1 /* 2 * QEMU IDE disk and CD/DVD-ROM Emulator 3 * 4 * Copyright (c) 2003 Fabrice Bellard 5 * Copyright (c) 2006 Openedhand Ltd. 6 * 7 * Permission is hereby granted, free of charge, to any person obtaining a copy 8 * of this software and associated documentation files (the "Software"), to deal 9 * in the Software without restriction, including without limitation the rights 10 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 11 * copies of the Software, and to permit persons to whom the Software is 12 * furnished to do so, subject to the following conditions: 13 * 14 * The above copyright notice and this permission notice shall be included in 15 * all copies or substantial portions of the Software. 16 * 17 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 18 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 19 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL 20 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 21 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 22 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 23 * THE SOFTWARE. 24 */ 25 26 #include "qemu/osdep.h" 27 #include "hw/irq.h" 28 #include "hw/isa/isa.h" 29 #include "migration/vmstate.h" 30 #include "qemu/error-report.h" 31 #include "qemu/main-loop.h" 32 #include "qemu/timer.h" 33 #include "qemu/hw-version.h" 34 #include "qemu/memalign.h" 35 #include "sysemu/sysemu.h" 36 #include "sysemu/blockdev.h" 37 #include "sysemu/dma.h" 38 #include "hw/block/block.h" 39 #include "sysemu/block-backend.h" 40 #include "qapi/error.h" 41 #include "qemu/cutils.h" 42 #include "sysemu/replay.h" 43 #include "sysemu/runstate.h" 44 #include "hw/ide/internal.h" 45 #include "trace.h" 46 47 /* These values were based on a Seagate ST3500418AS but have been modified 48 to make more sense in QEMU */ 49 static const int smart_attributes[][12] = { 50 /* id, flags, hflags, val, wrst, raw (6 bytes), threshold */ 51 /* raw read error rate*/ 52 { 0x01, 0x03, 0x00, 0x64, 0x64, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x06}, 53 /* spin up */ 54 { 0x03, 0x03, 0x00, 0x64, 0x64, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, 55 /* start stop count */ 56 { 0x04, 0x02, 0x00, 0x64, 0x64, 0x64, 0x00, 0x00, 0x00, 0x00, 0x00, 0x14}, 57 /* remapped sectors */ 58 { 0x05, 0x03, 0x00, 0x64, 0x64, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x24}, 59 /* power on hours */ 60 { 0x09, 0x03, 0x00, 0x64, 0x64, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, 61 /* power cycle count */ 62 { 0x0c, 0x03, 0x00, 0x64, 0x64, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, 63 /* airflow-temperature-celsius */ 64 { 190, 0x03, 0x00, 0x45, 0x45, 0x1f, 0x00, 0x1f, 0x1f, 0x00, 0x00, 0x32}, 65 }; 66 67 const char *IDE_DMA_CMD_lookup[IDE_DMA__COUNT] = { 68 [IDE_DMA_READ] = "DMA READ", 69 [IDE_DMA_WRITE] = "DMA WRITE", 70 [IDE_DMA_TRIM] = "DMA TRIM", 71 [IDE_DMA_ATAPI] = "DMA ATAPI" 72 }; 73 74 static const char *IDE_DMA_CMD_str(enum ide_dma_cmd enval) 75 { 76 if ((unsigned)enval < IDE_DMA__COUNT) { 77 return IDE_DMA_CMD_lookup[enval]; 78 } 79 return "DMA UNKNOWN CMD"; 80 } 81 82 static void ide_dummy_transfer_stop(IDEState *s); 83 84 const MemoryRegionPortio ide_portio_list[] = { 85 { 0, 8, 1, .read = ide_ioport_read, .write = ide_ioport_write }, 86 { 0, 1, 2, .read = ide_data_readw, .write = ide_data_writew }, 87 { 0, 1, 4, .read = ide_data_readl, .write = ide_data_writel }, 88 PORTIO_END_OF_LIST(), 89 }; 90 91 const MemoryRegionPortio ide_portio2_list[] = { 92 { 0, 1, 1, .read = ide_status_read, .write = ide_ctrl_write }, 93 PORTIO_END_OF_LIST(), 94 }; 95 96 static void padstr(char *str, const char *src, int len) 97 { 98 int i, v; 99 for(i = 0; i < len; i++) { 100 if (*src) 101 v = *src++; 102 else 103 v = ' '; 104 str[i^1] = v; 105 } 106 } 107 108 static void put_le16(uint16_t *p, unsigned int v) 109 { 110 *p = cpu_to_le16(v); 111 } 112 113 static void ide_identify_size(IDEState *s) 114 { 115 uint16_t *p = (uint16_t *)s->identify_data; 116 int64_t nb_sectors_lba28 = s->nb_sectors; 117 if (nb_sectors_lba28 >= 1 << 28) { 118 nb_sectors_lba28 = (1 << 28) - 1; 119 } 120 put_le16(p + 60, nb_sectors_lba28); 121 put_le16(p + 61, nb_sectors_lba28 >> 16); 122 put_le16(p + 100, s->nb_sectors); 123 put_le16(p + 101, s->nb_sectors >> 16); 124 put_le16(p + 102, s->nb_sectors >> 32); 125 put_le16(p + 103, s->nb_sectors >> 48); 126 } 127 128 static void ide_identify(IDEState *s) 129 { 130 uint16_t *p; 131 unsigned int oldsize; 132 IDEDevice *dev = s->unit ? s->bus->slave : s->bus->master; 133 134 p = (uint16_t *)s->identify_data; 135 if (s->identify_set) { 136 goto fill_buffer; 137 } 138 memset(p, 0, sizeof(s->identify_data)); 139 140 put_le16(p + 0, 0x0040); 141 put_le16(p + 1, s->cylinders); 142 put_le16(p + 3, s->heads); 143 put_le16(p + 4, 512 * s->sectors); /* XXX: retired, remove ? */ 144 put_le16(p + 5, 512); /* XXX: retired, remove ? */ 145 put_le16(p + 6, s->sectors); 146 padstr((char *)(p + 10), s->drive_serial_str, 20); /* serial number */ 147 put_le16(p + 20, 3); /* XXX: retired, remove ? */ 148 put_le16(p + 21, 512); /* cache size in sectors */ 149 put_le16(p + 22, 4); /* ecc bytes */ 150 padstr((char *)(p + 23), s->version, 8); /* firmware version */ 151 padstr((char *)(p + 27), s->drive_model_str, 40); /* model */ 152 #if MAX_MULT_SECTORS > 1 153 put_le16(p + 47, 0x8000 | MAX_MULT_SECTORS); 154 #endif 155 put_le16(p + 48, 1); /* dword I/O */ 156 put_le16(p + 49, (1 << 11) | (1 << 9) | (1 << 8)); /* DMA and LBA supported */ 157 put_le16(p + 51, 0x200); /* PIO transfer cycle */ 158 put_le16(p + 52, 0x200); /* DMA transfer cycle */ 159 put_le16(p + 53, 1 | (1 << 1) | (1 << 2)); /* words 54-58,64-70,88 are valid */ 160 put_le16(p + 54, s->cylinders); 161 put_le16(p + 55, s->heads); 162 put_le16(p + 56, s->sectors); 163 oldsize = s->cylinders * s->heads * s->sectors; 164 put_le16(p + 57, oldsize); 165 put_le16(p + 58, oldsize >> 16); 166 if (s->mult_sectors) 167 put_le16(p + 59, 0x100 | s->mult_sectors); 168 /* *(p + 60) := nb_sectors -- see ide_identify_size */ 169 /* *(p + 61) := nb_sectors >> 16 -- see ide_identify_size */ 170 put_le16(p + 62, 0x07); /* single word dma0-2 supported */ 171 put_le16(p + 63, 0x07); /* mdma0-2 supported */ 172 put_le16(p + 64, 0x03); /* pio3-4 supported */ 173 put_le16(p + 65, 120); 174 put_le16(p + 66, 120); 175 put_le16(p + 67, 120); 176 put_le16(p + 68, 120); 177 if (dev && dev->conf.discard_granularity) { 178 put_le16(p + 69, (1 << 14)); /* determinate TRIM behavior */ 179 } 180 181 if (s->ncq_queues) { 182 put_le16(p + 75, s->ncq_queues - 1); 183 /* NCQ supported */ 184 put_le16(p + 76, (1 << 8)); 185 } 186 187 put_le16(p + 80, 0xf0); /* ata3 -> ata6 supported */ 188 put_le16(p + 81, 0x16); /* conforms to ata5 */ 189 /* 14=NOP supported, 5=WCACHE supported, 0=SMART supported */ 190 put_le16(p + 82, (1 << 14) | (1 << 5) | 1); 191 /* 13=flush_cache_ext,12=flush_cache,10=lba48 */ 192 put_le16(p + 83, (1 << 14) | (1 << 13) | (1 <<12) | (1 << 10)); 193 /* 14=set to 1, 8=has WWN, 1=SMART self test, 0=SMART error logging */ 194 if (s->wwn) { 195 put_le16(p + 84, (1 << 14) | (1 << 8) | 0); 196 } else { 197 put_le16(p + 84, (1 << 14) | 0); 198 } 199 /* 14 = NOP supported, 5=WCACHE enabled, 0=SMART feature set enabled */ 200 if (blk_enable_write_cache(s->blk)) { 201 put_le16(p + 85, (1 << 14) | (1 << 5) | 1); 202 } else { 203 put_le16(p + 85, (1 << 14) | 1); 204 } 205 /* 13=flush_cache_ext,12=flush_cache,10=lba48 */ 206 put_le16(p + 86, (1 << 13) | (1 <<12) | (1 << 10)); 207 /* 14=set to 1, 8=has WWN, 1=SMART self test, 0=SMART error logging */ 208 if (s->wwn) { 209 put_le16(p + 87, (1 << 14) | (1 << 8) | 0); 210 } else { 211 put_le16(p + 87, (1 << 14) | 0); 212 } 213 put_le16(p + 88, 0x3f | (1 << 13)); /* udma5 set and supported */ 214 put_le16(p + 93, 1 | (1 << 14) | 0x2000); 215 /* *(p + 100) := nb_sectors -- see ide_identify_size */ 216 /* *(p + 101) := nb_sectors >> 16 -- see ide_identify_size */ 217 /* *(p + 102) := nb_sectors >> 32 -- see ide_identify_size */ 218 /* *(p + 103) := nb_sectors >> 48 -- see ide_identify_size */ 219 220 if (dev && dev->conf.physical_block_size) 221 put_le16(p + 106, 0x6000 | get_physical_block_exp(&dev->conf)); 222 if (s->wwn) { 223 /* LE 16-bit words 111-108 contain 64-bit World Wide Name */ 224 put_le16(p + 108, s->wwn >> 48); 225 put_le16(p + 109, s->wwn >> 32); 226 put_le16(p + 110, s->wwn >> 16); 227 put_le16(p + 111, s->wwn); 228 } 229 if (dev && dev->conf.discard_granularity) { 230 put_le16(p + 169, 1); /* TRIM support */ 231 } 232 if (dev) { 233 put_le16(p + 217, dev->rotation_rate); /* Nominal media rotation rate */ 234 } 235 236 ide_identify_size(s); 237 s->identify_set = 1; 238 239 fill_buffer: 240 memcpy(s->io_buffer, p, sizeof(s->identify_data)); 241 } 242 243 static void ide_atapi_identify(IDEState *s) 244 { 245 uint16_t *p; 246 247 p = (uint16_t *)s->identify_data; 248 if (s->identify_set) { 249 goto fill_buffer; 250 } 251 memset(p, 0, sizeof(s->identify_data)); 252 253 /* Removable CDROM, 50us response, 12 byte packets */ 254 put_le16(p + 0, (2 << 14) | (5 << 8) | (1 << 7) | (2 << 5) | (0 << 0)); 255 padstr((char *)(p + 10), s->drive_serial_str, 20); /* serial number */ 256 put_le16(p + 20, 3); /* buffer type */ 257 put_le16(p + 21, 512); /* cache size in sectors */ 258 put_le16(p + 22, 4); /* ecc bytes */ 259 padstr((char *)(p + 23), s->version, 8); /* firmware version */ 260 padstr((char *)(p + 27), s->drive_model_str, 40); /* model */ 261 put_le16(p + 48, 1); /* dword I/O (XXX: should not be set on CDROM) */ 262 #ifdef USE_DMA_CDROM 263 put_le16(p + 49, 1 << 9 | 1 << 8); /* DMA and LBA supported */ 264 put_le16(p + 53, 7); /* words 64-70, 54-58, 88 valid */ 265 put_le16(p + 62, 7); /* single word dma0-2 supported */ 266 put_le16(p + 63, 7); /* mdma0-2 supported */ 267 #else 268 put_le16(p + 49, 1 << 9); /* LBA supported, no DMA */ 269 put_le16(p + 53, 3); /* words 64-70, 54-58 valid */ 270 put_le16(p + 63, 0x103); /* DMA modes XXX: may be incorrect */ 271 #endif 272 put_le16(p + 64, 3); /* pio3-4 supported */ 273 put_le16(p + 65, 0xb4); /* minimum DMA multiword tx cycle time */ 274 put_le16(p + 66, 0xb4); /* recommended DMA multiword tx cycle time */ 275 put_le16(p + 67, 0x12c); /* minimum PIO cycle time without flow control */ 276 put_le16(p + 68, 0xb4); /* minimum PIO cycle time with IORDY flow control */ 277 278 put_le16(p + 71, 30); /* in ns */ 279 put_le16(p + 72, 30); /* in ns */ 280 281 if (s->ncq_queues) { 282 put_le16(p + 75, s->ncq_queues - 1); 283 /* NCQ supported */ 284 put_le16(p + 76, (1 << 8)); 285 } 286 287 put_le16(p + 80, 0x1e); /* support up to ATA/ATAPI-4 */ 288 if (s->wwn) { 289 put_le16(p + 84, (1 << 8)); /* supports WWN for words 108-111 */ 290 put_le16(p + 87, (1 << 8)); /* WWN enabled */ 291 } 292 293 #ifdef USE_DMA_CDROM 294 put_le16(p + 88, 0x3f | (1 << 13)); /* udma5 set and supported */ 295 #endif 296 297 if (s->wwn) { 298 /* LE 16-bit words 111-108 contain 64-bit World Wide Name */ 299 put_le16(p + 108, s->wwn >> 48); 300 put_le16(p + 109, s->wwn >> 32); 301 put_le16(p + 110, s->wwn >> 16); 302 put_le16(p + 111, s->wwn); 303 } 304 305 s->identify_set = 1; 306 307 fill_buffer: 308 memcpy(s->io_buffer, p, sizeof(s->identify_data)); 309 } 310 311 static void ide_cfata_identify_size(IDEState *s) 312 { 313 uint16_t *p = (uint16_t *)s->identify_data; 314 put_le16(p + 7, s->nb_sectors >> 16); /* Sectors per card */ 315 put_le16(p + 8, s->nb_sectors); /* Sectors per card */ 316 put_le16(p + 60, s->nb_sectors); /* Total LBA sectors */ 317 put_le16(p + 61, s->nb_sectors >> 16); /* Total LBA sectors */ 318 } 319 320 static void ide_cfata_identify(IDEState *s) 321 { 322 uint16_t *p; 323 uint32_t cur_sec; 324 325 p = (uint16_t *)s->identify_data; 326 if (s->identify_set) { 327 goto fill_buffer; 328 } 329 memset(p, 0, sizeof(s->identify_data)); 330 331 cur_sec = s->cylinders * s->heads * s->sectors; 332 333 put_le16(p + 0, 0x848a); /* CF Storage Card signature */ 334 put_le16(p + 1, s->cylinders); /* Default cylinders */ 335 put_le16(p + 3, s->heads); /* Default heads */ 336 put_le16(p + 6, s->sectors); /* Default sectors per track */ 337 /* *(p + 7) := nb_sectors >> 16 -- see ide_cfata_identify_size */ 338 /* *(p + 8) := nb_sectors -- see ide_cfata_identify_size */ 339 padstr((char *)(p + 10), s->drive_serial_str, 20); /* serial number */ 340 put_le16(p + 22, 0x0004); /* ECC bytes */ 341 padstr((char *) (p + 23), s->version, 8); /* Firmware Revision */ 342 padstr((char *) (p + 27), s->drive_model_str, 40);/* Model number */ 343 #if MAX_MULT_SECTORS > 1 344 put_le16(p + 47, 0x8000 | MAX_MULT_SECTORS); 345 #else 346 put_le16(p + 47, 0x0000); 347 #endif 348 put_le16(p + 49, 0x0f00); /* Capabilities */ 349 put_le16(p + 51, 0x0002); /* PIO cycle timing mode */ 350 put_le16(p + 52, 0x0001); /* DMA cycle timing mode */ 351 put_le16(p + 53, 0x0003); /* Translation params valid */ 352 put_le16(p + 54, s->cylinders); /* Current cylinders */ 353 put_le16(p + 55, s->heads); /* Current heads */ 354 put_le16(p + 56, s->sectors); /* Current sectors */ 355 put_le16(p + 57, cur_sec); /* Current capacity */ 356 put_le16(p + 58, cur_sec >> 16); /* Current capacity */ 357 if (s->mult_sectors) /* Multiple sector setting */ 358 put_le16(p + 59, 0x100 | s->mult_sectors); 359 /* *(p + 60) := nb_sectors -- see ide_cfata_identify_size */ 360 /* *(p + 61) := nb_sectors >> 16 -- see ide_cfata_identify_size */ 361 put_le16(p + 63, 0x0203); /* Multiword DMA capability */ 362 put_le16(p + 64, 0x0001); /* Flow Control PIO support */ 363 put_le16(p + 65, 0x0096); /* Min. Multiword DMA cycle */ 364 put_le16(p + 66, 0x0096); /* Rec. Multiword DMA cycle */ 365 put_le16(p + 68, 0x00b4); /* Min. PIO cycle time */ 366 put_le16(p + 82, 0x400c); /* Command Set supported */ 367 put_le16(p + 83, 0x7068); /* Command Set supported */ 368 put_le16(p + 84, 0x4000); /* Features supported */ 369 put_le16(p + 85, 0x000c); /* Command Set enabled */ 370 put_le16(p + 86, 0x7044); /* Command Set enabled */ 371 put_le16(p + 87, 0x4000); /* Features enabled */ 372 put_le16(p + 91, 0x4060); /* Current APM level */ 373 put_le16(p + 129, 0x0002); /* Current features option */ 374 put_le16(p + 130, 0x0005); /* Reassigned sectors */ 375 put_le16(p + 131, 0x0001); /* Initial power mode */ 376 put_le16(p + 132, 0x0000); /* User signature */ 377 put_le16(p + 160, 0x8100); /* Power requirement */ 378 put_le16(p + 161, 0x8001); /* CF command set */ 379 380 ide_cfata_identify_size(s); 381 s->identify_set = 1; 382 383 fill_buffer: 384 memcpy(s->io_buffer, p, sizeof(s->identify_data)); 385 } 386 387 static void ide_set_signature(IDEState *s) 388 { 389 s->select &= ~(ATA_DEV_HS); /* clear head */ 390 /* put signature */ 391 s->nsector = 1; 392 s->sector = 1; 393 if (s->drive_kind == IDE_CD) { 394 s->lcyl = 0x14; 395 s->hcyl = 0xeb; 396 } else if (s->blk) { 397 s->lcyl = 0; 398 s->hcyl = 0; 399 } else { 400 s->lcyl = 0xff; 401 s->hcyl = 0xff; 402 } 403 } 404 405 static bool ide_sect_range_ok(IDEState *s, 406 uint64_t sector, uint64_t nb_sectors) 407 { 408 uint64_t total_sectors; 409 410 blk_get_geometry(s->blk, &total_sectors); 411 if (sector > total_sectors || nb_sectors > total_sectors - sector) { 412 return false; 413 } 414 return true; 415 } 416 417 typedef struct TrimAIOCB { 418 BlockAIOCB common; 419 IDEState *s; 420 QEMUBH *bh; 421 int ret; 422 QEMUIOVector *qiov; 423 BlockAIOCB *aiocb; 424 int i, j; 425 } TrimAIOCB; 426 427 static void trim_aio_cancel(BlockAIOCB *acb) 428 { 429 TrimAIOCB *iocb = container_of(acb, TrimAIOCB, common); 430 431 /* Exit the loop so ide_issue_trim_cb will not continue */ 432 iocb->j = iocb->qiov->niov - 1; 433 iocb->i = (iocb->qiov->iov[iocb->j].iov_len / 8) - 1; 434 435 iocb->ret = -ECANCELED; 436 437 if (iocb->aiocb) { 438 blk_aio_cancel_async(iocb->aiocb); 439 iocb->aiocb = NULL; 440 } 441 } 442 443 static const AIOCBInfo trim_aiocb_info = { 444 .aiocb_size = sizeof(TrimAIOCB), 445 .cancel_async = trim_aio_cancel, 446 }; 447 448 static void ide_trim_bh_cb(void *opaque) 449 { 450 TrimAIOCB *iocb = opaque; 451 BlockBackend *blk = iocb->s->blk; 452 453 iocb->common.cb(iocb->common.opaque, iocb->ret); 454 455 qemu_bh_delete(iocb->bh); 456 iocb->bh = NULL; 457 qemu_aio_unref(iocb); 458 459 /* Paired with an increment in ide_issue_trim() */ 460 blk_dec_in_flight(blk); 461 } 462 463 static void ide_issue_trim_cb(void *opaque, int ret) 464 { 465 TrimAIOCB *iocb = opaque; 466 IDEState *s = iocb->s; 467 468 if (iocb->i >= 0) { 469 if (ret >= 0) { 470 block_acct_done(blk_get_stats(s->blk), &s->acct); 471 } else { 472 block_acct_failed(blk_get_stats(s->blk), &s->acct); 473 } 474 } 475 476 if (ret >= 0) { 477 while (iocb->j < iocb->qiov->niov) { 478 int j = iocb->j; 479 while (++iocb->i < iocb->qiov->iov[j].iov_len / 8) { 480 int i = iocb->i; 481 uint64_t *buffer = iocb->qiov->iov[j].iov_base; 482 483 /* 6-byte LBA + 2-byte range per entry */ 484 uint64_t entry = le64_to_cpu(buffer[i]); 485 uint64_t sector = entry & 0x0000ffffffffffffULL; 486 uint16_t count = entry >> 48; 487 488 if (count == 0) { 489 continue; 490 } 491 492 if (!ide_sect_range_ok(s, sector, count)) { 493 block_acct_invalid(blk_get_stats(s->blk), BLOCK_ACCT_UNMAP); 494 iocb->ret = -EINVAL; 495 goto done; 496 } 497 498 block_acct_start(blk_get_stats(s->blk), &s->acct, 499 count << BDRV_SECTOR_BITS, BLOCK_ACCT_UNMAP); 500 501 /* Got an entry! Submit and exit. */ 502 iocb->aiocb = blk_aio_pdiscard(s->blk, 503 sector << BDRV_SECTOR_BITS, 504 count << BDRV_SECTOR_BITS, 505 ide_issue_trim_cb, opaque); 506 return; 507 } 508 509 iocb->j++; 510 iocb->i = -1; 511 } 512 } else { 513 iocb->ret = ret; 514 } 515 516 done: 517 iocb->aiocb = NULL; 518 if (iocb->bh) { 519 replay_bh_schedule_event(iocb->bh); 520 } 521 } 522 523 BlockAIOCB *ide_issue_trim( 524 int64_t offset, QEMUIOVector *qiov, 525 BlockCompletionFunc *cb, void *cb_opaque, void *opaque) 526 { 527 IDEState *s = opaque; 528 IDEDevice *dev = s->unit ? s->bus->slave : s->bus->master; 529 TrimAIOCB *iocb; 530 531 /* Paired with a decrement in ide_trim_bh_cb() */ 532 blk_inc_in_flight(s->blk); 533 534 iocb = blk_aio_get(&trim_aiocb_info, s->blk, cb, cb_opaque); 535 iocb->s = s; 536 iocb->bh = qemu_bh_new_guarded(ide_trim_bh_cb, iocb, 537 &DEVICE(dev)->mem_reentrancy_guard); 538 iocb->ret = 0; 539 iocb->qiov = qiov; 540 iocb->i = -1; 541 iocb->j = 0; 542 ide_issue_trim_cb(iocb, 0); 543 return &iocb->common; 544 } 545 546 void ide_abort_command(IDEState *s) 547 { 548 s->status = READY_STAT | ERR_STAT; 549 s->error = ABRT_ERR; 550 ide_transfer_stop(s); 551 } 552 553 static void ide_set_retry(IDEState *s) 554 { 555 s->bus->retry_unit = s->unit; 556 s->bus->retry_sector_num = ide_get_sector(s); 557 s->bus->retry_nsector = s->nsector; 558 } 559 560 static void ide_clear_retry(IDEState *s) 561 { 562 s->bus->retry_unit = -1; 563 s->bus->retry_sector_num = 0; 564 s->bus->retry_nsector = 0; 565 } 566 567 /* prepare data transfer and tell what to do after */ 568 bool ide_transfer_start_norecurse(IDEState *s, uint8_t *buf, int size, 569 EndTransferFunc *end_transfer_func) 570 { 571 s->data_ptr = buf; 572 s->data_end = buf + size; 573 ide_set_retry(s); 574 if (!(s->status & ERR_STAT)) { 575 s->status |= DRQ_STAT; 576 } 577 if (!s->bus->dma->ops->pio_transfer) { 578 s->end_transfer_func = end_transfer_func; 579 return false; 580 } 581 s->bus->dma->ops->pio_transfer(s->bus->dma); 582 return true; 583 } 584 585 void ide_transfer_start(IDEState *s, uint8_t *buf, int size, 586 EndTransferFunc *end_transfer_func) 587 { 588 if (ide_transfer_start_norecurse(s, buf, size, end_transfer_func)) { 589 end_transfer_func(s); 590 } 591 } 592 593 static void ide_cmd_done(IDEState *s) 594 { 595 if (s->bus->dma->ops->cmd_done) { 596 s->bus->dma->ops->cmd_done(s->bus->dma); 597 } 598 } 599 600 static void ide_transfer_halt(IDEState *s) 601 { 602 s->end_transfer_func = ide_transfer_stop; 603 s->data_ptr = s->io_buffer; 604 s->data_end = s->io_buffer; 605 s->status &= ~DRQ_STAT; 606 } 607 608 void ide_transfer_stop(IDEState *s) 609 { 610 ide_transfer_halt(s); 611 ide_cmd_done(s); 612 } 613 614 int64_t ide_get_sector(IDEState *s) 615 { 616 int64_t sector_num; 617 if (s->select & (ATA_DEV_LBA)) { 618 if (s->lba48) { 619 sector_num = ((int64_t)s->hob_hcyl << 40) | 620 ((int64_t) s->hob_lcyl << 32) | 621 ((int64_t) s->hob_sector << 24) | 622 ((int64_t) s->hcyl << 16) | 623 ((int64_t) s->lcyl << 8) | s->sector; 624 } else { 625 /* LBA28 */ 626 sector_num = ((s->select & (ATA_DEV_LBA_MSB)) << 24) | 627 (s->hcyl << 16) | (s->lcyl << 8) | s->sector; 628 } 629 } else { 630 /* CHS */ 631 sector_num = ((s->hcyl << 8) | s->lcyl) * s->heads * s->sectors + 632 (s->select & (ATA_DEV_HS)) * s->sectors + (s->sector - 1); 633 } 634 635 return sector_num; 636 } 637 638 void ide_set_sector(IDEState *s, int64_t sector_num) 639 { 640 unsigned int cyl, r; 641 if (s->select & (ATA_DEV_LBA)) { 642 if (s->lba48) { 643 s->sector = sector_num; 644 s->lcyl = sector_num >> 8; 645 s->hcyl = sector_num >> 16; 646 s->hob_sector = sector_num >> 24; 647 s->hob_lcyl = sector_num >> 32; 648 s->hob_hcyl = sector_num >> 40; 649 } else { 650 /* LBA28 */ 651 s->select = (s->select & ~(ATA_DEV_LBA_MSB)) | 652 ((sector_num >> 24) & (ATA_DEV_LBA_MSB)); 653 s->hcyl = (sector_num >> 16); 654 s->lcyl = (sector_num >> 8); 655 s->sector = (sector_num); 656 } 657 } else { 658 /* CHS */ 659 cyl = sector_num / (s->heads * s->sectors); 660 r = sector_num % (s->heads * s->sectors); 661 s->hcyl = cyl >> 8; 662 s->lcyl = cyl; 663 s->select = (s->select & ~(ATA_DEV_HS)) | 664 ((r / s->sectors) & (ATA_DEV_HS)); 665 s->sector = (r % s->sectors) + 1; 666 } 667 } 668 669 static void ide_rw_error(IDEState *s) { 670 ide_abort_command(s); 671 ide_bus_set_irq(s->bus); 672 } 673 674 static void ide_buffered_readv_cb(void *opaque, int ret) 675 { 676 IDEBufferedRequest *req = opaque; 677 if (!req->orphaned) { 678 if (!ret) { 679 assert(req->qiov.size == req->original_qiov->size); 680 qemu_iovec_from_buf(req->original_qiov, 0, 681 req->qiov.local_iov.iov_base, 682 req->original_qiov->size); 683 } 684 req->original_cb(req->original_opaque, ret); 685 } 686 QLIST_REMOVE(req, list); 687 qemu_vfree(qemu_iovec_buf(&req->qiov)); 688 g_free(req); 689 } 690 691 #define MAX_BUFFERED_REQS 16 692 693 BlockAIOCB *ide_buffered_readv(IDEState *s, int64_t sector_num, 694 QEMUIOVector *iov, int nb_sectors, 695 BlockCompletionFunc *cb, void *opaque) 696 { 697 BlockAIOCB *aioreq; 698 IDEBufferedRequest *req; 699 int c = 0; 700 701 QLIST_FOREACH(req, &s->buffered_requests, list) { 702 c++; 703 } 704 if (c > MAX_BUFFERED_REQS) { 705 return blk_abort_aio_request(s->blk, cb, opaque, -EIO); 706 } 707 708 req = g_new0(IDEBufferedRequest, 1); 709 req->original_qiov = iov; 710 req->original_cb = cb; 711 req->original_opaque = opaque; 712 qemu_iovec_init_buf(&req->qiov, blk_blockalign(s->blk, iov->size), 713 iov->size); 714 715 aioreq = blk_aio_preadv(s->blk, sector_num << BDRV_SECTOR_BITS, 716 &req->qiov, 0, ide_buffered_readv_cb, req); 717 718 QLIST_INSERT_HEAD(&s->buffered_requests, req, list); 719 return aioreq; 720 } 721 722 /** 723 * Cancel all pending DMA requests. 724 * Any buffered DMA requests are instantly canceled, 725 * but any pending unbuffered DMA requests must be waited on. 726 */ 727 void ide_cancel_dma_sync(IDEState *s) 728 { 729 IDEBufferedRequest *req; 730 731 /* First invoke the callbacks of all buffered requests 732 * and flag those requests as orphaned. Ideally there 733 * are no unbuffered (Scatter Gather DMA Requests or 734 * write requests) pending and we can avoid to drain. */ 735 QLIST_FOREACH(req, &s->buffered_requests, list) { 736 if (!req->orphaned) { 737 trace_ide_cancel_dma_sync_buffered(req->original_cb, req); 738 req->original_cb(req->original_opaque, -ECANCELED); 739 } 740 req->orphaned = true; 741 } 742 743 /* 744 * We can't cancel Scatter Gather DMA in the middle of the 745 * operation or a partial (not full) DMA transfer would reach 746 * the storage so we wait for completion instead (we behave 747 * like if the DMA was completed by the time the guest trying 748 * to cancel dma with bmdma_cmd_writeb with BM_CMD_START not 749 * set). 750 * 751 * In the future we'll be able to safely cancel the I/O if the 752 * whole DMA operation will be submitted to disk with a single 753 * aio operation with preadv/pwritev. 754 */ 755 if (s->bus->dma->aiocb) { 756 trace_ide_cancel_dma_sync_remaining(); 757 blk_drain(s->blk); 758 assert(s->bus->dma->aiocb == NULL); 759 } 760 } 761 762 static void ide_sector_read(IDEState *s); 763 764 static void ide_sector_read_cb(void *opaque, int ret) 765 { 766 IDEState *s = opaque; 767 int n; 768 769 s->pio_aiocb = NULL; 770 s->status &= ~BUSY_STAT; 771 772 if (ret != 0) { 773 if (ide_handle_rw_error(s, -ret, IDE_RETRY_PIO | 774 IDE_RETRY_READ)) { 775 return; 776 } 777 } 778 779 block_acct_done(blk_get_stats(s->blk), &s->acct); 780 781 n = s->nsector; 782 if (n > s->req_nb_sectors) { 783 n = s->req_nb_sectors; 784 } 785 786 ide_set_sector(s, ide_get_sector(s) + n); 787 s->nsector -= n; 788 /* Allow the guest to read the io_buffer */ 789 ide_transfer_start(s, s->io_buffer, n * BDRV_SECTOR_SIZE, ide_sector_read); 790 ide_bus_set_irq(s->bus); 791 } 792 793 static void ide_sector_read(IDEState *s) 794 { 795 int64_t sector_num; 796 int n; 797 798 s->status = READY_STAT | SEEK_STAT; 799 s->error = 0; /* not needed by IDE spec, but needed by Windows */ 800 sector_num = ide_get_sector(s); 801 n = s->nsector; 802 803 if (n == 0) { 804 ide_transfer_stop(s); 805 return; 806 } 807 808 s->status |= BUSY_STAT; 809 810 if (n > s->req_nb_sectors) { 811 n = s->req_nb_sectors; 812 } 813 814 trace_ide_sector_read(sector_num, n); 815 816 if (!ide_sect_range_ok(s, sector_num, n)) { 817 ide_rw_error(s); 818 block_acct_invalid(blk_get_stats(s->blk), BLOCK_ACCT_READ); 819 return; 820 } 821 822 qemu_iovec_init_buf(&s->qiov, s->io_buffer, n * BDRV_SECTOR_SIZE); 823 824 block_acct_start(blk_get_stats(s->blk), &s->acct, 825 n * BDRV_SECTOR_SIZE, BLOCK_ACCT_READ); 826 s->pio_aiocb = ide_buffered_readv(s, sector_num, &s->qiov, n, 827 ide_sector_read_cb, s); 828 } 829 830 void dma_buf_commit(IDEState *s, uint32_t tx_bytes) 831 { 832 if (s->bus->dma->ops->commit_buf) { 833 s->bus->dma->ops->commit_buf(s->bus->dma, tx_bytes); 834 } 835 s->io_buffer_offset += tx_bytes; 836 qemu_sglist_destroy(&s->sg); 837 } 838 839 void ide_set_inactive(IDEState *s, bool more) 840 { 841 s->bus->dma->aiocb = NULL; 842 ide_clear_retry(s); 843 if (s->bus->dma->ops->set_inactive) { 844 s->bus->dma->ops->set_inactive(s->bus->dma, more); 845 } 846 ide_cmd_done(s); 847 } 848 849 void ide_dma_error(IDEState *s) 850 { 851 dma_buf_commit(s, 0); 852 ide_abort_command(s); 853 ide_set_inactive(s, false); 854 ide_bus_set_irq(s->bus); 855 } 856 857 int ide_handle_rw_error(IDEState *s, int error, int op) 858 { 859 bool is_read = (op & IDE_RETRY_READ) != 0; 860 BlockErrorAction action = blk_get_error_action(s->blk, is_read, error); 861 862 if (action == BLOCK_ERROR_ACTION_STOP) { 863 assert(s->bus->retry_unit == s->unit); 864 s->bus->error_status = op; 865 } else if (action == BLOCK_ERROR_ACTION_REPORT) { 866 block_acct_failed(blk_get_stats(s->blk), &s->acct); 867 if (IS_IDE_RETRY_DMA(op)) { 868 ide_dma_error(s); 869 } else if (IS_IDE_RETRY_ATAPI(op)) { 870 ide_atapi_io_error(s, -error); 871 } else { 872 ide_rw_error(s); 873 } 874 } 875 blk_error_action(s->blk, action, is_read, error); 876 return action != BLOCK_ERROR_ACTION_IGNORE; 877 } 878 879 static void ide_dma_cb(void *opaque, int ret) 880 { 881 IDEState *s = opaque; 882 int n; 883 int64_t sector_num; 884 uint64_t offset; 885 bool stay_active = false; 886 int32_t prep_size = 0; 887 888 if (ret == -EINVAL) { 889 ide_dma_error(s); 890 return; 891 } 892 893 if (ret < 0) { 894 if (ide_handle_rw_error(s, -ret, ide_dma_cmd_to_retry(s->dma_cmd))) { 895 s->bus->dma->aiocb = NULL; 896 dma_buf_commit(s, 0); 897 return; 898 } 899 } 900 901 if (s->io_buffer_size > s->nsector * 512) { 902 /* 903 * The PRDs were longer than needed for this request. 904 * The Active bit must remain set after the request completes. 905 */ 906 n = s->nsector; 907 stay_active = true; 908 } else { 909 n = s->io_buffer_size >> 9; 910 } 911 912 sector_num = ide_get_sector(s); 913 if (n > 0) { 914 assert(n * 512 == s->sg.size); 915 dma_buf_commit(s, s->sg.size); 916 sector_num += n; 917 ide_set_sector(s, sector_num); 918 s->nsector -= n; 919 } 920 921 /* end of transfer ? */ 922 if (s->nsector == 0) { 923 s->status = READY_STAT | SEEK_STAT; 924 ide_bus_set_irq(s->bus); 925 goto eot; 926 } 927 928 /* launch next transfer */ 929 n = s->nsector; 930 s->io_buffer_index = 0; 931 s->io_buffer_size = n * 512; 932 prep_size = s->bus->dma->ops->prepare_buf(s->bus->dma, s->io_buffer_size); 933 /* prepare_buf() must succeed and respect the limit */ 934 assert(prep_size >= 0 && prep_size <= n * 512); 935 936 /* 937 * Now prep_size stores the number of bytes in the sglist, and 938 * s->io_buffer_size stores the number of bytes described by the PRDs. 939 */ 940 941 if (prep_size < n * 512) { 942 /* 943 * The PRDs are too short for this request. Error condition! 944 * Reset the Active bit and don't raise the interrupt. 945 */ 946 s->status = READY_STAT | SEEK_STAT; 947 dma_buf_commit(s, 0); 948 goto eot; 949 } 950 951 trace_ide_dma_cb(s, sector_num, n, IDE_DMA_CMD_str(s->dma_cmd)); 952 953 if ((s->dma_cmd == IDE_DMA_READ || s->dma_cmd == IDE_DMA_WRITE) && 954 !ide_sect_range_ok(s, sector_num, n)) { 955 ide_dma_error(s); 956 block_acct_invalid(blk_get_stats(s->blk), s->acct.type); 957 return; 958 } 959 960 offset = sector_num << BDRV_SECTOR_BITS; 961 switch (s->dma_cmd) { 962 case IDE_DMA_READ: 963 s->bus->dma->aiocb = dma_blk_read(s->blk, &s->sg, offset, 964 BDRV_SECTOR_SIZE, ide_dma_cb, s); 965 break; 966 case IDE_DMA_WRITE: 967 s->bus->dma->aiocb = dma_blk_write(s->blk, &s->sg, offset, 968 BDRV_SECTOR_SIZE, ide_dma_cb, s); 969 break; 970 case IDE_DMA_TRIM: 971 s->bus->dma->aiocb = dma_blk_io(blk_get_aio_context(s->blk), 972 &s->sg, offset, BDRV_SECTOR_SIZE, 973 ide_issue_trim, s, ide_dma_cb, s, 974 DMA_DIRECTION_TO_DEVICE); 975 break; 976 default: 977 abort(); 978 } 979 return; 980 981 eot: 982 if (s->dma_cmd == IDE_DMA_READ || s->dma_cmd == IDE_DMA_WRITE) { 983 block_acct_done(blk_get_stats(s->blk), &s->acct); 984 } 985 ide_set_inactive(s, stay_active); 986 } 987 988 static void ide_sector_start_dma(IDEState *s, enum ide_dma_cmd dma_cmd) 989 { 990 s->status = READY_STAT | SEEK_STAT | DRQ_STAT; 991 s->io_buffer_size = 0; 992 s->dma_cmd = dma_cmd; 993 994 switch (dma_cmd) { 995 case IDE_DMA_READ: 996 block_acct_start(blk_get_stats(s->blk), &s->acct, 997 s->nsector * BDRV_SECTOR_SIZE, BLOCK_ACCT_READ); 998 break; 999 case IDE_DMA_WRITE: 1000 block_acct_start(blk_get_stats(s->blk), &s->acct, 1001 s->nsector * BDRV_SECTOR_SIZE, BLOCK_ACCT_WRITE); 1002 break; 1003 default: 1004 break; 1005 } 1006 1007 ide_start_dma(s, ide_dma_cb); 1008 } 1009 1010 void ide_start_dma(IDEState *s, BlockCompletionFunc *cb) 1011 { 1012 s->io_buffer_index = 0; 1013 ide_set_retry(s); 1014 if (s->bus->dma->ops->start_dma) { 1015 s->bus->dma->ops->start_dma(s->bus->dma, s, cb); 1016 } 1017 } 1018 1019 static void ide_sector_write(IDEState *s); 1020 1021 static void ide_sector_write_timer_cb(void *opaque) 1022 { 1023 IDEState *s = opaque; 1024 ide_bus_set_irq(s->bus); 1025 } 1026 1027 static void ide_sector_write_cb(void *opaque, int ret) 1028 { 1029 IDEState *s = opaque; 1030 int n; 1031 1032 s->pio_aiocb = NULL; 1033 s->status &= ~BUSY_STAT; 1034 1035 if (ret != 0) { 1036 if (ide_handle_rw_error(s, -ret, IDE_RETRY_PIO)) { 1037 return; 1038 } 1039 } 1040 1041 block_acct_done(blk_get_stats(s->blk), &s->acct); 1042 1043 n = s->nsector; 1044 if (n > s->req_nb_sectors) { 1045 n = s->req_nb_sectors; 1046 } 1047 s->nsector -= n; 1048 1049 ide_set_sector(s, ide_get_sector(s) + n); 1050 if (s->nsector == 0) { 1051 /* no more sectors to write */ 1052 ide_transfer_stop(s); 1053 } else { 1054 int n1 = s->nsector; 1055 if (n1 > s->req_nb_sectors) { 1056 n1 = s->req_nb_sectors; 1057 } 1058 ide_transfer_start(s, s->io_buffer, n1 * BDRV_SECTOR_SIZE, 1059 ide_sector_write); 1060 } 1061 1062 if (win2k_install_hack && ((++s->irq_count % 16) == 0)) { 1063 /* It seems there is a bug in the Windows 2000 installer HDD 1064 IDE driver which fills the disk with empty logs when the 1065 IDE write IRQ comes too early. This hack tries to correct 1066 that at the expense of slower write performances. Use this 1067 option _only_ to install Windows 2000. You must disable it 1068 for normal use. */ 1069 timer_mod(s->sector_write_timer, qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL) + 1070 (NANOSECONDS_PER_SECOND / 1000)); 1071 } else { 1072 ide_bus_set_irq(s->bus); 1073 } 1074 } 1075 1076 static void ide_sector_write(IDEState *s) 1077 { 1078 int64_t sector_num; 1079 int n; 1080 1081 s->status = READY_STAT | SEEK_STAT | BUSY_STAT; 1082 sector_num = ide_get_sector(s); 1083 1084 n = s->nsector; 1085 if (n > s->req_nb_sectors) { 1086 n = s->req_nb_sectors; 1087 } 1088 1089 trace_ide_sector_write(sector_num, n); 1090 1091 if (!ide_sect_range_ok(s, sector_num, n)) { 1092 ide_rw_error(s); 1093 block_acct_invalid(blk_get_stats(s->blk), BLOCK_ACCT_WRITE); 1094 return; 1095 } 1096 1097 qemu_iovec_init_buf(&s->qiov, s->io_buffer, n * BDRV_SECTOR_SIZE); 1098 1099 block_acct_start(blk_get_stats(s->blk), &s->acct, 1100 n * BDRV_SECTOR_SIZE, BLOCK_ACCT_WRITE); 1101 s->pio_aiocb = blk_aio_pwritev(s->blk, sector_num << BDRV_SECTOR_BITS, 1102 &s->qiov, 0, ide_sector_write_cb, s); 1103 } 1104 1105 static void ide_flush_cb(void *opaque, int ret) 1106 { 1107 IDEState *s = opaque; 1108 1109 s->pio_aiocb = NULL; 1110 1111 if (ret < 0) { 1112 /* XXX: What sector number to set here? */ 1113 if (ide_handle_rw_error(s, -ret, IDE_RETRY_FLUSH)) { 1114 return; 1115 } 1116 } 1117 1118 if (s->blk) { 1119 block_acct_done(blk_get_stats(s->blk), &s->acct); 1120 } 1121 s->status = READY_STAT | SEEK_STAT; 1122 ide_cmd_done(s); 1123 ide_bus_set_irq(s->bus); 1124 } 1125 1126 static void ide_flush_cache(IDEState *s) 1127 { 1128 if (s->blk == NULL) { 1129 ide_flush_cb(s, 0); 1130 return; 1131 } 1132 1133 s->status |= BUSY_STAT; 1134 ide_set_retry(s); 1135 block_acct_start(blk_get_stats(s->blk), &s->acct, 0, BLOCK_ACCT_FLUSH); 1136 s->pio_aiocb = blk_aio_flush(s->blk, ide_flush_cb, s); 1137 } 1138 1139 static void ide_cfata_metadata_inquiry(IDEState *s) 1140 { 1141 uint16_t *p; 1142 uint32_t spd; 1143 1144 p = (uint16_t *) s->io_buffer; 1145 memset(p, 0, 0x200); 1146 spd = ((s->mdata_size - 1) >> 9) + 1; 1147 1148 put_le16(p + 0, 0x0001); /* Data format revision */ 1149 put_le16(p + 1, 0x0000); /* Media property: silicon */ 1150 put_le16(p + 2, s->media_changed); /* Media status */ 1151 put_le16(p + 3, s->mdata_size & 0xffff); /* Capacity in bytes (low) */ 1152 put_le16(p + 4, s->mdata_size >> 16); /* Capacity in bytes (high) */ 1153 put_le16(p + 5, spd & 0xffff); /* Sectors per device (low) */ 1154 put_le16(p + 6, spd >> 16); /* Sectors per device (high) */ 1155 } 1156 1157 static void ide_cfata_metadata_read(IDEState *s) 1158 { 1159 uint16_t *p; 1160 1161 if (((s->hcyl << 16) | s->lcyl) << 9 > s->mdata_size + 2) { 1162 s->status = ERR_STAT; 1163 s->error = ABRT_ERR; 1164 return; 1165 } 1166 1167 p = (uint16_t *) s->io_buffer; 1168 memset(p, 0, 0x200); 1169 1170 put_le16(p + 0, s->media_changed); /* Media status */ 1171 memcpy(p + 1, s->mdata_storage + (((s->hcyl << 16) | s->lcyl) << 9), 1172 MIN(MIN(s->mdata_size - (((s->hcyl << 16) | s->lcyl) << 9), 1173 s->nsector << 9), 0x200 - 2)); 1174 } 1175 1176 static void ide_cfata_metadata_write(IDEState *s) 1177 { 1178 if (((s->hcyl << 16) | s->lcyl) << 9 > s->mdata_size + 2) { 1179 s->status = ERR_STAT; 1180 s->error = ABRT_ERR; 1181 return; 1182 } 1183 1184 s->media_changed = 0; 1185 1186 memcpy(s->mdata_storage + (((s->hcyl << 16) | s->lcyl) << 9), 1187 s->io_buffer + 2, 1188 MIN(MIN(s->mdata_size - (((s->hcyl << 16) | s->lcyl) << 9), 1189 s->nsector << 9), 0x200 - 2)); 1190 } 1191 1192 /* called when the inserted state of the media has changed */ 1193 static void ide_cd_change_cb(void *opaque, bool load, Error **errp) 1194 { 1195 IDEState *s = opaque; 1196 uint64_t nb_sectors; 1197 1198 s->tray_open = !load; 1199 blk_get_geometry(s->blk, &nb_sectors); 1200 s->nb_sectors = nb_sectors; 1201 1202 /* 1203 * First indicate to the guest that a CD has been removed. That's 1204 * done on the next command the guest sends us. 1205 * 1206 * Then we set UNIT_ATTENTION, by which the guest will 1207 * detect a new CD in the drive. See ide_atapi_cmd() for details. 1208 */ 1209 s->cdrom_changed = 1; 1210 s->events.new_media = true; 1211 s->events.eject_request = false; 1212 ide_bus_set_irq(s->bus); 1213 } 1214 1215 static void ide_cd_eject_request_cb(void *opaque, bool force) 1216 { 1217 IDEState *s = opaque; 1218 1219 s->events.eject_request = true; 1220 if (force) { 1221 s->tray_locked = false; 1222 } 1223 ide_bus_set_irq(s->bus); 1224 } 1225 1226 static void ide_cmd_lba48_transform(IDEState *s, int lba48) 1227 { 1228 s->lba48 = lba48; 1229 1230 /* handle the 'magic' 0 nsector count conversion here. to avoid 1231 * fiddling with the rest of the read logic, we just store the 1232 * full sector count in ->nsector and ignore ->hob_nsector from now 1233 */ 1234 if (!s->lba48) { 1235 if (!s->nsector) 1236 s->nsector = 256; 1237 } else { 1238 if (!s->nsector && !s->hob_nsector) 1239 s->nsector = 65536; 1240 else { 1241 int lo = s->nsector; 1242 int hi = s->hob_nsector; 1243 1244 s->nsector = (hi << 8) | lo; 1245 } 1246 } 1247 } 1248 1249 static void ide_clear_hob(IDEBus *bus) 1250 { 1251 /* any write clears HOB high bit of device control register */ 1252 bus->cmd &= ~(IDE_CTRL_HOB); 1253 } 1254 1255 /* IOport [W]rite [R]egisters */ 1256 enum ATA_IOPORT_WR { 1257 ATA_IOPORT_WR_DATA = 0, 1258 ATA_IOPORT_WR_FEATURES = 1, 1259 ATA_IOPORT_WR_SECTOR_COUNT = 2, 1260 ATA_IOPORT_WR_SECTOR_NUMBER = 3, 1261 ATA_IOPORT_WR_CYLINDER_LOW = 4, 1262 ATA_IOPORT_WR_CYLINDER_HIGH = 5, 1263 ATA_IOPORT_WR_DEVICE_HEAD = 6, 1264 ATA_IOPORT_WR_COMMAND = 7, 1265 ATA_IOPORT_WR_NUM_REGISTERS, 1266 }; 1267 1268 const char *ATA_IOPORT_WR_lookup[ATA_IOPORT_WR_NUM_REGISTERS] = { 1269 [ATA_IOPORT_WR_DATA] = "Data", 1270 [ATA_IOPORT_WR_FEATURES] = "Features", 1271 [ATA_IOPORT_WR_SECTOR_COUNT] = "Sector Count", 1272 [ATA_IOPORT_WR_SECTOR_NUMBER] = "Sector Number", 1273 [ATA_IOPORT_WR_CYLINDER_LOW] = "Cylinder Low", 1274 [ATA_IOPORT_WR_CYLINDER_HIGH] = "Cylinder High", 1275 [ATA_IOPORT_WR_DEVICE_HEAD] = "Device/Head", 1276 [ATA_IOPORT_WR_COMMAND] = "Command" 1277 }; 1278 1279 void ide_ioport_write(void *opaque, uint32_t addr, uint32_t val) 1280 { 1281 IDEBus *bus = opaque; 1282 IDEState *s = ide_bus_active_if(bus); 1283 int reg_num = addr & 7; 1284 1285 trace_ide_ioport_write(addr, ATA_IOPORT_WR_lookup[reg_num], val, bus, s); 1286 1287 /* ignore writes to command block while busy with previous command */ 1288 if (reg_num != 7 && (s->status & (BUSY_STAT|DRQ_STAT))) { 1289 return; 1290 } 1291 1292 /* NOTE: Device0 and Device1 both receive incoming register writes. 1293 * (They're on the same bus! They have to!) */ 1294 1295 switch (reg_num) { 1296 case 0: 1297 break; 1298 case ATA_IOPORT_WR_FEATURES: 1299 ide_clear_hob(bus); 1300 bus->ifs[0].hob_feature = bus->ifs[0].feature; 1301 bus->ifs[1].hob_feature = bus->ifs[1].feature; 1302 bus->ifs[0].feature = val; 1303 bus->ifs[1].feature = val; 1304 break; 1305 case ATA_IOPORT_WR_SECTOR_COUNT: 1306 ide_clear_hob(bus); 1307 bus->ifs[0].hob_nsector = bus->ifs[0].nsector; 1308 bus->ifs[1].hob_nsector = bus->ifs[1].nsector; 1309 bus->ifs[0].nsector = val; 1310 bus->ifs[1].nsector = val; 1311 break; 1312 case ATA_IOPORT_WR_SECTOR_NUMBER: 1313 ide_clear_hob(bus); 1314 bus->ifs[0].hob_sector = bus->ifs[0].sector; 1315 bus->ifs[1].hob_sector = bus->ifs[1].sector; 1316 bus->ifs[0].sector = val; 1317 bus->ifs[1].sector = val; 1318 break; 1319 case ATA_IOPORT_WR_CYLINDER_LOW: 1320 ide_clear_hob(bus); 1321 bus->ifs[0].hob_lcyl = bus->ifs[0].lcyl; 1322 bus->ifs[1].hob_lcyl = bus->ifs[1].lcyl; 1323 bus->ifs[0].lcyl = val; 1324 bus->ifs[1].lcyl = val; 1325 break; 1326 case ATA_IOPORT_WR_CYLINDER_HIGH: 1327 ide_clear_hob(bus); 1328 bus->ifs[0].hob_hcyl = bus->ifs[0].hcyl; 1329 bus->ifs[1].hob_hcyl = bus->ifs[1].hcyl; 1330 bus->ifs[0].hcyl = val; 1331 bus->ifs[1].hcyl = val; 1332 break; 1333 case ATA_IOPORT_WR_DEVICE_HEAD: 1334 ide_clear_hob(bus); 1335 bus->ifs[0].select = val | (ATA_DEV_ALWAYS_ON); 1336 bus->ifs[1].select = val | (ATA_DEV_ALWAYS_ON); 1337 /* select drive */ 1338 bus->unit = (val & (ATA_DEV_SELECT)) ? 1 : 0; 1339 break; 1340 default: 1341 case ATA_IOPORT_WR_COMMAND: 1342 ide_clear_hob(bus); 1343 qemu_irq_lower(bus->irq); 1344 ide_bus_exec_cmd(bus, val); 1345 break; 1346 } 1347 } 1348 1349 static void ide_reset(IDEState *s) 1350 { 1351 trace_ide_reset(s); 1352 1353 if (s->pio_aiocb) { 1354 blk_aio_cancel(s->pio_aiocb); 1355 s->pio_aiocb = NULL; 1356 } 1357 1358 if (s->reset_reverts) { 1359 s->reset_reverts = false; 1360 s->heads = s->drive_heads; 1361 s->sectors = s->drive_sectors; 1362 } 1363 if (s->drive_kind == IDE_CFATA) 1364 s->mult_sectors = 0; 1365 else 1366 s->mult_sectors = MAX_MULT_SECTORS; 1367 /* ide regs */ 1368 s->feature = 0; 1369 s->error = 0; 1370 s->nsector = 0; 1371 s->sector = 0; 1372 s->lcyl = 0; 1373 s->hcyl = 0; 1374 1375 /* lba48 */ 1376 s->hob_feature = 0; 1377 s->hob_sector = 0; 1378 s->hob_nsector = 0; 1379 s->hob_lcyl = 0; 1380 s->hob_hcyl = 0; 1381 1382 s->select = (ATA_DEV_ALWAYS_ON); 1383 s->status = READY_STAT | SEEK_STAT; 1384 1385 s->lba48 = 0; 1386 1387 /* ATAPI specific */ 1388 s->sense_key = 0; 1389 s->asc = 0; 1390 s->cdrom_changed = 0; 1391 s->packet_transfer_size = 0; 1392 s->elementary_transfer_size = 0; 1393 s->io_buffer_index = 0; 1394 s->cd_sector_size = 0; 1395 s->atapi_dma = 0; 1396 s->tray_locked = 0; 1397 s->tray_open = 0; 1398 /* ATA DMA state */ 1399 s->io_buffer_size = 0; 1400 s->req_nb_sectors = 0; 1401 1402 ide_set_signature(s); 1403 /* init the transfer handler so that 0xffff is returned on data 1404 accesses */ 1405 s->end_transfer_func = ide_dummy_transfer_stop; 1406 ide_dummy_transfer_stop(s); 1407 s->media_changed = 0; 1408 } 1409 1410 static bool cmd_nop(IDEState *s, uint8_t cmd) 1411 { 1412 return true; 1413 } 1414 1415 static bool cmd_device_reset(IDEState *s, uint8_t cmd) 1416 { 1417 /* Halt PIO (in the DRQ phase), then DMA */ 1418 ide_transfer_halt(s); 1419 ide_cancel_dma_sync(s); 1420 1421 /* Reset any PIO commands, reset signature, etc */ 1422 ide_reset(s); 1423 1424 /* RESET: ATA8-ACS3 7.10.4 "Normal Outputs"; 1425 * ATA8-ACS3 Table 184 "Device Signatures for Normal Output" */ 1426 s->status = 0x00; 1427 1428 /* Do not overwrite status register */ 1429 return false; 1430 } 1431 1432 static bool cmd_data_set_management(IDEState *s, uint8_t cmd) 1433 { 1434 switch (s->feature) { 1435 case DSM_TRIM: 1436 if (s->blk) { 1437 ide_sector_start_dma(s, IDE_DMA_TRIM); 1438 return false; 1439 } 1440 break; 1441 } 1442 1443 ide_abort_command(s); 1444 return true; 1445 } 1446 1447 static bool cmd_identify(IDEState *s, uint8_t cmd) 1448 { 1449 if (s->blk && s->drive_kind != IDE_CD) { 1450 if (s->drive_kind != IDE_CFATA) { 1451 ide_identify(s); 1452 } else { 1453 ide_cfata_identify(s); 1454 } 1455 s->status = READY_STAT | SEEK_STAT; 1456 ide_transfer_start(s, s->io_buffer, 512, ide_transfer_stop); 1457 ide_bus_set_irq(s->bus); 1458 return false; 1459 } else { 1460 if (s->drive_kind == IDE_CD) { 1461 ide_set_signature(s); 1462 } 1463 ide_abort_command(s); 1464 } 1465 1466 return true; 1467 } 1468 1469 static bool cmd_verify(IDEState *s, uint8_t cmd) 1470 { 1471 bool lba48 = (cmd == WIN_VERIFY_EXT); 1472 1473 /* do sector number check ? */ 1474 ide_cmd_lba48_transform(s, lba48); 1475 1476 return true; 1477 } 1478 1479 static bool cmd_set_multiple_mode(IDEState *s, uint8_t cmd) 1480 { 1481 if (s->drive_kind == IDE_CFATA && s->nsector == 0) { 1482 /* Disable Read and Write Multiple */ 1483 s->mult_sectors = 0; 1484 } else if ((s->nsector & 0xff) != 0 && 1485 ((s->nsector & 0xff) > MAX_MULT_SECTORS || 1486 (s->nsector & (s->nsector - 1)) != 0)) { 1487 ide_abort_command(s); 1488 } else { 1489 s->mult_sectors = s->nsector & 0xff; 1490 } 1491 1492 return true; 1493 } 1494 1495 static bool cmd_read_multiple(IDEState *s, uint8_t cmd) 1496 { 1497 bool lba48 = (cmd == WIN_MULTREAD_EXT); 1498 1499 if (!s->blk || !s->mult_sectors) { 1500 ide_abort_command(s); 1501 return true; 1502 } 1503 1504 ide_cmd_lba48_transform(s, lba48); 1505 s->req_nb_sectors = s->mult_sectors; 1506 ide_sector_read(s); 1507 return false; 1508 } 1509 1510 static bool cmd_write_multiple(IDEState *s, uint8_t cmd) 1511 { 1512 bool lba48 = (cmd == WIN_MULTWRITE_EXT); 1513 int n; 1514 1515 if (!s->blk || !s->mult_sectors) { 1516 ide_abort_command(s); 1517 return true; 1518 } 1519 1520 ide_cmd_lba48_transform(s, lba48); 1521 1522 s->req_nb_sectors = s->mult_sectors; 1523 n = MIN(s->nsector, s->req_nb_sectors); 1524 1525 s->status = SEEK_STAT | READY_STAT; 1526 ide_transfer_start(s, s->io_buffer, 512 * n, ide_sector_write); 1527 1528 s->media_changed = 1; 1529 1530 return false; 1531 } 1532 1533 static bool cmd_read_pio(IDEState *s, uint8_t cmd) 1534 { 1535 bool lba48 = (cmd == WIN_READ_EXT); 1536 1537 if (s->drive_kind == IDE_CD) { 1538 ide_set_signature(s); /* odd, but ATA4 8.27.5.2 requires it */ 1539 ide_abort_command(s); 1540 return true; 1541 } 1542 1543 if (!s->blk) { 1544 ide_abort_command(s); 1545 return true; 1546 } 1547 1548 ide_cmd_lba48_transform(s, lba48); 1549 s->req_nb_sectors = 1; 1550 ide_sector_read(s); 1551 1552 return false; 1553 } 1554 1555 static bool cmd_write_pio(IDEState *s, uint8_t cmd) 1556 { 1557 bool lba48 = (cmd == WIN_WRITE_EXT); 1558 1559 if (!s->blk) { 1560 ide_abort_command(s); 1561 return true; 1562 } 1563 1564 ide_cmd_lba48_transform(s, lba48); 1565 1566 s->req_nb_sectors = 1; 1567 s->status = SEEK_STAT | READY_STAT; 1568 ide_transfer_start(s, s->io_buffer, 512, ide_sector_write); 1569 1570 s->media_changed = 1; 1571 1572 return false; 1573 } 1574 1575 static bool cmd_read_dma(IDEState *s, uint8_t cmd) 1576 { 1577 bool lba48 = (cmd == WIN_READDMA_EXT); 1578 1579 if (!s->blk) { 1580 ide_abort_command(s); 1581 return true; 1582 } 1583 1584 ide_cmd_lba48_transform(s, lba48); 1585 ide_sector_start_dma(s, IDE_DMA_READ); 1586 1587 return false; 1588 } 1589 1590 static bool cmd_write_dma(IDEState *s, uint8_t cmd) 1591 { 1592 bool lba48 = (cmd == WIN_WRITEDMA_EXT); 1593 1594 if (!s->blk) { 1595 ide_abort_command(s); 1596 return true; 1597 } 1598 1599 ide_cmd_lba48_transform(s, lba48); 1600 ide_sector_start_dma(s, IDE_DMA_WRITE); 1601 1602 s->media_changed = 1; 1603 1604 return false; 1605 } 1606 1607 static bool cmd_flush_cache(IDEState *s, uint8_t cmd) 1608 { 1609 ide_flush_cache(s); 1610 return false; 1611 } 1612 1613 static bool cmd_seek(IDEState *s, uint8_t cmd) 1614 { 1615 /* XXX: Check that seek is within bounds */ 1616 return true; 1617 } 1618 1619 static bool cmd_read_native_max(IDEState *s, uint8_t cmd) 1620 { 1621 bool lba48 = (cmd == WIN_READ_NATIVE_MAX_EXT); 1622 1623 /* Refuse if no sectors are addressable (e.g. medium not inserted) */ 1624 if (s->nb_sectors == 0) { 1625 ide_abort_command(s); 1626 return true; 1627 } 1628 1629 ide_cmd_lba48_transform(s, lba48); 1630 ide_set_sector(s, s->nb_sectors - 1); 1631 1632 return true; 1633 } 1634 1635 static bool cmd_check_power_mode(IDEState *s, uint8_t cmd) 1636 { 1637 s->nsector = 0xff; /* device active or idle */ 1638 return true; 1639 } 1640 1641 /* INITIALIZE DEVICE PARAMETERS */ 1642 static bool cmd_specify(IDEState *s, uint8_t cmd) 1643 { 1644 if (s->blk && s->drive_kind != IDE_CD) { 1645 s->heads = (s->select & (ATA_DEV_HS)) + 1; 1646 s->sectors = s->nsector; 1647 ide_bus_set_irq(s->bus); 1648 } else { 1649 ide_abort_command(s); 1650 } 1651 1652 return true; 1653 } 1654 1655 static bool cmd_set_features(IDEState *s, uint8_t cmd) 1656 { 1657 uint16_t *identify_data; 1658 1659 if (!s->blk) { 1660 ide_abort_command(s); 1661 return true; 1662 } 1663 1664 /* XXX: valid for CDROM ? */ 1665 switch (s->feature) { 1666 case 0x01: /* 8-bit I/O enable (CompactFlash) */ 1667 case 0x81: /* 8-bit I/O disable (CompactFlash) */ 1668 if (s->drive_kind != IDE_CFATA) { 1669 goto abort_cmd; 1670 } 1671 s->io8 = !(s->feature & 0x80); 1672 return true; 1673 case 0x02: /* write cache enable */ 1674 blk_set_enable_write_cache(s->blk, true); 1675 identify_data = (uint16_t *)s->identify_data; 1676 put_le16(identify_data + 85, (1 << 14) | (1 << 5) | 1); 1677 return true; 1678 case 0x82: /* write cache disable */ 1679 blk_set_enable_write_cache(s->blk, false); 1680 identify_data = (uint16_t *)s->identify_data; 1681 put_le16(identify_data + 85, (1 << 14) | 1); 1682 ide_flush_cache(s); 1683 return false; 1684 case 0xcc: /* reverting to power-on defaults enable */ 1685 s->reset_reverts = true; 1686 return true; 1687 case 0x66: /* reverting to power-on defaults disable */ 1688 s->reset_reverts = false; 1689 return true; 1690 case 0xaa: /* read look-ahead enable */ 1691 case 0x55: /* read look-ahead disable */ 1692 case 0x05: /* set advanced power management mode */ 1693 case 0x85: /* disable advanced power management mode */ 1694 case 0x69: /* NOP */ 1695 case 0x67: /* NOP */ 1696 case 0x96: /* NOP */ 1697 case 0x9a: /* NOP */ 1698 case 0x42: /* enable Automatic Acoustic Mode */ 1699 case 0xc2: /* disable Automatic Acoustic Mode */ 1700 return true; 1701 case 0x03: /* set transfer mode */ 1702 { 1703 uint8_t val = s->nsector & 0x07; 1704 identify_data = (uint16_t *)s->identify_data; 1705 1706 switch (s->nsector >> 3) { 1707 case 0x00: /* pio default */ 1708 case 0x01: /* pio mode */ 1709 put_le16(identify_data + 62, 0x07); 1710 put_le16(identify_data + 63, 0x07); 1711 put_le16(identify_data + 88, 0x3f); 1712 break; 1713 case 0x02: /* single word dma mode */ 1714 put_le16(identify_data + 62, 0x07 | (1 << (val + 8))); 1715 put_le16(identify_data + 63, 0x07); 1716 put_le16(identify_data + 88, 0x3f); 1717 break; 1718 case 0x04: /* mdma mode */ 1719 put_le16(identify_data + 62, 0x07); 1720 put_le16(identify_data + 63, 0x07 | (1 << (val + 8))); 1721 put_le16(identify_data + 88, 0x3f); 1722 break; 1723 case 0x08: /* udma mode */ 1724 put_le16(identify_data + 62, 0x07); 1725 put_le16(identify_data + 63, 0x07); 1726 put_le16(identify_data + 88, 0x3f | (1 << (val + 8))); 1727 break; 1728 default: 1729 goto abort_cmd; 1730 } 1731 return true; 1732 } 1733 } 1734 1735 abort_cmd: 1736 ide_abort_command(s); 1737 return true; 1738 } 1739 1740 1741 /*** ATAPI commands ***/ 1742 1743 static bool cmd_identify_packet(IDEState *s, uint8_t cmd) 1744 { 1745 ide_atapi_identify(s); 1746 s->status = READY_STAT | SEEK_STAT; 1747 ide_transfer_start(s, s->io_buffer, 512, ide_transfer_stop); 1748 ide_bus_set_irq(s->bus); 1749 return false; 1750 } 1751 1752 /* EXECUTE DEVICE DIAGNOSTIC */ 1753 static bool cmd_exec_dev_diagnostic(IDEState *s, uint8_t cmd) 1754 { 1755 /* 1756 * Clear the device register per the ATA (v6) specification, 1757 * because ide_set_signature does not clear LBA or drive bits. 1758 */ 1759 s->select = (ATA_DEV_ALWAYS_ON); 1760 ide_set_signature(s); 1761 1762 if (s->drive_kind == IDE_CD) { 1763 s->status = 0; /* ATAPI spec (v6) section 9.10 defines packet 1764 * devices to return a clear status register 1765 * with READY_STAT *not* set. */ 1766 s->error = 0x01; 1767 } else { 1768 s->status = READY_STAT | SEEK_STAT; 1769 /* The bits of the error register are not as usual for this command! 1770 * They are part of the regular output (this is why ERR_STAT isn't set) 1771 * Device 0 passed, Device 1 passed or not present. */ 1772 s->error = 0x01; 1773 ide_bus_set_irq(s->bus); 1774 } 1775 1776 return false; 1777 } 1778 1779 static bool cmd_packet(IDEState *s, uint8_t cmd) 1780 { 1781 /* overlapping commands not supported */ 1782 if (s->feature & 0x02) { 1783 ide_abort_command(s); 1784 return true; 1785 } 1786 1787 s->status = READY_STAT | SEEK_STAT; 1788 s->atapi_dma = s->feature & 1; 1789 if (s->atapi_dma) { 1790 s->dma_cmd = IDE_DMA_ATAPI; 1791 } 1792 s->nsector = 1; 1793 ide_transfer_start(s, s->io_buffer, ATAPI_PACKET_SIZE, 1794 ide_atapi_cmd); 1795 return false; 1796 } 1797 1798 1799 /*** CF-ATA commands ***/ 1800 1801 static bool cmd_cfa_req_ext_error_code(IDEState *s, uint8_t cmd) 1802 { 1803 s->error = 0x09; /* miscellaneous error */ 1804 s->status = READY_STAT | SEEK_STAT; 1805 ide_bus_set_irq(s->bus); 1806 1807 return false; 1808 } 1809 1810 static bool cmd_cfa_erase_sectors(IDEState *s, uint8_t cmd) 1811 { 1812 /* WIN_SECURITY_FREEZE_LOCK has the same ID as CFA_WEAR_LEVEL and is 1813 * required for Windows 8 to work with AHCI */ 1814 1815 if (cmd == CFA_WEAR_LEVEL) { 1816 s->nsector = 0; 1817 } 1818 1819 if (cmd == CFA_ERASE_SECTORS) { 1820 s->media_changed = 1; 1821 } 1822 1823 return true; 1824 } 1825 1826 static bool cmd_cfa_translate_sector(IDEState *s, uint8_t cmd) 1827 { 1828 s->status = READY_STAT | SEEK_STAT; 1829 1830 memset(s->io_buffer, 0, 0x200); 1831 s->io_buffer[0x00] = s->hcyl; /* Cyl MSB */ 1832 s->io_buffer[0x01] = s->lcyl; /* Cyl LSB */ 1833 s->io_buffer[0x02] = s->select; /* Head */ 1834 s->io_buffer[0x03] = s->sector; /* Sector */ 1835 s->io_buffer[0x04] = ide_get_sector(s) >> 16; /* LBA MSB */ 1836 s->io_buffer[0x05] = ide_get_sector(s) >> 8; /* LBA */ 1837 s->io_buffer[0x06] = ide_get_sector(s) >> 0; /* LBA LSB */ 1838 s->io_buffer[0x13] = 0x00; /* Erase flag */ 1839 s->io_buffer[0x18] = 0x00; /* Hot count */ 1840 s->io_buffer[0x19] = 0x00; /* Hot count */ 1841 s->io_buffer[0x1a] = 0x01; /* Hot count */ 1842 1843 ide_transfer_start(s, s->io_buffer, 0x200, ide_transfer_stop); 1844 ide_bus_set_irq(s->bus); 1845 1846 return false; 1847 } 1848 1849 static bool cmd_cfa_access_metadata_storage(IDEState *s, uint8_t cmd) 1850 { 1851 switch (s->feature) { 1852 case 0x02: /* Inquiry Metadata Storage */ 1853 ide_cfata_metadata_inquiry(s); 1854 break; 1855 case 0x03: /* Read Metadata Storage */ 1856 ide_cfata_metadata_read(s); 1857 break; 1858 case 0x04: /* Write Metadata Storage */ 1859 ide_cfata_metadata_write(s); 1860 break; 1861 default: 1862 ide_abort_command(s); 1863 return true; 1864 } 1865 1866 ide_transfer_start(s, s->io_buffer, 0x200, ide_transfer_stop); 1867 s->status = 0x00; /* NOTE: READY is _not_ set */ 1868 ide_bus_set_irq(s->bus); 1869 1870 return false; 1871 } 1872 1873 static bool cmd_ibm_sense_condition(IDEState *s, uint8_t cmd) 1874 { 1875 switch (s->feature) { 1876 case 0x01: /* sense temperature in device */ 1877 s->nsector = 0x50; /* +20 C */ 1878 break; 1879 default: 1880 ide_abort_command(s); 1881 return true; 1882 } 1883 1884 return true; 1885 } 1886 1887 1888 /*** SMART commands ***/ 1889 1890 static bool cmd_smart(IDEState *s, uint8_t cmd) 1891 { 1892 int n; 1893 1894 if (s->hcyl != 0xc2 || s->lcyl != 0x4f) { 1895 goto abort_cmd; 1896 } 1897 1898 if (!s->smart_enabled && s->feature != SMART_ENABLE) { 1899 goto abort_cmd; 1900 } 1901 1902 switch (s->feature) { 1903 case SMART_DISABLE: 1904 s->smart_enabled = 0; 1905 return true; 1906 1907 case SMART_ENABLE: 1908 s->smart_enabled = 1; 1909 return true; 1910 1911 case SMART_ATTR_AUTOSAVE: 1912 switch (s->sector) { 1913 case 0x00: 1914 s->smart_autosave = 0; 1915 break; 1916 case 0xf1: 1917 s->smart_autosave = 1; 1918 break; 1919 default: 1920 goto abort_cmd; 1921 } 1922 return true; 1923 1924 case SMART_STATUS: 1925 if (!s->smart_errors) { 1926 s->hcyl = 0xc2; 1927 s->lcyl = 0x4f; 1928 } else { 1929 s->hcyl = 0x2c; 1930 s->lcyl = 0xf4; 1931 } 1932 return true; 1933 1934 case SMART_READ_THRESH: 1935 memset(s->io_buffer, 0, 0x200); 1936 s->io_buffer[0] = 0x01; /* smart struct version */ 1937 1938 for (n = 0; n < ARRAY_SIZE(smart_attributes); n++) { 1939 s->io_buffer[2 + 0 + (n * 12)] = smart_attributes[n][0]; 1940 s->io_buffer[2 + 1 + (n * 12)] = smart_attributes[n][11]; 1941 } 1942 1943 /* checksum */ 1944 for (n = 0; n < 511; n++) { 1945 s->io_buffer[511] += s->io_buffer[n]; 1946 } 1947 s->io_buffer[511] = 0x100 - s->io_buffer[511]; 1948 1949 s->status = READY_STAT | SEEK_STAT; 1950 ide_transfer_start(s, s->io_buffer, 0x200, ide_transfer_stop); 1951 ide_bus_set_irq(s->bus); 1952 return false; 1953 1954 case SMART_READ_DATA: 1955 memset(s->io_buffer, 0, 0x200); 1956 s->io_buffer[0] = 0x01; /* smart struct version */ 1957 1958 for (n = 0; n < ARRAY_SIZE(smart_attributes); n++) { 1959 int i; 1960 for (i = 0; i < 11; i++) { 1961 s->io_buffer[2 + i + (n * 12)] = smart_attributes[n][i]; 1962 } 1963 } 1964 1965 s->io_buffer[362] = 0x02 | (s->smart_autosave ? 0x80 : 0x00); 1966 if (s->smart_selftest_count == 0) { 1967 s->io_buffer[363] = 0; 1968 } else { 1969 s->io_buffer[363] = 1970 s->smart_selftest_data[3 + 1971 (s->smart_selftest_count - 1) * 1972 24]; 1973 } 1974 s->io_buffer[364] = 0x20; 1975 s->io_buffer[365] = 0x01; 1976 /* offline data collection capacity: execute + self-test*/ 1977 s->io_buffer[367] = (1 << 4 | 1 << 3 | 1); 1978 s->io_buffer[368] = 0x03; /* smart capability (1) */ 1979 s->io_buffer[369] = 0x00; /* smart capability (2) */ 1980 s->io_buffer[370] = 0x01; /* error logging supported */ 1981 s->io_buffer[372] = 0x02; /* minutes for poll short test */ 1982 s->io_buffer[373] = 0x36; /* minutes for poll ext test */ 1983 s->io_buffer[374] = 0x01; /* minutes for poll conveyance */ 1984 1985 for (n = 0; n < 511; n++) { 1986 s->io_buffer[511] += s->io_buffer[n]; 1987 } 1988 s->io_buffer[511] = 0x100 - s->io_buffer[511]; 1989 1990 s->status = READY_STAT | SEEK_STAT; 1991 ide_transfer_start(s, s->io_buffer, 0x200, ide_transfer_stop); 1992 ide_bus_set_irq(s->bus); 1993 return false; 1994 1995 case SMART_READ_LOG: 1996 switch (s->sector) { 1997 case 0x01: /* summary smart error log */ 1998 memset(s->io_buffer, 0, 0x200); 1999 s->io_buffer[0] = 0x01; 2000 s->io_buffer[1] = 0x00; /* no error entries */ 2001 s->io_buffer[452] = s->smart_errors & 0xff; 2002 s->io_buffer[453] = (s->smart_errors & 0xff00) >> 8; 2003 2004 for (n = 0; n < 511; n++) { 2005 s->io_buffer[511] += s->io_buffer[n]; 2006 } 2007 s->io_buffer[511] = 0x100 - s->io_buffer[511]; 2008 break; 2009 case 0x06: /* smart self test log */ 2010 memset(s->io_buffer, 0, 0x200); 2011 s->io_buffer[0] = 0x01; 2012 if (s->smart_selftest_count == 0) { 2013 s->io_buffer[508] = 0; 2014 } else { 2015 s->io_buffer[508] = s->smart_selftest_count; 2016 for (n = 2; n < 506; n++) { 2017 s->io_buffer[n] = s->smart_selftest_data[n]; 2018 } 2019 } 2020 2021 for (n = 0; n < 511; n++) { 2022 s->io_buffer[511] += s->io_buffer[n]; 2023 } 2024 s->io_buffer[511] = 0x100 - s->io_buffer[511]; 2025 break; 2026 default: 2027 goto abort_cmd; 2028 } 2029 s->status = READY_STAT | SEEK_STAT; 2030 ide_transfer_start(s, s->io_buffer, 0x200, ide_transfer_stop); 2031 ide_bus_set_irq(s->bus); 2032 return false; 2033 2034 case SMART_EXECUTE_OFFLINE: 2035 switch (s->sector) { 2036 case 0: /* off-line routine */ 2037 case 1: /* short self test */ 2038 case 2: /* extended self test */ 2039 s->smart_selftest_count++; 2040 if (s->smart_selftest_count > 21) { 2041 s->smart_selftest_count = 1; 2042 } 2043 n = 2 + (s->smart_selftest_count - 1) * 24; 2044 s->smart_selftest_data[n] = s->sector; 2045 s->smart_selftest_data[n + 1] = 0x00; /* OK and finished */ 2046 s->smart_selftest_data[n + 2] = 0x34; /* hour count lsb */ 2047 s->smart_selftest_data[n + 3] = 0x12; /* hour count msb */ 2048 break; 2049 default: 2050 goto abort_cmd; 2051 } 2052 return true; 2053 } 2054 2055 abort_cmd: 2056 ide_abort_command(s); 2057 return true; 2058 } 2059 2060 #define HD_OK (1u << IDE_HD) 2061 #define CD_OK (1u << IDE_CD) 2062 #define CFA_OK (1u << IDE_CFATA) 2063 #define HD_CFA_OK (HD_OK | CFA_OK) 2064 #define ALL_OK (HD_OK | CD_OK | CFA_OK) 2065 2066 /* Set the Disk Seek Completed status bit during completion */ 2067 #define SET_DSC (1u << 8) 2068 2069 /* See ACS-2 T13/2015-D Table B.2 Command codes */ 2070 static const struct { 2071 /* Returns true if the completion code should be run */ 2072 bool (*handler)(IDEState *s, uint8_t cmd); 2073 int flags; 2074 } ide_cmd_table[0x100] = { 2075 /* NOP not implemented, mandatory for CD */ 2076 [CFA_REQ_EXT_ERROR_CODE] = { cmd_cfa_req_ext_error_code, CFA_OK }, 2077 [WIN_DSM] = { cmd_data_set_management, HD_CFA_OK }, 2078 [WIN_DEVICE_RESET] = { cmd_device_reset, CD_OK }, 2079 [WIN_RECAL] = { cmd_nop, HD_CFA_OK | SET_DSC}, 2080 [WIN_READ] = { cmd_read_pio, ALL_OK }, 2081 [WIN_READ_ONCE] = { cmd_read_pio, HD_CFA_OK }, 2082 [WIN_READ_EXT] = { cmd_read_pio, HD_CFA_OK }, 2083 [WIN_READDMA_EXT] = { cmd_read_dma, HD_CFA_OK }, 2084 [WIN_READ_NATIVE_MAX_EXT] = { cmd_read_native_max, HD_CFA_OK | SET_DSC }, 2085 [WIN_MULTREAD_EXT] = { cmd_read_multiple, HD_CFA_OK }, 2086 [WIN_WRITE] = { cmd_write_pio, HD_CFA_OK }, 2087 [WIN_WRITE_ONCE] = { cmd_write_pio, HD_CFA_OK }, 2088 [WIN_WRITE_EXT] = { cmd_write_pio, HD_CFA_OK }, 2089 [WIN_WRITEDMA_EXT] = { cmd_write_dma, HD_CFA_OK }, 2090 [CFA_WRITE_SECT_WO_ERASE] = { cmd_write_pio, CFA_OK }, 2091 [WIN_MULTWRITE_EXT] = { cmd_write_multiple, HD_CFA_OK }, 2092 [WIN_WRITE_VERIFY] = { cmd_write_pio, HD_CFA_OK }, 2093 [WIN_VERIFY] = { cmd_verify, HD_CFA_OK | SET_DSC }, 2094 [WIN_VERIFY_ONCE] = { cmd_verify, HD_CFA_OK | SET_DSC }, 2095 [WIN_VERIFY_EXT] = { cmd_verify, HD_CFA_OK | SET_DSC }, 2096 [WIN_SEEK] = { cmd_seek, HD_CFA_OK | SET_DSC }, 2097 [CFA_TRANSLATE_SECTOR] = { cmd_cfa_translate_sector, CFA_OK }, 2098 [WIN_DIAGNOSE] = { cmd_exec_dev_diagnostic, ALL_OK }, 2099 [WIN_SPECIFY] = { cmd_specify, HD_CFA_OK | SET_DSC }, 2100 [WIN_STANDBYNOW2] = { cmd_nop, HD_CFA_OK }, 2101 [WIN_IDLEIMMEDIATE2] = { cmd_nop, HD_CFA_OK }, 2102 [WIN_STANDBY2] = { cmd_nop, HD_CFA_OK }, 2103 [WIN_SETIDLE2] = { cmd_nop, HD_CFA_OK }, 2104 [WIN_CHECKPOWERMODE2] = { cmd_check_power_mode, HD_CFA_OK | SET_DSC }, 2105 [WIN_SLEEPNOW2] = { cmd_nop, HD_CFA_OK }, 2106 [WIN_PACKETCMD] = { cmd_packet, CD_OK }, 2107 [WIN_PIDENTIFY] = { cmd_identify_packet, CD_OK }, 2108 [WIN_SMART] = { cmd_smart, HD_CFA_OK | SET_DSC }, 2109 [CFA_ACCESS_METADATA_STORAGE] = { cmd_cfa_access_metadata_storage, CFA_OK }, 2110 [CFA_ERASE_SECTORS] = { cmd_cfa_erase_sectors, CFA_OK | SET_DSC }, 2111 [WIN_MULTREAD] = { cmd_read_multiple, HD_CFA_OK }, 2112 [WIN_MULTWRITE] = { cmd_write_multiple, HD_CFA_OK }, 2113 [WIN_SETMULT] = { cmd_set_multiple_mode, HD_CFA_OK | SET_DSC }, 2114 [WIN_READDMA] = { cmd_read_dma, HD_CFA_OK }, 2115 [WIN_READDMA_ONCE] = { cmd_read_dma, HD_CFA_OK }, 2116 [WIN_WRITEDMA] = { cmd_write_dma, HD_CFA_OK }, 2117 [WIN_WRITEDMA_ONCE] = { cmd_write_dma, HD_CFA_OK }, 2118 [CFA_WRITE_MULTI_WO_ERASE] = { cmd_write_multiple, CFA_OK }, 2119 [WIN_STANDBYNOW1] = { cmd_nop, HD_CFA_OK }, 2120 [WIN_IDLEIMMEDIATE] = { cmd_nop, HD_CFA_OK }, 2121 [WIN_STANDBY] = { cmd_nop, HD_CFA_OK }, 2122 [WIN_SETIDLE1] = { cmd_nop, HD_CFA_OK }, 2123 [WIN_CHECKPOWERMODE1] = { cmd_check_power_mode, HD_CFA_OK | SET_DSC }, 2124 [WIN_SLEEPNOW1] = { cmd_nop, HD_CFA_OK }, 2125 [WIN_FLUSH_CACHE] = { cmd_flush_cache, ALL_OK }, 2126 [WIN_FLUSH_CACHE_EXT] = { cmd_flush_cache, HD_CFA_OK }, 2127 [WIN_IDENTIFY] = { cmd_identify, ALL_OK }, 2128 [WIN_SETFEATURES] = { cmd_set_features, ALL_OK | SET_DSC }, 2129 [IBM_SENSE_CONDITION] = { cmd_ibm_sense_condition, CFA_OK | SET_DSC }, 2130 [CFA_WEAR_LEVEL] = { cmd_cfa_erase_sectors, HD_CFA_OK | SET_DSC }, 2131 [WIN_READ_NATIVE_MAX] = { cmd_read_native_max, HD_CFA_OK | SET_DSC }, 2132 }; 2133 2134 static bool ide_cmd_permitted(IDEState *s, uint32_t cmd) 2135 { 2136 return cmd < ARRAY_SIZE(ide_cmd_table) 2137 && (ide_cmd_table[cmd].flags & (1u << s->drive_kind)); 2138 } 2139 2140 void ide_bus_exec_cmd(IDEBus *bus, uint32_t val) 2141 { 2142 IDEState *s; 2143 bool complete; 2144 2145 s = ide_bus_active_if(bus); 2146 trace_ide_bus_exec_cmd(bus, s, val); 2147 2148 /* ignore commands to non existent slave */ 2149 if (s != bus->ifs && !s->blk) { 2150 return; 2151 } 2152 2153 /* Only RESET is allowed while BSY and/or DRQ are set, 2154 * and only to ATAPI devices. */ 2155 if (s->status & (BUSY_STAT|DRQ_STAT)) { 2156 if (val != WIN_DEVICE_RESET || s->drive_kind != IDE_CD) { 2157 return; 2158 } 2159 } 2160 2161 if (!ide_cmd_permitted(s, val)) { 2162 ide_abort_command(s); 2163 ide_bus_set_irq(s->bus); 2164 return; 2165 } 2166 2167 s->status = READY_STAT | BUSY_STAT; 2168 s->error = 0; 2169 s->io_buffer_offset = 0; 2170 2171 complete = ide_cmd_table[val].handler(s, val); 2172 if (complete) { 2173 s->status &= ~BUSY_STAT; 2174 assert(!!s->error == !!(s->status & ERR_STAT)); 2175 2176 if ((ide_cmd_table[val].flags & SET_DSC) && !s->error) { 2177 s->status |= SEEK_STAT; 2178 } 2179 2180 ide_cmd_done(s); 2181 ide_bus_set_irq(s->bus); 2182 } 2183 } 2184 2185 /* IOport [R]ead [R]egisters */ 2186 enum ATA_IOPORT_RR { 2187 ATA_IOPORT_RR_DATA = 0, 2188 ATA_IOPORT_RR_ERROR = 1, 2189 ATA_IOPORT_RR_SECTOR_COUNT = 2, 2190 ATA_IOPORT_RR_SECTOR_NUMBER = 3, 2191 ATA_IOPORT_RR_CYLINDER_LOW = 4, 2192 ATA_IOPORT_RR_CYLINDER_HIGH = 5, 2193 ATA_IOPORT_RR_DEVICE_HEAD = 6, 2194 ATA_IOPORT_RR_STATUS = 7, 2195 ATA_IOPORT_RR_NUM_REGISTERS, 2196 }; 2197 2198 const char *ATA_IOPORT_RR_lookup[ATA_IOPORT_RR_NUM_REGISTERS] = { 2199 [ATA_IOPORT_RR_DATA] = "Data", 2200 [ATA_IOPORT_RR_ERROR] = "Error", 2201 [ATA_IOPORT_RR_SECTOR_COUNT] = "Sector Count", 2202 [ATA_IOPORT_RR_SECTOR_NUMBER] = "Sector Number", 2203 [ATA_IOPORT_RR_CYLINDER_LOW] = "Cylinder Low", 2204 [ATA_IOPORT_RR_CYLINDER_HIGH] = "Cylinder High", 2205 [ATA_IOPORT_RR_DEVICE_HEAD] = "Device/Head", 2206 [ATA_IOPORT_RR_STATUS] = "Status" 2207 }; 2208 2209 uint32_t ide_ioport_read(void *opaque, uint32_t addr) 2210 { 2211 IDEBus *bus = opaque; 2212 IDEState *s = ide_bus_active_if(bus); 2213 uint32_t reg_num; 2214 int ret, hob; 2215 2216 reg_num = addr & 7; 2217 hob = bus->cmd & (IDE_CTRL_HOB); 2218 switch (reg_num) { 2219 case ATA_IOPORT_RR_DATA: 2220 /* 2221 * The pre-GRUB Solaris x86 bootloader relies upon inb 2222 * consuming a word from the drive's sector buffer. 2223 */ 2224 ret = ide_data_readw(bus, addr) & 0xff; 2225 break; 2226 case ATA_IOPORT_RR_ERROR: 2227 if ((!bus->ifs[0].blk && !bus->ifs[1].blk) || 2228 (s != bus->ifs && !s->blk)) { 2229 ret = 0; 2230 } else if (!hob) { 2231 ret = s->error; 2232 } else { 2233 ret = s->hob_feature; 2234 } 2235 break; 2236 case ATA_IOPORT_RR_SECTOR_COUNT: 2237 if (!bus->ifs[0].blk && !bus->ifs[1].blk) { 2238 ret = 0; 2239 } else if (!hob) { 2240 ret = s->nsector & 0xff; 2241 } else { 2242 ret = s->hob_nsector; 2243 } 2244 break; 2245 case ATA_IOPORT_RR_SECTOR_NUMBER: 2246 if (!bus->ifs[0].blk && !bus->ifs[1].blk) { 2247 ret = 0; 2248 } else if (!hob) { 2249 ret = s->sector; 2250 } else { 2251 ret = s->hob_sector; 2252 } 2253 break; 2254 case ATA_IOPORT_RR_CYLINDER_LOW: 2255 if (!bus->ifs[0].blk && !bus->ifs[1].blk) { 2256 ret = 0; 2257 } else if (!hob) { 2258 ret = s->lcyl; 2259 } else { 2260 ret = s->hob_lcyl; 2261 } 2262 break; 2263 case ATA_IOPORT_RR_CYLINDER_HIGH: 2264 if (!bus->ifs[0].blk && !bus->ifs[1].blk) { 2265 ret = 0; 2266 } else if (!hob) { 2267 ret = s->hcyl; 2268 } else { 2269 ret = s->hob_hcyl; 2270 } 2271 break; 2272 case ATA_IOPORT_RR_DEVICE_HEAD: 2273 if (!bus->ifs[0].blk && !bus->ifs[1].blk) { 2274 ret = 0; 2275 } else { 2276 ret = s->select; 2277 } 2278 break; 2279 default: 2280 case ATA_IOPORT_RR_STATUS: 2281 if ((!bus->ifs[0].blk && !bus->ifs[1].blk) || 2282 (s != bus->ifs && !s->blk)) { 2283 ret = 0; 2284 } else { 2285 ret = s->status; 2286 } 2287 qemu_irq_lower(bus->irq); 2288 break; 2289 } 2290 2291 trace_ide_ioport_read(addr, ATA_IOPORT_RR_lookup[reg_num], ret, bus, s); 2292 return ret; 2293 } 2294 2295 uint32_t ide_status_read(void *opaque, uint32_t addr) 2296 { 2297 IDEBus *bus = opaque; 2298 IDEState *s = ide_bus_active_if(bus); 2299 int ret; 2300 2301 if ((!bus->ifs[0].blk && !bus->ifs[1].blk) || 2302 (s != bus->ifs && !s->blk)) { 2303 ret = 0; 2304 } else { 2305 ret = s->status; 2306 } 2307 2308 trace_ide_status_read(addr, ret, bus, s); 2309 return ret; 2310 } 2311 2312 static void ide_perform_srst(IDEState *s) 2313 { 2314 s->status |= BUSY_STAT; 2315 2316 /* Halt PIO (Via register state); PIO BH remains scheduled. */ 2317 ide_transfer_halt(s); 2318 2319 /* Cancel DMA -- may drain block device and invoke callbacks */ 2320 ide_cancel_dma_sync(s); 2321 2322 /* Cancel PIO callback, reset registers/signature, etc */ 2323 ide_reset(s); 2324 2325 /* perform diagnostic */ 2326 cmd_exec_dev_diagnostic(s, WIN_DIAGNOSE); 2327 } 2328 2329 static void ide_bus_perform_srst(void *opaque) 2330 { 2331 IDEBus *bus = opaque; 2332 IDEState *s; 2333 int i; 2334 2335 for (i = 0; i < 2; i++) { 2336 s = &bus->ifs[i]; 2337 ide_perform_srst(s); 2338 } 2339 2340 bus->cmd &= ~IDE_CTRL_RESET; 2341 } 2342 2343 void ide_ctrl_write(void *opaque, uint32_t addr, uint32_t val) 2344 { 2345 IDEBus *bus = opaque; 2346 IDEState *s; 2347 int i; 2348 2349 trace_ide_ctrl_write(addr, val, bus); 2350 2351 /* Device0 and Device1 each have their own control register, 2352 * but QEMU models it as just one register in the controller. */ 2353 if (!(bus->cmd & IDE_CTRL_RESET) && (val & IDE_CTRL_RESET)) { 2354 for (i = 0; i < 2; i++) { 2355 s = &bus->ifs[i]; 2356 s->status |= BUSY_STAT; 2357 } 2358 replay_bh_schedule_oneshot_event(qemu_get_aio_context(), 2359 ide_bus_perform_srst, bus); 2360 } 2361 2362 bus->cmd = val; 2363 } 2364 2365 /* 2366 * Returns true if the running PIO transfer is a PIO out (i.e. data is 2367 * transferred from the device to the guest), false if it's a PIO in 2368 */ 2369 static bool ide_is_pio_out(IDEState *s) 2370 { 2371 if (s->end_transfer_func == ide_sector_write || 2372 s->end_transfer_func == ide_atapi_cmd) { 2373 return false; 2374 } else if (s->end_transfer_func == ide_sector_read || 2375 s->end_transfer_func == ide_transfer_stop || 2376 s->end_transfer_func == ide_atapi_cmd_reply_end || 2377 s->end_transfer_func == ide_dummy_transfer_stop) { 2378 return true; 2379 } 2380 2381 abort(); 2382 } 2383 2384 void ide_data_writew(void *opaque, uint32_t addr, uint32_t val) 2385 { 2386 IDEBus *bus = opaque; 2387 IDEState *s = ide_bus_active_if(bus); 2388 uint8_t *p; 2389 2390 trace_ide_data_writew(addr, val, bus, s); 2391 2392 /* PIO data access allowed only when DRQ bit is set. The result of a write 2393 * during PIO out is indeterminate, just ignore it. */ 2394 if (!(s->status & DRQ_STAT) || ide_is_pio_out(s)) { 2395 return; 2396 } 2397 2398 p = s->data_ptr; 2399 if (s->io8) { 2400 if (p + 1 > s->data_end) { 2401 return; 2402 } 2403 2404 *p++ = val; 2405 } else { 2406 if (p + 2 > s->data_end) { 2407 return; 2408 } 2409 2410 *(uint16_t *)p = le16_to_cpu(val); 2411 p += 2; 2412 } 2413 s->data_ptr = p; 2414 if (p >= s->data_end) { 2415 s->status &= ~DRQ_STAT; 2416 s->end_transfer_func(s); 2417 } 2418 } 2419 2420 uint32_t ide_data_readw(void *opaque, uint32_t addr) 2421 { 2422 IDEBus *bus = opaque; 2423 IDEState *s = ide_bus_active_if(bus); 2424 uint8_t *p; 2425 int ret; 2426 2427 /* PIO data access allowed only when DRQ bit is set. The result of a read 2428 * during PIO in is indeterminate, return 0 and don't move forward. */ 2429 if (!(s->status & DRQ_STAT) || !ide_is_pio_out(s)) { 2430 return 0; 2431 } 2432 2433 p = s->data_ptr; 2434 if (s->io8) { 2435 if (p + 1 > s->data_end) { 2436 return 0; 2437 } 2438 2439 ret = *p++; 2440 } else { 2441 if (p + 2 > s->data_end) { 2442 return 0; 2443 } 2444 2445 ret = cpu_to_le16(*(uint16_t *)p); 2446 p += 2; 2447 } 2448 s->data_ptr = p; 2449 if (p >= s->data_end) { 2450 s->status &= ~DRQ_STAT; 2451 s->end_transfer_func(s); 2452 } 2453 2454 trace_ide_data_readw(addr, ret, bus, s); 2455 return ret; 2456 } 2457 2458 void ide_data_writel(void *opaque, uint32_t addr, uint32_t val) 2459 { 2460 IDEBus *bus = opaque; 2461 IDEState *s = ide_bus_active_if(bus); 2462 uint8_t *p; 2463 2464 trace_ide_data_writel(addr, val, bus, s); 2465 2466 /* PIO data access allowed only when DRQ bit is set. The result of a write 2467 * during PIO out is indeterminate, just ignore it. */ 2468 if (!(s->status & DRQ_STAT) || ide_is_pio_out(s)) { 2469 return; 2470 } 2471 2472 p = s->data_ptr; 2473 if (p + 4 > s->data_end) { 2474 return; 2475 } 2476 2477 *(uint32_t *)p = le32_to_cpu(val); 2478 p += 4; 2479 s->data_ptr = p; 2480 if (p >= s->data_end) { 2481 s->status &= ~DRQ_STAT; 2482 s->end_transfer_func(s); 2483 } 2484 } 2485 2486 uint32_t ide_data_readl(void *opaque, uint32_t addr) 2487 { 2488 IDEBus *bus = opaque; 2489 IDEState *s = ide_bus_active_if(bus); 2490 uint8_t *p; 2491 int ret; 2492 2493 /* PIO data access allowed only when DRQ bit is set. The result of a read 2494 * during PIO in is indeterminate, return 0 and don't move forward. */ 2495 if (!(s->status & DRQ_STAT) || !ide_is_pio_out(s)) { 2496 ret = 0; 2497 goto out; 2498 } 2499 2500 p = s->data_ptr; 2501 if (p + 4 > s->data_end) { 2502 return 0; 2503 } 2504 2505 ret = cpu_to_le32(*(uint32_t *)p); 2506 p += 4; 2507 s->data_ptr = p; 2508 if (p >= s->data_end) { 2509 s->status &= ~DRQ_STAT; 2510 s->end_transfer_func(s); 2511 } 2512 2513 out: 2514 trace_ide_data_readl(addr, ret, bus, s); 2515 return ret; 2516 } 2517 2518 static void ide_dummy_transfer_stop(IDEState *s) 2519 { 2520 s->data_ptr = s->io_buffer; 2521 s->data_end = s->io_buffer; 2522 s->io_buffer[0] = 0xff; 2523 s->io_buffer[1] = 0xff; 2524 s->io_buffer[2] = 0xff; 2525 s->io_buffer[3] = 0xff; 2526 } 2527 2528 void ide_bus_reset(IDEBus *bus) 2529 { 2530 /* pending async DMA - needs the IDEState before it is reset */ 2531 if (bus->dma->aiocb) { 2532 trace_ide_bus_reset_aio(); 2533 blk_aio_cancel(bus->dma->aiocb); 2534 bus->dma->aiocb = NULL; 2535 } 2536 2537 bus->unit = 0; 2538 bus->cmd = 0; 2539 ide_reset(&bus->ifs[0]); 2540 ide_reset(&bus->ifs[1]); 2541 ide_clear_hob(bus); 2542 2543 /* reset dma provider too */ 2544 if (bus->dma->ops->reset) { 2545 bus->dma->ops->reset(bus->dma); 2546 } 2547 } 2548 2549 static bool ide_cd_is_tray_open(void *opaque) 2550 { 2551 return ((IDEState *)opaque)->tray_open; 2552 } 2553 2554 static bool ide_cd_is_medium_locked(void *opaque) 2555 { 2556 return ((IDEState *)opaque)->tray_locked; 2557 } 2558 2559 static void ide_resize_cb(void *opaque) 2560 { 2561 IDEState *s = opaque; 2562 uint64_t nb_sectors; 2563 2564 if (!s->identify_set) { 2565 return; 2566 } 2567 2568 blk_get_geometry(s->blk, &nb_sectors); 2569 s->nb_sectors = nb_sectors; 2570 2571 /* Update the identify data buffer. */ 2572 if (s->drive_kind == IDE_CFATA) { 2573 ide_cfata_identify_size(s); 2574 } else { 2575 /* IDE_CD uses a different set of callbacks entirely. */ 2576 assert(s->drive_kind != IDE_CD); 2577 ide_identify_size(s); 2578 } 2579 } 2580 2581 static const BlockDevOps ide_cd_block_ops = { 2582 .change_media_cb = ide_cd_change_cb, 2583 .eject_request_cb = ide_cd_eject_request_cb, 2584 .is_tray_open = ide_cd_is_tray_open, 2585 .is_medium_locked = ide_cd_is_medium_locked, 2586 }; 2587 2588 static const BlockDevOps ide_hd_block_ops = { 2589 .resize_cb = ide_resize_cb, 2590 }; 2591 2592 int ide_init_drive(IDEState *s, BlockBackend *blk, IDEDriveKind kind, 2593 const char *version, const char *serial, const char *model, 2594 uint64_t wwn, 2595 uint32_t cylinders, uint32_t heads, uint32_t secs, 2596 int chs_trans, Error **errp) 2597 { 2598 uint64_t nb_sectors; 2599 2600 s->blk = blk; 2601 s->drive_kind = kind; 2602 2603 blk_get_geometry(blk, &nb_sectors); 2604 s->cylinders = cylinders; 2605 s->heads = s->drive_heads = heads; 2606 s->sectors = s->drive_sectors = secs; 2607 s->chs_trans = chs_trans; 2608 s->nb_sectors = nb_sectors; 2609 s->wwn = wwn; 2610 /* The SMART values should be preserved across power cycles 2611 but they aren't. */ 2612 s->smart_enabled = 1; 2613 s->smart_autosave = 1; 2614 s->smart_errors = 0; 2615 s->smart_selftest_count = 0; 2616 if (kind == IDE_CD) { 2617 blk_set_dev_ops(blk, &ide_cd_block_ops, s); 2618 } else { 2619 if (!blk_is_inserted(s->blk)) { 2620 error_setg(errp, "Device needs media, but drive is empty"); 2621 return -1; 2622 } 2623 if (!blk_is_writable(blk)) { 2624 error_setg(errp, "Can't use a read-only drive"); 2625 return -1; 2626 } 2627 blk_set_dev_ops(blk, &ide_hd_block_ops, s); 2628 } 2629 if (serial) { 2630 pstrcpy(s->drive_serial_str, sizeof(s->drive_serial_str), serial); 2631 } else { 2632 snprintf(s->drive_serial_str, sizeof(s->drive_serial_str), 2633 "QM%05d", s->drive_serial); 2634 } 2635 if (model) { 2636 pstrcpy(s->drive_model_str, sizeof(s->drive_model_str), model); 2637 } else { 2638 switch (kind) { 2639 case IDE_CD: 2640 strcpy(s->drive_model_str, "QEMU DVD-ROM"); 2641 break; 2642 case IDE_CFATA: 2643 strcpy(s->drive_model_str, "QEMU MICRODRIVE"); 2644 break; 2645 default: 2646 strcpy(s->drive_model_str, "QEMU HARDDISK"); 2647 break; 2648 } 2649 } 2650 2651 if (version) { 2652 pstrcpy(s->version, sizeof(s->version), version); 2653 } else { 2654 pstrcpy(s->version, sizeof(s->version), qemu_hw_version()); 2655 } 2656 2657 ide_reset(s); 2658 blk_iostatus_enable(blk); 2659 return 0; 2660 } 2661 2662 static void ide_init1(IDEBus *bus, int unit) 2663 { 2664 static int drive_serial = 1; 2665 IDEState *s = &bus->ifs[unit]; 2666 2667 s->bus = bus; 2668 s->unit = unit; 2669 s->drive_serial = drive_serial++; 2670 /* we need at least 2k alignment for accessing CDROMs using O_DIRECT */ 2671 s->io_buffer_total_len = IDE_DMA_BUF_SECTORS*512 + 4; 2672 s->io_buffer = qemu_memalign(2048, s->io_buffer_total_len); 2673 memset(s->io_buffer, 0, s->io_buffer_total_len); 2674 2675 s->smart_selftest_data = blk_blockalign(s->blk, 512); 2676 memset(s->smart_selftest_data, 0, 512); 2677 2678 s->sector_write_timer = timer_new_ns(QEMU_CLOCK_VIRTUAL, 2679 ide_sector_write_timer_cb, s); 2680 } 2681 2682 static int ide_nop_int(const IDEDMA *dma, bool is_write) 2683 { 2684 return 0; 2685 } 2686 2687 static void ide_nop(const IDEDMA *dma) 2688 { 2689 } 2690 2691 static int32_t ide_nop_int32(const IDEDMA *dma, int32_t l) 2692 { 2693 return 0; 2694 } 2695 2696 static const IDEDMAOps ide_dma_nop_ops = { 2697 .prepare_buf = ide_nop_int32, 2698 .restart_dma = ide_nop, 2699 .rw_buf = ide_nop_int, 2700 }; 2701 2702 static void ide_restart_dma(IDEState *s, enum ide_dma_cmd dma_cmd) 2703 { 2704 s->unit = s->bus->retry_unit; 2705 ide_set_sector(s, s->bus->retry_sector_num); 2706 s->nsector = s->bus->retry_nsector; 2707 s->bus->dma->ops->restart_dma(s->bus->dma); 2708 s->io_buffer_size = 0; 2709 s->dma_cmd = dma_cmd; 2710 ide_start_dma(s, ide_dma_cb); 2711 } 2712 2713 static void ide_restart_bh(void *opaque) 2714 { 2715 IDEBus *bus = opaque; 2716 IDEState *s; 2717 bool is_read; 2718 int error_status; 2719 2720 qemu_bh_delete(bus->bh); 2721 bus->bh = NULL; 2722 2723 error_status = bus->error_status; 2724 if (bus->error_status == 0) { 2725 return; 2726 } 2727 2728 s = ide_bus_active_if(bus); 2729 is_read = (bus->error_status & IDE_RETRY_READ) != 0; 2730 2731 /* The error status must be cleared before resubmitting the request: The 2732 * request may fail again, and this case can only be distinguished if the 2733 * called function can set a new error status. */ 2734 bus->error_status = 0; 2735 2736 /* The HBA has generically asked to be kicked on retry */ 2737 if (error_status & IDE_RETRY_HBA) { 2738 if (s->bus->dma->ops->restart) { 2739 s->bus->dma->ops->restart(s->bus->dma); 2740 } 2741 } else if (IS_IDE_RETRY_DMA(error_status)) { 2742 if (error_status & IDE_RETRY_TRIM) { 2743 ide_restart_dma(s, IDE_DMA_TRIM); 2744 } else { 2745 ide_restart_dma(s, is_read ? IDE_DMA_READ : IDE_DMA_WRITE); 2746 } 2747 } else if (IS_IDE_RETRY_PIO(error_status)) { 2748 if (is_read) { 2749 ide_sector_read(s); 2750 } else { 2751 ide_sector_write(s); 2752 } 2753 } else if (error_status & IDE_RETRY_FLUSH) { 2754 ide_flush_cache(s); 2755 } else if (IS_IDE_RETRY_ATAPI(error_status)) { 2756 assert(s->end_transfer_func == ide_atapi_cmd); 2757 ide_atapi_dma_restart(s); 2758 } else { 2759 abort(); 2760 } 2761 } 2762 2763 static void ide_restart_cb(void *opaque, bool running, RunState state) 2764 { 2765 IDEBus *bus = opaque; 2766 2767 if (!running) 2768 return; 2769 2770 if (!bus->bh) { 2771 bus->bh = qemu_bh_new(ide_restart_bh, bus); 2772 qemu_bh_schedule(bus->bh); 2773 } 2774 } 2775 2776 void ide_bus_register_restart_cb(IDEBus *bus) 2777 { 2778 if (bus->dma->ops->restart_dma) { 2779 bus->vmstate = qemu_add_vm_change_state_handler(ide_restart_cb, bus); 2780 } 2781 } 2782 2783 static IDEDMA ide_dma_nop = { 2784 .ops = &ide_dma_nop_ops, 2785 .aiocb = NULL, 2786 }; 2787 2788 void ide_bus_init_output_irq(IDEBus *bus, qemu_irq irq_out) 2789 { 2790 int i; 2791 2792 for(i = 0; i < 2; i++) { 2793 ide_init1(bus, i); 2794 ide_reset(&bus->ifs[i]); 2795 } 2796 bus->irq = irq_out; 2797 bus->dma = &ide_dma_nop; 2798 } 2799 2800 void ide_bus_set_irq(IDEBus *bus) 2801 { 2802 if (!(bus->cmd & IDE_CTRL_DISABLE_IRQ)) { 2803 qemu_irq_raise(bus->irq); 2804 } 2805 } 2806 2807 void ide_exit(IDEState *s) 2808 { 2809 timer_free(s->sector_write_timer); 2810 qemu_vfree(s->smart_selftest_data); 2811 qemu_vfree(s->io_buffer); 2812 } 2813 2814 static bool is_identify_set(void *opaque, int version_id) 2815 { 2816 IDEState *s = opaque; 2817 2818 return s->identify_set != 0; 2819 } 2820 2821 static EndTransferFunc* transfer_end_table[] = { 2822 ide_sector_read, 2823 ide_sector_write, 2824 ide_transfer_stop, 2825 ide_atapi_cmd_reply_end, 2826 ide_atapi_cmd, 2827 ide_dummy_transfer_stop, 2828 }; 2829 2830 static int transfer_end_table_idx(EndTransferFunc *fn) 2831 { 2832 int i; 2833 2834 for (i = 0; i < ARRAY_SIZE(transfer_end_table); i++) 2835 if (transfer_end_table[i] == fn) 2836 return i; 2837 2838 return -1; 2839 } 2840 2841 static int ide_drive_post_load(void *opaque, int version_id) 2842 { 2843 IDEState *s = opaque; 2844 2845 if (s->blk && s->identify_set) { 2846 blk_set_enable_write_cache(s->blk, !!(s->identify_data[85] & (1 << 5))); 2847 } 2848 return 0; 2849 } 2850 2851 static int ide_drive_pio_post_load(void *opaque, int version_id) 2852 { 2853 IDEState *s = opaque; 2854 2855 if (s->end_transfer_fn_idx >= ARRAY_SIZE(transfer_end_table)) { 2856 return -EINVAL; 2857 } 2858 s->end_transfer_func = transfer_end_table[s->end_transfer_fn_idx]; 2859 s->data_ptr = s->io_buffer + s->cur_io_buffer_offset; 2860 s->data_end = s->data_ptr + s->cur_io_buffer_len; 2861 s->atapi_dma = s->feature & 1; /* as per cmd_packet */ 2862 2863 return 0; 2864 } 2865 2866 static int ide_drive_pio_pre_save(void *opaque) 2867 { 2868 IDEState *s = opaque; 2869 int idx; 2870 2871 s->cur_io_buffer_offset = s->data_ptr - s->io_buffer; 2872 s->cur_io_buffer_len = s->data_end - s->data_ptr; 2873 2874 idx = transfer_end_table_idx(s->end_transfer_func); 2875 if (idx == -1) { 2876 fprintf(stderr, "%s: invalid end_transfer_func for DRQ_STAT\n", 2877 __func__); 2878 s->end_transfer_fn_idx = 2; 2879 } else { 2880 s->end_transfer_fn_idx = idx; 2881 } 2882 2883 return 0; 2884 } 2885 2886 static bool ide_drive_pio_state_needed(void *opaque) 2887 { 2888 IDEState *s = opaque; 2889 2890 return ((s->status & DRQ_STAT) != 0) 2891 || (s->bus->error_status & IDE_RETRY_PIO); 2892 } 2893 2894 static bool ide_tray_state_needed(void *opaque) 2895 { 2896 IDEState *s = opaque; 2897 2898 return s->tray_open || s->tray_locked; 2899 } 2900 2901 static bool ide_atapi_gesn_needed(void *opaque) 2902 { 2903 IDEState *s = opaque; 2904 2905 return s->events.new_media || s->events.eject_request; 2906 } 2907 2908 static bool ide_error_needed(void *opaque) 2909 { 2910 IDEBus *bus = opaque; 2911 2912 return (bus->error_status != 0); 2913 } 2914 2915 /* Fields for GET_EVENT_STATUS_NOTIFICATION ATAPI command */ 2916 static const VMStateDescription vmstate_ide_atapi_gesn_state = { 2917 .name ="ide_drive/atapi/gesn_state", 2918 .version_id = 1, 2919 .minimum_version_id = 1, 2920 .needed = ide_atapi_gesn_needed, 2921 .fields = (const VMStateField[]) { 2922 VMSTATE_BOOL(events.new_media, IDEState), 2923 VMSTATE_BOOL(events.eject_request, IDEState), 2924 VMSTATE_END_OF_LIST() 2925 } 2926 }; 2927 2928 static const VMStateDescription vmstate_ide_tray_state = { 2929 .name = "ide_drive/tray_state", 2930 .version_id = 1, 2931 .minimum_version_id = 1, 2932 .needed = ide_tray_state_needed, 2933 .fields = (const VMStateField[]) { 2934 VMSTATE_BOOL(tray_open, IDEState), 2935 VMSTATE_BOOL(tray_locked, IDEState), 2936 VMSTATE_END_OF_LIST() 2937 } 2938 }; 2939 2940 static const VMStateDescription vmstate_ide_drive_pio_state = { 2941 .name = "ide_drive/pio_state", 2942 .version_id = 1, 2943 .minimum_version_id = 1, 2944 .pre_save = ide_drive_pio_pre_save, 2945 .post_load = ide_drive_pio_post_load, 2946 .needed = ide_drive_pio_state_needed, 2947 .fields = (const VMStateField[]) { 2948 VMSTATE_INT32(req_nb_sectors, IDEState), 2949 VMSTATE_VARRAY_INT32(io_buffer, IDEState, io_buffer_total_len, 1, 2950 vmstate_info_uint8, uint8_t), 2951 VMSTATE_INT32(cur_io_buffer_offset, IDEState), 2952 VMSTATE_INT32(cur_io_buffer_len, IDEState), 2953 VMSTATE_UINT8(end_transfer_fn_idx, IDEState), 2954 VMSTATE_INT32(elementary_transfer_size, IDEState), 2955 VMSTATE_INT32(packet_transfer_size, IDEState), 2956 VMSTATE_END_OF_LIST() 2957 } 2958 }; 2959 2960 const VMStateDescription vmstate_ide_drive = { 2961 .name = "ide_drive", 2962 .version_id = 3, 2963 .minimum_version_id = 0, 2964 .post_load = ide_drive_post_load, 2965 .fields = (const VMStateField[]) { 2966 VMSTATE_INT32(mult_sectors, IDEState), 2967 VMSTATE_INT32(identify_set, IDEState), 2968 VMSTATE_BUFFER_TEST(identify_data, IDEState, is_identify_set), 2969 VMSTATE_UINT8(feature, IDEState), 2970 VMSTATE_UINT8(error, IDEState), 2971 VMSTATE_UINT32(nsector, IDEState), 2972 VMSTATE_UINT8(sector, IDEState), 2973 VMSTATE_UINT8(lcyl, IDEState), 2974 VMSTATE_UINT8(hcyl, IDEState), 2975 VMSTATE_UINT8(hob_feature, IDEState), 2976 VMSTATE_UINT8(hob_sector, IDEState), 2977 VMSTATE_UINT8(hob_nsector, IDEState), 2978 VMSTATE_UINT8(hob_lcyl, IDEState), 2979 VMSTATE_UINT8(hob_hcyl, IDEState), 2980 VMSTATE_UINT8(select, IDEState), 2981 VMSTATE_UINT8(status, IDEState), 2982 VMSTATE_UINT8(lba48, IDEState), 2983 VMSTATE_UINT8(sense_key, IDEState), 2984 VMSTATE_UINT8(asc, IDEState), 2985 VMSTATE_UINT8_V(cdrom_changed, IDEState, 3), 2986 VMSTATE_END_OF_LIST() 2987 }, 2988 .subsections = (const VMStateDescription * const []) { 2989 &vmstate_ide_drive_pio_state, 2990 &vmstate_ide_tray_state, 2991 &vmstate_ide_atapi_gesn_state, 2992 NULL 2993 } 2994 }; 2995 2996 static const VMStateDescription vmstate_ide_error_status = { 2997 .name ="ide_bus/error", 2998 .version_id = 2, 2999 .minimum_version_id = 1, 3000 .needed = ide_error_needed, 3001 .fields = (const VMStateField[]) { 3002 VMSTATE_INT32(error_status, IDEBus), 3003 VMSTATE_INT64_V(retry_sector_num, IDEBus, 2), 3004 VMSTATE_UINT32_V(retry_nsector, IDEBus, 2), 3005 VMSTATE_UINT8_V(retry_unit, IDEBus, 2), 3006 VMSTATE_END_OF_LIST() 3007 } 3008 }; 3009 3010 const VMStateDescription vmstate_ide_bus = { 3011 .name = "ide_bus", 3012 .version_id = 1, 3013 .minimum_version_id = 1, 3014 .fields = (const VMStateField[]) { 3015 VMSTATE_UINT8(cmd, IDEBus), 3016 VMSTATE_UINT8(unit, IDEBus), 3017 VMSTATE_END_OF_LIST() 3018 }, 3019 .subsections = (const VMStateDescription * const []) { 3020 &vmstate_ide_error_status, 3021 NULL 3022 } 3023 }; 3024 3025 void ide_drive_get(DriveInfo **hd, int n) 3026 { 3027 int i; 3028 3029 for (i = 0; i < n; i++) { 3030 hd[i] = drive_get_by_index(IF_IDE, i); 3031 } 3032 } 3033