16(p + 58, oldsize >> 16);
119     if (s->mult_sectors)
120         put_le16(p + 59, 0x100 | s->mult_sectors);
121     put_le16(p + 60, s->nb_sectors);
122     put_le16(p + 61, s->nb_sectors >> 16);
123     put_le16(p + 62, 0x07); /* single word dma0-2 supported */
124     put_le16(p + 63, 0x07); /* mdma0-2 supported */
125     put_le16(p + 64, 0x03); /* pio3-4 supported */
126     put_le16(p + 65, 120);
127     put_le16(p + 66, 120);
128     put_le16(p + 67, 120);
129     put_le16(p + 68, 120);
130     if (dev && dev->conf.discard_granularity) {
131         put_le16(p + 69, (1 << 14)); /* determinate TRIM behavior */
132     }
133 
134     if (s->ncq_queues) {
135         put_le16(p + 75, s->ncq_queues - 1);
136         /* NCQ supported */
137         put_le16(p + 76, (1 << 8));
138     }
139 
140     put_le16(p + 80, 0xf0); /* ata3 -> ata6 supported */
141     put_le16(p + 81, 0x16); /* conforms to ata5 */
142     /* 14=NOP supported, 5=WCACHE supported, 0=SMART supported */
143     put_le16(p + 82, (1 << 14) | (1 << 5) | 1);
144     /* 13=flush_cache_ext,12=flush_cache,10=lba48 */
145     put_le16(p + 83, (1 << 14) | (1 << 13) | (1 <<12) | (1 << 10));
146     /* 14=set to 1, 8=has WWN, 1=SMART self test, 0=SMART error logging */
147     if (s->wwn) {
148         put_le16(p + 84, (1 << 14) | (1 << 8) | 0);
149     } else {
150         put_le16(p + 84, (1 << 14) | 0);
151     }
152     /* 14 = NOP supported, 5=WCACHE enabled, 0=SMART feature set enabled */
153     if (bdrv_enable_write_cache(s->bs))
154          put_le16(p + 85, (1 << 14) | (1 << 5) | 1);
155     else
156          put_le16(p + 85, (1 << 14) | 1);
157     /* 13=flush_cache_ext,12=flush_cache,10=lba48 */
158     put_le16(p + 86, (1 << 13) | (1 <<12) | (1 << 10));
159     /* 14=set to 1, 8=has WWN, 1=SMART self test, 0=SMART error logging */
160     if (s->wwn) {
161         put_le16(p + 87, (1 << 14) | (1 << 8) | 0);
162     } else {
163         put_le16(p + 87, (1 << 14) | 0);
164     }
165     put_le16(p + 88, 0x3f | (1 << 13)); /* udma5 set and supported */
166     put_le16(p + 93, 1 | (1 << 14) | 0x2000);
167     put_le16(p + 100, s->nb_sectors);
168     put_le16(p + 101, s->nb_sectors >> 16);
169     put_le16(p + 102, s->nb_sectors >> 32);
170     put_le16(p + 103, s->nb_sectors >> 48);
171 
172     if (dev && dev->conf.physical_block_size)
173         put_le16(p + 106, 0x6000 | get_physical_block_exp(&dev->conf));
174     if (s->wwn) {
175         /* LE 16-bit words 111-108 contain 64-bit World Wide Name */
176         put_le16(p + 108, s->wwn >> 48);
177         put_le16(p + 109, s->wwn >> 32);
178         put_le16(p + 110, s->wwn >> 16);
179         put_le16(p + 111, s->wwn);
180     }
181     if (dev && dev->conf.discard_granularity) {
182         put_le16(p + 169, 1); /* TRIM support */
183     }
184 
185     memcpy(s->identify_data, p, sizeof(s->identify_data));
186     s->identify_set = 1;
187 }
188 
189 static void ide_atapi_identify(IDEState *s)
190 {
191     uint16_t *p;
192 
193     if (s->identify_set) {
194 	memcpy(s->io_buffer, s->identify_data, sizeof(s->identify_data));
195 	return;
196     }
197 
198     memset(s->io_buffer, 0, 512);
199     p = (uint16_t *)s->io_buffer;
200     /* Removable CDROM, 50us response, 12 byte packets */
201     put_le16(p + 0, (2 << 14) | (5 << 8) | (1 << 7) | (2 << 5) | (0 << 0));
202     padstr((char *)(p + 10), s->drive_serial_str, 20); /* serial number */
203     put_le16(p + 20, 3); /* buffer type */
204     put_le16(p + 21, 512); /* cache size in sectors */
205     put_le16(p + 22, 4); /* ecc bytes */
206     padstr((char *)(p + 23), s->version, 8); /* firmware version */
207     padstr((char *)(p + 27), s->drive_model_str, 40); /* model */
208     put_le16(p + 48, 1); /* dword I/O (XXX: should not be set on CDROM) */
209 #ifdef USE_DMA_CDROM
210     put_le16(p + 49, 1 << 9 | 1 << 8); /* DMA and LBA supported */
211     put_le16(p + 53, 7); /* words 64-70, 54-58, 88 valid */
212     put_le16(p + 62, 7);  /* single word dma0-2 supported */
213     put_le16(p + 63, 7);  /* mdma0-2 supported */
214 #else
215     put_le16(p + 49, 1 << 9); /* LBA supported, no DMA */
216     put_le16(p + 53, 3); /* words 64-70, 54-58 valid */
217     put_le16(p + 63, 0x103); /* DMA modes XXX: may be incorrect */
218 #endif
219     put_le16(p + 64, 3); /* pio3-4 supported */
220     put_le16(p + 65, 0xb4); /* minimum DMA multiword tx cycle time */
221     put_le16(p + 66, 0xb4); /* recommended DMA multiword tx cycle time */
222     put_le16(p + 67, 0x12c); /* minimum PIO cycle time without flow control */
223     put_le16(p + 68, 0xb4); /* minimum PIO cycle time with IORDY flow control */
224 
225     put_le16(p + 71, 30); /* in ns */
226     put_le16(p + 72, 30); /* in ns */
227 
228     if (s->ncq_queues) {
229         put_le16(p + 75, s->ncq_queues - 1);
230         /* NCQ supported */
231         put_le16(p + 76, (1 << 8));
232     }
233 
234     put_le16(p + 80, 0x1e); /* support up to ATA/ATAPI-4 */
235 #ifdef USE_DMA_CDROM
236     put_le16(p + 88, 0x3f | (1 << 13)); /* udma5 set and supported */
237 #endif
238     memcpy(s->identify_data, p, sizeof(s->identify_data));
239     s->identify_set = 1;
240 }
241 
242 static void ide_cfata_identify(IDEState *s)
243 {
244     uint16_t *p;
245     uint32_t cur_sec;
246 
247     p = (uint16_t *) s->identify_data;
248     if (s->identify_set)
249         goto fill_buffer;
250 
251     memset(p, 0, sizeof(s->identify_data));
252 
253     cur_sec = s->cylinders * s->heads * s->sectors;
254 
255     put_le16(p + 0, 0x848a);			/* CF Storage Card signature */
256     put_le16(p + 1, s->cylinders);		/* Default cylinders */
257     put_le16(p + 3, s->heads);			/* Default heads */
258     put_le16(p + 6, s->sectors);		/* Default sectors per track */
259     put_le16(p + 7, s->nb_sectors >> 16);	/* Sectors per card */
260     put_le16(p + 8, s->nb_sectors);		/* Sectors per card */
261     padstr((char *)(p + 10), s->drive_serial_str, 20); /* serial number */
262     put_le16(p + 22, 0x0004);			/* ECC bytes */
263     padstr((char *) (p + 23), s->version, 8);	/* Firmware Revision */
264     padstr((char *) (p + 27), s->drive_model_str, 40);/* Model number */
265 #if MAX_MULT_SECTORS > 1
266     put_le16(p + 47, 0x8000 | MAX_MULT_SECTORS);
267 #else
268     put_le16(p + 47, 0x0000);
269 #endif
270     put_le16(p + 49, 0x0f00);			/* Capabilities */
271     put_le16(p + 51, 0x0002);			/* PIO cycle timing mode */
272     put_le16(p + 52, 0x0001);			/* DMA cycle timing mode */
273     put_le16(p + 53, 0x0003);			/* Translation params valid */
274     put_le16(p + 54, s->cylinders);		/* Current cylinders */
275     put_le16(p + 55, s->heads);			/* Current heads */
276     put_le16(p + 56, s->sectors);		/* Current sectors */
277     put_le16(p + 57, cur_sec);			/* Current capacity */
278     put_le16(p + 58, cur_sec >> 16);		/* Current capacity */
279     if (s->mult_sectors)			/* Multiple sector setting */
280         put_le16(p + 59, 0x100 | s->mult_sectors);
281     put_le16(p + 60, s->nb_sectors);		/* Total LBA sectors */
282     put_le16(p + 61, s->nb_sectors >> 16);	/* Total LBA sectors */
283     put_le16(p + 63, 0x0203);			/* Multiword DMA capability */
284     put_le16(p + 64, 0x0001);			/* Flow Control PIO support */
285     put_le16(p + 65, 0x0096);			/* Min. Multiword DMA cycle */
286     put_le16(p + 66, 0x0096);			/* Rec. Multiword DMA cycle */
287     put_le16(p + 68, 0x00b4);			/* Min. PIO cycle time */
288     put_le16(p + 82, 0x400c);			/* Command Set supported */
289     put_le16(p + 83, 0x7068);			/* Command Set supported */
290     put_le16(p + 84, 0x4000);			/* Features supported */
291     put_le16(p + 85, 0x000c);			/* Command Set enabled */
292     put_le16(p + 86, 0x7044);			/* Command Set enabled */
293     put_le16(p + 87, 0x4000);			/* Features enabled */
294     put_le16(p + 91, 0x4060);			/* Current APM level */
295     put_le16(p + 129, 0x0002);			/* Current features option */
296     put_le16(p + 130, 0x0005);			/* Reassigned sectors */
297     put_le16(p + 131, 0x0001);			/* Initial power mode */
298     put_le16(p + 132, 0x0000);			/* User signature */
299     put_le16(p + 160, 0x8100);			/* Power requirement */
300     put_le16(p + 161, 0x8001);			/* CF command set */
301 
302     s->identify_set = 1;
303 
304 fill_buffer:
305     memcpy(s->io_buffer, p, sizeof(s->identify_data));
306 }
307 
308 static void ide_set_signature(IDEState *s)
309 {
310     s->select &= 0xf0; /* clear head */
311     /* put signature */
312     s->nsector = 1;
313     s->sector = 1;
314     if (s->drive_kind == IDE_CD) {
315         s->lcyl = 0x14;
316         s->hcyl = 0xeb;
317     } else if (s->bs) {
318         s->lcyl = 0;
319         s->hcyl = 0;
320     } else {
321         s->lcyl = 0xff;
322         s->hcyl = 0xff;
323     }
324 }
325 
326 typedef struct TrimAIOCB {
327     BlockDriverAIOCB common;
328     QEMUBH *bh;
329     int ret;
330 } TrimAIOCB;
331 
332 static void trim_aio_cancel(BlockDriverAIOCB *acb)
333 {
334     TrimAIOCB *iocb = container_of(acb, TrimAIOCB, common);
335 
336     qemu_bh_delete(iocb->bh);
337     iocb->bh = NULL;
338     qemu_aio_release(iocb);
339 }
340 
341 static AIOPool trim_aio_pool = {
342     .aiocb_size         = sizeof(TrimAIOCB),
343     .cancel             = trim_aio_cancel,
344 };
345 
346 static void ide_trim_bh_cb(void *opaque)
347 {
348     TrimAIOCB *iocb = opaque;
349 
350     iocb->common.cb(iocb->common.opaque, iocb->ret);
351 
352     qemu_bh_delete(iocb->bh);
353     iocb->bh = NULL;
354 
355     qemu_aio_release(iocb);
356 }
357 
358 BlockDriverAIOCB *ide_issue_trim(BlockDriverState *bs,
359         int64_t sector_num, QEMUIOVector *qiov, int nb_sectors,
360         BlockDriverCompletionFunc *cb, void *opaque)
361 {
362     TrimAIOCB *iocb;
363     int i, j, ret;
364 
365     iocb = qemu_aio_get(&trim_aio_pool, bs, cb, opaque);
366     iocb->bh = qemu_bh_new(ide_trim_bh_cb, iocb);
367     iocb->ret = 0;
368 
369     for (j = 0; j < qiov->niov; j++) {
370         uint64_t *buffer = qiov->iov[j].iov_base;
371 
372         for (i = 0; i < qiov->iov[j].iov_len / 8; i++) {
373             /* 6-byte LBA + 2-byte range per entry */
374             uint64_t entry = le64_to_cpu(buffer[i]);
375             uint64_t sector = entry & 0x0000ffffffffffffULL;
376             uint16_t count = entry >> 48;
377 
378             if (count == 0) {
379                 break;
380             }
381 
382             ret = bdrv_discard(bs, sector, count);
383             if (!iocb->ret) {
384                 iocb->ret = ret;
385             }
386         }
387     }
388 
389     qemu_bh_schedule(iocb->bh);
390 
391     return &iocb->common;
392 }
393 
394 static inline void ide_abort_command(IDEState *s)
395 {
396     s->status = READY_STAT | ERR_STAT;
397     s->error = ABRT_ERR;
398 }
399 
400 /* prepare data transfer and tell what to do after */
401 void ide_transfer_start(IDEState *s, uint8_t *buf, int size,
402                         EndTransferFunc *end_transfer_func)
403 {
404     s->end_transfer_func = end_transfer_func;
405     s->data_ptr = buf;
406     s->data_end = buf + size;
407     if (!(s->status & ERR_STAT)) {
408         s->status |= DRQ_STAT;
409     }
410     s->bus->dma->ops->start_transfer(s->bus->dma);
411 }
412 
413 void ide_transfer_stop(IDEState *s)
414 {
415     s->end_transfer_func = ide_transfer_stop;
416     s->data_ptr = s->io_buffer;
417     s->data_end = s->io_buffer;
418     s->status &= ~DRQ_STAT;
419 }
420 
421 int64_t ide_get_sector(IDEState *s)
422 {
423     int64_t sector_num;
424     if (s->select & 0x40) {
425         /* lba */
426 	if (!s->lba48) {
427 	    sector_num = ((s->select & 0x0f) << 24) | (s->hcyl << 16) |
428 		(s->lcyl << 8) | s->sector;
429 	} else {
430 	    sector_num = ((int64_t)s->hob_hcyl << 40) |
431 		((int64_t) s->hob_lcyl << 32) |
432 		((int64_t) s->hob_sector << 24) |
433 		((int64_t) s->hcyl << 16) |
434 		((int64_t) s->lcyl << 8) | s->sector;
435 	}
436     } else {
437         sector_num = ((s->hcyl << 8) | s->lcyl) * s->heads * s->sectors +
438             (s->select & 0x0f) * s->sectors + (s->sector - 1);
439     }
440     return sector_num;
441 }
442 
443 void ide_set_sector(IDEState *s, int64_t sector_num)
444 {
445     unsigned int cyl, r;
446     if (s->select & 0x40) {
447 	if (!s->lba48) {
448             s->select = (s->select & 0xf0) | (sector_num >> 24);
449             s->hcyl = (sector_num >> 16);
450             s->lcyl = (sector_num >> 8);
451             s->sector = (sector_num);
452 	} else {
453 	    s->sector = sector_num;
454 	    s->lcyl = sector_num >> 8;
455 	    s->hcyl = sector_num >> 16;
456 	    s->hob_sector = sector_num >> 24;
457 	    s->hob_lcyl = sector_num >> 32;
458 	    s->hob_hcyl = sector_num >> 40;
459 	}
460     } else {
461         cyl = sector_num / (s->heads * s->sectors);
462         r = sector_num % (s->heads * s->sectors);
463         s->hcyl = cyl >> 8;
464         s->lcyl = cyl;
465         s->select = (s->select & 0xf0) | ((r / s->sectors) & 0x0f);
466         s->sector = (r % s->sectors) + 1;
467     }
468 }
469 
470 static void ide_rw_error(IDEState *s) {
471     ide_abort_command(s);
472     ide_set_irq(s->bus);
473 }
474 
475 static void ide_sector_read_cb(void *opaque, int ret)
476 {
477     IDEState *s = opaque;
478     int n;
479 
480     s->pio_aiocb = NULL;
481     s->status &= ~BUSY_STAT;
482 
483     bdrv_acct_done(s->bs, &s->acct);
484     if (ret != 0) {
485         if (ide_handle_rw_error(s, -ret, BM_STATUS_PIO_RETRY |
486                                 BM_STATUS_RETRY_READ)) {
487             return;
488         }
489     }
490 
491     n = s->nsector;
492     if (n > s->req_nb_sectors) {
493         n = s->req_nb_sectors;
494     }
495 
496     /* Allow the guest to read the io_buffer */
497     ide_transfer_start(s, s->io_buffer, n * BDRV_SECTOR_SIZE, ide_sector_read);
498 
499     ide_set_irq(s->bus);
500 
501     ide_set_sector(s, ide_get_sector(s) + n);
502     s->nsector -= n;
503 }
504 
505 void ide_sector_read(IDEState *s)
506 {
507     int64_t sector_num;
508     int n;
509 
510     s->status = READY_STAT | SEEK_STAT;
511     s->error = 0; /* not needed by IDE spec, but needed by Windows */
512     sector_num = ide_get_sector(s);
513     n = s->nsector;
514 
515     if (n == 0) {
516         ide_transfer_stop(s);
517         return;
518     }
519 
520     s->status |= BUSY_STAT;
521 
522     if (n > s->req_nb_sectors) {
523         n = s->req_nb_sectors;
524     }
525 
526 #if defined(DEBUG_IDE)
527     printf("sector=%" PRId64 "\n", sector_num);
528 #endif
529 
530     s->iov.iov_base = s->io_buffer;
531     s->iov.iov_len  = n * BDRV_SECTOR_SIZE;
532     qemu_iovec_init_external(&s->qiov, &s->iov, 1);
533 
534     bdrv_acct_start(s->bs, &s->acct, n * BDRV_SECTOR_SIZE, BDRV_ACCT_READ);
535     s->pio_aiocb = bdrv_aio_readv(s->bs, sector_num, &s->qiov, n,
536                                   ide_sector_read_cb, s);
537 }
538 
539 static void dma_buf_commit(IDEState *s)
540 {
541     qemu_sglist_destroy(&s->sg);
542 }
543 
544 void ide_set_inactive(IDEState *s)
545 {
546     s->bus->dma->aiocb = NULL;
547     s->bus->dma->ops->set_inactive(s->bus->dma);
548 }
549 
550 void ide_dma_error(IDEState *s)
551 {
552     ide_transfer_stop(s);
553     s->error = ABRT_ERR;
554     s->status = READY_STAT | ERR_STAT;
555     ide_set_inactive(s);
556     ide_set_irq(s->bus);
557 }
558 
559 static int ide_handle_rw_error(IDEState *s, int error, int op)
560 {
561     int is_read = (op & BM_STATUS_RETRY_READ);
562     BlockErrorAction action = bdrv_get_on_error(s->bs, is_read);
563 
564     if (action == BLOCK_ERR_IGNORE) {
565         bdrv_emit_qmp_error_event(s->bs, BDRV_ACTION_IGNORE, is_read);
566         return 0;
567     }
568 
569     if ((error == ENOSPC && action == BLOCK_ERR_STOP_ENOSPC)
570             || action == BLOCK_ERR_STOP_ANY) {
571         s->bus->dma->ops->set_unit(s->bus->dma, s->unit);
572         s->bus->error_status = op;
573         bdrv_emit_qmp_error_event(s->bs, BDRV_ACTION_STOP, is_read);
574         vm_stop(RUN_STATE_IO_ERROR);
575         bdrv_iostatus_set_err(s->bs, error);
576     } else {
577         if (op & BM_STATUS_DMA_RETRY) {
578             dma_buf_commit(s);
579             ide_dma_error(s);
580         } else {
581             ide_rw_error(s);
582         }
583         bdrv_emit_qmp_error_event(s->bs, BDRV_ACTION_REPORT, is_read);
584     }
585 
586     return 1;
587 }
588 
589 void ide_dma_cb(void *opaque, int ret)
590 {
591     IDEState *s = opaque;
592     int n;
593     int64_t sector_num;
594 
595     if (ret < 0) {
596         int op = BM_STATUS_DMA_RETRY;
597 
598         if (s->dma_cmd == IDE_DMA_READ)
599             op |= BM_STATUS_RETRY_READ;
600         else if (s->dma_cmd == IDE_DMA_TRIM)
601             op |= BM_STATUS_RETRY_TRIM;
602 
603         if (ide_handle_rw_error(s, -ret, op)) {
604             return;
605         }
606     }
607 
608     n = s->io_buffer_size >> 9;
609     sector_num = ide_get_sector(s);
610     if (n > 0) {
611         dma_buf_commit(s);
612         sector_num += n;
613         ide_set_sector(s, sector_num);
614         s->nsector -= n;
615     }
616 
617     /* end of transfer ? */
618     if (s->nsector == 0) {
619         s->status = READY_STAT | SEEK_STAT;
620         ide_set_irq(s->bus);
621         goto eot;
622     }
623 
624     /* launch next transfer */
625     n = s->nsector;
626     s->io_buffer_index = 0;
627     s->io_buffer_size = n * 512;
628     if (s->bus->dma->ops->prepare_buf(s->bus->dma, ide_cmd_is_read(s)) == 0) {
629         /* The PRDs were too short. Reset the Active bit, but don't raise an
630          * interrupt. */
631         goto eot;
632     }
633 
634 #ifdef DEBUG_AIO
635     printf("ide_dma_cb: sector_num=%" PRId64 " n=%d, cmd_cmd=%d\n",
636            sector_num, n, s->dma_cmd);
637 #endif
638 
639     switch (s->dma_cmd) {
640     case IDE_DMA_READ:
641         s->bus->dma->aiocb = dma_bdrv_read(s->bs, &s->sg, sector_num,
642                                            ide_dma_cb, s);
643         break;
644     case IDE_DMA_WRITE:
645         s->bus->dma->aiocb = dma_bdrv_write(s->bs, &s->sg, sector_num,
646                                             ide_dma_cb, s);
647         break;
648     case IDE_DMA_TRIM:
649         s->bus->dma->aiocb = dma_bdrv_io(s->bs, &s->sg, sector_num,
650                                          ide_issue_trim, ide_dma_cb, s,
651                                          DMA_DIRECTION_TO_DEVICE);
652         break;
653     }
654     return;
655 
656 eot:
657     if (s->dma_cmd == IDE_DMA_READ || s->dma_cmd == IDE_DMA_WRITE) {
658         bdrv_acct_done(s->bs, &s->acct);
659     }
660     ide_set_inactive(s);
661 }
662 
663 static void ide_sector_start_dma(IDEState *s, enum ide_dma_cmd dma_cmd)
664 {
665     s->status = READY_STAT | SEEK_STAT | DRQ_STAT | BUSY_STAT;
666     s->io_buffer_index = 0;
667     s->io_buffer_size = 0;
668     s->dma_cmd = dma_cmd;
669 
670     switch (dma_cmd) {
671     case IDE_DMA_READ:
672         bdrv_acct_start(s->bs, &s->acct, s->nsector * BDRV_SECTOR_SIZE,
673                         BDRV_ACCT_READ);
674         break;
675     case IDE_DMA_WRITE:
676         bdrv_acct_start(s->bs, &s->acct, s->nsector * BDRV_SECTOR_SIZE,
677                         BDRV_ACCT_WRITE);
678         break;
679     default:
680         break;
681     }
682 
683     s->bus->dma->ops->start_dma(s->bus->dma, s, ide_dma_cb);
684 }
685 
686 static void ide_sector_write_timer_cb(void *opaque)
687 {
688     IDEState *s = opaque;
689     ide_set_irq(s->bus);
690 }
691 
692 static void ide_sector_write_cb(void *opaque, int ret)
693 {
694     IDEState *s = opaque;
695     int n;
696 
697     bdrv_acct_done(s->bs, &s->acct);
698 
699     s->pio_aiocb = NULL;
700     s->status &= ~BUSY_STAT;
701 
702     if (ret != 0) {
703         if (ide_handle_rw_error(s, -ret, BM_STATUS_PIO_RETRY)) {
704             return;
705         }
706     }
707 
708     n = s->nsector;
709     if (n > s->req_nb_sectors) {
710         n = s->req_nb_sectors;
711     }
712     s->nsector -= n;
713     if (s->nsector == 0) {
714         /* no more sectors to write */
715         ide_transfer_stop(s);
716     } else {
717         int n1 = s->nsector;
718         if (n1 > s->req_nb_sectors) {
719             n1 = s->req_nb_sectors;
720         }
721         ide_transfer_start(s, s->io_buffer, n1 * BDRV_SECTOR_SIZE,
722                            ide_sector_write);
723     }
724     ide_set_sector(s, ide_get_sector(s) + n);
725 
726     if (win2k_install_hack && ((++s->irq_count % 16) == 0)) {
727         /* It seems there is a bug in the Windows 2000 installer HDD
728            IDE driver which fills the disk with empty logs when the
729            IDE write IRQ comes too early. This hack tries to correct
730            that at the expense of slower write performances. Use this
731            option _only_ to install Windows 2000. You must disable it
732            for normal use. */
733         qemu_mod_timer(s->sector_write_timer,
734                        qemu_get_clock_ns(vm_clock) + (get_ticks_per_sec() / 1000));
735     } else {
736         ide_set_irq(s->bus);
737     }
738 }
739 
740 void ide_sector_write(IDEState *s)
741 {
742     int64_t sector_num;
743     int n;
744 
745     s->status = READY_STAT | SEEK_STAT | BUSY_STAT;
746     sector_num = ide_get_sector(s);
747 #if defined(DEBUG_IDE)
748     printf("sector=%" PRId64 "\n", sector_num);
749 #endif
750     n = s->nsector;
751     if (n > s->req_nb_sectors) {
752         n = s->req_nb_sectors;
753     }
754 
755     s->iov.iov_base = s->io_buffer;
756     s->iov.iov_len  = n * BDRV_SECTOR_SIZE;
757     qemu_iovec_init_external(&s->qiov, &s->iov, 1);
758 
759     bdrv_acct_start(s->bs, &s->acct, n * BDRV_SECTOR_SIZE, BDRV_ACCT_READ);
760     s->pio_aiocb = bdrv_aio_writev(s->bs, sector_num, &s->qiov, n,
761                                    ide_sector_write_cb, s);
762 }
763 
764 static void ide_flush_cb(void *opaque, int ret)
765 {
766     IDEState *s = opaque;
767 
768     if (ret < 0) {
769         /* XXX: What sector number to set here? */
770         if (ide_handle_rw_error(s, -ret, BM_STATUS_RETRY_FLUSH)) {
771             return;
772         }
773     }
774 
775     bdrv_acct_done(s->bs, &s->acct);
776     s->status = READY_STAT | SEEK_STAT;
777     ide_set_irq(s->bus);
778 }
779 
780 void ide_flush_cache(IDEState *s)
781 {
782     if (s->bs == NULL) {
783         ide_flush_cb(s, 0);
784         return;
785     }
786 
787     bdrv_acct_start(s->bs, &s->acct, 0, BDRV_ACCT_FLUSH);
788     bdrv_aio_flush(s->bs, ide_flush_cb, s);
789 }
790 
791 static void ide_cfata_metadata_inquiry(IDEState *s)
792 {
793     uint16_t *p;
794     uint32_t spd;
795 
796     p = (uint16_t *) s->io_buffer;
797     memset(p, 0, 0x200);
798     spd = ((s->mdata_size - 1) >> 9) + 1;
799 
800     put_le16(p + 0, 0x0001);			/* Data format revision */
801     put_le16(p + 1, 0x0000);			/* Media property: silicon */
802     put_le16(p + 2, s->media_changed);		/* Media status */
803     put_le16(p + 3, s->mdata_size & 0xffff);	/* Capacity in bytes (low) */
804     put_le16(p + 4, s->mdata_size >> 16);	/* Capacity in bytes (high) */
805     put_le16(p + 5, spd & 0xffff);		/* Sectors per device (low) */
806     put_le16(p + 6, spd >> 16);			/* Sectors per device (high) */
807 }
808 
809 static void ide_cfata_metadata_read(IDEState *s)
810 {
811     uint16_t *p;
812 
813     if (((s->hcyl << 16) | s->lcyl) << 9 > s->mdata_size + 2) {
814         s->status = ERR_STAT;
815         s->error = ABRT_ERR;
816         return;
817     }
818 
819     p = (uint16_t *) s->io_buffer;
820     memset(p, 0, 0x200);
821 
822     put_le16(p + 0, s->media_changed);		/* Media status */
823     memcpy(p + 1, s->mdata_storage + (((s->hcyl << 16) | s->lcyl) << 9),
824                     MIN(MIN(s->mdata_size - (((s->hcyl << 16) | s->lcyl) << 9),
825                                     s->nsector << 9), 0x200 - 2));
826 }
827 
828 static void ide_cfata_metadata_write(IDEState *s)
829 {
830     if (((s->hcyl << 16) | s->lcyl) << 9 > s->mdata_size + 2) {
831         s->status = ERR_STAT;
832         s->error = ABRT_ERR;
833         return;
834     }
835 
836     s->media_changed = 0;
837 
838     memcpy(s->mdata_storage + (((s->hcyl << 16) | s->lcyl) << 9),
839                     s->io_buffer + 2,
840                     MIN(MIN(s->mdata_size - (((s->hcyl << 16) | s->lcyl) << 9),
841                                     s->nsector << 9), 0x200 - 2));
842 }
843 
844 /* called when the inserted state of the media has changed */
845 static void ide_cd_change_cb(void *opaque, bool load)
846 {
847     IDEState *s = opaque;
848     uint64_t nb_sectors;
849 
850     s->tray_open = !load;
851     bdrv_get_geometry(s->bs, &nb_sectors);
852     s->nb_sectors = nb_sectors;
853 
854     /*
855      * First indicate to the guest that a CD has been removed.  That's
856      * done on the next command the guest sends us.
857      *
858      * Then we set UNIT_ATTENTION, by which the guest will
859      * detect a new CD in the drive.  See ide_atapi_cmd() for details.
860      */
861     s->cdrom_changed = 1;
862     s->events.new_media = true;
863     s->events.eject_request = false;
864     ide_set_irq(s->bus);
865 }
866 
867 static void ide_cd_eject_request_cb(void *opaque, bool force)
868 {
869     IDEState *s = opaque;
870 
871     s->events.eject_request = true;
872     if (force) {
873         s->tray_locked = false;
874     }
875     ide_set_irq(s->bus);
876 }
877 
878 static void ide_cmd_lba48_transform(IDEState *s, int lba48)
879 {
880     s->lba48 = lba48;
881 
882     /* handle the 'magic' 0 nsector count conversion here. to avoid
883      * fiddling with the rest of the read logic, we just store the
884      * full sector count in ->nsector and ignore ->hob_nsector from now
885      */
886     if (!s->lba48) {
887 	if (!s->nsector)
888 	    s->nsector = 256;
889     } else {
890 	if (!s->nsector && !s->hob_nsector)
891 	    s->nsector = 65536;
892 	else {
893 	    int lo = s->nsector;
894 	    int hi = s->hob_nsector;
895 
896 	    s->nsector = (hi << 8) | lo;
897 	}
898     }
899 }
900 
901 static void ide_clear_hob(IDEBus *bus)
902 {
903     /* any write clears HOB high bit of device control register */
904     bus->ifs[0].select &= ~(1 << 7);
905     bus->ifs[1].select &= ~(1 << 7);
906 }
907 
908 void ide_ioport_write(void *opaque, uint32_t addr, uint32_t val)
909 {
910     IDEBus *bus = opaque;
911 
912 #ifdef DEBUG_IDE
913     printf("IDE: write addr=0x%x val=0x%02x\n", addr, val);
914 #endif
915 
916     addr &= 7;
917 
918     /* ignore writes to command block while busy with previous command */
919     if (addr != 7 && (idebus_active_if(bus)->status & (BUSY_STAT|DRQ_STAT)))
920         return;
921 
922     switch(addr) {
923     case 0:
924         break;
925     case 1:
926 	ide_clear_hob(bus);
927         /* NOTE: data is written to the two drives */
928 	bus->ifs[0].hob_feature = bus->ifs[0].feature;
929 	bus->ifs[1].hob_feature = bus->ifs[1].feature;
930         bus->ifs[0].feature = val;
931         bus->ifs[1].feature = val;
932         break;
933     case 2:
934 	ide_clear_hob(bus);
935 	bus->ifs[0].hob_nsector = bus->ifs[0].nsector;
936 	bus->ifs[1].hob_nsector = bus->ifs[1].nsector;
937         bus->ifs[0].nsector = val;
938         bus->ifs[1].nsector = val;
939         break;
940     case 3:
941 	ide_clear_hob(bus);
942 	bus->ifs[0].hob_sector = bus->ifs[0].sector;
943 	bus->ifs[1].hob_sector = bus->ifs[1].sector;
944         bus->ifs[0].sector = val;
945         bus->ifs[1].sector = val;
946         break;
947     case 4:
948 	ide_clear_hob(bus);
949 	bus->ifs[0].hob_lcyl = bus->ifs[0].lcyl;
950 	bus->ifs[1].hob_lcyl = bus->ifs[1].lcyl;
951         bus->ifs[0].lcyl = val;
952         bus->ifs[1].lcyl = val;
953         break;
954     case 5:
955 	ide_clear_hob(bus);
956 	bus->ifs[0].hob_hcyl = bus->ifs[0].hcyl;
957 	bus->ifs[1].hob_hcyl = bus->ifs[1].hcyl;
958         bus->ifs[0].hcyl = val;
959         bus->ifs[1].hcyl = val;
960         break;
961     case 6:
962 	/* FIXME: HOB readback uses bit 7 */
963         bus->ifs[0].select = (val & ~0x10) | 0xa0;
964         bus->ifs[1].select = (val | 0x10) | 0xa0;
965         /* select drive */
966         bus->unit = (val >> 4) & 1;
967         break;
968     default:
969     case 7:
970         /* command */
971         ide_exec_cmd(bus, val);
972         break;
973     }
974 }
975 
976 #define HD_OK (1u << IDE_HD)
977 #define CD_OK (1u << IDE_CD)
978 #define CFA_OK (1u << IDE_CFATA)
979 #define HD_CFA_OK (HD_OK | CFA_OK)
980 #define ALL_OK (HD_OK | CD_OK | CFA_OK)
981 
982 /* See ACS-2 T13/2015-D Table B.2 Command codes */
983 static const uint8_t ide_cmd_table[0x100] = {
984     /* NOP not implemented, mandatory for CD */
985     [CFA_REQ_EXT_ERROR_CODE]            = CFA_OK,
986     [WIN_DSM]                           = ALL_OK,
987     [WIN_DEVICE_RESET]                  = CD_OK,
988     [WIN_RECAL]                         = HD_CFA_OK,
989     [WIN_READ]                          = ALL_OK,
990     [WIN_READ_ONCE]                     = ALL_OK,
991     [WIN_READ_EXT]                      = HD_CFA_OK,
992     [WIN_READDMA_EXT]                   = HD_CFA_OK,
993     [WIN_READ_NATIVE_MAX_EXT]           = HD_CFA_OK,
994     [WIN_MULTREAD_EXT]                  = HD_CFA_OK,
995     [WIN_WRITE]                         = HD_CFA_OK,
996     [WIN_WRITE_ONCE]                    = HD_CFA_OK,
997     [WIN_WRITE_EXT]                     = HD_CFA_OK,
998     [WIN_WRITEDMA_EXT]                  = HD_CFA_OK,
999     [CFA_WRITE_SECT_WO_ERASE]           = CFA_OK,
1000     [WIN_MULTWRITE_EXT]                 = HD_CFA_OK,
1001     [WIN_WRITE_VERIFY]                  = HD_CFA_OK,
1002     [WIN_VERIFY]                        = HD_CFA_OK,
1003     [WIN_VERIFY_ONCE]                   = HD_CFA_OK,
1004     [WIN_VERIFY_EXT]                    = HD_CFA_OK,
1005     [WIN_SEEK]                          = HD_CFA_OK,
1006     [CFA_TRANSLATE_SECTOR]              = CFA_OK,
1007     [WIN_DIAGNOSE]                      = ALL_OK,
1008     [WIN_SPECIFY]                       = HD_CFA_OK,
1009     [WIN_STANDBYNOW2]                   = ALL_OK,
1010     [WIN_IDLEIMMEDIATE2]                = ALL_OK,
1011     [WIN_STANDBY2]                      = ALL_OK,
1012     [WIN_SETIDLE2]                      = ALL_OK,
1013     [WIN_CHECKPOWERMODE2]               = ALL_OK,
1014     [WIN_SLEEPNOW2]                     = ALL_OK,
1015     [WIN_PACKETCMD]                     = CD_OK,
1016     [WIN_PIDENTIFY]                     = CD_OK,
1017     [WIN_SMART]                         = HD_CFA_OK,
1018     [CFA_ACCESS_METADATA_STORAGE]       = CFA_OK,
1019     [CFA_ERASE_SECTORS]                 = CFA_OK,
1020     [WIN_MULTREAD]                      = HD_CFA_OK,
1021     [WIN_MULTWRITE]                     = HD_CFA_OK,
1022     [WIN_SETMULT]                       = HD_CFA_OK,
1023     [WIN_READDMA]                       = HD_CFA_OK,
1024     [WIN_READDMA_ONCE]                  = HD_CFA_OK,
1025     [WIN_WRITEDMA]                      = HD_CFA_OK,
1026     [WIN_WRITEDMA_ONCE]                 = HD_CFA_OK,
1027     [CFA_WRITE_MULTI_WO_ERASE]          = CFA_OK,
1028     [WIN_STANDBYNOW1]                   = ALL_OK,
1029     [WIN_IDLEIMMEDIATE]                 = ALL_OK,
1030     [WIN_STANDBY]                       = ALL_OK,
1031     [WIN_SETIDLE1]                      = ALL_OK,
1032     [WIN_CHECKPOWERMODE1]               = ALL_OK,
1033     [WIN_SLEEPNOW1]                     = ALL_OK,
1034     [WIN_FLUSH_CACHE]                   = ALL_OK,
1035     [WIN_FLUSH_CACHE_EXT]               = HD_CFA_OK,
1036     [WIN_IDENTIFY]                      = ALL_OK,
1037     [WIN_SETFEATURES]                   = ALL_OK,
1038     [IBM_SENSE_CONDITION]               = CFA_OK,
1039     [CFA_WEAR_LEVEL]                    = HD_CFA_OK,
1040     [WIN_READ_NATIVE_MAX]               = ALL_OK,
1041 };
1042 
1043 static bool ide_cmd_permitted(IDEState *s, uint32_t cmd)
1044 {
1045     return cmd < ARRAY_SIZE(ide_cmd_table)
1046         && (ide_cmd_table[cmd] & (1u << s->drive_kind));
1047 }
1048 
1049 void ide_exec_cmd(IDEBus *bus, uint32_t val)
1050 {
1051     uint16_t *identify_data;
1052     IDEState *s;
1053     int n;
1054     int lba48 = 0;
1055 
1056 #if defined(DEBUG_IDE)
1057     printf("ide: CMD=%02x\n", val);
1058 #endif
1059     s = idebus_active_if(bus);
1060     /* ignore commands to non existent slave */
1061     if (s != bus->ifs && !s->bs)
1062         return;
1063 
1064     /* Only DEVICE RESET is allowed while BSY or/and DRQ are set */
1065     if ((s->status & (BUSY_STAT|DRQ_STAT)) && val != WIN_DEVICE_RESET)
1066         return;
1067 
1068     if (!ide_cmd_permitted(s, val)) {
1069         goto abort_cmd;
1070     }
1071 
1072     switch(val) {
1073     case WIN_DSM:
1074         switch (s->feature) {
1075         case DSM_TRIM:
1076             if (!s->bs) {
1077                 goto abort_cmd;
1078             }
1079             ide_sector_start_dma(s, IDE_DMA_TRIM);
1080             break;
1081         default:
1082             goto abort_cmd;
1083         }
1084         break;
1085     case WIN_IDENTIFY:
1086         if (s->bs && s->drive_kind != IDE_CD) {
1087             if (s->drive_kind != IDE_CFATA)
1088                 ide_identify(s);
1089             else
1090                 ide_cfata_identify(s);
1091             s->status = READY_STAT | SEEK_STAT;
1092             ide_transfer_start(s, s->io_buffer, 512, ide_transfer_stop);
1093         } else {
1094             if (s->drive_kind == IDE_CD) {
1095                 ide_set_signature(s);
1096             }
1097             ide_abort_command(s);
1098         }
1099         ide_set_irq(s->bus);
1100         break;
1101     case WIN_SPECIFY:
1102     case WIN_RECAL:
1103         s->error = 0;
1104         s->status = READY_STAT | SEEK_STAT;
1105         ide_set_irq(s->bus);
1106         break;
1107     case WIN_SETMULT:
1108         if (s->drive_kind == IDE_CFATA && s->nsector == 0) {
1109             /* Disable Read and Write Multiple */
1110             s->mult_sectors = 0;
1111             s->status = READY_STAT | SEEK_STAT;
1112         } else if ((s->nsector & 0xff) != 0 &&
1113             ((s->nsector & 0xff) > MAX_MULT_SECTORS ||
1114              (s->nsector & (s->nsector - 1)) != 0)) {
1115             ide_abort_command(s);
1116         } else {
1117             s->mult_sectors = s->nsector & 0xff;
1118             s->status = READY_STAT | SEEK_STAT;
1119         }
1120         ide_set_irq(s->bus);
1121         break;
1122     case WIN_VERIFY_EXT:
1123 	lba48 = 1;
1124     case WIN_VERIFY:
1125     case WIN_VERIFY_ONCE:
1126         /* do sector number check ? */
1127 	ide_cmd_lba48_transform(s, lba48);
1128         s->status = READY_STAT | SEEK_STAT;
1129         ide_set_irq(s->bus);
1130         break;
1131     case WIN_READ_EXT:
1132 	lba48 = 1;
1133     case WIN_READ:
1134     case WIN_READ_ONCE:
1135         if (s->drive_kind == IDE_CD) {
1136             ide_set_signature(s); /* odd, but ATA4 8.27.5.2 requires it */
1137             goto abort_cmd;
1138         }
1139         if (!s->bs) {
1140             goto abort_cmd;
1141         }
1142 	ide_cmd_lba48_transform(s, lba48);
1143         s->req_nb_sectors = 1;
1144         ide_sector_read(s);
1145         break;
1146     case WIN_WRITE_EXT:
1147 	lba48 = 1;
1148     case WIN_WRITE:
1149     case WIN_WRITE_ONCE:
1150     case CFA_WRITE_SECT_WO_ERASE:
1151     case WIN_WRITE_VERIFY:
1152         if (!s->bs) {
1153             goto abort_cmd;
1154         }
1155 	ide_cmd_lba48_transform(s, lba48);
1156         s->error = 0;
1157         s->status = SEEK_STAT | READY_STAT;
1158         s->req_nb_sectors = 1;
1159         ide_transfer_start(s, s->io_buffer, 512, ide_sector_write);
1160         s->media_changed = 1;
1161         break;
1162     case WIN_MULTREAD_EXT:
1163 	lba48 = 1;
1164     case WIN_MULTREAD:
1165         if (!s->bs) {
1166             goto abort_cmd;
1167         }
1168         if (!s->mult_sectors) {
1169             goto abort_cmd;
1170         }
1171 	ide_cmd_lba48_transform(s, lba48);
1172         s->req_nb_sectors = s->mult_sectors;
1173         ide_sector_read(s);
1174         break;
1175     case WIN_MULTWRITE_EXT:
1176 	lba48 = 1;
1177     case WIN_MULTWRITE:
1178     case CFA_WRITE_MULTI_WO_ERASE:
1179         if (!s->bs) {
1180             goto abort_cmd;
1181         }
1182         if (!s->mult_sectors) {
1183             goto abort_cmd;
1184         }
1185 	ide_cmd_lba48_transform(s, lba48);
1186         s->error = 0;
1187         s->status = SEEK_STAT | READY_STAT;
1188         s->req_nb_sectors = s->mult_sectors;
1189         n = s->nsector;
1190         if (n > s->req_nb_sectors)
1191             n = s->req_nb_sectors;
1192         ide_transfer_start(s, s->io_buffer, 512 * n, ide_sector_write);
1193         s->media_changed = 1;
1194         break;
1195     case WIN_READDMA_EXT:
1196 	lba48 = 1;
1197     case WIN_READDMA:
1198     case WIN_READDMA_ONCE:
1199         if (!s->bs) {
1200             goto abort_cmd;
1201         }
1202 	ide_cmd_lba48_transform(s, lba48);
1203         ide_sector_start_dma(s, IDE_DMA_READ);
1204         break;
1205     case WIN_WRITEDMA_EXT:
1206 	lba48 = 1;
1207     case WIN_WRITEDMA:
1208     case WIN_WRITEDMA_ONCE:
1209         if (!s->bs) {
1210             goto abort_cmd;
1211         }
1212 	ide_cmd_lba48_transform(s, lba48);
1213         ide_sector_start_dma(s, IDE_DMA_WRITE);
1214         s->media_changed = 1;
1215         break;
1216     case WIN_READ_NATIVE_MAX_EXT:
1217 	lba48 = 1;
1218     case WIN_READ_NATIVE_MAX:
1219 	ide_cmd_lba48_transform(s, lba48);
1220         ide_set_sector(s, s->nb_sectors - 1);
1221         s->status = READY_STAT | SEEK_STAT;
1222         ide_set_irq(s->bus);
1223         break;
1224     case WIN_CHECKPOWERMODE1:
1225     case WIN_CHECKPOWERMODE2:
1226         s->error = 0;
1227         s->nsector = 0xff; /* device active or idle */
1228         s->status = READY_STAT | SEEK_STAT;
1229         ide_set_irq(s->bus);
1230         break;
1231     case WIN_SETFEATURES:
1232         if (!s->bs)
1233             goto abort_cmd;
1234         /* XXX: valid for CDROM ? */
1235         switch(s->feature) {
1236         case 0x02: /* write cache enable */
1237             bdrv_set_enable_write_cache(s->bs, true);
1238             identify_data = (uint16_t *)s->identify_data;
1239             put_le16(identify_data + 85, (1 << 14) | (1 << 5) | 1);
1240             s->status = READY_STAT | SEEK_STAT;
1241             ide_set_irq(s->bus);
1242             break;
1243         case 0x82: /* write cache disable */
1244             bdrv_set_enable_write_cache(s->bs, false);
1245             identify_data = (uint16_t *)s->identify_data;
1246             put_le16(identify_data + 85, (1 << 14) | 1);
1247             ide_flush_cache(s);
1248             break;
1249         case 0xcc: /* reverting to power-on defaults enable */
1250         case 0x66: /* reverting to power-on defaults disable */
1251         case 0xaa: /* read look-ahead enable */
1252         case 0x55: /* read look-ahead disable */
1253         case 0x05: /* set advanced power management mode */
1254         case 0x85: /* disable advanced power management mode */
1255         case 0x69: /* NOP */
1256         case 0x67: /* NOP */
1257         case 0x96: /* NOP */
1258         case 0x9a: /* NOP */
1259         case 0x42: /* enable Automatic Acoustic Mode */
1260         case 0xc2: /* disable Automatic Acoustic Mode */
1261             s->status = READY_STAT | SEEK_STAT;
1262             ide_set_irq(s->bus);
1263             break;
1264         case 0x03: { /* set transfer mode */
1265 		uint8_t val = s->nsector & 0x07;
1266 		identify_data = (uint16_t *)s->identify_data;
1267 
1268 		switch (s->nsector >> 3) {
1269 		case 0x00: /* pio default */
1270 		case 0x01: /* pio mode */
1271 			put_le16(identify_data + 62,0x07);
1272 			put_le16(identify_data + 63,0x07);
1273 			put_le16(identify_data + 88,0x3f);
1274 			break;
1275                 case 0x02: /* sigle word dma mode*/
1276 			put_le16(identify_data + 62,0x07 | (1 << (val + 8)));
1277 			put_le16(identify_data + 63,0x07);
1278 			put_le16(identify_data + 88,0x3f);
1279 			break;
1280 		case 0x04: /* mdma mode */
1281 			put_le16(identify_data + 62,0x07);
1282 			put_le16(identify_data + 63,0x07 | (1 << (val + 8)));
1283 			put_le16(identify_data + 88,0x3f);
1284 			break;
1285 		case 0x08: /* udma mode */
1286 			put_le16(identify_data + 62,0x07);
1287 			put_le16(identify_data + 63,0x07);
1288 			put_le16(identify_data + 88,0x3f | (1 << (val + 8)));
1289 			break;
1290 		default:
1291 			goto abort_cmd;
1292 		}
1293             s->status = READY_STAT | SEEK_STAT;
1294             ide_set_irq(s->bus);
1295             break;
1296 	}
1297         default:
1298             goto abort_cmd;
1299         }
1300         break;
1301     case WIN_FLUSH_CACHE:
1302     case WIN_FLUSH_CACHE_EXT:
1303         ide_flush_cache(s);
1304         break;
1305     case WIN_STANDBY:
1306     case WIN_STANDBY2:
1307     case WIN_STANDBYNOW1:
1308     case WIN_STANDBYNOW2:
1309     case WIN_IDLEIMMEDIATE:
1310     case WIN_IDLEIMMEDIATE2:
1311     case WIN_SETIDLE1:
1312     case WIN_SETIDLE2:
1313     case WIN_SLEEPNOW1:
1314     case WIN_SLEEPNOW2:
1315         s->status = READY_STAT;
1316         ide_set_irq(s->bus);
1317         break;
1318     case WIN_SEEK:
1319         /* XXX: Check that seek is within bounds */
1320         s->status = READY_STAT | SEEK_STAT;
1321         ide_set_irq(s->bus);
1322         break;
1323         /* ATAPI commands */
1324     case WIN_PIDENTIFY:
1325         ide_atapi_identify(s);
1326         s->status = READY_STAT | SEEK_STAT;
1327         ide_transfer_start(s, s->io_buffer, 512, ide_transfer_stop);
1328         ide_set_irq(s->bus);
1329         break;
1330     case WIN_DIAGNOSE:
1331         ide_set_signature(s);
1332         if (s->drive_kind == IDE_CD)
1333             s->status = 0; /* ATAPI spec (v6) section 9.10 defines packet
1334                             * devices to return a clear status register
1335                             * with READY_STAT *not* set. */
1336         else
1337             s->status = READY_STAT | SEEK_STAT;
1338         s->error = 0x01; /* Device 0 passed, Device 1 passed or not
1339                           * present.
1340                           */
1341         ide_set_irq(s->bus);
1342         break;
1343     case WIN_DEVICE_RESET:
1344         ide_set_signature(s);
1345         s->status = 0x00; /* NOTE: READY is _not_ set */
1346         s->error = 0x01;
1347         break;
1348     case WIN_PACKETCMD:
1349         /* overlapping commands not supported */
1350         if (s->feature & 0x02)
1351             goto abort_cmd;
1352         s->status = READY_STAT | SEEK_STAT;
1353         s->atapi_dma = s->feature & 1;
1354         s->nsector = 1;
1355         ide_transfer_start(s, s->io_buffer, ATAPI_PACKET_SIZE,
1356                            ide_atapi_cmd);
1357         break;
1358     /* CF-ATA commands */
1359     case CFA_REQ_EXT_ERROR_CODE:
1360         s->error = 0x09;    /* miscellaneous error */
1361         s->status = READY_STAT | SEEK_STAT;
1362         ide_set_irq(s->bus);
1363         break;
1364     case CFA_ERASE_SECTORS:
1365     case CFA_WEAR_LEVEL:
1366 #if 0
1367     /* This one has the same ID as CFA_WEAR_LEVEL and is required for
1368        Windows 8 to work with AHCI */
1369     case WIN_SECURITY_FREEZE_LOCK:
1370 #endif
1371         if (val == CFA_WEAR_LEVEL)
1372             s->nsector = 0;
1373         if (val == CFA_ERASE_SECTORS)
1374             s->media_changed = 1;
1375         s->error = 0x00;
1376         s->status = READY_STAT | SEEK_STAT;
1377         ide_set_irq(s->bus);
1378         break;
1379     case CFA_TRANSLATE_SECTOR:
1380         s->error = 0x00;
1381         s->status = READY_STAT | SEEK_STAT;
1382         memset(s->io_buffer, 0, 0x200);
1383         s->io_buffer[0x00] = s->hcyl;			/* Cyl MSB */
1384         s->io_buffer[0x01] = s->lcyl;			/* Cyl LSB */
1385         s->io_buffer[0x02] = s->select;			/* Head */
1386         s->io_buffer[0x03] = s->sector;			/* Sector */
1387         s->io_buffer[0x04] = ide_get_sector(s) >> 16;	/* LBA MSB */
1388         s->io_buffer[0x05] = ide_get_sector(s) >> 8;	/* LBA */
1389         s->io_buffer[0x06] = ide_get_sector(s) >> 0;	/* LBA LSB */
1390         s->io_buffer[0x13] = 0x00;				/* Erase flag */
1391         s->io_buffer[0x18] = 0x00;				/* Hot count */
1392         s->io_buffer[0x19] = 0x00;				/* Hot count */
1393         s->io_buffer[0x1a] = 0x01;				/* Hot count */
1394         ide_transfer_start(s, s->io_buffer, 0x200, ide_transfer_stop);
1395         ide_set_irq(s->bus);
1396         break;
1397     case CFA_ACCESS_METADATA_STORAGE:
1398         switch (s->feature) {
1399         case 0x02:	/* Inquiry Metadata Storage */
1400             ide_cfata_metadata_inquiry(s);
1401             break;
1402         case 0x03:	/* Read Metadata Storage */
1403             ide_cfata_metadata_read(s);
1404             break;
1405         case 0x04:	/* Write Metadata Storage */
1406             ide_cfata_metadata_write(s);
1407             break;
1408         default:
1409             goto abort_cmd;
1410         }
1411         ide_transfer_start(s, s->io_buffer, 0x200, ide_transfer_stop);
1412         s->status = 0x00; /* NOTE: READY is _not_ set */
1413         ide_set_irq(s->bus);
1414         break;
1415     case IBM_SENSE_CONDITION:
1416         switch (s->feature) {
1417         case 0x01:  /* sense temperature in device */
1418             s->nsector = 0x50;      /* +20 C */
1419             break;
1420         default:
1421             goto abort_cmd;
1422         }
1423         s->status = READY_STAT | SEEK_STAT;
1424         ide_set_irq(s->bus);
1425         break;
1426 
1427     case WIN_SMART:
1428 	if (s->hcyl != 0xc2 || s->lcyl != 0x4f)
1429 		goto abort_cmd;
1430 	if (!s->smart_enabled && s->feature != SMART_ENABLE)
1431 		goto abort_cmd;
1432 	switch (s->feature) {
1433 	case SMART_DISABLE:
1434 		s->smart_enabled = 0;
1435 		s->status = READY_STAT | SEEK_STAT;
1436 		ide_set_irq(s->bus);
1437 		break;
1438 	case SMART_ENABLE:
1439 		s->smart_enabled = 1;
1440 		s->status = READY_STAT | SEEK_STAT;
1441 		ide_set_irq(s->bus);
1442 		break;
1443 	case SMART_ATTR_AUTOSAVE:
1444 		switch (s->sector) {
1445 		case 0x00:
1446 		s->smart_autosave = 0;
1447 		break;
1448 		case 0xf1:
1449 		s->smart_autosave = 1;
1450 		break;
1451 		default:
1452 		goto abort_cmd;
1453 		}
1454 		s->status = READY_STAT | SEEK_STAT;
1455 		ide_set_irq(s->bus);
1456 		break;
1457 	case SMART_STATUS:
1458 		if (!s->smart_errors) {
1459 		s->hcyl = 0xc2;
1460 		s->lcyl = 0x4f;
1461 		} else {
1462 		s->hcyl = 0x2c;
1463 		s->lcyl = 0xf4;
1464 		}
1465 		s->status = READY_STAT | SEEK_STAT;
1466 		ide_set_irq(s->bus);
1467 		break;
1468 	case SMART_READ_THRESH:
1469 		memset(s->io_buffer, 0, 0x200);
1470 		s->io_buffer[0] = 0x01; /* smart struct version */
1471 		for (n=0; n<30; n++) {
1472 		if (smart_attributes[n][0] == 0)
1473 			break;
1474 		s->io_buffer[2+0+(n*12)] = smart_attributes[n][0];
1475 		s->io_buffer[2+1+(n*12)] = smart_attributes[n][11];
1476 		}
1477 		for (n=0; n<511; n++) /* checksum */
1478 		s->io_buffer[511] += s->io_buffer[n];
1479 		s->io_buffer[511] = 0x100 - s->io_buffer[511];
1480 		s->status = READY_STAT | SEEK_STAT;
1481 		ide_transfer_start(s, s->io_buffer, 0x200, ide_transfer_stop);
1482 		ide_set_irq(s->bus);
1483 		break;
1484 	case SMART_READ_DATA:
1485 		memset(s->io_buffer, 0, 0x200);
1486 		s->io_buffer[0] = 0x01; /* smart struct version */
1487 		for (n=0; n<30; n++) {
1488 		    if (smart_attributes[n][0] == 0) {
1489 			break;
1490 		    }
1491 		    int i;
1492 		    for(i = 0; i < 11; i++) {
1493 			s->io_buffer[2+i+(n*12)] = smart_attributes[n][i];
1494 		    }
1495 		}
1496 		s->io_buffer[362] = 0x02 | (s->smart_autosave?0x80:0x00);
1497 		if (s->smart_selftest_count == 0) {
1498 		s->io_buffer[363] = 0;
1499 		} else {
1500 		s->io_buffer[363] =
1501 			s->smart_selftest_data[3 +
1502 					   (s->smart_selftest_count - 1) *
1503 					   24];
1504 		}
1505 		s->io_buffer[364] = 0x20;
1506 		s->io_buffer[365] = 0x01;
1507 		/* offline data collection capacity: execute + self-test*/
1508 		s->io_buffer[367] = (1<<4 | 1<<3 | 1);
1509 		s->io_buffer[368] = 0x03; /* smart capability (1) */
1510 		s->io_buffer[369] = 0x00; /* smart capability (2) */
1511 		s->io_buffer[370] = 0x01; /* error logging supported */
1512 		s->io_buffer[372] = 0x02; /* minutes for poll short test */
1513 		s->io_buffer[373] = 0x36; /* minutes for poll ext test */
1514 		s->io_buffer[374] = 0x01; /* minutes for poll conveyance */
1515 
1516 		for (n=0; n<511; n++)
1517 		s->io_buffer[511] += s->io_buffer[n];
1518 		s->io_buffer[511] = 0x100 - s->io_buffer[511];
1519 		s->status = READY_STAT | SEEK_STAT;
1520 		ide_transfer_start(s, s->io_buffer, 0x200, ide_transfer_stop);
1521 		ide_set_irq(s->bus);
1522 		break;
1523 	case SMART_READ_LOG:
1524 		switch (s->sector) {
1525 		case 0x01: /* summary smart error log */
1526 		memset(s->io_buffer, 0, 0x200);
1527 		s->io_buffer[0] = 0x01;
1528 		s->io_buffer[1] = 0x00; /* no error entries */
1529 		s->io_buffer[452] = s->smart_errors & 0xff;
1530 		s->io_buffer[453] = (s->smart_errors & 0xff00) >> 8;
1531 
1532 		for (n=0; n<511; n++)
1533 			s->io_buffer[511] += s->io_buffer[n];
1534 		s->io_buffer[511] = 0x100 - s->io_buffer[511];
1535 		break;
1536 		case 0x06: /* smart self test log */
1537 		memset(s->io_buffer, 0, 0x200);
1538 		s->io_buffer[0] = 0x01;
1539 		if (s->smart_selftest_count == 0) {
1540 			s->io_buffer[508] = 0;
1541 		} else {
1542 			s->io_buffer[508] = s->smart_selftest_count;
1543 			for (n=2; n<506; n++)
1544 			s->io_buffer[n] = s->smart_selftest_data[n];
1545 		}
1546 		for (n=0; n<511; n++)
1547 			s->io_buffer[511] += s->io_buffer[n];
1548 		s->io_buffer[511] = 0x100 - s->io_buffer[511];
1549 		break;
1550 		default:
1551 		goto abort_cmd;
1552 		}
1553 		s->status = READY_STAT | SEEK_STAT;
1554 		ide_transfer_start(s, s->io_buffer, 0x200, ide_transfer_stop);
1555 		ide_set_irq(s->bus);
1556 		break;
1557 	case SMART_EXECUTE_OFFLINE:
1558 		switch (s->sector) {
1559 		case 0: /* off-line routine */
1560 		case 1: /* short self test */
1561 		case 2: /* extended self test */
1562 		s->smart_selftest_count++;
1563 		if(s->smart_selftest_count > 21)
1564 			s->smart_selftest_count = 0;
1565 		n = 2 + (s->smart_selftest_count - 1) * 24;
1566 		s->smart_selftest_data[n] = s->sector;
1567 		s->smart_selftest_data[n+1] = 0x00; /* OK and finished */
1568 		s->smart_selftest_data[n+2] = 0x34; /* hour count lsb */
1569 		s->smart_selftest_data[n+3] = 0x12; /* hour count msb */
1570 		s->status = READY_STAT | SEEK_STAT;
1571 		ide_set_irq(s->bus);
1572 		break;
1573 		default:
1574 		goto abort_cmd;
1575 		}
1576 		break;
1577 	default:
1578 		goto abort_cmd;
1579 	}
1580 	break;
1581     default:
1582         /* should not be reachable */
1583     abort_cmd:
1584         ide_abort_command(s);
1585         ide_set_irq(s->bus);
1586         break;
1587     }
1588 }
1589 
1590 uint32_t ide_ioport_read(void *opaque, uint32_t addr1)
1591 {
1592     IDEBus *bus = opaque;
1593     IDEState *s = idebus_active_if(bus);
1594     uint32_t addr;
1595     int ret, hob;
1596 
1597     addr = addr1 & 7;
1598     /* FIXME: HOB readback uses bit 7, but it's always set right now */
1599     //hob = s->select & (1 << 7);
1600     hob = 0;
1601     switch(addr) {
1602     case 0:
1603         ret = 0xff;
1604         break;
1605     case 1:
1606         if ((!bus->ifs[0].bs && !bus->ifs[1].bs) ||
1607             (s != bus->ifs && !s->bs))
1608             ret = 0;
1609         else if (!hob)
1610             ret = s->error;
1611 	else
1612 	    ret = s->hob_feature;
1613         break;
1614     case 2:
1615         if (!bus->ifs[0].bs && !bus->ifs[1].bs)
1616             ret = 0;
1617         else if (!hob)
1618             ret = s->nsector & 0xff;
1619 	else
1620 	    ret = s->hob_nsector;
1621         break;
1622     case 3:
1623         if (!bus->ifs[0].bs && !bus->ifs[1].bs)
1624             ret = 0;
1625         else if (!hob)
1626             ret = s->sector;
1627 	else
1628 	    ret = s->hob_sector;
1629         break;
1630     case 4:
1631         if (!bus->ifs[0].bs && !bus->ifs[1].bs)
1632             ret = 0;
1633         else if (!hob)
1634             ret = s->lcyl;
1635 	else
1636 	    ret = s->hob_lcyl;
1637         break;
1638     case 5:
1639         if (!bus->ifs[0].bs && !bus->ifs[1].bs)
1640             ret = 0;
1641         else if (!hob)
1642             ret = s->hcyl;
1643 	else
1644 	    ret = s->hob_hcyl;
1645         break;
1646     case 6:
1647         if (!bus->ifs[0].bs && !bus->ifs[1].bs)
1648             ret = 0;
1649         else
1650             ret = s->select;
1651         break;
1652     default:
1653     case 7:
1654         if ((!bus->ifs[0].bs && !bus->ifs[1].bs) ||
1655             (s != bus->ifs && !s->bs))
1656             ret = 0;
1657         else
1658             ret = s->status;
1659         qemu_irq_lower(bus->irq);
1660         break;
1661     }
1662 #ifdef DEBUG_IDE
1663     printf("ide: read addr=0x%x val=%02x\n", addr1, ret);
1664 #endif
1665     return ret;
1666 }
1667 
1668 uint32_t ide_status_read(void *opaque, uint32_t addr)
1669 {
1670     IDEBus *bus = opaque;
1671     IDEState *s = idebus_active_if(bus);
1672     int ret;
1673 
1674     if ((!bus->ifs[0].bs && !bus->ifs[1].bs) ||
1675         (s != bus->ifs && !s->bs))
1676         ret = 0;
1677     else
1678         ret = s->status;
1679 #ifdef DEBUG_IDE
1680     printf("ide: read status addr=0x%x val=%02x\n", addr, ret);
1681 #endif
1682     return ret;
1683 }
1684 
1685 void ide_cmd_write(void *opaque, uint32_t addr, uint32_t val)
1686 {
1687     IDEBus *bus = opaque;
1688     IDEState *s;
1689     int i;
1690 
1691 #ifdef DEBUG_IDE
1692     printf("ide: write control addr=0x%x val=%02x\n", addr, val);
1693 #endif
1694     /* common for both drives */
1695     if (!(bus->cmd & IDE_CMD_RESET) &&
1696         (val & IDE_CMD_RESET)) {
1697         /* reset low to high */
1698         for(i = 0;i < 2; i++) {
1699             s = &bus->ifs[i];
1700             s->status = BUSY_STAT | SEEK_STAT;
1701             s->error = 0x01;
1702         }
1703     } else if ((bus->cmd & IDE_CMD_RESET) &&
1704                !(val & IDE_CMD_RESET)) {
1705         /* high to low */
1706         for(i = 0;i < 2; i++) {
1707             s = &bus->ifs[i];
1708             if (s->drive_kind == IDE_CD)
1709                 s->status = 0x00; /* NOTE: READY is _not_ set */
1710             else
1711                 s->status = READY_STAT | SEEK_STAT;
1712             ide_set_signature(s);
1713         }
1714     }
1715 
1716     bus->cmd = val;
1717 }
1718 
1719 /*
1720  * Returns true if the running PIO transfer is a PIO out (i.e. data is
1721  * transferred from the device to the guest), false if it's a PIO in
1722  */
1723 static bool ide_is_pio_out(IDEState *s)
1724 {
1725     if (s->end_transfer_func == ide_sector_write ||
1726         s->end_transfer_func == ide_atapi_cmd) {
1727         return false;
1728     } else if (s->end_transfer_func == ide_sector_read ||
1729                s->end_transfer_func == ide_transfer_stop ||
1730                s->end_transfer_func == ide_atapi_cmd_reply_end ||
1731                s->end_transfer_func == ide_dummy_transfer_stop) {
1732         return true;
1733     }
1734 
1735     abort();
1736 }
1737 
1738 void ide_data_writew(void *opaque, uint32_t addr, uint32_t val)
1739 {
1740     IDEBus *bus = opaque;
1741     IDEState *s = idebus_active_if(bus);
1742     uint8_t *p;
1743 
1744     /* PIO data access allowed only when DRQ bit is set. The result of a write
1745      * during PIO out is indeterminate, just ignore it. */
1746     if (!(s->status & DRQ_STAT) || ide_is_pio_out(s)) {
1747         return;
1748     }
1749 
1750     p = s->data_ptr;
1751     *(uint16_t *)p = le16_to_cpu(val);
1752     p += 2;
1753     s->data_ptr = p;
1754     if (p >= s->data_end)
1755         s->end_transfer_func(s);
1756 }
1757 
1758 uint32_t ide_data_readw(void *opaque, uint32_t addr)
1759 {
1760     IDEBus *bus = opaque;
1761     IDEState *s = idebus_active_if(bus);
1762     uint8_t *p;
1763     int ret;
1764 
1765     /* PIO data access allowed only when DRQ bit is set. The result of a read
1766      * during PIO in is indeterminate, return 0 and don't move forward. */
1767     if (!(s->status & DRQ_STAT) || !ide_is_pio_out(s)) {
1768         return 0;
1769     }
1770 
1771     p = s->data_ptr;
1772     ret = cpu_to_le16(*(uint16_t *)p);
1773     p += 2;
1774     s->data_ptr = p;
1775     if (p >= s->data_end)
1776         s->end_transfer_func(s);
1777     return ret;
1778 }
1779 
1780 void ide_data_writel(void *opaque, uint32_t addr, uint32_t val)
1781 {
1782     IDEBus *bus = opaque;
1783     IDEState *s = idebus_active_if(bus);
1784     uint8_t *p;
1785 
1786     /* PIO data access allowed only when DRQ bit is set. The result of a write
1787      * during PIO out is indeterminate, just ignore it. */
1788     if (!(s->status & DRQ_STAT) || ide_is_pio_out(s)) {
1789         return;
1790     }
1791 
1792     p = s->data_ptr;
1793     *(uint32_t *)p = le32_to_cpu(val);
1794     p += 4;
1795     s->data_ptr = p;
1796     if (p >= s->data_end)
1797         s->end_transfer_func(s);
1798 }
1799 
1800 uint32_t ide_data_readl(void *opaque, uint32_t addr)
1801 {
1802     IDEBus *bus = opaque;
1803     IDEState *s = idebus_active_if(bus);
1804     uint8_t *p;
1805     int ret;
1806 
1807     /* PIO data access allowed only when DRQ bit is set. The result of a read
1808      * during PIO in is indeterminate, return 0 and don't move forward. */
1809     if (!(s->status & DRQ_STAT) || !ide_is_pio_out(s)) {
1810         return 0;
1811     }
1812 
1813     p = s->data_ptr;
1814     ret = cpu_to_le32(*(uint32_t *)p);
1815     p += 4;
1816     s->data_ptr = p;
1817     if (p >= s->data_end)
1818         s->end_transfer_func(s);
1819     return ret;
1820 }
1821 
1822 static void ide_dummy_transfer_stop(IDEState *s)
1823 {
1824     s->data_ptr = s->io_buffer;
1825     s->data_end = s->io_buffer;
1826     s->io_buffer[0] = 0xff;
1827     s->io_buffer[1] = 0xff;
1828     s->io_buffer[2] = 0xff;
1829     s->io_buffer[3] = 0xff;
1830 }
1831 
1832 static void ide_reset(IDEState *s)
1833 {
1834 #ifdef DEBUG_IDE
1835     printf("ide: reset\n");
1836 #endif
1837 
1838     if (s->pio_aiocb) {
1839         bdrv_aio_cancel(s->pio_aiocb);
1840         s->pio_aiocb = NULL;
1841     }
1842 
1843     if (s->drive_kind == IDE_CFATA)
1844         s->mult_sectors = 0;
1845     else
1846         s->mult_sectors = MAX_MULT_SECTORS;
1847     /* ide regs */
1848     s->feature = 0;
1849     s->error = 0;
1850     s->nsector = 0;
1851     s->sector = 0;
1852     s->lcyl = 0;
1853     s->hcyl = 0;
1854 
1855     /* lba48 */
1856     s->hob_feature = 0;
1857     s->hob_sector = 0;
1858     s->hob_nsector = 0;
1859     s->hob_lcyl = 0;
1860     s->hob_hcyl = 0;
1861 
1862     s->select = 0xa0;
1863     s->status = READY_STAT | SEEK_STAT;
1864 
1865     s->lba48 = 0;
1866 
1867     /* ATAPI specific */
1868     s->sense_key = 0;
1869     s->asc = 0;
1870     s->cdrom_changed = 0;
1871     s->packet_transfer_size = 0;
1872     s->elementary_transfer_size = 0;
1873     s->io_buffer_index = 0;
1874     s->cd_sector_size = 0;
1875     s->atapi_dma = 0;
1876     /* ATA DMA state */
1877     s->io_buffer_size = 0;
1878     s->req_nb_sectors = 0;
1879 
1880     ide_set_signature(s);
1881     /* init the transfer handler so that 0xffff is returned on data
1882        accesses */
1883     s->end_transfer_func = ide_dummy_transfer_stop;
1884     ide_dummy_transfer_stop(s);
1885     s->media_changed = 0;
1886 }
1887 
1888 void ide_bus_reset(IDEBus *bus)
1889 {
1890     bus->unit = 0;
1891     bus->cmd = 0;
1892     ide_reset(&bus->ifs[0]);
1893     ide_reset(&bus->ifs[1]);
1894     ide_clear_hob(bus);
1895 
1896     /* pending async DMA */
1897     if (bus->dma->aiocb) {
1898 #ifdef DEBUG_AIO
1899         printf("aio_cancel\n");
1900 #endif
1901         bdrv_aio_cancel(bus->dma->aiocb);
1902         bus->dma->aiocb = NULL;
1903     }
1904 
1905     /* reset dma provider too */
1906     bus->dma->ops->reset(bus->dma);
1907 }
1908 
1909 static bool ide_cd_is_tray_open(void *opaque)
1910 {
1911     return ((IDEState *)opaque)->tray_open;
1912 }
1913 
1914 static bool ide_cd_is_medium_locked(void *opaque)
1915 {
1916     return ((IDEState *)opaque)->tray_locked;
1917 }
1918 
1919 static const BlockDevOps ide_cd_block_ops = {
1920     .change_media_cb = ide_cd_change_cb,
1921     .eject_request_cb = ide_cd_eject_request_cb,
1922     .is_tray_open = ide_cd_is_tray_open,
1923     .is_medium_locked = ide_cd_is_medium_locked,
1924 };
1925 
1926 int ide_init_drive(IDEState *s, BlockDriverState *bs, IDEDriveKind kind,
1927                    const char *version, const char *serial, const char *model,
1928                    uint64_t wwn,
1929                    uint32_t cylinders, uint32_t heads, uint32_t secs,
1930                    int chs_trans)
1931 {
1932     uint64_t nb_sectors;
1933 
1934     s->bs = bs;
1935     s->drive_kind = kind;
1936 
1937     bdrv_get_geometry(bs, &nb_sectors);
1938     s->cylinders = cylinders;
1939     s->heads = heads;
1940     s->sectors = secs;
1941     s->chs_trans = chs_trans;
1942     s->nb_sectors = nb_sectors;
1943     s->wwn = wwn;
1944     /* The SMART values should be preserved across power cycles
1945        but they aren't.  */
1946     s->smart_enabled = 1;
1947     s->smart_autosave = 1;
1948     s->smart_errors = 0;
1949     s->smart_selftest_count = 0;
1950     if (kind == IDE_CD) {
1951         bdrv_set_dev_ops(bs, &ide_cd_block_ops, s);
1952         bdrv_set_buffer_alignment(bs, 2048);
1953     } else {
1954         if (!bdrv_is_inserted(s->bs)) {
1955             error_report("Device needs media, but drive is empty");
1956             return -1;
1957         }
1958         if (bdrv_is_read_only(bs)) {
1959             error_report("Can't use a read-only drive");
1960             return -1;
1961         }
1962     }
1963     if (serial) {
1964         pstrcpy(s->drive_serial_str, sizeof(s->drive_serial_str), serial);
1965     } else {
1966         snprintf(s->drive_serial_str, sizeof(s->drive_serial_str),
1967                  "QM%05d", s->drive_serial);
1968     }
1969     if (model) {
1970         pstrcpy(s->drive_model_str, sizeof(s->drive_model_str), model);
1971     } else {
1972         switch (kind) {
1973         case IDE_CD:
1974             strcpy(s->drive_model_str, "QEMU DVD-ROM");
1975             break;
1976         case IDE_CFATA:
1977             strcpy(s->drive_model_str, "QEMU MICRODRIVE");
1978             break;
1979         default:
1980             strcpy(s->drive_model_str, "QEMU HARDDISK");
1981             break;
1982         }
1983     }
1984 
1985     if (version) {
1986         pstrcpy(s->version, sizeof(s->version), version);
1987     } else {
1988         pstrcpy(s->version, sizeof(s->version), qemu_get_version());
1989     }
1990 
1991     ide_reset(s);
1992     bdrv_iostatus_enable(bs);
1993     return 0;
1994 }
1995 
1996 static void ide_init1(IDEBus *bus, int unit)
1997 {
1998     static int drive_serial = 1;
1999     IDEState *s = &bus->ifs[unit];
2000 
2001     s->bus = bus;
2002     s->unit = unit;
2003     s->drive_serial = drive_serial++;
2004     /* we need at least 2k alignment for accessing CDROMs using O_DIRECT */
2005     s->io_buffer_total_len = IDE_DMA_BUF_SECTORS*512 + 4;
2006     s->io_buffer = qemu_memalign(2048, s->io_buffer_total_len);
2007     memset(s->io_buffer, 0, s->io_buffer_total_len);
2008 
2009     s->smart_selftest_data = qemu_blockalign(s->bs, 512);
2010     memset(s->smart_selftest_data, 0, 512);
2011 
2012     s->sector_write_timer = qemu_new_timer_ns(vm_clock,
2013                                            ide_sector_write_timer_cb, s);
2014 }
2015 
2016 static void ide_nop_start(IDEDMA *dma, IDEState *s,
2017                           BlockDriverCompletionFunc *cb)
2018 {
2019 }
2020 
2021 static int ide_nop(IDEDMA *dma)
2022 {
2023     return 0;
2024 }
2025 
2026 static int ide_nop_int(IDEDMA *dma, int x)
2027 {
2028     return 0;
2029 }
2030 
2031 static void ide_nop_restart(void *opaque, int x, RunState y)
2032 {
2033 }
2034 
2035 static const IDEDMAOps ide_dma_nop_ops = {
2036     .start_dma      = ide_nop_start,
2037     .start_transfer = ide_nop,
2038     .prepare_buf    = ide_nop_int,
2039     .rw_buf         = ide_nop_int,
2040     .set_unit       = ide_nop_int,
2041     .add_status     = ide_nop_int,
2042     .set_inactive   = ide_nop,
2043     .restart_cb     = ide_nop_restart,
2044     .reset          = ide_nop,
2045 };
2046 
2047 static IDEDMA ide_dma_nop = {
2048     .ops = &ide_dma_nop_ops,
2049     .aiocb = NULL,
2050 };
2051 
2052 void ide_init2(IDEBus *bus, qemu_irq irq)
2053 {
2054     int i;
2055 
2056     for(i = 0; i < 2; i++) {
2057         ide_init1(bus, i);
2058         ide_reset(&bus->ifs[i]);
2059     }
2060     bus->irq = irq;
2061     bus->dma = &ide_dma_nop;
2062 }
2063 
2064 /* TODO convert users to qdev and remove */
2065 void ide_init2_with_non_qdev_drives(IDEBus *bus, DriveInfo *hd0,
2066                                     DriveInfo *hd1, qemu_irq irq)
2067 {
2068     int i, trans;
2069     DriveInfo *dinfo;
2070     uint32_t cyls, heads, secs;
2071 
2072     for(i = 0; i < 2; i++) {
2073         dinfo = i == 0 ? hd0 : hd1;
2074         ide_init1(bus, i);
2075         if (dinfo) {
2076             cyls  = dinfo->cyls;
2077             heads = dinfo->heads;
2078             secs  = dinfo->secs;
2079             trans = dinfo->trans;
2080             if (!cyls && !heads && !secs) {
2081                 hd_geometry_guess(dinfo->bdrv, &cyls, &heads, &secs, &trans);
2082             } else if (trans == BIOS_ATA_TRANSLATION_AUTO) {
2083                 trans = hd_bios_chs_auto_trans(cyls, heads, secs);
2084             }
2085             if (cyls < 1 || cyls > 65535) {
2086                 error_report("cyls must be between 1 and 65535");
2087                 exit(1);
2088             }
2089             if (heads < 1 || heads > 16) {
2090                 error_report("heads must be between 1 and 16");
2091                 exit(1);
2092             }
2093             if (secs < 1 || secs > 255) {
2094                 error_report("secs must be between 1 and 255");
2095                 exit(1);
2096             }
2097             if (ide_init_drive(&bus->ifs[i], dinfo->bdrv,
2098                                dinfo->media_cd ? IDE_CD : IDE_HD,
2099                                NULL, dinfo->serial, NULL, 0,
2100                                cyls, heads, secs, trans) < 0) {
2101                 error_report("Can't set up IDE drive %s", dinfo->id);
2102                 exit(1);
2103             }
2104             bdrv_attach_dev_nofail(dinfo->bdrv, &bus->ifs[i]);
2105         } else {
2106             ide_reset(&bus->ifs[i]);
2107         }
2108     }
2109     bus->irq = irq;
2110     bus->dma = &ide_dma_nop;
2111 }
2112 
2113 static const MemoryRegionPortio ide_portio_list[] = {
2114     { 0, 8, 1, .read = ide_ioport_read, .write = ide_ioport_write },
2115     { 0, 2, 2, .read = ide_data_readw, .write = ide_data_writew },
2116     { 0, 4, 4, .read = ide_data_readl, .write = ide_data_writel },
2117     PORTIO_END_OF_LIST(),
2118 };
2119 
2120 static const MemoryRegionPortio ide_portio2_list[] = {
2121     { 0, 1, 1, .read = ide_status_read, .write = ide_cmd_write },
2122     PORTIO_END_OF_LIST(),
2123 };
2124 
2125 void ide_init_ioport(IDEBus *bus, ISADevice *dev, int iobase, int iobase2)
2126 {
2127     /* ??? Assume only ISA and PCI configurations, and that the PCI-ISA
2128        bridge has been setup properly to always register with ISA.  */
2129     isa_register_portio_list(dev, iobase, ide_portio_list, bus, "ide");
2130 
2131     if (iobase2) {
2132         isa_register_portio_list(dev, iobase2, ide_portio2_list, bus, "ide");
2133     }
2134 }
2135 
2136 static bool is_identify_set(void *opaque, int version_id)
2137 {
2138     IDEState *s = opaque;
2139 
2140     return s->identify_set != 0;
2141 }
2142 
2143 static EndTransferFunc* transfer_end_table[] = {
2144         ide_sector_read,
2145         ide_sector_write,
2146         ide_transfer_stop,
2147         ide_atapi_cmd_reply_end,
2148         ide_atapi_cmd,
2149         ide_dummy_transfer_stop,
2150 };
2151 
2152 static int transfer_end_table_idx(EndTransferFunc *fn)
2153 {
2154     int i;
2155 
2156     for (i = 0; i < ARRAY_SIZE(transfer_end_table); i++)
2157         if (transfer_end_table[i] == fn)
2158             return i;
2159 
2160     return -1;
2161 }
2162 
2163 static int ide_drive_post_load(void *opaque, int version_id)
2164 {
2165     IDEState *s = opaque;
2166 
2167     if (version_id < 3) {
2168         if (s->sense_key == UNIT_ATTENTION &&
2169             s->asc == ASC_MEDIUM_MAY_HAVE_CHANGED) {
2170             s->cdrom_changed = 1;
2171         }
2172     }
2173     if (s->identify_set) {
2174         bdrv_set_enable_write_cache(s->bs, !!(s->identify_data[85] & (1 << 5)));
2175     }
2176     return 0;
2177 }
2178 
2179 static int ide_drive_pio_post_load(void *opaque, int version_id)
2180 {
2181     IDEState *s = opaque;
2182 
2183     if (s->end_transfer_fn_idx >= ARRAY_SIZE(transfer_end_table)) {
2184         return -EINVAL;
2185     }
2186     s->end_transfer_func = transfer_end_table[s->end_transfer_fn_idx];
2187     s->data_ptr = s->io_buffer + s->cur_io_buffer_offset;
2188     s->data_end = s->data_ptr + s->cur_io_buffer_len;
2189 
2190     return 0;
2191 }
2192 
2193 static void ide_drive_pio_pre_save(void *opaque)
2194 {
2195     IDEState *s = opaque;
2196     int idx;
2197 
2198     s->cur_io_buffer_offset = s->data_ptr - s->io_buffer;
2199     s->cur_io_buffer_len = s->data_end - s->data_ptr;
2200 
2201     idx = transfer_end_table_idx(s->end_transfer_func);
2202     if (idx == -1) {
2203         fprintf(stderr, "%s: invalid end_transfer_func for DRQ_STAT\n",
2204                         __func__);
2205         s->end_transfer_fn_idx = 2;
2206     } else {
2207         s->end_transfer_fn_idx = idx;
2208     }
2209 }
2210 
2211 static bool ide_drive_pio_state_needed(void *opaque)
2212 {
2213     IDEState *s = opaque;
2214 
2215     return ((s->status & DRQ_STAT) != 0)
2216         || (s->bus->error_status & BM_STATUS_PIO_RETRY);
2217 }
2218 
2219 static bool ide_tray_state_needed(void *opaque)
2220 {
2221     IDEState *s = opaque;
2222 
2223     return s->tray_open || s->tray_locked;
2224 }
2225 
2226 static bool ide_atapi_gesn_needed(void *opaque)
2227 {
2228     IDEState *s = opaque;
2229 
2230     return s->events.new_media || s->events.eject_request;
2231 }
2232 
2233 static bool ide_error_needed(void *opaque)
2234 {
2235     IDEBus *bus = opaque;
2236 
2237     return (bus->error_status != 0);
2238 }
2239 
2240 /* Fields for GET_EVENT_STATUS_NOTIFICATION ATAPI command */
2241 static const VMStateDescription vmstate_ide_atapi_gesn_state = {
2242     .name ="ide_drive/atapi/gesn_state",
2243     .version_id = 1,
2244     .minimum_version_id = 1,
2245     .minimum_version_id_old = 1,
2246     .fields = (VMStateField []) {
2247         VMSTATE_BOOL(events.new_media, IDEState),
2248         VMSTATE_BOOL(events.eject_request, IDEState),
2249         VMSTATE_END_OF_LIST()
2250     }
2251 };
2252 
2253 static const VMStateDescription vmstate_ide_tray_state = {
2254     .name = "ide_drive/tray_state",
2255     .version_id = 1,
2256     .minimum_version_id = 1,
2257     .minimum_version_id_old = 1,
2258     .fields = (VMStateField[]) {
2259         VMSTATE_BOOL(tray_open, IDEState),
2260         VMSTATE_BOOL(tray_locked, IDEState),
2261         VMSTATE_END_OF_LIST()
2262     }
2263 };
2264 
2265 static const VMStateDescription vmstate_ide_drive_pio_state = {
2266     .name = "ide_drive/pio_state",
2267     .version_id = 1,
2268     .minimum_version_id = 1,
2269     .minimum_version_id_old = 1,
2270     .pre_save = ide_drive_pio_pre_save,
2271     .post_load = ide_drive_pio_post_load,
2272     .fields      = (VMStateField []) {
2273         VMSTATE_INT32(req_nb_sectors, IDEState),
2274         VMSTATE_VARRAY_INT32(io_buffer, IDEState, io_buffer_total_len, 1,
2275 			     vmstate_info_uint8, uint8_t),
2276         VMSTATE_INT32(cur_io_buffer_offset, IDEState),
2277         VMSTATE_INT32(cur_io_buffer_len, IDEState),
2278         VMSTATE_UINT8(end_transfer_fn_idx, IDEState),
2279         VMSTATE_INT32(elementary_transfer_size, IDEState),
2280         VMSTATE_INT32(packet_transfer_size, IDEState),
2281         VMSTATE_END_OF_LIST()
2282     }
2283 };
2284 
2285 const VMStateDescription vmstate_ide_drive = {
2286     .name = "ide_drive",
2287     .version_id = 3,
2288     .minimum_version_id = 0,
2289     .minimum_version_id_old = 0,
2290     .post_load = ide_drive_post_load,
2291     .fields      = (VMStateField []) {
2292         VMSTATE_INT32(mult_sectors, IDEState),
2293         VMSTATE_INT32(identify_set, IDEState),
2294         VMSTATE_BUFFER_TEST(identify_data, IDEState, is_identify_set),
2295         VMSTATE_UINT8(feature, IDEState),
2296         VMSTATE_UINT8(error, IDEState),
2297         VMSTATE_UINT32(nsector, IDEState),
2298         VMSTATE_UINT8(sector, IDEState),
2299         VMSTATE_UINT8(lcyl, IDEState),
2300         VMSTATE_UINT8(hcyl, IDEState),
2301         VMSTATE_UINT8(hob_feature, IDEState),
2302         VMSTATE_UINT8(hob_sector, IDEState),
2303         VMSTATE_UINT8(hob_nsector, IDEState),
2304         VMSTATE_UINT8(hob_lcyl, IDEState),
2305         VMSTATE_UINT8(hob_hcyl, IDEState),
2306         VMSTATE_UINT8(select, IDEState),
2307         VMSTATE_UINT8(status, IDEState),
2308         VMSTATE_UINT8(lba48, IDEState),
2309         VMSTATE_UINT8(sense_key, IDEState),
2310         VMSTATE_UINT8(asc, IDEState),
2311         VMSTATE_UINT8_V(cdrom_changed, IDEState, 3),
2312         VMSTATE_END_OF_LIST()
2313     },
2314     .subsections = (VMStateSubsection []) {
2315         {
2316             .vmsd = &vmstate_ide_drive_pio_state,
2317             .needed = ide_drive_pio_state_needed,
2318         }, {
2319             .vmsd = &vmstate_ide_tray_state,
2320             .needed = ide_tray_state_needed,
2321         }, {
2322             .vmsd = &vmstate_ide_atapi_gesn_state,
2323             .needed = ide_atapi_gesn_needed,
2324         }, {
2325             /* empty */
2326         }
2327     }
2328 };
2329 
2330 static const VMStateDescription vmstate_ide_error_status = {
2331     .name ="ide_bus/error",
2332     .version_id = 1,
2333     .minimum_version_id = 1,
2334     .minimum_version_id_old = 1,
2335     .fields = (VMStateField []) {
2336         VMSTATE_INT32(error_status, IDEBus),
2337         VMSTATE_END_OF_LIST()
2338     }
2339 };
2340 
2341 const VMStateDescription vmstate_ide_bus = {
2342     .name = "ide_bus",
2343     .version_id = 1,
2344     .minimum_version_id = 1,
2345     .minimum_version_id_old = 1,
2346     .fields      = (VMStateField []) {
2347         VMSTATE_UINT8(cmd, IDEBus),
2348         VMSTATE_UINT8(unit, IDEBus),
2349         VMSTATE_END_OF_LIST()
2350     },
2351     .subsections = (VMStateSubsection []) {
2352         {
2353             .vmsd = &vmstate_ide_error_status,
2354             .needed = ide_error_needed,
2355         }, {
2356             /* empty */
2357         }
2358     }
2359 };
2360 
2361 void ide_drive_get(DriveInfo **hd, int max_bus)
2362 {
2363     int i;
2364 
2365     if (drive_get_max_bus(IF_IDE) >= max_bus) {
2366         fprintf(stderr, "qemu: too many IDE bus: %d\n", max_bus);
2367         exit(1);
2368     }
2369 
2370     for(i = 0; i < max_bus * MAX_IDE_DEVS; i++) {
2371         hd[i] = drive_get(IF_IDE, i / MAX_IDE_DEVS, i % MAX_IDE_DEVS);
2372     }
2373 }
2374