VirtualBox

source: vbox/trunk/src/VBox/Devices/Storage/DevATA.cpp@ 53411

Last change on this file since 53411 was 53409, checked in by vboxsync, 10 years ago

Storage/ATA: Fix broken CD/DVD passthrough

  • Property svn:eol-style set to native
  • Property svn:keywords set to Author Date Id Revision
File size: 289.7 KB
Line 
1/* $Id: DevATA.cpp 53409 2014-11-28 13:33:46Z vboxsync $ */
2/** @file
3 * VBox storage devices: ATA/ATAPI controller device (disk and cdrom).
4 */
5
6/*
7 * Copyright (C) 2006-2013 Oracle Corporation
8 *
9 * This file is part of VirtualBox Open Source Edition (OSE), as
10 * available from http://www.virtualbox.org. This file is free software;
11 * you can redistribute it and/or modify it under the terms of the GNU
12 * General Public License (GPL) as published by the Free Software
13 * Foundation, in version 2 as it comes in the "COPYING" file of the
14 * VirtualBox OSE distribution. VirtualBox OSE is distributed in the
15 * hope that it will be useful, but WITHOUT ANY WARRANTY of any kind.
16 */
17
18/*******************************************************************************
19* Defined Constants And Macros *
20*******************************************************************************/
21/** Temporary instrumentation for tracking down potential virtual disk
22 * write performance issues. */
23#undef VBOX_INSTRUMENT_DMA_WRITES
24
25/** @name The SSM saved state versions.
26 * @{
27 */
28/** The current saved state version. */
29#define ATA_SAVED_STATE_VERSION 20
30/** The saved state version used by VirtualBox 3.0.
31 * This lacks the config part and has the type at the and. */
32#define ATA_SAVED_STATE_VERSION_VBOX_30 19
33#define ATA_SAVED_STATE_VERSION_WITH_BOOL_TYPE 18
34#define ATA_SAVED_STATE_VERSION_WITHOUT_FULL_SENSE 16
35#define ATA_SAVED_STATE_VERSION_WITHOUT_EVENT_STATUS 17
36/** @} */
37
38/*******************************************************************************
39* Header Files *
40*******************************************************************************/
41#define LOG_GROUP LOG_GROUP_DEV_IDE
42#include <VBox/vmm/pdmdev.h>
43#include <iprt/assert.h>
44#include <iprt/string.h>
45#ifdef IN_RING3
46# include <iprt/uuid.h>
47# include <iprt/semaphore.h>
48# include <iprt/thread.h>
49# include <iprt/time.h>
50# include <iprt/alloc.h>
51#endif /* IN_RING3 */
52#include <iprt/critsect.h>
53#include <iprt/asm.h>
54#include <VBox/vmm/stam.h>
55#include <VBox/vmm/mm.h>
56#include <VBox/vmm/pgm.h>
57
58#include <VBox/scsi.h>
59
60#include "PIIX3ATABmDma.h"
61#include "ide.h"
62#include "ATAPIPassthrough.h"
63#include "VBoxDD.h"
64
65/*******************************************************************************
66* Defined Constants And Macros *
67*******************************************************************************/
68/**
69 * Maximum number of sectors to transfer in a READ/WRITE MULTIPLE request.
70 * Set to 1 to disable multi-sector read support. According to the ATA
71 * specification this must be a power of 2 and it must fit in an 8 bit
72 * value. Thus the only valid values are 1, 2, 4, 8, 16, 32, 64 and 128.
73 */
74#define ATA_MAX_MULT_SECTORS 128
75
76/**
77 * Fastest PIO mode supported by the drive.
78 */
79#define ATA_PIO_MODE_MAX 4
80/**
81 * Fastest MDMA mode supported by the drive.
82 */
83#define ATA_MDMA_MODE_MAX 2
84/**
85 * Fastest UDMA mode supported by the drive.
86 */
87#define ATA_UDMA_MODE_MAX 6
88
89/** ATAPI sense info size. */
90#define ATAPI_SENSE_SIZE 64
91
92/** The maximum number of release log entries per device. */
93#define MAX_LOG_REL_ERRORS 1024
94
95/* MediaEventStatus */
96#define ATA_EVENT_STATUS_UNCHANGED 0 /**< medium event status not changed */
97#define ATA_EVENT_STATUS_MEDIA_NEW 1 /**< new medium inserted */
98#define ATA_EVENT_STATUS_MEDIA_REMOVED 2 /**< medium removed */
99#define ATA_EVENT_STATUS_MEDIA_CHANGED 3 /**< medium was removed + new medium was inserted */
100#define ATA_EVENT_STATUS_MEDIA_EJECT_REQUESTED 4 /**< medium eject requested (eject button pressed) */
101
102/* Media track type */
103#define ATA_MEDIA_TYPE_UNKNOWN 0 /**< unknown CD type */
104#define ATA_MEDIA_NO_DISC 0x70 /**< Door closed, no medium */
105
106/*******************************************************************************
107* Structures and Typedefs *
108*******************************************************************************/
109/**
110 * The state of an ATA device.
111 *
112 * @implements PDMIBASE
113 * @implements PDMIBLOCKPORT
114 * @implements PDMIMOUNTNOTIFY
115 */
116typedef struct ATADevState
117{
118 /** Flag indicating whether the current command uses LBA48 mode. */
119 bool fLBA48;
120 /** Flag indicating whether this drive implements the ATAPI command set. */
121 bool fATAPI;
122 /** Set if this interface has asserted the IRQ. */
123 bool fIrqPending;
124 /** Currently configured number of sectors in a multi-sector transfer. */
125 uint8_t cMultSectors;
126 /** PCHS disk geometry. */
127 PDMMEDIAGEOMETRY PCHSGeometry;
128 /** Total number of sectors on this disk. */
129 uint64_t cTotalSectors;
130 /** Sector size of the medium. */
131 uint32_t cbSector;
132 /** Number of sectors to transfer per IRQ. */
133 uint32_t cSectorsPerIRQ;
134
135 /** ATA/ATAPI register 1: feature (write-only). */
136 uint8_t uATARegFeature;
137 /** ATA/ATAPI register 1: feature, high order byte. */
138 uint8_t uATARegFeatureHOB;
139 /** ATA/ATAPI register 1: error (read-only). */
140 uint8_t uATARegError;
141 /** ATA/ATAPI register 2: sector count (read/write). */
142 uint8_t uATARegNSector;
143 /** ATA/ATAPI register 2: sector count, high order byte. */
144 uint8_t uATARegNSectorHOB;
145 /** ATA/ATAPI register 3: sector (read/write). */
146 uint8_t uATARegSector;
147 /** ATA/ATAPI register 3: sector, high order byte. */
148 uint8_t uATARegSectorHOB;
149 /** ATA/ATAPI register 4: cylinder low (read/write). */
150 uint8_t uATARegLCyl;
151 /** ATA/ATAPI register 4: cylinder low, high order byte. */
152 uint8_t uATARegLCylHOB;
153 /** ATA/ATAPI register 5: cylinder high (read/write). */
154 uint8_t uATARegHCyl;
155 /** ATA/ATAPI register 5: cylinder high, high order byte. */
156 uint8_t uATARegHCylHOB;
157 /** ATA/ATAPI register 6: select drive/head (read/write). */
158 uint8_t uATARegSelect;
159 /** ATA/ATAPI register 7: status (read-only). */
160 uint8_t uATARegStatus;
161 /** ATA/ATAPI register 7: command (write-only). */
162 uint8_t uATARegCommand;
163 /** ATA/ATAPI drive control register (write-only). */
164 uint8_t uATARegDevCtl;
165
166 /** Currently active transfer mode (MDMA/UDMA) and speed. */
167 uint8_t uATATransferMode;
168 /** Current transfer direction. */
169 uint8_t uTxDir;
170 /** Index of callback for begin transfer. */
171 uint8_t iBeginTransfer;
172 /** Index of callback for source/sink of data. */
173 uint8_t iSourceSink;
174 /** Flag indicating whether the current command transfers data in DMA mode. */
175 bool fDMA;
176 /** Set to indicate that ATAPI transfer semantics must be used. */
177 bool fATAPITransfer;
178
179 /** Total ATA/ATAPI transfer size, shared PIO/DMA. */
180 uint32_t cbTotalTransfer;
181 /** Elementary ATA/ATAPI transfer size, shared PIO/DMA. */
182 uint32_t cbElementaryTransfer;
183 /** Maximum ATAPI elementary transfer size, PIO only. */
184 uint32_t cbPIOTransferLimit;
185 /** ATAPI passthrough transfer size, shared PIO/DMA */
186 uint32_t cbAtapiPassthroughTransfer;
187 /** Current read/write buffer position, shared PIO/DMA. */
188 uint32_t iIOBufferCur;
189 /** First element beyond end of valid buffer content, shared PIO/DMA. */
190 uint32_t iIOBufferEnd;
191 /** Align the following fields correctly. */
192 uint32_t Alignment0;
193
194 /** ATA/ATAPI current PIO read/write transfer position. Not shared with DMA for safety reasons. */
195 uint32_t iIOBufferPIODataStart;
196 /** ATA/ATAPI current PIO read/write transfer end. Not shared with DMA for safety reasons. */
197 uint32_t iIOBufferPIODataEnd;
198
199 /** ATAPI current LBA position. */
200 uint32_t iATAPILBA;
201 /** ATAPI current sector size. */
202 uint32_t cbATAPISector;
203 /** ATAPI current command. */
204 uint8_t aATAPICmd[ATAPI_PACKET_SIZE];
205 /** ATAPI sense data. */
206 uint8_t abATAPISense[ATAPI_SENSE_SIZE];
207 /** HACK: Countdown till we report a newly unmounted drive as mounted. */
208 uint8_t cNotifiedMediaChange;
209 /** The same for GET_EVENT_STATUS for mechanism */
210 volatile uint32_t MediaEventStatus;
211
212 /** Media type if known. */
213 volatile uint32_t MediaTrackType;
214
215 /** The status LED state for this drive. */
216 PDMLED Led;
217
218 /** Size of I/O buffer. */
219 uint32_t cbIOBuffer;
220 /** Pointer to the I/O buffer. */
221 R3PTRTYPE(uint8_t *) pbIOBufferR3;
222 /** Pointer to the I/O buffer. */
223 R0PTRTYPE(uint8_t *) pbIOBufferR0;
224 /** Pointer to the I/O buffer. */
225 RCPTRTYPE(uint8_t *) pbIOBufferRC;
226
227 RTRCPTR Aligmnent1; /**< Align the statistics at an 8-byte boundary. */
228
229 /*
230 * No data that is part of the saved state after this point!!!!!
231 */
232
233 /* Release statistics: number of ATA DMA commands. */
234 STAMCOUNTER StatATADMA;
235 /* Release statistics: number of ATA PIO commands. */
236 STAMCOUNTER StatATAPIO;
237 /* Release statistics: number of ATAPI PIO commands. */
238 STAMCOUNTER StatATAPIDMA;
239 /* Release statistics: number of ATAPI PIO commands. */
240 STAMCOUNTER StatATAPIPIO;
241#ifdef VBOX_INSTRUMENT_DMA_WRITES
242 /* Release statistics: number of DMA sector writes and the time spent. */
243 STAMPROFILEADV StatInstrVDWrites;
244#endif
245
246 /** Statistics: number of read operations and the time spent reading. */
247 STAMPROFILEADV StatReads;
248 /** Statistics: number of bytes read. */
249 STAMCOUNTER StatBytesRead;
250 /** Statistics: number of write operations and the time spent writing. */
251 STAMPROFILEADV StatWrites;
252 /** Statistics: number of bytes written. */
253 STAMCOUNTER StatBytesWritten;
254 /** Statistics: number of flush operations and the time spend flushing. */
255 STAMPROFILE StatFlushes;
256
257 /** Mark the drive as having a non-rotational medium (i.e. as a SSD). */
258 bool fNonRotational;
259 /** Enable passing through commands directly to the ATAPI drive. */
260 bool fATAPIPassthrough;
261 /** Flag whether to overwrite inquiry data in passthrough mode. */
262 bool fOverwriteInquiry;
263 /** Number of errors we've reported to the release log.
264 * This is to prevent flooding caused by something going horribly wrong.
265 * this value against MAX_LOG_REL_ERRORS in places likely to cause floods
266 * like the ones we currently seeing on the linux smoke tests (2006-11-10). */
267 uint32_t cErrors;
268 /** Timestamp of last started command. 0 if no command pending. */
269 uint64_t u64CmdTS;
270
271 /** Pointer to the attached driver's base interface. */
272 R3PTRTYPE(PPDMIBASE) pDrvBase;
273 /** Pointer to the attached driver's block interface. */
274 R3PTRTYPE(PPDMIBLOCK) pDrvBlock;
275 /** Pointer to the attached driver's block bios interface. */
276 R3PTRTYPE(PPDMIBLOCKBIOS) pDrvBlockBios;
277 /** Pointer to the attached driver's mount interface.
278 * This is NULL if the driver isn't a removable unit. */
279 R3PTRTYPE(PPDMIMOUNT) pDrvMount;
280 /** The base interface. */
281 PDMIBASE IBase;
282 /** The block port interface. */
283 PDMIBLOCKPORT IPort;
284 /** The mount notify interface. */
285 PDMIMOUNTNOTIFY IMountNotify;
286 /** The LUN #. */
287 RTUINT iLUN;
288 RTUINT Alignment2; /**< Align pDevInsR3 correctly. */
289 /** Pointer to device instance. */
290 PPDMDEVINSR3 pDevInsR3;
291 /** Pointer to controller instance. */
292 R3PTRTYPE(struct ATACONTROLLER *) pControllerR3;
293 /** Pointer to device instance. */
294 PPDMDEVINSR0 pDevInsR0;
295 /** Pointer to controller instance. */
296 R0PTRTYPE(struct ATACONTROLLER *) pControllerR0;
297 /** Pointer to device instance. */
298 PPDMDEVINSRC pDevInsRC;
299 /** Pointer to controller instance. */
300 RCPTRTYPE(struct ATACONTROLLER *) pControllerRC;
301
302 /** The serial number to use for IDENTIFY DEVICE commands. */
303 char szSerialNumber[ATA_SERIAL_NUMBER_LENGTH+1];
304 /** The firmware revision to use for IDENTIFY DEVICE commands. */
305 char szFirmwareRevision[ATA_FIRMWARE_REVISION_LENGTH+1];
306 /** The model number to use for IDENTIFY DEVICE commands. */
307 char szModelNumber[ATA_MODEL_NUMBER_LENGTH+1];
308 /** The vendor identification string for SCSI INQUIRY commands. */
309 char szInquiryVendorId[ATAPI_INQUIRY_VENDOR_ID_LENGTH+1];
310 /** The product identification string for SCSI INQUIRY commands. */
311 char szInquiryProductId[ATAPI_INQUIRY_PRODUCT_ID_LENGTH+1];
312 /** The revision string for SCSI INQUIRY commands. */
313 char szInquiryRevision[ATAPI_INQUIRY_REVISION_LENGTH+1];
314 /** The current tracklist of the loaded medium if passthrough is used. */
315 R3PTRTYPE(PTRACKLIST) pTrackList;
316
317 uint8_t abAlignment4[HC_ARCH_BITS == 64 ? 7 : 3];
318} ATADevState;
319AssertCompileMemberAlignment(ATADevState, cTotalSectors, 8);
320AssertCompileMemberAlignment(ATADevState, StatATADMA, 8);
321AssertCompileMemberAlignment(ATADevState, u64CmdTS, 8);
322AssertCompileMemberAlignment(ATADevState, pDevInsR3, 8);
323AssertCompileMemberAlignment(ATADevState, szSerialNumber, 8);
324AssertCompileSizeAlignment(ATADevState, 8);
325
326
327typedef struct ATATransferRequest
328{
329 uint8_t iIf;
330 uint8_t iBeginTransfer;
331 uint8_t iSourceSink;
332 uint32_t cbTotalTransfer;
333 uint8_t uTxDir;
334} ATATransferRequest;
335
336
337typedef struct ATAAbortRequest
338{
339 uint8_t iIf;
340 bool fResetDrive;
341} ATAAbortRequest;
342
343
344typedef enum
345{
346 /** Begin a new transfer. */
347 ATA_AIO_NEW = 0,
348 /** Continue a DMA transfer. */
349 ATA_AIO_DMA,
350 /** Continue a PIO transfer. */
351 ATA_AIO_PIO,
352 /** Reset the drives on current controller, stop all transfer activity. */
353 ATA_AIO_RESET_ASSERTED,
354 /** Reset the drives on current controller, resume operation. */
355 ATA_AIO_RESET_CLEARED,
356 /** Abort the current transfer of a particular drive. */
357 ATA_AIO_ABORT
358} ATAAIO;
359
360
361typedef struct ATARequest
362{
363 ATAAIO ReqType;
364 union
365 {
366 ATATransferRequest t;
367 ATAAbortRequest a;
368 } u;
369} ATARequest;
370
371
372typedef struct ATACONTROLLER
373{
374 /** The base of the first I/O Port range. */
375 RTIOPORT IOPortBase1;
376 /** The base of the second I/O Port range. (0 if none) */
377 RTIOPORT IOPortBase2;
378 /** The assigned IRQ. */
379 RTUINT irq;
380 /** Access critical section */
381 PDMCRITSECT lock;
382
383 /** Selected drive. */
384 uint8_t iSelectedIf;
385 /** The interface on which to handle async I/O. */
386 uint8_t iAIOIf;
387 /** The state of the async I/O thread. */
388 uint8_t uAsyncIOState;
389 /** Flag indicating whether the next transfer is part of the current command. */
390 bool fChainedTransfer;
391 /** Set when the reset processing is currently active on this controller. */
392 bool fReset;
393 /** Flag whether the current transfer needs to be redone. */
394 bool fRedo;
395 /** Flag whether the redo suspend has been finished. */
396 bool fRedoIdle;
397 /** Flag whether the DMA operation to be redone is the final transfer. */
398 bool fRedoDMALastDesc;
399 /** The BusMaster DMA state. */
400 BMDMAState BmDma;
401 /** Pointer to first DMA descriptor. */
402 RTGCPHYS32 pFirstDMADesc;
403 /** Pointer to last DMA descriptor. */
404 RTGCPHYS32 pLastDMADesc;
405 /** Pointer to current DMA buffer (for redo operations). */
406 RTGCPHYS32 pRedoDMABuffer;
407 /** Size of current DMA buffer (for redo operations). */
408 uint32_t cbRedoDMABuffer;
409
410 /** The ATA/ATAPI interfaces of this controller. */
411 ATADevState aIfs[2];
412
413 /** Pointer to device instance. */
414 PPDMDEVINSR3 pDevInsR3;
415 /** Pointer to device instance. */
416 PPDMDEVINSR0 pDevInsR0;
417 /** Pointer to device instance. */
418 PPDMDEVINSRC pDevInsRC;
419
420 /** Set when the destroying the device instance and the thread must exit. */
421 uint32_t volatile fShutdown;
422 /** The async I/O thread handle. NIL_RTTHREAD if no thread. */
423 RTTHREAD AsyncIOThread;
424 /** The event semaphore the thread is waiting on for requests. */
425 RTSEMEVENT AsyncIOSem;
426 /** The request queue for the AIO thread. One element is always unused. */
427 ATARequest aAsyncIORequests[4];
428 /** The position at which to insert a new request for the AIO thread. */
429 volatile uint8_t AsyncIOReqHead;
430 /** The position at which to get a new request for the AIO thread. */
431 volatile uint8_t AsyncIOReqTail;
432 /** Whether to call PDMDevHlpAsyncNotificationCompleted when idle. */
433 bool volatile fSignalIdle;
434 uint8_t Alignment3[1]; /**< Explicit padding of the 1 byte gap. */
435 /** Magic delay before triggering interrupts in DMA mode. */
436 uint32_t DelayIRQMillies;
437 /** The mutex protecting the request queue. */
438 RTSEMMUTEX AsyncIORequestMutex;
439 /** The event semaphore the thread is waiting on during suspended I/O. */
440 RTSEMEVENT SuspendIOSem;
441#if 0 /*HC_ARCH_BITS == 32*/
442 uint32_t Alignment0;
443#endif
444
445 /** Timestamp we started the reset. */
446 uint64_t u64ResetTime;
447
448 /* Statistics */
449 STAMCOUNTER StatAsyncOps;
450 uint64_t StatAsyncMinWait;
451 uint64_t StatAsyncMaxWait;
452 STAMCOUNTER StatAsyncTimeUS;
453 STAMPROFILEADV StatAsyncTime;
454 STAMPROFILE StatLockWait;
455} ATACONTROLLER, *PATACONTROLLER;
456AssertCompileMemberAlignment(ATACONTROLLER, lock, 8);
457AssertCompileMemberAlignment(ATACONTROLLER, aIfs, 8);
458AssertCompileMemberAlignment(ATACONTROLLER, u64ResetTime, 8);
459AssertCompileMemberAlignment(ATACONTROLLER, StatAsyncOps, 8);
460
461typedef enum CHIPSET
462{
463 /** PIIX3 chipset, must be 0 for saved state compatibility */
464 CHIPSET_PIIX3 = 0,
465 /** PIIX4 chipset, must be 1 for saved state compatibility */
466 CHIPSET_PIIX4 = 1,
467 /** ICH6 chipset */
468 CHIPSET_ICH6 = 2
469} CHIPSET;
470
471/**
472 * The state of the ATA PCI device.
473 *
474 * @extends PCIDEVICE
475 * @implements PDMILEDPORTS
476 */
477typedef struct PCIATAState
478{
479 PCIDEVICE dev;
480 /** The controllers. */
481 ATACONTROLLER aCts[2];
482 /** Pointer to device instance. */
483 PPDMDEVINSR3 pDevIns;
484 /** Status LUN: Base interface. */
485 PDMIBASE IBase;
486 /** Status LUN: Leds interface. */
487 PDMILEDPORTS ILeds;
488 /** Status LUN: Partner of ILeds. */
489 R3PTRTYPE(PPDMILEDCONNECTORS) pLedsConnector;
490 /** Status LUN: Media Notify. */
491 R3PTRTYPE(PPDMIMEDIANOTIFY) pMediaNotify;
492 /** Flag whether GC is enabled. */
493 bool fGCEnabled;
494 /** Flag whether R0 is enabled. */
495 bool fR0Enabled;
496 /** Flag indicating chipset being emulated. */
497 uint8_t u8Type;
498 bool Alignment0[HC_ARCH_BITS == 64 ? 5 : 1 ]; /**< Align the struct size. */
499} PCIATAState;
500
501#define PDMIBASE_2_PCIATASTATE(pInterface) ( (PCIATAState *)((uintptr_t)(pInterface) - RT_OFFSETOF(PCIATAState, IBase)) )
502#define PDMILEDPORTS_2_PCIATASTATE(pInterface) ( (PCIATAState *)((uintptr_t)(pInterface) - RT_OFFSETOF(PCIATAState, ILeds)) )
503#define PDMIBLOCKPORT_2_ATASTATE(pInterface) ( (ATADevState *)((uintptr_t)(pInterface) - RT_OFFSETOF(ATADevState, IPort)) )
504#define PDMIMOUNT_2_ATASTATE(pInterface) ( (ATADevState *)((uintptr_t)(pInterface) - RT_OFFSETOF(ATADevState, IMount)) )
505#define PDMIMOUNTNOTIFY_2_ATASTATE(pInterface) ( (ATADevState *)((uintptr_t)(pInterface) - RT_OFFSETOF(ATADevState, IMountNotify)) )
506#define PCIDEV_2_PCIATASTATE(pPciDev) ( (PCIATAState *)(pPciDev) )
507
508#define ATACONTROLLER_IDX(pController) ( (pController) - PDMINS_2_DATA(CONTROLLER_2_DEVINS(pController), PCIATAState *)->aCts )
509
510#define ATADEVSTATE_2_CONTROLLER(pIf) ( (pIf)->CTX_SUFF(pController) )
511#define ATADEVSTATE_2_DEVINS(pIf) ( (pIf)->CTX_SUFF(pDevIns) )
512#define CONTROLLER_2_DEVINS(pController) ( (pController)->CTX_SUFF(pDevIns) )
513#define PDMIBASE_2_ATASTATE(pInterface) ( (ATADevState *)((uintptr_t)(pInterface) - RT_OFFSETOF(ATADevState, IBase)) )
514#define PDMIBLOCKPORT_2_ATASTATE(pInterface) ( (ATADevState *)((uintptr_t)(pInterface) - RT_OFFSETOF(ATADevState, IPort)) )
515
516#ifndef VBOX_DEVICE_STRUCT_TESTCASE
517/*******************************************************************************
518 * Internal Functions *
519 ******************************************************************************/
520RT_C_DECLS_BEGIN
521PDMBOTHCBDECL(int) ataIOPortWrite1(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t u32, unsigned cb);
522PDMBOTHCBDECL(int) ataIOPortRead1(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t *u32, unsigned cb);
523PDMBOTHCBDECL(int) ataIOPortWriteStr1(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, RTGCPTR *pGCPtrSrc, PRTGCUINTREG pcTransfer, unsigned cb);
524PDMBOTHCBDECL(int) ataIOPortReadStr1(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, RTGCPTR *pGCPtrDst, PRTGCUINTREG pcTransfer, unsigned cb);
525PDMBOTHCBDECL(int) ataIOPortWrite2(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t u32, unsigned cb);
526PDMBOTHCBDECL(int) ataIOPortRead2(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t *u32, unsigned cb);
527PDMBOTHCBDECL(int) ataBMDMAIOPortWrite(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t u32, unsigned cb);
528PDMBOTHCBDECL(int) ataBMDMAIOPortRead(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t *pu32, unsigned cb);
529RT_C_DECLS_END
530
531
532
533DECLINLINE(void) ataSetStatusValue(ATADevState *s, uint8_t stat)
534{
535 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
536
537 /* Freeze status register contents while processing RESET. */
538 if (!pCtl->fReset)
539 {
540 s->uATARegStatus = stat;
541 Log2(("%s: LUN#%d status %#04x\n", __FUNCTION__, s->iLUN, s->uATARegStatus));
542 }
543}
544
545
546DECLINLINE(void) ataSetStatus(ATADevState *s, uint8_t stat)
547{
548 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
549
550 /* Freeze status register contents while processing RESET. */
551 if (!pCtl->fReset)
552 {
553 s->uATARegStatus |= stat;
554 Log2(("%s: LUN#%d status %#04x\n", __FUNCTION__, s->iLUN, s->uATARegStatus));
555 }
556}
557
558
559DECLINLINE(void) ataUnsetStatus(ATADevState *s, uint8_t stat)
560{
561 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
562
563 /* Freeze status register contents while processing RESET. */
564 if (!pCtl->fReset)
565 {
566 s->uATARegStatus &= ~stat;
567 Log2(("%s: LUN#%d status %#04x\n", __FUNCTION__, s->iLUN, s->uATARegStatus));
568 }
569}
570
571#ifdef IN_RING3
572
573typedef void (*PBeginTransferFunc)(ATADevState *);
574typedef bool (*PSourceSinkFunc)(ATADevState *);
575
576static void ataReadWriteSectorsBT(ATADevState *);
577static void ataPacketBT(ATADevState *);
578static void atapiCmdBT(ATADevState *);
579static void atapiPassthroughCmdBT(ATADevState *);
580
581static bool ataIdentifySS(ATADevState *);
582static bool ataFlushSS(ATADevState *);
583static bool ataReadSectorsSS(ATADevState *);
584static bool ataWriteSectorsSS(ATADevState *);
585static bool ataExecuteDeviceDiagnosticSS(ATADevState *);
586static bool ataTrimSS(ATADevState *);
587static bool ataPacketSS(ATADevState *);
588static bool atapiGetConfigurationSS(ATADevState *);
589static bool atapiGetEventStatusNotificationSS(ATADevState *);
590static bool atapiIdentifySS(ATADevState *);
591static bool atapiInquirySS(ATADevState *);
592static bool atapiMechanismStatusSS(ATADevState *);
593static bool atapiModeSenseErrorRecoverySS(ATADevState *);
594static bool atapiModeSenseCDStatusSS(ATADevState *);
595static bool atapiReadSS(ATADevState *);
596static bool atapiReadCapacitySS(ATADevState *);
597static bool atapiReadDiscInformationSS(ATADevState *);
598static bool atapiReadTOCNormalSS(ATADevState *);
599static bool atapiReadTOCMultiSS(ATADevState *);
600static bool atapiReadTOCRawSS(ATADevState *);
601static bool atapiReadTrackInformationSS(ATADevState *);
602static bool atapiRequestSenseSS(ATADevState *);
603static bool atapiPassthroughSS(ATADevState *);
604static bool atapiReadDVDStructureSS(ATADevState *);
605
606/**
607 * Begin of transfer function indexes for g_apfnBeginTransFuncs.
608 */
609typedef enum ATAFNBT
610{
611 ATAFN_BT_NULL = 0,
612 ATAFN_BT_READ_WRITE_SECTORS,
613 ATAFN_BT_PACKET,
614 ATAFN_BT_ATAPI_CMD,
615 ATAFN_BT_ATAPI_PASSTHROUGH_CMD,
616 ATAFN_BT_MAX
617} ATAFNBT;
618
619/**
620 * Array of end transfer functions, the index is ATAFNET.
621 * Make sure ATAFNET and this array match!
622 */
623static const PBeginTransferFunc g_apfnBeginTransFuncs[ATAFN_BT_MAX] =
624{
625 NULL,
626 ataReadWriteSectorsBT,
627 ataPacketBT,
628 atapiCmdBT,
629 atapiPassthroughCmdBT,
630};
631
632/**
633 * Source/sink function indexes for g_apfnSourceSinkFuncs.
634 */
635typedef enum ATAFNSS
636{
637 ATAFN_SS_NULL = 0,
638 ATAFN_SS_IDENTIFY,
639 ATAFN_SS_FLUSH,
640 ATAFN_SS_READ_SECTORS,
641 ATAFN_SS_WRITE_SECTORS,
642 ATAFN_SS_EXECUTE_DEVICE_DIAGNOSTIC,
643 ATAFN_SS_TRIM,
644 ATAFN_SS_PACKET,
645 ATAFN_SS_ATAPI_GET_CONFIGURATION,
646 ATAFN_SS_ATAPI_GET_EVENT_STATUS_NOTIFICATION,
647 ATAFN_SS_ATAPI_IDENTIFY,
648 ATAFN_SS_ATAPI_INQUIRY,
649 ATAFN_SS_ATAPI_MECHANISM_STATUS,
650 ATAFN_SS_ATAPI_MODE_SENSE_ERROR_RECOVERY,
651 ATAFN_SS_ATAPI_MODE_SENSE_CD_STATUS,
652 ATAFN_SS_ATAPI_READ,
653 ATAFN_SS_ATAPI_READ_CAPACITY,
654 ATAFN_SS_ATAPI_READ_DISC_INFORMATION,
655 ATAFN_SS_ATAPI_READ_TOC_NORMAL,
656 ATAFN_SS_ATAPI_READ_TOC_MULTI,
657 ATAFN_SS_ATAPI_READ_TOC_RAW,
658 ATAFN_SS_ATAPI_READ_TRACK_INFORMATION,
659 ATAFN_SS_ATAPI_REQUEST_SENSE,
660 ATAFN_SS_ATAPI_PASSTHROUGH,
661 ATAFN_SS_ATAPI_READ_DVD_STRUCTURE,
662 ATAFN_SS_MAX
663} ATAFNSS;
664
665/**
666 * Array of source/sink functions, the index is ATAFNSS.
667 * Make sure ATAFNSS and this array match!
668 */
669static const PSourceSinkFunc g_apfnSourceSinkFuncs[ATAFN_SS_MAX] =
670{
671 NULL,
672 ataIdentifySS,
673 ataFlushSS,
674 ataReadSectorsSS,
675 ataWriteSectorsSS,
676 ataExecuteDeviceDiagnosticSS,
677 ataTrimSS,
678 ataPacketSS,
679 atapiGetConfigurationSS,
680 atapiGetEventStatusNotificationSS,
681 atapiIdentifySS,
682 atapiInquirySS,
683 atapiMechanismStatusSS,
684 atapiModeSenseErrorRecoverySS,
685 atapiModeSenseCDStatusSS,
686 atapiReadSS,
687 atapiReadCapacitySS,
688 atapiReadDiscInformationSS,
689 atapiReadTOCNormalSS,
690 atapiReadTOCMultiSS,
691 atapiReadTOCRawSS,
692 atapiReadTrackInformationSS,
693 atapiRequestSenseSS,
694 atapiPassthroughSS,
695 atapiReadDVDStructureSS
696};
697
698
699static const ATARequest g_ataDMARequest = { ATA_AIO_DMA, { { 0, 0, 0, 0, 0 } } };
700static const ATARequest g_ataPIORequest = { ATA_AIO_PIO, { { 0, 0, 0, 0, 0 } } };
701static const ATARequest g_ataResetARequest = { ATA_AIO_RESET_ASSERTED, { { 0, 0, 0, 0, 0 } } };
702static const ATARequest g_ataResetCRequest = { ATA_AIO_RESET_CLEARED, { { 0, 0, 0, 0, 0 } } };
703
704static void ataAsyncIOClearRequests(PATACONTROLLER pCtl)
705{
706 int rc;
707
708 rc = RTSemMutexRequest(pCtl->AsyncIORequestMutex, RT_INDEFINITE_WAIT);
709 AssertRC(rc);
710 pCtl->AsyncIOReqHead = 0;
711 pCtl->AsyncIOReqTail = 0;
712 rc = RTSemMutexRelease(pCtl->AsyncIORequestMutex);
713 AssertRC(rc);
714}
715
716
717static void ataAsyncIOPutRequest(PATACONTROLLER pCtl, const ATARequest *pReq)
718{
719 int rc;
720
721 rc = RTSemMutexRequest(pCtl->AsyncIORequestMutex, RT_INDEFINITE_WAIT);
722 AssertRC(rc);
723 Assert((pCtl->AsyncIOReqHead + 1) % RT_ELEMENTS(pCtl->aAsyncIORequests) != pCtl->AsyncIOReqTail);
724 memcpy(&pCtl->aAsyncIORequests[pCtl->AsyncIOReqHead], pReq, sizeof(*pReq));
725 pCtl->AsyncIOReqHead++;
726 pCtl->AsyncIOReqHead %= RT_ELEMENTS(pCtl->aAsyncIORequests);
727 rc = RTSemMutexRelease(pCtl->AsyncIORequestMutex);
728 AssertRC(rc);
729 rc = PDMR3CritSectScheduleExitEvent(&pCtl->lock, pCtl->AsyncIOSem);
730 if (RT_FAILURE(rc))
731 {
732 rc = RTSemEventSignal(pCtl->AsyncIOSem);
733 AssertRC(rc);
734 }
735}
736
737
738static const ATARequest *ataAsyncIOGetCurrentRequest(PATACONTROLLER pCtl)
739{
740 int rc;
741 const ATARequest *pReq;
742
743 rc = RTSemMutexRequest(pCtl->AsyncIORequestMutex, RT_INDEFINITE_WAIT);
744 AssertRC(rc);
745 if (pCtl->AsyncIOReqHead != pCtl->AsyncIOReqTail)
746 pReq = &pCtl->aAsyncIORequests[pCtl->AsyncIOReqTail];
747 else
748 pReq = NULL;
749 rc = RTSemMutexRelease(pCtl->AsyncIORequestMutex);
750 AssertRC(rc);
751 return pReq;
752}
753
754
755/**
756 * Remove the request with the given type, as it's finished. The request
757 * is not removed blindly, as this could mean a RESET request that is not
758 * yet processed (but has cleared the request queue) is lost.
759 *
760 * @param pCtl Controller for which to remove the request.
761 * @param ReqType Type of the request to remove.
762 */
763static void ataAsyncIORemoveCurrentRequest(PATACONTROLLER pCtl, ATAAIO ReqType)
764{
765 int rc;
766
767 rc = RTSemMutexRequest(pCtl->AsyncIORequestMutex, RT_INDEFINITE_WAIT);
768 AssertRC(rc);
769 if (pCtl->AsyncIOReqHead != pCtl->AsyncIOReqTail && pCtl->aAsyncIORequests[pCtl->AsyncIOReqTail].ReqType == ReqType)
770 {
771 pCtl->AsyncIOReqTail++;
772 pCtl->AsyncIOReqTail %= RT_ELEMENTS(pCtl->aAsyncIORequests);
773 }
774 rc = RTSemMutexRelease(pCtl->AsyncIORequestMutex);
775 AssertRC(rc);
776}
777
778
779/**
780 * Dump the request queue for a particular controller. First dump the queue
781 * contents, then the already processed entries, as long as they haven't been
782 * overwritten.
783 *
784 * @param pCtl Controller for which to dump the queue.
785 */
786static void ataAsyncIODumpRequests(PATACONTROLLER pCtl)
787{
788 int rc;
789 uint8_t curr;
790
791 rc = RTSemMutexRequest(pCtl->AsyncIORequestMutex, RT_INDEFINITE_WAIT);
792 AssertRC(rc);
793 LogRel(("PIIX3 ATA: Ctl#%d: request queue dump (topmost is current):\n", ATACONTROLLER_IDX(pCtl)));
794 curr = pCtl->AsyncIOReqTail;
795 do
796 {
797 if (curr == pCtl->AsyncIOReqHead)
798 LogRel(("PIIX3 ATA: Ctl#%d: processed requests (topmost is oldest):\n", ATACONTROLLER_IDX(pCtl)));
799 switch (pCtl->aAsyncIORequests[curr].ReqType)
800 {
801 case ATA_AIO_NEW:
802 LogRel(("new transfer request, iIf=%d iBeginTransfer=%d iSourceSink=%d cbTotalTransfer=%d uTxDir=%d\n", pCtl->aAsyncIORequests[curr].u.t.iIf, pCtl->aAsyncIORequests[curr].u.t.iBeginTransfer, pCtl->aAsyncIORequests[curr].u.t.iSourceSink, pCtl->aAsyncIORequests[curr].u.t.cbTotalTransfer, pCtl->aAsyncIORequests[curr].u.t.uTxDir));
803 break;
804 case ATA_AIO_DMA:
805 LogRel(("dma transfer continuation\n"));
806 break;
807 case ATA_AIO_PIO:
808 LogRel(("pio transfer continuation\n"));
809 break;
810 case ATA_AIO_RESET_ASSERTED:
811 LogRel(("reset asserted request\n"));
812 break;
813 case ATA_AIO_RESET_CLEARED:
814 LogRel(("reset cleared request\n"));
815 break;
816 case ATA_AIO_ABORT:
817 LogRel(("abort request, iIf=%d fResetDrive=%d\n", pCtl->aAsyncIORequests[curr].u.a.iIf, pCtl->aAsyncIORequests[curr].u.a.fResetDrive));
818 break;
819 default:
820 LogRel(("unknown request %d\n", pCtl->aAsyncIORequests[curr].ReqType));
821 }
822 curr = (curr + 1) % RT_ELEMENTS(pCtl->aAsyncIORequests);
823 } while (curr != pCtl->AsyncIOReqTail);
824 rc = RTSemMutexRelease(pCtl->AsyncIORequestMutex);
825 AssertRC(rc);
826}
827
828
829/**
830 * Checks whether the request queue for a particular controller is empty
831 * or whether a particular controller is idle.
832 *
833 * @param pCtl Controller for which to check the queue.
834 * @param fStrict If set then the controller is checked to be idle.
835 */
836static bool ataAsyncIOIsIdle(PATACONTROLLER pCtl, bool fStrict)
837{
838 int rc;
839 bool fIdle;
840
841 rc = RTSemMutexRequest(pCtl->AsyncIORequestMutex, RT_INDEFINITE_WAIT);
842 AssertRC(rc);
843 fIdle = pCtl->fRedoIdle;
844 if (!fIdle)
845 fIdle = (pCtl->AsyncIOReqHead == pCtl->AsyncIOReqTail);
846 if (fStrict)
847 fIdle &= (pCtl->uAsyncIOState == ATA_AIO_NEW);
848 rc = RTSemMutexRelease(pCtl->AsyncIORequestMutex);
849 AssertRC(rc);
850 return fIdle;
851}
852
853
854/**
855 * Send a transfer request to the async I/O thread.
856 *
857 * @param s Pointer to the ATA device state data.
858 * @param cbTotalTransfer Data transfer size.
859 * @param uTxDir Data transfer direction.
860 * @param iBeginTransfer Index of BeginTransfer callback.
861 * @param iSourceSink Index of SourceSink callback.
862 * @param fChainedTransfer Whether this is a transfer that is part of the previous command/transfer.
863 */
864static void ataStartTransfer(ATADevState *s, uint32_t cbTotalTransfer, uint8_t uTxDir, ATAFNBT iBeginTransfer, ATAFNSS iSourceSink, bool fChainedTransfer)
865{
866 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
867 ATARequest Req;
868
869 Assert(PDMCritSectIsOwner(&pCtl->lock));
870
871 /* Do not issue new requests while the RESET line is asserted. */
872 if (pCtl->fReset)
873 {
874 Log2(("%s: Ctl#%d: suppressed new request as RESET is active\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
875 return;
876 }
877
878 /* If the controller is already doing something else right now, ignore
879 * the command that is being submitted. Some broken guests issue commands
880 * twice (e.g. the Linux kernel that comes with Acronis True Image 8). */
881 if (!fChainedTransfer && !ataAsyncIOIsIdle(pCtl, true /*fStrict*/))
882 {
883 Log(("%s: Ctl#%d: ignored command %#04x, controller state %d\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl), s->uATARegCommand, pCtl->uAsyncIOState));
884 LogRel(("PIIX3 IDE: guest issued command %#04x while controller busy\n", s->uATARegCommand));
885 return;
886 }
887
888 Req.ReqType = ATA_AIO_NEW;
889 if (fChainedTransfer)
890 Req.u.t.iIf = pCtl->iAIOIf;
891 else
892 Req.u.t.iIf = pCtl->iSelectedIf;
893 Req.u.t.cbTotalTransfer = cbTotalTransfer;
894 Req.u.t.uTxDir = uTxDir;
895 Req.u.t.iBeginTransfer = iBeginTransfer;
896 Req.u.t.iSourceSink = iSourceSink;
897 ataSetStatusValue(s, ATA_STAT_BUSY);
898 pCtl->fChainedTransfer = fChainedTransfer;
899
900 /*
901 * Kick the worker thread into action.
902 */
903 Log2(("%s: Ctl#%d: message to async I/O thread, new request\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
904 ataAsyncIOPutRequest(pCtl, &Req);
905}
906
907
908/**
909 * Send an abort command request to the async I/O thread.
910 *
911 * @param s Pointer to the ATA device state data.
912 * @param fResetDrive Whether to reset the drive or just abort a command.
913 */
914static void ataAbortCurrentCommand(ATADevState *s, bool fResetDrive)
915{
916 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
917 ATARequest Req;
918
919 Assert(PDMCritSectIsOwner(&pCtl->lock));
920
921 /* Do not issue new requests while the RESET line is asserted. */
922 if (pCtl->fReset)
923 {
924 Log2(("%s: Ctl#%d: suppressed aborting command as RESET is active\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
925 return;
926 }
927
928 Req.ReqType = ATA_AIO_ABORT;
929 Req.u.a.iIf = pCtl->iSelectedIf;
930 Req.u.a.fResetDrive = fResetDrive;
931 ataSetStatus(s, ATA_STAT_BUSY);
932 Log2(("%s: Ctl#%d: message to async I/O thread, abort command on LUN#%d\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl), s->iLUN));
933 ataAsyncIOPutRequest(pCtl, &Req);
934}
935
936
937static void ataSetIRQ(ATADevState *s)
938{
939 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
940 PPDMDEVINS pDevIns = ATADEVSTATE_2_DEVINS(s);
941
942 if (!(s->uATARegDevCtl & ATA_DEVCTL_DISABLE_IRQ))
943 {
944 Log2(("%s: LUN#%d asserting IRQ\n", __FUNCTION__, s->iLUN));
945 /* The BMDMA unit unconditionally sets BM_STATUS_INT if the interrupt
946 * line is asserted. It monitors the line for a rising edge. */
947 if (!s->fIrqPending)
948 pCtl->BmDma.u8Status |= BM_STATUS_INT;
949 /* Only actually set the IRQ line if updating the currently selected drive. */
950 if (s == &pCtl->aIfs[pCtl->iSelectedIf])
951 {
952 /** @todo experiment with adaptive IRQ delivery: for reads it is
953 * better to wait for IRQ delivery, as it reduces latency. */
954 if (pCtl->irq == 16)
955 PDMDevHlpPCISetIrq(pDevIns, 0, 1);
956 else
957 PDMDevHlpISASetIrq(pDevIns, pCtl->irq, 1);
958 }
959 }
960 s->fIrqPending = true;
961}
962
963#endif /* IN_RING3 */
964
965static void ataUnsetIRQ(ATADevState *s)
966{
967 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
968 PPDMDEVINS pDevIns = ATADEVSTATE_2_DEVINS(s);
969
970 if (!(s->uATARegDevCtl & ATA_DEVCTL_DISABLE_IRQ))
971 {
972 Log2(("%s: LUN#%d deasserting IRQ\n", __FUNCTION__, s->iLUN));
973 /* Only actually unset the IRQ line if updating the currently selected drive. */
974 if (s == &pCtl->aIfs[pCtl->iSelectedIf])
975 {
976 if (pCtl->irq == 16)
977 PDMDevHlpPCISetIrq(pDevIns, 0, 0);
978 else
979 PDMDevHlpISASetIrq(pDevIns, pCtl->irq, 0);
980 }
981 }
982 s->fIrqPending = false;
983}
984
985#ifdef IN_RING3
986
987static void ataPIOTransferStart(ATADevState *s, uint32_t start, uint32_t size)
988{
989 Log2(("%s: LUN#%d start %d size %d\n", __FUNCTION__, s->iLUN, start, size));
990 s->iIOBufferPIODataStart = start;
991 s->iIOBufferPIODataEnd = start + size;
992 ataSetStatus(s, ATA_STAT_DRQ | ATA_STAT_SEEK);
993 ataUnsetStatus(s, ATA_STAT_BUSY);
994}
995
996
997static void ataPIOTransferStop(ATADevState *s)
998{
999 Log2(("%s: LUN#%d\n", __FUNCTION__, s->iLUN));
1000 if (s->fATAPITransfer)
1001 {
1002 s->uATARegNSector = (s->uATARegNSector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
1003 Log2(("%s: interrupt reason %#04x\n", __FUNCTION__, s->uATARegNSector));
1004 ataSetIRQ(s);
1005 s->fATAPITransfer = false;
1006 }
1007 s->cbTotalTransfer = 0;
1008 s->cbElementaryTransfer = 0;
1009 s->iIOBufferPIODataStart = 0;
1010 s->iIOBufferPIODataEnd = 0;
1011 s->iBeginTransfer = ATAFN_BT_NULL;
1012 s->iSourceSink = ATAFN_SS_NULL;
1013}
1014
1015
1016static void ataPIOTransferLimitATAPI(ATADevState *s)
1017{
1018 uint32_t cbLimit, cbTransfer;
1019
1020 cbLimit = s->cbPIOTransferLimit;
1021 /* Use maximum transfer size if the guest requested 0. Avoids a hang. */
1022 if (cbLimit == 0)
1023 cbLimit = 0xfffe;
1024 Log2(("%s: byte count limit=%d\n", __FUNCTION__, cbLimit));
1025 if (cbLimit == 0xffff)
1026 cbLimit--;
1027 cbTransfer = RT_MIN(s->cbTotalTransfer, s->iIOBufferEnd - s->iIOBufferCur);
1028 if (cbTransfer > cbLimit)
1029 {
1030 /* Byte count limit for clipping must be even in this case */
1031 if (cbLimit & 1)
1032 cbLimit--;
1033 cbTransfer = cbLimit;
1034 }
1035 s->uATARegLCyl = cbTransfer;
1036 s->uATARegHCyl = cbTransfer >> 8;
1037 s->cbElementaryTransfer = cbTransfer;
1038}
1039
1040
1041static uint32_t ataGetNSectors(ATADevState *s)
1042{
1043 /* 0 means either 256 (LBA28) or 65536 (LBA48) sectors. */
1044 if (s->fLBA48)
1045 {
1046 if (!s->uATARegNSector && !s->uATARegNSectorHOB)
1047 return 65536;
1048 else
1049 return s->uATARegNSectorHOB << 8 | s->uATARegNSector;
1050 }
1051 else
1052 {
1053 if (!s->uATARegNSector)
1054 return 256;
1055 else
1056 return s->uATARegNSector;
1057 }
1058}
1059
1060
1061static void ataPadString(uint8_t *pbDst, const char *pbSrc, uint32_t cbSize)
1062{
1063 for (uint32_t i = 0; i < cbSize; i++)
1064 {
1065 if (*pbSrc)
1066 pbDst[i ^ 1] = *pbSrc++;
1067 else
1068 pbDst[i ^ 1] = ' ';
1069 }
1070}
1071
1072
1073static void ataSCSIPadStr(uint8_t *pbDst, const char *pbSrc, uint32_t cbSize)
1074{
1075 for (uint32_t i = 0; i < cbSize; i++)
1076 {
1077 if (*pbSrc)
1078 pbDst[i] = *pbSrc++;
1079 else
1080 pbDst[i] = ' ';
1081 }
1082}
1083
1084
1085DECLINLINE(void) ataH2BE_U16(uint8_t *pbBuf, uint16_t val)
1086{
1087 pbBuf[0] = val >> 8;
1088 pbBuf[1] = val;
1089}
1090
1091
1092DECLINLINE(void) ataH2BE_U24(uint8_t *pbBuf, uint32_t val)
1093{
1094 pbBuf[0] = val >> 16;
1095 pbBuf[1] = val >> 8;
1096 pbBuf[2] = val;
1097}
1098
1099
1100DECLINLINE(void) ataH2BE_U32(uint8_t *pbBuf, uint32_t val)
1101{
1102 pbBuf[0] = val >> 24;
1103 pbBuf[1] = val >> 16;
1104 pbBuf[2] = val >> 8;
1105 pbBuf[3] = val;
1106}
1107
1108
1109DECLINLINE(uint16_t) ataBE2H_U16(const uint8_t *pbBuf)
1110{
1111 return (pbBuf[0] << 8) | pbBuf[1];
1112}
1113
1114
1115DECLINLINE(uint32_t) ataBE2H_U24(const uint8_t *pbBuf)
1116{
1117 return (pbBuf[0] << 16) | (pbBuf[1] << 8) | pbBuf[2];
1118}
1119
1120
1121DECLINLINE(uint32_t) ataBE2H_U32(const uint8_t *pbBuf)
1122{
1123 return (pbBuf[0] << 24) | (pbBuf[1] << 16) | (pbBuf[2] << 8) | pbBuf[3];
1124}
1125
1126
1127DECLINLINE(void) ataLBA2MSF(uint8_t *pbBuf, uint32_t iATAPILBA)
1128{
1129 iATAPILBA += 150;
1130 pbBuf[0] = (iATAPILBA / 75) / 60;
1131 pbBuf[1] = (iATAPILBA / 75) % 60;
1132 pbBuf[2] = iATAPILBA % 75;
1133}
1134
1135
1136DECLINLINE(uint32_t) ataMSF2LBA(const uint8_t *pbBuf)
1137{
1138 return (pbBuf[0] * 60 + pbBuf[1]) * 75 + pbBuf[2];
1139}
1140
1141/**
1142 * Compares two MSF values.
1143 *
1144 * @returns 1 if the first value is greater than the second value.
1145 * 0 if both are equal
1146 * -1 if the first value is smaller than the second value.
1147 */
1148DECLINLINE(int) atapiCmpMSF(const uint8_t *pbMSF1, const uint8_t *pbMSF2)
1149{
1150 int iRes = 0;
1151
1152 for (unsigned i = 0; i < 3; i++)
1153 {
1154 if (pbMSF1[i] < pbMSF2[i])
1155 {
1156 iRes = -1;
1157 break;
1158 }
1159 else if (pbMSF1[i] > pbMSF2[i])
1160 {
1161 iRes = 1;
1162 break;
1163 }
1164 }
1165
1166 return iRes;
1167}
1168
1169static void ataCmdOK(ATADevState *s, uint8_t status)
1170{
1171 s->uATARegError = 0; /* Not needed by ATA spec, but cannot hurt. */
1172 ataSetStatusValue(s, ATA_STAT_READY | status);
1173}
1174
1175
1176static void ataCmdError(ATADevState *s, uint8_t uErrorCode)
1177{
1178 Log(("%s: code=%#x\n", __FUNCTION__, uErrorCode));
1179 Assert(uErrorCode);
1180 s->uATARegError = uErrorCode;
1181 ataSetStatusValue(s, ATA_STAT_READY | ATA_STAT_ERR);
1182 s->cbTotalTransfer = 0;
1183 s->cbElementaryTransfer = 0;
1184 s->iIOBufferCur = 0;
1185 s->iIOBufferEnd = 0;
1186 s->uTxDir = PDMBLOCKTXDIR_NONE;
1187 s->iBeginTransfer = ATAFN_BT_NULL;
1188 s->iSourceSink = ATAFN_SS_NULL;
1189}
1190
1191static uint32_t ataChecksum(void* ptr, size_t count)
1192{
1193 uint8_t u8Sum = 0xa5, *p = (uint8_t*)ptr;
1194 size_t i;
1195
1196 for (i = 0; i < count; i++)
1197 {
1198 u8Sum += *p++;
1199 }
1200
1201 return (uint8_t)-(int32_t)u8Sum;
1202}
1203
1204static bool ataIdentifySS(ATADevState *s)
1205{
1206 uint16_t *p;
1207
1208 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
1209 Assert(s->cbElementaryTransfer == 512);
1210
1211 p = (uint16_t *)s->CTX_SUFF(pbIOBuffer);
1212 memset(p, 0, 512);
1213 p[0] = RT_H2LE_U16(0x0040);
1214 p[1] = RT_H2LE_U16(RT_MIN(s->PCHSGeometry.cCylinders, 16383));
1215 p[3] = RT_H2LE_U16(s->PCHSGeometry.cHeads);
1216 /* Block size; obsolete, but required for the BIOS. */
1217 p[5] = RT_H2LE_U16(s->cbSector);
1218 p[6] = RT_H2LE_U16(s->PCHSGeometry.cSectors);
1219 ataPadString((uint8_t *)(p + 10), s->szSerialNumber, ATA_SERIAL_NUMBER_LENGTH); /* serial number */
1220 p[20] = RT_H2LE_U16(3); /* XXX: retired, cache type */
1221 p[21] = RT_H2LE_U16(512); /* XXX: retired, cache size in sectors */
1222 p[22] = RT_H2LE_U16(0); /* ECC bytes per sector */
1223 ataPadString((uint8_t *)(p + 23), s->szFirmwareRevision, ATA_FIRMWARE_REVISION_LENGTH); /* firmware version */
1224 ataPadString((uint8_t *)(p + 27), s->szModelNumber, ATA_MODEL_NUMBER_LENGTH); /* model */
1225#if ATA_MAX_MULT_SECTORS > 1
1226 p[47] = RT_H2LE_U16(0x8000 | ATA_MAX_MULT_SECTORS);
1227#endif
1228 p[48] = RT_H2LE_U16(1); /* dword I/O, used by the BIOS */
1229 p[49] = RT_H2LE_U16(1 << 11 | 1 << 9 | 1 << 8); /* DMA and LBA supported */
1230 p[50] = RT_H2LE_U16(1 << 14); /* No drive specific standby timer minimum */
1231 p[51] = RT_H2LE_U16(240); /* PIO transfer cycle */
1232 p[52] = RT_H2LE_U16(240); /* DMA transfer cycle */
1233 p[53] = RT_H2LE_U16(1 | 1 << 1 | 1 << 2); /* words 54-58,64-70,88 valid */
1234 p[54] = RT_H2LE_U16(RT_MIN(s->PCHSGeometry.cCylinders, 16383));
1235 p[55] = RT_H2LE_U16(s->PCHSGeometry.cHeads);
1236 p[56] = RT_H2LE_U16(s->PCHSGeometry.cSectors);
1237 p[57] = RT_H2LE_U16( RT_MIN(s->PCHSGeometry.cCylinders, 16383)
1238 * s->PCHSGeometry.cHeads
1239 * s->PCHSGeometry.cSectors);
1240 p[58] = RT_H2LE_U16( RT_MIN(s->PCHSGeometry.cCylinders, 16383)
1241 * s->PCHSGeometry.cHeads
1242 * s->PCHSGeometry.cSectors >> 16);
1243 if (s->cMultSectors)
1244 p[59] = RT_H2LE_U16(0x100 | s->cMultSectors);
1245 if (s->cTotalSectors <= (1 << 28) - 1)
1246 {
1247 p[60] = RT_H2LE_U16(s->cTotalSectors);
1248 p[61] = RT_H2LE_U16(s->cTotalSectors >> 16);
1249 }
1250 else
1251 {
1252 /* Report maximum number of sectors possible with LBA28 */
1253 p[60] = RT_H2LE_U16(((1 << 28) - 1) & 0xffff);
1254 p[61] = RT_H2LE_U16(((1 << 28) - 1) >> 16);
1255 }
1256 p[63] = RT_H2LE_U16(ATA_TRANSFER_ID(ATA_MODE_MDMA, ATA_MDMA_MODE_MAX, s->uATATransferMode)); /* MDMA modes supported / mode enabled */
1257 p[64] = RT_H2LE_U16(ATA_PIO_MODE_MAX > 2 ? (1 << (ATA_PIO_MODE_MAX - 2)) - 1 : 0); /* PIO modes beyond PIO2 supported */
1258 p[65] = RT_H2LE_U16(120); /* minimum DMA multiword tx cycle time */
1259 p[66] = RT_H2LE_U16(120); /* recommended DMA multiword tx cycle time */
1260 p[67] = RT_H2LE_U16(120); /* minimum PIO cycle time without flow control */
1261 p[68] = RT_H2LE_U16(120); /* minimum PIO cycle time with IORDY flow control */
1262 if ( s->pDrvBlock->pfnDiscard
1263 || s->cbSector != 512
1264 || s->fNonRotational)
1265 {
1266 p[80] = RT_H2LE_U16(0x1f0); /* support everything up to ATA/ATAPI-8 ACS */
1267 p[81] = RT_H2LE_U16(0x28); /* conforms to ATA/ATAPI-8 ACS */
1268 }
1269 else
1270 {
1271 p[80] = RT_H2LE_U16(0x7e); /* support everything up to ATA/ATAPI-6 */
1272 p[81] = RT_H2LE_U16(0x22); /* conforms to ATA/ATAPI-6 */
1273 }
1274 p[82] = RT_H2LE_U16(1 << 3 | 1 << 5 | 1 << 6); /* supports power management, write cache and look-ahead */
1275 if (s->cTotalSectors <= (1 << 28) - 1)
1276 p[83] = RT_H2LE_U16(1 << 14 | 1 << 12); /* supports FLUSH CACHE */
1277 else
1278 p[83] = RT_H2LE_U16(1 << 14 | 1 << 10 | 1 << 12 | 1 << 13); /* supports LBA48, FLUSH CACHE and FLUSH CACHE EXT */
1279 p[84] = RT_H2LE_U16(1 << 14);
1280 p[85] = RT_H2LE_U16(1 << 3 | 1 << 5 | 1 << 6); /* enabled power management, write cache and look-ahead */
1281 if (s->cTotalSectors <= (1 << 28) - 1)
1282 p[86] = RT_H2LE_U16(1 << 12); /* enabled FLUSH CACHE */
1283 else
1284 p[86] = RT_H2LE_U16(1 << 10 | 1 << 12 | 1 << 13); /* enabled LBA48, FLUSH CACHE and FLUSH CACHE EXT */
1285 p[87] = RT_H2LE_U16(1 << 14);
1286 p[88] = RT_H2LE_U16(ATA_TRANSFER_ID(ATA_MODE_UDMA, ATA_UDMA_MODE_MAX, s->uATATransferMode)); /* UDMA modes supported / mode enabled */
1287 p[93] = RT_H2LE_U16((1 | 1 << 1) << ((s->iLUN & 1) == 0 ? 0 : 8) | 1 << 13 | 1 << 14);
1288 if (s->cTotalSectors > (1 << 28) - 1)
1289 {
1290 p[100] = RT_H2LE_U16(s->cTotalSectors);
1291 p[101] = RT_H2LE_U16(s->cTotalSectors >> 16);
1292 p[102] = RT_H2LE_U16(s->cTotalSectors >> 32);
1293 p[103] = RT_H2LE_U16(s->cTotalSectors >> 48);
1294 }
1295
1296 if (s->cbSector != 512)
1297 {
1298 uint32_t cSectorSizeInWords = s->cbSector / sizeof(uint16_t);
1299 /* Enable reporting of logical sector size. */
1300 p[106] |= RT_H2LE_U16(RT_BIT(12) | RT_BIT(14));
1301 p[117] = RT_H2LE_U16(cSectorSizeInWords);
1302 p[118] = RT_H2LE_U16(cSectorSizeInWords >> 16);
1303 }
1304
1305 if (s->pDrvBlock->pfnDiscard) /** @todo: Set bit 14 in word 69 too? (Deterministic read after TRIM). */
1306 p[169] = RT_H2LE_U16(1); /* DATA SET MANAGEMENT command supported. */
1307 if (s->fNonRotational)
1308 p[217] = RT_H2LE_U16(1); /* Non-rotational medium */
1309 uint32_t uCsum = ataChecksum(p, 510);
1310 p[255] = RT_H2LE_U16(0xa5 | (uCsum << 8)); /* Integrity word */
1311 s->iSourceSink = ATAFN_SS_NULL;
1312 ataCmdOK(s, ATA_STAT_SEEK);
1313 return false;
1314}
1315
1316
1317static bool ataFlushSS(ATADevState *s)
1318{
1319 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
1320 int rc;
1321
1322 Assert(s->uTxDir == PDMBLOCKTXDIR_NONE);
1323 Assert(!s->cbElementaryTransfer);
1324
1325 PDMCritSectLeave(&pCtl->lock);
1326
1327 STAM_PROFILE_START(&s->StatFlushes, f);
1328 rc = s->pDrvBlock->pfnFlush(s->pDrvBlock);
1329 AssertRC(rc);
1330 STAM_PROFILE_STOP(&s->StatFlushes, f);
1331
1332 STAM_PROFILE_START(&pCtl->StatLockWait, a);
1333 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
1334 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
1335 ataCmdOK(s, 0);
1336 return false;
1337}
1338
1339static bool atapiIdentifySS(ATADevState *s)
1340{
1341 uint16_t *p;
1342
1343 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
1344 Assert(s->cbElementaryTransfer == 512);
1345
1346 p = (uint16_t *)s->CTX_SUFF(pbIOBuffer);
1347 memset(p, 0, 512);
1348 /* Removable CDROM, 3ms response, 12 byte packets */
1349 p[0] = RT_H2LE_U16(2 << 14 | 5 << 8 | 1 << 7 | 0 << 5 | 0 << 0);
1350 ataPadString((uint8_t *)(p + 10), s->szSerialNumber, ATA_SERIAL_NUMBER_LENGTH); /* serial number */
1351 p[20] = RT_H2LE_U16(3); /* XXX: retired, cache type */
1352 p[21] = RT_H2LE_U16(512); /* XXX: retired, cache size in sectors */
1353 ataPadString((uint8_t *)(p + 23), s->szFirmwareRevision, ATA_FIRMWARE_REVISION_LENGTH); /* firmware version */
1354 ataPadString((uint8_t *)(p + 27), s->szModelNumber, ATA_MODEL_NUMBER_LENGTH); /* model */
1355 p[49] = RT_H2LE_U16(1 << 11 | 1 << 9 | 1 << 8); /* DMA and LBA supported */
1356 p[50] = RT_H2LE_U16(1 << 14); /* No drive specific standby timer minimum */
1357 p[51] = RT_H2LE_U16(240); /* PIO transfer cycle */
1358 p[52] = RT_H2LE_U16(240); /* DMA transfer cycle */
1359 p[53] = RT_H2LE_U16(1 << 1 | 1 << 2); /* words 64-70,88 are valid */
1360 p[63] = RT_H2LE_U16(ATA_TRANSFER_ID(ATA_MODE_MDMA, ATA_MDMA_MODE_MAX, s->uATATransferMode)); /* MDMA modes supported / mode enabled */
1361 p[64] = RT_H2LE_U16(ATA_PIO_MODE_MAX > 2 ? (1 << (ATA_PIO_MODE_MAX - 2)) - 1 : 0); /* PIO modes beyond PIO2 supported */
1362 p[65] = RT_H2LE_U16(120); /* minimum DMA multiword tx cycle time */
1363 p[66] = RT_H2LE_U16(120); /* recommended DMA multiword tx cycle time */
1364 p[67] = RT_H2LE_U16(120); /* minimum PIO cycle time without flow control */
1365 p[68] = RT_H2LE_U16(120); /* minimum PIO cycle time with IORDY flow control */
1366 p[73] = RT_H2LE_U16(0x003e); /* ATAPI CDROM major */
1367 p[74] = RT_H2LE_U16(9); /* ATAPI CDROM minor */
1368 p[75] = RT_H2LE_U16(1); /* queue depth 1 */
1369 p[80] = RT_H2LE_U16(0x7e); /* support everything up to ATA/ATAPI-6 */
1370 p[81] = RT_H2LE_U16(0x22); /* conforms to ATA/ATAPI-6 */
1371 p[82] = RT_H2LE_U16(1 << 4 | 1 << 9); /* supports packet command set and DEVICE RESET */
1372 p[83] = RT_H2LE_U16(1 << 14);
1373 p[84] = RT_H2LE_U16(1 << 14);
1374 p[85] = RT_H2LE_U16(1 << 4 | 1 << 9); /* enabled packet command set and DEVICE RESET */
1375 p[86] = RT_H2LE_U16(0);
1376 p[87] = RT_H2LE_U16(1 << 14);
1377 p[88] = RT_H2LE_U16(ATA_TRANSFER_ID(ATA_MODE_UDMA, ATA_UDMA_MODE_MAX, s->uATATransferMode)); /* UDMA modes supported / mode enabled */
1378 p[93] = RT_H2LE_U16((1 | 1 << 1) << ((s->iLUN & 1) == 0 ? 0 : 8) | 1 << 13 | 1 << 14);
1379 /* According to ATAPI-5 spec:
1380 *
1381 * The use of this word is optional.
1382 * If bits 7:0 of this word contain the signature A5h, bits 15:8
1383 * contain the data
1384 * structure checksum.
1385 * The data structure checksum is the twos complement of the sum of
1386 * all bytes in words 0 through 254 and the byte consisting of
1387 * bits 7:0 in word 255.
1388 * Each byte shall be added with unsigned arithmetic,
1389 * and overflow shall be ignored.
1390 * The sum of all 512 bytes is zero when the checksum is correct.
1391 */
1392 uint32_t uCsum = ataChecksum(p, 510);
1393 p[255] = RT_H2LE_U16(0xa5 | (uCsum << 8)); /* Integrity word */
1394
1395 s->iSourceSink = ATAFN_SS_NULL;
1396 ataCmdOK(s, ATA_STAT_SEEK);
1397 return false;
1398}
1399
1400
1401static void ataSetSignature(ATADevState *s)
1402{
1403 s->uATARegSelect &= 0xf0; /* clear head */
1404 /* put signature */
1405 s->uATARegNSector = 1;
1406 s->uATARegSector = 1;
1407 if (s->fATAPI)
1408 {
1409 s->uATARegLCyl = 0x14;
1410 s->uATARegHCyl = 0xeb;
1411 }
1412 else if (s->pDrvBlock)
1413 {
1414 s->uATARegLCyl = 0;
1415 s->uATARegHCyl = 0;
1416 }
1417 else
1418 {
1419 s->uATARegLCyl = 0xff;
1420 s->uATARegHCyl = 0xff;
1421 }
1422}
1423
1424
1425static uint64_t ataGetSector(ATADevState *s)
1426{
1427 uint64_t iLBA;
1428 if (s->uATARegSelect & 0x40)
1429 {
1430 /* any LBA variant */
1431 if (s->fLBA48)
1432 {
1433 /* LBA48 */
1434 iLBA = ((uint64_t)s->uATARegHCylHOB << 40) |
1435 ((uint64_t)s->uATARegLCylHOB << 32) |
1436 ((uint64_t)s->uATARegSectorHOB << 24) |
1437 ((uint64_t)s->uATARegHCyl << 16) |
1438 ((uint64_t)s->uATARegLCyl << 8) |
1439 s->uATARegSector;
1440 }
1441 else
1442 {
1443 /* LBA */
1444 iLBA = ((s->uATARegSelect & 0x0f) << 24) | (s->uATARegHCyl << 16) |
1445 (s->uATARegLCyl << 8) | s->uATARegSector;
1446 }
1447 }
1448 else
1449 {
1450 /* CHS */
1451 iLBA = ((s->uATARegHCyl << 8) | s->uATARegLCyl) * s->PCHSGeometry.cHeads * s->PCHSGeometry.cSectors +
1452 (s->uATARegSelect & 0x0f) * s->PCHSGeometry.cSectors +
1453 (s->uATARegSector - 1);
1454 }
1455 return iLBA;
1456}
1457
1458static void ataSetSector(ATADevState *s, uint64_t iLBA)
1459{
1460 uint32_t cyl, r;
1461 if (s->uATARegSelect & 0x40)
1462 {
1463 /* any LBA variant */
1464 if (s->fLBA48)
1465 {
1466 /* LBA48 */
1467 s->uATARegHCylHOB = iLBA >> 40;
1468 s->uATARegLCylHOB = iLBA >> 32;
1469 s->uATARegSectorHOB = iLBA >> 24;
1470 s->uATARegHCyl = iLBA >> 16;
1471 s->uATARegLCyl = iLBA >> 8;
1472 s->uATARegSector = iLBA;
1473 }
1474 else
1475 {
1476 /* LBA */
1477 s->uATARegSelect = (s->uATARegSelect & 0xf0) | (iLBA >> 24);
1478 s->uATARegHCyl = (iLBA >> 16);
1479 s->uATARegLCyl = (iLBA >> 8);
1480 s->uATARegSector = (iLBA);
1481 }
1482 }
1483 else
1484 {
1485 /* CHS */
1486 cyl = iLBA / (s->PCHSGeometry.cHeads * s->PCHSGeometry.cSectors);
1487 r = iLBA % (s->PCHSGeometry.cHeads * s->PCHSGeometry.cSectors);
1488 s->uATARegHCyl = cyl >> 8;
1489 s->uATARegLCyl = cyl;
1490 s->uATARegSelect = (s->uATARegSelect & 0xf0) | ((r / s->PCHSGeometry.cSectors) & 0x0f);
1491 s->uATARegSector = (r % s->PCHSGeometry.cSectors) + 1;
1492 }
1493}
1494
1495
1496static void ataWarningDiskFull(PPDMDEVINS pDevIns)
1497{
1498 int rc;
1499 LogRel(("PIIX3 ATA: Host disk full\n"));
1500 rc = PDMDevHlpVMSetRuntimeError(pDevIns, VMSETRTERR_FLAGS_SUSPEND | VMSETRTERR_FLAGS_NO_WAIT, "DevATA_DISKFULL",
1501 N_("Host system reported disk full. VM execution is suspended. You can resume after freeing some space"));
1502 AssertRC(rc);
1503}
1504
1505static void ataWarningFileTooBig(PPDMDEVINS pDevIns)
1506{
1507 int rc;
1508 LogRel(("PIIX3 ATA: File too big\n"));
1509 rc = PDMDevHlpVMSetRuntimeError(pDevIns, VMSETRTERR_FLAGS_SUSPEND | VMSETRTERR_FLAGS_NO_WAIT, "DevATA_FILETOOBIG",
1510 N_("Host system reported that the file size limit of the host file system has been exceeded. VM execution is suspended. You need to move your virtual hard disk to a filesystem which allows bigger files"));
1511 AssertRC(rc);
1512}
1513
1514static void ataWarningISCSI(PPDMDEVINS pDevIns)
1515{
1516 int rc;
1517 LogRel(("PIIX3 ATA: iSCSI target unavailable\n"));
1518 rc = PDMDevHlpVMSetRuntimeError(pDevIns, VMSETRTERR_FLAGS_SUSPEND | VMSETRTERR_FLAGS_NO_WAIT, "DevATA_ISCSIDOWN",
1519 N_("The iSCSI target has stopped responding. VM execution is suspended. You can resume when it is available again"));
1520 AssertRC(rc);
1521}
1522
1523static bool ataIsRedoSetWarning(ATADevState *s, int rc)
1524{
1525 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
1526 Assert(!PDMCritSectIsOwner(&pCtl->lock));
1527 if (rc == VERR_DISK_FULL)
1528 {
1529 pCtl->fRedoIdle = true;
1530 ataWarningDiskFull(ATADEVSTATE_2_DEVINS(s));
1531 return true;
1532 }
1533 if (rc == VERR_FILE_TOO_BIG)
1534 {
1535 pCtl->fRedoIdle = true;
1536 ataWarningFileTooBig(ATADEVSTATE_2_DEVINS(s));
1537 return true;
1538 }
1539 if (rc == VERR_BROKEN_PIPE || rc == VERR_NET_CONNECTION_REFUSED)
1540 {
1541 pCtl->fRedoIdle = true;
1542 /* iSCSI connection abort (first error) or failure to reestablish
1543 * connection (second error). Pause VM. On resume we'll retry. */
1544 ataWarningISCSI(ATADEVSTATE_2_DEVINS(s));
1545 return true;
1546 }
1547 if (rc == VERR_VD_DEK_MISSING)
1548 {
1549 /* Error message already set. */
1550 pCtl->fRedoIdle = true;
1551 return true;
1552 }
1553
1554 return false;
1555}
1556
1557
1558static int ataReadSectors(ATADevState *s, uint64_t u64Sector, void *pvBuf,
1559 uint32_t cSectors, bool *pfRedo)
1560{
1561 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
1562 int rc;
1563
1564 PDMCritSectLeave(&pCtl->lock);
1565
1566 STAM_PROFILE_ADV_START(&s->StatReads, r);
1567 s->Led.Asserted.s.fReading = s->Led.Actual.s.fReading = 1;
1568 rc = s->pDrvBlock->pfnRead(s->pDrvBlock, u64Sector * s->cbSector, pvBuf, cSectors * s->cbSector);
1569 s->Led.Actual.s.fReading = 0;
1570 STAM_PROFILE_ADV_STOP(&s->StatReads, r);
1571 Log4(("ataReadSectors: rc=%Rrc cSectors=%#x u64Sector=%llu\n%.*Rhxd\n",
1572 rc, cSectors, u64Sector, cSectors * s->cbSector, pvBuf));
1573
1574 STAM_REL_COUNTER_ADD(&s->StatBytesRead, cSectors * s->cbSector);
1575
1576 if (RT_SUCCESS(rc))
1577 *pfRedo = false;
1578 else
1579 *pfRedo = ataIsRedoSetWarning(s, rc);
1580
1581 STAM_PROFILE_START(&pCtl->StatLockWait, a);
1582 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
1583 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
1584 return rc;
1585}
1586
1587
1588static int ataWriteSectors(ATADevState *s, uint64_t u64Sector,
1589 const void *pvBuf, uint32_t cSectors, bool *pfRedo)
1590{
1591 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
1592 int rc;
1593
1594 PDMCritSectLeave(&pCtl->lock);
1595
1596 STAM_PROFILE_ADV_START(&s->StatWrites, w);
1597 s->Led.Asserted.s.fWriting = s->Led.Actual.s.fWriting = 1;
1598#ifdef VBOX_INSTRUMENT_DMA_WRITES
1599 if (s->fDMA)
1600 STAM_PROFILE_ADV_START(&s->StatInstrVDWrites, vw);
1601#endif
1602 rc = s->pDrvBlock->pfnWrite(s->pDrvBlock, u64Sector * s->cbSector, pvBuf, cSectors * s->cbSector);
1603#ifdef VBOX_INSTRUMENT_DMA_WRITES
1604 if (s->fDMA)
1605 STAM_PROFILE_ADV_STOP(&s->StatInstrVDWrites, vw);
1606#endif
1607 s->Led.Actual.s.fWriting = 0;
1608 STAM_PROFILE_ADV_STOP(&s->StatWrites, w);
1609 Log4(("ataWriteSectors: rc=%Rrc cSectors=%#x u64Sector=%llu\n%.*Rhxd\n",
1610 rc, cSectors, u64Sector, cSectors * s->cbSector, pvBuf));
1611
1612 STAM_REL_COUNTER_ADD(&s->StatBytesWritten, cSectors * s->cbSector);
1613
1614 if (RT_SUCCESS(rc))
1615 *pfRedo = false;
1616 else
1617 *pfRedo = ataIsRedoSetWarning(s, rc);
1618
1619 STAM_PROFILE_START(&pCtl->StatLockWait, a);
1620 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
1621 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
1622 return rc;
1623}
1624
1625
1626static void ataReadWriteSectorsBT(ATADevState *s)
1627{
1628 uint32_t cSectors;
1629
1630 cSectors = s->cbTotalTransfer / s->cbSector;
1631 if (cSectors > s->cSectorsPerIRQ)
1632 s->cbElementaryTransfer = s->cSectorsPerIRQ * s->cbSector;
1633 else
1634 s->cbElementaryTransfer = cSectors * s->cbSector;
1635 if (s->uTxDir == PDMBLOCKTXDIR_TO_DEVICE)
1636 ataCmdOK(s, 0);
1637}
1638
1639
1640static bool ataReadSectorsSS(ATADevState *s)
1641{
1642 int rc;
1643 uint32_t cSectors;
1644 uint64_t iLBA;
1645 bool fRedo;
1646
1647 cSectors = s->cbElementaryTransfer / s->cbSector;
1648 Assert(cSectors);
1649 iLBA = ataGetSector(s);
1650 Log(("%s: %d sectors at LBA %d\n", __FUNCTION__, cSectors, iLBA));
1651 rc = ataReadSectors(s, iLBA, s->CTX_SUFF(pbIOBuffer), cSectors, &fRedo);
1652 if (RT_SUCCESS(rc))
1653 {
1654 ataSetSector(s, iLBA + cSectors);
1655 if (s->cbElementaryTransfer == s->cbTotalTransfer)
1656 s->iSourceSink = ATAFN_SS_NULL;
1657 ataCmdOK(s, ATA_STAT_SEEK);
1658 }
1659 else
1660 {
1661 if (fRedo)
1662 return fRedo;
1663 if (s->cErrors++ < MAX_LOG_REL_ERRORS)
1664 LogRel(("PIIX3 ATA: LUN#%d: disk read error (rc=%Rrc iSector=%#RX64 cSectors=%#RX32)\n",
1665 s->iLUN, rc, iLBA, cSectors));
1666
1667 /*
1668 * Check if we got interrupted. We don't need to set status variables
1669 * because the request was aborted.
1670 */
1671 if (rc != VERR_INTERRUPTED)
1672 ataCmdError(s, ID_ERR);
1673 }
1674 return false;
1675}
1676
1677
1678static bool ataWriteSectorsSS(ATADevState *s)
1679{
1680 int rc;
1681 uint32_t cSectors;
1682 uint64_t iLBA;
1683 bool fRedo;
1684
1685 cSectors = s->cbElementaryTransfer / s->cbSector;
1686 Assert(cSectors);
1687 iLBA = ataGetSector(s);
1688 Log(("%s: %d sectors at LBA %d\n", __FUNCTION__, cSectors, iLBA));
1689 rc = ataWriteSectors(s, iLBA, s->CTX_SUFF(pbIOBuffer), cSectors, &fRedo);
1690 if (RT_SUCCESS(rc))
1691 {
1692 ataSetSector(s, iLBA + cSectors);
1693 if (!s->cbTotalTransfer)
1694 s->iSourceSink = ATAFN_SS_NULL;
1695 ataCmdOK(s, ATA_STAT_SEEK);
1696 }
1697 else
1698 {
1699 if (fRedo)
1700 return fRedo;
1701 if (s->cErrors++ < MAX_LOG_REL_ERRORS)
1702 LogRel(("PIIX3 ATA: LUN#%d: disk write error (rc=%Rrc iSector=%#RX64 cSectors=%#RX32)\n",
1703 s->iLUN, rc, iLBA, cSectors));
1704
1705 /*
1706 * Check if we got interrupted. We don't need to set status variables
1707 * because the request was aborted.
1708 */
1709 if (rc != VERR_INTERRUPTED)
1710 ataCmdError(s, ID_ERR);
1711 }
1712 return false;
1713}
1714
1715
1716static void atapiCmdOK(ATADevState *s)
1717{
1718 s->uATARegError = 0;
1719 ataSetStatusValue(s, ATA_STAT_READY);
1720 s->uATARegNSector = (s->uATARegNSector & ~7)
1721 | ((s->uTxDir != PDMBLOCKTXDIR_TO_DEVICE) ? ATAPI_INT_REASON_IO : 0)
1722 | (!s->cbTotalTransfer ? ATAPI_INT_REASON_CD : 0);
1723 Log2(("%s: interrupt reason %#04x\n", __FUNCTION__, s->uATARegNSector));
1724
1725 memset(s->abATAPISense, '\0', sizeof(s->abATAPISense));
1726 s->abATAPISense[0] = 0x70 | (1 << 7);
1727 s->abATAPISense[7] = 10;
1728}
1729
1730
1731static void atapiCmdError(ATADevState *s, const uint8_t *pabATAPISense, size_t cbATAPISense)
1732{
1733 Log(("%s: sense=%#x (%s) asc=%#x ascq=%#x (%s)\n", __FUNCTION__, pabATAPISense[2] & 0x0f, SCSISenseText(pabATAPISense[2] & 0x0f),
1734 pabATAPISense[12], pabATAPISense[13], SCSISenseExtText(pabATAPISense[12], pabATAPISense[13])));
1735 s->uATARegError = pabATAPISense[2] << 4;
1736 ataSetStatusValue(s, ATA_STAT_READY | ATA_STAT_ERR);
1737 s->uATARegNSector = (s->uATARegNSector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
1738 Log2(("%s: interrupt reason %#04x\n", __FUNCTION__, s->uATARegNSector));
1739 memset(s->abATAPISense, '\0', sizeof(s->abATAPISense));
1740 memcpy(s->abATAPISense, pabATAPISense, RT_MIN(cbATAPISense, sizeof(s->abATAPISense)));
1741 s->cbTotalTransfer = 0;
1742 s->cbElementaryTransfer = 0;
1743 s->cbAtapiPassthroughTransfer = 0;
1744 s->iIOBufferCur = 0;
1745 s->iIOBufferEnd = 0;
1746 s->uTxDir = PDMBLOCKTXDIR_NONE;
1747 s->iBeginTransfer = ATAFN_BT_NULL;
1748 s->iSourceSink = ATAFN_SS_NULL;
1749}
1750
1751
1752/** @todo deprecated function - doesn't provide enough info. Replace by direct
1753 * calls to atapiCmdError() with full data. */
1754static void atapiCmdErrorSimple(ATADevState *s, uint8_t uATAPISenseKey, uint8_t uATAPIASC)
1755{
1756 uint8_t abATAPISense[ATAPI_SENSE_SIZE];
1757 memset(abATAPISense, '\0', sizeof(abATAPISense));
1758 abATAPISense[0] = 0x70 | (1 << 7);
1759 abATAPISense[2] = uATAPISenseKey & 0x0f;
1760 abATAPISense[7] = 10;
1761 abATAPISense[12] = uATAPIASC;
1762 atapiCmdError(s, abATAPISense, sizeof(abATAPISense));
1763}
1764
1765
1766static void atapiCmdBT(ATADevState *s)
1767{
1768 s->fATAPITransfer = true;
1769 s->cbElementaryTransfer = s->cbTotalTransfer;
1770 s->cbAtapiPassthroughTransfer = s->cbTotalTransfer;
1771 s->cbPIOTransferLimit = s->uATARegLCyl | (s->uATARegHCyl << 8);
1772 if (s->uTxDir == PDMBLOCKTXDIR_TO_DEVICE)
1773 atapiCmdOK(s);
1774}
1775
1776
1777static void atapiPassthroughCmdBT(ATADevState *s)
1778{
1779 /* @todo implement an algorithm for correctly determining the read and
1780 * write sector size without sending additional commands to the drive.
1781 * This should be doable by saving processing the configuration requests
1782 * and replies. */
1783#if 0
1784 if (s->uTxDir == PDMBLOCKTXDIR_TO_DEVICE)
1785 {
1786 uint8_t cmd = s->aATAPICmd[0];
1787 if (cmd == SCSI_WRITE_10 || cmd == SCSI_WRITE_12 || cmd == SCSI_WRITE_AND_VERIFY_10)
1788 {
1789 uint8_t aModeSenseCmd[10];
1790 uint8_t aModeSenseResult[16];
1791 uint8_t uDummySense;
1792 uint32_t cbTransfer;
1793 int rc;
1794
1795 cbTransfer = sizeof(aModeSenseResult);
1796 aModeSenseCmd[0] = SCSI_MODE_SENSE_10;
1797 aModeSenseCmd[1] = 0x08; /* disable block descriptor = 1 */
1798 aModeSenseCmd[2] = (SCSI_PAGECONTROL_CURRENT << 6) | SCSI_MODEPAGE_WRITE_PARAMETER;
1799 aModeSenseCmd[3] = 0; /* subpage code */
1800 aModeSenseCmd[4] = 0; /* reserved */
1801 aModeSenseCmd[5] = 0; /* reserved */
1802 aModeSenseCmd[6] = 0; /* reserved */
1803 aModeSenseCmd[7] = cbTransfer >> 8;
1804 aModeSenseCmd[8] = cbTransfer & 0xff;
1805 aModeSenseCmd[9] = 0; /* control */
1806 rc = s->pDrvBlock->pfnSendCmd(s->pDrvBlock, aModeSenseCmd, PDMBLOCKTXDIR_FROM_DEVICE, aModeSenseResult, &cbTransfer, &uDummySense, 500);
1807 if (RT_FAILURE(rc))
1808 {
1809 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_NONE);
1810 return;
1811 }
1812 /* Select sector size based on the current data block type. */
1813 switch (aModeSenseResult[12] & 0x0f)
1814 {
1815 case 0:
1816 s->cbATAPISector = 2352;
1817 break;
1818 case 1:
1819 s->cbATAPISector = 2368;
1820 break;
1821 case 2:
1822 case 3:
1823 s->cbATAPISector = 2448;
1824 break;
1825 case 8:
1826 case 10:
1827 s->cbATAPISector = 2048;
1828 break;
1829 case 9:
1830 s->cbATAPISector = 2336;
1831 break;
1832 case 11:
1833 s->cbATAPISector = 2056;
1834 break;
1835 case 12:
1836 s->cbATAPISector = 2324;
1837 break;
1838 case 13:
1839 s->cbATAPISector = 2332;
1840 break;
1841 default:
1842 s->cbATAPISector = 0;
1843 }
1844 Log2(("%s: sector size %d\n", __FUNCTION__, s->cbATAPISector));
1845 s->cbTotalTransfer *= s->cbATAPISector;
1846 if (s->cbTotalTransfer == 0)
1847 s->uTxDir = PDMBLOCKTXDIR_NONE;
1848 }
1849 }
1850#endif
1851 atapiCmdBT(s);
1852}
1853
1854
1855static bool atapiReadSS(ATADevState *s)
1856{
1857 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
1858 int rc = VINF_SUCCESS;
1859 uint32_t cbTransfer, cSectors;
1860
1861 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
1862 cbTransfer = RT_MIN(s->cbTotalTransfer, s->cbIOBuffer);
1863 cSectors = cbTransfer / s->cbATAPISector;
1864 Assert(cSectors * s->cbATAPISector <= cbTransfer);
1865 Log(("%s: %d sectors at LBA %d\n", __FUNCTION__, cSectors, s->iATAPILBA));
1866
1867 PDMCritSectLeave(&pCtl->lock);
1868
1869 STAM_PROFILE_ADV_START(&s->StatReads, r);
1870 s->Led.Asserted.s.fReading = s->Led.Actual.s.fReading = 1;
1871 switch (s->cbATAPISector)
1872 {
1873 case 2048:
1874 rc = s->pDrvBlock->pfnRead(s->pDrvBlock, (uint64_t)s->iATAPILBA * s->cbATAPISector, s->CTX_SUFF(pbIOBuffer), s->cbATAPISector * cSectors);
1875 break;
1876 case 2352:
1877 {
1878 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
1879
1880 for (uint32_t i = s->iATAPILBA; i < s->iATAPILBA + cSectors; i++)
1881 {
1882 /* Sync bytes, see 4.2.3.8 CD Main Channel Block Formats */
1883 *pbBuf++ = 0x00;
1884 memset(pbBuf, 0xff, 10);
1885 pbBuf += 10;
1886 *pbBuf++ = 0x00;
1887 /* MSF */
1888 ataLBA2MSF(pbBuf, i);
1889 pbBuf += 3;
1890 *pbBuf++ = 0x01; /* mode 1 data */
1891 /* data */
1892 rc = s->pDrvBlock->pfnRead(s->pDrvBlock, (uint64_t)i * 2048, pbBuf, 2048);
1893 if (RT_FAILURE(rc))
1894 break;
1895 pbBuf += 2048;
1896 /**
1897 * @todo: maybe compute ECC and parity, layout is:
1898 * 2072 4 EDC
1899 * 2076 172 P parity symbols
1900 * 2248 104 Q parity symbols
1901 */
1902 memset(pbBuf, 0, 280);
1903 pbBuf += 280;
1904 }
1905 break;
1906 }
1907 default:
1908 break;
1909 }
1910 s->Led.Actual.s.fReading = 0;
1911 STAM_PROFILE_ADV_STOP(&s->StatReads, r);
1912
1913 STAM_PROFILE_START(&pCtl->StatLockWait, a);
1914 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
1915 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
1916
1917 if (RT_SUCCESS(rc))
1918 {
1919 STAM_REL_COUNTER_ADD(&s->StatBytesRead, s->cbATAPISector * cSectors);
1920
1921 /* The initial buffer end value has been set up based on the total
1922 * transfer size. But the I/O buffer size limits what can actually be
1923 * done in one transfer, so set the actual value of the buffer end. */
1924 s->cbElementaryTransfer = cbTransfer;
1925 if (cbTransfer >= s->cbTotalTransfer)
1926 s->iSourceSink = ATAFN_SS_NULL;
1927 atapiCmdOK(s);
1928 s->iATAPILBA += cSectors;
1929 }
1930 else
1931 {
1932 if (s->cErrors++ < MAX_LOG_REL_ERRORS)
1933 LogRel(("PIIX3 ATA: LUN#%d: CD-ROM read error, %d sectors at LBA %d\n", s->iLUN, cSectors, s->iATAPILBA));
1934
1935 /*
1936 * Check if we got interrupted. We don't need to set status variables
1937 * because the request was aborted.
1938 */
1939 if (rc != VERR_INTERRUPTED)
1940 atapiCmdErrorSimple(s, SCSI_SENSE_MEDIUM_ERROR, SCSI_ASC_READ_ERROR);
1941 }
1942 return false;
1943}
1944
1945/**
1946 * Sets the given media track type.
1947 */
1948static uint32_t ataMediumTypeSet(ATADevState *s, uint32_t MediaTrackType)
1949{
1950 return ASMAtomicXchgU32(&s->MediaTrackType, MediaTrackType);
1951}
1952
1953static bool atapiPassthroughSS(ATADevState *s)
1954{
1955 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
1956 int rc = VINF_SUCCESS;
1957 uint8_t abATAPISense[ATAPI_SENSE_SIZE];
1958 uint32_t cbTransfer;
1959 PSTAMPROFILEADV pProf = NULL;
1960
1961 cbTransfer = RT_MIN(s->cbAtapiPassthroughTransfer, s->cbIOBuffer);
1962
1963 if (s->uTxDir == PDMBLOCKTXDIR_TO_DEVICE)
1964 Log3(("ATAPI PT data write (%d): %.*Rhxs\n", cbTransfer, cbTransfer, s->CTX_SUFF(pbIOBuffer)));
1965
1966 /* Simple heuristics: if there is at least one sector of data
1967 * to transfer, it's worth updating the LEDs. */
1968 if (cbTransfer >= 2048)
1969 {
1970 if (s->uTxDir != PDMBLOCKTXDIR_TO_DEVICE)
1971 {
1972 s->Led.Asserted.s.fReading = s->Led.Actual.s.fReading = 1;
1973 pProf = &s->StatReads;
1974 }
1975 else
1976 {
1977 s->Led.Asserted.s.fWriting = s->Led.Actual.s.fWriting = 1;
1978 pProf = &s->StatWrites;
1979 }
1980 }
1981
1982 PDMCritSectLeave(&pCtl->lock);
1983
1984#if defined(LOG_ENABLED)
1985 char szBuf[1024];
1986
1987 memset(szBuf, 0, sizeof(szBuf));
1988
1989 switch (s->aATAPICmd[0])
1990 {
1991 case SCSI_MODE_SELECT_10:
1992 {
1993 size_t cbBlkDescLength = ataBE2H_U16(&s->CTX_SUFF(pbIOBuffer)[6]);
1994
1995 SCSILogModePage(szBuf, sizeof(szBuf) - 1,
1996 s->CTX_SUFF(pbIOBuffer) + 8 + cbBlkDescLength,
1997 cbTransfer - 8 - cbBlkDescLength);
1998 break;
1999 }
2000 case SCSI_SEND_CUE_SHEET:
2001 {
2002 SCSILogCueSheet(szBuf, sizeof(szBuf) - 1,
2003 s->CTX_SUFF(pbIOBuffer), cbTransfer);
2004 break;
2005 }
2006 default:
2007 break;
2008 }
2009
2010 Log2(("%s\n", szBuf));
2011#endif
2012
2013 if (pProf) { STAM_PROFILE_ADV_START(pProf, b); }
2014 if ( cbTransfer > SCSI_MAX_BUFFER_SIZE
2015 || s->cbElementaryTransfer > s->cbIOBuffer)
2016 {
2017 /* Linux accepts commands with up to 100KB of data, but expects
2018 * us to handle commands with up to 128KB of data. The usual
2019 * imbalance of powers. */
2020 uint8_t aATAPICmd[ATAPI_PACKET_SIZE];
2021 uint32_t iATAPILBA, cSectors, cReqSectors, cbCurrTX;
2022 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2023 uint32_t cSectorsMax; /**< Maximum amount of sectors to read without exceeding the I/O buffer. */
2024
2025 Assert(s->cbATAPISector);
2026 cSectorsMax = cbTransfer / s->cbATAPISector;
2027 Assert(cSectorsMax * s->cbATAPISector <= s->cbIOBuffer);
2028
2029 switch (s->aATAPICmd[0])
2030 {
2031 case SCSI_READ_10:
2032 case SCSI_WRITE_10:
2033 case SCSI_WRITE_AND_VERIFY_10:
2034 iATAPILBA = ataBE2H_U32(s->aATAPICmd + 2);
2035 cSectors = ataBE2H_U16(s->aATAPICmd + 7);
2036 break;
2037 case SCSI_READ_12:
2038 case SCSI_WRITE_12:
2039 iATAPILBA = ataBE2H_U32(s->aATAPICmd + 2);
2040 cSectors = ataBE2H_U32(s->aATAPICmd + 6);
2041 break;
2042 case SCSI_READ_CD:
2043 iATAPILBA = ataBE2H_U32(s->aATAPICmd + 2);
2044 cSectors = ataBE2H_U24(s->aATAPICmd + 6);
2045 break;
2046 case SCSI_READ_CD_MSF:
2047 iATAPILBA = ataMSF2LBA(s->aATAPICmd + 3);
2048 cSectors = ataMSF2LBA(s->aATAPICmd + 6) - iATAPILBA;
2049 break;
2050 default:
2051 AssertMsgFailed(("Don't know how to split command %#04x\n", s->aATAPICmd[0]));
2052 if (s->cErrors++ < MAX_LOG_REL_ERRORS)
2053 LogRel(("PIIX3 ATA: LUN#%d: CD-ROM passthrough split error\n", s->iLUN));
2054 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_ILLEGAL_OPCODE);
2055 {
2056 STAM_PROFILE_START(&pCtl->StatLockWait, a);
2057 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
2058 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
2059 }
2060 return false;
2061 }
2062 cSectorsMax = RT_MIN(cSectorsMax, cSectors);
2063 memcpy(aATAPICmd, s->aATAPICmd, ATAPI_PACKET_SIZE);
2064 cReqSectors = 0;
2065 for (uint32_t i = cSectorsMax; i > 0; i -= cReqSectors)
2066 {
2067 if (i * s->cbATAPISector > SCSI_MAX_BUFFER_SIZE)
2068 cReqSectors = SCSI_MAX_BUFFER_SIZE / s->cbATAPISector;
2069 else
2070 cReqSectors = i;
2071 cbCurrTX = s->cbATAPISector * cReqSectors;
2072 switch (s->aATAPICmd[0])
2073 {
2074 case SCSI_READ_10:
2075 case SCSI_WRITE_10:
2076 case SCSI_WRITE_AND_VERIFY_10:
2077 ataH2BE_U32(aATAPICmd + 2, iATAPILBA);
2078 ataH2BE_U16(aATAPICmd + 7, cReqSectors);
2079 break;
2080 case SCSI_READ_12:
2081 case SCSI_WRITE_12:
2082 ataH2BE_U32(aATAPICmd + 2, iATAPILBA);
2083 ataH2BE_U32(aATAPICmd + 6, cReqSectors);
2084 break;
2085 case SCSI_READ_CD:
2086 ataH2BE_U32(aATAPICmd + 2, iATAPILBA);
2087 ataH2BE_U24(aATAPICmd + 6, cReqSectors);
2088 break;
2089 case SCSI_READ_CD_MSF:
2090 ataLBA2MSF(aATAPICmd + 3, iATAPILBA);
2091 ataLBA2MSF(aATAPICmd + 6, iATAPILBA + cReqSectors);
2092 break;
2093 }
2094 rc = s->pDrvBlock->pfnSendCmd(s->pDrvBlock, aATAPICmd, (PDMBLOCKTXDIR)s->uTxDir, pbBuf, &cbCurrTX, abATAPISense, sizeof(abATAPISense), 30000 /**< @todo timeout */);
2095 if (rc != VINF_SUCCESS)
2096 break;
2097 iATAPILBA += cReqSectors;
2098 pbBuf += s->cbATAPISector * cReqSectors;
2099 }
2100
2101 if (RT_SUCCESS(rc))
2102 {
2103 /* Adjust ATAPI command for the next call. */
2104 switch (s->aATAPICmd[0])
2105 {
2106 case SCSI_READ_10:
2107 case SCSI_WRITE_10:
2108 case SCSI_WRITE_AND_VERIFY_10:
2109 ataH2BE_U32(s->aATAPICmd + 2, iATAPILBA);
2110 ataH2BE_U16(s->aATAPICmd + 7, cSectors - cSectorsMax);
2111 break;
2112 case SCSI_READ_12:
2113 case SCSI_WRITE_12:
2114 ataH2BE_U32(s->aATAPICmd + 2, iATAPILBA);
2115 ataH2BE_U32(s->aATAPICmd + 6, cSectors - cSectorsMax);
2116 break;
2117 case SCSI_READ_CD:
2118 ataH2BE_U32(s->aATAPICmd + 2, iATAPILBA);
2119 ataH2BE_U24(s->aATAPICmd + 6, cSectors - cSectorsMax);
2120 break;
2121 case SCSI_READ_CD_MSF:
2122 ataLBA2MSF(s->aATAPICmd + 3, iATAPILBA);
2123 ataLBA2MSF(s->aATAPICmd + 6, iATAPILBA + cSectors - cSectorsMax);
2124 break;
2125 default:
2126 AssertMsgFailed(("Don't know how to split command %#04x\n", s->aATAPICmd[0]));
2127 if (s->cErrors++ < MAX_LOG_REL_ERRORS)
2128 LogRel(("PIIX3 ATA: LUN#%d: CD-ROM passthrough split error\n", s->iLUN));
2129 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_ILLEGAL_OPCODE);
2130 return false;
2131 }
2132 }
2133 }
2134 else
2135 rc = s->pDrvBlock->pfnSendCmd(s->pDrvBlock, s->aATAPICmd, (PDMBLOCKTXDIR)s->uTxDir, s->CTX_SUFF(pbIOBuffer), &cbTransfer, abATAPISense, sizeof(abATAPISense), 30000 /**< @todo timeout */);
2136 if (pProf) { STAM_PROFILE_ADV_STOP(pProf, b); }
2137
2138 STAM_PROFILE_START(&pCtl->StatLockWait, a);
2139 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
2140 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
2141
2142 /* Update the LEDs and the read/write statistics. */
2143 if (cbTransfer >= 2048)
2144 {
2145 if (s->uTxDir != PDMBLOCKTXDIR_TO_DEVICE)
2146 {
2147 s->Led.Actual.s.fReading = 0;
2148 STAM_REL_COUNTER_ADD(&s->StatBytesRead, cbTransfer);
2149 }
2150 else
2151 {
2152 s->Led.Actual.s.fWriting = 0;
2153 STAM_REL_COUNTER_ADD(&s->StatBytesWritten, cbTransfer);
2154 }
2155 }
2156
2157 if (RT_SUCCESS(rc))
2158 {
2159 /* Do post processing for certain commands. */
2160 switch (s->aATAPICmd[0])
2161 {
2162 case SCSI_SEND_CUE_SHEET:
2163 case SCSI_READ_TOC_PMA_ATIP:
2164 {
2165 if (!s->pTrackList)
2166 rc = ATAPIPassthroughTrackListCreateEmpty(&s->pTrackList);
2167
2168 if (RT_SUCCESS(rc))
2169 rc = ATAPIPassthroughTrackListUpdate(s->pTrackList, s->aATAPICmd, s->CTX_SUFF(pbIOBuffer));
2170
2171 if ( RT_FAILURE(rc)
2172 && s->cErrors++ < MAX_LOG_REL_ERRORS)
2173 LogRel(("ATA: Error (%Rrc) while updating the tracklist during %s, burning the disc might fail\n",
2174 rc, s->aATAPICmd[0] == SCSI_SEND_CUE_SHEET ? "SEND CUE SHEET" : "READ TOC/PMA/ATIP"));
2175 break;
2176 }
2177 case SCSI_SYNCHRONIZE_CACHE:
2178 {
2179 if (s->pTrackList)
2180 ATAPIPassthroughTrackListClear(s->pTrackList);
2181 break;
2182 }
2183 }
2184
2185 if (s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE)
2186 {
2187 Assert(cbTransfer <= s->cbAtapiPassthroughTransfer);
2188 /*
2189 * Reply with the same amount of data as the real drive
2190 * but only if the command wasn't split.
2191 */
2192#if 0 //@todo: This destroys commands where cbTotalTransfer > cbIOBuffer
2193 if (s->cbElementaryTransfer < s->cbIOBuffer)
2194 s->cbTotalTransfer = cbTransfer;
2195#endif
2196
2197 if ( s->aATAPICmd[0] == SCSI_INQUIRY
2198 && s->fOverwriteInquiry)
2199 {
2200 /* Make sure that the real drive cannot be identified.
2201 * Motivation: changing the VM configuration should be as
2202 * invisible as possible to the guest. */
2203 Log3(("ATAPI PT inquiry data before (%d): %.*Rhxs\n", cbTransfer, cbTransfer, s->CTX_SUFF(pbIOBuffer)));
2204 ataSCSIPadStr(s->CTX_SUFF(pbIOBuffer) + 8, "VBOX", 8);
2205 ataSCSIPadStr(s->CTX_SUFF(pbIOBuffer) + 16, "CD-ROM", 16);
2206 ataSCSIPadStr(s->CTX_SUFF(pbIOBuffer) + 32, "1.0", 4);
2207 }
2208
2209 if (cbTransfer)
2210 Log3(("ATAPI PT data read (%d): %.*Rhxs\n", cbTransfer, cbTransfer, s->CTX_SUFF(pbIOBuffer)));
2211 }
2212
2213 /* The initial buffer end value has been set up based on the total
2214 * transfer size. But the I/O buffer size limits what can actually be
2215 * done in one transfer, so set the actual value of the buffer end. */
2216 s->cbElementaryTransfer = cbTransfer;
2217 if (cbTransfer >= s->cbAtapiPassthroughTransfer)
2218 {
2219 s->iSourceSink = ATAFN_SS_NULL;
2220 atapiCmdOK(s);
2221 }
2222 }
2223 else
2224 {
2225 if (s->cErrors < MAX_LOG_REL_ERRORS)
2226 {
2227 uint8_t u8Cmd = s->aATAPICmd[0];
2228 do
2229 {
2230 /* don't log superfluous errors */
2231 if ( rc == VERR_DEV_IO_ERROR
2232 && ( u8Cmd == SCSI_TEST_UNIT_READY
2233 || u8Cmd == SCSI_READ_CAPACITY
2234 || u8Cmd == SCSI_READ_DVD_STRUCTURE
2235 || u8Cmd == SCSI_READ_TOC_PMA_ATIP))
2236 break;
2237 s->cErrors++;
2238 LogRel(("PIIX3 ATA: LUN#%d: CD-ROM passthrough cmd=%#04x sense=%d ASC=%#02x ASCQ=%#02x %Rrc\n",
2239 s->iLUN, u8Cmd, abATAPISense[2] & 0x0f, abATAPISense[12], abATAPISense[13], rc));
2240 } while (0);
2241 }
2242 atapiCmdError(s, abATAPISense, sizeof(abATAPISense));
2243 }
2244 return false;
2245}
2246
2247/** @todo: Revise ASAP. */
2248static bool atapiReadDVDStructureSS(ATADevState *s)
2249{
2250 uint8_t *buf = s->CTX_SUFF(pbIOBuffer);
2251 int media = s->aATAPICmd[1];
2252 int format = s->aATAPICmd[7];
2253
2254 uint16_t max_len = ataBE2H_U16(&s->aATAPICmd[8]);
2255
2256 memset(buf, 0, max_len);
2257
2258 switch (format) {
2259 case 0x00:
2260 case 0x01:
2261 case 0x02:
2262 case 0x03:
2263 case 0x04:
2264 case 0x05:
2265 case 0x06:
2266 case 0x07:
2267 case 0x08:
2268 case 0x09:
2269 case 0x0a:
2270 case 0x0b:
2271 case 0x0c:
2272 case 0x0d:
2273 case 0x0e:
2274 case 0x0f:
2275 case 0x10:
2276 case 0x11:
2277 case 0x30:
2278 case 0x31:
2279 case 0xff:
2280 if (media == 0)
2281 {
2282 int uASC = SCSI_ASC_NONE;
2283
2284 switch (format)
2285 {
2286 case 0x0: /* Physical format information */
2287 {
2288 int layer = s->aATAPICmd[6];
2289 uint64_t total_sectors;
2290
2291 if (layer != 0)
2292 {
2293 uASC = -SCSI_ASC_INV_FIELD_IN_CMD_PACKET;
2294 break;
2295 }
2296
2297 total_sectors = s->cTotalSectors;
2298 total_sectors >>= 2;
2299 if (total_sectors == 0)
2300 {
2301 uASC = -SCSI_ASC_MEDIUM_NOT_PRESENT;
2302 break;
2303 }
2304
2305 buf[4] = 1; /* DVD-ROM, part version 1 */
2306 buf[5] = 0xf; /* 120mm disc, minimum rate unspecified */
2307 buf[6] = 1; /* one layer, read-only (per MMC-2 spec) */
2308 buf[7] = 0; /* default densities */
2309
2310 /* FIXME: 0x30000 per spec? */
2311 ataH2BE_U32(buf + 8, 0); /* start sector */
2312 ataH2BE_U32(buf + 12, total_sectors - 1); /* end sector */
2313 ataH2BE_U32(buf + 16, total_sectors - 1); /* l0 end sector */
2314
2315 /* Size of buffer, not including 2 byte size field */
2316 ataH2BE_U32(&buf[0], 2048 + 2);
2317
2318 /* 2k data + 4 byte header */
2319 uASC = (2048 + 4);
2320 break;
2321 }
2322 case 0x01: /* DVD copyright information */
2323 buf[4] = 0; /* no copyright data */
2324 buf[5] = 0; /* no region restrictions */
2325
2326 /* Size of buffer, not including 2 byte size field */
2327 ataH2BE_U16(buf, 4 + 2);
2328
2329 /* 4 byte header + 4 byte data */
2330 uASC = (4 + 4);
2331
2332 case 0x03: /* BCA information - invalid field for no BCA info */
2333 uASC = -SCSI_ASC_INV_FIELD_IN_CMD_PACKET;
2334 break;
2335
2336 case 0x04: /* DVD disc manufacturing information */
2337 /* Size of buffer, not including 2 byte size field */
2338 ataH2BE_U16(buf, 2048 + 2);
2339
2340 /* 2k data + 4 byte header */
2341 uASC = (2048 + 4);
2342 break;
2343 case 0xff:
2344 /*
2345 * This lists all the command capabilities above. Add new ones
2346 * in order and update the length and buffer return values.
2347 */
2348
2349 buf[4] = 0x00; /* Physical format */
2350 buf[5] = 0x40; /* Not writable, is readable */
2351 ataH2BE_U16((buf + 6), 2048 + 4);
2352
2353 buf[8] = 0x01; /* Copyright info */
2354 buf[9] = 0x40; /* Not writable, is readable */
2355 ataH2BE_U16((buf + 10), 4 + 4);
2356
2357 buf[12] = 0x03; /* BCA info */
2358 buf[13] = 0x40; /* Not writable, is readable */
2359 ataH2BE_U16((buf + 14), 188 + 4);
2360
2361 buf[16] = 0x04; /* Manufacturing info */
2362 buf[17] = 0x40; /* Not writable, is readable */
2363 ataH2BE_U16((buf + 18), 2048 + 4);
2364
2365 /* Size of buffer, not including 2 byte size field */
2366 ataH2BE_U16(buf, 16 + 2);
2367
2368 /* data written + 4 byte header */
2369 uASC = (16 + 4);
2370 break;
2371 default: /* TODO: formats beyond DVD-ROM requires */
2372 uASC = -SCSI_ASC_INV_FIELD_IN_CMD_PACKET;
2373 }
2374
2375 if (uASC < 0)
2376 {
2377 s->iSourceSink = ATAFN_SS_NULL;
2378 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, -uASC);
2379 return false;
2380 }
2381 break;
2382 }
2383 /* TODO: BD support, fall through for now */
2384
2385 /* Generic disk structures */
2386 case 0x80: /* TODO: AACS volume identifier */
2387 case 0x81: /* TODO: AACS media serial number */
2388 case 0x82: /* TODO: AACS media identifier */
2389 case 0x83: /* TODO: AACS media key block */
2390 case 0x90: /* TODO: List of recognized format layers */
2391 case 0xc0: /* TODO: Write protection status */
2392 default:
2393 s->iSourceSink = ATAFN_SS_NULL;
2394 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST,
2395 SCSI_ASC_INV_FIELD_IN_CMD_PACKET);
2396 return false;
2397 }
2398
2399 s->iSourceSink = ATAFN_SS_NULL;
2400 atapiCmdOK(s);
2401 return false;
2402}
2403
2404static bool atapiReadSectors(ATADevState *s, uint32_t iATAPILBA, uint32_t cSectors, uint32_t cbSector)
2405{
2406 Assert(cSectors > 0);
2407 s->iATAPILBA = iATAPILBA;
2408 s->cbATAPISector = cbSector;
2409 ataStartTransfer(s, cSectors * cbSector, PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_READ, true);
2410 return false;
2411}
2412
2413
2414static bool atapiReadCapacitySS(ATADevState *s)
2415{
2416 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2417
2418 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2419 Assert(s->cbElementaryTransfer <= 8);
2420 ataH2BE_U32(pbBuf, s->cTotalSectors - 1);
2421 ataH2BE_U32(pbBuf + 4, 2048);
2422 s->iSourceSink = ATAFN_SS_NULL;
2423 atapiCmdOK(s);
2424 return false;
2425}
2426
2427
2428static bool atapiReadDiscInformationSS(ATADevState *s)
2429{
2430 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2431
2432 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2433 Assert(s->cbElementaryTransfer <= 34);
2434 memset(pbBuf, '\0', 34);
2435 ataH2BE_U16(pbBuf, 32);
2436 pbBuf[2] = (0 << 4) | (3 << 2) | (2 << 0); /* not erasable, complete session, complete disc */
2437 pbBuf[3] = 1; /* number of first track */
2438 pbBuf[4] = 1; /* number of sessions (LSB) */
2439 pbBuf[5] = 1; /* first track number in last session (LSB) */
2440 pbBuf[6] = 1; /* last track number in last session (LSB) */
2441 pbBuf[7] = (0 << 7) | (0 << 6) | (1 << 5) | (0 << 2) | (0 << 0); /* disc id not valid, disc bar code not valid, unrestricted use, not dirty, not RW medium */
2442 pbBuf[8] = 0; /* disc type = CD-ROM */
2443 pbBuf[9] = 0; /* number of sessions (MSB) */
2444 pbBuf[10] = 0; /* number of sessions (MSB) */
2445 pbBuf[11] = 0; /* number of sessions (MSB) */
2446 ataH2BE_U32(pbBuf + 16, 0x00ffffff); /* last session lead-in start time is not available */
2447 ataH2BE_U32(pbBuf + 20, 0x00ffffff); /* last possible start time for lead-out is not available */
2448 s->iSourceSink = ATAFN_SS_NULL;
2449 atapiCmdOK(s);
2450 return false;
2451}
2452
2453
2454static bool atapiReadTrackInformationSS(ATADevState *s)
2455{
2456 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2457
2458 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2459 Assert(s->cbElementaryTransfer <= 36);
2460 /* Accept address/number type of 1 only, and only track 1 exists. */
2461 if ((s->aATAPICmd[1] & 0x03) != 1 || ataBE2H_U32(&s->aATAPICmd[2]) != 1)
2462 {
2463 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_INV_FIELD_IN_CMD_PACKET);
2464 return false;
2465 }
2466 memset(pbBuf, '\0', 36);
2467 ataH2BE_U16(pbBuf, 34);
2468 pbBuf[2] = 1; /* track number (LSB) */
2469 pbBuf[3] = 1; /* session number (LSB) */
2470 pbBuf[5] = (0 << 5) | (0 << 4) | (4 << 0); /* not damaged, primary copy, data track */
2471 pbBuf[6] = (0 << 7) | (0 << 6) | (0 << 5) | (0 << 6) | (1 << 0); /* not reserved track, not blank, not packet writing, not fixed packet, data mode 1 */
2472 pbBuf[7] = (0 << 1) | (0 << 0); /* last recorded address not valid, next recordable address not valid */
2473 ataH2BE_U32(pbBuf + 8, 0); /* track start address is 0 */
2474 ataH2BE_U32(pbBuf + 24, s->cTotalSectors); /* track size */
2475 pbBuf[32] = 0; /* track number (MSB) */
2476 pbBuf[33] = 0; /* session number (MSB) */
2477 s->iSourceSink = ATAFN_SS_NULL;
2478 atapiCmdOK(s);
2479 return false;
2480}
2481
2482static uint32_t atapiGetConfigurationFillFeatureListProfiles(ATADevState *s, uint8_t *pbBuf, size_t cbBuf)
2483{
2484 if (cbBuf < 3*4)
2485 return 0;
2486
2487 ataH2BE_U16(pbBuf, 0x0); /* feature 0: list of profiles supported */
2488 pbBuf[2] = (0 << 2) | (1 << 1) | (1 || 0); /* version 0, persistent, current */
2489 pbBuf[3] = 8; /* additional bytes for profiles */
2490 /* The MMC-3 spec says that DVD-ROM read capability should be reported
2491 * before CD-ROM read capability. */
2492 ataH2BE_U16(pbBuf + 4, 0x10); /* profile: read-only DVD */
2493 pbBuf[6] = (0 << 0); /* NOT current profile */
2494 ataH2BE_U16(pbBuf + 8, 0x08); /* profile: read only CD */
2495 pbBuf[10] = (1 << 0); /* current profile */
2496
2497 return 3*4; /* Header + 2 profiles entries */
2498}
2499
2500static uint32_t atapiGetConfigurationFillFeatureCore(ATADevState *s, uint8_t *pbBuf, size_t cbBuf)
2501{
2502 if (cbBuf < 12)
2503 return 0;
2504
2505 ataH2BE_U16(pbBuf, 0x1); /* feature 0001h: Core Feature */
2506 pbBuf[2] = (0x2 << 2) | RT_BIT(1) | RT_BIT(0); /* Version | Persistent | Current */
2507 pbBuf[3] = 8; /* Additional length */
2508 ataH2BE_U16(pbBuf + 4, 0x00000002); /* Physical interface ATAPI. */
2509 pbBuf[8] = RT_BIT(0); /* DBE */
2510 /* Rest is reserved. */
2511
2512 return 12;
2513}
2514
2515static uint32_t atapiGetConfigurationFillFeatureMorphing(ATADevState *s, uint8_t *pbBuf, size_t cbBuf)
2516{
2517 if (cbBuf < 8)
2518 return 0;
2519
2520 ataH2BE_U16(pbBuf, 0x2); /* feature 0002h: Morphing Feature */
2521 pbBuf[2] = (0x1 << 2) | RT_BIT(1) | RT_BIT(0); /* Version | Persistent | Current */
2522 pbBuf[3] = 4; /* Additional length */
2523 pbBuf[4] = RT_BIT(1) | 0x0; /* OCEvent | !ASYNC */
2524 /* Rest is reserved. */
2525
2526 return 8;
2527}
2528
2529static uint32_t atapiGetConfigurationFillFeatureRemovableMedium(ATADevState *s, uint8_t *pbBuf, size_t cbBuf)
2530{
2531 if (cbBuf < 8)
2532 return 0;
2533
2534 ataH2BE_U16(pbBuf, 0x3); /* feature 0003h: Removable Medium Feature */
2535 pbBuf[2] = (0x2 << 2) | RT_BIT(1) | RT_BIT(0); /* Version | Persistent | Current */
2536 pbBuf[3] = 4; /* Additional length */
2537 /* Tray type loading | Load | Eject | !Pvnt Jmpr | !DBML | Lock */
2538 pbBuf[4] = (0x2 << 5) | RT_BIT(4) | RT_BIT(3) | (0x0 << 2) | (0x0 << 1) | RT_BIT(0);
2539 /* Rest is reserved. */
2540
2541 return 8;
2542}
2543
2544static uint32_t atapiGetConfigurationFillFeatureRandomReadable(ATADevState *s, uint8_t *pbBuf, size_t cbBuf)
2545{
2546 if (cbBuf < 12)
2547 return 0;
2548
2549 ataH2BE_U16(pbBuf, 0x10); /* feature 0010h: Random Readable Feature */
2550 pbBuf[2] = (0x0 << 2) | RT_BIT(1) | RT_BIT(0); /* Version | Persistent | Current */
2551 pbBuf[3] = 8; /* Additional length */
2552 ataH2BE_U32(pbBuf + 4, 2048); /* Logical block size. */
2553 ataH2BE_U16(pbBuf + 8, 0x10); /* Blocking (0x10 for DVD, CD is not defined). */
2554 pbBuf[10] = 0; /* PP not present */
2555 /* Rest is reserved. */
2556
2557 return 12;
2558}
2559
2560static uint32_t atapiGetConfigurationFillFeatureCDRead(ATADevState *s, uint8_t *pbBuf, size_t cbBuf)
2561{
2562 if (cbBuf < 8)
2563 return 0;
2564
2565 ataH2BE_U16(pbBuf, 0x1e); /* feature 001Eh: CD Read Feature */
2566 pbBuf[2] = (0x2 << 2) | RT_BIT(1) | RT_BIT(0); /* Version | Persistent | Current */
2567 pbBuf[3] = 0; /* Additional length */
2568 pbBuf[4] = (0x0 << 7) | (0x0 << 1) | 0x0; /* !DAP | !C2-Flags | !CD-Text. */
2569 /* Rest is reserved. */
2570
2571 return 8;
2572}
2573
2574static uint32_t atapiGetConfigurationFillFeaturePowerManagement(ATADevState *s, uint8_t *pbBuf, size_t cbBuf)
2575{
2576 if (cbBuf < 4)
2577 return 0;
2578
2579 ataH2BE_U16(pbBuf, 0x100); /* feature 0100h: Power Management Feature */
2580 pbBuf[2] = (0x0 << 2) | RT_BIT(1) | RT_BIT(0); /* Version | Persistent | Current */
2581 pbBuf[3] = 0; /* Additional length */
2582
2583 return 4;
2584}
2585
2586static uint32_t atapiGetConfigurationFillFeatureTimeout(ATADevState *s, uint8_t *pbBuf, size_t cbBuf)
2587{
2588 if (cbBuf < 8)
2589 return 0;
2590
2591 ataH2BE_U16(pbBuf, 0x105); /* feature 0105h: Timeout Feature */
2592 pbBuf[2] = (0x0 << 2) | RT_BIT(1) | RT_BIT(0); /* Version | Persistent | Current */
2593 pbBuf[3] = 4; /* Additional length */
2594 pbBuf[4] = 0x0; /* !Group3 */
2595
2596 return 8;
2597}
2598
2599static bool atapiGetConfigurationSS(ATADevState *s)
2600{
2601 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2602 uint32_t cbBuf = s->cbIOBuffer;
2603 uint32_t cbCopied = 0;
2604 uint16_t u16Sfn = ataBE2H_U16(&s->aATAPICmd[2]);
2605
2606 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2607 Assert(s->cbElementaryTransfer <= 80);
2608 /* Accept valid request types only, and only starting feature 0. */
2609 if ((s->aATAPICmd[1] & 0x03) == 3 || u16Sfn != 0)
2610 {
2611 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_INV_FIELD_IN_CMD_PACKET);
2612 return false;
2613 }
2614 memset(pbBuf, '\0', cbBuf);
2615 /** @todo implement switching between CD-ROM and DVD-ROM profile (the only
2616 * way to differentiate them right now is based on the image size). */
2617 if (s->cTotalSectors)
2618 ataH2BE_U16(pbBuf + 6, 0x08); /* current profile: read-only CD */
2619 else
2620 ataH2BE_U16(pbBuf + 6, 0x00); /* current profile: none -> no media */
2621 cbBuf -= 8;
2622 pbBuf += 8;
2623
2624 cbCopied = atapiGetConfigurationFillFeatureListProfiles(s, pbBuf, cbBuf);
2625 cbBuf -= cbCopied;
2626 pbBuf += cbCopied;
2627
2628 cbCopied = atapiGetConfigurationFillFeatureCore(s, pbBuf, cbBuf);
2629 cbBuf -= cbCopied;
2630 pbBuf += cbCopied;
2631
2632 cbCopied = atapiGetConfigurationFillFeatureMorphing(s, pbBuf, cbBuf);
2633 cbBuf -= cbCopied;
2634 pbBuf += cbCopied;
2635
2636 cbCopied = atapiGetConfigurationFillFeatureRemovableMedium(s, pbBuf, cbBuf);
2637 cbBuf -= cbCopied;
2638 pbBuf += cbCopied;
2639
2640 cbCopied = atapiGetConfigurationFillFeatureRandomReadable(s, pbBuf, cbBuf);
2641 cbBuf -= cbCopied;
2642 pbBuf += cbCopied;
2643
2644 cbCopied = atapiGetConfigurationFillFeatureCDRead(s, pbBuf, cbBuf);
2645 cbBuf -= cbCopied;
2646 pbBuf += cbCopied;
2647
2648 cbCopied = atapiGetConfigurationFillFeaturePowerManagement(s, pbBuf, cbBuf);
2649 cbBuf -= cbCopied;
2650 pbBuf += cbCopied;
2651
2652 cbCopied = atapiGetConfigurationFillFeatureTimeout(s, pbBuf, cbBuf);
2653 cbBuf -= cbCopied;
2654 pbBuf += cbCopied;
2655
2656 /* Set data length now - the field is not included in the final length. */
2657 ataH2BE_U32(s->CTX_SUFF(pbIOBuffer), s->cbIOBuffer - cbBuf - 4);
2658
2659 /* Other profiles we might want to add in the future: 0x40 (BD-ROM) and 0x50 (HDDVD-ROM) */
2660 s->iSourceSink = ATAFN_SS_NULL;
2661 atapiCmdOK(s);
2662 return false;
2663}
2664
2665
2666static bool atapiGetEventStatusNotificationSS(ATADevState *s)
2667{
2668 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2669
2670 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2671 Assert(s->cbElementaryTransfer <= 8);
2672
2673 if (!(s->aATAPICmd[1] & 1))
2674 {
2675 /* no asynchronous operation supported */
2676 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_INV_FIELD_IN_CMD_PACKET);
2677 return false;
2678 }
2679
2680 uint32_t OldStatus, NewStatus;
2681 do
2682 {
2683 OldStatus = ASMAtomicReadU32(&s->MediaEventStatus);
2684 NewStatus = ATA_EVENT_STATUS_UNCHANGED;
2685 switch (OldStatus)
2686 {
2687 case ATA_EVENT_STATUS_MEDIA_NEW:
2688 /* mount */
2689 ataH2BE_U16(pbBuf + 0, 6);
2690 pbBuf[2] = 0x04; /* media */
2691 pbBuf[3] = 0x5e; /* supported = busy|media|external|power|operational */
2692 pbBuf[4] = 0x02; /* new medium */
2693 pbBuf[5] = 0x02; /* medium present / door closed */
2694 pbBuf[6] = 0x00;
2695 pbBuf[7] = 0x00;
2696 break;
2697
2698 case ATA_EVENT_STATUS_MEDIA_CHANGED:
2699 case ATA_EVENT_STATUS_MEDIA_REMOVED:
2700 /* umount */
2701 ataH2BE_U16(pbBuf + 0, 6);
2702 pbBuf[2] = 0x04; /* media */
2703 pbBuf[3] = 0x5e; /* supported = busy|media|external|power|operational */
2704 pbBuf[4] = 0x03; /* media removal */
2705 pbBuf[5] = 0x00; /* medium absent / door closed */
2706 pbBuf[6] = 0x00;
2707 pbBuf[7] = 0x00;
2708 if (OldStatus == ATA_EVENT_STATUS_MEDIA_CHANGED)
2709 NewStatus = ATA_EVENT_STATUS_MEDIA_NEW;
2710 break;
2711
2712 case ATA_EVENT_STATUS_MEDIA_EJECT_REQUESTED: /* currently unused */
2713 ataH2BE_U16(pbBuf + 0, 6);
2714 pbBuf[2] = 0x04; /* media */
2715 pbBuf[3] = 0x5e; /* supported = busy|media|external|power|operational */
2716 pbBuf[4] = 0x01; /* eject requested (eject button pressed) */
2717 pbBuf[5] = 0x02; /* medium present / door closed */
2718 pbBuf[6] = 0x00;
2719 pbBuf[7] = 0x00;
2720 break;
2721
2722 case ATA_EVENT_STATUS_UNCHANGED:
2723 default:
2724 ataH2BE_U16(pbBuf + 0, 6);
2725 pbBuf[2] = 0x01; /* operational change request / notification */
2726 pbBuf[3] = 0x5e; /* supported = busy|media|external|power|operational */
2727 pbBuf[4] = 0x00;
2728 pbBuf[5] = 0x00;
2729 pbBuf[6] = 0x00;
2730 pbBuf[7] = 0x00;
2731 break;
2732 }
2733 } while (!ASMAtomicCmpXchgU32(&s->MediaEventStatus, NewStatus, OldStatus));
2734
2735 s->iSourceSink = ATAFN_SS_NULL;
2736 atapiCmdOK(s);
2737 return false;
2738}
2739
2740
2741static bool atapiInquirySS(ATADevState *s)
2742{
2743 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2744
2745 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2746 Assert(s->cbElementaryTransfer <= 36);
2747 pbBuf[0] = 0x05; /* CD-ROM */
2748 pbBuf[1] = 0x80; /* removable */
2749#if 1/*ndef VBOX*/ /** @todo implement MESN + AENC. (async notification on removal and stuff.) */
2750 pbBuf[2] = 0x00; /* ISO */
2751 pbBuf[3] = 0x21; /* ATAPI-2 (XXX: put ATAPI-4 ?) */
2752#else
2753 pbBuf[2] = 0x00; /* ISO */
2754 pbBuf[3] = 0x91; /* format 1, MESN=1, AENC=9 ??? */
2755#endif
2756 pbBuf[4] = 31; /* additional length */
2757 pbBuf[5] = 0; /* reserved */
2758 pbBuf[6] = 0; /* reserved */
2759 pbBuf[7] = 0; /* reserved */
2760 ataSCSIPadStr(pbBuf + 8, s->szInquiryVendorId, 8);
2761 ataSCSIPadStr(pbBuf + 16, s->szInquiryProductId, 16);
2762 ataSCSIPadStr(pbBuf + 32, s->szInquiryRevision, 4);
2763 s->iSourceSink = ATAFN_SS_NULL;
2764 atapiCmdOK(s);
2765 return false;
2766}
2767
2768
2769static bool atapiModeSenseErrorRecoverySS(ATADevState *s)
2770{
2771 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2772
2773 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2774 Assert(s->cbElementaryTransfer <= 16);
2775 ataH2BE_U16(&pbBuf[0], 16 + 6);
2776 pbBuf[2] = (uint8_t)s->MediaTrackType;
2777 pbBuf[3] = 0;
2778 pbBuf[4] = 0;
2779 pbBuf[5] = 0;
2780 pbBuf[6] = 0;
2781 pbBuf[7] = 0;
2782
2783 pbBuf[8] = 0x01;
2784 pbBuf[9] = 0x06;
2785 pbBuf[10] = 0x00; /* Maximum error recovery */
2786 pbBuf[11] = 0x05; /* 5 retries */
2787 pbBuf[12] = 0x00;
2788 pbBuf[13] = 0x00;
2789 pbBuf[14] = 0x00;
2790 pbBuf[15] = 0x00;
2791 s->iSourceSink = ATAFN_SS_NULL;
2792 atapiCmdOK(s);
2793 return false;
2794}
2795
2796
2797static bool atapiModeSenseCDStatusSS(ATADevState *s)
2798{
2799 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2800
2801 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2802 Assert(s->cbElementaryTransfer <= 40);
2803 ataH2BE_U16(&pbBuf[0], 38);
2804 pbBuf[2] = (uint8_t)s->MediaTrackType;
2805 pbBuf[3] = 0;
2806 pbBuf[4] = 0;
2807 pbBuf[5] = 0;
2808 pbBuf[6] = 0;
2809 pbBuf[7] = 0;
2810
2811 pbBuf[8] = 0x2a;
2812 pbBuf[9] = 30; /* page length */
2813 pbBuf[10] = 0x08; /* DVD-ROM read support */
2814 pbBuf[11] = 0x00; /* no write support */
2815 /* The following claims we support audio play. This is obviously false,
2816 * but the Linux generic CDROM support makes many features depend on this
2817 * capability. If it's not set, this causes many things to be disabled. */
2818 pbBuf[12] = 0x71; /* multisession support, mode 2 form 1/2 support, audio play */
2819 pbBuf[13] = 0x00; /* no subchannel reads supported */
2820 pbBuf[14] = (1 << 0) | (1 << 3) | (1 << 5); /* lock supported, eject supported, tray type loading mechanism */
2821 if (s->pDrvMount->pfnIsLocked(s->pDrvMount))
2822 pbBuf[14] |= 1 << 1; /* report lock state */
2823 pbBuf[15] = 0; /* no subchannel reads supported, no separate audio volume control, no changer etc. */
2824 ataH2BE_U16(&pbBuf[16], 5632); /* (obsolete) claim 32x speed support */
2825 ataH2BE_U16(&pbBuf[18], 2); /* number of audio volume levels */
2826 ataH2BE_U16(&pbBuf[20], s->cbIOBuffer / _1K); /* buffer size supported in Kbyte */
2827 ataH2BE_U16(&pbBuf[22], 5632); /* (obsolete) current read speed 32x */
2828 pbBuf[24] = 0; /* reserved */
2829 pbBuf[25] = 0; /* reserved for digital audio (see idx 15) */
2830 ataH2BE_U16(&pbBuf[26], 0); /* (obsolete) maximum write speed */
2831 ataH2BE_U16(&pbBuf[28], 0); /* (obsolete) current write speed */
2832 ataH2BE_U16(&pbBuf[30], 0); /* copy management revision supported 0=no CSS */
2833 pbBuf[32] = 0; /* reserved */
2834 pbBuf[33] = 0; /* reserved */
2835 pbBuf[34] = 0; /* reserved */
2836 pbBuf[35] = 1; /* rotation control CAV */
2837 ataH2BE_U16(&pbBuf[36], 0); /* current write speed */
2838 ataH2BE_U16(&pbBuf[38], 0); /* number of write speed performance descriptors */
2839 s->iSourceSink = ATAFN_SS_NULL;
2840 atapiCmdOK(s);
2841 return false;
2842}
2843
2844
2845static bool atapiRequestSenseSS(ATADevState *s)
2846{
2847 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2848
2849 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2850 memset(pbBuf, '\0', s->cbElementaryTransfer);
2851 memcpy(pbBuf, s->abATAPISense, RT_MIN(s->cbElementaryTransfer, sizeof(s->abATAPISense)));
2852 s->iSourceSink = ATAFN_SS_NULL;
2853 atapiCmdOK(s);
2854 return false;
2855}
2856
2857
2858static bool atapiMechanismStatusSS(ATADevState *s)
2859{
2860 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2861
2862 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2863 Assert(s->cbElementaryTransfer <= 8);
2864 ataH2BE_U16(pbBuf, 0);
2865 /* no current LBA */
2866 pbBuf[2] = 0;
2867 pbBuf[3] = 0;
2868 pbBuf[4] = 0;
2869 pbBuf[5] = 1;
2870 ataH2BE_U16(pbBuf + 6, 0);
2871 s->iSourceSink = ATAFN_SS_NULL;
2872 atapiCmdOK(s);
2873 return false;
2874}
2875
2876
2877static bool atapiReadTOCNormalSS(ATADevState *s)
2878{
2879 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer), *q, iStartTrack;
2880 bool fMSF;
2881 uint32_t cbSize;
2882
2883 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2884 fMSF = (s->aATAPICmd[1] >> 1) & 1;
2885 iStartTrack = s->aATAPICmd[6];
2886 if (iStartTrack > 1 && iStartTrack != 0xaa)
2887 {
2888 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_INV_FIELD_IN_CMD_PACKET);
2889 return false;
2890 }
2891 q = pbBuf + 2;
2892 *q++ = 1; /* first session */
2893 *q++ = 1; /* last session */
2894 if (iStartTrack <= 1)
2895 {
2896 *q++ = 0; /* reserved */
2897 *q++ = 0x14; /* ADR, control */
2898 *q++ = 1; /* track number */
2899 *q++ = 0; /* reserved */
2900 if (fMSF)
2901 {
2902 *q++ = 0; /* reserved */
2903 ataLBA2MSF(q, 0);
2904 q += 3;
2905 }
2906 else
2907 {
2908 /* sector 0 */
2909 ataH2BE_U32(q, 0);
2910 q += 4;
2911 }
2912 }
2913 /* lead out track */
2914 *q++ = 0; /* reserved */
2915 *q++ = 0x14; /* ADR, control */
2916 *q++ = 0xaa; /* track number */
2917 *q++ = 0; /* reserved */
2918 if (fMSF)
2919 {
2920 *q++ = 0; /* reserved */
2921 ataLBA2MSF(q, s->cTotalSectors);
2922 q += 3;
2923 }
2924 else
2925 {
2926 ataH2BE_U32(q, s->cTotalSectors);
2927 q += 4;
2928 }
2929 cbSize = q - pbBuf;
2930 ataH2BE_U16(pbBuf, cbSize - 2);
2931 if (cbSize < s->cbTotalTransfer)
2932 s->cbTotalTransfer = cbSize;
2933 s->iSourceSink = ATAFN_SS_NULL;
2934 atapiCmdOK(s);
2935 return false;
2936}
2937
2938
2939static bool atapiReadTOCMultiSS(ATADevState *s)
2940{
2941 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2942 bool fMSF;
2943
2944 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2945 Assert(s->cbElementaryTransfer <= 12);
2946 fMSF = (s->aATAPICmd[1] >> 1) & 1;
2947 /* multi session: only a single session defined */
2948/** @todo double-check this stuff against what a real drive says for a CD-ROM (not a CD-R) with only a single data session. Maybe solve the problem with "cdrdao read-toc" not being able to figure out whether numbers are in BCD or hex. */
2949 memset(pbBuf, 0, 12);
2950 pbBuf[1] = 0x0a;
2951 pbBuf[2] = 0x01;
2952 pbBuf[3] = 0x01;
2953 pbBuf[5] = 0x14; /* ADR, control */
2954 pbBuf[6] = 1; /* first track in last complete session */
2955 if (fMSF)
2956 {
2957 pbBuf[8] = 0; /* reserved */
2958 ataLBA2MSF(&pbBuf[9], 0);
2959 }
2960 else
2961 {
2962 /* sector 0 */
2963 ataH2BE_U32(pbBuf + 8, 0);
2964 }
2965 s->iSourceSink = ATAFN_SS_NULL;
2966 atapiCmdOK(s);
2967 return false;
2968}
2969
2970
2971static bool atapiReadTOCRawSS(ATADevState *s)
2972{
2973 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer), *q, iStartTrack;
2974 bool fMSF;
2975 uint32_t cbSize;
2976
2977 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2978 fMSF = (s->aATAPICmd[1] >> 1) & 1;
2979 iStartTrack = s->aATAPICmd[6];
2980
2981 q = pbBuf + 2;
2982 *q++ = 1; /* first session */
2983 *q++ = 1; /* last session */
2984
2985 *q++ = 1; /* session number */
2986 *q++ = 0x14; /* data track */
2987 *q++ = 0; /* track number */
2988 *q++ = 0xa0; /* first track in program area */
2989 *q++ = 0; /* min */
2990 *q++ = 0; /* sec */
2991 *q++ = 0; /* frame */
2992 *q++ = 0;
2993 *q++ = 1; /* first track */
2994 *q++ = 0x00; /* disk type CD-DA or CD data */
2995 *q++ = 0;
2996
2997 *q++ = 1; /* session number */
2998 *q++ = 0x14; /* data track */
2999 *q++ = 0; /* track number */
3000 *q++ = 0xa1; /* last track in program area */
3001 *q++ = 0; /* min */
3002 *q++ = 0; /* sec */
3003 *q++ = 0; /* frame */
3004 *q++ = 0;
3005 *q++ = 1; /* last track */
3006 *q++ = 0;
3007 *q++ = 0;
3008
3009 *q++ = 1; /* session number */
3010 *q++ = 0x14; /* data track */
3011 *q++ = 0; /* track number */
3012 *q++ = 0xa2; /* lead-out */
3013 *q++ = 0; /* min */
3014 *q++ = 0; /* sec */
3015 *q++ = 0; /* frame */
3016 if (fMSF)
3017 {
3018 *q++ = 0; /* reserved */
3019 ataLBA2MSF(q, s->cTotalSectors);
3020 q += 3;
3021 }
3022 else
3023 {
3024 ataH2BE_U32(q, s->cTotalSectors);
3025 q += 4;
3026 }
3027
3028 *q++ = 1; /* session number */
3029 *q++ = 0x14; /* ADR, control */
3030 *q++ = 0; /* track number */
3031 *q++ = 1; /* point */
3032 *q++ = 0; /* min */
3033 *q++ = 0; /* sec */
3034 *q++ = 0; /* frame */
3035 if (fMSF)
3036 {
3037 *q++ = 0; /* reserved */
3038 ataLBA2MSF(q, 0);
3039 q += 3;
3040 }
3041 else
3042 {
3043 /* sector 0 */
3044 ataH2BE_U32(q, 0);
3045 q += 4;
3046 }
3047
3048 cbSize = q - pbBuf;
3049 ataH2BE_U16(pbBuf, cbSize - 2);
3050 if (cbSize < s->cbTotalTransfer)
3051 s->cbTotalTransfer = cbSize;
3052 s->iSourceSink = ATAFN_SS_NULL;
3053 atapiCmdOK(s);
3054 return false;
3055}
3056
3057
3058static void atapiParseCmdVirtualATAPI(ATADevState *s)
3059{
3060 const uint8_t *pbPacket;
3061 uint8_t *pbBuf;
3062 uint32_t cbMax;
3063
3064 pbPacket = s->aATAPICmd;
3065 pbBuf = s->CTX_SUFF(pbIOBuffer);
3066 switch (pbPacket[0])
3067 {
3068 case SCSI_TEST_UNIT_READY:
3069 if (s->cNotifiedMediaChange > 0)
3070 {
3071 if (s->cNotifiedMediaChange-- > 2)
3072 atapiCmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIUM_NOT_PRESENT);
3073 else
3074 atapiCmdErrorSimple(s, SCSI_SENSE_UNIT_ATTENTION, SCSI_ASC_MEDIUM_MAY_HAVE_CHANGED); /* media changed */
3075 }
3076 else if (s->pDrvMount->pfnIsMounted(s->pDrvMount))
3077 atapiCmdOK(s);
3078 else
3079 atapiCmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIUM_NOT_PRESENT);
3080 break;
3081 case SCSI_GET_EVENT_STATUS_NOTIFICATION:
3082 cbMax = ataBE2H_U16(pbPacket + 7);
3083 ataStartTransfer(s, RT_MIN(cbMax, 8), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_GET_EVENT_STATUS_NOTIFICATION, true);
3084 break;
3085 case SCSI_MODE_SENSE_10:
3086 {
3087 uint8_t uPageControl, uPageCode;
3088 cbMax = ataBE2H_U16(pbPacket + 7);
3089 uPageControl = pbPacket[2] >> 6;
3090 uPageCode = pbPacket[2] & 0x3f;
3091 switch (uPageControl)
3092 {
3093 case SCSI_PAGECONTROL_CURRENT:
3094 switch (uPageCode)
3095 {
3096 case SCSI_MODEPAGE_ERROR_RECOVERY:
3097 ataStartTransfer(s, RT_MIN(cbMax, 16), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_MODE_SENSE_ERROR_RECOVERY, true);
3098 break;
3099 case SCSI_MODEPAGE_CD_STATUS:
3100 ataStartTransfer(s, RT_MIN(cbMax, 40), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_MODE_SENSE_CD_STATUS, true);
3101 break;
3102 default:
3103 goto error_cmd;
3104 }
3105 break;
3106 case SCSI_PAGECONTROL_CHANGEABLE:
3107 goto error_cmd;
3108 case SCSI_PAGECONTROL_DEFAULT:
3109 goto error_cmd;
3110 default:
3111 case SCSI_PAGECONTROL_SAVED:
3112 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_SAVING_PARAMETERS_NOT_SUPPORTED);
3113 break;
3114 }
3115 break;
3116 }
3117 case SCSI_REQUEST_SENSE:
3118 cbMax = pbPacket[4];
3119 ataStartTransfer(s, RT_MIN(cbMax, 18), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_REQUEST_SENSE, true);
3120 break;
3121 case SCSI_PREVENT_ALLOW_MEDIUM_REMOVAL:
3122 if (s->pDrvMount->pfnIsMounted(s->pDrvMount))
3123 {
3124 if (pbPacket[4] & 1)
3125 s->pDrvMount->pfnLock(s->pDrvMount);
3126 else
3127 s->pDrvMount->pfnUnlock(s->pDrvMount);
3128 atapiCmdOK(s);
3129 }
3130 else
3131 atapiCmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIUM_NOT_PRESENT);
3132 break;
3133 case SCSI_READ_10:
3134 case SCSI_READ_12:
3135 {
3136 uint32_t cSectors, iATAPILBA;
3137
3138 if (s->cNotifiedMediaChange > 0)
3139 {
3140 s->cNotifiedMediaChange-- ;
3141 atapiCmdErrorSimple(s, SCSI_SENSE_UNIT_ATTENTION, SCSI_ASC_MEDIUM_MAY_HAVE_CHANGED); /* media changed */
3142 break;
3143 }
3144 else if (!s->pDrvMount->pfnIsMounted(s->pDrvMount))
3145 {
3146 atapiCmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIUM_NOT_PRESENT);
3147 break;
3148 }
3149 if (pbPacket[0] == SCSI_READ_10)
3150 cSectors = ataBE2H_U16(pbPacket + 7);
3151 else
3152 cSectors = ataBE2H_U32(pbPacket + 6);
3153 iATAPILBA = ataBE2H_U32(pbPacket + 2);
3154 if (cSectors == 0)
3155 {
3156 atapiCmdOK(s);
3157 break;
3158 }
3159 if ((uint64_t)iATAPILBA + cSectors > s->cTotalSectors)
3160 {
3161 /* Rate limited logging, one log line per second. For
3162 * guests that insist on reading from places outside the
3163 * valid area this often generates too many release log
3164 * entries otherwise. */
3165 static uint64_t uLastLogTS = 0;
3166 if (RTTimeMilliTS() >= uLastLogTS + 1000)
3167 {
3168 LogRel(("PIIX3 ATA: LUN#%d: CD-ROM block number %Ld invalid (READ)\n", s->iLUN, (uint64_t)iATAPILBA + cSectors));
3169 uLastLogTS = RTTimeMilliTS();
3170 }
3171 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_LOGICAL_BLOCK_OOR);
3172 break;
3173 }
3174 atapiReadSectors(s, iATAPILBA, cSectors, 2048);
3175 break;
3176 }
3177 case SCSI_READ_CD:
3178 {
3179 uint32_t cSectors, iATAPILBA;
3180
3181 if (s->cNotifiedMediaChange > 0)
3182 {
3183 s->cNotifiedMediaChange-- ;
3184 atapiCmdErrorSimple(s, SCSI_SENSE_UNIT_ATTENTION, SCSI_ASC_MEDIUM_MAY_HAVE_CHANGED); /* media changed */
3185 break;
3186 }
3187 else if (!s->pDrvMount->pfnIsMounted(s->pDrvMount))
3188 {
3189 atapiCmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIUM_NOT_PRESENT);
3190 break;
3191 }
3192 cSectors = (pbPacket[6] << 16) | (pbPacket[7] << 8) | pbPacket[8];
3193 iATAPILBA = ataBE2H_U32(pbPacket + 2);
3194 if (cSectors == 0)
3195 {
3196 atapiCmdOK(s);
3197 break;
3198 }
3199 if ((uint64_t)iATAPILBA + cSectors > s->cTotalSectors)
3200 {
3201 /* Rate limited logging, one log line per second. For
3202 * guests that insist on reading from places outside the
3203 * valid area this often generates too many release log
3204 * entries otherwise. */
3205 static uint64_t uLastLogTS = 0;
3206 if (RTTimeMilliTS() >= uLastLogTS + 1000)
3207 {
3208 LogRel(("PIIX3 ATA: LUN#%d: CD-ROM block number %Ld invalid (READ CD)\n", s->iLUN, (uint64_t)iATAPILBA + cSectors));
3209 uLastLogTS = RTTimeMilliTS();
3210 }
3211 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_LOGICAL_BLOCK_OOR);
3212 break;
3213 }
3214 switch (pbPacket[9] & 0xf8)
3215 {
3216 case 0x00:
3217 /* nothing */
3218 atapiCmdOK(s);
3219 break;
3220 case 0x10:
3221 /* normal read */
3222 atapiReadSectors(s, iATAPILBA, cSectors, 2048);
3223 break;
3224 case 0xf8:
3225 /* read all data */
3226 atapiReadSectors(s, iATAPILBA, cSectors, 2352);
3227 break;
3228 default:
3229 LogRel(("PIIX3 ATA: LUN#%d: CD-ROM sector format not supported (%#x)\n", s->iLUN, pbPacket[9] & 0xf8));
3230 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_INV_FIELD_IN_CMD_PACKET);
3231 break;
3232 }
3233 break;
3234 }
3235 case SCSI_SEEK_10:
3236 {
3237 uint32_t iATAPILBA;
3238 if (s->cNotifiedMediaChange > 0)
3239 {
3240 s->cNotifiedMediaChange-- ;
3241 atapiCmdErrorSimple(s, SCSI_SENSE_UNIT_ATTENTION, SCSI_ASC_MEDIUM_MAY_HAVE_CHANGED); /* media changed */
3242 break;
3243 }
3244 else if (!s->pDrvMount->pfnIsMounted(s->pDrvMount))
3245 {
3246 atapiCmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIUM_NOT_PRESENT);
3247 break;
3248 }
3249 iATAPILBA = ataBE2H_U32(pbPacket + 2);
3250 if (iATAPILBA > s->cTotalSectors)
3251 {
3252 /* Rate limited logging, one log line per second. For
3253 * guests that insist on seeking to places outside the
3254 * valid area this often generates too many release log
3255 * entries otherwise. */
3256 static uint64_t uLastLogTS = 0;
3257 if (RTTimeMilliTS() >= uLastLogTS + 1000)
3258 {
3259 LogRel(("PIIX3 ATA: LUN#%d: CD-ROM block number %Ld invalid (SEEK)\n", s->iLUN, (uint64_t)iATAPILBA));
3260 uLastLogTS = RTTimeMilliTS();
3261 }
3262 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_LOGICAL_BLOCK_OOR);
3263 break;
3264 }
3265 atapiCmdOK(s);
3266 ataSetStatus(s, ATA_STAT_SEEK); /* Linux expects this. */
3267 break;
3268 }
3269 case SCSI_START_STOP_UNIT:
3270 {
3271 int rc = VINF_SUCCESS;
3272 switch (pbPacket[4] & 3)
3273 {
3274 case 0: /* 00 - Stop motor */
3275 case 1: /* 01 - Start motor */
3276 break;
3277 case 2: /* 10 - Eject media */
3278 {
3279 /* This must be done from EMT. */
3280 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
3281 PPDMDEVINS pDevIns = ATADEVSTATE_2_DEVINS(s);
3282 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
3283
3284 PDMCritSectLeave(&pCtl->lock);
3285 rc = VMR3ReqPriorityCallWait(PDMDevHlpGetVM(pDevIns), VMCPUID_ANY,
3286 (PFNRT)s->pDrvMount->pfnUnmount, 3,
3287 s->pDrvMount, false /*=fForce*/, true /*=fEject*/);
3288 Assert(RT_SUCCESS(rc) || rc == VERR_PDM_MEDIA_LOCKED || rc == VERR_PDM_MEDIA_NOT_MOUNTED);
3289 if (RT_SUCCESS(rc) && pThis->pMediaNotify)
3290 {
3291 rc = VMR3ReqCallNoWait(PDMDevHlpGetVM(pDevIns), VMCPUID_ANY,
3292 (PFNRT)pThis->pMediaNotify->pfnEjected, 2,
3293 pThis->pMediaNotify, s->iLUN);
3294 AssertRC(rc);
3295 }
3296 {
3297 STAM_PROFILE_START(&pCtl->StatLockWait, a);
3298 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
3299 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
3300 }
3301 break;
3302 }
3303 case 3: /* 11 - Load media */
3304 /** @todo rc = s->pDrvMount->pfnLoadMedia(s->pDrvMount) */
3305 break;
3306 }
3307 if (RT_SUCCESS(rc))
3308 atapiCmdOK(s);
3309 else
3310 atapiCmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIA_LOAD_OR_EJECT_FAILED);
3311 break;
3312 }
3313 case SCSI_MECHANISM_STATUS:
3314 {
3315 cbMax = ataBE2H_U16(pbPacket + 8);
3316 ataStartTransfer(s, RT_MIN(cbMax, 8), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_MECHANISM_STATUS, true);
3317 break;
3318 }
3319 case SCSI_READ_TOC_PMA_ATIP:
3320 {
3321 uint8_t format;
3322
3323 if (s->cNotifiedMediaChange > 0)
3324 {
3325 s->cNotifiedMediaChange-- ;
3326 atapiCmdErrorSimple(s, SCSI_SENSE_UNIT_ATTENTION, SCSI_ASC_MEDIUM_MAY_HAVE_CHANGED); /* media changed */
3327 break;
3328 }
3329 else if (!s->pDrvMount->pfnIsMounted(s->pDrvMount))
3330 {
3331 atapiCmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIUM_NOT_PRESENT);
3332 break;
3333 }
3334 cbMax = ataBE2H_U16(pbPacket + 7);
3335 /* SCSI MMC-3 spec says format is at offset 2 (lower 4 bits),
3336 * but Linux kernel uses offset 9 (topmost 2 bits). Hope that
3337 * the other field is clear... */
3338 format = (pbPacket[2] & 0xf) | (pbPacket[9] >> 6);
3339 switch (format)
3340 {
3341 case 0:
3342 ataStartTransfer(s, cbMax, PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_READ_TOC_NORMAL, true);
3343 break;
3344 case 1:
3345 ataStartTransfer(s, RT_MIN(cbMax, 12), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_READ_TOC_MULTI, true);
3346 break;
3347 case 2:
3348 ataStartTransfer(s, cbMax, PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_READ_TOC_RAW, true);
3349 break;
3350 default:
3351 error_cmd:
3352 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_INV_FIELD_IN_CMD_PACKET);
3353 break;
3354 }
3355 break;
3356 }
3357 case SCSI_READ_CAPACITY:
3358 if (s->cNotifiedMediaChange > 0)
3359 {
3360 s->cNotifiedMediaChange-- ;
3361 atapiCmdErrorSimple(s, SCSI_SENSE_UNIT_ATTENTION, SCSI_ASC_MEDIUM_MAY_HAVE_CHANGED); /* media changed */
3362 break;
3363 }
3364 else if (!s->pDrvMount->pfnIsMounted(s->pDrvMount))
3365 {
3366 atapiCmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIUM_NOT_PRESENT);
3367 break;
3368 }
3369 ataStartTransfer(s, 8, PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_READ_CAPACITY, true);
3370 break;
3371 case SCSI_READ_DISC_INFORMATION:
3372 if (s->cNotifiedMediaChange > 0)
3373 {
3374 s->cNotifiedMediaChange-- ;
3375 atapiCmdErrorSimple(s, SCSI_SENSE_UNIT_ATTENTION, SCSI_ASC_MEDIUM_MAY_HAVE_CHANGED); /* media changed */
3376 break;
3377 }
3378 else if (!s->pDrvMount->pfnIsMounted(s->pDrvMount))
3379 {
3380 atapiCmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIUM_NOT_PRESENT);
3381 break;
3382 }
3383 cbMax = ataBE2H_U16(pbPacket + 7);
3384 ataStartTransfer(s, RT_MIN(cbMax, 34), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_READ_DISC_INFORMATION, true);
3385 break;
3386 case SCSI_READ_TRACK_INFORMATION:
3387 if (s->cNotifiedMediaChange > 0)
3388 {
3389 s->cNotifiedMediaChange-- ;
3390 atapiCmdErrorSimple(s, SCSI_SENSE_UNIT_ATTENTION, SCSI_ASC_MEDIUM_MAY_HAVE_CHANGED); /* media changed */
3391 break;
3392 }
3393 else if (!s->pDrvMount->pfnIsMounted(s->pDrvMount))
3394 {
3395 atapiCmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIUM_NOT_PRESENT);
3396 break;
3397 }
3398 cbMax = ataBE2H_U16(pbPacket + 7);
3399 ataStartTransfer(s, RT_MIN(cbMax, 36), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_READ_TRACK_INFORMATION, true);
3400 break;
3401 case SCSI_GET_CONFIGURATION:
3402 /* No media change stuff here, it can confuse Linux guests. */
3403 cbMax = ataBE2H_U16(pbPacket + 7);
3404 ataStartTransfer(s, RT_MIN(cbMax, 80), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_GET_CONFIGURATION, true);
3405 break;
3406 case SCSI_INQUIRY:
3407 cbMax = ataBE2H_U16(pbPacket + 3);
3408 ataStartTransfer(s, RT_MIN(cbMax, 36), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_INQUIRY, true);
3409 break;
3410 case SCSI_READ_DVD_STRUCTURE:
3411 {
3412 cbMax = ataBE2H_U16(pbPacket + 8);
3413 ataStartTransfer(s, RT_MIN(cbMax, 4), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_READ_DVD_STRUCTURE, true);
3414 break;
3415 }
3416 default:
3417 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_ILLEGAL_OPCODE);
3418 break;
3419 }
3420}
3421
3422
3423/*
3424 * Parse ATAPI commands, passing them directly to the CD/DVD drive.
3425 */
3426static void atapiParseCmdPassthrough(ATADevState *s)
3427{
3428 const uint8_t *pbPacket;
3429 uint8_t *pbBuf;
3430 uint32_t cSectors, iATAPILBA;
3431 uint32_t cbTransfer = 0;
3432 PDMBLOCKTXDIR uTxDir = PDMBLOCKTXDIR_NONE;
3433
3434 pbPacket = s->aATAPICmd;
3435 pbBuf = s->CTX_SUFF(pbIOBuffer);
3436 switch (pbPacket[0])
3437 {
3438 case SCSI_BLANK:
3439 goto sendcmd;
3440 case SCSI_CLOSE_TRACK_SESSION:
3441 goto sendcmd;
3442 case SCSI_ERASE_10:
3443 iATAPILBA = ataBE2H_U32(pbPacket + 2);
3444 cbTransfer = ataBE2H_U16(pbPacket + 7);
3445 Log2(("ATAPI PT: lba %d\n", iATAPILBA));
3446 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
3447 goto sendcmd;
3448 case SCSI_FORMAT_UNIT:
3449 cbTransfer = s->uATARegLCyl | (s->uATARegHCyl << 8); /* use ATAPI transfer length */
3450 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
3451 goto sendcmd;
3452 case SCSI_GET_CONFIGURATION:
3453 cbTransfer = ataBE2H_U16(pbPacket + 7);
3454 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3455 goto sendcmd;
3456 case SCSI_GET_EVENT_STATUS_NOTIFICATION:
3457 cbTransfer = ataBE2H_U16(pbPacket + 7);
3458 if (ASMAtomicReadU32(&s->MediaEventStatus) != ATA_EVENT_STATUS_UNCHANGED)
3459 {
3460 ataStartTransfer(s, RT_MIN(cbTransfer, 8), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_GET_EVENT_STATUS_NOTIFICATION, true);
3461 break;
3462 }
3463 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3464 goto sendcmd;
3465 case SCSI_GET_PERFORMANCE:
3466 cbTransfer = s->uATARegLCyl | (s->uATARegHCyl << 8); /* use ATAPI transfer length */
3467 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3468 goto sendcmd;
3469 case SCSI_INQUIRY:
3470 cbTransfer = ataBE2H_U16(pbPacket + 3);
3471 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3472 goto sendcmd;
3473 case SCSI_LOAD_UNLOAD_MEDIUM:
3474 goto sendcmd;
3475 case SCSI_MECHANISM_STATUS:
3476 cbTransfer = ataBE2H_U16(pbPacket + 8);
3477 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3478 goto sendcmd;
3479 case SCSI_MODE_SELECT_10:
3480 cbTransfer = ataBE2H_U16(pbPacket + 7);
3481 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
3482 goto sendcmd;
3483 case SCSI_MODE_SENSE_10:
3484 cbTransfer = ataBE2H_U16(pbPacket + 7);
3485 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3486 goto sendcmd;
3487 case SCSI_PAUSE_RESUME:
3488 goto sendcmd;
3489 case SCSI_PLAY_AUDIO_10:
3490 goto sendcmd;
3491 case SCSI_PLAY_AUDIO_12:
3492 goto sendcmd;
3493 case SCSI_PLAY_AUDIO_MSF:
3494 goto sendcmd;
3495 case SCSI_PREVENT_ALLOW_MEDIUM_REMOVAL:
3496 /** @todo do not forget to unlock when a VM is shut down */
3497 goto sendcmd;
3498 case SCSI_READ_10:
3499 iATAPILBA = ataBE2H_U32(pbPacket + 2);
3500 cSectors = ataBE2H_U16(pbPacket + 7);
3501 Log2(("ATAPI PT: lba %d sectors %d\n", iATAPILBA, cSectors));
3502 s->cbATAPISector = 2048;
3503 cbTransfer = cSectors * s->cbATAPISector;
3504 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3505 goto sendcmd;
3506 case SCSI_READ_12:
3507 iATAPILBA = ataBE2H_U32(pbPacket + 2);
3508 cSectors = ataBE2H_U32(pbPacket + 6);
3509 Log2(("ATAPI PT: lba %d sectors %d\n", iATAPILBA, cSectors));
3510 s->cbATAPISector = 2048;
3511 cbTransfer = cSectors * s->cbATAPISector;
3512 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3513 goto sendcmd;
3514 case SCSI_READ_BUFFER:
3515 cbTransfer = ataBE2H_U24(pbPacket + 6);
3516 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3517 goto sendcmd;
3518 case SCSI_READ_BUFFER_CAPACITY:
3519 cbTransfer = ataBE2H_U16(pbPacket + 7);
3520 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3521 goto sendcmd;
3522 case SCSI_READ_CAPACITY:
3523 cbTransfer = 8;
3524 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3525 goto sendcmd;
3526 case SCSI_READ_CD:
3527 case SCSI_READ_CD_MSF:
3528 {
3529 /* Get sector size based on the expected sector type field. */
3530 switch ((pbPacket[1] >> 2) & 0x7)
3531 {
3532 case 0x0: /* All types. */
3533 {
3534 uint32_t iLbaStart;
3535
3536 if (pbPacket[0] == SCSI_READ_CD)
3537 iLbaStart = ataBE2H_U32(&pbPacket[2]);
3538 else
3539 iLbaStart = ataMSF2LBA(&pbPacket[3]);
3540
3541 if (s->pTrackList)
3542 s->cbATAPISector = ATAPIPassthroughTrackListGetSectorSizeFromLba(s->pTrackList, iLbaStart);
3543 else
3544 s->cbATAPISector = 2048; /* Might be incorrect if we couldn't determine the type. */
3545 break;
3546 }
3547 case 0x1: /* CD-DA */
3548 s->cbATAPISector = 2352;
3549 break;
3550 case 0x2: /* Mode 1 */
3551 s->cbATAPISector = 2048;
3552 break;
3553 case 0x3: /* Mode 2 formless */
3554 s->cbATAPISector = 2336;
3555 break;
3556 case 0x4: /* Mode 2 form 1 */
3557 s->cbATAPISector = 2048;
3558 break;
3559 case 0x5: /* Mode 2 form 2 */
3560 s->cbATAPISector = 2324;
3561 break;
3562 default: /* Reserved */
3563 AssertMsgFailed(("Unknown sector type\n"));
3564 s->cbATAPISector = 0; /** @todo we should probably fail the command here already. */
3565 }
3566
3567 if (pbPacket[0] == SCSI_READ_CD)
3568 cbTransfer = ataBE2H_U24(pbPacket + 6) * s->cbATAPISector;
3569 else /* SCSI_READ_MSF */
3570 {
3571 cSectors = ataMSF2LBA(pbPacket + 6) - ataMSF2LBA(pbPacket + 3);
3572 if (cSectors > 32)
3573 cSectors = 32; /* Limit transfer size to 64~74K. Safety first. In any case this can only harm software doing CDDA extraction. */
3574 cbTransfer = cSectors * s->cbATAPISector;
3575 }
3576 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3577 goto sendcmd;
3578 }
3579 case SCSI_READ_DISC_INFORMATION:
3580 cbTransfer = ataBE2H_U16(pbPacket + 7);
3581 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3582 goto sendcmd;
3583 case SCSI_READ_DVD_STRUCTURE:
3584 cbTransfer = ataBE2H_U16(pbPacket + 8);
3585 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3586 goto sendcmd;
3587 case SCSI_READ_FORMAT_CAPACITIES:
3588 cbTransfer = ataBE2H_U16(pbPacket + 7);
3589 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3590 goto sendcmd;
3591 case SCSI_READ_SUBCHANNEL:
3592 cbTransfer = ataBE2H_U16(pbPacket + 7);
3593 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3594 goto sendcmd;
3595 case SCSI_READ_TOC_PMA_ATIP:
3596 cbTransfer = ataBE2H_U16(pbPacket + 7);
3597 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3598 goto sendcmd;
3599 case SCSI_READ_TRACK_INFORMATION:
3600 cbTransfer = ataBE2H_U16(pbPacket + 7);
3601 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3602 goto sendcmd;
3603 case SCSI_REPAIR_TRACK:
3604 goto sendcmd;
3605 case SCSI_REPORT_KEY:
3606 cbTransfer = ataBE2H_U16(pbPacket + 8);
3607 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3608 goto sendcmd;
3609 case SCSI_REQUEST_SENSE:
3610 cbTransfer = pbPacket[4];
3611 if ((s->abATAPISense[2] & 0x0f) != SCSI_SENSE_NONE)
3612 {
3613 ataStartTransfer(s, RT_MIN(cbTransfer, 18), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_REQUEST_SENSE, true);
3614 break;
3615 }
3616 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3617 goto sendcmd;
3618 case SCSI_RESERVE_TRACK:
3619 goto sendcmd;
3620 case SCSI_SCAN:
3621 goto sendcmd;
3622 case SCSI_SEEK_10:
3623 goto sendcmd;
3624 case SCSI_SEND_CUE_SHEET:
3625 cbTransfer = ataBE2H_U24(pbPacket + 6);
3626 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
3627 goto sendcmd;
3628 case SCSI_SEND_DVD_STRUCTURE:
3629 cbTransfer = ataBE2H_U16(pbPacket + 8);
3630 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
3631 goto sendcmd;
3632 case SCSI_SEND_EVENT:
3633 cbTransfer = ataBE2H_U16(pbPacket + 8);
3634 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
3635 goto sendcmd;
3636 case SCSI_SEND_KEY:
3637 cbTransfer = ataBE2H_U16(pbPacket + 8);
3638 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
3639 goto sendcmd;
3640 case SCSI_SEND_OPC_INFORMATION:
3641 cbTransfer = ataBE2H_U16(pbPacket + 7);
3642 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
3643 goto sendcmd;
3644 case SCSI_SET_CD_SPEED:
3645 goto sendcmd;
3646 case SCSI_SET_READ_AHEAD:
3647 goto sendcmd;
3648 case SCSI_SET_STREAMING:
3649 cbTransfer = ataBE2H_U16(pbPacket + 9);
3650 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
3651 goto sendcmd;
3652 case SCSI_START_STOP_UNIT:
3653 goto sendcmd;
3654 case SCSI_STOP_PLAY_SCAN:
3655 goto sendcmd;
3656 case SCSI_SYNCHRONIZE_CACHE:
3657 goto sendcmd;
3658 case SCSI_TEST_UNIT_READY:
3659 goto sendcmd;
3660 case SCSI_VERIFY_10:
3661 goto sendcmd;
3662 case SCSI_WRITE_10:
3663 case SCSI_WRITE_AND_VERIFY_10:
3664 iATAPILBA = ataBE2H_U32(pbPacket + 2);
3665 cSectors = ataBE2H_U16(pbPacket + 7);
3666 if (s->pTrackList)
3667 s->cbATAPISector = ATAPIPassthroughTrackListGetSectorSizeFromLba(s->pTrackList, iATAPILBA);
3668 else
3669 s->cbATAPISector = 2048;
3670 Log2(("ATAPI PT: lba %d sectors %d sector size %d\n", iATAPILBA, cSectors, s->cbATAPISector));
3671 cbTransfer = cSectors * s->cbATAPISector;
3672 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
3673 goto sendcmd;
3674 case SCSI_WRITE_12:
3675 iATAPILBA = ataBE2H_U32(pbPacket + 2);
3676 cSectors = ataBE2H_U32(pbPacket + 6);
3677 if (s->pTrackList)
3678 s->cbATAPISector = ATAPIPassthroughTrackListGetSectorSizeFromLba(s->pTrackList, iATAPILBA);
3679 else
3680 s->cbATAPISector = 2048;
3681 Log2(("ATAPI PT: lba %d sectors %d sector size %d\n", iATAPILBA, cSectors, s->cbATAPISector));
3682 cbTransfer = cSectors * s->cbATAPISector;
3683 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
3684 goto sendcmd;
3685 case SCSI_WRITE_BUFFER:
3686 switch (pbPacket[1] & 0x1f)
3687 {
3688 case 0x04: /* download microcode */
3689 case 0x05: /* download microcode and save */
3690 case 0x06: /* download microcode with offsets */
3691 case 0x07: /* download microcode with offsets and save */
3692 case 0x0e: /* download microcode with offsets and defer activation */
3693 case 0x0f: /* activate deferred microcode */
3694 LogRel(("PIIX3 ATA: LUN#%d: CD-ROM passthrough command attempted to update firmware, blocked\n", s->iLUN));
3695 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_INV_FIELD_IN_CMD_PACKET);
3696 break;
3697 default:
3698 cbTransfer = ataBE2H_U16(pbPacket + 6);
3699 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
3700 goto sendcmd;
3701 }
3702 break;
3703 case SCSI_REPORT_LUNS: /* Not part of MMC-3, but used by Windows. */
3704 cbTransfer = ataBE2H_U32(pbPacket + 6);
3705 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3706 goto sendcmd;
3707 case SCSI_REZERO_UNIT:
3708 /* Obsolete command used by cdrecord. What else would one expect?
3709 * This command is not sent to the drive, it is handled internally,
3710 * as the Linux kernel doesn't like it (message "scsi: unknown
3711 * opcode 0x01" in syslog) and replies with a sense code of 0,
3712 * which sends cdrecord to an endless loop. */
3713 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_ILLEGAL_OPCODE);
3714 break;
3715 default:
3716 LogRel(("PIIX3 ATA: LUN#%d: passthrough unimplemented for command %#x\n", s->iLUN, pbPacket[0]));
3717 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_ILLEGAL_OPCODE);
3718 break;
3719 sendcmd:
3720 /*
3721 * Send a command to the drive, passing data in/out as required.
3722 * Commands which exceed the I/O buffer size are split below
3723 * or aborted if splitting is not implemented.
3724 */
3725 Log2(("ATAPI PT: max size %d\n", cbTransfer));
3726 if (cbTransfer == 0)
3727 uTxDir = PDMBLOCKTXDIR_NONE;
3728 ataStartTransfer(s, cbTransfer, uTxDir, ATAFN_BT_ATAPI_PASSTHROUGH_CMD, ATAFN_SS_ATAPI_PASSTHROUGH, true);
3729 }
3730}
3731
3732
3733static void atapiParseCmd(ATADevState *s)
3734{
3735 const uint8_t *pbPacket;
3736
3737 pbPacket = s->aATAPICmd;
3738#ifdef DEBUG
3739 Log(("%s: LUN#%d DMA=%d CMD=%#04x \"%s\"\n", __FUNCTION__, s->iLUN, s->fDMA, pbPacket[0], SCSICmdText(pbPacket[0])));
3740#else /* !DEBUG */
3741 Log(("%s: LUN#%d DMA=%d CMD=%#04x\n", __FUNCTION__, s->iLUN, s->fDMA, pbPacket[0]));
3742#endif /* !DEBUG */
3743 Log2(("%s: limit=%#x packet: %.*Rhxs\n", __FUNCTION__, s->uATARegLCyl | (s->uATARegHCyl << 8), ATAPI_PACKET_SIZE, pbPacket));
3744
3745 if (s->fATAPIPassthrough)
3746 atapiParseCmdPassthrough(s);
3747 else
3748 atapiParseCmdVirtualATAPI(s);
3749}
3750
3751
3752static bool ataPacketSS(ATADevState *s)
3753{
3754 s->fDMA = !!(s->uATARegFeature & 1);
3755 memcpy(s->aATAPICmd, s->CTX_SUFF(pbIOBuffer), ATAPI_PACKET_SIZE);
3756 s->uTxDir = PDMBLOCKTXDIR_NONE;
3757 s->cbTotalTransfer = 0;
3758 s->cbElementaryTransfer = 0;
3759 s->cbAtapiPassthroughTransfer = 0;
3760 atapiParseCmd(s);
3761 return false;
3762}
3763
3764
3765/**
3766 * SCSI_GET_EVENT_STATUS_NOTIFICATION should return "medium removed" event
3767 * from now on, regardless if there was a medium inserted or not.
3768 */
3769static void ataMediumRemoved(ATADevState *s)
3770{
3771 ASMAtomicWriteU32(&s->MediaEventStatus, ATA_EVENT_STATUS_MEDIA_REMOVED);
3772}
3773
3774
3775/**
3776 * SCSI_GET_EVENT_STATUS_NOTIFICATION should return "medium inserted". If
3777 * there was already a medium inserted, don't forget to send the "medium
3778 * removed" event first.
3779 */
3780static void ataMediumInserted(ATADevState *s)
3781{
3782 uint32_t OldStatus, NewStatus;
3783 do
3784 {
3785 OldStatus = ASMAtomicReadU32(&s->MediaEventStatus);
3786 switch (OldStatus)
3787 {
3788 case ATA_EVENT_STATUS_MEDIA_CHANGED:
3789 case ATA_EVENT_STATUS_MEDIA_REMOVED:
3790 /* no change, we will send "medium removed" + "medium inserted" */
3791 NewStatus = ATA_EVENT_STATUS_MEDIA_CHANGED;
3792 break;
3793 default:
3794 NewStatus = ATA_EVENT_STATUS_MEDIA_NEW;
3795 break;
3796 }
3797 } while (!ASMAtomicCmpXchgU32(&s->MediaEventStatus, NewStatus, OldStatus));
3798}
3799
3800/**
3801 * Called when a media is mounted.
3802 *
3803 * @param pInterface Pointer to the interface structure containing the called function pointer.
3804 */
3805static DECLCALLBACK(void) ataMountNotify(PPDMIMOUNTNOTIFY pInterface)
3806{
3807 ATADevState *pIf = PDMIMOUNTNOTIFY_2_ATASTATE(pInterface);
3808 Log(("%s: changing LUN#%d\n", __FUNCTION__, pIf->iLUN));
3809
3810 /* Ignore the call if we're called while being attached. */
3811 if (!pIf->pDrvBlock)
3812 return;
3813
3814 if (pIf->fATAPI)
3815 pIf->cTotalSectors = pIf->pDrvBlock->pfnGetSize(pIf->pDrvBlock) / 2048;
3816 else
3817 pIf->cTotalSectors = pIf->pDrvBlock->pfnGetSize(pIf->pDrvBlock) / pIf->cbSector;
3818
3819 LogRel(("PIIX3 ATA: LUN#%d: CD/DVD, total number of sectors %Ld, passthrough unchanged\n", pIf->iLUN, pIf->cTotalSectors));
3820
3821 /* Report media changed in TEST UNIT and other (probably incorrect) places. */
3822 if (pIf->cNotifiedMediaChange < 2)
3823 pIf->cNotifiedMediaChange = 1;
3824 ataMediumInserted(pIf);
3825 ataMediumTypeSet(pIf, ATA_MEDIA_TYPE_UNKNOWN);
3826}
3827
3828/**
3829 * Called when a media is unmounted
3830 * @param pInterface Pointer to the interface structure containing the called function pointer.
3831 */
3832static DECLCALLBACK(void) ataUnmountNotify(PPDMIMOUNTNOTIFY pInterface)
3833{
3834 ATADevState *pIf = PDMIMOUNTNOTIFY_2_ATASTATE(pInterface);
3835 Log(("%s:\n", __FUNCTION__));
3836 pIf->cTotalSectors = 0;
3837
3838 /*
3839 * Whatever I do, XP will not use the GET MEDIA STATUS nor the EVENT stuff.
3840 * However, it will respond to TEST UNIT with a 0x6 0x28 (media changed) sense code.
3841 * So, we'll give it 4 TEST UNIT command to catch up, two which the media is not
3842 * present and 2 in which it is changed.
3843 */
3844 pIf->cNotifiedMediaChange = 1;
3845 ataMediumRemoved(pIf);
3846 ataMediumTypeSet(pIf, ATA_MEDIA_NO_DISC);
3847}
3848
3849static void ataPacketBT(ATADevState *s)
3850{
3851 s->cbElementaryTransfer = s->cbTotalTransfer;
3852 s->cbAtapiPassthroughTransfer = s->cbTotalTransfer;
3853 s->uATARegNSector = (s->uATARegNSector & ~7) | ATAPI_INT_REASON_CD;
3854 Log2(("%s: interrupt reason %#04x\n", __FUNCTION__, s->uATARegNSector));
3855 ataSetStatusValue(s, ATA_STAT_READY);
3856}
3857
3858
3859static void ataResetDevice(ATADevState *s)
3860{
3861 s->cMultSectors = ATA_MAX_MULT_SECTORS;
3862 s->cNotifiedMediaChange = 0;
3863 ASMAtomicWriteU32(&s->MediaEventStatus, ATA_EVENT_STATUS_UNCHANGED);
3864 ASMAtomicWriteU32(&s->MediaTrackType, ATA_MEDIA_TYPE_UNKNOWN);
3865 ataUnsetIRQ(s);
3866
3867 s->uATARegSelect = 0x20;
3868 ataSetStatusValue(s, ATA_STAT_READY);
3869 ataSetSignature(s);
3870 s->cbTotalTransfer = 0;
3871 s->cbElementaryTransfer = 0;
3872 s->cbAtapiPassthroughTransfer = 0;
3873 s->iIOBufferPIODataStart = 0;
3874 s->iIOBufferPIODataEnd = 0;
3875 s->iBeginTransfer = ATAFN_BT_NULL;
3876 s->iSourceSink = ATAFN_SS_NULL;
3877 s->fDMA = false;
3878 s->fATAPITransfer = false;
3879 s->uATATransferMode = ATA_MODE_UDMA | 2; /* PIIX3 supports only up to UDMA2 */
3880
3881 s->uATARegFeature = 0;
3882}
3883
3884
3885static bool ataExecuteDeviceDiagnosticSS(ATADevState *s)
3886{
3887 ataSetSignature(s);
3888 if (s->fATAPI)
3889 ataSetStatusValue(s, 0); /* NOTE: READY is _not_ set */
3890 else
3891 ataSetStatusValue(s, ATA_STAT_READY | ATA_STAT_SEEK);
3892 s->uATARegError = 0x01;
3893 return false;
3894}
3895
3896
3897static int ataTrimSectors(ATADevState *s, uint64_t u64Sector, uint32_t cSectors,
3898 bool *pfRedo)
3899{
3900 RTRANGE TrimRange;
3901 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
3902 int rc;
3903
3904 PDMCritSectLeave(&pCtl->lock);
3905
3906 TrimRange.offStart = u64Sector * s->cbSector;
3907 TrimRange.cbRange = cSectors * s->cbSector;
3908
3909 s->Led.Asserted.s.fWriting = s->Led.Actual.s.fWriting = 1;
3910 rc = s->pDrvBlock->pfnDiscard(s->pDrvBlock, &TrimRange, 1);
3911 s->Led.Actual.s.fWriting = 0;
3912
3913 if (RT_SUCCESS(rc))
3914 *pfRedo = false;
3915 else
3916 *pfRedo = ataIsRedoSetWarning(s, rc);
3917
3918 STAM_PROFILE_START(&pCtl->StatLockWait, a);
3919 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
3920 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
3921 return rc;
3922}
3923
3924
3925static bool ataTrimSS(ATADevState *s)
3926{
3927 int rc = VERR_GENERAL_FAILURE;
3928 uint32_t cRangesMax;
3929 uint64_t *pu64Range = (uint64_t *)s->CTX_SUFF(pbIOBuffer);
3930 bool fRedo = false;
3931
3932 cRangesMax = s->cbElementaryTransfer / sizeof(uint64_t);
3933 Assert(cRangesMax);
3934
3935 while (cRangesMax-- > 0)
3936 {
3937 if (ATA_RANGE_LENGTH_GET(*pu64Range) == 0)
3938 break;
3939
3940 rc = ataTrimSectors(s, *pu64Range & ATA_RANGE_LBA_MASK,
3941 ATA_RANGE_LENGTH_GET(*pu64Range), &fRedo);
3942 if (RT_FAILURE(rc))
3943 break;
3944
3945 pu64Range++;
3946 }
3947
3948 if (RT_SUCCESS(rc))
3949 {
3950 s->iSourceSink = ATAFN_SS_NULL;
3951 ataCmdOK(s, ATA_STAT_SEEK);
3952 }
3953 else
3954 {
3955 if (fRedo)
3956 return fRedo;
3957 if (s->cErrors++ < MAX_LOG_REL_ERRORS)
3958 LogRel(("PIIX3 ATA: LUN#%d: disk trim error (rc=%Rrc iSector=%#RX64 cSectors=%#RX32)\n",
3959 s->iLUN, rc, *pu64Range & ATA_RANGE_LBA_MASK, ATA_RANGE_LENGTH_GET(*pu64Range)));
3960
3961 /*
3962 * Check if we got interrupted. We don't need to set status variables
3963 * because the request was aborted.
3964 */
3965 if (rc != VERR_INTERRUPTED)
3966 ataCmdError(s, ID_ERR);
3967 }
3968
3969 return false;
3970}
3971
3972
3973static void ataParseCmd(ATADevState *s, uint8_t cmd)
3974{
3975#ifdef DEBUG
3976 Log(("%s: LUN#%d CMD=%#04x \"%s\"\n", __FUNCTION__, s->iLUN, cmd, ATACmdText(cmd)));
3977#else /* !DEBUG */
3978 Log(("%s: LUN#%d CMD=%#04x\n", __FUNCTION__, s->iLUN, cmd));
3979#endif /* !DEBUG */
3980 s->fLBA48 = false;
3981 s->fDMA = false;
3982 if (cmd == ATA_IDLE_IMMEDIATE)
3983 {
3984 /* Detect Linux timeout recovery, first tries IDLE IMMEDIATE (which
3985 * would overwrite the failing command unfortunately), then RESET. */
3986 int32_t uCmdWait = -1;
3987 uint64_t uNow = RTTimeNanoTS();
3988 if (s->u64CmdTS)
3989 uCmdWait = (uNow - s->u64CmdTS) / 1000;
3990 LogRel(("PIIX3 ATA: LUN#%d: IDLE IMMEDIATE, CmdIf=%#04x (%d usec ago)\n",
3991 s->iLUN, s->uATARegCommand, uCmdWait));
3992 }
3993 s->uATARegCommand = cmd;
3994 switch (cmd)
3995 {
3996 case ATA_IDENTIFY_DEVICE:
3997 if (s->pDrvBlock && !s->fATAPI)
3998 ataStartTransfer(s, 512, PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_NULL, ATAFN_SS_IDENTIFY, false);
3999 else
4000 {
4001 if (s->fATAPI)
4002 ataSetSignature(s);
4003 ataCmdError(s, ABRT_ERR);
4004 ataUnsetStatus(s, ATA_STAT_READY);
4005 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
4006 }
4007 break;
4008 case ATA_RECALIBRATE:
4009 if (s->fATAPI)
4010 goto abort_cmd;
4011 /* fall through */
4012 case ATA_INITIALIZE_DEVICE_PARAMETERS:
4013 ataCmdOK(s, ATA_STAT_SEEK);
4014 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
4015 break;
4016 case ATA_SET_MULTIPLE_MODE:
4017 if ( s->uATARegNSector != 0
4018 && ( s->uATARegNSector > ATA_MAX_MULT_SECTORS
4019 || (s->uATARegNSector & (s->uATARegNSector - 1)) != 0))
4020 {
4021 ataCmdError(s, ABRT_ERR);
4022 }
4023 else
4024 {
4025 Log2(("%s: set multi sector count to %d\n", __FUNCTION__, s->uATARegNSector));
4026 s->cMultSectors = s->uATARegNSector;
4027 ataCmdOK(s, 0);
4028 }
4029 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
4030 break;
4031 case ATA_READ_VERIFY_SECTORS_EXT:
4032 s->fLBA48 = true;
4033 case ATA_READ_VERIFY_SECTORS:
4034 case ATA_READ_VERIFY_SECTORS_WITHOUT_RETRIES:
4035 /* do sector number check ? */
4036 ataCmdOK(s, ATA_STAT_SEEK);
4037 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
4038 break;
4039 case ATA_READ_SECTORS_EXT:
4040 s->fLBA48 = true;
4041 case ATA_READ_SECTORS:
4042 case ATA_READ_SECTORS_WITHOUT_RETRIES:
4043 if (!s->pDrvBlock || s->fATAPI)
4044 goto abort_cmd;
4045 s->cSectorsPerIRQ = 1;
4046 ataStartTransfer(s, ataGetNSectors(s) * s->cbSector, PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_READ_WRITE_SECTORS, ATAFN_SS_READ_SECTORS, false);
4047 break;
4048 case ATA_WRITE_SECTORS_EXT:
4049 s->fLBA48 = true;
4050 case ATA_WRITE_SECTORS:
4051 case ATA_WRITE_SECTORS_WITHOUT_RETRIES:
4052 if (!s->pDrvBlock || s->fATAPI)
4053 goto abort_cmd;
4054 s->cSectorsPerIRQ = 1;
4055 ataStartTransfer(s, ataGetNSectors(s) * s->cbSector, PDMBLOCKTXDIR_TO_DEVICE, ATAFN_BT_READ_WRITE_SECTORS, ATAFN_SS_WRITE_SECTORS, false);
4056 break;
4057 case ATA_READ_MULTIPLE_EXT:
4058 s->fLBA48 = true;
4059 case ATA_READ_MULTIPLE:
4060 if (!s->pDrvBlock || !s->cMultSectors || s->fATAPI)
4061 goto abort_cmd;
4062 s->cSectorsPerIRQ = s->cMultSectors;
4063 ataStartTransfer(s, ataGetNSectors(s) * s->cbSector, PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_READ_WRITE_SECTORS, ATAFN_SS_READ_SECTORS, false);
4064 break;
4065 case ATA_WRITE_MULTIPLE_EXT:
4066 s->fLBA48 = true;
4067 case ATA_WRITE_MULTIPLE:
4068 if (!s->pDrvBlock || !s->cMultSectors || s->fATAPI)
4069 goto abort_cmd;
4070 s->cSectorsPerIRQ = s->cMultSectors;
4071 ataStartTransfer(s, ataGetNSectors(s) * s->cbSector, PDMBLOCKTXDIR_TO_DEVICE, ATAFN_BT_READ_WRITE_SECTORS, ATAFN_SS_WRITE_SECTORS, false);
4072 break;
4073 case ATA_READ_DMA_EXT:
4074 s->fLBA48 = true;
4075 case ATA_READ_DMA:
4076 case ATA_READ_DMA_WITHOUT_RETRIES:
4077 if (!s->pDrvBlock || s->fATAPI)
4078 goto abort_cmd;
4079 s->cSectorsPerIRQ = ATA_MAX_MULT_SECTORS;
4080 s->fDMA = true;
4081 ataStartTransfer(s, ataGetNSectors(s) * s->cbSector, PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_READ_WRITE_SECTORS, ATAFN_SS_READ_SECTORS, false);
4082 break;
4083 case ATA_WRITE_DMA_EXT:
4084 s->fLBA48 = true;
4085 case ATA_WRITE_DMA:
4086 case ATA_WRITE_DMA_WITHOUT_RETRIES:
4087 if (!s->pDrvBlock || s->fATAPI)
4088 goto abort_cmd;
4089 s->cSectorsPerIRQ = ATA_MAX_MULT_SECTORS;
4090 s->fDMA = true;
4091 ataStartTransfer(s, ataGetNSectors(s) * s->cbSector, PDMBLOCKTXDIR_TO_DEVICE, ATAFN_BT_READ_WRITE_SECTORS, ATAFN_SS_WRITE_SECTORS, false);
4092 break;
4093 case ATA_READ_NATIVE_MAX_ADDRESS_EXT:
4094 s->fLBA48 = true;
4095 ataSetSector(s, s->cTotalSectors - 1);
4096 ataCmdOK(s, 0);
4097 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
4098 break;
4099 case ATA_SEEK: /* Used by the SCO OpenServer. Command is marked as obsolete */
4100 ataCmdOK(s, 0);
4101 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
4102 break;
4103 case ATA_READ_NATIVE_MAX_ADDRESS:
4104 ataSetSector(s, RT_MIN(s->cTotalSectors, 1 << 28) - 1);
4105 ataCmdOK(s, 0);
4106 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
4107 break;
4108 case ATA_CHECK_POWER_MODE:
4109 s->uATARegNSector = 0xff; /* drive active or idle */
4110 ataCmdOK(s, 0);
4111 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
4112 break;
4113 case ATA_SET_FEATURES:
4114 Log2(("%s: feature=%#x\n", __FUNCTION__, s->uATARegFeature));
4115 if (!s->pDrvBlock)
4116 goto abort_cmd;
4117 switch (s->uATARegFeature)
4118 {
4119 case 0x02: /* write cache enable */
4120 Log2(("%s: write cache enable\n", __FUNCTION__));
4121 ataCmdOK(s, ATA_STAT_SEEK);
4122 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
4123 break;
4124 case 0xaa: /* read look-ahead enable */
4125 Log2(("%s: read look-ahead enable\n", __FUNCTION__));
4126 ataCmdOK(s, ATA_STAT_SEEK);
4127 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
4128 break;
4129 case 0x55: /* read look-ahead disable */
4130 Log2(("%s: read look-ahead disable\n", __FUNCTION__));
4131 ataCmdOK(s, ATA_STAT_SEEK);
4132 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
4133 break;
4134 case 0xcc: /* reverting to power-on defaults enable */
4135 Log2(("%s: revert to power-on defaults enable\n", __FUNCTION__));
4136 ataCmdOK(s, ATA_STAT_SEEK);
4137 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
4138 break;
4139 case 0x66: /* reverting to power-on defaults disable */
4140 Log2(("%s: revert to power-on defaults disable\n", __FUNCTION__));
4141 ataCmdOK(s, ATA_STAT_SEEK);
4142 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
4143 break;
4144 case 0x82: /* write cache disable */
4145 Log2(("%s: write cache disable\n", __FUNCTION__));
4146 /* As per the ATA/ATAPI-6 specs, a write cache disable
4147 * command MUST flush the write buffers to disc. */
4148 ataStartTransfer(s, 0, PDMBLOCKTXDIR_NONE, ATAFN_BT_NULL, ATAFN_SS_FLUSH, false);
4149 break;
4150 case 0x03: { /* set transfer mode */
4151 Log2(("%s: transfer mode %#04x\n", __FUNCTION__, s->uATARegNSector));
4152 switch (s->uATARegNSector & 0xf8)
4153 {
4154 case 0x00: /* PIO default */
4155 case 0x08: /* PIO mode */
4156 break;
4157 case ATA_MODE_MDMA: /* MDMA mode */
4158 s->uATATransferMode = (s->uATARegNSector & 0xf8) | RT_MIN(s->uATARegNSector & 0x07, ATA_MDMA_MODE_MAX);
4159 break;
4160 case ATA_MODE_UDMA: /* UDMA mode */
4161 s->uATATransferMode = (s->uATARegNSector & 0xf8) | RT_MIN(s->uATARegNSector & 0x07, ATA_UDMA_MODE_MAX);
4162 break;
4163 default:
4164 goto abort_cmd;
4165 }
4166 ataCmdOK(s, ATA_STAT_SEEK);
4167 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
4168 break;
4169 }
4170 default:
4171 goto abort_cmd;
4172 }
4173 /*
4174 * OS/2 workarond:
4175 * The OS/2 IDE driver from MCP2 appears to rely on the feature register being
4176 * reset here. According to the specification, this is a driver bug as the register
4177 * contents are undefined after the call. This means we can just as well reset it.
4178 */
4179 s->uATARegFeature = 0;
4180 break;
4181 case ATA_FLUSH_CACHE_EXT:
4182 case ATA_FLUSH_CACHE:
4183 if (!s->pDrvBlock || s->fATAPI)
4184 goto abort_cmd;
4185 ataStartTransfer(s, 0, PDMBLOCKTXDIR_NONE, ATAFN_BT_NULL, ATAFN_SS_FLUSH, false);
4186 break;
4187 case ATA_STANDBY_IMMEDIATE:
4188 ataCmdOK(s, 0);
4189 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
4190 break;
4191 case ATA_IDLE_IMMEDIATE:
4192 LogRel(("PIIX3 ATA: LUN#%d: aborting current command\n", s->iLUN));
4193 ataAbortCurrentCommand(s, false);
4194 break;
4195 case ATA_SLEEP:
4196 ataCmdOK(s, 0);
4197 ataSetIRQ(s);
4198 break;
4199 /* ATAPI commands */
4200 case ATA_IDENTIFY_PACKET_DEVICE:
4201 if (s->fATAPI)
4202 ataStartTransfer(s, 512, PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_NULL, ATAFN_SS_ATAPI_IDENTIFY, false);
4203 else
4204 {
4205 ataCmdError(s, ABRT_ERR);
4206 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
4207 }
4208 break;
4209 case ATA_EXECUTE_DEVICE_DIAGNOSTIC:
4210 ataStartTransfer(s, 0, PDMBLOCKTXDIR_NONE, ATAFN_BT_NULL, ATAFN_SS_EXECUTE_DEVICE_DIAGNOSTIC, false);
4211 break;
4212 case ATA_DEVICE_RESET:
4213 if (!s->fATAPI)
4214 goto abort_cmd;
4215 LogRel(("PIIX3 ATA: LUN#%d: performing device RESET\n", s->iLUN));
4216 ataAbortCurrentCommand(s, true);
4217 break;
4218 case ATA_PACKET:
4219 if (!s->fATAPI)
4220 goto abort_cmd;
4221 /* overlapping commands not supported */
4222 if (s->uATARegFeature & 0x02)
4223 goto abort_cmd;
4224 ataStartTransfer(s, ATAPI_PACKET_SIZE, PDMBLOCKTXDIR_TO_DEVICE, ATAFN_BT_PACKET, ATAFN_SS_PACKET, false);
4225 break;
4226 case ATA_DATA_SET_MANAGEMENT:
4227 if (!s->pDrvBlock || !s->pDrvBlock->pfnDiscard)
4228 goto abort_cmd;
4229 if ( !(s->uATARegFeature & UINT8_C(0x01))
4230 || (s->uATARegFeature & ~UINT8_C(0x01)))
4231 goto abort_cmd;
4232 s->fDMA = true;
4233 ataStartTransfer(s, (s->uATARegNSectorHOB << 8 | s->uATARegNSector) * s->cbSector, PDMBLOCKTXDIR_TO_DEVICE, ATAFN_BT_NULL, ATAFN_SS_TRIM, false);
4234 break;
4235 default:
4236 abort_cmd:
4237 ataCmdError(s, ABRT_ERR);
4238 if (s->fATAPI)
4239 ataUnsetStatus(s, ATA_STAT_READY);
4240 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
4241 break;
4242 }
4243}
4244
4245#endif /* IN_RING3 */
4246
4247/*
4248 * Note: There are four distinct cases of port I/O handling depending on
4249 * which devices (if any) are attached to an IDE channel:
4250 *
4251 * 1) No device attached. No response to writes or reads (i.e. reads return
4252 * all bits set).
4253 *
4254 * 2) Both devices attached. Reads and writes are processed normally.
4255 *
4256 * 3) Device 0 only. If device 0 is selected, normal behavior applies. But
4257 * if Device 1 is selected, writes are still directed to Device 0 (except
4258 * commands are not executed), reads from control/command registers are
4259 * directed to Device 0, but status/alt status reads return 0. If Device 1
4260 * is a PACKET device, all reads return 0. See ATAPI-6 clause 9.16.1 and
4261 * Table 18 in clause 7.1.
4262 *
4263 * 4) Device 1 only - non-standard(!). Device 1 can't tell if Device 0 is
4264 * present or not and behaves the same. That means if Device 0 is selected,
4265 * Device 1 responds to writes (except commands are not executed) but does
4266 * not respond to reads. If Device 1 selected, normal behavior applies.
4267 * See ATAPI-6 clause 9.16.2 and Table 15 in clause 7.1.
4268 */
4269
4270static int ataIOPortWriteU8(PATACONTROLLER pCtl, uint32_t addr, uint32_t val)
4271{
4272 Log2(("%s: LUN#%d write addr=%#x val=%#04x\n", __FUNCTION__, pCtl->aIfs[pCtl->iSelectedIf].iLUN, addr, val));
4273 addr &= 7;
4274 switch (addr)
4275 {
4276 case 0:
4277 break;
4278 case 1: /* feature register */
4279 /* NOTE: data is written to the two drives */
4280 pCtl->aIfs[0].uATARegDevCtl &= ~ATA_DEVCTL_HOB;
4281 pCtl->aIfs[1].uATARegDevCtl &= ~ATA_DEVCTL_HOB;
4282 pCtl->aIfs[0].uATARegFeatureHOB = pCtl->aIfs[0].uATARegFeature;
4283 pCtl->aIfs[1].uATARegFeatureHOB = pCtl->aIfs[1].uATARegFeature;
4284 pCtl->aIfs[0].uATARegFeature = val;
4285 pCtl->aIfs[1].uATARegFeature = val;
4286 break;
4287 case 2: /* sector count */
4288 pCtl->aIfs[0].uATARegDevCtl &= ~ATA_DEVCTL_HOB;
4289 pCtl->aIfs[1].uATARegDevCtl &= ~ATA_DEVCTL_HOB;
4290 pCtl->aIfs[0].uATARegNSectorHOB = pCtl->aIfs[0].uATARegNSector;
4291 pCtl->aIfs[1].uATARegNSectorHOB = pCtl->aIfs[1].uATARegNSector;
4292 pCtl->aIfs[0].uATARegNSector = val;
4293 pCtl->aIfs[1].uATARegNSector = val;
4294 break;
4295 case 3: /* sector number */
4296 pCtl->aIfs[0].uATARegDevCtl &= ~ATA_DEVCTL_HOB;
4297 pCtl->aIfs[1].uATARegDevCtl &= ~ATA_DEVCTL_HOB;
4298 pCtl->aIfs[0].uATARegSectorHOB = pCtl->aIfs[0].uATARegSector;
4299 pCtl->aIfs[1].uATARegSectorHOB = pCtl->aIfs[1].uATARegSector;
4300 pCtl->aIfs[0].uATARegSector = val;
4301 pCtl->aIfs[1].uATARegSector = val;
4302 break;
4303 case 4: /* cylinder low */
4304 pCtl->aIfs[0].uATARegDevCtl &= ~ATA_DEVCTL_HOB;
4305 pCtl->aIfs[1].uATARegDevCtl &= ~ATA_DEVCTL_HOB;
4306 pCtl->aIfs[0].uATARegLCylHOB = pCtl->aIfs[0].uATARegLCyl;
4307 pCtl->aIfs[1].uATARegLCylHOB = pCtl->aIfs[1].uATARegLCyl;
4308 pCtl->aIfs[0].uATARegLCyl = val;
4309 pCtl->aIfs[1].uATARegLCyl = val;
4310 break;
4311 case 5: /* cylinder high */
4312 pCtl->aIfs[0].uATARegDevCtl &= ~ATA_DEVCTL_HOB;
4313 pCtl->aIfs[1].uATARegDevCtl &= ~ATA_DEVCTL_HOB;
4314 pCtl->aIfs[0].uATARegHCylHOB = pCtl->aIfs[0].uATARegHCyl;
4315 pCtl->aIfs[1].uATARegHCylHOB = pCtl->aIfs[1].uATARegHCyl;
4316 pCtl->aIfs[0].uATARegHCyl = val;
4317 pCtl->aIfs[1].uATARegHCyl = val;
4318 break;
4319 case 6: /* drive/head */
4320 pCtl->aIfs[0].uATARegSelect = (val & ~0x10) | 0xa0;
4321 pCtl->aIfs[1].uATARegSelect = (val | 0x10) | 0xa0;
4322 if (((val >> 4) & 1) != pCtl->iSelectedIf)
4323 {
4324 PPDMDEVINS pDevIns = CONTROLLER_2_DEVINS(pCtl);
4325
4326 /* select another drive */
4327 pCtl->iSelectedIf = (val >> 4) & 1;
4328 /* The IRQ line is multiplexed between the two drives, so
4329 * update the state when switching to another drive. Only need
4330 * to update interrupt line if it is enabled and there is a
4331 * state change. */
4332 if ( !(pCtl->aIfs[pCtl->iSelectedIf].uATARegDevCtl & ATA_DEVCTL_DISABLE_IRQ)
4333 && ( pCtl->aIfs[pCtl->iSelectedIf].fIrqPending
4334 != pCtl->aIfs[pCtl->iSelectedIf ^ 1].fIrqPending))
4335 {
4336 if (pCtl->aIfs[pCtl->iSelectedIf].fIrqPending)
4337 {
4338 Log2(("%s: LUN#%d asserting IRQ (drive select change)\n", __FUNCTION__, pCtl->aIfs[pCtl->iSelectedIf].iLUN));
4339 /* The BMDMA unit unconditionally sets BM_STATUS_INT if
4340 * the interrupt line is asserted. It monitors the line
4341 * for a rising edge. */
4342 pCtl->BmDma.u8Status |= BM_STATUS_INT;
4343 if (pCtl->irq == 16)
4344 PDMDevHlpPCISetIrq(pDevIns, 0, 1);
4345 else
4346 PDMDevHlpISASetIrq(pDevIns, pCtl->irq, 1);
4347 }
4348 else
4349 {
4350 Log2(("%s: LUN#%d deasserting IRQ (drive select change)\n", __FUNCTION__, pCtl->aIfs[pCtl->iSelectedIf].iLUN));
4351 if (pCtl->irq == 16)
4352 PDMDevHlpPCISetIrq(pDevIns, 0, 0);
4353 else
4354 PDMDevHlpISASetIrq(pDevIns, pCtl->irq, 0);
4355 }
4356 }
4357 }
4358 break;
4359 default:
4360 case 7: /* command */
4361 /* ignore commands to non-existent device */
4362 if (pCtl->iSelectedIf && !pCtl->aIfs[pCtl->iSelectedIf].pDrvBlock)
4363 break;
4364#ifndef IN_RING3
4365 /* Don't do anything complicated in GC */
4366 return VINF_IOM_R3_IOPORT_WRITE;
4367#else /* IN_RING3 */
4368 ataParseCmd(&pCtl->aIfs[pCtl->iSelectedIf], val);
4369#endif /* !IN_RING3 */
4370 }
4371 return VINF_SUCCESS;
4372}
4373
4374
4375static int ataIOPortReadU8(PATACONTROLLER pCtl, uint32_t addr, uint32_t *pu32)
4376{
4377 ATADevState *s = &pCtl->aIfs[pCtl->iSelectedIf];
4378 uint32_t val;
4379 bool fHOB;
4380
4381 /* Check if the guest is reading from a non-existent device. */
4382 if (!s->pDrvBlock)
4383 {
4384 if (pCtl->iSelectedIf) /* Device 1 selected, Device 0 responding for it. */
4385 {
4386 if (!pCtl->aIfs[0].pDrvBlock) /* @todo: this case should never get here! */
4387 {
4388 Log2(("%s: addr=%#x: no device on channel\n", __FUNCTION__, addr));
4389 return VERR_IOM_IOPORT_UNUSED;
4390 }
4391 if (((addr & 7) != 1) && pCtl->aIfs[0].fATAPI) {
4392 Log2(("%s: addr=%#x, val=0: LUN#%d not attached/LUN#%d ATAPI\n", __FUNCTION__, addr,
4393 s->iLUN, pCtl->aIfs[0].iLUN));
4394 *pu32 = 0;
4395 return VINF_SUCCESS;
4396 }
4397 /* Else handle normally. */
4398 }
4399 else /* Device 0 selected (but not present). */
4400 {
4401 Log2(("%s: addr=%#x: LUN#%d not attached\n", __FUNCTION__, addr, s->iLUN));
4402 return VERR_IOM_IOPORT_UNUSED;
4403 }
4404 }
4405 fHOB = !!(s->uATARegDevCtl & (1 << 7));
4406 switch (addr & 7)
4407 {
4408 case 0: /* data register */
4409 val = 0xff;
4410 break;
4411 case 1: /* error register */
4412 /* The ATA specification is very terse when it comes to specifying
4413 * the precise effects of reading back the error/feature register.
4414 * The error register (read-only) shares the register number with
4415 * the feature register (write-only), so it seems that it's not
4416 * necessary to support the usual HOB readback here. */
4417 if (!s->pDrvBlock)
4418 val = 0;
4419 else
4420 val = s->uATARegError;
4421 break;
4422 case 2: /* sector count */
4423 if (fHOB)
4424 val = s->uATARegNSectorHOB;
4425 else
4426 val = s->uATARegNSector;
4427 break;
4428 case 3: /* sector number */
4429 if (fHOB)
4430 val = s->uATARegSectorHOB;
4431 else
4432 val = s->uATARegSector;
4433 break;
4434 case 4: /* cylinder low */
4435 if (fHOB)
4436 val = s->uATARegLCylHOB;
4437 else
4438 val = s->uATARegLCyl;
4439 break;
4440 case 5: /* cylinder high */
4441 if (fHOB)
4442 val = s->uATARegHCylHOB;
4443 else
4444 val = s->uATARegHCyl;
4445 break;
4446 case 6: /* drive/head */
4447 /* This register must always work as long as there is at least
4448 * one drive attached to the controller. It is common between
4449 * both drives anyway (completely identical content). */
4450 if (!pCtl->aIfs[0].pDrvBlock && !pCtl->aIfs[1].pDrvBlock)
4451 val = 0;
4452 else
4453 val = s->uATARegSelect;
4454 break;
4455 default:
4456 case 7: /* primary status */
4457 {
4458 /* Counter for number of busy status seen in GC in a row. */
4459 static unsigned cBusy = 0;
4460
4461 if (!s->pDrvBlock)
4462 val = 0;
4463 else
4464 val = s->uATARegStatus;
4465
4466 /* Give the async I/O thread an opportunity to make progress,
4467 * don't let it starve by guests polling frequently. EMT has a
4468 * lower priority than the async I/O thread, but sometimes the
4469 * host OS doesn't care. With some guests we are only allowed to
4470 * be busy for about 5 milliseconds in some situations. Note that
4471 * this is no guarantee for any other VBox thread getting
4472 * scheduled, so this just lowers the CPU load a bit when drives
4473 * are busy. It cannot help with timing problems. */
4474 if (val & ATA_STAT_BUSY)
4475 {
4476#ifdef IN_RING3
4477 cBusy = 0;
4478 PDMCritSectLeave(&pCtl->lock);
4479
4480#ifndef RT_OS_WINDOWS
4481 /*
4482 * The thread might be stuck in an I/O operation
4483 * due to a high I/O load on the host. (see @bugref{3301})
4484 * To perform the reset successfully
4485 * we interrupt the operation by sending a signal to the thread
4486 * if the thread didn't responded in 10ms.
4487 * This works only on POSIX hosts (Windows has a CancelSynchronousIo function which
4488 * does the same but it was introduced with Vista) but so far
4489 * this hang was only observed on Linux and Mac OS X.
4490 *
4491 * This is a workaround and needs to be solved properly.
4492 */
4493 if (pCtl->fReset)
4494 {
4495 uint64_t u64ResetTimeStop = RTTimeMilliTS();
4496
4497 if ((u64ResetTimeStop - pCtl->u64ResetTime) >= 10)
4498 {
4499 LogRel(("PIIX3 ATA LUN#%d: Async I/O thread probably stuck in operation, interrupting\n", s->iLUN));
4500 pCtl->u64ResetTime = u64ResetTimeStop;
4501 RTThreadPoke(pCtl->AsyncIOThread);
4502 }
4503 }
4504#endif
4505
4506 RTThreadYield();
4507
4508 {
4509 STAM_PROFILE_START(&pCtl->StatLockWait, a);
4510 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
4511 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
4512 }
4513
4514 val = s->uATARegStatus;
4515#else /* !IN_RING3 */
4516 /* Cannot yield CPU in guest context. And switching to host
4517 * context for each and every busy status is too costly,
4518 * especially on SMP systems where we don't gain much by
4519 * yielding the CPU to someone else. */
4520 if (++cBusy >= 20)
4521 {
4522 cBusy = 0;
4523 return VINF_IOM_R3_IOPORT_READ;
4524 }
4525#endif /* !IN_RING3 */
4526 }
4527 else
4528 cBusy = 0;
4529 ataUnsetIRQ(s);
4530 break;
4531 }
4532 }
4533 Log2(("%s: LUN#%d addr=%#x val=%#04x\n", __FUNCTION__, s->iLUN, addr, val));
4534 *pu32 = val;
4535 return VINF_SUCCESS;
4536}
4537
4538
4539static uint32_t ataStatusRead(PATACONTROLLER pCtl, uint32_t addr)
4540{
4541 ATADevState *s = &pCtl->aIfs[pCtl->iSelectedIf];
4542 uint32_t val;
4543
4544 //@todo: The handler should not be even registered if there
4545 // is no device on an IDE channel.
4546 if (!pCtl->aIfs[0].pDrvBlock && !pCtl->aIfs[1].pDrvBlock)
4547 val = 0xff;
4548 else if (pCtl->iSelectedIf == 1 && !s->pDrvBlock)
4549 val = 0; /* Device 1 selected, Device 0 responding for it. */
4550 else
4551 val = s->uATARegStatus;
4552 Log2(("%s: addr=%#x val=%#04x\n", __FUNCTION__, addr, val));
4553 return val;
4554}
4555
4556static int ataControlWrite(PATACONTROLLER pCtl, uint32_t addr, uint32_t val)
4557{
4558#ifndef IN_RING3
4559 if ((val ^ pCtl->aIfs[0].uATARegDevCtl) & ATA_DEVCTL_RESET)
4560 return VINF_IOM_R3_IOPORT_WRITE; /* The RESET stuff is too complicated for GC. */
4561#endif /* !IN_RING3 */
4562
4563 Log2(("%s: addr=%#x val=%#04x\n", __FUNCTION__, addr, val));
4564 /* RESET is common for both drives attached to a controller. */
4565 if (!(pCtl->aIfs[0].uATARegDevCtl & ATA_DEVCTL_RESET) &&
4566 (val & ATA_DEVCTL_RESET))
4567 {
4568#ifdef IN_RING3
4569 /* Software RESET low to high */
4570 int32_t uCmdWait0 = -1, uCmdWait1 = -1;
4571 uint64_t uNow = RTTimeNanoTS();
4572 if (pCtl->aIfs[0].u64CmdTS)
4573 uCmdWait0 = (uNow - pCtl->aIfs[0].u64CmdTS) / 1000;
4574 if (pCtl->aIfs[1].u64CmdTS)
4575 uCmdWait1 = (uNow - pCtl->aIfs[1].u64CmdTS) / 1000;
4576 LogRel(("PIIX3 ATA: Ctl#%d: RESET, DevSel=%d AIOIf=%d CmdIf0=%#04x (%d usec ago) CmdIf1=%#04x (%d usec ago)\n",
4577 ATACONTROLLER_IDX(pCtl), pCtl->iSelectedIf, pCtl->iAIOIf,
4578 pCtl->aIfs[0].uATARegCommand, uCmdWait0,
4579 pCtl->aIfs[1].uATARegCommand, uCmdWait1));
4580 pCtl->fReset = true;
4581 /* Everything must be done after the reset flag is set, otherwise
4582 * there are unavoidable races with the currently executing request
4583 * (which might just finish in the mean time). */
4584 pCtl->fChainedTransfer = false;
4585 for (uint32_t i = 0; i < RT_ELEMENTS(pCtl->aIfs); i++)
4586 {
4587 ataResetDevice(&pCtl->aIfs[i]);
4588 /* The following cannot be done using ataSetStatusValue() since the
4589 * reset flag is already set, which suppresses all status changes. */
4590 pCtl->aIfs[i].uATARegStatus = ATA_STAT_BUSY | ATA_STAT_SEEK;
4591 Log2(("%s: LUN#%d status %#04x\n", __FUNCTION__, pCtl->aIfs[i].iLUN, pCtl->aIfs[i].uATARegStatus));
4592 pCtl->aIfs[i].uATARegError = 0x01;
4593 }
4594 ataAsyncIOClearRequests(pCtl);
4595 Log2(("%s: Ctl#%d: message to async I/O thread, resetA\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
4596 if (val & ATA_DEVCTL_HOB)
4597 {
4598 val &= ~ATA_DEVCTL_HOB;
4599 Log2(("%s: ignored setting HOB\n", __FUNCTION__));
4600 }
4601
4602 /* Save the timestamp we started the reset. */
4603 pCtl->u64ResetTime = RTTimeMilliTS();
4604
4605 /* Issue the reset request now. */
4606 ataAsyncIOPutRequest(pCtl, &g_ataResetARequest);
4607#else /* !IN_RING3 */
4608 AssertMsgFailed(("RESET handling is too complicated for GC\n"));
4609#endif /* IN_RING3 */
4610 }
4611 else if ((pCtl->aIfs[0].uATARegDevCtl & ATA_DEVCTL_RESET) &&
4612 !(val & ATA_DEVCTL_RESET))
4613 {
4614#ifdef IN_RING3
4615 /* Software RESET high to low */
4616 Log(("%s: deasserting RESET\n", __FUNCTION__));
4617 Log2(("%s: Ctl#%d: message to async I/O thread, resetC\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
4618 if (val & ATA_DEVCTL_HOB)
4619 {
4620 val &= ~ATA_DEVCTL_HOB;
4621 Log2(("%s: ignored setting HOB\n", __FUNCTION__));
4622 }
4623 ataAsyncIOPutRequest(pCtl, &g_ataResetCRequest);
4624#else /* !IN_RING3 */
4625 AssertMsgFailed(("RESET handling is too complicated for GC\n"));
4626#endif /* IN_RING3 */
4627 }
4628
4629 /* Change of interrupt disable flag. Update interrupt line if interrupt
4630 * is pending on the current interface. */
4631 if ((val ^ pCtl->aIfs[0].uATARegDevCtl) & ATA_DEVCTL_DISABLE_IRQ
4632 && pCtl->aIfs[pCtl->iSelectedIf].fIrqPending)
4633 {
4634 if (!(val & ATA_DEVCTL_DISABLE_IRQ))
4635 {
4636 Log2(("%s: LUN#%d asserting IRQ (interrupt disable change)\n", __FUNCTION__, pCtl->aIfs[pCtl->iSelectedIf].iLUN));
4637 /* The BMDMA unit unconditionally sets BM_STATUS_INT if the
4638 * interrupt line is asserted. It monitors the line for a rising
4639 * edge. */
4640 pCtl->BmDma.u8Status |= BM_STATUS_INT;
4641 if (pCtl->irq == 16)
4642 PDMDevHlpPCISetIrq(CONTROLLER_2_DEVINS(pCtl), 0, 1);
4643 else
4644 PDMDevHlpISASetIrq(CONTROLLER_2_DEVINS(pCtl), pCtl->irq, 1);
4645 }
4646 else
4647 {
4648 Log2(("%s: LUN#%d deasserting IRQ (interrupt disable change)\n", __FUNCTION__, pCtl->aIfs[pCtl->iSelectedIf].iLUN));
4649 if (pCtl->irq == 16)
4650 PDMDevHlpPCISetIrq(CONTROLLER_2_DEVINS(pCtl), 0, 0);
4651 else
4652 PDMDevHlpISASetIrq(CONTROLLER_2_DEVINS(pCtl), pCtl->irq, 0);
4653 }
4654 }
4655
4656 if (val & ATA_DEVCTL_HOB)
4657 Log2(("%s: set HOB\n", __FUNCTION__));
4658
4659 pCtl->aIfs[0].uATARegDevCtl = val;
4660 pCtl->aIfs[1].uATARegDevCtl = val;
4661
4662 return VINF_SUCCESS;
4663}
4664
4665#ifdef IN_RING3
4666
4667static void ataPIOTransfer(PATACONTROLLER pCtl)
4668{
4669 ATADevState *s;
4670
4671 s = &pCtl->aIfs[pCtl->iAIOIf];
4672 Log3(("%s: if=%p\n", __FUNCTION__, s));
4673
4674 if (s->cbTotalTransfer && s->iIOBufferCur > s->iIOBufferEnd)
4675 {
4676 LogRel(("PIIX3 ATA: LUN#%d: %s data in the middle of a PIO transfer - VERY SLOW\n", s->iLUN, s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE ? "loading" : "storing"));
4677 /* Any guest OS that triggers this case has a pathetic ATA driver.
4678 * In a real system it would block the CPU via IORDY, here we do it
4679 * very similarly by not continuing with the current instruction
4680 * until the transfer to/from the storage medium is completed. */
4681 if (s->iSourceSink != ATAFN_SS_NULL)
4682 {
4683 bool fRedo;
4684 uint8_t status = s->uATARegStatus;
4685 ataSetStatusValue(s, ATA_STAT_BUSY);
4686 Log2(("%s: calling source/sink function\n", __FUNCTION__));
4687 fRedo = g_apfnSourceSinkFuncs[s->iSourceSink](s);
4688 pCtl->fRedo = fRedo;
4689 if (RT_UNLIKELY(fRedo))
4690 return;
4691 ataSetStatusValue(s, status);
4692 s->iIOBufferCur = 0;
4693 s->iIOBufferEnd = s->cbElementaryTransfer;
4694 }
4695 }
4696 if (s->cbTotalTransfer)
4697 {
4698 if (s->fATAPITransfer)
4699 ataPIOTransferLimitATAPI(s);
4700
4701 if (s->uTxDir == PDMBLOCKTXDIR_TO_DEVICE && s->cbElementaryTransfer > s->cbTotalTransfer)
4702 s->cbElementaryTransfer = s->cbTotalTransfer;
4703
4704 Log2(("%s: %s tx_size=%d elem_tx_size=%d index=%d end=%d\n",
4705 __FUNCTION__, s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE ? "T2I" : "I2T",
4706 s->cbTotalTransfer, s->cbElementaryTransfer,
4707 s->iIOBufferCur, s->iIOBufferEnd));
4708 ataPIOTransferStart(s, s->iIOBufferCur, s->cbElementaryTransfer);
4709 s->cbTotalTransfer -= s->cbElementaryTransfer;
4710 s->iIOBufferCur += s->cbElementaryTransfer;
4711
4712 if (s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE && s->cbElementaryTransfer > s->cbTotalTransfer)
4713 s->cbElementaryTransfer = s->cbTotalTransfer;
4714 }
4715 else
4716 ataPIOTransferStop(s);
4717}
4718
4719
4720DECLINLINE(void) ataPIOTransferFinish(PATACONTROLLER pCtl, ATADevState *s)
4721{
4722 /* Do not interfere with RESET processing if the PIO transfer finishes
4723 * while the RESET line is asserted. */
4724 if (pCtl->fReset)
4725 {
4726 Log2(("%s: Ctl#%d: suppressed continuing PIO transfer as RESET is active\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
4727 return;
4728 }
4729
4730 if ( s->uTxDir == PDMBLOCKTXDIR_TO_DEVICE
4731 || ( s->iSourceSink != ATAFN_SS_NULL
4732 && s->iIOBufferCur >= s->iIOBufferEnd))
4733 {
4734 /* Need to continue the transfer in the async I/O thread. This is
4735 * the case for write operations or generally for not yet finished
4736 * transfers (some data might need to be read). */
4737 ataUnsetStatus(s, ATA_STAT_READY | ATA_STAT_DRQ);
4738 ataSetStatus(s, ATA_STAT_BUSY);
4739
4740 Log2(("%s: Ctl#%d: message to async I/O thread, continuing PIO transfer\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
4741 ataAsyncIOPutRequest(pCtl, &g_ataPIORequest);
4742 }
4743 else
4744 {
4745 /* Either everything finished (though some data might still be pending)
4746 * or some data is pending before the next read is due. */
4747
4748 /* Continue a previously started transfer. */
4749 ataUnsetStatus(s, ATA_STAT_DRQ);
4750 ataSetStatus(s, ATA_STAT_READY);
4751
4752 if (s->cbTotalTransfer)
4753 {
4754 /* There is more to transfer, happens usually for large ATAPI
4755 * reads - the protocol limits the chunk size to 65534 bytes. */
4756 ataPIOTransfer(pCtl);
4757 ataSetIRQ(s);
4758 }
4759 else
4760 {
4761 Log2(("%s: Ctl#%d: skipping message to async I/O thread, ending PIO transfer\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
4762 /* Finish PIO transfer. */
4763 ataPIOTransfer(pCtl);
4764 Assert(!pCtl->fRedo);
4765 }
4766 }
4767}
4768
4769#endif /* IN_RING3 */
4770
4771static int ataDataWrite(PATACONTROLLER pCtl, uint32_t addr, uint32_t cbSize, const uint8_t *pbBuf)
4772{
4773 ATADevState *s = &pCtl->aIfs[pCtl->iSelectedIf];
4774 uint8_t *p;
4775
4776 if (s->iIOBufferPIODataStart < s->iIOBufferPIODataEnd)
4777 {
4778 Assert(s->uTxDir == PDMBLOCKTXDIR_TO_DEVICE);
4779 p = s->CTX_SUFF(pbIOBuffer) + s->iIOBufferPIODataStart;
4780#ifndef IN_RING3
4781 /* All but the last transfer unit is simple enough for GC, but
4782 * sending a request to the async IO thread is too complicated. */
4783 if (s->iIOBufferPIODataStart + cbSize < s->iIOBufferPIODataEnd)
4784 {
4785 memcpy(p, pbBuf, cbSize);
4786 s->iIOBufferPIODataStart += cbSize;
4787 }
4788 else
4789 return VINF_IOM_R3_IOPORT_WRITE;
4790#else /* IN_RING3 */
4791 memcpy(p, pbBuf, cbSize);
4792 s->iIOBufferPIODataStart += cbSize;
4793 if (s->iIOBufferPIODataStart >= s->iIOBufferPIODataEnd)
4794 ataPIOTransferFinish(pCtl, s);
4795#endif /* !IN_RING3 */
4796 }
4797 else
4798 Log2(("%s: DUMMY data\n", __FUNCTION__));
4799 Log3(("%s: addr=%#x val=%.*Rhxs\n", __FUNCTION__, addr, cbSize, pbBuf));
4800 return VINF_SUCCESS;
4801}
4802
4803static int ataDataRead(PATACONTROLLER pCtl, uint32_t addr, uint32_t cbSize, uint8_t *pbBuf)
4804{
4805 ATADevState *s = &pCtl->aIfs[pCtl->iSelectedIf];
4806 uint8_t *p;
4807
4808 if (s->iIOBufferPIODataStart < s->iIOBufferPIODataEnd)
4809 {
4810 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
4811 p = s->CTX_SUFF(pbIOBuffer) + s->iIOBufferPIODataStart;
4812#ifndef IN_RING3
4813 /* All but the last transfer unit is simple enough for GC, but
4814 * sending a request to the async IO thread is too complicated. */
4815 if (s->iIOBufferPIODataStart + cbSize < s->iIOBufferPIODataEnd)
4816 {
4817 memcpy(pbBuf, p, cbSize);
4818 s->iIOBufferPIODataStart += cbSize;
4819 }
4820 else
4821 return VINF_IOM_R3_IOPORT_READ;
4822#else /* IN_RING3 */
4823 memcpy(pbBuf, p, cbSize);
4824 s->iIOBufferPIODataStart += cbSize;
4825 if (s->iIOBufferPIODataStart >= s->iIOBufferPIODataEnd)
4826 ataPIOTransferFinish(pCtl, s);
4827#endif /* !IN_RING3 */
4828 }
4829 else
4830 {
4831 Log2(("%s: DUMMY data\n", __FUNCTION__));
4832 memset(pbBuf, '\xff', cbSize);
4833 }
4834 Log3(("%s: addr=%#x val=%.*Rhxs\n", __FUNCTION__, addr, cbSize, pbBuf));
4835 return VINF_SUCCESS;
4836}
4837
4838#ifdef IN_RING3
4839
4840static void ataDMATransferStop(ATADevState *s)
4841{
4842 s->cbTotalTransfer = 0;
4843 s->cbElementaryTransfer = 0;
4844 s->iBeginTransfer = ATAFN_BT_NULL;
4845 s->iSourceSink = ATAFN_SS_NULL;
4846}
4847
4848
4849/**
4850 * Perform the entire DMA transfer in one go (unless a source/sink operation
4851 * has to be redone or a RESET comes in between). Unlike the PIO counterpart
4852 * this function cannot handle empty transfers.
4853 *
4854 * @param pCtl Controller for which to perform the transfer.
4855 */
4856static void ataDMATransfer(PATACONTROLLER pCtl)
4857{
4858 PPDMDEVINS pDevIns = CONTROLLER_2_DEVINS(pCtl);
4859 ATADevState *s = &pCtl->aIfs[pCtl->iAIOIf];
4860 bool fRedo;
4861 RTGCPHYS32 pDesc;
4862 uint32_t cbTotalTransfer, cbElementaryTransfer;
4863 uint32_t iIOBufferCur, iIOBufferEnd;
4864 uint32_t dmalen;
4865 PDMBLOCKTXDIR uTxDir;
4866 bool fLastDesc = false;
4867
4868 Assert(sizeof(BMDMADesc) == 8);
4869
4870 fRedo = pCtl->fRedo;
4871 if (RT_LIKELY(!fRedo))
4872 Assert(s->cbTotalTransfer);
4873 uTxDir = (PDMBLOCKTXDIR)s->uTxDir;
4874 cbTotalTransfer = s->cbTotalTransfer;
4875 cbElementaryTransfer = s->cbElementaryTransfer;
4876 iIOBufferCur = s->iIOBufferCur;
4877 iIOBufferEnd = s->iIOBufferEnd;
4878
4879 /* The DMA loop is designed to hold the lock only when absolutely
4880 * necessary. This avoids long freezes should the guest access the
4881 * ATA registers etc. for some reason. */
4882 PDMCritSectLeave(&pCtl->lock);
4883
4884 Log2(("%s: %s tx_size=%d elem_tx_size=%d index=%d end=%d\n",
4885 __FUNCTION__, uTxDir == PDMBLOCKTXDIR_FROM_DEVICE ? "T2I" : "I2T",
4886 cbTotalTransfer, cbElementaryTransfer,
4887 iIOBufferCur, iIOBufferEnd));
4888 for (pDesc = pCtl->pFirstDMADesc; pDesc <= pCtl->pLastDMADesc; pDesc += sizeof(BMDMADesc))
4889 {
4890 BMDMADesc DMADesc;
4891 RTGCPHYS32 pBuffer;
4892 uint32_t cbBuffer;
4893
4894 if (RT_UNLIKELY(fRedo))
4895 {
4896 pBuffer = pCtl->pRedoDMABuffer;
4897 cbBuffer = pCtl->cbRedoDMABuffer;
4898 fLastDesc = pCtl->fRedoDMALastDesc;
4899 }
4900 else
4901 {
4902 PDMDevHlpPhysRead(pDevIns, pDesc, &DMADesc, sizeof(BMDMADesc));
4903 pBuffer = RT_LE2H_U32(DMADesc.pBuffer);
4904 cbBuffer = RT_LE2H_U32(DMADesc.cbBuffer);
4905 fLastDesc = !!(cbBuffer & 0x80000000);
4906 cbBuffer &= 0xfffe;
4907 if (cbBuffer == 0)
4908 cbBuffer = 0x10000;
4909 if (cbBuffer > cbTotalTransfer)
4910 cbBuffer = cbTotalTransfer;
4911 }
4912
4913 while (RT_UNLIKELY(fRedo) || (cbBuffer && cbTotalTransfer))
4914 {
4915 if (RT_LIKELY(!fRedo))
4916 {
4917 dmalen = RT_MIN(cbBuffer, iIOBufferEnd - iIOBufferCur);
4918 Log2(("%s: DMA desc %#010x: addr=%#010x size=%#010x orig_size=%#010x\n", __FUNCTION__,
4919 (int)pDesc, pBuffer, cbBuffer, RT_LE2H_U32(DMADesc.cbBuffer) & 0xfffe));
4920
4921 PCIATAState *pATAState = PDMINS_2_DATA(pDevIns, PCIATAState *);
4922 AssertPtr(pATAState);
4923 if (uTxDir == PDMBLOCKTXDIR_FROM_DEVICE)
4924 PDMDevHlpPCIPhysWrite(pDevIns, pBuffer, s->CTX_SUFF(pbIOBuffer) + iIOBufferCur, dmalen);
4925 else
4926 PDMDevHlpPCIPhysRead(pDevIns, pBuffer, s->CTX_SUFF(pbIOBuffer) + iIOBufferCur, dmalen);
4927
4928 iIOBufferCur += dmalen;
4929 cbTotalTransfer -= dmalen;
4930 cbBuffer -= dmalen;
4931 pBuffer += dmalen;
4932 }
4933 if ( iIOBufferCur == iIOBufferEnd
4934 && (uTxDir == PDMBLOCKTXDIR_TO_DEVICE || cbTotalTransfer))
4935 {
4936 if (uTxDir == PDMBLOCKTXDIR_FROM_DEVICE && cbElementaryTransfer > cbTotalTransfer)
4937 cbElementaryTransfer = cbTotalTransfer;
4938
4939 {
4940 STAM_PROFILE_START(&pCtl->StatLockWait, a);
4941 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
4942 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
4943 }
4944
4945 /* The RESET handler could have cleared the DMA transfer
4946 * state (since we didn't hold the lock until just now
4947 * the guest can continue in parallel). If so, the state
4948 * is already set up so the loop is exited immediately. */
4949 if (s->iSourceSink != ATAFN_SS_NULL)
4950 {
4951 s->iIOBufferCur = iIOBufferCur;
4952 s->iIOBufferEnd = iIOBufferEnd;
4953 s->cbElementaryTransfer = cbElementaryTransfer;
4954 s->cbTotalTransfer = cbTotalTransfer;
4955 Log2(("%s: calling source/sink function\n", __FUNCTION__));
4956 fRedo = g_apfnSourceSinkFuncs[s->iSourceSink](s);
4957 if (RT_UNLIKELY(fRedo))
4958 {
4959 pCtl->pFirstDMADesc = pDesc;
4960 pCtl->pRedoDMABuffer = pBuffer;
4961 pCtl->cbRedoDMABuffer = cbBuffer;
4962 pCtl->fRedoDMALastDesc = fLastDesc;
4963 }
4964 else
4965 {
4966 cbTotalTransfer = s->cbTotalTransfer;
4967 cbElementaryTransfer = s->cbElementaryTransfer;
4968
4969 if (uTxDir == PDMBLOCKTXDIR_TO_DEVICE && cbElementaryTransfer > cbTotalTransfer)
4970 cbElementaryTransfer = cbTotalTransfer;
4971 iIOBufferCur = 0;
4972 iIOBufferEnd = cbElementaryTransfer;
4973 }
4974 pCtl->fRedo = fRedo;
4975 }
4976 else
4977 {
4978 /* This forces the loop to exit immediately. */
4979 pDesc = pCtl->pLastDMADesc + 1;
4980 }
4981
4982 PDMCritSectLeave(&pCtl->lock);
4983 if (RT_UNLIKELY(fRedo))
4984 break;
4985 }
4986 }
4987
4988 if (RT_UNLIKELY(fRedo))
4989 break;
4990
4991 /* end of transfer */
4992 if (!cbTotalTransfer || fLastDesc)
4993 break;
4994
4995 {
4996 STAM_PROFILE_START(&pCtl->StatLockWait, a);
4997 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
4998 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
4999 }
5000
5001 if (!(pCtl->BmDma.u8Cmd & BM_CMD_START) || pCtl->fReset)
5002 {
5003 LogRel(("PIIX3 ATA: Ctl#%d: ABORT DMA%s\n", ATACONTROLLER_IDX(pCtl), pCtl->fReset ? " due to RESET" : ""));
5004 if (!pCtl->fReset)
5005 ataDMATransferStop(s);
5006 /* This forces the loop to exit immediately. */
5007 pDesc = pCtl->pLastDMADesc + 1;
5008 }
5009
5010 PDMCritSectLeave(&pCtl->lock);
5011 }
5012
5013 {
5014 STAM_PROFILE_START(&pCtl->StatLockWait, a);
5015 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
5016 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
5017 }
5018
5019 if (RT_UNLIKELY(fRedo))
5020 return;
5021
5022 if (fLastDesc)
5023 pCtl->BmDma.u8Status &= ~BM_STATUS_DMAING;
5024 s->cbTotalTransfer = cbTotalTransfer;
5025 s->cbElementaryTransfer = cbElementaryTransfer;
5026 s->iIOBufferCur = iIOBufferCur;
5027 s->iIOBufferEnd = iIOBufferEnd;
5028}
5029
5030/**
5031 * Signal PDM that we're idle (if we actually are).
5032 *
5033 * @param pCtl The controller.
5034 */
5035static void ataR3AsyncSignalIdle(PATACONTROLLER pCtl)
5036{
5037 /*
5038 * Take the mutex here and recheck the idle indicator to avoid
5039 * unnecessary work and racing ataR3WaitForAsyncIOIsIdle.
5040 */
5041 int rc = RTSemMutexRequest(pCtl->AsyncIORequestMutex, RT_INDEFINITE_WAIT); AssertRC(rc);
5042
5043 if ( pCtl->fSignalIdle
5044 && ataAsyncIOIsIdle(pCtl, false /*fStrict*/))
5045 {
5046 PDMDevHlpAsyncNotificationCompleted(pCtl->pDevInsR3);
5047 RTThreadUserSignal(pCtl->AsyncIOThread); /* for ataR3Construct/ataR3ResetCommon. */
5048 }
5049
5050 rc = RTSemMutexRelease(pCtl->AsyncIORequestMutex); AssertRC(rc);
5051}
5052
5053/** Async I/O thread for an interface. Once upon a time this was readable
5054 * code with several loops and a different semaphore for each purpose. But
5055 * then came the "how can one save the state in the middle of a PIO transfer"
5056 * question. The solution was to use an ASM, which is what's there now. */
5057static DECLCALLBACK(int) ataAsyncIOLoop(RTTHREAD ThreadSelf, void *pvUser)
5058{
5059 const ATARequest *pReq;
5060 uint64_t u64TS = 0; /* shut up gcc */
5061 uint64_t uWait;
5062 int rc = VINF_SUCCESS;
5063 PATACONTROLLER pCtl = (PATACONTROLLER)pvUser;
5064 ATADevState *s;
5065
5066 pReq = NULL;
5067 pCtl->fChainedTransfer = false;
5068 while (!pCtl->fShutdown)
5069 {
5070 /* Keep this thread from doing anything as long as EMT is suspended. */
5071 while (pCtl->fRedoIdle)
5072 {
5073 if (pCtl->fSignalIdle)
5074 ataR3AsyncSignalIdle(pCtl);
5075 rc = RTSemEventWait(pCtl->SuspendIOSem, RT_INDEFINITE_WAIT);
5076 /* Continue if we got a signal by RTThreadPoke().
5077 * We will get notified if there is a request to process.
5078 */
5079 if (RT_UNLIKELY(rc == VERR_INTERRUPTED))
5080 continue;
5081 if (RT_FAILURE(rc) || pCtl->fShutdown)
5082 break;
5083
5084 pCtl->fRedoIdle = false;
5085 }
5086
5087 /* Wait for work. */
5088 while (pReq == NULL)
5089 {
5090 if (pCtl->fSignalIdle)
5091 ataR3AsyncSignalIdle(pCtl);
5092 rc = RTSemEventWait(pCtl->AsyncIOSem, RT_INDEFINITE_WAIT);
5093 /* Continue if we got a signal by RTThreadPoke().
5094 * We will get notified if there is a request to process.
5095 */
5096 if (RT_UNLIKELY(rc == VERR_INTERRUPTED))
5097 continue;
5098 if (RT_FAILURE(rc) || RT_UNLIKELY(pCtl->fShutdown))
5099 break;
5100
5101 pReq = ataAsyncIOGetCurrentRequest(pCtl);
5102 }
5103
5104 if (RT_FAILURE(rc) || pCtl->fShutdown)
5105 break;
5106
5107 if (pReq == NULL)
5108 continue;
5109
5110 ATAAIO ReqType = pReq->ReqType;
5111
5112 Log2(("%s: Ctl#%d: state=%d, req=%d\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl), pCtl->uAsyncIOState, ReqType));
5113 if (pCtl->uAsyncIOState != ReqType)
5114 {
5115 /* The new state is not the state that was expected by the normal
5116 * state changes. This is either a RESET/ABORT or there's something
5117 * really strange going on. */
5118 if ( (pCtl->uAsyncIOState == ATA_AIO_PIO || pCtl->uAsyncIOState == ATA_AIO_DMA)
5119 && (ReqType == ATA_AIO_PIO || ReqType == ATA_AIO_DMA))
5120 {
5121 /* Incorrect sequence of PIO/DMA states. Dump request queue. */
5122 ataAsyncIODumpRequests(pCtl);
5123 }
5124 AssertReleaseMsg(ReqType == ATA_AIO_RESET_ASSERTED || ReqType == ATA_AIO_RESET_CLEARED || ReqType == ATA_AIO_ABORT || pCtl->uAsyncIOState == ReqType, ("I/O state inconsistent: state=%d request=%d\n", pCtl->uAsyncIOState, ReqType));
5125 }
5126
5127 /* Do our work. */
5128 {
5129 STAM_PROFILE_START(&pCtl->StatLockWait, a);
5130 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
5131 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
5132 }
5133
5134 if (pCtl->uAsyncIOState == ATA_AIO_NEW && !pCtl->fChainedTransfer)
5135 {
5136 u64TS = RTTimeNanoTS();
5137#if defined(DEBUG) || defined(VBOX_WITH_STATISTICS)
5138 STAM_PROFILE_ADV_START(&pCtl->StatAsyncTime, a);
5139#endif /* DEBUG || VBOX_WITH_STATISTICS */
5140 }
5141
5142 switch (ReqType)
5143 {
5144 case ATA_AIO_NEW:
5145
5146 pCtl->iAIOIf = pReq->u.t.iIf;
5147 s = &pCtl->aIfs[pCtl->iAIOIf];
5148 s->cbTotalTransfer = pReq->u.t.cbTotalTransfer;
5149 s->uTxDir = pReq->u.t.uTxDir;
5150 s->iBeginTransfer = pReq->u.t.iBeginTransfer;
5151 s->iSourceSink = pReq->u.t.iSourceSink;
5152 s->iIOBufferEnd = 0;
5153 s->u64CmdTS = u64TS;
5154
5155 if (s->fATAPI)
5156 {
5157 if (pCtl->fChainedTransfer)
5158 {
5159 /* Only count the actual transfers, not the PIO
5160 * transfer of the ATAPI command bytes. */
5161 if (s->fDMA)
5162 STAM_REL_COUNTER_INC(&s->StatATAPIDMA);
5163 else
5164 STAM_REL_COUNTER_INC(&s->StatATAPIPIO);
5165 }
5166 }
5167 else
5168 {
5169 if (s->fDMA)
5170 STAM_REL_COUNTER_INC(&s->StatATADMA);
5171 else
5172 STAM_REL_COUNTER_INC(&s->StatATAPIO);
5173 }
5174
5175 pCtl->fChainedTransfer = false;
5176
5177 if (s->iBeginTransfer != ATAFN_BT_NULL)
5178 {
5179 Log2(("%s: Ctl#%d: calling begin transfer function\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
5180 g_apfnBeginTransFuncs[s->iBeginTransfer](s);
5181 s->iBeginTransfer = ATAFN_BT_NULL;
5182 if (s->uTxDir != PDMBLOCKTXDIR_FROM_DEVICE)
5183 s->iIOBufferEnd = s->cbElementaryTransfer;
5184 }
5185 else
5186 {
5187 s->cbElementaryTransfer = s->cbTotalTransfer;
5188 s->iIOBufferEnd = s->cbTotalTransfer;
5189 }
5190 s->iIOBufferCur = 0;
5191
5192 if (s->uTxDir != PDMBLOCKTXDIR_TO_DEVICE)
5193 {
5194 if (s->iSourceSink != ATAFN_SS_NULL)
5195 {
5196 bool fRedo;
5197 Log2(("%s: Ctl#%d: calling source/sink function\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
5198 fRedo = g_apfnSourceSinkFuncs[s->iSourceSink](s);
5199 pCtl->fRedo = fRedo;
5200 if (RT_UNLIKELY(fRedo && !pCtl->fReset))
5201 {
5202 /* Operation failed at the initial transfer, restart
5203 * everything from scratch by resending the current
5204 * request. Occurs very rarely, not worth optimizing. */
5205 LogRel(("%s: Ctl#%d: redo entire operation\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
5206 ataAsyncIOPutRequest(pCtl, pReq);
5207 break;
5208 }
5209 }
5210 else
5211 ataCmdOK(s, 0);
5212 s->iIOBufferEnd = s->cbElementaryTransfer;
5213
5214 }
5215
5216 /* Do not go into the transfer phase if RESET is asserted.
5217 * The CritSect is released while waiting for the host OS
5218 * to finish the I/O, thus RESET is possible here. Most
5219 * important: do not change uAsyncIOState. */
5220 if (pCtl->fReset)
5221 break;
5222
5223 if (s->fDMA)
5224 {
5225 if (s->cbTotalTransfer)
5226 {
5227 ataSetStatus(s, ATA_STAT_DRQ);
5228
5229 pCtl->uAsyncIOState = ATA_AIO_DMA;
5230 /* If BMDMA is already started, do the transfer now. */
5231 if (pCtl->BmDma.u8Cmd & BM_CMD_START)
5232 {
5233 Log2(("%s: Ctl#%d: message to async I/O thread, continuing DMA transfer immediately\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
5234 ataAsyncIOPutRequest(pCtl, &g_ataDMARequest);
5235 }
5236 }
5237 else
5238 {
5239 Assert(s->uTxDir == PDMBLOCKTXDIR_NONE); /* Any transfer which has an initial transfer size of 0 must be marked as such. */
5240 /* Finish DMA transfer. */
5241 ataDMATransferStop(s);
5242 ataSetIRQ(s);
5243 pCtl->uAsyncIOState = ATA_AIO_NEW;
5244 }
5245 }
5246 else
5247 {
5248 if (s->cbTotalTransfer)
5249 {
5250 ataPIOTransfer(pCtl);
5251 Assert(!pCtl->fRedo);
5252 if (s->fATAPITransfer || s->uTxDir != PDMBLOCKTXDIR_TO_DEVICE)
5253 ataSetIRQ(s);
5254
5255 if (s->uTxDir == PDMBLOCKTXDIR_TO_DEVICE || s->iSourceSink != ATAFN_SS_NULL)
5256 {
5257 /* Write operations and not yet finished transfers
5258 * must be completed in the async I/O thread. */
5259 pCtl->uAsyncIOState = ATA_AIO_PIO;
5260 }
5261 else
5262 {
5263 /* Finished read operation can be handled inline
5264 * in the end of PIO transfer handling code. Linux
5265 * depends on this, as it waits only briefly for
5266 * devices to become ready after incoming data
5267 * transfer. Cannot find anything in the ATA spec
5268 * that backs this assumption, but as all kernels
5269 * are affected (though most of the time it does
5270 * not cause any harm) this must work. */
5271 pCtl->uAsyncIOState = ATA_AIO_NEW;
5272 }
5273 }
5274 else
5275 {
5276 Assert(s->uTxDir == PDMBLOCKTXDIR_NONE); /* Any transfer which has an initial transfer size of 0 must be marked as such. */
5277 /* Finish PIO transfer. */
5278 ataPIOTransfer(pCtl);
5279 Assert(!pCtl->fRedo);
5280 if (!s->fATAPITransfer)
5281 ataSetIRQ(s);
5282 pCtl->uAsyncIOState = ATA_AIO_NEW;
5283 }
5284 }
5285 break;
5286
5287 case ATA_AIO_DMA:
5288 {
5289 BMDMAState *bm = &pCtl->BmDma;
5290 s = &pCtl->aIfs[pCtl->iAIOIf]; /* Do not remove or there's an instant crash after loading the saved state */
5291 ATAFNSS iOriginalSourceSink = (ATAFNSS)s->iSourceSink; /* Used by the hack below, but gets reset by then. */
5292
5293 if (s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE)
5294 AssertRelease(bm->u8Cmd & BM_CMD_WRITE);
5295 else
5296 AssertRelease(!(bm->u8Cmd & BM_CMD_WRITE));
5297
5298 if (RT_LIKELY(!pCtl->fRedo))
5299 {
5300 /* The specs say that the descriptor table must not cross a
5301 * 4K boundary. */
5302 pCtl->pFirstDMADesc = bm->pvAddr;
5303 pCtl->pLastDMADesc = RT_ALIGN_32(bm->pvAddr + 1, _4K) - sizeof(BMDMADesc);
5304 }
5305 ataDMATransfer(pCtl);
5306
5307 if (RT_UNLIKELY(pCtl->fRedo && !pCtl->fReset))
5308 {
5309 LogRel(("PIIX3 ATA: Ctl#%d: redo DMA operation\n", ATACONTROLLER_IDX(pCtl)));
5310 ataAsyncIOPutRequest(pCtl, &g_ataDMARequest);
5311 break;
5312 }
5313
5314 /* The infamous delay IRQ hack. */
5315 if ( iOriginalSourceSink == ATAFN_SS_WRITE_SECTORS
5316 && s->cbTotalTransfer == 0
5317 && pCtl->DelayIRQMillies)
5318 {
5319 /* Delay IRQ for writing. Required to get the Win2K
5320 * installation work reliably (otherwise it crashes,
5321 * usually during component install). So far no better
5322 * solution has been found. */
5323 Log(("%s: delay IRQ hack\n", __FUNCTION__));
5324 PDMCritSectLeave(&pCtl->lock);
5325 RTThreadSleep(pCtl->DelayIRQMillies);
5326 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
5327 }
5328
5329 ataUnsetStatus(s, ATA_STAT_DRQ);
5330 Assert(!pCtl->fChainedTransfer);
5331 Assert(s->iSourceSink == ATAFN_SS_NULL);
5332 if (s->fATAPITransfer)
5333 {
5334 s->uATARegNSector = (s->uATARegNSector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
5335 Log2(("%s: Ctl#%d: interrupt reason %#04x\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl), s->uATARegNSector));
5336 s->fATAPITransfer = false;
5337 }
5338 ataSetIRQ(s);
5339 pCtl->uAsyncIOState = ATA_AIO_NEW;
5340 break;
5341 }
5342
5343 case ATA_AIO_PIO:
5344 s = &pCtl->aIfs[pCtl->iAIOIf]; /* Do not remove or there's an instant crash after loading the saved state */
5345
5346 if (s->iSourceSink != ATAFN_SS_NULL)
5347 {
5348 bool fRedo;
5349 Log2(("%s: Ctl#%d: calling source/sink function\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
5350 fRedo = g_apfnSourceSinkFuncs[s->iSourceSink](s);
5351 pCtl->fRedo = fRedo;
5352 if (RT_UNLIKELY(fRedo && !pCtl->fReset))
5353 {
5354 LogRel(("PIIX3 ATA: Ctl#%d: redo PIO operation\n", ATACONTROLLER_IDX(pCtl)));
5355 ataAsyncIOPutRequest(pCtl, &g_ataPIORequest);
5356 break;
5357 }
5358 s->iIOBufferCur = 0;
5359 s->iIOBufferEnd = s->cbElementaryTransfer;
5360 }
5361 else
5362 {
5363 /* Continue a previously started transfer. */
5364 ataUnsetStatus(s, ATA_STAT_BUSY);
5365 ataSetStatus(s, ATA_STAT_READY);
5366 }
5367
5368 /* It is possible that the drives on this controller get RESET
5369 * during the above call to the source/sink function. If that's
5370 * the case, don't restart the transfer and don't finish it the
5371 * usual way. RESET handling took care of all that already.
5372 * Most important: do not change uAsyncIOState. */
5373 if (pCtl->fReset)
5374 break;
5375
5376 if (s->cbTotalTransfer)
5377 {
5378 ataPIOTransfer(pCtl);
5379 ataSetIRQ(s);
5380
5381 if (s->uTxDir == PDMBLOCKTXDIR_TO_DEVICE || s->iSourceSink != ATAFN_SS_NULL)
5382 {
5383 /* Write operations and not yet finished transfers
5384 * must be completed in the async I/O thread. */
5385 pCtl->uAsyncIOState = ATA_AIO_PIO;
5386 }
5387 else
5388 {
5389 /* Finished read operation can be handled inline
5390 * in the end of PIO transfer handling code. Linux
5391 * depends on this, as it waits only briefly for
5392 * devices to become ready after incoming data
5393 * transfer. Cannot find anything in the ATA spec
5394 * that backs this assumption, but as all kernels
5395 * are affected (though most of the time it does
5396 * not cause any harm) this must work. */
5397 pCtl->uAsyncIOState = ATA_AIO_NEW;
5398 }
5399 }
5400 else
5401 {
5402 /* Finish PIO transfer. */
5403 ataPIOTransfer(pCtl);
5404 if ( !pCtl->fChainedTransfer
5405 && !s->fATAPITransfer
5406 && s->uTxDir != PDMBLOCKTXDIR_FROM_DEVICE)
5407 {
5408 ataSetIRQ(s);
5409 }
5410 pCtl->uAsyncIOState = ATA_AIO_NEW;
5411 }
5412 break;
5413
5414 case ATA_AIO_RESET_ASSERTED:
5415 pCtl->uAsyncIOState = ATA_AIO_RESET_CLEARED;
5416 ataPIOTransferStop(&pCtl->aIfs[0]);
5417 ataPIOTransferStop(&pCtl->aIfs[1]);
5418 /* Do not change the DMA registers, they are not affected by the
5419 * ATA controller reset logic. It should be sufficient to issue a
5420 * new command, which is now possible as the state is cleared. */
5421 break;
5422
5423 case ATA_AIO_RESET_CLEARED:
5424 pCtl->uAsyncIOState = ATA_AIO_NEW;
5425 pCtl->fReset = false;
5426 /* Ensure that half-completed transfers are not redone. A reset
5427 * cancels the entire transfer, so continuing is wrong. */
5428 pCtl->fRedo = false;
5429 pCtl->fRedoDMALastDesc = false;
5430 LogRel(("PIIX3 ATA: Ctl#%d: finished processing RESET\n",
5431 ATACONTROLLER_IDX(pCtl)));
5432 for (uint32_t i = 0; i < RT_ELEMENTS(pCtl->aIfs); i++)
5433 {
5434 if (pCtl->aIfs[i].fATAPI)
5435 ataSetStatusValue(&pCtl->aIfs[i], 0); /* NOTE: READY is _not_ set */
5436 else
5437 ataSetStatusValue(&pCtl->aIfs[i], ATA_STAT_READY | ATA_STAT_SEEK);
5438 ataSetSignature(&pCtl->aIfs[i]);
5439 }
5440 break;
5441
5442 case ATA_AIO_ABORT:
5443 /* Abort the current command no matter what. There cannot be
5444 * any command activity on the other drive otherwise using
5445 * one thread per controller wouldn't work at all. */
5446 s = &pCtl->aIfs[pReq->u.a.iIf];
5447
5448 pCtl->uAsyncIOState = ATA_AIO_NEW;
5449 /* Do not change the DMA registers, they are not affected by the
5450 * ATA controller reset logic. It should be sufficient to issue a
5451 * new command, which is now possible as the state is cleared. */
5452 if (pReq->u.a.fResetDrive)
5453 {
5454 ataResetDevice(s);
5455 ataExecuteDeviceDiagnosticSS(s);
5456 }
5457 else
5458 {
5459 /* Stop any pending DMA transfer. */
5460 s->fDMA = false;
5461 ataPIOTransferStop(s);
5462 ataUnsetStatus(s, ATA_STAT_BUSY | ATA_STAT_DRQ | ATA_STAT_SEEK | ATA_STAT_ERR);
5463 ataSetStatus(s, ATA_STAT_READY);
5464 ataSetIRQ(s);
5465 }
5466 break;
5467
5468 default:
5469 AssertMsgFailed(("Undefined async I/O state %d\n", pCtl->uAsyncIOState));
5470 }
5471
5472 ataAsyncIORemoveCurrentRequest(pCtl, ReqType);
5473 pReq = ataAsyncIOGetCurrentRequest(pCtl);
5474
5475 if (pCtl->uAsyncIOState == ATA_AIO_NEW && !pCtl->fChainedTransfer)
5476 {
5477#if defined(DEBUG) || defined(VBOX_WITH_STATISTICS)
5478 STAM_PROFILE_ADV_STOP(&pCtl->StatAsyncTime, a);
5479#endif /* DEBUG || VBOX_WITH_STATISTICS */
5480
5481 u64TS = RTTimeNanoTS() - u64TS;
5482 uWait = u64TS / 1000;
5483 Log(("%s: Ctl#%d: LUN#%d finished I/O transaction in %d microseconds\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl), pCtl->aIfs[pCtl->iAIOIf].iLUN, (uint32_t)(uWait)));
5484 /* Mark command as finished. */
5485 pCtl->aIfs[pCtl->iAIOIf].u64CmdTS = 0;
5486
5487 /*
5488 * Release logging of command execution times depends on the
5489 * command type. ATAPI commands often take longer (due to CD/DVD
5490 * spin up time etc.) so the threshold is different.
5491 */
5492 if (pCtl->aIfs[pCtl->iAIOIf].uATARegCommand != ATA_PACKET)
5493 {
5494 if (uWait > 8 * 1000 * 1000)
5495 {
5496 /*
5497 * Command took longer than 8 seconds. This is close
5498 * enough or over the guest's command timeout, so place
5499 * an entry in the release log to allow tracking such
5500 * timing errors (which are often caused by the host).
5501 */
5502 LogRel(("PIIX3 ATA: execution time for ATA command %#04x was %d seconds\n", pCtl->aIfs[pCtl->iAIOIf].uATARegCommand, uWait / (1000 * 1000)));
5503 }
5504 }
5505 else
5506 {
5507 if (uWait > 20 * 1000 * 1000)
5508 {
5509 /*
5510 * Command took longer than 20 seconds. This is close
5511 * enough or over the guest's command timeout, so place
5512 * an entry in the release log to allow tracking such
5513 * timing errors (which are often caused by the host).
5514 */
5515 LogRel(("PIIX3 ATA: execution time for ATAPI command %#04x was %d seconds\n", pCtl->aIfs[pCtl->iAIOIf].aATAPICmd[0], uWait / (1000 * 1000)));
5516 }
5517 }
5518
5519#if defined(DEBUG) || defined(VBOX_WITH_STATISTICS)
5520 if (uWait < pCtl->StatAsyncMinWait || !pCtl->StatAsyncMinWait)
5521 pCtl->StatAsyncMinWait = uWait;
5522 if (uWait > pCtl->StatAsyncMaxWait)
5523 pCtl->StatAsyncMaxWait = uWait;
5524
5525 STAM_COUNTER_ADD(&pCtl->StatAsyncTimeUS, uWait);
5526 STAM_COUNTER_INC(&pCtl->StatAsyncOps);
5527#endif /* DEBUG || VBOX_WITH_STATISTICS */
5528 }
5529
5530 PDMCritSectLeave(&pCtl->lock);
5531 }
5532
5533 /* Signal the ultimate idleness. */
5534 RTThreadUserSignal(pCtl->AsyncIOThread);
5535 if (pCtl->fSignalIdle)
5536 PDMDevHlpAsyncNotificationCompleted(pCtl->pDevInsR3);
5537
5538 /* Cleanup the state. */
5539 /* Do not destroy request mutex yet, still needed for proper shutdown. */
5540 pCtl->fShutdown = false;
5541
5542 Log2(("%s: Ctl#%d: return %Rrc\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl), rc));
5543 return rc;
5544}
5545
5546#endif /* IN_RING3 */
5547
5548static uint32_t ataBMDMACmdReadB(PATACONTROLLER pCtl, uint32_t addr)
5549{
5550 uint32_t val = pCtl->BmDma.u8Cmd;
5551 Log2(("%s: addr=%#06x val=%#04x\n", __FUNCTION__, addr, val));
5552 return val;
5553}
5554
5555
5556static void ataBMDMACmdWriteB(PATACONTROLLER pCtl, uint32_t addr, uint32_t val)
5557{
5558 Log2(("%s: addr=%#06x val=%#04x\n", __FUNCTION__, addr, val));
5559 if (!(val & BM_CMD_START))
5560 {
5561 pCtl->BmDma.u8Status &= ~BM_STATUS_DMAING;
5562 pCtl->BmDma.u8Cmd = val & (BM_CMD_START | BM_CMD_WRITE);
5563 }
5564 else
5565 {
5566#ifdef IN_RING3
5567 /* Check whether the guest OS wants to change DMA direction in
5568 * mid-flight. Not allowed, according to the PIIX3 specs. */
5569 Assert(!(pCtl->BmDma.u8Status & BM_STATUS_DMAING) || !((val ^ pCtl->BmDma.u8Cmd) & 0x04));
5570 uint8_t uOldBmDmaStatus = pCtl->BmDma.u8Status;
5571 pCtl->BmDma.u8Status |= BM_STATUS_DMAING;
5572 pCtl->BmDma.u8Cmd = val & (BM_CMD_START | BM_CMD_WRITE);
5573
5574 /* Do not continue DMA transfers while the RESET line is asserted. */
5575 if (pCtl->fReset)
5576 {
5577 Log2(("%s: Ctl#%d: suppressed continuing DMA transfer as RESET is active\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
5578 return;
5579 }
5580
5581 /* Do not start DMA transfers if there's a PIO transfer going on,
5582 * or if there is already a transfer started on this controller. */
5583 if ( !pCtl->aIfs[pCtl->iSelectedIf].fDMA
5584 || (uOldBmDmaStatus & BM_STATUS_DMAING))
5585 return;
5586
5587 if (pCtl->aIfs[pCtl->iAIOIf].uATARegStatus & ATA_STAT_DRQ)
5588 {
5589 Log2(("%s: Ctl#%d: message to async I/O thread, continuing DMA transfer\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
5590 ataAsyncIOPutRequest(pCtl, &g_ataDMARequest);
5591 }
5592#else /* !IN_RING3 */
5593 AssertMsgFailed(("DMA START handling is too complicated for GC\n"));
5594#endif /* IN_RING3 */
5595 }
5596}
5597
5598static uint32_t ataBMDMAStatusReadB(PATACONTROLLER pCtl, uint32_t addr)
5599{
5600 uint32_t val = pCtl->BmDma.u8Status;
5601 Log2(("%s: addr=%#06x val=%#04x\n", __FUNCTION__, addr, val));
5602 return val;
5603}
5604
5605static void ataBMDMAStatusWriteB(PATACONTROLLER pCtl, uint32_t addr, uint32_t val)
5606{
5607 Log2(("%s: addr=%#06x val=%#04x\n", __FUNCTION__, addr, val));
5608 pCtl->BmDma.u8Status = (val & (BM_STATUS_D0DMA | BM_STATUS_D1DMA))
5609 | (pCtl->BmDma.u8Status & BM_STATUS_DMAING)
5610 | (pCtl->BmDma.u8Status & ~val & (BM_STATUS_ERROR | BM_STATUS_INT));
5611}
5612
5613static uint32_t ataBMDMAAddrReadL(PATACONTROLLER pCtl, uint32_t addr)
5614{
5615 uint32_t val = (uint32_t)pCtl->BmDma.pvAddr;
5616 Log2(("%s: addr=%#06x val=%#010x\n", __FUNCTION__, addr, val));
5617 return val;
5618}
5619
5620static void ataBMDMAAddrWriteL(PATACONTROLLER pCtl, uint32_t addr, uint32_t val)
5621{
5622 Log2(("%s: addr=%#06x val=%#010x\n", __FUNCTION__, addr, val));
5623 pCtl->BmDma.pvAddr = val & ~3;
5624}
5625
5626static void ataBMDMAAddrWriteLowWord(PATACONTROLLER pCtl, uint32_t addr, uint32_t val)
5627{
5628 Log2(("%s: addr=%#06x val=%#010x\n", __FUNCTION__, addr, val));
5629 pCtl->BmDma.pvAddr = (pCtl->BmDma.pvAddr & 0xFFFF0000) | RT_LOWORD(val & ~3);
5630
5631}
5632
5633static void ataBMDMAAddrWriteHighWord(PATACONTROLLER pCtl, uint32_t addr, uint32_t val)
5634{
5635 Log2(("%s: addr=%#06x val=%#010x\n", __FUNCTION__, addr, val));
5636 pCtl->BmDma.pvAddr = (RT_LOWORD(val) << 16) | RT_LOWORD(pCtl->BmDma.pvAddr);
5637}
5638
5639#define VAL(port, size) ( ((port) & 7) | ((size) << 3) )
5640
5641/**
5642 * Port I/O Handler for bus master DMA IN operations.
5643 * @see FNIOMIOPORTIN for details.
5644 */
5645PDMBOTHCBDECL(int) ataBMDMAIOPortRead(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t *pu32, unsigned cb)
5646{
5647 uint32_t i = (uint32_t)(uintptr_t)pvUser;
5648 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5649 PATACONTROLLER pCtl = &pThis->aCts[i];
5650
5651 int rc = PDMCritSectEnter(&pCtl->lock, VINF_IOM_R3_IOPORT_READ);
5652 if (rc != VINF_SUCCESS)
5653 return rc;
5654 switch (VAL(Port, cb))
5655 {
5656 case VAL(0, 1): *pu32 = ataBMDMACmdReadB(pCtl, Port); break;
5657 case VAL(0, 2): *pu32 = ataBMDMACmdReadB(pCtl, Port); break;
5658 case VAL(2, 1): *pu32 = ataBMDMAStatusReadB(pCtl, Port); break;
5659 case VAL(2, 2): *pu32 = ataBMDMAStatusReadB(pCtl, Port); break;
5660 case VAL(4, 4): *pu32 = ataBMDMAAddrReadL(pCtl, Port); break;
5661 case VAL(0, 4):
5662 /* The SCO OpenServer tries to read 4 bytes starting from offset 0. */
5663 *pu32 = ataBMDMACmdReadB(pCtl, Port) | (ataBMDMAStatusReadB(pCtl, Port) << 16);
5664 break;
5665 default:
5666 AssertMsgFailed(("%s: Unsupported read from port %x size=%d\n", __FUNCTION__, Port, cb));
5667 PDMCritSectLeave(&pCtl->lock);
5668 return VERR_IOM_IOPORT_UNUSED;
5669 }
5670 PDMCritSectLeave(&pCtl->lock);
5671 return rc;
5672}
5673
5674/**
5675 * Port I/O Handler for bus master DMA OUT operations.
5676 * @see FNIOMIOPORTOUT for details.
5677 */
5678PDMBOTHCBDECL(int) ataBMDMAIOPortWrite(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t u32, unsigned cb)
5679{
5680 uint32_t i = (uint32_t)(uintptr_t)pvUser;
5681 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5682 PATACONTROLLER pCtl = &pThis->aCts[i];
5683
5684 int rc = PDMCritSectEnter(&pCtl->lock, VINF_IOM_R3_IOPORT_WRITE);
5685 if (rc != VINF_SUCCESS)
5686 return rc;
5687 switch (VAL(Port, cb))
5688 {
5689 case VAL(0, 1):
5690#ifndef IN_RING3
5691 if (u32 & BM_CMD_START)
5692 {
5693 rc = VINF_IOM_R3_IOPORT_WRITE;
5694 break;
5695 }
5696#endif /* !IN_RING3 */
5697 ataBMDMACmdWriteB(pCtl, Port, u32);
5698 break;
5699 case VAL(2, 1): ataBMDMAStatusWriteB(pCtl, Port, u32); break;
5700 case VAL(4, 4): ataBMDMAAddrWriteL(pCtl, Port, u32); break;
5701 case VAL(4, 2): ataBMDMAAddrWriteLowWord(pCtl, Port, u32); break;
5702 case VAL(6, 2): ataBMDMAAddrWriteHighWord(pCtl, Port, u32); break;
5703 default: AssertMsgFailed(("%s: Unsupported write to port %x size=%d val=%x\n", __FUNCTION__, Port, cb, u32)); break;
5704 }
5705 PDMCritSectLeave(&pCtl->lock);
5706 return rc;
5707}
5708
5709#undef VAL
5710
5711#ifdef IN_RING3
5712
5713/**
5714 * Callback function for mapping an PCI I/O region.
5715 *
5716 * @return VBox status code.
5717 * @param pPciDev Pointer to PCI device. Use pPciDev->pDevIns to get the device instance.
5718 * @param iRegion The region number.
5719 * @param GCPhysAddress Physical address of the region. If iType is PCI_ADDRESS_SPACE_IO, this is an
5720 * I/O port, else it's a physical address.
5721 * This address is *NOT* relative to pci_mem_base like earlier!
5722 * @param enmType One of the PCI_ADDRESS_SPACE_* values.
5723 */
5724static DECLCALLBACK(int) ataBMDMAIORangeMap(PPCIDEVICE pPciDev, /*unsigned*/ int iRegion, RTGCPHYS GCPhysAddress, uint32_t cb, PCIADDRESSSPACE enmType)
5725{
5726 PCIATAState *pThis = PCIDEV_2_PCIATASTATE(pPciDev);
5727 int rc = VINF_SUCCESS;
5728 Assert(enmType == PCI_ADDRESS_SPACE_IO);
5729 Assert(iRegion == 4);
5730 AssertMsg(RT_ALIGN(GCPhysAddress, 8) == GCPhysAddress, ("Expected 8 byte alignment. GCPhysAddress=%#x\n", GCPhysAddress));
5731
5732 /* Register the port range. */
5733 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
5734 {
5735 int rc2 = PDMDevHlpIOPortRegister(pPciDev->pDevIns, (RTIOPORT)GCPhysAddress + i * 8, 8,
5736 (RTHCPTR)(uintptr_t)i, ataBMDMAIOPortWrite, ataBMDMAIOPortRead, NULL, NULL, "ATA Bus Master DMA");
5737 AssertRC(rc2);
5738 if (rc2 < rc)
5739 rc = rc2;
5740
5741 if (pThis->fGCEnabled)
5742 {
5743 rc2 = PDMDevHlpIOPortRegisterRC(pPciDev->pDevIns, (RTIOPORT)GCPhysAddress + i * 8, 8,
5744 (RTGCPTR)i, "ataBMDMAIOPortWrite", "ataBMDMAIOPortRead", NULL, NULL, "ATA Bus Master DMA");
5745 AssertRC(rc2);
5746 if (rc2 < rc)
5747 rc = rc2;
5748 }
5749 if (pThis->fR0Enabled)
5750 {
5751 rc2 = PDMDevHlpIOPortRegisterR0(pPciDev->pDevIns, (RTIOPORT)GCPhysAddress + i * 8, 8,
5752 (RTR0PTR)i, "ataBMDMAIOPortWrite", "ataBMDMAIOPortRead", NULL, NULL, "ATA Bus Master DMA");
5753 AssertRC(rc2);
5754 if (rc2 < rc)
5755 rc = rc2;
5756 }
5757 }
5758 return rc;
5759}
5760
5761
5762/* -=-=-=-=-=- PCIATAState::IBase -=-=-=-=-=- */
5763
5764/**
5765 * @interface_method_impl{PDMIBASE,pfnQueryInterface}
5766 */
5767static DECLCALLBACK(void *) ataStatus_QueryInterface(PPDMIBASE pInterface, const char *pszIID)
5768{
5769 PCIATAState *pThis = PDMIBASE_2_PCIATASTATE(pInterface);
5770 PDMIBASE_RETURN_INTERFACE(pszIID, PDMIBASE, &pThis->IBase);
5771 PDMIBASE_RETURN_INTERFACE(pszIID, PDMILEDPORTS, &pThis->ILeds);
5772 return NULL;
5773}
5774
5775
5776/* -=-=-=-=-=- PCIATAState::ILeds -=-=-=-=-=- */
5777
5778/**
5779 * Gets the pointer to the status LED of a unit.
5780 *
5781 * @returns VBox status code.
5782 * @param pInterface Pointer to the interface structure containing the called function pointer.
5783 * @param iLUN The unit which status LED we desire.
5784 * @param ppLed Where to store the LED pointer.
5785 */
5786static DECLCALLBACK(int) ataStatus_QueryStatusLed(PPDMILEDPORTS pInterface, unsigned iLUN, PPDMLED *ppLed)
5787{
5788 PCIATAState *pThis = PDMILEDPORTS_2_PCIATASTATE(pInterface);
5789 if (iLUN < 4)
5790 {
5791 switch (iLUN)
5792 {
5793 case 0: *ppLed = &pThis->aCts[0].aIfs[0].Led; break;
5794 case 1: *ppLed = &pThis->aCts[0].aIfs[1].Led; break;
5795 case 2: *ppLed = &pThis->aCts[1].aIfs[0].Led; break;
5796 case 3: *ppLed = &pThis->aCts[1].aIfs[1].Led; break;
5797 }
5798 Assert((*ppLed)->u32Magic == PDMLED_MAGIC);
5799 return VINF_SUCCESS;
5800 }
5801 return VERR_PDM_LUN_NOT_FOUND;
5802}
5803
5804
5805/* -=-=-=-=-=- ATADevState::IBase -=-=-=-=-=- */
5806
5807/**
5808 * @interface_method_impl{PDMIBASE,pfnQueryInterface}
5809 */
5810static DECLCALLBACK(void *) ataQueryInterface(PPDMIBASE pInterface, const char *pszIID)
5811{
5812 ATADevState *pIf = PDMIBASE_2_ATASTATE(pInterface);
5813 PDMIBASE_RETURN_INTERFACE(pszIID, PDMIBASE, &pIf->IBase);
5814 PDMIBASE_RETURN_INTERFACE(pszIID, PDMIBLOCKPORT, &pIf->IPort);
5815 PDMIBASE_RETURN_INTERFACE(pszIID, PDMIMOUNTNOTIFY, &pIf->IMountNotify);
5816 return NULL;
5817}
5818
5819
5820/* -=-=-=-=-=- ATADevState::IPort -=-=-=-=-=- */
5821
5822/**
5823 * @interface_method_impl{PDMIBLOCKPORT,pfnQueryDeviceLocation}
5824 */
5825static DECLCALLBACK(int) ataR3QueryDeviceLocation(PPDMIBLOCKPORT pInterface, const char **ppcszController,
5826 uint32_t *piInstance, uint32_t *piLUN)
5827{
5828 ATADevState *pIf = PDMIBLOCKPORT_2_ATASTATE(pInterface);
5829 PPDMDEVINS pDevIns = pIf->CTX_SUFF(pDevIns);
5830
5831 AssertPtrReturn(ppcszController, VERR_INVALID_POINTER);
5832 AssertPtrReturn(piInstance, VERR_INVALID_POINTER);
5833 AssertPtrReturn(piLUN, VERR_INVALID_POINTER);
5834
5835 *ppcszController = pDevIns->pReg->szName;
5836 *piInstance = pDevIns->iInstance;
5837 *piLUN = pIf->iLUN;
5838
5839 return VINF_SUCCESS;
5840}
5841#endif /* IN_RING3 */
5842
5843
5844/* -=-=-=-=-=- Wrappers -=-=-=-=-=- */
5845
5846/**
5847 * Port I/O Handler for primary port range OUT operations.
5848 * @see FNIOMIOPORTOUT for details.
5849 */
5850PDMBOTHCBDECL(int) ataIOPortWrite1(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t u32, unsigned cb)
5851{
5852 uint32_t i = (uint32_t)(uintptr_t)pvUser;
5853 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5854 PATACONTROLLER pCtl = &pThis->aCts[i];
5855 int rc = VINF_SUCCESS;
5856
5857 Assert(i < 2);
5858
5859 rc = PDMCritSectEnter(&pCtl->lock, VINF_IOM_R3_IOPORT_WRITE);
5860 if (rc != VINF_SUCCESS)
5861 return rc;
5862 if (Port == pCtl->IOPortBase1)
5863 {
5864 /* Writes to the data port may be 16-bit or 32-bit. */
5865 Assert(cb == 2 || cb == 4);
5866 rc = ataDataWrite(pCtl, Port, cb, (const uint8_t *)&u32);
5867 }
5868 else
5869 {
5870 /* Writes to the other command block ports should be 8-bit only. If they
5871 * are not, the high bits are simply discarded. Undocumented, but observed
5872 * on a real PIIX4 system.
5873 */
5874 if (cb > 1)
5875 Log(("ataIOPortWrite1: suspect write to port %x val=%x size=%d\n", Port, u32, cb));
5876
5877 rc = ataIOPortWriteU8(pCtl, Port, u32);
5878 }
5879 PDMCritSectLeave(&pCtl->lock);
5880 return rc;
5881}
5882
5883
5884/**
5885 * Port I/O Handler for primary port range IN operations.
5886 * @see FNIOMIOPORTIN for details.
5887 */
5888PDMBOTHCBDECL(int) ataIOPortRead1(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t *pu32, unsigned cb)
5889{
5890 uint32_t i = (uint32_t)(uintptr_t)pvUser;
5891 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5892 PATACONTROLLER pCtl = &pThis->aCts[i];
5893 int rc = VINF_SUCCESS;
5894
5895 Assert(i < 2);
5896
5897 rc = PDMCritSectEnter(&pCtl->lock, VINF_IOM_R3_IOPORT_READ);
5898 if (rc != VINF_SUCCESS)
5899 return rc;
5900 if (Port == pCtl->IOPortBase1)
5901 {
5902 /* Reads from the data register may be 16-bit or 32-bit. */
5903 Assert(cb == 2 || cb == 4);
5904 rc = ataDataRead(pCtl, Port, cb, (uint8_t *)pu32);
5905 if (cb == 2)
5906 *pu32 &= 0xffff;
5907 }
5908 else
5909 {
5910 /* Reads from the other command block registers should be 8-bit only.
5911 * If they are not, the low byte is propagated to the high bits.
5912 * Undocumented, but observed on a real PIIX4 system.
5913 */
5914 rc = ataIOPortReadU8(pCtl, Port, pu32);
5915 if (cb > 1)
5916 {
5917 uint32_t pad;
5918
5919 /* Replicate the 8-bit result into the upper three bytes. */
5920 pad = *pu32 & 0xff;
5921 pad = pad | (pad << 8);
5922 pad = pad | (pad << 16);
5923 *pu32 = pad;
5924 Log(("ataIOPortRead1: suspect read from port %x size=%d\n", Port, cb));
5925 }
5926 }
5927 PDMCritSectLeave(&pCtl->lock);
5928 return rc;
5929}
5930
5931#ifndef IN_RING0 /** @todo do this in ring-0 as well. */
5932/**
5933 * Port I/O Handler for primary port range IN string operations.
5934 * @see FNIOMIOPORTINSTRING for details.
5935 */
5936PDMBOTHCBDECL(int) ataIOPortReadStr1(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, RTGCPTR *pGCPtrDst, PRTGCUINTREG pcTransfer, unsigned cb)
5937{
5938 uint32_t i = (uint32_t)(uintptr_t)pvUser;
5939 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5940 PATACONTROLLER pCtl = &pThis->aCts[i];
5941 int rc = VINF_SUCCESS;
5942
5943 Assert(i < 2);
5944
5945 rc = PDMCritSectEnter(&pCtl->lock, VINF_IOM_R3_IOPORT_READ);
5946 if (rc != VINF_SUCCESS)
5947 return rc;
5948 if (Port == pCtl->IOPortBase1)
5949 {
5950 uint32_t cTransAvailable, cTransfer = *pcTransfer, cbTransfer;
5951 RTGCPTR GCDst = *pGCPtrDst;
5952 ATADevState *s = &pCtl->aIfs[pCtl->iSelectedIf];
5953 Assert(cb == 2 || cb == 4);
5954
5955 cTransAvailable = (s->iIOBufferPIODataEnd - s->iIOBufferPIODataStart) / cb;
5956#ifndef IN_RING3
5957 /* Deal with the unlikely case where no data (or not enough for the read length operation) is available; go back to ring 3. */
5958 if (!cTransAvailable)
5959 {
5960 PDMCritSectLeave(&pCtl->lock);
5961 return VINF_IOM_R3_IOPORT_READ;
5962 }
5963 /* The last transfer unit cannot be handled in GC, as it involves thread communication. */
5964 cTransAvailable--;
5965#endif /* !IN_RING3 */
5966 /* Do not handle the dummy transfer stuff here, leave it to the single-word transfers.
5967 * They are not performance-critical and generally shouldn't occur at all. */
5968 if (cTransAvailable > cTransfer)
5969 cTransAvailable = cTransfer;
5970 cbTransfer = cTransAvailable * cb;
5971
5972 rc = PGMPhysSimpleDirtyWriteGCPtr(PDMDevHlpGetVMCPU(pDevIns), GCDst, s->CTX_SUFF(pbIOBuffer) + s->iIOBufferPIODataStart, cbTransfer);
5973#ifndef IN_RING3
5974 /* Paranoia. */
5975 if (RT_FAILURE(rc))
5976 {
5977 PDMCritSectLeave(&pCtl->lock);
5978 AssertFailed();
5979 return VINF_IOM_R3_IOPORT_READ;
5980 }
5981#else
5982 Assert(rc == VINF_SUCCESS);
5983#endif
5984
5985 if (cbTransfer)
5986 Log3(("%s: addr=%#x val=%.*Rhxs\n", __FUNCTION__, Port, cbTransfer, s->CTX_SUFF(pbIOBuffer) + s->iIOBufferPIODataStart));
5987 s->iIOBufferPIODataStart += cbTransfer;
5988 *pGCPtrDst = (RTGCPTR)((RTGCUINTPTR)GCDst + cbTransfer);
5989 *pcTransfer = cTransfer - cTransAvailable;
5990#ifdef IN_RING3
5991 if (s->iIOBufferPIODataStart >= s->iIOBufferPIODataEnd)
5992 ataPIOTransferFinish(pCtl, s);
5993#endif /* IN_RING3 */
5994 }
5995 PDMCritSectLeave(&pCtl->lock);
5996 return rc;
5997}
5998
5999
6000/**
6001 * Port I/O Handler for primary port range OUT string operations.
6002 * @see FNIOMIOPORTOUTSTRING for details.
6003 */
6004PDMBOTHCBDECL(int) ataIOPortWriteStr1(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, RTGCPTR *pGCPtrSrc, PRTGCUINTREG pcTransfer, unsigned cb)
6005{
6006 uint32_t i = (uint32_t)(uintptr_t)pvUser;
6007 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
6008 PATACONTROLLER pCtl = &pThis->aCts[i];
6009 int rc;
6010
6011 Assert(i < 2);
6012
6013 rc = PDMCritSectEnter(&pCtl->lock, VINF_IOM_R3_IOPORT_WRITE);
6014 if (rc != VINF_SUCCESS)
6015 return rc;
6016 if (Port == pCtl->IOPortBase1)
6017 {
6018 uint32_t cTransAvailable, cTransfer = *pcTransfer, cbTransfer;
6019 RTGCPTR GCSrc = *pGCPtrSrc;
6020 ATADevState *s = &pCtl->aIfs[pCtl->iSelectedIf];
6021 Assert(cb == 2 || cb == 4);
6022
6023 cTransAvailable = (s->iIOBufferPIODataEnd - s->iIOBufferPIODataStart) / cb;
6024#ifndef IN_RING3
6025 /* Deal with the unlikely case where no data (or not enough for the read length operation) is available; go back to ring 3. */
6026 if (!cTransAvailable)
6027 {
6028 PDMCritSectLeave(&pCtl->lock);
6029 return VINF_IOM_R3_IOPORT_WRITE;
6030 }
6031 /* The last transfer unit cannot be handled in GC, as it involves thread communication. */
6032 cTransAvailable--;
6033#endif /* !IN_RING3 */
6034 /* Do not handle the dummy transfer stuff here, leave it to the single-word transfers.
6035 * They are not performance-critical and generally shouldn't occur at all. */
6036 if (cTransAvailable > cTransfer)
6037 cTransAvailable = cTransfer;
6038 cbTransfer = cTransAvailable * cb;
6039
6040 rc = PGMPhysSimpleReadGCPtr(PDMDevHlpGetVMCPU(pDevIns), s->CTX_SUFF(pbIOBuffer) + s->iIOBufferPIODataStart, GCSrc, cbTransfer);
6041#ifndef IN_RING3
6042 /* Paranoia. */
6043 if (RT_FAILURE(rc))
6044 {
6045 PDMCritSectLeave(&pCtl->lock);
6046 AssertFailed();
6047 return VINF_IOM_R3_IOPORT_WRITE;
6048 }
6049#else
6050 Assert(rc == VINF_SUCCESS);
6051#endif
6052
6053 if (cbTransfer)
6054 Log3(("%s: addr=%#x val=%.*Rhxs\n", __FUNCTION__, Port, cbTransfer, s->CTX_SUFF(pbIOBuffer) + s->iIOBufferPIODataStart));
6055 s->iIOBufferPIODataStart += cbTransfer;
6056 *pGCPtrSrc = (RTGCPTR)((RTGCUINTPTR)GCSrc + cbTransfer);
6057 *pcTransfer = cTransfer - cTransAvailable;
6058#ifdef IN_RING3
6059 if (s->iIOBufferPIODataStart >= s->iIOBufferPIODataEnd)
6060 ataPIOTransferFinish(pCtl, s);
6061#endif /* IN_RING3 */
6062 }
6063 PDMCritSectLeave(&pCtl->lock);
6064 return rc;
6065}
6066#endif /* !IN_RING0 */
6067
6068/**
6069 * Port I/O Handler for secondary port range OUT operations.
6070 * @see FNIOMIOPORTOUT for details.
6071 */
6072PDMBOTHCBDECL(int) ataIOPortWrite2(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t u32, unsigned cb)
6073{
6074 uint32_t i = (uint32_t)(uintptr_t)pvUser;
6075 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
6076 PATACONTROLLER pCtl = &pThis->aCts[i];
6077 int rc;
6078
6079 Assert(i < 2);
6080
6081 if (cb != 1)
6082 return VINF_SUCCESS;
6083 rc = PDMCritSectEnter(&pCtl->lock, VINF_IOM_R3_IOPORT_WRITE);
6084 if (rc != VINF_SUCCESS)
6085 return rc;
6086 rc = ataControlWrite(pCtl, Port, u32);
6087 PDMCritSectLeave(&pCtl->lock);
6088 return rc;
6089}
6090
6091
6092/**
6093 * Port I/O Handler for secondary port range IN operations.
6094 * @see FNIOMIOPORTIN for details.
6095 */
6096PDMBOTHCBDECL(int) ataIOPortRead2(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t *pu32, unsigned cb)
6097{
6098 uint32_t i = (uint32_t)(uintptr_t)pvUser;
6099 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
6100 PATACONTROLLER pCtl = &pThis->aCts[i];
6101 int rc;
6102
6103 Assert(i < 2);
6104
6105 if (cb != 1)
6106 return VERR_IOM_IOPORT_UNUSED;
6107
6108 rc = PDMCritSectEnter(&pCtl->lock, VINF_IOM_R3_IOPORT_READ);
6109 if (rc != VINF_SUCCESS)
6110 return rc;
6111 *pu32 = ataStatusRead(pCtl, Port);
6112 PDMCritSectLeave(&pCtl->lock);
6113 return VINF_SUCCESS;
6114}
6115
6116#ifdef IN_RING3
6117
6118
6119DECLINLINE(void) ataRelocBuffer(PPDMDEVINS pDevIns, ATADevState *s)
6120{
6121 if (s->pbIOBufferR3)
6122 s->pbIOBufferRC = MMHyperR3ToRC(PDMDevHlpGetVM(pDevIns), s->pbIOBufferR3);
6123}
6124
6125
6126/**
6127 * Detach notification.
6128 *
6129 * The DVD drive has been unplugged.
6130 *
6131 * @param pDevIns The device instance.
6132 * @param iLUN The logical unit which is being detached.
6133 * @param fFlags Flags, combination of the PDMDEVATT_FLAGS_* \#defines.
6134 */
6135static DECLCALLBACK(void) ataR3Detach(PPDMDEVINS pDevIns, unsigned iLUN, uint32_t fFlags)
6136{
6137 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
6138 PATACONTROLLER pCtl;
6139 ATADevState *pIf;
6140 unsigned iController;
6141 unsigned iInterface;
6142
6143 AssertMsg(fFlags & PDM_TACH_FLAGS_NOT_HOT_PLUG,
6144 ("PIIX3IDE: Device does not support hotplugging\n"));
6145
6146 /*
6147 * Locate the controller and stuff.
6148 */
6149 iController = iLUN / RT_ELEMENTS(pThis->aCts[0].aIfs);
6150 AssertReleaseMsg(iController < RT_ELEMENTS(pThis->aCts), ("iController=%d iLUN=%d\n", iController, iLUN));
6151 pCtl = &pThis->aCts[iController];
6152
6153 iInterface = iLUN % RT_ELEMENTS(pThis->aCts[0].aIfs);
6154 pIf = &pCtl->aIfs[iInterface];
6155
6156 /*
6157 * Zero some important members.
6158 */
6159 pIf->pDrvBase = NULL;
6160 pIf->pDrvBlock = NULL;
6161 pIf->pDrvBlockBios = NULL;
6162 pIf->pDrvMount = NULL;
6163
6164 /*
6165 * In case there was a medium inserted.
6166 */
6167 ataMediumRemoved(pIf);
6168}
6169
6170
6171/**
6172 * Configure a LUN.
6173 *
6174 * @returns VBox status code.
6175 * @param pDevIns The device instance.
6176 * @param pIf The ATA unit state.
6177 */
6178static int ataConfigLun(PPDMDEVINS pDevIns, ATADevState *pIf)
6179{
6180 int rc = VINF_SUCCESS;
6181 PDMBLOCKTYPE enmType;
6182
6183 /*
6184 * Query Block, Bios and Mount interfaces.
6185 */
6186 pIf->pDrvBlock = PDMIBASE_QUERY_INTERFACE(pIf->pDrvBase, PDMIBLOCK);
6187 if (!pIf->pDrvBlock)
6188 {
6189 AssertMsgFailed(("Configuration error: LUN#%d hasn't a block interface!\n", pIf->iLUN));
6190 return VERR_PDM_MISSING_INTERFACE;
6191 }
6192
6193 /** @todo implement the BIOS invisible code path. */
6194 pIf->pDrvBlockBios = PDMIBASE_QUERY_INTERFACE(pIf->pDrvBase, PDMIBLOCKBIOS);
6195 if (!pIf->pDrvBlockBios)
6196 {
6197 AssertMsgFailed(("Configuration error: LUN#%d hasn't a block BIOS interface!\n", pIf->iLUN));
6198 return VERR_PDM_MISSING_INTERFACE;
6199 }
6200 pIf->pDrvMount = PDMIBASE_QUERY_INTERFACE(pIf->pDrvBase, PDMIMOUNT);
6201
6202 /*
6203 * Validate type.
6204 */
6205 enmType = pIf->pDrvBlock->pfnGetType(pIf->pDrvBlock);
6206 if ( enmType != PDMBLOCKTYPE_CDROM
6207 && enmType != PDMBLOCKTYPE_DVD
6208 && enmType != PDMBLOCKTYPE_HARD_DISK)
6209 {
6210 AssertMsgFailed(("Configuration error: LUN#%d isn't a disk or cd/dvd-rom. enmType=%d\n", pIf->iLUN, enmType));
6211 return VERR_PDM_UNSUPPORTED_BLOCK_TYPE;
6212 }
6213 if ( ( enmType == PDMBLOCKTYPE_DVD
6214 || enmType == PDMBLOCKTYPE_CDROM)
6215 && !pIf->pDrvMount)
6216 {
6217 AssertMsgFailed(("Internal error: cdrom without a mountable interface, WTF???!\n"));
6218 return VERR_INTERNAL_ERROR;
6219 }
6220 pIf->fATAPI = enmType == PDMBLOCKTYPE_DVD || enmType == PDMBLOCKTYPE_CDROM;
6221 pIf->fATAPIPassthrough = pIf->fATAPI ? (pIf->pDrvBlock->pfnSendCmd != NULL) : false;
6222
6223 /*
6224 * Allocate I/O buffer.
6225 */
6226 if (pIf->fATAPI)
6227 pIf->cbSector = 2048;
6228 else
6229 pIf->cbSector = pIf->pDrvBlock->pfnGetSectorSize(pIf->pDrvBlock);
6230
6231 PVM pVM = PDMDevHlpGetVM(pDevIns);
6232 if (pIf->cbIOBuffer)
6233 {
6234 /* Buffer is (probably) already allocated. Validate the fields,
6235 * because memory corruption can also overwrite pIf->cbIOBuffer. */
6236 if (pIf->fATAPI)
6237 AssertRelease(pIf->cbIOBuffer == _128K);
6238 else
6239 AssertRelease(pIf->cbIOBuffer == ATA_MAX_MULT_SECTORS * pIf->cbSector);
6240 Assert(pIf->pbIOBufferR3);
6241 Assert(pIf->pbIOBufferR0 == MMHyperR3ToR0(pVM, pIf->pbIOBufferR3));
6242 Assert(pIf->pbIOBufferRC == MMHyperR3ToRC(pVM, pIf->pbIOBufferR3));
6243 }
6244 else
6245 {
6246 if (pIf->fATAPI)
6247 pIf->cbIOBuffer = _128K;
6248 else
6249 pIf->cbIOBuffer = ATA_MAX_MULT_SECTORS * pIf->cbSector;
6250 Assert(!pIf->pbIOBufferR3);
6251 rc = MMR3HyperAllocOnceNoRel(pVM, pIf->cbIOBuffer, 0, MM_TAG_PDM_DEVICE_USER, (void **)&pIf->pbIOBufferR3);
6252 if (RT_FAILURE(rc))
6253 return VERR_NO_MEMORY;
6254 pIf->pbIOBufferR0 = MMHyperR3ToR0(pVM, pIf->pbIOBufferR3);
6255 pIf->pbIOBufferRC = MMHyperR3ToRC(pVM, pIf->pbIOBufferR3);
6256 }
6257
6258 /*
6259 * Init geometry (only for non-CD/DVD media).
6260 */
6261 if (pIf->fATAPI)
6262 {
6263 pIf->cTotalSectors = pIf->pDrvBlock->pfnGetSize(pIf->pDrvBlock) / pIf->cbSector;
6264 pIf->PCHSGeometry.cCylinders = 0; /* dummy */
6265 pIf->PCHSGeometry.cHeads = 0; /* dummy */
6266 pIf->PCHSGeometry.cSectors = 0; /* dummy */
6267 LogRel(("PIIX3 ATA: LUN#%d: CD/DVD, total number of sectors %Ld, passthrough %s\n", pIf->iLUN, pIf->cTotalSectors, (pIf->fATAPIPassthrough ? "enabled" : "disabled")));
6268 }
6269 else
6270 {
6271 pIf->cTotalSectors = pIf->pDrvBlock->pfnGetSize(pIf->pDrvBlock) / pIf->cbSector;
6272 rc = pIf->pDrvBlockBios->pfnGetPCHSGeometry(pIf->pDrvBlockBios,
6273 &pIf->PCHSGeometry);
6274 if (rc == VERR_PDM_MEDIA_NOT_MOUNTED)
6275 {
6276 pIf->PCHSGeometry.cCylinders = 0;
6277 pIf->PCHSGeometry.cHeads = 16; /*??*/
6278 pIf->PCHSGeometry.cSectors = 63; /*??*/
6279 }
6280 else if (rc == VERR_PDM_GEOMETRY_NOT_SET)
6281 {
6282 pIf->PCHSGeometry.cCylinders = 0; /* autodetect marker */
6283 rc = VINF_SUCCESS;
6284 }
6285 AssertRC(rc);
6286
6287 if ( pIf->PCHSGeometry.cCylinders == 0
6288 || pIf->PCHSGeometry.cHeads == 0
6289 || pIf->PCHSGeometry.cSectors == 0
6290 )
6291 {
6292 uint64_t cCylinders = pIf->cTotalSectors / (16 * 63);
6293 pIf->PCHSGeometry.cCylinders = RT_MAX(RT_MIN(cCylinders, 16383), 1);
6294 pIf->PCHSGeometry.cHeads = 16;
6295 pIf->PCHSGeometry.cSectors = 63;
6296 /* Set the disk geometry information. Ignore errors. */
6297 pIf->pDrvBlockBios->pfnSetPCHSGeometry(pIf->pDrvBlockBios,
6298 &pIf->PCHSGeometry);
6299 rc = VINF_SUCCESS;
6300 }
6301 LogRel(("PIIX3 ATA: LUN#%d: disk, PCHS=%u/%u/%u, total number of sectors %Ld\n", pIf->iLUN, pIf->PCHSGeometry.cCylinders, pIf->PCHSGeometry.cHeads, pIf->PCHSGeometry.cSectors, pIf->cTotalSectors));
6302
6303 if (pIf->pDrvBlock->pfnDiscard)
6304 LogRel(("PIIX3 ATA: LUN#%d: TRIM enabled\n", pIf->iLUN));
6305 }
6306 return rc;
6307}
6308
6309
6310/**
6311 * Attach command.
6312 *
6313 * This is called when we change block driver for the DVD drive.
6314 *
6315 * @returns VBox status code.
6316 * @param pDevIns The device instance.
6317 * @param iLUN The logical unit which is being detached.
6318 * @param fFlags Flags, combination of the PDMDEVATT_FLAGS_* \#defines.
6319 */
6320static DECLCALLBACK(int) ataR3Attach(PPDMDEVINS pDevIns, unsigned iLUN, uint32_t fFlags)
6321{
6322 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
6323 PATACONTROLLER pCtl;
6324 ATADevState *pIf;
6325 int rc;
6326 unsigned iController;
6327 unsigned iInterface;
6328
6329 AssertMsgReturn(fFlags & PDM_TACH_FLAGS_NOT_HOT_PLUG,
6330 ("PIIX3IDE: Device does not support hotplugging\n"),
6331 VERR_INVALID_PARAMETER);
6332
6333 /*
6334 * Locate the controller and stuff.
6335 */
6336 iController = iLUN / RT_ELEMENTS(pThis->aCts[0].aIfs);
6337 AssertReleaseMsg(iController < RT_ELEMENTS(pThis->aCts), ("iController=%d iLUN=%d\n", iController, iLUN));
6338 pCtl = &pThis->aCts[iController];
6339
6340 iInterface = iLUN % RT_ELEMENTS(pThis->aCts[0].aIfs);
6341 pIf = &pCtl->aIfs[iInterface];
6342
6343 /* the usual paranoia */
6344 AssertRelease(!pIf->pDrvBase);
6345 AssertRelease(!pIf->pDrvBlock);
6346 Assert(ATADEVSTATE_2_CONTROLLER(pIf) == pCtl);
6347 Assert(pIf->iLUN == iLUN);
6348
6349 /*
6350 * Try attach the block device and get the interfaces,
6351 * required as well as optional.
6352 */
6353 rc = PDMDevHlpDriverAttach(pDevIns, pIf->iLUN, &pIf->IBase, &pIf->pDrvBase, NULL);
6354 if (RT_SUCCESS(rc))
6355 {
6356 rc = ataConfigLun(pDevIns, pIf);
6357 /*
6358 * In case there is a medium inserted.
6359 */
6360 ataMediumInserted(pIf);
6361 ataMediumTypeSet(pIf, ATA_MEDIA_TYPE_UNKNOWN);
6362 }
6363 else
6364 AssertMsgFailed(("Failed to attach LUN#%d. rc=%Rrc\n", pIf->iLUN, rc));
6365
6366 if (RT_FAILURE(rc))
6367 {
6368 pIf->pDrvBase = NULL;
6369 pIf->pDrvBlock = NULL;
6370 }
6371 return rc;
6372}
6373
6374
6375/**
6376 * Resume notification.
6377 *
6378 * @returns VBox status.
6379 * @param pDevIns The device instance data.
6380 */
6381static DECLCALLBACK(void) ataR3Resume(PPDMDEVINS pDevIns)
6382{
6383 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
6384 int rc;
6385
6386 Log(("%s:\n", __FUNCTION__));
6387 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
6388 {
6389 if (pThis->aCts[i].fRedo && pThis->aCts[i].fRedoIdle)
6390 {
6391 rc = RTSemEventSignal(pThis->aCts[i].SuspendIOSem);
6392 AssertRC(rc);
6393 }
6394 }
6395 return;
6396}
6397
6398
6399/**
6400 * Checks if all (both) the async I/O threads have quiesced.
6401 *
6402 * @returns true on success.
6403 * @returns false when one or more threads is still processing.
6404 * @param pThis Pointer to the instance data.
6405 */
6406static bool ataR3AllAsyncIOIsIdle(PPDMDEVINS pDevIns)
6407{
6408 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
6409
6410 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
6411 if (pThis->aCts[i].AsyncIOThread != NIL_RTTHREAD)
6412 {
6413 bool fRc = ataAsyncIOIsIdle(&pThis->aCts[i], false /*fStrict*/);
6414 if (!fRc)
6415 {
6416 /* Make it signal PDM & itself when its done */
6417 RTSemMutexRequest(pThis->aCts[i].AsyncIORequestMutex, RT_INDEFINITE_WAIT);
6418 ASMAtomicWriteBool(&pThis->aCts[i].fSignalIdle, true);
6419 RTSemMutexRelease(pThis->aCts[i].AsyncIORequestMutex);
6420 fRc = ataAsyncIOIsIdle(&pThis->aCts[i], false /*fStrict*/);
6421 if (!fRc)
6422 {
6423#if 0 /** @todo Need to do some time tracking here... */
6424 LogRel(("PIIX3 ATA: Ctl#%u is still executing, DevSel=%d AIOIf=%d CmdIf0=%#04x CmdIf1=%#04x\n",
6425 i, pThis->aCts[i].iSelectedIf, pThis->aCts[i].iAIOIf,
6426 pThis->aCts[i].aIfs[0].uATARegCommand, pThis->aCts[i].aIfs[1].uATARegCommand));
6427#endif
6428 return false;
6429 }
6430 }
6431 ASMAtomicWriteBool(&pThis->aCts[i].fSignalIdle, false);
6432 }
6433 return true;
6434}
6435
6436/**
6437 * Prepare state save and load operation.
6438 *
6439 * @returns VBox status code.
6440 * @param pDevIns Device instance of the device which registered the data unit.
6441 * @param pSSM SSM operation handle.
6442 */
6443static DECLCALLBACK(int) ataSaveLoadPrep(PPDMDEVINS pDevIns, PSSMHANDLE pSSM)
6444{
6445 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
6446
6447 /* sanity - the suspend notification will wait on the async stuff. */
6448 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
6449 AssertLogRelMsgReturn(ataAsyncIOIsIdle(&pThis->aCts[i], false /*fStrict*/),
6450 ("i=%u\n", i),
6451 VERR_SSM_IDE_ASYNC_TIMEOUT);
6452 return VINF_SUCCESS;
6453}
6454
6455/**
6456 * @copydoc FNSSMDEVLIVEEXEC
6457 */
6458static DECLCALLBACK(int) ataLiveExec(PPDMDEVINS pDevIns, PSSMHANDLE pSSM, uint32_t uPass)
6459{
6460 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
6461
6462 SSMR3PutU8(pSSM, pThis->u8Type);
6463 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
6464 {
6465 SSMR3PutBool(pSSM, true); /* For controller enabled / disabled. */
6466 for (uint32_t j = 0; j < RT_ELEMENTS(pThis->aCts[i].aIfs); j++)
6467 {
6468 SSMR3PutBool(pSSM, pThis->aCts[i].aIfs[j].pDrvBase != NULL);
6469 SSMR3PutStrZ(pSSM, pThis->aCts[i].aIfs[j].szSerialNumber);
6470 SSMR3PutStrZ(pSSM, pThis->aCts[i].aIfs[j].szFirmwareRevision);
6471 SSMR3PutStrZ(pSSM, pThis->aCts[i].aIfs[j].szModelNumber);
6472 }
6473 }
6474
6475 return VINF_SSM_DONT_CALL_AGAIN;
6476}
6477
6478/**
6479 * @copydoc FNSSMDEVSAVEEXEC
6480 */
6481static DECLCALLBACK(int) ataSaveExec(PPDMDEVINS pDevIns, PSSMHANDLE pSSM)
6482{
6483 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
6484
6485 ataLiveExec(pDevIns, pSSM, SSM_PASS_FINAL);
6486
6487 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
6488 {
6489 SSMR3PutU8(pSSM, pThis->aCts[i].iSelectedIf);
6490 SSMR3PutU8(pSSM, pThis->aCts[i].iAIOIf);
6491 SSMR3PutU8(pSSM, pThis->aCts[i].uAsyncIOState);
6492 SSMR3PutBool(pSSM, pThis->aCts[i].fChainedTransfer);
6493 SSMR3PutBool(pSSM, pThis->aCts[i].fReset);
6494 SSMR3PutBool(pSSM, pThis->aCts[i].fRedo);
6495 SSMR3PutBool(pSSM, pThis->aCts[i].fRedoIdle);
6496 SSMR3PutBool(pSSM, pThis->aCts[i].fRedoDMALastDesc);
6497 SSMR3PutMem(pSSM, &pThis->aCts[i].BmDma, sizeof(pThis->aCts[i].BmDma));
6498 SSMR3PutGCPhys32(pSSM, pThis->aCts[i].pFirstDMADesc);
6499 SSMR3PutGCPhys32(pSSM, pThis->aCts[i].pLastDMADesc);
6500 SSMR3PutGCPhys32(pSSM, pThis->aCts[i].pRedoDMABuffer);
6501 SSMR3PutU32(pSSM, pThis->aCts[i].cbRedoDMABuffer);
6502
6503 for (uint32_t j = 0; j < RT_ELEMENTS(pThis->aCts[i].aIfs); j++)
6504 {
6505 SSMR3PutBool(pSSM, pThis->aCts[i].aIfs[j].fLBA48);
6506 SSMR3PutBool(pSSM, pThis->aCts[i].aIfs[j].fATAPI);
6507 SSMR3PutBool(pSSM, pThis->aCts[i].aIfs[j].fIrqPending);
6508 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].cMultSectors);
6509 SSMR3PutU32(pSSM, pThis->aCts[i].aIfs[j].PCHSGeometry.cCylinders);
6510 SSMR3PutU32(pSSM, pThis->aCts[i].aIfs[j].PCHSGeometry.cHeads);
6511 SSMR3PutU32(pSSM, pThis->aCts[i].aIfs[j].PCHSGeometry.cSectors);
6512 SSMR3PutU32(pSSM, pThis->aCts[i].aIfs[j].cSectorsPerIRQ);
6513 SSMR3PutU64(pSSM, pThis->aCts[i].aIfs[j].cTotalSectors);
6514 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegFeature);
6515 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegFeatureHOB);
6516 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegError);
6517 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegNSector);
6518 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegNSectorHOB);
6519 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegSector);
6520 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegSectorHOB);
6521 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegLCyl);
6522 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegLCylHOB);
6523 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegHCyl);
6524 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegHCylHOB);
6525 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegSelect);
6526 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegStatus);
6527 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegCommand);
6528 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegDevCtl);
6529 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATATransferMode);
6530 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uTxDir);
6531 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].iBeginTransfer);
6532 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].iSourceSink);
6533 SSMR3PutBool(pSSM, pThis->aCts[i].aIfs[j].fDMA);
6534 SSMR3PutBool(pSSM, pThis->aCts[i].aIfs[j].fATAPITransfer);
6535 SSMR3PutU32(pSSM, pThis->aCts[i].aIfs[j].cbTotalTransfer);
6536 SSMR3PutU32(pSSM, pThis->aCts[i].aIfs[j].cbElementaryTransfer);
6537 SSMR3PutU32(pSSM, pThis->aCts[i].aIfs[j].iIOBufferCur);
6538 SSMR3PutU32(pSSM, pThis->aCts[i].aIfs[j].iIOBufferEnd);
6539 SSMR3PutU32(pSSM, pThis->aCts[i].aIfs[j].iIOBufferPIODataStart);
6540 SSMR3PutU32(pSSM, pThis->aCts[i].aIfs[j].iIOBufferPIODataEnd);
6541 SSMR3PutU32(pSSM, pThis->aCts[i].aIfs[j].iATAPILBA);
6542 SSMR3PutU32(pSSM, pThis->aCts[i].aIfs[j].cbATAPISector);
6543 SSMR3PutMem(pSSM, &pThis->aCts[i].aIfs[j].aATAPICmd, sizeof(pThis->aCts[i].aIfs[j].aATAPICmd));
6544 SSMR3PutMem(pSSM, &pThis->aCts[i].aIfs[j].abATAPISense, sizeof(pThis->aCts[i].aIfs[j].abATAPISense));
6545 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].cNotifiedMediaChange);
6546 SSMR3PutU32(pSSM, pThis->aCts[i].aIfs[j].MediaEventStatus);
6547 SSMR3PutMem(pSSM, &pThis->aCts[i].aIfs[j].Led, sizeof(pThis->aCts[i].aIfs[j].Led));
6548 SSMR3PutU32(pSSM, pThis->aCts[i].aIfs[j].cbIOBuffer);
6549 if (pThis->aCts[i].aIfs[j].cbIOBuffer)
6550 SSMR3PutMem(pSSM, pThis->aCts[i].aIfs[j].CTX_SUFF(pbIOBuffer), pThis->aCts[i].aIfs[j].cbIOBuffer);
6551 else
6552 Assert(pThis->aCts[i].aIfs[j].CTX_SUFF(pbIOBuffer) == NULL);
6553 }
6554 }
6555
6556 return SSMR3PutU32(pSSM, ~0); /* sanity/terminator */
6557}
6558
6559/**
6560 * Converts the LUN number into a message string.
6561 */
6562static const char *ataStringifyLun(unsigned iLun)
6563{
6564 switch (iLun)
6565 {
6566 case 0: return "primary master";
6567 case 1: return "primary slave";
6568 case 2: return "secondary master";
6569 case 3: return "secondary slave";
6570 default: AssertFailedReturn("unknown lun");
6571 }
6572}
6573
6574/**
6575 * FNSSMDEVLOADEXEC
6576 */
6577static DECLCALLBACK(int) ataLoadExec(PPDMDEVINS pDevIns, PSSMHANDLE pSSM, uint32_t uVersion, uint32_t uPass)
6578{
6579 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
6580 int rc;
6581 uint32_t u32;
6582
6583 if ( uVersion != ATA_SAVED_STATE_VERSION
6584 && uVersion != ATA_SAVED_STATE_VERSION_VBOX_30
6585 && uVersion != ATA_SAVED_STATE_VERSION_WITHOUT_FULL_SENSE
6586 && uVersion != ATA_SAVED_STATE_VERSION_WITHOUT_EVENT_STATUS
6587 && uVersion != ATA_SAVED_STATE_VERSION_WITH_BOOL_TYPE)
6588 {
6589 AssertMsgFailed(("uVersion=%d\n", uVersion));
6590 return VERR_SSM_UNSUPPORTED_DATA_UNIT_VERSION;
6591 }
6592
6593 /*
6594 * Verify the configuration.
6595 */
6596 if (uVersion > ATA_SAVED_STATE_VERSION_VBOX_30)
6597 {
6598 uint8_t u8Type;
6599 rc = SSMR3GetU8(pSSM, &u8Type);
6600 AssertRCReturn(rc, rc);
6601 if (u8Type != pThis->u8Type)
6602 return SSMR3SetCfgError(pSSM, RT_SRC_POS, N_("Config mismatch: u8Type - saved=%u config=%u"), u8Type, pThis->u8Type);
6603
6604 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
6605 {
6606 bool fEnabled;
6607 rc = SSMR3GetBool(pSSM, &fEnabled);
6608 AssertRCReturn(rc, rc);
6609 if (!fEnabled)
6610 return SSMR3SetCfgError(pSSM, RT_SRC_POS, N_("Ctr#%u onfig mismatch: fEnabled != true"), i);
6611
6612 for (uint32_t j = 0; j < RT_ELEMENTS(pThis->aCts[i].aIfs); j++)
6613 {
6614 ATADevState const *pIf = &pThis->aCts[i].aIfs[j];
6615
6616 bool fInUse;
6617 rc = SSMR3GetBool(pSSM, &fInUse);
6618 AssertRCReturn(rc, rc);
6619 if (fInUse != (pIf->pDrvBase != NULL))
6620 return SSMR3SetCfgError(pSSM, RT_SRC_POS,
6621 N_("The %s VM is missing a %s device. Please make sure the source and target VMs have compatible storage configurations"),
6622 fInUse ? "target" : "source", ataStringifyLun(pIf->iLUN) );
6623
6624 char szSerialNumber[ATA_SERIAL_NUMBER_LENGTH+1];
6625 rc = SSMR3GetStrZ(pSSM, szSerialNumber, sizeof(szSerialNumber));
6626 AssertRCReturn(rc, rc);
6627 if (strcmp(szSerialNumber, pIf->szSerialNumber))
6628 LogRel(("PIIX3 ATA: LUN#%u config mismatch: Serial number - saved='%s' config='%s'\n",
6629 pIf->iLUN, szSerialNumber, pIf->szSerialNumber));
6630
6631 char szFirmwareRevision[ATA_FIRMWARE_REVISION_LENGTH+1];
6632 rc = SSMR3GetStrZ(pSSM, szFirmwareRevision, sizeof(szFirmwareRevision));
6633 AssertRCReturn(rc, rc);
6634 if (strcmp(szFirmwareRevision, pIf->szFirmwareRevision))
6635 LogRel(("PIIX3 ATA: LUN#%u config mismatch: Firmware revision - saved='%s' config='%s'\n",
6636 pIf->iLUN, szFirmwareRevision, pIf->szFirmwareRevision));
6637
6638 char szModelNumber[ATA_MODEL_NUMBER_LENGTH+1];
6639 rc = SSMR3GetStrZ(pSSM, szModelNumber, sizeof(szModelNumber));
6640 AssertRCReturn(rc, rc);
6641 if (strcmp(szModelNumber, pIf->szModelNumber))
6642 LogRel(("PIIX3 ATA: LUN#%u config mismatch: Model number - saved='%s' config='%s'\n",
6643 pIf->iLUN, szModelNumber, pIf->szModelNumber));
6644 }
6645 }
6646 }
6647 if (uPass != SSM_PASS_FINAL)
6648 return VINF_SUCCESS;
6649
6650 /*
6651 * Restore valid parts of the PCIATAState structure
6652 */
6653 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
6654 {
6655 /* integrity check */
6656 if (!ataAsyncIOIsIdle(&pThis->aCts[i], false))
6657 {
6658 AssertMsgFailed(("Async I/O for controller %d is active\n", i));
6659 return VERR_INTERNAL_ERROR_4;
6660 }
6661
6662 SSMR3GetU8(pSSM, &pThis->aCts[i].iSelectedIf);
6663 SSMR3GetU8(pSSM, &pThis->aCts[i].iAIOIf);
6664 SSMR3GetU8(pSSM, &pThis->aCts[i].uAsyncIOState);
6665 SSMR3GetBool(pSSM, &pThis->aCts[i].fChainedTransfer);
6666 SSMR3GetBool(pSSM, (bool *)&pThis->aCts[i].fReset);
6667 SSMR3GetBool(pSSM, (bool *)&pThis->aCts[i].fRedo);
6668 SSMR3GetBool(pSSM, (bool *)&pThis->aCts[i].fRedoIdle);
6669 SSMR3GetBool(pSSM, (bool *)&pThis->aCts[i].fRedoDMALastDesc);
6670 SSMR3GetMem(pSSM, &pThis->aCts[i].BmDma, sizeof(pThis->aCts[i].BmDma));
6671 SSMR3GetGCPhys32(pSSM, &pThis->aCts[i].pFirstDMADesc);
6672 SSMR3GetGCPhys32(pSSM, &pThis->aCts[i].pLastDMADesc);
6673 SSMR3GetGCPhys32(pSSM, &pThis->aCts[i].pRedoDMABuffer);
6674 SSMR3GetU32(pSSM, &pThis->aCts[i].cbRedoDMABuffer);
6675
6676 for (uint32_t j = 0; j < RT_ELEMENTS(pThis->aCts[i].aIfs); j++)
6677 {
6678 SSMR3GetBool(pSSM, &pThis->aCts[i].aIfs[j].fLBA48);
6679 SSMR3GetBool(pSSM, &pThis->aCts[i].aIfs[j].fATAPI);
6680 SSMR3GetBool(pSSM, &pThis->aCts[i].aIfs[j].fIrqPending);
6681 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].cMultSectors);
6682 SSMR3GetU32(pSSM, &pThis->aCts[i].aIfs[j].PCHSGeometry.cCylinders);
6683 SSMR3GetU32(pSSM, &pThis->aCts[i].aIfs[j].PCHSGeometry.cHeads);
6684 SSMR3GetU32(pSSM, &pThis->aCts[i].aIfs[j].PCHSGeometry.cSectors);
6685 SSMR3GetU32(pSSM, &pThis->aCts[i].aIfs[j].cSectorsPerIRQ);
6686 SSMR3GetU64(pSSM, &pThis->aCts[i].aIfs[j].cTotalSectors);
6687 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegFeature);
6688 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegFeatureHOB);
6689 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegError);
6690 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegNSector);
6691 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegNSectorHOB);
6692 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegSector);
6693 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegSectorHOB);
6694 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegLCyl);
6695 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegLCylHOB);
6696 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegHCyl);
6697 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegHCylHOB);
6698 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegSelect);
6699 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegStatus);
6700 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegCommand);
6701 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegDevCtl);
6702 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATATransferMode);
6703 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uTxDir);
6704 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].iBeginTransfer);
6705 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].iSourceSink);
6706 SSMR3GetBool(pSSM, &pThis->aCts[i].aIfs[j].fDMA);
6707 SSMR3GetBool(pSSM, &pThis->aCts[i].aIfs[j].fATAPITransfer);
6708 SSMR3GetU32(pSSM, &pThis->aCts[i].aIfs[j].cbTotalTransfer);
6709 SSMR3GetU32(pSSM, &pThis->aCts[i].aIfs[j].cbElementaryTransfer);
6710 /* NB: cbPIOTransferLimit could be saved/restored but it's sufficient
6711 * to re-calculate it here, with a tiny risk that it could be
6712 * unnecessarily low for the current transfer only. Could be changed
6713 * when changing the saved state in the future.
6714 */
6715 pThis->aCts[i].aIfs[j].cbPIOTransferLimit = (pThis->aCts[i].aIfs[j].uATARegHCyl << 8) | pThis->aCts[i].aIfs[j].uATARegLCyl;
6716 SSMR3GetU32(pSSM, &pThis->aCts[i].aIfs[j].iIOBufferCur);
6717 SSMR3GetU32(pSSM, &pThis->aCts[i].aIfs[j].iIOBufferEnd);
6718 SSMR3GetU32(pSSM, &pThis->aCts[i].aIfs[j].iIOBufferPIODataStart);
6719 SSMR3GetU32(pSSM, &pThis->aCts[i].aIfs[j].iIOBufferPIODataEnd);
6720 SSMR3GetU32(pSSM, &pThis->aCts[i].aIfs[j].iATAPILBA);
6721 SSMR3GetU32(pSSM, &pThis->aCts[i].aIfs[j].cbATAPISector);
6722 SSMR3GetMem(pSSM, &pThis->aCts[i].aIfs[j].aATAPICmd, sizeof(pThis->aCts[i].aIfs[j].aATAPICmd));
6723 if (uVersion > ATA_SAVED_STATE_VERSION_WITHOUT_FULL_SENSE)
6724 {
6725 SSMR3GetMem(pSSM, pThis->aCts[i].aIfs[j].abATAPISense, sizeof(pThis->aCts[i].aIfs[j].abATAPISense));
6726 }
6727 else
6728 {
6729 uint8_t uATAPISenseKey, uATAPIASC;
6730 memset(pThis->aCts[i].aIfs[j].abATAPISense, '\0', sizeof(pThis->aCts[i].aIfs[j].abATAPISense));
6731 pThis->aCts[i].aIfs[j].abATAPISense[0] = 0x70 | (1 << 7);
6732 pThis->aCts[i].aIfs[j].abATAPISense[7] = 10;
6733 SSMR3GetU8(pSSM, &uATAPISenseKey);
6734 SSMR3GetU8(pSSM, &uATAPIASC);
6735 pThis->aCts[i].aIfs[j].abATAPISense[2] = uATAPISenseKey & 0x0f;
6736 pThis->aCts[i].aIfs[j].abATAPISense[12] = uATAPIASC;
6737 }
6738 /** @todo triple-check this hack after passthrough is working */
6739 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].cNotifiedMediaChange);
6740 if (uVersion > ATA_SAVED_STATE_VERSION_WITHOUT_EVENT_STATUS)
6741 SSMR3GetU32(pSSM, (uint32_t*)&pThis->aCts[i].aIfs[j].MediaEventStatus);
6742 else
6743 pThis->aCts[i].aIfs[j].MediaEventStatus = ATA_EVENT_STATUS_UNCHANGED;
6744 SSMR3GetMem(pSSM, &pThis->aCts[i].aIfs[j].Led, sizeof(pThis->aCts[i].aIfs[j].Led));
6745 SSMR3GetU32(pSSM, &pThis->aCts[i].aIfs[j].cbIOBuffer);
6746 if (pThis->aCts[i].aIfs[j].cbIOBuffer)
6747 {
6748 if (pThis->aCts[i].aIfs[j].CTX_SUFF(pbIOBuffer))
6749 SSMR3GetMem(pSSM, pThis->aCts[i].aIfs[j].CTX_SUFF(pbIOBuffer), pThis->aCts[i].aIfs[j].cbIOBuffer);
6750 else
6751 {
6752 LogRel(("ATA: No buffer for %d/%d\n", i, j));
6753 if (SSMR3HandleGetAfter(pSSM) != SSMAFTER_DEBUG_IT)
6754 return SSMR3SetCfgError(pSSM, RT_SRC_POS, N_("No buffer for %d/%d"), i, j);
6755
6756 /* skip the buffer if we're loading for the debugger / animator. */
6757 uint8_t u8Ignored;
6758 size_t cbLeft = pThis->aCts[i].aIfs[j].cbIOBuffer;
6759 while (cbLeft-- > 0)
6760 SSMR3GetU8(pSSM, &u8Ignored);
6761 }
6762 }
6763 else
6764 Assert(pThis->aCts[i].aIfs[j].CTX_SUFF(pbIOBuffer) == NULL);
6765 }
6766 }
6767 if (uVersion <= ATA_SAVED_STATE_VERSION_VBOX_30)
6768 SSMR3GetU8(pSSM, &pThis->u8Type);
6769
6770 rc = SSMR3GetU32(pSSM, &u32);
6771 if (RT_FAILURE(rc))
6772 return rc;
6773 if (u32 != ~0U)
6774 {
6775 AssertMsgFailed(("u32=%#x expected ~0\n", u32));
6776 rc = VERR_SSM_DATA_UNIT_FORMAT_CHANGED;
6777 return rc;
6778 }
6779
6780 return VINF_SUCCESS;
6781}
6782
6783
6784/**
6785 * Callback employed by ataSuspend and ataR3PowerOff.
6786 *
6787 * @returns true if we've quiesced, false if we're still working.
6788 * @param pDevIns The device instance.
6789 */
6790static DECLCALLBACK(bool) ataR3IsAsyncSuspendOrPowerOffDone(PPDMDEVINS pDevIns)
6791{
6792 return ataR3AllAsyncIOIsIdle(pDevIns);
6793}
6794
6795
6796/**
6797 * Common worker for ataSuspend and ataR3PowerOff.
6798 */
6799static void ataR3SuspendOrPowerOff(PPDMDEVINS pDevIns)
6800{
6801 if (!ataR3AllAsyncIOIsIdle(pDevIns))
6802 PDMDevHlpSetAsyncNotification(pDevIns, ataR3IsAsyncSuspendOrPowerOffDone);
6803}
6804
6805
6806/**
6807 * Power Off notification.
6808 *
6809 * @returns VBox status.
6810 * @param pDevIns The device instance data.
6811 */
6812static DECLCALLBACK(void) ataR3PowerOff(PPDMDEVINS pDevIns)
6813{
6814 Log(("%s:\n", __FUNCTION__));
6815 ataR3SuspendOrPowerOff(pDevIns);
6816}
6817
6818
6819/**
6820 * Suspend notification.
6821 *
6822 * @returns VBox status.
6823 * @param pDevIns The device instance data.
6824 */
6825static DECLCALLBACK(void) ataR3Suspend(PPDMDEVINS pDevIns)
6826{
6827 Log(("%s:\n", __FUNCTION__));
6828 ataR3SuspendOrPowerOff(pDevIns);
6829}
6830
6831
6832/**
6833 * Callback employed by ataR3Reset.
6834 *
6835 * @returns true if we've quiesced, false if we're still working.
6836 * @param pDevIns The device instance.
6837 */
6838static DECLCALLBACK(bool) ataR3IsAsyncResetDone(PPDMDEVINS pDevIns)
6839{
6840 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
6841
6842 if (!ataR3AllAsyncIOIsIdle(pDevIns))
6843 return false;
6844
6845 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
6846 {
6847 PDMCritSectEnter(&pThis->aCts[i].lock, VERR_INTERNAL_ERROR);
6848 for (uint32_t j = 0; j < RT_ELEMENTS(pThis->aCts[i].aIfs); j++)
6849 ataResetDevice(&pThis->aCts[i].aIfs[j]);
6850 PDMCritSectLeave(&pThis->aCts[i].lock);
6851 }
6852 return true;
6853}
6854
6855
6856/**
6857 * Common reset worker for ataR3Reset and ataR3Construct.
6858 *
6859 * @returns VBox status.
6860 * @param pDevIns The device instance data.
6861 * @param fConstruct Indicates who is calling.
6862 */
6863static int ataR3ResetCommon(PPDMDEVINS pDevIns, bool fConstruct)
6864{
6865 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
6866
6867 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
6868 {
6869 PDMCritSectEnter(&pThis->aCts[i].lock, VERR_INTERNAL_ERROR);
6870
6871 pThis->aCts[i].iSelectedIf = 0;
6872 pThis->aCts[i].iAIOIf = 0;
6873 pThis->aCts[i].BmDma.u8Cmd = 0;
6874 /* Report that both drives present on the bus are in DMA mode. This
6875 * pretends that there is a BIOS that has set it up. Normal reset
6876 * default is 0x00. */
6877 pThis->aCts[i].BmDma.u8Status = (pThis->aCts[i].aIfs[0].pDrvBase != NULL ? BM_STATUS_D0DMA : 0)
6878 | (pThis->aCts[i].aIfs[1].pDrvBase != NULL ? BM_STATUS_D1DMA : 0);
6879 pThis->aCts[i].BmDma.pvAddr = 0;
6880
6881 pThis->aCts[i].fReset = true;
6882 pThis->aCts[i].fRedo = false;
6883 pThis->aCts[i].fRedoIdle = false;
6884 ataAsyncIOClearRequests(&pThis->aCts[i]);
6885 Log2(("%s: Ctl#%d: message to async I/O thread, reset controller\n", __FUNCTION__, i));
6886 ataAsyncIOPutRequest(&pThis->aCts[i], &g_ataResetARequest);
6887 ataAsyncIOPutRequest(&pThis->aCts[i], &g_ataResetCRequest);
6888
6889 PDMCritSectLeave(&pThis->aCts[i].lock);
6890 }
6891
6892 int rcRet = VINF_SUCCESS;
6893 if (!fConstruct)
6894 {
6895 /*
6896 * Setup asynchronous notification completion if the requests haven't
6897 * completed yet.
6898 */
6899 if (!ataR3IsAsyncResetDone(pDevIns))
6900 PDMDevHlpSetAsyncNotification(pDevIns, ataR3IsAsyncResetDone);
6901 }
6902 else
6903 {
6904 /*
6905 * Wait for the requests for complete.
6906 *
6907 * Would be real nice if we could do it all from EMT(0) and not
6908 * involve the worker threads, then we could dispense with all the
6909 * waiting and semaphore ping-pong here...
6910 */
6911 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
6912 {
6913 if (pThis->aCts[i].AsyncIOThread != NIL_RTTHREAD)
6914 {
6915 int rc = RTSemMutexRequest(pThis->aCts[i].AsyncIORequestMutex, RT_INDEFINITE_WAIT);
6916 AssertRC(rc);
6917
6918 ASMAtomicWriteBool(&pThis->aCts[i].fSignalIdle, true);
6919 rc = RTThreadUserReset(pThis->aCts[i].AsyncIOThread);
6920 AssertRC(rc);
6921
6922 rc = RTSemMutexRelease(pThis->aCts[i].AsyncIORequestMutex);
6923 AssertRC(rc);
6924
6925 if (!ataAsyncIOIsIdle(&pThis->aCts[i], false /*fStrict*/))
6926 {
6927 rc = RTThreadUserWait(pThis->aCts[i].AsyncIOThread, 30*1000 /*ms*/);
6928 if (RT_FAILURE(rc))
6929 rc = RTThreadUserWait(pThis->aCts[i].AsyncIOThread, 1000 /*ms*/);
6930 if (RT_FAILURE(rc))
6931 {
6932 AssertRC(rc);
6933 rcRet = rc;
6934 }
6935 }
6936 }
6937 ASMAtomicWriteBool(&pThis->aCts[i].fSignalIdle, false);
6938 }
6939 if (RT_SUCCESS(rcRet))
6940 {
6941 rcRet = ataR3IsAsyncResetDone(pDevIns) ? VINF_SUCCESS : VERR_INTERNAL_ERROR;
6942 AssertRC(rcRet);
6943 }
6944 }
6945 return rcRet;
6946}
6947
6948/**
6949 * Reset notification.
6950 *
6951 * @param pDevIns The device instance data.
6952 */
6953static DECLCALLBACK(void) ataR3Reset(PPDMDEVINS pDevIns)
6954{
6955 ataR3ResetCommon(pDevIns, false /*fConstruct*/);
6956}
6957
6958/**
6959 * @copydoc FNPDMDEVRELOCATE
6960 */
6961static DECLCALLBACK(void) ataR3Relocate(PPDMDEVINS pDevIns, RTGCINTPTR offDelta)
6962{
6963 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
6964
6965 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
6966 {
6967 pThis->aCts[i].pDevInsRC += offDelta;
6968 pThis->aCts[i].aIfs[0].pDevInsRC += offDelta;
6969 pThis->aCts[i].aIfs[0].pControllerRC += offDelta;
6970 ataRelocBuffer(pDevIns, &pThis->aCts[i].aIfs[0]);
6971 pThis->aCts[i].aIfs[1].pDevInsRC += offDelta;
6972 pThis->aCts[i].aIfs[1].pControllerRC += offDelta;
6973 ataRelocBuffer(pDevIns, &pThis->aCts[i].aIfs[1]);
6974 }
6975}
6976
6977/**
6978 * Destroy a driver instance.
6979 *
6980 * Most VM resources are freed by the VM. This callback is provided so that any non-VM
6981 * resources can be freed correctly.
6982 *
6983 * @param pDevIns The device instance data.
6984 */
6985static DECLCALLBACK(int) ataR3Destruct(PPDMDEVINS pDevIns)
6986{
6987 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
6988 int rc;
6989
6990 Log(("ataR3Destruct\n"));
6991 PDMDEV_CHECK_VERSIONS_RETURN_QUIET(pDevIns);
6992
6993 /*
6994 * Tell the async I/O threads to terminate.
6995 */
6996 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
6997 {
6998 if (pThis->aCts[i].AsyncIOThread != NIL_RTTHREAD)
6999 {
7000 ASMAtomicWriteU32(&pThis->aCts[i].fShutdown, true);
7001 rc = RTSemEventSignal(pThis->aCts[i].AsyncIOSem);
7002 AssertRC(rc);
7003 rc = RTSemEventSignal(pThis->aCts[i].SuspendIOSem);
7004 AssertRC(rc);
7005 }
7006 }
7007
7008 /*
7009 * Wait for the threads to terminate before destroying their resources.
7010 */
7011 for (unsigned i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
7012 {
7013 if (pThis->aCts[i].AsyncIOThread != NIL_RTTHREAD)
7014 {
7015 rc = RTThreadWait(pThis->aCts[i].AsyncIOThread, 30000 /* 30 s*/, NULL);
7016 if (RT_SUCCESS(rc))
7017 pThis->aCts[i].AsyncIOThread = NIL_RTTHREAD;
7018 else
7019 LogRel(("PIIX3 ATA Dtor: Ctl#%u is still executing, DevSel=%d AIOIf=%d CmdIf0=%#04x CmdIf1=%#04x rc=%Rrc\n",
7020 i, pThis->aCts[i].iSelectedIf, pThis->aCts[i].iAIOIf,
7021 pThis->aCts[i].aIfs[0].uATARegCommand, pThis->aCts[i].aIfs[1].uATARegCommand, rc));
7022 }
7023 }
7024
7025 /*
7026 * Free resources.
7027 */
7028 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
7029 {
7030 if (pThis->aCts[i].AsyncIORequestMutex != NIL_RTSEMMUTEX)
7031 {
7032 RTSemMutexDestroy(pThis->aCts[i].AsyncIORequestMutex);
7033 pThis->aCts[i].AsyncIORequestMutex = NIL_RTSEMMUTEX;
7034 }
7035 if (pThis->aCts[i].AsyncIOSem != NIL_RTSEMEVENT)
7036 {
7037 RTSemEventDestroy(pThis->aCts[i].AsyncIOSem);
7038 pThis->aCts[i].AsyncIOSem = NIL_RTSEMEVENT;
7039 }
7040 if (pThis->aCts[i].SuspendIOSem != NIL_RTSEMEVENT)
7041 {
7042 RTSemEventDestroy(pThis->aCts[i].SuspendIOSem);
7043 pThis->aCts[i].SuspendIOSem = NIL_RTSEMEVENT;
7044 }
7045
7046 /* try one final time */
7047 if (pThis->aCts[i].AsyncIOThread != NIL_RTTHREAD)
7048 {
7049 rc = RTThreadWait(pThis->aCts[i].AsyncIOThread, 1 /*ms*/, NULL);
7050 if (RT_SUCCESS(rc))
7051 {
7052 pThis->aCts[i].AsyncIOThread = NIL_RTTHREAD;
7053 LogRel(("PIIX3 ATA Dtor: Ctl#%u actually completed.\n", i));
7054 }
7055 }
7056
7057 for (uint32_t iIf = 0; iIf < RT_ELEMENTS(pThis->aCts[i].aIfs); iIf++)
7058 {
7059 if (pThis->aCts[i].aIfs[iIf].pTrackList)
7060 {
7061 ATAPIPassthroughTrackListDestroy(pThis->aCts[i].aIfs[iIf].pTrackList);
7062 pThis->aCts[i].aIfs[iIf].pTrackList = NULL;
7063 }
7064 }
7065 }
7066
7067 return VINF_SUCCESS;
7068}
7069
7070/**
7071 * Convert config value to DEVPCBIOSBOOT.
7072 *
7073 * @returns VBox status code.
7074 * @param pDevIns The device instance data.
7075 * @param pCfg Configuration handle.
7076 * @param penmChipset Where to store the chipset type.
7077 */
7078static int ataControllerFromCfg(PPDMDEVINS pDevIns, PCFGMNODE pCfg, CHIPSET *penmChipset)
7079{
7080 char szType[20];
7081
7082 int rc = CFGMR3QueryStringDef(pCfg, "Type", &szType[0], sizeof(szType), "PIIX4");
7083 if (RT_FAILURE(rc))
7084 return PDMDevHlpVMSetError(pDevIns, rc, RT_SRC_POS,
7085 N_("Configuration error: Querying \"Type\" as a string failed"));
7086 if (!strcmp(szType, "PIIX3"))
7087 *penmChipset = CHIPSET_PIIX3;
7088 else if (!strcmp(szType, "PIIX4"))
7089 *penmChipset = CHIPSET_PIIX4;
7090 else if (!strcmp(szType, "ICH6"))
7091 *penmChipset = CHIPSET_ICH6;
7092 else
7093 {
7094 PDMDevHlpVMSetError(pDevIns, rc, RT_SRC_POS,
7095 N_("Configuration error: The \"Type\" value \"%s\" is unknown"),
7096 szType);
7097 rc = VERR_INTERNAL_ERROR;
7098 }
7099 return rc;
7100}
7101
7102/**
7103 * @interface_method_impl{PDMDEVREG,pfnConstruct}
7104 */
7105static DECLCALLBACK(int) ataR3Construct(PPDMDEVINS pDevIns, int iInstance, PCFGMNODE pCfg)
7106{
7107 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
7108 PPDMIBASE pBase;
7109 int rc;
7110 bool fGCEnabled;
7111 bool fR0Enabled;
7112 uint32_t DelayIRQMillies;
7113
7114 Assert(iInstance == 0);
7115 PDMDEV_CHECK_VERSIONS_RETURN(pDevIns);
7116
7117 /*
7118 * Initialize NIL handle values (for the destructor).
7119 */
7120 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
7121 {
7122 pThis->aCts[i].AsyncIOSem = NIL_RTSEMEVENT;
7123 pThis->aCts[i].SuspendIOSem = NIL_RTSEMEVENT;
7124 pThis->aCts[i].AsyncIORequestMutex = NIL_RTSEMMUTEX;
7125 pThis->aCts[i].AsyncIOThread = NIL_RTTHREAD;
7126 }
7127
7128 /*
7129 * Validate and read configuration.
7130 */
7131 if (!CFGMR3AreValuesValid(pCfg,
7132 "GCEnabled\0"
7133 "R0Enabled\0"
7134 "IRQDelay\0"
7135 "Type\0")
7136 /** @todo || invalid keys */)
7137 return PDMDEV_SET_ERROR(pDevIns, VERR_PDM_DEVINS_UNKNOWN_CFG_VALUES,
7138 N_("PIIX3 configuration error: unknown option specified"));
7139
7140 rc = CFGMR3QueryBoolDef(pCfg, "GCEnabled", &fGCEnabled, true);
7141 if (RT_FAILURE(rc))
7142 return PDMDEV_SET_ERROR(pDevIns, rc,
7143 N_("PIIX3 configuration error: failed to read GCEnabled as boolean"));
7144 Log(("%s: fGCEnabled=%d\n", __FUNCTION__, fGCEnabled));
7145
7146 rc = CFGMR3QueryBoolDef(pCfg, "R0Enabled", &fR0Enabled, true);
7147 if (RT_FAILURE(rc))
7148 return PDMDEV_SET_ERROR(pDevIns, rc,
7149 N_("PIIX3 configuration error: failed to read R0Enabled as boolean"));
7150 Log(("%s: fR0Enabled=%d\n", __FUNCTION__, fR0Enabled));
7151
7152 rc = CFGMR3QueryU32Def(pCfg, "IRQDelay", &DelayIRQMillies, 0);
7153 if (RT_FAILURE(rc))
7154 return PDMDEV_SET_ERROR(pDevIns, rc,
7155 N_("PIIX3 configuration error: failed to read IRQDelay as integer"));
7156 Log(("%s: DelayIRQMillies=%d\n", __FUNCTION__, DelayIRQMillies));
7157 Assert(DelayIRQMillies < 50);
7158
7159 CHIPSET enmChipset = CHIPSET_PIIX3;
7160 rc = ataControllerFromCfg(pDevIns, pCfg, &enmChipset);
7161 if (RT_FAILURE(rc))
7162 return rc;
7163 pThis->u8Type = (uint8_t)enmChipset;
7164
7165 /*
7166 * Initialize data (most of it anyway).
7167 */
7168 /* Status LUN. */
7169 pThis->IBase.pfnQueryInterface = ataStatus_QueryInterface;
7170 pThis->ILeds.pfnQueryStatusLed = ataStatus_QueryStatusLed;
7171
7172 /* PCI configuration space. */
7173 PCIDevSetVendorId(&pThis->dev, 0x8086); /* Intel */
7174
7175 /*
7176 * When adding more IDE chipsets, don't forget to update pci_bios_init_device()
7177 * as it explicitly checks for PCI id for IDE controllers.
7178 */
7179 switch (pThis->u8Type)
7180 {
7181 case CHIPSET_ICH6:
7182 PCIDevSetDeviceId(&pThis->dev, 0x269e); /* ICH6 IDE */
7183 /** @todo: do we need it? Do we need anything else? */
7184 pThis->dev.config[0x48] = 0x00; /* UDMACTL */
7185 pThis->dev.config[0x4A] = 0x00; /* UDMATIM */
7186 pThis->dev.config[0x4B] = 0x00;
7187 {
7188 /*
7189 * See www.intel.com/Assets/PDF/manual/298600.pdf p. 30
7190 * Report
7191 * WR_Ping-Pong_EN: must be set
7192 * PCR0, PCR1: 80-pin primary cable reporting for both disks
7193 * SCR0, SCR1: 80-pin secondary cable reporting for both disks
7194 */
7195 uint16_t u16Config = (1<<10) | (1<<7) | (1<<6) | (1<<5) | (1<<4) ;
7196 pThis->dev.config[0x54] = u16Config & 0xff;
7197 pThis->dev.config[0x55] = u16Config >> 8;
7198 }
7199 break;
7200 case CHIPSET_PIIX4:
7201 PCIDevSetDeviceId(&pThis->dev, 0x7111); /* PIIX4 IDE */
7202 PCIDevSetRevisionId(&pThis->dev, 0x01); /* PIIX4E */
7203 pThis->dev.config[0x48] = 0x00; /* UDMACTL */
7204 pThis->dev.config[0x4A] = 0x00; /* UDMATIM */
7205 pThis->dev.config[0x4B] = 0x00;
7206 break;
7207 case CHIPSET_PIIX3:
7208 PCIDevSetDeviceId(&pThis->dev, 0x7010); /* PIIX3 IDE */
7209 break;
7210 default:
7211 AssertMsgFailed(("Unsupported IDE chipset type: %d\n", pThis->u8Type));
7212 }
7213
7214 PCIDevSetCommand( &pThis->dev, PCI_COMMAND_IOACCESS | PCI_COMMAND_MEMACCESS | PCI_COMMAND_BUSMASTER);
7215 PCIDevSetClassProg( &pThis->dev, 0x8a); /* programming interface = PCI_IDE bus master is supported */
7216 PCIDevSetClassSub( &pThis->dev, 0x01); /* class_sub = PCI_IDE */
7217 PCIDevSetClassBase( &pThis->dev, 0x01); /* class_base = PCI_mass_storage */
7218 PCIDevSetHeaderType(&pThis->dev, 0x00);
7219
7220 pThis->pDevIns = pDevIns;
7221 pThis->fGCEnabled = fGCEnabled;
7222 pThis->fR0Enabled = fR0Enabled;
7223 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
7224 {
7225 pThis->aCts[i].pDevInsR3 = pDevIns;
7226 pThis->aCts[i].pDevInsR0 = PDMDEVINS_2_R0PTR(pDevIns);
7227 pThis->aCts[i].pDevInsRC = PDMDEVINS_2_RCPTR(pDevIns);
7228 pThis->aCts[i].DelayIRQMillies = (uint32_t)DelayIRQMillies;
7229 for (uint32_t j = 0; j < RT_ELEMENTS(pThis->aCts[i].aIfs); j++)
7230 {
7231 ATADevState *pIf = &pThis->aCts[i].aIfs[j];
7232
7233 pIf->iLUN = i * RT_ELEMENTS(pThis->aCts) + j;
7234 pIf->pDevInsR3 = pDevIns;
7235 pIf->pDevInsR0 = PDMDEVINS_2_R0PTR(pDevIns);
7236 pIf->pDevInsRC = PDMDEVINS_2_RCPTR(pDevIns);
7237 pIf->pControllerR3 = &pThis->aCts[i];
7238 pIf->pControllerR0 = MMHyperR3ToR0(PDMDevHlpGetVM(pDevIns), &pThis->aCts[i]);
7239 pIf->pControllerRC = MMHyperR3ToRC(PDMDevHlpGetVM(pDevIns), &pThis->aCts[i]);
7240 pIf->IBase.pfnQueryInterface = ataQueryInterface;
7241 pIf->IMountNotify.pfnMountNotify = ataMountNotify;
7242 pIf->IMountNotify.pfnUnmountNotify = ataUnmountNotify;
7243 pIf->IPort.pfnQueryDeviceLocation = ataR3QueryDeviceLocation;
7244 pIf->Led.u32Magic = PDMLED_MAGIC;
7245 }
7246 }
7247
7248 Assert(RT_ELEMENTS(pThis->aCts) == 2);
7249 pThis->aCts[0].irq = 14;
7250 pThis->aCts[0].IOPortBase1 = 0x1f0;
7251 pThis->aCts[0].IOPortBase2 = 0x3f6;
7252 pThis->aCts[1].irq = 15;
7253 pThis->aCts[1].IOPortBase1 = 0x170;
7254 pThis->aCts[1].IOPortBase2 = 0x376;
7255
7256 /*
7257 * Set the default critical section to NOP as we lock on controller level.
7258 */
7259 rc = PDMDevHlpSetDeviceCritSect(pDevIns, PDMDevHlpCritSectGetNop(pDevIns));
7260 AssertRCReturn(rc, rc);
7261
7262 /*
7263 * Register the PCI device.
7264 * N.B. There's a hack in the PIIX3 PCI bridge device to assign this
7265 * device the slot next to itself.
7266 */
7267 rc = PDMDevHlpPCIRegister(pDevIns, &pThis->dev);
7268 if (RT_FAILURE(rc))
7269 return PDMDEV_SET_ERROR(pDevIns, rc,
7270 N_("PIIX3 cannot register PCI device"));
7271 //AssertMsg(pThis->dev.devfn == 9 || iInstance != 0, ("pThis->dev.devfn=%d\n", pThis->dev.devfn));
7272 rc = PDMDevHlpPCIIORegionRegister(pDevIns, 4, 0x10, PCI_ADDRESS_SPACE_IO, ataBMDMAIORangeMap);
7273 if (RT_FAILURE(rc))
7274 return PDMDEV_SET_ERROR(pDevIns, rc,
7275 N_("PIIX3 cannot register PCI I/O region for BMDMA"));
7276
7277 /*
7278 * Register the I/O ports.
7279 * The ports are all hardcoded and enforced by the PIIX3 host bridge controller.
7280 */
7281 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
7282 {
7283 rc = PDMDevHlpIOPortRegister(pDevIns, pThis->aCts[i].IOPortBase1, 8, (RTHCPTR)(uintptr_t)i,
7284 ataIOPortWrite1, ataIOPortRead1, ataIOPortWriteStr1, ataIOPortReadStr1, "ATA I/O Base 1");
7285 if (RT_FAILURE(rc))
7286 return PDMDEV_SET_ERROR(pDevIns, rc, N_("PIIX3 cannot register I/O handlers"));
7287
7288 if (fGCEnabled)
7289 {
7290 rc = PDMDevHlpIOPortRegisterRC(pDevIns, pThis->aCts[i].IOPortBase1, 8, (RTGCPTR)i,
7291 "ataIOPortWrite1", "ataIOPortRead1", "ataIOPortWriteStr1", "ataIOPortReadStr1", "ATA I/O Base 1");
7292 if (RT_FAILURE(rc))
7293 return PDMDEV_SET_ERROR(pDevIns, rc, N_("PIIX3 cannot register I/O handlers (GC)"));
7294 }
7295
7296 if (fR0Enabled)
7297 {
7298#if 1
7299 rc = PDMDevHlpIOPortRegisterR0(pDevIns, pThis->aCts[i].IOPortBase1, 8, (RTR0PTR)i,
7300 "ataIOPortWrite1", "ataIOPortRead1", NULL, NULL, "ATA I/O Base 1");
7301#else
7302 rc = PDMDevHlpIOPortRegisterR0(pDevIns, pThis->aCts[i].IOPortBase1, 8, (RTR0PTR)i,
7303 "ataIOPortWrite1", "ataIOPortRead1", "ataIOPortWriteStr1", "ataIOPortReadStr1", "ATA I/O Base 1");
7304#endif
7305 if (RT_FAILURE(rc))
7306 return PDMDEV_SET_ERROR(pDevIns, rc, "PIIX3 cannot register I/O handlers (R0).");
7307 }
7308
7309 rc = PDMDevHlpIOPortRegister(pDevIns, pThis->aCts[i].IOPortBase2, 1, (RTHCPTR)(uintptr_t)i,
7310 ataIOPortWrite2, ataIOPortRead2, NULL, NULL, "ATA I/O Base 2");
7311 if (RT_FAILURE(rc))
7312 return PDMDEV_SET_ERROR(pDevIns, rc, N_("PIIX3 cannot register base2 I/O handlers"));
7313
7314 if (fGCEnabled)
7315 {
7316 rc = PDMDevHlpIOPortRegisterRC(pDevIns, pThis->aCts[i].IOPortBase2, 1, (RTGCPTR)i,
7317 "ataIOPortWrite2", "ataIOPortRead2", NULL, NULL, "ATA I/O Base 2");
7318 if (RT_FAILURE(rc))
7319 return PDMDEV_SET_ERROR(pDevIns, rc, N_("PIIX3 cannot register base2 I/O handlers (GC)"));
7320 }
7321 if (fR0Enabled)
7322 {
7323 rc = PDMDevHlpIOPortRegisterR0(pDevIns, pThis->aCts[i].IOPortBase2, 1, (RTR0PTR)i,
7324 "ataIOPortWrite2", "ataIOPortRead2", NULL, NULL, "ATA I/O Base 2");
7325 if (RT_FAILURE(rc))
7326 return PDMDEV_SET_ERROR(pDevIns, rc, N_("PIIX3 cannot register base2 I/O handlers (R0)"));
7327 }
7328
7329 for (uint32_t j = 0; j < RT_ELEMENTS(pThis->aCts[i].aIfs); j++)
7330 {
7331 ATADevState *pIf = &pThis->aCts[i].aIfs[j];
7332 PDMDevHlpSTAMRegisterF(pDevIns, &pIf->StatATADMA, STAMTYPE_COUNTER, STAMVISIBILITY_ALWAYS, STAMUNIT_OCCURENCES,
7333 "Number of ATA DMA transfers.", "/Devices/IDE%d/ATA%d/Unit%d/DMA", iInstance, i, j);
7334 PDMDevHlpSTAMRegisterF(pDevIns, &pIf->StatATAPIO, STAMTYPE_COUNTER, STAMVISIBILITY_ALWAYS, STAMUNIT_OCCURENCES,
7335 "Number of ATA PIO transfers.", "/Devices/IDE%d/ATA%d/Unit%d/PIO", iInstance, i, j);
7336 PDMDevHlpSTAMRegisterF(pDevIns, &pIf->StatATAPIDMA, STAMTYPE_COUNTER, STAMVISIBILITY_ALWAYS, STAMUNIT_OCCURENCES,
7337 "Number of ATAPI DMA transfers.", "/Devices/IDE%d/ATA%d/Unit%d/AtapiDMA", iInstance, i, j);
7338 PDMDevHlpSTAMRegisterF(pDevIns, &pIf->StatATAPIPIO, STAMTYPE_COUNTER, STAMVISIBILITY_ALWAYS, STAMUNIT_OCCURENCES,
7339 "Number of ATAPI PIO transfers.", "/Devices/IDE%d/ATA%d/Unit%d/AtapiPIO", iInstance, i, j);
7340#ifdef VBOX_WITH_STATISTICS /** @todo release too. */
7341 PDMDevHlpSTAMRegisterF(pDevIns, &pIf->StatReads, STAMTYPE_PROFILE_ADV, STAMVISIBILITY_ALWAYS, STAMUNIT_TICKS_PER_CALL,
7342 "Profiling of the read operations.", "/Devices/IDE%d/ATA%d/Unit%d/Reads", iInstance, i, j);
7343#endif
7344 PDMDevHlpSTAMRegisterF(pDevIns, &pIf->StatBytesRead, STAMTYPE_COUNTER, STAMVISIBILITY_ALWAYS, STAMUNIT_BYTES,
7345 "Amount of data read.", "/Devices/IDE%d/ATA%d/Unit%d/ReadBytes", iInstance, i, j);
7346#ifdef VBOX_INSTRUMENT_DMA_WRITES
7347 PDMDevHlpSTAMRegisterF(pDevIns, &pIf->StatInstrVDWrites,STAMTYPE_PROFILE_ADV, STAMVISIBILITY_ALWAYS, STAMUNIT_TICKS_PER_CALL,
7348 "Profiling of the VD DMA write operations.", "/Devices/IDE%d/ATA%d/Unit%d/InstrVDWrites", iInstance, i, j);
7349#endif
7350#ifdef VBOX_WITH_STATISTICS
7351 PDMDevHlpSTAMRegisterF(pDevIns, &pIf->StatWrites, STAMTYPE_PROFILE_ADV, STAMVISIBILITY_ALWAYS, STAMUNIT_TICKS_PER_CALL,
7352 "Profiling of the write operations.", "/Devices/IDE%d/ATA%d/Unit%d/Writes", iInstance, i, j);
7353#endif
7354 PDMDevHlpSTAMRegisterF(pDevIns, &pIf->StatBytesWritten, STAMTYPE_COUNTER, STAMVISIBILITY_ALWAYS, STAMUNIT_BYTES,
7355 "Amount of data written.", "/Devices/IDE%d/ATA%d/Unit%d/WrittenBytes", iInstance, i, j);
7356#ifdef VBOX_WITH_STATISTICS
7357 PDMDevHlpSTAMRegisterF(pDevIns, &pIf->StatFlushes, STAMTYPE_PROFILE, STAMVISIBILITY_ALWAYS, STAMUNIT_TICKS_PER_CALL,
7358 "Profiling of the flush operations.", "/Devices/IDE%d/ATA%d/Unit%d/Flushes", iInstance, i, j);
7359#endif
7360 }
7361#ifdef VBOX_WITH_STATISTICS /** @todo release too. */
7362 PDMDevHlpSTAMRegisterF(pDevIns, &pThis->aCts[i].StatAsyncOps, STAMTYPE_COUNTER, STAMVISIBILITY_ALWAYS, STAMUNIT_OCCURENCES,
7363 "The number of async operations.", "/Devices/IDE%d/ATA%d/Async/Operations", iInstance, i);
7364 /** @todo STAMUNIT_MICROSECS */
7365 PDMDevHlpSTAMRegisterF(pDevIns, &pThis->aCts[i].StatAsyncMinWait, STAMTYPE_U64_RESET, STAMVISIBILITY_ALWAYS, STAMUNIT_NONE,
7366 "Minimum wait in microseconds.", "/Devices/IDE%d/ATA%d/Async/MinWait", iInstance, i);
7367 PDMDevHlpSTAMRegisterF(pDevIns, &pThis->aCts[i].StatAsyncMaxWait, STAMTYPE_U64_RESET, STAMVISIBILITY_ALWAYS, STAMUNIT_NONE,
7368 "Maximum wait in microseconds.", "/Devices/IDE%d/ATA%d/Async/MaxWait", iInstance, i);
7369 PDMDevHlpSTAMRegisterF(pDevIns, &pThis->aCts[i].StatAsyncTimeUS, STAMTYPE_COUNTER, STAMVISIBILITY_ALWAYS, STAMUNIT_NONE,
7370 "Total time spent in microseconds.", "/Devices/IDE%d/ATA%d/Async/TotalTimeUS", iInstance, i);
7371 PDMDevHlpSTAMRegisterF(pDevIns, &pThis->aCts[i].StatAsyncTime, STAMTYPE_PROFILE_ADV, STAMVISIBILITY_ALWAYS, STAMUNIT_TICKS_PER_CALL,
7372 "Profiling of async operations.", "/Devices/IDE%d/ATA%d/Async/Time", iInstance, i);
7373 PDMDevHlpSTAMRegisterF(pDevIns, &pThis->aCts[i].StatLockWait, STAMTYPE_PROFILE, STAMVISIBILITY_ALWAYS, STAMUNIT_TICKS_PER_CALL,
7374 "Profiling of locks.", "/Devices/IDE%d/ATA%d/Async/LockWait", iInstance, i);
7375#endif /* VBOX_WITH_STATISTICS */
7376
7377 /* Initialize per-controller critical section */
7378 rc = PDMDevHlpCritSectInit(pDevIns, &pThis->aCts[i].lock, RT_SRC_POS, "ATA#%u", i);
7379 if (RT_FAILURE(rc))
7380 return PDMDEV_SET_ERROR(pDevIns, rc, N_("PIIX3 cannot initialize critical section"));
7381 }
7382
7383 /*
7384 * Attach status driver (optional).
7385 */
7386 rc = PDMDevHlpDriverAttach(pDevIns, PDM_STATUS_LUN, &pThis->IBase, &pBase, "Status Port");
7387 if (RT_SUCCESS(rc))
7388 {
7389 pThis->pLedsConnector = PDMIBASE_QUERY_INTERFACE(pBase, PDMILEDCONNECTORS);
7390 pThis->pMediaNotify = PDMIBASE_QUERY_INTERFACE(pBase, PDMIMEDIANOTIFY);
7391 }
7392 else if (rc != VERR_PDM_NO_ATTACHED_DRIVER)
7393 {
7394 AssertMsgFailed(("Failed to attach to status driver. rc=%Rrc\n", rc));
7395 return PDMDEV_SET_ERROR(pDevIns, rc, N_("PIIX3 cannot attach to status driver"));
7396 }
7397
7398 /*
7399 * Attach the units.
7400 */
7401 uint32_t cbTotalBuffer = 0;
7402 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
7403 {
7404 PATACONTROLLER pCtl = &pThis->aCts[i];
7405
7406 /*
7407 * Start the worker thread.
7408 */
7409 pCtl->uAsyncIOState = ATA_AIO_NEW;
7410 rc = RTSemEventCreate(&pCtl->AsyncIOSem);
7411 AssertLogRelRCReturn(rc, rc);
7412 rc = RTSemEventCreate(&pCtl->SuspendIOSem);
7413 AssertLogRelRCReturn(rc, rc);
7414 rc = RTSemMutexCreate(&pCtl->AsyncIORequestMutex);
7415 AssertLogRelRCReturn(rc, rc);
7416 ataAsyncIOClearRequests(pCtl);
7417 rc = RTThreadCreateF(&pCtl->AsyncIOThread, ataAsyncIOLoop, (void *)pCtl, 128*1024 /*cbStack*/,
7418 RTTHREADTYPE_IO, RTTHREADFLAGS_WAITABLE, "ATA-%u", i);
7419 AssertLogRelRCReturn(rc, rc);
7420 Assert(pCtl->AsyncIOThread != NIL_RTTHREAD && pCtl->AsyncIOSem != NIL_RTSEMEVENT && pCtl->SuspendIOSem != NIL_RTSEMEVENT && pCtl->AsyncIORequestMutex != NIL_RTSEMMUTEX);
7421 Log(("%s: controller %d AIO thread id %#x; sem %p susp_sem %p mutex %p\n", __FUNCTION__, i, pCtl->AsyncIOThread, pCtl->AsyncIOSem, pCtl->SuspendIOSem, pCtl->AsyncIORequestMutex));
7422
7423 for (uint32_t j = 0; j < RT_ELEMENTS(pCtl->aIfs); j++)
7424 {
7425 static const char *s_apszDescs[RT_ELEMENTS(pThis->aCts)][RT_ELEMENTS(pCtl->aIfs)] =
7426 {
7427 { "Primary Master", "Primary Slave" },
7428 { "Secondary Master", "Secondary Slave" }
7429 };
7430
7431 /*
7432 * Try attach the block device and get the interfaces,
7433 * required as well as optional.
7434 */
7435 ATADevState *pIf = &pCtl->aIfs[j];
7436
7437 rc = PDMDevHlpDriverAttach(pDevIns, pIf->iLUN, &pIf->IBase, &pIf->pDrvBase, s_apszDescs[i][j]);
7438 if (RT_SUCCESS(rc))
7439 {
7440 rc = ataConfigLun(pDevIns, pIf);
7441 if (RT_SUCCESS(rc))
7442 {
7443 /*
7444 * Init vendor product data.
7445 */
7446 static const char *s_apszCFGMKeys[RT_ELEMENTS(pThis->aCts)][RT_ELEMENTS(pCtl->aIfs)] =
7447 {
7448 { "PrimaryMaster", "PrimarySlave" },
7449 { "SecondaryMaster", "SecondarySlave" }
7450 };
7451
7452 /* Generate a default serial number. */
7453 char szSerial[ATA_SERIAL_NUMBER_LENGTH+1];
7454 RTUUID Uuid;
7455 if (pIf->pDrvBlock)
7456 rc = pIf->pDrvBlock->pfnGetUuid(pIf->pDrvBlock, &Uuid);
7457 else
7458 RTUuidClear(&Uuid);
7459
7460 if (RT_FAILURE(rc) || RTUuidIsNull(&Uuid))
7461 {
7462 /* Generate a predictable serial for drives which don't have a UUID. */
7463 RTStrPrintf(szSerial, sizeof(szSerial), "VB%x-%04x%04x",
7464 pIf->iLUN + pDevIns->iInstance * 32,
7465 pThis->aCts[i].IOPortBase1, pThis->aCts[i].IOPortBase2);
7466 }
7467 else
7468 RTStrPrintf(szSerial, sizeof(szSerial), "VB%08x-%08x", Uuid.au32[0], Uuid.au32[3]);
7469
7470 /* Get user config if present using defaults otherwise. */
7471 PCFGMNODE pCfgNode = CFGMR3GetChild(pCfg, s_apszCFGMKeys[i][j]);
7472 rc = CFGMR3QueryStringDef(pCfgNode, "SerialNumber", pIf->szSerialNumber, sizeof(pIf->szSerialNumber),
7473 szSerial);
7474 if (RT_FAILURE(rc))
7475 {
7476 if (rc == VERR_CFGM_NOT_ENOUGH_SPACE)
7477 return PDMDEV_SET_ERROR(pDevIns, VERR_INVALID_PARAMETER,
7478 N_("PIIX3 configuration error: \"SerialNumber\" is longer than 20 bytes"));
7479 return PDMDEV_SET_ERROR(pDevIns, rc,
7480 N_("PIIX3 configuration error: failed to read \"SerialNumber\" as string"));
7481 }
7482
7483 rc = CFGMR3QueryStringDef(pCfgNode, "FirmwareRevision", pIf->szFirmwareRevision, sizeof(pIf->szFirmwareRevision),
7484 "1.0");
7485 if (RT_FAILURE(rc))
7486 {
7487 if (rc == VERR_CFGM_NOT_ENOUGH_SPACE)
7488 return PDMDEV_SET_ERROR(pDevIns, VERR_INVALID_PARAMETER,
7489 N_("PIIX3 configuration error: \"FirmwareRevision\" is longer than 8 bytes"));
7490 return PDMDEV_SET_ERROR(pDevIns, rc,
7491 N_("PIIX3 configuration error: failed to read \"FirmwareRevision\" as string"));
7492 }
7493
7494 rc = CFGMR3QueryStringDef(pCfgNode, "ModelNumber", pIf->szModelNumber, sizeof(pIf->szModelNumber),
7495 pIf->fATAPI ? "VBOX CD-ROM" : "VBOX HARDDISK");
7496 if (RT_FAILURE(rc))
7497 {
7498 if (rc == VERR_CFGM_NOT_ENOUGH_SPACE)
7499 return PDMDEV_SET_ERROR(pDevIns, VERR_INVALID_PARAMETER,
7500 N_("PIIX3 configuration error: \"ModelNumber\" is longer than 40 bytes"));
7501 return PDMDEV_SET_ERROR(pDevIns, rc,
7502 N_("PIIX3 configuration error: failed to read \"ModelNumber\" as string"));
7503 }
7504
7505 rc = CFGMR3QueryBoolDef(pCfgNode, "NonRotationalMedium", &pIf->fNonRotational, false);
7506 if (RT_FAILURE(rc))
7507 return PDMDEV_SET_ERROR(pDevIns, rc,
7508 N_("PIIX3 configuration error: failed to read \"NonRotationalMedium\" as boolean"));
7509
7510 /* There are three other identification strings for CD drives used for INQUIRY */
7511 if (pIf->fATAPI)
7512 {
7513 rc = CFGMR3QueryStringDef(pCfgNode, "ATAPIVendorId", pIf->szInquiryVendorId, sizeof(pIf->szInquiryVendorId),
7514 "VBOX");
7515 if (RT_FAILURE(rc))
7516 {
7517 if (rc == VERR_CFGM_NOT_ENOUGH_SPACE)
7518 return PDMDEV_SET_ERROR(pDevIns, VERR_INVALID_PARAMETER,
7519 N_("PIIX3 configuration error: \"ATAPIVendorId\" is longer than 16 bytes"));
7520 return PDMDEV_SET_ERROR(pDevIns, rc,
7521 N_("PIIX3 configuration error: failed to read \"ATAPIVendorId\" as string"));
7522 }
7523
7524 rc = CFGMR3QueryStringDef(pCfgNode, "ATAPIProductId", pIf->szInquiryProductId, sizeof(pIf->szInquiryProductId),
7525 "CD-ROM");
7526 if (RT_FAILURE(rc))
7527 {
7528 if (rc == VERR_CFGM_NOT_ENOUGH_SPACE)
7529 return PDMDEV_SET_ERROR(pDevIns, VERR_INVALID_PARAMETER,
7530 N_("PIIX3 configuration error: \"ATAPIProductId\" is longer than 16 bytes"));
7531 return PDMDEV_SET_ERROR(pDevIns, rc,
7532 N_("PIIX3 configuration error: failed to read \"ATAPIProductId\" as string"));
7533 }
7534
7535 rc = CFGMR3QueryStringDef(pCfgNode, "ATAPIRevision", pIf->szInquiryRevision, sizeof(pIf->szInquiryRevision),
7536 "1.0");
7537 if (RT_FAILURE(rc))
7538 {
7539 if (rc == VERR_CFGM_NOT_ENOUGH_SPACE)
7540 return PDMDEV_SET_ERROR(pDevIns, VERR_INVALID_PARAMETER,
7541 N_("PIIX3 configuration error: \"ATAPIRevision\" is longer than 4 bytes"));
7542 return PDMDEV_SET_ERROR(pDevIns, rc,
7543 N_("PIIX3 configuration error: failed to read \"ATAPIRevision\" as string"));
7544 }
7545
7546 rc = CFGMR3QueryBoolDef(pCfgNode, "OverwriteInquiry", &pIf->fOverwriteInquiry, true);
7547 if (RT_FAILURE(rc))
7548 return PDMDEV_SET_ERROR(pDevIns, rc,
7549 N_("PIIX3 configuration error: failed to read \"OverwriteInquiry\" as boolean"));
7550 }
7551 }
7552
7553 }
7554 else if (rc == VERR_PDM_NO_ATTACHED_DRIVER)
7555 {
7556 pIf->pDrvBase = NULL;
7557 pIf->pDrvBlock = NULL;
7558 pIf->cbIOBuffer = 0;
7559 pIf->pbIOBufferR3 = NULL;
7560 pIf->pbIOBufferR0 = NIL_RTR0PTR;
7561 pIf->pbIOBufferRC = NIL_RTGCPTR;
7562 LogRel(("PIIX3 ATA: LUN#%d: no unit\n", pIf->iLUN));
7563 }
7564 else
7565 {
7566 switch (rc)
7567 {
7568 case VERR_ACCESS_DENIED:
7569 /* Error already cached by DrvHostBase */
7570 return rc;
7571 default:
7572 return PDMDevHlpVMSetError(pDevIns, rc, RT_SRC_POS,
7573 N_("PIIX3 cannot attach drive to the %s"),
7574 s_apszDescs[i][j]);
7575 }
7576 }
7577 cbTotalBuffer += pIf->cbIOBuffer;
7578 }
7579 }
7580
7581 rc = PDMDevHlpSSMRegisterEx(pDevIns, ATA_SAVED_STATE_VERSION, sizeof(*pThis) + cbTotalBuffer, NULL,
7582 NULL, ataLiveExec, NULL,
7583 ataSaveLoadPrep, ataSaveExec, NULL,
7584 ataSaveLoadPrep, ataLoadExec, NULL);
7585 if (RT_FAILURE(rc))
7586 return PDMDEV_SET_ERROR(pDevIns, rc, N_("PIIX3 cannot register save state handlers"));
7587
7588 /*
7589 * Initialize the device state.
7590 */
7591 return ataR3ResetCommon(pDevIns, true /*fConstruct*/);
7592}
7593
7594
7595/**
7596 * The device registration structure.
7597 */
7598const PDMDEVREG g_DevicePIIX3IDE =
7599{
7600 /* u32Version */
7601 PDM_DEVREG_VERSION,
7602 /* szName */
7603 "piix3ide",
7604 /* szRCMod */
7605 "VBoxDDGC.gc",
7606 /* szR0Mod */
7607 "VBoxDDR0.r0",
7608 /* pszDescription */
7609 "Intel PIIX3 ATA controller.\n"
7610 " LUN #0 is primary master.\n"
7611 " LUN #1 is primary slave.\n"
7612 " LUN #2 is secondary master.\n"
7613 " LUN #3 is secondary slave.\n"
7614 " LUN #999 is the LED/Status connector.",
7615 /* fFlags */
7616 PDM_DEVREG_FLAGS_DEFAULT_BITS | PDM_DEVREG_FLAGS_RC | PDM_DEVREG_FLAGS_R0 |
7617 PDM_DEVREG_FLAGS_FIRST_SUSPEND_NOTIFICATION | PDM_DEVREG_FLAGS_FIRST_POWEROFF_NOTIFICATION |
7618 PDM_DEVREG_FLAGS_FIRST_RESET_NOTIFICATION,
7619 /* fClass */
7620 PDM_DEVREG_CLASS_STORAGE,
7621 /* cMaxInstances */
7622 1,
7623 /* cbInstance */
7624 sizeof(PCIATAState),
7625 /* pfnConstruct */
7626 ataR3Construct,
7627 /* pfnDestruct */
7628 ataR3Destruct,
7629 /* pfnRelocate */
7630 ataR3Relocate,
7631 /* pfnMemSetup */
7632 NULL,
7633 /* pfnPowerOn */
7634 NULL,
7635 /* pfnReset */
7636 ataR3Reset,
7637 /* pfnSuspend */
7638 ataR3Suspend,
7639 /* pfnResume */
7640 ataR3Resume,
7641 /* pfnAttach */
7642 ataR3Attach,
7643 /* pfnDetach */
7644 ataR3Detach,
7645 /* pfnQueryInterface. */
7646 NULL,
7647 /* pfnInitComplete */
7648 NULL,
7649 /* pfnPowerOff */
7650 ataR3PowerOff,
7651 /* pfnSoftReset */
7652 NULL,
7653 /* u32VersionEnd */
7654 PDM_DEVREG_VERSION
7655};
7656#endif /* IN_RING3 */
7657#endif /* !VBOX_DEVICE_STRUCT_TESTCASE */
Note: See TracBrowser for help on using the repository browser.

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette