VirtualBox

source: vbox/trunk/src/VBox/Devices/Storage/DevATA.cpp@ 14421

Last change on this file since 14421 was 13840, checked in by vboxsync, 16 years ago

Hex format types (Vhx[sd] -> Rhx[sd]).

  • Property svn:eol-style set to native
  • Property svn:keywords set to Author Date Id Revision
File size: 228.6 KB
Line 
1/* $Id: DevATA.cpp 13840 2008-11-05 03:31:46Z vboxsync $ */
2/** @file
3 * VBox storage devices: ATA/ATAPI controller device (disk and cdrom).
4 */
5
6/*
7 * Copyright (C) 2006-2008 Sun Microsystems, Inc.
8 *
9 * This file is part of VirtualBox Open Source Edition (OSE), as
10 * available from http://www.virtualbox.org. This file is free software;
11 * you can redistribute it and/or modify it under the terms of the GNU
12 * General Public License (GPL) as published by the Free Software
13 * Foundation, in version 2 as it comes in the "COPYING" file of the
14 * VirtualBox OSE distribution. VirtualBox OSE is distributed in the
15 * hope that it will be useful, but WITHOUT ANY WARRANTY of any kind.
16 *
17 * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa
18 * Clara, CA 95054 USA or visit http://www.sun.com if you need
19 * additional information or have any questions.
20 */
21
22/*******************************************************************************
23* Defined Constants And Macros *
24*******************************************************************************/
25/** Temporary instrumentation for tracking down potential virtual disk
26 * write performance issues. */
27#undef VBOX_INSTRUMENT_DMA_WRITES
28
29/**
30 * The SSM saved state versions.
31 */
32#define ATA_SAVED_STATE_VERSION 18
33#define ATA_SAVED_STATE_VERSION_WITHOUT_FULL_SENSE 16
34#define ATA_SAVED_STATE_VERSION_WITHOUT_EVENT_STATUS 17
35
36
37/*******************************************************************************
38* Header Files *
39*******************************************************************************/
40#define LOG_GROUP LOG_GROUP_DEV_IDE
41#include <VBox/pdmdev.h>
42#include <iprt/assert.h>
43#include <iprt/string.h>
44#ifdef IN_RING3
45# include <iprt/uuid.h>
46# include <iprt/semaphore.h>
47# include <iprt/thread.h>
48# include <iprt/time.h>
49# include <iprt/alloc.h>
50#endif /* IN_RING3 */
51#include <iprt/critsect.h>
52#include <iprt/asm.h>
53#include <VBox/stam.h>
54#include <VBox/mm.h>
55#include <VBox/pgm.h>
56
57#include <VBox/scsi.h>
58
59#include "PIIX3ATABmDma.h"
60#include "ide.h"
61#include "ATAController.h"
62#include "../Builtins.h"
63
64
65typedef struct PCIATAState {
66 PCIDEVICE dev;
67 /** The controllers. */
68 ATACONTROLLER aCts[2];
69 /** Pointer to device instance. */
70 PPDMDEVINSR3 pDevIns;
71 /** Status Port - Base interface. */
72 PDMIBASE IBase;
73 /** Status Port - Leds interface. */
74 PDMILEDPORTS ILeds;
75 /** Partner of ILeds. */
76 R3PTRTYPE(PPDMILEDCONNECTORS) pLedsConnector;
77 /** Flag whether GC is enabled. */
78 bool fGCEnabled;
79 /** Flag whether R0 is enabled. */
80 bool fR0Enabled;
81 /** Flag indicating whether PIIX4 or PIIX3 is being emulated. */
82 bool fPIIX4;
83 bool Alignment0[HC_ARCH_BITS == 64 ? 5 : 1]; /**< Align the struct size. */
84} PCIATAState;
85
86#define PDMIBASE_2_PCIATASTATE(pInterface) ( (PCIATAState *)((uintptr_t)(pInterface) - RT_OFFSETOF(PCIATAState, IBase)) )
87#define PDMILEDPORTS_2_PCIATASTATE(pInterface) ( (PCIATAState *)((uintptr_t)(pInterface) - RT_OFFSETOF(PCIATAState, ILeds)) )
88#define PDMIBLOCKPORT_2_ATASTATE(pInterface) ( (ATADevState *)((uintptr_t)(pInterface) - RT_OFFSETOF(ATADevState, IPort)) )
89#define PDMIMOUNT_2_ATASTATE(pInterface) ( (ATADevState *)((uintptr_t)(pInterface) - RT_OFFSETOF(ATADevState, IMount)) )
90#define PDMIMOUNTNOTIFY_2_ATASTATE(pInterface) ( (ATADevState *)((uintptr_t)(pInterface) - RT_OFFSETOF(ATADevState, IMountNotify)) )
91#define PCIDEV_2_PCIATASTATE(pPciDev) ( (PCIATAState *)(pPciDev) )
92
93#define ATACONTROLLER_IDX(pController) ( (pController) - PDMINS_2_DATA(CONTROLLER_2_DEVINS(pController), PCIATAState *)->aCts )
94
95
96#ifndef VBOX_DEVICE_STRUCT_TESTCASE
97/*******************************************************************************
98 * Internal Functions *
99 ******************************************************************************/
100__BEGIN_DECLS
101PDMBOTHCBDECL(int) ataIOPortWrite1(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t u32, unsigned cb);
102PDMBOTHCBDECL(int) ataIOPortRead1(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t *u32, unsigned cb);
103PDMBOTHCBDECL(int) ataIOPortWriteStr1(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, RTGCPTR *pGCPtrSrc, PRTGCUINTREG pcTransfer, unsigned cb);
104PDMBOTHCBDECL(int) ataIOPortReadStr1(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, RTGCPTR *pGCPtrDst, PRTGCUINTREG pcTransfer, unsigned cb);
105PDMBOTHCBDECL(int) ataIOPortWrite2(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t u32, unsigned cb);
106PDMBOTHCBDECL(int) ataIOPortRead2(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t *u32, unsigned cb);
107PDMBOTHCBDECL(int) ataBMDMAIOPortWrite(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t u32, unsigned cb);
108PDMBOTHCBDECL(int) ataBMDMAIOPortRead(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t *pu32, unsigned cb);
109__END_DECLS
110
111
112
113DECLINLINE(void) ataSetStatusValue(ATADevState *s, uint8_t stat)
114{
115 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
116
117 /* Freeze status register contents while processing RESET. */
118 if (!pCtl->fReset)
119 {
120 s->uATARegStatus = stat;
121 Log2(("%s: LUN#%d status %#04x\n", __FUNCTION__, s->iLUN, s->uATARegStatus));
122 }
123}
124
125
126DECLINLINE(void) ataSetStatus(ATADevState *s, uint8_t stat)
127{
128 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
129
130 /* Freeze status register contents while processing RESET. */
131 if (!pCtl->fReset)
132 {
133 s->uATARegStatus |= stat;
134 Log2(("%s: LUN#%d status %#04x\n", __FUNCTION__, s->iLUN, s->uATARegStatus));
135 }
136}
137
138
139DECLINLINE(void) ataUnsetStatus(ATADevState *s, uint8_t stat)
140{
141 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
142
143 /* Freeze status register contents while processing RESET. */
144 if (!pCtl->fReset)
145 {
146 s->uATARegStatus &= ~stat;
147 Log2(("%s: LUN#%d status %#04x\n", __FUNCTION__, s->iLUN, s->uATARegStatus));
148 }
149}
150
151#ifdef IN_RING3
152
153typedef void (*PBeginTransferFunc)(ATADevState *);
154typedef bool (*PSourceSinkFunc)(ATADevState *);
155
156static void ataReadWriteSectorsBT(ATADevState *);
157static void ataPacketBT(ATADevState *);
158static void atapiCmdBT(ATADevState *);
159static void atapiPassthroughCmdBT(ATADevState *);
160
161static bool ataIdentifySS(ATADevState *);
162static bool ataFlushSS(ATADevState *);
163static bool ataReadSectorsSS(ATADevState *);
164static bool ataWriteSectorsSS(ATADevState *);
165static bool ataExecuteDeviceDiagnosticSS(ATADevState *);
166static bool ataPacketSS(ATADevState *);
167static bool atapiGetConfigurationSS(ATADevState *);
168static bool atapiGetEventStatusNotificationSS(ATADevState *);
169static bool atapiIdentifySS(ATADevState *);
170static bool atapiInquirySS(ATADevState *);
171static bool atapiMechanismStatusSS(ATADevState *);
172static bool atapiModeSenseErrorRecoverySS(ATADevState *);
173static bool atapiModeSenseCDStatusSS(ATADevState *);
174static bool atapiReadSS(ATADevState *);
175static bool atapiReadCapacitySS(ATADevState *);
176static bool atapiReadDiscInformationSS(ATADevState *);
177static bool atapiReadTOCNormalSS(ATADevState *);
178static bool atapiReadTOCMultiSS(ATADevState *);
179static bool atapiReadTOCRawSS(ATADevState *);
180static bool atapiReadTrackInformationSS(ATADevState *);
181static bool atapiRequestSenseSS(ATADevState *);
182static bool atapiPassthroughSS(ATADevState *);
183
184/**
185 * Begin of transfer function indexes for g_apfnBeginTransFuncs.
186 */
187typedef enum ATAFNBT
188{
189 ATAFN_BT_NULL = 0,
190 ATAFN_BT_READ_WRITE_SECTORS,
191 ATAFN_BT_PACKET,
192 ATAFN_BT_ATAPI_CMD,
193 ATAFN_BT_ATAPI_PASSTHROUGH_CMD,
194 ATAFN_BT_MAX
195} ATAFNBT;
196
197/**
198 * Array of end transfer functions, the index is ATAFNET.
199 * Make sure ATAFNET and this array match!
200 */
201static const PBeginTransferFunc g_apfnBeginTransFuncs[ATAFN_BT_MAX] =
202{
203 NULL,
204 ataReadWriteSectorsBT,
205 ataPacketBT,
206 atapiCmdBT,
207 atapiPassthroughCmdBT,
208};
209
210/**
211 * Source/sink function indexes for g_apfnSourceSinkFuncs.
212 */
213typedef enum ATAFNSS
214{
215 ATAFN_SS_NULL = 0,
216 ATAFN_SS_IDENTIFY,
217 ATAFN_SS_FLUSH,
218 ATAFN_SS_READ_SECTORS,
219 ATAFN_SS_WRITE_SECTORS,
220 ATAFN_SS_EXECUTE_DEVICE_DIAGNOSTIC,
221 ATAFN_SS_PACKET,
222 ATAFN_SS_ATAPI_GET_CONFIGURATION,
223 ATAFN_SS_ATAPI_GET_EVENT_STATUS_NOTIFICATION,
224 ATAFN_SS_ATAPI_IDENTIFY,
225 ATAFN_SS_ATAPI_INQUIRY,
226 ATAFN_SS_ATAPI_MECHANISM_STATUS,
227 ATAFN_SS_ATAPI_MODE_SENSE_ERROR_RECOVERY,
228 ATAFN_SS_ATAPI_MODE_SENSE_CD_STATUS,
229 ATAFN_SS_ATAPI_READ,
230 ATAFN_SS_ATAPI_READ_CAPACITY,
231 ATAFN_SS_ATAPI_READ_DISC_INFORMATION,
232 ATAFN_SS_ATAPI_READ_TOC_NORMAL,
233 ATAFN_SS_ATAPI_READ_TOC_MULTI,
234 ATAFN_SS_ATAPI_READ_TOC_RAW,
235 ATAFN_SS_ATAPI_READ_TRACK_INFORMATION,
236 ATAFN_SS_ATAPI_REQUEST_SENSE,
237 ATAFN_SS_ATAPI_PASSTHROUGH,
238 ATAFN_SS_MAX
239} ATAFNSS;
240
241/**
242 * Array of source/sink functions, the index is ATAFNSS.
243 * Make sure ATAFNSS and this array match!
244 */
245static const PSourceSinkFunc g_apfnSourceSinkFuncs[ATAFN_SS_MAX] =
246{
247 NULL,
248 ataIdentifySS,
249 ataFlushSS,
250 ataReadSectorsSS,
251 ataWriteSectorsSS,
252 ataExecuteDeviceDiagnosticSS,
253 ataPacketSS,
254 atapiGetConfigurationSS,
255 atapiGetEventStatusNotificationSS,
256 atapiIdentifySS,
257 atapiInquirySS,
258 atapiMechanismStatusSS,
259 atapiModeSenseErrorRecoverySS,
260 atapiModeSenseCDStatusSS,
261 atapiReadSS,
262 atapiReadCapacitySS,
263 atapiReadDiscInformationSS,
264 atapiReadTOCNormalSS,
265 atapiReadTOCMultiSS,
266 atapiReadTOCRawSS,
267 atapiReadTrackInformationSS,
268 atapiRequestSenseSS,
269 atapiPassthroughSS
270};
271
272
273static const ATARequest ataDMARequest = { ATA_AIO_DMA, };
274static const ATARequest ataPIORequest = { ATA_AIO_PIO, };
275static const ATARequest ataResetARequest = { ATA_AIO_RESET_ASSERTED, };
276static const ATARequest ataResetCRequest = { ATA_AIO_RESET_CLEARED, };
277
278
279static void ataAsyncIOClearRequests(PATACONTROLLER pCtl)
280{
281 int rc;
282
283 rc = RTSemMutexRequest(pCtl->AsyncIORequestMutex, RT_INDEFINITE_WAIT);
284 AssertRC(rc);
285 pCtl->AsyncIOReqHead = 0;
286 pCtl->AsyncIOReqTail = 0;
287 rc = RTSemMutexRelease(pCtl->AsyncIORequestMutex);
288 AssertRC(rc);
289}
290
291
292static void ataAsyncIOPutRequest(PATACONTROLLER pCtl, const ATARequest *pReq)
293{
294 int rc;
295
296 rc = RTSemMutexRequest(pCtl->AsyncIORequestMutex, RT_INDEFINITE_WAIT);
297 AssertRC(rc);
298 Assert((pCtl->AsyncIOReqHead + 1) % RT_ELEMENTS(pCtl->aAsyncIORequests) != pCtl->AsyncIOReqTail);
299 memcpy(&pCtl->aAsyncIORequests[pCtl->AsyncIOReqHead], pReq, sizeof(*pReq));
300 pCtl->AsyncIOReqHead++;
301 pCtl->AsyncIOReqHead %= RT_ELEMENTS(pCtl->aAsyncIORequests);
302 rc = RTSemMutexRelease(pCtl->AsyncIORequestMutex);
303 AssertRC(rc);
304 LogBird(("ata: %x: signalling\n", pCtl->IOPortBase1));
305 rc = PDMR3CritSectScheduleExitEvent(&pCtl->lock, pCtl->AsyncIOSem);
306 if (RT_FAILURE(rc))
307 {
308 LogBird(("ata: %x: schedule failed, rc=%Rrc\n", pCtl->IOPortBase1, rc));
309 rc = RTSemEventSignal(pCtl->AsyncIOSem);
310 AssertRC(rc);
311 }
312}
313
314
315static const ATARequest *ataAsyncIOGetCurrentRequest(PATACONTROLLER pCtl)
316{
317 int rc;
318 const ATARequest *pReq;
319
320 rc = RTSemMutexRequest(pCtl->AsyncIORequestMutex, RT_INDEFINITE_WAIT);
321 AssertRC(rc);
322 if (pCtl->AsyncIOReqHead != pCtl->AsyncIOReqTail)
323 pReq = &pCtl->aAsyncIORequests[pCtl->AsyncIOReqTail];
324 else
325 pReq = NULL;
326 rc = RTSemMutexRelease(pCtl->AsyncIORequestMutex);
327 AssertRC(rc);
328 return pReq;
329}
330
331
332/**
333 * Remove the request with the given type, as it's finished. The request
334 * is not removed blindly, as this could mean a RESET request that is not
335 * yet processed (but has cleared the request queue) is lost.
336 *
337 * @param pCtl Controller for which to remove the request.
338 * @param ReqType Type of the request to remove.
339 */
340static void ataAsyncIORemoveCurrentRequest(PATACONTROLLER pCtl, ATAAIO ReqType)
341{
342 int rc;
343
344 rc = RTSemMutexRequest(pCtl->AsyncIORequestMutex, RT_INDEFINITE_WAIT);
345 AssertRC(rc);
346 if (pCtl->AsyncIOReqHead != pCtl->AsyncIOReqTail && pCtl->aAsyncIORequests[pCtl->AsyncIOReqTail].ReqType == ReqType)
347 {
348 pCtl->AsyncIOReqTail++;
349 pCtl->AsyncIOReqTail %= RT_ELEMENTS(pCtl->aAsyncIORequests);
350 }
351 rc = RTSemMutexRelease(pCtl->AsyncIORequestMutex);
352 AssertRC(rc);
353}
354
355
356/**
357 * Dump the request queue for a particular controller. First dump the queue
358 * contents, then the already processed entries, as long as they haven't been
359 * overwritten.
360 *
361 * @param pCtl Controller for which to dump the queue.
362 */
363static void ataAsyncIODumpRequests(PATACONTROLLER pCtl)
364{
365 int rc;
366 uint8_t curr;
367
368 rc = RTSemMutexRequest(pCtl->AsyncIORequestMutex, RT_INDEFINITE_WAIT);
369 AssertRC(rc);
370 LogRel(("PIIX3 ATA: Ctl#%d: request queue dump (topmost is current):\n", ATACONTROLLER_IDX(pCtl)));
371 curr = pCtl->AsyncIOReqTail;
372 do
373 {
374 if (curr == pCtl->AsyncIOReqHead)
375 LogRel(("PIIX3 ATA: Ctl#%d: processed requests (topmost is oldest):\n", ATACONTROLLER_IDX(pCtl)));
376 switch (pCtl->aAsyncIORequests[curr].ReqType)
377 {
378 case ATA_AIO_NEW:
379 LogRel(("new transfer request, iIf=%d iBeginTransfer=%d iSourceSink=%d cbTotalTransfer=%d uTxDir=%d\n", pCtl->aAsyncIORequests[curr].u.t.iIf, pCtl->aAsyncIORequests[curr].u.t.iBeginTransfer, pCtl->aAsyncIORequests[curr].u.t.iSourceSink, pCtl->aAsyncIORequests[curr].u.t.cbTotalTransfer, pCtl->aAsyncIORequests[curr].u.t.uTxDir));
380 break;
381 case ATA_AIO_DMA:
382 LogRel(("dma transfer finished\n"));
383 break;
384 case ATA_AIO_PIO:
385 LogRel(("pio transfer finished\n"));
386 break;
387 case ATA_AIO_RESET_ASSERTED:
388 LogRel(("reset asserted request\n"));
389 break;
390 case ATA_AIO_RESET_CLEARED:
391 LogRel(("reset cleared request\n"));
392 break;
393 case ATA_AIO_ABORT:
394 LogRel(("abort request, iIf=%d fResetDrive=%d\n", pCtl->aAsyncIORequests[curr].u.a.iIf, pCtl->aAsyncIORequests[curr].u.a.fResetDrive));
395 break;
396 default:
397 LogRel(("unknown request %d\n", pCtl->aAsyncIORequests[curr].ReqType));
398 }
399 curr = (curr + 1) % RT_ELEMENTS(pCtl->aAsyncIORequests);
400 } while (curr != pCtl->AsyncIOReqTail);
401 rc = RTSemMutexRelease(pCtl->AsyncIORequestMutex);
402 AssertRC(rc);
403}
404
405
406/**
407 * Checks whether the request queue for a particular controller is empty
408 * or whether a particular controller is idle.
409 *
410 * @param pCtl Controller for which to check the queue.
411 * @param fStrict If set then the controller is checked to be idle.
412 */
413static bool ataAsyncIOIsIdle(PATACONTROLLER pCtl, bool fStrict)
414{
415 int rc;
416 bool fIdle;
417
418 rc = RTSemMutexRequest(pCtl->AsyncIORequestMutex, RT_INDEFINITE_WAIT);
419 AssertRC(rc);
420 fIdle = pCtl->fRedoIdle;
421 if (!fIdle)
422 fIdle = (pCtl->AsyncIOReqHead == pCtl->AsyncIOReqTail);
423 if (fStrict)
424 fIdle &= (pCtl->uAsyncIOState == ATA_AIO_NEW);
425 rc = RTSemMutexRelease(pCtl->AsyncIORequestMutex);
426 AssertRC(rc);
427 return fIdle;
428}
429
430
431/**
432 * Send a transfer request to the async I/O thread.
433 *
434 * @param s Pointer to the ATA device state data.
435 * @param cbTotalTransfer Data transfer size.
436 * @param uTxDir Data transfer direction.
437 * @param iBeginTransfer Index of BeginTransfer callback.
438 * @param iSourceSink Index of SourceSink callback.
439 * @param fChainedTransfer Whether this is a transfer that is part of the previous command/transfer.
440 */
441static void ataStartTransfer(ATADevState *s, uint32_t cbTotalTransfer, uint8_t uTxDir, ATAFNBT iBeginTransfer, ATAFNSS iSourceSink, bool fChainedTransfer)
442{
443 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
444 ATARequest Req;
445
446 Assert(PDMCritSectIsOwner(&pCtl->lock));
447
448 /* Do not issue new requests while the RESET line is asserted. */
449 if (pCtl->fReset)
450 {
451 Log2(("%s: Ctl#%d: suppressed new request as RESET is active\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
452 return;
453 }
454
455 /* If the controller is already doing something else right now, ignore
456 * the command that is being submitted. Some broken guests issue commands
457 * twice (e.g. the Linux kernel that comes with Acronis True Image 8). */
458 if (!fChainedTransfer && !ataAsyncIOIsIdle(pCtl, true))
459 {
460 Log(("%s: Ctl#%d: ignored command %#04x, controller state %d\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl), s->uATARegCommand, pCtl->uAsyncIOState));
461 LogRel(("PIIX3 IDE: guest issued command %#04x while controller busy\n", s->uATARegCommand));
462 return;
463 }
464
465 Req.ReqType = ATA_AIO_NEW;
466 if (fChainedTransfer)
467 Req.u.t.iIf = pCtl->iAIOIf;
468 else
469 Req.u.t.iIf = pCtl->iSelectedIf;
470 Req.u.t.cbTotalTransfer = cbTotalTransfer;
471 Req.u.t.uTxDir = uTxDir;
472 Req.u.t.iBeginTransfer = iBeginTransfer;
473 Req.u.t.iSourceSink = iSourceSink;
474 ataSetStatusValue(s, ATA_STAT_BUSY);
475 pCtl->fChainedTransfer = fChainedTransfer;
476
477 /*
478 * Kick the worker thread into action.
479 */
480 Log2(("%s: Ctl#%d: message to async I/O thread, new request\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
481 ataAsyncIOPutRequest(pCtl, &Req);
482}
483
484
485/**
486 * Send an abort command request to the async I/O thread.
487 *
488 * @param s Pointer to the ATA device state data.
489 * @param fResetDrive Whether to reset the drive or just abort a command.
490 */
491static void ataAbortCurrentCommand(ATADevState *s, bool fResetDrive)
492{
493 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
494 ATARequest Req;
495
496 Assert(PDMCritSectIsOwner(&pCtl->lock));
497
498 /* Do not issue new requests while the RESET line is asserted. */
499 if (pCtl->fReset)
500 {
501 Log2(("%s: Ctl#%d: suppressed aborting command as RESET is active\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
502 return;
503 }
504
505 Req.ReqType = ATA_AIO_ABORT;
506 Req.u.a.iIf = pCtl->iSelectedIf;
507 Req.u.a.fResetDrive = fResetDrive;
508 ataSetStatus(s, ATA_STAT_BUSY);
509 Log2(("%s: Ctl#%d: message to async I/O thread, abort command on LUN#%d\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl), s->iLUN));
510 ataAsyncIOPutRequest(pCtl, &Req);
511}
512
513
514static void ataSetIRQ(ATADevState *s)
515{
516 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
517 PPDMDEVINS pDevIns = ATADEVSTATE_2_DEVINS(s);
518
519 if (!(s->uATARegDevCtl & ATA_DEVCTL_DISABLE_IRQ))
520 {
521 Log2(("%s: LUN#%d asserting IRQ\n", __FUNCTION__, s->iLUN));
522 /* The BMDMA unit unconditionally sets BM_STATUS_INT if the interrupt
523 * line is asserted. It monitors the line for a rising edge. */
524 if (!s->fIrqPending)
525 pCtl->BmDma.u8Status |= BM_STATUS_INT;
526 /* Only actually set the IRQ line if updating the currently selected drive. */
527 if (s == &pCtl->aIfs[pCtl->iSelectedIf])
528 {
529 /** @todo experiment with adaptive IRQ delivery: for reads it is
530 * better to wait for IRQ delivery, as it reduces latency. */
531 if (pCtl->irq == 16)
532 PDMDevHlpPCISetIrqNoWait(pDevIns, 0, 1);
533 else
534 PDMDevHlpISASetIrqNoWait(pDevIns, pCtl->irq, 1);
535 }
536 }
537 s->fIrqPending = true;
538}
539
540#endif /* IN_RING3 */
541
542static void ataUnsetIRQ(ATADevState *s)
543{
544 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
545 PPDMDEVINS pDevIns = ATADEVSTATE_2_DEVINS(s);
546
547 if (!(s->uATARegDevCtl & ATA_DEVCTL_DISABLE_IRQ))
548 {
549 Log2(("%s: LUN#%d deasserting IRQ\n", __FUNCTION__, s->iLUN));
550 /* Only actually unset the IRQ line if updating the currently selected drive. */
551 if (s == &pCtl->aIfs[pCtl->iSelectedIf])
552 {
553 if (pCtl->irq == 16)
554 PDMDevHlpPCISetIrqNoWait(pDevIns, 0, 0);
555 else
556 PDMDevHlpISASetIrqNoWait(pDevIns, pCtl->irq, 0);
557 }
558 }
559 s->fIrqPending = false;
560}
561
562#ifdef IN_RING3
563
564static void ataPIOTransferStart(ATADevState *s, uint32_t start, uint32_t size)
565{
566 Log2(("%s: LUN#%d start %d size %d\n", __FUNCTION__, s->iLUN, start, size));
567 s->iIOBufferPIODataStart = start;
568 s->iIOBufferPIODataEnd = start + size;
569 ataSetStatus(s, ATA_STAT_DRQ);
570}
571
572
573static void ataPIOTransferStop(ATADevState *s)
574{
575 Log2(("%s: LUN#%d\n", __FUNCTION__, s->iLUN));
576 if (s->fATAPITransfer)
577 {
578 s->uATARegNSector = (s->uATARegNSector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
579 Log2(("%s: interrupt reason %#04x\n", __FUNCTION__, s->uATARegNSector));
580 ataSetIRQ(s);
581 s->fATAPITransfer = false;
582 }
583 s->cbTotalTransfer = 0;
584 s->cbElementaryTransfer = 0;
585 s->iIOBufferPIODataStart = 0;
586 s->iIOBufferPIODataEnd = 0;
587 s->iBeginTransfer = ATAFN_BT_NULL;
588 s->iSourceSink = ATAFN_SS_NULL;
589}
590
591
592static void ataPIOTransferLimitATAPI(ATADevState *s)
593{
594 uint32_t cbLimit, cbTransfer;
595
596 cbLimit = s->uATARegLCyl | (s->uATARegHCyl << 8);
597 /* Use maximum transfer size if the guest requested 0. Avoids a hang. */
598 if (cbLimit == 0)
599 cbLimit = 0xfffe;
600 Log2(("%s: byte count limit=%d\n", __FUNCTION__, cbLimit));
601 if (cbLimit == 0xffff)
602 cbLimit--;
603 cbTransfer = RT_MIN(s->cbTotalTransfer, s->iIOBufferEnd - s->iIOBufferCur);
604 if (cbTransfer > cbLimit)
605 {
606 /* Byte count limit for clipping must be even in this case */
607 if (cbLimit & 1)
608 cbLimit--;
609 cbTransfer = cbLimit;
610 }
611 s->uATARegLCyl = cbTransfer;
612 s->uATARegHCyl = cbTransfer >> 8;
613 s->cbElementaryTransfer = cbTransfer;
614}
615
616
617static uint32_t ataGetNSectors(ATADevState *s)
618{
619 /* 0 means either 256 (LBA28) or 65536 (LBA48) sectors. */
620 if (s->fLBA48)
621 {
622 if (!s->uATARegNSector && !s->uATARegNSectorHOB)
623 return 65536;
624 else
625 return s->uATARegNSectorHOB << 8 | s->uATARegNSector;
626 }
627 else
628 {
629 if (!s->uATARegNSector)
630 return 256;
631 else
632 return s->uATARegNSector;
633 }
634}
635
636
637static void ataPadString(uint8_t *pbDst, const char *pbSrc, uint32_t cbSize)
638{
639 for (uint32_t i = 0; i < cbSize; i++)
640 {
641 if (*pbSrc)
642 pbDst[i ^ 1] = *pbSrc++;
643 else
644 pbDst[i ^ 1] = ' ';
645 }
646}
647
648
649static void ataSCSIPadStr(uint8_t *pbDst, const char *pbSrc, uint32_t cbSize)
650{
651 for (uint32_t i = 0; i < cbSize; i++)
652 {
653 if (*pbSrc)
654 pbDst[i] = *pbSrc++;
655 else
656 pbDst[i] = ' ';
657 }
658}
659
660
661DECLINLINE(void) ataH2BE_U16(uint8_t *pbBuf, uint16_t val)
662{
663 pbBuf[0] = val >> 8;
664 pbBuf[1] = val;
665}
666
667
668DECLINLINE(void) ataH2BE_U24(uint8_t *pbBuf, uint32_t val)
669{
670 pbBuf[0] = val >> 16;
671 pbBuf[1] = val >> 8;
672 pbBuf[2] = val;
673}
674
675
676DECLINLINE(void) ataH2BE_U32(uint8_t *pbBuf, uint32_t val)
677{
678 pbBuf[0] = val >> 24;
679 pbBuf[1] = val >> 16;
680 pbBuf[2] = val >> 8;
681 pbBuf[3] = val;
682}
683
684
685DECLINLINE(uint16_t) ataBE2H_U16(const uint8_t *pbBuf)
686{
687 return (pbBuf[0] << 8) | pbBuf[1];
688}
689
690
691DECLINLINE(uint32_t) ataBE2H_U24(const uint8_t *pbBuf)
692{
693 return (pbBuf[0] << 16) | (pbBuf[1] << 8) | pbBuf[2];
694}
695
696
697DECLINLINE(uint32_t) ataBE2H_U32(const uint8_t *pbBuf)
698{
699 return (pbBuf[0] << 24) | (pbBuf[1] << 16) | (pbBuf[2] << 8) | pbBuf[3];
700}
701
702
703DECLINLINE(void) ataLBA2MSF(uint8_t *pbBuf, uint32_t iATAPILBA)
704{
705 iATAPILBA += 150;
706 pbBuf[0] = (iATAPILBA / 75) / 60;
707 pbBuf[1] = (iATAPILBA / 75) % 60;
708 pbBuf[2] = iATAPILBA % 75;
709}
710
711
712DECLINLINE(uint32_t) ataMSF2LBA(const uint8_t *pbBuf)
713{
714 return (pbBuf[0] * 60 + pbBuf[1]) * 75 + pbBuf[2];
715}
716
717
718static void ataCmdOK(ATADevState *s, uint8_t status)
719{
720 s->uATARegError = 0; /* Not needed by ATA spec, but cannot hurt. */
721 ataSetStatusValue(s, ATA_STAT_READY | status);
722}
723
724
725static void ataCmdError(ATADevState *s, uint8_t uErrorCode)
726{
727 Log(("%s: code=%#x\n", __FUNCTION__, uErrorCode));
728 s->uATARegError = uErrorCode;
729 ataSetStatusValue(s, ATA_STAT_READY | ATA_STAT_ERR);
730 s->cbTotalTransfer = 0;
731 s->cbElementaryTransfer = 0;
732 s->iIOBufferCur = 0;
733 s->iIOBufferEnd = 0;
734 s->uTxDir = PDMBLOCKTXDIR_NONE;
735 s->iBeginTransfer = ATAFN_BT_NULL;
736 s->iSourceSink = ATAFN_SS_NULL;
737}
738
739
740static bool ataIdentifySS(ATADevState *s)
741{
742 uint16_t *p;
743 char aSerial[20];
744 int rc;
745 RTUUID Uuid;
746
747 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
748 Assert(s->cbElementaryTransfer == 512);
749 rc = s->pDrvBlock ? s->pDrvBlock->pfnGetUuid(s->pDrvBlock, &Uuid) : RTUuidClear(&Uuid);
750 if (RT_FAILURE(rc) || RTUuidIsNull(&Uuid))
751 {
752 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
753 /* Generate a predictable serial for drives which don't have a UUID. */
754 RTStrPrintf(aSerial, sizeof(aSerial), "VB%x-%04x%04x",
755 s->iLUN + ATADEVSTATE_2_DEVINS(s)->iInstance * 32,
756 pCtl->IOPortBase1, pCtl->IOPortBase2);
757 }
758 else
759 RTStrPrintf(aSerial, sizeof(aSerial), "VB%08x-%08x", Uuid.au32[0], Uuid.au32[3]);
760
761 p = (uint16_t *)s->CTX_SUFF(pbIOBuffer);
762 memset(p, 0, 512);
763 p[0] = RT_H2LE_U16(0x0040);
764 p[1] = RT_H2LE_U16(RT_MIN(s->PCHSGeometry.cCylinders, 16383));
765 p[3] = RT_H2LE_U16(s->PCHSGeometry.cHeads);
766 /* Block size; obsolete, but required for the BIOS. */
767 p[5] = RT_H2LE_U16(512);
768 p[6] = RT_H2LE_U16(s->PCHSGeometry.cSectors);
769 ataPadString((uint8_t *)(p + 10), aSerial, 20); /* serial number */
770 p[20] = RT_H2LE_U16(3); /* XXX: retired, cache type */
771 p[21] = RT_H2LE_U16(512); /* XXX: retired, cache size in sectors */
772 p[22] = RT_H2LE_U16(0); /* ECC bytes per sector */
773 ataPadString((uint8_t *)(p + 23), "1.0", 8); /* firmware version */
774 ataPadString((uint8_t *)(p + 27), "VBOX HARDDISK", 40); /* model */
775#if ATA_MAX_MULT_SECTORS > 1
776 p[47] = RT_H2LE_U16(0x8000 | ATA_MAX_MULT_SECTORS);
777#endif
778 p[48] = RT_H2LE_U16(1); /* dword I/O, used by the BIOS */
779 p[49] = RT_H2LE_U16(1 << 11 | 1 << 9 | 1 << 8); /* DMA and LBA supported */
780 p[50] = RT_H2LE_U16(1 << 14); /* No drive specific standby timer minimum */
781 p[51] = RT_H2LE_U16(240); /* PIO transfer cycle */
782 p[52] = RT_H2LE_U16(240); /* DMA transfer cycle */
783 p[53] = RT_H2LE_U16(1 | 1 << 1 | 1 << 2); /* words 54-58,64-70,88 valid */
784 p[54] = RT_H2LE_U16(RT_MIN(s->PCHSGeometry.cCylinders, 16383));
785 p[55] = RT_H2LE_U16(s->PCHSGeometry.cHeads);
786 p[56] = RT_H2LE_U16(s->PCHSGeometry.cSectors);
787 p[57] = RT_H2LE_U16( RT_MIN(s->PCHSGeometry.cCylinders, 16383)
788 * s->PCHSGeometry.cHeads
789 * s->PCHSGeometry.cSectors);
790 p[58] = RT_H2LE_U16( RT_MIN(s->PCHSGeometry.cCylinders, 16383)
791 * s->PCHSGeometry.cHeads
792 * s->PCHSGeometry.cSectors >> 16);
793 if (s->cMultSectors)
794 p[59] = RT_H2LE_U16(0x100 | s->cMultSectors);
795 if (s->cTotalSectors <= (1 << 28) - 1)
796 {
797 p[60] = RT_H2LE_U16(s->cTotalSectors);
798 p[61] = RT_H2LE_U16(s->cTotalSectors >> 16);
799 }
800 else
801 {
802 /* Report maximum number of sectors possible with LBA28 */
803 p[60] = RT_H2LE_U16(((1 << 28) - 1) & 0xffff);
804 p[61] = RT_H2LE_U16(((1 << 28) - 1) >> 16);
805 }
806 p[63] = RT_H2LE_U16(ATA_TRANSFER_ID(ATA_MODE_MDMA, ATA_MDMA_MODE_MAX, s->uATATransferMode)); /* MDMA modes supported / mode enabled */
807 p[64] = RT_H2LE_U16(ATA_PIO_MODE_MAX > 2 ? (1 << (ATA_PIO_MODE_MAX - 2)) - 1 : 0); /* PIO modes beyond PIO2 supported */
808 p[65] = RT_H2LE_U16(120); /* minimum DMA multiword tx cycle time */
809 p[66] = RT_H2LE_U16(120); /* recommended DMA multiword tx cycle time */
810 p[67] = RT_H2LE_U16(120); /* minimum PIO cycle time without flow control */
811 p[68] = RT_H2LE_U16(120); /* minimum PIO cycle time with IORDY flow control */
812 p[80] = RT_H2LE_U16(0x7e); /* support everything up to ATA/ATAPI-6 */
813 p[81] = RT_H2LE_U16(0x22); /* conforms to ATA/ATAPI-6 */
814 p[82] = RT_H2LE_U16(1 << 3 | 1 << 5 | 1 << 6); /* supports power management, write cache and look-ahead */
815 if (s->cTotalSectors <= (1 << 28) - 1)
816 p[83] = RT_H2LE_U16(1 << 14 | 1 << 12); /* supports FLUSH CACHE */
817 else
818 p[83] = RT_H2LE_U16(1 << 14 | 1 << 10 | 1 << 12 | 1 << 13); /* supports LBA48, FLUSH CACHE and FLUSH CACHE EXT */
819 p[84] = RT_H2LE_U16(1 << 14);
820 p[85] = RT_H2LE_U16(1 << 3 | 1 << 5 | 1 << 6); /* enabled power management, write cache and look-ahead */
821 if (s->cTotalSectors <= (1 << 28) - 1)
822 p[86] = RT_H2LE_U16(1 << 12); /* enabled FLUSH CACHE */
823 else
824 p[86] = RT_H2LE_U16(1 << 10 | 1 << 12 | 1 << 13); /* enabled LBA48, FLUSH CACHE and FLUSH CACHE EXT */
825 p[87] = RT_H2LE_U16(1 << 14);
826 p[88] = RT_H2LE_U16(ATA_TRANSFER_ID(ATA_MODE_UDMA, ATA_UDMA_MODE_MAX, s->uATATransferMode)); /* UDMA modes supported / mode enabled */
827 p[93] = RT_H2LE_U16((1 | 1 << 1) << ((s->iLUN & 1) == 0 ? 0 : 8) | 1 << 13 | 1 << 14);
828 if (s->cTotalSectors > (1 << 28) - 1)
829 {
830 p[100] = RT_H2LE_U16(s->cTotalSectors);
831 p[101] = RT_H2LE_U16(s->cTotalSectors >> 16);
832 p[102] = RT_H2LE_U16(s->cTotalSectors >> 32);
833 p[103] = RT_H2LE_U16(s->cTotalSectors >> 48);
834 }
835 s->iSourceSink = ATAFN_SS_NULL;
836 ataCmdOK(s, ATA_STAT_SEEK);
837 return false;
838}
839
840
841static bool ataFlushSS(ATADevState *s)
842{
843 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
844 int rc;
845
846 Assert(s->uTxDir == PDMBLOCKTXDIR_NONE);
847 Assert(!s->cbElementaryTransfer);
848
849 PDMCritSectLeave(&pCtl->lock);
850
851 STAM_PROFILE_START(&s->StatFlushes, f);
852 rc = s->pDrvBlock->pfnFlush(s->pDrvBlock);
853 AssertRC(rc);
854 STAM_PROFILE_STOP(&s->StatFlushes, f);
855
856 STAM_PROFILE_START(&pCtl->StatLockWait, a);
857 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
858 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
859 ataCmdOK(s, 0);
860 return false;
861}
862
863
864static bool atapiIdentifySS(ATADevState *s)
865{
866 uint16_t *p;
867 char aSerial[20];
868 RTUUID Uuid;
869 int rc;
870
871 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
872 Assert(s->cbElementaryTransfer == 512);
873 rc = s->pDrvBlock ? s->pDrvBlock->pfnGetUuid(s->pDrvBlock, &Uuid) : RTUuidClear(&Uuid);
874 if (RT_FAILURE(rc) || RTUuidIsNull(&Uuid))
875 {
876 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
877 /* Generate a predictable serial for drives which don't have a UUID. */
878 RTStrPrintf(aSerial, sizeof(aSerial), "VB%x-%04x%04x",
879 s->iLUN + ATADEVSTATE_2_DEVINS(s)->iInstance * 32,
880 pCtl->IOPortBase1, pCtl->IOPortBase2);
881 }
882 else
883 RTStrPrintf(aSerial, sizeof(aSerial), "VB%08x-%08x", Uuid.au32[0], Uuid.au32[3]);
884
885 p = (uint16_t *)s->CTX_SUFF(pbIOBuffer);
886 memset(p, 0, 512);
887 /* Removable CDROM, 50us response, 12 byte packets */
888 p[0] = RT_H2LE_U16(2 << 14 | 5 << 8 | 1 << 7 | 2 << 5 | 0 << 0);
889 ataPadString((uint8_t *)(p + 10), aSerial, 20); /* serial number */
890 p[20] = RT_H2LE_U16(3); /* XXX: retired, cache type */
891 p[21] = RT_H2LE_U16(512); /* XXX: retired, cache size in sectors */
892 ataPadString((uint8_t *)(p + 23), "1.0", 8); /* firmware version */
893 ataPadString((uint8_t *)(p + 27), "VBOX CD-ROM", 40); /* model */
894 p[49] = RT_H2LE_U16(1 << 11 | 1 << 9 | 1 << 8); /* DMA and LBA supported */
895 p[50] = RT_H2LE_U16(1 << 14); /* No drive specific standby timer minimum */
896 p[51] = RT_H2LE_U16(240); /* PIO transfer cycle */
897 p[52] = RT_H2LE_U16(240); /* DMA transfer cycle */
898 p[53] = RT_H2LE_U16(1 << 1 | 1 << 2); /* words 64-70,88 are valid */
899 p[63] = RT_H2LE_U16(ATA_TRANSFER_ID(ATA_MODE_MDMA, ATA_MDMA_MODE_MAX, s->uATATransferMode)); /* MDMA modes supported / mode enabled */
900 p[64] = RT_H2LE_U16(ATA_PIO_MODE_MAX > 2 ? (1 << (ATA_PIO_MODE_MAX - 2)) - 1 : 0); /* PIO modes beyond PIO2 supported */
901 p[65] = RT_H2LE_U16(120); /* minimum DMA multiword tx cycle time */
902 p[66] = RT_H2LE_U16(120); /* recommended DMA multiword tx cycle time */
903 p[67] = RT_H2LE_U16(120); /* minimum PIO cycle time without flow control */
904 p[68] = RT_H2LE_U16(120); /* minimum PIO cycle time with IORDY flow control */
905 p[73] = RT_H2LE_U16(0x003e); /* ATAPI CDROM major */
906 p[74] = RT_H2LE_U16(9); /* ATAPI CDROM minor */
907 p[75] = RT_H2LE_U16(1); /* queue depth 1 */
908 p[80] = RT_H2LE_U16(0x7e); /* support everything up to ATA/ATAPI-6 */
909 p[81] = RT_H2LE_U16(0x22); /* conforms to ATA/ATAPI-6 */
910 p[82] = RT_H2LE_U16(1 << 4 | 1 << 9); /* supports packet command set and DEVICE RESET */
911 p[83] = RT_H2LE_U16(1 << 14);
912 p[84] = RT_H2LE_U16(1 << 14);
913 p[85] = RT_H2LE_U16(1 << 4 | 1 << 9); /* enabled packet command set and DEVICE RESET */
914 p[86] = RT_H2LE_U16(0);
915 p[87] = RT_H2LE_U16(1 << 14);
916 p[88] = RT_H2LE_U16(ATA_TRANSFER_ID(ATA_MODE_UDMA, ATA_UDMA_MODE_MAX, s->uATATransferMode)); /* UDMA modes supported / mode enabled */
917 p[93] = RT_H2LE_U16((1 | 1 << 1) << ((s->iLUN & 1) == 0 ? 0 : 8) | 1 << 13 | 1 << 14);
918 s->iSourceSink = ATAFN_SS_NULL;
919 ataCmdOK(s, ATA_STAT_SEEK);
920 return false;
921}
922
923
924static void ataSetSignature(ATADevState *s)
925{
926 s->uATARegSelect &= 0xf0; /* clear head */
927 /* put signature */
928 s->uATARegNSector = 1;
929 s->uATARegSector = 1;
930 if (s->fATAPI)
931 {
932 s->uATARegLCyl = 0x14;
933 s->uATARegHCyl = 0xeb;
934 }
935 else if (s->pDrvBlock)
936 {
937 s->uATARegLCyl = 0;
938 s->uATARegHCyl = 0;
939 }
940 else
941 {
942 s->uATARegLCyl = 0xff;
943 s->uATARegHCyl = 0xff;
944 }
945}
946
947
948static uint64_t ataGetSector(ATADevState *s)
949{
950 uint64_t iLBA;
951 if (s->uATARegSelect & 0x40)
952 {
953 /* any LBA variant */
954 if (s->fLBA48)
955 {
956 /* LBA48 */
957 iLBA = ((uint64_t)s->uATARegHCylHOB << 40) |
958 ((uint64_t)s->uATARegLCylHOB << 32) |
959 ((uint64_t)s->uATARegSectorHOB << 24) |
960 ((uint64_t)s->uATARegHCyl << 16) |
961 ((uint64_t)s->uATARegLCyl << 8) |
962 s->uATARegSector;
963 }
964 else
965 {
966 /* LBA */
967 iLBA = ((s->uATARegSelect & 0x0f) << 24) | (s->uATARegHCyl << 16) |
968 (s->uATARegLCyl << 8) | s->uATARegSector;
969 }
970 }
971 else
972 {
973 /* CHS */
974 iLBA = ((s->uATARegHCyl << 8) | s->uATARegLCyl) * s->PCHSGeometry.cHeads * s->PCHSGeometry.cSectors +
975 (s->uATARegSelect & 0x0f) * s->PCHSGeometry.cSectors +
976 (s->uATARegSector - 1);
977 }
978 return iLBA;
979}
980
981static void ataSetSector(ATADevState *s, uint64_t iLBA)
982{
983 uint32_t cyl, r;
984 if (s->uATARegSelect & 0x40)
985 {
986 /* any LBA variant */
987 if (s->fLBA48)
988 {
989 /* LBA48 */
990 s->uATARegHCylHOB = iLBA >> 40;
991 s->uATARegLCylHOB = iLBA >> 32;
992 s->uATARegSectorHOB = iLBA >> 24;
993 s->uATARegHCyl = iLBA >> 16;
994 s->uATARegLCyl = iLBA >> 8;
995 s->uATARegSector = iLBA;
996 }
997 else
998 {
999 /* LBA */
1000 s->uATARegSelect = (s->uATARegSelect & 0xf0) | (iLBA >> 24);
1001 s->uATARegHCyl = (iLBA >> 16);
1002 s->uATARegLCyl = (iLBA >> 8);
1003 s->uATARegSector = (iLBA);
1004 }
1005 }
1006 else
1007 {
1008 /* CHS */
1009 cyl = iLBA / (s->PCHSGeometry.cHeads * s->PCHSGeometry.cSectors);
1010 r = iLBA % (s->PCHSGeometry.cHeads * s->PCHSGeometry.cSectors);
1011 s->uATARegHCyl = cyl >> 8;
1012 s->uATARegLCyl = cyl;
1013 s->uATARegSelect = (s->uATARegSelect & 0xf0) | ((r / s->PCHSGeometry.cSectors) & 0x0f);
1014 s->uATARegSector = (r % s->PCHSGeometry.cSectors) + 1;
1015 }
1016}
1017
1018
1019static int ataReadSectors(ATADevState *s, uint64_t u64Sector, void *pvBuf, uint32_t cSectors)
1020{
1021 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
1022 int rc;
1023
1024 PDMCritSectLeave(&pCtl->lock);
1025
1026 STAM_PROFILE_ADV_START(&s->StatReads, r);
1027 s->Led.Asserted.s.fReading = s->Led.Actual.s.fReading = 1;
1028 rc = s->pDrvBlock->pfnRead(s->pDrvBlock, u64Sector * 512, pvBuf, cSectors * 512);
1029 s->Led.Actual.s.fReading = 0;
1030 STAM_PROFILE_ADV_STOP(&s->StatReads, r);
1031
1032 STAM_REL_COUNTER_ADD(&s->StatBytesRead, cSectors * 512);
1033
1034 STAM_PROFILE_START(&pCtl->StatLockWait, a);
1035 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
1036 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
1037 return rc;
1038}
1039
1040
1041static int ataWriteSectors(ATADevState *s, uint64_t u64Sector, const void *pvBuf, uint32_t cSectors)
1042{
1043 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
1044 int rc;
1045
1046 PDMCritSectLeave(&pCtl->lock);
1047
1048 STAM_PROFILE_ADV_START(&s->StatWrites, w);
1049 s->Led.Asserted.s.fWriting = s->Led.Actual.s.fWriting = 1;
1050#ifdef VBOX_INSTRUMENT_DMA_WRITES
1051 if (s->fDMA)
1052 STAM_PROFILE_ADV_START(&s->StatInstrVDWrites, vw);
1053#endif
1054 rc = s->pDrvBlock->pfnWrite(s->pDrvBlock, u64Sector * 512, pvBuf, cSectors * 512);
1055#ifdef VBOX_INSTRUMENT_DMA_WRITES
1056 if (s->fDMA)
1057 STAM_PROFILE_ADV_STOP(&s->StatInstrVDWrites, vw);
1058#endif
1059 s->Led.Actual.s.fWriting = 0;
1060 STAM_PROFILE_ADV_STOP(&s->StatWrites, w);
1061
1062 STAM_REL_COUNTER_ADD(&s->StatBytesWritten, cSectors * 512);
1063
1064 STAM_PROFILE_START(&pCtl->StatLockWait, a);
1065 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
1066 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
1067 return rc;
1068}
1069
1070
1071static void ataReadWriteSectorsBT(ATADevState *s)
1072{
1073 uint32_t cSectors;
1074
1075 cSectors = s->cbTotalTransfer / 512;
1076 if (cSectors > s->cSectorsPerIRQ)
1077 s->cbElementaryTransfer = s->cSectorsPerIRQ * 512;
1078 else
1079 s->cbElementaryTransfer = cSectors * 512;
1080 if (s->uTxDir == PDMBLOCKTXDIR_TO_DEVICE)
1081 ataCmdOK(s, 0);
1082}
1083
1084
1085static void ataWarningDiskFull(PPDMDEVINS pDevIns)
1086{
1087 int rc;
1088 LogRel(("PIIX3 ATA: Host disk full\n"));
1089 rc = VMSetRuntimeError(PDMDevHlpGetVM(pDevIns),
1090 false, "DevATA_DISKFULL",
1091 N_("Host system reported disk full. VM execution is suspended. You can resume after freeing some space"));
1092 AssertRC(rc);
1093}
1094
1095
1096static void ataWarningFileTooBig(PPDMDEVINS pDevIns)
1097{
1098 int rc;
1099 LogRel(("PIIX3 ATA: File too big\n"));
1100 rc = VMSetRuntimeError(PDMDevHlpGetVM(pDevIns),
1101 false, "DevATA_FILETOOBIG",
1102 N_("Host system reported that the file size limit of the host file system has been exceeded. VM execution is suspended. You need to move your virtual hard disk to a filesystem which allows bigger files"));
1103 AssertRC(rc);
1104}
1105
1106
1107static void ataWarningISCSI(PPDMDEVINS pDevIns)
1108{
1109 int rc;
1110 LogRel(("PIIX3 ATA: iSCSI target unavailable\n"));
1111 rc = VMSetRuntimeError(PDMDevHlpGetVM(pDevIns),
1112 false, "DevATA_ISCSIDOWN",
1113 N_("The iSCSI target has stopped responding. VM execution is suspended. You can resume when it is available again"));
1114 AssertRC(rc);
1115}
1116
1117
1118static bool ataReadSectorsSS(ATADevState *s)
1119{
1120 int rc;
1121 uint32_t cSectors;
1122 uint64_t iLBA;
1123
1124 cSectors = s->cbElementaryTransfer / 512;
1125 Assert(cSectors);
1126 iLBA = ataGetSector(s);
1127 Log(("%s: %d sectors at LBA %d\n", __FUNCTION__, cSectors, iLBA));
1128 rc = ataReadSectors(s, iLBA, s->CTX_SUFF(pbIOBuffer), cSectors);
1129 if (RT_SUCCESS(rc))
1130 {
1131 ataSetSector(s, iLBA + cSectors);
1132 if (s->cbElementaryTransfer == s->cbTotalTransfer)
1133 s->iSourceSink = ATAFN_SS_NULL;
1134 ataCmdOK(s, ATA_STAT_SEEK);
1135 }
1136 else
1137 {
1138 if (rc == VERR_DISK_FULL)
1139 {
1140 ataWarningDiskFull(ATADEVSTATE_2_DEVINS(s));
1141 return true;
1142 }
1143 if (rc == VERR_FILE_TOO_BIG)
1144 {
1145 ataWarningFileTooBig(ATADEVSTATE_2_DEVINS(s));
1146 return true;
1147 }
1148 if (rc == VERR_BROKEN_PIPE || rc == VERR_NET_CONNECTION_REFUSED)
1149 {
1150 /* iSCSI connection abort (first error) or failure to reestablish
1151 * connection (second error). Pause VM. On resume we'll retry. */
1152 ataWarningISCSI(ATADEVSTATE_2_DEVINS(s));
1153 return true;
1154 }
1155 if (s->cErrors++ < MAX_LOG_REL_ERRORS)
1156 LogRel(("PIIX3 ATA: LUN#%d: disk read error (rc=%Rrc iSector=%#RX64 cSectors=%#RX32)\n",
1157 s->iLUN, rc, iLBA, cSectors));
1158 ataCmdError(s, ID_ERR);
1159 }
1160 /** @todo implement redo for iSCSI */
1161 return false;
1162}
1163
1164
1165static bool ataWriteSectorsSS(ATADevState *s)
1166{
1167 int rc;
1168 uint32_t cSectors;
1169 uint64_t iLBA;
1170
1171 cSectors = s->cbElementaryTransfer / 512;
1172 Assert(cSectors);
1173 iLBA = ataGetSector(s);
1174 Log(("%s: %d sectors at LBA %d\n", __FUNCTION__, cSectors, iLBA));
1175 rc = ataWriteSectors(s, iLBA, s->CTX_SUFF(pbIOBuffer), cSectors);
1176 if (RT_SUCCESS(rc))
1177 {
1178 ataSetSector(s, iLBA + cSectors);
1179 if (!s->cbTotalTransfer)
1180 s->iSourceSink = ATAFN_SS_NULL;
1181 ataCmdOK(s, ATA_STAT_SEEK);
1182 }
1183 else
1184 {
1185 if (rc == VERR_DISK_FULL)
1186 {
1187 ataWarningDiskFull(ATADEVSTATE_2_DEVINS(s));
1188 return true;
1189 }
1190 if (rc == VERR_FILE_TOO_BIG)
1191 {
1192 ataWarningFileTooBig(ATADEVSTATE_2_DEVINS(s));
1193 return true;
1194 }
1195 if (rc == VERR_BROKEN_PIPE || rc == VERR_NET_CONNECTION_REFUSED)
1196 {
1197 /* iSCSI connection abort (first error) or failure to reestablish
1198 * connection (second error). Pause VM. On resume we'll retry. */
1199 ataWarningISCSI(ATADEVSTATE_2_DEVINS(s));
1200 return true;
1201 }
1202 if (s->cErrors++ < MAX_LOG_REL_ERRORS)
1203 LogRel(("PIIX3 ATA: LUN#%d: disk write error (rc=%Rrc iSector=%#RX64 cSectors=%#RX32)\n",
1204 s->iLUN, rc, iLBA, cSectors));
1205 ataCmdError(s, ID_ERR);
1206 }
1207 /** @todo implement redo for iSCSI */
1208 return false;
1209}
1210
1211
1212static void atapiCmdOK(ATADevState *s)
1213{
1214 s->uATARegError = 0;
1215 ataSetStatusValue(s, ATA_STAT_READY);
1216 s->uATARegNSector = (s->uATARegNSector & ~7)
1217 | ((s->uTxDir != PDMBLOCKTXDIR_TO_DEVICE) ? ATAPI_INT_REASON_IO : 0)
1218 | (!s->cbTotalTransfer ? ATAPI_INT_REASON_CD : 0);
1219 Log2(("%s: interrupt reason %#04x\n", __FUNCTION__, s->uATARegNSector));
1220
1221 memset(s->abATAPISense, '\0', sizeof(s->abATAPISense));
1222 s->abATAPISense[0] = 0x70 | (1 << 7);
1223 s->abATAPISense[7] = 10;
1224}
1225
1226
1227static void atapiCmdError(ATADevState *s, const uint8_t *pabATAPISense, size_t cbATAPISense)
1228{
1229 Log(("%s: sense=%#x (%s) asc=%#x ascq=%#x (%s)\n", __FUNCTION__, pabATAPISense[2] & 0x0f, SCSISenseText(pabATAPISense[2] & 0x0f),
1230 pabATAPISense[12], pabATAPISense[13], SCSISenseExtText(pabATAPISense[12], pabATAPISense[13])));
1231 s->uATARegError = pabATAPISense[2] << 4;
1232 ataSetStatusValue(s, ATA_STAT_READY | ATA_STAT_ERR);
1233 s->uATARegNSector = (s->uATARegNSector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
1234 Log2(("%s: interrupt reason %#04x\n", __FUNCTION__, s->uATARegNSector));
1235 memset(s->abATAPISense, '\0', sizeof(s->abATAPISense));
1236 memcpy(s->abATAPISense, pabATAPISense, RT_MIN(cbATAPISense, sizeof(s->abATAPISense)));
1237 s->cbTotalTransfer = 0;
1238 s->cbElementaryTransfer = 0;
1239 s->iIOBufferCur = 0;
1240 s->iIOBufferEnd = 0;
1241 s->uTxDir = PDMBLOCKTXDIR_NONE;
1242 s->iBeginTransfer = ATAFN_BT_NULL;
1243 s->iSourceSink = ATAFN_SS_NULL;
1244}
1245
1246
1247/** @todo deprecated function - doesn't provide enough info. Replace by direct
1248 * calls to atapiCmdError() with full data. */
1249static void atapiCmdErrorSimple(ATADevState *s, uint8_t uATAPISenseKey, uint8_t uATAPIASC)
1250{
1251 uint8_t abATAPISense[ATAPI_SENSE_SIZE];
1252 memset(abATAPISense, '\0', sizeof(abATAPISense));
1253 abATAPISense[0] = 0x70 | (1 << 7);
1254 abATAPISense[2] = uATAPISenseKey & 0x0f;
1255 abATAPISense[7] = 10;
1256 abATAPISense[12] = uATAPIASC;
1257 atapiCmdError(s, abATAPISense, sizeof(abATAPISense));
1258}
1259
1260
1261static void atapiCmdBT(ATADevState *s)
1262{
1263 s->fATAPITransfer = true;
1264 s->cbElementaryTransfer = s->cbTotalTransfer;
1265 if (s->uTxDir == PDMBLOCKTXDIR_TO_DEVICE)
1266 atapiCmdOK(s);
1267}
1268
1269
1270static void atapiPassthroughCmdBT(ATADevState *s)
1271{
1272 /* @todo implement an algorithm for correctly determining the read and
1273 * write sector size without sending additional commands to the drive.
1274 * This should be doable by saving processing the configuration requests
1275 * and replies. */
1276#if 0
1277 if (s->uTxDir == PDMBLOCKTXDIR_TO_DEVICE)
1278 {
1279 uint8_t cmd = s->aATAPICmd[0];
1280 if (cmd == SCSI_WRITE_10 || cmd == SCSI_WRITE_12 || cmd == SCSI_WRITE_AND_VERIFY_10)
1281 {
1282 uint8_t aModeSenseCmd[10];
1283 uint8_t aModeSenseResult[16];
1284 uint8_t uDummySense;
1285 uint32_t cbTransfer;
1286 int rc;
1287
1288 cbTransfer = sizeof(aModeSenseResult);
1289 aModeSenseCmd[0] = SCSI_MODE_SENSE_10;
1290 aModeSenseCmd[1] = 0x08; /* disable block descriptor = 1 */
1291 aModeSenseCmd[2] = (SCSI_PAGECONTROL_CURRENT << 6) | SCSI_MODEPAGE_WRITE_PARAMETER;
1292 aModeSenseCmd[3] = 0; /* subpage code */
1293 aModeSenseCmd[4] = 0; /* reserved */
1294 aModeSenseCmd[5] = 0; /* reserved */
1295 aModeSenseCmd[6] = 0; /* reserved */
1296 aModeSenseCmd[7] = cbTransfer >> 8;
1297 aModeSenseCmd[8] = cbTransfer & 0xff;
1298 aModeSenseCmd[9] = 0; /* control */
1299 rc = s->pDrvBlock->pfnSendCmd(s->pDrvBlock, aModeSenseCmd, PDMBLOCKTXDIR_FROM_DEVICE, aModeSenseResult, &cbTransfer, &uDummySense, 500);
1300 if (RT_FAILURE(rc))
1301 {
1302 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_NONE);
1303 return;
1304 }
1305 /* Select sector size based on the current data block type. */
1306 switch (aModeSenseResult[12] & 0x0f)
1307 {
1308 case 0:
1309 s->cbATAPISector = 2352;
1310 break;
1311 case 1:
1312 s->cbATAPISector = 2368;
1313 break;
1314 case 2:
1315 case 3:
1316 s->cbATAPISector = 2448;
1317 break;
1318 case 8:
1319 case 10:
1320 s->cbATAPISector = 2048;
1321 break;
1322 case 9:
1323 s->cbATAPISector = 2336;
1324 break;
1325 case 11:
1326 s->cbATAPISector = 2056;
1327 break;
1328 case 12:
1329 s->cbATAPISector = 2324;
1330 break;
1331 case 13:
1332 s->cbATAPISector = 2332;
1333 break;
1334 default:
1335 s->cbATAPISector = 0;
1336 }
1337 Log2(("%s: sector size %d\n", __FUNCTION__, s->cbATAPISector));
1338 s->cbTotalTransfer *= s->cbATAPISector;
1339 if (s->cbTotalTransfer == 0)
1340 s->uTxDir = PDMBLOCKTXDIR_NONE;
1341 }
1342 }
1343#endif
1344 atapiCmdBT(s);
1345}
1346
1347
1348static bool atapiReadSS(ATADevState *s)
1349{
1350 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
1351 int rc = VINF_SUCCESS;
1352 uint32_t cbTransfer, cSectors;
1353
1354 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
1355 cbTransfer = RT_MIN(s->cbTotalTransfer, s->cbIOBuffer);
1356 cSectors = cbTransfer / s->cbATAPISector;
1357 Assert(cSectors * s->cbATAPISector <= cbTransfer);
1358 Log(("%s: %d sectors at LBA %d\n", __FUNCTION__, cSectors, s->iATAPILBA));
1359
1360 PDMCritSectLeave(&pCtl->lock);
1361
1362 STAM_PROFILE_ADV_START(&s->StatReads, r);
1363 s->Led.Asserted.s.fReading = s->Led.Actual.s.fReading = 1;
1364 switch (s->cbATAPISector)
1365 {
1366 case 2048:
1367 rc = s->pDrvBlock->pfnRead(s->pDrvBlock, (uint64_t)s->iATAPILBA * s->cbATAPISector, s->CTX_SUFF(pbIOBuffer), s->cbATAPISector * cSectors);
1368 break;
1369 case 2352:
1370 {
1371 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
1372
1373 for (uint32_t i = s->iATAPILBA; i < s->iATAPILBA + cSectors; i++)
1374 {
1375 /* sync bytes */
1376 *pbBuf++ = 0x00;
1377 memset(pbBuf, 0xff, 11);
1378 pbBuf += 11;
1379 /* MSF */
1380 ataLBA2MSF(pbBuf, i);
1381 pbBuf += 3;
1382 *pbBuf++ = 0x01; /* mode 1 data */
1383 /* data */
1384 rc = s->pDrvBlock->pfnRead(s->pDrvBlock, (uint64_t)i * 2048, pbBuf, 2048);
1385 if (RT_FAILURE(rc))
1386 break;
1387 pbBuf += 2048;
1388 /* ECC */
1389 memset(pbBuf, 0, 288);
1390 pbBuf += 288;
1391 }
1392 }
1393 break;
1394 default:
1395 break;
1396 }
1397 STAM_PROFILE_ADV_STOP(&s->StatReads, r);
1398
1399 STAM_PROFILE_START(&pCtl->StatLockWait, a);
1400 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
1401 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
1402
1403 if (RT_SUCCESS(rc))
1404 {
1405 s->Led.Actual.s.fReading = 0;
1406 STAM_REL_COUNTER_ADD(&s->StatBytesRead, s->cbATAPISector * cSectors);
1407
1408 /* The initial buffer end value has been set up based on the total
1409 * transfer size. But the I/O buffer size limits what can actually be
1410 * done in one transfer, so set the actual value of the buffer end. */
1411 s->cbElementaryTransfer = cbTransfer;
1412 if (cbTransfer >= s->cbTotalTransfer)
1413 s->iSourceSink = ATAFN_SS_NULL;
1414 atapiCmdOK(s);
1415 s->iATAPILBA += cSectors;
1416 }
1417 else
1418 {
1419 if (s->cErrors++ < MAX_LOG_REL_ERRORS)
1420 LogRel(("PIIX3 ATA: LUN#%d: CD-ROM read error, %d sectors at LBA %d\n", s->iLUN, cSectors, s->iATAPILBA));
1421 atapiCmdErrorSimple(s, SCSI_SENSE_MEDIUM_ERROR, SCSI_ASC_READ_ERROR);
1422 }
1423 return false;
1424}
1425
1426
1427static bool atapiPassthroughSS(ATADevState *s)
1428{
1429 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
1430 int rc = VINF_SUCCESS;
1431 uint8_t abATAPISense[ATAPI_SENSE_SIZE];
1432 size_t cbTransfer;
1433 PSTAMPROFILEADV pProf = NULL;
1434
1435 cbTransfer = s->cbElementaryTransfer;
1436
1437 if (s->uTxDir == PDMBLOCKTXDIR_TO_DEVICE)
1438 Log3(("ATAPI PT data write (%d): %.*Rhxs\n", cbTransfer, cbTransfer, s->CTX_SUFF(pbIOBuffer)));
1439
1440 /* Simple heuristics: if there is at least one sector of data
1441 * to transfer, it's worth updating the LEDs. */
1442 if (cbTransfer >= 2048)
1443 {
1444 if (s->uTxDir != PDMBLOCKTXDIR_TO_DEVICE)
1445 {
1446 s->Led.Asserted.s.fReading = s->Led.Actual.s.fReading = 1;
1447 pProf = &s->StatReads;
1448 }
1449 else
1450 {
1451 s->Led.Asserted.s.fWriting = s->Led.Actual.s.fWriting = 1;
1452 pProf = &s->StatWrites;
1453 }
1454 }
1455
1456 PDMCritSectLeave(&pCtl->lock);
1457
1458 if (pProf) { STAM_PROFILE_ADV_START(pProf, b); }
1459 if (cbTransfer > 100 * _1K)
1460 {
1461 /* Linux accepts commands with up to 100KB of data, but expects
1462 * us to handle commands with up to 128KB of data. The usual
1463 * imbalance of powers. */
1464 uint8_t aATAPICmd[ATAPI_PACKET_SIZE];
1465 uint32_t iATAPILBA, cSectors, cReqSectors;
1466 size_t cbCurrTX;
1467 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
1468
1469 switch (s->aATAPICmd[0])
1470 {
1471 case SCSI_READ_10:
1472 case SCSI_WRITE_10:
1473 case SCSI_WRITE_AND_VERIFY_10:
1474 iATAPILBA = ataBE2H_U32(s->aATAPICmd + 2);
1475 cSectors = ataBE2H_U16(s->aATAPICmd + 7);
1476 break;
1477 case SCSI_READ_12:
1478 case SCSI_WRITE_12:
1479 iATAPILBA = ataBE2H_U32(s->aATAPICmd + 2);
1480 cSectors = ataBE2H_U32(s->aATAPICmd + 6);
1481 break;
1482 case SCSI_READ_CD:
1483 iATAPILBA = ataBE2H_U32(s->aATAPICmd + 2);
1484 cSectors = ataBE2H_U24(s->aATAPICmd + 6) / s->cbATAPISector;
1485 break;
1486 case SCSI_READ_CD_MSF:
1487 iATAPILBA = ataMSF2LBA(s->aATAPICmd + 3);
1488 cSectors = ataMSF2LBA(s->aATAPICmd + 6) - iATAPILBA;
1489 break;
1490 default:
1491 AssertMsgFailed(("Don't know how to split command %#04x\n", s->aATAPICmd[0]));
1492 if (s->cErrors++ < MAX_LOG_REL_ERRORS)
1493 LogRel(("PIIX3 ATA: LUN#%d: CD-ROM passthrough split error\n", s->iLUN));
1494 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_ILLEGAL_OPCODE);
1495 {
1496 STAM_PROFILE_START(&pCtl->StatLockWait, a);
1497 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
1498 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
1499 }
1500 return false;
1501 }
1502 memcpy(aATAPICmd, s->aATAPICmd, ATAPI_PACKET_SIZE);
1503 cReqSectors = 0;
1504 for (uint32_t i = cSectors; i > 0; i -= cReqSectors)
1505 {
1506 if (i * s->cbATAPISector > 100 * _1K)
1507 cReqSectors = (100 * _1K) / s->cbATAPISector;
1508 else
1509 cReqSectors = i;
1510 cbCurrTX = s->cbATAPISector * cReqSectors;
1511 switch (s->aATAPICmd[0])
1512 {
1513 case SCSI_READ_10:
1514 case SCSI_WRITE_10:
1515 case SCSI_WRITE_AND_VERIFY_10:
1516 ataH2BE_U32(aATAPICmd + 2, iATAPILBA);
1517 ataH2BE_U16(aATAPICmd + 7, cReqSectors);
1518 break;
1519 case SCSI_READ_12:
1520 case SCSI_WRITE_12:
1521 ataH2BE_U32(aATAPICmd + 2, iATAPILBA);
1522 ataH2BE_U32(aATAPICmd + 6, cReqSectors);
1523 break;
1524 case SCSI_READ_CD:
1525 ataH2BE_U32(s->aATAPICmd + 2, iATAPILBA);
1526 ataH2BE_U24(s->aATAPICmd + 6, cbCurrTX);
1527 break;
1528 case SCSI_READ_CD_MSF:
1529 ataLBA2MSF(aATAPICmd + 3, iATAPILBA);
1530 ataLBA2MSF(aATAPICmd + 6, iATAPILBA + cReqSectors);
1531 break;
1532 }
1533 rc = s->pDrvBlock->pfnSendCmd(s->pDrvBlock, aATAPICmd, (PDMBLOCKTXDIR)s->uTxDir, pbBuf, &cbCurrTX, abATAPISense, sizeof(abATAPISense), 30000 /**< @todo timeout */);
1534 if (rc != VINF_SUCCESS)
1535 break;
1536 iATAPILBA += cReqSectors;
1537 pbBuf += s->cbATAPISector * cReqSectors;
1538 }
1539 }
1540 else
1541 rc = s->pDrvBlock->pfnSendCmd(s->pDrvBlock, s->aATAPICmd, (PDMBLOCKTXDIR)s->uTxDir, s->CTX_SUFF(pbIOBuffer), &cbTransfer, abATAPISense, sizeof(abATAPISense), 30000 /**< @todo timeout */);
1542 if (pProf) { STAM_PROFILE_ADV_STOP(pProf, b); }
1543
1544 STAM_PROFILE_START(&pCtl->StatLockWait, a);
1545 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
1546 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
1547
1548 /* Update the LEDs and the read/write statistics. */
1549 if (cbTransfer >= 2048)
1550 {
1551 if (s->uTxDir != PDMBLOCKTXDIR_TO_DEVICE)
1552 {
1553 s->Led.Actual.s.fReading = 0;
1554 STAM_REL_COUNTER_ADD(&s->StatBytesRead, cbTransfer);
1555 }
1556 else
1557 {
1558 s->Led.Actual.s.fWriting = 0;
1559 STAM_REL_COUNTER_ADD(&s->StatBytesWritten, cbTransfer);
1560 }
1561 }
1562
1563 if (RT_SUCCESS(rc))
1564 {
1565 if (s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE)
1566 {
1567 Assert(cbTransfer <= s->cbTotalTransfer);
1568 /* Reply with the same amount of data as the real drive. */
1569 s->cbTotalTransfer = cbTransfer;
1570 /* The initial buffer end value has been set up based on the total
1571 * transfer size. But the I/O buffer size limits what can actually be
1572 * done in one transfer, so set the actual value of the buffer end. */
1573 s->cbElementaryTransfer = cbTransfer;
1574 if (s->aATAPICmd[0] == SCSI_INQUIRY)
1575 {
1576 /* Make sure that the real drive cannot be identified.
1577 * Motivation: changing the VM configuration should be as
1578 * invisible as possible to the guest. */
1579 Log3(("ATAPI PT inquiry data before (%d): %.*Rhxs\n", cbTransfer, cbTransfer, s->CTX_SUFF(pbIOBuffer)));
1580 ataSCSIPadStr(s->CTX_SUFF(pbIOBuffer) + 8, "VBOX", 8);
1581 ataSCSIPadStr(s->CTX_SUFF(pbIOBuffer) + 16, "CD-ROM", 16);
1582 ataSCSIPadStr(s->CTX_SUFF(pbIOBuffer) + 32, "1.0", 4);
1583 }
1584 if (cbTransfer)
1585 Log3(("ATAPI PT data read (%d): %.*Rhxs\n", cbTransfer, cbTransfer, s->CTX_SUFF(pbIOBuffer)));
1586 }
1587 s->iSourceSink = ATAFN_SS_NULL;
1588 atapiCmdOK(s);
1589 }
1590 else
1591 {
1592 if (s->cErrors < MAX_LOG_REL_ERRORS)
1593 {
1594 uint8_t u8Cmd = s->aATAPICmd[0];
1595 do
1596 {
1597 /* don't log superflous errors */
1598 if ( rc == VERR_DEV_IO_ERROR
1599 && ( u8Cmd == SCSI_TEST_UNIT_READY
1600 || u8Cmd == SCSI_READ_CAPACITY
1601 || u8Cmd == SCSI_READ_DVD_STRUCTURE
1602 || u8Cmd == SCSI_READ_TOC_PMA_ATIP))
1603 break;
1604 s->cErrors++;
1605 LogRel(("PIIX3 ATA: LUN#%d: CD-ROM passthrough cmd=%#04x sense=%d ASC=%#02x ASCQ=%#02x %Rrc\n",
1606 s->iLUN, u8Cmd, abATAPISense[2] & 0x0f, abATAPISense[12], abATAPISense[13], rc));
1607 } while (0);
1608 }
1609 atapiCmdError(s, abATAPISense, sizeof(abATAPISense));
1610 }
1611 return false;
1612}
1613
1614
1615static bool atapiReadSectors(ATADevState *s, uint32_t iATAPILBA, uint32_t cSectors, uint32_t cbSector)
1616{
1617 Assert(cSectors > 0);
1618 s->iATAPILBA = iATAPILBA;
1619 s->cbATAPISector = cbSector;
1620 ataStartTransfer(s, cSectors * cbSector, PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_READ, true);
1621 return false;
1622}
1623
1624
1625static bool atapiReadCapacitySS(ATADevState *s)
1626{
1627 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
1628
1629 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
1630 Assert(s->cbElementaryTransfer <= 8);
1631 ataH2BE_U32(pbBuf, s->cTotalSectors - 1);
1632 ataH2BE_U32(pbBuf + 4, 2048);
1633 s->iSourceSink = ATAFN_SS_NULL;
1634 atapiCmdOK(s);
1635 return false;
1636}
1637
1638
1639static bool atapiReadDiscInformationSS(ATADevState *s)
1640{
1641 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
1642
1643 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
1644 Assert(s->cbElementaryTransfer <= 34);
1645 memset(pbBuf, '\0', 34);
1646 ataH2BE_U16(pbBuf, 32);
1647 pbBuf[2] = (0 << 4) | (3 << 2) | (2 << 0); /* not erasable, complete session, complete disc */
1648 pbBuf[3] = 1; /* number of first track */
1649 pbBuf[4] = 1; /* number of sessions (LSB) */
1650 pbBuf[5] = 1; /* first track number in last session (LSB) */
1651 pbBuf[6] = 1; /* last track number in last session (LSB) */
1652 pbBuf[7] = (0 << 7) | (0 << 6) | (1 << 5) | (0 << 2) | (0 << 0); /* disc id not valid, disc bar code not valid, unrestricted use, not dirty, not RW medium */
1653 pbBuf[8] = 0; /* disc type = CD-ROM */
1654 pbBuf[9] = 0; /* number of sessions (MSB) */
1655 pbBuf[10] = 0; /* number of sessions (MSB) */
1656 pbBuf[11] = 0; /* number of sessions (MSB) */
1657 ataH2BE_U32(pbBuf + 16, 0x00ffffff); /* last session lead-in start time is not available */
1658 ataH2BE_U32(pbBuf + 20, 0x00ffffff); /* last possible start time for lead-out is not available */
1659 s->iSourceSink = ATAFN_SS_NULL;
1660 atapiCmdOK(s);
1661 return false;
1662}
1663
1664
1665static bool atapiReadTrackInformationSS(ATADevState *s)
1666{
1667 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
1668
1669 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
1670 Assert(s->cbElementaryTransfer <= 36);
1671 /* Accept address/number type of 1 only, and only track 1 exists. */
1672 if ((s->aATAPICmd[1] & 0x03) != 1 || ataBE2H_U32(&s->aATAPICmd[2]) != 1)
1673 {
1674 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_INV_FIELD_IN_CMD_PACKET);
1675 return false;
1676 }
1677 memset(pbBuf, '\0', 36);
1678 ataH2BE_U16(pbBuf, 34);
1679 pbBuf[2] = 1; /* track number (LSB) */
1680 pbBuf[3] = 1; /* session number (LSB) */
1681 pbBuf[5] = (0 << 5) | (0 << 4) | (4 << 0); /* not damaged, primary copy, data track */
1682 pbBuf[6] = (0 << 7) | (0 << 6) | (0 << 5) | (0 << 6) | (1 << 0); /* not reserved track, not blank, not packet writing, not fixed packet, data mode 1 */
1683 pbBuf[7] = (0 << 1) | (0 << 0); /* last recorded address not valid, next recordable address not valid */
1684 ataH2BE_U32(pbBuf + 8, 0); /* track start address is 0 */
1685 ataH2BE_U32(pbBuf + 24, s->cTotalSectors); /* track size */
1686 pbBuf[32] = 0; /* track number (MSB) */
1687 pbBuf[33] = 0; /* session number (MSB) */
1688 s->iSourceSink = ATAFN_SS_NULL;
1689 atapiCmdOK(s);
1690 return false;
1691}
1692
1693
1694static bool atapiGetConfigurationSS(ATADevState *s)
1695{
1696 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
1697 uint16_t u16Sfn = ataBE2H_U16(&s->aATAPICmd[2]);
1698
1699 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
1700 Assert(s->cbElementaryTransfer <= 32);
1701 /* Accept valid request types only, and only starting feature 0. */
1702 if ((s->aATAPICmd[1] & 0x03) == 3 || u16Sfn != 0)
1703 {
1704 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_INV_FIELD_IN_CMD_PACKET);
1705 return false;
1706 }
1707 memset(pbBuf, '\0', 32);
1708 ataH2BE_U32(pbBuf, 16);
1709 /** @todo implement switching between CD-ROM and DVD-ROM profile (the only
1710 * way to differentiate them right now is based on the image size). Also
1711 * implement signalling "no current profile" if no medium is loaded. */
1712 ataH2BE_U16(pbBuf + 6, 0x08); /* current profile: read-only CD */
1713
1714 ataH2BE_U16(pbBuf + 8, 0); /* feature 0: list of profiles supported */
1715 pbBuf[10] = (0 << 2) | (1 << 1) | (1 || 0); /* version 0, persistent, current */
1716 pbBuf[11] = 8; /* additional bytes for profiles */
1717 /* The MMC-3 spec says that DVD-ROM read capability should be reported
1718 * before CD-ROM read capability. */
1719 ataH2BE_U16(pbBuf + 12, 0x10); /* profile: read-only DVD */
1720 pbBuf[14] = (0 << 0); /* NOT current profile */
1721 ataH2BE_U16(pbBuf + 16, 0x08); /* profile: read only CD */
1722 pbBuf[18] = (1 << 0); /* current profile */
1723 /* Other profiles we might want to add in the future: 0x40 (BD-ROM) and 0x50 (HDDVD-ROM) */
1724 s->iSourceSink = ATAFN_SS_NULL;
1725 atapiCmdOK(s);
1726 return false;
1727}
1728
1729
1730static bool atapiGetEventStatusNotificationSS(ATADevState *s)
1731{
1732 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
1733
1734 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
1735 Assert(s->cbElementaryTransfer <= 8);
1736
1737 if (!(s->aATAPICmd[1] & 1))
1738 {
1739 /* no asynchronous operation supported */
1740 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_INV_FIELD_IN_CMD_PACKET);
1741 return false;
1742 }
1743
1744 uint32_t OldStatus, NewStatus;
1745 do
1746 {
1747 OldStatus = ASMAtomicReadU32(&s->MediaEventStatus);
1748 NewStatus = ATA_EVENT_STATUS_UNCHANGED;
1749 switch (OldStatus)
1750 {
1751 case ATA_EVENT_STATUS_MEDIA_NEW:
1752 /* mount */
1753 ataH2BE_U16(pbBuf + 0, 6);
1754 pbBuf[2] = 0x04;
1755 pbBuf[3] = 0x5e;
1756 pbBuf[4] = 0x02;
1757 pbBuf[5] = 0x02;
1758 pbBuf[6] = 0x00;
1759 pbBuf[7] = 0x00;
1760 break;
1761
1762 case ATA_EVENT_STATUS_MEDIA_CHANGED:
1763 case ATA_EVENT_STATUS_MEDIA_REMOVED:
1764 /* umount */
1765 ataH2BE_U16(pbBuf + 0, 6);
1766 pbBuf[2] = 0x04;
1767 pbBuf[3] = 0x5e;
1768 pbBuf[4] = 0x03;
1769 pbBuf[5] = 0x00;
1770 pbBuf[6] = 0x00;
1771 pbBuf[7] = 0x00;
1772 if (OldStatus == ATA_EVENT_STATUS_MEDIA_CHANGED)
1773 NewStatus = ATA_EVENT_STATUS_MEDIA_NEW;
1774 break;
1775
1776 case ATA_EVENT_STATUS_UNCHANGED:
1777 default:
1778 ataH2BE_U16(pbBuf + 0, 6);
1779 pbBuf[2] = 0x01;
1780 pbBuf[3] = 0x5e;
1781 pbBuf[4] = 0x00;
1782 pbBuf[5] = 0x00;
1783 pbBuf[6] = 0x00;
1784 pbBuf[7] = 0x00;
1785 break;
1786 }
1787 } while (!ASMAtomicCmpXchgU32(&s->MediaEventStatus, NewStatus, OldStatus));
1788
1789 s->iSourceSink = ATAFN_SS_NULL;
1790 atapiCmdOK(s);
1791 return false;
1792}
1793
1794
1795static bool atapiInquirySS(ATADevState *s)
1796{
1797 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
1798
1799 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
1800 Assert(s->cbElementaryTransfer <= 36);
1801 pbBuf[0] = 0x05; /* CD-ROM */
1802 pbBuf[1] = 0x80; /* removable */
1803#if 1/*ndef VBOX*/ /** @todo implement MESN + AENC. (async notification on removal and stuff.) */
1804 pbBuf[2] = 0x00; /* ISO */
1805 pbBuf[3] = 0x21; /* ATAPI-2 (XXX: put ATAPI-4 ?) */
1806#else
1807 pbBuf[2] = 0x00; /* ISO */
1808 pbBuf[3] = 0x91; /* format 1, MESN=1, AENC=9 ??? */
1809#endif
1810 pbBuf[4] = 31; /* additional length */
1811 pbBuf[5] = 0; /* reserved */
1812 pbBuf[6] = 0; /* reserved */
1813 pbBuf[7] = 0; /* reserved */
1814 ataSCSIPadStr(pbBuf + 8, "VBOX", 8);
1815 ataSCSIPadStr(pbBuf + 16, "CD-ROM", 16);
1816 ataSCSIPadStr(pbBuf + 32, "1.0", 4);
1817 s->iSourceSink = ATAFN_SS_NULL;
1818 atapiCmdOK(s);
1819 return false;
1820}
1821
1822
1823static bool atapiModeSenseErrorRecoverySS(ATADevState *s)
1824{
1825 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
1826
1827 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
1828 Assert(s->cbElementaryTransfer <= 16);
1829 ataH2BE_U16(&pbBuf[0], 16 + 6);
1830 pbBuf[2] = 0x70;
1831 pbBuf[3] = 0;
1832 pbBuf[4] = 0;
1833 pbBuf[5] = 0;
1834 pbBuf[6] = 0;
1835 pbBuf[7] = 0;
1836
1837 pbBuf[8] = 0x01;
1838 pbBuf[9] = 0x06;
1839 pbBuf[10] = 0x00;
1840 pbBuf[11] = 0x05;
1841 pbBuf[12] = 0x00;
1842 pbBuf[13] = 0x00;
1843 pbBuf[14] = 0x00;
1844 pbBuf[15] = 0x00;
1845 s->iSourceSink = ATAFN_SS_NULL;
1846 atapiCmdOK(s);
1847 return false;
1848}
1849
1850
1851static bool atapiModeSenseCDStatusSS(ATADevState *s)
1852{
1853 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
1854
1855 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
1856 Assert(s->cbElementaryTransfer <= 40);
1857 ataH2BE_U16(&pbBuf[0], 38);
1858 pbBuf[2] = 0x70;
1859 pbBuf[3] = 0;
1860 pbBuf[4] = 0;
1861 pbBuf[5] = 0;
1862 pbBuf[6] = 0;
1863 pbBuf[7] = 0;
1864
1865 pbBuf[8] = 0x2a;
1866 pbBuf[9] = 30; /* page length */
1867 pbBuf[10] = 0x08; /* DVD-ROM read support */
1868 pbBuf[11] = 0x00; /* no write support */
1869 /* The following claims we support audio play. This is obviously false,
1870 * but the Linux generic CDROM support makes many features depend on this
1871 * capability. If it's not set, this causes many things to be disabled. */
1872 pbBuf[12] = 0x71; /* multisession support, mode 2 form 1/2 support, audio play */
1873 pbBuf[13] = 0x00; /* no subchannel reads supported */
1874 pbBuf[14] = (1 << 0) | (1 << 3) | (1 << 5); /* lock supported, eject supported, tray type loading mechanism */
1875 if (s->pDrvMount->pfnIsLocked(s->pDrvMount))
1876 pbBuf[14] |= 1 << 1; /* report lock state */
1877 pbBuf[15] = 0; /* no subchannel reads supported, no separate audio volume control, no changer etc. */
1878 ataH2BE_U16(&pbBuf[16], 5632); /* (obsolete) claim 32x speed support */
1879 ataH2BE_U16(&pbBuf[18], 2); /* number of audio volume levels */
1880 ataH2BE_U16(&pbBuf[20], s->cbIOBuffer / _1K); /* buffer size supported in Kbyte */
1881 ataH2BE_U16(&pbBuf[22], 5632); /* (obsolete) current read speed 32x */
1882 pbBuf[24] = 0; /* reserved */
1883 pbBuf[25] = 0; /* reserved for digital audio (see idx 15) */
1884 ataH2BE_U16(&pbBuf[26], 0); /* (obsolete) maximum write speed */
1885 ataH2BE_U16(&pbBuf[28], 0); /* (obsolete) current write speed */
1886 ataH2BE_U16(&pbBuf[30], 0); /* copy management revision supported 0=no CSS */
1887 pbBuf[32] = 0; /* reserved */
1888 pbBuf[33] = 0; /* reserved */
1889 pbBuf[34] = 0; /* reserved */
1890 pbBuf[35] = 1; /* rotation control CAV */
1891 ataH2BE_U16(&pbBuf[36], 0); /* current write speed */
1892 ataH2BE_U16(&pbBuf[38], 0); /* number of write speed performance descriptors */
1893 s->iSourceSink = ATAFN_SS_NULL;
1894 atapiCmdOK(s);
1895 return false;
1896}
1897
1898
1899static bool atapiRequestSenseSS(ATADevState *s)
1900{
1901 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
1902
1903 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
1904 memset(pbBuf, '\0', s->cbElementaryTransfer);
1905 memcpy(pbBuf, s->abATAPISense, RT_MIN(s->cbElementaryTransfer, sizeof(s->abATAPISense)));
1906 s->iSourceSink = ATAFN_SS_NULL;
1907 atapiCmdOK(s);
1908 return false;
1909}
1910
1911
1912static bool atapiMechanismStatusSS(ATADevState *s)
1913{
1914 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
1915
1916 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
1917 Assert(s->cbElementaryTransfer <= 8);
1918 ataH2BE_U16(pbBuf, 0);
1919 /* no current LBA */
1920 pbBuf[2] = 0;
1921 pbBuf[3] = 0;
1922 pbBuf[4] = 0;
1923 pbBuf[5] = 1;
1924 ataH2BE_U16(pbBuf + 6, 0);
1925 s->iSourceSink = ATAFN_SS_NULL;
1926 atapiCmdOK(s);
1927 return false;
1928}
1929
1930
1931static bool atapiReadTOCNormalSS(ATADevState *s)
1932{
1933 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer), *q, iStartTrack;
1934 bool fMSF;
1935 uint32_t cbSize;
1936
1937 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
1938 fMSF = (s->aATAPICmd[1] >> 1) & 1;
1939 iStartTrack = s->aATAPICmd[6];
1940 if (iStartTrack > 1 && iStartTrack != 0xaa)
1941 {
1942 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_INV_FIELD_IN_CMD_PACKET);
1943 return false;
1944 }
1945 q = pbBuf + 2;
1946 *q++ = 1; /* first session */
1947 *q++ = 1; /* last session */
1948 if (iStartTrack <= 1)
1949 {
1950 *q++ = 0; /* reserved */
1951 *q++ = 0x14; /* ADR, control */
1952 *q++ = 1; /* track number */
1953 *q++ = 0; /* reserved */
1954 if (fMSF)
1955 {
1956 *q++ = 0; /* reserved */
1957 ataLBA2MSF(q, 0);
1958 q += 3;
1959 }
1960 else
1961 {
1962 /* sector 0 */
1963 ataH2BE_U32(q, 0);
1964 q += 4;
1965 }
1966 }
1967 /* lead out track */
1968 *q++ = 0; /* reserved */
1969 *q++ = 0x14; /* ADR, control */
1970 *q++ = 0xaa; /* track number */
1971 *q++ = 0; /* reserved */
1972 if (fMSF)
1973 {
1974 *q++ = 0; /* reserved */
1975 ataLBA2MSF(q, s->cTotalSectors);
1976 q += 3;
1977 }
1978 else
1979 {
1980 ataH2BE_U32(q, s->cTotalSectors);
1981 q += 4;
1982 }
1983 cbSize = q - pbBuf;
1984 ataH2BE_U16(pbBuf, cbSize - 2);
1985 if (cbSize < s->cbTotalTransfer)
1986 s->cbTotalTransfer = cbSize;
1987 s->iSourceSink = ATAFN_SS_NULL;
1988 atapiCmdOK(s);
1989 return false;
1990}
1991
1992
1993static bool atapiReadTOCMultiSS(ATADevState *s)
1994{
1995 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
1996 bool fMSF;
1997
1998 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
1999 Assert(s->cbElementaryTransfer <= 12);
2000 fMSF = (s->aATAPICmd[1] >> 1) & 1;
2001 /* multi session: only a single session defined */
2002/** @todo double-check this stuff against what a real drive says for a CD-ROM (not a CD-R) with only a single data session. Maybe solve the problem with "cdrdao read-toc" not being able to figure out whether numbers are in BCD or hex. */
2003 memset(pbBuf, 0, 12);
2004 pbBuf[1] = 0x0a;
2005 pbBuf[2] = 0x01;
2006 pbBuf[3] = 0x01;
2007 pbBuf[5] = 0x14; /* ADR, control */
2008 pbBuf[6] = 1; /* first track in last complete session */
2009 if (fMSF)
2010 {
2011 pbBuf[8] = 0; /* reserved */
2012 ataLBA2MSF(&pbBuf[9], 0);
2013 }
2014 else
2015 {
2016 /* sector 0 */
2017 ataH2BE_U32(pbBuf + 8, 0);
2018 }
2019 s->iSourceSink = ATAFN_SS_NULL;
2020 atapiCmdOK(s);
2021 return false;
2022}
2023
2024
2025static bool atapiReadTOCRawSS(ATADevState *s)
2026{
2027 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer), *q, iStartTrack;
2028 bool fMSF;
2029 uint32_t cbSize;
2030
2031 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2032 fMSF = (s->aATAPICmd[1] >> 1) & 1;
2033 iStartTrack = s->aATAPICmd[6];
2034
2035 q = pbBuf + 2;
2036 *q++ = 1; /* first session */
2037 *q++ = 1; /* last session */
2038
2039 *q++ = 1; /* session number */
2040 *q++ = 0x14; /* data track */
2041 *q++ = 0; /* track number */
2042 *q++ = 0xa0; /* first track in program area */
2043 *q++ = 0; /* min */
2044 *q++ = 0; /* sec */
2045 *q++ = 0; /* frame */
2046 *q++ = 0;
2047 *q++ = 1; /* first track */
2048 *q++ = 0x00; /* disk type CD-DA or CD data */
2049 *q++ = 0;
2050
2051 *q++ = 1; /* session number */
2052 *q++ = 0x14; /* data track */
2053 *q++ = 0; /* track number */
2054 *q++ = 0xa1; /* last track in program area */
2055 *q++ = 0; /* min */
2056 *q++ = 0; /* sec */
2057 *q++ = 0; /* frame */
2058 *q++ = 0;
2059 *q++ = 1; /* last track */
2060 *q++ = 0;
2061 *q++ = 0;
2062
2063 *q++ = 1; /* session number */
2064 *q++ = 0x14; /* data track */
2065 *q++ = 0; /* track number */
2066 *q++ = 0xa2; /* lead-out */
2067 *q++ = 0; /* min */
2068 *q++ = 0; /* sec */
2069 *q++ = 0; /* frame */
2070 if (fMSF)
2071 {
2072 *q++ = 0; /* reserved */
2073 ataLBA2MSF(q, s->cTotalSectors);
2074 q += 3;
2075 }
2076 else
2077 {
2078 ataH2BE_U32(q, s->cTotalSectors);
2079 q += 4;
2080 }
2081
2082 *q++ = 1; /* session number */
2083 *q++ = 0x14; /* ADR, control */
2084 *q++ = 0; /* track number */
2085 *q++ = 1; /* point */
2086 *q++ = 0; /* min */
2087 *q++ = 0; /* sec */
2088 *q++ = 0; /* frame */
2089 if (fMSF)
2090 {
2091 *q++ = 0; /* reserved */
2092 ataLBA2MSF(q, 0);
2093 q += 3;
2094 }
2095 else
2096 {
2097 /* sector 0 */
2098 ataH2BE_U32(q, 0);
2099 q += 4;
2100 }
2101
2102 cbSize = q - pbBuf;
2103 ataH2BE_U16(pbBuf, cbSize - 2);
2104 if (cbSize < s->cbTotalTransfer)
2105 s->cbTotalTransfer = cbSize;
2106 s->iSourceSink = ATAFN_SS_NULL;
2107 atapiCmdOK(s);
2108 return false;
2109}
2110
2111
2112static void atapiParseCmdVirtualATAPI(ATADevState *s)
2113{
2114 const uint8_t *pbPacket;
2115 uint8_t *pbBuf;
2116 uint32_t cbMax;
2117
2118 pbPacket = s->aATAPICmd;
2119 pbBuf = s->CTX_SUFF(pbIOBuffer);
2120 switch (pbPacket[0])
2121 {
2122 case SCSI_TEST_UNIT_READY:
2123 if (s->cNotifiedMediaChange > 0)
2124 {
2125 if (s->cNotifiedMediaChange-- > 2)
2126 atapiCmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIUM_NOT_PRESENT);
2127 else
2128 atapiCmdErrorSimple(s, SCSI_SENSE_UNIT_ATTENTION, SCSI_ASC_MEDIUM_MAY_HAVE_CHANGED); /* media changed */
2129 }
2130 else if (s->pDrvMount->pfnIsMounted(s->pDrvMount))
2131 atapiCmdOK(s);
2132 else
2133 atapiCmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIUM_NOT_PRESENT);
2134 break;
2135 case SCSI_GET_EVENT_STATUS_NOTIFICATION:
2136 cbMax = ataBE2H_U16(pbPacket + 7);
2137 ataStartTransfer(s, RT_MIN(cbMax, 8), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_GET_EVENT_STATUS_NOTIFICATION, true);
2138 break;
2139 case SCSI_MODE_SENSE_10:
2140 {
2141 uint8_t uPageControl, uPageCode;
2142 cbMax = ataBE2H_U16(pbPacket + 7);
2143 uPageControl = pbPacket[2] >> 6;
2144 uPageCode = pbPacket[2] & 0x3f;
2145 switch (uPageControl)
2146 {
2147 case SCSI_PAGECONTROL_CURRENT:
2148 switch (uPageCode)
2149 {
2150 case SCSI_MODEPAGE_ERROR_RECOVERY:
2151 ataStartTransfer(s, RT_MIN(cbMax, 16), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_MODE_SENSE_ERROR_RECOVERY, true);
2152 break;
2153 case SCSI_MODEPAGE_CD_STATUS:
2154 ataStartTransfer(s, RT_MIN(cbMax, 40), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_MODE_SENSE_CD_STATUS, true);
2155 break;
2156 default:
2157 goto error_cmd;
2158 }
2159 break;
2160 case SCSI_PAGECONTROL_CHANGEABLE:
2161 goto error_cmd;
2162 case SCSI_PAGECONTROL_DEFAULT:
2163 goto error_cmd;
2164 default:
2165 case SCSI_PAGECONTROL_SAVED:
2166 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_SAVING_PARAMETERS_NOT_SUPPORTED);
2167 break;
2168 }
2169 }
2170 break;
2171 case SCSI_REQUEST_SENSE:
2172 cbMax = pbPacket[4];
2173 ataStartTransfer(s, RT_MIN(cbMax, 18), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_REQUEST_SENSE, true);
2174 break;
2175 case SCSI_PREVENT_ALLOW_MEDIUM_REMOVAL:
2176 if (s->pDrvMount->pfnIsMounted(s->pDrvMount))
2177 {
2178 if (pbPacket[4] & 1)
2179 s->pDrvMount->pfnLock(s->pDrvMount);
2180 else
2181 s->pDrvMount->pfnUnlock(s->pDrvMount);
2182 atapiCmdOK(s);
2183 }
2184 else
2185 atapiCmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIUM_NOT_PRESENT);
2186 break;
2187 case SCSI_READ_10:
2188 case SCSI_READ_12:
2189 {
2190 uint32_t cSectors, iATAPILBA;
2191
2192 if (s->cNotifiedMediaChange > 0)
2193 {
2194 s->cNotifiedMediaChange-- ;
2195 atapiCmdErrorSimple(s, SCSI_SENSE_UNIT_ATTENTION, SCSI_ASC_MEDIUM_MAY_HAVE_CHANGED); /* media changed */
2196 break;
2197 }
2198 else if (!s->pDrvMount->pfnIsMounted(s->pDrvMount))
2199 {
2200 atapiCmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIUM_NOT_PRESENT);
2201 break;
2202 }
2203 if (pbPacket[0] == SCSI_READ_10)
2204 cSectors = ataBE2H_U16(pbPacket + 7);
2205 else
2206 cSectors = ataBE2H_U32(pbPacket + 6);
2207 iATAPILBA = ataBE2H_U32(pbPacket + 2);
2208 if (cSectors == 0)
2209 {
2210 atapiCmdOK(s);
2211 break;
2212 }
2213 if ((uint64_t)iATAPILBA + cSectors > s->cTotalSectors)
2214 {
2215 /* Rate limited logging, one log line per second. For
2216 * guests that insist on reading from places outside the
2217 * valid area this often generates too many release log
2218 * entries otherwise. */
2219 static uint64_t uLastLogTS = 0;
2220 if (RTTimeMilliTS() >= uLastLogTS + 1000)
2221 {
2222 LogRel(("PIIX3 ATA: LUN#%d: CD-ROM block number %Ld invalid (READ)\n", s->iLUN, (uint64_t)iATAPILBA + cSectors));
2223 uLastLogTS = RTTimeMilliTS();
2224 }
2225 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_LOGICAL_BLOCK_OOR);
2226 break;
2227 }
2228 atapiReadSectors(s, iATAPILBA, cSectors, 2048);
2229 }
2230 break;
2231 case SCSI_READ_CD:
2232 {
2233 uint32_t cSectors, iATAPILBA;
2234
2235 if (s->cNotifiedMediaChange > 0)
2236 {
2237 s->cNotifiedMediaChange-- ;
2238 atapiCmdErrorSimple(s, SCSI_SENSE_UNIT_ATTENTION, SCSI_ASC_MEDIUM_MAY_HAVE_CHANGED); /* media changed */
2239 break;
2240 }
2241 else if (!s->pDrvMount->pfnIsMounted(s->pDrvMount))
2242 {
2243 atapiCmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIUM_NOT_PRESENT);
2244 break;
2245 }
2246 cSectors = (pbPacket[6] << 16) | (pbPacket[7] << 8) | pbPacket[8];
2247 iATAPILBA = ataBE2H_U32(pbPacket + 2);
2248 if (cSectors == 0)
2249 {
2250 atapiCmdOK(s);
2251 break;
2252 }
2253 if ((uint64_t)iATAPILBA + cSectors > s->cTotalSectors)
2254 {
2255 /* Rate limited logging, one log line per second. For
2256 * guests that insist on reading from places outside the
2257 * valid area this often generates too many release log
2258 * entries otherwise. */
2259 static uint64_t uLastLogTS = 0;
2260 if (RTTimeMilliTS() >= uLastLogTS + 1000)
2261 {
2262 LogRel(("PIIX3 ATA: LUN#%d: CD-ROM block number %Ld invalid (READ CD)\n", s->iLUN, (uint64_t)iATAPILBA + cSectors));
2263 uLastLogTS = RTTimeMilliTS();
2264 }
2265 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_LOGICAL_BLOCK_OOR);
2266 break;
2267 }
2268 switch (pbPacket[9] & 0xf8)
2269 {
2270 case 0x00:
2271 /* nothing */
2272 atapiCmdOK(s);
2273 break;
2274 case 0x10:
2275 /* normal read */
2276 atapiReadSectors(s, iATAPILBA, cSectors, 2048);
2277 break;
2278 case 0xf8:
2279 /* read all data */
2280 atapiReadSectors(s, iATAPILBA, cSectors, 2352);
2281 break;
2282 default:
2283 LogRel(("PIIX3 ATA: LUN#%d: CD-ROM sector format not supported\n", s->iLUN));
2284 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_INV_FIELD_IN_CMD_PACKET);
2285 break;
2286 }
2287 }
2288 break;
2289 case SCSI_SEEK_10:
2290 {
2291 uint32_t iATAPILBA;
2292 if (s->cNotifiedMediaChange > 0)
2293 {
2294 s->cNotifiedMediaChange-- ;
2295 atapiCmdErrorSimple(s, SCSI_SENSE_UNIT_ATTENTION, SCSI_ASC_MEDIUM_MAY_HAVE_CHANGED); /* media changed */
2296 break;
2297 }
2298 else if (!s->pDrvMount->pfnIsMounted(s->pDrvMount))
2299 {
2300 atapiCmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIUM_NOT_PRESENT);
2301 break;
2302 }
2303 iATAPILBA = ataBE2H_U32(pbPacket + 2);
2304 if (iATAPILBA > s->cTotalSectors)
2305 {
2306 /* Rate limited logging, one log line per second. For
2307 * guests that insist on seeking to places outside the
2308 * valid area this often generates too many release log
2309 * entries otherwise. */
2310 static uint64_t uLastLogTS = 0;
2311 if (RTTimeMilliTS() >= uLastLogTS + 1000)
2312 {
2313 LogRel(("PIIX3 ATA: LUN#%d: CD-ROM block number %Ld invalid (SEEK)\n", s->iLUN, (uint64_t)iATAPILBA));
2314 uLastLogTS = RTTimeMilliTS();
2315 }
2316 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_LOGICAL_BLOCK_OOR);
2317 break;
2318 }
2319 atapiCmdOK(s);
2320 ataSetStatus(s, ATA_STAT_SEEK); /* Linux expects this. */
2321 }
2322 break;
2323 case SCSI_START_STOP_UNIT:
2324 {
2325 int rc = VINF_SUCCESS;
2326 switch (pbPacket[4] & 3)
2327 {
2328 case 0: /* 00 - Stop motor */
2329 case 1: /* 01 - Start motor */
2330 break;
2331 case 2: /* 10 - Eject media */
2332 /* This must be done from EMT. */
2333 {
2334 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
2335 PPDMDEVINS pDevIns = ATADEVSTATE_2_DEVINS(s);
2336 PVMREQ pReq;
2337
2338 PDMCritSectLeave(&pCtl->lock);
2339 rc = VMR3ReqCall(PDMDevHlpGetVM(pDevIns), VMREQDEST_ANY, &pReq, RT_INDEFINITE_WAIT,
2340 (PFNRT)s->pDrvMount->pfnUnmount, 2, s->pDrvMount, false);
2341 AssertReleaseRC(rc);
2342 VMR3ReqFree(pReq);
2343 {
2344 STAM_PROFILE_START(&pCtl->StatLockWait, a);
2345 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
2346 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
2347 }
2348 }
2349 break;
2350 case 3: /* 11 - Load media */
2351 /** @todo rc = s->pDrvMount->pfnLoadMedia(s->pDrvMount) */
2352 break;
2353 }
2354 if (RT_SUCCESS(rc))
2355 atapiCmdOK(s);
2356 else
2357 atapiCmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIA_LOAD_OR_EJECT_FAILED);
2358 }
2359 break;
2360 case SCSI_MECHANISM_STATUS:
2361 {
2362 cbMax = ataBE2H_U16(pbPacket + 8);
2363 ataStartTransfer(s, RT_MIN(cbMax, 8), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_MECHANISM_STATUS, true);
2364 }
2365 break;
2366 case SCSI_READ_TOC_PMA_ATIP:
2367 {
2368 uint8_t format;
2369
2370 if (s->cNotifiedMediaChange > 0)
2371 {
2372 s->cNotifiedMediaChange-- ;
2373 atapiCmdErrorSimple(s, SCSI_SENSE_UNIT_ATTENTION, SCSI_ASC_MEDIUM_MAY_HAVE_CHANGED); /* media changed */
2374 break;
2375 }
2376 else if (!s->pDrvMount->pfnIsMounted(s->pDrvMount))
2377 {
2378 atapiCmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIUM_NOT_PRESENT);
2379 break;
2380 }
2381 cbMax = ataBE2H_U16(pbPacket + 7);
2382 /* SCSI MMC-3 spec says format is at offset 2 (lower 4 bits),
2383 * but Linux kernel uses offset 9 (topmost 2 bits). Hope that
2384 * the other field is clear... */
2385 format = (pbPacket[2] & 0xf) | (pbPacket[9] >> 6);
2386 switch (format)
2387 {
2388 case 0:
2389 ataStartTransfer(s, cbMax, PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_READ_TOC_NORMAL, true);
2390 break;
2391 case 1:
2392 ataStartTransfer(s, RT_MIN(cbMax, 12), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_READ_TOC_MULTI, true);
2393 break;
2394 case 2:
2395 ataStartTransfer(s, cbMax, PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_READ_TOC_RAW, true);
2396 break;
2397 default:
2398 error_cmd:
2399 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_INV_FIELD_IN_CMD_PACKET);
2400 break;
2401 }
2402 }
2403 break;
2404 case SCSI_READ_CAPACITY:
2405 if (s->cNotifiedMediaChange > 0)
2406 {
2407 s->cNotifiedMediaChange-- ;
2408 atapiCmdErrorSimple(s, SCSI_SENSE_UNIT_ATTENTION, SCSI_ASC_MEDIUM_MAY_HAVE_CHANGED); /* media changed */
2409 break;
2410 }
2411 else if (!s->pDrvMount->pfnIsMounted(s->pDrvMount))
2412 {
2413 atapiCmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIUM_NOT_PRESENT);
2414 break;
2415 }
2416 ataStartTransfer(s, 8, PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_READ_CAPACITY, true);
2417 break;
2418 case SCSI_READ_DISC_INFORMATION:
2419 if (s->cNotifiedMediaChange > 0)
2420 {
2421 s->cNotifiedMediaChange-- ;
2422 atapiCmdErrorSimple(s, SCSI_SENSE_UNIT_ATTENTION, SCSI_ASC_MEDIUM_MAY_HAVE_CHANGED); /* media changed */
2423 break;
2424 }
2425 else if (!s->pDrvMount->pfnIsMounted(s->pDrvMount))
2426 {
2427 atapiCmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIUM_NOT_PRESENT);
2428 break;
2429 }
2430 cbMax = ataBE2H_U16(pbPacket + 7);
2431 ataStartTransfer(s, RT_MIN(cbMax, 34), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_READ_DISC_INFORMATION, true);
2432 break;
2433 case SCSI_READ_TRACK_INFORMATION:
2434 if (s->cNotifiedMediaChange > 0)
2435 {
2436 s->cNotifiedMediaChange-- ;
2437 atapiCmdErrorSimple(s, SCSI_SENSE_UNIT_ATTENTION, SCSI_ASC_MEDIUM_MAY_HAVE_CHANGED); /* media changed */
2438 break;
2439 }
2440 else if (!s->pDrvMount->pfnIsMounted(s->pDrvMount))
2441 {
2442 atapiCmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIUM_NOT_PRESENT);
2443 break;
2444 }
2445 cbMax = ataBE2H_U16(pbPacket + 7);
2446 ataStartTransfer(s, RT_MIN(cbMax, 36), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_READ_TRACK_INFORMATION, true);
2447 break;
2448 case SCSI_GET_CONFIGURATION:
2449 /* No media change stuff here, it can confuse Linux guests. */
2450 cbMax = ataBE2H_U16(pbPacket + 7);
2451 ataStartTransfer(s, RT_MIN(cbMax, 32), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_GET_CONFIGURATION, true);
2452 break;
2453 case SCSI_INQUIRY:
2454 cbMax = ataBE2H_U16(pbPacket + 3);
2455 ataStartTransfer(s, RT_MIN(cbMax, 36), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_INQUIRY, true);
2456 break;
2457 default:
2458 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_ILLEGAL_OPCODE);
2459 break;
2460 }
2461}
2462
2463
2464/*
2465 * Parse ATAPI commands, passing them directly to the CD/DVD drive.
2466 */
2467static void atapiParseCmdPassthrough(ATADevState *s)
2468{
2469 const uint8_t *pbPacket;
2470 uint8_t *pbBuf;
2471 uint32_t cSectors, iATAPILBA;
2472 uint32_t cbTransfer = 0;
2473 PDMBLOCKTXDIR uTxDir = PDMBLOCKTXDIR_NONE;
2474
2475 pbPacket = s->aATAPICmd;
2476 pbBuf = s->CTX_SUFF(pbIOBuffer);
2477 switch (pbPacket[0])
2478 {
2479 case SCSI_BLANK:
2480 goto sendcmd;
2481 case SCSI_CLOSE_TRACK_SESSION:
2482 goto sendcmd;
2483 case SCSI_ERASE_10:
2484 iATAPILBA = ataBE2H_U32(pbPacket + 2);
2485 cbTransfer = ataBE2H_U16(pbPacket + 7);
2486 Log2(("ATAPI PT: lba %d\n", iATAPILBA));
2487 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
2488 goto sendcmd;
2489 case SCSI_FORMAT_UNIT:
2490 cbTransfer = s->uATARegLCyl | (s->uATARegHCyl << 8); /* use ATAPI transfer length */
2491 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
2492 goto sendcmd;
2493 case SCSI_GET_CONFIGURATION:
2494 cbTransfer = ataBE2H_U16(pbPacket + 7);
2495 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
2496 goto sendcmd;
2497 case SCSI_GET_EVENT_STATUS_NOTIFICATION:
2498 cbTransfer = ataBE2H_U16(pbPacket + 7);
2499 if (ASMAtomicReadU32(&s->MediaEventStatus) != ATA_EVENT_STATUS_UNCHANGED)
2500 {
2501 ataStartTransfer(s, RT_MIN(cbTransfer, 8), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_GET_EVENT_STATUS_NOTIFICATION, true);
2502 break;
2503 }
2504 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
2505 goto sendcmd;
2506 case SCSI_GET_PERFORMANCE:
2507 cbTransfer = s->uATARegLCyl | (s->uATARegHCyl << 8); /* use ATAPI transfer length */
2508 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
2509 goto sendcmd;
2510 case SCSI_INQUIRY:
2511 cbTransfer = ataBE2H_U16(pbPacket + 3);
2512 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
2513 goto sendcmd;
2514 case SCSI_LOAD_UNLOAD_MEDIUM:
2515 goto sendcmd;
2516 case SCSI_MECHANISM_STATUS:
2517 cbTransfer = ataBE2H_U16(pbPacket + 8);
2518 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
2519 goto sendcmd;
2520 case SCSI_MODE_SELECT_10:
2521 cbTransfer = ataBE2H_U16(pbPacket + 7);
2522 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
2523 goto sendcmd;
2524 case SCSI_MODE_SENSE_10:
2525 cbTransfer = ataBE2H_U16(pbPacket + 7);
2526 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
2527 goto sendcmd;
2528 case SCSI_PAUSE_RESUME:
2529 goto sendcmd;
2530 case SCSI_PLAY_AUDIO_10:
2531 goto sendcmd;
2532 case SCSI_PLAY_AUDIO_12:
2533 goto sendcmd;
2534 case SCSI_PLAY_AUDIO_MSF:
2535 goto sendcmd;
2536 case SCSI_PREVENT_ALLOW_MEDIUM_REMOVAL:
2537 /** @todo do not forget to unlock when a VM is shut down */
2538 goto sendcmd;
2539 case SCSI_READ_10:
2540 iATAPILBA = ataBE2H_U32(pbPacket + 2);
2541 cSectors = ataBE2H_U16(pbPacket + 7);
2542 Log2(("ATAPI PT: lba %d sectors %d\n", iATAPILBA, cSectors));
2543 s->cbATAPISector = 2048; /**< @todo this size is not always correct */
2544 cbTransfer = cSectors * s->cbATAPISector;
2545 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
2546 goto sendcmd;
2547 case SCSI_READ_12:
2548 iATAPILBA = ataBE2H_U32(pbPacket + 2);
2549 cSectors = ataBE2H_U32(pbPacket + 6);
2550 Log2(("ATAPI PT: lba %d sectors %d\n", iATAPILBA, cSectors));
2551 s->cbATAPISector = 2048; /**< @todo this size is not always correct */
2552 cbTransfer = cSectors * s->cbATAPISector;
2553 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
2554 goto sendcmd;
2555 case SCSI_READ_BUFFER:
2556 cbTransfer = ataBE2H_U24(pbPacket + 6);
2557 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
2558 goto sendcmd;
2559 case SCSI_READ_BUFFER_CAPACITY:
2560 cbTransfer = ataBE2H_U16(pbPacket + 7);
2561 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
2562 goto sendcmd;
2563 case SCSI_READ_CAPACITY:
2564 cbTransfer = 8;
2565 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
2566 goto sendcmd;
2567 case SCSI_READ_CD:
2568 s->cbATAPISector = 2048; /**< @todo this size is not always correct */
2569 cbTransfer = ataBE2H_U24(pbPacket + 6) / s->cbATAPISector * s->cbATAPISector;
2570 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
2571 goto sendcmd;
2572 case SCSI_READ_CD_MSF:
2573 cSectors = ataMSF2LBA(pbPacket + 6) - ataMSF2LBA(pbPacket + 3);
2574 if (cSectors > 32)
2575 cSectors = 32; /* Limit transfer size to 64~74K. Safety first. In any case this can only harm software doing CDDA extraction. */
2576 s->cbATAPISector = 2048; /**< @todo this size is not always correct */
2577 cbTransfer = cSectors * s->cbATAPISector;
2578 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
2579 goto sendcmd;
2580 case SCSI_READ_DISC_INFORMATION:
2581 cbTransfer = ataBE2H_U16(pbPacket + 7);
2582 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
2583 goto sendcmd;
2584 case SCSI_READ_DVD_STRUCTURE:
2585 cbTransfer = ataBE2H_U16(pbPacket + 8);
2586 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
2587 goto sendcmd;
2588 case SCSI_READ_FORMAT_CAPACITIES:
2589 cbTransfer = ataBE2H_U16(pbPacket + 7);
2590 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
2591 goto sendcmd;
2592 case SCSI_READ_SUBCHANNEL:
2593 cbTransfer = ataBE2H_U16(pbPacket + 7);
2594 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
2595 goto sendcmd;
2596 case SCSI_READ_TOC_PMA_ATIP:
2597 cbTransfer = ataBE2H_U16(pbPacket + 7);
2598 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
2599 goto sendcmd;
2600 case SCSI_READ_TRACK_INFORMATION:
2601 cbTransfer = ataBE2H_U16(pbPacket + 7);
2602 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
2603 goto sendcmd;
2604 case SCSI_REPAIR_TRACK:
2605 goto sendcmd;
2606 case SCSI_REPORT_KEY:
2607 cbTransfer = ataBE2H_U16(pbPacket + 8);
2608 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
2609 goto sendcmd;
2610 case SCSI_REQUEST_SENSE:
2611 cbTransfer = pbPacket[4];
2612 if ((s->abATAPISense[2] & 0x0f) != SCSI_SENSE_NONE)
2613 {
2614 ataStartTransfer(s, RT_MIN(cbTransfer, 18), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_REQUEST_SENSE, true);
2615 break;
2616 }
2617 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
2618 goto sendcmd;
2619 case SCSI_RESERVE_TRACK:
2620 goto sendcmd;
2621 case SCSI_SCAN:
2622 goto sendcmd;
2623 case SCSI_SEEK_10:
2624 goto sendcmd;
2625 case SCSI_SEND_CUE_SHEET:
2626 cbTransfer = ataBE2H_U24(pbPacket + 6);
2627 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
2628 goto sendcmd;
2629 case SCSI_SEND_DVD_STRUCTURE:
2630 cbTransfer = ataBE2H_U16(pbPacket + 8);
2631 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
2632 goto sendcmd;
2633 case SCSI_SEND_EVENT:
2634 cbTransfer = ataBE2H_U16(pbPacket + 8);
2635 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
2636 goto sendcmd;
2637 case SCSI_SEND_KEY:
2638 cbTransfer = ataBE2H_U16(pbPacket + 8);
2639 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
2640 goto sendcmd;
2641 case SCSI_SEND_OPC_INFORMATION:
2642 cbTransfer = ataBE2H_U16(pbPacket + 7);
2643 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
2644 goto sendcmd;
2645 case SCSI_SET_CD_SPEED:
2646 goto sendcmd;
2647 case SCSI_SET_READ_AHEAD:
2648 goto sendcmd;
2649 case SCSI_SET_STREAMING:
2650 cbTransfer = ataBE2H_U16(pbPacket + 9);
2651 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
2652 goto sendcmd;
2653 case SCSI_START_STOP_UNIT:
2654 goto sendcmd;
2655 case SCSI_STOP_PLAY_SCAN:
2656 goto sendcmd;
2657 case SCSI_SYNCHRONIZE_CACHE:
2658 goto sendcmd;
2659 case SCSI_TEST_UNIT_READY:
2660 goto sendcmd;
2661 case SCSI_VERIFY_10:
2662 goto sendcmd;
2663 case SCSI_WRITE_10:
2664 iATAPILBA = ataBE2H_U32(pbPacket + 2);
2665 cSectors = ataBE2H_U16(pbPacket + 7);
2666 Log2(("ATAPI PT: lba %d sectors %d\n", iATAPILBA, cSectors));
2667#if 0
2668 /* The sector size is determined by the async I/O thread. */
2669 s->cbATAPISector = 0;
2670 /* Preliminary, will be corrected once the sector size is known. */
2671 cbTransfer = cSectors;
2672#else
2673 s->cbATAPISector = 2048; /**< @todo this size is not always correct */
2674 cbTransfer = cSectors * s->cbATAPISector;
2675#endif
2676 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
2677 goto sendcmd;
2678 case SCSI_WRITE_12:
2679 iATAPILBA = ataBE2H_U32(pbPacket + 2);
2680 cSectors = ataBE2H_U32(pbPacket + 6);
2681 Log2(("ATAPI PT: lba %d sectors %d\n", iATAPILBA, cSectors));
2682#if 0
2683 /* The sector size is determined by the async I/O thread. */
2684 s->cbATAPISector = 0;
2685 /* Preliminary, will be corrected once the sector size is known. */
2686 cbTransfer = cSectors;
2687#else
2688 s->cbATAPISector = 2048; /**< @todo this size is not always correct */
2689 cbTransfer = cSectors * s->cbATAPISector;
2690#endif
2691 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
2692 goto sendcmd;
2693 case SCSI_WRITE_AND_VERIFY_10:
2694 iATAPILBA = ataBE2H_U32(pbPacket + 2);
2695 cSectors = ataBE2H_U16(pbPacket + 7);
2696 Log2(("ATAPI PT: lba %d sectors %d\n", iATAPILBA, cSectors));
2697 /* The sector size is determined by the async I/O thread. */
2698 s->cbATAPISector = 0;
2699 /* Preliminary, will be corrected once the sector size is known. */
2700 cbTransfer = cSectors;
2701 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
2702 goto sendcmd;
2703 case SCSI_WRITE_BUFFER:
2704 switch (pbPacket[1] & 0x1f)
2705 {
2706 case 0x04: /* download microcode */
2707 case 0x05: /* download microcode and save */
2708 case 0x06: /* download microcode with offsets */
2709 case 0x07: /* download microcode with offsets and save */
2710 case 0x0e: /* download microcode with offsets and defer activation */
2711 case 0x0f: /* activate deferred microcode */
2712 LogRel(("PIIX3 ATA: LUN#%d: CD-ROM passthrough command attempted to update firmware, blocked\n", s->iLUN));
2713 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_INV_FIELD_IN_CMD_PACKET);
2714 break;
2715 default:
2716 cbTransfer = ataBE2H_U16(pbPacket + 6);
2717 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
2718 goto sendcmd;
2719 }
2720 break;
2721 case SCSI_REPORT_LUNS: /* Not part of MMC-3, but used by Windows. */
2722 cbTransfer = ataBE2H_U32(pbPacket + 6);
2723 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
2724 goto sendcmd;
2725 case SCSI_REZERO_UNIT:
2726 /* Obsolete command used by cdrecord. What else would one expect?
2727 * This command is not sent to the drive, it is handled internally,
2728 * as the Linux kernel doesn't like it (message "scsi: unknown
2729 * opcode 0x01" in syslog) and replies with a sense code of 0,
2730 * which sends cdrecord to an endless loop. */
2731 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_ILLEGAL_OPCODE);
2732 break;
2733 default:
2734 LogRel(("PIIX3 ATA: LUN#%d: passthrough unimplemented for command %#x\n", s->iLUN, pbPacket[0]));
2735 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_ILLEGAL_OPCODE);
2736 break;
2737 sendcmd:
2738 /* Send a command to the drive, passing data in/out as required. */
2739 Log2(("ATAPI PT: max size %d\n", cbTransfer));
2740 Assert(cbTransfer <= s->cbIOBuffer);
2741 if (cbTransfer == 0)
2742 uTxDir = PDMBLOCKTXDIR_NONE;
2743 ataStartTransfer(s, cbTransfer, uTxDir, ATAFN_BT_ATAPI_PASSTHROUGH_CMD, ATAFN_SS_ATAPI_PASSTHROUGH, true);
2744 }
2745}
2746
2747
2748static void atapiParseCmd(ATADevState *s)
2749{
2750 const uint8_t *pbPacket;
2751
2752 pbPacket = s->aATAPICmd;
2753#ifdef DEBUG
2754 Log(("%s: LUN#%d DMA=%d CMD=%#04x \"%s\"\n", __FUNCTION__, s->iLUN, s->fDMA, pbPacket[0], SCSICmdText(pbPacket[0])));
2755#else /* !DEBUG */
2756 Log(("%s: LUN#%d DMA=%d CMD=%#04x\n", __FUNCTION__, s->iLUN, s->fDMA, pbPacket[0]));
2757#endif /* !DEBUG */
2758 Log2(("%s: limit=%#x packet: %.*Rhxs\n", __FUNCTION__, s->uATARegLCyl | (s->uATARegHCyl << 8), ATAPI_PACKET_SIZE, pbPacket));
2759
2760 if (s->fATAPIPassthrough)
2761 atapiParseCmdPassthrough(s);
2762 else
2763 atapiParseCmdVirtualATAPI(s);
2764}
2765
2766
2767static bool ataPacketSS(ATADevState *s)
2768{
2769 s->fDMA = !!(s->uATARegFeature & 1);
2770 memcpy(s->aATAPICmd, s->CTX_SUFF(pbIOBuffer), ATAPI_PACKET_SIZE);
2771 s->uTxDir = PDMBLOCKTXDIR_NONE;
2772 s->cbTotalTransfer = 0;
2773 s->cbElementaryTransfer = 0;
2774 atapiParseCmd(s);
2775 return false;
2776}
2777
2778
2779/**
2780 * SCSI_GET_EVENT_STATUS_NOTIFICATION should return "medium removed" event
2781 * from now on, regardless if there was a medium inserted or not.
2782 */
2783static void ataMediumRemoved(ATADevState *s)
2784{
2785 ASMAtomicWriteU32(&s->MediaEventStatus, ATA_EVENT_STATUS_MEDIA_REMOVED);
2786}
2787
2788
2789/**
2790 * SCSI_GET_EVENT_STATUS_NOTIFICATION should return "medium inserted". If
2791 * there was already a medium inserted, don't forget to send the "medium
2792 * removed" event first.
2793 */
2794static void ataMediumInserted(ATADevState *s)
2795{
2796 uint32_t OldStatus, NewStatus;
2797 do
2798 {
2799 OldStatus = ASMAtomicReadU32(&s->MediaEventStatus);
2800 switch (OldStatus)
2801 {
2802 case ATA_EVENT_STATUS_MEDIA_CHANGED:
2803 case ATA_EVENT_STATUS_MEDIA_REMOVED:
2804 /* no change, we will send "medium removed" + "medium inserted" */
2805 NewStatus = ATA_EVENT_STATUS_MEDIA_CHANGED;
2806 break;
2807 default:
2808 NewStatus = ATA_EVENT_STATUS_MEDIA_NEW;
2809 break;
2810 }
2811 } while (!ASMAtomicCmpXchgU32(&s->MediaEventStatus, NewStatus, OldStatus));
2812}
2813
2814
2815/**
2816 * Called when a media is mounted.
2817 *
2818 * @param pInterface Pointer to the interface structure containing the called function pointer.
2819 */
2820static DECLCALLBACK(void) ataMountNotify(PPDMIMOUNTNOTIFY pInterface)
2821{
2822 ATADevState *pIf = PDMIMOUNTNOTIFY_2_ATASTATE(pInterface);
2823 Log(("%s: changing LUN#%d\n", __FUNCTION__, pIf->iLUN));
2824
2825 /* Ignore the call if we're called while being attached. */
2826 if (!pIf->pDrvBlock)
2827 return;
2828
2829 if (pIf->fATAPI)
2830 pIf->cTotalSectors = pIf->pDrvBlock->pfnGetSize(pIf->pDrvBlock) / 2048;
2831 else
2832 pIf->cTotalSectors = pIf->pDrvBlock->pfnGetSize(pIf->pDrvBlock) / 512;
2833
2834 /* Report media changed in TEST UNIT and other (probably incorrect) places. */
2835 if (pIf->cNotifiedMediaChange < 2)
2836 pIf->cNotifiedMediaChange = 2;
2837 ataMediumInserted(pIf);
2838}
2839
2840/**
2841 * Called when a media is unmounted
2842 * @param pInterface Pointer to the interface structure containing the called function pointer.
2843 */
2844static DECLCALLBACK(void) ataUnmountNotify(PPDMIMOUNTNOTIFY pInterface)
2845{
2846 ATADevState *pIf = PDMIMOUNTNOTIFY_2_ATASTATE(pInterface);
2847 Log(("%s:\n", __FUNCTION__));
2848 pIf->cTotalSectors = 0;
2849
2850 /*
2851 * Whatever I do, XP will not use the GET MEDIA STATUS nor the EVENT stuff.
2852 * However, it will respond to TEST UNIT with a 0x6 0x28 (media changed) sense code.
2853 * So, we'll give it 4 TEST UNIT command to catch up, two which the media is not
2854 * present and 2 in which it is changed.
2855 */
2856 pIf->cNotifiedMediaChange = 4;
2857 ataMediumRemoved(pIf);
2858}
2859
2860static void ataPacketBT(ATADevState *s)
2861{
2862 s->cbElementaryTransfer = s->cbTotalTransfer;
2863 s->uATARegNSector = (s->uATARegNSector & ~7) | ATAPI_INT_REASON_CD;
2864 Log2(("%s: interrupt reason %#04x\n", __FUNCTION__, s->uATARegNSector));
2865 ataSetStatusValue(s, ATA_STAT_READY);
2866}
2867
2868
2869static void ataResetDevice(ATADevState *s)
2870{
2871 s->cMultSectors = ATA_MAX_MULT_SECTORS;
2872 s->cNotifiedMediaChange = 0;
2873 ASMAtomicWriteU32(&s->MediaEventStatus, ATA_EVENT_STATUS_UNCHANGED);
2874 ataUnsetIRQ(s);
2875
2876 s->uATARegSelect = 0x20;
2877 ataSetStatusValue(s, ATA_STAT_READY);
2878 ataSetSignature(s);
2879 s->cbTotalTransfer = 0;
2880 s->cbElementaryTransfer = 0;
2881 s->iIOBufferPIODataStart = 0;
2882 s->iIOBufferPIODataEnd = 0;
2883 s->iBeginTransfer = ATAFN_BT_NULL;
2884 s->iSourceSink = ATAFN_SS_NULL;
2885 s->fATAPITransfer = false;
2886 s->uATATransferMode = ATA_MODE_UDMA | 2; /* PIIX3 supports only up to UDMA2 */
2887
2888 s->uATARegFeature = 0;
2889}
2890
2891
2892static bool ataExecuteDeviceDiagnosticSS(ATADevState *s)
2893{
2894 ataSetSignature(s);
2895 if (s->fATAPI)
2896 ataSetStatusValue(s, 0); /* NOTE: READY is _not_ set */
2897 else
2898 ataSetStatusValue(s, ATA_STAT_READY);
2899 s->uATARegError = 0x01;
2900 return false;
2901}
2902
2903
2904static void ataParseCmd(ATADevState *s, uint8_t cmd)
2905{
2906#ifdef DEBUG
2907 Log(("%s: LUN#%d CMD=%#04x \"%s\"\n", __FUNCTION__, s->iLUN, cmd, ATACmdText(cmd)));
2908#else /* !DEBUG */
2909 Log(("%s: LUN#%d CMD=%#04x\n", __FUNCTION__, s->iLUN, cmd));
2910#endif /* !DEBUG */
2911 s->fLBA48 = false;
2912 s->fDMA = false;
2913 if (cmd == ATA_IDLE_IMMEDIATE)
2914 {
2915 /* Detect Linux timeout recovery, first tries IDLE IMMEDIATE (which
2916 * would overwrite the failing command unfortunately), then RESET. */
2917 int32_t uCmdWait = -1;
2918 uint64_t uNow = RTTimeNanoTS();
2919 if (s->u64CmdTS)
2920 uCmdWait = (uNow - s->u64CmdTS) / 1000;
2921 LogRel(("PIIX3 ATA: LUN#%d: IDLE IMMEDIATE, CmdIf=%#04x (%d usec ago)\n",
2922 s->iLUN, s->uATARegCommand, uCmdWait));
2923 }
2924 s->uATARegCommand = cmd;
2925 switch (cmd)
2926 {
2927 case ATA_IDENTIFY_DEVICE:
2928 if (s->pDrvBlock && !s->fATAPI)
2929 ataStartTransfer(s, 512, PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_NULL, ATAFN_SS_IDENTIFY, false);
2930 else
2931 {
2932 if (s->fATAPI)
2933 ataSetSignature(s);
2934 ataCmdError(s, ABRT_ERR);
2935 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
2936 }
2937 break;
2938 case ATA_INITIALIZE_DEVICE_PARAMETERS:
2939 case ATA_RECALIBRATE:
2940 ataCmdOK(s, ATA_STAT_SEEK);
2941 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
2942 break;
2943 case ATA_SET_MULTIPLE_MODE:
2944 if ( s->uATARegNSector != 0
2945 && ( s->uATARegNSector > ATA_MAX_MULT_SECTORS
2946 || (s->uATARegNSector & (s->uATARegNSector - 1)) != 0))
2947 {
2948 ataCmdError(s, ABRT_ERR);
2949 }
2950 else
2951 {
2952 Log2(("%s: set multi sector count to %d\n", __FUNCTION__, s->uATARegNSector));
2953 s->cMultSectors = s->uATARegNSector;
2954 ataCmdOK(s, 0);
2955 }
2956 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
2957 break;
2958 case ATA_READ_VERIFY_SECTORS_EXT:
2959 s->fLBA48 = true;
2960 case ATA_READ_VERIFY_SECTORS:
2961 case ATA_READ_VERIFY_SECTORS_WITHOUT_RETRIES:
2962 /* do sector number check ? */
2963 ataCmdOK(s, 0);
2964 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
2965 break;
2966 case ATA_READ_SECTORS_EXT:
2967 s->fLBA48 = true;
2968 case ATA_READ_SECTORS:
2969 case ATA_READ_SECTORS_WITHOUT_RETRIES:
2970 if (!s->pDrvBlock)
2971 goto abort_cmd;
2972 s->cSectorsPerIRQ = 1;
2973 ataStartTransfer(s, ataGetNSectors(s) * 512, PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_READ_WRITE_SECTORS, ATAFN_SS_READ_SECTORS, false);
2974 break;
2975 case ATA_WRITE_SECTORS_EXT:
2976 s->fLBA48 = true;
2977 case ATA_WRITE_SECTORS:
2978 case ATA_WRITE_SECTORS_WITHOUT_RETRIES:
2979 s->cSectorsPerIRQ = 1;
2980 ataStartTransfer(s, ataGetNSectors(s) * 512, PDMBLOCKTXDIR_TO_DEVICE, ATAFN_BT_READ_WRITE_SECTORS, ATAFN_SS_WRITE_SECTORS, false);
2981 break;
2982 case ATA_READ_MULTIPLE_EXT:
2983 s->fLBA48 = true;
2984 case ATA_READ_MULTIPLE:
2985 if (!s->cMultSectors)
2986 goto abort_cmd;
2987 s->cSectorsPerIRQ = s->cMultSectors;
2988 ataStartTransfer(s, ataGetNSectors(s) * 512, PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_READ_WRITE_SECTORS, ATAFN_SS_READ_SECTORS, false);
2989 break;
2990 case ATA_WRITE_MULTIPLE_EXT:
2991 s->fLBA48 = true;
2992 case ATA_WRITE_MULTIPLE:
2993 if (!s->cMultSectors)
2994 goto abort_cmd;
2995 s->cSectorsPerIRQ = s->cMultSectors;
2996 ataStartTransfer(s, ataGetNSectors(s) * 512, PDMBLOCKTXDIR_TO_DEVICE, ATAFN_BT_READ_WRITE_SECTORS, ATAFN_SS_WRITE_SECTORS, false);
2997 break;
2998 case ATA_READ_DMA_EXT:
2999 s->fLBA48 = true;
3000 case ATA_READ_DMA:
3001 case ATA_READ_DMA_WITHOUT_RETRIES:
3002 if (!s->pDrvBlock)
3003 goto abort_cmd;
3004 s->cSectorsPerIRQ = ATA_MAX_MULT_SECTORS;
3005 s->fDMA = true;
3006 ataStartTransfer(s, ataGetNSectors(s) * 512, PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_READ_WRITE_SECTORS, ATAFN_SS_READ_SECTORS, false);
3007 break;
3008 case ATA_WRITE_DMA_EXT:
3009 s->fLBA48 = true;
3010 case ATA_WRITE_DMA:
3011 case ATA_WRITE_DMA_WITHOUT_RETRIES:
3012 if (!s->pDrvBlock)
3013 goto abort_cmd;
3014 s->cSectorsPerIRQ = ATA_MAX_MULT_SECTORS;
3015 s->fDMA = true;
3016 ataStartTransfer(s, ataGetNSectors(s) * 512, PDMBLOCKTXDIR_TO_DEVICE, ATAFN_BT_READ_WRITE_SECTORS, ATAFN_SS_WRITE_SECTORS, false);
3017 break;
3018 case ATA_READ_NATIVE_MAX_ADDRESS_EXT:
3019 s->fLBA48 = true;
3020 ataSetSector(s, s->cTotalSectors - 1);
3021 ataCmdOK(s, 0);
3022 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3023 break;
3024 case ATA_SEEK: /* Used by the SCO OpenServer. Command is marked as obsolete */
3025 ataCmdOK(s, 0);
3026 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3027 break;
3028 case ATA_READ_NATIVE_MAX_ADDRESS:
3029 ataSetSector(s, RT_MIN(s->cTotalSectors, 1 << 28) - 1);
3030 ataCmdOK(s, 0);
3031 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3032 break;
3033 case ATA_CHECK_POWER_MODE:
3034 s->uATARegNSector = 0xff; /* drive active or idle */
3035 ataCmdOK(s, 0);
3036 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3037 break;
3038 case ATA_SET_FEATURES:
3039 Log2(("%s: feature=%#x\n", __FUNCTION__, s->uATARegFeature));
3040 if (!s->pDrvBlock)
3041 goto abort_cmd;
3042 switch (s->uATARegFeature)
3043 {
3044 case 0x02: /* write cache enable */
3045 Log2(("%s: write cache enable\n", __FUNCTION__));
3046 ataCmdOK(s, ATA_STAT_SEEK);
3047 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3048 break;
3049 case 0xaa: /* read look-ahead enable */
3050 Log2(("%s: read look-ahead enable\n", __FUNCTION__));
3051 ataCmdOK(s, ATA_STAT_SEEK);
3052 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3053 break;
3054 case 0x55: /* read look-ahead disable */
3055 Log2(("%s: read look-ahead disable\n", __FUNCTION__));
3056 ataCmdOK(s, ATA_STAT_SEEK);
3057 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3058 break;
3059 case 0xcc: /* reverting to power-on defaults enable */
3060 Log2(("%s: revert to power-on defaults enable\n", __FUNCTION__));
3061 ataCmdOK(s, ATA_STAT_SEEK);
3062 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3063 break;
3064 case 0x66: /* reverting to power-on defaults disable */
3065 Log2(("%s: revert to power-on defaults disable\n", __FUNCTION__));
3066 ataCmdOK(s, ATA_STAT_SEEK);
3067 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3068 break;
3069 case 0x82: /* write cache disable */
3070 Log2(("%s: write cache disable\n", __FUNCTION__));
3071 /* As per the ATA/ATAPI-6 specs, a write cache disable
3072 * command MUST flush the write buffers to disc. */
3073 ataStartTransfer(s, 0, PDMBLOCKTXDIR_NONE, ATAFN_BT_NULL, ATAFN_SS_FLUSH, false);
3074 break;
3075 case 0x03: { /* set transfer mode */
3076 Log2(("%s: transfer mode %#04x\n", __FUNCTION__, s->uATARegNSector));
3077 switch (s->uATARegNSector & 0xf8)
3078 {
3079 case 0x00: /* PIO default */
3080 case 0x08: /* PIO mode */
3081 break;
3082 case ATA_MODE_MDMA: /* MDMA mode */
3083 s->uATATransferMode = (s->uATARegNSector & 0xf8) | RT_MIN(s->uATARegNSector & 0x07, ATA_MDMA_MODE_MAX);
3084 break;
3085 case ATA_MODE_UDMA: /* UDMA mode */
3086 s->uATATransferMode = (s->uATARegNSector & 0xf8) | RT_MIN(s->uATARegNSector & 0x07, ATA_UDMA_MODE_MAX);
3087 break;
3088 default:
3089 goto abort_cmd;
3090 }
3091 ataCmdOK(s, ATA_STAT_SEEK);
3092 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3093 break;
3094 }
3095 default:
3096 goto abort_cmd;
3097 }
3098 /*
3099 * OS/2 workarond:
3100 * The OS/2 IDE driver from MCP2 appears to rely on the feature register being
3101 * reset here. According to the specification, this is a driver bug as the register
3102 * contents are undefined after the call. This means we can just as well reset it.
3103 */
3104 s->uATARegFeature = 0;
3105 break;
3106 case ATA_FLUSH_CACHE_EXT:
3107 case ATA_FLUSH_CACHE:
3108 if (!s->pDrvBlock || s->fATAPI)
3109 goto abort_cmd;
3110 ataStartTransfer(s, 0, PDMBLOCKTXDIR_NONE, ATAFN_BT_NULL, ATAFN_SS_FLUSH, false);
3111 break;
3112 case ATA_STANDBY_IMMEDIATE:
3113 ataCmdOK(s, 0);
3114 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3115 break;
3116 case ATA_IDLE_IMMEDIATE:
3117 LogRel(("PIIX3 ATA: LUN#%d: aborting current command\n", s->iLUN));
3118 ataAbortCurrentCommand(s, false);
3119 break;
3120 /* ATAPI commands */
3121 case ATA_IDENTIFY_PACKET_DEVICE:
3122 if (s->fATAPI)
3123 ataStartTransfer(s, 512, PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_NULL, ATAFN_SS_ATAPI_IDENTIFY, false);
3124 else
3125 {
3126 ataCmdError(s, ABRT_ERR);
3127 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3128 }
3129 break;
3130 case ATA_EXECUTE_DEVICE_DIAGNOSTIC:
3131 ataStartTransfer(s, 0, PDMBLOCKTXDIR_NONE, ATAFN_BT_NULL, ATAFN_SS_EXECUTE_DEVICE_DIAGNOSTIC, false);
3132 break;
3133 case ATA_DEVICE_RESET:
3134 if (!s->fATAPI)
3135 goto abort_cmd;
3136 LogRel(("PIIX3 ATA: LUN#%d: performing device RESET\n", s->iLUN));
3137 ataAbortCurrentCommand(s, true);
3138 break;
3139 case ATA_PACKET:
3140 if (!s->fATAPI)
3141 goto abort_cmd;
3142 /* overlapping commands not supported */
3143 if (s->uATARegFeature & 0x02)
3144 goto abort_cmd;
3145 ataStartTransfer(s, ATAPI_PACKET_SIZE, PDMBLOCKTXDIR_TO_DEVICE, ATAFN_BT_PACKET, ATAFN_SS_PACKET, false);
3146 break;
3147 default:
3148 abort_cmd:
3149 ataCmdError(s, ABRT_ERR);
3150 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3151 break;
3152 }
3153}
3154
3155
3156/**
3157 * Waits for a particular async I/O thread to complete whatever it
3158 * is doing at the moment.
3159 *
3160 * @returns true on success.
3161 * @returns false when the thread is still processing.
3162 * @param pThis Pointer to the controller data.
3163 * @param cMillies How long to wait (total).
3164 */
3165static bool ataWaitForAsyncIOIsIdle(PATACONTROLLER pCtl, unsigned cMillies)
3166{
3167 uint64_t u64Start;
3168
3169 /*
3170 * Wait for any pending async operation to finish
3171 */
3172 u64Start = RTTimeMilliTS();
3173 for (;;)
3174 {
3175 if (ataAsyncIOIsIdle(pCtl, false))
3176 return true;
3177 if (RTTimeMilliTS() - u64Start >= cMillies)
3178 break;
3179
3180 /* Sleep for a bit. */
3181 RTThreadSleep(100);
3182 }
3183
3184 return false;
3185}
3186
3187#endif /* IN_RING3 */
3188
3189static int ataIOPortWriteU8(PATACONTROLLER pCtl, uint32_t addr, uint32_t val)
3190{
3191 Log2(("%s: write addr=%#x val=%#04x\n", __FUNCTION__, addr, val));
3192 addr &= 7;
3193 switch (addr)
3194 {
3195 case 0:
3196 break;
3197 case 1: /* feature register */
3198 /* NOTE: data is written to the two drives */
3199 pCtl->aIfs[0].uATARegDevCtl &= ~ATA_DEVCTL_HOB;
3200 pCtl->aIfs[1].uATARegDevCtl &= ~ATA_DEVCTL_HOB;
3201 pCtl->aIfs[0].uATARegFeatureHOB = pCtl->aIfs[0].uATARegFeature;
3202 pCtl->aIfs[1].uATARegFeatureHOB = pCtl->aIfs[1].uATARegFeature;
3203 pCtl->aIfs[0].uATARegFeature = val;
3204 pCtl->aIfs[1].uATARegFeature = val;
3205 break;
3206 case 2: /* sector count */
3207 pCtl->aIfs[0].uATARegDevCtl &= ~ATA_DEVCTL_HOB;
3208 pCtl->aIfs[1].uATARegDevCtl &= ~ATA_DEVCTL_HOB;
3209 pCtl->aIfs[0].uATARegNSectorHOB = pCtl->aIfs[0].uATARegNSector;
3210 pCtl->aIfs[1].uATARegNSectorHOB = pCtl->aIfs[1].uATARegNSector;
3211 pCtl->aIfs[0].uATARegNSector = val;
3212 pCtl->aIfs[1].uATARegNSector = val;
3213 break;
3214 case 3: /* sector number */
3215 pCtl->aIfs[0].uATARegDevCtl &= ~ATA_DEVCTL_HOB;
3216 pCtl->aIfs[1].uATARegDevCtl &= ~ATA_DEVCTL_HOB;
3217 pCtl->aIfs[0].uATARegSectorHOB = pCtl->aIfs[0].uATARegSector;
3218 pCtl->aIfs[1].uATARegSectorHOB = pCtl->aIfs[1].uATARegSector;
3219 pCtl->aIfs[0].uATARegSector = val;
3220 pCtl->aIfs[1].uATARegSector = val;
3221 break;
3222 case 4: /* cylinder low */
3223 pCtl->aIfs[0].uATARegDevCtl &= ~ATA_DEVCTL_HOB;
3224 pCtl->aIfs[1].uATARegDevCtl &= ~ATA_DEVCTL_HOB;
3225 pCtl->aIfs[0].uATARegLCylHOB = pCtl->aIfs[0].uATARegLCyl;
3226 pCtl->aIfs[1].uATARegLCylHOB = pCtl->aIfs[1].uATARegLCyl;
3227 pCtl->aIfs[0].uATARegLCyl = val;
3228 pCtl->aIfs[1].uATARegLCyl = val;
3229 break;
3230 case 5: /* cylinder high */
3231 pCtl->aIfs[0].uATARegDevCtl &= ~ATA_DEVCTL_HOB;
3232 pCtl->aIfs[1].uATARegDevCtl &= ~ATA_DEVCTL_HOB;
3233 pCtl->aIfs[0].uATARegHCylHOB = pCtl->aIfs[0].uATARegHCyl;
3234 pCtl->aIfs[1].uATARegHCylHOB = pCtl->aIfs[1].uATARegHCyl;
3235 pCtl->aIfs[0].uATARegHCyl = val;
3236 pCtl->aIfs[1].uATARegHCyl = val;
3237 break;
3238 case 6: /* drive/head */
3239 pCtl->aIfs[0].uATARegSelect = (val & ~0x10) | 0xa0;
3240 pCtl->aIfs[1].uATARegSelect = (val | 0x10) | 0xa0;
3241 if (((val >> 4) & 1) != pCtl->iSelectedIf)
3242 {
3243 PPDMDEVINS pDevIns = CONTROLLER_2_DEVINS(pCtl);
3244
3245 /* select another drive */
3246 pCtl->iSelectedIf = (val >> 4) & 1;
3247 /* The IRQ line is multiplexed between the two drives, so
3248 * update the state when switching to another drive. Only need
3249 * to update interrupt line if it is enabled and there is a
3250 * state change. */
3251 if ( !(pCtl->aIfs[pCtl->iSelectedIf].uATARegDevCtl & ATA_DEVCTL_DISABLE_IRQ)
3252 && ( pCtl->aIfs[pCtl->iSelectedIf].fIrqPending
3253 != pCtl->aIfs[pCtl->iSelectedIf ^ 1].fIrqPending))
3254 {
3255 if (pCtl->aIfs[pCtl->iSelectedIf].fIrqPending)
3256 {
3257 Log2(("%s: LUN#%d asserting IRQ (drive select change)\n", __FUNCTION__, pCtl->aIfs[pCtl->iSelectedIf].iLUN));
3258 /* The BMDMA unit unconditionally sets BM_STATUS_INT if
3259 * the interrupt line is asserted. It monitors the line
3260 * for a rising edge. */
3261 pCtl->BmDma.u8Status |= BM_STATUS_INT;
3262 if (pCtl->irq == 16)
3263 PDMDevHlpPCISetIrqNoWait(pDevIns, 0, 1);
3264 else
3265 PDMDevHlpISASetIrqNoWait(pDevIns, pCtl->irq, 1);
3266 }
3267 else
3268 {
3269 Log2(("%s: LUN#%d deasserting IRQ (drive select change)\n", __FUNCTION__, pCtl->aIfs[pCtl->iSelectedIf].iLUN));
3270 if (pCtl->irq == 16)
3271 PDMDevHlpPCISetIrqNoWait(pDevIns, 0, 0);
3272 else
3273 PDMDevHlpISASetIrqNoWait(pDevIns, pCtl->irq, 0);
3274 }
3275 }
3276 }
3277 break;
3278 default:
3279 case 7: /* command */
3280 /* ignore commands to non existant slave */
3281 if (pCtl->iSelectedIf && !pCtl->aIfs[pCtl->iSelectedIf].pDrvBlock)
3282 break;
3283#ifndef IN_RING3
3284 /* Don't do anything complicated in GC */
3285 return VINF_IOM_HC_IOPORT_WRITE;
3286#else /* IN_RING3 */
3287 ataParseCmd(&pCtl->aIfs[pCtl->iSelectedIf], val);
3288#endif /* !IN_RING3 */
3289 }
3290 return VINF_SUCCESS;
3291}
3292
3293
3294static int ataIOPortReadU8(PATACONTROLLER pCtl, uint32_t addr, uint32_t *pu32)
3295{
3296 ATADevState *s = &pCtl->aIfs[pCtl->iSelectedIf];
3297 uint32_t val;
3298 bool fHOB;
3299
3300 fHOB = !!(s->uATARegDevCtl & (1 << 7));
3301 switch (addr & 7)
3302 {
3303 case 0: /* data register */
3304 val = 0xff;
3305 break;
3306 case 1: /* error register */
3307 /* The ATA specification is very terse when it comes to specifying
3308 * the precise effects of reading back the error/feature register.
3309 * The error register (read-only) shares the register number with
3310 * the feature register (write-only), so it seems that it's not
3311 * necessary to support the usual HOB readback here. */
3312 if (!s->pDrvBlock)
3313 val = 0;
3314 else
3315 val = s->uATARegError;
3316 break;
3317 case 2: /* sector count */
3318 if (!s->pDrvBlock)
3319 val = 0;
3320 else if (fHOB)
3321 val = s->uATARegNSectorHOB;
3322 else
3323 val = s->uATARegNSector;
3324 break;
3325 case 3: /* sector number */
3326 if (!s->pDrvBlock)
3327 val = 0;
3328 else if (fHOB)
3329 val = s->uATARegSectorHOB;
3330 else
3331 val = s->uATARegSector;
3332 break;
3333 case 4: /* cylinder low */
3334 if (!s->pDrvBlock)
3335 val = 0;
3336 else if (fHOB)
3337 val = s->uATARegLCylHOB;
3338 else
3339 val = s->uATARegLCyl;
3340 break;
3341 case 5: /* cylinder high */
3342 if (!s->pDrvBlock)
3343 val = 0;
3344 else if (fHOB)
3345 val = s->uATARegHCylHOB;
3346 else
3347 val = s->uATARegHCyl;
3348 break;
3349 case 6: /* drive/head */
3350 /* This register must always work as long as there is at least
3351 * one drive attached to the controller. It is common between
3352 * both drives anyway (completely identical content). */
3353 if (!pCtl->aIfs[0].pDrvBlock && !pCtl->aIfs[1].pDrvBlock)
3354 val = 0;
3355 else
3356 val = s->uATARegSelect;
3357 break;
3358 default:
3359 case 7: /* primary status */
3360 {
3361 /* Counter for number of busy status seen in GC in a row. */
3362 static unsigned cBusy = 0;
3363
3364 if (!s->pDrvBlock)
3365 val = 0;
3366 else
3367 val = s->uATARegStatus;
3368
3369 /* Give the async I/O thread an opportunity to make progress,
3370 * don't let it starve by guests polling frequently. EMT has a
3371 * lower priority than the async I/O thread, but sometimes the
3372 * host OS doesn't care. With some guests we are only allowed to
3373 * be busy for about 5 milliseconds in some situations. Note that
3374 * this is no guarantee for any other VBox thread getting
3375 * scheduled, so this just lowers the CPU load a bit when drives
3376 * are busy. It cannot help with timing problems. */
3377 if (val & ATA_STAT_BUSY)
3378 {
3379#ifdef IN_RING3
3380 cBusy = 0;
3381 PDMCritSectLeave(&pCtl->lock);
3382
3383 RTThreadYield();
3384
3385 {
3386 STAM_PROFILE_START(&pCtl->StatLockWait, a);
3387 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
3388 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
3389 }
3390
3391 val = s->uATARegStatus;
3392#else /* !IN_RING3 */
3393 /* Cannot yield CPU in guest context. And switching to host
3394 * context for each and every busy status is too costly,
3395 * especially on SMP systems where we don't gain much by
3396 * yielding the CPU to someone else. */
3397 if (++cBusy >= 20)
3398 {
3399 cBusy = 0;
3400 return VINF_IOM_HC_IOPORT_READ;
3401 }
3402#endif /* !IN_RING3 */
3403 }
3404 else
3405 cBusy = 0;
3406 ataUnsetIRQ(s);
3407 break;
3408 }
3409 }
3410 Log2(("%s: addr=%#x val=%#04x\n", __FUNCTION__, addr, val));
3411 *pu32 = val;
3412 return VINF_SUCCESS;
3413}
3414
3415
3416static uint32_t ataStatusRead(PATACONTROLLER pCtl, uint32_t addr)
3417{
3418 ATADevState *s = &pCtl->aIfs[pCtl->iSelectedIf];
3419 uint32_t val;
3420
3421 if ((!pCtl->aIfs[0].pDrvBlock && !pCtl->aIfs[1].pDrvBlock) ||
3422 (pCtl->iSelectedIf == 1 && !s->pDrvBlock))
3423 val = 0;
3424 else
3425 val = s->uATARegStatus;
3426 Log2(("%s: addr=%#x val=%#04x\n", __FUNCTION__, addr, val));
3427 return val;
3428}
3429
3430static int ataControlWrite(PATACONTROLLER pCtl, uint32_t addr, uint32_t val)
3431{
3432#ifndef IN_RING3
3433 if ((val ^ pCtl->aIfs[0].uATARegDevCtl) & ATA_DEVCTL_RESET)
3434 return VINF_IOM_HC_IOPORT_WRITE; /* The RESET stuff is too complicated for GC. */
3435#endif /* !IN_RING3 */
3436
3437 Log2(("%s: addr=%#x val=%#04x\n", __FUNCTION__, addr, val));
3438 /* RESET is common for both drives attached to a controller. */
3439 if (!(pCtl->aIfs[0].uATARegDevCtl & ATA_DEVCTL_RESET) &&
3440 (val & ATA_DEVCTL_RESET))
3441 {
3442#ifdef IN_RING3
3443 /* Software RESET low to high */
3444 int32_t uCmdWait0 = -1, uCmdWait1 = -1;
3445 uint64_t uNow = RTTimeNanoTS();
3446 if (pCtl->aIfs[0].u64CmdTS)
3447 uCmdWait0 = (uNow - pCtl->aIfs[0].u64CmdTS) / 1000;
3448 if (pCtl->aIfs[1].u64CmdTS)
3449 uCmdWait1 = (uNow - pCtl->aIfs[1].u64CmdTS) / 1000;
3450 LogRel(("PIIX3 ATA: Ctl#%d: RESET, DevSel=%d AIOIf=%d CmdIf0=%#04x (%d usec ago) CmdIf1=%#04x (%d usec ago)\n",
3451 ATACONTROLLER_IDX(pCtl), pCtl->iSelectedIf, pCtl->iAIOIf,
3452 pCtl->aIfs[0].uATARegCommand, uCmdWait0,
3453 pCtl->aIfs[1].uATARegCommand, uCmdWait1));
3454 pCtl->fReset = true;
3455 /* Everything must be done after the reset flag is set, otherwise
3456 * there are unavoidable races with the currently executing request
3457 * (which might just finish in the mean time). */
3458 pCtl->fChainedTransfer = false;
3459 for (uint32_t i = 0; i < RT_ELEMENTS(pCtl->aIfs); i++)
3460 {
3461 ataResetDevice(&pCtl->aIfs[i]);
3462 /* The following cannot be done using ataSetStatusValue() since the
3463 * reset flag is already set, which suppresses all status changes. */
3464 pCtl->aIfs[i].uATARegStatus = ATA_STAT_BUSY | ATA_STAT_SEEK;
3465 Log2(("%s: LUN#%d status %#04x\n", __FUNCTION__, pCtl->aIfs[i].iLUN, pCtl->aIfs[i].uATARegStatus));
3466 pCtl->aIfs[i].uATARegError = 0x01;
3467 }
3468 ataAsyncIOClearRequests(pCtl);
3469 Log2(("%s: Ctl#%d: message to async I/O thread, resetA\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
3470 if (val & ATA_DEVCTL_HOB)
3471 {
3472 val &= ~ATA_DEVCTL_HOB;
3473 Log2(("%s: ignored setting HOB\n", __FUNCTION__));
3474 }
3475 ataAsyncIOPutRequest(pCtl, &ataResetARequest);
3476#else /* !IN_RING3 */
3477 AssertMsgFailed(("RESET handling is too complicated for GC\n"));
3478#endif /* IN_RING3 */
3479 }
3480 else if ((pCtl->aIfs[0].uATARegDevCtl & ATA_DEVCTL_RESET) &&
3481 !(val & ATA_DEVCTL_RESET))
3482 {
3483#ifdef IN_RING3
3484 /* Software RESET high to low */
3485 Log(("%s: deasserting RESET\n", __FUNCTION__));
3486 Log2(("%s: Ctl#%d: message to async I/O thread, resetC\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
3487 if (val & ATA_DEVCTL_HOB)
3488 {
3489 val &= ~ATA_DEVCTL_HOB;
3490 Log2(("%s: ignored setting HOB\n", __FUNCTION__));
3491 }
3492 ataAsyncIOPutRequest(pCtl, &ataResetCRequest);
3493#else /* !IN_RING3 */
3494 AssertMsgFailed(("RESET handling is too complicated for GC\n"));
3495#endif /* IN_RING3 */
3496 }
3497
3498 /* Change of interrupt disable flag. Update interrupt line if interrupt
3499 * is pending on the current interface. */
3500 if ((val ^ pCtl->aIfs[0].uATARegDevCtl) & ATA_DEVCTL_DISABLE_IRQ
3501 && pCtl->aIfs[pCtl->iSelectedIf].fIrqPending)
3502 {
3503 if (!(val & ATA_DEVCTL_DISABLE_IRQ))
3504 {
3505 Log2(("%s: LUN#%d asserting IRQ (interrupt disable change)\n", __FUNCTION__, pCtl->aIfs[pCtl->iSelectedIf].iLUN));
3506 /* The BMDMA unit unconditionally sets BM_STATUS_INT if the
3507 * interrupt line is asserted. It monitors the line for a rising
3508 * edge. */
3509 pCtl->BmDma.u8Status |= BM_STATUS_INT;
3510 if (pCtl->irq == 16)
3511 PDMDevHlpPCISetIrqNoWait(CONTROLLER_2_DEVINS(pCtl), 0, 1);
3512 else
3513 PDMDevHlpISASetIrqNoWait(CONTROLLER_2_DEVINS(pCtl), pCtl->irq, 1);
3514 }
3515 else
3516 {
3517 Log2(("%s: LUN#%d deasserting IRQ (interrupt disable change)\n", __FUNCTION__, pCtl->aIfs[pCtl->iSelectedIf].iLUN));
3518 if (pCtl->irq == 16)
3519 PDMDevHlpPCISetIrqNoWait(CONTROLLER_2_DEVINS(pCtl), 0, 0);
3520 else
3521 PDMDevHlpISASetIrqNoWait(CONTROLLER_2_DEVINS(pCtl), pCtl->irq, 0);
3522 }
3523 }
3524
3525 if (val & ATA_DEVCTL_HOB)
3526 Log2(("%s: set HOB\n", __FUNCTION__));
3527
3528 pCtl->aIfs[0].uATARegDevCtl = val;
3529 pCtl->aIfs[1].uATARegDevCtl = val;
3530
3531 return VINF_SUCCESS;
3532}
3533
3534#ifdef IN_RING3
3535
3536static void ataPIOTransfer(PATACONTROLLER pCtl)
3537{
3538 ATADevState *s;
3539
3540 s = &pCtl->aIfs[pCtl->iAIOIf];
3541 Log3(("%s: if=%p\n", __FUNCTION__, s));
3542
3543 if (s->cbTotalTransfer && s->iIOBufferCur > s->iIOBufferEnd)
3544 {
3545 LogRel(("PIIX3 ATA: LUN#%d: %s data in the middle of a PIO transfer - VERY SLOW\n", s->iLUN, s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE ? "loading" : "storing"));
3546 /* Any guest OS that triggers this case has a pathetic ATA driver.
3547 * In a real system it would block the CPU via IORDY, here we do it
3548 * very similarly by not continuing with the current instruction
3549 * until the transfer to/from the storage medium is completed. */
3550 if (s->iSourceSink != ATAFN_SS_NULL)
3551 {
3552 bool fRedo;
3553 uint8_t status = s->uATARegStatus;
3554 ataSetStatusValue(s, ATA_STAT_BUSY);
3555 Log2(("%s: calling source/sink function\n", __FUNCTION__));
3556 fRedo = g_apfnSourceSinkFuncs[s->iSourceSink](s);
3557 pCtl->fRedo = fRedo;
3558 if (RT_UNLIKELY(fRedo))
3559 return;
3560 ataSetStatusValue(s, status);
3561 s->iIOBufferCur = 0;
3562 s->iIOBufferEnd = s->cbElementaryTransfer;
3563 }
3564 }
3565 if (s->cbTotalTransfer)
3566 {
3567 if (s->fATAPITransfer)
3568 ataPIOTransferLimitATAPI(s);
3569
3570 if (s->uTxDir == PDMBLOCKTXDIR_TO_DEVICE && s->cbElementaryTransfer > s->cbTotalTransfer)
3571 s->cbElementaryTransfer = s->cbTotalTransfer;
3572
3573 Log2(("%s: %s tx_size=%d elem_tx_size=%d index=%d end=%d\n",
3574 __FUNCTION__, s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE ? "T2I" : "I2T",
3575 s->cbTotalTransfer, s->cbElementaryTransfer,
3576 s->iIOBufferCur, s->iIOBufferEnd));
3577 ataPIOTransferStart(s, s->iIOBufferCur, s->cbElementaryTransfer);
3578 s->cbTotalTransfer -= s->cbElementaryTransfer;
3579 s->iIOBufferCur += s->cbElementaryTransfer;
3580
3581 if (s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE && s->cbElementaryTransfer > s->cbTotalTransfer)
3582 s->cbElementaryTransfer = s->cbTotalTransfer;
3583 }
3584 else
3585 ataPIOTransferStop(s);
3586}
3587
3588
3589DECLINLINE(void) ataPIOTransferFinish(PATACONTROLLER pCtl, ATADevState *s)
3590{
3591 /* Do not interfere with RESET processing if the PIO transfer finishes
3592 * while the RESET line is asserted. */
3593 if (pCtl->fReset)
3594 {
3595 Log2(("%s: Ctl#%d: suppressed continuing PIO transfer as RESET is active\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
3596 return;
3597 }
3598
3599 if ( s->uTxDir == PDMBLOCKTXDIR_TO_DEVICE
3600 || ( s->iSourceSink != ATAFN_SS_NULL
3601 && s->iIOBufferCur >= s->iIOBufferEnd))
3602 {
3603 /* Need to continue the transfer in the async I/O thread. This is
3604 * the case for write operations or generally for not yet finished
3605 * transfers (some data might need to be read). */
3606 ataUnsetStatus(s, ATA_STAT_READY | ATA_STAT_DRQ);
3607 ataSetStatus(s, ATA_STAT_BUSY);
3608
3609 Log2(("%s: Ctl#%d: message to async I/O thread, continuing PIO transfer\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
3610 ataAsyncIOPutRequest(pCtl, &ataPIORequest);
3611 }
3612 else
3613 {
3614 /* Either everything finished (though some data might still be pending)
3615 * or some data is pending before the next read is due. */
3616
3617 /* Continue a previously started transfer. */
3618 ataUnsetStatus(s, ATA_STAT_DRQ);
3619 ataSetStatus(s, ATA_STAT_READY);
3620
3621 if (s->cbTotalTransfer)
3622 {
3623 /* There is more to transfer, happens usually for large ATAPI
3624 * reads - the protocol limits the chunk size to 65534 bytes. */
3625 ataPIOTransfer(pCtl);
3626 ataSetIRQ(s);
3627 }
3628 else
3629 {
3630 Log2(("%s: Ctl#%d: skipping message to async I/O thread, ending PIO transfer\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
3631 /* Finish PIO transfer. */
3632 ataPIOTransfer(pCtl);
3633 Assert(!pCtl->fRedo);
3634 }
3635 }
3636}
3637
3638#endif /* IN_RING3 */
3639
3640static int ataDataWrite(PATACONTROLLER pCtl, uint32_t addr, uint32_t cbSize, const uint8_t *pbBuf)
3641{
3642 ATADevState *s = &pCtl->aIfs[pCtl->iSelectedIf];
3643 uint8_t *p;
3644
3645 if (s->iIOBufferPIODataStart < s->iIOBufferPIODataEnd)
3646 {
3647 Assert(s->uTxDir == PDMBLOCKTXDIR_TO_DEVICE);
3648 p = s->CTX_SUFF(pbIOBuffer) + s->iIOBufferPIODataStart;
3649#ifndef IN_RING3
3650 /* All but the last transfer unit is simple enough for GC, but
3651 * sending a request to the async IO thread is too complicated. */
3652 if (s->iIOBufferPIODataStart + cbSize < s->iIOBufferPIODataEnd)
3653 {
3654 memcpy(p, pbBuf, cbSize);
3655 s->iIOBufferPIODataStart += cbSize;
3656 }
3657 else
3658 return VINF_IOM_HC_IOPORT_WRITE;
3659#else /* IN_RING3 */
3660 memcpy(p, pbBuf, cbSize);
3661 s->iIOBufferPIODataStart += cbSize;
3662 if (s->iIOBufferPIODataStart >= s->iIOBufferPIODataEnd)
3663 ataPIOTransferFinish(pCtl, s);
3664#endif /* !IN_RING3 */
3665 }
3666 else
3667 Log2(("%s: DUMMY data\n", __FUNCTION__));
3668 Log3(("%s: addr=%#x val=%.*Rhxs\n", __FUNCTION__, addr, cbSize, pbBuf));
3669 return VINF_SUCCESS;
3670}
3671
3672static int ataDataRead(PATACONTROLLER pCtl, uint32_t addr, uint32_t cbSize, uint8_t *pbBuf)
3673{
3674 ATADevState *s = &pCtl->aIfs[pCtl->iSelectedIf];
3675 uint8_t *p;
3676
3677 if (s->iIOBufferPIODataStart < s->iIOBufferPIODataEnd)
3678 {
3679 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
3680 p = s->CTX_SUFF(pbIOBuffer) + s->iIOBufferPIODataStart;
3681#ifndef IN_RING3
3682 /* All but the last transfer unit is simple enough for GC, but
3683 * sending a request to the async IO thread is too complicated. */
3684 if (s->iIOBufferPIODataStart + cbSize < s->iIOBufferPIODataEnd)
3685 {
3686 memcpy(pbBuf, p, cbSize);
3687 s->iIOBufferPIODataStart += cbSize;
3688 }
3689 else
3690 return VINF_IOM_HC_IOPORT_READ;
3691#else /* IN_RING3 */
3692 memcpy(pbBuf, p, cbSize);
3693 s->iIOBufferPIODataStart += cbSize;
3694 if (s->iIOBufferPIODataStart >= s->iIOBufferPIODataEnd)
3695 ataPIOTransferFinish(pCtl, s);
3696#endif /* !IN_RING3 */
3697 }
3698 else
3699 {
3700 Log2(("%s: DUMMY data\n", __FUNCTION__));
3701 memset(pbBuf, '\xff', cbSize);
3702 }
3703 Log3(("%s: addr=%#x val=%.*Rhxs\n", __FUNCTION__, addr, cbSize, pbBuf));
3704 return VINF_SUCCESS;
3705}
3706
3707#ifdef IN_RING3
3708
3709static void ataDMATransferStop(ATADevState *s)
3710{
3711 s->cbTotalTransfer = 0;
3712 s->cbElementaryTransfer = 0;
3713 s->iBeginTransfer = ATAFN_BT_NULL;
3714 s->iSourceSink = ATAFN_SS_NULL;
3715}
3716
3717
3718/**
3719 * Perform the entire DMA transfer in one go (unless a source/sink operation
3720 * has to be redone or a RESET comes in between). Unlike the PIO counterpart
3721 * this function cannot handle empty transfers.
3722 *
3723 * @param pCtl Controller for which to perform the transfer.
3724 */
3725static void ataDMATransfer(PATACONTROLLER pCtl)
3726{
3727 PPDMDEVINS pDevIns = CONTROLLER_2_DEVINS(pCtl);
3728 ATADevState *s = &pCtl->aIfs[pCtl->iAIOIf];
3729 bool fRedo;
3730 RTGCPHYS32 pDesc;
3731 uint32_t cbTotalTransfer, cbElementaryTransfer;
3732 uint32_t iIOBufferCur, iIOBufferEnd;
3733 uint32_t dmalen;
3734 PDMBLOCKTXDIR uTxDir;
3735 bool fLastDesc = false;
3736
3737 Assert(sizeof(BMDMADesc) == 8);
3738
3739 fRedo = pCtl->fRedo;
3740 if (RT_LIKELY(!fRedo))
3741 Assert(s->cbTotalTransfer);
3742 uTxDir = (PDMBLOCKTXDIR)s->uTxDir;
3743 cbTotalTransfer = s->cbTotalTransfer;
3744 cbElementaryTransfer = s->cbElementaryTransfer;
3745 iIOBufferCur = s->iIOBufferCur;
3746 iIOBufferEnd = s->iIOBufferEnd;
3747
3748 /* The DMA loop is designed to hold the lock only when absolutely
3749 * necessary. This avoids long freezes should the guest access the
3750 * ATA registers etc. for some reason. */
3751 PDMCritSectLeave(&pCtl->lock);
3752
3753 Log2(("%s: %s tx_size=%d elem_tx_size=%d index=%d end=%d\n",
3754 __FUNCTION__, uTxDir == PDMBLOCKTXDIR_FROM_DEVICE ? "T2I" : "I2T",
3755 cbTotalTransfer, cbElementaryTransfer,
3756 iIOBufferCur, iIOBufferEnd));
3757 for (pDesc = pCtl->pFirstDMADesc; pDesc <= pCtl->pLastDMADesc; pDesc += sizeof(BMDMADesc))
3758 {
3759 BMDMADesc DMADesc;
3760 RTGCPHYS32 pBuffer;
3761 uint32_t cbBuffer;
3762
3763 if (RT_UNLIKELY(fRedo))
3764 {
3765 pBuffer = pCtl->pRedoDMABuffer;
3766 cbBuffer = pCtl->cbRedoDMABuffer;
3767 fLastDesc = pCtl->fRedoDMALastDesc;
3768 }
3769 else
3770 {
3771 PDMDevHlpPhysRead(pDevIns, pDesc, &DMADesc, sizeof(BMDMADesc));
3772 pBuffer = RT_LE2H_U32(DMADesc.pBuffer);
3773 cbBuffer = RT_LE2H_U32(DMADesc.cbBuffer);
3774 fLastDesc = !!(cbBuffer & 0x80000000);
3775 cbBuffer &= 0xfffe;
3776 if (cbBuffer == 0)
3777 cbBuffer = 0x10000;
3778 if (cbBuffer > cbTotalTransfer)
3779 cbBuffer = cbTotalTransfer;
3780 }
3781
3782 while (RT_UNLIKELY(fRedo) || (cbBuffer && cbTotalTransfer))
3783 {
3784 if (RT_LIKELY(!fRedo))
3785 {
3786 dmalen = RT_MIN(cbBuffer, iIOBufferEnd - iIOBufferCur);
3787 Log2(("%s: DMA desc %#010x: addr=%#010x size=%#010x\n", __FUNCTION__,
3788 (int)pDesc, pBuffer, cbBuffer));
3789 if (uTxDir == PDMBLOCKTXDIR_FROM_DEVICE)
3790 PDMDevHlpPhysWrite(pDevIns, pBuffer, s->CTX_SUFF(pbIOBuffer) + iIOBufferCur, dmalen);
3791 else
3792 PDMDevHlpPhysRead(pDevIns, pBuffer, s->CTX_SUFF(pbIOBuffer) + iIOBufferCur, dmalen);
3793 iIOBufferCur += dmalen;
3794 cbTotalTransfer -= dmalen;
3795 cbBuffer -= dmalen;
3796 pBuffer += dmalen;
3797 }
3798 if ( iIOBufferCur == iIOBufferEnd
3799 && (uTxDir == PDMBLOCKTXDIR_TO_DEVICE || cbTotalTransfer))
3800 {
3801 if (uTxDir == PDMBLOCKTXDIR_FROM_DEVICE && cbElementaryTransfer > cbTotalTransfer)
3802 cbElementaryTransfer = cbTotalTransfer;
3803
3804 {
3805 STAM_PROFILE_START(&pCtl->StatLockWait, a);
3806 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
3807 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
3808 }
3809
3810 /* The RESET handler could have cleared the DMA transfer
3811 * state (since we didn't hold the lock until just now
3812 * the guest can continue in parallel). If so, the state
3813 * is already set up so the loop is exited immediately. */
3814 if (s->iSourceSink != ATAFN_SS_NULL)
3815 {
3816 s->iIOBufferCur = iIOBufferCur;
3817 s->iIOBufferEnd = iIOBufferEnd;
3818 s->cbElementaryTransfer = cbElementaryTransfer;
3819 s->cbTotalTransfer = cbTotalTransfer;
3820 Log2(("%s: calling source/sink function\n", __FUNCTION__));
3821 fRedo = g_apfnSourceSinkFuncs[s->iSourceSink](s);
3822 if (RT_UNLIKELY(fRedo))
3823 {
3824 pCtl->pFirstDMADesc = pDesc;
3825 pCtl->pRedoDMABuffer = pBuffer;
3826 pCtl->cbRedoDMABuffer = cbBuffer;
3827 pCtl->fRedoDMALastDesc = fLastDesc;
3828 }
3829 else
3830 {
3831 cbTotalTransfer = s->cbTotalTransfer;
3832 cbElementaryTransfer = s->cbElementaryTransfer;
3833
3834 if (uTxDir == PDMBLOCKTXDIR_TO_DEVICE && cbElementaryTransfer > cbTotalTransfer)
3835 cbElementaryTransfer = cbTotalTransfer;
3836 iIOBufferCur = 0;
3837 iIOBufferEnd = cbElementaryTransfer;
3838 }
3839 pCtl->fRedo = fRedo;
3840 }
3841 else
3842 {
3843 /* This forces the loop to exit immediately. */
3844 pDesc = pCtl->pLastDMADesc + 1;
3845 }
3846
3847 PDMCritSectLeave(&pCtl->lock);
3848 if (RT_UNLIKELY(fRedo))
3849 break;
3850 }
3851 }
3852
3853 if (RT_UNLIKELY(fRedo))
3854 break;
3855
3856 /* end of transfer */
3857 if (!cbTotalTransfer || fLastDesc)
3858 break;
3859
3860 {
3861 STAM_PROFILE_START(&pCtl->StatLockWait, a);
3862 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
3863 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
3864 }
3865
3866 if (!(pCtl->BmDma.u8Cmd & BM_CMD_START) || pCtl->fReset)
3867 {
3868 LogRel(("PIIX3 ATA: Ctl#%d: ABORT DMA%s\n", ATACONTROLLER_IDX(pCtl), pCtl->fReset ? " due to RESET" : ""));
3869 if (!pCtl->fReset)
3870 ataDMATransferStop(s);
3871 /* This forces the loop to exit immediately. */
3872 pDesc = pCtl->pLastDMADesc + 1;
3873 }
3874
3875 PDMCritSectLeave(&pCtl->lock);
3876 }
3877
3878 {
3879 STAM_PROFILE_START(&pCtl->StatLockWait, a);
3880 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
3881 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
3882 }
3883
3884 if (RT_UNLIKELY(fRedo))
3885 return;
3886
3887 if (fLastDesc)
3888 pCtl->BmDma.u8Status &= ~BM_STATUS_DMAING;
3889 s->cbTotalTransfer = cbTotalTransfer;
3890 s->cbElementaryTransfer = cbElementaryTransfer;
3891 s->iIOBufferCur = iIOBufferCur;
3892 s->iIOBufferEnd = iIOBufferEnd;
3893}
3894
3895
3896/**
3897 * Suspend I/O operations on a controller. Also suspends EMT, because it's
3898 * waiting for I/O to make progress. The next attempt to perform an I/O
3899 * operation will be made when EMT is resumed up again (as the resume
3900 * callback below restarts I/O).
3901 *
3902 * @param pCtl Controller for which to suspend I/O.
3903 */
3904static void ataSuspendRedo(PATACONTROLLER pCtl)
3905{
3906 PPDMDEVINS pDevIns = CONTROLLER_2_DEVINS(pCtl);
3907 PVMREQ pReq;
3908 int rc;
3909
3910 pCtl->fRedoIdle = true;
3911 rc = VMR3ReqCall(PDMDevHlpGetVM(pDevIns), VMREQDEST_ANY, &pReq, RT_INDEFINITE_WAIT,
3912 (PFNRT)PDMDevHlpVMSuspend, 1, pDevIns);
3913 AssertReleaseRC(rc);
3914 VMR3ReqFree(pReq);
3915}
3916
3917/** Asynch I/O thread for an interface. Once upon a time this was readable
3918 * code with several loops and a different semaphore for each purpose. But
3919 * then came the "how can one save the state in the middle of a PIO transfer"
3920 * question. The solution was to use an ASM, which is what's there now. */
3921static DECLCALLBACK(int) ataAsyncIOLoop(RTTHREAD ThreadSelf, void *pvUser)
3922{
3923 const ATARequest *pReq;
3924 uint64_t u64TS = 0; /* shut up gcc */
3925 uint64_t uWait;
3926 int rc = VINF_SUCCESS;
3927 PATACONTROLLER pCtl = (PATACONTROLLER)pvUser;
3928 ATADevState *s;
3929
3930 pReq = NULL;
3931 pCtl->fChainedTransfer = false;
3932 while (!pCtl->fShutdown)
3933 {
3934 /* Keep this thread from doing anything as long as EMT is suspended. */
3935 while (pCtl->fRedoIdle)
3936 {
3937 rc = RTSemEventWait(pCtl->SuspendIOSem, RT_INDEFINITE_WAIT);
3938 if (RT_FAILURE(rc) || pCtl->fShutdown)
3939 break;
3940
3941 pCtl->fRedoIdle = false;
3942 }
3943
3944 /* Wait for work. */
3945 if (pReq == NULL)
3946 {
3947 LogBird(("ata: %x: going to sleep...\n", pCtl->IOPortBase1));
3948 rc = RTSemEventWait(pCtl->AsyncIOSem, RT_INDEFINITE_WAIT);
3949 LogBird(("ata: %x: waking up\n", pCtl->IOPortBase1));
3950 if (RT_FAILURE(rc) || pCtl->fShutdown)
3951 break;
3952
3953 pReq = ataAsyncIOGetCurrentRequest(pCtl);
3954 }
3955
3956 if (pReq == NULL)
3957 continue;
3958
3959 ATAAIO ReqType = pReq->ReqType;
3960
3961 Log2(("%s: Ctl#%d: state=%d, req=%d\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl), pCtl->uAsyncIOState, ReqType));
3962 if (pCtl->uAsyncIOState != ReqType)
3963 {
3964 /* The new state is not the state that was expected by the normal
3965 * state changes. This is either a RESET/ABORT or there's something
3966 * really strange going on. */
3967 if ( (pCtl->uAsyncIOState == ATA_AIO_PIO || pCtl->uAsyncIOState == ATA_AIO_DMA)
3968 && (ReqType == ATA_AIO_PIO || ReqType == ATA_AIO_DMA))
3969 {
3970 /* Incorrect sequence of PIO/DMA states. Dump request queue. */
3971 ataAsyncIODumpRequests(pCtl);
3972 }
3973 AssertReleaseMsg(ReqType == ATA_AIO_RESET_ASSERTED || ReqType == ATA_AIO_RESET_CLEARED || ReqType == ATA_AIO_ABORT || pCtl->uAsyncIOState == ReqType, ("I/O state inconsistent: state=%d request=%d\n", pCtl->uAsyncIOState, ReqType));
3974 }
3975
3976 /* Do our work. */
3977 {
3978 STAM_PROFILE_START(&pCtl->StatLockWait, a);
3979 LogBird(("ata: %x: entering critsect\n", pCtl->IOPortBase1));
3980 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
3981 LogBird(("ata: %x: entered\n", pCtl->IOPortBase1));
3982 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
3983 }
3984
3985 if (pCtl->uAsyncIOState == ATA_AIO_NEW && !pCtl->fChainedTransfer)
3986 {
3987 u64TS = RTTimeNanoTS();
3988#if defined(DEBUG) || defined(VBOX_WITH_STATISTICS)
3989 STAM_PROFILE_ADV_START(&pCtl->StatAsyncTime, a);
3990#endif /* DEBUG || VBOX_WITH_STATISTICS */
3991 }
3992
3993 switch (ReqType)
3994 {
3995 case ATA_AIO_NEW:
3996
3997 pCtl->iAIOIf = pReq->u.t.iIf;
3998 s = &pCtl->aIfs[pCtl->iAIOIf];
3999 s->cbTotalTransfer = pReq->u.t.cbTotalTransfer;
4000 s->uTxDir = pReq->u.t.uTxDir;
4001 s->iBeginTransfer = pReq->u.t.iBeginTransfer;
4002 s->iSourceSink = pReq->u.t.iSourceSink;
4003 s->iIOBufferEnd = 0;
4004 s->u64CmdTS = u64TS;
4005
4006 if (s->fATAPI)
4007 {
4008 if (pCtl->fChainedTransfer)
4009 {
4010 /* Only count the actual transfers, not the PIO
4011 * transfer of the ATAPI command bytes. */
4012 if (s->fDMA)
4013 STAM_REL_COUNTER_INC(&s->StatATAPIDMA);
4014 else
4015 STAM_REL_COUNTER_INC(&s->StatATAPIPIO);
4016 }
4017 }
4018 else
4019 {
4020 if (s->fDMA)
4021 STAM_REL_COUNTER_INC(&s->StatATADMA);
4022 else
4023 STAM_REL_COUNTER_INC(&s->StatATAPIO);
4024 }
4025
4026 pCtl->fChainedTransfer = false;
4027
4028 if (s->iBeginTransfer != ATAFN_BT_NULL)
4029 {
4030 Log2(("%s: Ctl#%d: calling begin transfer function\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
4031 g_apfnBeginTransFuncs[s->iBeginTransfer](s);
4032 s->iBeginTransfer = ATAFN_BT_NULL;
4033 if (s->uTxDir != PDMBLOCKTXDIR_FROM_DEVICE)
4034 s->iIOBufferEnd = s->cbElementaryTransfer;
4035 }
4036 else
4037 {
4038 s->cbElementaryTransfer = s->cbTotalTransfer;
4039 s->iIOBufferEnd = s->cbTotalTransfer;
4040 }
4041 s->iIOBufferCur = 0;
4042
4043 if (s->uTxDir != PDMBLOCKTXDIR_TO_DEVICE)
4044 {
4045 if (s->iSourceSink != ATAFN_SS_NULL)
4046 {
4047 bool fRedo;
4048 Log2(("%s: Ctl#%d: calling source/sink function\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
4049 fRedo = g_apfnSourceSinkFuncs[s->iSourceSink](s);
4050 pCtl->fRedo = fRedo;
4051 if (RT_UNLIKELY(fRedo))
4052 {
4053 /* Operation failed at the initial transfer, restart
4054 * everything from scratch by resending the current
4055 * request. Occurs very rarely, not worth optimizing. */
4056 LogRel(("%s: Ctl#%d: redo entire operation\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
4057 ataAsyncIOPutRequest(pCtl, pReq);
4058 ataSuspendRedo(pCtl);
4059 break;
4060 }
4061 }
4062 else
4063 ataCmdOK(s, 0);
4064 s->iIOBufferEnd = s->cbElementaryTransfer;
4065
4066 }
4067
4068 /* Do not go into the transfer phase if RESET is asserted.
4069 * The CritSect is released while waiting for the host OS
4070 * to finish the I/O, thus RESET is possible here. Most
4071 * important: do not change uAsyncIOState. */
4072 if (pCtl->fReset)
4073 break;
4074
4075 if (s->fDMA)
4076 {
4077 if (s->cbTotalTransfer)
4078 {
4079 ataSetStatus(s, ATA_STAT_DRQ);
4080
4081 pCtl->uAsyncIOState = ATA_AIO_DMA;
4082 /* If BMDMA is already started, do the transfer now. */
4083 if (pCtl->BmDma.u8Cmd & BM_CMD_START)
4084 {
4085 Log2(("%s: Ctl#%d: message to async I/O thread, continuing DMA transfer immediately\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
4086 ataAsyncIOPutRequest(pCtl, &ataDMARequest);
4087 }
4088 }
4089 else
4090 {
4091 Assert(s->uTxDir == PDMBLOCKTXDIR_NONE); /* Any transfer which has an initial transfer size of 0 must be marked as such. */
4092 /* Finish DMA transfer. */
4093 ataDMATransferStop(s);
4094 ataSetIRQ(s);
4095 pCtl->uAsyncIOState = ATA_AIO_NEW;
4096 }
4097 }
4098 else
4099 {
4100 if (s->cbTotalTransfer)
4101 {
4102 ataPIOTransfer(pCtl);
4103 Assert(!pCtl->fRedo);
4104 if (s->fATAPITransfer || s->uTxDir != PDMBLOCKTXDIR_TO_DEVICE)
4105 ataSetIRQ(s);
4106
4107 if (s->uTxDir == PDMBLOCKTXDIR_TO_DEVICE || s->iSourceSink != ATAFN_SS_NULL)
4108 {
4109 /* Write operations and not yet finished transfers
4110 * must be completed in the async I/O thread. */
4111 pCtl->uAsyncIOState = ATA_AIO_PIO;
4112 }
4113 else
4114 {
4115 /* Finished read operation can be handled inline
4116 * in the end of PIO transfer handling code. Linux
4117 * depends on this, as it waits only briefly for
4118 * devices to become ready after incoming data
4119 * transfer. Cannot find anything in the ATA spec
4120 * that backs this assumption, but as all kernels
4121 * are affected (though most of the time it does
4122 * not cause any harm) this must work. */
4123 pCtl->uAsyncIOState = ATA_AIO_NEW;
4124 }
4125 }
4126 else
4127 {
4128 Assert(s->uTxDir == PDMBLOCKTXDIR_NONE); /* Any transfer which has an initial transfer size of 0 must be marked as such. */
4129 /* Finish PIO transfer. */
4130 ataPIOTransfer(pCtl);
4131 Assert(!pCtl->fRedo);
4132 if (!s->fATAPITransfer)
4133 ataSetIRQ(s);
4134 pCtl->uAsyncIOState = ATA_AIO_NEW;
4135 }
4136 }
4137 break;
4138
4139 case ATA_AIO_DMA:
4140 {
4141 BMDMAState *bm = &pCtl->BmDma;
4142 s = &pCtl->aIfs[pCtl->iAIOIf]; /* Do not remove or there's an instant crash after loading the saved state */
4143 ATAFNSS iOriginalSourceSink = (ATAFNSS)s->iSourceSink; /* Used by the hack below, but gets reset by then. */
4144
4145 if (s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE)
4146 AssertRelease(bm->u8Cmd & BM_CMD_WRITE);
4147 else
4148 AssertRelease(!(bm->u8Cmd & BM_CMD_WRITE));
4149
4150 if (RT_LIKELY(!pCtl->fRedo))
4151 {
4152 /* The specs say that the descriptor table must not cross a
4153 * 4K boundary. */
4154 pCtl->pFirstDMADesc = bm->pvAddr;
4155 pCtl->pLastDMADesc = RT_ALIGN_32(bm->pvAddr + 1, _4K) - sizeof(BMDMADesc);
4156 }
4157 ataDMATransfer(pCtl);
4158
4159 if (RT_UNLIKELY(pCtl->fRedo))
4160 {
4161 LogRel(("PIIX3 ATA: Ctl#%d: redo DMA operation\n", ATACONTROLLER_IDX(pCtl)));
4162 ataAsyncIOPutRequest(pCtl, &ataDMARequest);
4163 ataSuspendRedo(pCtl);
4164 break;
4165 }
4166
4167 /* The infamous delay IRQ hack. */
4168 if ( iOriginalSourceSink == ATAFN_SS_WRITE_SECTORS
4169 && s->cbTotalTransfer == 0
4170 && pCtl->DelayIRQMillies)
4171 {
4172 /* Delay IRQ for writing. Required to get the Win2K
4173 * installation work reliably (otherwise it crashes,
4174 * usually during component install). So far no better
4175 * solution has been found. */
4176 Log(("%s: delay IRQ hack\n", __FUNCTION__));
4177 PDMCritSectLeave(&pCtl->lock);
4178 RTThreadSleep(pCtl->DelayIRQMillies);
4179 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
4180 }
4181
4182 ataUnsetStatus(s, ATA_STAT_DRQ);
4183 Assert(!pCtl->fChainedTransfer);
4184 Assert(s->iSourceSink == ATAFN_SS_NULL);
4185 if (s->fATAPITransfer)
4186 {
4187 s->uATARegNSector = (s->uATARegNSector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
4188 Log2(("%s: Ctl#%d: interrupt reason %#04x\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl), s->uATARegNSector));
4189 s->fATAPITransfer = false;
4190 }
4191 ataSetIRQ(s);
4192 pCtl->uAsyncIOState = ATA_AIO_NEW;
4193 break;
4194 }
4195
4196 case ATA_AIO_PIO:
4197 s = &pCtl->aIfs[pCtl->iAIOIf]; /* Do not remove or there's an instant crash after loading the saved state */
4198
4199 if (s->iSourceSink != ATAFN_SS_NULL)
4200 {
4201 bool fRedo;
4202 Log2(("%s: Ctl#%d: calling source/sink function\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
4203 fRedo = g_apfnSourceSinkFuncs[s->iSourceSink](s);
4204 pCtl->fRedo = fRedo;
4205 if (RT_UNLIKELY(fRedo))
4206 {
4207 LogRel(("PIIX3 ATA: Ctl#%d: redo PIO operation\n", ATACONTROLLER_IDX(pCtl)));
4208 ataAsyncIOPutRequest(pCtl, &ataPIORequest);
4209 ataSuspendRedo(pCtl);
4210 break;
4211 }
4212 s->iIOBufferCur = 0;
4213 s->iIOBufferEnd = s->cbElementaryTransfer;
4214 }
4215 else
4216 {
4217 /* Continue a previously started transfer. */
4218 ataUnsetStatus(s, ATA_STAT_BUSY);
4219 ataSetStatus(s, ATA_STAT_READY);
4220 }
4221
4222 /* It is possible that the drives on this controller get RESET
4223 * during the above call to the source/sink function. If that's
4224 * the case, don't restart the transfer and don't finish it the
4225 * usual way. RESET handling took care of all that already.
4226 * Most important: do not change uAsyncIOState. */
4227 if (pCtl->fReset)
4228 break;
4229
4230 if (s->cbTotalTransfer)
4231 {
4232 ataPIOTransfer(pCtl);
4233 ataSetIRQ(s);
4234
4235 if (s->uTxDir == PDMBLOCKTXDIR_TO_DEVICE || s->iSourceSink != ATAFN_SS_NULL)
4236 {
4237 /* Write operations and not yet finished transfers
4238 * must be completed in the async I/O thread. */
4239 pCtl->uAsyncIOState = ATA_AIO_PIO;
4240 }
4241 else
4242 {
4243 /* Finished read operation can be handled inline
4244 * in the end of PIO transfer handling code. Linux
4245 * depends on this, as it waits only briefly for
4246 * devices to become ready after incoming data
4247 * transfer. Cannot find anything in the ATA spec
4248 * that backs this assumption, but as all kernels
4249 * are affected (though most of the time it does
4250 * not cause any harm) this must work. */
4251 pCtl->uAsyncIOState = ATA_AIO_NEW;
4252 }
4253 }
4254 else
4255 {
4256 /* Finish PIO transfer. */
4257 ataPIOTransfer(pCtl);
4258 if ( !pCtl->fChainedTransfer
4259 && !s->fATAPITransfer
4260 && s->uTxDir != PDMBLOCKTXDIR_FROM_DEVICE)
4261 {
4262 ataSetIRQ(s);
4263 }
4264 pCtl->uAsyncIOState = ATA_AIO_NEW;
4265 }
4266 break;
4267
4268 case ATA_AIO_RESET_ASSERTED:
4269 pCtl->uAsyncIOState = ATA_AIO_RESET_CLEARED;
4270 ataPIOTransferStop(&pCtl->aIfs[0]);
4271 ataPIOTransferStop(&pCtl->aIfs[1]);
4272 /* Do not change the DMA registers, they are not affected by the
4273 * ATA controller reset logic. It should be sufficient to issue a
4274 * new command, which is now possible as the state is cleared. */
4275 break;
4276
4277 case ATA_AIO_RESET_CLEARED:
4278 pCtl->uAsyncIOState = ATA_AIO_NEW;
4279 pCtl->fReset = false;
4280 LogRel(("PIIX3 ATA: Ctl#%d: finished processing RESET\n",
4281 ATACONTROLLER_IDX(pCtl)));
4282 for (uint32_t i = 0; i < RT_ELEMENTS(pCtl->aIfs); i++)
4283 {
4284 if (pCtl->aIfs[i].fATAPI)
4285 ataSetStatusValue(&pCtl->aIfs[i], 0); /* NOTE: READY is _not_ set */
4286 else
4287 ataSetStatusValue(&pCtl->aIfs[i], ATA_STAT_READY | ATA_STAT_SEEK);
4288 ataSetSignature(&pCtl->aIfs[i]);
4289 }
4290 break;
4291
4292 case ATA_AIO_ABORT:
4293 /* Abort the current command only if it operates on the same interface. */
4294 if (pCtl->iAIOIf == pReq->u.a.iIf)
4295 {
4296 s = &pCtl->aIfs[pCtl->iAIOIf];
4297
4298 pCtl->uAsyncIOState = ATA_AIO_NEW;
4299 /* Do not change the DMA registers, they are not affected by the
4300 * ATA controller reset logic. It should be sufficient to issue a
4301 * new command, which is now possible as the state is cleared. */
4302 if (pReq->u.a.fResetDrive)
4303 {
4304 ataResetDevice(s);
4305 ataExecuteDeviceDiagnosticSS(s);
4306 }
4307 else
4308 {
4309 ataPIOTransferStop(s);
4310 ataUnsetStatus(s, ATA_STAT_BUSY | ATA_STAT_DRQ | ATA_STAT_SEEK | ATA_STAT_ERR);
4311 ataSetStatus(s, ATA_STAT_READY);
4312 ataSetIRQ(s);
4313 }
4314 }
4315 break;
4316
4317 default:
4318 AssertMsgFailed(("Undefined async I/O state %d\n", pCtl->uAsyncIOState));
4319 }
4320
4321 ataAsyncIORemoveCurrentRequest(pCtl, ReqType);
4322 pReq = ataAsyncIOGetCurrentRequest(pCtl);
4323
4324 if (pCtl->uAsyncIOState == ATA_AIO_NEW && !pCtl->fChainedTransfer)
4325 {
4326#if defined(DEBUG) || defined(VBOX_WITH_STATISTICS)
4327 STAM_PROFILE_ADV_STOP(&pCtl->StatAsyncTime, a);
4328#endif /* DEBUG || VBOX_WITH_STATISTICS */
4329
4330 u64TS = RTTimeNanoTS() - u64TS;
4331 uWait = u64TS / 1000;
4332 Log(("%s: Ctl#%d: LUN#%d finished I/O transaction in %d microseconds\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl), pCtl->aIfs[pCtl->iAIOIf].iLUN, (uint32_t)(uWait)));
4333 /* Mark command as finished. */
4334 pCtl->aIfs[pCtl->iAIOIf].u64CmdTS = 0;
4335
4336 /*
4337 * Release logging of command execution times depends on the
4338 * command type. ATAPI commands often take longer (due to CD/DVD
4339 * spin up time etc.) so the threshold is different.
4340 */
4341 if (pCtl->aIfs[pCtl->iAIOIf].uATARegCommand != ATA_PACKET)
4342 {
4343 if (uWait > 8 * 1000 * 1000)
4344 {
4345 /*
4346 * Command took longer than 8 seconds. This is close
4347 * enough or over the guest's command timeout, so place
4348 * an entry in the release log to allow tracking such
4349 * timing errors (which are often caused by the host).
4350 */
4351 LogRel(("PIIX3 ATA: execution time for ATA command %#04x was %d seconds\n", pCtl->aIfs[pCtl->iAIOIf].uATARegCommand, uWait / (1000 * 1000)));
4352 }
4353 }
4354 else
4355 {
4356 if (uWait > 20 * 1000 * 1000)
4357 {
4358 /*
4359 * Command took longer than 20 seconds. This is close
4360 * enough or over the guest's command timeout, so place
4361 * an entry in the release log to allow tracking such
4362 * timing errors (which are often caused by the host).
4363 */
4364 LogRel(("PIIX3 ATA: execution time for ATAPI command %#04x was %d seconds\n", pCtl->aIfs[pCtl->iAIOIf].aATAPICmd[0], uWait / (1000 * 1000)));
4365 }
4366 }
4367
4368#if defined(DEBUG) || defined(VBOX_WITH_STATISTICS)
4369 if (uWait < pCtl->StatAsyncMinWait || !pCtl->StatAsyncMinWait)
4370 pCtl->StatAsyncMinWait = uWait;
4371 if (uWait > pCtl->StatAsyncMaxWait)
4372 pCtl->StatAsyncMaxWait = uWait;
4373
4374 STAM_COUNTER_ADD(&pCtl->StatAsyncTimeUS, uWait);
4375 STAM_COUNTER_INC(&pCtl->StatAsyncOps);
4376#endif /* DEBUG || VBOX_WITH_STATISTICS */
4377 }
4378
4379 LogBird(("ata: %x: leaving critsect\n", pCtl->IOPortBase1));
4380 PDMCritSectLeave(&pCtl->lock);
4381 }
4382
4383 /* Cleanup the state. */
4384 if (pCtl->AsyncIOSem)
4385 {
4386 RTSemEventDestroy(pCtl->AsyncIOSem);
4387 pCtl->AsyncIOSem = NIL_RTSEMEVENT;
4388 }
4389 if (pCtl->SuspendIOSem)
4390 {
4391 RTSemEventDestroy(pCtl->SuspendIOSem);
4392 pCtl->SuspendIOSem = NIL_RTSEMEVENT;
4393 }
4394 /* Do not destroy request mutex yet, still needed for proper shutdown. */
4395 pCtl->fShutdown = false;
4396 /* This must be last, as it also signals thread exit to EMT. */
4397 pCtl->AsyncIOThread = NIL_RTTHREAD;
4398
4399 Log2(("%s: Ctl#%d: return %Rrc\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl), rc));
4400 return rc;
4401}
4402
4403#endif /* IN_RING3 */
4404
4405static uint32_t ataBMDMACmdReadB(PATACONTROLLER pCtl, uint32_t addr)
4406{
4407 uint32_t val = pCtl->BmDma.u8Cmd;
4408 Log2(("%s: addr=%#06x val=%#04x\n", __FUNCTION__, addr, val));
4409 return val;
4410}
4411
4412
4413static void ataBMDMACmdWriteB(PATACONTROLLER pCtl, uint32_t addr, uint32_t val)
4414{
4415 Log2(("%s: addr=%#06x val=%#04x\n", __FUNCTION__, addr, val));
4416 if (!(val & BM_CMD_START))
4417 {
4418 pCtl->BmDma.u8Status &= ~BM_STATUS_DMAING;
4419 pCtl->BmDma.u8Cmd = val & (BM_CMD_START | BM_CMD_WRITE);
4420 }
4421 else
4422 {
4423#ifdef IN_RING3
4424 /* Check whether the guest OS wants to change DMA direction in
4425 * mid-flight. Not allowed, according to the PIIX3 specs. */
4426 Assert(!(pCtl->BmDma.u8Status & BM_STATUS_DMAING) || !((val ^ pCtl->BmDma.u8Cmd) & 0x04));
4427 pCtl->BmDma.u8Status |= BM_STATUS_DMAING;
4428 pCtl->BmDma.u8Cmd = val & (BM_CMD_START | BM_CMD_WRITE);
4429
4430 /* Do not continue DMA transfers while the RESET line is asserted. */
4431 if (pCtl->fReset)
4432 {
4433 Log2(("%s: Ctl#%d: suppressed continuing DMA transfer as RESET is active\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
4434 return;
4435 }
4436
4437 /* Do not start DMA transfers if there's a PIO transfer going on. */
4438 if (!pCtl->aIfs[pCtl->iSelectedIf].fDMA)
4439 return;
4440
4441 if (pCtl->aIfs[pCtl->iAIOIf].uATARegStatus & ATA_STAT_DRQ)
4442 {
4443 Log2(("%s: Ctl#%d: message to async I/O thread, continuing DMA transfer\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
4444 ataAsyncIOPutRequest(pCtl, &ataDMARequest);
4445 }
4446#else /* !IN_RING3 */
4447 AssertMsgFailed(("DMA START handling is too complicated for GC\n"));
4448#endif /* IN_RING3 */
4449 }
4450}
4451
4452static uint32_t ataBMDMAStatusReadB(PATACONTROLLER pCtl, uint32_t addr)
4453{
4454 uint32_t val = pCtl->BmDma.u8Status;
4455 Log2(("%s: addr=%#06x val=%#04x\n", __FUNCTION__, addr, val));
4456 return val;
4457}
4458
4459static void ataBMDMAStatusWriteB(PATACONTROLLER pCtl, uint32_t addr, uint32_t val)
4460{
4461 Log2(("%s: addr=%#06x val=%#04x\n", __FUNCTION__, addr, val));
4462 pCtl->BmDma.u8Status = (val & (BM_STATUS_D0DMA | BM_STATUS_D1DMA))
4463 | (pCtl->BmDma.u8Status & BM_STATUS_DMAING)
4464 | (pCtl->BmDma.u8Status & ~val & (BM_STATUS_ERROR | BM_STATUS_INT));
4465}
4466
4467static uint32_t ataBMDMAAddrReadL(PATACONTROLLER pCtl, uint32_t addr)
4468{
4469 uint32_t val = (uint32_t)pCtl->BmDma.pvAddr;
4470 Log2(("%s: addr=%#06x val=%#010x\n", __FUNCTION__, addr, val));
4471 return val;
4472}
4473
4474static void ataBMDMAAddrWriteL(PATACONTROLLER pCtl, uint32_t addr, uint32_t val)
4475{
4476 Log2(("%s: addr=%#06x val=%#010x\n", __FUNCTION__, addr, val));
4477 pCtl->BmDma.pvAddr = val & ~3;
4478}
4479
4480static void ataBMDMAAddrWriteLowWord(PATACONTROLLER pCtl, uint32_t addr, uint32_t val)
4481{
4482 Log2(("%s: addr=%#06x val=%#010x\n", __FUNCTION__, addr, val));
4483 pCtl->BmDma.pvAddr = (pCtl->BmDma.pvAddr & 0xFFFF0000) | RT_LOWORD(val & ~3);
4484
4485}
4486
4487static void ataBMDMAAddrWriteHighWord(PATACONTROLLER pCtl, uint32_t addr, uint32_t val)
4488{
4489 Log2(("%s: addr=%#06x val=%#010x\n", __FUNCTION__, addr, val));
4490 pCtl->BmDma.pvAddr = (RT_LOWORD(val) << 16) | RT_LOWORD(pCtl->BmDma.pvAddr);
4491}
4492
4493#define VAL(port, size) ( ((port) & 7) | ((size) << 3) )
4494
4495/**
4496 * Port I/O Handler for bus master DMA IN operations.
4497 * @see FNIOMIOPORTIN for details.
4498 */
4499PDMBOTHCBDECL(int) ataBMDMAIOPortRead(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t *pu32, unsigned cb)
4500{
4501 uint32_t i = (uint32_t)(uintptr_t)pvUser;
4502 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
4503 PATACONTROLLER pCtl = &pThis->aCts[i];
4504 int rc;
4505
4506 rc = PDMCritSectEnter(&pCtl->lock, VINF_IOM_HC_IOPORT_READ);
4507 if (rc != VINF_SUCCESS)
4508 return rc;
4509 switch (VAL(Port, cb))
4510 {
4511 case VAL(0, 1): *pu32 = ataBMDMACmdReadB(pCtl, Port); break;
4512 case VAL(0, 2): *pu32 = ataBMDMACmdReadB(pCtl, Port); break;
4513 case VAL(2, 1): *pu32 = ataBMDMAStatusReadB(pCtl, Port); break;
4514 case VAL(2, 2): *pu32 = ataBMDMAStatusReadB(pCtl, Port); break;
4515 case VAL(4, 4): *pu32 = ataBMDMAAddrReadL(pCtl, Port); break;
4516 case VAL(0, 4):
4517 /* The SCO OpenServer tries to read 4 bytes starting from offset 0. */
4518 *pu32 = ataBMDMACmdReadB(pCtl, Port) | (ataBMDMAStatusReadB(pCtl, Port) << 16);
4519 break;
4520 default:
4521 AssertMsgFailed(("%s: Unsupported read from port %x size=%d\n", __FUNCTION__, Port, cb));
4522 PDMCritSectLeave(&pCtl->lock);
4523 return VERR_IOM_IOPORT_UNUSED;
4524 }
4525 PDMCritSectLeave(&pCtl->lock);
4526 return rc;
4527}
4528
4529/**
4530 * Port I/O Handler for bus master DMA OUT operations.
4531 * @see FNIOMIOPORTOUT for details.
4532 */
4533PDMBOTHCBDECL(int) ataBMDMAIOPortWrite(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t u32, unsigned cb)
4534{
4535 uint32_t i = (uint32_t)(uintptr_t)pvUser;
4536 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
4537 PATACONTROLLER pCtl = &pThis->aCts[i];
4538 int rc;
4539
4540 rc = PDMCritSectEnter(&pCtl->lock, VINF_IOM_HC_IOPORT_WRITE);
4541 if (rc != VINF_SUCCESS)
4542 return rc;
4543 switch (VAL(Port, cb))
4544 {
4545 case VAL(0, 1):
4546#ifndef IN_RING3
4547 if (u32 & BM_CMD_START)
4548 {
4549 rc = VINF_IOM_HC_IOPORT_WRITE;
4550 break;
4551 }
4552#endif /* !IN_RING3 */
4553 ataBMDMACmdWriteB(pCtl, Port, u32);
4554 break;
4555 case VAL(2, 1): ataBMDMAStatusWriteB(pCtl, Port, u32); break;
4556 case VAL(4, 4): ataBMDMAAddrWriteL(pCtl, Port, u32); break;
4557 case VAL(4, 2): ataBMDMAAddrWriteLowWord(pCtl, Port, u32); break;
4558 case VAL(6, 2): ataBMDMAAddrWriteHighWord(pCtl, Port, u32); break;
4559 default: AssertMsgFailed(("%s: Unsupported write to port %x size=%d val=%x\n", __FUNCTION__, Port, cb, u32)); break;
4560 }
4561 PDMCritSectLeave(&pCtl->lock);
4562 return rc;
4563}
4564
4565#undef VAL
4566
4567#ifdef IN_RING3
4568
4569/**
4570 * Callback function for mapping an PCI I/O region.
4571 *
4572 * @return VBox status code.
4573 * @param pPciDev Pointer to PCI device. Use pPciDev->pDevIns to get the device instance.
4574 * @param iRegion The region number.
4575 * @param GCPhysAddress Physical address of the region. If iType is PCI_ADDRESS_SPACE_IO, this is an
4576 * I/O port, else it's a physical address.
4577 * This address is *NOT* relative to pci_mem_base like earlier!
4578 * @param enmType One of the PCI_ADDRESS_SPACE_* values.
4579 */
4580static DECLCALLBACK(int) ataBMDMAIORangeMap(PPCIDEVICE pPciDev, /*unsigned*/ int iRegion, RTGCPHYS GCPhysAddress, uint32_t cb, PCIADDRESSSPACE enmType)
4581{
4582 PCIATAState *pThis = PCIDEV_2_PCIATASTATE(pPciDev);
4583 int rc = VINF_SUCCESS;
4584 Assert(enmType == PCI_ADDRESS_SPACE_IO);
4585 Assert(iRegion == 4);
4586 AssertMsg(RT_ALIGN(GCPhysAddress, 8) == GCPhysAddress, ("Expected 8 byte alignment. GCPhysAddress=%#x\n", GCPhysAddress));
4587
4588 /* Register the port range. */
4589 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
4590 {
4591 int rc2 = PDMDevHlpIOPortRegister(pPciDev->pDevIns, (RTIOPORT)GCPhysAddress + i * 8, 8,
4592 (RTHCPTR)i, ataBMDMAIOPortWrite, ataBMDMAIOPortRead, NULL, NULL, "ATA Bus Master DMA");
4593 AssertRC(rc2);
4594 if (rc2 < rc)
4595 rc = rc2;
4596
4597 if (pThis->fGCEnabled)
4598 {
4599 rc2 = PDMDevHlpIOPortRegisterGC(pPciDev->pDevIns, (RTIOPORT)GCPhysAddress + i * 8, 8,
4600 (RTGCPTR)i, "ataBMDMAIOPortWrite", "ataBMDMAIOPortRead", NULL, NULL, "ATA Bus Master DMA");
4601 AssertRC(rc2);
4602 if (rc2 < rc)
4603 rc = rc2;
4604 }
4605 if (pThis->fR0Enabled)
4606 {
4607 rc2 = PDMDevHlpIOPortRegisterR0(pPciDev->pDevIns, (RTIOPORT)GCPhysAddress + i * 8, 8,
4608 (RTR0PTR)i, "ataBMDMAIOPortWrite", "ataBMDMAIOPortRead", NULL, NULL, "ATA Bus Master DMA");
4609 AssertRC(rc2);
4610 if (rc2 < rc)
4611 rc = rc2;
4612 }
4613 }
4614 return rc;
4615}
4616
4617
4618/**
4619 * Reset notification.
4620 *
4621 * @returns VBox status.
4622 * @param pDevIns The device instance data.
4623 */
4624static DECLCALLBACK(void) ataReset(PPDMDEVINS pDevIns)
4625{
4626 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
4627
4628 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
4629 {
4630 pThis->aCts[i].iSelectedIf = 0;
4631 pThis->aCts[i].iAIOIf = 0;
4632 pThis->aCts[i].BmDma.u8Cmd = 0;
4633 /* Report that both drives present on the bus are in DMA mode. This
4634 * pretends that there is a BIOS that has set it up. Normal reset
4635 * default is 0x00. */
4636 pThis->aCts[i].BmDma.u8Status = (pThis->aCts[i].aIfs[0].pDrvBase != NULL ? BM_STATUS_D0DMA : 0)
4637 | (pThis->aCts[i].aIfs[1].pDrvBase != NULL ? BM_STATUS_D1DMA : 0);
4638 pThis->aCts[i].BmDma.pvAddr = 0;
4639
4640 pThis->aCts[i].fReset = true;
4641 pThis->aCts[i].fRedo = false;
4642 pThis->aCts[i].fRedoIdle = false;
4643 ataAsyncIOClearRequests(&pThis->aCts[i]);
4644 Log2(("%s: Ctl#%d: message to async I/O thread, reset controller\n", __FUNCTION__, i));
4645 ataAsyncIOPutRequest(&pThis->aCts[i], &ataResetARequest);
4646 ataAsyncIOPutRequest(&pThis->aCts[i], &ataResetCRequest);
4647 if (!ataWaitForAsyncIOIsIdle(&pThis->aCts[i], 30000))
4648 AssertReleaseMsgFailed(("Async I/O thread busy after reset\n"));
4649
4650 for (uint32_t j = 0; j < RT_ELEMENTS(pThis->aCts[i].aIfs); j++)
4651 ataResetDevice(&pThis->aCts[i].aIfs[j]);
4652 }
4653}
4654
4655
4656/* -=-=-=-=-=- PCIATAState::IBase -=-=-=-=-=- */
4657
4658/**
4659 * Queries an interface to the driver.
4660 *
4661 * @returns Pointer to interface.
4662 * @returns NULL if the interface was not supported by the device.
4663 * @param pInterface Pointer to ATADevState::IBase.
4664 * @param enmInterface The requested interface identification.
4665 */
4666static DECLCALLBACK(void *) ataStatus_QueryInterface(PPDMIBASE pInterface, PDMINTERFACE enmInterface)
4667{
4668 PCIATAState *pThis = PDMIBASE_2_PCIATASTATE(pInterface);
4669 switch (enmInterface)
4670 {
4671 case PDMINTERFACE_BASE:
4672 return &pThis->IBase;
4673 case PDMINTERFACE_LED_PORTS:
4674 return &pThis->ILeds;
4675 default:
4676 return NULL;
4677 }
4678}
4679
4680
4681/* -=-=-=-=-=- PCIATAState::ILeds -=-=-=-=-=- */
4682
4683/**
4684 * Gets the pointer to the status LED of a unit.
4685 *
4686 * @returns VBox status code.
4687 * @param pInterface Pointer to the interface structure containing the called function pointer.
4688 * @param iLUN The unit which status LED we desire.
4689 * @param ppLed Where to store the LED pointer.
4690 */
4691static DECLCALLBACK(int) ataStatus_QueryStatusLed(PPDMILEDPORTS pInterface, unsigned iLUN, PPDMLED *ppLed)
4692{
4693 PCIATAState *pThis = PDMILEDPORTS_2_PCIATASTATE(pInterface);
4694 if (iLUN < 4)
4695 {
4696 switch (iLUN)
4697 {
4698 case 0: *ppLed = &pThis->aCts[0].aIfs[0].Led; break;
4699 case 1: *ppLed = &pThis->aCts[0].aIfs[1].Led; break;
4700 case 2: *ppLed = &pThis->aCts[1].aIfs[0].Led; break;
4701 case 3: *ppLed = &pThis->aCts[1].aIfs[1].Led; break;
4702 }
4703 Assert((*ppLed)->u32Magic == PDMLED_MAGIC);
4704 return VINF_SUCCESS;
4705 }
4706 return VERR_PDM_LUN_NOT_FOUND;
4707}
4708
4709
4710/* -=-=-=-=-=- ATADevState::IBase -=-=-=-=-=- */
4711
4712/**
4713 * Queries an interface to the driver.
4714 *
4715 * @returns Pointer to interface.
4716 * @returns NULL if the interface was not supported by the device.
4717 * @param pInterface Pointer to ATADevState::IBase.
4718 * @param enmInterface The requested interface identification.
4719 */
4720static DECLCALLBACK(void *) ataQueryInterface(PPDMIBASE pInterface, PDMINTERFACE enmInterface)
4721{
4722 ATADevState *pIf = PDMIBASE_2_ATASTATE(pInterface);
4723 switch (enmInterface)
4724 {
4725 case PDMINTERFACE_BASE:
4726 return &pIf->IBase;
4727 case PDMINTERFACE_BLOCK_PORT:
4728 return &pIf->IPort;
4729 case PDMINTERFACE_MOUNT_NOTIFY:
4730 return &pIf->IMountNotify;
4731 default:
4732 return NULL;
4733 }
4734}
4735
4736#endif /* IN_RING3 */
4737
4738
4739/* -=-=-=-=-=- Wrappers -=-=-=-=-=- */
4740
4741/**
4742 * Port I/O Handler for primary port range OUT operations.
4743 * @see FNIOMIOPORTOUT for details.
4744 */
4745PDMBOTHCBDECL(int) ataIOPortWrite1(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t u32, unsigned cb)
4746{
4747 uint32_t i = (uint32_t)(uintptr_t)pvUser;
4748 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
4749 PATACONTROLLER pCtl = &pThis->aCts[i];
4750 int rc = VINF_SUCCESS;
4751
4752 Assert(i < 2);
4753
4754 rc = PDMCritSectEnter(&pCtl->lock, VINF_IOM_HC_IOPORT_WRITE);
4755 if (rc != VINF_SUCCESS)
4756 return rc;
4757 if (cb == 1)
4758 rc = ataIOPortWriteU8(pCtl, Port, u32);
4759 else if (Port == pCtl->IOPortBase1)
4760 {
4761 Assert(cb == 2 || cb == 4);
4762 rc = ataDataWrite(pCtl, Port, cb, (const uint8_t *)&u32);
4763 }
4764 else
4765 AssertMsgFailed(("ataIOPortWrite1: unsupported write to port %x val=%x size=%d\n", Port, u32, cb));
4766 LogBird(("ata: leaving critsect\n"));
4767 PDMCritSectLeave(&pCtl->lock);
4768 LogBird(("ata: left critsect\n"));
4769 return rc;
4770}
4771
4772
4773/**
4774 * Port I/O Handler for primary port range IN operations.
4775 * @see FNIOMIOPORTIN for details.
4776 */
4777PDMBOTHCBDECL(int) ataIOPortRead1(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t *pu32, unsigned cb)
4778{
4779 uint32_t i = (uint32_t)(uintptr_t)pvUser;
4780 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
4781 PATACONTROLLER pCtl = &pThis->aCts[i];
4782 int rc = VINF_SUCCESS;
4783
4784 Assert(i < 2);
4785
4786 rc = PDMCritSectEnter(&pCtl->lock, VINF_IOM_HC_IOPORT_READ);
4787 if (rc != VINF_SUCCESS)
4788 return rc;
4789 if (cb == 1)
4790 {
4791 rc = ataIOPortReadU8(pCtl, Port, pu32);
4792 }
4793 else if (Port == pCtl->IOPortBase1)
4794 {
4795 Assert(cb == 2 || cb == 4);
4796 rc = ataDataRead(pCtl, Port, cb, (uint8_t *)pu32);
4797 if (cb == 2)
4798 *pu32 &= 0xffff;
4799 }
4800 else
4801 {
4802 AssertMsgFailed(("ataIOPortRead1: unsupported read from port %x size=%d\n", Port, cb));
4803 rc = VERR_IOM_IOPORT_UNUSED;
4804 }
4805 PDMCritSectLeave(&pCtl->lock);
4806 return rc;
4807}
4808
4809#ifndef IN_RING0
4810/**
4811 * Port I/O Handler for primary port range IN string operations.
4812 * @see FNIOMIOPORTINSTRING for details.
4813 */
4814PDMBOTHCBDECL(int) ataIOPortReadStr1(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, RTGCPTR *pGCPtrDst, PRTGCUINTREG pcTransfer, unsigned cb)
4815{
4816 uint32_t i = (uint32_t)(uintptr_t)pvUser;
4817 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
4818 PATACONTROLLER pCtl = &pThis->aCts[i];
4819 int rc = VINF_SUCCESS;
4820
4821 Assert(i < 2);
4822
4823 rc = PDMCritSectEnter(&pCtl->lock, VINF_IOM_HC_IOPORT_READ);
4824 if (rc != VINF_SUCCESS)
4825 return rc;
4826 if (Port == pCtl->IOPortBase1)
4827 {
4828 uint32_t cTransAvailable, cTransfer = *pcTransfer, cbTransfer;
4829 RTGCPTR GCDst = *pGCPtrDst;
4830 ATADevState *s = &pCtl->aIfs[pCtl->iSelectedIf];
4831 Assert(cb == 2 || cb == 4);
4832
4833 cTransAvailable = (s->iIOBufferPIODataEnd - s->iIOBufferPIODataStart) / cb;
4834#ifndef IN_RING3
4835 /* The last transfer unit cannot be handled in GC, as it involves thread communication. */
4836 cTransAvailable--;
4837#endif /* !IN_RING3 */
4838 /* Do not handle the dummy transfer stuff here, leave it to the single-word transfers.
4839 * They are not performance-critical and generally shouldn't occur at all. */
4840 if (cTransAvailable > cTransfer)
4841 cTransAvailable = cTransfer;
4842 cbTransfer = cTransAvailable * cb;
4843
4844#ifdef IN_RC
4845 for (uint32_t i = 0; i < cbTransfer; i += cb)
4846 MMGCRamWriteNoTrapHandler((char *)GCDst + i, s->CTX_SUFF(pbIOBuffer) + s->iIOBufferPIODataStart + i, cb);
4847#else /* !IN_RC */
4848 rc = PGMPhysSimpleDirtyWriteGCPtr(PDMDevHlpGetVM(pDevIns), GCDst, s->CTX_SUFF(pbIOBuffer) + s->iIOBufferPIODataStart, cbTransfer);
4849 Assert(rc == VINF_SUCCESS);
4850#endif /* IN_RC */
4851
4852 if (cbTransfer)
4853 Log3(("%s: addr=%#x val=%.*Rhxs\n", __FUNCTION__, Port, cbTransfer, s->CTX_SUFF(pbIOBuffer) + s->iIOBufferPIODataStart));
4854 s->iIOBufferPIODataStart += cbTransfer;
4855 *pGCPtrDst = (RTGCPTR)((RTGCUINTPTR)GCDst + cbTransfer);
4856 *pcTransfer = cTransfer - cTransAvailable;
4857#ifdef IN_RING3
4858 if (s->iIOBufferPIODataStart >= s->iIOBufferPIODataEnd)
4859 ataPIOTransferFinish(pCtl, s);
4860#endif /* IN_RING3 */
4861 }
4862 PDMCritSectLeave(&pCtl->lock);
4863 return rc;
4864}
4865
4866
4867/**
4868 * Port I/O Handler for primary port range OUT string operations.
4869 * @see FNIOMIOPORTOUTSTRING for details.
4870 */
4871PDMBOTHCBDECL(int) ataIOPortWriteStr1(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, RTGCPTR *pGCPtrSrc, PRTGCUINTREG pcTransfer, unsigned cb)
4872{
4873 uint32_t i = (uint32_t)(uintptr_t)pvUser;
4874 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
4875 PATACONTROLLER pCtl = &pThis->aCts[i];
4876 int rc;
4877
4878 Assert(i < 2);
4879
4880 rc = PDMCritSectEnter(&pCtl->lock, VINF_IOM_HC_IOPORT_WRITE);
4881 if (rc != VINF_SUCCESS)
4882 return rc;
4883 if (Port == pCtl->IOPortBase1)
4884 {
4885 uint32_t cTransAvailable, cTransfer = *pcTransfer, cbTransfer;
4886 RTGCPTR GCSrc = *pGCPtrSrc;
4887 ATADevState *s = &pCtl->aIfs[pCtl->iSelectedIf];
4888 Assert(cb == 2 || cb == 4);
4889
4890 cTransAvailable = (s->iIOBufferPIODataEnd - s->iIOBufferPIODataStart) / cb;
4891#ifndef IN_RING3
4892 /* The last transfer unit cannot be handled in GC, as it involves thread communication. */
4893 cTransAvailable--;
4894#endif /* !IN_RING3 */
4895 /* Do not handle the dummy transfer stuff here, leave it to the single-word transfers.
4896 * They are not performance-critical and generally shouldn't occur at all. */
4897 if (cTransAvailable > cTransfer)
4898 cTransAvailable = cTransfer;
4899 cbTransfer = cTransAvailable * cb;
4900
4901#ifdef IN_RC
4902 for (uint32_t i = 0; i < cbTransfer; i += cb)
4903 MMGCRamReadNoTrapHandler(s->CTX_SUFF(pbIOBuffer) + s->iIOBufferPIODataStart + i, (char *)GCSrc + i, cb);
4904#else /* !IN_RC */
4905 rc = PGMPhysSimpleReadGCPtr(PDMDevHlpGetVM(pDevIns), s->CTX_SUFF(pbIOBuffer) + s->iIOBufferPIODataStart, GCSrc, cbTransfer);
4906 Assert(rc == VINF_SUCCESS);
4907#endif /* IN_RC */
4908
4909 if (cbTransfer)
4910 Log3(("%s: addr=%#x val=%.*Rhxs\n", __FUNCTION__, Port, cbTransfer, s->CTX_SUFF(pbIOBuffer) + s->iIOBufferPIODataStart));
4911 s->iIOBufferPIODataStart += cbTransfer;
4912 *pGCPtrSrc = (RTGCPTR)((RTGCUINTPTR)GCSrc + cbTransfer);
4913 *pcTransfer = cTransfer - cTransAvailable;
4914#ifdef IN_RING3
4915 if (s->iIOBufferPIODataStart >= s->iIOBufferPIODataEnd)
4916 ataPIOTransferFinish(pCtl, s);
4917#endif /* IN_RING3 */
4918 }
4919 PDMCritSectLeave(&pCtl->lock);
4920 return rc;
4921}
4922#endif /* !IN_RING0 */
4923
4924/**
4925 * Port I/O Handler for secondary port range OUT operations.
4926 * @see FNIOMIOPORTOUT for details.
4927 */
4928PDMBOTHCBDECL(int) ataIOPortWrite2(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t u32, unsigned cb)
4929{
4930 uint32_t i = (uint32_t)(uintptr_t)pvUser;
4931 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
4932 PATACONTROLLER pCtl = &pThis->aCts[i];
4933 int rc;
4934
4935 Assert(i < 2);
4936
4937 if (cb != 1)
4938 return VINF_SUCCESS;
4939 rc = PDMCritSectEnter(&pCtl->lock, VINF_IOM_HC_IOPORT_WRITE);
4940 if (rc != VINF_SUCCESS)
4941 return rc;
4942 rc = ataControlWrite(pCtl, Port, u32);
4943 PDMCritSectLeave(&pCtl->lock);
4944 return rc;
4945}
4946
4947
4948/**
4949 * Port I/O Handler for secondary port range IN operations.
4950 * @see FNIOMIOPORTIN for details.
4951 */
4952PDMBOTHCBDECL(int) ataIOPortRead2(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t *pu32, unsigned cb)
4953{
4954 uint32_t i = (uint32_t)(uintptr_t)pvUser;
4955 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
4956 PATACONTROLLER pCtl = &pThis->aCts[i];
4957 int rc;
4958
4959 Assert(i < 2);
4960
4961 if (cb != 1)
4962 return VERR_IOM_IOPORT_UNUSED;
4963
4964 rc = PDMCritSectEnter(&pCtl->lock, VINF_IOM_HC_IOPORT_READ);
4965 if (rc != VINF_SUCCESS)
4966 return rc;
4967 *pu32 = ataStatusRead(pCtl, Port);
4968 PDMCritSectLeave(&pCtl->lock);
4969 return VINF_SUCCESS;
4970}
4971
4972#ifdef IN_RING3
4973
4974/**
4975 * Waits for all async I/O threads to complete whatever they
4976 * are doing at the moment.
4977 *
4978 * @returns true on success.
4979 * @returns false when one or more threads is still processing.
4980 * @param pThis Pointer to the instance data.
4981 * @param cMillies How long to wait (total).
4982 */
4983static bool ataWaitForAllAsyncIOIsIdle(PPDMDEVINS pDevIns, unsigned cMillies)
4984{
4985 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
4986 bool fVMLocked;
4987 uint64_t u64Start;
4988 PATACONTROLLER pCtl;
4989 bool fAllIdle = false;
4990
4991 /* The only way to deal cleanly with the VM lock is to check whether
4992 * it is owned now (it always is owned by EMT, which is the current
4993 * thread). Since this function is called several times during VM
4994 * shutdown, and the VM lock is only held for the first call (which
4995 * can be either from ataPowerOff or ataSuspend), there is no other
4996 * reasonable solution. */
4997 fVMLocked = VMMR3LockIsOwner(PDMDevHlpGetVM(pDevIns));
4998
4999 if (fVMLocked)
5000 pDevIns->pDevHlpR3->pfnUnlockVM(pDevIns);
5001 /*
5002 * Wait for any pending async operation to finish
5003 */
5004 u64Start = RTTimeMilliTS();
5005 for (;;)
5006 {
5007 /* Check all async I/O threads. */
5008 fAllIdle = true;
5009 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
5010 {
5011 pCtl = &pThis->aCts[i];
5012
5013 /*
5014 * Only check if the thread is idling if the request mutex is set up.
5015 * It is possible that the creation of the first controller failed and that
5016 * the request mutex is not initialized on the second one yet
5017 * But it would be called without the following check.
5018 */
5019 if (pCtl->AsyncIORequestMutex != NIL_RTSEMEVENT)
5020 {
5021 fAllIdle &= ataAsyncIOIsIdle(pCtl, false);
5022 if (!fAllIdle)
5023 break;
5024 }
5025 }
5026 if ( fAllIdle
5027 || RTTimeMilliTS() - u64Start >= cMillies)
5028 break;
5029
5030 /* Sleep for a bit. */
5031 RTThreadSleep(100);
5032 }
5033
5034 if (fVMLocked)
5035 pDevIns->pDevHlpR3->pfnLockVM(pDevIns);
5036
5037 if (!fAllIdle)
5038 LogRel(("PIIX3 ATA: Ctl#%d is still executing, DevSel=%d AIOIf=%d CmdIf0=%#04x CmdIf1=%#04x\n",
5039 ATACONTROLLER_IDX(pCtl), pCtl->iSelectedIf, pCtl->iAIOIf,
5040 pCtl->aIfs[0].uATARegCommand, pCtl->aIfs[1].uATARegCommand));
5041
5042 return fAllIdle;
5043}
5044
5045
5046DECLINLINE(void) ataRelocBuffer(PPDMDEVINS pDevIns, ATADevState *s)
5047{
5048 if (s->pbIOBufferR3)
5049 s->pbIOBufferRC = MMHyperR3ToRC(PDMDevHlpGetVM(pDevIns), s->pbIOBufferR3);
5050}
5051
5052
5053/**
5054 * @copydoc FNPDMDEVRELOCATE
5055 */
5056static DECLCALLBACK(void) ataRelocate(PPDMDEVINS pDevIns, RTGCINTPTR offDelta)
5057{
5058 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5059
5060 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
5061 {
5062 pThis->aCts[i].pDevInsRC += offDelta;
5063 pThis->aCts[i].aIfs[0].pDevInsRC += offDelta;
5064 pThis->aCts[i].aIfs[0].pControllerRC += offDelta;
5065 ataRelocBuffer(pDevIns, &pThis->aCts[i].aIfs[0]);
5066 pThis->aCts[i].aIfs[1].pDevInsRC += offDelta;
5067 pThis->aCts[i].aIfs[1].pControllerRC += offDelta;
5068 ataRelocBuffer(pDevIns, &pThis->aCts[i].aIfs[1]);
5069 }
5070}
5071
5072
5073/**
5074 * Destroy a driver instance.
5075 *
5076 * Most VM resources are freed by the VM. This callback is provided so that any non-VM
5077 * resources can be freed correctly.
5078 *
5079 * @param pDevIns The device instance data.
5080 */
5081static DECLCALLBACK(int) ataDestruct(PPDMDEVINS pDevIns)
5082{
5083 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5084 int rc;
5085
5086 Log(("%s:\n", __FUNCTION__));
5087
5088 /*
5089 * Terminate all async helper threads
5090 */
5091 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
5092 {
5093 if (pThis->aCts[i].AsyncIOThread != NIL_RTTHREAD)
5094 {
5095 ASMAtomicXchgU32(&pThis->aCts[i].fShutdown, true);
5096 rc = RTSemEventSignal(pThis->aCts[i].AsyncIOSem);
5097 AssertRC(rc);
5098 }
5099 }
5100
5101 /*
5102 * Wait for them to complete whatever they are doing and then
5103 * for them to terminate.
5104 */
5105 if (ataWaitForAllAsyncIOIsIdle(pDevIns, 20000))
5106 {
5107 for (unsigned i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
5108 {
5109 rc = RTThreadWait(pThis->aCts[i].AsyncIOThread, 30000 /* 30 s*/, NULL);
5110 AssertMsgRC(rc || rc == VERR_INVALID_HANDLE, ("rc=%Rrc i=%d\n", rc, i));
5111 }
5112 }
5113 else
5114 AssertMsgFailed(("Async I/O is still busy!\n"));
5115
5116 /*
5117 * Now the request mutexes are no longer needed. Free resources.
5118 */
5119 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
5120 {
5121 if (pThis->aCts[i].AsyncIORequestMutex != NIL_RTSEMEVENT)
5122 {
5123 RTSemMutexDestroy(pThis->aCts[i].AsyncIORequestMutex);
5124 pThis->aCts[i].AsyncIORequestMutex = NIL_RTSEMEVENT;
5125 }
5126 }
5127 return VINF_SUCCESS;
5128}
5129
5130
5131/**
5132 * Detach notification.
5133 *
5134 * The DVD drive has been unplugged.
5135 *
5136 * @param pDevIns The device instance.
5137 * @param iLUN The logical unit which is being detached.
5138 */
5139static DECLCALLBACK(void) ataDetach(PPDMDEVINS pDevIns, unsigned iLUN)
5140{
5141 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5142 PATACONTROLLER pCtl;
5143 ATADevState *pIf;
5144 unsigned iController;
5145 unsigned iInterface;
5146
5147 /*
5148 * Locate the controller and stuff.
5149 */
5150 iController = iLUN / RT_ELEMENTS(pThis->aCts[0].aIfs);
5151 AssertReleaseMsg(iController < RT_ELEMENTS(pThis->aCts), ("iController=%d iLUN=%d\n", iController, iLUN));
5152 pCtl = &pThis->aCts[iController];
5153
5154 iInterface = iLUN % RT_ELEMENTS(pThis->aCts[0].aIfs);
5155 pIf = &pCtl->aIfs[iInterface];
5156
5157 /*
5158 * Zero some important members.
5159 */
5160 pIf->pDrvBase = NULL;
5161 pIf->pDrvBlock = NULL;
5162 pIf->pDrvBlockBios = NULL;
5163 pIf->pDrvMount = NULL;
5164
5165 /*
5166 * In case there was a medium inserted.
5167 */
5168 ataMediumRemoved(pIf);
5169}
5170
5171
5172/**
5173 * Configure a LUN.
5174 *
5175 * @returns VBox status code.
5176 * @param pDevIns The device instance.
5177 * @param pIf The ATA unit state.
5178 */
5179static int ataConfigLun(PPDMDEVINS pDevIns, ATADevState *pIf)
5180{
5181 int rc;
5182 PDMBLOCKTYPE enmType;
5183
5184 /*
5185 * Query Block, Bios and Mount interfaces.
5186 */
5187 pIf->pDrvBlock = (PDMIBLOCK *)pIf->pDrvBase->pfnQueryInterface(pIf->pDrvBase, PDMINTERFACE_BLOCK);
5188 if (!pIf->pDrvBlock)
5189 {
5190 AssertMsgFailed(("Configuration error: LUN#%d hasn't a block interface!\n", pIf->iLUN));
5191 return VERR_PDM_MISSING_INTERFACE;
5192 }
5193
5194 /** @todo implement the BIOS invisible code path. */
5195 pIf->pDrvBlockBios = (PDMIBLOCKBIOS *)pIf->pDrvBase->pfnQueryInterface(pIf->pDrvBase, PDMINTERFACE_BLOCK_BIOS);
5196 if (!pIf->pDrvBlockBios)
5197 {
5198 AssertMsgFailed(("Configuration error: LUN#%d hasn't a block BIOS interface!\n", pIf->iLUN));
5199 return VERR_PDM_MISSING_INTERFACE;
5200 }
5201 pIf->pDrvMount = (PDMIMOUNT *)pIf->pDrvBase->pfnQueryInterface(pIf->pDrvBase, PDMINTERFACE_MOUNT);
5202
5203 /*
5204 * Validate type.
5205 */
5206 enmType = pIf->pDrvBlock->pfnGetType(pIf->pDrvBlock);
5207 if ( enmType != PDMBLOCKTYPE_CDROM
5208 && enmType != PDMBLOCKTYPE_DVD
5209 && enmType != PDMBLOCKTYPE_HARD_DISK)
5210 {
5211 AssertMsgFailed(("Configuration error: LUN#%d isn't a disk or cd/dvd-rom. enmType=%d\n", pIf->iLUN, enmType));
5212 return VERR_PDM_UNSUPPORTED_BLOCK_TYPE;
5213 }
5214 if ( ( enmType == PDMBLOCKTYPE_DVD
5215 || enmType == PDMBLOCKTYPE_CDROM)
5216 && !pIf->pDrvMount)
5217 {
5218 AssertMsgFailed(("Internal error: cdrom without a mountable interface, WTF???!\n"));
5219 return VERR_INTERNAL_ERROR;
5220 }
5221 pIf->fATAPI = enmType == PDMBLOCKTYPE_DVD || enmType == PDMBLOCKTYPE_CDROM;
5222 pIf->fATAPIPassthrough = pIf->fATAPI ? (pIf->pDrvBlock->pfnSendCmd != NULL) : false;
5223
5224 /*
5225 * Allocate I/O buffer.
5226 */
5227 PVM pVM = PDMDevHlpGetVM(pDevIns);
5228 if (pIf->cbIOBuffer)
5229 {
5230 /* Buffer is (probably) already allocated. Validate the fields,
5231 * because memory corruption can also overwrite pIf->cbIOBuffer. */
5232 if (pIf->fATAPI)
5233 AssertRelease(pIf->cbIOBuffer == _128K);
5234 else
5235 AssertRelease(pIf->cbIOBuffer == ATA_MAX_MULT_SECTORS * 512);
5236 Assert(pIf->pbIOBufferR3);
5237 Assert(pIf->pbIOBufferR0 == MMHyperR3ToR0(pVM, pIf->pbIOBufferR3));
5238 Assert(pIf->pbIOBufferRC == MMHyperR3ToRC(pVM, pIf->pbIOBufferR3));
5239 }
5240 else
5241 {
5242 if (pIf->fATAPI)
5243 pIf->cbIOBuffer = _128K;
5244 else
5245 pIf->cbIOBuffer = ATA_MAX_MULT_SECTORS * 512;
5246 Assert(!pIf->pbIOBufferR3);
5247 rc = MMHyperAlloc(pVM, pIf->cbIOBuffer, 1, MM_TAG_PDM_DEVICE_USER, (void **)&pIf->pbIOBufferR3); /** @todo rainy day: change to MMR3HyperAllocOnceNoRel */
5248 if (RT_FAILURE(rc))
5249 return VERR_NO_MEMORY;
5250 pIf->pbIOBufferR0 = MMHyperR3ToR0(pVM, pIf->pbIOBufferR3);
5251 pIf->pbIOBufferRC = MMHyperR3ToRC(pVM, pIf->pbIOBufferR3);
5252 }
5253
5254 /*
5255 * Init geometry (only for non-CD/DVD media).
5256 */
5257 if (pIf->fATAPI)
5258 {
5259 pIf->cTotalSectors = pIf->pDrvBlock->pfnGetSize(pIf->pDrvBlock) / 2048;
5260 pIf->PCHSGeometry.cCylinders = 0; /* dummy */
5261 pIf->PCHSGeometry.cHeads = 0; /* dummy */
5262 pIf->PCHSGeometry.cSectors = 0; /* dummy */
5263 LogRel(("PIIX3 ATA: LUN#%d: CD/DVD, total number of sectors %Ld, passthrough %s\n", pIf->iLUN, pIf->cTotalSectors, (pIf->fATAPIPassthrough ? "enabled" : "disabled")));
5264 }
5265 else
5266 {
5267 pIf->cTotalSectors = pIf->pDrvBlock->pfnGetSize(pIf->pDrvBlock) / 512;
5268 rc = pIf->pDrvBlockBios->pfnGetPCHSGeometry(pIf->pDrvBlockBios,
5269 &pIf->PCHSGeometry);
5270 if (rc == VERR_PDM_MEDIA_NOT_MOUNTED)
5271 {
5272 pIf->PCHSGeometry.cCylinders = 0;
5273 pIf->PCHSGeometry.cHeads = 16; /*??*/
5274 pIf->PCHSGeometry.cSectors = 63; /*??*/
5275 }
5276 else if (rc == VERR_PDM_GEOMETRY_NOT_SET)
5277 {
5278 pIf->PCHSGeometry.cCylinders = 0; /* autodetect marker */
5279 rc = VINF_SUCCESS;
5280 }
5281 AssertRC(rc);
5282
5283 if ( pIf->PCHSGeometry.cCylinders == 0
5284 || pIf->PCHSGeometry.cHeads == 0
5285 || pIf->PCHSGeometry.cSectors == 0
5286 )
5287 {
5288 uint64_t cCylinders = pIf->cTotalSectors / (16 * 63);
5289 pIf->PCHSGeometry.cCylinders = RT_MAX(RT_MIN(cCylinders, 16383), 1);
5290 pIf->PCHSGeometry.cHeads = 16;
5291 pIf->PCHSGeometry.cSectors = 63;
5292 /* Set the disk geometry information. */
5293 rc = pIf->pDrvBlockBios->pfnSetPCHSGeometry(pIf->pDrvBlockBios,
5294 &pIf->PCHSGeometry);
5295 }
5296 LogRel(("PIIX3 ATA: LUN#%d: disk, PCHS=%u/%u/%u, total number of sectors %Ld\n", pIf->iLUN, pIf->PCHSGeometry.cCylinders, pIf->PCHSGeometry.cHeads, pIf->PCHSGeometry.cSectors, pIf->cTotalSectors));
5297 }
5298 return VINF_SUCCESS;
5299}
5300
5301
5302/**
5303 * Attach command.
5304 *
5305 * This is called when we change block driver for the DVD drive.
5306 *
5307 * @returns VBox status code.
5308 * @param pDevIns The device instance.
5309 * @param iLUN The logical unit which is being detached.
5310 */
5311static DECLCALLBACK(int) ataAttach(PPDMDEVINS pDevIns, unsigned iLUN)
5312{
5313 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5314 PATACONTROLLER pCtl;
5315 ATADevState *pIf;
5316 int rc;
5317 unsigned iController;
5318 unsigned iInterface;
5319
5320 /*
5321 * Locate the controller and stuff.
5322 */
5323 iController = iLUN / RT_ELEMENTS(pThis->aCts[0].aIfs);
5324 AssertReleaseMsg(iController < RT_ELEMENTS(pThis->aCts), ("iController=%d iLUN=%d\n", iController, iLUN));
5325 pCtl = &pThis->aCts[iController];
5326
5327 iInterface = iLUN % RT_ELEMENTS(pThis->aCts[0].aIfs);
5328 pIf = &pCtl->aIfs[iInterface];
5329
5330 /* the usual paranoia */
5331 AssertRelease(!pIf->pDrvBase);
5332 AssertRelease(!pIf->pDrvBlock);
5333 Assert(ATADEVSTATE_2_CONTROLLER(pIf) == pCtl);
5334 Assert(pIf->iLUN == iLUN);
5335
5336 /*
5337 * Try attach the block device and get the interfaces,
5338 * required as well as optional.
5339 */
5340 rc = PDMDevHlpDriverAttach(pDevIns, pIf->iLUN, &pIf->IBase, &pIf->pDrvBase, NULL);
5341 if (RT_SUCCESS(rc))
5342 {
5343 rc = ataConfigLun(pDevIns, pIf);
5344 /*
5345 * In case there is a medium inserted.
5346 */
5347 ataMediumInserted(pIf);
5348 }
5349 else
5350 AssertMsgFailed(("Failed to attach LUN#%d. rc=%Rrc\n", pIf->iLUN, rc));
5351
5352 if (RT_FAILURE(rc))
5353 {
5354 pIf->pDrvBase = NULL;
5355 pIf->pDrvBlock = NULL;
5356 }
5357 return rc;
5358}
5359
5360
5361/**
5362 * Suspend notification.
5363 *
5364 * @returns VBox status.
5365 * @param pDevIns The device instance data.
5366 */
5367static DECLCALLBACK(void) ataSuspend(PPDMDEVINS pDevIns)
5368{
5369 Log(("%s:\n", __FUNCTION__));
5370 if (!ataWaitForAllAsyncIOIsIdle(pDevIns, 20000))
5371 AssertMsgFailed(("Async I/O didn't stop in 20 seconds!\n"));
5372 return;
5373}
5374
5375
5376/**
5377 * Resume notification.
5378 *
5379 * @returns VBox status.
5380 * @param pDevIns The device instance data.
5381 */
5382static DECLCALLBACK(void) ataResume(PPDMDEVINS pDevIns)
5383{
5384 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5385 int rc;
5386
5387 Log(("%s:\n", __FUNCTION__));
5388 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
5389 {
5390 if (pThis->aCts[i].fRedo && pThis->aCts[i].fRedoIdle)
5391 {
5392 rc = RTSemEventSignal(pThis->aCts[i].SuspendIOSem);
5393 AssertRC(rc);
5394 }
5395 }
5396 return;
5397}
5398
5399
5400/**
5401 * Power Off notification.
5402 *
5403 * @returns VBox status.
5404 * @param pDevIns The device instance data.
5405 */
5406static DECLCALLBACK(void) ataPowerOff(PPDMDEVINS pDevIns)
5407{
5408 Log(("%s:\n", __FUNCTION__));
5409 if (!ataWaitForAllAsyncIOIsIdle(pDevIns, 20000))
5410 AssertMsgFailed(("Async I/O didn't stop in 20 seconds!\n"));
5411 return;
5412}
5413
5414
5415/**
5416 * Prepare state save and load operation.
5417 *
5418 * @returns VBox status code.
5419 * @param pDevIns Device instance of the device which registered the data unit.
5420 * @param pSSM SSM operation handle.
5421 */
5422static DECLCALLBACK(int) ataSaveLoadPrep(PPDMDEVINS pDevIns, PSSMHANDLE pSSM)
5423{
5424 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5425
5426 /* sanity - the suspend notification will wait on the async stuff. */
5427 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
5428 {
5429 Assert(ataAsyncIOIsIdle(&pThis->aCts[i], false));
5430 if (!ataAsyncIOIsIdle(&pThis->aCts[i], false))
5431 return VERR_SSM_IDE_ASYNC_TIMEOUT;
5432 }
5433 return VINF_SUCCESS;
5434}
5435
5436
5437/**
5438 * Saves a state of the ATA device.
5439 *
5440 * @returns VBox status code.
5441 * @param pDevIns The device instance.
5442 * @param pSSMHandle The handle to save the state to.
5443 */
5444static DECLCALLBACK(int) ataSaveExec(PPDMDEVINS pDevIns, PSSMHANDLE pSSMHandle)
5445{
5446 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5447
5448 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
5449 {
5450 SSMR3PutU8(pSSMHandle, pThis->aCts[i].iSelectedIf);
5451 SSMR3PutU8(pSSMHandle, pThis->aCts[i].iAIOIf);
5452 SSMR3PutU8(pSSMHandle, pThis->aCts[i].uAsyncIOState);
5453 SSMR3PutBool(pSSMHandle, pThis->aCts[i].fChainedTransfer);
5454 SSMR3PutBool(pSSMHandle, pThis->aCts[i].fReset);
5455 SSMR3PutBool(pSSMHandle, pThis->aCts[i].fRedo);
5456 SSMR3PutBool(pSSMHandle, pThis->aCts[i].fRedoIdle);
5457 SSMR3PutBool(pSSMHandle, pThis->aCts[i].fRedoDMALastDesc);
5458 SSMR3PutMem(pSSMHandle, &pThis->aCts[i].BmDma, sizeof(pThis->aCts[i].BmDma));
5459 SSMR3PutGCPhys32(pSSMHandle, pThis->aCts[i].pFirstDMADesc);
5460 SSMR3PutGCPhys32(pSSMHandle, pThis->aCts[i].pLastDMADesc);
5461 SSMR3PutGCPhys32(pSSMHandle, pThis->aCts[i].pRedoDMABuffer);
5462 SSMR3PutU32(pSSMHandle, pThis->aCts[i].cbRedoDMABuffer);
5463
5464 for (uint32_t j = 0; j < RT_ELEMENTS(pThis->aCts[i].aIfs); j++)
5465 {
5466 SSMR3PutBool(pSSMHandle, pThis->aCts[i].aIfs[j].fLBA48);
5467 SSMR3PutBool(pSSMHandle, pThis->aCts[i].aIfs[j].fATAPI);
5468 SSMR3PutBool(pSSMHandle, pThis->aCts[i].aIfs[j].fIrqPending);
5469 SSMR3PutU8(pSSMHandle, pThis->aCts[i].aIfs[j].cMultSectors);
5470 SSMR3PutU32(pSSMHandle, pThis->aCts[i].aIfs[j].PCHSGeometry.cCylinders);
5471 SSMR3PutU32(pSSMHandle, pThis->aCts[i].aIfs[j].PCHSGeometry.cHeads);
5472 SSMR3PutU32(pSSMHandle, pThis->aCts[i].aIfs[j].PCHSGeometry.cSectors);
5473 SSMR3PutU32(pSSMHandle, pThis->aCts[i].aIfs[j].cSectorsPerIRQ);
5474 SSMR3PutU64(pSSMHandle, pThis->aCts[i].aIfs[j].cTotalSectors);
5475 SSMR3PutU8(pSSMHandle, pThis->aCts[i].aIfs[j].uATARegFeature);
5476 SSMR3PutU8(pSSMHandle, pThis->aCts[i].aIfs[j].uATARegFeatureHOB);
5477 SSMR3PutU8(pSSMHandle, pThis->aCts[i].aIfs[j].uATARegError);
5478 SSMR3PutU8(pSSMHandle, pThis->aCts[i].aIfs[j].uATARegNSector);
5479 SSMR3PutU8(pSSMHandle, pThis->aCts[i].aIfs[j].uATARegNSectorHOB);
5480 SSMR3PutU8(pSSMHandle, pThis->aCts[i].aIfs[j].uATARegSector);
5481 SSMR3PutU8(pSSMHandle, pThis->aCts[i].aIfs[j].uATARegSectorHOB);
5482 SSMR3PutU8(pSSMHandle, pThis->aCts[i].aIfs[j].uATARegLCyl);
5483 SSMR3PutU8(pSSMHandle, pThis->aCts[i].aIfs[j].uATARegLCylHOB);
5484 SSMR3PutU8(pSSMHandle, pThis->aCts[i].aIfs[j].uATARegHCyl);
5485 SSMR3PutU8(pSSMHandle, pThis->aCts[i].aIfs[j].uATARegHCylHOB);
5486 SSMR3PutU8(pSSMHandle, pThis->aCts[i].aIfs[j].uATARegSelect);
5487 SSMR3PutU8(pSSMHandle, pThis->aCts[i].aIfs[j].uATARegStatus);
5488 SSMR3PutU8(pSSMHandle, pThis->aCts[i].aIfs[j].uATARegCommand);
5489 SSMR3PutU8(pSSMHandle, pThis->aCts[i].aIfs[j].uATARegDevCtl);
5490 SSMR3PutU8(pSSMHandle, pThis->aCts[i].aIfs[j].uATATransferMode);
5491 SSMR3PutU8(pSSMHandle, pThis->aCts[i].aIfs[j].uTxDir);
5492 SSMR3PutU8(pSSMHandle, pThis->aCts[i].aIfs[j].iBeginTransfer);
5493 SSMR3PutU8(pSSMHandle, pThis->aCts[i].aIfs[j].iSourceSink);
5494 SSMR3PutBool(pSSMHandle, pThis->aCts[i].aIfs[j].fDMA);
5495 SSMR3PutBool(pSSMHandle, pThis->aCts[i].aIfs[j].fATAPITransfer);
5496 SSMR3PutU32(pSSMHandle, pThis->aCts[i].aIfs[j].cbTotalTransfer);
5497 SSMR3PutU32(pSSMHandle, pThis->aCts[i].aIfs[j].cbElementaryTransfer);
5498 SSMR3PutU32(pSSMHandle, pThis->aCts[i].aIfs[j].iIOBufferCur);
5499 SSMR3PutU32(pSSMHandle, pThis->aCts[i].aIfs[j].iIOBufferEnd);
5500 SSMR3PutU32(pSSMHandle, pThis->aCts[i].aIfs[j].iIOBufferPIODataStart);
5501 SSMR3PutU32(pSSMHandle, pThis->aCts[i].aIfs[j].iIOBufferPIODataEnd);
5502 SSMR3PutU32(pSSMHandle, pThis->aCts[i].aIfs[j].iATAPILBA);
5503 SSMR3PutU32(pSSMHandle, pThis->aCts[i].aIfs[j].cbATAPISector);
5504 SSMR3PutMem(pSSMHandle, &pThis->aCts[i].aIfs[j].aATAPICmd, sizeof(pThis->aCts[i].aIfs[j].aATAPICmd));
5505 SSMR3PutMem(pSSMHandle, &pThis->aCts[i].aIfs[j].abATAPISense, sizeof(pThis->aCts[i].aIfs[j].abATAPISense));
5506 SSMR3PutU8(pSSMHandle, pThis->aCts[i].aIfs[j].cNotifiedMediaChange);
5507 SSMR3PutU32(pSSMHandle, pThis->aCts[i].aIfs[j].MediaEventStatus);
5508 SSMR3PutMem(pSSMHandle, &pThis->aCts[i].aIfs[j].Led, sizeof(pThis->aCts[i].aIfs[j].Led));
5509 SSMR3PutU32(pSSMHandle, pThis->aCts[i].aIfs[j].cbIOBuffer);
5510 if (pThis->aCts[i].aIfs[j].cbIOBuffer)
5511 SSMR3PutMem(pSSMHandle, pThis->aCts[i].aIfs[j].CTX_SUFF(pbIOBuffer), pThis->aCts[i].aIfs[j].cbIOBuffer);
5512 else
5513 Assert(pThis->aCts[i].aIfs[j].CTX_SUFF(pbIOBuffer) == NULL);
5514 }
5515 }
5516 SSMR3PutBool(pSSMHandle, pThis->fPIIX4);
5517
5518 return SSMR3PutU32(pSSMHandle, ~0); /* sanity/terminator */
5519}
5520
5521
5522/**
5523 * Loads a saved ATA device state.
5524 *
5525 * @returns VBox status code.
5526 * @param pDevIns The device instance.
5527 * @param pSSMHandle The handle to the saved state.
5528 * @param u32Version The data unit version number.
5529 */
5530static DECLCALLBACK(int) ataLoadExec(PPDMDEVINS pDevIns, PSSMHANDLE pSSMHandle, uint32_t u32Version)
5531{
5532 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5533 int rc;
5534 uint32_t u32;
5535
5536 if ( u32Version != ATA_SAVED_STATE_VERSION
5537 && u32Version != ATA_SAVED_STATE_VERSION_WITHOUT_FULL_SENSE
5538 && u32Version != ATA_SAVED_STATE_VERSION_WITHOUT_EVENT_STATUS)
5539 {
5540 AssertMsgFailed(("u32Version=%d\n", u32Version));
5541 return VERR_SSM_UNSUPPORTED_DATA_UNIT_VERSION;
5542 }
5543
5544 /*
5545 * Restore valid parts of the PCIATAState structure
5546 */
5547 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
5548 {
5549 /* integrity check */
5550 if (!ataAsyncIOIsIdle(&pThis->aCts[i], false))
5551 {
5552 AssertMsgFailed(("Async I/O for controller %d is active\n", i));
5553 rc = VERR_SSM_DATA_UNIT_FORMAT_CHANGED;
5554 return rc;
5555 }
5556
5557 SSMR3GetU8(pSSMHandle, &pThis->aCts[i].iSelectedIf);
5558 SSMR3GetU8(pSSMHandle, &pThis->aCts[i].iAIOIf);
5559 SSMR3GetU8(pSSMHandle, &pThis->aCts[i].uAsyncIOState);
5560 SSMR3GetBool(pSSMHandle, &pThis->aCts[i].fChainedTransfer);
5561 SSMR3GetBool(pSSMHandle, (bool *)&pThis->aCts[i].fReset);
5562 SSMR3GetBool(pSSMHandle, (bool *)&pThis->aCts[i].fRedo);
5563 SSMR3GetBool(pSSMHandle, (bool *)&pThis->aCts[i].fRedoIdle);
5564 SSMR3GetBool(pSSMHandle, (bool *)&pThis->aCts[i].fRedoDMALastDesc);
5565 SSMR3GetMem(pSSMHandle, &pThis->aCts[i].BmDma, sizeof(pThis->aCts[i].BmDma));
5566 SSMR3GetGCPhys32(pSSMHandle, &pThis->aCts[i].pFirstDMADesc);
5567 SSMR3GetGCPhys32(pSSMHandle, &pThis->aCts[i].pLastDMADesc);
5568 SSMR3GetGCPhys32(pSSMHandle, &pThis->aCts[i].pRedoDMABuffer);
5569 SSMR3GetU32(pSSMHandle, &pThis->aCts[i].cbRedoDMABuffer);
5570
5571 for (uint32_t j = 0; j < RT_ELEMENTS(pThis->aCts[i].aIfs); j++)
5572 {
5573 SSMR3GetBool(pSSMHandle, &pThis->aCts[i].aIfs[j].fLBA48);
5574 SSMR3GetBool(pSSMHandle, &pThis->aCts[i].aIfs[j].fATAPI);
5575 SSMR3GetBool(pSSMHandle, &pThis->aCts[i].aIfs[j].fIrqPending);
5576 SSMR3GetU8(pSSMHandle, &pThis->aCts[i].aIfs[j].cMultSectors);
5577 SSMR3GetU32(pSSMHandle, &pThis->aCts[i].aIfs[j].PCHSGeometry.cCylinders);
5578 SSMR3GetU32(pSSMHandle, &pThis->aCts[i].aIfs[j].PCHSGeometry.cHeads);
5579 SSMR3GetU32(pSSMHandle, &pThis->aCts[i].aIfs[j].PCHSGeometry.cSectors);
5580 SSMR3GetU32(pSSMHandle, &pThis->aCts[i].aIfs[j].cSectorsPerIRQ);
5581 SSMR3GetU64(pSSMHandle, &pThis->aCts[i].aIfs[j].cTotalSectors);
5582 SSMR3GetU8(pSSMHandle, &pThis->aCts[i].aIfs[j].uATARegFeature);
5583 SSMR3GetU8(pSSMHandle, &pThis->aCts[i].aIfs[j].uATARegFeatureHOB);
5584 SSMR3GetU8(pSSMHandle, &pThis->aCts[i].aIfs[j].uATARegError);
5585 SSMR3GetU8(pSSMHandle, &pThis->aCts[i].aIfs[j].uATARegNSector);
5586 SSMR3GetU8(pSSMHandle, &pThis->aCts[i].aIfs[j].uATARegNSectorHOB);
5587 SSMR3GetU8(pSSMHandle, &pThis->aCts[i].aIfs[j].uATARegSector);
5588 SSMR3GetU8(pSSMHandle, &pThis->aCts[i].aIfs[j].uATARegSectorHOB);
5589 SSMR3GetU8(pSSMHandle, &pThis->aCts[i].aIfs[j].uATARegLCyl);
5590 SSMR3GetU8(pSSMHandle, &pThis->aCts[i].aIfs[j].uATARegLCylHOB);
5591 SSMR3GetU8(pSSMHandle, &pThis->aCts[i].aIfs[j].uATARegHCyl);
5592 SSMR3GetU8(pSSMHandle, &pThis->aCts[i].aIfs[j].uATARegHCylHOB);
5593 SSMR3GetU8(pSSMHandle, &pThis->aCts[i].aIfs[j].uATARegSelect);
5594 SSMR3GetU8(pSSMHandle, &pThis->aCts[i].aIfs[j].uATARegStatus);
5595 SSMR3GetU8(pSSMHandle, &pThis->aCts[i].aIfs[j].uATARegCommand);
5596 SSMR3GetU8(pSSMHandle, &pThis->aCts[i].aIfs[j].uATARegDevCtl);
5597 SSMR3GetU8(pSSMHandle, &pThis->aCts[i].aIfs[j].uATATransferMode);
5598 SSMR3GetU8(pSSMHandle, &pThis->aCts[i].aIfs[j].uTxDir);
5599 SSMR3GetU8(pSSMHandle, &pThis->aCts[i].aIfs[j].iBeginTransfer);
5600 SSMR3GetU8(pSSMHandle, &pThis->aCts[i].aIfs[j].iSourceSink);
5601 SSMR3GetBool(pSSMHandle, &pThis->aCts[i].aIfs[j].fDMA);
5602 SSMR3GetBool(pSSMHandle, &pThis->aCts[i].aIfs[j].fATAPITransfer);
5603 SSMR3GetU32(pSSMHandle, &pThis->aCts[i].aIfs[j].cbTotalTransfer);
5604 SSMR3GetU32(pSSMHandle, &pThis->aCts[i].aIfs[j].cbElementaryTransfer);
5605 SSMR3GetU32(pSSMHandle, &pThis->aCts[i].aIfs[j].iIOBufferCur);
5606 SSMR3GetU32(pSSMHandle, &pThis->aCts[i].aIfs[j].iIOBufferEnd);
5607 SSMR3GetU32(pSSMHandle, &pThis->aCts[i].aIfs[j].iIOBufferPIODataStart);
5608 SSMR3GetU32(pSSMHandle, &pThis->aCts[i].aIfs[j].iIOBufferPIODataEnd);
5609 SSMR3GetU32(pSSMHandle, &pThis->aCts[i].aIfs[j].iATAPILBA);
5610 SSMR3GetU32(pSSMHandle, &pThis->aCts[i].aIfs[j].cbATAPISector);
5611 SSMR3GetMem(pSSMHandle, &pThis->aCts[i].aIfs[j].aATAPICmd, sizeof(pThis->aCts[i].aIfs[j].aATAPICmd));
5612 if (u32Version > ATA_SAVED_STATE_VERSION_WITHOUT_FULL_SENSE)
5613 {
5614 SSMR3GetMem(pSSMHandle, pThis->aCts[i].aIfs[j].abATAPISense, sizeof(pThis->aCts[i].aIfs[j].abATAPISense));
5615 }
5616 else
5617 {
5618 uint8_t uATAPISenseKey, uATAPIASC;
5619 memset(pThis->aCts[i].aIfs[j].abATAPISense, '\0', sizeof(pThis->aCts[i].aIfs[j].abATAPISense));
5620 pThis->aCts[i].aIfs[j].abATAPISense[0] = 0x70 | (1 << 7);
5621 pThis->aCts[i].aIfs[j].abATAPISense[7] = 10;
5622 SSMR3GetU8(pSSMHandle, &uATAPISenseKey);
5623 SSMR3GetU8(pSSMHandle, &uATAPIASC);
5624 pThis->aCts[i].aIfs[j].abATAPISense[2] = uATAPISenseKey & 0x0f;
5625 pThis->aCts[i].aIfs[j].abATAPISense[12] = uATAPIASC;
5626 }
5627 /** @todo triple-check this hack after passthrough is working */
5628 SSMR3GetU8(pSSMHandle, &pThis->aCts[i].aIfs[j].cNotifiedMediaChange);
5629 if (u32Version > ATA_SAVED_STATE_VERSION_WITHOUT_EVENT_STATUS)
5630 SSMR3GetU32(pSSMHandle, (uint32_t*)&pThis->aCts[i].aIfs[j].MediaEventStatus);
5631 else
5632 pThis->aCts[i].aIfs[j].MediaEventStatus = ATA_EVENT_STATUS_UNCHANGED;
5633 SSMR3GetMem(pSSMHandle, &pThis->aCts[i].aIfs[j].Led, sizeof(pThis->aCts[i].aIfs[j].Led));
5634 SSMR3GetU32(pSSMHandle, &pThis->aCts[i].aIfs[j].cbIOBuffer);
5635 if (pThis->aCts[i].aIfs[j].cbIOBuffer)
5636 {
5637 if (pThis->aCts[i].aIfs[j].CTX_SUFF(pbIOBuffer))
5638 SSMR3GetMem(pSSMHandle, pThis->aCts[i].aIfs[j].CTX_SUFF(pbIOBuffer), pThis->aCts[i].aIfs[j].cbIOBuffer);
5639 else
5640 {
5641 LogRel(("ATA: No buffer for %d/%d\n", i, j));
5642 if (SSMR3HandleGetAfter(pSSMHandle) != SSMAFTER_DEBUG_IT)
5643 return VERR_SSM_LOAD_CONFIG_MISMATCH;
5644
5645 /* skip the buffer if we're loading for the debugger / animator. */
5646 uint8_t u8Ignored;
5647 size_t cbLeft = pThis->aCts[i].aIfs[j].cbIOBuffer;
5648 while (cbLeft-- > 0)
5649 SSMR3GetU8(pSSMHandle, &u8Ignored);
5650 }
5651 }
5652 else
5653 Assert(pThis->aCts[i].aIfs[j].CTX_SUFF(pbIOBuffer) == NULL);
5654 }
5655 }
5656 SSMR3GetBool(pSSMHandle, &pThis->fPIIX4);
5657
5658 rc = SSMR3GetU32(pSSMHandle, &u32);
5659 if (RT_FAILURE(rc))
5660 return rc;
5661 if (u32 != ~0U)
5662 {
5663 AssertMsgFailed(("u32=%#x expected ~0\n", u32));
5664 rc = VERR_SSM_DATA_UNIT_FORMAT_CHANGED;
5665 return rc;
5666 }
5667
5668 return VINF_SUCCESS;
5669}
5670
5671
5672/**
5673 * Construct a device instance for a VM.
5674 *
5675 * @returns VBox status.
5676 * @param pDevIns The device instance data.
5677 * If the registration structure is needed, pDevIns->pDevReg points to it.
5678 * @param iInstance Instance number. Use this to figure out which registers and such to use.
5679 * The device number is also found in pDevIns->iInstance, but since it's
5680 * likely to be freqently used PDM passes it as parameter.
5681 * @param pCfgHandle Configuration node handle for the device. Use this to obtain the configuration
5682 * of the device instance. It's also found in pDevIns->pCfgHandle, but like
5683 * iInstance it's expected to be used a bit in this function.
5684 */
5685static DECLCALLBACK(int) ataConstruct(PPDMDEVINS pDevIns, int iInstance, PCFGMNODE pCfgHandle)
5686{
5687 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5688 PPDMIBASE pBase;
5689 int rc;
5690 bool fGCEnabled;
5691 bool fR0Enabled;
5692 uint32_t DelayIRQMillies;
5693
5694 Assert(iInstance == 0);
5695
5696 /*
5697 * Initialize NIL handle values (for the destructor).
5698 */
5699 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
5700 {
5701 pThis->aCts[i].AsyncIOSem = NIL_RTSEMEVENT;
5702 pThis->aCts[i].SuspendIOSem = NIL_RTSEMEVENT;
5703 pThis->aCts[i].AsyncIORequestMutex = NIL_RTSEMEVENT;
5704 }
5705
5706 /*
5707 * Validate and read configuration.
5708 */
5709 if (!CFGMR3AreValuesValid(pCfgHandle, "GCEnabled\0IRQDelay\0R0Enabled\0PIIX4\0"))
5710 return PDMDEV_SET_ERROR(pDevIns, VERR_PDM_DEVINS_UNKNOWN_CFG_VALUES,
5711 N_("PIIX3 configuration error: unknown option specified"));
5712
5713 rc = CFGMR3QueryBoolDef(pCfgHandle, "GCEnabled", &fGCEnabled, true);
5714 if (RT_FAILURE(rc))
5715 return PDMDEV_SET_ERROR(pDevIns, rc,
5716 N_("PIIX3 configuration error: failed to read GCEnabled as boolean"));
5717 Log(("%s: fGCEnabled=%d\n", __FUNCTION__, fGCEnabled));
5718
5719 rc = CFGMR3QueryBoolDef(pCfgHandle, "R0Enabled", &fR0Enabled, true);
5720 if (RT_FAILURE(rc))
5721 return PDMDEV_SET_ERROR(pDevIns, rc,
5722 N_("PIIX3 configuration error: failed to read R0Enabled as boolean"));
5723 Log(("%s: fR0Enabled=%d\n", __FUNCTION__, fR0Enabled));
5724
5725 rc = CFGMR3QueryU32Def(pCfgHandle, "IRQDelay", &DelayIRQMillies, 0);
5726 if (RT_FAILURE(rc))
5727 return PDMDEV_SET_ERROR(pDevIns, rc,
5728 N_("PIIX3 configuration error: failed to read IRQDelay as integer"));
5729 Log(("%s: DelayIRQMillies=%d\n", __FUNCTION__, DelayIRQMillies));
5730 Assert(DelayIRQMillies < 50);
5731
5732 rc = CFGMR3QueryBoolDef(pCfgHandle, "PIIX4", &pThis->fPIIX4, false);
5733 if (RT_FAILURE(rc))
5734 return PDMDEV_SET_ERROR(pDevIns, rc,
5735 N_("PIIX3 configuration error: failed to read PIIX4 as boolean"));
5736 Log(("%s: fPIIX4=%d\n", __FUNCTION__, pThis->fPIIX4));
5737
5738 /*
5739 * Initialize data (most of it anyway).
5740 */
5741 /* Status LUN. */
5742 pThis->IBase.pfnQueryInterface = ataStatus_QueryInterface;
5743 pThis->ILeds.pfnQueryStatusLed = ataStatus_QueryStatusLed;
5744
5745 /* PCI configuration space. */
5746 PCIDevSetVendorId(&pThis->dev, 0x8086); /* Intel */
5747 if (pThis->fPIIX4)
5748 {
5749 PCIDevSetDeviceId(&pThis->dev, 0x7111); /* PIIX4 IDE */
5750 PCIDevSetRevisionId(&pThis->dev, 0x01); /* PIIX4E */
5751 pThis->dev.config[0x48] = 0x00; /* UDMACTL */
5752 pThis->dev.config[0x4A] = 0x00; /* UDMATIM */
5753 pThis->dev.config[0x4B] = 0x00;
5754 }
5755 else
5756 PCIDevSetDeviceId(&pThis->dev, 0x7010); /* PIIX3 IDE */
5757 PCIDevSetCommand( &pThis->dev, PCI_COMMAND_IOACCESS | PCI_COMMAND_MEMACCESS | PCI_COMMAND_BUSMASTER);
5758 PCIDevSetClassProg( &pThis->dev, 0x8a); /* programming interface = PCI_IDE bus master is supported */
5759 PCIDevSetClassSub( &pThis->dev, 0x01); /* class_sub = PCI_IDE */
5760 PCIDevSetClassBase( &pThis->dev, 0x01); /* class_base = PCI_mass_storage */
5761 PCIDevSetHeaderType(&pThis->dev, 0x00);
5762
5763 pThis->pDevIns = pDevIns;
5764 pThis->fGCEnabled = fGCEnabled;
5765 pThis->fR0Enabled = fR0Enabled;
5766 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
5767 {
5768 pThis->aCts[i].pDevInsR3 = pDevIns;
5769 pThis->aCts[i].pDevInsR0 = PDMDEVINS_2_R0PTR(pDevIns);
5770 pThis->aCts[i].pDevInsRC = PDMDEVINS_2_RCPTR(pDevIns);
5771 pThis->aCts[i].DelayIRQMillies = (uint32_t)DelayIRQMillies;
5772 for (uint32_t j = 0; j < RT_ELEMENTS(pThis->aCts[i].aIfs); j++)
5773 {
5774 pThis->aCts[i].aIfs[j].iLUN = i * RT_ELEMENTS(pThis->aCts) + j;
5775 pThis->aCts[i].aIfs[j].pDevInsR3 = pDevIns;
5776 pThis->aCts[i].aIfs[j].pDevInsR0 = PDMDEVINS_2_R0PTR(pDevIns);
5777 pThis->aCts[i].aIfs[j].pDevInsRC = PDMDEVINS_2_RCPTR(pDevIns);
5778 pThis->aCts[i].aIfs[j].pControllerR3 = &pThis->aCts[i];
5779 pThis->aCts[i].aIfs[j].pControllerR0 = MMHyperR3ToR0(PDMDevHlpGetVM(pDevIns), &pThis->aCts[i]);
5780 pThis->aCts[i].aIfs[j].pControllerRC = MMHyperR3ToRC(PDMDevHlpGetVM(pDevIns), &pThis->aCts[i]);
5781 pThis->aCts[i].aIfs[j].IBase.pfnQueryInterface = ataQueryInterface;
5782 pThis->aCts[i].aIfs[j].IMountNotify.pfnMountNotify = ataMountNotify;
5783 pThis->aCts[i].aIfs[j].IMountNotify.pfnUnmountNotify = ataUnmountNotify;
5784 pThis->aCts[i].aIfs[j].Led.u32Magic = PDMLED_MAGIC;
5785 }
5786 }
5787
5788 Assert(RT_ELEMENTS(pThis->aCts) == 2);
5789 pThis->aCts[0].irq = 14;
5790 pThis->aCts[0].IOPortBase1 = 0x1f0;
5791 pThis->aCts[0].IOPortBase2 = 0x3f6;
5792 pThis->aCts[1].irq = 15;
5793 pThis->aCts[1].IOPortBase1 = 0x170;
5794 pThis->aCts[1].IOPortBase2 = 0x376;
5795
5796 /*
5797 * Register the PCI device.
5798 * N.B. There's a hack in the PIIX3 PCI bridge device to assign this
5799 * device the slot next to itself.
5800 */
5801 rc = PDMDevHlpPCIRegister(pDevIns, &pThis->dev);
5802 if (RT_FAILURE(rc))
5803 return PDMDEV_SET_ERROR(pDevIns, rc,
5804 N_("PIIX3 cannot register PCI device"));
5805 AssertMsg(pThis->dev.devfn == 9 || iInstance != 0, ("pThis->dev.devfn=%d\n", pThis->dev.devfn));
5806 rc = PDMDevHlpPCIIORegionRegister(pDevIns, 4, 0x10, PCI_ADDRESS_SPACE_IO, ataBMDMAIORangeMap);
5807 if (RT_FAILURE(rc))
5808 return PDMDEV_SET_ERROR(pDevIns, rc,
5809 N_("PIIX3 cannot register PCI I/O region for BMDMA"));
5810
5811 /*
5812 * Register the I/O ports.
5813 * The ports are all hardcoded and enforced by the PIIX3 host bridge controller.
5814 */
5815 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
5816 {
5817 rc = PDMDevHlpIOPortRegister(pDevIns, pThis->aCts[i].IOPortBase1, 8, (RTHCPTR)i,
5818 ataIOPortWrite1, ataIOPortRead1, ataIOPortWriteStr1, ataIOPortReadStr1, "ATA I/O Base 1");
5819 if (RT_FAILURE(rc))
5820 return PDMDEV_SET_ERROR(pDevIns, rc, N_("PIIX3 cannot register I/O handlers"));
5821
5822 if (fGCEnabled)
5823 {
5824 rc = PDMDevHlpIOPortRegisterGC(pDevIns, pThis->aCts[i].IOPortBase1, 8, (RTGCPTR)i,
5825 "ataIOPortWrite1", "ataIOPortRead1", "ataIOPortWriteStr1", "ataIOPortReadStr1", "ATA I/O Base 1");
5826 if (RT_FAILURE(rc))
5827 return PDMDEV_SET_ERROR(pDevIns, rc, N_("PIIX3 cannot register I/O handlers (GC)"));
5828 }
5829
5830 if (fR0Enabled)
5831 {
5832#if 1
5833 rc = PDMDevHlpIOPortRegisterR0(pDevIns, pThis->aCts[i].IOPortBase1, 8, (RTR0PTR)i,
5834 "ataIOPortWrite1", "ataIOPortRead1", NULL, NULL, "ATA I/O Base 1");
5835#else
5836 rc = PDMDevHlpIOPortRegisterR0(pDevIns, pThis->aCts[i].IOPortBase1, 8, (RTR0PTR)i,
5837 "ataIOPortWrite1", "ataIOPortRead1", "ataIOPortWriteStr1", "ataIOPortReadStr1", "ATA I/O Base 1");
5838#endif
5839 if (RT_FAILURE(rc))
5840 return PDMDEV_SET_ERROR(pDevIns, rc, "PIIX3 cannot register I/O handlers (R0).");
5841 }
5842
5843 rc = PDMDevHlpIOPortRegister(pDevIns, pThis->aCts[i].IOPortBase2, 1, (RTHCPTR)i,
5844 ataIOPortWrite2, ataIOPortRead2, NULL, NULL, "ATA I/O Base 2");
5845 if (RT_FAILURE(rc))
5846 return PDMDEV_SET_ERROR(pDevIns, rc, N_("PIIX3 cannot register base2 I/O handlers"));
5847
5848 if (fGCEnabled)
5849 {
5850 rc = PDMDevHlpIOPortRegisterGC(pDevIns, pThis->aCts[i].IOPortBase2, 1, (RTGCPTR)i,
5851 "ataIOPortWrite2", "ataIOPortRead2", NULL, NULL, "ATA I/O Base 2");
5852 if (RT_FAILURE(rc))
5853 return PDMDEV_SET_ERROR(pDevIns, rc, N_("PIIX3 cannot register base2 I/O handlers (GC)"));
5854 }
5855 if (fR0Enabled)
5856 {
5857 rc = PDMDevHlpIOPortRegisterR0(pDevIns, pThis->aCts[i].IOPortBase2, 1, (RTR0PTR)i,
5858 "ataIOPortWrite2", "ataIOPortRead2", NULL, NULL, "ATA I/O Base 2");
5859 if (RT_FAILURE(rc))
5860 return PDMDEV_SET_ERROR(pDevIns, rc, N_("PIIX3 cannot register base2 I/O handlers (R0)"));
5861 }
5862
5863 for (uint32_t j = 0; j < RT_ELEMENTS(pThis->aCts[i].aIfs); j++)
5864 {
5865 ATADevState *pIf = &pThis->aCts[i].aIfs[j];
5866 PDMDevHlpSTAMRegisterF(pDevIns, &pIf->StatATADMA, STAMTYPE_COUNTER, STAMVISIBILITY_ALWAYS, STAMUNIT_OCCURENCES, "Number of ATA DMA transfers.", "/Devices/ATA%d/Unit%d/DMA", i, j);
5867 PDMDevHlpSTAMRegisterF(pDevIns, &pIf->StatATAPIO, STAMTYPE_COUNTER, STAMVISIBILITY_ALWAYS, STAMUNIT_OCCURENCES, "Number of ATA PIO transfers.", "/Devices/ATA%d/Unit%d/PIO", i, j);
5868 PDMDevHlpSTAMRegisterF(pDevIns, &pIf->StatATAPIDMA, STAMTYPE_COUNTER, STAMVISIBILITY_ALWAYS, STAMUNIT_OCCURENCES, "Number of ATAPI DMA transfers.", "/Devices/ATA%d/Unit%d/AtapiDMA", i, j);
5869 PDMDevHlpSTAMRegisterF(pDevIns, &pIf->StatATAPIPIO, STAMTYPE_COUNTER, STAMVISIBILITY_ALWAYS, STAMUNIT_OCCURENCES, "Number of ATAPI PIO transfers.", "/Devices/ATA%d/Unit%d/AtapiPIO", i, j);
5870#ifdef VBOX_WITH_STATISTICS /** @todo release too. */
5871 PDMDevHlpSTAMRegisterF(pDevIns, &pIf->StatReads, STAMTYPE_PROFILE_ADV, STAMVISIBILITY_ALWAYS, STAMUNIT_TICKS_PER_CALL, "Profiling of the read operations.", "/Devices/ATA%d/Unit%d/Reads", i, j);
5872#endif
5873 PDMDevHlpSTAMRegisterF(pDevIns, &pIf->StatBytesRead, STAMTYPE_COUNTER, STAMVISIBILITY_ALWAYS, STAMUNIT_BYTES, "Amount of data read.", "/Devices/ATA%d/Unit%d/ReadBytes", i, j);
5874#ifdef VBOX_INSTRUMENT_DMA_WRITES
5875 PDMDevHlpSTAMRegisterF(pDevIns, &pIf->StatInstrVDWrites,STAMTYPE_PROFILE_ADV, STAMVISIBILITY_ALWAYS, STAMUNIT_TICKS_PER_CALL, "Profiling of the VD DMA write operations.","/Devices/ATA%d/Unit%d/InstrVDWrites", i, j);
5876#endif
5877#ifdef VBOX_WITH_STATISTICS
5878 PDMDevHlpSTAMRegisterF(pDevIns, &pIf->StatWrites, STAMTYPE_PROFILE_ADV, STAMVISIBILITY_ALWAYS, STAMUNIT_TICKS_PER_CALL, "Profiling of the write operations.","/Devices/ATA%d/Unit%d/Writes", i, j);
5879#endif
5880 PDMDevHlpSTAMRegisterF(pDevIns, &pIf->StatBytesWritten, STAMTYPE_COUNTER, STAMVISIBILITY_ALWAYS, STAMUNIT_BYTES, "Amount of data written.", "/Devices/ATA%d/Unit%d/WrittenBytes", i, j);
5881#ifdef VBOX_WITH_STATISTICS
5882 PDMDevHlpSTAMRegisterF(pDevIns, &pIf->StatFlushes, STAMTYPE_PROFILE, STAMVISIBILITY_ALWAYS, STAMUNIT_TICKS_PER_CALL, "Profiling of the flush operations.","/Devices/ATA%d/Unit%d/Flushes", i, j);
5883#endif
5884 }
5885#ifdef VBOX_WITH_STATISTICS /** @todo release too. */
5886 PDMDevHlpSTAMRegisterF(pDevIns, &pThis->aCts[i].StatAsyncOps, STAMTYPE_COUNTER, STAMVISIBILITY_ALWAYS, STAMUNIT_OCCURENCES, "The number of async operations.", "/Devices/ATA%d/Async/Operations", i);
5887 /** @todo STAMUNIT_MICROSECS */
5888 PDMDevHlpSTAMRegisterF(pDevIns, &pThis->aCts[i].StatAsyncMinWait, STAMTYPE_U64_RESET, STAMVISIBILITY_ALWAYS, STAMUNIT_NONE, "Minimum wait in microseconds.", "/Devices/ATA%d/Async/MinWait", i);
5889 PDMDevHlpSTAMRegisterF(pDevIns, &pThis->aCts[i].StatAsyncMaxWait, STAMTYPE_U64_RESET, STAMVISIBILITY_ALWAYS, STAMUNIT_NONE, "Maximum wait in microseconds.", "/Devices/ATA%d/Async/MaxWait", i);
5890 PDMDevHlpSTAMRegisterF(pDevIns, &pThis->aCts[i].StatAsyncTimeUS, STAMTYPE_COUNTER, STAMVISIBILITY_ALWAYS, STAMUNIT_NONE, "Total time spent in microseconds.","/Devices/ATA%d/Async/TotalTimeUS", i);
5891 PDMDevHlpSTAMRegisterF(pDevIns, &pThis->aCts[i].StatAsyncTime, STAMTYPE_PROFILE_ADV, STAMVISIBILITY_ALWAYS, STAMUNIT_TICKS_PER_CALL, "Profiling of async operations.", "/Devices/ATA%d/Async/Time", i);
5892 PDMDevHlpSTAMRegisterF(pDevIns, &pThis->aCts[i].StatLockWait, STAMTYPE_PROFILE, STAMVISIBILITY_ALWAYS, STAMUNIT_TICKS_PER_CALL, "Profiling of locks.", "/Devices/ATA%d/Async/LockWait", i);
5893#endif /* VBOX_WITH_STATISTICS */
5894
5895 /* Initialize per-controller critical section */
5896 char szName[24];
5897 RTStrPrintf(szName, sizeof(szName), "ATA%d", i);
5898 rc = PDMDevHlpCritSectInit(pDevIns, &pThis->aCts[i].lock, szName);
5899 if (RT_FAILURE(rc))
5900 return PDMDEV_SET_ERROR(pDevIns, rc, N_("PIIX3 cannot initialize critical section"));
5901 }
5902
5903 /*
5904 * Attach status driver (optional).
5905 */
5906 rc = PDMDevHlpDriverAttach(pDevIns, PDM_STATUS_LUN, &pThis->IBase, &pBase, "Status Port");
5907 if (RT_SUCCESS(rc))
5908 pThis->pLedsConnector = (PDMILEDCONNECTORS *)pBase->pfnQueryInterface(pBase, PDMINTERFACE_LED_CONNECTORS);
5909 else if (rc != VERR_PDM_NO_ATTACHED_DRIVER)
5910 {
5911 AssertMsgFailed(("Failed to attach to status driver. rc=%Rrc\n", rc));
5912 return PDMDEV_SET_ERROR(pDevIns, rc, N_("PIIX3 cannot attach to status driver"));
5913 }
5914
5915 /*
5916 * Attach the units.
5917 */
5918 uint32_t cbTotalBuffer = 0;
5919 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
5920 {
5921 PATACONTROLLER pCtl = &pThis->aCts[i];
5922
5923 /*
5924 * Start the worker thread.
5925 */
5926 pCtl->uAsyncIOState = ATA_AIO_NEW;
5927 rc = RTSemEventCreate(&pCtl->AsyncIOSem);
5928 AssertRC(rc);
5929 rc = RTSemEventCreate(&pCtl->SuspendIOSem);
5930 AssertRC(rc);
5931 rc = RTSemMutexCreate(&pCtl->AsyncIORequestMutex);
5932 AssertRC(rc);
5933 ataAsyncIOClearRequests(pCtl);
5934 rc = RTThreadCreate(&pCtl->AsyncIOThread, ataAsyncIOLoop, (void *)pCtl, 128*1024, RTTHREADTYPE_IO, RTTHREADFLAGS_WAITABLE, "ATA");
5935 AssertRC(rc);
5936 Assert(pCtl->AsyncIOThread != NIL_RTTHREAD && pCtl->AsyncIOSem != NIL_RTSEMEVENT && pCtl->SuspendIOSem != NIL_RTSEMEVENT && pCtl->AsyncIORequestMutex != NIL_RTSEMMUTEX);
5937 Log(("%s: controller %d AIO thread id %#x; sem %p susp_sem %p mutex %p\n", __FUNCTION__, i, pCtl->AsyncIOThread, pCtl->AsyncIOSem, pCtl->SuspendIOSem, pCtl->AsyncIORequestMutex));
5938
5939 for (uint32_t j = 0; j < RT_ELEMENTS(pCtl->aIfs); j++)
5940 {
5941 static const char *s_apszDescs[RT_ELEMENTS(pThis->aCts)][RT_ELEMENTS(pCtl->aIfs)] =
5942 {
5943 { "Primary Master", "Primary Slave" },
5944 { "Secondary Master", "Secondary Slave" }
5945 };
5946
5947 /*
5948 * Try attach the block device and get the interfaces,
5949 * required as well as optional.
5950 */
5951 ATADevState *pIf = &pCtl->aIfs[j];
5952
5953 rc = PDMDevHlpDriverAttach(pDevIns, pIf->iLUN, &pIf->IBase, &pIf->pDrvBase, s_apszDescs[i][j]);
5954 if (RT_SUCCESS(rc))
5955 rc = ataConfigLun(pDevIns, pIf);
5956 else if (rc == VERR_PDM_NO_ATTACHED_DRIVER)
5957 {
5958 pIf->pDrvBase = NULL;
5959 pIf->pDrvBlock = NULL;
5960 pIf->cbIOBuffer = 0;
5961 pIf->pbIOBufferR3 = NULL;
5962 pIf->pbIOBufferR0 = NIL_RTR0PTR;
5963 pIf->pbIOBufferRC = NIL_RTGCPTR;
5964 LogRel(("PIIX3 ATA: LUN#%d: no unit\n", pIf->iLUN));
5965 }
5966 else
5967 {
5968 switch (rc)
5969 {
5970 case VERR_ACCESS_DENIED:
5971 /* Error already catched by DrvHostBase */
5972 return rc;
5973 default:
5974 return PDMDevHlpVMSetError(pDevIns, rc, RT_SRC_POS,
5975 N_("PIIX3 cannot attach drive to the %s"),
5976 s_apszDescs[i][j]);
5977 }
5978 }
5979 cbTotalBuffer += pIf->cbIOBuffer;
5980 }
5981 }
5982
5983 rc = PDMDevHlpSSMRegister(pDevIns, pDevIns->pDevReg->szDeviceName, iInstance,
5984 ATA_SAVED_STATE_VERSION, sizeof(*pThis) + cbTotalBuffer,
5985 ataSaveLoadPrep, ataSaveExec, NULL,
5986 ataSaveLoadPrep, ataLoadExec, NULL);
5987 if (RT_FAILURE(rc))
5988 return PDMDEV_SET_ERROR(pDevIns, rc, N_("PIIX3 cannot register save state handlers"));
5989
5990 /*
5991 * Initialize the device state.
5992 */
5993 ataReset(pDevIns);
5994
5995 return VINF_SUCCESS;
5996}
5997
5998
5999/**
6000 * The device registration structure.
6001 */
6002const PDMDEVREG g_DevicePIIX3IDE =
6003{
6004 /* u32Version */
6005 PDM_DEVREG_VERSION,
6006 /* szDeviceName */
6007 "piix3ide",
6008 /* szRCMod */
6009 "VBoxDDGC.gc",
6010 /* szR0Mod */
6011 "VBoxDDR0.r0",
6012 /* pszDescription */
6013 "Intel PIIX3 ATA controller.\n"
6014 " LUN #0 is primary master.\n"
6015 " LUN #1 is primary slave.\n"
6016 " LUN #2 is secondary master.\n"
6017 " LUN #3 is secondary slave.\n"
6018 " LUN #999 is the LED/Status connector.",
6019 /* fFlags */
6020 PDM_DEVREG_FLAGS_DEFAULT_BITS | PDM_DEVREG_FLAGS_RC | PDM_DEVREG_FLAGS_R0,
6021 /* fClass */
6022 PDM_DEVREG_CLASS_STORAGE,
6023 /* cMaxInstances */
6024 1,
6025 /* cbInstance */
6026 sizeof(PCIATAState),
6027 /* pfnConstruct */
6028 ataConstruct,
6029 /* pfnDestruct */
6030 ataDestruct,
6031 /* pfnRelocate */
6032 ataRelocate,
6033 /* pfnIOCtl */
6034 NULL,
6035 /* pfnPowerOn */
6036 NULL,
6037 /* pfnReset */
6038 ataReset,
6039 /* pfnSuspend */
6040 ataSuspend,
6041 /* pfnResume */
6042 ataResume,
6043 /* pfnAttach */
6044 ataAttach,
6045 /* pfnDetach */
6046 ataDetach,
6047 /* pfnQueryInterface. */
6048 NULL,
6049 /* pfnInitComplete */
6050 NULL,
6051 /* pfnPowerOff */
6052 ataPowerOff,
6053 /* pfnSoftReset */
6054 NULL,
6055 /* u32VersionEnd */
6056 PDM_DEVREG_VERSION
6057};
6058#endif /* IN_RING3 */
6059#endif /* !VBOX_DEVICE_STRUCT_TESTCASE */
6060
Note: See TracBrowser for help on using the repository browser.

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette