VirtualBox

source: vbox/trunk/src/VBox/Devices/Storage/DevATA.cpp@ 64671

Last change on this file since 64671 was 64393, checked in by vboxsync, 8 years ago

PDMPCIDEV: s/config/abConfig/ everywhere, removing the legacy alias.

  • Property svn:eol-style set to native
  • Property svn:keywords set to Author Date Id Revision
File size: 298.6 KB
Line 
1/* $Id: DevATA.cpp 64393 2016-10-24 14:42:05Z vboxsync $ */
2/** @file
3 * VBox storage devices: ATA/ATAPI controller device (disk and cdrom).
4 */
5
6/*
7 * Copyright (C) 2006-2016 Oracle Corporation
8 *
9 * This file is part of VirtualBox Open Source Edition (OSE), as
10 * available from http://www.virtualbox.org. This file is free software;
11 * you can redistribute it and/or modify it under the terms of the GNU
12 * General Public License (GPL) as published by the Free Software
13 * Foundation, in version 2 as it comes in the "COPYING" file of the
14 * VirtualBox OSE distribution. VirtualBox OSE is distributed in the
15 * hope that it will be useful, but WITHOUT ANY WARRANTY of any kind.
16 */
17
18
19/*********************************************************************************************************************************
20* Defined Constants And Macros *
21*********************************************************************************************************************************/
22/** Temporary instrumentation for tracking down potential virtual disk
23 * write performance issues. */
24#undef VBOX_INSTRUMENT_DMA_WRITES
25
26/** @name The SSM saved state versions.
27 * @{
28 */
29/** The current saved state version. */
30#define ATA_SAVED_STATE_VERSION 20
31/** The saved state version used by VirtualBox 3.0.
32 * This lacks the config part and has the type at the and. */
33#define ATA_SAVED_STATE_VERSION_VBOX_30 19
34#define ATA_SAVED_STATE_VERSION_WITH_BOOL_TYPE 18
35#define ATA_SAVED_STATE_VERSION_WITHOUT_FULL_SENSE 16
36#define ATA_SAVED_STATE_VERSION_WITHOUT_EVENT_STATUS 17
37/** @} */
38
39
40/*********************************************************************************************************************************
41* Header Files *
42*********************************************************************************************************************************/
43#define LOG_GROUP LOG_GROUP_DEV_IDE
44#include <VBox/vmm/pdmdev.h>
45#include <VBox/vmm/pdmstorageifs.h>
46#include <iprt/assert.h>
47#include <iprt/string.h>
48#ifdef IN_RING3
49# include <iprt/uuid.h>
50# include <iprt/semaphore.h>
51# include <iprt/thread.h>
52# include <iprt/time.h>
53# include <iprt/alloc.h>
54#endif /* IN_RING3 */
55#include <iprt/critsect.h>
56#include <iprt/asm.h>
57#include <VBox/vmm/stam.h>
58#include <VBox/vmm/mm.h>
59#include <VBox/vmm/pgm.h>
60
61#include <VBox/sup.h>
62#include <VBox/scsi.h>
63
64#include "PIIX3ATABmDma.h"
65#include "ide.h"
66#include "ATAPIPassthrough.h"
67#include "VBoxDD.h"
68
69
70/*********************************************************************************************************************************
71* Defined Constants And Macros *
72*********************************************************************************************************************************/
73/**
74 * Maximum number of sectors to transfer in a READ/WRITE MULTIPLE request.
75 * Set to 1 to disable multi-sector read support. According to the ATA
76 * specification this must be a power of 2 and it must fit in an 8 bit
77 * value. Thus the only valid values are 1, 2, 4, 8, 16, 32, 64 and 128.
78 */
79#define ATA_MAX_MULT_SECTORS 128
80
81/**
82 * Fastest PIO mode supported by the drive.
83 */
84#define ATA_PIO_MODE_MAX 4
85/**
86 * Fastest MDMA mode supported by the drive.
87 */
88#define ATA_MDMA_MODE_MAX 2
89/**
90 * Fastest UDMA mode supported by the drive.
91 */
92#define ATA_UDMA_MODE_MAX 6
93
94/** ATAPI sense info size. */
95#define ATAPI_SENSE_SIZE 64
96
97/** The maximum number of release log entries per device. */
98#define MAX_LOG_REL_ERRORS 1024
99
100/* MediaEventStatus */
101#define ATA_EVENT_STATUS_UNCHANGED 0 /**< medium event status not changed */
102#define ATA_EVENT_STATUS_MEDIA_NEW 1 /**< new medium inserted */
103#define ATA_EVENT_STATUS_MEDIA_REMOVED 2 /**< medium removed */
104#define ATA_EVENT_STATUS_MEDIA_CHANGED 3 /**< medium was removed + new medium was inserted */
105#define ATA_EVENT_STATUS_MEDIA_EJECT_REQUESTED 4 /**< medium eject requested (eject button pressed) */
106
107/* Media track type */
108#define ATA_MEDIA_TYPE_UNKNOWN 0 /**< unknown CD type */
109#define ATA_MEDIA_NO_DISC 0x70 /**< Door closed, no medium */
110
111
112/*********************************************************************************************************************************
113* Structures and Typedefs *
114*********************************************************************************************************************************/
115/**
116 * The state of an ATA device.
117 *
118 * @implements PDMIBASE
119 * @implements PDMIBLOCKPORT
120 * @implements PDMIMOUNTNOTIFY
121 */
122typedef struct ATADevState
123{
124 /** Flag indicating whether the current command uses LBA48 mode. */
125 bool fLBA48;
126 /** Flag indicating whether this drive implements the ATAPI command set. */
127 bool fATAPI;
128 /** Set if this interface has asserted the IRQ. */
129 bool fIrqPending;
130 /** Currently configured number of sectors in a multi-sector transfer. */
131 uint8_t cMultSectors;
132 /** PCHS disk geometry. */
133 PDMMEDIAGEOMETRY PCHSGeometry;
134 /** Total number of sectors on this disk. */
135 uint64_t cTotalSectors;
136 /** Sector size of the medium. */
137 uint32_t cbSector;
138 /** Number of sectors to transfer per IRQ. */
139 uint32_t cSectorsPerIRQ;
140
141 /** ATA/ATAPI register 1: feature (write-only). */
142 uint8_t uATARegFeature;
143 /** ATA/ATAPI register 1: feature, high order byte. */
144 uint8_t uATARegFeatureHOB;
145 /** ATA/ATAPI register 1: error (read-only). */
146 uint8_t uATARegError;
147 /** ATA/ATAPI register 2: sector count (read/write). */
148 uint8_t uATARegNSector;
149 /** ATA/ATAPI register 2: sector count, high order byte. */
150 uint8_t uATARegNSectorHOB;
151 /** ATA/ATAPI register 3: sector (read/write). */
152 uint8_t uATARegSector;
153 /** ATA/ATAPI register 3: sector, high order byte. */
154 uint8_t uATARegSectorHOB;
155 /** ATA/ATAPI register 4: cylinder low (read/write). */
156 uint8_t uATARegLCyl;
157 /** ATA/ATAPI register 4: cylinder low, high order byte. */
158 uint8_t uATARegLCylHOB;
159 /** ATA/ATAPI register 5: cylinder high (read/write). */
160 uint8_t uATARegHCyl;
161 /** ATA/ATAPI register 5: cylinder high, high order byte. */
162 uint8_t uATARegHCylHOB;
163 /** ATA/ATAPI register 6: select drive/head (read/write). */
164 uint8_t uATARegSelect;
165 /** ATA/ATAPI register 7: status (read-only). */
166 uint8_t uATARegStatus;
167 /** ATA/ATAPI register 7: command (write-only). */
168 uint8_t uATARegCommand;
169 /** ATA/ATAPI drive control register (write-only). */
170 uint8_t uATARegDevCtl;
171
172 /** Currently active transfer mode (MDMA/UDMA) and speed. */
173 uint8_t uATATransferMode;
174 /** Current transfer direction. */
175 uint8_t uTxDir;
176 /** Index of callback for begin transfer. */
177 uint8_t iBeginTransfer;
178 /** Index of callback for source/sink of data. */
179 uint8_t iSourceSink;
180 /** Flag indicating whether the current command transfers data in DMA mode. */
181 bool fDMA;
182 /** Set to indicate that ATAPI transfer semantics must be used. */
183 bool fATAPITransfer;
184
185 /** Total ATA/ATAPI transfer size, shared PIO/DMA. */
186 uint32_t cbTotalTransfer;
187 /** Elementary ATA/ATAPI transfer size, shared PIO/DMA. */
188 uint32_t cbElementaryTransfer;
189 /** Maximum ATAPI elementary transfer size, PIO only. */
190 uint32_t cbPIOTransferLimit;
191 /** ATAPI passthrough transfer size, shared PIO/DMA */
192 uint32_t cbAtapiPassthroughTransfer;
193 /** Current read/write buffer position, shared PIO/DMA. */
194 uint32_t iIOBufferCur;
195 /** First element beyond end of valid buffer content, shared PIO/DMA. */
196 uint32_t iIOBufferEnd;
197 /** Align the following fields correctly. */
198 uint32_t Alignment0;
199
200 /** ATA/ATAPI current PIO read/write transfer position. Not shared with DMA for safety reasons. */
201 uint32_t iIOBufferPIODataStart;
202 /** ATA/ATAPI current PIO read/write transfer end. Not shared with DMA for safety reasons. */
203 uint32_t iIOBufferPIODataEnd;
204
205 /** ATAPI current LBA position. */
206 uint32_t iATAPILBA;
207 /** ATAPI current sector size. */
208 uint32_t cbATAPISector;
209 /** ATAPI current command. */
210 uint8_t aATAPICmd[ATAPI_PACKET_SIZE];
211 /** ATAPI sense data. */
212 uint8_t abATAPISense[ATAPI_SENSE_SIZE];
213 /** HACK: Countdown till we report a newly unmounted drive as mounted. */
214 uint8_t cNotifiedMediaChange;
215 /** The same for GET_EVENT_STATUS for mechanism */
216 volatile uint32_t MediaEventStatus;
217
218 /** Media type if known. */
219 volatile uint32_t MediaTrackType;
220
221 /** The status LED state for this drive. */
222 PDMLED Led;
223
224 /** Size of I/O buffer. */
225 uint32_t cbIOBuffer;
226 /** Pointer to the I/O buffer. */
227 R3PTRTYPE(uint8_t *) pbIOBufferR3;
228 /** Pointer to the I/O buffer. */
229 R0PTRTYPE(uint8_t *) pbIOBufferR0;
230 /** Pointer to the I/O buffer. */
231 RCPTRTYPE(uint8_t *) pbIOBufferRC;
232
233 RTRCPTR Aligmnent1; /**< Align the statistics at an 8-byte boundary. */
234
235 /*
236 * No data that is part of the saved state after this point!!!!!
237 */
238
239 /* Release statistics: number of ATA DMA commands. */
240 STAMCOUNTER StatATADMA;
241 /* Release statistics: number of ATA PIO commands. */
242 STAMCOUNTER StatATAPIO;
243 /* Release statistics: number of ATAPI PIO commands. */
244 STAMCOUNTER StatATAPIDMA;
245 /* Release statistics: number of ATAPI PIO commands. */
246 STAMCOUNTER StatATAPIPIO;
247#ifdef VBOX_INSTRUMENT_DMA_WRITES
248 /* Release statistics: number of DMA sector writes and the time spent. */
249 STAMPROFILEADV StatInstrVDWrites;
250#endif
251
252 /** Statistics: number of read operations and the time spent reading. */
253 STAMPROFILEADV StatReads;
254 /** Statistics: number of bytes read. */
255 STAMCOUNTER StatBytesRead;
256 /** Statistics: number of write operations and the time spent writing. */
257 STAMPROFILEADV StatWrites;
258 /** Statistics: number of bytes written. */
259 STAMCOUNTER StatBytesWritten;
260 /** Statistics: number of flush operations and the time spend flushing. */
261 STAMPROFILE StatFlushes;
262
263 /** Enable passing through commands directly to the ATAPI drive. */
264 bool fATAPIPassthrough;
265 /** Flag whether to overwrite inquiry data in passthrough mode. */
266 bool fOverwriteInquiry;
267 /** Number of errors we've reported to the release log.
268 * This is to prevent flooding caused by something going horribly wrong.
269 * this value against MAX_LOG_REL_ERRORS in places likely to cause floods
270 * like the ones we currently seeing on the linux smoke tests (2006-11-10). */
271 uint32_t cErrors;
272 /** Timestamp of last started command. 0 if no command pending. */
273 uint64_t u64CmdTS;
274
275 /** Pointer to the attached driver's base interface. */
276 R3PTRTYPE(PPDMIBASE) pDrvBase;
277 /** Pointer to the attached driver's block interface. */
278 R3PTRTYPE(PPDMIMEDIA) pDrvMedia;
279 /** Pointer to the attached driver's mount interface.
280 * This is NULL if the driver isn't a removable unit. */
281 R3PTRTYPE(PPDMIMOUNT) pDrvMount;
282 /** The base interface. */
283 PDMIBASE IBase;
284 /** The block port interface. */
285 PDMIMEDIAPORT IPort;
286 /** The mount notify interface. */
287 PDMIMOUNTNOTIFY IMountNotify;
288 /** The LUN #. */
289 RTUINT iLUN;
290#if HC_ARCH_BITS == 64
291 RTUINT Alignment2; /**< Align pDevInsR3 correctly. */
292#endif
293 /** Pointer to device instance. */
294 PPDMDEVINSR3 pDevInsR3;
295 /** Pointer to controller instance. */
296 R3PTRTYPE(struct ATACONTROLLER *) pControllerR3;
297 /** Pointer to device instance. */
298 PPDMDEVINSR0 pDevInsR0;
299 /** Pointer to controller instance. */
300 R0PTRTYPE(struct ATACONTROLLER *) pControllerR0;
301 /** Pointer to device instance. */
302 PPDMDEVINSRC pDevInsRC;
303 /** Pointer to controller instance. */
304 RCPTRTYPE(struct ATACONTROLLER *) pControllerRC;
305
306 /** The serial number to use for IDENTIFY DEVICE commands. */
307 char szSerialNumber[ATA_SERIAL_NUMBER_LENGTH+1];
308 /** The firmware revision to use for IDENTIFY DEVICE commands. */
309 char szFirmwareRevision[ATA_FIRMWARE_REVISION_LENGTH+1];
310 /** The model number to use for IDENTIFY DEVICE commands. */
311 char szModelNumber[ATA_MODEL_NUMBER_LENGTH+1];
312 /** The vendor identification string for SCSI INQUIRY commands. */
313 char szInquiryVendorId[ATAPI_INQUIRY_VENDOR_ID_LENGTH+1];
314 /** The product identification string for SCSI INQUIRY commands. */
315 char szInquiryProductId[ATAPI_INQUIRY_PRODUCT_ID_LENGTH+1];
316 /** The revision string for SCSI INQUIRY commands. */
317 char szInquiryRevision[ATAPI_INQUIRY_REVISION_LENGTH+1];
318 /** The current tracklist of the loaded medium if passthrough is used. */
319 R3PTRTYPE(PTRACKLIST) pTrackList;
320
321 uint8_t abAlignment4[HC_ARCH_BITS == 64 ? 7 : 3];
322} ATADevState;
323AssertCompileMemberAlignment(ATADevState, cTotalSectors, 8);
324AssertCompileMemberAlignment(ATADevState, StatATADMA, 8);
325AssertCompileMemberAlignment(ATADevState, u64CmdTS, 8);
326AssertCompileMemberAlignment(ATADevState, pDevInsR3, 8);
327AssertCompileMemberAlignment(ATADevState, szSerialNumber, 8);
328AssertCompileSizeAlignment(ATADevState, 8);
329
330
331typedef struct ATATransferRequest
332{
333 uint8_t iIf;
334 uint8_t iBeginTransfer;
335 uint8_t iSourceSink;
336 uint32_t cbTotalTransfer;
337 uint8_t uTxDir;
338} ATATransferRequest;
339
340
341typedef struct ATAAbortRequest
342{
343 uint8_t iIf;
344 bool fResetDrive;
345} ATAAbortRequest;
346
347
348typedef enum
349{
350 /** Begin a new transfer. */
351 ATA_AIO_NEW = 0,
352 /** Continue a DMA transfer. */
353 ATA_AIO_DMA,
354 /** Continue a PIO transfer. */
355 ATA_AIO_PIO,
356 /** Reset the drives on current controller, stop all transfer activity. */
357 ATA_AIO_RESET_ASSERTED,
358 /** Reset the drives on current controller, resume operation. */
359 ATA_AIO_RESET_CLEARED,
360 /** Abort the current transfer of a particular drive. */
361 ATA_AIO_ABORT
362} ATAAIO;
363
364
365typedef struct ATARequest
366{
367 ATAAIO ReqType;
368 union
369 {
370 ATATransferRequest t;
371 ATAAbortRequest a;
372 } u;
373} ATARequest;
374
375
376typedef struct ATACONTROLLER
377{
378 /** The base of the first I/O Port range. */
379 RTIOPORT IOPortBase1;
380 /** The base of the second I/O Port range. (0 if none) */
381 RTIOPORT IOPortBase2;
382 /** The assigned IRQ. */
383 RTUINT irq;
384 /** Access critical section */
385 PDMCRITSECT lock;
386
387 /** Selected drive. */
388 uint8_t iSelectedIf;
389 /** The interface on which to handle async I/O. */
390 uint8_t iAIOIf;
391 /** The state of the async I/O thread. */
392 uint8_t uAsyncIOState;
393 /** Flag indicating whether the next transfer is part of the current command. */
394 bool fChainedTransfer;
395 /** Set when the reset processing is currently active on this controller. */
396 bool fReset;
397 /** Flag whether the current transfer needs to be redone. */
398 bool fRedo;
399 /** Flag whether the redo suspend has been finished. */
400 bool fRedoIdle;
401 /** Flag whether the DMA operation to be redone is the final transfer. */
402 bool fRedoDMALastDesc;
403 /** The BusMaster DMA state. */
404 BMDMAState BmDma;
405 /** Pointer to first DMA descriptor. */
406 RTGCPHYS32 pFirstDMADesc;
407 /** Pointer to last DMA descriptor. */
408 RTGCPHYS32 pLastDMADesc;
409 /** Pointer to current DMA buffer (for redo operations). */
410 RTGCPHYS32 pRedoDMABuffer;
411 /** Size of current DMA buffer (for redo operations). */
412 uint32_t cbRedoDMABuffer;
413
414 /** The ATA/ATAPI interfaces of this controller. */
415 ATADevState aIfs[2];
416
417 /** Pointer to device instance. */
418 PPDMDEVINSR3 pDevInsR3;
419 /** Pointer to device instance. */
420 PPDMDEVINSR0 pDevInsR0;
421 /** Pointer to device instance. */
422 PPDMDEVINSRC pDevInsRC;
423
424 /** Set when the destroying the device instance and the thread must exit. */
425 uint32_t volatile fShutdown;
426 /** The async I/O thread handle. NIL_RTTHREAD if no thread. */
427 RTTHREAD AsyncIOThread;
428 /** The event semaphore the thread is waiting on for requests. */
429 SUPSEMEVENT hAsyncIOSem;
430 /** The support driver session handle. */
431 PSUPDRVSESSION pSupDrvSession;
432 /** The request queue for the AIO thread. One element is always unused. */
433 ATARequest aAsyncIORequests[4];
434 /** The position at which to insert a new request for the AIO thread. */
435 volatile uint8_t AsyncIOReqHead;
436 /** The position at which to get a new request for the AIO thread. */
437 volatile uint8_t AsyncIOReqTail;
438 /** Whether to call PDMDevHlpAsyncNotificationCompleted when idle. */
439 bool volatile fSignalIdle;
440 uint8_t Alignment3[1]; /**< Explicit padding of the 1 byte gap. */
441 /** Magic delay before triggering interrupts in DMA mode. */
442 uint32_t DelayIRQMillies;
443 /** The event semaphore the thread is waiting on during suspended I/O. */
444 RTSEMEVENT SuspendIOSem;
445 /** The lock protecting the request queue. */
446 PDMCRITSECT AsyncIORequestLock;
447#if 0 /*HC_ARCH_BITS == 32*/
448 uint32_t Alignment0;
449#endif
450
451 /** Timestamp we started the reset. */
452 uint64_t u64ResetTime;
453
454 /* Statistics */
455 STAMCOUNTER StatAsyncOps;
456 uint64_t StatAsyncMinWait;
457 uint64_t StatAsyncMaxWait;
458 STAMCOUNTER StatAsyncTimeUS;
459 STAMPROFILEADV StatAsyncTime;
460 STAMPROFILE StatLockWait;
461} ATACONTROLLER, *PATACONTROLLER;
462AssertCompileMemberAlignment(ATACONTROLLER, lock, 8);
463AssertCompileMemberAlignment(ATACONTROLLER, aIfs, 8);
464AssertCompileMemberAlignment(ATACONTROLLER, u64ResetTime, 8);
465AssertCompileMemberAlignment(ATACONTROLLER, StatAsyncOps, 8);
466AssertCompileMemberAlignment(ATACONTROLLER, AsyncIORequestLock, 8);
467AssertCompileSizeAlignment(ATACONTROLLER, 8);
468
469typedef enum CHIPSET
470{
471 /** PIIX3 chipset, must be 0 for saved state compatibility */
472 CHIPSET_PIIX3 = 0,
473 /** PIIX4 chipset, must be 1 for saved state compatibility */
474 CHIPSET_PIIX4 = 1,
475 /** ICH6 chipset */
476 CHIPSET_ICH6 = 2
477} CHIPSET;
478
479/**
480 * The state of the ATA PCI device.
481 *
482 * @extends PDMPCIDEV
483 * @implements PDMILEDPORTS
484 */
485typedef struct PCIATAState
486{
487 PDMPCIDEV dev;
488 /** The controllers. */
489 ATACONTROLLER aCts[2];
490 /** Pointer to device instance. */
491 PPDMDEVINSR3 pDevIns;
492 /** Status LUN: Base interface. */
493 PDMIBASE IBase;
494 /** Status LUN: Leds interface. */
495 PDMILEDPORTS ILeds;
496 /** Status LUN: Partner of ILeds. */
497 R3PTRTYPE(PPDMILEDCONNECTORS) pLedsConnector;
498 /** Status LUN: Media Notify. */
499 R3PTRTYPE(PPDMIMEDIANOTIFY) pMediaNotify;
500 /** Flag whether RC is enabled. */
501 bool fRCEnabled;
502 /** Flag whether R0 is enabled. */
503 bool fR0Enabled;
504 /** Flag indicating chipset being emulated. */
505 uint8_t u8Type;
506 bool Alignment0[HC_ARCH_BITS == 64 ? 5 : 1 ]; /**< Align the struct size. */
507} PCIATAState;
508
509#define PDMIBASE_2_PCIATASTATE(pInterface) ( (PCIATAState *)((uintptr_t)(pInterface) - RT_OFFSETOF(PCIATAState, IBase)) )
510#define PDMILEDPORTS_2_PCIATASTATE(pInterface) ( (PCIATAState *)((uintptr_t)(pInterface) - RT_OFFSETOF(PCIATAState, ILeds)) )
511#define PDMIMEDIAPORT_2_ATASTATE(pInterface) ( (ATADevState *)((uintptr_t)(pInterface) - RT_OFFSETOF(ATADevState, IPort)) )
512#define PDMIMOUNT_2_ATASTATE(pInterface) ( (ATADevState *)((uintptr_t)(pInterface) - RT_OFFSETOF(ATADevState, IMount)) )
513#define PDMIMOUNTNOTIFY_2_ATASTATE(pInterface) ( (ATADevState *)((uintptr_t)(pInterface) - RT_OFFSETOF(ATADevState, IMountNotify)) )
514#define PCIDEV_2_PCIATASTATE(pPciDev) ( (PCIATAState *)(pPciDev) )
515
516#define ATACONTROLLER_IDX(pController) ( (pController) - PDMINS_2_DATA(CONTROLLER_2_DEVINS(pController), PCIATAState *)->aCts )
517
518#define ATADEVSTATE_2_CONTROLLER(pIf) ( (pIf)->CTX_SUFF(pController) )
519#define ATADEVSTATE_2_DEVINS(pIf) ( (pIf)->CTX_SUFF(pDevIns) )
520#define CONTROLLER_2_DEVINS(pController) ( (pController)->CTX_SUFF(pDevIns) )
521#define PDMIBASE_2_ATASTATE(pInterface) ( (ATADevState *)((uintptr_t)(pInterface) - RT_OFFSETOF(ATADevState, IBase)) )
522#define PDMIMEDIAPORT_2_ATASTATE(pInterface) ( (ATADevState *)((uintptr_t)(pInterface) - RT_OFFSETOF(ATADevState, IPort)) )
523
524#ifndef VBOX_DEVICE_STRUCT_TESTCASE
525
526
527/*********************************************************************************************************************************
528* Internal Functions *
529*********************************************************************************************************************************/
530RT_C_DECLS_BEGIN
531
532PDMBOTHCBDECL(int) ataIOPortWrite1Data(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t u32, unsigned cb);
533PDMBOTHCBDECL(int) ataIOPortRead1Data(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t *u32, unsigned cb);
534PDMBOTHCBDECL(int) ataIOPortWriteStr1Data(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint8_t const *pbSrc,
535 uint32_t *pcTransfers, unsigned cb);
536PDMBOTHCBDECL(int) ataIOPortReadStr1Data(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint8_t *pbDst,
537 uint32_t *pcTransfers, unsigned cb);
538PDMBOTHCBDECL(int) ataIOPortWrite1Other(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t u32, unsigned cb);
539PDMBOTHCBDECL(int) ataIOPortRead1Other(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t *u32, unsigned cb);
540PDMBOTHCBDECL(int) ataIOPortWrite2(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t u32, unsigned cb);
541PDMBOTHCBDECL(int) ataIOPortRead2(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t *u32, unsigned cb);
542PDMBOTHCBDECL(int) ataBMDMAIOPortWrite(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t u32, unsigned cb);
543PDMBOTHCBDECL(int) ataBMDMAIOPortRead(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t *pu32, unsigned cb);
544RT_C_DECLS_END
545
546
547
548#ifdef IN_RING3
549DECLINLINE(void) ataSetStatusValue(ATADevState *s, uint8_t stat)
550{
551 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
552
553 /* Freeze status register contents while processing RESET. */
554 if (!pCtl->fReset)
555 {
556 s->uATARegStatus = stat;
557 Log2(("%s: LUN#%d status %#04x\n", __FUNCTION__, s->iLUN, s->uATARegStatus));
558 }
559}
560#endif /* IN_RING3 */
561
562
563DECLINLINE(void) ataSetStatus(ATADevState *s, uint8_t stat)
564{
565 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
566
567 /* Freeze status register contents while processing RESET. */
568 if (!pCtl->fReset)
569 {
570 s->uATARegStatus |= stat;
571 Log2(("%s: LUN#%d status %#04x\n", __FUNCTION__, s->iLUN, s->uATARegStatus));
572 }
573}
574
575
576DECLINLINE(void) ataUnsetStatus(ATADevState *s, uint8_t stat)
577{
578 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
579
580 /* Freeze status register contents while processing RESET. */
581 if (!pCtl->fReset)
582 {
583 s->uATARegStatus &= ~stat;
584 Log2(("%s: LUN#%d status %#04x\n", __FUNCTION__, s->iLUN, s->uATARegStatus));
585 }
586}
587
588#if defined(IN_RING3) || defined(IN_RING0)
589
590# ifdef IN_RING3
591typedef void (*PBeginTransferFunc)(ATADevState *);
592typedef bool (*PSourceSinkFunc)(ATADevState *);
593
594static void ataR3ReadWriteSectorsBT(ATADevState *);
595static void ataR3PacketBT(ATADevState *);
596static void atapiR3CmdBT(ATADevState *);
597static void atapiR3PassthroughCmdBT(ATADevState *);
598
599static bool ataR3IdentifySS(ATADevState *);
600static bool ataR3FlushSS(ATADevState *);
601static bool ataR3ReadSectorsSS(ATADevState *);
602static bool ataR3WriteSectorsSS(ATADevState *);
603static bool ataR3ExecuteDeviceDiagnosticSS(ATADevState *);
604static bool ataR3TrimSS(ATADevState *);
605static bool ataR3PacketSS(ATADevState *);
606static bool atapiR3GetConfigurationSS(ATADevState *);
607static bool atapiR3GetEventStatusNotificationSS(ATADevState *);
608static bool atapiR3IdentifySS(ATADevState *);
609static bool atapiR3InquirySS(ATADevState *);
610static bool atapiR3MechanismStatusSS(ATADevState *);
611static bool atapiR3ModeSenseErrorRecoverySS(ATADevState *);
612static bool atapiR3ModeSenseCDStatusSS(ATADevState *);
613static bool atapiR3ReadSS(ATADevState *);
614static bool atapiR3ReadCapacitySS(ATADevState *);
615static bool atapiR3ReadDiscInformationSS(ATADevState *);
616static bool atapiR3ReadTOCNormalSS(ATADevState *);
617static bool atapiR3ReadTOCMultiSS(ATADevState *);
618static bool atapiR3ReadTOCRawSS(ATADevState *);
619static bool atapiR3ReadTrackInformationSS(ATADevState *);
620static bool atapiR3RequestSenseSS(ATADevState *);
621static bool atapiR3PassthroughSS(ATADevState *);
622static bool atapiR3ReadDVDStructureSS(ATADevState *);
623# endif /* IN_RING3 */
624
625/**
626 * Begin of transfer function indexes for g_apfnBeginTransFuncs.
627 */
628typedef enum ATAFNBT
629{
630 ATAFN_BT_NULL = 0,
631 ATAFN_BT_READ_WRITE_SECTORS,
632 ATAFN_BT_PACKET,
633 ATAFN_BT_ATAPI_CMD,
634 ATAFN_BT_ATAPI_PASSTHROUGH_CMD,
635 ATAFN_BT_MAX
636} ATAFNBT;
637
638# ifdef IN_RING3
639/**
640 * Array of end transfer functions, the index is ATAFNET.
641 * Make sure ATAFNET and this array match!
642 */
643static const PBeginTransferFunc g_apfnBeginTransFuncs[ATAFN_BT_MAX] =
644{
645 NULL,
646 ataR3ReadWriteSectorsBT,
647 ataR3PacketBT,
648 atapiR3CmdBT,
649 atapiR3PassthroughCmdBT,
650};
651# endif /* IN_RING3 */
652
653/**
654 * Source/sink function indexes for g_apfnSourceSinkFuncs.
655 */
656typedef enum ATAFNSS
657{
658 ATAFN_SS_NULL = 0,
659 ATAFN_SS_IDENTIFY,
660 ATAFN_SS_FLUSH,
661 ATAFN_SS_READ_SECTORS,
662 ATAFN_SS_WRITE_SECTORS,
663 ATAFN_SS_EXECUTE_DEVICE_DIAGNOSTIC,
664 ATAFN_SS_TRIM,
665 ATAFN_SS_PACKET,
666 ATAFN_SS_ATAPI_GET_CONFIGURATION,
667 ATAFN_SS_ATAPI_GET_EVENT_STATUS_NOTIFICATION,
668 ATAFN_SS_ATAPI_IDENTIFY,
669 ATAFN_SS_ATAPI_INQUIRY,
670 ATAFN_SS_ATAPI_MECHANISM_STATUS,
671 ATAFN_SS_ATAPI_MODE_SENSE_ERROR_RECOVERY,
672 ATAFN_SS_ATAPI_MODE_SENSE_CD_STATUS,
673 ATAFN_SS_ATAPI_READ,
674 ATAFN_SS_ATAPI_READ_CAPACITY,
675 ATAFN_SS_ATAPI_READ_DISC_INFORMATION,
676 ATAFN_SS_ATAPI_READ_TOC_NORMAL,
677 ATAFN_SS_ATAPI_READ_TOC_MULTI,
678 ATAFN_SS_ATAPI_READ_TOC_RAW,
679 ATAFN_SS_ATAPI_READ_TRACK_INFORMATION,
680 ATAFN_SS_ATAPI_REQUEST_SENSE,
681 ATAFN_SS_ATAPI_PASSTHROUGH,
682 ATAFN_SS_ATAPI_READ_DVD_STRUCTURE,
683 ATAFN_SS_MAX
684} ATAFNSS;
685
686# ifdef IN_RING3
687/**
688 * Array of source/sink functions, the index is ATAFNSS.
689 * Make sure ATAFNSS and this array match!
690 */
691static const PSourceSinkFunc g_apfnSourceSinkFuncs[ATAFN_SS_MAX] =
692{
693 NULL,
694 ataR3IdentifySS,
695 ataR3FlushSS,
696 ataR3ReadSectorsSS,
697 ataR3WriteSectorsSS,
698 ataR3ExecuteDeviceDiagnosticSS,
699 ataR3TrimSS,
700 ataR3PacketSS,
701 atapiR3GetConfigurationSS,
702 atapiR3GetEventStatusNotificationSS,
703 atapiR3IdentifySS,
704 atapiR3InquirySS,
705 atapiR3MechanismStatusSS,
706 atapiR3ModeSenseErrorRecoverySS,
707 atapiR3ModeSenseCDStatusSS,
708 atapiR3ReadSS,
709 atapiR3ReadCapacitySS,
710 atapiR3ReadDiscInformationSS,
711 atapiR3ReadTOCNormalSS,
712 atapiR3ReadTOCMultiSS,
713 atapiR3ReadTOCRawSS,
714 atapiR3ReadTrackInformationSS,
715 atapiR3RequestSenseSS,
716 atapiR3PassthroughSS,
717 atapiR3ReadDVDStructureSS
718};
719# endif /* IN_RING3 */
720
721
722static const ATARequest g_ataDMARequest = { ATA_AIO_DMA, { { 0, 0, 0, 0, 0 } } };
723static const ATARequest g_ataPIORequest = { ATA_AIO_PIO, { { 0, 0, 0, 0, 0 } } };
724# ifdef IN_RING3
725static const ATARequest g_ataResetARequest = { ATA_AIO_RESET_ASSERTED, { { 0, 0, 0, 0, 0 } } };
726static const ATARequest g_ataResetCRequest = { ATA_AIO_RESET_CLEARED, { { 0, 0, 0, 0, 0 } } };
727# endif
728
729# ifdef IN_RING3
730static void ataR3AsyncIOClearRequests(PATACONTROLLER pCtl)
731{
732 int rc = PDMCritSectEnter(&pCtl->AsyncIORequestLock, VINF_SUCCESS);
733 AssertRC(rc);
734
735 pCtl->AsyncIOReqHead = 0;
736 pCtl->AsyncIOReqTail = 0;
737
738 rc = PDMCritSectLeave(&pCtl->AsyncIORequestLock);
739 AssertRC(rc);
740}
741# endif /* IN_RING3 */
742
743static void ataHCAsyncIOPutRequest(PATACONTROLLER pCtl, const ATARequest *pReq)
744{
745 int rc = PDMCritSectEnter(&pCtl->AsyncIORequestLock, VINF_SUCCESS);
746 AssertRC(rc);
747
748 Assert((pCtl->AsyncIOReqHead + 1) % RT_ELEMENTS(pCtl->aAsyncIORequests) != pCtl->AsyncIOReqTail);
749 memcpy(&pCtl->aAsyncIORequests[pCtl->AsyncIOReqHead], pReq, sizeof(*pReq));
750 pCtl->AsyncIOReqHead++;
751 pCtl->AsyncIOReqHead %= RT_ELEMENTS(pCtl->aAsyncIORequests);
752
753 rc = PDMCritSectLeave(&pCtl->AsyncIORequestLock);
754 AssertRC(rc);
755
756 rc = PDMHCCritSectScheduleExitEvent(&pCtl->lock, pCtl->hAsyncIOSem);
757 if (RT_FAILURE(rc))
758 {
759 rc = SUPSemEventSignal(pCtl->pSupDrvSession, pCtl->hAsyncIOSem);
760 AssertRC(rc);
761 }
762}
763
764# ifdef IN_RING3
765
766static const ATARequest *ataR3AsyncIOGetCurrentRequest(PATACONTROLLER pCtl)
767{
768 const ATARequest *pReq;
769
770 int rc = PDMCritSectEnter(&pCtl->AsyncIORequestLock, VINF_SUCCESS);
771 AssertRC(rc);
772
773 if (pCtl->AsyncIOReqHead != pCtl->AsyncIOReqTail)
774 pReq = &pCtl->aAsyncIORequests[pCtl->AsyncIOReqTail];
775 else
776 pReq = NULL;
777
778 rc = PDMCritSectLeave(&pCtl->AsyncIORequestLock);
779 AssertRC(rc);
780 return pReq;
781}
782
783
784/**
785 * Remove the request with the given type, as it's finished. The request
786 * is not removed blindly, as this could mean a RESET request that is not
787 * yet processed (but has cleared the request queue) is lost.
788 *
789 * @param pCtl Controller for which to remove the request.
790 * @param ReqType Type of the request to remove.
791 */
792static void ataR3AsyncIORemoveCurrentRequest(PATACONTROLLER pCtl, ATAAIO ReqType)
793{
794 int rc = PDMCritSectEnter(&pCtl->AsyncIORequestLock, VINF_SUCCESS);
795 AssertRC(rc);
796
797 if (pCtl->AsyncIOReqHead != pCtl->AsyncIOReqTail && pCtl->aAsyncIORequests[pCtl->AsyncIOReqTail].ReqType == ReqType)
798 {
799 pCtl->AsyncIOReqTail++;
800 pCtl->AsyncIOReqTail %= RT_ELEMENTS(pCtl->aAsyncIORequests);
801 }
802
803 rc = PDMCritSectLeave(&pCtl->AsyncIORequestLock);
804 AssertRC(rc);
805}
806
807
808/**
809 * Dump the request queue for a particular controller. First dump the queue
810 * contents, then the already processed entries, as long as they haven't been
811 * overwritten.
812 *
813 * @param pCtl Controller for which to dump the queue.
814 */
815static void ataR3AsyncIODumpRequests(PATACONTROLLER pCtl)
816{
817 int rc = PDMCritSectEnter(&pCtl->AsyncIORequestLock, VINF_SUCCESS);
818 AssertRC(rc);
819
820 LogRel(("PIIX3 ATA: Ctl#%d: request queue dump (topmost is current):\n", ATACONTROLLER_IDX(pCtl)));
821 uint8_t curr = pCtl->AsyncIOReqTail;
822 do
823 {
824 if (curr == pCtl->AsyncIOReqHead)
825 LogRel(("PIIX3 ATA: Ctl#%d: processed requests (topmost is oldest):\n", ATACONTROLLER_IDX(pCtl)));
826 switch (pCtl->aAsyncIORequests[curr].ReqType)
827 {
828 case ATA_AIO_NEW:
829 LogRel(("new transfer request, iIf=%d iBeginTransfer=%d iSourceSink=%d cbTotalTransfer=%d uTxDir=%d\n", pCtl->aAsyncIORequests[curr].u.t.iIf, pCtl->aAsyncIORequests[curr].u.t.iBeginTransfer, pCtl->aAsyncIORequests[curr].u.t.iSourceSink, pCtl->aAsyncIORequests[curr].u.t.cbTotalTransfer, pCtl->aAsyncIORequests[curr].u.t.uTxDir));
830 break;
831 case ATA_AIO_DMA:
832 LogRel(("dma transfer continuation\n"));
833 break;
834 case ATA_AIO_PIO:
835 LogRel(("pio transfer continuation\n"));
836 break;
837 case ATA_AIO_RESET_ASSERTED:
838 LogRel(("reset asserted request\n"));
839 break;
840 case ATA_AIO_RESET_CLEARED:
841 LogRel(("reset cleared request\n"));
842 break;
843 case ATA_AIO_ABORT:
844 LogRel(("abort request, iIf=%d fResetDrive=%d\n", pCtl->aAsyncIORequests[curr].u.a.iIf, pCtl->aAsyncIORequests[curr].u.a.fResetDrive));
845 break;
846 default:
847 LogRel(("unknown request %d\n", pCtl->aAsyncIORequests[curr].ReqType));
848 }
849 curr = (curr + 1) % RT_ELEMENTS(pCtl->aAsyncIORequests);
850 } while (curr != pCtl->AsyncIOReqTail);
851
852 rc = PDMCritSectLeave(&pCtl->AsyncIORequestLock);
853 AssertRC(rc);
854}
855
856
857/**
858 * Checks whether the request queue for a particular controller is empty
859 * or whether a particular controller is idle.
860 *
861 * @param pCtl Controller for which to check the queue.
862 * @param fStrict If set then the controller is checked to be idle.
863 */
864static bool ataR3AsyncIOIsIdle(PATACONTROLLER pCtl, bool fStrict)
865{
866 int rc = PDMCritSectEnter(&pCtl->AsyncIORequestLock, VINF_SUCCESS);
867 AssertRC(rc);
868
869 bool fIdle = pCtl->fRedoIdle;
870 if (!fIdle)
871 fIdle = (pCtl->AsyncIOReqHead == pCtl->AsyncIOReqTail);
872 if (fStrict)
873 fIdle &= (pCtl->uAsyncIOState == ATA_AIO_NEW);
874
875 rc = PDMCritSectLeave(&pCtl->AsyncIORequestLock);
876 AssertRC(rc);
877 return fIdle;
878}
879
880
881/**
882 * Send a transfer request to the async I/O thread.
883 *
884 * @param s Pointer to the ATA device state data.
885 * @param cbTotalTransfer Data transfer size.
886 * @param uTxDir Data transfer direction.
887 * @param iBeginTransfer Index of BeginTransfer callback.
888 * @param iSourceSink Index of SourceSink callback.
889 * @param fChainedTransfer Whether this is a transfer that is part of the previous command/transfer.
890 */
891static void ataR3StartTransfer(ATADevState *s, uint32_t cbTotalTransfer, uint8_t uTxDir, ATAFNBT iBeginTransfer,
892 ATAFNSS iSourceSink, bool fChainedTransfer)
893{
894 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
895 ATARequest Req;
896
897 Assert(PDMCritSectIsOwner(&pCtl->lock));
898
899 /* Do not issue new requests while the RESET line is asserted. */
900 if (pCtl->fReset)
901 {
902 Log2(("%s: Ctl#%d: suppressed new request as RESET is active\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
903 return;
904 }
905
906 /* If the controller is already doing something else right now, ignore
907 * the command that is being submitted. Some broken guests issue commands
908 * twice (e.g. the Linux kernel that comes with Acronis True Image 8). */
909 if (!fChainedTransfer && !ataR3AsyncIOIsIdle(pCtl, true /*fStrict*/))
910 {
911 Log(("%s: Ctl#%d: ignored command %#04x, controller state %d\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl), s->uATARegCommand, pCtl->uAsyncIOState));
912 LogRel(("PIIX3 IDE: guest issued command %#04x while controller busy\n", s->uATARegCommand));
913 return;
914 }
915
916 Req.ReqType = ATA_AIO_NEW;
917 if (fChainedTransfer)
918 Req.u.t.iIf = pCtl->iAIOIf;
919 else
920 Req.u.t.iIf = pCtl->iSelectedIf;
921 Req.u.t.cbTotalTransfer = cbTotalTransfer;
922 Req.u.t.uTxDir = uTxDir;
923 Req.u.t.iBeginTransfer = iBeginTransfer;
924 Req.u.t.iSourceSink = iSourceSink;
925 ataSetStatusValue(s, ATA_STAT_BUSY);
926 pCtl->fChainedTransfer = fChainedTransfer;
927
928 /*
929 * Kick the worker thread into action.
930 */
931 Log2(("%s: Ctl#%d: message to async I/O thread, new request\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
932 ataHCAsyncIOPutRequest(pCtl, &Req);
933}
934
935
936/**
937 * Send an abort command request to the async I/O thread.
938 *
939 * @param s Pointer to the ATA device state data.
940 * @param fResetDrive Whether to reset the drive or just abort a command.
941 */
942static void ataR3AbortCurrentCommand(ATADevState *s, bool fResetDrive)
943{
944 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
945 ATARequest Req;
946
947 Assert(PDMCritSectIsOwner(&pCtl->lock));
948
949 /* Do not issue new requests while the RESET line is asserted. */
950 if (pCtl->fReset)
951 {
952 Log2(("%s: Ctl#%d: suppressed aborting command as RESET is active\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
953 return;
954 }
955
956 Req.ReqType = ATA_AIO_ABORT;
957 Req.u.a.iIf = pCtl->iSelectedIf;
958 Req.u.a.fResetDrive = fResetDrive;
959 ataSetStatus(s, ATA_STAT_BUSY);
960 Log2(("%s: Ctl#%d: message to async I/O thread, abort command on LUN#%d\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl), s->iLUN));
961 ataHCAsyncIOPutRequest(pCtl, &Req);
962}
963# endif /* IN_RING3 */
964
965static void ataHCSetIRQ(ATADevState *s)
966{
967 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
968 PPDMDEVINS pDevIns = ATADEVSTATE_2_DEVINS(s);
969
970 if (!(s->uATARegDevCtl & ATA_DEVCTL_DISABLE_IRQ))
971 {
972 Log2(("%s: LUN#%d asserting IRQ\n", __FUNCTION__, s->iLUN));
973 /* The BMDMA unit unconditionally sets BM_STATUS_INT if the interrupt
974 * line is asserted. It monitors the line for a rising edge. */
975 if (!s->fIrqPending)
976 pCtl->BmDma.u8Status |= BM_STATUS_INT;
977 /* Only actually set the IRQ line if updating the currently selected drive. */
978 if (s == &pCtl->aIfs[pCtl->iSelectedIf])
979 {
980 /** @todo experiment with adaptive IRQ delivery: for reads it is
981 * better to wait for IRQ delivery, as it reduces latency. */
982 if (pCtl->irq == 16)
983 PDMDevHlpPCISetIrq(pDevIns, 0, 1);
984 else
985 PDMDevHlpISASetIrq(pDevIns, pCtl->irq, 1);
986 }
987 }
988 s->fIrqPending = true;
989}
990
991#endif /* IN_RING0 || IN_RING3 */
992
993static void ataUnsetIRQ(ATADevState *s)
994{
995 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
996 PPDMDEVINS pDevIns = ATADEVSTATE_2_DEVINS(s);
997
998 if (!(s->uATARegDevCtl & ATA_DEVCTL_DISABLE_IRQ))
999 {
1000 Log2(("%s: LUN#%d deasserting IRQ\n", __FUNCTION__, s->iLUN));
1001 /* Only actually unset the IRQ line if updating the currently selected drive. */
1002 if (s == &pCtl->aIfs[pCtl->iSelectedIf])
1003 {
1004 if (pCtl->irq == 16)
1005 PDMDevHlpPCISetIrq(pDevIns, 0, 0);
1006 else
1007 PDMDevHlpISASetIrq(pDevIns, pCtl->irq, 0);
1008 }
1009 }
1010 s->fIrqPending = false;
1011}
1012
1013#if defined(IN_RING0) || defined(IN_RING3)
1014
1015static void ataHCPIOTransferStart(ATADevState *s, uint32_t start, uint32_t size)
1016{
1017 Log2(("%s: LUN#%d start %d size %d\n", __FUNCTION__, s->iLUN, start, size));
1018 s->iIOBufferPIODataStart = start;
1019 s->iIOBufferPIODataEnd = start + size;
1020 ataSetStatus(s, ATA_STAT_DRQ | ATA_STAT_SEEK);
1021 ataUnsetStatus(s, ATA_STAT_BUSY);
1022}
1023
1024
1025static void ataHCPIOTransferStop(ATADevState *s)
1026{
1027 Log2(("%s: LUN#%d\n", __FUNCTION__, s->iLUN));
1028 if (s->fATAPITransfer)
1029 {
1030 s->uATARegNSector = (s->uATARegNSector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
1031 Log2(("%s: interrupt reason %#04x\n", __FUNCTION__, s->uATARegNSector));
1032 ataHCSetIRQ(s);
1033 s->fATAPITransfer = false;
1034 }
1035 s->cbTotalTransfer = 0;
1036 s->cbElementaryTransfer = 0;
1037 s->iIOBufferPIODataStart = 0;
1038 s->iIOBufferPIODataEnd = 0;
1039 s->iBeginTransfer = ATAFN_BT_NULL;
1040 s->iSourceSink = ATAFN_SS_NULL;
1041}
1042
1043
1044static void ataHCPIOTransferLimitATAPI(ATADevState *s)
1045{
1046 uint32_t cbLimit, cbTransfer;
1047
1048 cbLimit = s->cbPIOTransferLimit;
1049 /* Use maximum transfer size if the guest requested 0. Avoids a hang. */
1050 if (cbLimit == 0)
1051 cbLimit = 0xfffe;
1052 Log2(("%s: byte count limit=%d\n", __FUNCTION__, cbLimit));
1053 if (cbLimit == 0xffff)
1054 cbLimit--;
1055 cbTransfer = RT_MIN(s->cbTotalTransfer, s->iIOBufferEnd - s->iIOBufferCur);
1056 if (cbTransfer > cbLimit)
1057 {
1058 /* Byte count limit for clipping must be even in this case */
1059 if (cbLimit & 1)
1060 cbLimit--;
1061 cbTransfer = cbLimit;
1062 }
1063 s->uATARegLCyl = cbTransfer;
1064 s->uATARegHCyl = cbTransfer >> 8;
1065 s->cbElementaryTransfer = cbTransfer;
1066}
1067
1068# ifdef IN_RING3
1069
1070static uint32_t ataR3GetNSectors(ATADevState *s)
1071{
1072 /* 0 means either 256 (LBA28) or 65536 (LBA48) sectors. */
1073 if (s->fLBA48)
1074 {
1075 if (!s->uATARegNSector && !s->uATARegNSectorHOB)
1076 return 65536;
1077 else
1078 return s->uATARegNSectorHOB << 8 | s->uATARegNSector;
1079 }
1080 else
1081 {
1082 if (!s->uATARegNSector)
1083 return 256;
1084 else
1085 return s->uATARegNSector;
1086 }
1087}
1088
1089
1090static void ataR3PadString(uint8_t *pbDst, const char *pbSrc, uint32_t cbSize)
1091{
1092 for (uint32_t i = 0; i < cbSize; i++)
1093 {
1094 if (*pbSrc)
1095 pbDst[i ^ 1] = *pbSrc++;
1096 else
1097 pbDst[i ^ 1] = ' ';
1098 }
1099}
1100
1101
1102static void ataR3SCSIPadStr(uint8_t *pbDst, const char *pbSrc, uint32_t cbSize)
1103{
1104 for (uint32_t i = 0; i < cbSize; i++)
1105 {
1106 if (*pbSrc)
1107 pbDst[i] = *pbSrc++;
1108 else
1109 pbDst[i] = ' ';
1110 }
1111}
1112
1113
1114DECLINLINE(void) ataH2BE_U16(uint8_t *pbBuf, uint16_t val)
1115{
1116 pbBuf[0] = val >> 8;
1117 pbBuf[1] = val;
1118}
1119
1120
1121DECLINLINE(void) ataH2BE_U24(uint8_t *pbBuf, uint32_t val)
1122{
1123 pbBuf[0] = val >> 16;
1124 pbBuf[1] = val >> 8;
1125 pbBuf[2] = val;
1126}
1127
1128
1129DECLINLINE(void) ataH2BE_U32(uint8_t *pbBuf, uint32_t val)
1130{
1131 pbBuf[0] = val >> 24;
1132 pbBuf[1] = val >> 16;
1133 pbBuf[2] = val >> 8;
1134 pbBuf[3] = val;
1135}
1136
1137
1138DECLINLINE(uint16_t) ataBE2H_U16(const uint8_t *pbBuf)
1139{
1140 return (pbBuf[0] << 8) | pbBuf[1];
1141}
1142
1143
1144DECLINLINE(uint32_t) ataBE2H_U24(const uint8_t *pbBuf)
1145{
1146 return (pbBuf[0] << 16) | (pbBuf[1] << 8) | pbBuf[2];
1147}
1148
1149
1150DECLINLINE(uint32_t) ataBE2H_U32(const uint8_t *pbBuf)
1151{
1152 return (pbBuf[0] << 24) | (pbBuf[1] << 16) | (pbBuf[2] << 8) | pbBuf[3];
1153}
1154
1155
1156DECLINLINE(void) ataLBA2MSF(uint8_t *pbBuf, uint32_t iATAPILBA)
1157{
1158 iATAPILBA += 150;
1159 pbBuf[0] = (iATAPILBA / 75) / 60;
1160 pbBuf[1] = (iATAPILBA / 75) % 60;
1161 pbBuf[2] = iATAPILBA % 75;
1162}
1163
1164
1165DECLINLINE(uint32_t) ataMSF2LBA(const uint8_t *pbBuf)
1166{
1167 return (pbBuf[0] * 60 + pbBuf[1]) * 75 + pbBuf[2];
1168}
1169
1170
1171#if 0 /* unused */
1172/**
1173 * Compares two MSF values.
1174 *
1175 * @returns 1 if the first value is greater than the second value.
1176 * 0 if both are equal
1177 * -1 if the first value is smaller than the second value.
1178 */
1179DECLINLINE(int) atapiCmpMSF(const uint8_t *pbMSF1, const uint8_t *pbMSF2)
1180{
1181 int iRes = 0;
1182
1183 for (unsigned i = 0; i < 3; i++)
1184 {
1185 if (pbMSF1[i] < pbMSF2[i])
1186 {
1187 iRes = -1;
1188 break;
1189 }
1190 else if (pbMSF1[i] > pbMSF2[i])
1191 {
1192 iRes = 1;
1193 break;
1194 }
1195 }
1196
1197 return iRes;
1198}
1199#endif /* unused */
1200
1201static void ataR3CmdOK(ATADevState *s, uint8_t status)
1202{
1203 s->uATARegError = 0; /* Not needed by ATA spec, but cannot hurt. */
1204 ataSetStatusValue(s, ATA_STAT_READY | status);
1205}
1206
1207
1208static void ataR3CmdError(ATADevState *s, uint8_t uErrorCode)
1209{
1210 Log(("%s: code=%#x\n", __FUNCTION__, uErrorCode));
1211 Assert(uErrorCode);
1212 s->uATARegError = uErrorCode;
1213 ataSetStatusValue(s, ATA_STAT_READY | ATA_STAT_ERR);
1214 s->cbTotalTransfer = 0;
1215 s->cbElementaryTransfer = 0;
1216 s->iIOBufferCur = 0;
1217 s->iIOBufferEnd = 0;
1218 s->uTxDir = PDMMEDIATXDIR_NONE;
1219 s->iBeginTransfer = ATAFN_BT_NULL;
1220 s->iSourceSink = ATAFN_SS_NULL;
1221}
1222
1223static uint32_t ataR3Checksum(void* ptr, size_t count)
1224{
1225 uint8_t u8Sum = 0xa5, *p = (uint8_t*)ptr;
1226 size_t i;
1227
1228 for (i = 0; i < count; i++)
1229 {
1230 u8Sum += *p++;
1231 }
1232
1233 return (uint8_t)-(int32_t)u8Sum;
1234}
1235
1236static bool ataR3IdentifySS(ATADevState *s)
1237{
1238 uint16_t *p;
1239
1240 Assert(s->uTxDir == PDMMEDIATXDIR_FROM_DEVICE);
1241 Assert(s->cbElementaryTransfer == 512);
1242
1243 p = (uint16_t *)s->CTX_SUFF(pbIOBuffer);
1244 memset(p, 0, 512);
1245 p[0] = RT_H2LE_U16(0x0040);
1246 p[1] = RT_H2LE_U16(RT_MIN(s->PCHSGeometry.cCylinders, 16383));
1247 p[3] = RT_H2LE_U16(s->PCHSGeometry.cHeads);
1248 /* Block size; obsolete, but required for the BIOS. */
1249 p[5] = RT_H2LE_U16(s->cbSector);
1250 p[6] = RT_H2LE_U16(s->PCHSGeometry.cSectors);
1251 ataR3PadString((uint8_t *)(p + 10), s->szSerialNumber, ATA_SERIAL_NUMBER_LENGTH); /* serial number */
1252 p[20] = RT_H2LE_U16(3); /* XXX: retired, cache type */
1253 p[21] = RT_H2LE_U16(512); /* XXX: retired, cache size in sectors */
1254 p[22] = RT_H2LE_U16(0); /* ECC bytes per sector */
1255 ataR3PadString((uint8_t *)(p + 23), s->szFirmwareRevision, ATA_FIRMWARE_REVISION_LENGTH); /* firmware version */
1256 ataR3PadString((uint8_t *)(p + 27), s->szModelNumber, ATA_MODEL_NUMBER_LENGTH); /* model */
1257# if ATA_MAX_MULT_SECTORS > 1
1258 p[47] = RT_H2LE_U16(0x8000 | ATA_MAX_MULT_SECTORS);
1259# endif
1260 p[48] = RT_H2LE_U16(1); /* dword I/O, used by the BIOS */
1261 p[49] = RT_H2LE_U16(1 << 11 | 1 << 9 | 1 << 8); /* DMA and LBA supported */
1262 p[50] = RT_H2LE_U16(1 << 14); /* No drive specific standby timer minimum */
1263 p[51] = RT_H2LE_U16(240); /* PIO transfer cycle */
1264 p[52] = RT_H2LE_U16(240); /* DMA transfer cycle */
1265 p[53] = RT_H2LE_U16(1 | 1 << 1 | 1 << 2); /* words 54-58,64-70,88 valid */
1266 p[54] = RT_H2LE_U16(RT_MIN(s->PCHSGeometry.cCylinders, 16383));
1267 p[55] = RT_H2LE_U16(s->PCHSGeometry.cHeads);
1268 p[56] = RT_H2LE_U16(s->PCHSGeometry.cSectors);
1269 p[57] = RT_H2LE_U16( RT_MIN(s->PCHSGeometry.cCylinders, 16383)
1270 * s->PCHSGeometry.cHeads
1271 * s->PCHSGeometry.cSectors);
1272 p[58] = RT_H2LE_U16( RT_MIN(s->PCHSGeometry.cCylinders, 16383)
1273 * s->PCHSGeometry.cHeads
1274 * s->PCHSGeometry.cSectors >> 16);
1275 if (s->cMultSectors)
1276 p[59] = RT_H2LE_U16(0x100 | s->cMultSectors);
1277 if (s->cTotalSectors <= (1 << 28) - 1)
1278 {
1279 p[60] = RT_H2LE_U16(s->cTotalSectors);
1280 p[61] = RT_H2LE_U16(s->cTotalSectors >> 16);
1281 }
1282 else
1283 {
1284 /* Report maximum number of sectors possible with LBA28 */
1285 p[60] = RT_H2LE_U16(((1 << 28) - 1) & 0xffff);
1286 p[61] = RT_H2LE_U16(((1 << 28) - 1) >> 16);
1287 }
1288 p[63] = RT_H2LE_U16(ATA_TRANSFER_ID(ATA_MODE_MDMA, ATA_MDMA_MODE_MAX, s->uATATransferMode)); /* MDMA modes supported / mode enabled */
1289 p[64] = RT_H2LE_U16(ATA_PIO_MODE_MAX > 2 ? (1 << (ATA_PIO_MODE_MAX - 2)) - 1 : 0); /* PIO modes beyond PIO2 supported */
1290 p[65] = RT_H2LE_U16(120); /* minimum DMA multiword tx cycle time */
1291 p[66] = RT_H2LE_U16(120); /* recommended DMA multiword tx cycle time */
1292 p[67] = RT_H2LE_U16(120); /* minimum PIO cycle time without flow control */
1293 p[68] = RT_H2LE_U16(120); /* minimum PIO cycle time with IORDY flow control */
1294 if ( s->pDrvMedia->pfnDiscard
1295 || s->cbSector != 512
1296 || s->pDrvMedia->pfnIsNonRotational(s->pDrvMedia))
1297 {
1298 p[80] = RT_H2LE_U16(0x1f0); /* support everything up to ATA/ATAPI-8 ACS */
1299 p[81] = RT_H2LE_U16(0x28); /* conforms to ATA/ATAPI-8 ACS */
1300 }
1301 else
1302 {
1303 p[80] = RT_H2LE_U16(0x7e); /* support everything up to ATA/ATAPI-6 */
1304 p[81] = RT_H2LE_U16(0x22); /* conforms to ATA/ATAPI-6 */
1305 }
1306 p[82] = RT_H2LE_U16(1 << 3 | 1 << 5 | 1 << 6); /* supports power management, write cache and look-ahead */
1307 if (s->cTotalSectors <= (1 << 28) - 1)
1308 p[83] = RT_H2LE_U16(1 << 14 | 1 << 12); /* supports FLUSH CACHE */
1309 else
1310 p[83] = RT_H2LE_U16(1 << 14 | 1 << 10 | 1 << 12 | 1 << 13); /* supports LBA48, FLUSH CACHE and FLUSH CACHE EXT */
1311 p[84] = RT_H2LE_U16(1 << 14);
1312 p[85] = RT_H2LE_U16(1 << 3 | 1 << 5 | 1 << 6); /* enabled power management, write cache and look-ahead */
1313 if (s->cTotalSectors <= (1 << 28) - 1)
1314 p[86] = RT_H2LE_U16(1 << 12); /* enabled FLUSH CACHE */
1315 else
1316 p[86] = RT_H2LE_U16(1 << 10 | 1 << 12 | 1 << 13); /* enabled LBA48, FLUSH CACHE and FLUSH CACHE EXT */
1317 p[87] = RT_H2LE_U16(1 << 14);
1318 p[88] = RT_H2LE_U16(ATA_TRANSFER_ID(ATA_MODE_UDMA, ATA_UDMA_MODE_MAX, s->uATATransferMode)); /* UDMA modes supported / mode enabled */
1319 p[93] = RT_H2LE_U16((1 | 1 << 1) << ((s->iLUN & 1) == 0 ? 0 : 8) | 1 << 13 | 1 << 14);
1320 if (s->cTotalSectors > (1 << 28) - 1)
1321 {
1322 p[100] = RT_H2LE_U16(s->cTotalSectors);
1323 p[101] = RT_H2LE_U16(s->cTotalSectors >> 16);
1324 p[102] = RT_H2LE_U16(s->cTotalSectors >> 32);
1325 p[103] = RT_H2LE_U16(s->cTotalSectors >> 48);
1326 }
1327
1328 if (s->cbSector != 512)
1329 {
1330 uint32_t cSectorSizeInWords = s->cbSector / sizeof(uint16_t);
1331 /* Enable reporting of logical sector size. */
1332 p[106] |= RT_H2LE_U16(RT_BIT(12) | RT_BIT(14));
1333 p[117] = RT_H2LE_U16(cSectorSizeInWords);
1334 p[118] = RT_H2LE_U16(cSectorSizeInWords >> 16);
1335 }
1336
1337 if (s->pDrvMedia->pfnDiscard) /** @todo Set bit 14 in word 69 too? (Deterministic read after TRIM). */
1338 p[169] = RT_H2LE_U16(1); /* DATA SET MANAGEMENT command supported. */
1339 if (s->pDrvMedia->pfnIsNonRotational(s->pDrvMedia))
1340 p[217] = RT_H2LE_U16(1); /* Non-rotational medium */
1341 uint32_t uCsum = ataR3Checksum(p, 510);
1342 p[255] = RT_H2LE_U16(0xa5 | (uCsum << 8)); /* Integrity word */
1343 s->iSourceSink = ATAFN_SS_NULL;
1344 ataR3CmdOK(s, ATA_STAT_SEEK);
1345 return false;
1346}
1347
1348
1349static bool ataR3FlushSS(ATADevState *s)
1350{
1351 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
1352 int rc;
1353
1354 Assert(s->uTxDir == PDMMEDIATXDIR_NONE);
1355 Assert(!s->cbElementaryTransfer);
1356
1357 PDMCritSectLeave(&pCtl->lock);
1358
1359 STAM_PROFILE_START(&s->StatFlushes, f);
1360 rc = s->pDrvMedia->pfnFlush(s->pDrvMedia);
1361 AssertRC(rc);
1362 STAM_PROFILE_STOP(&s->StatFlushes, f);
1363
1364 STAM_PROFILE_START(&pCtl->StatLockWait, a);
1365 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
1366 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
1367 ataR3CmdOK(s, 0);
1368 return false;
1369}
1370
1371static bool atapiR3IdentifySS(ATADevState *s)
1372{
1373 uint16_t *p;
1374
1375 Assert(s->uTxDir == PDMMEDIATXDIR_FROM_DEVICE);
1376 Assert(s->cbElementaryTransfer == 512);
1377
1378 p = (uint16_t *)s->CTX_SUFF(pbIOBuffer);
1379 memset(p, 0, 512);
1380 /* Removable CDROM, 3ms response, 12 byte packets */
1381 p[0] = RT_H2LE_U16(2 << 14 | 5 << 8 | 1 << 7 | 0 << 5 | 0 << 0);
1382 ataR3PadString((uint8_t *)(p + 10), s->szSerialNumber, ATA_SERIAL_NUMBER_LENGTH); /* serial number */
1383 p[20] = RT_H2LE_U16(3); /* XXX: retired, cache type */
1384 p[21] = RT_H2LE_U16(512); /* XXX: retired, cache size in sectors */
1385 ataR3PadString((uint8_t *)(p + 23), s->szFirmwareRevision, ATA_FIRMWARE_REVISION_LENGTH); /* firmware version */
1386 ataR3PadString((uint8_t *)(p + 27), s->szModelNumber, ATA_MODEL_NUMBER_LENGTH); /* model */
1387 p[49] = RT_H2LE_U16(1 << 11 | 1 << 9 | 1 << 8); /* DMA and LBA supported */
1388 p[50] = RT_H2LE_U16(1 << 14); /* No drive specific standby timer minimum */
1389 p[51] = RT_H2LE_U16(240); /* PIO transfer cycle */
1390 p[52] = RT_H2LE_U16(240); /* DMA transfer cycle */
1391 p[53] = RT_H2LE_U16(1 << 1 | 1 << 2); /* words 64-70,88 are valid */
1392 p[63] = RT_H2LE_U16(ATA_TRANSFER_ID(ATA_MODE_MDMA, ATA_MDMA_MODE_MAX, s->uATATransferMode)); /* MDMA modes supported / mode enabled */
1393 p[64] = RT_H2LE_U16(ATA_PIO_MODE_MAX > 2 ? (1 << (ATA_PIO_MODE_MAX - 2)) - 1 : 0); /* PIO modes beyond PIO2 supported */
1394 p[65] = RT_H2LE_U16(120); /* minimum DMA multiword tx cycle time */
1395 p[66] = RT_H2LE_U16(120); /* recommended DMA multiword tx cycle time */
1396 p[67] = RT_H2LE_U16(120); /* minimum PIO cycle time without flow control */
1397 p[68] = RT_H2LE_U16(120); /* minimum PIO cycle time with IORDY flow control */
1398 p[73] = RT_H2LE_U16(0x003e); /* ATAPI CDROM major */
1399 p[74] = RT_H2LE_U16(9); /* ATAPI CDROM minor */
1400 p[75] = RT_H2LE_U16(1); /* queue depth 1 */
1401 p[80] = RT_H2LE_U16(0x7e); /* support everything up to ATA/ATAPI-6 */
1402 p[81] = RT_H2LE_U16(0x22); /* conforms to ATA/ATAPI-6 */
1403 p[82] = RT_H2LE_U16(1 << 4 | 1 << 9); /* supports packet command set and DEVICE RESET */
1404 p[83] = RT_H2LE_U16(1 << 14);
1405 p[84] = RT_H2LE_U16(1 << 14);
1406 p[85] = RT_H2LE_U16(1 << 4 | 1 << 9); /* enabled packet command set and DEVICE RESET */
1407 p[86] = RT_H2LE_U16(0);
1408 p[87] = RT_H2LE_U16(1 << 14);
1409 p[88] = RT_H2LE_U16(ATA_TRANSFER_ID(ATA_MODE_UDMA, ATA_UDMA_MODE_MAX, s->uATATransferMode)); /* UDMA modes supported / mode enabled */
1410 p[93] = RT_H2LE_U16((1 | 1 << 1) << ((s->iLUN & 1) == 0 ? 0 : 8) | 1 << 13 | 1 << 14);
1411 /* According to ATAPI-5 spec:
1412 *
1413 * The use of this word is optional.
1414 * If bits 7:0 of this word contain the signature A5h, bits 15:8
1415 * contain the data
1416 * structure checksum.
1417 * The data structure checksum is the twos complement of the sum of
1418 * all bytes in words 0 through 254 and the byte consisting of
1419 * bits 7:0 in word 255.
1420 * Each byte shall be added with unsigned arithmetic,
1421 * and overflow shall be ignored.
1422 * The sum of all 512 bytes is zero when the checksum is correct.
1423 */
1424 uint32_t uCsum = ataR3Checksum(p, 510);
1425 p[255] = RT_H2LE_U16(0xa5 | (uCsum << 8)); /* Integrity word */
1426
1427 s->iSourceSink = ATAFN_SS_NULL;
1428 ataR3CmdOK(s, ATA_STAT_SEEK);
1429 return false;
1430}
1431
1432
1433static void ataR3SetSignature(ATADevState *s)
1434{
1435 s->uATARegSelect &= 0xf0; /* clear head */
1436 /* put signature */
1437 s->uATARegNSector = 1;
1438 s->uATARegSector = 1;
1439 if (s->fATAPI)
1440 {
1441 s->uATARegLCyl = 0x14;
1442 s->uATARegHCyl = 0xeb;
1443 }
1444 else if (s->pDrvMedia)
1445 {
1446 s->uATARegLCyl = 0;
1447 s->uATARegHCyl = 0;
1448 }
1449 else
1450 {
1451 s->uATARegLCyl = 0xff;
1452 s->uATARegHCyl = 0xff;
1453 }
1454}
1455
1456
1457static uint64_t ataR3GetSector(ATADevState *s)
1458{
1459 uint64_t iLBA;
1460 if (s->uATARegSelect & 0x40)
1461 {
1462 /* any LBA variant */
1463 if (s->fLBA48)
1464 {
1465 /* LBA48 */
1466 iLBA = ((uint64_t)s->uATARegHCylHOB << 40) |
1467 ((uint64_t)s->uATARegLCylHOB << 32) |
1468 ((uint64_t)s->uATARegSectorHOB << 24) |
1469 ((uint64_t)s->uATARegHCyl << 16) |
1470 ((uint64_t)s->uATARegLCyl << 8) |
1471 s->uATARegSector;
1472 }
1473 else
1474 {
1475 /* LBA */
1476 iLBA = ((s->uATARegSelect & 0x0f) << 24) | (s->uATARegHCyl << 16) |
1477 (s->uATARegLCyl << 8) | s->uATARegSector;
1478 }
1479 }
1480 else
1481 {
1482 /* CHS */
1483 iLBA = ((s->uATARegHCyl << 8) | s->uATARegLCyl) * s->PCHSGeometry.cHeads * s->PCHSGeometry.cSectors +
1484 (s->uATARegSelect & 0x0f) * s->PCHSGeometry.cSectors +
1485 (s->uATARegSector - 1);
1486 }
1487 return iLBA;
1488}
1489
1490static void ataR3SetSector(ATADevState *s, uint64_t iLBA)
1491{
1492 uint32_t cyl, r;
1493 if (s->uATARegSelect & 0x40)
1494 {
1495 /* any LBA variant */
1496 if (s->fLBA48)
1497 {
1498 /* LBA48 */
1499 s->uATARegHCylHOB = iLBA >> 40;
1500 s->uATARegLCylHOB = iLBA >> 32;
1501 s->uATARegSectorHOB = iLBA >> 24;
1502 s->uATARegHCyl = iLBA >> 16;
1503 s->uATARegLCyl = iLBA >> 8;
1504 s->uATARegSector = iLBA;
1505 }
1506 else
1507 {
1508 /* LBA */
1509 s->uATARegSelect = (s->uATARegSelect & 0xf0) | (iLBA >> 24);
1510 s->uATARegHCyl = (iLBA >> 16);
1511 s->uATARegLCyl = (iLBA >> 8);
1512 s->uATARegSector = (iLBA);
1513 }
1514 }
1515 else
1516 {
1517 /* CHS */
1518 cyl = iLBA / (s->PCHSGeometry.cHeads * s->PCHSGeometry.cSectors);
1519 r = iLBA % (s->PCHSGeometry.cHeads * s->PCHSGeometry.cSectors);
1520 s->uATARegHCyl = cyl >> 8;
1521 s->uATARegLCyl = cyl;
1522 s->uATARegSelect = (s->uATARegSelect & 0xf0) | ((r / s->PCHSGeometry.cSectors) & 0x0f);
1523 s->uATARegSector = (r % s->PCHSGeometry.cSectors) + 1;
1524 }
1525}
1526
1527
1528static void ataR3WarningDiskFull(PPDMDEVINS pDevIns)
1529{
1530 int rc;
1531 LogRel(("PIIX3 ATA: Host disk full\n"));
1532 rc = PDMDevHlpVMSetRuntimeError(pDevIns, VMSETRTERR_FLAGS_SUSPEND | VMSETRTERR_FLAGS_NO_WAIT, "DevATA_DISKFULL",
1533 N_("Host system reported disk full. VM execution is suspended. You can resume after freeing some space"));
1534 AssertRC(rc);
1535}
1536
1537static void ataR3WarningFileTooBig(PPDMDEVINS pDevIns)
1538{
1539 int rc;
1540 LogRel(("PIIX3 ATA: File too big\n"));
1541 rc = PDMDevHlpVMSetRuntimeError(pDevIns, VMSETRTERR_FLAGS_SUSPEND | VMSETRTERR_FLAGS_NO_WAIT, "DevATA_FILETOOBIG",
1542 N_("Host system reported that the file size limit of the host file system has been exceeded. VM execution is suspended. You need to move your virtual hard disk to a filesystem which allows bigger files"));
1543 AssertRC(rc);
1544}
1545
1546static void ataR3WarningISCSI(PPDMDEVINS pDevIns)
1547{
1548 int rc;
1549 LogRel(("PIIX3 ATA: iSCSI target unavailable\n"));
1550 rc = PDMDevHlpVMSetRuntimeError(pDevIns, VMSETRTERR_FLAGS_SUSPEND | VMSETRTERR_FLAGS_NO_WAIT, "DevATA_ISCSIDOWN",
1551 N_("The iSCSI target has stopped responding. VM execution is suspended. You can resume when it is available again"));
1552 AssertRC(rc);
1553}
1554
1555static bool ataR3IsRedoSetWarning(ATADevState *s, int rc)
1556{
1557 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
1558 Assert(!PDMCritSectIsOwner(&pCtl->lock));
1559 if (rc == VERR_DISK_FULL)
1560 {
1561 pCtl->fRedoIdle = true;
1562 ataR3WarningDiskFull(ATADEVSTATE_2_DEVINS(s));
1563 return true;
1564 }
1565 if (rc == VERR_FILE_TOO_BIG)
1566 {
1567 pCtl->fRedoIdle = true;
1568 ataR3WarningFileTooBig(ATADEVSTATE_2_DEVINS(s));
1569 return true;
1570 }
1571 if (rc == VERR_BROKEN_PIPE || rc == VERR_NET_CONNECTION_REFUSED)
1572 {
1573 pCtl->fRedoIdle = true;
1574 /* iSCSI connection abort (first error) or failure to reestablish
1575 * connection (second error). Pause VM. On resume we'll retry. */
1576 ataR3WarningISCSI(ATADEVSTATE_2_DEVINS(s));
1577 return true;
1578 }
1579 if (rc == VERR_VD_DEK_MISSING)
1580 {
1581 /* Error message already set. */
1582 pCtl->fRedoIdle = true;
1583 return true;
1584 }
1585
1586 return false;
1587}
1588
1589
1590static int ataR3ReadSectors(ATADevState *s, uint64_t u64Sector, void *pvBuf,
1591 uint32_t cSectors, bool *pfRedo)
1592{
1593 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
1594 int rc;
1595
1596 PDMCritSectLeave(&pCtl->lock);
1597
1598 STAM_PROFILE_ADV_START(&s->StatReads, r);
1599 s->Led.Asserted.s.fReading = s->Led.Actual.s.fReading = 1;
1600 rc = s->pDrvMedia->pfnRead(s->pDrvMedia, u64Sector * s->cbSector, pvBuf, cSectors * s->cbSector);
1601 s->Led.Actual.s.fReading = 0;
1602 STAM_PROFILE_ADV_STOP(&s->StatReads, r);
1603 Log4(("ataR3ReadSectors: rc=%Rrc cSectors=%#x u64Sector=%llu\n%.*Rhxd\n",
1604 rc, cSectors, u64Sector, cSectors * s->cbSector, pvBuf));
1605
1606 STAM_REL_COUNTER_ADD(&s->StatBytesRead, cSectors * s->cbSector);
1607
1608 if (RT_SUCCESS(rc))
1609 *pfRedo = false;
1610 else
1611 *pfRedo = ataR3IsRedoSetWarning(s, rc);
1612
1613 STAM_PROFILE_START(&pCtl->StatLockWait, a);
1614 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
1615 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
1616 return rc;
1617}
1618
1619
1620static int ataR3WriteSectors(ATADevState *s, uint64_t u64Sector,
1621 const void *pvBuf, uint32_t cSectors, bool *pfRedo)
1622{
1623 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
1624 int rc;
1625
1626 PDMCritSectLeave(&pCtl->lock);
1627
1628 STAM_PROFILE_ADV_START(&s->StatWrites, w);
1629 s->Led.Asserted.s.fWriting = s->Led.Actual.s.fWriting = 1;
1630# ifdef VBOX_INSTRUMENT_DMA_WRITES
1631 if (s->fDMA)
1632 STAM_PROFILE_ADV_START(&s->StatInstrVDWrites, vw);
1633# endif
1634 rc = s->pDrvMedia->pfnWrite(s->pDrvMedia, u64Sector * s->cbSector, pvBuf, cSectors * s->cbSector);
1635# ifdef VBOX_INSTRUMENT_DMA_WRITES
1636 if (s->fDMA)
1637 STAM_PROFILE_ADV_STOP(&s->StatInstrVDWrites, vw);
1638# endif
1639 s->Led.Actual.s.fWriting = 0;
1640 STAM_PROFILE_ADV_STOP(&s->StatWrites, w);
1641 Log4(("ataR3WriteSectors: rc=%Rrc cSectors=%#x u64Sector=%llu\n%.*Rhxd\n",
1642 rc, cSectors, u64Sector, cSectors * s->cbSector, pvBuf));
1643
1644 STAM_REL_COUNTER_ADD(&s->StatBytesWritten, cSectors * s->cbSector);
1645
1646 if (RT_SUCCESS(rc))
1647 *pfRedo = false;
1648 else
1649 *pfRedo = ataR3IsRedoSetWarning(s, rc);
1650
1651 STAM_PROFILE_START(&pCtl->StatLockWait, a);
1652 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
1653 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
1654 return rc;
1655}
1656
1657
1658static void ataR3ReadWriteSectorsBT(ATADevState *s)
1659{
1660 uint32_t cSectors;
1661
1662 cSectors = s->cbTotalTransfer / s->cbSector;
1663 if (cSectors > s->cSectorsPerIRQ)
1664 s->cbElementaryTransfer = s->cSectorsPerIRQ * s->cbSector;
1665 else
1666 s->cbElementaryTransfer = cSectors * s->cbSector;
1667 if (s->uTxDir == PDMMEDIATXDIR_TO_DEVICE)
1668 ataR3CmdOK(s, 0);
1669}
1670
1671
1672static bool ataR3ReadSectorsSS(ATADevState *s)
1673{
1674 int rc;
1675 uint32_t cSectors;
1676 uint64_t iLBA;
1677 bool fRedo;
1678
1679 cSectors = s->cbElementaryTransfer / s->cbSector;
1680 Assert(cSectors);
1681 iLBA = ataR3GetSector(s);
1682 Log(("%s: %d sectors at LBA %d\n", __FUNCTION__, cSectors, iLBA));
1683 rc = ataR3ReadSectors(s, iLBA, s->CTX_SUFF(pbIOBuffer), cSectors, &fRedo);
1684 if (RT_SUCCESS(rc))
1685 {
1686 ataR3SetSector(s, iLBA + cSectors);
1687 if (s->cbElementaryTransfer == s->cbTotalTransfer)
1688 s->iSourceSink = ATAFN_SS_NULL;
1689 ataR3CmdOK(s, ATA_STAT_SEEK);
1690 }
1691 else
1692 {
1693 if (fRedo)
1694 return fRedo;
1695 if (s->cErrors++ < MAX_LOG_REL_ERRORS)
1696 LogRel(("PIIX3 ATA: LUN#%d: disk read error (rc=%Rrc iSector=%#RX64 cSectors=%#RX32)\n",
1697 s->iLUN, rc, iLBA, cSectors));
1698
1699 /*
1700 * Check if we got interrupted. We don't need to set status variables
1701 * because the request was aborted.
1702 */
1703 if (rc != VERR_INTERRUPTED)
1704 ataR3CmdError(s, ID_ERR);
1705 }
1706 return false;
1707}
1708
1709
1710static bool ataR3WriteSectorsSS(ATADevState *s)
1711{
1712 int rc;
1713 uint32_t cSectors;
1714 uint64_t iLBA;
1715 bool fRedo;
1716
1717 cSectors = s->cbElementaryTransfer / s->cbSector;
1718 Assert(cSectors);
1719 iLBA = ataR3GetSector(s);
1720 Log(("%s: %d sectors at LBA %d\n", __FUNCTION__, cSectors, iLBA));
1721 rc = ataR3WriteSectors(s, iLBA, s->CTX_SUFF(pbIOBuffer), cSectors, &fRedo);
1722 if (RT_SUCCESS(rc))
1723 {
1724 ataR3SetSector(s, iLBA + cSectors);
1725 if (!s->cbTotalTransfer)
1726 s->iSourceSink = ATAFN_SS_NULL;
1727 ataR3CmdOK(s, ATA_STAT_SEEK);
1728 }
1729 else
1730 {
1731 if (fRedo)
1732 return fRedo;
1733 if (s->cErrors++ < MAX_LOG_REL_ERRORS)
1734 LogRel(("PIIX3 ATA: LUN#%d: disk write error (rc=%Rrc iSector=%#RX64 cSectors=%#RX32)\n",
1735 s->iLUN, rc, iLBA, cSectors));
1736
1737 /*
1738 * Check if we got interrupted. We don't need to set status variables
1739 * because the request was aborted.
1740 */
1741 if (rc != VERR_INTERRUPTED)
1742 ataR3CmdError(s, ID_ERR);
1743 }
1744 return false;
1745}
1746
1747
1748static void atapiR3CmdOK(ATADevState *s)
1749{
1750 s->uATARegError = 0;
1751 ataSetStatusValue(s, ATA_STAT_READY);
1752 s->uATARegNSector = (s->uATARegNSector & ~7)
1753 | ((s->uTxDir != PDMMEDIATXDIR_TO_DEVICE) ? ATAPI_INT_REASON_IO : 0)
1754 | (!s->cbTotalTransfer ? ATAPI_INT_REASON_CD : 0);
1755 Log2(("%s: interrupt reason %#04x\n", __FUNCTION__, s->uATARegNSector));
1756
1757 memset(s->abATAPISense, '\0', sizeof(s->abATAPISense));
1758 s->abATAPISense[0] = 0x70 | (1 << 7);
1759 s->abATAPISense[7] = 10;
1760}
1761
1762
1763static void atapiR3CmdError(ATADevState *s, const uint8_t *pabATAPISense, size_t cbATAPISense)
1764{
1765 Log(("%s: sense=%#x (%s) asc=%#x ascq=%#x (%s)\n", __FUNCTION__, pabATAPISense[2] & 0x0f, SCSISenseText(pabATAPISense[2] & 0x0f),
1766 pabATAPISense[12], pabATAPISense[13], SCSISenseExtText(pabATAPISense[12], pabATAPISense[13])));
1767 s->uATARegError = pabATAPISense[2] << 4;
1768 ataSetStatusValue(s, ATA_STAT_READY | ATA_STAT_ERR);
1769 s->uATARegNSector = (s->uATARegNSector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
1770 Log2(("%s: interrupt reason %#04x\n", __FUNCTION__, s->uATARegNSector));
1771 memset(s->abATAPISense, '\0', sizeof(s->abATAPISense));
1772 memcpy(s->abATAPISense, pabATAPISense, RT_MIN(cbATAPISense, sizeof(s->abATAPISense)));
1773 s->cbTotalTransfer = 0;
1774 s->cbElementaryTransfer = 0;
1775 s->cbAtapiPassthroughTransfer = 0;
1776 s->iIOBufferCur = 0;
1777 s->iIOBufferEnd = 0;
1778 s->uTxDir = PDMMEDIATXDIR_NONE;
1779 s->iBeginTransfer = ATAFN_BT_NULL;
1780 s->iSourceSink = ATAFN_SS_NULL;
1781}
1782
1783
1784/** @todo deprecated function - doesn't provide enough info. Replace by direct
1785 * calls to atapiR3CmdError() with full data. */
1786static void atapiR3CmdErrorSimple(ATADevState *s, uint8_t uATAPISenseKey, uint8_t uATAPIASC)
1787{
1788 uint8_t abATAPISense[ATAPI_SENSE_SIZE];
1789 memset(abATAPISense, '\0', sizeof(abATAPISense));
1790 abATAPISense[0] = 0x70 | (1 << 7);
1791 abATAPISense[2] = uATAPISenseKey & 0x0f;
1792 abATAPISense[7] = 10;
1793 abATAPISense[12] = uATAPIASC;
1794 atapiR3CmdError(s, abATAPISense, sizeof(abATAPISense));
1795}
1796
1797
1798static void atapiR3CmdBT(ATADevState *s)
1799{
1800 s->fATAPITransfer = true;
1801 s->cbElementaryTransfer = s->cbTotalTransfer;
1802 s->cbAtapiPassthroughTransfer = s->cbTotalTransfer;
1803 s->cbPIOTransferLimit = s->uATARegLCyl | (s->uATARegHCyl << 8);
1804 if (s->uTxDir == PDMMEDIATXDIR_TO_DEVICE)
1805 atapiR3CmdOK(s);
1806}
1807
1808
1809static void atapiR3PassthroughCmdBT(ATADevState *s)
1810{
1811 /** @todo implement an algorithm for correctly determining the read and
1812 * write sector size without sending additional commands to the drive.
1813 * This should be doable by saving processing the configuration requests
1814 * and replies. */
1815# if 0
1816 if (s->uTxDir == PDMMEDIATXDIR_TO_DEVICE)
1817 {
1818 uint8_t cmd = s->aATAPICmd[0];
1819 if (cmd == SCSI_WRITE_10 || cmd == SCSI_WRITE_12 || cmd == SCSI_WRITE_AND_VERIFY_10)
1820 {
1821 uint8_t aModeSenseCmd[10];
1822 uint8_t aModeSenseResult[16];
1823 uint8_t uDummySense;
1824 uint32_t cbTransfer;
1825 int rc;
1826
1827 cbTransfer = sizeof(aModeSenseResult);
1828 aModeSenseCmd[0] = SCSI_MODE_SENSE_10;
1829 aModeSenseCmd[1] = 0x08; /* disable block descriptor = 1 */
1830 aModeSenseCmd[2] = (SCSI_PAGECONTROL_CURRENT << 6) | SCSI_MODEPAGE_WRITE_PARAMETER;
1831 aModeSenseCmd[3] = 0; /* subpage code */
1832 aModeSenseCmd[4] = 0; /* reserved */
1833 aModeSenseCmd[5] = 0; /* reserved */
1834 aModeSenseCmd[6] = 0; /* reserved */
1835 aModeSenseCmd[7] = cbTransfer >> 8;
1836 aModeSenseCmd[8] = cbTransfer & 0xff;
1837 aModeSenseCmd[9] = 0; /* control */
1838 rc = s->pDrvMedia->pfnSendCmd(s->pDrvMedia, aModeSenseCmd, PDMMEDIATXDIR_FROM_DEVICE, aModeSenseResult, &cbTransfer, &uDummySense, 500);
1839 if (RT_FAILURE(rc))
1840 {
1841 atapiR3CmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_NONE);
1842 return;
1843 }
1844 /* Select sector size based on the current data block type. */
1845 switch (aModeSenseResult[12] & 0x0f)
1846 {
1847 case 0:
1848 s->cbATAPISector = 2352;
1849 break;
1850 case 1:
1851 s->cbATAPISector = 2368;
1852 break;
1853 case 2:
1854 case 3:
1855 s->cbATAPISector = 2448;
1856 break;
1857 case 8:
1858 case 10:
1859 s->cbATAPISector = 2048;
1860 break;
1861 case 9:
1862 s->cbATAPISector = 2336;
1863 break;
1864 case 11:
1865 s->cbATAPISector = 2056;
1866 break;
1867 case 12:
1868 s->cbATAPISector = 2324;
1869 break;
1870 case 13:
1871 s->cbATAPISector = 2332;
1872 break;
1873 default:
1874 s->cbATAPISector = 0;
1875 }
1876 Log2(("%s: sector size %d\n", __FUNCTION__, s->cbATAPISector));
1877 s->cbTotalTransfer *= s->cbATAPISector;
1878 if (s->cbTotalTransfer == 0)
1879 s->uTxDir = PDMMEDIATXDIR_NONE;
1880 }
1881 }
1882# endif
1883 atapiR3CmdBT(s);
1884}
1885
1886static bool atapiR3ReadSS(ATADevState *s)
1887{
1888 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
1889 int rc = VINF_SUCCESS;
1890 uint32_t cbTransfer, cSectors;
1891
1892 Assert(s->uTxDir == PDMMEDIATXDIR_FROM_DEVICE);
1893 cbTransfer = RT_MIN(s->cbTotalTransfer, s->cbIOBuffer);
1894 cSectors = cbTransfer / s->cbATAPISector;
1895 Assert(cSectors * s->cbATAPISector <= cbTransfer);
1896 Log(("%s: %d sectors at LBA %d\n", __FUNCTION__, cSectors, s->iATAPILBA));
1897
1898 PDMCritSectLeave(&pCtl->lock);
1899
1900 STAM_PROFILE_ADV_START(&s->StatReads, r);
1901 s->Led.Asserted.s.fReading = s->Led.Actual.s.fReading = 1;
1902 switch (s->cbATAPISector)
1903 {
1904 case 2048:
1905 rc = s->pDrvMedia->pfnRead(s->pDrvMedia, (uint64_t)s->iATAPILBA * s->cbATAPISector, s->CTX_SUFF(pbIOBuffer), s->cbATAPISector * cSectors);
1906 break;
1907 case 2352:
1908 {
1909 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
1910
1911 for (uint32_t i = s->iATAPILBA; i < s->iATAPILBA + cSectors; i++)
1912 {
1913 /* Sync bytes, see 4.2.3.8 CD Main Channel Block Formats */
1914 *pbBuf++ = 0x00;
1915 memset(pbBuf, 0xff, 10);
1916 pbBuf += 10;
1917 *pbBuf++ = 0x00;
1918 /* MSF */
1919 ataLBA2MSF(pbBuf, i);
1920 pbBuf += 3;
1921 *pbBuf++ = 0x01; /* mode 1 data */
1922 /* data */
1923 rc = s->pDrvMedia->pfnRead(s->pDrvMedia, (uint64_t)i * 2048, pbBuf, 2048);
1924 if (RT_FAILURE(rc))
1925 break;
1926 pbBuf += 2048;
1927 /**
1928 * @todo: maybe compute ECC and parity, layout is:
1929 * 2072 4 EDC
1930 * 2076 172 P parity symbols
1931 * 2248 104 Q parity symbols
1932 */
1933 memset(pbBuf, 0, 280);
1934 pbBuf += 280;
1935 }
1936 break;
1937 }
1938 default:
1939 break;
1940 }
1941 s->Led.Actual.s.fReading = 0;
1942 STAM_PROFILE_ADV_STOP(&s->StatReads, r);
1943
1944 STAM_PROFILE_START(&pCtl->StatLockWait, a);
1945 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
1946 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
1947
1948 if (RT_SUCCESS(rc))
1949 {
1950 STAM_REL_COUNTER_ADD(&s->StatBytesRead, s->cbATAPISector * cSectors);
1951
1952 /* The initial buffer end value has been set up based on the total
1953 * transfer size. But the I/O buffer size limits what can actually be
1954 * done in one transfer, so set the actual value of the buffer end. */
1955 s->cbElementaryTransfer = cbTransfer;
1956 if (cbTransfer >= s->cbTotalTransfer)
1957 s->iSourceSink = ATAFN_SS_NULL;
1958 atapiR3CmdOK(s);
1959 s->iATAPILBA += cSectors;
1960 }
1961 else
1962 {
1963 if (s->cErrors++ < MAX_LOG_REL_ERRORS)
1964 LogRel(("PIIX3 ATA: LUN#%d: CD-ROM read error, %d sectors at LBA %d\n", s->iLUN, cSectors, s->iATAPILBA));
1965
1966 /*
1967 * Check if we got interrupted. We don't need to set status variables
1968 * because the request was aborted.
1969 */
1970 if (rc != VERR_INTERRUPTED)
1971 atapiR3CmdErrorSimple(s, SCSI_SENSE_MEDIUM_ERROR, SCSI_ASC_READ_ERROR);
1972 }
1973 return false;
1974}
1975
1976/**
1977 * Sets the given media track type.
1978 */
1979static uint32_t ataR3MediumTypeSet(ATADevState *s, uint32_t MediaTrackType)
1980{
1981 return ASMAtomicXchgU32(&s->MediaTrackType, MediaTrackType);
1982}
1983
1984static bool atapiR3PassthroughSS(ATADevState *s)
1985{
1986 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
1987 int rc = VINF_SUCCESS;
1988 uint8_t abATAPISense[ATAPI_SENSE_SIZE];
1989 uint32_t cbTransfer;
1990 PSTAMPROFILEADV pProf = NULL;
1991
1992 cbTransfer = RT_MIN(s->cbAtapiPassthroughTransfer, s->cbIOBuffer);
1993
1994 if (s->uTxDir == PDMMEDIATXDIR_TO_DEVICE)
1995 Log3(("ATAPI PT data write (%d): %.*Rhxs\n", cbTransfer, cbTransfer, s->CTX_SUFF(pbIOBuffer)));
1996
1997 /* Simple heuristics: if there is at least one sector of data
1998 * to transfer, it's worth updating the LEDs. */
1999 if (cbTransfer >= 2048)
2000 {
2001 if (s->uTxDir != PDMMEDIATXDIR_TO_DEVICE)
2002 {
2003 s->Led.Asserted.s.fReading = s->Led.Actual.s.fReading = 1;
2004 pProf = &s->StatReads;
2005 }
2006 else
2007 {
2008 s->Led.Asserted.s.fWriting = s->Led.Actual.s.fWriting = 1;
2009 pProf = &s->StatWrites;
2010 }
2011 }
2012
2013 PDMCritSectLeave(&pCtl->lock);
2014
2015# if defined(LOG_ENABLED)
2016 char szBuf[1024];
2017
2018 memset(szBuf, 0, sizeof(szBuf));
2019
2020 switch (s->aATAPICmd[0])
2021 {
2022 case SCSI_MODE_SELECT_10:
2023 {
2024 size_t cbBlkDescLength = ataBE2H_U16(&s->CTX_SUFF(pbIOBuffer)[6]);
2025
2026 SCSILogModePage(szBuf, sizeof(szBuf) - 1,
2027 s->CTX_SUFF(pbIOBuffer) + 8 + cbBlkDescLength,
2028 cbTransfer - 8 - cbBlkDescLength);
2029 break;
2030 }
2031 case SCSI_SEND_CUE_SHEET:
2032 {
2033 SCSILogCueSheet(szBuf, sizeof(szBuf) - 1,
2034 s->CTX_SUFF(pbIOBuffer), cbTransfer);
2035 break;
2036 }
2037 default:
2038 break;
2039 }
2040
2041 Log2(("%s\n", szBuf));
2042# endif
2043
2044 if (pProf) { STAM_PROFILE_ADV_START(pProf, b); }
2045 if ( cbTransfer > SCSI_MAX_BUFFER_SIZE
2046 || s->cbElementaryTransfer > s->cbIOBuffer)
2047 {
2048 /* Linux accepts commands with up to 100KB of data, but expects
2049 * us to handle commands with up to 128KB of data. The usual
2050 * imbalance of powers. */
2051 uint8_t aATAPICmd[ATAPI_PACKET_SIZE];
2052 uint32_t iATAPILBA, cSectors, cReqSectors, cbCurrTX;
2053 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2054 uint32_t cSectorsMax; /**< Maximum amount of sectors to read without exceeding the I/O buffer. */
2055
2056 Assert(s->cbATAPISector);
2057 cSectorsMax = cbTransfer / s->cbATAPISector;
2058 Assert(cSectorsMax * s->cbATAPISector <= s->cbIOBuffer);
2059
2060 switch (s->aATAPICmd[0])
2061 {
2062 case SCSI_READ_10:
2063 case SCSI_WRITE_10:
2064 case SCSI_WRITE_AND_VERIFY_10:
2065 iATAPILBA = ataBE2H_U32(s->aATAPICmd + 2);
2066 cSectors = ataBE2H_U16(s->aATAPICmd + 7);
2067 break;
2068 case SCSI_READ_12:
2069 case SCSI_WRITE_12:
2070 iATAPILBA = ataBE2H_U32(s->aATAPICmd + 2);
2071 cSectors = ataBE2H_U32(s->aATAPICmd + 6);
2072 break;
2073 case SCSI_READ_CD:
2074 iATAPILBA = ataBE2H_U32(s->aATAPICmd + 2);
2075 cSectors = ataBE2H_U24(s->aATAPICmd + 6);
2076 break;
2077 case SCSI_READ_CD_MSF:
2078 iATAPILBA = ataMSF2LBA(s->aATAPICmd + 3);
2079 cSectors = ataMSF2LBA(s->aATAPICmd + 6) - iATAPILBA;
2080 break;
2081 default:
2082 AssertMsgFailed(("Don't know how to split command %#04x\n", s->aATAPICmd[0]));
2083 if (s->cErrors++ < MAX_LOG_REL_ERRORS)
2084 LogRel(("PIIX3 ATA: LUN#%d: CD-ROM passthrough split error\n", s->iLUN));
2085 atapiR3CmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_ILLEGAL_OPCODE);
2086 {
2087 STAM_PROFILE_START(&pCtl->StatLockWait, a);
2088 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
2089 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
2090 }
2091 return false;
2092 }
2093 cSectorsMax = RT_MIN(cSectorsMax, cSectors);
2094 memcpy(aATAPICmd, s->aATAPICmd, ATAPI_PACKET_SIZE);
2095 cReqSectors = 0;
2096 for (uint32_t i = cSectorsMax; i > 0; i -= cReqSectors)
2097 {
2098 if (i * s->cbATAPISector > SCSI_MAX_BUFFER_SIZE)
2099 cReqSectors = SCSI_MAX_BUFFER_SIZE / s->cbATAPISector;
2100 else
2101 cReqSectors = i;
2102 cbCurrTX = s->cbATAPISector * cReqSectors;
2103 switch (s->aATAPICmd[0])
2104 {
2105 case SCSI_READ_10:
2106 case SCSI_WRITE_10:
2107 case SCSI_WRITE_AND_VERIFY_10:
2108 ataH2BE_U32(aATAPICmd + 2, iATAPILBA);
2109 ataH2BE_U16(aATAPICmd + 7, cReqSectors);
2110 break;
2111 case SCSI_READ_12:
2112 case SCSI_WRITE_12:
2113 ataH2BE_U32(aATAPICmd + 2, iATAPILBA);
2114 ataH2BE_U32(aATAPICmd + 6, cReqSectors);
2115 break;
2116 case SCSI_READ_CD:
2117 ataH2BE_U32(aATAPICmd + 2, iATAPILBA);
2118 ataH2BE_U24(aATAPICmd + 6, cReqSectors);
2119 break;
2120 case SCSI_READ_CD_MSF:
2121 ataLBA2MSF(aATAPICmd + 3, iATAPILBA);
2122 ataLBA2MSF(aATAPICmd + 6, iATAPILBA + cReqSectors);
2123 break;
2124 }
2125 rc = s->pDrvMedia->pfnSendCmd(s->pDrvMedia, aATAPICmd, (PDMMEDIATXDIR)s->uTxDir, pbBuf, &cbCurrTX, abATAPISense, sizeof(abATAPISense), 30000 /**< @todo timeout */);
2126 if (rc != VINF_SUCCESS)
2127 break;
2128 iATAPILBA += cReqSectors;
2129 pbBuf += s->cbATAPISector * cReqSectors;
2130 }
2131
2132 if (RT_SUCCESS(rc))
2133 {
2134 /* Adjust ATAPI command for the next call. */
2135 switch (s->aATAPICmd[0])
2136 {
2137 case SCSI_READ_10:
2138 case SCSI_WRITE_10:
2139 case SCSI_WRITE_AND_VERIFY_10:
2140 ataH2BE_U32(s->aATAPICmd + 2, iATAPILBA);
2141 ataH2BE_U16(s->aATAPICmd + 7, cSectors - cSectorsMax);
2142 break;
2143 case SCSI_READ_12:
2144 case SCSI_WRITE_12:
2145 ataH2BE_U32(s->aATAPICmd + 2, iATAPILBA);
2146 ataH2BE_U32(s->aATAPICmd + 6, cSectors - cSectorsMax);
2147 break;
2148 case SCSI_READ_CD:
2149 ataH2BE_U32(s->aATAPICmd + 2, iATAPILBA);
2150 ataH2BE_U24(s->aATAPICmd + 6, cSectors - cSectorsMax);
2151 break;
2152 case SCSI_READ_CD_MSF:
2153 ataLBA2MSF(s->aATAPICmd + 3, iATAPILBA);
2154 ataLBA2MSF(s->aATAPICmd + 6, iATAPILBA + cSectors - cSectorsMax);
2155 break;
2156 default:
2157 AssertMsgFailed(("Don't know how to split command %#04x\n", s->aATAPICmd[0]));
2158 if (s->cErrors++ < MAX_LOG_REL_ERRORS)
2159 LogRel(("PIIX3 ATA: LUN#%d: CD-ROM passthrough split error\n", s->iLUN));
2160 atapiR3CmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_ILLEGAL_OPCODE);
2161 return false;
2162 }
2163 }
2164 }
2165 else
2166 rc = s->pDrvMedia->pfnSendCmd(s->pDrvMedia, s->aATAPICmd, (PDMMEDIATXDIR)s->uTxDir, s->CTX_SUFF(pbIOBuffer), &cbTransfer, abATAPISense, sizeof(abATAPISense), 30000 /**< @todo timeout */);
2167 if (pProf) { STAM_PROFILE_ADV_STOP(pProf, b); }
2168
2169 STAM_PROFILE_START(&pCtl->StatLockWait, a);
2170 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
2171 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
2172
2173 /* Update the LEDs and the read/write statistics. */
2174 if (cbTransfer >= 2048)
2175 {
2176 if (s->uTxDir != PDMMEDIATXDIR_TO_DEVICE)
2177 {
2178 s->Led.Actual.s.fReading = 0;
2179 STAM_REL_COUNTER_ADD(&s->StatBytesRead, cbTransfer);
2180 }
2181 else
2182 {
2183 s->Led.Actual.s.fWriting = 0;
2184 STAM_REL_COUNTER_ADD(&s->StatBytesWritten, cbTransfer);
2185 }
2186 }
2187
2188 if (RT_SUCCESS(rc))
2189 {
2190 /* Do post processing for certain commands. */
2191 switch (s->aATAPICmd[0])
2192 {
2193 case SCSI_SEND_CUE_SHEET:
2194 case SCSI_READ_TOC_PMA_ATIP:
2195 {
2196 if (!s->pTrackList)
2197 rc = ATAPIPassthroughTrackListCreateEmpty(&s->pTrackList);
2198
2199 if (RT_SUCCESS(rc))
2200 rc = ATAPIPassthroughTrackListUpdate(s->pTrackList, s->aATAPICmd, s->CTX_SUFF(pbIOBuffer));
2201
2202 if ( RT_FAILURE(rc)
2203 && s->cErrors++ < MAX_LOG_REL_ERRORS)
2204 LogRel(("ATA: Error (%Rrc) while updating the tracklist during %s, burning the disc might fail\n",
2205 rc, s->aATAPICmd[0] == SCSI_SEND_CUE_SHEET ? "SEND CUE SHEET" : "READ TOC/PMA/ATIP"));
2206 break;
2207 }
2208 case SCSI_SYNCHRONIZE_CACHE:
2209 {
2210 if (s->pTrackList)
2211 ATAPIPassthroughTrackListClear(s->pTrackList);
2212 break;
2213 }
2214 }
2215
2216 if (s->uTxDir == PDMMEDIATXDIR_FROM_DEVICE)
2217 {
2218 Assert(cbTransfer <= s->cbAtapiPassthroughTransfer);
2219 /*
2220 * Reply with the same amount of data as the real drive
2221 * but only if the command wasn't split.
2222 */
2223# if 0 /// @todo This destroys commands where cbTotalTransfer > cbIOBuffer
2224 if (s->cbElementaryTransfer < s->cbIOBuffer)
2225 s->cbTotalTransfer = cbTransfer;
2226# endif
2227
2228 if ( s->aATAPICmd[0] == SCSI_INQUIRY
2229 && s->fOverwriteInquiry)
2230 {
2231 /* Make sure that the real drive cannot be identified.
2232 * Motivation: changing the VM configuration should be as
2233 * invisible as possible to the guest. */
2234 Log3(("ATAPI PT inquiry data before (%d): %.*Rhxs\n", cbTransfer, cbTransfer, s->CTX_SUFF(pbIOBuffer)));
2235 ataR3SCSIPadStr(s->CTX_SUFF(pbIOBuffer) + 8, "VBOX", 8);
2236 ataR3SCSIPadStr(s->CTX_SUFF(pbIOBuffer) + 16, "CD-ROM", 16);
2237 ataR3SCSIPadStr(s->CTX_SUFF(pbIOBuffer) + 32, "1.0", 4);
2238 }
2239
2240 if (cbTransfer)
2241 Log3(("ATAPI PT data read (%d): %.*Rhxs\n", cbTransfer, cbTransfer, s->CTX_SUFF(pbIOBuffer)));
2242 }
2243
2244 /* The initial buffer end value has been set up based on the total
2245 * transfer size. But the I/O buffer size limits what can actually be
2246 * done in one transfer, so set the actual value of the buffer end. */
2247 s->cbElementaryTransfer = cbTransfer;
2248 if (cbTransfer >= s->cbAtapiPassthroughTransfer)
2249 {
2250 s->iSourceSink = ATAFN_SS_NULL;
2251 atapiR3CmdOK(s);
2252 }
2253 }
2254 else
2255 {
2256 if (s->cErrors < MAX_LOG_REL_ERRORS)
2257 {
2258 uint8_t u8Cmd = s->aATAPICmd[0];
2259 do
2260 {
2261 /* don't log superfluous errors */
2262 if ( rc == VERR_DEV_IO_ERROR
2263 && ( u8Cmd == SCSI_TEST_UNIT_READY
2264 || u8Cmd == SCSI_READ_CAPACITY
2265 || u8Cmd == SCSI_READ_DVD_STRUCTURE
2266 || u8Cmd == SCSI_READ_TOC_PMA_ATIP))
2267 break;
2268 s->cErrors++;
2269 LogRel(("PIIX3 ATA: LUN#%d: CD-ROM passthrough cmd=%#04x sense=%d ASC=%#02x ASCQ=%#02x %Rrc\n",
2270 s->iLUN, u8Cmd, abATAPISense[2] & 0x0f, abATAPISense[12], abATAPISense[13], rc));
2271 } while (0);
2272 }
2273 atapiR3CmdError(s, abATAPISense, sizeof(abATAPISense));
2274 }
2275 return false;
2276}
2277
2278/** @todo Revise ASAP. */
2279static bool atapiR3ReadDVDStructureSS(ATADevState *s)
2280{
2281 uint8_t *buf = s->CTX_SUFF(pbIOBuffer);
2282 int media = s->aATAPICmd[1];
2283 int format = s->aATAPICmd[7];
2284
2285 uint16_t max_len = ataBE2H_U16(&s->aATAPICmd[8]);
2286
2287 memset(buf, 0, max_len);
2288
2289 switch (format) {
2290 case 0x00:
2291 case 0x01:
2292 case 0x02:
2293 case 0x03:
2294 case 0x04:
2295 case 0x05:
2296 case 0x06:
2297 case 0x07:
2298 case 0x08:
2299 case 0x09:
2300 case 0x0a:
2301 case 0x0b:
2302 case 0x0c:
2303 case 0x0d:
2304 case 0x0e:
2305 case 0x0f:
2306 case 0x10:
2307 case 0x11:
2308 case 0x30:
2309 case 0x31:
2310 case 0xff:
2311 if (media == 0)
2312 {
2313 int uASC = SCSI_ASC_NONE;
2314
2315 switch (format)
2316 {
2317 case 0x0: /* Physical format information */
2318 {
2319 int layer = s->aATAPICmd[6];
2320 uint64_t total_sectors;
2321
2322 if (layer != 0)
2323 {
2324 uASC = -SCSI_ASC_INV_FIELD_IN_CMD_PACKET;
2325 break;
2326 }
2327
2328 total_sectors = s->cTotalSectors;
2329 total_sectors >>= 2;
2330 if (total_sectors == 0)
2331 {
2332 uASC = -SCSI_ASC_MEDIUM_NOT_PRESENT;
2333 break;
2334 }
2335
2336 buf[4] = 1; /* DVD-ROM, part version 1 */
2337 buf[5] = 0xf; /* 120mm disc, minimum rate unspecified */
2338 buf[6] = 1; /* one layer, read-only (per MMC-2 spec) */
2339 buf[7] = 0; /* default densities */
2340
2341 /* FIXME: 0x30000 per spec? */
2342 ataH2BE_U32(buf + 8, 0); /* start sector */
2343 ataH2BE_U32(buf + 12, total_sectors - 1); /* end sector */
2344 ataH2BE_U32(buf + 16, total_sectors - 1); /* l0 end sector */
2345
2346 /* Size of buffer, not including 2 byte size field */
2347 ataH2BE_U32(&buf[0], 2048 + 2);
2348
2349 /* 2k data + 4 byte header */
2350 uASC = (2048 + 4);
2351 break;
2352 }
2353 case 0x01: /* DVD copyright information */
2354 buf[4] = 0; /* no copyright data */
2355 buf[5] = 0; /* no region restrictions */
2356
2357 /* Size of buffer, not including 2 byte size field */
2358 ataH2BE_U16(buf, 4 + 2);
2359
2360 /* 4 byte header + 4 byte data */
2361 uASC = (4 + 4);
2362 break;
2363
2364 case 0x03: /* BCA information - invalid field for no BCA info */
2365 uASC = -SCSI_ASC_INV_FIELD_IN_CMD_PACKET;
2366 break;
2367
2368 case 0x04: /* DVD disc manufacturing information */
2369 /* Size of buffer, not including 2 byte size field */
2370 ataH2BE_U16(buf, 2048 + 2);
2371
2372 /* 2k data + 4 byte header */
2373 uASC = (2048 + 4);
2374 break;
2375 case 0xff:
2376 /*
2377 * This lists all the command capabilities above. Add new ones
2378 * in order and update the length and buffer return values.
2379 */
2380
2381 buf[4] = 0x00; /* Physical format */
2382 buf[5] = 0x40; /* Not writable, is readable */
2383 ataH2BE_U16((buf + 6), 2048 + 4);
2384
2385 buf[8] = 0x01; /* Copyright info */
2386 buf[9] = 0x40; /* Not writable, is readable */
2387 ataH2BE_U16((buf + 10), 4 + 4);
2388
2389 buf[12] = 0x03; /* BCA info */
2390 buf[13] = 0x40; /* Not writable, is readable */
2391 ataH2BE_U16((buf + 14), 188 + 4);
2392
2393 buf[16] = 0x04; /* Manufacturing info */
2394 buf[17] = 0x40; /* Not writable, is readable */
2395 ataH2BE_U16((buf + 18), 2048 + 4);
2396
2397 /* Size of buffer, not including 2 byte size field */
2398 ataH2BE_U16(buf, 16 + 2);
2399
2400 /* data written + 4 byte header */
2401 uASC = (16 + 4);
2402 break;
2403 default: /** @todo formats beyond DVD-ROM requires */
2404 uASC = -SCSI_ASC_INV_FIELD_IN_CMD_PACKET;
2405 }
2406
2407 if (uASC < 0)
2408 {
2409 s->iSourceSink = ATAFN_SS_NULL;
2410 atapiR3CmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, -uASC);
2411 return false;
2412 }
2413 break;
2414 }
2415 /** @todo BD support, fall through for now */
2416
2417 /* Generic disk structures */
2418 case 0x80: /** @todo AACS volume identifier */
2419 case 0x81: /** @todo AACS media serial number */
2420 case 0x82: /** @todo AACS media identifier */
2421 case 0x83: /** @todo AACS media key block */
2422 case 0x90: /** @todo List of recognized format layers */
2423 case 0xc0: /** @todo Write protection status */
2424 default:
2425 s->iSourceSink = ATAFN_SS_NULL;
2426 atapiR3CmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST,
2427 SCSI_ASC_INV_FIELD_IN_CMD_PACKET);
2428 return false;
2429 }
2430
2431 s->iSourceSink = ATAFN_SS_NULL;
2432 atapiR3CmdOK(s);
2433 return false;
2434}
2435
2436static bool atapiR3ReadSectors(ATADevState *s, uint32_t iATAPILBA, uint32_t cSectors, uint32_t cbSector)
2437{
2438 Assert(cSectors > 0);
2439 s->iATAPILBA = iATAPILBA;
2440 s->cbATAPISector = cbSector;
2441 ataR3StartTransfer(s, cSectors * cbSector, PDMMEDIATXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_READ, true);
2442 return false;
2443}
2444
2445
2446static bool atapiR3ReadCapacitySS(ATADevState *s)
2447{
2448 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2449
2450 Assert(s->uTxDir == PDMMEDIATXDIR_FROM_DEVICE);
2451 Assert(s->cbElementaryTransfer <= 8);
2452 ataH2BE_U32(pbBuf, s->cTotalSectors - 1);
2453 ataH2BE_U32(pbBuf + 4, 2048);
2454 s->iSourceSink = ATAFN_SS_NULL;
2455 atapiR3CmdOK(s);
2456 return false;
2457}
2458
2459
2460static bool atapiR3ReadDiscInformationSS(ATADevState *s)
2461{
2462 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2463
2464 Assert(s->uTxDir == PDMMEDIATXDIR_FROM_DEVICE);
2465 Assert(s->cbElementaryTransfer <= 34);
2466 memset(pbBuf, '\0', 34);
2467 ataH2BE_U16(pbBuf, 32);
2468 pbBuf[2] = (0 << 4) | (3 << 2) | (2 << 0); /* not erasable, complete session, complete disc */
2469 pbBuf[3] = 1; /* number of first track */
2470 pbBuf[4] = 1; /* number of sessions (LSB) */
2471 pbBuf[5] = 1; /* first track number in last session (LSB) */
2472 pbBuf[6] = 1; /* last track number in last session (LSB) */
2473 pbBuf[7] = (0 << 7) | (0 << 6) | (1 << 5) | (0 << 2) | (0 << 0); /* disc id not valid, disc bar code not valid, unrestricted use, not dirty, not RW medium */
2474 pbBuf[8] = 0; /* disc type = CD-ROM */
2475 pbBuf[9] = 0; /* number of sessions (MSB) */
2476 pbBuf[10] = 0; /* number of sessions (MSB) */
2477 pbBuf[11] = 0; /* number of sessions (MSB) */
2478 ataH2BE_U32(pbBuf + 16, 0x00ffffff); /* last session lead-in start time is not available */
2479 ataH2BE_U32(pbBuf + 20, 0x00ffffff); /* last possible start time for lead-out is not available */
2480 s->iSourceSink = ATAFN_SS_NULL;
2481 atapiR3CmdOK(s);
2482 return false;
2483}
2484
2485
2486static bool atapiR3ReadTrackInformationSS(ATADevState *s)
2487{
2488 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2489
2490 Assert(s->uTxDir == PDMMEDIATXDIR_FROM_DEVICE);
2491 Assert(s->cbElementaryTransfer <= 36);
2492 /* Accept address/number type of 1 only, and only track 1 exists. */
2493 if ((s->aATAPICmd[1] & 0x03) != 1 || ataBE2H_U32(&s->aATAPICmd[2]) != 1)
2494 {
2495 atapiR3CmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_INV_FIELD_IN_CMD_PACKET);
2496 return false;
2497 }
2498 memset(pbBuf, '\0', 36);
2499 ataH2BE_U16(pbBuf, 34);
2500 pbBuf[2] = 1; /* track number (LSB) */
2501 pbBuf[3] = 1; /* session number (LSB) */
2502 pbBuf[5] = (0 << 5) | (0 << 4) | (4 << 0); /* not damaged, primary copy, data track */
2503 pbBuf[6] = (0 << 7) | (0 << 6) | (0 << 5) | (0 << 6) | (1 << 0); /* not reserved track, not blank, not packet writing, not fixed packet, data mode 1 */
2504 pbBuf[7] = (0 << 1) | (0 << 0); /* last recorded address not valid, next recordable address not valid */
2505 ataH2BE_U32(pbBuf + 8, 0); /* track start address is 0 */
2506 ataH2BE_U32(pbBuf + 24, s->cTotalSectors); /* track size */
2507 pbBuf[32] = 0; /* track number (MSB) */
2508 pbBuf[33] = 0; /* session number (MSB) */
2509 s->iSourceSink = ATAFN_SS_NULL;
2510 atapiR3CmdOK(s);
2511 return false;
2512}
2513
2514static uint32_t atapiR3GetConfigurationFillFeatureListProfiles(ATADevState *s, uint8_t *pbBuf, size_t cbBuf)
2515{
2516 RT_NOREF1(s);
2517 if (cbBuf < 3*4)
2518 return 0;
2519
2520 ataH2BE_U16(pbBuf, 0x0); /* feature 0: list of profiles supported */
2521 pbBuf[2] = (0 << 2) | (1 << 1) | (1 << 0); /* version 0, persistent, current */
2522 pbBuf[3] = 8; /* additional bytes for profiles */
2523 /* The MMC-3 spec says that DVD-ROM read capability should be reported
2524 * before CD-ROM read capability. */
2525 ataH2BE_U16(pbBuf + 4, 0x10); /* profile: read-only DVD */
2526 pbBuf[6] = (0 << 0); /* NOT current profile */
2527 ataH2BE_U16(pbBuf + 8, 0x08); /* profile: read only CD */
2528 pbBuf[10] = (1 << 0); /* current profile */
2529
2530 return 3*4; /* Header + 2 profiles entries */
2531}
2532
2533static uint32_t atapiR3GetConfigurationFillFeatureCore(ATADevState *s, uint8_t *pbBuf, size_t cbBuf)
2534{
2535 RT_NOREF1(s);
2536 if (cbBuf < 12)
2537 return 0;
2538
2539 ataH2BE_U16(pbBuf, 0x1); /* feature 0001h: Core Feature */
2540 pbBuf[2] = (0x2 << 2) | RT_BIT(1) | RT_BIT(0); /* Version | Persistent | Current */
2541 pbBuf[3] = 8; /* Additional length */
2542 ataH2BE_U16(pbBuf + 4, 0x00000002); /* Physical interface ATAPI. */
2543 pbBuf[8] = RT_BIT(0); /* DBE */
2544 /* Rest is reserved. */
2545
2546 return 12;
2547}
2548
2549static uint32_t atapiR3GetConfigurationFillFeatureMorphing(ATADevState *s, uint8_t *pbBuf, size_t cbBuf)
2550{
2551 RT_NOREF1(s);
2552 if (cbBuf < 8)
2553 return 0;
2554
2555 ataH2BE_U16(pbBuf, 0x2); /* feature 0002h: Morphing Feature */
2556 pbBuf[2] = (0x1 << 2) | RT_BIT(1) | RT_BIT(0); /* Version | Persistent | Current */
2557 pbBuf[3] = 4; /* Additional length */
2558 pbBuf[4] = RT_BIT(1) | 0x0; /* OCEvent | !ASYNC */
2559 /* Rest is reserved. */
2560
2561 return 8;
2562}
2563
2564static uint32_t atapiR3GetConfigurationFillFeatureRemovableMedium(ATADevState *s, uint8_t *pbBuf, size_t cbBuf)
2565{
2566 RT_NOREF1(s);
2567 if (cbBuf < 8)
2568 return 0;
2569
2570 ataH2BE_U16(pbBuf, 0x3); /* feature 0003h: Removable Medium Feature */
2571 pbBuf[2] = (0x2 << 2) | RT_BIT(1) | RT_BIT(0); /* Version | Persistent | Current */
2572 pbBuf[3] = 4; /* Additional length */
2573 /* Tray type loading | Load | Eject | !Pvnt Jmpr | !DBML | Lock */
2574 pbBuf[4] = (0x2 << 5) | RT_BIT(4) | RT_BIT(3) | (0x0 << 2) | (0x0 << 1) | RT_BIT(0);
2575 /* Rest is reserved. */
2576
2577 return 8;
2578}
2579
2580static uint32_t atapiR3GetConfigurationFillFeatureRandomReadable (ATADevState *s, uint8_t *pbBuf, size_t cbBuf)
2581{
2582 RT_NOREF1(s);
2583 if (cbBuf < 12)
2584 return 0;
2585
2586 ataH2BE_U16(pbBuf, 0x10); /* feature 0010h: Random Readable Feature */
2587 pbBuf[2] = (0x0 << 2) | RT_BIT(1) | RT_BIT(0); /* Version | Persistent | Current */
2588 pbBuf[3] = 8; /* Additional length */
2589 ataH2BE_U32(pbBuf + 4, 2048); /* Logical block size. */
2590 ataH2BE_U16(pbBuf + 8, 0x10); /* Blocking (0x10 for DVD, CD is not defined). */
2591 pbBuf[10] = 0; /* PP not present */
2592 /* Rest is reserved. */
2593
2594 return 12;
2595}
2596
2597static uint32_t atapiR3GetConfigurationFillFeatureCDRead(ATADevState *s, uint8_t *pbBuf, size_t cbBuf)
2598{
2599 RT_NOREF1(s);
2600 if (cbBuf < 8)
2601 return 0;
2602
2603 ataH2BE_U16(pbBuf, 0x1e); /* feature 001Eh: CD Read Feature */
2604 pbBuf[2] = (0x2 << 2) | RT_BIT(1) | RT_BIT(0); /* Version | Persistent | Current */
2605 pbBuf[3] = 0; /* Additional length */
2606 pbBuf[4] = (0x0 << 7) | (0x0 << 1) | 0x0; /* !DAP | !C2-Flags | !CD-Text. */
2607 /* Rest is reserved. */
2608
2609 return 8;
2610}
2611
2612static uint32_t atapiR3GetConfigurationFillFeaturePowerManagement(ATADevState *s, uint8_t *pbBuf, size_t cbBuf)
2613{
2614 RT_NOREF1(s);
2615 if (cbBuf < 4)
2616 return 0;
2617
2618 ataH2BE_U16(pbBuf, 0x100); /* feature 0100h: Power Management Feature */
2619 pbBuf[2] = (0x0 << 2) | RT_BIT(1) | RT_BIT(0); /* Version | Persistent | Current */
2620 pbBuf[3] = 0; /* Additional length */
2621
2622 return 4;
2623}
2624
2625static uint32_t atapiR3GetConfigurationFillFeatureTimeout(ATADevState *s, uint8_t *pbBuf, size_t cbBuf)
2626{
2627 RT_NOREF1(s);
2628 if (cbBuf < 8)
2629 return 0;
2630
2631 ataH2BE_U16(pbBuf, 0x105); /* feature 0105h: Timeout Feature */
2632 pbBuf[2] = (0x0 << 2) | RT_BIT(1) | RT_BIT(0); /* Version | Persistent | Current */
2633 pbBuf[3] = 4; /* Additional length */
2634 pbBuf[4] = 0x0; /* !Group3 */
2635
2636 return 8;
2637}
2638
2639static bool atapiR3GetConfigurationSS(ATADevState *s)
2640{
2641 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2642 uint32_t cbBuf = s->cbIOBuffer;
2643 uint32_t cbCopied = 0;
2644 uint16_t u16Sfn = ataBE2H_U16(&s->aATAPICmd[2]);
2645
2646 Assert(s->uTxDir == PDMMEDIATXDIR_FROM_DEVICE);
2647 Assert(s->cbElementaryTransfer <= 80);
2648 /* Accept valid request types only, and only starting feature 0. */
2649 if ((s->aATAPICmd[1] & 0x03) == 3 || u16Sfn != 0)
2650 {
2651 atapiR3CmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_INV_FIELD_IN_CMD_PACKET);
2652 return false;
2653 }
2654 memset(pbBuf, '\0', cbBuf);
2655 /** @todo implement switching between CD-ROM and DVD-ROM profile (the only
2656 * way to differentiate them right now is based on the image size). */
2657 if (s->cTotalSectors)
2658 ataH2BE_U16(pbBuf + 6, 0x08); /* current profile: read-only CD */
2659 else
2660 ataH2BE_U16(pbBuf + 6, 0x00); /* current profile: none -> no media */
2661 cbBuf -= 8;
2662 pbBuf += 8;
2663
2664 cbCopied = atapiR3GetConfigurationFillFeatureListProfiles(s, pbBuf, cbBuf);
2665 cbBuf -= cbCopied;
2666 pbBuf += cbCopied;
2667
2668 cbCopied = atapiR3GetConfigurationFillFeatureCore(s, pbBuf, cbBuf);
2669 cbBuf -= cbCopied;
2670 pbBuf += cbCopied;
2671
2672 cbCopied = atapiR3GetConfigurationFillFeatureMorphing(s, pbBuf, cbBuf);
2673 cbBuf -= cbCopied;
2674 pbBuf += cbCopied;
2675
2676 cbCopied = atapiR3GetConfigurationFillFeatureRemovableMedium(s, pbBuf, cbBuf);
2677 cbBuf -= cbCopied;
2678 pbBuf += cbCopied;
2679
2680 cbCopied = atapiR3GetConfigurationFillFeatureRandomReadable (s, pbBuf, cbBuf);
2681 cbBuf -= cbCopied;
2682 pbBuf += cbCopied;
2683
2684 cbCopied = atapiR3GetConfigurationFillFeatureCDRead(s, pbBuf, cbBuf);
2685 cbBuf -= cbCopied;
2686 pbBuf += cbCopied;
2687
2688 cbCopied = atapiR3GetConfigurationFillFeaturePowerManagement(s, pbBuf, cbBuf);
2689 cbBuf -= cbCopied;
2690 pbBuf += cbCopied;
2691
2692 cbCopied = atapiR3GetConfigurationFillFeatureTimeout(s, pbBuf, cbBuf);
2693 cbBuf -= cbCopied;
2694 pbBuf += cbCopied;
2695
2696 /* Set data length now - the field is not included in the final length. */
2697 ataH2BE_U32(s->CTX_SUFF(pbIOBuffer), s->cbIOBuffer - cbBuf - 4);
2698
2699 /* Other profiles we might want to add in the future: 0x40 (BD-ROM) and 0x50 (HDDVD-ROM) */
2700 s->iSourceSink = ATAFN_SS_NULL;
2701 atapiR3CmdOK(s);
2702 return false;
2703}
2704
2705
2706static bool atapiR3GetEventStatusNotificationSS(ATADevState *s)
2707{
2708 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2709
2710 Assert(s->uTxDir == PDMMEDIATXDIR_FROM_DEVICE);
2711 Assert(s->cbElementaryTransfer <= 8);
2712
2713 if (!(s->aATAPICmd[1] & 1))
2714 {
2715 /* no asynchronous operation supported */
2716 atapiR3CmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_INV_FIELD_IN_CMD_PACKET);
2717 return false;
2718 }
2719
2720 uint32_t OldStatus, NewStatus;
2721 do
2722 {
2723 OldStatus = ASMAtomicReadU32(&s->MediaEventStatus);
2724 NewStatus = ATA_EVENT_STATUS_UNCHANGED;
2725 switch (OldStatus)
2726 {
2727 case ATA_EVENT_STATUS_MEDIA_NEW:
2728 /* mount */
2729 ataH2BE_U16(pbBuf + 0, 6);
2730 pbBuf[2] = 0x04; /* media */
2731 pbBuf[3] = 0x5e; /* supported = busy|media|external|power|operational */
2732 pbBuf[4] = 0x02; /* new medium */
2733 pbBuf[5] = 0x02; /* medium present / door closed */
2734 pbBuf[6] = 0x00;
2735 pbBuf[7] = 0x00;
2736 break;
2737
2738 case ATA_EVENT_STATUS_MEDIA_CHANGED:
2739 case ATA_EVENT_STATUS_MEDIA_REMOVED:
2740 /* umount */
2741 ataH2BE_U16(pbBuf + 0, 6);
2742 pbBuf[2] = 0x04; /* media */
2743 pbBuf[3] = 0x5e; /* supported = busy|media|external|power|operational */
2744 pbBuf[4] = 0x03; /* media removal */
2745 pbBuf[5] = 0x00; /* medium absent / door closed */
2746 pbBuf[6] = 0x00;
2747 pbBuf[7] = 0x00;
2748 if (OldStatus == ATA_EVENT_STATUS_MEDIA_CHANGED)
2749 NewStatus = ATA_EVENT_STATUS_MEDIA_NEW;
2750 break;
2751
2752 case ATA_EVENT_STATUS_MEDIA_EJECT_REQUESTED: /* currently unused */
2753 ataH2BE_U16(pbBuf + 0, 6);
2754 pbBuf[2] = 0x04; /* media */
2755 pbBuf[3] = 0x5e; /* supported = busy|media|external|power|operational */
2756 pbBuf[4] = 0x01; /* eject requested (eject button pressed) */
2757 pbBuf[5] = 0x02; /* medium present / door closed */
2758 pbBuf[6] = 0x00;
2759 pbBuf[7] = 0x00;
2760 break;
2761
2762 case ATA_EVENT_STATUS_UNCHANGED:
2763 default:
2764 ataH2BE_U16(pbBuf + 0, 6);
2765 pbBuf[2] = 0x01; /* operational change request / notification */
2766 pbBuf[3] = 0x5e; /* supported = busy|media|external|power|operational */
2767 pbBuf[4] = 0x00;
2768 pbBuf[5] = 0x00;
2769 pbBuf[6] = 0x00;
2770 pbBuf[7] = 0x00;
2771 break;
2772 }
2773 } while (!ASMAtomicCmpXchgU32(&s->MediaEventStatus, NewStatus, OldStatus));
2774
2775 s->iSourceSink = ATAFN_SS_NULL;
2776 atapiR3CmdOK(s);
2777 return false;
2778}
2779
2780
2781static bool atapiR3InquirySS(ATADevState *s)
2782{
2783 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2784
2785 Assert(s->uTxDir == PDMMEDIATXDIR_FROM_DEVICE);
2786 Assert(s->cbElementaryTransfer <= 36);
2787 pbBuf[0] = 0x05; /* CD-ROM */
2788 pbBuf[1] = 0x80; /* removable */
2789# if 1/*ndef VBOX*/ /** @todo implement MESN + AENC. (async notification on removal and stuff.) */
2790 pbBuf[2] = 0x00; /* ISO */
2791 pbBuf[3] = 0x21; /* ATAPI-2 (XXX: put ATAPI-4 ?) */
2792# else
2793 pbBuf[2] = 0x00; /* ISO */
2794 pbBuf[3] = 0x91; /* format 1, MESN=1, AENC=9 ??? */
2795# endif
2796 pbBuf[4] = 31; /* additional length */
2797 pbBuf[5] = 0; /* reserved */
2798 pbBuf[6] = 0; /* reserved */
2799 pbBuf[7] = 0; /* reserved */
2800 ataR3SCSIPadStr(pbBuf + 8, s->szInquiryVendorId, 8);
2801 ataR3SCSIPadStr(pbBuf + 16, s->szInquiryProductId, 16);
2802 ataR3SCSIPadStr(pbBuf + 32, s->szInquiryRevision, 4);
2803 s->iSourceSink = ATAFN_SS_NULL;
2804 atapiR3CmdOK(s);
2805 return false;
2806}
2807
2808
2809static bool atapiR3ModeSenseErrorRecoverySS(ATADevState *s)
2810{
2811 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2812
2813 Assert(s->uTxDir == PDMMEDIATXDIR_FROM_DEVICE);
2814 Assert(s->cbElementaryTransfer <= 16);
2815 ataH2BE_U16(&pbBuf[0], 16 + 6);
2816 pbBuf[2] = (uint8_t)s->MediaTrackType;
2817 pbBuf[3] = 0;
2818 pbBuf[4] = 0;
2819 pbBuf[5] = 0;
2820 pbBuf[6] = 0;
2821 pbBuf[7] = 0;
2822
2823 pbBuf[8] = 0x01;
2824 pbBuf[9] = 0x06;
2825 pbBuf[10] = 0x00; /* Maximum error recovery */
2826 pbBuf[11] = 0x05; /* 5 retries */
2827 pbBuf[12] = 0x00;
2828 pbBuf[13] = 0x00;
2829 pbBuf[14] = 0x00;
2830 pbBuf[15] = 0x00;
2831 s->iSourceSink = ATAFN_SS_NULL;
2832 atapiR3CmdOK(s);
2833 return false;
2834}
2835
2836
2837static bool atapiR3ModeSenseCDStatusSS(ATADevState *s)
2838{
2839 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2840
2841 Assert(s->uTxDir == PDMMEDIATXDIR_FROM_DEVICE);
2842 Assert(s->cbElementaryTransfer <= 40);
2843 ataH2BE_U16(&pbBuf[0], 38);
2844 pbBuf[2] = (uint8_t)s->MediaTrackType;
2845 pbBuf[3] = 0;
2846 pbBuf[4] = 0;
2847 pbBuf[5] = 0;
2848 pbBuf[6] = 0;
2849 pbBuf[7] = 0;
2850
2851 pbBuf[8] = 0x2a;
2852 pbBuf[9] = 30; /* page length */
2853 pbBuf[10] = 0x08; /* DVD-ROM read support */
2854 pbBuf[11] = 0x00; /* no write support */
2855 /* The following claims we support audio play. This is obviously false,
2856 * but the Linux generic CDROM support makes many features depend on this
2857 * capability. If it's not set, this causes many things to be disabled. */
2858 pbBuf[12] = 0x71; /* multisession support, mode 2 form 1/2 support, audio play */
2859 pbBuf[13] = 0x00; /* no subchannel reads supported */
2860 pbBuf[14] = (1 << 0) | (1 << 3) | (1 << 5); /* lock supported, eject supported, tray type loading mechanism */
2861 if (s->pDrvMount->pfnIsLocked(s->pDrvMount))
2862 pbBuf[14] |= 1 << 1; /* report lock state */
2863 pbBuf[15] = 0; /* no subchannel reads supported, no separate audio volume control, no changer etc. */
2864 ataH2BE_U16(&pbBuf[16], 5632); /* (obsolete) claim 32x speed support */
2865 ataH2BE_U16(&pbBuf[18], 2); /* number of audio volume levels */
2866 ataH2BE_U16(&pbBuf[20], s->cbIOBuffer / _1K); /* buffer size supported in Kbyte */
2867 ataH2BE_U16(&pbBuf[22], 5632); /* (obsolete) current read speed 32x */
2868 pbBuf[24] = 0; /* reserved */
2869 pbBuf[25] = 0; /* reserved for digital audio (see idx 15) */
2870 ataH2BE_U16(&pbBuf[26], 0); /* (obsolete) maximum write speed */
2871 ataH2BE_U16(&pbBuf[28], 0); /* (obsolete) current write speed */
2872 ataH2BE_U16(&pbBuf[30], 0); /* copy management revision supported 0=no CSS */
2873 pbBuf[32] = 0; /* reserved */
2874 pbBuf[33] = 0; /* reserved */
2875 pbBuf[34] = 0; /* reserved */
2876 pbBuf[35] = 1; /* rotation control CAV */
2877 ataH2BE_U16(&pbBuf[36], 0); /* current write speed */
2878 ataH2BE_U16(&pbBuf[38], 0); /* number of write speed performance descriptors */
2879 s->iSourceSink = ATAFN_SS_NULL;
2880 atapiR3CmdOK(s);
2881 return false;
2882}
2883
2884
2885static bool atapiR3RequestSenseSS(ATADevState *s)
2886{
2887 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2888
2889 Assert(s->uTxDir == PDMMEDIATXDIR_FROM_DEVICE);
2890 memset(pbBuf, '\0', s->cbElementaryTransfer);
2891 memcpy(pbBuf, s->abATAPISense, RT_MIN(s->cbElementaryTransfer, sizeof(s->abATAPISense)));
2892 s->iSourceSink = ATAFN_SS_NULL;
2893 atapiR3CmdOK(s);
2894 return false;
2895}
2896
2897
2898static bool atapiR3MechanismStatusSS(ATADevState *s)
2899{
2900 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2901
2902 Assert(s->uTxDir == PDMMEDIATXDIR_FROM_DEVICE);
2903 Assert(s->cbElementaryTransfer <= 8);
2904 ataH2BE_U16(pbBuf, 0);
2905 /* no current LBA */
2906 pbBuf[2] = 0;
2907 pbBuf[3] = 0;
2908 pbBuf[4] = 0;
2909 pbBuf[5] = 1;
2910 ataH2BE_U16(pbBuf + 6, 0);
2911 s->iSourceSink = ATAFN_SS_NULL;
2912 atapiR3CmdOK(s);
2913 return false;
2914}
2915
2916
2917static bool atapiR3ReadTOCNormalSS(ATADevState *s)
2918{
2919 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer), *q, iStartTrack;
2920 bool fMSF;
2921 uint32_t cbSize;
2922
2923 Assert(s->uTxDir == PDMMEDIATXDIR_FROM_DEVICE);
2924 fMSF = (s->aATAPICmd[1] >> 1) & 1;
2925 iStartTrack = s->aATAPICmd[6];
2926 if (iStartTrack > 1 && iStartTrack != 0xaa)
2927 {
2928 atapiR3CmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_INV_FIELD_IN_CMD_PACKET);
2929 return false;
2930 }
2931 q = pbBuf + 2;
2932 *q++ = 1; /* first session */
2933 *q++ = 1; /* last session */
2934 if (iStartTrack <= 1)
2935 {
2936 *q++ = 0; /* reserved */
2937 *q++ = 0x14; /* ADR, control */
2938 *q++ = 1; /* track number */
2939 *q++ = 0; /* reserved */
2940 if (fMSF)
2941 {
2942 *q++ = 0; /* reserved */
2943 ataLBA2MSF(q, 0);
2944 q += 3;
2945 }
2946 else
2947 {
2948 /* sector 0 */
2949 ataH2BE_U32(q, 0);
2950 q += 4;
2951 }
2952 }
2953 /* lead out track */
2954 *q++ = 0; /* reserved */
2955 *q++ = 0x14; /* ADR, control */
2956 *q++ = 0xaa; /* track number */
2957 *q++ = 0; /* reserved */
2958 if (fMSF)
2959 {
2960 *q++ = 0; /* reserved */
2961 ataLBA2MSF(q, s->cTotalSectors);
2962 q += 3;
2963 }
2964 else
2965 {
2966 ataH2BE_U32(q, s->cTotalSectors);
2967 q += 4;
2968 }
2969 cbSize = q - pbBuf;
2970 ataH2BE_U16(pbBuf, cbSize - 2);
2971 if (cbSize < s->cbTotalTransfer)
2972 s->cbTotalTransfer = cbSize;
2973 s->iSourceSink = ATAFN_SS_NULL;
2974 atapiR3CmdOK(s);
2975 return false;
2976}
2977
2978
2979static bool atapiR3ReadTOCMultiSS(ATADevState *s)
2980{
2981 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2982 bool fMSF;
2983
2984 Assert(s->uTxDir == PDMMEDIATXDIR_FROM_DEVICE);
2985 Assert(s->cbElementaryTransfer <= 12);
2986 fMSF = (s->aATAPICmd[1] >> 1) & 1;
2987 /* multi session: only a single session defined */
2988/** @todo double-check this stuff against what a real drive says for a CD-ROM (not a CD-R) with only a single data session. Maybe solve the problem with "cdrdao read-toc" not being able to figure out whether numbers are in BCD or hex. */
2989 memset(pbBuf, 0, 12);
2990 pbBuf[1] = 0x0a;
2991 pbBuf[2] = 0x01;
2992 pbBuf[3] = 0x01;
2993 pbBuf[5] = 0x14; /* ADR, control */
2994 pbBuf[6] = 1; /* first track in last complete session */
2995 if (fMSF)
2996 {
2997 pbBuf[8] = 0; /* reserved */
2998 ataLBA2MSF(&pbBuf[9], 0);
2999 }
3000 else
3001 {
3002 /* sector 0 */
3003 ataH2BE_U32(pbBuf + 8, 0);
3004 }
3005 s->iSourceSink = ATAFN_SS_NULL;
3006 atapiR3CmdOK(s);
3007 return false;
3008}
3009
3010
3011static bool atapiR3ReadTOCRawSS(ATADevState *s)
3012{
3013 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer), *q, iStartTrack;
3014 bool fMSF;
3015 uint32_t cbSize;
3016
3017 Assert(s->uTxDir == PDMMEDIATXDIR_FROM_DEVICE);
3018 fMSF = (s->aATAPICmd[1] >> 1) & 1;
3019 iStartTrack = s->aATAPICmd[6];
3020
3021 q = pbBuf + 2;
3022 *q++ = 1; /* first session */
3023 *q++ = 1; /* last session */
3024
3025 *q++ = 1; /* session number */
3026 *q++ = 0x14; /* data track */
3027 *q++ = 0; /* track number */
3028 *q++ = 0xa0; /* first track in program area */
3029 *q++ = 0; /* min */
3030 *q++ = 0; /* sec */
3031 *q++ = 0; /* frame */
3032 *q++ = 0;
3033 *q++ = 1; /* first track */
3034 *q++ = 0x00; /* disk type CD-DA or CD data */
3035 *q++ = 0;
3036
3037 *q++ = 1; /* session number */
3038 *q++ = 0x14; /* data track */
3039 *q++ = 0; /* track number */
3040 *q++ = 0xa1; /* last track in program area */
3041 *q++ = 0; /* min */
3042 *q++ = 0; /* sec */
3043 *q++ = 0; /* frame */
3044 *q++ = 0;
3045 *q++ = 1; /* last track */
3046 *q++ = 0;
3047 *q++ = 0;
3048
3049 *q++ = 1; /* session number */
3050 *q++ = 0x14; /* data track */
3051 *q++ = 0; /* track number */
3052 *q++ = 0xa2; /* lead-out */
3053 *q++ = 0; /* min */
3054 *q++ = 0; /* sec */
3055 *q++ = 0; /* frame */
3056 if (fMSF)
3057 {
3058 *q++ = 0; /* reserved */
3059 ataLBA2MSF(q, s->cTotalSectors);
3060 q += 3;
3061 }
3062 else
3063 {
3064 ataH2BE_U32(q, s->cTotalSectors);
3065 q += 4;
3066 }
3067
3068 *q++ = 1; /* session number */
3069 *q++ = 0x14; /* ADR, control */
3070 *q++ = 0; /* track number */
3071 *q++ = 1; /* point */
3072 *q++ = 0; /* min */
3073 *q++ = 0; /* sec */
3074 *q++ = 0; /* frame */
3075 if (fMSF)
3076 {
3077 *q++ = 0; /* reserved */
3078 ataLBA2MSF(q, 0);
3079 q += 3;
3080 }
3081 else
3082 {
3083 /* sector 0 */
3084 ataH2BE_U32(q, 0);
3085 q += 4;
3086 }
3087
3088 cbSize = q - pbBuf;
3089 ataH2BE_U16(pbBuf, cbSize - 2);
3090 if (cbSize < s->cbTotalTransfer)
3091 s->cbTotalTransfer = cbSize;
3092 s->iSourceSink = ATAFN_SS_NULL;
3093 atapiR3CmdOK(s);
3094 return false;
3095}
3096
3097
3098static void atapiR3ParseCmdVirtualATAPI(ATADevState *s)
3099{
3100 const uint8_t *pbPacket;
3101 uint8_t *pbBuf;
3102 uint32_t cbMax;
3103
3104 pbPacket = s->aATAPICmd;
3105 pbBuf = s->CTX_SUFF(pbIOBuffer);
3106 switch (pbPacket[0])
3107 {
3108 case SCSI_TEST_UNIT_READY:
3109 if (s->cNotifiedMediaChange > 0)
3110 {
3111 if (s->cNotifiedMediaChange-- > 2)
3112 atapiR3CmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIUM_NOT_PRESENT);
3113 else
3114 atapiR3CmdErrorSimple(s, SCSI_SENSE_UNIT_ATTENTION, SCSI_ASC_MEDIUM_MAY_HAVE_CHANGED); /* media changed */
3115 }
3116 else if (s->pDrvMount->pfnIsMounted(s->pDrvMount))
3117 atapiR3CmdOK(s);
3118 else
3119 atapiR3CmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIUM_NOT_PRESENT);
3120 break;
3121 case SCSI_GET_EVENT_STATUS_NOTIFICATION:
3122 cbMax = ataBE2H_U16(pbPacket + 7);
3123 ataR3StartTransfer(s, RT_MIN(cbMax, 8), PDMMEDIATXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_GET_EVENT_STATUS_NOTIFICATION, true);
3124 break;
3125 case SCSI_MODE_SENSE_10:
3126 {
3127 uint8_t uPageControl, uPageCode;
3128 cbMax = ataBE2H_U16(pbPacket + 7);
3129 uPageControl = pbPacket[2] >> 6;
3130 uPageCode = pbPacket[2] & 0x3f;
3131 switch (uPageControl)
3132 {
3133 case SCSI_PAGECONTROL_CURRENT:
3134 switch (uPageCode)
3135 {
3136 case SCSI_MODEPAGE_ERROR_RECOVERY:
3137 ataR3StartTransfer(s, RT_MIN(cbMax, 16), PDMMEDIATXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_MODE_SENSE_ERROR_RECOVERY, true);
3138 break;
3139 case SCSI_MODEPAGE_CD_STATUS:
3140 ataR3StartTransfer(s, RT_MIN(cbMax, 40), PDMMEDIATXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_MODE_SENSE_CD_STATUS, true);
3141 break;
3142 default:
3143 goto error_cmd;
3144 }
3145 break;
3146 case SCSI_PAGECONTROL_CHANGEABLE:
3147 goto error_cmd;
3148 case SCSI_PAGECONTROL_DEFAULT:
3149 goto error_cmd;
3150 default:
3151 case SCSI_PAGECONTROL_SAVED:
3152 atapiR3CmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_SAVING_PARAMETERS_NOT_SUPPORTED);
3153 break;
3154 }
3155 break;
3156 }
3157 case SCSI_REQUEST_SENSE:
3158 cbMax = pbPacket[4];
3159 ataR3StartTransfer(s, RT_MIN(cbMax, 18), PDMMEDIATXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_REQUEST_SENSE, true);
3160 break;
3161 case SCSI_PREVENT_ALLOW_MEDIUM_REMOVAL:
3162 if (s->pDrvMount->pfnIsMounted(s->pDrvMount))
3163 {
3164 if (pbPacket[4] & 1)
3165 s->pDrvMount->pfnLock(s->pDrvMount);
3166 else
3167 s->pDrvMount->pfnUnlock(s->pDrvMount);
3168 atapiR3CmdOK(s);
3169 }
3170 else
3171 atapiR3CmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIUM_NOT_PRESENT);
3172 break;
3173 case SCSI_READ_10:
3174 case SCSI_READ_12:
3175 {
3176 uint32_t cSectors, iATAPILBA;
3177
3178 if (s->cNotifiedMediaChange > 0)
3179 {
3180 s->cNotifiedMediaChange-- ;
3181 atapiR3CmdErrorSimple(s, SCSI_SENSE_UNIT_ATTENTION, SCSI_ASC_MEDIUM_MAY_HAVE_CHANGED); /* media changed */
3182 break;
3183 }
3184 else if (!s->pDrvMount->pfnIsMounted(s->pDrvMount))
3185 {
3186 atapiR3CmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIUM_NOT_PRESENT);
3187 break;
3188 }
3189 if (pbPacket[0] == SCSI_READ_10)
3190 cSectors = ataBE2H_U16(pbPacket + 7);
3191 else
3192 cSectors = ataBE2H_U32(pbPacket + 6);
3193 iATAPILBA = ataBE2H_U32(pbPacket + 2);
3194 if (cSectors == 0)
3195 {
3196 atapiR3CmdOK(s);
3197 break;
3198 }
3199 if ((uint64_t)iATAPILBA + cSectors > s->cTotalSectors)
3200 {
3201 /* Rate limited logging, one log line per second. For
3202 * guests that insist on reading from places outside the
3203 * valid area this often generates too many release log
3204 * entries otherwise. */
3205 static uint64_t uLastLogTS = 0;
3206 if (RTTimeMilliTS() >= uLastLogTS + 1000)
3207 {
3208 LogRel(("PIIX3 ATA: LUN#%d: CD-ROM block number %Ld invalid (READ)\n", s->iLUN, (uint64_t)iATAPILBA + cSectors));
3209 uLastLogTS = RTTimeMilliTS();
3210 }
3211 atapiR3CmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_LOGICAL_BLOCK_OOR);
3212 break;
3213 }
3214 atapiR3ReadSectors(s, iATAPILBA, cSectors, 2048);
3215 break;
3216 }
3217 case SCSI_READ_CD:
3218 {
3219 uint32_t cSectors, iATAPILBA;
3220
3221 if (s->cNotifiedMediaChange > 0)
3222 {
3223 s->cNotifiedMediaChange-- ;
3224 atapiR3CmdErrorSimple(s, SCSI_SENSE_UNIT_ATTENTION, SCSI_ASC_MEDIUM_MAY_HAVE_CHANGED); /* media changed */
3225 break;
3226 }
3227 else if (!s->pDrvMount->pfnIsMounted(s->pDrvMount))
3228 {
3229 atapiR3CmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIUM_NOT_PRESENT);
3230 break;
3231 }
3232 cSectors = (pbPacket[6] << 16) | (pbPacket[7] << 8) | pbPacket[8];
3233 iATAPILBA = ataBE2H_U32(pbPacket + 2);
3234 if (cSectors == 0)
3235 {
3236 atapiR3CmdOK(s);
3237 break;
3238 }
3239 if ((uint64_t)iATAPILBA + cSectors > s->cTotalSectors)
3240 {
3241 /* Rate limited logging, one log line per second. For
3242 * guests that insist on reading from places outside the
3243 * valid area this often generates too many release log
3244 * entries otherwise. */
3245 static uint64_t uLastLogTS = 0;
3246 if (RTTimeMilliTS() >= uLastLogTS + 1000)
3247 {
3248 LogRel(("PIIX3 ATA: LUN#%d: CD-ROM block number %Ld invalid (READ CD)\n", s->iLUN, (uint64_t)iATAPILBA + cSectors));
3249 uLastLogTS = RTTimeMilliTS();
3250 }
3251 atapiR3CmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_LOGICAL_BLOCK_OOR);
3252 break;
3253 }
3254 switch (pbPacket[9] & 0xf8)
3255 {
3256 case 0x00:
3257 /* nothing */
3258 atapiR3CmdOK(s);
3259 break;
3260 case 0x10:
3261 /* normal read */
3262 atapiR3ReadSectors(s, iATAPILBA, cSectors, 2048);
3263 break;
3264 case 0xf8:
3265 /* read all data */
3266 atapiR3ReadSectors(s, iATAPILBA, cSectors, 2352);
3267 break;
3268 default:
3269 LogRel(("PIIX3 ATA: LUN#%d: CD-ROM sector format not supported (%#x)\n", s->iLUN, pbPacket[9] & 0xf8));
3270 atapiR3CmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_INV_FIELD_IN_CMD_PACKET);
3271 break;
3272 }
3273 break;
3274 }
3275 case SCSI_SEEK_10:
3276 {
3277 uint32_t iATAPILBA;
3278 if (s->cNotifiedMediaChange > 0)
3279 {
3280 s->cNotifiedMediaChange-- ;
3281 atapiR3CmdErrorSimple(s, SCSI_SENSE_UNIT_ATTENTION, SCSI_ASC_MEDIUM_MAY_HAVE_CHANGED); /* media changed */
3282 break;
3283 }
3284 else if (!s->pDrvMount->pfnIsMounted(s->pDrvMount))
3285 {
3286 atapiR3CmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIUM_NOT_PRESENT);
3287 break;
3288 }
3289 iATAPILBA = ataBE2H_U32(pbPacket + 2);
3290 if (iATAPILBA > s->cTotalSectors)
3291 {
3292 /* Rate limited logging, one log line per second. For
3293 * guests that insist on seeking to places outside the
3294 * valid area this often generates too many release log
3295 * entries otherwise. */
3296 static uint64_t uLastLogTS = 0;
3297 if (RTTimeMilliTS() >= uLastLogTS + 1000)
3298 {
3299 LogRel(("PIIX3 ATA: LUN#%d: CD-ROM block number %Ld invalid (SEEK)\n", s->iLUN, (uint64_t)iATAPILBA));
3300 uLastLogTS = RTTimeMilliTS();
3301 }
3302 atapiR3CmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_LOGICAL_BLOCK_OOR);
3303 break;
3304 }
3305 atapiR3CmdOK(s);
3306 ataSetStatus(s, ATA_STAT_SEEK); /* Linux expects this. */
3307 break;
3308 }
3309 case SCSI_START_STOP_UNIT:
3310 {
3311 int rc = VINF_SUCCESS;
3312 switch (pbPacket[4] & 3)
3313 {
3314 case 0: /* 00 - Stop motor */
3315 case 1: /* 01 - Start motor */
3316 break;
3317 case 2: /* 10 - Eject media */
3318 {
3319 /* This must be done from EMT. */
3320 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
3321 PPDMDEVINS pDevIns = ATADEVSTATE_2_DEVINS(s);
3322 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
3323
3324 PDMCritSectLeave(&pCtl->lock);
3325 rc = VMR3ReqPriorityCallWait(PDMDevHlpGetVM(pDevIns), VMCPUID_ANY,
3326 (PFNRT)s->pDrvMount->pfnUnmount, 3,
3327 s->pDrvMount, false /*=fForce*/, true /*=fEject*/);
3328 Assert(RT_SUCCESS(rc) || rc == VERR_PDM_MEDIA_LOCKED || rc == VERR_PDM_MEDIA_NOT_MOUNTED);
3329 if (RT_SUCCESS(rc) && pThis->pMediaNotify)
3330 {
3331 rc = VMR3ReqCallNoWait(PDMDevHlpGetVM(pDevIns), VMCPUID_ANY,
3332 (PFNRT)pThis->pMediaNotify->pfnEjected, 2,
3333 pThis->pMediaNotify, s->iLUN);
3334 AssertRC(rc);
3335 }
3336 {
3337 STAM_PROFILE_START(&pCtl->StatLockWait, a);
3338 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
3339 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
3340 }
3341 break;
3342 }
3343 case 3: /* 11 - Load media */
3344 /** @todo rc = s->pDrvMount->pfnLoadMedia(s->pDrvMount) */
3345 break;
3346 }
3347 if (RT_SUCCESS(rc))
3348 atapiR3CmdOK(s);
3349 else
3350 atapiR3CmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIA_LOAD_OR_EJECT_FAILED);
3351 break;
3352 }
3353 case SCSI_MECHANISM_STATUS:
3354 {
3355 cbMax = ataBE2H_U16(pbPacket + 8);
3356 ataR3StartTransfer(s, RT_MIN(cbMax, 8), PDMMEDIATXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_MECHANISM_STATUS, true);
3357 break;
3358 }
3359 case SCSI_READ_TOC_PMA_ATIP:
3360 {
3361 uint8_t format;
3362
3363 if (s->cNotifiedMediaChange > 0)
3364 {
3365 s->cNotifiedMediaChange-- ;
3366 atapiR3CmdErrorSimple(s, SCSI_SENSE_UNIT_ATTENTION, SCSI_ASC_MEDIUM_MAY_HAVE_CHANGED); /* media changed */
3367 break;
3368 }
3369 else if (!s->pDrvMount->pfnIsMounted(s->pDrvMount))
3370 {
3371 atapiR3CmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIUM_NOT_PRESENT);
3372 break;
3373 }
3374 cbMax = ataBE2H_U16(pbPacket + 7);
3375 /* SCSI MMC-3 spec says format is at offset 2 (lower 4 bits),
3376 * but Linux kernel uses offset 9 (topmost 2 bits). Hope that
3377 * the other field is clear... */
3378 format = (pbPacket[2] & 0xf) | (pbPacket[9] >> 6);
3379 switch (format)
3380 {
3381 case 0:
3382 ataR3StartTransfer(s, cbMax, PDMMEDIATXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_READ_TOC_NORMAL, true);
3383 break;
3384 case 1:
3385 ataR3StartTransfer(s, RT_MIN(cbMax, 12), PDMMEDIATXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_READ_TOC_MULTI, true);
3386 break;
3387 case 2:
3388 ataR3StartTransfer(s, cbMax, PDMMEDIATXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_READ_TOC_RAW, true);
3389 break;
3390 default:
3391 error_cmd:
3392 atapiR3CmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_INV_FIELD_IN_CMD_PACKET);
3393 break;
3394 }
3395 break;
3396 }
3397 case SCSI_READ_CAPACITY:
3398 if (s->cNotifiedMediaChange > 0)
3399 {
3400 s->cNotifiedMediaChange-- ;
3401 atapiR3CmdErrorSimple(s, SCSI_SENSE_UNIT_ATTENTION, SCSI_ASC_MEDIUM_MAY_HAVE_CHANGED); /* media changed */
3402 break;
3403 }
3404 else if (!s->pDrvMount->pfnIsMounted(s->pDrvMount))
3405 {
3406 atapiR3CmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIUM_NOT_PRESENT);
3407 break;
3408 }
3409 ataR3StartTransfer(s, 8, PDMMEDIATXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_READ_CAPACITY, true);
3410 break;
3411 case SCSI_READ_DISC_INFORMATION:
3412 if (s->cNotifiedMediaChange > 0)
3413 {
3414 s->cNotifiedMediaChange-- ;
3415 atapiR3CmdErrorSimple(s, SCSI_SENSE_UNIT_ATTENTION, SCSI_ASC_MEDIUM_MAY_HAVE_CHANGED); /* media changed */
3416 break;
3417 }
3418 else if (!s->pDrvMount->pfnIsMounted(s->pDrvMount))
3419 {
3420 atapiR3CmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIUM_NOT_PRESENT);
3421 break;
3422 }
3423 cbMax = ataBE2H_U16(pbPacket + 7);
3424 ataR3StartTransfer(s, RT_MIN(cbMax, 34), PDMMEDIATXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_READ_DISC_INFORMATION, true);
3425 break;
3426 case SCSI_READ_TRACK_INFORMATION:
3427 if (s->cNotifiedMediaChange > 0)
3428 {
3429 s->cNotifiedMediaChange-- ;
3430 atapiR3CmdErrorSimple(s, SCSI_SENSE_UNIT_ATTENTION, SCSI_ASC_MEDIUM_MAY_HAVE_CHANGED); /* media changed */
3431 break;
3432 }
3433 else if (!s->pDrvMount->pfnIsMounted(s->pDrvMount))
3434 {
3435 atapiR3CmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIUM_NOT_PRESENT);
3436 break;
3437 }
3438 cbMax = ataBE2H_U16(pbPacket + 7);
3439 ataR3StartTransfer(s, RT_MIN(cbMax, 36), PDMMEDIATXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_READ_TRACK_INFORMATION, true);
3440 break;
3441 case SCSI_GET_CONFIGURATION:
3442 /* No media change stuff here, it can confuse Linux guests. */
3443 cbMax = ataBE2H_U16(pbPacket + 7);
3444 ataR3StartTransfer(s, RT_MIN(cbMax, 80), PDMMEDIATXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_GET_CONFIGURATION, true);
3445 break;
3446 case SCSI_INQUIRY:
3447 cbMax = ataBE2H_U16(pbPacket + 3);
3448 ataR3StartTransfer(s, RT_MIN(cbMax, 36), PDMMEDIATXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_INQUIRY, true);
3449 break;
3450 case SCSI_READ_DVD_STRUCTURE:
3451 {
3452 cbMax = ataBE2H_U16(pbPacket + 8);
3453 ataR3StartTransfer(s, RT_MIN(cbMax, 4), PDMMEDIATXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_READ_DVD_STRUCTURE, true);
3454 break;
3455 }
3456 default:
3457 atapiR3CmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_ILLEGAL_OPCODE);
3458 break;
3459 }
3460}
3461
3462
3463/*
3464 * Parse ATAPI commands, passing them directly to the CD/DVD drive.
3465 */
3466static void atapiR3ParseCmdPassthrough(ATADevState *s)
3467{
3468 const uint8_t *pbPacket;
3469 uint8_t *pbBuf;
3470 uint32_t cSectors, iATAPILBA;
3471 uint32_t cbTransfer = 0;
3472 PDMMEDIATXDIR uTxDir = PDMMEDIATXDIR_NONE;
3473
3474 pbPacket = s->aATAPICmd;
3475 pbBuf = s->CTX_SUFF(pbIOBuffer);
3476 switch (pbPacket[0])
3477 {
3478 case SCSI_BLANK:
3479 goto sendcmd;
3480 case SCSI_CLOSE_TRACK_SESSION:
3481 goto sendcmd;
3482 case SCSI_ERASE_10:
3483 iATAPILBA = ataBE2H_U32(pbPacket + 2);
3484 cbTransfer = ataBE2H_U16(pbPacket + 7);
3485 Log2(("ATAPI PT: lba %d\n", iATAPILBA));
3486 uTxDir = PDMMEDIATXDIR_TO_DEVICE;
3487 goto sendcmd;
3488 case SCSI_FORMAT_UNIT:
3489 cbTransfer = s->uATARegLCyl | (s->uATARegHCyl << 8); /* use ATAPI transfer length */
3490 uTxDir = PDMMEDIATXDIR_TO_DEVICE;
3491 goto sendcmd;
3492 case SCSI_GET_CONFIGURATION:
3493 cbTransfer = ataBE2H_U16(pbPacket + 7);
3494 uTxDir = PDMMEDIATXDIR_FROM_DEVICE;
3495 goto sendcmd;
3496 case SCSI_GET_EVENT_STATUS_NOTIFICATION:
3497 cbTransfer = ataBE2H_U16(pbPacket + 7);
3498 if (ASMAtomicReadU32(&s->MediaEventStatus) != ATA_EVENT_STATUS_UNCHANGED)
3499 {
3500 ataR3StartTransfer(s, RT_MIN(cbTransfer, 8), PDMMEDIATXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_GET_EVENT_STATUS_NOTIFICATION, true);
3501 break;
3502 }
3503 uTxDir = PDMMEDIATXDIR_FROM_DEVICE;
3504 goto sendcmd;
3505 case SCSI_GET_PERFORMANCE:
3506 cbTransfer = s->uATARegLCyl | (s->uATARegHCyl << 8); /* use ATAPI transfer length */
3507 uTxDir = PDMMEDIATXDIR_FROM_DEVICE;
3508 goto sendcmd;
3509 case SCSI_INQUIRY:
3510 cbTransfer = ataBE2H_U16(pbPacket + 3);
3511 uTxDir = PDMMEDIATXDIR_FROM_DEVICE;
3512 goto sendcmd;
3513 case SCSI_LOAD_UNLOAD_MEDIUM:
3514 goto sendcmd;
3515 case SCSI_MECHANISM_STATUS:
3516 cbTransfer = ataBE2H_U16(pbPacket + 8);
3517 uTxDir = PDMMEDIATXDIR_FROM_DEVICE;
3518 goto sendcmd;
3519 case SCSI_MODE_SELECT_10:
3520 cbTransfer = ataBE2H_U16(pbPacket + 7);
3521 uTxDir = PDMMEDIATXDIR_TO_DEVICE;
3522 goto sendcmd;
3523 case SCSI_MODE_SENSE_10:
3524 cbTransfer = ataBE2H_U16(pbPacket + 7);
3525 uTxDir = PDMMEDIATXDIR_FROM_DEVICE;
3526 goto sendcmd;
3527 case SCSI_PAUSE_RESUME:
3528 goto sendcmd;
3529 case SCSI_PLAY_AUDIO_10:
3530 goto sendcmd;
3531 case SCSI_PLAY_AUDIO_12:
3532 goto sendcmd;
3533 case SCSI_PLAY_AUDIO_MSF:
3534 goto sendcmd;
3535 case SCSI_PREVENT_ALLOW_MEDIUM_REMOVAL:
3536 /** @todo do not forget to unlock when a VM is shut down */
3537 goto sendcmd;
3538 case SCSI_READ_10:
3539 iATAPILBA = ataBE2H_U32(pbPacket + 2);
3540 cSectors = ataBE2H_U16(pbPacket + 7);
3541 Log2(("ATAPI PT: lba %d sectors %d\n", iATAPILBA, cSectors));
3542 s->cbATAPISector = 2048;
3543 cbTransfer = cSectors * s->cbATAPISector;
3544 uTxDir = PDMMEDIATXDIR_FROM_DEVICE;
3545 goto sendcmd;
3546 case SCSI_READ_12:
3547 iATAPILBA = ataBE2H_U32(pbPacket + 2);
3548 cSectors = ataBE2H_U32(pbPacket + 6);
3549 Log2(("ATAPI PT: lba %d sectors %d\n", iATAPILBA, cSectors));
3550 s->cbATAPISector = 2048;
3551 cbTransfer = cSectors * s->cbATAPISector;
3552 uTxDir = PDMMEDIATXDIR_FROM_DEVICE;
3553 goto sendcmd;
3554 case SCSI_READ_BUFFER:
3555 cbTransfer = ataBE2H_U24(pbPacket + 6);
3556 uTxDir = PDMMEDIATXDIR_FROM_DEVICE;
3557 goto sendcmd;
3558 case SCSI_READ_BUFFER_CAPACITY:
3559 cbTransfer = ataBE2H_U16(pbPacket + 7);
3560 uTxDir = PDMMEDIATXDIR_FROM_DEVICE;
3561 goto sendcmd;
3562 case SCSI_READ_CAPACITY:
3563 cbTransfer = 8;
3564 uTxDir = PDMMEDIATXDIR_FROM_DEVICE;
3565 goto sendcmd;
3566 case SCSI_READ_CD:
3567 case SCSI_READ_CD_MSF:
3568 {
3569 /* Get sector size based on the expected sector type field. */
3570 switch ((pbPacket[1] >> 2) & 0x7)
3571 {
3572 case 0x0: /* All types. */
3573 {
3574 uint32_t iLbaStart;
3575
3576 if (pbPacket[0] == SCSI_READ_CD)
3577 iLbaStart = ataBE2H_U32(&pbPacket[2]);
3578 else
3579 iLbaStart = ataMSF2LBA(&pbPacket[3]);
3580
3581 if (s->pTrackList)
3582 s->cbATAPISector = ATAPIPassthroughTrackListGetSectorSizeFromLba(s->pTrackList, iLbaStart);
3583 else
3584 s->cbATAPISector = 2048; /* Might be incorrect if we couldn't determine the type. */
3585 break;
3586 }
3587 case 0x1: /* CD-DA */
3588 s->cbATAPISector = 2352;
3589 break;
3590 case 0x2: /* Mode 1 */
3591 s->cbATAPISector = 2048;
3592 break;
3593 case 0x3: /* Mode 2 formless */
3594 s->cbATAPISector = 2336;
3595 break;
3596 case 0x4: /* Mode 2 form 1 */
3597 s->cbATAPISector = 2048;
3598 break;
3599 case 0x5: /* Mode 2 form 2 */
3600 s->cbATAPISector = 2324;
3601 break;
3602 default: /* Reserved */
3603 AssertMsgFailed(("Unknown sector type\n"));
3604 s->cbATAPISector = 0; /** @todo we should probably fail the command here already. */
3605 }
3606
3607 if (pbPacket[0] == SCSI_READ_CD)
3608 cbTransfer = ataBE2H_U24(pbPacket + 6) * s->cbATAPISector;
3609 else /* SCSI_READ_MSF */
3610 {
3611 cSectors = ataMSF2LBA(pbPacket + 6) - ataMSF2LBA(pbPacket + 3);
3612 if (cSectors > 32)
3613 cSectors = 32; /* Limit transfer size to 64~74K. Safety first. In any case this can only harm software doing CDDA extraction. */
3614 cbTransfer = cSectors * s->cbATAPISector;
3615 }
3616 uTxDir = PDMMEDIATXDIR_FROM_DEVICE;
3617 goto sendcmd;
3618 }
3619 case SCSI_READ_DISC_INFORMATION:
3620 cbTransfer = ataBE2H_U16(pbPacket + 7);
3621 uTxDir = PDMMEDIATXDIR_FROM_DEVICE;
3622 goto sendcmd;
3623 case SCSI_READ_DVD_STRUCTURE:
3624 cbTransfer = ataBE2H_U16(pbPacket + 8);
3625 uTxDir = PDMMEDIATXDIR_FROM_DEVICE;
3626 goto sendcmd;
3627 case SCSI_READ_FORMAT_CAPACITIES:
3628 cbTransfer = ataBE2H_U16(pbPacket + 7);
3629 uTxDir = PDMMEDIATXDIR_FROM_DEVICE;
3630 goto sendcmd;
3631 case SCSI_READ_SUBCHANNEL:
3632 cbTransfer = ataBE2H_U16(pbPacket + 7);
3633 uTxDir = PDMMEDIATXDIR_FROM_DEVICE;
3634 goto sendcmd;
3635 case SCSI_READ_TOC_PMA_ATIP:
3636 cbTransfer = ataBE2H_U16(pbPacket + 7);
3637 uTxDir = PDMMEDIATXDIR_FROM_DEVICE;
3638 goto sendcmd;
3639 case SCSI_READ_TRACK_INFORMATION:
3640 cbTransfer = ataBE2H_U16(pbPacket + 7);
3641 uTxDir = PDMMEDIATXDIR_FROM_DEVICE;
3642 goto sendcmd;
3643 case SCSI_REPAIR_TRACK:
3644 goto sendcmd;
3645 case SCSI_REPORT_KEY:
3646 cbTransfer = ataBE2H_U16(pbPacket + 8);
3647 uTxDir = PDMMEDIATXDIR_FROM_DEVICE;
3648 goto sendcmd;
3649 case SCSI_REQUEST_SENSE:
3650 cbTransfer = pbPacket[4];
3651 if ((s->abATAPISense[2] & 0x0f) != SCSI_SENSE_NONE)
3652 {
3653 ataR3StartTransfer(s, RT_MIN(cbTransfer, 18), PDMMEDIATXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_REQUEST_SENSE, true);
3654 break;
3655 }
3656 uTxDir = PDMMEDIATXDIR_FROM_DEVICE;
3657 goto sendcmd;
3658 case SCSI_RESERVE_TRACK:
3659 goto sendcmd;
3660 case SCSI_SCAN:
3661 goto sendcmd;
3662 case SCSI_SEEK_10:
3663 goto sendcmd;
3664 case SCSI_SEND_CUE_SHEET:
3665 cbTransfer = ataBE2H_U24(pbPacket + 6);
3666 uTxDir = PDMMEDIATXDIR_TO_DEVICE;
3667 goto sendcmd;
3668 case SCSI_SEND_DVD_STRUCTURE:
3669 cbTransfer = ataBE2H_U16(pbPacket + 8);
3670 uTxDir = PDMMEDIATXDIR_TO_DEVICE;
3671 goto sendcmd;
3672 case SCSI_SEND_EVENT:
3673 cbTransfer = ataBE2H_U16(pbPacket + 8);
3674 uTxDir = PDMMEDIATXDIR_TO_DEVICE;
3675 goto sendcmd;
3676 case SCSI_SEND_KEY:
3677 cbTransfer = ataBE2H_U16(pbPacket + 8);
3678 uTxDir = PDMMEDIATXDIR_TO_DEVICE;
3679 goto sendcmd;
3680 case SCSI_SEND_OPC_INFORMATION:
3681 cbTransfer = ataBE2H_U16(pbPacket + 7);
3682 uTxDir = PDMMEDIATXDIR_TO_DEVICE;
3683 goto sendcmd;
3684 case SCSI_SET_CD_SPEED:
3685 goto sendcmd;
3686 case SCSI_SET_READ_AHEAD:
3687 goto sendcmd;
3688 case SCSI_SET_STREAMING:
3689 cbTransfer = ataBE2H_U16(pbPacket + 9);
3690 uTxDir = PDMMEDIATXDIR_TO_DEVICE;
3691 goto sendcmd;
3692 case SCSI_START_STOP_UNIT:
3693 goto sendcmd;
3694 case SCSI_STOP_PLAY_SCAN:
3695 goto sendcmd;
3696 case SCSI_SYNCHRONIZE_CACHE:
3697 goto sendcmd;
3698 case SCSI_TEST_UNIT_READY:
3699 goto sendcmd;
3700 case SCSI_VERIFY_10:
3701 goto sendcmd;
3702 case SCSI_WRITE_10:
3703 case SCSI_WRITE_AND_VERIFY_10:
3704 iATAPILBA = ataBE2H_U32(pbPacket + 2);
3705 cSectors = ataBE2H_U16(pbPacket + 7);
3706 if (s->pTrackList)
3707 s->cbATAPISector = ATAPIPassthroughTrackListGetSectorSizeFromLba(s->pTrackList, iATAPILBA);
3708 else
3709 s->cbATAPISector = 2048;
3710 Log2(("ATAPI PT: lba %d sectors %d sector size %d\n", iATAPILBA, cSectors, s->cbATAPISector));
3711 cbTransfer = cSectors * s->cbATAPISector;
3712 uTxDir = PDMMEDIATXDIR_TO_DEVICE;
3713 goto sendcmd;
3714 case SCSI_WRITE_12:
3715 iATAPILBA = ataBE2H_U32(pbPacket + 2);
3716 cSectors = ataBE2H_U32(pbPacket + 6);
3717 if (s->pTrackList)
3718 s->cbATAPISector = ATAPIPassthroughTrackListGetSectorSizeFromLba(s->pTrackList, iATAPILBA);
3719 else
3720 s->cbATAPISector = 2048;
3721 Log2(("ATAPI PT: lba %d sectors %d sector size %d\n", iATAPILBA, cSectors, s->cbATAPISector));
3722 cbTransfer = cSectors * s->cbATAPISector;
3723 uTxDir = PDMMEDIATXDIR_TO_DEVICE;
3724 goto sendcmd;
3725 case SCSI_WRITE_BUFFER:
3726 switch (pbPacket[1] & 0x1f)
3727 {
3728 case 0x04: /* download microcode */
3729 case 0x05: /* download microcode and save */
3730 case 0x06: /* download microcode with offsets */
3731 case 0x07: /* download microcode with offsets and save */
3732 case 0x0e: /* download microcode with offsets and defer activation */
3733 case 0x0f: /* activate deferred microcode */
3734 LogRel(("PIIX3 ATA: LUN#%d: CD-ROM passthrough command attempted to update firmware, blocked\n", s->iLUN));
3735 atapiR3CmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_INV_FIELD_IN_CMD_PACKET);
3736 break;
3737 default:
3738 cbTransfer = ataBE2H_U16(pbPacket + 6);
3739 uTxDir = PDMMEDIATXDIR_TO_DEVICE;
3740 goto sendcmd;
3741 }
3742 break;
3743 case SCSI_REPORT_LUNS: /* Not part of MMC-3, but used by Windows. */
3744 cbTransfer = ataBE2H_U32(pbPacket + 6);
3745 uTxDir = PDMMEDIATXDIR_FROM_DEVICE;
3746 goto sendcmd;
3747 case SCSI_REZERO_UNIT:
3748 /* Obsolete command used by cdrecord. What else would one expect?
3749 * This command is not sent to the drive, it is handled internally,
3750 * as the Linux kernel doesn't like it (message "scsi: unknown
3751 * opcode 0x01" in syslog) and replies with a sense code of 0,
3752 * which sends cdrecord to an endless loop. */
3753 atapiR3CmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_ILLEGAL_OPCODE);
3754 break;
3755 default:
3756 LogRel(("PIIX3 ATA: LUN#%d: passthrough unimplemented for command %#x\n", s->iLUN, pbPacket[0]));
3757 atapiR3CmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_ILLEGAL_OPCODE);
3758 break;
3759 sendcmd:
3760 /*
3761 * Send a command to the drive, passing data in/out as required.
3762 * Commands which exceed the I/O buffer size are split below
3763 * or aborted if splitting is not implemented.
3764 */
3765 Log2(("ATAPI PT: max size %d\n", cbTransfer));
3766 if (cbTransfer == 0)
3767 uTxDir = PDMMEDIATXDIR_NONE;
3768 ataR3StartTransfer(s, cbTransfer, uTxDir, ATAFN_BT_ATAPI_PASSTHROUGH_CMD, ATAFN_SS_ATAPI_PASSTHROUGH, true);
3769 }
3770}
3771
3772
3773static void atapiR3ParseCmd(ATADevState *s)
3774{
3775 const uint8_t *pbPacket;
3776
3777 pbPacket = s->aATAPICmd;
3778# ifdef DEBUG
3779 Log(("%s: LUN#%d DMA=%d CMD=%#04x \"%s\"\n", __FUNCTION__, s->iLUN, s->fDMA, pbPacket[0], SCSICmdText(pbPacket[0])));
3780# else /* !DEBUG */
3781 Log(("%s: LUN#%d DMA=%d CMD=%#04x\n", __FUNCTION__, s->iLUN, s->fDMA, pbPacket[0]));
3782# endif /* !DEBUG */
3783 Log2(("%s: limit=%#x packet: %.*Rhxs\n", __FUNCTION__, s->uATARegLCyl | (s->uATARegHCyl << 8), ATAPI_PACKET_SIZE, pbPacket));
3784
3785 if (s->fATAPIPassthrough)
3786 atapiR3ParseCmdPassthrough(s);
3787 else
3788 atapiR3ParseCmdVirtualATAPI(s);
3789}
3790
3791
3792static bool ataR3PacketSS(ATADevState *s)
3793{
3794 s->fDMA = !!(s->uATARegFeature & 1);
3795 memcpy(s->aATAPICmd, s->CTX_SUFF(pbIOBuffer), ATAPI_PACKET_SIZE);
3796 s->uTxDir = PDMMEDIATXDIR_NONE;
3797 s->cbTotalTransfer = 0;
3798 s->cbElementaryTransfer = 0;
3799 s->cbAtapiPassthroughTransfer = 0;
3800 atapiR3ParseCmd(s);
3801 return false;
3802}
3803
3804
3805/**
3806 * SCSI_GET_EVENT_STATUS_NOTIFICATION should return "medium removed" event
3807 * from now on, regardless if there was a medium inserted or not.
3808 */
3809static void ataR3MediumRemoved(ATADevState *s)
3810{
3811 ASMAtomicWriteU32(&s->MediaEventStatus, ATA_EVENT_STATUS_MEDIA_REMOVED);
3812}
3813
3814
3815/**
3816 * SCSI_GET_EVENT_STATUS_NOTIFICATION should return "medium inserted". If
3817 * there was already a medium inserted, don't forget to send the "medium
3818 * removed" event first.
3819 */
3820static void ataR3MediumInserted(ATADevState *s)
3821{
3822 uint32_t OldStatus, NewStatus;
3823 do
3824 {
3825 OldStatus = ASMAtomicReadU32(&s->MediaEventStatus);
3826 switch (OldStatus)
3827 {
3828 case ATA_EVENT_STATUS_MEDIA_CHANGED:
3829 case ATA_EVENT_STATUS_MEDIA_REMOVED:
3830 /* no change, we will send "medium removed" + "medium inserted" */
3831 NewStatus = ATA_EVENT_STATUS_MEDIA_CHANGED;
3832 break;
3833 default:
3834 NewStatus = ATA_EVENT_STATUS_MEDIA_NEW;
3835 break;
3836 }
3837 } while (!ASMAtomicCmpXchgU32(&s->MediaEventStatus, NewStatus, OldStatus));
3838}
3839
3840
3841/**
3842 * @interface_method_impl{PDMIMOUNTNOTIFY,pfnMountNotify}
3843 */
3844static DECLCALLBACK(void) ataR3MountNotify(PPDMIMOUNTNOTIFY pInterface)
3845{
3846 ATADevState *pIf = PDMIMOUNTNOTIFY_2_ATASTATE(pInterface);
3847 Log(("%s: changing LUN#%d\n", __FUNCTION__, pIf->iLUN));
3848
3849 /* Ignore the call if we're called while being attached. */
3850 if (!pIf->pDrvMedia)
3851 return;
3852
3853 if (pIf->fATAPI)
3854 pIf->cTotalSectors = pIf->pDrvMedia->pfnGetSize(pIf->pDrvMedia) / 2048;
3855 else
3856 pIf->cTotalSectors = pIf->pDrvMedia->pfnGetSize(pIf->pDrvMedia) / pIf->cbSector;
3857
3858 LogRel(("PIIX3 ATA: LUN#%d: CD/DVD, total number of sectors %Ld, passthrough unchanged\n", pIf->iLUN, pIf->cTotalSectors));
3859
3860 /* Report media changed in TEST UNIT and other (probably incorrect) places. */
3861 if (pIf->cNotifiedMediaChange < 2)
3862 pIf->cNotifiedMediaChange = 1;
3863 ataR3MediumInserted(pIf);
3864 ataR3MediumTypeSet(pIf, ATA_MEDIA_TYPE_UNKNOWN);
3865}
3866
3867/**
3868 * @interface_method_impl{PDMIMOUNTNOTIFY,pfnUnmountNotify}
3869 */
3870static DECLCALLBACK(void) ataR3UnmountNotify(PPDMIMOUNTNOTIFY pInterface)
3871{
3872 ATADevState *pIf = PDMIMOUNTNOTIFY_2_ATASTATE(pInterface);
3873 Log(("%s:\n", __FUNCTION__));
3874 pIf->cTotalSectors = 0;
3875
3876 /*
3877 * Whatever I do, XP will not use the GET MEDIA STATUS nor the EVENT stuff.
3878 * However, it will respond to TEST UNIT with a 0x6 0x28 (media changed) sense code.
3879 * So, we'll give it 4 TEST UNIT command to catch up, two which the media is not
3880 * present and 2 in which it is changed.
3881 */
3882 pIf->cNotifiedMediaChange = 1;
3883 ataR3MediumRemoved(pIf);
3884 ataR3MediumTypeSet(pIf, ATA_MEDIA_NO_DISC);
3885}
3886
3887static void ataR3PacketBT(ATADevState *s)
3888{
3889 s->cbElementaryTransfer = s->cbTotalTransfer;
3890 s->cbAtapiPassthroughTransfer = s->cbTotalTransfer;
3891 s->uATARegNSector = (s->uATARegNSector & ~7) | ATAPI_INT_REASON_CD;
3892 Log2(("%s: interrupt reason %#04x\n", __FUNCTION__, s->uATARegNSector));
3893 ataSetStatusValue(s, ATA_STAT_READY);
3894}
3895
3896
3897static void ataR3ResetDevice(ATADevState *s)
3898{
3899 s->cMultSectors = ATA_MAX_MULT_SECTORS;
3900 s->cNotifiedMediaChange = 0;
3901 ASMAtomicWriteU32(&s->MediaEventStatus, ATA_EVENT_STATUS_UNCHANGED);
3902 ASMAtomicWriteU32(&s->MediaTrackType, ATA_MEDIA_TYPE_UNKNOWN);
3903 ataUnsetIRQ(s);
3904
3905 s->uATARegSelect = 0x20;
3906 ataSetStatusValue(s, ATA_STAT_READY);
3907 ataR3SetSignature(s);
3908 s->cbTotalTransfer = 0;
3909 s->cbElementaryTransfer = 0;
3910 s->cbAtapiPassthroughTransfer = 0;
3911 s->iIOBufferPIODataStart = 0;
3912 s->iIOBufferPIODataEnd = 0;
3913 s->iBeginTransfer = ATAFN_BT_NULL;
3914 s->iSourceSink = ATAFN_SS_NULL;
3915 s->fDMA = false;
3916 s->fATAPITransfer = false;
3917 s->uATATransferMode = ATA_MODE_UDMA | 2; /* PIIX3 supports only up to UDMA2 */
3918
3919 s->uATARegFeature = 0;
3920}
3921
3922
3923static bool ataR3ExecuteDeviceDiagnosticSS(ATADevState *s)
3924{
3925 ataR3SetSignature(s);
3926 if (s->fATAPI)
3927 ataSetStatusValue(s, 0); /* NOTE: READY is _not_ set */
3928 else
3929 ataSetStatusValue(s, ATA_STAT_READY | ATA_STAT_SEEK);
3930 s->uATARegError = 0x01;
3931 return false;
3932}
3933
3934
3935static int ataR3TrimSectors(ATADevState *s, uint64_t u64Sector, uint32_t cSectors,
3936 bool *pfRedo)
3937{
3938 RTRANGE TrimRange;
3939 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
3940 int rc;
3941
3942 PDMCritSectLeave(&pCtl->lock);
3943
3944 TrimRange.offStart = u64Sector * s->cbSector;
3945 TrimRange.cbRange = cSectors * s->cbSector;
3946
3947 s->Led.Asserted.s.fWriting = s->Led.Actual.s.fWriting = 1;
3948 rc = s->pDrvMedia->pfnDiscard(s->pDrvMedia, &TrimRange, 1);
3949 s->Led.Actual.s.fWriting = 0;
3950
3951 if (RT_SUCCESS(rc))
3952 *pfRedo = false;
3953 else
3954 *pfRedo = ataR3IsRedoSetWarning(s, rc);
3955
3956 STAM_PROFILE_START(&pCtl->StatLockWait, a);
3957 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
3958 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
3959 return rc;
3960}
3961
3962
3963static bool ataR3TrimSS(ATADevState *s)
3964{
3965 int rc = VERR_GENERAL_FAILURE;
3966 uint32_t cRangesMax;
3967 uint64_t *pu64Range = (uint64_t *)s->CTX_SUFF(pbIOBuffer);
3968 bool fRedo = false;
3969
3970 cRangesMax = s->cbElementaryTransfer / sizeof(uint64_t);
3971 Assert(cRangesMax);
3972
3973 while (cRangesMax-- > 0)
3974 {
3975 if (ATA_RANGE_LENGTH_GET(*pu64Range) == 0)
3976 break;
3977
3978 rc = ataR3TrimSectors(s, *pu64Range & ATA_RANGE_LBA_MASK,
3979 ATA_RANGE_LENGTH_GET(*pu64Range), &fRedo);
3980 if (RT_FAILURE(rc))
3981 break;
3982
3983 pu64Range++;
3984 }
3985
3986 if (RT_SUCCESS(rc))
3987 {
3988 s->iSourceSink = ATAFN_SS_NULL;
3989 ataR3CmdOK(s, ATA_STAT_SEEK);
3990 }
3991 else
3992 {
3993 if (fRedo)
3994 return fRedo;
3995 if (s->cErrors++ < MAX_LOG_REL_ERRORS)
3996 LogRel(("PIIX3 ATA: LUN#%d: disk trim error (rc=%Rrc iSector=%#RX64 cSectors=%#RX32)\n",
3997 s->iLUN, rc, *pu64Range & ATA_RANGE_LBA_MASK, ATA_RANGE_LENGTH_GET(*pu64Range)));
3998
3999 /*
4000 * Check if we got interrupted. We don't need to set status variables
4001 * because the request was aborted.
4002 */
4003 if (rc != VERR_INTERRUPTED)
4004 ataR3CmdError(s, ID_ERR);
4005 }
4006
4007 return false;
4008}
4009
4010
4011static void ataR3ParseCmd(ATADevState *s, uint8_t cmd)
4012{
4013# ifdef DEBUG
4014 Log(("%s: LUN#%d CMD=%#04x \"%s\"\n", __FUNCTION__, s->iLUN, cmd, ATACmdText(cmd)));
4015# else /* !DEBUG */
4016 Log(("%s: LUN#%d CMD=%#04x\n", __FUNCTION__, s->iLUN, cmd));
4017# endif /* !DEBUG */
4018 s->fLBA48 = false;
4019 s->fDMA = false;
4020 if (cmd == ATA_IDLE_IMMEDIATE)
4021 {
4022 /* Detect Linux timeout recovery, first tries IDLE IMMEDIATE (which
4023 * would overwrite the failing command unfortunately), then RESET. */
4024 int32_t uCmdWait = -1;
4025 uint64_t uNow = RTTimeNanoTS();
4026 if (s->u64CmdTS)
4027 uCmdWait = (uNow - s->u64CmdTS) / 1000;
4028 LogRel(("PIIX3 ATA: LUN#%d: IDLE IMMEDIATE, CmdIf=%#04x (%d usec ago)\n",
4029 s->iLUN, s->uATARegCommand, uCmdWait));
4030 }
4031 s->uATARegCommand = cmd;
4032 switch (cmd)
4033 {
4034 case ATA_IDENTIFY_DEVICE:
4035 if (s->pDrvMedia && !s->fATAPI)
4036 ataR3StartTransfer(s, 512, PDMMEDIATXDIR_FROM_DEVICE, ATAFN_BT_NULL, ATAFN_SS_IDENTIFY, false);
4037 else
4038 {
4039 if (s->fATAPI)
4040 ataR3SetSignature(s);
4041 ataR3CmdError(s, ABRT_ERR);
4042 ataUnsetStatus(s, ATA_STAT_READY);
4043 ataHCSetIRQ(s); /* Shortcut, do not use AIO thread. */
4044 }
4045 break;
4046 case ATA_RECALIBRATE:
4047 if (s->fATAPI)
4048 goto abort_cmd;
4049 /* fall through */
4050 case ATA_INITIALIZE_DEVICE_PARAMETERS:
4051 ataR3CmdOK(s, ATA_STAT_SEEK);
4052 ataHCSetIRQ(s); /* Shortcut, do not use AIO thread. */
4053 break;
4054 case ATA_SET_MULTIPLE_MODE:
4055 if ( s->uATARegNSector != 0
4056 && ( s->uATARegNSector > ATA_MAX_MULT_SECTORS
4057 || (s->uATARegNSector & (s->uATARegNSector - 1)) != 0))
4058 {
4059 ataR3CmdError(s, ABRT_ERR);
4060 }
4061 else
4062 {
4063 Log2(("%s: set multi sector count to %d\n", __FUNCTION__, s->uATARegNSector));
4064 s->cMultSectors = s->uATARegNSector;
4065 ataR3CmdOK(s, 0);
4066 }
4067 ataHCSetIRQ(s); /* Shortcut, do not use AIO thread. */
4068 break;
4069 case ATA_READ_VERIFY_SECTORS_EXT:
4070 s->fLBA48 = true;
4071 case ATA_READ_VERIFY_SECTORS:
4072 case ATA_READ_VERIFY_SECTORS_WITHOUT_RETRIES:
4073 /* do sector number check ? */
4074 ataR3CmdOK(s, ATA_STAT_SEEK);
4075 ataHCSetIRQ(s); /* Shortcut, do not use AIO thread. */
4076 break;
4077 case ATA_READ_SECTORS_EXT:
4078 s->fLBA48 = true;
4079 case ATA_READ_SECTORS:
4080 case ATA_READ_SECTORS_WITHOUT_RETRIES:
4081 if (!s->pDrvMedia || s->fATAPI)
4082 goto abort_cmd;
4083 s->cSectorsPerIRQ = 1;
4084 ataR3StartTransfer(s, ataR3GetNSectors(s) * s->cbSector, PDMMEDIATXDIR_FROM_DEVICE, ATAFN_BT_READ_WRITE_SECTORS, ATAFN_SS_READ_SECTORS, false);
4085 break;
4086 case ATA_WRITE_SECTORS_EXT:
4087 s->fLBA48 = true;
4088 case ATA_WRITE_SECTORS:
4089 case ATA_WRITE_SECTORS_WITHOUT_RETRIES:
4090 if (!s->pDrvMedia || s->fATAPI)
4091 goto abort_cmd;
4092 s->cSectorsPerIRQ = 1;
4093 ataR3StartTransfer(s, ataR3GetNSectors(s) * s->cbSector, PDMMEDIATXDIR_TO_DEVICE, ATAFN_BT_READ_WRITE_SECTORS, ATAFN_SS_WRITE_SECTORS, false);
4094 break;
4095 case ATA_READ_MULTIPLE_EXT:
4096 s->fLBA48 = true;
4097 case ATA_READ_MULTIPLE:
4098 if (!s->pDrvMedia || !s->cMultSectors || s->fATAPI)
4099 goto abort_cmd;
4100 s->cSectorsPerIRQ = s->cMultSectors;
4101 ataR3StartTransfer(s, ataR3GetNSectors(s) * s->cbSector, PDMMEDIATXDIR_FROM_DEVICE, ATAFN_BT_READ_WRITE_SECTORS, ATAFN_SS_READ_SECTORS, false);
4102 break;
4103 case ATA_WRITE_MULTIPLE_EXT:
4104 s->fLBA48 = true;
4105 case ATA_WRITE_MULTIPLE:
4106 if (!s->pDrvMedia || !s->cMultSectors || s->fATAPI)
4107 goto abort_cmd;
4108 s->cSectorsPerIRQ = s->cMultSectors;
4109 ataR3StartTransfer(s, ataR3GetNSectors(s) * s->cbSector, PDMMEDIATXDIR_TO_DEVICE, ATAFN_BT_READ_WRITE_SECTORS, ATAFN_SS_WRITE_SECTORS, false);
4110 break;
4111 case ATA_READ_DMA_EXT:
4112 s->fLBA48 = true;
4113 case ATA_READ_DMA:
4114 case ATA_READ_DMA_WITHOUT_RETRIES:
4115 if (!s->pDrvMedia || s->fATAPI)
4116 goto abort_cmd;
4117 s->cSectorsPerIRQ = ATA_MAX_MULT_SECTORS;
4118 s->fDMA = true;
4119 ataR3StartTransfer(s, ataR3GetNSectors(s) * s->cbSector, PDMMEDIATXDIR_FROM_DEVICE, ATAFN_BT_READ_WRITE_SECTORS, ATAFN_SS_READ_SECTORS, false);
4120 break;
4121 case ATA_WRITE_DMA_EXT:
4122 s->fLBA48 = true;
4123 case ATA_WRITE_DMA:
4124 case ATA_WRITE_DMA_WITHOUT_RETRIES:
4125 if (!s->pDrvMedia || s->fATAPI)
4126 goto abort_cmd;
4127 s->cSectorsPerIRQ = ATA_MAX_MULT_SECTORS;
4128 s->fDMA = true;
4129 ataR3StartTransfer(s, ataR3GetNSectors(s) * s->cbSector, PDMMEDIATXDIR_TO_DEVICE, ATAFN_BT_READ_WRITE_SECTORS, ATAFN_SS_WRITE_SECTORS, false);
4130 break;
4131 case ATA_READ_NATIVE_MAX_ADDRESS_EXT:
4132 s->fLBA48 = true;
4133 ataR3SetSector(s, s->cTotalSectors - 1);
4134 ataR3CmdOK(s, 0);
4135 ataHCSetIRQ(s); /* Shortcut, do not use AIO thread. */
4136 break;
4137 case ATA_SEEK: /* Used by the SCO OpenServer. Command is marked as obsolete */
4138 ataR3CmdOK(s, 0);
4139 ataHCSetIRQ(s); /* Shortcut, do not use AIO thread. */
4140 break;
4141 case ATA_READ_NATIVE_MAX_ADDRESS:
4142 ataR3SetSector(s, RT_MIN(s->cTotalSectors, 1 << 28) - 1);
4143 ataR3CmdOK(s, 0);
4144 ataHCSetIRQ(s); /* Shortcut, do not use AIO thread. */
4145 break;
4146 case ATA_CHECK_POWER_MODE:
4147 s->uATARegNSector = 0xff; /* drive active or idle */
4148 ataR3CmdOK(s, 0);
4149 ataHCSetIRQ(s); /* Shortcut, do not use AIO thread. */
4150 break;
4151 case ATA_SET_FEATURES:
4152 Log2(("%s: feature=%#x\n", __FUNCTION__, s->uATARegFeature));
4153 if (!s->pDrvMedia)
4154 goto abort_cmd;
4155 switch (s->uATARegFeature)
4156 {
4157 case 0x02: /* write cache enable */
4158 Log2(("%s: write cache enable\n", __FUNCTION__));
4159 ataR3CmdOK(s, ATA_STAT_SEEK);
4160 ataHCSetIRQ(s); /* Shortcut, do not use AIO thread. */
4161 break;
4162 case 0xaa: /* read look-ahead enable */
4163 Log2(("%s: read look-ahead enable\n", __FUNCTION__));
4164 ataR3CmdOK(s, ATA_STAT_SEEK);
4165 ataHCSetIRQ(s); /* Shortcut, do not use AIO thread. */
4166 break;
4167 case 0x55: /* read look-ahead disable */
4168 Log2(("%s: read look-ahead disable\n", __FUNCTION__));
4169 ataR3CmdOK(s, ATA_STAT_SEEK);
4170 ataHCSetIRQ(s); /* Shortcut, do not use AIO thread. */
4171 break;
4172 case 0xcc: /* reverting to power-on defaults enable */
4173 Log2(("%s: revert to power-on defaults enable\n", __FUNCTION__));
4174 ataR3CmdOK(s, ATA_STAT_SEEK);
4175 ataHCSetIRQ(s); /* Shortcut, do not use AIO thread. */
4176 break;
4177 case 0x66: /* reverting to power-on defaults disable */
4178 Log2(("%s: revert to power-on defaults disable\n", __FUNCTION__));
4179 ataR3CmdOK(s, ATA_STAT_SEEK);
4180 ataHCSetIRQ(s); /* Shortcut, do not use AIO thread. */
4181 break;
4182 case 0x82: /* write cache disable */
4183 Log2(("%s: write cache disable\n", __FUNCTION__));
4184 /* As per the ATA/ATAPI-6 specs, a write cache disable
4185 * command MUST flush the write buffers to disc. */
4186 ataR3StartTransfer(s, 0, PDMMEDIATXDIR_NONE, ATAFN_BT_NULL, ATAFN_SS_FLUSH, false);
4187 break;
4188 case 0x03: { /* set transfer mode */
4189 Log2(("%s: transfer mode %#04x\n", __FUNCTION__, s->uATARegNSector));
4190 switch (s->uATARegNSector & 0xf8)
4191 {
4192 case 0x00: /* PIO default */
4193 case 0x08: /* PIO mode */
4194 break;
4195 case ATA_MODE_MDMA: /* MDMA mode */
4196 s->uATATransferMode = (s->uATARegNSector & 0xf8) | RT_MIN(s->uATARegNSector & 0x07, ATA_MDMA_MODE_MAX);
4197 break;
4198 case ATA_MODE_UDMA: /* UDMA mode */
4199 s->uATATransferMode = (s->uATARegNSector & 0xf8) | RT_MIN(s->uATARegNSector & 0x07, ATA_UDMA_MODE_MAX);
4200 break;
4201 default:
4202 goto abort_cmd;
4203 }
4204 ataR3CmdOK(s, ATA_STAT_SEEK);
4205 ataHCSetIRQ(s); /* Shortcut, do not use AIO thread. */
4206 break;
4207 }
4208 default:
4209 goto abort_cmd;
4210 }
4211 /*
4212 * OS/2 workarond:
4213 * The OS/2 IDE driver from MCP2 appears to rely on the feature register being
4214 * reset here. According to the specification, this is a driver bug as the register
4215 * contents are undefined after the call. This means we can just as well reset it.
4216 */
4217 s->uATARegFeature = 0;
4218 break;
4219 case ATA_FLUSH_CACHE_EXT:
4220 case ATA_FLUSH_CACHE:
4221 if (!s->pDrvMedia || s->fATAPI)
4222 goto abort_cmd;
4223 ataR3StartTransfer(s, 0, PDMMEDIATXDIR_NONE, ATAFN_BT_NULL, ATAFN_SS_FLUSH, false);
4224 break;
4225 case ATA_STANDBY_IMMEDIATE:
4226 ataR3CmdOK(s, 0);
4227 ataHCSetIRQ(s); /* Shortcut, do not use AIO thread. */
4228 break;
4229 case ATA_IDLE_IMMEDIATE:
4230 LogRel(("PIIX3 ATA: LUN#%d: aborting current command\n", s->iLUN));
4231 ataR3AbortCurrentCommand(s, false);
4232 break;
4233 case ATA_SLEEP:
4234 ataR3CmdOK(s, 0);
4235 ataHCSetIRQ(s);
4236 break;
4237 /* ATAPI commands */
4238 case ATA_IDENTIFY_PACKET_DEVICE:
4239 if (s->fATAPI)
4240 ataR3StartTransfer(s, 512, PDMMEDIATXDIR_FROM_DEVICE, ATAFN_BT_NULL, ATAFN_SS_ATAPI_IDENTIFY, false);
4241 else
4242 {
4243 ataR3CmdError(s, ABRT_ERR);
4244 ataHCSetIRQ(s); /* Shortcut, do not use AIO thread. */
4245 }
4246 break;
4247 case ATA_EXECUTE_DEVICE_DIAGNOSTIC:
4248 ataR3StartTransfer(s, 0, PDMMEDIATXDIR_NONE, ATAFN_BT_NULL, ATAFN_SS_EXECUTE_DEVICE_DIAGNOSTIC, false);
4249 break;
4250 case ATA_DEVICE_RESET:
4251 if (!s->fATAPI)
4252 goto abort_cmd;
4253 LogRel(("PIIX3 ATA: LUN#%d: performing device RESET\n", s->iLUN));
4254 ataR3AbortCurrentCommand(s, true);
4255 break;
4256 case ATA_PACKET:
4257 if (!s->fATAPI)
4258 goto abort_cmd;
4259 /* overlapping commands not supported */
4260 if (s->uATARegFeature & 0x02)
4261 goto abort_cmd;
4262 ataR3StartTransfer(s, ATAPI_PACKET_SIZE, PDMMEDIATXDIR_TO_DEVICE, ATAFN_BT_PACKET, ATAFN_SS_PACKET, false);
4263 break;
4264 case ATA_DATA_SET_MANAGEMENT:
4265 if (!s->pDrvMedia || !s->pDrvMedia->pfnDiscard)
4266 goto abort_cmd;
4267 if ( !(s->uATARegFeature & UINT8_C(0x01))
4268 || (s->uATARegFeature & ~UINT8_C(0x01)))
4269 goto abort_cmd;
4270 s->fDMA = true;
4271 ataR3StartTransfer(s, (s->uATARegNSectorHOB << 8 | s->uATARegNSector) * s->cbSector, PDMMEDIATXDIR_TO_DEVICE, ATAFN_BT_NULL, ATAFN_SS_TRIM, false);
4272 break;
4273 default:
4274 abort_cmd:
4275 ataR3CmdError(s, ABRT_ERR);
4276 if (s->fATAPI)
4277 ataUnsetStatus(s, ATA_STAT_READY);
4278 ataHCSetIRQ(s); /* Shortcut, do not use AIO thread. */
4279 break;
4280 }
4281}
4282
4283# endif /* IN_RING3 */
4284#endif /* IN_RING0 || IN_RING3 */
4285
4286/*
4287 * Note: There are four distinct cases of port I/O handling depending on
4288 * which devices (if any) are attached to an IDE channel:
4289 *
4290 * 1) No device attached. No response to writes or reads (i.e. reads return
4291 * all bits set).
4292 *
4293 * 2) Both devices attached. Reads and writes are processed normally.
4294 *
4295 * 3) Device 0 only. If device 0 is selected, normal behavior applies. But
4296 * if Device 1 is selected, writes are still directed to Device 0 (except
4297 * commands are not executed), reads from control/command registers are
4298 * directed to Device 0, but status/alt status reads return 0. If Device 1
4299 * is a PACKET device, all reads return 0. See ATAPI-6 clause 9.16.1 and
4300 * Table 18 in clause 7.1.
4301 *
4302 * 4) Device 1 only - non-standard(!). Device 1 can't tell if Device 0 is
4303 * present or not and behaves the same. That means if Device 0 is selected,
4304 * Device 1 responds to writes (except commands are not executed) but does
4305 * not respond to reads. If Device 1 selected, normal behavior applies.
4306 * See ATAPI-6 clause 9.16.2 and Table 15 in clause 7.1.
4307 */
4308
4309static int ataIOPortWriteU8(PATACONTROLLER pCtl, uint32_t addr, uint32_t val)
4310{
4311 Log2(("%s: LUN#%d write addr=%#x val=%#04x\n", __FUNCTION__, pCtl->aIfs[pCtl->iSelectedIf].iLUN, addr, val));
4312 addr &= 7;
4313 switch (addr)
4314 {
4315 case 0:
4316 break;
4317 case 1: /* feature register */
4318 /* NOTE: data is written to the two drives */
4319 pCtl->aIfs[0].uATARegDevCtl &= ~ATA_DEVCTL_HOB;
4320 pCtl->aIfs[1].uATARegDevCtl &= ~ATA_DEVCTL_HOB;
4321 pCtl->aIfs[0].uATARegFeatureHOB = pCtl->aIfs[0].uATARegFeature;
4322 pCtl->aIfs[1].uATARegFeatureHOB = pCtl->aIfs[1].uATARegFeature;
4323 pCtl->aIfs[0].uATARegFeature = val;
4324 pCtl->aIfs[1].uATARegFeature = val;
4325 break;
4326 case 2: /* sector count */
4327 pCtl->aIfs[0].uATARegDevCtl &= ~ATA_DEVCTL_HOB;
4328 pCtl->aIfs[1].uATARegDevCtl &= ~ATA_DEVCTL_HOB;
4329 pCtl->aIfs[0].uATARegNSectorHOB = pCtl->aIfs[0].uATARegNSector;
4330 pCtl->aIfs[1].uATARegNSectorHOB = pCtl->aIfs[1].uATARegNSector;
4331 pCtl->aIfs[0].uATARegNSector = val;
4332 pCtl->aIfs[1].uATARegNSector = val;
4333 break;
4334 case 3: /* sector number */
4335 pCtl->aIfs[0].uATARegDevCtl &= ~ATA_DEVCTL_HOB;
4336 pCtl->aIfs[1].uATARegDevCtl &= ~ATA_DEVCTL_HOB;
4337 pCtl->aIfs[0].uATARegSectorHOB = pCtl->aIfs[0].uATARegSector;
4338 pCtl->aIfs[1].uATARegSectorHOB = pCtl->aIfs[1].uATARegSector;
4339 pCtl->aIfs[0].uATARegSector = val;
4340 pCtl->aIfs[1].uATARegSector = val;
4341 break;
4342 case 4: /* cylinder low */
4343 pCtl->aIfs[0].uATARegDevCtl &= ~ATA_DEVCTL_HOB;
4344 pCtl->aIfs[1].uATARegDevCtl &= ~ATA_DEVCTL_HOB;
4345 pCtl->aIfs[0].uATARegLCylHOB = pCtl->aIfs[0].uATARegLCyl;
4346 pCtl->aIfs[1].uATARegLCylHOB = pCtl->aIfs[1].uATARegLCyl;
4347 pCtl->aIfs[0].uATARegLCyl = val;
4348 pCtl->aIfs[1].uATARegLCyl = val;
4349 break;
4350 case 5: /* cylinder high */
4351 pCtl->aIfs[0].uATARegDevCtl &= ~ATA_DEVCTL_HOB;
4352 pCtl->aIfs[1].uATARegDevCtl &= ~ATA_DEVCTL_HOB;
4353 pCtl->aIfs[0].uATARegHCylHOB = pCtl->aIfs[0].uATARegHCyl;
4354 pCtl->aIfs[1].uATARegHCylHOB = pCtl->aIfs[1].uATARegHCyl;
4355 pCtl->aIfs[0].uATARegHCyl = val;
4356 pCtl->aIfs[1].uATARegHCyl = val;
4357 break;
4358 case 6: /* drive/head */
4359 pCtl->aIfs[0].uATARegSelect = (val & ~0x10) | 0xa0;
4360 pCtl->aIfs[1].uATARegSelect = (val | 0x10) | 0xa0;
4361 if (((val >> 4) & 1) != pCtl->iSelectedIf)
4362 {
4363 PPDMDEVINS pDevIns = CONTROLLER_2_DEVINS(pCtl);
4364
4365 /* select another drive */
4366 pCtl->iSelectedIf = (val >> 4) & 1;
4367 /* The IRQ line is multiplexed between the two drives, so
4368 * update the state when switching to another drive. Only need
4369 * to update interrupt line if it is enabled and there is a
4370 * state change. */
4371 if ( !(pCtl->aIfs[pCtl->iSelectedIf].uATARegDevCtl & ATA_DEVCTL_DISABLE_IRQ)
4372 && ( pCtl->aIfs[pCtl->iSelectedIf].fIrqPending
4373 != pCtl->aIfs[pCtl->iSelectedIf ^ 1].fIrqPending))
4374 {
4375 if (pCtl->aIfs[pCtl->iSelectedIf].fIrqPending)
4376 {
4377 Log2(("%s: LUN#%d asserting IRQ (drive select change)\n", __FUNCTION__, pCtl->aIfs[pCtl->iSelectedIf].iLUN));
4378 /* The BMDMA unit unconditionally sets BM_STATUS_INT if
4379 * the interrupt line is asserted. It monitors the line
4380 * for a rising edge. */
4381 pCtl->BmDma.u8Status |= BM_STATUS_INT;
4382 if (pCtl->irq == 16)
4383 PDMDevHlpPCISetIrq(pDevIns, 0, 1);
4384 else
4385 PDMDevHlpISASetIrq(pDevIns, pCtl->irq, 1);
4386 }
4387 else
4388 {
4389 Log2(("%s: LUN#%d deasserting IRQ (drive select change)\n", __FUNCTION__, pCtl->aIfs[pCtl->iSelectedIf].iLUN));
4390 if (pCtl->irq == 16)
4391 PDMDevHlpPCISetIrq(pDevIns, 0, 0);
4392 else
4393 PDMDevHlpISASetIrq(pDevIns, pCtl->irq, 0);
4394 }
4395 }
4396 }
4397 break;
4398 default:
4399 case 7: /* command */
4400 /* ignore commands to non-existent device */
4401 if (pCtl->iSelectedIf && !pCtl->aIfs[pCtl->iSelectedIf].pDrvMedia)
4402 break;
4403#ifndef IN_RING3
4404 /* Don't do anything complicated in GC */
4405 return VINF_IOM_R3_IOPORT_WRITE;
4406#else /* IN_RING3 */
4407 ataR3ParseCmd(&pCtl->aIfs[pCtl->iSelectedIf], val);
4408#endif /* !IN_RING3 */
4409 }
4410 return VINF_SUCCESS;
4411}
4412
4413
4414static int ataIOPortReadU8(PATACONTROLLER pCtl, uint32_t addr, uint32_t *pu32)
4415{
4416 ATADevState *s = &pCtl->aIfs[pCtl->iSelectedIf];
4417 uint32_t val;
4418 bool fHOB;
4419
4420 /* Check if the guest is reading from a non-existent device. */
4421 if (!s->pDrvMedia)
4422 {
4423 if (pCtl->iSelectedIf) /* Device 1 selected, Device 0 responding for it. */
4424 {
4425 if (!pCtl->aIfs[0].pDrvMedia) /** @todo this case should never get here! */
4426 {
4427 Log2(("%s: addr=%#x: no device on channel\n", __FUNCTION__, addr));
4428 return VERR_IOM_IOPORT_UNUSED;
4429 }
4430 if (((addr & 7) != 1) && pCtl->aIfs[0].fATAPI) {
4431 Log2(("%s: addr=%#x, val=0: LUN#%d not attached/LUN#%d ATAPI\n", __FUNCTION__, addr,
4432 s->iLUN, pCtl->aIfs[0].iLUN));
4433 *pu32 = 0;
4434 return VINF_SUCCESS;
4435 }
4436 /* Else handle normally. */
4437 }
4438 else /* Device 0 selected (but not present). */
4439 {
4440 Log2(("%s: addr=%#x: LUN#%d not attached\n", __FUNCTION__, addr, s->iLUN));
4441 return VERR_IOM_IOPORT_UNUSED;
4442 }
4443 }
4444 fHOB = !!(s->uATARegDevCtl & (1 << 7));
4445 switch (addr & 7)
4446 {
4447 case 0: /* data register */
4448 val = 0xff;
4449 break;
4450 case 1: /* error register */
4451 /* The ATA specification is very terse when it comes to specifying
4452 * the precise effects of reading back the error/feature register.
4453 * The error register (read-only) shares the register number with
4454 * the feature register (write-only), so it seems that it's not
4455 * necessary to support the usual HOB readback here. */
4456 if (!s->pDrvMedia)
4457 val = 0;
4458 else
4459 val = s->uATARegError;
4460 break;
4461 case 2: /* sector count */
4462 if (fHOB)
4463 val = s->uATARegNSectorHOB;
4464 else
4465 val = s->uATARegNSector;
4466 break;
4467 case 3: /* sector number */
4468 if (fHOB)
4469 val = s->uATARegSectorHOB;
4470 else
4471 val = s->uATARegSector;
4472 break;
4473 case 4: /* cylinder low */
4474 if (fHOB)
4475 val = s->uATARegLCylHOB;
4476 else
4477 val = s->uATARegLCyl;
4478 break;
4479 case 5: /* cylinder high */
4480 if (fHOB)
4481 val = s->uATARegHCylHOB;
4482 else
4483 val = s->uATARegHCyl;
4484 break;
4485 case 6: /* drive/head */
4486 /* This register must always work as long as there is at least
4487 * one drive attached to the controller. It is common between
4488 * both drives anyway (completely identical content). */
4489 if (!pCtl->aIfs[0].pDrvMedia && !pCtl->aIfs[1].pDrvMedia)
4490 val = 0;
4491 else
4492 val = s->uATARegSelect;
4493 break;
4494 default:
4495 case 7: /* primary status */
4496 {
4497 /* Counter for number of busy status seen in GC in a row. */
4498 static unsigned cBusy = 0;
4499
4500 if (!s->pDrvMedia)
4501 val = 0;
4502 else
4503 val = s->uATARegStatus;
4504
4505 /* Give the async I/O thread an opportunity to make progress,
4506 * don't let it starve by guests polling frequently. EMT has a
4507 * lower priority than the async I/O thread, but sometimes the
4508 * host OS doesn't care. With some guests we are only allowed to
4509 * be busy for about 5 milliseconds in some situations. Note that
4510 * this is no guarantee for any other VBox thread getting
4511 * scheduled, so this just lowers the CPU load a bit when drives
4512 * are busy. It cannot help with timing problems. */
4513 if (val & ATA_STAT_BUSY)
4514 {
4515#ifdef IN_RING3
4516 cBusy = 0;
4517 PDMCritSectLeave(&pCtl->lock);
4518
4519#ifndef RT_OS_WINDOWS
4520 /*
4521 * The thread might be stuck in an I/O operation
4522 * due to a high I/O load on the host. (see @bugref{3301})
4523 * To perform the reset successfully
4524 * we interrupt the operation by sending a signal to the thread
4525 * if the thread didn't responded in 10ms.
4526 * This works only on POSIX hosts (Windows has a CancelSynchronousIo function which
4527 * does the same but it was introduced with Vista) but so far
4528 * this hang was only observed on Linux and Mac OS X.
4529 *
4530 * This is a workaround and needs to be solved properly.
4531 */
4532 if (pCtl->fReset)
4533 {
4534 uint64_t u64ResetTimeStop = RTTimeMilliTS();
4535
4536 if ((u64ResetTimeStop - pCtl->u64ResetTime) >= 10)
4537 {
4538 LogRel(("PIIX3 ATA LUN#%d: Async I/O thread probably stuck in operation, interrupting\n", s->iLUN));
4539 pCtl->u64ResetTime = u64ResetTimeStop;
4540 RTThreadPoke(pCtl->AsyncIOThread);
4541 }
4542 }
4543#endif
4544
4545 RTThreadYield();
4546
4547 {
4548 STAM_PROFILE_START(&pCtl->StatLockWait, a);
4549 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
4550 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
4551 }
4552
4553 val = s->uATARegStatus;
4554#else /* !IN_RING3 */
4555 /* Cannot yield CPU in raw-mode and ring-0 context. And switching
4556 * to host context for each and every busy status is too costly,
4557 * especially on SMP systems where we don't gain much by
4558 * yielding the CPU to someone else. */
4559 if (++cBusy >= 20)
4560 {
4561 cBusy = 0;
4562 return VINF_IOM_R3_IOPORT_READ;
4563 }
4564#endif /* !IN_RING3 */
4565 }
4566 else
4567 cBusy = 0;
4568 ataUnsetIRQ(s);
4569 break;
4570 }
4571 }
4572 Log2(("%s: LUN#%d addr=%#x val=%#04x\n", __FUNCTION__, s->iLUN, addr, val));
4573 *pu32 = val;
4574 return VINF_SUCCESS;
4575}
4576
4577
4578static uint32_t ataStatusRead(PATACONTROLLER pCtl, uint32_t addr)
4579{
4580 ATADevState *s = &pCtl->aIfs[pCtl->iSelectedIf];
4581 uint32_t val;
4582 RT_NOREF1(addr);
4583
4584 /// @todo The handler should not be even registered if there
4585 // is no device on an IDE channel.
4586 if (!pCtl->aIfs[0].pDrvMedia && !pCtl->aIfs[1].pDrvMedia)
4587 val = 0xff;
4588 else if (pCtl->iSelectedIf == 1 && !s->pDrvMedia)
4589 val = 0; /* Device 1 selected, Device 0 responding for it. */
4590 else
4591 val = s->uATARegStatus;
4592 Log2(("%s: addr=%#x val=%#04x\n", __FUNCTION__, addr, val));
4593 return val;
4594}
4595
4596static int ataControlWrite(PATACONTROLLER pCtl, uint32_t addr, uint32_t val)
4597{
4598 RT_NOREF1(addr);
4599#ifndef IN_RING3
4600 if ((val ^ pCtl->aIfs[0].uATARegDevCtl) & ATA_DEVCTL_RESET)
4601 return VINF_IOM_R3_IOPORT_WRITE; /* The RESET stuff is too complicated for RC+R0. */
4602#endif /* !IN_RING3 */
4603
4604 Log2(("%s: addr=%#x val=%#04x\n", __FUNCTION__, addr, val));
4605 /* RESET is common for both drives attached to a controller. */
4606 if ( !(pCtl->aIfs[0].uATARegDevCtl & ATA_DEVCTL_RESET)
4607 && (val & ATA_DEVCTL_RESET))
4608 {
4609#ifdef IN_RING3
4610 /* Software RESET low to high */
4611 int32_t uCmdWait0 = -1;
4612 int32_t uCmdWait1 = -1;
4613 uint64_t uNow = RTTimeNanoTS();
4614 if (pCtl->aIfs[0].u64CmdTS)
4615 uCmdWait0 = (uNow - pCtl->aIfs[0].u64CmdTS) / 1000;
4616 if (pCtl->aIfs[1].u64CmdTS)
4617 uCmdWait1 = (uNow - pCtl->aIfs[1].u64CmdTS) / 1000;
4618 LogRel(("PIIX3 ATA: Ctl#%d: RESET, DevSel=%d AIOIf=%d CmdIf0=%#04x (%d usec ago) CmdIf1=%#04x (%d usec ago)\n",
4619 ATACONTROLLER_IDX(pCtl), pCtl->iSelectedIf, pCtl->iAIOIf,
4620 pCtl->aIfs[0].uATARegCommand, uCmdWait0,
4621 pCtl->aIfs[1].uATARegCommand, uCmdWait1));
4622 pCtl->fReset = true;
4623 /* Everything must be done after the reset flag is set, otherwise
4624 * there are unavoidable races with the currently executing request
4625 * (which might just finish in the mean time). */
4626 pCtl->fChainedTransfer = false;
4627 for (uint32_t i = 0; i < RT_ELEMENTS(pCtl->aIfs); i++)
4628 {
4629 ataR3ResetDevice(&pCtl->aIfs[i]);
4630 /* The following cannot be done using ataSetStatusValue() since the
4631 * reset flag is already set, which suppresses all status changes. */
4632 pCtl->aIfs[i].uATARegStatus = ATA_STAT_BUSY | ATA_STAT_SEEK;
4633 Log2(("%s: LUN#%d status %#04x\n", __FUNCTION__, pCtl->aIfs[i].iLUN, pCtl->aIfs[i].uATARegStatus));
4634 pCtl->aIfs[i].uATARegError = 0x01;
4635 }
4636 ataR3AsyncIOClearRequests(pCtl);
4637 Log2(("%s: Ctl#%d: message to async I/O thread, resetA\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
4638 if (val & ATA_DEVCTL_HOB)
4639 {
4640 val &= ~ATA_DEVCTL_HOB;
4641 Log2(("%s: ignored setting HOB\n", __FUNCTION__));
4642 }
4643
4644 /* Save the timestamp we started the reset. */
4645 pCtl->u64ResetTime = RTTimeMilliTS();
4646
4647 /* Issue the reset request now. */
4648 ataHCAsyncIOPutRequest(pCtl, &g_ataResetARequest);
4649#else /* !IN_RING3 */
4650 AssertMsgFailed(("RESET handling is too complicated for GC\n"));
4651#endif /* IN_RING3 */
4652 }
4653 else if ( (pCtl->aIfs[0].uATARegDevCtl & ATA_DEVCTL_RESET)
4654 && !(val & ATA_DEVCTL_RESET))
4655 {
4656#ifdef IN_RING3
4657 /* Software RESET high to low */
4658 Log(("%s: deasserting RESET\n", __FUNCTION__));
4659 Log2(("%s: Ctl#%d: message to async I/O thread, resetC\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
4660 if (val & ATA_DEVCTL_HOB)
4661 {
4662 val &= ~ATA_DEVCTL_HOB;
4663 Log2(("%s: ignored setting HOB\n", __FUNCTION__));
4664 }
4665 ataHCAsyncIOPutRequest(pCtl, &g_ataResetCRequest);
4666#else /* !IN_RING3 */
4667 AssertMsgFailed(("RESET handling is too complicated for GC\n"));
4668#endif /* IN_RING3 */
4669 }
4670
4671 /* Change of interrupt disable flag. Update interrupt line if interrupt
4672 * is pending on the current interface. */
4673 if ( ((val ^ pCtl->aIfs[0].uATARegDevCtl) & ATA_DEVCTL_DISABLE_IRQ)
4674 && pCtl->aIfs[pCtl->iSelectedIf].fIrqPending)
4675 {
4676 if (!(val & ATA_DEVCTL_DISABLE_IRQ))
4677 {
4678 Log2(("%s: LUN#%d asserting IRQ (interrupt disable change)\n", __FUNCTION__, pCtl->aIfs[pCtl->iSelectedIf].iLUN));
4679 /* The BMDMA unit unconditionally sets BM_STATUS_INT if the
4680 * interrupt line is asserted. It monitors the line for a rising
4681 * edge. */
4682 pCtl->BmDma.u8Status |= BM_STATUS_INT;
4683 if (pCtl->irq == 16)
4684 PDMDevHlpPCISetIrq(CONTROLLER_2_DEVINS(pCtl), 0, 1);
4685 else
4686 PDMDevHlpISASetIrq(CONTROLLER_2_DEVINS(pCtl), pCtl->irq, 1);
4687 }
4688 else
4689 {
4690 Log2(("%s: LUN#%d deasserting IRQ (interrupt disable change)\n", __FUNCTION__, pCtl->aIfs[pCtl->iSelectedIf].iLUN));
4691 if (pCtl->irq == 16)
4692 PDMDevHlpPCISetIrq(CONTROLLER_2_DEVINS(pCtl), 0, 0);
4693 else
4694 PDMDevHlpISASetIrq(CONTROLLER_2_DEVINS(pCtl), pCtl->irq, 0);
4695 }
4696 }
4697
4698 if (val & ATA_DEVCTL_HOB)
4699 Log2(("%s: set HOB\n", __FUNCTION__));
4700
4701 pCtl->aIfs[0].uATARegDevCtl = val;
4702 pCtl->aIfs[1].uATARegDevCtl = val;
4703
4704 return VINF_SUCCESS;
4705}
4706
4707#if defined(IN_RING0) || defined(IN_RING3)
4708
4709static void ataHCPIOTransfer(PATACONTROLLER pCtl)
4710{
4711 ATADevState *s;
4712
4713 s = &pCtl->aIfs[pCtl->iAIOIf];
4714 Log3(("%s: if=%p\n", __FUNCTION__, s));
4715
4716 if (s->cbTotalTransfer && s->iIOBufferCur > s->iIOBufferEnd)
4717 {
4718# ifdef IN_RING3
4719 LogRel(("PIIX3 ATA: LUN#%d: %s data in the middle of a PIO transfer - VERY SLOW\n", s->iLUN, s->uTxDir == PDMMEDIATXDIR_FROM_DEVICE ? "loading" : "storing"));
4720 /* Any guest OS that triggers this case has a pathetic ATA driver.
4721 * In a real system it would block the CPU via IORDY, here we do it
4722 * very similarly by not continuing with the current instruction
4723 * until the transfer to/from the storage medium is completed. */
4724 if (s->iSourceSink != ATAFN_SS_NULL)
4725 {
4726 bool fRedo;
4727 uint8_t status = s->uATARegStatus;
4728 ataSetStatusValue(s, ATA_STAT_BUSY);
4729 Log2(("%s: calling source/sink function\n", __FUNCTION__));
4730 fRedo = g_apfnSourceSinkFuncs[s->iSourceSink](s);
4731 pCtl->fRedo = fRedo;
4732 if (RT_UNLIKELY(fRedo))
4733 return;
4734 ataSetStatusValue(s, status);
4735 s->iIOBufferCur = 0;
4736 s->iIOBufferEnd = s->cbElementaryTransfer;
4737 }
4738# else
4739 AssertReleaseFailed();
4740# endif
4741 }
4742 if (s->cbTotalTransfer)
4743 {
4744 if (s->fATAPITransfer)
4745 ataHCPIOTransferLimitATAPI(s);
4746
4747 if (s->uTxDir == PDMMEDIATXDIR_TO_DEVICE && s->cbElementaryTransfer > s->cbTotalTransfer)
4748 s->cbElementaryTransfer = s->cbTotalTransfer;
4749
4750 Log2(("%s: %s tx_size=%d elem_tx_size=%d index=%d end=%d\n",
4751 __FUNCTION__, s->uTxDir == PDMMEDIATXDIR_FROM_DEVICE ? "T2I" : "I2T",
4752 s->cbTotalTransfer, s->cbElementaryTransfer,
4753 s->iIOBufferCur, s->iIOBufferEnd));
4754 ataHCPIOTransferStart(s, s->iIOBufferCur, s->cbElementaryTransfer);
4755 s->cbTotalTransfer -= s->cbElementaryTransfer;
4756 s->iIOBufferCur += s->cbElementaryTransfer;
4757
4758 if (s->uTxDir == PDMMEDIATXDIR_FROM_DEVICE && s->cbElementaryTransfer > s->cbTotalTransfer)
4759 s->cbElementaryTransfer = s->cbTotalTransfer;
4760 }
4761 else
4762 ataHCPIOTransferStop(s);
4763}
4764
4765
4766DECLINLINE(void) ataHCPIOTransferFinish(PATACONTROLLER pCtl, ATADevState *s)
4767{
4768 /* Do not interfere with RESET processing if the PIO transfer finishes
4769 * while the RESET line is asserted. */
4770 if (pCtl->fReset)
4771 {
4772 Log2(("%s: Ctl#%d: suppressed continuing PIO transfer as RESET is active\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
4773 return;
4774 }
4775
4776 if ( s->uTxDir == PDMMEDIATXDIR_TO_DEVICE
4777 || ( s->iSourceSink != ATAFN_SS_NULL
4778 && s->iIOBufferCur >= s->iIOBufferEnd))
4779 {
4780 /* Need to continue the transfer in the async I/O thread. This is
4781 * the case for write operations or generally for not yet finished
4782 * transfers (some data might need to be read). */
4783 ataUnsetStatus(s, ATA_STAT_READY | ATA_STAT_DRQ);
4784 ataSetStatus(s, ATA_STAT_BUSY);
4785
4786 Log2(("%s: Ctl#%d: message to async I/O thread, continuing PIO transfer\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
4787 ataHCAsyncIOPutRequest(pCtl, &g_ataPIORequest);
4788 }
4789 else
4790 {
4791 /* Either everything finished (though some data might still be pending)
4792 * or some data is pending before the next read is due. */
4793
4794 /* Continue a previously started transfer. */
4795 ataUnsetStatus(s, ATA_STAT_DRQ);
4796 ataSetStatus(s, ATA_STAT_READY);
4797
4798 if (s->cbTotalTransfer)
4799 {
4800 /* There is more to transfer, happens usually for large ATAPI
4801 * reads - the protocol limits the chunk size to 65534 bytes. */
4802 ataHCPIOTransfer(pCtl);
4803 ataHCSetIRQ(s);
4804 }
4805 else
4806 {
4807 Log2(("%s: Ctl#%d: skipping message to async I/O thread, ending PIO transfer\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
4808 /* Finish PIO transfer. */
4809 ataHCPIOTransfer(pCtl);
4810 Assert(!pCtl->fRedo);
4811 }
4812 }
4813}
4814
4815#endif /* IN_RING0 || IN_RING3 */
4816
4817/**
4818 * Fallback for ataCopyPioData124 that handles unaligned and out of bounds cases.
4819 *
4820 * @param pIf The device interface to work with.
4821 * @param pbDst The destination buffer.
4822 * @param pbSrc The source buffer.
4823 * @param cbCopy The number of bytes to copy, either 1, 2 or 4 bytes.
4824 */
4825DECL_NO_INLINE(static, void) ataCopyPioData124Slow(ATADevState *pIf, uint8_t *pbDst, const uint8_t *pbSrc, uint32_t cbCopy)
4826{
4827 uint32_t const offStart = pIf->iIOBufferPIODataStart;
4828 uint32_t const offNext = offStart + cbCopy;
4829
4830 if (offStart + cbCopy > pIf->cbIOBuffer)
4831 {
4832 Log(("%s: cbCopy=%#x offStart=%#x cbIOBuffer=%#x offNext=%#x (iIOBufferPIODataEnd=%#x)\n",
4833 __FUNCTION__, cbCopy, offStart, pIf->cbIOBuffer, offNext, pIf->iIOBufferPIODataEnd));
4834 if (offStart < pIf->cbIOBuffer)
4835 cbCopy = pIf->cbIOBuffer - offStart;
4836 else
4837 cbCopy = 0;
4838 }
4839
4840 switch (cbCopy)
4841 {
4842 case 4: pbDst[3] = pbSrc[3]; /* fall thru */
4843 case 3: pbDst[2] = pbSrc[2]; /* fall thru */
4844 case 2: pbDst[1] = pbSrc[1]; /* fall thru */
4845 case 1: pbDst[0] = pbSrc[0]; /* fall thru */
4846 case 0: break;
4847 default: AssertFailed(); /* impossible */
4848 }
4849
4850 pIf->iIOBufferPIODataStart = offNext;
4851
4852}
4853
4854
4855/**
4856 * Work for ataDataWrite & ataDataRead that copies data without using memcpy.
4857 *
4858 * This also updates pIf->iIOBufferPIODataStart.
4859 *
4860 * The two buffers are either stack (32-bit aligned) or somewhere within
4861 * pIf->pbIOBuffer.
4862 *
4863 * @param pIf The device interface to work with.
4864 * @param pbDst The destination buffer.
4865 * @param pbSrc The source buffer.
4866 * @param cbCopy The number of bytes to copy, either 1, 2 or 4 bytes.
4867 */
4868DECLINLINE(void) ataCopyPioData124(ATADevState *pIf, uint8_t *pbDst, const uint8_t *pbSrc, uint32_t cbCopy)
4869{
4870 /*
4871 * Quick bounds checking can be done by checking that the pbIOBuffer offset
4872 * (iIOBufferPIODataStart) is aligned at the transfer size (which is ASSUMED
4873 * to be 1, 2 or 4). However, since we're paranoid and don't currently
4874 * trust iIOBufferPIODataEnd to be within bounds, we current check against the
4875 * IO buffer size too.
4876 */
4877 Assert(cbCopy == 1 || cbCopy == 2 || cbCopy == 4);
4878 uint32_t const offStart = pIf->iIOBufferPIODataStart;
4879 if (RT_LIKELY( !(offStart & (cbCopy - 1))
4880 && offStart + cbCopy <= pIf->cbIOBuffer))
4881 {
4882 switch (cbCopy)
4883 {
4884 case 4: *(uint32_t *)pbDst = *(uint32_t const *)pbSrc; break;
4885 case 2: *(uint16_t *)pbDst = *(uint16_t const *)pbSrc; break;
4886 case 1: *pbDst = *pbSrc; break;
4887 }
4888 pIf->iIOBufferPIODataStart = offStart + cbCopy;
4889 }
4890 else
4891 ataCopyPioData124Slow(pIf, pbDst, pbSrc, cbCopy);
4892}
4893
4894
4895/**
4896 * Port I/O Handler for primary port range OUT operations.
4897 * @see FNIOMIOPORTOUT for details.
4898 */
4899PDMBOTHCBDECL(int) ataIOPortWrite1Data(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t u32, unsigned cb)
4900{
4901 uint32_t i = (uint32_t)(uintptr_t)pvUser;
4902 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
4903 PATACONTROLLER pCtl = &pThis->aCts[i];
4904 RT_NOREF1(Port);
4905
4906 Assert(i < 2);
4907 Assert(Port == pCtl->IOPortBase1);
4908 Assert(cb == 2 || cb == 4); /* Writes to the data port may be 16-bit or 32-bit. */
4909
4910 int rc = PDMCritSectEnter(&pCtl->lock, VINF_IOM_R3_IOPORT_WRITE);
4911 if (rc == VINF_SUCCESS)
4912 {
4913 ATADevState *s = &pCtl->aIfs[pCtl->iSelectedIf];
4914
4915 if (s->iIOBufferPIODataStart < s->iIOBufferPIODataEnd)
4916 {
4917 Assert(s->uTxDir == PDMMEDIATXDIR_TO_DEVICE);
4918 uint8_t *pbDst = s->CTX_SUFF(pbIOBuffer) + s->iIOBufferPIODataStart;
4919 uint8_t const *pbSrc = (uint8_t const *)&u32;
4920
4921#ifdef IN_RC
4922 /* Raw-mode: The ataHCPIOTransfer following the last transfer unit
4923 requires I/O thread signalling, we must go to ring-3 for that. */
4924 if (s->iIOBufferPIODataStart + cb < s->iIOBufferPIODataEnd)
4925 ataCopyPioData124(s, pbDst, pbSrc, cb);
4926 else
4927 rc = VINF_IOM_R3_IOPORT_WRITE;
4928
4929#elif defined(IN_RING0)
4930 /* Ring-0: We can do I/O thread signalling here, however for paranoid reasons
4931 triggered by a special case in ataHCPIOTransferFinish, we take extra care here. */
4932 if (s->iIOBufferPIODataStart + cb < s->iIOBufferPIODataEnd)
4933 ataCopyPioData124(s, pbDst, pbSrc, cb);
4934 else if (s->uTxDir == PDMMEDIATXDIR_TO_DEVICE) /* paranoia */
4935 {
4936 ataCopyPioData124(s, pbDst, pbSrc, cb);
4937 ataHCPIOTransferFinish(pCtl, s);
4938 }
4939 else
4940 {
4941 Log(("%s: Unexpected\n",__FUNCTION__));
4942 rc = VINF_IOM_R3_IOPORT_WRITE;
4943 }
4944
4945#else /* IN_RING 3*/
4946 ataCopyPioData124(s, pbDst, pbSrc, cb);
4947 if (s->iIOBufferPIODataStart >= s->iIOBufferPIODataEnd)
4948 ataHCPIOTransferFinish(pCtl, s);
4949#endif /* IN_RING 3*/
4950 }
4951 else
4952 Log2(("%s: DUMMY data\n", __FUNCTION__));
4953
4954 Log3(("%s: addr=%#x val=%.*Rhxs rc=%d\n", __FUNCTION__, Port, cb, &u32, rc));
4955 PDMCritSectLeave(&pCtl->lock);
4956 }
4957 else
4958 Log3(("%s: addr=%#x -> %d\n", __FUNCTION__, Port, rc));
4959 return rc;
4960}
4961
4962
4963/**
4964 * Port I/O Handler for primary port range IN operations.
4965 * @see FNIOMIOPORTIN for details.
4966 */
4967PDMBOTHCBDECL(int) ataIOPortRead1Data(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t *pu32, unsigned cb)
4968{
4969 uint32_t i = (uint32_t)(uintptr_t)pvUser;
4970 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
4971 PATACONTROLLER pCtl = &pThis->aCts[i];
4972 RT_NOREF1(Port);
4973
4974 Assert(i < 2);
4975 Assert(Port == pCtl->IOPortBase1);
4976
4977 /* Reads from the data register may be 16-bit or 32-bit. Byte accesses are
4978 upgraded to word. */
4979 Assert(cb == 1 || cb == 2 || cb == 4);
4980 uint32_t cbActual = cb != 1 ? cb : 2;
4981 *pu32 = 0;
4982
4983 int rc = PDMCritSectEnter(&pCtl->lock, VINF_IOM_R3_IOPORT_READ);
4984 if (rc == VINF_SUCCESS)
4985 {
4986 ATADevState *s = &pCtl->aIfs[pCtl->iSelectedIf];
4987
4988 if (s->iIOBufferPIODataStart < s->iIOBufferPIODataEnd)
4989 {
4990 Assert(s->uTxDir == PDMMEDIATXDIR_FROM_DEVICE);
4991 uint8_t const *pbSrc = s->CTX_SUFF(pbIOBuffer) + s->iIOBufferPIODataStart;
4992 uint8_t *pbDst = (uint8_t *)pu32;
4993
4994#ifdef IN_RC
4995 /* All but the last transfer unit is simple enough for RC, but
4996 * sending a request to the async IO thread is too complicated. */
4997 if (s->iIOBufferPIODataStart + cbActual < s->iIOBufferPIODataEnd)
4998 ataCopyPioData124(s, pbDst, pbSrc, cbActual);
4999 else
5000 rc = VINF_IOM_R3_IOPORT_READ;
5001
5002#elif defined(IN_RING0)
5003 /* Ring-0: We can do I/O thread signalling here. However there is one
5004 case in ataHCPIOTransfer that does a LogRel and would (but not from
5005 here) call directly into the driver code. We detect that odd case
5006 here cand return to ring-3 to handle it. */
5007 if (s->iIOBufferPIODataStart + cbActual < s->iIOBufferPIODataEnd)
5008 ataCopyPioData124(s, pbDst, pbSrc, cbActual);
5009 else if ( s->cbTotalTransfer == 0
5010 || s->iSourceSink != ATAFN_SS_NULL
5011 || s->iIOBufferCur <= s->iIOBufferEnd)
5012 {
5013 ataCopyPioData124(s, pbDst, pbSrc, cbActual);
5014 ataHCPIOTransferFinish(pCtl, s);
5015 }
5016 else
5017 {
5018 Log(("%s: Unexpected\n",__FUNCTION__));
5019 rc = VINF_IOM_R3_IOPORT_READ;
5020 }
5021
5022#else /* IN_RING3 */
5023 ataCopyPioData124(s, pbDst, pbSrc, cbActual);
5024 if (s->iIOBufferPIODataStart >= s->iIOBufferPIODataEnd)
5025 ataHCPIOTransferFinish(pCtl, s);
5026#endif /* IN_RING3 */
5027
5028 /* Just to be on the safe side (caller takes care of this, really). */
5029 if (cb == 1)
5030 *pu32 &= 0xff;
5031 }
5032 else
5033 {
5034 Log2(("%s: DUMMY data\n", __FUNCTION__));
5035 memset(pu32, 0xff, cb);
5036 }
5037 Log3(("%s: addr=%#x val=%.*Rhxs rc=%d\n", __FUNCTION__, Port, cb, pu32, rc));
5038
5039 PDMCritSectLeave(&pCtl->lock);
5040 }
5041 else
5042 Log3(("%s: addr=%#x -> %d\n", __FUNCTION__, Port, rc));
5043
5044 return rc;
5045}
5046
5047
5048/**
5049 * Port I/O Handler for primary port range IN string operations.
5050 * @see FNIOMIOPORTINSTRING for details.
5051 */
5052PDMBOTHCBDECL(int) ataIOPortReadStr1Data(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint8_t *pbDst,
5053 uint32_t *pcTransfers, unsigned cb)
5054{
5055 uint32_t i = (uint32_t)(uintptr_t)pvUser;
5056 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5057 PATACONTROLLER pCtl = &pThis->aCts[i];
5058 RT_NOREF1(Port);
5059
5060 Assert(i < 2);
5061 Assert(Port == pCtl->IOPortBase1);
5062 Assert(*pcTransfers > 0);
5063
5064 int rc;
5065 if (cb == 2 || cb == 4)
5066 {
5067 rc = PDMCritSectEnter(&pCtl->lock, VINF_IOM_R3_IOPORT_READ);
5068 if (rc == VINF_SUCCESS)
5069 {
5070 ATADevState *s = &pCtl->aIfs[pCtl->iSelectedIf];
5071
5072 uint32_t const offStart = s->iIOBufferPIODataStart;
5073 if (offStart < s->iIOBufferPIODataEnd)
5074 {
5075 /*
5076 * Figure how much we can copy. Usually it's the same as the request.
5077 * The last transfer unit cannot be handled in RC, as it involves
5078 * thread communication. In R0 we let the non-string callback handle it,
5079 * and ditto for overflows/dummy data.
5080 */
5081 uint32_t cAvailable = (s->iIOBufferPIODataEnd - offStart) / cb;
5082#ifndef IN_RING3
5083 if (cAvailable > 0)
5084 cAvailable--;
5085#endif
5086 uint32_t const cRequested = *pcTransfers;
5087 if (cAvailable > cRequested)
5088 cAvailable = cRequested;
5089 uint32_t const cbTransfer = cAvailable * cb;
5090 if ( offStart + cbTransfer <= s->cbIOBuffer
5091 && cbTransfer > 0)
5092 {
5093 /*
5094 * Do the transfer.
5095 */
5096 uint8_t const *pbSrc = s->CTX_SUFF(pbIOBuffer) + offStart;
5097 memcpy(pbDst, pbSrc, cbTransfer);
5098 Log3(("%s: addr=%#x cb=%#x cbTransfer=%#x val=%.*Rhxd\n",
5099 __FUNCTION__, Port, cb, cbTransfer, cbTransfer, pbSrc));
5100 s->iIOBufferPIODataStart = offStart + cbTransfer;
5101
5102#ifdef IN_RING3
5103 if (s->iIOBufferPIODataStart >= s->iIOBufferPIODataEnd)
5104 ataHCPIOTransferFinish(pCtl, s);
5105#endif
5106 *pcTransfers = cRequested - cAvailable;
5107 }
5108 else
5109 Log2(("ataIOPortReadStr1Data: DUMMY/Overflow!\n"));
5110 }
5111 else
5112 {
5113 /*
5114 * Dummy read (shouldn't happen) return 0xff like the non-string handler.
5115 */
5116 Log2(("ataIOPortReadStr1Data: DUMMY data (%#x bytes)\n", *pcTransfers * cb));
5117 memset(pbDst, 0xff, *pcTransfers * cb);
5118 *pcTransfers = 0;
5119 }
5120
5121 PDMCritSectLeave(&pCtl->lock);
5122 }
5123 }
5124 /*
5125 * Let the non-string I/O callback handle 1 byte reads.
5126 */
5127 else
5128 {
5129 Log2(("ataIOPortReadStr1Data: 1 byte read (%#x transfers)\n", *pcTransfers));
5130 AssertFailed();
5131 rc = VINF_SUCCESS;
5132 }
5133 return rc;
5134}
5135
5136
5137/**
5138 * Port I/O Handler for primary port range OUT string operations.
5139 * @see FNIOMIOPORTOUTSTRING for details.
5140 */
5141PDMBOTHCBDECL(int) ataIOPortWriteStr1Data(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint8_t const *pbSrc,
5142 uint32_t *pcTransfers, unsigned cb)
5143{
5144 uint32_t i = (uint32_t)(uintptr_t)pvUser;
5145 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5146 PATACONTROLLER pCtl = &pThis->aCts[i];
5147 RT_NOREF1(Port);
5148
5149 Assert(i < 2);
5150 Assert(Port == pCtl->IOPortBase1);
5151 Assert(*pcTransfers > 0);
5152
5153 int rc;
5154 if (cb == 2 || cb == 4)
5155 {
5156 rc = PDMCritSectEnter(&pCtl->lock, VINF_IOM_R3_IOPORT_WRITE);
5157 if (rc == VINF_SUCCESS)
5158 {
5159 ATADevState *s = &pCtl->aIfs[pCtl->iSelectedIf];
5160
5161 uint32_t const offStart = s->iIOBufferPIODataStart;
5162 if (offStart < s->iIOBufferPIODataEnd)
5163 {
5164 /*
5165 * Figure how much we can copy. Usually it's the same as the request.
5166 * The last transfer unit cannot be handled in RC, as it involves
5167 * thread communication. In R0 we let the non-string callback handle it,
5168 * and ditto for overflows/dummy data.
5169 */
5170 uint32_t cAvailable = (s->iIOBufferPIODataEnd - offStart) / cb;
5171#ifndef IN_RING3
5172 if (cAvailable)
5173 cAvailable--;
5174#endif
5175 uint32_t const cRequested = *pcTransfers;
5176 if (cAvailable > cRequested)
5177 cAvailable = cRequested;
5178 uint32_t const cbTransfer = cAvailable * cb;
5179 if ( offStart + cbTransfer <= s->cbIOBuffer
5180 && cbTransfer)
5181 {
5182 /*
5183 * Do the transfer.
5184 */
5185 void *pvDst = s->CTX_SUFF(pbIOBuffer) + offStart;
5186 memcpy(pvDst, pbSrc, cbTransfer);
5187 Log3(("%s: addr=%#x val=%.*Rhxs\n", __FUNCTION__, Port, cbTransfer, pvDst));
5188 s->iIOBufferPIODataStart = offStart + cbTransfer;
5189
5190#ifdef IN_RING3
5191 if (s->iIOBufferPIODataStart >= s->iIOBufferPIODataEnd)
5192 ataHCPIOTransferFinish(pCtl, s);
5193#endif
5194 *pcTransfers = cRequested - cAvailable;
5195 }
5196 else
5197 Log2(("ataIOPortWriteStr1Data: DUMMY/Overflow!\n"));
5198 }
5199 else
5200 {
5201 Log2(("ataIOPortWriteStr1Data: DUMMY data (%#x bytes)\n", *pcTransfers * cb));
5202 *pcTransfers = 0;
5203 }
5204
5205 PDMCritSectLeave(&pCtl->lock);
5206 }
5207 }
5208 /*
5209 * Let the non-string I/O callback handle 1 byte reads.
5210 */
5211 else
5212 {
5213 Log2(("ataIOPortWriteStr1Data: 1 byte write (%#x transfers)\n", *pcTransfers));
5214 AssertFailed();
5215 rc = VINF_SUCCESS;
5216 }
5217
5218 return rc;
5219}
5220
5221
5222#ifdef IN_RING3
5223
5224static void ataR3DMATransferStop(ATADevState *s)
5225{
5226 s->cbTotalTransfer = 0;
5227 s->cbElementaryTransfer = 0;
5228 s->iBeginTransfer = ATAFN_BT_NULL;
5229 s->iSourceSink = ATAFN_SS_NULL;
5230}
5231
5232
5233/**
5234 * Perform the entire DMA transfer in one go (unless a source/sink operation
5235 * has to be redone or a RESET comes in between). Unlike the PIO counterpart
5236 * this function cannot handle empty transfers.
5237 *
5238 * @param pCtl Controller for which to perform the transfer.
5239 */
5240static void ataR3DMATransfer(PATACONTROLLER pCtl)
5241{
5242 PPDMDEVINS pDevIns = CONTROLLER_2_DEVINS(pCtl);
5243 ATADevState *s = &pCtl->aIfs[pCtl->iAIOIf];
5244 bool fRedo;
5245 RTGCPHYS32 pDesc;
5246 uint32_t cbTotalTransfer, cbElementaryTransfer;
5247 uint32_t iIOBufferCur, iIOBufferEnd;
5248 uint32_t dmalen;
5249 PDMMEDIATXDIR uTxDir;
5250 bool fLastDesc = false;
5251
5252 Assert(sizeof(BMDMADesc) == 8);
5253
5254 fRedo = pCtl->fRedo;
5255 if (RT_LIKELY(!fRedo))
5256 Assert(s->cbTotalTransfer);
5257 uTxDir = (PDMMEDIATXDIR)s->uTxDir;
5258 cbTotalTransfer = s->cbTotalTransfer;
5259 cbElementaryTransfer = s->cbElementaryTransfer;
5260 iIOBufferCur = s->iIOBufferCur;
5261 iIOBufferEnd = s->iIOBufferEnd;
5262
5263 /* The DMA loop is designed to hold the lock only when absolutely
5264 * necessary. This avoids long freezes should the guest access the
5265 * ATA registers etc. for some reason. */
5266 PDMCritSectLeave(&pCtl->lock);
5267
5268 Log2(("%s: %s tx_size=%d elem_tx_size=%d index=%d end=%d\n",
5269 __FUNCTION__, uTxDir == PDMMEDIATXDIR_FROM_DEVICE ? "T2I" : "I2T",
5270 cbTotalTransfer, cbElementaryTransfer,
5271 iIOBufferCur, iIOBufferEnd));
5272 for (pDesc = pCtl->pFirstDMADesc; pDesc <= pCtl->pLastDMADesc; pDesc += sizeof(BMDMADesc))
5273 {
5274 BMDMADesc DMADesc;
5275 RTGCPHYS32 pBuffer;
5276 uint32_t cbBuffer;
5277
5278 if (RT_UNLIKELY(fRedo))
5279 {
5280 pBuffer = pCtl->pRedoDMABuffer;
5281 cbBuffer = pCtl->cbRedoDMABuffer;
5282 fLastDesc = pCtl->fRedoDMALastDesc;
5283 DMADesc.pBuffer = DMADesc.cbBuffer = 0; /* Shut up MSC. */
5284 }
5285 else
5286 {
5287 PDMDevHlpPhysRead(pDevIns, pDesc, &DMADesc, sizeof(BMDMADesc));
5288 pBuffer = RT_LE2H_U32(DMADesc.pBuffer);
5289 cbBuffer = RT_LE2H_U32(DMADesc.cbBuffer);
5290 fLastDesc = !!(cbBuffer & 0x80000000);
5291 cbBuffer &= 0xfffe;
5292 if (cbBuffer == 0)
5293 cbBuffer = 0x10000;
5294 if (cbBuffer > cbTotalTransfer)
5295 cbBuffer = cbTotalTransfer;
5296 }
5297
5298 while (RT_UNLIKELY(fRedo) || (cbBuffer && cbTotalTransfer))
5299 {
5300 if (RT_LIKELY(!fRedo))
5301 {
5302 dmalen = RT_MIN(cbBuffer, iIOBufferEnd - iIOBufferCur);
5303 Log2(("%s: DMA desc %#010x: addr=%#010x size=%#010x orig_size=%#010x\n", __FUNCTION__,
5304 (int)pDesc, pBuffer, cbBuffer, RT_LE2H_U32(DMADesc.cbBuffer) & 0xfffe));
5305
5306 if (uTxDir == PDMMEDIATXDIR_FROM_DEVICE)
5307 PDMDevHlpPCIPhysWrite(pDevIns, pBuffer, s->CTX_SUFF(pbIOBuffer) + iIOBufferCur, dmalen);
5308 else
5309 PDMDevHlpPCIPhysRead(pDevIns, pBuffer, s->CTX_SUFF(pbIOBuffer) + iIOBufferCur, dmalen);
5310
5311 iIOBufferCur += dmalen;
5312 cbTotalTransfer -= dmalen;
5313 cbBuffer -= dmalen;
5314 pBuffer += dmalen;
5315 }
5316 if ( iIOBufferCur == iIOBufferEnd
5317 && (uTxDir == PDMMEDIATXDIR_TO_DEVICE || cbTotalTransfer))
5318 {
5319 if (uTxDir == PDMMEDIATXDIR_FROM_DEVICE && cbElementaryTransfer > cbTotalTransfer)
5320 cbElementaryTransfer = cbTotalTransfer;
5321
5322 {
5323 STAM_PROFILE_START(&pCtl->StatLockWait, a);
5324 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
5325 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
5326 }
5327
5328 /* The RESET handler could have cleared the DMA transfer
5329 * state (since we didn't hold the lock until just now
5330 * the guest can continue in parallel). If so, the state
5331 * is already set up so the loop is exited immediately. */
5332 if (s->iSourceSink != ATAFN_SS_NULL)
5333 {
5334 s->iIOBufferCur = iIOBufferCur;
5335 s->iIOBufferEnd = iIOBufferEnd;
5336 s->cbElementaryTransfer = cbElementaryTransfer;
5337 s->cbTotalTransfer = cbTotalTransfer;
5338 Log2(("%s: calling source/sink function\n", __FUNCTION__));
5339 fRedo = g_apfnSourceSinkFuncs[s->iSourceSink](s);
5340 if (RT_UNLIKELY(fRedo))
5341 {
5342 pCtl->pFirstDMADesc = pDesc;
5343 pCtl->pRedoDMABuffer = pBuffer;
5344 pCtl->cbRedoDMABuffer = cbBuffer;
5345 pCtl->fRedoDMALastDesc = fLastDesc;
5346 }
5347 else
5348 {
5349 cbTotalTransfer = s->cbTotalTransfer;
5350 cbElementaryTransfer = s->cbElementaryTransfer;
5351
5352 if (uTxDir == PDMMEDIATXDIR_TO_DEVICE && cbElementaryTransfer > cbTotalTransfer)
5353 cbElementaryTransfer = cbTotalTransfer;
5354 iIOBufferCur = 0;
5355 iIOBufferEnd = cbElementaryTransfer;
5356 }
5357 pCtl->fRedo = fRedo;
5358 }
5359 else
5360 {
5361 /* This forces the loop to exit immediately. */
5362 pDesc = pCtl->pLastDMADesc + 1;
5363 }
5364
5365 PDMCritSectLeave(&pCtl->lock);
5366 if (RT_UNLIKELY(fRedo))
5367 break;
5368 }
5369 }
5370
5371 if (RT_UNLIKELY(fRedo))
5372 break;
5373
5374 /* end of transfer */
5375 if (!cbTotalTransfer || fLastDesc)
5376 break;
5377
5378 {
5379 STAM_PROFILE_START(&pCtl->StatLockWait, a);
5380 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
5381 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
5382 }
5383
5384 if (!(pCtl->BmDma.u8Cmd & BM_CMD_START) || pCtl->fReset)
5385 {
5386 LogRel(("PIIX3 ATA: Ctl#%d: ABORT DMA%s\n", ATACONTROLLER_IDX(pCtl), pCtl->fReset ? " due to RESET" : ""));
5387 if (!pCtl->fReset)
5388 ataR3DMATransferStop(s);
5389 /* This forces the loop to exit immediately. */
5390 pDesc = pCtl->pLastDMADesc + 1;
5391 }
5392
5393 PDMCritSectLeave(&pCtl->lock);
5394 }
5395
5396 {
5397 STAM_PROFILE_START(&pCtl->StatLockWait, a);
5398 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
5399 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
5400 }
5401
5402 if (RT_UNLIKELY(fRedo))
5403 return;
5404
5405 if (fLastDesc)
5406 pCtl->BmDma.u8Status &= ~BM_STATUS_DMAING;
5407 s->cbTotalTransfer = cbTotalTransfer;
5408 s->cbElementaryTransfer = cbElementaryTransfer;
5409 s->iIOBufferCur = iIOBufferCur;
5410 s->iIOBufferEnd = iIOBufferEnd;
5411}
5412
5413/**
5414 * Signal PDM that we're idle (if we actually are).
5415 *
5416 * @param pCtl The controller.
5417 */
5418static void ataR3AsyncSignalIdle(PATACONTROLLER pCtl)
5419{
5420 /*
5421 * Take the lock here and recheck the idle indicator to avoid
5422 * unnecessary work and racing ataR3WaitForAsyncIOIsIdle.
5423 */
5424 int rc = PDMCritSectEnter(&pCtl->AsyncIORequestLock, VINF_SUCCESS);
5425 AssertRC(rc);
5426
5427 if ( pCtl->fSignalIdle
5428 && ataR3AsyncIOIsIdle(pCtl, false /*fStrict*/))
5429 {
5430 PDMDevHlpAsyncNotificationCompleted(pCtl->pDevInsR3);
5431 RTThreadUserSignal(pCtl->AsyncIOThread); /* for ataR3Construct/ataR3ResetCommon. */
5432 }
5433
5434 rc = PDMCritSectLeave(&pCtl->AsyncIORequestLock);
5435 AssertRC(rc);
5436}
5437
5438/**
5439 * Async I/O thread for an interface.
5440 *
5441 * Once upon a time this was readable code with several loops and a different
5442 * semaphore for each purpose. But then came the "how can one save the state in
5443 * the middle of a PIO transfer" question. The solution was to use an ASM,
5444 * which is what's there now.
5445 */
5446static DECLCALLBACK(int) ataR3AsyncIOThread(RTTHREAD hThreadSelf, void *pvUser)
5447{
5448 RT_NOREF1(hThreadSelf);
5449 const ATARequest *pReq;
5450 uint64_t u64TS = 0; /* shut up gcc */
5451 uint64_t uWait;
5452 int rc = VINF_SUCCESS;
5453 PATACONTROLLER pCtl = (PATACONTROLLER)pvUser;
5454 ATADevState *s;
5455
5456 pReq = NULL;
5457 pCtl->fChainedTransfer = false;
5458 while (!pCtl->fShutdown)
5459 {
5460 /* Keep this thread from doing anything as long as EMT is suspended. */
5461 while (pCtl->fRedoIdle)
5462 {
5463 if (pCtl->fSignalIdle)
5464 ataR3AsyncSignalIdle(pCtl);
5465 rc = RTSemEventWait(pCtl->SuspendIOSem, RT_INDEFINITE_WAIT);
5466 /* Continue if we got a signal by RTThreadPoke().
5467 * We will get notified if there is a request to process.
5468 */
5469 if (RT_UNLIKELY(rc == VERR_INTERRUPTED))
5470 continue;
5471 if (RT_FAILURE(rc) || pCtl->fShutdown)
5472 break;
5473
5474 pCtl->fRedoIdle = false;
5475 }
5476
5477 /* Wait for work. */
5478 while (pReq == NULL)
5479 {
5480 if (pCtl->fSignalIdle)
5481 ataR3AsyncSignalIdle(pCtl);
5482 rc = SUPSemEventWaitNoResume(pCtl->pSupDrvSession, pCtl->hAsyncIOSem, RT_INDEFINITE_WAIT);
5483 /* Continue if we got a signal by RTThreadPoke().
5484 * We will get notified if there is a request to process.
5485 */
5486 if (RT_UNLIKELY(rc == VERR_INTERRUPTED))
5487 continue;
5488 if (RT_FAILURE(rc) || RT_UNLIKELY(pCtl->fShutdown))
5489 break;
5490
5491 pReq = ataR3AsyncIOGetCurrentRequest(pCtl);
5492 }
5493
5494 if (RT_FAILURE(rc) || pCtl->fShutdown)
5495 break;
5496
5497 if (pReq == NULL)
5498 continue;
5499
5500 ATAAIO ReqType = pReq->ReqType;
5501
5502 Log2(("%s: Ctl#%d: state=%d, req=%d\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl), pCtl->uAsyncIOState, ReqType));
5503 if (pCtl->uAsyncIOState != ReqType)
5504 {
5505 /* The new state is not the state that was expected by the normal
5506 * state changes. This is either a RESET/ABORT or there's something
5507 * really strange going on. */
5508 if ( (pCtl->uAsyncIOState == ATA_AIO_PIO || pCtl->uAsyncIOState == ATA_AIO_DMA)
5509 && (ReqType == ATA_AIO_PIO || ReqType == ATA_AIO_DMA))
5510 {
5511 /* Incorrect sequence of PIO/DMA states. Dump request queue. */
5512 ataR3AsyncIODumpRequests(pCtl);
5513 }
5514 AssertReleaseMsg(ReqType == ATA_AIO_RESET_ASSERTED || ReqType == ATA_AIO_RESET_CLEARED || ReqType == ATA_AIO_ABORT || pCtl->uAsyncIOState == ReqType, ("I/O state inconsistent: state=%d request=%d\n", pCtl->uAsyncIOState, ReqType));
5515 }
5516
5517 /* Do our work. */
5518 {
5519 STAM_PROFILE_START(&pCtl->StatLockWait, a);
5520 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
5521 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
5522 }
5523
5524 if (pCtl->uAsyncIOState == ATA_AIO_NEW && !pCtl->fChainedTransfer)
5525 {
5526 u64TS = RTTimeNanoTS();
5527#if defined(DEBUG) || defined(VBOX_WITH_STATISTICS)
5528 STAM_PROFILE_ADV_START(&pCtl->StatAsyncTime, a);
5529#endif
5530 }
5531
5532 switch (ReqType)
5533 {
5534 case ATA_AIO_NEW:
5535
5536 pCtl->iAIOIf = pReq->u.t.iIf;
5537 s = &pCtl->aIfs[pCtl->iAIOIf];
5538 s->cbTotalTransfer = pReq->u.t.cbTotalTransfer;
5539 s->uTxDir = pReq->u.t.uTxDir;
5540 s->iBeginTransfer = pReq->u.t.iBeginTransfer;
5541 s->iSourceSink = pReq->u.t.iSourceSink;
5542 s->iIOBufferEnd = 0;
5543 s->u64CmdTS = u64TS;
5544
5545 if (s->fATAPI)
5546 {
5547 if (pCtl->fChainedTransfer)
5548 {
5549 /* Only count the actual transfers, not the PIO
5550 * transfer of the ATAPI command bytes. */
5551 if (s->fDMA)
5552 STAM_REL_COUNTER_INC(&s->StatATAPIDMA);
5553 else
5554 STAM_REL_COUNTER_INC(&s->StatATAPIPIO);
5555 }
5556 }
5557 else
5558 {
5559 if (s->fDMA)
5560 STAM_REL_COUNTER_INC(&s->StatATADMA);
5561 else
5562 STAM_REL_COUNTER_INC(&s->StatATAPIO);
5563 }
5564
5565 pCtl->fChainedTransfer = false;
5566
5567 if (s->iBeginTransfer != ATAFN_BT_NULL)
5568 {
5569 Log2(("%s: Ctl#%d: calling begin transfer function\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
5570 g_apfnBeginTransFuncs[s->iBeginTransfer](s);
5571 s->iBeginTransfer = ATAFN_BT_NULL;
5572 if (s->uTxDir != PDMMEDIATXDIR_FROM_DEVICE)
5573 s->iIOBufferEnd = s->cbElementaryTransfer;
5574 }
5575 else
5576 {
5577 s->cbElementaryTransfer = s->cbTotalTransfer;
5578 s->iIOBufferEnd = s->cbTotalTransfer;
5579 }
5580 s->iIOBufferCur = 0;
5581
5582 if (s->uTxDir != PDMMEDIATXDIR_TO_DEVICE)
5583 {
5584 if (s->iSourceSink != ATAFN_SS_NULL)
5585 {
5586 bool fRedo;
5587 Log2(("%s: Ctl#%d: calling source/sink function\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
5588 fRedo = g_apfnSourceSinkFuncs[s->iSourceSink](s);
5589 pCtl->fRedo = fRedo;
5590 if (RT_UNLIKELY(fRedo && !pCtl->fReset))
5591 {
5592 /* Operation failed at the initial transfer, restart
5593 * everything from scratch by resending the current
5594 * request. Occurs very rarely, not worth optimizing. */
5595 LogRel(("%s: Ctl#%d: redo entire operation\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
5596 ataHCAsyncIOPutRequest(pCtl, pReq);
5597 break;
5598 }
5599 }
5600 else
5601 ataR3CmdOK(s, 0);
5602 s->iIOBufferEnd = s->cbElementaryTransfer;
5603
5604 }
5605
5606 /* Do not go into the transfer phase if RESET is asserted.
5607 * The CritSect is released while waiting for the host OS
5608 * to finish the I/O, thus RESET is possible here. Most
5609 * important: do not change uAsyncIOState. */
5610 if (pCtl->fReset)
5611 break;
5612
5613 if (s->fDMA)
5614 {
5615 if (s->cbTotalTransfer)
5616 {
5617 ataSetStatus(s, ATA_STAT_DRQ);
5618
5619 pCtl->uAsyncIOState = ATA_AIO_DMA;
5620 /* If BMDMA is already started, do the transfer now. */
5621 if (pCtl->BmDma.u8Cmd & BM_CMD_START)
5622 {
5623 Log2(("%s: Ctl#%d: message to async I/O thread, continuing DMA transfer immediately\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
5624 ataHCAsyncIOPutRequest(pCtl, &g_ataDMARequest);
5625 }
5626 }
5627 else
5628 {
5629 Assert(s->uTxDir == PDMMEDIATXDIR_NONE); /* Any transfer which has an initial transfer size of 0 must be marked as such. */
5630 /* Finish DMA transfer. */
5631 ataR3DMATransferStop(s);
5632 ataHCSetIRQ(s);
5633 pCtl->uAsyncIOState = ATA_AIO_NEW;
5634 }
5635 }
5636 else
5637 {
5638 if (s->cbTotalTransfer)
5639 {
5640 ataHCPIOTransfer(pCtl);
5641 Assert(!pCtl->fRedo);
5642 if (s->fATAPITransfer || s->uTxDir != PDMMEDIATXDIR_TO_DEVICE)
5643 ataHCSetIRQ(s);
5644
5645 if (s->uTxDir == PDMMEDIATXDIR_TO_DEVICE || s->iSourceSink != ATAFN_SS_NULL)
5646 {
5647 /* Write operations and not yet finished transfers
5648 * must be completed in the async I/O thread. */
5649 pCtl->uAsyncIOState = ATA_AIO_PIO;
5650 }
5651 else
5652 {
5653 /* Finished read operation can be handled inline
5654 * in the end of PIO transfer handling code. Linux
5655 * depends on this, as it waits only briefly for
5656 * devices to become ready after incoming data
5657 * transfer. Cannot find anything in the ATA spec
5658 * that backs this assumption, but as all kernels
5659 * are affected (though most of the time it does
5660 * not cause any harm) this must work. */
5661 pCtl->uAsyncIOState = ATA_AIO_NEW;
5662 }
5663 }
5664 else
5665 {
5666 Assert(s->uTxDir == PDMMEDIATXDIR_NONE); /* Any transfer which has an initial transfer size of 0 must be marked as such. */
5667 /* Finish PIO transfer. */
5668 ataHCPIOTransfer(pCtl);
5669 Assert(!pCtl->fRedo);
5670 if (!s->fATAPITransfer)
5671 ataHCSetIRQ(s);
5672 pCtl->uAsyncIOState = ATA_AIO_NEW;
5673 }
5674 }
5675 break;
5676
5677 case ATA_AIO_DMA:
5678 {
5679 BMDMAState *bm = &pCtl->BmDma;
5680 s = &pCtl->aIfs[pCtl->iAIOIf]; /* Do not remove or there's an instant crash after loading the saved state */
5681 ATAFNSS iOriginalSourceSink = (ATAFNSS)s->iSourceSink; /* Used by the hack below, but gets reset by then. */
5682
5683 if (s->uTxDir == PDMMEDIATXDIR_FROM_DEVICE)
5684 AssertRelease(bm->u8Cmd & BM_CMD_WRITE);
5685 else
5686 AssertRelease(!(bm->u8Cmd & BM_CMD_WRITE));
5687
5688 if (RT_LIKELY(!pCtl->fRedo))
5689 {
5690 /* The specs say that the descriptor table must not cross a
5691 * 4K boundary. */
5692 pCtl->pFirstDMADesc = bm->pvAddr;
5693 pCtl->pLastDMADesc = RT_ALIGN_32(bm->pvAddr + 1, _4K) - sizeof(BMDMADesc);
5694 }
5695 ataR3DMATransfer(pCtl);
5696
5697 if (RT_UNLIKELY(pCtl->fRedo && !pCtl->fReset))
5698 {
5699 LogRel(("PIIX3 ATA: Ctl#%d: redo DMA operation\n", ATACONTROLLER_IDX(pCtl)));
5700 ataHCAsyncIOPutRequest(pCtl, &g_ataDMARequest);
5701 break;
5702 }
5703
5704 /* The infamous delay IRQ hack. */
5705 if ( iOriginalSourceSink == ATAFN_SS_WRITE_SECTORS
5706 && s->cbTotalTransfer == 0
5707 && pCtl->DelayIRQMillies)
5708 {
5709 /* Delay IRQ for writing. Required to get the Win2K
5710 * installation work reliably (otherwise it crashes,
5711 * usually during component install). So far no better
5712 * solution has been found. */
5713 Log(("%s: delay IRQ hack\n", __FUNCTION__));
5714 PDMCritSectLeave(&pCtl->lock);
5715 RTThreadSleep(pCtl->DelayIRQMillies);
5716 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
5717 }
5718
5719 ataUnsetStatus(s, ATA_STAT_DRQ);
5720 Assert(!pCtl->fChainedTransfer);
5721 Assert(s->iSourceSink == ATAFN_SS_NULL);
5722 if (s->fATAPITransfer)
5723 {
5724 s->uATARegNSector = (s->uATARegNSector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
5725 Log2(("%s: Ctl#%d: interrupt reason %#04x\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl), s->uATARegNSector));
5726 s->fATAPITransfer = false;
5727 }
5728 ataHCSetIRQ(s);
5729 pCtl->uAsyncIOState = ATA_AIO_NEW;
5730 break;
5731 }
5732
5733 case ATA_AIO_PIO:
5734 s = &pCtl->aIfs[pCtl->iAIOIf]; /* Do not remove or there's an instant crash after loading the saved state */
5735
5736 if (s->iSourceSink != ATAFN_SS_NULL)
5737 {
5738 bool fRedo;
5739 Log2(("%s: Ctl#%d: calling source/sink function\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
5740 fRedo = g_apfnSourceSinkFuncs[s->iSourceSink](s);
5741 pCtl->fRedo = fRedo;
5742 if (RT_UNLIKELY(fRedo && !pCtl->fReset))
5743 {
5744 LogRel(("PIIX3 ATA: Ctl#%d: redo PIO operation\n", ATACONTROLLER_IDX(pCtl)));
5745 ataHCAsyncIOPutRequest(pCtl, &g_ataPIORequest);
5746 break;
5747 }
5748 s->iIOBufferCur = 0;
5749 s->iIOBufferEnd = s->cbElementaryTransfer;
5750 }
5751 else
5752 {
5753 /* Continue a previously started transfer. */
5754 ataUnsetStatus(s, ATA_STAT_BUSY);
5755 ataSetStatus(s, ATA_STAT_READY);
5756 }
5757
5758 /* It is possible that the drives on this controller get RESET
5759 * during the above call to the source/sink function. If that's
5760 * the case, don't restart the transfer and don't finish it the
5761 * usual way. RESET handling took care of all that already.
5762 * Most important: do not change uAsyncIOState. */
5763 if (pCtl->fReset)
5764 break;
5765
5766 if (s->cbTotalTransfer)
5767 {
5768 ataHCPIOTransfer(pCtl);
5769 ataHCSetIRQ(s);
5770
5771 if (s->uTxDir == PDMMEDIATXDIR_TO_DEVICE || s->iSourceSink != ATAFN_SS_NULL)
5772 {
5773 /* Write operations and not yet finished transfers
5774 * must be completed in the async I/O thread. */
5775 pCtl->uAsyncIOState = ATA_AIO_PIO;
5776 }
5777 else
5778 {
5779 /* Finished read operation can be handled inline
5780 * in the end of PIO transfer handling code. Linux
5781 * depends on this, as it waits only briefly for
5782 * devices to become ready after incoming data
5783 * transfer. Cannot find anything in the ATA spec
5784 * that backs this assumption, but as all kernels
5785 * are affected (though most of the time it does
5786 * not cause any harm) this must work. */
5787 pCtl->uAsyncIOState = ATA_AIO_NEW;
5788 }
5789 }
5790 else
5791 {
5792 /* Finish PIO transfer. */
5793 ataHCPIOTransfer(pCtl);
5794 if ( !pCtl->fChainedTransfer
5795 && !s->fATAPITransfer
5796 && s->uTxDir != PDMMEDIATXDIR_FROM_DEVICE)
5797 {
5798 ataHCSetIRQ(s);
5799 }
5800 pCtl->uAsyncIOState = ATA_AIO_NEW;
5801 }
5802 break;
5803
5804 case ATA_AIO_RESET_ASSERTED:
5805 pCtl->uAsyncIOState = ATA_AIO_RESET_CLEARED;
5806 ataHCPIOTransferStop(&pCtl->aIfs[0]);
5807 ataHCPIOTransferStop(&pCtl->aIfs[1]);
5808 /* Do not change the DMA registers, they are not affected by the
5809 * ATA controller reset logic. It should be sufficient to issue a
5810 * new command, which is now possible as the state is cleared. */
5811 break;
5812
5813 case ATA_AIO_RESET_CLEARED:
5814 pCtl->uAsyncIOState = ATA_AIO_NEW;
5815 pCtl->fReset = false;
5816 /* Ensure that half-completed transfers are not redone. A reset
5817 * cancels the entire transfer, so continuing is wrong. */
5818 pCtl->fRedo = false;
5819 pCtl->fRedoDMALastDesc = false;
5820 LogRel(("PIIX3 ATA: Ctl#%d: finished processing RESET\n",
5821 ATACONTROLLER_IDX(pCtl)));
5822 for (uint32_t i = 0; i < RT_ELEMENTS(pCtl->aIfs); i++)
5823 {
5824 if (pCtl->aIfs[i].fATAPI)
5825 ataSetStatusValue(&pCtl->aIfs[i], 0); /* NOTE: READY is _not_ set */
5826 else
5827 ataSetStatusValue(&pCtl->aIfs[i], ATA_STAT_READY | ATA_STAT_SEEK);
5828 ataR3SetSignature(&pCtl->aIfs[i]);
5829 }
5830 break;
5831
5832 case ATA_AIO_ABORT:
5833 /* Abort the current command no matter what. There cannot be
5834 * any command activity on the other drive otherwise using
5835 * one thread per controller wouldn't work at all. */
5836 s = &pCtl->aIfs[pReq->u.a.iIf];
5837
5838 pCtl->uAsyncIOState = ATA_AIO_NEW;
5839 /* Do not change the DMA registers, they are not affected by the
5840 * ATA controller reset logic. It should be sufficient to issue a
5841 * new command, which is now possible as the state is cleared. */
5842 if (pReq->u.a.fResetDrive)
5843 {
5844 ataR3ResetDevice(s);
5845 ataR3ExecuteDeviceDiagnosticSS(s);
5846 }
5847 else
5848 {
5849 /* Stop any pending DMA transfer. */
5850 s->fDMA = false;
5851 ataHCPIOTransferStop(s);
5852 ataUnsetStatus(s, ATA_STAT_BUSY | ATA_STAT_DRQ | ATA_STAT_SEEK | ATA_STAT_ERR);
5853 ataSetStatus(s, ATA_STAT_READY);
5854 ataHCSetIRQ(s);
5855 }
5856 break;
5857
5858 default:
5859 AssertMsgFailed(("Undefined async I/O state %d\n", pCtl->uAsyncIOState));
5860 }
5861
5862 ataR3AsyncIORemoveCurrentRequest(pCtl, ReqType);
5863 pReq = ataR3AsyncIOGetCurrentRequest(pCtl);
5864
5865 if (pCtl->uAsyncIOState == ATA_AIO_NEW && !pCtl->fChainedTransfer)
5866 {
5867# if defined(DEBUG) || defined(VBOX_WITH_STATISTICS)
5868 STAM_PROFILE_ADV_STOP(&pCtl->StatAsyncTime, a);
5869# endif
5870
5871 u64TS = RTTimeNanoTS() - u64TS;
5872 uWait = u64TS / 1000;
5873 Log(("%s: Ctl#%d: LUN#%d finished I/O transaction in %d microseconds\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl), pCtl->aIfs[pCtl->iAIOIf].iLUN, (uint32_t)(uWait)));
5874 /* Mark command as finished. */
5875 pCtl->aIfs[pCtl->iAIOIf].u64CmdTS = 0;
5876
5877 /*
5878 * Release logging of command execution times depends on the
5879 * command type. ATAPI commands often take longer (due to CD/DVD
5880 * spin up time etc.) so the threshold is different.
5881 */
5882 if (pCtl->aIfs[pCtl->iAIOIf].uATARegCommand != ATA_PACKET)
5883 {
5884 if (uWait > 8 * 1000 * 1000)
5885 {
5886 /*
5887 * Command took longer than 8 seconds. This is close
5888 * enough or over the guest's command timeout, so place
5889 * an entry in the release log to allow tracking such
5890 * timing errors (which are often caused by the host).
5891 */
5892 LogRel(("PIIX3 ATA: execution time for ATA command %#04x was %d seconds\n", pCtl->aIfs[pCtl->iAIOIf].uATARegCommand, uWait / (1000 * 1000)));
5893 }
5894 }
5895 else
5896 {
5897 if (uWait > 20 * 1000 * 1000)
5898 {
5899 /*
5900 * Command took longer than 20 seconds. This is close
5901 * enough or over the guest's command timeout, so place
5902 * an entry in the release log to allow tracking such
5903 * timing errors (which are often caused by the host).
5904 */
5905 LogRel(("PIIX3 ATA: execution time for ATAPI command %#04x was %d seconds\n", pCtl->aIfs[pCtl->iAIOIf].aATAPICmd[0], uWait / (1000 * 1000)));
5906 }
5907 }
5908
5909# if defined(DEBUG) || defined(VBOX_WITH_STATISTICS)
5910 if (uWait < pCtl->StatAsyncMinWait || !pCtl->StatAsyncMinWait)
5911 pCtl->StatAsyncMinWait = uWait;
5912 if (uWait > pCtl->StatAsyncMaxWait)
5913 pCtl->StatAsyncMaxWait = uWait;
5914
5915 STAM_COUNTER_ADD(&pCtl->StatAsyncTimeUS, uWait);
5916 STAM_COUNTER_INC(&pCtl->StatAsyncOps);
5917# endif /* DEBUG || VBOX_WITH_STATISTICS */
5918 }
5919
5920 PDMCritSectLeave(&pCtl->lock);
5921 }
5922
5923 /* Signal the ultimate idleness. */
5924 RTThreadUserSignal(pCtl->AsyncIOThread);
5925 if (pCtl->fSignalIdle)
5926 PDMDevHlpAsyncNotificationCompleted(pCtl->pDevInsR3);
5927
5928 /* Cleanup the state. */
5929 /* Do not destroy request lock yet, still needed for proper shutdown. */
5930 pCtl->fShutdown = false;
5931
5932 Log2(("%s: Ctl#%d: return %Rrc\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl), rc));
5933 return rc;
5934}
5935
5936#endif /* IN_RING3 */
5937
5938static uint32_t ataBMDMACmdReadB(PATACONTROLLER pCtl, uint32_t addr)
5939{
5940 uint32_t val = pCtl->BmDma.u8Cmd;
5941 RT_NOREF1(addr);
5942 Log2(("%s: addr=%#06x val=%#04x\n", __FUNCTION__, addr, val));
5943 return val;
5944}
5945
5946
5947static void ataBMDMACmdWriteB(PATACONTROLLER pCtl, uint32_t addr, uint32_t val)
5948{
5949 RT_NOREF1(addr);
5950 Log2(("%s: addr=%#06x val=%#04x\n", __FUNCTION__, addr, val));
5951 if (!(val & BM_CMD_START))
5952 {
5953 pCtl->BmDma.u8Status &= ~BM_STATUS_DMAING;
5954 pCtl->BmDma.u8Cmd = val & (BM_CMD_START | BM_CMD_WRITE);
5955 }
5956 else
5957 {
5958#ifndef IN_RC
5959 /* Check whether the guest OS wants to change DMA direction in
5960 * mid-flight. Not allowed, according to the PIIX3 specs. */
5961 Assert(!(pCtl->BmDma.u8Status & BM_STATUS_DMAING) || !((val ^ pCtl->BmDma.u8Cmd) & 0x04));
5962 uint8_t uOldBmDmaStatus = pCtl->BmDma.u8Status;
5963 pCtl->BmDma.u8Status |= BM_STATUS_DMAING;
5964 pCtl->BmDma.u8Cmd = val & (BM_CMD_START | BM_CMD_WRITE);
5965
5966 /* Do not continue DMA transfers while the RESET line is asserted. */
5967 if (pCtl->fReset)
5968 {
5969 Log2(("%s: Ctl#%d: suppressed continuing DMA transfer as RESET is active\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
5970 return;
5971 }
5972
5973 /* Do not start DMA transfers if there's a PIO transfer going on,
5974 * or if there is already a transfer started on this controller. */
5975 if ( !pCtl->aIfs[pCtl->iSelectedIf].fDMA
5976 || (uOldBmDmaStatus & BM_STATUS_DMAING))
5977 return;
5978
5979 if (pCtl->aIfs[pCtl->iAIOIf].uATARegStatus & ATA_STAT_DRQ)
5980 {
5981 Log2(("%s: Ctl#%d: message to async I/O thread, continuing DMA transfer\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
5982 ataHCAsyncIOPutRequest(pCtl, &g_ataDMARequest);
5983 }
5984#else /* !IN_RING3 */
5985 AssertMsgFailed(("DMA START handling is too complicated for RC\n"));
5986#endif /* IN_RING3 */
5987 }
5988}
5989
5990static uint32_t ataBMDMAStatusReadB(PATACONTROLLER pCtl, uint32_t addr)
5991{
5992 uint32_t val = pCtl->BmDma.u8Status;
5993 RT_NOREF1(addr);
5994 Log2(("%s: addr=%#06x val=%#04x\n", __FUNCTION__, addr, val));
5995 return val;
5996}
5997
5998static void ataBMDMAStatusWriteB(PATACONTROLLER pCtl, uint32_t addr, uint32_t val)
5999{
6000 RT_NOREF1(addr);
6001 Log2(("%s: addr=%#06x val=%#04x\n", __FUNCTION__, addr, val));
6002 pCtl->BmDma.u8Status = (val & (BM_STATUS_D0DMA | BM_STATUS_D1DMA))
6003 | (pCtl->BmDma.u8Status & BM_STATUS_DMAING)
6004 | (pCtl->BmDma.u8Status & ~val & (BM_STATUS_ERROR | BM_STATUS_INT));
6005}
6006
6007static uint32_t ataBMDMAAddrReadL(PATACONTROLLER pCtl, uint32_t addr)
6008{
6009 uint32_t val = (uint32_t)pCtl->BmDma.pvAddr;
6010 RT_NOREF1(addr);
6011 Log2(("%s: addr=%#06x val=%#010x\n", __FUNCTION__, addr, val));
6012 return val;
6013}
6014
6015static void ataBMDMAAddrWriteL(PATACONTROLLER pCtl, uint32_t addr, uint32_t val)
6016{
6017 RT_NOREF1(addr);
6018 Log2(("%s: addr=%#06x val=%#010x\n", __FUNCTION__, addr, val));
6019 pCtl->BmDma.pvAddr = val & ~3;
6020}
6021
6022static void ataBMDMAAddrWriteLowWord(PATACONTROLLER pCtl, uint32_t addr, uint32_t val)
6023{
6024 RT_NOREF1(addr);
6025 Log2(("%s: addr=%#06x val=%#010x\n", __FUNCTION__, addr, val));
6026 pCtl->BmDma.pvAddr = (pCtl->BmDma.pvAddr & 0xFFFF0000) | RT_LOWORD(val & ~3);
6027
6028}
6029
6030static void ataBMDMAAddrWriteHighWord(PATACONTROLLER pCtl, uint32_t addr, uint32_t val)
6031{
6032 Log2(("%s: addr=%#06x val=%#010x\n", __FUNCTION__, addr, val));
6033 RT_NOREF1(addr);
6034 pCtl->BmDma.pvAddr = (RT_LOWORD(val) << 16) | RT_LOWORD(pCtl->BmDma.pvAddr);
6035}
6036
6037#define VAL(port, size) ( ((port) & 7) | ((size) << 3) )
6038
6039/**
6040 * Port I/O Handler for bus master DMA IN operations.
6041 * @see FNIOMIOPORTIN for details.
6042 */
6043PDMBOTHCBDECL(int) ataBMDMAIOPortRead(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t *pu32, unsigned cb)
6044{
6045 uint32_t i = (uint32_t)(uintptr_t)pvUser;
6046 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
6047 PATACONTROLLER pCtl = &pThis->aCts[i];
6048
6049 int rc = PDMCritSectEnter(&pCtl->lock, VINF_IOM_R3_IOPORT_READ);
6050 if (rc != VINF_SUCCESS)
6051 return rc;
6052 switch (VAL(Port, cb))
6053 {
6054 case VAL(0, 1): *pu32 = ataBMDMACmdReadB(pCtl, Port); break;
6055 case VAL(0, 2): *pu32 = ataBMDMACmdReadB(pCtl, Port); break;
6056 case VAL(2, 1): *pu32 = ataBMDMAStatusReadB(pCtl, Port); break;
6057 case VAL(2, 2): *pu32 = ataBMDMAStatusReadB(pCtl, Port); break;
6058 case VAL(4, 4): *pu32 = ataBMDMAAddrReadL(pCtl, Port); break;
6059 case VAL(0, 4):
6060 /* The SCO OpenServer tries to read 4 bytes starting from offset 0. */
6061 *pu32 = ataBMDMACmdReadB(pCtl, Port) | (ataBMDMAStatusReadB(pCtl, Port) << 16);
6062 break;
6063 default:
6064 AssertMsgFailed(("%s: Unsupported read from port %x size=%d\n", __FUNCTION__, Port, cb));
6065 PDMCritSectLeave(&pCtl->lock);
6066 return VERR_IOM_IOPORT_UNUSED;
6067 }
6068 PDMCritSectLeave(&pCtl->lock);
6069 return rc;
6070}
6071
6072/**
6073 * Port I/O Handler for bus master DMA OUT operations.
6074 * @see FNIOMIOPORTOUT for details.
6075 */
6076PDMBOTHCBDECL(int) ataBMDMAIOPortWrite(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t u32, unsigned cb)
6077{
6078 uint32_t i = (uint32_t)(uintptr_t)pvUser;
6079 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
6080 PATACONTROLLER pCtl = &pThis->aCts[i];
6081
6082 int rc = PDMCritSectEnter(&pCtl->lock, VINF_IOM_R3_IOPORT_WRITE);
6083 if (rc != VINF_SUCCESS)
6084 return rc;
6085 switch (VAL(Port, cb))
6086 {
6087 case VAL(0, 1):
6088#ifdef IN_RC
6089 if (u32 & BM_CMD_START)
6090 {
6091 rc = VINF_IOM_R3_IOPORT_WRITE;
6092 break;
6093 }
6094#endif
6095 ataBMDMACmdWriteB(pCtl, Port, u32);
6096 break;
6097 case VAL(2, 1): ataBMDMAStatusWriteB(pCtl, Port, u32); break;
6098 case VAL(4, 4): ataBMDMAAddrWriteL(pCtl, Port, u32); break;
6099 case VAL(4, 2): ataBMDMAAddrWriteLowWord(pCtl, Port, u32); break;
6100 case VAL(6, 2): ataBMDMAAddrWriteHighWord(pCtl, Port, u32); break;
6101 default: AssertMsgFailed(("%s: Unsupported write to port %x size=%d val=%x\n", __FUNCTION__, Port, cb, u32)); break;
6102 }
6103 PDMCritSectLeave(&pCtl->lock);
6104 return rc;
6105}
6106
6107#undef VAL
6108
6109#ifdef IN_RING3
6110
6111/**
6112 * @callback_method_impl{FNPCIIOREGIONMAP}
6113 */
6114static DECLCALLBACK(int) ataR3BMDMAIORangeMap(PPDMDEVINS pDevIns, PPDMPCIDEV pPciDev, uint32_t iRegion,
6115 RTGCPHYS GCPhysAddress, RTGCPHYS cb, PCIADDRESSSPACE enmType)
6116{
6117 RT_NOREF(iRegion, cb, enmType);
6118 PCIATAState *pThis = PCIDEV_2_PCIATASTATE(pPciDev);
6119 int rc = VINF_SUCCESS;
6120 Assert(enmType == PCI_ADDRESS_SPACE_IO);
6121 Assert(iRegion == 4);
6122 AssertMsg(RT_ALIGN(GCPhysAddress, 8) == GCPhysAddress, ("Expected 8 byte alignment. GCPhysAddress=%#x\n", GCPhysAddress));
6123
6124 /* Register the port range. */
6125 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
6126 {
6127 int rc2 = PDMDevHlpIOPortRegister(pDevIns, (RTIOPORT)GCPhysAddress + i * 8, 8,
6128 (RTHCPTR)(uintptr_t)i, ataBMDMAIOPortWrite, ataBMDMAIOPortRead,
6129 NULL, NULL, "ATA Bus Master DMA");
6130 AssertRC(rc2);
6131 if (rc2 < rc)
6132 rc = rc2;
6133
6134 if (pThis->fRCEnabled)
6135 {
6136 rc2 = PDMDevHlpIOPortRegisterRC(pDevIns, (RTIOPORT)GCPhysAddress + i * 8, 8,
6137 (RTGCPTR)i, "ataBMDMAIOPortWrite", "ataBMDMAIOPortRead",
6138 NULL, NULL, "ATA Bus Master DMA");
6139 AssertRC(rc2);
6140 if (rc2 < rc)
6141 rc = rc2;
6142 }
6143 if (pThis->fR0Enabled)
6144 {
6145 rc2 = PDMDevHlpIOPortRegisterR0(pDevIns, (RTIOPORT)GCPhysAddress + i * 8, 8,
6146 (RTR0PTR)i, "ataBMDMAIOPortWrite", "ataBMDMAIOPortRead",
6147 NULL, NULL, "ATA Bus Master DMA");
6148 AssertRC(rc2);
6149 if (rc2 < rc)
6150 rc = rc2;
6151 }
6152 }
6153 return rc;
6154}
6155
6156
6157/* -=-=-=-=-=- PCIATAState::IBase -=-=-=-=-=- */
6158
6159/**
6160 * @interface_method_impl{PDMIBASE,pfnQueryInterface}
6161 */
6162static DECLCALLBACK(void *) ataR3Status_QueryInterface(PPDMIBASE pInterface, const char *pszIID)
6163{
6164 PCIATAState *pThis = PDMIBASE_2_PCIATASTATE(pInterface);
6165 PDMIBASE_RETURN_INTERFACE(pszIID, PDMIBASE, &pThis->IBase);
6166 PDMIBASE_RETURN_INTERFACE(pszIID, PDMILEDPORTS, &pThis->ILeds);
6167 return NULL;
6168}
6169
6170
6171/* -=-=-=-=-=- PCIATAState::ILeds -=-=-=-=-=- */
6172
6173/**
6174 * Gets the pointer to the status LED of a unit.
6175 *
6176 * @returns VBox status code.
6177 * @param pInterface Pointer to the interface structure containing the called function pointer.
6178 * @param iLUN The unit which status LED we desire.
6179 * @param ppLed Where to store the LED pointer.
6180 */
6181static DECLCALLBACK(int) ataR3Status_QueryStatusLed(PPDMILEDPORTS pInterface, unsigned iLUN, PPDMLED *ppLed)
6182{
6183 PCIATAState *pThis = PDMILEDPORTS_2_PCIATASTATE(pInterface);
6184 if (iLUN < 4)
6185 {
6186 switch (iLUN)
6187 {
6188 case 0: *ppLed = &pThis->aCts[0].aIfs[0].Led; break;
6189 case 1: *ppLed = &pThis->aCts[0].aIfs[1].Led; break;
6190 case 2: *ppLed = &pThis->aCts[1].aIfs[0].Led; break;
6191 case 3: *ppLed = &pThis->aCts[1].aIfs[1].Led; break;
6192 }
6193 Assert((*ppLed)->u32Magic == PDMLED_MAGIC);
6194 return VINF_SUCCESS;
6195 }
6196 return VERR_PDM_LUN_NOT_FOUND;
6197}
6198
6199
6200/* -=-=-=-=-=- ATADevState::IBase -=-=-=-=-=- */
6201
6202/**
6203 * @interface_method_impl{PDMIBASE,pfnQueryInterface}
6204 */
6205static DECLCALLBACK(void *) ataR3QueryInterface(PPDMIBASE pInterface, const char *pszIID)
6206{
6207 ATADevState *pIf = PDMIBASE_2_ATASTATE(pInterface);
6208 PDMIBASE_RETURN_INTERFACE(pszIID, PDMIBASE, &pIf->IBase);
6209 PDMIBASE_RETURN_INTERFACE(pszIID, PDMIMEDIAPORT, &pIf->IPort);
6210 PDMIBASE_RETURN_INTERFACE(pszIID, PDMIMOUNTNOTIFY, &pIf->IMountNotify);
6211 return NULL;
6212}
6213
6214
6215/* -=-=-=-=-=- ATADevState::IPort -=-=-=-=-=- */
6216
6217/**
6218 * @interface_method_impl{PDMIMEDIAPORT,pfnQueryDeviceLocation}
6219 */
6220static DECLCALLBACK(int) ataR3QueryDeviceLocation(PPDMIMEDIAPORT pInterface, const char **ppcszController,
6221 uint32_t *piInstance, uint32_t *piLUN)
6222{
6223 ATADevState *pIf = PDMIMEDIAPORT_2_ATASTATE(pInterface);
6224 PPDMDEVINS pDevIns = pIf->CTX_SUFF(pDevIns);
6225
6226 AssertPtrReturn(ppcszController, VERR_INVALID_POINTER);
6227 AssertPtrReturn(piInstance, VERR_INVALID_POINTER);
6228 AssertPtrReturn(piLUN, VERR_INVALID_POINTER);
6229
6230 *ppcszController = pDevIns->pReg->szName;
6231 *piInstance = pDevIns->iInstance;
6232 *piLUN = pIf->iLUN;
6233
6234 return VINF_SUCCESS;
6235}
6236
6237#endif /* IN_RING3 */
6238
6239/* -=-=-=-=-=- Wrappers -=-=-=-=-=- */
6240
6241
6242/**
6243 * Port I/O Handler for primary port range OUT operations.
6244 * @see FNIOMIOPORTOUT for details.
6245 */
6246PDMBOTHCBDECL(int) ataIOPortWrite1Other(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t u32, unsigned cb)
6247{
6248 uint32_t i = (uint32_t)(uintptr_t)pvUser;
6249 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
6250 PATACONTROLLER pCtl = &pThis->aCts[i];
6251
6252 Assert(i < 2);
6253 Assert(Port != pCtl->IOPortBase1);
6254
6255 int rc = PDMCritSectEnter(&pCtl->lock, VINF_IOM_R3_IOPORT_WRITE);
6256 if (rc == VINF_SUCCESS)
6257 {
6258 /* Writes to the other command block ports should be 8-bit only. If they
6259 * are not, the high bits are simply discarded. Undocumented, but observed
6260 * on a real PIIX4 system.
6261 */
6262 if (cb > 1)
6263 Log(("ataIOPortWrite1: suspect write to port %x val=%x size=%d\n", Port, u32, cb));
6264
6265 rc = ataIOPortWriteU8(pCtl, Port, u32);
6266
6267 PDMCritSectLeave(&pCtl->lock);
6268 }
6269 return rc;
6270}
6271
6272
6273/**
6274 * Port I/O Handler for primary port range IN operations.
6275 * @see FNIOMIOPORTIN for details.
6276 */
6277PDMBOTHCBDECL(int) ataIOPortRead1Other(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t *pu32, unsigned cb)
6278{
6279 uint32_t i = (uint32_t)(uintptr_t)pvUser;
6280 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
6281 PATACONTROLLER pCtl = &pThis->aCts[i];
6282
6283 Assert(i < 2);
6284 Assert(Port != pCtl->IOPortBase1);
6285
6286 int rc = PDMCritSectEnter(&pCtl->lock, VINF_IOM_R3_IOPORT_READ);
6287 if (rc == VINF_SUCCESS)
6288 {
6289 /* Reads from the other command block registers should be 8-bit only.
6290 * If they are not, the low byte is propagated to the high bits.
6291 * Undocumented, but observed on a real PIIX4 system.
6292 */
6293 rc = ataIOPortReadU8(pCtl, Port, pu32);
6294 if (cb > 1)
6295 {
6296 uint32_t pad;
6297
6298 /* Replicate the 8-bit result into the upper three bytes. */
6299 pad = *pu32 & 0xff;
6300 pad = pad | (pad << 8);
6301 pad = pad | (pad << 16);
6302 *pu32 = pad;
6303 Log(("ataIOPortRead1: suspect read from port %x size=%d\n", Port, cb));
6304 }
6305 PDMCritSectLeave(&pCtl->lock);
6306 }
6307 return rc;
6308}
6309
6310
6311/**
6312 * Port I/O Handler for secondary port range OUT operations.
6313 * @see FNIOMIOPORTOUT for details.
6314 */
6315PDMBOTHCBDECL(int) ataIOPortWrite2(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t u32, unsigned cb)
6316{
6317 uint32_t i = (uint32_t)(uintptr_t)pvUser;
6318 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
6319 PATACONTROLLER pCtl = &pThis->aCts[i];
6320 int rc;
6321
6322 Assert(i < 2);
6323
6324 if (cb == 1)
6325 {
6326 rc = PDMCritSectEnter(&pCtl->lock, VINF_IOM_R3_IOPORT_WRITE);
6327 if (rc == VINF_SUCCESS)
6328 {
6329 rc = ataControlWrite(pCtl, Port, u32);
6330 PDMCritSectLeave(&pCtl->lock);
6331 }
6332 }
6333 else
6334 rc = VINF_SUCCESS;
6335 return rc;
6336}
6337
6338
6339/**
6340 * Port I/O Handler for secondary port range IN operations.
6341 * @see FNIOMIOPORTIN for details.
6342 */
6343PDMBOTHCBDECL(int) ataIOPortRead2(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t *pu32, unsigned cb)
6344{
6345 uint32_t i = (uint32_t)(uintptr_t)pvUser;
6346 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
6347 PATACONTROLLER pCtl = &pThis->aCts[i];
6348 int rc;
6349
6350 Assert(i < 2);
6351
6352 if (cb == 1)
6353 {
6354 rc = PDMCritSectEnter(&pCtl->lock, VINF_IOM_R3_IOPORT_READ);
6355 if (rc == VINF_SUCCESS)
6356 {
6357 *pu32 = ataStatusRead(pCtl, Port);
6358 PDMCritSectLeave(&pCtl->lock);
6359 }
6360 }
6361 else
6362 rc = VERR_IOM_IOPORT_UNUSED;
6363 return rc;
6364}
6365
6366#ifdef IN_RING3
6367
6368
6369DECLINLINE(void) ataR3RelocBuffer(PPDMDEVINS pDevIns, ATADevState *s)
6370{
6371 if (s->pbIOBufferR3)
6372 s->pbIOBufferRC = MMHyperR3ToRC(PDMDevHlpGetVM(pDevIns), s->pbIOBufferR3);
6373}
6374
6375
6376/**
6377 * Detach notification.
6378 *
6379 * The DVD drive has been unplugged.
6380 *
6381 * @param pDevIns The device instance.
6382 * @param iLUN The logical unit which is being detached.
6383 * @param fFlags Flags, combination of the PDMDEVATT_FLAGS_* \#defines.
6384 */
6385static DECLCALLBACK(void) ataR3Detach(PPDMDEVINS pDevIns, unsigned iLUN, uint32_t fFlags)
6386{
6387 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
6388 AssertMsg(fFlags & PDM_TACH_FLAGS_NOT_HOT_PLUG,
6389 ("PIIX3IDE: Device does not support hotplugging\n")); RT_NOREF(fFlags);
6390
6391 /*
6392 * Locate the controller and stuff.
6393 */
6394 unsigned iController = iLUN / RT_ELEMENTS(pThis->aCts[0].aIfs);
6395 AssertReleaseMsg(iController < RT_ELEMENTS(pThis->aCts), ("iController=%d iLUN=%d\n", iController, iLUN));
6396 PATACONTROLLER pCtl = &pThis->aCts[iController];
6397
6398 unsigned iInterface = iLUN % RT_ELEMENTS(pThis->aCts[0].aIfs);
6399 ATADevState *pIf = &pCtl->aIfs[iInterface];
6400
6401 /*
6402 * Zero some important members.
6403 */
6404 pIf->pDrvBase = NULL;
6405 pIf->pDrvMedia = NULL;
6406 pIf->pDrvMount = NULL;
6407
6408 /*
6409 * In case there was a medium inserted.
6410 */
6411 ataR3MediumRemoved(pIf);
6412}
6413
6414
6415/**
6416 * Configure a LUN.
6417 *
6418 * @returns VBox status code.
6419 * @param pDevIns The device instance.
6420 * @param pIf The ATA unit state.
6421 */
6422static int ataR3ConfigLun(PPDMDEVINS pDevIns, ATADevState *pIf)
6423{
6424 int rc = VINF_SUCCESS;
6425 PDMMEDIATYPE enmType;
6426
6427 /*
6428 * Query Block, Bios and Mount interfaces.
6429 */
6430 pIf->pDrvMedia = PDMIBASE_QUERY_INTERFACE(pIf->pDrvBase, PDMIMEDIA);
6431 if (!pIf->pDrvMedia)
6432 {
6433 AssertMsgFailed(("Configuration error: LUN#%d hasn't a block interface!\n", pIf->iLUN));
6434 return VERR_PDM_MISSING_INTERFACE;
6435 }
6436
6437 pIf->pDrvMount = PDMIBASE_QUERY_INTERFACE(pIf->pDrvBase, PDMIMOUNT);
6438
6439 /*
6440 * Validate type.
6441 */
6442 enmType = pIf->pDrvMedia->pfnGetType(pIf->pDrvMedia);
6443 if ( enmType != PDMMEDIATYPE_CDROM
6444 && enmType != PDMMEDIATYPE_DVD
6445 && enmType != PDMMEDIATYPE_HARD_DISK)
6446 {
6447 AssertMsgFailed(("Configuration error: LUN#%d isn't a disk or cd/dvd-rom. enmType=%d\n", pIf->iLUN, enmType));
6448 return VERR_PDM_UNSUPPORTED_BLOCK_TYPE;
6449 }
6450 if ( ( enmType == PDMMEDIATYPE_DVD
6451 || enmType == PDMMEDIATYPE_CDROM)
6452 && !pIf->pDrvMount)
6453 {
6454 AssertMsgFailed(("Internal error: cdrom without a mountable interface, WTF???!\n"));
6455 return VERR_INTERNAL_ERROR;
6456 }
6457 pIf->fATAPI = enmType == PDMMEDIATYPE_DVD || enmType == PDMMEDIATYPE_CDROM;
6458 pIf->fATAPIPassthrough = pIf->fATAPI ? (pIf->pDrvMedia->pfnSendCmd != NULL) : false;
6459
6460 /*
6461 * Allocate I/O buffer.
6462 */
6463 if (pIf->fATAPI)
6464 pIf->cbSector = 2048;
6465 else
6466 pIf->cbSector = pIf->pDrvMedia->pfnGetSectorSize(pIf->pDrvMedia);
6467
6468 PVM pVM = PDMDevHlpGetVM(pDevIns);
6469 if (pIf->cbIOBuffer)
6470 {
6471 /* Buffer is (probably) already allocated. Validate the fields,
6472 * because memory corruption can also overwrite pIf->cbIOBuffer. */
6473 if (pIf->fATAPI)
6474 AssertRelease(pIf->cbIOBuffer == _128K);
6475 else
6476 AssertRelease(pIf->cbIOBuffer == ATA_MAX_MULT_SECTORS * pIf->cbSector);
6477 Assert(pIf->pbIOBufferR3);
6478 Assert(pIf->pbIOBufferR0 == MMHyperR3ToR0(pVM, pIf->pbIOBufferR3));
6479 Assert(pIf->pbIOBufferRC == MMHyperR3ToRC(pVM, pIf->pbIOBufferR3));
6480 }
6481 else
6482 {
6483 if (pIf->fATAPI)
6484 pIf->cbIOBuffer = _128K;
6485 else
6486 pIf->cbIOBuffer = ATA_MAX_MULT_SECTORS * pIf->cbSector;
6487 Assert(!pIf->pbIOBufferR3);
6488 rc = MMR3HyperAllocOnceNoRel(pVM, pIf->cbIOBuffer, 0, MM_TAG_PDM_DEVICE_USER, (void **)&pIf->pbIOBufferR3);
6489 if (RT_FAILURE(rc))
6490 return VERR_NO_MEMORY;
6491 pIf->pbIOBufferR0 = MMHyperR3ToR0(pVM, pIf->pbIOBufferR3);
6492 pIf->pbIOBufferRC = MMHyperR3ToRC(pVM, pIf->pbIOBufferR3);
6493 }
6494
6495 /*
6496 * Init geometry (only for non-CD/DVD media).
6497 */
6498 if (pIf->fATAPI)
6499 {
6500 pIf->cTotalSectors = pIf->pDrvMedia->pfnGetSize(pIf->pDrvMedia) / pIf->cbSector;
6501 pIf->PCHSGeometry.cCylinders = 0; /* dummy */
6502 pIf->PCHSGeometry.cHeads = 0; /* dummy */
6503 pIf->PCHSGeometry.cSectors = 0; /* dummy */
6504 LogRel(("PIIX3 ATA: LUN#%d: CD/DVD, total number of sectors %Ld, passthrough %s\n", pIf->iLUN, pIf->cTotalSectors, (pIf->fATAPIPassthrough ? "enabled" : "disabled")));
6505 }
6506 else
6507 {
6508 pIf->cTotalSectors = pIf->pDrvMedia->pfnGetSize(pIf->pDrvMedia) / pIf->cbSector;
6509 rc = pIf->pDrvMedia->pfnBiosGetPCHSGeometry(pIf->pDrvMedia, &pIf->PCHSGeometry);
6510 if (rc == VERR_PDM_MEDIA_NOT_MOUNTED)
6511 {
6512 pIf->PCHSGeometry.cCylinders = 0;
6513 pIf->PCHSGeometry.cHeads = 16; /*??*/
6514 pIf->PCHSGeometry.cSectors = 63; /*??*/
6515 }
6516 else if (rc == VERR_PDM_GEOMETRY_NOT_SET)
6517 {
6518 pIf->PCHSGeometry.cCylinders = 0; /* autodetect marker */
6519 rc = VINF_SUCCESS;
6520 }
6521 AssertRC(rc);
6522
6523 if ( pIf->PCHSGeometry.cCylinders == 0
6524 || pIf->PCHSGeometry.cHeads == 0
6525 || pIf->PCHSGeometry.cSectors == 0
6526 )
6527 {
6528 uint64_t cCylinders = pIf->cTotalSectors / (16 * 63);
6529 pIf->PCHSGeometry.cCylinders = RT_MAX(RT_MIN(cCylinders, 16383), 1);
6530 pIf->PCHSGeometry.cHeads = 16;
6531 pIf->PCHSGeometry.cSectors = 63;
6532 /* Set the disk geometry information. Ignore errors. */
6533 pIf->pDrvMedia->pfnBiosSetPCHSGeometry(pIf->pDrvMedia, &pIf->PCHSGeometry);
6534 rc = VINF_SUCCESS;
6535 }
6536 LogRel(("PIIX3 ATA: LUN#%d: disk, PCHS=%u/%u/%u, total number of sectors %Ld\n", pIf->iLUN, pIf->PCHSGeometry.cCylinders, pIf->PCHSGeometry.cHeads, pIf->PCHSGeometry.cSectors, pIf->cTotalSectors));
6537
6538 if (pIf->pDrvMedia->pfnDiscard)
6539 LogRel(("PIIX3 ATA: LUN#%d: TRIM enabled\n", pIf->iLUN));
6540 }
6541 return rc;
6542}
6543
6544
6545/**
6546 * Attach command.
6547 *
6548 * This is called when we change block driver for the DVD drive.
6549 *
6550 * @returns VBox status code.
6551 * @param pDevIns The device instance.
6552 * @param iLUN The logical unit which is being detached.
6553 * @param fFlags Flags, combination of the PDMDEVATT_FLAGS_* \#defines.
6554 */
6555static DECLCALLBACK(int) ataR3Attach(PPDMDEVINS pDevIns, unsigned iLUN, uint32_t fFlags)
6556{
6557 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
6558 PATACONTROLLER pCtl;
6559 ATADevState *pIf;
6560 int rc;
6561 unsigned iController;
6562 unsigned iInterface;
6563
6564 AssertMsgReturn(fFlags & PDM_TACH_FLAGS_NOT_HOT_PLUG,
6565 ("PIIX3IDE: Device does not support hotplugging\n"),
6566 VERR_INVALID_PARAMETER);
6567
6568 /*
6569 * Locate the controller and stuff.
6570 */
6571 iController = iLUN / RT_ELEMENTS(pThis->aCts[0].aIfs);
6572 AssertReleaseMsg(iController < RT_ELEMENTS(pThis->aCts), ("iController=%d iLUN=%d\n", iController, iLUN));
6573 pCtl = &pThis->aCts[iController];
6574
6575 iInterface = iLUN % RT_ELEMENTS(pThis->aCts[0].aIfs);
6576 pIf = &pCtl->aIfs[iInterface];
6577
6578 /* the usual paranoia */
6579 AssertRelease(!pIf->pDrvBase);
6580 AssertRelease(!pIf->pDrvMedia);
6581 Assert(ATADEVSTATE_2_CONTROLLER(pIf) == pCtl);
6582 Assert(pIf->iLUN == iLUN);
6583
6584 /*
6585 * Try attach the block device and get the interfaces,
6586 * required as well as optional.
6587 */
6588 rc = PDMDevHlpDriverAttach(pDevIns, pIf->iLUN, &pIf->IBase, &pIf->pDrvBase, NULL);
6589 if (RT_SUCCESS(rc))
6590 {
6591 rc = ataR3ConfigLun(pDevIns, pIf);
6592 /*
6593 * In case there is a medium inserted.
6594 */
6595 ataR3MediumInserted(pIf);
6596 ataR3MediumTypeSet(pIf, ATA_MEDIA_TYPE_UNKNOWN);
6597 }
6598 else
6599 AssertMsgFailed(("Failed to attach LUN#%d. rc=%Rrc\n", pIf->iLUN, rc));
6600
6601 if (RT_FAILURE(rc))
6602 {
6603 pIf->pDrvBase = NULL;
6604 pIf->pDrvMedia = NULL;
6605 }
6606 return rc;
6607}
6608
6609
6610/**
6611 * Resume notification.
6612 *
6613 * @returns VBox status code.
6614 * @param pDevIns The device instance data.
6615 */
6616static DECLCALLBACK(void) ataR3Resume(PPDMDEVINS pDevIns)
6617{
6618 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
6619 int rc;
6620
6621 Log(("%s:\n", __FUNCTION__));
6622 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
6623 {
6624 if (pThis->aCts[i].fRedo && pThis->aCts[i].fRedoIdle)
6625 {
6626 rc = RTSemEventSignal(pThis->aCts[i].SuspendIOSem);
6627 AssertRC(rc);
6628 }
6629 }
6630 return;
6631}
6632
6633
6634/**
6635 * Checks if all (both) the async I/O threads have quiesced.
6636 *
6637 * @returns true on success.
6638 * @returns false when one or more threads is still processing.
6639 * @param pDevIns Pointer to the PDM device instance.
6640 */
6641static bool ataR3AllAsyncIOIsIdle(PPDMDEVINS pDevIns)
6642{
6643 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
6644
6645 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
6646 if (pThis->aCts[i].AsyncIOThread != NIL_RTTHREAD)
6647 {
6648 bool fRc = ataR3AsyncIOIsIdle(&pThis->aCts[i], false /*fStrict*/);
6649 if (!fRc)
6650 {
6651 /* Make it signal PDM & itself when its done */
6652 PDMCritSectEnter(&pThis->aCts[i].AsyncIORequestLock, VERR_IGNORED);
6653 ASMAtomicWriteBool(&pThis->aCts[i].fSignalIdle, true);
6654 PDMCritSectLeave(&pThis->aCts[i].AsyncIORequestLock);
6655
6656 fRc = ataR3AsyncIOIsIdle(&pThis->aCts[i], false /*fStrict*/);
6657 if (!fRc)
6658 {
6659#if 0 /** @todo Need to do some time tracking here... */
6660 LogRel(("PIIX3 ATA: Ctl#%u is still executing, DevSel=%d AIOIf=%d CmdIf0=%#04x CmdIf1=%#04x\n",
6661 i, pThis->aCts[i].iSelectedIf, pThis->aCts[i].iAIOIf,
6662 pThis->aCts[i].aIfs[0].uATARegCommand, pThis->aCts[i].aIfs[1].uATARegCommand));
6663#endif
6664 return false;
6665 }
6666 }
6667 ASMAtomicWriteBool(&pThis->aCts[i].fSignalIdle, false);
6668 }
6669 return true;
6670}
6671
6672/**
6673 * Prepare state save and load operation.
6674 *
6675 * @returns VBox status code.
6676 * @param pDevIns Device instance of the device which registered the data unit.
6677 * @param pSSM SSM operation handle.
6678 */
6679static DECLCALLBACK(int) ataR3SaveLoadPrep(PPDMDEVINS pDevIns, PSSMHANDLE pSSM)
6680{
6681 RT_NOREF1(pSSM);
6682 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
6683
6684 /* sanity - the suspend notification will wait on the async stuff. */
6685 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
6686 AssertLogRelMsgReturn(ataR3AsyncIOIsIdle(&pThis->aCts[i], false /*fStrict*/),
6687 ("i=%u\n", i),
6688 VERR_SSM_IDE_ASYNC_TIMEOUT);
6689 return VINF_SUCCESS;
6690}
6691
6692/**
6693 * @copydoc FNSSMDEVLIVEEXEC
6694 */
6695static DECLCALLBACK(int) ataR3LiveExec(PPDMDEVINS pDevIns, PSSMHANDLE pSSM, uint32_t uPass)
6696{
6697 RT_NOREF1(uPass);
6698 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
6699
6700 SSMR3PutU8(pSSM, pThis->u8Type);
6701 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
6702 {
6703 SSMR3PutBool(pSSM, true); /* For controller enabled / disabled. */
6704 for (uint32_t j = 0; j < RT_ELEMENTS(pThis->aCts[i].aIfs); j++)
6705 {
6706 SSMR3PutBool(pSSM, pThis->aCts[i].aIfs[j].pDrvBase != NULL);
6707 SSMR3PutStrZ(pSSM, pThis->aCts[i].aIfs[j].szSerialNumber);
6708 SSMR3PutStrZ(pSSM, pThis->aCts[i].aIfs[j].szFirmwareRevision);
6709 SSMR3PutStrZ(pSSM, pThis->aCts[i].aIfs[j].szModelNumber);
6710 }
6711 }
6712
6713 return VINF_SSM_DONT_CALL_AGAIN;
6714}
6715
6716/**
6717 * @copydoc FNSSMDEVSAVEEXEC
6718 */
6719static DECLCALLBACK(int) ataR3SaveExec(PPDMDEVINS pDevIns, PSSMHANDLE pSSM)
6720{
6721 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
6722
6723 ataR3LiveExec(pDevIns, pSSM, SSM_PASS_FINAL);
6724
6725 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
6726 {
6727 SSMR3PutU8(pSSM, pThis->aCts[i].iSelectedIf);
6728 SSMR3PutU8(pSSM, pThis->aCts[i].iAIOIf);
6729 SSMR3PutU8(pSSM, pThis->aCts[i].uAsyncIOState);
6730 SSMR3PutBool(pSSM, pThis->aCts[i].fChainedTransfer);
6731 SSMR3PutBool(pSSM, pThis->aCts[i].fReset);
6732 SSMR3PutBool(pSSM, pThis->aCts[i].fRedo);
6733 SSMR3PutBool(pSSM, pThis->aCts[i].fRedoIdle);
6734 SSMR3PutBool(pSSM, pThis->aCts[i].fRedoDMALastDesc);
6735 SSMR3PutMem(pSSM, &pThis->aCts[i].BmDma, sizeof(pThis->aCts[i].BmDma));
6736 SSMR3PutGCPhys32(pSSM, pThis->aCts[i].pFirstDMADesc);
6737 SSMR3PutGCPhys32(pSSM, pThis->aCts[i].pLastDMADesc);
6738 SSMR3PutGCPhys32(pSSM, pThis->aCts[i].pRedoDMABuffer);
6739 SSMR3PutU32(pSSM, pThis->aCts[i].cbRedoDMABuffer);
6740
6741 for (uint32_t j = 0; j < RT_ELEMENTS(pThis->aCts[i].aIfs); j++)
6742 {
6743 SSMR3PutBool(pSSM, pThis->aCts[i].aIfs[j].fLBA48);
6744 SSMR3PutBool(pSSM, pThis->aCts[i].aIfs[j].fATAPI);
6745 SSMR3PutBool(pSSM, pThis->aCts[i].aIfs[j].fIrqPending);
6746 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].cMultSectors);
6747 SSMR3PutU32(pSSM, pThis->aCts[i].aIfs[j].PCHSGeometry.cCylinders);
6748 SSMR3PutU32(pSSM, pThis->aCts[i].aIfs[j].PCHSGeometry.cHeads);
6749 SSMR3PutU32(pSSM, pThis->aCts[i].aIfs[j].PCHSGeometry.cSectors);
6750 SSMR3PutU32(pSSM, pThis->aCts[i].aIfs[j].cSectorsPerIRQ);
6751 SSMR3PutU64(pSSM, pThis->aCts[i].aIfs[j].cTotalSectors);
6752 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegFeature);
6753 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegFeatureHOB);
6754 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegError);
6755 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegNSector);
6756 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegNSectorHOB);
6757 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegSector);
6758 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegSectorHOB);
6759 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegLCyl);
6760 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegLCylHOB);
6761 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegHCyl);
6762 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegHCylHOB);
6763 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegSelect);
6764 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegStatus);
6765 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegCommand);
6766 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegDevCtl);
6767 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATATransferMode);
6768 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uTxDir);
6769 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].iBeginTransfer);
6770 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].iSourceSink);
6771 SSMR3PutBool(pSSM, pThis->aCts[i].aIfs[j].fDMA);
6772 SSMR3PutBool(pSSM, pThis->aCts[i].aIfs[j].fATAPITransfer);
6773 SSMR3PutU32(pSSM, pThis->aCts[i].aIfs[j].cbTotalTransfer);
6774 SSMR3PutU32(pSSM, pThis->aCts[i].aIfs[j].cbElementaryTransfer);
6775 SSMR3PutU32(pSSM, pThis->aCts[i].aIfs[j].iIOBufferCur);
6776 SSMR3PutU32(pSSM, pThis->aCts[i].aIfs[j].iIOBufferEnd);
6777 SSMR3PutU32(pSSM, pThis->aCts[i].aIfs[j].iIOBufferPIODataStart);
6778 SSMR3PutU32(pSSM, pThis->aCts[i].aIfs[j].iIOBufferPIODataEnd);
6779 SSMR3PutU32(pSSM, pThis->aCts[i].aIfs[j].iATAPILBA);
6780 SSMR3PutU32(pSSM, pThis->aCts[i].aIfs[j].cbATAPISector);
6781 SSMR3PutMem(pSSM, &pThis->aCts[i].aIfs[j].aATAPICmd, sizeof(pThis->aCts[i].aIfs[j].aATAPICmd));
6782 SSMR3PutMem(pSSM, &pThis->aCts[i].aIfs[j].abATAPISense, sizeof(pThis->aCts[i].aIfs[j].abATAPISense));
6783 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].cNotifiedMediaChange);
6784 SSMR3PutU32(pSSM, pThis->aCts[i].aIfs[j].MediaEventStatus);
6785 SSMR3PutMem(pSSM, &pThis->aCts[i].aIfs[j].Led, sizeof(pThis->aCts[i].aIfs[j].Led));
6786 SSMR3PutU32(pSSM, pThis->aCts[i].aIfs[j].cbIOBuffer);
6787 if (pThis->aCts[i].aIfs[j].cbIOBuffer)
6788 SSMR3PutMem(pSSM, pThis->aCts[i].aIfs[j].CTX_SUFF(pbIOBuffer), pThis->aCts[i].aIfs[j].cbIOBuffer);
6789 else
6790 Assert(pThis->aCts[i].aIfs[j].CTX_SUFF(pbIOBuffer) == NULL);
6791 }
6792 }
6793
6794 return SSMR3PutU32(pSSM, UINT32_MAX); /* sanity/terminator */
6795}
6796
6797/**
6798 * Converts the LUN number into a message string.
6799 */
6800static const char *ataR3StringifyLun(unsigned iLun)
6801{
6802 switch (iLun)
6803 {
6804 case 0: return "primary master";
6805 case 1: return "primary slave";
6806 case 2: return "secondary master";
6807 case 3: return "secondary slave";
6808 default: AssertFailedReturn("unknown lun");
6809 }
6810}
6811
6812/**
6813 * FNSSMDEVLOADEXEC
6814 */
6815static DECLCALLBACK(int) ataR3LoadExec(PPDMDEVINS pDevIns, PSSMHANDLE pSSM, uint32_t uVersion, uint32_t uPass)
6816{
6817 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
6818 int rc;
6819 uint32_t u32;
6820
6821 if ( uVersion != ATA_SAVED_STATE_VERSION
6822 && uVersion != ATA_SAVED_STATE_VERSION_VBOX_30
6823 && uVersion != ATA_SAVED_STATE_VERSION_WITHOUT_FULL_SENSE
6824 && uVersion != ATA_SAVED_STATE_VERSION_WITHOUT_EVENT_STATUS
6825 && uVersion != ATA_SAVED_STATE_VERSION_WITH_BOOL_TYPE)
6826 {
6827 AssertMsgFailed(("uVersion=%d\n", uVersion));
6828 return VERR_SSM_UNSUPPORTED_DATA_UNIT_VERSION;
6829 }
6830
6831 /*
6832 * Verify the configuration.
6833 */
6834 if (uVersion > ATA_SAVED_STATE_VERSION_VBOX_30)
6835 {
6836 uint8_t u8Type;
6837 rc = SSMR3GetU8(pSSM, &u8Type);
6838 AssertRCReturn(rc, rc);
6839 if (u8Type != pThis->u8Type)
6840 return SSMR3SetCfgError(pSSM, RT_SRC_POS, N_("Config mismatch: u8Type - saved=%u config=%u"), u8Type, pThis->u8Type);
6841
6842 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
6843 {
6844 bool fEnabled;
6845 rc = SSMR3GetBool(pSSM, &fEnabled);
6846 AssertRCReturn(rc, rc);
6847 if (!fEnabled)
6848 return SSMR3SetCfgError(pSSM, RT_SRC_POS, N_("Ctr#%u onfig mismatch: fEnabled != true"), i);
6849
6850 for (uint32_t j = 0; j < RT_ELEMENTS(pThis->aCts[i].aIfs); j++)
6851 {
6852 ATADevState const *pIf = &pThis->aCts[i].aIfs[j];
6853
6854 bool fInUse;
6855 rc = SSMR3GetBool(pSSM, &fInUse);
6856 AssertRCReturn(rc, rc);
6857 if (fInUse != (pIf->pDrvBase != NULL))
6858 return SSMR3SetCfgError(pSSM, RT_SRC_POS,
6859 N_("The %s VM is missing a %s device. Please make sure the source and target VMs have compatible storage configurations"),
6860 fInUse ? "target" : "source", ataR3StringifyLun(pIf->iLUN) );
6861
6862 char szSerialNumber[ATA_SERIAL_NUMBER_LENGTH+1];
6863 rc = SSMR3GetStrZ(pSSM, szSerialNumber, sizeof(szSerialNumber));
6864 AssertRCReturn(rc, rc);
6865 if (strcmp(szSerialNumber, pIf->szSerialNumber))
6866 LogRel(("PIIX3 ATA: LUN#%u config mismatch: Serial number - saved='%s' config='%s'\n",
6867 pIf->iLUN, szSerialNumber, pIf->szSerialNumber));
6868
6869 char szFirmwareRevision[ATA_FIRMWARE_REVISION_LENGTH+1];
6870 rc = SSMR3GetStrZ(pSSM, szFirmwareRevision, sizeof(szFirmwareRevision));
6871 AssertRCReturn(rc, rc);
6872 if (strcmp(szFirmwareRevision, pIf->szFirmwareRevision))
6873 LogRel(("PIIX3 ATA: LUN#%u config mismatch: Firmware revision - saved='%s' config='%s'\n",
6874 pIf->iLUN, szFirmwareRevision, pIf->szFirmwareRevision));
6875
6876 char szModelNumber[ATA_MODEL_NUMBER_LENGTH+1];
6877 rc = SSMR3GetStrZ(pSSM, szModelNumber, sizeof(szModelNumber));
6878 AssertRCReturn(rc, rc);
6879 if (strcmp(szModelNumber, pIf->szModelNumber))
6880 LogRel(("PIIX3 ATA: LUN#%u config mismatch: Model number - saved='%s' config='%s'\n",
6881 pIf->iLUN, szModelNumber, pIf->szModelNumber));
6882 }
6883 }
6884 }
6885 if (uPass != SSM_PASS_FINAL)
6886 return VINF_SUCCESS;
6887
6888 /*
6889 * Restore valid parts of the PCIATAState structure
6890 */
6891 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
6892 {
6893 /* integrity check */
6894 if (!ataR3AsyncIOIsIdle(&pThis->aCts[i], false))
6895 {
6896 AssertMsgFailed(("Async I/O for controller %d is active\n", i));
6897 return VERR_INTERNAL_ERROR_4;
6898 }
6899
6900 SSMR3GetU8(pSSM, &pThis->aCts[i].iSelectedIf);
6901 SSMR3GetU8(pSSM, &pThis->aCts[i].iAIOIf);
6902 SSMR3GetU8(pSSM, &pThis->aCts[i].uAsyncIOState);
6903 SSMR3GetBool(pSSM, &pThis->aCts[i].fChainedTransfer);
6904 SSMR3GetBool(pSSM, (bool *)&pThis->aCts[i].fReset);
6905 SSMR3GetBool(pSSM, (bool *)&pThis->aCts[i].fRedo);
6906 SSMR3GetBool(pSSM, (bool *)&pThis->aCts[i].fRedoIdle);
6907 SSMR3GetBool(pSSM, (bool *)&pThis->aCts[i].fRedoDMALastDesc);
6908 SSMR3GetMem(pSSM, &pThis->aCts[i].BmDma, sizeof(pThis->aCts[i].BmDma));
6909 SSMR3GetGCPhys32(pSSM, &pThis->aCts[i].pFirstDMADesc);
6910 SSMR3GetGCPhys32(pSSM, &pThis->aCts[i].pLastDMADesc);
6911 SSMR3GetGCPhys32(pSSM, &pThis->aCts[i].pRedoDMABuffer);
6912 SSMR3GetU32(pSSM, &pThis->aCts[i].cbRedoDMABuffer);
6913
6914 for (uint32_t j = 0; j < RT_ELEMENTS(pThis->aCts[i].aIfs); j++)
6915 {
6916 SSMR3GetBool(pSSM, &pThis->aCts[i].aIfs[j].fLBA48);
6917 SSMR3GetBool(pSSM, &pThis->aCts[i].aIfs[j].fATAPI);
6918 SSMR3GetBool(pSSM, &pThis->aCts[i].aIfs[j].fIrqPending);
6919 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].cMultSectors);
6920 SSMR3GetU32(pSSM, &pThis->aCts[i].aIfs[j].PCHSGeometry.cCylinders);
6921 SSMR3GetU32(pSSM, &pThis->aCts[i].aIfs[j].PCHSGeometry.cHeads);
6922 SSMR3GetU32(pSSM, &pThis->aCts[i].aIfs[j].PCHSGeometry.cSectors);
6923 SSMR3GetU32(pSSM, &pThis->aCts[i].aIfs[j].cSectorsPerIRQ);
6924 SSMR3GetU64(pSSM, &pThis->aCts[i].aIfs[j].cTotalSectors);
6925 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegFeature);
6926 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegFeatureHOB);
6927 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegError);
6928 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegNSector);
6929 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegNSectorHOB);
6930 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegSector);
6931 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegSectorHOB);
6932 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegLCyl);
6933 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegLCylHOB);
6934 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegHCyl);
6935 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegHCylHOB);
6936 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegSelect);
6937 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegStatus);
6938 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegCommand);
6939 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegDevCtl);
6940 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATATransferMode);
6941 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uTxDir);
6942 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].iBeginTransfer);
6943 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].iSourceSink);
6944 SSMR3GetBool(pSSM, &pThis->aCts[i].aIfs[j].fDMA);
6945 SSMR3GetBool(pSSM, &pThis->aCts[i].aIfs[j].fATAPITransfer);
6946 SSMR3GetU32(pSSM, &pThis->aCts[i].aIfs[j].cbTotalTransfer);
6947 SSMR3GetU32(pSSM, &pThis->aCts[i].aIfs[j].cbElementaryTransfer);
6948 /* NB: cbPIOTransferLimit could be saved/restored but it's sufficient
6949 * to re-calculate it here, with a tiny risk that it could be
6950 * unnecessarily low for the current transfer only. Could be changed
6951 * when changing the saved state in the future.
6952 */
6953 pThis->aCts[i].aIfs[j].cbPIOTransferLimit = (pThis->aCts[i].aIfs[j].uATARegHCyl << 8) | pThis->aCts[i].aIfs[j].uATARegLCyl;
6954 SSMR3GetU32(pSSM, &pThis->aCts[i].aIfs[j].iIOBufferCur);
6955 SSMR3GetU32(pSSM, &pThis->aCts[i].aIfs[j].iIOBufferEnd);
6956 SSMR3GetU32(pSSM, &pThis->aCts[i].aIfs[j].iIOBufferPIODataStart);
6957 SSMR3GetU32(pSSM, &pThis->aCts[i].aIfs[j].iIOBufferPIODataEnd);
6958 SSMR3GetU32(pSSM, &pThis->aCts[i].aIfs[j].iATAPILBA);
6959 SSMR3GetU32(pSSM, &pThis->aCts[i].aIfs[j].cbATAPISector);
6960 SSMR3GetMem(pSSM, &pThis->aCts[i].aIfs[j].aATAPICmd, sizeof(pThis->aCts[i].aIfs[j].aATAPICmd));
6961 if (uVersion > ATA_SAVED_STATE_VERSION_WITHOUT_FULL_SENSE)
6962 {
6963 SSMR3GetMem(pSSM, pThis->aCts[i].aIfs[j].abATAPISense, sizeof(pThis->aCts[i].aIfs[j].abATAPISense));
6964 }
6965 else
6966 {
6967 uint8_t uATAPISenseKey, uATAPIASC;
6968 memset(pThis->aCts[i].aIfs[j].abATAPISense, '\0', sizeof(pThis->aCts[i].aIfs[j].abATAPISense));
6969 pThis->aCts[i].aIfs[j].abATAPISense[0] = 0x70 | (1 << 7);
6970 pThis->aCts[i].aIfs[j].abATAPISense[7] = 10;
6971 SSMR3GetU8(pSSM, &uATAPISenseKey);
6972 SSMR3GetU8(pSSM, &uATAPIASC);
6973 pThis->aCts[i].aIfs[j].abATAPISense[2] = uATAPISenseKey & 0x0f;
6974 pThis->aCts[i].aIfs[j].abATAPISense[12] = uATAPIASC;
6975 }
6976 /** @todo triple-check this hack after passthrough is working */
6977 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].cNotifiedMediaChange);
6978 if (uVersion > ATA_SAVED_STATE_VERSION_WITHOUT_EVENT_STATUS)
6979 SSMR3GetU32(pSSM, (uint32_t*)&pThis->aCts[i].aIfs[j].MediaEventStatus);
6980 else
6981 pThis->aCts[i].aIfs[j].MediaEventStatus = ATA_EVENT_STATUS_UNCHANGED;
6982 SSMR3GetMem(pSSM, &pThis->aCts[i].aIfs[j].Led, sizeof(pThis->aCts[i].aIfs[j].Led));
6983 SSMR3GetU32(pSSM, &pThis->aCts[i].aIfs[j].cbIOBuffer);
6984 if (pThis->aCts[i].aIfs[j].cbIOBuffer)
6985 {
6986 if (pThis->aCts[i].aIfs[j].CTX_SUFF(pbIOBuffer))
6987 SSMR3GetMem(pSSM, pThis->aCts[i].aIfs[j].CTX_SUFF(pbIOBuffer), pThis->aCts[i].aIfs[j].cbIOBuffer);
6988 else
6989 {
6990 LogRel(("ATA: No buffer for %d/%d\n", i, j));
6991 if (SSMR3HandleGetAfter(pSSM) != SSMAFTER_DEBUG_IT)
6992 return SSMR3SetCfgError(pSSM, RT_SRC_POS, N_("No buffer for %d/%d"), i, j);
6993
6994 /* skip the buffer if we're loading for the debugger / animator. */
6995 uint8_t u8Ignored;
6996 size_t cbLeft = pThis->aCts[i].aIfs[j].cbIOBuffer;
6997 while (cbLeft-- > 0)
6998 SSMR3GetU8(pSSM, &u8Ignored);
6999 }
7000 }
7001 else
7002 Assert(pThis->aCts[i].aIfs[j].CTX_SUFF(pbIOBuffer) == NULL);
7003 }
7004 }
7005 if (uVersion <= ATA_SAVED_STATE_VERSION_VBOX_30)
7006 SSMR3GetU8(pSSM, &pThis->u8Type);
7007
7008 rc = SSMR3GetU32(pSSM, &u32);
7009 if (RT_FAILURE(rc))
7010 return rc;
7011 if (u32 != ~0U)
7012 {
7013 AssertMsgFailed(("u32=%#x expected ~0\n", u32));
7014 rc = VERR_SSM_DATA_UNIT_FORMAT_CHANGED;
7015 return rc;
7016 }
7017
7018 return VINF_SUCCESS;
7019}
7020
7021
7022/**
7023 * Callback employed by ataSuspend and ataR3PowerOff.
7024 *
7025 * @returns true if we've quiesced, false if we're still working.
7026 * @param pDevIns The device instance.
7027 */
7028static DECLCALLBACK(bool) ataR3IsAsyncSuspendOrPowerOffDone(PPDMDEVINS pDevIns)
7029{
7030 return ataR3AllAsyncIOIsIdle(pDevIns);
7031}
7032
7033
7034/**
7035 * Common worker for ataSuspend and ataR3PowerOff.
7036 */
7037static void ataR3SuspendOrPowerOff(PPDMDEVINS pDevIns)
7038{
7039 if (!ataR3AllAsyncIOIsIdle(pDevIns))
7040 PDMDevHlpSetAsyncNotification(pDevIns, ataR3IsAsyncSuspendOrPowerOffDone);
7041}
7042
7043
7044/**
7045 * Power Off notification.
7046 *
7047 * @returns VBox status code.
7048 * @param pDevIns The device instance data.
7049 */
7050static DECLCALLBACK(void) ataR3PowerOff(PPDMDEVINS pDevIns)
7051{
7052 Log(("%s:\n", __FUNCTION__));
7053 ataR3SuspendOrPowerOff(pDevIns);
7054}
7055
7056
7057/**
7058 * Suspend notification.
7059 *
7060 * @returns VBox status code.
7061 * @param pDevIns The device instance data.
7062 */
7063static DECLCALLBACK(void) ataR3Suspend(PPDMDEVINS pDevIns)
7064{
7065 Log(("%s:\n", __FUNCTION__));
7066 ataR3SuspendOrPowerOff(pDevIns);
7067}
7068
7069
7070/**
7071 * Callback employed by ataR3Reset.
7072 *
7073 * @returns true if we've quiesced, false if we're still working.
7074 * @param pDevIns The device instance.
7075 */
7076static DECLCALLBACK(bool) ataR3IsAsyncResetDone(PPDMDEVINS pDevIns)
7077{
7078 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
7079
7080 if (!ataR3AllAsyncIOIsIdle(pDevIns))
7081 return false;
7082
7083 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
7084 {
7085 PDMCritSectEnter(&pThis->aCts[i].lock, VERR_INTERNAL_ERROR);
7086 for (uint32_t j = 0; j < RT_ELEMENTS(pThis->aCts[i].aIfs); j++)
7087 ataR3ResetDevice(&pThis->aCts[i].aIfs[j]);
7088 PDMCritSectLeave(&pThis->aCts[i].lock);
7089 }
7090 return true;
7091}
7092
7093
7094/**
7095 * Common reset worker for ataR3Reset and ataR3Construct.
7096 *
7097 * @returns VBox status code.
7098 * @param pDevIns The device instance data.
7099 * @param fConstruct Indicates who is calling.
7100 */
7101static int ataR3ResetCommon(PPDMDEVINS pDevIns, bool fConstruct)
7102{
7103 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
7104
7105 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
7106 {
7107 PDMCritSectEnter(&pThis->aCts[i].lock, VERR_INTERNAL_ERROR);
7108
7109 pThis->aCts[i].iSelectedIf = 0;
7110 pThis->aCts[i].iAIOIf = 0;
7111 pThis->aCts[i].BmDma.u8Cmd = 0;
7112 /* Report that both drives present on the bus are in DMA mode. This
7113 * pretends that there is a BIOS that has set it up. Normal reset
7114 * default is 0x00. */
7115 pThis->aCts[i].BmDma.u8Status = (pThis->aCts[i].aIfs[0].pDrvBase != NULL ? BM_STATUS_D0DMA : 0)
7116 | (pThis->aCts[i].aIfs[1].pDrvBase != NULL ? BM_STATUS_D1DMA : 0);
7117 pThis->aCts[i].BmDma.pvAddr = 0;
7118
7119 pThis->aCts[i].fReset = true;
7120 pThis->aCts[i].fRedo = false;
7121 pThis->aCts[i].fRedoIdle = false;
7122 ataR3AsyncIOClearRequests(&pThis->aCts[i]);
7123 Log2(("%s: Ctl#%d: message to async I/O thread, reset controller\n", __FUNCTION__, i));
7124 ataHCAsyncIOPutRequest(&pThis->aCts[i], &g_ataResetARequest);
7125 ataHCAsyncIOPutRequest(&pThis->aCts[i], &g_ataResetCRequest);
7126
7127 PDMCritSectLeave(&pThis->aCts[i].lock);
7128 }
7129
7130 int rcRet = VINF_SUCCESS;
7131 if (!fConstruct)
7132 {
7133 /*
7134 * Setup asynchronous notification completion if the requests haven't
7135 * completed yet.
7136 */
7137 if (!ataR3IsAsyncResetDone(pDevIns))
7138 PDMDevHlpSetAsyncNotification(pDevIns, ataR3IsAsyncResetDone);
7139 }
7140 else
7141 {
7142 /*
7143 * Wait for the requests for complete.
7144 *
7145 * Would be real nice if we could do it all from EMT(0) and not
7146 * involve the worker threads, then we could dispense with all the
7147 * waiting and semaphore ping-pong here...
7148 */
7149 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
7150 {
7151 if (pThis->aCts[i].AsyncIOThread != NIL_RTTHREAD)
7152 {
7153 int rc = PDMCritSectEnter(&pThis->aCts[i].AsyncIORequestLock, VERR_IGNORED);
7154 AssertRC(rc);
7155
7156 ASMAtomicWriteBool(&pThis->aCts[i].fSignalIdle, true);
7157 rc = RTThreadUserReset(pThis->aCts[i].AsyncIOThread);
7158 AssertRC(rc);
7159
7160 rc = PDMCritSectLeave(&pThis->aCts[i].AsyncIORequestLock);
7161 AssertRC(rc);
7162
7163 if (!ataR3AsyncIOIsIdle(&pThis->aCts[i], false /*fStrict*/))
7164 {
7165 rc = RTThreadUserWait(pThis->aCts[i].AsyncIOThread, 30*1000 /*ms*/);
7166 if (RT_FAILURE(rc))
7167 rc = RTThreadUserWait(pThis->aCts[i].AsyncIOThread, 1000 /*ms*/);
7168 if (RT_FAILURE(rc))
7169 {
7170 AssertRC(rc);
7171 rcRet = rc;
7172 }
7173 }
7174 }
7175 ASMAtomicWriteBool(&pThis->aCts[i].fSignalIdle, false);
7176 }
7177 if (RT_SUCCESS(rcRet))
7178 {
7179 rcRet = ataR3IsAsyncResetDone(pDevIns) ? VINF_SUCCESS : VERR_INTERNAL_ERROR;
7180 AssertRC(rcRet);
7181 }
7182 }
7183 return rcRet;
7184}
7185
7186/**
7187 * Reset notification.
7188 *
7189 * @param pDevIns The device instance data.
7190 */
7191static DECLCALLBACK(void) ataR3Reset(PPDMDEVINS pDevIns)
7192{
7193 ataR3ResetCommon(pDevIns, false /*fConstruct*/);
7194}
7195
7196/**
7197 * @copydoc FNPDMDEVRELOCATE
7198 */
7199static DECLCALLBACK(void) ataR3Relocate(PPDMDEVINS pDevIns, RTGCINTPTR offDelta)
7200{
7201 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
7202
7203 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
7204 {
7205 pThis->aCts[i].pDevInsRC += offDelta;
7206 pThis->aCts[i].aIfs[0].pDevInsRC += offDelta;
7207 pThis->aCts[i].aIfs[0].pControllerRC += offDelta;
7208 ataR3RelocBuffer(pDevIns, &pThis->aCts[i].aIfs[0]);
7209 pThis->aCts[i].aIfs[1].pDevInsRC += offDelta;
7210 pThis->aCts[i].aIfs[1].pControllerRC += offDelta;
7211 ataR3RelocBuffer(pDevIns, &pThis->aCts[i].aIfs[1]);
7212 }
7213}
7214
7215/**
7216 * Destroy a driver instance.
7217 *
7218 * Most VM resources are freed by the VM. This callback is provided so that any non-VM
7219 * resources can be freed correctly.
7220 *
7221 * @param pDevIns The device instance data.
7222 */
7223static DECLCALLBACK(int) ataR3Destruct(PPDMDEVINS pDevIns)
7224{
7225 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
7226 int rc;
7227
7228 Log(("ataR3Destruct\n"));
7229 PDMDEV_CHECK_VERSIONS_RETURN_QUIET(pDevIns);
7230
7231 /*
7232 * Tell the async I/O threads to terminate.
7233 */
7234 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
7235 {
7236 if (pThis->aCts[i].AsyncIOThread != NIL_RTTHREAD)
7237 {
7238 ASMAtomicWriteU32(&pThis->aCts[i].fShutdown, true);
7239 rc = SUPSemEventSignal(pThis->aCts[i].pSupDrvSession, pThis->aCts[i].hAsyncIOSem);
7240 AssertRC(rc);
7241 rc = RTSemEventSignal(pThis->aCts[i].SuspendIOSem);
7242 AssertRC(rc);
7243 }
7244 }
7245
7246 /*
7247 * Wait for the threads to terminate before destroying their resources.
7248 */
7249 for (unsigned i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
7250 {
7251 if (pThis->aCts[i].AsyncIOThread != NIL_RTTHREAD)
7252 {
7253 rc = RTThreadWait(pThis->aCts[i].AsyncIOThread, 30000 /* 30 s*/, NULL);
7254 if (RT_SUCCESS(rc))
7255 pThis->aCts[i].AsyncIOThread = NIL_RTTHREAD;
7256 else
7257 LogRel(("PIIX3 ATA Dtor: Ctl#%u is still executing, DevSel=%d AIOIf=%d CmdIf0=%#04x CmdIf1=%#04x rc=%Rrc\n",
7258 i, pThis->aCts[i].iSelectedIf, pThis->aCts[i].iAIOIf,
7259 pThis->aCts[i].aIfs[0].uATARegCommand, pThis->aCts[i].aIfs[1].uATARegCommand, rc));
7260 }
7261 }
7262
7263 /*
7264 * Free resources.
7265 */
7266 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
7267 {
7268 if (PDMCritSectIsInitialized(&pThis->aCts[i].AsyncIORequestLock))
7269 PDMR3CritSectDelete(&pThis->aCts[i].AsyncIORequestLock);
7270 if (pThis->aCts[i].hAsyncIOSem != NIL_SUPSEMEVENT)
7271 {
7272 SUPSemEventClose(pThis->aCts[i].pSupDrvSession, pThis->aCts[i].hAsyncIOSem);
7273 pThis->aCts[i].hAsyncIOSem = NIL_SUPSEMEVENT;
7274 }
7275 if (pThis->aCts[i].SuspendIOSem != NIL_RTSEMEVENT)
7276 {
7277 RTSemEventDestroy(pThis->aCts[i].SuspendIOSem);
7278 pThis->aCts[i].SuspendIOSem = NIL_RTSEMEVENT;
7279 }
7280
7281 /* try one final time */
7282 if (pThis->aCts[i].AsyncIOThread != NIL_RTTHREAD)
7283 {
7284 rc = RTThreadWait(pThis->aCts[i].AsyncIOThread, 1 /*ms*/, NULL);
7285 if (RT_SUCCESS(rc))
7286 {
7287 pThis->aCts[i].AsyncIOThread = NIL_RTTHREAD;
7288 LogRel(("PIIX3 ATA Dtor: Ctl#%u actually completed.\n", i));
7289 }
7290 }
7291
7292 for (uint32_t iIf = 0; iIf < RT_ELEMENTS(pThis->aCts[i].aIfs); iIf++)
7293 {
7294 if (pThis->aCts[i].aIfs[iIf].pTrackList)
7295 {
7296 ATAPIPassthroughTrackListDestroy(pThis->aCts[i].aIfs[iIf].pTrackList);
7297 pThis->aCts[i].aIfs[iIf].pTrackList = NULL;
7298 }
7299 }
7300 }
7301
7302 return VINF_SUCCESS;
7303}
7304
7305/**
7306 * Convert config value to DEVPCBIOSBOOT.
7307 *
7308 * @returns VBox status code.
7309 * @param pDevIns The device instance data.
7310 * @param pCfg Configuration handle.
7311 * @param penmChipset Where to store the chipset type.
7312 */
7313static int ataR3ControllerFromCfg(PPDMDEVINS pDevIns, PCFGMNODE pCfg, CHIPSET *penmChipset)
7314{
7315 char szType[20];
7316
7317 int rc = CFGMR3QueryStringDef(pCfg, "Type", &szType[0], sizeof(szType), "PIIX4");
7318 if (RT_FAILURE(rc))
7319 return PDMDevHlpVMSetError(pDevIns, rc, RT_SRC_POS,
7320 N_("Configuration error: Querying \"Type\" as a string failed"));
7321 if (!strcmp(szType, "PIIX3"))
7322 *penmChipset = CHIPSET_PIIX3;
7323 else if (!strcmp(szType, "PIIX4"))
7324 *penmChipset = CHIPSET_PIIX4;
7325 else if (!strcmp(szType, "ICH6"))
7326 *penmChipset = CHIPSET_ICH6;
7327 else
7328 {
7329 PDMDevHlpVMSetError(pDevIns, rc, RT_SRC_POS,
7330 N_("Configuration error: The \"Type\" value \"%s\" is unknown"),
7331 szType);
7332 rc = VERR_INTERNAL_ERROR;
7333 }
7334 return rc;
7335}
7336
7337/**
7338 * @interface_method_impl{PDMDEVREG,pfnConstruct}
7339 */
7340static DECLCALLBACK(int) ataR3Construct(PPDMDEVINS pDevIns, int iInstance, PCFGMNODE pCfg)
7341{
7342 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
7343 PPDMIBASE pBase;
7344 int rc;
7345 bool fRCEnabled;
7346 bool fR0Enabled;
7347 uint32_t DelayIRQMillies;
7348
7349 Assert(iInstance == 0);
7350 PDMDEV_CHECK_VERSIONS_RETURN(pDevIns);
7351
7352 /*
7353 * Initialize NIL handle values (for the destructor).
7354 */
7355 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
7356 {
7357 pThis->aCts[i].hAsyncIOSem = NIL_SUPSEMEVENT;
7358 pThis->aCts[i].SuspendIOSem = NIL_RTSEMEVENT;
7359 pThis->aCts[i].AsyncIOThread = NIL_RTTHREAD;
7360 }
7361
7362 /*
7363 * Validate and read configuration.
7364 */
7365 if (!CFGMR3AreValuesValid(pCfg,
7366 "GCEnabled\0"
7367 "R0Enabled\0"
7368 "IRQDelay\0"
7369 "Type\0")
7370 /** @todo || invalid keys */)
7371 return PDMDEV_SET_ERROR(pDevIns, VERR_PDM_DEVINS_UNKNOWN_CFG_VALUES,
7372 N_("PIIX3 configuration error: unknown option specified"));
7373
7374 rc = CFGMR3QueryBoolDef(pCfg, "GCEnabled", &fRCEnabled, true);
7375 if (RT_FAILURE(rc))
7376 return PDMDEV_SET_ERROR(pDevIns, rc,
7377 N_("PIIX3 configuration error: failed to read GCEnabled as boolean"));
7378 Log(("%s: fRCEnabled=%d\n", __FUNCTION__, fRCEnabled));
7379
7380 rc = CFGMR3QueryBoolDef(pCfg, "R0Enabled", &fR0Enabled, true);
7381 if (RT_FAILURE(rc))
7382 return PDMDEV_SET_ERROR(pDevIns, rc,
7383 N_("PIIX3 configuration error: failed to read R0Enabled as boolean"));
7384 Log(("%s: fR0Enabled=%d\n", __FUNCTION__, fR0Enabled));
7385
7386 rc = CFGMR3QueryU32Def(pCfg, "IRQDelay", &DelayIRQMillies, 0);
7387 if (RT_FAILURE(rc))
7388 return PDMDEV_SET_ERROR(pDevIns, rc,
7389 N_("PIIX3 configuration error: failed to read IRQDelay as integer"));
7390 Log(("%s: DelayIRQMillies=%d\n", __FUNCTION__, DelayIRQMillies));
7391 Assert(DelayIRQMillies < 50);
7392
7393 CHIPSET enmChipset = CHIPSET_PIIX3;
7394 rc = ataR3ControllerFromCfg(pDevIns, pCfg, &enmChipset);
7395 if (RT_FAILURE(rc))
7396 return rc;
7397 pThis->u8Type = (uint8_t)enmChipset;
7398
7399 /*
7400 * Initialize data (most of it anyway).
7401 */
7402 /* Status LUN. */
7403 pThis->IBase.pfnQueryInterface = ataR3Status_QueryInterface;
7404 pThis->ILeds.pfnQueryStatusLed = ataR3Status_QueryStatusLed;
7405
7406 /* PCI configuration space. */
7407 PCIDevSetVendorId(&pThis->dev, 0x8086); /* Intel */
7408
7409 /*
7410 * When adding more IDE chipsets, don't forget to update pci_bios_init_device()
7411 * as it explicitly checks for PCI id for IDE controllers.
7412 */
7413 switch (pThis->u8Type)
7414 {
7415 case CHIPSET_ICH6:
7416 PCIDevSetDeviceId(&pThis->dev, 0x269e); /* ICH6 IDE */
7417 /** @todo do we need it? Do we need anything else? */
7418 pThis->dev.abConfig[0x48] = 0x00; /* UDMACTL */
7419 pThis->dev.abConfig[0x4A] = 0x00; /* UDMATIM */
7420 pThis->dev.abConfig[0x4B] = 0x00;
7421 {
7422 /*
7423 * See www.intel.com/Assets/PDF/manual/298600.pdf p. 30
7424 * Report
7425 * WR_Ping-Pong_EN: must be set
7426 * PCR0, PCR1: 80-pin primary cable reporting for both disks
7427 * SCR0, SCR1: 80-pin secondary cable reporting for both disks
7428 */
7429 uint16_t u16Config = (1<<10) | (1<<7) | (1<<6) | (1<<5) | (1<<4) ;
7430 pThis->dev.abConfig[0x54] = u16Config & 0xff;
7431 pThis->dev.abConfig[0x55] = u16Config >> 8;
7432 }
7433 break;
7434 case CHIPSET_PIIX4:
7435 PCIDevSetDeviceId(&pThis->dev, 0x7111); /* PIIX4 IDE */
7436 PCIDevSetRevisionId(&pThis->dev, 0x01); /* PIIX4E */
7437 pThis->dev.abConfig[0x48] = 0x00; /* UDMACTL */
7438 pThis->dev.abConfig[0x4A] = 0x00; /* UDMATIM */
7439 pThis->dev.abConfig[0x4B] = 0x00;
7440 break;
7441 case CHIPSET_PIIX3:
7442 PCIDevSetDeviceId(&pThis->dev, 0x7010); /* PIIX3 IDE */
7443 break;
7444 default:
7445 AssertMsgFailed(("Unsupported IDE chipset type: %d\n", pThis->u8Type));
7446 }
7447
7448 PCIDevSetCommand( &pThis->dev, PCI_COMMAND_IOACCESS | PCI_COMMAND_MEMACCESS | PCI_COMMAND_BUSMASTER);
7449 PCIDevSetClassProg( &pThis->dev, 0x8a); /* programming interface = PCI_IDE bus master is supported */
7450 PCIDevSetClassSub( &pThis->dev, 0x01); /* class_sub = PCI_IDE */
7451 PCIDevSetClassBase( &pThis->dev, 0x01); /* class_base = PCI_mass_storage */
7452 PCIDevSetHeaderType(&pThis->dev, 0x00);
7453
7454 pThis->pDevIns = pDevIns;
7455 pThis->fRCEnabled = fRCEnabled;
7456 pThis->fR0Enabled = fR0Enabled;
7457 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
7458 {
7459 pThis->aCts[i].pDevInsR3 = pDevIns;
7460 pThis->aCts[i].pDevInsR0 = PDMDEVINS_2_R0PTR(pDevIns);
7461 pThis->aCts[i].pDevInsRC = PDMDEVINS_2_RCPTR(pDevIns);
7462 pThis->aCts[i].DelayIRQMillies = (uint32_t)DelayIRQMillies;
7463 for (uint32_t j = 0; j < RT_ELEMENTS(pThis->aCts[i].aIfs); j++)
7464 {
7465 ATADevState *pIf = &pThis->aCts[i].aIfs[j];
7466
7467 pIf->iLUN = i * RT_ELEMENTS(pThis->aCts) + j;
7468 pIf->pDevInsR3 = pDevIns;
7469 pIf->pDevInsR0 = PDMDEVINS_2_R0PTR(pDevIns);
7470 pIf->pDevInsRC = PDMDEVINS_2_RCPTR(pDevIns);
7471 pIf->pControllerR3 = &pThis->aCts[i];
7472 pIf->pControllerR0 = MMHyperR3ToR0(PDMDevHlpGetVM(pDevIns), &pThis->aCts[i]);
7473 pIf->pControllerRC = MMHyperR3ToRC(PDMDevHlpGetVM(pDevIns), &pThis->aCts[i]);
7474 pIf->IBase.pfnQueryInterface = ataR3QueryInterface;
7475 pIf->IMountNotify.pfnMountNotify = ataR3MountNotify;
7476 pIf->IMountNotify.pfnUnmountNotify = ataR3UnmountNotify;
7477 pIf->IPort.pfnQueryDeviceLocation = ataR3QueryDeviceLocation;
7478 pIf->Led.u32Magic = PDMLED_MAGIC;
7479 }
7480 }
7481
7482 Assert(RT_ELEMENTS(pThis->aCts) == 2);
7483 pThis->aCts[0].irq = 14;
7484 pThis->aCts[0].IOPortBase1 = 0x1f0;
7485 pThis->aCts[0].IOPortBase2 = 0x3f6;
7486 pThis->aCts[1].irq = 15;
7487 pThis->aCts[1].IOPortBase1 = 0x170;
7488 pThis->aCts[1].IOPortBase2 = 0x376;
7489
7490 /*
7491 * Set the default critical section to NOP as we lock on controller level.
7492 */
7493 rc = PDMDevHlpSetDeviceCritSect(pDevIns, PDMDevHlpCritSectGetNop(pDevIns));
7494 AssertRCReturn(rc, rc);
7495
7496 /*
7497 * Register the PCI device.
7498 */
7499 rc = PDMDevHlpPCIRegisterEx(pDevIns, &pThis->dev, PDMPCIDEVREG_CFG_PRIMARY, PDMPCIDEVREG_F_NOT_MANDATORY_NO,
7500 1 /*uPciDevNo*/, 1 /*uPciDevFn*/, "piix3ide");
7501 if (RT_FAILURE(rc))
7502 return PDMDEV_SET_ERROR(pDevIns, rc, N_("PIIX3 cannot register PCI device"));
7503 rc = PDMDevHlpPCIIORegionRegister(pDevIns, 4, 0x10, PCI_ADDRESS_SPACE_IO, ataR3BMDMAIORangeMap);
7504 if (RT_FAILURE(rc))
7505 return PDMDEV_SET_ERROR(pDevIns, rc, N_("PIIX3 cannot register PCI I/O region for BMDMA"));
7506
7507 /*
7508 * Register the I/O ports.
7509 * The ports are all hardcoded and enforced by the PIIX3 host bridge controller.
7510 */
7511 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
7512 {
7513 rc = PDMDevHlpIOPortRegister(pDevIns, pThis->aCts[i].IOPortBase1, 1, (RTHCPTR)(uintptr_t)i,
7514 ataIOPortWrite1Data, ataIOPortRead1Data,
7515 ataIOPortWriteStr1Data, ataIOPortReadStr1Data, "ATA I/O Base 1 - Data");
7516 AssertLogRelRCReturn(rc, rc);
7517 rc = PDMDevHlpIOPortRegister(pDevIns, pThis->aCts[i].IOPortBase1 + 1, 7, (RTHCPTR)(uintptr_t)i,
7518 ataIOPortWrite1Other, ataIOPortRead1Other, NULL, NULL, "ATA I/O Base 1 - Other");
7519
7520 AssertLogRelRCReturn(rc, rc);
7521 if (fRCEnabled)
7522 {
7523 rc = PDMDevHlpIOPortRegisterRC(pDevIns, pThis->aCts[i].IOPortBase1, 1, (RTGCPTR)i,
7524 "ataIOPortWrite1Data", "ataIOPortRead1Data",
7525 "ataIOPortWriteStr1Data", "ataIOPortReadStr1Data", "ATA I/O Base 1 - Data");
7526 AssertLogRelRCReturn(rc, rc);
7527 rc = PDMDevHlpIOPortRegisterRC(pDevIns, pThis->aCts[i].IOPortBase1 + 1, 7, (RTGCPTR)i,
7528 "ataIOPortWrite1Other", "ataIOPortRead1Other", NULL, NULL, "ATA I/O Base 1 - Other");
7529 AssertLogRelRCReturn(rc, rc);
7530 }
7531
7532 if (fR0Enabled)
7533 {
7534#if 0
7535 rc = PDMDevHlpIOPortRegisterR0(pDevIns, pThis->aCts[i].IOPortBase1, 1, (RTR0PTR)i,
7536 "ataIOPortWrite1Data", "ataIOPortRead1Data", NULL, NULL, "ATA I/O Base 1 - Data");
7537#else
7538 rc = PDMDevHlpIOPortRegisterR0(pDevIns, pThis->aCts[i].IOPortBase1, 1, (RTR0PTR)i,
7539 "ataIOPortWrite1Data", "ataIOPortRead1Data",
7540 "ataIOPortWriteStr1Data", "ataIOPortReadStr1Data", "ATA I/O Base 1 - Data");
7541#endif
7542 AssertLogRelRCReturn(rc, rc);
7543 rc = PDMDevHlpIOPortRegisterR0(pDevIns, pThis->aCts[i].IOPortBase1 + 1, 7, (RTR0PTR)i,
7544 "ataIOPortWrite1Other", "ataIOPortRead1Other", NULL, NULL, "ATA I/O Base 1 - Other");
7545 AssertLogRelRCReturn(rc, rc);
7546 }
7547
7548 rc = PDMDevHlpIOPortRegister(pDevIns, pThis->aCts[i].IOPortBase2, 1, (RTHCPTR)(uintptr_t)i,
7549 ataIOPortWrite2, ataIOPortRead2, NULL, NULL, "ATA I/O Base 2");
7550 if (RT_FAILURE(rc))
7551 return PDMDEV_SET_ERROR(pDevIns, rc, N_("PIIX3 cannot register base2 I/O handlers"));
7552
7553 if (fRCEnabled)
7554 {
7555 rc = PDMDevHlpIOPortRegisterRC(pDevIns, pThis->aCts[i].IOPortBase2, 1, (RTGCPTR)i,
7556 "ataIOPortWrite2", "ataIOPortRead2", NULL, NULL, "ATA I/O Base 2");
7557 if (RT_FAILURE(rc))
7558 return PDMDEV_SET_ERROR(pDevIns, rc, N_("PIIX3 cannot register base2 I/O handlers (GC)"));
7559 }
7560 if (fR0Enabled)
7561 {
7562 rc = PDMDevHlpIOPortRegisterR0(pDevIns, pThis->aCts[i].IOPortBase2, 1, (RTR0PTR)i,
7563 "ataIOPortWrite2", "ataIOPortRead2", NULL, NULL, "ATA I/O Base 2");
7564 if (RT_FAILURE(rc))
7565 return PDMDEV_SET_ERROR(pDevIns, rc, N_("PIIX3 cannot register base2 I/O handlers (R0)"));
7566 }
7567
7568 for (uint32_t j = 0; j < RT_ELEMENTS(pThis->aCts[i].aIfs); j++)
7569 {
7570 ATADevState *pIf = &pThis->aCts[i].aIfs[j];
7571 PDMDevHlpSTAMRegisterF(pDevIns, &pIf->StatATADMA, STAMTYPE_COUNTER, STAMVISIBILITY_ALWAYS, STAMUNIT_OCCURENCES,
7572 "Number of ATA DMA transfers.", "/Devices/IDE%d/ATA%d/Unit%d/DMA", iInstance, i, j);
7573 PDMDevHlpSTAMRegisterF(pDevIns, &pIf->StatATAPIO, STAMTYPE_COUNTER, STAMVISIBILITY_ALWAYS, STAMUNIT_OCCURENCES,
7574 "Number of ATA PIO transfers.", "/Devices/IDE%d/ATA%d/Unit%d/PIO", iInstance, i, j);
7575 PDMDevHlpSTAMRegisterF(pDevIns, &pIf->StatATAPIDMA, STAMTYPE_COUNTER, STAMVISIBILITY_ALWAYS, STAMUNIT_OCCURENCES,
7576 "Number of ATAPI DMA transfers.", "/Devices/IDE%d/ATA%d/Unit%d/AtapiDMA", iInstance, i, j);
7577 PDMDevHlpSTAMRegisterF(pDevIns, &pIf->StatATAPIPIO, STAMTYPE_COUNTER, STAMVISIBILITY_ALWAYS, STAMUNIT_OCCURENCES,
7578 "Number of ATAPI PIO transfers.", "/Devices/IDE%d/ATA%d/Unit%d/AtapiPIO", iInstance, i, j);
7579#ifdef VBOX_WITH_STATISTICS /** @todo release too. */
7580 PDMDevHlpSTAMRegisterF(pDevIns, &pIf->StatReads, STAMTYPE_PROFILE_ADV, STAMVISIBILITY_ALWAYS, STAMUNIT_TICKS_PER_CALL,
7581 "Profiling of the read operations.", "/Devices/IDE%d/ATA%d/Unit%d/Reads", iInstance, i, j);
7582#endif
7583 PDMDevHlpSTAMRegisterF(pDevIns, &pIf->StatBytesRead, STAMTYPE_COUNTER, STAMVISIBILITY_ALWAYS, STAMUNIT_BYTES,
7584 "Amount of data read.", "/Devices/IDE%d/ATA%d/Unit%d/ReadBytes", iInstance, i, j);
7585#ifdef VBOX_INSTRUMENT_DMA_WRITES
7586 PDMDevHlpSTAMRegisterF(pDevIns, &pIf->StatInstrVDWrites,STAMTYPE_PROFILE_ADV, STAMVISIBILITY_ALWAYS, STAMUNIT_TICKS_PER_CALL,
7587 "Profiling of the VD DMA write operations.", "/Devices/IDE%d/ATA%d/Unit%d/InstrVDWrites", iInstance, i, j);
7588#endif
7589#ifdef VBOX_WITH_STATISTICS
7590 PDMDevHlpSTAMRegisterF(pDevIns, &pIf->StatWrites, STAMTYPE_PROFILE_ADV, STAMVISIBILITY_ALWAYS, STAMUNIT_TICKS_PER_CALL,
7591 "Profiling of the write operations.", "/Devices/IDE%d/ATA%d/Unit%d/Writes", iInstance, i, j);
7592#endif
7593 PDMDevHlpSTAMRegisterF(pDevIns, &pIf->StatBytesWritten, STAMTYPE_COUNTER, STAMVISIBILITY_ALWAYS, STAMUNIT_BYTES,
7594 "Amount of data written.", "/Devices/IDE%d/ATA%d/Unit%d/WrittenBytes", iInstance, i, j);
7595#ifdef VBOX_WITH_STATISTICS
7596 PDMDevHlpSTAMRegisterF(pDevIns, &pIf->StatFlushes, STAMTYPE_PROFILE, STAMVISIBILITY_ALWAYS, STAMUNIT_TICKS_PER_CALL,
7597 "Profiling of the flush operations.", "/Devices/IDE%d/ATA%d/Unit%d/Flushes", iInstance, i, j);
7598#endif
7599 }
7600#ifdef VBOX_WITH_STATISTICS /** @todo release too. */
7601 PDMDevHlpSTAMRegisterF(pDevIns, &pThis->aCts[i].StatAsyncOps, STAMTYPE_COUNTER, STAMVISIBILITY_ALWAYS, STAMUNIT_OCCURENCES,
7602 "The number of async operations.", "/Devices/IDE%d/ATA%d/Async/Operations", iInstance, i);
7603 /** @todo STAMUNIT_MICROSECS */
7604 PDMDevHlpSTAMRegisterF(pDevIns, &pThis->aCts[i].StatAsyncMinWait, STAMTYPE_U64_RESET, STAMVISIBILITY_ALWAYS, STAMUNIT_NONE,
7605 "Minimum wait in microseconds.", "/Devices/IDE%d/ATA%d/Async/MinWait", iInstance, i);
7606 PDMDevHlpSTAMRegisterF(pDevIns, &pThis->aCts[i].StatAsyncMaxWait, STAMTYPE_U64_RESET, STAMVISIBILITY_ALWAYS, STAMUNIT_NONE,
7607 "Maximum wait in microseconds.", "/Devices/IDE%d/ATA%d/Async/MaxWait", iInstance, i);
7608 PDMDevHlpSTAMRegisterF(pDevIns, &pThis->aCts[i].StatAsyncTimeUS, STAMTYPE_COUNTER, STAMVISIBILITY_ALWAYS, STAMUNIT_NONE,
7609 "Total time spent in microseconds.", "/Devices/IDE%d/ATA%d/Async/TotalTimeUS", iInstance, i);
7610 PDMDevHlpSTAMRegisterF(pDevIns, &pThis->aCts[i].StatAsyncTime, STAMTYPE_PROFILE_ADV, STAMVISIBILITY_ALWAYS, STAMUNIT_TICKS_PER_CALL,
7611 "Profiling of async operations.", "/Devices/IDE%d/ATA%d/Async/Time", iInstance, i);
7612 PDMDevHlpSTAMRegisterF(pDevIns, &pThis->aCts[i].StatLockWait, STAMTYPE_PROFILE, STAMVISIBILITY_ALWAYS, STAMUNIT_TICKS_PER_CALL,
7613 "Profiling of locks.", "/Devices/IDE%d/ATA%d/Async/LockWait", iInstance, i);
7614#endif /* VBOX_WITH_STATISTICS */
7615
7616 /* Initialize per-controller critical section. */
7617 rc = PDMDevHlpCritSectInit(pDevIns, &pThis->aCts[i].lock, RT_SRC_POS, "ATA#%u-Ctl", i);
7618 AssertLogRelRCReturn(rc, rc);
7619
7620 /* Initialize per-controller async I/O request critical section. */
7621 rc = PDMDevHlpCritSectInit(pDevIns, &pThis->aCts[i].AsyncIORequestLock, RT_SRC_POS, "ATA#%u-Req", i);
7622 AssertLogRelRCReturn(rc, rc);
7623 }
7624
7625 /*
7626 * Attach status driver (optional).
7627 */
7628 rc = PDMDevHlpDriverAttach(pDevIns, PDM_STATUS_LUN, &pThis->IBase, &pBase, "Status Port");
7629 if (RT_SUCCESS(rc))
7630 {
7631 pThis->pLedsConnector = PDMIBASE_QUERY_INTERFACE(pBase, PDMILEDCONNECTORS);
7632 pThis->pMediaNotify = PDMIBASE_QUERY_INTERFACE(pBase, PDMIMEDIANOTIFY);
7633 }
7634 else if (rc != VERR_PDM_NO_ATTACHED_DRIVER)
7635 {
7636 AssertMsgFailed(("Failed to attach to status driver. rc=%Rrc\n", rc));
7637 return PDMDEV_SET_ERROR(pDevIns, rc, N_("PIIX3 cannot attach to status driver"));
7638 }
7639
7640 /*
7641 * Attach the units.
7642 */
7643 uint32_t cbTotalBuffer = 0;
7644 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
7645 {
7646 PATACONTROLLER pCtl = &pThis->aCts[i];
7647
7648 /*
7649 * Start the worker thread.
7650 */
7651 pCtl->uAsyncIOState = ATA_AIO_NEW;
7652 pCtl->pSupDrvSession = PDMDevHlpGetSupDrvSession(pDevIns);
7653 rc = SUPSemEventCreate(pCtl->pSupDrvSession, &pCtl->hAsyncIOSem);
7654 AssertLogRelRCReturn(rc, rc);
7655 rc = RTSemEventCreate(&pCtl->SuspendIOSem);
7656 AssertLogRelRCReturn(rc, rc);
7657
7658 ataR3AsyncIOClearRequests(pCtl);
7659 rc = RTThreadCreateF(&pCtl->AsyncIOThread, ataR3AsyncIOThread, (void *)pCtl, 128*1024 /*cbStack*/,
7660 RTTHREADTYPE_IO, RTTHREADFLAGS_WAITABLE, "ATA-%u", i);
7661 AssertLogRelRCReturn(rc, rc);
7662 Assert( pCtl->AsyncIOThread != NIL_RTTHREAD && pCtl->hAsyncIOSem != NIL_SUPSEMEVENT
7663 && pCtl->SuspendIOSem != NIL_RTSEMEVENT && PDMCritSectIsInitialized(&pCtl->AsyncIORequestLock));
7664 Log(("%s: controller %d AIO thread id %#x; sem %p susp_sem %p\n", __FUNCTION__, i, pCtl->AsyncIOThread, pCtl->hAsyncIOSem, pCtl->SuspendIOSem));
7665
7666 for (uint32_t j = 0; j < RT_ELEMENTS(pCtl->aIfs); j++)
7667 {
7668 static const char *s_apszDescs[RT_ELEMENTS(pThis->aCts)][RT_ELEMENTS(pCtl->aIfs)] =
7669 {
7670 { "Primary Master", "Primary Slave" },
7671 { "Secondary Master", "Secondary Slave" }
7672 };
7673
7674 /*
7675 * Try attach the block device and get the interfaces,
7676 * required as well as optional.
7677 */
7678 ATADevState *pIf = &pCtl->aIfs[j];
7679
7680 rc = PDMDevHlpDriverAttach(pDevIns, pIf->iLUN, &pIf->IBase, &pIf->pDrvBase, s_apszDescs[i][j]);
7681 if (RT_SUCCESS(rc))
7682 {
7683 rc = ataR3ConfigLun(pDevIns, pIf);
7684 if (RT_SUCCESS(rc))
7685 {
7686 /*
7687 * Init vendor product data.
7688 */
7689 static const char *s_apszCFGMKeys[RT_ELEMENTS(pThis->aCts)][RT_ELEMENTS(pCtl->aIfs)] =
7690 {
7691 { "PrimaryMaster", "PrimarySlave" },
7692 { "SecondaryMaster", "SecondarySlave" }
7693 };
7694
7695 /* Generate a default serial number. */
7696 char szSerial[ATA_SERIAL_NUMBER_LENGTH+1];
7697 RTUUID Uuid;
7698 if (pIf->pDrvMedia)
7699 rc = pIf->pDrvMedia->pfnGetUuid(pIf->pDrvMedia, &Uuid);
7700 else
7701 RTUuidClear(&Uuid);
7702
7703 if (RT_FAILURE(rc) || RTUuidIsNull(&Uuid))
7704 {
7705 /* Generate a predictable serial for drives which don't have a UUID. */
7706 RTStrPrintf(szSerial, sizeof(szSerial), "VB%x-%04x%04x",
7707 pIf->iLUN + pDevIns->iInstance * 32,
7708 pThis->aCts[i].IOPortBase1, pThis->aCts[i].IOPortBase2);
7709 }
7710 else
7711 RTStrPrintf(szSerial, sizeof(szSerial), "VB%08x-%08x", Uuid.au32[0], Uuid.au32[3]);
7712
7713 /* Get user config if present using defaults otherwise. */
7714 PCFGMNODE pCfgNode = CFGMR3GetChild(pCfg, s_apszCFGMKeys[i][j]);
7715 rc = CFGMR3QueryStringDef(pCfgNode, "SerialNumber", pIf->szSerialNumber, sizeof(pIf->szSerialNumber),
7716 szSerial);
7717 if (RT_FAILURE(rc))
7718 {
7719 if (rc == VERR_CFGM_NOT_ENOUGH_SPACE)
7720 return PDMDEV_SET_ERROR(pDevIns, VERR_INVALID_PARAMETER,
7721 N_("PIIX3 configuration error: \"SerialNumber\" is longer than 20 bytes"));
7722 return PDMDEV_SET_ERROR(pDevIns, rc,
7723 N_("PIIX3 configuration error: failed to read \"SerialNumber\" as string"));
7724 }
7725
7726 rc = CFGMR3QueryStringDef(pCfgNode, "FirmwareRevision", pIf->szFirmwareRevision, sizeof(pIf->szFirmwareRevision),
7727 "1.0");
7728 if (RT_FAILURE(rc))
7729 {
7730 if (rc == VERR_CFGM_NOT_ENOUGH_SPACE)
7731 return PDMDEV_SET_ERROR(pDevIns, VERR_INVALID_PARAMETER,
7732 N_("PIIX3 configuration error: \"FirmwareRevision\" is longer than 8 bytes"));
7733 return PDMDEV_SET_ERROR(pDevIns, rc,
7734 N_("PIIX3 configuration error: failed to read \"FirmwareRevision\" as string"));
7735 }
7736
7737 rc = CFGMR3QueryStringDef(pCfgNode, "ModelNumber", pIf->szModelNumber, sizeof(pIf->szModelNumber),
7738 pIf->fATAPI ? "VBOX CD-ROM" : "VBOX HARDDISK");
7739 if (RT_FAILURE(rc))
7740 {
7741 if (rc == VERR_CFGM_NOT_ENOUGH_SPACE)
7742 return PDMDEV_SET_ERROR(pDevIns, VERR_INVALID_PARAMETER,
7743 N_("PIIX3 configuration error: \"ModelNumber\" is longer than 40 bytes"));
7744 return PDMDEV_SET_ERROR(pDevIns, rc,
7745 N_("PIIX3 configuration error: failed to read \"ModelNumber\" as string"));
7746 }
7747
7748 /* There are three other identification strings for CD drives used for INQUIRY */
7749 if (pIf->fATAPI)
7750 {
7751 rc = CFGMR3QueryStringDef(pCfgNode, "ATAPIVendorId", pIf->szInquiryVendorId, sizeof(pIf->szInquiryVendorId),
7752 "VBOX");
7753 if (RT_FAILURE(rc))
7754 {
7755 if (rc == VERR_CFGM_NOT_ENOUGH_SPACE)
7756 return PDMDEV_SET_ERROR(pDevIns, VERR_INVALID_PARAMETER,
7757 N_("PIIX3 configuration error: \"ATAPIVendorId\" is longer than 16 bytes"));
7758 return PDMDEV_SET_ERROR(pDevIns, rc,
7759 N_("PIIX3 configuration error: failed to read \"ATAPIVendorId\" as string"));
7760 }
7761
7762 rc = CFGMR3QueryStringDef(pCfgNode, "ATAPIProductId", pIf->szInquiryProductId, sizeof(pIf->szInquiryProductId),
7763 "CD-ROM");
7764 if (RT_FAILURE(rc))
7765 {
7766 if (rc == VERR_CFGM_NOT_ENOUGH_SPACE)
7767 return PDMDEV_SET_ERROR(pDevIns, VERR_INVALID_PARAMETER,
7768 N_("PIIX3 configuration error: \"ATAPIProductId\" is longer than 16 bytes"));
7769 return PDMDEV_SET_ERROR(pDevIns, rc,
7770 N_("PIIX3 configuration error: failed to read \"ATAPIProductId\" as string"));
7771 }
7772
7773 rc = CFGMR3QueryStringDef(pCfgNode, "ATAPIRevision", pIf->szInquiryRevision, sizeof(pIf->szInquiryRevision),
7774 "1.0");
7775 if (RT_FAILURE(rc))
7776 {
7777 if (rc == VERR_CFGM_NOT_ENOUGH_SPACE)
7778 return PDMDEV_SET_ERROR(pDevIns, VERR_INVALID_PARAMETER,
7779 N_("PIIX3 configuration error: \"ATAPIRevision\" is longer than 4 bytes"));
7780 return PDMDEV_SET_ERROR(pDevIns, rc,
7781 N_("PIIX3 configuration error: failed to read \"ATAPIRevision\" as string"));
7782 }
7783
7784 rc = CFGMR3QueryBoolDef(pCfgNode, "OverwriteInquiry", &pIf->fOverwriteInquiry, true);
7785 if (RT_FAILURE(rc))
7786 return PDMDEV_SET_ERROR(pDevIns, rc,
7787 N_("PIIX3 configuration error: failed to read \"OverwriteInquiry\" as boolean"));
7788 }
7789 }
7790
7791 }
7792 else if (rc == VERR_PDM_NO_ATTACHED_DRIVER)
7793 {
7794 pIf->pDrvBase = NULL;
7795 pIf->pDrvMedia = NULL;
7796 pIf->cbIOBuffer = 0;
7797 pIf->pbIOBufferR3 = NULL;
7798 pIf->pbIOBufferR0 = NIL_RTR0PTR;
7799 pIf->pbIOBufferRC = NIL_RTGCPTR;
7800 LogRel(("PIIX3 ATA: LUN#%d: no unit\n", pIf->iLUN));
7801 }
7802 else
7803 {
7804 switch (rc)
7805 {
7806 case VERR_ACCESS_DENIED:
7807 /* Error already cached by DrvHostBase */
7808 return rc;
7809 default:
7810 return PDMDevHlpVMSetError(pDevIns, rc, RT_SRC_POS,
7811 N_("PIIX3 cannot attach drive to the %s"),
7812 s_apszDescs[i][j]);
7813 }
7814 }
7815 cbTotalBuffer += pIf->cbIOBuffer;
7816 }
7817 }
7818
7819 rc = PDMDevHlpSSMRegisterEx(pDevIns, ATA_SAVED_STATE_VERSION, sizeof(*pThis) + cbTotalBuffer, NULL,
7820 NULL, ataR3LiveExec, NULL,
7821 ataR3SaveLoadPrep, ataR3SaveExec, NULL,
7822 ataR3SaveLoadPrep, ataR3LoadExec, NULL);
7823 if (RT_FAILURE(rc))
7824 return PDMDEV_SET_ERROR(pDevIns, rc, N_("PIIX3 cannot register save state handlers"));
7825
7826 /*
7827 * Initialize the device state.
7828 */
7829 return ataR3ResetCommon(pDevIns, true /*fConstruct*/);
7830}
7831
7832
7833/**
7834 * The device registration structure.
7835 */
7836const PDMDEVREG g_DevicePIIX3IDE =
7837{
7838 /* u32Version */
7839 PDM_DEVREG_VERSION,
7840 /* szName */
7841 "piix3ide",
7842 /* szRCMod */
7843 "VBoxDDRC.rc",
7844 /* szR0Mod */
7845 "VBoxDDR0.r0",
7846 /* pszDescription */
7847 "Intel PIIX3 ATA controller.\n"
7848 " LUN #0 is primary master.\n"
7849 " LUN #1 is primary slave.\n"
7850 " LUN #2 is secondary master.\n"
7851 " LUN #3 is secondary slave.\n"
7852 " LUN #999 is the LED/Status connector.",
7853 /* fFlags */
7854 PDM_DEVREG_FLAGS_DEFAULT_BITS | PDM_DEVREG_FLAGS_RC | PDM_DEVREG_FLAGS_R0 |
7855 PDM_DEVREG_FLAGS_FIRST_SUSPEND_NOTIFICATION | PDM_DEVREG_FLAGS_FIRST_POWEROFF_NOTIFICATION |
7856 PDM_DEVREG_FLAGS_FIRST_RESET_NOTIFICATION,
7857 /* fClass */
7858 PDM_DEVREG_CLASS_STORAGE,
7859 /* cMaxInstances */
7860 1,
7861 /* cbInstance */
7862 sizeof(PCIATAState),
7863 /* pfnConstruct */
7864 ataR3Construct,
7865 /* pfnDestruct */
7866 ataR3Destruct,
7867 /* pfnRelocate */
7868 ataR3Relocate,
7869 /* pfnMemSetup */
7870 NULL,
7871 /* pfnPowerOn */
7872 NULL,
7873 /* pfnReset */
7874 ataR3Reset,
7875 /* pfnSuspend */
7876 ataR3Suspend,
7877 /* pfnResume */
7878 ataR3Resume,
7879 /* pfnAttach */
7880 ataR3Attach,
7881 /* pfnDetach */
7882 ataR3Detach,
7883 /* pfnQueryInterface. */
7884 NULL,
7885 /* pfnInitComplete */
7886 NULL,
7887 /* pfnPowerOff */
7888 ataR3PowerOff,
7889 /* pfnSoftReset */
7890 NULL,
7891 /* u32VersionEnd */
7892 PDM_DEVREG_VERSION
7893};
7894#endif /* IN_RING3 */
7895#endif /* !VBOX_DEVICE_STRUCT_TESTCASE */
Note: See TracBrowser for help on using the repository browser.

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette