VirtualBox

source: vbox/trunk/src/VBox/Devices/Storage/DevATA.cpp@ 21094

Last change on this file since 21094 was 20567, checked in by vboxsync, 16 years ago

DevATA,ATAController: Do not use MMGCRamReadNoTrapHandler nor MMGCRamWriteNoTrapHandler like that, they may both raise guru meditations. Changed the code to use the same PGMPhys*Read/Write APIs as in ring-3.

  • Property svn:eol-style set to native
  • Property svn:keywords set to Author Date Id Revision
File size: 255.7 KB
Line 
1/* $Id: DevATA.cpp 20567 2009-06-14 20:31:54Z vboxsync $ */
2/** @file
3 * VBox storage devices: ATA/ATAPI controller device (disk and cdrom).
4 */
5
6/*
7 * Copyright (C) 2006-2008 Sun Microsystems, Inc.
8 *
9 * This file is part of VirtualBox Open Source Edition (OSE), as
10 * available from http://www.virtualbox.org. This file is free software;
11 * you can redistribute it and/or modify it under the terms of the GNU
12 * General Public License (GPL) as published by the Free Software
13 * Foundation, in version 2 as it comes in the "COPYING" file of the
14 * VirtualBox OSE distribution. VirtualBox OSE is distributed in the
15 * hope that it will be useful, but WITHOUT ANY WARRANTY of any kind.
16 *
17 * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa
18 * Clara, CA 95054 USA or visit http://www.sun.com if you need
19 * additional information or have any questions.
20 */
21
22/*******************************************************************************
23* Defined Constants And Macros *
24*******************************************************************************/
25/** Temporary instrumentation for tracking down potential virtual disk
26 * write performance issues. */
27#undef VBOX_INSTRUMENT_DMA_WRITES
28
29/**
30 * The SSM saved state versions.
31 */
32#define ATA_SAVED_STATE_VERSION 19
33#define ATA_SAVED_STATE_VERSION_WITH_BOOL_TYPE 18
34#define ATA_SAVED_STATE_VERSION_WITHOUT_FULL_SENSE 16
35#define ATA_SAVED_STATE_VERSION_WITHOUT_EVENT_STATUS 17
36
37
38/*******************************************************************************
39* Header Files *
40*******************************************************************************/
41#define LOG_GROUP LOG_GROUP_DEV_IDE
42#include <VBox/pdmdev.h>
43#include <iprt/assert.h>
44#include <iprt/string.h>
45#ifdef IN_RING3
46# include <iprt/uuid.h>
47# include <iprt/semaphore.h>
48# include <iprt/thread.h>
49# include <iprt/time.h>
50# include <iprt/alloc.h>
51#endif /* IN_RING3 */
52#include <iprt/critsect.h>
53#include <iprt/asm.h>
54#include <VBox/stam.h>
55#include <VBox/mm.h>
56#include <VBox/pgm.h>
57
58#include <VBox/scsi.h>
59
60#include "PIIX3ATABmDma.h"
61#include "ide.h"
62#include "../Builtins.h"
63
64/*******************************************************************************
65* Defined Constants And Macros *
66*******************************************************************************/
67/**
68 * Maximum number of sectors to transfer in a READ/WRITE MULTIPLE request.
69 * Set to 1 to disable multi-sector read support. According to the ATA
70 * specification this must be a power of 2 and it must fit in an 8 bit
71 * value. Thus the only valid values are 1, 2, 4, 8, 16, 32, 64 and 128.
72 */
73#define ATA_MAX_MULT_SECTORS 128
74
75/**
76 * Fastest PIO mode supported by the drive.
77 */
78#define ATA_PIO_MODE_MAX 4
79/**
80 * Fastest MDMA mode supported by the drive.
81 */
82#define ATA_MDMA_MODE_MAX 2
83/**
84 * Fastest UDMA mode supported by the drive.
85 */
86#define ATA_UDMA_MODE_MAX 6
87
88/** ATAPI sense info size. */
89#define ATAPI_SENSE_SIZE 64
90
91/** The maximum number of release log entries per device. */
92#define MAX_LOG_REL_ERRORS 1024
93
94/* MediaEventStatus */
95#define ATA_EVENT_STATUS_UNCHANGED 0 /**< medium event status not changed */
96#define ATA_EVENT_STATUS_MEDIA_NEW 1 /**< new medium inserted */
97#define ATA_EVENT_STATUS_MEDIA_REMOVED 2 /**< medium removed */
98#define ATA_EVENT_STATUS_MEDIA_CHANGED 3 /**< medium was removed + new medium was inserted */
99
100/**
101 * Length of the configurable VPD data (without termination)
102 */
103#define ATA_SERIAL_NUMBER_LENGTH 20
104#define ATA_FIRMWARE_REVISION_LENGTH 8
105#define ATA_MODEL_NUMBER_LENGTH 40
106
107/*******************************************************************************
108* Structures and Typedefs *
109*******************************************************************************/
110typedef struct ATADevState {
111 /** Flag indicating whether the current command uses LBA48 mode. */
112 bool fLBA48;
113 /** Flag indicating whether this drive implements the ATAPI command set. */
114 bool fATAPI;
115 /** Set if this interface has asserted the IRQ. */
116 bool fIrqPending;
117 /** Currently configured number of sectors in a multi-sector transfer. */
118 uint8_t cMultSectors;
119 /** PCHS disk geometry. */
120 PDMMEDIAGEOMETRY PCHSGeometry;
121 /** Total number of sectors on this disk. */
122 uint64_t cTotalSectors;
123 /** Number of sectors to transfer per IRQ. */
124 uint32_t cSectorsPerIRQ;
125
126 /** ATA/ATAPI register 1: feature (write-only). */
127 uint8_t uATARegFeature;
128 /** ATA/ATAPI register 1: feature, high order byte. */
129 uint8_t uATARegFeatureHOB;
130 /** ATA/ATAPI register 1: error (read-only). */
131 uint8_t uATARegError;
132 /** ATA/ATAPI register 2: sector count (read/write). */
133 uint8_t uATARegNSector;
134 /** ATA/ATAPI register 2: sector count, high order byte. */
135 uint8_t uATARegNSectorHOB;
136 /** ATA/ATAPI register 3: sector (read/write). */
137 uint8_t uATARegSector;
138 /** ATA/ATAPI register 3: sector, high order byte. */
139 uint8_t uATARegSectorHOB;
140 /** ATA/ATAPI register 4: cylinder low (read/write). */
141 uint8_t uATARegLCyl;
142 /** ATA/ATAPI register 4: cylinder low, high order byte. */
143 uint8_t uATARegLCylHOB;
144 /** ATA/ATAPI register 5: cylinder high (read/write). */
145 uint8_t uATARegHCyl;
146 /** ATA/ATAPI register 5: cylinder high, high order byte. */
147 uint8_t uATARegHCylHOB;
148 /** ATA/ATAPI register 6: select drive/head (read/write). */
149 uint8_t uATARegSelect;
150 /** ATA/ATAPI register 7: status (read-only). */
151 uint8_t uATARegStatus;
152 /** ATA/ATAPI register 7: command (write-only). */
153 uint8_t uATARegCommand;
154 /** ATA/ATAPI drive control register (write-only). */
155 uint8_t uATARegDevCtl;
156
157 /** Currently active transfer mode (MDMA/UDMA) and speed. */
158 uint8_t uATATransferMode;
159 /** Current transfer direction. */
160 uint8_t uTxDir;
161 /** Index of callback for begin transfer. */
162 uint8_t iBeginTransfer;
163 /** Index of callback for source/sink of data. */
164 uint8_t iSourceSink;
165 /** Flag indicating whether the current command transfers data in DMA mode. */
166 bool fDMA;
167 /** Set to indicate that ATAPI transfer semantics must be used. */
168 bool fATAPITransfer;
169
170 /** Total ATA/ATAPI transfer size, shared PIO/DMA. */
171 uint32_t cbTotalTransfer;
172 /** Elementary ATA/ATAPI transfer size, shared PIO/DMA. */
173 uint32_t cbElementaryTransfer;
174 /** Current read/write buffer position, shared PIO/DMA. */
175 uint32_t iIOBufferCur;
176 /** First element beyond end of valid buffer content, shared PIO/DMA. */
177 uint32_t iIOBufferEnd;
178
179 /** ATA/ATAPI current PIO read/write transfer position. Not shared with DMA for safety reasons. */
180 uint32_t iIOBufferPIODataStart;
181 /** ATA/ATAPI current PIO read/write transfer end. Not shared with DMA for safety reasons. */
182 uint32_t iIOBufferPIODataEnd;
183
184 /** ATAPI current LBA position. */
185 uint32_t iATAPILBA;
186 /** ATAPI current sector size. */
187 uint32_t cbATAPISector;
188 /** ATAPI current command. */
189 uint8_t aATAPICmd[ATAPI_PACKET_SIZE];
190 /** ATAPI sense data. */
191 uint8_t abATAPISense[ATAPI_SENSE_SIZE];
192 /** HACK: Countdown till we report a newly unmounted drive as mounted. */
193 uint8_t cNotifiedMediaChange;
194 /** The same for GET_EVENT_STATUS for mechanism */
195 volatile uint32_t MediaEventStatus;
196
197 uint32_t Alignment0;
198
199 /** The status LED state for this drive. */
200 PDMLED Led;
201
202 /** Size of I/O buffer. */
203 uint32_t cbIOBuffer;
204 /** Pointer to the I/O buffer. */
205 R3PTRTYPE(uint8_t *) pbIOBufferR3;
206 /** Pointer to the I/O buffer. */
207 R0PTRTYPE(uint8_t *) pbIOBufferR0;
208 /** Pointer to the I/O buffer. */
209 RCPTRTYPE(uint8_t *) pbIOBufferRC;
210
211 RTRCPTR Aligmnent1; /**< Align the statistics at an 8-byte boundrary. */
212
213 /*
214 * No data that is part of the saved state after this point!!!!!
215 */
216
217 /* Release statistics: number of ATA DMA commands. */
218 STAMCOUNTER StatATADMA;
219 /* Release statistics: number of ATA PIO commands. */
220 STAMCOUNTER StatATAPIO;
221 /* Release statistics: number of ATAPI PIO commands. */
222 STAMCOUNTER StatATAPIDMA;
223 /* Release statistics: number of ATAPI PIO commands. */
224 STAMCOUNTER StatATAPIPIO;
225#ifdef VBOX_INSTRUMENT_DMA_WRITES
226 /* Release statistics: number of DMA sector writes and the time spent. */
227 STAMPROFILEADV StatInstrVDWrites;
228#endif
229
230 /** Statistics: number of read operations and the time spent reading. */
231 STAMPROFILEADV StatReads;
232 /** Statistics: number of bytes read. */
233 STAMCOUNTER StatBytesRead;
234 /** Statistics: number of write operations and the time spent writing. */
235 STAMPROFILEADV StatWrites;
236 /** Statistics: number of bytes written. */
237 STAMCOUNTER StatBytesWritten;
238 /** Statistics: number of flush operations and the time spend flushing. */
239 STAMPROFILE StatFlushes;
240
241 /** Enable passing through commands directly to the ATAPI drive. */
242 bool fATAPIPassthrough;
243 /** Number of errors we've reported to the release log.
244 * This is to prevent flooding caused by something going horribly wrong.
245 * this value against MAX_LOG_REL_ERRORS in places likely to cause floods
246 * like the ones we currently seeing on the linux smoke tests (2006-11-10). */
247 uint32_t cErrors;
248 /** Timestamp of last started command. 0 if no command pending. */
249 uint64_t u64CmdTS;
250
251 /** Pointer to the attached driver's base interface. */
252 R3PTRTYPE(PPDMIBASE) pDrvBase;
253 /** Pointer to the attached driver's block interface. */
254 R3PTRTYPE(PPDMIBLOCK) pDrvBlock;
255 /** Pointer to the attached driver's block bios interface. */
256 R3PTRTYPE(PPDMIBLOCKBIOS) pDrvBlockBios;
257 /** Pointer to the attached driver's mount interface.
258 * This is NULL if the driver isn't a removable unit. */
259 R3PTRTYPE(PPDMIMOUNT) pDrvMount;
260 /** The base interface. */
261 PDMIBASE IBase;
262 /** The block port interface. */
263 PDMIBLOCKPORT IPort;
264 /** The mount notify interface. */
265 PDMIMOUNTNOTIFY IMountNotify;
266 /** The LUN #. */
267 RTUINT iLUN;
268#if HC_ARCH_BITS == 64
269 RTUINT Alignment2; /**< Align pDevInsR3 correctly. */
270#endif
271 /** Pointer to device instance. */
272 PPDMDEVINSR3 pDevInsR3;
273 /** Pointer to controller instance. */
274 R3PTRTYPE(struct ATACONTROLLER *) pControllerR3;
275 /** Pointer to device instance. */
276 PPDMDEVINSR0 pDevInsR0;
277 /** Pointer to controller instance. */
278 R0PTRTYPE(struct ATACONTROLLER *) pControllerR0;
279 /** Pointer to device instance. */
280 PPDMDEVINSRC pDevInsRC;
281 /** Pointer to controller instance. */
282 RCPTRTYPE(struct ATACONTROLLER *) pControllerRC;
283
284 /** The serial numnber to use for IDENTIFY DEVICE commands. */
285 char szSerialNumber[ATA_SERIAL_NUMBER_LENGTH+1];
286 /** The firmware revision to use for IDENTIFY DEVICE commands. */
287 char szFirmwareRevision[ATA_FIRMWARE_REVISION_LENGTH+1];
288 /** The model number to use for IDENTIFY DEVICE commands. */
289 char szModelNumber[ATA_MODEL_NUMBER_LENGTH+1];
290
291#if HC_ARCH_BITS == 64
292 uint32_t Alignment3[2];
293#endif
294} ATADevState;
295
296
297typedef struct ATATransferRequest
298{
299 uint8_t iIf;
300 uint8_t iBeginTransfer;
301 uint8_t iSourceSink;
302 uint32_t cbTotalTransfer;
303 uint8_t uTxDir;
304} ATATransferRequest;
305
306
307typedef struct ATAAbortRequest
308{
309 uint8_t iIf;
310 bool fResetDrive;
311} ATAAbortRequest;
312
313
314typedef enum
315{
316 /** Begin a new transfer. */
317 ATA_AIO_NEW = 0,
318 /** Continue a DMA transfer. */
319 ATA_AIO_DMA,
320 /** Continue a PIO transfer. */
321 ATA_AIO_PIO,
322 /** Reset the drives on current controller, stop all transfer activity. */
323 ATA_AIO_RESET_ASSERTED,
324 /** Reset the drives on current controller, resume operation. */
325 ATA_AIO_RESET_CLEARED,
326 /** Abort the current transfer of a particular drive. */
327 ATA_AIO_ABORT
328} ATAAIO;
329
330
331typedef struct ATARequest
332{
333 ATAAIO ReqType;
334 union
335 {
336 ATATransferRequest t;
337 ATAAbortRequest a;
338 } u;
339} ATARequest;
340
341
342typedef struct ATACONTROLLER
343{
344 /** The base of the first I/O Port range. */
345 RTIOPORT IOPortBase1;
346 /** The base of the second I/O Port range. (0 if none) */
347 RTIOPORT IOPortBase2;
348 /** The assigned IRQ. */
349 RTUINT irq;
350 /** Access critical section */
351 PDMCRITSECT lock;
352
353 /** Selected drive. */
354 uint8_t iSelectedIf;
355 /** The interface on which to handle async I/O. */
356 uint8_t iAIOIf;
357 /** The state of the async I/O thread. */
358 uint8_t uAsyncIOState;
359 /** Flag indicating whether the next transfer is part of the current command. */
360 bool fChainedTransfer;
361 /** Set when the reset processing is currently active on this controller. */
362 bool fReset;
363 /** Flag whether the current transfer needs to be redone. */
364 bool fRedo;
365 /** Flag whether the redo suspend has been finished. */
366 bool fRedoIdle;
367 /** Flag whether the DMA operation to be redone is the final transfer. */
368 bool fRedoDMALastDesc;
369 /** The BusMaster DMA state. */
370 BMDMAState BmDma;
371 /** Pointer to first DMA descriptor. */
372 RTGCPHYS32 pFirstDMADesc;
373 /** Pointer to last DMA descriptor. */
374 RTGCPHYS32 pLastDMADesc;
375 /** Pointer to current DMA buffer (for redo operations). */
376 RTGCPHYS32 pRedoDMABuffer;
377 /** Size of current DMA buffer (for redo operations). */
378 uint32_t cbRedoDMABuffer;
379
380 /** The ATA/ATAPI interfaces of this controller. */
381 ATADevState aIfs[2];
382
383 /** Pointer to device instance. */
384 PPDMDEVINSR3 pDevInsR3;
385 /** Pointer to device instance. */
386 PPDMDEVINSR0 pDevInsR0;
387 /** Pointer to device instance. */
388 PPDMDEVINSRC pDevInsRC;
389
390 /** Set when the destroying the device instance and the thread must exit. */
391 uint32_t volatile fShutdown;
392 /** The async I/O thread handle. NIL_RTTHREAD if no thread. */
393 RTTHREAD AsyncIOThread;
394 /** The event semaphore the thread is waiting on for requests. */
395 RTSEMEVENT AsyncIOSem;
396 /** The request queue for the AIO thread. One element is always unused. */
397 ATARequest aAsyncIORequests[4];
398 /** The position at which to insert a new request for the AIO thread. */
399 uint8_t AsyncIOReqHead;
400 /** The position at which to get a new request for the AIO thread. */
401 uint8_t AsyncIOReqTail;
402 uint8_t Alignment3[2]; /**< Explicit padding of the 2 byte gap. */
403 /** Magic delay before triggering interrupts in DMA mode. */
404 uint32_t DelayIRQMillies;
405 /** The mutex protecting the request queue. */
406 RTSEMMUTEX AsyncIORequestMutex;
407 /** The event semaphore the thread is waiting on during suspended I/O. */
408 RTSEMEVENT SuspendIOSem;
409#if 0 /*HC_ARCH_BITS == 32*/
410 uint32_t Alignment0;
411#endif
412
413 /** Timestamp we started the reset. */
414 uint64_t u64ResetTime;
415
416 /* Statistics */
417 STAMCOUNTER StatAsyncOps;
418 uint64_t StatAsyncMinWait;
419 uint64_t StatAsyncMaxWait;
420 STAMCOUNTER StatAsyncTimeUS;
421 STAMPROFILEADV StatAsyncTime;
422 STAMPROFILE StatLockWait;
423} ATACONTROLLER, *PATACONTROLLER;
424
425typedef enum CHIPSET
426{
427 /** PIIX3 chipset, must be 0 for saved state compatibility */
428 CHIPSET_PIIX3 = 0,
429 /** PIIX4 chipset, must be 1 for saved state compatibility */
430 CHIPSET_PIIX4 = 1,
431 /** ICH6 chipset */
432 CHIPSET_ICH6 = 2
433} CHIPSET;
434
435typedef struct PCIATAState {
436 PCIDEVICE dev;
437 /** The controllers. */
438 ATACONTROLLER aCts[2];
439 /** Pointer to device instance. */
440 PPDMDEVINSR3 pDevIns;
441 /** Status Port - Base interface. */
442 PDMIBASE IBase;
443 /** Status Port - Leds interface. */
444 PDMILEDPORTS ILeds;
445 /** Partner of ILeds. */
446 R3PTRTYPE(PPDMILEDCONNECTORS) pLedsConnector;
447 /** Flag whether GC is enabled. */
448 bool fGCEnabled;
449 /** Flag whether R0 is enabled. */
450 bool fR0Enabled;
451 /** Flag indicating chipset being emulated. */
452 uint8_t u8Type;
453 bool Alignment0[HC_ARCH_BITS == 64 ? 5 : 1 ]; /**< Align the struct size. */
454} PCIATAState;
455
456#define PDMIBASE_2_PCIATASTATE(pInterface) ( (PCIATAState *)((uintptr_t)(pInterface) - RT_OFFSETOF(PCIATAState, IBase)) )
457#define PDMILEDPORTS_2_PCIATASTATE(pInterface) ( (PCIATAState *)((uintptr_t)(pInterface) - RT_OFFSETOF(PCIATAState, ILeds)) )
458#define PDMIBLOCKPORT_2_ATASTATE(pInterface) ( (ATADevState *)((uintptr_t)(pInterface) - RT_OFFSETOF(ATADevState, IPort)) )
459#define PDMIMOUNT_2_ATASTATE(pInterface) ( (ATADevState *)((uintptr_t)(pInterface) - RT_OFFSETOF(ATADevState, IMount)) )
460#define PDMIMOUNTNOTIFY_2_ATASTATE(pInterface) ( (ATADevState *)((uintptr_t)(pInterface) - RT_OFFSETOF(ATADevState, IMountNotify)) )
461#define PCIDEV_2_PCIATASTATE(pPciDev) ( (PCIATAState *)(pPciDev) )
462
463#define ATACONTROLLER_IDX(pController) ( (pController) - PDMINS_2_DATA(CONTROLLER_2_DEVINS(pController), PCIATAState *)->aCts )
464
465#define ATADEVSTATE_2_CONTROLLER(pIf) ( (pIf)->CTX_SUFF(pController) )
466#define ATADEVSTATE_2_DEVINS(pIf) ( (pIf)->CTX_SUFF(pDevIns) )
467#define CONTROLLER_2_DEVINS(pController) ( (pController)->CTX_SUFF(pDevIns) )
468#define PDMIBASE_2_ATASTATE(pInterface) ( (ATADevState *)((uintptr_t)(pInterface) - RT_OFFSETOF(ATADevState, IBase)) )
469
470#ifndef VBOX_DEVICE_STRUCT_TESTCASE
471/*******************************************************************************
472 * Internal Functions *
473 ******************************************************************************/
474RT_C_DECLS_BEGIN
475PDMBOTHCBDECL(int) ataIOPortWrite1(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t u32, unsigned cb);
476PDMBOTHCBDECL(int) ataIOPortRead1(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t *u32, unsigned cb);
477PDMBOTHCBDECL(int) ataIOPortWriteStr1(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, RTGCPTR *pGCPtrSrc, PRTGCUINTREG pcTransfer, unsigned cb);
478PDMBOTHCBDECL(int) ataIOPortReadStr1(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, RTGCPTR *pGCPtrDst, PRTGCUINTREG pcTransfer, unsigned cb);
479PDMBOTHCBDECL(int) ataIOPortWrite2(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t u32, unsigned cb);
480PDMBOTHCBDECL(int) ataIOPortRead2(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t *u32, unsigned cb);
481PDMBOTHCBDECL(int) ataBMDMAIOPortWrite(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t u32, unsigned cb);
482PDMBOTHCBDECL(int) ataBMDMAIOPortRead(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t *pu32, unsigned cb);
483RT_C_DECLS_END
484
485
486
487DECLINLINE(void) ataSetStatusValue(ATADevState *s, uint8_t stat)
488{
489 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
490
491 /* Freeze status register contents while processing RESET. */
492 if (!pCtl->fReset)
493 {
494 s->uATARegStatus = stat;
495 Log2(("%s: LUN#%d status %#04x\n", __FUNCTION__, s->iLUN, s->uATARegStatus));
496 }
497}
498
499
500DECLINLINE(void) ataSetStatus(ATADevState *s, uint8_t stat)
501{
502 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
503
504 /* Freeze status register contents while processing RESET. */
505 if (!pCtl->fReset)
506 {
507 s->uATARegStatus |= stat;
508 Log2(("%s: LUN#%d status %#04x\n", __FUNCTION__, s->iLUN, s->uATARegStatus));
509 }
510}
511
512
513DECLINLINE(void) ataUnsetStatus(ATADevState *s, uint8_t stat)
514{
515 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
516
517 /* Freeze status register contents while processing RESET. */
518 if (!pCtl->fReset)
519 {
520 s->uATARegStatus &= ~stat;
521 Log2(("%s: LUN#%d status %#04x\n", __FUNCTION__, s->iLUN, s->uATARegStatus));
522 }
523}
524
525#ifdef IN_RING3
526
527typedef void (*PBeginTransferFunc)(ATADevState *);
528typedef bool (*PSourceSinkFunc)(ATADevState *);
529
530static void ataReadWriteSectorsBT(ATADevState *);
531static void ataPacketBT(ATADevState *);
532static void atapiCmdBT(ATADevState *);
533static void atapiPassthroughCmdBT(ATADevState *);
534
535static bool ataIdentifySS(ATADevState *);
536static bool ataFlushSS(ATADevState *);
537static bool ataReadSectorsSS(ATADevState *);
538static bool ataWriteSectorsSS(ATADevState *);
539static bool ataExecuteDeviceDiagnosticSS(ATADevState *);
540static bool ataPacketSS(ATADevState *);
541static bool atapiGetConfigurationSS(ATADevState *);
542static bool atapiGetEventStatusNotificationSS(ATADevState *);
543static bool atapiIdentifySS(ATADevState *);
544static bool atapiInquirySS(ATADevState *);
545static bool atapiMechanismStatusSS(ATADevState *);
546static bool atapiModeSenseErrorRecoverySS(ATADevState *);
547static bool atapiModeSenseCDStatusSS(ATADevState *);
548static bool atapiReadSS(ATADevState *);
549static bool atapiReadCapacitySS(ATADevState *);
550static bool atapiReadDiscInformationSS(ATADevState *);
551static bool atapiReadTOCNormalSS(ATADevState *);
552static bool atapiReadTOCMultiSS(ATADevState *);
553static bool atapiReadTOCRawSS(ATADevState *);
554static bool atapiReadTrackInformationSS(ATADevState *);
555static bool atapiRequestSenseSS(ATADevState *);
556static bool atapiPassthroughSS(ATADevState *);
557static bool atapiReadDVDStructureSS(ATADevState *);
558
559/**
560 * Begin of transfer function indexes for g_apfnBeginTransFuncs.
561 */
562typedef enum ATAFNBT
563{
564 ATAFN_BT_NULL = 0,
565 ATAFN_BT_READ_WRITE_SECTORS,
566 ATAFN_BT_PACKET,
567 ATAFN_BT_ATAPI_CMD,
568 ATAFN_BT_ATAPI_PASSTHROUGH_CMD,
569 ATAFN_BT_MAX
570} ATAFNBT;
571
572/**
573 * Array of end transfer functions, the index is ATAFNET.
574 * Make sure ATAFNET and this array match!
575 */
576static const PBeginTransferFunc g_apfnBeginTransFuncs[ATAFN_BT_MAX] =
577{
578 NULL,
579 ataReadWriteSectorsBT,
580 ataPacketBT,
581 atapiCmdBT,
582 atapiPassthroughCmdBT,
583};
584
585/**
586 * Source/sink function indexes for g_apfnSourceSinkFuncs.
587 */
588typedef enum ATAFNSS
589{
590 ATAFN_SS_NULL = 0,
591 ATAFN_SS_IDENTIFY,
592 ATAFN_SS_FLUSH,
593 ATAFN_SS_READ_SECTORS,
594 ATAFN_SS_WRITE_SECTORS,
595 ATAFN_SS_EXECUTE_DEVICE_DIAGNOSTIC,
596 ATAFN_SS_PACKET,
597 ATAFN_SS_ATAPI_GET_CONFIGURATION,
598 ATAFN_SS_ATAPI_GET_EVENT_STATUS_NOTIFICATION,
599 ATAFN_SS_ATAPI_IDENTIFY,
600 ATAFN_SS_ATAPI_INQUIRY,
601 ATAFN_SS_ATAPI_MECHANISM_STATUS,
602 ATAFN_SS_ATAPI_MODE_SENSE_ERROR_RECOVERY,
603 ATAFN_SS_ATAPI_MODE_SENSE_CD_STATUS,
604 ATAFN_SS_ATAPI_READ,
605 ATAFN_SS_ATAPI_READ_CAPACITY,
606 ATAFN_SS_ATAPI_READ_DISC_INFORMATION,
607 ATAFN_SS_ATAPI_READ_TOC_NORMAL,
608 ATAFN_SS_ATAPI_READ_TOC_MULTI,
609 ATAFN_SS_ATAPI_READ_TOC_RAW,
610 ATAFN_SS_ATAPI_READ_TRACK_INFORMATION,
611 ATAFN_SS_ATAPI_REQUEST_SENSE,
612 ATAFN_SS_ATAPI_PASSTHROUGH,
613 ATAFN_SS_ATAPI_READ_DVD_STRUCTURE,
614 ATAFN_SS_MAX
615} ATAFNSS;
616
617/**
618 * Array of source/sink functions, the index is ATAFNSS.
619 * Make sure ATAFNSS and this array match!
620 */
621static const PSourceSinkFunc g_apfnSourceSinkFuncs[ATAFN_SS_MAX] =
622{
623 NULL,
624 ataIdentifySS,
625 ataFlushSS,
626 ataReadSectorsSS,
627 ataWriteSectorsSS,
628 ataExecuteDeviceDiagnosticSS,
629 ataPacketSS,
630 atapiGetConfigurationSS,
631 atapiGetEventStatusNotificationSS,
632 atapiIdentifySS,
633 atapiInquirySS,
634 atapiMechanismStatusSS,
635 atapiModeSenseErrorRecoverySS,
636 atapiModeSenseCDStatusSS,
637 atapiReadSS,
638 atapiReadCapacitySS,
639 atapiReadDiscInformationSS,
640 atapiReadTOCNormalSS,
641 atapiReadTOCMultiSS,
642 atapiReadTOCRawSS,
643 atapiReadTrackInformationSS,
644 atapiRequestSenseSS,
645 atapiPassthroughSS,
646 atapiReadDVDStructureSS
647};
648
649
650static const ATARequest ataDMARequest = { ATA_AIO_DMA, };
651static const ATARequest ataPIORequest = { ATA_AIO_PIO, };
652static const ATARequest ataResetARequest = { ATA_AIO_RESET_ASSERTED, };
653static const ATARequest ataResetCRequest = { ATA_AIO_RESET_CLEARED, };
654
655
656static void ataAsyncIOClearRequests(PATACONTROLLER pCtl)
657{
658 int rc;
659
660 rc = RTSemMutexRequest(pCtl->AsyncIORequestMutex, RT_INDEFINITE_WAIT);
661 AssertRC(rc);
662 pCtl->AsyncIOReqHead = 0;
663 pCtl->AsyncIOReqTail = 0;
664 rc = RTSemMutexRelease(pCtl->AsyncIORequestMutex);
665 AssertRC(rc);
666}
667
668
669static void ataAsyncIOPutRequest(PATACONTROLLER pCtl, const ATARequest *pReq)
670{
671 int rc;
672
673 rc = RTSemMutexRequest(pCtl->AsyncIORequestMutex, RT_INDEFINITE_WAIT);
674 AssertRC(rc);
675 Assert((pCtl->AsyncIOReqHead + 1) % RT_ELEMENTS(pCtl->aAsyncIORequests) != pCtl->AsyncIOReqTail);
676 memcpy(&pCtl->aAsyncIORequests[pCtl->AsyncIOReqHead], pReq, sizeof(*pReq));
677 pCtl->AsyncIOReqHead++;
678 pCtl->AsyncIOReqHead %= RT_ELEMENTS(pCtl->aAsyncIORequests);
679 rc = RTSemMutexRelease(pCtl->AsyncIORequestMutex);
680 AssertRC(rc);
681 LogBird(("ata: %x: signalling\n", pCtl->IOPortBase1));
682 rc = PDMR3CritSectScheduleExitEvent(&pCtl->lock, pCtl->AsyncIOSem);
683 if (RT_FAILURE(rc))
684 {
685 LogBird(("ata: %x: schedule failed, rc=%Rrc\n", pCtl->IOPortBase1, rc));
686 rc = RTSemEventSignal(pCtl->AsyncIOSem);
687 AssertRC(rc);
688 }
689}
690
691
692static const ATARequest *ataAsyncIOGetCurrentRequest(PATACONTROLLER pCtl)
693{
694 int rc;
695 const ATARequest *pReq;
696
697 rc = RTSemMutexRequest(pCtl->AsyncIORequestMutex, RT_INDEFINITE_WAIT);
698 AssertRC(rc);
699 if (pCtl->AsyncIOReqHead != pCtl->AsyncIOReqTail)
700 pReq = &pCtl->aAsyncIORequests[pCtl->AsyncIOReqTail];
701 else
702 pReq = NULL;
703 rc = RTSemMutexRelease(pCtl->AsyncIORequestMutex);
704 AssertRC(rc);
705 return pReq;
706}
707
708
709/**
710 * Remove the request with the given type, as it's finished. The request
711 * is not removed blindly, as this could mean a RESET request that is not
712 * yet processed (but has cleared the request queue) is lost.
713 *
714 * @param pCtl Controller for which to remove the request.
715 * @param ReqType Type of the request to remove.
716 */
717static void ataAsyncIORemoveCurrentRequest(PATACONTROLLER pCtl, ATAAIO ReqType)
718{
719 int rc;
720
721 rc = RTSemMutexRequest(pCtl->AsyncIORequestMutex, RT_INDEFINITE_WAIT);
722 AssertRC(rc);
723 if (pCtl->AsyncIOReqHead != pCtl->AsyncIOReqTail && pCtl->aAsyncIORequests[pCtl->AsyncIOReqTail].ReqType == ReqType)
724 {
725 pCtl->AsyncIOReqTail++;
726 pCtl->AsyncIOReqTail %= RT_ELEMENTS(pCtl->aAsyncIORequests);
727 }
728 rc = RTSemMutexRelease(pCtl->AsyncIORequestMutex);
729 AssertRC(rc);
730}
731
732
733/**
734 * Dump the request queue for a particular controller. First dump the queue
735 * contents, then the already processed entries, as long as they haven't been
736 * overwritten.
737 *
738 * @param pCtl Controller for which to dump the queue.
739 */
740static void ataAsyncIODumpRequests(PATACONTROLLER pCtl)
741{
742 int rc;
743 uint8_t curr;
744
745 rc = RTSemMutexRequest(pCtl->AsyncIORequestMutex, RT_INDEFINITE_WAIT);
746 AssertRC(rc);
747 LogRel(("PIIX3 ATA: Ctl#%d: request queue dump (topmost is current):\n", ATACONTROLLER_IDX(pCtl)));
748 curr = pCtl->AsyncIOReqTail;
749 do
750 {
751 if (curr == pCtl->AsyncIOReqHead)
752 LogRel(("PIIX3 ATA: Ctl#%d: processed requests (topmost is oldest):\n", ATACONTROLLER_IDX(pCtl)));
753 switch (pCtl->aAsyncIORequests[curr].ReqType)
754 {
755 case ATA_AIO_NEW:
756 LogRel(("new transfer request, iIf=%d iBeginTransfer=%d iSourceSink=%d cbTotalTransfer=%d uTxDir=%d\n", pCtl->aAsyncIORequests[curr].u.t.iIf, pCtl->aAsyncIORequests[curr].u.t.iBeginTransfer, pCtl->aAsyncIORequests[curr].u.t.iSourceSink, pCtl->aAsyncIORequests[curr].u.t.cbTotalTransfer, pCtl->aAsyncIORequests[curr].u.t.uTxDir));
757 break;
758 case ATA_AIO_DMA:
759 LogRel(("dma transfer finished\n"));
760 break;
761 case ATA_AIO_PIO:
762 LogRel(("pio transfer finished\n"));
763 break;
764 case ATA_AIO_RESET_ASSERTED:
765 LogRel(("reset asserted request\n"));
766 break;
767 case ATA_AIO_RESET_CLEARED:
768 LogRel(("reset cleared request\n"));
769 break;
770 case ATA_AIO_ABORT:
771 LogRel(("abort request, iIf=%d fResetDrive=%d\n", pCtl->aAsyncIORequests[curr].u.a.iIf, pCtl->aAsyncIORequests[curr].u.a.fResetDrive));
772 break;
773 default:
774 LogRel(("unknown request %d\n", pCtl->aAsyncIORequests[curr].ReqType));
775 }
776 curr = (curr + 1) % RT_ELEMENTS(pCtl->aAsyncIORequests);
777 } while (curr != pCtl->AsyncIOReqTail);
778 rc = RTSemMutexRelease(pCtl->AsyncIORequestMutex);
779 AssertRC(rc);
780}
781
782
783/**
784 * Checks whether the request queue for a particular controller is empty
785 * or whether a particular controller is idle.
786 *
787 * @param pCtl Controller for which to check the queue.
788 * @param fStrict If set then the controller is checked to be idle.
789 */
790static bool ataAsyncIOIsIdle(PATACONTROLLER pCtl, bool fStrict)
791{
792 int rc;
793 bool fIdle;
794
795 rc = RTSemMutexRequest(pCtl->AsyncIORequestMutex, RT_INDEFINITE_WAIT);
796 AssertRC(rc);
797 fIdle = pCtl->fRedoIdle;
798 if (!fIdle)
799 fIdle = (pCtl->AsyncIOReqHead == pCtl->AsyncIOReqTail);
800 if (fStrict)
801 fIdle &= (pCtl->uAsyncIOState == ATA_AIO_NEW);
802 rc = RTSemMutexRelease(pCtl->AsyncIORequestMutex);
803 AssertRC(rc);
804 return fIdle;
805}
806
807
808/**
809 * Send a transfer request to the async I/O thread.
810 *
811 * @param s Pointer to the ATA device state data.
812 * @param cbTotalTransfer Data transfer size.
813 * @param uTxDir Data transfer direction.
814 * @param iBeginTransfer Index of BeginTransfer callback.
815 * @param iSourceSink Index of SourceSink callback.
816 * @param fChainedTransfer Whether this is a transfer that is part of the previous command/transfer.
817 */
818static void ataStartTransfer(ATADevState *s, uint32_t cbTotalTransfer, uint8_t uTxDir, ATAFNBT iBeginTransfer, ATAFNSS iSourceSink, bool fChainedTransfer)
819{
820 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
821 ATARequest Req;
822
823 Assert(PDMCritSectIsOwner(&pCtl->lock));
824
825 /* Do not issue new requests while the RESET line is asserted. */
826 if (pCtl->fReset)
827 {
828 Log2(("%s: Ctl#%d: suppressed new request as RESET is active\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
829 return;
830 }
831
832 /* If the controller is already doing something else right now, ignore
833 * the command that is being submitted. Some broken guests issue commands
834 * twice (e.g. the Linux kernel that comes with Acronis True Image 8). */
835 if (!fChainedTransfer && !ataAsyncIOIsIdle(pCtl, true))
836 {
837 Log(("%s: Ctl#%d: ignored command %#04x, controller state %d\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl), s->uATARegCommand, pCtl->uAsyncIOState));
838 LogRel(("PIIX3 IDE: guest issued command %#04x while controller busy\n", s->uATARegCommand));
839 return;
840 }
841
842 Req.ReqType = ATA_AIO_NEW;
843 if (fChainedTransfer)
844 Req.u.t.iIf = pCtl->iAIOIf;
845 else
846 Req.u.t.iIf = pCtl->iSelectedIf;
847 Req.u.t.cbTotalTransfer = cbTotalTransfer;
848 Req.u.t.uTxDir = uTxDir;
849 Req.u.t.iBeginTransfer = iBeginTransfer;
850 Req.u.t.iSourceSink = iSourceSink;
851 ataSetStatusValue(s, ATA_STAT_BUSY);
852 pCtl->fChainedTransfer = fChainedTransfer;
853
854 /*
855 * Kick the worker thread into action.
856 */
857 Log2(("%s: Ctl#%d: message to async I/O thread, new request\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
858 ataAsyncIOPutRequest(pCtl, &Req);
859}
860
861
862/**
863 * Send an abort command request to the async I/O thread.
864 *
865 * @param s Pointer to the ATA device state data.
866 * @param fResetDrive Whether to reset the drive or just abort a command.
867 */
868static void ataAbortCurrentCommand(ATADevState *s, bool fResetDrive)
869{
870 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
871 ATARequest Req;
872
873 Assert(PDMCritSectIsOwner(&pCtl->lock));
874
875 /* Do not issue new requests while the RESET line is asserted. */
876 if (pCtl->fReset)
877 {
878 Log2(("%s: Ctl#%d: suppressed aborting command as RESET is active\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
879 return;
880 }
881
882 Req.ReqType = ATA_AIO_ABORT;
883 Req.u.a.iIf = pCtl->iSelectedIf;
884 Req.u.a.fResetDrive = fResetDrive;
885 ataSetStatus(s, ATA_STAT_BUSY);
886 Log2(("%s: Ctl#%d: message to async I/O thread, abort command on LUN#%d\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl), s->iLUN));
887 ataAsyncIOPutRequest(pCtl, &Req);
888}
889
890
891static void ataSetIRQ(ATADevState *s)
892{
893 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
894 PPDMDEVINS pDevIns = ATADEVSTATE_2_DEVINS(s);
895
896 if (!(s->uATARegDevCtl & ATA_DEVCTL_DISABLE_IRQ))
897 {
898 Log2(("%s: LUN#%d asserting IRQ\n", __FUNCTION__, s->iLUN));
899 /* The BMDMA unit unconditionally sets BM_STATUS_INT if the interrupt
900 * line is asserted. It monitors the line for a rising edge. */
901 if (!s->fIrqPending)
902 pCtl->BmDma.u8Status |= BM_STATUS_INT;
903 /* Only actually set the IRQ line if updating the currently selected drive. */
904 if (s == &pCtl->aIfs[pCtl->iSelectedIf])
905 {
906 /** @todo experiment with adaptive IRQ delivery: for reads it is
907 * better to wait for IRQ delivery, as it reduces latency. */
908 if (pCtl->irq == 16)
909 PDMDevHlpPCISetIrqNoWait(pDevIns, 0, 1);
910 else
911 PDMDevHlpISASetIrqNoWait(pDevIns, pCtl->irq, 1);
912 }
913 }
914 s->fIrqPending = true;
915}
916
917#endif /* IN_RING3 */
918
919static void ataUnsetIRQ(ATADevState *s)
920{
921 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
922 PPDMDEVINS pDevIns = ATADEVSTATE_2_DEVINS(s);
923
924 if (!(s->uATARegDevCtl & ATA_DEVCTL_DISABLE_IRQ))
925 {
926 Log2(("%s: LUN#%d deasserting IRQ\n", __FUNCTION__, s->iLUN));
927 /* Only actually unset the IRQ line if updating the currently selected drive. */
928 if (s == &pCtl->aIfs[pCtl->iSelectedIf])
929 {
930 if (pCtl->irq == 16)
931 PDMDevHlpPCISetIrqNoWait(pDevIns, 0, 0);
932 else
933 PDMDevHlpISASetIrqNoWait(pDevIns, pCtl->irq, 0);
934 }
935 }
936 s->fIrqPending = false;
937}
938
939#ifdef IN_RING3
940
941static void ataPIOTransferStart(ATADevState *s, uint32_t start, uint32_t size)
942{
943 Log2(("%s: LUN#%d start %d size %d\n", __FUNCTION__, s->iLUN, start, size));
944 s->iIOBufferPIODataStart = start;
945 s->iIOBufferPIODataEnd = start + size;
946 ataSetStatus(s, ATA_STAT_DRQ);
947}
948
949
950static void ataPIOTransferStop(ATADevState *s)
951{
952 Log2(("%s: LUN#%d\n", __FUNCTION__, s->iLUN));
953 if (s->fATAPITransfer)
954 {
955 s->uATARegNSector = (s->uATARegNSector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
956 Log2(("%s: interrupt reason %#04x\n", __FUNCTION__, s->uATARegNSector));
957 ataSetIRQ(s);
958 s->fATAPITransfer = false;
959 }
960 s->cbTotalTransfer = 0;
961 s->cbElementaryTransfer = 0;
962 s->iIOBufferPIODataStart = 0;
963 s->iIOBufferPIODataEnd = 0;
964 s->iBeginTransfer = ATAFN_BT_NULL;
965 s->iSourceSink = ATAFN_SS_NULL;
966}
967
968
969static void ataPIOTransferLimitATAPI(ATADevState *s)
970{
971 uint32_t cbLimit, cbTransfer;
972
973 cbLimit = s->uATARegLCyl | (s->uATARegHCyl << 8);
974 /* Use maximum transfer size if the guest requested 0. Avoids a hang. */
975 if (cbLimit == 0)
976 cbLimit = 0xfffe;
977 Log2(("%s: byte count limit=%d\n", __FUNCTION__, cbLimit));
978 if (cbLimit == 0xffff)
979 cbLimit--;
980 cbTransfer = RT_MIN(s->cbTotalTransfer, s->iIOBufferEnd - s->iIOBufferCur);
981 if (cbTransfer > cbLimit)
982 {
983 /* Byte count limit for clipping must be even in this case */
984 if (cbLimit & 1)
985 cbLimit--;
986 cbTransfer = cbLimit;
987 }
988 s->uATARegLCyl = cbTransfer;
989 s->uATARegHCyl = cbTransfer >> 8;
990 s->cbElementaryTransfer = cbTransfer;
991}
992
993
994static uint32_t ataGetNSectors(ATADevState *s)
995{
996 /* 0 means either 256 (LBA28) or 65536 (LBA48) sectors. */
997 if (s->fLBA48)
998 {
999 if (!s->uATARegNSector && !s->uATARegNSectorHOB)
1000 return 65536;
1001 else
1002 return s->uATARegNSectorHOB << 8 | s->uATARegNSector;
1003 }
1004 else
1005 {
1006 if (!s->uATARegNSector)
1007 return 256;
1008 else
1009 return s->uATARegNSector;
1010 }
1011}
1012
1013
1014static void ataPadString(uint8_t *pbDst, const char *pbSrc, uint32_t cbSize)
1015{
1016 for (uint32_t i = 0; i < cbSize; i++)
1017 {
1018 if (*pbSrc)
1019 pbDst[i ^ 1] = *pbSrc++;
1020 else
1021 pbDst[i ^ 1] = ' ';
1022 }
1023}
1024
1025
1026static void ataSCSIPadStr(uint8_t *pbDst, const char *pbSrc, uint32_t cbSize)
1027{
1028 for (uint32_t i = 0; i < cbSize; i++)
1029 {
1030 if (*pbSrc)
1031 pbDst[i] = *pbSrc++;
1032 else
1033 pbDst[i] = ' ';
1034 }
1035}
1036
1037
1038DECLINLINE(void) ataH2BE_U16(uint8_t *pbBuf, uint16_t val)
1039{
1040 pbBuf[0] = val >> 8;
1041 pbBuf[1] = val;
1042}
1043
1044
1045DECLINLINE(void) ataH2BE_U24(uint8_t *pbBuf, uint32_t val)
1046{
1047 pbBuf[0] = val >> 16;
1048 pbBuf[1] = val >> 8;
1049 pbBuf[2] = val;
1050}
1051
1052
1053DECLINLINE(void) ataH2BE_U32(uint8_t *pbBuf, uint32_t val)
1054{
1055 pbBuf[0] = val >> 24;
1056 pbBuf[1] = val >> 16;
1057 pbBuf[2] = val >> 8;
1058 pbBuf[3] = val;
1059}
1060
1061
1062DECLINLINE(uint16_t) ataBE2H_U16(const uint8_t *pbBuf)
1063{
1064 return (pbBuf[0] << 8) | pbBuf[1];
1065}
1066
1067
1068DECLINLINE(uint32_t) ataBE2H_U24(const uint8_t *pbBuf)
1069{
1070 return (pbBuf[0] << 16) | (pbBuf[1] << 8) | pbBuf[2];
1071}
1072
1073
1074DECLINLINE(uint32_t) ataBE2H_U32(const uint8_t *pbBuf)
1075{
1076 return (pbBuf[0] << 24) | (pbBuf[1] << 16) | (pbBuf[2] << 8) | pbBuf[3];
1077}
1078
1079
1080DECLINLINE(void) ataLBA2MSF(uint8_t *pbBuf, uint32_t iATAPILBA)
1081{
1082 iATAPILBA += 150;
1083 pbBuf[0] = (iATAPILBA / 75) / 60;
1084 pbBuf[1] = (iATAPILBA / 75) % 60;
1085 pbBuf[2] = iATAPILBA % 75;
1086}
1087
1088
1089DECLINLINE(uint32_t) ataMSF2LBA(const uint8_t *pbBuf)
1090{
1091 return (pbBuf[0] * 60 + pbBuf[1]) * 75 + pbBuf[2];
1092}
1093
1094
1095static void ataCmdOK(ATADevState *s, uint8_t status)
1096{
1097 s->uATARegError = 0; /* Not needed by ATA spec, but cannot hurt. */
1098 ataSetStatusValue(s, ATA_STAT_READY | status);
1099}
1100
1101
1102static void ataCmdError(ATADevState *s, uint8_t uErrorCode)
1103{
1104 Log(("%s: code=%#x\n", __FUNCTION__, uErrorCode));
1105 s->uATARegError = uErrorCode;
1106 ataSetStatusValue(s, ATA_STAT_READY | ATA_STAT_ERR);
1107 s->cbTotalTransfer = 0;
1108 s->cbElementaryTransfer = 0;
1109 s->iIOBufferCur = 0;
1110 s->iIOBufferEnd = 0;
1111 s->uTxDir = PDMBLOCKTXDIR_NONE;
1112 s->iBeginTransfer = ATAFN_BT_NULL;
1113 s->iSourceSink = ATAFN_SS_NULL;
1114}
1115
1116
1117static bool ataIdentifySS(ATADevState *s)
1118{
1119 uint16_t *p;
1120
1121 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
1122 Assert(s->cbElementaryTransfer == 512);
1123
1124 p = (uint16_t *)s->CTX_SUFF(pbIOBuffer);
1125 memset(p, 0, 512);
1126 p[0] = RT_H2LE_U16(0x0040);
1127 p[1] = RT_H2LE_U16(RT_MIN(s->PCHSGeometry.cCylinders, 16383));
1128 p[3] = RT_H2LE_U16(s->PCHSGeometry.cHeads);
1129 /* Block size; obsolete, but required for the BIOS. */
1130 p[5] = RT_H2LE_U16(512);
1131 p[6] = RT_H2LE_U16(s->PCHSGeometry.cSectors);
1132 ataPadString((uint8_t *)(p + 10), s->szSerialNumber, ATA_SERIAL_NUMBER_LENGTH); /* serial number */
1133 p[20] = RT_H2LE_U16(3); /* XXX: retired, cache type */
1134 p[21] = RT_H2LE_U16(512); /* XXX: retired, cache size in sectors */
1135 p[22] = RT_H2LE_U16(0); /* ECC bytes per sector */
1136 ataPadString((uint8_t *)(p + 23), s->szFirmwareRevision, ATA_FIRMWARE_REVISION_LENGTH); /* firmware version */
1137 ataPadString((uint8_t *)(p + 27), s->szModelNumber, ATA_MODEL_NUMBER_LENGTH); /* model */
1138#if ATA_MAX_MULT_SECTORS > 1
1139 p[47] = RT_H2LE_U16(0x8000 | ATA_MAX_MULT_SECTORS);
1140#endif
1141 p[48] = RT_H2LE_U16(1); /* dword I/O, used by the BIOS */
1142 p[49] = RT_H2LE_U16(1 << 11 | 1 << 9 | 1 << 8); /* DMA and LBA supported */
1143 p[50] = RT_H2LE_U16(1 << 14); /* No drive specific standby timer minimum */
1144 p[51] = RT_H2LE_U16(240); /* PIO transfer cycle */
1145 p[52] = RT_H2LE_U16(240); /* DMA transfer cycle */
1146 p[53] = RT_H2LE_U16(1 | 1 << 1 | 1 << 2); /* words 54-58,64-70,88 valid */
1147 p[54] = RT_H2LE_U16(RT_MIN(s->PCHSGeometry.cCylinders, 16383));
1148 p[55] = RT_H2LE_U16(s->PCHSGeometry.cHeads);
1149 p[56] = RT_H2LE_U16(s->PCHSGeometry.cSectors);
1150 p[57] = RT_H2LE_U16( RT_MIN(s->PCHSGeometry.cCylinders, 16383)
1151 * s->PCHSGeometry.cHeads
1152 * s->PCHSGeometry.cSectors);
1153 p[58] = RT_H2LE_U16( RT_MIN(s->PCHSGeometry.cCylinders, 16383)
1154 * s->PCHSGeometry.cHeads
1155 * s->PCHSGeometry.cSectors >> 16);
1156 if (s->cMultSectors)
1157 p[59] = RT_H2LE_U16(0x100 | s->cMultSectors);
1158 if (s->cTotalSectors <= (1 << 28) - 1)
1159 {
1160 p[60] = RT_H2LE_U16(s->cTotalSectors);
1161 p[61] = RT_H2LE_U16(s->cTotalSectors >> 16);
1162 }
1163 else
1164 {
1165 /* Report maximum number of sectors possible with LBA28 */
1166 p[60] = RT_H2LE_U16(((1 << 28) - 1) & 0xffff);
1167 p[61] = RT_H2LE_U16(((1 << 28) - 1) >> 16);
1168 }
1169 p[63] = RT_H2LE_U16(ATA_TRANSFER_ID(ATA_MODE_MDMA, ATA_MDMA_MODE_MAX, s->uATATransferMode)); /* MDMA modes supported / mode enabled */
1170 p[64] = RT_H2LE_U16(ATA_PIO_MODE_MAX > 2 ? (1 << (ATA_PIO_MODE_MAX - 2)) - 1 : 0); /* PIO modes beyond PIO2 supported */
1171 p[65] = RT_H2LE_U16(120); /* minimum DMA multiword tx cycle time */
1172 p[66] = RT_H2LE_U16(120); /* recommended DMA multiword tx cycle time */
1173 p[67] = RT_H2LE_U16(120); /* minimum PIO cycle time without flow control */
1174 p[68] = RT_H2LE_U16(120); /* minimum PIO cycle time with IORDY flow control */
1175 p[80] = RT_H2LE_U16(0x7e); /* support everything up to ATA/ATAPI-6 */
1176 p[81] = RT_H2LE_U16(0x22); /* conforms to ATA/ATAPI-6 */
1177 p[82] = RT_H2LE_U16(1 << 3 | 1 << 5 | 1 << 6); /* supports power management, write cache and look-ahead */
1178 if (s->cTotalSectors <= (1 << 28) - 1)
1179 p[83] = RT_H2LE_U16(1 << 14 | 1 << 12); /* supports FLUSH CACHE */
1180 else
1181 p[83] = RT_H2LE_U16(1 << 14 | 1 << 10 | 1 << 12 | 1 << 13); /* supports LBA48, FLUSH CACHE and FLUSH CACHE EXT */
1182 p[84] = RT_H2LE_U16(1 << 14);
1183 p[85] = RT_H2LE_U16(1 << 3 | 1 << 5 | 1 << 6); /* enabled power management, write cache and look-ahead */
1184 if (s->cTotalSectors <= (1 << 28) - 1)
1185 p[86] = RT_H2LE_U16(1 << 12); /* enabled FLUSH CACHE */
1186 else
1187 p[86] = RT_H2LE_U16(1 << 10 | 1 << 12 | 1 << 13); /* enabled LBA48, FLUSH CACHE and FLUSH CACHE EXT */
1188 p[87] = RT_H2LE_U16(1 << 14);
1189 p[88] = RT_H2LE_U16(ATA_TRANSFER_ID(ATA_MODE_UDMA, ATA_UDMA_MODE_MAX, s->uATATransferMode)); /* UDMA modes supported / mode enabled */
1190 p[93] = RT_H2LE_U16((1 | 1 << 1) << ((s->iLUN & 1) == 0 ? 0 : 8) | 1 << 13 | 1 << 14);
1191 if (s->cTotalSectors > (1 << 28) - 1)
1192 {
1193 p[100] = RT_H2LE_U16(s->cTotalSectors);
1194 p[101] = RT_H2LE_U16(s->cTotalSectors >> 16);
1195 p[102] = RT_H2LE_U16(s->cTotalSectors >> 32);
1196 p[103] = RT_H2LE_U16(s->cTotalSectors >> 48);
1197 }
1198 s->iSourceSink = ATAFN_SS_NULL;
1199 ataCmdOK(s, ATA_STAT_SEEK);
1200 return false;
1201}
1202
1203
1204static bool ataFlushSS(ATADevState *s)
1205{
1206 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
1207 int rc;
1208
1209 Assert(s->uTxDir == PDMBLOCKTXDIR_NONE);
1210 Assert(!s->cbElementaryTransfer);
1211
1212 PDMCritSectLeave(&pCtl->lock);
1213
1214 STAM_PROFILE_START(&s->StatFlushes, f);
1215 rc = s->pDrvBlock->pfnFlush(s->pDrvBlock);
1216 AssertRC(rc);
1217 STAM_PROFILE_STOP(&s->StatFlushes, f);
1218
1219 STAM_PROFILE_START(&pCtl->StatLockWait, a);
1220 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
1221 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
1222 ataCmdOK(s, 0);
1223 return false;
1224}
1225
1226
1227static bool atapiIdentifySS(ATADevState *s)
1228{
1229 uint16_t *p;
1230
1231 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
1232 Assert(s->cbElementaryTransfer == 512);
1233
1234 p = (uint16_t *)s->CTX_SUFF(pbIOBuffer);
1235 memset(p, 0, 512);
1236 /* Removable CDROM, 50us response, 12 byte packets */
1237 p[0] = RT_H2LE_U16(2 << 14 | 5 << 8 | 1 << 7 | 2 << 5 | 0 << 0);
1238 ataPadString((uint8_t *)(p + 10), s->szSerialNumber, ATA_SERIAL_NUMBER_LENGTH); /* serial number */
1239 p[20] = RT_H2LE_U16(3); /* XXX: retired, cache type */
1240 p[21] = RT_H2LE_U16(512); /* XXX: retired, cache size in sectors */
1241 ataPadString((uint8_t *)(p + 23), s->szFirmwareRevision, ATA_FIRMWARE_REVISION_LENGTH); /* firmware version */
1242 ataPadString((uint8_t *)(p + 27), s->szModelNumber, ATA_MODEL_NUMBER_LENGTH); /* model */
1243 p[49] = RT_H2LE_U16(1 << 11 | 1 << 9 | 1 << 8); /* DMA and LBA supported */
1244 p[50] = RT_H2LE_U16(1 << 14); /* No drive specific standby timer minimum */
1245 p[51] = RT_H2LE_U16(240); /* PIO transfer cycle */
1246 p[52] = RT_H2LE_U16(240); /* DMA transfer cycle */
1247 p[53] = RT_H2LE_U16(1 << 1 | 1 << 2); /* words 64-70,88 are valid */
1248 p[63] = RT_H2LE_U16(ATA_TRANSFER_ID(ATA_MODE_MDMA, ATA_MDMA_MODE_MAX, s->uATATransferMode)); /* MDMA modes supported / mode enabled */
1249 p[64] = RT_H2LE_U16(ATA_PIO_MODE_MAX > 2 ? (1 << (ATA_PIO_MODE_MAX - 2)) - 1 : 0); /* PIO modes beyond PIO2 supported */
1250 p[65] = RT_H2LE_U16(120); /* minimum DMA multiword tx cycle time */
1251 p[66] = RT_H2LE_U16(120); /* recommended DMA multiword tx cycle time */
1252 p[67] = RT_H2LE_U16(120); /* minimum PIO cycle time without flow control */
1253 p[68] = RT_H2LE_U16(120); /* minimum PIO cycle time with IORDY flow control */
1254 p[73] = RT_H2LE_U16(0x003e); /* ATAPI CDROM major */
1255 p[74] = RT_H2LE_U16(9); /* ATAPI CDROM minor */
1256 p[75] = RT_H2LE_U16(1); /* queue depth 1 */
1257 p[80] = RT_H2LE_U16(0x7e); /* support everything up to ATA/ATAPI-6 */
1258 p[81] = RT_H2LE_U16(0x22); /* conforms to ATA/ATAPI-6 */
1259 p[82] = RT_H2LE_U16(1 << 4 | 1 << 9); /* supports packet command set and DEVICE RESET */
1260 p[83] = RT_H2LE_U16(1 << 14);
1261 p[84] = RT_H2LE_U16(1 << 14);
1262 p[85] = RT_H2LE_U16(1 << 4 | 1 << 9); /* enabled packet command set and DEVICE RESET */
1263 p[86] = RT_H2LE_U16(0);
1264 p[87] = RT_H2LE_U16(1 << 14);
1265 p[88] = RT_H2LE_U16(ATA_TRANSFER_ID(ATA_MODE_UDMA, ATA_UDMA_MODE_MAX, s->uATATransferMode)); /* UDMA modes supported / mode enabled */
1266 p[93] = RT_H2LE_U16((1 | 1 << 1) << ((s->iLUN & 1) == 0 ? 0 : 8) | 1 << 13 | 1 << 14);
1267 s->iSourceSink = ATAFN_SS_NULL;
1268 ataCmdOK(s, ATA_STAT_SEEK);
1269 return false;
1270}
1271
1272
1273static void ataSetSignature(ATADevState *s)
1274{
1275 s->uATARegSelect &= 0xf0; /* clear head */
1276 /* put signature */
1277 s->uATARegNSector = 1;
1278 s->uATARegSector = 1;
1279 if (s->fATAPI)
1280 {
1281 s->uATARegLCyl = 0x14;
1282 s->uATARegHCyl = 0xeb;
1283 }
1284 else if (s->pDrvBlock)
1285 {
1286 s->uATARegLCyl = 0;
1287 s->uATARegHCyl = 0;
1288 }
1289 else
1290 {
1291 s->uATARegLCyl = 0xff;
1292 s->uATARegHCyl = 0xff;
1293 }
1294}
1295
1296
1297static uint64_t ataGetSector(ATADevState *s)
1298{
1299 uint64_t iLBA;
1300 if (s->uATARegSelect & 0x40)
1301 {
1302 /* any LBA variant */
1303 if (s->fLBA48)
1304 {
1305 /* LBA48 */
1306 iLBA = ((uint64_t)s->uATARegHCylHOB << 40) |
1307 ((uint64_t)s->uATARegLCylHOB << 32) |
1308 ((uint64_t)s->uATARegSectorHOB << 24) |
1309 ((uint64_t)s->uATARegHCyl << 16) |
1310 ((uint64_t)s->uATARegLCyl << 8) |
1311 s->uATARegSector;
1312 }
1313 else
1314 {
1315 /* LBA */
1316 iLBA = ((s->uATARegSelect & 0x0f) << 24) | (s->uATARegHCyl << 16) |
1317 (s->uATARegLCyl << 8) | s->uATARegSector;
1318 }
1319 }
1320 else
1321 {
1322 /* CHS */
1323 iLBA = ((s->uATARegHCyl << 8) | s->uATARegLCyl) * s->PCHSGeometry.cHeads * s->PCHSGeometry.cSectors +
1324 (s->uATARegSelect & 0x0f) * s->PCHSGeometry.cSectors +
1325 (s->uATARegSector - 1);
1326 }
1327 return iLBA;
1328}
1329
1330static void ataSetSector(ATADevState *s, uint64_t iLBA)
1331{
1332 uint32_t cyl, r;
1333 if (s->uATARegSelect & 0x40)
1334 {
1335 /* any LBA variant */
1336 if (s->fLBA48)
1337 {
1338 /* LBA48 */
1339 s->uATARegHCylHOB = iLBA >> 40;
1340 s->uATARegLCylHOB = iLBA >> 32;
1341 s->uATARegSectorHOB = iLBA >> 24;
1342 s->uATARegHCyl = iLBA >> 16;
1343 s->uATARegLCyl = iLBA >> 8;
1344 s->uATARegSector = iLBA;
1345 }
1346 else
1347 {
1348 /* LBA */
1349 s->uATARegSelect = (s->uATARegSelect & 0xf0) | (iLBA >> 24);
1350 s->uATARegHCyl = (iLBA >> 16);
1351 s->uATARegLCyl = (iLBA >> 8);
1352 s->uATARegSector = (iLBA);
1353 }
1354 }
1355 else
1356 {
1357 /* CHS */
1358 cyl = iLBA / (s->PCHSGeometry.cHeads * s->PCHSGeometry.cSectors);
1359 r = iLBA % (s->PCHSGeometry.cHeads * s->PCHSGeometry.cSectors);
1360 s->uATARegHCyl = cyl >> 8;
1361 s->uATARegLCyl = cyl;
1362 s->uATARegSelect = (s->uATARegSelect & 0xf0) | ((r / s->PCHSGeometry.cSectors) & 0x0f);
1363 s->uATARegSector = (r % s->PCHSGeometry.cSectors) + 1;
1364 }
1365}
1366
1367
1368static void ataWarningDiskFull(PPDMDEVINS pDevIns)
1369{
1370 int rc;
1371 LogRel(("PIIX3 ATA: Host disk full\n"));
1372 rc = PDMDevHlpVMSetRuntimeError(pDevIns, 0 /*fFlags*/, "DevATA_DISKFULL",
1373 N_("Host system reported disk full. VM execution is suspended. You can resume after freeing some space"));
1374 AssertRC(rc);
1375}
1376
1377static void ataWarningFileTooBig(PPDMDEVINS pDevIns)
1378{
1379 int rc;
1380 LogRel(("PIIX3 ATA: File too big\n"));
1381 rc = PDMDevHlpVMSetRuntimeError(pDevIns, 0 /*fFlags*/, "DevATA_FILETOOBIG",
1382 N_("Host system reported that the file size limit of the host file system has been exceeded. VM execution is suspended. You need to move your virtual hard disk to a filesystem which allows bigger files"));
1383 AssertRC(rc);
1384}
1385
1386static void ataWarningISCSI(PPDMDEVINS pDevIns)
1387{
1388 int rc;
1389 LogRel(("PIIX3 ATA: iSCSI target unavailable\n"));
1390 rc = PDMDevHlpVMSetRuntimeError(pDevIns, 0 /*fFlags*/, "DevATA_ISCSIDOWN",
1391 N_("The iSCSI target has stopped responding. VM execution is suspended. You can resume when it is available again"));
1392 AssertRC(rc);
1393}
1394
1395/**
1396 * Suspend I/O operations on a controller. Also suspends EMT, because it's
1397 * waiting for I/O to make progress. The next attempt to perform an I/O
1398 * operation will be made when EMT is resumed up again (as the resume
1399 * callback below restarts I/O).
1400 *
1401 * @param pCtl Controller for which to suspend I/O.
1402 */
1403static void ataSuspendRedo(PATACONTROLLER pCtl)
1404{
1405 PPDMDEVINS pDevIns = CONTROLLER_2_DEVINS(pCtl);
1406 PVMREQ pReq;
1407 int rc;
1408
1409 pCtl->fRedoIdle = true;
1410 rc = VMR3ReqCall(PDMDevHlpGetVM(pDevIns), VMCPUID_ANY, &pReq, RT_INDEFINITE_WAIT,
1411 (PFNRT)PDMDevHlpVMSuspend, 1, pDevIns);
1412 AssertReleaseRC(rc);
1413 VMR3ReqFree(pReq);
1414}
1415
1416bool ataIsRedoSetWarning(ATADevState *s, int rc)
1417{
1418 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
1419 Assert(!PDMCritSectIsOwner(&pCtl->lock));
1420 if (rc == VERR_DISK_FULL)
1421 {
1422 ataWarningDiskFull(ATADEVSTATE_2_DEVINS(s));
1423 ataSuspendRedo(pCtl);
1424 return true;
1425 }
1426 if (rc == VERR_FILE_TOO_BIG)
1427 {
1428 ataWarningFileTooBig(ATADEVSTATE_2_DEVINS(s));
1429 ataSuspendRedo(pCtl);
1430 return true;
1431 }
1432 if (rc == VERR_BROKEN_PIPE || rc == VERR_NET_CONNECTION_REFUSED)
1433 {
1434 /* iSCSI connection abort (first error) or failure to reestablish
1435 * connection (second error). Pause VM. On resume we'll retry. */
1436 ataWarningISCSI(ATADEVSTATE_2_DEVINS(s));
1437 ataSuspendRedo(pCtl);
1438 return true;
1439 }
1440 return false;
1441}
1442
1443
1444static int ataReadSectors(ATADevState *s, uint64_t u64Sector, void *pvBuf, uint32_t cSectors, bool *fRedo)
1445{
1446 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
1447 int rc;
1448
1449 PDMCritSectLeave(&pCtl->lock);
1450
1451 STAM_PROFILE_ADV_START(&s->StatReads, r);
1452 s->Led.Asserted.s.fReading = s->Led.Actual.s.fReading = 1;
1453 rc = s->pDrvBlock->pfnRead(s->pDrvBlock, u64Sector * 512, pvBuf, cSectors * 512);
1454 s->Led.Actual.s.fReading = 0;
1455 STAM_PROFILE_ADV_STOP(&s->StatReads, r);
1456
1457 STAM_REL_COUNTER_ADD(&s->StatBytesRead, cSectors * 512);
1458
1459 if (RT_SUCCESS(rc))
1460 *fRedo = false;
1461 else
1462 *fRedo = ataIsRedoSetWarning(s, rc);
1463
1464 STAM_PROFILE_START(&pCtl->StatLockWait, a);
1465 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
1466 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
1467 return rc;
1468}
1469
1470
1471static int ataWriteSectors(ATADevState *s, uint64_t u64Sector, const void *pvBuf, uint32_t cSectors, bool *fRedo)
1472{
1473 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
1474 int rc;
1475
1476 PDMCritSectLeave(&pCtl->lock);
1477
1478 STAM_PROFILE_ADV_START(&s->StatWrites, w);
1479 s->Led.Asserted.s.fWriting = s->Led.Actual.s.fWriting = 1;
1480#ifdef VBOX_INSTRUMENT_DMA_WRITES
1481 if (s->fDMA)
1482 STAM_PROFILE_ADV_START(&s->StatInstrVDWrites, vw);
1483#endif
1484 rc = s->pDrvBlock->pfnWrite(s->pDrvBlock, u64Sector * 512, pvBuf, cSectors * 512);
1485#ifdef VBOX_INSTRUMENT_DMA_WRITES
1486 if (s->fDMA)
1487 STAM_PROFILE_ADV_STOP(&s->StatInstrVDWrites, vw);
1488#endif
1489 s->Led.Actual.s.fWriting = 0;
1490 STAM_PROFILE_ADV_STOP(&s->StatWrites, w);
1491
1492 STAM_REL_COUNTER_ADD(&s->StatBytesWritten, cSectors * 512);
1493
1494 if (RT_SUCCESS(rc))
1495 *fRedo = false;
1496 else
1497 *fRedo = ataIsRedoSetWarning(s, rc);
1498
1499 STAM_PROFILE_START(&pCtl->StatLockWait, a);
1500 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
1501 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
1502 return rc;
1503}
1504
1505
1506static void ataReadWriteSectorsBT(ATADevState *s)
1507{
1508 uint32_t cSectors;
1509
1510 cSectors = s->cbTotalTransfer / 512;
1511 if (cSectors > s->cSectorsPerIRQ)
1512 s->cbElementaryTransfer = s->cSectorsPerIRQ * 512;
1513 else
1514 s->cbElementaryTransfer = cSectors * 512;
1515 if (s->uTxDir == PDMBLOCKTXDIR_TO_DEVICE)
1516 ataCmdOK(s, 0);
1517}
1518
1519
1520static bool ataReadSectorsSS(ATADevState *s)
1521{
1522 int rc;
1523 uint32_t cSectors;
1524 uint64_t iLBA;
1525 bool fRedo;
1526
1527 cSectors = s->cbElementaryTransfer / 512;
1528 Assert(cSectors);
1529 iLBA = ataGetSector(s);
1530 Log(("%s: %d sectors at LBA %d\n", __FUNCTION__, cSectors, iLBA));
1531 rc = ataReadSectors(s, iLBA, s->CTX_SUFF(pbIOBuffer), cSectors, &fRedo);
1532 if (RT_SUCCESS(rc))
1533 {
1534 ataSetSector(s, iLBA + cSectors);
1535 if (s->cbElementaryTransfer == s->cbTotalTransfer)
1536 s->iSourceSink = ATAFN_SS_NULL;
1537 ataCmdOK(s, ATA_STAT_SEEK);
1538 }
1539 else
1540 {
1541 if (fRedo)
1542 return fRedo;
1543 if (s->cErrors++ < MAX_LOG_REL_ERRORS)
1544 LogRel(("PIIX3 ATA: LUN#%d: disk read error (rc=%Rrc iSector=%#RX64 cSectors=%#RX32)\n",
1545 s->iLUN, rc, iLBA, cSectors));
1546
1547 /*
1548 * Check if we got interrupted. We don't need to set status variables
1549 * because the request was aborted.
1550 */
1551 if (rc != VERR_INTERRUPTED)
1552 ataCmdError(s, ID_ERR);
1553 }
1554 return false;
1555}
1556
1557
1558static bool ataWriteSectorsSS(ATADevState *s)
1559{
1560 int rc;
1561 uint32_t cSectors;
1562 uint64_t iLBA;
1563 bool fRedo;
1564
1565 cSectors = s->cbElementaryTransfer / 512;
1566 Assert(cSectors);
1567 iLBA = ataGetSector(s);
1568 Log(("%s: %d sectors at LBA %d\n", __FUNCTION__, cSectors, iLBA));
1569 rc = ataWriteSectors(s, iLBA, s->CTX_SUFF(pbIOBuffer), cSectors, &fRedo);
1570 if (RT_SUCCESS(rc))
1571 {
1572 ataSetSector(s, iLBA + cSectors);
1573 if (!s->cbTotalTransfer)
1574 s->iSourceSink = ATAFN_SS_NULL;
1575 ataCmdOK(s, ATA_STAT_SEEK);
1576 }
1577 else
1578 {
1579 if (fRedo)
1580 return fRedo;
1581 if (s->cErrors++ < MAX_LOG_REL_ERRORS)
1582 LogRel(("PIIX3 ATA: LUN#%d: disk write error (rc=%Rrc iSector=%#RX64 cSectors=%#RX32)\n",
1583 s->iLUN, rc, iLBA, cSectors));
1584
1585 /*
1586 * Check if we got interrupted. We don't need to set status variables
1587 * because the request was aborted.
1588 */
1589 if (rc != VERR_INTERRUPTED)
1590 ataCmdError(s, ID_ERR);
1591 }
1592 return false;
1593}
1594
1595
1596static void atapiCmdOK(ATADevState *s)
1597{
1598 s->uATARegError = 0;
1599 ataSetStatusValue(s, ATA_STAT_READY);
1600 s->uATARegNSector = (s->uATARegNSector & ~7)
1601 | ((s->uTxDir != PDMBLOCKTXDIR_TO_DEVICE) ? ATAPI_INT_REASON_IO : 0)
1602 | (!s->cbTotalTransfer ? ATAPI_INT_REASON_CD : 0);
1603 Log2(("%s: interrupt reason %#04x\n", __FUNCTION__, s->uATARegNSector));
1604
1605 memset(s->abATAPISense, '\0', sizeof(s->abATAPISense));
1606 s->abATAPISense[0] = 0x70 | (1 << 7);
1607 s->abATAPISense[7] = 10;
1608}
1609
1610
1611static void atapiCmdError(ATADevState *s, const uint8_t *pabATAPISense, size_t cbATAPISense)
1612{
1613 Log(("%s: sense=%#x (%s) asc=%#x ascq=%#x (%s)\n", __FUNCTION__, pabATAPISense[2] & 0x0f, SCSISenseText(pabATAPISense[2] & 0x0f),
1614 pabATAPISense[12], pabATAPISense[13], SCSISenseExtText(pabATAPISense[12], pabATAPISense[13])));
1615 s->uATARegError = pabATAPISense[2] << 4;
1616 ataSetStatusValue(s, ATA_STAT_READY | ATA_STAT_ERR);
1617 s->uATARegNSector = (s->uATARegNSector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
1618 Log2(("%s: interrupt reason %#04x\n", __FUNCTION__, s->uATARegNSector));
1619 memset(s->abATAPISense, '\0', sizeof(s->abATAPISense));
1620 memcpy(s->abATAPISense, pabATAPISense, RT_MIN(cbATAPISense, sizeof(s->abATAPISense)));
1621 s->cbTotalTransfer = 0;
1622 s->cbElementaryTransfer = 0;
1623 s->iIOBufferCur = 0;
1624 s->iIOBufferEnd = 0;
1625 s->uTxDir = PDMBLOCKTXDIR_NONE;
1626 s->iBeginTransfer = ATAFN_BT_NULL;
1627 s->iSourceSink = ATAFN_SS_NULL;
1628}
1629
1630
1631/** @todo deprecated function - doesn't provide enough info. Replace by direct
1632 * calls to atapiCmdError() with full data. */
1633static void atapiCmdErrorSimple(ATADevState *s, uint8_t uATAPISenseKey, uint8_t uATAPIASC)
1634{
1635 uint8_t abATAPISense[ATAPI_SENSE_SIZE];
1636 memset(abATAPISense, '\0', sizeof(abATAPISense));
1637 abATAPISense[0] = 0x70 | (1 << 7);
1638 abATAPISense[2] = uATAPISenseKey & 0x0f;
1639 abATAPISense[7] = 10;
1640 abATAPISense[12] = uATAPIASC;
1641 atapiCmdError(s, abATAPISense, sizeof(abATAPISense));
1642}
1643
1644
1645static void atapiCmdBT(ATADevState *s)
1646{
1647 s->fATAPITransfer = true;
1648 s->cbElementaryTransfer = s->cbTotalTransfer;
1649 if (s->uTxDir == PDMBLOCKTXDIR_TO_DEVICE)
1650 atapiCmdOK(s);
1651}
1652
1653
1654static void atapiPassthroughCmdBT(ATADevState *s)
1655{
1656 /* @todo implement an algorithm for correctly determining the read and
1657 * write sector size without sending additional commands to the drive.
1658 * This should be doable by saving processing the configuration requests
1659 * and replies. */
1660#if 0
1661 if (s->uTxDir == PDMBLOCKTXDIR_TO_DEVICE)
1662 {
1663 uint8_t cmd = s->aATAPICmd[0];
1664 if (cmd == SCSI_WRITE_10 || cmd == SCSI_WRITE_12 || cmd == SCSI_WRITE_AND_VERIFY_10)
1665 {
1666 uint8_t aModeSenseCmd[10];
1667 uint8_t aModeSenseResult[16];
1668 uint8_t uDummySense;
1669 uint32_t cbTransfer;
1670 int rc;
1671
1672 cbTransfer = sizeof(aModeSenseResult);
1673 aModeSenseCmd[0] = SCSI_MODE_SENSE_10;
1674 aModeSenseCmd[1] = 0x08; /* disable block descriptor = 1 */
1675 aModeSenseCmd[2] = (SCSI_PAGECONTROL_CURRENT << 6) | SCSI_MODEPAGE_WRITE_PARAMETER;
1676 aModeSenseCmd[3] = 0; /* subpage code */
1677 aModeSenseCmd[4] = 0; /* reserved */
1678 aModeSenseCmd[5] = 0; /* reserved */
1679 aModeSenseCmd[6] = 0; /* reserved */
1680 aModeSenseCmd[7] = cbTransfer >> 8;
1681 aModeSenseCmd[8] = cbTransfer & 0xff;
1682 aModeSenseCmd[9] = 0; /* control */
1683 rc = s->pDrvBlock->pfnSendCmd(s->pDrvBlock, aModeSenseCmd, PDMBLOCKTXDIR_FROM_DEVICE, aModeSenseResult, &cbTransfer, &uDummySense, 500);
1684 if (RT_FAILURE(rc))
1685 {
1686 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_NONE);
1687 return;
1688 }
1689 /* Select sector size based on the current data block type. */
1690 switch (aModeSenseResult[12] & 0x0f)
1691 {
1692 case 0:
1693 s->cbATAPISector = 2352;
1694 break;
1695 case 1:
1696 s->cbATAPISector = 2368;
1697 break;
1698 case 2:
1699 case 3:
1700 s->cbATAPISector = 2448;
1701 break;
1702 case 8:
1703 case 10:
1704 s->cbATAPISector = 2048;
1705 break;
1706 case 9:
1707 s->cbATAPISector = 2336;
1708 break;
1709 case 11:
1710 s->cbATAPISector = 2056;
1711 break;
1712 case 12:
1713 s->cbATAPISector = 2324;
1714 break;
1715 case 13:
1716 s->cbATAPISector = 2332;
1717 break;
1718 default:
1719 s->cbATAPISector = 0;
1720 }
1721 Log2(("%s: sector size %d\n", __FUNCTION__, s->cbATAPISector));
1722 s->cbTotalTransfer *= s->cbATAPISector;
1723 if (s->cbTotalTransfer == 0)
1724 s->uTxDir = PDMBLOCKTXDIR_NONE;
1725 }
1726 }
1727#endif
1728 atapiCmdBT(s);
1729}
1730
1731
1732static bool atapiReadSS(ATADevState *s)
1733{
1734 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
1735 int rc = VINF_SUCCESS;
1736 uint32_t cbTransfer, cSectors;
1737
1738 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
1739 cbTransfer = RT_MIN(s->cbTotalTransfer, s->cbIOBuffer);
1740 cSectors = cbTransfer / s->cbATAPISector;
1741 Assert(cSectors * s->cbATAPISector <= cbTransfer);
1742 Log(("%s: %d sectors at LBA %d\n", __FUNCTION__, cSectors, s->iATAPILBA));
1743
1744 PDMCritSectLeave(&pCtl->lock);
1745
1746 STAM_PROFILE_ADV_START(&s->StatReads, r);
1747 s->Led.Asserted.s.fReading = s->Led.Actual.s.fReading = 1;
1748 switch (s->cbATAPISector)
1749 {
1750 case 2048:
1751 rc = s->pDrvBlock->pfnRead(s->pDrvBlock, (uint64_t)s->iATAPILBA * s->cbATAPISector, s->CTX_SUFF(pbIOBuffer), s->cbATAPISector * cSectors);
1752 break;
1753 case 2352:
1754 {
1755 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
1756
1757 for (uint32_t i = s->iATAPILBA; i < s->iATAPILBA + cSectors; i++)
1758 {
1759 /* Sync bytes, see 4.2.3.8 CD Main Channel Block Formats */
1760 *pbBuf++ = 0x00;
1761 memset(pbBuf, 0xff, 10);
1762 pbBuf += 10;
1763 *pbBuf++ = 0x00;
1764 /* MSF */
1765 ataLBA2MSF(pbBuf, i);
1766 pbBuf += 3;
1767 *pbBuf++ = 0x01; /* mode 1 data */
1768 /* data */
1769 rc = s->pDrvBlock->pfnRead(s->pDrvBlock, (uint64_t)i * 2048, pbBuf, 2048);
1770 if (RT_FAILURE(rc))
1771 break;
1772 pbBuf += 2048;
1773 /**
1774 * @todo: maybe compute ECC and parity, layout is:
1775 * 2072 4 EDC
1776 * 2076 172 P parity symbols
1777 * 2248 104 Q parity symbols
1778 */
1779 memset(pbBuf, 0, 280);
1780 pbBuf += 280;
1781 }
1782 }
1783 break;
1784 default:
1785 break;
1786 }
1787 STAM_PROFILE_ADV_STOP(&s->StatReads, r);
1788
1789 STAM_PROFILE_START(&pCtl->StatLockWait, a);
1790 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
1791 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
1792
1793 if (RT_SUCCESS(rc))
1794 {
1795 s->Led.Actual.s.fReading = 0;
1796 STAM_REL_COUNTER_ADD(&s->StatBytesRead, s->cbATAPISector * cSectors);
1797
1798 /* The initial buffer end value has been set up based on the total
1799 * transfer size. But the I/O buffer size limits what can actually be
1800 * done in one transfer, so set the actual value of the buffer end. */
1801 s->cbElementaryTransfer = cbTransfer;
1802 if (cbTransfer >= s->cbTotalTransfer)
1803 s->iSourceSink = ATAFN_SS_NULL;
1804 atapiCmdOK(s);
1805 s->iATAPILBA += cSectors;
1806 }
1807 else
1808 {
1809 if (s->cErrors++ < MAX_LOG_REL_ERRORS)
1810 LogRel(("PIIX3 ATA: LUN#%d: CD-ROM read error, %d sectors at LBA %d\n", s->iLUN, cSectors, s->iATAPILBA));
1811
1812 /*
1813 * Check if we got interrupted. We don't need to set status variables
1814 * because the request was aborted.
1815 */
1816 if (rc != VERR_INTERRUPTED)
1817 atapiCmdErrorSimple(s, SCSI_SENSE_MEDIUM_ERROR, SCSI_ASC_READ_ERROR);
1818 }
1819 return false;
1820}
1821
1822
1823static bool atapiPassthroughSS(ATADevState *s)
1824{
1825 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
1826 int rc = VINF_SUCCESS;
1827 uint8_t abATAPISense[ATAPI_SENSE_SIZE];
1828 uint32_t cbTransfer;
1829 PSTAMPROFILEADV pProf = NULL;
1830
1831 cbTransfer = s->cbElementaryTransfer;
1832
1833 if (s->uTxDir == PDMBLOCKTXDIR_TO_DEVICE)
1834 Log3(("ATAPI PT data write (%d): %.*Rhxs\n", cbTransfer, cbTransfer, s->CTX_SUFF(pbIOBuffer)));
1835
1836 /* Simple heuristics: if there is at least one sector of data
1837 * to transfer, it's worth updating the LEDs. */
1838 if (cbTransfer >= 2048)
1839 {
1840 if (s->uTxDir != PDMBLOCKTXDIR_TO_DEVICE)
1841 {
1842 s->Led.Asserted.s.fReading = s->Led.Actual.s.fReading = 1;
1843 pProf = &s->StatReads;
1844 }
1845 else
1846 {
1847 s->Led.Asserted.s.fWriting = s->Led.Actual.s.fWriting = 1;
1848 pProf = &s->StatWrites;
1849 }
1850 }
1851
1852 PDMCritSectLeave(&pCtl->lock);
1853
1854 if (pProf) { STAM_PROFILE_ADV_START(pProf, b); }
1855 if (cbTransfer > SCSI_MAX_BUFFER_SIZE)
1856 {
1857 /* Linux accepts commands with up to 100KB of data, but expects
1858 * us to handle commands with up to 128KB of data. The usual
1859 * imbalance of powers. */
1860 uint8_t aATAPICmd[ATAPI_PACKET_SIZE];
1861 uint32_t iATAPILBA, cSectors, cReqSectors, cbCurrTX;
1862 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
1863
1864 switch (s->aATAPICmd[0])
1865 {
1866 case SCSI_READ_10:
1867 case SCSI_WRITE_10:
1868 case SCSI_WRITE_AND_VERIFY_10:
1869 iATAPILBA = ataBE2H_U32(s->aATAPICmd + 2);
1870 cSectors = ataBE2H_U16(s->aATAPICmd + 7);
1871 break;
1872 case SCSI_READ_12:
1873 case SCSI_WRITE_12:
1874 iATAPILBA = ataBE2H_U32(s->aATAPICmd + 2);
1875 cSectors = ataBE2H_U32(s->aATAPICmd + 6);
1876 break;
1877 case SCSI_READ_CD:
1878 iATAPILBA = ataBE2H_U32(s->aATAPICmd + 2);
1879 cSectors = ataBE2H_U24(s->aATAPICmd + 6) / s->cbATAPISector;
1880 break;
1881 case SCSI_READ_CD_MSF:
1882 iATAPILBA = ataMSF2LBA(s->aATAPICmd + 3);
1883 cSectors = ataMSF2LBA(s->aATAPICmd + 6) - iATAPILBA;
1884 break;
1885 default:
1886 AssertMsgFailed(("Don't know how to split command %#04x\n", s->aATAPICmd[0]));
1887 if (s->cErrors++ < MAX_LOG_REL_ERRORS)
1888 LogRel(("PIIX3 ATA: LUN#%d: CD-ROM passthrough split error\n", s->iLUN));
1889 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_ILLEGAL_OPCODE);
1890 {
1891 STAM_PROFILE_START(&pCtl->StatLockWait, a);
1892 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
1893 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
1894 }
1895 return false;
1896 }
1897 memcpy(aATAPICmd, s->aATAPICmd, ATAPI_PACKET_SIZE);
1898 cReqSectors = 0;
1899 for (uint32_t i = cSectors; i > 0; i -= cReqSectors)
1900 {
1901 if (i * s->cbATAPISector > SCSI_MAX_BUFFER_SIZE)
1902 cReqSectors = SCSI_MAX_BUFFER_SIZE / s->cbATAPISector;
1903 else
1904 cReqSectors = i;
1905 cbCurrTX = s->cbATAPISector * cReqSectors;
1906 switch (s->aATAPICmd[0])
1907 {
1908 case SCSI_READ_10:
1909 case SCSI_WRITE_10:
1910 case SCSI_WRITE_AND_VERIFY_10:
1911 ataH2BE_U32(aATAPICmd + 2, iATAPILBA);
1912 ataH2BE_U16(aATAPICmd + 7, cReqSectors);
1913 break;
1914 case SCSI_READ_12:
1915 case SCSI_WRITE_12:
1916 ataH2BE_U32(aATAPICmd + 2, iATAPILBA);
1917 ataH2BE_U32(aATAPICmd + 6, cReqSectors);
1918 break;
1919 case SCSI_READ_CD:
1920 ataH2BE_U32(s->aATAPICmd + 2, iATAPILBA);
1921 ataH2BE_U24(s->aATAPICmd + 6, cbCurrTX);
1922 break;
1923 case SCSI_READ_CD_MSF:
1924 ataLBA2MSF(aATAPICmd + 3, iATAPILBA);
1925 ataLBA2MSF(aATAPICmd + 6, iATAPILBA + cReqSectors);
1926 break;
1927 }
1928 rc = s->pDrvBlock->pfnSendCmd(s->pDrvBlock, aATAPICmd, (PDMBLOCKTXDIR)s->uTxDir, pbBuf, &cbCurrTX, abATAPISense, sizeof(abATAPISense), 30000 /**< @todo timeout */);
1929 if (rc != VINF_SUCCESS)
1930 break;
1931 iATAPILBA += cReqSectors;
1932 pbBuf += s->cbATAPISector * cReqSectors;
1933 }
1934 }
1935 else
1936 rc = s->pDrvBlock->pfnSendCmd(s->pDrvBlock, s->aATAPICmd, (PDMBLOCKTXDIR)s->uTxDir, s->CTX_SUFF(pbIOBuffer), &cbTransfer, abATAPISense, sizeof(abATAPISense), 30000 /**< @todo timeout */);
1937 if (pProf) { STAM_PROFILE_ADV_STOP(pProf, b); }
1938
1939 STAM_PROFILE_START(&pCtl->StatLockWait, a);
1940 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
1941 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
1942
1943 /* Update the LEDs and the read/write statistics. */
1944 if (cbTransfer >= 2048)
1945 {
1946 if (s->uTxDir != PDMBLOCKTXDIR_TO_DEVICE)
1947 {
1948 s->Led.Actual.s.fReading = 0;
1949 STAM_REL_COUNTER_ADD(&s->StatBytesRead, cbTransfer);
1950 }
1951 else
1952 {
1953 s->Led.Actual.s.fWriting = 0;
1954 STAM_REL_COUNTER_ADD(&s->StatBytesWritten, cbTransfer);
1955 }
1956 }
1957
1958 if (RT_SUCCESS(rc))
1959 {
1960 if (s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE)
1961 {
1962 Assert(cbTransfer <= s->cbTotalTransfer);
1963 /* Reply with the same amount of data as the real drive. */
1964 s->cbTotalTransfer = cbTransfer;
1965 /* The initial buffer end value has been set up based on the total
1966 * transfer size. But the I/O buffer size limits what can actually be
1967 * done in one transfer, so set the actual value of the buffer end. */
1968 s->cbElementaryTransfer = cbTransfer;
1969 if (s->aATAPICmd[0] == SCSI_INQUIRY)
1970 {
1971 /* Make sure that the real drive cannot be identified.
1972 * Motivation: changing the VM configuration should be as
1973 * invisible as possible to the guest. */
1974 Log3(("ATAPI PT inquiry data before (%d): %.*Rhxs\n", cbTransfer, cbTransfer, s->CTX_SUFF(pbIOBuffer)));
1975 ataSCSIPadStr(s->CTX_SUFF(pbIOBuffer) + 8, "VBOX", 8);
1976 ataSCSIPadStr(s->CTX_SUFF(pbIOBuffer) + 16, "CD-ROM", 16);
1977 ataSCSIPadStr(s->CTX_SUFF(pbIOBuffer) + 32, "1.0", 4);
1978 }
1979 if (cbTransfer)
1980 Log3(("ATAPI PT data read (%d): %.*Rhxs\n", cbTransfer, cbTransfer, s->CTX_SUFF(pbIOBuffer)));
1981 }
1982 s->iSourceSink = ATAFN_SS_NULL;
1983 atapiCmdOK(s);
1984 }
1985 else
1986 {
1987 if (s->cErrors < MAX_LOG_REL_ERRORS)
1988 {
1989 uint8_t u8Cmd = s->aATAPICmd[0];
1990 do
1991 {
1992 /* don't log superflous errors */
1993 if ( rc == VERR_DEV_IO_ERROR
1994 && ( u8Cmd == SCSI_TEST_UNIT_READY
1995 || u8Cmd == SCSI_READ_CAPACITY
1996 || u8Cmd == SCSI_READ_DVD_STRUCTURE
1997 || u8Cmd == SCSI_READ_TOC_PMA_ATIP))
1998 break;
1999 s->cErrors++;
2000 LogRel(("PIIX3 ATA: LUN#%d: CD-ROM passthrough cmd=%#04x sense=%d ASC=%#02x ASCQ=%#02x %Rrc\n",
2001 s->iLUN, u8Cmd, abATAPISense[2] & 0x0f, abATAPISense[12], abATAPISense[13], rc));
2002 } while (0);
2003 }
2004 atapiCmdError(s, abATAPISense, sizeof(abATAPISense));
2005 }
2006 return false;
2007}
2008
2009/** @todo: Revise ASAP. */
2010static bool atapiReadDVDStructureSS(ATADevState *s)
2011{
2012 uint8_t *buf = s->CTX_SUFF(pbIOBuffer);
2013 int media = s->aATAPICmd[1];
2014 int format = s->aATAPICmd[7];
2015
2016 uint16_t max_len = ataBE2H_U16(&s->aATAPICmd[8]);
2017
2018 memset(buf, 0, max_len);
2019
2020 switch (format) {
2021 case 0x00:
2022 case 0x01:
2023 case 0x02:
2024 case 0x03:
2025 case 0x04:
2026 case 0x05:
2027 case 0x06:
2028 case 0x07:
2029 case 0x08:
2030 case 0x09:
2031 case 0x0a:
2032 case 0x0b:
2033 case 0x0c:
2034 case 0x0d:
2035 case 0x0e:
2036 case 0x0f:
2037 case 0x10:
2038 case 0x11:
2039 case 0x30:
2040 case 0x31:
2041 case 0xff:
2042 if (media == 0)
2043 {
2044 int uASC = SCSI_ASC_NONE;
2045
2046 switch (format)
2047 {
2048 case 0x0: /* Physical format information */
2049 {
2050 int layer = s->aATAPICmd[6];
2051 uint64_t total_sectors;
2052
2053 if (layer != 0)
2054 {
2055 uASC = -SCSI_ASC_INV_FIELD_IN_CMD_PACKET;
2056 break;
2057 }
2058
2059 total_sectors = s->cTotalSectors;
2060 total_sectors >>= 2;
2061 if (total_sectors == 0)
2062 {
2063 uASC = -SCSI_ASC_MEDIUM_NOT_PRESENT;
2064 break;
2065 }
2066
2067 buf[4] = 1; /* DVD-ROM, part version 1 */
2068 buf[5] = 0xf; /* 120mm disc, minimum rate unspecified */
2069 buf[6] = 1; /* one layer, read-only (per MMC-2 spec) */
2070 buf[7] = 0; /* default densities */
2071
2072 /* FIXME: 0x30000 per spec? */
2073 ataH2BE_U32(buf + 8, 0); /* start sector */
2074 ataH2BE_U32(buf + 12, total_sectors - 1); /* end sector */
2075 ataH2BE_U32(buf + 16, total_sectors - 1); /* l0 end sector */
2076
2077 /* Size of buffer, not including 2 byte size field */
2078 ataH2BE_U32(&buf[0], 2048 + 2);
2079
2080 /* 2k data + 4 byte header */
2081 uASC = (2048 + 4);
2082 }
2083 break;
2084 case 0x01: /* DVD copyright information */
2085 buf[4] = 0; /* no copyright data */
2086 buf[5] = 0; /* no region restrictions */
2087
2088 /* Size of buffer, not including 2 byte size field */
2089 ataH2BE_U16(buf, 4 + 2);
2090
2091 /* 4 byte header + 4 byte data */
2092 uASC = (4 + 4);
2093
2094 case 0x03: /* BCA information - invalid field for no BCA info */
2095 uASC = -SCSI_ASC_INV_FIELD_IN_CMD_PACKET;
2096 break;
2097
2098 case 0x04: /* DVD disc manufacturing information */
2099 /* Size of buffer, not including 2 byte size field */
2100 ataH2BE_U16(buf, 2048 + 2);
2101
2102 /* 2k data + 4 byte header */
2103 uASC = (2048 + 4);
2104 break;
2105 case 0xff:
2106 /*
2107 * This lists all the command capabilities above. Add new ones
2108 * in order and update the length and buffer return values.
2109 */
2110
2111 buf[4] = 0x00; /* Physical format */
2112 buf[5] = 0x40; /* Not writable, is readable */
2113 ataH2BE_U16((buf + 6), 2048 + 4);
2114
2115 buf[8] = 0x01; /* Copyright info */
2116 buf[9] = 0x40; /* Not writable, is readable */
2117 ataH2BE_U16((buf + 10), 4 + 4);
2118
2119 buf[12] = 0x03; /* BCA info */
2120 buf[13] = 0x40; /* Not writable, is readable */
2121 ataH2BE_U16((buf + 14), 188 + 4);
2122
2123 buf[16] = 0x04; /* Manufacturing info */
2124 buf[17] = 0x40; /* Not writable, is readable */
2125 ataH2BE_U16((buf + 18), 2048 + 4);
2126
2127 /* Size of buffer, not including 2 byte size field */
2128 ataH2BE_U16(buf, 16 + 2);
2129
2130 /* data written + 4 byte header */
2131 uASC = (16 + 4);
2132 break;
2133 default: /* TODO: formats beyond DVD-ROM requires */
2134 uASC = -SCSI_ASC_INV_FIELD_IN_CMD_PACKET;
2135 }
2136
2137 if (uASC < 0)
2138 {
2139 s->iSourceSink = ATAFN_SS_NULL;
2140 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, -uASC);
2141 return false;
2142 }
2143 break;
2144 }
2145 /* TODO: BD support, fall through for now */
2146
2147 /* Generic disk structures */
2148 case 0x80: /* TODO: AACS volume identifier */
2149 case 0x81: /* TODO: AACS media serial number */
2150 case 0x82: /* TODO: AACS media identifier */
2151 case 0x83: /* TODO: AACS media key block */
2152 case 0x90: /* TODO: List of recognized format layers */
2153 case 0xc0: /* TODO: Write protection status */
2154 default:
2155 s->iSourceSink = ATAFN_SS_NULL;
2156 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST,
2157 SCSI_ASC_INV_FIELD_IN_CMD_PACKET);
2158 return false;
2159 }
2160
2161 s->iSourceSink = ATAFN_SS_NULL;
2162 atapiCmdOK(s);
2163 return false;
2164}
2165
2166static bool atapiReadSectors(ATADevState *s, uint32_t iATAPILBA, uint32_t cSectors, uint32_t cbSector)
2167{
2168 Assert(cSectors > 0);
2169 s->iATAPILBA = iATAPILBA;
2170 s->cbATAPISector = cbSector;
2171 ataStartTransfer(s, cSectors * cbSector, PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_READ, true);
2172 return false;
2173}
2174
2175
2176static bool atapiReadCapacitySS(ATADevState *s)
2177{
2178 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2179
2180 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2181 Assert(s->cbElementaryTransfer <= 8);
2182 ataH2BE_U32(pbBuf, s->cTotalSectors - 1);
2183 ataH2BE_U32(pbBuf + 4, 2048);
2184 s->iSourceSink = ATAFN_SS_NULL;
2185 atapiCmdOK(s);
2186 return false;
2187}
2188
2189
2190static bool atapiReadDiscInformationSS(ATADevState *s)
2191{
2192 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2193
2194 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2195 Assert(s->cbElementaryTransfer <= 34);
2196 memset(pbBuf, '\0', 34);
2197 ataH2BE_U16(pbBuf, 32);
2198 pbBuf[2] = (0 << 4) | (3 << 2) | (2 << 0); /* not erasable, complete session, complete disc */
2199 pbBuf[3] = 1; /* number of first track */
2200 pbBuf[4] = 1; /* number of sessions (LSB) */
2201 pbBuf[5] = 1; /* first track number in last session (LSB) */
2202 pbBuf[6] = 1; /* last track number in last session (LSB) */
2203 pbBuf[7] = (0 << 7) | (0 << 6) | (1 << 5) | (0 << 2) | (0 << 0); /* disc id not valid, disc bar code not valid, unrestricted use, not dirty, not RW medium */
2204 pbBuf[8] = 0; /* disc type = CD-ROM */
2205 pbBuf[9] = 0; /* number of sessions (MSB) */
2206 pbBuf[10] = 0; /* number of sessions (MSB) */
2207 pbBuf[11] = 0; /* number of sessions (MSB) */
2208 ataH2BE_U32(pbBuf + 16, 0x00ffffff); /* last session lead-in start time is not available */
2209 ataH2BE_U32(pbBuf + 20, 0x00ffffff); /* last possible start time for lead-out is not available */
2210 s->iSourceSink = ATAFN_SS_NULL;
2211 atapiCmdOK(s);
2212 return false;
2213}
2214
2215
2216static bool atapiReadTrackInformationSS(ATADevState *s)
2217{
2218 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2219
2220 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2221 Assert(s->cbElementaryTransfer <= 36);
2222 /* Accept address/number type of 1 only, and only track 1 exists. */
2223 if ((s->aATAPICmd[1] & 0x03) != 1 || ataBE2H_U32(&s->aATAPICmd[2]) != 1)
2224 {
2225 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_INV_FIELD_IN_CMD_PACKET);
2226 return false;
2227 }
2228 memset(pbBuf, '\0', 36);
2229 ataH2BE_U16(pbBuf, 34);
2230 pbBuf[2] = 1; /* track number (LSB) */
2231 pbBuf[3] = 1; /* session number (LSB) */
2232 pbBuf[5] = (0 << 5) | (0 << 4) | (4 << 0); /* not damaged, primary copy, data track */
2233 pbBuf[6] = (0 << 7) | (0 << 6) | (0 << 5) | (0 << 6) | (1 << 0); /* not reserved track, not blank, not packet writing, not fixed packet, data mode 1 */
2234 pbBuf[7] = (0 << 1) | (0 << 0); /* last recorded address not valid, next recordable address not valid */
2235 ataH2BE_U32(pbBuf + 8, 0); /* track start address is 0 */
2236 ataH2BE_U32(pbBuf + 24, s->cTotalSectors); /* track size */
2237 pbBuf[32] = 0; /* track number (MSB) */
2238 pbBuf[33] = 0; /* session number (MSB) */
2239 s->iSourceSink = ATAFN_SS_NULL;
2240 atapiCmdOK(s);
2241 return false;
2242}
2243
2244
2245static bool atapiGetConfigurationSS(ATADevState *s)
2246{
2247 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2248 uint16_t u16Sfn = ataBE2H_U16(&s->aATAPICmd[2]);
2249
2250 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2251 Assert(s->cbElementaryTransfer <= 32);
2252 /* Accept valid request types only, and only starting feature 0. */
2253 if ((s->aATAPICmd[1] & 0x03) == 3 || u16Sfn != 0)
2254 {
2255 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_INV_FIELD_IN_CMD_PACKET);
2256 return false;
2257 }
2258 memset(pbBuf, '\0', 32);
2259 ataH2BE_U32(pbBuf, 16);
2260 /** @todo implement switching between CD-ROM and DVD-ROM profile (the only
2261 * way to differentiate them right now is based on the image size). Also
2262 * implement signalling "no current profile" if no medium is loaded. */
2263 ataH2BE_U16(pbBuf + 6, 0x08); /* current profile: read-only CD */
2264
2265 ataH2BE_U16(pbBuf + 8, 0); /* feature 0: list of profiles supported */
2266 pbBuf[10] = (0 << 2) | (1 << 1) | (1 || 0); /* version 0, persistent, current */
2267 pbBuf[11] = 8; /* additional bytes for profiles */
2268 /* The MMC-3 spec says that DVD-ROM read capability should be reported
2269 * before CD-ROM read capability. */
2270 ataH2BE_U16(pbBuf + 12, 0x10); /* profile: read-only DVD */
2271 pbBuf[14] = (0 << 0); /* NOT current profile */
2272 ataH2BE_U16(pbBuf + 16, 0x08); /* profile: read only CD */
2273 pbBuf[18] = (1 << 0); /* current profile */
2274 /* Other profiles we might want to add in the future: 0x40 (BD-ROM) and 0x50 (HDDVD-ROM) */
2275 s->iSourceSink = ATAFN_SS_NULL;
2276 atapiCmdOK(s);
2277 return false;
2278}
2279
2280
2281static bool atapiGetEventStatusNotificationSS(ATADevState *s)
2282{
2283 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2284
2285 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2286 Assert(s->cbElementaryTransfer <= 8);
2287
2288 if (!(s->aATAPICmd[1] & 1))
2289 {
2290 /* no asynchronous operation supported */
2291 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_INV_FIELD_IN_CMD_PACKET);
2292 return false;
2293 }
2294
2295 uint32_t OldStatus, NewStatus;
2296 do
2297 {
2298 OldStatus = ASMAtomicReadU32(&s->MediaEventStatus);
2299 NewStatus = ATA_EVENT_STATUS_UNCHANGED;
2300 switch (OldStatus)
2301 {
2302 case ATA_EVENT_STATUS_MEDIA_NEW:
2303 /* mount */
2304 ataH2BE_U16(pbBuf + 0, 6);
2305 pbBuf[2] = 0x04;
2306 pbBuf[3] = 0x5e;
2307 pbBuf[4] = 0x02;
2308 pbBuf[5] = 0x02;
2309 pbBuf[6] = 0x00;
2310 pbBuf[7] = 0x00;
2311 break;
2312
2313 case ATA_EVENT_STATUS_MEDIA_CHANGED:
2314 case ATA_EVENT_STATUS_MEDIA_REMOVED:
2315 /* umount */
2316 ataH2BE_U16(pbBuf + 0, 6);
2317 pbBuf[2] = 0x04;
2318 pbBuf[3] = 0x5e;
2319 pbBuf[4] = 0x03;
2320 pbBuf[5] = 0x00;
2321 pbBuf[6] = 0x00;
2322 pbBuf[7] = 0x00;
2323 if (OldStatus == ATA_EVENT_STATUS_MEDIA_CHANGED)
2324 NewStatus = ATA_EVENT_STATUS_MEDIA_NEW;
2325 break;
2326
2327 case ATA_EVENT_STATUS_UNCHANGED:
2328 default:
2329 ataH2BE_U16(pbBuf + 0, 6);
2330 pbBuf[2] = 0x01;
2331 pbBuf[3] = 0x5e;
2332 pbBuf[4] = 0x00;
2333 pbBuf[5] = 0x00;
2334 pbBuf[6] = 0x00;
2335 pbBuf[7] = 0x00;
2336 break;
2337 }
2338 } while (!ASMAtomicCmpXchgU32(&s->MediaEventStatus, NewStatus, OldStatus));
2339
2340 s->iSourceSink = ATAFN_SS_NULL;
2341 atapiCmdOK(s);
2342 return false;
2343}
2344
2345
2346static bool atapiInquirySS(ATADevState *s)
2347{
2348 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2349
2350 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2351 Assert(s->cbElementaryTransfer <= 36);
2352 pbBuf[0] = 0x05; /* CD-ROM */
2353 pbBuf[1] = 0x80; /* removable */
2354#if 1/*ndef VBOX*/ /** @todo implement MESN + AENC. (async notification on removal and stuff.) */
2355 pbBuf[2] = 0x00; /* ISO */
2356 pbBuf[3] = 0x21; /* ATAPI-2 (XXX: put ATAPI-4 ?) */
2357#else
2358 pbBuf[2] = 0x00; /* ISO */
2359 pbBuf[3] = 0x91; /* format 1, MESN=1, AENC=9 ??? */
2360#endif
2361 pbBuf[4] = 31; /* additional length */
2362 pbBuf[5] = 0; /* reserved */
2363 pbBuf[6] = 0; /* reserved */
2364 pbBuf[7] = 0; /* reserved */
2365 ataSCSIPadStr(pbBuf + 8, "VBOX", 8);
2366 ataSCSIPadStr(pbBuf + 16, "CD-ROM", 16);
2367 ataSCSIPadStr(pbBuf + 32, "1.0", 4);
2368 s->iSourceSink = ATAFN_SS_NULL;
2369 atapiCmdOK(s);
2370 return false;
2371}
2372
2373
2374static bool atapiModeSenseErrorRecoverySS(ATADevState *s)
2375{
2376 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2377
2378 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2379 Assert(s->cbElementaryTransfer <= 16);
2380 ataH2BE_U16(&pbBuf[0], 16 + 6);
2381 pbBuf[2] = 0x70;
2382 pbBuf[3] = 0;
2383 pbBuf[4] = 0;
2384 pbBuf[5] = 0;
2385 pbBuf[6] = 0;
2386 pbBuf[7] = 0;
2387
2388 pbBuf[8] = 0x01;
2389 pbBuf[9] = 0x06;
2390 pbBuf[10] = 0x00;
2391 pbBuf[11] = 0x05;
2392 pbBuf[12] = 0x00;
2393 pbBuf[13] = 0x00;
2394 pbBuf[14] = 0x00;
2395 pbBuf[15] = 0x00;
2396 s->iSourceSink = ATAFN_SS_NULL;
2397 atapiCmdOK(s);
2398 return false;
2399}
2400
2401
2402static bool atapiModeSenseCDStatusSS(ATADevState *s)
2403{
2404 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2405
2406 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2407 Assert(s->cbElementaryTransfer <= 40);
2408 ataH2BE_U16(&pbBuf[0], 38);
2409 pbBuf[2] = 0x70;
2410 pbBuf[3] = 0;
2411 pbBuf[4] = 0;
2412 pbBuf[5] = 0;
2413 pbBuf[6] = 0;
2414 pbBuf[7] = 0;
2415
2416 pbBuf[8] = 0x2a;
2417 pbBuf[9] = 30; /* page length */
2418 pbBuf[10] = 0x08; /* DVD-ROM read support */
2419 pbBuf[11] = 0x00; /* no write support */
2420 /* The following claims we support audio play. This is obviously false,
2421 * but the Linux generic CDROM support makes many features depend on this
2422 * capability. If it's not set, this causes many things to be disabled. */
2423 pbBuf[12] = 0x71; /* multisession support, mode 2 form 1/2 support, audio play */
2424 pbBuf[13] = 0x00; /* no subchannel reads supported */
2425 pbBuf[14] = (1 << 0) | (1 << 3) | (1 << 5); /* lock supported, eject supported, tray type loading mechanism */
2426 if (s->pDrvMount->pfnIsLocked(s->pDrvMount))
2427 pbBuf[14] |= 1 << 1; /* report lock state */
2428 pbBuf[15] = 0; /* no subchannel reads supported, no separate audio volume control, no changer etc. */
2429 ataH2BE_U16(&pbBuf[16], 5632); /* (obsolete) claim 32x speed support */
2430 ataH2BE_U16(&pbBuf[18], 2); /* number of audio volume levels */
2431 ataH2BE_U16(&pbBuf[20], s->cbIOBuffer / _1K); /* buffer size supported in Kbyte */
2432 ataH2BE_U16(&pbBuf[22], 5632); /* (obsolete) current read speed 32x */
2433 pbBuf[24] = 0; /* reserved */
2434 pbBuf[25] = 0; /* reserved for digital audio (see idx 15) */
2435 ataH2BE_U16(&pbBuf[26], 0); /* (obsolete) maximum write speed */
2436 ataH2BE_U16(&pbBuf[28], 0); /* (obsolete) current write speed */
2437 ataH2BE_U16(&pbBuf[30], 0); /* copy management revision supported 0=no CSS */
2438 pbBuf[32] = 0; /* reserved */
2439 pbBuf[33] = 0; /* reserved */
2440 pbBuf[34] = 0; /* reserved */
2441 pbBuf[35] = 1; /* rotation control CAV */
2442 ataH2BE_U16(&pbBuf[36], 0); /* current write speed */
2443 ataH2BE_U16(&pbBuf[38], 0); /* number of write speed performance descriptors */
2444 s->iSourceSink = ATAFN_SS_NULL;
2445 atapiCmdOK(s);
2446 return false;
2447}
2448
2449
2450static bool atapiRequestSenseSS(ATADevState *s)
2451{
2452 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2453
2454 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2455 memset(pbBuf, '\0', s->cbElementaryTransfer);
2456 memcpy(pbBuf, s->abATAPISense, RT_MIN(s->cbElementaryTransfer, sizeof(s->abATAPISense)));
2457 s->iSourceSink = ATAFN_SS_NULL;
2458 atapiCmdOK(s);
2459 return false;
2460}
2461
2462
2463static bool atapiMechanismStatusSS(ATADevState *s)
2464{
2465 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2466
2467 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2468 Assert(s->cbElementaryTransfer <= 8);
2469 ataH2BE_U16(pbBuf, 0);
2470 /* no current LBA */
2471 pbBuf[2] = 0;
2472 pbBuf[3] = 0;
2473 pbBuf[4] = 0;
2474 pbBuf[5] = 1;
2475 ataH2BE_U16(pbBuf + 6, 0);
2476 s->iSourceSink = ATAFN_SS_NULL;
2477 atapiCmdOK(s);
2478 return false;
2479}
2480
2481
2482static bool atapiReadTOCNormalSS(ATADevState *s)
2483{
2484 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer), *q, iStartTrack;
2485 bool fMSF;
2486 uint32_t cbSize;
2487
2488 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2489 fMSF = (s->aATAPICmd[1] >> 1) & 1;
2490 iStartTrack = s->aATAPICmd[6];
2491 if (iStartTrack > 1 && iStartTrack != 0xaa)
2492 {
2493 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_INV_FIELD_IN_CMD_PACKET);
2494 return false;
2495 }
2496 q = pbBuf + 2;
2497 *q++ = 1; /* first session */
2498 *q++ = 1; /* last session */
2499 if (iStartTrack <= 1)
2500 {
2501 *q++ = 0; /* reserved */
2502 *q++ = 0x14; /* ADR, control */
2503 *q++ = 1; /* track number */
2504 *q++ = 0; /* reserved */
2505 if (fMSF)
2506 {
2507 *q++ = 0; /* reserved */
2508 ataLBA2MSF(q, 0);
2509 q += 3;
2510 }
2511 else
2512 {
2513 /* sector 0 */
2514 ataH2BE_U32(q, 0);
2515 q += 4;
2516 }
2517 }
2518 /* lead out track */
2519 *q++ = 0; /* reserved */
2520 *q++ = 0x14; /* ADR, control */
2521 *q++ = 0xaa; /* track number */
2522 *q++ = 0; /* reserved */
2523 if (fMSF)
2524 {
2525 *q++ = 0; /* reserved */
2526 ataLBA2MSF(q, s->cTotalSectors);
2527 q += 3;
2528 }
2529 else
2530 {
2531 ataH2BE_U32(q, s->cTotalSectors);
2532 q += 4;
2533 }
2534 cbSize = q - pbBuf;
2535 ataH2BE_U16(pbBuf, cbSize - 2);
2536 if (cbSize < s->cbTotalTransfer)
2537 s->cbTotalTransfer = cbSize;
2538 s->iSourceSink = ATAFN_SS_NULL;
2539 atapiCmdOK(s);
2540 return false;
2541}
2542
2543
2544static bool atapiReadTOCMultiSS(ATADevState *s)
2545{
2546 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2547 bool fMSF;
2548
2549 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2550 Assert(s->cbElementaryTransfer <= 12);
2551 fMSF = (s->aATAPICmd[1] >> 1) & 1;
2552 /* multi session: only a single session defined */
2553/** @todo double-check this stuff against what a real drive says for a CD-ROM (not a CD-R) with only a single data session. Maybe solve the problem with "cdrdao read-toc" not being able to figure out whether numbers are in BCD or hex. */
2554 memset(pbBuf, 0, 12);
2555 pbBuf[1] = 0x0a;
2556 pbBuf[2] = 0x01;
2557 pbBuf[3] = 0x01;
2558 pbBuf[5] = 0x14; /* ADR, control */
2559 pbBuf[6] = 1; /* first track in last complete session */
2560 if (fMSF)
2561 {
2562 pbBuf[8] = 0; /* reserved */
2563 ataLBA2MSF(&pbBuf[9], 0);
2564 }
2565 else
2566 {
2567 /* sector 0 */
2568 ataH2BE_U32(pbBuf + 8, 0);
2569 }
2570 s->iSourceSink = ATAFN_SS_NULL;
2571 atapiCmdOK(s);
2572 return false;
2573}
2574
2575
2576static bool atapiReadTOCRawSS(ATADevState *s)
2577{
2578 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer), *q, iStartTrack;
2579 bool fMSF;
2580 uint32_t cbSize;
2581
2582 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2583 fMSF = (s->aATAPICmd[1] >> 1) & 1;
2584 iStartTrack = s->aATAPICmd[6];
2585
2586 q = pbBuf + 2;
2587 *q++ = 1; /* first session */
2588 *q++ = 1; /* last session */
2589
2590 *q++ = 1; /* session number */
2591 *q++ = 0x14; /* data track */
2592 *q++ = 0; /* track number */
2593 *q++ = 0xa0; /* first track in program area */
2594 *q++ = 0; /* min */
2595 *q++ = 0; /* sec */
2596 *q++ = 0; /* frame */
2597 *q++ = 0;
2598 *q++ = 1; /* first track */
2599 *q++ = 0x00; /* disk type CD-DA or CD data */
2600 *q++ = 0;
2601
2602 *q++ = 1; /* session number */
2603 *q++ = 0x14; /* data track */
2604 *q++ = 0; /* track number */
2605 *q++ = 0xa1; /* last track in program area */
2606 *q++ = 0; /* min */
2607 *q++ = 0; /* sec */
2608 *q++ = 0; /* frame */
2609 *q++ = 0;
2610 *q++ = 1; /* last track */
2611 *q++ = 0;
2612 *q++ = 0;
2613
2614 *q++ = 1; /* session number */
2615 *q++ = 0x14; /* data track */
2616 *q++ = 0; /* track number */
2617 *q++ = 0xa2; /* lead-out */
2618 *q++ = 0; /* min */
2619 *q++ = 0; /* sec */
2620 *q++ = 0; /* frame */
2621 if (fMSF)
2622 {
2623 *q++ = 0; /* reserved */
2624 ataLBA2MSF(q, s->cTotalSectors);
2625 q += 3;
2626 }
2627 else
2628 {
2629 ataH2BE_U32(q, s->cTotalSectors);
2630 q += 4;
2631 }
2632
2633 *q++ = 1; /* session number */
2634 *q++ = 0x14; /* ADR, control */
2635 *q++ = 0; /* track number */
2636 *q++ = 1; /* point */
2637 *q++ = 0; /* min */
2638 *q++ = 0; /* sec */
2639 *q++ = 0; /* frame */
2640 if (fMSF)
2641 {
2642 *q++ = 0; /* reserved */
2643 ataLBA2MSF(q, 0);
2644 q += 3;
2645 }
2646 else
2647 {
2648 /* sector 0 */
2649 ataH2BE_U32(q, 0);
2650 q += 4;
2651 }
2652
2653 cbSize = q - pbBuf;
2654 ataH2BE_U16(pbBuf, cbSize - 2);
2655 if (cbSize < s->cbTotalTransfer)
2656 s->cbTotalTransfer = cbSize;
2657 s->iSourceSink = ATAFN_SS_NULL;
2658 atapiCmdOK(s);
2659 return false;
2660}
2661
2662
2663static void atapiParseCmdVirtualATAPI(ATADevState *s)
2664{
2665 const uint8_t *pbPacket;
2666 uint8_t *pbBuf;
2667 uint32_t cbMax;
2668
2669 pbPacket = s->aATAPICmd;
2670 pbBuf = s->CTX_SUFF(pbIOBuffer);
2671 switch (pbPacket[0])
2672 {
2673 case SCSI_TEST_UNIT_READY:
2674 if (s->cNotifiedMediaChange > 0)
2675 {
2676 if (s->cNotifiedMediaChange-- > 2)
2677 atapiCmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIUM_NOT_PRESENT);
2678 else
2679 atapiCmdErrorSimple(s, SCSI_SENSE_UNIT_ATTENTION, SCSI_ASC_MEDIUM_MAY_HAVE_CHANGED); /* media changed */
2680 }
2681 else if (s->pDrvMount->pfnIsMounted(s->pDrvMount))
2682 atapiCmdOK(s);
2683 else
2684 atapiCmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIUM_NOT_PRESENT);
2685 break;
2686 case SCSI_GET_EVENT_STATUS_NOTIFICATION:
2687 cbMax = ataBE2H_U16(pbPacket + 7);
2688 ataStartTransfer(s, RT_MIN(cbMax, 8), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_GET_EVENT_STATUS_NOTIFICATION, true);
2689 break;
2690 case SCSI_MODE_SENSE_10:
2691 {
2692 uint8_t uPageControl, uPageCode;
2693 cbMax = ataBE2H_U16(pbPacket + 7);
2694 uPageControl = pbPacket[2] >> 6;
2695 uPageCode = pbPacket[2] & 0x3f;
2696 switch (uPageControl)
2697 {
2698 case SCSI_PAGECONTROL_CURRENT:
2699 switch (uPageCode)
2700 {
2701 case SCSI_MODEPAGE_ERROR_RECOVERY:
2702 ataStartTransfer(s, RT_MIN(cbMax, 16), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_MODE_SENSE_ERROR_RECOVERY, true);
2703 break;
2704 case SCSI_MODEPAGE_CD_STATUS:
2705 ataStartTransfer(s, RT_MIN(cbMax, 40), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_MODE_SENSE_CD_STATUS, true);
2706 break;
2707 default:
2708 goto error_cmd;
2709 }
2710 break;
2711 case SCSI_PAGECONTROL_CHANGEABLE:
2712 goto error_cmd;
2713 case SCSI_PAGECONTROL_DEFAULT:
2714 goto error_cmd;
2715 default:
2716 case SCSI_PAGECONTROL_SAVED:
2717 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_SAVING_PARAMETERS_NOT_SUPPORTED);
2718 break;
2719 }
2720 }
2721 break;
2722 case SCSI_REQUEST_SENSE:
2723 cbMax = pbPacket[4];
2724 ataStartTransfer(s, RT_MIN(cbMax, 18), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_REQUEST_SENSE, true);
2725 break;
2726 case SCSI_PREVENT_ALLOW_MEDIUM_REMOVAL:
2727 if (s->pDrvMount->pfnIsMounted(s->pDrvMount))
2728 {
2729 if (pbPacket[4] & 1)
2730 s->pDrvMount->pfnLock(s->pDrvMount);
2731 else
2732 s->pDrvMount->pfnUnlock(s->pDrvMount);
2733 atapiCmdOK(s);
2734 }
2735 else
2736 atapiCmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIUM_NOT_PRESENT);
2737 break;
2738 case SCSI_READ_10:
2739 case SCSI_READ_12:
2740 {
2741 uint32_t cSectors, iATAPILBA;
2742
2743 if (s->cNotifiedMediaChange > 0)
2744 {
2745 s->cNotifiedMediaChange-- ;
2746 atapiCmdErrorSimple(s, SCSI_SENSE_UNIT_ATTENTION, SCSI_ASC_MEDIUM_MAY_HAVE_CHANGED); /* media changed */
2747 break;
2748 }
2749 else if (!s->pDrvMount->pfnIsMounted(s->pDrvMount))
2750 {
2751 atapiCmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIUM_NOT_PRESENT);
2752 break;
2753 }
2754 if (pbPacket[0] == SCSI_READ_10)
2755 cSectors = ataBE2H_U16(pbPacket + 7);
2756 else
2757 cSectors = ataBE2H_U32(pbPacket + 6);
2758 iATAPILBA = ataBE2H_U32(pbPacket + 2);
2759 if (cSectors == 0)
2760 {
2761 atapiCmdOK(s);
2762 break;
2763 }
2764 if ((uint64_t)iATAPILBA + cSectors > s->cTotalSectors)
2765 {
2766 /* Rate limited logging, one log line per second. For
2767 * guests that insist on reading from places outside the
2768 * valid area this often generates too many release log
2769 * entries otherwise. */
2770 static uint64_t uLastLogTS = 0;
2771 if (RTTimeMilliTS() >= uLastLogTS + 1000)
2772 {
2773 LogRel(("PIIX3 ATA: LUN#%d: CD-ROM block number %Ld invalid (READ)\n", s->iLUN, (uint64_t)iATAPILBA + cSectors));
2774 uLastLogTS = RTTimeMilliTS();
2775 }
2776 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_LOGICAL_BLOCK_OOR);
2777 break;
2778 }
2779 atapiReadSectors(s, iATAPILBA, cSectors, 2048);
2780 }
2781 break;
2782 case SCSI_READ_CD:
2783 {
2784 uint32_t cSectors, iATAPILBA;
2785
2786 if (s->cNotifiedMediaChange > 0)
2787 {
2788 s->cNotifiedMediaChange-- ;
2789 atapiCmdErrorSimple(s, SCSI_SENSE_UNIT_ATTENTION, SCSI_ASC_MEDIUM_MAY_HAVE_CHANGED); /* media changed */
2790 break;
2791 }
2792 else if (!s->pDrvMount->pfnIsMounted(s->pDrvMount))
2793 {
2794 atapiCmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIUM_NOT_PRESENT);
2795 break;
2796 }
2797 cSectors = (pbPacket[6] << 16) | (pbPacket[7] << 8) | pbPacket[8];
2798 iATAPILBA = ataBE2H_U32(pbPacket + 2);
2799 if (cSectors == 0)
2800 {
2801 atapiCmdOK(s);
2802 break;
2803 }
2804 if ((uint64_t)iATAPILBA + cSectors > s->cTotalSectors)
2805 {
2806 /* Rate limited logging, one log line per second. For
2807 * guests that insist on reading from places outside the
2808 * valid area this often generates too many release log
2809 * entries otherwise. */
2810 static uint64_t uLastLogTS = 0;
2811 if (RTTimeMilliTS() >= uLastLogTS + 1000)
2812 {
2813 LogRel(("PIIX3 ATA: LUN#%d: CD-ROM block number %Ld invalid (READ CD)\n", s->iLUN, (uint64_t)iATAPILBA + cSectors));
2814 uLastLogTS = RTTimeMilliTS();
2815 }
2816 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_LOGICAL_BLOCK_OOR);
2817 break;
2818 }
2819 switch (pbPacket[9] & 0xf8)
2820 {
2821 case 0x00:
2822 /* nothing */
2823 atapiCmdOK(s);
2824 break;
2825 case 0x10:
2826 /* normal read */
2827 atapiReadSectors(s, iATAPILBA, cSectors, 2048);
2828 break;
2829 case 0xf8:
2830 /* read all data */
2831 atapiReadSectors(s, iATAPILBA, cSectors, 2352);
2832 break;
2833 default:
2834 LogRel(("PIIX3 ATA: LUN#%d: CD-ROM sector format not supported (%#x)\n", s->iLUN, pbPacket[9] & 0xf8));
2835 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_INV_FIELD_IN_CMD_PACKET);
2836 break;
2837 }
2838 }
2839 break;
2840 case SCSI_SEEK_10:
2841 {
2842 uint32_t iATAPILBA;
2843 if (s->cNotifiedMediaChange > 0)
2844 {
2845 s->cNotifiedMediaChange-- ;
2846 atapiCmdErrorSimple(s, SCSI_SENSE_UNIT_ATTENTION, SCSI_ASC_MEDIUM_MAY_HAVE_CHANGED); /* media changed */
2847 break;
2848 }
2849 else if (!s->pDrvMount->pfnIsMounted(s->pDrvMount))
2850 {
2851 atapiCmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIUM_NOT_PRESENT);
2852 break;
2853 }
2854 iATAPILBA = ataBE2H_U32(pbPacket + 2);
2855 if (iATAPILBA > s->cTotalSectors)
2856 {
2857 /* Rate limited logging, one log line per second. For
2858 * guests that insist on seeking to places outside the
2859 * valid area this often generates too many release log
2860 * entries otherwise. */
2861 static uint64_t uLastLogTS = 0;
2862 if (RTTimeMilliTS() >= uLastLogTS + 1000)
2863 {
2864 LogRel(("PIIX3 ATA: LUN#%d: CD-ROM block number %Ld invalid (SEEK)\n", s->iLUN, (uint64_t)iATAPILBA));
2865 uLastLogTS = RTTimeMilliTS();
2866 }
2867 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_LOGICAL_BLOCK_OOR);
2868 break;
2869 }
2870 atapiCmdOK(s);
2871 ataSetStatus(s, ATA_STAT_SEEK); /* Linux expects this. */
2872 }
2873 break;
2874 case SCSI_START_STOP_UNIT:
2875 {
2876 int rc = VINF_SUCCESS;
2877 switch (pbPacket[4] & 3)
2878 {
2879 case 0: /* 00 - Stop motor */
2880 case 1: /* 01 - Start motor */
2881 break;
2882 case 2: /* 10 - Eject media */
2883 /* This must be done from EMT. */
2884 {
2885 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
2886 PPDMDEVINS pDevIns = ATADEVSTATE_2_DEVINS(s);
2887 PVMREQ pReq;
2888
2889 PDMCritSectLeave(&pCtl->lock);
2890 rc = VMR3ReqCall(PDMDevHlpGetVM(pDevIns), VMCPUID_ANY, &pReq, RT_INDEFINITE_WAIT,
2891 (PFNRT)s->pDrvMount->pfnUnmount, 2, s->pDrvMount, false);
2892 AssertReleaseRC(rc);
2893 VMR3ReqFree(pReq);
2894 {
2895 STAM_PROFILE_START(&pCtl->StatLockWait, a);
2896 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
2897 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
2898 }
2899 }
2900 break;
2901 case 3: /* 11 - Load media */
2902 /** @todo rc = s->pDrvMount->pfnLoadMedia(s->pDrvMount) */
2903 break;
2904 }
2905 if (RT_SUCCESS(rc))
2906 atapiCmdOK(s);
2907 else
2908 atapiCmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIA_LOAD_OR_EJECT_FAILED);
2909 }
2910 break;
2911 case SCSI_MECHANISM_STATUS:
2912 {
2913 cbMax = ataBE2H_U16(pbPacket + 8);
2914 ataStartTransfer(s, RT_MIN(cbMax, 8), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_MECHANISM_STATUS, true);
2915 }
2916 break;
2917 case SCSI_READ_TOC_PMA_ATIP:
2918 {
2919 uint8_t format;
2920
2921 if (s->cNotifiedMediaChange > 0)
2922 {
2923 s->cNotifiedMediaChange-- ;
2924 atapiCmdErrorSimple(s, SCSI_SENSE_UNIT_ATTENTION, SCSI_ASC_MEDIUM_MAY_HAVE_CHANGED); /* media changed */
2925 break;
2926 }
2927 else if (!s->pDrvMount->pfnIsMounted(s->pDrvMount))
2928 {
2929 atapiCmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIUM_NOT_PRESENT);
2930 break;
2931 }
2932 cbMax = ataBE2H_U16(pbPacket + 7);
2933 /* SCSI MMC-3 spec says format is at offset 2 (lower 4 bits),
2934 * but Linux kernel uses offset 9 (topmost 2 bits). Hope that
2935 * the other field is clear... */
2936 format = (pbPacket[2] & 0xf) | (pbPacket[9] >> 6);
2937 switch (format)
2938 {
2939 case 0:
2940 ataStartTransfer(s, cbMax, PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_READ_TOC_NORMAL, true);
2941 break;
2942 case 1:
2943 ataStartTransfer(s, RT_MIN(cbMax, 12), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_READ_TOC_MULTI, true);
2944 break;
2945 case 2:
2946 ataStartTransfer(s, cbMax, PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_READ_TOC_RAW, true);
2947 break;
2948 default:
2949 error_cmd:
2950 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_INV_FIELD_IN_CMD_PACKET);
2951 break;
2952 }
2953 }
2954 break;
2955 case SCSI_READ_CAPACITY:
2956 if (s->cNotifiedMediaChange > 0)
2957 {
2958 s->cNotifiedMediaChange-- ;
2959 atapiCmdErrorSimple(s, SCSI_SENSE_UNIT_ATTENTION, SCSI_ASC_MEDIUM_MAY_HAVE_CHANGED); /* media changed */
2960 break;
2961 }
2962 else if (!s->pDrvMount->pfnIsMounted(s->pDrvMount))
2963 {
2964 atapiCmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIUM_NOT_PRESENT);
2965 break;
2966 }
2967 ataStartTransfer(s, 8, PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_READ_CAPACITY, true);
2968 break;
2969 case SCSI_READ_DISC_INFORMATION:
2970 if (s->cNotifiedMediaChange > 0)
2971 {
2972 s->cNotifiedMediaChange-- ;
2973 atapiCmdErrorSimple(s, SCSI_SENSE_UNIT_ATTENTION, SCSI_ASC_MEDIUM_MAY_HAVE_CHANGED); /* media changed */
2974 break;
2975 }
2976 else if (!s->pDrvMount->pfnIsMounted(s->pDrvMount))
2977 {
2978 atapiCmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIUM_NOT_PRESENT);
2979 break;
2980 }
2981 cbMax = ataBE2H_U16(pbPacket + 7);
2982 ataStartTransfer(s, RT_MIN(cbMax, 34), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_READ_DISC_INFORMATION, true);
2983 break;
2984 case SCSI_READ_TRACK_INFORMATION:
2985 if (s->cNotifiedMediaChange > 0)
2986 {
2987 s->cNotifiedMediaChange-- ;
2988 atapiCmdErrorSimple(s, SCSI_SENSE_UNIT_ATTENTION, SCSI_ASC_MEDIUM_MAY_HAVE_CHANGED); /* media changed */
2989 break;
2990 }
2991 else if (!s->pDrvMount->pfnIsMounted(s->pDrvMount))
2992 {
2993 atapiCmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIUM_NOT_PRESENT);
2994 break;
2995 }
2996 cbMax = ataBE2H_U16(pbPacket + 7);
2997 ataStartTransfer(s, RT_MIN(cbMax, 36), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_READ_TRACK_INFORMATION, true);
2998 break;
2999 case SCSI_GET_CONFIGURATION:
3000 /* No media change stuff here, it can confuse Linux guests. */
3001 cbMax = ataBE2H_U16(pbPacket + 7);
3002 ataStartTransfer(s, RT_MIN(cbMax, 32), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_GET_CONFIGURATION, true);
3003 break;
3004 case SCSI_INQUIRY:
3005 cbMax = ataBE2H_U16(pbPacket + 3);
3006 ataStartTransfer(s, RT_MIN(cbMax, 36), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_INQUIRY, true);
3007 break;
3008 case SCSI_READ_DVD_STRUCTURE:
3009 {
3010 /* Only available for ICH6 for now. */
3011 PCIATAState *pDevice = PDMINS_2_DATA(s->CTX_SUFF(pDevIns), PCIATAState *);
3012
3013 if ( (PCIDevGetVendorId(&pDevice->dev) == 0x8086)
3014 && (PCIDevGetDeviceId(&pDevice->dev) == 0x269e))
3015 {
3016 cbMax = ataBE2H_U16(pbPacket + 8);
3017 ataStartTransfer(s, RT_MIN(cbMax, 4), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_READ_DVD_STRUCTURE, true);
3018 }
3019 else
3020 {
3021 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_ILLEGAL_OPCODE);
3022 }
3023 break;
3024 }
3025 default:
3026 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_ILLEGAL_OPCODE);
3027 break;
3028 }
3029}
3030
3031
3032/*
3033 * Parse ATAPI commands, passing them directly to the CD/DVD drive.
3034 */
3035static void atapiParseCmdPassthrough(ATADevState *s)
3036{
3037 const uint8_t *pbPacket;
3038 uint8_t *pbBuf;
3039 uint32_t cSectors, iATAPILBA;
3040 uint32_t cbTransfer = 0;
3041 PDMBLOCKTXDIR uTxDir = PDMBLOCKTXDIR_NONE;
3042
3043 pbPacket = s->aATAPICmd;
3044 pbBuf = s->CTX_SUFF(pbIOBuffer);
3045 switch (pbPacket[0])
3046 {
3047 case SCSI_BLANK:
3048 goto sendcmd;
3049 case SCSI_CLOSE_TRACK_SESSION:
3050 goto sendcmd;
3051 case SCSI_ERASE_10:
3052 iATAPILBA = ataBE2H_U32(pbPacket + 2);
3053 cbTransfer = ataBE2H_U16(pbPacket + 7);
3054 Log2(("ATAPI PT: lba %d\n", iATAPILBA));
3055 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
3056 goto sendcmd;
3057 case SCSI_FORMAT_UNIT:
3058 cbTransfer = s->uATARegLCyl | (s->uATARegHCyl << 8); /* use ATAPI transfer length */
3059 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
3060 goto sendcmd;
3061 case SCSI_GET_CONFIGURATION:
3062 cbTransfer = ataBE2H_U16(pbPacket + 7);
3063 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3064 goto sendcmd;
3065 case SCSI_GET_EVENT_STATUS_NOTIFICATION:
3066 cbTransfer = ataBE2H_U16(pbPacket + 7);
3067 if (ASMAtomicReadU32(&s->MediaEventStatus) != ATA_EVENT_STATUS_UNCHANGED)
3068 {
3069 ataStartTransfer(s, RT_MIN(cbTransfer, 8), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_GET_EVENT_STATUS_NOTIFICATION, true);
3070 break;
3071 }
3072 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3073 goto sendcmd;
3074 case SCSI_GET_PERFORMANCE:
3075 cbTransfer = s->uATARegLCyl | (s->uATARegHCyl << 8); /* use ATAPI transfer length */
3076 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3077 goto sendcmd;
3078 case SCSI_INQUIRY:
3079 cbTransfer = ataBE2H_U16(pbPacket + 3);
3080 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3081 goto sendcmd;
3082 case SCSI_LOAD_UNLOAD_MEDIUM:
3083 goto sendcmd;
3084 case SCSI_MECHANISM_STATUS:
3085 cbTransfer = ataBE2H_U16(pbPacket + 8);
3086 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3087 goto sendcmd;
3088 case SCSI_MODE_SELECT_10:
3089 cbTransfer = ataBE2H_U16(pbPacket + 7);
3090 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
3091 goto sendcmd;
3092 case SCSI_MODE_SENSE_10:
3093 cbTransfer = ataBE2H_U16(pbPacket + 7);
3094 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3095 goto sendcmd;
3096 case SCSI_PAUSE_RESUME:
3097 goto sendcmd;
3098 case SCSI_PLAY_AUDIO_10:
3099 goto sendcmd;
3100 case SCSI_PLAY_AUDIO_12:
3101 goto sendcmd;
3102 case SCSI_PLAY_AUDIO_MSF:
3103 goto sendcmd;
3104 case SCSI_PREVENT_ALLOW_MEDIUM_REMOVAL:
3105 /** @todo do not forget to unlock when a VM is shut down */
3106 goto sendcmd;
3107 case SCSI_READ_10:
3108 iATAPILBA = ataBE2H_U32(pbPacket + 2);
3109 cSectors = ataBE2H_U16(pbPacket + 7);
3110 Log2(("ATAPI PT: lba %d sectors %d\n", iATAPILBA, cSectors));
3111 s->cbATAPISector = 2048; /**< @todo this size is not always correct */
3112 cbTransfer = cSectors * s->cbATAPISector;
3113 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3114 goto sendcmd;
3115 case SCSI_READ_12:
3116 iATAPILBA = ataBE2H_U32(pbPacket + 2);
3117 cSectors = ataBE2H_U32(pbPacket + 6);
3118 Log2(("ATAPI PT: lba %d sectors %d\n", iATAPILBA, cSectors));
3119 s->cbATAPISector = 2048; /**< @todo this size is not always correct */
3120 cbTransfer = cSectors * s->cbATAPISector;
3121 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3122 goto sendcmd;
3123 case SCSI_READ_BUFFER:
3124 cbTransfer = ataBE2H_U24(pbPacket + 6);
3125 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3126 goto sendcmd;
3127 case SCSI_READ_BUFFER_CAPACITY:
3128 cbTransfer = ataBE2H_U16(pbPacket + 7);
3129 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3130 goto sendcmd;
3131 case SCSI_READ_CAPACITY:
3132 cbTransfer = 8;
3133 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3134 goto sendcmd;
3135 case SCSI_READ_CD:
3136 s->cbATAPISector = 2048; /**< @todo this size is not always correct */
3137 cbTransfer = ataBE2H_U24(pbPacket + 6) / s->cbATAPISector * s->cbATAPISector;
3138 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3139 goto sendcmd;
3140 case SCSI_READ_CD_MSF:
3141 cSectors = ataMSF2LBA(pbPacket + 6) - ataMSF2LBA(pbPacket + 3);
3142 if (cSectors > 32)
3143 cSectors = 32; /* Limit transfer size to 64~74K. Safety first. In any case this can only harm software doing CDDA extraction. */
3144 s->cbATAPISector = 2048; /**< @todo this size is not always correct */
3145 cbTransfer = cSectors * s->cbATAPISector;
3146 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3147 goto sendcmd;
3148 case SCSI_READ_DISC_INFORMATION:
3149 cbTransfer = ataBE2H_U16(pbPacket + 7);
3150 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3151 goto sendcmd;
3152 case SCSI_READ_DVD_STRUCTURE:
3153 cbTransfer = ataBE2H_U16(pbPacket + 8);
3154 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3155 goto sendcmd;
3156 case SCSI_READ_FORMAT_CAPACITIES:
3157 cbTransfer = ataBE2H_U16(pbPacket + 7);
3158 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3159 goto sendcmd;
3160 case SCSI_READ_SUBCHANNEL:
3161 cbTransfer = ataBE2H_U16(pbPacket + 7);
3162 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3163 goto sendcmd;
3164 case SCSI_READ_TOC_PMA_ATIP:
3165 cbTransfer = ataBE2H_U16(pbPacket + 7);
3166 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3167 goto sendcmd;
3168 case SCSI_READ_TRACK_INFORMATION:
3169 cbTransfer = ataBE2H_U16(pbPacket + 7);
3170 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3171 goto sendcmd;
3172 case SCSI_REPAIR_TRACK:
3173 goto sendcmd;
3174 case SCSI_REPORT_KEY:
3175 cbTransfer = ataBE2H_U16(pbPacket + 8);
3176 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3177 goto sendcmd;
3178 case SCSI_REQUEST_SENSE:
3179 cbTransfer = pbPacket[4];
3180 if ((s->abATAPISense[2] & 0x0f) != SCSI_SENSE_NONE)
3181 {
3182 ataStartTransfer(s, RT_MIN(cbTransfer, 18), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_REQUEST_SENSE, true);
3183 break;
3184 }
3185 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3186 goto sendcmd;
3187 case SCSI_RESERVE_TRACK:
3188 goto sendcmd;
3189 case SCSI_SCAN:
3190 goto sendcmd;
3191 case SCSI_SEEK_10:
3192 goto sendcmd;
3193 case SCSI_SEND_CUE_SHEET:
3194 cbTransfer = ataBE2H_U24(pbPacket + 6);
3195 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
3196 goto sendcmd;
3197 case SCSI_SEND_DVD_STRUCTURE:
3198 cbTransfer = ataBE2H_U16(pbPacket + 8);
3199 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
3200 goto sendcmd;
3201 case SCSI_SEND_EVENT:
3202 cbTransfer = ataBE2H_U16(pbPacket + 8);
3203 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
3204 goto sendcmd;
3205 case SCSI_SEND_KEY:
3206 cbTransfer = ataBE2H_U16(pbPacket + 8);
3207 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
3208 goto sendcmd;
3209 case SCSI_SEND_OPC_INFORMATION:
3210 cbTransfer = ataBE2H_U16(pbPacket + 7);
3211 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
3212 goto sendcmd;
3213 case SCSI_SET_CD_SPEED:
3214 goto sendcmd;
3215 case SCSI_SET_READ_AHEAD:
3216 goto sendcmd;
3217 case SCSI_SET_STREAMING:
3218 cbTransfer = ataBE2H_U16(pbPacket + 9);
3219 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
3220 goto sendcmd;
3221 case SCSI_START_STOP_UNIT:
3222 goto sendcmd;
3223 case SCSI_STOP_PLAY_SCAN:
3224 goto sendcmd;
3225 case SCSI_SYNCHRONIZE_CACHE:
3226 goto sendcmd;
3227 case SCSI_TEST_UNIT_READY:
3228 goto sendcmd;
3229 case SCSI_VERIFY_10:
3230 goto sendcmd;
3231 case SCSI_WRITE_10:
3232 iATAPILBA = ataBE2H_U32(pbPacket + 2);
3233 cSectors = ataBE2H_U16(pbPacket + 7);
3234 Log2(("ATAPI PT: lba %d sectors %d\n", iATAPILBA, cSectors));
3235#if 0
3236 /* The sector size is determined by the async I/O thread. */
3237 s->cbATAPISector = 0;
3238 /* Preliminary, will be corrected once the sector size is known. */
3239 cbTransfer = cSectors;
3240#else
3241 s->cbATAPISector = 2048; /**< @todo this size is not always correct */
3242 cbTransfer = cSectors * s->cbATAPISector;
3243#endif
3244 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
3245 goto sendcmd;
3246 case SCSI_WRITE_12:
3247 iATAPILBA = ataBE2H_U32(pbPacket + 2);
3248 cSectors = ataBE2H_U32(pbPacket + 6);
3249 Log2(("ATAPI PT: lba %d sectors %d\n", iATAPILBA, cSectors));
3250#if 0
3251 /* The sector size is determined by the async I/O thread. */
3252 s->cbATAPISector = 0;
3253 /* Preliminary, will be corrected once the sector size is known. */
3254 cbTransfer = cSectors;
3255#else
3256 s->cbATAPISector = 2048; /**< @todo this size is not always correct */
3257 cbTransfer = cSectors * s->cbATAPISector;
3258#endif
3259 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
3260 goto sendcmd;
3261 case SCSI_WRITE_AND_VERIFY_10:
3262 iATAPILBA = ataBE2H_U32(pbPacket + 2);
3263 cSectors = ataBE2H_U16(pbPacket + 7);
3264 Log2(("ATAPI PT: lba %d sectors %d\n", iATAPILBA, cSectors));
3265 /* The sector size is determined by the async I/O thread. */
3266 s->cbATAPISector = 0;
3267 /* Preliminary, will be corrected once the sector size is known. */
3268 cbTransfer = cSectors;
3269 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
3270 goto sendcmd;
3271 case SCSI_WRITE_BUFFER:
3272 switch (pbPacket[1] & 0x1f)
3273 {
3274 case 0x04: /* download microcode */
3275 case 0x05: /* download microcode and save */
3276 case 0x06: /* download microcode with offsets */
3277 case 0x07: /* download microcode with offsets and save */
3278 case 0x0e: /* download microcode with offsets and defer activation */
3279 case 0x0f: /* activate deferred microcode */
3280 LogRel(("PIIX3 ATA: LUN#%d: CD-ROM passthrough command attempted to update firmware, blocked\n", s->iLUN));
3281 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_INV_FIELD_IN_CMD_PACKET);
3282 break;
3283 default:
3284 cbTransfer = ataBE2H_U16(pbPacket + 6);
3285 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
3286 goto sendcmd;
3287 }
3288 break;
3289 case SCSI_REPORT_LUNS: /* Not part of MMC-3, but used by Windows. */
3290 cbTransfer = ataBE2H_U32(pbPacket + 6);
3291 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3292 goto sendcmd;
3293 case SCSI_REZERO_UNIT:
3294 /* Obsolete command used by cdrecord. What else would one expect?
3295 * This command is not sent to the drive, it is handled internally,
3296 * as the Linux kernel doesn't like it (message "scsi: unknown
3297 * opcode 0x01" in syslog) and replies with a sense code of 0,
3298 * which sends cdrecord to an endless loop. */
3299 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_ILLEGAL_OPCODE);
3300 break;
3301 default:
3302 LogRel(("PIIX3 ATA: LUN#%d: passthrough unimplemented for command %#x\n", s->iLUN, pbPacket[0]));
3303 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_ILLEGAL_OPCODE);
3304 break;
3305 sendcmd:
3306 /* Send a command to the drive, passing data in/out as required. */
3307 Log2(("ATAPI PT: max size %d\n", cbTransfer));
3308 Assert(cbTransfer <= s->cbIOBuffer);
3309 if (cbTransfer == 0)
3310 uTxDir = PDMBLOCKTXDIR_NONE;
3311 ataStartTransfer(s, cbTransfer, uTxDir, ATAFN_BT_ATAPI_PASSTHROUGH_CMD, ATAFN_SS_ATAPI_PASSTHROUGH, true);
3312 }
3313}
3314
3315
3316static void atapiParseCmd(ATADevState *s)
3317{
3318 const uint8_t *pbPacket;
3319
3320 pbPacket = s->aATAPICmd;
3321#ifdef DEBUG
3322 Log(("%s: LUN#%d DMA=%d CMD=%#04x \"%s\"\n", __FUNCTION__, s->iLUN, s->fDMA, pbPacket[0], SCSICmdText(pbPacket[0])));
3323#else /* !DEBUG */
3324 Log(("%s: LUN#%d DMA=%d CMD=%#04x\n", __FUNCTION__, s->iLUN, s->fDMA, pbPacket[0]));
3325#endif /* !DEBUG */
3326 Log2(("%s: limit=%#x packet: %.*Rhxs\n", __FUNCTION__, s->uATARegLCyl | (s->uATARegHCyl << 8), ATAPI_PACKET_SIZE, pbPacket));
3327
3328 if (s->fATAPIPassthrough)
3329 atapiParseCmdPassthrough(s);
3330 else
3331 atapiParseCmdVirtualATAPI(s);
3332}
3333
3334
3335static bool ataPacketSS(ATADevState *s)
3336{
3337 s->fDMA = !!(s->uATARegFeature & 1);
3338 memcpy(s->aATAPICmd, s->CTX_SUFF(pbIOBuffer), ATAPI_PACKET_SIZE);
3339 s->uTxDir = PDMBLOCKTXDIR_NONE;
3340 s->cbTotalTransfer = 0;
3341 s->cbElementaryTransfer = 0;
3342 atapiParseCmd(s);
3343 return false;
3344}
3345
3346
3347/**
3348 * SCSI_GET_EVENT_STATUS_NOTIFICATION should return "medium removed" event
3349 * from now on, regardless if there was a medium inserted or not.
3350 */
3351static void ataMediumRemoved(ATADevState *s)
3352{
3353 ASMAtomicWriteU32(&s->MediaEventStatus, ATA_EVENT_STATUS_MEDIA_REMOVED);
3354}
3355
3356
3357/**
3358 * SCSI_GET_EVENT_STATUS_NOTIFICATION should return "medium inserted". If
3359 * there was already a medium inserted, don't forget to send the "medium
3360 * removed" event first.
3361 */
3362static void ataMediumInserted(ATADevState *s)
3363{
3364 uint32_t OldStatus, NewStatus;
3365 do
3366 {
3367 OldStatus = ASMAtomicReadU32(&s->MediaEventStatus);
3368 switch (OldStatus)
3369 {
3370 case ATA_EVENT_STATUS_MEDIA_CHANGED:
3371 case ATA_EVENT_STATUS_MEDIA_REMOVED:
3372 /* no change, we will send "medium removed" + "medium inserted" */
3373 NewStatus = ATA_EVENT_STATUS_MEDIA_CHANGED;
3374 break;
3375 default:
3376 NewStatus = ATA_EVENT_STATUS_MEDIA_NEW;
3377 break;
3378 }
3379 } while (!ASMAtomicCmpXchgU32(&s->MediaEventStatus, NewStatus, OldStatus));
3380}
3381
3382
3383/**
3384 * Called when a media is mounted.
3385 *
3386 * @param pInterface Pointer to the interface structure containing the called function pointer.
3387 */
3388static DECLCALLBACK(void) ataMountNotify(PPDMIMOUNTNOTIFY pInterface)
3389{
3390 ATADevState *pIf = PDMIMOUNTNOTIFY_2_ATASTATE(pInterface);
3391 Log(("%s: changing LUN#%d\n", __FUNCTION__, pIf->iLUN));
3392
3393 /* Ignore the call if we're called while being attached. */
3394 if (!pIf->pDrvBlock)
3395 return;
3396
3397 if (pIf->fATAPI)
3398 pIf->cTotalSectors = pIf->pDrvBlock->pfnGetSize(pIf->pDrvBlock) / 2048;
3399 else
3400 pIf->cTotalSectors = pIf->pDrvBlock->pfnGetSize(pIf->pDrvBlock) / 512;
3401
3402 /* Report media changed in TEST UNIT and other (probably incorrect) places. */
3403 if (pIf->cNotifiedMediaChange < 2)
3404 pIf->cNotifiedMediaChange = 2;
3405 ataMediumInserted(pIf);
3406}
3407
3408/**
3409 * Called when a media is unmounted
3410 * @param pInterface Pointer to the interface structure containing the called function pointer.
3411 */
3412static DECLCALLBACK(void) ataUnmountNotify(PPDMIMOUNTNOTIFY pInterface)
3413{
3414 ATADevState *pIf = PDMIMOUNTNOTIFY_2_ATASTATE(pInterface);
3415 Log(("%s:\n", __FUNCTION__));
3416 pIf->cTotalSectors = 0;
3417
3418 /*
3419 * Whatever I do, XP will not use the GET MEDIA STATUS nor the EVENT stuff.
3420 * However, it will respond to TEST UNIT with a 0x6 0x28 (media changed) sense code.
3421 * So, we'll give it 4 TEST UNIT command to catch up, two which the media is not
3422 * present and 2 in which it is changed.
3423 */
3424 pIf->cNotifiedMediaChange = 4;
3425 ataMediumRemoved(pIf);
3426}
3427
3428static void ataPacketBT(ATADevState *s)
3429{
3430 s->cbElementaryTransfer = s->cbTotalTransfer;
3431 s->uATARegNSector = (s->uATARegNSector & ~7) | ATAPI_INT_REASON_CD;
3432 Log2(("%s: interrupt reason %#04x\n", __FUNCTION__, s->uATARegNSector));
3433 ataSetStatusValue(s, ATA_STAT_READY);
3434}
3435
3436
3437static void ataResetDevice(ATADevState *s)
3438{
3439 s->cMultSectors = ATA_MAX_MULT_SECTORS;
3440 s->cNotifiedMediaChange = 0;
3441 ASMAtomicWriteU32(&s->MediaEventStatus, ATA_EVENT_STATUS_UNCHANGED);
3442 ataUnsetIRQ(s);
3443
3444 s->uATARegSelect = 0x20;
3445 ataSetStatusValue(s, ATA_STAT_READY);
3446 ataSetSignature(s);
3447 s->cbTotalTransfer = 0;
3448 s->cbElementaryTransfer = 0;
3449 s->iIOBufferPIODataStart = 0;
3450 s->iIOBufferPIODataEnd = 0;
3451 s->iBeginTransfer = ATAFN_BT_NULL;
3452 s->iSourceSink = ATAFN_SS_NULL;
3453 s->fATAPITransfer = false;
3454 s->uATATransferMode = ATA_MODE_UDMA | 2; /* PIIX3 supports only up to UDMA2 */
3455
3456 s->uATARegFeature = 0;
3457}
3458
3459
3460static bool ataExecuteDeviceDiagnosticSS(ATADevState *s)
3461{
3462 ataSetSignature(s);
3463 if (s->fATAPI)
3464 ataSetStatusValue(s, 0); /* NOTE: READY is _not_ set */
3465 else
3466 ataSetStatusValue(s, ATA_STAT_READY);
3467 s->uATARegError = 0x01;
3468 return false;
3469}
3470
3471
3472static void ataParseCmd(ATADevState *s, uint8_t cmd)
3473{
3474#ifdef DEBUG
3475 Log(("%s: LUN#%d CMD=%#04x \"%s\"\n", __FUNCTION__, s->iLUN, cmd, ATACmdText(cmd)));
3476#else /* !DEBUG */
3477 Log(("%s: LUN#%d CMD=%#04x\n", __FUNCTION__, s->iLUN, cmd));
3478#endif /* !DEBUG */
3479 s->fLBA48 = false;
3480 s->fDMA = false;
3481 if (cmd == ATA_IDLE_IMMEDIATE)
3482 {
3483 /* Detect Linux timeout recovery, first tries IDLE IMMEDIATE (which
3484 * would overwrite the failing command unfortunately), then RESET. */
3485 int32_t uCmdWait = -1;
3486 uint64_t uNow = RTTimeNanoTS();
3487 if (s->u64CmdTS)
3488 uCmdWait = (uNow - s->u64CmdTS) / 1000;
3489 LogRel(("PIIX3 ATA: LUN#%d: IDLE IMMEDIATE, CmdIf=%#04x (%d usec ago)\n",
3490 s->iLUN, s->uATARegCommand, uCmdWait));
3491 }
3492 s->uATARegCommand = cmd;
3493 switch (cmd)
3494 {
3495 case ATA_IDENTIFY_DEVICE:
3496 if (s->pDrvBlock && !s->fATAPI)
3497 ataStartTransfer(s, 512, PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_NULL, ATAFN_SS_IDENTIFY, false);
3498 else
3499 {
3500 if (s->fATAPI)
3501 ataSetSignature(s);
3502 ataCmdError(s, ABRT_ERR);
3503 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3504 }
3505 break;
3506 case ATA_INITIALIZE_DEVICE_PARAMETERS:
3507 case ATA_RECALIBRATE:
3508 ataCmdOK(s, ATA_STAT_SEEK);
3509 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3510 break;
3511 case ATA_SET_MULTIPLE_MODE:
3512 if ( s->uATARegNSector != 0
3513 && ( s->uATARegNSector > ATA_MAX_MULT_SECTORS
3514 || (s->uATARegNSector & (s->uATARegNSector - 1)) != 0))
3515 {
3516 ataCmdError(s, ABRT_ERR);
3517 }
3518 else
3519 {
3520 Log2(("%s: set multi sector count to %d\n", __FUNCTION__, s->uATARegNSector));
3521 s->cMultSectors = s->uATARegNSector;
3522 ataCmdOK(s, 0);
3523 }
3524 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3525 break;
3526 case ATA_READ_VERIFY_SECTORS_EXT:
3527 s->fLBA48 = true;
3528 case ATA_READ_VERIFY_SECTORS:
3529 case ATA_READ_VERIFY_SECTORS_WITHOUT_RETRIES:
3530 /* do sector number check ? */
3531 ataCmdOK(s, 0);
3532 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3533 break;
3534 case ATA_READ_SECTORS_EXT:
3535 s->fLBA48 = true;
3536 case ATA_READ_SECTORS:
3537 case ATA_READ_SECTORS_WITHOUT_RETRIES:
3538 if (!s->pDrvBlock)
3539 goto abort_cmd;
3540 s->cSectorsPerIRQ = 1;
3541 ataStartTransfer(s, ataGetNSectors(s) * 512, PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_READ_WRITE_SECTORS, ATAFN_SS_READ_SECTORS, false);
3542 break;
3543 case ATA_WRITE_SECTORS_EXT:
3544 s->fLBA48 = true;
3545 case ATA_WRITE_SECTORS:
3546 case ATA_WRITE_SECTORS_WITHOUT_RETRIES:
3547 s->cSectorsPerIRQ = 1;
3548 ataStartTransfer(s, ataGetNSectors(s) * 512, PDMBLOCKTXDIR_TO_DEVICE, ATAFN_BT_READ_WRITE_SECTORS, ATAFN_SS_WRITE_SECTORS, false);
3549 break;
3550 case ATA_READ_MULTIPLE_EXT:
3551 s->fLBA48 = true;
3552 case ATA_READ_MULTIPLE:
3553 if (!s->cMultSectors)
3554 goto abort_cmd;
3555 s->cSectorsPerIRQ = s->cMultSectors;
3556 ataStartTransfer(s, ataGetNSectors(s) * 512, PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_READ_WRITE_SECTORS, ATAFN_SS_READ_SECTORS, false);
3557 break;
3558 case ATA_WRITE_MULTIPLE_EXT:
3559 s->fLBA48 = true;
3560 case ATA_WRITE_MULTIPLE:
3561 if (!s->cMultSectors)
3562 goto abort_cmd;
3563 s->cSectorsPerIRQ = s->cMultSectors;
3564 ataStartTransfer(s, ataGetNSectors(s) * 512, PDMBLOCKTXDIR_TO_DEVICE, ATAFN_BT_READ_WRITE_SECTORS, ATAFN_SS_WRITE_SECTORS, false);
3565 break;
3566 case ATA_READ_DMA_EXT:
3567 s->fLBA48 = true;
3568 case ATA_READ_DMA:
3569 case ATA_READ_DMA_WITHOUT_RETRIES:
3570 if (!s->pDrvBlock)
3571 goto abort_cmd;
3572 s->cSectorsPerIRQ = ATA_MAX_MULT_SECTORS;
3573 s->fDMA = true;
3574 ataStartTransfer(s, ataGetNSectors(s) * 512, PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_READ_WRITE_SECTORS, ATAFN_SS_READ_SECTORS, false);
3575 break;
3576 case ATA_WRITE_DMA_EXT:
3577 s->fLBA48 = true;
3578 case ATA_WRITE_DMA:
3579 case ATA_WRITE_DMA_WITHOUT_RETRIES:
3580 if (!s->pDrvBlock)
3581 goto abort_cmd;
3582 s->cSectorsPerIRQ = ATA_MAX_MULT_SECTORS;
3583 s->fDMA = true;
3584 ataStartTransfer(s, ataGetNSectors(s) * 512, PDMBLOCKTXDIR_TO_DEVICE, ATAFN_BT_READ_WRITE_SECTORS, ATAFN_SS_WRITE_SECTORS, false);
3585 break;
3586 case ATA_READ_NATIVE_MAX_ADDRESS_EXT:
3587 s->fLBA48 = true;
3588 ataSetSector(s, s->cTotalSectors - 1);
3589 ataCmdOK(s, 0);
3590 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3591 break;
3592 case ATA_SEEK: /* Used by the SCO OpenServer. Command is marked as obsolete */
3593 ataCmdOK(s, 0);
3594 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3595 break;
3596 case ATA_READ_NATIVE_MAX_ADDRESS:
3597 ataSetSector(s, RT_MIN(s->cTotalSectors, 1 << 28) - 1);
3598 ataCmdOK(s, 0);
3599 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3600 break;
3601 case ATA_CHECK_POWER_MODE:
3602 s->uATARegNSector = 0xff; /* drive active or idle */
3603 ataCmdOK(s, 0);
3604 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3605 break;
3606 case ATA_SET_FEATURES:
3607 Log2(("%s: feature=%#x\n", __FUNCTION__, s->uATARegFeature));
3608 if (!s->pDrvBlock)
3609 goto abort_cmd;
3610 switch (s->uATARegFeature)
3611 {
3612 case 0x02: /* write cache enable */
3613 Log2(("%s: write cache enable\n", __FUNCTION__));
3614 ataCmdOK(s, ATA_STAT_SEEK);
3615 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3616 break;
3617 case 0xaa: /* read look-ahead enable */
3618 Log2(("%s: read look-ahead enable\n", __FUNCTION__));
3619 ataCmdOK(s, ATA_STAT_SEEK);
3620 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3621 break;
3622 case 0x55: /* read look-ahead disable */
3623 Log2(("%s: read look-ahead disable\n", __FUNCTION__));
3624 ataCmdOK(s, ATA_STAT_SEEK);
3625 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3626 break;
3627 case 0xcc: /* reverting to power-on defaults enable */
3628 Log2(("%s: revert to power-on defaults enable\n", __FUNCTION__));
3629 ataCmdOK(s, ATA_STAT_SEEK);
3630 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3631 break;
3632 case 0x66: /* reverting to power-on defaults disable */
3633 Log2(("%s: revert to power-on defaults disable\n", __FUNCTION__));
3634 ataCmdOK(s, ATA_STAT_SEEK);
3635 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3636 break;
3637 case 0x82: /* write cache disable */
3638 Log2(("%s: write cache disable\n", __FUNCTION__));
3639 /* As per the ATA/ATAPI-6 specs, a write cache disable
3640 * command MUST flush the write buffers to disc. */
3641 ataStartTransfer(s, 0, PDMBLOCKTXDIR_NONE, ATAFN_BT_NULL, ATAFN_SS_FLUSH, false);
3642 break;
3643 case 0x03: { /* set transfer mode */
3644 Log2(("%s: transfer mode %#04x\n", __FUNCTION__, s->uATARegNSector));
3645 switch (s->uATARegNSector & 0xf8)
3646 {
3647 case 0x00: /* PIO default */
3648 case 0x08: /* PIO mode */
3649 break;
3650 case ATA_MODE_MDMA: /* MDMA mode */
3651 s->uATATransferMode = (s->uATARegNSector & 0xf8) | RT_MIN(s->uATARegNSector & 0x07, ATA_MDMA_MODE_MAX);
3652 break;
3653 case ATA_MODE_UDMA: /* UDMA mode */
3654 s->uATATransferMode = (s->uATARegNSector & 0xf8) | RT_MIN(s->uATARegNSector & 0x07, ATA_UDMA_MODE_MAX);
3655 break;
3656 default:
3657 goto abort_cmd;
3658 }
3659 ataCmdOK(s, ATA_STAT_SEEK);
3660 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3661 break;
3662 }
3663 default:
3664 goto abort_cmd;
3665 }
3666 /*
3667 * OS/2 workarond:
3668 * The OS/2 IDE driver from MCP2 appears to rely on the feature register being
3669 * reset here. According to the specification, this is a driver bug as the register
3670 * contents are undefined after the call. This means we can just as well reset it.
3671 */
3672 s->uATARegFeature = 0;
3673 break;
3674 case ATA_FLUSH_CACHE_EXT:
3675 case ATA_FLUSH_CACHE:
3676 if (!s->pDrvBlock || s->fATAPI)
3677 goto abort_cmd;
3678 ataStartTransfer(s, 0, PDMBLOCKTXDIR_NONE, ATAFN_BT_NULL, ATAFN_SS_FLUSH, false);
3679 break;
3680 case ATA_STANDBY_IMMEDIATE:
3681 ataCmdOK(s, 0);
3682 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3683 break;
3684 case ATA_IDLE_IMMEDIATE:
3685 LogRel(("PIIX3 ATA: LUN#%d: aborting current command\n", s->iLUN));
3686 ataAbortCurrentCommand(s, false);
3687 break;
3688 /* ATAPI commands */
3689 case ATA_IDENTIFY_PACKET_DEVICE:
3690 if (s->fATAPI)
3691 ataStartTransfer(s, 512, PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_NULL, ATAFN_SS_ATAPI_IDENTIFY, false);
3692 else
3693 {
3694 ataCmdError(s, ABRT_ERR);
3695 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3696 }
3697 break;
3698 case ATA_EXECUTE_DEVICE_DIAGNOSTIC:
3699 ataStartTransfer(s, 0, PDMBLOCKTXDIR_NONE, ATAFN_BT_NULL, ATAFN_SS_EXECUTE_DEVICE_DIAGNOSTIC, false);
3700 break;
3701 case ATA_DEVICE_RESET:
3702 if (!s->fATAPI)
3703 goto abort_cmd;
3704 LogRel(("PIIX3 ATA: LUN#%d: performing device RESET\n", s->iLUN));
3705 ataAbortCurrentCommand(s, true);
3706 break;
3707 case ATA_PACKET:
3708 if (!s->fATAPI)
3709 goto abort_cmd;
3710 /* overlapping commands not supported */
3711 if (s->uATARegFeature & 0x02)
3712 goto abort_cmd;
3713 ataStartTransfer(s, ATAPI_PACKET_SIZE, PDMBLOCKTXDIR_TO_DEVICE, ATAFN_BT_PACKET, ATAFN_SS_PACKET, false);
3714 break;
3715 default:
3716 abort_cmd:
3717 ataCmdError(s, ABRT_ERR);
3718 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3719 break;
3720 }
3721}
3722
3723
3724/**
3725 * Waits for a particular async I/O thread to complete whatever it
3726 * is doing at the moment.
3727 *
3728 * @returns true on success.
3729 * @returns false when the thread is still processing.
3730 * @param pThis Pointer to the controller data.
3731 * @param cMillies How long to wait (total).
3732 */
3733static bool ataWaitForAsyncIOIsIdle(PATACONTROLLER pCtl, unsigned cMillies)
3734{
3735 uint64_t u64Start;
3736
3737 /*
3738 * Wait for any pending async operation to finish
3739 */
3740 u64Start = RTTimeMilliTS();
3741 for (;;)
3742 {
3743 if (ataAsyncIOIsIdle(pCtl, false))
3744 return true;
3745 if (RTTimeMilliTS() - u64Start >= cMillies)
3746 break;
3747
3748 /* Sleep for a bit. */
3749 RTThreadSleep(100);
3750 }
3751
3752 return false;
3753}
3754
3755#endif /* IN_RING3 */
3756
3757static int ataIOPortWriteU8(PATACONTROLLER pCtl, uint32_t addr, uint32_t val)
3758{
3759 Log2(("%s: write addr=%#x val=%#04x\n", __FUNCTION__, addr, val));
3760 addr &= 7;
3761 switch (addr)
3762 {
3763 case 0:
3764 break;
3765 case 1: /* feature register */
3766 /* NOTE: data is written to the two drives */
3767 pCtl->aIfs[0].uATARegDevCtl &= ~ATA_DEVCTL_HOB;
3768 pCtl->aIfs[1].uATARegDevCtl &= ~ATA_DEVCTL_HOB;
3769 pCtl->aIfs[0].uATARegFeatureHOB = pCtl->aIfs[0].uATARegFeature;
3770 pCtl->aIfs[1].uATARegFeatureHOB = pCtl->aIfs[1].uATARegFeature;
3771 pCtl->aIfs[0].uATARegFeature = val;
3772 pCtl->aIfs[1].uATARegFeature = val;
3773 break;
3774 case 2: /* sector count */
3775 pCtl->aIfs[0].uATARegDevCtl &= ~ATA_DEVCTL_HOB;
3776 pCtl->aIfs[1].uATARegDevCtl &= ~ATA_DEVCTL_HOB;
3777 pCtl->aIfs[0].uATARegNSectorHOB = pCtl->aIfs[0].uATARegNSector;
3778 pCtl->aIfs[1].uATARegNSectorHOB = pCtl->aIfs[1].uATARegNSector;
3779 pCtl->aIfs[0].uATARegNSector = val;
3780 pCtl->aIfs[1].uATARegNSector = val;
3781 break;
3782 case 3: /* sector number */
3783 pCtl->aIfs[0].uATARegDevCtl &= ~ATA_DEVCTL_HOB;
3784 pCtl->aIfs[1].uATARegDevCtl &= ~ATA_DEVCTL_HOB;
3785 pCtl->aIfs[0].uATARegSectorHOB = pCtl->aIfs[0].uATARegSector;
3786 pCtl->aIfs[1].uATARegSectorHOB = pCtl->aIfs[1].uATARegSector;
3787 pCtl->aIfs[0].uATARegSector = val;
3788 pCtl->aIfs[1].uATARegSector = val;
3789 break;
3790 case 4: /* cylinder low */
3791 pCtl->aIfs[0].uATARegDevCtl &= ~ATA_DEVCTL_HOB;
3792 pCtl->aIfs[1].uATARegDevCtl &= ~ATA_DEVCTL_HOB;
3793 pCtl->aIfs[0].uATARegLCylHOB = pCtl->aIfs[0].uATARegLCyl;
3794 pCtl->aIfs[1].uATARegLCylHOB = pCtl->aIfs[1].uATARegLCyl;
3795 pCtl->aIfs[0].uATARegLCyl = val;
3796 pCtl->aIfs[1].uATARegLCyl = val;
3797 break;
3798 case 5: /* cylinder high */
3799 pCtl->aIfs[0].uATARegDevCtl &= ~ATA_DEVCTL_HOB;
3800 pCtl->aIfs[1].uATARegDevCtl &= ~ATA_DEVCTL_HOB;
3801 pCtl->aIfs[0].uATARegHCylHOB = pCtl->aIfs[0].uATARegHCyl;
3802 pCtl->aIfs[1].uATARegHCylHOB = pCtl->aIfs[1].uATARegHCyl;
3803 pCtl->aIfs[0].uATARegHCyl = val;
3804 pCtl->aIfs[1].uATARegHCyl = val;
3805 break;
3806 case 6: /* drive/head */
3807 pCtl->aIfs[0].uATARegSelect = (val & ~0x10) | 0xa0;
3808 pCtl->aIfs[1].uATARegSelect = (val | 0x10) | 0xa0;
3809 if (((val >> 4) & 1) != pCtl->iSelectedIf)
3810 {
3811 PPDMDEVINS pDevIns = CONTROLLER_2_DEVINS(pCtl);
3812
3813 /* select another drive */
3814 pCtl->iSelectedIf = (val >> 4) & 1;
3815 /* The IRQ line is multiplexed between the two drives, so
3816 * update the state when switching to another drive. Only need
3817 * to update interrupt line if it is enabled and there is a
3818 * state change. */
3819 if ( !(pCtl->aIfs[pCtl->iSelectedIf].uATARegDevCtl & ATA_DEVCTL_DISABLE_IRQ)
3820 && ( pCtl->aIfs[pCtl->iSelectedIf].fIrqPending
3821 != pCtl->aIfs[pCtl->iSelectedIf ^ 1].fIrqPending))
3822 {
3823 if (pCtl->aIfs[pCtl->iSelectedIf].fIrqPending)
3824 {
3825 Log2(("%s: LUN#%d asserting IRQ (drive select change)\n", __FUNCTION__, pCtl->aIfs[pCtl->iSelectedIf].iLUN));
3826 /* The BMDMA unit unconditionally sets BM_STATUS_INT if
3827 * the interrupt line is asserted. It monitors the line
3828 * for a rising edge. */
3829 pCtl->BmDma.u8Status |= BM_STATUS_INT;
3830 if (pCtl->irq == 16)
3831 PDMDevHlpPCISetIrqNoWait(pDevIns, 0, 1);
3832 else
3833 PDMDevHlpISASetIrqNoWait(pDevIns, pCtl->irq, 1);
3834 }
3835 else
3836 {
3837 Log2(("%s: LUN#%d deasserting IRQ (drive select change)\n", __FUNCTION__, pCtl->aIfs[pCtl->iSelectedIf].iLUN));
3838 if (pCtl->irq == 16)
3839 PDMDevHlpPCISetIrqNoWait(pDevIns, 0, 0);
3840 else
3841 PDMDevHlpISASetIrqNoWait(pDevIns, pCtl->irq, 0);
3842 }
3843 }
3844 }
3845 break;
3846 default:
3847 case 7: /* command */
3848 /* ignore commands to non existant slave */
3849 if (pCtl->iSelectedIf && !pCtl->aIfs[pCtl->iSelectedIf].pDrvBlock)
3850 break;
3851#ifndef IN_RING3
3852 /* Don't do anything complicated in GC */
3853 return VINF_IOM_HC_IOPORT_WRITE;
3854#else /* IN_RING3 */
3855 ataParseCmd(&pCtl->aIfs[pCtl->iSelectedIf], val);
3856#endif /* !IN_RING3 */
3857 }
3858 return VINF_SUCCESS;
3859}
3860
3861
3862static int ataIOPortReadU8(PATACONTROLLER pCtl, uint32_t addr, uint32_t *pu32)
3863{
3864 ATADevState *s = &pCtl->aIfs[pCtl->iSelectedIf];
3865 uint32_t val;
3866 bool fHOB;
3867
3868 fHOB = !!(s->uATARegDevCtl & (1 << 7));
3869 switch (addr & 7)
3870 {
3871 case 0: /* data register */
3872 val = 0xff;
3873 break;
3874 case 1: /* error register */
3875 /* The ATA specification is very terse when it comes to specifying
3876 * the precise effects of reading back the error/feature register.
3877 * The error register (read-only) shares the register number with
3878 * the feature register (write-only), so it seems that it's not
3879 * necessary to support the usual HOB readback here. */
3880 if (!s->pDrvBlock)
3881 val = 0;
3882 else
3883 val = s->uATARegError;
3884 break;
3885 case 2: /* sector count */
3886 if (!s->pDrvBlock)
3887 val = 0;
3888 else if (fHOB)
3889 val = s->uATARegNSectorHOB;
3890 else
3891 val = s->uATARegNSector;
3892 break;
3893 case 3: /* sector number */
3894 if (!s->pDrvBlock)
3895 val = 0;
3896 else if (fHOB)
3897 val = s->uATARegSectorHOB;
3898 else
3899 val = s->uATARegSector;
3900 break;
3901 case 4: /* cylinder low */
3902 if (!s->pDrvBlock)
3903 val = 0;
3904 else if (fHOB)
3905 val = s->uATARegLCylHOB;
3906 else
3907 val = s->uATARegLCyl;
3908 break;
3909 case 5: /* cylinder high */
3910 if (!s->pDrvBlock)
3911 val = 0;
3912 else if (fHOB)
3913 val = s->uATARegHCylHOB;
3914 else
3915 val = s->uATARegHCyl;
3916 break;
3917 case 6: /* drive/head */
3918 /* This register must always work as long as there is at least
3919 * one drive attached to the controller. It is common between
3920 * both drives anyway (completely identical content). */
3921 if (!pCtl->aIfs[0].pDrvBlock && !pCtl->aIfs[1].pDrvBlock)
3922 val = 0;
3923 else
3924 val = s->uATARegSelect;
3925 break;
3926 default:
3927 case 7: /* primary status */
3928 {
3929 /* Counter for number of busy status seen in GC in a row. */
3930 static unsigned cBusy = 0;
3931
3932 if (!s->pDrvBlock)
3933 val = 0;
3934 else
3935 val = s->uATARegStatus;
3936
3937 /* Give the async I/O thread an opportunity to make progress,
3938 * don't let it starve by guests polling frequently. EMT has a
3939 * lower priority than the async I/O thread, but sometimes the
3940 * host OS doesn't care. With some guests we are only allowed to
3941 * be busy for about 5 milliseconds in some situations. Note that
3942 * this is no guarantee for any other VBox thread getting
3943 * scheduled, so this just lowers the CPU load a bit when drives
3944 * are busy. It cannot help with timing problems. */
3945 if (val & ATA_STAT_BUSY)
3946 {
3947#ifdef IN_RING3
3948 cBusy = 0;
3949 PDMCritSectLeave(&pCtl->lock);
3950
3951#ifndef RT_OS_WINDOWS
3952 /*
3953 * The thread might be stuck in an I/O operation
3954 * due to a high I/O load on the host. (see @bugref{3301})
3955 * To perform the reset successfully
3956 * we interrupt the operation by sending a signal to the thread
3957 * if the thread didn't responded in 10ms.
3958 * This works only on POSIX hosts (Windows has a CancelSynchronousIo function which
3959 * does the same but it was introduced with Vista) but so far
3960 * this hang was only observed on Linux and Mac OS X.
3961 *
3962 * This is a workaround and needs to be solved properly.
3963 */
3964 if (pCtl->fReset)
3965 {
3966 uint64_t u64ResetTimeStop = RTTimeMilliTS();
3967
3968 if ((u64ResetTimeStop - pCtl->u64ResetTime) >= 10)
3969 {
3970 LogRel(("PIIX3 ATA: Async I/O thread probably stuck in operation, interrupting\n"));
3971 pCtl->u64ResetTime = u64ResetTimeStop;
3972 RTThreadPoke(pCtl->AsyncIOThread);
3973 }
3974 }
3975#endif
3976
3977 RTThreadYield();
3978
3979 {
3980 STAM_PROFILE_START(&pCtl->StatLockWait, a);
3981 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
3982 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
3983 }
3984
3985 val = s->uATARegStatus;
3986#else /* !IN_RING3 */
3987 /* Cannot yield CPU in guest context. And switching to host
3988 * context for each and every busy status is too costly,
3989 * especially on SMP systems where we don't gain much by
3990 * yielding the CPU to someone else. */
3991 if (++cBusy >= 20)
3992 {
3993 cBusy = 0;
3994 return VINF_IOM_HC_IOPORT_READ;
3995 }
3996#endif /* !IN_RING3 */
3997 }
3998 else
3999 cBusy = 0;
4000 ataUnsetIRQ(s);
4001 break;
4002 }
4003 }
4004 Log2(("%s: addr=%#x val=%#04x\n", __FUNCTION__, addr, val));
4005 *pu32 = val;
4006 return VINF_SUCCESS;
4007}
4008
4009
4010static uint32_t ataStatusRead(PATACONTROLLER pCtl, uint32_t addr)
4011{
4012 ATADevState *s = &pCtl->aIfs[pCtl->iSelectedIf];
4013 uint32_t val;
4014
4015 if ((!pCtl->aIfs[0].pDrvBlock && !pCtl->aIfs[1].pDrvBlock) ||
4016 (pCtl->iSelectedIf == 1 && !s->pDrvBlock))
4017 val = 0;
4018 else
4019 val = s->uATARegStatus;
4020 Log2(("%s: addr=%#x val=%#04x\n", __FUNCTION__, addr, val));
4021 return val;
4022}
4023
4024static int ataControlWrite(PATACONTROLLER pCtl, uint32_t addr, uint32_t val)
4025{
4026#ifndef IN_RING3
4027 if ((val ^ pCtl->aIfs[0].uATARegDevCtl) & ATA_DEVCTL_RESET)
4028 return VINF_IOM_HC_IOPORT_WRITE; /* The RESET stuff is too complicated for GC. */
4029#endif /* !IN_RING3 */
4030
4031 Log2(("%s: addr=%#x val=%#04x\n", __FUNCTION__, addr, val));
4032 /* RESET is common for both drives attached to a controller. */
4033 if (!(pCtl->aIfs[0].uATARegDevCtl & ATA_DEVCTL_RESET) &&
4034 (val & ATA_DEVCTL_RESET))
4035 {
4036#ifdef IN_RING3
4037 /* Software RESET low to high */
4038 int32_t uCmdWait0 = -1, uCmdWait1 = -1;
4039 uint64_t uNow = RTTimeNanoTS();
4040 if (pCtl->aIfs[0].u64CmdTS)
4041 uCmdWait0 = (uNow - pCtl->aIfs[0].u64CmdTS) / 1000;
4042 if (pCtl->aIfs[1].u64CmdTS)
4043 uCmdWait1 = (uNow - pCtl->aIfs[1].u64CmdTS) / 1000;
4044 LogRel(("PIIX3 ATA: Ctl#%d: RESET, DevSel=%d AIOIf=%d CmdIf0=%#04x (%d usec ago) CmdIf1=%#04x (%d usec ago)\n",
4045 ATACONTROLLER_IDX(pCtl), pCtl->iSelectedIf, pCtl->iAIOIf,
4046 pCtl->aIfs[0].uATARegCommand, uCmdWait0,
4047 pCtl->aIfs[1].uATARegCommand, uCmdWait1));
4048 pCtl->fReset = true;
4049 /* Everything must be done after the reset flag is set, otherwise
4050 * there are unavoidable races with the currently executing request
4051 * (which might just finish in the mean time). */
4052 pCtl->fChainedTransfer = false;
4053 for (uint32_t i = 0; i < RT_ELEMENTS(pCtl->aIfs); i++)
4054 {
4055 ataResetDevice(&pCtl->aIfs[i]);
4056 /* The following cannot be done using ataSetStatusValue() since the
4057 * reset flag is already set, which suppresses all status changes. */
4058 pCtl->aIfs[i].uATARegStatus = ATA_STAT_BUSY | ATA_STAT_SEEK;
4059 Log2(("%s: LUN#%d status %#04x\n", __FUNCTION__, pCtl->aIfs[i].iLUN, pCtl->aIfs[i].uATARegStatus));
4060 pCtl->aIfs[i].uATARegError = 0x01;
4061 }
4062 ataAsyncIOClearRequests(pCtl);
4063 Log2(("%s: Ctl#%d: message to async I/O thread, resetA\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
4064 if (val & ATA_DEVCTL_HOB)
4065 {
4066 val &= ~ATA_DEVCTL_HOB;
4067 Log2(("%s: ignored setting HOB\n", __FUNCTION__));
4068 }
4069
4070 /* Save the timestamp we started the reset. */
4071 pCtl->u64ResetTime = RTTimeMilliTS();
4072
4073 /* Issue the reset request now. */
4074 ataAsyncIOPutRequest(pCtl, &ataResetARequest);
4075#else /* !IN_RING3 */
4076 AssertMsgFailed(("RESET handling is too complicated for GC\n"));
4077#endif /* IN_RING3 */
4078 }
4079 else if ((pCtl->aIfs[0].uATARegDevCtl & ATA_DEVCTL_RESET) &&
4080 !(val & ATA_DEVCTL_RESET))
4081 {
4082#ifdef IN_RING3
4083 /* Software RESET high to low */
4084 Log(("%s: deasserting RESET\n", __FUNCTION__));
4085 Log2(("%s: Ctl#%d: message to async I/O thread, resetC\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
4086 if (val & ATA_DEVCTL_HOB)
4087 {
4088 val &= ~ATA_DEVCTL_HOB;
4089 Log2(("%s: ignored setting HOB\n", __FUNCTION__));
4090 }
4091 ataAsyncIOPutRequest(pCtl, &ataResetCRequest);
4092#else /* !IN_RING3 */
4093 AssertMsgFailed(("RESET handling is too complicated for GC\n"));
4094#endif /* IN_RING3 */
4095 }
4096
4097 /* Change of interrupt disable flag. Update interrupt line if interrupt
4098 * is pending on the current interface. */
4099 if ((val ^ pCtl->aIfs[0].uATARegDevCtl) & ATA_DEVCTL_DISABLE_IRQ
4100 && pCtl->aIfs[pCtl->iSelectedIf].fIrqPending)
4101 {
4102 if (!(val & ATA_DEVCTL_DISABLE_IRQ))
4103 {
4104 Log2(("%s: LUN#%d asserting IRQ (interrupt disable change)\n", __FUNCTION__, pCtl->aIfs[pCtl->iSelectedIf].iLUN));
4105 /* The BMDMA unit unconditionally sets BM_STATUS_INT if the
4106 * interrupt line is asserted. It monitors the line for a rising
4107 * edge. */
4108 pCtl->BmDma.u8Status |= BM_STATUS_INT;
4109 if (pCtl->irq == 16)
4110 PDMDevHlpPCISetIrqNoWait(CONTROLLER_2_DEVINS(pCtl), 0, 1);
4111 else
4112 PDMDevHlpISASetIrqNoWait(CONTROLLER_2_DEVINS(pCtl), pCtl->irq, 1);
4113 }
4114 else
4115 {
4116 Log2(("%s: LUN#%d deasserting IRQ (interrupt disable change)\n", __FUNCTION__, pCtl->aIfs[pCtl->iSelectedIf].iLUN));
4117 if (pCtl->irq == 16)
4118 PDMDevHlpPCISetIrqNoWait(CONTROLLER_2_DEVINS(pCtl), 0, 0);
4119 else
4120 PDMDevHlpISASetIrqNoWait(CONTROLLER_2_DEVINS(pCtl), pCtl->irq, 0);
4121 }
4122 }
4123
4124 if (val & ATA_DEVCTL_HOB)
4125 Log2(("%s: set HOB\n", __FUNCTION__));
4126
4127 pCtl->aIfs[0].uATARegDevCtl = val;
4128 pCtl->aIfs[1].uATARegDevCtl = val;
4129
4130 return VINF_SUCCESS;
4131}
4132
4133#ifdef IN_RING3
4134
4135static void ataPIOTransfer(PATACONTROLLER pCtl)
4136{
4137 ATADevState *s;
4138
4139 s = &pCtl->aIfs[pCtl->iAIOIf];
4140 Log3(("%s: if=%p\n", __FUNCTION__, s));
4141
4142 if (s->cbTotalTransfer && s->iIOBufferCur > s->iIOBufferEnd)
4143 {
4144 LogRel(("PIIX3 ATA: LUN#%d: %s data in the middle of a PIO transfer - VERY SLOW\n", s->iLUN, s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE ? "loading" : "storing"));
4145 /* Any guest OS that triggers this case has a pathetic ATA driver.
4146 * In a real system it would block the CPU via IORDY, here we do it
4147 * very similarly by not continuing with the current instruction
4148 * until the transfer to/from the storage medium is completed. */
4149 if (s->iSourceSink != ATAFN_SS_NULL)
4150 {
4151 bool fRedo;
4152 uint8_t status = s->uATARegStatus;
4153 ataSetStatusValue(s, ATA_STAT_BUSY);
4154 Log2(("%s: calling source/sink function\n", __FUNCTION__));
4155 fRedo = g_apfnSourceSinkFuncs[s->iSourceSink](s);
4156 pCtl->fRedo = fRedo;
4157 if (RT_UNLIKELY(fRedo))
4158 return;
4159 ataSetStatusValue(s, status);
4160 s->iIOBufferCur = 0;
4161 s->iIOBufferEnd = s->cbElementaryTransfer;
4162 }
4163 }
4164 if (s->cbTotalTransfer)
4165 {
4166 if (s->fATAPITransfer)
4167 ataPIOTransferLimitATAPI(s);
4168
4169 if (s->uTxDir == PDMBLOCKTXDIR_TO_DEVICE && s->cbElementaryTransfer > s->cbTotalTransfer)
4170 s->cbElementaryTransfer = s->cbTotalTransfer;
4171
4172 Log2(("%s: %s tx_size=%d elem_tx_size=%d index=%d end=%d\n",
4173 __FUNCTION__, s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE ? "T2I" : "I2T",
4174 s->cbTotalTransfer, s->cbElementaryTransfer,
4175 s->iIOBufferCur, s->iIOBufferEnd));
4176 ataPIOTransferStart(s, s->iIOBufferCur, s->cbElementaryTransfer);
4177 s->cbTotalTransfer -= s->cbElementaryTransfer;
4178 s->iIOBufferCur += s->cbElementaryTransfer;
4179
4180 if (s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE && s->cbElementaryTransfer > s->cbTotalTransfer)
4181 s->cbElementaryTransfer = s->cbTotalTransfer;
4182 }
4183 else
4184 ataPIOTransferStop(s);
4185}
4186
4187
4188DECLINLINE(void) ataPIOTransferFinish(PATACONTROLLER pCtl, ATADevState *s)
4189{
4190 /* Do not interfere with RESET processing if the PIO transfer finishes
4191 * while the RESET line is asserted. */
4192 if (pCtl->fReset)
4193 {
4194 Log2(("%s: Ctl#%d: suppressed continuing PIO transfer as RESET is active\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
4195 return;
4196 }
4197
4198 if ( s->uTxDir == PDMBLOCKTXDIR_TO_DEVICE
4199 || ( s->iSourceSink != ATAFN_SS_NULL
4200 && s->iIOBufferCur >= s->iIOBufferEnd))
4201 {
4202 /* Need to continue the transfer in the async I/O thread. This is
4203 * the case for write operations or generally for not yet finished
4204 * transfers (some data might need to be read). */
4205 ataUnsetStatus(s, ATA_STAT_READY | ATA_STAT_DRQ);
4206 ataSetStatus(s, ATA_STAT_BUSY);
4207
4208 Log2(("%s: Ctl#%d: message to async I/O thread, continuing PIO transfer\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
4209 ataAsyncIOPutRequest(pCtl, &ataPIORequest);
4210 }
4211 else
4212 {
4213 /* Either everything finished (though some data might still be pending)
4214 * or some data is pending before the next read is due. */
4215
4216 /* Continue a previously started transfer. */
4217 ataUnsetStatus(s, ATA_STAT_DRQ);
4218 ataSetStatus(s, ATA_STAT_READY);
4219
4220 if (s->cbTotalTransfer)
4221 {
4222 /* There is more to transfer, happens usually for large ATAPI
4223 * reads - the protocol limits the chunk size to 65534 bytes. */
4224 ataPIOTransfer(pCtl);
4225 ataSetIRQ(s);
4226 }
4227 else
4228 {
4229 Log2(("%s: Ctl#%d: skipping message to async I/O thread, ending PIO transfer\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
4230 /* Finish PIO transfer. */
4231 ataPIOTransfer(pCtl);
4232 Assert(!pCtl->fRedo);
4233 }
4234 }
4235}
4236
4237#endif /* IN_RING3 */
4238
4239static int ataDataWrite(PATACONTROLLER pCtl, uint32_t addr, uint32_t cbSize, const uint8_t *pbBuf)
4240{
4241 ATADevState *s = &pCtl->aIfs[pCtl->iSelectedIf];
4242 uint8_t *p;
4243
4244 if (s->iIOBufferPIODataStart < s->iIOBufferPIODataEnd)
4245 {
4246 Assert(s->uTxDir == PDMBLOCKTXDIR_TO_DEVICE);
4247 p = s->CTX_SUFF(pbIOBuffer) + s->iIOBufferPIODataStart;
4248#ifndef IN_RING3
4249 /* All but the last transfer unit is simple enough for GC, but
4250 * sending a request to the async IO thread is too complicated. */
4251 if (s->iIOBufferPIODataStart + cbSize < s->iIOBufferPIODataEnd)
4252 {
4253 memcpy(p, pbBuf, cbSize);
4254 s->iIOBufferPIODataStart += cbSize;
4255 }
4256 else
4257 return VINF_IOM_HC_IOPORT_WRITE;
4258#else /* IN_RING3 */
4259 memcpy(p, pbBuf, cbSize);
4260 s->iIOBufferPIODataStart += cbSize;
4261 if (s->iIOBufferPIODataStart >= s->iIOBufferPIODataEnd)
4262 ataPIOTransferFinish(pCtl, s);
4263#endif /* !IN_RING3 */
4264 }
4265 else
4266 Log2(("%s: DUMMY data\n", __FUNCTION__));
4267 Log3(("%s: addr=%#x val=%.*Rhxs\n", __FUNCTION__, addr, cbSize, pbBuf));
4268 return VINF_SUCCESS;
4269}
4270
4271static int ataDataRead(PATACONTROLLER pCtl, uint32_t addr, uint32_t cbSize, uint8_t *pbBuf)
4272{
4273 ATADevState *s = &pCtl->aIfs[pCtl->iSelectedIf];
4274 uint8_t *p;
4275
4276 if (s->iIOBufferPIODataStart < s->iIOBufferPIODataEnd)
4277 {
4278 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
4279 p = s->CTX_SUFF(pbIOBuffer) + s->iIOBufferPIODataStart;
4280#ifndef IN_RING3
4281 /* All but the last transfer unit is simple enough for GC, but
4282 * sending a request to the async IO thread is too complicated. */
4283 if (s->iIOBufferPIODataStart + cbSize < s->iIOBufferPIODataEnd)
4284 {
4285 memcpy(pbBuf, p, cbSize);
4286 s->iIOBufferPIODataStart += cbSize;
4287 }
4288 else
4289 return VINF_IOM_HC_IOPORT_READ;
4290#else /* IN_RING3 */
4291 memcpy(pbBuf, p, cbSize);
4292 s->iIOBufferPIODataStart += cbSize;
4293 if (s->iIOBufferPIODataStart >= s->iIOBufferPIODataEnd)
4294 ataPIOTransferFinish(pCtl, s);
4295#endif /* !IN_RING3 */
4296 }
4297 else
4298 {
4299 Log2(("%s: DUMMY data\n", __FUNCTION__));
4300 memset(pbBuf, '\xff', cbSize);
4301 }
4302 Log3(("%s: addr=%#x val=%.*Rhxs\n", __FUNCTION__, addr, cbSize, pbBuf));
4303 return VINF_SUCCESS;
4304}
4305
4306#ifdef IN_RING3
4307
4308static void ataDMATransferStop(ATADevState *s)
4309{
4310 s->cbTotalTransfer = 0;
4311 s->cbElementaryTransfer = 0;
4312 s->iBeginTransfer = ATAFN_BT_NULL;
4313 s->iSourceSink = ATAFN_SS_NULL;
4314}
4315
4316
4317/**
4318 * Perform the entire DMA transfer in one go (unless a source/sink operation
4319 * has to be redone or a RESET comes in between). Unlike the PIO counterpart
4320 * this function cannot handle empty transfers.
4321 *
4322 * @param pCtl Controller for which to perform the transfer.
4323 */
4324static void ataDMATransfer(PATACONTROLLER pCtl)
4325{
4326 PPDMDEVINS pDevIns = CONTROLLER_2_DEVINS(pCtl);
4327 ATADevState *s = &pCtl->aIfs[pCtl->iAIOIf];
4328 bool fRedo;
4329 RTGCPHYS32 pDesc;
4330 uint32_t cbTotalTransfer, cbElementaryTransfer;
4331 uint32_t iIOBufferCur, iIOBufferEnd;
4332 uint32_t dmalen;
4333 PDMBLOCKTXDIR uTxDir;
4334 bool fLastDesc = false;
4335
4336 Assert(sizeof(BMDMADesc) == 8);
4337
4338 fRedo = pCtl->fRedo;
4339 if (RT_LIKELY(!fRedo))
4340 Assert(s->cbTotalTransfer);
4341 uTxDir = (PDMBLOCKTXDIR)s->uTxDir;
4342 cbTotalTransfer = s->cbTotalTransfer;
4343 cbElementaryTransfer = s->cbElementaryTransfer;
4344 iIOBufferCur = s->iIOBufferCur;
4345 iIOBufferEnd = s->iIOBufferEnd;
4346
4347 /* The DMA loop is designed to hold the lock only when absolutely
4348 * necessary. This avoids long freezes should the guest access the
4349 * ATA registers etc. for some reason. */
4350 PDMCritSectLeave(&pCtl->lock);
4351
4352 Log2(("%s: %s tx_size=%d elem_tx_size=%d index=%d end=%d\n",
4353 __FUNCTION__, uTxDir == PDMBLOCKTXDIR_FROM_DEVICE ? "T2I" : "I2T",
4354 cbTotalTransfer, cbElementaryTransfer,
4355 iIOBufferCur, iIOBufferEnd));
4356 for (pDesc = pCtl->pFirstDMADesc; pDesc <= pCtl->pLastDMADesc; pDesc += sizeof(BMDMADesc))
4357 {
4358 BMDMADesc DMADesc;
4359 RTGCPHYS32 pBuffer;
4360 uint32_t cbBuffer;
4361
4362 if (RT_UNLIKELY(fRedo))
4363 {
4364 pBuffer = pCtl->pRedoDMABuffer;
4365 cbBuffer = pCtl->cbRedoDMABuffer;
4366 fLastDesc = pCtl->fRedoDMALastDesc;
4367 }
4368 else
4369 {
4370 PDMDevHlpPhysRead(pDevIns, pDesc, &DMADesc, sizeof(BMDMADesc));
4371 pBuffer = RT_LE2H_U32(DMADesc.pBuffer);
4372 cbBuffer = RT_LE2H_U32(DMADesc.cbBuffer);
4373 fLastDesc = !!(cbBuffer & 0x80000000);
4374 cbBuffer &= 0xfffe;
4375 if (cbBuffer == 0)
4376 cbBuffer = 0x10000;
4377 if (cbBuffer > cbTotalTransfer)
4378 cbBuffer = cbTotalTransfer;
4379 }
4380
4381 while (RT_UNLIKELY(fRedo) || (cbBuffer && cbTotalTransfer))
4382 {
4383 if (RT_LIKELY(!fRedo))
4384 {
4385 dmalen = RT_MIN(cbBuffer, iIOBufferEnd - iIOBufferCur);
4386 Log2(("%s: DMA desc %#010x: addr=%#010x size=%#010x\n", __FUNCTION__,
4387 (int)pDesc, pBuffer, cbBuffer));
4388 if (uTxDir == PDMBLOCKTXDIR_FROM_DEVICE)
4389 PDMDevHlpPhysWrite(pDevIns, pBuffer, s->CTX_SUFF(pbIOBuffer) + iIOBufferCur, dmalen);
4390 else
4391 PDMDevHlpPhysRead(pDevIns, pBuffer, s->CTX_SUFF(pbIOBuffer) + iIOBufferCur, dmalen);
4392 iIOBufferCur += dmalen;
4393 cbTotalTransfer -= dmalen;
4394 cbBuffer -= dmalen;
4395 pBuffer += dmalen;
4396 }
4397 if ( iIOBufferCur == iIOBufferEnd
4398 && (uTxDir == PDMBLOCKTXDIR_TO_DEVICE || cbTotalTransfer))
4399 {
4400 if (uTxDir == PDMBLOCKTXDIR_FROM_DEVICE && cbElementaryTransfer > cbTotalTransfer)
4401 cbElementaryTransfer = cbTotalTransfer;
4402
4403 {
4404 STAM_PROFILE_START(&pCtl->StatLockWait, a);
4405 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
4406 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
4407 }
4408
4409 /* The RESET handler could have cleared the DMA transfer
4410 * state (since we didn't hold the lock until just now
4411 * the guest can continue in parallel). If so, the state
4412 * is already set up so the loop is exited immediately. */
4413 if (s->iSourceSink != ATAFN_SS_NULL)
4414 {
4415 s->iIOBufferCur = iIOBufferCur;
4416 s->iIOBufferEnd = iIOBufferEnd;
4417 s->cbElementaryTransfer = cbElementaryTransfer;
4418 s->cbTotalTransfer = cbTotalTransfer;
4419 Log2(("%s: calling source/sink function\n", __FUNCTION__));
4420 fRedo = g_apfnSourceSinkFuncs[s->iSourceSink](s);
4421 if (RT_UNLIKELY(fRedo))
4422 {
4423 pCtl->pFirstDMADesc = pDesc;
4424 pCtl->pRedoDMABuffer = pBuffer;
4425 pCtl->cbRedoDMABuffer = cbBuffer;
4426 pCtl->fRedoDMALastDesc = fLastDesc;
4427 }
4428 else
4429 {
4430 cbTotalTransfer = s->cbTotalTransfer;
4431 cbElementaryTransfer = s->cbElementaryTransfer;
4432
4433 if (uTxDir == PDMBLOCKTXDIR_TO_DEVICE && cbElementaryTransfer > cbTotalTransfer)
4434 cbElementaryTransfer = cbTotalTransfer;
4435 iIOBufferCur = 0;
4436 iIOBufferEnd = cbElementaryTransfer;
4437 }
4438 pCtl->fRedo = fRedo;
4439 }
4440 else
4441 {
4442 /* This forces the loop to exit immediately. */
4443 pDesc = pCtl->pLastDMADesc + 1;
4444 }
4445
4446 PDMCritSectLeave(&pCtl->lock);
4447 if (RT_UNLIKELY(fRedo))
4448 break;
4449 }
4450 }
4451
4452 if (RT_UNLIKELY(fRedo))
4453 break;
4454
4455 /* end of transfer */
4456 if (!cbTotalTransfer || fLastDesc)
4457 break;
4458
4459 {
4460 STAM_PROFILE_START(&pCtl->StatLockWait, a);
4461 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
4462 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
4463 }
4464
4465 if (!(pCtl->BmDma.u8Cmd & BM_CMD_START) || pCtl->fReset)
4466 {
4467 LogRel(("PIIX3 ATA: Ctl#%d: ABORT DMA%s\n", ATACONTROLLER_IDX(pCtl), pCtl->fReset ? " due to RESET" : ""));
4468 if (!pCtl->fReset)
4469 ataDMATransferStop(s);
4470 /* This forces the loop to exit immediately. */
4471 pDesc = pCtl->pLastDMADesc + 1;
4472 }
4473
4474 PDMCritSectLeave(&pCtl->lock);
4475 }
4476
4477 {
4478 STAM_PROFILE_START(&pCtl->StatLockWait, a);
4479 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
4480 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
4481 }
4482
4483 if (RT_UNLIKELY(fRedo))
4484 return;
4485
4486 if (fLastDesc)
4487 pCtl->BmDma.u8Status &= ~BM_STATUS_DMAING;
4488 s->cbTotalTransfer = cbTotalTransfer;
4489 s->cbElementaryTransfer = cbElementaryTransfer;
4490 s->iIOBufferCur = iIOBufferCur;
4491 s->iIOBufferEnd = iIOBufferEnd;
4492}
4493
4494
4495/** Asynch I/O thread for an interface. Once upon a time this was readable
4496 * code with several loops and a different semaphore for each purpose. But
4497 * then came the "how can one save the state in the middle of a PIO transfer"
4498 * question. The solution was to use an ASM, which is what's there now. */
4499static DECLCALLBACK(int) ataAsyncIOLoop(RTTHREAD ThreadSelf, void *pvUser)
4500{
4501 const ATARequest *pReq;
4502 uint64_t u64TS = 0; /* shut up gcc */
4503 uint64_t uWait;
4504 int rc = VINF_SUCCESS;
4505 PATACONTROLLER pCtl = (PATACONTROLLER)pvUser;
4506 ATADevState *s;
4507
4508 pReq = NULL;
4509 pCtl->fChainedTransfer = false;
4510 while (!pCtl->fShutdown)
4511 {
4512 /* Keep this thread from doing anything as long as EMT is suspended. */
4513 while (pCtl->fRedoIdle)
4514 {
4515 rc = RTSemEventWait(pCtl->SuspendIOSem, RT_INDEFINITE_WAIT);
4516 /* Continue if we got a signal by RTThreadPoke().
4517 * We will get notified if there is a request to process.
4518 */
4519 if (RT_UNLIKELY(rc == VERR_INTERRUPTED))
4520 continue;
4521 if (RT_FAILURE(rc) || pCtl->fShutdown)
4522 break;
4523
4524 pCtl->fRedoIdle = false;
4525 }
4526
4527 /* Wait for work. */
4528 while (pReq == NULL)
4529 {
4530 LogBird(("ata: %x: going to sleep...\n", pCtl->IOPortBase1));
4531 rc = RTSemEventWait(pCtl->AsyncIOSem, RT_INDEFINITE_WAIT);
4532 LogBird(("ata: %x: waking up\n", pCtl->IOPortBase1));
4533 /* Continue if we got a signal by RTThreadPoke().
4534 * We will get notified if there is a request to process.
4535 */
4536 if (RT_UNLIKELY(rc == VERR_INTERRUPTED))
4537 continue;
4538 if (RT_FAILURE(rc) || RT_UNLIKELY(pCtl->fShutdown))
4539 break;
4540
4541 pReq = ataAsyncIOGetCurrentRequest(pCtl);
4542 }
4543
4544 if (RT_FAILURE(rc) || pCtl->fShutdown)
4545 break;
4546
4547 if (pReq == NULL)
4548 continue;
4549
4550 ATAAIO ReqType = pReq->ReqType;
4551
4552 Log2(("%s: Ctl#%d: state=%d, req=%d\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl), pCtl->uAsyncIOState, ReqType));
4553 if (pCtl->uAsyncIOState != ReqType)
4554 {
4555 /* The new state is not the state that was expected by the normal
4556 * state changes. This is either a RESET/ABORT or there's something
4557 * really strange going on. */
4558 if ( (pCtl->uAsyncIOState == ATA_AIO_PIO || pCtl->uAsyncIOState == ATA_AIO_DMA)
4559 && (ReqType == ATA_AIO_PIO || ReqType == ATA_AIO_DMA))
4560 {
4561 /* Incorrect sequence of PIO/DMA states. Dump request queue. */
4562 ataAsyncIODumpRequests(pCtl);
4563 }
4564 AssertReleaseMsg(ReqType == ATA_AIO_RESET_ASSERTED || ReqType == ATA_AIO_RESET_CLEARED || ReqType == ATA_AIO_ABORT || pCtl->uAsyncIOState == ReqType, ("I/O state inconsistent: state=%d request=%d\n", pCtl->uAsyncIOState, ReqType));
4565 }
4566
4567 /* Do our work. */
4568 {
4569 STAM_PROFILE_START(&pCtl->StatLockWait, a);
4570 LogBird(("ata: %x: entering critsect\n", pCtl->IOPortBase1));
4571 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
4572 LogBird(("ata: %x: entered\n", pCtl->IOPortBase1));
4573 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
4574 }
4575
4576 if (pCtl->uAsyncIOState == ATA_AIO_NEW && !pCtl->fChainedTransfer)
4577 {
4578 u64TS = RTTimeNanoTS();
4579#if defined(DEBUG) || defined(VBOX_WITH_STATISTICS)
4580 STAM_PROFILE_ADV_START(&pCtl->StatAsyncTime, a);
4581#endif /* DEBUG || VBOX_WITH_STATISTICS */
4582 }
4583
4584 switch (ReqType)
4585 {
4586 case ATA_AIO_NEW:
4587
4588 pCtl->iAIOIf = pReq->u.t.iIf;
4589 s = &pCtl->aIfs[pCtl->iAIOIf];
4590 s->cbTotalTransfer = pReq->u.t.cbTotalTransfer;
4591 s->uTxDir = pReq->u.t.uTxDir;
4592 s->iBeginTransfer = pReq->u.t.iBeginTransfer;
4593 s->iSourceSink = pReq->u.t.iSourceSink;
4594 s->iIOBufferEnd = 0;
4595 s->u64CmdTS = u64TS;
4596
4597 if (s->fATAPI)
4598 {
4599 if (pCtl->fChainedTransfer)
4600 {
4601 /* Only count the actual transfers, not the PIO
4602 * transfer of the ATAPI command bytes. */
4603 if (s->fDMA)
4604 STAM_REL_COUNTER_INC(&s->StatATAPIDMA);
4605 else
4606 STAM_REL_COUNTER_INC(&s->StatATAPIPIO);
4607 }
4608 }
4609 else
4610 {
4611 if (s->fDMA)
4612 STAM_REL_COUNTER_INC(&s->StatATADMA);
4613 else
4614 STAM_REL_COUNTER_INC(&s->StatATAPIO);
4615 }
4616
4617 pCtl->fChainedTransfer = false;
4618
4619 if (s->iBeginTransfer != ATAFN_BT_NULL)
4620 {
4621 Log2(("%s: Ctl#%d: calling begin transfer function\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
4622 g_apfnBeginTransFuncs[s->iBeginTransfer](s);
4623 s->iBeginTransfer = ATAFN_BT_NULL;
4624 if (s->uTxDir != PDMBLOCKTXDIR_FROM_DEVICE)
4625 s->iIOBufferEnd = s->cbElementaryTransfer;
4626 }
4627 else
4628 {
4629 s->cbElementaryTransfer = s->cbTotalTransfer;
4630 s->iIOBufferEnd = s->cbTotalTransfer;
4631 }
4632 s->iIOBufferCur = 0;
4633
4634 if (s->uTxDir != PDMBLOCKTXDIR_TO_DEVICE)
4635 {
4636 if (s->iSourceSink != ATAFN_SS_NULL)
4637 {
4638 bool fRedo;
4639 Log2(("%s: Ctl#%d: calling source/sink function\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
4640 fRedo = g_apfnSourceSinkFuncs[s->iSourceSink](s);
4641 pCtl->fRedo = fRedo;
4642 if (RT_UNLIKELY(fRedo))
4643 {
4644 /* Operation failed at the initial transfer, restart
4645 * everything from scratch by resending the current
4646 * request. Occurs very rarely, not worth optimizing. */
4647 LogRel(("%s: Ctl#%d: redo entire operation\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
4648 ataAsyncIOPutRequest(pCtl, pReq);
4649 break;
4650 }
4651 }
4652 else
4653 ataCmdOK(s, 0);
4654 s->iIOBufferEnd = s->cbElementaryTransfer;
4655
4656 }
4657
4658 /* Do not go into the transfer phase if RESET is asserted.
4659 * The CritSect is released while waiting for the host OS
4660 * to finish the I/O, thus RESET is possible here. Most
4661 * important: do not change uAsyncIOState. */
4662 if (pCtl->fReset)
4663 break;
4664
4665 if (s->fDMA)
4666 {
4667 if (s->cbTotalTransfer)
4668 {
4669 ataSetStatus(s, ATA_STAT_DRQ);
4670
4671 pCtl->uAsyncIOState = ATA_AIO_DMA;
4672 /* If BMDMA is already started, do the transfer now. */
4673 if (pCtl->BmDma.u8Cmd & BM_CMD_START)
4674 {
4675 Log2(("%s: Ctl#%d: message to async I/O thread, continuing DMA transfer immediately\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
4676 ataAsyncIOPutRequest(pCtl, &ataDMARequest);
4677 }
4678 }
4679 else
4680 {
4681 Assert(s->uTxDir == PDMBLOCKTXDIR_NONE); /* Any transfer which has an initial transfer size of 0 must be marked as such. */
4682 /* Finish DMA transfer. */
4683 ataDMATransferStop(s);
4684 ataSetIRQ(s);
4685 pCtl->uAsyncIOState = ATA_AIO_NEW;
4686 }
4687 }
4688 else
4689 {
4690 if (s->cbTotalTransfer)
4691 {
4692 ataPIOTransfer(pCtl);
4693 Assert(!pCtl->fRedo);
4694 if (s->fATAPITransfer || s->uTxDir != PDMBLOCKTXDIR_TO_DEVICE)
4695 ataSetIRQ(s);
4696
4697 if (s->uTxDir == PDMBLOCKTXDIR_TO_DEVICE || s->iSourceSink != ATAFN_SS_NULL)
4698 {
4699 /* Write operations and not yet finished transfers
4700 * must be completed in the async I/O thread. */
4701 pCtl->uAsyncIOState = ATA_AIO_PIO;
4702 }
4703 else
4704 {
4705 /* Finished read operation can be handled inline
4706 * in the end of PIO transfer handling code. Linux
4707 * depends on this, as it waits only briefly for
4708 * devices to become ready after incoming data
4709 * transfer. Cannot find anything in the ATA spec
4710 * that backs this assumption, but as all kernels
4711 * are affected (though most of the time it does
4712 * not cause any harm) this must work. */
4713 pCtl->uAsyncIOState = ATA_AIO_NEW;
4714 }
4715 }
4716 else
4717 {
4718 Assert(s->uTxDir == PDMBLOCKTXDIR_NONE); /* Any transfer which has an initial transfer size of 0 must be marked as such. */
4719 /* Finish PIO transfer. */
4720 ataPIOTransfer(pCtl);
4721 Assert(!pCtl->fRedo);
4722 if (!s->fATAPITransfer)
4723 ataSetIRQ(s);
4724 pCtl->uAsyncIOState = ATA_AIO_NEW;
4725 }
4726 }
4727 break;
4728
4729 case ATA_AIO_DMA:
4730 {
4731 BMDMAState *bm = &pCtl->BmDma;
4732 s = &pCtl->aIfs[pCtl->iAIOIf]; /* Do not remove or there's an instant crash after loading the saved state */
4733 ATAFNSS iOriginalSourceSink = (ATAFNSS)s->iSourceSink; /* Used by the hack below, but gets reset by then. */
4734
4735 if (s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE)
4736 AssertRelease(bm->u8Cmd & BM_CMD_WRITE);
4737 else
4738 AssertRelease(!(bm->u8Cmd & BM_CMD_WRITE));
4739
4740 if (RT_LIKELY(!pCtl->fRedo))
4741 {
4742 /* The specs say that the descriptor table must not cross a
4743 * 4K boundary. */
4744 pCtl->pFirstDMADesc = bm->pvAddr;
4745 pCtl->pLastDMADesc = RT_ALIGN_32(bm->pvAddr + 1, _4K) - sizeof(BMDMADesc);
4746 }
4747 ataDMATransfer(pCtl);
4748
4749 if (RT_UNLIKELY(pCtl->fRedo))
4750 {
4751 LogRel(("PIIX3 ATA: Ctl#%d: redo DMA operation\n", ATACONTROLLER_IDX(pCtl)));
4752 ataAsyncIOPutRequest(pCtl, &ataDMARequest);
4753 break;
4754 }
4755
4756 /* The infamous delay IRQ hack. */
4757 if ( iOriginalSourceSink == ATAFN_SS_WRITE_SECTORS
4758 && s->cbTotalTransfer == 0
4759 && pCtl->DelayIRQMillies)
4760 {
4761 /* Delay IRQ for writing. Required to get the Win2K
4762 * installation work reliably (otherwise it crashes,
4763 * usually during component install). So far no better
4764 * solution has been found. */
4765 Log(("%s: delay IRQ hack\n", __FUNCTION__));
4766 PDMCritSectLeave(&pCtl->lock);
4767 RTThreadSleep(pCtl->DelayIRQMillies);
4768 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
4769 }
4770
4771 ataUnsetStatus(s, ATA_STAT_DRQ);
4772 Assert(!pCtl->fChainedTransfer);
4773 Assert(s->iSourceSink == ATAFN_SS_NULL);
4774 if (s->fATAPITransfer)
4775 {
4776 s->uATARegNSector = (s->uATARegNSector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
4777 Log2(("%s: Ctl#%d: interrupt reason %#04x\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl), s->uATARegNSector));
4778 s->fATAPITransfer = false;
4779 }
4780 ataSetIRQ(s);
4781 pCtl->uAsyncIOState = ATA_AIO_NEW;
4782 break;
4783 }
4784
4785 case ATA_AIO_PIO:
4786 s = &pCtl->aIfs[pCtl->iAIOIf]; /* Do not remove or there's an instant crash after loading the saved state */
4787
4788 if (s->iSourceSink != ATAFN_SS_NULL)
4789 {
4790 bool fRedo;
4791 Log2(("%s: Ctl#%d: calling source/sink function\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
4792 fRedo = g_apfnSourceSinkFuncs[s->iSourceSink](s);
4793 pCtl->fRedo = fRedo;
4794 if (RT_UNLIKELY(fRedo))
4795 {
4796 LogRel(("PIIX3 ATA: Ctl#%d: redo PIO operation\n", ATACONTROLLER_IDX(pCtl)));
4797 ataAsyncIOPutRequest(pCtl, &ataPIORequest);
4798 ataSuspendRedo(pCtl);
4799 break;
4800 }
4801 s->iIOBufferCur = 0;
4802 s->iIOBufferEnd = s->cbElementaryTransfer;
4803 }
4804 else
4805 {
4806 /* Continue a previously started transfer. */
4807 ataUnsetStatus(s, ATA_STAT_BUSY);
4808 ataSetStatus(s, ATA_STAT_READY);
4809 }
4810
4811 /* It is possible that the drives on this controller get RESET
4812 * during the above call to the source/sink function. If that's
4813 * the case, don't restart the transfer and don't finish it the
4814 * usual way. RESET handling took care of all that already.
4815 * Most important: do not change uAsyncIOState. */
4816 if (pCtl->fReset)
4817 break;
4818
4819 if (s->cbTotalTransfer)
4820 {
4821 ataPIOTransfer(pCtl);
4822 ataSetIRQ(s);
4823
4824 if (s->uTxDir == PDMBLOCKTXDIR_TO_DEVICE || s->iSourceSink != ATAFN_SS_NULL)
4825 {
4826 /* Write operations and not yet finished transfers
4827 * must be completed in the async I/O thread. */
4828 pCtl->uAsyncIOState = ATA_AIO_PIO;
4829 }
4830 else
4831 {
4832 /* Finished read operation can be handled inline
4833 * in the end of PIO transfer handling code. Linux
4834 * depends on this, as it waits only briefly for
4835 * devices to become ready after incoming data
4836 * transfer. Cannot find anything in the ATA spec
4837 * that backs this assumption, but as all kernels
4838 * are affected (though most of the time it does
4839 * not cause any harm) this must work. */
4840 pCtl->uAsyncIOState = ATA_AIO_NEW;
4841 }
4842 }
4843 else
4844 {
4845 /* Finish PIO transfer. */
4846 ataPIOTransfer(pCtl);
4847 if ( !pCtl->fChainedTransfer
4848 && !s->fATAPITransfer
4849 && s->uTxDir != PDMBLOCKTXDIR_FROM_DEVICE)
4850 {
4851 ataSetIRQ(s);
4852 }
4853 pCtl->uAsyncIOState = ATA_AIO_NEW;
4854 }
4855 break;
4856
4857 case ATA_AIO_RESET_ASSERTED:
4858 pCtl->uAsyncIOState = ATA_AIO_RESET_CLEARED;
4859 ataPIOTransferStop(&pCtl->aIfs[0]);
4860 ataPIOTransferStop(&pCtl->aIfs[1]);
4861 /* Do not change the DMA registers, they are not affected by the
4862 * ATA controller reset logic. It should be sufficient to issue a
4863 * new command, which is now possible as the state is cleared. */
4864 break;
4865
4866 case ATA_AIO_RESET_CLEARED:
4867 pCtl->uAsyncIOState = ATA_AIO_NEW;
4868 pCtl->fReset = false;
4869 LogRel(("PIIX3 ATA: Ctl#%d: finished processing RESET\n",
4870 ATACONTROLLER_IDX(pCtl)));
4871 for (uint32_t i = 0; i < RT_ELEMENTS(pCtl->aIfs); i++)
4872 {
4873 if (pCtl->aIfs[i].fATAPI)
4874 ataSetStatusValue(&pCtl->aIfs[i], 0); /* NOTE: READY is _not_ set */
4875 else
4876 ataSetStatusValue(&pCtl->aIfs[i], ATA_STAT_READY | ATA_STAT_SEEK);
4877 ataSetSignature(&pCtl->aIfs[i]);
4878 }
4879 break;
4880
4881 case ATA_AIO_ABORT:
4882 /* Abort the current command only if it operates on the same interface. */
4883 if (pCtl->iAIOIf == pReq->u.a.iIf)
4884 {
4885 s = &pCtl->aIfs[pCtl->iAIOIf];
4886
4887 pCtl->uAsyncIOState = ATA_AIO_NEW;
4888 /* Do not change the DMA registers, they are not affected by the
4889 * ATA controller reset logic. It should be sufficient to issue a
4890 * new command, which is now possible as the state is cleared. */
4891 if (pReq->u.a.fResetDrive)
4892 {
4893 ataResetDevice(s);
4894 ataExecuteDeviceDiagnosticSS(s);
4895 }
4896 else
4897 {
4898 ataPIOTransferStop(s);
4899 ataUnsetStatus(s, ATA_STAT_BUSY | ATA_STAT_DRQ | ATA_STAT_SEEK | ATA_STAT_ERR);
4900 ataSetStatus(s, ATA_STAT_READY);
4901 ataSetIRQ(s);
4902 }
4903 }
4904 break;
4905
4906 default:
4907 AssertMsgFailed(("Undefined async I/O state %d\n", pCtl->uAsyncIOState));
4908 }
4909
4910 ataAsyncIORemoveCurrentRequest(pCtl, ReqType);
4911 pReq = ataAsyncIOGetCurrentRequest(pCtl);
4912
4913 if (pCtl->uAsyncIOState == ATA_AIO_NEW && !pCtl->fChainedTransfer)
4914 {
4915#if defined(DEBUG) || defined(VBOX_WITH_STATISTICS)
4916 STAM_PROFILE_ADV_STOP(&pCtl->StatAsyncTime, a);
4917#endif /* DEBUG || VBOX_WITH_STATISTICS */
4918
4919 u64TS = RTTimeNanoTS() - u64TS;
4920 uWait = u64TS / 1000;
4921 Log(("%s: Ctl#%d: LUN#%d finished I/O transaction in %d microseconds\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl), pCtl->aIfs[pCtl->iAIOIf].iLUN, (uint32_t)(uWait)));
4922 /* Mark command as finished. */
4923 pCtl->aIfs[pCtl->iAIOIf].u64CmdTS = 0;
4924
4925 /*
4926 * Release logging of command execution times depends on the
4927 * command type. ATAPI commands often take longer (due to CD/DVD
4928 * spin up time etc.) so the threshold is different.
4929 */
4930 if (pCtl->aIfs[pCtl->iAIOIf].uATARegCommand != ATA_PACKET)
4931 {
4932 if (uWait > 8 * 1000 * 1000)
4933 {
4934 /*
4935 * Command took longer than 8 seconds. This is close
4936 * enough or over the guest's command timeout, so place
4937 * an entry in the release log to allow tracking such
4938 * timing errors (which are often caused by the host).
4939 */
4940 LogRel(("PIIX3 ATA: execution time for ATA command %#04x was %d seconds\n", pCtl->aIfs[pCtl->iAIOIf].uATARegCommand, uWait / (1000 * 1000)));
4941 }
4942 }
4943 else
4944 {
4945 if (uWait > 20 * 1000 * 1000)
4946 {
4947 /*
4948 * Command took longer than 20 seconds. This is close
4949 * enough or over the guest's command timeout, so place
4950 * an entry in the release log to allow tracking such
4951 * timing errors (which are often caused by the host).
4952 */
4953 LogRel(("PIIX3 ATA: execution time for ATAPI command %#04x was %d seconds\n", pCtl->aIfs[pCtl->iAIOIf].aATAPICmd[0], uWait / (1000 * 1000)));
4954 }
4955 }
4956
4957#if defined(DEBUG) || defined(VBOX_WITH_STATISTICS)
4958 if (uWait < pCtl->StatAsyncMinWait || !pCtl->StatAsyncMinWait)
4959 pCtl->StatAsyncMinWait = uWait;
4960 if (uWait > pCtl->StatAsyncMaxWait)
4961 pCtl->StatAsyncMaxWait = uWait;
4962
4963 STAM_COUNTER_ADD(&pCtl->StatAsyncTimeUS, uWait);
4964 STAM_COUNTER_INC(&pCtl->StatAsyncOps);
4965#endif /* DEBUG || VBOX_WITH_STATISTICS */
4966 }
4967
4968 LogBird(("ata: %x: leaving critsect\n", pCtl->IOPortBase1));
4969 PDMCritSectLeave(&pCtl->lock);
4970 }
4971
4972 /* Cleanup the state. */
4973 if (pCtl->AsyncIOSem)
4974 {
4975 RTSemEventDestroy(pCtl->AsyncIOSem);
4976 pCtl->AsyncIOSem = NIL_RTSEMEVENT;
4977 }
4978 if (pCtl->SuspendIOSem)
4979 {
4980 RTSemEventDestroy(pCtl->SuspendIOSem);
4981 pCtl->SuspendIOSem = NIL_RTSEMEVENT;
4982 }
4983 /* Do not destroy request mutex yet, still needed for proper shutdown. */
4984 pCtl->fShutdown = false;
4985 /* This must be last, as it also signals thread exit to EMT. */
4986 pCtl->AsyncIOThread = NIL_RTTHREAD;
4987
4988 Log2(("%s: Ctl#%d: return %Rrc\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl), rc));
4989 return rc;
4990}
4991
4992#endif /* IN_RING3 */
4993
4994static uint32_t ataBMDMACmdReadB(PATACONTROLLER pCtl, uint32_t addr)
4995{
4996 uint32_t val = pCtl->BmDma.u8Cmd;
4997 Log2(("%s: addr=%#06x val=%#04x\n", __FUNCTION__, addr, val));
4998 return val;
4999}
5000
5001
5002static void ataBMDMACmdWriteB(PATACONTROLLER pCtl, uint32_t addr, uint32_t val)
5003{
5004 Log2(("%s: addr=%#06x val=%#04x\n", __FUNCTION__, addr, val));
5005 if (!(val & BM_CMD_START))
5006 {
5007 pCtl->BmDma.u8Status &= ~BM_STATUS_DMAING;
5008 pCtl->BmDma.u8Cmd = val & (BM_CMD_START | BM_CMD_WRITE);
5009 }
5010 else
5011 {
5012#ifdef IN_RING3
5013 /* Check whether the guest OS wants to change DMA direction in
5014 * mid-flight. Not allowed, according to the PIIX3 specs. */
5015 Assert(!(pCtl->BmDma.u8Status & BM_STATUS_DMAING) || !((val ^ pCtl->BmDma.u8Cmd) & 0x04));
5016 pCtl->BmDma.u8Status |= BM_STATUS_DMAING;
5017 pCtl->BmDma.u8Cmd = val & (BM_CMD_START | BM_CMD_WRITE);
5018
5019 /* Do not continue DMA transfers while the RESET line is asserted. */
5020 if (pCtl->fReset)
5021 {
5022 Log2(("%s: Ctl#%d: suppressed continuing DMA transfer as RESET is active\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
5023 return;
5024 }
5025
5026 /* Do not start DMA transfers if there's a PIO transfer going on. */
5027 if (!pCtl->aIfs[pCtl->iSelectedIf].fDMA)
5028 return;
5029
5030 if (pCtl->aIfs[pCtl->iAIOIf].uATARegStatus & ATA_STAT_DRQ)
5031 {
5032 Log2(("%s: Ctl#%d: message to async I/O thread, continuing DMA transfer\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
5033 ataAsyncIOPutRequest(pCtl, &ataDMARequest);
5034 }
5035#else /* !IN_RING3 */
5036 AssertMsgFailed(("DMA START handling is too complicated for GC\n"));
5037#endif /* IN_RING3 */
5038 }
5039}
5040
5041static uint32_t ataBMDMAStatusReadB(PATACONTROLLER pCtl, uint32_t addr)
5042{
5043 uint32_t val = pCtl->BmDma.u8Status;
5044 Log2(("%s: addr=%#06x val=%#04x\n", __FUNCTION__, addr, val));
5045 return val;
5046}
5047
5048static void ataBMDMAStatusWriteB(PATACONTROLLER pCtl, uint32_t addr, uint32_t val)
5049{
5050 Log2(("%s: addr=%#06x val=%#04x\n", __FUNCTION__, addr, val));
5051 pCtl->BmDma.u8Status = (val & (BM_STATUS_D0DMA | BM_STATUS_D1DMA))
5052 | (pCtl->BmDma.u8Status & BM_STATUS_DMAING)
5053 | (pCtl->BmDma.u8Status & ~val & (BM_STATUS_ERROR | BM_STATUS_INT));
5054}
5055
5056static uint32_t ataBMDMAAddrReadL(PATACONTROLLER pCtl, uint32_t addr)
5057{
5058 uint32_t val = (uint32_t)pCtl->BmDma.pvAddr;
5059 Log2(("%s: addr=%#06x val=%#010x\n", __FUNCTION__, addr, val));
5060 return val;
5061}
5062
5063static void ataBMDMAAddrWriteL(PATACONTROLLER pCtl, uint32_t addr, uint32_t val)
5064{
5065 Log2(("%s: addr=%#06x val=%#010x\n", __FUNCTION__, addr, val));
5066 pCtl->BmDma.pvAddr = val & ~3;
5067}
5068
5069static void ataBMDMAAddrWriteLowWord(PATACONTROLLER pCtl, uint32_t addr, uint32_t val)
5070{
5071 Log2(("%s: addr=%#06x val=%#010x\n", __FUNCTION__, addr, val));
5072 pCtl->BmDma.pvAddr = (pCtl->BmDma.pvAddr & 0xFFFF0000) | RT_LOWORD(val & ~3);
5073
5074}
5075
5076static void ataBMDMAAddrWriteHighWord(PATACONTROLLER pCtl, uint32_t addr, uint32_t val)
5077{
5078 Log2(("%s: addr=%#06x val=%#010x\n", __FUNCTION__, addr, val));
5079 pCtl->BmDma.pvAddr = (RT_LOWORD(val) << 16) | RT_LOWORD(pCtl->BmDma.pvAddr);
5080}
5081
5082#define VAL(port, size) ( ((port) & 7) | ((size) << 3) )
5083
5084/**
5085 * Port I/O Handler for bus master DMA IN operations.
5086 * @see FNIOMIOPORTIN for details.
5087 */
5088PDMBOTHCBDECL(int) ataBMDMAIOPortRead(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t *pu32, unsigned cb)
5089{
5090 uint32_t i = (uint32_t)(uintptr_t)pvUser;
5091 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5092 PATACONTROLLER pCtl = &pThis->aCts[i];
5093 int rc;
5094
5095 rc = PDMCritSectEnter(&pCtl->lock, VINF_IOM_HC_IOPORT_READ);
5096 if (rc != VINF_SUCCESS)
5097 return rc;
5098 switch (VAL(Port, cb))
5099 {
5100 case VAL(0, 1): *pu32 = ataBMDMACmdReadB(pCtl, Port); break;
5101 case VAL(0, 2): *pu32 = ataBMDMACmdReadB(pCtl, Port); break;
5102 case VAL(2, 1): *pu32 = ataBMDMAStatusReadB(pCtl, Port); break;
5103 case VAL(2, 2): *pu32 = ataBMDMAStatusReadB(pCtl, Port); break;
5104 case VAL(4, 4): *pu32 = ataBMDMAAddrReadL(pCtl, Port); break;
5105 case VAL(0, 4):
5106 /* The SCO OpenServer tries to read 4 bytes starting from offset 0. */
5107 *pu32 = ataBMDMACmdReadB(pCtl, Port) | (ataBMDMAStatusReadB(pCtl, Port) << 16);
5108 break;
5109 default:
5110 AssertMsgFailed(("%s: Unsupported read from port %x size=%d\n", __FUNCTION__, Port, cb));
5111 PDMCritSectLeave(&pCtl->lock);
5112 return VERR_IOM_IOPORT_UNUSED;
5113 }
5114 PDMCritSectLeave(&pCtl->lock);
5115 return rc;
5116}
5117
5118/**
5119 * Port I/O Handler for bus master DMA OUT operations.
5120 * @see FNIOMIOPORTOUT for details.
5121 */
5122PDMBOTHCBDECL(int) ataBMDMAIOPortWrite(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t u32, unsigned cb)
5123{
5124 uint32_t i = (uint32_t)(uintptr_t)pvUser;
5125 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5126 PATACONTROLLER pCtl = &pThis->aCts[i];
5127 int rc;
5128
5129 rc = PDMCritSectEnter(&pCtl->lock, VINF_IOM_HC_IOPORT_WRITE);
5130 if (rc != VINF_SUCCESS)
5131 return rc;
5132 switch (VAL(Port, cb))
5133 {
5134 case VAL(0, 1):
5135#ifndef IN_RING3
5136 if (u32 & BM_CMD_START)
5137 {
5138 rc = VINF_IOM_HC_IOPORT_WRITE;
5139 break;
5140 }
5141#endif /* !IN_RING3 */
5142 ataBMDMACmdWriteB(pCtl, Port, u32);
5143 break;
5144 case VAL(2, 1): ataBMDMAStatusWriteB(pCtl, Port, u32); break;
5145 case VAL(4, 4): ataBMDMAAddrWriteL(pCtl, Port, u32); break;
5146 case VAL(4, 2): ataBMDMAAddrWriteLowWord(pCtl, Port, u32); break;
5147 case VAL(6, 2): ataBMDMAAddrWriteHighWord(pCtl, Port, u32); break;
5148 default: AssertMsgFailed(("%s: Unsupported write to port %x size=%d val=%x\n", __FUNCTION__, Port, cb, u32)); break;
5149 }
5150 PDMCritSectLeave(&pCtl->lock);
5151 return rc;
5152}
5153
5154#undef VAL
5155
5156#ifdef IN_RING3
5157
5158/**
5159 * Callback function for mapping an PCI I/O region.
5160 *
5161 * @return VBox status code.
5162 * @param pPciDev Pointer to PCI device. Use pPciDev->pDevIns to get the device instance.
5163 * @param iRegion The region number.
5164 * @param GCPhysAddress Physical address of the region. If iType is PCI_ADDRESS_SPACE_IO, this is an
5165 * I/O port, else it's a physical address.
5166 * This address is *NOT* relative to pci_mem_base like earlier!
5167 * @param enmType One of the PCI_ADDRESS_SPACE_* values.
5168 */
5169static DECLCALLBACK(int) ataBMDMAIORangeMap(PPCIDEVICE pPciDev, /*unsigned*/ int iRegion, RTGCPHYS GCPhysAddress, uint32_t cb, PCIADDRESSSPACE enmType)
5170{
5171 PCIATAState *pThis = PCIDEV_2_PCIATASTATE(pPciDev);
5172 int rc = VINF_SUCCESS;
5173 Assert(enmType == PCI_ADDRESS_SPACE_IO);
5174 Assert(iRegion == 4);
5175 AssertMsg(RT_ALIGN(GCPhysAddress, 8) == GCPhysAddress, ("Expected 8 byte alignment. GCPhysAddress=%#x\n", GCPhysAddress));
5176
5177 /* Register the port range. */
5178 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
5179 {
5180 int rc2 = PDMDevHlpIOPortRegister(pPciDev->pDevIns, (RTIOPORT)GCPhysAddress + i * 8, 8,
5181 (RTHCPTR)i, ataBMDMAIOPortWrite, ataBMDMAIOPortRead, NULL, NULL, "ATA Bus Master DMA");
5182 AssertRC(rc2);
5183 if (rc2 < rc)
5184 rc = rc2;
5185
5186 if (pThis->fGCEnabled)
5187 {
5188 rc2 = PDMDevHlpIOPortRegisterGC(pPciDev->pDevIns, (RTIOPORT)GCPhysAddress + i * 8, 8,
5189 (RTGCPTR)i, "ataBMDMAIOPortWrite", "ataBMDMAIOPortRead", NULL, NULL, "ATA Bus Master DMA");
5190 AssertRC(rc2);
5191 if (rc2 < rc)
5192 rc = rc2;
5193 }
5194 if (pThis->fR0Enabled)
5195 {
5196 rc2 = PDMDevHlpIOPortRegisterR0(pPciDev->pDevIns, (RTIOPORT)GCPhysAddress + i * 8, 8,
5197 (RTR0PTR)i, "ataBMDMAIOPortWrite", "ataBMDMAIOPortRead", NULL, NULL, "ATA Bus Master DMA");
5198 AssertRC(rc2);
5199 if (rc2 < rc)
5200 rc = rc2;
5201 }
5202 }
5203 return rc;
5204}
5205
5206
5207/**
5208 * Reset notification.
5209 *
5210 * @returns VBox status.
5211 * @param pDevIns The device instance data.
5212 */
5213static DECLCALLBACK(void) ataReset(PPDMDEVINS pDevIns)
5214{
5215 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5216
5217 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
5218 {
5219 pThis->aCts[i].iSelectedIf = 0;
5220 pThis->aCts[i].iAIOIf = 0;
5221 pThis->aCts[i].BmDma.u8Cmd = 0;
5222 /* Report that both drives present on the bus are in DMA mode. This
5223 * pretends that there is a BIOS that has set it up. Normal reset
5224 * default is 0x00. */
5225 pThis->aCts[i].BmDma.u8Status = (pThis->aCts[i].aIfs[0].pDrvBase != NULL ? BM_STATUS_D0DMA : 0)
5226 | (pThis->aCts[i].aIfs[1].pDrvBase != NULL ? BM_STATUS_D1DMA : 0);
5227 pThis->aCts[i].BmDma.pvAddr = 0;
5228
5229 pThis->aCts[i].fReset = true;
5230 pThis->aCts[i].fRedo = false;
5231 pThis->aCts[i].fRedoIdle = false;
5232 ataAsyncIOClearRequests(&pThis->aCts[i]);
5233 Log2(("%s: Ctl#%d: message to async I/O thread, reset controller\n", __FUNCTION__, i));
5234 ataAsyncIOPutRequest(&pThis->aCts[i], &ataResetARequest);
5235 ataAsyncIOPutRequest(&pThis->aCts[i], &ataResetCRequest);
5236 if (!ataWaitForAsyncIOIsIdle(&pThis->aCts[i], 30000))
5237 {
5238 PDMDevHlpVMSetRuntimeError(pDevIns, 0 /*fFlags*/, "DevATA_ASYNCBUSY",
5239 N_("The IDE async I/O thread remained busy after a reset, usually a host filesystem performance problem\n"));
5240 AssertMsgFailed(("Async I/O thread busy after reset\n"));
5241 }
5242
5243 for (uint32_t j = 0; j < RT_ELEMENTS(pThis->aCts[i].aIfs); j++)
5244 ataResetDevice(&pThis->aCts[i].aIfs[j]);
5245 }
5246}
5247
5248
5249/* -=-=-=-=-=- PCIATAState::IBase -=-=-=-=-=- */
5250
5251/**
5252 * Queries an interface to the driver.
5253 *
5254 * @returns Pointer to interface.
5255 * @returns NULL if the interface was not supported by the device.
5256 * @param pInterface Pointer to ATADevState::IBase.
5257 * @param enmInterface The requested interface identification.
5258 */
5259static DECLCALLBACK(void *) ataStatus_QueryInterface(PPDMIBASE pInterface, PDMINTERFACE enmInterface)
5260{
5261 PCIATAState *pThis = PDMIBASE_2_PCIATASTATE(pInterface);
5262 switch (enmInterface)
5263 {
5264 case PDMINTERFACE_BASE:
5265 return &pThis->IBase;
5266 case PDMINTERFACE_LED_PORTS:
5267 return &pThis->ILeds;
5268 default:
5269 return NULL;
5270 }
5271}
5272
5273
5274/* -=-=-=-=-=- PCIATAState::ILeds -=-=-=-=-=- */
5275
5276/**
5277 * Gets the pointer to the status LED of a unit.
5278 *
5279 * @returns VBox status code.
5280 * @param pInterface Pointer to the interface structure containing the called function pointer.
5281 * @param iLUN The unit which status LED we desire.
5282 * @param ppLed Where to store the LED pointer.
5283 */
5284static DECLCALLBACK(int) ataStatus_QueryStatusLed(PPDMILEDPORTS pInterface, unsigned iLUN, PPDMLED *ppLed)
5285{
5286 PCIATAState *pThis = PDMILEDPORTS_2_PCIATASTATE(pInterface);
5287 if (iLUN < 4)
5288 {
5289 switch (iLUN)
5290 {
5291 case 0: *ppLed = &pThis->aCts[0].aIfs[0].Led; break;
5292 case 1: *ppLed = &pThis->aCts[0].aIfs[1].Led; break;
5293 case 2: *ppLed = &pThis->aCts[1].aIfs[0].Led; break;
5294 case 3: *ppLed = &pThis->aCts[1].aIfs[1].Led; break;
5295 }
5296 Assert((*ppLed)->u32Magic == PDMLED_MAGIC);
5297 return VINF_SUCCESS;
5298 }
5299 return VERR_PDM_LUN_NOT_FOUND;
5300}
5301
5302
5303/* -=-=-=-=-=- ATADevState::IBase -=-=-=-=-=- */
5304
5305/**
5306 * Queries an interface to the driver.
5307 *
5308 * @returns Pointer to interface.
5309 * @returns NULL if the interface was not supported by the device.
5310 * @param pInterface Pointer to ATADevState::IBase.
5311 * @param enmInterface The requested interface identification.
5312 */
5313static DECLCALLBACK(void *) ataQueryInterface(PPDMIBASE pInterface, PDMINTERFACE enmInterface)
5314{
5315 ATADevState *pIf = PDMIBASE_2_ATASTATE(pInterface);
5316 switch (enmInterface)
5317 {
5318 case PDMINTERFACE_BASE:
5319 return &pIf->IBase;
5320 case PDMINTERFACE_BLOCK_PORT:
5321 return &pIf->IPort;
5322 case PDMINTERFACE_MOUNT_NOTIFY:
5323 return &pIf->IMountNotify;
5324 default:
5325 return NULL;
5326 }
5327}
5328
5329#endif /* IN_RING3 */
5330
5331
5332/* -=-=-=-=-=- Wrappers -=-=-=-=-=- */
5333
5334/**
5335 * Port I/O Handler for primary port range OUT operations.
5336 * @see FNIOMIOPORTOUT for details.
5337 */
5338PDMBOTHCBDECL(int) ataIOPortWrite1(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t u32, unsigned cb)
5339{
5340 uint32_t i = (uint32_t)(uintptr_t)pvUser;
5341 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5342 PATACONTROLLER pCtl = &pThis->aCts[i];
5343 int rc = VINF_SUCCESS;
5344
5345 Assert(i < 2);
5346
5347 rc = PDMCritSectEnter(&pCtl->lock, VINF_IOM_HC_IOPORT_WRITE);
5348 if (rc != VINF_SUCCESS)
5349 return rc;
5350 if (cb == 1)
5351 rc = ataIOPortWriteU8(pCtl, Port, u32);
5352 else if (Port == pCtl->IOPortBase1)
5353 {
5354 Assert(cb == 2 || cb == 4);
5355 rc = ataDataWrite(pCtl, Port, cb, (const uint8_t *)&u32);
5356 }
5357 else
5358 AssertMsgFailed(("ataIOPortWrite1: unsupported write to port %x val=%x size=%d\n", Port, u32, cb));
5359 LogBird(("ata: leaving critsect\n"));
5360 PDMCritSectLeave(&pCtl->lock);
5361 LogBird(("ata: left critsect\n"));
5362 return rc;
5363}
5364
5365
5366/**
5367 * Port I/O Handler for primary port range IN operations.
5368 * @see FNIOMIOPORTIN for details.
5369 */
5370PDMBOTHCBDECL(int) ataIOPortRead1(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t *pu32, unsigned cb)
5371{
5372 uint32_t i = (uint32_t)(uintptr_t)pvUser;
5373 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5374 PATACONTROLLER pCtl = &pThis->aCts[i];
5375 int rc = VINF_SUCCESS;
5376
5377 Assert(i < 2);
5378
5379 rc = PDMCritSectEnter(&pCtl->lock, VINF_IOM_HC_IOPORT_READ);
5380 if (rc != VINF_SUCCESS)
5381 return rc;
5382 if (cb == 1)
5383 {
5384 rc = ataIOPortReadU8(pCtl, Port, pu32);
5385 }
5386 else if (Port == pCtl->IOPortBase1)
5387 {
5388 Assert(cb == 2 || cb == 4);
5389 rc = ataDataRead(pCtl, Port, cb, (uint8_t *)pu32);
5390 if (cb == 2)
5391 *pu32 &= 0xffff;
5392 }
5393 else
5394 {
5395 AssertMsgFailed(("ataIOPortRead1: unsupported read from port %x size=%d\n", Port, cb));
5396 rc = VERR_IOM_IOPORT_UNUSED;
5397 }
5398 PDMCritSectLeave(&pCtl->lock);
5399 return rc;
5400}
5401
5402#ifndef IN_RING0 /** @todo do this in ring-0 as well. */
5403/**
5404 * Port I/O Handler for primary port range IN string operations.
5405 * @see FNIOMIOPORTINSTRING for details.
5406 */
5407PDMBOTHCBDECL(int) ataIOPortReadStr1(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, RTGCPTR *pGCPtrDst, PRTGCUINTREG pcTransfer, unsigned cb)
5408{
5409 uint32_t i = (uint32_t)(uintptr_t)pvUser;
5410 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5411 PATACONTROLLER pCtl = &pThis->aCts[i];
5412 int rc = VINF_SUCCESS;
5413
5414 Assert(i < 2);
5415
5416 rc = PDMCritSectEnter(&pCtl->lock, VINF_IOM_HC_IOPORT_READ);
5417 if (rc != VINF_SUCCESS)
5418 return rc;
5419 if (Port == pCtl->IOPortBase1)
5420 {
5421 uint32_t cTransAvailable, cTransfer = *pcTransfer, cbTransfer;
5422 RTGCPTR GCDst = *pGCPtrDst;
5423 ATADevState *s = &pCtl->aIfs[pCtl->iSelectedIf];
5424 Assert(cb == 2 || cb == 4);
5425
5426 cTransAvailable = (s->iIOBufferPIODataEnd - s->iIOBufferPIODataStart) / cb;
5427#ifndef IN_RING3
5428 /* The last transfer unit cannot be handled in GC, as it involves thread communication. */
5429 cTransAvailable--;
5430#endif /* !IN_RING3 */
5431 /* Do not handle the dummy transfer stuff here, leave it to the single-word transfers.
5432 * They are not performance-critical and generally shouldn't occur at all. */
5433 if (cTransAvailable > cTransfer)
5434 cTransAvailable = cTransfer;
5435 cbTransfer = cTransAvailable * cb;
5436
5437 rc = PGMPhysSimpleDirtyWriteGCPtr(PDMDevHlpGetVMCPU(pDevIns), GCDst, s->CTX_SUFF(pbIOBuffer) + s->iIOBufferPIODataStart, cbTransfer);
5438 Assert(rc == VINF_SUCCESS);
5439
5440 if (cbTransfer)
5441 Log3(("%s: addr=%#x val=%.*Rhxs\n", __FUNCTION__, Port, cbTransfer, s->CTX_SUFF(pbIOBuffer) + s->iIOBufferPIODataStart));
5442 s->iIOBufferPIODataStart += cbTransfer;
5443 *pGCPtrDst = (RTGCPTR)((RTGCUINTPTR)GCDst + cbTransfer);
5444 *pcTransfer = cTransfer - cTransAvailable;
5445#ifdef IN_RING3
5446 if (s->iIOBufferPIODataStart >= s->iIOBufferPIODataEnd)
5447 ataPIOTransferFinish(pCtl, s);
5448#endif /* IN_RING3 */
5449 }
5450 PDMCritSectLeave(&pCtl->lock);
5451 return rc;
5452}
5453
5454
5455/**
5456 * Port I/O Handler for primary port range OUT string operations.
5457 * @see FNIOMIOPORTOUTSTRING for details.
5458 */
5459PDMBOTHCBDECL(int) ataIOPortWriteStr1(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, RTGCPTR *pGCPtrSrc, PRTGCUINTREG pcTransfer, unsigned cb)
5460{
5461 uint32_t i = (uint32_t)(uintptr_t)pvUser;
5462 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5463 PATACONTROLLER pCtl = &pThis->aCts[i];
5464 int rc;
5465
5466 Assert(i < 2);
5467
5468 rc = PDMCritSectEnter(&pCtl->lock, VINF_IOM_HC_IOPORT_WRITE);
5469 if (rc != VINF_SUCCESS)
5470 return rc;
5471 if (Port == pCtl->IOPortBase1)
5472 {
5473 uint32_t cTransAvailable, cTransfer = *pcTransfer, cbTransfer;
5474 RTGCPTR GCSrc = *pGCPtrSrc;
5475 ATADevState *s = &pCtl->aIfs[pCtl->iSelectedIf];
5476 Assert(cb == 2 || cb == 4);
5477
5478 cTransAvailable = (s->iIOBufferPIODataEnd - s->iIOBufferPIODataStart) / cb;
5479#ifndef IN_RING3
5480 /* The last transfer unit cannot be handled in GC, as it involves thread communication. */
5481 cTransAvailable--;
5482#endif /* !IN_RING3 */
5483 /* Do not handle the dummy transfer stuff here, leave it to the single-word transfers.
5484 * They are not performance-critical and generally shouldn't occur at all. */
5485 if (cTransAvailable > cTransfer)
5486 cTransAvailable = cTransfer;
5487 cbTransfer = cTransAvailable * cb;
5488
5489 rc = PGMPhysSimpleReadGCPtr(PDMDevHlpGetVMCPU(pDevIns), s->CTX_SUFF(pbIOBuffer) + s->iIOBufferPIODataStart, GCSrc, cbTransfer);
5490 Assert(rc == VINF_SUCCESS);
5491
5492 if (cbTransfer)
5493 Log3(("%s: addr=%#x val=%.*Rhxs\n", __FUNCTION__, Port, cbTransfer, s->CTX_SUFF(pbIOBuffer) + s->iIOBufferPIODataStart));
5494 s->iIOBufferPIODataStart += cbTransfer;
5495 *pGCPtrSrc = (RTGCPTR)((RTGCUINTPTR)GCSrc + cbTransfer);
5496 *pcTransfer = cTransfer - cTransAvailable;
5497#ifdef IN_RING3
5498 if (s->iIOBufferPIODataStart >= s->iIOBufferPIODataEnd)
5499 ataPIOTransferFinish(pCtl, s);
5500#endif /* IN_RING3 */
5501 }
5502 PDMCritSectLeave(&pCtl->lock);
5503 return rc;
5504}
5505#endif /* !IN_RING0 */
5506
5507/**
5508 * Port I/O Handler for secondary port range OUT operations.
5509 * @see FNIOMIOPORTOUT for details.
5510 */
5511PDMBOTHCBDECL(int) ataIOPortWrite2(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t u32, unsigned cb)
5512{
5513 uint32_t i = (uint32_t)(uintptr_t)pvUser;
5514 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5515 PATACONTROLLER pCtl = &pThis->aCts[i];
5516 int rc;
5517
5518 Assert(i < 2);
5519
5520 if (cb != 1)
5521 return VINF_SUCCESS;
5522 rc = PDMCritSectEnter(&pCtl->lock, VINF_IOM_HC_IOPORT_WRITE);
5523 if (rc != VINF_SUCCESS)
5524 return rc;
5525 rc = ataControlWrite(pCtl, Port, u32);
5526 PDMCritSectLeave(&pCtl->lock);
5527 return rc;
5528}
5529
5530
5531/**
5532 * Port I/O Handler for secondary port range IN operations.
5533 * @see FNIOMIOPORTIN for details.
5534 */
5535PDMBOTHCBDECL(int) ataIOPortRead2(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t *pu32, unsigned cb)
5536{
5537 uint32_t i = (uint32_t)(uintptr_t)pvUser;
5538 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5539 PATACONTROLLER pCtl = &pThis->aCts[i];
5540 int rc;
5541
5542 Assert(i < 2);
5543
5544 if (cb != 1)
5545 return VERR_IOM_IOPORT_UNUSED;
5546
5547 rc = PDMCritSectEnter(&pCtl->lock, VINF_IOM_HC_IOPORT_READ);
5548 if (rc != VINF_SUCCESS)
5549 return rc;
5550 *pu32 = ataStatusRead(pCtl, Port);
5551 PDMCritSectLeave(&pCtl->lock);
5552 return VINF_SUCCESS;
5553}
5554
5555#ifdef IN_RING3
5556
5557/**
5558 * Waits for all async I/O threads to complete whatever they
5559 * are doing at the moment.
5560 *
5561 * @returns true on success.
5562 * @returns false when one or more threads is still processing.
5563 * @param pThis Pointer to the instance data.
5564 * @param cMillies How long to wait (total).
5565 */
5566static bool ataWaitForAllAsyncIOIsIdle(PPDMDEVINS pDevIns, unsigned cMillies)
5567{
5568 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5569 uint64_t u64Start;
5570 PATACONTROLLER pCtl;
5571 bool fAllIdle = false;
5572
5573 /*
5574 * Wait for any pending async operation to finish
5575 */
5576 u64Start = RTTimeMilliTS();
5577 for (;;)
5578 {
5579 /* Check all async I/O threads. */
5580 fAllIdle = true;
5581 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
5582 {
5583 pCtl = &pThis->aCts[i];
5584
5585 /*
5586 * Only check if the thread is idling if the request mutex is set up.
5587 * It is possible that the creation of the first controller failed and that
5588 * the request mutex is not initialized on the second one yet
5589 * But it would be called without the following check.
5590 */
5591 if (pCtl->AsyncIORequestMutex != NIL_RTSEMEVENT)
5592 {
5593 fAllIdle &= ataAsyncIOIsIdle(pCtl, false);
5594 if (!fAllIdle)
5595 break;
5596 }
5597 }
5598 if ( fAllIdle
5599 || RTTimeMilliTS() - u64Start >= cMillies)
5600 break;
5601
5602 /* Sleep for a bit. */
5603 RTThreadSleep(100);
5604 }
5605
5606 if (!fAllIdle)
5607 LogRel(("PIIX3 ATA: Ctl#%d is still executing, DevSel=%d AIOIf=%d CmdIf0=%#04x CmdIf1=%#04x\n",
5608 ATACONTROLLER_IDX(pCtl), pCtl->iSelectedIf, pCtl->iAIOIf,
5609 pCtl->aIfs[0].uATARegCommand, pCtl->aIfs[1].uATARegCommand));
5610
5611 return fAllIdle;
5612}
5613
5614
5615DECLINLINE(void) ataRelocBuffer(PPDMDEVINS pDevIns, ATADevState *s)
5616{
5617 if (s->pbIOBufferR3)
5618 s->pbIOBufferRC = MMHyperR3ToRC(PDMDevHlpGetVM(pDevIns), s->pbIOBufferR3);
5619}
5620
5621
5622/**
5623 * @copydoc FNPDMDEVRELOCATE
5624 */
5625static DECLCALLBACK(void) ataRelocate(PPDMDEVINS pDevIns, RTGCINTPTR offDelta)
5626{
5627 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5628
5629 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
5630 {
5631 pThis->aCts[i].pDevInsRC += offDelta;
5632 pThis->aCts[i].aIfs[0].pDevInsRC += offDelta;
5633 pThis->aCts[i].aIfs[0].pControllerRC += offDelta;
5634 ataRelocBuffer(pDevIns, &pThis->aCts[i].aIfs[0]);
5635 pThis->aCts[i].aIfs[1].pDevInsRC += offDelta;
5636 pThis->aCts[i].aIfs[1].pControllerRC += offDelta;
5637 ataRelocBuffer(pDevIns, &pThis->aCts[i].aIfs[1]);
5638 }
5639}
5640
5641
5642/**
5643 * Destroy a driver instance.
5644 *
5645 * Most VM resources are freed by the VM. This callback is provided so that any non-VM
5646 * resources can be freed correctly.
5647 *
5648 * @param pDevIns The device instance data.
5649 */
5650static DECLCALLBACK(int) ataDestruct(PPDMDEVINS pDevIns)
5651{
5652 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5653 int rc;
5654
5655 Log(("%s:\n", __FUNCTION__));
5656
5657 /*
5658 * Terminate all async helper threads
5659 */
5660 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
5661 {
5662 if (pThis->aCts[i].AsyncIOThread != NIL_RTTHREAD)
5663 {
5664 ASMAtomicXchgU32(&pThis->aCts[i].fShutdown, true);
5665 rc = RTSemEventSignal(pThis->aCts[i].AsyncIOSem);
5666 AssertRC(rc);
5667 }
5668 }
5669
5670 /*
5671 * Wait for them to complete whatever they are doing and then
5672 * for them to terminate.
5673 */
5674 if (ataWaitForAllAsyncIOIsIdle(pDevIns, 20000))
5675 {
5676 for (unsigned i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
5677 {
5678 rc = RTThreadWait(pThis->aCts[i].AsyncIOThread, 30000 /* 30 s*/, NULL);
5679 AssertMsgRC(rc || rc == VERR_INVALID_HANDLE, ("rc=%Rrc i=%d\n", rc, i));
5680 }
5681 }
5682 else
5683 AssertMsgFailed(("Async I/O is still busy!\n"));
5684
5685 /*
5686 * Now the request mutexes are no longer needed. Free resources.
5687 */
5688 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
5689 {
5690 if (pThis->aCts[i].AsyncIORequestMutex != NIL_RTSEMEVENT)
5691 {
5692 RTSemMutexDestroy(pThis->aCts[i].AsyncIORequestMutex);
5693 pThis->aCts[i].AsyncIORequestMutex = NIL_RTSEMEVENT;
5694 }
5695 }
5696 return VINF_SUCCESS;
5697}
5698
5699
5700/**
5701 * Detach notification.
5702 *
5703 * The DVD drive has been unplugged.
5704 *
5705 * @param pDevIns The device instance.
5706 * @param iLUN The logical unit which is being detached.
5707 */
5708static DECLCALLBACK(void) ataDetach(PPDMDEVINS pDevIns, unsigned iLUN)
5709{
5710 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5711 PATACONTROLLER pCtl;
5712 ATADevState *pIf;
5713 unsigned iController;
5714 unsigned iInterface;
5715
5716 /*
5717 * Locate the controller and stuff.
5718 */
5719 iController = iLUN / RT_ELEMENTS(pThis->aCts[0].aIfs);
5720 AssertReleaseMsg(iController < RT_ELEMENTS(pThis->aCts), ("iController=%d iLUN=%d\n", iController, iLUN));
5721 pCtl = &pThis->aCts[iController];
5722
5723 iInterface = iLUN % RT_ELEMENTS(pThis->aCts[0].aIfs);
5724 pIf = &pCtl->aIfs[iInterface];
5725
5726 /*
5727 * Zero some important members.
5728 */
5729 pIf->pDrvBase = NULL;
5730 pIf->pDrvBlock = NULL;
5731 pIf->pDrvBlockBios = NULL;
5732 pIf->pDrvMount = NULL;
5733
5734 /*
5735 * In case there was a medium inserted.
5736 */
5737 ataMediumRemoved(pIf);
5738}
5739
5740
5741/**
5742 * Configure a LUN.
5743 *
5744 * @returns VBox status code.
5745 * @param pDevIns The device instance.
5746 * @param pIf The ATA unit state.
5747 */
5748static int ataConfigLun(PPDMDEVINS pDevIns, ATADevState *pIf)
5749{
5750 int rc = VINF_SUCCESS;
5751 PDMBLOCKTYPE enmType;
5752
5753 /*
5754 * Query Block, Bios and Mount interfaces.
5755 */
5756 pIf->pDrvBlock = (PDMIBLOCK *)pIf->pDrvBase->pfnQueryInterface(pIf->pDrvBase, PDMINTERFACE_BLOCK);
5757 if (!pIf->pDrvBlock)
5758 {
5759 AssertMsgFailed(("Configuration error: LUN#%d hasn't a block interface!\n", pIf->iLUN));
5760 return VERR_PDM_MISSING_INTERFACE;
5761 }
5762
5763 /** @todo implement the BIOS invisible code path. */
5764 pIf->pDrvBlockBios = (PDMIBLOCKBIOS *)pIf->pDrvBase->pfnQueryInterface(pIf->pDrvBase, PDMINTERFACE_BLOCK_BIOS);
5765 if (!pIf->pDrvBlockBios)
5766 {
5767 AssertMsgFailed(("Configuration error: LUN#%d hasn't a block BIOS interface!\n", pIf->iLUN));
5768 return VERR_PDM_MISSING_INTERFACE;
5769 }
5770 pIf->pDrvMount = (PDMIMOUNT *)pIf->pDrvBase->pfnQueryInterface(pIf->pDrvBase, PDMINTERFACE_MOUNT);
5771
5772 /*
5773 * Validate type.
5774 */
5775 enmType = pIf->pDrvBlock->pfnGetType(pIf->pDrvBlock);
5776 if ( enmType != PDMBLOCKTYPE_CDROM
5777 && enmType != PDMBLOCKTYPE_DVD
5778 && enmType != PDMBLOCKTYPE_HARD_DISK)
5779 {
5780 AssertMsgFailed(("Configuration error: LUN#%d isn't a disk or cd/dvd-rom. enmType=%d\n", pIf->iLUN, enmType));
5781 return VERR_PDM_UNSUPPORTED_BLOCK_TYPE;
5782 }
5783 if ( ( enmType == PDMBLOCKTYPE_DVD
5784 || enmType == PDMBLOCKTYPE_CDROM)
5785 && !pIf->pDrvMount)
5786 {
5787 AssertMsgFailed(("Internal error: cdrom without a mountable interface, WTF???!\n"));
5788 return VERR_INTERNAL_ERROR;
5789 }
5790 pIf->fATAPI = enmType == PDMBLOCKTYPE_DVD || enmType == PDMBLOCKTYPE_CDROM;
5791 pIf->fATAPIPassthrough = pIf->fATAPI ? (pIf->pDrvBlock->pfnSendCmd != NULL) : false;
5792
5793 /*
5794 * Allocate I/O buffer.
5795 */
5796 PVM pVM = PDMDevHlpGetVM(pDevIns);
5797 if (pIf->cbIOBuffer)
5798 {
5799 /* Buffer is (probably) already allocated. Validate the fields,
5800 * because memory corruption can also overwrite pIf->cbIOBuffer. */
5801 if (pIf->fATAPI)
5802 AssertRelease(pIf->cbIOBuffer == _128K);
5803 else
5804 AssertRelease(pIf->cbIOBuffer == ATA_MAX_MULT_SECTORS * 512);
5805 Assert(pIf->pbIOBufferR3);
5806 Assert(pIf->pbIOBufferR0 == MMHyperR3ToR0(pVM, pIf->pbIOBufferR3));
5807 Assert(pIf->pbIOBufferRC == MMHyperR3ToRC(pVM, pIf->pbIOBufferR3));
5808 }
5809 else
5810 {
5811 if (pIf->fATAPI)
5812 pIf->cbIOBuffer = _128K;
5813 else
5814 pIf->cbIOBuffer = ATA_MAX_MULT_SECTORS * 512;
5815 Assert(!pIf->pbIOBufferR3);
5816 rc = MMR3HyperAllocOnceNoRel(pVM, pIf->cbIOBuffer, 0, MM_TAG_PDM_DEVICE_USER, (void **)&pIf->pbIOBufferR3);
5817 if (RT_FAILURE(rc))
5818 return VERR_NO_MEMORY;
5819 pIf->pbIOBufferR0 = MMHyperR3ToR0(pVM, pIf->pbIOBufferR3);
5820 pIf->pbIOBufferRC = MMHyperR3ToRC(pVM, pIf->pbIOBufferR3);
5821 }
5822
5823 /*
5824 * Init geometry (only for non-CD/DVD media).
5825 */
5826 if (pIf->fATAPI)
5827 {
5828 pIf->cTotalSectors = pIf->pDrvBlock->pfnGetSize(pIf->pDrvBlock) / 2048;
5829 pIf->PCHSGeometry.cCylinders = 0; /* dummy */
5830 pIf->PCHSGeometry.cHeads = 0; /* dummy */
5831 pIf->PCHSGeometry.cSectors = 0; /* dummy */
5832 LogRel(("PIIX3 ATA: LUN#%d: CD/DVD, total number of sectors %Ld, passthrough %s\n", pIf->iLUN, pIf->cTotalSectors, (pIf->fATAPIPassthrough ? "enabled" : "disabled")));
5833 }
5834 else
5835 {
5836 pIf->cTotalSectors = pIf->pDrvBlock->pfnGetSize(pIf->pDrvBlock) / 512;
5837 rc = pIf->pDrvBlockBios->pfnGetPCHSGeometry(pIf->pDrvBlockBios,
5838 &pIf->PCHSGeometry);
5839 if (rc == VERR_PDM_MEDIA_NOT_MOUNTED)
5840 {
5841 pIf->PCHSGeometry.cCylinders = 0;
5842 pIf->PCHSGeometry.cHeads = 16; /*??*/
5843 pIf->PCHSGeometry.cSectors = 63; /*??*/
5844 }
5845 else if (rc == VERR_PDM_GEOMETRY_NOT_SET)
5846 {
5847 pIf->PCHSGeometry.cCylinders = 0; /* autodetect marker */
5848 rc = VINF_SUCCESS;
5849 }
5850 AssertRC(rc);
5851
5852 if ( pIf->PCHSGeometry.cCylinders == 0
5853 || pIf->PCHSGeometry.cHeads == 0
5854 || pIf->PCHSGeometry.cSectors == 0
5855 )
5856 {
5857 uint64_t cCylinders = pIf->cTotalSectors / (16 * 63);
5858 pIf->PCHSGeometry.cCylinders = RT_MAX(RT_MIN(cCylinders, 16383), 1);
5859 pIf->PCHSGeometry.cHeads = 16;
5860 pIf->PCHSGeometry.cSectors = 63;
5861 /* Set the disk geometry information. Ignore errors. */
5862 pIf->pDrvBlockBios->pfnSetPCHSGeometry(pIf->pDrvBlockBios,
5863 &pIf->PCHSGeometry);
5864 rc = VINF_SUCCESS;
5865 }
5866 LogRel(("PIIX3 ATA: LUN#%d: disk, PCHS=%u/%u/%u, total number of sectors %Ld\n", pIf->iLUN, pIf->PCHSGeometry.cCylinders, pIf->PCHSGeometry.cHeads, pIf->PCHSGeometry.cSectors, pIf->cTotalSectors));
5867 }
5868 return rc;
5869}
5870
5871
5872/**
5873 * Attach command.
5874 *
5875 * This is called when we change block driver for the DVD drive.
5876 *
5877 * @returns VBox status code.
5878 * @param pDevIns The device instance.
5879 * @param iLUN The logical unit which is being detached.
5880 */
5881static DECLCALLBACK(int) ataAttach(PPDMDEVINS pDevIns, unsigned iLUN)
5882{
5883 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5884 PATACONTROLLER pCtl;
5885 ATADevState *pIf;
5886 int rc;
5887 unsigned iController;
5888 unsigned iInterface;
5889
5890 /*
5891 * Locate the controller and stuff.
5892 */
5893 iController = iLUN / RT_ELEMENTS(pThis->aCts[0].aIfs);
5894 AssertReleaseMsg(iController < RT_ELEMENTS(pThis->aCts), ("iController=%d iLUN=%d\n", iController, iLUN));
5895 pCtl = &pThis->aCts[iController];
5896
5897 iInterface = iLUN % RT_ELEMENTS(pThis->aCts[0].aIfs);
5898 pIf = &pCtl->aIfs[iInterface];
5899
5900 /* the usual paranoia */
5901 AssertRelease(!pIf->pDrvBase);
5902 AssertRelease(!pIf->pDrvBlock);
5903 Assert(ATADEVSTATE_2_CONTROLLER(pIf) == pCtl);
5904 Assert(pIf->iLUN == iLUN);
5905
5906 /*
5907 * Try attach the block device and get the interfaces,
5908 * required as well as optional.
5909 */
5910 rc = PDMDevHlpDriverAttach(pDevIns, pIf->iLUN, &pIf->IBase, &pIf->pDrvBase, NULL);
5911 if (RT_SUCCESS(rc))
5912 {
5913 rc = ataConfigLun(pDevIns, pIf);
5914 /*
5915 * In case there is a medium inserted.
5916 */
5917 ataMediumInserted(pIf);
5918 }
5919 else
5920 AssertMsgFailed(("Failed to attach LUN#%d. rc=%Rrc\n", pIf->iLUN, rc));
5921
5922 if (RT_FAILURE(rc))
5923 {
5924 pIf->pDrvBase = NULL;
5925 pIf->pDrvBlock = NULL;
5926 }
5927 return rc;
5928}
5929
5930
5931/**
5932 * Suspend notification.
5933 *
5934 * @returns VBox status.
5935 * @param pDevIns The device instance data.
5936 */
5937static DECLCALLBACK(void) ataSuspend(PPDMDEVINS pDevIns)
5938{
5939 Log(("%s:\n", __FUNCTION__));
5940 if (!ataWaitForAllAsyncIOIsIdle(pDevIns, 20000))
5941 AssertMsgFailed(("Async I/O didn't stop in 20 seconds!\n"));
5942 return;
5943}
5944
5945
5946/**
5947 * Resume notification.
5948 *
5949 * @returns VBox status.
5950 * @param pDevIns The device instance data.
5951 */
5952static DECLCALLBACK(void) ataResume(PPDMDEVINS pDevIns)
5953{
5954 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5955 int rc;
5956
5957 Log(("%s:\n", __FUNCTION__));
5958 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
5959 {
5960 if (pThis->aCts[i].fRedo && pThis->aCts[i].fRedoIdle)
5961 {
5962 rc = RTSemEventSignal(pThis->aCts[i].SuspendIOSem);
5963 AssertRC(rc);
5964 }
5965 }
5966 return;
5967}
5968
5969
5970/**
5971 * Power Off notification.
5972 *
5973 * @returns VBox status.
5974 * @param pDevIns The device instance data.
5975 */
5976static DECLCALLBACK(void) ataPowerOff(PPDMDEVINS pDevIns)
5977{
5978 Log(("%s:\n", __FUNCTION__));
5979 if (!ataWaitForAllAsyncIOIsIdle(pDevIns, 20000))
5980 AssertMsgFailed(("Async I/O didn't stop in 20 seconds!\n"));
5981 return;
5982}
5983
5984
5985/**
5986 * Prepare state save and load operation.
5987 *
5988 * @returns VBox status code.
5989 * @param pDevIns Device instance of the device which registered the data unit.
5990 * @param pSSM SSM operation handle.
5991 */
5992static DECLCALLBACK(int) ataSaveLoadPrep(PPDMDEVINS pDevIns, PSSMHANDLE pSSM)
5993{
5994 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5995
5996 /* sanity - the suspend notification will wait on the async stuff. */
5997 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
5998 {
5999 Assert(ataAsyncIOIsIdle(&pThis->aCts[i], false));
6000 if (!ataAsyncIOIsIdle(&pThis->aCts[i], false))
6001 return VERR_SSM_IDE_ASYNC_TIMEOUT;
6002 }
6003 return VINF_SUCCESS;
6004}
6005
6006
6007/**
6008 * Saves a state of the ATA device.
6009 *
6010 * @returns VBox status code.
6011 * @param pDevIns The device instance.
6012 * @param pSSMHandle The handle to save the state to.
6013 */
6014static DECLCALLBACK(int) ataSaveExec(PPDMDEVINS pDevIns, PSSMHANDLE pSSMHandle)
6015{
6016 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
6017
6018 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
6019 {
6020 SSMR3PutU8(pSSMHandle, pThis->aCts[i].iSelectedIf);
6021 SSMR3PutU8(pSSMHandle, pThis->aCts[i].iAIOIf);
6022 SSMR3PutU8(pSSMHandle, pThis->aCts[i].uAsyncIOState);
6023 SSMR3PutBool(pSSMHandle, pThis->aCts[i].fChainedTransfer);
6024 SSMR3PutBool(pSSMHandle, pThis->aCts[i].fReset);
6025 SSMR3PutBool(pSSMHandle, pThis->aCts[i].fRedo);
6026 SSMR3PutBool(pSSMHandle, pThis->aCts[i].fRedoIdle);
6027 SSMR3PutBool(pSSMHandle, pThis->aCts[i].fRedoDMALastDesc);
6028 SSMR3PutMem(pSSMHandle, &pThis->aCts[i].BmDma, sizeof(pThis->aCts[i].BmDma));
6029 SSMR3PutGCPhys32(pSSMHandle, pThis->aCts[i].pFirstDMADesc);
6030 SSMR3PutGCPhys32(pSSMHandle, pThis->aCts[i].pLastDMADesc);
6031 SSMR3PutGCPhys32(pSSMHandle, pThis->aCts[i].pRedoDMABuffer);
6032 SSMR3PutU32(pSSMHandle, pThis->aCts[i].cbRedoDMABuffer);
6033
6034 for (uint32_t j = 0; j < RT_ELEMENTS(pThis->aCts[i].aIfs); j++)
6035 {
6036 SSMR3PutBool(pSSMHandle, pThis->aCts[i].aIfs[j].fLBA48);
6037 SSMR3PutBool(pSSMHandle, pThis->aCts[i].aIfs[j].fATAPI);
6038 SSMR3PutBool(pSSMHandle, pThis->aCts[i].aIfs[j].fIrqPending);
6039 SSMR3PutU8(pSSMHandle, pThis->aCts[i].aIfs[j].cMultSectors);
6040 SSMR3PutU32(pSSMHandle, pThis->aCts[i].aIfs[j].PCHSGeometry.cCylinders);
6041 SSMR3PutU32(pSSMHandle, pThis->aCts[i].aIfs[j].PCHSGeometry.cHeads);
6042 SSMR3PutU32(pSSMHandle, pThis->aCts[i].aIfs[j].PCHSGeometry.cSectors);
6043 SSMR3PutU32(pSSMHandle, pThis->aCts[i].aIfs[j].cSectorsPerIRQ);
6044 SSMR3PutU64(pSSMHandle, pThis->aCts[i].aIfs[j].cTotalSectors);
6045 SSMR3PutU8(pSSMHandle, pThis->aCts[i].aIfs[j].uATARegFeature);
6046 SSMR3PutU8(pSSMHandle, pThis->aCts[i].aIfs[j].uATARegFeatureHOB);
6047 SSMR3PutU8(pSSMHandle, pThis->aCts[i].aIfs[j].uATARegError);
6048 SSMR3PutU8(pSSMHandle, pThis->aCts[i].aIfs[j].uATARegNSector);
6049 SSMR3PutU8(pSSMHandle, pThis->aCts[i].aIfs[j].uATARegNSectorHOB);
6050 SSMR3PutU8(pSSMHandle, pThis->aCts[i].aIfs[j].uATARegSector);
6051 SSMR3PutU8(pSSMHandle, pThis->aCts[i].aIfs[j].uATARegSectorHOB);
6052 SSMR3PutU8(pSSMHandle, pThis->aCts[i].aIfs[j].uATARegLCyl);
6053 SSMR3PutU8(pSSMHandle, pThis->aCts[i].aIfs[j].uATARegLCylHOB);
6054 SSMR3PutU8(pSSMHandle, pThis->aCts[i].aIfs[j].uATARegHCyl);
6055 SSMR3PutU8(pSSMHandle, pThis->aCts[i].aIfs[j].uATARegHCylHOB);
6056 SSMR3PutU8(pSSMHandle, pThis->aCts[i].aIfs[j].uATARegSelect);
6057 SSMR3PutU8(pSSMHandle, pThis->aCts[i].aIfs[j].uATARegStatus);
6058 SSMR3PutU8(pSSMHandle, pThis->aCts[i].aIfs[j].uATARegCommand);
6059 SSMR3PutU8(pSSMHandle, pThis->aCts[i].aIfs[j].uATARegDevCtl);
6060 SSMR3PutU8(pSSMHandle, pThis->aCts[i].aIfs[j].uATATransferMode);
6061 SSMR3PutU8(pSSMHandle, pThis->aCts[i].aIfs[j].uTxDir);
6062 SSMR3PutU8(pSSMHandle, pThis->aCts[i].aIfs[j].iBeginTransfer);
6063 SSMR3PutU8(pSSMHandle, pThis->aCts[i].aIfs[j].iSourceSink);
6064 SSMR3PutBool(pSSMHandle, pThis->aCts[i].aIfs[j].fDMA);
6065 SSMR3PutBool(pSSMHandle, pThis->aCts[i].aIfs[j].fATAPITransfer);
6066 SSMR3PutU32(pSSMHandle, pThis->aCts[i].aIfs[j].cbTotalTransfer);
6067 SSMR3PutU32(pSSMHandle, pThis->aCts[i].aIfs[j].cbElementaryTransfer);
6068 SSMR3PutU32(pSSMHandle, pThis->aCts[i].aIfs[j].iIOBufferCur);
6069 SSMR3PutU32(pSSMHandle, pThis->aCts[i].aIfs[j].iIOBufferEnd);
6070 SSMR3PutU32(pSSMHandle, pThis->aCts[i].aIfs[j].iIOBufferPIODataStart);
6071 SSMR3PutU32(pSSMHandle, pThis->aCts[i].aIfs[j].iIOBufferPIODataEnd);
6072 SSMR3PutU32(pSSMHandle, pThis->aCts[i].aIfs[j].iATAPILBA);
6073 SSMR3PutU32(pSSMHandle, pThis->aCts[i].aIfs[j].cbATAPISector);
6074 SSMR3PutMem(pSSMHandle, &pThis->aCts[i].aIfs[j].aATAPICmd, sizeof(pThis->aCts[i].aIfs[j].aATAPICmd));
6075 SSMR3PutMem(pSSMHandle, &pThis->aCts[i].aIfs[j].abATAPISense, sizeof(pThis->aCts[i].aIfs[j].abATAPISense));
6076 SSMR3PutU8(pSSMHandle, pThis->aCts[i].aIfs[j].cNotifiedMediaChange);
6077 SSMR3PutU32(pSSMHandle, pThis->aCts[i].aIfs[j].MediaEventStatus);
6078 SSMR3PutMem(pSSMHandle, &pThis->aCts[i].aIfs[j].Led, sizeof(pThis->aCts[i].aIfs[j].Led));
6079 SSMR3PutU32(pSSMHandle, pThis->aCts[i].aIfs[j].cbIOBuffer);
6080 if (pThis->aCts[i].aIfs[j].cbIOBuffer)
6081 SSMR3PutMem(pSSMHandle, pThis->aCts[i].aIfs[j].CTX_SUFF(pbIOBuffer), pThis->aCts[i].aIfs[j].cbIOBuffer);
6082 else
6083 Assert(pThis->aCts[i].aIfs[j].CTX_SUFF(pbIOBuffer) == NULL);
6084 }
6085 }
6086 SSMR3PutU8(pSSMHandle, pThis->u8Type);
6087
6088 return SSMR3PutU32(pSSMHandle, ~0); /* sanity/terminator */
6089}
6090
6091
6092/**
6093 * Loads a saved ATA device state.
6094 *
6095 * @returns VBox status code.
6096 * @param pDevIns The device instance.
6097 * @param pSSMHandle The handle to the saved state.
6098 * @param u32Version The data unit version number.
6099 */
6100static DECLCALLBACK(int) ataLoadExec(PPDMDEVINS pDevIns, PSSMHANDLE pSSMHandle, uint32_t u32Version)
6101{
6102 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
6103 int rc;
6104 uint32_t u32;
6105
6106 if ( u32Version != ATA_SAVED_STATE_VERSION
6107 && u32Version != ATA_SAVED_STATE_VERSION_WITHOUT_FULL_SENSE
6108 && u32Version != ATA_SAVED_STATE_VERSION_WITHOUT_EVENT_STATUS
6109 && u32Version != ATA_SAVED_STATE_VERSION_WITH_BOOL_TYPE)
6110 {
6111 AssertMsgFailed(("u32Version=%d\n", u32Version));
6112 return VERR_SSM_UNSUPPORTED_DATA_UNIT_VERSION;
6113 }
6114
6115 /*
6116 * Restore valid parts of the PCIATAState structure
6117 */
6118 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
6119 {
6120 /* integrity check */
6121 if (!ataAsyncIOIsIdle(&pThis->aCts[i], false))
6122 {
6123 AssertMsgFailed(("Async I/O for controller %d is active\n", i));
6124 rc = VERR_SSM_DATA_UNIT_FORMAT_CHANGED;
6125 return rc;
6126 }
6127
6128 SSMR3GetU8(pSSMHandle, &pThis->aCts[i].iSelectedIf);
6129 SSMR3GetU8(pSSMHandle, &pThis->aCts[i].iAIOIf);
6130 SSMR3GetU8(pSSMHandle, &pThis->aCts[i].uAsyncIOState);
6131 SSMR3GetBool(pSSMHandle, &pThis->aCts[i].fChainedTransfer);
6132 SSMR3GetBool(pSSMHandle, (bool *)&pThis->aCts[i].fReset);
6133 SSMR3GetBool(pSSMHandle, (bool *)&pThis->aCts[i].fRedo);
6134 SSMR3GetBool(pSSMHandle, (bool *)&pThis->aCts[i].fRedoIdle);
6135 SSMR3GetBool(pSSMHandle, (bool *)&pThis->aCts[i].fRedoDMALastDesc);
6136 SSMR3GetMem(pSSMHandle, &pThis->aCts[i].BmDma, sizeof(pThis->aCts[i].BmDma));
6137 SSMR3GetGCPhys32(pSSMHandle, &pThis->aCts[i].pFirstDMADesc);
6138 SSMR3GetGCPhys32(pSSMHandle, &pThis->aCts[i].pLastDMADesc);
6139 SSMR3GetGCPhys32(pSSMHandle, &pThis->aCts[i].pRedoDMABuffer);
6140 SSMR3GetU32(pSSMHandle, &pThis->aCts[i].cbRedoDMABuffer);
6141
6142 for (uint32_t j = 0; j < RT_ELEMENTS(pThis->aCts[i].aIfs); j++)
6143 {
6144 SSMR3GetBool(pSSMHandle, &pThis->aCts[i].aIfs[j].fLBA48);
6145 SSMR3GetBool(pSSMHandle, &pThis->aCts[i].aIfs[j].fATAPI);
6146 SSMR3GetBool(pSSMHandle, &pThis->aCts[i].aIfs[j].fIrqPending);
6147 SSMR3GetU8(pSSMHandle, &pThis->aCts[i].aIfs[j].cMultSectors);
6148 SSMR3GetU32(pSSMHandle, &pThis->aCts[i].aIfs[j].PCHSGeometry.cCylinders);
6149 SSMR3GetU32(pSSMHandle, &pThis->aCts[i].aIfs[j].PCHSGeometry.cHeads);
6150 SSMR3GetU32(pSSMHandle, &pThis->aCts[i].aIfs[j].PCHSGeometry.cSectors);
6151 SSMR3GetU32(pSSMHandle, &pThis->aCts[i].aIfs[j].cSectorsPerIRQ);
6152 SSMR3GetU64(pSSMHandle, &pThis->aCts[i].aIfs[j].cTotalSectors);
6153 SSMR3GetU8(pSSMHandle, &pThis->aCts[i].aIfs[j].uATARegFeature);
6154 SSMR3GetU8(pSSMHandle, &pThis->aCts[i].aIfs[j].uATARegFeatureHOB);
6155 SSMR3GetU8(pSSMHandle, &pThis->aCts[i].aIfs[j].uATARegError);
6156 SSMR3GetU8(pSSMHandle, &pThis->aCts[i].aIfs[j].uATARegNSector);
6157 SSMR3GetU8(pSSMHandle, &pThis->aCts[i].aIfs[j].uATARegNSectorHOB);
6158 SSMR3GetU8(pSSMHandle, &pThis->aCts[i].aIfs[j].uATARegSector);
6159 SSMR3GetU8(pSSMHandle, &pThis->aCts[i].aIfs[j].uATARegSectorHOB);
6160 SSMR3GetU8(pSSMHandle, &pThis->aCts[i].aIfs[j].uATARegLCyl);
6161 SSMR3GetU8(pSSMHandle, &pThis->aCts[i].aIfs[j].uATARegLCylHOB);
6162 SSMR3GetU8(pSSMHandle, &pThis->aCts[i].aIfs[j].uATARegHCyl);
6163 SSMR3GetU8(pSSMHandle, &pThis->aCts[i].aIfs[j].uATARegHCylHOB);
6164 SSMR3GetU8(pSSMHandle, &pThis->aCts[i].aIfs[j].uATARegSelect);
6165 SSMR3GetU8(pSSMHandle, &pThis->aCts[i].aIfs[j].uATARegStatus);
6166 SSMR3GetU8(pSSMHandle, &pThis->aCts[i].aIfs[j].uATARegCommand);
6167 SSMR3GetU8(pSSMHandle, &pThis->aCts[i].aIfs[j].uATARegDevCtl);
6168 SSMR3GetU8(pSSMHandle, &pThis->aCts[i].aIfs[j].uATATransferMode);
6169 SSMR3GetU8(pSSMHandle, &pThis->aCts[i].aIfs[j].uTxDir);
6170 SSMR3GetU8(pSSMHandle, &pThis->aCts[i].aIfs[j].iBeginTransfer);
6171 SSMR3GetU8(pSSMHandle, &pThis->aCts[i].aIfs[j].iSourceSink);
6172 SSMR3GetBool(pSSMHandle, &pThis->aCts[i].aIfs[j].fDMA);
6173 SSMR3GetBool(pSSMHandle, &pThis->aCts[i].aIfs[j].fATAPITransfer);
6174 SSMR3GetU32(pSSMHandle, &pThis->aCts[i].aIfs[j].cbTotalTransfer);
6175 SSMR3GetU32(pSSMHandle, &pThis->aCts[i].aIfs[j].cbElementaryTransfer);
6176 SSMR3GetU32(pSSMHandle, &pThis->aCts[i].aIfs[j].iIOBufferCur);
6177 SSMR3GetU32(pSSMHandle, &pThis->aCts[i].aIfs[j].iIOBufferEnd);
6178 SSMR3GetU32(pSSMHandle, &pThis->aCts[i].aIfs[j].iIOBufferPIODataStart);
6179 SSMR3GetU32(pSSMHandle, &pThis->aCts[i].aIfs[j].iIOBufferPIODataEnd);
6180 SSMR3GetU32(pSSMHandle, &pThis->aCts[i].aIfs[j].iATAPILBA);
6181 SSMR3GetU32(pSSMHandle, &pThis->aCts[i].aIfs[j].cbATAPISector);
6182 SSMR3GetMem(pSSMHandle, &pThis->aCts[i].aIfs[j].aATAPICmd, sizeof(pThis->aCts[i].aIfs[j].aATAPICmd));
6183 if (u32Version > ATA_SAVED_STATE_VERSION_WITHOUT_FULL_SENSE)
6184 {
6185 SSMR3GetMem(pSSMHandle, pThis->aCts[i].aIfs[j].abATAPISense, sizeof(pThis->aCts[i].aIfs[j].abATAPISense));
6186 }
6187 else
6188 {
6189 uint8_t uATAPISenseKey, uATAPIASC;
6190 memset(pThis->aCts[i].aIfs[j].abATAPISense, '\0', sizeof(pThis->aCts[i].aIfs[j].abATAPISense));
6191 pThis->aCts[i].aIfs[j].abATAPISense[0] = 0x70 | (1 << 7);
6192 pThis->aCts[i].aIfs[j].abATAPISense[7] = 10;
6193 SSMR3GetU8(pSSMHandle, &uATAPISenseKey);
6194 SSMR3GetU8(pSSMHandle, &uATAPIASC);
6195 pThis->aCts[i].aIfs[j].abATAPISense[2] = uATAPISenseKey & 0x0f;
6196 pThis->aCts[i].aIfs[j].abATAPISense[12] = uATAPIASC;
6197 }
6198 /** @todo triple-check this hack after passthrough is working */
6199 SSMR3GetU8(pSSMHandle, &pThis->aCts[i].aIfs[j].cNotifiedMediaChange);
6200 if (u32Version > ATA_SAVED_STATE_VERSION_WITHOUT_EVENT_STATUS)
6201 SSMR3GetU32(pSSMHandle, (uint32_t*)&pThis->aCts[i].aIfs[j].MediaEventStatus);
6202 else
6203 pThis->aCts[i].aIfs[j].MediaEventStatus = ATA_EVENT_STATUS_UNCHANGED;
6204 SSMR3GetMem(pSSMHandle, &pThis->aCts[i].aIfs[j].Led, sizeof(pThis->aCts[i].aIfs[j].Led));
6205 SSMR3GetU32(pSSMHandle, &pThis->aCts[i].aIfs[j].cbIOBuffer);
6206 if (pThis->aCts[i].aIfs[j].cbIOBuffer)
6207 {
6208 if (pThis->aCts[i].aIfs[j].CTX_SUFF(pbIOBuffer))
6209 SSMR3GetMem(pSSMHandle, pThis->aCts[i].aIfs[j].CTX_SUFF(pbIOBuffer), pThis->aCts[i].aIfs[j].cbIOBuffer);
6210 else
6211 {
6212 LogRel(("ATA: No buffer for %d/%d\n", i, j));
6213 if (SSMR3HandleGetAfter(pSSMHandle) != SSMAFTER_DEBUG_IT)
6214 return VERR_SSM_LOAD_CONFIG_MISMATCH;
6215
6216 /* skip the buffer if we're loading for the debugger / animator. */
6217 uint8_t u8Ignored;
6218 size_t cbLeft = pThis->aCts[i].aIfs[j].cbIOBuffer;
6219 while (cbLeft-- > 0)
6220 SSMR3GetU8(pSSMHandle, &u8Ignored);
6221 }
6222 }
6223 else
6224 Assert(pThis->aCts[i].aIfs[j].CTX_SUFF(pbIOBuffer) == NULL);
6225 }
6226 }
6227 SSMR3GetU8(pSSMHandle, &pThis->u8Type);
6228
6229 rc = SSMR3GetU32(pSSMHandle, &u32);
6230 if (RT_FAILURE(rc))
6231 return rc;
6232 if (u32 != ~0U)
6233 {
6234 AssertMsgFailed(("u32=%#x expected ~0\n", u32));
6235 rc = VERR_SSM_DATA_UNIT_FORMAT_CHANGED;
6236 return rc;
6237 }
6238
6239 return VINF_SUCCESS;
6240}
6241
6242/**
6243 * Convert config value to DEVPCBIOSBOOT.
6244 *
6245 * @returns VBox status code.
6246 * @param pDevIns The device instance data.
6247 * @param pCfgHandle Configuration handle.
6248 * @param penmChipset Where to store the chipset type.
6249 */
6250static int ataControllerFromCfg(PPDMDEVINS pDevIns, PCFGMNODE pCfgHandle, CHIPSET *penmChipset)
6251{
6252 char szType[20];
6253
6254 int rc = CFGMR3QueryStringDef(pCfgHandle, "Type", &szType[0], sizeof(szType), "PIIX4");
6255 if (RT_FAILURE(rc))
6256 return PDMDevHlpVMSetError(pDevIns, rc, RT_SRC_POS,
6257 N_("Configuration error: Querying \"Type\" as a string failed"));
6258 if (!strcmp(szType, "PIIX3"))
6259 *penmChipset = CHIPSET_PIIX3;
6260 else if (!strcmp(szType, "PIIX4"))
6261 *penmChipset = CHIPSET_PIIX4;
6262 else if (!strcmp(szType, "ICH6"))
6263 *penmChipset = CHIPSET_ICH6;
6264 else
6265 {
6266 PDMDevHlpVMSetError(pDevIns, rc, RT_SRC_POS,
6267 N_("Configuration error: The \"Type\" value \"%s\" is unknown"),
6268 szType);
6269 rc = VERR_INTERNAL_ERROR;
6270 }
6271 return rc;
6272}
6273
6274
6275/**
6276 * Construct a device instance for a VM.
6277 *
6278 * @returns VBox status.
6279 * @param pDevIns The device instance data.
6280 * If the registration structure is needed, pDevIns->pDevReg points to it.
6281 * @param iInstance Instance number. Use this to figure out which registers and such to use.
6282 * The device number is also found in pDevIns->iInstance, but since it's
6283 * likely to be freqently used PDM passes it as parameter.
6284 * @param pCfgHandle Configuration node handle for the device. Use this to obtain the configuration
6285 * of the device instance. It's also found in pDevIns->pCfgHandle, but like
6286 * iInstance it's expected to be used a bit in this function.
6287 */
6288static DECLCALLBACK(int) ataConstruct(PPDMDEVINS pDevIns, int iInstance, PCFGMNODE pCfgHandle)
6289{
6290 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
6291 PPDMIBASE pBase;
6292 int rc;
6293 bool fGCEnabled;
6294 bool fR0Enabled;
6295 uint32_t DelayIRQMillies;
6296
6297 Assert(iInstance == 0);
6298
6299 /*
6300 * Initialize NIL handle values (for the destructor).
6301 */
6302 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
6303 {
6304 pThis->aCts[i].AsyncIOSem = NIL_RTSEMEVENT;
6305 pThis->aCts[i].SuspendIOSem = NIL_RTSEMEVENT;
6306 pThis->aCts[i].AsyncIORequestMutex = NIL_RTSEMEVENT;
6307 }
6308
6309 /*
6310 * Validate and read configuration.
6311 */
6312 if (!CFGMR3AreValuesValid(pCfgHandle, "GCEnabled\0IRQDelay\0R0Enabled\0Type\0"))
6313 return PDMDEV_SET_ERROR(pDevIns, VERR_PDM_DEVINS_UNKNOWN_CFG_VALUES,
6314 N_("PIIX3 configuration error: unknown option specified"));
6315
6316 rc = CFGMR3QueryBoolDef(pCfgHandle, "GCEnabled", &fGCEnabled, true);
6317 if (RT_FAILURE(rc))
6318 return PDMDEV_SET_ERROR(pDevIns, rc,
6319 N_("PIIX3 configuration error: failed to read GCEnabled as boolean"));
6320 Log(("%s: fGCEnabled=%d\n", __FUNCTION__, fGCEnabled));
6321
6322 rc = CFGMR3QueryBoolDef(pCfgHandle, "R0Enabled", &fR0Enabled, true);
6323 if (RT_FAILURE(rc))
6324 return PDMDEV_SET_ERROR(pDevIns, rc,
6325 N_("PIIX3 configuration error: failed to read R0Enabled as boolean"));
6326 Log(("%s: fR0Enabled=%d\n", __FUNCTION__, fR0Enabled));
6327
6328 rc = CFGMR3QueryU32Def(pCfgHandle, "IRQDelay", &DelayIRQMillies, 0);
6329 if (RT_FAILURE(rc))
6330 return PDMDEV_SET_ERROR(pDevIns, rc,
6331 N_("PIIX3 configuration error: failed to read IRQDelay as integer"));
6332 Log(("%s: DelayIRQMillies=%d\n", __FUNCTION__, DelayIRQMillies));
6333 Assert(DelayIRQMillies < 50);
6334
6335 CHIPSET enmChipset = CHIPSET_PIIX3;
6336 rc = ataControllerFromCfg(pDevIns, pCfgHandle, &enmChipset);
6337 if (RT_FAILURE(rc))
6338 return rc;
6339 pThis->u8Type = (uint8_t)enmChipset;
6340
6341 /*
6342 * Initialize data (most of it anyway).
6343 */
6344 /* Status LUN. */
6345 pThis->IBase.pfnQueryInterface = ataStatus_QueryInterface;
6346 pThis->ILeds.pfnQueryStatusLed = ataStatus_QueryStatusLed;
6347
6348 /* PCI configuration space. */
6349 PCIDevSetVendorId(&pThis->dev, 0x8086); /* Intel */
6350
6351 /*
6352 * When adding more IDE chipsets, don't forget to update pci_bios_init_device()
6353 * as it explicitly checks for PCI id for IDE controllers.
6354 */
6355 switch (pThis->u8Type)
6356 {
6357 case CHIPSET_ICH6:
6358 PCIDevSetDeviceId(&pThis->dev, 0x269e); /* ICH6 IDE */
6359 /** @todo: do we need it? Do we need anything else? */
6360 pThis->dev.config[0x48] = 0x00; /* UDMACTL */
6361 pThis->dev.config[0x4A] = 0x00; /* UDMATIM */
6362 pThis->dev.config[0x4B] = 0x00;
6363 {
6364 /*
6365 * See www.intel.com/Assets/PDF/manual/298600.pdf p. 30
6366 * Report
6367 * WR_Ping-Pong_EN: must be set
6368 * PCR0, PCR1: 80-pin primary cable reporting for both disks
6369 * SCR0, SCR1: 80-pin secondary cable reporting for both disks
6370 */
6371 uint16_t u16Config = (1<<10) | (1<<7) | (1<<6) | (1<<5) | (1<<4) ;
6372 pThis->dev.config[0x54] = u16Config & 0xff;
6373 pThis->dev.config[0x55] = u16Config >> 8;
6374 }
6375 break;
6376 case CHIPSET_PIIX4:
6377 PCIDevSetDeviceId(&pThis->dev, 0x7111); /* PIIX4 IDE */
6378 PCIDevSetRevisionId(&pThis->dev, 0x01); /* PIIX4E */
6379 pThis->dev.config[0x48] = 0x00; /* UDMACTL */
6380 pThis->dev.config[0x4A] = 0x00; /* UDMATIM */
6381 pThis->dev.config[0x4B] = 0x00;
6382 break;
6383 case CHIPSET_PIIX3:
6384 PCIDevSetDeviceId(&pThis->dev, 0x7010); /* PIIX3 IDE */
6385 break;
6386 default:
6387 AssertMsgFailed(("Unsupported IDE chipset type: %d\n", pThis->u8Type));
6388 }
6389
6390 PCIDevSetCommand( &pThis->dev, PCI_COMMAND_IOACCESS | PCI_COMMAND_MEMACCESS | PCI_COMMAND_BUSMASTER);
6391 PCIDevSetClassProg( &pThis->dev, 0x8a); /* programming interface = PCI_IDE bus master is supported */
6392 PCIDevSetClassSub( &pThis->dev, 0x01); /* class_sub = PCI_IDE */
6393 PCIDevSetClassBase( &pThis->dev, 0x01); /* class_base = PCI_mass_storage */
6394 PCIDevSetHeaderType(&pThis->dev, 0x00);
6395
6396 pThis->pDevIns = pDevIns;
6397 pThis->fGCEnabled = fGCEnabled;
6398 pThis->fR0Enabled = fR0Enabled;
6399 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
6400 {
6401 pThis->aCts[i].pDevInsR3 = pDevIns;
6402 pThis->aCts[i].pDevInsR0 = PDMDEVINS_2_R0PTR(pDevIns);
6403 pThis->aCts[i].pDevInsRC = PDMDEVINS_2_RCPTR(pDevIns);
6404 pThis->aCts[i].DelayIRQMillies = (uint32_t)DelayIRQMillies;
6405 for (uint32_t j = 0; j < RT_ELEMENTS(pThis->aCts[i].aIfs); j++)
6406 {
6407 ATADevState *pIf = &pThis->aCts[i].aIfs[j];
6408
6409 pIf->iLUN = i * RT_ELEMENTS(pThis->aCts) + j;
6410 pIf->pDevInsR3 = pDevIns;
6411 pIf->pDevInsR0 = PDMDEVINS_2_R0PTR(pDevIns);
6412 pIf->pDevInsRC = PDMDEVINS_2_RCPTR(pDevIns);
6413 pIf->pControllerR3 = &pThis->aCts[i];
6414 pIf->pControllerR0 = MMHyperR3ToR0(PDMDevHlpGetVM(pDevIns), &pThis->aCts[i]);
6415 pIf->pControllerRC = MMHyperR3ToRC(PDMDevHlpGetVM(pDevIns), &pThis->aCts[i]);
6416 pIf->IBase.pfnQueryInterface = ataQueryInterface;
6417 pIf->IMountNotify.pfnMountNotify = ataMountNotify;
6418 pIf->IMountNotify.pfnUnmountNotify = ataUnmountNotify;
6419 pIf->Led.u32Magic = PDMLED_MAGIC;
6420 }
6421 }
6422
6423 Assert(RT_ELEMENTS(pThis->aCts) == 2);
6424 pThis->aCts[0].irq = 14;
6425 pThis->aCts[0].IOPortBase1 = 0x1f0;
6426 pThis->aCts[0].IOPortBase2 = 0x3f6;
6427 pThis->aCts[1].irq = 15;
6428 pThis->aCts[1].IOPortBase1 = 0x170;
6429 pThis->aCts[1].IOPortBase2 = 0x376;
6430
6431 /*
6432 * Register the PCI device.
6433 * N.B. There's a hack in the PIIX3 PCI bridge device to assign this
6434 * device the slot next to itself.
6435 */
6436 rc = PDMDevHlpPCIRegister(pDevIns, &pThis->dev);
6437 if (RT_FAILURE(rc))
6438 return PDMDEV_SET_ERROR(pDevIns, rc,
6439 N_("PIIX3 cannot register PCI device"));
6440 AssertMsg(pThis->dev.devfn == 9 || iInstance != 0, ("pThis->dev.devfn=%d\n", pThis->dev.devfn));
6441 rc = PDMDevHlpPCIIORegionRegister(pDevIns, 4, 0x10, PCI_ADDRESS_SPACE_IO, ataBMDMAIORangeMap);
6442 if (RT_FAILURE(rc))
6443 return PDMDEV_SET_ERROR(pDevIns, rc,
6444 N_("PIIX3 cannot register PCI I/O region for BMDMA"));
6445
6446 /*
6447 * Register the I/O ports.
6448 * The ports are all hardcoded and enforced by the PIIX3 host bridge controller.
6449 */
6450 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
6451 {
6452 rc = PDMDevHlpIOPortRegister(pDevIns, pThis->aCts[i].IOPortBase1, 8, (RTHCPTR)i,
6453 ataIOPortWrite1, ataIOPortRead1, ataIOPortWriteStr1, ataIOPortReadStr1, "ATA I/O Base 1");
6454 if (RT_FAILURE(rc))
6455 return PDMDEV_SET_ERROR(pDevIns, rc, N_("PIIX3 cannot register I/O handlers"));
6456
6457 if (fGCEnabled)
6458 {
6459 rc = PDMDevHlpIOPortRegisterGC(pDevIns, pThis->aCts[i].IOPortBase1, 8, (RTGCPTR)i,
6460 "ataIOPortWrite1", "ataIOPortRead1", "ataIOPortWriteStr1", "ataIOPortReadStr1", "ATA I/O Base 1");
6461 if (RT_FAILURE(rc))
6462 return PDMDEV_SET_ERROR(pDevIns, rc, N_("PIIX3 cannot register I/O handlers (GC)"));
6463 }
6464
6465 if (fR0Enabled)
6466 {
6467#if 1
6468 rc = PDMDevHlpIOPortRegisterR0(pDevIns, pThis->aCts[i].IOPortBase1, 8, (RTR0PTR)i,
6469 "ataIOPortWrite1", "ataIOPortRead1", NULL, NULL, "ATA I/O Base 1");
6470#else
6471 rc = PDMDevHlpIOPortRegisterR0(pDevIns, pThis->aCts[i].IOPortBase1, 8, (RTR0PTR)i,
6472 "ataIOPortWrite1", "ataIOPortRead1", "ataIOPortWriteStr1", "ataIOPortReadStr1", "ATA I/O Base 1");
6473#endif
6474 if (RT_FAILURE(rc))
6475 return PDMDEV_SET_ERROR(pDevIns, rc, "PIIX3 cannot register I/O handlers (R0).");
6476 }
6477
6478 rc = PDMDevHlpIOPortRegister(pDevIns, pThis->aCts[i].IOPortBase2, 1, (RTHCPTR)i,
6479 ataIOPortWrite2, ataIOPortRead2, NULL, NULL, "ATA I/O Base 2");
6480 if (RT_FAILURE(rc))
6481 return PDMDEV_SET_ERROR(pDevIns, rc, N_("PIIX3 cannot register base2 I/O handlers"));
6482
6483 if (fGCEnabled)
6484 {
6485 rc = PDMDevHlpIOPortRegisterGC(pDevIns, pThis->aCts[i].IOPortBase2, 1, (RTGCPTR)i,
6486 "ataIOPortWrite2", "ataIOPortRead2", NULL, NULL, "ATA I/O Base 2");
6487 if (RT_FAILURE(rc))
6488 return PDMDEV_SET_ERROR(pDevIns, rc, N_("PIIX3 cannot register base2 I/O handlers (GC)"));
6489 }
6490 if (fR0Enabled)
6491 {
6492 rc = PDMDevHlpIOPortRegisterR0(pDevIns, pThis->aCts[i].IOPortBase2, 1, (RTR0PTR)i,
6493 "ataIOPortWrite2", "ataIOPortRead2", NULL, NULL, "ATA I/O Base 2");
6494 if (RT_FAILURE(rc))
6495 return PDMDEV_SET_ERROR(pDevIns, rc, N_("PIIX3 cannot register base2 I/O handlers (R0)"));
6496 }
6497
6498 for (uint32_t j = 0; j < RT_ELEMENTS(pThis->aCts[i].aIfs); j++)
6499 {
6500 ATADevState *pIf = &pThis->aCts[i].aIfs[j];
6501 PDMDevHlpSTAMRegisterF(pDevIns, &pIf->StatATADMA, STAMTYPE_COUNTER, STAMVISIBILITY_ALWAYS, STAMUNIT_OCCURENCES, "Number of ATA DMA transfers.", "/Devices/ATA%d/Unit%d/DMA", i, j);
6502 PDMDevHlpSTAMRegisterF(pDevIns, &pIf->StatATAPIO, STAMTYPE_COUNTER, STAMVISIBILITY_ALWAYS, STAMUNIT_OCCURENCES, "Number of ATA PIO transfers.", "/Devices/ATA%d/Unit%d/PIO", i, j);
6503 PDMDevHlpSTAMRegisterF(pDevIns, &pIf->StatATAPIDMA, STAMTYPE_COUNTER, STAMVISIBILITY_ALWAYS, STAMUNIT_OCCURENCES, "Number of ATAPI DMA transfers.", "/Devices/ATA%d/Unit%d/AtapiDMA", i, j);
6504 PDMDevHlpSTAMRegisterF(pDevIns, &pIf->StatATAPIPIO, STAMTYPE_COUNTER, STAMVISIBILITY_ALWAYS, STAMUNIT_OCCURENCES, "Number of ATAPI PIO transfers.", "/Devices/ATA%d/Unit%d/AtapiPIO", i, j);
6505#ifdef VBOX_WITH_STATISTICS /** @todo release too. */
6506 PDMDevHlpSTAMRegisterF(pDevIns, &pIf->StatReads, STAMTYPE_PROFILE_ADV, STAMVISIBILITY_ALWAYS, STAMUNIT_TICKS_PER_CALL, "Profiling of the read operations.", "/Devices/ATA%d/Unit%d/Reads", i, j);
6507#endif
6508 PDMDevHlpSTAMRegisterF(pDevIns, &pIf->StatBytesRead, STAMTYPE_COUNTER, STAMVISIBILITY_ALWAYS, STAMUNIT_BYTES, "Amount of data read.", "/Devices/ATA%d/Unit%d/ReadBytes", i, j);
6509#ifdef VBOX_INSTRUMENT_DMA_WRITES
6510 PDMDevHlpSTAMRegisterF(pDevIns, &pIf->StatInstrVDWrites,STAMTYPE_PROFILE_ADV, STAMVISIBILITY_ALWAYS, STAMUNIT_TICKS_PER_CALL, "Profiling of the VD DMA write operations.","/Devices/ATA%d/Unit%d/InstrVDWrites", i, j);
6511#endif
6512#ifdef VBOX_WITH_STATISTICS
6513 PDMDevHlpSTAMRegisterF(pDevIns, &pIf->StatWrites, STAMTYPE_PROFILE_ADV, STAMVISIBILITY_ALWAYS, STAMUNIT_TICKS_PER_CALL, "Profiling of the write operations.","/Devices/ATA%d/Unit%d/Writes", i, j);
6514#endif
6515 PDMDevHlpSTAMRegisterF(pDevIns, &pIf->StatBytesWritten, STAMTYPE_COUNTER, STAMVISIBILITY_ALWAYS, STAMUNIT_BYTES, "Amount of data written.", "/Devices/ATA%d/Unit%d/WrittenBytes", i, j);
6516#ifdef VBOX_WITH_STATISTICS
6517 PDMDevHlpSTAMRegisterF(pDevIns, &pIf->StatFlushes, STAMTYPE_PROFILE, STAMVISIBILITY_ALWAYS, STAMUNIT_TICKS_PER_CALL, "Profiling of the flush operations.","/Devices/ATA%d/Unit%d/Flushes", i, j);
6518#endif
6519 }
6520#ifdef VBOX_WITH_STATISTICS /** @todo release too. */
6521 PDMDevHlpSTAMRegisterF(pDevIns, &pThis->aCts[i].StatAsyncOps, STAMTYPE_COUNTER, STAMVISIBILITY_ALWAYS, STAMUNIT_OCCURENCES, "The number of async operations.", "/Devices/ATA%d/Async/Operations", i);
6522 /** @todo STAMUNIT_MICROSECS */
6523 PDMDevHlpSTAMRegisterF(pDevIns, &pThis->aCts[i].StatAsyncMinWait, STAMTYPE_U64_RESET, STAMVISIBILITY_ALWAYS, STAMUNIT_NONE, "Minimum wait in microseconds.", "/Devices/ATA%d/Async/MinWait", i);
6524 PDMDevHlpSTAMRegisterF(pDevIns, &pThis->aCts[i].StatAsyncMaxWait, STAMTYPE_U64_RESET, STAMVISIBILITY_ALWAYS, STAMUNIT_NONE, "Maximum wait in microseconds.", "/Devices/ATA%d/Async/MaxWait", i);
6525 PDMDevHlpSTAMRegisterF(pDevIns, &pThis->aCts[i].StatAsyncTimeUS, STAMTYPE_COUNTER, STAMVISIBILITY_ALWAYS, STAMUNIT_NONE, "Total time spent in microseconds.","/Devices/ATA%d/Async/TotalTimeUS", i);
6526 PDMDevHlpSTAMRegisterF(pDevIns, &pThis->aCts[i].StatAsyncTime, STAMTYPE_PROFILE_ADV, STAMVISIBILITY_ALWAYS, STAMUNIT_TICKS_PER_CALL, "Profiling of async operations.", "/Devices/ATA%d/Async/Time", i);
6527 PDMDevHlpSTAMRegisterF(pDevIns, &pThis->aCts[i].StatLockWait, STAMTYPE_PROFILE, STAMVISIBILITY_ALWAYS, STAMUNIT_TICKS_PER_CALL, "Profiling of locks.", "/Devices/ATA%d/Async/LockWait", i);
6528#endif /* VBOX_WITH_STATISTICS */
6529
6530 /* Initialize per-controller critical section */
6531 char szName[24];
6532 RTStrPrintf(szName, sizeof(szName), "ATA%d", i);
6533 rc = PDMDevHlpCritSectInit(pDevIns, &pThis->aCts[i].lock, szName);
6534 if (RT_FAILURE(rc))
6535 return PDMDEV_SET_ERROR(pDevIns, rc, N_("PIIX3 cannot initialize critical section"));
6536 }
6537
6538 /*
6539 * Attach status driver (optional).
6540 */
6541 rc = PDMDevHlpDriverAttach(pDevIns, PDM_STATUS_LUN, &pThis->IBase, &pBase, "Status Port");
6542 if (RT_SUCCESS(rc))
6543 pThis->pLedsConnector = (PDMILEDCONNECTORS *)pBase->pfnQueryInterface(pBase, PDMINTERFACE_LED_CONNECTORS);
6544 else if (rc != VERR_PDM_NO_ATTACHED_DRIVER)
6545 {
6546 AssertMsgFailed(("Failed to attach to status driver. rc=%Rrc\n", rc));
6547 return PDMDEV_SET_ERROR(pDevIns, rc, N_("PIIX3 cannot attach to status driver"));
6548 }
6549
6550 /*
6551 * Attach the units.
6552 */
6553 uint32_t cbTotalBuffer = 0;
6554 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
6555 {
6556 PATACONTROLLER pCtl = &pThis->aCts[i];
6557
6558 /*
6559 * Start the worker thread.
6560 */
6561 pCtl->uAsyncIOState = ATA_AIO_NEW;
6562 rc = RTSemEventCreate(&pCtl->AsyncIOSem);
6563 AssertRC(rc);
6564 rc = RTSemEventCreate(&pCtl->SuspendIOSem);
6565 AssertRC(rc);
6566 rc = RTSemMutexCreate(&pCtl->AsyncIORequestMutex);
6567 AssertRC(rc);
6568 ataAsyncIOClearRequests(pCtl);
6569 rc = RTThreadCreateF(&pCtl->AsyncIOThread, ataAsyncIOLoop, (void *)pCtl, 128*1024, RTTHREADTYPE_IO, RTTHREADFLAGS_WAITABLE, "ATA-%u", i);
6570 AssertRC(rc);
6571 Assert(pCtl->AsyncIOThread != NIL_RTTHREAD && pCtl->AsyncIOSem != NIL_RTSEMEVENT && pCtl->SuspendIOSem != NIL_RTSEMEVENT && pCtl->AsyncIORequestMutex != NIL_RTSEMMUTEX);
6572 Log(("%s: controller %d AIO thread id %#x; sem %p susp_sem %p mutex %p\n", __FUNCTION__, i, pCtl->AsyncIOThread, pCtl->AsyncIOSem, pCtl->SuspendIOSem, pCtl->AsyncIORequestMutex));
6573
6574 for (uint32_t j = 0; j < RT_ELEMENTS(pCtl->aIfs); j++)
6575 {
6576 static const char *s_apszDescs[RT_ELEMENTS(pThis->aCts)][RT_ELEMENTS(pCtl->aIfs)] =
6577 {
6578 { "Primary Master", "Primary Slave" },
6579 { "Secondary Master", "Secondary Slave" }
6580 };
6581
6582 /*
6583 * Try attach the block device and get the interfaces,
6584 * required as well as optional.
6585 */
6586 ATADevState *pIf = &pCtl->aIfs[j];
6587
6588 rc = PDMDevHlpDriverAttach(pDevIns, pIf->iLUN, &pIf->IBase, &pIf->pDrvBase, s_apszDescs[i][j]);
6589 if (RT_SUCCESS(rc))
6590 {
6591 rc = ataConfigLun(pDevIns, pIf);
6592 if (RT_SUCCESS(rc))
6593 {
6594 /*
6595 * Init vendor product data.
6596 */
6597 static const char *s_apszCFGMKeys[RT_ELEMENTS(pThis->aCts)][RT_ELEMENTS(pCtl->aIfs)] =
6598 {
6599 { "PrimaryMaster", "PrimarySlave" },
6600 { "SecondaryMaster", "SecondarySlave" }
6601 };
6602
6603 /* Generate a default serial number. */
6604 char szSerial[ATA_SERIAL_NUMBER_LENGTH+1];
6605 RTUUID Uuid;
6606 if (pIf->pDrvBlock)
6607 rc = pIf->pDrvBlock->pfnGetUuid(pIf->pDrvBlock, &Uuid);
6608 else
6609 RTUuidClear(&Uuid);
6610
6611 if (RT_FAILURE(rc) || RTUuidIsNull(&Uuid))
6612 {
6613 /* Generate a predictable serial for drives which don't have a UUID. */
6614 RTStrPrintf(szSerial, sizeof(szSerial), "VB%x-%04x%04x",
6615 pIf->iLUN + pDevIns->iInstance * 32,
6616 pThis->aCts[i].IOPortBase1, pThis->aCts[i].IOPortBase2);
6617 }
6618 else
6619 RTStrPrintf(szSerial, sizeof(szSerial), "VB%08x-%08x", Uuid.au32[0], Uuid.au32[3]);
6620
6621 /* Get user config if present using defaults otherwise. */
6622 PCFGMNODE pCfgNode = CFGMR3GetChild(pCfgHandle, s_apszCFGMKeys[i][j]);
6623 rc = CFGMR3QueryStringDef(pCfgNode, "SerialNumber", pIf->szSerialNumber, sizeof(pIf->szSerialNumber),
6624 szSerial);
6625 if (RT_FAILURE(rc))
6626 {
6627 if (rc == VERR_CFGM_NOT_ENOUGH_SPACE)
6628 return PDMDEV_SET_ERROR(pDevIns, VERR_INVALID_PARAMETER,
6629 N_("PIIX3 configuration error: \"SerialNumber\" is longer than 20 bytes"));
6630 return PDMDEV_SET_ERROR(pDevIns, rc,
6631 N_("PIIX3 configuration error: failed to read \"SerialNumber\" as string"));
6632 }
6633
6634 rc = CFGMR3QueryStringDef(pCfgNode, "FirmwareRevision", pIf->szFirmwareRevision, sizeof(pIf->szFirmwareRevision),
6635 "1.0");
6636 if (RT_FAILURE(rc))
6637 {
6638 if (rc == VERR_CFGM_NOT_ENOUGH_SPACE)
6639 return PDMDEV_SET_ERROR(pDevIns, VERR_INVALID_PARAMETER,
6640 N_("PIIX3 configuration error: \"FirmwareRevision\" is longer than 8 bytes"));
6641 return PDMDEV_SET_ERROR(pDevIns, rc,
6642 N_("PIIX3 configuration error: failed to read \"FirmwareRevision\" as string"));
6643 }
6644
6645 rc = CFGMR3QueryStringDef(pCfgNode, "ModelNumber", pIf->szModelNumber, sizeof(pIf->szModelNumber),
6646 pIf->fATAPI ? "VBOX CD-ROM" : "VBOX HARDDISK");
6647 if (RT_FAILURE(rc))
6648 {
6649 if (rc == VERR_CFGM_NOT_ENOUGH_SPACE)
6650 return PDMDEV_SET_ERROR(pDevIns, VERR_INVALID_PARAMETER,
6651 N_("PIIX3 configuration error: \"ModelNumber\" is longer than 40 bytes"));
6652 return PDMDEV_SET_ERROR(pDevIns, rc,
6653 N_("PIIX3 configuration error: failed to read \"ModelNumber\" as string"));
6654 }
6655 }
6656
6657 }
6658 else if (rc == VERR_PDM_NO_ATTACHED_DRIVER)
6659 {
6660 pIf->pDrvBase = NULL;
6661 pIf->pDrvBlock = NULL;
6662 pIf->cbIOBuffer = 0;
6663 pIf->pbIOBufferR3 = NULL;
6664 pIf->pbIOBufferR0 = NIL_RTR0PTR;
6665 pIf->pbIOBufferRC = NIL_RTGCPTR;
6666 LogRel(("PIIX3 ATA: LUN#%d: no unit\n", pIf->iLUN));
6667 }
6668 else
6669 {
6670 switch (rc)
6671 {
6672 case VERR_ACCESS_DENIED:
6673 /* Error already catched by DrvHostBase */
6674 return rc;
6675 default:
6676 return PDMDevHlpVMSetError(pDevIns, rc, RT_SRC_POS,
6677 N_("PIIX3 cannot attach drive to the %s"),
6678 s_apszDescs[i][j]);
6679 }
6680 }
6681 cbTotalBuffer += pIf->cbIOBuffer;
6682 }
6683 }
6684
6685 rc = PDMDevHlpSSMRegister(pDevIns, pDevIns->pDevReg->szDeviceName, iInstance,
6686 ATA_SAVED_STATE_VERSION, sizeof(*pThis) + cbTotalBuffer,
6687 ataSaveLoadPrep, ataSaveExec, NULL,
6688 ataSaveLoadPrep, ataLoadExec, NULL);
6689 if (RT_FAILURE(rc))
6690 return PDMDEV_SET_ERROR(pDevIns, rc, N_("PIIX3 cannot register save state handlers"));
6691
6692 /*
6693 * Initialize the device state.
6694 */
6695 ataReset(pDevIns);
6696
6697 return VINF_SUCCESS;
6698}
6699
6700
6701/**
6702 * The device registration structure.
6703 */
6704const PDMDEVREG g_DevicePIIX3IDE =
6705{
6706 /* u32Version */
6707 PDM_DEVREG_VERSION,
6708 /* szDeviceName */
6709 "piix3ide",
6710 /* szRCMod */
6711 "VBoxDDGC.gc",
6712 /* szR0Mod */
6713 "VBoxDDR0.r0",
6714 /* pszDescription */
6715 "Intel PIIX3 ATA controller.\n"
6716 " LUN #0 is primary master.\n"
6717 " LUN #1 is primary slave.\n"
6718 " LUN #2 is secondary master.\n"
6719 " LUN #3 is secondary slave.\n"
6720 " LUN #999 is the LED/Status connector.",
6721 /* fFlags */
6722 PDM_DEVREG_FLAGS_DEFAULT_BITS | PDM_DEVREG_FLAGS_RC | PDM_DEVREG_FLAGS_R0 |
6723 PDM_DEVREG_FLAGS_FIRST_SUSPEND_NOTIFICATION | PDM_DEVREG_FLAGS_FIRST_POWEROFF_NOTIFICATION,
6724 /* fClass */
6725 PDM_DEVREG_CLASS_STORAGE,
6726 /* cMaxInstances */
6727 1,
6728 /* cbInstance */
6729 sizeof(PCIATAState),
6730 /* pfnConstruct */
6731 ataConstruct,
6732 /* pfnDestruct */
6733 ataDestruct,
6734 /* pfnRelocate */
6735 ataRelocate,
6736 /* pfnIOCtl */
6737 NULL,
6738 /* pfnPowerOn */
6739 NULL,
6740 /* pfnReset */
6741 ataReset,
6742 /* pfnSuspend */
6743 ataSuspend,
6744 /* pfnResume */
6745 ataResume,
6746 /* pfnAttach */
6747 ataAttach,
6748 /* pfnDetach */
6749 ataDetach,
6750 /* pfnQueryInterface. */
6751 NULL,
6752 /* pfnInitComplete */
6753 NULL,
6754 /* pfnPowerOff */
6755 ataPowerOff,
6756 /* pfnSoftReset */
6757 NULL,
6758 /* u32VersionEnd */
6759 PDM_DEVREG_VERSION
6760};
6761#endif /* IN_RING3 */
6762#endif /* !VBOX_DEVICE_STRUCT_TESTCASE */
Note: See TracBrowser for help on using the repository browser.

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette