xref: /openbmc/qemu/hw/ide/core.c (revision ebe15582)
1 /*
2  * QEMU IDE disk and CD/DVD-ROM Emulator
3  *
4  * Copyright (c) 2003 Fabrice Bellard
5  * Copyright (c) 2006 Openedhand Ltd.
6  *
7  * Permission is hereby granted, free of charge, to any person obtaining a copy
8  * of this software and associated documentation files (the "Software"), to deal
9  * in the Software without restriction, including without limitation the rights
10  * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
11  * copies of the Software, and to permit persons to whom the Software is
12  * furnished to do so, subject to the following conditions:
13  *
14  * The above copyright notice and this permission notice shall be included in
15  * all copies or substantial portions of the Software.
16  *
17  * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
18  * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
19  * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
20  * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
21  * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
22  * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
23  * THE SOFTWARE.
24  */
25 
26 #include "qemu/osdep.h"
27 #include "hw/isa/isa.h"
28 #include "migration/vmstate.h"
29 #include "qemu/error-report.h"
30 #include "qemu/main-loop.h"
31 #include "qemu/timer.h"
32 #include "sysemu/sysemu.h"
33 #include "sysemu/blockdev.h"
34 #include "sysemu/dma.h"
35 #include "hw/block/block.h"
36 #include "sysemu/block-backend.h"
37 #include "qapi/error.h"
38 #include "qemu/cutils.h"
39 #include "sysemu/replay.h"
40 #include "sysemu/runstate.h"
41 #include "hw/ide/internal.h"
42 #include "trace.h"
43 
44 /* These values were based on a Seagate ST3500418AS but have been modified
45    to make more sense in QEMU */
46 static const int smart_attributes[][12] = {
47     /* id,  flags, hflags, val, wrst, raw (6 bytes), threshold */
48     /* raw read error rate*/
49     { 0x01, 0x03, 0x00, 0x64, 0x64, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x06},
50     /* spin up */
51     { 0x03, 0x03, 0x00, 0x64, 0x64, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
52     /* start stop count */
53     { 0x04, 0x02, 0x00, 0x64, 0x64, 0x64, 0x00, 0x00, 0x00, 0x00, 0x00, 0x14},
54     /* remapped sectors */
55     { 0x05, 0x03, 0x00, 0x64, 0x64, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x24},
56     /* power on hours */
57     { 0x09, 0x03, 0x00, 0x64, 0x64, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
58     /* power cycle count */
59     { 0x0c, 0x03, 0x00, 0x64, 0x64, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
60     /* airflow-temperature-celsius */
61     { 190,  0x03, 0x00, 0x45, 0x45, 0x1f, 0x00, 0x1f, 0x1f, 0x00, 0x00, 0x32},
62 };
63 
64 const char *IDE_DMA_CMD_lookup[IDE_DMA__COUNT] = {
65     [IDE_DMA_READ] = "DMA READ",
66     [IDE_DMA_WRITE] = "DMA WRITE",
67     [IDE_DMA_TRIM] = "DMA TRIM",
68     [IDE_DMA_ATAPI] = "DMA ATAPI"
69 };
70 
71 static const char *IDE_DMA_CMD_str(enum ide_dma_cmd enval)
72 {
73     if ((unsigned)enval < IDE_DMA__COUNT) {
74         return IDE_DMA_CMD_lookup[enval];
75     }
76     return "DMA UNKNOWN CMD";
77 }
78 
79 static void ide_dummy_transfer_stop(IDEState *s);
80 
81 static void padstr(char *str, const char *src, int len)
82 {
83     int i, v;
84     for(i = 0; i < len; i++) {
85         if (*src)
86             v = *src++;
87         else
88             v = ' ';
89         str[i^1] = v;
90     }
91 }
92 
93 static void put_le16(uint16_t *p, unsigned int v)
94 {
95     *p = cpu_to_le16(v);
96 }
97 
98 static void ide_identify_size(IDEState *s)
99 {
100     uint16_t *p = (uint16_t *)s->identify_data;
101     put_le16(p + 60, s->nb_sectors);
102     put_le16(p + 61, s->nb_sectors >> 16);
103     put_le16(p + 100, s->nb_sectors);
104     put_le16(p + 101, s->nb_sectors >> 16);
105     put_le16(p + 102, s->nb_sectors >> 32);
106     put_le16(p + 103, s->nb_sectors >> 48);
107 }
108 
109 static void ide_identify(IDEState *s)
110 {
111     uint16_t *p;
112     unsigned int oldsize;
113     IDEDevice *dev = s->unit ? s->bus->slave : s->bus->master;
114 
115     p = (uint16_t *)s->identify_data;
116     if (s->identify_set) {
117         goto fill_buffer;
118     }
119     memset(p, 0, sizeof(s->identify_data));
120 
121     put_le16(p + 0, 0x0040);
122     put_le16(p + 1, s->cylinders);
123     put_le16(p + 3, s->heads);
124     put_le16(p + 4, 512 * s->sectors); /* XXX: retired, remove ? */
125     put_le16(p + 5, 512); /* XXX: retired, remove ? */
126     put_le16(p + 6, s->sectors);
127     padstr((char *)(p + 10), s->drive_serial_str, 20); /* serial number */
128     put_le16(p + 20, 3); /* XXX: retired, remove ? */
129     put_le16(p + 21, 512); /* cache size in sectors */
130     put_le16(p + 22, 4); /* ecc bytes */
131     padstr((char *)(p + 23), s->version, 8); /* firmware version */
132     padstr((char *)(p + 27), s->drive_model_str, 40); /* model */
133 #if MAX_MULT_SECTORS > 1
134     put_le16(p + 47, 0x8000 | MAX_MULT_SECTORS);
135 #endif
136     put_le16(p + 48, 1); /* dword I/O */
137     put_le16(p + 49, (1 << 11) | (1 << 9) | (1 << 8)); /* DMA and LBA supported */
138     put_le16(p + 51, 0x200); /* PIO transfer cycle */
139     put_le16(p + 52, 0x200); /* DMA transfer cycle */
140     put_le16(p + 53, 1 | (1 << 1) | (1 << 2)); /* words 54-58,64-70,88 are valid */
141     put_le16(p + 54, s->cylinders);
142     put_le16(p + 55, s->heads);
143     put_le16(p + 56, s->sectors);
144     oldsize = s->cylinders * s->heads * s->sectors;
145     put_le16(p + 57, oldsize);
146     put_le16(p + 58, oldsize >> 16);
147     if (s->mult_sectors)
148         put_le16(p + 59, 0x100 | s->mult_sectors);
149     /* *(p + 60) := nb_sectors       -- see ide_identify_size */
150     /* *(p + 61) := nb_sectors >> 16 -- see ide_identify_size */
151     put_le16(p + 62, 0x07); /* single word dma0-2 supported */
152     put_le16(p + 63, 0x07); /* mdma0-2 supported */
153     put_le16(p + 64, 0x03); /* pio3-4 supported */
154     put_le16(p + 65, 120);
155     put_le16(p + 66, 120);
156     put_le16(p + 67, 120);
157     put_le16(p + 68, 120);
158     if (dev && dev->conf.discard_granularity) {
159         put_le16(p + 69, (1 << 14)); /* determinate TRIM behavior */
160     }
161 
162     if (s->ncq_queues) {
163         put_le16(p + 75, s->ncq_queues - 1);
164         /* NCQ supported */
165         put_le16(p + 76, (1 << 8));
166     }
167 
168     put_le16(p + 80, 0xf0); /* ata3 -> ata6 supported */
169     put_le16(p + 81, 0x16); /* conforms to ata5 */
170     /* 14=NOP supported, 5=WCACHE supported, 0=SMART supported */
171     put_le16(p + 82, (1 << 14) | (1 << 5) | 1);
172     /* 13=flush_cache_ext,12=flush_cache,10=lba48 */
173     put_le16(p + 83, (1 << 14) | (1 << 13) | (1 <<12) | (1 << 10));
174     /* 14=set to 1, 8=has WWN, 1=SMART self test, 0=SMART error logging */
175     if (s->wwn) {
176         put_le16(p + 84, (1 << 14) | (1 << 8) | 0);
177     } else {
178         put_le16(p + 84, (1 << 14) | 0);
179     }
180     /* 14 = NOP supported, 5=WCACHE enabled, 0=SMART feature set enabled */
181     if (blk_enable_write_cache(s->blk)) {
182         put_le16(p + 85, (1 << 14) | (1 << 5) | 1);
183     } else {
184         put_le16(p + 85, (1 << 14) | 1);
185     }
186     /* 13=flush_cache_ext,12=flush_cache,10=lba48 */
187     put_le16(p + 86, (1 << 13) | (1 <<12) | (1 << 10));
188     /* 14=set to 1, 8=has WWN, 1=SMART self test, 0=SMART error logging */
189     if (s->wwn) {
190         put_le16(p + 87, (1 << 14) | (1 << 8) | 0);
191     } else {
192         put_le16(p + 87, (1 << 14) | 0);
193     }
194     put_le16(p + 88, 0x3f | (1 << 13)); /* udma5 set and supported */
195     put_le16(p + 93, 1 | (1 << 14) | 0x2000);
196     /* *(p + 100) := nb_sectors       -- see ide_identify_size */
197     /* *(p + 101) := nb_sectors >> 16 -- see ide_identify_size */
198     /* *(p + 102) := nb_sectors >> 32 -- see ide_identify_size */
199     /* *(p + 103) := nb_sectors >> 48 -- see ide_identify_size */
200 
201     if (dev && dev->conf.physical_block_size)
202         put_le16(p + 106, 0x6000 | get_physical_block_exp(&dev->conf));
203     if (s->wwn) {
204         /* LE 16-bit words 111-108 contain 64-bit World Wide Name */
205         put_le16(p + 108, s->wwn >> 48);
206         put_le16(p + 109, s->wwn >> 32);
207         put_le16(p + 110, s->wwn >> 16);
208         put_le16(p + 111, s->wwn);
209     }
210     if (dev && dev->conf.discard_granularity) {
211         put_le16(p + 169, 1); /* TRIM support */
212     }
213     if (dev) {
214         put_le16(p + 217, dev->rotation_rate); /* Nominal media rotation rate */
215     }
216 
217     ide_identify_size(s);
218     s->identify_set = 1;
219 
220 fill_buffer:
221     memcpy(s->io_buffer, p, sizeof(s->identify_data));
222 }
223 
224 static void ide_atapi_identify(IDEState *s)
225 {
226     uint16_t *p;
227 
228     p = (uint16_t *)s->identify_data;
229     if (s->identify_set) {
230         goto fill_buffer;
231     }
232     memset(p, 0, sizeof(s->identify_data));
233 
234     /* Removable CDROM, 50us response, 12 byte packets */
235     put_le16(p + 0, (2 << 14) | (5 << 8) | (1 << 7) | (2 << 5) | (0 << 0));
236     padstr((char *)(p + 10), s->drive_serial_str, 20); /* serial number */
237     put_le16(p + 20, 3); /* buffer type */
238     put_le16(p + 21, 512); /* cache size in sectors */
239     put_le16(p + 22, 4); /* ecc bytes */
240     padstr((char *)(p + 23), s->version, 8); /* firmware version */
241     padstr((char *)(p + 27), s->drive_model_str, 40); /* model */
242     put_le16(p + 48, 1); /* dword I/O (XXX: should not be set on CDROM) */
243 #ifdef USE_DMA_CDROM
244     put_le16(p + 49, 1 << 9 | 1 << 8); /* DMA and LBA supported */
245     put_le16(p + 53, 7); /* words 64-70, 54-58, 88 valid */
246     put_le16(p + 62, 7);  /* single word dma0-2 supported */
247     put_le16(p + 63, 7);  /* mdma0-2 supported */
248 #else
249     put_le16(p + 49, 1 << 9); /* LBA supported, no DMA */
250     put_le16(p + 53, 3); /* words 64-70, 54-58 valid */
251     put_le16(p + 63, 0x103); /* DMA modes XXX: may be incorrect */
252 #endif
253     put_le16(p + 64, 3); /* pio3-4 supported */
254     put_le16(p + 65, 0xb4); /* minimum DMA multiword tx cycle time */
255     put_le16(p + 66, 0xb4); /* recommended DMA multiword tx cycle time */
256     put_le16(p + 67, 0x12c); /* minimum PIO cycle time without flow control */
257     put_le16(p + 68, 0xb4); /* minimum PIO cycle time with IORDY flow control */
258 
259     put_le16(p + 71, 30); /* in ns */
260     put_le16(p + 72, 30); /* in ns */
261 
262     if (s->ncq_queues) {
263         put_le16(p + 75, s->ncq_queues - 1);
264         /* NCQ supported */
265         put_le16(p + 76, (1 << 8));
266     }
267 
268     put_le16(p + 80, 0x1e); /* support up to ATA/ATAPI-4 */
269     if (s->wwn) {
270         put_le16(p + 84, (1 << 8)); /* supports WWN for words 108-111 */
271         put_le16(p + 87, (1 << 8)); /* WWN enabled */
272     }
273 
274 #ifdef USE_DMA_CDROM
275     put_le16(p + 88, 0x3f | (1 << 13)); /* udma5 set and supported */
276 #endif
277 
278     if (s->wwn) {
279         /* LE 16-bit words 111-108 contain 64-bit World Wide Name */
280         put_le16(p + 108, s->wwn >> 48);
281         put_le16(p + 109, s->wwn >> 32);
282         put_le16(p + 110, s->wwn >> 16);
283         put_le16(p + 111, s->wwn);
284     }
285 
286     s->identify_set = 1;
287 
288 fill_buffer:
289     memcpy(s->io_buffer, p, sizeof(s->identify_data));
290 }
291 
292 static void ide_cfata_identify_size(IDEState *s)
293 {
294     uint16_t *p = (uint16_t *)s->identify_data;
295     put_le16(p + 7, s->nb_sectors >> 16);  /* Sectors per card */
296     put_le16(p + 8, s->nb_sectors);        /* Sectors per card */
297     put_le16(p + 60, s->nb_sectors);       /* Total LBA sectors */
298     put_le16(p + 61, s->nb_sectors >> 16); /* Total LBA sectors */
299 }
300 
301 static void ide_cfata_identify(IDEState *s)
302 {
303     uint16_t *p;
304     uint32_t cur_sec;
305 
306     p = (uint16_t *)s->identify_data;
307     if (s->identify_set) {
308         goto fill_buffer;
309     }
310     memset(p, 0, sizeof(s->identify_data));
311 
312     cur_sec = s->cylinders * s->heads * s->sectors;
313 
314     put_le16(p + 0, 0x848a);			/* CF Storage Card signature */
315     put_le16(p + 1, s->cylinders);		/* Default cylinders */
316     put_le16(p + 3, s->heads);			/* Default heads */
317     put_le16(p + 6, s->sectors);		/* Default sectors per track */
318     /* *(p + 7) := nb_sectors >> 16 -- see ide_cfata_identify_size */
319     /* *(p + 8) := nb_sectors       -- see ide_cfata_identify_size */
320     padstr((char *)(p + 10), s->drive_serial_str, 20); /* serial number */
321     put_le16(p + 22, 0x0004);			/* ECC bytes */
322     padstr((char *) (p + 23), s->version, 8);	/* Firmware Revision */
323     padstr((char *) (p + 27), s->drive_model_str, 40);/* Model number */
324 #if MAX_MULT_SECTORS > 1
325     put_le16(p + 47, 0x8000 | MAX_MULT_SECTORS);
326 #else
327     put_le16(p + 47, 0x0000);
328 #endif
329     put_le16(p + 49, 0x0f00);			/* Capabilities */
330     put_le16(p + 51, 0x0002);			/* PIO cycle timing mode */
331     put_le16(p + 52, 0x0001);			/* DMA cycle timing mode */
332     put_le16(p + 53, 0x0003);			/* Translation params valid */
333     put_le16(p + 54, s->cylinders);		/* Current cylinders */
334     put_le16(p + 55, s->heads);			/* Current heads */
335     put_le16(p + 56, s->sectors);		/* Current sectors */
336     put_le16(p + 57, cur_sec);			/* Current capacity */
337     put_le16(p + 58, cur_sec >> 16);		/* Current capacity */
338     if (s->mult_sectors)			/* Multiple sector setting */
339         put_le16(p + 59, 0x100 | s->mult_sectors);
340     /* *(p + 60) := nb_sectors       -- see ide_cfata_identify_size */
341     /* *(p + 61) := nb_sectors >> 16 -- see ide_cfata_identify_size */
342     put_le16(p + 63, 0x0203);			/* Multiword DMA capability */
343     put_le16(p + 64, 0x0001);			/* Flow Control PIO support */
344     put_le16(p + 65, 0x0096);			/* Min. Multiword DMA cycle */
345     put_le16(p + 66, 0x0096);			/* Rec. Multiword DMA cycle */
346     put_le16(p + 68, 0x00b4);			/* Min. PIO cycle time */
347     put_le16(p + 82, 0x400c);			/* Command Set supported */
348     put_le16(p + 83, 0x7068);			/* Command Set supported */
349     put_le16(p + 84, 0x4000);			/* Features supported */
350     put_le16(p + 85, 0x000c);			/* Command Set enabled */
351     put_le16(p + 86, 0x7044);			/* Command Set enabled */
352     put_le16(p + 87, 0x4000);			/* Features enabled */
353     put_le16(p + 91, 0x4060);			/* Current APM level */
354     put_le16(p + 129, 0x0002);			/* Current features option */
355     put_le16(p + 130, 0x0005);			/* Reassigned sectors */
356     put_le16(p + 131, 0x0001);			/* Initial power mode */
357     put_le16(p + 132, 0x0000);			/* User signature */
358     put_le16(p + 160, 0x8100);			/* Power requirement */
359     put_le16(p + 161, 0x8001);			/* CF command set */
360 
361     ide_cfata_identify_size(s);
362     s->identify_set = 1;
363 
364 fill_buffer:
365     memcpy(s->io_buffer, p, sizeof(s->identify_data));
366 }
367 
368 static void ide_set_signature(IDEState *s)
369 {
370     s->select &= 0xf0; /* clear head */
371     /* put signature */
372     s->nsector = 1;
373     s->sector = 1;
374     if (s->drive_kind == IDE_CD) {
375         s->lcyl = 0x14;
376         s->hcyl = 0xeb;
377     } else if (s->blk) {
378         s->lcyl = 0;
379         s->hcyl = 0;
380     } else {
381         s->lcyl = 0xff;
382         s->hcyl = 0xff;
383     }
384 }
385 
386 static bool ide_sect_range_ok(IDEState *s,
387                               uint64_t sector, uint64_t nb_sectors)
388 {
389     uint64_t total_sectors;
390 
391     blk_get_geometry(s->blk, &total_sectors);
392     if (sector > total_sectors || nb_sectors > total_sectors - sector) {
393         return false;
394     }
395     return true;
396 }
397 
398 typedef struct TrimAIOCB {
399     BlockAIOCB common;
400     IDEState *s;
401     QEMUBH *bh;
402     int ret;
403     QEMUIOVector *qiov;
404     BlockAIOCB *aiocb;
405     int i, j;
406 } TrimAIOCB;
407 
408 static void trim_aio_cancel(BlockAIOCB *acb)
409 {
410     TrimAIOCB *iocb = container_of(acb, TrimAIOCB, common);
411 
412     /* Exit the loop so ide_issue_trim_cb will not continue  */
413     iocb->j = iocb->qiov->niov - 1;
414     iocb->i = (iocb->qiov->iov[iocb->j].iov_len / 8) - 1;
415 
416     iocb->ret = -ECANCELED;
417 
418     if (iocb->aiocb) {
419         blk_aio_cancel_async(iocb->aiocb);
420         iocb->aiocb = NULL;
421     }
422 }
423 
424 static const AIOCBInfo trim_aiocb_info = {
425     .aiocb_size         = sizeof(TrimAIOCB),
426     .cancel_async       = trim_aio_cancel,
427 };
428 
429 static void ide_trim_bh_cb(void *opaque)
430 {
431     TrimAIOCB *iocb = opaque;
432 
433     iocb->common.cb(iocb->common.opaque, iocb->ret);
434 
435     qemu_bh_delete(iocb->bh);
436     iocb->bh = NULL;
437     qemu_aio_unref(iocb);
438 }
439 
440 static void ide_issue_trim_cb(void *opaque, int ret)
441 {
442     TrimAIOCB *iocb = opaque;
443     IDEState *s = iocb->s;
444 
445     if (ret >= 0) {
446         while (iocb->j < iocb->qiov->niov) {
447             int j = iocb->j;
448             while (++iocb->i < iocb->qiov->iov[j].iov_len / 8) {
449                 int i = iocb->i;
450                 uint64_t *buffer = iocb->qiov->iov[j].iov_base;
451 
452                 /* 6-byte LBA + 2-byte range per entry */
453                 uint64_t entry = le64_to_cpu(buffer[i]);
454                 uint64_t sector = entry & 0x0000ffffffffffffULL;
455                 uint16_t count = entry >> 48;
456 
457                 if (count == 0) {
458                     continue;
459                 }
460 
461                 if (!ide_sect_range_ok(s, sector, count)) {
462                     iocb->ret = -EINVAL;
463                     goto done;
464                 }
465 
466                 /* Got an entry! Submit and exit.  */
467                 iocb->aiocb = blk_aio_pdiscard(s->blk,
468                                                sector << BDRV_SECTOR_BITS,
469                                                count << BDRV_SECTOR_BITS,
470                                                ide_issue_trim_cb, opaque);
471                 return;
472             }
473 
474             iocb->j++;
475             iocb->i = -1;
476         }
477     } else {
478         iocb->ret = ret;
479     }
480 
481 done:
482     iocb->aiocb = NULL;
483     if (iocb->bh) {
484         replay_bh_schedule_event(iocb->bh);
485     }
486 }
487 
488 BlockAIOCB *ide_issue_trim(
489         int64_t offset, QEMUIOVector *qiov,
490         BlockCompletionFunc *cb, void *cb_opaque, void *opaque)
491 {
492     IDEState *s = opaque;
493     TrimAIOCB *iocb;
494 
495     iocb = blk_aio_get(&trim_aiocb_info, s->blk, cb, cb_opaque);
496     iocb->s = s;
497     iocb->bh = qemu_bh_new(ide_trim_bh_cb, iocb);
498     iocb->ret = 0;
499     iocb->qiov = qiov;
500     iocb->i = -1;
501     iocb->j = 0;
502     ide_issue_trim_cb(iocb, 0);
503     return &iocb->common;
504 }
505 
506 void ide_abort_command(IDEState *s)
507 {
508     ide_transfer_stop(s);
509     s->status = READY_STAT | ERR_STAT;
510     s->error = ABRT_ERR;
511 }
512 
513 static void ide_set_retry(IDEState *s)
514 {
515     s->bus->retry_unit = s->unit;
516     s->bus->retry_sector_num = ide_get_sector(s);
517     s->bus->retry_nsector = s->nsector;
518 }
519 
520 static void ide_clear_retry(IDEState *s)
521 {
522     s->bus->retry_unit = -1;
523     s->bus->retry_sector_num = 0;
524     s->bus->retry_nsector = 0;
525 }
526 
527 /* prepare data transfer and tell what to do after */
528 bool ide_transfer_start_norecurse(IDEState *s, uint8_t *buf, int size,
529                                   EndTransferFunc *end_transfer_func)
530 {
531     s->data_ptr = buf;
532     s->data_end = buf + size;
533     ide_set_retry(s);
534     if (!(s->status & ERR_STAT)) {
535         s->status |= DRQ_STAT;
536     }
537     if (!s->bus->dma->ops->pio_transfer) {
538         s->end_transfer_func = end_transfer_func;
539         return false;
540     }
541     s->bus->dma->ops->pio_transfer(s->bus->dma);
542     return true;
543 }
544 
545 void ide_transfer_start(IDEState *s, uint8_t *buf, int size,
546                         EndTransferFunc *end_transfer_func)
547 {
548     if (ide_transfer_start_norecurse(s, buf, size, end_transfer_func)) {
549         end_transfer_func(s);
550     }
551 }
552 
553 static void ide_cmd_done(IDEState *s)
554 {
555     if (s->bus->dma->ops->cmd_done) {
556         s->bus->dma->ops->cmd_done(s->bus->dma);
557     }
558 }
559 
560 static void ide_transfer_halt(IDEState *s)
561 {
562     s->end_transfer_func = ide_transfer_stop;
563     s->data_ptr = s->io_buffer;
564     s->data_end = s->io_buffer;
565     s->status &= ~DRQ_STAT;
566 }
567 
568 void ide_transfer_stop(IDEState *s)
569 {
570     ide_transfer_halt(s);
571     ide_cmd_done(s);
572 }
573 
574 int64_t ide_get_sector(IDEState *s)
575 {
576     int64_t sector_num;
577     if (s->select & 0x40) {
578         /* lba */
579         if (!s->lba48) {
580             sector_num = ((s->select & 0x0f) << 24) | (s->hcyl << 16) |
581                 (s->lcyl << 8) | s->sector;
582         } else {
583             sector_num = ((int64_t)s->hob_hcyl << 40) |
584                 ((int64_t) s->hob_lcyl << 32) |
585                 ((int64_t) s->hob_sector << 24) |
586                 ((int64_t) s->hcyl << 16) |
587                 ((int64_t) s->lcyl << 8) | s->sector;
588         }
589     } else {
590         sector_num = ((s->hcyl << 8) | s->lcyl) * s->heads * s->sectors +
591             (s->select & 0x0f) * s->sectors + (s->sector - 1);
592     }
593     return sector_num;
594 }
595 
596 void ide_set_sector(IDEState *s, int64_t sector_num)
597 {
598     unsigned int cyl, r;
599     if (s->select & 0x40) {
600         if (!s->lba48) {
601             s->select = (s->select & 0xf0) | (sector_num >> 24);
602             s->hcyl = (sector_num >> 16);
603             s->lcyl = (sector_num >> 8);
604             s->sector = (sector_num);
605         } else {
606             s->sector = sector_num;
607             s->lcyl = sector_num >> 8;
608             s->hcyl = sector_num >> 16;
609             s->hob_sector = sector_num >> 24;
610             s->hob_lcyl = sector_num >> 32;
611             s->hob_hcyl = sector_num >> 40;
612         }
613     } else {
614         cyl = sector_num / (s->heads * s->sectors);
615         r = sector_num % (s->heads * s->sectors);
616         s->hcyl = cyl >> 8;
617         s->lcyl = cyl;
618         s->select = (s->select & 0xf0) | ((r / s->sectors) & 0x0f);
619         s->sector = (r % s->sectors) + 1;
620     }
621 }
622 
623 static void ide_rw_error(IDEState *s) {
624     ide_abort_command(s);
625     ide_set_irq(s->bus);
626 }
627 
628 static void ide_buffered_readv_cb(void *opaque, int ret)
629 {
630     IDEBufferedRequest *req = opaque;
631     if (!req->orphaned) {
632         if (!ret) {
633             assert(req->qiov.size == req->original_qiov->size);
634             qemu_iovec_from_buf(req->original_qiov, 0,
635                                 req->qiov.local_iov.iov_base,
636                                 req->original_qiov->size);
637         }
638         req->original_cb(req->original_opaque, ret);
639     }
640     QLIST_REMOVE(req, list);
641     qemu_vfree(qemu_iovec_buf(&req->qiov));
642     g_free(req);
643 }
644 
645 #define MAX_BUFFERED_REQS 16
646 
647 BlockAIOCB *ide_buffered_readv(IDEState *s, int64_t sector_num,
648                                QEMUIOVector *iov, int nb_sectors,
649                                BlockCompletionFunc *cb, void *opaque)
650 {
651     BlockAIOCB *aioreq;
652     IDEBufferedRequest *req;
653     int c = 0;
654 
655     QLIST_FOREACH(req, &s->buffered_requests, list) {
656         c++;
657     }
658     if (c > MAX_BUFFERED_REQS) {
659         return blk_abort_aio_request(s->blk, cb, opaque, -EIO);
660     }
661 
662     req = g_new0(IDEBufferedRequest, 1);
663     req->original_qiov = iov;
664     req->original_cb = cb;
665     req->original_opaque = opaque;
666     qemu_iovec_init_buf(&req->qiov, blk_blockalign(s->blk, iov->size),
667                         iov->size);
668 
669     aioreq = blk_aio_preadv(s->blk, sector_num << BDRV_SECTOR_BITS,
670                             &req->qiov, 0, ide_buffered_readv_cb, req);
671 
672     QLIST_INSERT_HEAD(&s->buffered_requests, req, list);
673     return aioreq;
674 }
675 
676 /**
677  * Cancel all pending DMA requests.
678  * Any buffered DMA requests are instantly canceled,
679  * but any pending unbuffered DMA requests must be waited on.
680  */
681 void ide_cancel_dma_sync(IDEState *s)
682 {
683     IDEBufferedRequest *req;
684 
685     /* First invoke the callbacks of all buffered requests
686      * and flag those requests as orphaned. Ideally there
687      * are no unbuffered (Scatter Gather DMA Requests or
688      * write requests) pending and we can avoid to drain. */
689     QLIST_FOREACH(req, &s->buffered_requests, list) {
690         if (!req->orphaned) {
691             trace_ide_cancel_dma_sync_buffered(req->original_cb, req);
692             req->original_cb(req->original_opaque, -ECANCELED);
693         }
694         req->orphaned = true;
695     }
696 
697     /*
698      * We can't cancel Scatter Gather DMA in the middle of the
699      * operation or a partial (not full) DMA transfer would reach
700      * the storage so we wait for completion instead (we beahve
701      * like if the DMA was completed by the time the guest trying
702      * to cancel dma with bmdma_cmd_writeb with BM_CMD_START not
703      * set).
704      *
705      * In the future we'll be able to safely cancel the I/O if the
706      * whole DMA operation will be submitted to disk with a single
707      * aio operation with preadv/pwritev.
708      */
709     if (s->bus->dma->aiocb) {
710         trace_ide_cancel_dma_sync_remaining();
711         blk_drain(s->blk);
712         assert(s->bus->dma->aiocb == NULL);
713     }
714 }
715 
716 static void ide_sector_read(IDEState *s);
717 
718 static void ide_sector_read_cb(void *opaque, int ret)
719 {
720     IDEState *s = opaque;
721     int n;
722 
723     s->pio_aiocb = NULL;
724     s->status &= ~BUSY_STAT;
725 
726     if (ret != 0) {
727         if (ide_handle_rw_error(s, -ret, IDE_RETRY_PIO |
728                                 IDE_RETRY_READ)) {
729             return;
730         }
731     }
732 
733     block_acct_done(blk_get_stats(s->blk), &s->acct);
734 
735     n = s->nsector;
736     if (n > s->req_nb_sectors) {
737         n = s->req_nb_sectors;
738     }
739 
740     ide_set_sector(s, ide_get_sector(s) + n);
741     s->nsector -= n;
742     /* Allow the guest to read the io_buffer */
743     ide_transfer_start(s, s->io_buffer, n * BDRV_SECTOR_SIZE, ide_sector_read);
744     ide_set_irq(s->bus);
745 }
746 
747 static void ide_sector_read(IDEState *s)
748 {
749     int64_t sector_num;
750     int n;
751 
752     s->status = READY_STAT | SEEK_STAT;
753     s->error = 0; /* not needed by IDE spec, but needed by Windows */
754     sector_num = ide_get_sector(s);
755     n = s->nsector;
756 
757     if (n == 0) {
758         ide_transfer_stop(s);
759         return;
760     }
761 
762     s->status |= BUSY_STAT;
763 
764     if (n > s->req_nb_sectors) {
765         n = s->req_nb_sectors;
766     }
767 
768     trace_ide_sector_read(sector_num, n);
769 
770     if (!ide_sect_range_ok(s, sector_num, n)) {
771         ide_rw_error(s);
772         block_acct_invalid(blk_get_stats(s->blk), BLOCK_ACCT_READ);
773         return;
774     }
775 
776     qemu_iovec_init_buf(&s->qiov, s->io_buffer, n * BDRV_SECTOR_SIZE);
777 
778     block_acct_start(blk_get_stats(s->blk), &s->acct,
779                      n * BDRV_SECTOR_SIZE, BLOCK_ACCT_READ);
780     s->pio_aiocb = ide_buffered_readv(s, sector_num, &s->qiov, n,
781                                       ide_sector_read_cb, s);
782 }
783 
784 void dma_buf_commit(IDEState *s, uint32_t tx_bytes)
785 {
786     if (s->bus->dma->ops->commit_buf) {
787         s->bus->dma->ops->commit_buf(s->bus->dma, tx_bytes);
788     }
789     s->io_buffer_offset += tx_bytes;
790     qemu_sglist_destroy(&s->sg);
791 }
792 
793 void ide_set_inactive(IDEState *s, bool more)
794 {
795     s->bus->dma->aiocb = NULL;
796     ide_clear_retry(s);
797     if (s->bus->dma->ops->set_inactive) {
798         s->bus->dma->ops->set_inactive(s->bus->dma, more);
799     }
800     ide_cmd_done(s);
801 }
802 
803 void ide_dma_error(IDEState *s)
804 {
805     dma_buf_commit(s, 0);
806     ide_abort_command(s);
807     ide_set_inactive(s, false);
808     ide_set_irq(s->bus);
809 }
810 
811 int ide_handle_rw_error(IDEState *s, int error, int op)
812 {
813     bool is_read = (op & IDE_RETRY_READ) != 0;
814     BlockErrorAction action = blk_get_error_action(s->blk, is_read, error);
815 
816     if (action == BLOCK_ERROR_ACTION_STOP) {
817         assert(s->bus->retry_unit == s->unit);
818         s->bus->error_status = op;
819     } else if (action == BLOCK_ERROR_ACTION_REPORT) {
820         block_acct_failed(blk_get_stats(s->blk), &s->acct);
821         if (IS_IDE_RETRY_DMA(op)) {
822             ide_dma_error(s);
823         } else if (IS_IDE_RETRY_ATAPI(op)) {
824             ide_atapi_io_error(s, -error);
825         } else {
826             ide_rw_error(s);
827         }
828     }
829     blk_error_action(s->blk, action, is_read, error);
830     return action != BLOCK_ERROR_ACTION_IGNORE;
831 }
832 
833 static void ide_dma_cb(void *opaque, int ret)
834 {
835     IDEState *s = opaque;
836     int n;
837     int64_t sector_num;
838     uint64_t offset;
839     bool stay_active = false;
840 
841     if (ret == -EINVAL) {
842         ide_dma_error(s);
843         return;
844     }
845 
846     if (ret < 0) {
847         if (ide_handle_rw_error(s, -ret, ide_dma_cmd_to_retry(s->dma_cmd))) {
848             s->bus->dma->aiocb = NULL;
849             dma_buf_commit(s, 0);
850             return;
851         }
852     }
853 
854     n = s->io_buffer_size >> 9;
855     if (n > s->nsector) {
856         /* The PRDs were longer than needed for this request. Shorten them so
857          * we don't get a negative remainder. The Active bit must remain set
858          * after the request completes. */
859         n = s->nsector;
860         stay_active = true;
861     }
862 
863     sector_num = ide_get_sector(s);
864     if (n > 0) {
865         assert(n * 512 == s->sg.size);
866         dma_buf_commit(s, s->sg.size);
867         sector_num += n;
868         ide_set_sector(s, sector_num);
869         s->nsector -= n;
870     }
871 
872     /* end of transfer ? */
873     if (s->nsector == 0) {
874         s->status = READY_STAT | SEEK_STAT;
875         ide_set_irq(s->bus);
876         goto eot;
877     }
878 
879     /* launch next transfer */
880     n = s->nsector;
881     s->io_buffer_index = 0;
882     s->io_buffer_size = n * 512;
883     if (s->bus->dma->ops->prepare_buf(s->bus->dma, s->io_buffer_size) < 512) {
884         /* The PRDs were too short. Reset the Active bit, but don't raise an
885          * interrupt. */
886         s->status = READY_STAT | SEEK_STAT;
887         dma_buf_commit(s, 0);
888         goto eot;
889     }
890 
891     trace_ide_dma_cb(s, sector_num, n, IDE_DMA_CMD_str(s->dma_cmd));
892 
893     if ((s->dma_cmd == IDE_DMA_READ || s->dma_cmd == IDE_DMA_WRITE) &&
894         !ide_sect_range_ok(s, sector_num, n)) {
895         ide_dma_error(s);
896         block_acct_invalid(blk_get_stats(s->blk), s->acct.type);
897         return;
898     }
899 
900     offset = sector_num << BDRV_SECTOR_BITS;
901     switch (s->dma_cmd) {
902     case IDE_DMA_READ:
903         s->bus->dma->aiocb = dma_blk_read(s->blk, &s->sg, offset,
904                                           BDRV_SECTOR_SIZE, ide_dma_cb, s);
905         break;
906     case IDE_DMA_WRITE:
907         s->bus->dma->aiocb = dma_blk_write(s->blk, &s->sg, offset,
908                                            BDRV_SECTOR_SIZE, ide_dma_cb, s);
909         break;
910     case IDE_DMA_TRIM:
911         s->bus->dma->aiocb = dma_blk_io(blk_get_aio_context(s->blk),
912                                         &s->sg, offset, BDRV_SECTOR_SIZE,
913                                         ide_issue_trim, s, ide_dma_cb, s,
914                                         DMA_DIRECTION_TO_DEVICE);
915         break;
916     default:
917         abort();
918     }
919     return;
920 
921 eot:
922     if (s->dma_cmd == IDE_DMA_READ || s->dma_cmd == IDE_DMA_WRITE) {
923         block_acct_done(blk_get_stats(s->blk), &s->acct);
924     }
925     ide_set_inactive(s, stay_active);
926 }
927 
928 static void ide_sector_start_dma(IDEState *s, enum ide_dma_cmd dma_cmd)
929 {
930     s->status = READY_STAT | SEEK_STAT | DRQ_STAT;
931     s->io_buffer_size = 0;
932     s->dma_cmd = dma_cmd;
933 
934     switch (dma_cmd) {
935     case IDE_DMA_READ:
936         block_acct_start(blk_get_stats(s->blk), &s->acct,
937                          s->nsector * BDRV_SECTOR_SIZE, BLOCK_ACCT_READ);
938         break;
939     case IDE_DMA_WRITE:
940         block_acct_start(blk_get_stats(s->blk), &s->acct,
941                          s->nsector * BDRV_SECTOR_SIZE, BLOCK_ACCT_WRITE);
942         break;
943     default:
944         break;
945     }
946 
947     ide_start_dma(s, ide_dma_cb);
948 }
949 
950 void ide_start_dma(IDEState *s, BlockCompletionFunc *cb)
951 {
952     s->io_buffer_index = 0;
953     ide_set_retry(s);
954     if (s->bus->dma->ops->start_dma) {
955         s->bus->dma->ops->start_dma(s->bus->dma, s, cb);
956     }
957 }
958 
959 static void ide_sector_write(IDEState *s);
960 
961 static void ide_sector_write_timer_cb(void *opaque)
962 {
963     IDEState *s = opaque;
964     ide_set_irq(s->bus);
965 }
966 
967 static void ide_sector_write_cb(void *opaque, int ret)
968 {
969     IDEState *s = opaque;
970     int n;
971 
972     s->pio_aiocb = NULL;
973     s->status &= ~BUSY_STAT;
974 
975     if (ret != 0) {
976         if (ide_handle_rw_error(s, -ret, IDE_RETRY_PIO)) {
977             return;
978         }
979     }
980 
981     block_acct_done(blk_get_stats(s->blk), &s->acct);
982 
983     n = s->nsector;
984     if (n > s->req_nb_sectors) {
985         n = s->req_nb_sectors;
986     }
987     s->nsector -= n;
988 
989     ide_set_sector(s, ide_get_sector(s) + n);
990     if (s->nsector == 0) {
991         /* no more sectors to write */
992         ide_transfer_stop(s);
993     } else {
994         int n1 = s->nsector;
995         if (n1 > s->req_nb_sectors) {
996             n1 = s->req_nb_sectors;
997         }
998         ide_transfer_start(s, s->io_buffer, n1 * BDRV_SECTOR_SIZE,
999                            ide_sector_write);
1000     }
1001 
1002     if (win2k_install_hack && ((++s->irq_count % 16) == 0)) {
1003         /* It seems there is a bug in the Windows 2000 installer HDD
1004            IDE driver which fills the disk with empty logs when the
1005            IDE write IRQ comes too early. This hack tries to correct
1006            that at the expense of slower write performances. Use this
1007            option _only_ to install Windows 2000. You must disable it
1008            for normal use. */
1009         timer_mod(s->sector_write_timer, qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL) +
1010                   (NANOSECONDS_PER_SECOND / 1000));
1011     } else {
1012         ide_set_irq(s->bus);
1013     }
1014 }
1015 
1016 static void ide_sector_write(IDEState *s)
1017 {
1018     int64_t sector_num;
1019     int n;
1020 
1021     s->status = READY_STAT | SEEK_STAT | BUSY_STAT;
1022     sector_num = ide_get_sector(s);
1023 
1024     n = s->nsector;
1025     if (n > s->req_nb_sectors) {
1026         n = s->req_nb_sectors;
1027     }
1028 
1029     trace_ide_sector_write(sector_num, n);
1030 
1031     if (!ide_sect_range_ok(s, sector_num, n)) {
1032         ide_rw_error(s);
1033         block_acct_invalid(blk_get_stats(s->blk), BLOCK_ACCT_WRITE);
1034         return;
1035     }
1036 
1037     qemu_iovec_init_buf(&s->qiov, s->io_buffer, n * BDRV_SECTOR_SIZE);
1038 
1039     block_acct_start(blk_get_stats(s->blk), &s->acct,
1040                      n * BDRV_SECTOR_SIZE, BLOCK_ACCT_WRITE);
1041     s->pio_aiocb = blk_aio_pwritev(s->blk, sector_num << BDRV_SECTOR_BITS,
1042                                    &s->qiov, 0, ide_sector_write_cb, s);
1043 }
1044 
1045 static void ide_flush_cb(void *opaque, int ret)
1046 {
1047     IDEState *s = opaque;
1048 
1049     s->pio_aiocb = NULL;
1050 
1051     if (ret < 0) {
1052         /* XXX: What sector number to set here? */
1053         if (ide_handle_rw_error(s, -ret, IDE_RETRY_FLUSH)) {
1054             return;
1055         }
1056     }
1057 
1058     if (s->blk) {
1059         block_acct_done(blk_get_stats(s->blk), &s->acct);
1060     }
1061     s->status = READY_STAT | SEEK_STAT;
1062     ide_cmd_done(s);
1063     ide_set_irq(s->bus);
1064 }
1065 
1066 static void ide_flush_cache(IDEState *s)
1067 {
1068     if (s->blk == NULL) {
1069         ide_flush_cb(s, 0);
1070         return;
1071     }
1072 
1073     s->status |= BUSY_STAT;
1074     ide_set_retry(s);
1075     block_acct_start(blk_get_stats(s->blk), &s->acct, 0, BLOCK_ACCT_FLUSH);
1076     s->pio_aiocb = blk_aio_flush(s->blk, ide_flush_cb, s);
1077 }
1078 
1079 static void ide_cfata_metadata_inquiry(IDEState *s)
1080 {
1081     uint16_t *p;
1082     uint32_t spd;
1083 
1084     p = (uint16_t *) s->io_buffer;
1085     memset(p, 0, 0x200);
1086     spd = ((s->mdata_size - 1) >> 9) + 1;
1087 
1088     put_le16(p + 0, 0x0001);			/* Data format revision */
1089     put_le16(p + 1, 0x0000);			/* Media property: silicon */
1090     put_le16(p + 2, s->media_changed);		/* Media status */
1091     put_le16(p + 3, s->mdata_size & 0xffff);	/* Capacity in bytes (low) */
1092     put_le16(p + 4, s->mdata_size >> 16);	/* Capacity in bytes (high) */
1093     put_le16(p + 5, spd & 0xffff);		/* Sectors per device (low) */
1094     put_le16(p + 6, spd >> 16);			/* Sectors per device (high) */
1095 }
1096 
1097 static void ide_cfata_metadata_read(IDEState *s)
1098 {
1099     uint16_t *p;
1100 
1101     if (((s->hcyl << 16) | s->lcyl) << 9 > s->mdata_size + 2) {
1102         s->status = ERR_STAT;
1103         s->error = ABRT_ERR;
1104         return;
1105     }
1106 
1107     p = (uint16_t *) s->io_buffer;
1108     memset(p, 0, 0x200);
1109 
1110     put_le16(p + 0, s->media_changed);		/* Media status */
1111     memcpy(p + 1, s->mdata_storage + (((s->hcyl << 16) | s->lcyl) << 9),
1112                     MIN(MIN(s->mdata_size - (((s->hcyl << 16) | s->lcyl) << 9),
1113                                     s->nsector << 9), 0x200 - 2));
1114 }
1115 
1116 static void ide_cfata_metadata_write(IDEState *s)
1117 {
1118     if (((s->hcyl << 16) | s->lcyl) << 9 > s->mdata_size + 2) {
1119         s->status = ERR_STAT;
1120         s->error = ABRT_ERR;
1121         return;
1122     }
1123 
1124     s->media_changed = 0;
1125 
1126     memcpy(s->mdata_storage + (((s->hcyl << 16) | s->lcyl) << 9),
1127                     s->io_buffer + 2,
1128                     MIN(MIN(s->mdata_size - (((s->hcyl << 16) | s->lcyl) << 9),
1129                                     s->nsector << 9), 0x200 - 2));
1130 }
1131 
1132 /* called when the inserted state of the media has changed */
1133 static void ide_cd_change_cb(void *opaque, bool load, Error **errp)
1134 {
1135     IDEState *s = opaque;
1136     uint64_t nb_sectors;
1137 
1138     s->tray_open = !load;
1139     blk_get_geometry(s->blk, &nb_sectors);
1140     s->nb_sectors = nb_sectors;
1141 
1142     /*
1143      * First indicate to the guest that a CD has been removed.  That's
1144      * done on the next command the guest sends us.
1145      *
1146      * Then we set UNIT_ATTENTION, by which the guest will
1147      * detect a new CD in the drive.  See ide_atapi_cmd() for details.
1148      */
1149     s->cdrom_changed = 1;
1150     s->events.new_media = true;
1151     s->events.eject_request = false;
1152     ide_set_irq(s->bus);
1153 }
1154 
1155 static void ide_cd_eject_request_cb(void *opaque, bool force)
1156 {
1157     IDEState *s = opaque;
1158 
1159     s->events.eject_request = true;
1160     if (force) {
1161         s->tray_locked = false;
1162     }
1163     ide_set_irq(s->bus);
1164 }
1165 
1166 static void ide_cmd_lba48_transform(IDEState *s, int lba48)
1167 {
1168     s->lba48 = lba48;
1169 
1170     /* handle the 'magic' 0 nsector count conversion here. to avoid
1171      * fiddling with the rest of the read logic, we just store the
1172      * full sector count in ->nsector and ignore ->hob_nsector from now
1173      */
1174     if (!s->lba48) {
1175         if (!s->nsector)
1176             s->nsector = 256;
1177     } else {
1178         if (!s->nsector && !s->hob_nsector)
1179             s->nsector = 65536;
1180         else {
1181             int lo = s->nsector;
1182             int hi = s->hob_nsector;
1183 
1184             s->nsector = (hi << 8) | lo;
1185         }
1186     }
1187 }
1188 
1189 static void ide_clear_hob(IDEBus *bus)
1190 {
1191     /* any write clears HOB high bit of device control register */
1192     bus->ifs[0].select &= ~(1 << 7);
1193     bus->ifs[1].select &= ~(1 << 7);
1194 }
1195 
1196 /* IOport [W]rite [R]egisters */
1197 enum ATA_IOPORT_WR {
1198     ATA_IOPORT_WR_DATA = 0,
1199     ATA_IOPORT_WR_FEATURES = 1,
1200     ATA_IOPORT_WR_SECTOR_COUNT = 2,
1201     ATA_IOPORT_WR_SECTOR_NUMBER = 3,
1202     ATA_IOPORT_WR_CYLINDER_LOW = 4,
1203     ATA_IOPORT_WR_CYLINDER_HIGH = 5,
1204     ATA_IOPORT_WR_DEVICE_HEAD = 6,
1205     ATA_IOPORT_WR_COMMAND = 7,
1206     ATA_IOPORT_WR_NUM_REGISTERS,
1207 };
1208 
1209 const char *ATA_IOPORT_WR_lookup[ATA_IOPORT_WR_NUM_REGISTERS] = {
1210     [ATA_IOPORT_WR_DATA] = "Data",
1211     [ATA_IOPORT_WR_FEATURES] = "Features",
1212     [ATA_IOPORT_WR_SECTOR_COUNT] = "Sector Count",
1213     [ATA_IOPORT_WR_SECTOR_NUMBER] = "Sector Number",
1214     [ATA_IOPORT_WR_CYLINDER_LOW] = "Cylinder Low",
1215     [ATA_IOPORT_WR_CYLINDER_HIGH] = "Cylinder High",
1216     [ATA_IOPORT_WR_DEVICE_HEAD] = "Device/Head",
1217     [ATA_IOPORT_WR_COMMAND] = "Command"
1218 };
1219 
1220 void ide_ioport_write(void *opaque, uint32_t addr, uint32_t val)
1221 {
1222     IDEBus *bus = opaque;
1223     IDEState *s = idebus_active_if(bus);
1224     int reg_num = addr & 7;
1225 
1226     trace_ide_ioport_write(addr, ATA_IOPORT_WR_lookup[reg_num], val, bus, s);
1227 
1228     /* ignore writes to command block while busy with previous command */
1229     if (reg_num != 7 && (s->status & (BUSY_STAT|DRQ_STAT))) {
1230         return;
1231     }
1232 
1233     switch (reg_num) {
1234     case 0:
1235         break;
1236     case ATA_IOPORT_WR_FEATURES:
1237         ide_clear_hob(bus);
1238         /* NOTE: data is written to the two drives */
1239         bus->ifs[0].hob_feature = bus->ifs[0].feature;
1240         bus->ifs[1].hob_feature = bus->ifs[1].feature;
1241         bus->ifs[0].feature = val;
1242         bus->ifs[1].feature = val;
1243         break;
1244     case ATA_IOPORT_WR_SECTOR_COUNT:
1245         ide_clear_hob(bus);
1246         bus->ifs[0].hob_nsector = bus->ifs[0].nsector;
1247         bus->ifs[1].hob_nsector = bus->ifs[1].nsector;
1248         bus->ifs[0].nsector = val;
1249         bus->ifs[1].nsector = val;
1250         break;
1251     case ATA_IOPORT_WR_SECTOR_NUMBER:
1252         ide_clear_hob(bus);
1253         bus->ifs[0].hob_sector = bus->ifs[0].sector;
1254         bus->ifs[1].hob_sector = bus->ifs[1].sector;
1255         bus->ifs[0].sector = val;
1256         bus->ifs[1].sector = val;
1257         break;
1258     case ATA_IOPORT_WR_CYLINDER_LOW:
1259         ide_clear_hob(bus);
1260         bus->ifs[0].hob_lcyl = bus->ifs[0].lcyl;
1261         bus->ifs[1].hob_lcyl = bus->ifs[1].lcyl;
1262         bus->ifs[0].lcyl = val;
1263         bus->ifs[1].lcyl = val;
1264         break;
1265     case ATA_IOPORT_WR_CYLINDER_HIGH:
1266         ide_clear_hob(bus);
1267         bus->ifs[0].hob_hcyl = bus->ifs[0].hcyl;
1268         bus->ifs[1].hob_hcyl = bus->ifs[1].hcyl;
1269         bus->ifs[0].hcyl = val;
1270         bus->ifs[1].hcyl = val;
1271         break;
1272     case ATA_IOPORT_WR_DEVICE_HEAD:
1273         /* FIXME: HOB readback uses bit 7 */
1274         bus->ifs[0].select = (val & ~0x10) | 0xa0;
1275         bus->ifs[1].select = (val | 0x10) | 0xa0;
1276         /* select drive */
1277         bus->unit = (val >> 4) & 1;
1278         break;
1279     default:
1280     case ATA_IOPORT_WR_COMMAND:
1281         /* command */
1282         ide_exec_cmd(bus, val);
1283         break;
1284     }
1285 }
1286 
1287 static void ide_reset(IDEState *s)
1288 {
1289     trace_ide_reset(s);
1290 
1291     if (s->pio_aiocb) {
1292         blk_aio_cancel(s->pio_aiocb);
1293         s->pio_aiocb = NULL;
1294     }
1295 
1296     if (s->drive_kind == IDE_CFATA)
1297         s->mult_sectors = 0;
1298     else
1299         s->mult_sectors = MAX_MULT_SECTORS;
1300     /* ide regs */
1301     s->feature = 0;
1302     s->error = 0;
1303     s->nsector = 0;
1304     s->sector = 0;
1305     s->lcyl = 0;
1306     s->hcyl = 0;
1307 
1308     /* lba48 */
1309     s->hob_feature = 0;
1310     s->hob_sector = 0;
1311     s->hob_nsector = 0;
1312     s->hob_lcyl = 0;
1313     s->hob_hcyl = 0;
1314 
1315     s->select = 0xa0;
1316     s->status = READY_STAT | SEEK_STAT;
1317 
1318     s->lba48 = 0;
1319 
1320     /* ATAPI specific */
1321     s->sense_key = 0;
1322     s->asc = 0;
1323     s->cdrom_changed = 0;
1324     s->packet_transfer_size = 0;
1325     s->elementary_transfer_size = 0;
1326     s->io_buffer_index = 0;
1327     s->cd_sector_size = 0;
1328     s->atapi_dma = 0;
1329     s->tray_locked = 0;
1330     s->tray_open = 0;
1331     /* ATA DMA state */
1332     s->io_buffer_size = 0;
1333     s->req_nb_sectors = 0;
1334 
1335     ide_set_signature(s);
1336     /* init the transfer handler so that 0xffff is returned on data
1337        accesses */
1338     s->end_transfer_func = ide_dummy_transfer_stop;
1339     ide_dummy_transfer_stop(s);
1340     s->media_changed = 0;
1341 }
1342 
1343 static bool cmd_nop(IDEState *s, uint8_t cmd)
1344 {
1345     return true;
1346 }
1347 
1348 static bool cmd_device_reset(IDEState *s, uint8_t cmd)
1349 {
1350     /* Halt PIO (in the DRQ phase), then DMA */
1351     ide_transfer_halt(s);
1352     ide_cancel_dma_sync(s);
1353 
1354     /* Reset any PIO commands, reset signature, etc */
1355     ide_reset(s);
1356 
1357     /* RESET: ATA8-ACS3 7.10.4 "Normal Outputs";
1358      * ATA8-ACS3 Table 184 "Device Signatures for Normal Output" */
1359     s->status = 0x00;
1360 
1361     /* Do not overwrite status register */
1362     return false;
1363 }
1364 
1365 static bool cmd_data_set_management(IDEState *s, uint8_t cmd)
1366 {
1367     switch (s->feature) {
1368     case DSM_TRIM:
1369         if (s->blk) {
1370             ide_sector_start_dma(s, IDE_DMA_TRIM);
1371             return false;
1372         }
1373         break;
1374     }
1375 
1376     ide_abort_command(s);
1377     return true;
1378 }
1379 
1380 static bool cmd_identify(IDEState *s, uint8_t cmd)
1381 {
1382     if (s->blk && s->drive_kind != IDE_CD) {
1383         if (s->drive_kind != IDE_CFATA) {
1384             ide_identify(s);
1385         } else {
1386             ide_cfata_identify(s);
1387         }
1388         s->status = READY_STAT | SEEK_STAT;
1389         ide_transfer_start(s, s->io_buffer, 512, ide_transfer_stop);
1390         ide_set_irq(s->bus);
1391         return false;
1392     } else {
1393         if (s->drive_kind == IDE_CD) {
1394             ide_set_signature(s);
1395         }
1396         ide_abort_command(s);
1397     }
1398 
1399     return true;
1400 }
1401 
1402 static bool cmd_verify(IDEState *s, uint8_t cmd)
1403 {
1404     bool lba48 = (cmd == WIN_VERIFY_EXT);
1405 
1406     /* do sector number check ? */
1407     ide_cmd_lba48_transform(s, lba48);
1408 
1409     return true;
1410 }
1411 
1412 static bool cmd_set_multiple_mode(IDEState *s, uint8_t cmd)
1413 {
1414     if (s->drive_kind == IDE_CFATA && s->nsector == 0) {
1415         /* Disable Read and Write Multiple */
1416         s->mult_sectors = 0;
1417     } else if ((s->nsector & 0xff) != 0 &&
1418         ((s->nsector & 0xff) > MAX_MULT_SECTORS ||
1419          (s->nsector & (s->nsector - 1)) != 0)) {
1420         ide_abort_command(s);
1421     } else {
1422         s->mult_sectors = s->nsector & 0xff;
1423     }
1424 
1425     return true;
1426 }
1427 
1428 static bool cmd_read_multiple(IDEState *s, uint8_t cmd)
1429 {
1430     bool lba48 = (cmd == WIN_MULTREAD_EXT);
1431 
1432     if (!s->blk || !s->mult_sectors) {
1433         ide_abort_command(s);
1434         return true;
1435     }
1436 
1437     ide_cmd_lba48_transform(s, lba48);
1438     s->req_nb_sectors = s->mult_sectors;
1439     ide_sector_read(s);
1440     return false;
1441 }
1442 
1443 static bool cmd_write_multiple(IDEState *s, uint8_t cmd)
1444 {
1445     bool lba48 = (cmd == WIN_MULTWRITE_EXT);
1446     int n;
1447 
1448     if (!s->blk || !s->mult_sectors) {
1449         ide_abort_command(s);
1450         return true;
1451     }
1452 
1453     ide_cmd_lba48_transform(s, lba48);
1454 
1455     s->req_nb_sectors = s->mult_sectors;
1456     n = MIN(s->nsector, s->req_nb_sectors);
1457 
1458     s->status = SEEK_STAT | READY_STAT;
1459     ide_transfer_start(s, s->io_buffer, 512 * n, ide_sector_write);
1460 
1461     s->media_changed = 1;
1462 
1463     return false;
1464 }
1465 
1466 static bool cmd_read_pio(IDEState *s, uint8_t cmd)
1467 {
1468     bool lba48 = (cmd == WIN_READ_EXT);
1469 
1470     if (s->drive_kind == IDE_CD) {
1471         ide_set_signature(s); /* odd, but ATA4 8.27.5.2 requires it */
1472         ide_abort_command(s);
1473         return true;
1474     }
1475 
1476     if (!s->blk) {
1477         ide_abort_command(s);
1478         return true;
1479     }
1480 
1481     ide_cmd_lba48_transform(s, lba48);
1482     s->req_nb_sectors = 1;
1483     ide_sector_read(s);
1484 
1485     return false;
1486 }
1487 
1488 static bool cmd_write_pio(IDEState *s, uint8_t cmd)
1489 {
1490     bool lba48 = (cmd == WIN_WRITE_EXT);
1491 
1492     if (!s->blk) {
1493         ide_abort_command(s);
1494         return true;
1495     }
1496 
1497     ide_cmd_lba48_transform(s, lba48);
1498 
1499     s->req_nb_sectors = 1;
1500     s->status = SEEK_STAT | READY_STAT;
1501     ide_transfer_start(s, s->io_buffer, 512, ide_sector_write);
1502 
1503     s->media_changed = 1;
1504 
1505     return false;
1506 }
1507 
1508 static bool cmd_read_dma(IDEState *s, uint8_t cmd)
1509 {
1510     bool lba48 = (cmd == WIN_READDMA_EXT);
1511 
1512     if (!s->blk) {
1513         ide_abort_command(s);
1514         return true;
1515     }
1516 
1517     ide_cmd_lba48_transform(s, lba48);
1518     ide_sector_start_dma(s, IDE_DMA_READ);
1519 
1520     return false;
1521 }
1522 
1523 static bool cmd_write_dma(IDEState *s, uint8_t cmd)
1524 {
1525     bool lba48 = (cmd == WIN_WRITEDMA_EXT);
1526 
1527     if (!s->blk) {
1528         ide_abort_command(s);
1529         return true;
1530     }
1531 
1532     ide_cmd_lba48_transform(s, lba48);
1533     ide_sector_start_dma(s, IDE_DMA_WRITE);
1534 
1535     s->media_changed = 1;
1536 
1537     return false;
1538 }
1539 
1540 static bool cmd_flush_cache(IDEState *s, uint8_t cmd)
1541 {
1542     ide_flush_cache(s);
1543     return false;
1544 }
1545 
1546 static bool cmd_seek(IDEState *s, uint8_t cmd)
1547 {
1548     /* XXX: Check that seek is within bounds */
1549     return true;
1550 }
1551 
1552 static bool cmd_read_native_max(IDEState *s, uint8_t cmd)
1553 {
1554     bool lba48 = (cmd == WIN_READ_NATIVE_MAX_EXT);
1555 
1556     /* Refuse if no sectors are addressable (e.g. medium not inserted) */
1557     if (s->nb_sectors == 0) {
1558         ide_abort_command(s);
1559         return true;
1560     }
1561 
1562     ide_cmd_lba48_transform(s, lba48);
1563     ide_set_sector(s, s->nb_sectors - 1);
1564 
1565     return true;
1566 }
1567 
1568 static bool cmd_check_power_mode(IDEState *s, uint8_t cmd)
1569 {
1570     s->nsector = 0xff; /* device active or idle */
1571     return true;
1572 }
1573 
1574 static bool cmd_set_features(IDEState *s, uint8_t cmd)
1575 {
1576     uint16_t *identify_data;
1577 
1578     if (!s->blk) {
1579         ide_abort_command(s);
1580         return true;
1581     }
1582 
1583     /* XXX: valid for CDROM ? */
1584     switch (s->feature) {
1585     case 0x02: /* write cache enable */
1586         blk_set_enable_write_cache(s->blk, true);
1587         identify_data = (uint16_t *)s->identify_data;
1588         put_le16(identify_data + 85, (1 << 14) | (1 << 5) | 1);
1589         return true;
1590     case 0x82: /* write cache disable */
1591         blk_set_enable_write_cache(s->blk, false);
1592         identify_data = (uint16_t *)s->identify_data;
1593         put_le16(identify_data + 85, (1 << 14) | 1);
1594         ide_flush_cache(s);
1595         return false;
1596     case 0xcc: /* reverting to power-on defaults enable */
1597     case 0x66: /* reverting to power-on defaults disable */
1598     case 0xaa: /* read look-ahead enable */
1599     case 0x55: /* read look-ahead disable */
1600     case 0x05: /* set advanced power management mode */
1601     case 0x85: /* disable advanced power management mode */
1602     case 0x69: /* NOP */
1603     case 0x67: /* NOP */
1604     case 0x96: /* NOP */
1605     case 0x9a: /* NOP */
1606     case 0x42: /* enable Automatic Acoustic Mode */
1607     case 0xc2: /* disable Automatic Acoustic Mode */
1608         return true;
1609     case 0x03: /* set transfer mode */
1610         {
1611             uint8_t val = s->nsector & 0x07;
1612             identify_data = (uint16_t *)s->identify_data;
1613 
1614             switch (s->nsector >> 3) {
1615             case 0x00: /* pio default */
1616             case 0x01: /* pio mode */
1617                 put_le16(identify_data + 62, 0x07);
1618                 put_le16(identify_data + 63, 0x07);
1619                 put_le16(identify_data + 88, 0x3f);
1620                 break;
1621             case 0x02: /* sigle word dma mode*/
1622                 put_le16(identify_data + 62, 0x07 | (1 << (val + 8)));
1623                 put_le16(identify_data + 63, 0x07);
1624                 put_le16(identify_data + 88, 0x3f);
1625                 break;
1626             case 0x04: /* mdma mode */
1627                 put_le16(identify_data + 62, 0x07);
1628                 put_le16(identify_data + 63, 0x07 | (1 << (val + 8)));
1629                 put_le16(identify_data + 88, 0x3f);
1630                 break;
1631             case 0x08: /* udma mode */
1632                 put_le16(identify_data + 62, 0x07);
1633                 put_le16(identify_data + 63, 0x07);
1634                 put_le16(identify_data + 88, 0x3f | (1 << (val + 8)));
1635                 break;
1636             default:
1637                 goto abort_cmd;
1638             }
1639             return true;
1640         }
1641     }
1642 
1643 abort_cmd:
1644     ide_abort_command(s);
1645     return true;
1646 }
1647 
1648 
1649 /*** ATAPI commands ***/
1650 
1651 static bool cmd_identify_packet(IDEState *s, uint8_t cmd)
1652 {
1653     ide_atapi_identify(s);
1654     s->status = READY_STAT | SEEK_STAT;
1655     ide_transfer_start(s, s->io_buffer, 512, ide_transfer_stop);
1656     ide_set_irq(s->bus);
1657     return false;
1658 }
1659 
1660 static bool cmd_exec_dev_diagnostic(IDEState *s, uint8_t cmd)
1661 {
1662     ide_set_signature(s);
1663 
1664     if (s->drive_kind == IDE_CD) {
1665         s->status = 0; /* ATAPI spec (v6) section 9.10 defines packet
1666                         * devices to return a clear status register
1667                         * with READY_STAT *not* set. */
1668         s->error = 0x01;
1669     } else {
1670         s->status = READY_STAT | SEEK_STAT;
1671         /* The bits of the error register are not as usual for this command!
1672          * They are part of the regular output (this is why ERR_STAT isn't set)
1673          * Device 0 passed, Device 1 passed or not present. */
1674         s->error = 0x01;
1675         ide_set_irq(s->bus);
1676     }
1677 
1678     return false;
1679 }
1680 
1681 static bool cmd_packet(IDEState *s, uint8_t cmd)
1682 {
1683     /* overlapping commands not supported */
1684     if (s->feature & 0x02) {
1685         ide_abort_command(s);
1686         return true;
1687     }
1688 
1689     s->status = READY_STAT | SEEK_STAT;
1690     s->atapi_dma = s->feature & 1;
1691     if (s->atapi_dma) {
1692         s->dma_cmd = IDE_DMA_ATAPI;
1693     }
1694     s->nsector = 1;
1695     ide_transfer_start(s, s->io_buffer, ATAPI_PACKET_SIZE,
1696                        ide_atapi_cmd);
1697     return false;
1698 }
1699 
1700 
1701 /*** CF-ATA commands ***/
1702 
1703 static bool cmd_cfa_req_ext_error_code(IDEState *s, uint8_t cmd)
1704 {
1705     s->error = 0x09;    /* miscellaneous error */
1706     s->status = READY_STAT | SEEK_STAT;
1707     ide_set_irq(s->bus);
1708 
1709     return false;
1710 }
1711 
1712 static bool cmd_cfa_erase_sectors(IDEState *s, uint8_t cmd)
1713 {
1714     /* WIN_SECURITY_FREEZE_LOCK has the same ID as CFA_WEAR_LEVEL and is
1715      * required for Windows 8 to work with AHCI */
1716 
1717     if (cmd == CFA_WEAR_LEVEL) {
1718         s->nsector = 0;
1719     }
1720 
1721     if (cmd == CFA_ERASE_SECTORS) {
1722         s->media_changed = 1;
1723     }
1724 
1725     return true;
1726 }
1727 
1728 static bool cmd_cfa_translate_sector(IDEState *s, uint8_t cmd)
1729 {
1730     s->status = READY_STAT | SEEK_STAT;
1731 
1732     memset(s->io_buffer, 0, 0x200);
1733     s->io_buffer[0x00] = s->hcyl;                   /* Cyl MSB */
1734     s->io_buffer[0x01] = s->lcyl;                   /* Cyl LSB */
1735     s->io_buffer[0x02] = s->select;                 /* Head */
1736     s->io_buffer[0x03] = s->sector;                 /* Sector */
1737     s->io_buffer[0x04] = ide_get_sector(s) >> 16;   /* LBA MSB */
1738     s->io_buffer[0x05] = ide_get_sector(s) >> 8;    /* LBA */
1739     s->io_buffer[0x06] = ide_get_sector(s) >> 0;    /* LBA LSB */
1740     s->io_buffer[0x13] = 0x00;                      /* Erase flag */
1741     s->io_buffer[0x18] = 0x00;                      /* Hot count */
1742     s->io_buffer[0x19] = 0x00;                      /* Hot count */
1743     s->io_buffer[0x1a] = 0x01;                      /* Hot count */
1744 
1745     ide_transfer_start(s, s->io_buffer, 0x200, ide_transfer_stop);
1746     ide_set_irq(s->bus);
1747 
1748     return false;
1749 }
1750 
1751 static bool cmd_cfa_access_metadata_storage(IDEState *s, uint8_t cmd)
1752 {
1753     switch (s->feature) {
1754     case 0x02:  /* Inquiry Metadata Storage */
1755         ide_cfata_metadata_inquiry(s);
1756         break;
1757     case 0x03:  /* Read Metadata Storage */
1758         ide_cfata_metadata_read(s);
1759         break;
1760     case 0x04:  /* Write Metadata Storage */
1761         ide_cfata_metadata_write(s);
1762         break;
1763     default:
1764         ide_abort_command(s);
1765         return true;
1766     }
1767 
1768     ide_transfer_start(s, s->io_buffer, 0x200, ide_transfer_stop);
1769     s->status = 0x00; /* NOTE: READY is _not_ set */
1770     ide_set_irq(s->bus);
1771 
1772     return false;
1773 }
1774 
1775 static bool cmd_ibm_sense_condition(IDEState *s, uint8_t cmd)
1776 {
1777     switch (s->feature) {
1778     case 0x01:  /* sense temperature in device */
1779         s->nsector = 0x50;      /* +20 C */
1780         break;
1781     default:
1782         ide_abort_command(s);
1783         return true;
1784     }
1785 
1786     return true;
1787 }
1788 
1789 
1790 /*** SMART commands ***/
1791 
1792 static bool cmd_smart(IDEState *s, uint8_t cmd)
1793 {
1794     int n;
1795 
1796     if (s->hcyl != 0xc2 || s->lcyl != 0x4f) {
1797         goto abort_cmd;
1798     }
1799 
1800     if (!s->smart_enabled && s->feature != SMART_ENABLE) {
1801         goto abort_cmd;
1802     }
1803 
1804     switch (s->feature) {
1805     case SMART_DISABLE:
1806         s->smart_enabled = 0;
1807         return true;
1808 
1809     case SMART_ENABLE:
1810         s->smart_enabled = 1;
1811         return true;
1812 
1813     case SMART_ATTR_AUTOSAVE:
1814         switch (s->sector) {
1815         case 0x00:
1816             s->smart_autosave = 0;
1817             break;
1818         case 0xf1:
1819             s->smart_autosave = 1;
1820             break;
1821         default:
1822             goto abort_cmd;
1823         }
1824         return true;
1825 
1826     case SMART_STATUS:
1827         if (!s->smart_errors) {
1828             s->hcyl = 0xc2;
1829             s->lcyl = 0x4f;
1830         } else {
1831             s->hcyl = 0x2c;
1832             s->lcyl = 0xf4;
1833         }
1834         return true;
1835 
1836     case SMART_READ_THRESH:
1837         memset(s->io_buffer, 0, 0x200);
1838         s->io_buffer[0] = 0x01; /* smart struct version */
1839 
1840         for (n = 0; n < ARRAY_SIZE(smart_attributes); n++) {
1841             s->io_buffer[2 + 0 + (n * 12)] = smart_attributes[n][0];
1842             s->io_buffer[2 + 1 + (n * 12)] = smart_attributes[n][11];
1843         }
1844 
1845         /* checksum */
1846         for (n = 0; n < 511; n++) {
1847             s->io_buffer[511] += s->io_buffer[n];
1848         }
1849         s->io_buffer[511] = 0x100 - s->io_buffer[511];
1850 
1851         s->status = READY_STAT | SEEK_STAT;
1852         ide_transfer_start(s, s->io_buffer, 0x200, ide_transfer_stop);
1853         ide_set_irq(s->bus);
1854         return false;
1855 
1856     case SMART_READ_DATA:
1857         memset(s->io_buffer, 0, 0x200);
1858         s->io_buffer[0] = 0x01; /* smart struct version */
1859 
1860         for (n = 0; n < ARRAY_SIZE(smart_attributes); n++) {
1861             int i;
1862             for (i = 0; i < 11; i++) {
1863                 s->io_buffer[2 + i + (n * 12)] = smart_attributes[n][i];
1864             }
1865         }
1866 
1867         s->io_buffer[362] = 0x02 | (s->smart_autosave ? 0x80 : 0x00);
1868         if (s->smart_selftest_count == 0) {
1869             s->io_buffer[363] = 0;
1870         } else {
1871             s->io_buffer[363] =
1872                 s->smart_selftest_data[3 +
1873                            (s->smart_selftest_count - 1) *
1874                            24];
1875         }
1876         s->io_buffer[364] = 0x20;
1877         s->io_buffer[365] = 0x01;
1878         /* offline data collection capacity: execute + self-test*/
1879         s->io_buffer[367] = (1 << 4 | 1 << 3 | 1);
1880         s->io_buffer[368] = 0x03; /* smart capability (1) */
1881         s->io_buffer[369] = 0x00; /* smart capability (2) */
1882         s->io_buffer[370] = 0x01; /* error logging supported */
1883         s->io_buffer[372] = 0x02; /* minutes for poll short test */
1884         s->io_buffer[373] = 0x36; /* minutes for poll ext test */
1885         s->io_buffer[374] = 0x01; /* minutes for poll conveyance */
1886 
1887         for (n = 0; n < 511; n++) {
1888             s->io_buffer[511] += s->io_buffer[n];
1889         }
1890         s->io_buffer[511] = 0x100 - s->io_buffer[511];
1891 
1892         s->status = READY_STAT | SEEK_STAT;
1893         ide_transfer_start(s, s->io_buffer, 0x200, ide_transfer_stop);
1894         ide_set_irq(s->bus);
1895         return false;
1896 
1897     case SMART_READ_LOG:
1898         switch (s->sector) {
1899         case 0x01: /* summary smart error log */
1900             memset(s->io_buffer, 0, 0x200);
1901             s->io_buffer[0] = 0x01;
1902             s->io_buffer[1] = 0x00; /* no error entries */
1903             s->io_buffer[452] = s->smart_errors & 0xff;
1904             s->io_buffer[453] = (s->smart_errors & 0xff00) >> 8;
1905 
1906             for (n = 0; n < 511; n++) {
1907                 s->io_buffer[511] += s->io_buffer[n];
1908             }
1909             s->io_buffer[511] = 0x100 - s->io_buffer[511];
1910             break;
1911         case 0x06: /* smart self test log */
1912             memset(s->io_buffer, 0, 0x200);
1913             s->io_buffer[0] = 0x01;
1914             if (s->smart_selftest_count == 0) {
1915                 s->io_buffer[508] = 0;
1916             } else {
1917                 s->io_buffer[508] = s->smart_selftest_count;
1918                 for (n = 2; n < 506; n++)  {
1919                     s->io_buffer[n] = s->smart_selftest_data[n];
1920                 }
1921             }
1922 
1923             for (n = 0; n < 511; n++) {
1924                 s->io_buffer[511] += s->io_buffer[n];
1925             }
1926             s->io_buffer[511] = 0x100 - s->io_buffer[511];
1927             break;
1928         default:
1929             goto abort_cmd;
1930         }
1931         s->status = READY_STAT | SEEK_STAT;
1932         ide_transfer_start(s, s->io_buffer, 0x200, ide_transfer_stop);
1933         ide_set_irq(s->bus);
1934         return false;
1935 
1936     case SMART_EXECUTE_OFFLINE:
1937         switch (s->sector) {
1938         case 0: /* off-line routine */
1939         case 1: /* short self test */
1940         case 2: /* extended self test */
1941             s->smart_selftest_count++;
1942             if (s->smart_selftest_count > 21) {
1943                 s->smart_selftest_count = 1;
1944             }
1945             n = 2 + (s->smart_selftest_count - 1) * 24;
1946             s->smart_selftest_data[n] = s->sector;
1947             s->smart_selftest_data[n + 1] = 0x00; /* OK and finished */
1948             s->smart_selftest_data[n + 2] = 0x34; /* hour count lsb */
1949             s->smart_selftest_data[n + 3] = 0x12; /* hour count msb */
1950             break;
1951         default:
1952             goto abort_cmd;
1953         }
1954         return true;
1955     }
1956 
1957 abort_cmd:
1958     ide_abort_command(s);
1959     return true;
1960 }
1961 
1962 #define HD_OK (1u << IDE_HD)
1963 #define CD_OK (1u << IDE_CD)
1964 #define CFA_OK (1u << IDE_CFATA)
1965 #define HD_CFA_OK (HD_OK | CFA_OK)
1966 #define ALL_OK (HD_OK | CD_OK | CFA_OK)
1967 
1968 /* Set the Disk Seek Completed status bit during completion */
1969 #define SET_DSC (1u << 8)
1970 
1971 /* See ACS-2 T13/2015-D Table B.2 Command codes */
1972 static const struct {
1973     /* Returns true if the completion code should be run */
1974     bool (*handler)(IDEState *s, uint8_t cmd);
1975     int flags;
1976 } ide_cmd_table[0x100] = {
1977     /* NOP not implemented, mandatory for CD */
1978     [CFA_REQ_EXT_ERROR_CODE]      = { cmd_cfa_req_ext_error_code, CFA_OK },
1979     [WIN_DSM]                     = { cmd_data_set_management, HD_CFA_OK },
1980     [WIN_DEVICE_RESET]            = { cmd_device_reset, CD_OK },
1981     [WIN_RECAL]                   = { cmd_nop, HD_CFA_OK | SET_DSC},
1982     [WIN_READ]                    = { cmd_read_pio, ALL_OK },
1983     [WIN_READ_ONCE]               = { cmd_read_pio, HD_CFA_OK },
1984     [WIN_READ_EXT]                = { cmd_read_pio, HD_CFA_OK },
1985     [WIN_READDMA_EXT]             = { cmd_read_dma, HD_CFA_OK },
1986     [WIN_READ_NATIVE_MAX_EXT]     = { cmd_read_native_max, HD_CFA_OK | SET_DSC },
1987     [WIN_MULTREAD_EXT]            = { cmd_read_multiple, HD_CFA_OK },
1988     [WIN_WRITE]                   = { cmd_write_pio, HD_CFA_OK },
1989     [WIN_WRITE_ONCE]              = { cmd_write_pio, HD_CFA_OK },
1990     [WIN_WRITE_EXT]               = { cmd_write_pio, HD_CFA_OK },
1991     [WIN_WRITEDMA_EXT]            = { cmd_write_dma, HD_CFA_OK },
1992     [CFA_WRITE_SECT_WO_ERASE]     = { cmd_write_pio, CFA_OK },
1993     [WIN_MULTWRITE_EXT]           = { cmd_write_multiple, HD_CFA_OK },
1994     [WIN_WRITE_VERIFY]            = { cmd_write_pio, HD_CFA_OK },
1995     [WIN_VERIFY]                  = { cmd_verify, HD_CFA_OK | SET_DSC },
1996     [WIN_VERIFY_ONCE]             = { cmd_verify, HD_CFA_OK | SET_DSC },
1997     [WIN_VERIFY_EXT]              = { cmd_verify, HD_CFA_OK | SET_DSC },
1998     [WIN_SEEK]                    = { cmd_seek, HD_CFA_OK | SET_DSC },
1999     [CFA_TRANSLATE_SECTOR]        = { cmd_cfa_translate_sector, CFA_OK },
2000     [WIN_DIAGNOSE]                = { cmd_exec_dev_diagnostic, ALL_OK },
2001     [WIN_SPECIFY]                 = { cmd_nop, HD_CFA_OK | SET_DSC },
2002     [WIN_STANDBYNOW2]             = { cmd_nop, HD_CFA_OK },
2003     [WIN_IDLEIMMEDIATE2]          = { cmd_nop, HD_CFA_OK },
2004     [WIN_STANDBY2]                = { cmd_nop, HD_CFA_OK },
2005     [WIN_SETIDLE2]                = { cmd_nop, HD_CFA_OK },
2006     [WIN_CHECKPOWERMODE2]         = { cmd_check_power_mode, HD_CFA_OK | SET_DSC },
2007     [WIN_SLEEPNOW2]               = { cmd_nop, HD_CFA_OK },
2008     [WIN_PACKETCMD]               = { cmd_packet, CD_OK },
2009     [WIN_PIDENTIFY]               = { cmd_identify_packet, CD_OK },
2010     [WIN_SMART]                   = { cmd_smart, HD_CFA_OK | SET_DSC },
2011     [CFA_ACCESS_METADATA_STORAGE] = { cmd_cfa_access_metadata_storage, CFA_OK },
2012     [CFA_ERASE_SECTORS]           = { cmd_cfa_erase_sectors, CFA_OK | SET_DSC },
2013     [WIN_MULTREAD]                = { cmd_read_multiple, HD_CFA_OK },
2014     [WIN_MULTWRITE]               = { cmd_write_multiple, HD_CFA_OK },
2015     [WIN_SETMULT]                 = { cmd_set_multiple_mode, HD_CFA_OK | SET_DSC },
2016     [WIN_READDMA]                 = { cmd_read_dma, HD_CFA_OK },
2017     [WIN_READDMA_ONCE]            = { cmd_read_dma, HD_CFA_OK },
2018     [WIN_WRITEDMA]                = { cmd_write_dma, HD_CFA_OK },
2019     [WIN_WRITEDMA_ONCE]           = { cmd_write_dma, HD_CFA_OK },
2020     [CFA_WRITE_MULTI_WO_ERASE]    = { cmd_write_multiple, CFA_OK },
2021     [WIN_STANDBYNOW1]             = { cmd_nop, HD_CFA_OK },
2022     [WIN_IDLEIMMEDIATE]           = { cmd_nop, HD_CFA_OK },
2023     [WIN_STANDBY]                 = { cmd_nop, HD_CFA_OK },
2024     [WIN_SETIDLE1]                = { cmd_nop, HD_CFA_OK },
2025     [WIN_CHECKPOWERMODE1]         = { cmd_check_power_mode, HD_CFA_OK | SET_DSC },
2026     [WIN_SLEEPNOW1]               = { cmd_nop, HD_CFA_OK },
2027     [WIN_FLUSH_CACHE]             = { cmd_flush_cache, ALL_OK },
2028     [WIN_FLUSH_CACHE_EXT]         = { cmd_flush_cache, HD_CFA_OK },
2029     [WIN_IDENTIFY]                = { cmd_identify, ALL_OK },
2030     [WIN_SETFEATURES]             = { cmd_set_features, ALL_OK | SET_DSC },
2031     [IBM_SENSE_CONDITION]         = { cmd_ibm_sense_condition, CFA_OK | SET_DSC },
2032     [CFA_WEAR_LEVEL]              = { cmd_cfa_erase_sectors, HD_CFA_OK | SET_DSC },
2033     [WIN_READ_NATIVE_MAX]         = { cmd_read_native_max, HD_CFA_OK | SET_DSC },
2034 };
2035 
2036 static bool ide_cmd_permitted(IDEState *s, uint32_t cmd)
2037 {
2038     return cmd < ARRAY_SIZE(ide_cmd_table)
2039         && (ide_cmd_table[cmd].flags & (1u << s->drive_kind));
2040 }
2041 
2042 void ide_exec_cmd(IDEBus *bus, uint32_t val)
2043 {
2044     IDEState *s;
2045     bool complete;
2046 
2047     s = idebus_active_if(bus);
2048     trace_ide_exec_cmd(bus, s, val);
2049 
2050     /* ignore commands to non existent slave */
2051     if (s != bus->ifs && !s->blk) {
2052         return;
2053     }
2054 
2055     /* Only RESET is allowed while BSY and/or DRQ are set,
2056      * and only to ATAPI devices. */
2057     if (s->status & (BUSY_STAT|DRQ_STAT)) {
2058         if (val != WIN_DEVICE_RESET || s->drive_kind != IDE_CD) {
2059             return;
2060         }
2061     }
2062 
2063     if (!ide_cmd_permitted(s, val)) {
2064         ide_abort_command(s);
2065         ide_set_irq(s->bus);
2066         return;
2067     }
2068 
2069     s->status = READY_STAT | BUSY_STAT;
2070     s->error = 0;
2071     s->io_buffer_offset = 0;
2072 
2073     complete = ide_cmd_table[val].handler(s, val);
2074     if (complete) {
2075         s->status &= ~BUSY_STAT;
2076         assert(!!s->error == !!(s->status & ERR_STAT));
2077 
2078         if ((ide_cmd_table[val].flags & SET_DSC) && !s->error) {
2079             s->status |= SEEK_STAT;
2080         }
2081 
2082         ide_cmd_done(s);
2083         ide_set_irq(s->bus);
2084     }
2085 }
2086 
2087 /* IOport [R]ead [R]egisters */
2088 enum ATA_IOPORT_RR {
2089     ATA_IOPORT_RR_DATA = 0,
2090     ATA_IOPORT_RR_ERROR = 1,
2091     ATA_IOPORT_RR_SECTOR_COUNT = 2,
2092     ATA_IOPORT_RR_SECTOR_NUMBER = 3,
2093     ATA_IOPORT_RR_CYLINDER_LOW = 4,
2094     ATA_IOPORT_RR_CYLINDER_HIGH = 5,
2095     ATA_IOPORT_RR_DEVICE_HEAD = 6,
2096     ATA_IOPORT_RR_STATUS = 7,
2097     ATA_IOPORT_RR_NUM_REGISTERS,
2098 };
2099 
2100 const char *ATA_IOPORT_RR_lookup[ATA_IOPORT_RR_NUM_REGISTERS] = {
2101     [ATA_IOPORT_RR_DATA] = "Data",
2102     [ATA_IOPORT_RR_ERROR] = "Error",
2103     [ATA_IOPORT_RR_SECTOR_COUNT] = "Sector Count",
2104     [ATA_IOPORT_RR_SECTOR_NUMBER] = "Sector Number",
2105     [ATA_IOPORT_RR_CYLINDER_LOW] = "Cylinder Low",
2106     [ATA_IOPORT_RR_CYLINDER_HIGH] = "Cylinder High",
2107     [ATA_IOPORT_RR_DEVICE_HEAD] = "Device/Head",
2108     [ATA_IOPORT_RR_STATUS] = "Status"
2109 };
2110 
2111 uint32_t ide_ioport_read(void *opaque, uint32_t addr)
2112 {
2113     IDEBus *bus = opaque;
2114     IDEState *s = idebus_active_if(bus);
2115     uint32_t reg_num;
2116     int ret, hob;
2117 
2118     reg_num = addr & 7;
2119     /* FIXME: HOB readback uses bit 7, but it's always set right now */
2120     //hob = s->select & (1 << 7);
2121     hob = 0;
2122     switch (reg_num) {
2123     case ATA_IOPORT_RR_DATA:
2124         ret = 0xff;
2125         break;
2126     case ATA_IOPORT_RR_ERROR:
2127         if ((!bus->ifs[0].blk && !bus->ifs[1].blk) ||
2128             (s != bus->ifs && !s->blk)) {
2129             ret = 0;
2130         } else if (!hob) {
2131             ret = s->error;
2132         } else {
2133             ret = s->hob_feature;
2134         }
2135         break;
2136     case ATA_IOPORT_RR_SECTOR_COUNT:
2137         if (!bus->ifs[0].blk && !bus->ifs[1].blk) {
2138             ret = 0;
2139         } else if (!hob) {
2140             ret = s->nsector & 0xff;
2141         } else {
2142             ret = s->hob_nsector;
2143         }
2144         break;
2145     case ATA_IOPORT_RR_SECTOR_NUMBER:
2146         if (!bus->ifs[0].blk && !bus->ifs[1].blk) {
2147             ret = 0;
2148         } else if (!hob) {
2149             ret = s->sector;
2150         } else {
2151             ret = s->hob_sector;
2152         }
2153         break;
2154     case ATA_IOPORT_RR_CYLINDER_LOW:
2155         if (!bus->ifs[0].blk && !bus->ifs[1].blk) {
2156             ret = 0;
2157         } else if (!hob) {
2158             ret = s->lcyl;
2159         } else {
2160             ret = s->hob_lcyl;
2161         }
2162         break;
2163     case ATA_IOPORT_RR_CYLINDER_HIGH:
2164         if (!bus->ifs[0].blk && !bus->ifs[1].blk) {
2165             ret = 0;
2166         } else if (!hob) {
2167             ret = s->hcyl;
2168         } else {
2169             ret = s->hob_hcyl;
2170         }
2171         break;
2172     case ATA_IOPORT_RR_DEVICE_HEAD:
2173         if (!bus->ifs[0].blk && !bus->ifs[1].blk) {
2174             ret = 0;
2175         } else {
2176             ret = s->select;
2177         }
2178         break;
2179     default:
2180     case ATA_IOPORT_RR_STATUS:
2181         if ((!bus->ifs[0].blk && !bus->ifs[1].blk) ||
2182             (s != bus->ifs && !s->blk)) {
2183             ret = 0;
2184         } else {
2185             ret = s->status;
2186         }
2187         qemu_irq_lower(bus->irq);
2188         break;
2189     }
2190 
2191     trace_ide_ioport_read(addr, ATA_IOPORT_RR_lookup[reg_num], ret, bus, s);
2192     return ret;
2193 }
2194 
2195 uint32_t ide_status_read(void *opaque, uint32_t addr)
2196 {
2197     IDEBus *bus = opaque;
2198     IDEState *s = idebus_active_if(bus);
2199     int ret;
2200 
2201     if ((!bus->ifs[0].blk && !bus->ifs[1].blk) ||
2202         (s != bus->ifs && !s->blk)) {
2203         ret = 0;
2204     } else {
2205         ret = s->status;
2206     }
2207 
2208     trace_ide_status_read(addr, ret, bus, s);
2209     return ret;
2210 }
2211 
2212 void ide_cmd_write(void *opaque, uint32_t addr, uint32_t val)
2213 {
2214     IDEBus *bus = opaque;
2215     IDEState *s;
2216     int i;
2217 
2218     trace_ide_cmd_write(addr, val, bus);
2219 
2220     /* common for both drives */
2221     if (!(bus->cmd & IDE_CMD_RESET) &&
2222         (val & IDE_CMD_RESET)) {
2223         /* reset low to high */
2224         for(i = 0;i < 2; i++) {
2225             s = &bus->ifs[i];
2226             s->status = BUSY_STAT | SEEK_STAT;
2227             s->error = 0x01;
2228         }
2229     } else if ((bus->cmd & IDE_CMD_RESET) &&
2230                !(val & IDE_CMD_RESET)) {
2231         /* high to low */
2232         for(i = 0;i < 2; i++) {
2233             s = &bus->ifs[i];
2234             if (s->drive_kind == IDE_CD)
2235                 s->status = 0x00; /* NOTE: READY is _not_ set */
2236             else
2237                 s->status = READY_STAT | SEEK_STAT;
2238             ide_set_signature(s);
2239         }
2240     }
2241 
2242     bus->cmd = val;
2243 }
2244 
2245 /*
2246  * Returns true if the running PIO transfer is a PIO out (i.e. data is
2247  * transferred from the device to the guest), false if it's a PIO in
2248  */
2249 static bool ide_is_pio_out(IDEState *s)
2250 {
2251     if (s->end_transfer_func == ide_sector_write ||
2252         s->end_transfer_func == ide_atapi_cmd) {
2253         return false;
2254     } else if (s->end_transfer_func == ide_sector_read ||
2255                s->end_transfer_func == ide_transfer_stop ||
2256                s->end_transfer_func == ide_atapi_cmd_reply_end ||
2257                s->end_transfer_func == ide_dummy_transfer_stop) {
2258         return true;
2259     }
2260 
2261     abort();
2262 }
2263 
2264 void ide_data_writew(void *opaque, uint32_t addr, uint32_t val)
2265 {
2266     IDEBus *bus = opaque;
2267     IDEState *s = idebus_active_if(bus);
2268     uint8_t *p;
2269 
2270     trace_ide_data_writew(addr, val, bus, s);
2271 
2272     /* PIO data access allowed only when DRQ bit is set. The result of a write
2273      * during PIO out is indeterminate, just ignore it. */
2274     if (!(s->status & DRQ_STAT) || ide_is_pio_out(s)) {
2275         return;
2276     }
2277 
2278     p = s->data_ptr;
2279     if (p + 2 > s->data_end) {
2280         return;
2281     }
2282 
2283     *(uint16_t *)p = le16_to_cpu(val);
2284     p += 2;
2285     s->data_ptr = p;
2286     if (p >= s->data_end) {
2287         s->status &= ~DRQ_STAT;
2288         s->end_transfer_func(s);
2289     }
2290 }
2291 
2292 uint32_t ide_data_readw(void *opaque, uint32_t addr)
2293 {
2294     IDEBus *bus = opaque;
2295     IDEState *s = idebus_active_if(bus);
2296     uint8_t *p;
2297     int ret;
2298 
2299     /* PIO data access allowed only when DRQ bit is set. The result of a read
2300      * during PIO in is indeterminate, return 0 and don't move forward. */
2301     if (!(s->status & DRQ_STAT) || !ide_is_pio_out(s)) {
2302         return 0;
2303     }
2304 
2305     p = s->data_ptr;
2306     if (p + 2 > s->data_end) {
2307         return 0;
2308     }
2309 
2310     ret = cpu_to_le16(*(uint16_t *)p);
2311     p += 2;
2312     s->data_ptr = p;
2313     if (p >= s->data_end) {
2314         s->status &= ~DRQ_STAT;
2315         s->end_transfer_func(s);
2316     }
2317 
2318     trace_ide_data_readw(addr, ret, bus, s);
2319     return ret;
2320 }
2321 
2322 void ide_data_writel(void *opaque, uint32_t addr, uint32_t val)
2323 {
2324     IDEBus *bus = opaque;
2325     IDEState *s = idebus_active_if(bus);
2326     uint8_t *p;
2327 
2328     trace_ide_data_writel(addr, val, bus, s);
2329 
2330     /* PIO data access allowed only when DRQ bit is set. The result of a write
2331      * during PIO out is indeterminate, just ignore it. */
2332     if (!(s->status & DRQ_STAT) || ide_is_pio_out(s)) {
2333         return;
2334     }
2335 
2336     p = s->data_ptr;
2337     if (p + 4 > s->data_end) {
2338         return;
2339     }
2340 
2341     *(uint32_t *)p = le32_to_cpu(val);
2342     p += 4;
2343     s->data_ptr = p;
2344     if (p >= s->data_end) {
2345         s->status &= ~DRQ_STAT;
2346         s->end_transfer_func(s);
2347     }
2348 }
2349 
2350 uint32_t ide_data_readl(void *opaque, uint32_t addr)
2351 {
2352     IDEBus *bus = opaque;
2353     IDEState *s = idebus_active_if(bus);
2354     uint8_t *p;
2355     int ret;
2356 
2357     /* PIO data access allowed only when DRQ bit is set. The result of a read
2358      * during PIO in is indeterminate, return 0 and don't move forward. */
2359     if (!(s->status & DRQ_STAT) || !ide_is_pio_out(s)) {
2360         ret = 0;
2361         goto out;
2362     }
2363 
2364     p = s->data_ptr;
2365     if (p + 4 > s->data_end) {
2366         return 0;
2367     }
2368 
2369     ret = cpu_to_le32(*(uint32_t *)p);
2370     p += 4;
2371     s->data_ptr = p;
2372     if (p >= s->data_end) {
2373         s->status &= ~DRQ_STAT;
2374         s->end_transfer_func(s);
2375     }
2376 
2377 out:
2378     trace_ide_data_readl(addr, ret, bus, s);
2379     return ret;
2380 }
2381 
2382 static void ide_dummy_transfer_stop(IDEState *s)
2383 {
2384     s->data_ptr = s->io_buffer;
2385     s->data_end = s->io_buffer;
2386     s->io_buffer[0] = 0xff;
2387     s->io_buffer[1] = 0xff;
2388     s->io_buffer[2] = 0xff;
2389     s->io_buffer[3] = 0xff;
2390 }
2391 
2392 void ide_bus_reset(IDEBus *bus)
2393 {
2394     bus->unit = 0;
2395     bus->cmd = 0;
2396     ide_reset(&bus->ifs[0]);
2397     ide_reset(&bus->ifs[1]);
2398     ide_clear_hob(bus);
2399 
2400     /* pending async DMA */
2401     if (bus->dma->aiocb) {
2402         trace_ide_bus_reset_aio();
2403         blk_aio_cancel(bus->dma->aiocb);
2404         bus->dma->aiocb = NULL;
2405     }
2406 
2407     /* reset dma provider too */
2408     if (bus->dma->ops->reset) {
2409         bus->dma->ops->reset(bus->dma);
2410     }
2411 }
2412 
2413 static bool ide_cd_is_tray_open(void *opaque)
2414 {
2415     return ((IDEState *)opaque)->tray_open;
2416 }
2417 
2418 static bool ide_cd_is_medium_locked(void *opaque)
2419 {
2420     return ((IDEState *)opaque)->tray_locked;
2421 }
2422 
2423 static void ide_resize_cb(void *opaque)
2424 {
2425     IDEState *s = opaque;
2426     uint64_t nb_sectors;
2427 
2428     if (!s->identify_set) {
2429         return;
2430     }
2431 
2432     blk_get_geometry(s->blk, &nb_sectors);
2433     s->nb_sectors = nb_sectors;
2434 
2435     /* Update the identify data buffer. */
2436     if (s->drive_kind == IDE_CFATA) {
2437         ide_cfata_identify_size(s);
2438     } else {
2439         /* IDE_CD uses a different set of callbacks entirely. */
2440         assert(s->drive_kind != IDE_CD);
2441         ide_identify_size(s);
2442     }
2443 }
2444 
2445 static const BlockDevOps ide_cd_block_ops = {
2446     .change_media_cb = ide_cd_change_cb,
2447     .eject_request_cb = ide_cd_eject_request_cb,
2448     .is_tray_open = ide_cd_is_tray_open,
2449     .is_medium_locked = ide_cd_is_medium_locked,
2450 };
2451 
2452 static const BlockDevOps ide_hd_block_ops = {
2453     .resize_cb = ide_resize_cb,
2454 };
2455 
2456 int ide_init_drive(IDEState *s, BlockBackend *blk, IDEDriveKind kind,
2457                    const char *version, const char *serial, const char *model,
2458                    uint64_t wwn,
2459                    uint32_t cylinders, uint32_t heads, uint32_t secs,
2460                    int chs_trans, Error **errp)
2461 {
2462     uint64_t nb_sectors;
2463 
2464     s->blk = blk;
2465     s->drive_kind = kind;
2466 
2467     blk_get_geometry(blk, &nb_sectors);
2468     s->cylinders = cylinders;
2469     s->heads = heads;
2470     s->sectors = secs;
2471     s->chs_trans = chs_trans;
2472     s->nb_sectors = nb_sectors;
2473     s->wwn = wwn;
2474     /* The SMART values should be preserved across power cycles
2475        but they aren't.  */
2476     s->smart_enabled = 1;
2477     s->smart_autosave = 1;
2478     s->smart_errors = 0;
2479     s->smart_selftest_count = 0;
2480     if (kind == IDE_CD) {
2481         blk_set_dev_ops(blk, &ide_cd_block_ops, s);
2482         blk_set_guest_block_size(blk, 2048);
2483     } else {
2484         if (!blk_is_inserted(s->blk)) {
2485             error_setg(errp, "Device needs media, but drive is empty");
2486             return -1;
2487         }
2488         if (blk_is_read_only(blk)) {
2489             error_setg(errp, "Can't use a read-only drive");
2490             return -1;
2491         }
2492         blk_set_dev_ops(blk, &ide_hd_block_ops, s);
2493     }
2494     if (serial) {
2495         pstrcpy(s->drive_serial_str, sizeof(s->drive_serial_str), serial);
2496     } else {
2497         snprintf(s->drive_serial_str, sizeof(s->drive_serial_str),
2498                  "QM%05d", s->drive_serial);
2499     }
2500     if (model) {
2501         pstrcpy(s->drive_model_str, sizeof(s->drive_model_str), model);
2502     } else {
2503         switch (kind) {
2504         case IDE_CD:
2505             strcpy(s->drive_model_str, "QEMU DVD-ROM");
2506             break;
2507         case IDE_CFATA:
2508             strcpy(s->drive_model_str, "QEMU MICRODRIVE");
2509             break;
2510         default:
2511             strcpy(s->drive_model_str, "QEMU HARDDISK");
2512             break;
2513         }
2514     }
2515 
2516     if (version) {
2517         pstrcpy(s->version, sizeof(s->version), version);
2518     } else {
2519         pstrcpy(s->version, sizeof(s->version), qemu_hw_version());
2520     }
2521 
2522     ide_reset(s);
2523     blk_iostatus_enable(blk);
2524     return 0;
2525 }
2526 
2527 static void ide_init1(IDEBus *bus, int unit)
2528 {
2529     static int drive_serial = 1;
2530     IDEState *s = &bus->ifs[unit];
2531 
2532     s->bus = bus;
2533     s->unit = unit;
2534     s->drive_serial = drive_serial++;
2535     /* we need at least 2k alignment for accessing CDROMs using O_DIRECT */
2536     s->io_buffer_total_len = IDE_DMA_BUF_SECTORS*512 + 4;
2537     s->io_buffer = qemu_memalign(2048, s->io_buffer_total_len);
2538     memset(s->io_buffer, 0, s->io_buffer_total_len);
2539 
2540     s->smart_selftest_data = blk_blockalign(s->blk, 512);
2541     memset(s->smart_selftest_data, 0, 512);
2542 
2543     s->sector_write_timer = timer_new_ns(QEMU_CLOCK_VIRTUAL,
2544                                            ide_sector_write_timer_cb, s);
2545 }
2546 
2547 static int ide_nop_int(IDEDMA *dma, int x)
2548 {
2549     return 0;
2550 }
2551 
2552 static void ide_nop(IDEDMA *dma)
2553 {
2554 }
2555 
2556 static int32_t ide_nop_int32(IDEDMA *dma, int32_t l)
2557 {
2558     return 0;
2559 }
2560 
2561 static const IDEDMAOps ide_dma_nop_ops = {
2562     .prepare_buf    = ide_nop_int32,
2563     .restart_dma    = ide_nop,
2564     .rw_buf         = ide_nop_int,
2565 };
2566 
2567 static void ide_restart_dma(IDEState *s, enum ide_dma_cmd dma_cmd)
2568 {
2569     s->unit = s->bus->retry_unit;
2570     ide_set_sector(s, s->bus->retry_sector_num);
2571     s->nsector = s->bus->retry_nsector;
2572     s->bus->dma->ops->restart_dma(s->bus->dma);
2573     s->io_buffer_size = 0;
2574     s->dma_cmd = dma_cmd;
2575     ide_start_dma(s, ide_dma_cb);
2576 }
2577 
2578 static void ide_restart_bh(void *opaque)
2579 {
2580     IDEBus *bus = opaque;
2581     IDEState *s;
2582     bool is_read;
2583     int error_status;
2584 
2585     qemu_bh_delete(bus->bh);
2586     bus->bh = NULL;
2587 
2588     error_status = bus->error_status;
2589     if (bus->error_status == 0) {
2590         return;
2591     }
2592 
2593     s = idebus_active_if(bus);
2594     is_read = (bus->error_status & IDE_RETRY_READ) != 0;
2595 
2596     /* The error status must be cleared before resubmitting the request: The
2597      * request may fail again, and this case can only be distinguished if the
2598      * called function can set a new error status. */
2599     bus->error_status = 0;
2600 
2601     /* The HBA has generically asked to be kicked on retry */
2602     if (error_status & IDE_RETRY_HBA) {
2603         if (s->bus->dma->ops->restart) {
2604             s->bus->dma->ops->restart(s->bus->dma);
2605         }
2606     } else if (IS_IDE_RETRY_DMA(error_status)) {
2607         if (error_status & IDE_RETRY_TRIM) {
2608             ide_restart_dma(s, IDE_DMA_TRIM);
2609         } else {
2610             ide_restart_dma(s, is_read ? IDE_DMA_READ : IDE_DMA_WRITE);
2611         }
2612     } else if (IS_IDE_RETRY_PIO(error_status)) {
2613         if (is_read) {
2614             ide_sector_read(s);
2615         } else {
2616             ide_sector_write(s);
2617         }
2618     } else if (error_status & IDE_RETRY_FLUSH) {
2619         ide_flush_cache(s);
2620     } else if (IS_IDE_RETRY_ATAPI(error_status)) {
2621         assert(s->end_transfer_func == ide_atapi_cmd);
2622         ide_atapi_dma_restart(s);
2623     } else {
2624         abort();
2625     }
2626 }
2627 
2628 static void ide_restart_cb(void *opaque, int running, RunState state)
2629 {
2630     IDEBus *bus = opaque;
2631 
2632     if (!running)
2633         return;
2634 
2635     if (!bus->bh) {
2636         bus->bh = qemu_bh_new(ide_restart_bh, bus);
2637         qemu_bh_schedule(bus->bh);
2638     }
2639 }
2640 
2641 void ide_register_restart_cb(IDEBus *bus)
2642 {
2643     if (bus->dma->ops->restart_dma) {
2644         bus->vmstate = qemu_add_vm_change_state_handler(ide_restart_cb, bus);
2645     }
2646 }
2647 
2648 static IDEDMA ide_dma_nop = {
2649     .ops = &ide_dma_nop_ops,
2650     .aiocb = NULL,
2651 };
2652 
2653 void ide_init2(IDEBus *bus, qemu_irq irq)
2654 {
2655     int i;
2656 
2657     for(i = 0; i < 2; i++) {
2658         ide_init1(bus, i);
2659         ide_reset(&bus->ifs[i]);
2660     }
2661     bus->irq = irq;
2662     bus->dma = &ide_dma_nop;
2663 }
2664 
2665 void ide_exit(IDEState *s)
2666 {
2667     timer_del(s->sector_write_timer);
2668     timer_free(s->sector_write_timer);
2669     qemu_vfree(s->smart_selftest_data);
2670     qemu_vfree(s->io_buffer);
2671 }
2672 
2673 static bool is_identify_set(void *opaque, int version_id)
2674 {
2675     IDEState *s = opaque;
2676 
2677     return s->identify_set != 0;
2678 }
2679 
2680 static EndTransferFunc* transfer_end_table[] = {
2681         ide_sector_read,
2682         ide_sector_write,
2683         ide_transfer_stop,
2684         ide_atapi_cmd_reply_end,
2685         ide_atapi_cmd,
2686         ide_dummy_transfer_stop,
2687 };
2688 
2689 static int transfer_end_table_idx(EndTransferFunc *fn)
2690 {
2691     int i;
2692 
2693     for (i = 0; i < ARRAY_SIZE(transfer_end_table); i++)
2694         if (transfer_end_table[i] == fn)
2695             return i;
2696 
2697     return -1;
2698 }
2699 
2700 static int ide_drive_post_load(void *opaque, int version_id)
2701 {
2702     IDEState *s = opaque;
2703 
2704     if (s->blk && s->identify_set) {
2705         blk_set_enable_write_cache(s->blk, !!(s->identify_data[85] & (1 << 5)));
2706     }
2707     return 0;
2708 }
2709 
2710 static int ide_drive_pio_post_load(void *opaque, int version_id)
2711 {
2712     IDEState *s = opaque;
2713 
2714     if (s->end_transfer_fn_idx >= ARRAY_SIZE(transfer_end_table)) {
2715         return -EINVAL;
2716     }
2717     s->end_transfer_func = transfer_end_table[s->end_transfer_fn_idx];
2718     s->data_ptr = s->io_buffer + s->cur_io_buffer_offset;
2719     s->data_end = s->data_ptr + s->cur_io_buffer_len;
2720     s->atapi_dma = s->feature & 1; /* as per cmd_packet */
2721 
2722     return 0;
2723 }
2724 
2725 static int ide_drive_pio_pre_save(void *opaque)
2726 {
2727     IDEState *s = opaque;
2728     int idx;
2729 
2730     s->cur_io_buffer_offset = s->data_ptr - s->io_buffer;
2731     s->cur_io_buffer_len = s->data_end - s->data_ptr;
2732 
2733     idx = transfer_end_table_idx(s->end_transfer_func);
2734     if (idx == -1) {
2735         fprintf(stderr, "%s: invalid end_transfer_func for DRQ_STAT\n",
2736                         __func__);
2737         s->end_transfer_fn_idx = 2;
2738     } else {
2739         s->end_transfer_fn_idx = idx;
2740     }
2741 
2742     return 0;
2743 }
2744 
2745 static bool ide_drive_pio_state_needed(void *opaque)
2746 {
2747     IDEState *s = opaque;
2748 
2749     return ((s->status & DRQ_STAT) != 0)
2750         || (s->bus->error_status & IDE_RETRY_PIO);
2751 }
2752 
2753 static bool ide_tray_state_needed(void *opaque)
2754 {
2755     IDEState *s = opaque;
2756 
2757     return s->tray_open || s->tray_locked;
2758 }
2759 
2760 static bool ide_atapi_gesn_needed(void *opaque)
2761 {
2762     IDEState *s = opaque;
2763 
2764     return s->events.new_media || s->events.eject_request;
2765 }
2766 
2767 static bool ide_error_needed(void *opaque)
2768 {
2769     IDEBus *bus = opaque;
2770 
2771     return (bus->error_status != 0);
2772 }
2773 
2774 /* Fields for GET_EVENT_STATUS_NOTIFICATION ATAPI command */
2775 static const VMStateDescription vmstate_ide_atapi_gesn_state = {
2776     .name ="ide_drive/atapi/gesn_state",
2777     .version_id = 1,
2778     .minimum_version_id = 1,
2779     .needed = ide_atapi_gesn_needed,
2780     .fields = (VMStateField[]) {
2781         VMSTATE_BOOL(events.new_media, IDEState),
2782         VMSTATE_BOOL(events.eject_request, IDEState),
2783         VMSTATE_END_OF_LIST()
2784     }
2785 };
2786 
2787 static const VMStateDescription vmstate_ide_tray_state = {
2788     .name = "ide_drive/tray_state",
2789     .version_id = 1,
2790     .minimum_version_id = 1,
2791     .needed = ide_tray_state_needed,
2792     .fields = (VMStateField[]) {
2793         VMSTATE_BOOL(tray_open, IDEState),
2794         VMSTATE_BOOL(tray_locked, IDEState),
2795         VMSTATE_END_OF_LIST()
2796     }
2797 };
2798 
2799 static const VMStateDescription vmstate_ide_drive_pio_state = {
2800     .name = "ide_drive/pio_state",
2801     .version_id = 1,
2802     .minimum_version_id = 1,
2803     .pre_save = ide_drive_pio_pre_save,
2804     .post_load = ide_drive_pio_post_load,
2805     .needed = ide_drive_pio_state_needed,
2806     .fields = (VMStateField[]) {
2807         VMSTATE_INT32(req_nb_sectors, IDEState),
2808         VMSTATE_VARRAY_INT32(io_buffer, IDEState, io_buffer_total_len, 1,
2809                              vmstate_info_uint8, uint8_t),
2810         VMSTATE_INT32(cur_io_buffer_offset, IDEState),
2811         VMSTATE_INT32(cur_io_buffer_len, IDEState),
2812         VMSTATE_UINT8(end_transfer_fn_idx, IDEState),
2813         VMSTATE_INT32(elementary_transfer_size, IDEState),
2814         VMSTATE_INT32(packet_transfer_size, IDEState),
2815         VMSTATE_END_OF_LIST()
2816     }
2817 };
2818 
2819 const VMStateDescription vmstate_ide_drive = {
2820     .name = "ide_drive",
2821     .version_id = 3,
2822     .minimum_version_id = 0,
2823     .post_load = ide_drive_post_load,
2824     .fields = (VMStateField[]) {
2825         VMSTATE_INT32(mult_sectors, IDEState),
2826         VMSTATE_INT32(identify_set, IDEState),
2827         VMSTATE_BUFFER_TEST(identify_data, IDEState, is_identify_set),
2828         VMSTATE_UINT8(feature, IDEState),
2829         VMSTATE_UINT8(error, IDEState),
2830         VMSTATE_UINT32(nsector, IDEState),
2831         VMSTATE_UINT8(sector, IDEState),
2832         VMSTATE_UINT8(lcyl, IDEState),
2833         VMSTATE_UINT8(hcyl, IDEState),
2834         VMSTATE_UINT8(hob_feature, IDEState),
2835         VMSTATE_UINT8(hob_sector, IDEState),
2836         VMSTATE_UINT8(hob_nsector, IDEState),
2837         VMSTATE_UINT8(hob_lcyl, IDEState),
2838         VMSTATE_UINT8(hob_hcyl, IDEState),
2839         VMSTATE_UINT8(select, IDEState),
2840         VMSTATE_UINT8(status, IDEState),
2841         VMSTATE_UINT8(lba48, IDEState),
2842         VMSTATE_UINT8(sense_key, IDEState),
2843         VMSTATE_UINT8(asc, IDEState),
2844         VMSTATE_UINT8_V(cdrom_changed, IDEState, 3),
2845         VMSTATE_END_OF_LIST()
2846     },
2847     .subsections = (const VMStateDescription*[]) {
2848         &vmstate_ide_drive_pio_state,
2849         &vmstate_ide_tray_state,
2850         &vmstate_ide_atapi_gesn_state,
2851         NULL
2852     }
2853 };
2854 
2855 static const VMStateDescription vmstate_ide_error_status = {
2856     .name ="ide_bus/error",
2857     .version_id = 2,
2858     .minimum_version_id = 1,
2859     .needed = ide_error_needed,
2860     .fields = (VMStateField[]) {
2861         VMSTATE_INT32(error_status, IDEBus),
2862         VMSTATE_INT64_V(retry_sector_num, IDEBus, 2),
2863         VMSTATE_UINT32_V(retry_nsector, IDEBus, 2),
2864         VMSTATE_UINT8_V(retry_unit, IDEBus, 2),
2865         VMSTATE_END_OF_LIST()
2866     }
2867 };
2868 
2869 const VMStateDescription vmstate_ide_bus = {
2870     .name = "ide_bus",
2871     .version_id = 1,
2872     .minimum_version_id = 1,
2873     .fields = (VMStateField[]) {
2874         VMSTATE_UINT8(cmd, IDEBus),
2875         VMSTATE_UINT8(unit, IDEBus),
2876         VMSTATE_END_OF_LIST()
2877     },
2878     .subsections = (const VMStateDescription*[]) {
2879         &vmstate_ide_error_status,
2880         NULL
2881     }
2882 };
2883 
2884 void ide_drive_get(DriveInfo **hd, int n)
2885 {
2886     int i;
2887 
2888     for (i = 0; i < n; i++) {
2889         hd[i] = drive_get_by_index(IF_IDE, i);
2890     }
2891 }
2892