1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26#include "qemu/osdep.h"
27#include "hw/ide/internal.h"
28#include "hw/scsi/scsi.h"
29#include "sysemu/block-backend.h"
30#include "trace.h"
31
32#define ATAPI_SECTOR_BITS (2 + BDRV_SECTOR_BITS)
33#define ATAPI_SECTOR_SIZE (1 << ATAPI_SECTOR_BITS)
34
35static void ide_atapi_cmd_read_dma_cb(void *opaque, int ret);
36
37static void padstr8(uint8_t *buf, int buf_size, const char *src)
38{
39 int i;
40 for(i = 0; i < buf_size; i++) {
41 if (*src)
42 buf[i] = *src++;
43 else
44 buf[i] = ' ';
45 }
46}
47
48static void lba_to_msf(uint8_t *buf, int lba)
49{
50 lba += 150;
51 buf[0] = (lba / 75) / 60;
52 buf[1] = (lba / 75) % 60;
53 buf[2] = lba % 75;
54}
55
56static inline int media_present(IDEState *s)
57{
58 return !s->tray_open && s->nb_sectors > 0;
59}
60
61
62static inline int media_is_dvd(IDEState *s)
63{
64 return (media_present(s) && s->nb_sectors > CD_MAX_SECTORS);
65}
66
67static inline int media_is_cd(IDEState *s)
68{
69 return (media_present(s) && s->nb_sectors <= CD_MAX_SECTORS);
70}
71
72static void cd_data_to_raw(uint8_t *buf, int lba)
73{
74
75 buf[0] = 0x00;
76 memset(buf + 1, 0xff, 10);
77 buf[11] = 0x00;
78 buf += 12;
79
80 lba_to_msf(buf, lba);
81 buf[3] = 0x01;
82 buf += 4;
83
84 buf += 2048;
85
86 memset(buf, 0, 288);
87}
88
89static int
90cd_read_sector_sync(IDEState *s)
91{
92 int ret;
93 block_acct_start(blk_get_stats(s->blk), &s->acct,
94 ATAPI_SECTOR_SIZE, BLOCK_ACCT_READ);
95
96 trace_cd_read_sector_sync(s->lba);
97
98 switch (s->cd_sector_size) {
99 case 2048:
100 ret = blk_pread(s->blk, (int64_t)s->lba << ATAPI_SECTOR_BITS,
101 s->io_buffer, ATAPI_SECTOR_SIZE);
102 break;
103 case 2352:
104 ret = blk_pread(s->blk, (int64_t)s->lba << ATAPI_SECTOR_BITS,
105 s->io_buffer + 16, ATAPI_SECTOR_SIZE);
106 if (ret >= 0) {
107 cd_data_to_raw(s->io_buffer, s->lba);
108 }
109 break;
110 default:
111 block_acct_invalid(blk_get_stats(s->blk), BLOCK_ACCT_READ);
112 return -EIO;
113 }
114
115 if (ret < 0) {
116 block_acct_failed(blk_get_stats(s->blk), &s->acct);
117 } else {
118 block_acct_done(blk_get_stats(s->blk), &s->acct);
119 s->lba++;
120 s->io_buffer_index = 0;
121 }
122
123 return ret;
124}
125
126static void cd_read_sector_cb(void *opaque, int ret)
127{
128 IDEState *s = opaque;
129
130 trace_cd_read_sector_cb(s->lba, ret);
131
132 if (ret < 0) {
133 block_acct_failed(blk_get_stats(s->blk), &s->acct);
134 ide_atapi_io_error(s, ret);
135 return;
136 }
137
138 block_acct_done(blk_get_stats(s->blk), &s->acct);
139
140 if (s->cd_sector_size == 2352) {
141 cd_data_to_raw(s->io_buffer, s->lba);
142 }
143
144 s->lba++;
145 s->io_buffer_index = 0;
146 s->status &= ~BUSY_STAT;
147
148 ide_atapi_cmd_reply_end(s);
149}
150
151static int cd_read_sector(IDEState *s)
152{
153 void *buf;
154
155 if (s->cd_sector_size != 2048 && s->cd_sector_size != 2352) {
156 block_acct_invalid(blk_get_stats(s->blk), BLOCK_ACCT_READ);
157 return -EINVAL;
158 }
159
160 buf = (s->cd_sector_size == 2352) ? s->io_buffer + 16 : s->io_buffer;
161 qemu_iovec_init_buf(&s->qiov, buf, ATAPI_SECTOR_SIZE);
162
163 trace_cd_read_sector(s->lba);
164
165 block_acct_start(blk_get_stats(s->blk), &s->acct,
166 ATAPI_SECTOR_SIZE, BLOCK_ACCT_READ);
167
168 ide_buffered_readv(s, (int64_t)s->lba << 2, &s->qiov, 4,
169 cd_read_sector_cb, s);
170
171 s->status |= BUSY_STAT;
172 return 0;
173}
174
175void ide_atapi_cmd_ok(IDEState *s)
176{
177 s->error = 0;
178 s->status = READY_STAT | SEEK_STAT;
179 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
180 ide_transfer_stop(s);
181 ide_set_irq(s->bus);
182}
183
184void ide_atapi_cmd_error(IDEState *s, int sense_key, int asc)
185{
186 trace_ide_atapi_cmd_error(s, sense_key, asc);
187 s->error = sense_key << 4;
188 s->status = READY_STAT | ERR_STAT;
189 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
190 s->sense_key = sense_key;
191 s->asc = asc;
192 ide_transfer_stop(s);
193 ide_set_irq(s->bus);
194}
195
196void ide_atapi_io_error(IDEState *s, int ret)
197{
198
199 if (ret == -ENOMEDIUM) {
200 ide_atapi_cmd_error(s, NOT_READY,
201 ASC_MEDIUM_NOT_PRESENT);
202 } else {
203 ide_atapi_cmd_error(s, ILLEGAL_REQUEST,
204 ASC_LOGICAL_BLOCK_OOR);
205 }
206}
207
208static uint16_t atapi_byte_count_limit(IDEState *s)
209{
210 uint16_t bcl;
211
212 bcl = s->lcyl | (s->hcyl << 8);
213 if (bcl == 0xffff) {
214 return 0xfffe;
215 }
216 return bcl;
217}
218
219
220void ide_atapi_cmd_reply_end(IDEState *s)
221{
222 int byte_count_limit, size, ret;
223 while (s->packet_transfer_size > 0) {
224 trace_ide_atapi_cmd_reply_end(s, s->packet_transfer_size,
225 s->elementary_transfer_size,
226 s->io_buffer_index);
227
228
229 if (s->lba != -1 && s->io_buffer_index >= s->cd_sector_size) {
230 if (!s->elementary_transfer_size) {
231 ret = cd_read_sector(s);
232 if (ret < 0) {
233 ide_atapi_io_error(s, ret);
234 }
235 return;
236 } else {
237
238
239
240 ret = cd_read_sector_sync(s);
241 if (ret < 0) {
242 ide_atapi_io_error(s, ret);
243 return;
244 }
245 }
246 }
247 if (s->elementary_transfer_size > 0) {
248
249
250 size = s->cd_sector_size - s->io_buffer_index;
251 if (size > s->elementary_transfer_size)
252 size = s->elementary_transfer_size;
253 } else {
254
255 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO;
256 ide_set_irq(s->bus);
257 byte_count_limit = atapi_byte_count_limit(s);
258 trace_ide_atapi_cmd_reply_end_bcl(s, byte_count_limit);
259 size = s->packet_transfer_size;
260 if (size > byte_count_limit) {
261
262 if (byte_count_limit & 1)
263 byte_count_limit--;
264 size = byte_count_limit;
265 }
266 s->lcyl = size;
267 s->hcyl = size >> 8;
268 s->elementary_transfer_size = size;
269
270 if (s->lba != -1) {
271 if (size > (s->cd_sector_size - s->io_buffer_index))
272 size = (s->cd_sector_size - s->io_buffer_index);
273 }
274 trace_ide_atapi_cmd_reply_end_new(s, s->status);
275 }
276 s->packet_transfer_size -= size;
277 s->elementary_transfer_size -= size;
278 s->io_buffer_index += size;
279
280
281
282
283
284 if (!ide_transfer_start_norecurse(s,
285 s->io_buffer + s->io_buffer_index - size,
286 size, ide_atapi_cmd_reply_end)) {
287 return;
288 }
289 }
290
291
292 trace_ide_atapi_cmd_reply_end_eot(s, s->status);
293 ide_atapi_cmd_ok(s);
294 ide_set_irq(s->bus);
295}
296
297
298static void ide_atapi_cmd_reply(IDEState *s, int size, int max_size)
299{
300 if (size > max_size)
301 size = max_size;
302 s->lba = -1;
303 s->packet_transfer_size = size;
304 s->io_buffer_size = size;
305 s->elementary_transfer_size = 0;
306
307 if (s->atapi_dma) {
308 block_acct_start(blk_get_stats(s->blk), &s->acct, size,
309 BLOCK_ACCT_READ);
310 s->status = READY_STAT | SEEK_STAT | DRQ_STAT;
311 ide_start_dma(s, ide_atapi_cmd_read_dma_cb);
312 } else {
313 s->status = READY_STAT | SEEK_STAT;
314 s->io_buffer_index = 0;
315 ide_atapi_cmd_reply_end(s);
316 }
317}
318
319
320static void ide_atapi_cmd_read_pio(IDEState *s, int lba, int nb_sectors,
321 int sector_size)
322{
323 s->lba = lba;
324 s->packet_transfer_size = nb_sectors * sector_size;
325 s->elementary_transfer_size = 0;
326 s->io_buffer_index = sector_size;
327 s->cd_sector_size = sector_size;
328
329 ide_atapi_cmd_reply_end(s);
330}
331
332static void ide_atapi_cmd_check_status(IDEState *s)
333{
334 trace_ide_atapi_cmd_check_status(s);
335 s->error = MC_ERR | (UNIT_ATTENTION << 4);
336 s->status = ERR_STAT;
337 s->nsector = 0;
338 ide_set_irq(s->bus);
339}
340
341
342static void ide_atapi_cmd_read_dma_cb(void *opaque, int ret)
343{
344 IDEState *s = opaque;
345 int data_offset, n;
346
347 if (ret < 0) {
348 if (ide_handle_rw_error(s, -ret, ide_dma_cmd_to_retry(s->dma_cmd))) {
349 if (s->bus->error_status) {
350 s->bus->dma->aiocb = NULL;
351 return;
352 }
353 goto eot;
354 }
355 }
356
357 if (s->io_buffer_size > 0) {
358
359
360
361
362
363
364
365 if (s->lba != -1) {
366 if (s->cd_sector_size == 2352) {
367 n = 1;
368 cd_data_to_raw(s->io_buffer, s->lba);
369 } else {
370 n = s->io_buffer_size >> 11;
371 }
372 s->lba += n;
373 }
374 s->packet_transfer_size -= s->io_buffer_size;
375 if (s->bus->dma->ops->rw_buf(s->bus->dma, 1) == 0)
376 goto eot;
377 }
378
379 if (s->packet_transfer_size <= 0) {
380 s->status = READY_STAT | SEEK_STAT;
381 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
382 ide_set_irq(s->bus);
383 goto eot;
384 }
385
386 s->io_buffer_index = 0;
387 if (s->cd_sector_size == 2352) {
388 n = 1;
389 s->io_buffer_size = s->cd_sector_size;
390 data_offset = 16;
391 } else {
392 n = s->packet_transfer_size >> 11;
393 if (n > (IDE_DMA_BUF_SECTORS / 4))
394 n = (IDE_DMA_BUF_SECTORS / 4);
395 s->io_buffer_size = n * 2048;
396 data_offset = 0;
397 }
398 trace_ide_atapi_cmd_read_dma_cb_aio(s, s->lba, n);
399 qemu_iovec_init_buf(&s->bus->dma->qiov, s->io_buffer + data_offset,
400 n * ATAPI_SECTOR_SIZE);
401
402 s->bus->dma->aiocb = ide_buffered_readv(s, (int64_t)s->lba << 2,
403 &s->bus->dma->qiov, n * 4,
404 ide_atapi_cmd_read_dma_cb, s);
405 return;
406
407eot:
408 if (ret < 0) {
409 block_acct_failed(blk_get_stats(s->blk), &s->acct);
410 } else {
411 block_acct_done(blk_get_stats(s->blk), &s->acct);
412 }
413 ide_set_inactive(s, false);
414}
415
416
417
418static void ide_atapi_cmd_read_dma(IDEState *s, int lba, int nb_sectors,
419 int sector_size)
420{
421 s->lba = lba;
422 s->packet_transfer_size = nb_sectors * sector_size;
423 s->io_buffer_size = 0;
424 s->cd_sector_size = sector_size;
425
426 block_acct_start(blk_get_stats(s->blk), &s->acct, s->packet_transfer_size,
427 BLOCK_ACCT_READ);
428
429
430 s->status = READY_STAT | SEEK_STAT | DRQ_STAT | BUSY_STAT;
431 ide_start_dma(s, ide_atapi_cmd_read_dma_cb);
432}
433
434static void ide_atapi_cmd_read(IDEState *s, int lba, int nb_sectors,
435 int sector_size)
436{
437 trace_ide_atapi_cmd_read(s, s->atapi_dma ? "dma" : "pio",
438 lba, nb_sectors);
439 if (s->atapi_dma) {
440 ide_atapi_cmd_read_dma(s, lba, nb_sectors, sector_size);
441 } else {
442 ide_atapi_cmd_read_pio(s, lba, nb_sectors, sector_size);
443 }
444}
445
446void ide_atapi_dma_restart(IDEState *s)
447{
448
449
450
451
452
453 s->unit = s->bus->retry_unit;
454 s->bus->dma->ops->restart_dma(s->bus->dma);
455 ide_atapi_cmd(s);
456}
457
458static inline uint8_t ide_atapi_set_profile(uint8_t *buf, uint8_t *index,
459 uint16_t profile)
460{
461 uint8_t *buf_profile = buf + 12;
462
463 buf_profile += ((*index) * 4);
464 stw_be_p(buf_profile, profile);
465 buf_profile[2] = ((buf_profile[0] == buf[6]) && (buf_profile[1] == buf[7]));
466
467
468 (*index)++;
469 buf[11] += 4;
470
471 return 4;
472}
473
474static int ide_dvd_read_structure(IDEState *s, int format,
475 const uint8_t *packet, uint8_t *buf)
476{
477 switch (format) {
478 case 0x0:
479 {
480 int layer = packet[6];
481 uint64_t total_sectors;
482
483 if (layer != 0)
484 return -ASC_INV_FIELD_IN_CMD_PACKET;
485
486 total_sectors = s->nb_sectors >> 2;
487 if (total_sectors == 0) {
488 return -ASC_MEDIUM_NOT_PRESENT;
489 }
490
491 buf[4] = 1;
492 buf[5] = 0xf;
493 buf[6] = 1;
494 buf[7] = 0;
495
496
497 stl_be_p(buf + 8, 0);
498 stl_be_p(buf + 12, total_sectors - 1);
499 stl_be_p(buf + 16, total_sectors - 1);
500
501
502 stw_be_p(buf, 2048 + 2);
503
504
505 return (2048 + 4);
506 }
507
508 case 0x01:
509 buf[4] = 0;
510 buf[5] = 0;
511
512
513 stw_be_p(buf, 4 + 2);
514
515
516 return (4 + 4);
517
518 case 0x03:
519 return -ASC_INV_FIELD_IN_CMD_PACKET;
520
521 case 0x04:
522
523 stw_be_p(buf, 2048 + 2);
524
525
526 return (2048 + 4);
527
528 case 0xff:
529
530
531
532
533
534 buf[4] = 0x00;
535 buf[5] = 0x40;
536 stw_be_p(buf + 6, 2048 + 4);
537
538 buf[8] = 0x01;
539 buf[9] = 0x40;
540 stw_be_p(buf + 10, 4 + 4);
541
542 buf[12] = 0x03;
543 buf[13] = 0x40;
544 stw_be_p(buf + 14, 188 + 4);
545
546 buf[16] = 0x04;
547 buf[17] = 0x40;
548 stw_be_p(buf + 18, 2048 + 4);
549
550
551 stw_be_p(buf, 16 + 2);
552
553
554 return (16 + 4);
555
556 default:
557 return -ASC_INV_FIELD_IN_CMD_PACKET;
558 }
559}
560
561static unsigned int event_status_media(IDEState *s,
562 uint8_t *buf)
563{
564 uint8_t event_code, media_status;
565
566 media_status = 0;
567 if (s->tray_open) {
568 media_status = MS_TRAY_OPEN;
569 } else if (blk_is_inserted(s->blk)) {
570 media_status = MS_MEDIA_PRESENT;
571 }
572
573
574 event_code = MEC_NO_CHANGE;
575 if (media_status != MS_TRAY_OPEN) {
576 if (s->events.new_media) {
577 event_code = MEC_NEW_MEDIA;
578 s->events.new_media = false;
579 } else if (s->events.eject_request) {
580 event_code = MEC_EJECT_REQUESTED;
581 s->events.eject_request = false;
582 }
583 }
584
585 buf[4] = event_code;
586 buf[5] = media_status;
587
588
589 buf[6] = 0;
590 buf[7] = 0;
591
592 return 8;
593}
594
595
596
597
598
599static bool validate_bcl(IDEState *s)
600{
601
602 if (s->atapi_dma || atapi_byte_count_limit(s)) {
603 return true;
604 }
605
606
607
608 ide_abort_command(s);
609 return false;
610}
611
612static void cmd_get_event_status_notification(IDEState *s,
613 uint8_t *buf)
614{
615 const uint8_t *packet = buf;
616
617 struct {
618 uint8_t opcode;
619 uint8_t polled;
620 uint8_t reserved2[2];
621 uint8_t class;
622 uint8_t reserved3[2];
623 uint16_t len;
624 uint8_t control;
625 } QEMU_PACKED *gesn_cdb;
626
627 struct {
628 uint16_t len;
629 uint8_t notification_class;
630 uint8_t supported_events;
631 } QEMU_PACKED *gesn_event_header;
632 unsigned int max_len, used_len;
633
634 gesn_cdb = (void *)packet;
635 gesn_event_header = (void *)buf;
636
637 max_len = be16_to_cpu(gesn_cdb->len);
638
639
640 if (!(gesn_cdb->polled & 0x01)) {
641
642 ide_atapi_cmd_error(s, ILLEGAL_REQUEST,
643 ASC_INV_FIELD_IN_CMD_PACKET);
644 return;
645 }
646
647
648
649
650
651
652
653
654
655
656
657 gesn_event_header->supported_events = 1 << GESN_MEDIA;
658
659
660
661
662
663
664 gesn_event_header->notification_class = 0;
665
666
667
668
669
670
671 if (gesn_cdb->class & (1 << GESN_MEDIA)) {
672 gesn_event_header->notification_class |= GESN_MEDIA;
673 used_len = event_status_media(s, buf);
674 } else {
675 gesn_event_header->notification_class = 0x80;
676 used_len = sizeof(*gesn_event_header);
677 }
678 gesn_event_header->len = cpu_to_be16(used_len
679 - sizeof(*gesn_event_header));
680 ide_atapi_cmd_reply(s, used_len, max_len);
681}
682
683static void cmd_request_sense(IDEState *s, uint8_t *buf)
684{
685 int max_len = buf[4];
686
687 memset(buf, 0, 18);
688 buf[0] = 0x70 | (1 << 7);
689 buf[2] = s->sense_key;
690 buf[7] = 10;
691 buf[12] = s->asc;
692
693 if (s->sense_key == UNIT_ATTENTION) {
694 s->sense_key = NO_SENSE;
695 }
696
697 ide_atapi_cmd_reply(s, 18, max_len);
698}
699
700static void cmd_inquiry(IDEState *s, uint8_t *buf)
701{
702 uint8_t page_code = buf[2];
703 int max_len = buf[4];
704
705 unsigned idx = 0;
706 unsigned size_idx;
707 unsigned preamble_len;
708
709
710
711 if (buf[1] & 0x01) {
712 preamble_len = 4;
713 size_idx = 3;
714
715 buf[idx++] = 0x05;
716 buf[idx++] = page_code;
717 buf[idx++] = 0x00;
718 idx++;
719
720 switch (page_code) {
721 case 0x00:
722
723 buf[idx++] = 0x00;
724 buf[idx++] = 0x83;
725 break;
726
727 case 0x83:
728
729
730
731
732
733 if (idx + 24 > max_len) {
734
735
736 ide_atapi_cmd_error(s, ILLEGAL_REQUEST,
737 ASC_DATA_PHASE_ERROR);
738 return;
739 }
740 buf[idx++] = 0x02;
741 buf[idx++] = 0x00;
742 buf[idx++] = 0x00;
743 buf[idx++] = 20;
744 padstr8(buf + idx, 20, s->drive_serial_str);
745 idx += 20;
746
747
748 if (idx + 72 > max_len) {
749
750 goto out;
751 }
752 buf[idx++] = 0x02;
753 buf[idx++] = 0x01;
754 buf[idx++] = 0x00;
755 buf[idx++] = 68;
756 padstr8(buf + idx, 8, "ATA");
757 idx += 8;
758 padstr8(buf + idx, 40, s->drive_model_str);
759 idx += 40;
760 padstr8(buf + idx, 20, s->drive_serial_str);
761 idx += 20;
762
763
764 if (s->wwn && (idx + 12 <= max_len)) {
765
766 buf[idx++] = 0x01;
767 buf[idx++] = 0x03;
768 buf[idx++] = 0x00;
769 buf[idx++] = 0x08;
770 stq_be_p(&buf[idx], s->wwn);
771 idx += 8;
772 }
773 break;
774
775 default:
776
777 ide_atapi_cmd_error(s, ILLEGAL_REQUEST,
778 ASC_INV_FIELD_IN_CMD_PACKET);
779 return;
780 }
781 } else {
782 preamble_len = 5;
783 size_idx = 4;
784
785 buf[0] = 0x05;
786 buf[1] = 0x80;
787 buf[2] = 0x00;
788 buf[3] = 0x21;
789
790 buf[5] = 0;
791 buf[6] = 0;
792 buf[7] = 0;
793 padstr8(buf + 8, 8, "QEMU");
794 padstr8(buf + 16, 16, "QEMU DVD-ROM");
795 padstr8(buf + 32, 4, s->version);
796 idx = 36;
797 }
798
799 out:
800 buf[size_idx] = idx - preamble_len;
801 ide_atapi_cmd_reply(s, idx, max_len);
802}
803
804static void cmd_get_configuration(IDEState *s, uint8_t *buf)
805{
806 uint32_t len;
807 uint8_t index = 0;
808 int max_len;
809
810
811 if (buf[2] != 0 || buf[3] != 0) {
812 ide_atapi_cmd_error(s, ILLEGAL_REQUEST,
813 ASC_INV_FIELD_IN_CMD_PACKET);
814 return;
815 }
816
817
818 max_len = lduw_be_p(buf + 7);
819
820
821
822
823
824
825
826
827 if (max_len > 512) {
828
829 max_len = 512;
830 }
831
832 memset(buf, 0, max_len);
833
834
835
836
837 if (media_is_dvd(s)) {
838 stw_be_p(buf + 6, MMC_PROFILE_DVD_ROM);
839 } else if (media_is_cd(s)) {
840 stw_be_p(buf + 6, MMC_PROFILE_CD_ROM);
841 }
842
843 buf[10] = 0x02 | 0x01;
844 len = 12;
845 len += ide_atapi_set_profile(buf, &index, MMC_PROFILE_DVD_ROM);
846 len += ide_atapi_set_profile(buf, &index, MMC_PROFILE_CD_ROM);
847 stl_be_p(buf, len - 4);
848
849 ide_atapi_cmd_reply(s, len, max_len);
850}
851
852static void cmd_mode_sense(IDEState *s, uint8_t *buf)
853{
854 int action, code;
855 int max_len;
856
857 max_len = lduw_be_p(buf + 7);
858 action = buf[2] >> 6;
859 code = buf[2] & 0x3f;
860
861 switch(action) {
862 case 0:
863 switch(code) {
864 case MODE_PAGE_R_W_ERROR:
865 stw_be_p(&buf[0], 16 - 2);
866 buf[2] = 0x70;
867 buf[3] = 0;
868 buf[4] = 0;
869 buf[5] = 0;
870 buf[6] = 0;
871 buf[7] = 0;
872
873 buf[8] = MODE_PAGE_R_W_ERROR;
874 buf[9] = 16 - 10;
875 buf[10] = 0x00;
876 buf[11] = 0x05;
877 buf[12] = 0x00;
878 buf[13] = 0x00;
879 buf[14] = 0x00;
880 buf[15] = 0x00;
881 ide_atapi_cmd_reply(s, 16, max_len);
882 break;
883 case MODE_PAGE_AUDIO_CTL:
884 stw_be_p(&buf[0], 24 - 2);
885 buf[2] = 0x70;
886 buf[3] = 0;
887 buf[4] = 0;
888 buf[5] = 0;
889 buf[6] = 0;
890 buf[7] = 0;
891
892 buf[8] = MODE_PAGE_AUDIO_CTL;
893 buf[9] = 24 - 10;
894
895 buf[17] = 0;
896 buf[19] = 0;
897 buf[21] = 0;
898 buf[23] = 0;
899
900 ide_atapi_cmd_reply(s, 24, max_len);
901 break;
902 case MODE_PAGE_CAPABILITIES:
903 stw_be_p(&buf[0], 30 - 2);
904 buf[2] = 0x70;
905 buf[3] = 0;
906 buf[4] = 0;
907 buf[5] = 0;
908 buf[6] = 0;
909 buf[7] = 0;
910
911 buf[8] = MODE_PAGE_CAPABILITIES;
912 buf[9] = 30 - 10;
913 buf[10] = 0x3b;
914 buf[11] = 0x00;
915
916
917
918 buf[12] = 0x71;
919 buf[13] = 3 << 5;
920 buf[14] = (1 << 0) | (1 << 3) | (1 << 5);
921 if (s->tray_locked) {
922 buf[14] |= 1 << 1;
923 }
924 buf[15] = 0x00;
925 stw_be_p(&buf[16], 704);
926 buf[18] = 0;
927 buf[19] = 2;
928 stw_be_p(&buf[20], 512);
929 stw_be_p(&buf[22], 704);
930 buf[24] = 0;
931 buf[25] = 0;
932 buf[26] = 0;
933 buf[27] = 0;
934 buf[28] = 0;
935 buf[29] = 0;
936 ide_atapi_cmd_reply(s, 30, max_len);
937 break;
938 default:
939 goto error_cmd;
940 }
941 break;
942 case 1:
943 goto error_cmd;
944 case 2:
945 goto error_cmd;
946 default:
947 case 3:
948 ide_atapi_cmd_error(s, ILLEGAL_REQUEST,
949 ASC_SAVING_PARAMETERS_NOT_SUPPORTED);
950 break;
951 }
952 return;
953
954error_cmd:
955 ide_atapi_cmd_error(s, ILLEGAL_REQUEST, ASC_INV_FIELD_IN_CMD_PACKET);
956}
957
958static void cmd_test_unit_ready(IDEState *s, uint8_t *buf)
959{
960
961
962 ide_atapi_cmd_ok(s);
963}
964
965static void cmd_prevent_allow_medium_removal(IDEState *s, uint8_t* buf)
966{
967 s->tray_locked = buf[4] & 1;
968 blk_lock_medium(s->blk, buf[4] & 1);
969 ide_atapi_cmd_ok(s);
970}
971
972static void cmd_read(IDEState *s, uint8_t* buf)
973{
974 int nb_sectors, lba;
975
976 if (buf[0] == GPCMD_READ_10) {
977 nb_sectors = lduw_be_p(buf + 7);
978 } else {
979 nb_sectors = ldl_be_p(buf + 6);
980 }
981
982 lba = ldl_be_p(buf + 2);
983 if (nb_sectors == 0) {
984 ide_atapi_cmd_ok(s);
985 return;
986 }
987
988 ide_atapi_cmd_read(s, lba, nb_sectors, 2048);
989}
990
991static void cmd_read_cd(IDEState *s, uint8_t* buf)
992{
993 int nb_sectors, lba, transfer_request;
994
995 nb_sectors = (buf[6] << 16) | (buf[7] << 8) | buf[8];
996 lba = ldl_be_p(buf + 2);
997
998 if (nb_sectors == 0) {
999 ide_atapi_cmd_ok(s);
1000 return;
1001 }
1002
1003 transfer_request = buf[9] & 0xf8;
1004 if (transfer_request == 0x00) {
1005
1006 ide_atapi_cmd_ok(s);
1007 return;
1008 }
1009
1010
1011 if (!validate_bcl(s)) {
1012 return;
1013 }
1014
1015 switch (transfer_request) {
1016 case 0x10:
1017
1018 ide_atapi_cmd_read(s, lba, nb_sectors, 2048);
1019 break;
1020 case 0xf8:
1021
1022 ide_atapi_cmd_read(s, lba, nb_sectors, 2352);
1023 break;
1024 default:
1025 ide_atapi_cmd_error(s, ILLEGAL_REQUEST,
1026 ASC_INV_FIELD_IN_CMD_PACKET);
1027 break;
1028 }
1029}
1030
1031static void cmd_seek(IDEState *s, uint8_t* buf)
1032{
1033 unsigned int lba;
1034 uint64_t total_sectors = s->nb_sectors >> 2;
1035
1036 lba = ldl_be_p(buf + 2);
1037 if (lba >= total_sectors) {
1038 ide_atapi_cmd_error(s, ILLEGAL_REQUEST, ASC_LOGICAL_BLOCK_OOR);
1039 return;
1040 }
1041
1042 ide_atapi_cmd_ok(s);
1043}
1044
1045static void cmd_start_stop_unit(IDEState *s, uint8_t* buf)
1046{
1047 int sense;
1048 bool start = buf[4] & 1;
1049 bool loej = buf[4] & 2;
1050 int pwrcnd = buf[4] & 0xf0;
1051
1052 if (pwrcnd) {
1053
1054 ide_atapi_cmd_ok(s);
1055 return;
1056 }
1057
1058 if (loej) {
1059 if (!start && !s->tray_open && s->tray_locked) {
1060 sense = blk_is_inserted(s->blk)
1061 ? NOT_READY : ILLEGAL_REQUEST;
1062 ide_atapi_cmd_error(s, sense, ASC_MEDIA_REMOVAL_PREVENTED);
1063 return;
1064 }
1065
1066 if (s->tray_open != !start) {
1067 blk_eject(s->blk, !start);
1068 s->tray_open = !start;
1069 }
1070 }
1071
1072 ide_atapi_cmd_ok(s);
1073}
1074
1075static void cmd_mechanism_status(IDEState *s, uint8_t* buf)
1076{
1077 int max_len = lduw_be_p(buf + 8);
1078
1079 stw_be_p(buf, 0);
1080
1081 buf[2] = 0;
1082 buf[3] = 0;
1083 buf[4] = 0;
1084 buf[5] = 1;
1085 stw_be_p(buf + 6, 0);
1086 ide_atapi_cmd_reply(s, 8, max_len);
1087}
1088
1089static void cmd_read_toc_pma_atip(IDEState *s, uint8_t* buf)
1090{
1091 int format, msf, start_track, len;
1092 int max_len;
1093 uint64_t total_sectors = s->nb_sectors >> 2;
1094
1095 max_len = lduw_be_p(buf + 7);
1096 format = buf[9] >> 6;
1097 msf = (buf[1] >> 1) & 1;
1098 start_track = buf[6];
1099
1100 switch(format) {
1101 case 0:
1102 len = cdrom_read_toc(total_sectors, buf, msf, start_track);
1103 if (len < 0)
1104 goto error_cmd;
1105 ide_atapi_cmd_reply(s, len, max_len);
1106 break;
1107 case 1:
1108
1109 memset(buf, 0, 12);
1110 buf[1] = 0x0a;
1111 buf[2] = 0x01;
1112 buf[3] = 0x01;
1113 ide_atapi_cmd_reply(s, 12, max_len);
1114 break;
1115 case 2:
1116 len = cdrom_read_toc_raw(total_sectors, buf, msf, start_track);
1117 if (len < 0)
1118 goto error_cmd;
1119 ide_atapi_cmd_reply(s, len, max_len);
1120 break;
1121 default:
1122 error_cmd:
1123 ide_atapi_cmd_error(s, ILLEGAL_REQUEST,
1124 ASC_INV_FIELD_IN_CMD_PACKET);
1125 }
1126}
1127
1128static void cmd_read_cdvd_capacity(IDEState *s, uint8_t* buf)
1129{
1130 uint64_t total_sectors = s->nb_sectors >> 2;
1131
1132
1133 stl_be_p(buf, total_sectors - 1);
1134 stl_be_p(buf + 4, 2048);
1135 ide_atapi_cmd_reply(s, 8, 8);
1136}
1137
1138static void cmd_read_disc_information(IDEState *s, uint8_t* buf)
1139{
1140 uint8_t type = buf[1] & 7;
1141 uint32_t max_len = lduw_be_p(buf + 7);
1142
1143
1144 if (type != 0) {
1145 ide_atapi_cmd_error(s, ILLEGAL_REQUEST,
1146 ASC_INV_FIELD_IN_CMD_PACKET);
1147 return;
1148 }
1149
1150 memset(buf, 0, 34);
1151 buf[1] = 32;
1152 buf[2] = 0xe;
1153 buf[3] = 1;
1154 buf[4] = 1;
1155 buf[5] = 1;
1156 buf[6] = 1;
1157 buf[7] = 0x20;
1158 buf[8] = 0x00;
1159
1160
1161
1162
1163
1164
1165 ide_atapi_cmd_reply(s, 34, max_len);
1166}
1167
1168static void cmd_read_dvd_structure(IDEState *s, uint8_t* buf)
1169{
1170 int max_len;
1171 int media = buf[1];
1172 int format = buf[7];
1173 int ret;
1174
1175 max_len = lduw_be_p(buf + 8);
1176
1177 if (format < 0xff) {
1178 if (media_is_cd(s)) {
1179 ide_atapi_cmd_error(s, ILLEGAL_REQUEST,
1180 ASC_INCOMPATIBLE_FORMAT);
1181 return;
1182 } else if (!media_present(s)) {
1183 ide_atapi_cmd_error(s, ILLEGAL_REQUEST,
1184 ASC_INV_FIELD_IN_CMD_PACKET);
1185 return;
1186 }
1187 }
1188
1189 memset(buf, 0, max_len > IDE_DMA_BUF_SECTORS * 512 + 4 ?
1190 IDE_DMA_BUF_SECTORS * 512 + 4 : max_len);
1191
1192 switch (format) {
1193 case 0x00 ... 0x7f:
1194 case 0xff:
1195 if (media == 0) {
1196 ret = ide_dvd_read_structure(s, format, buf, buf);
1197
1198 if (ret < 0) {
1199 ide_atapi_cmd_error(s, ILLEGAL_REQUEST, -ret);
1200 } else {
1201 ide_atapi_cmd_reply(s, ret, max_len);
1202 }
1203
1204 break;
1205 }
1206
1207
1208
1209 case 0x80:
1210 case 0x81:
1211 case 0x82:
1212 case 0x83:
1213 case 0x90:
1214 case 0xc0:
1215 default:
1216 ide_atapi_cmd_error(s, ILLEGAL_REQUEST,
1217 ASC_INV_FIELD_IN_CMD_PACKET);
1218 break;
1219 }
1220}
1221
1222static void cmd_set_speed(IDEState *s, uint8_t* buf)
1223{
1224 ide_atapi_cmd_ok(s);
1225}
1226
1227enum {
1228
1229
1230
1231
1232 ALLOW_UA = 0x01,
1233
1234
1235
1236
1237
1238
1239 CHECK_READY = 0x02,
1240
1241
1242
1243
1244
1245
1246
1247 NONDATA = 0x04,
1248
1249
1250
1251
1252
1253
1254
1255 CONDDATA = 0x08,
1256};
1257
1258static const struct AtapiCmd {
1259 void (*handler)(IDEState *s, uint8_t *buf);
1260 int flags;
1261} atapi_cmd_table[0x100] = {
1262 [ 0x00 ] = { cmd_test_unit_ready, CHECK_READY | NONDATA },
1263 [ 0x03 ] = { cmd_request_sense, ALLOW_UA },
1264 [ 0x12 ] = { cmd_inquiry, ALLOW_UA },
1265 [ 0x1b ] = { cmd_start_stop_unit, NONDATA },
1266 [ 0x1e ] = { cmd_prevent_allow_medium_removal, NONDATA },
1267 [ 0x25 ] = { cmd_read_cdvd_capacity, CHECK_READY },
1268 [ 0x28 ] = { cmd_read, CHECK_READY },
1269 [ 0x2b ] = { cmd_seek, CHECK_READY | NONDATA },
1270 [ 0x43 ] = { cmd_read_toc_pma_atip, CHECK_READY },
1271 [ 0x46 ] = { cmd_get_configuration, ALLOW_UA },
1272 [ 0x4a ] = { cmd_get_event_status_notification, ALLOW_UA },
1273 [ 0x51 ] = { cmd_read_disc_information, CHECK_READY },
1274 [ 0x5a ] = { cmd_mode_sense, 0 },
1275 [ 0xa8 ] = { cmd_read, CHECK_READY },
1276 [ 0xad ] = { cmd_read_dvd_structure, CHECK_READY },
1277 [ 0xbb ] = { cmd_set_speed, NONDATA },
1278 [ 0xbd ] = { cmd_mechanism_status, 0 },
1279 [ 0xbe ] = { cmd_read_cd, CHECK_READY | CONDDATA },
1280
1281};
1282
1283void ide_atapi_cmd(IDEState *s)
1284{
1285 uint8_t *buf = s->io_buffer;
1286 const struct AtapiCmd *cmd = &atapi_cmd_table[s->io_buffer[0]];
1287
1288 trace_ide_atapi_cmd(s, s->io_buffer[0]);
1289
1290 if (trace_event_get_state_backends(TRACE_IDE_ATAPI_CMD_PACKET)) {
1291
1292 char *ppacket = g_malloc(ATAPI_PACKET_SIZE * 3 + 1);
1293 int i;
1294 for (i = 0; i < ATAPI_PACKET_SIZE; i++) {
1295 sprintf(ppacket + (i * 3), "%02x ", buf[i]);
1296 }
1297 trace_ide_atapi_cmd_packet(s, s->lcyl | (s->hcyl << 8), ppacket);
1298 g_free(ppacket);
1299 }
1300
1301
1302
1303
1304
1305
1306
1307 if (s->sense_key == UNIT_ATTENTION && !(cmd->flags & ALLOW_UA)) {
1308 ide_atapi_cmd_check_status(s);
1309 return;
1310 }
1311
1312
1313
1314
1315
1316
1317
1318 if (!(cmd->flags & ALLOW_UA) &&
1319 !s->tray_open && blk_is_inserted(s->blk) && s->cdrom_changed) {
1320
1321 if (s->cdrom_changed == 1) {
1322 ide_atapi_cmd_error(s, NOT_READY, ASC_MEDIUM_NOT_PRESENT);
1323 s->cdrom_changed = 2;
1324 } else {
1325 ide_atapi_cmd_error(s, UNIT_ATTENTION, ASC_MEDIUM_MAY_HAVE_CHANGED);
1326 s->cdrom_changed = 0;
1327 }
1328
1329 return;
1330 }
1331
1332
1333 if ((cmd->flags & CHECK_READY) &&
1334 (!media_present(s) || !blk_is_inserted(s->blk)))
1335 {
1336 ide_atapi_cmd_error(s, NOT_READY, ASC_MEDIUM_NOT_PRESENT);
1337 return;
1338 }
1339
1340
1341
1342
1343
1344 if (cmd->handler && !(cmd->flags & (NONDATA | CONDDATA))) {
1345 if (!validate_bcl(s)) {
1346 return;
1347 }
1348 }
1349
1350
1351 if (cmd->handler) {
1352 cmd->handler(s, buf);
1353 return;
1354 }
1355
1356 ide_atapi_cmd_error(s, ILLEGAL_REQUEST, ASC_ILLEGAL_OPCODE);
1357}
1358