1 /* 2 * QEMU IDE disk and CD/DVD-ROM Emulator 3 * 4 * Copyright (c) 2003 Fabrice Bellard 5 * Copyright (c) 2006 Openedhand Ltd. 6 * 7 * Permission is hereby granted, free of charge, to any person obtaining a copy 8 * of this software and associated documentation files (the "Software"), to deal 9 * in the Software without restriction, including without limitation the rights 10 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 11 * copies of the Software, and to permit persons to whom the Software is 12 * furnished to do so, subject to the following conditions: 13 * 14 * The above copyright notice and this permission notice shall be included in 15 * all copies or substantial portions of the Software. 16 * 17 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 18 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 19 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL 20 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 21 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 22 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 23 * THE SOFTWARE. 24 */ 25 26 #include "qemu/osdep.h" 27 #include "hw/isa/isa.h" 28 #include "migration/vmstate.h" 29 #include "qemu/error-report.h" 30 #include "qemu/main-loop.h" 31 #include "qemu/timer.h" 32 #include "qemu/hw-version.h" 33 #include "sysemu/sysemu.h" 34 #include "sysemu/blockdev.h" 35 #include "sysemu/dma.h" 36 #include "hw/block/block.h" 37 #include "sysemu/block-backend.h" 38 #include "qapi/error.h" 39 #include "qemu/cutils.h" 40 #include "sysemu/replay.h" 41 #include "sysemu/runstate.h" 42 #include "hw/ide/internal.h" 43 #include "trace.h" 44 45 /* These values were based on a Seagate ST3500418AS but have been modified 46 to make more sense in QEMU */ 47 static const int smart_attributes[][12] = { 48 /* id, flags, hflags, val, wrst, raw (6 bytes), threshold */ 49 /* raw read error rate*/ 50 { 0x01, 0x03, 0x00, 0x64, 0x64, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x06}, 51 /* spin up */ 52 { 0x03, 0x03, 0x00, 0x64, 0x64, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, 53 /* start stop count */ 54 { 0x04, 0x02, 0x00, 0x64, 0x64, 0x64, 0x00, 0x00, 0x00, 0x00, 0x00, 0x14}, 55 /* remapped sectors */ 56 { 0x05, 0x03, 0x00, 0x64, 0x64, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x24}, 57 /* power on hours */ 58 { 0x09, 0x03, 0x00, 0x64, 0x64, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, 59 /* power cycle count */ 60 { 0x0c, 0x03, 0x00, 0x64, 0x64, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, 61 /* airflow-temperature-celsius */ 62 { 190, 0x03, 0x00, 0x45, 0x45, 0x1f, 0x00, 0x1f, 0x1f, 0x00, 0x00, 0x32}, 63 }; 64 65 const char *IDE_DMA_CMD_lookup[IDE_DMA__COUNT] = { 66 [IDE_DMA_READ] = "DMA READ", 67 [IDE_DMA_WRITE] = "DMA WRITE", 68 [IDE_DMA_TRIM] = "DMA TRIM", 69 [IDE_DMA_ATAPI] = "DMA ATAPI" 70 }; 71 72 static const char *IDE_DMA_CMD_str(enum ide_dma_cmd enval) 73 { 74 if ((unsigned)enval < IDE_DMA__COUNT) { 75 return IDE_DMA_CMD_lookup[enval]; 76 } 77 return "DMA UNKNOWN CMD"; 78 } 79 80 static void ide_dummy_transfer_stop(IDEState *s); 81 82 static void padstr(char *str, const char *src, int len) 83 { 84 int i, v; 85 for(i = 0; i < len; i++) { 86 if (*src) 87 v = *src++; 88 else 89 v = ' '; 90 str[i^1] = v; 91 } 92 } 93 94 static void put_le16(uint16_t *p, unsigned int v) 95 { 96 *p = cpu_to_le16(v); 97 } 98 99 static void ide_identify_size(IDEState *s) 100 { 101 uint16_t *p = (uint16_t *)s->identify_data; 102 int64_t nb_sectors_lba28 = s->nb_sectors; 103 if (nb_sectors_lba28 >= 1 << 28) { 104 nb_sectors_lba28 = (1 << 28) - 1; 105 } 106 put_le16(p + 60, nb_sectors_lba28); 107 put_le16(p + 61, nb_sectors_lba28 >> 16); 108 put_le16(p + 100, s->nb_sectors); 109 put_le16(p + 101, s->nb_sectors >> 16); 110 put_le16(p + 102, s->nb_sectors >> 32); 111 put_le16(p + 103, s->nb_sectors >> 48); 112 } 113 114 static void ide_identify(IDEState *s) 115 { 116 uint16_t *p; 117 unsigned int oldsize; 118 IDEDevice *dev = s->unit ? s->bus->slave : s->bus->master; 119 120 p = (uint16_t *)s->identify_data; 121 if (s->identify_set) { 122 goto fill_buffer; 123 } 124 memset(p, 0, sizeof(s->identify_data)); 125 126 put_le16(p + 0, 0x0040); 127 put_le16(p + 1, s->cylinders); 128 put_le16(p + 3, s->heads); 129 put_le16(p + 4, 512 * s->sectors); /* XXX: retired, remove ? */ 130 put_le16(p + 5, 512); /* XXX: retired, remove ? */ 131 put_le16(p + 6, s->sectors); 132 padstr((char *)(p + 10), s->drive_serial_str, 20); /* serial number */ 133 put_le16(p + 20, 3); /* XXX: retired, remove ? */ 134 put_le16(p + 21, 512); /* cache size in sectors */ 135 put_le16(p + 22, 4); /* ecc bytes */ 136 padstr((char *)(p + 23), s->version, 8); /* firmware version */ 137 padstr((char *)(p + 27), s->drive_model_str, 40); /* model */ 138 #if MAX_MULT_SECTORS > 1 139 put_le16(p + 47, 0x8000 | MAX_MULT_SECTORS); 140 #endif 141 put_le16(p + 48, 1); /* dword I/O */ 142 put_le16(p + 49, (1 << 11) | (1 << 9) | (1 << 8)); /* DMA and LBA supported */ 143 put_le16(p + 51, 0x200); /* PIO transfer cycle */ 144 put_le16(p + 52, 0x200); /* DMA transfer cycle */ 145 put_le16(p + 53, 1 | (1 << 1) | (1 << 2)); /* words 54-58,64-70,88 are valid */ 146 put_le16(p + 54, s->cylinders); 147 put_le16(p + 55, s->heads); 148 put_le16(p + 56, s->sectors); 149 oldsize = s->cylinders * s->heads * s->sectors; 150 put_le16(p + 57, oldsize); 151 put_le16(p + 58, oldsize >> 16); 152 if (s->mult_sectors) 153 put_le16(p + 59, 0x100 | s->mult_sectors); 154 /* *(p + 60) := nb_sectors -- see ide_identify_size */ 155 /* *(p + 61) := nb_sectors >> 16 -- see ide_identify_size */ 156 put_le16(p + 62, 0x07); /* single word dma0-2 supported */ 157 put_le16(p + 63, 0x07); /* mdma0-2 supported */ 158 put_le16(p + 64, 0x03); /* pio3-4 supported */ 159 put_le16(p + 65, 120); 160 put_le16(p + 66, 120); 161 put_le16(p + 67, 120); 162 put_le16(p + 68, 120); 163 if (dev && dev->conf.discard_granularity) { 164 put_le16(p + 69, (1 << 14)); /* determinate TRIM behavior */ 165 } 166 167 if (s->ncq_queues) { 168 put_le16(p + 75, s->ncq_queues - 1); 169 /* NCQ supported */ 170 put_le16(p + 76, (1 << 8)); 171 } 172 173 put_le16(p + 80, 0xf0); /* ata3 -> ata6 supported */ 174 put_le16(p + 81, 0x16); /* conforms to ata5 */ 175 /* 14=NOP supported, 5=WCACHE supported, 0=SMART supported */ 176 put_le16(p + 82, (1 << 14) | (1 << 5) | 1); 177 /* 13=flush_cache_ext,12=flush_cache,10=lba48 */ 178 put_le16(p + 83, (1 << 14) | (1 << 13) | (1 <<12) | (1 << 10)); 179 /* 14=set to 1, 8=has WWN, 1=SMART self test, 0=SMART error logging */ 180 if (s->wwn) { 181 put_le16(p + 84, (1 << 14) | (1 << 8) | 0); 182 } else { 183 put_le16(p + 84, (1 << 14) | 0); 184 } 185 /* 14 = NOP supported, 5=WCACHE enabled, 0=SMART feature set enabled */ 186 if (blk_enable_write_cache(s->blk)) { 187 put_le16(p + 85, (1 << 14) | (1 << 5) | 1); 188 } else { 189 put_le16(p + 85, (1 << 14) | 1); 190 } 191 /* 13=flush_cache_ext,12=flush_cache,10=lba48 */ 192 put_le16(p + 86, (1 << 13) | (1 <<12) | (1 << 10)); 193 /* 14=set to 1, 8=has WWN, 1=SMART self test, 0=SMART error logging */ 194 if (s->wwn) { 195 put_le16(p + 87, (1 << 14) | (1 << 8) | 0); 196 } else { 197 put_le16(p + 87, (1 << 14) | 0); 198 } 199 put_le16(p + 88, 0x3f | (1 << 13)); /* udma5 set and supported */ 200 put_le16(p + 93, 1 | (1 << 14) | 0x2000); 201 /* *(p + 100) := nb_sectors -- see ide_identify_size */ 202 /* *(p + 101) := nb_sectors >> 16 -- see ide_identify_size */ 203 /* *(p + 102) := nb_sectors >> 32 -- see ide_identify_size */ 204 /* *(p + 103) := nb_sectors >> 48 -- see ide_identify_size */ 205 206 if (dev && dev->conf.physical_block_size) 207 put_le16(p + 106, 0x6000 | get_physical_block_exp(&dev->conf)); 208 if (s->wwn) { 209 /* LE 16-bit words 111-108 contain 64-bit World Wide Name */ 210 put_le16(p + 108, s->wwn >> 48); 211 put_le16(p + 109, s->wwn >> 32); 212 put_le16(p + 110, s->wwn >> 16); 213 put_le16(p + 111, s->wwn); 214 } 215 if (dev && dev->conf.discard_granularity) { 216 put_le16(p + 169, 1); /* TRIM support */ 217 } 218 if (dev) { 219 put_le16(p + 217, dev->rotation_rate); /* Nominal media rotation rate */ 220 } 221 222 ide_identify_size(s); 223 s->identify_set = 1; 224 225 fill_buffer: 226 memcpy(s->io_buffer, p, sizeof(s->identify_data)); 227 } 228 229 static void ide_atapi_identify(IDEState *s) 230 { 231 uint16_t *p; 232 233 p = (uint16_t *)s->identify_data; 234 if (s->identify_set) { 235 goto fill_buffer; 236 } 237 memset(p, 0, sizeof(s->identify_data)); 238 239 /* Removable CDROM, 50us response, 12 byte packets */ 240 put_le16(p + 0, (2 << 14) | (5 << 8) | (1 << 7) | (2 << 5) | (0 << 0)); 241 padstr((char *)(p + 10), s->drive_serial_str, 20); /* serial number */ 242 put_le16(p + 20, 3); /* buffer type */ 243 put_le16(p + 21, 512); /* cache size in sectors */ 244 put_le16(p + 22, 4); /* ecc bytes */ 245 padstr((char *)(p + 23), s->version, 8); /* firmware version */ 246 padstr((char *)(p + 27), s->drive_model_str, 40); /* model */ 247 put_le16(p + 48, 1); /* dword I/O (XXX: should not be set on CDROM) */ 248 #ifdef USE_DMA_CDROM 249 put_le16(p + 49, 1 << 9 | 1 << 8); /* DMA and LBA supported */ 250 put_le16(p + 53, 7); /* words 64-70, 54-58, 88 valid */ 251 put_le16(p + 62, 7); /* single word dma0-2 supported */ 252 put_le16(p + 63, 7); /* mdma0-2 supported */ 253 #else 254 put_le16(p + 49, 1 << 9); /* LBA supported, no DMA */ 255 put_le16(p + 53, 3); /* words 64-70, 54-58 valid */ 256 put_le16(p + 63, 0x103); /* DMA modes XXX: may be incorrect */ 257 #endif 258 put_le16(p + 64, 3); /* pio3-4 supported */ 259 put_le16(p + 65, 0xb4); /* minimum DMA multiword tx cycle time */ 260 put_le16(p + 66, 0xb4); /* recommended DMA multiword tx cycle time */ 261 put_le16(p + 67, 0x12c); /* minimum PIO cycle time without flow control */ 262 put_le16(p + 68, 0xb4); /* minimum PIO cycle time with IORDY flow control */ 263 264 put_le16(p + 71, 30); /* in ns */ 265 put_le16(p + 72, 30); /* in ns */ 266 267 if (s->ncq_queues) { 268 put_le16(p + 75, s->ncq_queues - 1); 269 /* NCQ supported */ 270 put_le16(p + 76, (1 << 8)); 271 } 272 273 put_le16(p + 80, 0x1e); /* support up to ATA/ATAPI-4 */ 274 if (s->wwn) { 275 put_le16(p + 84, (1 << 8)); /* supports WWN for words 108-111 */ 276 put_le16(p + 87, (1 << 8)); /* WWN enabled */ 277 } 278 279 #ifdef USE_DMA_CDROM 280 put_le16(p + 88, 0x3f | (1 << 13)); /* udma5 set and supported */ 281 #endif 282 283 if (s->wwn) { 284 /* LE 16-bit words 111-108 contain 64-bit World Wide Name */ 285 put_le16(p + 108, s->wwn >> 48); 286 put_le16(p + 109, s->wwn >> 32); 287 put_le16(p + 110, s->wwn >> 16); 288 put_le16(p + 111, s->wwn); 289 } 290 291 s->identify_set = 1; 292 293 fill_buffer: 294 memcpy(s->io_buffer, p, sizeof(s->identify_data)); 295 } 296 297 static void ide_cfata_identify_size(IDEState *s) 298 { 299 uint16_t *p = (uint16_t *)s->identify_data; 300 put_le16(p + 7, s->nb_sectors >> 16); /* Sectors per card */ 301 put_le16(p + 8, s->nb_sectors); /* Sectors per card */ 302 put_le16(p + 60, s->nb_sectors); /* Total LBA sectors */ 303 put_le16(p + 61, s->nb_sectors >> 16); /* Total LBA sectors */ 304 } 305 306 static void ide_cfata_identify(IDEState *s) 307 { 308 uint16_t *p; 309 uint32_t cur_sec; 310 311 p = (uint16_t *)s->identify_data; 312 if (s->identify_set) { 313 goto fill_buffer; 314 } 315 memset(p, 0, sizeof(s->identify_data)); 316 317 cur_sec = s->cylinders * s->heads * s->sectors; 318 319 put_le16(p + 0, 0x848a); /* CF Storage Card signature */ 320 put_le16(p + 1, s->cylinders); /* Default cylinders */ 321 put_le16(p + 3, s->heads); /* Default heads */ 322 put_le16(p + 6, s->sectors); /* Default sectors per track */ 323 /* *(p + 7) := nb_sectors >> 16 -- see ide_cfata_identify_size */ 324 /* *(p + 8) := nb_sectors -- see ide_cfata_identify_size */ 325 padstr((char *)(p + 10), s->drive_serial_str, 20); /* serial number */ 326 put_le16(p + 22, 0x0004); /* ECC bytes */ 327 padstr((char *) (p + 23), s->version, 8); /* Firmware Revision */ 328 padstr((char *) (p + 27), s->drive_model_str, 40);/* Model number */ 329 #if MAX_MULT_SECTORS > 1 330 put_le16(p + 47, 0x8000 | MAX_MULT_SECTORS); 331 #else 332 put_le16(p + 47, 0x0000); 333 #endif 334 put_le16(p + 49, 0x0f00); /* Capabilities */ 335 put_le16(p + 51, 0x0002); /* PIO cycle timing mode */ 336 put_le16(p + 52, 0x0001); /* DMA cycle timing mode */ 337 put_le16(p + 53, 0x0003); /* Translation params valid */ 338 put_le16(p + 54, s->cylinders); /* Current cylinders */ 339 put_le16(p + 55, s->heads); /* Current heads */ 340 put_le16(p + 56, s->sectors); /* Current sectors */ 341 put_le16(p + 57, cur_sec); /* Current capacity */ 342 put_le16(p + 58, cur_sec >> 16); /* Current capacity */ 343 if (s->mult_sectors) /* Multiple sector setting */ 344 put_le16(p + 59, 0x100 | s->mult_sectors); 345 /* *(p + 60) := nb_sectors -- see ide_cfata_identify_size */ 346 /* *(p + 61) := nb_sectors >> 16 -- see ide_cfata_identify_size */ 347 put_le16(p + 63, 0x0203); /* Multiword DMA capability */ 348 put_le16(p + 64, 0x0001); /* Flow Control PIO support */ 349 put_le16(p + 65, 0x0096); /* Min. Multiword DMA cycle */ 350 put_le16(p + 66, 0x0096); /* Rec. Multiword DMA cycle */ 351 put_le16(p + 68, 0x00b4); /* Min. PIO cycle time */ 352 put_le16(p + 82, 0x400c); /* Command Set supported */ 353 put_le16(p + 83, 0x7068); /* Command Set supported */ 354 put_le16(p + 84, 0x4000); /* Features supported */ 355 put_le16(p + 85, 0x000c); /* Command Set enabled */ 356 put_le16(p + 86, 0x7044); /* Command Set enabled */ 357 put_le16(p + 87, 0x4000); /* Features enabled */ 358 put_le16(p + 91, 0x4060); /* Current APM level */ 359 put_le16(p + 129, 0x0002); /* Current features option */ 360 put_le16(p + 130, 0x0005); /* Reassigned sectors */ 361 put_le16(p + 131, 0x0001); /* Initial power mode */ 362 put_le16(p + 132, 0x0000); /* User signature */ 363 put_le16(p + 160, 0x8100); /* Power requirement */ 364 put_le16(p + 161, 0x8001); /* CF command set */ 365 366 ide_cfata_identify_size(s); 367 s->identify_set = 1; 368 369 fill_buffer: 370 memcpy(s->io_buffer, p, sizeof(s->identify_data)); 371 } 372 373 static void ide_set_signature(IDEState *s) 374 { 375 s->select &= ~(ATA_DEV_HS); /* clear head */ 376 /* put signature */ 377 s->nsector = 1; 378 s->sector = 1; 379 if (s->drive_kind == IDE_CD) { 380 s->lcyl = 0x14; 381 s->hcyl = 0xeb; 382 } else if (s->blk) { 383 s->lcyl = 0; 384 s->hcyl = 0; 385 } else { 386 s->lcyl = 0xff; 387 s->hcyl = 0xff; 388 } 389 } 390 391 static bool ide_sect_range_ok(IDEState *s, 392 uint64_t sector, uint64_t nb_sectors) 393 { 394 uint64_t total_sectors; 395 396 blk_get_geometry(s->blk, &total_sectors); 397 if (sector > total_sectors || nb_sectors > total_sectors - sector) { 398 return false; 399 } 400 return true; 401 } 402 403 typedef struct TrimAIOCB { 404 BlockAIOCB common; 405 IDEState *s; 406 QEMUBH *bh; 407 int ret; 408 QEMUIOVector *qiov; 409 BlockAIOCB *aiocb; 410 int i, j; 411 } TrimAIOCB; 412 413 static void trim_aio_cancel(BlockAIOCB *acb) 414 { 415 TrimAIOCB *iocb = container_of(acb, TrimAIOCB, common); 416 417 /* Exit the loop so ide_issue_trim_cb will not continue */ 418 iocb->j = iocb->qiov->niov - 1; 419 iocb->i = (iocb->qiov->iov[iocb->j].iov_len / 8) - 1; 420 421 iocb->ret = -ECANCELED; 422 423 if (iocb->aiocb) { 424 blk_aio_cancel_async(iocb->aiocb); 425 iocb->aiocb = NULL; 426 } 427 } 428 429 static const AIOCBInfo trim_aiocb_info = { 430 .aiocb_size = sizeof(TrimAIOCB), 431 .cancel_async = trim_aio_cancel, 432 }; 433 434 static void ide_trim_bh_cb(void *opaque) 435 { 436 TrimAIOCB *iocb = opaque; 437 438 iocb->common.cb(iocb->common.opaque, iocb->ret); 439 440 qemu_bh_delete(iocb->bh); 441 iocb->bh = NULL; 442 qemu_aio_unref(iocb); 443 } 444 445 static void ide_issue_trim_cb(void *opaque, int ret) 446 { 447 TrimAIOCB *iocb = opaque; 448 IDEState *s = iocb->s; 449 450 if (iocb->i >= 0) { 451 if (ret >= 0) { 452 block_acct_done(blk_get_stats(s->blk), &s->acct); 453 } else { 454 block_acct_failed(blk_get_stats(s->blk), &s->acct); 455 } 456 } 457 458 if (ret >= 0) { 459 while (iocb->j < iocb->qiov->niov) { 460 int j = iocb->j; 461 while (++iocb->i < iocb->qiov->iov[j].iov_len / 8) { 462 int i = iocb->i; 463 uint64_t *buffer = iocb->qiov->iov[j].iov_base; 464 465 /* 6-byte LBA + 2-byte range per entry */ 466 uint64_t entry = le64_to_cpu(buffer[i]); 467 uint64_t sector = entry & 0x0000ffffffffffffULL; 468 uint16_t count = entry >> 48; 469 470 if (count == 0) { 471 continue; 472 } 473 474 if (!ide_sect_range_ok(s, sector, count)) { 475 block_acct_invalid(blk_get_stats(s->blk), BLOCK_ACCT_UNMAP); 476 iocb->ret = -EINVAL; 477 goto done; 478 } 479 480 block_acct_start(blk_get_stats(s->blk), &s->acct, 481 count << BDRV_SECTOR_BITS, BLOCK_ACCT_UNMAP); 482 483 /* Got an entry! Submit and exit. */ 484 iocb->aiocb = blk_aio_pdiscard(s->blk, 485 sector << BDRV_SECTOR_BITS, 486 count << BDRV_SECTOR_BITS, 487 ide_issue_trim_cb, opaque); 488 return; 489 } 490 491 iocb->j++; 492 iocb->i = -1; 493 } 494 } else { 495 iocb->ret = ret; 496 } 497 498 done: 499 iocb->aiocb = NULL; 500 if (iocb->bh) { 501 replay_bh_schedule_event(iocb->bh); 502 } 503 } 504 505 BlockAIOCB *ide_issue_trim( 506 int64_t offset, QEMUIOVector *qiov, 507 BlockCompletionFunc *cb, void *cb_opaque, void *opaque) 508 { 509 IDEState *s = opaque; 510 TrimAIOCB *iocb; 511 512 iocb = blk_aio_get(&trim_aiocb_info, s->blk, cb, cb_opaque); 513 iocb->s = s; 514 iocb->bh = qemu_bh_new(ide_trim_bh_cb, iocb); 515 iocb->ret = 0; 516 iocb->qiov = qiov; 517 iocb->i = -1; 518 iocb->j = 0; 519 ide_issue_trim_cb(iocb, 0); 520 return &iocb->common; 521 } 522 523 void ide_abort_command(IDEState *s) 524 { 525 ide_transfer_stop(s); 526 s->status = READY_STAT | ERR_STAT; 527 s->error = ABRT_ERR; 528 } 529 530 static void ide_set_retry(IDEState *s) 531 { 532 s->bus->retry_unit = s->unit; 533 s->bus->retry_sector_num = ide_get_sector(s); 534 s->bus->retry_nsector = s->nsector; 535 } 536 537 static void ide_clear_retry(IDEState *s) 538 { 539 s->bus->retry_unit = -1; 540 s->bus->retry_sector_num = 0; 541 s->bus->retry_nsector = 0; 542 } 543 544 /* prepare data transfer and tell what to do after */ 545 bool ide_transfer_start_norecurse(IDEState *s, uint8_t *buf, int size, 546 EndTransferFunc *end_transfer_func) 547 { 548 s->data_ptr = buf; 549 s->data_end = buf + size; 550 ide_set_retry(s); 551 if (!(s->status & ERR_STAT)) { 552 s->status |= DRQ_STAT; 553 } 554 if (!s->bus->dma->ops->pio_transfer) { 555 s->end_transfer_func = end_transfer_func; 556 return false; 557 } 558 s->bus->dma->ops->pio_transfer(s->bus->dma); 559 return true; 560 } 561 562 void ide_transfer_start(IDEState *s, uint8_t *buf, int size, 563 EndTransferFunc *end_transfer_func) 564 { 565 if (ide_transfer_start_norecurse(s, buf, size, end_transfer_func)) { 566 end_transfer_func(s); 567 } 568 } 569 570 static void ide_cmd_done(IDEState *s) 571 { 572 if (s->bus->dma->ops->cmd_done) { 573 s->bus->dma->ops->cmd_done(s->bus->dma); 574 } 575 } 576 577 static void ide_transfer_halt(IDEState *s) 578 { 579 s->end_transfer_func = ide_transfer_stop; 580 s->data_ptr = s->io_buffer; 581 s->data_end = s->io_buffer; 582 s->status &= ~DRQ_STAT; 583 } 584 585 void ide_transfer_stop(IDEState *s) 586 { 587 ide_transfer_halt(s); 588 ide_cmd_done(s); 589 } 590 591 int64_t ide_get_sector(IDEState *s) 592 { 593 int64_t sector_num; 594 if (s->select & (ATA_DEV_LBA)) { 595 if (s->lba48) { 596 sector_num = ((int64_t)s->hob_hcyl << 40) | 597 ((int64_t) s->hob_lcyl << 32) | 598 ((int64_t) s->hob_sector << 24) | 599 ((int64_t) s->hcyl << 16) | 600 ((int64_t) s->lcyl << 8) | s->sector; 601 } else { 602 /* LBA28 */ 603 sector_num = ((s->select & (ATA_DEV_LBA_MSB)) << 24) | 604 (s->hcyl << 16) | (s->lcyl << 8) | s->sector; 605 } 606 } else { 607 /* CHS */ 608 sector_num = ((s->hcyl << 8) | s->lcyl) * s->heads * s->sectors + 609 (s->select & (ATA_DEV_HS)) * s->sectors + (s->sector - 1); 610 } 611 612 return sector_num; 613 } 614 615 void ide_set_sector(IDEState *s, int64_t sector_num) 616 { 617 unsigned int cyl, r; 618 if (s->select & (ATA_DEV_LBA)) { 619 if (s->lba48) { 620 s->sector = sector_num; 621 s->lcyl = sector_num >> 8; 622 s->hcyl = sector_num >> 16; 623 s->hob_sector = sector_num >> 24; 624 s->hob_lcyl = sector_num >> 32; 625 s->hob_hcyl = sector_num >> 40; 626 } else { 627 /* LBA28 */ 628 s->select = (s->select & ~(ATA_DEV_LBA_MSB)) | 629 ((sector_num >> 24) & (ATA_DEV_LBA_MSB)); 630 s->hcyl = (sector_num >> 16); 631 s->lcyl = (sector_num >> 8); 632 s->sector = (sector_num); 633 } 634 } else { 635 /* CHS */ 636 cyl = sector_num / (s->heads * s->sectors); 637 r = sector_num % (s->heads * s->sectors); 638 s->hcyl = cyl >> 8; 639 s->lcyl = cyl; 640 s->select = (s->select & ~(ATA_DEV_HS)) | 641 ((r / s->sectors) & (ATA_DEV_HS)); 642 s->sector = (r % s->sectors) + 1; 643 } 644 } 645 646 static void ide_rw_error(IDEState *s) { 647 ide_abort_command(s); 648 ide_set_irq(s->bus); 649 } 650 651 static void ide_buffered_readv_cb(void *opaque, int ret) 652 { 653 IDEBufferedRequest *req = opaque; 654 if (!req->orphaned) { 655 if (!ret) { 656 assert(req->qiov.size == req->original_qiov->size); 657 qemu_iovec_from_buf(req->original_qiov, 0, 658 req->qiov.local_iov.iov_base, 659 req->original_qiov->size); 660 } 661 req->original_cb(req->original_opaque, ret); 662 } 663 QLIST_REMOVE(req, list); 664 qemu_vfree(qemu_iovec_buf(&req->qiov)); 665 g_free(req); 666 } 667 668 #define MAX_BUFFERED_REQS 16 669 670 BlockAIOCB *ide_buffered_readv(IDEState *s, int64_t sector_num, 671 QEMUIOVector *iov, int nb_sectors, 672 BlockCompletionFunc *cb, void *opaque) 673 { 674 BlockAIOCB *aioreq; 675 IDEBufferedRequest *req; 676 int c = 0; 677 678 QLIST_FOREACH(req, &s->buffered_requests, list) { 679 c++; 680 } 681 if (c > MAX_BUFFERED_REQS) { 682 return blk_abort_aio_request(s->blk, cb, opaque, -EIO); 683 } 684 685 req = g_new0(IDEBufferedRequest, 1); 686 req->original_qiov = iov; 687 req->original_cb = cb; 688 req->original_opaque = opaque; 689 qemu_iovec_init_buf(&req->qiov, blk_blockalign(s->blk, iov->size), 690 iov->size); 691 692 aioreq = blk_aio_preadv(s->blk, sector_num << BDRV_SECTOR_BITS, 693 &req->qiov, 0, ide_buffered_readv_cb, req); 694 695 QLIST_INSERT_HEAD(&s->buffered_requests, req, list); 696 return aioreq; 697 } 698 699 /** 700 * Cancel all pending DMA requests. 701 * Any buffered DMA requests are instantly canceled, 702 * but any pending unbuffered DMA requests must be waited on. 703 */ 704 void ide_cancel_dma_sync(IDEState *s) 705 { 706 IDEBufferedRequest *req; 707 708 /* First invoke the callbacks of all buffered requests 709 * and flag those requests as orphaned. Ideally there 710 * are no unbuffered (Scatter Gather DMA Requests or 711 * write requests) pending and we can avoid to drain. */ 712 QLIST_FOREACH(req, &s->buffered_requests, list) { 713 if (!req->orphaned) { 714 trace_ide_cancel_dma_sync_buffered(req->original_cb, req); 715 req->original_cb(req->original_opaque, -ECANCELED); 716 } 717 req->orphaned = true; 718 } 719 720 /* 721 * We can't cancel Scatter Gather DMA in the middle of the 722 * operation or a partial (not full) DMA transfer would reach 723 * the storage so we wait for completion instead (we behave 724 * like if the DMA was completed by the time the guest trying 725 * to cancel dma with bmdma_cmd_writeb with BM_CMD_START not 726 * set). 727 * 728 * In the future we'll be able to safely cancel the I/O if the 729 * whole DMA operation will be submitted to disk with a single 730 * aio operation with preadv/pwritev. 731 */ 732 if (s->bus->dma->aiocb) { 733 trace_ide_cancel_dma_sync_remaining(); 734 blk_drain(s->blk); 735 assert(s->bus->dma->aiocb == NULL); 736 } 737 } 738 739 static void ide_sector_read(IDEState *s); 740 741 static void ide_sector_read_cb(void *opaque, int ret) 742 { 743 IDEState *s = opaque; 744 int n; 745 746 s->pio_aiocb = NULL; 747 s->status &= ~BUSY_STAT; 748 749 if (ret != 0) { 750 if (ide_handle_rw_error(s, -ret, IDE_RETRY_PIO | 751 IDE_RETRY_READ)) { 752 return; 753 } 754 } 755 756 block_acct_done(blk_get_stats(s->blk), &s->acct); 757 758 n = s->nsector; 759 if (n > s->req_nb_sectors) { 760 n = s->req_nb_sectors; 761 } 762 763 ide_set_sector(s, ide_get_sector(s) + n); 764 s->nsector -= n; 765 /* Allow the guest to read the io_buffer */ 766 ide_transfer_start(s, s->io_buffer, n * BDRV_SECTOR_SIZE, ide_sector_read); 767 ide_set_irq(s->bus); 768 } 769 770 static void ide_sector_read(IDEState *s) 771 { 772 int64_t sector_num; 773 int n; 774 775 s->status = READY_STAT | SEEK_STAT; 776 s->error = 0; /* not needed by IDE spec, but needed by Windows */ 777 sector_num = ide_get_sector(s); 778 n = s->nsector; 779 780 if (n == 0) { 781 ide_transfer_stop(s); 782 return; 783 } 784 785 s->status |= BUSY_STAT; 786 787 if (n > s->req_nb_sectors) { 788 n = s->req_nb_sectors; 789 } 790 791 trace_ide_sector_read(sector_num, n); 792 793 if (!ide_sect_range_ok(s, sector_num, n)) { 794 ide_rw_error(s); 795 block_acct_invalid(blk_get_stats(s->blk), BLOCK_ACCT_READ); 796 return; 797 } 798 799 qemu_iovec_init_buf(&s->qiov, s->io_buffer, n * BDRV_SECTOR_SIZE); 800 801 block_acct_start(blk_get_stats(s->blk), &s->acct, 802 n * BDRV_SECTOR_SIZE, BLOCK_ACCT_READ); 803 s->pio_aiocb = ide_buffered_readv(s, sector_num, &s->qiov, n, 804 ide_sector_read_cb, s); 805 } 806 807 void dma_buf_commit(IDEState *s, uint32_t tx_bytes) 808 { 809 if (s->bus->dma->ops->commit_buf) { 810 s->bus->dma->ops->commit_buf(s->bus->dma, tx_bytes); 811 } 812 s->io_buffer_offset += tx_bytes; 813 qemu_sglist_destroy(&s->sg); 814 } 815 816 void ide_set_inactive(IDEState *s, bool more) 817 { 818 s->bus->dma->aiocb = NULL; 819 ide_clear_retry(s); 820 if (s->bus->dma->ops->set_inactive) { 821 s->bus->dma->ops->set_inactive(s->bus->dma, more); 822 } 823 ide_cmd_done(s); 824 } 825 826 void ide_dma_error(IDEState *s) 827 { 828 dma_buf_commit(s, 0); 829 ide_abort_command(s); 830 ide_set_inactive(s, false); 831 ide_set_irq(s->bus); 832 } 833 834 int ide_handle_rw_error(IDEState *s, int error, int op) 835 { 836 bool is_read = (op & IDE_RETRY_READ) != 0; 837 BlockErrorAction action = blk_get_error_action(s->blk, is_read, error); 838 839 if (action == BLOCK_ERROR_ACTION_STOP) { 840 assert(s->bus->retry_unit == s->unit); 841 s->bus->error_status = op; 842 } else if (action == BLOCK_ERROR_ACTION_REPORT) { 843 block_acct_failed(blk_get_stats(s->blk), &s->acct); 844 if (IS_IDE_RETRY_DMA(op)) { 845 ide_dma_error(s); 846 } else if (IS_IDE_RETRY_ATAPI(op)) { 847 ide_atapi_io_error(s, -error); 848 } else { 849 ide_rw_error(s); 850 } 851 } 852 blk_error_action(s->blk, action, is_read, error); 853 return action != BLOCK_ERROR_ACTION_IGNORE; 854 } 855 856 static void ide_dma_cb(void *opaque, int ret) 857 { 858 IDEState *s = opaque; 859 int n; 860 int64_t sector_num; 861 uint64_t offset; 862 bool stay_active = false; 863 int32_t prep_size = 0; 864 865 if (ret == -EINVAL) { 866 ide_dma_error(s); 867 return; 868 } 869 870 if (ret < 0) { 871 if (ide_handle_rw_error(s, -ret, ide_dma_cmd_to_retry(s->dma_cmd))) { 872 s->bus->dma->aiocb = NULL; 873 dma_buf_commit(s, 0); 874 return; 875 } 876 } 877 878 if (s->io_buffer_size > s->nsector * 512) { 879 /* 880 * The PRDs were longer than needed for this request. 881 * The Active bit must remain set after the request completes. 882 */ 883 n = s->nsector; 884 stay_active = true; 885 } else { 886 n = s->io_buffer_size >> 9; 887 } 888 889 sector_num = ide_get_sector(s); 890 if (n > 0) { 891 assert(n * 512 == s->sg.size); 892 dma_buf_commit(s, s->sg.size); 893 sector_num += n; 894 ide_set_sector(s, sector_num); 895 s->nsector -= n; 896 } 897 898 /* end of transfer ? */ 899 if (s->nsector == 0) { 900 s->status = READY_STAT | SEEK_STAT; 901 ide_set_irq(s->bus); 902 goto eot; 903 } 904 905 /* launch next transfer */ 906 n = s->nsector; 907 s->io_buffer_index = 0; 908 s->io_buffer_size = n * 512; 909 prep_size = s->bus->dma->ops->prepare_buf(s->bus->dma, s->io_buffer_size); 910 /* prepare_buf() must succeed and respect the limit */ 911 assert(prep_size >= 0 && prep_size <= n * 512); 912 913 /* 914 * Now prep_size stores the number of bytes in the sglist, and 915 * s->io_buffer_size stores the number of bytes described by the PRDs. 916 */ 917 918 if (prep_size < n * 512) { 919 /* 920 * The PRDs are too short for this request. Error condition! 921 * Reset the Active bit and don't raise the interrupt. 922 */ 923 s->status = READY_STAT | SEEK_STAT; 924 dma_buf_commit(s, 0); 925 goto eot; 926 } 927 928 trace_ide_dma_cb(s, sector_num, n, IDE_DMA_CMD_str(s->dma_cmd)); 929 930 if ((s->dma_cmd == IDE_DMA_READ || s->dma_cmd == IDE_DMA_WRITE) && 931 !ide_sect_range_ok(s, sector_num, n)) { 932 ide_dma_error(s); 933 block_acct_invalid(blk_get_stats(s->blk), s->acct.type); 934 return; 935 } 936 937 offset = sector_num << BDRV_SECTOR_BITS; 938 switch (s->dma_cmd) { 939 case IDE_DMA_READ: 940 s->bus->dma->aiocb = dma_blk_read(s->blk, &s->sg, offset, 941 BDRV_SECTOR_SIZE, ide_dma_cb, s); 942 break; 943 case IDE_DMA_WRITE: 944 s->bus->dma->aiocb = dma_blk_write(s->blk, &s->sg, offset, 945 BDRV_SECTOR_SIZE, ide_dma_cb, s); 946 break; 947 case IDE_DMA_TRIM: 948 s->bus->dma->aiocb = dma_blk_io(blk_get_aio_context(s->blk), 949 &s->sg, offset, BDRV_SECTOR_SIZE, 950 ide_issue_trim, s, ide_dma_cb, s, 951 DMA_DIRECTION_TO_DEVICE); 952 break; 953 default: 954 abort(); 955 } 956 return; 957 958 eot: 959 if (s->dma_cmd == IDE_DMA_READ || s->dma_cmd == IDE_DMA_WRITE) { 960 block_acct_done(blk_get_stats(s->blk), &s->acct); 961 } 962 ide_set_inactive(s, stay_active); 963 } 964 965 static void ide_sector_start_dma(IDEState *s, enum ide_dma_cmd dma_cmd) 966 { 967 s->status = READY_STAT | SEEK_STAT | DRQ_STAT; 968 s->io_buffer_size = 0; 969 s->dma_cmd = dma_cmd; 970 971 switch (dma_cmd) { 972 case IDE_DMA_READ: 973 block_acct_start(blk_get_stats(s->blk), &s->acct, 974 s->nsector * BDRV_SECTOR_SIZE, BLOCK_ACCT_READ); 975 break; 976 case IDE_DMA_WRITE: 977 block_acct_start(blk_get_stats(s->blk), &s->acct, 978 s->nsector * BDRV_SECTOR_SIZE, BLOCK_ACCT_WRITE); 979 break; 980 default: 981 break; 982 } 983 984 ide_start_dma(s, ide_dma_cb); 985 } 986 987 void ide_start_dma(IDEState *s, BlockCompletionFunc *cb) 988 { 989 s->io_buffer_index = 0; 990 ide_set_retry(s); 991 if (s->bus->dma->ops->start_dma) { 992 s->bus->dma->ops->start_dma(s->bus->dma, s, cb); 993 } 994 } 995 996 static void ide_sector_write(IDEState *s); 997 998 static void ide_sector_write_timer_cb(void *opaque) 999 { 1000 IDEState *s = opaque; 1001 ide_set_irq(s->bus); 1002 } 1003 1004 static void ide_sector_write_cb(void *opaque, int ret) 1005 { 1006 IDEState *s = opaque; 1007 int n; 1008 1009 s->pio_aiocb = NULL; 1010 s->status &= ~BUSY_STAT; 1011 1012 if (ret != 0) { 1013 if (ide_handle_rw_error(s, -ret, IDE_RETRY_PIO)) { 1014 return; 1015 } 1016 } 1017 1018 block_acct_done(blk_get_stats(s->blk), &s->acct); 1019 1020 n = s->nsector; 1021 if (n > s->req_nb_sectors) { 1022 n = s->req_nb_sectors; 1023 } 1024 s->nsector -= n; 1025 1026 ide_set_sector(s, ide_get_sector(s) + n); 1027 if (s->nsector == 0) { 1028 /* no more sectors to write */ 1029 ide_transfer_stop(s); 1030 } else { 1031 int n1 = s->nsector; 1032 if (n1 > s->req_nb_sectors) { 1033 n1 = s->req_nb_sectors; 1034 } 1035 ide_transfer_start(s, s->io_buffer, n1 * BDRV_SECTOR_SIZE, 1036 ide_sector_write); 1037 } 1038 1039 if (win2k_install_hack && ((++s->irq_count % 16) == 0)) { 1040 /* It seems there is a bug in the Windows 2000 installer HDD 1041 IDE driver which fills the disk with empty logs when the 1042 IDE write IRQ comes too early. This hack tries to correct 1043 that at the expense of slower write performances. Use this 1044 option _only_ to install Windows 2000. You must disable it 1045 for normal use. */ 1046 timer_mod(s->sector_write_timer, qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL) + 1047 (NANOSECONDS_PER_SECOND / 1000)); 1048 } else { 1049 ide_set_irq(s->bus); 1050 } 1051 } 1052 1053 static void ide_sector_write(IDEState *s) 1054 { 1055 int64_t sector_num; 1056 int n; 1057 1058 s->status = READY_STAT | SEEK_STAT | BUSY_STAT; 1059 sector_num = ide_get_sector(s); 1060 1061 n = s->nsector; 1062 if (n > s->req_nb_sectors) { 1063 n = s->req_nb_sectors; 1064 } 1065 1066 trace_ide_sector_write(sector_num, n); 1067 1068 if (!ide_sect_range_ok(s, sector_num, n)) { 1069 ide_rw_error(s); 1070 block_acct_invalid(blk_get_stats(s->blk), BLOCK_ACCT_WRITE); 1071 return; 1072 } 1073 1074 qemu_iovec_init_buf(&s->qiov, s->io_buffer, n * BDRV_SECTOR_SIZE); 1075 1076 block_acct_start(blk_get_stats(s->blk), &s->acct, 1077 n * BDRV_SECTOR_SIZE, BLOCK_ACCT_WRITE); 1078 s->pio_aiocb = blk_aio_pwritev(s->blk, sector_num << BDRV_SECTOR_BITS, 1079 &s->qiov, 0, ide_sector_write_cb, s); 1080 } 1081 1082 static void ide_flush_cb(void *opaque, int ret) 1083 { 1084 IDEState *s = opaque; 1085 1086 s->pio_aiocb = NULL; 1087 1088 if (ret < 0) { 1089 /* XXX: What sector number to set here? */ 1090 if (ide_handle_rw_error(s, -ret, IDE_RETRY_FLUSH)) { 1091 return; 1092 } 1093 } 1094 1095 if (s->blk) { 1096 block_acct_done(blk_get_stats(s->blk), &s->acct); 1097 } 1098 s->status = READY_STAT | SEEK_STAT; 1099 ide_cmd_done(s); 1100 ide_set_irq(s->bus); 1101 } 1102 1103 static void ide_flush_cache(IDEState *s) 1104 { 1105 if (s->blk == NULL) { 1106 ide_flush_cb(s, 0); 1107 return; 1108 } 1109 1110 s->status |= BUSY_STAT; 1111 ide_set_retry(s); 1112 block_acct_start(blk_get_stats(s->blk), &s->acct, 0, BLOCK_ACCT_FLUSH); 1113 s->pio_aiocb = blk_aio_flush(s->blk, ide_flush_cb, s); 1114 } 1115 1116 static void ide_cfata_metadata_inquiry(IDEState *s) 1117 { 1118 uint16_t *p; 1119 uint32_t spd; 1120 1121 p = (uint16_t *) s->io_buffer; 1122 memset(p, 0, 0x200); 1123 spd = ((s->mdata_size - 1) >> 9) + 1; 1124 1125 put_le16(p + 0, 0x0001); /* Data format revision */ 1126 put_le16(p + 1, 0x0000); /* Media property: silicon */ 1127 put_le16(p + 2, s->media_changed); /* Media status */ 1128 put_le16(p + 3, s->mdata_size & 0xffff); /* Capacity in bytes (low) */ 1129 put_le16(p + 4, s->mdata_size >> 16); /* Capacity in bytes (high) */ 1130 put_le16(p + 5, spd & 0xffff); /* Sectors per device (low) */ 1131 put_le16(p + 6, spd >> 16); /* Sectors per device (high) */ 1132 } 1133 1134 static void ide_cfata_metadata_read(IDEState *s) 1135 { 1136 uint16_t *p; 1137 1138 if (((s->hcyl << 16) | s->lcyl) << 9 > s->mdata_size + 2) { 1139 s->status = ERR_STAT; 1140 s->error = ABRT_ERR; 1141 return; 1142 } 1143 1144 p = (uint16_t *) s->io_buffer; 1145 memset(p, 0, 0x200); 1146 1147 put_le16(p + 0, s->media_changed); /* Media status */ 1148 memcpy(p + 1, s->mdata_storage + (((s->hcyl << 16) | s->lcyl) << 9), 1149 MIN(MIN(s->mdata_size - (((s->hcyl << 16) | s->lcyl) << 9), 1150 s->nsector << 9), 0x200 - 2)); 1151 } 1152 1153 static void ide_cfata_metadata_write(IDEState *s) 1154 { 1155 if (((s->hcyl << 16) | s->lcyl) << 9 > s->mdata_size + 2) { 1156 s->status = ERR_STAT; 1157 s->error = ABRT_ERR; 1158 return; 1159 } 1160 1161 s->media_changed = 0; 1162 1163 memcpy(s->mdata_storage + (((s->hcyl << 16) | s->lcyl) << 9), 1164 s->io_buffer + 2, 1165 MIN(MIN(s->mdata_size - (((s->hcyl << 16) | s->lcyl) << 9), 1166 s->nsector << 9), 0x200 - 2)); 1167 } 1168 1169 /* called when the inserted state of the media has changed */ 1170 static void ide_cd_change_cb(void *opaque, bool load, Error **errp) 1171 { 1172 IDEState *s = opaque; 1173 uint64_t nb_sectors; 1174 1175 s->tray_open = !load; 1176 blk_get_geometry(s->blk, &nb_sectors); 1177 s->nb_sectors = nb_sectors; 1178 1179 /* 1180 * First indicate to the guest that a CD has been removed. That's 1181 * done on the next command the guest sends us. 1182 * 1183 * Then we set UNIT_ATTENTION, by which the guest will 1184 * detect a new CD in the drive. See ide_atapi_cmd() for details. 1185 */ 1186 s->cdrom_changed = 1; 1187 s->events.new_media = true; 1188 s->events.eject_request = false; 1189 ide_set_irq(s->bus); 1190 } 1191 1192 static void ide_cd_eject_request_cb(void *opaque, bool force) 1193 { 1194 IDEState *s = opaque; 1195 1196 s->events.eject_request = true; 1197 if (force) { 1198 s->tray_locked = false; 1199 } 1200 ide_set_irq(s->bus); 1201 } 1202 1203 static void ide_cmd_lba48_transform(IDEState *s, int lba48) 1204 { 1205 s->lba48 = lba48; 1206 1207 /* handle the 'magic' 0 nsector count conversion here. to avoid 1208 * fiddling with the rest of the read logic, we just store the 1209 * full sector count in ->nsector and ignore ->hob_nsector from now 1210 */ 1211 if (!s->lba48) { 1212 if (!s->nsector) 1213 s->nsector = 256; 1214 } else { 1215 if (!s->nsector && !s->hob_nsector) 1216 s->nsector = 65536; 1217 else { 1218 int lo = s->nsector; 1219 int hi = s->hob_nsector; 1220 1221 s->nsector = (hi << 8) | lo; 1222 } 1223 } 1224 } 1225 1226 static void ide_clear_hob(IDEBus *bus) 1227 { 1228 /* any write clears HOB high bit of device control register */ 1229 bus->cmd &= ~(IDE_CTRL_HOB); 1230 } 1231 1232 /* IOport [W]rite [R]egisters */ 1233 enum ATA_IOPORT_WR { 1234 ATA_IOPORT_WR_DATA = 0, 1235 ATA_IOPORT_WR_FEATURES = 1, 1236 ATA_IOPORT_WR_SECTOR_COUNT = 2, 1237 ATA_IOPORT_WR_SECTOR_NUMBER = 3, 1238 ATA_IOPORT_WR_CYLINDER_LOW = 4, 1239 ATA_IOPORT_WR_CYLINDER_HIGH = 5, 1240 ATA_IOPORT_WR_DEVICE_HEAD = 6, 1241 ATA_IOPORT_WR_COMMAND = 7, 1242 ATA_IOPORT_WR_NUM_REGISTERS, 1243 }; 1244 1245 const char *ATA_IOPORT_WR_lookup[ATA_IOPORT_WR_NUM_REGISTERS] = { 1246 [ATA_IOPORT_WR_DATA] = "Data", 1247 [ATA_IOPORT_WR_FEATURES] = "Features", 1248 [ATA_IOPORT_WR_SECTOR_COUNT] = "Sector Count", 1249 [ATA_IOPORT_WR_SECTOR_NUMBER] = "Sector Number", 1250 [ATA_IOPORT_WR_CYLINDER_LOW] = "Cylinder Low", 1251 [ATA_IOPORT_WR_CYLINDER_HIGH] = "Cylinder High", 1252 [ATA_IOPORT_WR_DEVICE_HEAD] = "Device/Head", 1253 [ATA_IOPORT_WR_COMMAND] = "Command" 1254 }; 1255 1256 void ide_ioport_write(void *opaque, uint32_t addr, uint32_t val) 1257 { 1258 IDEBus *bus = opaque; 1259 IDEState *s = idebus_active_if(bus); 1260 int reg_num = addr & 7; 1261 1262 trace_ide_ioport_write(addr, ATA_IOPORT_WR_lookup[reg_num], val, bus, s); 1263 1264 /* ignore writes to command block while busy with previous command */ 1265 if (reg_num != 7 && (s->status & (BUSY_STAT|DRQ_STAT))) { 1266 return; 1267 } 1268 1269 /* NOTE: Device0 and Device1 both receive incoming register writes. 1270 * (They're on the same bus! They have to!) */ 1271 1272 switch (reg_num) { 1273 case 0: 1274 break; 1275 case ATA_IOPORT_WR_FEATURES: 1276 ide_clear_hob(bus); 1277 bus->ifs[0].hob_feature = bus->ifs[0].feature; 1278 bus->ifs[1].hob_feature = bus->ifs[1].feature; 1279 bus->ifs[0].feature = val; 1280 bus->ifs[1].feature = val; 1281 break; 1282 case ATA_IOPORT_WR_SECTOR_COUNT: 1283 ide_clear_hob(bus); 1284 bus->ifs[0].hob_nsector = bus->ifs[0].nsector; 1285 bus->ifs[1].hob_nsector = bus->ifs[1].nsector; 1286 bus->ifs[0].nsector = val; 1287 bus->ifs[1].nsector = val; 1288 break; 1289 case ATA_IOPORT_WR_SECTOR_NUMBER: 1290 ide_clear_hob(bus); 1291 bus->ifs[0].hob_sector = bus->ifs[0].sector; 1292 bus->ifs[1].hob_sector = bus->ifs[1].sector; 1293 bus->ifs[0].sector = val; 1294 bus->ifs[1].sector = val; 1295 break; 1296 case ATA_IOPORT_WR_CYLINDER_LOW: 1297 ide_clear_hob(bus); 1298 bus->ifs[0].hob_lcyl = bus->ifs[0].lcyl; 1299 bus->ifs[1].hob_lcyl = bus->ifs[1].lcyl; 1300 bus->ifs[0].lcyl = val; 1301 bus->ifs[1].lcyl = val; 1302 break; 1303 case ATA_IOPORT_WR_CYLINDER_HIGH: 1304 ide_clear_hob(bus); 1305 bus->ifs[0].hob_hcyl = bus->ifs[0].hcyl; 1306 bus->ifs[1].hob_hcyl = bus->ifs[1].hcyl; 1307 bus->ifs[0].hcyl = val; 1308 bus->ifs[1].hcyl = val; 1309 break; 1310 case ATA_IOPORT_WR_DEVICE_HEAD: 1311 ide_clear_hob(bus); 1312 bus->ifs[0].select = val | (ATA_DEV_ALWAYS_ON); 1313 bus->ifs[1].select = val | (ATA_DEV_ALWAYS_ON); 1314 /* select drive */ 1315 bus->unit = (val & (ATA_DEV_SELECT)) ? 1 : 0; 1316 break; 1317 default: 1318 case ATA_IOPORT_WR_COMMAND: 1319 ide_clear_hob(bus); 1320 qemu_irq_lower(bus->irq); 1321 ide_exec_cmd(bus, val); 1322 break; 1323 } 1324 } 1325 1326 static void ide_reset(IDEState *s) 1327 { 1328 trace_ide_reset(s); 1329 1330 if (s->pio_aiocb) { 1331 blk_aio_cancel(s->pio_aiocb); 1332 s->pio_aiocb = NULL; 1333 } 1334 1335 if (s->drive_kind == IDE_CFATA) 1336 s->mult_sectors = 0; 1337 else 1338 s->mult_sectors = MAX_MULT_SECTORS; 1339 /* ide regs */ 1340 s->feature = 0; 1341 s->error = 0; 1342 s->nsector = 0; 1343 s->sector = 0; 1344 s->lcyl = 0; 1345 s->hcyl = 0; 1346 1347 /* lba48 */ 1348 s->hob_feature = 0; 1349 s->hob_sector = 0; 1350 s->hob_nsector = 0; 1351 s->hob_lcyl = 0; 1352 s->hob_hcyl = 0; 1353 1354 s->select = (ATA_DEV_ALWAYS_ON); 1355 s->status = READY_STAT | SEEK_STAT; 1356 1357 s->lba48 = 0; 1358 1359 /* ATAPI specific */ 1360 s->sense_key = 0; 1361 s->asc = 0; 1362 s->cdrom_changed = 0; 1363 s->packet_transfer_size = 0; 1364 s->elementary_transfer_size = 0; 1365 s->io_buffer_index = 0; 1366 s->cd_sector_size = 0; 1367 s->atapi_dma = 0; 1368 s->tray_locked = 0; 1369 s->tray_open = 0; 1370 /* ATA DMA state */ 1371 s->io_buffer_size = 0; 1372 s->req_nb_sectors = 0; 1373 1374 ide_set_signature(s); 1375 /* init the transfer handler so that 0xffff is returned on data 1376 accesses */ 1377 s->end_transfer_func = ide_dummy_transfer_stop; 1378 ide_dummy_transfer_stop(s); 1379 s->media_changed = 0; 1380 } 1381 1382 static bool cmd_nop(IDEState *s, uint8_t cmd) 1383 { 1384 return true; 1385 } 1386 1387 static bool cmd_device_reset(IDEState *s, uint8_t cmd) 1388 { 1389 /* Halt PIO (in the DRQ phase), then DMA */ 1390 ide_transfer_halt(s); 1391 ide_cancel_dma_sync(s); 1392 1393 /* Reset any PIO commands, reset signature, etc */ 1394 ide_reset(s); 1395 1396 /* RESET: ATA8-ACS3 7.10.4 "Normal Outputs"; 1397 * ATA8-ACS3 Table 184 "Device Signatures for Normal Output" */ 1398 s->status = 0x00; 1399 1400 /* Do not overwrite status register */ 1401 return false; 1402 } 1403 1404 static bool cmd_data_set_management(IDEState *s, uint8_t cmd) 1405 { 1406 switch (s->feature) { 1407 case DSM_TRIM: 1408 if (s->blk) { 1409 ide_sector_start_dma(s, IDE_DMA_TRIM); 1410 return false; 1411 } 1412 break; 1413 } 1414 1415 ide_abort_command(s); 1416 return true; 1417 } 1418 1419 static bool cmd_identify(IDEState *s, uint8_t cmd) 1420 { 1421 if (s->blk && s->drive_kind != IDE_CD) { 1422 if (s->drive_kind != IDE_CFATA) { 1423 ide_identify(s); 1424 } else { 1425 ide_cfata_identify(s); 1426 } 1427 s->status = READY_STAT | SEEK_STAT; 1428 ide_transfer_start(s, s->io_buffer, 512, ide_transfer_stop); 1429 ide_set_irq(s->bus); 1430 return false; 1431 } else { 1432 if (s->drive_kind == IDE_CD) { 1433 ide_set_signature(s); 1434 } 1435 ide_abort_command(s); 1436 } 1437 1438 return true; 1439 } 1440 1441 static bool cmd_verify(IDEState *s, uint8_t cmd) 1442 { 1443 bool lba48 = (cmd == WIN_VERIFY_EXT); 1444 1445 /* do sector number check ? */ 1446 ide_cmd_lba48_transform(s, lba48); 1447 1448 return true; 1449 } 1450 1451 static bool cmd_set_multiple_mode(IDEState *s, uint8_t cmd) 1452 { 1453 if (s->drive_kind == IDE_CFATA && s->nsector == 0) { 1454 /* Disable Read and Write Multiple */ 1455 s->mult_sectors = 0; 1456 } else if ((s->nsector & 0xff) != 0 && 1457 ((s->nsector & 0xff) > MAX_MULT_SECTORS || 1458 (s->nsector & (s->nsector - 1)) != 0)) { 1459 ide_abort_command(s); 1460 } else { 1461 s->mult_sectors = s->nsector & 0xff; 1462 } 1463 1464 return true; 1465 } 1466 1467 static bool cmd_read_multiple(IDEState *s, uint8_t cmd) 1468 { 1469 bool lba48 = (cmd == WIN_MULTREAD_EXT); 1470 1471 if (!s->blk || !s->mult_sectors) { 1472 ide_abort_command(s); 1473 return true; 1474 } 1475 1476 ide_cmd_lba48_transform(s, lba48); 1477 s->req_nb_sectors = s->mult_sectors; 1478 ide_sector_read(s); 1479 return false; 1480 } 1481 1482 static bool cmd_write_multiple(IDEState *s, uint8_t cmd) 1483 { 1484 bool lba48 = (cmd == WIN_MULTWRITE_EXT); 1485 int n; 1486 1487 if (!s->blk || !s->mult_sectors) { 1488 ide_abort_command(s); 1489 return true; 1490 } 1491 1492 ide_cmd_lba48_transform(s, lba48); 1493 1494 s->req_nb_sectors = s->mult_sectors; 1495 n = MIN(s->nsector, s->req_nb_sectors); 1496 1497 s->status = SEEK_STAT | READY_STAT; 1498 ide_transfer_start(s, s->io_buffer, 512 * n, ide_sector_write); 1499 1500 s->media_changed = 1; 1501 1502 return false; 1503 } 1504 1505 static bool cmd_read_pio(IDEState *s, uint8_t cmd) 1506 { 1507 bool lba48 = (cmd == WIN_READ_EXT); 1508 1509 if (s->drive_kind == IDE_CD) { 1510 ide_set_signature(s); /* odd, but ATA4 8.27.5.2 requires it */ 1511 ide_abort_command(s); 1512 return true; 1513 } 1514 1515 if (!s->blk) { 1516 ide_abort_command(s); 1517 return true; 1518 } 1519 1520 ide_cmd_lba48_transform(s, lba48); 1521 s->req_nb_sectors = 1; 1522 ide_sector_read(s); 1523 1524 return false; 1525 } 1526 1527 static bool cmd_write_pio(IDEState *s, uint8_t cmd) 1528 { 1529 bool lba48 = (cmd == WIN_WRITE_EXT); 1530 1531 if (!s->blk) { 1532 ide_abort_command(s); 1533 return true; 1534 } 1535 1536 ide_cmd_lba48_transform(s, lba48); 1537 1538 s->req_nb_sectors = 1; 1539 s->status = SEEK_STAT | READY_STAT; 1540 ide_transfer_start(s, s->io_buffer, 512, ide_sector_write); 1541 1542 s->media_changed = 1; 1543 1544 return false; 1545 } 1546 1547 static bool cmd_read_dma(IDEState *s, uint8_t cmd) 1548 { 1549 bool lba48 = (cmd == WIN_READDMA_EXT); 1550 1551 if (!s->blk) { 1552 ide_abort_command(s); 1553 return true; 1554 } 1555 1556 ide_cmd_lba48_transform(s, lba48); 1557 ide_sector_start_dma(s, IDE_DMA_READ); 1558 1559 return false; 1560 } 1561 1562 static bool cmd_write_dma(IDEState *s, uint8_t cmd) 1563 { 1564 bool lba48 = (cmd == WIN_WRITEDMA_EXT); 1565 1566 if (!s->blk) { 1567 ide_abort_command(s); 1568 return true; 1569 } 1570 1571 ide_cmd_lba48_transform(s, lba48); 1572 ide_sector_start_dma(s, IDE_DMA_WRITE); 1573 1574 s->media_changed = 1; 1575 1576 return false; 1577 } 1578 1579 static bool cmd_flush_cache(IDEState *s, uint8_t cmd) 1580 { 1581 ide_flush_cache(s); 1582 return false; 1583 } 1584 1585 static bool cmd_seek(IDEState *s, uint8_t cmd) 1586 { 1587 /* XXX: Check that seek is within bounds */ 1588 return true; 1589 } 1590 1591 static bool cmd_read_native_max(IDEState *s, uint8_t cmd) 1592 { 1593 bool lba48 = (cmd == WIN_READ_NATIVE_MAX_EXT); 1594 1595 /* Refuse if no sectors are addressable (e.g. medium not inserted) */ 1596 if (s->nb_sectors == 0) { 1597 ide_abort_command(s); 1598 return true; 1599 } 1600 1601 ide_cmd_lba48_transform(s, lba48); 1602 ide_set_sector(s, s->nb_sectors - 1); 1603 1604 return true; 1605 } 1606 1607 static bool cmd_check_power_mode(IDEState *s, uint8_t cmd) 1608 { 1609 s->nsector = 0xff; /* device active or idle */ 1610 return true; 1611 } 1612 1613 static bool cmd_set_features(IDEState *s, uint8_t cmd) 1614 { 1615 uint16_t *identify_data; 1616 1617 if (!s->blk) { 1618 ide_abort_command(s); 1619 return true; 1620 } 1621 1622 /* XXX: valid for CDROM ? */ 1623 switch (s->feature) { 1624 case 0x02: /* write cache enable */ 1625 blk_set_enable_write_cache(s->blk, true); 1626 identify_data = (uint16_t *)s->identify_data; 1627 put_le16(identify_data + 85, (1 << 14) | (1 << 5) | 1); 1628 return true; 1629 case 0x82: /* write cache disable */ 1630 blk_set_enable_write_cache(s->blk, false); 1631 identify_data = (uint16_t *)s->identify_data; 1632 put_le16(identify_data + 85, (1 << 14) | 1); 1633 ide_flush_cache(s); 1634 return false; 1635 case 0xcc: /* reverting to power-on defaults enable */ 1636 case 0x66: /* reverting to power-on defaults disable */ 1637 case 0xaa: /* read look-ahead enable */ 1638 case 0x55: /* read look-ahead disable */ 1639 case 0x05: /* set advanced power management mode */ 1640 case 0x85: /* disable advanced power management mode */ 1641 case 0x69: /* NOP */ 1642 case 0x67: /* NOP */ 1643 case 0x96: /* NOP */ 1644 case 0x9a: /* NOP */ 1645 case 0x42: /* enable Automatic Acoustic Mode */ 1646 case 0xc2: /* disable Automatic Acoustic Mode */ 1647 return true; 1648 case 0x03: /* set transfer mode */ 1649 { 1650 uint8_t val = s->nsector & 0x07; 1651 identify_data = (uint16_t *)s->identify_data; 1652 1653 switch (s->nsector >> 3) { 1654 case 0x00: /* pio default */ 1655 case 0x01: /* pio mode */ 1656 put_le16(identify_data + 62, 0x07); 1657 put_le16(identify_data + 63, 0x07); 1658 put_le16(identify_data + 88, 0x3f); 1659 break; 1660 case 0x02: /* sigle word dma mode*/ 1661 put_le16(identify_data + 62, 0x07 | (1 << (val + 8))); 1662 put_le16(identify_data + 63, 0x07); 1663 put_le16(identify_data + 88, 0x3f); 1664 break; 1665 case 0x04: /* mdma mode */ 1666 put_le16(identify_data + 62, 0x07); 1667 put_le16(identify_data + 63, 0x07 | (1 << (val + 8))); 1668 put_le16(identify_data + 88, 0x3f); 1669 break; 1670 case 0x08: /* udma mode */ 1671 put_le16(identify_data + 62, 0x07); 1672 put_le16(identify_data + 63, 0x07); 1673 put_le16(identify_data + 88, 0x3f | (1 << (val + 8))); 1674 break; 1675 default: 1676 goto abort_cmd; 1677 } 1678 return true; 1679 } 1680 } 1681 1682 abort_cmd: 1683 ide_abort_command(s); 1684 return true; 1685 } 1686 1687 1688 /*** ATAPI commands ***/ 1689 1690 static bool cmd_identify_packet(IDEState *s, uint8_t cmd) 1691 { 1692 ide_atapi_identify(s); 1693 s->status = READY_STAT | SEEK_STAT; 1694 ide_transfer_start(s, s->io_buffer, 512, ide_transfer_stop); 1695 ide_set_irq(s->bus); 1696 return false; 1697 } 1698 1699 static bool cmd_exec_dev_diagnostic(IDEState *s, uint8_t cmd) 1700 { 1701 ide_set_signature(s); 1702 1703 if (s->drive_kind == IDE_CD) { 1704 s->status = 0; /* ATAPI spec (v6) section 9.10 defines packet 1705 * devices to return a clear status register 1706 * with READY_STAT *not* set. */ 1707 s->error = 0x01; 1708 } else { 1709 s->status = READY_STAT | SEEK_STAT; 1710 /* The bits of the error register are not as usual for this command! 1711 * They are part of the regular output (this is why ERR_STAT isn't set) 1712 * Device 0 passed, Device 1 passed or not present. */ 1713 s->error = 0x01; 1714 ide_set_irq(s->bus); 1715 } 1716 1717 return false; 1718 } 1719 1720 static bool cmd_packet(IDEState *s, uint8_t cmd) 1721 { 1722 /* overlapping commands not supported */ 1723 if (s->feature & 0x02) { 1724 ide_abort_command(s); 1725 return true; 1726 } 1727 1728 s->status = READY_STAT | SEEK_STAT; 1729 s->atapi_dma = s->feature & 1; 1730 if (s->atapi_dma) { 1731 s->dma_cmd = IDE_DMA_ATAPI; 1732 } 1733 s->nsector = 1; 1734 ide_transfer_start(s, s->io_buffer, ATAPI_PACKET_SIZE, 1735 ide_atapi_cmd); 1736 return false; 1737 } 1738 1739 1740 /*** CF-ATA commands ***/ 1741 1742 static bool cmd_cfa_req_ext_error_code(IDEState *s, uint8_t cmd) 1743 { 1744 s->error = 0x09; /* miscellaneous error */ 1745 s->status = READY_STAT | SEEK_STAT; 1746 ide_set_irq(s->bus); 1747 1748 return false; 1749 } 1750 1751 static bool cmd_cfa_erase_sectors(IDEState *s, uint8_t cmd) 1752 { 1753 /* WIN_SECURITY_FREEZE_LOCK has the same ID as CFA_WEAR_LEVEL and is 1754 * required for Windows 8 to work with AHCI */ 1755 1756 if (cmd == CFA_WEAR_LEVEL) { 1757 s->nsector = 0; 1758 } 1759 1760 if (cmd == CFA_ERASE_SECTORS) { 1761 s->media_changed = 1; 1762 } 1763 1764 return true; 1765 } 1766 1767 static bool cmd_cfa_translate_sector(IDEState *s, uint8_t cmd) 1768 { 1769 s->status = READY_STAT | SEEK_STAT; 1770 1771 memset(s->io_buffer, 0, 0x200); 1772 s->io_buffer[0x00] = s->hcyl; /* Cyl MSB */ 1773 s->io_buffer[0x01] = s->lcyl; /* Cyl LSB */ 1774 s->io_buffer[0x02] = s->select; /* Head */ 1775 s->io_buffer[0x03] = s->sector; /* Sector */ 1776 s->io_buffer[0x04] = ide_get_sector(s) >> 16; /* LBA MSB */ 1777 s->io_buffer[0x05] = ide_get_sector(s) >> 8; /* LBA */ 1778 s->io_buffer[0x06] = ide_get_sector(s) >> 0; /* LBA LSB */ 1779 s->io_buffer[0x13] = 0x00; /* Erase flag */ 1780 s->io_buffer[0x18] = 0x00; /* Hot count */ 1781 s->io_buffer[0x19] = 0x00; /* Hot count */ 1782 s->io_buffer[0x1a] = 0x01; /* Hot count */ 1783 1784 ide_transfer_start(s, s->io_buffer, 0x200, ide_transfer_stop); 1785 ide_set_irq(s->bus); 1786 1787 return false; 1788 } 1789 1790 static bool cmd_cfa_access_metadata_storage(IDEState *s, uint8_t cmd) 1791 { 1792 switch (s->feature) { 1793 case 0x02: /* Inquiry Metadata Storage */ 1794 ide_cfata_metadata_inquiry(s); 1795 break; 1796 case 0x03: /* Read Metadata Storage */ 1797 ide_cfata_metadata_read(s); 1798 break; 1799 case 0x04: /* Write Metadata Storage */ 1800 ide_cfata_metadata_write(s); 1801 break; 1802 default: 1803 ide_abort_command(s); 1804 return true; 1805 } 1806 1807 ide_transfer_start(s, s->io_buffer, 0x200, ide_transfer_stop); 1808 s->status = 0x00; /* NOTE: READY is _not_ set */ 1809 ide_set_irq(s->bus); 1810 1811 return false; 1812 } 1813 1814 static bool cmd_ibm_sense_condition(IDEState *s, uint8_t cmd) 1815 { 1816 switch (s->feature) { 1817 case 0x01: /* sense temperature in device */ 1818 s->nsector = 0x50; /* +20 C */ 1819 break; 1820 default: 1821 ide_abort_command(s); 1822 return true; 1823 } 1824 1825 return true; 1826 } 1827 1828 1829 /*** SMART commands ***/ 1830 1831 static bool cmd_smart(IDEState *s, uint8_t cmd) 1832 { 1833 int n; 1834 1835 if (s->hcyl != 0xc2 || s->lcyl != 0x4f) { 1836 goto abort_cmd; 1837 } 1838 1839 if (!s->smart_enabled && s->feature != SMART_ENABLE) { 1840 goto abort_cmd; 1841 } 1842 1843 switch (s->feature) { 1844 case SMART_DISABLE: 1845 s->smart_enabled = 0; 1846 return true; 1847 1848 case SMART_ENABLE: 1849 s->smart_enabled = 1; 1850 return true; 1851 1852 case SMART_ATTR_AUTOSAVE: 1853 switch (s->sector) { 1854 case 0x00: 1855 s->smart_autosave = 0; 1856 break; 1857 case 0xf1: 1858 s->smart_autosave = 1; 1859 break; 1860 default: 1861 goto abort_cmd; 1862 } 1863 return true; 1864 1865 case SMART_STATUS: 1866 if (!s->smart_errors) { 1867 s->hcyl = 0xc2; 1868 s->lcyl = 0x4f; 1869 } else { 1870 s->hcyl = 0x2c; 1871 s->lcyl = 0xf4; 1872 } 1873 return true; 1874 1875 case SMART_READ_THRESH: 1876 memset(s->io_buffer, 0, 0x200); 1877 s->io_buffer[0] = 0x01; /* smart struct version */ 1878 1879 for (n = 0; n < ARRAY_SIZE(smart_attributes); n++) { 1880 s->io_buffer[2 + 0 + (n * 12)] = smart_attributes[n][0]; 1881 s->io_buffer[2 + 1 + (n * 12)] = smart_attributes[n][11]; 1882 } 1883 1884 /* checksum */ 1885 for (n = 0; n < 511; n++) { 1886 s->io_buffer[511] += s->io_buffer[n]; 1887 } 1888 s->io_buffer[511] = 0x100 - s->io_buffer[511]; 1889 1890 s->status = READY_STAT | SEEK_STAT; 1891 ide_transfer_start(s, s->io_buffer, 0x200, ide_transfer_stop); 1892 ide_set_irq(s->bus); 1893 return false; 1894 1895 case SMART_READ_DATA: 1896 memset(s->io_buffer, 0, 0x200); 1897 s->io_buffer[0] = 0x01; /* smart struct version */ 1898 1899 for (n = 0; n < ARRAY_SIZE(smart_attributes); n++) { 1900 int i; 1901 for (i = 0; i < 11; i++) { 1902 s->io_buffer[2 + i + (n * 12)] = smart_attributes[n][i]; 1903 } 1904 } 1905 1906 s->io_buffer[362] = 0x02 | (s->smart_autosave ? 0x80 : 0x00); 1907 if (s->smart_selftest_count == 0) { 1908 s->io_buffer[363] = 0; 1909 } else { 1910 s->io_buffer[363] = 1911 s->smart_selftest_data[3 + 1912 (s->smart_selftest_count - 1) * 1913 24]; 1914 } 1915 s->io_buffer[364] = 0x20; 1916 s->io_buffer[365] = 0x01; 1917 /* offline data collection capacity: execute + self-test*/ 1918 s->io_buffer[367] = (1 << 4 | 1 << 3 | 1); 1919 s->io_buffer[368] = 0x03; /* smart capability (1) */ 1920 s->io_buffer[369] = 0x00; /* smart capability (2) */ 1921 s->io_buffer[370] = 0x01; /* error logging supported */ 1922 s->io_buffer[372] = 0x02; /* minutes for poll short test */ 1923 s->io_buffer[373] = 0x36; /* minutes for poll ext test */ 1924 s->io_buffer[374] = 0x01; /* minutes for poll conveyance */ 1925 1926 for (n = 0; n < 511; n++) { 1927 s->io_buffer[511] += s->io_buffer[n]; 1928 } 1929 s->io_buffer[511] = 0x100 - s->io_buffer[511]; 1930 1931 s->status = READY_STAT | SEEK_STAT; 1932 ide_transfer_start(s, s->io_buffer, 0x200, ide_transfer_stop); 1933 ide_set_irq(s->bus); 1934 return false; 1935 1936 case SMART_READ_LOG: 1937 switch (s->sector) { 1938 case 0x01: /* summary smart error log */ 1939 memset(s->io_buffer, 0, 0x200); 1940 s->io_buffer[0] = 0x01; 1941 s->io_buffer[1] = 0x00; /* no error entries */ 1942 s->io_buffer[452] = s->smart_errors & 0xff; 1943 s->io_buffer[453] = (s->smart_errors & 0xff00) >> 8; 1944 1945 for (n = 0; n < 511; n++) { 1946 s->io_buffer[511] += s->io_buffer[n]; 1947 } 1948 s->io_buffer[511] = 0x100 - s->io_buffer[511]; 1949 break; 1950 case 0x06: /* smart self test log */ 1951 memset(s->io_buffer, 0, 0x200); 1952 s->io_buffer[0] = 0x01; 1953 if (s->smart_selftest_count == 0) { 1954 s->io_buffer[508] = 0; 1955 } else { 1956 s->io_buffer[508] = s->smart_selftest_count; 1957 for (n = 2; n < 506; n++) { 1958 s->io_buffer[n] = s->smart_selftest_data[n]; 1959 } 1960 } 1961 1962 for (n = 0; n < 511; n++) { 1963 s->io_buffer[511] += s->io_buffer[n]; 1964 } 1965 s->io_buffer[511] = 0x100 - s->io_buffer[511]; 1966 break; 1967 default: 1968 goto abort_cmd; 1969 } 1970 s->status = READY_STAT | SEEK_STAT; 1971 ide_transfer_start(s, s->io_buffer, 0x200, ide_transfer_stop); 1972 ide_set_irq(s->bus); 1973 return false; 1974 1975 case SMART_EXECUTE_OFFLINE: 1976 switch (s->sector) { 1977 case 0: /* off-line routine */ 1978 case 1: /* short self test */ 1979 case 2: /* extended self test */ 1980 s->smart_selftest_count++; 1981 if (s->smart_selftest_count > 21) { 1982 s->smart_selftest_count = 1; 1983 } 1984 n = 2 + (s->smart_selftest_count - 1) * 24; 1985 s->smart_selftest_data[n] = s->sector; 1986 s->smart_selftest_data[n + 1] = 0x00; /* OK and finished */ 1987 s->smart_selftest_data[n + 2] = 0x34; /* hour count lsb */ 1988 s->smart_selftest_data[n + 3] = 0x12; /* hour count msb */ 1989 break; 1990 default: 1991 goto abort_cmd; 1992 } 1993 return true; 1994 } 1995 1996 abort_cmd: 1997 ide_abort_command(s); 1998 return true; 1999 } 2000 2001 #define HD_OK (1u << IDE_HD) 2002 #define CD_OK (1u << IDE_CD) 2003 #define CFA_OK (1u << IDE_CFATA) 2004 #define HD_CFA_OK (HD_OK | CFA_OK) 2005 #define ALL_OK (HD_OK | CD_OK | CFA_OK) 2006 2007 /* Set the Disk Seek Completed status bit during completion */ 2008 #define SET_DSC (1u << 8) 2009 2010 /* See ACS-2 T13/2015-D Table B.2 Command codes */ 2011 static const struct { 2012 /* Returns true if the completion code should be run */ 2013 bool (*handler)(IDEState *s, uint8_t cmd); 2014 int flags; 2015 } ide_cmd_table[0x100] = { 2016 /* NOP not implemented, mandatory for CD */ 2017 [CFA_REQ_EXT_ERROR_CODE] = { cmd_cfa_req_ext_error_code, CFA_OK }, 2018 [WIN_DSM] = { cmd_data_set_management, HD_CFA_OK }, 2019 [WIN_DEVICE_RESET] = { cmd_device_reset, CD_OK }, 2020 [WIN_RECAL] = { cmd_nop, HD_CFA_OK | SET_DSC}, 2021 [WIN_READ] = { cmd_read_pio, ALL_OK }, 2022 [WIN_READ_ONCE] = { cmd_read_pio, HD_CFA_OK }, 2023 [WIN_READ_EXT] = { cmd_read_pio, HD_CFA_OK }, 2024 [WIN_READDMA_EXT] = { cmd_read_dma, HD_CFA_OK }, 2025 [WIN_READ_NATIVE_MAX_EXT] = { cmd_read_native_max, HD_CFA_OK | SET_DSC }, 2026 [WIN_MULTREAD_EXT] = { cmd_read_multiple, HD_CFA_OK }, 2027 [WIN_WRITE] = { cmd_write_pio, HD_CFA_OK }, 2028 [WIN_WRITE_ONCE] = { cmd_write_pio, HD_CFA_OK }, 2029 [WIN_WRITE_EXT] = { cmd_write_pio, HD_CFA_OK }, 2030 [WIN_WRITEDMA_EXT] = { cmd_write_dma, HD_CFA_OK }, 2031 [CFA_WRITE_SECT_WO_ERASE] = { cmd_write_pio, CFA_OK }, 2032 [WIN_MULTWRITE_EXT] = { cmd_write_multiple, HD_CFA_OK }, 2033 [WIN_WRITE_VERIFY] = { cmd_write_pio, HD_CFA_OK }, 2034 [WIN_VERIFY] = { cmd_verify, HD_CFA_OK | SET_DSC }, 2035 [WIN_VERIFY_ONCE] = { cmd_verify, HD_CFA_OK | SET_DSC }, 2036 [WIN_VERIFY_EXT] = { cmd_verify, HD_CFA_OK | SET_DSC }, 2037 [WIN_SEEK] = { cmd_seek, HD_CFA_OK | SET_DSC }, 2038 [CFA_TRANSLATE_SECTOR] = { cmd_cfa_translate_sector, CFA_OK }, 2039 [WIN_DIAGNOSE] = { cmd_exec_dev_diagnostic, ALL_OK }, 2040 [WIN_SPECIFY] = { cmd_nop, HD_CFA_OK | SET_DSC }, 2041 [WIN_STANDBYNOW2] = { cmd_nop, HD_CFA_OK }, 2042 [WIN_IDLEIMMEDIATE2] = { cmd_nop, HD_CFA_OK }, 2043 [WIN_STANDBY2] = { cmd_nop, HD_CFA_OK }, 2044 [WIN_SETIDLE2] = { cmd_nop, HD_CFA_OK }, 2045 [WIN_CHECKPOWERMODE2] = { cmd_check_power_mode, HD_CFA_OK | SET_DSC }, 2046 [WIN_SLEEPNOW2] = { cmd_nop, HD_CFA_OK }, 2047 [WIN_PACKETCMD] = { cmd_packet, CD_OK }, 2048 [WIN_PIDENTIFY] = { cmd_identify_packet, CD_OK }, 2049 [WIN_SMART] = { cmd_smart, HD_CFA_OK | SET_DSC }, 2050 [CFA_ACCESS_METADATA_STORAGE] = { cmd_cfa_access_metadata_storage, CFA_OK }, 2051 [CFA_ERASE_SECTORS] = { cmd_cfa_erase_sectors, CFA_OK | SET_DSC }, 2052 [WIN_MULTREAD] = { cmd_read_multiple, HD_CFA_OK }, 2053 [WIN_MULTWRITE] = { cmd_write_multiple, HD_CFA_OK }, 2054 [WIN_SETMULT] = { cmd_set_multiple_mode, HD_CFA_OK | SET_DSC }, 2055 [WIN_READDMA] = { cmd_read_dma, HD_CFA_OK }, 2056 [WIN_READDMA_ONCE] = { cmd_read_dma, HD_CFA_OK }, 2057 [WIN_WRITEDMA] = { cmd_write_dma, HD_CFA_OK }, 2058 [WIN_WRITEDMA_ONCE] = { cmd_write_dma, HD_CFA_OK }, 2059 [CFA_WRITE_MULTI_WO_ERASE] = { cmd_write_multiple, CFA_OK }, 2060 [WIN_STANDBYNOW1] = { cmd_nop, HD_CFA_OK }, 2061 [WIN_IDLEIMMEDIATE] = { cmd_nop, HD_CFA_OK }, 2062 [WIN_STANDBY] = { cmd_nop, HD_CFA_OK }, 2063 [WIN_SETIDLE1] = { cmd_nop, HD_CFA_OK }, 2064 [WIN_CHECKPOWERMODE1] = { cmd_check_power_mode, HD_CFA_OK | SET_DSC }, 2065 [WIN_SLEEPNOW1] = { cmd_nop, HD_CFA_OK }, 2066 [WIN_FLUSH_CACHE] = { cmd_flush_cache, ALL_OK }, 2067 [WIN_FLUSH_CACHE_EXT] = { cmd_flush_cache, HD_CFA_OK }, 2068 [WIN_IDENTIFY] = { cmd_identify, ALL_OK }, 2069 [WIN_SETFEATURES] = { cmd_set_features, ALL_OK | SET_DSC }, 2070 [IBM_SENSE_CONDITION] = { cmd_ibm_sense_condition, CFA_OK | SET_DSC }, 2071 [CFA_WEAR_LEVEL] = { cmd_cfa_erase_sectors, HD_CFA_OK | SET_DSC }, 2072 [WIN_READ_NATIVE_MAX] = { cmd_read_native_max, HD_CFA_OK | SET_DSC }, 2073 }; 2074 2075 static bool ide_cmd_permitted(IDEState *s, uint32_t cmd) 2076 { 2077 return cmd < ARRAY_SIZE(ide_cmd_table) 2078 && (ide_cmd_table[cmd].flags & (1u << s->drive_kind)); 2079 } 2080 2081 void ide_exec_cmd(IDEBus *bus, uint32_t val) 2082 { 2083 IDEState *s; 2084 bool complete; 2085 2086 s = idebus_active_if(bus); 2087 trace_ide_exec_cmd(bus, s, val); 2088 2089 /* ignore commands to non existent slave */ 2090 if (s != bus->ifs && !s->blk) { 2091 return; 2092 } 2093 2094 /* Only RESET is allowed while BSY and/or DRQ are set, 2095 * and only to ATAPI devices. */ 2096 if (s->status & (BUSY_STAT|DRQ_STAT)) { 2097 if (val != WIN_DEVICE_RESET || s->drive_kind != IDE_CD) { 2098 return; 2099 } 2100 } 2101 2102 if (!ide_cmd_permitted(s, val)) { 2103 ide_abort_command(s); 2104 ide_set_irq(s->bus); 2105 return; 2106 } 2107 2108 s->status = READY_STAT | BUSY_STAT; 2109 s->error = 0; 2110 s->io_buffer_offset = 0; 2111 2112 complete = ide_cmd_table[val].handler(s, val); 2113 if (complete) { 2114 s->status &= ~BUSY_STAT; 2115 assert(!!s->error == !!(s->status & ERR_STAT)); 2116 2117 if ((ide_cmd_table[val].flags & SET_DSC) && !s->error) { 2118 s->status |= SEEK_STAT; 2119 } 2120 2121 ide_cmd_done(s); 2122 ide_set_irq(s->bus); 2123 } 2124 } 2125 2126 /* IOport [R]ead [R]egisters */ 2127 enum ATA_IOPORT_RR { 2128 ATA_IOPORT_RR_DATA = 0, 2129 ATA_IOPORT_RR_ERROR = 1, 2130 ATA_IOPORT_RR_SECTOR_COUNT = 2, 2131 ATA_IOPORT_RR_SECTOR_NUMBER = 3, 2132 ATA_IOPORT_RR_CYLINDER_LOW = 4, 2133 ATA_IOPORT_RR_CYLINDER_HIGH = 5, 2134 ATA_IOPORT_RR_DEVICE_HEAD = 6, 2135 ATA_IOPORT_RR_STATUS = 7, 2136 ATA_IOPORT_RR_NUM_REGISTERS, 2137 }; 2138 2139 const char *ATA_IOPORT_RR_lookup[ATA_IOPORT_RR_NUM_REGISTERS] = { 2140 [ATA_IOPORT_RR_DATA] = "Data", 2141 [ATA_IOPORT_RR_ERROR] = "Error", 2142 [ATA_IOPORT_RR_SECTOR_COUNT] = "Sector Count", 2143 [ATA_IOPORT_RR_SECTOR_NUMBER] = "Sector Number", 2144 [ATA_IOPORT_RR_CYLINDER_LOW] = "Cylinder Low", 2145 [ATA_IOPORT_RR_CYLINDER_HIGH] = "Cylinder High", 2146 [ATA_IOPORT_RR_DEVICE_HEAD] = "Device/Head", 2147 [ATA_IOPORT_RR_STATUS] = "Status" 2148 }; 2149 2150 uint32_t ide_ioport_read(void *opaque, uint32_t addr) 2151 { 2152 IDEBus *bus = opaque; 2153 IDEState *s = idebus_active_if(bus); 2154 uint32_t reg_num; 2155 int ret, hob; 2156 2157 reg_num = addr & 7; 2158 hob = bus->cmd & (IDE_CTRL_HOB); 2159 switch (reg_num) { 2160 case ATA_IOPORT_RR_DATA: 2161 ret = 0xff; 2162 break; 2163 case ATA_IOPORT_RR_ERROR: 2164 if ((!bus->ifs[0].blk && !bus->ifs[1].blk) || 2165 (s != bus->ifs && !s->blk)) { 2166 ret = 0; 2167 } else if (!hob) { 2168 ret = s->error; 2169 } else { 2170 ret = s->hob_feature; 2171 } 2172 break; 2173 case ATA_IOPORT_RR_SECTOR_COUNT: 2174 if (!bus->ifs[0].blk && !bus->ifs[1].blk) { 2175 ret = 0; 2176 } else if (!hob) { 2177 ret = s->nsector & 0xff; 2178 } else { 2179 ret = s->hob_nsector; 2180 } 2181 break; 2182 case ATA_IOPORT_RR_SECTOR_NUMBER: 2183 if (!bus->ifs[0].blk && !bus->ifs[1].blk) { 2184 ret = 0; 2185 } else if (!hob) { 2186 ret = s->sector; 2187 } else { 2188 ret = s->hob_sector; 2189 } 2190 break; 2191 case ATA_IOPORT_RR_CYLINDER_LOW: 2192 if (!bus->ifs[0].blk && !bus->ifs[1].blk) { 2193 ret = 0; 2194 } else if (!hob) { 2195 ret = s->lcyl; 2196 } else { 2197 ret = s->hob_lcyl; 2198 } 2199 break; 2200 case ATA_IOPORT_RR_CYLINDER_HIGH: 2201 if (!bus->ifs[0].blk && !bus->ifs[1].blk) { 2202 ret = 0; 2203 } else if (!hob) { 2204 ret = s->hcyl; 2205 } else { 2206 ret = s->hob_hcyl; 2207 } 2208 break; 2209 case ATA_IOPORT_RR_DEVICE_HEAD: 2210 if (!bus->ifs[0].blk && !bus->ifs[1].blk) { 2211 ret = 0; 2212 } else { 2213 ret = s->select; 2214 } 2215 break; 2216 default: 2217 case ATA_IOPORT_RR_STATUS: 2218 if ((!bus->ifs[0].blk && !bus->ifs[1].blk) || 2219 (s != bus->ifs && !s->blk)) { 2220 ret = 0; 2221 } else { 2222 ret = s->status; 2223 } 2224 qemu_irq_lower(bus->irq); 2225 break; 2226 } 2227 2228 trace_ide_ioport_read(addr, ATA_IOPORT_RR_lookup[reg_num], ret, bus, s); 2229 return ret; 2230 } 2231 2232 uint32_t ide_status_read(void *opaque, uint32_t addr) 2233 { 2234 IDEBus *bus = opaque; 2235 IDEState *s = idebus_active_if(bus); 2236 int ret; 2237 2238 if ((!bus->ifs[0].blk && !bus->ifs[1].blk) || 2239 (s != bus->ifs && !s->blk)) { 2240 ret = 0; 2241 } else { 2242 ret = s->status; 2243 } 2244 2245 trace_ide_status_read(addr, ret, bus, s); 2246 return ret; 2247 } 2248 2249 static void ide_perform_srst(IDEState *s) 2250 { 2251 s->status |= BUSY_STAT; 2252 2253 /* Halt PIO (Via register state); PIO BH remains scheduled. */ 2254 ide_transfer_halt(s); 2255 2256 /* Cancel DMA -- may drain block device and invoke callbacks */ 2257 ide_cancel_dma_sync(s); 2258 2259 /* Cancel PIO callback, reset registers/signature, etc */ 2260 ide_reset(s); 2261 2262 /* perform diagnostic */ 2263 cmd_exec_dev_diagnostic(s, WIN_DIAGNOSE); 2264 } 2265 2266 static void ide_bus_perform_srst(void *opaque) 2267 { 2268 IDEBus *bus = opaque; 2269 IDEState *s; 2270 int i; 2271 2272 for (i = 0; i < 2; i++) { 2273 s = &bus->ifs[i]; 2274 ide_perform_srst(s); 2275 } 2276 2277 bus->cmd &= ~IDE_CTRL_RESET; 2278 } 2279 2280 void ide_ctrl_write(void *opaque, uint32_t addr, uint32_t val) 2281 { 2282 IDEBus *bus = opaque; 2283 IDEState *s; 2284 int i; 2285 2286 trace_ide_ctrl_write(addr, val, bus); 2287 2288 /* Device0 and Device1 each have their own control register, 2289 * but QEMU models it as just one register in the controller. */ 2290 if (!(bus->cmd & IDE_CTRL_RESET) && (val & IDE_CTRL_RESET)) { 2291 for (i = 0; i < 2; i++) { 2292 s = &bus->ifs[i]; 2293 s->status |= BUSY_STAT; 2294 } 2295 replay_bh_schedule_oneshot_event(qemu_get_aio_context(), 2296 ide_bus_perform_srst, bus); 2297 } 2298 2299 bus->cmd = val; 2300 } 2301 2302 /* 2303 * Returns true if the running PIO transfer is a PIO out (i.e. data is 2304 * transferred from the device to the guest), false if it's a PIO in 2305 */ 2306 static bool ide_is_pio_out(IDEState *s) 2307 { 2308 if (s->end_transfer_func == ide_sector_write || 2309 s->end_transfer_func == ide_atapi_cmd) { 2310 return false; 2311 } else if (s->end_transfer_func == ide_sector_read || 2312 s->end_transfer_func == ide_transfer_stop || 2313 s->end_transfer_func == ide_atapi_cmd_reply_end || 2314 s->end_transfer_func == ide_dummy_transfer_stop) { 2315 return true; 2316 } 2317 2318 abort(); 2319 } 2320 2321 void ide_data_writew(void *opaque, uint32_t addr, uint32_t val) 2322 { 2323 IDEBus *bus = opaque; 2324 IDEState *s = idebus_active_if(bus); 2325 uint8_t *p; 2326 2327 trace_ide_data_writew(addr, val, bus, s); 2328 2329 /* PIO data access allowed only when DRQ bit is set. The result of a write 2330 * during PIO out is indeterminate, just ignore it. */ 2331 if (!(s->status & DRQ_STAT) || ide_is_pio_out(s)) { 2332 return; 2333 } 2334 2335 p = s->data_ptr; 2336 if (p + 2 > s->data_end) { 2337 return; 2338 } 2339 2340 *(uint16_t *)p = le16_to_cpu(val); 2341 p += 2; 2342 s->data_ptr = p; 2343 if (p >= s->data_end) { 2344 s->status &= ~DRQ_STAT; 2345 s->end_transfer_func(s); 2346 } 2347 } 2348 2349 uint32_t ide_data_readw(void *opaque, uint32_t addr) 2350 { 2351 IDEBus *bus = opaque; 2352 IDEState *s = idebus_active_if(bus); 2353 uint8_t *p; 2354 int ret; 2355 2356 /* PIO data access allowed only when DRQ bit is set. The result of a read 2357 * during PIO in is indeterminate, return 0 and don't move forward. */ 2358 if (!(s->status & DRQ_STAT) || !ide_is_pio_out(s)) { 2359 return 0; 2360 } 2361 2362 p = s->data_ptr; 2363 if (p + 2 > s->data_end) { 2364 return 0; 2365 } 2366 2367 ret = cpu_to_le16(*(uint16_t *)p); 2368 p += 2; 2369 s->data_ptr = p; 2370 if (p >= s->data_end) { 2371 s->status &= ~DRQ_STAT; 2372 s->end_transfer_func(s); 2373 } 2374 2375 trace_ide_data_readw(addr, ret, bus, s); 2376 return ret; 2377 } 2378 2379 void ide_data_writel(void *opaque, uint32_t addr, uint32_t val) 2380 { 2381 IDEBus *bus = opaque; 2382 IDEState *s = idebus_active_if(bus); 2383 uint8_t *p; 2384 2385 trace_ide_data_writel(addr, val, bus, s); 2386 2387 /* PIO data access allowed only when DRQ bit is set. The result of a write 2388 * during PIO out is indeterminate, just ignore it. */ 2389 if (!(s->status & DRQ_STAT) || ide_is_pio_out(s)) { 2390 return; 2391 } 2392 2393 p = s->data_ptr; 2394 if (p + 4 > s->data_end) { 2395 return; 2396 } 2397 2398 *(uint32_t *)p = le32_to_cpu(val); 2399 p += 4; 2400 s->data_ptr = p; 2401 if (p >= s->data_end) { 2402 s->status &= ~DRQ_STAT; 2403 s->end_transfer_func(s); 2404 } 2405 } 2406 2407 uint32_t ide_data_readl(void *opaque, uint32_t addr) 2408 { 2409 IDEBus *bus = opaque; 2410 IDEState *s = idebus_active_if(bus); 2411 uint8_t *p; 2412 int ret; 2413 2414 /* PIO data access allowed only when DRQ bit is set. The result of a read 2415 * during PIO in is indeterminate, return 0 and don't move forward. */ 2416 if (!(s->status & DRQ_STAT) || !ide_is_pio_out(s)) { 2417 ret = 0; 2418 goto out; 2419 } 2420 2421 p = s->data_ptr; 2422 if (p + 4 > s->data_end) { 2423 return 0; 2424 } 2425 2426 ret = cpu_to_le32(*(uint32_t *)p); 2427 p += 4; 2428 s->data_ptr = p; 2429 if (p >= s->data_end) { 2430 s->status &= ~DRQ_STAT; 2431 s->end_transfer_func(s); 2432 } 2433 2434 out: 2435 trace_ide_data_readl(addr, ret, bus, s); 2436 return ret; 2437 } 2438 2439 static void ide_dummy_transfer_stop(IDEState *s) 2440 { 2441 s->data_ptr = s->io_buffer; 2442 s->data_end = s->io_buffer; 2443 s->io_buffer[0] = 0xff; 2444 s->io_buffer[1] = 0xff; 2445 s->io_buffer[2] = 0xff; 2446 s->io_buffer[3] = 0xff; 2447 } 2448 2449 void ide_bus_reset(IDEBus *bus) 2450 { 2451 bus->unit = 0; 2452 bus->cmd = 0; 2453 ide_reset(&bus->ifs[0]); 2454 ide_reset(&bus->ifs[1]); 2455 ide_clear_hob(bus); 2456 2457 /* pending async DMA */ 2458 if (bus->dma->aiocb) { 2459 trace_ide_bus_reset_aio(); 2460 blk_aio_cancel(bus->dma->aiocb); 2461 bus->dma->aiocb = NULL; 2462 } 2463 2464 /* reset dma provider too */ 2465 if (bus->dma->ops->reset) { 2466 bus->dma->ops->reset(bus->dma); 2467 } 2468 } 2469 2470 static bool ide_cd_is_tray_open(void *opaque) 2471 { 2472 return ((IDEState *)opaque)->tray_open; 2473 } 2474 2475 static bool ide_cd_is_medium_locked(void *opaque) 2476 { 2477 return ((IDEState *)opaque)->tray_locked; 2478 } 2479 2480 static void ide_resize_cb(void *opaque) 2481 { 2482 IDEState *s = opaque; 2483 uint64_t nb_sectors; 2484 2485 if (!s->identify_set) { 2486 return; 2487 } 2488 2489 blk_get_geometry(s->blk, &nb_sectors); 2490 s->nb_sectors = nb_sectors; 2491 2492 /* Update the identify data buffer. */ 2493 if (s->drive_kind == IDE_CFATA) { 2494 ide_cfata_identify_size(s); 2495 } else { 2496 /* IDE_CD uses a different set of callbacks entirely. */ 2497 assert(s->drive_kind != IDE_CD); 2498 ide_identify_size(s); 2499 } 2500 } 2501 2502 static const BlockDevOps ide_cd_block_ops = { 2503 .change_media_cb = ide_cd_change_cb, 2504 .eject_request_cb = ide_cd_eject_request_cb, 2505 .is_tray_open = ide_cd_is_tray_open, 2506 .is_medium_locked = ide_cd_is_medium_locked, 2507 }; 2508 2509 static const BlockDevOps ide_hd_block_ops = { 2510 .resize_cb = ide_resize_cb, 2511 }; 2512 2513 int ide_init_drive(IDEState *s, BlockBackend *blk, IDEDriveKind kind, 2514 const char *version, const char *serial, const char *model, 2515 uint64_t wwn, 2516 uint32_t cylinders, uint32_t heads, uint32_t secs, 2517 int chs_trans, Error **errp) 2518 { 2519 uint64_t nb_sectors; 2520 2521 s->blk = blk; 2522 s->drive_kind = kind; 2523 2524 blk_get_geometry(blk, &nb_sectors); 2525 s->cylinders = cylinders; 2526 s->heads = heads; 2527 s->sectors = secs; 2528 s->chs_trans = chs_trans; 2529 s->nb_sectors = nb_sectors; 2530 s->wwn = wwn; 2531 /* The SMART values should be preserved across power cycles 2532 but they aren't. */ 2533 s->smart_enabled = 1; 2534 s->smart_autosave = 1; 2535 s->smart_errors = 0; 2536 s->smart_selftest_count = 0; 2537 if (kind == IDE_CD) { 2538 blk_set_dev_ops(blk, &ide_cd_block_ops, s); 2539 blk_set_guest_block_size(blk, 2048); 2540 } else { 2541 if (!blk_is_inserted(s->blk)) { 2542 error_setg(errp, "Device needs media, but drive is empty"); 2543 return -1; 2544 } 2545 if (!blk_is_writable(blk)) { 2546 error_setg(errp, "Can't use a read-only drive"); 2547 return -1; 2548 } 2549 blk_set_dev_ops(blk, &ide_hd_block_ops, s); 2550 } 2551 if (serial) { 2552 pstrcpy(s->drive_serial_str, sizeof(s->drive_serial_str), serial); 2553 } else { 2554 snprintf(s->drive_serial_str, sizeof(s->drive_serial_str), 2555 "QM%05d", s->drive_serial); 2556 } 2557 if (model) { 2558 pstrcpy(s->drive_model_str, sizeof(s->drive_model_str), model); 2559 } else { 2560 switch (kind) { 2561 case IDE_CD: 2562 strcpy(s->drive_model_str, "QEMU DVD-ROM"); 2563 break; 2564 case IDE_CFATA: 2565 strcpy(s->drive_model_str, "QEMU MICRODRIVE"); 2566 break; 2567 default: 2568 strcpy(s->drive_model_str, "QEMU HARDDISK"); 2569 break; 2570 } 2571 } 2572 2573 if (version) { 2574 pstrcpy(s->version, sizeof(s->version), version); 2575 } else { 2576 pstrcpy(s->version, sizeof(s->version), qemu_hw_version()); 2577 } 2578 2579 ide_reset(s); 2580 blk_iostatus_enable(blk); 2581 return 0; 2582 } 2583 2584 static void ide_init1(IDEBus *bus, int unit) 2585 { 2586 static int drive_serial = 1; 2587 IDEState *s = &bus->ifs[unit]; 2588 2589 s->bus = bus; 2590 s->unit = unit; 2591 s->drive_serial = drive_serial++; 2592 /* we need at least 2k alignment for accessing CDROMs using O_DIRECT */ 2593 s->io_buffer_total_len = IDE_DMA_BUF_SECTORS*512 + 4; 2594 s->io_buffer = qemu_memalign(2048, s->io_buffer_total_len); 2595 memset(s->io_buffer, 0, s->io_buffer_total_len); 2596 2597 s->smart_selftest_data = blk_blockalign(s->blk, 512); 2598 memset(s->smart_selftest_data, 0, 512); 2599 2600 s->sector_write_timer = timer_new_ns(QEMU_CLOCK_VIRTUAL, 2601 ide_sector_write_timer_cb, s); 2602 } 2603 2604 static int ide_nop_int(const IDEDMA *dma, bool is_write) 2605 { 2606 return 0; 2607 } 2608 2609 static void ide_nop(const IDEDMA *dma) 2610 { 2611 } 2612 2613 static int32_t ide_nop_int32(const IDEDMA *dma, int32_t l) 2614 { 2615 return 0; 2616 } 2617 2618 static const IDEDMAOps ide_dma_nop_ops = { 2619 .prepare_buf = ide_nop_int32, 2620 .restart_dma = ide_nop, 2621 .rw_buf = ide_nop_int, 2622 }; 2623 2624 static void ide_restart_dma(IDEState *s, enum ide_dma_cmd dma_cmd) 2625 { 2626 s->unit = s->bus->retry_unit; 2627 ide_set_sector(s, s->bus->retry_sector_num); 2628 s->nsector = s->bus->retry_nsector; 2629 s->bus->dma->ops->restart_dma(s->bus->dma); 2630 s->io_buffer_size = 0; 2631 s->dma_cmd = dma_cmd; 2632 ide_start_dma(s, ide_dma_cb); 2633 } 2634 2635 static void ide_restart_bh(void *opaque) 2636 { 2637 IDEBus *bus = opaque; 2638 IDEState *s; 2639 bool is_read; 2640 int error_status; 2641 2642 qemu_bh_delete(bus->bh); 2643 bus->bh = NULL; 2644 2645 error_status = bus->error_status; 2646 if (bus->error_status == 0) { 2647 return; 2648 } 2649 2650 s = idebus_active_if(bus); 2651 is_read = (bus->error_status & IDE_RETRY_READ) != 0; 2652 2653 /* The error status must be cleared before resubmitting the request: The 2654 * request may fail again, and this case can only be distinguished if the 2655 * called function can set a new error status. */ 2656 bus->error_status = 0; 2657 2658 /* The HBA has generically asked to be kicked on retry */ 2659 if (error_status & IDE_RETRY_HBA) { 2660 if (s->bus->dma->ops->restart) { 2661 s->bus->dma->ops->restart(s->bus->dma); 2662 } 2663 } else if (IS_IDE_RETRY_DMA(error_status)) { 2664 if (error_status & IDE_RETRY_TRIM) { 2665 ide_restart_dma(s, IDE_DMA_TRIM); 2666 } else { 2667 ide_restart_dma(s, is_read ? IDE_DMA_READ : IDE_DMA_WRITE); 2668 } 2669 } else if (IS_IDE_RETRY_PIO(error_status)) { 2670 if (is_read) { 2671 ide_sector_read(s); 2672 } else { 2673 ide_sector_write(s); 2674 } 2675 } else if (error_status & IDE_RETRY_FLUSH) { 2676 ide_flush_cache(s); 2677 } else if (IS_IDE_RETRY_ATAPI(error_status)) { 2678 assert(s->end_transfer_func == ide_atapi_cmd); 2679 ide_atapi_dma_restart(s); 2680 } else { 2681 abort(); 2682 } 2683 } 2684 2685 static void ide_restart_cb(void *opaque, bool running, RunState state) 2686 { 2687 IDEBus *bus = opaque; 2688 2689 if (!running) 2690 return; 2691 2692 if (!bus->bh) { 2693 bus->bh = qemu_bh_new(ide_restart_bh, bus); 2694 qemu_bh_schedule(bus->bh); 2695 } 2696 } 2697 2698 void ide_register_restart_cb(IDEBus *bus) 2699 { 2700 if (bus->dma->ops->restart_dma) { 2701 bus->vmstate = qemu_add_vm_change_state_handler(ide_restart_cb, bus); 2702 } 2703 } 2704 2705 static IDEDMA ide_dma_nop = { 2706 .ops = &ide_dma_nop_ops, 2707 .aiocb = NULL, 2708 }; 2709 2710 void ide_init2(IDEBus *bus, qemu_irq irq) 2711 { 2712 int i; 2713 2714 for(i = 0; i < 2; i++) { 2715 ide_init1(bus, i); 2716 ide_reset(&bus->ifs[i]); 2717 } 2718 bus->irq = irq; 2719 bus->dma = &ide_dma_nop; 2720 } 2721 2722 void ide_exit(IDEState *s) 2723 { 2724 timer_free(s->sector_write_timer); 2725 qemu_vfree(s->smart_selftest_data); 2726 qemu_vfree(s->io_buffer); 2727 } 2728 2729 static bool is_identify_set(void *opaque, int version_id) 2730 { 2731 IDEState *s = opaque; 2732 2733 return s->identify_set != 0; 2734 } 2735 2736 static EndTransferFunc* transfer_end_table[] = { 2737 ide_sector_read, 2738 ide_sector_write, 2739 ide_transfer_stop, 2740 ide_atapi_cmd_reply_end, 2741 ide_atapi_cmd, 2742 ide_dummy_transfer_stop, 2743 }; 2744 2745 static int transfer_end_table_idx(EndTransferFunc *fn) 2746 { 2747 int i; 2748 2749 for (i = 0; i < ARRAY_SIZE(transfer_end_table); i++) 2750 if (transfer_end_table[i] == fn) 2751 return i; 2752 2753 return -1; 2754 } 2755 2756 static int ide_drive_post_load(void *opaque, int version_id) 2757 { 2758 IDEState *s = opaque; 2759 2760 if (s->blk && s->identify_set) { 2761 blk_set_enable_write_cache(s->blk, !!(s->identify_data[85] & (1 << 5))); 2762 } 2763 return 0; 2764 } 2765 2766 static int ide_drive_pio_post_load(void *opaque, int version_id) 2767 { 2768 IDEState *s = opaque; 2769 2770 if (s->end_transfer_fn_idx >= ARRAY_SIZE(transfer_end_table)) { 2771 return -EINVAL; 2772 } 2773 s->end_transfer_func = transfer_end_table[s->end_transfer_fn_idx]; 2774 s->data_ptr = s->io_buffer + s->cur_io_buffer_offset; 2775 s->data_end = s->data_ptr + s->cur_io_buffer_len; 2776 s->atapi_dma = s->feature & 1; /* as per cmd_packet */ 2777 2778 return 0; 2779 } 2780 2781 static int ide_drive_pio_pre_save(void *opaque) 2782 { 2783 IDEState *s = opaque; 2784 int idx; 2785 2786 s->cur_io_buffer_offset = s->data_ptr - s->io_buffer; 2787 s->cur_io_buffer_len = s->data_end - s->data_ptr; 2788 2789 idx = transfer_end_table_idx(s->end_transfer_func); 2790 if (idx == -1) { 2791 fprintf(stderr, "%s: invalid end_transfer_func for DRQ_STAT\n", 2792 __func__); 2793 s->end_transfer_fn_idx = 2; 2794 } else { 2795 s->end_transfer_fn_idx = idx; 2796 } 2797 2798 return 0; 2799 } 2800 2801 static bool ide_drive_pio_state_needed(void *opaque) 2802 { 2803 IDEState *s = opaque; 2804 2805 return ((s->status & DRQ_STAT) != 0) 2806 || (s->bus->error_status & IDE_RETRY_PIO); 2807 } 2808 2809 static bool ide_tray_state_needed(void *opaque) 2810 { 2811 IDEState *s = opaque; 2812 2813 return s->tray_open || s->tray_locked; 2814 } 2815 2816 static bool ide_atapi_gesn_needed(void *opaque) 2817 { 2818 IDEState *s = opaque; 2819 2820 return s->events.new_media || s->events.eject_request; 2821 } 2822 2823 static bool ide_error_needed(void *opaque) 2824 { 2825 IDEBus *bus = opaque; 2826 2827 return (bus->error_status != 0); 2828 } 2829 2830 /* Fields for GET_EVENT_STATUS_NOTIFICATION ATAPI command */ 2831 static const VMStateDescription vmstate_ide_atapi_gesn_state = { 2832 .name ="ide_drive/atapi/gesn_state", 2833 .version_id = 1, 2834 .minimum_version_id = 1, 2835 .needed = ide_atapi_gesn_needed, 2836 .fields = (VMStateField[]) { 2837 VMSTATE_BOOL(events.new_media, IDEState), 2838 VMSTATE_BOOL(events.eject_request, IDEState), 2839 VMSTATE_END_OF_LIST() 2840 } 2841 }; 2842 2843 static const VMStateDescription vmstate_ide_tray_state = { 2844 .name = "ide_drive/tray_state", 2845 .version_id = 1, 2846 .minimum_version_id = 1, 2847 .needed = ide_tray_state_needed, 2848 .fields = (VMStateField[]) { 2849 VMSTATE_BOOL(tray_open, IDEState), 2850 VMSTATE_BOOL(tray_locked, IDEState), 2851 VMSTATE_END_OF_LIST() 2852 } 2853 }; 2854 2855 static const VMStateDescription vmstate_ide_drive_pio_state = { 2856 .name = "ide_drive/pio_state", 2857 .version_id = 1, 2858 .minimum_version_id = 1, 2859 .pre_save = ide_drive_pio_pre_save, 2860 .post_load = ide_drive_pio_post_load, 2861 .needed = ide_drive_pio_state_needed, 2862 .fields = (VMStateField[]) { 2863 VMSTATE_INT32(req_nb_sectors, IDEState), 2864 VMSTATE_VARRAY_INT32(io_buffer, IDEState, io_buffer_total_len, 1, 2865 vmstate_info_uint8, uint8_t), 2866 VMSTATE_INT32(cur_io_buffer_offset, IDEState), 2867 VMSTATE_INT32(cur_io_buffer_len, IDEState), 2868 VMSTATE_UINT8(end_transfer_fn_idx, IDEState), 2869 VMSTATE_INT32(elementary_transfer_size, IDEState), 2870 VMSTATE_INT32(packet_transfer_size, IDEState), 2871 VMSTATE_END_OF_LIST() 2872 } 2873 }; 2874 2875 const VMStateDescription vmstate_ide_drive = { 2876 .name = "ide_drive", 2877 .version_id = 3, 2878 .minimum_version_id = 0, 2879 .post_load = ide_drive_post_load, 2880 .fields = (VMStateField[]) { 2881 VMSTATE_INT32(mult_sectors, IDEState), 2882 VMSTATE_INT32(identify_set, IDEState), 2883 VMSTATE_BUFFER_TEST(identify_data, IDEState, is_identify_set), 2884 VMSTATE_UINT8(feature, IDEState), 2885 VMSTATE_UINT8(error, IDEState), 2886 VMSTATE_UINT32(nsector, IDEState), 2887 VMSTATE_UINT8(sector, IDEState), 2888 VMSTATE_UINT8(lcyl, IDEState), 2889 VMSTATE_UINT8(hcyl, IDEState), 2890 VMSTATE_UINT8(hob_feature, IDEState), 2891 VMSTATE_UINT8(hob_sector, IDEState), 2892 VMSTATE_UINT8(hob_nsector, IDEState), 2893 VMSTATE_UINT8(hob_lcyl, IDEState), 2894 VMSTATE_UINT8(hob_hcyl, IDEState), 2895 VMSTATE_UINT8(select, IDEState), 2896 VMSTATE_UINT8(status, IDEState), 2897 VMSTATE_UINT8(lba48, IDEState), 2898 VMSTATE_UINT8(sense_key, IDEState), 2899 VMSTATE_UINT8(asc, IDEState), 2900 VMSTATE_UINT8_V(cdrom_changed, IDEState, 3), 2901 VMSTATE_END_OF_LIST() 2902 }, 2903 .subsections = (const VMStateDescription*[]) { 2904 &vmstate_ide_drive_pio_state, 2905 &vmstate_ide_tray_state, 2906 &vmstate_ide_atapi_gesn_state, 2907 NULL 2908 } 2909 }; 2910 2911 static const VMStateDescription vmstate_ide_error_status = { 2912 .name ="ide_bus/error", 2913 .version_id = 2, 2914 .minimum_version_id = 1, 2915 .needed = ide_error_needed, 2916 .fields = (VMStateField[]) { 2917 VMSTATE_INT32(error_status, IDEBus), 2918 VMSTATE_INT64_V(retry_sector_num, IDEBus, 2), 2919 VMSTATE_UINT32_V(retry_nsector, IDEBus, 2), 2920 VMSTATE_UINT8_V(retry_unit, IDEBus, 2), 2921 VMSTATE_END_OF_LIST() 2922 } 2923 }; 2924 2925 const VMStateDescription vmstate_ide_bus = { 2926 .name = "ide_bus", 2927 .version_id = 1, 2928 .minimum_version_id = 1, 2929 .fields = (VMStateField[]) { 2930 VMSTATE_UINT8(cmd, IDEBus), 2931 VMSTATE_UINT8(unit, IDEBus), 2932 VMSTATE_END_OF_LIST() 2933 }, 2934 .subsections = (const VMStateDescription*[]) { 2935 &vmstate_ide_error_status, 2936 NULL 2937 } 2938 }; 2939 2940 void ide_drive_get(DriveInfo **hd, int n) 2941 { 2942 int i; 2943 2944 for (i = 0; i < n; i++) { 2945 hd[i] = drive_get_by_index(IF_IDE, i); 2946 } 2947 } 2948