1 /* 2 * QEMU IDE disk and CD/DVD-ROM Emulator 3 * 4 * Copyright (c) 2003 Fabrice Bellard 5 * Copyright (c) 2006 Openedhand Ltd. 6 * 7 * Permission is hereby granted, free of charge, to any person obtaining a copy 8 * of this software and associated documentation files (the "Software"), to deal 9 * in the Software without restriction, including without limitation the rights 10 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 11 * copies of the Software, and to permit persons to whom the Software is 12 * furnished to do so, subject to the following conditions: 13 * 14 * The above copyright notice and this permission notice shall be included in 15 * all copies or substantial portions of the Software. 16 * 17 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 18 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 19 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL 20 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 21 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 22 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 23 * THE SOFTWARE. 24 */ 25 26 #include "qemu/osdep.h" 27 #include "hw/isa/isa.h" 28 #include "migration/vmstate.h" 29 #include "qemu/error-report.h" 30 #include "qemu/main-loop.h" 31 #include "qemu/timer.h" 32 #include "qemu/hw-version.h" 33 #include "sysemu/sysemu.h" 34 #include "sysemu/blockdev.h" 35 #include "sysemu/dma.h" 36 #include "hw/block/block.h" 37 #include "sysemu/block-backend.h" 38 #include "qapi/error.h" 39 #include "qemu/cutils.h" 40 #include "sysemu/replay.h" 41 #include "sysemu/runstate.h" 42 #include "hw/ide/internal.h" 43 #include "trace.h" 44 45 /* These values were based on a Seagate ST3500418AS but have been modified 46 to make more sense in QEMU */ 47 static const int smart_attributes[][12] = { 48 /* id, flags, hflags, val, wrst, raw (6 bytes), threshold */ 49 /* raw read error rate*/ 50 { 0x01, 0x03, 0x00, 0x64, 0x64, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x06}, 51 /* spin up */ 52 { 0x03, 0x03, 0x00, 0x64, 0x64, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, 53 /* start stop count */ 54 { 0x04, 0x02, 0x00, 0x64, 0x64, 0x64, 0x00, 0x00, 0x00, 0x00, 0x00, 0x14}, 55 /* remapped sectors */ 56 { 0x05, 0x03, 0x00, 0x64, 0x64, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x24}, 57 /* power on hours */ 58 { 0x09, 0x03, 0x00, 0x64, 0x64, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, 59 /* power cycle count */ 60 { 0x0c, 0x03, 0x00, 0x64, 0x64, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, 61 /* airflow-temperature-celsius */ 62 { 190, 0x03, 0x00, 0x45, 0x45, 0x1f, 0x00, 0x1f, 0x1f, 0x00, 0x00, 0x32}, 63 }; 64 65 const char *IDE_DMA_CMD_lookup[IDE_DMA__COUNT] = { 66 [IDE_DMA_READ] = "DMA READ", 67 [IDE_DMA_WRITE] = "DMA WRITE", 68 [IDE_DMA_TRIM] = "DMA TRIM", 69 [IDE_DMA_ATAPI] = "DMA ATAPI" 70 }; 71 72 static const char *IDE_DMA_CMD_str(enum ide_dma_cmd enval) 73 { 74 if ((unsigned)enval < IDE_DMA__COUNT) { 75 return IDE_DMA_CMD_lookup[enval]; 76 } 77 return "DMA UNKNOWN CMD"; 78 } 79 80 static void ide_dummy_transfer_stop(IDEState *s); 81 82 static void padstr(char *str, const char *src, int len) 83 { 84 int i, v; 85 for(i = 0; i < len; i++) { 86 if (*src) 87 v = *src++; 88 else 89 v = ' '; 90 str[i^1] = v; 91 } 92 } 93 94 static void put_le16(uint16_t *p, unsigned int v) 95 { 96 *p = cpu_to_le16(v); 97 } 98 99 static void ide_identify_size(IDEState *s) 100 { 101 uint16_t *p = (uint16_t *)s->identify_data; 102 int64_t nb_sectors_lba28 = s->nb_sectors; 103 if (nb_sectors_lba28 >= 1 << 28) { 104 nb_sectors_lba28 = (1 << 28) - 1; 105 } 106 put_le16(p + 60, nb_sectors_lba28); 107 put_le16(p + 61, nb_sectors_lba28 >> 16); 108 put_le16(p + 100, s->nb_sectors); 109 put_le16(p + 101, s->nb_sectors >> 16); 110 put_le16(p + 102, s->nb_sectors >> 32); 111 put_le16(p + 103, s->nb_sectors >> 48); 112 } 113 114 static void ide_identify(IDEState *s) 115 { 116 uint16_t *p; 117 unsigned int oldsize; 118 IDEDevice *dev = s->unit ? s->bus->slave : s->bus->master; 119 120 p = (uint16_t *)s->identify_data; 121 if (s->identify_set) { 122 goto fill_buffer; 123 } 124 memset(p, 0, sizeof(s->identify_data)); 125 126 put_le16(p + 0, 0x0040); 127 put_le16(p + 1, s->cylinders); 128 put_le16(p + 3, s->heads); 129 put_le16(p + 4, 512 * s->sectors); /* XXX: retired, remove ? */ 130 put_le16(p + 5, 512); /* XXX: retired, remove ? */ 131 put_le16(p + 6, s->sectors); 132 padstr((char *)(p + 10), s->drive_serial_str, 20); /* serial number */ 133 put_le16(p + 20, 3); /* XXX: retired, remove ? */ 134 put_le16(p + 21, 512); /* cache size in sectors */ 135 put_le16(p + 22, 4); /* ecc bytes */ 136 padstr((char *)(p + 23), s->version, 8); /* firmware version */ 137 padstr((char *)(p + 27), s->drive_model_str, 40); /* model */ 138 #if MAX_MULT_SECTORS > 1 139 put_le16(p + 47, 0x8000 | MAX_MULT_SECTORS); 140 #endif 141 put_le16(p + 48, 1); /* dword I/O */ 142 put_le16(p + 49, (1 << 11) | (1 << 9) | (1 << 8)); /* DMA and LBA supported */ 143 put_le16(p + 51, 0x200); /* PIO transfer cycle */ 144 put_le16(p + 52, 0x200); /* DMA transfer cycle */ 145 put_le16(p + 53, 1 | (1 << 1) | (1 << 2)); /* words 54-58,64-70,88 are valid */ 146 put_le16(p + 54, s->cylinders); 147 put_le16(p + 55, s->heads); 148 put_le16(p + 56, s->sectors); 149 oldsize = s->cylinders * s->heads * s->sectors; 150 put_le16(p + 57, oldsize); 151 put_le16(p + 58, oldsize >> 16); 152 if (s->mult_sectors) 153 put_le16(p + 59, 0x100 | s->mult_sectors); 154 /* *(p + 60) := nb_sectors -- see ide_identify_size */ 155 /* *(p + 61) := nb_sectors >> 16 -- see ide_identify_size */ 156 put_le16(p + 62, 0x07); /* single word dma0-2 supported */ 157 put_le16(p + 63, 0x07); /* mdma0-2 supported */ 158 put_le16(p + 64, 0x03); /* pio3-4 supported */ 159 put_le16(p + 65, 120); 160 put_le16(p + 66, 120); 161 put_le16(p + 67, 120); 162 put_le16(p + 68, 120); 163 if (dev && dev->conf.discard_granularity) { 164 put_le16(p + 69, (1 << 14)); /* determinate TRIM behavior */ 165 } 166 167 if (s->ncq_queues) { 168 put_le16(p + 75, s->ncq_queues - 1); 169 /* NCQ supported */ 170 put_le16(p + 76, (1 << 8)); 171 } 172 173 put_le16(p + 80, 0xf0); /* ata3 -> ata6 supported */ 174 put_le16(p + 81, 0x16); /* conforms to ata5 */ 175 /* 14=NOP supported, 5=WCACHE supported, 0=SMART supported */ 176 put_le16(p + 82, (1 << 14) | (1 << 5) | 1); 177 /* 13=flush_cache_ext,12=flush_cache,10=lba48 */ 178 put_le16(p + 83, (1 << 14) | (1 << 13) | (1 <<12) | (1 << 10)); 179 /* 14=set to 1, 8=has WWN, 1=SMART self test, 0=SMART error logging */ 180 if (s->wwn) { 181 put_le16(p + 84, (1 << 14) | (1 << 8) | 0); 182 } else { 183 put_le16(p + 84, (1 << 14) | 0); 184 } 185 /* 14 = NOP supported, 5=WCACHE enabled, 0=SMART feature set enabled */ 186 if (blk_enable_write_cache(s->blk)) { 187 put_le16(p + 85, (1 << 14) | (1 << 5) | 1); 188 } else { 189 put_le16(p + 85, (1 << 14) | 1); 190 } 191 /* 13=flush_cache_ext,12=flush_cache,10=lba48 */ 192 put_le16(p + 86, (1 << 13) | (1 <<12) | (1 << 10)); 193 /* 14=set to 1, 8=has WWN, 1=SMART self test, 0=SMART error logging */ 194 if (s->wwn) { 195 put_le16(p + 87, (1 << 14) | (1 << 8) | 0); 196 } else { 197 put_le16(p + 87, (1 << 14) | 0); 198 } 199 put_le16(p + 88, 0x3f | (1 << 13)); /* udma5 set and supported */ 200 put_le16(p + 93, 1 | (1 << 14) | 0x2000); 201 /* *(p + 100) := nb_sectors -- see ide_identify_size */ 202 /* *(p + 101) := nb_sectors >> 16 -- see ide_identify_size */ 203 /* *(p + 102) := nb_sectors >> 32 -- see ide_identify_size */ 204 /* *(p + 103) := nb_sectors >> 48 -- see ide_identify_size */ 205 206 if (dev && dev->conf.physical_block_size) 207 put_le16(p + 106, 0x6000 | get_physical_block_exp(&dev->conf)); 208 if (s->wwn) { 209 /* LE 16-bit words 111-108 contain 64-bit World Wide Name */ 210 put_le16(p + 108, s->wwn >> 48); 211 put_le16(p + 109, s->wwn >> 32); 212 put_le16(p + 110, s->wwn >> 16); 213 put_le16(p + 111, s->wwn); 214 } 215 if (dev && dev->conf.discard_granularity) { 216 put_le16(p + 169, 1); /* TRIM support */ 217 } 218 if (dev) { 219 put_le16(p + 217, dev->rotation_rate); /* Nominal media rotation rate */ 220 } 221 222 ide_identify_size(s); 223 s->identify_set = 1; 224 225 fill_buffer: 226 memcpy(s->io_buffer, p, sizeof(s->identify_data)); 227 } 228 229 static void ide_atapi_identify(IDEState *s) 230 { 231 uint16_t *p; 232 233 p = (uint16_t *)s->identify_data; 234 if (s->identify_set) { 235 goto fill_buffer; 236 } 237 memset(p, 0, sizeof(s->identify_data)); 238 239 /* Removable CDROM, 50us response, 12 byte packets */ 240 put_le16(p + 0, (2 << 14) | (5 << 8) | (1 << 7) | (2 << 5) | (0 << 0)); 241 padstr((char *)(p + 10), s->drive_serial_str, 20); /* serial number */ 242 put_le16(p + 20, 3); /* buffer type */ 243 put_le16(p + 21, 512); /* cache size in sectors */ 244 put_le16(p + 22, 4); /* ecc bytes */ 245 padstr((char *)(p + 23), s->version, 8); /* firmware version */ 246 padstr((char *)(p + 27), s->drive_model_str, 40); /* model */ 247 put_le16(p + 48, 1); /* dword I/O (XXX: should not be set on CDROM) */ 248 #ifdef USE_DMA_CDROM 249 put_le16(p + 49, 1 << 9 | 1 << 8); /* DMA and LBA supported */ 250 put_le16(p + 53, 7); /* words 64-70, 54-58, 88 valid */ 251 put_le16(p + 62, 7); /* single word dma0-2 supported */ 252 put_le16(p + 63, 7); /* mdma0-2 supported */ 253 #else 254 put_le16(p + 49, 1 << 9); /* LBA supported, no DMA */ 255 put_le16(p + 53, 3); /* words 64-70, 54-58 valid */ 256 put_le16(p + 63, 0x103); /* DMA modes XXX: may be incorrect */ 257 #endif 258 put_le16(p + 64, 3); /* pio3-4 supported */ 259 put_le16(p + 65, 0xb4); /* minimum DMA multiword tx cycle time */ 260 put_le16(p + 66, 0xb4); /* recommended DMA multiword tx cycle time */ 261 put_le16(p + 67, 0x12c); /* minimum PIO cycle time without flow control */ 262 put_le16(p + 68, 0xb4); /* minimum PIO cycle time with IORDY flow control */ 263 264 put_le16(p + 71, 30); /* in ns */ 265 put_le16(p + 72, 30); /* in ns */ 266 267 if (s->ncq_queues) { 268 put_le16(p + 75, s->ncq_queues - 1); 269 /* NCQ supported */ 270 put_le16(p + 76, (1 << 8)); 271 } 272 273 put_le16(p + 80, 0x1e); /* support up to ATA/ATAPI-4 */ 274 if (s->wwn) { 275 put_le16(p + 84, (1 << 8)); /* supports WWN for words 108-111 */ 276 put_le16(p + 87, (1 << 8)); /* WWN enabled */ 277 } 278 279 #ifdef USE_DMA_CDROM 280 put_le16(p + 88, 0x3f | (1 << 13)); /* udma5 set and supported */ 281 #endif 282 283 if (s->wwn) { 284 /* LE 16-bit words 111-108 contain 64-bit World Wide Name */ 285 put_le16(p + 108, s->wwn >> 48); 286 put_le16(p + 109, s->wwn >> 32); 287 put_le16(p + 110, s->wwn >> 16); 288 put_le16(p + 111, s->wwn); 289 } 290 291 s->identify_set = 1; 292 293 fill_buffer: 294 memcpy(s->io_buffer, p, sizeof(s->identify_data)); 295 } 296 297 static void ide_cfata_identify_size(IDEState *s) 298 { 299 uint16_t *p = (uint16_t *)s->identify_data; 300 put_le16(p + 7, s->nb_sectors >> 16); /* Sectors per card */ 301 put_le16(p + 8, s->nb_sectors); /* Sectors per card */ 302 put_le16(p + 60, s->nb_sectors); /* Total LBA sectors */ 303 put_le16(p + 61, s->nb_sectors >> 16); /* Total LBA sectors */ 304 } 305 306 static void ide_cfata_identify(IDEState *s) 307 { 308 uint16_t *p; 309 uint32_t cur_sec; 310 311 p = (uint16_t *)s->identify_data; 312 if (s->identify_set) { 313 goto fill_buffer; 314 } 315 memset(p, 0, sizeof(s->identify_data)); 316 317 cur_sec = s->cylinders * s->heads * s->sectors; 318 319 put_le16(p + 0, 0x848a); /* CF Storage Card signature */ 320 put_le16(p + 1, s->cylinders); /* Default cylinders */ 321 put_le16(p + 3, s->heads); /* Default heads */ 322 put_le16(p + 6, s->sectors); /* Default sectors per track */ 323 /* *(p + 7) := nb_sectors >> 16 -- see ide_cfata_identify_size */ 324 /* *(p + 8) := nb_sectors -- see ide_cfata_identify_size */ 325 padstr((char *)(p + 10), s->drive_serial_str, 20); /* serial number */ 326 put_le16(p + 22, 0x0004); /* ECC bytes */ 327 padstr((char *) (p + 23), s->version, 8); /* Firmware Revision */ 328 padstr((char *) (p + 27), s->drive_model_str, 40);/* Model number */ 329 #if MAX_MULT_SECTORS > 1 330 put_le16(p + 47, 0x8000 | MAX_MULT_SECTORS); 331 #else 332 put_le16(p + 47, 0x0000); 333 #endif 334 put_le16(p + 49, 0x0f00); /* Capabilities */ 335 put_le16(p + 51, 0x0002); /* PIO cycle timing mode */ 336 put_le16(p + 52, 0x0001); /* DMA cycle timing mode */ 337 put_le16(p + 53, 0x0003); /* Translation params valid */ 338 put_le16(p + 54, s->cylinders); /* Current cylinders */ 339 put_le16(p + 55, s->heads); /* Current heads */ 340 put_le16(p + 56, s->sectors); /* Current sectors */ 341 put_le16(p + 57, cur_sec); /* Current capacity */ 342 put_le16(p + 58, cur_sec >> 16); /* Current capacity */ 343 if (s->mult_sectors) /* Multiple sector setting */ 344 put_le16(p + 59, 0x100 | s->mult_sectors); 345 /* *(p + 60) := nb_sectors -- see ide_cfata_identify_size */ 346 /* *(p + 61) := nb_sectors >> 16 -- see ide_cfata_identify_size */ 347 put_le16(p + 63, 0x0203); /* Multiword DMA capability */ 348 put_le16(p + 64, 0x0001); /* Flow Control PIO support */ 349 put_le16(p + 65, 0x0096); /* Min. Multiword DMA cycle */ 350 put_le16(p + 66, 0x0096); /* Rec. Multiword DMA cycle */ 351 put_le16(p + 68, 0x00b4); /* Min. PIO cycle time */ 352 put_le16(p + 82, 0x400c); /* Command Set supported */ 353 put_le16(p + 83, 0x7068); /* Command Set supported */ 354 put_le16(p + 84, 0x4000); /* Features supported */ 355 put_le16(p + 85, 0x000c); /* Command Set enabled */ 356 put_le16(p + 86, 0x7044); /* Command Set enabled */ 357 put_le16(p + 87, 0x4000); /* Features enabled */ 358 put_le16(p + 91, 0x4060); /* Current APM level */ 359 put_le16(p + 129, 0x0002); /* Current features option */ 360 put_le16(p + 130, 0x0005); /* Reassigned sectors */ 361 put_le16(p + 131, 0x0001); /* Initial power mode */ 362 put_le16(p + 132, 0x0000); /* User signature */ 363 put_le16(p + 160, 0x8100); /* Power requirement */ 364 put_le16(p + 161, 0x8001); /* CF command set */ 365 366 ide_cfata_identify_size(s); 367 s->identify_set = 1; 368 369 fill_buffer: 370 memcpy(s->io_buffer, p, sizeof(s->identify_data)); 371 } 372 373 static void ide_set_signature(IDEState *s) 374 { 375 s->select &= ~(ATA_DEV_HS); /* clear head */ 376 /* put signature */ 377 s->nsector = 1; 378 s->sector = 1; 379 if (s->drive_kind == IDE_CD) { 380 s->lcyl = 0x14; 381 s->hcyl = 0xeb; 382 } else if (s->blk) { 383 s->lcyl = 0; 384 s->hcyl = 0; 385 } else { 386 s->lcyl = 0xff; 387 s->hcyl = 0xff; 388 } 389 } 390 391 static bool ide_sect_range_ok(IDEState *s, 392 uint64_t sector, uint64_t nb_sectors) 393 { 394 uint64_t total_sectors; 395 396 blk_get_geometry(s->blk, &total_sectors); 397 if (sector > total_sectors || nb_sectors > total_sectors - sector) { 398 return false; 399 } 400 return true; 401 } 402 403 typedef struct TrimAIOCB { 404 BlockAIOCB common; 405 IDEState *s; 406 QEMUBH *bh; 407 int ret; 408 QEMUIOVector *qiov; 409 BlockAIOCB *aiocb; 410 int i, j; 411 } TrimAIOCB; 412 413 static void trim_aio_cancel(BlockAIOCB *acb) 414 { 415 TrimAIOCB *iocb = container_of(acb, TrimAIOCB, common); 416 417 /* Exit the loop so ide_issue_trim_cb will not continue */ 418 iocb->j = iocb->qiov->niov - 1; 419 iocb->i = (iocb->qiov->iov[iocb->j].iov_len / 8) - 1; 420 421 iocb->ret = -ECANCELED; 422 423 if (iocb->aiocb) { 424 blk_aio_cancel_async(iocb->aiocb); 425 iocb->aiocb = NULL; 426 } 427 } 428 429 static const AIOCBInfo trim_aiocb_info = { 430 .aiocb_size = sizeof(TrimAIOCB), 431 .cancel_async = trim_aio_cancel, 432 }; 433 434 static void ide_trim_bh_cb(void *opaque) 435 { 436 TrimAIOCB *iocb = opaque; 437 BlockBackend *blk = iocb->s->blk; 438 439 iocb->common.cb(iocb->common.opaque, iocb->ret); 440 441 qemu_bh_delete(iocb->bh); 442 iocb->bh = NULL; 443 qemu_aio_unref(iocb); 444 445 /* Paired with an increment in ide_issue_trim() */ 446 blk_dec_in_flight(blk); 447 } 448 449 static void ide_issue_trim_cb(void *opaque, int ret) 450 { 451 TrimAIOCB *iocb = opaque; 452 IDEState *s = iocb->s; 453 454 if (iocb->i >= 0) { 455 if (ret >= 0) { 456 block_acct_done(blk_get_stats(s->blk), &s->acct); 457 } else { 458 block_acct_failed(blk_get_stats(s->blk), &s->acct); 459 } 460 } 461 462 if (ret >= 0) { 463 while (iocb->j < iocb->qiov->niov) { 464 int j = iocb->j; 465 while (++iocb->i < iocb->qiov->iov[j].iov_len / 8) { 466 int i = iocb->i; 467 uint64_t *buffer = iocb->qiov->iov[j].iov_base; 468 469 /* 6-byte LBA + 2-byte range per entry */ 470 uint64_t entry = le64_to_cpu(buffer[i]); 471 uint64_t sector = entry & 0x0000ffffffffffffULL; 472 uint16_t count = entry >> 48; 473 474 if (count == 0) { 475 continue; 476 } 477 478 if (!ide_sect_range_ok(s, sector, count)) { 479 block_acct_invalid(blk_get_stats(s->blk), BLOCK_ACCT_UNMAP); 480 iocb->ret = -EINVAL; 481 goto done; 482 } 483 484 block_acct_start(blk_get_stats(s->blk), &s->acct, 485 count << BDRV_SECTOR_BITS, BLOCK_ACCT_UNMAP); 486 487 /* Got an entry! Submit and exit. */ 488 iocb->aiocb = blk_aio_pdiscard(s->blk, 489 sector << BDRV_SECTOR_BITS, 490 count << BDRV_SECTOR_BITS, 491 ide_issue_trim_cb, opaque); 492 return; 493 } 494 495 iocb->j++; 496 iocb->i = -1; 497 } 498 } else { 499 iocb->ret = ret; 500 } 501 502 done: 503 iocb->aiocb = NULL; 504 if (iocb->bh) { 505 replay_bh_schedule_event(iocb->bh); 506 } 507 } 508 509 BlockAIOCB *ide_issue_trim( 510 int64_t offset, QEMUIOVector *qiov, 511 BlockCompletionFunc *cb, void *cb_opaque, void *opaque) 512 { 513 IDEState *s = opaque; 514 TrimAIOCB *iocb; 515 516 /* Paired with a decrement in ide_trim_bh_cb() */ 517 blk_inc_in_flight(s->blk); 518 519 iocb = blk_aio_get(&trim_aiocb_info, s->blk, cb, cb_opaque); 520 iocb->s = s; 521 iocb->bh = qemu_bh_new(ide_trim_bh_cb, iocb); 522 iocb->ret = 0; 523 iocb->qiov = qiov; 524 iocb->i = -1; 525 iocb->j = 0; 526 ide_issue_trim_cb(iocb, 0); 527 return &iocb->common; 528 } 529 530 void ide_abort_command(IDEState *s) 531 { 532 ide_transfer_stop(s); 533 s->status = READY_STAT | ERR_STAT; 534 s->error = ABRT_ERR; 535 } 536 537 static void ide_set_retry(IDEState *s) 538 { 539 s->bus->retry_unit = s->unit; 540 s->bus->retry_sector_num = ide_get_sector(s); 541 s->bus->retry_nsector = s->nsector; 542 } 543 544 static void ide_clear_retry(IDEState *s) 545 { 546 s->bus->retry_unit = -1; 547 s->bus->retry_sector_num = 0; 548 s->bus->retry_nsector = 0; 549 } 550 551 /* prepare data transfer and tell what to do after */ 552 bool ide_transfer_start_norecurse(IDEState *s, uint8_t *buf, int size, 553 EndTransferFunc *end_transfer_func) 554 { 555 s->data_ptr = buf; 556 s->data_end = buf + size; 557 ide_set_retry(s); 558 if (!(s->status & ERR_STAT)) { 559 s->status |= DRQ_STAT; 560 } 561 if (!s->bus->dma->ops->pio_transfer) { 562 s->end_transfer_func = end_transfer_func; 563 return false; 564 } 565 s->bus->dma->ops->pio_transfer(s->bus->dma); 566 return true; 567 } 568 569 void ide_transfer_start(IDEState *s, uint8_t *buf, int size, 570 EndTransferFunc *end_transfer_func) 571 { 572 if (ide_transfer_start_norecurse(s, buf, size, end_transfer_func)) { 573 end_transfer_func(s); 574 } 575 } 576 577 static void ide_cmd_done(IDEState *s) 578 { 579 if (s->bus->dma->ops->cmd_done) { 580 s->bus->dma->ops->cmd_done(s->bus->dma); 581 } 582 } 583 584 static void ide_transfer_halt(IDEState *s) 585 { 586 s->end_transfer_func = ide_transfer_stop; 587 s->data_ptr = s->io_buffer; 588 s->data_end = s->io_buffer; 589 s->status &= ~DRQ_STAT; 590 } 591 592 void ide_transfer_stop(IDEState *s) 593 { 594 ide_transfer_halt(s); 595 ide_cmd_done(s); 596 } 597 598 int64_t ide_get_sector(IDEState *s) 599 { 600 int64_t sector_num; 601 if (s->select & (ATA_DEV_LBA)) { 602 if (s->lba48) { 603 sector_num = ((int64_t)s->hob_hcyl << 40) | 604 ((int64_t) s->hob_lcyl << 32) | 605 ((int64_t) s->hob_sector << 24) | 606 ((int64_t) s->hcyl << 16) | 607 ((int64_t) s->lcyl << 8) | s->sector; 608 } else { 609 /* LBA28 */ 610 sector_num = ((s->select & (ATA_DEV_LBA_MSB)) << 24) | 611 (s->hcyl << 16) | (s->lcyl << 8) | s->sector; 612 } 613 } else { 614 /* CHS */ 615 sector_num = ((s->hcyl << 8) | s->lcyl) * s->heads * s->sectors + 616 (s->select & (ATA_DEV_HS)) * s->sectors + (s->sector - 1); 617 } 618 619 return sector_num; 620 } 621 622 void ide_set_sector(IDEState *s, int64_t sector_num) 623 { 624 unsigned int cyl, r; 625 if (s->select & (ATA_DEV_LBA)) { 626 if (s->lba48) { 627 s->sector = sector_num; 628 s->lcyl = sector_num >> 8; 629 s->hcyl = sector_num >> 16; 630 s->hob_sector = sector_num >> 24; 631 s->hob_lcyl = sector_num >> 32; 632 s->hob_hcyl = sector_num >> 40; 633 } else { 634 /* LBA28 */ 635 s->select = (s->select & ~(ATA_DEV_LBA_MSB)) | 636 ((sector_num >> 24) & (ATA_DEV_LBA_MSB)); 637 s->hcyl = (sector_num >> 16); 638 s->lcyl = (sector_num >> 8); 639 s->sector = (sector_num); 640 } 641 } else { 642 /* CHS */ 643 cyl = sector_num / (s->heads * s->sectors); 644 r = sector_num % (s->heads * s->sectors); 645 s->hcyl = cyl >> 8; 646 s->lcyl = cyl; 647 s->select = (s->select & ~(ATA_DEV_HS)) | 648 ((r / s->sectors) & (ATA_DEV_HS)); 649 s->sector = (r % s->sectors) + 1; 650 } 651 } 652 653 static void ide_rw_error(IDEState *s) { 654 ide_abort_command(s); 655 ide_set_irq(s->bus); 656 } 657 658 static void ide_buffered_readv_cb(void *opaque, int ret) 659 { 660 IDEBufferedRequest *req = opaque; 661 if (!req->orphaned) { 662 if (!ret) { 663 assert(req->qiov.size == req->original_qiov->size); 664 qemu_iovec_from_buf(req->original_qiov, 0, 665 req->qiov.local_iov.iov_base, 666 req->original_qiov->size); 667 } 668 req->original_cb(req->original_opaque, ret); 669 } 670 QLIST_REMOVE(req, list); 671 qemu_vfree(qemu_iovec_buf(&req->qiov)); 672 g_free(req); 673 } 674 675 #define MAX_BUFFERED_REQS 16 676 677 BlockAIOCB *ide_buffered_readv(IDEState *s, int64_t sector_num, 678 QEMUIOVector *iov, int nb_sectors, 679 BlockCompletionFunc *cb, void *opaque) 680 { 681 BlockAIOCB *aioreq; 682 IDEBufferedRequest *req; 683 int c = 0; 684 685 QLIST_FOREACH(req, &s->buffered_requests, list) { 686 c++; 687 } 688 if (c > MAX_BUFFERED_REQS) { 689 return blk_abort_aio_request(s->blk, cb, opaque, -EIO); 690 } 691 692 req = g_new0(IDEBufferedRequest, 1); 693 req->original_qiov = iov; 694 req->original_cb = cb; 695 req->original_opaque = opaque; 696 qemu_iovec_init_buf(&req->qiov, blk_blockalign(s->blk, iov->size), 697 iov->size); 698 699 aioreq = blk_aio_preadv(s->blk, sector_num << BDRV_SECTOR_BITS, 700 &req->qiov, 0, ide_buffered_readv_cb, req); 701 702 QLIST_INSERT_HEAD(&s->buffered_requests, req, list); 703 return aioreq; 704 } 705 706 /** 707 * Cancel all pending DMA requests. 708 * Any buffered DMA requests are instantly canceled, 709 * but any pending unbuffered DMA requests must be waited on. 710 */ 711 void ide_cancel_dma_sync(IDEState *s) 712 { 713 IDEBufferedRequest *req; 714 715 /* First invoke the callbacks of all buffered requests 716 * and flag those requests as orphaned. Ideally there 717 * are no unbuffered (Scatter Gather DMA Requests or 718 * write requests) pending and we can avoid to drain. */ 719 QLIST_FOREACH(req, &s->buffered_requests, list) { 720 if (!req->orphaned) { 721 trace_ide_cancel_dma_sync_buffered(req->original_cb, req); 722 req->original_cb(req->original_opaque, -ECANCELED); 723 } 724 req->orphaned = true; 725 } 726 727 /* 728 * We can't cancel Scatter Gather DMA in the middle of the 729 * operation or a partial (not full) DMA transfer would reach 730 * the storage so we wait for completion instead (we behave 731 * like if the DMA was completed by the time the guest trying 732 * to cancel dma with bmdma_cmd_writeb with BM_CMD_START not 733 * set). 734 * 735 * In the future we'll be able to safely cancel the I/O if the 736 * whole DMA operation will be submitted to disk with a single 737 * aio operation with preadv/pwritev. 738 */ 739 if (s->bus->dma->aiocb) { 740 trace_ide_cancel_dma_sync_remaining(); 741 blk_drain(s->blk); 742 assert(s->bus->dma->aiocb == NULL); 743 } 744 } 745 746 static void ide_sector_read(IDEState *s); 747 748 static void ide_sector_read_cb(void *opaque, int ret) 749 { 750 IDEState *s = opaque; 751 int n; 752 753 s->pio_aiocb = NULL; 754 s->status &= ~BUSY_STAT; 755 756 if (ret != 0) { 757 if (ide_handle_rw_error(s, -ret, IDE_RETRY_PIO | 758 IDE_RETRY_READ)) { 759 return; 760 } 761 } 762 763 block_acct_done(blk_get_stats(s->blk), &s->acct); 764 765 n = s->nsector; 766 if (n > s->req_nb_sectors) { 767 n = s->req_nb_sectors; 768 } 769 770 ide_set_sector(s, ide_get_sector(s) + n); 771 s->nsector -= n; 772 /* Allow the guest to read the io_buffer */ 773 ide_transfer_start(s, s->io_buffer, n * BDRV_SECTOR_SIZE, ide_sector_read); 774 ide_set_irq(s->bus); 775 } 776 777 static void ide_sector_read(IDEState *s) 778 { 779 int64_t sector_num; 780 int n; 781 782 s->status = READY_STAT | SEEK_STAT; 783 s->error = 0; /* not needed by IDE spec, but needed by Windows */ 784 sector_num = ide_get_sector(s); 785 n = s->nsector; 786 787 if (n == 0) { 788 ide_transfer_stop(s); 789 return; 790 } 791 792 s->status |= BUSY_STAT; 793 794 if (n > s->req_nb_sectors) { 795 n = s->req_nb_sectors; 796 } 797 798 trace_ide_sector_read(sector_num, n); 799 800 if (!ide_sect_range_ok(s, sector_num, n)) { 801 ide_rw_error(s); 802 block_acct_invalid(blk_get_stats(s->blk), BLOCK_ACCT_READ); 803 return; 804 } 805 806 qemu_iovec_init_buf(&s->qiov, s->io_buffer, n * BDRV_SECTOR_SIZE); 807 808 block_acct_start(blk_get_stats(s->blk), &s->acct, 809 n * BDRV_SECTOR_SIZE, BLOCK_ACCT_READ); 810 s->pio_aiocb = ide_buffered_readv(s, sector_num, &s->qiov, n, 811 ide_sector_read_cb, s); 812 } 813 814 void dma_buf_commit(IDEState *s, uint32_t tx_bytes) 815 { 816 if (s->bus->dma->ops->commit_buf) { 817 s->bus->dma->ops->commit_buf(s->bus->dma, tx_bytes); 818 } 819 s->io_buffer_offset += tx_bytes; 820 qemu_sglist_destroy(&s->sg); 821 } 822 823 void ide_set_inactive(IDEState *s, bool more) 824 { 825 s->bus->dma->aiocb = NULL; 826 ide_clear_retry(s); 827 if (s->bus->dma->ops->set_inactive) { 828 s->bus->dma->ops->set_inactive(s->bus->dma, more); 829 } 830 ide_cmd_done(s); 831 } 832 833 void ide_dma_error(IDEState *s) 834 { 835 dma_buf_commit(s, 0); 836 ide_abort_command(s); 837 ide_set_inactive(s, false); 838 ide_set_irq(s->bus); 839 } 840 841 int ide_handle_rw_error(IDEState *s, int error, int op) 842 { 843 bool is_read = (op & IDE_RETRY_READ) != 0; 844 BlockErrorAction action = blk_get_error_action(s->blk, is_read, error); 845 846 if (action == BLOCK_ERROR_ACTION_STOP) { 847 assert(s->bus->retry_unit == s->unit); 848 s->bus->error_status = op; 849 } else if (action == BLOCK_ERROR_ACTION_REPORT) { 850 block_acct_failed(blk_get_stats(s->blk), &s->acct); 851 if (IS_IDE_RETRY_DMA(op)) { 852 ide_dma_error(s); 853 } else if (IS_IDE_RETRY_ATAPI(op)) { 854 ide_atapi_io_error(s, -error); 855 } else { 856 ide_rw_error(s); 857 } 858 } 859 blk_error_action(s->blk, action, is_read, error); 860 return action != BLOCK_ERROR_ACTION_IGNORE; 861 } 862 863 static void ide_dma_cb(void *opaque, int ret) 864 { 865 IDEState *s = opaque; 866 int n; 867 int64_t sector_num; 868 uint64_t offset; 869 bool stay_active = false; 870 int32_t prep_size = 0; 871 872 if (ret == -EINVAL) { 873 ide_dma_error(s); 874 return; 875 } 876 877 if (ret < 0) { 878 if (ide_handle_rw_error(s, -ret, ide_dma_cmd_to_retry(s->dma_cmd))) { 879 s->bus->dma->aiocb = NULL; 880 dma_buf_commit(s, 0); 881 return; 882 } 883 } 884 885 if (s->io_buffer_size > s->nsector * 512) { 886 /* 887 * The PRDs were longer than needed for this request. 888 * The Active bit must remain set after the request completes. 889 */ 890 n = s->nsector; 891 stay_active = true; 892 } else { 893 n = s->io_buffer_size >> 9; 894 } 895 896 sector_num = ide_get_sector(s); 897 if (n > 0) { 898 assert(n * 512 == s->sg.size); 899 dma_buf_commit(s, s->sg.size); 900 sector_num += n; 901 ide_set_sector(s, sector_num); 902 s->nsector -= n; 903 } 904 905 /* end of transfer ? */ 906 if (s->nsector == 0) { 907 s->status = READY_STAT | SEEK_STAT; 908 ide_set_irq(s->bus); 909 goto eot; 910 } 911 912 /* launch next transfer */ 913 n = s->nsector; 914 s->io_buffer_index = 0; 915 s->io_buffer_size = n * 512; 916 prep_size = s->bus->dma->ops->prepare_buf(s->bus->dma, s->io_buffer_size); 917 /* prepare_buf() must succeed and respect the limit */ 918 assert(prep_size >= 0 && prep_size <= n * 512); 919 920 /* 921 * Now prep_size stores the number of bytes in the sglist, and 922 * s->io_buffer_size stores the number of bytes described by the PRDs. 923 */ 924 925 if (prep_size < n * 512) { 926 /* 927 * The PRDs are too short for this request. Error condition! 928 * Reset the Active bit and don't raise the interrupt. 929 */ 930 s->status = READY_STAT | SEEK_STAT; 931 dma_buf_commit(s, 0); 932 goto eot; 933 } 934 935 trace_ide_dma_cb(s, sector_num, n, IDE_DMA_CMD_str(s->dma_cmd)); 936 937 if ((s->dma_cmd == IDE_DMA_READ || s->dma_cmd == IDE_DMA_WRITE) && 938 !ide_sect_range_ok(s, sector_num, n)) { 939 ide_dma_error(s); 940 block_acct_invalid(blk_get_stats(s->blk), s->acct.type); 941 return; 942 } 943 944 offset = sector_num << BDRV_SECTOR_BITS; 945 switch (s->dma_cmd) { 946 case IDE_DMA_READ: 947 s->bus->dma->aiocb = dma_blk_read(s->blk, &s->sg, offset, 948 BDRV_SECTOR_SIZE, ide_dma_cb, s); 949 break; 950 case IDE_DMA_WRITE: 951 s->bus->dma->aiocb = dma_blk_write(s->blk, &s->sg, offset, 952 BDRV_SECTOR_SIZE, ide_dma_cb, s); 953 break; 954 case IDE_DMA_TRIM: 955 s->bus->dma->aiocb = dma_blk_io(blk_get_aio_context(s->blk), 956 &s->sg, offset, BDRV_SECTOR_SIZE, 957 ide_issue_trim, s, ide_dma_cb, s, 958 DMA_DIRECTION_TO_DEVICE); 959 break; 960 default: 961 abort(); 962 } 963 return; 964 965 eot: 966 if (s->dma_cmd == IDE_DMA_READ || s->dma_cmd == IDE_DMA_WRITE) { 967 block_acct_done(blk_get_stats(s->blk), &s->acct); 968 } 969 ide_set_inactive(s, stay_active); 970 } 971 972 static void ide_sector_start_dma(IDEState *s, enum ide_dma_cmd dma_cmd) 973 { 974 s->status = READY_STAT | SEEK_STAT | DRQ_STAT; 975 s->io_buffer_size = 0; 976 s->dma_cmd = dma_cmd; 977 978 switch (dma_cmd) { 979 case IDE_DMA_READ: 980 block_acct_start(blk_get_stats(s->blk), &s->acct, 981 s->nsector * BDRV_SECTOR_SIZE, BLOCK_ACCT_READ); 982 break; 983 case IDE_DMA_WRITE: 984 block_acct_start(blk_get_stats(s->blk), &s->acct, 985 s->nsector * BDRV_SECTOR_SIZE, BLOCK_ACCT_WRITE); 986 break; 987 default: 988 break; 989 } 990 991 ide_start_dma(s, ide_dma_cb); 992 } 993 994 void ide_start_dma(IDEState *s, BlockCompletionFunc *cb) 995 { 996 s->io_buffer_index = 0; 997 ide_set_retry(s); 998 if (s->bus->dma->ops->start_dma) { 999 s->bus->dma->ops->start_dma(s->bus->dma, s, cb); 1000 } 1001 } 1002 1003 static void ide_sector_write(IDEState *s); 1004 1005 static void ide_sector_write_timer_cb(void *opaque) 1006 { 1007 IDEState *s = opaque; 1008 ide_set_irq(s->bus); 1009 } 1010 1011 static void ide_sector_write_cb(void *opaque, int ret) 1012 { 1013 IDEState *s = opaque; 1014 int n; 1015 1016 s->pio_aiocb = NULL; 1017 s->status &= ~BUSY_STAT; 1018 1019 if (ret != 0) { 1020 if (ide_handle_rw_error(s, -ret, IDE_RETRY_PIO)) { 1021 return; 1022 } 1023 } 1024 1025 block_acct_done(blk_get_stats(s->blk), &s->acct); 1026 1027 n = s->nsector; 1028 if (n > s->req_nb_sectors) { 1029 n = s->req_nb_sectors; 1030 } 1031 s->nsector -= n; 1032 1033 ide_set_sector(s, ide_get_sector(s) + n); 1034 if (s->nsector == 0) { 1035 /* no more sectors to write */ 1036 ide_transfer_stop(s); 1037 } else { 1038 int n1 = s->nsector; 1039 if (n1 > s->req_nb_sectors) { 1040 n1 = s->req_nb_sectors; 1041 } 1042 ide_transfer_start(s, s->io_buffer, n1 * BDRV_SECTOR_SIZE, 1043 ide_sector_write); 1044 } 1045 1046 if (win2k_install_hack && ((++s->irq_count % 16) == 0)) { 1047 /* It seems there is a bug in the Windows 2000 installer HDD 1048 IDE driver which fills the disk with empty logs when the 1049 IDE write IRQ comes too early. This hack tries to correct 1050 that at the expense of slower write performances. Use this 1051 option _only_ to install Windows 2000. You must disable it 1052 for normal use. */ 1053 timer_mod(s->sector_write_timer, qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL) + 1054 (NANOSECONDS_PER_SECOND / 1000)); 1055 } else { 1056 ide_set_irq(s->bus); 1057 } 1058 } 1059 1060 static void ide_sector_write(IDEState *s) 1061 { 1062 int64_t sector_num; 1063 int n; 1064 1065 s->status = READY_STAT | SEEK_STAT | BUSY_STAT; 1066 sector_num = ide_get_sector(s); 1067 1068 n = s->nsector; 1069 if (n > s->req_nb_sectors) { 1070 n = s->req_nb_sectors; 1071 } 1072 1073 trace_ide_sector_write(sector_num, n); 1074 1075 if (!ide_sect_range_ok(s, sector_num, n)) { 1076 ide_rw_error(s); 1077 block_acct_invalid(blk_get_stats(s->blk), BLOCK_ACCT_WRITE); 1078 return; 1079 } 1080 1081 qemu_iovec_init_buf(&s->qiov, s->io_buffer, n * BDRV_SECTOR_SIZE); 1082 1083 block_acct_start(blk_get_stats(s->blk), &s->acct, 1084 n * BDRV_SECTOR_SIZE, BLOCK_ACCT_WRITE); 1085 s->pio_aiocb = blk_aio_pwritev(s->blk, sector_num << BDRV_SECTOR_BITS, 1086 &s->qiov, 0, ide_sector_write_cb, s); 1087 } 1088 1089 static void ide_flush_cb(void *opaque, int ret) 1090 { 1091 IDEState *s = opaque; 1092 1093 s->pio_aiocb = NULL; 1094 1095 if (ret < 0) { 1096 /* XXX: What sector number to set here? */ 1097 if (ide_handle_rw_error(s, -ret, IDE_RETRY_FLUSH)) { 1098 return; 1099 } 1100 } 1101 1102 if (s->blk) { 1103 block_acct_done(blk_get_stats(s->blk), &s->acct); 1104 } 1105 s->status = READY_STAT | SEEK_STAT; 1106 ide_cmd_done(s); 1107 ide_set_irq(s->bus); 1108 } 1109 1110 static void ide_flush_cache(IDEState *s) 1111 { 1112 if (s->blk == NULL) { 1113 ide_flush_cb(s, 0); 1114 return; 1115 } 1116 1117 s->status |= BUSY_STAT; 1118 ide_set_retry(s); 1119 block_acct_start(blk_get_stats(s->blk), &s->acct, 0, BLOCK_ACCT_FLUSH); 1120 s->pio_aiocb = blk_aio_flush(s->blk, ide_flush_cb, s); 1121 } 1122 1123 static void ide_cfata_metadata_inquiry(IDEState *s) 1124 { 1125 uint16_t *p; 1126 uint32_t spd; 1127 1128 p = (uint16_t *) s->io_buffer; 1129 memset(p, 0, 0x200); 1130 spd = ((s->mdata_size - 1) >> 9) + 1; 1131 1132 put_le16(p + 0, 0x0001); /* Data format revision */ 1133 put_le16(p + 1, 0x0000); /* Media property: silicon */ 1134 put_le16(p + 2, s->media_changed); /* Media status */ 1135 put_le16(p + 3, s->mdata_size & 0xffff); /* Capacity in bytes (low) */ 1136 put_le16(p + 4, s->mdata_size >> 16); /* Capacity in bytes (high) */ 1137 put_le16(p + 5, spd & 0xffff); /* Sectors per device (low) */ 1138 put_le16(p + 6, spd >> 16); /* Sectors per device (high) */ 1139 } 1140 1141 static void ide_cfata_metadata_read(IDEState *s) 1142 { 1143 uint16_t *p; 1144 1145 if (((s->hcyl << 16) | s->lcyl) << 9 > s->mdata_size + 2) { 1146 s->status = ERR_STAT; 1147 s->error = ABRT_ERR; 1148 return; 1149 } 1150 1151 p = (uint16_t *) s->io_buffer; 1152 memset(p, 0, 0x200); 1153 1154 put_le16(p + 0, s->media_changed); /* Media status */ 1155 memcpy(p + 1, s->mdata_storage + (((s->hcyl << 16) | s->lcyl) << 9), 1156 MIN(MIN(s->mdata_size - (((s->hcyl << 16) | s->lcyl) << 9), 1157 s->nsector << 9), 0x200 - 2)); 1158 } 1159 1160 static void ide_cfata_metadata_write(IDEState *s) 1161 { 1162 if (((s->hcyl << 16) | s->lcyl) << 9 > s->mdata_size + 2) { 1163 s->status = ERR_STAT; 1164 s->error = ABRT_ERR; 1165 return; 1166 } 1167 1168 s->media_changed = 0; 1169 1170 memcpy(s->mdata_storage + (((s->hcyl << 16) | s->lcyl) << 9), 1171 s->io_buffer + 2, 1172 MIN(MIN(s->mdata_size - (((s->hcyl << 16) | s->lcyl) << 9), 1173 s->nsector << 9), 0x200 - 2)); 1174 } 1175 1176 /* called when the inserted state of the media has changed */ 1177 static void ide_cd_change_cb(void *opaque, bool load, Error **errp) 1178 { 1179 IDEState *s = opaque; 1180 uint64_t nb_sectors; 1181 1182 s->tray_open = !load; 1183 blk_get_geometry(s->blk, &nb_sectors); 1184 s->nb_sectors = nb_sectors; 1185 1186 /* 1187 * First indicate to the guest that a CD has been removed. That's 1188 * done on the next command the guest sends us. 1189 * 1190 * Then we set UNIT_ATTENTION, by which the guest will 1191 * detect a new CD in the drive. See ide_atapi_cmd() for details. 1192 */ 1193 s->cdrom_changed = 1; 1194 s->events.new_media = true; 1195 s->events.eject_request = false; 1196 ide_set_irq(s->bus); 1197 } 1198 1199 static void ide_cd_eject_request_cb(void *opaque, bool force) 1200 { 1201 IDEState *s = opaque; 1202 1203 s->events.eject_request = true; 1204 if (force) { 1205 s->tray_locked = false; 1206 } 1207 ide_set_irq(s->bus); 1208 } 1209 1210 static void ide_cmd_lba48_transform(IDEState *s, int lba48) 1211 { 1212 s->lba48 = lba48; 1213 1214 /* handle the 'magic' 0 nsector count conversion here. to avoid 1215 * fiddling with the rest of the read logic, we just store the 1216 * full sector count in ->nsector and ignore ->hob_nsector from now 1217 */ 1218 if (!s->lba48) { 1219 if (!s->nsector) 1220 s->nsector = 256; 1221 } else { 1222 if (!s->nsector && !s->hob_nsector) 1223 s->nsector = 65536; 1224 else { 1225 int lo = s->nsector; 1226 int hi = s->hob_nsector; 1227 1228 s->nsector = (hi << 8) | lo; 1229 } 1230 } 1231 } 1232 1233 static void ide_clear_hob(IDEBus *bus) 1234 { 1235 /* any write clears HOB high bit of device control register */ 1236 bus->cmd &= ~(IDE_CTRL_HOB); 1237 } 1238 1239 /* IOport [W]rite [R]egisters */ 1240 enum ATA_IOPORT_WR { 1241 ATA_IOPORT_WR_DATA = 0, 1242 ATA_IOPORT_WR_FEATURES = 1, 1243 ATA_IOPORT_WR_SECTOR_COUNT = 2, 1244 ATA_IOPORT_WR_SECTOR_NUMBER = 3, 1245 ATA_IOPORT_WR_CYLINDER_LOW = 4, 1246 ATA_IOPORT_WR_CYLINDER_HIGH = 5, 1247 ATA_IOPORT_WR_DEVICE_HEAD = 6, 1248 ATA_IOPORT_WR_COMMAND = 7, 1249 ATA_IOPORT_WR_NUM_REGISTERS, 1250 }; 1251 1252 const char *ATA_IOPORT_WR_lookup[ATA_IOPORT_WR_NUM_REGISTERS] = { 1253 [ATA_IOPORT_WR_DATA] = "Data", 1254 [ATA_IOPORT_WR_FEATURES] = "Features", 1255 [ATA_IOPORT_WR_SECTOR_COUNT] = "Sector Count", 1256 [ATA_IOPORT_WR_SECTOR_NUMBER] = "Sector Number", 1257 [ATA_IOPORT_WR_CYLINDER_LOW] = "Cylinder Low", 1258 [ATA_IOPORT_WR_CYLINDER_HIGH] = "Cylinder High", 1259 [ATA_IOPORT_WR_DEVICE_HEAD] = "Device/Head", 1260 [ATA_IOPORT_WR_COMMAND] = "Command" 1261 }; 1262 1263 void ide_ioport_write(void *opaque, uint32_t addr, uint32_t val) 1264 { 1265 IDEBus *bus = opaque; 1266 IDEState *s = idebus_active_if(bus); 1267 int reg_num = addr & 7; 1268 1269 trace_ide_ioport_write(addr, ATA_IOPORT_WR_lookup[reg_num], val, bus, s); 1270 1271 /* ignore writes to command block while busy with previous command */ 1272 if (reg_num != 7 && (s->status & (BUSY_STAT|DRQ_STAT))) { 1273 return; 1274 } 1275 1276 /* NOTE: Device0 and Device1 both receive incoming register writes. 1277 * (They're on the same bus! They have to!) */ 1278 1279 switch (reg_num) { 1280 case 0: 1281 break; 1282 case ATA_IOPORT_WR_FEATURES: 1283 ide_clear_hob(bus); 1284 bus->ifs[0].hob_feature = bus->ifs[0].feature; 1285 bus->ifs[1].hob_feature = bus->ifs[1].feature; 1286 bus->ifs[0].feature = val; 1287 bus->ifs[1].feature = val; 1288 break; 1289 case ATA_IOPORT_WR_SECTOR_COUNT: 1290 ide_clear_hob(bus); 1291 bus->ifs[0].hob_nsector = bus->ifs[0].nsector; 1292 bus->ifs[1].hob_nsector = bus->ifs[1].nsector; 1293 bus->ifs[0].nsector = val; 1294 bus->ifs[1].nsector = val; 1295 break; 1296 case ATA_IOPORT_WR_SECTOR_NUMBER: 1297 ide_clear_hob(bus); 1298 bus->ifs[0].hob_sector = bus->ifs[0].sector; 1299 bus->ifs[1].hob_sector = bus->ifs[1].sector; 1300 bus->ifs[0].sector = val; 1301 bus->ifs[1].sector = val; 1302 break; 1303 case ATA_IOPORT_WR_CYLINDER_LOW: 1304 ide_clear_hob(bus); 1305 bus->ifs[0].hob_lcyl = bus->ifs[0].lcyl; 1306 bus->ifs[1].hob_lcyl = bus->ifs[1].lcyl; 1307 bus->ifs[0].lcyl = val; 1308 bus->ifs[1].lcyl = val; 1309 break; 1310 case ATA_IOPORT_WR_CYLINDER_HIGH: 1311 ide_clear_hob(bus); 1312 bus->ifs[0].hob_hcyl = bus->ifs[0].hcyl; 1313 bus->ifs[1].hob_hcyl = bus->ifs[1].hcyl; 1314 bus->ifs[0].hcyl = val; 1315 bus->ifs[1].hcyl = val; 1316 break; 1317 case ATA_IOPORT_WR_DEVICE_HEAD: 1318 ide_clear_hob(bus); 1319 bus->ifs[0].select = val | (ATA_DEV_ALWAYS_ON); 1320 bus->ifs[1].select = val | (ATA_DEV_ALWAYS_ON); 1321 /* select drive */ 1322 bus->unit = (val & (ATA_DEV_SELECT)) ? 1 : 0; 1323 break; 1324 default: 1325 case ATA_IOPORT_WR_COMMAND: 1326 ide_clear_hob(bus); 1327 qemu_irq_lower(bus->irq); 1328 ide_exec_cmd(bus, val); 1329 break; 1330 } 1331 } 1332 1333 static void ide_reset(IDEState *s) 1334 { 1335 trace_ide_reset(s); 1336 1337 if (s->pio_aiocb) { 1338 blk_aio_cancel(s->pio_aiocb); 1339 s->pio_aiocb = NULL; 1340 } 1341 1342 if (s->drive_kind == IDE_CFATA) 1343 s->mult_sectors = 0; 1344 else 1345 s->mult_sectors = MAX_MULT_SECTORS; 1346 /* ide regs */ 1347 s->feature = 0; 1348 s->error = 0; 1349 s->nsector = 0; 1350 s->sector = 0; 1351 s->lcyl = 0; 1352 s->hcyl = 0; 1353 1354 /* lba48 */ 1355 s->hob_feature = 0; 1356 s->hob_sector = 0; 1357 s->hob_nsector = 0; 1358 s->hob_lcyl = 0; 1359 s->hob_hcyl = 0; 1360 1361 s->select = (ATA_DEV_ALWAYS_ON); 1362 s->status = READY_STAT | SEEK_STAT; 1363 1364 s->lba48 = 0; 1365 1366 /* ATAPI specific */ 1367 s->sense_key = 0; 1368 s->asc = 0; 1369 s->cdrom_changed = 0; 1370 s->packet_transfer_size = 0; 1371 s->elementary_transfer_size = 0; 1372 s->io_buffer_index = 0; 1373 s->cd_sector_size = 0; 1374 s->atapi_dma = 0; 1375 s->tray_locked = 0; 1376 s->tray_open = 0; 1377 /* ATA DMA state */ 1378 s->io_buffer_size = 0; 1379 s->req_nb_sectors = 0; 1380 1381 ide_set_signature(s); 1382 /* init the transfer handler so that 0xffff is returned on data 1383 accesses */ 1384 s->end_transfer_func = ide_dummy_transfer_stop; 1385 ide_dummy_transfer_stop(s); 1386 s->media_changed = 0; 1387 } 1388 1389 static bool cmd_nop(IDEState *s, uint8_t cmd) 1390 { 1391 return true; 1392 } 1393 1394 static bool cmd_device_reset(IDEState *s, uint8_t cmd) 1395 { 1396 /* Halt PIO (in the DRQ phase), then DMA */ 1397 ide_transfer_halt(s); 1398 ide_cancel_dma_sync(s); 1399 1400 /* Reset any PIO commands, reset signature, etc */ 1401 ide_reset(s); 1402 1403 /* RESET: ATA8-ACS3 7.10.4 "Normal Outputs"; 1404 * ATA8-ACS3 Table 184 "Device Signatures for Normal Output" */ 1405 s->status = 0x00; 1406 1407 /* Do not overwrite status register */ 1408 return false; 1409 } 1410 1411 static bool cmd_data_set_management(IDEState *s, uint8_t cmd) 1412 { 1413 switch (s->feature) { 1414 case DSM_TRIM: 1415 if (s->blk) { 1416 ide_sector_start_dma(s, IDE_DMA_TRIM); 1417 return false; 1418 } 1419 break; 1420 } 1421 1422 ide_abort_command(s); 1423 return true; 1424 } 1425 1426 static bool cmd_identify(IDEState *s, uint8_t cmd) 1427 { 1428 if (s->blk && s->drive_kind != IDE_CD) { 1429 if (s->drive_kind != IDE_CFATA) { 1430 ide_identify(s); 1431 } else { 1432 ide_cfata_identify(s); 1433 } 1434 s->status = READY_STAT | SEEK_STAT; 1435 ide_transfer_start(s, s->io_buffer, 512, ide_transfer_stop); 1436 ide_set_irq(s->bus); 1437 return false; 1438 } else { 1439 if (s->drive_kind == IDE_CD) { 1440 ide_set_signature(s); 1441 } 1442 ide_abort_command(s); 1443 } 1444 1445 return true; 1446 } 1447 1448 static bool cmd_verify(IDEState *s, uint8_t cmd) 1449 { 1450 bool lba48 = (cmd == WIN_VERIFY_EXT); 1451 1452 /* do sector number check ? */ 1453 ide_cmd_lba48_transform(s, lba48); 1454 1455 return true; 1456 } 1457 1458 static bool cmd_set_multiple_mode(IDEState *s, uint8_t cmd) 1459 { 1460 if (s->drive_kind == IDE_CFATA && s->nsector == 0) { 1461 /* Disable Read and Write Multiple */ 1462 s->mult_sectors = 0; 1463 } else if ((s->nsector & 0xff) != 0 && 1464 ((s->nsector & 0xff) > MAX_MULT_SECTORS || 1465 (s->nsector & (s->nsector - 1)) != 0)) { 1466 ide_abort_command(s); 1467 } else { 1468 s->mult_sectors = s->nsector & 0xff; 1469 } 1470 1471 return true; 1472 } 1473 1474 static bool cmd_read_multiple(IDEState *s, uint8_t cmd) 1475 { 1476 bool lba48 = (cmd == WIN_MULTREAD_EXT); 1477 1478 if (!s->blk || !s->mult_sectors) { 1479 ide_abort_command(s); 1480 return true; 1481 } 1482 1483 ide_cmd_lba48_transform(s, lba48); 1484 s->req_nb_sectors = s->mult_sectors; 1485 ide_sector_read(s); 1486 return false; 1487 } 1488 1489 static bool cmd_write_multiple(IDEState *s, uint8_t cmd) 1490 { 1491 bool lba48 = (cmd == WIN_MULTWRITE_EXT); 1492 int n; 1493 1494 if (!s->blk || !s->mult_sectors) { 1495 ide_abort_command(s); 1496 return true; 1497 } 1498 1499 ide_cmd_lba48_transform(s, lba48); 1500 1501 s->req_nb_sectors = s->mult_sectors; 1502 n = MIN(s->nsector, s->req_nb_sectors); 1503 1504 s->status = SEEK_STAT | READY_STAT; 1505 ide_transfer_start(s, s->io_buffer, 512 * n, ide_sector_write); 1506 1507 s->media_changed = 1; 1508 1509 return false; 1510 } 1511 1512 static bool cmd_read_pio(IDEState *s, uint8_t cmd) 1513 { 1514 bool lba48 = (cmd == WIN_READ_EXT); 1515 1516 if (s->drive_kind == IDE_CD) { 1517 ide_set_signature(s); /* odd, but ATA4 8.27.5.2 requires it */ 1518 ide_abort_command(s); 1519 return true; 1520 } 1521 1522 if (!s->blk) { 1523 ide_abort_command(s); 1524 return true; 1525 } 1526 1527 ide_cmd_lba48_transform(s, lba48); 1528 s->req_nb_sectors = 1; 1529 ide_sector_read(s); 1530 1531 return false; 1532 } 1533 1534 static bool cmd_write_pio(IDEState *s, uint8_t cmd) 1535 { 1536 bool lba48 = (cmd == WIN_WRITE_EXT); 1537 1538 if (!s->blk) { 1539 ide_abort_command(s); 1540 return true; 1541 } 1542 1543 ide_cmd_lba48_transform(s, lba48); 1544 1545 s->req_nb_sectors = 1; 1546 s->status = SEEK_STAT | READY_STAT; 1547 ide_transfer_start(s, s->io_buffer, 512, ide_sector_write); 1548 1549 s->media_changed = 1; 1550 1551 return false; 1552 } 1553 1554 static bool cmd_read_dma(IDEState *s, uint8_t cmd) 1555 { 1556 bool lba48 = (cmd == WIN_READDMA_EXT); 1557 1558 if (!s->blk) { 1559 ide_abort_command(s); 1560 return true; 1561 } 1562 1563 ide_cmd_lba48_transform(s, lba48); 1564 ide_sector_start_dma(s, IDE_DMA_READ); 1565 1566 return false; 1567 } 1568 1569 static bool cmd_write_dma(IDEState *s, uint8_t cmd) 1570 { 1571 bool lba48 = (cmd == WIN_WRITEDMA_EXT); 1572 1573 if (!s->blk) { 1574 ide_abort_command(s); 1575 return true; 1576 } 1577 1578 ide_cmd_lba48_transform(s, lba48); 1579 ide_sector_start_dma(s, IDE_DMA_WRITE); 1580 1581 s->media_changed = 1; 1582 1583 return false; 1584 } 1585 1586 static bool cmd_flush_cache(IDEState *s, uint8_t cmd) 1587 { 1588 ide_flush_cache(s); 1589 return false; 1590 } 1591 1592 static bool cmd_seek(IDEState *s, uint8_t cmd) 1593 { 1594 /* XXX: Check that seek is within bounds */ 1595 return true; 1596 } 1597 1598 static bool cmd_read_native_max(IDEState *s, uint8_t cmd) 1599 { 1600 bool lba48 = (cmd == WIN_READ_NATIVE_MAX_EXT); 1601 1602 /* Refuse if no sectors are addressable (e.g. medium not inserted) */ 1603 if (s->nb_sectors == 0) { 1604 ide_abort_command(s); 1605 return true; 1606 } 1607 1608 ide_cmd_lba48_transform(s, lba48); 1609 ide_set_sector(s, s->nb_sectors - 1); 1610 1611 return true; 1612 } 1613 1614 static bool cmd_check_power_mode(IDEState *s, uint8_t cmd) 1615 { 1616 s->nsector = 0xff; /* device active or idle */ 1617 return true; 1618 } 1619 1620 static bool cmd_set_features(IDEState *s, uint8_t cmd) 1621 { 1622 uint16_t *identify_data; 1623 1624 if (!s->blk) { 1625 ide_abort_command(s); 1626 return true; 1627 } 1628 1629 /* XXX: valid for CDROM ? */ 1630 switch (s->feature) { 1631 case 0x02: /* write cache enable */ 1632 blk_set_enable_write_cache(s->blk, true); 1633 identify_data = (uint16_t *)s->identify_data; 1634 put_le16(identify_data + 85, (1 << 14) | (1 << 5) | 1); 1635 return true; 1636 case 0x82: /* write cache disable */ 1637 blk_set_enable_write_cache(s->blk, false); 1638 identify_data = (uint16_t *)s->identify_data; 1639 put_le16(identify_data + 85, (1 << 14) | 1); 1640 ide_flush_cache(s); 1641 return false; 1642 case 0xcc: /* reverting to power-on defaults enable */ 1643 case 0x66: /* reverting to power-on defaults disable */ 1644 case 0xaa: /* read look-ahead enable */ 1645 case 0x55: /* read look-ahead disable */ 1646 case 0x05: /* set advanced power management mode */ 1647 case 0x85: /* disable advanced power management mode */ 1648 case 0x69: /* NOP */ 1649 case 0x67: /* NOP */ 1650 case 0x96: /* NOP */ 1651 case 0x9a: /* NOP */ 1652 case 0x42: /* enable Automatic Acoustic Mode */ 1653 case 0xc2: /* disable Automatic Acoustic Mode */ 1654 return true; 1655 case 0x03: /* set transfer mode */ 1656 { 1657 uint8_t val = s->nsector & 0x07; 1658 identify_data = (uint16_t *)s->identify_data; 1659 1660 switch (s->nsector >> 3) { 1661 case 0x00: /* pio default */ 1662 case 0x01: /* pio mode */ 1663 put_le16(identify_data + 62, 0x07); 1664 put_le16(identify_data + 63, 0x07); 1665 put_le16(identify_data + 88, 0x3f); 1666 break; 1667 case 0x02: /* sigle word dma mode*/ 1668 put_le16(identify_data + 62, 0x07 | (1 << (val + 8))); 1669 put_le16(identify_data + 63, 0x07); 1670 put_le16(identify_data + 88, 0x3f); 1671 break; 1672 case 0x04: /* mdma mode */ 1673 put_le16(identify_data + 62, 0x07); 1674 put_le16(identify_data + 63, 0x07 | (1 << (val + 8))); 1675 put_le16(identify_data + 88, 0x3f); 1676 break; 1677 case 0x08: /* udma mode */ 1678 put_le16(identify_data + 62, 0x07); 1679 put_le16(identify_data + 63, 0x07); 1680 put_le16(identify_data + 88, 0x3f | (1 << (val + 8))); 1681 break; 1682 default: 1683 goto abort_cmd; 1684 } 1685 return true; 1686 } 1687 } 1688 1689 abort_cmd: 1690 ide_abort_command(s); 1691 return true; 1692 } 1693 1694 1695 /*** ATAPI commands ***/ 1696 1697 static bool cmd_identify_packet(IDEState *s, uint8_t cmd) 1698 { 1699 ide_atapi_identify(s); 1700 s->status = READY_STAT | SEEK_STAT; 1701 ide_transfer_start(s, s->io_buffer, 512, ide_transfer_stop); 1702 ide_set_irq(s->bus); 1703 return false; 1704 } 1705 1706 static bool cmd_exec_dev_diagnostic(IDEState *s, uint8_t cmd) 1707 { 1708 ide_set_signature(s); 1709 1710 if (s->drive_kind == IDE_CD) { 1711 s->status = 0; /* ATAPI spec (v6) section 9.10 defines packet 1712 * devices to return a clear status register 1713 * with READY_STAT *not* set. */ 1714 s->error = 0x01; 1715 } else { 1716 s->status = READY_STAT | SEEK_STAT; 1717 /* The bits of the error register are not as usual for this command! 1718 * They are part of the regular output (this is why ERR_STAT isn't set) 1719 * Device 0 passed, Device 1 passed or not present. */ 1720 s->error = 0x01; 1721 ide_set_irq(s->bus); 1722 } 1723 1724 return false; 1725 } 1726 1727 static bool cmd_packet(IDEState *s, uint8_t cmd) 1728 { 1729 /* overlapping commands not supported */ 1730 if (s->feature & 0x02) { 1731 ide_abort_command(s); 1732 return true; 1733 } 1734 1735 s->status = READY_STAT | SEEK_STAT; 1736 s->atapi_dma = s->feature & 1; 1737 if (s->atapi_dma) { 1738 s->dma_cmd = IDE_DMA_ATAPI; 1739 } 1740 s->nsector = 1; 1741 ide_transfer_start(s, s->io_buffer, ATAPI_PACKET_SIZE, 1742 ide_atapi_cmd); 1743 return false; 1744 } 1745 1746 1747 /*** CF-ATA commands ***/ 1748 1749 static bool cmd_cfa_req_ext_error_code(IDEState *s, uint8_t cmd) 1750 { 1751 s->error = 0x09; /* miscellaneous error */ 1752 s->status = READY_STAT | SEEK_STAT; 1753 ide_set_irq(s->bus); 1754 1755 return false; 1756 } 1757 1758 static bool cmd_cfa_erase_sectors(IDEState *s, uint8_t cmd) 1759 { 1760 /* WIN_SECURITY_FREEZE_LOCK has the same ID as CFA_WEAR_LEVEL and is 1761 * required for Windows 8 to work with AHCI */ 1762 1763 if (cmd == CFA_WEAR_LEVEL) { 1764 s->nsector = 0; 1765 } 1766 1767 if (cmd == CFA_ERASE_SECTORS) { 1768 s->media_changed = 1; 1769 } 1770 1771 return true; 1772 } 1773 1774 static bool cmd_cfa_translate_sector(IDEState *s, uint8_t cmd) 1775 { 1776 s->status = READY_STAT | SEEK_STAT; 1777 1778 memset(s->io_buffer, 0, 0x200); 1779 s->io_buffer[0x00] = s->hcyl; /* Cyl MSB */ 1780 s->io_buffer[0x01] = s->lcyl; /* Cyl LSB */ 1781 s->io_buffer[0x02] = s->select; /* Head */ 1782 s->io_buffer[0x03] = s->sector; /* Sector */ 1783 s->io_buffer[0x04] = ide_get_sector(s) >> 16; /* LBA MSB */ 1784 s->io_buffer[0x05] = ide_get_sector(s) >> 8; /* LBA */ 1785 s->io_buffer[0x06] = ide_get_sector(s) >> 0; /* LBA LSB */ 1786 s->io_buffer[0x13] = 0x00; /* Erase flag */ 1787 s->io_buffer[0x18] = 0x00; /* Hot count */ 1788 s->io_buffer[0x19] = 0x00; /* Hot count */ 1789 s->io_buffer[0x1a] = 0x01; /* Hot count */ 1790 1791 ide_transfer_start(s, s->io_buffer, 0x200, ide_transfer_stop); 1792 ide_set_irq(s->bus); 1793 1794 return false; 1795 } 1796 1797 static bool cmd_cfa_access_metadata_storage(IDEState *s, uint8_t cmd) 1798 { 1799 switch (s->feature) { 1800 case 0x02: /* Inquiry Metadata Storage */ 1801 ide_cfata_metadata_inquiry(s); 1802 break; 1803 case 0x03: /* Read Metadata Storage */ 1804 ide_cfata_metadata_read(s); 1805 break; 1806 case 0x04: /* Write Metadata Storage */ 1807 ide_cfata_metadata_write(s); 1808 break; 1809 default: 1810 ide_abort_command(s); 1811 return true; 1812 } 1813 1814 ide_transfer_start(s, s->io_buffer, 0x200, ide_transfer_stop); 1815 s->status = 0x00; /* NOTE: READY is _not_ set */ 1816 ide_set_irq(s->bus); 1817 1818 return false; 1819 } 1820 1821 static bool cmd_ibm_sense_condition(IDEState *s, uint8_t cmd) 1822 { 1823 switch (s->feature) { 1824 case 0x01: /* sense temperature in device */ 1825 s->nsector = 0x50; /* +20 C */ 1826 break; 1827 default: 1828 ide_abort_command(s); 1829 return true; 1830 } 1831 1832 return true; 1833 } 1834 1835 1836 /*** SMART commands ***/ 1837 1838 static bool cmd_smart(IDEState *s, uint8_t cmd) 1839 { 1840 int n; 1841 1842 if (s->hcyl != 0xc2 || s->lcyl != 0x4f) { 1843 goto abort_cmd; 1844 } 1845 1846 if (!s->smart_enabled && s->feature != SMART_ENABLE) { 1847 goto abort_cmd; 1848 } 1849 1850 switch (s->feature) { 1851 case SMART_DISABLE: 1852 s->smart_enabled = 0; 1853 return true; 1854 1855 case SMART_ENABLE: 1856 s->smart_enabled = 1; 1857 return true; 1858 1859 case SMART_ATTR_AUTOSAVE: 1860 switch (s->sector) { 1861 case 0x00: 1862 s->smart_autosave = 0; 1863 break; 1864 case 0xf1: 1865 s->smart_autosave = 1; 1866 break; 1867 default: 1868 goto abort_cmd; 1869 } 1870 return true; 1871 1872 case SMART_STATUS: 1873 if (!s->smart_errors) { 1874 s->hcyl = 0xc2; 1875 s->lcyl = 0x4f; 1876 } else { 1877 s->hcyl = 0x2c; 1878 s->lcyl = 0xf4; 1879 } 1880 return true; 1881 1882 case SMART_READ_THRESH: 1883 memset(s->io_buffer, 0, 0x200); 1884 s->io_buffer[0] = 0x01; /* smart struct version */ 1885 1886 for (n = 0; n < ARRAY_SIZE(smart_attributes); n++) { 1887 s->io_buffer[2 + 0 + (n * 12)] = smart_attributes[n][0]; 1888 s->io_buffer[2 + 1 + (n * 12)] = smart_attributes[n][11]; 1889 } 1890 1891 /* checksum */ 1892 for (n = 0; n < 511; n++) { 1893 s->io_buffer[511] += s->io_buffer[n]; 1894 } 1895 s->io_buffer[511] = 0x100 - s->io_buffer[511]; 1896 1897 s->status = READY_STAT | SEEK_STAT; 1898 ide_transfer_start(s, s->io_buffer, 0x200, ide_transfer_stop); 1899 ide_set_irq(s->bus); 1900 return false; 1901 1902 case SMART_READ_DATA: 1903 memset(s->io_buffer, 0, 0x200); 1904 s->io_buffer[0] = 0x01; /* smart struct version */ 1905 1906 for (n = 0; n < ARRAY_SIZE(smart_attributes); n++) { 1907 int i; 1908 for (i = 0; i < 11; i++) { 1909 s->io_buffer[2 + i + (n * 12)] = smart_attributes[n][i]; 1910 } 1911 } 1912 1913 s->io_buffer[362] = 0x02 | (s->smart_autosave ? 0x80 : 0x00); 1914 if (s->smart_selftest_count == 0) { 1915 s->io_buffer[363] = 0; 1916 } else { 1917 s->io_buffer[363] = 1918 s->smart_selftest_data[3 + 1919 (s->smart_selftest_count - 1) * 1920 24]; 1921 } 1922 s->io_buffer[364] = 0x20; 1923 s->io_buffer[365] = 0x01; 1924 /* offline data collection capacity: execute + self-test*/ 1925 s->io_buffer[367] = (1 << 4 | 1 << 3 | 1); 1926 s->io_buffer[368] = 0x03; /* smart capability (1) */ 1927 s->io_buffer[369] = 0x00; /* smart capability (2) */ 1928 s->io_buffer[370] = 0x01; /* error logging supported */ 1929 s->io_buffer[372] = 0x02; /* minutes for poll short test */ 1930 s->io_buffer[373] = 0x36; /* minutes for poll ext test */ 1931 s->io_buffer[374] = 0x01; /* minutes for poll conveyance */ 1932 1933 for (n = 0; n < 511; n++) { 1934 s->io_buffer[511] += s->io_buffer[n]; 1935 } 1936 s->io_buffer[511] = 0x100 - s->io_buffer[511]; 1937 1938 s->status = READY_STAT | SEEK_STAT; 1939 ide_transfer_start(s, s->io_buffer, 0x200, ide_transfer_stop); 1940 ide_set_irq(s->bus); 1941 return false; 1942 1943 case SMART_READ_LOG: 1944 switch (s->sector) { 1945 case 0x01: /* summary smart error log */ 1946 memset(s->io_buffer, 0, 0x200); 1947 s->io_buffer[0] = 0x01; 1948 s->io_buffer[1] = 0x00; /* no error entries */ 1949 s->io_buffer[452] = s->smart_errors & 0xff; 1950 s->io_buffer[453] = (s->smart_errors & 0xff00) >> 8; 1951 1952 for (n = 0; n < 511; n++) { 1953 s->io_buffer[511] += s->io_buffer[n]; 1954 } 1955 s->io_buffer[511] = 0x100 - s->io_buffer[511]; 1956 break; 1957 case 0x06: /* smart self test log */ 1958 memset(s->io_buffer, 0, 0x200); 1959 s->io_buffer[0] = 0x01; 1960 if (s->smart_selftest_count == 0) { 1961 s->io_buffer[508] = 0; 1962 } else { 1963 s->io_buffer[508] = s->smart_selftest_count; 1964 for (n = 2; n < 506; n++) { 1965 s->io_buffer[n] = s->smart_selftest_data[n]; 1966 } 1967 } 1968 1969 for (n = 0; n < 511; n++) { 1970 s->io_buffer[511] += s->io_buffer[n]; 1971 } 1972 s->io_buffer[511] = 0x100 - s->io_buffer[511]; 1973 break; 1974 default: 1975 goto abort_cmd; 1976 } 1977 s->status = READY_STAT | SEEK_STAT; 1978 ide_transfer_start(s, s->io_buffer, 0x200, ide_transfer_stop); 1979 ide_set_irq(s->bus); 1980 return false; 1981 1982 case SMART_EXECUTE_OFFLINE: 1983 switch (s->sector) { 1984 case 0: /* off-line routine */ 1985 case 1: /* short self test */ 1986 case 2: /* extended self test */ 1987 s->smart_selftest_count++; 1988 if (s->smart_selftest_count > 21) { 1989 s->smart_selftest_count = 1; 1990 } 1991 n = 2 + (s->smart_selftest_count - 1) * 24; 1992 s->smart_selftest_data[n] = s->sector; 1993 s->smart_selftest_data[n + 1] = 0x00; /* OK and finished */ 1994 s->smart_selftest_data[n + 2] = 0x34; /* hour count lsb */ 1995 s->smart_selftest_data[n + 3] = 0x12; /* hour count msb */ 1996 break; 1997 default: 1998 goto abort_cmd; 1999 } 2000 return true; 2001 } 2002 2003 abort_cmd: 2004 ide_abort_command(s); 2005 return true; 2006 } 2007 2008 #define HD_OK (1u << IDE_HD) 2009 #define CD_OK (1u << IDE_CD) 2010 #define CFA_OK (1u << IDE_CFATA) 2011 #define HD_CFA_OK (HD_OK | CFA_OK) 2012 #define ALL_OK (HD_OK | CD_OK | CFA_OK) 2013 2014 /* Set the Disk Seek Completed status bit during completion */ 2015 #define SET_DSC (1u << 8) 2016 2017 /* See ACS-2 T13/2015-D Table B.2 Command codes */ 2018 static const struct { 2019 /* Returns true if the completion code should be run */ 2020 bool (*handler)(IDEState *s, uint8_t cmd); 2021 int flags; 2022 } ide_cmd_table[0x100] = { 2023 /* NOP not implemented, mandatory for CD */ 2024 [CFA_REQ_EXT_ERROR_CODE] = { cmd_cfa_req_ext_error_code, CFA_OK }, 2025 [WIN_DSM] = { cmd_data_set_management, HD_CFA_OK }, 2026 [WIN_DEVICE_RESET] = { cmd_device_reset, CD_OK }, 2027 [WIN_RECAL] = { cmd_nop, HD_CFA_OK | SET_DSC}, 2028 [WIN_READ] = { cmd_read_pio, ALL_OK }, 2029 [WIN_READ_ONCE] = { cmd_read_pio, HD_CFA_OK }, 2030 [WIN_READ_EXT] = { cmd_read_pio, HD_CFA_OK }, 2031 [WIN_READDMA_EXT] = { cmd_read_dma, HD_CFA_OK }, 2032 [WIN_READ_NATIVE_MAX_EXT] = { cmd_read_native_max, HD_CFA_OK | SET_DSC }, 2033 [WIN_MULTREAD_EXT] = { cmd_read_multiple, HD_CFA_OK }, 2034 [WIN_WRITE] = { cmd_write_pio, HD_CFA_OK }, 2035 [WIN_WRITE_ONCE] = { cmd_write_pio, HD_CFA_OK }, 2036 [WIN_WRITE_EXT] = { cmd_write_pio, HD_CFA_OK }, 2037 [WIN_WRITEDMA_EXT] = { cmd_write_dma, HD_CFA_OK }, 2038 [CFA_WRITE_SECT_WO_ERASE] = { cmd_write_pio, CFA_OK }, 2039 [WIN_MULTWRITE_EXT] = { cmd_write_multiple, HD_CFA_OK }, 2040 [WIN_WRITE_VERIFY] = { cmd_write_pio, HD_CFA_OK }, 2041 [WIN_VERIFY] = { cmd_verify, HD_CFA_OK | SET_DSC }, 2042 [WIN_VERIFY_ONCE] = { cmd_verify, HD_CFA_OK | SET_DSC }, 2043 [WIN_VERIFY_EXT] = { cmd_verify, HD_CFA_OK | SET_DSC }, 2044 [WIN_SEEK] = { cmd_seek, HD_CFA_OK | SET_DSC }, 2045 [CFA_TRANSLATE_SECTOR] = { cmd_cfa_translate_sector, CFA_OK }, 2046 [WIN_DIAGNOSE] = { cmd_exec_dev_diagnostic, ALL_OK }, 2047 [WIN_SPECIFY] = { cmd_nop, HD_CFA_OK | SET_DSC }, 2048 [WIN_STANDBYNOW2] = { cmd_nop, HD_CFA_OK }, 2049 [WIN_IDLEIMMEDIATE2] = { cmd_nop, HD_CFA_OK }, 2050 [WIN_STANDBY2] = { cmd_nop, HD_CFA_OK }, 2051 [WIN_SETIDLE2] = { cmd_nop, HD_CFA_OK }, 2052 [WIN_CHECKPOWERMODE2] = { cmd_check_power_mode, HD_CFA_OK | SET_DSC }, 2053 [WIN_SLEEPNOW2] = { cmd_nop, HD_CFA_OK }, 2054 [WIN_PACKETCMD] = { cmd_packet, CD_OK }, 2055 [WIN_PIDENTIFY] = { cmd_identify_packet, CD_OK }, 2056 [WIN_SMART] = { cmd_smart, HD_CFA_OK | SET_DSC }, 2057 [CFA_ACCESS_METADATA_STORAGE] = { cmd_cfa_access_metadata_storage, CFA_OK }, 2058 [CFA_ERASE_SECTORS] = { cmd_cfa_erase_sectors, CFA_OK | SET_DSC }, 2059 [WIN_MULTREAD] = { cmd_read_multiple, HD_CFA_OK }, 2060 [WIN_MULTWRITE] = { cmd_write_multiple, HD_CFA_OK }, 2061 [WIN_SETMULT] = { cmd_set_multiple_mode, HD_CFA_OK | SET_DSC }, 2062 [WIN_READDMA] = { cmd_read_dma, HD_CFA_OK }, 2063 [WIN_READDMA_ONCE] = { cmd_read_dma, HD_CFA_OK }, 2064 [WIN_WRITEDMA] = { cmd_write_dma, HD_CFA_OK }, 2065 [WIN_WRITEDMA_ONCE] = { cmd_write_dma, HD_CFA_OK }, 2066 [CFA_WRITE_MULTI_WO_ERASE] = { cmd_write_multiple, CFA_OK }, 2067 [WIN_STANDBYNOW1] = { cmd_nop, HD_CFA_OK }, 2068 [WIN_IDLEIMMEDIATE] = { cmd_nop, HD_CFA_OK }, 2069 [WIN_STANDBY] = { cmd_nop, HD_CFA_OK }, 2070 [WIN_SETIDLE1] = { cmd_nop, HD_CFA_OK }, 2071 [WIN_CHECKPOWERMODE1] = { cmd_check_power_mode, HD_CFA_OK | SET_DSC }, 2072 [WIN_SLEEPNOW1] = { cmd_nop, HD_CFA_OK }, 2073 [WIN_FLUSH_CACHE] = { cmd_flush_cache, ALL_OK }, 2074 [WIN_FLUSH_CACHE_EXT] = { cmd_flush_cache, HD_CFA_OK }, 2075 [WIN_IDENTIFY] = { cmd_identify, ALL_OK }, 2076 [WIN_SETFEATURES] = { cmd_set_features, ALL_OK | SET_DSC }, 2077 [IBM_SENSE_CONDITION] = { cmd_ibm_sense_condition, CFA_OK | SET_DSC }, 2078 [CFA_WEAR_LEVEL] = { cmd_cfa_erase_sectors, HD_CFA_OK | SET_DSC }, 2079 [WIN_READ_NATIVE_MAX] = { cmd_read_native_max, HD_CFA_OK | SET_DSC }, 2080 }; 2081 2082 static bool ide_cmd_permitted(IDEState *s, uint32_t cmd) 2083 { 2084 return cmd < ARRAY_SIZE(ide_cmd_table) 2085 && (ide_cmd_table[cmd].flags & (1u << s->drive_kind)); 2086 } 2087 2088 void ide_exec_cmd(IDEBus *bus, uint32_t val) 2089 { 2090 IDEState *s; 2091 bool complete; 2092 2093 s = idebus_active_if(bus); 2094 trace_ide_exec_cmd(bus, s, val); 2095 2096 /* ignore commands to non existent slave */ 2097 if (s != bus->ifs && !s->blk) { 2098 return; 2099 } 2100 2101 /* Only RESET is allowed while BSY and/or DRQ are set, 2102 * and only to ATAPI devices. */ 2103 if (s->status & (BUSY_STAT|DRQ_STAT)) { 2104 if (val != WIN_DEVICE_RESET || s->drive_kind != IDE_CD) { 2105 return; 2106 } 2107 } 2108 2109 if (!ide_cmd_permitted(s, val)) { 2110 ide_abort_command(s); 2111 ide_set_irq(s->bus); 2112 return; 2113 } 2114 2115 s->status = READY_STAT | BUSY_STAT; 2116 s->error = 0; 2117 s->io_buffer_offset = 0; 2118 2119 complete = ide_cmd_table[val].handler(s, val); 2120 if (complete) { 2121 s->status &= ~BUSY_STAT; 2122 assert(!!s->error == !!(s->status & ERR_STAT)); 2123 2124 if ((ide_cmd_table[val].flags & SET_DSC) && !s->error) { 2125 s->status |= SEEK_STAT; 2126 } 2127 2128 ide_cmd_done(s); 2129 ide_set_irq(s->bus); 2130 } 2131 } 2132 2133 /* IOport [R]ead [R]egisters */ 2134 enum ATA_IOPORT_RR { 2135 ATA_IOPORT_RR_DATA = 0, 2136 ATA_IOPORT_RR_ERROR = 1, 2137 ATA_IOPORT_RR_SECTOR_COUNT = 2, 2138 ATA_IOPORT_RR_SECTOR_NUMBER = 3, 2139 ATA_IOPORT_RR_CYLINDER_LOW = 4, 2140 ATA_IOPORT_RR_CYLINDER_HIGH = 5, 2141 ATA_IOPORT_RR_DEVICE_HEAD = 6, 2142 ATA_IOPORT_RR_STATUS = 7, 2143 ATA_IOPORT_RR_NUM_REGISTERS, 2144 }; 2145 2146 const char *ATA_IOPORT_RR_lookup[ATA_IOPORT_RR_NUM_REGISTERS] = { 2147 [ATA_IOPORT_RR_DATA] = "Data", 2148 [ATA_IOPORT_RR_ERROR] = "Error", 2149 [ATA_IOPORT_RR_SECTOR_COUNT] = "Sector Count", 2150 [ATA_IOPORT_RR_SECTOR_NUMBER] = "Sector Number", 2151 [ATA_IOPORT_RR_CYLINDER_LOW] = "Cylinder Low", 2152 [ATA_IOPORT_RR_CYLINDER_HIGH] = "Cylinder High", 2153 [ATA_IOPORT_RR_DEVICE_HEAD] = "Device/Head", 2154 [ATA_IOPORT_RR_STATUS] = "Status" 2155 }; 2156 2157 uint32_t ide_ioport_read(void *opaque, uint32_t addr) 2158 { 2159 IDEBus *bus = opaque; 2160 IDEState *s = idebus_active_if(bus); 2161 uint32_t reg_num; 2162 int ret, hob; 2163 2164 reg_num = addr & 7; 2165 hob = bus->cmd & (IDE_CTRL_HOB); 2166 switch (reg_num) { 2167 case ATA_IOPORT_RR_DATA: 2168 ret = 0xff; 2169 break; 2170 case ATA_IOPORT_RR_ERROR: 2171 if ((!bus->ifs[0].blk && !bus->ifs[1].blk) || 2172 (s != bus->ifs && !s->blk)) { 2173 ret = 0; 2174 } else if (!hob) { 2175 ret = s->error; 2176 } else { 2177 ret = s->hob_feature; 2178 } 2179 break; 2180 case ATA_IOPORT_RR_SECTOR_COUNT: 2181 if (!bus->ifs[0].blk && !bus->ifs[1].blk) { 2182 ret = 0; 2183 } else if (!hob) { 2184 ret = s->nsector & 0xff; 2185 } else { 2186 ret = s->hob_nsector; 2187 } 2188 break; 2189 case ATA_IOPORT_RR_SECTOR_NUMBER: 2190 if (!bus->ifs[0].blk && !bus->ifs[1].blk) { 2191 ret = 0; 2192 } else if (!hob) { 2193 ret = s->sector; 2194 } else { 2195 ret = s->hob_sector; 2196 } 2197 break; 2198 case ATA_IOPORT_RR_CYLINDER_LOW: 2199 if (!bus->ifs[0].blk && !bus->ifs[1].blk) { 2200 ret = 0; 2201 } else if (!hob) { 2202 ret = s->lcyl; 2203 } else { 2204 ret = s->hob_lcyl; 2205 } 2206 break; 2207 case ATA_IOPORT_RR_CYLINDER_HIGH: 2208 if (!bus->ifs[0].blk && !bus->ifs[1].blk) { 2209 ret = 0; 2210 } else if (!hob) { 2211 ret = s->hcyl; 2212 } else { 2213 ret = s->hob_hcyl; 2214 } 2215 break; 2216 case ATA_IOPORT_RR_DEVICE_HEAD: 2217 if (!bus->ifs[0].blk && !bus->ifs[1].blk) { 2218 ret = 0; 2219 } else { 2220 ret = s->select; 2221 } 2222 break; 2223 default: 2224 case ATA_IOPORT_RR_STATUS: 2225 if ((!bus->ifs[0].blk && !bus->ifs[1].blk) || 2226 (s != bus->ifs && !s->blk)) { 2227 ret = 0; 2228 } else { 2229 ret = s->status; 2230 } 2231 qemu_irq_lower(bus->irq); 2232 break; 2233 } 2234 2235 trace_ide_ioport_read(addr, ATA_IOPORT_RR_lookup[reg_num], ret, bus, s); 2236 return ret; 2237 } 2238 2239 uint32_t ide_status_read(void *opaque, uint32_t addr) 2240 { 2241 IDEBus *bus = opaque; 2242 IDEState *s = idebus_active_if(bus); 2243 int ret; 2244 2245 if ((!bus->ifs[0].blk && !bus->ifs[1].blk) || 2246 (s != bus->ifs && !s->blk)) { 2247 ret = 0; 2248 } else { 2249 ret = s->status; 2250 } 2251 2252 trace_ide_status_read(addr, ret, bus, s); 2253 return ret; 2254 } 2255 2256 static void ide_perform_srst(IDEState *s) 2257 { 2258 s->status |= BUSY_STAT; 2259 2260 /* Halt PIO (Via register state); PIO BH remains scheduled. */ 2261 ide_transfer_halt(s); 2262 2263 /* Cancel DMA -- may drain block device and invoke callbacks */ 2264 ide_cancel_dma_sync(s); 2265 2266 /* Cancel PIO callback, reset registers/signature, etc */ 2267 ide_reset(s); 2268 2269 /* perform diagnostic */ 2270 cmd_exec_dev_diagnostic(s, WIN_DIAGNOSE); 2271 } 2272 2273 static void ide_bus_perform_srst(void *opaque) 2274 { 2275 IDEBus *bus = opaque; 2276 IDEState *s; 2277 int i; 2278 2279 for (i = 0; i < 2; i++) { 2280 s = &bus->ifs[i]; 2281 ide_perform_srst(s); 2282 } 2283 2284 bus->cmd &= ~IDE_CTRL_RESET; 2285 } 2286 2287 void ide_ctrl_write(void *opaque, uint32_t addr, uint32_t val) 2288 { 2289 IDEBus *bus = opaque; 2290 IDEState *s; 2291 int i; 2292 2293 trace_ide_ctrl_write(addr, val, bus); 2294 2295 /* Device0 and Device1 each have their own control register, 2296 * but QEMU models it as just one register in the controller. */ 2297 if (!(bus->cmd & IDE_CTRL_RESET) && (val & IDE_CTRL_RESET)) { 2298 for (i = 0; i < 2; i++) { 2299 s = &bus->ifs[i]; 2300 s->status |= BUSY_STAT; 2301 } 2302 replay_bh_schedule_oneshot_event(qemu_get_aio_context(), 2303 ide_bus_perform_srst, bus); 2304 } 2305 2306 bus->cmd = val; 2307 } 2308 2309 /* 2310 * Returns true if the running PIO transfer is a PIO out (i.e. data is 2311 * transferred from the device to the guest), false if it's a PIO in 2312 */ 2313 static bool ide_is_pio_out(IDEState *s) 2314 { 2315 if (s->end_transfer_func == ide_sector_write || 2316 s->end_transfer_func == ide_atapi_cmd) { 2317 return false; 2318 } else if (s->end_transfer_func == ide_sector_read || 2319 s->end_transfer_func == ide_transfer_stop || 2320 s->end_transfer_func == ide_atapi_cmd_reply_end || 2321 s->end_transfer_func == ide_dummy_transfer_stop) { 2322 return true; 2323 } 2324 2325 abort(); 2326 } 2327 2328 void ide_data_writew(void *opaque, uint32_t addr, uint32_t val) 2329 { 2330 IDEBus *bus = opaque; 2331 IDEState *s = idebus_active_if(bus); 2332 uint8_t *p; 2333 2334 trace_ide_data_writew(addr, val, bus, s); 2335 2336 /* PIO data access allowed only when DRQ bit is set. The result of a write 2337 * during PIO out is indeterminate, just ignore it. */ 2338 if (!(s->status & DRQ_STAT) || ide_is_pio_out(s)) { 2339 return; 2340 } 2341 2342 p = s->data_ptr; 2343 if (p + 2 > s->data_end) { 2344 return; 2345 } 2346 2347 *(uint16_t *)p = le16_to_cpu(val); 2348 p += 2; 2349 s->data_ptr = p; 2350 if (p >= s->data_end) { 2351 s->status &= ~DRQ_STAT; 2352 s->end_transfer_func(s); 2353 } 2354 } 2355 2356 uint32_t ide_data_readw(void *opaque, uint32_t addr) 2357 { 2358 IDEBus *bus = opaque; 2359 IDEState *s = idebus_active_if(bus); 2360 uint8_t *p; 2361 int ret; 2362 2363 /* PIO data access allowed only when DRQ bit is set. The result of a read 2364 * during PIO in is indeterminate, return 0 and don't move forward. */ 2365 if (!(s->status & DRQ_STAT) || !ide_is_pio_out(s)) { 2366 return 0; 2367 } 2368 2369 p = s->data_ptr; 2370 if (p + 2 > s->data_end) { 2371 return 0; 2372 } 2373 2374 ret = cpu_to_le16(*(uint16_t *)p); 2375 p += 2; 2376 s->data_ptr = p; 2377 if (p >= s->data_end) { 2378 s->status &= ~DRQ_STAT; 2379 s->end_transfer_func(s); 2380 } 2381 2382 trace_ide_data_readw(addr, ret, bus, s); 2383 return ret; 2384 } 2385 2386 void ide_data_writel(void *opaque, uint32_t addr, uint32_t val) 2387 { 2388 IDEBus *bus = opaque; 2389 IDEState *s = idebus_active_if(bus); 2390 uint8_t *p; 2391 2392 trace_ide_data_writel(addr, val, bus, s); 2393 2394 /* PIO data access allowed only when DRQ bit is set. The result of a write 2395 * during PIO out is indeterminate, just ignore it. */ 2396 if (!(s->status & DRQ_STAT) || ide_is_pio_out(s)) { 2397 return; 2398 } 2399 2400 p = s->data_ptr; 2401 if (p + 4 > s->data_end) { 2402 return; 2403 } 2404 2405 *(uint32_t *)p = le32_to_cpu(val); 2406 p += 4; 2407 s->data_ptr = p; 2408 if (p >= s->data_end) { 2409 s->status &= ~DRQ_STAT; 2410 s->end_transfer_func(s); 2411 } 2412 } 2413 2414 uint32_t ide_data_readl(void *opaque, uint32_t addr) 2415 { 2416 IDEBus *bus = opaque; 2417 IDEState *s = idebus_active_if(bus); 2418 uint8_t *p; 2419 int ret; 2420 2421 /* PIO data access allowed only when DRQ bit is set. The result of a read 2422 * during PIO in is indeterminate, return 0 and don't move forward. */ 2423 if (!(s->status & DRQ_STAT) || !ide_is_pio_out(s)) { 2424 ret = 0; 2425 goto out; 2426 } 2427 2428 p = s->data_ptr; 2429 if (p + 4 > s->data_end) { 2430 return 0; 2431 } 2432 2433 ret = cpu_to_le32(*(uint32_t *)p); 2434 p += 4; 2435 s->data_ptr = p; 2436 if (p >= s->data_end) { 2437 s->status &= ~DRQ_STAT; 2438 s->end_transfer_func(s); 2439 } 2440 2441 out: 2442 trace_ide_data_readl(addr, ret, bus, s); 2443 return ret; 2444 } 2445 2446 static void ide_dummy_transfer_stop(IDEState *s) 2447 { 2448 s->data_ptr = s->io_buffer; 2449 s->data_end = s->io_buffer; 2450 s->io_buffer[0] = 0xff; 2451 s->io_buffer[1] = 0xff; 2452 s->io_buffer[2] = 0xff; 2453 s->io_buffer[3] = 0xff; 2454 } 2455 2456 void ide_bus_reset(IDEBus *bus) 2457 { 2458 bus->unit = 0; 2459 bus->cmd = 0; 2460 ide_reset(&bus->ifs[0]); 2461 ide_reset(&bus->ifs[1]); 2462 ide_clear_hob(bus); 2463 2464 /* pending async DMA */ 2465 if (bus->dma->aiocb) { 2466 trace_ide_bus_reset_aio(); 2467 blk_aio_cancel(bus->dma->aiocb); 2468 bus->dma->aiocb = NULL; 2469 } 2470 2471 /* reset dma provider too */ 2472 if (bus->dma->ops->reset) { 2473 bus->dma->ops->reset(bus->dma); 2474 } 2475 } 2476 2477 static bool ide_cd_is_tray_open(void *opaque) 2478 { 2479 return ((IDEState *)opaque)->tray_open; 2480 } 2481 2482 static bool ide_cd_is_medium_locked(void *opaque) 2483 { 2484 return ((IDEState *)opaque)->tray_locked; 2485 } 2486 2487 static void ide_resize_cb(void *opaque) 2488 { 2489 IDEState *s = opaque; 2490 uint64_t nb_sectors; 2491 2492 if (!s->identify_set) { 2493 return; 2494 } 2495 2496 blk_get_geometry(s->blk, &nb_sectors); 2497 s->nb_sectors = nb_sectors; 2498 2499 /* Update the identify data buffer. */ 2500 if (s->drive_kind == IDE_CFATA) { 2501 ide_cfata_identify_size(s); 2502 } else { 2503 /* IDE_CD uses a different set of callbacks entirely. */ 2504 assert(s->drive_kind != IDE_CD); 2505 ide_identify_size(s); 2506 } 2507 } 2508 2509 static const BlockDevOps ide_cd_block_ops = { 2510 .change_media_cb = ide_cd_change_cb, 2511 .eject_request_cb = ide_cd_eject_request_cb, 2512 .is_tray_open = ide_cd_is_tray_open, 2513 .is_medium_locked = ide_cd_is_medium_locked, 2514 }; 2515 2516 static const BlockDevOps ide_hd_block_ops = { 2517 .resize_cb = ide_resize_cb, 2518 }; 2519 2520 int ide_init_drive(IDEState *s, BlockBackend *blk, IDEDriveKind kind, 2521 const char *version, const char *serial, const char *model, 2522 uint64_t wwn, 2523 uint32_t cylinders, uint32_t heads, uint32_t secs, 2524 int chs_trans, Error **errp) 2525 { 2526 uint64_t nb_sectors; 2527 2528 s->blk = blk; 2529 s->drive_kind = kind; 2530 2531 blk_get_geometry(blk, &nb_sectors); 2532 s->cylinders = cylinders; 2533 s->heads = heads; 2534 s->sectors = secs; 2535 s->chs_trans = chs_trans; 2536 s->nb_sectors = nb_sectors; 2537 s->wwn = wwn; 2538 /* The SMART values should be preserved across power cycles 2539 but they aren't. */ 2540 s->smart_enabled = 1; 2541 s->smart_autosave = 1; 2542 s->smart_errors = 0; 2543 s->smart_selftest_count = 0; 2544 if (kind == IDE_CD) { 2545 blk_set_dev_ops(blk, &ide_cd_block_ops, s); 2546 blk_set_guest_block_size(blk, 2048); 2547 } else { 2548 if (!blk_is_inserted(s->blk)) { 2549 error_setg(errp, "Device needs media, but drive is empty"); 2550 return -1; 2551 } 2552 if (!blk_is_writable(blk)) { 2553 error_setg(errp, "Can't use a read-only drive"); 2554 return -1; 2555 } 2556 blk_set_dev_ops(blk, &ide_hd_block_ops, s); 2557 } 2558 if (serial) { 2559 pstrcpy(s->drive_serial_str, sizeof(s->drive_serial_str), serial); 2560 } else { 2561 snprintf(s->drive_serial_str, sizeof(s->drive_serial_str), 2562 "QM%05d", s->drive_serial); 2563 } 2564 if (model) { 2565 pstrcpy(s->drive_model_str, sizeof(s->drive_model_str), model); 2566 } else { 2567 switch (kind) { 2568 case IDE_CD: 2569 strcpy(s->drive_model_str, "QEMU DVD-ROM"); 2570 break; 2571 case IDE_CFATA: 2572 strcpy(s->drive_model_str, "QEMU MICRODRIVE"); 2573 break; 2574 default: 2575 strcpy(s->drive_model_str, "QEMU HARDDISK"); 2576 break; 2577 } 2578 } 2579 2580 if (version) { 2581 pstrcpy(s->version, sizeof(s->version), version); 2582 } else { 2583 pstrcpy(s->version, sizeof(s->version), qemu_hw_version()); 2584 } 2585 2586 ide_reset(s); 2587 blk_iostatus_enable(blk); 2588 return 0; 2589 } 2590 2591 static void ide_init1(IDEBus *bus, int unit) 2592 { 2593 static int drive_serial = 1; 2594 IDEState *s = &bus->ifs[unit]; 2595 2596 s->bus = bus; 2597 s->unit = unit; 2598 s->drive_serial = drive_serial++; 2599 /* we need at least 2k alignment for accessing CDROMs using O_DIRECT */ 2600 s->io_buffer_total_len = IDE_DMA_BUF_SECTORS*512 + 4; 2601 s->io_buffer = qemu_memalign(2048, s->io_buffer_total_len); 2602 memset(s->io_buffer, 0, s->io_buffer_total_len); 2603 2604 s->smart_selftest_data = blk_blockalign(s->blk, 512); 2605 memset(s->smart_selftest_data, 0, 512); 2606 2607 s->sector_write_timer = timer_new_ns(QEMU_CLOCK_VIRTUAL, 2608 ide_sector_write_timer_cb, s); 2609 } 2610 2611 static int ide_nop_int(const IDEDMA *dma, bool is_write) 2612 { 2613 return 0; 2614 } 2615 2616 static void ide_nop(const IDEDMA *dma) 2617 { 2618 } 2619 2620 static int32_t ide_nop_int32(const IDEDMA *dma, int32_t l) 2621 { 2622 return 0; 2623 } 2624 2625 static const IDEDMAOps ide_dma_nop_ops = { 2626 .prepare_buf = ide_nop_int32, 2627 .restart_dma = ide_nop, 2628 .rw_buf = ide_nop_int, 2629 }; 2630 2631 static void ide_restart_dma(IDEState *s, enum ide_dma_cmd dma_cmd) 2632 { 2633 s->unit = s->bus->retry_unit; 2634 ide_set_sector(s, s->bus->retry_sector_num); 2635 s->nsector = s->bus->retry_nsector; 2636 s->bus->dma->ops->restart_dma(s->bus->dma); 2637 s->io_buffer_size = 0; 2638 s->dma_cmd = dma_cmd; 2639 ide_start_dma(s, ide_dma_cb); 2640 } 2641 2642 static void ide_restart_bh(void *opaque) 2643 { 2644 IDEBus *bus = opaque; 2645 IDEState *s; 2646 bool is_read; 2647 int error_status; 2648 2649 qemu_bh_delete(bus->bh); 2650 bus->bh = NULL; 2651 2652 error_status = bus->error_status; 2653 if (bus->error_status == 0) { 2654 return; 2655 } 2656 2657 s = idebus_active_if(bus); 2658 is_read = (bus->error_status & IDE_RETRY_READ) != 0; 2659 2660 /* The error status must be cleared before resubmitting the request: The 2661 * request may fail again, and this case can only be distinguished if the 2662 * called function can set a new error status. */ 2663 bus->error_status = 0; 2664 2665 /* The HBA has generically asked to be kicked on retry */ 2666 if (error_status & IDE_RETRY_HBA) { 2667 if (s->bus->dma->ops->restart) { 2668 s->bus->dma->ops->restart(s->bus->dma); 2669 } 2670 } else if (IS_IDE_RETRY_DMA(error_status)) { 2671 if (error_status & IDE_RETRY_TRIM) { 2672 ide_restart_dma(s, IDE_DMA_TRIM); 2673 } else { 2674 ide_restart_dma(s, is_read ? IDE_DMA_READ : IDE_DMA_WRITE); 2675 } 2676 } else if (IS_IDE_RETRY_PIO(error_status)) { 2677 if (is_read) { 2678 ide_sector_read(s); 2679 } else { 2680 ide_sector_write(s); 2681 } 2682 } else if (error_status & IDE_RETRY_FLUSH) { 2683 ide_flush_cache(s); 2684 } else if (IS_IDE_RETRY_ATAPI(error_status)) { 2685 assert(s->end_transfer_func == ide_atapi_cmd); 2686 ide_atapi_dma_restart(s); 2687 } else { 2688 abort(); 2689 } 2690 } 2691 2692 static void ide_restart_cb(void *opaque, bool running, RunState state) 2693 { 2694 IDEBus *bus = opaque; 2695 2696 if (!running) 2697 return; 2698 2699 if (!bus->bh) { 2700 bus->bh = qemu_bh_new(ide_restart_bh, bus); 2701 qemu_bh_schedule(bus->bh); 2702 } 2703 } 2704 2705 void ide_register_restart_cb(IDEBus *bus) 2706 { 2707 if (bus->dma->ops->restart_dma) { 2708 bus->vmstate = qemu_add_vm_change_state_handler(ide_restart_cb, bus); 2709 } 2710 } 2711 2712 static IDEDMA ide_dma_nop = { 2713 .ops = &ide_dma_nop_ops, 2714 .aiocb = NULL, 2715 }; 2716 2717 void ide_init2(IDEBus *bus, qemu_irq irq) 2718 { 2719 int i; 2720 2721 for(i = 0; i < 2; i++) { 2722 ide_init1(bus, i); 2723 ide_reset(&bus->ifs[i]); 2724 } 2725 bus->irq = irq; 2726 bus->dma = &ide_dma_nop; 2727 } 2728 2729 void ide_exit(IDEState *s) 2730 { 2731 timer_free(s->sector_write_timer); 2732 qemu_vfree(s->smart_selftest_data); 2733 qemu_vfree(s->io_buffer); 2734 } 2735 2736 static bool is_identify_set(void *opaque, int version_id) 2737 { 2738 IDEState *s = opaque; 2739 2740 return s->identify_set != 0; 2741 } 2742 2743 static EndTransferFunc* transfer_end_table[] = { 2744 ide_sector_read, 2745 ide_sector_write, 2746 ide_transfer_stop, 2747 ide_atapi_cmd_reply_end, 2748 ide_atapi_cmd, 2749 ide_dummy_transfer_stop, 2750 }; 2751 2752 static int transfer_end_table_idx(EndTransferFunc *fn) 2753 { 2754 int i; 2755 2756 for (i = 0; i < ARRAY_SIZE(transfer_end_table); i++) 2757 if (transfer_end_table[i] == fn) 2758 return i; 2759 2760 return -1; 2761 } 2762 2763 static int ide_drive_post_load(void *opaque, int version_id) 2764 { 2765 IDEState *s = opaque; 2766 2767 if (s->blk && s->identify_set) { 2768 blk_set_enable_write_cache(s->blk, !!(s->identify_data[85] & (1 << 5))); 2769 } 2770 return 0; 2771 } 2772 2773 static int ide_drive_pio_post_load(void *opaque, int version_id) 2774 { 2775 IDEState *s = opaque; 2776 2777 if (s->end_transfer_fn_idx >= ARRAY_SIZE(transfer_end_table)) { 2778 return -EINVAL; 2779 } 2780 s->end_transfer_func = transfer_end_table[s->end_transfer_fn_idx]; 2781 s->data_ptr = s->io_buffer + s->cur_io_buffer_offset; 2782 s->data_end = s->data_ptr + s->cur_io_buffer_len; 2783 s->atapi_dma = s->feature & 1; /* as per cmd_packet */ 2784 2785 return 0; 2786 } 2787 2788 static int ide_drive_pio_pre_save(void *opaque) 2789 { 2790 IDEState *s = opaque; 2791 int idx; 2792 2793 s->cur_io_buffer_offset = s->data_ptr - s->io_buffer; 2794 s->cur_io_buffer_len = s->data_end - s->data_ptr; 2795 2796 idx = transfer_end_table_idx(s->end_transfer_func); 2797 if (idx == -1) { 2798 fprintf(stderr, "%s: invalid end_transfer_func for DRQ_STAT\n", 2799 __func__); 2800 s->end_transfer_fn_idx = 2; 2801 } else { 2802 s->end_transfer_fn_idx = idx; 2803 } 2804 2805 return 0; 2806 } 2807 2808 static bool ide_drive_pio_state_needed(void *opaque) 2809 { 2810 IDEState *s = opaque; 2811 2812 return ((s->status & DRQ_STAT) != 0) 2813 || (s->bus->error_status & IDE_RETRY_PIO); 2814 } 2815 2816 static bool ide_tray_state_needed(void *opaque) 2817 { 2818 IDEState *s = opaque; 2819 2820 return s->tray_open || s->tray_locked; 2821 } 2822 2823 static bool ide_atapi_gesn_needed(void *opaque) 2824 { 2825 IDEState *s = opaque; 2826 2827 return s->events.new_media || s->events.eject_request; 2828 } 2829 2830 static bool ide_error_needed(void *opaque) 2831 { 2832 IDEBus *bus = opaque; 2833 2834 return (bus->error_status != 0); 2835 } 2836 2837 /* Fields for GET_EVENT_STATUS_NOTIFICATION ATAPI command */ 2838 static const VMStateDescription vmstate_ide_atapi_gesn_state = { 2839 .name ="ide_drive/atapi/gesn_state", 2840 .version_id = 1, 2841 .minimum_version_id = 1, 2842 .needed = ide_atapi_gesn_needed, 2843 .fields = (VMStateField[]) { 2844 VMSTATE_BOOL(events.new_media, IDEState), 2845 VMSTATE_BOOL(events.eject_request, IDEState), 2846 VMSTATE_END_OF_LIST() 2847 } 2848 }; 2849 2850 static const VMStateDescription vmstate_ide_tray_state = { 2851 .name = "ide_drive/tray_state", 2852 .version_id = 1, 2853 .minimum_version_id = 1, 2854 .needed = ide_tray_state_needed, 2855 .fields = (VMStateField[]) { 2856 VMSTATE_BOOL(tray_open, IDEState), 2857 VMSTATE_BOOL(tray_locked, IDEState), 2858 VMSTATE_END_OF_LIST() 2859 } 2860 }; 2861 2862 static const VMStateDescription vmstate_ide_drive_pio_state = { 2863 .name = "ide_drive/pio_state", 2864 .version_id = 1, 2865 .minimum_version_id = 1, 2866 .pre_save = ide_drive_pio_pre_save, 2867 .post_load = ide_drive_pio_post_load, 2868 .needed = ide_drive_pio_state_needed, 2869 .fields = (VMStateField[]) { 2870 VMSTATE_INT32(req_nb_sectors, IDEState), 2871 VMSTATE_VARRAY_INT32(io_buffer, IDEState, io_buffer_total_len, 1, 2872 vmstate_info_uint8, uint8_t), 2873 VMSTATE_INT32(cur_io_buffer_offset, IDEState), 2874 VMSTATE_INT32(cur_io_buffer_len, IDEState), 2875 VMSTATE_UINT8(end_transfer_fn_idx, IDEState), 2876 VMSTATE_INT32(elementary_transfer_size, IDEState), 2877 VMSTATE_INT32(packet_transfer_size, IDEState), 2878 VMSTATE_END_OF_LIST() 2879 } 2880 }; 2881 2882 const VMStateDescription vmstate_ide_drive = { 2883 .name = "ide_drive", 2884 .version_id = 3, 2885 .minimum_version_id = 0, 2886 .post_load = ide_drive_post_load, 2887 .fields = (VMStateField[]) { 2888 VMSTATE_INT32(mult_sectors, IDEState), 2889 VMSTATE_INT32(identify_set, IDEState), 2890 VMSTATE_BUFFER_TEST(identify_data, IDEState, is_identify_set), 2891 VMSTATE_UINT8(feature, IDEState), 2892 VMSTATE_UINT8(error, IDEState), 2893 VMSTATE_UINT32(nsector, IDEState), 2894 VMSTATE_UINT8(sector, IDEState), 2895 VMSTATE_UINT8(lcyl, IDEState), 2896 VMSTATE_UINT8(hcyl, IDEState), 2897 VMSTATE_UINT8(hob_feature, IDEState), 2898 VMSTATE_UINT8(hob_sector, IDEState), 2899 VMSTATE_UINT8(hob_nsector, IDEState), 2900 VMSTATE_UINT8(hob_lcyl, IDEState), 2901 VMSTATE_UINT8(hob_hcyl, IDEState), 2902 VMSTATE_UINT8(select, IDEState), 2903 VMSTATE_UINT8(status, IDEState), 2904 VMSTATE_UINT8(lba48, IDEState), 2905 VMSTATE_UINT8(sense_key, IDEState), 2906 VMSTATE_UINT8(asc, IDEState), 2907 VMSTATE_UINT8_V(cdrom_changed, IDEState, 3), 2908 VMSTATE_END_OF_LIST() 2909 }, 2910 .subsections = (const VMStateDescription*[]) { 2911 &vmstate_ide_drive_pio_state, 2912 &vmstate_ide_tray_state, 2913 &vmstate_ide_atapi_gesn_state, 2914 NULL 2915 } 2916 }; 2917 2918 static const VMStateDescription vmstate_ide_error_status = { 2919 .name ="ide_bus/error", 2920 .version_id = 2, 2921 .minimum_version_id = 1, 2922 .needed = ide_error_needed, 2923 .fields = (VMStateField[]) { 2924 VMSTATE_INT32(error_status, IDEBus), 2925 VMSTATE_INT64_V(retry_sector_num, IDEBus, 2), 2926 VMSTATE_UINT32_V(retry_nsector, IDEBus, 2), 2927 VMSTATE_UINT8_V(retry_unit, IDEBus, 2), 2928 VMSTATE_END_OF_LIST() 2929 } 2930 }; 2931 2932 const VMStateDescription vmstate_ide_bus = { 2933 .name = "ide_bus", 2934 .version_id = 1, 2935 .minimum_version_id = 1, 2936 .fields = (VMStateField[]) { 2937 VMSTATE_UINT8(cmd, IDEBus), 2938 VMSTATE_UINT8(unit, IDEBus), 2939 VMSTATE_END_OF_LIST() 2940 }, 2941 .subsections = (const VMStateDescription*[]) { 2942 &vmstate_ide_error_status, 2943 NULL 2944 } 2945 }; 2946 2947 void ide_drive_get(DriveInfo **hd, int n) 2948 { 2949 int i; 2950 2951 for (i = 0; i < n; i++) { 2952 hd[i] = drive_get_by_index(IF_IDE, i); 2953 } 2954 } 2955