Nick Couchman wrote:
Found IDE debugging in qemu and turned that on...the last couple hundred lines are here: http://openbios.pastebin.com/de428f7c
-Nick
For reference, here are the last few lines:
ATAPI limit=0xf800 packet: 28 00 00 01 22 f6 00 00 1f 00 00 00 read pio: LBA=74486 nb_sectors=31 reply: tx_size=63488 elem_tx_size=0 index=2048 byte_count_limit=63488 status=0x58 ide: read status addr=0x682 val=58 ide: read status addr=0x682 val=58 ide: read status addr=0x682 val=58 ide: read status addr=0x682 val=58 ide: read status addr=0x682 val=58 ide: read status addr=0x682 val=58 ide: read status addr=0x682 val=58 ide: read status addr=0x682 val=58 ide: read addr=0x607 val=58 ide: read addr=0x602 val=02 ide: read addr=0x604 val=00 ide: read addr=0x605 val=f8 reply: tx_size=61440 elem_tx_size=61440 index=2048 reply: tx_size=59392 elem_tx_size=59392 index=2048 reply: tx_size=57344 elem_tx_size=57344 index=2048 reply: tx_size=55296 elem_tx_size=55296 index=2048 reply: tx_size=53248 elem_tx_size=53248 index=2048 reply: tx_size=51200 elem_tx_size=51200 index=2048 reply: tx_size=49152 elem_tx_size=49152 index=2048 reply: tx_size=47104 elem_tx_size=47104 index=2048 reply: tx_size=45056 elem_tx_size=45056 index=2048 reply: tx_size=43008 elem_tx_size=43008 index=2048 reply: tx_size=40960 elem_tx_size=40960 index=2048 reply: tx_size=38912 elem_tx_size=38912 index=2048 reply: tx_size=36864 elem_tx_size=36864 index=2048 reply: tx_size=34816 elem_tx_size=34816 index=2048 reply: tx_size=32768 elem_tx_size=32768 index=2048 reply: tx_size=30720 elem_tx_size=30720 index=2048 reply: tx_size=28672 elem_tx_size=28672 index=2048 reply: tx_size=26624 elem_tx_size=26624 index=2048 reply: tx_size=24576 elem_tx_size=24576 index=2048 reply: tx_size=22528 elem_tx_size=22528 index=2048 reply: tx_size=20480 elem_tx_size=20480 index=2048 reply: tx_size=18432 elem_tx_size=18432 index=2048 reply: tx_size=16384 elem_tx_size=16384 index=2048 sIDE: write addr=0x502 val=0x9a IDE: write addr=0x503 val=0xa9 IDE: write addr=0x504 val=0x06 IDE: write addr=0x505 val=0xed IDE: write addr=0x506 val=0x14 IDE: write addr=0x507 val=0xcd ide: CMD=cd ide: write control addr=0x582 val=97 IDE: write addr=0x602 val=0xba IDE: write addr=0x603 val=0xae IDE: write addr=0x604 val=0xce IDE: write addr=0x605 val=0xb6 IDE: write addr=0x606 val=0x58 IDE: write addr=0x607 val=0x57 ide: CMD=57 ide: write control addr=0x682 val=70 bmdma_cmd_writeb: 0x00000054 bmdma: writeb 0x701 : 0xd7 bmdma: writeb 0x702 : 0x79 bmdma: writeb 0x703 : 0xfe bmdma_addr_writew: 0x0000ddef bmdma_addr_writew: 0x0000b12b bmdma_cmd_writeb: 0x000000da bmdma: writeb 0x709 : 0x95
That's interesting. From the whole output you posted in the pastebin, it looks as if the IDE control register is located at 0x682 and various bits of data are written between 0x600 and 0x607.
However, then something does terribly wrong mid-request and the write addresses change to 0x500-0x507 with a control register at 0x582, then 0x600-0x607 with a control register at 0x582 and then 0x700-0x707 with a control register of 0x682 again.
I'm current leaning towards this being a bug in Qemu...
ATB,
Mark.