1 /* 2 * QEMU IDE disk and CD/DVD-ROM Emulator 3 * 4 * Copyright (c) 2003 Fabrice Bellard 5 * Copyright (c) 2006 Openedhand Ltd. 6 * 7 * Permission is hereby granted, free of charge, to any person obtaining a copy 8 * of this software and associated documentation files (the "Software"), to deal 9 * in the Software without restriction, including without limitation the rights 10 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 11 * copies of the Software, and to permit persons to whom the Software is 12 * furnished to do so, subject to the following conditions: 13 * 14 * The above copyright notice and this permission notice shall be included in 15 * all copies or substantial portions of the Software. 16 * 17 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 18 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 19 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL 20 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 21 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 22 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 23 * THE SOFTWARE. 24 */ 25 26 #include "qemu/osdep.h" 27 #include "hw/isa/isa.h" 28 #include "migration/vmstate.h" 29 #include "qemu/error-report.h" 30 #include "qemu/main-loop.h" 31 #include "qemu/timer.h" 32 #include "qemu/hw-version.h" 33 #include "qemu/memalign.h" 34 #include "sysemu/sysemu.h" 35 #include "sysemu/blockdev.h" 36 #include "sysemu/dma.h" 37 #include "hw/block/block.h" 38 #include "sysemu/block-backend.h" 39 #include "qapi/error.h" 40 #include "qemu/cutils.h" 41 #include "sysemu/replay.h" 42 #include "sysemu/runstate.h" 43 #include "hw/ide/internal.h" 44 #include "trace.h" 45 46 /* These values were based on a Seagate ST3500418AS but have been modified 47 to make more sense in QEMU */ 48 static const int smart_attributes[][12] = { 49 /* id, flags, hflags, val, wrst, raw (6 bytes), threshold */ 50 /* raw read error rate*/ 51 { 0x01, 0x03, 0x00, 0x64, 0x64, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x06}, 52 /* spin up */ 53 { 0x03, 0x03, 0x00, 0x64, 0x64, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, 54 /* start stop count */ 55 { 0x04, 0x02, 0x00, 0x64, 0x64, 0x64, 0x00, 0x00, 0x00, 0x00, 0x00, 0x14}, 56 /* remapped sectors */ 57 { 0x05, 0x03, 0x00, 0x64, 0x64, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x24}, 58 /* power on hours */ 59 { 0x09, 0x03, 0x00, 0x64, 0x64, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, 60 /* power cycle count */ 61 { 0x0c, 0x03, 0x00, 0x64, 0x64, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, 62 /* airflow-temperature-celsius */ 63 { 190, 0x03, 0x00, 0x45, 0x45, 0x1f, 0x00, 0x1f, 0x1f, 0x00, 0x00, 0x32}, 64 }; 65 66 const char *IDE_DMA_CMD_lookup[IDE_DMA__COUNT] = { 67 [IDE_DMA_READ] = "DMA READ", 68 [IDE_DMA_WRITE] = "DMA WRITE", 69 [IDE_DMA_TRIM] = "DMA TRIM", 70 [IDE_DMA_ATAPI] = "DMA ATAPI" 71 }; 72 73 static const char *IDE_DMA_CMD_str(enum ide_dma_cmd enval) 74 { 75 if ((unsigned)enval < IDE_DMA__COUNT) { 76 return IDE_DMA_CMD_lookup[enval]; 77 } 78 return "DMA UNKNOWN CMD"; 79 } 80 81 static void ide_dummy_transfer_stop(IDEState *s); 82 83 static void padstr(char *str, const char *src, int len) 84 { 85 int i, v; 86 for(i = 0; i < len; i++) { 87 if (*src) 88 v = *src++; 89 else 90 v = ' '; 91 str[i^1] = v; 92 } 93 } 94 95 static void put_le16(uint16_t *p, unsigned int v) 96 { 97 *p = cpu_to_le16(v); 98 } 99 100 static void ide_identify_size(IDEState *s) 101 { 102 uint16_t *p = (uint16_t *)s->identify_data; 103 int64_t nb_sectors_lba28 = s->nb_sectors; 104 if (nb_sectors_lba28 >= 1 << 28) { 105 nb_sectors_lba28 = (1 << 28) - 1; 106 } 107 put_le16(p + 60, nb_sectors_lba28); 108 put_le16(p + 61, nb_sectors_lba28 >> 16); 109 put_le16(p + 100, s->nb_sectors); 110 put_le16(p + 101, s->nb_sectors >> 16); 111 put_le16(p + 102, s->nb_sectors >> 32); 112 put_le16(p + 103, s->nb_sectors >> 48); 113 } 114 115 static void ide_identify(IDEState *s) 116 { 117 uint16_t *p; 118 unsigned int oldsize; 119 IDEDevice *dev = s->unit ? s->bus->slave : s->bus->master; 120 121 p = (uint16_t *)s->identify_data; 122 if (s->identify_set) { 123 goto fill_buffer; 124 } 125 memset(p, 0, sizeof(s->identify_data)); 126 127 put_le16(p + 0, 0x0040); 128 put_le16(p + 1, s->cylinders); 129 put_le16(p + 3, s->heads); 130 put_le16(p + 4, 512 * s->sectors); /* XXX: retired, remove ? */ 131 put_le16(p + 5, 512); /* XXX: retired, remove ? */ 132 put_le16(p + 6, s->sectors); 133 padstr((char *)(p + 10), s->drive_serial_str, 20); /* serial number */ 134 put_le16(p + 20, 3); /* XXX: retired, remove ? */ 135 put_le16(p + 21, 512); /* cache size in sectors */ 136 put_le16(p + 22, 4); /* ecc bytes */ 137 padstr((char *)(p + 23), s->version, 8); /* firmware version */ 138 padstr((char *)(p + 27), s->drive_model_str, 40); /* model */ 139 #if MAX_MULT_SECTORS > 1 140 put_le16(p + 47, 0x8000 | MAX_MULT_SECTORS); 141 #endif 142 put_le16(p + 48, 1); /* dword I/O */ 143 put_le16(p + 49, (1 << 11) | (1 << 9) | (1 << 8)); /* DMA and LBA supported */ 144 put_le16(p + 51, 0x200); /* PIO transfer cycle */ 145 put_le16(p + 52, 0x200); /* DMA transfer cycle */ 146 put_le16(p + 53, 1 | (1 << 1) | (1 << 2)); /* words 54-58,64-70,88 are valid */ 147 put_le16(p + 54, s->cylinders); 148 put_le16(p + 55, s->heads); 149 put_le16(p + 56, s->sectors); 150 oldsize = s->cylinders * s->heads * s->sectors; 151 put_le16(p + 57, oldsize); 152 put_le16(p + 58, oldsize >> 16); 153 if (s->mult_sectors) 154 put_le16(p + 59, 0x100 | s->mult_sectors); 155 /* *(p + 60) := nb_sectors -- see ide_identify_size */ 156 /* *(p + 61) := nb_sectors >> 16 -- see ide_identify_size */ 157 put_le16(p + 62, 0x07); /* single word dma0-2 supported */ 158 put_le16(p + 63, 0x07); /* mdma0-2 supported */ 159 put_le16(p + 64, 0x03); /* pio3-4 supported */ 160 put_le16(p + 65, 120); 161 put_le16(p + 66, 120); 162 put_le16(p + 67, 120); 163 put_le16(p + 68, 120); 164 if (dev && dev->conf.discard_granularity) { 165 put_le16(p + 69, (1 << 14)); /* determinate TRIM behavior */ 166 } 167 168 if (s->ncq_queues) { 169 put_le16(p + 75, s->ncq_queues - 1); 170 /* NCQ supported */ 171 put_le16(p + 76, (1 << 8)); 172 } 173 174 put_le16(p + 80, 0xf0); /* ata3 -> ata6 supported */ 175 put_le16(p + 81, 0x16); /* conforms to ata5 */ 176 /* 14=NOP supported, 5=WCACHE supported, 0=SMART supported */ 177 put_le16(p + 82, (1 << 14) | (1 << 5) | 1); 178 /* 13=flush_cache_ext,12=flush_cache,10=lba48 */ 179 put_le16(p + 83, (1 << 14) | (1 << 13) | (1 <<12) | (1 << 10)); 180 /* 14=set to 1, 8=has WWN, 1=SMART self test, 0=SMART error logging */ 181 if (s->wwn) { 182 put_le16(p + 84, (1 << 14) | (1 << 8) | 0); 183 } else { 184 put_le16(p + 84, (1 << 14) | 0); 185 } 186 /* 14 = NOP supported, 5=WCACHE enabled, 0=SMART feature set enabled */ 187 if (blk_enable_write_cache(s->blk)) { 188 put_le16(p + 85, (1 << 14) | (1 << 5) | 1); 189 } else { 190 put_le16(p + 85, (1 << 14) | 1); 191 } 192 /* 13=flush_cache_ext,12=flush_cache,10=lba48 */ 193 put_le16(p + 86, (1 << 13) | (1 <<12) | (1 << 10)); 194 /* 14=set to 1, 8=has WWN, 1=SMART self test, 0=SMART error logging */ 195 if (s->wwn) { 196 put_le16(p + 87, (1 << 14) | (1 << 8) | 0); 197 } else { 198 put_le16(p + 87, (1 << 14) | 0); 199 } 200 put_le16(p + 88, 0x3f | (1 << 13)); /* udma5 set and supported */ 201 put_le16(p + 93, 1 | (1 << 14) | 0x2000); 202 /* *(p + 100) := nb_sectors -- see ide_identify_size */ 203 /* *(p + 101) := nb_sectors >> 16 -- see ide_identify_size */ 204 /* *(p + 102) := nb_sectors >> 32 -- see ide_identify_size */ 205 /* *(p + 103) := nb_sectors >> 48 -- see ide_identify_size */ 206 207 if (dev && dev->conf.physical_block_size) 208 put_le16(p + 106, 0x6000 | get_physical_block_exp(&dev->conf)); 209 if (s->wwn) { 210 /* LE 16-bit words 111-108 contain 64-bit World Wide Name */ 211 put_le16(p + 108, s->wwn >> 48); 212 put_le16(p + 109, s->wwn >> 32); 213 put_le16(p + 110, s->wwn >> 16); 214 put_le16(p + 111, s->wwn); 215 } 216 if (dev && dev->conf.discard_granularity) { 217 put_le16(p + 169, 1); /* TRIM support */ 218 } 219 if (dev) { 220 put_le16(p + 217, dev->rotation_rate); /* Nominal media rotation rate */ 221 } 222 223 ide_identify_size(s); 224 s->identify_set = 1; 225 226 fill_buffer: 227 memcpy(s->io_buffer, p, sizeof(s->identify_data)); 228 } 229 230 static void ide_atapi_identify(IDEState *s) 231 { 232 uint16_t *p; 233 234 p = (uint16_t *)s->identify_data; 235 if (s->identify_set) { 236 goto fill_buffer; 237 } 238 memset(p, 0, sizeof(s->identify_data)); 239 240 /* Removable CDROM, 50us response, 12 byte packets */ 241 put_le16(p + 0, (2 << 14) | (5 << 8) | (1 << 7) | (2 << 5) | (0 << 0)); 242 padstr((char *)(p + 10), s->drive_serial_str, 20); /* serial number */ 243 put_le16(p + 20, 3); /* buffer type */ 244 put_le16(p + 21, 512); /* cache size in sectors */ 245 put_le16(p + 22, 4); /* ecc bytes */ 246 padstr((char *)(p + 23), s->version, 8); /* firmware version */ 247 padstr((char *)(p + 27), s->drive_model_str, 40); /* model */ 248 put_le16(p + 48, 1); /* dword I/O (XXX: should not be set on CDROM) */ 249 #ifdef USE_DMA_CDROM 250 put_le16(p + 49, 1 << 9 | 1 << 8); /* DMA and LBA supported */ 251 put_le16(p + 53, 7); /* words 64-70, 54-58, 88 valid */ 252 put_le16(p + 62, 7); /* single word dma0-2 supported */ 253 put_le16(p + 63, 7); /* mdma0-2 supported */ 254 #else 255 put_le16(p + 49, 1 << 9); /* LBA supported, no DMA */ 256 put_le16(p + 53, 3); /* words 64-70, 54-58 valid */ 257 put_le16(p + 63, 0x103); /* DMA modes XXX: may be incorrect */ 258 #endif 259 put_le16(p + 64, 3); /* pio3-4 supported */ 260 put_le16(p + 65, 0xb4); /* minimum DMA multiword tx cycle time */ 261 put_le16(p + 66, 0xb4); /* recommended DMA multiword tx cycle time */ 262 put_le16(p + 67, 0x12c); /* minimum PIO cycle time without flow control */ 263 put_le16(p + 68, 0xb4); /* minimum PIO cycle time with IORDY flow control */ 264 265 put_le16(p + 71, 30); /* in ns */ 266 put_le16(p + 72, 30); /* in ns */ 267 268 if (s->ncq_queues) { 269 put_le16(p + 75, s->ncq_queues - 1); 270 /* NCQ supported */ 271 put_le16(p + 76, (1 << 8)); 272 } 273 274 put_le16(p + 80, 0x1e); /* support up to ATA/ATAPI-4 */ 275 if (s->wwn) { 276 put_le16(p + 84, (1 << 8)); /* supports WWN for words 108-111 */ 277 put_le16(p + 87, (1 << 8)); /* WWN enabled */ 278 } 279 280 #ifdef USE_DMA_CDROM 281 put_le16(p + 88, 0x3f | (1 << 13)); /* udma5 set and supported */ 282 #endif 283 284 if (s->wwn) { 285 /* LE 16-bit words 111-108 contain 64-bit World Wide Name */ 286 put_le16(p + 108, s->wwn >> 48); 287 put_le16(p + 109, s->wwn >> 32); 288 put_le16(p + 110, s->wwn >> 16); 289 put_le16(p + 111, s->wwn); 290 } 291 292 s->identify_set = 1; 293 294 fill_buffer: 295 memcpy(s->io_buffer, p, sizeof(s->identify_data)); 296 } 297 298 static void ide_cfata_identify_size(IDEState *s) 299 { 300 uint16_t *p = (uint16_t *)s->identify_data; 301 put_le16(p + 7, s->nb_sectors >> 16); /* Sectors per card */ 302 put_le16(p + 8, s->nb_sectors); /* Sectors per card */ 303 put_le16(p + 60, s->nb_sectors); /* Total LBA sectors */ 304 put_le16(p + 61, s->nb_sectors >> 16); /* Total LBA sectors */ 305 } 306 307 static void ide_cfata_identify(IDEState *s) 308 { 309 uint16_t *p; 310 uint32_t cur_sec; 311 312 p = (uint16_t *)s->identify_data; 313 if (s->identify_set) { 314 goto fill_buffer; 315 } 316 memset(p, 0, sizeof(s->identify_data)); 317 318 cur_sec = s->cylinders * s->heads * s->sectors; 319 320 put_le16(p + 0, 0x848a); /* CF Storage Card signature */ 321 put_le16(p + 1, s->cylinders); /* Default cylinders */ 322 put_le16(p + 3, s->heads); /* Default heads */ 323 put_le16(p + 6, s->sectors); /* Default sectors per track */ 324 /* *(p + 7) := nb_sectors >> 16 -- see ide_cfata_identify_size */ 325 /* *(p + 8) := nb_sectors -- see ide_cfata_identify_size */ 326 padstr((char *)(p + 10), s->drive_serial_str, 20); /* serial number */ 327 put_le16(p + 22, 0x0004); /* ECC bytes */ 328 padstr((char *) (p + 23), s->version, 8); /* Firmware Revision */ 329 padstr((char *) (p + 27), s->drive_model_str, 40);/* Model number */ 330 #if MAX_MULT_SECTORS > 1 331 put_le16(p + 47, 0x8000 | MAX_MULT_SECTORS); 332 #else 333 put_le16(p + 47, 0x0000); 334 #endif 335 put_le16(p + 49, 0x0f00); /* Capabilities */ 336 put_le16(p + 51, 0x0002); /* PIO cycle timing mode */ 337 put_le16(p + 52, 0x0001); /* DMA cycle timing mode */ 338 put_le16(p + 53, 0x0003); /* Translation params valid */ 339 put_le16(p + 54, s->cylinders); /* Current cylinders */ 340 put_le16(p + 55, s->heads); /* Current heads */ 341 put_le16(p + 56, s->sectors); /* Current sectors */ 342 put_le16(p + 57, cur_sec); /* Current capacity */ 343 put_le16(p + 58, cur_sec >> 16); /* Current capacity */ 344 if (s->mult_sectors) /* Multiple sector setting */ 345 put_le16(p + 59, 0x100 | s->mult_sectors); 346 /* *(p + 60) := nb_sectors -- see ide_cfata_identify_size */ 347 /* *(p + 61) := nb_sectors >> 16 -- see ide_cfata_identify_size */ 348 put_le16(p + 63, 0x0203); /* Multiword DMA capability */ 349 put_le16(p + 64, 0x0001); /* Flow Control PIO support */ 350 put_le16(p + 65, 0x0096); /* Min. Multiword DMA cycle */ 351 put_le16(p + 66, 0x0096); /* Rec. Multiword DMA cycle */ 352 put_le16(p + 68, 0x00b4); /* Min. PIO cycle time */ 353 put_le16(p + 82, 0x400c); /* Command Set supported */ 354 put_le16(p + 83, 0x7068); /* Command Set supported */ 355 put_le16(p + 84, 0x4000); /* Features supported */ 356 put_le16(p + 85, 0x000c); /* Command Set enabled */ 357 put_le16(p + 86, 0x7044); /* Command Set enabled */ 358 put_le16(p + 87, 0x4000); /* Features enabled */ 359 put_le16(p + 91, 0x4060); /* Current APM level */ 360 put_le16(p + 129, 0x0002); /* Current features option */ 361 put_le16(p + 130, 0x0005); /* Reassigned sectors */ 362 put_le16(p + 131, 0x0001); /* Initial power mode */ 363 put_le16(p + 132, 0x0000); /* User signature */ 364 put_le16(p + 160, 0x8100); /* Power requirement */ 365 put_le16(p + 161, 0x8001); /* CF command set */ 366 367 ide_cfata_identify_size(s); 368 s->identify_set = 1; 369 370 fill_buffer: 371 memcpy(s->io_buffer, p, sizeof(s->identify_data)); 372 } 373 374 static void ide_set_signature(IDEState *s) 375 { 376 s->select &= ~(ATA_DEV_HS); /* clear head */ 377 /* put signature */ 378 s->nsector = 1; 379 s->sector = 1; 380 if (s->drive_kind == IDE_CD) { 381 s->lcyl = 0x14; 382 s->hcyl = 0xeb; 383 } else if (s->blk) { 384 s->lcyl = 0; 385 s->hcyl = 0; 386 } else { 387 s->lcyl = 0xff; 388 s->hcyl = 0xff; 389 } 390 } 391 392 static bool ide_sect_range_ok(IDEState *s, 393 uint64_t sector, uint64_t nb_sectors) 394 { 395 uint64_t total_sectors; 396 397 blk_get_geometry(s->blk, &total_sectors); 398 if (sector > total_sectors || nb_sectors > total_sectors - sector) { 399 return false; 400 } 401 return true; 402 } 403 404 typedef struct TrimAIOCB { 405 BlockAIOCB common; 406 IDEState *s; 407 QEMUBH *bh; 408 int ret; 409 QEMUIOVector *qiov; 410 BlockAIOCB *aiocb; 411 int i, j; 412 } TrimAIOCB; 413 414 static void trim_aio_cancel(BlockAIOCB *acb) 415 { 416 TrimAIOCB *iocb = container_of(acb, TrimAIOCB, common); 417 418 /* Exit the loop so ide_issue_trim_cb will not continue */ 419 iocb->j = iocb->qiov->niov - 1; 420 iocb->i = (iocb->qiov->iov[iocb->j].iov_len / 8) - 1; 421 422 iocb->ret = -ECANCELED; 423 424 if (iocb->aiocb) { 425 blk_aio_cancel_async(iocb->aiocb); 426 iocb->aiocb = NULL; 427 } 428 } 429 430 static const AIOCBInfo trim_aiocb_info = { 431 .aiocb_size = sizeof(TrimAIOCB), 432 .cancel_async = trim_aio_cancel, 433 }; 434 435 static void ide_trim_bh_cb(void *opaque) 436 { 437 TrimAIOCB *iocb = opaque; 438 BlockBackend *blk = iocb->s->blk; 439 440 iocb->common.cb(iocb->common.opaque, iocb->ret); 441 442 qemu_bh_delete(iocb->bh); 443 iocb->bh = NULL; 444 qemu_aio_unref(iocb); 445 446 /* Paired with an increment in ide_issue_trim() */ 447 blk_dec_in_flight(blk); 448 } 449 450 static void ide_issue_trim_cb(void *opaque, int ret) 451 { 452 TrimAIOCB *iocb = opaque; 453 IDEState *s = iocb->s; 454 455 if (iocb->i >= 0) { 456 if (ret >= 0) { 457 block_acct_done(blk_get_stats(s->blk), &s->acct); 458 } else { 459 block_acct_failed(blk_get_stats(s->blk), &s->acct); 460 } 461 } 462 463 if (ret >= 0) { 464 while (iocb->j < iocb->qiov->niov) { 465 int j = iocb->j; 466 while (++iocb->i < iocb->qiov->iov[j].iov_len / 8) { 467 int i = iocb->i; 468 uint64_t *buffer = iocb->qiov->iov[j].iov_base; 469 470 /* 6-byte LBA + 2-byte range per entry */ 471 uint64_t entry = le64_to_cpu(buffer[i]); 472 uint64_t sector = entry & 0x0000ffffffffffffULL; 473 uint16_t count = entry >> 48; 474 475 if (count == 0) { 476 continue; 477 } 478 479 if (!ide_sect_range_ok(s, sector, count)) { 480 block_acct_invalid(blk_get_stats(s->blk), BLOCK_ACCT_UNMAP); 481 iocb->ret = -EINVAL; 482 goto done; 483 } 484 485 block_acct_start(blk_get_stats(s->blk), &s->acct, 486 count << BDRV_SECTOR_BITS, BLOCK_ACCT_UNMAP); 487 488 /* Got an entry! Submit and exit. */ 489 iocb->aiocb = blk_aio_pdiscard(s->blk, 490 sector << BDRV_SECTOR_BITS, 491 count << BDRV_SECTOR_BITS, 492 ide_issue_trim_cb, opaque); 493 return; 494 } 495 496 iocb->j++; 497 iocb->i = -1; 498 } 499 } else { 500 iocb->ret = ret; 501 } 502 503 done: 504 iocb->aiocb = NULL; 505 if (iocb->bh) { 506 replay_bh_schedule_event(iocb->bh); 507 } 508 } 509 510 BlockAIOCB *ide_issue_trim( 511 int64_t offset, QEMUIOVector *qiov, 512 BlockCompletionFunc *cb, void *cb_opaque, void *opaque) 513 { 514 IDEState *s = opaque; 515 TrimAIOCB *iocb; 516 517 /* Paired with a decrement in ide_trim_bh_cb() */ 518 blk_inc_in_flight(s->blk); 519 520 iocb = blk_aio_get(&trim_aiocb_info, s->blk, cb, cb_opaque); 521 iocb->s = s; 522 iocb->bh = qemu_bh_new(ide_trim_bh_cb, iocb); 523 iocb->ret = 0; 524 iocb->qiov = qiov; 525 iocb->i = -1; 526 iocb->j = 0; 527 ide_issue_trim_cb(iocb, 0); 528 return &iocb->common; 529 } 530 531 void ide_abort_command(IDEState *s) 532 { 533 ide_transfer_stop(s); 534 s->status = READY_STAT | ERR_STAT; 535 s->error = ABRT_ERR; 536 } 537 538 static void ide_set_retry(IDEState *s) 539 { 540 s->bus->retry_unit = s->unit; 541 s->bus->retry_sector_num = ide_get_sector(s); 542 s->bus->retry_nsector = s->nsector; 543 } 544 545 static void ide_clear_retry(IDEState *s) 546 { 547 s->bus->retry_unit = -1; 548 s->bus->retry_sector_num = 0; 549 s->bus->retry_nsector = 0; 550 } 551 552 /* prepare data transfer and tell what to do after */ 553 bool ide_transfer_start_norecurse(IDEState *s, uint8_t *buf, int size, 554 EndTransferFunc *end_transfer_func) 555 { 556 s->data_ptr = buf; 557 s->data_end = buf + size; 558 ide_set_retry(s); 559 if (!(s->status & ERR_STAT)) { 560 s->status |= DRQ_STAT; 561 } 562 if (!s->bus->dma->ops->pio_transfer) { 563 s->end_transfer_func = end_transfer_func; 564 return false; 565 } 566 s->bus->dma->ops->pio_transfer(s->bus->dma); 567 return true; 568 } 569 570 void ide_transfer_start(IDEState *s, uint8_t *buf, int size, 571 EndTransferFunc *end_transfer_func) 572 { 573 if (ide_transfer_start_norecurse(s, buf, size, end_transfer_func)) { 574 end_transfer_func(s); 575 } 576 } 577 578 static void ide_cmd_done(IDEState *s) 579 { 580 if (s->bus->dma->ops->cmd_done) { 581 s->bus->dma->ops->cmd_done(s->bus->dma); 582 } 583 } 584 585 static void ide_transfer_halt(IDEState *s) 586 { 587 s->end_transfer_func = ide_transfer_stop; 588 s->data_ptr = s->io_buffer; 589 s->data_end = s->io_buffer; 590 s->status &= ~DRQ_STAT; 591 } 592 593 void ide_transfer_stop(IDEState *s) 594 { 595 ide_transfer_halt(s); 596 ide_cmd_done(s); 597 } 598 599 int64_t ide_get_sector(IDEState *s) 600 { 601 int64_t sector_num; 602 if (s->select & (ATA_DEV_LBA)) { 603 if (s->lba48) { 604 sector_num = ((int64_t)s->hob_hcyl << 40) | 605 ((int64_t) s->hob_lcyl << 32) | 606 ((int64_t) s->hob_sector << 24) | 607 ((int64_t) s->hcyl << 16) | 608 ((int64_t) s->lcyl << 8) | s->sector; 609 } else { 610 /* LBA28 */ 611 sector_num = ((s->select & (ATA_DEV_LBA_MSB)) << 24) | 612 (s->hcyl << 16) | (s->lcyl << 8) | s->sector; 613 } 614 } else { 615 /* CHS */ 616 sector_num = ((s->hcyl << 8) | s->lcyl) * s->heads * s->sectors + 617 (s->select & (ATA_DEV_HS)) * s->sectors + (s->sector - 1); 618 } 619 620 return sector_num; 621 } 622 623 void ide_set_sector(IDEState *s, int64_t sector_num) 624 { 625 unsigned int cyl, r; 626 if (s->select & (ATA_DEV_LBA)) { 627 if (s->lba48) { 628 s->sector = sector_num; 629 s->lcyl = sector_num >> 8; 630 s->hcyl = sector_num >> 16; 631 s->hob_sector = sector_num >> 24; 632 s->hob_lcyl = sector_num >> 32; 633 s->hob_hcyl = sector_num >> 40; 634 } else { 635 /* LBA28 */ 636 s->select = (s->select & ~(ATA_DEV_LBA_MSB)) | 637 ((sector_num >> 24) & (ATA_DEV_LBA_MSB)); 638 s->hcyl = (sector_num >> 16); 639 s->lcyl = (sector_num >> 8); 640 s->sector = (sector_num); 641 } 642 } else { 643 /* CHS */ 644 cyl = sector_num / (s->heads * s->sectors); 645 r = sector_num % (s->heads * s->sectors); 646 s->hcyl = cyl >> 8; 647 s->lcyl = cyl; 648 s->select = (s->select & ~(ATA_DEV_HS)) | 649 ((r / s->sectors) & (ATA_DEV_HS)); 650 s->sector = (r % s->sectors) + 1; 651 } 652 } 653 654 static void ide_rw_error(IDEState *s) { 655 ide_abort_command(s); 656 ide_set_irq(s->bus); 657 } 658 659 static void ide_buffered_readv_cb(void *opaque, int ret) 660 { 661 IDEBufferedRequest *req = opaque; 662 if (!req->orphaned) { 663 if (!ret) { 664 assert(req->qiov.size == req->original_qiov->size); 665 qemu_iovec_from_buf(req->original_qiov, 0, 666 req->qiov.local_iov.iov_base, 667 req->original_qiov->size); 668 } 669 req->original_cb(req->original_opaque, ret); 670 } 671 QLIST_REMOVE(req, list); 672 qemu_vfree(qemu_iovec_buf(&req->qiov)); 673 g_free(req); 674 } 675 676 #define MAX_BUFFERED_REQS 16 677 678 BlockAIOCB *ide_buffered_readv(IDEState *s, int64_t sector_num, 679 QEMUIOVector *iov, int nb_sectors, 680 BlockCompletionFunc *cb, void *opaque) 681 { 682 BlockAIOCB *aioreq; 683 IDEBufferedRequest *req; 684 int c = 0; 685 686 QLIST_FOREACH(req, &s->buffered_requests, list) { 687 c++; 688 } 689 if (c > MAX_BUFFERED_REQS) { 690 return blk_abort_aio_request(s->blk, cb, opaque, -EIO); 691 } 692 693 req = g_new0(IDEBufferedRequest, 1); 694 req->original_qiov = iov; 695 req->original_cb = cb; 696 req->original_opaque = opaque; 697 qemu_iovec_init_buf(&req->qiov, blk_blockalign(s->blk, iov->size), 698 iov->size); 699 700 aioreq = blk_aio_preadv(s->blk, sector_num << BDRV_SECTOR_BITS, 701 &req->qiov, 0, ide_buffered_readv_cb, req); 702 703 QLIST_INSERT_HEAD(&s->buffered_requests, req, list); 704 return aioreq; 705 } 706 707 /** 708 * Cancel all pending DMA requests. 709 * Any buffered DMA requests are instantly canceled, 710 * but any pending unbuffered DMA requests must be waited on. 711 */ 712 void ide_cancel_dma_sync(IDEState *s) 713 { 714 IDEBufferedRequest *req; 715 716 /* First invoke the callbacks of all buffered requests 717 * and flag those requests as orphaned. Ideally there 718 * are no unbuffered (Scatter Gather DMA Requests or 719 * write requests) pending and we can avoid to drain. */ 720 QLIST_FOREACH(req, &s->buffered_requests, list) { 721 if (!req->orphaned) { 722 trace_ide_cancel_dma_sync_buffered(req->original_cb, req); 723 req->original_cb(req->original_opaque, -ECANCELED); 724 } 725 req->orphaned = true; 726 } 727 728 /* 729 * We can't cancel Scatter Gather DMA in the middle of the 730 * operation or a partial (not full) DMA transfer would reach 731 * the storage so we wait for completion instead (we behave 732 * like if the DMA was completed by the time the guest trying 733 * to cancel dma with bmdma_cmd_writeb with BM_CMD_START not 734 * set). 735 * 736 * In the future we'll be able to safely cancel the I/O if the 737 * whole DMA operation will be submitted to disk with a single 738 * aio operation with preadv/pwritev. 739 */ 740 if (s->bus->dma->aiocb) { 741 trace_ide_cancel_dma_sync_remaining(); 742 blk_drain(s->blk); 743 assert(s->bus->dma->aiocb == NULL); 744 } 745 } 746 747 static void ide_sector_read(IDEState *s); 748 749 static void ide_sector_read_cb(void *opaque, int ret) 750 { 751 IDEState *s = opaque; 752 int n; 753 754 s->pio_aiocb = NULL; 755 s->status &= ~BUSY_STAT; 756 757 if (ret != 0) { 758 if (ide_handle_rw_error(s, -ret, IDE_RETRY_PIO | 759 IDE_RETRY_READ)) { 760 return; 761 } 762 } 763 764 block_acct_done(blk_get_stats(s->blk), &s->acct); 765 766 n = s->nsector; 767 if (n > s->req_nb_sectors) { 768 n = s->req_nb_sectors; 769 } 770 771 ide_set_sector(s, ide_get_sector(s) + n); 772 s->nsector -= n; 773 /* Allow the guest to read the io_buffer */ 774 ide_transfer_start(s, s->io_buffer, n * BDRV_SECTOR_SIZE, ide_sector_read); 775 ide_set_irq(s->bus); 776 } 777 778 static void ide_sector_read(IDEState *s) 779 { 780 int64_t sector_num; 781 int n; 782 783 s->status = READY_STAT | SEEK_STAT; 784 s->error = 0; /* not needed by IDE spec, but needed by Windows */ 785 sector_num = ide_get_sector(s); 786 n = s->nsector; 787 788 if (n == 0) { 789 ide_transfer_stop(s); 790 return; 791 } 792 793 s->status |= BUSY_STAT; 794 795 if (n > s->req_nb_sectors) { 796 n = s->req_nb_sectors; 797 } 798 799 trace_ide_sector_read(sector_num, n); 800 801 if (!ide_sect_range_ok(s, sector_num, n)) { 802 ide_rw_error(s); 803 block_acct_invalid(blk_get_stats(s->blk), BLOCK_ACCT_READ); 804 return; 805 } 806 807 qemu_iovec_init_buf(&s->qiov, s->io_buffer, n * BDRV_SECTOR_SIZE); 808 809 block_acct_start(blk_get_stats(s->blk), &s->acct, 810 n * BDRV_SECTOR_SIZE, BLOCK_ACCT_READ); 811 s->pio_aiocb = ide_buffered_readv(s, sector_num, &s->qiov, n, 812 ide_sector_read_cb, s); 813 } 814 815 void dma_buf_commit(IDEState *s, uint32_t tx_bytes) 816 { 817 if (s->bus->dma->ops->commit_buf) { 818 s->bus->dma->ops->commit_buf(s->bus->dma, tx_bytes); 819 } 820 s->io_buffer_offset += tx_bytes; 821 qemu_sglist_destroy(&s->sg); 822 } 823 824 void ide_set_inactive(IDEState *s, bool more) 825 { 826 s->bus->dma->aiocb = NULL; 827 ide_clear_retry(s); 828 if (s->bus->dma->ops->set_inactive) { 829 s->bus->dma->ops->set_inactive(s->bus->dma, more); 830 } 831 ide_cmd_done(s); 832 } 833 834 void ide_dma_error(IDEState *s) 835 { 836 dma_buf_commit(s, 0); 837 ide_abort_command(s); 838 ide_set_inactive(s, false); 839 ide_set_irq(s->bus); 840 } 841 842 int ide_handle_rw_error(IDEState *s, int error, int op) 843 { 844 bool is_read = (op & IDE_RETRY_READ) != 0; 845 BlockErrorAction action = blk_get_error_action(s->blk, is_read, error); 846 847 if (action == BLOCK_ERROR_ACTION_STOP) { 848 assert(s->bus->retry_unit == s->unit); 849 s->bus->error_status = op; 850 } else if (action == BLOCK_ERROR_ACTION_REPORT) { 851 block_acct_failed(blk_get_stats(s->blk), &s->acct); 852 if (IS_IDE_RETRY_DMA(op)) { 853 ide_dma_error(s); 854 } else if (IS_IDE_RETRY_ATAPI(op)) { 855 ide_atapi_io_error(s, -error); 856 } else { 857 ide_rw_error(s); 858 } 859 } 860 blk_error_action(s->blk, action, is_read, error); 861 return action != BLOCK_ERROR_ACTION_IGNORE; 862 } 863 864 static void ide_dma_cb(void *opaque, int ret) 865 { 866 IDEState *s = opaque; 867 int n; 868 int64_t sector_num; 869 uint64_t offset; 870 bool stay_active = false; 871 int32_t prep_size = 0; 872 873 if (ret == -EINVAL) { 874 ide_dma_error(s); 875 return; 876 } 877 878 if (ret < 0) { 879 if (ide_handle_rw_error(s, -ret, ide_dma_cmd_to_retry(s->dma_cmd))) { 880 s->bus->dma->aiocb = NULL; 881 dma_buf_commit(s, 0); 882 return; 883 } 884 } 885 886 if (s->io_buffer_size > s->nsector * 512) { 887 /* 888 * The PRDs were longer than needed for this request. 889 * The Active bit must remain set after the request completes. 890 */ 891 n = s->nsector; 892 stay_active = true; 893 } else { 894 n = s->io_buffer_size >> 9; 895 } 896 897 sector_num = ide_get_sector(s); 898 if (n > 0) { 899 assert(n * 512 == s->sg.size); 900 dma_buf_commit(s, s->sg.size); 901 sector_num += n; 902 ide_set_sector(s, sector_num); 903 s->nsector -= n; 904 } 905 906 /* end of transfer ? */ 907 if (s->nsector == 0) { 908 s->status = READY_STAT | SEEK_STAT; 909 ide_set_irq(s->bus); 910 goto eot; 911 } 912 913 /* launch next transfer */ 914 n = s->nsector; 915 s->io_buffer_index = 0; 916 s->io_buffer_size = n * 512; 917 prep_size = s->bus->dma->ops->prepare_buf(s->bus->dma, s->io_buffer_size); 918 /* prepare_buf() must succeed and respect the limit */ 919 assert(prep_size >= 0 && prep_size <= n * 512); 920 921 /* 922 * Now prep_size stores the number of bytes in the sglist, and 923 * s->io_buffer_size stores the number of bytes described by the PRDs. 924 */ 925 926 if (prep_size < n * 512) { 927 /* 928 * The PRDs are too short for this request. Error condition! 929 * Reset the Active bit and don't raise the interrupt. 930 */ 931 s->status = READY_STAT | SEEK_STAT; 932 dma_buf_commit(s, 0); 933 goto eot; 934 } 935 936 trace_ide_dma_cb(s, sector_num, n, IDE_DMA_CMD_str(s->dma_cmd)); 937 938 if ((s->dma_cmd == IDE_DMA_READ || s->dma_cmd == IDE_DMA_WRITE) && 939 !ide_sect_range_ok(s, sector_num, n)) { 940 ide_dma_error(s); 941 block_acct_invalid(blk_get_stats(s->blk), s->acct.type); 942 return; 943 } 944 945 offset = sector_num << BDRV_SECTOR_BITS; 946 switch (s->dma_cmd) { 947 case IDE_DMA_READ: 948 s->bus->dma->aiocb = dma_blk_read(s->blk, &s->sg, offset, 949 BDRV_SECTOR_SIZE, ide_dma_cb, s); 950 break; 951 case IDE_DMA_WRITE: 952 s->bus->dma->aiocb = dma_blk_write(s->blk, &s->sg, offset, 953 BDRV_SECTOR_SIZE, ide_dma_cb, s); 954 break; 955 case IDE_DMA_TRIM: 956 s->bus->dma->aiocb = dma_blk_io(blk_get_aio_context(s->blk), 957 &s->sg, offset, BDRV_SECTOR_SIZE, 958 ide_issue_trim, s, ide_dma_cb, s, 959 DMA_DIRECTION_TO_DEVICE); 960 break; 961 default: 962 abort(); 963 } 964 return; 965 966 eot: 967 if (s->dma_cmd == IDE_DMA_READ || s->dma_cmd == IDE_DMA_WRITE) { 968 block_acct_done(blk_get_stats(s->blk), &s->acct); 969 } 970 ide_set_inactive(s, stay_active); 971 } 972 973 static void ide_sector_start_dma(IDEState *s, enum ide_dma_cmd dma_cmd) 974 { 975 s->status = READY_STAT | SEEK_STAT | DRQ_STAT; 976 s->io_buffer_size = 0; 977 s->dma_cmd = dma_cmd; 978 979 switch (dma_cmd) { 980 case IDE_DMA_READ: 981 block_acct_start(blk_get_stats(s->blk), &s->acct, 982 s->nsector * BDRV_SECTOR_SIZE, BLOCK_ACCT_READ); 983 break; 984 case IDE_DMA_WRITE: 985 block_acct_start(blk_get_stats(s->blk), &s->acct, 986 s->nsector * BDRV_SECTOR_SIZE, BLOCK_ACCT_WRITE); 987 break; 988 default: 989 break; 990 } 991 992 ide_start_dma(s, ide_dma_cb); 993 } 994 995 void ide_start_dma(IDEState *s, BlockCompletionFunc *cb) 996 { 997 s->io_buffer_index = 0; 998 ide_set_retry(s); 999 if (s->bus->dma->ops->start_dma) { 1000 s->bus->dma->ops->start_dma(s->bus->dma, s, cb); 1001 } 1002 } 1003 1004 static void ide_sector_write(IDEState *s); 1005 1006 static void ide_sector_write_timer_cb(void *opaque) 1007 { 1008 IDEState *s = opaque; 1009 ide_set_irq(s->bus); 1010 } 1011 1012 static void ide_sector_write_cb(void *opaque, int ret) 1013 { 1014 IDEState *s = opaque; 1015 int n; 1016 1017 s->pio_aiocb = NULL; 1018 s->status &= ~BUSY_STAT; 1019 1020 if (ret != 0) { 1021 if (ide_handle_rw_error(s, -ret, IDE_RETRY_PIO)) { 1022 return; 1023 } 1024 } 1025 1026 block_acct_done(blk_get_stats(s->blk), &s->acct); 1027 1028 n = s->nsector; 1029 if (n > s->req_nb_sectors) { 1030 n = s->req_nb_sectors; 1031 } 1032 s->nsector -= n; 1033 1034 ide_set_sector(s, ide_get_sector(s) + n); 1035 if (s->nsector == 0) { 1036 /* no more sectors to write */ 1037 ide_transfer_stop(s); 1038 } else { 1039 int n1 = s->nsector; 1040 if (n1 > s->req_nb_sectors) { 1041 n1 = s->req_nb_sectors; 1042 } 1043 ide_transfer_start(s, s->io_buffer, n1 * BDRV_SECTOR_SIZE, 1044 ide_sector_write); 1045 } 1046 1047 if (win2k_install_hack && ((++s->irq_count % 16) == 0)) { 1048 /* It seems there is a bug in the Windows 2000 installer HDD 1049 IDE driver which fills the disk with empty logs when the 1050 IDE write IRQ comes too early. This hack tries to correct 1051 that at the expense of slower write performances. Use this 1052 option _only_ to install Windows 2000. You must disable it 1053 for normal use. */ 1054 timer_mod(s->sector_write_timer, qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL) + 1055 (NANOSECONDS_PER_SECOND / 1000)); 1056 } else { 1057 ide_set_irq(s->bus); 1058 } 1059 } 1060 1061 static void ide_sector_write(IDEState *s) 1062 { 1063 int64_t sector_num; 1064 int n; 1065 1066 s->status = READY_STAT | SEEK_STAT | BUSY_STAT; 1067 sector_num = ide_get_sector(s); 1068 1069 n = s->nsector; 1070 if (n > s->req_nb_sectors) { 1071 n = s->req_nb_sectors; 1072 } 1073 1074 trace_ide_sector_write(sector_num, n); 1075 1076 if (!ide_sect_range_ok(s, sector_num, n)) { 1077 ide_rw_error(s); 1078 block_acct_invalid(blk_get_stats(s->blk), BLOCK_ACCT_WRITE); 1079 return; 1080 } 1081 1082 qemu_iovec_init_buf(&s->qiov, s->io_buffer, n * BDRV_SECTOR_SIZE); 1083 1084 block_acct_start(blk_get_stats(s->blk), &s->acct, 1085 n * BDRV_SECTOR_SIZE, BLOCK_ACCT_WRITE); 1086 s->pio_aiocb = blk_aio_pwritev(s->blk, sector_num << BDRV_SECTOR_BITS, 1087 &s->qiov, 0, ide_sector_write_cb, s); 1088 } 1089 1090 static void ide_flush_cb(void *opaque, int ret) 1091 { 1092 IDEState *s = opaque; 1093 1094 s->pio_aiocb = NULL; 1095 1096 if (ret < 0) { 1097 /* XXX: What sector number to set here? */ 1098 if (ide_handle_rw_error(s, -ret, IDE_RETRY_FLUSH)) { 1099 return; 1100 } 1101 } 1102 1103 if (s->blk) { 1104 block_acct_done(blk_get_stats(s->blk), &s->acct); 1105 } 1106 s->status = READY_STAT | SEEK_STAT; 1107 ide_cmd_done(s); 1108 ide_set_irq(s->bus); 1109 } 1110 1111 static void ide_flush_cache(IDEState *s) 1112 { 1113 if (s->blk == NULL) { 1114 ide_flush_cb(s, 0); 1115 return; 1116 } 1117 1118 s->status |= BUSY_STAT; 1119 ide_set_retry(s); 1120 block_acct_start(blk_get_stats(s->blk), &s->acct, 0, BLOCK_ACCT_FLUSH); 1121 s->pio_aiocb = blk_aio_flush(s->blk, ide_flush_cb, s); 1122 } 1123 1124 static void ide_cfata_metadata_inquiry(IDEState *s) 1125 { 1126 uint16_t *p; 1127 uint32_t spd; 1128 1129 p = (uint16_t *) s->io_buffer; 1130 memset(p, 0, 0x200); 1131 spd = ((s->mdata_size - 1) >> 9) + 1; 1132 1133 put_le16(p + 0, 0x0001); /* Data format revision */ 1134 put_le16(p + 1, 0x0000); /* Media property: silicon */ 1135 put_le16(p + 2, s->media_changed); /* Media status */ 1136 put_le16(p + 3, s->mdata_size & 0xffff); /* Capacity in bytes (low) */ 1137 put_le16(p + 4, s->mdata_size >> 16); /* Capacity in bytes (high) */ 1138 put_le16(p + 5, spd & 0xffff); /* Sectors per device (low) */ 1139 put_le16(p + 6, spd >> 16); /* Sectors per device (high) */ 1140 } 1141 1142 static void ide_cfata_metadata_read(IDEState *s) 1143 { 1144 uint16_t *p; 1145 1146 if (((s->hcyl << 16) | s->lcyl) << 9 > s->mdata_size + 2) { 1147 s->status = ERR_STAT; 1148 s->error = ABRT_ERR; 1149 return; 1150 } 1151 1152 p = (uint16_t *) s->io_buffer; 1153 memset(p, 0, 0x200); 1154 1155 put_le16(p + 0, s->media_changed); /* Media status */ 1156 memcpy(p + 1, s->mdata_storage + (((s->hcyl << 16) | s->lcyl) << 9), 1157 MIN(MIN(s->mdata_size - (((s->hcyl << 16) | s->lcyl) << 9), 1158 s->nsector << 9), 0x200 - 2)); 1159 } 1160 1161 static void ide_cfata_metadata_write(IDEState *s) 1162 { 1163 if (((s->hcyl << 16) | s->lcyl) << 9 > s->mdata_size + 2) { 1164 s->status = ERR_STAT; 1165 s->error = ABRT_ERR; 1166 return; 1167 } 1168 1169 s->media_changed = 0; 1170 1171 memcpy(s->mdata_storage + (((s->hcyl << 16) | s->lcyl) << 9), 1172 s->io_buffer + 2, 1173 MIN(MIN(s->mdata_size - (((s->hcyl << 16) | s->lcyl) << 9), 1174 s->nsector << 9), 0x200 - 2)); 1175 } 1176 1177 /* called when the inserted state of the media has changed */ 1178 static void ide_cd_change_cb(void *opaque, bool load, Error **errp) 1179 { 1180 IDEState *s = opaque; 1181 uint64_t nb_sectors; 1182 1183 s->tray_open = !load; 1184 blk_get_geometry(s->blk, &nb_sectors); 1185 s->nb_sectors = nb_sectors; 1186 1187 /* 1188 * First indicate to the guest that a CD has been removed. That's 1189 * done on the next command the guest sends us. 1190 * 1191 * Then we set UNIT_ATTENTION, by which the guest will 1192 * detect a new CD in the drive. See ide_atapi_cmd() for details. 1193 */ 1194 s->cdrom_changed = 1; 1195 s->events.new_media = true; 1196 s->events.eject_request = false; 1197 ide_set_irq(s->bus); 1198 } 1199 1200 static void ide_cd_eject_request_cb(void *opaque, bool force) 1201 { 1202 IDEState *s = opaque; 1203 1204 s->events.eject_request = true; 1205 if (force) { 1206 s->tray_locked = false; 1207 } 1208 ide_set_irq(s->bus); 1209 } 1210 1211 static void ide_cmd_lba48_transform(IDEState *s, int lba48) 1212 { 1213 s->lba48 = lba48; 1214 1215 /* handle the 'magic' 0 nsector count conversion here. to avoid 1216 * fiddling with the rest of the read logic, we just store the 1217 * full sector count in ->nsector and ignore ->hob_nsector from now 1218 */ 1219 if (!s->lba48) { 1220 if (!s->nsector) 1221 s->nsector = 256; 1222 } else { 1223 if (!s->nsector && !s->hob_nsector) 1224 s->nsector = 65536; 1225 else { 1226 int lo = s->nsector; 1227 int hi = s->hob_nsector; 1228 1229 s->nsector = (hi << 8) | lo; 1230 } 1231 } 1232 } 1233 1234 static void ide_clear_hob(IDEBus *bus) 1235 { 1236 /* any write clears HOB high bit of device control register */ 1237 bus->cmd &= ~(IDE_CTRL_HOB); 1238 } 1239 1240 /* IOport [W]rite [R]egisters */ 1241 enum ATA_IOPORT_WR { 1242 ATA_IOPORT_WR_DATA = 0, 1243 ATA_IOPORT_WR_FEATURES = 1, 1244 ATA_IOPORT_WR_SECTOR_COUNT = 2, 1245 ATA_IOPORT_WR_SECTOR_NUMBER = 3, 1246 ATA_IOPORT_WR_CYLINDER_LOW = 4, 1247 ATA_IOPORT_WR_CYLINDER_HIGH = 5, 1248 ATA_IOPORT_WR_DEVICE_HEAD = 6, 1249 ATA_IOPORT_WR_COMMAND = 7, 1250 ATA_IOPORT_WR_NUM_REGISTERS, 1251 }; 1252 1253 const char *ATA_IOPORT_WR_lookup[ATA_IOPORT_WR_NUM_REGISTERS] = { 1254 [ATA_IOPORT_WR_DATA] = "Data", 1255 [ATA_IOPORT_WR_FEATURES] = "Features", 1256 [ATA_IOPORT_WR_SECTOR_COUNT] = "Sector Count", 1257 [ATA_IOPORT_WR_SECTOR_NUMBER] = "Sector Number", 1258 [ATA_IOPORT_WR_CYLINDER_LOW] = "Cylinder Low", 1259 [ATA_IOPORT_WR_CYLINDER_HIGH] = "Cylinder High", 1260 [ATA_IOPORT_WR_DEVICE_HEAD] = "Device/Head", 1261 [ATA_IOPORT_WR_COMMAND] = "Command" 1262 }; 1263 1264 void ide_ioport_write(void *opaque, uint32_t addr, uint32_t val) 1265 { 1266 IDEBus *bus = opaque; 1267 IDEState *s = idebus_active_if(bus); 1268 int reg_num = addr & 7; 1269 1270 trace_ide_ioport_write(addr, ATA_IOPORT_WR_lookup[reg_num], val, bus, s); 1271 1272 /* ignore writes to command block while busy with previous command */ 1273 if (reg_num != 7 && (s->status & (BUSY_STAT|DRQ_STAT))) { 1274 return; 1275 } 1276 1277 /* NOTE: Device0 and Device1 both receive incoming register writes. 1278 * (They're on the same bus! They have to!) */ 1279 1280 switch (reg_num) { 1281 case 0: 1282 break; 1283 case ATA_IOPORT_WR_FEATURES: 1284 ide_clear_hob(bus); 1285 bus->ifs[0].hob_feature = bus->ifs[0].feature; 1286 bus->ifs[1].hob_feature = bus->ifs[1].feature; 1287 bus->ifs[0].feature = val; 1288 bus->ifs[1].feature = val; 1289 break; 1290 case ATA_IOPORT_WR_SECTOR_COUNT: 1291 ide_clear_hob(bus); 1292 bus->ifs[0].hob_nsector = bus->ifs[0].nsector; 1293 bus->ifs[1].hob_nsector = bus->ifs[1].nsector; 1294 bus->ifs[0].nsector = val; 1295 bus->ifs[1].nsector = val; 1296 break; 1297 case ATA_IOPORT_WR_SECTOR_NUMBER: 1298 ide_clear_hob(bus); 1299 bus->ifs[0].hob_sector = bus->ifs[0].sector; 1300 bus->ifs[1].hob_sector = bus->ifs[1].sector; 1301 bus->ifs[0].sector = val; 1302 bus->ifs[1].sector = val; 1303 break; 1304 case ATA_IOPORT_WR_CYLINDER_LOW: 1305 ide_clear_hob(bus); 1306 bus->ifs[0].hob_lcyl = bus->ifs[0].lcyl; 1307 bus->ifs[1].hob_lcyl = bus->ifs[1].lcyl; 1308 bus->ifs[0].lcyl = val; 1309 bus->ifs[1].lcyl = val; 1310 break; 1311 case ATA_IOPORT_WR_CYLINDER_HIGH: 1312 ide_clear_hob(bus); 1313 bus->ifs[0].hob_hcyl = bus->ifs[0].hcyl; 1314 bus->ifs[1].hob_hcyl = bus->ifs[1].hcyl; 1315 bus->ifs[0].hcyl = val; 1316 bus->ifs[1].hcyl = val; 1317 break; 1318 case ATA_IOPORT_WR_DEVICE_HEAD: 1319 ide_clear_hob(bus); 1320 bus->ifs[0].select = val | (ATA_DEV_ALWAYS_ON); 1321 bus->ifs[1].select = val | (ATA_DEV_ALWAYS_ON); 1322 /* select drive */ 1323 bus->unit = (val & (ATA_DEV_SELECT)) ? 1 : 0; 1324 break; 1325 default: 1326 case ATA_IOPORT_WR_COMMAND: 1327 ide_clear_hob(bus); 1328 qemu_irq_lower(bus->irq); 1329 ide_exec_cmd(bus, val); 1330 break; 1331 } 1332 } 1333 1334 static void ide_reset(IDEState *s) 1335 { 1336 trace_ide_reset(s); 1337 1338 if (s->pio_aiocb) { 1339 blk_aio_cancel(s->pio_aiocb); 1340 s->pio_aiocb = NULL; 1341 } 1342 1343 if (s->drive_kind == IDE_CFATA) 1344 s->mult_sectors = 0; 1345 else 1346 s->mult_sectors = MAX_MULT_SECTORS; 1347 /* ide regs */ 1348 s->feature = 0; 1349 s->error = 0; 1350 s->nsector = 0; 1351 s->sector = 0; 1352 s->lcyl = 0; 1353 s->hcyl = 0; 1354 1355 /* lba48 */ 1356 s->hob_feature = 0; 1357 s->hob_sector = 0; 1358 s->hob_nsector = 0; 1359 s->hob_lcyl = 0; 1360 s->hob_hcyl = 0; 1361 1362 s->select = (ATA_DEV_ALWAYS_ON); 1363 s->status = READY_STAT | SEEK_STAT; 1364 1365 s->lba48 = 0; 1366 1367 /* ATAPI specific */ 1368 s->sense_key = 0; 1369 s->asc = 0; 1370 s->cdrom_changed = 0; 1371 s->packet_transfer_size = 0; 1372 s->elementary_transfer_size = 0; 1373 s->io_buffer_index = 0; 1374 s->cd_sector_size = 0; 1375 s->atapi_dma = 0; 1376 s->tray_locked = 0; 1377 s->tray_open = 0; 1378 /* ATA DMA state */ 1379 s->io_buffer_size = 0; 1380 s->req_nb_sectors = 0; 1381 1382 ide_set_signature(s); 1383 /* init the transfer handler so that 0xffff is returned on data 1384 accesses */ 1385 s->end_transfer_func = ide_dummy_transfer_stop; 1386 ide_dummy_transfer_stop(s); 1387 s->media_changed = 0; 1388 } 1389 1390 static bool cmd_nop(IDEState *s, uint8_t cmd) 1391 { 1392 return true; 1393 } 1394 1395 static bool cmd_device_reset(IDEState *s, uint8_t cmd) 1396 { 1397 /* Halt PIO (in the DRQ phase), then DMA */ 1398 ide_transfer_halt(s); 1399 ide_cancel_dma_sync(s); 1400 1401 /* Reset any PIO commands, reset signature, etc */ 1402 ide_reset(s); 1403 1404 /* RESET: ATA8-ACS3 7.10.4 "Normal Outputs"; 1405 * ATA8-ACS3 Table 184 "Device Signatures for Normal Output" */ 1406 s->status = 0x00; 1407 1408 /* Do not overwrite status register */ 1409 return false; 1410 } 1411 1412 static bool cmd_data_set_management(IDEState *s, uint8_t cmd) 1413 { 1414 switch (s->feature) { 1415 case DSM_TRIM: 1416 if (s->blk) { 1417 ide_sector_start_dma(s, IDE_DMA_TRIM); 1418 return false; 1419 } 1420 break; 1421 } 1422 1423 ide_abort_command(s); 1424 return true; 1425 } 1426 1427 static bool cmd_identify(IDEState *s, uint8_t cmd) 1428 { 1429 if (s->blk && s->drive_kind != IDE_CD) { 1430 if (s->drive_kind != IDE_CFATA) { 1431 ide_identify(s); 1432 } else { 1433 ide_cfata_identify(s); 1434 } 1435 s->status = READY_STAT | SEEK_STAT; 1436 ide_transfer_start(s, s->io_buffer, 512, ide_transfer_stop); 1437 ide_set_irq(s->bus); 1438 return false; 1439 } else { 1440 if (s->drive_kind == IDE_CD) { 1441 ide_set_signature(s); 1442 } 1443 ide_abort_command(s); 1444 } 1445 1446 return true; 1447 } 1448 1449 static bool cmd_verify(IDEState *s, uint8_t cmd) 1450 { 1451 bool lba48 = (cmd == WIN_VERIFY_EXT); 1452 1453 /* do sector number check ? */ 1454 ide_cmd_lba48_transform(s, lba48); 1455 1456 return true; 1457 } 1458 1459 static bool cmd_set_multiple_mode(IDEState *s, uint8_t cmd) 1460 { 1461 if (s->drive_kind == IDE_CFATA && s->nsector == 0) { 1462 /* Disable Read and Write Multiple */ 1463 s->mult_sectors = 0; 1464 } else if ((s->nsector & 0xff) != 0 && 1465 ((s->nsector & 0xff) > MAX_MULT_SECTORS || 1466 (s->nsector & (s->nsector - 1)) != 0)) { 1467 ide_abort_command(s); 1468 } else { 1469 s->mult_sectors = s->nsector & 0xff; 1470 } 1471 1472 return true; 1473 } 1474 1475 static bool cmd_read_multiple(IDEState *s, uint8_t cmd) 1476 { 1477 bool lba48 = (cmd == WIN_MULTREAD_EXT); 1478 1479 if (!s->blk || !s->mult_sectors) { 1480 ide_abort_command(s); 1481 return true; 1482 } 1483 1484 ide_cmd_lba48_transform(s, lba48); 1485 s->req_nb_sectors = s->mult_sectors; 1486 ide_sector_read(s); 1487 return false; 1488 } 1489 1490 static bool cmd_write_multiple(IDEState *s, uint8_t cmd) 1491 { 1492 bool lba48 = (cmd == WIN_MULTWRITE_EXT); 1493 int n; 1494 1495 if (!s->blk || !s->mult_sectors) { 1496 ide_abort_command(s); 1497 return true; 1498 } 1499 1500 ide_cmd_lba48_transform(s, lba48); 1501 1502 s->req_nb_sectors = s->mult_sectors; 1503 n = MIN(s->nsector, s->req_nb_sectors); 1504 1505 s->status = SEEK_STAT | READY_STAT; 1506 ide_transfer_start(s, s->io_buffer, 512 * n, ide_sector_write); 1507 1508 s->media_changed = 1; 1509 1510 return false; 1511 } 1512 1513 static bool cmd_read_pio(IDEState *s, uint8_t cmd) 1514 { 1515 bool lba48 = (cmd == WIN_READ_EXT); 1516 1517 if (s->drive_kind == IDE_CD) { 1518 ide_set_signature(s); /* odd, but ATA4 8.27.5.2 requires it */ 1519 ide_abort_command(s); 1520 return true; 1521 } 1522 1523 if (!s->blk) { 1524 ide_abort_command(s); 1525 return true; 1526 } 1527 1528 ide_cmd_lba48_transform(s, lba48); 1529 s->req_nb_sectors = 1; 1530 ide_sector_read(s); 1531 1532 return false; 1533 } 1534 1535 static bool cmd_write_pio(IDEState *s, uint8_t cmd) 1536 { 1537 bool lba48 = (cmd == WIN_WRITE_EXT); 1538 1539 if (!s->blk) { 1540 ide_abort_command(s); 1541 return true; 1542 } 1543 1544 ide_cmd_lba48_transform(s, lba48); 1545 1546 s->req_nb_sectors = 1; 1547 s->status = SEEK_STAT | READY_STAT; 1548 ide_transfer_start(s, s->io_buffer, 512, ide_sector_write); 1549 1550 s->media_changed = 1; 1551 1552 return false; 1553 } 1554 1555 static bool cmd_read_dma(IDEState *s, uint8_t cmd) 1556 { 1557 bool lba48 = (cmd == WIN_READDMA_EXT); 1558 1559 if (!s->blk) { 1560 ide_abort_command(s); 1561 return true; 1562 } 1563 1564 ide_cmd_lba48_transform(s, lba48); 1565 ide_sector_start_dma(s, IDE_DMA_READ); 1566 1567 return false; 1568 } 1569 1570 static bool cmd_write_dma(IDEState *s, uint8_t cmd) 1571 { 1572 bool lba48 = (cmd == WIN_WRITEDMA_EXT); 1573 1574 if (!s->blk) { 1575 ide_abort_command(s); 1576 return true; 1577 } 1578 1579 ide_cmd_lba48_transform(s, lba48); 1580 ide_sector_start_dma(s, IDE_DMA_WRITE); 1581 1582 s->media_changed = 1; 1583 1584 return false; 1585 } 1586 1587 static bool cmd_flush_cache(IDEState *s, uint8_t cmd) 1588 { 1589 ide_flush_cache(s); 1590 return false; 1591 } 1592 1593 static bool cmd_seek(IDEState *s, uint8_t cmd) 1594 { 1595 /* XXX: Check that seek is within bounds */ 1596 return true; 1597 } 1598 1599 static bool cmd_read_native_max(IDEState *s, uint8_t cmd) 1600 { 1601 bool lba48 = (cmd == WIN_READ_NATIVE_MAX_EXT); 1602 1603 /* Refuse if no sectors are addressable (e.g. medium not inserted) */ 1604 if (s->nb_sectors == 0) { 1605 ide_abort_command(s); 1606 return true; 1607 } 1608 1609 ide_cmd_lba48_transform(s, lba48); 1610 ide_set_sector(s, s->nb_sectors - 1); 1611 1612 return true; 1613 } 1614 1615 static bool cmd_check_power_mode(IDEState *s, uint8_t cmd) 1616 { 1617 s->nsector = 0xff; /* device active or idle */ 1618 return true; 1619 } 1620 1621 static bool cmd_set_features(IDEState *s, uint8_t cmd) 1622 { 1623 uint16_t *identify_data; 1624 1625 if (!s->blk) { 1626 ide_abort_command(s); 1627 return true; 1628 } 1629 1630 /* XXX: valid for CDROM ? */ 1631 switch (s->feature) { 1632 case 0x02: /* write cache enable */ 1633 blk_set_enable_write_cache(s->blk, true); 1634 identify_data = (uint16_t *)s->identify_data; 1635 put_le16(identify_data + 85, (1 << 14) | (1 << 5) | 1); 1636 return true; 1637 case 0x82: /* write cache disable */ 1638 blk_set_enable_write_cache(s->blk, false); 1639 identify_data = (uint16_t *)s->identify_data; 1640 put_le16(identify_data + 85, (1 << 14) | 1); 1641 ide_flush_cache(s); 1642 return false; 1643 case 0xcc: /* reverting to power-on defaults enable */ 1644 case 0x66: /* reverting to power-on defaults disable */ 1645 case 0xaa: /* read look-ahead enable */ 1646 case 0x55: /* read look-ahead disable */ 1647 case 0x05: /* set advanced power management mode */ 1648 case 0x85: /* disable advanced power management mode */ 1649 case 0x69: /* NOP */ 1650 case 0x67: /* NOP */ 1651 case 0x96: /* NOP */ 1652 case 0x9a: /* NOP */ 1653 case 0x42: /* enable Automatic Acoustic Mode */ 1654 case 0xc2: /* disable Automatic Acoustic Mode */ 1655 return true; 1656 case 0x03: /* set transfer mode */ 1657 { 1658 uint8_t val = s->nsector & 0x07; 1659 identify_data = (uint16_t *)s->identify_data; 1660 1661 switch (s->nsector >> 3) { 1662 case 0x00: /* pio default */ 1663 case 0x01: /* pio mode */ 1664 put_le16(identify_data + 62, 0x07); 1665 put_le16(identify_data + 63, 0x07); 1666 put_le16(identify_data + 88, 0x3f); 1667 break; 1668 case 0x02: /* sigle word dma mode*/ 1669 put_le16(identify_data + 62, 0x07 | (1 << (val + 8))); 1670 put_le16(identify_data + 63, 0x07); 1671 put_le16(identify_data + 88, 0x3f); 1672 break; 1673 case 0x04: /* mdma mode */ 1674 put_le16(identify_data + 62, 0x07); 1675 put_le16(identify_data + 63, 0x07 | (1 << (val + 8))); 1676 put_le16(identify_data + 88, 0x3f); 1677 break; 1678 case 0x08: /* udma mode */ 1679 put_le16(identify_data + 62, 0x07); 1680 put_le16(identify_data + 63, 0x07); 1681 put_le16(identify_data + 88, 0x3f | (1 << (val + 8))); 1682 break; 1683 default: 1684 goto abort_cmd; 1685 } 1686 return true; 1687 } 1688 } 1689 1690 abort_cmd: 1691 ide_abort_command(s); 1692 return true; 1693 } 1694 1695 1696 /*** ATAPI commands ***/ 1697 1698 static bool cmd_identify_packet(IDEState *s, uint8_t cmd) 1699 { 1700 ide_atapi_identify(s); 1701 s->status = READY_STAT | SEEK_STAT; 1702 ide_transfer_start(s, s->io_buffer, 512, ide_transfer_stop); 1703 ide_set_irq(s->bus); 1704 return false; 1705 } 1706 1707 static bool cmd_exec_dev_diagnostic(IDEState *s, uint8_t cmd) 1708 { 1709 ide_set_signature(s); 1710 1711 if (s->drive_kind == IDE_CD) { 1712 s->status = 0; /* ATAPI spec (v6) section 9.10 defines packet 1713 * devices to return a clear status register 1714 * with READY_STAT *not* set. */ 1715 s->error = 0x01; 1716 } else { 1717 s->status = READY_STAT | SEEK_STAT; 1718 /* The bits of the error register are not as usual for this command! 1719 * They are part of the regular output (this is why ERR_STAT isn't set) 1720 * Device 0 passed, Device 1 passed or not present. */ 1721 s->error = 0x01; 1722 ide_set_irq(s->bus); 1723 } 1724 1725 return false; 1726 } 1727 1728 static bool cmd_packet(IDEState *s, uint8_t cmd) 1729 { 1730 /* overlapping commands not supported */ 1731 if (s->feature & 0x02) { 1732 ide_abort_command(s); 1733 return true; 1734 } 1735 1736 s->status = READY_STAT | SEEK_STAT; 1737 s->atapi_dma = s->feature & 1; 1738 if (s->atapi_dma) { 1739 s->dma_cmd = IDE_DMA_ATAPI; 1740 } 1741 s->nsector = 1; 1742 ide_transfer_start(s, s->io_buffer, ATAPI_PACKET_SIZE, 1743 ide_atapi_cmd); 1744 return false; 1745 } 1746 1747 1748 /*** CF-ATA commands ***/ 1749 1750 static bool cmd_cfa_req_ext_error_code(IDEState *s, uint8_t cmd) 1751 { 1752 s->error = 0x09; /* miscellaneous error */ 1753 s->status = READY_STAT | SEEK_STAT; 1754 ide_set_irq(s->bus); 1755 1756 return false; 1757 } 1758 1759 static bool cmd_cfa_erase_sectors(IDEState *s, uint8_t cmd) 1760 { 1761 /* WIN_SECURITY_FREEZE_LOCK has the same ID as CFA_WEAR_LEVEL and is 1762 * required for Windows 8 to work with AHCI */ 1763 1764 if (cmd == CFA_WEAR_LEVEL) { 1765 s->nsector = 0; 1766 } 1767 1768 if (cmd == CFA_ERASE_SECTORS) { 1769 s->media_changed = 1; 1770 } 1771 1772 return true; 1773 } 1774 1775 static bool cmd_cfa_translate_sector(IDEState *s, uint8_t cmd) 1776 { 1777 s->status = READY_STAT | SEEK_STAT; 1778 1779 memset(s->io_buffer, 0, 0x200); 1780 s->io_buffer[0x00] = s->hcyl; /* Cyl MSB */ 1781 s->io_buffer[0x01] = s->lcyl; /* Cyl LSB */ 1782 s->io_buffer[0x02] = s->select; /* Head */ 1783 s->io_buffer[0x03] = s->sector; /* Sector */ 1784 s->io_buffer[0x04] = ide_get_sector(s) >> 16; /* LBA MSB */ 1785 s->io_buffer[0x05] = ide_get_sector(s) >> 8; /* LBA */ 1786 s->io_buffer[0x06] = ide_get_sector(s) >> 0; /* LBA LSB */ 1787 s->io_buffer[0x13] = 0x00; /* Erase flag */ 1788 s->io_buffer[0x18] = 0x00; /* Hot count */ 1789 s->io_buffer[0x19] = 0x00; /* Hot count */ 1790 s->io_buffer[0x1a] = 0x01; /* Hot count */ 1791 1792 ide_transfer_start(s, s->io_buffer, 0x200, ide_transfer_stop); 1793 ide_set_irq(s->bus); 1794 1795 return false; 1796 } 1797 1798 static bool cmd_cfa_access_metadata_storage(IDEState *s, uint8_t cmd) 1799 { 1800 switch (s->feature) { 1801 case 0x02: /* Inquiry Metadata Storage */ 1802 ide_cfata_metadata_inquiry(s); 1803 break; 1804 case 0x03: /* Read Metadata Storage */ 1805 ide_cfata_metadata_read(s); 1806 break; 1807 case 0x04: /* Write Metadata Storage */ 1808 ide_cfata_metadata_write(s); 1809 break; 1810 default: 1811 ide_abort_command(s); 1812 return true; 1813 } 1814 1815 ide_transfer_start(s, s->io_buffer, 0x200, ide_transfer_stop); 1816 s->status = 0x00; /* NOTE: READY is _not_ set */ 1817 ide_set_irq(s->bus); 1818 1819 return false; 1820 } 1821 1822 static bool cmd_ibm_sense_condition(IDEState *s, uint8_t cmd) 1823 { 1824 switch (s->feature) { 1825 case 0x01: /* sense temperature in device */ 1826 s->nsector = 0x50; /* +20 C */ 1827 break; 1828 default: 1829 ide_abort_command(s); 1830 return true; 1831 } 1832 1833 return true; 1834 } 1835 1836 1837 /*** SMART commands ***/ 1838 1839 static bool cmd_smart(IDEState *s, uint8_t cmd) 1840 { 1841 int n; 1842 1843 if (s->hcyl != 0xc2 || s->lcyl != 0x4f) { 1844 goto abort_cmd; 1845 } 1846 1847 if (!s->smart_enabled && s->feature != SMART_ENABLE) { 1848 goto abort_cmd; 1849 } 1850 1851 switch (s->feature) { 1852 case SMART_DISABLE: 1853 s->smart_enabled = 0; 1854 return true; 1855 1856 case SMART_ENABLE: 1857 s->smart_enabled = 1; 1858 return true; 1859 1860 case SMART_ATTR_AUTOSAVE: 1861 switch (s->sector) { 1862 case 0x00: 1863 s->smart_autosave = 0; 1864 break; 1865 case 0xf1: 1866 s->smart_autosave = 1; 1867 break; 1868 default: 1869 goto abort_cmd; 1870 } 1871 return true; 1872 1873 case SMART_STATUS: 1874 if (!s->smart_errors) { 1875 s->hcyl = 0xc2; 1876 s->lcyl = 0x4f; 1877 } else { 1878 s->hcyl = 0x2c; 1879 s->lcyl = 0xf4; 1880 } 1881 return true; 1882 1883 case SMART_READ_THRESH: 1884 memset(s->io_buffer, 0, 0x200); 1885 s->io_buffer[0] = 0x01; /* smart struct version */ 1886 1887 for (n = 0; n < ARRAY_SIZE(smart_attributes); n++) { 1888 s->io_buffer[2 + 0 + (n * 12)] = smart_attributes[n][0]; 1889 s->io_buffer[2 + 1 + (n * 12)] = smart_attributes[n][11]; 1890 } 1891 1892 /* checksum */ 1893 for (n = 0; n < 511; n++) { 1894 s->io_buffer[511] += s->io_buffer[n]; 1895 } 1896 s->io_buffer[511] = 0x100 - s->io_buffer[511]; 1897 1898 s->status = READY_STAT | SEEK_STAT; 1899 ide_transfer_start(s, s->io_buffer, 0x200, ide_transfer_stop); 1900 ide_set_irq(s->bus); 1901 return false; 1902 1903 case SMART_READ_DATA: 1904 memset(s->io_buffer, 0, 0x200); 1905 s->io_buffer[0] = 0x01; /* smart struct version */ 1906 1907 for (n = 0; n < ARRAY_SIZE(smart_attributes); n++) { 1908 int i; 1909 for (i = 0; i < 11; i++) { 1910 s->io_buffer[2 + i + (n * 12)] = smart_attributes[n][i]; 1911 } 1912 } 1913 1914 s->io_buffer[362] = 0x02 | (s->smart_autosave ? 0x80 : 0x00); 1915 if (s->smart_selftest_count == 0) { 1916 s->io_buffer[363] = 0; 1917 } else { 1918 s->io_buffer[363] = 1919 s->smart_selftest_data[3 + 1920 (s->smart_selftest_count - 1) * 1921 24]; 1922 } 1923 s->io_buffer[364] = 0x20; 1924 s->io_buffer[365] = 0x01; 1925 /* offline data collection capacity: execute + self-test*/ 1926 s->io_buffer[367] = (1 << 4 | 1 << 3 | 1); 1927 s->io_buffer[368] = 0x03; /* smart capability (1) */ 1928 s->io_buffer[369] = 0x00; /* smart capability (2) */ 1929 s->io_buffer[370] = 0x01; /* error logging supported */ 1930 s->io_buffer[372] = 0x02; /* minutes for poll short test */ 1931 s->io_buffer[373] = 0x36; /* minutes for poll ext test */ 1932 s->io_buffer[374] = 0x01; /* minutes for poll conveyance */ 1933 1934 for (n = 0; n < 511; n++) { 1935 s->io_buffer[511] += s->io_buffer[n]; 1936 } 1937 s->io_buffer[511] = 0x100 - s->io_buffer[511]; 1938 1939 s->status = READY_STAT | SEEK_STAT; 1940 ide_transfer_start(s, s->io_buffer, 0x200, ide_transfer_stop); 1941 ide_set_irq(s->bus); 1942 return false; 1943 1944 case SMART_READ_LOG: 1945 switch (s->sector) { 1946 case 0x01: /* summary smart error log */ 1947 memset(s->io_buffer, 0, 0x200); 1948 s->io_buffer[0] = 0x01; 1949 s->io_buffer[1] = 0x00; /* no error entries */ 1950 s->io_buffer[452] = s->smart_errors & 0xff; 1951 s->io_buffer[453] = (s->smart_errors & 0xff00) >> 8; 1952 1953 for (n = 0; n < 511; n++) { 1954 s->io_buffer[511] += s->io_buffer[n]; 1955 } 1956 s->io_buffer[511] = 0x100 - s->io_buffer[511]; 1957 break; 1958 case 0x06: /* smart self test log */ 1959 memset(s->io_buffer, 0, 0x200); 1960 s->io_buffer[0] = 0x01; 1961 if (s->smart_selftest_count == 0) { 1962 s->io_buffer[508] = 0; 1963 } else { 1964 s->io_buffer[508] = s->smart_selftest_count; 1965 for (n = 2; n < 506; n++) { 1966 s->io_buffer[n] = s->smart_selftest_data[n]; 1967 } 1968 } 1969 1970 for (n = 0; n < 511; n++) { 1971 s->io_buffer[511] += s->io_buffer[n]; 1972 } 1973 s->io_buffer[511] = 0x100 - s->io_buffer[511]; 1974 break; 1975 default: 1976 goto abort_cmd; 1977 } 1978 s->status = READY_STAT | SEEK_STAT; 1979 ide_transfer_start(s, s->io_buffer, 0x200, ide_transfer_stop); 1980 ide_set_irq(s->bus); 1981 return false; 1982 1983 case SMART_EXECUTE_OFFLINE: 1984 switch (s->sector) { 1985 case 0: /* off-line routine */ 1986 case 1: /* short self test */ 1987 case 2: /* extended self test */ 1988 s->smart_selftest_count++; 1989 if (s->smart_selftest_count > 21) { 1990 s->smart_selftest_count = 1; 1991 } 1992 n = 2 + (s->smart_selftest_count - 1) * 24; 1993 s->smart_selftest_data[n] = s->sector; 1994 s->smart_selftest_data[n + 1] = 0x00; /* OK and finished */ 1995 s->smart_selftest_data[n + 2] = 0x34; /* hour count lsb */ 1996 s->smart_selftest_data[n + 3] = 0x12; /* hour count msb */ 1997 break; 1998 default: 1999 goto abort_cmd; 2000 } 2001 return true; 2002 } 2003 2004 abort_cmd: 2005 ide_abort_command(s); 2006 return true; 2007 } 2008 2009 #define HD_OK (1u << IDE_HD) 2010 #define CD_OK (1u << IDE_CD) 2011 #define CFA_OK (1u << IDE_CFATA) 2012 #define HD_CFA_OK (HD_OK | CFA_OK) 2013 #define ALL_OK (HD_OK | CD_OK | CFA_OK) 2014 2015 /* Set the Disk Seek Completed status bit during completion */ 2016 #define SET_DSC (1u << 8) 2017 2018 /* See ACS-2 T13/2015-D Table B.2 Command codes */ 2019 static const struct { 2020 /* Returns true if the completion code should be run */ 2021 bool (*handler)(IDEState *s, uint8_t cmd); 2022 int flags; 2023 } ide_cmd_table[0x100] = { 2024 /* NOP not implemented, mandatory for CD */ 2025 [CFA_REQ_EXT_ERROR_CODE] = { cmd_cfa_req_ext_error_code, CFA_OK }, 2026 [WIN_DSM] = { cmd_data_set_management, HD_CFA_OK }, 2027 [WIN_DEVICE_RESET] = { cmd_device_reset, CD_OK }, 2028 [WIN_RECAL] = { cmd_nop, HD_CFA_OK | SET_DSC}, 2029 [WIN_READ] = { cmd_read_pio, ALL_OK }, 2030 [WIN_READ_ONCE] = { cmd_read_pio, HD_CFA_OK }, 2031 [WIN_READ_EXT] = { cmd_read_pio, HD_CFA_OK }, 2032 [WIN_READDMA_EXT] = { cmd_read_dma, HD_CFA_OK }, 2033 [WIN_READ_NATIVE_MAX_EXT] = { cmd_read_native_max, HD_CFA_OK | SET_DSC }, 2034 [WIN_MULTREAD_EXT] = { cmd_read_multiple, HD_CFA_OK }, 2035 [WIN_WRITE] = { cmd_write_pio, HD_CFA_OK }, 2036 [WIN_WRITE_ONCE] = { cmd_write_pio, HD_CFA_OK }, 2037 [WIN_WRITE_EXT] = { cmd_write_pio, HD_CFA_OK }, 2038 [WIN_WRITEDMA_EXT] = { cmd_write_dma, HD_CFA_OK }, 2039 [CFA_WRITE_SECT_WO_ERASE] = { cmd_write_pio, CFA_OK }, 2040 [WIN_MULTWRITE_EXT] = { cmd_write_multiple, HD_CFA_OK }, 2041 [WIN_WRITE_VERIFY] = { cmd_write_pio, HD_CFA_OK }, 2042 [WIN_VERIFY] = { cmd_verify, HD_CFA_OK | SET_DSC }, 2043 [WIN_VERIFY_ONCE] = { cmd_verify, HD_CFA_OK | SET_DSC }, 2044 [WIN_VERIFY_EXT] = { cmd_verify, HD_CFA_OK | SET_DSC }, 2045 [WIN_SEEK] = { cmd_seek, HD_CFA_OK | SET_DSC }, 2046 [CFA_TRANSLATE_SECTOR] = { cmd_cfa_translate_sector, CFA_OK }, 2047 [WIN_DIAGNOSE] = { cmd_exec_dev_diagnostic, ALL_OK }, 2048 [WIN_SPECIFY] = { cmd_nop, HD_CFA_OK | SET_DSC }, 2049 [WIN_STANDBYNOW2] = { cmd_nop, HD_CFA_OK }, 2050 [WIN_IDLEIMMEDIATE2] = { cmd_nop, HD_CFA_OK }, 2051 [WIN_STANDBY2] = { cmd_nop, HD_CFA_OK }, 2052 [WIN_SETIDLE2] = { cmd_nop, HD_CFA_OK }, 2053 [WIN_CHECKPOWERMODE2] = { cmd_check_power_mode, HD_CFA_OK | SET_DSC }, 2054 [WIN_SLEEPNOW2] = { cmd_nop, HD_CFA_OK }, 2055 [WIN_PACKETCMD] = { cmd_packet, CD_OK }, 2056 [WIN_PIDENTIFY] = { cmd_identify_packet, CD_OK }, 2057 [WIN_SMART] = { cmd_smart, HD_CFA_OK | SET_DSC }, 2058 [CFA_ACCESS_METADATA_STORAGE] = { cmd_cfa_access_metadata_storage, CFA_OK }, 2059 [CFA_ERASE_SECTORS] = { cmd_cfa_erase_sectors, CFA_OK | SET_DSC }, 2060 [WIN_MULTREAD] = { cmd_read_multiple, HD_CFA_OK }, 2061 [WIN_MULTWRITE] = { cmd_write_multiple, HD_CFA_OK }, 2062 [WIN_SETMULT] = { cmd_set_multiple_mode, HD_CFA_OK | SET_DSC }, 2063 [WIN_READDMA] = { cmd_read_dma, HD_CFA_OK }, 2064 [WIN_READDMA_ONCE] = { cmd_read_dma, HD_CFA_OK }, 2065 [WIN_WRITEDMA] = { cmd_write_dma, HD_CFA_OK }, 2066 [WIN_WRITEDMA_ONCE] = { cmd_write_dma, HD_CFA_OK }, 2067 [CFA_WRITE_MULTI_WO_ERASE] = { cmd_write_multiple, CFA_OK }, 2068 [WIN_STANDBYNOW1] = { cmd_nop, HD_CFA_OK }, 2069 [WIN_IDLEIMMEDIATE] = { cmd_nop, HD_CFA_OK }, 2070 [WIN_STANDBY] = { cmd_nop, HD_CFA_OK }, 2071 [WIN_SETIDLE1] = { cmd_nop, HD_CFA_OK }, 2072 [WIN_CHECKPOWERMODE1] = { cmd_check_power_mode, HD_CFA_OK | SET_DSC }, 2073 [WIN_SLEEPNOW1] = { cmd_nop, HD_CFA_OK }, 2074 [WIN_FLUSH_CACHE] = { cmd_flush_cache, ALL_OK }, 2075 [WIN_FLUSH_CACHE_EXT] = { cmd_flush_cache, HD_CFA_OK }, 2076 [WIN_IDENTIFY] = { cmd_identify, ALL_OK }, 2077 [WIN_SETFEATURES] = { cmd_set_features, ALL_OK | SET_DSC }, 2078 [IBM_SENSE_CONDITION] = { cmd_ibm_sense_condition, CFA_OK | SET_DSC }, 2079 [CFA_WEAR_LEVEL] = { cmd_cfa_erase_sectors, HD_CFA_OK | SET_DSC }, 2080 [WIN_READ_NATIVE_MAX] = { cmd_read_native_max, HD_CFA_OK | SET_DSC }, 2081 }; 2082 2083 static bool ide_cmd_permitted(IDEState *s, uint32_t cmd) 2084 { 2085 return cmd < ARRAY_SIZE(ide_cmd_table) 2086 && (ide_cmd_table[cmd].flags & (1u << s->drive_kind)); 2087 } 2088 2089 void ide_exec_cmd(IDEBus *bus, uint32_t val) 2090 { 2091 IDEState *s; 2092 bool complete; 2093 2094 s = idebus_active_if(bus); 2095 trace_ide_exec_cmd(bus, s, val); 2096 2097 /* ignore commands to non existent slave */ 2098 if (s != bus->ifs && !s->blk) { 2099 return; 2100 } 2101 2102 /* Only RESET is allowed while BSY and/or DRQ are set, 2103 * and only to ATAPI devices. */ 2104 if (s->status & (BUSY_STAT|DRQ_STAT)) { 2105 if (val != WIN_DEVICE_RESET || s->drive_kind != IDE_CD) { 2106 return; 2107 } 2108 } 2109 2110 if (!ide_cmd_permitted(s, val)) { 2111 ide_abort_command(s); 2112 ide_set_irq(s->bus); 2113 return; 2114 } 2115 2116 s->status = READY_STAT | BUSY_STAT; 2117 s->error = 0; 2118 s->io_buffer_offset = 0; 2119 2120 complete = ide_cmd_table[val].handler(s, val); 2121 if (complete) { 2122 s->status &= ~BUSY_STAT; 2123 assert(!!s->error == !!(s->status & ERR_STAT)); 2124 2125 if ((ide_cmd_table[val].flags & SET_DSC) && !s->error) { 2126 s->status |= SEEK_STAT; 2127 } 2128 2129 ide_cmd_done(s); 2130 ide_set_irq(s->bus); 2131 } 2132 } 2133 2134 /* IOport [R]ead [R]egisters */ 2135 enum ATA_IOPORT_RR { 2136 ATA_IOPORT_RR_DATA = 0, 2137 ATA_IOPORT_RR_ERROR = 1, 2138 ATA_IOPORT_RR_SECTOR_COUNT = 2, 2139 ATA_IOPORT_RR_SECTOR_NUMBER = 3, 2140 ATA_IOPORT_RR_CYLINDER_LOW = 4, 2141 ATA_IOPORT_RR_CYLINDER_HIGH = 5, 2142 ATA_IOPORT_RR_DEVICE_HEAD = 6, 2143 ATA_IOPORT_RR_STATUS = 7, 2144 ATA_IOPORT_RR_NUM_REGISTERS, 2145 }; 2146 2147 const char *ATA_IOPORT_RR_lookup[ATA_IOPORT_RR_NUM_REGISTERS] = { 2148 [ATA_IOPORT_RR_DATA] = "Data", 2149 [ATA_IOPORT_RR_ERROR] = "Error", 2150 [ATA_IOPORT_RR_SECTOR_COUNT] = "Sector Count", 2151 [ATA_IOPORT_RR_SECTOR_NUMBER] = "Sector Number", 2152 [ATA_IOPORT_RR_CYLINDER_LOW] = "Cylinder Low", 2153 [ATA_IOPORT_RR_CYLINDER_HIGH] = "Cylinder High", 2154 [ATA_IOPORT_RR_DEVICE_HEAD] = "Device/Head", 2155 [ATA_IOPORT_RR_STATUS] = "Status" 2156 }; 2157 2158 uint32_t ide_ioport_read(void *opaque, uint32_t addr) 2159 { 2160 IDEBus *bus = opaque; 2161 IDEState *s = idebus_active_if(bus); 2162 uint32_t reg_num; 2163 int ret, hob; 2164 2165 reg_num = addr & 7; 2166 hob = bus->cmd & (IDE_CTRL_HOB); 2167 switch (reg_num) { 2168 case ATA_IOPORT_RR_DATA: 2169 ret = 0xff; 2170 break; 2171 case ATA_IOPORT_RR_ERROR: 2172 if ((!bus->ifs[0].blk && !bus->ifs[1].blk) || 2173 (s != bus->ifs && !s->blk)) { 2174 ret = 0; 2175 } else if (!hob) { 2176 ret = s->error; 2177 } else { 2178 ret = s->hob_feature; 2179 } 2180 break; 2181 case ATA_IOPORT_RR_SECTOR_COUNT: 2182 if (!bus->ifs[0].blk && !bus->ifs[1].blk) { 2183 ret = 0; 2184 } else if (!hob) { 2185 ret = s->nsector & 0xff; 2186 } else { 2187 ret = s->hob_nsector; 2188 } 2189 break; 2190 case ATA_IOPORT_RR_SECTOR_NUMBER: 2191 if (!bus->ifs[0].blk && !bus->ifs[1].blk) { 2192 ret = 0; 2193 } else if (!hob) { 2194 ret = s->sector; 2195 } else { 2196 ret = s->hob_sector; 2197 } 2198 break; 2199 case ATA_IOPORT_RR_CYLINDER_LOW: 2200 if (!bus->ifs[0].blk && !bus->ifs[1].blk) { 2201 ret = 0; 2202 } else if (!hob) { 2203 ret = s->lcyl; 2204 } else { 2205 ret = s->hob_lcyl; 2206 } 2207 break; 2208 case ATA_IOPORT_RR_CYLINDER_HIGH: 2209 if (!bus->ifs[0].blk && !bus->ifs[1].blk) { 2210 ret = 0; 2211 } else if (!hob) { 2212 ret = s->hcyl; 2213 } else { 2214 ret = s->hob_hcyl; 2215 } 2216 break; 2217 case ATA_IOPORT_RR_DEVICE_HEAD: 2218 if (!bus->ifs[0].blk && !bus->ifs[1].blk) { 2219 ret = 0; 2220 } else { 2221 ret = s->select; 2222 } 2223 break; 2224 default: 2225 case ATA_IOPORT_RR_STATUS: 2226 if ((!bus->ifs[0].blk && !bus->ifs[1].blk) || 2227 (s != bus->ifs && !s->blk)) { 2228 ret = 0; 2229 } else { 2230 ret = s->status; 2231 } 2232 qemu_irq_lower(bus->irq); 2233 break; 2234 } 2235 2236 trace_ide_ioport_read(addr, ATA_IOPORT_RR_lookup[reg_num], ret, bus, s); 2237 return ret; 2238 } 2239 2240 uint32_t ide_status_read(void *opaque, uint32_t addr) 2241 { 2242 IDEBus *bus = opaque; 2243 IDEState *s = idebus_active_if(bus); 2244 int ret; 2245 2246 if ((!bus->ifs[0].blk && !bus->ifs[1].blk) || 2247 (s != bus->ifs && !s->blk)) { 2248 ret = 0; 2249 } else { 2250 ret = s->status; 2251 } 2252 2253 trace_ide_status_read(addr, ret, bus, s); 2254 return ret; 2255 } 2256 2257 static void ide_perform_srst(IDEState *s) 2258 { 2259 s->status |= BUSY_STAT; 2260 2261 /* Halt PIO (Via register state); PIO BH remains scheduled. */ 2262 ide_transfer_halt(s); 2263 2264 /* Cancel DMA -- may drain block device and invoke callbacks */ 2265 ide_cancel_dma_sync(s); 2266 2267 /* Cancel PIO callback, reset registers/signature, etc */ 2268 ide_reset(s); 2269 2270 /* perform diagnostic */ 2271 cmd_exec_dev_diagnostic(s, WIN_DIAGNOSE); 2272 } 2273 2274 static void ide_bus_perform_srst(void *opaque) 2275 { 2276 IDEBus *bus = opaque; 2277 IDEState *s; 2278 int i; 2279 2280 for (i = 0; i < 2; i++) { 2281 s = &bus->ifs[i]; 2282 ide_perform_srst(s); 2283 } 2284 2285 bus->cmd &= ~IDE_CTRL_RESET; 2286 } 2287 2288 void ide_ctrl_write(void *opaque, uint32_t addr, uint32_t val) 2289 { 2290 IDEBus *bus = opaque; 2291 IDEState *s; 2292 int i; 2293 2294 trace_ide_ctrl_write(addr, val, bus); 2295 2296 /* Device0 and Device1 each have their own control register, 2297 * but QEMU models it as just one register in the controller. */ 2298 if (!(bus->cmd & IDE_CTRL_RESET) && (val & IDE_CTRL_RESET)) { 2299 for (i = 0; i < 2; i++) { 2300 s = &bus->ifs[i]; 2301 s->status |= BUSY_STAT; 2302 } 2303 replay_bh_schedule_oneshot_event(qemu_get_aio_context(), 2304 ide_bus_perform_srst, bus); 2305 } 2306 2307 bus->cmd = val; 2308 } 2309 2310 /* 2311 * Returns true if the running PIO transfer is a PIO out (i.e. data is 2312 * transferred from the device to the guest), false if it's a PIO in 2313 */ 2314 static bool ide_is_pio_out(IDEState *s) 2315 { 2316 if (s->end_transfer_func == ide_sector_write || 2317 s->end_transfer_func == ide_atapi_cmd) { 2318 return false; 2319 } else if (s->end_transfer_func == ide_sector_read || 2320 s->end_transfer_func == ide_transfer_stop || 2321 s->end_transfer_func == ide_atapi_cmd_reply_end || 2322 s->end_transfer_func == ide_dummy_transfer_stop) { 2323 return true; 2324 } 2325 2326 abort(); 2327 } 2328 2329 void ide_data_writew(void *opaque, uint32_t addr, uint32_t val) 2330 { 2331 IDEBus *bus = opaque; 2332 IDEState *s = idebus_active_if(bus); 2333 uint8_t *p; 2334 2335 trace_ide_data_writew(addr, val, bus, s); 2336 2337 /* PIO data access allowed only when DRQ bit is set. The result of a write 2338 * during PIO out is indeterminate, just ignore it. */ 2339 if (!(s->status & DRQ_STAT) || ide_is_pio_out(s)) { 2340 return; 2341 } 2342 2343 p = s->data_ptr; 2344 if (p + 2 > s->data_end) { 2345 return; 2346 } 2347 2348 *(uint16_t *)p = le16_to_cpu(val); 2349 p += 2; 2350 s->data_ptr = p; 2351 if (p >= s->data_end) { 2352 s->status &= ~DRQ_STAT; 2353 s->end_transfer_func(s); 2354 } 2355 } 2356 2357 uint32_t ide_data_readw(void *opaque, uint32_t addr) 2358 { 2359 IDEBus *bus = opaque; 2360 IDEState *s = idebus_active_if(bus); 2361 uint8_t *p; 2362 int ret; 2363 2364 /* PIO data access allowed only when DRQ bit is set. The result of a read 2365 * during PIO in is indeterminate, return 0 and don't move forward. */ 2366 if (!(s->status & DRQ_STAT) || !ide_is_pio_out(s)) { 2367 return 0; 2368 } 2369 2370 p = s->data_ptr; 2371 if (p + 2 > s->data_end) { 2372 return 0; 2373 } 2374 2375 ret = cpu_to_le16(*(uint16_t *)p); 2376 p += 2; 2377 s->data_ptr = p; 2378 if (p >= s->data_end) { 2379 s->status &= ~DRQ_STAT; 2380 s->end_transfer_func(s); 2381 } 2382 2383 trace_ide_data_readw(addr, ret, bus, s); 2384 return ret; 2385 } 2386 2387 void ide_data_writel(void *opaque, uint32_t addr, uint32_t val) 2388 { 2389 IDEBus *bus = opaque; 2390 IDEState *s = idebus_active_if(bus); 2391 uint8_t *p; 2392 2393 trace_ide_data_writel(addr, val, bus, s); 2394 2395 /* PIO data access allowed only when DRQ bit is set. The result of a write 2396 * during PIO out is indeterminate, just ignore it. */ 2397 if (!(s->status & DRQ_STAT) || ide_is_pio_out(s)) { 2398 return; 2399 } 2400 2401 p = s->data_ptr; 2402 if (p + 4 > s->data_end) { 2403 return; 2404 } 2405 2406 *(uint32_t *)p = le32_to_cpu(val); 2407 p += 4; 2408 s->data_ptr = p; 2409 if (p >= s->data_end) { 2410 s->status &= ~DRQ_STAT; 2411 s->end_transfer_func(s); 2412 } 2413 } 2414 2415 uint32_t ide_data_readl(void *opaque, uint32_t addr) 2416 { 2417 IDEBus *bus = opaque; 2418 IDEState *s = idebus_active_if(bus); 2419 uint8_t *p; 2420 int ret; 2421 2422 /* PIO data access allowed only when DRQ bit is set. The result of a read 2423 * during PIO in is indeterminate, return 0 and don't move forward. */ 2424 if (!(s->status & DRQ_STAT) || !ide_is_pio_out(s)) { 2425 ret = 0; 2426 goto out; 2427 } 2428 2429 p = s->data_ptr; 2430 if (p + 4 > s->data_end) { 2431 return 0; 2432 } 2433 2434 ret = cpu_to_le32(*(uint32_t *)p); 2435 p += 4; 2436 s->data_ptr = p; 2437 if (p >= s->data_end) { 2438 s->status &= ~DRQ_STAT; 2439 s->end_transfer_func(s); 2440 } 2441 2442 out: 2443 trace_ide_data_readl(addr, ret, bus, s); 2444 return ret; 2445 } 2446 2447 static void ide_dummy_transfer_stop(IDEState *s) 2448 { 2449 s->data_ptr = s->io_buffer; 2450 s->data_end = s->io_buffer; 2451 s->io_buffer[0] = 0xff; 2452 s->io_buffer[1] = 0xff; 2453 s->io_buffer[2] = 0xff; 2454 s->io_buffer[3] = 0xff; 2455 } 2456 2457 void ide_bus_reset(IDEBus *bus) 2458 { 2459 bus->unit = 0; 2460 bus->cmd = 0; 2461 ide_reset(&bus->ifs[0]); 2462 ide_reset(&bus->ifs[1]); 2463 ide_clear_hob(bus); 2464 2465 /* pending async DMA */ 2466 if (bus->dma->aiocb) { 2467 trace_ide_bus_reset_aio(); 2468 blk_aio_cancel(bus->dma->aiocb); 2469 bus->dma->aiocb = NULL; 2470 } 2471 2472 /* reset dma provider too */ 2473 if (bus->dma->ops->reset) { 2474 bus->dma->ops->reset(bus->dma); 2475 } 2476 } 2477 2478 static bool ide_cd_is_tray_open(void *opaque) 2479 { 2480 return ((IDEState *)opaque)->tray_open; 2481 } 2482 2483 static bool ide_cd_is_medium_locked(void *opaque) 2484 { 2485 return ((IDEState *)opaque)->tray_locked; 2486 } 2487 2488 static void ide_resize_cb(void *opaque) 2489 { 2490 IDEState *s = opaque; 2491 uint64_t nb_sectors; 2492 2493 if (!s->identify_set) { 2494 return; 2495 } 2496 2497 blk_get_geometry(s->blk, &nb_sectors); 2498 s->nb_sectors = nb_sectors; 2499 2500 /* Update the identify data buffer. */ 2501 if (s->drive_kind == IDE_CFATA) { 2502 ide_cfata_identify_size(s); 2503 } else { 2504 /* IDE_CD uses a different set of callbacks entirely. */ 2505 assert(s->drive_kind != IDE_CD); 2506 ide_identify_size(s); 2507 } 2508 } 2509 2510 static const BlockDevOps ide_cd_block_ops = { 2511 .change_media_cb = ide_cd_change_cb, 2512 .eject_request_cb = ide_cd_eject_request_cb, 2513 .is_tray_open = ide_cd_is_tray_open, 2514 .is_medium_locked = ide_cd_is_medium_locked, 2515 }; 2516 2517 static const BlockDevOps ide_hd_block_ops = { 2518 .resize_cb = ide_resize_cb, 2519 }; 2520 2521 int ide_init_drive(IDEState *s, BlockBackend *blk, IDEDriveKind kind, 2522 const char *version, const char *serial, const char *model, 2523 uint64_t wwn, 2524 uint32_t cylinders, uint32_t heads, uint32_t secs, 2525 int chs_trans, Error **errp) 2526 { 2527 uint64_t nb_sectors; 2528 2529 s->blk = blk; 2530 s->drive_kind = kind; 2531 2532 blk_get_geometry(blk, &nb_sectors); 2533 s->cylinders = cylinders; 2534 s->heads = heads; 2535 s->sectors = secs; 2536 s->chs_trans = chs_trans; 2537 s->nb_sectors = nb_sectors; 2538 s->wwn = wwn; 2539 /* The SMART values should be preserved across power cycles 2540 but they aren't. */ 2541 s->smart_enabled = 1; 2542 s->smart_autosave = 1; 2543 s->smart_errors = 0; 2544 s->smart_selftest_count = 0; 2545 if (kind == IDE_CD) { 2546 blk_set_dev_ops(blk, &ide_cd_block_ops, s); 2547 blk_set_guest_block_size(blk, 2048); 2548 } else { 2549 if (!blk_is_inserted(s->blk)) { 2550 error_setg(errp, "Device needs media, but drive is empty"); 2551 return -1; 2552 } 2553 if (!blk_is_writable(blk)) { 2554 error_setg(errp, "Can't use a read-only drive"); 2555 return -1; 2556 } 2557 blk_set_dev_ops(blk, &ide_hd_block_ops, s); 2558 } 2559 if (serial) { 2560 pstrcpy(s->drive_serial_str, sizeof(s->drive_serial_str), serial); 2561 } else { 2562 snprintf(s->drive_serial_str, sizeof(s->drive_serial_str), 2563 "QM%05d", s->drive_serial); 2564 } 2565 if (model) { 2566 pstrcpy(s->drive_model_str, sizeof(s->drive_model_str), model); 2567 } else { 2568 switch (kind) { 2569 case IDE_CD: 2570 strcpy(s->drive_model_str, "QEMU DVD-ROM"); 2571 break; 2572 case IDE_CFATA: 2573 strcpy(s->drive_model_str, "QEMU MICRODRIVE"); 2574 break; 2575 default: 2576 strcpy(s->drive_model_str, "QEMU HARDDISK"); 2577 break; 2578 } 2579 } 2580 2581 if (version) { 2582 pstrcpy(s->version, sizeof(s->version), version); 2583 } else { 2584 pstrcpy(s->version, sizeof(s->version), qemu_hw_version()); 2585 } 2586 2587 ide_reset(s); 2588 blk_iostatus_enable(blk); 2589 return 0; 2590 } 2591 2592 static void ide_init1(IDEBus *bus, int unit) 2593 { 2594 static int drive_serial = 1; 2595 IDEState *s = &bus->ifs[unit]; 2596 2597 s->bus = bus; 2598 s->unit = unit; 2599 s->drive_serial = drive_serial++; 2600 /* we need at least 2k alignment for accessing CDROMs using O_DIRECT */ 2601 s->io_buffer_total_len = IDE_DMA_BUF_SECTORS*512 + 4; 2602 s->io_buffer = qemu_memalign(2048, s->io_buffer_total_len); 2603 memset(s->io_buffer, 0, s->io_buffer_total_len); 2604 2605 s->smart_selftest_data = blk_blockalign(s->blk, 512); 2606 memset(s->smart_selftest_data, 0, 512); 2607 2608 s->sector_write_timer = timer_new_ns(QEMU_CLOCK_VIRTUAL, 2609 ide_sector_write_timer_cb, s); 2610 } 2611 2612 static int ide_nop_int(const IDEDMA *dma, bool is_write) 2613 { 2614 return 0; 2615 } 2616 2617 static void ide_nop(const IDEDMA *dma) 2618 { 2619 } 2620 2621 static int32_t ide_nop_int32(const IDEDMA *dma, int32_t l) 2622 { 2623 return 0; 2624 } 2625 2626 static const IDEDMAOps ide_dma_nop_ops = { 2627 .prepare_buf = ide_nop_int32, 2628 .restart_dma = ide_nop, 2629 .rw_buf = ide_nop_int, 2630 }; 2631 2632 static void ide_restart_dma(IDEState *s, enum ide_dma_cmd dma_cmd) 2633 { 2634 s->unit = s->bus->retry_unit; 2635 ide_set_sector(s, s->bus->retry_sector_num); 2636 s->nsector = s->bus->retry_nsector; 2637 s->bus->dma->ops->restart_dma(s->bus->dma); 2638 s->io_buffer_size = 0; 2639 s->dma_cmd = dma_cmd; 2640 ide_start_dma(s, ide_dma_cb); 2641 } 2642 2643 static void ide_restart_bh(void *opaque) 2644 { 2645 IDEBus *bus = opaque; 2646 IDEState *s; 2647 bool is_read; 2648 int error_status; 2649 2650 qemu_bh_delete(bus->bh); 2651 bus->bh = NULL; 2652 2653 error_status = bus->error_status; 2654 if (bus->error_status == 0) { 2655 return; 2656 } 2657 2658 s = idebus_active_if(bus); 2659 is_read = (bus->error_status & IDE_RETRY_READ) != 0; 2660 2661 /* The error status must be cleared before resubmitting the request: The 2662 * request may fail again, and this case can only be distinguished if the 2663 * called function can set a new error status. */ 2664 bus->error_status = 0; 2665 2666 /* The HBA has generically asked to be kicked on retry */ 2667 if (error_status & IDE_RETRY_HBA) { 2668 if (s->bus->dma->ops->restart) { 2669 s->bus->dma->ops->restart(s->bus->dma); 2670 } 2671 } else if (IS_IDE_RETRY_DMA(error_status)) { 2672 if (error_status & IDE_RETRY_TRIM) { 2673 ide_restart_dma(s, IDE_DMA_TRIM); 2674 } else { 2675 ide_restart_dma(s, is_read ? IDE_DMA_READ : IDE_DMA_WRITE); 2676 } 2677 } else if (IS_IDE_RETRY_PIO(error_status)) { 2678 if (is_read) { 2679 ide_sector_read(s); 2680 } else { 2681 ide_sector_write(s); 2682 } 2683 } else if (error_status & IDE_RETRY_FLUSH) { 2684 ide_flush_cache(s); 2685 } else if (IS_IDE_RETRY_ATAPI(error_status)) { 2686 assert(s->end_transfer_func == ide_atapi_cmd); 2687 ide_atapi_dma_restart(s); 2688 } else { 2689 abort(); 2690 } 2691 } 2692 2693 static void ide_restart_cb(void *opaque, bool running, RunState state) 2694 { 2695 IDEBus *bus = opaque; 2696 2697 if (!running) 2698 return; 2699 2700 if (!bus->bh) { 2701 bus->bh = qemu_bh_new(ide_restart_bh, bus); 2702 qemu_bh_schedule(bus->bh); 2703 } 2704 } 2705 2706 void ide_register_restart_cb(IDEBus *bus) 2707 { 2708 if (bus->dma->ops->restart_dma) { 2709 bus->vmstate = qemu_add_vm_change_state_handler(ide_restart_cb, bus); 2710 } 2711 } 2712 2713 static IDEDMA ide_dma_nop = { 2714 .ops = &ide_dma_nop_ops, 2715 .aiocb = NULL, 2716 }; 2717 2718 void ide_init2(IDEBus *bus, qemu_irq irq) 2719 { 2720 int i; 2721 2722 for(i = 0; i < 2; i++) { 2723 ide_init1(bus, i); 2724 ide_reset(&bus->ifs[i]); 2725 } 2726 bus->irq = irq; 2727 bus->dma = &ide_dma_nop; 2728 } 2729 2730 void ide_exit(IDEState *s) 2731 { 2732 timer_free(s->sector_write_timer); 2733 qemu_vfree(s->smart_selftest_data); 2734 qemu_vfree(s->io_buffer); 2735 } 2736 2737 static bool is_identify_set(void *opaque, int version_id) 2738 { 2739 IDEState *s = opaque; 2740 2741 return s->identify_set != 0; 2742 } 2743 2744 static EndTransferFunc* transfer_end_table[] = { 2745 ide_sector_read, 2746 ide_sector_write, 2747 ide_transfer_stop, 2748 ide_atapi_cmd_reply_end, 2749 ide_atapi_cmd, 2750 ide_dummy_transfer_stop, 2751 }; 2752 2753 static int transfer_end_table_idx(EndTransferFunc *fn) 2754 { 2755 int i; 2756 2757 for (i = 0; i < ARRAY_SIZE(transfer_end_table); i++) 2758 if (transfer_end_table[i] == fn) 2759 return i; 2760 2761 return -1; 2762 } 2763 2764 static int ide_drive_post_load(void *opaque, int version_id) 2765 { 2766 IDEState *s = opaque; 2767 2768 if (s->blk && s->identify_set) { 2769 blk_set_enable_write_cache(s->blk, !!(s->identify_data[85] & (1 << 5))); 2770 } 2771 return 0; 2772 } 2773 2774 static int ide_drive_pio_post_load(void *opaque, int version_id) 2775 { 2776 IDEState *s = opaque; 2777 2778 if (s->end_transfer_fn_idx >= ARRAY_SIZE(transfer_end_table)) { 2779 return -EINVAL; 2780 } 2781 s->end_transfer_func = transfer_end_table[s->end_transfer_fn_idx]; 2782 s->data_ptr = s->io_buffer + s->cur_io_buffer_offset; 2783 s->data_end = s->data_ptr + s->cur_io_buffer_len; 2784 s->atapi_dma = s->feature & 1; /* as per cmd_packet */ 2785 2786 return 0; 2787 } 2788 2789 static int ide_drive_pio_pre_save(void *opaque) 2790 { 2791 IDEState *s = opaque; 2792 int idx; 2793 2794 s->cur_io_buffer_offset = s->data_ptr - s->io_buffer; 2795 s->cur_io_buffer_len = s->data_end - s->data_ptr; 2796 2797 idx = transfer_end_table_idx(s->end_transfer_func); 2798 if (idx == -1) { 2799 fprintf(stderr, "%s: invalid end_transfer_func for DRQ_STAT\n", 2800 __func__); 2801 s->end_transfer_fn_idx = 2; 2802 } else { 2803 s->end_transfer_fn_idx = idx; 2804 } 2805 2806 return 0; 2807 } 2808 2809 static bool ide_drive_pio_state_needed(void *opaque) 2810 { 2811 IDEState *s = opaque; 2812 2813 return ((s->status & DRQ_STAT) != 0) 2814 || (s->bus->error_status & IDE_RETRY_PIO); 2815 } 2816 2817 static bool ide_tray_state_needed(void *opaque) 2818 { 2819 IDEState *s = opaque; 2820 2821 return s->tray_open || s->tray_locked; 2822 } 2823 2824 static bool ide_atapi_gesn_needed(void *opaque) 2825 { 2826 IDEState *s = opaque; 2827 2828 return s->events.new_media || s->events.eject_request; 2829 } 2830 2831 static bool ide_error_needed(void *opaque) 2832 { 2833 IDEBus *bus = opaque; 2834 2835 return (bus->error_status != 0); 2836 } 2837 2838 /* Fields for GET_EVENT_STATUS_NOTIFICATION ATAPI command */ 2839 static const VMStateDescription vmstate_ide_atapi_gesn_state = { 2840 .name ="ide_drive/atapi/gesn_state", 2841 .version_id = 1, 2842 .minimum_version_id = 1, 2843 .needed = ide_atapi_gesn_needed, 2844 .fields = (VMStateField[]) { 2845 VMSTATE_BOOL(events.new_media, IDEState), 2846 VMSTATE_BOOL(events.eject_request, IDEState), 2847 VMSTATE_END_OF_LIST() 2848 } 2849 }; 2850 2851 static const VMStateDescription vmstate_ide_tray_state = { 2852 .name = "ide_drive/tray_state", 2853 .version_id = 1, 2854 .minimum_version_id = 1, 2855 .needed = ide_tray_state_needed, 2856 .fields = (VMStateField[]) { 2857 VMSTATE_BOOL(tray_open, IDEState), 2858 VMSTATE_BOOL(tray_locked, IDEState), 2859 VMSTATE_END_OF_LIST() 2860 } 2861 }; 2862 2863 static const VMStateDescription vmstate_ide_drive_pio_state = { 2864 .name = "ide_drive/pio_state", 2865 .version_id = 1, 2866 .minimum_version_id = 1, 2867 .pre_save = ide_drive_pio_pre_save, 2868 .post_load = ide_drive_pio_post_load, 2869 .needed = ide_drive_pio_state_needed, 2870 .fields = (VMStateField[]) { 2871 VMSTATE_INT32(req_nb_sectors, IDEState), 2872 VMSTATE_VARRAY_INT32(io_buffer, IDEState, io_buffer_total_len, 1, 2873 vmstate_info_uint8, uint8_t), 2874 VMSTATE_INT32(cur_io_buffer_offset, IDEState), 2875 VMSTATE_INT32(cur_io_buffer_len, IDEState), 2876 VMSTATE_UINT8(end_transfer_fn_idx, IDEState), 2877 VMSTATE_INT32(elementary_transfer_size, IDEState), 2878 VMSTATE_INT32(packet_transfer_size, IDEState), 2879 VMSTATE_END_OF_LIST() 2880 } 2881 }; 2882 2883 const VMStateDescription vmstate_ide_drive = { 2884 .name = "ide_drive", 2885 .version_id = 3, 2886 .minimum_version_id = 0, 2887 .post_load = ide_drive_post_load, 2888 .fields = (VMStateField[]) { 2889 VMSTATE_INT32(mult_sectors, IDEState), 2890 VMSTATE_INT32(identify_set, IDEState), 2891 VMSTATE_BUFFER_TEST(identify_data, IDEState, is_identify_set), 2892 VMSTATE_UINT8(feature, IDEState), 2893 VMSTATE_UINT8(error, IDEState), 2894 VMSTATE_UINT32(nsector, IDEState), 2895 VMSTATE_UINT8(sector, IDEState), 2896 VMSTATE_UINT8(lcyl, IDEState), 2897 VMSTATE_UINT8(hcyl, IDEState), 2898 VMSTATE_UINT8(hob_feature, IDEState), 2899 VMSTATE_UINT8(hob_sector, IDEState), 2900 VMSTATE_UINT8(hob_nsector, IDEState), 2901 VMSTATE_UINT8(hob_lcyl, IDEState), 2902 VMSTATE_UINT8(hob_hcyl, IDEState), 2903 VMSTATE_UINT8(select, IDEState), 2904 VMSTATE_UINT8(status, IDEState), 2905 VMSTATE_UINT8(lba48, IDEState), 2906 VMSTATE_UINT8(sense_key, IDEState), 2907 VMSTATE_UINT8(asc, IDEState), 2908 VMSTATE_UINT8_V(cdrom_changed, IDEState, 3), 2909 VMSTATE_END_OF_LIST() 2910 }, 2911 .subsections = (const VMStateDescription*[]) { 2912 &vmstate_ide_drive_pio_state, 2913 &vmstate_ide_tray_state, 2914 &vmstate_ide_atapi_gesn_state, 2915 NULL 2916 } 2917 }; 2918 2919 static const VMStateDescription vmstate_ide_error_status = { 2920 .name ="ide_bus/error", 2921 .version_id = 2, 2922 .minimum_version_id = 1, 2923 .needed = ide_error_needed, 2924 .fields = (VMStateField[]) { 2925 VMSTATE_INT32(error_status, IDEBus), 2926 VMSTATE_INT64_V(retry_sector_num, IDEBus, 2), 2927 VMSTATE_UINT32_V(retry_nsector, IDEBus, 2), 2928 VMSTATE_UINT8_V(retry_unit, IDEBus, 2), 2929 VMSTATE_END_OF_LIST() 2930 } 2931 }; 2932 2933 const VMStateDescription vmstate_ide_bus = { 2934 .name = "ide_bus", 2935 .version_id = 1, 2936 .minimum_version_id = 1, 2937 .fields = (VMStateField[]) { 2938 VMSTATE_UINT8(cmd, IDEBus), 2939 VMSTATE_UINT8(unit, IDEBus), 2940 VMSTATE_END_OF_LIST() 2941 }, 2942 .subsections = (const VMStateDescription*[]) { 2943 &vmstate_ide_error_status, 2944 NULL 2945 } 2946 }; 2947 2948 void ide_drive_get(DriveInfo **hd, int n) 2949 { 2950 int i; 2951 2952 for (i = 0; i < n; i++) { 2953 hd[i] = drive_get_by_index(IF_IDE, i); 2954 } 2955 } 2956