VirtualBox

source: vbox/trunk/src/VBox/Devices/Storage/DevATA.cpp@ 78398

Last change on this file since 78398 was 78394, checked in by vboxsync, 6 years ago

DevATA: Minor cleanup, better compatibility with old ATA devices, streamline task register reads when busy (see bugref:5869).

  • Property svn:eol-style set to native
  • Property svn:keywords set to Author Date Id Revision
File size: 312.2 KB
Line 
1/* $Id: DevATA.cpp 78394 2019-05-06 15:14:09Z vboxsync $ */
2/** @file
3 * VBox storage devices: ATA/ATAPI controller device (disk and cdrom).
4 */
5
6/*
7 * Copyright (C) 2006-2019 Oracle Corporation
8 *
9 * This file is part of VirtualBox Open Source Edition (OSE), as
10 * available from http://www.virtualbox.org. This file is free software;
11 * you can redistribute it and/or modify it under the terms of the GNU
12 * General Public License (GPL) as published by the Free Software
13 * Foundation, in version 2 as it comes in the "COPYING" file of the
14 * VirtualBox OSE distribution. VirtualBox OSE is distributed in the
15 * hope that it will be useful, but WITHOUT ANY WARRANTY of any kind.
16 */
17
18
19/*********************************************************************************************************************************
20* Defined Constants And Macros *
21*********************************************************************************************************************************/
22/** Temporary instrumentation for tracking down potential virtual disk
23 * write performance issues. */
24#undef VBOX_INSTRUMENT_DMA_WRITES
25
26/** @name The SSM saved state versions.
27 * @{
28 */
29/** The current saved state version. */
30#define ATA_SAVED_STATE_VERSION 20
31/** The saved state version used by VirtualBox 3.0.
32 * This lacks the config part and has the type at the and. */
33#define ATA_SAVED_STATE_VERSION_VBOX_30 19
34#define ATA_SAVED_STATE_VERSION_WITH_BOOL_TYPE 18
35#define ATA_SAVED_STATE_VERSION_WITHOUT_FULL_SENSE 16
36#define ATA_SAVED_STATE_VERSION_WITHOUT_EVENT_STATUS 17
37/** @} */
38
39/** Values read from an empty (with no devices attached) ATA bus. */
40#define ATA_EMPTY_BUS_DATA 0x7F
41#define ATA_EMPTY_BUS_DATA_32 0x7F7F7F7F
42
43
44/*********************************************************************************************************************************
45* Header Files *
46*********************************************************************************************************************************/
47#define LOG_GROUP LOG_GROUP_DEV_IDE
48#include <VBox/vmm/pdmdev.h>
49#include <VBox/vmm/pdmstorageifs.h>
50#include <iprt/assert.h>
51#include <iprt/string.h>
52#ifdef IN_RING3
53# include <iprt/mem.h>
54# include <iprt/mp.h>
55# include <iprt/semaphore.h>
56# include <iprt/thread.h>
57# include <iprt/time.h>
58# include <iprt/uuid.h>
59#endif /* IN_RING3 */
60#include <iprt/critsect.h>
61#include <iprt/asm.h>
62#include <VBox/vmm/stam.h>
63#include <VBox/vmm/mm.h>
64#include <VBox/vmm/pgm.h>
65
66#include <VBox/sup.h>
67#include <VBox/scsi.h>
68#include <VBox/scsiinline.h>
69#include <VBox/ata.h>
70
71#include "ATAPIPassthrough.h"
72#include "VBoxDD.h"
73
74
75/*********************************************************************************************************************************
76* Defined Constants And Macros *
77*********************************************************************************************************************************/
78/**
79 * Maximum number of sectors to transfer in a READ/WRITE MULTIPLE request.
80 * Set to 1 to disable multi-sector read support. According to the ATA
81 * specification this must be a power of 2 and it must fit in an 8 bit
82 * value. Thus the only valid values are 1, 2, 4, 8, 16, 32, 64 and 128.
83 */
84#define ATA_MAX_MULT_SECTORS 128
85
86/**
87 * Fastest PIO mode supported by the drive.
88 */
89#define ATA_PIO_MODE_MAX 4
90/**
91 * Fastest MDMA mode supported by the drive.
92 */
93#define ATA_MDMA_MODE_MAX 2
94/**
95 * Fastest UDMA mode supported by the drive.
96 */
97#define ATA_UDMA_MODE_MAX 6
98
99/** ATAPI sense info size. */
100#define ATAPI_SENSE_SIZE 64
101
102/** The maximum number of release log entries per device. */
103#define MAX_LOG_REL_ERRORS 1024
104
105/* MediaEventStatus */
106#define ATA_EVENT_STATUS_UNCHANGED 0 /**< medium event status not changed */
107#define ATA_EVENT_STATUS_MEDIA_NEW 1 /**< new medium inserted */
108#define ATA_EVENT_STATUS_MEDIA_REMOVED 2 /**< medium removed */
109#define ATA_EVENT_STATUS_MEDIA_CHANGED 3 /**< medium was removed + new medium was inserted */
110#define ATA_EVENT_STATUS_MEDIA_EJECT_REQUESTED 4 /**< medium eject requested (eject button pressed) */
111
112/* Media track type */
113#define ATA_MEDIA_TYPE_UNKNOWN 0 /**< unknown CD type */
114#define ATA_MEDIA_NO_DISC 0x70 /**< Door closed, no medium */
115
116/** @defgroup grp_piix3atabmdma PIIX3 ATA Bus Master DMA
117 * @{
118 */
119
120/** @name BM_STATUS
121 * @{
122 */
123/** Currently performing a DMA operation. */
124#define BM_STATUS_DMAING 0x01
125/** An error occurred during the DMA operation. */
126#define BM_STATUS_ERROR 0x02
127/** The DMA unit has raised the IDE interrupt line. */
128#define BM_STATUS_INT 0x04
129/** User-defined bit 0, commonly used to signal that drive 0 supports DMA. */
130#define BM_STATUS_D0DMA 0x20
131/** User-defined bit 1, commonly used to signal that drive 1 supports DMA. */
132#define BM_STATUS_D1DMA 0x40
133/** @} */
134
135/** @name BM_CMD
136 * @{
137 */
138/** Start the DMA operation. */
139#define BM_CMD_START 0x01
140/** Data transfer direction: from device to memory if set. */
141#define BM_CMD_WRITE 0x08
142/** @} */
143
144/** @} */
145
146
147/*********************************************************************************************************************************
148* Structures and Typedefs *
149*********************************************************************************************************************************/
150/** @defgroup grp_piix3atabmdma PIIX3 ATA Bus Master DMA
151 * @{
152 */
153/** PIIX3 Bus Master DMA unit state. */
154typedef struct BMDMAState
155{
156 /** Command register. */
157 uint8_t u8Cmd;
158 /** Status register. */
159 uint8_t u8Status;
160 /** Address of the MMIO region in the guest's memory space. */
161 RTGCPHYS32 GCPhysAddr;
162} BMDMAState;
163
164/** PIIX3 Bus Master DMA descriptor entry. */
165typedef struct BMDMADesc
166{
167 /** Address of the DMA source/target buffer. */
168 RTGCPHYS32 GCPhysBuffer;
169 /** Size of the DMA source/target buffer. */
170 uint32_t cbBuffer;
171} BMDMADesc;
172/** @} */
173
174
175/**
176 * The state of an ATA device.
177 *
178 * @implements PDMIBASE
179 * @implements PDMIBLOCKPORT
180 * @implements PDMIMOUNTNOTIFY
181 */
182typedef struct ATADevState
183{
184 /** Flag indicating whether the current command uses LBA48 mode. */
185 bool fLBA48;
186 /** Flag indicating whether this drive implements the ATAPI command set. */
187 bool fATAPI;
188 /** Set if this interface has asserted the IRQ. */
189 bool fIrqPending;
190 /** Currently configured number of sectors in a multi-sector transfer. */
191 uint8_t cMultSectors;
192 /** PCHS disk geometry. */
193 PDMMEDIAGEOMETRY PCHSGeometry;
194 /** Total number of sectors on this disk. */
195 uint64_t cTotalSectors;
196 /** Sector size of the medium. */
197 uint32_t cbSector;
198 /** Number of sectors to transfer per IRQ. */
199 uint32_t cSectorsPerIRQ;
200
201 /** ATA/ATAPI register 1: feature (write-only). */
202 uint8_t uATARegFeature;
203 /** ATA/ATAPI register 1: feature, high order byte. */
204 uint8_t uATARegFeatureHOB;
205 /** ATA/ATAPI register 1: error (read-only). */
206 uint8_t uATARegError;
207 /** ATA/ATAPI register 2: sector count (read/write). */
208 uint8_t uATARegNSector;
209 /** ATA/ATAPI register 2: sector count, high order byte. */
210 uint8_t uATARegNSectorHOB;
211 /** ATA/ATAPI register 3: sector (read/write). */
212 uint8_t uATARegSector;
213 /** ATA/ATAPI register 3: sector, high order byte. */
214 uint8_t uATARegSectorHOB;
215 /** ATA/ATAPI register 4: cylinder low (read/write). */
216 uint8_t uATARegLCyl;
217 /** ATA/ATAPI register 4: cylinder low, high order byte. */
218 uint8_t uATARegLCylHOB;
219 /** ATA/ATAPI register 5: cylinder high (read/write). */
220 uint8_t uATARegHCyl;
221 /** ATA/ATAPI register 5: cylinder high, high order byte. */
222 uint8_t uATARegHCylHOB;
223 /** ATA/ATAPI register 6: select drive/head (read/write). */
224 uint8_t uATARegSelect;
225 /** ATA/ATAPI register 7: status (read-only). */
226 uint8_t uATARegStatus;
227 /** ATA/ATAPI register 7: command (write-only). */
228 uint8_t uATARegCommand;
229 /** ATA/ATAPI drive control register (write-only). */
230 uint8_t uATARegDevCtl;
231
232 /** Currently active transfer mode (MDMA/UDMA) and speed. */
233 uint8_t uATATransferMode;
234 /** Current transfer direction. */
235 uint8_t uTxDir;
236 /** Index of callback for begin transfer. */
237 uint8_t iBeginTransfer;
238 /** Index of callback for source/sink of data. */
239 uint8_t iSourceSink;
240 /** Flag indicating whether the current command transfers data in DMA mode. */
241 bool fDMA;
242 /** Set to indicate that ATAPI transfer semantics must be used. */
243 bool fATAPITransfer;
244
245 /** Total ATA/ATAPI transfer size, shared PIO/DMA. */
246 uint32_t cbTotalTransfer;
247 /** Elementary ATA/ATAPI transfer size, shared PIO/DMA. */
248 uint32_t cbElementaryTransfer;
249 /** Maximum ATAPI elementary transfer size, PIO only. */
250 uint32_t cbPIOTransferLimit;
251 /** ATAPI passthrough transfer size, shared PIO/DMA */
252 uint32_t cbAtapiPassthroughTransfer;
253 /** Current read/write buffer position, shared PIO/DMA. */
254 uint32_t iIOBufferCur;
255 /** First element beyond end of valid buffer content, shared PIO/DMA. */
256 uint32_t iIOBufferEnd;
257 /** Align the following fields correctly. */
258 uint32_t Alignment0;
259
260 /** ATA/ATAPI current PIO read/write transfer position. Not shared with DMA for safety reasons. */
261 uint32_t iIOBufferPIODataStart;
262 /** ATA/ATAPI current PIO read/write transfer end. Not shared with DMA for safety reasons. */
263 uint32_t iIOBufferPIODataEnd;
264
265 /** ATAPI current LBA position. */
266 uint32_t iATAPILBA;
267 /** ATAPI current sector size. */
268 uint32_t cbATAPISector;
269 /** ATAPI current command. */
270 uint8_t aATAPICmd[ATAPI_PACKET_SIZE];
271 /** ATAPI sense data. */
272 uint8_t abATAPISense[ATAPI_SENSE_SIZE];
273 /** HACK: Countdown till we report a newly unmounted drive as mounted. */
274 uint8_t cNotifiedMediaChange;
275 /** The same for GET_EVENT_STATUS for mechanism */
276 volatile uint32_t MediaEventStatus;
277
278 /** Media type if known. */
279 volatile uint32_t MediaTrackType;
280
281 /** The status LED state for this drive. */
282 PDMLED Led;
283
284 /** Size of I/O buffer. */
285 uint32_t cbIOBuffer;
286 /** Pointer to the I/O buffer. */
287 R3PTRTYPE(uint8_t *) pbIOBufferR3;
288 /** Pointer to the I/O buffer. */
289 R0PTRTYPE(uint8_t *) pbIOBufferR0;
290 /** Pointer to the I/O buffer. */
291 RCPTRTYPE(uint8_t *) pbIOBufferRC;
292
293 /*
294 * No data that is part of the saved state after this point!!!!!
295 */
296
297 /** Counter for number of busy status seen in R3 in a row. */
298 uint8_t cBusyStatusHackR3;
299 /** Counter for number of busy status seen in GC/R0 in a row. */
300 uint8_t cBusyStatusHackRZ;
301 /** Defines the R3 yield rate by a mask (power of 2 minus one).
302 * Lower is more agressive. */
303 uint8_t cBusyStatusHackR3Rate;
304 /** Defines the R0/RC yield rate by a mask (power of 2 minus one).
305 * Lower is more agressive. */
306 uint8_t cBusyStatusHackRZRate;
307
308 /** Release statistics: number of ATA DMA commands. */
309 STAMCOUNTER StatATADMA;
310 /** Release statistics: number of ATA PIO commands. */
311 STAMCOUNTER StatATAPIO;
312 /** Release statistics: number of ATAPI PIO commands. */
313 STAMCOUNTER StatATAPIDMA;
314 /** Release statistics: number of ATAPI PIO commands. */
315 STAMCOUNTER StatATAPIPIO;
316#ifdef VBOX_INSTRUMENT_DMA_WRITES
317 /** Release statistics: number of DMA sector writes and the time spent. */
318 STAMPROFILEADV StatInstrVDWrites;
319#endif
320 /** Release statistics: Profiling RTThreadYield calls during status polling. */
321 STAMPROFILEADV StatStatusYields;
322
323 /** Statistics: number of read operations and the time spent reading. */
324 STAMPROFILEADV StatReads;
325 /** Statistics: number of bytes read. */
326 STAMCOUNTER StatBytesRead;
327 /** Statistics: number of write operations and the time spent writing. */
328 STAMPROFILEADV StatWrites;
329 /** Statistics: number of bytes written. */
330 STAMCOUNTER StatBytesWritten;
331 /** Statistics: number of flush operations and the time spend flushing. */
332 STAMPROFILE StatFlushes;
333
334 /** Enable passing through commands directly to the ATAPI drive. */
335 bool fATAPIPassthrough;
336 /** Flag whether to overwrite inquiry data in passthrough mode. */
337 bool fOverwriteInquiry;
338 /** Number of errors we've reported to the release log.
339 * This is to prevent flooding caused by something going horribly wrong.
340 * this value against MAX_LOG_REL_ERRORS in places likely to cause floods
341 * like the ones we currently seeing on the linux smoke tests (2006-11-10). */
342 uint32_t cErrors;
343 /** Timestamp of last started command. 0 if no command pending. */
344 uint64_t u64CmdTS;
345
346 /** Pointer to the attached driver's base interface. */
347 R3PTRTYPE(PPDMIBASE) pDrvBase;
348 /** Pointer to the attached driver's block interface. */
349 R3PTRTYPE(PPDMIMEDIA) pDrvMedia;
350 /** Pointer to the attached driver's mount interface.
351 * This is NULL if the driver isn't a removable unit. */
352 R3PTRTYPE(PPDMIMOUNT) pDrvMount;
353 /** The base interface. */
354 PDMIBASE IBase;
355 /** The block port interface. */
356 PDMIMEDIAPORT IPort;
357 /** The mount notify interface. */
358 PDMIMOUNTNOTIFY IMountNotify;
359 /** The LUN #. */
360 RTUINT iLUN;
361
362 RTUINT Alignment2; /**< Align pDevInsR3 correctly. */
363
364 /** Pointer to device instance. */
365 PPDMDEVINSR3 pDevInsR3;
366 /** Pointer to controller instance. */
367 R3PTRTYPE(struct ATACONTROLLER *) pControllerR3;
368 /** Pointer to device instance. */
369 PPDMDEVINSR0 pDevInsR0;
370 /** Pointer to controller instance. */
371 R0PTRTYPE(struct ATACONTROLLER *) pControllerR0;
372 /** Pointer to device instance. */
373 PPDMDEVINSRC pDevInsRC;
374 /** Pointer to controller instance. */
375 RCPTRTYPE(struct ATACONTROLLER *) pControllerRC;
376
377 /** The serial number to use for IDENTIFY DEVICE commands. */
378 char szSerialNumber[ATA_SERIAL_NUMBER_LENGTH+1];
379 /** The firmware revision to use for IDENTIFY DEVICE commands. */
380 char szFirmwareRevision[ATA_FIRMWARE_REVISION_LENGTH+1];
381 /** The model number to use for IDENTIFY DEVICE commands. */
382 char szModelNumber[ATA_MODEL_NUMBER_LENGTH+1];
383 /** The vendor identification string for SCSI INQUIRY commands. */
384 char szInquiryVendorId[SCSI_INQUIRY_VENDOR_ID_LENGTH+1];
385 /** The product identification string for SCSI INQUIRY commands. */
386 char szInquiryProductId[SCSI_INQUIRY_PRODUCT_ID_LENGTH+1];
387 /** The revision string for SCSI INQUIRY commands. */
388 char szInquiryRevision[SCSI_INQUIRY_REVISION_LENGTH+1];
389 /** The current tracklist of the loaded medium if passthrough is used. */
390 R3PTRTYPE(PTRACKLIST) pTrackList;
391
392 uint8_t abAlignment4[HC_ARCH_BITS == 64 ? 7 : 3];
393} ATADevState;
394AssertCompileMemberAlignment(ATADevState, cTotalSectors, 8);
395AssertCompileMemberAlignment(ATADevState, StatATADMA, 8);
396AssertCompileMemberAlignment(ATADevState, u64CmdTS, 8);
397AssertCompileMemberAlignment(ATADevState, pDevInsR3, 8);
398AssertCompileMemberAlignment(ATADevState, szSerialNumber, 8);
399AssertCompileSizeAlignment(ATADevState, 8);
400
401
402/**
403 * Transfer request forwarded to the async I/O thread.
404 */
405typedef struct ATATransferRequest
406{
407 /** The interface index the request is for. */
408 uint8_t iIf;
409 /** The index of the begin transfer callback to call. */
410 uint8_t iBeginTransfer;
411 /** The index of the source sink callback to call for doing the transfer. */
412 uint8_t iSourceSink;
413 /** How many bytes to transfer. */
414 uint32_t cbTotalTransfer;
415 /** Transfer direction. */
416 uint8_t uTxDir;
417} ATATransferRequest;
418
419
420/**
421 * Abort request forwarded to the async I/O thread.
422 */
423typedef struct ATAAbortRequest
424{
425 /** The interface index the request is for. */
426 uint8_t iIf;
427 /** Flag whether to reset the drive. */
428 bool fResetDrive;
429} ATAAbortRequest;
430
431
432/**
433 * Request type indicator.
434 */
435typedef enum
436{
437 /** Begin a new transfer. */
438 ATA_AIO_NEW = 0,
439 /** Continue a DMA transfer. */
440 ATA_AIO_DMA,
441 /** Continue a PIO transfer. */
442 ATA_AIO_PIO,
443 /** Reset the drives on current controller, stop all transfer activity. */
444 ATA_AIO_RESET_ASSERTED,
445 /** Reset the drives on current controller, resume operation. */
446 ATA_AIO_RESET_CLEARED,
447 /** Abort the current transfer of a particular drive. */
448 ATA_AIO_ABORT
449} ATAAIO;
450
451
452/**
453 * Combining structure for an ATA request to the async I/O thread
454 * started with the request type insicator.
455 */
456typedef struct ATARequest
457{
458 /** Request type. */
459 ATAAIO ReqType;
460 /** Request type dependent data. */
461 union
462 {
463 /** Transfer request specific data. */
464 ATATransferRequest t;
465 /** Abort request specific data. */
466 ATAAbortRequest a;
467 } u;
468} ATARequest;
469
470
471/**
472 * The state of an ATA controller containing to devices (master and slave).
473 */
474typedef struct ATACONTROLLER
475{
476 /** The base of the first I/O Port range. */
477 RTIOPORT IOPortBase1;
478 /** The base of the second I/O Port range. (0 if none) */
479 RTIOPORT IOPortBase2;
480 /** The assigned IRQ. */
481 RTUINT irq;
482 /** Access critical section */
483 PDMCRITSECT lock;
484
485 /** Selected drive. */
486 uint8_t iSelectedIf;
487 /** The interface on which to handle async I/O. */
488 uint8_t iAIOIf;
489 /** The state of the async I/O thread. */
490 uint8_t uAsyncIOState;
491 /** Flag indicating whether the next transfer is part of the current command. */
492 bool fChainedTransfer;
493 /** Set when the reset processing is currently active on this controller. */
494 bool fReset;
495 /** Flag whether the current transfer needs to be redone. */
496 bool fRedo;
497 /** Flag whether the redo suspend has been finished. */
498 bool fRedoIdle;
499 /** Flag whether the DMA operation to be redone is the final transfer. */
500 bool fRedoDMALastDesc;
501 /** The BusMaster DMA state. */
502 BMDMAState BmDma;
503 /** Pointer to first DMA descriptor. */
504 RTGCPHYS32 GCPhysFirstDMADesc;
505 /** Pointer to last DMA descriptor. */
506 RTGCPHYS32 GCPhysLastDMADesc;
507 /** Pointer to current DMA buffer (for redo operations). */
508 RTGCPHYS32 GCPhysRedoDMABuffer;
509 /** Size of current DMA buffer (for redo operations). */
510 uint32_t cbRedoDMABuffer;
511
512 /** The ATA/ATAPI interfaces of this controller. */
513 ATADevState aIfs[2];
514
515 /** Pointer to device instance. */
516 PPDMDEVINSR3 pDevInsR3;
517 /** Pointer to device instance. */
518 PPDMDEVINSR0 pDevInsR0;
519 /** Pointer to device instance. */
520 PPDMDEVINSRC pDevInsRC;
521
522 /** Set when the destroying the device instance and the thread must exit. */
523 uint32_t volatile fShutdown;
524 /** The async I/O thread handle. NIL_RTTHREAD if no thread. */
525 RTTHREAD AsyncIOThread;
526 /** The event semaphore the thread is waiting on for requests. */
527 SUPSEMEVENT hAsyncIOSem;
528 /** The support driver session handle. */
529 PSUPDRVSESSION pSupDrvSession;
530 /** The request queue for the AIO thread. One element is always unused. */
531 ATARequest aAsyncIORequests[4];
532 /** The position at which to insert a new request for the AIO thread. */
533 volatile uint8_t AsyncIOReqHead;
534 /** The position at which to get a new request for the AIO thread. */
535 volatile uint8_t AsyncIOReqTail;
536 /** Whether to call PDMDevHlpAsyncNotificationCompleted when idle. */
537 bool volatile fSignalIdle;
538 uint8_t Alignment3[1]; /**< Explicit padding of the 1 byte gap. */
539 /** Magic delay before triggering interrupts in DMA mode. */
540 uint32_t DelayIRQMillies;
541 /** The event semaphore the thread is waiting on during suspended I/O. */
542 RTSEMEVENT SuspendIOSem;
543 /** The lock protecting the request queue. */
544 PDMCRITSECT AsyncIORequestLock;
545
546 /** Timestamp we started the reset. */
547 uint64_t u64ResetTime;
548
549 /* Statistics */
550 STAMCOUNTER StatAsyncOps;
551 uint64_t StatAsyncMinWait;
552 uint64_t StatAsyncMaxWait;
553 STAMCOUNTER StatAsyncTimeUS;
554 STAMPROFILEADV StatAsyncTime;
555 STAMPROFILE StatLockWait;
556} ATACONTROLLER, *PATACONTROLLER;
557AssertCompileMemberAlignment(ATACONTROLLER, lock, 8);
558AssertCompileMemberAlignment(ATACONTROLLER, aIfs, 8);
559AssertCompileMemberAlignment(ATACONTROLLER, u64ResetTime, 8);
560AssertCompileMemberAlignment(ATACONTROLLER, StatAsyncOps, 8);
561AssertCompileMemberAlignment(ATACONTROLLER, AsyncIORequestLock, 8);
562AssertCompileSizeAlignment(ATACONTROLLER, 8);
563
564typedef enum CHIPSET
565{
566 /** PIIX3 chipset, must be 0 for saved state compatibility */
567 CHIPSET_PIIX3 = 0,
568 /** PIIX4 chipset, must be 1 for saved state compatibility */
569 CHIPSET_PIIX4 = 1,
570 /** ICH6 chipset */
571 CHIPSET_ICH6 = 2
572} CHIPSET;
573
574/**
575 * The state of the ATA PCI device.
576 *
577 * @extends PDMPCIDEV
578 * @implements PDMILEDPORTS
579 */
580typedef struct PCIATAState
581{
582 PDMPCIDEV dev;
583 /** The controllers. */
584 ATACONTROLLER aCts[2];
585 /** Pointer to device instance. */
586 PPDMDEVINSR3 pDevIns;
587 /** Status LUN: Base interface. */
588 PDMIBASE IBase;
589 /** Status LUN: Leds interface. */
590 PDMILEDPORTS ILeds;
591 /** Status LUN: Partner of ILeds. */
592 R3PTRTYPE(PPDMILEDCONNECTORS) pLedsConnector;
593 /** Status LUN: Media Notify. */
594 R3PTRTYPE(PPDMIMEDIANOTIFY) pMediaNotify;
595 /** Flag whether RC is enabled. */
596 bool fRCEnabled;
597 /** Flag whether R0 is enabled. */
598 bool fR0Enabled;
599 /** Flag indicating chipset being emulated. */
600 uint8_t u8Type;
601 bool Alignment0[HC_ARCH_BITS == 64 ? 5 : 1 ]; /**< Align the struct size. */
602} PCIATAState;
603
604#define ATACONTROLLER_IDX(pController) ( (pController) - PDMINS_2_DATA(CONTROLLER_2_DEVINS(pController), PCIATAState *)->aCts )
605
606#define ATADEVSTATE_2_CONTROLLER(pIf) ( (pIf)->CTX_SUFF(pController) )
607#define ATADEVSTATE_2_DEVINS(pIf) ( (pIf)->CTX_SUFF(pDevIns) )
608#define CONTROLLER_2_DEVINS(pController) ( (pController)->CTX_SUFF(pDevIns) )
609
610#ifndef VBOX_DEVICE_STRUCT_TESTCASE
611
612
613/*********************************************************************************************************************************
614* Internal Functions *
615*********************************************************************************************************************************/
616RT_C_DECLS_BEGIN
617
618PDMBOTHCBDECL(int) ataIOPortWrite1Data(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t u32, unsigned cb);
619PDMBOTHCBDECL(int) ataIOPortRead1Data(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t *u32, unsigned cb);
620PDMBOTHCBDECL(int) ataIOPortWriteStr1Data(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint8_t const *pbSrc,
621 uint32_t *pcTransfers, unsigned cb);
622PDMBOTHCBDECL(int) ataIOPortReadStr1Data(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint8_t *pbDst,
623 uint32_t *pcTransfers, unsigned cb);
624PDMBOTHCBDECL(int) ataIOPortWrite1Other(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t u32, unsigned cb);
625PDMBOTHCBDECL(int) ataIOPortRead1Other(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t *u32, unsigned cb);
626PDMBOTHCBDECL(int) ataIOPortWrite2(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t u32, unsigned cb);
627PDMBOTHCBDECL(int) ataIOPortRead2(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t *u32, unsigned cb);
628PDMBOTHCBDECL(int) ataBMDMAIOPortWrite(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t u32, unsigned cb);
629PDMBOTHCBDECL(int) ataBMDMAIOPortRead(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t *pu32, unsigned cb);
630RT_C_DECLS_END
631
632
633
634#ifdef IN_RING3
635DECLINLINE(void) ataSetStatusValue(ATADevState *s, uint8_t stat)
636{
637 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
638
639 /* Freeze status register contents while processing RESET. */
640 if (!pCtl->fReset)
641 {
642 s->uATARegStatus = stat;
643 Log2(("%s: LUN#%d status %#04x\n", __FUNCTION__, s->iLUN, s->uATARegStatus));
644 }
645}
646#endif /* IN_RING3 */
647
648
649DECLINLINE(void) ataSetStatus(ATADevState *s, uint8_t stat)
650{
651 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
652
653 /* Freeze status register contents while processing RESET. */
654 if (!pCtl->fReset)
655 {
656 s->uATARegStatus |= stat;
657 Log2(("%s: LUN#%d status %#04x\n", __FUNCTION__, s->iLUN, s->uATARegStatus));
658 }
659}
660
661
662DECLINLINE(void) ataUnsetStatus(ATADevState *s, uint8_t stat)
663{
664 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
665
666 /* Freeze status register contents while processing RESET. */
667 if (!pCtl->fReset)
668 {
669 s->uATARegStatus &= ~stat;
670 Log2(("%s: LUN#%d status %#04x\n", __FUNCTION__, s->iLUN, s->uATARegStatus));
671 }
672}
673
674#if defined(IN_RING3) || defined(IN_RING0)
675
676# ifdef IN_RING3
677typedef void (*PBeginTransferFunc)(ATADevState *);
678typedef bool (*PSourceSinkFunc)(ATADevState *);
679
680static void ataR3ReadWriteSectorsBT(ATADevState *);
681static void ataR3PacketBT(ATADevState *);
682static void atapiR3CmdBT(ATADevState *);
683static void atapiR3PassthroughCmdBT(ATADevState *);
684
685static bool ataR3IdentifySS(ATADevState *);
686static bool ataR3FlushSS(ATADevState *);
687static bool ataR3ReadSectorsSS(ATADevState *);
688static bool ataR3WriteSectorsSS(ATADevState *);
689static bool ataR3ExecuteDeviceDiagnosticSS(ATADevState *);
690static bool ataR3TrimSS(ATADevState *);
691static bool ataR3PacketSS(ATADevState *);
692static bool ataR3InitDevParmSS(ATADevState *);
693static bool ataR3RecalibrateSS(ATADevState *);
694static bool atapiR3GetConfigurationSS(ATADevState *);
695static bool atapiR3GetEventStatusNotificationSS(ATADevState *);
696static bool atapiR3IdentifySS(ATADevState *);
697static bool atapiR3InquirySS(ATADevState *);
698static bool atapiR3MechanismStatusSS(ATADevState *);
699static bool atapiR3ModeSenseErrorRecoverySS(ATADevState *);
700static bool atapiR3ModeSenseCDStatusSS(ATADevState *);
701static bool atapiR3ReadSS(ATADevState *);
702static bool atapiR3ReadCapacitySS(ATADevState *);
703static bool atapiR3ReadDiscInformationSS(ATADevState *);
704static bool atapiR3ReadTOCNormalSS(ATADevState *);
705static bool atapiR3ReadTOCMultiSS(ATADevState *);
706static bool atapiR3ReadTOCRawSS(ATADevState *);
707static bool atapiR3ReadTrackInformationSS(ATADevState *);
708static bool atapiR3RequestSenseSS(ATADevState *);
709static bool atapiR3PassthroughSS(ATADevState *);
710static bool atapiR3ReadDVDStructureSS(ATADevState *);
711# endif /* IN_RING3 */
712
713/**
714 * Begin of transfer function indexes for g_apfnBeginTransFuncs.
715 */
716typedef enum ATAFNBT
717{
718 ATAFN_BT_NULL = 0,
719 ATAFN_BT_READ_WRITE_SECTORS,
720 ATAFN_BT_PACKET,
721 ATAFN_BT_ATAPI_CMD,
722 ATAFN_BT_ATAPI_PASSTHROUGH_CMD,
723 ATAFN_BT_MAX
724} ATAFNBT;
725
726# ifdef IN_RING3
727/**
728 * Array of end transfer functions, the index is ATAFNET.
729 * Make sure ATAFNET and this array match!
730 */
731static const PBeginTransferFunc g_apfnBeginTransFuncs[ATAFN_BT_MAX] =
732{
733 NULL,
734 ataR3ReadWriteSectorsBT,
735 ataR3PacketBT,
736 atapiR3CmdBT,
737 atapiR3PassthroughCmdBT,
738};
739# endif /* IN_RING3 */
740
741/**
742 * Source/sink function indexes for g_apfnSourceSinkFuncs.
743 */
744typedef enum ATAFNSS
745{
746 ATAFN_SS_NULL = 0,
747 ATAFN_SS_IDENTIFY,
748 ATAFN_SS_FLUSH,
749 ATAFN_SS_READ_SECTORS,
750 ATAFN_SS_WRITE_SECTORS,
751 ATAFN_SS_EXECUTE_DEVICE_DIAGNOSTIC,
752 ATAFN_SS_TRIM,
753 ATAFN_SS_PACKET,
754 ATAFN_SS_INITIALIZE_DEVICE_PARAMETERS,
755 ATAFN_SS_RECALIBRATE,
756 ATAFN_SS_ATAPI_GET_CONFIGURATION,
757 ATAFN_SS_ATAPI_GET_EVENT_STATUS_NOTIFICATION,
758 ATAFN_SS_ATAPI_IDENTIFY,
759 ATAFN_SS_ATAPI_INQUIRY,
760 ATAFN_SS_ATAPI_MECHANISM_STATUS,
761 ATAFN_SS_ATAPI_MODE_SENSE_ERROR_RECOVERY,
762 ATAFN_SS_ATAPI_MODE_SENSE_CD_STATUS,
763 ATAFN_SS_ATAPI_READ,
764 ATAFN_SS_ATAPI_READ_CAPACITY,
765 ATAFN_SS_ATAPI_READ_DISC_INFORMATION,
766 ATAFN_SS_ATAPI_READ_TOC_NORMAL,
767 ATAFN_SS_ATAPI_READ_TOC_MULTI,
768 ATAFN_SS_ATAPI_READ_TOC_RAW,
769 ATAFN_SS_ATAPI_READ_TRACK_INFORMATION,
770 ATAFN_SS_ATAPI_REQUEST_SENSE,
771 ATAFN_SS_ATAPI_PASSTHROUGH,
772 ATAFN_SS_ATAPI_READ_DVD_STRUCTURE,
773 ATAFN_SS_MAX
774} ATAFNSS;
775
776# ifdef IN_RING3
777/**
778 * Array of source/sink functions, the index is ATAFNSS.
779 * Make sure ATAFNSS and this array match!
780 */
781static const PSourceSinkFunc g_apfnSourceSinkFuncs[ATAFN_SS_MAX] =
782{
783 NULL,
784 ataR3IdentifySS,
785 ataR3FlushSS,
786 ataR3ReadSectorsSS,
787 ataR3WriteSectorsSS,
788 ataR3ExecuteDeviceDiagnosticSS,
789 ataR3TrimSS,
790 ataR3PacketSS,
791 ataR3InitDevParmSS,
792 ataR3RecalibrateSS,
793 atapiR3GetConfigurationSS,
794 atapiR3GetEventStatusNotificationSS,
795 atapiR3IdentifySS,
796 atapiR3InquirySS,
797 atapiR3MechanismStatusSS,
798 atapiR3ModeSenseErrorRecoverySS,
799 atapiR3ModeSenseCDStatusSS,
800 atapiR3ReadSS,
801 atapiR3ReadCapacitySS,
802 atapiR3ReadDiscInformationSS,
803 atapiR3ReadTOCNormalSS,
804 atapiR3ReadTOCMultiSS,
805 atapiR3ReadTOCRawSS,
806 atapiR3ReadTrackInformationSS,
807 atapiR3RequestSenseSS,
808 atapiR3PassthroughSS,
809 atapiR3ReadDVDStructureSS
810};
811# endif /* IN_RING3 */
812
813
814static const ATARequest g_ataDMARequest = { ATA_AIO_DMA, { { 0, 0, 0, 0, 0 } } };
815static const ATARequest g_ataPIORequest = { ATA_AIO_PIO, { { 0, 0, 0, 0, 0 } } };
816# ifdef IN_RING3
817static const ATARequest g_ataResetARequest = { ATA_AIO_RESET_ASSERTED, { { 0, 0, 0, 0, 0 } } };
818static const ATARequest g_ataResetCRequest = { ATA_AIO_RESET_CLEARED, { { 0, 0, 0, 0, 0 } } };
819# endif
820
821# ifdef IN_RING3
822static void ataR3AsyncIOClearRequests(PATACONTROLLER pCtl)
823{
824 int rc = PDMCritSectEnter(&pCtl->AsyncIORequestLock, VINF_SUCCESS);
825 AssertRC(rc);
826
827 pCtl->AsyncIOReqHead = 0;
828 pCtl->AsyncIOReqTail = 0;
829
830 rc = PDMCritSectLeave(&pCtl->AsyncIORequestLock);
831 AssertRC(rc);
832}
833# endif /* IN_RING3 */
834
835static void ataHCAsyncIOPutRequest(PATACONTROLLER pCtl, const ATARequest *pReq)
836{
837 int rc = PDMCritSectEnter(&pCtl->AsyncIORequestLock, VINF_SUCCESS);
838 AssertRC(rc);
839
840 Assert((pCtl->AsyncIOReqHead + 1) % RT_ELEMENTS(pCtl->aAsyncIORequests) != pCtl->AsyncIOReqTail);
841 memcpy(&pCtl->aAsyncIORequests[pCtl->AsyncIOReqHead], pReq, sizeof(*pReq));
842 pCtl->AsyncIOReqHead++;
843 pCtl->AsyncIOReqHead %= RT_ELEMENTS(pCtl->aAsyncIORequests);
844
845 rc = PDMCritSectLeave(&pCtl->AsyncIORequestLock);
846 AssertRC(rc);
847
848 rc = PDMHCCritSectScheduleExitEvent(&pCtl->lock, pCtl->hAsyncIOSem);
849 if (RT_FAILURE(rc))
850 {
851 rc = SUPSemEventSignal(pCtl->pSupDrvSession, pCtl->hAsyncIOSem);
852 AssertRC(rc);
853 }
854}
855
856# ifdef IN_RING3
857
858static const ATARequest *ataR3AsyncIOGetCurrentRequest(PATACONTROLLER pCtl)
859{
860 const ATARequest *pReq;
861
862 int rc = PDMCritSectEnter(&pCtl->AsyncIORequestLock, VINF_SUCCESS);
863 AssertRC(rc);
864
865 if (pCtl->AsyncIOReqHead != pCtl->AsyncIOReqTail)
866 pReq = &pCtl->aAsyncIORequests[pCtl->AsyncIOReqTail];
867 else
868 pReq = NULL;
869
870 rc = PDMCritSectLeave(&pCtl->AsyncIORequestLock);
871 AssertRC(rc);
872 return pReq;
873}
874
875
876/**
877 * Remove the request with the given type, as it's finished. The request
878 * is not removed blindly, as this could mean a RESET request that is not
879 * yet processed (but has cleared the request queue) is lost.
880 *
881 * @param pCtl Controller for which to remove the request.
882 * @param ReqType Type of the request to remove.
883 */
884static void ataR3AsyncIORemoveCurrentRequest(PATACONTROLLER pCtl, ATAAIO ReqType)
885{
886 int rc = PDMCritSectEnter(&pCtl->AsyncIORequestLock, VINF_SUCCESS);
887 AssertRC(rc);
888
889 if (pCtl->AsyncIOReqHead != pCtl->AsyncIOReqTail && pCtl->aAsyncIORequests[pCtl->AsyncIOReqTail].ReqType == ReqType)
890 {
891 pCtl->AsyncIOReqTail++;
892 pCtl->AsyncIOReqTail %= RT_ELEMENTS(pCtl->aAsyncIORequests);
893 }
894
895 rc = PDMCritSectLeave(&pCtl->AsyncIORequestLock);
896 AssertRC(rc);
897}
898
899
900/**
901 * Dump the request queue for a particular controller. First dump the queue
902 * contents, then the already processed entries, as long as they haven't been
903 * overwritten.
904 *
905 * @param pCtl Controller for which to dump the queue.
906 */
907static void ataR3AsyncIODumpRequests(PATACONTROLLER pCtl)
908{
909 int rc = PDMCritSectEnter(&pCtl->AsyncIORequestLock, VINF_SUCCESS);
910 AssertRC(rc);
911
912 LogRel(("PIIX3 ATA: Ctl#%d: request queue dump (topmost is current):\n", ATACONTROLLER_IDX(pCtl)));
913 uint8_t curr = pCtl->AsyncIOReqTail;
914 do
915 {
916 if (curr == pCtl->AsyncIOReqHead)
917 LogRel(("PIIX3 ATA: Ctl#%d: processed requests (topmost is oldest):\n", ATACONTROLLER_IDX(pCtl)));
918 switch (pCtl->aAsyncIORequests[curr].ReqType)
919 {
920 case ATA_AIO_NEW:
921 LogRel(("new transfer request, iIf=%d iBeginTransfer=%d iSourceSink=%d cbTotalTransfer=%d uTxDir=%d\n",
922 pCtl->aAsyncIORequests[curr].u.t.iIf, pCtl->aAsyncIORequests[curr].u.t.iBeginTransfer,
923 pCtl->aAsyncIORequests[curr].u.t.iSourceSink, pCtl->aAsyncIORequests[curr].u.t.cbTotalTransfer,
924 pCtl->aAsyncIORequests[curr].u.t.uTxDir));
925 break;
926 case ATA_AIO_DMA:
927 LogRel(("dma transfer continuation\n"));
928 break;
929 case ATA_AIO_PIO:
930 LogRel(("pio transfer continuation\n"));
931 break;
932 case ATA_AIO_RESET_ASSERTED:
933 LogRel(("reset asserted request\n"));
934 break;
935 case ATA_AIO_RESET_CLEARED:
936 LogRel(("reset cleared request\n"));
937 break;
938 case ATA_AIO_ABORT:
939 LogRel(("abort request, iIf=%d fResetDrive=%d\n", pCtl->aAsyncIORequests[curr].u.a.iIf,
940 pCtl->aAsyncIORequests[curr].u.a.fResetDrive));
941 break;
942 default:
943 LogRel(("unknown request %d\n", pCtl->aAsyncIORequests[curr].ReqType));
944 }
945 curr = (curr + 1) % RT_ELEMENTS(pCtl->aAsyncIORequests);
946 } while (curr != pCtl->AsyncIOReqTail);
947
948 rc = PDMCritSectLeave(&pCtl->AsyncIORequestLock);
949 AssertRC(rc);
950}
951
952
953/**
954 * Checks whether the request queue for a particular controller is empty
955 * or whether a particular controller is idle.
956 *
957 * @param pCtl Controller for which to check the queue.
958 * @param fStrict If set then the controller is checked to be idle.
959 */
960static bool ataR3AsyncIOIsIdle(PATACONTROLLER pCtl, bool fStrict)
961{
962 int rc = PDMCritSectEnter(&pCtl->AsyncIORequestLock, VINF_SUCCESS);
963 AssertRC(rc);
964
965 bool fIdle = pCtl->fRedoIdle;
966 if (!fIdle)
967 fIdle = (pCtl->AsyncIOReqHead == pCtl->AsyncIOReqTail);
968 if (fStrict)
969 fIdle &= (pCtl->uAsyncIOState == ATA_AIO_NEW);
970
971 rc = PDMCritSectLeave(&pCtl->AsyncIORequestLock);
972 AssertRC(rc);
973 return fIdle;
974}
975
976
977/**
978 * Send a transfer request to the async I/O thread.
979 *
980 * @param s Pointer to the ATA device state data.
981 * @param cbTotalTransfer Data transfer size.
982 * @param uTxDir Data transfer direction.
983 * @param iBeginTransfer Index of BeginTransfer callback.
984 * @param iSourceSink Index of SourceSink callback.
985 * @param fChainedTransfer Whether this is a transfer that is part of the previous command/transfer.
986 */
987static void ataR3StartTransfer(ATADevState *s, uint32_t cbTotalTransfer, uint8_t uTxDir, ATAFNBT iBeginTransfer,
988 ATAFNSS iSourceSink, bool fChainedTransfer)
989{
990 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
991 ATARequest Req;
992
993 Assert(PDMCritSectIsOwner(&pCtl->lock));
994
995 /* Do not issue new requests while the RESET line is asserted. */
996 if (pCtl->fReset)
997 {
998 Log2(("%s: Ctl#%d: suppressed new request as RESET is active\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
999 return;
1000 }
1001
1002 /* If the controller is already doing something else right now, ignore
1003 * the command that is being submitted. Some broken guests issue commands
1004 * twice (e.g. the Linux kernel that comes with Acronis True Image 8). */
1005 if (!fChainedTransfer && !ataR3AsyncIOIsIdle(pCtl, true /*fStrict*/))
1006 {
1007 Log(("%s: Ctl#%d: ignored command %#04x, controller state %d\n",
1008 __FUNCTION__, ATACONTROLLER_IDX(pCtl), s->uATARegCommand, pCtl->uAsyncIOState));
1009 LogRel(("PIIX3 IDE: guest issued command %#04x while controller busy\n", s->uATARegCommand));
1010 return;
1011 }
1012
1013 Req.ReqType = ATA_AIO_NEW;
1014 if (fChainedTransfer)
1015 Req.u.t.iIf = pCtl->iAIOIf;
1016 else
1017 Req.u.t.iIf = pCtl->iSelectedIf;
1018 Req.u.t.cbTotalTransfer = cbTotalTransfer;
1019 Req.u.t.uTxDir = uTxDir;
1020 Req.u.t.iBeginTransfer = iBeginTransfer;
1021 Req.u.t.iSourceSink = iSourceSink;
1022 ataSetStatusValue(s, ATA_STAT_BUSY);
1023 pCtl->fChainedTransfer = fChainedTransfer;
1024
1025 /*
1026 * Kick the worker thread into action.
1027 */
1028 Log2(("%s: Ctl#%d: message to async I/O thread, new request\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
1029 ataHCAsyncIOPutRequest(pCtl, &Req);
1030}
1031
1032
1033/**
1034 * Send an abort command request to the async I/O thread.
1035 *
1036 * @param s Pointer to the ATA device state data.
1037 * @param fResetDrive Whether to reset the drive or just abort a command.
1038 */
1039static void ataR3AbortCurrentCommand(ATADevState *s, bool fResetDrive)
1040{
1041 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
1042 ATARequest Req;
1043
1044 Assert(PDMCritSectIsOwner(&pCtl->lock));
1045
1046 /* Do not issue new requests while the RESET line is asserted. */
1047 if (pCtl->fReset)
1048 {
1049 Log2(("%s: Ctl#%d: suppressed aborting command as RESET is active\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
1050 return;
1051 }
1052
1053 Req.ReqType = ATA_AIO_ABORT;
1054 Req.u.a.iIf = pCtl->iSelectedIf;
1055 Req.u.a.fResetDrive = fResetDrive;
1056 ataSetStatus(s, ATA_STAT_BUSY);
1057 Log2(("%s: Ctl#%d: message to async I/O thread, abort command on LUN#%d\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl), s->iLUN));
1058 ataHCAsyncIOPutRequest(pCtl, &Req);
1059}
1060# endif /* IN_RING3 */
1061
1062/**
1063 * Set the internal interrupt pending status, update INTREQ as appropriate.
1064 *
1065 * @param s Pointer to the ATA device state data.
1066 */
1067static void ataHCSetIRQ(ATADevState *s)
1068{
1069 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
1070 PPDMDEVINS pDevIns = ATADEVSTATE_2_DEVINS(s);
1071
1072 if (!s->fIrqPending) {
1073 if (!(s->uATARegDevCtl & ATA_DEVCTL_DISABLE_IRQ))
1074 {
1075 Log2(("%s: LUN#%d asserting IRQ\n", __FUNCTION__, s->iLUN));
1076 /* The BMDMA unit unconditionally sets BM_STATUS_INT if the interrupt
1077 * line is asserted. It monitors the line for a rising edge. */
1078 pCtl->BmDma.u8Status |= BM_STATUS_INT;
1079 /* Only actually set the IRQ line if updating the currently selected drive. */
1080 if (s == &pCtl->aIfs[pCtl->iSelectedIf])
1081 {
1082 /** @todo experiment with adaptive IRQ delivery: for reads it is
1083 * better to wait for IRQ delivery, as it reduces latency. */
1084 if (pCtl->irq == 16)
1085 PDMDevHlpPCISetIrq(pDevIns, 0, 1);
1086 else
1087 PDMDevHlpISASetIrq(pDevIns, pCtl->irq, 1);
1088 }
1089 }
1090 s->fIrqPending = true;
1091 }
1092}
1093
1094#endif /* IN_RING0 || IN_RING3 */
1095
1096/**
1097 * Clear the internal interrupt pending status, update INTREQ as appropriate.
1098 *
1099 * @param s Pointer to the ATA device state data.
1100 */
1101static void ataUnsetIRQ(ATADevState *s)
1102{
1103 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
1104 PPDMDEVINS pDevIns = ATADEVSTATE_2_DEVINS(s);
1105
1106 if (s->fIrqPending) {
1107 if (!(s->uATARegDevCtl & ATA_DEVCTL_DISABLE_IRQ))
1108 {
1109 Log2(("%s: LUN#%d deasserting IRQ\n", __FUNCTION__, s->iLUN));
1110 /* Only actually unset the IRQ line if updating the currently selected drive. */
1111 if (s == &pCtl->aIfs[pCtl->iSelectedIf])
1112 {
1113 if (pCtl->irq == 16)
1114 PDMDevHlpPCISetIrq(pDevIns, 0, 0);
1115 else
1116 PDMDevHlpISASetIrq(pDevIns, pCtl->irq, 0);
1117 }
1118 }
1119 s->fIrqPending = false;
1120 }
1121}
1122
1123#if defined(IN_RING0) || defined(IN_RING3)
1124
1125static void ataHCPIOTransferStart(ATADevState *s, uint32_t start, uint32_t size)
1126{
1127 Log2(("%s: LUN#%d start %d size %d\n", __FUNCTION__, s->iLUN, start, size));
1128 s->iIOBufferPIODataStart = start;
1129 s->iIOBufferPIODataEnd = start + size;
1130 ataSetStatus(s, ATA_STAT_DRQ | ATA_STAT_SEEK);
1131 ataUnsetStatus(s, ATA_STAT_BUSY);
1132}
1133
1134
1135static void ataHCPIOTransferStop(ATADevState *s)
1136{
1137 Log2(("%s: LUN#%d\n", __FUNCTION__, s->iLUN));
1138 if (s->fATAPITransfer)
1139 {
1140 s->uATARegNSector = (s->uATARegNSector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
1141 Log2(("%s: interrupt reason %#04x\n", __FUNCTION__, s->uATARegNSector));
1142 ataHCSetIRQ(s);
1143 s->fATAPITransfer = false;
1144 }
1145 s->cbTotalTransfer = 0;
1146 s->cbElementaryTransfer = 0;
1147 s->iIOBufferPIODataStart = 0;
1148 s->iIOBufferPIODataEnd = 0;
1149 s->iBeginTransfer = ATAFN_BT_NULL;
1150 s->iSourceSink = ATAFN_SS_NULL;
1151}
1152
1153
1154static void ataHCPIOTransferLimitATAPI(ATADevState *s)
1155{
1156 uint32_t cbLimit, cbTransfer;
1157
1158 cbLimit = s->cbPIOTransferLimit;
1159 /* Use maximum transfer size if the guest requested 0. Avoids a hang. */
1160 if (cbLimit == 0)
1161 cbLimit = 0xfffe;
1162 Log2(("%s: byte count limit=%d\n", __FUNCTION__, cbLimit));
1163 if (cbLimit == 0xffff)
1164 cbLimit--;
1165 cbTransfer = RT_MIN(s->cbTotalTransfer, s->iIOBufferEnd - s->iIOBufferCur);
1166 if (cbTransfer > cbLimit)
1167 {
1168 /* Byte count limit for clipping must be even in this case */
1169 if (cbLimit & 1)
1170 cbLimit--;
1171 cbTransfer = cbLimit;
1172 }
1173 s->uATARegLCyl = cbTransfer;
1174 s->uATARegHCyl = cbTransfer >> 8;
1175 s->cbElementaryTransfer = cbTransfer;
1176}
1177
1178# ifdef IN_RING3
1179
1180/**
1181 * Enters the lock protecting the controller data against concurrent access.
1182 *
1183 * @returns nothing.
1184 * @param pCtl The controller to lock.
1185 */
1186DECLINLINE(void) ataR3LockEnter(PATACONTROLLER pCtl)
1187{
1188 STAM_PROFILE_START(&pCtl->StatLockWait, a);
1189 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
1190 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
1191}
1192
1193/**
1194 * Leaves the lock protecting the controller against concurrent data access.
1195 *
1196 * @returns nothing.
1197 * @param pCtl The controller to unlock.
1198 */
1199DECLINLINE(void) ataR3LockLeave(PATACONTROLLER pCtl)
1200{
1201 PDMCritSectLeave(&pCtl->lock);
1202}
1203
1204static uint32_t ataR3GetNSectors(ATADevState *s)
1205{
1206 /* 0 means either 256 (LBA28) or 65536 (LBA48) sectors. */
1207 if (s->fLBA48)
1208 {
1209 if (!s->uATARegNSector && !s->uATARegNSectorHOB)
1210 return 65536;
1211 else
1212 return s->uATARegNSectorHOB << 8 | s->uATARegNSector;
1213 }
1214 else
1215 {
1216 if (!s->uATARegNSector)
1217 return 256;
1218 else
1219 return s->uATARegNSector;
1220 }
1221}
1222
1223
1224static void ataR3PadString(uint8_t *pbDst, const char *pbSrc, uint32_t cbSize)
1225{
1226 for (uint32_t i = 0; i < cbSize; i++)
1227 {
1228 if (*pbSrc)
1229 pbDst[i ^ 1] = *pbSrc++;
1230 else
1231 pbDst[i ^ 1] = ' ';
1232 }
1233}
1234
1235
1236#if 0 /* unused */
1237/**
1238 * Compares two MSF values.
1239 *
1240 * @returns 1 if the first value is greater than the second value.
1241 * 0 if both are equal
1242 * -1 if the first value is smaller than the second value.
1243 */
1244DECLINLINE(int) atapiCmpMSF(const uint8_t *pbMSF1, const uint8_t *pbMSF2)
1245{
1246 int iRes = 0;
1247
1248 for (unsigned i = 0; i < 3; i++)
1249 {
1250 if (pbMSF1[i] < pbMSF2[i])
1251 {
1252 iRes = -1;
1253 break;
1254 }
1255 else if (pbMSF1[i] > pbMSF2[i])
1256 {
1257 iRes = 1;
1258 break;
1259 }
1260 }
1261
1262 return iRes;
1263}
1264#endif /* unused */
1265
1266static void ataR3CmdOK(ATADevState *s, uint8_t status)
1267{
1268 s->uATARegError = 0; /* Not needed by ATA spec, but cannot hurt. */
1269 ataSetStatusValue(s, ATA_STAT_READY | status);
1270}
1271
1272
1273static void ataR3CmdError(ATADevState *s, uint8_t uErrorCode)
1274{
1275 Log(("%s: code=%#x\n", __FUNCTION__, uErrorCode));
1276 Assert(uErrorCode);
1277 s->uATARegError = uErrorCode;
1278 ataSetStatusValue(s, ATA_STAT_READY | ATA_STAT_ERR);
1279 s->cbTotalTransfer = 0;
1280 s->cbElementaryTransfer = 0;
1281 s->iIOBufferCur = 0;
1282 s->iIOBufferEnd = 0;
1283 s->uTxDir = PDMMEDIATXDIR_NONE;
1284 s->iBeginTransfer = ATAFN_BT_NULL;
1285 s->iSourceSink = ATAFN_SS_NULL;
1286}
1287
1288static uint32_t ataR3Checksum(void* ptr, size_t count)
1289{
1290 uint8_t u8Sum = 0xa5, *p = (uint8_t*)ptr;
1291 size_t i;
1292
1293 for (i = 0; i < count; i++)
1294 {
1295 u8Sum += *p++;
1296 }
1297
1298 return (uint8_t)-(int32_t)u8Sum;
1299}
1300
1301static bool ataR3IdentifySS(ATADevState *s)
1302{
1303 uint16_t *p;
1304
1305 Assert(s->uTxDir == PDMMEDIATXDIR_FROM_DEVICE);
1306 Assert(s->cbElementaryTransfer == 512);
1307
1308 p = (uint16_t *)s->CTX_SUFF(pbIOBuffer);
1309 memset(p, 0, 512);
1310 p[0] = RT_H2LE_U16(0x0040);
1311 p[1] = RT_H2LE_U16(RT_MIN(s->PCHSGeometry.cCylinders, 16383));
1312 p[3] = RT_H2LE_U16(s->PCHSGeometry.cHeads);
1313 /* Block size; obsolete, but required for the BIOS. */
1314 p[5] = RT_H2LE_U16(s->cbSector);
1315 p[6] = RT_H2LE_U16(s->PCHSGeometry.cSectors);
1316 ataR3PadString((uint8_t *)(p + 10), s->szSerialNumber, ATA_SERIAL_NUMBER_LENGTH); /* serial number */
1317 p[20] = RT_H2LE_U16(3); /* XXX: retired, cache type */
1318 p[21] = RT_H2LE_U16(512); /* XXX: retired, cache size in sectors */
1319 p[22] = RT_H2LE_U16(0); /* ECC bytes per sector */
1320 ataR3PadString((uint8_t *)(p + 23), s->szFirmwareRevision, ATA_FIRMWARE_REVISION_LENGTH); /* firmware version */
1321 ataR3PadString((uint8_t *)(p + 27), s->szModelNumber, ATA_MODEL_NUMBER_LENGTH); /* model */
1322# if ATA_MAX_MULT_SECTORS > 1
1323 p[47] = RT_H2LE_U16(0x8000 | ATA_MAX_MULT_SECTORS);
1324# endif
1325 p[48] = RT_H2LE_U16(1); /* dword I/O, used by the BIOS */
1326 p[49] = RT_H2LE_U16(1 << 11 | 1 << 9 | 1 << 8); /* DMA and LBA supported */
1327 p[50] = RT_H2LE_U16(1 << 14); /* No drive specific standby timer minimum */
1328 p[51] = RT_H2LE_U16(240); /* PIO transfer cycle */
1329 p[52] = RT_H2LE_U16(240); /* DMA transfer cycle */
1330 p[53] = RT_H2LE_U16(1 | 1 << 1 | 1 << 2); /* words 54-58,64-70,88 valid */
1331 p[54] = RT_H2LE_U16(RT_MIN(s->PCHSGeometry.cCylinders, 16383));
1332 p[55] = RT_H2LE_U16(s->PCHSGeometry.cHeads);
1333 p[56] = RT_H2LE_U16(s->PCHSGeometry.cSectors);
1334 p[57] = RT_H2LE_U16( RT_MIN(s->PCHSGeometry.cCylinders, 16383)
1335 * s->PCHSGeometry.cHeads
1336 * s->PCHSGeometry.cSectors);
1337 p[58] = RT_H2LE_U16( RT_MIN(s->PCHSGeometry.cCylinders, 16383)
1338 * s->PCHSGeometry.cHeads
1339 * s->PCHSGeometry.cSectors >> 16);
1340 if (s->cMultSectors)
1341 p[59] = RT_H2LE_U16(0x100 | s->cMultSectors);
1342 if (s->cTotalSectors <= (1 << 28) - 1)
1343 {
1344 p[60] = RT_H2LE_U16(s->cTotalSectors);
1345 p[61] = RT_H2LE_U16(s->cTotalSectors >> 16);
1346 }
1347 else
1348 {
1349 /* Report maximum number of sectors possible with LBA28 */
1350 p[60] = RT_H2LE_U16(((1 << 28) - 1) & 0xffff);
1351 p[61] = RT_H2LE_U16(((1 << 28) - 1) >> 16);
1352 }
1353 p[63] = RT_H2LE_U16(ATA_TRANSFER_ID(ATA_MODE_MDMA, ATA_MDMA_MODE_MAX, s->uATATransferMode)); /* MDMA modes supported / mode enabled */
1354 p[64] = RT_H2LE_U16(ATA_PIO_MODE_MAX > 2 ? (1 << (ATA_PIO_MODE_MAX - 2)) - 1 : 0); /* PIO modes beyond PIO2 supported */
1355 p[65] = RT_H2LE_U16(120); /* minimum DMA multiword tx cycle time */
1356 p[66] = RT_H2LE_U16(120); /* recommended DMA multiword tx cycle time */
1357 p[67] = RT_H2LE_U16(120); /* minimum PIO cycle time without flow control */
1358 p[68] = RT_H2LE_U16(120); /* minimum PIO cycle time with IORDY flow control */
1359 if ( s->pDrvMedia->pfnDiscard
1360 || s->cbSector != 512
1361 || s->pDrvMedia->pfnIsNonRotational(s->pDrvMedia))
1362 {
1363 p[80] = RT_H2LE_U16(0x1f0); /* support everything up to ATA/ATAPI-8 ACS */
1364 p[81] = RT_H2LE_U16(0x28); /* conforms to ATA/ATAPI-8 ACS */
1365 }
1366 else
1367 {
1368 p[80] = RT_H2LE_U16(0x7e); /* support everything up to ATA/ATAPI-6 */
1369 p[81] = RT_H2LE_U16(0x22); /* conforms to ATA/ATAPI-6 */
1370 }
1371 p[82] = RT_H2LE_U16(1 << 3 | 1 << 5 | 1 << 6); /* supports power management, write cache and look-ahead */
1372 if (s->cTotalSectors <= (1 << 28) - 1)
1373 p[83] = RT_H2LE_U16(1 << 14 | 1 << 12); /* supports FLUSH CACHE */
1374 else
1375 p[83] = RT_H2LE_U16(1 << 14 | 1 << 10 | 1 << 12 | 1 << 13); /* supports LBA48, FLUSH CACHE and FLUSH CACHE EXT */
1376 p[84] = RT_H2LE_U16(1 << 14);
1377 p[85] = RT_H2LE_U16(1 << 3 | 1 << 5 | 1 << 6); /* enabled power management, write cache and look-ahead */
1378 if (s->cTotalSectors <= (1 << 28) - 1)
1379 p[86] = RT_H2LE_U16(1 << 12); /* enabled FLUSH CACHE */
1380 else
1381 p[86] = RT_H2LE_U16(1 << 10 | 1 << 12 | 1 << 13); /* enabled LBA48, FLUSH CACHE and FLUSH CACHE EXT */
1382 p[87] = RT_H2LE_U16(1 << 14);
1383 p[88] = RT_H2LE_U16(ATA_TRANSFER_ID(ATA_MODE_UDMA, ATA_UDMA_MODE_MAX, s->uATATransferMode)); /* UDMA modes supported / mode enabled */
1384 p[93] = RT_H2LE_U16((1 | 1 << 1) << ((s->iLUN & 1) == 0 ? 0 : 8) | 1 << 13 | 1 << 14);
1385 if (s->cTotalSectors > (1 << 28) - 1)
1386 {
1387 p[100] = RT_H2LE_U16(s->cTotalSectors);
1388 p[101] = RT_H2LE_U16(s->cTotalSectors >> 16);
1389 p[102] = RT_H2LE_U16(s->cTotalSectors >> 32);
1390 p[103] = RT_H2LE_U16(s->cTotalSectors >> 48);
1391 }
1392
1393 if (s->cbSector != 512)
1394 {
1395 uint32_t cSectorSizeInWords = s->cbSector / sizeof(uint16_t);
1396 /* Enable reporting of logical sector size. */
1397 p[106] |= RT_H2LE_U16(RT_BIT(12) | RT_BIT(14));
1398 p[117] = RT_H2LE_U16(cSectorSizeInWords);
1399 p[118] = RT_H2LE_U16(cSectorSizeInWords >> 16);
1400 }
1401
1402 if (s->pDrvMedia->pfnDiscard) /** @todo Set bit 14 in word 69 too? (Deterministic read after TRIM). */
1403 p[169] = RT_H2LE_U16(1); /* DATA SET MANAGEMENT command supported. */
1404 if (s->pDrvMedia->pfnIsNonRotational(s->pDrvMedia))
1405 p[217] = RT_H2LE_U16(1); /* Non-rotational medium */
1406 uint32_t uCsum = ataR3Checksum(p, 510);
1407 p[255] = RT_H2LE_U16(0xa5 | (uCsum << 8)); /* Integrity word */
1408 s->iSourceSink = ATAFN_SS_NULL;
1409 ataR3CmdOK(s, ATA_STAT_SEEK);
1410 return false;
1411}
1412
1413
1414static bool ataR3FlushSS(ATADevState *s)
1415{
1416 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
1417 int rc;
1418
1419 Assert(s->uTxDir == PDMMEDIATXDIR_NONE);
1420 Assert(!s->cbElementaryTransfer);
1421
1422 ataR3LockLeave(pCtl);
1423
1424 STAM_PROFILE_START(&s->StatFlushes, f);
1425 rc = s->pDrvMedia->pfnFlush(s->pDrvMedia);
1426 AssertRC(rc);
1427 STAM_PROFILE_STOP(&s->StatFlushes, f);
1428
1429 ataR3LockEnter(pCtl);
1430 ataR3CmdOK(s, 0);
1431 return false;
1432}
1433
1434static bool atapiR3IdentifySS(ATADevState *s)
1435{
1436 uint16_t *p;
1437
1438 Assert(s->uTxDir == PDMMEDIATXDIR_FROM_DEVICE);
1439 Assert(s->cbElementaryTransfer == 512);
1440
1441 p = (uint16_t *)s->CTX_SUFF(pbIOBuffer);
1442 memset(p, 0, 512);
1443 /* Removable CDROM, 3ms response, 12 byte packets */
1444 p[0] = RT_H2LE_U16(2 << 14 | 5 << 8 | 1 << 7 | 0 << 5 | 0 << 0);
1445 ataR3PadString((uint8_t *)(p + 10), s->szSerialNumber, ATA_SERIAL_NUMBER_LENGTH); /* serial number */
1446 p[20] = RT_H2LE_U16(3); /* XXX: retired, cache type */
1447 p[21] = RT_H2LE_U16(512); /* XXX: retired, cache size in sectors */
1448 ataR3PadString((uint8_t *)(p + 23), s->szFirmwareRevision, ATA_FIRMWARE_REVISION_LENGTH); /* firmware version */
1449 ataR3PadString((uint8_t *)(p + 27), s->szModelNumber, ATA_MODEL_NUMBER_LENGTH); /* model */
1450 p[49] = RT_H2LE_U16(1 << 11 | 1 << 9 | 1 << 8); /* DMA and LBA supported */
1451 p[50] = RT_H2LE_U16(1 << 14); /* No drive specific standby timer minimum */
1452 p[51] = RT_H2LE_U16(240); /* PIO transfer cycle */
1453 p[52] = RT_H2LE_U16(240); /* DMA transfer cycle */
1454 p[53] = RT_H2LE_U16(1 << 1 | 1 << 2); /* words 64-70,88 are valid */
1455 p[63] = RT_H2LE_U16(ATA_TRANSFER_ID(ATA_MODE_MDMA, ATA_MDMA_MODE_MAX, s->uATATransferMode)); /* MDMA modes supported / mode enabled */
1456 p[64] = RT_H2LE_U16(ATA_PIO_MODE_MAX > 2 ? (1 << (ATA_PIO_MODE_MAX - 2)) - 1 : 0); /* PIO modes beyond PIO2 supported */
1457 p[65] = RT_H2LE_U16(120); /* minimum DMA multiword tx cycle time */
1458 p[66] = RT_H2LE_U16(120); /* recommended DMA multiword tx cycle time */
1459 p[67] = RT_H2LE_U16(120); /* minimum PIO cycle time without flow control */
1460 p[68] = RT_H2LE_U16(120); /* minimum PIO cycle time with IORDY flow control */
1461 p[73] = RT_H2LE_U16(0x003e); /* ATAPI CDROM major */
1462 p[74] = RT_H2LE_U16(9); /* ATAPI CDROM minor */
1463 p[75] = RT_H2LE_U16(1); /* queue depth 1 */
1464 p[80] = RT_H2LE_U16(0x7e); /* support everything up to ATA/ATAPI-6 */
1465 p[81] = RT_H2LE_U16(0x22); /* conforms to ATA/ATAPI-6 */
1466 p[82] = RT_H2LE_U16(1 << 4 | 1 << 9); /* supports packet command set and DEVICE RESET */
1467 p[83] = RT_H2LE_U16(1 << 14);
1468 p[84] = RT_H2LE_U16(1 << 14);
1469 p[85] = RT_H2LE_U16(1 << 4 | 1 << 9); /* enabled packet command set and DEVICE RESET */
1470 p[86] = RT_H2LE_U16(0);
1471 p[87] = RT_H2LE_U16(1 << 14);
1472 p[88] = RT_H2LE_U16(ATA_TRANSFER_ID(ATA_MODE_UDMA, ATA_UDMA_MODE_MAX, s->uATATransferMode)); /* UDMA modes supported / mode enabled */
1473 p[93] = RT_H2LE_U16((1 | 1 << 1) << ((s->iLUN & 1) == 0 ? 0 : 8) | 1 << 13 | 1 << 14);
1474 /* According to ATAPI-5 spec:
1475 *
1476 * The use of this word is optional.
1477 * If bits 7:0 of this word contain the signature A5h, bits 15:8
1478 * contain the data
1479 * structure checksum.
1480 * The data structure checksum is the twos complement of the sum of
1481 * all bytes in words 0 through 254 and the byte consisting of
1482 * bits 7:0 in word 255.
1483 * Each byte shall be added with unsigned arithmetic,
1484 * and overflow shall be ignored.
1485 * The sum of all 512 bytes is zero when the checksum is correct.
1486 */
1487 uint32_t uCsum = ataR3Checksum(p, 510);
1488 p[255] = RT_H2LE_U16(0xa5 | (uCsum << 8)); /* Integrity word */
1489
1490 s->iSourceSink = ATAFN_SS_NULL;
1491 ataR3CmdOK(s, ATA_STAT_SEEK);
1492 return false;
1493}
1494
1495
1496static void ataR3SetSignature(ATADevState *s)
1497{
1498 s->uATARegSelect &= 0xf0; /* clear head */
1499 /* put signature */
1500 s->uATARegNSector = 1;
1501 s->uATARegSector = 1;
1502 if (s->fATAPI)
1503 {
1504 s->uATARegLCyl = 0x14;
1505 s->uATARegHCyl = 0xeb;
1506 }
1507 else
1508 {
1509 s->uATARegLCyl = 0;
1510 s->uATARegHCyl = 0;
1511 }
1512}
1513
1514
1515static uint64_t ataR3GetSector(ATADevState *s)
1516{
1517 uint64_t iLBA;
1518 if (s->uATARegSelect & 0x40)
1519 {
1520 /* any LBA variant */
1521 if (s->fLBA48)
1522 {
1523 /* LBA48 */
1524 iLBA = ((uint64_t)s->uATARegHCylHOB << 40) |
1525 ((uint64_t)s->uATARegLCylHOB << 32) |
1526 ((uint64_t)s->uATARegSectorHOB << 24) |
1527 ((uint64_t)s->uATARegHCyl << 16) |
1528 ((uint64_t)s->uATARegLCyl << 8) |
1529 s->uATARegSector;
1530 }
1531 else
1532 {
1533 /* LBA */
1534 iLBA = ((s->uATARegSelect & 0x0f) << 24) | (s->uATARegHCyl << 16) |
1535 (s->uATARegLCyl << 8) | s->uATARegSector;
1536 }
1537 }
1538 else
1539 {
1540 /* CHS */
1541 iLBA = ((s->uATARegHCyl << 8) | s->uATARegLCyl) * s->PCHSGeometry.cHeads * s->PCHSGeometry.cSectors +
1542 (s->uATARegSelect & 0x0f) * s->PCHSGeometry.cSectors +
1543 (s->uATARegSector - 1);
1544 LogFlowFunc(("CHS %u/%u/%u -> LBA %llu\n", (s->uATARegHCyl << 8) | s->uATARegLCyl, s->uATARegSelect & 0x0f, s->uATARegSector, iLBA));
1545 }
1546 return iLBA;
1547}
1548
1549static void ataR3SetSector(ATADevState *s, uint64_t iLBA)
1550{
1551 uint32_t cyl, r;
1552 if (s->uATARegSelect & 0x40)
1553 {
1554 /* any LBA variant */
1555 if (s->fLBA48)
1556 {
1557 /* LBA48 */
1558 s->uATARegHCylHOB = iLBA >> 40;
1559 s->uATARegLCylHOB = iLBA >> 32;
1560 s->uATARegSectorHOB = iLBA >> 24;
1561 s->uATARegHCyl = iLBA >> 16;
1562 s->uATARegLCyl = iLBA >> 8;
1563 s->uATARegSector = iLBA;
1564 }
1565 else
1566 {
1567 /* LBA */
1568 s->uATARegSelect = (s->uATARegSelect & 0xf0) | (iLBA >> 24);
1569 s->uATARegHCyl = (iLBA >> 16);
1570 s->uATARegLCyl = (iLBA >> 8);
1571 s->uATARegSector = (iLBA);
1572 }
1573 }
1574 else
1575 {
1576 /* CHS */
1577 cyl = iLBA / (s->PCHSGeometry.cHeads * s->PCHSGeometry.cSectors);
1578 r = iLBA % (s->PCHSGeometry.cHeads * s->PCHSGeometry.cSectors);
1579 s->uATARegHCyl = cyl >> 8;
1580 s->uATARegLCyl = cyl;
1581 s->uATARegSelect = (s->uATARegSelect & 0xf0) | ((r / s->PCHSGeometry.cSectors) & 0x0f);
1582 s->uATARegSector = (r % s->PCHSGeometry.cSectors) + 1;
1583 LogFlowFunc(("LBA %llu -> CHS %u/%u/%u\n", iLBA, cyl, s->uATARegSelect & 0x0f, s->uATARegSector));
1584 }
1585}
1586
1587
1588static void ataR3WarningDiskFull(PPDMDEVINS pDevIns)
1589{
1590 int rc;
1591 LogRel(("PIIX3 ATA: Host disk full\n"));
1592 rc = PDMDevHlpVMSetRuntimeError(pDevIns, VMSETRTERR_FLAGS_SUSPEND | VMSETRTERR_FLAGS_NO_WAIT, "DevATA_DISKFULL",
1593 N_("Host system reported disk full. VM execution is suspended. You can resume after freeing some space"));
1594 AssertRC(rc);
1595}
1596
1597static void ataR3WarningFileTooBig(PPDMDEVINS pDevIns)
1598{
1599 int rc;
1600 LogRel(("PIIX3 ATA: File too big\n"));
1601 rc = PDMDevHlpVMSetRuntimeError(pDevIns, VMSETRTERR_FLAGS_SUSPEND | VMSETRTERR_FLAGS_NO_WAIT, "DevATA_FILETOOBIG",
1602 N_("Host system reported that the file size limit of the host file system has been exceeded. VM execution is suspended. You need to move your virtual hard disk to a filesystem which allows bigger files"));
1603 AssertRC(rc);
1604}
1605
1606static void ataR3WarningISCSI(PPDMDEVINS pDevIns)
1607{
1608 int rc;
1609 LogRel(("PIIX3 ATA: iSCSI target unavailable\n"));
1610 rc = PDMDevHlpVMSetRuntimeError(pDevIns, VMSETRTERR_FLAGS_SUSPEND | VMSETRTERR_FLAGS_NO_WAIT, "DevATA_ISCSIDOWN",
1611 N_("The iSCSI target has stopped responding. VM execution is suspended. You can resume when it is available again"));
1612 AssertRC(rc);
1613}
1614
1615static bool ataR3IsRedoSetWarning(ATADevState *s, int rc)
1616{
1617 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
1618 Assert(!PDMCritSectIsOwner(&pCtl->lock));
1619 if (rc == VERR_DISK_FULL)
1620 {
1621 pCtl->fRedoIdle = true;
1622 ataR3WarningDiskFull(ATADEVSTATE_2_DEVINS(s));
1623 return true;
1624 }
1625 if (rc == VERR_FILE_TOO_BIG)
1626 {
1627 pCtl->fRedoIdle = true;
1628 ataR3WarningFileTooBig(ATADEVSTATE_2_DEVINS(s));
1629 return true;
1630 }
1631 if (rc == VERR_BROKEN_PIPE || rc == VERR_NET_CONNECTION_REFUSED)
1632 {
1633 pCtl->fRedoIdle = true;
1634 /* iSCSI connection abort (first error) or failure to reestablish
1635 * connection (second error). Pause VM. On resume we'll retry. */
1636 ataR3WarningISCSI(ATADEVSTATE_2_DEVINS(s));
1637 return true;
1638 }
1639 if (rc == VERR_VD_DEK_MISSING)
1640 {
1641 /* Error message already set. */
1642 pCtl->fRedoIdle = true;
1643 return true;
1644 }
1645
1646 return false;
1647}
1648
1649
1650static int ataR3ReadSectors(ATADevState *s, uint64_t u64Sector, void *pvBuf,
1651 uint32_t cSectors, bool *pfRedo)
1652{
1653 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
1654 int rc;
1655
1656 ataR3LockLeave(pCtl);
1657
1658 STAM_PROFILE_ADV_START(&s->StatReads, r);
1659 s->Led.Asserted.s.fReading = s->Led.Actual.s.fReading = 1;
1660 rc = s->pDrvMedia->pfnRead(s->pDrvMedia, u64Sector * s->cbSector, pvBuf, cSectors * s->cbSector);
1661 s->Led.Actual.s.fReading = 0;
1662 STAM_PROFILE_ADV_STOP(&s->StatReads, r);
1663 Log4(("ataR3ReadSectors: rc=%Rrc cSectors=%#x u64Sector=%llu\n%.*Rhxd\n",
1664 rc, cSectors, u64Sector, cSectors * s->cbSector, pvBuf));
1665
1666 STAM_REL_COUNTER_ADD(&s->StatBytesRead, cSectors * s->cbSector);
1667
1668 if (RT_SUCCESS(rc))
1669 *pfRedo = false;
1670 else
1671 *pfRedo = ataR3IsRedoSetWarning(s, rc);
1672
1673 ataR3LockEnter(pCtl);
1674 return rc;
1675}
1676
1677
1678static int ataR3WriteSectors(ATADevState *s, uint64_t u64Sector,
1679 const void *pvBuf, uint32_t cSectors, bool *pfRedo)
1680{
1681 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
1682 int rc;
1683
1684 ataR3LockLeave(pCtl);
1685
1686 STAM_PROFILE_ADV_START(&s->StatWrites, w);
1687 s->Led.Asserted.s.fWriting = s->Led.Actual.s.fWriting = 1;
1688# ifdef VBOX_INSTRUMENT_DMA_WRITES
1689 if (s->fDMA)
1690 STAM_PROFILE_ADV_START(&s->StatInstrVDWrites, vw);
1691# endif
1692 rc = s->pDrvMedia->pfnWrite(s->pDrvMedia, u64Sector * s->cbSector, pvBuf, cSectors * s->cbSector);
1693# ifdef VBOX_INSTRUMENT_DMA_WRITES
1694 if (s->fDMA)
1695 STAM_PROFILE_ADV_STOP(&s->StatInstrVDWrites, vw);
1696# endif
1697 s->Led.Actual.s.fWriting = 0;
1698 STAM_PROFILE_ADV_STOP(&s->StatWrites, w);
1699 Log4(("ataR3WriteSectors: rc=%Rrc cSectors=%#x u64Sector=%llu\n%.*Rhxd\n",
1700 rc, cSectors, u64Sector, cSectors * s->cbSector, pvBuf));
1701
1702 STAM_REL_COUNTER_ADD(&s->StatBytesWritten, cSectors * s->cbSector);
1703
1704 if (RT_SUCCESS(rc))
1705 *pfRedo = false;
1706 else
1707 *pfRedo = ataR3IsRedoSetWarning(s, rc);
1708
1709 ataR3LockEnter(pCtl);
1710 return rc;
1711}
1712
1713
1714static void ataR3ReadWriteSectorsBT(ATADevState *s)
1715{
1716 uint32_t cSectors;
1717
1718 cSectors = s->cbTotalTransfer / s->cbSector;
1719 if (cSectors > s->cSectorsPerIRQ)
1720 s->cbElementaryTransfer = s->cSectorsPerIRQ * s->cbSector;
1721 else
1722 s->cbElementaryTransfer = cSectors * s->cbSector;
1723 if (s->uTxDir == PDMMEDIATXDIR_TO_DEVICE)
1724 ataR3CmdOK(s, 0);
1725}
1726
1727
1728static bool ataR3ReadSectorsSS(ATADevState *s)
1729{
1730 int rc;
1731 uint32_t cSectors;
1732 uint64_t iLBA;
1733 bool fRedo;
1734
1735 cSectors = s->cbElementaryTransfer / s->cbSector;
1736 Assert(cSectors);
1737 iLBA = ataR3GetSector(s);
1738 Log(("%s: %d sectors at LBA %d\n", __FUNCTION__, cSectors, iLBA));
1739 rc = ataR3ReadSectors(s, iLBA, s->CTX_SUFF(pbIOBuffer), cSectors, &fRedo);
1740 if (RT_SUCCESS(rc))
1741 {
1742 /* When READ SECTORS etc. finishes, the address in the task
1743 * file register points at the last sector read, not at the next
1744 * sector that would be read. This ensures the registers always
1745 * contain a valid sector address.
1746 */
1747 if (s->cbElementaryTransfer == s->cbTotalTransfer)
1748 {
1749 s->iSourceSink = ATAFN_SS_NULL;
1750 ataR3SetSector(s, iLBA + cSectors - 1);
1751 }
1752 else
1753 ataR3SetSector(s, iLBA + cSectors);
1754 s->uATARegNSector -= cSectors;
1755 ataR3CmdOK(s, ATA_STAT_SEEK);
1756 }
1757 else
1758 {
1759 if (fRedo)
1760 return fRedo;
1761 if (s->cErrors++ < MAX_LOG_REL_ERRORS)
1762 LogRel(("PIIX3 ATA: LUN#%d: disk read error (rc=%Rrc iSector=%#RX64 cSectors=%#RX32)\n",
1763 s->iLUN, rc, iLBA, cSectors));
1764
1765 /*
1766 * Check if we got interrupted. We don't need to set status variables
1767 * because the request was aborted.
1768 */
1769 if (rc != VERR_INTERRUPTED)
1770 ataR3CmdError(s, ID_ERR);
1771 }
1772 return false;
1773}
1774
1775
1776static bool ataR3WriteSectorsSS(ATADevState *s)
1777{
1778 int rc;
1779 uint32_t cSectors;
1780 uint64_t iLBA;
1781 bool fRedo;
1782
1783 cSectors = s->cbElementaryTransfer / s->cbSector;
1784 Assert(cSectors);
1785 iLBA = ataR3GetSector(s);
1786 Log(("%s: %d sectors at LBA %d\n", __FUNCTION__, cSectors, iLBA));
1787 rc = ataR3WriteSectors(s, iLBA, s->CTX_SUFF(pbIOBuffer), cSectors, &fRedo);
1788 if (RT_SUCCESS(rc))
1789 {
1790 ataR3SetSector(s, iLBA + cSectors);
1791 if (!s->cbTotalTransfer)
1792 s->iSourceSink = ATAFN_SS_NULL;
1793 ataR3CmdOK(s, ATA_STAT_SEEK);
1794 }
1795 else
1796 {
1797 if (fRedo)
1798 return fRedo;
1799 if (s->cErrors++ < MAX_LOG_REL_ERRORS)
1800 LogRel(("PIIX3 ATA: LUN#%d: disk write error (rc=%Rrc iSector=%#RX64 cSectors=%#RX32)\n",
1801 s->iLUN, rc, iLBA, cSectors));
1802
1803 /*
1804 * Check if we got interrupted. We don't need to set status variables
1805 * because the request was aborted.
1806 */
1807 if (rc != VERR_INTERRUPTED)
1808 ataR3CmdError(s, ID_ERR);
1809 }
1810 return false;
1811}
1812
1813
1814static void atapiR3CmdOK(ATADevState *s)
1815{
1816 s->uATARegError = 0;
1817 ataSetStatusValue(s, ATA_STAT_READY);
1818 s->uATARegNSector = (s->uATARegNSector & ~7)
1819 | ((s->uTxDir != PDMMEDIATXDIR_TO_DEVICE) ? ATAPI_INT_REASON_IO : 0)
1820 | (!s->cbTotalTransfer ? ATAPI_INT_REASON_CD : 0);
1821 Log2(("%s: interrupt reason %#04x\n", __FUNCTION__, s->uATARegNSector));
1822
1823 memset(s->abATAPISense, '\0', sizeof(s->abATAPISense));
1824 s->abATAPISense[0] = 0x70 | (1 << 7);
1825 s->abATAPISense[7] = 10;
1826}
1827
1828
1829static void atapiR3CmdError(ATADevState *s, const uint8_t *pabATAPISense, size_t cbATAPISense)
1830{
1831 Log(("%s: sense=%#x (%s) asc=%#x ascq=%#x (%s)\n", __FUNCTION__, pabATAPISense[2] & 0x0f, SCSISenseText(pabATAPISense[2] & 0x0f),
1832 pabATAPISense[12], pabATAPISense[13], SCSISenseExtText(pabATAPISense[12], pabATAPISense[13])));
1833 s->uATARegError = pabATAPISense[2] << 4;
1834 ataSetStatusValue(s, ATA_STAT_READY | ATA_STAT_ERR);
1835 s->uATARegNSector = (s->uATARegNSector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
1836 Log2(("%s: interrupt reason %#04x\n", __FUNCTION__, s->uATARegNSector));
1837 memset(s->abATAPISense, '\0', sizeof(s->abATAPISense));
1838 memcpy(s->abATAPISense, pabATAPISense, RT_MIN(cbATAPISense, sizeof(s->abATAPISense)));
1839 s->cbTotalTransfer = 0;
1840 s->cbElementaryTransfer = 0;
1841 s->cbAtapiPassthroughTransfer = 0;
1842 s->iIOBufferCur = 0;
1843 s->iIOBufferEnd = 0;
1844 s->uTxDir = PDMMEDIATXDIR_NONE;
1845 s->iBeginTransfer = ATAFN_BT_NULL;
1846 s->iSourceSink = ATAFN_SS_NULL;
1847}
1848
1849
1850/** @todo deprecated function - doesn't provide enough info. Replace by direct
1851 * calls to atapiR3CmdError() with full data. */
1852static void atapiR3CmdErrorSimple(ATADevState *s, uint8_t uATAPISenseKey, uint8_t uATAPIASC)
1853{
1854 uint8_t abATAPISense[ATAPI_SENSE_SIZE];
1855 memset(abATAPISense, '\0', sizeof(abATAPISense));
1856 abATAPISense[0] = 0x70 | (1 << 7);
1857 abATAPISense[2] = uATAPISenseKey & 0x0f;
1858 abATAPISense[7] = 10;
1859 abATAPISense[12] = uATAPIASC;
1860 atapiR3CmdError(s, abATAPISense, sizeof(abATAPISense));
1861}
1862
1863
1864static void atapiR3CmdBT(ATADevState *s)
1865{
1866 s->fATAPITransfer = true;
1867 s->cbElementaryTransfer = s->cbTotalTransfer;
1868 s->cbAtapiPassthroughTransfer = s->cbTotalTransfer;
1869 s->cbPIOTransferLimit = s->uATARegLCyl | (s->uATARegHCyl << 8);
1870 if (s->uTxDir == PDMMEDIATXDIR_TO_DEVICE)
1871 atapiR3CmdOK(s);
1872}
1873
1874
1875static void atapiR3PassthroughCmdBT(ATADevState *s)
1876{
1877 atapiR3CmdBT(s);
1878}
1879
1880static bool atapiR3ReadSS(ATADevState *s)
1881{
1882 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
1883 int rc = VINF_SUCCESS;
1884 uint32_t cbTransfer, cSectors;
1885 uint64_t cbBlockRegion = 0;
1886
1887 Assert(s->uTxDir == PDMMEDIATXDIR_FROM_DEVICE);
1888 cbTransfer = RT_MIN(s->cbTotalTransfer, s->cbIOBuffer);
1889 cSectors = cbTransfer / s->cbATAPISector;
1890 Assert(cSectors * s->cbATAPISector <= cbTransfer);
1891 Log(("%s: %d sectors at LBA %d\n", __FUNCTION__, cSectors, s->iATAPILBA));
1892
1893 ataR3LockLeave(pCtl);
1894
1895 rc = s->pDrvMedia->pfnQueryRegionPropertiesForLba(s->pDrvMedia, s->iATAPILBA, NULL, NULL,
1896 &cbBlockRegion, NULL);
1897 if (RT_SUCCESS(rc))
1898 {
1899 STAM_PROFILE_ADV_START(&s->StatReads, r);
1900 s->Led.Asserted.s.fReading = s->Led.Actual.s.fReading = 1;
1901
1902 /* If the region block size and requested sector matches we can just pass the request through. */
1903 if (cbBlockRegion == s->cbATAPISector)
1904 rc = s->pDrvMedia->pfnRead(s->pDrvMedia, (uint64_t)s->iATAPILBA * s->cbATAPISector,
1905 s->CTX_SUFF(pbIOBuffer), s->cbATAPISector * cSectors);
1906 else
1907 {
1908 if (cbBlockRegion == 2048 && s->cbATAPISector == 2352)
1909 {
1910 /* Generate the sync bytes. */
1911 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
1912
1913 for (uint32_t i = s->iATAPILBA; i < s->iATAPILBA + cSectors; i++)
1914 {
1915 /* Sync bytes, see 4.2.3.8 CD Main Channel Block Formats */
1916 *pbBuf++ = 0x00;
1917 memset(pbBuf, 0xff, 10);
1918 pbBuf += 10;
1919 *pbBuf++ = 0x00;
1920 /* MSF */
1921 scsiLBA2MSF(pbBuf, i);
1922 pbBuf += 3;
1923 *pbBuf++ = 0x01; /* mode 1 data */
1924 /* data */
1925 rc = s->pDrvMedia->pfnRead(s->pDrvMedia, (uint64_t)i * 2048, pbBuf, 2048);
1926 if (RT_FAILURE(rc))
1927 break;
1928 pbBuf += 2048;
1929 /**
1930 * @todo: maybe compute ECC and parity, layout is:
1931 * 2072 4 EDC
1932 * 2076 172 P parity symbols
1933 * 2248 104 Q parity symbols
1934 */
1935 memset(pbBuf, 0, 280);
1936 pbBuf += 280;
1937 }
1938 }
1939 else if (cbBlockRegion == 2352 && s->cbATAPISector == 2048)
1940 {
1941 /* Read only the user data portion. */
1942 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
1943
1944 for (uint32_t i = s->iATAPILBA; i < s->iATAPILBA + cSectors; i++)
1945 {
1946 uint8_t abTmp[2352];
1947 rc = s->pDrvMedia->pfnRead(s->pDrvMedia, (uint64_t)i * 2352, &abTmp[0], 2352);
1948 if (RT_FAILURE(rc))
1949 break;
1950
1951 memcpy(pbBuf, &abTmp[16], 2048);
1952 pbBuf += 2048;
1953 }
1954 }
1955 }
1956 s->Led.Actual.s.fReading = 0;
1957 STAM_PROFILE_ADV_STOP(&s->StatReads, r);
1958 }
1959
1960 ataR3LockEnter(pCtl);
1961
1962 if (RT_SUCCESS(rc))
1963 {
1964 STAM_REL_COUNTER_ADD(&s->StatBytesRead, s->cbATAPISector * cSectors);
1965
1966 /* The initial buffer end value has been set up based on the total
1967 * transfer size. But the I/O buffer size limits what can actually be
1968 * done in one transfer, so set the actual value of the buffer end. */
1969 s->cbElementaryTransfer = cbTransfer;
1970 if (cbTransfer >= s->cbTotalTransfer)
1971 s->iSourceSink = ATAFN_SS_NULL;
1972 atapiR3CmdOK(s);
1973 s->iATAPILBA += cSectors;
1974 }
1975 else
1976 {
1977 if (s->cErrors++ < MAX_LOG_REL_ERRORS)
1978 LogRel(("PIIX3 ATA: LUN#%d: CD-ROM read error, %d sectors at LBA %d\n", s->iLUN, cSectors, s->iATAPILBA));
1979
1980 /*
1981 * Check if we got interrupted. We don't need to set status variables
1982 * because the request was aborted.
1983 */
1984 if (rc != VERR_INTERRUPTED)
1985 atapiR3CmdErrorSimple(s, SCSI_SENSE_MEDIUM_ERROR, SCSI_ASC_READ_ERROR);
1986 }
1987 return false;
1988}
1989
1990/**
1991 * Sets the given media track type.
1992 */
1993static uint32_t ataR3MediumTypeSet(ATADevState *s, uint32_t MediaTrackType)
1994{
1995 return ASMAtomicXchgU32(&s->MediaTrackType, MediaTrackType);
1996}
1997
1998static bool atapiR3PassthroughSS(ATADevState *s)
1999{
2000 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
2001 int rc = VINF_SUCCESS;
2002 uint8_t abATAPISense[ATAPI_SENSE_SIZE];
2003 uint32_t cbTransfer;
2004 PSTAMPROFILEADV pProf = NULL;
2005
2006 cbTransfer = RT_MIN(s->cbAtapiPassthroughTransfer, s->cbIOBuffer);
2007
2008 if (s->uTxDir == PDMMEDIATXDIR_TO_DEVICE)
2009 Log3(("ATAPI PT data write (%d): %.*Rhxs\n", cbTransfer, cbTransfer, s->CTX_SUFF(pbIOBuffer)));
2010
2011 /* Simple heuristics: if there is at least one sector of data
2012 * to transfer, it's worth updating the LEDs. */
2013 if (cbTransfer >= 2048)
2014 {
2015 if (s->uTxDir != PDMMEDIATXDIR_TO_DEVICE)
2016 {
2017 s->Led.Asserted.s.fReading = s->Led.Actual.s.fReading = 1;
2018 pProf = &s->StatReads;
2019 }
2020 else
2021 {
2022 s->Led.Asserted.s.fWriting = s->Led.Actual.s.fWriting = 1;
2023 pProf = &s->StatWrites;
2024 }
2025 }
2026
2027 ataR3LockLeave(pCtl);
2028
2029# if defined(LOG_ENABLED)
2030 char szBuf[1024];
2031
2032 memset(szBuf, 0, sizeof(szBuf));
2033
2034 switch (s->aATAPICmd[0])
2035 {
2036 case SCSI_MODE_SELECT_10:
2037 {
2038 size_t cbBlkDescLength = scsiBE2H_U16(&s->CTX_SUFF(pbIOBuffer)[6]);
2039
2040 SCSILogModePage(szBuf, sizeof(szBuf) - 1,
2041 s->CTX_SUFF(pbIOBuffer) + 8 + cbBlkDescLength,
2042 cbTransfer - 8 - cbBlkDescLength);
2043 break;
2044 }
2045 case SCSI_SEND_CUE_SHEET:
2046 {
2047 SCSILogCueSheet(szBuf, sizeof(szBuf) - 1,
2048 s->CTX_SUFF(pbIOBuffer), cbTransfer);
2049 break;
2050 }
2051 default:
2052 break;
2053 }
2054
2055 Log2(("%s\n", szBuf));
2056# endif
2057
2058 if (pProf) { STAM_PROFILE_ADV_START(pProf, b); }
2059 if ( cbTransfer > SCSI_MAX_BUFFER_SIZE
2060 || s->cbElementaryTransfer > s->cbIOBuffer)
2061 {
2062 /* Linux accepts commands with up to 100KB of data, but expects
2063 * us to handle commands with up to 128KB of data. The usual
2064 * imbalance of powers. */
2065 uint8_t aATAPICmd[ATAPI_PACKET_SIZE];
2066 uint32_t iATAPILBA, cSectors, cReqSectors, cbCurrTX;
2067 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2068 uint32_t cSectorsMax; /**< Maximum amount of sectors to read without exceeding the I/O buffer. */
2069
2070 Assert(s->cbATAPISector);
2071 cSectorsMax = cbTransfer / s->cbATAPISector;
2072 Assert(cSectorsMax * s->cbATAPISector <= s->cbIOBuffer);
2073
2074 switch (s->aATAPICmd[0])
2075 {
2076 case SCSI_READ_10:
2077 case SCSI_WRITE_10:
2078 case SCSI_WRITE_AND_VERIFY_10:
2079 iATAPILBA = scsiBE2H_U32(s->aATAPICmd + 2);
2080 cSectors = scsiBE2H_U16(s->aATAPICmd + 7);
2081 break;
2082 case SCSI_READ_12:
2083 case SCSI_WRITE_12:
2084 iATAPILBA = scsiBE2H_U32(s->aATAPICmd + 2);
2085 cSectors = scsiBE2H_U32(s->aATAPICmd + 6);
2086 break;
2087 case SCSI_READ_CD:
2088 iATAPILBA = scsiBE2H_U32(s->aATAPICmd + 2);
2089 cSectors = scsiBE2H_U24(s->aATAPICmd + 6);
2090 break;
2091 case SCSI_READ_CD_MSF:
2092 iATAPILBA = scsiMSF2LBA(s->aATAPICmd + 3);
2093 cSectors = scsiMSF2LBA(s->aATAPICmd + 6) - iATAPILBA;
2094 break;
2095 default:
2096 AssertMsgFailed(("Don't know how to split command %#04x\n", s->aATAPICmd[0]));
2097 if (s->cErrors++ < MAX_LOG_REL_ERRORS)
2098 LogRel(("PIIX3 ATA: LUN#%d: CD-ROM passthrough split error\n", s->iLUN));
2099 atapiR3CmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_ILLEGAL_OPCODE);
2100 ataR3LockEnter(pCtl);
2101 return false;
2102 }
2103 cSectorsMax = RT_MIN(cSectorsMax, cSectors);
2104 memcpy(aATAPICmd, s->aATAPICmd, ATAPI_PACKET_SIZE);
2105 cReqSectors = 0;
2106 for (uint32_t i = cSectorsMax; i > 0; i -= cReqSectors)
2107 {
2108 if (i * s->cbATAPISector > SCSI_MAX_BUFFER_SIZE)
2109 cReqSectors = SCSI_MAX_BUFFER_SIZE / s->cbATAPISector;
2110 else
2111 cReqSectors = i;
2112 cbCurrTX = s->cbATAPISector * cReqSectors;
2113 switch (s->aATAPICmd[0])
2114 {
2115 case SCSI_READ_10:
2116 case SCSI_WRITE_10:
2117 case SCSI_WRITE_AND_VERIFY_10:
2118 scsiH2BE_U32(aATAPICmd + 2, iATAPILBA);
2119 scsiH2BE_U16(aATAPICmd + 7, cReqSectors);
2120 break;
2121 case SCSI_READ_12:
2122 case SCSI_WRITE_12:
2123 scsiH2BE_U32(aATAPICmd + 2, iATAPILBA);
2124 scsiH2BE_U32(aATAPICmd + 6, cReqSectors);
2125 break;
2126 case SCSI_READ_CD:
2127 scsiH2BE_U32(aATAPICmd + 2, iATAPILBA);
2128 scsiH2BE_U24(aATAPICmd + 6, cReqSectors);
2129 break;
2130 case SCSI_READ_CD_MSF:
2131 scsiLBA2MSF(aATAPICmd + 3, iATAPILBA);
2132 scsiLBA2MSF(aATAPICmd + 6, iATAPILBA + cReqSectors);
2133 break;
2134 }
2135 rc = s->pDrvMedia->pfnSendCmd(s->pDrvMedia, aATAPICmd, ATAPI_PACKET_SIZE, (PDMMEDIATXDIR)s->uTxDir,
2136 pbBuf, &cbCurrTX, abATAPISense, sizeof(abATAPISense), 30000 /**< @todo timeout */);
2137 if (rc != VINF_SUCCESS)
2138 break;
2139 iATAPILBA += cReqSectors;
2140 pbBuf += s->cbATAPISector * cReqSectors;
2141 }
2142
2143 if (RT_SUCCESS(rc))
2144 {
2145 /* Adjust ATAPI command for the next call. */
2146 switch (s->aATAPICmd[0])
2147 {
2148 case SCSI_READ_10:
2149 case SCSI_WRITE_10:
2150 case SCSI_WRITE_AND_VERIFY_10:
2151 scsiH2BE_U32(s->aATAPICmd + 2, iATAPILBA);
2152 scsiH2BE_U16(s->aATAPICmd + 7, cSectors - cSectorsMax);
2153 break;
2154 case SCSI_READ_12:
2155 case SCSI_WRITE_12:
2156 scsiH2BE_U32(s->aATAPICmd + 2, iATAPILBA);
2157 scsiH2BE_U32(s->aATAPICmd + 6, cSectors - cSectorsMax);
2158 break;
2159 case SCSI_READ_CD:
2160 scsiH2BE_U32(s->aATAPICmd + 2, iATAPILBA);
2161 scsiH2BE_U24(s->aATAPICmd + 6, cSectors - cSectorsMax);
2162 break;
2163 case SCSI_READ_CD_MSF:
2164 scsiLBA2MSF(s->aATAPICmd + 3, iATAPILBA);
2165 scsiLBA2MSF(s->aATAPICmd + 6, iATAPILBA + cSectors - cSectorsMax);
2166 break;
2167 default:
2168 AssertMsgFailed(("Don't know how to split command %#04x\n", s->aATAPICmd[0]));
2169 if (s->cErrors++ < MAX_LOG_REL_ERRORS)
2170 LogRel(("PIIX3 ATA: LUN#%d: CD-ROM passthrough split error\n", s->iLUN));
2171 atapiR3CmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_ILLEGAL_OPCODE);
2172 return false;
2173 }
2174 }
2175 }
2176 else
2177 rc = s->pDrvMedia->pfnSendCmd(s->pDrvMedia, s->aATAPICmd, ATAPI_PACKET_SIZE, (PDMMEDIATXDIR)s->uTxDir,
2178 s->CTX_SUFF(pbIOBuffer), &cbTransfer, abATAPISense, sizeof(abATAPISense), 30000 /**< @todo timeout */);
2179 if (pProf) { STAM_PROFILE_ADV_STOP(pProf, b); }
2180
2181 ataR3LockEnter(pCtl);
2182
2183 /* Update the LEDs and the read/write statistics. */
2184 if (cbTransfer >= 2048)
2185 {
2186 if (s->uTxDir != PDMMEDIATXDIR_TO_DEVICE)
2187 {
2188 s->Led.Actual.s.fReading = 0;
2189 STAM_REL_COUNTER_ADD(&s->StatBytesRead, cbTransfer);
2190 }
2191 else
2192 {
2193 s->Led.Actual.s.fWriting = 0;
2194 STAM_REL_COUNTER_ADD(&s->StatBytesWritten, cbTransfer);
2195 }
2196 }
2197
2198 if (RT_SUCCESS(rc))
2199 {
2200 /* Do post processing for certain commands. */
2201 switch (s->aATAPICmd[0])
2202 {
2203 case SCSI_SEND_CUE_SHEET:
2204 case SCSI_READ_TOC_PMA_ATIP:
2205 {
2206 if (!s->pTrackList)
2207 rc = ATAPIPassthroughTrackListCreateEmpty(&s->pTrackList);
2208
2209 if (RT_SUCCESS(rc))
2210 rc = ATAPIPassthroughTrackListUpdate(s->pTrackList, s->aATAPICmd, s->CTX_SUFF(pbIOBuffer));
2211
2212 if ( RT_FAILURE(rc)
2213 && s->cErrors++ < MAX_LOG_REL_ERRORS)
2214 LogRel(("ATA: Error (%Rrc) while updating the tracklist during %s, burning the disc might fail\n",
2215 rc, s->aATAPICmd[0] == SCSI_SEND_CUE_SHEET ? "SEND CUE SHEET" : "READ TOC/PMA/ATIP"));
2216 break;
2217 }
2218 case SCSI_SYNCHRONIZE_CACHE:
2219 {
2220 if (s->pTrackList)
2221 ATAPIPassthroughTrackListClear(s->pTrackList);
2222 break;
2223 }
2224 }
2225
2226 if (s->uTxDir == PDMMEDIATXDIR_FROM_DEVICE)
2227 {
2228 /*
2229 * Reply with the same amount of data as the real drive
2230 * but only if the command wasn't split.
2231 */
2232 if (s->cbAtapiPassthroughTransfer < s->cbIOBuffer)
2233 s->cbTotalTransfer = cbTransfer;
2234
2235 if ( s->aATAPICmd[0] == SCSI_INQUIRY
2236 && s->fOverwriteInquiry)
2237 {
2238 /* Make sure that the real drive cannot be identified.
2239 * Motivation: changing the VM configuration should be as
2240 * invisible as possible to the guest. */
2241 Log3(("ATAPI PT inquiry data before (%d): %.*Rhxs\n", cbTransfer, cbTransfer, s->CTX_SUFF(pbIOBuffer)));
2242 scsiPadStr(s->CTX_SUFF(pbIOBuffer) + 8, "VBOX", 8);
2243 scsiPadStr(s->CTX_SUFF(pbIOBuffer) + 16, "CD-ROM", 16);
2244 scsiPadStr(s->CTX_SUFF(pbIOBuffer) + 32, "1.0", 4);
2245 }
2246
2247 if (cbTransfer)
2248 Log3(("ATAPI PT data read (%d):\n%.*Rhxd\n", cbTransfer, cbTransfer, s->CTX_SUFF(pbIOBuffer)));
2249 }
2250
2251 /* The initial buffer end value has been set up based on the total
2252 * transfer size. But the I/O buffer size limits what can actually be
2253 * done in one transfer, so set the actual value of the buffer end. */
2254 Assert(cbTransfer <= s->cbAtapiPassthroughTransfer);
2255 s->cbElementaryTransfer = cbTransfer;
2256 s->cbAtapiPassthroughTransfer -= cbTransfer;
2257 if (!s->cbAtapiPassthroughTransfer)
2258 {
2259 s->iSourceSink = ATAFN_SS_NULL;
2260 atapiR3CmdOK(s);
2261 }
2262 }
2263 else
2264 {
2265 if (s->cErrors < MAX_LOG_REL_ERRORS)
2266 {
2267 uint8_t u8Cmd = s->aATAPICmd[0];
2268 do
2269 {
2270 /* don't log superfluous errors */
2271 if ( rc == VERR_DEV_IO_ERROR
2272 && ( u8Cmd == SCSI_TEST_UNIT_READY
2273 || u8Cmd == SCSI_READ_CAPACITY
2274 || u8Cmd == SCSI_READ_DVD_STRUCTURE
2275 || u8Cmd == SCSI_READ_TOC_PMA_ATIP))
2276 break;
2277 s->cErrors++;
2278 LogRel(("PIIX3 ATA: LUN#%d: CD-ROM passthrough cmd=%#04x sense=%d ASC=%#02x ASCQ=%#02x %Rrc\n",
2279 s->iLUN, u8Cmd, abATAPISense[2] & 0x0f, abATAPISense[12], abATAPISense[13], rc));
2280 } while (0);
2281 }
2282 atapiR3CmdError(s, abATAPISense, sizeof(abATAPISense));
2283 }
2284 return false;
2285}
2286
2287/** @todo Revise ASAP. */
2288static bool atapiR3ReadDVDStructureSS(ATADevState *s)
2289{
2290 uint8_t *buf = s->CTX_SUFF(pbIOBuffer);
2291 int media = s->aATAPICmd[1];
2292 int format = s->aATAPICmd[7];
2293
2294 uint16_t max_len = scsiBE2H_U16(&s->aATAPICmd[8]);
2295
2296 memset(buf, 0, max_len);
2297
2298 switch (format) {
2299 case 0x00:
2300 case 0x01:
2301 case 0x02:
2302 case 0x03:
2303 case 0x04:
2304 case 0x05:
2305 case 0x06:
2306 case 0x07:
2307 case 0x08:
2308 case 0x09:
2309 case 0x0a:
2310 case 0x0b:
2311 case 0x0c:
2312 case 0x0d:
2313 case 0x0e:
2314 case 0x0f:
2315 case 0x10:
2316 case 0x11:
2317 case 0x30:
2318 case 0x31:
2319 case 0xff:
2320 if (media == 0)
2321 {
2322 int uASC = SCSI_ASC_NONE;
2323
2324 switch (format)
2325 {
2326 case 0x0: /* Physical format information */
2327 {
2328 int layer = s->aATAPICmd[6];
2329 uint64_t total_sectors;
2330
2331 if (layer != 0)
2332 {
2333 uASC = -SCSI_ASC_INV_FIELD_IN_CMD_PACKET;
2334 break;
2335 }
2336
2337 total_sectors = s->cTotalSectors;
2338 total_sectors >>= 2;
2339 if (total_sectors == 0)
2340 {
2341 uASC = -SCSI_ASC_MEDIUM_NOT_PRESENT;
2342 break;
2343 }
2344
2345 buf[4] = 1; /* DVD-ROM, part version 1 */
2346 buf[5] = 0xf; /* 120mm disc, minimum rate unspecified */
2347 buf[6] = 1; /* one layer, read-only (per MMC-2 spec) */
2348 buf[7] = 0; /* default densities */
2349
2350 /* FIXME: 0x30000 per spec? */
2351 scsiH2BE_U32(buf + 8, 0); /* start sector */
2352 scsiH2BE_U32(buf + 12, total_sectors - 1); /* end sector */
2353 scsiH2BE_U32(buf + 16, total_sectors - 1); /* l0 end sector */
2354
2355 /* Size of buffer, not including 2 byte size field */
2356 scsiH2BE_U32(&buf[0], 2048 + 2);
2357
2358 /* 2k data + 4 byte header */
2359 uASC = (2048 + 4);
2360 break;
2361 }
2362 case 0x01: /* DVD copyright information */
2363 buf[4] = 0; /* no copyright data */
2364 buf[5] = 0; /* no region restrictions */
2365
2366 /* Size of buffer, not including 2 byte size field */
2367 scsiH2BE_U16(buf, 4 + 2);
2368
2369 /* 4 byte header + 4 byte data */
2370 uASC = (4 + 4);
2371 break;
2372
2373 case 0x03: /* BCA information - invalid field for no BCA info */
2374 uASC = -SCSI_ASC_INV_FIELD_IN_CMD_PACKET;
2375 break;
2376
2377 case 0x04: /* DVD disc manufacturing information */
2378 /* Size of buffer, not including 2 byte size field */
2379 scsiH2BE_U16(buf, 2048 + 2);
2380
2381 /* 2k data + 4 byte header */
2382 uASC = (2048 + 4);
2383 break;
2384 case 0xff:
2385 /*
2386 * This lists all the command capabilities above. Add new ones
2387 * in order and update the length and buffer return values.
2388 */
2389
2390 buf[4] = 0x00; /* Physical format */
2391 buf[5] = 0x40; /* Not writable, is readable */
2392 scsiH2BE_U16((buf + 6), 2048 + 4);
2393
2394 buf[8] = 0x01; /* Copyright info */
2395 buf[9] = 0x40; /* Not writable, is readable */
2396 scsiH2BE_U16((buf + 10), 4 + 4);
2397
2398 buf[12] = 0x03; /* BCA info */
2399 buf[13] = 0x40; /* Not writable, is readable */
2400 scsiH2BE_U16((buf + 14), 188 + 4);
2401
2402 buf[16] = 0x04; /* Manufacturing info */
2403 buf[17] = 0x40; /* Not writable, is readable */
2404 scsiH2BE_U16((buf + 18), 2048 + 4);
2405
2406 /* Size of buffer, not including 2 byte size field */
2407 scsiH2BE_U16(buf, 16 + 2);
2408
2409 /* data written + 4 byte header */
2410 uASC = (16 + 4);
2411 break;
2412 default: /** @todo formats beyond DVD-ROM requires */
2413 uASC = -SCSI_ASC_INV_FIELD_IN_CMD_PACKET;
2414 }
2415
2416 if (uASC < 0)
2417 {
2418 s->iSourceSink = ATAFN_SS_NULL;
2419 atapiR3CmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, -uASC);
2420 return false;
2421 }
2422 break;
2423 }
2424 /** @todo BD support, fall through for now */
2425 RT_FALL_THRU();
2426
2427 /* Generic disk structures */
2428 case 0x80: /** @todo AACS volume identifier */
2429 case 0x81: /** @todo AACS media serial number */
2430 case 0x82: /** @todo AACS media identifier */
2431 case 0x83: /** @todo AACS media key block */
2432 case 0x90: /** @todo List of recognized format layers */
2433 case 0xc0: /** @todo Write protection status */
2434 default:
2435 s->iSourceSink = ATAFN_SS_NULL;
2436 atapiR3CmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST,
2437 SCSI_ASC_INV_FIELD_IN_CMD_PACKET);
2438 return false;
2439 }
2440
2441 s->iSourceSink = ATAFN_SS_NULL;
2442 atapiR3CmdOK(s);
2443 return false;
2444}
2445
2446static bool atapiR3ReadSectors(ATADevState *s, uint32_t iATAPILBA, uint32_t cSectors, uint32_t cbSector)
2447{
2448 Assert(cSectors > 0);
2449 s->iATAPILBA = iATAPILBA;
2450 s->cbATAPISector = cbSector;
2451 ataR3StartTransfer(s, cSectors * cbSector, PDMMEDIATXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_READ, true);
2452 return false;
2453}
2454
2455
2456static bool atapiR3ReadCapacitySS(ATADevState *s)
2457{
2458 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2459
2460 Assert(s->uTxDir == PDMMEDIATXDIR_FROM_DEVICE);
2461 Assert(s->cbElementaryTransfer <= 8);
2462 scsiH2BE_U32(pbBuf, s->cTotalSectors - 1);
2463 scsiH2BE_U32(pbBuf + 4, 2048);
2464 s->iSourceSink = ATAFN_SS_NULL;
2465 atapiR3CmdOK(s);
2466 return false;
2467}
2468
2469
2470static bool atapiR3ReadDiscInformationSS(ATADevState *s)
2471{
2472 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2473
2474 Assert(s->uTxDir == PDMMEDIATXDIR_FROM_DEVICE);
2475 Assert(s->cbElementaryTransfer <= 34);
2476 memset(pbBuf, '\0', 34);
2477 scsiH2BE_U16(pbBuf, 32);
2478 pbBuf[2] = (0 << 4) | (3 << 2) | (2 << 0); /* not erasable, complete session, complete disc */
2479 pbBuf[3] = 1; /* number of first track */
2480 pbBuf[4] = 1; /* number of sessions (LSB) */
2481 pbBuf[5] = 1; /* first track number in last session (LSB) */
2482 pbBuf[6] = (uint8_t)s->pDrvMedia->pfnGetRegionCount(s->pDrvMedia); /* last track number in last session (LSB) */
2483 pbBuf[7] = (0 << 7) | (0 << 6) | (1 << 5) | (0 << 2) | (0 << 0); /* disc id not valid, disc bar code not valid, unrestricted use, not dirty, not RW medium */
2484 pbBuf[8] = 0; /* disc type = CD-ROM */
2485 pbBuf[9] = 0; /* number of sessions (MSB) */
2486 pbBuf[10] = 0; /* number of sessions (MSB) */
2487 pbBuf[11] = 0; /* number of sessions (MSB) */
2488 scsiH2BE_U32(pbBuf + 16, 0xffffffff); /* last session lead-in start time is not available */
2489 scsiH2BE_U32(pbBuf + 20, 0xffffffff); /* last possible start time for lead-out is not available */
2490 s->iSourceSink = ATAFN_SS_NULL;
2491 atapiR3CmdOK(s);
2492 return false;
2493}
2494
2495
2496static bool atapiR3ReadTrackInformationSS(ATADevState *s)
2497{
2498 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2499 uint32_t u32LogAddr = scsiBE2H_U32(&s->aATAPICmd[2]);
2500 uint8_t u8LogAddrType = s->aATAPICmd[1] & 0x03;
2501
2502 int rc = VINF_SUCCESS;
2503 uint64_t u64LbaStart = 0;
2504 uint32_t uRegion = 0;
2505 uint64_t cBlocks = 0;
2506 uint64_t cbBlock = 0;
2507 uint8_t u8DataMode = 0xf; /* Unknown data mode. */
2508 uint8_t u8TrackMode = 0;
2509 VDREGIONDATAFORM enmDataForm = VDREGIONDATAFORM_INVALID;
2510
2511 Assert(s->uTxDir == PDMMEDIATXDIR_FROM_DEVICE);
2512 Assert(s->cbElementaryTransfer <= 36);
2513
2514 switch (u8LogAddrType)
2515 {
2516 case 0x00:
2517 rc = s->pDrvMedia->pfnQueryRegionPropertiesForLba(s->pDrvMedia, u32LogAddr, &uRegion,
2518 NULL, NULL, NULL);
2519 if (RT_SUCCESS(rc))
2520 rc = s->pDrvMedia->pfnQueryRegionProperties(s->pDrvMedia, uRegion, &u64LbaStart,
2521 &cBlocks, &cbBlock, &enmDataForm);
2522 break;
2523 case 0x01:
2524 {
2525 if (u32LogAddr >= 1)
2526 {
2527 uRegion = u32LogAddr - 1;
2528 rc = s->pDrvMedia->pfnQueryRegionProperties(s->pDrvMedia, uRegion, &u64LbaStart,
2529 &cBlocks, &cbBlock, &enmDataForm);
2530 }
2531 else
2532 rc = VERR_NOT_FOUND; /** @todo Return lead-in information. */
2533 break;
2534 }
2535 case 0x02:
2536 default:
2537 atapiR3CmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_INV_FIELD_IN_CMD_PACKET);
2538 return false;
2539 }
2540
2541 if (RT_FAILURE(rc))
2542 {
2543 atapiR3CmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_INV_FIELD_IN_CMD_PACKET);
2544 return false;
2545 }
2546
2547 switch (enmDataForm)
2548 {
2549 case VDREGIONDATAFORM_MODE1_2048:
2550 case VDREGIONDATAFORM_MODE1_2352:
2551 case VDREGIONDATAFORM_MODE1_0:
2552 u8DataMode = 1;
2553 break;
2554 case VDREGIONDATAFORM_XA_2336:
2555 case VDREGIONDATAFORM_XA_2352:
2556 case VDREGIONDATAFORM_XA_0:
2557 case VDREGIONDATAFORM_MODE2_2336:
2558 case VDREGIONDATAFORM_MODE2_2352:
2559 case VDREGIONDATAFORM_MODE2_0:
2560 u8DataMode = 2;
2561 break;
2562 default:
2563 u8DataMode = 0xf;
2564 }
2565
2566 if (enmDataForm == VDREGIONDATAFORM_CDDA)
2567 u8TrackMode = 0x0;
2568 else
2569 u8TrackMode = 0x4;
2570
2571 memset(pbBuf, '\0', 36);
2572 scsiH2BE_U16(pbBuf, 34);
2573 pbBuf[2] = uRegion + 1; /* track number (LSB) */
2574 pbBuf[3] = 1; /* session number (LSB) */
2575 pbBuf[5] = (0 << 5) | (0 << 4) | u8TrackMode; /* not damaged, primary copy, data track */
2576 pbBuf[6] = (0 << 7) | (0 << 6) | (0 << 5) | (0 << 6) | u8DataMode; /* not reserved track, not blank, not packet writing, not fixed packet */
2577 pbBuf[7] = (0 << 1) | (0 << 0); /* last recorded address not valid, next recordable address not valid */
2578 scsiH2BE_U32(pbBuf + 8, (uint32_t)u64LbaStart); /* track start address is 0 */
2579 scsiH2BE_U32(pbBuf + 24, (uint32_t)cBlocks); /* track size */
2580 pbBuf[32] = 0; /* track number (MSB) */
2581 pbBuf[33] = 0; /* session number (MSB) */
2582 s->iSourceSink = ATAFN_SS_NULL;
2583 atapiR3CmdOK(s);
2584 return false;
2585}
2586
2587static DECLCALLBACK(uint32_t) atapiR3GetConfigurationFillFeatureListProfiles(ATADevState *s, uint8_t *pbBuf, size_t cbBuf)
2588{
2589 RT_NOREF1(s);
2590 if (cbBuf < 3*4)
2591 return 0;
2592
2593 scsiH2BE_U16(pbBuf, 0x0); /* feature 0: list of profiles supported */
2594 pbBuf[2] = (0 << 2) | (1 << 1) | (1 << 0); /* version 0, persistent, current */
2595 pbBuf[3] = 8; /* additional bytes for profiles */
2596 /* The MMC-3 spec says that DVD-ROM read capability should be reported
2597 * before CD-ROM read capability. */
2598 scsiH2BE_U16(pbBuf + 4, 0x10); /* profile: read-only DVD */
2599 pbBuf[6] = (0 << 0); /* NOT current profile */
2600 scsiH2BE_U16(pbBuf + 8, 0x08); /* profile: read only CD */
2601 pbBuf[10] = (1 << 0); /* current profile */
2602
2603 return 3*4; /* Header + 2 profiles entries */
2604}
2605
2606static DECLCALLBACK(uint32_t) atapiR3GetConfigurationFillFeatureCore(ATADevState *s, uint8_t *pbBuf, size_t cbBuf)
2607{
2608 RT_NOREF1(s);
2609 if (cbBuf < 12)
2610 return 0;
2611
2612 scsiH2BE_U16(pbBuf, 0x1); /* feature 0001h: Core Feature */
2613 pbBuf[2] = (0x2 << 2) | RT_BIT(1) | RT_BIT(0); /* Version | Persistent | Current */
2614 pbBuf[3] = 8; /* Additional length */
2615 scsiH2BE_U16(pbBuf + 4, 0x00000002); /* Physical interface ATAPI. */
2616 pbBuf[8] = RT_BIT(0); /* DBE */
2617 /* Rest is reserved. */
2618
2619 return 12;
2620}
2621
2622static DECLCALLBACK(uint32_t) atapiR3GetConfigurationFillFeatureMorphing(ATADevState *s, uint8_t *pbBuf, size_t cbBuf)
2623{
2624 RT_NOREF1(s);
2625 if (cbBuf < 8)
2626 return 0;
2627
2628 scsiH2BE_U16(pbBuf, 0x2); /* feature 0002h: Morphing Feature */
2629 pbBuf[2] = (0x1 << 2) | RT_BIT(1) | RT_BIT(0); /* Version | Persistent | Current */
2630 pbBuf[3] = 4; /* Additional length */
2631 pbBuf[4] = RT_BIT(1) | 0x0; /* OCEvent | !ASYNC */
2632 /* Rest is reserved. */
2633
2634 return 8;
2635}
2636
2637static DECLCALLBACK(uint32_t) atapiR3GetConfigurationFillFeatureRemovableMedium(ATADevState *s, uint8_t *pbBuf, size_t cbBuf)
2638{
2639 RT_NOREF1(s);
2640 if (cbBuf < 8)
2641 return 0;
2642
2643 scsiH2BE_U16(pbBuf, 0x3); /* feature 0003h: Removable Medium Feature */
2644 pbBuf[2] = (0x2 << 2) | RT_BIT(1) | RT_BIT(0); /* Version | Persistent | Current */
2645 pbBuf[3] = 4; /* Additional length */
2646 /* Tray type loading | Load | Eject | !Pvnt Jmpr | !DBML | Lock */
2647 pbBuf[4] = (0x2 << 5) | RT_BIT(4) | RT_BIT(3) | (0x0 << 2) | (0x0 << 1) | RT_BIT(0);
2648 /* Rest is reserved. */
2649
2650 return 8;
2651}
2652
2653static DECLCALLBACK(uint32_t) atapiR3GetConfigurationFillFeatureRandomReadable (ATADevState *s, uint8_t *pbBuf, size_t cbBuf)
2654{
2655 RT_NOREF1(s);
2656 if (cbBuf < 12)
2657 return 0;
2658
2659 scsiH2BE_U16(pbBuf, 0x10); /* feature 0010h: Random Readable Feature */
2660 pbBuf[2] = (0x0 << 2) | RT_BIT(1) | RT_BIT(0); /* Version | Persistent | Current */
2661 pbBuf[3] = 8; /* Additional length */
2662 scsiH2BE_U32(pbBuf + 4, 2048); /* Logical block size. */
2663 scsiH2BE_U16(pbBuf + 8, 0x10); /* Blocking (0x10 for DVD, CD is not defined). */
2664 pbBuf[10] = 0; /* PP not present */
2665 /* Rest is reserved. */
2666
2667 return 12;
2668}
2669
2670static DECLCALLBACK(uint32_t) atapiR3GetConfigurationFillFeatureCDRead(ATADevState *s, uint8_t *pbBuf, size_t cbBuf)
2671{
2672 RT_NOREF1(s);
2673 if (cbBuf < 8)
2674 return 0;
2675
2676 scsiH2BE_U16(pbBuf, 0x1e); /* feature 001Eh: CD Read Feature */
2677 pbBuf[2] = (0x2 << 2) | RT_BIT(1) | RT_BIT(0); /* Version | Persistent | Current */
2678 pbBuf[3] = 0; /* Additional length */
2679 pbBuf[4] = (0x0 << 7) | (0x0 << 1) | 0x0; /* !DAP | !C2-Flags | !CD-Text. */
2680 /* Rest is reserved. */
2681
2682 return 8;
2683}
2684
2685static DECLCALLBACK(uint32_t) atapiR3GetConfigurationFillFeaturePowerManagement(ATADevState *s, uint8_t *pbBuf, size_t cbBuf)
2686{
2687 RT_NOREF1(s);
2688 if (cbBuf < 4)
2689 return 0;
2690
2691 scsiH2BE_U16(pbBuf, 0x100); /* feature 0100h: Power Management Feature */
2692 pbBuf[2] = (0x0 << 2) | RT_BIT(1) | RT_BIT(0); /* Version | Persistent | Current */
2693 pbBuf[3] = 0; /* Additional length */
2694
2695 return 4;
2696}
2697
2698static DECLCALLBACK(uint32_t) atapiR3GetConfigurationFillFeatureTimeout(ATADevState *s, uint8_t *pbBuf, size_t cbBuf)
2699{
2700 RT_NOREF1(s);
2701 if (cbBuf < 8)
2702 return 0;
2703
2704 scsiH2BE_U16(pbBuf, 0x105); /* feature 0105h: Timeout Feature */
2705 pbBuf[2] = (0x0 << 2) | RT_BIT(1) | RT_BIT(0); /* Version | Persistent | Current */
2706 pbBuf[3] = 4; /* Additional length */
2707 pbBuf[4] = 0x0; /* !Group3 */
2708
2709 return 8;
2710}
2711
2712/**
2713 * Callback to fill in the correct data for a feature.
2714 *
2715 * @returns Number of bytes written into the buffer.
2716 * @param s The ATA device state.
2717 * @param pbBuf The buffer to fill the data with.
2718 * @param cbBuf Size of the buffer.
2719 */
2720typedef DECLCALLBACK(uint32_t) FNATAPIR3FEATUREFILL(ATADevState *s, uint8_t *pbBuf, size_t cbBuf);
2721/** Pointer to a feature fill callback. */
2722typedef FNATAPIR3FEATUREFILL *PFNATAPIR3FEATUREFILL;
2723
2724/**
2725 * ATAPI feature descriptor.
2726 */
2727typedef struct ATAPIR3FEATDESC
2728{
2729 /** The feature number. */
2730 uint16_t u16Feat;
2731 /** The callback to fill in the correct data. */
2732 PFNATAPIR3FEATUREFILL pfnFeatureFill;
2733} ATAPIR3FEATDESC;
2734
2735/**
2736 * Array of known ATAPI feature descriptors.
2737 */
2738static const ATAPIR3FEATDESC s_aAtapiR3Features[] =
2739{
2740 { 0x0000, atapiR3GetConfigurationFillFeatureListProfiles},
2741 { 0x0001, atapiR3GetConfigurationFillFeatureCore},
2742 { 0x0002, atapiR3GetConfigurationFillFeatureMorphing},
2743 { 0x0003, atapiR3GetConfigurationFillFeatureRemovableMedium},
2744 { 0x0010, atapiR3GetConfigurationFillFeatureRandomReadable},
2745 { 0x001e, atapiR3GetConfigurationFillFeatureCDRead},
2746 { 0x0100, atapiR3GetConfigurationFillFeaturePowerManagement},
2747 { 0x0105, atapiR3GetConfigurationFillFeatureTimeout}
2748};
2749
2750static bool atapiR3GetConfigurationSS(ATADevState *s)
2751{
2752 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2753 uint32_t cbBuf = s->cbIOBuffer;
2754 uint32_t cbCopied = 0;
2755 uint16_t u16Sfn = scsiBE2H_U16(&s->aATAPICmd[2]);
2756 uint8_t u8Rt = s->aATAPICmd[1] & 0x03;
2757
2758 Assert(s->uTxDir == PDMMEDIATXDIR_FROM_DEVICE);
2759 Assert(s->cbElementaryTransfer <= 80);
2760 /* Accept valid request types only. */
2761 if (u8Rt == 3)
2762 {
2763 atapiR3CmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_INV_FIELD_IN_CMD_PACKET);
2764 return false;
2765 }
2766 memset(pbBuf, '\0', cbBuf);
2767 /** @todo implement switching between CD-ROM and DVD-ROM profile (the only
2768 * way to differentiate them right now is based on the image size). */
2769 if (s->cTotalSectors)
2770 scsiH2BE_U16(pbBuf + 6, 0x08); /* current profile: read-only CD */
2771 else
2772 scsiH2BE_U16(pbBuf + 6, 0x00); /* current profile: none -> no media */
2773 cbBuf -= 8;
2774 pbBuf += 8;
2775
2776 if (u8Rt == 0x2)
2777 {
2778 for (uint32_t i = 0; i < RT_ELEMENTS(s_aAtapiR3Features); i++)
2779 {
2780 if (s_aAtapiR3Features[i].u16Feat == u16Sfn)
2781 {
2782 cbCopied = s_aAtapiR3Features[i].pfnFeatureFill(s, pbBuf, cbBuf);
2783 cbBuf -= cbCopied;
2784 pbBuf += cbCopied;
2785 break;
2786 }
2787 }
2788 }
2789 else
2790 {
2791 for (uint32_t i = 0; i < RT_ELEMENTS(s_aAtapiR3Features); i++)
2792 {
2793 if (s_aAtapiR3Features[i].u16Feat > u16Sfn)
2794 {
2795 cbCopied = s_aAtapiR3Features[i].pfnFeatureFill(s, pbBuf, cbBuf);
2796 cbBuf -= cbCopied;
2797 pbBuf += cbCopied;
2798 }
2799 }
2800 }
2801
2802 /* Set data length now - the field is not included in the final length. */
2803 scsiH2BE_U32(s->CTX_SUFF(pbIOBuffer), s->cbIOBuffer - cbBuf - 4);
2804
2805 /* Other profiles we might want to add in the future: 0x40 (BD-ROM) and 0x50 (HDDVD-ROM) */
2806 s->iSourceSink = ATAFN_SS_NULL;
2807 atapiR3CmdOK(s);
2808 return false;
2809}
2810
2811
2812static bool atapiR3GetEventStatusNotificationSS(ATADevState *s)
2813{
2814 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2815
2816 Assert(s->uTxDir == PDMMEDIATXDIR_FROM_DEVICE);
2817 Assert(s->cbElementaryTransfer <= 8);
2818
2819 if (!(s->aATAPICmd[1] & 1))
2820 {
2821 /* no asynchronous operation supported */
2822 atapiR3CmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_INV_FIELD_IN_CMD_PACKET);
2823 return false;
2824 }
2825
2826 uint32_t OldStatus, NewStatus;
2827 do
2828 {
2829 OldStatus = ASMAtomicReadU32(&s->MediaEventStatus);
2830 NewStatus = ATA_EVENT_STATUS_UNCHANGED;
2831 switch (OldStatus)
2832 {
2833 case ATA_EVENT_STATUS_MEDIA_NEW:
2834 /* mount */
2835 scsiH2BE_U16(pbBuf + 0, 6);
2836 pbBuf[2] = 0x04; /* media */
2837 pbBuf[3] = 0x5e; /* supported = busy|media|external|power|operational */
2838 pbBuf[4] = 0x02; /* new medium */
2839 pbBuf[5] = 0x02; /* medium present / door closed */
2840 pbBuf[6] = 0x00;
2841 pbBuf[7] = 0x00;
2842 break;
2843
2844 case ATA_EVENT_STATUS_MEDIA_CHANGED:
2845 case ATA_EVENT_STATUS_MEDIA_REMOVED:
2846 /* umount */
2847 scsiH2BE_U16(pbBuf + 0, 6);
2848 pbBuf[2] = 0x04; /* media */
2849 pbBuf[3] = 0x5e; /* supported = busy|media|external|power|operational */
2850 pbBuf[4] = 0x03; /* media removal */
2851 pbBuf[5] = 0x00; /* medium absent / door closed */
2852 pbBuf[6] = 0x00;
2853 pbBuf[7] = 0x00;
2854 if (OldStatus == ATA_EVENT_STATUS_MEDIA_CHANGED)
2855 NewStatus = ATA_EVENT_STATUS_MEDIA_NEW;
2856 break;
2857
2858 case ATA_EVENT_STATUS_MEDIA_EJECT_REQUESTED: /* currently unused */
2859 scsiH2BE_U16(pbBuf + 0, 6);
2860 pbBuf[2] = 0x04; /* media */
2861 pbBuf[3] = 0x5e; /* supported = busy|media|external|power|operational */
2862 pbBuf[4] = 0x01; /* eject requested (eject button pressed) */
2863 pbBuf[5] = 0x02; /* medium present / door closed */
2864 pbBuf[6] = 0x00;
2865 pbBuf[7] = 0x00;
2866 break;
2867
2868 case ATA_EVENT_STATUS_UNCHANGED:
2869 default:
2870 scsiH2BE_U16(pbBuf + 0, 6);
2871 pbBuf[2] = 0x01; /* operational change request / notification */
2872 pbBuf[3] = 0x5e; /* supported = busy|media|external|power|operational */
2873 pbBuf[4] = 0x00;
2874 pbBuf[5] = 0x00;
2875 pbBuf[6] = 0x00;
2876 pbBuf[7] = 0x00;
2877 break;
2878 }
2879 } while (!ASMAtomicCmpXchgU32(&s->MediaEventStatus, NewStatus, OldStatus));
2880
2881 s->iSourceSink = ATAFN_SS_NULL;
2882 atapiR3CmdOK(s);
2883 return false;
2884}
2885
2886
2887static bool atapiR3InquirySS(ATADevState *s)
2888{
2889 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2890
2891 Assert(s->uTxDir == PDMMEDIATXDIR_FROM_DEVICE);
2892 Assert(s->cbElementaryTransfer <= 36);
2893 pbBuf[0] = 0x05; /* CD-ROM */
2894 pbBuf[1] = 0x80; /* removable */
2895# if 1/*ndef VBOX*/ /** @todo implement MESN + AENC. (async notification on removal and stuff.) */
2896 pbBuf[2] = 0x00; /* ISO */
2897 pbBuf[3] = 0x21; /* ATAPI-2 (XXX: put ATAPI-4 ?) */
2898# else
2899 pbBuf[2] = 0x00; /* ISO */
2900 pbBuf[3] = 0x91; /* format 1, MESN=1, AENC=9 ??? */
2901# endif
2902 pbBuf[4] = 31; /* additional length */
2903 pbBuf[5] = 0; /* reserved */
2904 pbBuf[6] = 0; /* reserved */
2905 pbBuf[7] = 0; /* reserved */
2906 scsiPadStr(pbBuf + 8, s->szInquiryVendorId, 8);
2907 scsiPadStr(pbBuf + 16, s->szInquiryProductId, 16);
2908 scsiPadStr(pbBuf + 32, s->szInquiryRevision, 4);
2909 s->iSourceSink = ATAFN_SS_NULL;
2910 atapiR3CmdOK(s);
2911 return false;
2912}
2913
2914
2915static bool atapiR3ModeSenseErrorRecoverySS(ATADevState *s)
2916{
2917 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2918
2919 Assert(s->uTxDir == PDMMEDIATXDIR_FROM_DEVICE);
2920 Assert(s->cbElementaryTransfer <= 16);
2921 scsiH2BE_U16(&pbBuf[0], 16 + 6);
2922 pbBuf[2] = (uint8_t)s->MediaTrackType;
2923 pbBuf[3] = 0;
2924 pbBuf[4] = 0;
2925 pbBuf[5] = 0;
2926 pbBuf[6] = 0;
2927 pbBuf[7] = 0;
2928
2929 pbBuf[8] = 0x01;
2930 pbBuf[9] = 0x06;
2931 pbBuf[10] = 0x00; /* Maximum error recovery */
2932 pbBuf[11] = 0x05; /* 5 retries */
2933 pbBuf[12] = 0x00;
2934 pbBuf[13] = 0x00;
2935 pbBuf[14] = 0x00;
2936 pbBuf[15] = 0x00;
2937 s->iSourceSink = ATAFN_SS_NULL;
2938 atapiR3CmdOK(s);
2939 return false;
2940}
2941
2942
2943static bool atapiR3ModeSenseCDStatusSS(ATADevState *s)
2944{
2945 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2946
2947 Assert(s->uTxDir == PDMMEDIATXDIR_FROM_DEVICE);
2948 Assert(s->cbElementaryTransfer <= 40);
2949 scsiH2BE_U16(&pbBuf[0], 38);
2950 pbBuf[2] = (uint8_t)s->MediaTrackType;
2951 pbBuf[3] = 0;
2952 pbBuf[4] = 0;
2953 pbBuf[5] = 0;
2954 pbBuf[6] = 0;
2955 pbBuf[7] = 0;
2956
2957 pbBuf[8] = 0x2a;
2958 pbBuf[9] = 30; /* page length */
2959 pbBuf[10] = 0x08; /* DVD-ROM read support */
2960 pbBuf[11] = 0x00; /* no write support */
2961 /* The following claims we support audio play. This is obviously false,
2962 * but the Linux generic CDROM support makes many features depend on this
2963 * capability. If it's not set, this causes many things to be disabled. */
2964 pbBuf[12] = 0x71; /* multisession support, mode 2 form 1/2 support, audio play */
2965 pbBuf[13] = 0x00; /* no subchannel reads supported */
2966 pbBuf[14] = (1 << 0) | (1 << 3) | (1 << 5); /* lock supported, eject supported, tray type loading mechanism */
2967 if (s->pDrvMount->pfnIsLocked(s->pDrvMount))
2968 pbBuf[14] |= 1 << 1; /* report lock state */
2969 pbBuf[15] = 0; /* no subchannel reads supported, no separate audio volume control, no changer etc. */
2970 scsiH2BE_U16(&pbBuf[16], 5632); /* (obsolete) claim 32x speed support */
2971 scsiH2BE_U16(&pbBuf[18], 2); /* number of audio volume levels */
2972 scsiH2BE_U16(&pbBuf[20], s->cbIOBuffer / _1K); /* buffer size supported in Kbyte */
2973 scsiH2BE_U16(&pbBuf[22], 5632); /* (obsolete) current read speed 32x */
2974 pbBuf[24] = 0; /* reserved */
2975 pbBuf[25] = 0; /* reserved for digital audio (see idx 15) */
2976 scsiH2BE_U16(&pbBuf[26], 0); /* (obsolete) maximum write speed */
2977 scsiH2BE_U16(&pbBuf[28], 0); /* (obsolete) current write speed */
2978 scsiH2BE_U16(&pbBuf[30], 0); /* copy management revision supported 0=no CSS */
2979 pbBuf[32] = 0; /* reserved */
2980 pbBuf[33] = 0; /* reserved */
2981 pbBuf[34] = 0; /* reserved */
2982 pbBuf[35] = 1; /* rotation control CAV */
2983 scsiH2BE_U16(&pbBuf[36], 0); /* current write speed */
2984 scsiH2BE_U16(&pbBuf[38], 0); /* number of write speed performance descriptors */
2985 s->iSourceSink = ATAFN_SS_NULL;
2986 atapiR3CmdOK(s);
2987 return false;
2988}
2989
2990
2991static bool atapiR3RequestSenseSS(ATADevState *s)
2992{
2993 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2994
2995 Assert(s->uTxDir == PDMMEDIATXDIR_FROM_DEVICE);
2996 memset(pbBuf, '\0', s->cbElementaryTransfer);
2997 memcpy(pbBuf, s->abATAPISense, RT_MIN(s->cbElementaryTransfer, sizeof(s->abATAPISense)));
2998 s->iSourceSink = ATAFN_SS_NULL;
2999 atapiR3CmdOK(s);
3000 return false;
3001}
3002
3003
3004static bool atapiR3MechanismStatusSS(ATADevState *s)
3005{
3006 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
3007
3008 Assert(s->uTxDir == PDMMEDIATXDIR_FROM_DEVICE);
3009 Assert(s->cbElementaryTransfer <= 8);
3010 scsiH2BE_U16(pbBuf, 0);
3011 /* no current LBA */
3012 pbBuf[2] = 0;
3013 pbBuf[3] = 0;
3014 pbBuf[4] = 0;
3015 pbBuf[5] = 1;
3016 scsiH2BE_U16(pbBuf + 6, 0);
3017 s->iSourceSink = ATAFN_SS_NULL;
3018 atapiR3CmdOK(s);
3019 return false;
3020}
3021
3022
3023static bool atapiR3ReadTOCNormalSS(ATADevState *s)
3024{
3025 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer), *q, iStartTrack;
3026 bool fMSF;
3027 uint32_t cbSize;
3028 uint32_t cTracks = s->pDrvMedia->pfnGetRegionCount(s->pDrvMedia);
3029
3030 Assert(s->uTxDir == PDMMEDIATXDIR_FROM_DEVICE);
3031 fMSF = (s->aATAPICmd[1] >> 1) & 1;
3032 iStartTrack = s->aATAPICmd[6];
3033 if (iStartTrack == 0)
3034 iStartTrack = 1;
3035
3036 if (iStartTrack > cTracks && iStartTrack != 0xaa)
3037 {
3038 atapiR3CmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_INV_FIELD_IN_CMD_PACKET);
3039 return false;
3040 }
3041 q = pbBuf + 2;
3042 *q++ = iStartTrack; /* first track number */
3043 *q++ = cTracks; /* last track number */
3044 for (uint32_t iTrack = iStartTrack; iTrack <= cTracks; iTrack++)
3045 {
3046 uint64_t uLbaStart = 0;
3047 VDREGIONDATAFORM enmDataForm = VDREGIONDATAFORM_MODE1_2048;
3048
3049 int rc = s->pDrvMedia->pfnQueryRegionProperties(s->pDrvMedia, iTrack - 1, &uLbaStart,
3050 NULL, NULL, &enmDataForm);
3051 AssertRC(rc);
3052
3053 *q++ = 0; /* reserved */
3054
3055 if (enmDataForm == VDREGIONDATAFORM_CDDA)
3056 *q++ = 0x10; /* ADR, control */
3057 else
3058 *q++ = 0x14; /* ADR, control */
3059
3060 *q++ = (uint8_t)iTrack; /* track number */
3061 *q++ = 0; /* reserved */
3062 if (fMSF)
3063 {
3064 *q++ = 0; /* reserved */
3065 scsiLBA2MSF(q, (uint32_t)uLbaStart);
3066 q += 3;
3067 }
3068 else
3069 {
3070 /* sector 0 */
3071 scsiH2BE_U32(q, (uint32_t)uLbaStart);
3072 q += 4;
3073 }
3074 }
3075 /* lead out track */
3076 *q++ = 0; /* reserved */
3077 *q++ = 0x14; /* ADR, control */
3078 *q++ = 0xaa; /* track number */
3079 *q++ = 0; /* reserved */
3080
3081 /* Query start and length of last track to get the start of the lead out track. */
3082 uint64_t uLbaStart = 0;
3083 uint64_t cBlocks = 0;
3084
3085 int rc = s->pDrvMedia->pfnQueryRegionProperties(s->pDrvMedia, cTracks - 1, &uLbaStart,
3086 &cBlocks, NULL, NULL);
3087 AssertRC(rc);
3088
3089 uLbaStart += cBlocks;
3090 if (fMSF)
3091 {
3092 *q++ = 0; /* reserved */
3093 scsiLBA2MSF(q, (uint32_t)uLbaStart);
3094 q += 3;
3095 }
3096 else
3097 {
3098 scsiH2BE_U32(q, (uint32_t)uLbaStart);
3099 q += 4;
3100 }
3101 cbSize = q - pbBuf;
3102 scsiH2BE_U16(pbBuf, cbSize - 2);
3103 if (cbSize < s->cbTotalTransfer)
3104 s->cbTotalTransfer = cbSize;
3105 s->iSourceSink = ATAFN_SS_NULL;
3106 atapiR3CmdOK(s);
3107 return false;
3108}
3109
3110
3111static bool atapiR3ReadTOCMultiSS(ATADevState *s)
3112{
3113 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
3114 bool fMSF;
3115
3116 Assert(s->uTxDir == PDMMEDIATXDIR_FROM_DEVICE);
3117 Assert(s->cbElementaryTransfer <= 12);
3118 fMSF = (s->aATAPICmd[1] >> 1) & 1;
3119 /* multi session: only a single session defined */
3120 /** @todo double-check this stuff against what a real drive says for a CD-ROM (not a CD-R)
3121 * with only a single data session. Maybe solve the problem with "cdrdao read-toc" not being
3122 * able to figure out whether numbers are in BCD or hex. */
3123 memset(pbBuf, 0, 12);
3124 pbBuf[1] = 0x0a;
3125 pbBuf[2] = 0x01;
3126 pbBuf[3] = 0x01;
3127
3128 VDREGIONDATAFORM enmDataForm = VDREGIONDATAFORM_MODE1_2048;
3129 int rc = s->pDrvMedia->pfnQueryRegionProperties(s->pDrvMedia, 0, NULL,
3130 NULL, NULL, &enmDataForm);
3131 AssertRC(rc);
3132
3133 if (enmDataForm == VDREGIONDATAFORM_CDDA)
3134 pbBuf[5] = 0x10; /* ADR, control */
3135 else
3136 pbBuf[5] = 0x14; /* ADR, control */
3137
3138 pbBuf[6] = 1; /* first track in last complete session */
3139 if (fMSF)
3140 {
3141 pbBuf[8] = 0; /* reserved */
3142 scsiLBA2MSF(&pbBuf[9], 0);
3143 }
3144 else
3145 {
3146 /* sector 0 */
3147 scsiH2BE_U32(pbBuf + 8, 0);
3148 }
3149 s->iSourceSink = ATAFN_SS_NULL;
3150 atapiR3CmdOK(s);
3151 return false;
3152}
3153
3154
3155static bool atapiR3ReadTOCRawSS(ATADevState *s)
3156{
3157 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer), *q, iStartTrack;
3158 bool fMSF;
3159 uint32_t cbSize;
3160
3161 Assert(s->uTxDir == PDMMEDIATXDIR_FROM_DEVICE);
3162 fMSF = (s->aATAPICmd[1] >> 1) & 1;
3163 iStartTrack = s->aATAPICmd[6];
3164
3165 q = pbBuf + 2;
3166 *q++ = 1; /* first session */
3167 *q++ = 1; /* last session */
3168
3169 *q++ = 1; /* session number */
3170 *q++ = 0x14; /* data track */
3171 *q++ = 0; /* track number */
3172 *q++ = 0xa0; /* first track in program area */
3173 *q++ = 0; /* min */
3174 *q++ = 0; /* sec */
3175 *q++ = 0; /* frame */
3176 *q++ = 0;
3177 *q++ = 1; /* first track */
3178 *q++ = 0x00; /* disk type CD-DA or CD data */
3179 *q++ = 0;
3180
3181 *q++ = 1; /* session number */
3182 *q++ = 0x14; /* data track */
3183 *q++ = 0; /* track number */
3184 *q++ = 0xa1; /* last track in program area */
3185 *q++ = 0; /* min */
3186 *q++ = 0; /* sec */
3187 *q++ = 0; /* frame */
3188 *q++ = 0;
3189 *q++ = 1; /* last track */
3190 *q++ = 0;
3191 *q++ = 0;
3192
3193 *q++ = 1; /* session number */
3194 *q++ = 0x14; /* data track */
3195 *q++ = 0; /* track number */
3196 *q++ = 0xa2; /* lead-out */
3197 *q++ = 0; /* min */
3198 *q++ = 0; /* sec */
3199 *q++ = 0; /* frame */
3200 if (fMSF)
3201 {
3202 *q++ = 0; /* reserved */
3203 scsiLBA2MSF(q, s->cTotalSectors);
3204 q += 3;
3205 }
3206 else
3207 {
3208 scsiH2BE_U32(q, s->cTotalSectors);
3209 q += 4;
3210 }
3211
3212 *q++ = 1; /* session number */
3213 *q++ = 0x14; /* ADR, control */
3214 *q++ = 0; /* track number */
3215 *q++ = 1; /* point */
3216 *q++ = 0; /* min */
3217 *q++ = 0; /* sec */
3218 *q++ = 0; /* frame */
3219 if (fMSF)
3220 {
3221 *q++ = 0; /* reserved */
3222 scsiLBA2MSF(q, 0);
3223 q += 3;
3224 }
3225 else
3226 {
3227 /* sector 0 */
3228 scsiH2BE_U32(q, 0);
3229 q += 4;
3230 }
3231
3232 cbSize = q - pbBuf;
3233 scsiH2BE_U16(pbBuf, cbSize - 2);
3234 if (cbSize < s->cbTotalTransfer)
3235 s->cbTotalTransfer = cbSize;
3236 s->iSourceSink = ATAFN_SS_NULL;
3237 atapiR3CmdOK(s);
3238 return false;
3239}
3240
3241
3242static void atapiR3ParseCmdVirtualATAPI(ATADevState *s)
3243{
3244 const uint8_t *pbPacket;
3245 uint8_t *pbBuf;
3246 uint32_t cbMax;
3247 uint32_t cSectors, iATAPILBA;
3248
3249 pbPacket = s->aATAPICmd;
3250 pbBuf = s->CTX_SUFF(pbIOBuffer);
3251 switch (pbPacket[0])
3252 {
3253 case SCSI_TEST_UNIT_READY:
3254 if (s->cNotifiedMediaChange > 0)
3255 {
3256 if (s->cNotifiedMediaChange-- > 2)
3257 atapiR3CmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIUM_NOT_PRESENT);
3258 else
3259 atapiR3CmdErrorSimple(s, SCSI_SENSE_UNIT_ATTENTION, SCSI_ASC_MEDIUM_MAY_HAVE_CHANGED); /* media changed */
3260 }
3261 else if (s->pDrvMount->pfnIsMounted(s->pDrvMount))
3262 atapiR3CmdOK(s);
3263 else
3264 atapiR3CmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIUM_NOT_PRESENT);
3265 break;
3266 case SCSI_GET_EVENT_STATUS_NOTIFICATION:
3267 cbMax = scsiBE2H_U16(pbPacket + 7);
3268 ataR3StartTransfer(s, RT_MIN(cbMax, 8), PDMMEDIATXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_GET_EVENT_STATUS_NOTIFICATION, true);
3269 break;
3270 case SCSI_MODE_SENSE_6:
3271 {
3272 uint8_t uPageControl, uPageCode;
3273 cbMax = pbPacket[4];
3274 uPageControl = pbPacket[2] >> 6;
3275 uPageCode = pbPacket[2] & 0x3f;
3276 switch (uPageControl)
3277 {
3278 case SCSI_PAGECONTROL_CURRENT:
3279 switch (uPageCode)
3280 {
3281 case SCSI_MODEPAGE_ERROR_RECOVERY:
3282 ataR3StartTransfer(s, RT_MIN(cbMax, 16), PDMMEDIATXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_MODE_SENSE_ERROR_RECOVERY, true);
3283 break;
3284 case SCSI_MODEPAGE_CD_STATUS:
3285 ataR3StartTransfer(s, RT_MIN(cbMax, 40), PDMMEDIATXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_MODE_SENSE_CD_STATUS, true);
3286 break;
3287 default:
3288 goto error_cmd;
3289 }
3290 break;
3291 case SCSI_PAGECONTROL_CHANGEABLE:
3292 goto error_cmd;
3293 case SCSI_PAGECONTROL_DEFAULT:
3294 goto error_cmd;
3295 default:
3296 case SCSI_PAGECONTROL_SAVED:
3297 atapiR3CmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_SAVING_PARAMETERS_NOT_SUPPORTED);
3298 break;
3299 }
3300 break;
3301 }
3302 case SCSI_MODE_SENSE_10:
3303 {
3304 uint8_t uPageControl, uPageCode;
3305 cbMax = scsiBE2H_U16(pbPacket + 7);
3306 uPageControl = pbPacket[2] >> 6;
3307 uPageCode = pbPacket[2] & 0x3f;
3308 switch (uPageControl)
3309 {
3310 case SCSI_PAGECONTROL_CURRENT:
3311 switch (uPageCode)
3312 {
3313 case SCSI_MODEPAGE_ERROR_RECOVERY:
3314 ataR3StartTransfer(s, RT_MIN(cbMax, 16), PDMMEDIATXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_MODE_SENSE_ERROR_RECOVERY, true);
3315 break;
3316 case SCSI_MODEPAGE_CD_STATUS:
3317 ataR3StartTransfer(s, RT_MIN(cbMax, 40), PDMMEDIATXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_MODE_SENSE_CD_STATUS, true);
3318 break;
3319 default:
3320 goto error_cmd;
3321 }
3322 break;
3323 case SCSI_PAGECONTROL_CHANGEABLE:
3324 goto error_cmd;
3325 case SCSI_PAGECONTROL_DEFAULT:
3326 goto error_cmd;
3327 default:
3328 case SCSI_PAGECONTROL_SAVED:
3329 atapiR3CmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_SAVING_PARAMETERS_NOT_SUPPORTED);
3330 break;
3331 }
3332 break;
3333 }
3334 case SCSI_REQUEST_SENSE:
3335 cbMax = pbPacket[4];
3336 ataR3StartTransfer(s, RT_MIN(cbMax, 18), PDMMEDIATXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_REQUEST_SENSE, true);
3337 break;
3338 case SCSI_PREVENT_ALLOW_MEDIUM_REMOVAL:
3339 if (s->pDrvMount->pfnIsMounted(s->pDrvMount))
3340 {
3341 if (pbPacket[4] & 1)
3342 s->pDrvMount->pfnLock(s->pDrvMount);
3343 else
3344 s->pDrvMount->pfnUnlock(s->pDrvMount);
3345 atapiR3CmdOK(s);
3346 }
3347 else
3348 atapiR3CmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIUM_NOT_PRESENT);
3349 break;
3350 case SCSI_READ_10:
3351 case SCSI_READ_12:
3352 {
3353 if (s->cNotifiedMediaChange > 0)
3354 {
3355 s->cNotifiedMediaChange-- ;
3356 atapiR3CmdErrorSimple(s, SCSI_SENSE_UNIT_ATTENTION, SCSI_ASC_MEDIUM_MAY_HAVE_CHANGED); /* media changed */
3357 break;
3358 }
3359 else if (!s->pDrvMount->pfnIsMounted(s->pDrvMount))
3360 {
3361 atapiR3CmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIUM_NOT_PRESENT);
3362 break;
3363 }
3364 if (pbPacket[0] == SCSI_READ_10)
3365 cSectors = scsiBE2H_U16(pbPacket + 7);
3366 else
3367 cSectors = scsiBE2H_U32(pbPacket + 6);
3368 iATAPILBA = scsiBE2H_U32(pbPacket + 2);
3369
3370 if (cSectors == 0)
3371 {
3372 atapiR3CmdOK(s);
3373 break;
3374 }
3375
3376 /* Check that the sector size is valid. */
3377 VDREGIONDATAFORM enmDataForm = VDREGIONDATAFORM_INVALID;
3378 int rc = s->pDrvMedia->pfnQueryRegionPropertiesForLba(s->pDrvMedia, iATAPILBA,
3379 NULL, NULL, NULL, &enmDataForm);
3380 if (RT_UNLIKELY( rc == VERR_NOT_FOUND
3381 || ((uint64_t)iATAPILBA + cSectors > s->cTotalSectors)))
3382 {
3383 /* Rate limited logging, one log line per second. For
3384 * guests that insist on reading from places outside the
3385 * valid area this often generates too many release log
3386 * entries otherwise. */
3387 static uint64_t uLastLogTS = 0;
3388 if (RTTimeMilliTS() >= uLastLogTS + 1000)
3389 {
3390 LogRel(("PIIX3 ATA: LUN#%d: CD-ROM block number %Ld invalid (READ)\n", s->iLUN, (uint64_t)iATAPILBA + cSectors));
3391 uLastLogTS = RTTimeMilliTS();
3392 }
3393 atapiR3CmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_LOGICAL_BLOCK_OOR);
3394 break;
3395 }
3396 else if ( enmDataForm != VDREGIONDATAFORM_MODE1_2048
3397 && enmDataForm != VDREGIONDATAFORM_MODE1_2352
3398 && enmDataForm != VDREGIONDATAFORM_MODE2_2336
3399 && enmDataForm != VDREGIONDATAFORM_MODE2_2352
3400 && enmDataForm != VDREGIONDATAFORM_RAW)
3401 {
3402 uint8_t abATAPISense[ATAPI_SENSE_SIZE];
3403 RT_ZERO(abATAPISense);
3404
3405 abATAPISense[0] = 0x70 | (1 << 7);
3406 abATAPISense[2] = (SCSI_SENSE_ILLEGAL_REQUEST & 0x0f) | SCSI_SENSE_FLAG_ILI;
3407 scsiH2BE_U32(&abATAPISense[3], iATAPILBA);
3408 abATAPISense[7] = 10;
3409 abATAPISense[12] = SCSI_ASC_ILLEGAL_MODE_FOR_THIS_TRACK;
3410 atapiR3CmdError(s, &abATAPISense[0], sizeof(abATAPISense));
3411 break;
3412 }
3413 atapiR3ReadSectors(s, iATAPILBA, cSectors, 2048);
3414 break;
3415 }
3416 case SCSI_READ_CD_MSF:
3417 case SCSI_READ_CD:
3418 {
3419 if (s->cNotifiedMediaChange > 0)
3420 {
3421 s->cNotifiedMediaChange-- ;
3422 atapiR3CmdErrorSimple(s, SCSI_SENSE_UNIT_ATTENTION, SCSI_ASC_MEDIUM_MAY_HAVE_CHANGED); /* media changed */
3423 break;
3424 }
3425 else if (!s->pDrvMount->pfnIsMounted(s->pDrvMount))
3426 {
3427 atapiR3CmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIUM_NOT_PRESENT);
3428 break;
3429 }
3430 if ((pbPacket[10] & 0x7) != 0)
3431 {
3432 atapiR3CmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_INV_FIELD_IN_CMD_PACKET);
3433 break;
3434 }
3435 if (pbPacket[0] == SCSI_READ_CD)
3436 {
3437 cSectors = (pbPacket[6] << 16) | (pbPacket[7] << 8) | pbPacket[8];
3438 iATAPILBA = scsiBE2H_U32(pbPacket + 2);
3439 }
3440 else /* READ CD MSF */
3441 {
3442 iATAPILBA = scsiMSF2LBA(pbPacket + 3);
3443 if (iATAPILBA > scsiMSF2LBA(pbPacket + 6))
3444 {
3445 Log2(("Start MSF %02u:%02u:%02u > end MSF %02u:%02u:%02u!\n", *(pbPacket + 3), *(pbPacket + 4), *(pbPacket + 5),
3446 *(pbPacket + 6), *(pbPacket + 7), *(pbPacket + 8)));
3447 atapiR3CmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_INV_FIELD_IN_CMD_PACKET);
3448 break;
3449 }
3450 cSectors = scsiMSF2LBA(pbPacket + 6) - iATAPILBA;
3451 Log2(("Start MSF %02u:%02u:%02u -> LBA %u\n", *(pbPacket + 3), *(pbPacket + 4), *(pbPacket + 5), iATAPILBA));
3452 Log2(("End MSF %02u:%02u:%02u -> %u sectors\n", *(pbPacket + 6), *(pbPacket + 7), *(pbPacket + 8), cSectors));
3453 }
3454 if (cSectors == 0)
3455 {
3456 atapiR3CmdOK(s);
3457 break;
3458 }
3459 if ((uint64_t)iATAPILBA + cSectors > s->cTotalSectors)
3460 {
3461 /* Rate limited logging, one log line per second. For
3462 * guests that insist on reading from places outside the
3463 * valid area this often generates too many release log
3464 * entries otherwise. */
3465 static uint64_t uLastLogTS = 0;
3466 if (RTTimeMilliTS() >= uLastLogTS + 1000)
3467 {
3468 LogRel(("PIIX3 ATA: LUN#%d: CD-ROM block number %Ld invalid (READ CD)\n", s->iLUN, (uint64_t)iATAPILBA + cSectors));
3469 uLastLogTS = RTTimeMilliTS();
3470 }
3471 atapiR3CmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_LOGICAL_BLOCK_OOR);
3472 break;
3473 }
3474 /*
3475 * If the LBA is in an audio track we are required to ignore pretty much all
3476 * of the channel selection values (except 0x00) and map everything to 0x10
3477 * which means read user data with a sector size of 2352 bytes.
3478 *
3479 * (MMC-6 chapter 6.19.2.6)
3480 */
3481 uint8_t uChnSel = pbPacket[9] & 0xf8;
3482 VDREGIONDATAFORM enmDataForm;
3483 int rc = s->pDrvMedia->pfnQueryRegionPropertiesForLba(s->pDrvMedia, iATAPILBA,
3484 NULL, NULL, NULL, &enmDataForm);
3485 AssertRC(rc);
3486
3487 if (enmDataForm == VDREGIONDATAFORM_CDDA)
3488 {
3489 if (uChnSel == 0)
3490 {
3491 /* nothing */
3492 atapiR3CmdOK(s);
3493 }
3494 else
3495 atapiR3ReadSectors(s, iATAPILBA, cSectors, 2352);
3496 }
3497 else
3498 {
3499 switch (uChnSel)
3500 {
3501 case 0x00:
3502 /* nothing */
3503 atapiR3CmdOK(s);
3504 break;
3505 case 0x10:
3506 /* normal read */
3507 atapiR3ReadSectors(s, iATAPILBA, cSectors, 2048);
3508 break;
3509 case 0xf8:
3510 /* read all data */
3511 atapiR3ReadSectors(s, iATAPILBA, cSectors, 2352);
3512 break;
3513 default:
3514 LogRel(("PIIX3 ATA: LUN#%d: CD-ROM sector format not supported (%#x)\n", s->iLUN, pbPacket[9] & 0xf8));
3515 atapiR3CmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_INV_FIELD_IN_CMD_PACKET);
3516 break;
3517 }
3518 }
3519 break;
3520 }
3521 case SCSI_SEEK_10:
3522 {
3523 if (s->cNotifiedMediaChange > 0)
3524 {
3525 s->cNotifiedMediaChange-- ;
3526 atapiR3CmdErrorSimple(s, SCSI_SENSE_UNIT_ATTENTION, SCSI_ASC_MEDIUM_MAY_HAVE_CHANGED); /* media changed */
3527 break;
3528 }
3529 else if (!s->pDrvMount->pfnIsMounted(s->pDrvMount))
3530 {
3531 atapiR3CmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIUM_NOT_PRESENT);
3532 break;
3533 }
3534 iATAPILBA = scsiBE2H_U32(pbPacket + 2);
3535 if (iATAPILBA > s->cTotalSectors)
3536 {
3537 /* Rate limited logging, one log line per second. For
3538 * guests that insist on seeking to places outside the
3539 * valid area this often generates too many release log
3540 * entries otherwise. */
3541 static uint64_t uLastLogTS = 0;
3542 if (RTTimeMilliTS() >= uLastLogTS + 1000)
3543 {
3544 LogRel(("PIIX3 ATA: LUN#%d: CD-ROM block number %Ld invalid (SEEK)\n", s->iLUN, (uint64_t)iATAPILBA));
3545 uLastLogTS = RTTimeMilliTS();
3546 }
3547 atapiR3CmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_LOGICAL_BLOCK_OOR);
3548 break;
3549 }
3550 atapiR3CmdOK(s);
3551 ataSetStatus(s, ATA_STAT_SEEK); /* Linux expects this. */
3552 break;
3553 }
3554 case SCSI_START_STOP_UNIT:
3555 {
3556 int rc = VINF_SUCCESS;
3557 switch (pbPacket[4] & 3)
3558 {
3559 case 0: /* 00 - Stop motor */
3560 case 1: /* 01 - Start motor */
3561 break;
3562 case 2: /* 10 - Eject media */
3563 {
3564 /* This must be done from EMT. */
3565 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
3566 PPDMDEVINS pDevIns = ATADEVSTATE_2_DEVINS(s);
3567 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
3568
3569 ataR3LockLeave(pCtl);
3570 rc = VMR3ReqPriorityCallWait(PDMDevHlpGetVM(pDevIns), VMCPUID_ANY,
3571 (PFNRT)s->pDrvMount->pfnUnmount, 3,
3572 s->pDrvMount, false /*=fForce*/, true /*=fEject*/);
3573 Assert(RT_SUCCESS(rc) || rc == VERR_PDM_MEDIA_LOCKED || rc == VERR_PDM_MEDIA_NOT_MOUNTED);
3574 if (RT_SUCCESS(rc) && pThis->pMediaNotify)
3575 {
3576 rc = VMR3ReqCallNoWait(PDMDevHlpGetVM(pDevIns), VMCPUID_ANY,
3577 (PFNRT)pThis->pMediaNotify->pfnEjected, 2,
3578 pThis->pMediaNotify, s->iLUN);
3579 AssertRC(rc);
3580 }
3581
3582 ataR3LockEnter(pCtl);
3583 break;
3584 }
3585 case 3: /* 11 - Load media */
3586 /** @todo rc = s->pDrvMount->pfnLoadMedia(s->pDrvMount) */
3587 break;
3588 }
3589 if (RT_SUCCESS(rc))
3590 atapiR3CmdOK(s);
3591 else
3592 atapiR3CmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIA_LOAD_OR_EJECT_FAILED);
3593 break;
3594 }
3595 case SCSI_MECHANISM_STATUS:
3596 {
3597 cbMax = scsiBE2H_U16(pbPacket + 8);
3598 ataR3StartTransfer(s, RT_MIN(cbMax, 8), PDMMEDIATXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_MECHANISM_STATUS, true);
3599 break;
3600 }
3601 case SCSI_READ_TOC_PMA_ATIP:
3602 {
3603 uint8_t format;
3604
3605 if (s->cNotifiedMediaChange > 0)
3606 {
3607 s->cNotifiedMediaChange-- ;
3608 atapiR3CmdErrorSimple(s, SCSI_SENSE_UNIT_ATTENTION, SCSI_ASC_MEDIUM_MAY_HAVE_CHANGED); /* media changed */
3609 break;
3610 }
3611 else if (!s->pDrvMount->pfnIsMounted(s->pDrvMount))
3612 {
3613 atapiR3CmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIUM_NOT_PRESENT);
3614 break;
3615 }
3616 cbMax = scsiBE2H_U16(pbPacket + 7);
3617 /* SCSI MMC-3 spec says format is at offset 2 (lower 4 bits),
3618 * but Linux kernel uses offset 9 (topmost 2 bits). Hope that
3619 * the other field is clear... */
3620 format = (pbPacket[2] & 0xf) | (pbPacket[9] >> 6);
3621 switch (format)
3622 {
3623 case 0:
3624 ataR3StartTransfer(s, cbMax, PDMMEDIATXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_READ_TOC_NORMAL, true);
3625 break;
3626 case 1:
3627 ataR3StartTransfer(s, RT_MIN(cbMax, 12), PDMMEDIATXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_READ_TOC_MULTI, true);
3628 break;
3629 case 2:
3630 ataR3StartTransfer(s, cbMax, PDMMEDIATXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_READ_TOC_RAW, true);
3631 break;
3632 default:
3633 error_cmd:
3634 atapiR3CmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_INV_FIELD_IN_CMD_PACKET);
3635 break;
3636 }
3637 break;
3638 }
3639 case SCSI_READ_CAPACITY:
3640 if (s->cNotifiedMediaChange > 0)
3641 {
3642 s->cNotifiedMediaChange-- ;
3643 atapiR3CmdErrorSimple(s, SCSI_SENSE_UNIT_ATTENTION, SCSI_ASC_MEDIUM_MAY_HAVE_CHANGED); /* media changed */
3644 break;
3645 }
3646 else if (!s->pDrvMount->pfnIsMounted(s->pDrvMount))
3647 {
3648 atapiR3CmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIUM_NOT_PRESENT);
3649 break;
3650 }
3651 ataR3StartTransfer(s, 8, PDMMEDIATXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_READ_CAPACITY, true);
3652 break;
3653 case SCSI_READ_DISC_INFORMATION:
3654 if (s->cNotifiedMediaChange > 0)
3655 {
3656 s->cNotifiedMediaChange-- ;
3657 atapiR3CmdErrorSimple(s, SCSI_SENSE_UNIT_ATTENTION, SCSI_ASC_MEDIUM_MAY_HAVE_CHANGED); /* media changed */
3658 break;
3659 }
3660 else if (!s->pDrvMount->pfnIsMounted(s->pDrvMount))
3661 {
3662 atapiR3CmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIUM_NOT_PRESENT);
3663 break;
3664 }
3665 cbMax = scsiBE2H_U16(pbPacket + 7);
3666 ataR3StartTransfer(s, RT_MIN(cbMax, 34), PDMMEDIATXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_READ_DISC_INFORMATION, true);
3667 break;
3668 case SCSI_READ_TRACK_INFORMATION:
3669 if (s->cNotifiedMediaChange > 0)
3670 {
3671 s->cNotifiedMediaChange-- ;
3672 atapiR3CmdErrorSimple(s, SCSI_SENSE_UNIT_ATTENTION, SCSI_ASC_MEDIUM_MAY_HAVE_CHANGED); /* media changed */
3673 break;
3674 }
3675 else if (!s->pDrvMount->pfnIsMounted(s->pDrvMount))
3676 {
3677 atapiR3CmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIUM_NOT_PRESENT);
3678 break;
3679 }
3680 cbMax = scsiBE2H_U16(pbPacket + 7);
3681 ataR3StartTransfer(s, RT_MIN(cbMax, 36), PDMMEDIATXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_READ_TRACK_INFORMATION, true);
3682 break;
3683 case SCSI_GET_CONFIGURATION:
3684 /* No media change stuff here, it can confuse Linux guests. */
3685 cbMax = scsiBE2H_U16(pbPacket + 7);
3686 ataR3StartTransfer(s, RT_MIN(cbMax, 80), PDMMEDIATXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_GET_CONFIGURATION, true);
3687 break;
3688 case SCSI_INQUIRY:
3689 cbMax = scsiBE2H_U16(pbPacket + 3);
3690 ataR3StartTransfer(s, RT_MIN(cbMax, 36), PDMMEDIATXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_INQUIRY, true);
3691 break;
3692 case SCSI_READ_DVD_STRUCTURE:
3693 {
3694 cbMax = scsiBE2H_U16(pbPacket + 8);
3695 ataR3StartTransfer(s, RT_MIN(cbMax, 4), PDMMEDIATXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_READ_DVD_STRUCTURE, true);
3696 break;
3697 }
3698 default:
3699 atapiR3CmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_ILLEGAL_OPCODE);
3700 break;
3701 }
3702}
3703
3704
3705/*
3706 * Parse ATAPI commands, passing them directly to the CD/DVD drive.
3707 */
3708static void atapiR3ParseCmdPassthrough(ATADevState *s)
3709{
3710 const uint8_t *pbPacket = &s->aATAPICmd[0];
3711
3712 /* Some cases we have to handle here. */
3713 if ( pbPacket[0] == SCSI_GET_EVENT_STATUS_NOTIFICATION
3714 && ASMAtomicReadU32(&s->MediaEventStatus) != ATA_EVENT_STATUS_UNCHANGED)
3715 {
3716 uint32_t cbTransfer = scsiBE2H_U16(pbPacket + 7);
3717 ataR3StartTransfer(s, RT_MIN(cbTransfer, 8), PDMMEDIATXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_GET_EVENT_STATUS_NOTIFICATION, true);
3718 }
3719 else if ( pbPacket[0] == SCSI_REQUEST_SENSE
3720 && (s->abATAPISense[2] & 0x0f) != SCSI_SENSE_NONE)
3721 ataR3StartTransfer(s, RT_MIN(pbPacket[4], 18), PDMMEDIATXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_REQUEST_SENSE, true);
3722 else
3723 {
3724 size_t cbBuf = 0;
3725 size_t cbATAPISector = 0;
3726 size_t cbTransfer = 0;
3727 PDMMEDIATXDIR uTxDir = PDMMEDIATXDIR_NONE;
3728 uint8_t u8ScsiSts = SCSI_STATUS_OK;
3729
3730 if (pbPacket[0] == SCSI_FORMAT_UNIT || pbPacket[0] == SCSI_GET_PERFORMANCE)
3731 cbBuf = s->uATARegLCyl | (s->uATARegHCyl << 8); /* use ATAPI transfer length */
3732
3733 bool fPassthrough = ATAPIPassthroughParseCdb(pbPacket, sizeof(s->aATAPICmd), cbBuf, s->pTrackList,
3734 &s->abATAPISense[0], sizeof(s->abATAPISense), &uTxDir, &cbTransfer,
3735 &cbATAPISector, &u8ScsiSts);
3736 if (fPassthrough)
3737 {
3738 s->cbATAPISector = (uint32_t)cbATAPISector;
3739 Assert(s->cbATAPISector == (uint32_t)cbATAPISector);
3740 Assert(cbTransfer == (uint32_t)cbTransfer);
3741
3742 /*
3743 * Send a command to the drive, passing data in/out as required.
3744 * Commands which exceed the I/O buffer size are split below
3745 * or aborted if splitting is not implemented.
3746 */
3747 Log2(("ATAPI PT: max size %d\n", cbTransfer));
3748 if (cbTransfer == 0)
3749 uTxDir = PDMMEDIATXDIR_NONE;
3750 ataR3StartTransfer(s, (uint32_t)cbTransfer, uTxDir, ATAFN_BT_ATAPI_PASSTHROUGH_CMD, ATAFN_SS_ATAPI_PASSTHROUGH, true);
3751 }
3752 else if (u8ScsiSts == SCSI_STATUS_CHECK_CONDITION)
3753 {
3754 /* Sense data is already set, end the request and notify the guest. */
3755 Log(("%s: sense=%#x (%s) asc=%#x ascq=%#x (%s)\n", __FUNCTION__, s->abATAPISense[2] & 0x0f, SCSISenseText(s->abATAPISense[2] & 0x0f),
3756 s->abATAPISense[12], s->abATAPISense[13], SCSISenseExtText(s->abATAPISense[12], s->abATAPISense[13])));
3757 s->uATARegError = s->abATAPISense[2] << 4;
3758 ataSetStatusValue(s, ATA_STAT_READY | ATA_STAT_ERR);
3759 s->uATARegNSector = (s->uATARegNSector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
3760 Log2(("%s: interrupt reason %#04x\n", __FUNCTION__, s->uATARegNSector));
3761 s->cbTotalTransfer = 0;
3762 s->cbElementaryTransfer = 0;
3763 s->cbAtapiPassthroughTransfer = 0;
3764 s->iIOBufferCur = 0;
3765 s->iIOBufferEnd = 0;
3766 s->uTxDir = PDMMEDIATXDIR_NONE;
3767 s->iBeginTransfer = ATAFN_BT_NULL;
3768 s->iSourceSink = ATAFN_SS_NULL;
3769 }
3770 else if (u8ScsiSts == SCSI_STATUS_OK)
3771 atapiR3CmdOK(s);
3772 }
3773}
3774
3775
3776static void atapiR3ParseCmd(ATADevState *s)
3777{
3778 const uint8_t *pbPacket;
3779
3780 pbPacket = s->aATAPICmd;
3781# ifdef DEBUG
3782 Log(("%s: LUN#%d DMA=%d CMD=%#04x \"%s\"\n", __FUNCTION__, s->iLUN, s->fDMA, pbPacket[0], SCSICmdText(pbPacket[0])));
3783# else /* !DEBUG */
3784 Log(("%s: LUN#%d DMA=%d CMD=%#04x\n", __FUNCTION__, s->iLUN, s->fDMA, pbPacket[0]));
3785# endif /* !DEBUG */
3786 Log2(("%s: limit=%#x packet: %.*Rhxs\n", __FUNCTION__, s->uATARegLCyl | (s->uATARegHCyl << 8), ATAPI_PACKET_SIZE, pbPacket));
3787
3788 if (s->fATAPIPassthrough)
3789 atapiR3ParseCmdPassthrough(s);
3790 else
3791 atapiR3ParseCmdVirtualATAPI(s);
3792}
3793
3794
3795static bool ataR3PacketSS(ATADevState *s)
3796{
3797 s->fDMA = !!(s->uATARegFeature & 1);
3798 memcpy(s->aATAPICmd, s->CTX_SUFF(pbIOBuffer), ATAPI_PACKET_SIZE);
3799 s->uTxDir = PDMMEDIATXDIR_NONE;
3800 s->cbTotalTransfer = 0;
3801 s->cbElementaryTransfer = 0;
3802 s->cbAtapiPassthroughTransfer = 0;
3803 atapiR3ParseCmd(s);
3804 return false;
3805}
3806
3807
3808/**
3809 * SCSI_GET_EVENT_STATUS_NOTIFICATION should return "medium removed" event
3810 * from now on, regardless if there was a medium inserted or not.
3811 */
3812static void ataR3MediumRemoved(ATADevState *s)
3813{
3814 ASMAtomicWriteU32(&s->MediaEventStatus, ATA_EVENT_STATUS_MEDIA_REMOVED);
3815}
3816
3817
3818/**
3819 * SCSI_GET_EVENT_STATUS_NOTIFICATION should return "medium inserted". If
3820 * there was already a medium inserted, don't forget to send the "medium
3821 * removed" event first.
3822 */
3823static void ataR3MediumInserted(ATADevState *s)
3824{
3825 uint32_t OldStatus, NewStatus;
3826 do
3827 {
3828 OldStatus = ASMAtomicReadU32(&s->MediaEventStatus);
3829 switch (OldStatus)
3830 {
3831 case ATA_EVENT_STATUS_MEDIA_CHANGED:
3832 case ATA_EVENT_STATUS_MEDIA_REMOVED:
3833 /* no change, we will send "medium removed" + "medium inserted" */
3834 NewStatus = ATA_EVENT_STATUS_MEDIA_CHANGED;
3835 break;
3836 default:
3837 NewStatus = ATA_EVENT_STATUS_MEDIA_NEW;
3838 break;
3839 }
3840 } while (!ASMAtomicCmpXchgU32(&s->MediaEventStatus, NewStatus, OldStatus));
3841}
3842
3843
3844/**
3845 * @interface_method_impl{PDMIMOUNTNOTIFY,pfnMountNotify}
3846 */
3847static DECLCALLBACK(void) ataR3MountNotify(PPDMIMOUNTNOTIFY pInterface)
3848{
3849 ATADevState *pIf = RT_FROM_MEMBER(pInterface, ATADevState, IMountNotify);
3850 Log(("%s: changing LUN#%d\n", __FUNCTION__, pIf->iLUN));
3851
3852 /* Ignore the call if we're called while being attached. */
3853 if (!pIf->pDrvMedia)
3854 return;
3855
3856 uint32_t cRegions = pIf->pDrvMedia->pfnGetRegionCount(pIf->pDrvMedia);
3857 for (uint32_t i = 0; i < cRegions; i++)
3858 {
3859 uint64_t cBlocks = 0;
3860 int rc = pIf->pDrvMedia->pfnQueryRegionProperties(pIf->pDrvMedia, i, NULL, &cBlocks,
3861 NULL, NULL);
3862 AssertRC(rc);
3863 pIf->cTotalSectors += cBlocks;
3864 }
3865
3866 LogRel(("PIIX3 ATA: LUN#%d: CD/DVD, total number of sectors %Ld, passthrough unchanged\n", pIf->iLUN, pIf->cTotalSectors));
3867
3868 /* Report media changed in TEST UNIT and other (probably incorrect) places. */
3869 if (pIf->cNotifiedMediaChange < 2)
3870 pIf->cNotifiedMediaChange = 1;
3871 ataR3MediumInserted(pIf);
3872 ataR3MediumTypeSet(pIf, ATA_MEDIA_TYPE_UNKNOWN);
3873}
3874
3875/**
3876 * @interface_method_impl{PDMIMOUNTNOTIFY,pfnUnmountNotify}
3877 */
3878static DECLCALLBACK(void) ataR3UnmountNotify(PPDMIMOUNTNOTIFY pInterface)
3879{
3880 ATADevState *pIf = RT_FROM_MEMBER(pInterface, ATADevState, IMountNotify);
3881 Log(("%s:\n", __FUNCTION__));
3882 pIf->cTotalSectors = 0;
3883
3884 /*
3885 * Whatever I do, XP will not use the GET MEDIA STATUS nor the EVENT stuff.
3886 * However, it will respond to TEST UNIT with a 0x6 0x28 (media changed) sense code.
3887 * So, we'll give it 4 TEST UNIT command to catch up, two which the media is not
3888 * present and 2 in which it is changed.
3889 */
3890 pIf->cNotifiedMediaChange = 1;
3891 ataR3MediumRemoved(pIf);
3892 ataR3MediumTypeSet(pIf, ATA_MEDIA_NO_DISC);
3893}
3894
3895static void ataR3PacketBT(ATADevState *s)
3896{
3897 s->cbElementaryTransfer = s->cbTotalTransfer;
3898 s->cbAtapiPassthroughTransfer = s->cbTotalTransfer;
3899 s->uATARegNSector = (s->uATARegNSector & ~7) | ATAPI_INT_REASON_CD;
3900 Log2(("%s: interrupt reason %#04x\n", __FUNCTION__, s->uATARegNSector));
3901 ataSetStatusValue(s, ATA_STAT_READY);
3902}
3903
3904
3905static void ataR3ResetDevice(ATADevState *s)
3906{
3907 s->cMultSectors = ATA_MAX_MULT_SECTORS;
3908 s->cNotifiedMediaChange = 0;
3909 ASMAtomicWriteU32(&s->MediaEventStatus, ATA_EVENT_STATUS_UNCHANGED);
3910 ASMAtomicWriteU32(&s->MediaTrackType, ATA_MEDIA_TYPE_UNKNOWN);
3911 ataUnsetIRQ(s);
3912
3913 s->uATARegSelect = 0x20;
3914 ataSetStatusValue(s, ATA_STAT_READY);
3915 ataR3SetSignature(s);
3916 s->cbTotalTransfer = 0;
3917 s->cbElementaryTransfer = 0;
3918 s->cbAtapiPassthroughTransfer = 0;
3919 s->iIOBufferPIODataStart = 0;
3920 s->iIOBufferPIODataEnd = 0;
3921 s->iBeginTransfer = ATAFN_BT_NULL;
3922 s->iSourceSink = ATAFN_SS_NULL;
3923 s->fDMA = false;
3924 s->fATAPITransfer = false;
3925 s->uATATransferMode = ATA_MODE_UDMA | 2; /* PIIX3 supports only up to UDMA2 */
3926
3927 s->uATARegFeature = 0;
3928}
3929
3930
3931static void ataR3DeviceDiag(ATADevState *s)
3932{
3933 ataR3SetSignature(s);
3934 if (s->fATAPI)
3935 ataSetStatusValue(s, 0); /* NOTE: READY is _not_ set */
3936 else
3937 ataSetStatusValue(s, ATA_STAT_READY | ATA_STAT_SEEK);
3938 s->uATARegError = 0x01;
3939}
3940
3941
3942static bool ataR3ExecuteDeviceDiagnosticSS(ATADevState *s)
3943{
3944 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
3945
3946 /* EXECUTE DEVICE DIAGNOSTIC is a very special command which always
3947 * gets executed, regardless of which device is selected. As a side
3948 * effect, it always completes with device 0 selected.
3949 */
3950 for (uint32_t i = 0; i < RT_ELEMENTS(pCtl->aIfs); i++)
3951 ataR3DeviceDiag(&pCtl->aIfs[i]);
3952
3953 LogRel(("ATA: LUN#%d: EXECUTE DEVICE DIAGNOSTIC, status %02X\n",
3954 s->iLUN, s->uATARegStatus));
3955 pCtl->iSelectedIf = 0;
3956
3957 return false;
3958}
3959
3960
3961static bool ataR3InitDevParmSS(ATADevState *s)
3962{
3963 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
3964
3965 LogFlowFunc(("\n"));
3966 LogRel(("ATA: LUN#%d: INITIALIZE DEVICE PARAMETERS: %u logical sectors, %u heads\n",
3967 s->iLUN, s->uATARegNSector, s->uATARegSelect & 0x0f));
3968 ataR3LockLeave(pCtl);
3969 RTThreadSleep(pCtl->DelayIRQMillies);
3970 ataR3LockEnter(pCtl);
3971 ataR3CmdOK(s, ATA_STAT_SEEK);
3972 return false;
3973}
3974
3975
3976static bool ataR3RecalibrateSS(ATADevState *s)
3977{
3978 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
3979
3980 LogFlowFunc(("\n"));
3981 ataR3LockLeave(pCtl);
3982 RTThreadSleep(pCtl->DelayIRQMillies);
3983 ataR3LockEnter(pCtl);
3984 ataR3CmdOK(s, ATA_STAT_SEEK);
3985 return false;
3986}
3987
3988
3989static int ataR3TrimSectors(ATADevState *s, uint64_t u64Sector, uint32_t cSectors,
3990 bool *pfRedo)
3991{
3992 RTRANGE TrimRange;
3993 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
3994 int rc;
3995
3996 ataR3LockLeave(pCtl);
3997
3998 TrimRange.offStart = u64Sector * s->cbSector;
3999 TrimRange.cbRange = cSectors * s->cbSector;
4000
4001 s->Led.Asserted.s.fWriting = s->Led.Actual.s.fWriting = 1;
4002 rc = s->pDrvMedia->pfnDiscard(s->pDrvMedia, &TrimRange, 1);
4003 s->Led.Actual.s.fWriting = 0;
4004
4005 if (RT_SUCCESS(rc))
4006 *pfRedo = false;
4007 else
4008 *pfRedo = ataR3IsRedoSetWarning(s, rc);
4009
4010 ataR3LockEnter(pCtl);
4011 return rc;
4012}
4013
4014
4015static bool ataR3TrimSS(ATADevState *s)
4016{
4017 int rc = VERR_GENERAL_FAILURE;
4018 uint32_t cRangesMax;
4019 uint64_t *pu64Range = (uint64_t *)s->CTX_SUFF(pbIOBuffer);
4020 bool fRedo = false;
4021
4022 cRangesMax = s->cbElementaryTransfer / sizeof(uint64_t);
4023 Assert(cRangesMax);
4024
4025 while (cRangesMax-- > 0)
4026 {
4027 if (ATA_RANGE_LENGTH_GET(*pu64Range) == 0)
4028 break;
4029
4030 rc = ataR3TrimSectors(s, *pu64Range & ATA_RANGE_LBA_MASK,
4031 ATA_RANGE_LENGTH_GET(*pu64Range), &fRedo);
4032 if (RT_FAILURE(rc))
4033 break;
4034
4035 pu64Range++;
4036 }
4037
4038 if (RT_SUCCESS(rc))
4039 {
4040 s->iSourceSink = ATAFN_SS_NULL;
4041 ataR3CmdOK(s, ATA_STAT_SEEK);
4042 }
4043 else
4044 {
4045 if (fRedo)
4046 return fRedo;
4047 if (s->cErrors++ < MAX_LOG_REL_ERRORS)
4048 LogRel(("PIIX3 ATA: LUN#%d: disk trim error (rc=%Rrc iSector=%#RX64 cSectors=%#RX32)\n",
4049 s->iLUN, rc, *pu64Range & ATA_RANGE_LBA_MASK, ATA_RANGE_LENGTH_GET(*pu64Range)));
4050
4051 /*
4052 * Check if we got interrupted. We don't need to set status variables
4053 * because the request was aborted.
4054 */
4055 if (rc != VERR_INTERRUPTED)
4056 ataR3CmdError(s, ID_ERR);
4057 }
4058
4059 return false;
4060}
4061
4062
4063static void ataR3ParseCmd(ATADevState *s, uint8_t cmd)
4064{
4065# ifdef DEBUG
4066 Log(("%s: LUN#%d CMD=%#04x \"%s\"\n", __FUNCTION__, s->iLUN, cmd, ATACmdText(cmd)));
4067# else /* !DEBUG */
4068 Log(("%s: LUN#%d CMD=%#04x\n", __FUNCTION__, s->iLUN, cmd));
4069# endif /* !DEBUG */
4070 s->fLBA48 = false;
4071 s->fDMA = false;
4072 if (cmd == ATA_IDLE_IMMEDIATE)
4073 {
4074 /* Detect Linux timeout recovery, first tries IDLE IMMEDIATE (which
4075 * would overwrite the failing command unfortunately), then RESET. */
4076 int32_t uCmdWait = -1;
4077 uint64_t uNow = RTTimeNanoTS();
4078 if (s->u64CmdTS)
4079 uCmdWait = (uNow - s->u64CmdTS) / 1000;
4080 LogRel(("PIIX3 ATA: LUN#%d: IDLE IMMEDIATE, CmdIf=%#04x (%d usec ago)\n",
4081 s->iLUN, s->uATARegCommand, uCmdWait));
4082 }
4083 s->uATARegCommand = cmd;
4084 switch (cmd)
4085 {
4086 case ATA_IDENTIFY_DEVICE:
4087 if (s->pDrvMedia && !s->fATAPI)
4088 ataR3StartTransfer(s, 512, PDMMEDIATXDIR_FROM_DEVICE, ATAFN_BT_NULL, ATAFN_SS_IDENTIFY, false);
4089 else
4090 {
4091 if (s->fATAPI)
4092 ataR3SetSignature(s);
4093 ataR3CmdError(s, ABRT_ERR);
4094 ataUnsetStatus(s, ATA_STAT_READY);
4095 ataHCSetIRQ(s); /* Shortcut, do not use AIO thread. */
4096 }
4097 break;
4098 case ATA_RECALIBRATE:
4099 if (s->fATAPI)
4100 goto abort_cmd;
4101 ataR3StartTransfer(s, 0, PDMMEDIATXDIR_NONE, ATAFN_BT_NULL, ATAFN_SS_RECALIBRATE, false);
4102 break;
4103 case ATA_INITIALIZE_DEVICE_PARAMETERS:
4104 if (s->fATAPI)
4105 goto abort_cmd;
4106 ataR3StartTransfer(s, 0, PDMMEDIATXDIR_NONE, ATAFN_BT_NULL, ATAFN_SS_INITIALIZE_DEVICE_PARAMETERS, false);
4107 break;
4108 case ATA_SET_MULTIPLE_MODE:
4109 if ( s->uATARegNSector != 0
4110 && ( s->uATARegNSector > ATA_MAX_MULT_SECTORS
4111 || (s->uATARegNSector & (s->uATARegNSector - 1)) != 0))
4112 {
4113 ataR3CmdError(s, ABRT_ERR);
4114 }
4115 else
4116 {
4117 Log2(("%s: set multi sector count to %d\n", __FUNCTION__, s->uATARegNSector));
4118 s->cMultSectors = s->uATARegNSector;
4119 ataR3CmdOK(s, 0);
4120 }
4121 ataHCSetIRQ(s); /* Shortcut, do not use AIO thread. */
4122 break;
4123 case ATA_READ_VERIFY_SECTORS_EXT:
4124 s->fLBA48 = true;
4125 RT_FALL_THRU();
4126 case ATA_READ_VERIFY_SECTORS:
4127 case ATA_READ_VERIFY_SECTORS_WITHOUT_RETRIES:
4128 /* do sector number check ? */
4129 ataR3CmdOK(s, ATA_STAT_SEEK);
4130 ataHCSetIRQ(s); /* Shortcut, do not use AIO thread. */
4131 break;
4132 case ATA_READ_SECTORS_EXT:
4133 s->fLBA48 = true;
4134 RT_FALL_THRU();
4135 case ATA_READ_SECTORS:
4136 case ATA_READ_SECTORS_WITHOUT_RETRIES:
4137 if (!s->pDrvMedia || s->fATAPI)
4138 goto abort_cmd;
4139 s->cSectorsPerIRQ = 1;
4140 ataR3StartTransfer(s, ataR3GetNSectors(s) * s->cbSector, PDMMEDIATXDIR_FROM_DEVICE, ATAFN_BT_READ_WRITE_SECTORS, ATAFN_SS_READ_SECTORS, false);
4141 break;
4142 case ATA_WRITE_SECTORS_EXT:
4143 s->fLBA48 = true;
4144 RT_FALL_THRU();
4145 case ATA_WRITE_SECTORS:
4146 case ATA_WRITE_SECTORS_WITHOUT_RETRIES:
4147 if (!s->pDrvMedia || s->fATAPI)
4148 goto abort_cmd;
4149 s->cSectorsPerIRQ = 1;
4150 ataR3StartTransfer(s, ataR3GetNSectors(s) * s->cbSector, PDMMEDIATXDIR_TO_DEVICE, ATAFN_BT_READ_WRITE_SECTORS, ATAFN_SS_WRITE_SECTORS, false);
4151 break;
4152 case ATA_READ_MULTIPLE_EXT:
4153 s->fLBA48 = true;
4154 RT_FALL_THRU();
4155 case ATA_READ_MULTIPLE:
4156 if (!s->pDrvMedia || !s->cMultSectors || s->fATAPI)
4157 goto abort_cmd;
4158 s->cSectorsPerIRQ = s->cMultSectors;
4159 ataR3StartTransfer(s, ataR3GetNSectors(s) * s->cbSector, PDMMEDIATXDIR_FROM_DEVICE, ATAFN_BT_READ_WRITE_SECTORS, ATAFN_SS_READ_SECTORS, false);
4160 break;
4161 case ATA_WRITE_MULTIPLE_EXT:
4162 s->fLBA48 = true;
4163 RT_FALL_THRU();
4164 case ATA_WRITE_MULTIPLE:
4165 if (!s->pDrvMedia || !s->cMultSectors || s->fATAPI)
4166 goto abort_cmd;
4167 s->cSectorsPerIRQ = s->cMultSectors;
4168 ataR3StartTransfer(s, ataR3GetNSectors(s) * s->cbSector, PDMMEDIATXDIR_TO_DEVICE, ATAFN_BT_READ_WRITE_SECTORS, ATAFN_SS_WRITE_SECTORS, false);
4169 break;
4170 case ATA_READ_DMA_EXT:
4171 s->fLBA48 = true;
4172 RT_FALL_THRU();
4173 case ATA_READ_DMA:
4174 case ATA_READ_DMA_WITHOUT_RETRIES:
4175 if (!s->pDrvMedia || s->fATAPI)
4176 goto abort_cmd;
4177 s->cSectorsPerIRQ = ATA_MAX_MULT_SECTORS;
4178 s->fDMA = true;
4179 ataR3StartTransfer(s, ataR3GetNSectors(s) * s->cbSector, PDMMEDIATXDIR_FROM_DEVICE, ATAFN_BT_READ_WRITE_SECTORS, ATAFN_SS_READ_SECTORS, false);
4180 break;
4181 case ATA_WRITE_DMA_EXT:
4182 s->fLBA48 = true;
4183 RT_FALL_THRU();
4184 case ATA_WRITE_DMA:
4185 case ATA_WRITE_DMA_WITHOUT_RETRIES:
4186 if (!s->pDrvMedia || s->fATAPI)
4187 goto abort_cmd;
4188 s->cSectorsPerIRQ = ATA_MAX_MULT_SECTORS;
4189 s->fDMA = true;
4190 ataR3StartTransfer(s, ataR3GetNSectors(s) * s->cbSector, PDMMEDIATXDIR_TO_DEVICE, ATAFN_BT_READ_WRITE_SECTORS, ATAFN_SS_WRITE_SECTORS, false);
4191 break;
4192 case ATA_READ_NATIVE_MAX_ADDRESS_EXT:
4193 s->fLBA48 = true;
4194 ataR3SetSector(s, s->cTotalSectors - 1);
4195 ataR3CmdOK(s, 0);
4196 ataHCSetIRQ(s); /* Shortcut, do not use AIO thread. */
4197 break;
4198 case ATA_SEEK: /* Used by the SCO OpenServer. Command is marked as obsolete */
4199 ataR3CmdOK(s, 0);
4200 ataHCSetIRQ(s); /* Shortcut, do not use AIO thread. */
4201 break;
4202 case ATA_READ_NATIVE_MAX_ADDRESS:
4203 ataR3SetSector(s, RT_MIN(s->cTotalSectors, 1 << 28) - 1);
4204 ataR3CmdOK(s, 0);
4205 ataHCSetIRQ(s); /* Shortcut, do not use AIO thread. */
4206 break;
4207 case ATA_CHECK_POWER_MODE:
4208 s->uATARegNSector = 0xff; /* drive active or idle */
4209 ataR3CmdOK(s, 0);
4210 ataHCSetIRQ(s); /* Shortcut, do not use AIO thread. */
4211 break;
4212 case ATA_SET_FEATURES:
4213 Log2(("%s: feature=%#x\n", __FUNCTION__, s->uATARegFeature));
4214 if (!s->pDrvMedia)
4215 goto abort_cmd;
4216 switch (s->uATARegFeature)
4217 {
4218 case 0x02: /* write cache enable */
4219 Log2(("%s: write cache enable\n", __FUNCTION__));
4220 ataR3CmdOK(s, ATA_STAT_SEEK);
4221 ataHCSetIRQ(s); /* Shortcut, do not use AIO thread. */
4222 break;
4223 case 0xaa: /* read look-ahead enable */
4224 Log2(("%s: read look-ahead enable\n", __FUNCTION__));
4225 ataR3CmdOK(s, ATA_STAT_SEEK);
4226 ataHCSetIRQ(s); /* Shortcut, do not use AIO thread. */
4227 break;
4228 case 0x55: /* read look-ahead disable */
4229 Log2(("%s: read look-ahead disable\n", __FUNCTION__));
4230 ataR3CmdOK(s, ATA_STAT_SEEK);
4231 ataHCSetIRQ(s); /* Shortcut, do not use AIO thread. */
4232 break;
4233 case 0xcc: /* reverting to power-on defaults enable */
4234 Log2(("%s: revert to power-on defaults enable\n", __FUNCTION__));
4235 ataR3CmdOK(s, ATA_STAT_SEEK);
4236 ataHCSetIRQ(s); /* Shortcut, do not use AIO thread. */
4237 break;
4238 case 0x66: /* reverting to power-on defaults disable */
4239 Log2(("%s: revert to power-on defaults disable\n", __FUNCTION__));
4240 ataR3CmdOK(s, ATA_STAT_SEEK);
4241 ataHCSetIRQ(s); /* Shortcut, do not use AIO thread. */
4242 break;
4243 case 0x82: /* write cache disable */
4244 Log2(("%s: write cache disable\n", __FUNCTION__));
4245 /* As per the ATA/ATAPI-6 specs, a write cache disable
4246 * command MUST flush the write buffers to disc. */
4247 ataR3StartTransfer(s, 0, PDMMEDIATXDIR_NONE, ATAFN_BT_NULL, ATAFN_SS_FLUSH, false);
4248 break;
4249 case 0x03: { /* set transfer mode */
4250 Log2(("%s: transfer mode %#04x\n", __FUNCTION__, s->uATARegNSector));
4251 switch (s->uATARegNSector & 0xf8)
4252 {
4253 case 0x00: /* PIO default */
4254 case 0x08: /* PIO mode */
4255 break;
4256 case ATA_MODE_MDMA: /* MDMA mode */
4257 s->uATATransferMode = (s->uATARegNSector & 0xf8) | RT_MIN(s->uATARegNSector & 0x07, ATA_MDMA_MODE_MAX);
4258 break;
4259 case ATA_MODE_UDMA: /* UDMA mode */
4260 s->uATATransferMode = (s->uATARegNSector & 0xf8) | RT_MIN(s->uATARegNSector & 0x07, ATA_UDMA_MODE_MAX);
4261 break;
4262 default:
4263 goto abort_cmd;
4264 }
4265 ataR3CmdOK(s, ATA_STAT_SEEK);
4266 ataHCSetIRQ(s); /* Shortcut, do not use AIO thread. */
4267 break;
4268 }
4269 default:
4270 goto abort_cmd;
4271 }
4272 /*
4273 * OS/2 workarond:
4274 * The OS/2 IDE driver from MCP2 appears to rely on the feature register being
4275 * reset here. According to the specification, this is a driver bug as the register
4276 * contents are undefined after the call. This means we can just as well reset it.
4277 */
4278 s->uATARegFeature = 0;
4279 break;
4280 case ATA_FLUSH_CACHE_EXT:
4281 case ATA_FLUSH_CACHE:
4282 if (!s->pDrvMedia || s->fATAPI)
4283 goto abort_cmd;
4284 ataR3StartTransfer(s, 0, PDMMEDIATXDIR_NONE, ATAFN_BT_NULL, ATAFN_SS_FLUSH, false);
4285 break;
4286 case ATA_STANDBY_IMMEDIATE:
4287 ataR3CmdOK(s, 0);
4288 ataHCSetIRQ(s); /* Shortcut, do not use AIO thread. */
4289 break;
4290 case ATA_IDLE_IMMEDIATE:
4291 LogRel(("PIIX3 ATA: LUN#%d: aborting current command\n", s->iLUN));
4292 ataR3AbortCurrentCommand(s, false);
4293 break;
4294 case ATA_SLEEP:
4295 ataR3CmdOK(s, 0);
4296 ataHCSetIRQ(s);
4297 break;
4298 /* ATAPI commands */
4299 case ATA_IDENTIFY_PACKET_DEVICE:
4300 if (s->fATAPI)
4301 ataR3StartTransfer(s, 512, PDMMEDIATXDIR_FROM_DEVICE, ATAFN_BT_NULL, ATAFN_SS_ATAPI_IDENTIFY, false);
4302 else
4303 {
4304 ataR3CmdError(s, ABRT_ERR);
4305 ataHCSetIRQ(s); /* Shortcut, do not use AIO thread. */
4306 }
4307 break;
4308 case ATA_EXECUTE_DEVICE_DIAGNOSTIC:
4309 ataR3StartTransfer(s, 0, PDMMEDIATXDIR_NONE, ATAFN_BT_NULL, ATAFN_SS_EXECUTE_DEVICE_DIAGNOSTIC, false);
4310 break;
4311 case ATA_DEVICE_RESET:
4312 if (!s->fATAPI)
4313 goto abort_cmd;
4314 LogRel(("PIIX3 ATA: LUN#%d: performing device RESET\n", s->iLUN));
4315 ataR3AbortCurrentCommand(s, true);
4316 break;
4317 case ATA_PACKET:
4318 if (!s->fATAPI)
4319 goto abort_cmd;
4320 /* overlapping commands not supported */
4321 if (s->uATARegFeature & 0x02)
4322 goto abort_cmd;
4323 ataR3StartTransfer(s, ATAPI_PACKET_SIZE, PDMMEDIATXDIR_TO_DEVICE, ATAFN_BT_PACKET, ATAFN_SS_PACKET, false);
4324 break;
4325 case ATA_DATA_SET_MANAGEMENT:
4326 if (!s->pDrvMedia || !s->pDrvMedia->pfnDiscard)
4327 goto abort_cmd;
4328 if ( !(s->uATARegFeature & UINT8_C(0x01))
4329 || (s->uATARegFeature & ~UINT8_C(0x01)))
4330 goto abort_cmd;
4331 s->fDMA = true;
4332 ataR3StartTransfer(s, (s->uATARegNSectorHOB << 8 | s->uATARegNSector) * s->cbSector, PDMMEDIATXDIR_TO_DEVICE, ATAFN_BT_NULL, ATAFN_SS_TRIM, false);
4333 break;
4334 default:
4335 abort_cmd:
4336 ataR3CmdError(s, ABRT_ERR);
4337 if (s->fATAPI)
4338 ataUnsetStatus(s, ATA_STAT_READY);
4339 ataHCSetIRQ(s); /* Shortcut, do not use AIO thread. */
4340 break;
4341 }
4342}
4343
4344# endif /* IN_RING3 */
4345#endif /* IN_RING0 || IN_RING3 */
4346
4347/*
4348 * Note: There are four distinct cases of port I/O handling depending on
4349 * which devices (if any) are attached to an IDE channel:
4350 *
4351 * 1) No device attached. No response to writes or reads (i.e. reads return
4352 * all bits set).
4353 *
4354 * 2) Both devices attached. Reads and writes are processed normally.
4355 *
4356 * 3) Device 0 only. If device 0 is selected, normal behavior applies. But
4357 * if Device 1 is selected, writes are still directed to Device 0 (except
4358 * commands are not executed), reads from control/command registers are
4359 * directed to Device 0, but status/alt status reads return 0. If Device 1
4360 * is a PACKET device, all reads return 0. See ATAPI-6 clause 9.16.1 and
4361 * Table 18 in clause 7.1.
4362 *
4363 * 4) Device 1 only - non-standard(!). Device 1 can't tell if Device 0 is
4364 * present or not and behaves the same. That means if Device 0 is selected,
4365 * Device 1 responds to writes (except commands are not executed) but does
4366 * not respond to reads. If Device 1 selected, normal behavior applies.
4367 * See ATA-6 clause 9.16.2 and Table 15 in clause 7.1.
4368 *
4369 * Note: Task file register writes with BSY=1 and/or DRQ=1 are problematic.
4370 * Newer ATA/ATAPI specifications define that writes with BSY=0 and DRQ=1
4371 * are a "host malfunction" and ignored (see e.g. Table 15 in clause 7.1 of
4372 * the ATA-6 specification).
4373 * However, the results of writes with BSY=1 are "indeterminate", with the
4374 * sole exception of writing the DEVICE RESET command (if supported). We
4375 * choose to ignore the writes when BSY=1.
4376 *
4377 * Note: Ignoring writes to the Device/Head register when BSY=1 or DRQ=1 has the
4378 * convenient side effect that the non-selected device (if any) is guaranteed
4379 * to have BSY=0 and DRQ=0.
4380 */
4381
4382static int ataIOPortWriteU8(PATACONTROLLER pCtl, uint32_t addr, uint32_t val)
4383{
4384 Log2(("%s: LUN#%d write addr=%#x val=%#04x\n", __FUNCTION__, pCtl->aIfs[pCtl->iSelectedIf].iLUN, addr, val));
4385 addr &= 7;
4386 switch (addr)
4387 {
4388 case 0:
4389 Assert(0); /* This handler is not used for the Data register! */
4390 break;
4391 case 1: /* feature register */
4392 /* NOTE: data is written to the two drives */
4393 pCtl->aIfs[0].uATARegDevCtl &= ~ATA_DEVCTL_HOB;
4394 pCtl->aIfs[1].uATARegDevCtl &= ~ATA_DEVCTL_HOB;
4395 pCtl->aIfs[0].uATARegFeatureHOB = pCtl->aIfs[0].uATARegFeature;
4396 pCtl->aIfs[1].uATARegFeatureHOB = pCtl->aIfs[1].uATARegFeature;
4397 pCtl->aIfs[0].uATARegFeature = val;
4398 pCtl->aIfs[1].uATARegFeature = val;
4399 break;
4400 case 2: /* sector count */
4401 pCtl->aIfs[0].uATARegDevCtl &= ~ATA_DEVCTL_HOB;
4402 pCtl->aIfs[1].uATARegDevCtl &= ~ATA_DEVCTL_HOB;
4403 pCtl->aIfs[0].uATARegNSectorHOB = pCtl->aIfs[0].uATARegNSector;
4404 pCtl->aIfs[1].uATARegNSectorHOB = pCtl->aIfs[1].uATARegNSector;
4405 pCtl->aIfs[0].uATARegNSector = val;
4406 pCtl->aIfs[1].uATARegNSector = val;
4407 break;
4408 case 3: /* sector number */
4409 pCtl->aIfs[0].uATARegDevCtl &= ~ATA_DEVCTL_HOB;
4410 pCtl->aIfs[1].uATARegDevCtl &= ~ATA_DEVCTL_HOB;
4411 pCtl->aIfs[0].uATARegSectorHOB = pCtl->aIfs[0].uATARegSector;
4412 pCtl->aIfs[1].uATARegSectorHOB = pCtl->aIfs[1].uATARegSector;
4413 pCtl->aIfs[0].uATARegSector = val;
4414 pCtl->aIfs[1].uATARegSector = val;
4415 break;
4416 case 4: /* cylinder low */
4417 pCtl->aIfs[0].uATARegDevCtl &= ~ATA_DEVCTL_HOB;
4418 pCtl->aIfs[1].uATARegDevCtl &= ~ATA_DEVCTL_HOB;
4419 pCtl->aIfs[0].uATARegLCylHOB = pCtl->aIfs[0].uATARegLCyl;
4420 pCtl->aIfs[1].uATARegLCylHOB = pCtl->aIfs[1].uATARegLCyl;
4421 pCtl->aIfs[0].uATARegLCyl = val;
4422 pCtl->aIfs[1].uATARegLCyl = val;
4423 break;
4424 case 5: /* cylinder high */
4425 pCtl->aIfs[0].uATARegDevCtl &= ~ATA_DEVCTL_HOB;
4426 pCtl->aIfs[1].uATARegDevCtl &= ~ATA_DEVCTL_HOB;
4427 pCtl->aIfs[0].uATARegHCylHOB = pCtl->aIfs[0].uATARegHCyl;
4428 pCtl->aIfs[1].uATARegHCylHOB = pCtl->aIfs[1].uATARegHCyl;
4429 pCtl->aIfs[0].uATARegHCyl = val;
4430 pCtl->aIfs[1].uATARegHCyl = val;
4431 break;
4432 case 6: /* drive/head */
4433 if (pCtl->aIfs[pCtl->iAIOIf].uATARegStatus & ATA_STAT_DRQ)
4434 {
4435 Log(("DRQ=1, register write ignored!\n"));
4436 break;
4437 }
4438 pCtl->aIfs[0].uATARegSelect = (val & ~0x10) | 0xa0;
4439 pCtl->aIfs[1].uATARegSelect = (val | 0x10) | 0xa0;
4440 if (((val >> 4) & 1) != pCtl->iSelectedIf)
4441 {
4442 PPDMDEVINS pDevIns = CONTROLLER_2_DEVINS(pCtl);
4443
4444 /* select another drive */
4445 pCtl->iSelectedIf = (val >> 4) & 1;
4446 /* The IRQ line is multiplexed between the two drives, so
4447 * update the state when switching to another drive. Only need
4448 * to update interrupt line if it is enabled and there is a
4449 * state change. */
4450 if ( !(pCtl->aIfs[pCtl->iSelectedIf].uATARegDevCtl & ATA_DEVCTL_DISABLE_IRQ)
4451 && ( pCtl->aIfs[pCtl->iSelectedIf].fIrqPending
4452 != pCtl->aIfs[pCtl->iSelectedIf ^ 1].fIrqPending))
4453 {
4454 if (pCtl->aIfs[pCtl->iSelectedIf].fIrqPending)
4455 {
4456 Log2(("%s: LUN#%d asserting IRQ (drive select change)\n", __FUNCTION__, pCtl->aIfs[pCtl->iSelectedIf].iLUN));
4457 /* The BMDMA unit unconditionally sets BM_STATUS_INT if
4458 * the interrupt line is asserted. It monitors the line
4459 * for a rising edge. */
4460 pCtl->BmDma.u8Status |= BM_STATUS_INT;
4461 if (pCtl->irq == 16)
4462 PDMDevHlpPCISetIrq(pDevIns, 0, 1);
4463 else
4464 PDMDevHlpISASetIrq(pDevIns, pCtl->irq, 1);
4465 }
4466 else
4467 {
4468 Log2(("%s: LUN#%d deasserting IRQ (drive select change)\n", __FUNCTION__, pCtl->aIfs[pCtl->iSelectedIf].iLUN));
4469 if (pCtl->irq == 16)
4470 PDMDevHlpPCISetIrq(pDevIns, 0, 0);
4471 else
4472 PDMDevHlpISASetIrq(pDevIns, pCtl->irq, 0);
4473 }
4474 }
4475 }
4476 break;
4477 default:
4478 case 7: /* command */
4479 /* ignore commands to non-existent device */
4480 if (pCtl->iSelectedIf && !pCtl->aIfs[pCtl->iSelectedIf].pDrvMedia)
4481 break;
4482#ifndef IN_RING3
4483 /* Don't do anything complicated in GC */
4484 return VINF_IOM_R3_IOPORT_WRITE;
4485#else /* IN_RING3 */
4486 ataUnsetIRQ(&pCtl->aIfs[pCtl->iSelectedIf]);
4487 ataR3ParseCmd(&pCtl->aIfs[pCtl->iSelectedIf], val);
4488#endif /* !IN_RING3 */
4489 }
4490 return VINF_SUCCESS;
4491}
4492
4493
4494/*
4495 * Note: When the BSY bit is set, generally no other bits in the Status register
4496 * are valid and no other registers can be read. Newer ATA specs explicitly define
4497 * (e.g. clause 7.1, table 16 in ATA-6) that if any command block register is
4498 * read with BSY=1, the Status register contents are always returned instead.
4499 */
4500static int ataIOPortReadU8(PATACONTROLLER pCtl, uint32_t addr, uint32_t *pu32)
4501{
4502 ATADevState *s = &pCtl->aIfs[pCtl->iSelectedIf];
4503 uint32_t val;
4504 bool fHOB;
4505
4506 /* Check if the guest is reading from a non-existent device. */
4507 if (RT_UNLIKELY(!s->pDrvMedia))
4508 {
4509 if (pCtl->iSelectedIf) /* Device 1 selected, Device 0 responding for it. */
4510 {
4511 Assert(pCtl->aIfs[0].pDrvMedia);
4512
4513 /* When an ATAPI device 0 responds for non-present device 1, it generally
4514 * returns zeros on reads. The Error register is an exception. See clause 7.1,
4515 * table 16 in ATA-6 specification.
4516 */
4517 if (((addr & 7) != 1) && pCtl->aIfs[0].fATAPI) {
4518 Log2(("%s: addr=%#x, val=0: LUN#%d not attached/LUN#%d ATAPI\n", __FUNCTION__, addr,
4519 s->iLUN, pCtl->aIfs[0].iLUN));
4520 *pu32 = 0;
4521 return VINF_SUCCESS;
4522 }
4523 /* Else handle normally. */
4524 }
4525 else /* Device 0 selected (but not present). */
4526 {
4527 /* Because device 1 has no way to tell if there is device 0, the behavior is the same
4528 * as for an empty bus; see comments in ataIOPortReadEmptyBus(). Note that EFI (TianoCore)
4529 * relies on this behavior when detecting devices.
4530 */
4531 *pu32 = ATA_EMPTY_BUS_DATA;
4532 Log2(("%s: addr=%#x: LUN#%d not attached, val=%#02x\n", __FUNCTION__, addr, s->iLUN, *pu32));
4533 return VINF_SUCCESS;
4534 }
4535 }
4536
4537 /*
4538 * If the device is busy, the Status register is always read, but when reading the
4539 * Status register proper, special semantics apply. See status register handling
4540 * with interrupt clearing and yields below.
4541 * NB: This can't happen for non-present devices as those never become busy.
4542 */
4543 if (RT_UNLIKELY(s->uATARegStatus & ATA_STAT_BUSY))
4544 {
4545 Assert(s->pDrvMedia);
4546 if ((addr & 7) != 7)
4547 {
4548 *pu32 = s->uATARegStatus;
4549 Log2(("%s: LUN#%d addr=%#x val=%#04x (BSY=1, returning status!)\n", __FUNCTION__, s->iLUN, addr, *pu32));
4550 return VINF_SUCCESS;
4551 }
4552 }
4553
4554 fHOB = !!(s->uATARegDevCtl & (1 << 7));
4555 switch (addr & 7)
4556 {
4557 default:/* only to satisfy certain compilers, all cases are already handled */
4558 case 0: /* data register */
4559 Assert(0); /* This handler is not used for the Data register! */
4560 val = 0xff;
4561 break;
4562 case 1: /* error register */
4563 /* The ATA specification is very terse when it comes to specifying
4564 * the precise effects of reading back the error/feature register.
4565 * The error register (read-only) shares the register number with
4566 * the feature register (write-only), so it seems that it's not
4567 * necessary to support the usual HOB readback here. */
4568 if (!s->pDrvMedia)
4569 val = 0;
4570 else
4571 val = s->uATARegError;
4572 break;
4573 case 2: /* sector count */
4574 if (fHOB)
4575 val = s->uATARegNSectorHOB;
4576 else
4577 val = s->uATARegNSector;
4578 break;
4579 case 3: /* sector number */
4580 if (fHOB)
4581 val = s->uATARegSectorHOB;
4582 else
4583 val = s->uATARegSector;
4584 break;
4585 case 4: /* cylinder low */
4586 if (fHOB)
4587 val = s->uATARegLCylHOB;
4588 else
4589 val = s->uATARegLCyl;
4590 break;
4591 case 5: /* cylinder high */
4592 if (fHOB)
4593 val = s->uATARegHCylHOB;
4594 else
4595 val = s->uATARegHCyl;
4596 break;
4597 case 6: /* drive/head */
4598 /* This register must always work as long as there is at least
4599 * one drive attached to the controller. It is common between
4600 * both drives anyway (completely identical content). */
4601 if (!pCtl->aIfs[0].pDrvMedia && !pCtl->aIfs[1].pDrvMedia)
4602 val = 0;
4603 else
4604 val = s->uATARegSelect;
4605 break;
4606 case 7: /* primary status */
4607 {
4608 if (!s->pDrvMedia)
4609 val = 0;
4610 else
4611 val = s->uATARegStatus;
4612
4613 /* Give the async I/O thread an opportunity to make progress,
4614 * don't let it starve by guests polling frequently. EMT has a
4615 * lower priority than the async I/O thread, but sometimes the
4616 * host OS doesn't care. With some guests we are only allowed to
4617 * be busy for about 5 milliseconds in some situations. Note that
4618 * this is no guarantee for any other VBox thread getting
4619 * scheduled, so this just lowers the CPU load a bit when drives
4620 * are busy. It cannot help with timing problems. */
4621 if (val & ATA_STAT_BUSY)
4622 {
4623#ifdef IN_RING3
4624 /* @bugref{1960}: Don't yield all the time, unless it's a reset (can be tricky). */
4625 bool fYield = (s->cBusyStatusHackR3++ & s->cBusyStatusHackR3Rate) == 0
4626 || pCtl->fReset;
4627
4628 ataR3LockLeave(pCtl);
4629
4630 /*
4631 * The thread might be stuck in an I/O operation due to a high I/O
4632 * load on the host (see @bugref{3301}). To perform the reset
4633 * successfully we interrupt the operation by sending a signal to
4634 * the thread if the thread didn't responded in 10ms.
4635 *
4636 * This works only on POSIX hosts (Windows has a CancelSynchronousIo
4637 * function which does the same but it was introduced with Vista) but
4638 * so far this hang was only observed on Linux and Mac OS X.
4639 *
4640 * This is a workaround and needs to be solved properly.
4641 */
4642 if (pCtl->fReset)
4643 {
4644 uint64_t u64ResetTimeStop = RTTimeMilliTS();
4645 if (u64ResetTimeStop - pCtl->u64ResetTime >= 10)
4646 {
4647 LogRel(("PIIX3 ATA LUN#%d: Async I/O thread probably stuck in operation, interrupting\n", s->iLUN));
4648 pCtl->u64ResetTime = u64ResetTimeStop;
4649# ifndef RT_OS_WINDOWS /* We've got this API on windows, but it doesn't necessarily interrupt I/O. */
4650 RTThreadPoke(pCtl->AsyncIOThread);
4651# endif
4652 Assert(fYield);
4653 }
4654 }
4655
4656 if (fYield)
4657 {
4658 STAM_REL_PROFILE_ADV_START(&s->StatStatusYields, a);
4659 RTThreadYield();
4660 STAM_REL_PROFILE_ADV_STOP(&s->StatStatusYields, a);
4661 }
4662 ASMNopPause();
4663
4664 ataR3LockEnter(pCtl);
4665
4666 val = s->uATARegStatus;
4667#else /* !IN_RING3 */
4668 /* Cannot yield CPU in raw-mode and ring-0 context. And switching
4669 * to host context for each and every busy status is too costly,
4670 * especially on SMP systems where we don't gain much by
4671 * yielding the CPU to someone else. */
4672 if ((s->cBusyStatusHackRZ++ & s->cBusyStatusHackRZRate) == 1)
4673 {
4674 s->cBusyStatusHackR3 = 0; /* Forces a yield. */
4675 return VINF_IOM_R3_IOPORT_READ;
4676 }
4677#endif /* !IN_RING3 */
4678 }
4679 else
4680 {
4681 s->cBusyStatusHackRZ = 0;
4682 s->cBusyStatusHackR3 = 0;
4683 }
4684 ataUnsetIRQ(s);
4685 break;
4686 }
4687 }
4688 Log2(("%s: LUN#%d addr=%#x val=%#04x\n", __FUNCTION__, s->iLUN, addr, val));
4689 *pu32 = val;
4690 return VINF_SUCCESS;
4691}
4692
4693
4694/*
4695 * Read the Alternate status register. Does not affect interrupts.
4696 */
4697static uint32_t ataStatusRead(PATACONTROLLER pCtl, uint32_t addr)
4698{
4699 ATADevState *s = &pCtl->aIfs[pCtl->iSelectedIf];
4700 uint32_t val;
4701 RT_NOREF1(addr);
4702
4703 Assert(pCtl->aIfs[0].pDrvMedia || pCtl->aIfs[1].pDrvMedia); /* Channel must not be empty. */
4704 if (pCtl->iSelectedIf == 1 && !s->pDrvMedia)
4705 val = 0; /* Device 1 selected, Device 0 responding for it. */
4706 else
4707 val = s->uATARegStatus;
4708 Log2(("%s: LUN#%d read addr=%#x val=%#04x\n", __FUNCTION__, pCtl->aIfs[pCtl->iSelectedIf].iLUN, addr, val));
4709 return val;
4710}
4711
4712static int ataControlWrite(PATACONTROLLER pCtl, uint32_t addr, uint32_t val)
4713{
4714 RT_NOREF1(addr);
4715#ifndef IN_RING3
4716 if ((val ^ pCtl->aIfs[0].uATARegDevCtl) & ATA_DEVCTL_RESET)
4717 return VINF_IOM_R3_IOPORT_WRITE; /* The RESET stuff is too complicated for RC+R0. */
4718#endif /* !IN_RING3 */
4719
4720 Log2(("%s: LUN#%d write addr=%#x val=%#04x\n", __FUNCTION__, pCtl->aIfs[pCtl->iSelectedIf].iLUN, addr, val));
4721 /* RESET is common for both drives attached to a controller. */
4722 if ( !(pCtl->aIfs[0].uATARegDevCtl & ATA_DEVCTL_RESET)
4723 && (val & ATA_DEVCTL_RESET))
4724 {
4725#ifdef IN_RING3
4726 /* Software RESET low to high */
4727 int32_t uCmdWait0 = -1;
4728 int32_t uCmdWait1 = -1;
4729 uint64_t uNow = RTTimeNanoTS();
4730 if (pCtl->aIfs[0].u64CmdTS)
4731 uCmdWait0 = (uNow - pCtl->aIfs[0].u64CmdTS) / 1000;
4732 if (pCtl->aIfs[1].u64CmdTS)
4733 uCmdWait1 = (uNow - pCtl->aIfs[1].u64CmdTS) / 1000;
4734 LogRel(("PIIX3 ATA: Ctl#%d: RESET, DevSel=%d AIOIf=%d CmdIf0=%#04x (%d usec ago) CmdIf1=%#04x (%d usec ago)\n",
4735 ATACONTROLLER_IDX(pCtl), pCtl->iSelectedIf, pCtl->iAIOIf,
4736 pCtl->aIfs[0].uATARegCommand, uCmdWait0,
4737 pCtl->aIfs[1].uATARegCommand, uCmdWait1));
4738 pCtl->fReset = true;
4739 /* Everything must be done after the reset flag is set, otherwise
4740 * there are unavoidable races with the currently executing request
4741 * (which might just finish in the mean time). */
4742 pCtl->fChainedTransfer = false;
4743 for (uint32_t i = 0; i < RT_ELEMENTS(pCtl->aIfs); i++)
4744 {
4745 ataR3ResetDevice(&pCtl->aIfs[i]);
4746 /* The following cannot be done using ataSetStatusValue() since the
4747 * reset flag is already set, which suppresses all status changes. */
4748 pCtl->aIfs[i].uATARegStatus = ATA_STAT_BUSY | ATA_STAT_SEEK;
4749 Log2(("%s: LUN#%d status %#04x\n", __FUNCTION__, pCtl->aIfs[i].iLUN, pCtl->aIfs[i].uATARegStatus));
4750 pCtl->aIfs[i].uATARegError = 0x01;
4751 }
4752 pCtl->iSelectedIf = 0;
4753 ataR3AsyncIOClearRequests(pCtl);
4754 Log2(("%s: Ctl#%d: message to async I/O thread, resetA\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
4755 if (val & ATA_DEVCTL_HOB)
4756 {
4757 val &= ~ATA_DEVCTL_HOB;
4758 Log2(("%s: ignored setting HOB\n", __FUNCTION__));
4759 }
4760
4761 /* Save the timestamp we started the reset. */
4762 pCtl->u64ResetTime = RTTimeMilliTS();
4763
4764 /* Issue the reset request now. */
4765 ataHCAsyncIOPutRequest(pCtl, &g_ataResetARequest);
4766#else /* !IN_RING3 */
4767 AssertMsgFailed(("RESET handling is too complicated for GC\n"));
4768#endif /* IN_RING3 */
4769 }
4770 else if ( (pCtl->aIfs[0].uATARegDevCtl & ATA_DEVCTL_RESET)
4771 && !(val & ATA_DEVCTL_RESET))
4772 {
4773#ifdef IN_RING3
4774 /* Software RESET high to low */
4775 Log(("%s: deasserting RESET\n", __FUNCTION__));
4776 Log2(("%s: Ctl#%d: message to async I/O thread, resetC\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
4777 if (val & ATA_DEVCTL_HOB)
4778 {
4779 val &= ~ATA_DEVCTL_HOB;
4780 Log2(("%s: ignored setting HOB\n", __FUNCTION__));
4781 }
4782 ataHCAsyncIOPutRequest(pCtl, &g_ataResetCRequest);
4783#else /* !IN_RING3 */
4784 AssertMsgFailed(("RESET handling is too complicated for GC\n"));
4785#endif /* IN_RING3 */
4786 }
4787
4788 /* Change of interrupt disable flag. Update interrupt line if interrupt
4789 * is pending on the current interface. */
4790 if ( ((val ^ pCtl->aIfs[0].uATARegDevCtl) & ATA_DEVCTL_DISABLE_IRQ)
4791 && pCtl->aIfs[pCtl->iSelectedIf].fIrqPending)
4792 {
4793 if (!(val & ATA_DEVCTL_DISABLE_IRQ))
4794 {
4795 Log2(("%s: LUN#%d asserting IRQ (interrupt disable change)\n", __FUNCTION__, pCtl->aIfs[pCtl->iSelectedIf].iLUN));
4796 /* The BMDMA unit unconditionally sets BM_STATUS_INT if the
4797 * interrupt line is asserted. It monitors the line for a rising
4798 * edge. */
4799 pCtl->BmDma.u8Status |= BM_STATUS_INT;
4800 if (pCtl->irq == 16)
4801 PDMDevHlpPCISetIrq(CONTROLLER_2_DEVINS(pCtl), 0, 1);
4802 else
4803 PDMDevHlpISASetIrq(CONTROLLER_2_DEVINS(pCtl), pCtl->irq, 1);
4804 }
4805 else
4806 {
4807 Log2(("%s: LUN#%d deasserting IRQ (interrupt disable change)\n", __FUNCTION__, pCtl->aIfs[pCtl->iSelectedIf].iLUN));
4808 if (pCtl->irq == 16)
4809 PDMDevHlpPCISetIrq(CONTROLLER_2_DEVINS(pCtl), 0, 0);
4810 else
4811 PDMDevHlpISASetIrq(CONTROLLER_2_DEVINS(pCtl), pCtl->irq, 0);
4812 }
4813 }
4814
4815 if (val & ATA_DEVCTL_HOB)
4816 Log2(("%s: set HOB\n", __FUNCTION__));
4817
4818 pCtl->aIfs[0].uATARegDevCtl = val;
4819 pCtl->aIfs[1].uATARegDevCtl = val;
4820
4821 return VINF_SUCCESS;
4822}
4823
4824#if defined(IN_RING0) || defined(IN_RING3)
4825
4826static void ataHCPIOTransfer(PATACONTROLLER pCtl)
4827{
4828 ATADevState *s;
4829
4830 s = &pCtl->aIfs[pCtl->iAIOIf];
4831 Log3(("%s: if=%p\n", __FUNCTION__, s));
4832
4833 if (s->cbTotalTransfer && s->iIOBufferCur > s->iIOBufferEnd)
4834 {
4835# ifdef IN_RING3
4836 LogRel(("PIIX3 ATA: LUN#%d: %s data in the middle of a PIO transfer - VERY SLOW\n",
4837 s->iLUN, s->uTxDir == PDMMEDIATXDIR_FROM_DEVICE ? "loading" : "storing"));
4838 /* Any guest OS that triggers this case has a pathetic ATA driver.
4839 * In a real system it would block the CPU via IORDY, here we do it
4840 * very similarly by not continuing with the current instruction
4841 * until the transfer to/from the storage medium is completed. */
4842 if (s->iSourceSink != ATAFN_SS_NULL)
4843 {
4844 bool fRedo;
4845 uint8_t status = s->uATARegStatus;
4846 ataSetStatusValue(s, ATA_STAT_BUSY);
4847 Log2(("%s: calling source/sink function\n", __FUNCTION__));
4848 fRedo = g_apfnSourceSinkFuncs[s->iSourceSink](s);
4849 pCtl->fRedo = fRedo;
4850 if (RT_UNLIKELY(fRedo))
4851 return;
4852 ataSetStatusValue(s, status);
4853 s->iIOBufferCur = 0;
4854 s->iIOBufferEnd = s->cbElementaryTransfer;
4855 }
4856# else
4857 AssertReleaseFailed();
4858# endif
4859 }
4860 if (s->cbTotalTransfer)
4861 {
4862 if (s->fATAPITransfer)
4863 ataHCPIOTransferLimitATAPI(s);
4864
4865 if (s->uTxDir == PDMMEDIATXDIR_TO_DEVICE && s->cbElementaryTransfer > s->cbTotalTransfer)
4866 s->cbElementaryTransfer = s->cbTotalTransfer;
4867
4868 Log2(("%s: %s tx_size=%d elem_tx_size=%d index=%d end=%d\n",
4869 __FUNCTION__, s->uTxDir == PDMMEDIATXDIR_FROM_DEVICE ? "T2I" : "I2T",
4870 s->cbTotalTransfer, s->cbElementaryTransfer,
4871 s->iIOBufferCur, s->iIOBufferEnd));
4872 ataHCPIOTransferStart(s, s->iIOBufferCur, s->cbElementaryTransfer);
4873 s->cbTotalTransfer -= s->cbElementaryTransfer;
4874 s->iIOBufferCur += s->cbElementaryTransfer;
4875
4876 if (s->uTxDir == PDMMEDIATXDIR_FROM_DEVICE && s->cbElementaryTransfer > s->cbTotalTransfer)
4877 s->cbElementaryTransfer = s->cbTotalTransfer;
4878 }
4879 else
4880 ataHCPIOTransferStop(s);
4881}
4882
4883
4884DECLINLINE(void) ataHCPIOTransferFinish(PATACONTROLLER pCtl, ATADevState *s)
4885{
4886 /* Do not interfere with RESET processing if the PIO transfer finishes
4887 * while the RESET line is asserted. */
4888 if (pCtl->fReset)
4889 {
4890 Log2(("%s: Ctl#%d: suppressed continuing PIO transfer as RESET is active\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
4891 return;
4892 }
4893
4894 if ( s->uTxDir == PDMMEDIATXDIR_TO_DEVICE
4895 || ( s->iSourceSink != ATAFN_SS_NULL
4896 && s->iIOBufferCur >= s->iIOBufferEnd))
4897 {
4898 /* Need to continue the transfer in the async I/O thread. This is
4899 * the case for write operations or generally for not yet finished
4900 * transfers (some data might need to be read). */
4901 ataSetStatus(s, ATA_STAT_BUSY);
4902 ataUnsetStatus(s, ATA_STAT_READY | ATA_STAT_DRQ);
4903
4904 Log2(("%s: Ctl#%d: message to async I/O thread, continuing PIO transfer\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
4905 ataHCAsyncIOPutRequest(pCtl, &g_ataPIORequest);
4906 }
4907 else
4908 {
4909 /* Either everything finished (though some data might still be pending)
4910 * or some data is pending before the next read is due. */
4911
4912 /* Continue a previously started transfer. */
4913 ataUnsetStatus(s, ATA_STAT_DRQ);
4914 ataSetStatus(s, ATA_STAT_READY);
4915
4916 if (s->cbTotalTransfer)
4917 {
4918 /* There is more to transfer, happens usually for large ATAPI
4919 * reads - the protocol limits the chunk size to 65534 bytes. */
4920 ataHCPIOTransfer(pCtl);
4921 ataHCSetIRQ(s);
4922 }
4923 else
4924 {
4925 Log2(("%s: Ctl#%d: skipping message to async I/O thread, ending PIO transfer\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
4926 /* Finish PIO transfer. */
4927 ataHCPIOTransfer(pCtl);
4928 Assert(!pCtl->fRedo);
4929 }
4930 }
4931}
4932
4933#endif /* IN_RING0 || IN_RING3 */
4934
4935/**
4936 * Fallback for ataCopyPioData124 that handles unaligned and out of bounds cases.
4937 *
4938 * @param pIf The device interface to work with.
4939 * @param pbDst The destination buffer.
4940 * @param pbSrc The source buffer.
4941 * @param cbCopy The number of bytes to copy, either 1, 2 or 4 bytes.
4942 */
4943DECL_NO_INLINE(static, void) ataCopyPioData124Slow(ATADevState *pIf, uint8_t *pbDst, const uint8_t *pbSrc, uint32_t cbCopy)
4944{
4945 uint32_t const offStart = pIf->iIOBufferPIODataStart;
4946 uint32_t const offNext = offStart + cbCopy;
4947
4948 if (offStart + cbCopy > pIf->cbIOBuffer)
4949 {
4950 Log(("%s: cbCopy=%#x offStart=%#x cbIOBuffer=%#x offNext=%#x (iIOBufferPIODataEnd=%#x)\n",
4951 __FUNCTION__, cbCopy, offStart, pIf->cbIOBuffer, offNext, pIf->iIOBufferPIODataEnd));
4952 if (offStart < pIf->cbIOBuffer)
4953 cbCopy = pIf->cbIOBuffer - offStart;
4954 else
4955 cbCopy = 0;
4956 }
4957
4958 switch (cbCopy)
4959 {
4960 case 4: pbDst[3] = pbSrc[3]; RT_FALL_THRU();
4961 case 3: pbDst[2] = pbSrc[2]; RT_FALL_THRU();
4962 case 2: pbDst[1] = pbSrc[1]; RT_FALL_THRU();
4963 case 1: pbDst[0] = pbSrc[0]; RT_FALL_THRU();
4964 case 0: break;
4965 default: AssertFailed(); /* impossible */
4966 }
4967
4968 pIf->iIOBufferPIODataStart = offNext;
4969
4970}
4971
4972
4973/**
4974 * Work for ataDataWrite & ataDataRead that copies data without using memcpy.
4975 *
4976 * This also updates pIf->iIOBufferPIODataStart.
4977 *
4978 * The two buffers are either stack (32-bit aligned) or somewhere within
4979 * pIf->pbIOBuffer.
4980 *
4981 * @param pIf The device interface to work with.
4982 * @param pbDst The destination buffer.
4983 * @param pbSrc The source buffer.
4984 * @param cbCopy The number of bytes to copy, either 1, 2 or 4 bytes.
4985 */
4986DECLINLINE(void) ataCopyPioData124(ATADevState *pIf, uint8_t *pbDst, const uint8_t *pbSrc, uint32_t cbCopy)
4987{
4988 /*
4989 * Quick bounds checking can be done by checking that the pbIOBuffer offset
4990 * (iIOBufferPIODataStart) is aligned at the transfer size (which is ASSUMED
4991 * to be 1, 2 or 4). However, since we're paranoid and don't currently
4992 * trust iIOBufferPIODataEnd to be within bounds, we current check against the
4993 * IO buffer size too.
4994 */
4995 Assert(cbCopy == 1 || cbCopy == 2 || cbCopy == 4);
4996 uint32_t const offStart = pIf->iIOBufferPIODataStart;
4997 if (RT_LIKELY( !(offStart & (cbCopy - 1))
4998 && offStart + cbCopy <= pIf->cbIOBuffer))
4999 {
5000 switch (cbCopy)
5001 {
5002 case 4: *(uint32_t *)pbDst = *(uint32_t const *)pbSrc; break;
5003 case 2: *(uint16_t *)pbDst = *(uint16_t const *)pbSrc; break;
5004 case 1: *pbDst = *pbSrc; break;
5005 }
5006 pIf->iIOBufferPIODataStart = offStart + cbCopy;
5007 }
5008 else
5009 ataCopyPioData124Slow(pIf, pbDst, pbSrc, cbCopy);
5010}
5011
5012
5013/**
5014 * Port I/O Handler for primary port range OUT operations.
5015 * @see FNIOMIOPORTOUT for details.
5016 */
5017PDMBOTHCBDECL(int) ataIOPortWrite1Data(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t u32, unsigned cb)
5018{
5019 uint32_t i = (uint32_t)(uintptr_t)pvUser;
5020 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5021 PATACONTROLLER pCtl = &pThis->aCts[i];
5022 RT_NOREF1(Port);
5023
5024 Assert(i < 2);
5025 Assert(Port == pCtl->IOPortBase1);
5026 Assert(cb == 2 || cb == 4); /* Writes to the data port may be 16-bit or 32-bit. */
5027
5028 int rc = PDMCritSectEnter(&pCtl->lock, VINF_IOM_R3_IOPORT_WRITE);
5029 if (rc == VINF_SUCCESS)
5030 {
5031 ATADevState *s = &pCtl->aIfs[pCtl->iSelectedIf];
5032
5033 if (s->iIOBufferPIODataStart < s->iIOBufferPIODataEnd)
5034 {
5035 Assert(s->uTxDir == PDMMEDIATXDIR_TO_DEVICE);
5036 uint8_t *pbDst = s->CTX_SUFF(pbIOBuffer) + s->iIOBufferPIODataStart;
5037 uint8_t const *pbSrc = (uint8_t const *)&u32;
5038
5039#ifdef IN_RC
5040 /* Raw-mode: The ataHCPIOTransfer following the last transfer unit
5041 requires I/O thread signalling, we must go to ring-3 for that. */
5042 if (s->iIOBufferPIODataStart + cb < s->iIOBufferPIODataEnd)
5043 ataCopyPioData124(s, pbDst, pbSrc, cb);
5044 else
5045 rc = VINF_IOM_R3_IOPORT_WRITE;
5046
5047#elif defined(IN_RING0)
5048 /* Ring-0: We can do I/O thread signalling here, however for paranoid reasons
5049 triggered by a special case in ataHCPIOTransferFinish, we take extra care here. */
5050 if (s->iIOBufferPIODataStart + cb < s->iIOBufferPIODataEnd)
5051 ataCopyPioData124(s, pbDst, pbSrc, cb);
5052 else if (s->uTxDir == PDMMEDIATXDIR_TO_DEVICE) /* paranoia */
5053 {
5054 ataCopyPioData124(s, pbDst, pbSrc, cb);
5055 ataHCPIOTransferFinish(pCtl, s);
5056 }
5057 else
5058 {
5059 Log(("%s: Unexpected\n",__FUNCTION__));
5060 rc = VINF_IOM_R3_IOPORT_WRITE;
5061 }
5062
5063#else /* IN_RING 3*/
5064 ataCopyPioData124(s, pbDst, pbSrc, cb);
5065 if (s->iIOBufferPIODataStart >= s->iIOBufferPIODataEnd)
5066 ataHCPIOTransferFinish(pCtl, s);
5067#endif /* IN_RING 3*/
5068 }
5069 else
5070 Log2(("%s: DUMMY data\n", __FUNCTION__));
5071
5072 Log3(("%s: addr=%#x val=%.*Rhxs rc=%d\n", __FUNCTION__, Port, cb, &u32, rc));
5073 PDMCritSectLeave(&pCtl->lock);
5074 }
5075 else
5076 Log3(("%s: addr=%#x -> %d\n", __FUNCTION__, Port, rc));
5077 return rc;
5078}
5079
5080
5081/**
5082 * Port I/O Handler for primary port range IN operations.
5083 * @see FNIOMIOPORTIN for details.
5084 */
5085PDMBOTHCBDECL(int) ataIOPortRead1Data(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t *pu32, unsigned cb)
5086{
5087 uint32_t i = (uint32_t)(uintptr_t)pvUser;
5088 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5089 PATACONTROLLER pCtl = &pThis->aCts[i];
5090 RT_NOREF1(Port);
5091
5092 Assert(i < 2);
5093 Assert(Port == pCtl->IOPortBase1);
5094
5095 /* Reads from the data register may be 16-bit or 32-bit. Byte accesses are
5096 upgraded to word. */
5097 Assert(cb == 1 || cb == 2 || cb == 4);
5098 uint32_t cbActual = cb != 1 ? cb : 2;
5099 *pu32 = 0;
5100
5101 int rc = PDMCritSectEnter(&pCtl->lock, VINF_IOM_R3_IOPORT_READ);
5102 if (rc == VINF_SUCCESS)
5103 {
5104 ATADevState *s = &pCtl->aIfs[pCtl->iSelectedIf];
5105
5106 if (s->iIOBufferPIODataStart < s->iIOBufferPIODataEnd)
5107 {
5108 Assert(s->uTxDir == PDMMEDIATXDIR_FROM_DEVICE);
5109 uint8_t const *pbSrc = s->CTX_SUFF(pbIOBuffer) + s->iIOBufferPIODataStart;
5110 uint8_t *pbDst = (uint8_t *)pu32;
5111
5112#ifdef IN_RC
5113 /* All but the last transfer unit is simple enough for RC, but
5114 * sending a request to the async IO thread is too complicated. */
5115 if (s->iIOBufferPIODataStart + cbActual < s->iIOBufferPIODataEnd)
5116 ataCopyPioData124(s, pbDst, pbSrc, cbActual);
5117 else
5118 rc = VINF_IOM_R3_IOPORT_READ;
5119
5120#elif defined(IN_RING0)
5121 /* Ring-0: We can do I/O thread signalling here. However there is one
5122 case in ataHCPIOTransfer that does a LogRel and would (but not from
5123 here) call directly into the driver code. We detect that odd case
5124 here cand return to ring-3 to handle it. */
5125 if (s->iIOBufferPIODataStart + cbActual < s->iIOBufferPIODataEnd)
5126 ataCopyPioData124(s, pbDst, pbSrc, cbActual);
5127 else if ( s->cbTotalTransfer == 0
5128 || s->iSourceSink != ATAFN_SS_NULL
5129 || s->iIOBufferCur <= s->iIOBufferEnd)
5130 {
5131 ataCopyPioData124(s, pbDst, pbSrc, cbActual);
5132 ataHCPIOTransferFinish(pCtl, s);
5133 }
5134 else
5135 {
5136 Log(("%s: Unexpected\n",__FUNCTION__));
5137 rc = VINF_IOM_R3_IOPORT_READ;
5138 }
5139
5140#else /* IN_RING3 */
5141 ataCopyPioData124(s, pbDst, pbSrc, cbActual);
5142 if (s->iIOBufferPIODataStart >= s->iIOBufferPIODataEnd)
5143 ataHCPIOTransferFinish(pCtl, s);
5144#endif /* IN_RING3 */
5145
5146 /* Just to be on the safe side (caller takes care of this, really). */
5147 if (cb == 1)
5148 *pu32 &= 0xff;
5149 }
5150 else
5151 {
5152 Log2(("%s: DUMMY data\n", __FUNCTION__));
5153 memset(pu32, 0xff, cb);
5154 }
5155 Log3(("%s: addr=%#x val=%.*Rhxs rc=%d\n", __FUNCTION__, Port, cb, pu32, rc));
5156
5157 PDMCritSectLeave(&pCtl->lock);
5158 }
5159 else
5160 Log3(("%s: addr=%#x -> %d\n", __FUNCTION__, Port, rc));
5161
5162 return rc;
5163}
5164
5165
5166/**
5167 * Port I/O Handler for primary port range IN string operations.
5168 * @see FNIOMIOPORTINSTRING for details.
5169 */
5170PDMBOTHCBDECL(int) ataIOPortReadStr1Data(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint8_t *pbDst,
5171 uint32_t *pcTransfers, unsigned cb)
5172{
5173 uint32_t i = (uint32_t)(uintptr_t)pvUser;
5174 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5175 PATACONTROLLER pCtl = &pThis->aCts[i];
5176 RT_NOREF1(Port);
5177
5178 Assert(i < 2);
5179 Assert(Port == pCtl->IOPortBase1);
5180 Assert(*pcTransfers > 0);
5181
5182 int rc;
5183 if (cb == 2 || cb == 4)
5184 {
5185 rc = PDMCritSectEnter(&pCtl->lock, VINF_IOM_R3_IOPORT_READ);
5186 if (rc == VINF_SUCCESS)
5187 {
5188 ATADevState *s = &pCtl->aIfs[pCtl->iSelectedIf];
5189
5190 uint32_t const offStart = s->iIOBufferPIODataStart;
5191 if (offStart < s->iIOBufferPIODataEnd)
5192 {
5193 /*
5194 * Figure how much we can copy. Usually it's the same as the request.
5195 * The last transfer unit cannot be handled in RC, as it involves
5196 * thread communication. In R0 we let the non-string callback handle it,
5197 * and ditto for overflows/dummy data.
5198 */
5199 uint32_t cAvailable = (s->iIOBufferPIODataEnd - offStart) / cb;
5200#ifndef IN_RING3
5201 if (cAvailable > 0)
5202 cAvailable--;
5203#endif
5204 uint32_t const cRequested = *pcTransfers;
5205 if (cAvailable > cRequested)
5206 cAvailable = cRequested;
5207 uint32_t const cbTransfer = cAvailable * cb;
5208 if ( offStart + cbTransfer <= s->cbIOBuffer
5209 && cbTransfer > 0)
5210 {
5211 /*
5212 * Do the transfer.
5213 */
5214 uint8_t const *pbSrc = s->CTX_SUFF(pbIOBuffer) + offStart;
5215 memcpy(pbDst, pbSrc, cbTransfer);
5216 Log3(("%s: addr=%#x cb=%#x cbTransfer=%#x val=%.*Rhxd\n",
5217 __FUNCTION__, Port, cb, cbTransfer, cbTransfer, pbSrc));
5218 s->iIOBufferPIODataStart = offStart + cbTransfer;
5219
5220#ifdef IN_RING3
5221 if (s->iIOBufferPIODataStart >= s->iIOBufferPIODataEnd)
5222 ataHCPIOTransferFinish(pCtl, s);
5223#endif
5224 *pcTransfers = cRequested - cAvailable;
5225 }
5226 else
5227 Log2(("ataIOPortReadStr1Data: DUMMY/Overflow!\n"));
5228 }
5229 else
5230 {
5231 /*
5232 * Dummy read (shouldn't happen) return 0xff like the non-string handler.
5233 */
5234 Log2(("ataIOPortReadStr1Data: DUMMY data (%#x bytes)\n", *pcTransfers * cb));
5235 memset(pbDst, 0xff, *pcTransfers * cb);
5236 *pcTransfers = 0;
5237 }
5238
5239 PDMCritSectLeave(&pCtl->lock);
5240 }
5241 }
5242 /*
5243 * Let the non-string I/O callback handle 1 byte reads.
5244 */
5245 else
5246 {
5247 Log2(("ataIOPortReadStr1Data: 1 byte read (%#x transfers)\n", *pcTransfers));
5248 AssertFailed();
5249 rc = VINF_SUCCESS;
5250 }
5251 return rc;
5252}
5253
5254
5255/**
5256 * Port I/O Handler for primary port range OUT string operations.
5257 * @see FNIOMIOPORTOUTSTRING for details.
5258 */
5259PDMBOTHCBDECL(int) ataIOPortWriteStr1Data(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint8_t const *pbSrc,
5260 uint32_t *pcTransfers, unsigned cb)
5261{
5262 uint32_t i = (uint32_t)(uintptr_t)pvUser;
5263 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5264 PATACONTROLLER pCtl = &pThis->aCts[i];
5265 RT_NOREF1(Port);
5266
5267 Assert(i < 2);
5268 Assert(Port == pCtl->IOPortBase1);
5269 Assert(*pcTransfers > 0);
5270
5271 int rc;
5272 if (cb == 2 || cb == 4)
5273 {
5274 rc = PDMCritSectEnter(&pCtl->lock, VINF_IOM_R3_IOPORT_WRITE);
5275 if (rc == VINF_SUCCESS)
5276 {
5277 ATADevState *s = &pCtl->aIfs[pCtl->iSelectedIf];
5278
5279 uint32_t const offStart = s->iIOBufferPIODataStart;
5280 if (offStart < s->iIOBufferPIODataEnd)
5281 {
5282 /*
5283 * Figure how much we can copy. Usually it's the same as the request.
5284 * The last transfer unit cannot be handled in RC, as it involves
5285 * thread communication. In R0 we let the non-string callback handle it,
5286 * and ditto for overflows/dummy data.
5287 */
5288 uint32_t cAvailable = (s->iIOBufferPIODataEnd - offStart) / cb;
5289#ifndef IN_RING3
5290 if (cAvailable)
5291 cAvailable--;
5292#endif
5293 uint32_t const cRequested = *pcTransfers;
5294 if (cAvailable > cRequested)
5295 cAvailable = cRequested;
5296 uint32_t const cbTransfer = cAvailable * cb;
5297 if ( offStart + cbTransfer <= s->cbIOBuffer
5298 && cbTransfer)
5299 {
5300 /*
5301 * Do the transfer.
5302 */
5303 void *pvDst = s->CTX_SUFF(pbIOBuffer) + offStart;
5304 memcpy(pvDst, pbSrc, cbTransfer);
5305 Log3(("%s: addr=%#x val=%.*Rhxs\n", __FUNCTION__, Port, cbTransfer, pvDst));
5306 s->iIOBufferPIODataStart = offStart + cbTransfer;
5307
5308#ifdef IN_RING3
5309 if (s->iIOBufferPIODataStart >= s->iIOBufferPIODataEnd)
5310 ataHCPIOTransferFinish(pCtl, s);
5311#endif
5312 *pcTransfers = cRequested - cAvailable;
5313 }
5314 else
5315 Log2(("ataIOPortWriteStr1Data: DUMMY/Overflow!\n"));
5316 }
5317 else
5318 {
5319 Log2(("ataIOPortWriteStr1Data: DUMMY data (%#x bytes)\n", *pcTransfers * cb));
5320 *pcTransfers = 0;
5321 }
5322
5323 PDMCritSectLeave(&pCtl->lock);
5324 }
5325 }
5326 /*
5327 * Let the non-string I/O callback handle 1 byte reads.
5328 */
5329 else
5330 {
5331 Log2(("ataIOPortWriteStr1Data: 1 byte write (%#x transfers)\n", *pcTransfers));
5332 AssertFailed();
5333 rc = VINF_SUCCESS;
5334 }
5335
5336 return rc;
5337}
5338
5339
5340#ifdef IN_RING3
5341
5342static void ataR3DMATransferStop(ATADevState *s)
5343{
5344 s->cbTotalTransfer = 0;
5345 s->cbElementaryTransfer = 0;
5346 s->iBeginTransfer = ATAFN_BT_NULL;
5347 s->iSourceSink = ATAFN_SS_NULL;
5348}
5349
5350
5351/**
5352 * Perform the entire DMA transfer in one go (unless a source/sink operation
5353 * has to be redone or a RESET comes in between). Unlike the PIO counterpart
5354 * this function cannot handle empty transfers.
5355 *
5356 * @param pCtl Controller for which to perform the transfer.
5357 */
5358static void ataR3DMATransfer(PATACONTROLLER pCtl)
5359{
5360 PPDMDEVINS pDevIns = CONTROLLER_2_DEVINS(pCtl);
5361 ATADevState *s = &pCtl->aIfs[pCtl->iAIOIf];
5362 bool fRedo;
5363 RTGCPHYS32 GCPhysDesc;
5364 uint32_t cbTotalTransfer, cbElementaryTransfer;
5365 uint32_t iIOBufferCur, iIOBufferEnd;
5366 PDMMEDIATXDIR uTxDir;
5367 bool fLastDesc = false;
5368
5369 Assert(sizeof(BMDMADesc) == 8);
5370
5371 fRedo = pCtl->fRedo;
5372 if (RT_LIKELY(!fRedo))
5373 Assert(s->cbTotalTransfer);
5374 uTxDir = (PDMMEDIATXDIR)s->uTxDir;
5375 cbTotalTransfer = s->cbTotalTransfer;
5376 cbElementaryTransfer = s->cbElementaryTransfer;
5377 iIOBufferCur = s->iIOBufferCur;
5378 iIOBufferEnd = s->iIOBufferEnd;
5379
5380 /* The DMA loop is designed to hold the lock only when absolutely
5381 * necessary. This avoids long freezes should the guest access the
5382 * ATA registers etc. for some reason. */
5383 ataR3LockLeave(pCtl);
5384
5385 Log2(("%s: %s tx_size=%d elem_tx_size=%d index=%d end=%d\n",
5386 __FUNCTION__, uTxDir == PDMMEDIATXDIR_FROM_DEVICE ? "T2I" : "I2T",
5387 cbTotalTransfer, cbElementaryTransfer,
5388 iIOBufferCur, iIOBufferEnd));
5389 for (GCPhysDesc = pCtl->GCPhysFirstDMADesc;
5390 GCPhysDesc <= pCtl->GCPhysLastDMADesc;
5391 GCPhysDesc += sizeof(BMDMADesc))
5392 {
5393 BMDMADesc DMADesc;
5394 RTGCPHYS32 GCPhysBuffer;
5395 uint32_t cbBuffer;
5396
5397 if (RT_UNLIKELY(fRedo))
5398 {
5399 GCPhysBuffer = pCtl->GCPhysRedoDMABuffer;
5400 cbBuffer = pCtl->cbRedoDMABuffer;
5401 fLastDesc = pCtl->fRedoDMALastDesc;
5402 DMADesc.GCPhysBuffer = DMADesc.cbBuffer = 0; /* Shut up MSC. */
5403 }
5404 else
5405 {
5406 PDMDevHlpPhysRead(pDevIns, GCPhysDesc, &DMADesc, sizeof(BMDMADesc));
5407 GCPhysBuffer = RT_LE2H_U32(DMADesc.GCPhysBuffer);
5408 cbBuffer = RT_LE2H_U32(DMADesc.cbBuffer);
5409 fLastDesc = !!(cbBuffer & 0x80000000);
5410 cbBuffer &= 0xfffe;
5411 if (cbBuffer == 0)
5412 cbBuffer = 0x10000;
5413 if (cbBuffer > cbTotalTransfer)
5414 cbBuffer = cbTotalTransfer;
5415 }
5416
5417 while (RT_UNLIKELY(fRedo) || (cbBuffer && cbTotalTransfer))
5418 {
5419 if (RT_LIKELY(!fRedo))
5420 {
5421 uint32_t cbXfer = RT_MIN(cbBuffer, iIOBufferEnd - iIOBufferCur);
5422 Log2(("%s: DMA desc %#010x: addr=%#010x size=%#010x orig_size=%#010x\n", __FUNCTION__,
5423 (int)GCPhysDesc, GCPhysBuffer, cbBuffer, RT_LE2H_U32(DMADesc.cbBuffer) & 0xfffe));
5424
5425 if (uTxDir == PDMMEDIATXDIR_FROM_DEVICE)
5426 PDMDevHlpPCIPhysWrite(pDevIns, GCPhysBuffer, s->CTX_SUFF(pbIOBuffer) + iIOBufferCur, cbXfer);
5427 else
5428 PDMDevHlpPCIPhysRead(pDevIns, GCPhysBuffer, s->CTX_SUFF(pbIOBuffer) + iIOBufferCur, cbXfer);
5429
5430 iIOBufferCur += cbXfer;
5431 cbTotalTransfer -= cbXfer;
5432 cbBuffer -= cbXfer;
5433 GCPhysBuffer += cbXfer;
5434 }
5435 if ( iIOBufferCur == iIOBufferEnd
5436 && (uTxDir == PDMMEDIATXDIR_TO_DEVICE || cbTotalTransfer))
5437 {
5438 if (uTxDir == PDMMEDIATXDIR_FROM_DEVICE && cbElementaryTransfer > cbTotalTransfer)
5439 cbElementaryTransfer = cbTotalTransfer;
5440
5441 ataR3LockEnter(pCtl);
5442
5443 /* The RESET handler could have cleared the DMA transfer
5444 * state (since we didn't hold the lock until just now
5445 * the guest can continue in parallel). If so, the state
5446 * is already set up so the loop is exited immediately. */
5447 if (s->iSourceSink != ATAFN_SS_NULL)
5448 {
5449 s->iIOBufferCur = iIOBufferCur;
5450 s->iIOBufferEnd = iIOBufferEnd;
5451 s->cbElementaryTransfer = cbElementaryTransfer;
5452 s->cbTotalTransfer = cbTotalTransfer;
5453 Log2(("%s: calling source/sink function\n", __FUNCTION__));
5454 fRedo = g_apfnSourceSinkFuncs[s->iSourceSink](s);
5455 if (RT_UNLIKELY(fRedo))
5456 {
5457 pCtl->GCPhysFirstDMADesc = GCPhysDesc;
5458 pCtl->GCPhysRedoDMABuffer = GCPhysBuffer;
5459 pCtl->cbRedoDMABuffer = cbBuffer;
5460 pCtl->fRedoDMALastDesc = fLastDesc;
5461 }
5462 else
5463 {
5464 cbTotalTransfer = s->cbTotalTransfer;
5465 cbElementaryTransfer = s->cbElementaryTransfer;
5466
5467 if (uTxDir == PDMMEDIATXDIR_TO_DEVICE && cbElementaryTransfer > cbTotalTransfer)
5468 cbElementaryTransfer = cbTotalTransfer;
5469 iIOBufferCur = 0;
5470 iIOBufferEnd = cbElementaryTransfer;
5471 }
5472 pCtl->fRedo = fRedo;
5473 }
5474 else
5475 {
5476 /* This forces the loop to exit immediately. */
5477 GCPhysDesc = pCtl->GCPhysLastDMADesc + 1;
5478 }
5479
5480 ataR3LockLeave(pCtl);
5481 if (RT_UNLIKELY(fRedo))
5482 break;
5483 }
5484 }
5485
5486 if (RT_UNLIKELY(fRedo))
5487 break;
5488
5489 /* end of transfer */
5490 if (!cbTotalTransfer || fLastDesc)
5491 break;
5492
5493 ataR3LockEnter(pCtl);
5494
5495 if (!(pCtl->BmDma.u8Cmd & BM_CMD_START) || pCtl->fReset)
5496 {
5497 LogRel(("PIIX3 ATA: Ctl#%d: ABORT DMA%s\n", ATACONTROLLER_IDX(pCtl), pCtl->fReset ? " due to RESET" : ""));
5498 if (!pCtl->fReset)
5499 ataR3DMATransferStop(s);
5500 /* This forces the loop to exit immediately. */
5501 GCPhysDesc = pCtl->GCPhysLastDMADesc + 1;
5502 }
5503
5504 ataR3LockLeave(pCtl);
5505 }
5506
5507 ataR3LockEnter(pCtl);
5508 if (RT_UNLIKELY(fRedo))
5509 return;
5510
5511 if (fLastDesc)
5512 pCtl->BmDma.u8Status &= ~BM_STATUS_DMAING;
5513 s->cbTotalTransfer = cbTotalTransfer;
5514 s->cbElementaryTransfer = cbElementaryTransfer;
5515 s->iIOBufferCur = iIOBufferCur;
5516 s->iIOBufferEnd = iIOBufferEnd;
5517}
5518
5519/**
5520 * Signal PDM that we're idle (if we actually are).
5521 *
5522 * @param pCtl The controller.
5523 */
5524static void ataR3AsyncSignalIdle(PATACONTROLLER pCtl)
5525{
5526 /*
5527 * Take the lock here and recheck the idle indicator to avoid
5528 * unnecessary work and racing ataR3WaitForAsyncIOIsIdle.
5529 */
5530 int rc = PDMCritSectEnter(&pCtl->AsyncIORequestLock, VINF_SUCCESS);
5531 AssertRC(rc);
5532
5533 if ( pCtl->fSignalIdle
5534 && ataR3AsyncIOIsIdle(pCtl, false /*fStrict*/))
5535 {
5536 PDMDevHlpAsyncNotificationCompleted(pCtl->pDevInsR3);
5537 RTThreadUserSignal(pCtl->AsyncIOThread); /* for ataR3Construct/ataR3ResetCommon. */
5538 }
5539
5540 rc = PDMCritSectLeave(&pCtl->AsyncIORequestLock);
5541 AssertRC(rc);
5542}
5543
5544/**
5545 * Async I/O thread for an interface.
5546 *
5547 * Once upon a time this was readable code with several loops and a different
5548 * semaphore for each purpose. But then came the "how can one save the state in
5549 * the middle of a PIO transfer" question. The solution was to use an ASM,
5550 * which is what's there now.
5551 */
5552static DECLCALLBACK(int) ataR3AsyncIOThread(RTTHREAD hThreadSelf, void *pvUser)
5553{
5554 RT_NOREF1(hThreadSelf);
5555 const ATARequest *pReq;
5556 uint64_t u64TS = 0; /* shut up gcc */
5557 uint64_t uWait;
5558 int rc = VINF_SUCCESS;
5559 PATACONTROLLER pCtl = (PATACONTROLLER)pvUser;
5560 ATADevState *s;
5561
5562 pReq = NULL;
5563 pCtl->fChainedTransfer = false;
5564 while (!pCtl->fShutdown)
5565 {
5566 /* Keep this thread from doing anything as long as EMT is suspended. */
5567 while (pCtl->fRedoIdle)
5568 {
5569 if (pCtl->fSignalIdle)
5570 ataR3AsyncSignalIdle(pCtl);
5571 rc = RTSemEventWait(pCtl->SuspendIOSem, RT_INDEFINITE_WAIT);
5572 /* Continue if we got a signal by RTThreadPoke().
5573 * We will get notified if there is a request to process.
5574 */
5575 if (RT_UNLIKELY(rc == VERR_INTERRUPTED))
5576 continue;
5577 if (RT_FAILURE(rc) || pCtl->fShutdown)
5578 break;
5579
5580 pCtl->fRedoIdle = false;
5581 }
5582
5583 /* Wait for work. */
5584 while (pReq == NULL)
5585 {
5586 if (pCtl->fSignalIdle)
5587 ataR3AsyncSignalIdle(pCtl);
5588 rc = SUPSemEventWaitNoResume(pCtl->pSupDrvSession, pCtl->hAsyncIOSem, RT_INDEFINITE_WAIT);
5589 /* Continue if we got a signal by RTThreadPoke().
5590 * We will get notified if there is a request to process.
5591 */
5592 if (RT_UNLIKELY(rc == VERR_INTERRUPTED))
5593 continue;
5594 if (RT_FAILURE(rc) || RT_UNLIKELY(pCtl->fShutdown))
5595 break;
5596
5597 pReq = ataR3AsyncIOGetCurrentRequest(pCtl);
5598 }
5599
5600 if (RT_FAILURE(rc) || pCtl->fShutdown)
5601 break;
5602
5603 if (pReq == NULL)
5604 continue;
5605
5606 ATAAIO ReqType = pReq->ReqType;
5607
5608 Log2(("%s: Ctl#%d: state=%d, req=%d\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl), pCtl->uAsyncIOState, ReqType));
5609 if (pCtl->uAsyncIOState != ReqType)
5610 {
5611 /* The new state is not the state that was expected by the normal
5612 * state changes. This is either a RESET/ABORT or there's something
5613 * really strange going on. */
5614 if ( (pCtl->uAsyncIOState == ATA_AIO_PIO || pCtl->uAsyncIOState == ATA_AIO_DMA)
5615 && (ReqType == ATA_AIO_PIO || ReqType == ATA_AIO_DMA))
5616 {
5617 /* Incorrect sequence of PIO/DMA states. Dump request queue. */
5618 ataR3AsyncIODumpRequests(pCtl);
5619 }
5620 AssertReleaseMsg( ReqType == ATA_AIO_RESET_ASSERTED
5621 || ReqType == ATA_AIO_RESET_CLEARED
5622 || ReqType == ATA_AIO_ABORT
5623 || pCtl->uAsyncIOState == ReqType,
5624 ("I/O state inconsistent: state=%d request=%d\n", pCtl->uAsyncIOState, ReqType));
5625 }
5626
5627 /* Do our work. */
5628 ataR3LockEnter(pCtl);
5629
5630 if (pCtl->uAsyncIOState == ATA_AIO_NEW && !pCtl->fChainedTransfer)
5631 {
5632 u64TS = RTTimeNanoTS();
5633#if defined(DEBUG) || defined(VBOX_WITH_STATISTICS)
5634 STAM_PROFILE_ADV_START(&pCtl->StatAsyncTime, a);
5635#endif
5636 }
5637
5638 switch (ReqType)
5639 {
5640 case ATA_AIO_NEW:
5641
5642 pCtl->iAIOIf = pReq->u.t.iIf;
5643 s = &pCtl->aIfs[pCtl->iAIOIf];
5644 s->cbTotalTransfer = pReq->u.t.cbTotalTransfer;
5645 s->uTxDir = pReq->u.t.uTxDir;
5646 s->iBeginTransfer = pReq->u.t.iBeginTransfer;
5647 s->iSourceSink = pReq->u.t.iSourceSink;
5648 s->iIOBufferEnd = 0;
5649 s->u64CmdTS = u64TS;
5650
5651 if (s->fATAPI)
5652 {
5653 if (pCtl->fChainedTransfer)
5654 {
5655 /* Only count the actual transfers, not the PIO
5656 * transfer of the ATAPI command bytes. */
5657 if (s->fDMA)
5658 STAM_REL_COUNTER_INC(&s->StatATAPIDMA);
5659 else
5660 STAM_REL_COUNTER_INC(&s->StatATAPIPIO);
5661 }
5662 }
5663 else
5664 {
5665 if (s->fDMA)
5666 STAM_REL_COUNTER_INC(&s->StatATADMA);
5667 else
5668 STAM_REL_COUNTER_INC(&s->StatATAPIO);
5669 }
5670
5671 pCtl->fChainedTransfer = false;
5672
5673 if (s->iBeginTransfer != ATAFN_BT_NULL)
5674 {
5675 Log2(("%s: Ctl#%d: calling begin transfer function\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
5676 g_apfnBeginTransFuncs[s->iBeginTransfer](s);
5677 s->iBeginTransfer = ATAFN_BT_NULL;
5678 if (s->uTxDir != PDMMEDIATXDIR_FROM_DEVICE)
5679 s->iIOBufferEnd = s->cbElementaryTransfer;
5680 }
5681 else
5682 {
5683 s->cbElementaryTransfer = s->cbTotalTransfer;
5684 s->iIOBufferEnd = s->cbTotalTransfer;
5685 }
5686 s->iIOBufferCur = 0;
5687
5688 if (s->uTxDir != PDMMEDIATXDIR_TO_DEVICE)
5689 {
5690 if (s->iSourceSink != ATAFN_SS_NULL)
5691 {
5692 bool fRedo;
5693 Log2(("%s: Ctl#%d: calling source/sink function\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
5694 fRedo = g_apfnSourceSinkFuncs[s->iSourceSink](s);
5695 pCtl->fRedo = fRedo;
5696 if (RT_UNLIKELY(fRedo && !pCtl->fReset))
5697 {
5698 /* Operation failed at the initial transfer, restart
5699 * everything from scratch by resending the current
5700 * request. Occurs very rarely, not worth optimizing. */
5701 LogRel(("%s: Ctl#%d: redo entire operation\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
5702 ataHCAsyncIOPutRequest(pCtl, pReq);
5703 break;
5704 }
5705 }
5706 else
5707 ataR3CmdOK(s, 0);
5708 s->iIOBufferEnd = s->cbElementaryTransfer;
5709
5710 }
5711
5712 /* Do not go into the transfer phase if RESET is asserted.
5713 * The CritSect is released while waiting for the host OS
5714 * to finish the I/O, thus RESET is possible here. Most
5715 * important: do not change uAsyncIOState. */
5716 if (pCtl->fReset)
5717 break;
5718
5719 if (s->fDMA)
5720 {
5721 if (s->cbTotalTransfer)
5722 {
5723 ataSetStatus(s, ATA_STAT_DRQ);
5724
5725 pCtl->uAsyncIOState = ATA_AIO_DMA;
5726 /* If BMDMA is already started, do the transfer now. */
5727 if (pCtl->BmDma.u8Cmd & BM_CMD_START)
5728 {
5729 Log2(("%s: Ctl#%d: message to async I/O thread, continuing DMA transfer immediately\n",
5730 __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
5731 ataHCAsyncIOPutRequest(pCtl, &g_ataDMARequest);
5732 }
5733 }
5734 else
5735 {
5736 Assert(s->uTxDir == PDMMEDIATXDIR_NONE); /* Any transfer which has an initial transfer size of 0 must be marked as such. */
5737 /* Finish DMA transfer. */
5738 ataR3DMATransferStop(s);
5739 ataHCSetIRQ(s);
5740 pCtl->uAsyncIOState = ATA_AIO_NEW;
5741 }
5742 }
5743 else
5744 {
5745 if (s->cbTotalTransfer)
5746 {
5747 ataHCPIOTransfer(pCtl);
5748 Assert(!pCtl->fRedo);
5749 if (s->fATAPITransfer || s->uTxDir != PDMMEDIATXDIR_TO_DEVICE)
5750 ataHCSetIRQ(s);
5751
5752 if (s->uTxDir == PDMMEDIATXDIR_TO_DEVICE || s->iSourceSink != ATAFN_SS_NULL)
5753 {
5754 /* Write operations and not yet finished transfers
5755 * must be completed in the async I/O thread. */
5756 pCtl->uAsyncIOState = ATA_AIO_PIO;
5757 }
5758 else
5759 {
5760 /* Finished read operation can be handled inline
5761 * in the end of PIO transfer handling code. Linux
5762 * depends on this, as it waits only briefly for
5763 * devices to become ready after incoming data
5764 * transfer. Cannot find anything in the ATA spec
5765 * that backs this assumption, but as all kernels
5766 * are affected (though most of the time it does
5767 * not cause any harm) this must work. */
5768 pCtl->uAsyncIOState = ATA_AIO_NEW;
5769 }
5770 }
5771 else
5772 {
5773 Assert(s->uTxDir == PDMMEDIATXDIR_NONE); /* Any transfer which has an initial transfer size of 0 must be marked as such. */
5774 /* Finish PIO transfer. */
5775 ataHCPIOTransfer(pCtl);
5776 Assert(!pCtl->fRedo);
5777 if (!s->fATAPITransfer)
5778 ataHCSetIRQ(s);
5779 pCtl->uAsyncIOState = ATA_AIO_NEW;
5780 }
5781 }
5782 break;
5783
5784 case ATA_AIO_DMA:
5785 {
5786 BMDMAState *bm = &pCtl->BmDma;
5787 s = &pCtl->aIfs[pCtl->iAIOIf]; /* Do not remove or there's an instant crash after loading the saved state */
5788 ATAFNSS iOriginalSourceSink = (ATAFNSS)s->iSourceSink; /* Used by the hack below, but gets reset by then. */
5789
5790 if (s->uTxDir == PDMMEDIATXDIR_FROM_DEVICE)
5791 AssertRelease(bm->u8Cmd & BM_CMD_WRITE);
5792 else
5793 AssertRelease(!(bm->u8Cmd & BM_CMD_WRITE));
5794
5795 if (RT_LIKELY(!pCtl->fRedo))
5796 {
5797 /* The specs say that the descriptor table must not cross a
5798 * 4K boundary. */
5799 pCtl->GCPhysFirstDMADesc = bm->GCPhysAddr;
5800 pCtl->GCPhysLastDMADesc = RT_ALIGN_32(bm->GCPhysAddr + 1, _4K) - sizeof(BMDMADesc);
5801 }
5802 ataR3DMATransfer(pCtl);
5803
5804 if (RT_UNLIKELY(pCtl->fRedo && !pCtl->fReset))
5805 {
5806 LogRel(("PIIX3 ATA: Ctl#%d: redo DMA operation\n", ATACONTROLLER_IDX(pCtl)));
5807 ataHCAsyncIOPutRequest(pCtl, &g_ataDMARequest);
5808 break;
5809 }
5810
5811 /* The infamous delay IRQ hack. */
5812 if ( iOriginalSourceSink == ATAFN_SS_WRITE_SECTORS
5813 && s->cbTotalTransfer == 0
5814 && pCtl->DelayIRQMillies)
5815 {
5816 /* Delay IRQ for writing. Required to get the Win2K
5817 * installation work reliably (otherwise it crashes,
5818 * usually during component install). So far no better
5819 * solution has been found. */
5820 Log(("%s: delay IRQ hack\n", __FUNCTION__));
5821 ataR3LockLeave(pCtl);
5822 RTThreadSleep(pCtl->DelayIRQMillies);
5823 ataR3LockEnter(pCtl);
5824 }
5825
5826 ataUnsetStatus(s, ATA_STAT_DRQ);
5827 Assert(!pCtl->fChainedTransfer);
5828 Assert(s->iSourceSink == ATAFN_SS_NULL);
5829 if (s->fATAPITransfer)
5830 {
5831 s->uATARegNSector = (s->uATARegNSector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
5832 Log2(("%s: Ctl#%d: interrupt reason %#04x\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl), s->uATARegNSector));
5833 s->fATAPITransfer = false;
5834 }
5835 ataHCSetIRQ(s);
5836 pCtl->uAsyncIOState = ATA_AIO_NEW;
5837 break;
5838 }
5839
5840 case ATA_AIO_PIO:
5841 s = &pCtl->aIfs[pCtl->iAIOIf]; /* Do not remove or there's an instant crash after loading the saved state */
5842
5843 if (s->iSourceSink != ATAFN_SS_NULL)
5844 {
5845 bool fRedo;
5846 Log2(("%s: Ctl#%d: calling source/sink function\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
5847 fRedo = g_apfnSourceSinkFuncs[s->iSourceSink](s);
5848 pCtl->fRedo = fRedo;
5849 if (RT_UNLIKELY(fRedo && !pCtl->fReset))
5850 {
5851 LogRel(("PIIX3 ATA: Ctl#%d: redo PIO operation\n", ATACONTROLLER_IDX(pCtl)));
5852 ataHCAsyncIOPutRequest(pCtl, &g_ataPIORequest);
5853 break;
5854 }
5855 s->iIOBufferCur = 0;
5856 s->iIOBufferEnd = s->cbElementaryTransfer;
5857 }
5858 else
5859 {
5860 /* Continue a previously started transfer. */
5861 ataUnsetStatus(s, ATA_STAT_BUSY);
5862 ataSetStatus(s, ATA_STAT_READY);
5863 }
5864
5865 /* It is possible that the drives on this controller get RESET
5866 * during the above call to the source/sink function. If that's
5867 * the case, don't restart the transfer and don't finish it the
5868 * usual way. RESET handling took care of all that already.
5869 * Most important: do not change uAsyncIOState. */
5870 if (pCtl->fReset)
5871 break;
5872
5873 if (s->cbTotalTransfer)
5874 {
5875 ataHCPIOTransfer(pCtl);
5876 ataHCSetIRQ(s);
5877
5878 if (s->uTxDir == PDMMEDIATXDIR_TO_DEVICE || s->iSourceSink != ATAFN_SS_NULL)
5879 {
5880 /* Write operations and not yet finished transfers
5881 * must be completed in the async I/O thread. */
5882 pCtl->uAsyncIOState = ATA_AIO_PIO;
5883 }
5884 else
5885 {
5886 /* Finished read operation can be handled inline
5887 * in the end of PIO transfer handling code. Linux
5888 * depends on this, as it waits only briefly for
5889 * devices to become ready after incoming data
5890 * transfer. Cannot find anything in the ATA spec
5891 * that backs this assumption, but as all kernels
5892 * are affected (though most of the time it does
5893 * not cause any harm) this must work. */
5894 pCtl->uAsyncIOState = ATA_AIO_NEW;
5895 }
5896 }
5897 else
5898 {
5899 /* Finish PIO transfer. */
5900 ataHCPIOTransfer(pCtl);
5901 if ( !pCtl->fChainedTransfer
5902 && !s->fATAPITransfer
5903 && s->uTxDir != PDMMEDIATXDIR_FROM_DEVICE)
5904 {
5905 ataHCSetIRQ(s);
5906 }
5907 pCtl->uAsyncIOState = ATA_AIO_NEW;
5908 }
5909 break;
5910
5911 case ATA_AIO_RESET_ASSERTED:
5912 pCtl->uAsyncIOState = ATA_AIO_RESET_CLEARED;
5913 ataHCPIOTransferStop(&pCtl->aIfs[0]);
5914 ataHCPIOTransferStop(&pCtl->aIfs[1]);
5915 /* Do not change the DMA registers, they are not affected by the
5916 * ATA controller reset logic. It should be sufficient to issue a
5917 * new command, which is now possible as the state is cleared. */
5918 break;
5919
5920 case ATA_AIO_RESET_CLEARED:
5921 pCtl->uAsyncIOState = ATA_AIO_NEW;
5922 pCtl->fReset = false;
5923 /* Ensure that half-completed transfers are not redone. A reset
5924 * cancels the entire transfer, so continuing is wrong. */
5925 pCtl->fRedo = false;
5926 pCtl->fRedoDMALastDesc = false;
5927 LogRel(("PIIX3 ATA: Ctl#%d: finished processing RESET\n",
5928 ATACONTROLLER_IDX(pCtl)));
5929 for (uint32_t i = 0; i < RT_ELEMENTS(pCtl->aIfs); i++)
5930 {
5931 if (pCtl->aIfs[i].fATAPI)
5932 ataSetStatusValue(&pCtl->aIfs[i], 0); /* NOTE: READY is _not_ set */
5933 else
5934 ataSetStatusValue(&pCtl->aIfs[i], ATA_STAT_READY | ATA_STAT_SEEK);
5935 ataR3SetSignature(&pCtl->aIfs[i]);
5936 }
5937 break;
5938
5939 case ATA_AIO_ABORT:
5940 /* Abort the current command no matter what. There cannot be
5941 * any command activity on the other drive otherwise using
5942 * one thread per controller wouldn't work at all. */
5943 s = &pCtl->aIfs[pReq->u.a.iIf];
5944
5945 pCtl->uAsyncIOState = ATA_AIO_NEW;
5946 /* Do not change the DMA registers, they are not affected by the
5947 * ATA controller reset logic. It should be sufficient to issue a
5948 * new command, which is now possible as the state is cleared. */
5949 if (pReq->u.a.fResetDrive)
5950 {
5951 ataR3ResetDevice(s);
5952 ataR3DeviceDiag(s);
5953 }
5954 else
5955 {
5956 /* Stop any pending DMA transfer. */
5957 s->fDMA = false;
5958 ataHCPIOTransferStop(s);
5959 ataUnsetStatus(s, ATA_STAT_BUSY | ATA_STAT_DRQ | ATA_STAT_SEEK | ATA_STAT_ERR);
5960 ataSetStatus(s, ATA_STAT_READY);
5961 ataHCSetIRQ(s);
5962 }
5963 break;
5964
5965 default:
5966 AssertMsgFailed(("Undefined async I/O state %d\n", pCtl->uAsyncIOState));
5967 }
5968
5969 ataR3AsyncIORemoveCurrentRequest(pCtl, ReqType);
5970 pReq = ataR3AsyncIOGetCurrentRequest(pCtl);
5971
5972 if (pCtl->uAsyncIOState == ATA_AIO_NEW && !pCtl->fChainedTransfer)
5973 {
5974# if defined(DEBUG) || defined(VBOX_WITH_STATISTICS)
5975 STAM_PROFILE_ADV_STOP(&pCtl->StatAsyncTime, a);
5976# endif
5977
5978 u64TS = RTTimeNanoTS() - u64TS;
5979 uWait = u64TS / 1000;
5980 Log(("%s: Ctl#%d: LUN#%d finished I/O transaction in %d microseconds\n",
5981 __FUNCTION__, ATACONTROLLER_IDX(pCtl), pCtl->aIfs[pCtl->iAIOIf].iLUN, (uint32_t)(uWait)));
5982 /* Mark command as finished. */
5983 pCtl->aIfs[pCtl->iAIOIf].u64CmdTS = 0;
5984
5985 /*
5986 * Release logging of command execution times depends on the
5987 * command type. ATAPI commands often take longer (due to CD/DVD
5988 * spin up time etc.) so the threshold is different.
5989 */
5990 if (pCtl->aIfs[pCtl->iAIOIf].uATARegCommand != ATA_PACKET)
5991 {
5992 if (uWait > 8 * 1000 * 1000)
5993 {
5994 /*
5995 * Command took longer than 8 seconds. This is close
5996 * enough or over the guest's command timeout, so place
5997 * an entry in the release log to allow tracking such
5998 * timing errors (which are often caused by the host).
5999 */
6000 LogRel(("PIIX3 ATA: execution time for ATA command %#04x was %d seconds\n",
6001 pCtl->aIfs[pCtl->iAIOIf].uATARegCommand, uWait / (1000 * 1000)));
6002 }
6003 }
6004 else
6005 {
6006 if (uWait > 20 * 1000 * 1000)
6007 {
6008 /*
6009 * Command took longer than 20 seconds. This is close
6010 * enough or over the guest's command timeout, so place
6011 * an entry in the release log to allow tracking such
6012 * timing errors (which are often caused by the host).
6013 */
6014 LogRel(("PIIX3 ATA: execution time for ATAPI command %#04x was %d seconds\n",
6015 pCtl->aIfs[pCtl->iAIOIf].aATAPICmd[0], uWait / (1000 * 1000)));
6016 }
6017 }
6018
6019# if defined(DEBUG) || defined(VBOX_WITH_STATISTICS)
6020 if (uWait < pCtl->StatAsyncMinWait || !pCtl->StatAsyncMinWait)
6021 pCtl->StatAsyncMinWait = uWait;
6022 if (uWait > pCtl->StatAsyncMaxWait)
6023 pCtl->StatAsyncMaxWait = uWait;
6024
6025 STAM_COUNTER_ADD(&pCtl->StatAsyncTimeUS, uWait);
6026 STAM_COUNTER_INC(&pCtl->StatAsyncOps);
6027# endif /* DEBUG || VBOX_WITH_STATISTICS */
6028 }
6029
6030 ataR3LockLeave(pCtl);
6031 }
6032
6033 /* Signal the ultimate idleness. */
6034 RTThreadUserSignal(pCtl->AsyncIOThread);
6035 if (pCtl->fSignalIdle)
6036 PDMDevHlpAsyncNotificationCompleted(pCtl->pDevInsR3);
6037
6038 /* Cleanup the state. */
6039 /* Do not destroy request lock yet, still needed for proper shutdown. */
6040 pCtl->fShutdown = false;
6041
6042 Log2(("%s: Ctl#%d: return %Rrc\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl), rc));
6043 return rc;
6044}
6045
6046#endif /* IN_RING3 */
6047
6048static uint32_t ataBMDMACmdReadB(PATACONTROLLER pCtl, uint32_t addr)
6049{
6050 uint32_t val = pCtl->BmDma.u8Cmd;
6051 RT_NOREF1(addr);
6052 Log2(("%s: addr=%#06x val=%#04x\n", __FUNCTION__, addr, val));
6053 return val;
6054}
6055
6056
6057static void ataBMDMACmdWriteB(PATACONTROLLER pCtl, uint32_t addr, uint32_t val)
6058{
6059 RT_NOREF1(addr);
6060 Log2(("%s: addr=%#06x val=%#04x\n", __FUNCTION__, addr, val));
6061 if (!(val & BM_CMD_START))
6062 {
6063 pCtl->BmDma.u8Status &= ~BM_STATUS_DMAING;
6064 pCtl->BmDma.u8Cmd = val & (BM_CMD_START | BM_CMD_WRITE);
6065 }
6066 else
6067 {
6068#ifndef IN_RC
6069 /* Check whether the guest OS wants to change DMA direction in
6070 * mid-flight. Not allowed, according to the PIIX3 specs. */
6071 Assert(!(pCtl->BmDma.u8Status & BM_STATUS_DMAING) || !((val ^ pCtl->BmDma.u8Cmd) & 0x04));
6072 uint8_t uOldBmDmaStatus = pCtl->BmDma.u8Status;
6073 pCtl->BmDma.u8Status |= BM_STATUS_DMAING;
6074 pCtl->BmDma.u8Cmd = val & (BM_CMD_START | BM_CMD_WRITE);
6075
6076 /* Do not continue DMA transfers while the RESET line is asserted. */
6077 if (pCtl->fReset)
6078 {
6079 Log2(("%s: Ctl#%d: suppressed continuing DMA transfer as RESET is active\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
6080 return;
6081 }
6082
6083 /* Do not start DMA transfers if there's a PIO transfer going on,
6084 * or if there is already a transfer started on this controller. */
6085 if ( !pCtl->aIfs[pCtl->iSelectedIf].fDMA
6086 || (uOldBmDmaStatus & BM_STATUS_DMAING))
6087 return;
6088
6089 if (pCtl->aIfs[pCtl->iAIOIf].uATARegStatus & ATA_STAT_DRQ)
6090 {
6091 Log2(("%s: Ctl#%d: message to async I/O thread, continuing DMA transfer\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
6092 ataHCAsyncIOPutRequest(pCtl, &g_ataDMARequest);
6093 }
6094#else /* !IN_RING3 */
6095 AssertMsgFailed(("DMA START handling is too complicated for RC\n"));
6096#endif /* IN_RING3 */
6097 }
6098}
6099
6100static uint32_t ataBMDMAStatusReadB(PATACONTROLLER pCtl, uint32_t addr)
6101{
6102 uint32_t val = pCtl->BmDma.u8Status;
6103 RT_NOREF1(addr);
6104 Log2(("%s: addr=%#06x val=%#04x\n", __FUNCTION__, addr, val));
6105 return val;
6106}
6107
6108static void ataBMDMAStatusWriteB(PATACONTROLLER pCtl, uint32_t addr, uint32_t val)
6109{
6110 RT_NOREF1(addr);
6111 Log2(("%s: addr=%#06x val=%#04x\n", __FUNCTION__, addr, val));
6112 pCtl->BmDma.u8Status = (val & (BM_STATUS_D0DMA | BM_STATUS_D1DMA))
6113 | (pCtl->BmDma.u8Status & BM_STATUS_DMAING)
6114 | (pCtl->BmDma.u8Status & ~val & (BM_STATUS_ERROR | BM_STATUS_INT));
6115}
6116
6117static uint32_t ataBMDMAAddrReadL(PATACONTROLLER pCtl, uint32_t addr)
6118{
6119 uint32_t val = (uint32_t)pCtl->BmDma.GCPhysAddr;
6120 RT_NOREF1(addr);
6121 Log2(("%s: addr=%#06x val=%#010x\n", __FUNCTION__, addr, val));
6122 return val;
6123}
6124
6125static void ataBMDMAAddrWriteL(PATACONTROLLER pCtl, uint32_t addr, uint32_t val)
6126{
6127 RT_NOREF1(addr);
6128 Log2(("%s: addr=%#06x val=%#010x\n", __FUNCTION__, addr, val));
6129 pCtl->BmDma.GCPhysAddr = val & ~3;
6130}
6131
6132static void ataBMDMAAddrWriteLowWord(PATACONTROLLER pCtl, uint32_t addr, uint32_t val)
6133{
6134 RT_NOREF1(addr);
6135 Log2(("%s: addr=%#06x val=%#010x\n", __FUNCTION__, addr, val));
6136 pCtl->BmDma.GCPhysAddr = (pCtl->BmDma.GCPhysAddr & 0xFFFF0000) | RT_LOWORD(val & ~3);
6137
6138}
6139
6140static void ataBMDMAAddrWriteHighWord(PATACONTROLLER pCtl, uint32_t addr, uint32_t val)
6141{
6142 Log2(("%s: addr=%#06x val=%#010x\n", __FUNCTION__, addr, val));
6143 RT_NOREF1(addr);
6144 pCtl->BmDma.GCPhysAddr = (RT_LOWORD(val) << 16) | RT_LOWORD(pCtl->BmDma.GCPhysAddr);
6145}
6146
6147#define VAL(port, size) ( ((port) & 7) | ((size) << 3) )
6148
6149/**
6150 * Port I/O Handler for bus master DMA IN operations.
6151 * @see FNIOMIOPORTIN for details.
6152 */
6153PDMBOTHCBDECL(int) ataBMDMAIOPortRead(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t *pu32, unsigned cb)
6154{
6155 uint32_t i = (uint32_t)(uintptr_t)pvUser;
6156 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
6157 PATACONTROLLER pCtl = &pThis->aCts[i];
6158
6159 int rc = PDMCritSectEnter(&pCtl->lock, VINF_IOM_R3_IOPORT_READ);
6160 if (rc != VINF_SUCCESS)
6161 return rc;
6162 switch (VAL(Port, cb))
6163 {
6164 case VAL(0, 1): *pu32 = ataBMDMACmdReadB(pCtl, Port); break;
6165 case VAL(0, 2): *pu32 = ataBMDMACmdReadB(pCtl, Port); break;
6166 case VAL(2, 1): *pu32 = ataBMDMAStatusReadB(pCtl, Port); break;
6167 case VAL(2, 2): *pu32 = ataBMDMAStatusReadB(pCtl, Port); break;
6168 case VAL(4, 4): *pu32 = ataBMDMAAddrReadL(pCtl, Port); break;
6169 case VAL(0, 4):
6170 /* The SCO OpenServer tries to read 4 bytes starting from offset 0. */
6171 *pu32 = ataBMDMACmdReadB(pCtl, Port) | (ataBMDMAStatusReadB(pCtl, Port) << 16);
6172 break;
6173 default:
6174 AssertMsgFailed(("%s: Unsupported read from port %x size=%d\n", __FUNCTION__, Port, cb));
6175 rc = VERR_IOM_IOPORT_UNUSED;
6176 break;
6177 }
6178 PDMCritSectLeave(&pCtl->lock);
6179 return rc;
6180}
6181
6182/**
6183 * Port I/O Handler for bus master DMA OUT operations.
6184 * @see FNIOMIOPORTOUT for details.
6185 */
6186PDMBOTHCBDECL(int) ataBMDMAIOPortWrite(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t u32, unsigned cb)
6187{
6188 uint32_t i = (uint32_t)(uintptr_t)pvUser;
6189 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
6190 PATACONTROLLER pCtl = &pThis->aCts[i];
6191
6192 int rc = PDMCritSectEnter(&pCtl->lock, VINF_IOM_R3_IOPORT_WRITE);
6193 if (rc != VINF_SUCCESS)
6194 return rc;
6195 switch (VAL(Port, cb))
6196 {
6197 case VAL(0, 1):
6198#ifdef IN_RC
6199 if (u32 & BM_CMD_START)
6200 {
6201 rc = VINF_IOM_R3_IOPORT_WRITE;
6202 break;
6203 }
6204#endif
6205 ataBMDMACmdWriteB(pCtl, Port, u32);
6206 break;
6207 case VAL(2, 1): ataBMDMAStatusWriteB(pCtl, Port, u32); break;
6208 case VAL(4, 4): ataBMDMAAddrWriteL(pCtl, Port, u32); break;
6209 case VAL(4, 2): ataBMDMAAddrWriteLowWord(pCtl, Port, u32); break;
6210 case VAL(6, 2): ataBMDMAAddrWriteHighWord(pCtl, Port, u32); break;
6211 default: AssertMsgFailed(("%s: Unsupported write to port %x size=%d val=%x\n", __FUNCTION__, Port, cb, u32)); break;
6212 }
6213 PDMCritSectLeave(&pCtl->lock);
6214 return rc;
6215}
6216
6217#undef VAL
6218
6219#ifdef IN_RING3
6220
6221/**
6222 * @callback_method_impl{FNPCIIOREGIONMAP}
6223 */
6224static DECLCALLBACK(int) ataR3BMDMAIORangeMap(PPDMDEVINS pDevIns, PPDMPCIDEV pPciDev, uint32_t iRegion,
6225 RTGCPHYS GCPhysAddress, RTGCPHYS cb, PCIADDRESSSPACE enmType)
6226{
6227 RT_NOREF(iRegion, cb, enmType, pPciDev);
6228 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
6229 int rc = VINF_SUCCESS;
6230 Assert(enmType == PCI_ADDRESS_SPACE_IO);
6231 Assert(iRegion == 4);
6232 AssertMsg(RT_ALIGN(GCPhysAddress, 8) == GCPhysAddress, ("Expected 8 byte alignment. GCPhysAddress=%#x\n", GCPhysAddress));
6233
6234 /* Register the port range. */
6235 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
6236 {
6237 int rc2 = PDMDevHlpIOPortRegister(pDevIns, (RTIOPORT)GCPhysAddress + i * 8, 8,
6238 (RTHCPTR)(uintptr_t)i, ataBMDMAIOPortWrite, ataBMDMAIOPortRead,
6239 NULL, NULL, "ATA Bus Master DMA");
6240 AssertRC(rc2);
6241 if (rc2 < rc)
6242 rc = rc2;
6243
6244 if (pThis->fRCEnabled)
6245 {
6246 rc2 = PDMDevHlpIOPortRegisterRC(pDevIns, (RTIOPORT)GCPhysAddress + i * 8, 8,
6247 (RTGCPTR)i, "ataBMDMAIOPortWrite", "ataBMDMAIOPortRead",
6248 NULL, NULL, "ATA Bus Master DMA");
6249 AssertRC(rc2);
6250 if (rc2 < rc)
6251 rc = rc2;
6252 }
6253 if (pThis->fR0Enabled)
6254 {
6255 rc2 = PDMDevHlpIOPortRegisterR0(pDevIns, (RTIOPORT)GCPhysAddress + i * 8, 8,
6256 (RTR0PTR)i, "ataBMDMAIOPortWrite", "ataBMDMAIOPortRead",
6257 NULL, NULL, "ATA Bus Master DMA");
6258 AssertRC(rc2);
6259 if (rc2 < rc)
6260 rc = rc2;
6261 }
6262 }
6263 return rc;
6264}
6265
6266
6267/* -=-=-=-=-=- PCIATAState::IBase -=-=-=-=-=- */
6268
6269/**
6270 * @interface_method_impl{PDMIBASE,pfnQueryInterface}
6271 */
6272static DECLCALLBACK(void *) ataR3Status_QueryInterface(PPDMIBASE pInterface, const char *pszIID)
6273{
6274 PCIATAState *pThis = RT_FROM_MEMBER(pInterface, PCIATAState, IBase);
6275 PDMIBASE_RETURN_INTERFACE(pszIID, PDMIBASE, &pThis->IBase);
6276 PDMIBASE_RETURN_INTERFACE(pszIID, PDMILEDPORTS, &pThis->ILeds);
6277 return NULL;
6278}
6279
6280
6281/* -=-=-=-=-=- PCIATAState::ILeds -=-=-=-=-=- */
6282
6283/**
6284 * Gets the pointer to the status LED of a unit.
6285 *
6286 * @returns VBox status code.
6287 * @param pInterface Pointer to the interface structure containing the called function pointer.
6288 * @param iLUN The unit which status LED we desire.
6289 * @param ppLed Where to store the LED pointer.
6290 */
6291static DECLCALLBACK(int) ataR3Status_QueryStatusLed(PPDMILEDPORTS pInterface, unsigned iLUN, PPDMLED *ppLed)
6292{
6293 PCIATAState *pThis = RT_FROM_MEMBER(pInterface, PCIATAState, ILeds);
6294 if (iLUN < 4)
6295 {
6296 switch (iLUN)
6297 {
6298 case 0: *ppLed = &pThis->aCts[0].aIfs[0].Led; break;
6299 case 1: *ppLed = &pThis->aCts[0].aIfs[1].Led; break;
6300 case 2: *ppLed = &pThis->aCts[1].aIfs[0].Led; break;
6301 case 3: *ppLed = &pThis->aCts[1].aIfs[1].Led; break;
6302 }
6303 Assert((*ppLed)->u32Magic == PDMLED_MAGIC);
6304 return VINF_SUCCESS;
6305 }
6306 return VERR_PDM_LUN_NOT_FOUND;
6307}
6308
6309
6310/* -=-=-=-=-=- ATADevState::IBase -=-=-=-=-=- */
6311
6312/**
6313 * @interface_method_impl{PDMIBASE,pfnQueryInterface}
6314 */
6315static DECLCALLBACK(void *) ataR3QueryInterface(PPDMIBASE pInterface, const char *pszIID)
6316{
6317 ATADevState *pIf = RT_FROM_MEMBER(pInterface, ATADevState, IBase);
6318 PDMIBASE_RETURN_INTERFACE(pszIID, PDMIBASE, &pIf->IBase);
6319 PDMIBASE_RETURN_INTERFACE(pszIID, PDMIMEDIAPORT, &pIf->IPort);
6320 PDMIBASE_RETURN_INTERFACE(pszIID, PDMIMOUNTNOTIFY, &pIf->IMountNotify);
6321 return NULL;
6322}
6323
6324
6325/* -=-=-=-=-=- ATADevState::IPort -=-=-=-=-=- */
6326
6327/**
6328 * @interface_method_impl{PDMIMEDIAPORT,pfnQueryDeviceLocation}
6329 */
6330static DECLCALLBACK(int) ataR3QueryDeviceLocation(PPDMIMEDIAPORT pInterface, const char **ppcszController,
6331 uint32_t *piInstance, uint32_t *piLUN)
6332{
6333 ATADevState *pIf = RT_FROM_MEMBER(pInterface, ATADevState, IPort);
6334 PPDMDEVINS pDevIns = pIf->CTX_SUFF(pDevIns);
6335
6336 AssertPtrReturn(ppcszController, VERR_INVALID_POINTER);
6337 AssertPtrReturn(piInstance, VERR_INVALID_POINTER);
6338 AssertPtrReturn(piLUN, VERR_INVALID_POINTER);
6339
6340 *ppcszController = pDevIns->pReg->szName;
6341 *piInstance = pDevIns->iInstance;
6342 *piLUN = pIf->iLUN;
6343
6344 return VINF_SUCCESS;
6345}
6346
6347#endif /* IN_RING3 */
6348
6349/* -=-=-=-=-=- Wrappers -=-=-=-=-=- */
6350
6351
6352/**
6353 * Port I/O Handler for OUT operations on unpopulated IDE channels.
6354 * @see FNIOMIOPORTOUT for details.
6355 */
6356PDMBOTHCBDECL(int) ataIOPortWriteEmptyBus(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t u32, unsigned cb)
6357{
6358 uint32_t i = (uint32_t)(uintptr_t)pvUser;
6359 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
6360 PATACONTROLLER pCtl = &pThis->aCts[i];
6361#ifndef VBOX_LOG_ENABLED
6362 RT_NOREF(Port); RT_NOREF(cb); RT_NOREF(u32); RT_NOREF(pCtl);
6363#endif
6364
6365 Assert(i < 2);
6366 Assert(!pCtl->aIfs[0].pDrvMedia && !pCtl->aIfs[1].pDrvMedia);
6367
6368 /* This is simply a black hole, writes on unpopulated IDE channels elicit no response. */
6369 LogFunc(("Empty bus: Ignoring write to port %x val=%x size=%d\n", Port, u32, cb));
6370 return VINF_SUCCESS;
6371}
6372
6373
6374/**
6375 * Port I/O Handler for IN operations on unpopulated IDE channels.
6376 * @see FNIOMIOPORTIN for details.
6377 */
6378PDMBOTHCBDECL(int) ataIOPortReadEmptyBus(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t *pu32, unsigned cb)
6379{
6380 uint32_t i = (uint32_t)(uintptr_t)pvUser;
6381 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
6382 PATACONTROLLER pCtl = &pThis->aCts[i];
6383#ifndef VBOX_LOG_ENABLED
6384 RT_NOREF(Port); RT_NOREF(pCtl);
6385#endif
6386
6387 Assert(i < 2);
6388 Assert(cb <= 4);
6389 Assert(!pCtl->aIfs[0].pDrvMedia && !pCtl->aIfs[1].pDrvMedia);
6390
6391 /*
6392 * Reads on unpopulated IDE channels behave in a unique way. Newer ATA specifications
6393 * mandate that the host must have a pull-down resistor on signal DD7. As a consequence,
6394 * bit 7 is always read as zero. This greatly aids in ATA device detection because
6395 * the empty bus does not look to the host like a permanently busy drive, and no long
6396 * timeouts (on the order of 30 seconds) are needed.
6397 *
6398 * The response is entirely static and does not require any locking or other fancy
6399 * stuff. Breaking it out simplifies the I/O handling for non-empty IDE channels which
6400 * is quite complicated enough already.
6401 */
6402 *pu32 = ATA_EMPTY_BUS_DATA_32 >> ((4 - cb) * 8);
6403 LogFunc(("Empty bus: port %x val=%x size=%d\n", Port, *pu32, cb));
6404 return VINF_SUCCESS;
6405}
6406
6407
6408/**
6409 * Port I/O Handler for primary port range OUT operations.
6410 * @see FNIOMIOPORTOUT for details.
6411 */
6412PDMBOTHCBDECL(int) ataIOPortWrite1Other(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t u32, unsigned cb)
6413{
6414 uint32_t i = (uint32_t)(uintptr_t)pvUser;
6415 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
6416 PATACONTROLLER pCtl = &pThis->aCts[i];
6417
6418 Assert(i < 2);
6419 Assert(Port != pCtl->IOPortBase1);
6420
6421 int rc = PDMCritSectEnter(&pCtl->lock, VINF_IOM_R3_IOPORT_WRITE);
6422 if (rc == VINF_SUCCESS)
6423 {
6424 /* Writes to the other command block ports should be 8-bit only. If they
6425 * are not, the high bits are simply discarded. Undocumented, but observed
6426 * on a real PIIX4 system.
6427 */
6428 if (cb > 1)
6429 Log(("ataIOPortWrite1: suspect write to port %x val=%x size=%d\n", Port, u32, cb));
6430
6431 rc = ataIOPortWriteU8(pCtl, Port, u32);
6432
6433 PDMCritSectLeave(&pCtl->lock);
6434 }
6435 return rc;
6436}
6437
6438
6439/**
6440 * Port I/O Handler for primary port range IN operations.
6441 * @see FNIOMIOPORTIN for details.
6442 */
6443PDMBOTHCBDECL(int) ataIOPortRead1Other(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t *pu32, unsigned cb)
6444{
6445 uint32_t i = (uint32_t)(uintptr_t)pvUser;
6446 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
6447 PATACONTROLLER pCtl = &pThis->aCts[i];
6448
6449 Assert(i < 2);
6450 Assert(Port != pCtl->IOPortBase1);
6451
6452 int rc = PDMCritSectEnter(&pCtl->lock, VINF_IOM_R3_IOPORT_READ);
6453 if (rc == VINF_SUCCESS)
6454 {
6455 /* Reads from the other command block registers should be 8-bit only.
6456 * If they are not, the low byte is propagated to the high bits.
6457 * Undocumented, but observed on a real PIIX4 system.
6458 */
6459 rc = ataIOPortReadU8(pCtl, Port, pu32);
6460 if (cb > 1)
6461 {
6462 uint32_t pad;
6463
6464 /* Replicate the 8-bit result into the upper three bytes. */
6465 pad = *pu32 & 0xff;
6466 pad = pad | (pad << 8);
6467 pad = pad | (pad << 16);
6468 *pu32 = pad;
6469 Log(("ataIOPortRead1: suspect read from port %x size=%d\n", Port, cb));
6470 }
6471 PDMCritSectLeave(&pCtl->lock);
6472 }
6473 return rc;
6474}
6475
6476
6477/**
6478 * Port I/O Handler for secondary port range OUT operations.
6479 * @see FNIOMIOPORTOUT for details.
6480 */
6481PDMBOTHCBDECL(int) ataIOPortWrite2(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t u32, unsigned cb)
6482{
6483 uint32_t i = (uint32_t)(uintptr_t)pvUser;
6484 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
6485 PATACONTROLLER pCtl = &pThis->aCts[i];
6486 int rc;
6487
6488 Assert(i < 2);
6489
6490 if (cb == 1)
6491 {
6492 rc = PDMCritSectEnter(&pCtl->lock, VINF_IOM_R3_IOPORT_WRITE);
6493 if (rc == VINF_SUCCESS)
6494 {
6495 rc = ataControlWrite(pCtl, Port, u32);
6496 PDMCritSectLeave(&pCtl->lock);
6497 }
6498 }
6499 else
6500 {
6501 Log(("ataIOPortWrite2: ignoring write to port %x size=%d!\n", Port, cb));
6502 rc = VINF_SUCCESS;
6503 }
6504 return rc;
6505}
6506
6507
6508/**
6509 * Port I/O Handler for secondary port range IN operations.
6510 * @see FNIOMIOPORTIN for details.
6511 */
6512PDMBOTHCBDECL(int) ataIOPortRead2(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t *pu32, unsigned cb)
6513{
6514 uint32_t i = (uint32_t)(uintptr_t)pvUser;
6515 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
6516 PATACONTROLLER pCtl = &pThis->aCts[i];
6517 int rc;
6518
6519 Assert(i < 2);
6520
6521 if (cb == 1)
6522 {
6523 rc = PDMCritSectEnter(&pCtl->lock, VINF_IOM_R3_IOPORT_READ);
6524 if (rc == VINF_SUCCESS)
6525 {
6526 *pu32 = ataStatusRead(pCtl, Port);
6527 PDMCritSectLeave(&pCtl->lock);
6528 }
6529 }
6530 else
6531 {
6532 Log(("ataIOPortRead2: ignoring read from port %x size=%d!\n", Port, cb));
6533 rc = VERR_IOM_IOPORT_UNUSED;
6534 }
6535 return rc;
6536}
6537
6538#ifdef IN_RING3
6539
6540
6541DECLINLINE(void) ataR3RelocBuffer(PPDMDEVINS pDevIns, ATADevState *s)
6542{
6543 if (s->pbIOBufferR3)
6544 s->pbIOBufferRC = MMHyperR3ToRC(PDMDevHlpGetVM(pDevIns), s->pbIOBufferR3);
6545}
6546
6547
6548/**
6549 * Detach notification.
6550 *
6551 * The DVD drive has been unplugged.
6552 *
6553 * @param pDevIns The device instance.
6554 * @param iLUN The logical unit which is being detached.
6555 * @param fFlags Flags, combination of the PDMDEVATT_FLAGS_* \#defines.
6556 */
6557static DECLCALLBACK(void) ataR3Detach(PPDMDEVINS pDevIns, unsigned iLUN, uint32_t fFlags)
6558{
6559 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
6560 AssertMsg(fFlags & PDM_TACH_FLAGS_NOT_HOT_PLUG,
6561 ("PIIX3IDE: Device does not support hotplugging\n")); RT_NOREF(fFlags);
6562
6563 /*
6564 * Locate the controller and stuff.
6565 */
6566 unsigned iController = iLUN / RT_ELEMENTS(pThis->aCts[0].aIfs);
6567 AssertReleaseMsg(iController < RT_ELEMENTS(pThis->aCts), ("iController=%d iLUN=%d\n", iController, iLUN));
6568 PATACONTROLLER pCtl = &pThis->aCts[iController];
6569
6570 unsigned iInterface = iLUN % RT_ELEMENTS(pThis->aCts[0].aIfs);
6571 ATADevState *pIf = &pCtl->aIfs[iInterface];
6572
6573 /*
6574 * Zero some important members.
6575 */
6576 pIf->pDrvBase = NULL;
6577 pIf->pDrvMedia = NULL;
6578 pIf->pDrvMount = NULL;
6579
6580 /*
6581 * In case there was a medium inserted.
6582 */
6583 ataR3MediumRemoved(pIf);
6584}
6585
6586
6587/**
6588 * Configure a LUN.
6589 *
6590 * @returns VBox status code.
6591 * @param pDevIns The device instance.
6592 * @param pIf The ATA unit state.
6593 */
6594static int ataR3ConfigLun(PPDMDEVINS pDevIns, ATADevState *pIf)
6595{
6596 int rc = VINF_SUCCESS;
6597 PDMMEDIATYPE enmType;
6598
6599 /*
6600 * Query Block, Bios and Mount interfaces.
6601 */
6602 pIf->pDrvMedia = PDMIBASE_QUERY_INTERFACE(pIf->pDrvBase, PDMIMEDIA);
6603 if (!pIf->pDrvMedia)
6604 {
6605 AssertMsgFailed(("Configuration error: LUN#%d hasn't a block interface!\n", pIf->iLUN));
6606 return VERR_PDM_MISSING_INTERFACE;
6607 }
6608
6609 pIf->pDrvMount = PDMIBASE_QUERY_INTERFACE(pIf->pDrvBase, PDMIMOUNT);
6610
6611 /*
6612 * Validate type.
6613 */
6614 enmType = pIf->pDrvMedia->pfnGetType(pIf->pDrvMedia);
6615 if ( enmType != PDMMEDIATYPE_CDROM
6616 && enmType != PDMMEDIATYPE_DVD
6617 && enmType != PDMMEDIATYPE_HARD_DISK)
6618 {
6619 AssertMsgFailed(("Configuration error: LUN#%d isn't a disk or cd/dvd-rom. enmType=%d\n", pIf->iLUN, enmType));
6620 return VERR_PDM_UNSUPPORTED_BLOCK_TYPE;
6621 }
6622 if ( ( enmType == PDMMEDIATYPE_DVD
6623 || enmType == PDMMEDIATYPE_CDROM)
6624 && !pIf->pDrvMount)
6625 {
6626 AssertMsgFailed(("Internal error: cdrom without a mountable interface, WTF???!\n"));
6627 return VERR_INTERNAL_ERROR;
6628 }
6629 pIf->fATAPI = enmType == PDMMEDIATYPE_DVD || enmType == PDMMEDIATYPE_CDROM;
6630 pIf->fATAPIPassthrough = pIf->fATAPI ? (pIf->pDrvMedia->pfnSendCmd != NULL) : false;
6631
6632 /*
6633 * Allocate I/O buffer.
6634 */
6635 if (pIf->fATAPI)
6636 pIf->cbSector = 2048; /* Not required for ATAPI, one medium can have multiple sector sizes. */
6637 else
6638 pIf->cbSector = pIf->pDrvMedia->pfnGetSectorSize(pIf->pDrvMedia);
6639
6640 PVM pVM = PDMDevHlpGetVM(pDevIns);
6641 if (pIf->cbIOBuffer)
6642 {
6643 /* Buffer is (probably) already allocated. Validate the fields,
6644 * because memory corruption can also overwrite pIf->cbIOBuffer. */
6645 if (pIf->fATAPI)
6646 AssertRelease(pIf->cbIOBuffer == _128K);
6647 else
6648 AssertRelease(pIf->cbIOBuffer == ATA_MAX_MULT_SECTORS * pIf->cbSector);
6649 Assert(pIf->pbIOBufferR3);
6650 Assert(pIf->pbIOBufferR0 == MMHyperR3ToR0(pVM, pIf->pbIOBufferR3));
6651 Assert(pIf->pbIOBufferRC == MMHyperR3ToRC(pVM, pIf->pbIOBufferR3));
6652 }
6653 else
6654 {
6655 if (pIf->fATAPI)
6656 pIf->cbIOBuffer = _128K;
6657 else
6658 pIf->cbIOBuffer = ATA_MAX_MULT_SECTORS * pIf->cbSector;
6659 Assert(!pIf->pbIOBufferR3);
6660 rc = MMR3HyperAllocOnceNoRel(pVM, pIf->cbIOBuffer, 0, MM_TAG_PDM_DEVICE_USER, (void **)&pIf->pbIOBufferR3);
6661 if (RT_FAILURE(rc))
6662 return VERR_NO_MEMORY;
6663 pIf->pbIOBufferR0 = MMHyperR3ToR0(pVM, pIf->pbIOBufferR3);
6664 pIf->pbIOBufferRC = MMHyperR3ToRC(pVM, pIf->pbIOBufferR3);
6665 }
6666
6667 /*
6668 * Init geometry (only for non-CD/DVD media).
6669 */
6670 uint32_t cRegions = pIf->pDrvMedia->pfnGetRegionCount(pIf->pDrvMedia);
6671 pIf->cTotalSectors = 0;
6672 for (uint32_t i = 0; i < cRegions; i++)
6673 {
6674 uint64_t cBlocks = 0;
6675 rc = pIf->pDrvMedia->pfnQueryRegionProperties(pIf->pDrvMedia, i, NULL, &cBlocks,
6676 NULL, NULL);
6677 AssertRC(rc);
6678 pIf->cTotalSectors += cBlocks;
6679 }
6680
6681 if (pIf->fATAPI)
6682 {
6683 pIf->PCHSGeometry.cCylinders = 0; /* dummy */
6684 pIf->PCHSGeometry.cHeads = 0; /* dummy */
6685 pIf->PCHSGeometry.cSectors = 0; /* dummy */
6686 LogRel(("PIIX3 ATA: LUN#%d: CD/DVD, total number of sectors %Ld, passthrough %s\n",
6687 pIf->iLUN, pIf->cTotalSectors, (pIf->fATAPIPassthrough ? "enabled" : "disabled")));
6688 }
6689 else
6690 {
6691 rc = pIf->pDrvMedia->pfnBiosGetPCHSGeometry(pIf->pDrvMedia, &pIf->PCHSGeometry);
6692 if (rc == VERR_PDM_MEDIA_NOT_MOUNTED)
6693 {
6694 pIf->PCHSGeometry.cCylinders = 0;
6695 pIf->PCHSGeometry.cHeads = 16; /*??*/
6696 pIf->PCHSGeometry.cSectors = 63; /*??*/
6697 }
6698 else if (rc == VERR_PDM_GEOMETRY_NOT_SET)
6699 {
6700 pIf->PCHSGeometry.cCylinders = 0; /* autodetect marker */
6701 rc = VINF_SUCCESS;
6702 }
6703 AssertRC(rc);
6704
6705 if ( pIf->PCHSGeometry.cCylinders == 0
6706 || pIf->PCHSGeometry.cHeads == 0
6707 || pIf->PCHSGeometry.cSectors == 0
6708 )
6709 {
6710 uint64_t cCylinders = pIf->cTotalSectors / (16 * 63);
6711 pIf->PCHSGeometry.cCylinders = RT_MAX(RT_MIN(cCylinders, 16383), 1);
6712 pIf->PCHSGeometry.cHeads = 16;
6713 pIf->PCHSGeometry.cSectors = 63;
6714 /* Set the disk geometry information. Ignore errors. */
6715 pIf->pDrvMedia->pfnBiosSetPCHSGeometry(pIf->pDrvMedia, &pIf->PCHSGeometry);
6716 rc = VINF_SUCCESS;
6717 }
6718 LogRel(("PIIX3 ATA: LUN#%d: disk, PCHS=%u/%u/%u, total number of sectors %Ld\n",
6719 pIf->iLUN, pIf->PCHSGeometry.cCylinders, pIf->PCHSGeometry.cHeads, pIf->PCHSGeometry.cSectors,
6720 pIf->cTotalSectors));
6721
6722 if (pIf->pDrvMedia->pfnDiscard)
6723 LogRel(("PIIX3 ATA: LUN#%d: TRIM enabled\n", pIf->iLUN));
6724 }
6725
6726 /*
6727 * Check if SMP system to adjust the agressiveness of the busy yield hack (@bugref{1960}).
6728 *
6729 * The hack is an ancient (2006?) one for dealing with UNI CPU systems where EMT
6730 * would potentially monopolise the CPU and starve I/O threads. It causes the EMT to
6731 * yield it's timeslice if the guest polls the status register during I/O. On modern
6732 * multicore and multithreaded systems, yielding EMT too often may have adverse
6733 * effects (slow grub) so we aim at avoiding repeating the yield there too often.
6734 */
6735 RTCPUID cCpus = RTMpGetOnlineCount();
6736 if (cCpus <= 1)
6737 {
6738 pIf->cBusyStatusHackR3Rate = 1;
6739 pIf->cBusyStatusHackRZRate = 7;
6740 }
6741 else if (cCpus <= 2)
6742 {
6743 pIf->cBusyStatusHackR3Rate = 3;
6744 pIf->cBusyStatusHackRZRate = 15;
6745 }
6746 else if (cCpus <= 4)
6747 {
6748 pIf->cBusyStatusHackR3Rate = 15;
6749 pIf->cBusyStatusHackRZRate = 31;
6750 }
6751 else
6752 {
6753 pIf->cBusyStatusHackR3Rate = 127;
6754 pIf->cBusyStatusHackRZRate = 127;
6755 }
6756
6757 return rc;
6758}
6759
6760
6761/**
6762 * Attach command.
6763 *
6764 * This is called when we change block driver for the DVD drive.
6765 *
6766 * @returns VBox status code.
6767 * @param pDevIns The device instance.
6768 * @param iLUN The logical unit which is being detached.
6769 * @param fFlags Flags, combination of the PDMDEVATT_FLAGS_* \#defines.
6770 */
6771static DECLCALLBACK(int) ataR3Attach(PPDMDEVINS pDevIns, unsigned iLUN, uint32_t fFlags)
6772{
6773 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
6774 PATACONTROLLER pCtl;
6775 ATADevState *pIf;
6776 int rc;
6777 unsigned iController;
6778 unsigned iInterface;
6779
6780 AssertMsgReturn(fFlags & PDM_TACH_FLAGS_NOT_HOT_PLUG,
6781 ("PIIX3IDE: Device does not support hotplugging\n"),
6782 VERR_INVALID_PARAMETER);
6783
6784 /*
6785 * Locate the controller and stuff.
6786 */
6787 iController = iLUN / RT_ELEMENTS(pThis->aCts[0].aIfs);
6788 AssertReleaseMsg(iController < RT_ELEMENTS(pThis->aCts), ("iController=%d iLUN=%d\n", iController, iLUN));
6789 pCtl = &pThis->aCts[iController];
6790
6791 iInterface = iLUN % RT_ELEMENTS(pThis->aCts[0].aIfs);
6792 pIf = &pCtl->aIfs[iInterface];
6793
6794 /* the usual paranoia */
6795 AssertRelease(!pIf->pDrvBase);
6796 AssertRelease(!pIf->pDrvMedia);
6797 Assert(ATADEVSTATE_2_CONTROLLER(pIf) == pCtl);
6798 Assert(pIf->iLUN == iLUN);
6799
6800 /*
6801 * Try attach the block device and get the interfaces,
6802 * required as well as optional.
6803 */
6804 rc = PDMDevHlpDriverAttach(pDevIns, pIf->iLUN, &pIf->IBase, &pIf->pDrvBase, NULL);
6805 if (RT_SUCCESS(rc))
6806 {
6807 rc = ataR3ConfigLun(pDevIns, pIf);
6808 /*
6809 * In case there is a medium inserted.
6810 */
6811 ataR3MediumInserted(pIf);
6812 ataR3MediumTypeSet(pIf, ATA_MEDIA_TYPE_UNKNOWN);
6813 }
6814 else
6815 AssertMsgFailed(("Failed to attach LUN#%d. rc=%Rrc\n", pIf->iLUN, rc));
6816
6817 if (RT_FAILURE(rc))
6818 {
6819 pIf->pDrvBase = NULL;
6820 pIf->pDrvMedia = NULL;
6821 }
6822 return rc;
6823}
6824
6825
6826/**
6827 * Resume notification.
6828 *
6829 * @returns VBox status code.
6830 * @param pDevIns The device instance data.
6831 */
6832static DECLCALLBACK(void) ataR3Resume(PPDMDEVINS pDevIns)
6833{
6834 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
6835 int rc;
6836
6837 Log(("%s:\n", __FUNCTION__));
6838 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
6839 {
6840 if (pThis->aCts[i].fRedo && pThis->aCts[i].fRedoIdle)
6841 {
6842 rc = RTSemEventSignal(pThis->aCts[i].SuspendIOSem);
6843 AssertRC(rc);
6844 }
6845 }
6846 return;
6847}
6848
6849
6850/**
6851 * Checks if all (both) the async I/O threads have quiesced.
6852 *
6853 * @returns true on success.
6854 * @returns false when one or more threads is still processing.
6855 * @param pDevIns Pointer to the PDM device instance.
6856 */
6857static bool ataR3AllAsyncIOIsIdle(PPDMDEVINS pDevIns)
6858{
6859 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
6860
6861 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
6862 if (pThis->aCts[i].AsyncIOThread != NIL_RTTHREAD)
6863 {
6864 bool fRc = ataR3AsyncIOIsIdle(&pThis->aCts[i], false /*fStrict*/);
6865 if (!fRc)
6866 {
6867 /* Make it signal PDM & itself when its done */
6868 PDMCritSectEnter(&pThis->aCts[i].AsyncIORequestLock, VERR_IGNORED);
6869 ASMAtomicWriteBool(&pThis->aCts[i].fSignalIdle, true);
6870 PDMCritSectLeave(&pThis->aCts[i].AsyncIORequestLock);
6871
6872 fRc = ataR3AsyncIOIsIdle(&pThis->aCts[i], false /*fStrict*/);
6873 if (!fRc)
6874 {
6875#if 0 /** @todo Need to do some time tracking here... */
6876 LogRel(("PIIX3 ATA: Ctl#%u is still executing, DevSel=%d AIOIf=%d CmdIf0=%#04x CmdIf1=%#04x\n",
6877 i, pThis->aCts[i].iSelectedIf, pThis->aCts[i].iAIOIf,
6878 pThis->aCts[i].aIfs[0].uATARegCommand, pThis->aCts[i].aIfs[1].uATARegCommand));
6879#endif
6880 return false;
6881 }
6882 }
6883 ASMAtomicWriteBool(&pThis->aCts[i].fSignalIdle, false);
6884 }
6885 return true;
6886}
6887
6888/**
6889 * Prepare state save and load operation.
6890 *
6891 * @returns VBox status code.
6892 * @param pDevIns Device instance of the device which registered the data unit.
6893 * @param pSSM SSM operation handle.
6894 */
6895static DECLCALLBACK(int) ataR3SaveLoadPrep(PPDMDEVINS pDevIns, PSSMHANDLE pSSM)
6896{
6897 RT_NOREF1(pSSM);
6898 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
6899
6900 /* sanity - the suspend notification will wait on the async stuff. */
6901 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
6902 AssertLogRelMsgReturn(ataR3AsyncIOIsIdle(&pThis->aCts[i], false /*fStrict*/),
6903 ("i=%u\n", i),
6904 VERR_SSM_IDE_ASYNC_TIMEOUT);
6905 return VINF_SUCCESS;
6906}
6907
6908/**
6909 * @copydoc FNSSMDEVLIVEEXEC
6910 */
6911static DECLCALLBACK(int) ataR3LiveExec(PPDMDEVINS pDevIns, PSSMHANDLE pSSM, uint32_t uPass)
6912{
6913 RT_NOREF1(uPass);
6914 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
6915
6916 SSMR3PutU8(pSSM, pThis->u8Type);
6917 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
6918 {
6919 SSMR3PutBool(pSSM, true); /* For controller enabled / disabled. */
6920 for (uint32_t j = 0; j < RT_ELEMENTS(pThis->aCts[i].aIfs); j++)
6921 {
6922 SSMR3PutBool(pSSM, pThis->aCts[i].aIfs[j].pDrvBase != NULL);
6923 SSMR3PutStrZ(pSSM, pThis->aCts[i].aIfs[j].szSerialNumber);
6924 SSMR3PutStrZ(pSSM, pThis->aCts[i].aIfs[j].szFirmwareRevision);
6925 SSMR3PutStrZ(pSSM, pThis->aCts[i].aIfs[j].szModelNumber);
6926 }
6927 }
6928
6929 return VINF_SSM_DONT_CALL_AGAIN;
6930}
6931
6932/**
6933 * @copydoc FNSSMDEVSAVEEXEC
6934 */
6935static DECLCALLBACK(int) ataR3SaveExec(PPDMDEVINS pDevIns, PSSMHANDLE pSSM)
6936{
6937 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
6938
6939 ataR3LiveExec(pDevIns, pSSM, SSM_PASS_FINAL);
6940
6941 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
6942 {
6943 SSMR3PutU8(pSSM, pThis->aCts[i].iSelectedIf);
6944 SSMR3PutU8(pSSM, pThis->aCts[i].iAIOIf);
6945 SSMR3PutU8(pSSM, pThis->aCts[i].uAsyncIOState);
6946 SSMR3PutBool(pSSM, pThis->aCts[i].fChainedTransfer);
6947 SSMR3PutBool(pSSM, pThis->aCts[i].fReset);
6948 SSMR3PutBool(pSSM, pThis->aCts[i].fRedo);
6949 SSMR3PutBool(pSSM, pThis->aCts[i].fRedoIdle);
6950 SSMR3PutBool(pSSM, pThis->aCts[i].fRedoDMALastDesc);
6951 SSMR3PutMem(pSSM, &pThis->aCts[i].BmDma, sizeof(pThis->aCts[i].BmDma));
6952 SSMR3PutGCPhys32(pSSM, pThis->aCts[i].GCPhysFirstDMADesc);
6953 SSMR3PutGCPhys32(pSSM, pThis->aCts[i].GCPhysLastDMADesc);
6954 SSMR3PutGCPhys32(pSSM, pThis->aCts[i].GCPhysRedoDMABuffer);
6955 SSMR3PutU32(pSSM, pThis->aCts[i].cbRedoDMABuffer);
6956
6957 for (uint32_t j = 0; j < RT_ELEMENTS(pThis->aCts[i].aIfs); j++)
6958 {
6959 SSMR3PutBool(pSSM, pThis->aCts[i].aIfs[j].fLBA48);
6960 SSMR3PutBool(pSSM, pThis->aCts[i].aIfs[j].fATAPI);
6961 SSMR3PutBool(pSSM, pThis->aCts[i].aIfs[j].fIrqPending);
6962 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].cMultSectors);
6963 SSMR3PutU32(pSSM, pThis->aCts[i].aIfs[j].PCHSGeometry.cCylinders);
6964 SSMR3PutU32(pSSM, pThis->aCts[i].aIfs[j].PCHSGeometry.cHeads);
6965 SSMR3PutU32(pSSM, pThis->aCts[i].aIfs[j].PCHSGeometry.cSectors);
6966 SSMR3PutU32(pSSM, pThis->aCts[i].aIfs[j].cSectorsPerIRQ);
6967 SSMR3PutU64(pSSM, pThis->aCts[i].aIfs[j].cTotalSectors);
6968 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegFeature);
6969 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegFeatureHOB);
6970 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegError);
6971 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegNSector);
6972 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegNSectorHOB);
6973 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegSector);
6974 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegSectorHOB);
6975 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegLCyl);
6976 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegLCylHOB);
6977 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegHCyl);
6978 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegHCylHOB);
6979 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegSelect);
6980 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegStatus);
6981 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegCommand);
6982 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegDevCtl);
6983 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATATransferMode);
6984 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uTxDir);
6985 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].iBeginTransfer);
6986 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].iSourceSink);
6987 SSMR3PutBool(pSSM, pThis->aCts[i].aIfs[j].fDMA);
6988 SSMR3PutBool(pSSM, pThis->aCts[i].aIfs[j].fATAPITransfer);
6989 SSMR3PutU32(pSSM, pThis->aCts[i].aIfs[j].cbTotalTransfer);
6990 SSMR3PutU32(pSSM, pThis->aCts[i].aIfs[j].cbElementaryTransfer);
6991 SSMR3PutU32(pSSM, pThis->aCts[i].aIfs[j].iIOBufferCur);
6992 SSMR3PutU32(pSSM, pThis->aCts[i].aIfs[j].iIOBufferEnd);
6993 SSMR3PutU32(pSSM, pThis->aCts[i].aIfs[j].iIOBufferPIODataStart);
6994 SSMR3PutU32(pSSM, pThis->aCts[i].aIfs[j].iIOBufferPIODataEnd);
6995 SSMR3PutU32(pSSM, pThis->aCts[i].aIfs[j].iATAPILBA);
6996 SSMR3PutU32(pSSM, pThis->aCts[i].aIfs[j].cbATAPISector);
6997 SSMR3PutMem(pSSM, &pThis->aCts[i].aIfs[j].aATAPICmd, sizeof(pThis->aCts[i].aIfs[j].aATAPICmd));
6998 SSMR3PutMem(pSSM, &pThis->aCts[i].aIfs[j].abATAPISense, sizeof(pThis->aCts[i].aIfs[j].abATAPISense));
6999 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].cNotifiedMediaChange);
7000 SSMR3PutU32(pSSM, pThis->aCts[i].aIfs[j].MediaEventStatus);
7001 SSMR3PutMem(pSSM, &pThis->aCts[i].aIfs[j].Led, sizeof(pThis->aCts[i].aIfs[j].Led));
7002 SSMR3PutU32(pSSM, pThis->aCts[i].aIfs[j].cbIOBuffer);
7003 if (pThis->aCts[i].aIfs[j].cbIOBuffer)
7004 SSMR3PutMem(pSSM, pThis->aCts[i].aIfs[j].CTX_SUFF(pbIOBuffer), pThis->aCts[i].aIfs[j].cbIOBuffer);
7005 else
7006 Assert(pThis->aCts[i].aIfs[j].CTX_SUFF(pbIOBuffer) == NULL);
7007 }
7008 }
7009
7010 return SSMR3PutU32(pSSM, UINT32_MAX); /* sanity/terminator */
7011}
7012
7013/**
7014 * Converts the LUN number into a message string.
7015 */
7016static const char *ataR3StringifyLun(unsigned iLun)
7017{
7018 switch (iLun)
7019 {
7020 case 0: return "primary master";
7021 case 1: return "primary slave";
7022 case 2: return "secondary master";
7023 case 3: return "secondary slave";
7024 default: AssertFailedReturn("unknown lun");
7025 }
7026}
7027
7028/**
7029 * FNSSMDEVLOADEXEC
7030 */
7031static DECLCALLBACK(int) ataR3LoadExec(PPDMDEVINS pDevIns, PSSMHANDLE pSSM, uint32_t uVersion, uint32_t uPass)
7032{
7033 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
7034 int rc;
7035 uint32_t u32;
7036
7037 if ( uVersion != ATA_SAVED_STATE_VERSION
7038 && uVersion != ATA_SAVED_STATE_VERSION_VBOX_30
7039 && uVersion != ATA_SAVED_STATE_VERSION_WITHOUT_FULL_SENSE
7040 && uVersion != ATA_SAVED_STATE_VERSION_WITHOUT_EVENT_STATUS
7041 && uVersion != ATA_SAVED_STATE_VERSION_WITH_BOOL_TYPE)
7042 {
7043 AssertMsgFailed(("uVersion=%d\n", uVersion));
7044 return VERR_SSM_UNSUPPORTED_DATA_UNIT_VERSION;
7045 }
7046
7047 /*
7048 * Verify the configuration.
7049 */
7050 if (uVersion > ATA_SAVED_STATE_VERSION_VBOX_30)
7051 {
7052 uint8_t u8Type;
7053 rc = SSMR3GetU8(pSSM, &u8Type);
7054 AssertRCReturn(rc, rc);
7055 if (u8Type != pThis->u8Type)
7056 return SSMR3SetCfgError(pSSM, RT_SRC_POS, N_("Config mismatch: u8Type - saved=%u config=%u"), u8Type, pThis->u8Type);
7057
7058 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
7059 {
7060 bool fEnabled;
7061 rc = SSMR3GetBool(pSSM, &fEnabled);
7062 AssertRCReturn(rc, rc);
7063 if (!fEnabled)
7064 return SSMR3SetCfgError(pSSM, RT_SRC_POS, N_("Ctr#%u onfig mismatch: fEnabled != true"), i);
7065
7066 for (uint32_t j = 0; j < RT_ELEMENTS(pThis->aCts[i].aIfs); j++)
7067 {
7068 ATADevState const *pIf = &pThis->aCts[i].aIfs[j];
7069
7070 bool fInUse;
7071 rc = SSMR3GetBool(pSSM, &fInUse);
7072 AssertRCReturn(rc, rc);
7073 if (fInUse != (pIf->pDrvBase != NULL))
7074 return SSMR3SetCfgError(pSSM, RT_SRC_POS,
7075 N_("The %s VM is missing a %s device. Please make sure the source and target VMs have compatible storage configurations"),
7076 fInUse ? "target" : "source", ataR3StringifyLun(pIf->iLUN) );
7077
7078 char szSerialNumber[ATA_SERIAL_NUMBER_LENGTH+1];
7079 rc = SSMR3GetStrZ(pSSM, szSerialNumber, sizeof(szSerialNumber));
7080 AssertRCReturn(rc, rc);
7081 if (strcmp(szSerialNumber, pIf->szSerialNumber))
7082 LogRel(("PIIX3 ATA: LUN#%u config mismatch: Serial number - saved='%s' config='%s'\n",
7083 pIf->iLUN, szSerialNumber, pIf->szSerialNumber));
7084
7085 char szFirmwareRevision[ATA_FIRMWARE_REVISION_LENGTH+1];
7086 rc = SSMR3GetStrZ(pSSM, szFirmwareRevision, sizeof(szFirmwareRevision));
7087 AssertRCReturn(rc, rc);
7088 if (strcmp(szFirmwareRevision, pIf->szFirmwareRevision))
7089 LogRel(("PIIX3 ATA: LUN#%u config mismatch: Firmware revision - saved='%s' config='%s'\n",
7090 pIf->iLUN, szFirmwareRevision, pIf->szFirmwareRevision));
7091
7092 char szModelNumber[ATA_MODEL_NUMBER_LENGTH+1];
7093 rc = SSMR3GetStrZ(pSSM, szModelNumber, sizeof(szModelNumber));
7094 AssertRCReturn(rc, rc);
7095 if (strcmp(szModelNumber, pIf->szModelNumber))
7096 LogRel(("PIIX3 ATA: LUN#%u config mismatch: Model number - saved='%s' config='%s'\n",
7097 pIf->iLUN, szModelNumber, pIf->szModelNumber));
7098 }
7099 }
7100 }
7101 if (uPass != SSM_PASS_FINAL)
7102 return VINF_SUCCESS;
7103
7104 /*
7105 * Restore valid parts of the PCIATAState structure
7106 */
7107 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
7108 {
7109 /* integrity check */
7110 if (!ataR3AsyncIOIsIdle(&pThis->aCts[i], false))
7111 {
7112 AssertMsgFailed(("Async I/O for controller %d is active\n", i));
7113 return VERR_INTERNAL_ERROR_4;
7114 }
7115
7116 SSMR3GetU8(pSSM, &pThis->aCts[i].iSelectedIf);
7117 SSMR3GetU8(pSSM, &pThis->aCts[i].iAIOIf);
7118 SSMR3GetU8(pSSM, &pThis->aCts[i].uAsyncIOState);
7119 SSMR3GetBool(pSSM, &pThis->aCts[i].fChainedTransfer);
7120 SSMR3GetBool(pSSM, (bool *)&pThis->aCts[i].fReset);
7121 SSMR3GetBool(pSSM, (bool *)&pThis->aCts[i].fRedo);
7122 SSMR3GetBool(pSSM, (bool *)&pThis->aCts[i].fRedoIdle);
7123 SSMR3GetBool(pSSM, (bool *)&pThis->aCts[i].fRedoDMALastDesc);
7124 SSMR3GetMem(pSSM, &pThis->aCts[i].BmDma, sizeof(pThis->aCts[i].BmDma));
7125 SSMR3GetGCPhys32(pSSM, &pThis->aCts[i].GCPhysFirstDMADesc);
7126 SSMR3GetGCPhys32(pSSM, &pThis->aCts[i].GCPhysLastDMADesc);
7127 SSMR3GetGCPhys32(pSSM, &pThis->aCts[i].GCPhysRedoDMABuffer);
7128 SSMR3GetU32(pSSM, &pThis->aCts[i].cbRedoDMABuffer);
7129
7130 for (uint32_t j = 0; j < RT_ELEMENTS(pThis->aCts[i].aIfs); j++)
7131 {
7132 SSMR3GetBool(pSSM, &pThis->aCts[i].aIfs[j].fLBA48);
7133 SSMR3GetBool(pSSM, &pThis->aCts[i].aIfs[j].fATAPI);
7134 SSMR3GetBool(pSSM, &pThis->aCts[i].aIfs[j].fIrqPending);
7135 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].cMultSectors);
7136 SSMR3GetU32(pSSM, &pThis->aCts[i].aIfs[j].PCHSGeometry.cCylinders);
7137 SSMR3GetU32(pSSM, &pThis->aCts[i].aIfs[j].PCHSGeometry.cHeads);
7138 SSMR3GetU32(pSSM, &pThis->aCts[i].aIfs[j].PCHSGeometry.cSectors);
7139 SSMR3GetU32(pSSM, &pThis->aCts[i].aIfs[j].cSectorsPerIRQ);
7140 SSMR3GetU64(pSSM, &pThis->aCts[i].aIfs[j].cTotalSectors);
7141 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegFeature);
7142 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegFeatureHOB);
7143 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegError);
7144 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegNSector);
7145 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegNSectorHOB);
7146 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegSector);
7147 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegSectorHOB);
7148 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegLCyl);
7149 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegLCylHOB);
7150 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegHCyl);
7151 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegHCylHOB);
7152 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegSelect);
7153 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegStatus);
7154 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegCommand);
7155 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegDevCtl);
7156 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATATransferMode);
7157 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uTxDir);
7158 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].iBeginTransfer);
7159 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].iSourceSink);
7160 SSMR3GetBool(pSSM, &pThis->aCts[i].aIfs[j].fDMA);
7161 SSMR3GetBool(pSSM, &pThis->aCts[i].aIfs[j].fATAPITransfer);
7162 SSMR3GetU32(pSSM, &pThis->aCts[i].aIfs[j].cbTotalTransfer);
7163 SSMR3GetU32(pSSM, &pThis->aCts[i].aIfs[j].cbElementaryTransfer);
7164 /* NB: cbPIOTransferLimit could be saved/restored but it's sufficient
7165 * to re-calculate it here, with a tiny risk that it could be
7166 * unnecessarily low for the current transfer only. Could be changed
7167 * when changing the saved state in the future.
7168 */
7169 pThis->aCts[i].aIfs[j].cbPIOTransferLimit = (pThis->aCts[i].aIfs[j].uATARegHCyl << 8) | pThis->aCts[i].aIfs[j].uATARegLCyl;
7170 SSMR3GetU32(pSSM, &pThis->aCts[i].aIfs[j].iIOBufferCur);
7171 SSMR3GetU32(pSSM, &pThis->aCts[i].aIfs[j].iIOBufferEnd);
7172 SSMR3GetU32(pSSM, &pThis->aCts[i].aIfs[j].iIOBufferPIODataStart);
7173 SSMR3GetU32(pSSM, &pThis->aCts[i].aIfs[j].iIOBufferPIODataEnd);
7174 SSMR3GetU32(pSSM, &pThis->aCts[i].aIfs[j].iATAPILBA);
7175 SSMR3GetU32(pSSM, &pThis->aCts[i].aIfs[j].cbATAPISector);
7176 SSMR3GetMem(pSSM, &pThis->aCts[i].aIfs[j].aATAPICmd, sizeof(pThis->aCts[i].aIfs[j].aATAPICmd));
7177 if (uVersion > ATA_SAVED_STATE_VERSION_WITHOUT_FULL_SENSE)
7178 {
7179 SSMR3GetMem(pSSM, pThis->aCts[i].aIfs[j].abATAPISense, sizeof(pThis->aCts[i].aIfs[j].abATAPISense));
7180 }
7181 else
7182 {
7183 uint8_t uATAPISenseKey, uATAPIASC;
7184 memset(pThis->aCts[i].aIfs[j].abATAPISense, '\0', sizeof(pThis->aCts[i].aIfs[j].abATAPISense));
7185 pThis->aCts[i].aIfs[j].abATAPISense[0] = 0x70 | (1 << 7);
7186 pThis->aCts[i].aIfs[j].abATAPISense[7] = 10;
7187 SSMR3GetU8(pSSM, &uATAPISenseKey);
7188 SSMR3GetU8(pSSM, &uATAPIASC);
7189 pThis->aCts[i].aIfs[j].abATAPISense[2] = uATAPISenseKey & 0x0f;
7190 pThis->aCts[i].aIfs[j].abATAPISense[12] = uATAPIASC;
7191 }
7192 /** @todo triple-check this hack after passthrough is working */
7193 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].cNotifiedMediaChange);
7194 if (uVersion > ATA_SAVED_STATE_VERSION_WITHOUT_EVENT_STATUS)
7195 SSMR3GetU32(pSSM, (uint32_t*)&pThis->aCts[i].aIfs[j].MediaEventStatus);
7196 else
7197 pThis->aCts[i].aIfs[j].MediaEventStatus = ATA_EVENT_STATUS_UNCHANGED;
7198 SSMR3GetMem(pSSM, &pThis->aCts[i].aIfs[j].Led, sizeof(pThis->aCts[i].aIfs[j].Led));
7199 SSMR3GetU32(pSSM, &pThis->aCts[i].aIfs[j].cbIOBuffer);
7200 if (pThis->aCts[i].aIfs[j].cbIOBuffer)
7201 {
7202 if (pThis->aCts[i].aIfs[j].CTX_SUFF(pbIOBuffer))
7203 SSMR3GetMem(pSSM, pThis->aCts[i].aIfs[j].CTX_SUFF(pbIOBuffer), pThis->aCts[i].aIfs[j].cbIOBuffer);
7204 else
7205 {
7206 LogRel(("ATA: No buffer for %d/%d\n", i, j));
7207 if (SSMR3HandleGetAfter(pSSM) != SSMAFTER_DEBUG_IT)
7208 return SSMR3SetCfgError(pSSM, RT_SRC_POS, N_("No buffer for %d/%d"), i, j);
7209
7210 /* skip the buffer if we're loading for the debugger / animator. */
7211 uint8_t u8Ignored;
7212 size_t cbLeft = pThis->aCts[i].aIfs[j].cbIOBuffer;
7213 while (cbLeft-- > 0)
7214 SSMR3GetU8(pSSM, &u8Ignored);
7215 }
7216 }
7217 else
7218 Assert(pThis->aCts[i].aIfs[j].CTX_SUFF(pbIOBuffer) == NULL);
7219 }
7220 }
7221 if (uVersion <= ATA_SAVED_STATE_VERSION_VBOX_30)
7222 SSMR3GetU8(pSSM, &pThis->u8Type);
7223
7224 rc = SSMR3GetU32(pSSM, &u32);
7225 if (RT_FAILURE(rc))
7226 return rc;
7227 if (u32 != ~0U)
7228 {
7229 AssertMsgFailed(("u32=%#x expected ~0\n", u32));
7230 rc = VERR_SSM_DATA_UNIT_FORMAT_CHANGED;
7231 return rc;
7232 }
7233
7234 return VINF_SUCCESS;
7235}
7236
7237
7238/**
7239 * Callback employed by ataSuspend and ataR3PowerOff.
7240 *
7241 * @returns true if we've quiesced, false if we're still working.
7242 * @param pDevIns The device instance.
7243 */
7244static DECLCALLBACK(bool) ataR3IsAsyncSuspendOrPowerOffDone(PPDMDEVINS pDevIns)
7245{
7246 return ataR3AllAsyncIOIsIdle(pDevIns);
7247}
7248
7249
7250/**
7251 * Common worker for ataSuspend and ataR3PowerOff.
7252 */
7253static void ataR3SuspendOrPowerOff(PPDMDEVINS pDevIns)
7254{
7255 if (!ataR3AllAsyncIOIsIdle(pDevIns))
7256 PDMDevHlpSetAsyncNotification(pDevIns, ataR3IsAsyncSuspendOrPowerOffDone);
7257}
7258
7259
7260/**
7261 * Power Off notification.
7262 *
7263 * @returns VBox status code.
7264 * @param pDevIns The device instance data.
7265 */
7266static DECLCALLBACK(void) ataR3PowerOff(PPDMDEVINS pDevIns)
7267{
7268 Log(("%s:\n", __FUNCTION__));
7269 ataR3SuspendOrPowerOff(pDevIns);
7270}
7271
7272
7273/**
7274 * Suspend notification.
7275 *
7276 * @returns VBox status code.
7277 * @param pDevIns The device instance data.
7278 */
7279static DECLCALLBACK(void) ataR3Suspend(PPDMDEVINS pDevIns)
7280{
7281 Log(("%s:\n", __FUNCTION__));
7282 ataR3SuspendOrPowerOff(pDevIns);
7283}
7284
7285
7286/**
7287 * Callback employed by ataR3Reset.
7288 *
7289 * @returns true if we've quiesced, false if we're still working.
7290 * @param pDevIns The device instance.
7291 */
7292static DECLCALLBACK(bool) ataR3IsAsyncResetDone(PPDMDEVINS pDevIns)
7293{
7294 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
7295
7296 if (!ataR3AllAsyncIOIsIdle(pDevIns))
7297 return false;
7298
7299 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
7300 {
7301 PDMCritSectEnter(&pThis->aCts[i].lock, VERR_INTERNAL_ERROR);
7302 for (uint32_t j = 0; j < RT_ELEMENTS(pThis->aCts[i].aIfs); j++)
7303 ataR3ResetDevice(&pThis->aCts[i].aIfs[j]);
7304 PDMCritSectLeave(&pThis->aCts[i].lock);
7305 }
7306 return true;
7307}
7308
7309
7310/**
7311 * Common reset worker for ataR3Reset and ataR3Construct.
7312 *
7313 * @returns VBox status code.
7314 * @param pDevIns The device instance data.
7315 * @param fConstruct Indicates who is calling.
7316 */
7317static int ataR3ResetCommon(PPDMDEVINS pDevIns, bool fConstruct)
7318{
7319 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
7320
7321 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
7322 {
7323 PDMCritSectEnter(&pThis->aCts[i].lock, VERR_INTERNAL_ERROR);
7324
7325 pThis->aCts[i].iSelectedIf = 0;
7326 pThis->aCts[i].iAIOIf = 0;
7327 pThis->aCts[i].BmDma.u8Cmd = 0;
7328 /* Report that both drives present on the bus are in DMA mode. This
7329 * pretends that there is a BIOS that has set it up. Normal reset
7330 * default is 0x00. */
7331 pThis->aCts[i].BmDma.u8Status = (pThis->aCts[i].aIfs[0].pDrvBase != NULL ? BM_STATUS_D0DMA : 0)
7332 | (pThis->aCts[i].aIfs[1].pDrvBase != NULL ? BM_STATUS_D1DMA : 0);
7333 pThis->aCts[i].BmDma.GCPhysAddr = 0;
7334
7335 pThis->aCts[i].fReset = true;
7336 pThis->aCts[i].fRedo = false;
7337 pThis->aCts[i].fRedoIdle = false;
7338 ataR3AsyncIOClearRequests(&pThis->aCts[i]);
7339 Log2(("%s: Ctl#%d: message to async I/O thread, reset controller\n", __FUNCTION__, i));
7340 ataHCAsyncIOPutRequest(&pThis->aCts[i], &g_ataResetARequest);
7341 ataHCAsyncIOPutRequest(&pThis->aCts[i], &g_ataResetCRequest);
7342
7343 PDMCritSectLeave(&pThis->aCts[i].lock);
7344 }
7345
7346 int rcRet = VINF_SUCCESS;
7347 if (!fConstruct)
7348 {
7349 /*
7350 * Setup asynchronous notification completion if the requests haven't
7351 * completed yet.
7352 */
7353 if (!ataR3IsAsyncResetDone(pDevIns))
7354 PDMDevHlpSetAsyncNotification(pDevIns, ataR3IsAsyncResetDone);
7355 }
7356 else
7357 {
7358 /*
7359 * Wait for the requests for complete.
7360 *
7361 * Would be real nice if we could do it all from EMT(0) and not
7362 * involve the worker threads, then we could dispense with all the
7363 * waiting and semaphore ping-pong here...
7364 */
7365 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
7366 {
7367 if (pThis->aCts[i].AsyncIOThread != NIL_RTTHREAD)
7368 {
7369 int rc = PDMCritSectEnter(&pThis->aCts[i].AsyncIORequestLock, VERR_IGNORED);
7370 AssertRC(rc);
7371
7372 ASMAtomicWriteBool(&pThis->aCts[i].fSignalIdle, true);
7373 rc = RTThreadUserReset(pThis->aCts[i].AsyncIOThread);
7374 AssertRC(rc);
7375
7376 rc = PDMCritSectLeave(&pThis->aCts[i].AsyncIORequestLock);
7377 AssertRC(rc);
7378
7379 if (!ataR3AsyncIOIsIdle(&pThis->aCts[i], false /*fStrict*/))
7380 {
7381 rc = RTThreadUserWait(pThis->aCts[i].AsyncIOThread, 30*1000 /*ms*/);
7382 if (RT_FAILURE(rc))
7383 rc = RTThreadUserWait(pThis->aCts[i].AsyncIOThread, 1000 /*ms*/);
7384 if (RT_FAILURE(rc))
7385 {
7386 AssertRC(rc);
7387 rcRet = rc;
7388 }
7389 }
7390 }
7391 ASMAtomicWriteBool(&pThis->aCts[i].fSignalIdle, false);
7392 }
7393 if (RT_SUCCESS(rcRet))
7394 {
7395 rcRet = ataR3IsAsyncResetDone(pDevIns) ? VINF_SUCCESS : VERR_INTERNAL_ERROR;
7396 AssertRC(rcRet);
7397 }
7398 }
7399 return rcRet;
7400}
7401
7402/**
7403 * Reset notification.
7404 *
7405 * @param pDevIns The device instance data.
7406 */
7407static DECLCALLBACK(void) ataR3Reset(PPDMDEVINS pDevIns)
7408{
7409 ataR3ResetCommon(pDevIns, false /*fConstruct*/);
7410}
7411
7412/**
7413 * @copydoc FNPDMDEVRELOCATE
7414 */
7415static DECLCALLBACK(void) ataR3Relocate(PPDMDEVINS pDevIns, RTGCINTPTR offDelta)
7416{
7417 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
7418
7419 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
7420 {
7421 pThis->aCts[i].pDevInsRC += offDelta;
7422 pThis->aCts[i].aIfs[0].pDevInsRC += offDelta;
7423 pThis->aCts[i].aIfs[0].pControllerRC += offDelta;
7424 ataR3RelocBuffer(pDevIns, &pThis->aCts[i].aIfs[0]);
7425 pThis->aCts[i].aIfs[1].pDevInsRC += offDelta;
7426 pThis->aCts[i].aIfs[1].pControllerRC += offDelta;
7427 ataR3RelocBuffer(pDevIns, &pThis->aCts[i].aIfs[1]);
7428 }
7429}
7430
7431/**
7432 * Destroy a driver instance.
7433 *
7434 * Most VM resources are freed by the VM. This callback is provided so that any non-VM
7435 * resources can be freed correctly.
7436 *
7437 * @param pDevIns The device instance data.
7438 */
7439static DECLCALLBACK(int) ataR3Destruct(PPDMDEVINS pDevIns)
7440{
7441 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
7442 int rc;
7443
7444 Log(("ataR3Destruct\n"));
7445 PDMDEV_CHECK_VERSIONS_RETURN_QUIET(pDevIns);
7446
7447 /*
7448 * Tell the async I/O threads to terminate.
7449 */
7450 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
7451 {
7452 if (pThis->aCts[i].AsyncIOThread != NIL_RTTHREAD)
7453 {
7454 ASMAtomicWriteU32(&pThis->aCts[i].fShutdown, true);
7455 rc = SUPSemEventSignal(pThis->aCts[i].pSupDrvSession, pThis->aCts[i].hAsyncIOSem);
7456 AssertRC(rc);
7457 rc = RTSemEventSignal(pThis->aCts[i].SuspendIOSem);
7458 AssertRC(rc);
7459 }
7460 }
7461
7462 /*
7463 * Wait for the threads to terminate before destroying their resources.
7464 */
7465 for (unsigned i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
7466 {
7467 if (pThis->aCts[i].AsyncIOThread != NIL_RTTHREAD)
7468 {
7469 rc = RTThreadWait(pThis->aCts[i].AsyncIOThread, 30000 /* 30 s*/, NULL);
7470 if (RT_SUCCESS(rc))
7471 pThis->aCts[i].AsyncIOThread = NIL_RTTHREAD;
7472 else
7473 LogRel(("PIIX3 ATA Dtor: Ctl#%u is still executing, DevSel=%d AIOIf=%d CmdIf0=%#04x CmdIf1=%#04x rc=%Rrc\n",
7474 i, pThis->aCts[i].iSelectedIf, pThis->aCts[i].iAIOIf,
7475 pThis->aCts[i].aIfs[0].uATARegCommand, pThis->aCts[i].aIfs[1].uATARegCommand, rc));
7476 }
7477 }
7478
7479 /*
7480 * Free resources.
7481 */
7482 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
7483 {
7484 if (PDMCritSectIsInitialized(&pThis->aCts[i].AsyncIORequestLock))
7485 PDMR3CritSectDelete(&pThis->aCts[i].AsyncIORequestLock);
7486 if (pThis->aCts[i].hAsyncIOSem != NIL_SUPSEMEVENT)
7487 {
7488 SUPSemEventClose(pThis->aCts[i].pSupDrvSession, pThis->aCts[i].hAsyncIOSem);
7489 pThis->aCts[i].hAsyncIOSem = NIL_SUPSEMEVENT;
7490 }
7491 if (pThis->aCts[i].SuspendIOSem != NIL_RTSEMEVENT)
7492 {
7493 RTSemEventDestroy(pThis->aCts[i].SuspendIOSem);
7494 pThis->aCts[i].SuspendIOSem = NIL_RTSEMEVENT;
7495 }
7496
7497 /* try one final time */
7498 if (pThis->aCts[i].AsyncIOThread != NIL_RTTHREAD)
7499 {
7500 rc = RTThreadWait(pThis->aCts[i].AsyncIOThread, 1 /*ms*/, NULL);
7501 if (RT_SUCCESS(rc))
7502 {
7503 pThis->aCts[i].AsyncIOThread = NIL_RTTHREAD;
7504 LogRel(("PIIX3 ATA Dtor: Ctl#%u actually completed.\n", i));
7505 }
7506 }
7507
7508 for (uint32_t iIf = 0; iIf < RT_ELEMENTS(pThis->aCts[i].aIfs); iIf++)
7509 {
7510 if (pThis->aCts[i].aIfs[iIf].pTrackList)
7511 {
7512 ATAPIPassthroughTrackListDestroy(pThis->aCts[i].aIfs[iIf].pTrackList);
7513 pThis->aCts[i].aIfs[iIf].pTrackList = NULL;
7514 }
7515 }
7516 }
7517
7518 return VINF_SUCCESS;
7519}
7520
7521/**
7522 * Convert config value to DEVPCBIOSBOOT.
7523 *
7524 * @returns VBox status code.
7525 * @param pDevIns The device instance data.
7526 * @param pCfg Configuration handle.
7527 * @param penmChipset Where to store the chipset type.
7528 */
7529static int ataR3ControllerFromCfg(PPDMDEVINS pDevIns, PCFGMNODE pCfg, CHIPSET *penmChipset)
7530{
7531 char szType[20];
7532
7533 int rc = CFGMR3QueryStringDef(pCfg, "Type", &szType[0], sizeof(szType), "PIIX4");
7534 if (RT_FAILURE(rc))
7535 return PDMDevHlpVMSetError(pDevIns, rc, RT_SRC_POS,
7536 N_("Configuration error: Querying \"Type\" as a string failed"));
7537 if (!strcmp(szType, "PIIX3"))
7538 *penmChipset = CHIPSET_PIIX3;
7539 else if (!strcmp(szType, "PIIX4"))
7540 *penmChipset = CHIPSET_PIIX4;
7541 else if (!strcmp(szType, "ICH6"))
7542 *penmChipset = CHIPSET_ICH6;
7543 else
7544 {
7545 PDMDevHlpVMSetError(pDevIns, rc, RT_SRC_POS,
7546 N_("Configuration error: The \"Type\" value \"%s\" is unknown"),
7547 szType);
7548 rc = VERR_INTERNAL_ERROR;
7549 }
7550 return rc;
7551}
7552
7553/**
7554 * @interface_method_impl{PDMDEVREG,pfnConstruct}
7555 */
7556static DECLCALLBACK(int) ataR3Construct(PPDMDEVINS pDevIns, int iInstance, PCFGMNODE pCfg)
7557{
7558 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
7559 PPDMIBASE pBase;
7560 int rc;
7561 bool fRCEnabled;
7562 bool fR0Enabled;
7563 uint32_t DelayIRQMillies;
7564
7565 Assert(iInstance == 0);
7566 PDMDEV_CHECK_VERSIONS_RETURN(pDevIns);
7567
7568 /*
7569 * Initialize NIL handle values (for the destructor).
7570 */
7571 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
7572 {
7573 pThis->aCts[i].hAsyncIOSem = NIL_SUPSEMEVENT;
7574 pThis->aCts[i].SuspendIOSem = NIL_RTSEMEVENT;
7575 pThis->aCts[i].AsyncIOThread = NIL_RTTHREAD;
7576 }
7577
7578 /*
7579 * Validate and read configuration.
7580 */
7581 if (!CFGMR3AreValuesValid(pCfg,
7582 "GCEnabled\0"
7583 "R0Enabled\0"
7584 "IRQDelay\0"
7585 "Type\0")
7586 /** @todo || invalid keys */)
7587 return PDMDEV_SET_ERROR(pDevIns, VERR_PDM_DEVINS_UNKNOWN_CFG_VALUES,
7588 N_("PIIX3 configuration error: unknown option specified"));
7589
7590 rc = CFGMR3QueryBoolDef(pCfg, "GCEnabled", &fRCEnabled, true);
7591 if (RT_FAILURE(rc))
7592 return PDMDEV_SET_ERROR(pDevIns, rc,
7593 N_("PIIX3 configuration error: failed to read GCEnabled as boolean"));
7594 Log(("%s: fRCEnabled=%d\n", __FUNCTION__, fRCEnabled));
7595
7596 rc = CFGMR3QueryBoolDef(pCfg, "R0Enabled", &fR0Enabled, true);
7597 if (RT_FAILURE(rc))
7598 return PDMDEV_SET_ERROR(pDevIns, rc,
7599 N_("PIIX3 configuration error: failed to read R0Enabled as boolean"));
7600 Log(("%s: fR0Enabled=%d\n", __FUNCTION__, fR0Enabled));
7601
7602 rc = CFGMR3QueryU32Def(pCfg, "IRQDelay", &DelayIRQMillies, 0);
7603 if (RT_FAILURE(rc))
7604 return PDMDEV_SET_ERROR(pDevIns, rc,
7605 N_("PIIX3 configuration error: failed to read IRQDelay as integer"));
7606 Log(("%s: DelayIRQMillies=%d\n", __FUNCTION__, DelayIRQMillies));
7607 Assert(DelayIRQMillies < 50);
7608
7609 CHIPSET enmChipset = CHIPSET_PIIX3;
7610 rc = ataR3ControllerFromCfg(pDevIns, pCfg, &enmChipset);
7611 if (RT_FAILURE(rc))
7612 return rc;
7613 pThis->u8Type = (uint8_t)enmChipset;
7614
7615 /*
7616 * Initialize data (most of it anyway).
7617 */
7618 /* Status LUN. */
7619 pThis->IBase.pfnQueryInterface = ataR3Status_QueryInterface;
7620 pThis->ILeds.pfnQueryStatusLed = ataR3Status_QueryStatusLed;
7621
7622 /* PCI configuration space. */
7623 PCIDevSetVendorId(&pThis->dev, 0x8086); /* Intel */
7624
7625 /*
7626 * When adding more IDE chipsets, don't forget to update pci_bios_init_device()
7627 * as it explicitly checks for PCI id for IDE controllers.
7628 */
7629 switch (pThis->u8Type)
7630 {
7631 case CHIPSET_ICH6:
7632 PCIDevSetDeviceId(&pThis->dev, 0x269e); /* ICH6 IDE */
7633 /** @todo do we need it? Do we need anything else? */
7634 pThis->dev.abConfig[0x48] = 0x00; /* UDMACTL */
7635 pThis->dev.abConfig[0x4A] = 0x00; /* UDMATIM */
7636 pThis->dev.abConfig[0x4B] = 0x00;
7637 {
7638 /*
7639 * See www.intel.com/Assets/PDF/manual/298600.pdf p. 30
7640 * Report
7641 * WR_Ping-Pong_EN: must be set
7642 * PCR0, PCR1: 80-pin primary cable reporting for both disks
7643 * SCR0, SCR1: 80-pin secondary cable reporting for both disks
7644 */
7645 uint16_t u16Config = (1<<10) | (1<<7) | (1<<6) | (1<<5) | (1<<4) ;
7646 pThis->dev.abConfig[0x54] = u16Config & 0xff;
7647 pThis->dev.abConfig[0x55] = u16Config >> 8;
7648 }
7649 break;
7650 case CHIPSET_PIIX4:
7651 PCIDevSetDeviceId(&pThis->dev, 0x7111); /* PIIX4 IDE */
7652 PCIDevSetRevisionId(&pThis->dev, 0x01); /* PIIX4E */
7653 pThis->dev.abConfig[0x48] = 0x00; /* UDMACTL */
7654 pThis->dev.abConfig[0x4A] = 0x00; /* UDMATIM */
7655 pThis->dev.abConfig[0x4B] = 0x00;
7656 break;
7657 case CHIPSET_PIIX3:
7658 PCIDevSetDeviceId(&pThis->dev, 0x7010); /* PIIX3 IDE */
7659 break;
7660 default:
7661 AssertMsgFailed(("Unsupported IDE chipset type: %d\n", pThis->u8Type));
7662 }
7663
7664 /** @todo
7665 * This is the job of the BIOS / EFI!
7666 *
7667 * The same is done in DevPCI.cpp / pci_bios_init_device() but there is no
7668 * corresponding function in DevPciIch9.cpp. The EFI has corresponding code
7669 * in OvmfPkg/Library/PlatformBdsLib/BdsPlatform.c: NotifyDev() but this
7670 * function assumes that the IDE controller is located at PCI 00:01.1 which
7671 * is not true if the ICH9 chipset is used.
7672 */
7673 PCIDevSetWord(&pThis->dev, 0x40, 0x8000); /* enable IDE0 */
7674 PCIDevSetWord(&pThis->dev, 0x42, 0x8000); /* enable IDE1 */
7675
7676 PCIDevSetCommand( &pThis->dev, PCI_COMMAND_IOACCESS | PCI_COMMAND_MEMACCESS | PCI_COMMAND_BUSMASTER);
7677 PCIDevSetClassProg( &pThis->dev, 0x8a); /* programming interface = PCI_IDE bus master is supported */
7678 PCIDevSetClassSub( &pThis->dev, 0x01); /* class_sub = PCI_IDE */
7679 PCIDevSetClassBase( &pThis->dev, 0x01); /* class_base = PCI_mass_storage */
7680 PCIDevSetHeaderType(&pThis->dev, 0x00);
7681
7682 pThis->pDevIns = pDevIns;
7683 pThis->fRCEnabled = fRCEnabled;
7684 pThis->fR0Enabled = fR0Enabled;
7685 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
7686 {
7687 pThis->aCts[i].pDevInsR3 = pDevIns;
7688 pThis->aCts[i].pDevInsR0 = PDMDEVINS_2_R0PTR(pDevIns);
7689 pThis->aCts[i].pDevInsRC = PDMDEVINS_2_RCPTR(pDevIns);
7690 pThis->aCts[i].DelayIRQMillies = (uint32_t)DelayIRQMillies;
7691 for (uint32_t j = 0; j < RT_ELEMENTS(pThis->aCts[i].aIfs); j++)
7692 {
7693 ATADevState *pIf = &pThis->aCts[i].aIfs[j];
7694
7695 pIf->iLUN = i * RT_ELEMENTS(pThis->aCts) + j;
7696 pIf->pDevInsR3 = pDevIns;
7697 pIf->pDevInsR0 = PDMDEVINS_2_R0PTR(pDevIns);
7698 pIf->pDevInsRC = PDMDEVINS_2_RCPTR(pDevIns);
7699 pIf->pControllerR3 = &pThis->aCts[i];
7700 pIf->pControllerR0 = MMHyperR3ToR0(PDMDevHlpGetVM(pDevIns), &pThis->aCts[i]);
7701 pIf->pControllerRC = MMHyperR3ToRC(PDMDevHlpGetVM(pDevIns), &pThis->aCts[i]);
7702 pIf->IBase.pfnQueryInterface = ataR3QueryInterface;
7703 pIf->IMountNotify.pfnMountNotify = ataR3MountNotify;
7704 pIf->IMountNotify.pfnUnmountNotify = ataR3UnmountNotify;
7705 pIf->IPort.pfnQueryDeviceLocation = ataR3QueryDeviceLocation;
7706 pIf->Led.u32Magic = PDMLED_MAGIC;
7707 }
7708 }
7709
7710 Assert(RT_ELEMENTS(pThis->aCts) == 2);
7711 pThis->aCts[0].irq = 14;
7712 pThis->aCts[0].IOPortBase1 = 0x1f0;
7713 pThis->aCts[0].IOPortBase2 = 0x3f6;
7714 pThis->aCts[1].irq = 15;
7715 pThis->aCts[1].IOPortBase1 = 0x170;
7716 pThis->aCts[1].IOPortBase2 = 0x376;
7717
7718 /*
7719 * Set the default critical section to NOP as we lock on controller level.
7720 */
7721 rc = PDMDevHlpSetDeviceCritSect(pDevIns, PDMDevHlpCritSectGetNop(pDevIns));
7722 AssertRCReturn(rc, rc);
7723
7724 /*
7725 * Register the PCI device.
7726 */
7727 rc = PDMDevHlpPCIRegisterEx(pDevIns, &pThis->dev, PDMPCIDEVREG_CFG_PRIMARY, PDMPCIDEVREG_F_NOT_MANDATORY_NO,
7728 1 /*uPciDevNo*/, 1 /*uPciDevFn*/, "piix3ide");
7729 if (RT_FAILURE(rc))
7730 return PDMDEV_SET_ERROR(pDevIns, rc, N_("PIIX3 cannot register PCI device"));
7731 rc = PDMDevHlpPCIIORegionRegister(pDevIns, 4, 0x10, PCI_ADDRESS_SPACE_IO, ataR3BMDMAIORangeMap);
7732 if (RT_FAILURE(rc))
7733 return PDMDEV_SET_ERROR(pDevIns, rc, N_("PIIX3 cannot register PCI I/O region for BMDMA"));
7734
7735 /*
7736 * Register stats, create critical sections.
7737 */
7738 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
7739 {
7740 for (uint32_t j = 0; j < RT_ELEMENTS(pThis->aCts[i].aIfs); j++)
7741 {
7742 ATADevState *pIf = &pThis->aCts[i].aIfs[j];
7743 PDMDevHlpSTAMRegisterF(pDevIns, &pIf->StatATADMA, STAMTYPE_COUNTER, STAMVISIBILITY_ALWAYS, STAMUNIT_OCCURENCES,
7744 "Number of ATA DMA transfers.", "/Devices/IDE%d/ATA%d/Unit%d/DMA", iInstance, i, j);
7745 PDMDevHlpSTAMRegisterF(pDevIns, &pIf->StatATAPIO, STAMTYPE_COUNTER, STAMVISIBILITY_ALWAYS, STAMUNIT_OCCURENCES,
7746 "Number of ATA PIO transfers.", "/Devices/IDE%d/ATA%d/Unit%d/PIO", iInstance, i, j);
7747 PDMDevHlpSTAMRegisterF(pDevIns, &pIf->StatATAPIDMA, STAMTYPE_COUNTER, STAMVISIBILITY_ALWAYS, STAMUNIT_OCCURENCES,
7748 "Number of ATAPI DMA transfers.", "/Devices/IDE%d/ATA%d/Unit%d/AtapiDMA", iInstance, i, j);
7749 PDMDevHlpSTAMRegisterF(pDevIns, &pIf->StatATAPIPIO, STAMTYPE_COUNTER, STAMVISIBILITY_ALWAYS, STAMUNIT_OCCURENCES,
7750 "Number of ATAPI PIO transfers.", "/Devices/IDE%d/ATA%d/Unit%d/AtapiPIO", iInstance, i, j);
7751#ifdef VBOX_WITH_STATISTICS /** @todo release too. */
7752 PDMDevHlpSTAMRegisterF(pDevIns, &pIf->StatReads, STAMTYPE_PROFILE_ADV, STAMVISIBILITY_ALWAYS, STAMUNIT_TICKS_PER_CALL,
7753 "Profiling of the read operations.", "/Devices/IDE%d/ATA%d/Unit%d/Reads", iInstance, i, j);
7754#endif
7755 PDMDevHlpSTAMRegisterF(pDevIns, &pIf->StatBytesRead, STAMTYPE_COUNTER, STAMVISIBILITY_ALWAYS, STAMUNIT_BYTES,
7756 "Amount of data read.", "/Devices/IDE%d/ATA%d/Unit%d/ReadBytes", iInstance, i, j);
7757#ifdef VBOX_INSTRUMENT_DMA_WRITES
7758 PDMDevHlpSTAMRegisterF(pDevIns, &pIf->StatInstrVDWrites,STAMTYPE_PROFILE_ADV, STAMVISIBILITY_ALWAYS, STAMUNIT_TICKS_PER_CALL,
7759 "Profiling of the VD DMA write operations.", "/Devices/IDE%d/ATA%d/Unit%d/InstrVDWrites", iInstance, i, j);
7760#endif
7761#ifdef VBOX_WITH_STATISTICS
7762 PDMDevHlpSTAMRegisterF(pDevIns, &pIf->StatWrites, STAMTYPE_PROFILE_ADV, STAMVISIBILITY_ALWAYS, STAMUNIT_TICKS_PER_CALL,
7763 "Profiling of the write operations.", "/Devices/IDE%d/ATA%d/Unit%d/Writes", iInstance, i, j);
7764#endif
7765 PDMDevHlpSTAMRegisterF(pDevIns, &pIf->StatBytesWritten, STAMTYPE_COUNTER, STAMVISIBILITY_ALWAYS, STAMUNIT_BYTES,
7766 "Amount of data written.", "/Devices/IDE%d/ATA%d/Unit%d/WrittenBytes", iInstance, i, j);
7767#ifdef VBOX_WITH_STATISTICS
7768 PDMDevHlpSTAMRegisterF(pDevIns, &pIf->StatFlushes, STAMTYPE_PROFILE, STAMVISIBILITY_ALWAYS, STAMUNIT_TICKS_PER_CALL,
7769 "Profiling of the flush operations.", "/Devices/IDE%d/ATA%d/Unit%d/Flushes", iInstance, i, j);
7770#endif
7771 PDMDevHlpSTAMRegisterF(pDevIns, &pIf->StatStatusYields, STAMTYPE_PROFILE, STAMVISIBILITY_ALWAYS, STAMUNIT_TICKS_PER_CALL,
7772 "Profiling of status polling yields.", "/Devices/IDE%d/ATA%d/Unit%d/StatusYields", iInstance, i, j);
7773 }
7774#ifdef VBOX_WITH_STATISTICS /** @todo release too. */
7775 PDMDevHlpSTAMRegisterF(pDevIns, &pThis->aCts[i].StatAsyncOps, STAMTYPE_COUNTER, STAMVISIBILITY_ALWAYS, STAMUNIT_OCCURENCES,
7776 "The number of async operations.", "/Devices/IDE%d/ATA%d/Async/Operations", iInstance, i);
7777 /** @todo STAMUNIT_MICROSECS */
7778 PDMDevHlpSTAMRegisterF(pDevIns, &pThis->aCts[i].StatAsyncMinWait, STAMTYPE_U64_RESET, STAMVISIBILITY_ALWAYS, STAMUNIT_NONE,
7779 "Minimum wait in microseconds.", "/Devices/IDE%d/ATA%d/Async/MinWait", iInstance, i);
7780 PDMDevHlpSTAMRegisterF(pDevIns, &pThis->aCts[i].StatAsyncMaxWait, STAMTYPE_U64_RESET, STAMVISIBILITY_ALWAYS, STAMUNIT_NONE,
7781 "Maximum wait in microseconds.", "/Devices/IDE%d/ATA%d/Async/MaxWait", iInstance, i);
7782 PDMDevHlpSTAMRegisterF(pDevIns, &pThis->aCts[i].StatAsyncTimeUS, STAMTYPE_COUNTER, STAMVISIBILITY_ALWAYS, STAMUNIT_NONE,
7783 "Total time spent in microseconds.", "/Devices/IDE%d/ATA%d/Async/TotalTimeUS", iInstance, i);
7784 PDMDevHlpSTAMRegisterF(pDevIns, &pThis->aCts[i].StatAsyncTime, STAMTYPE_PROFILE_ADV, STAMVISIBILITY_ALWAYS, STAMUNIT_TICKS_PER_CALL,
7785 "Profiling of async operations.", "/Devices/IDE%d/ATA%d/Async/Time", iInstance, i);
7786 PDMDevHlpSTAMRegisterF(pDevIns, &pThis->aCts[i].StatLockWait, STAMTYPE_PROFILE, STAMVISIBILITY_ALWAYS, STAMUNIT_TICKS_PER_CALL,
7787 "Profiling of locks.", "/Devices/IDE%d/ATA%d/Async/LockWait", iInstance, i);
7788#endif /* VBOX_WITH_STATISTICS */
7789
7790 /* Initialize per-controller critical section. */
7791 rc = PDMDevHlpCritSectInit(pDevIns, &pThis->aCts[i].lock, RT_SRC_POS, "ATA#%u-Ctl", i);
7792 AssertLogRelRCReturn(rc, rc);
7793
7794 /* Initialize per-controller async I/O request critical section. */
7795 rc = PDMDevHlpCritSectInit(pDevIns, &pThis->aCts[i].AsyncIORequestLock, RT_SRC_POS, "ATA#%u-Req", i);
7796 AssertLogRelRCReturn(rc, rc);
7797 }
7798
7799 /*
7800 * Attach status driver (optional).
7801 */
7802 rc = PDMDevHlpDriverAttach(pDevIns, PDM_STATUS_LUN, &pThis->IBase, &pBase, "Status Port");
7803 if (RT_SUCCESS(rc))
7804 {
7805 pThis->pLedsConnector = PDMIBASE_QUERY_INTERFACE(pBase, PDMILEDCONNECTORS);
7806 pThis->pMediaNotify = PDMIBASE_QUERY_INTERFACE(pBase, PDMIMEDIANOTIFY);
7807 }
7808 else if (rc != VERR_PDM_NO_ATTACHED_DRIVER)
7809 {
7810 AssertMsgFailed(("Failed to attach to status driver. rc=%Rrc\n", rc));
7811 return PDMDEV_SET_ERROR(pDevIns, rc, N_("PIIX3 cannot attach to status driver"));
7812 }
7813
7814 /*
7815 * Attach the units.
7816 */
7817 uint32_t cbTotalBuffer = 0;
7818 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
7819 {
7820 PATACONTROLLER pCtl = &pThis->aCts[i];
7821
7822 /*
7823 * Start the worker thread.
7824 */
7825 pCtl->uAsyncIOState = ATA_AIO_NEW;
7826 pCtl->pSupDrvSession = PDMDevHlpGetSupDrvSession(pDevIns);
7827 rc = SUPSemEventCreate(pCtl->pSupDrvSession, &pCtl->hAsyncIOSem);
7828 AssertLogRelRCReturn(rc, rc);
7829 rc = RTSemEventCreate(&pCtl->SuspendIOSem);
7830 AssertLogRelRCReturn(rc, rc);
7831
7832 ataR3AsyncIOClearRequests(pCtl);
7833 rc = RTThreadCreateF(&pCtl->AsyncIOThread, ataR3AsyncIOThread, (void *)pCtl, 128*1024 /*cbStack*/,
7834 RTTHREADTYPE_IO, RTTHREADFLAGS_WAITABLE, "ATA-%u", i);
7835 AssertLogRelRCReturn(rc, rc);
7836 Assert( pCtl->AsyncIOThread != NIL_RTTHREAD && pCtl->hAsyncIOSem != NIL_SUPSEMEVENT
7837 && pCtl->SuspendIOSem != NIL_RTSEMEVENT && PDMCritSectIsInitialized(&pCtl->AsyncIORequestLock));
7838 Log(("%s: controller %d AIO thread id %#x; sem %p susp_sem %p\n", __FUNCTION__, i, pCtl->AsyncIOThread, pCtl->hAsyncIOSem, pCtl->SuspendIOSem));
7839
7840 for (uint32_t j = 0; j < RT_ELEMENTS(pCtl->aIfs); j++)
7841 {
7842 static const char *s_apszDescs[RT_ELEMENTS(pThis->aCts)][RT_ELEMENTS(pCtl->aIfs)] =
7843 {
7844 { "Primary Master", "Primary Slave" },
7845 { "Secondary Master", "Secondary Slave" }
7846 };
7847
7848 /*
7849 * Try attach the block device and get the interfaces,
7850 * required as well as optional.
7851 */
7852 ATADevState *pIf = &pCtl->aIfs[j];
7853
7854 rc = PDMDevHlpDriverAttach(pDevIns, pIf->iLUN, &pIf->IBase, &pIf->pDrvBase, s_apszDescs[i][j]);
7855 if (RT_SUCCESS(rc))
7856 {
7857 rc = ataR3ConfigLun(pDevIns, pIf);
7858 if (RT_SUCCESS(rc))
7859 {
7860 /*
7861 * Init vendor product data.
7862 */
7863 static const char *s_apszCFGMKeys[RT_ELEMENTS(pThis->aCts)][RT_ELEMENTS(pCtl->aIfs)] =
7864 {
7865 { "PrimaryMaster", "PrimarySlave" },
7866 { "SecondaryMaster", "SecondarySlave" }
7867 };
7868
7869 /* Generate a default serial number. */
7870 char szSerial[ATA_SERIAL_NUMBER_LENGTH+1];
7871 RTUUID Uuid;
7872 if (pIf->pDrvMedia)
7873 rc = pIf->pDrvMedia->pfnGetUuid(pIf->pDrvMedia, &Uuid);
7874 else
7875 RTUuidClear(&Uuid);
7876
7877 if (RT_FAILURE(rc) || RTUuidIsNull(&Uuid))
7878 {
7879 /* Generate a predictable serial for drives which don't have a UUID. */
7880 RTStrPrintf(szSerial, sizeof(szSerial), "VB%x-%04x%04x",
7881 pIf->iLUN + pDevIns->iInstance * 32,
7882 pThis->aCts[i].IOPortBase1, pThis->aCts[i].IOPortBase2);
7883 }
7884 else
7885 RTStrPrintf(szSerial, sizeof(szSerial), "VB%08x-%08x", Uuid.au32[0], Uuid.au32[3]);
7886
7887 /* Get user config if present using defaults otherwise. */
7888 PCFGMNODE pCfgNode = CFGMR3GetChild(pCfg, s_apszCFGMKeys[i][j]);
7889 rc = CFGMR3QueryStringDef(pCfgNode, "SerialNumber", pIf->szSerialNumber, sizeof(pIf->szSerialNumber),
7890 szSerial);
7891 if (RT_FAILURE(rc))
7892 {
7893 if (rc == VERR_CFGM_NOT_ENOUGH_SPACE)
7894 return PDMDEV_SET_ERROR(pDevIns, VERR_INVALID_PARAMETER,
7895 N_("PIIX3 configuration error: \"SerialNumber\" is longer than 20 bytes"));
7896 return PDMDEV_SET_ERROR(pDevIns, rc,
7897 N_("PIIX3 configuration error: failed to read \"SerialNumber\" as string"));
7898 }
7899
7900 rc = CFGMR3QueryStringDef(pCfgNode, "FirmwareRevision", pIf->szFirmwareRevision, sizeof(pIf->szFirmwareRevision),
7901 "1.0");
7902 if (RT_FAILURE(rc))
7903 {
7904 if (rc == VERR_CFGM_NOT_ENOUGH_SPACE)
7905 return PDMDEV_SET_ERROR(pDevIns, VERR_INVALID_PARAMETER,
7906 N_("PIIX3 configuration error: \"FirmwareRevision\" is longer than 8 bytes"));
7907 return PDMDEV_SET_ERROR(pDevIns, rc,
7908 N_("PIIX3 configuration error: failed to read \"FirmwareRevision\" as string"));
7909 }
7910
7911 rc = CFGMR3QueryStringDef(pCfgNode, "ModelNumber", pIf->szModelNumber, sizeof(pIf->szModelNumber),
7912 pIf->fATAPI ? "VBOX CD-ROM" : "VBOX HARDDISK");
7913 if (RT_FAILURE(rc))
7914 {
7915 if (rc == VERR_CFGM_NOT_ENOUGH_SPACE)
7916 return PDMDEV_SET_ERROR(pDevIns, VERR_INVALID_PARAMETER,
7917 N_("PIIX3 configuration error: \"ModelNumber\" is longer than 40 bytes"));
7918 return PDMDEV_SET_ERROR(pDevIns, rc,
7919 N_("PIIX3 configuration error: failed to read \"ModelNumber\" as string"));
7920 }
7921
7922 /* There are three other identification strings for CD drives used for INQUIRY */
7923 if (pIf->fATAPI)
7924 {
7925 rc = CFGMR3QueryStringDef(pCfgNode, "ATAPIVendorId", pIf->szInquiryVendorId, sizeof(pIf->szInquiryVendorId),
7926 "VBOX");
7927 if (RT_FAILURE(rc))
7928 {
7929 if (rc == VERR_CFGM_NOT_ENOUGH_SPACE)
7930 return PDMDEV_SET_ERROR(pDevIns, VERR_INVALID_PARAMETER,
7931 N_("PIIX3 configuration error: \"ATAPIVendorId\" is longer than 16 bytes"));
7932 return PDMDEV_SET_ERROR(pDevIns, rc,
7933 N_("PIIX3 configuration error: failed to read \"ATAPIVendorId\" as string"));
7934 }
7935
7936 rc = CFGMR3QueryStringDef(pCfgNode, "ATAPIProductId", pIf->szInquiryProductId, sizeof(pIf->szInquiryProductId),
7937 "CD-ROM");
7938 if (RT_FAILURE(rc))
7939 {
7940 if (rc == VERR_CFGM_NOT_ENOUGH_SPACE)
7941 return PDMDEV_SET_ERROR(pDevIns, VERR_INVALID_PARAMETER,
7942 N_("PIIX3 configuration error: \"ATAPIProductId\" is longer than 16 bytes"));
7943 return PDMDEV_SET_ERROR(pDevIns, rc,
7944 N_("PIIX3 configuration error: failed to read \"ATAPIProductId\" as string"));
7945 }
7946
7947 rc = CFGMR3QueryStringDef(pCfgNode, "ATAPIRevision", pIf->szInquiryRevision, sizeof(pIf->szInquiryRevision),
7948 "1.0");
7949 if (RT_FAILURE(rc))
7950 {
7951 if (rc == VERR_CFGM_NOT_ENOUGH_SPACE)
7952 return PDMDEV_SET_ERROR(pDevIns, VERR_INVALID_PARAMETER,
7953 N_("PIIX3 configuration error: \"ATAPIRevision\" is longer than 4 bytes"));
7954 return PDMDEV_SET_ERROR(pDevIns, rc,
7955 N_("PIIX3 configuration error: failed to read \"ATAPIRevision\" as string"));
7956 }
7957
7958 rc = CFGMR3QueryBoolDef(pCfgNode, "OverwriteInquiry", &pIf->fOverwriteInquiry, true);
7959 if (RT_FAILURE(rc))
7960 return PDMDEV_SET_ERROR(pDevIns, rc,
7961 N_("PIIX3 configuration error: failed to read \"OverwriteInquiry\" as boolean"));
7962 }
7963 }
7964
7965 }
7966 else if (rc == VERR_PDM_NO_ATTACHED_DRIVER)
7967 {
7968 pIf->pDrvBase = NULL;
7969 pIf->pDrvMedia = NULL;
7970 pIf->cbIOBuffer = 0;
7971 pIf->pbIOBufferR3 = NULL;
7972 pIf->pbIOBufferR0 = NIL_RTR0PTR;
7973 pIf->pbIOBufferRC = NIL_RTGCPTR;
7974 LogRel(("PIIX3 ATA: LUN#%d: no unit\n", pIf->iLUN));
7975 }
7976 else
7977 {
7978 switch (rc)
7979 {
7980 case VERR_ACCESS_DENIED:
7981 /* Error already cached by DrvHostBase */
7982 return rc;
7983 default:
7984 return PDMDevHlpVMSetError(pDevIns, rc, RT_SRC_POS,
7985 N_("PIIX3 cannot attach drive to the %s"),
7986 s_apszDescs[i][j]);
7987 }
7988 }
7989 cbTotalBuffer += pIf->cbIOBuffer;
7990 }
7991 }
7992
7993 /*
7994 * Register the I/O ports.
7995 * The ports are all hardcoded and enforced by the PIIX3 host bridge controller.
7996 */
7997 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
7998 {
7999 if (!pThis->aCts[i].aIfs[0].pDrvMedia && !pThis->aCts[i].aIfs[1].pDrvMedia)
8000 {
8001 /* No device present on this ATA bus; requires special handling. */
8002 rc = PDMDevHlpIOPortRegister(pDevIns, pThis->aCts[i].IOPortBase1, 8, (RTHCPTR)(uintptr_t)i,
8003 ataIOPortWriteEmptyBus, ataIOPortReadEmptyBus, NULL, NULL, "ATA I/O Base 1 - Empty Bus");
8004
8005 AssertLogRelRCReturn(rc, rc);
8006 rc = PDMDevHlpIOPortRegister(pDevIns, pThis->aCts[i].IOPortBase2, 1, (RTHCPTR)(uintptr_t)i,
8007 ataIOPortWriteEmptyBus, ataIOPortReadEmptyBus, NULL, NULL, "ATA I/O Base 2 - Empty Bus");
8008 AssertLogRelRCReturn(rc, rc);
8009
8010 if (fRCEnabled)
8011 {
8012 rc = PDMDevHlpIOPortRegisterRC(pDevIns, pThis->aCts[i].IOPortBase1, 8, (RTGCPTR)i,
8013 "ataIOPortWriteEmptyBus", "ataIOPortReadEmptyBus", NULL, NULL, "ATA I/O Base 1 - Empty Bus");
8014 AssertLogRelRCReturn(rc, rc);
8015 rc = PDMDevHlpIOPortRegisterRC(pDevIns, pThis->aCts[i].IOPortBase2, 1, (RTGCPTR)i,
8016 "ataIOPortWriteEmptyBus", "ataIOPortReadEmptyBus", NULL, NULL, "ATA I/O Base 2 - Empty Bus");
8017 AssertLogRelRCReturn(rc, rc);
8018 }
8019
8020 if (fR0Enabled)
8021 {
8022 rc = PDMDevHlpIOPortRegisterR0(pDevIns, pThis->aCts[i].IOPortBase1, 8, (RTR0PTR)i,
8023 "ataIOPortWriteEmptyBus", "ataIOPortReadEmptyBus", NULL, NULL, "ATA I/O Base 1 - Empty Bus");
8024 AssertLogRelRCReturn(rc, rc);
8025 rc = PDMDevHlpIOPortRegisterR0(pDevIns, pThis->aCts[i].IOPortBase2, 1, (RTR0PTR)i,
8026 "ataIOPortWriteEmptyBus", "ataIOPortReadEmptyBus", NULL, NULL, "ATA I/O Base 2 - Empty Bus");
8027 AssertLogRelRCReturn(rc, rc);
8028 }
8029 }
8030 else
8031 {
8032 /* At least one device present, register regular handlers. */
8033 rc = PDMDevHlpIOPortRegister(pDevIns, pThis->aCts[i].IOPortBase1, 1, (RTHCPTR)(uintptr_t)i,
8034 ataIOPortWrite1Data, ataIOPortRead1Data,
8035 ataIOPortWriteStr1Data, ataIOPortReadStr1Data, "ATA I/O Base 1 - Data");
8036 AssertLogRelRCReturn(rc, rc);
8037 rc = PDMDevHlpIOPortRegister(pDevIns, pThis->aCts[i].IOPortBase1 + 1, 7, (RTHCPTR)(uintptr_t)i,
8038 ataIOPortWrite1Other, ataIOPortRead1Other, NULL, NULL, "ATA I/O Base 1 - Other");
8039
8040 AssertLogRelRCReturn(rc, rc);
8041 if (fRCEnabled)
8042 {
8043 rc = PDMDevHlpIOPortRegisterRC(pDevIns, pThis->aCts[i].IOPortBase1, 1, (RTGCPTR)i,
8044 "ataIOPortWrite1Data", "ataIOPortRead1Data",
8045 "ataIOPortWriteStr1Data", "ataIOPortReadStr1Data", "ATA I/O Base 1 - Data");
8046 AssertLogRelRCReturn(rc, rc);
8047 rc = PDMDevHlpIOPortRegisterRC(pDevIns, pThis->aCts[i].IOPortBase1 + 1, 7, (RTGCPTR)i,
8048 "ataIOPortWrite1Other", "ataIOPortRead1Other", NULL, NULL, "ATA I/O Base 1 - Other");
8049 AssertLogRelRCReturn(rc, rc);
8050 }
8051
8052 if (fR0Enabled)
8053 {
8054 #if 0
8055 rc = PDMDevHlpIOPortRegisterR0(pDevIns, pThis->aCts[i].IOPortBase1, 1, (RTR0PTR)i,
8056 "ataIOPortWrite1Data", "ataIOPortRead1Data", NULL, NULL, "ATA I/O Base 1 - Data");
8057 #else
8058 rc = PDMDevHlpIOPortRegisterR0(pDevIns, pThis->aCts[i].IOPortBase1, 1, (RTR0PTR)i,
8059 "ataIOPortWrite1Data", "ataIOPortRead1Data",
8060 "ataIOPortWriteStr1Data", "ataIOPortReadStr1Data", "ATA I/O Base 1 - Data");
8061 #endif
8062 AssertLogRelRCReturn(rc, rc);
8063 rc = PDMDevHlpIOPortRegisterR0(pDevIns, pThis->aCts[i].IOPortBase1 + 1, 7, (RTR0PTR)i,
8064 "ataIOPortWrite1Other", "ataIOPortRead1Other", NULL, NULL, "ATA I/O Base 1 - Other");
8065 AssertLogRelRCReturn(rc, rc);
8066 }
8067
8068 rc = PDMDevHlpIOPortRegister(pDevIns, pThis->aCts[i].IOPortBase2, 1, (RTHCPTR)(uintptr_t)i,
8069 ataIOPortWrite2, ataIOPortRead2, NULL, NULL, "ATA I/O Base 2");
8070 if (RT_FAILURE(rc))
8071 return PDMDEV_SET_ERROR(pDevIns, rc, N_("PIIX3 cannot register base2 I/O handlers"));
8072
8073 if (fRCEnabled)
8074 {
8075 rc = PDMDevHlpIOPortRegisterRC(pDevIns, pThis->aCts[i].IOPortBase2, 1, (RTGCPTR)i,
8076 "ataIOPortWrite2", "ataIOPortRead2", NULL, NULL, "ATA I/O Base 2");
8077 if (RT_FAILURE(rc))
8078 return PDMDEV_SET_ERROR(pDevIns, rc, N_("PIIX3 cannot register base2 I/O handlers (GC)"));
8079 }
8080 if (fR0Enabled)
8081 {
8082 rc = PDMDevHlpIOPortRegisterR0(pDevIns, pThis->aCts[i].IOPortBase2, 1, (RTR0PTR)i,
8083 "ataIOPortWrite2", "ataIOPortRead2", NULL, NULL, "ATA I/O Base 2");
8084 if (RT_FAILURE(rc))
8085 return PDMDEV_SET_ERROR(pDevIns, rc, N_("PIIX3 cannot register base2 I/O handlers (R0)"));
8086 }
8087 }
8088 }
8089
8090 rc = PDMDevHlpSSMRegisterEx(pDevIns, ATA_SAVED_STATE_VERSION, sizeof(*pThis) + cbTotalBuffer, NULL,
8091 NULL, ataR3LiveExec, NULL,
8092 ataR3SaveLoadPrep, ataR3SaveExec, NULL,
8093 ataR3SaveLoadPrep, ataR3LoadExec, NULL);
8094 if (RT_FAILURE(rc))
8095 return PDMDEV_SET_ERROR(pDevIns, rc, N_("PIIX3 cannot register save state handlers"));
8096
8097 /*
8098 * Initialize the device state.
8099 */
8100 return ataR3ResetCommon(pDevIns, true /*fConstruct*/);
8101}
8102
8103
8104/**
8105 * The device registration structure.
8106 */
8107const PDMDEVREG g_DevicePIIX3IDE =
8108{
8109 /* u32Version */
8110 PDM_DEVREG_VERSION,
8111 /* szName */
8112 "piix3ide",
8113 /* szRCMod */
8114 "VBoxDDRC.rc",
8115 /* szR0Mod */
8116 "VBoxDDR0.r0",
8117 /* pszDescription */
8118 "Intel PIIX3 ATA controller.\n"
8119 " LUN #0 is primary master.\n"
8120 " LUN #1 is primary slave.\n"
8121 " LUN #2 is secondary master.\n"
8122 " LUN #3 is secondary slave.\n"
8123 " LUN #999 is the LED/Status connector.",
8124 /* fFlags */
8125 PDM_DEVREG_FLAGS_DEFAULT_BITS | PDM_DEVREG_FLAGS_RC | PDM_DEVREG_FLAGS_R0 |
8126 PDM_DEVREG_FLAGS_FIRST_SUSPEND_NOTIFICATION | PDM_DEVREG_FLAGS_FIRST_POWEROFF_NOTIFICATION |
8127 PDM_DEVREG_FLAGS_FIRST_RESET_NOTIFICATION,
8128 /* fClass */
8129 PDM_DEVREG_CLASS_STORAGE,
8130 /* cMaxInstances */
8131 1,
8132 /* cbInstance */
8133 sizeof(PCIATAState),
8134 /* pfnConstruct */
8135 ataR3Construct,
8136 /* pfnDestruct */
8137 ataR3Destruct,
8138 /* pfnRelocate */
8139 ataR3Relocate,
8140 /* pfnMemSetup */
8141 NULL,
8142 /* pfnPowerOn */
8143 NULL,
8144 /* pfnReset */
8145 ataR3Reset,
8146 /* pfnSuspend */
8147 ataR3Suspend,
8148 /* pfnResume */
8149 ataR3Resume,
8150 /* pfnAttach */
8151 ataR3Attach,
8152 /* pfnDetach */
8153 ataR3Detach,
8154 /* pfnQueryInterface. */
8155 NULL,
8156 /* pfnInitComplete */
8157 NULL,
8158 /* pfnPowerOff */
8159 ataR3PowerOff,
8160 /* pfnSoftReset */
8161 NULL,
8162 /* u32VersionEnd */
8163 PDM_DEVREG_VERSION
8164};
8165#endif /* IN_RING3 */
8166#endif /* !VBOX_DEVICE_STRUCT_TESTCASE */
Note: See TracBrowser for help on using the repository browser.

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette