xref: /openbmc/qemu/hw/ide/core.c (revision 8f0a3716)
1 /*
2  * QEMU IDE disk and CD/DVD-ROM Emulator
3  *
4  * Copyright (c) 2003 Fabrice Bellard
5  * Copyright (c) 2006 Openedhand Ltd.
6  *
7  * Permission is hereby granted, free of charge, to any person obtaining a copy
8  * of this software and associated documentation files (the "Software"), to deal
9  * in the Software without restriction, including without limitation the rights
10  * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
11  * copies of the Software, and to permit persons to whom the Software is
12  * furnished to do so, subject to the following conditions:
13  *
14  * The above copyright notice and this permission notice shall be included in
15  * all copies or substantial portions of the Software.
16  *
17  * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
18  * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
19  * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
20  * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
21  * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
22  * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
23  * THE SOFTWARE.
24  */
25 #include "qemu/osdep.h"
26 #include "hw/hw.h"
27 #include "hw/pci/pci.h"
28 #include "hw/isa/isa.h"
29 #include "qemu/error-report.h"
30 #include "qemu/timer.h"
31 #include "sysemu/sysemu.h"
32 #include "sysemu/blockdev.h"
33 #include "sysemu/dma.h"
34 #include "hw/block/block.h"
35 #include "sysemu/block-backend.h"
36 #include "qemu/cutils.h"
37 
38 #include "hw/ide/internal.h"
39 #include "trace.h"
40 
41 /* These values were based on a Seagate ST3500418AS but have been modified
42    to make more sense in QEMU */
43 static const int smart_attributes[][12] = {
44     /* id,  flags, hflags, val, wrst, raw (6 bytes), threshold */
45     /* raw read error rate*/
46     { 0x01, 0x03, 0x00, 0x64, 0x64, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x06},
47     /* spin up */
48     { 0x03, 0x03, 0x00, 0x64, 0x64, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
49     /* start stop count */
50     { 0x04, 0x02, 0x00, 0x64, 0x64, 0x64, 0x00, 0x00, 0x00, 0x00, 0x00, 0x14},
51     /* remapped sectors */
52     { 0x05, 0x03, 0x00, 0x64, 0x64, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x24},
53     /* power on hours */
54     { 0x09, 0x03, 0x00, 0x64, 0x64, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
55     /* power cycle count */
56     { 0x0c, 0x03, 0x00, 0x64, 0x64, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
57     /* airflow-temperature-celsius */
58     { 190,  0x03, 0x00, 0x45, 0x45, 0x1f, 0x00, 0x1f, 0x1f, 0x00, 0x00, 0x32},
59 };
60 
61 const char *IDE_DMA_CMD_lookup[IDE_DMA__COUNT] = {
62     [IDE_DMA_READ] = "DMA READ",
63     [IDE_DMA_WRITE] = "DMA WRITE",
64     [IDE_DMA_TRIM] = "DMA TRIM",
65     [IDE_DMA_ATAPI] = "DMA ATAPI"
66 };
67 
68 static const char *IDE_DMA_CMD_str(enum ide_dma_cmd enval)
69 {
70     if ((unsigned)enval < IDE_DMA__COUNT) {
71         return IDE_DMA_CMD_lookup[enval];
72     }
73     return "DMA UNKNOWN CMD";
74 }
75 
76 static void ide_dummy_transfer_stop(IDEState *s);
77 
78 static void padstr(char *str, const char *src, int len)
79 {
80     int i, v;
81     for(i = 0; i < len; i++) {
82         if (*src)
83             v = *src++;
84         else
85             v = ' ';
86         str[i^1] = v;
87     }
88 }
89 
90 static void put_le16(uint16_t *p, unsigned int v)
91 {
92     *p = cpu_to_le16(v);
93 }
94 
95 static void ide_identify_size(IDEState *s)
96 {
97     uint16_t *p = (uint16_t *)s->identify_data;
98     put_le16(p + 60, s->nb_sectors);
99     put_le16(p + 61, s->nb_sectors >> 16);
100     put_le16(p + 100, s->nb_sectors);
101     put_le16(p + 101, s->nb_sectors >> 16);
102     put_le16(p + 102, s->nb_sectors >> 32);
103     put_le16(p + 103, s->nb_sectors >> 48);
104 }
105 
106 static void ide_identify(IDEState *s)
107 {
108     uint16_t *p;
109     unsigned int oldsize;
110     IDEDevice *dev = s->unit ? s->bus->slave : s->bus->master;
111 
112     p = (uint16_t *)s->identify_data;
113     if (s->identify_set) {
114         goto fill_buffer;
115     }
116     memset(p, 0, sizeof(s->identify_data));
117 
118     put_le16(p + 0, 0x0040);
119     put_le16(p + 1, s->cylinders);
120     put_le16(p + 3, s->heads);
121     put_le16(p + 4, 512 * s->sectors); /* XXX: retired, remove ? */
122     put_le16(p + 5, 512); /* XXX: retired, remove ? */
123     put_le16(p + 6, s->sectors);
124     padstr((char *)(p + 10), s->drive_serial_str, 20); /* serial number */
125     put_le16(p + 20, 3); /* XXX: retired, remove ? */
126     put_le16(p + 21, 512); /* cache size in sectors */
127     put_le16(p + 22, 4); /* ecc bytes */
128     padstr((char *)(p + 23), s->version, 8); /* firmware version */
129     padstr((char *)(p + 27), s->drive_model_str, 40); /* model */
130 #if MAX_MULT_SECTORS > 1
131     put_le16(p + 47, 0x8000 | MAX_MULT_SECTORS);
132 #endif
133     put_le16(p + 48, 1); /* dword I/O */
134     put_le16(p + 49, (1 << 11) | (1 << 9) | (1 << 8)); /* DMA and LBA supported */
135     put_le16(p + 51, 0x200); /* PIO transfer cycle */
136     put_le16(p + 52, 0x200); /* DMA transfer cycle */
137     put_le16(p + 53, 1 | (1 << 1) | (1 << 2)); /* words 54-58,64-70,88 are valid */
138     put_le16(p + 54, s->cylinders);
139     put_le16(p + 55, s->heads);
140     put_le16(p + 56, s->sectors);
141     oldsize = s->cylinders * s->heads * s->sectors;
142     put_le16(p + 57, oldsize);
143     put_le16(p + 58, oldsize >> 16);
144     if (s->mult_sectors)
145         put_le16(p + 59, 0x100 | s->mult_sectors);
146     /* *(p + 60) := nb_sectors       -- see ide_identify_size */
147     /* *(p + 61) := nb_sectors >> 16 -- see ide_identify_size */
148     put_le16(p + 62, 0x07); /* single word dma0-2 supported */
149     put_le16(p + 63, 0x07); /* mdma0-2 supported */
150     put_le16(p + 64, 0x03); /* pio3-4 supported */
151     put_le16(p + 65, 120);
152     put_le16(p + 66, 120);
153     put_le16(p + 67, 120);
154     put_le16(p + 68, 120);
155     if (dev && dev->conf.discard_granularity) {
156         put_le16(p + 69, (1 << 14)); /* determinate TRIM behavior */
157     }
158 
159     if (s->ncq_queues) {
160         put_le16(p + 75, s->ncq_queues - 1);
161         /* NCQ supported */
162         put_le16(p + 76, (1 << 8));
163     }
164 
165     put_le16(p + 80, 0xf0); /* ata3 -> ata6 supported */
166     put_le16(p + 81, 0x16); /* conforms to ata5 */
167     /* 14=NOP supported, 5=WCACHE supported, 0=SMART supported */
168     put_le16(p + 82, (1 << 14) | (1 << 5) | 1);
169     /* 13=flush_cache_ext,12=flush_cache,10=lba48 */
170     put_le16(p + 83, (1 << 14) | (1 << 13) | (1 <<12) | (1 << 10));
171     /* 14=set to 1, 8=has WWN, 1=SMART self test, 0=SMART error logging */
172     if (s->wwn) {
173         put_le16(p + 84, (1 << 14) | (1 << 8) | 0);
174     } else {
175         put_le16(p + 84, (1 << 14) | 0);
176     }
177     /* 14 = NOP supported, 5=WCACHE enabled, 0=SMART feature set enabled */
178     if (blk_enable_write_cache(s->blk)) {
179         put_le16(p + 85, (1 << 14) | (1 << 5) | 1);
180     } else {
181         put_le16(p + 85, (1 << 14) | 1);
182     }
183     /* 13=flush_cache_ext,12=flush_cache,10=lba48 */
184     put_le16(p + 86, (1 << 13) | (1 <<12) | (1 << 10));
185     /* 14=set to 1, 8=has WWN, 1=SMART self test, 0=SMART error logging */
186     if (s->wwn) {
187         put_le16(p + 87, (1 << 14) | (1 << 8) | 0);
188     } else {
189         put_le16(p + 87, (1 << 14) | 0);
190     }
191     put_le16(p + 88, 0x3f | (1 << 13)); /* udma5 set and supported */
192     put_le16(p + 93, 1 | (1 << 14) | 0x2000);
193     /* *(p + 100) := nb_sectors       -- see ide_identify_size */
194     /* *(p + 101) := nb_sectors >> 16 -- see ide_identify_size */
195     /* *(p + 102) := nb_sectors >> 32 -- see ide_identify_size */
196     /* *(p + 103) := nb_sectors >> 48 -- see ide_identify_size */
197 
198     if (dev && dev->conf.physical_block_size)
199         put_le16(p + 106, 0x6000 | get_physical_block_exp(&dev->conf));
200     if (s->wwn) {
201         /* LE 16-bit words 111-108 contain 64-bit World Wide Name */
202         put_le16(p + 108, s->wwn >> 48);
203         put_le16(p + 109, s->wwn >> 32);
204         put_le16(p + 110, s->wwn >> 16);
205         put_le16(p + 111, s->wwn);
206     }
207     if (dev && dev->conf.discard_granularity) {
208         put_le16(p + 169, 1); /* TRIM support */
209     }
210     if (dev) {
211         put_le16(p + 217, dev->rotation_rate); /* Nominal media rotation rate */
212     }
213 
214     ide_identify_size(s);
215     s->identify_set = 1;
216 
217 fill_buffer:
218     memcpy(s->io_buffer, p, sizeof(s->identify_data));
219 }
220 
221 static void ide_atapi_identify(IDEState *s)
222 {
223     uint16_t *p;
224 
225     p = (uint16_t *)s->identify_data;
226     if (s->identify_set) {
227         goto fill_buffer;
228     }
229     memset(p, 0, sizeof(s->identify_data));
230 
231     /* Removable CDROM, 50us response, 12 byte packets */
232     put_le16(p + 0, (2 << 14) | (5 << 8) | (1 << 7) | (2 << 5) | (0 << 0));
233     padstr((char *)(p + 10), s->drive_serial_str, 20); /* serial number */
234     put_le16(p + 20, 3); /* buffer type */
235     put_le16(p + 21, 512); /* cache size in sectors */
236     put_le16(p + 22, 4); /* ecc bytes */
237     padstr((char *)(p + 23), s->version, 8); /* firmware version */
238     padstr((char *)(p + 27), s->drive_model_str, 40); /* model */
239     put_le16(p + 48, 1); /* dword I/O (XXX: should not be set on CDROM) */
240 #ifdef USE_DMA_CDROM
241     put_le16(p + 49, 1 << 9 | 1 << 8); /* DMA and LBA supported */
242     put_le16(p + 53, 7); /* words 64-70, 54-58, 88 valid */
243     put_le16(p + 62, 7);  /* single word dma0-2 supported */
244     put_le16(p + 63, 7);  /* mdma0-2 supported */
245 #else
246     put_le16(p + 49, 1 << 9); /* LBA supported, no DMA */
247     put_le16(p + 53, 3); /* words 64-70, 54-58 valid */
248     put_le16(p + 63, 0x103); /* DMA modes XXX: may be incorrect */
249 #endif
250     put_le16(p + 64, 3); /* pio3-4 supported */
251     put_le16(p + 65, 0xb4); /* minimum DMA multiword tx cycle time */
252     put_le16(p + 66, 0xb4); /* recommended DMA multiword tx cycle time */
253     put_le16(p + 67, 0x12c); /* minimum PIO cycle time without flow control */
254     put_le16(p + 68, 0xb4); /* minimum PIO cycle time with IORDY flow control */
255 
256     put_le16(p + 71, 30); /* in ns */
257     put_le16(p + 72, 30); /* in ns */
258 
259     if (s->ncq_queues) {
260         put_le16(p + 75, s->ncq_queues - 1);
261         /* NCQ supported */
262         put_le16(p + 76, (1 << 8));
263     }
264 
265     put_le16(p + 80, 0x1e); /* support up to ATA/ATAPI-4 */
266     if (s->wwn) {
267         put_le16(p + 84, (1 << 8)); /* supports WWN for words 108-111 */
268         put_le16(p + 87, (1 << 8)); /* WWN enabled */
269     }
270 
271 #ifdef USE_DMA_CDROM
272     put_le16(p + 88, 0x3f | (1 << 13)); /* udma5 set and supported */
273 #endif
274 
275     if (s->wwn) {
276         /* LE 16-bit words 111-108 contain 64-bit World Wide Name */
277         put_le16(p + 108, s->wwn >> 48);
278         put_le16(p + 109, s->wwn >> 32);
279         put_le16(p + 110, s->wwn >> 16);
280         put_le16(p + 111, s->wwn);
281     }
282 
283     s->identify_set = 1;
284 
285 fill_buffer:
286     memcpy(s->io_buffer, p, sizeof(s->identify_data));
287 }
288 
289 static void ide_cfata_identify_size(IDEState *s)
290 {
291     uint16_t *p = (uint16_t *)s->identify_data;
292     put_le16(p + 7, s->nb_sectors >> 16);  /* Sectors per card */
293     put_le16(p + 8, s->nb_sectors);        /* Sectors per card */
294     put_le16(p + 60, s->nb_sectors);       /* Total LBA sectors */
295     put_le16(p + 61, s->nb_sectors >> 16); /* Total LBA sectors */
296 }
297 
298 static void ide_cfata_identify(IDEState *s)
299 {
300     uint16_t *p;
301     uint32_t cur_sec;
302 
303     p = (uint16_t *)s->identify_data;
304     if (s->identify_set) {
305         goto fill_buffer;
306     }
307     memset(p, 0, sizeof(s->identify_data));
308 
309     cur_sec = s->cylinders * s->heads * s->sectors;
310 
311     put_le16(p + 0, 0x848a);			/* CF Storage Card signature */
312     put_le16(p + 1, s->cylinders);		/* Default cylinders */
313     put_le16(p + 3, s->heads);			/* Default heads */
314     put_le16(p + 6, s->sectors);		/* Default sectors per track */
315     /* *(p + 7) := nb_sectors >> 16 -- see ide_cfata_identify_size */
316     /* *(p + 8) := nb_sectors       -- see ide_cfata_identify_size */
317     padstr((char *)(p + 10), s->drive_serial_str, 20); /* serial number */
318     put_le16(p + 22, 0x0004);			/* ECC bytes */
319     padstr((char *) (p + 23), s->version, 8);	/* Firmware Revision */
320     padstr((char *) (p + 27), s->drive_model_str, 40);/* Model number */
321 #if MAX_MULT_SECTORS > 1
322     put_le16(p + 47, 0x8000 | MAX_MULT_SECTORS);
323 #else
324     put_le16(p + 47, 0x0000);
325 #endif
326     put_le16(p + 49, 0x0f00);			/* Capabilities */
327     put_le16(p + 51, 0x0002);			/* PIO cycle timing mode */
328     put_le16(p + 52, 0x0001);			/* DMA cycle timing mode */
329     put_le16(p + 53, 0x0003);			/* Translation params valid */
330     put_le16(p + 54, s->cylinders);		/* Current cylinders */
331     put_le16(p + 55, s->heads);			/* Current heads */
332     put_le16(p + 56, s->sectors);		/* Current sectors */
333     put_le16(p + 57, cur_sec);			/* Current capacity */
334     put_le16(p + 58, cur_sec >> 16);		/* Current capacity */
335     if (s->mult_sectors)			/* Multiple sector setting */
336         put_le16(p + 59, 0x100 | s->mult_sectors);
337     /* *(p + 60) := nb_sectors       -- see ide_cfata_identify_size */
338     /* *(p + 61) := nb_sectors >> 16 -- see ide_cfata_identify_size */
339     put_le16(p + 63, 0x0203);			/* Multiword DMA capability */
340     put_le16(p + 64, 0x0001);			/* Flow Control PIO support */
341     put_le16(p + 65, 0x0096);			/* Min. Multiword DMA cycle */
342     put_le16(p + 66, 0x0096);			/* Rec. Multiword DMA cycle */
343     put_le16(p + 68, 0x00b4);			/* Min. PIO cycle time */
344     put_le16(p + 82, 0x400c);			/* Command Set supported */
345     put_le16(p + 83, 0x7068);			/* Command Set supported */
346     put_le16(p + 84, 0x4000);			/* Features supported */
347     put_le16(p + 85, 0x000c);			/* Command Set enabled */
348     put_le16(p + 86, 0x7044);			/* Command Set enabled */
349     put_le16(p + 87, 0x4000);			/* Features enabled */
350     put_le16(p + 91, 0x4060);			/* Current APM level */
351     put_le16(p + 129, 0x0002);			/* Current features option */
352     put_le16(p + 130, 0x0005);			/* Reassigned sectors */
353     put_le16(p + 131, 0x0001);			/* Initial power mode */
354     put_le16(p + 132, 0x0000);			/* User signature */
355     put_le16(p + 160, 0x8100);			/* Power requirement */
356     put_le16(p + 161, 0x8001);			/* CF command set */
357 
358     ide_cfata_identify_size(s);
359     s->identify_set = 1;
360 
361 fill_buffer:
362     memcpy(s->io_buffer, p, sizeof(s->identify_data));
363 }
364 
365 static void ide_set_signature(IDEState *s)
366 {
367     s->select &= 0xf0; /* clear head */
368     /* put signature */
369     s->nsector = 1;
370     s->sector = 1;
371     if (s->drive_kind == IDE_CD) {
372         s->lcyl = 0x14;
373         s->hcyl = 0xeb;
374     } else if (s->blk) {
375         s->lcyl = 0;
376         s->hcyl = 0;
377     } else {
378         s->lcyl = 0xff;
379         s->hcyl = 0xff;
380     }
381 }
382 
383 static bool ide_sect_range_ok(IDEState *s,
384                               uint64_t sector, uint64_t nb_sectors)
385 {
386     uint64_t total_sectors;
387 
388     blk_get_geometry(s->blk, &total_sectors);
389     if (sector > total_sectors || nb_sectors > total_sectors - sector) {
390         return false;
391     }
392     return true;
393 }
394 
395 typedef struct TrimAIOCB {
396     BlockAIOCB common;
397     IDEState *s;
398     QEMUBH *bh;
399     int ret;
400     QEMUIOVector *qiov;
401     BlockAIOCB *aiocb;
402     int i, j;
403     bool is_invalid;
404 } TrimAIOCB;
405 
406 static void trim_aio_cancel(BlockAIOCB *acb)
407 {
408     TrimAIOCB *iocb = container_of(acb, TrimAIOCB, common);
409 
410     /* Exit the loop so ide_issue_trim_cb will not continue  */
411     iocb->j = iocb->qiov->niov - 1;
412     iocb->i = (iocb->qiov->iov[iocb->j].iov_len / 8) - 1;
413 
414     iocb->ret = -ECANCELED;
415 
416     if (iocb->aiocb) {
417         blk_aio_cancel_async(iocb->aiocb);
418         iocb->aiocb = NULL;
419     }
420 }
421 
422 static const AIOCBInfo trim_aiocb_info = {
423     .aiocb_size         = sizeof(TrimAIOCB),
424     .cancel_async       = trim_aio_cancel,
425 };
426 
427 static void ide_trim_bh_cb(void *opaque)
428 {
429     TrimAIOCB *iocb = opaque;
430 
431     if (iocb->is_invalid) {
432         ide_dma_error(iocb->s);
433     } else {
434         iocb->common.cb(iocb->common.opaque, iocb->ret);
435     }
436     qemu_bh_delete(iocb->bh);
437     iocb->bh = NULL;
438     qemu_aio_unref(iocb);
439 }
440 
441 static void ide_issue_trim_cb(void *opaque, int ret)
442 {
443     TrimAIOCB *iocb = opaque;
444     IDEState *s = iocb->s;
445 
446     if (ret >= 0) {
447         while (iocb->j < iocb->qiov->niov) {
448             int j = iocb->j;
449             while (++iocb->i < iocb->qiov->iov[j].iov_len / 8) {
450                 int i = iocb->i;
451                 uint64_t *buffer = iocb->qiov->iov[j].iov_base;
452 
453                 /* 6-byte LBA + 2-byte range per entry */
454                 uint64_t entry = le64_to_cpu(buffer[i]);
455                 uint64_t sector = entry & 0x0000ffffffffffffULL;
456                 uint16_t count = entry >> 48;
457 
458                 if (count == 0) {
459                     continue;
460                 }
461 
462                 if (!ide_sect_range_ok(s, sector, count)) {
463                     iocb->is_invalid = true;
464                     goto done;
465                 }
466 
467                 /* Got an entry! Submit and exit.  */
468                 iocb->aiocb = blk_aio_pdiscard(s->blk,
469                                                sector << BDRV_SECTOR_BITS,
470                                                count << BDRV_SECTOR_BITS,
471                                                ide_issue_trim_cb, opaque);
472                 return;
473             }
474 
475             iocb->j++;
476             iocb->i = -1;
477         }
478     } else {
479         iocb->ret = ret;
480     }
481 
482 done:
483     iocb->aiocb = NULL;
484     if (iocb->bh) {
485         qemu_bh_schedule(iocb->bh);
486     }
487 }
488 
489 BlockAIOCB *ide_issue_trim(
490         int64_t offset, QEMUIOVector *qiov,
491         BlockCompletionFunc *cb, void *cb_opaque, void *opaque)
492 {
493     IDEState *s = opaque;
494     TrimAIOCB *iocb;
495 
496     iocb = blk_aio_get(&trim_aiocb_info, s->blk, cb, cb_opaque);
497     iocb->s = s;
498     iocb->bh = qemu_bh_new(ide_trim_bh_cb, iocb);
499     iocb->ret = 0;
500     iocb->qiov = qiov;
501     iocb->i = -1;
502     iocb->j = 0;
503     iocb->is_invalid = false;
504     ide_issue_trim_cb(iocb, 0);
505     return &iocb->common;
506 }
507 
508 void ide_abort_command(IDEState *s)
509 {
510     ide_transfer_stop(s);
511     s->status = READY_STAT | ERR_STAT;
512     s->error = ABRT_ERR;
513 }
514 
515 static void ide_set_retry(IDEState *s)
516 {
517     s->bus->retry_unit = s->unit;
518     s->bus->retry_sector_num = ide_get_sector(s);
519     s->bus->retry_nsector = s->nsector;
520 }
521 
522 static void ide_clear_retry(IDEState *s)
523 {
524     s->bus->retry_unit = -1;
525     s->bus->retry_sector_num = 0;
526     s->bus->retry_nsector = 0;
527 }
528 
529 /* prepare data transfer and tell what to do after */
530 void ide_transfer_start(IDEState *s, uint8_t *buf, int size,
531                         EndTransferFunc *end_transfer_func)
532 {
533     s->end_transfer_func = end_transfer_func;
534     s->data_ptr = buf;
535     s->data_end = buf + size;
536     ide_set_retry(s);
537     if (!(s->status & ERR_STAT)) {
538         s->status |= DRQ_STAT;
539     }
540     if (s->bus->dma->ops->start_transfer) {
541         s->bus->dma->ops->start_transfer(s->bus->dma);
542     }
543 }
544 
545 static void ide_cmd_done(IDEState *s)
546 {
547     if (s->bus->dma->ops->cmd_done) {
548         s->bus->dma->ops->cmd_done(s->bus->dma);
549     }
550 }
551 
552 static void ide_transfer_halt(IDEState *s,
553                               void(*end_transfer_func)(IDEState *),
554                               bool notify)
555 {
556     s->end_transfer_func = end_transfer_func;
557     s->data_ptr = s->io_buffer;
558     s->data_end = s->io_buffer;
559     s->status &= ~DRQ_STAT;
560     if (notify) {
561         ide_cmd_done(s);
562     }
563 }
564 
565 void ide_transfer_stop(IDEState *s)
566 {
567     ide_transfer_halt(s, ide_transfer_stop, true);
568 }
569 
570 static void ide_transfer_cancel(IDEState *s)
571 {
572     ide_transfer_halt(s, ide_transfer_cancel, false);
573 }
574 
575 int64_t ide_get_sector(IDEState *s)
576 {
577     int64_t sector_num;
578     if (s->select & 0x40) {
579         /* lba */
580 	if (!s->lba48) {
581 	    sector_num = ((s->select & 0x0f) << 24) | (s->hcyl << 16) |
582 		(s->lcyl << 8) | s->sector;
583 	} else {
584 	    sector_num = ((int64_t)s->hob_hcyl << 40) |
585 		((int64_t) s->hob_lcyl << 32) |
586 		((int64_t) s->hob_sector << 24) |
587 		((int64_t) s->hcyl << 16) |
588 		((int64_t) s->lcyl << 8) | s->sector;
589 	}
590     } else {
591         sector_num = ((s->hcyl << 8) | s->lcyl) * s->heads * s->sectors +
592             (s->select & 0x0f) * s->sectors + (s->sector - 1);
593     }
594     return sector_num;
595 }
596 
597 void ide_set_sector(IDEState *s, int64_t sector_num)
598 {
599     unsigned int cyl, r;
600     if (s->select & 0x40) {
601 	if (!s->lba48) {
602             s->select = (s->select & 0xf0) | (sector_num >> 24);
603             s->hcyl = (sector_num >> 16);
604             s->lcyl = (sector_num >> 8);
605             s->sector = (sector_num);
606 	} else {
607 	    s->sector = sector_num;
608 	    s->lcyl = sector_num >> 8;
609 	    s->hcyl = sector_num >> 16;
610 	    s->hob_sector = sector_num >> 24;
611 	    s->hob_lcyl = sector_num >> 32;
612 	    s->hob_hcyl = sector_num >> 40;
613 	}
614     } else {
615         cyl = sector_num / (s->heads * s->sectors);
616         r = sector_num % (s->heads * s->sectors);
617         s->hcyl = cyl >> 8;
618         s->lcyl = cyl;
619         s->select = (s->select & 0xf0) | ((r / s->sectors) & 0x0f);
620         s->sector = (r % s->sectors) + 1;
621     }
622 }
623 
624 static void ide_rw_error(IDEState *s) {
625     ide_abort_command(s);
626     ide_set_irq(s->bus);
627 }
628 
629 static void ide_buffered_readv_cb(void *opaque, int ret)
630 {
631     IDEBufferedRequest *req = opaque;
632     if (!req->orphaned) {
633         if (!ret) {
634             qemu_iovec_from_buf(req->original_qiov, 0, req->iov.iov_base,
635                                 req->original_qiov->size);
636         }
637         req->original_cb(req->original_opaque, ret);
638     }
639     QLIST_REMOVE(req, list);
640     qemu_vfree(req->iov.iov_base);
641     g_free(req);
642 }
643 
644 #define MAX_BUFFERED_REQS 16
645 
646 BlockAIOCB *ide_buffered_readv(IDEState *s, int64_t sector_num,
647                                QEMUIOVector *iov, int nb_sectors,
648                                BlockCompletionFunc *cb, void *opaque)
649 {
650     BlockAIOCB *aioreq;
651     IDEBufferedRequest *req;
652     int c = 0;
653 
654     QLIST_FOREACH(req, &s->buffered_requests, list) {
655         c++;
656     }
657     if (c > MAX_BUFFERED_REQS) {
658         return blk_abort_aio_request(s->blk, cb, opaque, -EIO);
659     }
660 
661     req = g_new0(IDEBufferedRequest, 1);
662     req->original_qiov = iov;
663     req->original_cb = cb;
664     req->original_opaque = opaque;
665     req->iov.iov_base = qemu_blockalign(blk_bs(s->blk), iov->size);
666     req->iov.iov_len = iov->size;
667     qemu_iovec_init_external(&req->qiov, &req->iov, 1);
668 
669     aioreq = blk_aio_preadv(s->blk, sector_num << BDRV_SECTOR_BITS,
670                             &req->qiov, 0, ide_buffered_readv_cb, req);
671 
672     QLIST_INSERT_HEAD(&s->buffered_requests, req, list);
673     return aioreq;
674 }
675 
676 /**
677  * Cancel all pending DMA requests.
678  * Any buffered DMA requests are instantly canceled,
679  * but any pending unbuffered DMA requests must be waited on.
680  */
681 void ide_cancel_dma_sync(IDEState *s)
682 {
683     IDEBufferedRequest *req;
684 
685     /* First invoke the callbacks of all buffered requests
686      * and flag those requests as orphaned. Ideally there
687      * are no unbuffered (Scatter Gather DMA Requests or
688      * write requests) pending and we can avoid to drain. */
689     QLIST_FOREACH(req, &s->buffered_requests, list) {
690         if (!req->orphaned) {
691             trace_ide_cancel_dma_sync_buffered(req->original_cb, req);
692             req->original_cb(req->original_opaque, -ECANCELED);
693         }
694         req->orphaned = true;
695     }
696 
697     /*
698      * We can't cancel Scatter Gather DMA in the middle of the
699      * operation or a partial (not full) DMA transfer would reach
700      * the storage so we wait for completion instead (we beahve
701      * like if the DMA was completed by the time the guest trying
702      * to cancel dma with bmdma_cmd_writeb with BM_CMD_START not
703      * set).
704      *
705      * In the future we'll be able to safely cancel the I/O if the
706      * whole DMA operation will be submitted to disk with a single
707      * aio operation with preadv/pwritev.
708      */
709     if (s->bus->dma->aiocb) {
710         trace_ide_cancel_dma_sync_remaining();
711         blk_drain(s->blk);
712         assert(s->bus->dma->aiocb == NULL);
713     }
714 }
715 
716 static void ide_sector_read(IDEState *s);
717 
718 static void ide_sector_read_cb(void *opaque, int ret)
719 {
720     IDEState *s = opaque;
721     int n;
722 
723     s->pio_aiocb = NULL;
724     s->status &= ~BUSY_STAT;
725 
726     if (ret == -ECANCELED) {
727         return;
728     }
729     if (ret != 0) {
730         if (ide_handle_rw_error(s, -ret, IDE_RETRY_PIO |
731                                 IDE_RETRY_READ)) {
732             return;
733         }
734     }
735 
736     block_acct_done(blk_get_stats(s->blk), &s->acct);
737 
738     n = s->nsector;
739     if (n > s->req_nb_sectors) {
740         n = s->req_nb_sectors;
741     }
742 
743     ide_set_sector(s, ide_get_sector(s) + n);
744     s->nsector -= n;
745     /* Allow the guest to read the io_buffer */
746     ide_transfer_start(s, s->io_buffer, n * BDRV_SECTOR_SIZE, ide_sector_read);
747     ide_set_irq(s->bus);
748 }
749 
750 static void ide_sector_read(IDEState *s)
751 {
752     int64_t sector_num;
753     int n;
754 
755     s->status = READY_STAT | SEEK_STAT;
756     s->error = 0; /* not needed by IDE spec, but needed by Windows */
757     sector_num = ide_get_sector(s);
758     n = s->nsector;
759 
760     if (n == 0) {
761         ide_transfer_stop(s);
762         return;
763     }
764 
765     s->status |= BUSY_STAT;
766 
767     if (n > s->req_nb_sectors) {
768         n = s->req_nb_sectors;
769     }
770 
771     trace_ide_sector_read(sector_num, n);
772 
773     if (!ide_sect_range_ok(s, sector_num, n)) {
774         ide_rw_error(s);
775         block_acct_invalid(blk_get_stats(s->blk), BLOCK_ACCT_READ);
776         return;
777     }
778 
779     s->iov.iov_base = s->io_buffer;
780     s->iov.iov_len  = n * BDRV_SECTOR_SIZE;
781     qemu_iovec_init_external(&s->qiov, &s->iov, 1);
782 
783     block_acct_start(blk_get_stats(s->blk), &s->acct,
784                      n * BDRV_SECTOR_SIZE, BLOCK_ACCT_READ);
785     s->pio_aiocb = ide_buffered_readv(s, sector_num, &s->qiov, n,
786                                       ide_sector_read_cb, s);
787 }
788 
789 void dma_buf_commit(IDEState *s, uint32_t tx_bytes)
790 {
791     if (s->bus->dma->ops->commit_buf) {
792         s->bus->dma->ops->commit_buf(s->bus->dma, tx_bytes);
793     }
794     s->io_buffer_offset += tx_bytes;
795     qemu_sglist_destroy(&s->sg);
796 }
797 
798 void ide_set_inactive(IDEState *s, bool more)
799 {
800     s->bus->dma->aiocb = NULL;
801     ide_clear_retry(s);
802     if (s->bus->dma->ops->set_inactive) {
803         s->bus->dma->ops->set_inactive(s->bus->dma, more);
804     }
805     ide_cmd_done(s);
806 }
807 
808 void ide_dma_error(IDEState *s)
809 {
810     dma_buf_commit(s, 0);
811     ide_abort_command(s);
812     ide_set_inactive(s, false);
813     ide_set_irq(s->bus);
814 }
815 
816 int ide_handle_rw_error(IDEState *s, int error, int op)
817 {
818     bool is_read = (op & IDE_RETRY_READ) != 0;
819     BlockErrorAction action = blk_get_error_action(s->blk, is_read, error);
820 
821     if (action == BLOCK_ERROR_ACTION_STOP) {
822         assert(s->bus->retry_unit == s->unit);
823         s->bus->error_status = op;
824     } else if (action == BLOCK_ERROR_ACTION_REPORT) {
825         block_acct_failed(blk_get_stats(s->blk), &s->acct);
826         if (IS_IDE_RETRY_DMA(op)) {
827             ide_dma_error(s);
828         } else if (IS_IDE_RETRY_ATAPI(op)) {
829             ide_atapi_io_error(s, -error);
830         } else {
831             ide_rw_error(s);
832         }
833     }
834     blk_error_action(s->blk, action, is_read, error);
835     return action != BLOCK_ERROR_ACTION_IGNORE;
836 }
837 
838 static void ide_dma_cb(void *opaque, int ret)
839 {
840     IDEState *s = opaque;
841     int n;
842     int64_t sector_num;
843     uint64_t offset;
844     bool stay_active = false;
845 
846     if (ret == -ECANCELED) {
847         return;
848     }
849     if (ret < 0) {
850         if (ide_handle_rw_error(s, -ret, ide_dma_cmd_to_retry(s->dma_cmd))) {
851             s->bus->dma->aiocb = NULL;
852             dma_buf_commit(s, 0);
853             return;
854         }
855     }
856 
857     n = s->io_buffer_size >> 9;
858     if (n > s->nsector) {
859         /* The PRDs were longer than needed for this request. Shorten them so
860          * we don't get a negative remainder. The Active bit must remain set
861          * after the request completes. */
862         n = s->nsector;
863         stay_active = true;
864     }
865 
866     sector_num = ide_get_sector(s);
867     if (n > 0) {
868         assert(n * 512 == s->sg.size);
869         dma_buf_commit(s, s->sg.size);
870         sector_num += n;
871         ide_set_sector(s, sector_num);
872         s->nsector -= n;
873     }
874 
875     /* end of transfer ? */
876     if (s->nsector == 0) {
877         s->status = READY_STAT | SEEK_STAT;
878         ide_set_irq(s->bus);
879         goto eot;
880     }
881 
882     /* launch next transfer */
883     n = s->nsector;
884     s->io_buffer_index = 0;
885     s->io_buffer_size = n * 512;
886     if (s->bus->dma->ops->prepare_buf(s->bus->dma, s->io_buffer_size) < 512) {
887         /* The PRDs were too short. Reset the Active bit, but don't raise an
888          * interrupt. */
889         s->status = READY_STAT | SEEK_STAT;
890         dma_buf_commit(s, 0);
891         goto eot;
892     }
893 
894     trace_ide_dma_cb(s, sector_num, n, IDE_DMA_CMD_str(s->dma_cmd));
895 
896     if ((s->dma_cmd == IDE_DMA_READ || s->dma_cmd == IDE_DMA_WRITE) &&
897         !ide_sect_range_ok(s, sector_num, n)) {
898         ide_dma_error(s);
899         block_acct_invalid(blk_get_stats(s->blk), s->acct.type);
900         return;
901     }
902 
903     offset = sector_num << BDRV_SECTOR_BITS;
904     switch (s->dma_cmd) {
905     case IDE_DMA_READ:
906         s->bus->dma->aiocb = dma_blk_read(s->blk, &s->sg, offset,
907                                           BDRV_SECTOR_SIZE, ide_dma_cb, s);
908         break;
909     case IDE_DMA_WRITE:
910         s->bus->dma->aiocb = dma_blk_write(s->blk, &s->sg, offset,
911                                            BDRV_SECTOR_SIZE, ide_dma_cb, s);
912         break;
913     case IDE_DMA_TRIM:
914         s->bus->dma->aiocb = dma_blk_io(blk_get_aio_context(s->blk),
915                                         &s->sg, offset, BDRV_SECTOR_SIZE,
916                                         ide_issue_trim, s, ide_dma_cb, s,
917                                         DMA_DIRECTION_TO_DEVICE);
918         break;
919     default:
920         abort();
921     }
922     return;
923 
924 eot:
925     if (s->dma_cmd == IDE_DMA_READ || s->dma_cmd == IDE_DMA_WRITE) {
926         block_acct_done(blk_get_stats(s->blk), &s->acct);
927     }
928     ide_set_inactive(s, stay_active);
929 }
930 
931 static void ide_sector_start_dma(IDEState *s, enum ide_dma_cmd dma_cmd)
932 {
933     s->status = READY_STAT | SEEK_STAT | DRQ_STAT;
934     s->io_buffer_size = 0;
935     s->dma_cmd = dma_cmd;
936 
937     switch (dma_cmd) {
938     case IDE_DMA_READ:
939         block_acct_start(blk_get_stats(s->blk), &s->acct,
940                          s->nsector * BDRV_SECTOR_SIZE, BLOCK_ACCT_READ);
941         break;
942     case IDE_DMA_WRITE:
943         block_acct_start(blk_get_stats(s->blk), &s->acct,
944                          s->nsector * BDRV_SECTOR_SIZE, BLOCK_ACCT_WRITE);
945         break;
946     default:
947         break;
948     }
949 
950     ide_start_dma(s, ide_dma_cb);
951 }
952 
953 void ide_start_dma(IDEState *s, BlockCompletionFunc *cb)
954 {
955     s->io_buffer_index = 0;
956     ide_set_retry(s);
957     if (s->bus->dma->ops->start_dma) {
958         s->bus->dma->ops->start_dma(s->bus->dma, s, cb);
959     }
960 }
961 
962 static void ide_sector_write(IDEState *s);
963 
964 static void ide_sector_write_timer_cb(void *opaque)
965 {
966     IDEState *s = opaque;
967     ide_set_irq(s->bus);
968 }
969 
970 static void ide_sector_write_cb(void *opaque, int ret)
971 {
972     IDEState *s = opaque;
973     int n;
974 
975     if (ret == -ECANCELED) {
976         return;
977     }
978 
979     s->pio_aiocb = NULL;
980     s->status &= ~BUSY_STAT;
981 
982     if (ret != 0) {
983         if (ide_handle_rw_error(s, -ret, IDE_RETRY_PIO)) {
984             return;
985         }
986     }
987 
988     block_acct_done(blk_get_stats(s->blk), &s->acct);
989 
990     n = s->nsector;
991     if (n > s->req_nb_sectors) {
992         n = s->req_nb_sectors;
993     }
994     s->nsector -= n;
995 
996     ide_set_sector(s, ide_get_sector(s) + n);
997     if (s->nsector == 0) {
998         /* no more sectors to write */
999         ide_transfer_stop(s);
1000     } else {
1001         int n1 = s->nsector;
1002         if (n1 > s->req_nb_sectors) {
1003             n1 = s->req_nb_sectors;
1004         }
1005         ide_transfer_start(s, s->io_buffer, n1 * BDRV_SECTOR_SIZE,
1006                            ide_sector_write);
1007     }
1008 
1009     if (win2k_install_hack && ((++s->irq_count % 16) == 0)) {
1010         /* It seems there is a bug in the Windows 2000 installer HDD
1011            IDE driver which fills the disk with empty logs when the
1012            IDE write IRQ comes too early. This hack tries to correct
1013            that at the expense of slower write performances. Use this
1014            option _only_ to install Windows 2000. You must disable it
1015            for normal use. */
1016         timer_mod(s->sector_write_timer, qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL) +
1017                   (NANOSECONDS_PER_SECOND / 1000));
1018     } else {
1019         ide_set_irq(s->bus);
1020     }
1021 }
1022 
1023 static void ide_sector_write(IDEState *s)
1024 {
1025     int64_t sector_num;
1026     int n;
1027 
1028     s->status = READY_STAT | SEEK_STAT | BUSY_STAT;
1029     sector_num = ide_get_sector(s);
1030 
1031     n = s->nsector;
1032     if (n > s->req_nb_sectors) {
1033         n = s->req_nb_sectors;
1034     }
1035 
1036     trace_ide_sector_write(sector_num, n);
1037 
1038     if (!ide_sect_range_ok(s, sector_num, n)) {
1039         ide_rw_error(s);
1040         block_acct_invalid(blk_get_stats(s->blk), BLOCK_ACCT_WRITE);
1041         return;
1042     }
1043 
1044     s->iov.iov_base = s->io_buffer;
1045     s->iov.iov_len  = n * BDRV_SECTOR_SIZE;
1046     qemu_iovec_init_external(&s->qiov, &s->iov, 1);
1047 
1048     block_acct_start(blk_get_stats(s->blk), &s->acct,
1049                      n * BDRV_SECTOR_SIZE, BLOCK_ACCT_WRITE);
1050     s->pio_aiocb = blk_aio_pwritev(s->blk, sector_num << BDRV_SECTOR_BITS,
1051                                    &s->qiov, 0, ide_sector_write_cb, s);
1052 }
1053 
1054 static void ide_flush_cb(void *opaque, int ret)
1055 {
1056     IDEState *s = opaque;
1057 
1058     s->pio_aiocb = NULL;
1059 
1060     if (ret == -ECANCELED) {
1061         return;
1062     }
1063     if (ret < 0) {
1064         /* XXX: What sector number to set here? */
1065         if (ide_handle_rw_error(s, -ret, IDE_RETRY_FLUSH)) {
1066             return;
1067         }
1068     }
1069 
1070     if (s->blk) {
1071         block_acct_done(blk_get_stats(s->blk), &s->acct);
1072     }
1073     s->status = READY_STAT | SEEK_STAT;
1074     ide_cmd_done(s);
1075     ide_set_irq(s->bus);
1076 }
1077 
1078 static void ide_flush_cache(IDEState *s)
1079 {
1080     if (s->blk == NULL) {
1081         ide_flush_cb(s, 0);
1082         return;
1083     }
1084 
1085     s->status |= BUSY_STAT;
1086     ide_set_retry(s);
1087     block_acct_start(blk_get_stats(s->blk), &s->acct, 0, BLOCK_ACCT_FLUSH);
1088 
1089     if (blk_bs(s->blk)) {
1090         s->pio_aiocb = blk_aio_flush(s->blk, ide_flush_cb, s);
1091     } else {
1092         /* XXX blk_aio_flush() crashes when blk_bs(blk) is NULL, remove this
1093          * temporary workaround when blk_aio_*() functions handle NULL blk_bs.
1094          */
1095         ide_flush_cb(s, 0);
1096     }
1097 }
1098 
1099 static void ide_cfata_metadata_inquiry(IDEState *s)
1100 {
1101     uint16_t *p;
1102     uint32_t spd;
1103 
1104     p = (uint16_t *) s->io_buffer;
1105     memset(p, 0, 0x200);
1106     spd = ((s->mdata_size - 1) >> 9) + 1;
1107 
1108     put_le16(p + 0, 0x0001);			/* Data format revision */
1109     put_le16(p + 1, 0x0000);			/* Media property: silicon */
1110     put_le16(p + 2, s->media_changed);		/* Media status */
1111     put_le16(p + 3, s->mdata_size & 0xffff);	/* Capacity in bytes (low) */
1112     put_le16(p + 4, s->mdata_size >> 16);	/* Capacity in bytes (high) */
1113     put_le16(p + 5, spd & 0xffff);		/* Sectors per device (low) */
1114     put_le16(p + 6, spd >> 16);			/* Sectors per device (high) */
1115 }
1116 
1117 static void ide_cfata_metadata_read(IDEState *s)
1118 {
1119     uint16_t *p;
1120 
1121     if (((s->hcyl << 16) | s->lcyl) << 9 > s->mdata_size + 2) {
1122         s->status = ERR_STAT;
1123         s->error = ABRT_ERR;
1124         return;
1125     }
1126 
1127     p = (uint16_t *) s->io_buffer;
1128     memset(p, 0, 0x200);
1129 
1130     put_le16(p + 0, s->media_changed);		/* Media status */
1131     memcpy(p + 1, s->mdata_storage + (((s->hcyl << 16) | s->lcyl) << 9),
1132                     MIN(MIN(s->mdata_size - (((s->hcyl << 16) | s->lcyl) << 9),
1133                                     s->nsector << 9), 0x200 - 2));
1134 }
1135 
1136 static void ide_cfata_metadata_write(IDEState *s)
1137 {
1138     if (((s->hcyl << 16) | s->lcyl) << 9 > s->mdata_size + 2) {
1139         s->status = ERR_STAT;
1140         s->error = ABRT_ERR;
1141         return;
1142     }
1143 
1144     s->media_changed = 0;
1145 
1146     memcpy(s->mdata_storage + (((s->hcyl << 16) | s->lcyl) << 9),
1147                     s->io_buffer + 2,
1148                     MIN(MIN(s->mdata_size - (((s->hcyl << 16) | s->lcyl) << 9),
1149                                     s->nsector << 9), 0x200 - 2));
1150 }
1151 
1152 /* called when the inserted state of the media has changed */
1153 static void ide_cd_change_cb(void *opaque, bool load, Error **errp)
1154 {
1155     IDEState *s = opaque;
1156     uint64_t nb_sectors;
1157 
1158     s->tray_open = !load;
1159     blk_get_geometry(s->blk, &nb_sectors);
1160     s->nb_sectors = nb_sectors;
1161 
1162     /*
1163      * First indicate to the guest that a CD has been removed.  That's
1164      * done on the next command the guest sends us.
1165      *
1166      * Then we set UNIT_ATTENTION, by which the guest will
1167      * detect a new CD in the drive.  See ide_atapi_cmd() for details.
1168      */
1169     s->cdrom_changed = 1;
1170     s->events.new_media = true;
1171     s->events.eject_request = false;
1172     ide_set_irq(s->bus);
1173 }
1174 
1175 static void ide_cd_eject_request_cb(void *opaque, bool force)
1176 {
1177     IDEState *s = opaque;
1178 
1179     s->events.eject_request = true;
1180     if (force) {
1181         s->tray_locked = false;
1182     }
1183     ide_set_irq(s->bus);
1184 }
1185 
1186 static void ide_cmd_lba48_transform(IDEState *s, int lba48)
1187 {
1188     s->lba48 = lba48;
1189 
1190     /* handle the 'magic' 0 nsector count conversion here. to avoid
1191      * fiddling with the rest of the read logic, we just store the
1192      * full sector count in ->nsector and ignore ->hob_nsector from now
1193      */
1194     if (!s->lba48) {
1195 	if (!s->nsector)
1196 	    s->nsector = 256;
1197     } else {
1198 	if (!s->nsector && !s->hob_nsector)
1199 	    s->nsector = 65536;
1200 	else {
1201 	    int lo = s->nsector;
1202 	    int hi = s->hob_nsector;
1203 
1204 	    s->nsector = (hi << 8) | lo;
1205 	}
1206     }
1207 }
1208 
1209 static void ide_clear_hob(IDEBus *bus)
1210 {
1211     /* any write clears HOB high bit of device control register */
1212     bus->ifs[0].select &= ~(1 << 7);
1213     bus->ifs[1].select &= ~(1 << 7);
1214 }
1215 
1216 /* IOport [W]rite [R]egisters */
1217 enum ATA_IOPORT_WR {
1218     ATA_IOPORT_WR_DATA = 0,
1219     ATA_IOPORT_WR_FEATURES = 1,
1220     ATA_IOPORT_WR_SECTOR_COUNT = 2,
1221     ATA_IOPORT_WR_SECTOR_NUMBER = 3,
1222     ATA_IOPORT_WR_CYLINDER_LOW = 4,
1223     ATA_IOPORT_WR_CYLINDER_HIGH = 5,
1224     ATA_IOPORT_WR_DEVICE_HEAD = 6,
1225     ATA_IOPORT_WR_COMMAND = 7,
1226     ATA_IOPORT_WR_NUM_REGISTERS,
1227 };
1228 
1229 const char *ATA_IOPORT_WR_lookup[ATA_IOPORT_WR_NUM_REGISTERS] = {
1230     [ATA_IOPORT_WR_DATA] = "Data",
1231     [ATA_IOPORT_WR_FEATURES] = "Features",
1232     [ATA_IOPORT_WR_SECTOR_COUNT] = "Sector Count",
1233     [ATA_IOPORT_WR_SECTOR_NUMBER] = "Sector Number",
1234     [ATA_IOPORT_WR_CYLINDER_LOW] = "Cylinder Low",
1235     [ATA_IOPORT_WR_CYLINDER_HIGH] = "Cylinder High",
1236     [ATA_IOPORT_WR_DEVICE_HEAD] = "Device/Head",
1237     [ATA_IOPORT_WR_COMMAND] = "Command"
1238 };
1239 
1240 void ide_ioport_write(void *opaque, uint32_t addr, uint32_t val)
1241 {
1242     IDEBus *bus = opaque;
1243     IDEState *s = idebus_active_if(bus);
1244     int reg_num = addr & 7;
1245 
1246     trace_ide_ioport_write(addr, ATA_IOPORT_WR_lookup[reg_num], val, bus, s);
1247 
1248     /* ignore writes to command block while busy with previous command */
1249     if (reg_num != 7 && (s->status & (BUSY_STAT|DRQ_STAT))) {
1250         return;
1251     }
1252 
1253     switch (reg_num) {
1254     case 0:
1255         break;
1256     case ATA_IOPORT_WR_FEATURES:
1257         ide_clear_hob(bus);
1258         /* NOTE: data is written to the two drives */
1259         bus->ifs[0].hob_feature = bus->ifs[0].feature;
1260         bus->ifs[1].hob_feature = bus->ifs[1].feature;
1261         bus->ifs[0].feature = val;
1262         bus->ifs[1].feature = val;
1263         break;
1264     case ATA_IOPORT_WR_SECTOR_COUNT:
1265 	ide_clear_hob(bus);
1266 	bus->ifs[0].hob_nsector = bus->ifs[0].nsector;
1267 	bus->ifs[1].hob_nsector = bus->ifs[1].nsector;
1268         bus->ifs[0].nsector = val;
1269         bus->ifs[1].nsector = val;
1270         break;
1271     case ATA_IOPORT_WR_SECTOR_NUMBER:
1272 	ide_clear_hob(bus);
1273 	bus->ifs[0].hob_sector = bus->ifs[0].sector;
1274 	bus->ifs[1].hob_sector = bus->ifs[1].sector;
1275         bus->ifs[0].sector = val;
1276         bus->ifs[1].sector = val;
1277         break;
1278     case ATA_IOPORT_WR_CYLINDER_LOW:
1279 	ide_clear_hob(bus);
1280 	bus->ifs[0].hob_lcyl = bus->ifs[0].lcyl;
1281 	bus->ifs[1].hob_lcyl = bus->ifs[1].lcyl;
1282         bus->ifs[0].lcyl = val;
1283         bus->ifs[1].lcyl = val;
1284         break;
1285     case ATA_IOPORT_WR_CYLINDER_HIGH:
1286 	ide_clear_hob(bus);
1287 	bus->ifs[0].hob_hcyl = bus->ifs[0].hcyl;
1288 	bus->ifs[1].hob_hcyl = bus->ifs[1].hcyl;
1289         bus->ifs[0].hcyl = val;
1290         bus->ifs[1].hcyl = val;
1291         break;
1292     case ATA_IOPORT_WR_DEVICE_HEAD:
1293 	/* FIXME: HOB readback uses bit 7 */
1294         bus->ifs[0].select = (val & ~0x10) | 0xa0;
1295         bus->ifs[1].select = (val | 0x10) | 0xa0;
1296         /* select drive */
1297         bus->unit = (val >> 4) & 1;
1298         break;
1299     default:
1300     case ATA_IOPORT_WR_COMMAND:
1301         /* command */
1302         ide_exec_cmd(bus, val);
1303         break;
1304     }
1305 }
1306 
1307 static void ide_reset(IDEState *s)
1308 {
1309     trace_ide_reset(s);
1310 
1311     if (s->pio_aiocb) {
1312         blk_aio_cancel(s->pio_aiocb);
1313         s->pio_aiocb = NULL;
1314     }
1315 
1316     if (s->drive_kind == IDE_CFATA)
1317         s->mult_sectors = 0;
1318     else
1319         s->mult_sectors = MAX_MULT_SECTORS;
1320     /* ide regs */
1321     s->feature = 0;
1322     s->error = 0;
1323     s->nsector = 0;
1324     s->sector = 0;
1325     s->lcyl = 0;
1326     s->hcyl = 0;
1327 
1328     /* lba48 */
1329     s->hob_feature = 0;
1330     s->hob_sector = 0;
1331     s->hob_nsector = 0;
1332     s->hob_lcyl = 0;
1333     s->hob_hcyl = 0;
1334 
1335     s->select = 0xa0;
1336     s->status = READY_STAT | SEEK_STAT;
1337 
1338     s->lba48 = 0;
1339 
1340     /* ATAPI specific */
1341     s->sense_key = 0;
1342     s->asc = 0;
1343     s->cdrom_changed = 0;
1344     s->packet_transfer_size = 0;
1345     s->elementary_transfer_size = 0;
1346     s->io_buffer_index = 0;
1347     s->cd_sector_size = 0;
1348     s->atapi_dma = 0;
1349     s->tray_locked = 0;
1350     s->tray_open = 0;
1351     /* ATA DMA state */
1352     s->io_buffer_size = 0;
1353     s->req_nb_sectors = 0;
1354 
1355     ide_set_signature(s);
1356     /* init the transfer handler so that 0xffff is returned on data
1357        accesses */
1358     s->end_transfer_func = ide_dummy_transfer_stop;
1359     ide_dummy_transfer_stop(s);
1360     s->media_changed = 0;
1361 }
1362 
1363 static bool cmd_nop(IDEState *s, uint8_t cmd)
1364 {
1365     return true;
1366 }
1367 
1368 static bool cmd_device_reset(IDEState *s, uint8_t cmd)
1369 {
1370     /* Halt PIO (in the DRQ phase), then DMA */
1371     ide_transfer_cancel(s);
1372     ide_cancel_dma_sync(s);
1373 
1374     /* Reset any PIO commands, reset signature, etc */
1375     ide_reset(s);
1376 
1377     /* RESET: ATA8-ACS3 7.10.4 "Normal Outputs";
1378      * ATA8-ACS3 Table 184 "Device Signatures for Normal Output" */
1379     s->status = 0x00;
1380 
1381     /* Do not overwrite status register */
1382     return false;
1383 }
1384 
1385 static bool cmd_data_set_management(IDEState *s, uint8_t cmd)
1386 {
1387     switch (s->feature) {
1388     case DSM_TRIM:
1389         if (s->blk) {
1390             ide_sector_start_dma(s, IDE_DMA_TRIM);
1391             return false;
1392         }
1393         break;
1394     }
1395 
1396     ide_abort_command(s);
1397     return true;
1398 }
1399 
1400 static bool cmd_identify(IDEState *s, uint8_t cmd)
1401 {
1402     if (s->blk && s->drive_kind != IDE_CD) {
1403         if (s->drive_kind != IDE_CFATA) {
1404             ide_identify(s);
1405         } else {
1406             ide_cfata_identify(s);
1407         }
1408         s->status = READY_STAT | SEEK_STAT;
1409         ide_transfer_start(s, s->io_buffer, 512, ide_transfer_stop);
1410         ide_set_irq(s->bus);
1411         return false;
1412     } else {
1413         if (s->drive_kind == IDE_CD) {
1414             ide_set_signature(s);
1415         }
1416         ide_abort_command(s);
1417     }
1418 
1419     return true;
1420 }
1421 
1422 static bool cmd_verify(IDEState *s, uint8_t cmd)
1423 {
1424     bool lba48 = (cmd == WIN_VERIFY_EXT);
1425 
1426     /* do sector number check ? */
1427     ide_cmd_lba48_transform(s, lba48);
1428 
1429     return true;
1430 }
1431 
1432 static bool cmd_set_multiple_mode(IDEState *s, uint8_t cmd)
1433 {
1434     if (s->drive_kind == IDE_CFATA && s->nsector == 0) {
1435         /* Disable Read and Write Multiple */
1436         s->mult_sectors = 0;
1437     } else if ((s->nsector & 0xff) != 0 &&
1438         ((s->nsector & 0xff) > MAX_MULT_SECTORS ||
1439          (s->nsector & (s->nsector - 1)) != 0)) {
1440         ide_abort_command(s);
1441     } else {
1442         s->mult_sectors = s->nsector & 0xff;
1443     }
1444 
1445     return true;
1446 }
1447 
1448 static bool cmd_read_multiple(IDEState *s, uint8_t cmd)
1449 {
1450     bool lba48 = (cmd == WIN_MULTREAD_EXT);
1451 
1452     if (!s->blk || !s->mult_sectors) {
1453         ide_abort_command(s);
1454         return true;
1455     }
1456 
1457     ide_cmd_lba48_transform(s, lba48);
1458     s->req_nb_sectors = s->mult_sectors;
1459     ide_sector_read(s);
1460     return false;
1461 }
1462 
1463 static bool cmd_write_multiple(IDEState *s, uint8_t cmd)
1464 {
1465     bool lba48 = (cmd == WIN_MULTWRITE_EXT);
1466     int n;
1467 
1468     if (!s->blk || !s->mult_sectors) {
1469         ide_abort_command(s);
1470         return true;
1471     }
1472 
1473     ide_cmd_lba48_transform(s, lba48);
1474 
1475     s->req_nb_sectors = s->mult_sectors;
1476     n = MIN(s->nsector, s->req_nb_sectors);
1477 
1478     s->status = SEEK_STAT | READY_STAT;
1479     ide_transfer_start(s, s->io_buffer, 512 * n, ide_sector_write);
1480 
1481     s->media_changed = 1;
1482 
1483     return false;
1484 }
1485 
1486 static bool cmd_read_pio(IDEState *s, uint8_t cmd)
1487 {
1488     bool lba48 = (cmd == WIN_READ_EXT);
1489 
1490     if (s->drive_kind == IDE_CD) {
1491         ide_set_signature(s); /* odd, but ATA4 8.27.5.2 requires it */
1492         ide_abort_command(s);
1493         return true;
1494     }
1495 
1496     if (!s->blk) {
1497         ide_abort_command(s);
1498         return true;
1499     }
1500 
1501     ide_cmd_lba48_transform(s, lba48);
1502     s->req_nb_sectors = 1;
1503     ide_sector_read(s);
1504 
1505     return false;
1506 }
1507 
1508 static bool cmd_write_pio(IDEState *s, uint8_t cmd)
1509 {
1510     bool lba48 = (cmd == WIN_WRITE_EXT);
1511 
1512     if (!s->blk) {
1513         ide_abort_command(s);
1514         return true;
1515     }
1516 
1517     ide_cmd_lba48_transform(s, lba48);
1518 
1519     s->req_nb_sectors = 1;
1520     s->status = SEEK_STAT | READY_STAT;
1521     ide_transfer_start(s, s->io_buffer, 512, ide_sector_write);
1522 
1523     s->media_changed = 1;
1524 
1525     return false;
1526 }
1527 
1528 static bool cmd_read_dma(IDEState *s, uint8_t cmd)
1529 {
1530     bool lba48 = (cmd == WIN_READDMA_EXT);
1531 
1532     if (!s->blk) {
1533         ide_abort_command(s);
1534         return true;
1535     }
1536 
1537     ide_cmd_lba48_transform(s, lba48);
1538     ide_sector_start_dma(s, IDE_DMA_READ);
1539 
1540     return false;
1541 }
1542 
1543 static bool cmd_write_dma(IDEState *s, uint8_t cmd)
1544 {
1545     bool lba48 = (cmd == WIN_WRITEDMA_EXT);
1546 
1547     if (!s->blk) {
1548         ide_abort_command(s);
1549         return true;
1550     }
1551 
1552     ide_cmd_lba48_transform(s, lba48);
1553     ide_sector_start_dma(s, IDE_DMA_WRITE);
1554 
1555     s->media_changed = 1;
1556 
1557     return false;
1558 }
1559 
1560 static bool cmd_flush_cache(IDEState *s, uint8_t cmd)
1561 {
1562     ide_flush_cache(s);
1563     return false;
1564 }
1565 
1566 static bool cmd_seek(IDEState *s, uint8_t cmd)
1567 {
1568     /* XXX: Check that seek is within bounds */
1569     return true;
1570 }
1571 
1572 static bool cmd_read_native_max(IDEState *s, uint8_t cmd)
1573 {
1574     bool lba48 = (cmd == WIN_READ_NATIVE_MAX_EXT);
1575 
1576     /* Refuse if no sectors are addressable (e.g. medium not inserted) */
1577     if (s->nb_sectors == 0) {
1578         ide_abort_command(s);
1579         return true;
1580     }
1581 
1582     ide_cmd_lba48_transform(s, lba48);
1583     ide_set_sector(s, s->nb_sectors - 1);
1584 
1585     return true;
1586 }
1587 
1588 static bool cmd_check_power_mode(IDEState *s, uint8_t cmd)
1589 {
1590     s->nsector = 0xff; /* device active or idle */
1591     return true;
1592 }
1593 
1594 static bool cmd_set_features(IDEState *s, uint8_t cmd)
1595 {
1596     uint16_t *identify_data;
1597 
1598     if (!s->blk) {
1599         ide_abort_command(s);
1600         return true;
1601     }
1602 
1603     /* XXX: valid for CDROM ? */
1604     switch (s->feature) {
1605     case 0x02: /* write cache enable */
1606         blk_set_enable_write_cache(s->blk, true);
1607         identify_data = (uint16_t *)s->identify_data;
1608         put_le16(identify_data + 85, (1 << 14) | (1 << 5) | 1);
1609         return true;
1610     case 0x82: /* write cache disable */
1611         blk_set_enable_write_cache(s->blk, false);
1612         identify_data = (uint16_t *)s->identify_data;
1613         put_le16(identify_data + 85, (1 << 14) | 1);
1614         ide_flush_cache(s);
1615         return false;
1616     case 0xcc: /* reverting to power-on defaults enable */
1617     case 0x66: /* reverting to power-on defaults disable */
1618     case 0xaa: /* read look-ahead enable */
1619     case 0x55: /* read look-ahead disable */
1620     case 0x05: /* set advanced power management mode */
1621     case 0x85: /* disable advanced power management mode */
1622     case 0x69: /* NOP */
1623     case 0x67: /* NOP */
1624     case 0x96: /* NOP */
1625     case 0x9a: /* NOP */
1626     case 0x42: /* enable Automatic Acoustic Mode */
1627     case 0xc2: /* disable Automatic Acoustic Mode */
1628         return true;
1629     case 0x03: /* set transfer mode */
1630         {
1631             uint8_t val = s->nsector & 0x07;
1632             identify_data = (uint16_t *)s->identify_data;
1633 
1634             switch (s->nsector >> 3) {
1635             case 0x00: /* pio default */
1636             case 0x01: /* pio mode */
1637                 put_le16(identify_data + 62, 0x07);
1638                 put_le16(identify_data + 63, 0x07);
1639                 put_le16(identify_data + 88, 0x3f);
1640                 break;
1641             case 0x02: /* sigle word dma mode*/
1642                 put_le16(identify_data + 62, 0x07 | (1 << (val + 8)));
1643                 put_le16(identify_data + 63, 0x07);
1644                 put_le16(identify_data + 88, 0x3f);
1645                 break;
1646             case 0x04: /* mdma mode */
1647                 put_le16(identify_data + 62, 0x07);
1648                 put_le16(identify_data + 63, 0x07 | (1 << (val + 8)));
1649                 put_le16(identify_data + 88, 0x3f);
1650                 break;
1651             case 0x08: /* udma mode */
1652                 put_le16(identify_data + 62, 0x07);
1653                 put_le16(identify_data + 63, 0x07);
1654                 put_le16(identify_data + 88, 0x3f | (1 << (val + 8)));
1655                 break;
1656             default:
1657                 goto abort_cmd;
1658             }
1659             return true;
1660         }
1661     }
1662 
1663 abort_cmd:
1664     ide_abort_command(s);
1665     return true;
1666 }
1667 
1668 
1669 /*** ATAPI commands ***/
1670 
1671 static bool cmd_identify_packet(IDEState *s, uint8_t cmd)
1672 {
1673     ide_atapi_identify(s);
1674     s->status = READY_STAT | SEEK_STAT;
1675     ide_transfer_start(s, s->io_buffer, 512, ide_transfer_stop);
1676     ide_set_irq(s->bus);
1677     return false;
1678 }
1679 
1680 static bool cmd_exec_dev_diagnostic(IDEState *s, uint8_t cmd)
1681 {
1682     ide_set_signature(s);
1683 
1684     if (s->drive_kind == IDE_CD) {
1685         s->status = 0; /* ATAPI spec (v6) section 9.10 defines packet
1686                         * devices to return a clear status register
1687                         * with READY_STAT *not* set. */
1688         s->error = 0x01;
1689     } else {
1690         s->status = READY_STAT | SEEK_STAT;
1691         /* The bits of the error register are not as usual for this command!
1692          * They are part of the regular output (this is why ERR_STAT isn't set)
1693          * Device 0 passed, Device 1 passed or not present. */
1694         s->error = 0x01;
1695         ide_set_irq(s->bus);
1696     }
1697 
1698     return false;
1699 }
1700 
1701 static bool cmd_packet(IDEState *s, uint8_t cmd)
1702 {
1703     /* overlapping commands not supported */
1704     if (s->feature & 0x02) {
1705         ide_abort_command(s);
1706         return true;
1707     }
1708 
1709     s->status = READY_STAT | SEEK_STAT;
1710     s->atapi_dma = s->feature & 1;
1711     if (s->atapi_dma) {
1712         s->dma_cmd = IDE_DMA_ATAPI;
1713     }
1714     s->nsector = 1;
1715     ide_transfer_start(s, s->io_buffer, ATAPI_PACKET_SIZE,
1716                        ide_atapi_cmd);
1717     return false;
1718 }
1719 
1720 
1721 /*** CF-ATA commands ***/
1722 
1723 static bool cmd_cfa_req_ext_error_code(IDEState *s, uint8_t cmd)
1724 {
1725     s->error = 0x09;    /* miscellaneous error */
1726     s->status = READY_STAT | SEEK_STAT;
1727     ide_set_irq(s->bus);
1728 
1729     return false;
1730 }
1731 
1732 static bool cmd_cfa_erase_sectors(IDEState *s, uint8_t cmd)
1733 {
1734     /* WIN_SECURITY_FREEZE_LOCK has the same ID as CFA_WEAR_LEVEL and is
1735      * required for Windows 8 to work with AHCI */
1736 
1737     if (cmd == CFA_WEAR_LEVEL) {
1738         s->nsector = 0;
1739     }
1740 
1741     if (cmd == CFA_ERASE_SECTORS) {
1742         s->media_changed = 1;
1743     }
1744 
1745     return true;
1746 }
1747 
1748 static bool cmd_cfa_translate_sector(IDEState *s, uint8_t cmd)
1749 {
1750     s->status = READY_STAT | SEEK_STAT;
1751 
1752     memset(s->io_buffer, 0, 0x200);
1753     s->io_buffer[0x00] = s->hcyl;                   /* Cyl MSB */
1754     s->io_buffer[0x01] = s->lcyl;                   /* Cyl LSB */
1755     s->io_buffer[0x02] = s->select;                 /* Head */
1756     s->io_buffer[0x03] = s->sector;                 /* Sector */
1757     s->io_buffer[0x04] = ide_get_sector(s) >> 16;   /* LBA MSB */
1758     s->io_buffer[0x05] = ide_get_sector(s) >> 8;    /* LBA */
1759     s->io_buffer[0x06] = ide_get_sector(s) >> 0;    /* LBA LSB */
1760     s->io_buffer[0x13] = 0x00;                      /* Erase flag */
1761     s->io_buffer[0x18] = 0x00;                      /* Hot count */
1762     s->io_buffer[0x19] = 0x00;                      /* Hot count */
1763     s->io_buffer[0x1a] = 0x01;                      /* Hot count */
1764 
1765     ide_transfer_start(s, s->io_buffer, 0x200, ide_transfer_stop);
1766     ide_set_irq(s->bus);
1767 
1768     return false;
1769 }
1770 
1771 static bool cmd_cfa_access_metadata_storage(IDEState *s, uint8_t cmd)
1772 {
1773     switch (s->feature) {
1774     case 0x02:  /* Inquiry Metadata Storage */
1775         ide_cfata_metadata_inquiry(s);
1776         break;
1777     case 0x03:  /* Read Metadata Storage */
1778         ide_cfata_metadata_read(s);
1779         break;
1780     case 0x04:  /* Write Metadata Storage */
1781         ide_cfata_metadata_write(s);
1782         break;
1783     default:
1784         ide_abort_command(s);
1785         return true;
1786     }
1787 
1788     ide_transfer_start(s, s->io_buffer, 0x200, ide_transfer_stop);
1789     s->status = 0x00; /* NOTE: READY is _not_ set */
1790     ide_set_irq(s->bus);
1791 
1792     return false;
1793 }
1794 
1795 static bool cmd_ibm_sense_condition(IDEState *s, uint8_t cmd)
1796 {
1797     switch (s->feature) {
1798     case 0x01:  /* sense temperature in device */
1799         s->nsector = 0x50;      /* +20 C */
1800         break;
1801     default:
1802         ide_abort_command(s);
1803         return true;
1804     }
1805 
1806     return true;
1807 }
1808 
1809 
1810 /*** SMART commands ***/
1811 
1812 static bool cmd_smart(IDEState *s, uint8_t cmd)
1813 {
1814     int n;
1815 
1816     if (s->hcyl != 0xc2 || s->lcyl != 0x4f) {
1817         goto abort_cmd;
1818     }
1819 
1820     if (!s->smart_enabled && s->feature != SMART_ENABLE) {
1821         goto abort_cmd;
1822     }
1823 
1824     switch (s->feature) {
1825     case SMART_DISABLE:
1826         s->smart_enabled = 0;
1827         return true;
1828 
1829     case SMART_ENABLE:
1830         s->smart_enabled = 1;
1831         return true;
1832 
1833     case SMART_ATTR_AUTOSAVE:
1834         switch (s->sector) {
1835         case 0x00:
1836             s->smart_autosave = 0;
1837             break;
1838         case 0xf1:
1839             s->smart_autosave = 1;
1840             break;
1841         default:
1842             goto abort_cmd;
1843         }
1844         return true;
1845 
1846     case SMART_STATUS:
1847         if (!s->smart_errors) {
1848             s->hcyl = 0xc2;
1849             s->lcyl = 0x4f;
1850         } else {
1851             s->hcyl = 0x2c;
1852             s->lcyl = 0xf4;
1853         }
1854         return true;
1855 
1856     case SMART_READ_THRESH:
1857         memset(s->io_buffer, 0, 0x200);
1858         s->io_buffer[0] = 0x01; /* smart struct version */
1859 
1860         for (n = 0; n < ARRAY_SIZE(smart_attributes); n++) {
1861             s->io_buffer[2 + 0 + (n * 12)] = smart_attributes[n][0];
1862             s->io_buffer[2 + 1 + (n * 12)] = smart_attributes[n][11];
1863         }
1864 
1865         /* checksum */
1866         for (n = 0; n < 511; n++) {
1867             s->io_buffer[511] += s->io_buffer[n];
1868         }
1869         s->io_buffer[511] = 0x100 - s->io_buffer[511];
1870 
1871         s->status = READY_STAT | SEEK_STAT;
1872         ide_transfer_start(s, s->io_buffer, 0x200, ide_transfer_stop);
1873         ide_set_irq(s->bus);
1874         return false;
1875 
1876     case SMART_READ_DATA:
1877         memset(s->io_buffer, 0, 0x200);
1878         s->io_buffer[0] = 0x01; /* smart struct version */
1879 
1880         for (n = 0; n < ARRAY_SIZE(smart_attributes); n++) {
1881             int i;
1882             for (i = 0; i < 11; i++) {
1883                 s->io_buffer[2 + i + (n * 12)] = smart_attributes[n][i];
1884             }
1885         }
1886 
1887         s->io_buffer[362] = 0x02 | (s->smart_autosave ? 0x80 : 0x00);
1888         if (s->smart_selftest_count == 0) {
1889             s->io_buffer[363] = 0;
1890         } else {
1891             s->io_buffer[363] =
1892                 s->smart_selftest_data[3 +
1893                            (s->smart_selftest_count - 1) *
1894                            24];
1895         }
1896         s->io_buffer[364] = 0x20;
1897         s->io_buffer[365] = 0x01;
1898         /* offline data collection capacity: execute + self-test*/
1899         s->io_buffer[367] = (1 << 4 | 1 << 3 | 1);
1900         s->io_buffer[368] = 0x03; /* smart capability (1) */
1901         s->io_buffer[369] = 0x00; /* smart capability (2) */
1902         s->io_buffer[370] = 0x01; /* error logging supported */
1903         s->io_buffer[372] = 0x02; /* minutes for poll short test */
1904         s->io_buffer[373] = 0x36; /* minutes for poll ext test */
1905         s->io_buffer[374] = 0x01; /* minutes for poll conveyance */
1906 
1907         for (n = 0; n < 511; n++) {
1908             s->io_buffer[511] += s->io_buffer[n];
1909         }
1910         s->io_buffer[511] = 0x100 - s->io_buffer[511];
1911 
1912         s->status = READY_STAT | SEEK_STAT;
1913         ide_transfer_start(s, s->io_buffer, 0x200, ide_transfer_stop);
1914         ide_set_irq(s->bus);
1915         return false;
1916 
1917     case SMART_READ_LOG:
1918         switch (s->sector) {
1919         case 0x01: /* summary smart error log */
1920             memset(s->io_buffer, 0, 0x200);
1921             s->io_buffer[0] = 0x01;
1922             s->io_buffer[1] = 0x00; /* no error entries */
1923             s->io_buffer[452] = s->smart_errors & 0xff;
1924             s->io_buffer[453] = (s->smart_errors & 0xff00) >> 8;
1925 
1926             for (n = 0; n < 511; n++) {
1927                 s->io_buffer[511] += s->io_buffer[n];
1928             }
1929             s->io_buffer[511] = 0x100 - s->io_buffer[511];
1930             break;
1931         case 0x06: /* smart self test log */
1932             memset(s->io_buffer, 0, 0x200);
1933             s->io_buffer[0] = 0x01;
1934             if (s->smart_selftest_count == 0) {
1935                 s->io_buffer[508] = 0;
1936             } else {
1937                 s->io_buffer[508] = s->smart_selftest_count;
1938                 for (n = 2; n < 506; n++)  {
1939                     s->io_buffer[n] = s->smart_selftest_data[n];
1940                 }
1941             }
1942 
1943             for (n = 0; n < 511; n++) {
1944                 s->io_buffer[511] += s->io_buffer[n];
1945             }
1946             s->io_buffer[511] = 0x100 - s->io_buffer[511];
1947             break;
1948         default:
1949             goto abort_cmd;
1950         }
1951         s->status = READY_STAT | SEEK_STAT;
1952         ide_transfer_start(s, s->io_buffer, 0x200, ide_transfer_stop);
1953         ide_set_irq(s->bus);
1954         return false;
1955 
1956     case SMART_EXECUTE_OFFLINE:
1957         switch (s->sector) {
1958         case 0: /* off-line routine */
1959         case 1: /* short self test */
1960         case 2: /* extended self test */
1961             s->smart_selftest_count++;
1962             if (s->smart_selftest_count > 21) {
1963                 s->smart_selftest_count = 1;
1964             }
1965             n = 2 + (s->smart_selftest_count - 1) * 24;
1966             s->smart_selftest_data[n] = s->sector;
1967             s->smart_selftest_data[n + 1] = 0x00; /* OK and finished */
1968             s->smart_selftest_data[n + 2] = 0x34; /* hour count lsb */
1969             s->smart_selftest_data[n + 3] = 0x12; /* hour count msb */
1970             break;
1971         default:
1972             goto abort_cmd;
1973         }
1974         return true;
1975     }
1976 
1977 abort_cmd:
1978     ide_abort_command(s);
1979     return true;
1980 }
1981 
1982 #define HD_OK (1u << IDE_HD)
1983 #define CD_OK (1u << IDE_CD)
1984 #define CFA_OK (1u << IDE_CFATA)
1985 #define HD_CFA_OK (HD_OK | CFA_OK)
1986 #define ALL_OK (HD_OK | CD_OK | CFA_OK)
1987 
1988 /* Set the Disk Seek Completed status bit during completion */
1989 #define SET_DSC (1u << 8)
1990 
1991 /* See ACS-2 T13/2015-D Table B.2 Command codes */
1992 static const struct {
1993     /* Returns true if the completion code should be run */
1994     bool (*handler)(IDEState *s, uint8_t cmd);
1995     int flags;
1996 } ide_cmd_table[0x100] = {
1997     /* NOP not implemented, mandatory for CD */
1998     [CFA_REQ_EXT_ERROR_CODE]      = { cmd_cfa_req_ext_error_code, CFA_OK },
1999     [WIN_DSM]                     = { cmd_data_set_management, HD_CFA_OK },
2000     [WIN_DEVICE_RESET]            = { cmd_device_reset, CD_OK },
2001     [WIN_RECAL]                   = { cmd_nop, HD_CFA_OK | SET_DSC},
2002     [WIN_READ]                    = { cmd_read_pio, ALL_OK },
2003     [WIN_READ_ONCE]               = { cmd_read_pio, HD_CFA_OK },
2004     [WIN_READ_EXT]                = { cmd_read_pio, HD_CFA_OK },
2005     [WIN_READDMA_EXT]             = { cmd_read_dma, HD_CFA_OK },
2006     [WIN_READ_NATIVE_MAX_EXT]     = { cmd_read_native_max, HD_CFA_OK | SET_DSC },
2007     [WIN_MULTREAD_EXT]            = { cmd_read_multiple, HD_CFA_OK },
2008     [WIN_WRITE]                   = { cmd_write_pio, HD_CFA_OK },
2009     [WIN_WRITE_ONCE]              = { cmd_write_pio, HD_CFA_OK },
2010     [WIN_WRITE_EXT]               = { cmd_write_pio, HD_CFA_OK },
2011     [WIN_WRITEDMA_EXT]            = { cmd_write_dma, HD_CFA_OK },
2012     [CFA_WRITE_SECT_WO_ERASE]     = { cmd_write_pio, CFA_OK },
2013     [WIN_MULTWRITE_EXT]           = { cmd_write_multiple, HD_CFA_OK },
2014     [WIN_WRITE_VERIFY]            = { cmd_write_pio, HD_CFA_OK },
2015     [WIN_VERIFY]                  = { cmd_verify, HD_CFA_OK | SET_DSC },
2016     [WIN_VERIFY_ONCE]             = { cmd_verify, HD_CFA_OK | SET_DSC },
2017     [WIN_VERIFY_EXT]              = { cmd_verify, HD_CFA_OK | SET_DSC },
2018     [WIN_SEEK]                    = { cmd_seek, HD_CFA_OK | SET_DSC },
2019     [CFA_TRANSLATE_SECTOR]        = { cmd_cfa_translate_sector, CFA_OK },
2020     [WIN_DIAGNOSE]                = { cmd_exec_dev_diagnostic, ALL_OK },
2021     [WIN_SPECIFY]                 = { cmd_nop, HD_CFA_OK | SET_DSC },
2022     [WIN_STANDBYNOW2]             = { cmd_nop, HD_CFA_OK },
2023     [WIN_IDLEIMMEDIATE2]          = { cmd_nop, HD_CFA_OK },
2024     [WIN_STANDBY2]                = { cmd_nop, HD_CFA_OK },
2025     [WIN_SETIDLE2]                = { cmd_nop, HD_CFA_OK },
2026     [WIN_CHECKPOWERMODE2]         = { cmd_check_power_mode, HD_CFA_OK | SET_DSC },
2027     [WIN_SLEEPNOW2]               = { cmd_nop, HD_CFA_OK },
2028     [WIN_PACKETCMD]               = { cmd_packet, CD_OK },
2029     [WIN_PIDENTIFY]               = { cmd_identify_packet, CD_OK },
2030     [WIN_SMART]                   = { cmd_smart, HD_CFA_OK | SET_DSC },
2031     [CFA_ACCESS_METADATA_STORAGE] = { cmd_cfa_access_metadata_storage, CFA_OK },
2032     [CFA_ERASE_SECTORS]           = { cmd_cfa_erase_sectors, CFA_OK | SET_DSC },
2033     [WIN_MULTREAD]                = { cmd_read_multiple, HD_CFA_OK },
2034     [WIN_MULTWRITE]               = { cmd_write_multiple, HD_CFA_OK },
2035     [WIN_SETMULT]                 = { cmd_set_multiple_mode, HD_CFA_OK | SET_DSC },
2036     [WIN_READDMA]                 = { cmd_read_dma, HD_CFA_OK },
2037     [WIN_READDMA_ONCE]            = { cmd_read_dma, HD_CFA_OK },
2038     [WIN_WRITEDMA]                = { cmd_write_dma, HD_CFA_OK },
2039     [WIN_WRITEDMA_ONCE]           = { cmd_write_dma, HD_CFA_OK },
2040     [CFA_WRITE_MULTI_WO_ERASE]    = { cmd_write_multiple, CFA_OK },
2041     [WIN_STANDBYNOW1]             = { cmd_nop, HD_CFA_OK },
2042     [WIN_IDLEIMMEDIATE]           = { cmd_nop, HD_CFA_OK },
2043     [WIN_STANDBY]                 = { cmd_nop, HD_CFA_OK },
2044     [WIN_SETIDLE1]                = { cmd_nop, HD_CFA_OK },
2045     [WIN_CHECKPOWERMODE1]         = { cmd_check_power_mode, HD_CFA_OK | SET_DSC },
2046     [WIN_SLEEPNOW1]               = { cmd_nop, HD_CFA_OK },
2047     [WIN_FLUSH_CACHE]             = { cmd_flush_cache, ALL_OK },
2048     [WIN_FLUSH_CACHE_EXT]         = { cmd_flush_cache, HD_CFA_OK },
2049     [WIN_IDENTIFY]                = { cmd_identify, ALL_OK },
2050     [WIN_SETFEATURES]             = { cmd_set_features, ALL_OK | SET_DSC },
2051     [IBM_SENSE_CONDITION]         = { cmd_ibm_sense_condition, CFA_OK | SET_DSC },
2052     [CFA_WEAR_LEVEL]              = { cmd_cfa_erase_sectors, HD_CFA_OK | SET_DSC },
2053     [WIN_READ_NATIVE_MAX]         = { cmd_read_native_max, HD_CFA_OK | SET_DSC },
2054 };
2055 
2056 static bool ide_cmd_permitted(IDEState *s, uint32_t cmd)
2057 {
2058     return cmd < ARRAY_SIZE(ide_cmd_table)
2059         && (ide_cmd_table[cmd].flags & (1u << s->drive_kind));
2060 }
2061 
2062 void ide_exec_cmd(IDEBus *bus, uint32_t val)
2063 {
2064     IDEState *s;
2065     bool complete;
2066 
2067     s = idebus_active_if(bus);
2068     trace_ide_exec_cmd(bus, s, val);
2069 
2070     /* ignore commands to non existent slave */
2071     if (s != bus->ifs && !s->blk) {
2072         return;
2073     }
2074 
2075     /* Only RESET is allowed while BSY and/or DRQ are set,
2076      * and only to ATAPI devices. */
2077     if (s->status & (BUSY_STAT|DRQ_STAT)) {
2078         if (val != WIN_DEVICE_RESET || s->drive_kind != IDE_CD) {
2079             return;
2080         }
2081     }
2082 
2083     if (!ide_cmd_permitted(s, val)) {
2084         ide_abort_command(s);
2085         ide_set_irq(s->bus);
2086         return;
2087     }
2088 
2089     s->status = READY_STAT | BUSY_STAT;
2090     s->error = 0;
2091     s->io_buffer_offset = 0;
2092 
2093     complete = ide_cmd_table[val].handler(s, val);
2094     if (complete) {
2095         s->status &= ~BUSY_STAT;
2096         assert(!!s->error == !!(s->status & ERR_STAT));
2097 
2098         if ((ide_cmd_table[val].flags & SET_DSC) && !s->error) {
2099             s->status |= SEEK_STAT;
2100         }
2101 
2102         ide_cmd_done(s);
2103         ide_set_irq(s->bus);
2104     }
2105 }
2106 
2107 /* IOport [R]ead [R]egisters */
2108 enum ATA_IOPORT_RR {
2109     ATA_IOPORT_RR_DATA = 0,
2110     ATA_IOPORT_RR_ERROR = 1,
2111     ATA_IOPORT_RR_SECTOR_COUNT = 2,
2112     ATA_IOPORT_RR_SECTOR_NUMBER = 3,
2113     ATA_IOPORT_RR_CYLINDER_LOW = 4,
2114     ATA_IOPORT_RR_CYLINDER_HIGH = 5,
2115     ATA_IOPORT_RR_DEVICE_HEAD = 6,
2116     ATA_IOPORT_RR_STATUS = 7,
2117     ATA_IOPORT_RR_NUM_REGISTERS,
2118 };
2119 
2120 const char *ATA_IOPORT_RR_lookup[ATA_IOPORT_RR_NUM_REGISTERS] = {
2121     [ATA_IOPORT_RR_DATA] = "Data",
2122     [ATA_IOPORT_RR_ERROR] = "Error",
2123     [ATA_IOPORT_RR_SECTOR_COUNT] = "Sector Count",
2124     [ATA_IOPORT_RR_SECTOR_NUMBER] = "Sector Number",
2125     [ATA_IOPORT_RR_CYLINDER_LOW] = "Cylinder Low",
2126     [ATA_IOPORT_RR_CYLINDER_HIGH] = "Cylinder High",
2127     [ATA_IOPORT_RR_DEVICE_HEAD] = "Device/Head",
2128     [ATA_IOPORT_RR_STATUS] = "Status"
2129 };
2130 
2131 uint32_t ide_ioport_read(void *opaque, uint32_t addr)
2132 {
2133     IDEBus *bus = opaque;
2134     IDEState *s = idebus_active_if(bus);
2135     uint32_t reg_num;
2136     int ret, hob;
2137 
2138     reg_num = addr & 7;
2139     /* FIXME: HOB readback uses bit 7, but it's always set right now */
2140     //hob = s->select & (1 << 7);
2141     hob = 0;
2142     switch (reg_num) {
2143     case ATA_IOPORT_RR_DATA:
2144         ret = 0xff;
2145         break;
2146     case ATA_IOPORT_RR_ERROR:
2147         if ((!bus->ifs[0].blk && !bus->ifs[1].blk) ||
2148             (s != bus->ifs && !s->blk)) {
2149             ret = 0;
2150         } else if (!hob) {
2151             ret = s->error;
2152         } else {
2153 	    ret = s->hob_feature;
2154         }
2155         break;
2156     case ATA_IOPORT_RR_SECTOR_COUNT:
2157         if (!bus->ifs[0].blk && !bus->ifs[1].blk) {
2158             ret = 0;
2159         } else if (!hob) {
2160             ret = s->nsector & 0xff;
2161         } else {
2162 	    ret = s->hob_nsector;
2163         }
2164         break;
2165     case ATA_IOPORT_RR_SECTOR_NUMBER:
2166         if (!bus->ifs[0].blk && !bus->ifs[1].blk) {
2167             ret = 0;
2168         } else if (!hob) {
2169             ret = s->sector;
2170         } else {
2171 	    ret = s->hob_sector;
2172         }
2173         break;
2174     case ATA_IOPORT_RR_CYLINDER_LOW:
2175         if (!bus->ifs[0].blk && !bus->ifs[1].blk) {
2176             ret = 0;
2177         } else if (!hob) {
2178             ret = s->lcyl;
2179         } else {
2180 	    ret = s->hob_lcyl;
2181         }
2182         break;
2183     case ATA_IOPORT_RR_CYLINDER_HIGH:
2184         if (!bus->ifs[0].blk && !bus->ifs[1].blk) {
2185             ret = 0;
2186         } else if (!hob) {
2187             ret = s->hcyl;
2188         } else {
2189 	    ret = s->hob_hcyl;
2190         }
2191         break;
2192     case ATA_IOPORT_RR_DEVICE_HEAD:
2193         if (!bus->ifs[0].blk && !bus->ifs[1].blk) {
2194             ret = 0;
2195         } else {
2196             ret = s->select;
2197         }
2198         break;
2199     default:
2200     case ATA_IOPORT_RR_STATUS:
2201         if ((!bus->ifs[0].blk && !bus->ifs[1].blk) ||
2202             (s != bus->ifs && !s->blk)) {
2203             ret = 0;
2204         } else {
2205             ret = s->status;
2206         }
2207         qemu_irq_lower(bus->irq);
2208         break;
2209     }
2210 
2211     trace_ide_ioport_read(addr, ATA_IOPORT_RR_lookup[reg_num], ret, bus, s);
2212     return ret;
2213 }
2214 
2215 uint32_t ide_status_read(void *opaque, uint32_t addr)
2216 {
2217     IDEBus *bus = opaque;
2218     IDEState *s = idebus_active_if(bus);
2219     int ret;
2220 
2221     if ((!bus->ifs[0].blk && !bus->ifs[1].blk) ||
2222         (s != bus->ifs && !s->blk)) {
2223         ret = 0;
2224     } else {
2225         ret = s->status;
2226     }
2227 
2228     trace_ide_status_read(addr, ret, bus, s);
2229     return ret;
2230 }
2231 
2232 void ide_cmd_write(void *opaque, uint32_t addr, uint32_t val)
2233 {
2234     IDEBus *bus = opaque;
2235     IDEState *s;
2236     int i;
2237 
2238     trace_ide_cmd_write(addr, val, bus);
2239 
2240     /* common for both drives */
2241     if (!(bus->cmd & IDE_CMD_RESET) &&
2242         (val & IDE_CMD_RESET)) {
2243         /* reset low to high */
2244         for(i = 0;i < 2; i++) {
2245             s = &bus->ifs[i];
2246             s->status = BUSY_STAT | SEEK_STAT;
2247             s->error = 0x01;
2248         }
2249     } else if ((bus->cmd & IDE_CMD_RESET) &&
2250                !(val & IDE_CMD_RESET)) {
2251         /* high to low */
2252         for(i = 0;i < 2; i++) {
2253             s = &bus->ifs[i];
2254             if (s->drive_kind == IDE_CD)
2255                 s->status = 0x00; /* NOTE: READY is _not_ set */
2256             else
2257                 s->status = READY_STAT | SEEK_STAT;
2258             ide_set_signature(s);
2259         }
2260     }
2261 
2262     bus->cmd = val;
2263 }
2264 
2265 /*
2266  * Returns true if the running PIO transfer is a PIO out (i.e. data is
2267  * transferred from the device to the guest), false if it's a PIO in
2268  */
2269 static bool ide_is_pio_out(IDEState *s)
2270 {
2271     if (s->end_transfer_func == ide_sector_write ||
2272         s->end_transfer_func == ide_atapi_cmd) {
2273         return false;
2274     } else if (s->end_transfer_func == ide_sector_read ||
2275                s->end_transfer_func == ide_transfer_stop ||
2276                s->end_transfer_func == ide_atapi_cmd_reply_end ||
2277                s->end_transfer_func == ide_dummy_transfer_stop) {
2278         return true;
2279     }
2280 
2281     abort();
2282 }
2283 
2284 void ide_data_writew(void *opaque, uint32_t addr, uint32_t val)
2285 {
2286     IDEBus *bus = opaque;
2287     IDEState *s = idebus_active_if(bus);
2288     uint8_t *p;
2289 
2290     trace_ide_data_writew(addr, val, bus, s);
2291 
2292     /* PIO data access allowed only when DRQ bit is set. The result of a write
2293      * during PIO out is indeterminate, just ignore it. */
2294     if (!(s->status & DRQ_STAT) || ide_is_pio_out(s)) {
2295         return;
2296     }
2297 
2298     p = s->data_ptr;
2299     if (p + 2 > s->data_end) {
2300         return;
2301     }
2302 
2303     *(uint16_t *)p = le16_to_cpu(val);
2304     p += 2;
2305     s->data_ptr = p;
2306     if (p >= s->data_end) {
2307         s->status &= ~DRQ_STAT;
2308         s->end_transfer_func(s);
2309     }
2310 }
2311 
2312 uint32_t ide_data_readw(void *opaque, uint32_t addr)
2313 {
2314     IDEBus *bus = opaque;
2315     IDEState *s = idebus_active_if(bus);
2316     uint8_t *p;
2317     int ret;
2318 
2319     /* PIO data access allowed only when DRQ bit is set. The result of a read
2320      * during PIO in is indeterminate, return 0 and don't move forward. */
2321     if (!(s->status & DRQ_STAT) || !ide_is_pio_out(s)) {
2322         return 0;
2323     }
2324 
2325     p = s->data_ptr;
2326     if (p + 2 > s->data_end) {
2327         return 0;
2328     }
2329 
2330     ret = cpu_to_le16(*(uint16_t *)p);
2331     p += 2;
2332     s->data_ptr = p;
2333     if (p >= s->data_end) {
2334         s->status &= ~DRQ_STAT;
2335         s->end_transfer_func(s);
2336     }
2337 
2338     trace_ide_data_readw(addr, ret, bus, s);
2339     return ret;
2340 }
2341 
2342 void ide_data_writel(void *opaque, uint32_t addr, uint32_t val)
2343 {
2344     IDEBus *bus = opaque;
2345     IDEState *s = idebus_active_if(bus);
2346     uint8_t *p;
2347 
2348     trace_ide_data_writel(addr, val, bus, s);
2349 
2350     /* PIO data access allowed only when DRQ bit is set. The result of a write
2351      * during PIO out is indeterminate, just ignore it. */
2352     if (!(s->status & DRQ_STAT) || ide_is_pio_out(s)) {
2353         return;
2354     }
2355 
2356     p = s->data_ptr;
2357     if (p + 4 > s->data_end) {
2358         return;
2359     }
2360 
2361     *(uint32_t *)p = le32_to_cpu(val);
2362     p += 4;
2363     s->data_ptr = p;
2364     if (p >= s->data_end) {
2365         s->status &= ~DRQ_STAT;
2366         s->end_transfer_func(s);
2367     }
2368 }
2369 
2370 uint32_t ide_data_readl(void *opaque, uint32_t addr)
2371 {
2372     IDEBus *bus = opaque;
2373     IDEState *s = idebus_active_if(bus);
2374     uint8_t *p;
2375     int ret;
2376 
2377     /* PIO data access allowed only when DRQ bit is set. The result of a read
2378      * during PIO in is indeterminate, return 0 and don't move forward. */
2379     if (!(s->status & DRQ_STAT) || !ide_is_pio_out(s)) {
2380         ret = 0;
2381         goto out;
2382     }
2383 
2384     p = s->data_ptr;
2385     if (p + 4 > s->data_end) {
2386         return 0;
2387     }
2388 
2389     ret = cpu_to_le32(*(uint32_t *)p);
2390     p += 4;
2391     s->data_ptr = p;
2392     if (p >= s->data_end) {
2393         s->status &= ~DRQ_STAT;
2394         s->end_transfer_func(s);
2395     }
2396 
2397 out:
2398     trace_ide_data_readl(addr, ret, bus, s);
2399     return ret;
2400 }
2401 
2402 static void ide_dummy_transfer_stop(IDEState *s)
2403 {
2404     s->data_ptr = s->io_buffer;
2405     s->data_end = s->io_buffer;
2406     s->io_buffer[0] = 0xff;
2407     s->io_buffer[1] = 0xff;
2408     s->io_buffer[2] = 0xff;
2409     s->io_buffer[3] = 0xff;
2410 }
2411 
2412 void ide_bus_reset(IDEBus *bus)
2413 {
2414     bus->unit = 0;
2415     bus->cmd = 0;
2416     ide_reset(&bus->ifs[0]);
2417     ide_reset(&bus->ifs[1]);
2418     ide_clear_hob(bus);
2419 
2420     /* pending async DMA */
2421     if (bus->dma->aiocb) {
2422         trace_ide_bus_reset_aio();
2423         blk_aio_cancel(bus->dma->aiocb);
2424         bus->dma->aiocb = NULL;
2425     }
2426 
2427     /* reset dma provider too */
2428     if (bus->dma->ops->reset) {
2429         bus->dma->ops->reset(bus->dma);
2430     }
2431 }
2432 
2433 static bool ide_cd_is_tray_open(void *opaque)
2434 {
2435     return ((IDEState *)opaque)->tray_open;
2436 }
2437 
2438 static bool ide_cd_is_medium_locked(void *opaque)
2439 {
2440     return ((IDEState *)opaque)->tray_locked;
2441 }
2442 
2443 static void ide_resize_cb(void *opaque)
2444 {
2445     IDEState *s = opaque;
2446     uint64_t nb_sectors;
2447 
2448     if (!s->identify_set) {
2449         return;
2450     }
2451 
2452     blk_get_geometry(s->blk, &nb_sectors);
2453     s->nb_sectors = nb_sectors;
2454 
2455     /* Update the identify data buffer. */
2456     if (s->drive_kind == IDE_CFATA) {
2457         ide_cfata_identify_size(s);
2458     } else {
2459         /* IDE_CD uses a different set of callbacks entirely. */
2460         assert(s->drive_kind != IDE_CD);
2461         ide_identify_size(s);
2462     }
2463 }
2464 
2465 static const BlockDevOps ide_cd_block_ops = {
2466     .change_media_cb = ide_cd_change_cb,
2467     .eject_request_cb = ide_cd_eject_request_cb,
2468     .is_tray_open = ide_cd_is_tray_open,
2469     .is_medium_locked = ide_cd_is_medium_locked,
2470 };
2471 
2472 static const BlockDevOps ide_hd_block_ops = {
2473     .resize_cb = ide_resize_cb,
2474 };
2475 
2476 int ide_init_drive(IDEState *s, BlockBackend *blk, IDEDriveKind kind,
2477                    const char *version, const char *serial, const char *model,
2478                    uint64_t wwn,
2479                    uint32_t cylinders, uint32_t heads, uint32_t secs,
2480                    int chs_trans, Error **errp)
2481 {
2482     uint64_t nb_sectors;
2483 
2484     s->blk = blk;
2485     s->drive_kind = kind;
2486 
2487     blk_get_geometry(blk, &nb_sectors);
2488     s->cylinders = cylinders;
2489     s->heads = heads;
2490     s->sectors = secs;
2491     s->chs_trans = chs_trans;
2492     s->nb_sectors = nb_sectors;
2493     s->wwn = wwn;
2494     /* The SMART values should be preserved across power cycles
2495        but they aren't.  */
2496     s->smart_enabled = 1;
2497     s->smart_autosave = 1;
2498     s->smart_errors = 0;
2499     s->smart_selftest_count = 0;
2500     if (kind == IDE_CD) {
2501         blk_set_dev_ops(blk, &ide_cd_block_ops, s);
2502         blk_set_guest_block_size(blk, 2048);
2503     } else {
2504         if (!blk_is_inserted(s->blk)) {
2505             error_setg(errp, "Device needs media, but drive is empty");
2506             return -1;
2507         }
2508         if (blk_is_read_only(blk)) {
2509             error_setg(errp, "Can't use a read-only drive");
2510             return -1;
2511         }
2512         blk_set_dev_ops(blk, &ide_hd_block_ops, s);
2513     }
2514     if (serial) {
2515         pstrcpy(s->drive_serial_str, sizeof(s->drive_serial_str), serial);
2516     } else {
2517         snprintf(s->drive_serial_str, sizeof(s->drive_serial_str),
2518                  "QM%05d", s->drive_serial);
2519     }
2520     if (model) {
2521         pstrcpy(s->drive_model_str, sizeof(s->drive_model_str), model);
2522     } else {
2523         switch (kind) {
2524         case IDE_CD:
2525             strcpy(s->drive_model_str, "QEMU DVD-ROM");
2526             break;
2527         case IDE_CFATA:
2528             strcpy(s->drive_model_str, "QEMU MICRODRIVE");
2529             break;
2530         default:
2531             strcpy(s->drive_model_str, "QEMU HARDDISK");
2532             break;
2533         }
2534     }
2535 
2536     if (version) {
2537         pstrcpy(s->version, sizeof(s->version), version);
2538     } else {
2539         pstrcpy(s->version, sizeof(s->version), qemu_hw_version());
2540     }
2541 
2542     ide_reset(s);
2543     blk_iostatus_enable(blk);
2544     return 0;
2545 }
2546 
2547 static void ide_init1(IDEBus *bus, int unit)
2548 {
2549     static int drive_serial = 1;
2550     IDEState *s = &bus->ifs[unit];
2551 
2552     s->bus = bus;
2553     s->unit = unit;
2554     s->drive_serial = drive_serial++;
2555     /* we need at least 2k alignment for accessing CDROMs using O_DIRECT */
2556     s->io_buffer_total_len = IDE_DMA_BUF_SECTORS*512 + 4;
2557     s->io_buffer = qemu_memalign(2048, s->io_buffer_total_len);
2558     memset(s->io_buffer, 0, s->io_buffer_total_len);
2559 
2560     s->smart_selftest_data = blk_blockalign(s->blk, 512);
2561     memset(s->smart_selftest_data, 0, 512);
2562 
2563     s->sector_write_timer = timer_new_ns(QEMU_CLOCK_VIRTUAL,
2564                                            ide_sector_write_timer_cb, s);
2565 }
2566 
2567 static int ide_nop_int(IDEDMA *dma, int x)
2568 {
2569     return 0;
2570 }
2571 
2572 static void ide_nop(IDEDMA *dma)
2573 {
2574 }
2575 
2576 static int32_t ide_nop_int32(IDEDMA *dma, int32_t l)
2577 {
2578     return 0;
2579 }
2580 
2581 static const IDEDMAOps ide_dma_nop_ops = {
2582     .prepare_buf    = ide_nop_int32,
2583     .restart_dma    = ide_nop,
2584     .rw_buf         = ide_nop_int,
2585 };
2586 
2587 static void ide_restart_dma(IDEState *s, enum ide_dma_cmd dma_cmd)
2588 {
2589     s->unit = s->bus->retry_unit;
2590     ide_set_sector(s, s->bus->retry_sector_num);
2591     s->nsector = s->bus->retry_nsector;
2592     s->bus->dma->ops->restart_dma(s->bus->dma);
2593     s->io_buffer_size = 0;
2594     s->dma_cmd = dma_cmd;
2595     ide_start_dma(s, ide_dma_cb);
2596 }
2597 
2598 static void ide_restart_bh(void *opaque)
2599 {
2600     IDEBus *bus = opaque;
2601     IDEState *s;
2602     bool is_read;
2603     int error_status;
2604 
2605     qemu_bh_delete(bus->bh);
2606     bus->bh = NULL;
2607 
2608     error_status = bus->error_status;
2609     if (bus->error_status == 0) {
2610         return;
2611     }
2612 
2613     s = idebus_active_if(bus);
2614     is_read = (bus->error_status & IDE_RETRY_READ) != 0;
2615 
2616     /* The error status must be cleared before resubmitting the request: The
2617      * request may fail again, and this case can only be distinguished if the
2618      * called function can set a new error status. */
2619     bus->error_status = 0;
2620 
2621     /* The HBA has generically asked to be kicked on retry */
2622     if (error_status & IDE_RETRY_HBA) {
2623         if (s->bus->dma->ops->restart) {
2624             s->bus->dma->ops->restart(s->bus->dma);
2625         }
2626     } else if (IS_IDE_RETRY_DMA(error_status)) {
2627         if (error_status & IDE_RETRY_TRIM) {
2628             ide_restart_dma(s, IDE_DMA_TRIM);
2629         } else {
2630             ide_restart_dma(s, is_read ? IDE_DMA_READ : IDE_DMA_WRITE);
2631         }
2632     } else if (IS_IDE_RETRY_PIO(error_status)) {
2633         if (is_read) {
2634             ide_sector_read(s);
2635         } else {
2636             ide_sector_write(s);
2637         }
2638     } else if (error_status & IDE_RETRY_FLUSH) {
2639         ide_flush_cache(s);
2640     } else if (IS_IDE_RETRY_ATAPI(error_status)) {
2641         assert(s->end_transfer_func == ide_atapi_cmd);
2642         ide_atapi_dma_restart(s);
2643     } else {
2644         abort();
2645     }
2646 }
2647 
2648 static void ide_restart_cb(void *opaque, int running, RunState state)
2649 {
2650     IDEBus *bus = opaque;
2651 
2652     if (!running)
2653         return;
2654 
2655     if (!bus->bh) {
2656         bus->bh = qemu_bh_new(ide_restart_bh, bus);
2657         qemu_bh_schedule(bus->bh);
2658     }
2659 }
2660 
2661 void ide_register_restart_cb(IDEBus *bus)
2662 {
2663     if (bus->dma->ops->restart_dma) {
2664         bus->vmstate = qemu_add_vm_change_state_handler(ide_restart_cb, bus);
2665     }
2666 }
2667 
2668 static IDEDMA ide_dma_nop = {
2669     .ops = &ide_dma_nop_ops,
2670     .aiocb = NULL,
2671 };
2672 
2673 void ide_init2(IDEBus *bus, qemu_irq irq)
2674 {
2675     int i;
2676 
2677     for(i = 0; i < 2; i++) {
2678         ide_init1(bus, i);
2679         ide_reset(&bus->ifs[i]);
2680     }
2681     bus->irq = irq;
2682     bus->dma = &ide_dma_nop;
2683 }
2684 
2685 void ide_exit(IDEState *s)
2686 {
2687     timer_del(s->sector_write_timer);
2688     timer_free(s->sector_write_timer);
2689     qemu_vfree(s->smart_selftest_data);
2690     qemu_vfree(s->io_buffer);
2691 }
2692 
2693 static const MemoryRegionPortio ide_portio_list[] = {
2694     { 0, 8, 1, .read = ide_ioport_read, .write = ide_ioport_write },
2695     { 0, 1, 2, .read = ide_data_readw, .write = ide_data_writew },
2696     { 0, 1, 4, .read = ide_data_readl, .write = ide_data_writel },
2697     PORTIO_END_OF_LIST(),
2698 };
2699 
2700 static const MemoryRegionPortio ide_portio2_list[] = {
2701     { 0, 1, 1, .read = ide_status_read, .write = ide_cmd_write },
2702     PORTIO_END_OF_LIST(),
2703 };
2704 
2705 void ide_init_ioport(IDEBus *bus, ISADevice *dev, int iobase, int iobase2)
2706 {
2707     /* ??? Assume only ISA and PCI configurations, and that the PCI-ISA
2708        bridge has been setup properly to always register with ISA.  */
2709     isa_register_portio_list(dev, &bus->portio_list,
2710                              iobase, ide_portio_list, bus, "ide");
2711 
2712     if (iobase2) {
2713         isa_register_portio_list(dev, &bus->portio2_list,
2714                                  iobase2, ide_portio2_list, bus, "ide");
2715     }
2716 }
2717 
2718 static bool is_identify_set(void *opaque, int version_id)
2719 {
2720     IDEState *s = opaque;
2721 
2722     return s->identify_set != 0;
2723 }
2724 
2725 static EndTransferFunc* transfer_end_table[] = {
2726         ide_sector_read,
2727         ide_sector_write,
2728         ide_transfer_stop,
2729         ide_atapi_cmd_reply_end,
2730         ide_atapi_cmd,
2731         ide_dummy_transfer_stop,
2732 };
2733 
2734 static int transfer_end_table_idx(EndTransferFunc *fn)
2735 {
2736     int i;
2737 
2738     for (i = 0; i < ARRAY_SIZE(transfer_end_table); i++)
2739         if (transfer_end_table[i] == fn)
2740             return i;
2741 
2742     return -1;
2743 }
2744 
2745 static int ide_drive_post_load(void *opaque, int version_id)
2746 {
2747     IDEState *s = opaque;
2748 
2749     if (s->blk && s->identify_set) {
2750         blk_set_enable_write_cache(s->blk, !!(s->identify_data[85] & (1 << 5)));
2751     }
2752     return 0;
2753 }
2754 
2755 static int ide_drive_pio_post_load(void *opaque, int version_id)
2756 {
2757     IDEState *s = opaque;
2758 
2759     if (s->end_transfer_fn_idx >= ARRAY_SIZE(transfer_end_table)) {
2760         return -EINVAL;
2761     }
2762     s->end_transfer_func = transfer_end_table[s->end_transfer_fn_idx];
2763     s->data_ptr = s->io_buffer + s->cur_io_buffer_offset;
2764     s->data_end = s->data_ptr + s->cur_io_buffer_len;
2765     s->atapi_dma = s->feature & 1; /* as per cmd_packet */
2766 
2767     return 0;
2768 }
2769 
2770 static int ide_drive_pio_pre_save(void *opaque)
2771 {
2772     IDEState *s = opaque;
2773     int idx;
2774 
2775     s->cur_io_buffer_offset = s->data_ptr - s->io_buffer;
2776     s->cur_io_buffer_len = s->data_end - s->data_ptr;
2777 
2778     idx = transfer_end_table_idx(s->end_transfer_func);
2779     if (idx == -1) {
2780         fprintf(stderr, "%s: invalid end_transfer_func for DRQ_STAT\n",
2781                         __func__);
2782         s->end_transfer_fn_idx = 2;
2783     } else {
2784         s->end_transfer_fn_idx = idx;
2785     }
2786 
2787     return 0;
2788 }
2789 
2790 static bool ide_drive_pio_state_needed(void *opaque)
2791 {
2792     IDEState *s = opaque;
2793 
2794     return ((s->status & DRQ_STAT) != 0)
2795         || (s->bus->error_status & IDE_RETRY_PIO);
2796 }
2797 
2798 static bool ide_tray_state_needed(void *opaque)
2799 {
2800     IDEState *s = opaque;
2801 
2802     return s->tray_open || s->tray_locked;
2803 }
2804 
2805 static bool ide_atapi_gesn_needed(void *opaque)
2806 {
2807     IDEState *s = opaque;
2808 
2809     return s->events.new_media || s->events.eject_request;
2810 }
2811 
2812 static bool ide_error_needed(void *opaque)
2813 {
2814     IDEBus *bus = opaque;
2815 
2816     return (bus->error_status != 0);
2817 }
2818 
2819 /* Fields for GET_EVENT_STATUS_NOTIFICATION ATAPI command */
2820 static const VMStateDescription vmstate_ide_atapi_gesn_state = {
2821     .name ="ide_drive/atapi/gesn_state",
2822     .version_id = 1,
2823     .minimum_version_id = 1,
2824     .needed = ide_atapi_gesn_needed,
2825     .fields = (VMStateField[]) {
2826         VMSTATE_BOOL(events.new_media, IDEState),
2827         VMSTATE_BOOL(events.eject_request, IDEState),
2828         VMSTATE_END_OF_LIST()
2829     }
2830 };
2831 
2832 static const VMStateDescription vmstate_ide_tray_state = {
2833     .name = "ide_drive/tray_state",
2834     .version_id = 1,
2835     .minimum_version_id = 1,
2836     .needed = ide_tray_state_needed,
2837     .fields = (VMStateField[]) {
2838         VMSTATE_BOOL(tray_open, IDEState),
2839         VMSTATE_BOOL(tray_locked, IDEState),
2840         VMSTATE_END_OF_LIST()
2841     }
2842 };
2843 
2844 static const VMStateDescription vmstate_ide_drive_pio_state = {
2845     .name = "ide_drive/pio_state",
2846     .version_id = 1,
2847     .minimum_version_id = 1,
2848     .pre_save = ide_drive_pio_pre_save,
2849     .post_load = ide_drive_pio_post_load,
2850     .needed = ide_drive_pio_state_needed,
2851     .fields = (VMStateField[]) {
2852         VMSTATE_INT32(req_nb_sectors, IDEState),
2853         VMSTATE_VARRAY_INT32(io_buffer, IDEState, io_buffer_total_len, 1,
2854 			     vmstate_info_uint8, uint8_t),
2855         VMSTATE_INT32(cur_io_buffer_offset, IDEState),
2856         VMSTATE_INT32(cur_io_buffer_len, IDEState),
2857         VMSTATE_UINT8(end_transfer_fn_idx, IDEState),
2858         VMSTATE_INT32(elementary_transfer_size, IDEState),
2859         VMSTATE_INT32(packet_transfer_size, IDEState),
2860         VMSTATE_END_OF_LIST()
2861     }
2862 };
2863 
2864 const VMStateDescription vmstate_ide_drive = {
2865     .name = "ide_drive",
2866     .version_id = 3,
2867     .minimum_version_id = 0,
2868     .post_load = ide_drive_post_load,
2869     .fields = (VMStateField[]) {
2870         VMSTATE_INT32(mult_sectors, IDEState),
2871         VMSTATE_INT32(identify_set, IDEState),
2872         VMSTATE_BUFFER_TEST(identify_data, IDEState, is_identify_set),
2873         VMSTATE_UINT8(feature, IDEState),
2874         VMSTATE_UINT8(error, IDEState),
2875         VMSTATE_UINT32(nsector, IDEState),
2876         VMSTATE_UINT8(sector, IDEState),
2877         VMSTATE_UINT8(lcyl, IDEState),
2878         VMSTATE_UINT8(hcyl, IDEState),
2879         VMSTATE_UINT8(hob_feature, IDEState),
2880         VMSTATE_UINT8(hob_sector, IDEState),
2881         VMSTATE_UINT8(hob_nsector, IDEState),
2882         VMSTATE_UINT8(hob_lcyl, IDEState),
2883         VMSTATE_UINT8(hob_hcyl, IDEState),
2884         VMSTATE_UINT8(select, IDEState),
2885         VMSTATE_UINT8(status, IDEState),
2886         VMSTATE_UINT8(lba48, IDEState),
2887         VMSTATE_UINT8(sense_key, IDEState),
2888         VMSTATE_UINT8(asc, IDEState),
2889         VMSTATE_UINT8_V(cdrom_changed, IDEState, 3),
2890         VMSTATE_END_OF_LIST()
2891     },
2892     .subsections = (const VMStateDescription*[]) {
2893         &vmstate_ide_drive_pio_state,
2894         &vmstate_ide_tray_state,
2895         &vmstate_ide_atapi_gesn_state,
2896         NULL
2897     }
2898 };
2899 
2900 static const VMStateDescription vmstate_ide_error_status = {
2901     .name ="ide_bus/error",
2902     .version_id = 2,
2903     .minimum_version_id = 1,
2904     .needed = ide_error_needed,
2905     .fields = (VMStateField[]) {
2906         VMSTATE_INT32(error_status, IDEBus),
2907         VMSTATE_INT64_V(retry_sector_num, IDEBus, 2),
2908         VMSTATE_UINT32_V(retry_nsector, IDEBus, 2),
2909         VMSTATE_UINT8_V(retry_unit, IDEBus, 2),
2910         VMSTATE_END_OF_LIST()
2911     }
2912 };
2913 
2914 const VMStateDescription vmstate_ide_bus = {
2915     .name = "ide_bus",
2916     .version_id = 1,
2917     .minimum_version_id = 1,
2918     .fields = (VMStateField[]) {
2919         VMSTATE_UINT8(cmd, IDEBus),
2920         VMSTATE_UINT8(unit, IDEBus),
2921         VMSTATE_END_OF_LIST()
2922     },
2923     .subsections = (const VMStateDescription*[]) {
2924         &vmstate_ide_error_status,
2925         NULL
2926     }
2927 };
2928 
2929 void ide_drive_get(DriveInfo **hd, int n)
2930 {
2931     int i;
2932 
2933     for (i = 0; i < n; i++) {
2934         hd[i] = drive_get_by_index(IF_IDE, i);
2935     }
2936 }
2937