xref: /openbmc/qemu/hw/ide/core.c (revision 6b034aa1)
1 /*
2  * QEMU IDE disk and CD/DVD-ROM Emulator
3  *
4  * Copyright (c) 2003 Fabrice Bellard
5  * Copyright (c) 2006 Openedhand Ltd.
6  *
7  * Permission is hereby granted, free of charge, to any person obtaining a copy
8  * of this software and associated documentation files (the "Software"), to deal
9  * in the Software without restriction, including without limitation the rights
10  * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
11  * copies of the Software, and to permit persons to whom the Software is
12  * furnished to do so, subject to the following conditions:
13  *
14  * The above copyright notice and this permission notice shall be included in
15  * all copies or substantial portions of the Software.
16  *
17  * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
18  * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
19  * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
20  * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
21  * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
22  * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
23  * THE SOFTWARE.
24  */
25 #include <hw/hw.h>
26 #include <hw/pc.h>
27 #include <hw/pci.h>
28 #include <hw/isa.h>
29 #include "qemu-error.h"
30 #include "qemu-timer.h"
31 #include "sysemu.h"
32 #include "dma.h"
33 #include "blockdev.h"
34 
35 #include <hw/ide/internal.h>
36 
37 /* These values were based on a Seagate ST3500418AS but have been modified
38    to make more sense in QEMU */
39 static const int smart_attributes[][12] = {
40     /* id,  flags, hflags, val, wrst, raw (6 bytes), threshold */
41     /* raw read error rate*/
42     { 0x01, 0x03, 0x00, 0x64, 0x64, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x06},
43     /* spin up */
44     { 0x03, 0x03, 0x00, 0x64, 0x64, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
45     /* start stop count */
46     { 0x04, 0x02, 0x00, 0x64, 0x64, 0x64, 0x00, 0x00, 0x00, 0x00, 0x00, 0x14},
47     /* remapped sectors */
48     { 0x05, 0x03, 0x00, 0x64, 0x64, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x24},
49     /* power on hours */
50     { 0x09, 0x03, 0x00, 0x64, 0x64, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
51     /* power cycle count */
52     { 0x0c, 0x03, 0x00, 0x64, 0x64, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
53     /* airflow-temperature-celsius */
54     { 190,  0x03, 0x00, 0x45, 0x45, 0x1f, 0x00, 0x1f, 0x1f, 0x00, 0x00, 0x32},
55     /* end of list */
56     { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}
57 };
58 
59 static int ide_handle_rw_error(IDEState *s, int error, int op);
60 static void ide_dummy_transfer_stop(IDEState *s);
61 
62 static void padstr(char *str, const char *src, int len)
63 {
64     int i, v;
65     for(i = 0; i < len; i++) {
66         if (*src)
67             v = *src++;
68         else
69             v = ' ';
70         str[i^1] = v;
71     }
72 }
73 
74 static void put_le16(uint16_t *p, unsigned int v)
75 {
76     *p = cpu_to_le16(v);
77 }
78 
79 static void ide_identify(IDEState *s)
80 {
81     uint16_t *p;
82     unsigned int oldsize;
83     IDEDevice *dev = s->unit ? s->bus->slave : s->bus->master;
84 
85     if (s->identify_set) {
86 	memcpy(s->io_buffer, s->identify_data, sizeof(s->identify_data));
87 	return;
88     }
89 
90     memset(s->io_buffer, 0, 512);
91     p = (uint16_t *)s->io_buffer;
92     put_le16(p + 0, 0x0040);
93     put_le16(p + 1, s->cylinders);
94     put_le16(p + 3, s->heads);
95     put_le16(p + 4, 512 * s->sectors); /* XXX: retired, remove ? */
96     put_le16(p + 5, 512); /* XXX: retired, remove ? */
97     put_le16(p + 6, s->sectors);
98     padstr((char *)(p + 10), s->drive_serial_str, 20); /* serial number */
99     put_le16(p + 20, 3); /* XXX: retired, remove ? */
100     put_le16(p + 21, 512); /* cache size in sectors */
101     put_le16(p + 22, 4); /* ecc bytes */
102     padstr((char *)(p + 23), s->version, 8); /* firmware version */
103     padstr((char *)(p + 27), s->drive_model_str, 40); /* model */
104 #if MAX_MULT_SECTORS > 1
105     put_le16(p + 47, 0x8000 | MAX_MULT_SECTORS);
106 #endif
107     put_le16(p + 48, 1); /* dword I/O */
108     put_le16(p + 49, (1 << 11) | (1 << 9) | (1 << 8)); /* DMA and LBA supported */
109     put_le16(p + 51, 0x200); /* PIO transfer cycle */
110     put_le16(p + 52, 0x200); /* DMA transfer cycle */
111     put_le16(p + 53, 1 | (1 << 1) | (1 << 2)); /* words 54-58,64-70,88 are valid */
112     put_le16(p + 54, s->cylinders);
113     put_le16(p + 55, s->heads);
114     put_le16(p + 56, s->sectors);
115     oldsize = s->cylinders * s->heads * s->sectors;
116     put_le16(p + 57, oldsize);
117     put_le16(p + 58, oldsize >> 16);
118     if (s->mult_sectors)
119         put_le16(p + 59, 0x100 | s->mult_sectors);
120     put_le16(p + 60, s->nb_sectors);
121     put_le16(p + 61, s->nb_sectors >> 16);
122     put_le16(p + 62, 0x07); /* single word dma0-2 supported */
123     put_le16(p + 63, 0x07); /* mdma0-2 supported */
124     put_le16(p + 64, 0x03); /* pio3-4 supported */
125     put_le16(p + 65, 120);
126     put_le16(p + 66, 120);
127     put_le16(p + 67, 120);
128     put_le16(p + 68, 120);
129     if (dev && dev->conf.discard_granularity) {
130         put_le16(p + 69, (1 << 14)); /* determinate TRIM behavior */
131     }
132 
133     if (s->ncq_queues) {
134         put_le16(p + 75, s->ncq_queues - 1);
135         /* NCQ supported */
136         put_le16(p + 76, (1 << 8));
137     }
138 
139     put_le16(p + 80, 0xf0); /* ata3 -> ata6 supported */
140     put_le16(p + 81, 0x16); /* conforms to ata5 */
141     /* 14=NOP supported, 5=WCACHE supported, 0=SMART supported */
142     put_le16(p + 82, (1 << 14) | (1 << 5) | 1);
143     /* 13=flush_cache_ext,12=flush_cache,10=lba48 */
144     put_le16(p + 83, (1 << 14) | (1 << 13) | (1 <<12) | (1 << 10));
145     /* 14=set to 1, 8=has WWN, 1=SMART self test, 0=SMART error logging */
146     if (s->wwn) {
147         put_le16(p + 84, (1 << 14) | (1 << 8) | 0);
148     } else {
149         put_le16(p + 84, (1 << 14) | 0);
150     }
151     /* 14 = NOP supported, 5=WCACHE enabled, 0=SMART feature set enabled */
152     if (bdrv_enable_write_cache(s->bs))
153          put_le16(p + 85, (1 << 14) | (1 << 5) | 1);
154     else
155          put_le16(p + 85, (1 << 14) | 1);
156     /* 13=flush_cache_ext,12=flush_cache,10=lba48 */
157     put_le16(p + 86, (1 << 13) | (1 <<12) | (1 << 10));
158     /* 14=set to 1, 8=has WWN, 1=SMART self test, 0=SMART error logging */
159     if (s->wwn) {
160         put_le16(p + 87, (1 << 14) | (1 << 8) | 0);
161     } else {
162         put_le16(p + 87, (1 << 14) | 0);
163     }
164     put_le16(p + 88, 0x3f | (1 << 13)); /* udma5 set and supported */
165     put_le16(p + 93, 1 | (1 << 14) | 0x2000);
166     put_le16(p + 100, s->nb_sectors);
167     put_le16(p + 101, s->nb_sectors >> 16);
168     put_le16(p + 102, s->nb_sectors >> 32);
169     put_le16(p + 103, s->nb_sectors >> 48);
170 
171     if (dev && dev->conf.physical_block_size)
172         put_le16(p + 106, 0x6000 | get_physical_block_exp(&dev->conf));
173     if (s->wwn) {
174         /* LE 16-bit words 111-108 contain 64-bit World Wide Name */
175         put_le16(p + 108, s->wwn >> 48);
176         put_le16(p + 109, s->wwn >> 32);
177         put_le16(p + 110, s->wwn >> 16);
178         put_le16(p + 111, s->wwn);
179     }
180     if (dev && dev->conf.discard_granularity) {
181         put_le16(p + 169, 1); /* TRIM support */
182     }
183 
184     memcpy(s->identify_data, p, sizeof(s->identify_data));
185     s->identify_set = 1;
186 }
187 
188 static void ide_atapi_identify(IDEState *s)
189 {
190     uint16_t *p;
191 
192     if (s->identify_set) {
193 	memcpy(s->io_buffer, s->identify_data, sizeof(s->identify_data));
194 	return;
195     }
196 
197     memset(s->io_buffer, 0, 512);
198     p = (uint16_t *)s->io_buffer;
199     /* Removable CDROM, 50us response, 12 byte packets */
200     put_le16(p + 0, (2 << 14) | (5 << 8) | (1 << 7) | (2 << 5) | (0 << 0));
201     padstr((char *)(p + 10), s->drive_serial_str, 20); /* serial number */
202     put_le16(p + 20, 3); /* buffer type */
203     put_le16(p + 21, 512); /* cache size in sectors */
204     put_le16(p + 22, 4); /* ecc bytes */
205     padstr((char *)(p + 23), s->version, 8); /* firmware version */
206     padstr((char *)(p + 27), s->drive_model_str, 40); /* model */
207     put_le16(p + 48, 1); /* dword I/O (XXX: should not be set on CDROM) */
208 #ifdef USE_DMA_CDROM
209     put_le16(p + 49, 1 << 9 | 1 << 8); /* DMA and LBA supported */
210     put_le16(p + 53, 7); /* words 64-70, 54-58, 88 valid */
211     put_le16(p + 62, 7);  /* single word dma0-2 supported */
212     put_le16(p + 63, 7);  /* mdma0-2 supported */
213 #else
214     put_le16(p + 49, 1 << 9); /* LBA supported, no DMA */
215     put_le16(p + 53, 3); /* words 64-70, 54-58 valid */
216     put_le16(p + 63, 0x103); /* DMA modes XXX: may be incorrect */
217 #endif
218     put_le16(p + 64, 3); /* pio3-4 supported */
219     put_le16(p + 65, 0xb4); /* minimum DMA multiword tx cycle time */
220     put_le16(p + 66, 0xb4); /* recommended DMA multiword tx cycle time */
221     put_le16(p + 67, 0x12c); /* minimum PIO cycle time without flow control */
222     put_le16(p + 68, 0xb4); /* minimum PIO cycle time with IORDY flow control */
223 
224     put_le16(p + 71, 30); /* in ns */
225     put_le16(p + 72, 30); /* in ns */
226 
227     if (s->ncq_queues) {
228         put_le16(p + 75, s->ncq_queues - 1);
229         /* NCQ supported */
230         put_le16(p + 76, (1 << 8));
231     }
232 
233     put_le16(p + 80, 0x1e); /* support up to ATA/ATAPI-4 */
234 #ifdef USE_DMA_CDROM
235     put_le16(p + 88, 0x3f | (1 << 13)); /* udma5 set and supported */
236 #endif
237     memcpy(s->identify_data, p, sizeof(s->identify_data));
238     s->identify_set = 1;
239 }
240 
241 static void ide_cfata_identify(IDEState *s)
242 {
243     uint16_t *p;
244     uint32_t cur_sec;
245 
246     p = (uint16_t *) s->identify_data;
247     if (s->identify_set)
248         goto fill_buffer;
249 
250     memset(p, 0, sizeof(s->identify_data));
251 
252     cur_sec = s->cylinders * s->heads * s->sectors;
253 
254     put_le16(p + 0, 0x848a);			/* CF Storage Card signature */
255     put_le16(p + 1, s->cylinders);		/* Default cylinders */
256     put_le16(p + 3, s->heads);			/* Default heads */
257     put_le16(p + 6, s->sectors);		/* Default sectors per track */
258     put_le16(p + 7, s->nb_sectors >> 16);	/* Sectors per card */
259     put_le16(p + 8, s->nb_sectors);		/* Sectors per card */
260     padstr((char *)(p + 10), s->drive_serial_str, 20); /* serial number */
261     put_le16(p + 22, 0x0004);			/* ECC bytes */
262     padstr((char *) (p + 23), s->version, 8);	/* Firmware Revision */
263     padstr((char *) (p + 27), s->drive_model_str, 40);/* Model number */
264 #if MAX_MULT_SECTORS > 1
265     put_le16(p + 47, 0x8000 | MAX_MULT_SECTORS);
266 #else
267     put_le16(p + 47, 0x0000);
268 #endif
269     put_le16(p + 49, 0x0f00);			/* Capabilities */
270     put_le16(p + 51, 0x0002);			/* PIO cycle timing mode */
271     put_le16(p + 52, 0x0001);			/* DMA cycle timing mode */
272     put_le16(p + 53, 0x0003);			/* Translation params valid */
273     put_le16(p + 54, s->cylinders);		/* Current cylinders */
274     put_le16(p + 55, s->heads);			/* Current heads */
275     put_le16(p + 56, s->sectors);		/* Current sectors */
276     put_le16(p + 57, cur_sec);			/* Current capacity */
277     put_le16(p + 58, cur_sec >> 16);		/* Current capacity */
278     if (s->mult_sectors)			/* Multiple sector setting */
279         put_le16(p + 59, 0x100 | s->mult_sectors);
280     put_le16(p + 60, s->nb_sectors);		/* Total LBA sectors */
281     put_le16(p + 61, s->nb_sectors >> 16);	/* Total LBA sectors */
282     put_le16(p + 63, 0x0203);			/* Multiword DMA capability */
283     put_le16(p + 64, 0x0001);			/* Flow Control PIO support */
284     put_le16(p + 65, 0x0096);			/* Min. Multiword DMA cycle */
285     put_le16(p + 66, 0x0096);			/* Rec. Multiword DMA cycle */
286     put_le16(p + 68, 0x00b4);			/* Min. PIO cycle time */
287     put_le16(p + 82, 0x400c);			/* Command Set supported */
288     put_le16(p + 83, 0x7068);			/* Command Set supported */
289     put_le16(p + 84, 0x4000);			/* Features supported */
290     put_le16(p + 85, 0x000c);			/* Command Set enabled */
291     put_le16(p + 86, 0x7044);			/* Command Set enabled */
292     put_le16(p + 87, 0x4000);			/* Features enabled */
293     put_le16(p + 91, 0x4060);			/* Current APM level */
294     put_le16(p + 129, 0x0002);			/* Current features option */
295     put_le16(p + 130, 0x0005);			/* Reassigned sectors */
296     put_le16(p + 131, 0x0001);			/* Initial power mode */
297     put_le16(p + 132, 0x0000);			/* User signature */
298     put_le16(p + 160, 0x8100);			/* Power requirement */
299     put_le16(p + 161, 0x8001);			/* CF command set */
300 
301     s->identify_set = 1;
302 
303 fill_buffer:
304     memcpy(s->io_buffer, p, sizeof(s->identify_data));
305 }
306 
307 static void ide_set_signature(IDEState *s)
308 {
309     s->select &= 0xf0; /* clear head */
310     /* put signature */
311     s->nsector = 1;
312     s->sector = 1;
313     if (s->drive_kind == IDE_CD) {
314         s->lcyl = 0x14;
315         s->hcyl = 0xeb;
316     } else if (s->bs) {
317         s->lcyl = 0;
318         s->hcyl = 0;
319     } else {
320         s->lcyl = 0xff;
321         s->hcyl = 0xff;
322     }
323 }
324 
325 typedef struct TrimAIOCB {
326     BlockDriverAIOCB common;
327     QEMUBH *bh;
328     int ret;
329 } TrimAIOCB;
330 
331 static void trim_aio_cancel(BlockDriverAIOCB *acb)
332 {
333     TrimAIOCB *iocb = container_of(acb, TrimAIOCB, common);
334 
335     qemu_bh_delete(iocb->bh);
336     iocb->bh = NULL;
337     qemu_aio_release(iocb);
338 }
339 
340 static AIOPool trim_aio_pool = {
341     .aiocb_size         = sizeof(TrimAIOCB),
342     .cancel             = trim_aio_cancel,
343 };
344 
345 static void ide_trim_bh_cb(void *opaque)
346 {
347     TrimAIOCB *iocb = opaque;
348 
349     iocb->common.cb(iocb->common.opaque, iocb->ret);
350 
351     qemu_bh_delete(iocb->bh);
352     iocb->bh = NULL;
353 
354     qemu_aio_release(iocb);
355 }
356 
357 BlockDriverAIOCB *ide_issue_trim(BlockDriverState *bs,
358         int64_t sector_num, QEMUIOVector *qiov, int nb_sectors,
359         BlockDriverCompletionFunc *cb, void *opaque)
360 {
361     TrimAIOCB *iocb;
362     int i, j, ret;
363 
364     iocb = qemu_aio_get(&trim_aio_pool, bs, cb, opaque);
365     iocb->bh = qemu_bh_new(ide_trim_bh_cb, iocb);
366     iocb->ret = 0;
367 
368     for (j = 0; j < qiov->niov; j++) {
369         uint64_t *buffer = qiov->iov[j].iov_base;
370 
371         for (i = 0; i < qiov->iov[j].iov_len / 8; i++) {
372             /* 6-byte LBA + 2-byte range per entry */
373             uint64_t entry = le64_to_cpu(buffer[i]);
374             uint64_t sector = entry & 0x0000ffffffffffffULL;
375             uint16_t count = entry >> 48;
376 
377             if (count == 0) {
378                 break;
379             }
380 
381             ret = bdrv_discard(bs, sector, count);
382             if (!iocb->ret) {
383                 iocb->ret = ret;
384             }
385         }
386     }
387 
388     qemu_bh_schedule(iocb->bh);
389 
390     return &iocb->common;
391 }
392 
393 static inline void ide_abort_command(IDEState *s)
394 {
395     s->status = READY_STAT | ERR_STAT;
396     s->error = ABRT_ERR;
397 }
398 
399 /* prepare data transfer and tell what to do after */
400 void ide_transfer_start(IDEState *s, uint8_t *buf, int size,
401                         EndTransferFunc *end_transfer_func)
402 {
403     s->end_transfer_func = end_transfer_func;
404     s->data_ptr = buf;
405     s->data_end = buf + size;
406     if (!(s->status & ERR_STAT)) {
407         s->status |= DRQ_STAT;
408     }
409     s->bus->dma->ops->start_transfer(s->bus->dma);
410 }
411 
412 void ide_transfer_stop(IDEState *s)
413 {
414     s->end_transfer_func = ide_transfer_stop;
415     s->data_ptr = s->io_buffer;
416     s->data_end = s->io_buffer;
417     s->status &= ~DRQ_STAT;
418 }
419 
420 int64_t ide_get_sector(IDEState *s)
421 {
422     int64_t sector_num;
423     if (s->select & 0x40) {
424         /* lba */
425 	if (!s->lba48) {
426 	    sector_num = ((s->select & 0x0f) << 24) | (s->hcyl << 16) |
427 		(s->lcyl << 8) | s->sector;
428 	} else {
429 	    sector_num = ((int64_t)s->hob_hcyl << 40) |
430 		((int64_t) s->hob_lcyl << 32) |
431 		((int64_t) s->hob_sector << 24) |
432 		((int64_t) s->hcyl << 16) |
433 		((int64_t) s->lcyl << 8) | s->sector;
434 	}
435     } else {
436         sector_num = ((s->hcyl << 8) | s->lcyl) * s->heads * s->sectors +
437             (s->select & 0x0f) * s->sectors + (s->sector - 1);
438     }
439     return sector_num;
440 }
441 
442 void ide_set_sector(IDEState *s, int64_t sector_num)
443 {
444     unsigned int cyl, r;
445     if (s->select & 0x40) {
446 	if (!s->lba48) {
447             s->select = (s->select & 0xf0) | (sector_num >> 24);
448             s->hcyl = (sector_num >> 16);
449             s->lcyl = (sector_num >> 8);
450             s->sector = (sector_num);
451 	} else {
452 	    s->sector = sector_num;
453 	    s->lcyl = sector_num >> 8;
454 	    s->hcyl = sector_num >> 16;
455 	    s->hob_sector = sector_num >> 24;
456 	    s->hob_lcyl = sector_num >> 32;
457 	    s->hob_hcyl = sector_num >> 40;
458 	}
459     } else {
460         cyl = sector_num / (s->heads * s->sectors);
461         r = sector_num % (s->heads * s->sectors);
462         s->hcyl = cyl >> 8;
463         s->lcyl = cyl;
464         s->select = (s->select & 0xf0) | ((r / s->sectors) & 0x0f);
465         s->sector = (r % s->sectors) + 1;
466     }
467 }
468 
469 static void ide_rw_error(IDEState *s) {
470     ide_abort_command(s);
471     ide_set_irq(s->bus);
472 }
473 
474 void ide_sector_read(IDEState *s)
475 {
476     int64_t sector_num;
477     int ret, n;
478 
479     s->status = READY_STAT | SEEK_STAT;
480     s->error = 0; /* not needed by IDE spec, but needed by Windows */
481     sector_num = ide_get_sector(s);
482     n = s->nsector;
483     if (n == 0) {
484         /* no more sector to read from disk */
485         ide_transfer_stop(s);
486     } else {
487 #if defined(DEBUG_IDE)
488         printf("read sector=%" PRId64 "\n", sector_num);
489 #endif
490         if (n > s->req_nb_sectors)
491             n = s->req_nb_sectors;
492 
493         bdrv_acct_start(s->bs, &s->acct, n * BDRV_SECTOR_SIZE, BDRV_ACCT_READ);
494         ret = bdrv_read(s->bs, sector_num, s->io_buffer, n);
495         bdrv_acct_done(s->bs, &s->acct);
496         if (ret != 0) {
497             if (ide_handle_rw_error(s, -ret,
498                 BM_STATUS_PIO_RETRY | BM_STATUS_RETRY_READ))
499             {
500                 return;
501             }
502         }
503         ide_transfer_start(s, s->io_buffer, 512 * n, ide_sector_read);
504         ide_set_irq(s->bus);
505         ide_set_sector(s, sector_num + n);
506         s->nsector -= n;
507     }
508 }
509 
510 static void dma_buf_commit(IDEState *s)
511 {
512     qemu_sglist_destroy(&s->sg);
513 }
514 
515 void ide_set_inactive(IDEState *s)
516 {
517     s->bus->dma->aiocb = NULL;
518     s->bus->dma->ops->set_inactive(s->bus->dma);
519 }
520 
521 void ide_dma_error(IDEState *s)
522 {
523     ide_transfer_stop(s);
524     s->error = ABRT_ERR;
525     s->status = READY_STAT | ERR_STAT;
526     ide_set_inactive(s);
527     ide_set_irq(s->bus);
528 }
529 
530 static int ide_handle_rw_error(IDEState *s, int error, int op)
531 {
532     int is_read = (op & BM_STATUS_RETRY_READ);
533     BlockErrorAction action = bdrv_get_on_error(s->bs, is_read);
534 
535     if (action == BLOCK_ERR_IGNORE) {
536         bdrv_emit_qmp_error_event(s->bs, BDRV_ACTION_IGNORE, is_read);
537         return 0;
538     }
539 
540     if ((error == ENOSPC && action == BLOCK_ERR_STOP_ENOSPC)
541             || action == BLOCK_ERR_STOP_ANY) {
542         s->bus->dma->ops->set_unit(s->bus->dma, s->unit);
543         s->bus->error_status = op;
544         bdrv_emit_qmp_error_event(s->bs, BDRV_ACTION_STOP, is_read);
545         vm_stop(RUN_STATE_IO_ERROR);
546         bdrv_iostatus_set_err(s->bs, error);
547     } else {
548         if (op & BM_STATUS_DMA_RETRY) {
549             dma_buf_commit(s);
550             ide_dma_error(s);
551         } else {
552             ide_rw_error(s);
553         }
554         bdrv_emit_qmp_error_event(s->bs, BDRV_ACTION_REPORT, is_read);
555     }
556 
557     return 1;
558 }
559 
560 void ide_dma_cb(void *opaque, int ret)
561 {
562     IDEState *s = opaque;
563     int n;
564     int64_t sector_num;
565 
566     if (ret < 0) {
567         int op = BM_STATUS_DMA_RETRY;
568 
569         if (s->dma_cmd == IDE_DMA_READ)
570             op |= BM_STATUS_RETRY_READ;
571         else if (s->dma_cmd == IDE_DMA_TRIM)
572             op |= BM_STATUS_RETRY_TRIM;
573 
574         if (ide_handle_rw_error(s, -ret, op)) {
575             return;
576         }
577     }
578 
579     n = s->io_buffer_size >> 9;
580     sector_num = ide_get_sector(s);
581     if (n > 0) {
582         dma_buf_commit(s);
583         sector_num += n;
584         ide_set_sector(s, sector_num);
585         s->nsector -= n;
586     }
587 
588     /* end of transfer ? */
589     if (s->nsector == 0) {
590         s->status = READY_STAT | SEEK_STAT;
591         ide_set_irq(s->bus);
592         goto eot;
593     }
594 
595     /* launch next transfer */
596     n = s->nsector;
597     s->io_buffer_index = 0;
598     s->io_buffer_size = n * 512;
599     if (s->bus->dma->ops->prepare_buf(s->bus->dma, ide_cmd_is_read(s)) == 0) {
600         /* The PRDs were too short. Reset the Active bit, but don't raise an
601          * interrupt. */
602         goto eot;
603     }
604 
605 #ifdef DEBUG_AIO
606     printf("ide_dma_cb: sector_num=%" PRId64 " n=%d, cmd_cmd=%d\n",
607            sector_num, n, s->dma_cmd);
608 #endif
609 
610     switch (s->dma_cmd) {
611     case IDE_DMA_READ:
612         s->bus->dma->aiocb = dma_bdrv_read(s->bs, &s->sg, sector_num,
613                                            ide_dma_cb, s);
614         break;
615     case IDE_DMA_WRITE:
616         s->bus->dma->aiocb = dma_bdrv_write(s->bs, &s->sg, sector_num,
617                                             ide_dma_cb, s);
618         break;
619     case IDE_DMA_TRIM:
620         s->bus->dma->aiocb = dma_bdrv_io(s->bs, &s->sg, sector_num,
621                                          ide_issue_trim, ide_dma_cb, s,
622                                          DMA_DIRECTION_TO_DEVICE);
623         break;
624     }
625     return;
626 
627 eot:
628     if (s->dma_cmd == IDE_DMA_READ || s->dma_cmd == IDE_DMA_WRITE) {
629         bdrv_acct_done(s->bs, &s->acct);
630     }
631     ide_set_inactive(s);
632 }
633 
634 static void ide_sector_start_dma(IDEState *s, enum ide_dma_cmd dma_cmd)
635 {
636     s->status = READY_STAT | SEEK_STAT | DRQ_STAT | BUSY_STAT;
637     s->io_buffer_index = 0;
638     s->io_buffer_size = 0;
639     s->dma_cmd = dma_cmd;
640 
641     switch (dma_cmd) {
642     case IDE_DMA_READ:
643         bdrv_acct_start(s->bs, &s->acct, s->nsector * BDRV_SECTOR_SIZE,
644                         BDRV_ACCT_READ);
645         break;
646     case IDE_DMA_WRITE:
647         bdrv_acct_start(s->bs, &s->acct, s->nsector * BDRV_SECTOR_SIZE,
648                         BDRV_ACCT_WRITE);
649         break;
650     default:
651         break;
652     }
653 
654     s->bus->dma->ops->start_dma(s->bus->dma, s, ide_dma_cb);
655 }
656 
657 static void ide_sector_write_timer_cb(void *opaque)
658 {
659     IDEState *s = opaque;
660     ide_set_irq(s->bus);
661 }
662 
663 void ide_sector_write(IDEState *s)
664 {
665     int64_t sector_num;
666     int ret, n, n1;
667 
668     s->status = READY_STAT | SEEK_STAT;
669     sector_num = ide_get_sector(s);
670 #if defined(DEBUG_IDE)
671     printf("write sector=%" PRId64 "\n", sector_num);
672 #endif
673     n = s->nsector;
674     if (n > s->req_nb_sectors)
675         n = s->req_nb_sectors;
676 
677     bdrv_acct_start(s->bs, &s->acct, n * BDRV_SECTOR_SIZE, BDRV_ACCT_READ);
678     ret = bdrv_write(s->bs, sector_num, s->io_buffer, n);
679     bdrv_acct_done(s->bs, &s->acct);
680 
681     if (ret != 0) {
682         if (ide_handle_rw_error(s, -ret, BM_STATUS_PIO_RETRY))
683             return;
684     }
685 
686     s->nsector -= n;
687     if (s->nsector == 0) {
688         /* no more sectors to write */
689         ide_transfer_stop(s);
690     } else {
691         n1 = s->nsector;
692         if (n1 > s->req_nb_sectors)
693             n1 = s->req_nb_sectors;
694         ide_transfer_start(s, s->io_buffer, 512 * n1, ide_sector_write);
695     }
696     ide_set_sector(s, sector_num + n);
697 
698     if (win2k_install_hack && ((++s->irq_count % 16) == 0)) {
699         /* It seems there is a bug in the Windows 2000 installer HDD
700            IDE driver which fills the disk with empty logs when the
701            IDE write IRQ comes too early. This hack tries to correct
702            that at the expense of slower write performances. Use this
703            option _only_ to install Windows 2000. You must disable it
704            for normal use. */
705         qemu_mod_timer(s->sector_write_timer,
706                        qemu_get_clock_ns(vm_clock) + (get_ticks_per_sec() / 1000));
707     } else {
708         ide_set_irq(s->bus);
709     }
710 }
711 
712 static void ide_flush_cb(void *opaque, int ret)
713 {
714     IDEState *s = opaque;
715 
716     if (ret < 0) {
717         /* XXX: What sector number to set here? */
718         if (ide_handle_rw_error(s, -ret, BM_STATUS_RETRY_FLUSH)) {
719             return;
720         }
721     }
722 
723     bdrv_acct_done(s->bs, &s->acct);
724     s->status = READY_STAT | SEEK_STAT;
725     ide_set_irq(s->bus);
726 }
727 
728 void ide_flush_cache(IDEState *s)
729 {
730     if (s->bs == NULL) {
731         ide_flush_cb(s, 0);
732         return;
733     }
734 
735     bdrv_acct_start(s->bs, &s->acct, 0, BDRV_ACCT_FLUSH);
736     bdrv_aio_flush(s->bs, ide_flush_cb, s);
737 }
738 
739 static void ide_cfata_metadata_inquiry(IDEState *s)
740 {
741     uint16_t *p;
742     uint32_t spd;
743 
744     p = (uint16_t *) s->io_buffer;
745     memset(p, 0, 0x200);
746     spd = ((s->mdata_size - 1) >> 9) + 1;
747 
748     put_le16(p + 0, 0x0001);			/* Data format revision */
749     put_le16(p + 1, 0x0000);			/* Media property: silicon */
750     put_le16(p + 2, s->media_changed);		/* Media status */
751     put_le16(p + 3, s->mdata_size & 0xffff);	/* Capacity in bytes (low) */
752     put_le16(p + 4, s->mdata_size >> 16);	/* Capacity in bytes (high) */
753     put_le16(p + 5, spd & 0xffff);		/* Sectors per device (low) */
754     put_le16(p + 6, spd >> 16);			/* Sectors per device (high) */
755 }
756 
757 static void ide_cfata_metadata_read(IDEState *s)
758 {
759     uint16_t *p;
760 
761     if (((s->hcyl << 16) | s->lcyl) << 9 > s->mdata_size + 2) {
762         s->status = ERR_STAT;
763         s->error = ABRT_ERR;
764         return;
765     }
766 
767     p = (uint16_t *) s->io_buffer;
768     memset(p, 0, 0x200);
769 
770     put_le16(p + 0, s->media_changed);		/* Media status */
771     memcpy(p + 1, s->mdata_storage + (((s->hcyl << 16) | s->lcyl) << 9),
772                     MIN(MIN(s->mdata_size - (((s->hcyl << 16) | s->lcyl) << 9),
773                                     s->nsector << 9), 0x200 - 2));
774 }
775 
776 static void ide_cfata_metadata_write(IDEState *s)
777 {
778     if (((s->hcyl << 16) | s->lcyl) << 9 > s->mdata_size + 2) {
779         s->status = ERR_STAT;
780         s->error = ABRT_ERR;
781         return;
782     }
783 
784     s->media_changed = 0;
785 
786     memcpy(s->mdata_storage + (((s->hcyl << 16) | s->lcyl) << 9),
787                     s->io_buffer + 2,
788                     MIN(MIN(s->mdata_size - (((s->hcyl << 16) | s->lcyl) << 9),
789                                     s->nsector << 9), 0x200 - 2));
790 }
791 
792 /* called when the inserted state of the media has changed */
793 static void ide_cd_change_cb(void *opaque, bool load)
794 {
795     IDEState *s = opaque;
796     uint64_t nb_sectors;
797 
798     s->tray_open = !load;
799     bdrv_get_geometry(s->bs, &nb_sectors);
800     s->nb_sectors = nb_sectors;
801 
802     /*
803      * First indicate to the guest that a CD has been removed.  That's
804      * done on the next command the guest sends us.
805      *
806      * Then we set UNIT_ATTENTION, by which the guest will
807      * detect a new CD in the drive.  See ide_atapi_cmd() for details.
808      */
809     s->cdrom_changed = 1;
810     s->events.new_media = true;
811     s->events.eject_request = false;
812     ide_set_irq(s->bus);
813 }
814 
815 static void ide_cd_eject_request_cb(void *opaque, bool force)
816 {
817     IDEState *s = opaque;
818 
819     s->events.eject_request = true;
820     if (force) {
821         s->tray_locked = false;
822     }
823     ide_set_irq(s->bus);
824 }
825 
826 static void ide_cmd_lba48_transform(IDEState *s, int lba48)
827 {
828     s->lba48 = lba48;
829 
830     /* handle the 'magic' 0 nsector count conversion here. to avoid
831      * fiddling with the rest of the read logic, we just store the
832      * full sector count in ->nsector and ignore ->hob_nsector from now
833      */
834     if (!s->lba48) {
835 	if (!s->nsector)
836 	    s->nsector = 256;
837     } else {
838 	if (!s->nsector && !s->hob_nsector)
839 	    s->nsector = 65536;
840 	else {
841 	    int lo = s->nsector;
842 	    int hi = s->hob_nsector;
843 
844 	    s->nsector = (hi << 8) | lo;
845 	}
846     }
847 }
848 
849 static void ide_clear_hob(IDEBus *bus)
850 {
851     /* any write clears HOB high bit of device control register */
852     bus->ifs[0].select &= ~(1 << 7);
853     bus->ifs[1].select &= ~(1 << 7);
854 }
855 
856 void ide_ioport_write(void *opaque, uint32_t addr, uint32_t val)
857 {
858     IDEBus *bus = opaque;
859 
860 #ifdef DEBUG_IDE
861     printf("IDE: write addr=0x%x val=0x%02x\n", addr, val);
862 #endif
863 
864     addr &= 7;
865 
866     /* ignore writes to command block while busy with previous command */
867     if (addr != 7 && (idebus_active_if(bus)->status & (BUSY_STAT|DRQ_STAT)))
868         return;
869 
870     switch(addr) {
871     case 0:
872         break;
873     case 1:
874 	ide_clear_hob(bus);
875         /* NOTE: data is written to the two drives */
876 	bus->ifs[0].hob_feature = bus->ifs[0].feature;
877 	bus->ifs[1].hob_feature = bus->ifs[1].feature;
878         bus->ifs[0].feature = val;
879         bus->ifs[1].feature = val;
880         break;
881     case 2:
882 	ide_clear_hob(bus);
883 	bus->ifs[0].hob_nsector = bus->ifs[0].nsector;
884 	bus->ifs[1].hob_nsector = bus->ifs[1].nsector;
885         bus->ifs[0].nsector = val;
886         bus->ifs[1].nsector = val;
887         break;
888     case 3:
889 	ide_clear_hob(bus);
890 	bus->ifs[0].hob_sector = bus->ifs[0].sector;
891 	bus->ifs[1].hob_sector = bus->ifs[1].sector;
892         bus->ifs[0].sector = val;
893         bus->ifs[1].sector = val;
894         break;
895     case 4:
896 	ide_clear_hob(bus);
897 	bus->ifs[0].hob_lcyl = bus->ifs[0].lcyl;
898 	bus->ifs[1].hob_lcyl = bus->ifs[1].lcyl;
899         bus->ifs[0].lcyl = val;
900         bus->ifs[1].lcyl = val;
901         break;
902     case 5:
903 	ide_clear_hob(bus);
904 	bus->ifs[0].hob_hcyl = bus->ifs[0].hcyl;
905 	bus->ifs[1].hob_hcyl = bus->ifs[1].hcyl;
906         bus->ifs[0].hcyl = val;
907         bus->ifs[1].hcyl = val;
908         break;
909     case 6:
910 	/* FIXME: HOB readback uses bit 7 */
911         bus->ifs[0].select = (val & ~0x10) | 0xa0;
912         bus->ifs[1].select = (val | 0x10) | 0xa0;
913         /* select drive */
914         bus->unit = (val >> 4) & 1;
915         break;
916     default:
917     case 7:
918         /* command */
919         ide_exec_cmd(bus, val);
920         break;
921     }
922 }
923 
924 #define HD_OK (1u << IDE_HD)
925 #define CD_OK (1u << IDE_CD)
926 #define CFA_OK (1u << IDE_CFATA)
927 #define HD_CFA_OK (HD_OK | CFA_OK)
928 #define ALL_OK (HD_OK | CD_OK | CFA_OK)
929 
930 /* See ACS-2 T13/2015-D Table B.2 Command codes */
931 static const uint8_t ide_cmd_table[0x100] = {
932     /* NOP not implemented, mandatory for CD */
933     [CFA_REQ_EXT_ERROR_CODE]            = CFA_OK,
934     [WIN_DSM]                           = ALL_OK,
935     [WIN_DEVICE_RESET]                  = CD_OK,
936     [WIN_RECAL]                         = HD_CFA_OK,
937     [WIN_READ]                          = ALL_OK,
938     [WIN_READ_ONCE]                     = ALL_OK,
939     [WIN_READ_EXT]                      = HD_CFA_OK,
940     [WIN_READDMA_EXT]                   = HD_CFA_OK,
941     [WIN_READ_NATIVE_MAX_EXT]           = HD_CFA_OK,
942     [WIN_MULTREAD_EXT]                  = HD_CFA_OK,
943     [WIN_WRITE]                         = HD_CFA_OK,
944     [WIN_WRITE_ONCE]                    = HD_CFA_OK,
945     [WIN_WRITE_EXT]                     = HD_CFA_OK,
946     [WIN_WRITEDMA_EXT]                  = HD_CFA_OK,
947     [CFA_WRITE_SECT_WO_ERASE]           = CFA_OK,
948     [WIN_MULTWRITE_EXT]                 = HD_CFA_OK,
949     [WIN_WRITE_VERIFY]                  = HD_CFA_OK,
950     [WIN_VERIFY]                        = HD_CFA_OK,
951     [WIN_VERIFY_ONCE]                   = HD_CFA_OK,
952     [WIN_VERIFY_EXT]                    = HD_CFA_OK,
953     [WIN_SEEK]                          = HD_CFA_OK,
954     [CFA_TRANSLATE_SECTOR]              = CFA_OK,
955     [WIN_DIAGNOSE]                      = ALL_OK,
956     [WIN_SPECIFY]                       = HD_CFA_OK,
957     [WIN_STANDBYNOW2]                   = ALL_OK,
958     [WIN_IDLEIMMEDIATE2]                = ALL_OK,
959     [WIN_STANDBY2]                      = ALL_OK,
960     [WIN_SETIDLE2]                      = ALL_OK,
961     [WIN_CHECKPOWERMODE2]               = ALL_OK,
962     [WIN_SLEEPNOW2]                     = ALL_OK,
963     [WIN_PACKETCMD]                     = CD_OK,
964     [WIN_PIDENTIFY]                     = CD_OK,
965     [WIN_SMART]                         = HD_CFA_OK,
966     [CFA_ACCESS_METADATA_STORAGE]       = CFA_OK,
967     [CFA_ERASE_SECTORS]                 = CFA_OK,
968     [WIN_MULTREAD]                      = HD_CFA_OK,
969     [WIN_MULTWRITE]                     = HD_CFA_OK,
970     [WIN_SETMULT]                       = HD_CFA_OK,
971     [WIN_READDMA]                       = HD_CFA_OK,
972     [WIN_READDMA_ONCE]                  = HD_CFA_OK,
973     [WIN_WRITEDMA]                      = HD_CFA_OK,
974     [WIN_WRITEDMA_ONCE]                 = HD_CFA_OK,
975     [CFA_WRITE_MULTI_WO_ERASE]          = CFA_OK,
976     [WIN_STANDBYNOW1]                   = ALL_OK,
977     [WIN_IDLEIMMEDIATE]                 = ALL_OK,
978     [WIN_STANDBY]                       = ALL_OK,
979     [WIN_SETIDLE1]                      = ALL_OK,
980     [WIN_CHECKPOWERMODE1]               = ALL_OK,
981     [WIN_SLEEPNOW1]                     = ALL_OK,
982     [WIN_FLUSH_CACHE]                   = ALL_OK,
983     [WIN_FLUSH_CACHE_EXT]               = HD_CFA_OK,
984     [WIN_IDENTIFY]                      = ALL_OK,
985     [WIN_SETFEATURES]                   = ALL_OK,
986     [IBM_SENSE_CONDITION]               = CFA_OK,
987     [CFA_WEAR_LEVEL]                    = CFA_OK,
988     [WIN_READ_NATIVE_MAX]               = ALL_OK,
989 };
990 
991 static bool ide_cmd_permitted(IDEState *s, uint32_t cmd)
992 {
993     return cmd < ARRAY_SIZE(ide_cmd_table)
994         && (ide_cmd_table[cmd] & (1u << s->drive_kind));
995 }
996 
997 void ide_exec_cmd(IDEBus *bus, uint32_t val)
998 {
999     IDEState *s;
1000     int n;
1001     int lba48 = 0;
1002 
1003 #if defined(DEBUG_IDE)
1004     printf("ide: CMD=%02x\n", val);
1005 #endif
1006     s = idebus_active_if(bus);
1007     /* ignore commands to non existent slave */
1008     if (s != bus->ifs && !s->bs)
1009         return;
1010 
1011     /* Only DEVICE RESET is allowed while BSY or/and DRQ are set */
1012     if ((s->status & (BUSY_STAT|DRQ_STAT)) && val != WIN_DEVICE_RESET)
1013         return;
1014 
1015     if (!ide_cmd_permitted(s, val)) {
1016         goto abort_cmd;
1017     }
1018 
1019     switch(val) {
1020     case WIN_DSM:
1021         switch (s->feature) {
1022         case DSM_TRIM:
1023             if (!s->bs) {
1024                 goto abort_cmd;
1025             }
1026             ide_sector_start_dma(s, IDE_DMA_TRIM);
1027             break;
1028         default:
1029             goto abort_cmd;
1030         }
1031         break;
1032     case WIN_IDENTIFY:
1033         if (s->bs && s->drive_kind != IDE_CD) {
1034             if (s->drive_kind != IDE_CFATA)
1035                 ide_identify(s);
1036             else
1037                 ide_cfata_identify(s);
1038             s->status = READY_STAT | SEEK_STAT;
1039             ide_transfer_start(s, s->io_buffer, 512, ide_transfer_stop);
1040         } else {
1041             if (s->drive_kind == IDE_CD) {
1042                 ide_set_signature(s);
1043             }
1044             ide_abort_command(s);
1045         }
1046         ide_set_irq(s->bus);
1047         break;
1048     case WIN_SPECIFY:
1049     case WIN_RECAL:
1050         s->error = 0;
1051         s->status = READY_STAT | SEEK_STAT;
1052         ide_set_irq(s->bus);
1053         break;
1054     case WIN_SETMULT:
1055         if (s->drive_kind == IDE_CFATA && s->nsector == 0) {
1056             /* Disable Read and Write Multiple */
1057             s->mult_sectors = 0;
1058             s->status = READY_STAT | SEEK_STAT;
1059         } else if ((s->nsector & 0xff) != 0 &&
1060             ((s->nsector & 0xff) > MAX_MULT_SECTORS ||
1061              (s->nsector & (s->nsector - 1)) != 0)) {
1062             ide_abort_command(s);
1063         } else {
1064             s->mult_sectors = s->nsector & 0xff;
1065             s->status = READY_STAT | SEEK_STAT;
1066         }
1067         ide_set_irq(s->bus);
1068         break;
1069     case WIN_VERIFY_EXT:
1070 	lba48 = 1;
1071     case WIN_VERIFY:
1072     case WIN_VERIFY_ONCE:
1073         /* do sector number check ? */
1074 	ide_cmd_lba48_transform(s, lba48);
1075         s->status = READY_STAT | SEEK_STAT;
1076         ide_set_irq(s->bus);
1077         break;
1078     case WIN_READ_EXT:
1079 	lba48 = 1;
1080     case WIN_READ:
1081     case WIN_READ_ONCE:
1082         if (s->drive_kind == IDE_CD) {
1083             ide_set_signature(s); /* odd, but ATA4 8.27.5.2 requires it */
1084             goto abort_cmd;
1085         }
1086         if (!s->bs) {
1087             goto abort_cmd;
1088         }
1089 	ide_cmd_lba48_transform(s, lba48);
1090         s->req_nb_sectors = 1;
1091         ide_sector_read(s);
1092         break;
1093     case WIN_WRITE_EXT:
1094 	lba48 = 1;
1095     case WIN_WRITE:
1096     case WIN_WRITE_ONCE:
1097     case CFA_WRITE_SECT_WO_ERASE:
1098     case WIN_WRITE_VERIFY:
1099         if (!s->bs) {
1100             goto abort_cmd;
1101         }
1102 	ide_cmd_lba48_transform(s, lba48);
1103         s->error = 0;
1104         s->status = SEEK_STAT | READY_STAT;
1105         s->req_nb_sectors = 1;
1106         ide_transfer_start(s, s->io_buffer, 512, ide_sector_write);
1107         s->media_changed = 1;
1108         break;
1109     case WIN_MULTREAD_EXT:
1110 	lba48 = 1;
1111     case WIN_MULTREAD:
1112         if (!s->bs) {
1113             goto abort_cmd;
1114         }
1115         if (!s->mult_sectors) {
1116             goto abort_cmd;
1117         }
1118 	ide_cmd_lba48_transform(s, lba48);
1119         s->req_nb_sectors = s->mult_sectors;
1120         ide_sector_read(s);
1121         break;
1122     case WIN_MULTWRITE_EXT:
1123 	lba48 = 1;
1124     case WIN_MULTWRITE:
1125     case CFA_WRITE_MULTI_WO_ERASE:
1126         if (!s->bs) {
1127             goto abort_cmd;
1128         }
1129         if (!s->mult_sectors) {
1130             goto abort_cmd;
1131         }
1132 	ide_cmd_lba48_transform(s, lba48);
1133         s->error = 0;
1134         s->status = SEEK_STAT | READY_STAT;
1135         s->req_nb_sectors = s->mult_sectors;
1136         n = s->nsector;
1137         if (n > s->req_nb_sectors)
1138             n = s->req_nb_sectors;
1139         ide_transfer_start(s, s->io_buffer, 512 * n, ide_sector_write);
1140         s->media_changed = 1;
1141         break;
1142     case WIN_READDMA_EXT:
1143 	lba48 = 1;
1144     case WIN_READDMA:
1145     case WIN_READDMA_ONCE:
1146         if (!s->bs) {
1147             goto abort_cmd;
1148         }
1149 	ide_cmd_lba48_transform(s, lba48);
1150         ide_sector_start_dma(s, IDE_DMA_READ);
1151         break;
1152     case WIN_WRITEDMA_EXT:
1153 	lba48 = 1;
1154     case WIN_WRITEDMA:
1155     case WIN_WRITEDMA_ONCE:
1156         if (!s->bs) {
1157             goto abort_cmd;
1158         }
1159 	ide_cmd_lba48_transform(s, lba48);
1160         ide_sector_start_dma(s, IDE_DMA_WRITE);
1161         s->media_changed = 1;
1162         break;
1163     case WIN_READ_NATIVE_MAX_EXT:
1164 	lba48 = 1;
1165     case WIN_READ_NATIVE_MAX:
1166 	ide_cmd_lba48_transform(s, lba48);
1167         ide_set_sector(s, s->nb_sectors - 1);
1168         s->status = READY_STAT | SEEK_STAT;
1169         ide_set_irq(s->bus);
1170         break;
1171     case WIN_CHECKPOWERMODE1:
1172     case WIN_CHECKPOWERMODE2:
1173         s->error = 0;
1174         s->nsector = 0xff; /* device active or idle */
1175         s->status = READY_STAT | SEEK_STAT;
1176         ide_set_irq(s->bus);
1177         break;
1178     case WIN_SETFEATURES:
1179         if (!s->bs)
1180             goto abort_cmd;
1181         /* XXX: valid for CDROM ? */
1182         switch(s->feature) {
1183         case 0xcc: /* reverting to power-on defaults enable */
1184         case 0x66: /* reverting to power-on defaults disable */
1185         case 0x02: /* write cache enable */
1186         case 0x82: /* write cache disable */
1187         case 0xaa: /* read look-ahead enable */
1188         case 0x55: /* read look-ahead disable */
1189         case 0x05: /* set advanced power management mode */
1190         case 0x85: /* disable advanced power management mode */
1191         case 0x69: /* NOP */
1192         case 0x67: /* NOP */
1193         case 0x96: /* NOP */
1194         case 0x9a: /* NOP */
1195         case 0x42: /* enable Automatic Acoustic Mode */
1196         case 0xc2: /* disable Automatic Acoustic Mode */
1197             s->status = READY_STAT | SEEK_STAT;
1198             ide_set_irq(s->bus);
1199             break;
1200         case 0x03: { /* set transfer mode */
1201 		uint8_t val = s->nsector & 0x07;
1202             uint16_t *identify_data = (uint16_t *)s->identify_data;
1203 
1204 		switch (s->nsector >> 3) {
1205 		case 0x00: /* pio default */
1206 		case 0x01: /* pio mode */
1207 			put_le16(identify_data + 62,0x07);
1208 			put_le16(identify_data + 63,0x07);
1209 			put_le16(identify_data + 88,0x3f);
1210 			break;
1211                 case 0x02: /* sigle word dma mode*/
1212 			put_le16(identify_data + 62,0x07 | (1 << (val + 8)));
1213 			put_le16(identify_data + 63,0x07);
1214 			put_le16(identify_data + 88,0x3f);
1215 			break;
1216 		case 0x04: /* mdma mode */
1217 			put_le16(identify_data + 62,0x07);
1218 			put_le16(identify_data + 63,0x07 | (1 << (val + 8)));
1219 			put_le16(identify_data + 88,0x3f);
1220 			break;
1221 		case 0x08: /* udma mode */
1222 			put_le16(identify_data + 62,0x07);
1223 			put_le16(identify_data + 63,0x07);
1224 			put_le16(identify_data + 88,0x3f | (1 << (val + 8)));
1225 			break;
1226 		default:
1227 			goto abort_cmd;
1228 		}
1229             s->status = READY_STAT | SEEK_STAT;
1230             ide_set_irq(s->bus);
1231             break;
1232 	}
1233         default:
1234             goto abort_cmd;
1235         }
1236         break;
1237     case WIN_FLUSH_CACHE:
1238     case WIN_FLUSH_CACHE_EXT:
1239         ide_flush_cache(s);
1240         break;
1241     case WIN_STANDBY:
1242     case WIN_STANDBY2:
1243     case WIN_STANDBYNOW1:
1244     case WIN_STANDBYNOW2:
1245     case WIN_IDLEIMMEDIATE:
1246     case WIN_IDLEIMMEDIATE2:
1247     case WIN_SETIDLE1:
1248     case WIN_SETIDLE2:
1249     case WIN_SLEEPNOW1:
1250     case WIN_SLEEPNOW2:
1251         s->status = READY_STAT;
1252         ide_set_irq(s->bus);
1253         break;
1254     case WIN_SEEK:
1255         /* XXX: Check that seek is within bounds */
1256         s->status = READY_STAT | SEEK_STAT;
1257         ide_set_irq(s->bus);
1258         break;
1259         /* ATAPI commands */
1260     case WIN_PIDENTIFY:
1261         ide_atapi_identify(s);
1262         s->status = READY_STAT | SEEK_STAT;
1263         ide_transfer_start(s, s->io_buffer, 512, ide_transfer_stop);
1264         ide_set_irq(s->bus);
1265         break;
1266     case WIN_DIAGNOSE:
1267         ide_set_signature(s);
1268         if (s->drive_kind == IDE_CD)
1269             s->status = 0; /* ATAPI spec (v6) section 9.10 defines packet
1270                             * devices to return a clear status register
1271                             * with READY_STAT *not* set. */
1272         else
1273             s->status = READY_STAT | SEEK_STAT;
1274         s->error = 0x01; /* Device 0 passed, Device 1 passed or not
1275                           * present.
1276                           */
1277         ide_set_irq(s->bus);
1278         break;
1279     case WIN_DEVICE_RESET:
1280         ide_set_signature(s);
1281         s->status = 0x00; /* NOTE: READY is _not_ set */
1282         s->error = 0x01;
1283         break;
1284     case WIN_PACKETCMD:
1285         /* overlapping commands not supported */
1286         if (s->feature & 0x02)
1287             goto abort_cmd;
1288         s->status = READY_STAT | SEEK_STAT;
1289         s->atapi_dma = s->feature & 1;
1290         s->nsector = 1;
1291         ide_transfer_start(s, s->io_buffer, ATAPI_PACKET_SIZE,
1292                            ide_atapi_cmd);
1293         break;
1294     /* CF-ATA commands */
1295     case CFA_REQ_EXT_ERROR_CODE:
1296         s->error = 0x09;    /* miscellaneous error */
1297         s->status = READY_STAT | SEEK_STAT;
1298         ide_set_irq(s->bus);
1299         break;
1300     case CFA_ERASE_SECTORS:
1301     case CFA_WEAR_LEVEL:
1302         if (val == CFA_WEAR_LEVEL)
1303             s->nsector = 0;
1304         if (val == CFA_ERASE_SECTORS)
1305             s->media_changed = 1;
1306         s->error = 0x00;
1307         s->status = READY_STAT | SEEK_STAT;
1308         ide_set_irq(s->bus);
1309         break;
1310     case CFA_TRANSLATE_SECTOR:
1311         s->error = 0x00;
1312         s->status = READY_STAT | SEEK_STAT;
1313         memset(s->io_buffer, 0, 0x200);
1314         s->io_buffer[0x00] = s->hcyl;			/* Cyl MSB */
1315         s->io_buffer[0x01] = s->lcyl;			/* Cyl LSB */
1316         s->io_buffer[0x02] = s->select;			/* Head */
1317         s->io_buffer[0x03] = s->sector;			/* Sector */
1318         s->io_buffer[0x04] = ide_get_sector(s) >> 16;	/* LBA MSB */
1319         s->io_buffer[0x05] = ide_get_sector(s) >> 8;	/* LBA */
1320         s->io_buffer[0x06] = ide_get_sector(s) >> 0;	/* LBA LSB */
1321         s->io_buffer[0x13] = 0x00;				/* Erase flag */
1322         s->io_buffer[0x18] = 0x00;				/* Hot count */
1323         s->io_buffer[0x19] = 0x00;				/* Hot count */
1324         s->io_buffer[0x1a] = 0x01;				/* Hot count */
1325         ide_transfer_start(s, s->io_buffer, 0x200, ide_transfer_stop);
1326         ide_set_irq(s->bus);
1327         break;
1328     case CFA_ACCESS_METADATA_STORAGE:
1329         switch (s->feature) {
1330         case 0x02:	/* Inquiry Metadata Storage */
1331             ide_cfata_metadata_inquiry(s);
1332             break;
1333         case 0x03:	/* Read Metadata Storage */
1334             ide_cfata_metadata_read(s);
1335             break;
1336         case 0x04:	/* Write Metadata Storage */
1337             ide_cfata_metadata_write(s);
1338             break;
1339         default:
1340             goto abort_cmd;
1341         }
1342         ide_transfer_start(s, s->io_buffer, 0x200, ide_transfer_stop);
1343         s->status = 0x00; /* NOTE: READY is _not_ set */
1344         ide_set_irq(s->bus);
1345         break;
1346     case IBM_SENSE_CONDITION:
1347         switch (s->feature) {
1348         case 0x01:  /* sense temperature in device */
1349             s->nsector = 0x50;      /* +20 C */
1350             break;
1351         default:
1352             goto abort_cmd;
1353         }
1354         s->status = READY_STAT | SEEK_STAT;
1355         ide_set_irq(s->bus);
1356         break;
1357 
1358     case WIN_SMART:
1359 	if (s->hcyl != 0xc2 || s->lcyl != 0x4f)
1360 		goto abort_cmd;
1361 	if (!s->smart_enabled && s->feature != SMART_ENABLE)
1362 		goto abort_cmd;
1363 	switch (s->feature) {
1364 	case SMART_DISABLE:
1365 		s->smart_enabled = 0;
1366 		s->status = READY_STAT | SEEK_STAT;
1367 		ide_set_irq(s->bus);
1368 		break;
1369 	case SMART_ENABLE:
1370 		s->smart_enabled = 1;
1371 		s->status = READY_STAT | SEEK_STAT;
1372 		ide_set_irq(s->bus);
1373 		break;
1374 	case SMART_ATTR_AUTOSAVE:
1375 		switch (s->sector) {
1376 		case 0x00:
1377 		s->smart_autosave = 0;
1378 		break;
1379 		case 0xf1:
1380 		s->smart_autosave = 1;
1381 		break;
1382 		default:
1383 		goto abort_cmd;
1384 		}
1385 		s->status = READY_STAT | SEEK_STAT;
1386 		ide_set_irq(s->bus);
1387 		break;
1388 	case SMART_STATUS:
1389 		if (!s->smart_errors) {
1390 		s->hcyl = 0xc2;
1391 		s->lcyl = 0x4f;
1392 		} else {
1393 		s->hcyl = 0x2c;
1394 		s->lcyl = 0xf4;
1395 		}
1396 		s->status = READY_STAT | SEEK_STAT;
1397 		ide_set_irq(s->bus);
1398 		break;
1399 	case SMART_READ_THRESH:
1400 		memset(s->io_buffer, 0, 0x200);
1401 		s->io_buffer[0] = 0x01; /* smart struct version */
1402 		for (n=0; n<30; n++) {
1403 		if (smart_attributes[n][0] == 0)
1404 			break;
1405 		s->io_buffer[2+0+(n*12)] = smart_attributes[n][0];
1406 		s->io_buffer[2+1+(n*12)] = smart_attributes[n][11];
1407 		}
1408 		for (n=0; n<511; n++) /* checksum */
1409 		s->io_buffer[511] += s->io_buffer[n];
1410 		s->io_buffer[511] = 0x100 - s->io_buffer[511];
1411 		s->status = READY_STAT | SEEK_STAT;
1412 		ide_transfer_start(s, s->io_buffer, 0x200, ide_transfer_stop);
1413 		ide_set_irq(s->bus);
1414 		break;
1415 	case SMART_READ_DATA:
1416 		memset(s->io_buffer, 0, 0x200);
1417 		s->io_buffer[0] = 0x01; /* smart struct version */
1418 		for (n=0; n<30; n++) {
1419 		    if (smart_attributes[n][0] == 0) {
1420 			break;
1421 		    }
1422 		    int i;
1423 		    for(i = 0; i < 11; i++) {
1424 			s->io_buffer[2+i+(n*12)] = smart_attributes[n][i];
1425 		    }
1426 		}
1427 		s->io_buffer[362] = 0x02 | (s->smart_autosave?0x80:0x00);
1428 		if (s->smart_selftest_count == 0) {
1429 		s->io_buffer[363] = 0;
1430 		} else {
1431 		s->io_buffer[363] =
1432 			s->smart_selftest_data[3 +
1433 					   (s->smart_selftest_count - 1) *
1434 					   24];
1435 		}
1436 		s->io_buffer[364] = 0x20;
1437 		s->io_buffer[365] = 0x01;
1438 		/* offline data collection capacity: execute + self-test*/
1439 		s->io_buffer[367] = (1<<4 | 1<<3 | 1);
1440 		s->io_buffer[368] = 0x03; /* smart capability (1) */
1441 		s->io_buffer[369] = 0x00; /* smart capability (2) */
1442 		s->io_buffer[370] = 0x01; /* error logging supported */
1443 		s->io_buffer[372] = 0x02; /* minutes for poll short test */
1444 		s->io_buffer[373] = 0x36; /* minutes for poll ext test */
1445 		s->io_buffer[374] = 0x01; /* minutes for poll conveyance */
1446 
1447 		for (n=0; n<511; n++)
1448 		s->io_buffer[511] += s->io_buffer[n];
1449 		s->io_buffer[511] = 0x100 - s->io_buffer[511];
1450 		s->status = READY_STAT | SEEK_STAT;
1451 		ide_transfer_start(s, s->io_buffer, 0x200, ide_transfer_stop);
1452 		ide_set_irq(s->bus);
1453 		break;
1454 	case SMART_READ_LOG:
1455 		switch (s->sector) {
1456 		case 0x01: /* summary smart error log */
1457 		memset(s->io_buffer, 0, 0x200);
1458 		s->io_buffer[0] = 0x01;
1459 		s->io_buffer[1] = 0x00; /* no error entries */
1460 		s->io_buffer[452] = s->smart_errors & 0xff;
1461 		s->io_buffer[453] = (s->smart_errors & 0xff00) >> 8;
1462 
1463 		for (n=0; n<511; n++)
1464 			s->io_buffer[511] += s->io_buffer[n];
1465 		s->io_buffer[511] = 0x100 - s->io_buffer[511];
1466 		break;
1467 		case 0x06: /* smart self test log */
1468 		memset(s->io_buffer, 0, 0x200);
1469 		s->io_buffer[0] = 0x01;
1470 		if (s->smart_selftest_count == 0) {
1471 			s->io_buffer[508] = 0;
1472 		} else {
1473 			s->io_buffer[508] = s->smart_selftest_count;
1474 			for (n=2; n<506; n++)
1475 			s->io_buffer[n] = s->smart_selftest_data[n];
1476 		}
1477 		for (n=0; n<511; n++)
1478 			s->io_buffer[511] += s->io_buffer[n];
1479 		s->io_buffer[511] = 0x100 - s->io_buffer[511];
1480 		break;
1481 		default:
1482 		goto abort_cmd;
1483 		}
1484 		s->status = READY_STAT | SEEK_STAT;
1485 		ide_transfer_start(s, s->io_buffer, 0x200, ide_transfer_stop);
1486 		ide_set_irq(s->bus);
1487 		break;
1488 	case SMART_EXECUTE_OFFLINE:
1489 		switch (s->sector) {
1490 		case 0: /* off-line routine */
1491 		case 1: /* short self test */
1492 		case 2: /* extended self test */
1493 		s->smart_selftest_count++;
1494 		if(s->smart_selftest_count > 21)
1495 			s->smart_selftest_count = 0;
1496 		n = 2 + (s->smart_selftest_count - 1) * 24;
1497 		s->smart_selftest_data[n] = s->sector;
1498 		s->smart_selftest_data[n+1] = 0x00; /* OK and finished */
1499 		s->smart_selftest_data[n+2] = 0x34; /* hour count lsb */
1500 		s->smart_selftest_data[n+3] = 0x12; /* hour count msb */
1501 		s->status = READY_STAT | SEEK_STAT;
1502 		ide_set_irq(s->bus);
1503 		break;
1504 		default:
1505 		goto abort_cmd;
1506 		}
1507 		break;
1508 	default:
1509 		goto abort_cmd;
1510 	}
1511 	break;
1512     default:
1513         /* should not be reachable */
1514     abort_cmd:
1515         ide_abort_command(s);
1516         ide_set_irq(s->bus);
1517         break;
1518     }
1519 }
1520 
1521 uint32_t ide_ioport_read(void *opaque, uint32_t addr1)
1522 {
1523     IDEBus *bus = opaque;
1524     IDEState *s = idebus_active_if(bus);
1525     uint32_t addr;
1526     int ret, hob;
1527 
1528     addr = addr1 & 7;
1529     /* FIXME: HOB readback uses bit 7, but it's always set right now */
1530     //hob = s->select & (1 << 7);
1531     hob = 0;
1532     switch(addr) {
1533     case 0:
1534         ret = 0xff;
1535         break;
1536     case 1:
1537         if ((!bus->ifs[0].bs && !bus->ifs[1].bs) ||
1538             (s != bus->ifs && !s->bs))
1539             ret = 0;
1540         else if (!hob)
1541             ret = s->error;
1542 	else
1543 	    ret = s->hob_feature;
1544         break;
1545     case 2:
1546         if (!bus->ifs[0].bs && !bus->ifs[1].bs)
1547             ret = 0;
1548         else if (!hob)
1549             ret = s->nsector & 0xff;
1550 	else
1551 	    ret = s->hob_nsector;
1552         break;
1553     case 3:
1554         if (!bus->ifs[0].bs && !bus->ifs[1].bs)
1555             ret = 0;
1556         else if (!hob)
1557             ret = s->sector;
1558 	else
1559 	    ret = s->hob_sector;
1560         break;
1561     case 4:
1562         if (!bus->ifs[0].bs && !bus->ifs[1].bs)
1563             ret = 0;
1564         else if (!hob)
1565             ret = s->lcyl;
1566 	else
1567 	    ret = s->hob_lcyl;
1568         break;
1569     case 5:
1570         if (!bus->ifs[0].bs && !bus->ifs[1].bs)
1571             ret = 0;
1572         else if (!hob)
1573             ret = s->hcyl;
1574 	else
1575 	    ret = s->hob_hcyl;
1576         break;
1577     case 6:
1578         if (!bus->ifs[0].bs && !bus->ifs[1].bs)
1579             ret = 0;
1580         else
1581             ret = s->select;
1582         break;
1583     default:
1584     case 7:
1585         if ((!bus->ifs[0].bs && !bus->ifs[1].bs) ||
1586             (s != bus->ifs && !s->bs))
1587             ret = 0;
1588         else
1589             ret = s->status;
1590         qemu_irq_lower(bus->irq);
1591         break;
1592     }
1593 #ifdef DEBUG_IDE
1594     printf("ide: read addr=0x%x val=%02x\n", addr1, ret);
1595 #endif
1596     return ret;
1597 }
1598 
1599 uint32_t ide_status_read(void *opaque, uint32_t addr)
1600 {
1601     IDEBus *bus = opaque;
1602     IDEState *s = idebus_active_if(bus);
1603     int ret;
1604 
1605     if ((!bus->ifs[0].bs && !bus->ifs[1].bs) ||
1606         (s != bus->ifs && !s->bs))
1607         ret = 0;
1608     else
1609         ret = s->status;
1610 #ifdef DEBUG_IDE
1611     printf("ide: read status addr=0x%x val=%02x\n", addr, ret);
1612 #endif
1613     return ret;
1614 }
1615 
1616 void ide_cmd_write(void *opaque, uint32_t addr, uint32_t val)
1617 {
1618     IDEBus *bus = opaque;
1619     IDEState *s;
1620     int i;
1621 
1622 #ifdef DEBUG_IDE
1623     printf("ide: write control addr=0x%x val=%02x\n", addr, val);
1624 #endif
1625     /* common for both drives */
1626     if (!(bus->cmd & IDE_CMD_RESET) &&
1627         (val & IDE_CMD_RESET)) {
1628         /* reset low to high */
1629         for(i = 0;i < 2; i++) {
1630             s = &bus->ifs[i];
1631             s->status = BUSY_STAT | SEEK_STAT;
1632             s->error = 0x01;
1633         }
1634     } else if ((bus->cmd & IDE_CMD_RESET) &&
1635                !(val & IDE_CMD_RESET)) {
1636         /* high to low */
1637         for(i = 0;i < 2; i++) {
1638             s = &bus->ifs[i];
1639             if (s->drive_kind == IDE_CD)
1640                 s->status = 0x00; /* NOTE: READY is _not_ set */
1641             else
1642                 s->status = READY_STAT | SEEK_STAT;
1643             ide_set_signature(s);
1644         }
1645     }
1646 
1647     bus->cmd = val;
1648 }
1649 
1650 /*
1651  * Returns true if the running PIO transfer is a PIO out (i.e. data is
1652  * transferred from the device to the guest), false if it's a PIO in
1653  */
1654 static bool ide_is_pio_out(IDEState *s)
1655 {
1656     if (s->end_transfer_func == ide_sector_write ||
1657         s->end_transfer_func == ide_atapi_cmd) {
1658         return false;
1659     } else if (s->end_transfer_func == ide_sector_read ||
1660                s->end_transfer_func == ide_transfer_stop ||
1661                s->end_transfer_func == ide_atapi_cmd_reply_end ||
1662                s->end_transfer_func == ide_dummy_transfer_stop) {
1663         return true;
1664     }
1665 
1666     abort();
1667 }
1668 
1669 void ide_data_writew(void *opaque, uint32_t addr, uint32_t val)
1670 {
1671     IDEBus *bus = opaque;
1672     IDEState *s = idebus_active_if(bus);
1673     uint8_t *p;
1674 
1675     /* PIO data access allowed only when DRQ bit is set. The result of a write
1676      * during PIO out is indeterminate, just ignore it. */
1677     if (!(s->status & DRQ_STAT) || ide_is_pio_out(s)) {
1678         return;
1679     }
1680 
1681     p = s->data_ptr;
1682     *(uint16_t *)p = le16_to_cpu(val);
1683     p += 2;
1684     s->data_ptr = p;
1685     if (p >= s->data_end)
1686         s->end_transfer_func(s);
1687 }
1688 
1689 uint32_t ide_data_readw(void *opaque, uint32_t addr)
1690 {
1691     IDEBus *bus = opaque;
1692     IDEState *s = idebus_active_if(bus);
1693     uint8_t *p;
1694     int ret;
1695 
1696     /* PIO data access allowed only when DRQ bit is set. The result of a read
1697      * during PIO in is indeterminate, return 0 and don't move forward. */
1698     if (!(s->status & DRQ_STAT) || !ide_is_pio_out(s)) {
1699         return 0;
1700     }
1701 
1702     p = s->data_ptr;
1703     ret = cpu_to_le16(*(uint16_t *)p);
1704     p += 2;
1705     s->data_ptr = p;
1706     if (p >= s->data_end)
1707         s->end_transfer_func(s);
1708     return ret;
1709 }
1710 
1711 void ide_data_writel(void *opaque, uint32_t addr, uint32_t val)
1712 {
1713     IDEBus *bus = opaque;
1714     IDEState *s = idebus_active_if(bus);
1715     uint8_t *p;
1716 
1717     /* PIO data access allowed only when DRQ bit is set. The result of a write
1718      * during PIO out is indeterminate, just ignore it. */
1719     if (!(s->status & DRQ_STAT) || ide_is_pio_out(s)) {
1720         return;
1721     }
1722 
1723     p = s->data_ptr;
1724     *(uint32_t *)p = le32_to_cpu(val);
1725     p += 4;
1726     s->data_ptr = p;
1727     if (p >= s->data_end)
1728         s->end_transfer_func(s);
1729 }
1730 
1731 uint32_t ide_data_readl(void *opaque, uint32_t addr)
1732 {
1733     IDEBus *bus = opaque;
1734     IDEState *s = idebus_active_if(bus);
1735     uint8_t *p;
1736     int ret;
1737 
1738     /* PIO data access allowed only when DRQ bit is set. The result of a read
1739      * during PIO in is indeterminate, return 0 and don't move forward. */
1740     if (!(s->status & DRQ_STAT) || !ide_is_pio_out(s)) {
1741         return 0;
1742     }
1743 
1744     p = s->data_ptr;
1745     ret = cpu_to_le32(*(uint32_t *)p);
1746     p += 4;
1747     s->data_ptr = p;
1748     if (p >= s->data_end)
1749         s->end_transfer_func(s);
1750     return ret;
1751 }
1752 
1753 static void ide_dummy_transfer_stop(IDEState *s)
1754 {
1755     s->data_ptr = s->io_buffer;
1756     s->data_end = s->io_buffer;
1757     s->io_buffer[0] = 0xff;
1758     s->io_buffer[1] = 0xff;
1759     s->io_buffer[2] = 0xff;
1760     s->io_buffer[3] = 0xff;
1761 }
1762 
1763 static void ide_reset(IDEState *s)
1764 {
1765 #ifdef DEBUG_IDE
1766     printf("ide: reset\n");
1767 #endif
1768     if (s->drive_kind == IDE_CFATA)
1769         s->mult_sectors = 0;
1770     else
1771         s->mult_sectors = MAX_MULT_SECTORS;
1772     /* ide regs */
1773     s->feature = 0;
1774     s->error = 0;
1775     s->nsector = 0;
1776     s->sector = 0;
1777     s->lcyl = 0;
1778     s->hcyl = 0;
1779 
1780     /* lba48 */
1781     s->hob_feature = 0;
1782     s->hob_sector = 0;
1783     s->hob_nsector = 0;
1784     s->hob_lcyl = 0;
1785     s->hob_hcyl = 0;
1786 
1787     s->select = 0xa0;
1788     s->status = READY_STAT | SEEK_STAT;
1789 
1790     s->lba48 = 0;
1791 
1792     /* ATAPI specific */
1793     s->sense_key = 0;
1794     s->asc = 0;
1795     s->cdrom_changed = 0;
1796     s->packet_transfer_size = 0;
1797     s->elementary_transfer_size = 0;
1798     s->io_buffer_index = 0;
1799     s->cd_sector_size = 0;
1800     s->atapi_dma = 0;
1801     /* ATA DMA state */
1802     s->io_buffer_size = 0;
1803     s->req_nb_sectors = 0;
1804 
1805     ide_set_signature(s);
1806     /* init the transfer handler so that 0xffff is returned on data
1807        accesses */
1808     s->end_transfer_func = ide_dummy_transfer_stop;
1809     ide_dummy_transfer_stop(s);
1810     s->media_changed = 0;
1811 }
1812 
1813 void ide_bus_reset(IDEBus *bus)
1814 {
1815     bus->unit = 0;
1816     bus->cmd = 0;
1817     ide_reset(&bus->ifs[0]);
1818     ide_reset(&bus->ifs[1]);
1819     ide_clear_hob(bus);
1820 
1821     /* pending async DMA */
1822     if (bus->dma->aiocb) {
1823 #ifdef DEBUG_AIO
1824         printf("aio_cancel\n");
1825 #endif
1826         bdrv_aio_cancel(bus->dma->aiocb);
1827         bus->dma->aiocb = NULL;
1828     }
1829 
1830     /* reset dma provider too */
1831     bus->dma->ops->reset(bus->dma);
1832 }
1833 
1834 static bool ide_cd_is_tray_open(void *opaque)
1835 {
1836     return ((IDEState *)opaque)->tray_open;
1837 }
1838 
1839 static bool ide_cd_is_medium_locked(void *opaque)
1840 {
1841     return ((IDEState *)opaque)->tray_locked;
1842 }
1843 
1844 static const BlockDevOps ide_cd_block_ops = {
1845     .change_media_cb = ide_cd_change_cb,
1846     .eject_request_cb = ide_cd_eject_request_cb,
1847     .is_tray_open = ide_cd_is_tray_open,
1848     .is_medium_locked = ide_cd_is_medium_locked,
1849 };
1850 
1851 int ide_init_drive(IDEState *s, BlockDriverState *bs, IDEDriveKind kind,
1852                    const char *version, const char *serial, const char *model,
1853                    uint64_t wwn)
1854 {
1855     int cylinders, heads, secs;
1856     uint64_t nb_sectors;
1857 
1858     s->bs = bs;
1859     s->drive_kind = kind;
1860 
1861     bdrv_get_geometry(bs, &nb_sectors);
1862     bdrv_guess_geometry(bs, &cylinders, &heads, &secs);
1863     if (cylinders < 1 || cylinders > 16383) {
1864         error_report("cyls must be between 1 and 16383");
1865         return -1;
1866     }
1867     if (heads < 1 || heads > 16) {
1868         error_report("heads must be between 1 and 16");
1869         return -1;
1870     }
1871     if (secs < 1 || secs > 63) {
1872         error_report("secs must be between 1 and 63");
1873         return -1;
1874     }
1875     s->cylinders = cylinders;
1876     s->heads = heads;
1877     s->sectors = secs;
1878     s->nb_sectors = nb_sectors;
1879     s->wwn = wwn;
1880     /* The SMART values should be preserved across power cycles
1881        but they aren't.  */
1882     s->smart_enabled = 1;
1883     s->smart_autosave = 1;
1884     s->smart_errors = 0;
1885     s->smart_selftest_count = 0;
1886     if (kind == IDE_CD) {
1887         bdrv_set_dev_ops(bs, &ide_cd_block_ops, s);
1888         bdrv_set_buffer_alignment(bs, 2048);
1889     } else {
1890         if (!bdrv_is_inserted(s->bs)) {
1891             error_report("Device needs media, but drive is empty");
1892             return -1;
1893         }
1894         if (bdrv_is_read_only(bs)) {
1895             error_report("Can't use a read-only drive");
1896             return -1;
1897         }
1898     }
1899     if (serial) {
1900         pstrcpy(s->drive_serial_str, sizeof(s->drive_serial_str), serial);
1901     } else {
1902         snprintf(s->drive_serial_str, sizeof(s->drive_serial_str),
1903                  "QM%05d", s->drive_serial);
1904     }
1905     if (model) {
1906         pstrcpy(s->drive_model_str, sizeof(s->drive_model_str), model);
1907     } else {
1908         switch (kind) {
1909         case IDE_CD:
1910             strcpy(s->drive_model_str, "QEMU DVD-ROM");
1911             break;
1912         case IDE_CFATA:
1913             strcpy(s->drive_model_str, "QEMU MICRODRIVE");
1914             break;
1915         default:
1916             strcpy(s->drive_model_str, "QEMU HARDDISK");
1917             break;
1918         }
1919     }
1920 
1921     if (version) {
1922         pstrcpy(s->version, sizeof(s->version), version);
1923     } else {
1924         pstrcpy(s->version, sizeof(s->version), QEMU_VERSION);
1925     }
1926 
1927     ide_reset(s);
1928     bdrv_iostatus_enable(bs);
1929     return 0;
1930 }
1931 
1932 static void ide_init1(IDEBus *bus, int unit)
1933 {
1934     static int drive_serial = 1;
1935     IDEState *s = &bus->ifs[unit];
1936 
1937     s->bus = bus;
1938     s->unit = unit;
1939     s->drive_serial = drive_serial++;
1940     /* we need at least 2k alignment for accessing CDROMs using O_DIRECT */
1941     s->io_buffer_total_len = IDE_DMA_BUF_SECTORS*512 + 4;
1942     s->io_buffer = qemu_memalign(2048, s->io_buffer_total_len);
1943     memset(s->io_buffer, 0, s->io_buffer_total_len);
1944 
1945     s->smart_selftest_data = qemu_blockalign(s->bs, 512);
1946     memset(s->smart_selftest_data, 0, 512);
1947 
1948     s->sector_write_timer = qemu_new_timer_ns(vm_clock,
1949                                            ide_sector_write_timer_cb, s);
1950 }
1951 
1952 static void ide_nop_start(IDEDMA *dma, IDEState *s,
1953                           BlockDriverCompletionFunc *cb)
1954 {
1955 }
1956 
1957 static int ide_nop(IDEDMA *dma)
1958 {
1959     return 0;
1960 }
1961 
1962 static int ide_nop_int(IDEDMA *dma, int x)
1963 {
1964     return 0;
1965 }
1966 
1967 static void ide_nop_restart(void *opaque, int x, RunState y)
1968 {
1969 }
1970 
1971 static const IDEDMAOps ide_dma_nop_ops = {
1972     .start_dma      = ide_nop_start,
1973     .start_transfer = ide_nop,
1974     .prepare_buf    = ide_nop_int,
1975     .rw_buf         = ide_nop_int,
1976     .set_unit       = ide_nop_int,
1977     .add_status     = ide_nop_int,
1978     .set_inactive   = ide_nop,
1979     .restart_cb     = ide_nop_restart,
1980     .reset          = ide_nop,
1981 };
1982 
1983 static IDEDMA ide_dma_nop = {
1984     .ops = &ide_dma_nop_ops,
1985     .aiocb = NULL,
1986 };
1987 
1988 void ide_init2(IDEBus *bus, qemu_irq irq)
1989 {
1990     int i;
1991 
1992     for(i = 0; i < 2; i++) {
1993         ide_init1(bus, i);
1994         ide_reset(&bus->ifs[i]);
1995     }
1996     bus->irq = irq;
1997     bus->dma = &ide_dma_nop;
1998 }
1999 
2000 /* TODO convert users to qdev and remove */
2001 void ide_init2_with_non_qdev_drives(IDEBus *bus, DriveInfo *hd0,
2002                                     DriveInfo *hd1, qemu_irq irq)
2003 {
2004     int i;
2005     DriveInfo *dinfo;
2006 
2007     for(i = 0; i < 2; i++) {
2008         dinfo = i == 0 ? hd0 : hd1;
2009         ide_init1(bus, i);
2010         if (dinfo) {
2011             if (ide_init_drive(&bus->ifs[i], dinfo->bdrv,
2012                                dinfo->media_cd ? IDE_CD : IDE_HD, NULL,
2013                                *dinfo->serial ? dinfo->serial : NULL,
2014                                NULL, 0) < 0) {
2015                 error_report("Can't set up IDE drive %s", dinfo->id);
2016                 exit(1);
2017             }
2018             bdrv_attach_dev_nofail(dinfo->bdrv, &bus->ifs[i]);
2019         } else {
2020             ide_reset(&bus->ifs[i]);
2021         }
2022     }
2023     bus->irq = irq;
2024     bus->dma = &ide_dma_nop;
2025 }
2026 
2027 static const MemoryRegionPortio ide_portio_list[] = {
2028     { 0, 8, 1, .read = ide_ioport_read, .write = ide_ioport_write },
2029     { 0, 2, 2, .read = ide_data_readw, .write = ide_data_writew },
2030     { 0, 4, 4, .read = ide_data_readl, .write = ide_data_writel },
2031     PORTIO_END_OF_LIST(),
2032 };
2033 
2034 static const MemoryRegionPortio ide_portio2_list[] = {
2035     { 0, 1, 1, .read = ide_status_read, .write = ide_cmd_write },
2036     PORTIO_END_OF_LIST(),
2037 };
2038 
2039 void ide_init_ioport(IDEBus *bus, ISADevice *dev, int iobase, int iobase2)
2040 {
2041     /* ??? Assume only ISA and PCI configurations, and that the PCI-ISA
2042        bridge has been setup properly to always register with ISA.  */
2043     isa_register_portio_list(dev, iobase, ide_portio_list, bus, "ide");
2044 
2045     if (iobase2) {
2046         isa_register_portio_list(dev, iobase2, ide_portio2_list, bus, "ide");
2047     }
2048 }
2049 
2050 static bool is_identify_set(void *opaque, int version_id)
2051 {
2052     IDEState *s = opaque;
2053 
2054     return s->identify_set != 0;
2055 }
2056 
2057 static EndTransferFunc* transfer_end_table[] = {
2058         ide_sector_read,
2059         ide_sector_write,
2060         ide_transfer_stop,
2061         ide_atapi_cmd_reply_end,
2062         ide_atapi_cmd,
2063         ide_dummy_transfer_stop,
2064 };
2065 
2066 static int transfer_end_table_idx(EndTransferFunc *fn)
2067 {
2068     int i;
2069 
2070     for (i = 0; i < ARRAY_SIZE(transfer_end_table); i++)
2071         if (transfer_end_table[i] == fn)
2072             return i;
2073 
2074     return -1;
2075 }
2076 
2077 static int ide_drive_post_load(void *opaque, int version_id)
2078 {
2079     IDEState *s = opaque;
2080 
2081     if (version_id < 3) {
2082         if (s->sense_key == UNIT_ATTENTION &&
2083             s->asc == ASC_MEDIUM_MAY_HAVE_CHANGED) {
2084             s->cdrom_changed = 1;
2085         }
2086     }
2087     return 0;
2088 }
2089 
2090 static int ide_drive_pio_post_load(void *opaque, int version_id)
2091 {
2092     IDEState *s = opaque;
2093 
2094     if (s->end_transfer_fn_idx >= ARRAY_SIZE(transfer_end_table)) {
2095         return -EINVAL;
2096     }
2097     s->end_transfer_func = transfer_end_table[s->end_transfer_fn_idx];
2098     s->data_ptr = s->io_buffer + s->cur_io_buffer_offset;
2099     s->data_end = s->data_ptr + s->cur_io_buffer_len;
2100 
2101     return 0;
2102 }
2103 
2104 static void ide_drive_pio_pre_save(void *opaque)
2105 {
2106     IDEState *s = opaque;
2107     int idx;
2108 
2109     s->cur_io_buffer_offset = s->data_ptr - s->io_buffer;
2110     s->cur_io_buffer_len = s->data_end - s->data_ptr;
2111 
2112     idx = transfer_end_table_idx(s->end_transfer_func);
2113     if (idx == -1) {
2114         fprintf(stderr, "%s: invalid end_transfer_func for DRQ_STAT\n",
2115                         __func__);
2116         s->end_transfer_fn_idx = 2;
2117     } else {
2118         s->end_transfer_fn_idx = idx;
2119     }
2120 }
2121 
2122 static bool ide_drive_pio_state_needed(void *opaque)
2123 {
2124     IDEState *s = opaque;
2125 
2126     return ((s->status & DRQ_STAT) != 0)
2127         || (s->bus->error_status & BM_STATUS_PIO_RETRY);
2128 }
2129 
2130 static bool ide_tray_state_needed(void *opaque)
2131 {
2132     IDEState *s = opaque;
2133 
2134     return s->tray_open || s->tray_locked;
2135 }
2136 
2137 static bool ide_atapi_gesn_needed(void *opaque)
2138 {
2139     IDEState *s = opaque;
2140 
2141     return s->events.new_media || s->events.eject_request;
2142 }
2143 
2144 static bool ide_error_needed(void *opaque)
2145 {
2146     IDEBus *bus = opaque;
2147 
2148     return (bus->error_status != 0);
2149 }
2150 
2151 /* Fields for GET_EVENT_STATUS_NOTIFICATION ATAPI command */
2152 static const VMStateDescription vmstate_ide_atapi_gesn_state = {
2153     .name ="ide_drive/atapi/gesn_state",
2154     .version_id = 1,
2155     .minimum_version_id = 1,
2156     .minimum_version_id_old = 1,
2157     .fields = (VMStateField []) {
2158         VMSTATE_BOOL(events.new_media, IDEState),
2159         VMSTATE_BOOL(events.eject_request, IDEState),
2160         VMSTATE_END_OF_LIST()
2161     }
2162 };
2163 
2164 static const VMStateDescription vmstate_ide_tray_state = {
2165     .name = "ide_drive/tray_state",
2166     .version_id = 1,
2167     .minimum_version_id = 1,
2168     .minimum_version_id_old = 1,
2169     .fields = (VMStateField[]) {
2170         VMSTATE_BOOL(tray_open, IDEState),
2171         VMSTATE_BOOL(tray_locked, IDEState),
2172         VMSTATE_END_OF_LIST()
2173     }
2174 };
2175 
2176 static const VMStateDescription vmstate_ide_drive_pio_state = {
2177     .name = "ide_drive/pio_state",
2178     .version_id = 1,
2179     .minimum_version_id = 1,
2180     .minimum_version_id_old = 1,
2181     .pre_save = ide_drive_pio_pre_save,
2182     .post_load = ide_drive_pio_post_load,
2183     .fields      = (VMStateField []) {
2184         VMSTATE_INT32(req_nb_sectors, IDEState),
2185         VMSTATE_VARRAY_INT32(io_buffer, IDEState, io_buffer_total_len, 1,
2186 			     vmstate_info_uint8, uint8_t),
2187         VMSTATE_INT32(cur_io_buffer_offset, IDEState),
2188         VMSTATE_INT32(cur_io_buffer_len, IDEState),
2189         VMSTATE_UINT8(end_transfer_fn_idx, IDEState),
2190         VMSTATE_INT32(elementary_transfer_size, IDEState),
2191         VMSTATE_INT32(packet_transfer_size, IDEState),
2192         VMSTATE_END_OF_LIST()
2193     }
2194 };
2195 
2196 const VMStateDescription vmstate_ide_drive = {
2197     .name = "ide_drive",
2198     .version_id = 3,
2199     .minimum_version_id = 0,
2200     .minimum_version_id_old = 0,
2201     .post_load = ide_drive_post_load,
2202     .fields      = (VMStateField []) {
2203         VMSTATE_INT32(mult_sectors, IDEState),
2204         VMSTATE_INT32(identify_set, IDEState),
2205         VMSTATE_BUFFER_TEST(identify_data, IDEState, is_identify_set),
2206         VMSTATE_UINT8(feature, IDEState),
2207         VMSTATE_UINT8(error, IDEState),
2208         VMSTATE_UINT32(nsector, IDEState),
2209         VMSTATE_UINT8(sector, IDEState),
2210         VMSTATE_UINT8(lcyl, IDEState),
2211         VMSTATE_UINT8(hcyl, IDEState),
2212         VMSTATE_UINT8(hob_feature, IDEState),
2213         VMSTATE_UINT8(hob_sector, IDEState),
2214         VMSTATE_UINT8(hob_nsector, IDEState),
2215         VMSTATE_UINT8(hob_lcyl, IDEState),
2216         VMSTATE_UINT8(hob_hcyl, IDEState),
2217         VMSTATE_UINT8(select, IDEState),
2218         VMSTATE_UINT8(status, IDEState),
2219         VMSTATE_UINT8(lba48, IDEState),
2220         VMSTATE_UINT8(sense_key, IDEState),
2221         VMSTATE_UINT8(asc, IDEState),
2222         VMSTATE_UINT8_V(cdrom_changed, IDEState, 3),
2223         VMSTATE_END_OF_LIST()
2224     },
2225     .subsections = (VMStateSubsection []) {
2226         {
2227             .vmsd = &vmstate_ide_drive_pio_state,
2228             .needed = ide_drive_pio_state_needed,
2229         }, {
2230             .vmsd = &vmstate_ide_tray_state,
2231             .needed = ide_tray_state_needed,
2232         }, {
2233             .vmsd = &vmstate_ide_atapi_gesn_state,
2234             .needed = ide_atapi_gesn_needed,
2235         }, {
2236             /* empty */
2237         }
2238     }
2239 };
2240 
2241 static const VMStateDescription vmstate_ide_error_status = {
2242     .name ="ide_bus/error",
2243     .version_id = 1,
2244     .minimum_version_id = 1,
2245     .minimum_version_id_old = 1,
2246     .fields = (VMStateField []) {
2247         VMSTATE_INT32(error_status, IDEBus),
2248         VMSTATE_END_OF_LIST()
2249     }
2250 };
2251 
2252 const VMStateDescription vmstate_ide_bus = {
2253     .name = "ide_bus",
2254     .version_id = 1,
2255     .minimum_version_id = 1,
2256     .minimum_version_id_old = 1,
2257     .fields      = (VMStateField []) {
2258         VMSTATE_UINT8(cmd, IDEBus),
2259         VMSTATE_UINT8(unit, IDEBus),
2260         VMSTATE_END_OF_LIST()
2261     },
2262     .subsections = (VMStateSubsection []) {
2263         {
2264             .vmsd = &vmstate_ide_error_status,
2265             .needed = ide_error_needed,
2266         }, {
2267             /* empty */
2268         }
2269     }
2270 };
2271 
2272 void ide_drive_get(DriveInfo **hd, int max_bus)
2273 {
2274     int i;
2275 
2276     if (drive_get_max_bus(IF_IDE) >= max_bus) {
2277         fprintf(stderr, "qemu: too many IDE bus: %d\n", max_bus);
2278         exit(1);
2279     }
2280 
2281     for(i = 0; i < max_bus * MAX_IDE_DEVS; i++) {
2282         hd[i] = drive_get(IF_IDE, i / MAX_IDE_DEVS, i % MAX_IDE_DEVS);
2283     }
2284 }
2285