1 /* 2 * QEMU IDE disk and CD/DVD-ROM Emulator 3 * 4 * Copyright (c) 2003 Fabrice Bellard 5 * Copyright (c) 2006 Openedhand Ltd. 6 * 7 * Permission is hereby granted, free of charge, to any person obtaining a copy 8 * of this software and associated documentation files (the "Software"), to deal 9 * in the Software without restriction, including without limitation the rights 10 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 11 * copies of the Software, and to permit persons to whom the Software is 12 * furnished to do so, subject to the following conditions: 13 * 14 * The above copyright notice and this permission notice shall be included in 15 * all copies or substantial portions of the Software. 16 * 17 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 18 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 19 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL 20 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 21 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 22 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 23 * THE SOFTWARE. 24 */ 25 26 #include "qemu/osdep.h" 27 #include "hw/irq.h" 28 #include "hw/isa/isa.h" 29 #include "migration/vmstate.h" 30 #include "qemu/error-report.h" 31 #include "qemu/main-loop.h" 32 #include "qemu/timer.h" 33 #include "qemu/hw-version.h" 34 #include "qemu/memalign.h" 35 #include "system/system.h" 36 #include "system/blockdev.h" 37 #include "system/dma.h" 38 #include "hw/block/block.h" 39 #include "system/block-backend.h" 40 #include "qapi/error.h" 41 #include "qemu/cutils.h" 42 #include "system/replay.h" 43 #include "system/runstate.h" 44 #include "ide-internal.h" 45 #include "trace.h" 46 47 /* These values were based on a Seagate ST3500418AS but have been modified 48 to make more sense in QEMU */ 49 static const int smart_attributes[][12] = { 50 /* id, flags, hflags, val, wrst, raw (6 bytes), threshold */ 51 /* raw read error rate*/ 52 { 0x01, 0x03, 0x00, 0x64, 0x64, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x06}, 53 /* spin up */ 54 { 0x03, 0x03, 0x00, 0x64, 0x64, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, 55 /* start stop count */ 56 { 0x04, 0x02, 0x00, 0x64, 0x64, 0x64, 0x00, 0x00, 0x00, 0x00, 0x00, 0x14}, 57 /* remapped sectors */ 58 { 0x05, 0x03, 0x00, 0x64, 0x64, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x24}, 59 /* power on hours */ 60 { 0x09, 0x03, 0x00, 0x64, 0x64, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, 61 /* power cycle count */ 62 { 0x0c, 0x03, 0x00, 0x64, 0x64, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, 63 /* airflow-temperature-celsius */ 64 { 190, 0x03, 0x00, 0x45, 0x45, 0x1f, 0x00, 0x1f, 0x1f, 0x00, 0x00, 0x32}, 65 }; 66 67 const char *IDE_DMA_CMD_lookup[IDE_DMA__COUNT] = { 68 [IDE_DMA_READ] = "DMA READ", 69 [IDE_DMA_WRITE] = "DMA WRITE", 70 [IDE_DMA_TRIM] = "DMA TRIM", 71 [IDE_DMA_ATAPI] = "DMA ATAPI" 72 }; 73 74 static const char *IDE_DMA_CMD_str(enum ide_dma_cmd enval) 75 { 76 if ((unsigned)enval < IDE_DMA__COUNT) { 77 return IDE_DMA_CMD_lookup[enval]; 78 } 79 return "DMA UNKNOWN CMD"; 80 } 81 82 static void ide_dummy_transfer_stop(IDEState *s); 83 84 const MemoryRegionPortio ide_portio_list[] = { 85 { 0, 8, 1, .read = ide_ioport_read, .write = ide_ioport_write }, 86 { 0, 1, 2, .read = ide_data_readw, .write = ide_data_writew }, 87 { 0, 1, 4, .read = ide_data_readl, .write = ide_data_writel }, 88 PORTIO_END_OF_LIST(), 89 }; 90 91 const MemoryRegionPortio ide_portio2_list[] = { 92 { 0, 1, 1, .read = ide_status_read, .write = ide_ctrl_write }, 93 PORTIO_END_OF_LIST(), 94 }; 95 96 static void padstr(char *str, const char *src, int len) 97 { 98 int i, v; 99 for(i = 0; i < len; i++) { 100 if (*src) 101 v = *src++; 102 else 103 v = ' '; 104 str[i^1] = v; 105 } 106 } 107 108 static void put_le16(uint16_t *p, unsigned int v) 109 { 110 *p = cpu_to_le16(v); 111 } 112 113 static void ide_identify_size(IDEState *s) 114 { 115 uint16_t *p = (uint16_t *)s->identify_data; 116 int64_t nb_sectors_lba28 = s->nb_sectors; 117 if (nb_sectors_lba28 >= 1 << 28) { 118 nb_sectors_lba28 = (1 << 28) - 1; 119 } 120 put_le16(p + 60, nb_sectors_lba28); 121 put_le16(p + 61, nb_sectors_lba28 >> 16); 122 put_le16(p + 100, s->nb_sectors); 123 put_le16(p + 101, s->nb_sectors >> 16); 124 put_le16(p + 102, s->nb_sectors >> 32); 125 put_le16(p + 103, s->nb_sectors >> 48); 126 } 127 128 static void ide_identify(IDEState *s) 129 { 130 uint16_t *p; 131 unsigned int oldsize; 132 IDEDevice *dev = s->unit ? s->bus->slave : s->bus->master; 133 134 p = (uint16_t *)s->identify_data; 135 if (s->identify_set) { 136 goto fill_buffer; 137 } 138 memset(p, 0, sizeof(s->identify_data)); 139 140 put_le16(p + 0, 0x0040); 141 put_le16(p + 1, s->cylinders); 142 put_le16(p + 3, s->heads); 143 put_le16(p + 4, 512 * s->sectors); /* XXX: retired, remove ? */ 144 put_le16(p + 5, 512); /* XXX: retired, remove ? */ 145 put_le16(p + 6, s->sectors); 146 padstr((char *)(p + 10), s->drive_serial_str, 20); /* serial number */ 147 put_le16(p + 20, 3); /* XXX: retired, remove ? */ 148 put_le16(p + 21, 512); /* cache size in sectors */ 149 put_le16(p + 22, 4); /* ecc bytes */ 150 padstr((char *)(p + 23), s->version, 8); /* firmware version */ 151 padstr((char *)(p + 27), s->drive_model_str, 40); /* model */ 152 #if MAX_MULT_SECTORS > 1 153 put_le16(p + 47, 0x8000 | MAX_MULT_SECTORS); 154 #endif 155 put_le16(p + 48, 1); /* dword I/O */ 156 put_le16(p + 49, (1 << 11) | (1 << 9) | (1 << 8)); /* DMA and LBA supported */ 157 put_le16(p + 51, 0x200); /* PIO transfer cycle */ 158 put_le16(p + 52, 0x200); /* DMA transfer cycle */ 159 put_le16(p + 53, 1 | (1 << 1) | (1 << 2)); /* words 54-58,64-70,88 are valid */ 160 put_le16(p + 54, s->cylinders); 161 put_le16(p + 55, s->heads); 162 put_le16(p + 56, s->sectors); 163 oldsize = s->cylinders * s->heads * s->sectors; 164 put_le16(p + 57, oldsize); 165 put_le16(p + 58, oldsize >> 16); 166 if (s->mult_sectors) 167 put_le16(p + 59, 0x100 | s->mult_sectors); 168 /* *(p + 60) := nb_sectors -- see ide_identify_size */ 169 /* *(p + 61) := nb_sectors >> 16 -- see ide_identify_size */ 170 put_le16(p + 62, 0x07); /* single word dma0-2 supported */ 171 put_le16(p + 63, 0x07); /* mdma0-2 supported */ 172 put_le16(p + 64, 0x03); /* pio3-4 supported */ 173 put_le16(p + 65, 120); 174 put_le16(p + 66, 120); 175 put_le16(p + 67, 120); 176 put_le16(p + 68, 120); 177 if (dev && dev->conf.discard_granularity) { 178 put_le16(p + 69, (1 << 14)); /* determinate TRIM behavior */ 179 } 180 181 if (s->ncq_queues) { 182 put_le16(p + 75, s->ncq_queues - 1); 183 /* NCQ supported */ 184 put_le16(p + 76, (1 << 8)); 185 } 186 187 put_le16(p + 80, 0xf0); /* ata3 -> ata6 supported */ 188 put_le16(p + 81, 0x16); /* conforms to ata5 */ 189 /* 14=NOP supported, 5=WCACHE supported, 0=SMART supported */ 190 put_le16(p + 82, (1 << 14) | (1 << 5) | 1); 191 /* 13=flush_cache_ext,12=flush_cache,10=lba48 */ 192 put_le16(p + 83, (1 << 14) | (1 << 13) | (1 <<12) | (1 << 10)); 193 /* 14=set to 1, 8=has WWN, 1=SMART self test, 0=SMART error logging */ 194 if (s->wwn) { 195 put_le16(p + 84, (1 << 14) | (1 << 8) | 0); 196 } else { 197 put_le16(p + 84, (1 << 14) | 0); 198 } 199 /* 14 = NOP supported, 5=WCACHE enabled, 0=SMART feature set enabled */ 200 if (blk_enable_write_cache(s->blk)) { 201 put_le16(p + 85, (1 << 14) | (1 << 5) | 1); 202 } else { 203 put_le16(p + 85, (1 << 14) | 1); 204 } 205 /* 13=flush_cache_ext,12=flush_cache,10=lba48 */ 206 put_le16(p + 86, (1 << 13) | (1 <<12) | (1 << 10)); 207 /* 14=set to 1, 8=has WWN, 1=SMART self test, 0=SMART error logging */ 208 if (s->wwn) { 209 put_le16(p + 87, (1 << 14) | (1 << 8) | 0); 210 } else { 211 put_le16(p + 87, (1 << 14) | 0); 212 } 213 put_le16(p + 88, 0x3f | (1 << 13)); /* udma5 set and supported */ 214 put_le16(p + 93, 1 | (1 << 14) | 0x2000); 215 /* *(p + 100) := nb_sectors -- see ide_identify_size */ 216 /* *(p + 101) := nb_sectors >> 16 -- see ide_identify_size */ 217 /* *(p + 102) := nb_sectors >> 32 -- see ide_identify_size */ 218 /* *(p + 103) := nb_sectors >> 48 -- see ide_identify_size */ 219 220 if (dev && dev->conf.physical_block_size) 221 put_le16(p + 106, 0x6000 | get_physical_block_exp(&dev->conf)); 222 if (s->wwn) { 223 /* LE 16-bit words 111-108 contain 64-bit World Wide Name */ 224 put_le16(p + 108, s->wwn >> 48); 225 put_le16(p + 109, s->wwn >> 32); 226 put_le16(p + 110, s->wwn >> 16); 227 put_le16(p + 111, s->wwn); 228 } 229 if (dev && dev->conf.discard_granularity) { 230 put_le16(p + 169, 1); /* TRIM support */ 231 } 232 if (dev) { 233 put_le16(p + 217, dev->rotation_rate); /* Nominal media rotation rate */ 234 } 235 236 ide_identify_size(s); 237 s->identify_set = 1; 238 239 fill_buffer: 240 memcpy(s->io_buffer, p, sizeof(s->identify_data)); 241 } 242 243 static void ide_atapi_identify(IDEState *s) 244 { 245 uint16_t *p; 246 247 p = (uint16_t *)s->identify_data; 248 if (s->identify_set) { 249 goto fill_buffer; 250 } 251 memset(p, 0, sizeof(s->identify_data)); 252 253 /* Removable CDROM, 50us response, 12 byte packets */ 254 put_le16(p + 0, (2 << 14) | (5 << 8) | (1 << 7) | (2 << 5) | (0 << 0)); 255 padstr((char *)(p + 10), s->drive_serial_str, 20); /* serial number */ 256 put_le16(p + 20, 3); /* buffer type */ 257 put_le16(p + 21, 512); /* cache size in sectors */ 258 put_le16(p + 22, 4); /* ecc bytes */ 259 padstr((char *)(p + 23), s->version, 8); /* firmware version */ 260 padstr((char *)(p + 27), s->drive_model_str, 40); /* model */ 261 put_le16(p + 48, 1); /* dword I/O (XXX: should not be set on CDROM) */ 262 #ifdef USE_DMA_CDROM 263 put_le16(p + 49, 1 << 9 | 1 << 8); /* DMA and LBA supported */ 264 put_le16(p + 53, 7); /* words 64-70, 54-58, 88 valid */ 265 put_le16(p + 62, 7); /* single word dma0-2 supported */ 266 put_le16(p + 63, 7); /* mdma0-2 supported */ 267 #else 268 put_le16(p + 49, 1 << 9); /* LBA supported, no DMA */ 269 put_le16(p + 53, 3); /* words 64-70, 54-58 valid */ 270 put_le16(p + 63, 0x103); /* DMA modes XXX: may be incorrect */ 271 #endif 272 put_le16(p + 64, 3); /* pio3-4 supported */ 273 put_le16(p + 65, 0xb4); /* minimum DMA multiword tx cycle time */ 274 put_le16(p + 66, 0xb4); /* recommended DMA multiword tx cycle time */ 275 put_le16(p + 67, 0x12c); /* minimum PIO cycle time without flow control */ 276 put_le16(p + 68, 0xb4); /* minimum PIO cycle time with IORDY flow control */ 277 278 put_le16(p + 71, 30); /* in ns */ 279 put_le16(p + 72, 30); /* in ns */ 280 281 if (s->ncq_queues) { 282 put_le16(p + 75, s->ncq_queues - 1); 283 /* NCQ supported */ 284 put_le16(p + 76, (1 << 8)); 285 } 286 287 put_le16(p + 80, 0x1e); /* support up to ATA/ATAPI-4 */ 288 if (s->wwn) { 289 put_le16(p + 84, (1 << 8)); /* supports WWN for words 108-111 */ 290 put_le16(p + 87, (1 << 8)); /* WWN enabled */ 291 } 292 293 #ifdef USE_DMA_CDROM 294 put_le16(p + 88, 0x3f | (1 << 13)); /* udma5 set and supported */ 295 #endif 296 297 if (s->wwn) { 298 /* LE 16-bit words 111-108 contain 64-bit World Wide Name */ 299 put_le16(p + 108, s->wwn >> 48); 300 put_le16(p + 109, s->wwn >> 32); 301 put_le16(p + 110, s->wwn >> 16); 302 put_le16(p + 111, s->wwn); 303 } 304 305 s->identify_set = 1; 306 307 fill_buffer: 308 memcpy(s->io_buffer, p, sizeof(s->identify_data)); 309 } 310 311 static void ide_cfata_identify_size(IDEState *s) 312 { 313 uint16_t *p = (uint16_t *)s->identify_data; 314 put_le16(p + 7, s->nb_sectors >> 16); /* Sectors per card */ 315 put_le16(p + 8, s->nb_sectors); /* Sectors per card */ 316 put_le16(p + 60, s->nb_sectors); /* Total LBA sectors */ 317 put_le16(p + 61, s->nb_sectors >> 16); /* Total LBA sectors */ 318 } 319 320 static void ide_cfata_identify(IDEState *s) 321 { 322 uint16_t *p; 323 uint32_t cur_sec; 324 325 p = (uint16_t *)s->identify_data; 326 if (s->identify_set) { 327 goto fill_buffer; 328 } 329 memset(p, 0, sizeof(s->identify_data)); 330 331 cur_sec = s->cylinders * s->heads * s->sectors; 332 333 put_le16(p + 0, 0x848a); /* CF Storage Card signature */ 334 put_le16(p + 1, s->cylinders); /* Default cylinders */ 335 put_le16(p + 3, s->heads); /* Default heads */ 336 put_le16(p + 6, s->sectors); /* Default sectors per track */ 337 /* *(p + 7) := nb_sectors >> 16 -- see ide_cfata_identify_size */ 338 /* *(p + 8) := nb_sectors -- see ide_cfata_identify_size */ 339 padstr((char *)(p + 10), s->drive_serial_str, 20); /* serial number */ 340 put_le16(p + 22, 0x0004); /* ECC bytes */ 341 padstr((char *) (p + 23), s->version, 8); /* Firmware Revision */ 342 padstr((char *) (p + 27), s->drive_model_str, 40);/* Model number */ 343 #if MAX_MULT_SECTORS > 1 344 put_le16(p + 47, 0x8000 | MAX_MULT_SECTORS); 345 #else 346 put_le16(p + 47, 0x0000); 347 #endif 348 put_le16(p + 49, 0x0f00); /* Capabilities */ 349 put_le16(p + 51, 0x0002); /* PIO cycle timing mode */ 350 put_le16(p + 52, 0x0001); /* DMA cycle timing mode */ 351 put_le16(p + 53, 0x0003); /* Translation params valid */ 352 put_le16(p + 54, s->cylinders); /* Current cylinders */ 353 put_le16(p + 55, s->heads); /* Current heads */ 354 put_le16(p + 56, s->sectors); /* Current sectors */ 355 put_le16(p + 57, cur_sec); /* Current capacity */ 356 put_le16(p + 58, cur_sec >> 16); /* Current capacity */ 357 if (s->mult_sectors) /* Multiple sector setting */ 358 put_le16(p + 59, 0x100 | s->mult_sectors); 359 /* *(p + 60) := nb_sectors -- see ide_cfata_identify_size */ 360 /* *(p + 61) := nb_sectors >> 16 -- see ide_cfata_identify_size */ 361 put_le16(p + 63, 0x0203); /* Multiword DMA capability */ 362 put_le16(p + 64, 0x0001); /* Flow Control PIO support */ 363 put_le16(p + 65, 0x0096); /* Min. Multiword DMA cycle */ 364 put_le16(p + 66, 0x0096); /* Rec. Multiword DMA cycle */ 365 put_le16(p + 68, 0x00b4); /* Min. PIO cycle time */ 366 put_le16(p + 82, 0x400c); /* Command Set supported */ 367 put_le16(p + 83, 0x7068); /* Command Set supported */ 368 put_le16(p + 84, 0x4000); /* Features supported */ 369 put_le16(p + 85, 0x000c); /* Command Set enabled */ 370 put_le16(p + 86, 0x7044); /* Command Set enabled */ 371 put_le16(p + 87, 0x4000); /* Features enabled */ 372 put_le16(p + 91, 0x4060); /* Current APM level */ 373 put_le16(p + 129, 0x0002); /* Current features option */ 374 put_le16(p + 130, 0x0005); /* Reassigned sectors */ 375 put_le16(p + 131, 0x0001); /* Initial power mode */ 376 put_le16(p + 132, 0x0000); /* User signature */ 377 put_le16(p + 160, 0x8100); /* Power requirement */ 378 put_le16(p + 161, 0x8001); /* CF command set */ 379 380 ide_cfata_identify_size(s); 381 s->identify_set = 1; 382 383 fill_buffer: 384 memcpy(s->io_buffer, p, sizeof(s->identify_data)); 385 } 386 387 static void ide_set_signature(IDEState *s) 388 { 389 s->select &= ~(ATA_DEV_HS); /* clear head */ 390 /* put signature */ 391 s->nsector = 1; 392 s->sector = 1; 393 if (s->drive_kind == IDE_CD) { 394 s->lcyl = 0x14; 395 s->hcyl = 0xeb; 396 } else if (s->blk) { 397 s->lcyl = 0; 398 s->hcyl = 0; 399 } else { 400 s->lcyl = 0xff; 401 s->hcyl = 0xff; 402 } 403 } 404 405 static bool ide_sect_range_ok(IDEState *s, 406 uint64_t sector, uint64_t nb_sectors) 407 { 408 uint64_t total_sectors; 409 410 blk_get_geometry(s->blk, &total_sectors); 411 if (sector > total_sectors || nb_sectors > total_sectors - sector) { 412 return false; 413 } 414 return true; 415 } 416 417 typedef struct TrimAIOCB { 418 BlockAIOCB common; 419 IDEState *s; 420 QEMUBH *bh; 421 int ret; 422 QEMUIOVector *qiov; 423 BlockAIOCB *aiocb; 424 int i, j; 425 } TrimAIOCB; 426 427 static void trim_aio_cancel(BlockAIOCB *acb) 428 { 429 TrimAIOCB *iocb = container_of(acb, TrimAIOCB, common); 430 431 /* Exit the loop so ide_issue_trim_cb will not continue */ 432 iocb->j = iocb->qiov->niov - 1; 433 iocb->i = (iocb->qiov->iov[iocb->j].iov_len / 8) - 1; 434 435 iocb->ret = -ECANCELED; 436 437 if (iocb->aiocb) { 438 blk_aio_cancel_async(iocb->aiocb); 439 iocb->aiocb = NULL; 440 } 441 } 442 443 static const AIOCBInfo trim_aiocb_info = { 444 .aiocb_size = sizeof(TrimAIOCB), 445 .cancel_async = trim_aio_cancel, 446 }; 447 448 static void ide_trim_bh_cb(void *opaque) 449 { 450 TrimAIOCB *iocb = opaque; 451 BlockBackend *blk = iocb->s->blk; 452 453 iocb->common.cb(iocb->common.opaque, iocb->ret); 454 455 qemu_bh_delete(iocb->bh); 456 iocb->bh = NULL; 457 qemu_aio_unref(iocb); 458 459 /* Paired with an increment in ide_issue_trim() */ 460 blk_dec_in_flight(blk); 461 } 462 463 static void ide_issue_trim_cb(void *opaque, int ret) 464 { 465 TrimAIOCB *iocb = opaque; 466 IDEState *s = iocb->s; 467 468 if (iocb->i >= 0) { 469 if (ret >= 0) { 470 block_acct_done(blk_get_stats(s->blk), &s->acct); 471 } else { 472 block_acct_failed(blk_get_stats(s->blk), &s->acct); 473 } 474 } 475 476 if (ret >= 0) { 477 while (iocb->j < iocb->qiov->niov) { 478 int j = iocb->j; 479 while (++iocb->i < iocb->qiov->iov[j].iov_len / 8) { 480 int i = iocb->i; 481 uint64_t *buffer = iocb->qiov->iov[j].iov_base; 482 483 /* 6-byte LBA + 2-byte range per entry */ 484 uint64_t entry = le64_to_cpu(buffer[i]); 485 uint64_t sector = entry & 0x0000ffffffffffffULL; 486 uint16_t count = entry >> 48; 487 488 if (count == 0) { 489 continue; 490 } 491 492 if (!ide_sect_range_ok(s, sector, count)) { 493 block_acct_invalid(blk_get_stats(s->blk), BLOCK_ACCT_UNMAP); 494 iocb->ret = -EINVAL; 495 goto done; 496 } 497 498 block_acct_start(blk_get_stats(s->blk), &s->acct, 499 count << BDRV_SECTOR_BITS, BLOCK_ACCT_UNMAP); 500 501 /* Got an entry! Submit and exit. */ 502 iocb->aiocb = blk_aio_pdiscard(s->blk, 503 sector << BDRV_SECTOR_BITS, 504 count << BDRV_SECTOR_BITS, 505 ide_issue_trim_cb, opaque); 506 return; 507 } 508 509 iocb->j++; 510 iocb->i = -1; 511 } 512 } else { 513 iocb->ret = ret; 514 } 515 516 done: 517 iocb->aiocb = NULL; 518 if (iocb->bh) { 519 replay_bh_schedule_event(iocb->bh); 520 } 521 } 522 523 BlockAIOCB *ide_issue_trim( 524 int64_t offset, QEMUIOVector *qiov, 525 BlockCompletionFunc *cb, void *cb_opaque, void *opaque) 526 { 527 IDEState *s = opaque; 528 IDEDevice *dev = s->unit ? s->bus->slave : s->bus->master; 529 TrimAIOCB *iocb; 530 531 /* Paired with a decrement in ide_trim_bh_cb() */ 532 blk_inc_in_flight(s->blk); 533 534 iocb = blk_aio_get(&trim_aiocb_info, s->blk, cb, cb_opaque); 535 iocb->s = s; 536 iocb->bh = qemu_bh_new_guarded(ide_trim_bh_cb, iocb, 537 &DEVICE(dev)->mem_reentrancy_guard); 538 iocb->ret = 0; 539 iocb->qiov = qiov; 540 iocb->i = -1; 541 iocb->j = 0; 542 ide_issue_trim_cb(iocb, 0); 543 return &iocb->common; 544 } 545 546 void ide_abort_command(IDEState *s) 547 { 548 s->status = READY_STAT | ERR_STAT; 549 s->error = ABRT_ERR; 550 ide_transfer_stop(s); 551 } 552 553 static void ide_set_retry(IDEState *s) 554 { 555 s->bus->retry_unit = s->unit; 556 s->bus->retry_sector_num = ide_get_sector(s); 557 s->bus->retry_nsector = s->nsector; 558 } 559 560 static void ide_clear_retry(IDEState *s) 561 { 562 s->bus->retry_unit = -1; 563 s->bus->retry_sector_num = 0; 564 s->bus->retry_nsector = 0; 565 } 566 567 /* prepare data transfer and tell what to do after */ 568 bool ide_transfer_start_norecurse(IDEState *s, uint8_t *buf, int size, 569 EndTransferFunc *end_transfer_func) 570 { 571 s->data_ptr = buf; 572 s->data_end = buf + size; 573 ide_set_retry(s); 574 if (!(s->status & ERR_STAT)) { 575 s->status |= DRQ_STAT; 576 } 577 if (!s->bus->dma->ops->pio_transfer) { 578 s->end_transfer_func = end_transfer_func; 579 return false; 580 } 581 s->bus->dma->ops->pio_transfer(s->bus->dma); 582 return true; 583 } 584 585 void ide_transfer_start(IDEState *s, uint8_t *buf, int size, 586 EndTransferFunc *end_transfer_func) 587 { 588 if (ide_transfer_start_norecurse(s, buf, size, end_transfer_func)) { 589 end_transfer_func(s); 590 } 591 } 592 593 static void ide_cmd_done(IDEState *s) 594 { 595 if (s->bus->dma->ops->cmd_done) { 596 s->bus->dma->ops->cmd_done(s->bus->dma); 597 } 598 } 599 600 static void ide_transfer_halt(IDEState *s) 601 { 602 s->end_transfer_func = ide_transfer_stop; 603 s->data_ptr = s->io_buffer; 604 s->data_end = s->io_buffer; 605 s->status &= ~DRQ_STAT; 606 } 607 608 void ide_transfer_stop(IDEState *s) 609 { 610 ide_transfer_halt(s); 611 ide_cmd_done(s); 612 } 613 614 int64_t ide_get_sector(IDEState *s) 615 { 616 int64_t sector_num; 617 if (s->select & (ATA_DEV_LBA)) { 618 if (s->lba48) { 619 sector_num = ((int64_t)s->hob_hcyl << 40) | 620 ((int64_t) s->hob_lcyl << 32) | 621 ((int64_t) s->hob_sector << 24) | 622 ((int64_t) s->hcyl << 16) | 623 ((int64_t) s->lcyl << 8) | s->sector; 624 } else { 625 /* LBA28 */ 626 sector_num = ((s->select & (ATA_DEV_LBA_MSB)) << 24) | 627 (s->hcyl << 16) | (s->lcyl << 8) | s->sector; 628 } 629 } else { 630 /* CHS */ 631 sector_num = ((s->hcyl << 8) | s->lcyl) * s->heads * s->sectors + 632 (s->select & (ATA_DEV_HS)) * s->sectors + (s->sector - 1); 633 } 634 635 return sector_num; 636 } 637 638 void ide_set_sector(IDEState *s, int64_t sector_num) 639 { 640 unsigned int cyl, r; 641 if (s->select & (ATA_DEV_LBA)) { 642 if (s->lba48) { 643 s->sector = sector_num; 644 s->lcyl = sector_num >> 8; 645 s->hcyl = sector_num >> 16; 646 s->hob_sector = sector_num >> 24; 647 s->hob_lcyl = sector_num >> 32; 648 s->hob_hcyl = sector_num >> 40; 649 } else { 650 /* LBA28 */ 651 s->select = (s->select & ~(ATA_DEV_LBA_MSB)) | 652 ((sector_num >> 24) & (ATA_DEV_LBA_MSB)); 653 s->hcyl = (sector_num >> 16); 654 s->lcyl = (sector_num >> 8); 655 s->sector = (sector_num); 656 } 657 } else { 658 /* CHS */ 659 cyl = sector_num / (s->heads * s->sectors); 660 r = sector_num % (s->heads * s->sectors); 661 s->hcyl = cyl >> 8; 662 s->lcyl = cyl; 663 s->select = (s->select & ~(ATA_DEV_HS)) | 664 ((r / s->sectors) & (ATA_DEV_HS)); 665 s->sector = (r % s->sectors) + 1; 666 } 667 } 668 669 static void ide_rw_error(IDEState *s) { 670 ide_abort_command(s); 671 ide_bus_set_irq(s->bus); 672 } 673 674 static void ide_buffered_readv_cb(void *opaque, int ret) 675 { 676 IDEBufferedRequest *req = opaque; 677 if (!req->orphaned) { 678 if (!ret) { 679 assert(req->qiov.size == req->original_qiov->size); 680 qemu_iovec_from_buf(req->original_qiov, 0, 681 req->qiov.local_iov.iov_base, 682 req->original_qiov->size); 683 } 684 req->original_cb(req->original_opaque, ret); 685 } 686 QLIST_REMOVE(req, list); 687 qemu_vfree(qemu_iovec_buf(&req->qiov)); 688 g_free(req); 689 } 690 691 #define MAX_BUFFERED_REQS 16 692 693 BlockAIOCB *ide_buffered_readv(IDEState *s, int64_t sector_num, 694 QEMUIOVector *iov, int nb_sectors, 695 BlockCompletionFunc *cb, void *opaque) 696 { 697 BlockAIOCB *aioreq; 698 IDEBufferedRequest *req; 699 int c = 0; 700 701 QLIST_FOREACH(req, &s->buffered_requests, list) { 702 c++; 703 } 704 if (c > MAX_BUFFERED_REQS) { 705 return blk_abort_aio_request(s->blk, cb, opaque, -EIO); 706 } 707 708 req = g_new0(IDEBufferedRequest, 1); 709 req->original_qiov = iov; 710 req->original_cb = cb; 711 req->original_opaque = opaque; 712 qemu_iovec_init_buf(&req->qiov, blk_blockalign(s->blk, iov->size), 713 iov->size); 714 715 aioreq = blk_aio_preadv(s->blk, sector_num << BDRV_SECTOR_BITS, 716 &req->qiov, 0, ide_buffered_readv_cb, req); 717 718 QLIST_INSERT_HEAD(&s->buffered_requests, req, list); 719 return aioreq; 720 } 721 722 /** 723 * Cancel all pending DMA requests. 724 * Any buffered DMA requests are instantly canceled, 725 * but any pending unbuffered DMA requests must be waited on. 726 */ 727 void ide_cancel_dma_sync(IDEState *s) 728 { 729 IDEBufferedRequest *req; 730 731 /* First invoke the callbacks of all buffered requests 732 * and flag those requests as orphaned. Ideally there 733 * are no unbuffered (Scatter Gather DMA Requests or 734 * write requests) pending and we can avoid to drain. */ 735 QLIST_FOREACH(req, &s->buffered_requests, list) { 736 if (!req->orphaned) { 737 trace_ide_cancel_dma_sync_buffered(req->original_cb, req); 738 req->original_cb(req->original_opaque, -ECANCELED); 739 } 740 req->orphaned = true; 741 } 742 743 /* 744 * We can't cancel Scatter Gather DMA in the middle of the 745 * operation or a partial (not full) DMA transfer would reach 746 * the storage so we wait for completion instead (we behave 747 * like if the DMA was completed by the time the guest trying 748 * to cancel dma with bmdma_cmd_writeb with BM_CMD_START not 749 * set). 750 * 751 * In the future we'll be able to safely cancel the I/O if the 752 * whole DMA operation will be submitted to disk with a single 753 * aio operation with preadv/pwritev. 754 */ 755 if (s->bus->dma->aiocb) { 756 trace_ide_cancel_dma_sync_remaining(); 757 blk_drain(s->blk); 758 assert(s->bus->dma->aiocb == NULL); 759 } 760 } 761 762 static void ide_sector_read(IDEState *s); 763 764 static void ide_sector_read_cb(void *opaque, int ret) 765 { 766 IDEState *s = opaque; 767 int n; 768 769 s->pio_aiocb = NULL; 770 s->status &= ~BUSY_STAT; 771 772 if (ret != 0) { 773 if (ide_handle_rw_error(s, -ret, IDE_RETRY_PIO | 774 IDE_RETRY_READ)) { 775 return; 776 } 777 } 778 779 block_acct_done(blk_get_stats(s->blk), &s->acct); 780 781 n = s->nsector; 782 if (n > s->req_nb_sectors) { 783 n = s->req_nb_sectors; 784 } 785 786 ide_set_sector(s, ide_get_sector(s) + n); 787 s->nsector -= n; 788 /* Allow the guest to read the io_buffer */ 789 ide_transfer_start(s, s->io_buffer, n * BDRV_SECTOR_SIZE, ide_sector_read); 790 ide_bus_set_irq(s->bus); 791 } 792 793 static void ide_sector_read(IDEState *s) 794 { 795 int64_t sector_num; 796 int n; 797 798 s->status = READY_STAT | SEEK_STAT; 799 s->error = 0; /* not needed by IDE spec, but needed by Windows */ 800 sector_num = ide_get_sector(s); 801 n = s->nsector; 802 803 if (n == 0) { 804 ide_transfer_stop(s); 805 return; 806 } 807 808 s->status |= BUSY_STAT; 809 810 if (n > s->req_nb_sectors) { 811 n = s->req_nb_sectors; 812 } 813 814 trace_ide_sector_read(sector_num, n); 815 816 if (!ide_sect_range_ok(s, sector_num, n)) { 817 ide_rw_error(s); 818 block_acct_invalid(blk_get_stats(s->blk), BLOCK_ACCT_READ); 819 return; 820 } 821 822 qemu_iovec_init_buf(&s->qiov, s->io_buffer, n * BDRV_SECTOR_SIZE); 823 824 block_acct_start(blk_get_stats(s->blk), &s->acct, 825 n * BDRV_SECTOR_SIZE, BLOCK_ACCT_READ); 826 s->pio_aiocb = ide_buffered_readv(s, sector_num, &s->qiov, n, 827 ide_sector_read_cb, s); 828 } 829 830 void dma_buf_commit(IDEState *s, uint32_t tx_bytes) 831 { 832 if (s->bus->dma->ops->commit_buf) { 833 s->bus->dma->ops->commit_buf(s->bus->dma, tx_bytes); 834 } 835 s->io_buffer_offset += tx_bytes; 836 qemu_sglist_destroy(&s->sg); 837 } 838 839 void ide_set_inactive(IDEState *s, bool more) 840 { 841 s->bus->dma->aiocb = NULL; 842 ide_clear_retry(s); 843 if (s->bus->dma->ops->set_inactive) { 844 s->bus->dma->ops->set_inactive(s->bus->dma, more); 845 } 846 ide_cmd_done(s); 847 } 848 849 void ide_dma_error(IDEState *s) 850 { 851 dma_buf_commit(s, 0); 852 ide_abort_command(s); 853 ide_set_inactive(s, false); 854 ide_bus_set_irq(s->bus); 855 } 856 857 int ide_handle_rw_error(IDEState *s, int error, int op) 858 { 859 bool is_read = (op & IDE_RETRY_READ) != 0; 860 BlockErrorAction action = blk_get_error_action(s->blk, is_read, error); 861 862 if (action == BLOCK_ERROR_ACTION_STOP) { 863 assert(s->bus->retry_unit == s->unit); 864 s->bus->error_status = op; 865 } else if (action == BLOCK_ERROR_ACTION_REPORT) { 866 block_acct_failed(blk_get_stats(s->blk), &s->acct); 867 if (IS_IDE_RETRY_DMA(op)) { 868 ide_dma_error(s); 869 } else if (IS_IDE_RETRY_ATAPI(op)) { 870 ide_atapi_io_error(s, -error); 871 } else { 872 ide_rw_error(s); 873 } 874 } 875 blk_error_action(s->blk, action, is_read, error); 876 return action != BLOCK_ERROR_ACTION_IGNORE; 877 } 878 879 static void ide_dma_cb(void *opaque, int ret) 880 { 881 IDEState *s = opaque; 882 int n; 883 int64_t sector_num; 884 uint64_t offset; 885 bool stay_active = false; 886 int32_t prep_size = 0; 887 888 if (ret == -EINVAL) { 889 ide_dma_error(s); 890 return; 891 } 892 893 if (ret < 0) { 894 if (ide_handle_rw_error(s, -ret, ide_dma_cmd_to_retry(s->dma_cmd))) { 895 s->bus->dma->aiocb = NULL; 896 dma_buf_commit(s, 0); 897 return; 898 } 899 } 900 901 if (s->io_buffer_size > s->nsector * 512) { 902 /* 903 * The PRDs were longer than needed for this request. 904 * The Active bit must remain set after the request completes. 905 */ 906 n = s->nsector; 907 stay_active = true; 908 } else { 909 n = s->io_buffer_size >> 9; 910 } 911 912 sector_num = ide_get_sector(s); 913 if (n > 0) { 914 assert(n * 512 == s->sg.size); 915 dma_buf_commit(s, s->sg.size); 916 sector_num += n; 917 ide_set_sector(s, sector_num); 918 s->nsector -= n; 919 } 920 921 /* end of transfer ? */ 922 if (s->nsector == 0) { 923 s->status = READY_STAT | SEEK_STAT; 924 ide_bus_set_irq(s->bus); 925 goto eot; 926 } 927 928 /* launch next transfer */ 929 n = s->nsector; 930 s->io_buffer_index = 0; 931 s->io_buffer_size = n * 512; 932 prep_size = s->bus->dma->ops->prepare_buf(s->bus->dma, s->io_buffer_size); 933 /* prepare_buf() must succeed and respect the limit */ 934 assert(prep_size >= 0 && prep_size <= n * 512); 935 936 /* 937 * Now prep_size stores the number of bytes in the sglist, and 938 * s->io_buffer_size stores the number of bytes described by the PRDs. 939 */ 940 941 if (prep_size < n * 512) { 942 /* 943 * The PRDs are too short for this request. Error condition! 944 * Reset the Active bit and don't raise the interrupt. 945 */ 946 s->status = READY_STAT | SEEK_STAT; 947 dma_buf_commit(s, 0); 948 goto eot; 949 } 950 951 trace_ide_dma_cb(s, sector_num, n, IDE_DMA_CMD_str(s->dma_cmd)); 952 953 if ((s->dma_cmd == IDE_DMA_READ || s->dma_cmd == IDE_DMA_WRITE) && 954 !ide_sect_range_ok(s, sector_num, n)) { 955 ide_dma_error(s); 956 block_acct_invalid(blk_get_stats(s->blk), s->acct.type); 957 return; 958 } 959 960 offset = sector_num << BDRV_SECTOR_BITS; 961 switch (s->dma_cmd) { 962 case IDE_DMA_READ: 963 s->bus->dma->aiocb = dma_blk_read(s->blk, &s->sg, offset, 964 BDRV_SECTOR_SIZE, ide_dma_cb, s); 965 break; 966 case IDE_DMA_WRITE: 967 s->bus->dma->aiocb = dma_blk_write(s->blk, &s->sg, offset, 968 BDRV_SECTOR_SIZE, ide_dma_cb, s); 969 break; 970 case IDE_DMA_TRIM: 971 s->bus->dma->aiocb = dma_blk_io(&s->sg, offset, BDRV_SECTOR_SIZE, 972 ide_issue_trim, s, ide_dma_cb, s, 973 DMA_DIRECTION_TO_DEVICE); 974 break; 975 default: 976 abort(); 977 } 978 return; 979 980 eot: 981 if (s->dma_cmd == IDE_DMA_READ || s->dma_cmd == IDE_DMA_WRITE) { 982 block_acct_done(blk_get_stats(s->blk), &s->acct); 983 } 984 ide_set_inactive(s, stay_active); 985 } 986 987 static void ide_sector_start_dma(IDEState *s, enum ide_dma_cmd dma_cmd) 988 { 989 s->status = READY_STAT | SEEK_STAT | DRQ_STAT; 990 s->io_buffer_size = 0; 991 s->dma_cmd = dma_cmd; 992 993 switch (dma_cmd) { 994 case IDE_DMA_READ: 995 block_acct_start(blk_get_stats(s->blk), &s->acct, 996 s->nsector * BDRV_SECTOR_SIZE, BLOCK_ACCT_READ); 997 break; 998 case IDE_DMA_WRITE: 999 block_acct_start(blk_get_stats(s->blk), &s->acct, 1000 s->nsector * BDRV_SECTOR_SIZE, BLOCK_ACCT_WRITE); 1001 break; 1002 default: 1003 break; 1004 } 1005 1006 ide_start_dma(s, ide_dma_cb); 1007 } 1008 1009 void ide_start_dma(IDEState *s, BlockCompletionFunc *cb) 1010 { 1011 s->io_buffer_index = 0; 1012 ide_set_retry(s); 1013 if (s->bus->dma->ops->start_dma) { 1014 s->bus->dma->ops->start_dma(s->bus->dma, s, cb); 1015 } 1016 } 1017 1018 static void ide_sector_write(IDEState *s); 1019 1020 static void ide_sector_write_timer_cb(void *opaque) 1021 { 1022 IDEState *s = opaque; 1023 ide_bus_set_irq(s->bus); 1024 } 1025 1026 static void ide_sector_write_cb(void *opaque, int ret) 1027 { 1028 IDEState *s = opaque; 1029 int n; 1030 1031 s->pio_aiocb = NULL; 1032 s->status &= ~BUSY_STAT; 1033 1034 if (ret != 0) { 1035 if (ide_handle_rw_error(s, -ret, IDE_RETRY_PIO)) { 1036 return; 1037 } 1038 } 1039 1040 block_acct_done(blk_get_stats(s->blk), &s->acct); 1041 1042 n = s->nsector; 1043 if (n > s->req_nb_sectors) { 1044 n = s->req_nb_sectors; 1045 } 1046 s->nsector -= n; 1047 1048 ide_set_sector(s, ide_get_sector(s) + n); 1049 if (s->nsector == 0) { 1050 /* no more sectors to write */ 1051 ide_transfer_stop(s); 1052 } else { 1053 int n1 = s->nsector; 1054 if (n1 > s->req_nb_sectors) { 1055 n1 = s->req_nb_sectors; 1056 } 1057 ide_transfer_start(s, s->io_buffer, n1 * BDRV_SECTOR_SIZE, 1058 ide_sector_write); 1059 } 1060 1061 if (s->win2k_install_hack && ((++s->irq_count % 16) == 0)) { 1062 /* It seems there is a bug in the Windows 2000 installer HDD 1063 IDE driver which fills the disk with empty logs when the 1064 IDE write IRQ comes too early. This hack tries to correct 1065 that at the expense of slower write performances. Use this 1066 option _only_ to install Windows 2000. You must disable it 1067 for normal use. */ 1068 timer_mod(s->sector_write_timer, qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL) + 1069 (NANOSECONDS_PER_SECOND / 1000)); 1070 } else { 1071 ide_bus_set_irq(s->bus); 1072 } 1073 } 1074 1075 static void ide_sector_write(IDEState *s) 1076 { 1077 int64_t sector_num; 1078 int n; 1079 1080 s->status = READY_STAT | SEEK_STAT | BUSY_STAT; 1081 sector_num = ide_get_sector(s); 1082 1083 n = s->nsector; 1084 if (n > s->req_nb_sectors) { 1085 n = s->req_nb_sectors; 1086 } 1087 1088 trace_ide_sector_write(sector_num, n); 1089 1090 if (!ide_sect_range_ok(s, sector_num, n)) { 1091 ide_rw_error(s); 1092 block_acct_invalid(blk_get_stats(s->blk), BLOCK_ACCT_WRITE); 1093 return; 1094 } 1095 1096 qemu_iovec_init_buf(&s->qiov, s->io_buffer, n * BDRV_SECTOR_SIZE); 1097 1098 block_acct_start(blk_get_stats(s->blk), &s->acct, 1099 n * BDRV_SECTOR_SIZE, BLOCK_ACCT_WRITE); 1100 s->pio_aiocb = blk_aio_pwritev(s->blk, sector_num << BDRV_SECTOR_BITS, 1101 &s->qiov, 0, ide_sector_write_cb, s); 1102 } 1103 1104 static void ide_flush_cb(void *opaque, int ret) 1105 { 1106 IDEState *s = opaque; 1107 1108 s->pio_aiocb = NULL; 1109 1110 if (ret < 0) { 1111 /* XXX: What sector number to set here? */ 1112 if (ide_handle_rw_error(s, -ret, IDE_RETRY_FLUSH)) { 1113 return; 1114 } 1115 } 1116 1117 if (s->blk) { 1118 block_acct_done(blk_get_stats(s->blk), &s->acct); 1119 } 1120 s->status = READY_STAT | SEEK_STAT; 1121 ide_cmd_done(s); 1122 ide_bus_set_irq(s->bus); 1123 } 1124 1125 static void ide_flush_cache(IDEState *s) 1126 { 1127 if (s->blk == NULL) { 1128 ide_flush_cb(s, 0); 1129 return; 1130 } 1131 1132 s->status |= BUSY_STAT; 1133 ide_set_retry(s); 1134 block_acct_start(blk_get_stats(s->blk), &s->acct, 0, BLOCK_ACCT_FLUSH); 1135 s->pio_aiocb = blk_aio_flush(s->blk, ide_flush_cb, s); 1136 } 1137 1138 static void ide_cfata_metadata_inquiry(IDEState *s) 1139 { 1140 uint16_t *p; 1141 uint32_t spd; 1142 1143 p = (uint16_t *) s->io_buffer; 1144 memset(p, 0, 0x200); 1145 spd = ((s->mdata_size - 1) >> 9) + 1; 1146 1147 put_le16(p + 0, 0x0001); /* Data format revision */ 1148 put_le16(p + 1, 0x0000); /* Media property: silicon */ 1149 put_le16(p + 2, s->media_changed); /* Media status */ 1150 put_le16(p + 3, s->mdata_size & 0xffff); /* Capacity in bytes (low) */ 1151 put_le16(p + 4, s->mdata_size >> 16); /* Capacity in bytes (high) */ 1152 put_le16(p + 5, spd & 0xffff); /* Sectors per device (low) */ 1153 put_le16(p + 6, spd >> 16); /* Sectors per device (high) */ 1154 } 1155 1156 static void ide_cfata_metadata_read(IDEState *s) 1157 { 1158 uint16_t *p; 1159 1160 if (((s->hcyl << 16) | s->lcyl) << 9 > s->mdata_size + 2) { 1161 s->status = ERR_STAT; 1162 s->error = ABRT_ERR; 1163 return; 1164 } 1165 1166 p = (uint16_t *) s->io_buffer; 1167 memset(p, 0, 0x200); 1168 1169 put_le16(p + 0, s->media_changed); /* Media status */ 1170 memcpy(p + 1, s->mdata_storage + (((s->hcyl << 16) | s->lcyl) << 9), 1171 MIN(MIN(s->mdata_size - (((s->hcyl << 16) | s->lcyl) << 9), 1172 s->nsector << 9), 0x200 - 2)); 1173 } 1174 1175 static void ide_cfata_metadata_write(IDEState *s) 1176 { 1177 if (((s->hcyl << 16) | s->lcyl) << 9 > s->mdata_size + 2) { 1178 s->status = ERR_STAT; 1179 s->error = ABRT_ERR; 1180 return; 1181 } 1182 1183 s->media_changed = 0; 1184 1185 memcpy(s->mdata_storage + (((s->hcyl << 16) | s->lcyl) << 9), 1186 s->io_buffer + 2, 1187 MIN(MIN(s->mdata_size - (((s->hcyl << 16) | s->lcyl) << 9), 1188 s->nsector << 9), 0x200 - 2)); 1189 } 1190 1191 /* called when the inserted state of the media has changed */ 1192 static void ide_cd_change_cb(void *opaque, bool load, Error **errp) 1193 { 1194 IDEState *s = opaque; 1195 uint64_t nb_sectors; 1196 1197 s->tray_open = !load; 1198 blk_get_geometry(s->blk, &nb_sectors); 1199 s->nb_sectors = nb_sectors; 1200 1201 /* 1202 * First indicate to the guest that a CD has been removed. That's 1203 * done on the next command the guest sends us. 1204 * 1205 * Then we set UNIT_ATTENTION, by which the guest will 1206 * detect a new CD in the drive. See ide_atapi_cmd() for details. 1207 */ 1208 s->cdrom_changed = 1; 1209 s->events.new_media = true; 1210 s->events.eject_request = false; 1211 ide_bus_set_irq(s->bus); 1212 } 1213 1214 static void ide_cd_eject_request_cb(void *opaque, bool force) 1215 { 1216 IDEState *s = opaque; 1217 1218 s->events.eject_request = true; 1219 if (force) { 1220 s->tray_locked = false; 1221 } 1222 ide_bus_set_irq(s->bus); 1223 } 1224 1225 static void ide_cmd_lba48_transform(IDEState *s, int lba48) 1226 { 1227 s->lba48 = lba48; 1228 1229 /* handle the 'magic' 0 nsector count conversion here. to avoid 1230 * fiddling with the rest of the read logic, we just store the 1231 * full sector count in ->nsector and ignore ->hob_nsector from now 1232 */ 1233 if (!s->lba48) { 1234 if (!s->nsector) 1235 s->nsector = 256; 1236 } else { 1237 if (!s->nsector && !s->hob_nsector) 1238 s->nsector = 65536; 1239 else { 1240 int lo = s->nsector; 1241 int hi = s->hob_nsector; 1242 1243 s->nsector = (hi << 8) | lo; 1244 } 1245 } 1246 } 1247 1248 static void ide_clear_hob(IDEBus *bus) 1249 { 1250 /* any write clears HOB high bit of device control register */ 1251 bus->cmd &= ~(IDE_CTRL_HOB); 1252 } 1253 1254 /* IOport [W]rite [R]egisters */ 1255 enum ATA_IOPORT_WR { 1256 ATA_IOPORT_WR_DATA = 0, 1257 ATA_IOPORT_WR_FEATURES = 1, 1258 ATA_IOPORT_WR_SECTOR_COUNT = 2, 1259 ATA_IOPORT_WR_SECTOR_NUMBER = 3, 1260 ATA_IOPORT_WR_CYLINDER_LOW = 4, 1261 ATA_IOPORT_WR_CYLINDER_HIGH = 5, 1262 ATA_IOPORT_WR_DEVICE_HEAD = 6, 1263 ATA_IOPORT_WR_COMMAND = 7, 1264 ATA_IOPORT_WR_NUM_REGISTERS, 1265 }; 1266 1267 const char *ATA_IOPORT_WR_lookup[ATA_IOPORT_WR_NUM_REGISTERS] = { 1268 [ATA_IOPORT_WR_DATA] = "Data", 1269 [ATA_IOPORT_WR_FEATURES] = "Features", 1270 [ATA_IOPORT_WR_SECTOR_COUNT] = "Sector Count", 1271 [ATA_IOPORT_WR_SECTOR_NUMBER] = "Sector Number", 1272 [ATA_IOPORT_WR_CYLINDER_LOW] = "Cylinder Low", 1273 [ATA_IOPORT_WR_CYLINDER_HIGH] = "Cylinder High", 1274 [ATA_IOPORT_WR_DEVICE_HEAD] = "Device/Head", 1275 [ATA_IOPORT_WR_COMMAND] = "Command" 1276 }; 1277 1278 void ide_ioport_write(void *opaque, uint32_t addr, uint32_t val) 1279 { 1280 IDEBus *bus = opaque; 1281 IDEState *s = ide_bus_active_if(bus); 1282 int reg_num = addr & 7; 1283 1284 trace_ide_ioport_write(addr, ATA_IOPORT_WR_lookup[reg_num], val, bus, s); 1285 1286 /* ignore writes to command block while busy with previous command */ 1287 if (reg_num != 7 && (s->status & (BUSY_STAT|DRQ_STAT))) { 1288 return; 1289 } 1290 1291 /* NOTE: Device0 and Device1 both receive incoming register writes. 1292 * (They're on the same bus! They have to!) */ 1293 1294 switch (reg_num) { 1295 case 0: 1296 break; 1297 case ATA_IOPORT_WR_FEATURES: 1298 ide_clear_hob(bus); 1299 bus->ifs[0].hob_feature = bus->ifs[0].feature; 1300 bus->ifs[1].hob_feature = bus->ifs[1].feature; 1301 bus->ifs[0].feature = val; 1302 bus->ifs[1].feature = val; 1303 break; 1304 case ATA_IOPORT_WR_SECTOR_COUNT: 1305 ide_clear_hob(bus); 1306 bus->ifs[0].hob_nsector = bus->ifs[0].nsector; 1307 bus->ifs[1].hob_nsector = bus->ifs[1].nsector; 1308 bus->ifs[0].nsector = val; 1309 bus->ifs[1].nsector = val; 1310 break; 1311 case ATA_IOPORT_WR_SECTOR_NUMBER: 1312 ide_clear_hob(bus); 1313 bus->ifs[0].hob_sector = bus->ifs[0].sector; 1314 bus->ifs[1].hob_sector = bus->ifs[1].sector; 1315 bus->ifs[0].sector = val; 1316 bus->ifs[1].sector = val; 1317 break; 1318 case ATA_IOPORT_WR_CYLINDER_LOW: 1319 ide_clear_hob(bus); 1320 bus->ifs[0].hob_lcyl = bus->ifs[0].lcyl; 1321 bus->ifs[1].hob_lcyl = bus->ifs[1].lcyl; 1322 bus->ifs[0].lcyl = val; 1323 bus->ifs[1].lcyl = val; 1324 break; 1325 case ATA_IOPORT_WR_CYLINDER_HIGH: 1326 ide_clear_hob(bus); 1327 bus->ifs[0].hob_hcyl = bus->ifs[0].hcyl; 1328 bus->ifs[1].hob_hcyl = bus->ifs[1].hcyl; 1329 bus->ifs[0].hcyl = val; 1330 bus->ifs[1].hcyl = val; 1331 break; 1332 case ATA_IOPORT_WR_DEVICE_HEAD: 1333 ide_clear_hob(bus); 1334 bus->ifs[0].select = val | (ATA_DEV_ALWAYS_ON); 1335 bus->ifs[1].select = val | (ATA_DEV_ALWAYS_ON); 1336 /* select drive */ 1337 bus->unit = (val & (ATA_DEV_SELECT)) ? 1 : 0; 1338 break; 1339 default: 1340 case ATA_IOPORT_WR_COMMAND: 1341 ide_clear_hob(bus); 1342 qemu_irq_lower(bus->irq); 1343 ide_bus_exec_cmd(bus, val); 1344 break; 1345 } 1346 } 1347 1348 static void ide_reset(IDEState *s) 1349 { 1350 trace_ide_reset(s); 1351 1352 if (s->pio_aiocb) { 1353 blk_aio_cancel(s->pio_aiocb); 1354 s->pio_aiocb = NULL; 1355 } 1356 1357 if (s->reset_reverts) { 1358 s->reset_reverts = false; 1359 s->heads = s->drive_heads; 1360 s->sectors = s->drive_sectors; 1361 } 1362 if (s->drive_kind == IDE_CFATA) 1363 s->mult_sectors = 0; 1364 else 1365 s->mult_sectors = MAX_MULT_SECTORS; 1366 /* ide regs */ 1367 s->feature = 0; 1368 s->error = 0; 1369 s->nsector = 0; 1370 s->sector = 0; 1371 s->lcyl = 0; 1372 s->hcyl = 0; 1373 1374 /* lba48 */ 1375 s->hob_feature = 0; 1376 s->hob_sector = 0; 1377 s->hob_nsector = 0; 1378 s->hob_lcyl = 0; 1379 s->hob_hcyl = 0; 1380 1381 s->select = (ATA_DEV_ALWAYS_ON); 1382 s->status = READY_STAT | SEEK_STAT; 1383 1384 s->lba48 = 0; 1385 1386 /* ATAPI specific */ 1387 s->sense_key = 0; 1388 s->asc = 0; 1389 s->cdrom_changed = 0; 1390 s->packet_transfer_size = 0; 1391 s->elementary_transfer_size = 0; 1392 s->io_buffer_index = 0; 1393 s->cd_sector_size = 0; 1394 s->atapi_dma = 0; 1395 s->tray_locked = 0; 1396 s->tray_open = 0; 1397 /* ATA DMA state */ 1398 s->io_buffer_size = 0; 1399 s->req_nb_sectors = 0; 1400 1401 ide_set_signature(s); 1402 /* init the transfer handler so that 0xffff is returned on data 1403 accesses */ 1404 s->end_transfer_func = ide_dummy_transfer_stop; 1405 ide_dummy_transfer_stop(s); 1406 s->media_changed = 0; 1407 } 1408 1409 static bool cmd_nop(IDEState *s, uint8_t cmd) 1410 { 1411 return true; 1412 } 1413 1414 static bool cmd_device_reset(IDEState *s, uint8_t cmd) 1415 { 1416 /* Halt PIO (in the DRQ phase), then DMA */ 1417 ide_transfer_halt(s); 1418 ide_cancel_dma_sync(s); 1419 1420 /* Reset any PIO commands, reset signature, etc */ 1421 ide_reset(s); 1422 1423 /* RESET: ATA8-ACS3 7.10.4 "Normal Outputs"; 1424 * ATA8-ACS3 Table 184 "Device Signatures for Normal Output" */ 1425 s->status = 0x00; 1426 1427 /* Do not overwrite status register */ 1428 return false; 1429 } 1430 1431 static bool cmd_data_set_management(IDEState *s, uint8_t cmd) 1432 { 1433 switch (s->feature) { 1434 case DSM_TRIM: 1435 if (s->blk) { 1436 ide_sector_start_dma(s, IDE_DMA_TRIM); 1437 return false; 1438 } 1439 break; 1440 } 1441 1442 ide_abort_command(s); 1443 return true; 1444 } 1445 1446 static bool cmd_identify(IDEState *s, uint8_t cmd) 1447 { 1448 if (s->blk && s->drive_kind != IDE_CD) { 1449 if (s->drive_kind != IDE_CFATA) { 1450 ide_identify(s); 1451 } else { 1452 ide_cfata_identify(s); 1453 } 1454 s->status = READY_STAT | SEEK_STAT; 1455 ide_transfer_start(s, s->io_buffer, 512, ide_transfer_stop); 1456 ide_bus_set_irq(s->bus); 1457 return false; 1458 } else { 1459 if (s->drive_kind == IDE_CD) { 1460 ide_set_signature(s); 1461 } 1462 ide_abort_command(s); 1463 } 1464 1465 return true; 1466 } 1467 1468 static bool cmd_verify(IDEState *s, uint8_t cmd) 1469 { 1470 bool lba48 = (cmd == WIN_VERIFY_EXT); 1471 1472 /* do sector number check ? */ 1473 ide_cmd_lba48_transform(s, lba48); 1474 1475 return true; 1476 } 1477 1478 static bool cmd_set_multiple_mode(IDEState *s, uint8_t cmd) 1479 { 1480 if (s->drive_kind == IDE_CFATA && s->nsector == 0) { 1481 /* Disable Read and Write Multiple */ 1482 s->mult_sectors = 0; 1483 } else if ((s->nsector & 0xff) != 0 && 1484 ((s->nsector & 0xff) > MAX_MULT_SECTORS || 1485 (s->nsector & (s->nsector - 1)) != 0)) { 1486 ide_abort_command(s); 1487 } else { 1488 s->mult_sectors = s->nsector & 0xff; 1489 } 1490 1491 return true; 1492 } 1493 1494 static bool cmd_read_multiple(IDEState *s, uint8_t cmd) 1495 { 1496 bool lba48 = (cmd == WIN_MULTREAD_EXT); 1497 1498 if (!s->blk || !s->mult_sectors) { 1499 ide_abort_command(s); 1500 return true; 1501 } 1502 1503 ide_cmd_lba48_transform(s, lba48); 1504 s->req_nb_sectors = s->mult_sectors; 1505 ide_sector_read(s); 1506 return false; 1507 } 1508 1509 static bool cmd_write_multiple(IDEState *s, uint8_t cmd) 1510 { 1511 bool lba48 = (cmd == WIN_MULTWRITE_EXT); 1512 int n; 1513 1514 if (!s->blk || !s->mult_sectors) { 1515 ide_abort_command(s); 1516 return true; 1517 } 1518 1519 ide_cmd_lba48_transform(s, lba48); 1520 1521 s->req_nb_sectors = s->mult_sectors; 1522 n = MIN(s->nsector, s->req_nb_sectors); 1523 1524 s->status = SEEK_STAT | READY_STAT; 1525 ide_transfer_start(s, s->io_buffer, 512 * n, ide_sector_write); 1526 1527 s->media_changed = 1; 1528 1529 return false; 1530 } 1531 1532 static bool cmd_read_pio(IDEState *s, uint8_t cmd) 1533 { 1534 bool lba48 = (cmd == WIN_READ_EXT); 1535 1536 if (s->drive_kind == IDE_CD) { 1537 ide_set_signature(s); /* odd, but ATA4 8.27.5.2 requires it */ 1538 ide_abort_command(s); 1539 return true; 1540 } 1541 1542 if (!s->blk) { 1543 ide_abort_command(s); 1544 return true; 1545 } 1546 1547 ide_cmd_lba48_transform(s, lba48); 1548 s->req_nb_sectors = 1; 1549 ide_sector_read(s); 1550 1551 return false; 1552 } 1553 1554 static bool cmd_write_pio(IDEState *s, uint8_t cmd) 1555 { 1556 bool lba48 = (cmd == WIN_WRITE_EXT); 1557 1558 if (!s->blk) { 1559 ide_abort_command(s); 1560 return true; 1561 } 1562 1563 ide_cmd_lba48_transform(s, lba48); 1564 1565 s->req_nb_sectors = 1; 1566 s->status = SEEK_STAT | READY_STAT; 1567 ide_transfer_start(s, s->io_buffer, 512, ide_sector_write); 1568 1569 s->media_changed = 1; 1570 1571 return false; 1572 } 1573 1574 static bool cmd_read_dma(IDEState *s, uint8_t cmd) 1575 { 1576 bool lba48 = (cmd == WIN_READDMA_EXT); 1577 1578 if (!s->blk) { 1579 ide_abort_command(s); 1580 return true; 1581 } 1582 1583 ide_cmd_lba48_transform(s, lba48); 1584 ide_sector_start_dma(s, IDE_DMA_READ); 1585 1586 return false; 1587 } 1588 1589 static bool cmd_write_dma(IDEState *s, uint8_t cmd) 1590 { 1591 bool lba48 = (cmd == WIN_WRITEDMA_EXT); 1592 1593 if (!s->blk) { 1594 ide_abort_command(s); 1595 return true; 1596 } 1597 1598 ide_cmd_lba48_transform(s, lba48); 1599 ide_sector_start_dma(s, IDE_DMA_WRITE); 1600 1601 s->media_changed = 1; 1602 1603 return false; 1604 } 1605 1606 static bool cmd_flush_cache(IDEState *s, uint8_t cmd) 1607 { 1608 ide_flush_cache(s); 1609 return false; 1610 } 1611 1612 static bool cmd_seek(IDEState *s, uint8_t cmd) 1613 { 1614 /* XXX: Check that seek is within bounds */ 1615 return true; 1616 } 1617 1618 static bool cmd_read_native_max(IDEState *s, uint8_t cmd) 1619 { 1620 bool lba48 = (cmd == WIN_READ_NATIVE_MAX_EXT); 1621 1622 /* Refuse if no sectors are addressable (e.g. medium not inserted) */ 1623 if (s->nb_sectors == 0) { 1624 ide_abort_command(s); 1625 } else { 1626 /* 1627 * Save the active drive parameters, which may have been 1628 * limited from their native counterparts by, e.g., INITIALIZE 1629 * DEVICE PARAMETERS or SET MAX ADDRESS. 1630 */ 1631 const int aheads = s->heads; 1632 const int asectors = s->sectors; 1633 1634 s->heads = s->drive_heads; 1635 s->sectors = s->drive_sectors; 1636 1637 ide_cmd_lba48_transform(s, lba48); 1638 ide_set_sector(s, s->nb_sectors - 1); 1639 1640 s->heads = aheads; 1641 s->sectors = asectors; 1642 } 1643 1644 return true; 1645 } 1646 1647 static bool cmd_check_power_mode(IDEState *s, uint8_t cmd) 1648 { 1649 s->nsector = 0xff; /* device active or idle */ 1650 return true; 1651 } 1652 1653 /* INITIALIZE DEVICE PARAMETERS */ 1654 static bool cmd_specify(IDEState *s, uint8_t cmd) 1655 { 1656 if (s->blk && s->drive_kind != IDE_CD) { 1657 s->heads = (s->select & (ATA_DEV_HS)) + 1; 1658 s->sectors = s->nsector; 1659 ide_bus_set_irq(s->bus); 1660 } else { 1661 ide_abort_command(s); 1662 } 1663 1664 return true; 1665 } 1666 1667 static bool cmd_set_features(IDEState *s, uint8_t cmd) 1668 { 1669 uint16_t *identify_data; 1670 1671 if (!s->blk) { 1672 ide_abort_command(s); 1673 return true; 1674 } 1675 1676 /* XXX: valid for CDROM ? */ 1677 switch (s->feature) { 1678 case 0x01: /* 8-bit I/O enable (CompactFlash) */ 1679 case 0x81: /* 8-bit I/O disable (CompactFlash) */ 1680 if (s->drive_kind != IDE_CFATA) { 1681 goto abort_cmd; 1682 } 1683 s->io8 = !(s->feature & 0x80); 1684 return true; 1685 case 0x02: /* write cache enable */ 1686 blk_set_enable_write_cache(s->blk, true); 1687 identify_data = (uint16_t *)s->identify_data; 1688 put_le16(identify_data + 85, (1 << 14) | (1 << 5) | 1); 1689 return true; 1690 case 0x82: /* write cache disable */ 1691 blk_set_enable_write_cache(s->blk, false); 1692 identify_data = (uint16_t *)s->identify_data; 1693 put_le16(identify_data + 85, (1 << 14) | 1); 1694 ide_flush_cache(s); 1695 return false; 1696 case 0xcc: /* reverting to power-on defaults enable */ 1697 s->reset_reverts = true; 1698 return true; 1699 case 0x66: /* reverting to power-on defaults disable */ 1700 s->reset_reverts = false; 1701 return true; 1702 case 0xaa: /* read look-ahead enable */ 1703 case 0x55: /* read look-ahead disable */ 1704 case 0x05: /* set advanced power management mode */ 1705 case 0x85: /* disable advanced power management mode */ 1706 case 0x69: /* NOP */ 1707 case 0x67: /* NOP */ 1708 case 0x96: /* NOP */ 1709 case 0x9a: /* NOP */ 1710 case 0x42: /* enable Automatic Acoustic Mode */ 1711 case 0xc2: /* disable Automatic Acoustic Mode */ 1712 return true; 1713 case 0x03: /* set transfer mode */ 1714 { 1715 uint8_t val = s->nsector & 0x07; 1716 identify_data = (uint16_t *)s->identify_data; 1717 1718 switch (s->nsector >> 3) { 1719 case 0x00: /* pio default */ 1720 case 0x01: /* pio mode */ 1721 put_le16(identify_data + 62, 0x07); 1722 put_le16(identify_data + 63, 0x07); 1723 put_le16(identify_data + 88, 0x3f); 1724 break; 1725 case 0x02: /* single word dma mode */ 1726 put_le16(identify_data + 62, 0x07 | (1 << (val + 8))); 1727 put_le16(identify_data + 63, 0x07); 1728 put_le16(identify_data + 88, 0x3f); 1729 break; 1730 case 0x04: /* mdma mode */ 1731 put_le16(identify_data + 62, 0x07); 1732 put_le16(identify_data + 63, 0x07 | (1 << (val + 8))); 1733 put_le16(identify_data + 88, 0x3f); 1734 break; 1735 case 0x08: /* udma mode */ 1736 put_le16(identify_data + 62, 0x07); 1737 put_le16(identify_data + 63, 0x07); 1738 put_le16(identify_data + 88, 0x3f | (1 << (val + 8))); 1739 break; 1740 default: 1741 goto abort_cmd; 1742 } 1743 return true; 1744 } 1745 } 1746 1747 abort_cmd: 1748 ide_abort_command(s); 1749 return true; 1750 } 1751 1752 1753 /*** ATAPI commands ***/ 1754 1755 static bool cmd_identify_packet(IDEState *s, uint8_t cmd) 1756 { 1757 ide_atapi_identify(s); 1758 s->status = READY_STAT | SEEK_STAT; 1759 ide_transfer_start(s, s->io_buffer, 512, ide_transfer_stop); 1760 ide_bus_set_irq(s->bus); 1761 return false; 1762 } 1763 1764 /* EXECUTE DEVICE DIAGNOSTIC */ 1765 static bool cmd_exec_dev_diagnostic(IDEState *s, uint8_t cmd) 1766 { 1767 /* 1768 * Clear the device register per the ATA (v6) specification, 1769 * because ide_set_signature does not clear LBA or drive bits. 1770 */ 1771 s->select = (ATA_DEV_ALWAYS_ON); 1772 ide_set_signature(s); 1773 1774 if (s->drive_kind == IDE_CD) { 1775 s->status = 0; /* ATAPI spec (v6) section 9.10 defines packet 1776 * devices to return a clear status register 1777 * with READY_STAT *not* set. */ 1778 s->error = 0x01; 1779 } else { 1780 s->status = READY_STAT | SEEK_STAT; 1781 /* The bits of the error register are not as usual for this command! 1782 * They are part of the regular output (this is why ERR_STAT isn't set) 1783 * Device 0 passed, Device 1 passed or not present. */ 1784 s->error = 0x01; 1785 ide_bus_set_irq(s->bus); 1786 } 1787 1788 return false; 1789 } 1790 1791 static bool cmd_packet(IDEState *s, uint8_t cmd) 1792 { 1793 /* overlapping commands not supported */ 1794 if (s->feature & 0x02) { 1795 ide_abort_command(s); 1796 return true; 1797 } 1798 1799 s->status = READY_STAT | SEEK_STAT; 1800 s->atapi_dma = s->feature & 1; 1801 if (s->atapi_dma) { 1802 s->dma_cmd = IDE_DMA_ATAPI; 1803 } 1804 s->nsector = 1; 1805 ide_transfer_start(s, s->io_buffer, ATAPI_PACKET_SIZE, 1806 ide_atapi_cmd); 1807 return false; 1808 } 1809 1810 1811 /*** CF-ATA commands ***/ 1812 1813 static bool cmd_cfa_req_ext_error_code(IDEState *s, uint8_t cmd) 1814 { 1815 s->error = 0x09; /* miscellaneous error */ 1816 s->status = READY_STAT | SEEK_STAT; 1817 ide_bus_set_irq(s->bus); 1818 1819 return false; 1820 } 1821 1822 static bool cmd_cfa_erase_sectors(IDEState *s, uint8_t cmd) 1823 { 1824 /* WIN_SECURITY_FREEZE_LOCK has the same ID as CFA_WEAR_LEVEL and is 1825 * required for Windows 8 to work with AHCI */ 1826 1827 if (cmd == CFA_WEAR_LEVEL) { 1828 s->nsector = 0; 1829 } 1830 1831 if (cmd == CFA_ERASE_SECTORS) { 1832 s->media_changed = 1; 1833 } 1834 1835 return true; 1836 } 1837 1838 static bool cmd_cfa_translate_sector(IDEState *s, uint8_t cmd) 1839 { 1840 s->status = READY_STAT | SEEK_STAT; 1841 1842 memset(s->io_buffer, 0, 0x200); 1843 s->io_buffer[0x00] = s->hcyl; /* Cyl MSB */ 1844 s->io_buffer[0x01] = s->lcyl; /* Cyl LSB */ 1845 s->io_buffer[0x02] = s->select; /* Head */ 1846 s->io_buffer[0x03] = s->sector; /* Sector */ 1847 s->io_buffer[0x04] = ide_get_sector(s) >> 16; /* LBA MSB */ 1848 s->io_buffer[0x05] = ide_get_sector(s) >> 8; /* LBA */ 1849 s->io_buffer[0x06] = ide_get_sector(s) >> 0; /* LBA LSB */ 1850 s->io_buffer[0x13] = 0x00; /* Erase flag */ 1851 s->io_buffer[0x18] = 0x00; /* Hot count */ 1852 s->io_buffer[0x19] = 0x00; /* Hot count */ 1853 s->io_buffer[0x1a] = 0x01; /* Hot count */ 1854 1855 ide_transfer_start(s, s->io_buffer, 0x200, ide_transfer_stop); 1856 ide_bus_set_irq(s->bus); 1857 1858 return false; 1859 } 1860 1861 static bool cmd_cfa_access_metadata_storage(IDEState *s, uint8_t cmd) 1862 { 1863 switch (s->feature) { 1864 case 0x02: /* Inquiry Metadata Storage */ 1865 ide_cfata_metadata_inquiry(s); 1866 break; 1867 case 0x03: /* Read Metadata Storage */ 1868 ide_cfata_metadata_read(s); 1869 break; 1870 case 0x04: /* Write Metadata Storage */ 1871 ide_cfata_metadata_write(s); 1872 break; 1873 default: 1874 ide_abort_command(s); 1875 return true; 1876 } 1877 1878 ide_transfer_start(s, s->io_buffer, 0x200, ide_transfer_stop); 1879 s->status = 0x00; /* NOTE: READY is _not_ set */ 1880 ide_bus_set_irq(s->bus); 1881 1882 return false; 1883 } 1884 1885 static bool cmd_ibm_sense_condition(IDEState *s, uint8_t cmd) 1886 { 1887 switch (s->feature) { 1888 case 0x01: /* sense temperature in device */ 1889 s->nsector = 0x50; /* +20 C */ 1890 break; 1891 default: 1892 ide_abort_command(s); 1893 return true; 1894 } 1895 1896 return true; 1897 } 1898 1899 1900 /*** SMART commands ***/ 1901 1902 static bool cmd_smart(IDEState *s, uint8_t cmd) 1903 { 1904 int n; 1905 1906 if (s->hcyl != 0xc2 || s->lcyl != 0x4f) { 1907 goto abort_cmd; 1908 } 1909 1910 if (!s->smart_enabled && s->feature != SMART_ENABLE) { 1911 goto abort_cmd; 1912 } 1913 1914 switch (s->feature) { 1915 case SMART_DISABLE: 1916 s->smart_enabled = 0; 1917 return true; 1918 1919 case SMART_ENABLE: 1920 s->smart_enabled = 1; 1921 return true; 1922 1923 case SMART_ATTR_AUTOSAVE: 1924 switch (s->sector) { 1925 case 0x00: 1926 s->smart_autosave = 0; 1927 break; 1928 case 0xf1: 1929 s->smart_autosave = 1; 1930 break; 1931 default: 1932 goto abort_cmd; 1933 } 1934 return true; 1935 1936 case SMART_STATUS: 1937 if (!s->smart_errors) { 1938 s->hcyl = 0xc2; 1939 s->lcyl = 0x4f; 1940 } else { 1941 s->hcyl = 0x2c; 1942 s->lcyl = 0xf4; 1943 } 1944 return true; 1945 1946 case SMART_READ_THRESH: 1947 memset(s->io_buffer, 0, 0x200); 1948 s->io_buffer[0] = 0x01; /* smart struct version */ 1949 1950 for (n = 0; n < ARRAY_SIZE(smart_attributes); n++) { 1951 s->io_buffer[2 + 0 + (n * 12)] = smart_attributes[n][0]; 1952 s->io_buffer[2 + 1 + (n * 12)] = smart_attributes[n][11]; 1953 } 1954 1955 /* checksum */ 1956 for (n = 0; n < 511; n++) { 1957 s->io_buffer[511] += s->io_buffer[n]; 1958 } 1959 s->io_buffer[511] = 0x100 - s->io_buffer[511]; 1960 1961 s->status = READY_STAT | SEEK_STAT; 1962 ide_transfer_start(s, s->io_buffer, 0x200, ide_transfer_stop); 1963 ide_bus_set_irq(s->bus); 1964 return false; 1965 1966 case SMART_READ_DATA: 1967 memset(s->io_buffer, 0, 0x200); 1968 s->io_buffer[0] = 0x01; /* smart struct version */ 1969 1970 for (n = 0; n < ARRAY_SIZE(smart_attributes); n++) { 1971 int i; 1972 for (i = 0; i < 11; i++) { 1973 s->io_buffer[2 + i + (n * 12)] = smart_attributes[n][i]; 1974 } 1975 } 1976 1977 s->io_buffer[362] = 0x02 | (s->smart_autosave ? 0x80 : 0x00); 1978 if (s->smart_selftest_count == 0) { 1979 s->io_buffer[363] = 0; 1980 } else { 1981 s->io_buffer[363] = 1982 s->smart_selftest_data[3 + 1983 (s->smart_selftest_count - 1) * 1984 24]; 1985 } 1986 s->io_buffer[364] = 0x20; 1987 s->io_buffer[365] = 0x01; 1988 /* offline data collection capacity: execute + self-test*/ 1989 s->io_buffer[367] = (1 << 4 | 1 << 3 | 1); 1990 s->io_buffer[368] = 0x03; /* smart capability (1) */ 1991 s->io_buffer[369] = 0x00; /* smart capability (2) */ 1992 s->io_buffer[370] = 0x01; /* error logging supported */ 1993 s->io_buffer[372] = 0x02; /* minutes for poll short test */ 1994 s->io_buffer[373] = 0x36; /* minutes for poll ext test */ 1995 s->io_buffer[374] = 0x01; /* minutes for poll conveyance */ 1996 1997 for (n = 0; n < 511; n++) { 1998 s->io_buffer[511] += s->io_buffer[n]; 1999 } 2000 s->io_buffer[511] = 0x100 - s->io_buffer[511]; 2001 2002 s->status = READY_STAT | SEEK_STAT; 2003 ide_transfer_start(s, s->io_buffer, 0x200, ide_transfer_stop); 2004 ide_bus_set_irq(s->bus); 2005 return false; 2006 2007 case SMART_READ_LOG: 2008 switch (s->sector) { 2009 case 0x01: /* summary smart error log */ 2010 memset(s->io_buffer, 0, 0x200); 2011 s->io_buffer[0] = 0x01; 2012 s->io_buffer[1] = 0x00; /* no error entries */ 2013 s->io_buffer[452] = s->smart_errors & 0xff; 2014 s->io_buffer[453] = (s->smart_errors & 0xff00) >> 8; 2015 2016 for (n = 0; n < 511; n++) { 2017 s->io_buffer[511] += s->io_buffer[n]; 2018 } 2019 s->io_buffer[511] = 0x100 - s->io_buffer[511]; 2020 break; 2021 case 0x06: /* smart self test log */ 2022 memset(s->io_buffer, 0, 0x200); 2023 s->io_buffer[0] = 0x01; 2024 if (s->smart_selftest_count == 0) { 2025 s->io_buffer[508] = 0; 2026 } else { 2027 s->io_buffer[508] = s->smart_selftest_count; 2028 for (n = 2; n < 506; n++) { 2029 s->io_buffer[n] = s->smart_selftest_data[n]; 2030 } 2031 } 2032 2033 for (n = 0; n < 511; n++) { 2034 s->io_buffer[511] += s->io_buffer[n]; 2035 } 2036 s->io_buffer[511] = 0x100 - s->io_buffer[511]; 2037 break; 2038 default: 2039 goto abort_cmd; 2040 } 2041 s->status = READY_STAT | SEEK_STAT; 2042 ide_transfer_start(s, s->io_buffer, 0x200, ide_transfer_stop); 2043 ide_bus_set_irq(s->bus); 2044 return false; 2045 2046 case SMART_EXECUTE_OFFLINE: 2047 switch (s->sector) { 2048 case 0: /* off-line routine */ 2049 case 1: /* short self test */ 2050 case 2: /* extended self test */ 2051 s->smart_selftest_count++; 2052 if (s->smart_selftest_count > 21) { 2053 s->smart_selftest_count = 1; 2054 } 2055 n = 2 + (s->smart_selftest_count - 1) * 24; 2056 s->smart_selftest_data[n] = s->sector; 2057 s->smart_selftest_data[n + 1] = 0x00; /* OK and finished */ 2058 s->smart_selftest_data[n + 2] = 0x34; /* hour count lsb */ 2059 s->smart_selftest_data[n + 3] = 0x12; /* hour count msb */ 2060 break; 2061 default: 2062 goto abort_cmd; 2063 } 2064 return true; 2065 } 2066 2067 abort_cmd: 2068 ide_abort_command(s); 2069 return true; 2070 } 2071 2072 #define HD_OK (1u << IDE_HD) 2073 #define CD_OK (1u << IDE_CD) 2074 #define CFA_OK (1u << IDE_CFATA) 2075 #define HD_CFA_OK (HD_OK | CFA_OK) 2076 #define ALL_OK (HD_OK | CD_OK | CFA_OK) 2077 2078 /* Set the Disk Seek Completed status bit during completion */ 2079 #define SET_DSC (1u << 8) 2080 2081 /* See ACS-2 T13/2015-D Table B.2 Command codes */ 2082 static const struct { 2083 /* Returns true if the completion code should be run */ 2084 bool (*handler)(IDEState *s, uint8_t cmd); 2085 int flags; 2086 } ide_cmd_table[0x100] = { 2087 /* NOP not implemented, mandatory for CD */ 2088 [CFA_REQ_EXT_ERROR_CODE] = { cmd_cfa_req_ext_error_code, CFA_OK }, 2089 [WIN_DSM] = { cmd_data_set_management, HD_CFA_OK }, 2090 [WIN_DEVICE_RESET] = { cmd_device_reset, CD_OK }, 2091 [WIN_RECAL] = { cmd_nop, HD_CFA_OK | SET_DSC}, 2092 [WIN_READ] = { cmd_read_pio, ALL_OK }, 2093 [WIN_READ_ONCE] = { cmd_read_pio, HD_CFA_OK }, 2094 [WIN_READ_EXT] = { cmd_read_pio, HD_CFA_OK }, 2095 [WIN_READDMA_EXT] = { cmd_read_dma, HD_CFA_OK }, 2096 [WIN_READ_NATIVE_MAX_EXT] = { cmd_read_native_max, HD_CFA_OK | SET_DSC }, 2097 [WIN_MULTREAD_EXT] = { cmd_read_multiple, HD_CFA_OK }, 2098 [WIN_WRITE] = { cmd_write_pio, HD_CFA_OK }, 2099 [WIN_WRITE_ONCE] = { cmd_write_pio, HD_CFA_OK }, 2100 [WIN_WRITE_EXT] = { cmd_write_pio, HD_CFA_OK }, 2101 [WIN_WRITEDMA_EXT] = { cmd_write_dma, HD_CFA_OK }, 2102 [CFA_WRITE_SECT_WO_ERASE] = { cmd_write_pio, CFA_OK }, 2103 [WIN_MULTWRITE_EXT] = { cmd_write_multiple, HD_CFA_OK }, 2104 [WIN_WRITE_VERIFY] = { cmd_write_pio, HD_CFA_OK }, 2105 [WIN_VERIFY] = { cmd_verify, HD_CFA_OK | SET_DSC }, 2106 [WIN_VERIFY_ONCE] = { cmd_verify, HD_CFA_OK | SET_DSC }, 2107 [WIN_VERIFY_EXT] = { cmd_verify, HD_CFA_OK | SET_DSC }, 2108 [WIN_SEEK] = { cmd_seek, HD_CFA_OK | SET_DSC }, 2109 [CFA_TRANSLATE_SECTOR] = { cmd_cfa_translate_sector, CFA_OK }, 2110 [WIN_DIAGNOSE] = { cmd_exec_dev_diagnostic, ALL_OK }, 2111 [WIN_SPECIFY] = { cmd_specify, HD_CFA_OK | SET_DSC }, 2112 [WIN_STANDBYNOW2] = { cmd_nop, HD_CFA_OK }, 2113 [WIN_IDLEIMMEDIATE2] = { cmd_nop, HD_CFA_OK }, 2114 [WIN_STANDBY2] = { cmd_nop, HD_CFA_OK }, 2115 [WIN_SETIDLE2] = { cmd_nop, HD_CFA_OK }, 2116 [WIN_CHECKPOWERMODE2] = { cmd_check_power_mode, HD_CFA_OK | SET_DSC }, 2117 [WIN_SLEEPNOW2] = { cmd_nop, HD_CFA_OK }, 2118 [WIN_PACKETCMD] = { cmd_packet, CD_OK }, 2119 [WIN_PIDENTIFY] = { cmd_identify_packet, CD_OK }, 2120 [WIN_SMART] = { cmd_smart, HD_CFA_OK | SET_DSC }, 2121 [CFA_ACCESS_METADATA_STORAGE] = { cmd_cfa_access_metadata_storage, CFA_OK }, 2122 [CFA_ERASE_SECTORS] = { cmd_cfa_erase_sectors, CFA_OK | SET_DSC }, 2123 [WIN_MULTREAD] = { cmd_read_multiple, HD_CFA_OK }, 2124 [WIN_MULTWRITE] = { cmd_write_multiple, HD_CFA_OK }, 2125 [WIN_SETMULT] = { cmd_set_multiple_mode, HD_CFA_OK | SET_DSC }, 2126 [WIN_READDMA] = { cmd_read_dma, HD_CFA_OK }, 2127 [WIN_READDMA_ONCE] = { cmd_read_dma, HD_CFA_OK }, 2128 [WIN_WRITEDMA] = { cmd_write_dma, HD_CFA_OK }, 2129 [WIN_WRITEDMA_ONCE] = { cmd_write_dma, HD_CFA_OK }, 2130 [CFA_WRITE_MULTI_WO_ERASE] = { cmd_write_multiple, CFA_OK }, 2131 [WIN_STANDBYNOW1] = { cmd_nop, HD_CFA_OK }, 2132 [WIN_IDLEIMMEDIATE] = { cmd_nop, HD_CFA_OK }, 2133 [WIN_STANDBY] = { cmd_nop, HD_CFA_OK }, 2134 [WIN_SETIDLE1] = { cmd_nop, HD_CFA_OK }, 2135 [WIN_CHECKPOWERMODE1] = { cmd_check_power_mode, HD_CFA_OK | SET_DSC }, 2136 [WIN_SLEEPNOW1] = { cmd_nop, HD_CFA_OK }, 2137 [WIN_FLUSH_CACHE] = { cmd_flush_cache, ALL_OK }, 2138 [WIN_FLUSH_CACHE_EXT] = { cmd_flush_cache, HD_CFA_OK }, 2139 [WIN_IDENTIFY] = { cmd_identify, ALL_OK }, 2140 [WIN_SETFEATURES] = { cmd_set_features, ALL_OK | SET_DSC }, 2141 [IBM_SENSE_CONDITION] = { cmd_ibm_sense_condition, CFA_OK | SET_DSC }, 2142 [CFA_WEAR_LEVEL] = { cmd_cfa_erase_sectors, HD_CFA_OK | SET_DSC }, 2143 [WIN_READ_NATIVE_MAX] = { cmd_read_native_max, HD_CFA_OK | SET_DSC }, 2144 }; 2145 2146 static bool ide_cmd_permitted(IDEState *s, uint32_t cmd) 2147 { 2148 return cmd < ARRAY_SIZE(ide_cmd_table) 2149 && (ide_cmd_table[cmd].flags & (1u << s->drive_kind)); 2150 } 2151 2152 void ide_bus_exec_cmd(IDEBus *bus, uint32_t val) 2153 { 2154 IDEState *s; 2155 bool complete; 2156 2157 s = ide_bus_active_if(bus); 2158 trace_ide_bus_exec_cmd(bus, s, val); 2159 2160 /* ignore commands to non existent slave */ 2161 if (s != bus->ifs && !s->blk) { 2162 return; 2163 } 2164 2165 /* Only RESET is allowed while BSY and/or DRQ are set, 2166 * and only to ATAPI devices. */ 2167 if (s->status & (BUSY_STAT|DRQ_STAT)) { 2168 if (val != WIN_DEVICE_RESET || s->drive_kind != IDE_CD) { 2169 return; 2170 } 2171 } 2172 2173 if (!ide_cmd_permitted(s, val)) { 2174 ide_abort_command(s); 2175 ide_bus_set_irq(s->bus); 2176 return; 2177 } 2178 2179 s->status = READY_STAT | BUSY_STAT; 2180 s->error = 0; 2181 s->io_buffer_offset = 0; 2182 2183 complete = ide_cmd_table[val].handler(s, val); 2184 if (complete) { 2185 s->status &= ~BUSY_STAT; 2186 assert(!!s->error == !!(s->status & ERR_STAT)); 2187 2188 if ((ide_cmd_table[val].flags & SET_DSC) && !s->error) { 2189 s->status |= SEEK_STAT; 2190 } 2191 2192 ide_cmd_done(s); 2193 ide_bus_set_irq(s->bus); 2194 } 2195 } 2196 2197 /* IOport [R]ead [R]egisters */ 2198 enum ATA_IOPORT_RR { 2199 ATA_IOPORT_RR_DATA = 0, 2200 ATA_IOPORT_RR_ERROR = 1, 2201 ATA_IOPORT_RR_SECTOR_COUNT = 2, 2202 ATA_IOPORT_RR_SECTOR_NUMBER = 3, 2203 ATA_IOPORT_RR_CYLINDER_LOW = 4, 2204 ATA_IOPORT_RR_CYLINDER_HIGH = 5, 2205 ATA_IOPORT_RR_DEVICE_HEAD = 6, 2206 ATA_IOPORT_RR_STATUS = 7, 2207 ATA_IOPORT_RR_NUM_REGISTERS, 2208 }; 2209 2210 const char *ATA_IOPORT_RR_lookup[ATA_IOPORT_RR_NUM_REGISTERS] = { 2211 [ATA_IOPORT_RR_DATA] = "Data", 2212 [ATA_IOPORT_RR_ERROR] = "Error", 2213 [ATA_IOPORT_RR_SECTOR_COUNT] = "Sector Count", 2214 [ATA_IOPORT_RR_SECTOR_NUMBER] = "Sector Number", 2215 [ATA_IOPORT_RR_CYLINDER_LOW] = "Cylinder Low", 2216 [ATA_IOPORT_RR_CYLINDER_HIGH] = "Cylinder High", 2217 [ATA_IOPORT_RR_DEVICE_HEAD] = "Device/Head", 2218 [ATA_IOPORT_RR_STATUS] = "Status" 2219 }; 2220 2221 uint32_t ide_ioport_read(void *opaque, uint32_t addr) 2222 { 2223 IDEBus *bus = opaque; 2224 IDEState *s = ide_bus_active_if(bus); 2225 uint32_t reg_num; 2226 int ret, hob; 2227 2228 reg_num = addr & 7; 2229 hob = bus->cmd & (IDE_CTRL_HOB); 2230 switch (reg_num) { 2231 case ATA_IOPORT_RR_DATA: 2232 /* 2233 * The pre-GRUB Solaris x86 bootloader relies upon inb 2234 * consuming a word from the drive's sector buffer. 2235 */ 2236 ret = ide_data_readw(bus, addr) & 0xff; 2237 break; 2238 case ATA_IOPORT_RR_ERROR: 2239 if ((!bus->ifs[0].blk && !bus->ifs[1].blk) || 2240 (s != bus->ifs && !s->blk)) { 2241 ret = 0; 2242 } else if (!hob) { 2243 ret = s->error; 2244 } else { 2245 ret = s->hob_feature; 2246 } 2247 break; 2248 case ATA_IOPORT_RR_SECTOR_COUNT: 2249 if (!bus->ifs[0].blk && !bus->ifs[1].blk) { 2250 ret = 0; 2251 } else if (!hob) { 2252 ret = s->nsector & 0xff; 2253 } else { 2254 ret = s->hob_nsector; 2255 } 2256 break; 2257 case ATA_IOPORT_RR_SECTOR_NUMBER: 2258 if (!bus->ifs[0].blk && !bus->ifs[1].blk) { 2259 ret = 0; 2260 } else if (!hob) { 2261 ret = s->sector; 2262 } else { 2263 ret = s->hob_sector; 2264 } 2265 break; 2266 case ATA_IOPORT_RR_CYLINDER_LOW: 2267 if (!bus->ifs[0].blk && !bus->ifs[1].blk) { 2268 ret = 0; 2269 } else if (!hob) { 2270 ret = s->lcyl; 2271 } else { 2272 ret = s->hob_lcyl; 2273 } 2274 break; 2275 case ATA_IOPORT_RR_CYLINDER_HIGH: 2276 if (!bus->ifs[0].blk && !bus->ifs[1].blk) { 2277 ret = 0; 2278 } else if (!hob) { 2279 ret = s->hcyl; 2280 } else { 2281 ret = s->hob_hcyl; 2282 } 2283 break; 2284 case ATA_IOPORT_RR_DEVICE_HEAD: 2285 if (!bus->ifs[0].blk && !bus->ifs[1].blk) { 2286 ret = 0; 2287 } else { 2288 ret = s->select; 2289 } 2290 break; 2291 default: 2292 case ATA_IOPORT_RR_STATUS: 2293 if ((!bus->ifs[0].blk && !bus->ifs[1].blk) || 2294 (s != bus->ifs && !s->blk)) { 2295 ret = 0; 2296 } else { 2297 ret = s->status; 2298 } 2299 qemu_irq_lower(bus->irq); 2300 break; 2301 } 2302 2303 trace_ide_ioport_read(addr, ATA_IOPORT_RR_lookup[reg_num], ret, bus, s); 2304 return ret; 2305 } 2306 2307 uint32_t ide_status_read(void *opaque, uint32_t addr) 2308 { 2309 IDEBus *bus = opaque; 2310 IDEState *s = ide_bus_active_if(bus); 2311 int ret; 2312 2313 if ((!bus->ifs[0].blk && !bus->ifs[1].blk) || 2314 (s != bus->ifs && !s->blk)) { 2315 ret = 0; 2316 } else { 2317 ret = s->status; 2318 } 2319 2320 trace_ide_status_read(addr, ret, bus, s); 2321 return ret; 2322 } 2323 2324 static void ide_perform_srst(IDEState *s) 2325 { 2326 s->status |= BUSY_STAT; 2327 2328 /* Halt PIO (Via register state); PIO BH remains scheduled. */ 2329 ide_transfer_halt(s); 2330 2331 /* Cancel DMA -- may drain block device and invoke callbacks */ 2332 ide_cancel_dma_sync(s); 2333 2334 /* Cancel PIO callback, reset registers/signature, etc */ 2335 ide_reset(s); 2336 2337 /* perform diagnostic */ 2338 cmd_exec_dev_diagnostic(s, WIN_DIAGNOSE); 2339 } 2340 2341 static void ide_bus_perform_srst(void *opaque) 2342 { 2343 IDEBus *bus = opaque; 2344 IDEState *s; 2345 int i; 2346 2347 for (i = 0; i < 2; i++) { 2348 s = &bus->ifs[i]; 2349 ide_perform_srst(s); 2350 } 2351 2352 bus->cmd &= ~IDE_CTRL_RESET; 2353 } 2354 2355 void ide_ctrl_write(void *opaque, uint32_t addr, uint32_t val) 2356 { 2357 IDEBus *bus = opaque; 2358 IDEState *s; 2359 int i; 2360 2361 trace_ide_ctrl_write(addr, val, bus); 2362 2363 /* Device0 and Device1 each have their own control register, 2364 * but QEMU models it as just one register in the controller. */ 2365 if (!(bus->cmd & IDE_CTRL_RESET) && (val & IDE_CTRL_RESET)) { 2366 for (i = 0; i < 2; i++) { 2367 s = &bus->ifs[i]; 2368 s->status |= BUSY_STAT; 2369 } 2370 replay_bh_schedule_oneshot_event(qemu_get_aio_context(), 2371 ide_bus_perform_srst, bus); 2372 } 2373 2374 bus->cmd = val; 2375 } 2376 2377 /* 2378 * Returns true if the running PIO transfer is a PIO out (i.e. data is 2379 * transferred from the device to the guest), false if it's a PIO in 2380 */ 2381 static bool ide_is_pio_out(IDEState *s) 2382 { 2383 if (s->end_transfer_func == ide_sector_write || 2384 s->end_transfer_func == ide_atapi_cmd) { 2385 return false; 2386 } else if (s->end_transfer_func == ide_sector_read || 2387 s->end_transfer_func == ide_transfer_stop || 2388 s->end_transfer_func == ide_atapi_cmd_reply_end || 2389 s->end_transfer_func == ide_dummy_transfer_stop) { 2390 return true; 2391 } 2392 2393 abort(); 2394 } 2395 2396 void ide_data_writew(void *opaque, uint32_t addr, uint32_t val) 2397 { 2398 IDEBus *bus = opaque; 2399 IDEState *s = ide_bus_active_if(bus); 2400 uint8_t *p; 2401 2402 trace_ide_data_writew(addr, val, bus, s); 2403 2404 /* PIO data access allowed only when DRQ bit is set. The result of a write 2405 * during PIO out is indeterminate, just ignore it. */ 2406 if (!(s->status & DRQ_STAT) || ide_is_pio_out(s)) { 2407 return; 2408 } 2409 2410 p = s->data_ptr; 2411 if (s->io8) { 2412 if (p + 1 > s->data_end) { 2413 return; 2414 } 2415 2416 *p++ = val; 2417 } else { 2418 if (p + 2 > s->data_end) { 2419 return; 2420 } 2421 2422 *(uint16_t *)p = le16_to_cpu(val); 2423 p += 2; 2424 } 2425 s->data_ptr = p; 2426 if (p >= s->data_end) { 2427 s->status &= ~DRQ_STAT; 2428 s->end_transfer_func(s); 2429 } 2430 } 2431 2432 uint32_t ide_data_readw(void *opaque, uint32_t addr) 2433 { 2434 IDEBus *bus = opaque; 2435 IDEState *s = ide_bus_active_if(bus); 2436 uint8_t *p; 2437 int ret; 2438 2439 /* PIO data access allowed only when DRQ bit is set. The result of a read 2440 * during PIO in is indeterminate, return 0 and don't move forward. */ 2441 if (!(s->status & DRQ_STAT) || !ide_is_pio_out(s)) { 2442 return 0; 2443 } 2444 2445 p = s->data_ptr; 2446 if (s->io8) { 2447 if (p + 1 > s->data_end) { 2448 return 0; 2449 } 2450 2451 ret = *p++; 2452 } else { 2453 if (p + 2 > s->data_end) { 2454 return 0; 2455 } 2456 2457 ret = cpu_to_le16(*(uint16_t *)p); 2458 p += 2; 2459 } 2460 s->data_ptr = p; 2461 if (p >= s->data_end) { 2462 s->status &= ~DRQ_STAT; 2463 s->end_transfer_func(s); 2464 } 2465 2466 trace_ide_data_readw(addr, ret, bus, s); 2467 return ret; 2468 } 2469 2470 void ide_data_writel(void *opaque, uint32_t addr, uint32_t val) 2471 { 2472 IDEBus *bus = opaque; 2473 IDEState *s = ide_bus_active_if(bus); 2474 uint8_t *p; 2475 2476 trace_ide_data_writel(addr, val, bus, s); 2477 2478 /* PIO data access allowed only when DRQ bit is set. The result of a write 2479 * during PIO out is indeterminate, just ignore it. */ 2480 if (!(s->status & DRQ_STAT) || ide_is_pio_out(s)) { 2481 return; 2482 } 2483 2484 p = s->data_ptr; 2485 if (p + 4 > s->data_end) { 2486 return; 2487 } 2488 2489 *(uint32_t *)p = le32_to_cpu(val); 2490 p += 4; 2491 s->data_ptr = p; 2492 if (p >= s->data_end) { 2493 s->status &= ~DRQ_STAT; 2494 s->end_transfer_func(s); 2495 } 2496 } 2497 2498 uint32_t ide_data_readl(void *opaque, uint32_t addr) 2499 { 2500 IDEBus *bus = opaque; 2501 IDEState *s = ide_bus_active_if(bus); 2502 uint8_t *p; 2503 int ret; 2504 2505 /* PIO data access allowed only when DRQ bit is set. The result of a read 2506 * during PIO in is indeterminate, return 0 and don't move forward. */ 2507 if (!(s->status & DRQ_STAT) || !ide_is_pio_out(s)) { 2508 ret = 0; 2509 goto out; 2510 } 2511 2512 p = s->data_ptr; 2513 if (p + 4 > s->data_end) { 2514 return 0; 2515 } 2516 2517 ret = cpu_to_le32(*(uint32_t *)p); 2518 p += 4; 2519 s->data_ptr = p; 2520 if (p >= s->data_end) { 2521 s->status &= ~DRQ_STAT; 2522 s->end_transfer_func(s); 2523 } 2524 2525 out: 2526 trace_ide_data_readl(addr, ret, bus, s); 2527 return ret; 2528 } 2529 2530 static void ide_dummy_transfer_stop(IDEState *s) 2531 { 2532 s->data_ptr = s->io_buffer; 2533 s->data_end = s->io_buffer; 2534 s->io_buffer[0] = 0xff; 2535 s->io_buffer[1] = 0xff; 2536 s->io_buffer[2] = 0xff; 2537 s->io_buffer[3] = 0xff; 2538 } 2539 2540 void ide_bus_reset(IDEBus *bus) 2541 { 2542 /* pending async DMA - needs the IDEState before it is reset */ 2543 if (bus->dma->aiocb) { 2544 trace_ide_bus_reset_aio(); 2545 blk_aio_cancel(bus->dma->aiocb); 2546 bus->dma->aiocb = NULL; 2547 } 2548 2549 bus->unit = 0; 2550 bus->cmd = 0; 2551 ide_reset(&bus->ifs[0]); 2552 ide_reset(&bus->ifs[1]); 2553 ide_clear_hob(bus); 2554 2555 /* reset dma provider too */ 2556 if (bus->dma->ops->reset) { 2557 bus->dma->ops->reset(bus->dma); 2558 } 2559 } 2560 2561 static bool ide_cd_is_tray_open(void *opaque) 2562 { 2563 return ((IDEState *)opaque)->tray_open; 2564 } 2565 2566 static bool ide_cd_is_medium_locked(void *opaque) 2567 { 2568 return ((IDEState *)opaque)->tray_locked; 2569 } 2570 2571 static void ide_resize_cb(void *opaque) 2572 { 2573 IDEState *s = opaque; 2574 uint64_t nb_sectors; 2575 2576 if (!s->identify_set) { 2577 return; 2578 } 2579 2580 blk_get_geometry(s->blk, &nb_sectors); 2581 s->nb_sectors = nb_sectors; 2582 2583 /* Update the identify data buffer. */ 2584 if (s->drive_kind == IDE_CFATA) { 2585 ide_cfata_identify_size(s); 2586 } else { 2587 /* IDE_CD uses a different set of callbacks entirely. */ 2588 assert(s->drive_kind != IDE_CD); 2589 ide_identify_size(s); 2590 } 2591 } 2592 2593 static const BlockDevOps ide_cd_block_ops = { 2594 .change_media_cb = ide_cd_change_cb, 2595 .eject_request_cb = ide_cd_eject_request_cb, 2596 .is_tray_open = ide_cd_is_tray_open, 2597 .is_medium_locked = ide_cd_is_medium_locked, 2598 }; 2599 2600 static const BlockDevOps ide_hd_block_ops = { 2601 .resize_cb = ide_resize_cb, 2602 }; 2603 2604 int ide_init_drive(IDEState *s, IDEDevice *dev, IDEDriveKind kind, Error **errp) 2605 { 2606 uint64_t nb_sectors; 2607 2608 s->blk = dev->conf.blk; 2609 s->drive_kind = kind; 2610 2611 blk_get_geometry(s->blk, &nb_sectors); 2612 s->win2k_install_hack = dev->win2k_install_hack; 2613 s->cylinders = dev->conf.cyls; 2614 s->heads = s->drive_heads = dev->conf.heads; 2615 s->sectors = s->drive_sectors = dev->conf.secs; 2616 s->chs_trans = dev->chs_trans; 2617 s->nb_sectors = nb_sectors; 2618 s->wwn = dev->wwn; 2619 /* The SMART values should be preserved across power cycles 2620 but they aren't. */ 2621 s->smart_enabled = 1; 2622 s->smart_autosave = 1; 2623 s->smart_errors = 0; 2624 s->smart_selftest_count = 0; 2625 if (kind == IDE_CD) { 2626 blk_set_dev_ops(s->blk, &ide_cd_block_ops, s); 2627 } else { 2628 if (!blk_is_inserted(s->blk)) { 2629 error_setg(errp, "Device needs media, but drive is empty"); 2630 return -1; 2631 } 2632 if (!blk_is_writable(s->blk)) { 2633 error_setg(errp, "Can't use a read-only drive"); 2634 return -1; 2635 } 2636 blk_set_dev_ops(s->blk, &ide_hd_block_ops, s); 2637 } 2638 if (dev->serial) { 2639 pstrcpy(s->drive_serial_str, sizeof(s->drive_serial_str), dev->serial); 2640 } else { 2641 snprintf(s->drive_serial_str, sizeof(s->drive_serial_str), 2642 "QM%05d", s->drive_serial); 2643 } 2644 if (dev->model) { 2645 pstrcpy(s->drive_model_str, sizeof(s->drive_model_str), dev->model); 2646 } else { 2647 switch (kind) { 2648 case IDE_CD: 2649 strcpy(s->drive_model_str, "QEMU DVD-ROM"); 2650 break; 2651 case IDE_CFATA: 2652 strcpy(s->drive_model_str, "QEMU MICRODRIVE"); 2653 break; 2654 default: 2655 strcpy(s->drive_model_str, "QEMU HARDDISK"); 2656 break; 2657 } 2658 } 2659 2660 if (dev->version) { 2661 pstrcpy(s->version, sizeof(s->version), dev->version); 2662 } else { 2663 pstrcpy(s->version, sizeof(s->version), qemu_hw_version()); 2664 } 2665 2666 ide_reset(s); 2667 blk_iostatus_enable(s->blk); 2668 return 0; 2669 } 2670 2671 static void ide_init1(IDEBus *bus, int unit) 2672 { 2673 static int drive_serial = 1; 2674 IDEState *s = &bus->ifs[unit]; 2675 2676 s->bus = bus; 2677 s->unit = unit; 2678 s->drive_serial = drive_serial++; 2679 /* we need at least 2k alignment for accessing CDROMs using O_DIRECT */ 2680 s->io_buffer_total_len = IDE_DMA_BUF_SECTORS*512 + 4; 2681 s->io_buffer = qemu_memalign(2048, s->io_buffer_total_len); 2682 memset(s->io_buffer, 0, s->io_buffer_total_len); 2683 2684 s->smart_selftest_data = blk_blockalign(s->blk, 512); 2685 memset(s->smart_selftest_data, 0, 512); 2686 2687 s->sector_write_timer = timer_new_ns(QEMU_CLOCK_VIRTUAL, 2688 ide_sector_write_timer_cb, s); 2689 } 2690 2691 static int ide_nop_int(const IDEDMA *dma, bool is_write) 2692 { 2693 return 0; 2694 } 2695 2696 static void ide_nop(const IDEDMA *dma) 2697 { 2698 } 2699 2700 static int32_t ide_nop_int32(const IDEDMA *dma, int32_t l) 2701 { 2702 return 0; 2703 } 2704 2705 static const IDEDMAOps ide_dma_nop_ops = { 2706 .prepare_buf = ide_nop_int32, 2707 .restart_dma = ide_nop, 2708 .rw_buf = ide_nop_int, 2709 }; 2710 2711 static void ide_restart_dma(IDEState *s, enum ide_dma_cmd dma_cmd) 2712 { 2713 s->unit = s->bus->retry_unit; 2714 ide_set_sector(s, s->bus->retry_sector_num); 2715 s->nsector = s->bus->retry_nsector; 2716 s->bus->dma->ops->restart_dma(s->bus->dma); 2717 s->io_buffer_size = 0; 2718 s->dma_cmd = dma_cmd; 2719 ide_start_dma(s, ide_dma_cb); 2720 } 2721 2722 static void ide_restart_bh(void *opaque) 2723 { 2724 IDEBus *bus = opaque; 2725 IDEState *s; 2726 bool is_read; 2727 int error_status; 2728 2729 qemu_bh_delete(bus->bh); 2730 bus->bh = NULL; 2731 2732 error_status = bus->error_status; 2733 if (bus->error_status == 0) { 2734 return; 2735 } 2736 2737 s = ide_bus_active_if(bus); 2738 is_read = (bus->error_status & IDE_RETRY_READ) != 0; 2739 2740 /* The error status must be cleared before resubmitting the request: The 2741 * request may fail again, and this case can only be distinguished if the 2742 * called function can set a new error status. */ 2743 bus->error_status = 0; 2744 2745 /* The HBA has generically asked to be kicked on retry */ 2746 if (error_status & IDE_RETRY_HBA) { 2747 if (s->bus->dma->ops->restart) { 2748 s->bus->dma->ops->restart(s->bus->dma); 2749 } 2750 } else if (IS_IDE_RETRY_DMA(error_status)) { 2751 if (error_status & IDE_RETRY_TRIM) { 2752 ide_restart_dma(s, IDE_DMA_TRIM); 2753 } else { 2754 ide_restart_dma(s, is_read ? IDE_DMA_READ : IDE_DMA_WRITE); 2755 } 2756 } else if (IS_IDE_RETRY_PIO(error_status)) { 2757 if (is_read) { 2758 ide_sector_read(s); 2759 } else { 2760 ide_sector_write(s); 2761 } 2762 } else if (error_status & IDE_RETRY_FLUSH) { 2763 ide_flush_cache(s); 2764 } else if (IS_IDE_RETRY_ATAPI(error_status)) { 2765 assert(s->end_transfer_func == ide_atapi_cmd); 2766 ide_atapi_dma_restart(s); 2767 } else { 2768 abort(); 2769 } 2770 } 2771 2772 static void ide_restart_cb(void *opaque, bool running, RunState state) 2773 { 2774 IDEBus *bus = opaque; 2775 2776 if (!running) 2777 return; 2778 2779 if (!bus->bh) { 2780 bus->bh = qemu_bh_new(ide_restart_bh, bus); 2781 qemu_bh_schedule(bus->bh); 2782 } 2783 } 2784 2785 void ide_bus_register_restart_cb(IDEBus *bus) 2786 { 2787 if (bus->dma->ops->restart_dma) { 2788 bus->vmstate = qemu_add_vm_change_state_handler(ide_restart_cb, bus); 2789 } 2790 } 2791 2792 static IDEDMA ide_dma_nop = { 2793 .ops = &ide_dma_nop_ops, 2794 .aiocb = NULL, 2795 }; 2796 2797 void ide_bus_init_output_irq(IDEBus *bus, qemu_irq irq_out) 2798 { 2799 int i; 2800 2801 for(i = 0; i < 2; i++) { 2802 ide_init1(bus, i); 2803 ide_reset(&bus->ifs[i]); 2804 } 2805 bus->irq = irq_out; 2806 bus->dma = &ide_dma_nop; 2807 } 2808 2809 void ide_bus_set_irq(IDEBus *bus) 2810 { 2811 if (!(bus->cmd & IDE_CTRL_DISABLE_IRQ)) { 2812 qemu_irq_raise(bus->irq); 2813 } 2814 } 2815 2816 void ide_exit(IDEState *s) 2817 { 2818 timer_free(s->sector_write_timer); 2819 qemu_vfree(s->smart_selftest_data); 2820 qemu_vfree(s->io_buffer); 2821 } 2822 2823 static bool is_identify_set(void *opaque, int version_id) 2824 { 2825 IDEState *s = opaque; 2826 2827 return s->identify_set != 0; 2828 } 2829 2830 static EndTransferFunc* transfer_end_table[] = { 2831 ide_sector_read, 2832 ide_sector_write, 2833 ide_transfer_stop, 2834 ide_atapi_cmd_reply_end, 2835 ide_atapi_cmd, 2836 ide_dummy_transfer_stop, 2837 }; 2838 2839 static int transfer_end_table_idx(EndTransferFunc *fn) 2840 { 2841 int i; 2842 2843 for (i = 0; i < ARRAY_SIZE(transfer_end_table); i++) 2844 if (transfer_end_table[i] == fn) 2845 return i; 2846 2847 return -1; 2848 } 2849 2850 static int ide_drive_post_load(void *opaque, int version_id) 2851 { 2852 IDEState *s = opaque; 2853 2854 if (s->blk && s->identify_set) { 2855 blk_set_enable_write_cache(s->blk, !!(s->identify_data[85] & (1 << 5))); 2856 } 2857 return 0; 2858 } 2859 2860 static int ide_drive_pio_post_load(void *opaque, int version_id) 2861 { 2862 IDEState *s = opaque; 2863 2864 if (s->end_transfer_fn_idx >= ARRAY_SIZE(transfer_end_table)) { 2865 return -EINVAL; 2866 } 2867 s->end_transfer_func = transfer_end_table[s->end_transfer_fn_idx]; 2868 s->data_ptr = s->io_buffer + s->cur_io_buffer_offset; 2869 s->data_end = s->data_ptr + s->cur_io_buffer_len; 2870 s->atapi_dma = s->feature & 1; /* as per cmd_packet */ 2871 2872 return 0; 2873 } 2874 2875 static int ide_drive_pio_pre_save(void *opaque) 2876 { 2877 IDEState *s = opaque; 2878 int idx; 2879 2880 s->cur_io_buffer_offset = s->data_ptr - s->io_buffer; 2881 s->cur_io_buffer_len = s->data_end - s->data_ptr; 2882 2883 idx = transfer_end_table_idx(s->end_transfer_func); 2884 if (idx == -1) { 2885 fprintf(stderr, "%s: invalid end_transfer_func for DRQ_STAT\n", 2886 __func__); 2887 s->end_transfer_fn_idx = 2; 2888 } else { 2889 s->end_transfer_fn_idx = idx; 2890 } 2891 2892 return 0; 2893 } 2894 2895 static bool ide_drive_pio_state_needed(void *opaque) 2896 { 2897 IDEState *s = opaque; 2898 2899 return ((s->status & DRQ_STAT) != 0) 2900 || (s->bus->error_status & IDE_RETRY_PIO); 2901 } 2902 2903 static bool ide_tray_state_needed(void *opaque) 2904 { 2905 IDEState *s = opaque; 2906 2907 return s->tray_open || s->tray_locked; 2908 } 2909 2910 static bool ide_atapi_gesn_needed(void *opaque) 2911 { 2912 IDEState *s = opaque; 2913 2914 return s->events.new_media || s->events.eject_request; 2915 } 2916 2917 static bool ide_error_needed(void *opaque) 2918 { 2919 IDEBus *bus = opaque; 2920 2921 return (bus->error_status != 0); 2922 } 2923 2924 /* Fields for GET_EVENT_STATUS_NOTIFICATION ATAPI command */ 2925 static const VMStateDescription vmstate_ide_atapi_gesn_state = { 2926 .name ="ide_drive/atapi/gesn_state", 2927 .version_id = 1, 2928 .minimum_version_id = 1, 2929 .needed = ide_atapi_gesn_needed, 2930 .fields = (const VMStateField[]) { 2931 VMSTATE_BOOL(events.new_media, IDEState), 2932 VMSTATE_BOOL(events.eject_request, IDEState), 2933 VMSTATE_END_OF_LIST() 2934 } 2935 }; 2936 2937 static const VMStateDescription vmstate_ide_tray_state = { 2938 .name = "ide_drive/tray_state", 2939 .version_id = 1, 2940 .minimum_version_id = 1, 2941 .needed = ide_tray_state_needed, 2942 .fields = (const VMStateField[]) { 2943 VMSTATE_BOOL(tray_open, IDEState), 2944 VMSTATE_BOOL(tray_locked, IDEState), 2945 VMSTATE_END_OF_LIST() 2946 } 2947 }; 2948 2949 static const VMStateDescription vmstate_ide_drive_pio_state = { 2950 .name = "ide_drive/pio_state", 2951 .version_id = 1, 2952 .minimum_version_id = 1, 2953 .pre_save = ide_drive_pio_pre_save, 2954 .post_load = ide_drive_pio_post_load, 2955 .needed = ide_drive_pio_state_needed, 2956 .fields = (const VMStateField[]) { 2957 VMSTATE_INT32(req_nb_sectors, IDEState), 2958 VMSTATE_VARRAY_INT32(io_buffer, IDEState, io_buffer_total_len, 1, 2959 vmstate_info_uint8, uint8_t), 2960 VMSTATE_INT32(cur_io_buffer_offset, IDEState), 2961 VMSTATE_INT32(cur_io_buffer_len, IDEState), 2962 VMSTATE_UINT8(end_transfer_fn_idx, IDEState), 2963 VMSTATE_INT32(elementary_transfer_size, IDEState), 2964 VMSTATE_INT32(packet_transfer_size, IDEState), 2965 VMSTATE_END_OF_LIST() 2966 } 2967 }; 2968 2969 const VMStateDescription vmstate_ide_drive = { 2970 .name = "ide_drive", 2971 .version_id = 3, 2972 .minimum_version_id = 0, 2973 .post_load = ide_drive_post_load, 2974 .fields = (const VMStateField[]) { 2975 VMSTATE_INT32(mult_sectors, IDEState), 2976 VMSTATE_INT32(identify_set, IDEState), 2977 VMSTATE_BUFFER_TEST(identify_data, IDEState, is_identify_set), 2978 VMSTATE_UINT8(feature, IDEState), 2979 VMSTATE_UINT8(error, IDEState), 2980 VMSTATE_UINT32(nsector, IDEState), 2981 VMSTATE_UINT8(sector, IDEState), 2982 VMSTATE_UINT8(lcyl, IDEState), 2983 VMSTATE_UINT8(hcyl, IDEState), 2984 VMSTATE_UINT8(hob_feature, IDEState), 2985 VMSTATE_UINT8(hob_sector, IDEState), 2986 VMSTATE_UINT8(hob_nsector, IDEState), 2987 VMSTATE_UINT8(hob_lcyl, IDEState), 2988 VMSTATE_UINT8(hob_hcyl, IDEState), 2989 VMSTATE_UINT8(select, IDEState), 2990 VMSTATE_UINT8(status, IDEState), 2991 VMSTATE_UINT8(lba48, IDEState), 2992 VMSTATE_UINT8(sense_key, IDEState), 2993 VMSTATE_UINT8(asc, IDEState), 2994 VMSTATE_UINT8_V(cdrom_changed, IDEState, 3), 2995 VMSTATE_END_OF_LIST() 2996 }, 2997 .subsections = (const VMStateDescription * const []) { 2998 &vmstate_ide_drive_pio_state, 2999 &vmstate_ide_tray_state, 3000 &vmstate_ide_atapi_gesn_state, 3001 NULL 3002 } 3003 }; 3004 3005 static const VMStateDescription vmstate_ide_error_status = { 3006 .name ="ide_bus/error", 3007 .version_id = 2, 3008 .minimum_version_id = 1, 3009 .needed = ide_error_needed, 3010 .fields = (const VMStateField[]) { 3011 VMSTATE_INT32(error_status, IDEBus), 3012 VMSTATE_INT64_V(retry_sector_num, IDEBus, 2), 3013 VMSTATE_UINT32_V(retry_nsector, IDEBus, 2), 3014 VMSTATE_UINT8_V(retry_unit, IDEBus, 2), 3015 VMSTATE_END_OF_LIST() 3016 } 3017 }; 3018 3019 const VMStateDescription vmstate_ide_bus = { 3020 .name = "ide_bus", 3021 .version_id = 1, 3022 .minimum_version_id = 1, 3023 .fields = (const VMStateField[]) { 3024 VMSTATE_UINT8(cmd, IDEBus), 3025 VMSTATE_UINT8(unit, IDEBus), 3026 VMSTATE_END_OF_LIST() 3027 }, 3028 .subsections = (const VMStateDescription * const []) { 3029 &vmstate_ide_error_status, 3030 NULL 3031 } 3032 }; 3033 3034 void ide_drive_get(DriveInfo **hd, int n) 3035 { 3036 int i; 3037 3038 for (i = 0; i < n; i++) { 3039 hd[i] = drive_get_by_index(IF_IDE, i); 3040 } 3041 } 3042