VirtualBox

source: vbox/trunk/src/VBox/Devices/Storage/DevATA.cpp@ 15518

Last change on this file since 15518 was 15508, checked in by vboxsync, 16 years ago

#3349: Changed a few MMHyperAlloc calls to MMR3HyperAllocOnceNoRel to save heap space.

  • Property svn:eol-style set to native
  • Property svn:keywords set to Author Date Id Revision
File size: 241.4 KB
Line 
1/* $Id: DevATA.cpp 15508 2008-12-15 15:05:16Z vboxsync $ */
2/** @file
3 * VBox storage devices: ATA/ATAPI controller device (disk and cdrom).
4 */
5
6/*
7 * Copyright (C) 2006-2008 Sun Microsystems, Inc.
8 *
9 * This file is part of VirtualBox Open Source Edition (OSE), as
10 * available from http://www.virtualbox.org. This file is free software;
11 * you can redistribute it and/or modify it under the terms of the GNU
12 * General Public License (GPL) as published by the Free Software
13 * Foundation, in version 2 as it comes in the "COPYING" file of the
14 * VirtualBox OSE distribution. VirtualBox OSE is distributed in the
15 * hope that it will be useful, but WITHOUT ANY WARRANTY of any kind.
16 *
17 * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa
18 * Clara, CA 95054 USA or visit http://www.sun.com if you need
19 * additional information or have any questions.
20 */
21
22/*******************************************************************************
23* Defined Constants And Macros *
24*******************************************************************************/
25/** Temporary instrumentation for tracking down potential virtual disk
26 * write performance issues. */
27#undef VBOX_INSTRUMENT_DMA_WRITES
28
29/**
30 * The SSM saved state versions.
31 */
32#define ATA_SAVED_STATE_VERSION 18
33#define ATA_SAVED_STATE_VERSION_WITHOUT_FULL_SENSE 16
34#define ATA_SAVED_STATE_VERSION_WITHOUT_EVENT_STATUS 17
35
36
37/*******************************************************************************
38* Header Files *
39*******************************************************************************/
40#define LOG_GROUP LOG_GROUP_DEV_IDE
41#include <VBox/pdmdev.h>
42#include <iprt/assert.h>
43#include <iprt/string.h>
44#ifdef IN_RING3
45# include <iprt/uuid.h>
46# include <iprt/semaphore.h>
47# include <iprt/thread.h>
48# include <iprt/time.h>
49# include <iprt/alloc.h>
50#endif /* IN_RING3 */
51#include <iprt/critsect.h>
52#include <iprt/asm.h>
53#include <VBox/stam.h>
54#include <VBox/mm.h>
55#include <VBox/pgm.h>
56
57#include <VBox/scsi.h>
58
59#include "PIIX3ATABmDma.h"
60#include "ide.h"
61#include "../Builtins.h"
62
63/*******************************************************************************
64* Defined Constants And Macros *
65*******************************************************************************/
66/**
67 * Maximum number of sectors to transfer in a READ/WRITE MULTIPLE request.
68 * Set to 1 to disable multi-sector read support. According to the ATA
69 * specification this must be a power of 2 and it must fit in an 8 bit
70 * value. Thus the only valid values are 1, 2, 4, 8, 16, 32, 64 and 128.
71 */
72#define ATA_MAX_MULT_SECTORS 128
73
74/**
75 * Fastest PIO mode supported by the drive.
76 */
77#define ATA_PIO_MODE_MAX 4
78/**
79 * Fastest MDMA mode supported by the drive.
80 */
81#define ATA_MDMA_MODE_MAX 2
82/**
83 * Fastest UDMA mode supported by the drive.
84 */
85#define ATA_UDMA_MODE_MAX 6
86
87/** ATAPI sense info size. */
88#define ATAPI_SENSE_SIZE 64
89
90/** The maximum number of release log entries per device. */
91#define MAX_LOG_REL_ERRORS 1024
92
93/* MediaEventStatus */
94#define ATA_EVENT_STATUS_UNCHANGED 0 /**< medium event status not changed */
95#define ATA_EVENT_STATUS_MEDIA_NEW 1 /**< new medium inserted */
96#define ATA_EVENT_STATUS_MEDIA_REMOVED 2 /**< medium removed */
97#define ATA_EVENT_STATUS_MEDIA_CHANGED 3 /**< medium was removed + new medium was inserted */
98
99
100/*******************************************************************************
101* Structures and Typedefs *
102*******************************************************************************/
103typedef struct ATADevState {
104 /** Flag indicating whether the current command uses LBA48 mode. */
105 bool fLBA48;
106 /** Flag indicating whether this drive implements the ATAPI command set. */
107 bool fATAPI;
108 /** Set if this interface has asserted the IRQ. */
109 bool fIrqPending;
110 /** Currently configured number of sectors in a multi-sector transfer. */
111 uint8_t cMultSectors;
112 /** PCHS disk geometry. */
113 PDMMEDIAGEOMETRY PCHSGeometry;
114 /** Total number of sectors on this disk. */
115 uint64_t cTotalSectors;
116 /** Number of sectors to transfer per IRQ. */
117 uint32_t cSectorsPerIRQ;
118
119 /** ATA/ATAPI register 1: feature (write-only). */
120 uint8_t uATARegFeature;
121 /** ATA/ATAPI register 1: feature, high order byte. */
122 uint8_t uATARegFeatureHOB;
123 /** ATA/ATAPI register 1: error (read-only). */
124 uint8_t uATARegError;
125 /** ATA/ATAPI register 2: sector count (read/write). */
126 uint8_t uATARegNSector;
127 /** ATA/ATAPI register 2: sector count, high order byte. */
128 uint8_t uATARegNSectorHOB;
129 /** ATA/ATAPI register 3: sector (read/write). */
130 uint8_t uATARegSector;
131 /** ATA/ATAPI register 3: sector, high order byte. */
132 uint8_t uATARegSectorHOB;
133 /** ATA/ATAPI register 4: cylinder low (read/write). */
134 uint8_t uATARegLCyl;
135 /** ATA/ATAPI register 4: cylinder low, high order byte. */
136 uint8_t uATARegLCylHOB;
137 /** ATA/ATAPI register 5: cylinder high (read/write). */
138 uint8_t uATARegHCyl;
139 /** ATA/ATAPI register 5: cylinder high, high order byte. */
140 uint8_t uATARegHCylHOB;
141 /** ATA/ATAPI register 6: select drive/head (read/write). */
142 uint8_t uATARegSelect;
143 /** ATA/ATAPI register 7: status (read-only). */
144 uint8_t uATARegStatus;
145 /** ATA/ATAPI register 7: command (write-only). */
146 uint8_t uATARegCommand;
147 /** ATA/ATAPI drive control register (write-only). */
148 uint8_t uATARegDevCtl;
149
150 /** Currently active transfer mode (MDMA/UDMA) and speed. */
151 uint8_t uATATransferMode;
152 /** Current transfer direction. */
153 uint8_t uTxDir;
154 /** Index of callback for begin transfer. */
155 uint8_t iBeginTransfer;
156 /** Index of callback for source/sink of data. */
157 uint8_t iSourceSink;
158 /** Flag indicating whether the current command transfers data in DMA mode. */
159 bool fDMA;
160 /** Set to indicate that ATAPI transfer semantics must be used. */
161 bool fATAPITransfer;
162
163 /** Total ATA/ATAPI transfer size, shared PIO/DMA. */
164 uint32_t cbTotalTransfer;
165 /** Elementary ATA/ATAPI transfer size, shared PIO/DMA. */
166 uint32_t cbElementaryTransfer;
167 /** Current read/write buffer position, shared PIO/DMA. */
168 uint32_t iIOBufferCur;
169 /** First element beyond end of valid buffer content, shared PIO/DMA. */
170 uint32_t iIOBufferEnd;
171
172 /** ATA/ATAPI current PIO read/write transfer position. Not shared with DMA for safety reasons. */
173 uint32_t iIOBufferPIODataStart;
174 /** ATA/ATAPI current PIO read/write transfer end. Not shared with DMA for safety reasons. */
175 uint32_t iIOBufferPIODataEnd;
176
177 /** ATAPI current LBA position. */
178 uint32_t iATAPILBA;
179 /** ATAPI current sector size. */
180 uint32_t cbATAPISector;
181 /** ATAPI current command. */
182 uint8_t aATAPICmd[ATAPI_PACKET_SIZE];
183 /** ATAPI sense data. */
184 uint8_t abATAPISense[ATAPI_SENSE_SIZE];
185 /** HACK: Countdown till we report a newly unmounted drive as mounted. */
186 uint8_t cNotifiedMediaChange;
187 /** The same for GET_EVENT_STATUS for mechanism */
188 volatile uint32_t MediaEventStatus;
189
190 uint32_t Alignment0;
191
192 /** The status LED state for this drive. */
193 PDMLED Led;
194
195 /** Size of I/O buffer. */
196 uint32_t cbIOBuffer;
197 /** Pointer to the I/O buffer. */
198 R3PTRTYPE(uint8_t *) pbIOBufferR3;
199 /** Pointer to the I/O buffer. */
200 R0PTRTYPE(uint8_t *) pbIOBufferR0;
201 /** Pointer to the I/O buffer. */
202 RCPTRTYPE(uint8_t *) pbIOBufferRC;
203
204 RTRCPTR Aligmnent1; /**< Align the statistics at an 8-byte boundrary. */
205
206 /*
207 * No data that is part of the saved state after this point!!!!!
208 */
209
210 /* Release statistics: number of ATA DMA commands. */
211 STAMCOUNTER StatATADMA;
212 /* Release statistics: number of ATA PIO commands. */
213 STAMCOUNTER StatATAPIO;
214 /* Release statistics: number of ATAPI PIO commands. */
215 STAMCOUNTER StatATAPIDMA;
216 /* Release statistics: number of ATAPI PIO commands. */
217 STAMCOUNTER StatATAPIPIO;
218#ifdef VBOX_INSTRUMENT_DMA_WRITES
219 /* Release statistics: number of DMA sector writes and the time spent. */
220 STAMPROFILEADV StatInstrVDWrites;
221#endif
222
223 /** Statistics: number of read operations and the time spent reading. */
224 STAMPROFILEADV StatReads;
225 /** Statistics: number of bytes read. */
226 STAMCOUNTER StatBytesRead;
227 /** Statistics: number of write operations and the time spent writing. */
228 STAMPROFILEADV StatWrites;
229 /** Statistics: number of bytes written. */
230 STAMCOUNTER StatBytesWritten;
231 /** Statistics: number of flush operations and the time spend flushing. */
232 STAMPROFILE StatFlushes;
233
234 /** Enable passing through commands directly to the ATAPI drive. */
235 bool fATAPIPassthrough;
236 /** Number of errors we've reported to the release log.
237 * This is to prevent flooding caused by something going horribly wrong.
238 * this value against MAX_LOG_REL_ERRORS in places likely to cause floods
239 * like the ones we currently seeing on the linux smoke tests (2006-11-10). */
240 uint32_t cErrors;
241 /** Timestamp of last started command. 0 if no command pending. */
242 uint64_t u64CmdTS;
243
244 /** Pointer to the attached driver's base interface. */
245 R3PTRTYPE(PPDMIBASE) pDrvBase;
246 /** Pointer to the attached driver's block interface. */
247 R3PTRTYPE(PPDMIBLOCK) pDrvBlock;
248 /** Pointer to the attached driver's block bios interface. */
249 R3PTRTYPE(PPDMIBLOCKBIOS) pDrvBlockBios;
250 /** Pointer to the attached driver's mount interface.
251 * This is NULL if the driver isn't a removable unit. */
252 R3PTRTYPE(PPDMIMOUNT) pDrvMount;
253 /** The base interface. */
254 PDMIBASE IBase;
255 /** The block port interface. */
256 PDMIBLOCKPORT IPort;
257 /** The mount notify interface. */
258 PDMIMOUNTNOTIFY IMountNotify;
259 /** The LUN #. */
260 RTUINT iLUN;
261#if HC_ARCH_BITS == 64
262 RTUINT Alignment2; /**< Align pDevInsR3 correctly. */
263#endif
264 /** Pointer to device instance. */
265 PPDMDEVINSR3 pDevInsR3;
266 /** Pointer to controller instance. */
267 R3PTRTYPE(struct ATACONTROLLER *) pControllerR3;
268 /** Pointer to device instance. */
269 PPDMDEVINSR0 pDevInsR0;
270 /** Pointer to controller instance. */
271 R0PTRTYPE(struct ATACONTROLLER *) pControllerR0;
272 /** Pointer to device instance. */
273 PPDMDEVINSRC pDevInsRC;
274 /** Pointer to controller instance. */
275 RCPTRTYPE(struct ATACONTROLLER *) pControllerRC;
276} ATADevState;
277
278
279typedef struct ATATransferRequest
280{
281 uint8_t iIf;
282 uint8_t iBeginTransfer;
283 uint8_t iSourceSink;
284 uint32_t cbTotalTransfer;
285 uint8_t uTxDir;
286} ATATransferRequest;
287
288
289typedef struct ATAAbortRequest
290{
291 uint8_t iIf;
292 bool fResetDrive;
293} ATAAbortRequest;
294
295
296typedef enum
297{
298 /** Begin a new transfer. */
299 ATA_AIO_NEW = 0,
300 /** Continue a DMA transfer. */
301 ATA_AIO_DMA,
302 /** Continue a PIO transfer. */
303 ATA_AIO_PIO,
304 /** Reset the drives on current controller, stop all transfer activity. */
305 ATA_AIO_RESET_ASSERTED,
306 /** Reset the drives on current controller, resume operation. */
307 ATA_AIO_RESET_CLEARED,
308 /** Abort the current transfer of a particular drive. */
309 ATA_AIO_ABORT
310} ATAAIO;
311
312
313typedef struct ATARequest
314{
315 ATAAIO ReqType;
316 union
317 {
318 ATATransferRequest t;
319 ATAAbortRequest a;
320 } u;
321} ATARequest;
322
323
324typedef struct ATACONTROLLER
325{
326 /** The base of the first I/O Port range. */
327 RTIOPORT IOPortBase1;
328 /** The base of the second I/O Port range. (0 if none) */
329 RTIOPORT IOPortBase2;
330 /** The assigned IRQ. */
331 RTUINT irq;
332 /** Access critical section */
333 PDMCRITSECT lock;
334
335 /** Selected drive. */
336 uint8_t iSelectedIf;
337 /** The interface on which to handle async I/O. */
338 uint8_t iAIOIf;
339 /** The state of the async I/O thread. */
340 uint8_t uAsyncIOState;
341 /** Flag indicating whether the next transfer is part of the current command. */
342 bool fChainedTransfer;
343 /** Set when the reset processing is currently active on this controller. */
344 bool fReset;
345 /** Flag whether the current transfer needs to be redone. */
346 bool fRedo;
347 /** Flag whether the redo suspend has been finished. */
348 bool fRedoIdle;
349 /** Flag whether the DMA operation to be redone is the final transfer. */
350 bool fRedoDMALastDesc;
351 /** The BusMaster DMA state. */
352 BMDMAState BmDma;
353 /** Pointer to first DMA descriptor. */
354 RTGCPHYS32 pFirstDMADesc;
355 /** Pointer to last DMA descriptor. */
356 RTGCPHYS32 pLastDMADesc;
357 /** Pointer to current DMA buffer (for redo operations). */
358 RTGCPHYS32 pRedoDMABuffer;
359 /** Size of current DMA buffer (for redo operations). */
360 uint32_t cbRedoDMABuffer;
361
362 /** The ATA/ATAPI interfaces of this controller. */
363 ATADevState aIfs[2];
364
365 /** Pointer to device instance. */
366 PPDMDEVINSR3 pDevInsR3;
367 /** Pointer to device instance. */
368 PPDMDEVINSR0 pDevInsR0;
369 /** Pointer to device instance. */
370 PPDMDEVINSRC pDevInsRC;
371
372 /** Set when the destroying the device instance and the thread must exit. */
373 uint32_t volatile fShutdown;
374 /** The async I/O thread handle. NIL_RTTHREAD if no thread. */
375 RTTHREAD AsyncIOThread;
376 /** The event semaphore the thread is waiting on for requests. */
377 RTSEMEVENT AsyncIOSem;
378 /** The request queue for the AIO thread. One element is always unused. */
379 ATARequest aAsyncIORequests[4];
380 /** The position at which to insert a new request for the AIO thread. */
381 uint8_t AsyncIOReqHead;
382 /** The position at which to get a new request for the AIO thread. */
383 uint8_t AsyncIOReqTail;
384 uint8_t Alignment3[2]; /**< Explicit padding of the 2 byte gap. */
385 /** Magic delay before triggering interrupts in DMA mode. */
386 uint32_t DelayIRQMillies;
387 /** The mutex protecting the request queue. */
388 RTSEMMUTEX AsyncIORequestMutex;
389 /** The event semaphore the thread is waiting on during suspended I/O. */
390 RTSEMEVENT SuspendIOSem;
391#if 0 /*HC_ARCH_BITS == 32*/
392 uint32_t Alignment0;
393#endif
394
395 /* Statistics */
396 STAMCOUNTER StatAsyncOps;
397 uint64_t StatAsyncMinWait;
398 uint64_t StatAsyncMaxWait;
399 STAMCOUNTER StatAsyncTimeUS;
400 STAMPROFILEADV StatAsyncTime;
401 STAMPROFILE StatLockWait;
402} ATACONTROLLER, *PATACONTROLLER;
403
404typedef struct PCIATAState {
405 PCIDEVICE dev;
406 /** The controllers. */
407 ATACONTROLLER aCts[2];
408 /** Pointer to device instance. */
409 PPDMDEVINSR3 pDevIns;
410 /** Status Port - Base interface. */
411 PDMIBASE IBase;
412 /** Status Port - Leds interface. */
413 PDMILEDPORTS ILeds;
414 /** Partner of ILeds. */
415 R3PTRTYPE(PPDMILEDCONNECTORS) pLedsConnector;
416 /** Flag whether GC is enabled. */
417 bool fGCEnabled;
418 /** Flag whether R0 is enabled. */
419 bool fR0Enabled;
420 /** Flag indicating whether PIIX4 or PIIX3 is being emulated. */
421 bool fPIIX4;
422 bool Alignment0[HC_ARCH_BITS == 64 ? 5 : 1]; /**< Align the struct size. */
423} PCIATAState;
424
425#define PDMIBASE_2_PCIATASTATE(pInterface) ( (PCIATAState *)((uintptr_t)(pInterface) - RT_OFFSETOF(PCIATAState, IBase)) )
426#define PDMILEDPORTS_2_PCIATASTATE(pInterface) ( (PCIATAState *)((uintptr_t)(pInterface) - RT_OFFSETOF(PCIATAState, ILeds)) )
427#define PDMIBLOCKPORT_2_ATASTATE(pInterface) ( (ATADevState *)((uintptr_t)(pInterface) - RT_OFFSETOF(ATADevState, IPort)) )
428#define PDMIMOUNT_2_ATASTATE(pInterface) ( (ATADevState *)((uintptr_t)(pInterface) - RT_OFFSETOF(ATADevState, IMount)) )
429#define PDMIMOUNTNOTIFY_2_ATASTATE(pInterface) ( (ATADevState *)((uintptr_t)(pInterface) - RT_OFFSETOF(ATADevState, IMountNotify)) )
430#define PCIDEV_2_PCIATASTATE(pPciDev) ( (PCIATAState *)(pPciDev) )
431
432#define ATACONTROLLER_IDX(pController) ( (pController) - PDMINS_2_DATA(CONTROLLER_2_DEVINS(pController), PCIATAState *)->aCts )
433
434#define ATADEVSTATE_2_CONTROLLER(pIf) ( (pIf)->CTX_SUFF(pController) )
435#define ATADEVSTATE_2_DEVINS(pIf) ( (pIf)->CTX_SUFF(pDevIns) )
436#define CONTROLLER_2_DEVINS(pController) ( (pController)->CTX_SUFF(pDevIns) )
437#define PDMIBASE_2_ATASTATE(pInterface) ( (ATADevState *)((uintptr_t)(pInterface) - RT_OFFSETOF(ATADevState, IBase)) )
438
439#ifndef VBOX_DEVICE_STRUCT_TESTCASE
440/*******************************************************************************
441 * Internal Functions *
442 ******************************************************************************/
443__BEGIN_DECLS
444PDMBOTHCBDECL(int) ataIOPortWrite1(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t u32, unsigned cb);
445PDMBOTHCBDECL(int) ataIOPortRead1(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t *u32, unsigned cb);
446PDMBOTHCBDECL(int) ataIOPortWriteStr1(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, RTGCPTR *pGCPtrSrc, PRTGCUINTREG pcTransfer, unsigned cb);
447PDMBOTHCBDECL(int) ataIOPortReadStr1(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, RTGCPTR *pGCPtrDst, PRTGCUINTREG pcTransfer, unsigned cb);
448PDMBOTHCBDECL(int) ataIOPortWrite2(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t u32, unsigned cb);
449PDMBOTHCBDECL(int) ataIOPortRead2(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t *u32, unsigned cb);
450PDMBOTHCBDECL(int) ataBMDMAIOPortWrite(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t u32, unsigned cb);
451PDMBOTHCBDECL(int) ataBMDMAIOPortRead(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t *pu32, unsigned cb);
452__END_DECLS
453
454
455
456DECLINLINE(void) ataSetStatusValue(ATADevState *s, uint8_t stat)
457{
458 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
459
460 /* Freeze status register contents while processing RESET. */
461 if (!pCtl->fReset)
462 {
463 s->uATARegStatus = stat;
464 Log2(("%s: LUN#%d status %#04x\n", __FUNCTION__, s->iLUN, s->uATARegStatus));
465 }
466}
467
468
469DECLINLINE(void) ataSetStatus(ATADevState *s, uint8_t stat)
470{
471 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
472
473 /* Freeze status register contents while processing RESET. */
474 if (!pCtl->fReset)
475 {
476 s->uATARegStatus |= stat;
477 Log2(("%s: LUN#%d status %#04x\n", __FUNCTION__, s->iLUN, s->uATARegStatus));
478 }
479}
480
481
482DECLINLINE(void) ataUnsetStatus(ATADevState *s, uint8_t stat)
483{
484 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
485
486 /* Freeze status register contents while processing RESET. */
487 if (!pCtl->fReset)
488 {
489 s->uATARegStatus &= ~stat;
490 Log2(("%s: LUN#%d status %#04x\n", __FUNCTION__, s->iLUN, s->uATARegStatus));
491 }
492}
493
494#ifdef IN_RING3
495
496typedef void (*PBeginTransferFunc)(ATADevState *);
497typedef bool (*PSourceSinkFunc)(ATADevState *);
498
499static void ataReadWriteSectorsBT(ATADevState *);
500static void ataPacketBT(ATADevState *);
501static void atapiCmdBT(ATADevState *);
502static void atapiPassthroughCmdBT(ATADevState *);
503
504static bool ataIdentifySS(ATADevState *);
505static bool ataFlushSS(ATADevState *);
506static bool ataReadSectorsSS(ATADevState *);
507static bool ataWriteSectorsSS(ATADevState *);
508static bool ataExecuteDeviceDiagnosticSS(ATADevState *);
509static bool ataPacketSS(ATADevState *);
510static bool atapiGetConfigurationSS(ATADevState *);
511static bool atapiGetEventStatusNotificationSS(ATADevState *);
512static bool atapiIdentifySS(ATADevState *);
513static bool atapiInquirySS(ATADevState *);
514static bool atapiMechanismStatusSS(ATADevState *);
515static bool atapiModeSenseErrorRecoverySS(ATADevState *);
516static bool atapiModeSenseCDStatusSS(ATADevState *);
517static bool atapiReadSS(ATADevState *);
518static bool atapiReadCapacitySS(ATADevState *);
519static bool atapiReadDiscInformationSS(ATADevState *);
520static bool atapiReadTOCNormalSS(ATADevState *);
521static bool atapiReadTOCMultiSS(ATADevState *);
522static bool atapiReadTOCRawSS(ATADevState *);
523static bool atapiReadTrackInformationSS(ATADevState *);
524static bool atapiRequestSenseSS(ATADevState *);
525static bool atapiPassthroughSS(ATADevState *);
526
527/**
528 * Begin of transfer function indexes for g_apfnBeginTransFuncs.
529 */
530typedef enum ATAFNBT
531{
532 ATAFN_BT_NULL = 0,
533 ATAFN_BT_READ_WRITE_SECTORS,
534 ATAFN_BT_PACKET,
535 ATAFN_BT_ATAPI_CMD,
536 ATAFN_BT_ATAPI_PASSTHROUGH_CMD,
537 ATAFN_BT_MAX
538} ATAFNBT;
539
540/**
541 * Array of end transfer functions, the index is ATAFNET.
542 * Make sure ATAFNET and this array match!
543 */
544static const PBeginTransferFunc g_apfnBeginTransFuncs[ATAFN_BT_MAX] =
545{
546 NULL,
547 ataReadWriteSectorsBT,
548 ataPacketBT,
549 atapiCmdBT,
550 atapiPassthroughCmdBT,
551};
552
553/**
554 * Source/sink function indexes for g_apfnSourceSinkFuncs.
555 */
556typedef enum ATAFNSS
557{
558 ATAFN_SS_NULL = 0,
559 ATAFN_SS_IDENTIFY,
560 ATAFN_SS_FLUSH,
561 ATAFN_SS_READ_SECTORS,
562 ATAFN_SS_WRITE_SECTORS,
563 ATAFN_SS_EXECUTE_DEVICE_DIAGNOSTIC,
564 ATAFN_SS_PACKET,
565 ATAFN_SS_ATAPI_GET_CONFIGURATION,
566 ATAFN_SS_ATAPI_GET_EVENT_STATUS_NOTIFICATION,
567 ATAFN_SS_ATAPI_IDENTIFY,
568 ATAFN_SS_ATAPI_INQUIRY,
569 ATAFN_SS_ATAPI_MECHANISM_STATUS,
570 ATAFN_SS_ATAPI_MODE_SENSE_ERROR_RECOVERY,
571 ATAFN_SS_ATAPI_MODE_SENSE_CD_STATUS,
572 ATAFN_SS_ATAPI_READ,
573 ATAFN_SS_ATAPI_READ_CAPACITY,
574 ATAFN_SS_ATAPI_READ_DISC_INFORMATION,
575 ATAFN_SS_ATAPI_READ_TOC_NORMAL,
576 ATAFN_SS_ATAPI_READ_TOC_MULTI,
577 ATAFN_SS_ATAPI_READ_TOC_RAW,
578 ATAFN_SS_ATAPI_READ_TRACK_INFORMATION,
579 ATAFN_SS_ATAPI_REQUEST_SENSE,
580 ATAFN_SS_ATAPI_PASSTHROUGH,
581 ATAFN_SS_MAX
582} ATAFNSS;
583
584/**
585 * Array of source/sink functions, the index is ATAFNSS.
586 * Make sure ATAFNSS and this array match!
587 */
588static const PSourceSinkFunc g_apfnSourceSinkFuncs[ATAFN_SS_MAX] =
589{
590 NULL,
591 ataIdentifySS,
592 ataFlushSS,
593 ataReadSectorsSS,
594 ataWriteSectorsSS,
595 ataExecuteDeviceDiagnosticSS,
596 ataPacketSS,
597 atapiGetConfigurationSS,
598 atapiGetEventStatusNotificationSS,
599 atapiIdentifySS,
600 atapiInquirySS,
601 atapiMechanismStatusSS,
602 atapiModeSenseErrorRecoverySS,
603 atapiModeSenseCDStatusSS,
604 atapiReadSS,
605 atapiReadCapacitySS,
606 atapiReadDiscInformationSS,
607 atapiReadTOCNormalSS,
608 atapiReadTOCMultiSS,
609 atapiReadTOCRawSS,
610 atapiReadTrackInformationSS,
611 atapiRequestSenseSS,
612 atapiPassthroughSS
613};
614
615
616static const ATARequest ataDMARequest = { ATA_AIO_DMA, };
617static const ATARequest ataPIORequest = { ATA_AIO_PIO, };
618static const ATARequest ataResetARequest = { ATA_AIO_RESET_ASSERTED, };
619static const ATARequest ataResetCRequest = { ATA_AIO_RESET_CLEARED, };
620
621
622static void ataAsyncIOClearRequests(PATACONTROLLER pCtl)
623{
624 int rc;
625
626 rc = RTSemMutexRequest(pCtl->AsyncIORequestMutex, RT_INDEFINITE_WAIT);
627 AssertRC(rc);
628 pCtl->AsyncIOReqHead = 0;
629 pCtl->AsyncIOReqTail = 0;
630 rc = RTSemMutexRelease(pCtl->AsyncIORequestMutex);
631 AssertRC(rc);
632}
633
634
635static void ataAsyncIOPutRequest(PATACONTROLLER pCtl, const ATARequest *pReq)
636{
637 int rc;
638
639 rc = RTSemMutexRequest(pCtl->AsyncIORequestMutex, RT_INDEFINITE_WAIT);
640 AssertRC(rc);
641 Assert((pCtl->AsyncIOReqHead + 1) % RT_ELEMENTS(pCtl->aAsyncIORequests) != pCtl->AsyncIOReqTail);
642 memcpy(&pCtl->aAsyncIORequests[pCtl->AsyncIOReqHead], pReq, sizeof(*pReq));
643 pCtl->AsyncIOReqHead++;
644 pCtl->AsyncIOReqHead %= RT_ELEMENTS(pCtl->aAsyncIORequests);
645 rc = RTSemMutexRelease(pCtl->AsyncIORequestMutex);
646 AssertRC(rc);
647 LogBird(("ata: %x: signalling\n", pCtl->IOPortBase1));
648 rc = PDMR3CritSectScheduleExitEvent(&pCtl->lock, pCtl->AsyncIOSem);
649 if (RT_FAILURE(rc))
650 {
651 LogBird(("ata: %x: schedule failed, rc=%Rrc\n", pCtl->IOPortBase1, rc));
652 rc = RTSemEventSignal(pCtl->AsyncIOSem);
653 AssertRC(rc);
654 }
655}
656
657
658static const ATARequest *ataAsyncIOGetCurrentRequest(PATACONTROLLER pCtl)
659{
660 int rc;
661 const ATARequest *pReq;
662
663 rc = RTSemMutexRequest(pCtl->AsyncIORequestMutex, RT_INDEFINITE_WAIT);
664 AssertRC(rc);
665 if (pCtl->AsyncIOReqHead != pCtl->AsyncIOReqTail)
666 pReq = &pCtl->aAsyncIORequests[pCtl->AsyncIOReqTail];
667 else
668 pReq = NULL;
669 rc = RTSemMutexRelease(pCtl->AsyncIORequestMutex);
670 AssertRC(rc);
671 return pReq;
672}
673
674
675/**
676 * Remove the request with the given type, as it's finished. The request
677 * is not removed blindly, as this could mean a RESET request that is not
678 * yet processed (but has cleared the request queue) is lost.
679 *
680 * @param pCtl Controller for which to remove the request.
681 * @param ReqType Type of the request to remove.
682 */
683static void ataAsyncIORemoveCurrentRequest(PATACONTROLLER pCtl, ATAAIO ReqType)
684{
685 int rc;
686
687 rc = RTSemMutexRequest(pCtl->AsyncIORequestMutex, RT_INDEFINITE_WAIT);
688 AssertRC(rc);
689 if (pCtl->AsyncIOReqHead != pCtl->AsyncIOReqTail && pCtl->aAsyncIORequests[pCtl->AsyncIOReqTail].ReqType == ReqType)
690 {
691 pCtl->AsyncIOReqTail++;
692 pCtl->AsyncIOReqTail %= RT_ELEMENTS(pCtl->aAsyncIORequests);
693 }
694 rc = RTSemMutexRelease(pCtl->AsyncIORequestMutex);
695 AssertRC(rc);
696}
697
698
699/**
700 * Dump the request queue for a particular controller. First dump the queue
701 * contents, then the already processed entries, as long as they haven't been
702 * overwritten.
703 *
704 * @param pCtl Controller for which to dump the queue.
705 */
706static void ataAsyncIODumpRequests(PATACONTROLLER pCtl)
707{
708 int rc;
709 uint8_t curr;
710
711 rc = RTSemMutexRequest(pCtl->AsyncIORequestMutex, RT_INDEFINITE_WAIT);
712 AssertRC(rc);
713 LogRel(("PIIX3 ATA: Ctl#%d: request queue dump (topmost is current):\n", ATACONTROLLER_IDX(pCtl)));
714 curr = pCtl->AsyncIOReqTail;
715 do
716 {
717 if (curr == pCtl->AsyncIOReqHead)
718 LogRel(("PIIX3 ATA: Ctl#%d: processed requests (topmost is oldest):\n", ATACONTROLLER_IDX(pCtl)));
719 switch (pCtl->aAsyncIORequests[curr].ReqType)
720 {
721 case ATA_AIO_NEW:
722 LogRel(("new transfer request, iIf=%d iBeginTransfer=%d iSourceSink=%d cbTotalTransfer=%d uTxDir=%d\n", pCtl->aAsyncIORequests[curr].u.t.iIf, pCtl->aAsyncIORequests[curr].u.t.iBeginTransfer, pCtl->aAsyncIORequests[curr].u.t.iSourceSink, pCtl->aAsyncIORequests[curr].u.t.cbTotalTransfer, pCtl->aAsyncIORequests[curr].u.t.uTxDir));
723 break;
724 case ATA_AIO_DMA:
725 LogRel(("dma transfer finished\n"));
726 break;
727 case ATA_AIO_PIO:
728 LogRel(("pio transfer finished\n"));
729 break;
730 case ATA_AIO_RESET_ASSERTED:
731 LogRel(("reset asserted request\n"));
732 break;
733 case ATA_AIO_RESET_CLEARED:
734 LogRel(("reset cleared request\n"));
735 break;
736 case ATA_AIO_ABORT:
737 LogRel(("abort request, iIf=%d fResetDrive=%d\n", pCtl->aAsyncIORequests[curr].u.a.iIf, pCtl->aAsyncIORequests[curr].u.a.fResetDrive));
738 break;
739 default:
740 LogRel(("unknown request %d\n", pCtl->aAsyncIORequests[curr].ReqType));
741 }
742 curr = (curr + 1) % RT_ELEMENTS(pCtl->aAsyncIORequests);
743 } while (curr != pCtl->AsyncIOReqTail);
744 rc = RTSemMutexRelease(pCtl->AsyncIORequestMutex);
745 AssertRC(rc);
746}
747
748
749/**
750 * Checks whether the request queue for a particular controller is empty
751 * or whether a particular controller is idle.
752 *
753 * @param pCtl Controller for which to check the queue.
754 * @param fStrict If set then the controller is checked to be idle.
755 */
756static bool ataAsyncIOIsIdle(PATACONTROLLER pCtl, bool fStrict)
757{
758 int rc;
759 bool fIdle;
760
761 rc = RTSemMutexRequest(pCtl->AsyncIORequestMutex, RT_INDEFINITE_WAIT);
762 AssertRC(rc);
763 fIdle = pCtl->fRedoIdle;
764 if (!fIdle)
765 fIdle = (pCtl->AsyncIOReqHead == pCtl->AsyncIOReqTail);
766 if (fStrict)
767 fIdle &= (pCtl->uAsyncIOState == ATA_AIO_NEW);
768 rc = RTSemMutexRelease(pCtl->AsyncIORequestMutex);
769 AssertRC(rc);
770 return fIdle;
771}
772
773
774/**
775 * Send a transfer request to the async I/O thread.
776 *
777 * @param s Pointer to the ATA device state data.
778 * @param cbTotalTransfer Data transfer size.
779 * @param uTxDir Data transfer direction.
780 * @param iBeginTransfer Index of BeginTransfer callback.
781 * @param iSourceSink Index of SourceSink callback.
782 * @param fChainedTransfer Whether this is a transfer that is part of the previous command/transfer.
783 */
784static void ataStartTransfer(ATADevState *s, uint32_t cbTotalTransfer, uint8_t uTxDir, ATAFNBT iBeginTransfer, ATAFNSS iSourceSink, bool fChainedTransfer)
785{
786 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
787 ATARequest Req;
788
789 Assert(PDMCritSectIsOwner(&pCtl->lock));
790
791 /* Do not issue new requests while the RESET line is asserted. */
792 if (pCtl->fReset)
793 {
794 Log2(("%s: Ctl#%d: suppressed new request as RESET is active\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
795 return;
796 }
797
798 /* If the controller is already doing something else right now, ignore
799 * the command that is being submitted. Some broken guests issue commands
800 * twice (e.g. the Linux kernel that comes with Acronis True Image 8). */
801 if (!fChainedTransfer && !ataAsyncIOIsIdle(pCtl, true))
802 {
803 Log(("%s: Ctl#%d: ignored command %#04x, controller state %d\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl), s->uATARegCommand, pCtl->uAsyncIOState));
804 LogRel(("PIIX3 IDE: guest issued command %#04x while controller busy\n", s->uATARegCommand));
805 return;
806 }
807
808 Req.ReqType = ATA_AIO_NEW;
809 if (fChainedTransfer)
810 Req.u.t.iIf = pCtl->iAIOIf;
811 else
812 Req.u.t.iIf = pCtl->iSelectedIf;
813 Req.u.t.cbTotalTransfer = cbTotalTransfer;
814 Req.u.t.uTxDir = uTxDir;
815 Req.u.t.iBeginTransfer = iBeginTransfer;
816 Req.u.t.iSourceSink = iSourceSink;
817 ataSetStatusValue(s, ATA_STAT_BUSY);
818 pCtl->fChainedTransfer = fChainedTransfer;
819
820 /*
821 * Kick the worker thread into action.
822 */
823 Log2(("%s: Ctl#%d: message to async I/O thread, new request\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
824 ataAsyncIOPutRequest(pCtl, &Req);
825}
826
827
828/**
829 * Send an abort command request to the async I/O thread.
830 *
831 * @param s Pointer to the ATA device state data.
832 * @param fResetDrive Whether to reset the drive or just abort a command.
833 */
834static void ataAbortCurrentCommand(ATADevState *s, bool fResetDrive)
835{
836 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
837 ATARequest Req;
838
839 Assert(PDMCritSectIsOwner(&pCtl->lock));
840
841 /* Do not issue new requests while the RESET line is asserted. */
842 if (pCtl->fReset)
843 {
844 Log2(("%s: Ctl#%d: suppressed aborting command as RESET is active\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
845 return;
846 }
847
848 Req.ReqType = ATA_AIO_ABORT;
849 Req.u.a.iIf = pCtl->iSelectedIf;
850 Req.u.a.fResetDrive = fResetDrive;
851 ataSetStatus(s, ATA_STAT_BUSY);
852 Log2(("%s: Ctl#%d: message to async I/O thread, abort command on LUN#%d\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl), s->iLUN));
853 ataAsyncIOPutRequest(pCtl, &Req);
854}
855
856
857static void ataSetIRQ(ATADevState *s)
858{
859 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
860 PPDMDEVINS pDevIns = ATADEVSTATE_2_DEVINS(s);
861
862 if (!(s->uATARegDevCtl & ATA_DEVCTL_DISABLE_IRQ))
863 {
864 Log2(("%s: LUN#%d asserting IRQ\n", __FUNCTION__, s->iLUN));
865 /* The BMDMA unit unconditionally sets BM_STATUS_INT if the interrupt
866 * line is asserted. It monitors the line for a rising edge. */
867 if (!s->fIrqPending)
868 pCtl->BmDma.u8Status |= BM_STATUS_INT;
869 /* Only actually set the IRQ line if updating the currently selected drive. */
870 if (s == &pCtl->aIfs[pCtl->iSelectedIf])
871 {
872 /** @todo experiment with adaptive IRQ delivery: for reads it is
873 * better to wait for IRQ delivery, as it reduces latency. */
874 if (pCtl->irq == 16)
875 PDMDevHlpPCISetIrqNoWait(pDevIns, 0, 1);
876 else
877 PDMDevHlpISASetIrqNoWait(pDevIns, pCtl->irq, 1);
878 }
879 }
880 s->fIrqPending = true;
881}
882
883#endif /* IN_RING3 */
884
885static void ataUnsetIRQ(ATADevState *s)
886{
887 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
888 PPDMDEVINS pDevIns = ATADEVSTATE_2_DEVINS(s);
889
890 if (!(s->uATARegDevCtl & ATA_DEVCTL_DISABLE_IRQ))
891 {
892 Log2(("%s: LUN#%d deasserting IRQ\n", __FUNCTION__, s->iLUN));
893 /* Only actually unset the IRQ line if updating the currently selected drive. */
894 if (s == &pCtl->aIfs[pCtl->iSelectedIf])
895 {
896 if (pCtl->irq == 16)
897 PDMDevHlpPCISetIrqNoWait(pDevIns, 0, 0);
898 else
899 PDMDevHlpISASetIrqNoWait(pDevIns, pCtl->irq, 0);
900 }
901 }
902 s->fIrqPending = false;
903}
904
905#ifdef IN_RING3
906
907static void ataPIOTransferStart(ATADevState *s, uint32_t start, uint32_t size)
908{
909 Log2(("%s: LUN#%d start %d size %d\n", __FUNCTION__, s->iLUN, start, size));
910 s->iIOBufferPIODataStart = start;
911 s->iIOBufferPIODataEnd = start + size;
912 ataSetStatus(s, ATA_STAT_DRQ);
913}
914
915
916static void ataPIOTransferStop(ATADevState *s)
917{
918 Log2(("%s: LUN#%d\n", __FUNCTION__, s->iLUN));
919 if (s->fATAPITransfer)
920 {
921 s->uATARegNSector = (s->uATARegNSector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
922 Log2(("%s: interrupt reason %#04x\n", __FUNCTION__, s->uATARegNSector));
923 ataSetIRQ(s);
924 s->fATAPITransfer = false;
925 }
926 s->cbTotalTransfer = 0;
927 s->cbElementaryTransfer = 0;
928 s->iIOBufferPIODataStart = 0;
929 s->iIOBufferPIODataEnd = 0;
930 s->iBeginTransfer = ATAFN_BT_NULL;
931 s->iSourceSink = ATAFN_SS_NULL;
932}
933
934
935static void ataPIOTransferLimitATAPI(ATADevState *s)
936{
937 uint32_t cbLimit, cbTransfer;
938
939 cbLimit = s->uATARegLCyl | (s->uATARegHCyl << 8);
940 /* Use maximum transfer size if the guest requested 0. Avoids a hang. */
941 if (cbLimit == 0)
942 cbLimit = 0xfffe;
943 Log2(("%s: byte count limit=%d\n", __FUNCTION__, cbLimit));
944 if (cbLimit == 0xffff)
945 cbLimit--;
946 cbTransfer = RT_MIN(s->cbTotalTransfer, s->iIOBufferEnd - s->iIOBufferCur);
947 if (cbTransfer > cbLimit)
948 {
949 /* Byte count limit for clipping must be even in this case */
950 if (cbLimit & 1)
951 cbLimit--;
952 cbTransfer = cbLimit;
953 }
954 s->uATARegLCyl = cbTransfer;
955 s->uATARegHCyl = cbTransfer >> 8;
956 s->cbElementaryTransfer = cbTransfer;
957}
958
959
960static uint32_t ataGetNSectors(ATADevState *s)
961{
962 /* 0 means either 256 (LBA28) or 65536 (LBA48) sectors. */
963 if (s->fLBA48)
964 {
965 if (!s->uATARegNSector && !s->uATARegNSectorHOB)
966 return 65536;
967 else
968 return s->uATARegNSectorHOB << 8 | s->uATARegNSector;
969 }
970 else
971 {
972 if (!s->uATARegNSector)
973 return 256;
974 else
975 return s->uATARegNSector;
976 }
977}
978
979
980static void ataPadString(uint8_t *pbDst, const char *pbSrc, uint32_t cbSize)
981{
982 for (uint32_t i = 0; i < cbSize; i++)
983 {
984 if (*pbSrc)
985 pbDst[i ^ 1] = *pbSrc++;
986 else
987 pbDst[i ^ 1] = ' ';
988 }
989}
990
991
992static void ataSCSIPadStr(uint8_t *pbDst, const char *pbSrc, uint32_t cbSize)
993{
994 for (uint32_t i = 0; i < cbSize; i++)
995 {
996 if (*pbSrc)
997 pbDst[i] = *pbSrc++;
998 else
999 pbDst[i] = ' ';
1000 }
1001}
1002
1003
1004DECLINLINE(void) ataH2BE_U16(uint8_t *pbBuf, uint16_t val)
1005{
1006 pbBuf[0] = val >> 8;
1007 pbBuf[1] = val;
1008}
1009
1010
1011DECLINLINE(void) ataH2BE_U24(uint8_t *pbBuf, uint32_t val)
1012{
1013 pbBuf[0] = val >> 16;
1014 pbBuf[1] = val >> 8;
1015 pbBuf[2] = val;
1016}
1017
1018
1019DECLINLINE(void) ataH2BE_U32(uint8_t *pbBuf, uint32_t val)
1020{
1021 pbBuf[0] = val >> 24;
1022 pbBuf[1] = val >> 16;
1023 pbBuf[2] = val >> 8;
1024 pbBuf[3] = val;
1025}
1026
1027
1028DECLINLINE(uint16_t) ataBE2H_U16(const uint8_t *pbBuf)
1029{
1030 return (pbBuf[0] << 8) | pbBuf[1];
1031}
1032
1033
1034DECLINLINE(uint32_t) ataBE2H_U24(const uint8_t *pbBuf)
1035{
1036 return (pbBuf[0] << 16) | (pbBuf[1] << 8) | pbBuf[2];
1037}
1038
1039
1040DECLINLINE(uint32_t) ataBE2H_U32(const uint8_t *pbBuf)
1041{
1042 return (pbBuf[0] << 24) | (pbBuf[1] << 16) | (pbBuf[2] << 8) | pbBuf[3];
1043}
1044
1045
1046DECLINLINE(void) ataLBA2MSF(uint8_t *pbBuf, uint32_t iATAPILBA)
1047{
1048 iATAPILBA += 150;
1049 pbBuf[0] = (iATAPILBA / 75) / 60;
1050 pbBuf[1] = (iATAPILBA / 75) % 60;
1051 pbBuf[2] = iATAPILBA % 75;
1052}
1053
1054
1055DECLINLINE(uint32_t) ataMSF2LBA(const uint8_t *pbBuf)
1056{
1057 return (pbBuf[0] * 60 + pbBuf[1]) * 75 + pbBuf[2];
1058}
1059
1060
1061static void ataCmdOK(ATADevState *s, uint8_t status)
1062{
1063 s->uATARegError = 0; /* Not needed by ATA spec, but cannot hurt. */
1064 ataSetStatusValue(s, ATA_STAT_READY | status);
1065}
1066
1067
1068static void ataCmdError(ATADevState *s, uint8_t uErrorCode)
1069{
1070 Log(("%s: code=%#x\n", __FUNCTION__, uErrorCode));
1071 s->uATARegError = uErrorCode;
1072 ataSetStatusValue(s, ATA_STAT_READY | ATA_STAT_ERR);
1073 s->cbTotalTransfer = 0;
1074 s->cbElementaryTransfer = 0;
1075 s->iIOBufferCur = 0;
1076 s->iIOBufferEnd = 0;
1077 s->uTxDir = PDMBLOCKTXDIR_NONE;
1078 s->iBeginTransfer = ATAFN_BT_NULL;
1079 s->iSourceSink = ATAFN_SS_NULL;
1080}
1081
1082
1083static bool ataIdentifySS(ATADevState *s)
1084{
1085 uint16_t *p;
1086 char aSerial[20];
1087 int rc;
1088 RTUUID Uuid;
1089
1090 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
1091 Assert(s->cbElementaryTransfer == 512);
1092 rc = s->pDrvBlock ? s->pDrvBlock->pfnGetUuid(s->pDrvBlock, &Uuid) : RTUuidClear(&Uuid);
1093 if (RT_FAILURE(rc) || RTUuidIsNull(&Uuid))
1094 {
1095 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
1096 /* Generate a predictable serial for drives which don't have a UUID. */
1097 RTStrPrintf(aSerial, sizeof(aSerial), "VB%x-%04x%04x",
1098 s->iLUN + ATADEVSTATE_2_DEVINS(s)->iInstance * 32,
1099 pCtl->IOPortBase1, pCtl->IOPortBase2);
1100 }
1101 else
1102 RTStrPrintf(aSerial, sizeof(aSerial), "VB%08x-%08x", Uuid.au32[0], Uuid.au32[3]);
1103
1104 p = (uint16_t *)s->CTX_SUFF(pbIOBuffer);
1105 memset(p, 0, 512);
1106 p[0] = RT_H2LE_U16(0x0040);
1107 p[1] = RT_H2LE_U16(RT_MIN(s->PCHSGeometry.cCylinders, 16383));
1108 p[3] = RT_H2LE_U16(s->PCHSGeometry.cHeads);
1109 /* Block size; obsolete, but required for the BIOS. */
1110 p[5] = RT_H2LE_U16(512);
1111 p[6] = RT_H2LE_U16(s->PCHSGeometry.cSectors);
1112 ataPadString((uint8_t *)(p + 10), aSerial, 20); /* serial number */
1113 p[20] = RT_H2LE_U16(3); /* XXX: retired, cache type */
1114 p[21] = RT_H2LE_U16(512); /* XXX: retired, cache size in sectors */
1115 p[22] = RT_H2LE_U16(0); /* ECC bytes per sector */
1116 ataPadString((uint8_t *)(p + 23), "1.0", 8); /* firmware version */
1117 ataPadString((uint8_t *)(p + 27), "VBOX HARDDISK", 40); /* model */
1118#if ATA_MAX_MULT_SECTORS > 1
1119 p[47] = RT_H2LE_U16(0x8000 | ATA_MAX_MULT_SECTORS);
1120#endif
1121 p[48] = RT_H2LE_U16(1); /* dword I/O, used by the BIOS */
1122 p[49] = RT_H2LE_U16(1 << 11 | 1 << 9 | 1 << 8); /* DMA and LBA supported */
1123 p[50] = RT_H2LE_U16(1 << 14); /* No drive specific standby timer minimum */
1124 p[51] = RT_H2LE_U16(240); /* PIO transfer cycle */
1125 p[52] = RT_H2LE_U16(240); /* DMA transfer cycle */
1126 p[53] = RT_H2LE_U16(1 | 1 << 1 | 1 << 2); /* words 54-58,64-70,88 valid */
1127 p[54] = RT_H2LE_U16(RT_MIN(s->PCHSGeometry.cCylinders, 16383));
1128 p[55] = RT_H2LE_U16(s->PCHSGeometry.cHeads);
1129 p[56] = RT_H2LE_U16(s->PCHSGeometry.cSectors);
1130 p[57] = RT_H2LE_U16( RT_MIN(s->PCHSGeometry.cCylinders, 16383)
1131 * s->PCHSGeometry.cHeads
1132 * s->PCHSGeometry.cSectors);
1133 p[58] = RT_H2LE_U16( RT_MIN(s->PCHSGeometry.cCylinders, 16383)
1134 * s->PCHSGeometry.cHeads
1135 * s->PCHSGeometry.cSectors >> 16);
1136 if (s->cMultSectors)
1137 p[59] = RT_H2LE_U16(0x100 | s->cMultSectors);
1138 if (s->cTotalSectors <= (1 << 28) - 1)
1139 {
1140 p[60] = RT_H2LE_U16(s->cTotalSectors);
1141 p[61] = RT_H2LE_U16(s->cTotalSectors >> 16);
1142 }
1143 else
1144 {
1145 /* Report maximum number of sectors possible with LBA28 */
1146 p[60] = RT_H2LE_U16(((1 << 28) - 1) & 0xffff);
1147 p[61] = RT_H2LE_U16(((1 << 28) - 1) >> 16);
1148 }
1149 p[63] = RT_H2LE_U16(ATA_TRANSFER_ID(ATA_MODE_MDMA, ATA_MDMA_MODE_MAX, s->uATATransferMode)); /* MDMA modes supported / mode enabled */
1150 p[64] = RT_H2LE_U16(ATA_PIO_MODE_MAX > 2 ? (1 << (ATA_PIO_MODE_MAX - 2)) - 1 : 0); /* PIO modes beyond PIO2 supported */
1151 p[65] = RT_H2LE_U16(120); /* minimum DMA multiword tx cycle time */
1152 p[66] = RT_H2LE_U16(120); /* recommended DMA multiword tx cycle time */
1153 p[67] = RT_H2LE_U16(120); /* minimum PIO cycle time without flow control */
1154 p[68] = RT_H2LE_U16(120); /* minimum PIO cycle time with IORDY flow control */
1155 p[80] = RT_H2LE_U16(0x7e); /* support everything up to ATA/ATAPI-6 */
1156 p[81] = RT_H2LE_U16(0x22); /* conforms to ATA/ATAPI-6 */
1157 p[82] = RT_H2LE_U16(1 << 3 | 1 << 5 | 1 << 6); /* supports power management, write cache and look-ahead */
1158 if (s->cTotalSectors <= (1 << 28) - 1)
1159 p[83] = RT_H2LE_U16(1 << 14 | 1 << 12); /* supports FLUSH CACHE */
1160 else
1161 p[83] = RT_H2LE_U16(1 << 14 | 1 << 10 | 1 << 12 | 1 << 13); /* supports LBA48, FLUSH CACHE and FLUSH CACHE EXT */
1162 p[84] = RT_H2LE_U16(1 << 14);
1163 p[85] = RT_H2LE_U16(1 << 3 | 1 << 5 | 1 << 6); /* enabled power management, write cache and look-ahead */
1164 if (s->cTotalSectors <= (1 << 28) - 1)
1165 p[86] = RT_H2LE_U16(1 << 12); /* enabled FLUSH CACHE */
1166 else
1167 p[86] = RT_H2LE_U16(1 << 10 | 1 << 12 | 1 << 13); /* enabled LBA48, FLUSH CACHE and FLUSH CACHE EXT */
1168 p[87] = RT_H2LE_U16(1 << 14);
1169 p[88] = RT_H2LE_U16(ATA_TRANSFER_ID(ATA_MODE_UDMA, ATA_UDMA_MODE_MAX, s->uATATransferMode)); /* UDMA modes supported / mode enabled */
1170 p[93] = RT_H2LE_U16((1 | 1 << 1) << ((s->iLUN & 1) == 0 ? 0 : 8) | 1 << 13 | 1 << 14);
1171 if (s->cTotalSectors > (1 << 28) - 1)
1172 {
1173 p[100] = RT_H2LE_U16(s->cTotalSectors);
1174 p[101] = RT_H2LE_U16(s->cTotalSectors >> 16);
1175 p[102] = RT_H2LE_U16(s->cTotalSectors >> 32);
1176 p[103] = RT_H2LE_U16(s->cTotalSectors >> 48);
1177 }
1178 s->iSourceSink = ATAFN_SS_NULL;
1179 ataCmdOK(s, ATA_STAT_SEEK);
1180 return false;
1181}
1182
1183
1184static bool ataFlushSS(ATADevState *s)
1185{
1186 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
1187 int rc;
1188
1189 Assert(s->uTxDir == PDMBLOCKTXDIR_NONE);
1190 Assert(!s->cbElementaryTransfer);
1191
1192 PDMCritSectLeave(&pCtl->lock);
1193
1194 STAM_PROFILE_START(&s->StatFlushes, f);
1195 rc = s->pDrvBlock->pfnFlush(s->pDrvBlock);
1196 AssertRC(rc);
1197 STAM_PROFILE_STOP(&s->StatFlushes, f);
1198
1199 STAM_PROFILE_START(&pCtl->StatLockWait, a);
1200 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
1201 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
1202 ataCmdOK(s, 0);
1203 return false;
1204}
1205
1206
1207static bool atapiIdentifySS(ATADevState *s)
1208{
1209 uint16_t *p;
1210 char aSerial[20];
1211 RTUUID Uuid;
1212 int rc;
1213
1214 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
1215 Assert(s->cbElementaryTransfer == 512);
1216 rc = s->pDrvBlock ? s->pDrvBlock->pfnGetUuid(s->pDrvBlock, &Uuid) : RTUuidClear(&Uuid);
1217 if (RT_FAILURE(rc) || RTUuidIsNull(&Uuid))
1218 {
1219 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
1220 /* Generate a predictable serial for drives which don't have a UUID. */
1221 RTStrPrintf(aSerial, sizeof(aSerial), "VB%x-%04x%04x",
1222 s->iLUN + ATADEVSTATE_2_DEVINS(s)->iInstance * 32,
1223 pCtl->IOPortBase1, pCtl->IOPortBase2);
1224 }
1225 else
1226 RTStrPrintf(aSerial, sizeof(aSerial), "VB%08x-%08x", Uuid.au32[0], Uuid.au32[3]);
1227
1228 p = (uint16_t *)s->CTX_SUFF(pbIOBuffer);
1229 memset(p, 0, 512);
1230 /* Removable CDROM, 50us response, 12 byte packets */
1231 p[0] = RT_H2LE_U16(2 << 14 | 5 << 8 | 1 << 7 | 2 << 5 | 0 << 0);
1232 ataPadString((uint8_t *)(p + 10), aSerial, 20); /* serial number */
1233 p[20] = RT_H2LE_U16(3); /* XXX: retired, cache type */
1234 p[21] = RT_H2LE_U16(512); /* XXX: retired, cache size in sectors */
1235 ataPadString((uint8_t *)(p + 23), "1.0", 8); /* firmware version */
1236 ataPadString((uint8_t *)(p + 27), "VBOX CD-ROM", 40); /* model */
1237 p[49] = RT_H2LE_U16(1 << 11 | 1 << 9 | 1 << 8); /* DMA and LBA supported */
1238 p[50] = RT_H2LE_U16(1 << 14); /* No drive specific standby timer minimum */
1239 p[51] = RT_H2LE_U16(240); /* PIO transfer cycle */
1240 p[52] = RT_H2LE_U16(240); /* DMA transfer cycle */
1241 p[53] = RT_H2LE_U16(1 << 1 | 1 << 2); /* words 64-70,88 are valid */
1242 p[63] = RT_H2LE_U16(ATA_TRANSFER_ID(ATA_MODE_MDMA, ATA_MDMA_MODE_MAX, s->uATATransferMode)); /* MDMA modes supported / mode enabled */
1243 p[64] = RT_H2LE_U16(ATA_PIO_MODE_MAX > 2 ? (1 << (ATA_PIO_MODE_MAX - 2)) - 1 : 0); /* PIO modes beyond PIO2 supported */
1244 p[65] = RT_H2LE_U16(120); /* minimum DMA multiword tx cycle time */
1245 p[66] = RT_H2LE_U16(120); /* recommended DMA multiword tx cycle time */
1246 p[67] = RT_H2LE_U16(120); /* minimum PIO cycle time without flow control */
1247 p[68] = RT_H2LE_U16(120); /* minimum PIO cycle time with IORDY flow control */
1248 p[73] = RT_H2LE_U16(0x003e); /* ATAPI CDROM major */
1249 p[74] = RT_H2LE_U16(9); /* ATAPI CDROM minor */
1250 p[75] = RT_H2LE_U16(1); /* queue depth 1 */
1251 p[80] = RT_H2LE_U16(0x7e); /* support everything up to ATA/ATAPI-6 */
1252 p[81] = RT_H2LE_U16(0x22); /* conforms to ATA/ATAPI-6 */
1253 p[82] = RT_H2LE_U16(1 << 4 | 1 << 9); /* supports packet command set and DEVICE RESET */
1254 p[83] = RT_H2LE_U16(1 << 14);
1255 p[84] = RT_H2LE_U16(1 << 14);
1256 p[85] = RT_H2LE_U16(1 << 4 | 1 << 9); /* enabled packet command set and DEVICE RESET */
1257 p[86] = RT_H2LE_U16(0);
1258 p[87] = RT_H2LE_U16(1 << 14);
1259 p[88] = RT_H2LE_U16(ATA_TRANSFER_ID(ATA_MODE_UDMA, ATA_UDMA_MODE_MAX, s->uATATransferMode)); /* UDMA modes supported / mode enabled */
1260 p[93] = RT_H2LE_U16((1 | 1 << 1) << ((s->iLUN & 1) == 0 ? 0 : 8) | 1 << 13 | 1 << 14);
1261 s->iSourceSink = ATAFN_SS_NULL;
1262 ataCmdOK(s, ATA_STAT_SEEK);
1263 return false;
1264}
1265
1266
1267static void ataSetSignature(ATADevState *s)
1268{
1269 s->uATARegSelect &= 0xf0; /* clear head */
1270 /* put signature */
1271 s->uATARegNSector = 1;
1272 s->uATARegSector = 1;
1273 if (s->fATAPI)
1274 {
1275 s->uATARegLCyl = 0x14;
1276 s->uATARegHCyl = 0xeb;
1277 }
1278 else if (s->pDrvBlock)
1279 {
1280 s->uATARegLCyl = 0;
1281 s->uATARegHCyl = 0;
1282 }
1283 else
1284 {
1285 s->uATARegLCyl = 0xff;
1286 s->uATARegHCyl = 0xff;
1287 }
1288}
1289
1290
1291static uint64_t ataGetSector(ATADevState *s)
1292{
1293 uint64_t iLBA;
1294 if (s->uATARegSelect & 0x40)
1295 {
1296 /* any LBA variant */
1297 if (s->fLBA48)
1298 {
1299 /* LBA48 */
1300 iLBA = ((uint64_t)s->uATARegHCylHOB << 40) |
1301 ((uint64_t)s->uATARegLCylHOB << 32) |
1302 ((uint64_t)s->uATARegSectorHOB << 24) |
1303 ((uint64_t)s->uATARegHCyl << 16) |
1304 ((uint64_t)s->uATARegLCyl << 8) |
1305 s->uATARegSector;
1306 }
1307 else
1308 {
1309 /* LBA */
1310 iLBA = ((s->uATARegSelect & 0x0f) << 24) | (s->uATARegHCyl << 16) |
1311 (s->uATARegLCyl << 8) | s->uATARegSector;
1312 }
1313 }
1314 else
1315 {
1316 /* CHS */
1317 iLBA = ((s->uATARegHCyl << 8) | s->uATARegLCyl) * s->PCHSGeometry.cHeads * s->PCHSGeometry.cSectors +
1318 (s->uATARegSelect & 0x0f) * s->PCHSGeometry.cSectors +
1319 (s->uATARegSector - 1);
1320 }
1321 return iLBA;
1322}
1323
1324static void ataSetSector(ATADevState *s, uint64_t iLBA)
1325{
1326 uint32_t cyl, r;
1327 if (s->uATARegSelect & 0x40)
1328 {
1329 /* any LBA variant */
1330 if (s->fLBA48)
1331 {
1332 /* LBA48 */
1333 s->uATARegHCylHOB = iLBA >> 40;
1334 s->uATARegLCylHOB = iLBA >> 32;
1335 s->uATARegSectorHOB = iLBA >> 24;
1336 s->uATARegHCyl = iLBA >> 16;
1337 s->uATARegLCyl = iLBA >> 8;
1338 s->uATARegSector = iLBA;
1339 }
1340 else
1341 {
1342 /* LBA */
1343 s->uATARegSelect = (s->uATARegSelect & 0xf0) | (iLBA >> 24);
1344 s->uATARegHCyl = (iLBA >> 16);
1345 s->uATARegLCyl = (iLBA >> 8);
1346 s->uATARegSector = (iLBA);
1347 }
1348 }
1349 else
1350 {
1351 /* CHS */
1352 cyl = iLBA / (s->PCHSGeometry.cHeads * s->PCHSGeometry.cSectors);
1353 r = iLBA % (s->PCHSGeometry.cHeads * s->PCHSGeometry.cSectors);
1354 s->uATARegHCyl = cyl >> 8;
1355 s->uATARegLCyl = cyl;
1356 s->uATARegSelect = (s->uATARegSelect & 0xf0) | ((r / s->PCHSGeometry.cSectors) & 0x0f);
1357 s->uATARegSector = (r % s->PCHSGeometry.cSectors) + 1;
1358 }
1359}
1360
1361
1362static int ataReadSectors(ATADevState *s, uint64_t u64Sector, void *pvBuf, uint32_t cSectors)
1363{
1364 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
1365 int rc;
1366
1367 PDMCritSectLeave(&pCtl->lock);
1368
1369 STAM_PROFILE_ADV_START(&s->StatReads, r);
1370 s->Led.Asserted.s.fReading = s->Led.Actual.s.fReading = 1;
1371 rc = s->pDrvBlock->pfnRead(s->pDrvBlock, u64Sector * 512, pvBuf, cSectors * 512);
1372 s->Led.Actual.s.fReading = 0;
1373 STAM_PROFILE_ADV_STOP(&s->StatReads, r);
1374
1375 STAM_REL_COUNTER_ADD(&s->StatBytesRead, cSectors * 512);
1376
1377 STAM_PROFILE_START(&pCtl->StatLockWait, a);
1378 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
1379 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
1380 return rc;
1381}
1382
1383
1384static int ataWriteSectors(ATADevState *s, uint64_t u64Sector, const void *pvBuf, uint32_t cSectors)
1385{
1386 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
1387 int rc;
1388
1389 PDMCritSectLeave(&pCtl->lock);
1390
1391 STAM_PROFILE_ADV_START(&s->StatWrites, w);
1392 s->Led.Asserted.s.fWriting = s->Led.Actual.s.fWriting = 1;
1393#ifdef VBOX_INSTRUMENT_DMA_WRITES
1394 if (s->fDMA)
1395 STAM_PROFILE_ADV_START(&s->StatInstrVDWrites, vw);
1396#endif
1397 rc = s->pDrvBlock->pfnWrite(s->pDrvBlock, u64Sector * 512, pvBuf, cSectors * 512);
1398#ifdef VBOX_INSTRUMENT_DMA_WRITES
1399 if (s->fDMA)
1400 STAM_PROFILE_ADV_STOP(&s->StatInstrVDWrites, vw);
1401#endif
1402 s->Led.Actual.s.fWriting = 0;
1403 STAM_PROFILE_ADV_STOP(&s->StatWrites, w);
1404
1405 STAM_REL_COUNTER_ADD(&s->StatBytesWritten, cSectors * 512);
1406
1407 STAM_PROFILE_START(&pCtl->StatLockWait, a);
1408 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
1409 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
1410 return rc;
1411}
1412
1413
1414static void ataReadWriteSectorsBT(ATADevState *s)
1415{
1416 uint32_t cSectors;
1417
1418 cSectors = s->cbTotalTransfer / 512;
1419 if (cSectors > s->cSectorsPerIRQ)
1420 s->cbElementaryTransfer = s->cSectorsPerIRQ * 512;
1421 else
1422 s->cbElementaryTransfer = cSectors * 512;
1423 if (s->uTxDir == PDMBLOCKTXDIR_TO_DEVICE)
1424 ataCmdOK(s, 0);
1425}
1426
1427
1428static void ataWarningDiskFull(PPDMDEVINS pDevIns)
1429{
1430 int rc;
1431 LogRel(("PIIX3 ATA: Host disk full\n"));
1432 rc = VMSetRuntimeError(PDMDevHlpGetVM(pDevIns),
1433 false, "DevATA_DISKFULL",
1434 N_("Host system reported disk full. VM execution is suspended. You can resume after freeing some space"));
1435 AssertRC(rc);
1436}
1437
1438
1439static void ataWarningFileTooBig(PPDMDEVINS pDevIns)
1440{
1441 int rc;
1442 LogRel(("PIIX3 ATA: File too big\n"));
1443 rc = VMSetRuntimeError(PDMDevHlpGetVM(pDevIns),
1444 false, "DevATA_FILETOOBIG",
1445 N_("Host system reported that the file size limit of the host file system has been exceeded. VM execution is suspended. You need to move your virtual hard disk to a filesystem which allows bigger files"));
1446 AssertRC(rc);
1447}
1448
1449
1450static void ataWarningISCSI(PPDMDEVINS pDevIns)
1451{
1452 int rc;
1453 LogRel(("PIIX3 ATA: iSCSI target unavailable\n"));
1454 rc = VMSetRuntimeError(PDMDevHlpGetVM(pDevIns),
1455 false, "DevATA_ISCSIDOWN",
1456 N_("The iSCSI target has stopped responding. VM execution is suspended. You can resume when it is available again"));
1457 AssertRC(rc);
1458}
1459
1460
1461static bool ataReadSectorsSS(ATADevState *s)
1462{
1463 int rc;
1464 uint32_t cSectors;
1465 uint64_t iLBA;
1466
1467 cSectors = s->cbElementaryTransfer / 512;
1468 Assert(cSectors);
1469 iLBA = ataGetSector(s);
1470 Log(("%s: %d sectors at LBA %d\n", __FUNCTION__, cSectors, iLBA));
1471 rc = ataReadSectors(s, iLBA, s->CTX_SUFF(pbIOBuffer), cSectors);
1472 if (RT_SUCCESS(rc))
1473 {
1474 ataSetSector(s, iLBA + cSectors);
1475 if (s->cbElementaryTransfer == s->cbTotalTransfer)
1476 s->iSourceSink = ATAFN_SS_NULL;
1477 ataCmdOK(s, ATA_STAT_SEEK);
1478 }
1479 else
1480 {
1481 if (rc == VERR_DISK_FULL)
1482 {
1483 ataWarningDiskFull(ATADEVSTATE_2_DEVINS(s));
1484 return true;
1485 }
1486 if (rc == VERR_FILE_TOO_BIG)
1487 {
1488 ataWarningFileTooBig(ATADEVSTATE_2_DEVINS(s));
1489 return true;
1490 }
1491 if (rc == VERR_BROKEN_PIPE || rc == VERR_NET_CONNECTION_REFUSED)
1492 {
1493 /* iSCSI connection abort (first error) or failure to reestablish
1494 * connection (second error). Pause VM. On resume we'll retry. */
1495 ataWarningISCSI(ATADEVSTATE_2_DEVINS(s));
1496 return true;
1497 }
1498 if (s->cErrors++ < MAX_LOG_REL_ERRORS)
1499 LogRel(("PIIX3 ATA: LUN#%d: disk read error (rc=%Rrc iSector=%#RX64 cSectors=%#RX32)\n",
1500 s->iLUN, rc, iLBA, cSectors));
1501 ataCmdError(s, ID_ERR);
1502 }
1503 /** @todo implement redo for iSCSI */
1504 return false;
1505}
1506
1507
1508static bool ataWriteSectorsSS(ATADevState *s)
1509{
1510 int rc;
1511 uint32_t cSectors;
1512 uint64_t iLBA;
1513
1514 cSectors = s->cbElementaryTransfer / 512;
1515 Assert(cSectors);
1516 iLBA = ataGetSector(s);
1517 Log(("%s: %d sectors at LBA %d\n", __FUNCTION__, cSectors, iLBA));
1518 rc = ataWriteSectors(s, iLBA, s->CTX_SUFF(pbIOBuffer), cSectors);
1519 if (RT_SUCCESS(rc))
1520 {
1521 ataSetSector(s, iLBA + cSectors);
1522 if (!s->cbTotalTransfer)
1523 s->iSourceSink = ATAFN_SS_NULL;
1524 ataCmdOK(s, ATA_STAT_SEEK);
1525 }
1526 else
1527 {
1528 if (rc == VERR_DISK_FULL)
1529 {
1530 ataWarningDiskFull(ATADEVSTATE_2_DEVINS(s));
1531 return true;
1532 }
1533 if (rc == VERR_FILE_TOO_BIG)
1534 {
1535 ataWarningFileTooBig(ATADEVSTATE_2_DEVINS(s));
1536 return true;
1537 }
1538 if (rc == VERR_BROKEN_PIPE || rc == VERR_NET_CONNECTION_REFUSED)
1539 {
1540 /* iSCSI connection abort (first error) or failure to reestablish
1541 * connection (second error). Pause VM. On resume we'll retry. */
1542 ataWarningISCSI(ATADEVSTATE_2_DEVINS(s));
1543 return true;
1544 }
1545 if (s->cErrors++ < MAX_LOG_REL_ERRORS)
1546 LogRel(("PIIX3 ATA: LUN#%d: disk write error (rc=%Rrc iSector=%#RX64 cSectors=%#RX32)\n",
1547 s->iLUN, rc, iLBA, cSectors));
1548 ataCmdError(s, ID_ERR);
1549 }
1550 /** @todo implement redo for iSCSI */
1551 return false;
1552}
1553
1554
1555static void atapiCmdOK(ATADevState *s)
1556{
1557 s->uATARegError = 0;
1558 ataSetStatusValue(s, ATA_STAT_READY);
1559 s->uATARegNSector = (s->uATARegNSector & ~7)
1560 | ((s->uTxDir != PDMBLOCKTXDIR_TO_DEVICE) ? ATAPI_INT_REASON_IO : 0)
1561 | (!s->cbTotalTransfer ? ATAPI_INT_REASON_CD : 0);
1562 Log2(("%s: interrupt reason %#04x\n", __FUNCTION__, s->uATARegNSector));
1563
1564 memset(s->abATAPISense, '\0', sizeof(s->abATAPISense));
1565 s->abATAPISense[0] = 0x70 | (1 << 7);
1566 s->abATAPISense[7] = 10;
1567}
1568
1569
1570static void atapiCmdError(ATADevState *s, const uint8_t *pabATAPISense, size_t cbATAPISense)
1571{
1572 Log(("%s: sense=%#x (%s) asc=%#x ascq=%#x (%s)\n", __FUNCTION__, pabATAPISense[2] & 0x0f, SCSISenseText(pabATAPISense[2] & 0x0f),
1573 pabATAPISense[12], pabATAPISense[13], SCSISenseExtText(pabATAPISense[12], pabATAPISense[13])));
1574 s->uATARegError = pabATAPISense[2] << 4;
1575 ataSetStatusValue(s, ATA_STAT_READY | ATA_STAT_ERR);
1576 s->uATARegNSector = (s->uATARegNSector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
1577 Log2(("%s: interrupt reason %#04x\n", __FUNCTION__, s->uATARegNSector));
1578 memset(s->abATAPISense, '\0', sizeof(s->abATAPISense));
1579 memcpy(s->abATAPISense, pabATAPISense, RT_MIN(cbATAPISense, sizeof(s->abATAPISense)));
1580 s->cbTotalTransfer = 0;
1581 s->cbElementaryTransfer = 0;
1582 s->iIOBufferCur = 0;
1583 s->iIOBufferEnd = 0;
1584 s->uTxDir = PDMBLOCKTXDIR_NONE;
1585 s->iBeginTransfer = ATAFN_BT_NULL;
1586 s->iSourceSink = ATAFN_SS_NULL;
1587}
1588
1589
1590/** @todo deprecated function - doesn't provide enough info. Replace by direct
1591 * calls to atapiCmdError() with full data. */
1592static void atapiCmdErrorSimple(ATADevState *s, uint8_t uATAPISenseKey, uint8_t uATAPIASC)
1593{
1594 uint8_t abATAPISense[ATAPI_SENSE_SIZE];
1595 memset(abATAPISense, '\0', sizeof(abATAPISense));
1596 abATAPISense[0] = 0x70 | (1 << 7);
1597 abATAPISense[2] = uATAPISenseKey & 0x0f;
1598 abATAPISense[7] = 10;
1599 abATAPISense[12] = uATAPIASC;
1600 atapiCmdError(s, abATAPISense, sizeof(abATAPISense));
1601}
1602
1603
1604static void atapiCmdBT(ATADevState *s)
1605{
1606 s->fATAPITransfer = true;
1607 s->cbElementaryTransfer = s->cbTotalTransfer;
1608 if (s->uTxDir == PDMBLOCKTXDIR_TO_DEVICE)
1609 atapiCmdOK(s);
1610}
1611
1612
1613static void atapiPassthroughCmdBT(ATADevState *s)
1614{
1615 /* @todo implement an algorithm for correctly determining the read and
1616 * write sector size without sending additional commands to the drive.
1617 * This should be doable by saving processing the configuration requests
1618 * and replies. */
1619#if 0
1620 if (s->uTxDir == PDMBLOCKTXDIR_TO_DEVICE)
1621 {
1622 uint8_t cmd = s->aATAPICmd[0];
1623 if (cmd == SCSI_WRITE_10 || cmd == SCSI_WRITE_12 || cmd == SCSI_WRITE_AND_VERIFY_10)
1624 {
1625 uint8_t aModeSenseCmd[10];
1626 uint8_t aModeSenseResult[16];
1627 uint8_t uDummySense;
1628 uint32_t cbTransfer;
1629 int rc;
1630
1631 cbTransfer = sizeof(aModeSenseResult);
1632 aModeSenseCmd[0] = SCSI_MODE_SENSE_10;
1633 aModeSenseCmd[1] = 0x08; /* disable block descriptor = 1 */
1634 aModeSenseCmd[2] = (SCSI_PAGECONTROL_CURRENT << 6) | SCSI_MODEPAGE_WRITE_PARAMETER;
1635 aModeSenseCmd[3] = 0; /* subpage code */
1636 aModeSenseCmd[4] = 0; /* reserved */
1637 aModeSenseCmd[5] = 0; /* reserved */
1638 aModeSenseCmd[6] = 0; /* reserved */
1639 aModeSenseCmd[7] = cbTransfer >> 8;
1640 aModeSenseCmd[8] = cbTransfer & 0xff;
1641 aModeSenseCmd[9] = 0; /* control */
1642 rc = s->pDrvBlock->pfnSendCmd(s->pDrvBlock, aModeSenseCmd, PDMBLOCKTXDIR_FROM_DEVICE, aModeSenseResult, &cbTransfer, &uDummySense, 500);
1643 if (RT_FAILURE(rc))
1644 {
1645 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_NONE);
1646 return;
1647 }
1648 /* Select sector size based on the current data block type. */
1649 switch (aModeSenseResult[12] & 0x0f)
1650 {
1651 case 0:
1652 s->cbATAPISector = 2352;
1653 break;
1654 case 1:
1655 s->cbATAPISector = 2368;
1656 break;
1657 case 2:
1658 case 3:
1659 s->cbATAPISector = 2448;
1660 break;
1661 case 8:
1662 case 10:
1663 s->cbATAPISector = 2048;
1664 break;
1665 case 9:
1666 s->cbATAPISector = 2336;
1667 break;
1668 case 11:
1669 s->cbATAPISector = 2056;
1670 break;
1671 case 12:
1672 s->cbATAPISector = 2324;
1673 break;
1674 case 13:
1675 s->cbATAPISector = 2332;
1676 break;
1677 default:
1678 s->cbATAPISector = 0;
1679 }
1680 Log2(("%s: sector size %d\n", __FUNCTION__, s->cbATAPISector));
1681 s->cbTotalTransfer *= s->cbATAPISector;
1682 if (s->cbTotalTransfer == 0)
1683 s->uTxDir = PDMBLOCKTXDIR_NONE;
1684 }
1685 }
1686#endif
1687 atapiCmdBT(s);
1688}
1689
1690
1691static bool atapiReadSS(ATADevState *s)
1692{
1693 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
1694 int rc = VINF_SUCCESS;
1695 uint32_t cbTransfer, cSectors;
1696
1697 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
1698 cbTransfer = RT_MIN(s->cbTotalTransfer, s->cbIOBuffer);
1699 cSectors = cbTransfer / s->cbATAPISector;
1700 Assert(cSectors * s->cbATAPISector <= cbTransfer);
1701 Log(("%s: %d sectors at LBA %d\n", __FUNCTION__, cSectors, s->iATAPILBA));
1702
1703 PDMCritSectLeave(&pCtl->lock);
1704
1705 STAM_PROFILE_ADV_START(&s->StatReads, r);
1706 s->Led.Asserted.s.fReading = s->Led.Actual.s.fReading = 1;
1707 switch (s->cbATAPISector)
1708 {
1709 case 2048:
1710 rc = s->pDrvBlock->pfnRead(s->pDrvBlock, (uint64_t)s->iATAPILBA * s->cbATAPISector, s->CTX_SUFF(pbIOBuffer), s->cbATAPISector * cSectors);
1711 break;
1712 case 2352:
1713 {
1714 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
1715
1716 for (uint32_t i = s->iATAPILBA; i < s->iATAPILBA + cSectors; i++)
1717 {
1718 /* sync bytes */
1719 *pbBuf++ = 0x00;
1720 memset(pbBuf, 0xff, 11);
1721 pbBuf += 11;
1722 /* MSF */
1723 ataLBA2MSF(pbBuf, i);
1724 pbBuf += 3;
1725 *pbBuf++ = 0x01; /* mode 1 data */
1726 /* data */
1727 rc = s->pDrvBlock->pfnRead(s->pDrvBlock, (uint64_t)i * 2048, pbBuf, 2048);
1728 if (RT_FAILURE(rc))
1729 break;
1730 pbBuf += 2048;
1731 /* ECC */
1732 memset(pbBuf, 0, 288);
1733 pbBuf += 288;
1734 }
1735 }
1736 break;
1737 default:
1738 break;
1739 }
1740 STAM_PROFILE_ADV_STOP(&s->StatReads, r);
1741
1742 STAM_PROFILE_START(&pCtl->StatLockWait, a);
1743 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
1744 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
1745
1746 if (RT_SUCCESS(rc))
1747 {
1748 s->Led.Actual.s.fReading = 0;
1749 STAM_REL_COUNTER_ADD(&s->StatBytesRead, s->cbATAPISector * cSectors);
1750
1751 /* The initial buffer end value has been set up based on the total
1752 * transfer size. But the I/O buffer size limits what can actually be
1753 * done in one transfer, so set the actual value of the buffer end. */
1754 s->cbElementaryTransfer = cbTransfer;
1755 if (cbTransfer >= s->cbTotalTransfer)
1756 s->iSourceSink = ATAFN_SS_NULL;
1757 atapiCmdOK(s);
1758 s->iATAPILBA += cSectors;
1759 }
1760 else
1761 {
1762 if (s->cErrors++ < MAX_LOG_REL_ERRORS)
1763 LogRel(("PIIX3 ATA: LUN#%d: CD-ROM read error, %d sectors at LBA %d\n", s->iLUN, cSectors, s->iATAPILBA));
1764 atapiCmdErrorSimple(s, SCSI_SENSE_MEDIUM_ERROR, SCSI_ASC_READ_ERROR);
1765 }
1766 return false;
1767}
1768
1769
1770static bool atapiPassthroughSS(ATADevState *s)
1771{
1772 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
1773 int rc = VINF_SUCCESS;
1774 uint8_t abATAPISense[ATAPI_SENSE_SIZE];
1775 size_t cbTransfer;
1776 PSTAMPROFILEADV pProf = NULL;
1777
1778 cbTransfer = s->cbElementaryTransfer;
1779
1780 if (s->uTxDir == PDMBLOCKTXDIR_TO_DEVICE)
1781 Log3(("ATAPI PT data write (%d): %.*Rhxs\n", cbTransfer, cbTransfer, s->CTX_SUFF(pbIOBuffer)));
1782
1783 /* Simple heuristics: if there is at least one sector of data
1784 * to transfer, it's worth updating the LEDs. */
1785 if (cbTransfer >= 2048)
1786 {
1787 if (s->uTxDir != PDMBLOCKTXDIR_TO_DEVICE)
1788 {
1789 s->Led.Asserted.s.fReading = s->Led.Actual.s.fReading = 1;
1790 pProf = &s->StatReads;
1791 }
1792 else
1793 {
1794 s->Led.Asserted.s.fWriting = s->Led.Actual.s.fWriting = 1;
1795 pProf = &s->StatWrites;
1796 }
1797 }
1798
1799 PDMCritSectLeave(&pCtl->lock);
1800
1801 if (pProf) { STAM_PROFILE_ADV_START(pProf, b); }
1802 if (cbTransfer > 100 * _1K)
1803 {
1804 /* Linux accepts commands with up to 100KB of data, but expects
1805 * us to handle commands with up to 128KB of data. The usual
1806 * imbalance of powers. */
1807 uint8_t aATAPICmd[ATAPI_PACKET_SIZE];
1808 uint32_t iATAPILBA, cSectors, cReqSectors;
1809 size_t cbCurrTX;
1810 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
1811
1812 switch (s->aATAPICmd[0])
1813 {
1814 case SCSI_READ_10:
1815 case SCSI_WRITE_10:
1816 case SCSI_WRITE_AND_VERIFY_10:
1817 iATAPILBA = ataBE2H_U32(s->aATAPICmd + 2);
1818 cSectors = ataBE2H_U16(s->aATAPICmd + 7);
1819 break;
1820 case SCSI_READ_12:
1821 case SCSI_WRITE_12:
1822 iATAPILBA = ataBE2H_U32(s->aATAPICmd + 2);
1823 cSectors = ataBE2H_U32(s->aATAPICmd + 6);
1824 break;
1825 case SCSI_READ_CD:
1826 iATAPILBA = ataBE2H_U32(s->aATAPICmd + 2);
1827 cSectors = ataBE2H_U24(s->aATAPICmd + 6) / s->cbATAPISector;
1828 break;
1829 case SCSI_READ_CD_MSF:
1830 iATAPILBA = ataMSF2LBA(s->aATAPICmd + 3);
1831 cSectors = ataMSF2LBA(s->aATAPICmd + 6) - iATAPILBA;
1832 break;
1833 default:
1834 AssertMsgFailed(("Don't know how to split command %#04x\n", s->aATAPICmd[0]));
1835 if (s->cErrors++ < MAX_LOG_REL_ERRORS)
1836 LogRel(("PIIX3 ATA: LUN#%d: CD-ROM passthrough split error\n", s->iLUN));
1837 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_ILLEGAL_OPCODE);
1838 {
1839 STAM_PROFILE_START(&pCtl->StatLockWait, a);
1840 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
1841 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
1842 }
1843 return false;
1844 }
1845 memcpy(aATAPICmd, s->aATAPICmd, ATAPI_PACKET_SIZE);
1846 cReqSectors = 0;
1847 for (uint32_t i = cSectors; i > 0; i -= cReqSectors)
1848 {
1849 if (i * s->cbATAPISector > 100 * _1K)
1850 cReqSectors = (100 * _1K) / s->cbATAPISector;
1851 else
1852 cReqSectors = i;
1853 cbCurrTX = s->cbATAPISector * cReqSectors;
1854 switch (s->aATAPICmd[0])
1855 {
1856 case SCSI_READ_10:
1857 case SCSI_WRITE_10:
1858 case SCSI_WRITE_AND_VERIFY_10:
1859 ataH2BE_U32(aATAPICmd + 2, iATAPILBA);
1860 ataH2BE_U16(aATAPICmd + 7, cReqSectors);
1861 break;
1862 case SCSI_READ_12:
1863 case SCSI_WRITE_12:
1864 ataH2BE_U32(aATAPICmd + 2, iATAPILBA);
1865 ataH2BE_U32(aATAPICmd + 6, cReqSectors);
1866 break;
1867 case SCSI_READ_CD:
1868 ataH2BE_U32(s->aATAPICmd + 2, iATAPILBA);
1869 ataH2BE_U24(s->aATAPICmd + 6, cbCurrTX);
1870 break;
1871 case SCSI_READ_CD_MSF:
1872 ataLBA2MSF(aATAPICmd + 3, iATAPILBA);
1873 ataLBA2MSF(aATAPICmd + 6, iATAPILBA + cReqSectors);
1874 break;
1875 }
1876 rc = s->pDrvBlock->pfnSendCmd(s->pDrvBlock, aATAPICmd, (PDMBLOCKTXDIR)s->uTxDir, pbBuf, &cbCurrTX, abATAPISense, sizeof(abATAPISense), 30000 /**< @todo timeout */);
1877 if (rc != VINF_SUCCESS)
1878 break;
1879 iATAPILBA += cReqSectors;
1880 pbBuf += s->cbATAPISector * cReqSectors;
1881 }
1882 }
1883 else
1884 rc = s->pDrvBlock->pfnSendCmd(s->pDrvBlock, s->aATAPICmd, (PDMBLOCKTXDIR)s->uTxDir, s->CTX_SUFF(pbIOBuffer), &cbTransfer, abATAPISense, sizeof(abATAPISense), 30000 /**< @todo timeout */);
1885 if (pProf) { STAM_PROFILE_ADV_STOP(pProf, b); }
1886
1887 STAM_PROFILE_START(&pCtl->StatLockWait, a);
1888 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
1889 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
1890
1891 /* Update the LEDs and the read/write statistics. */
1892 if (cbTransfer >= 2048)
1893 {
1894 if (s->uTxDir != PDMBLOCKTXDIR_TO_DEVICE)
1895 {
1896 s->Led.Actual.s.fReading = 0;
1897 STAM_REL_COUNTER_ADD(&s->StatBytesRead, cbTransfer);
1898 }
1899 else
1900 {
1901 s->Led.Actual.s.fWriting = 0;
1902 STAM_REL_COUNTER_ADD(&s->StatBytesWritten, cbTransfer);
1903 }
1904 }
1905
1906 if (RT_SUCCESS(rc))
1907 {
1908 if (s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE)
1909 {
1910 Assert(cbTransfer <= s->cbTotalTransfer);
1911 /* Reply with the same amount of data as the real drive. */
1912 s->cbTotalTransfer = cbTransfer;
1913 /* The initial buffer end value has been set up based on the total
1914 * transfer size. But the I/O buffer size limits what can actually be
1915 * done in one transfer, so set the actual value of the buffer end. */
1916 s->cbElementaryTransfer = cbTransfer;
1917 if (s->aATAPICmd[0] == SCSI_INQUIRY)
1918 {
1919 /* Make sure that the real drive cannot be identified.
1920 * Motivation: changing the VM configuration should be as
1921 * invisible as possible to the guest. */
1922 Log3(("ATAPI PT inquiry data before (%d): %.*Rhxs\n", cbTransfer, cbTransfer, s->CTX_SUFF(pbIOBuffer)));
1923 ataSCSIPadStr(s->CTX_SUFF(pbIOBuffer) + 8, "VBOX", 8);
1924 ataSCSIPadStr(s->CTX_SUFF(pbIOBuffer) + 16, "CD-ROM", 16);
1925 ataSCSIPadStr(s->CTX_SUFF(pbIOBuffer) + 32, "1.0", 4);
1926 }
1927 if (cbTransfer)
1928 Log3(("ATAPI PT data read (%d): %.*Rhxs\n", cbTransfer, cbTransfer, s->CTX_SUFF(pbIOBuffer)));
1929 }
1930 s->iSourceSink = ATAFN_SS_NULL;
1931 atapiCmdOK(s);
1932 }
1933 else
1934 {
1935 if (s->cErrors < MAX_LOG_REL_ERRORS)
1936 {
1937 uint8_t u8Cmd = s->aATAPICmd[0];
1938 do
1939 {
1940 /* don't log superflous errors */
1941 if ( rc == VERR_DEV_IO_ERROR
1942 && ( u8Cmd == SCSI_TEST_UNIT_READY
1943 || u8Cmd == SCSI_READ_CAPACITY
1944 || u8Cmd == SCSI_READ_DVD_STRUCTURE
1945 || u8Cmd == SCSI_READ_TOC_PMA_ATIP))
1946 break;
1947 s->cErrors++;
1948 LogRel(("PIIX3 ATA: LUN#%d: CD-ROM passthrough cmd=%#04x sense=%d ASC=%#02x ASCQ=%#02x %Rrc\n",
1949 s->iLUN, u8Cmd, abATAPISense[2] & 0x0f, abATAPISense[12], abATAPISense[13], rc));
1950 } while (0);
1951 }
1952 atapiCmdError(s, abATAPISense, sizeof(abATAPISense));
1953 }
1954 return false;
1955}
1956
1957
1958static bool atapiReadSectors(ATADevState *s, uint32_t iATAPILBA, uint32_t cSectors, uint32_t cbSector)
1959{
1960 Assert(cSectors > 0);
1961 s->iATAPILBA = iATAPILBA;
1962 s->cbATAPISector = cbSector;
1963 ataStartTransfer(s, cSectors * cbSector, PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_READ, true);
1964 return false;
1965}
1966
1967
1968static bool atapiReadCapacitySS(ATADevState *s)
1969{
1970 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
1971
1972 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
1973 Assert(s->cbElementaryTransfer <= 8);
1974 ataH2BE_U32(pbBuf, s->cTotalSectors - 1);
1975 ataH2BE_U32(pbBuf + 4, 2048);
1976 s->iSourceSink = ATAFN_SS_NULL;
1977 atapiCmdOK(s);
1978 return false;
1979}
1980
1981
1982static bool atapiReadDiscInformationSS(ATADevState *s)
1983{
1984 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
1985
1986 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
1987 Assert(s->cbElementaryTransfer <= 34);
1988 memset(pbBuf, '\0', 34);
1989 ataH2BE_U16(pbBuf, 32);
1990 pbBuf[2] = (0 << 4) | (3 << 2) | (2 << 0); /* not erasable, complete session, complete disc */
1991 pbBuf[3] = 1; /* number of first track */
1992 pbBuf[4] = 1; /* number of sessions (LSB) */
1993 pbBuf[5] = 1; /* first track number in last session (LSB) */
1994 pbBuf[6] = 1; /* last track number in last session (LSB) */
1995 pbBuf[7] = (0 << 7) | (0 << 6) | (1 << 5) | (0 << 2) | (0 << 0); /* disc id not valid, disc bar code not valid, unrestricted use, not dirty, not RW medium */
1996 pbBuf[8] = 0; /* disc type = CD-ROM */
1997 pbBuf[9] = 0; /* number of sessions (MSB) */
1998 pbBuf[10] = 0; /* number of sessions (MSB) */
1999 pbBuf[11] = 0; /* number of sessions (MSB) */
2000 ataH2BE_U32(pbBuf + 16, 0x00ffffff); /* last session lead-in start time is not available */
2001 ataH2BE_U32(pbBuf + 20, 0x00ffffff); /* last possible start time for lead-out is not available */
2002 s->iSourceSink = ATAFN_SS_NULL;
2003 atapiCmdOK(s);
2004 return false;
2005}
2006
2007
2008static bool atapiReadTrackInformationSS(ATADevState *s)
2009{
2010 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2011
2012 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2013 Assert(s->cbElementaryTransfer <= 36);
2014 /* Accept address/number type of 1 only, and only track 1 exists. */
2015 if ((s->aATAPICmd[1] & 0x03) != 1 || ataBE2H_U32(&s->aATAPICmd[2]) != 1)
2016 {
2017 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_INV_FIELD_IN_CMD_PACKET);
2018 return false;
2019 }
2020 memset(pbBuf, '\0', 36);
2021 ataH2BE_U16(pbBuf, 34);
2022 pbBuf[2] = 1; /* track number (LSB) */
2023 pbBuf[3] = 1; /* session number (LSB) */
2024 pbBuf[5] = (0 << 5) | (0 << 4) | (4 << 0); /* not damaged, primary copy, data track */
2025 pbBuf[6] = (0 << 7) | (0 << 6) | (0 << 5) | (0 << 6) | (1 << 0); /* not reserved track, not blank, not packet writing, not fixed packet, data mode 1 */
2026 pbBuf[7] = (0 << 1) | (0 << 0); /* last recorded address not valid, next recordable address not valid */
2027 ataH2BE_U32(pbBuf + 8, 0); /* track start address is 0 */
2028 ataH2BE_U32(pbBuf + 24, s->cTotalSectors); /* track size */
2029 pbBuf[32] = 0; /* track number (MSB) */
2030 pbBuf[33] = 0; /* session number (MSB) */
2031 s->iSourceSink = ATAFN_SS_NULL;
2032 atapiCmdOK(s);
2033 return false;
2034}
2035
2036
2037static bool atapiGetConfigurationSS(ATADevState *s)
2038{
2039 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2040 uint16_t u16Sfn = ataBE2H_U16(&s->aATAPICmd[2]);
2041
2042 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2043 Assert(s->cbElementaryTransfer <= 32);
2044 /* Accept valid request types only, and only starting feature 0. */
2045 if ((s->aATAPICmd[1] & 0x03) == 3 || u16Sfn != 0)
2046 {
2047 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_INV_FIELD_IN_CMD_PACKET);
2048 return false;
2049 }
2050 memset(pbBuf, '\0', 32);
2051 ataH2BE_U32(pbBuf, 16);
2052 /** @todo implement switching between CD-ROM and DVD-ROM profile (the only
2053 * way to differentiate them right now is based on the image size). Also
2054 * implement signalling "no current profile" if no medium is loaded. */
2055 ataH2BE_U16(pbBuf + 6, 0x08); /* current profile: read-only CD */
2056
2057 ataH2BE_U16(pbBuf + 8, 0); /* feature 0: list of profiles supported */
2058 pbBuf[10] = (0 << 2) | (1 << 1) | (1 || 0); /* version 0, persistent, current */
2059 pbBuf[11] = 8; /* additional bytes for profiles */
2060 /* The MMC-3 spec says that DVD-ROM read capability should be reported
2061 * before CD-ROM read capability. */
2062 ataH2BE_U16(pbBuf + 12, 0x10); /* profile: read-only DVD */
2063 pbBuf[14] = (0 << 0); /* NOT current profile */
2064 ataH2BE_U16(pbBuf + 16, 0x08); /* profile: read only CD */
2065 pbBuf[18] = (1 << 0); /* current profile */
2066 /* Other profiles we might want to add in the future: 0x40 (BD-ROM) and 0x50 (HDDVD-ROM) */
2067 s->iSourceSink = ATAFN_SS_NULL;
2068 atapiCmdOK(s);
2069 return false;
2070}
2071
2072
2073static bool atapiGetEventStatusNotificationSS(ATADevState *s)
2074{
2075 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2076
2077 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2078 Assert(s->cbElementaryTransfer <= 8);
2079
2080 if (!(s->aATAPICmd[1] & 1))
2081 {
2082 /* no asynchronous operation supported */
2083 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_INV_FIELD_IN_CMD_PACKET);
2084 return false;
2085 }
2086
2087 uint32_t OldStatus, NewStatus;
2088 do
2089 {
2090 OldStatus = ASMAtomicReadU32(&s->MediaEventStatus);
2091 NewStatus = ATA_EVENT_STATUS_UNCHANGED;
2092 switch (OldStatus)
2093 {
2094 case ATA_EVENT_STATUS_MEDIA_NEW:
2095 /* mount */
2096 ataH2BE_U16(pbBuf + 0, 6);
2097 pbBuf[2] = 0x04;
2098 pbBuf[3] = 0x5e;
2099 pbBuf[4] = 0x02;
2100 pbBuf[5] = 0x02;
2101 pbBuf[6] = 0x00;
2102 pbBuf[7] = 0x00;
2103 break;
2104
2105 case ATA_EVENT_STATUS_MEDIA_CHANGED:
2106 case ATA_EVENT_STATUS_MEDIA_REMOVED:
2107 /* umount */
2108 ataH2BE_U16(pbBuf + 0, 6);
2109 pbBuf[2] = 0x04;
2110 pbBuf[3] = 0x5e;
2111 pbBuf[4] = 0x03;
2112 pbBuf[5] = 0x00;
2113 pbBuf[6] = 0x00;
2114 pbBuf[7] = 0x00;
2115 if (OldStatus == ATA_EVENT_STATUS_MEDIA_CHANGED)
2116 NewStatus = ATA_EVENT_STATUS_MEDIA_NEW;
2117 break;
2118
2119 case ATA_EVENT_STATUS_UNCHANGED:
2120 default:
2121 ataH2BE_U16(pbBuf + 0, 6);
2122 pbBuf[2] = 0x01;
2123 pbBuf[3] = 0x5e;
2124 pbBuf[4] = 0x00;
2125 pbBuf[5] = 0x00;
2126 pbBuf[6] = 0x00;
2127 pbBuf[7] = 0x00;
2128 break;
2129 }
2130 } while (!ASMAtomicCmpXchgU32(&s->MediaEventStatus, NewStatus, OldStatus));
2131
2132 s->iSourceSink = ATAFN_SS_NULL;
2133 atapiCmdOK(s);
2134 return false;
2135}
2136
2137
2138static bool atapiInquirySS(ATADevState *s)
2139{
2140 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2141
2142 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2143 Assert(s->cbElementaryTransfer <= 36);
2144 pbBuf[0] = 0x05; /* CD-ROM */
2145 pbBuf[1] = 0x80; /* removable */
2146#if 1/*ndef VBOX*/ /** @todo implement MESN + AENC. (async notification on removal and stuff.) */
2147 pbBuf[2] = 0x00; /* ISO */
2148 pbBuf[3] = 0x21; /* ATAPI-2 (XXX: put ATAPI-4 ?) */
2149#else
2150 pbBuf[2] = 0x00; /* ISO */
2151 pbBuf[3] = 0x91; /* format 1, MESN=1, AENC=9 ??? */
2152#endif
2153 pbBuf[4] = 31; /* additional length */
2154 pbBuf[5] = 0; /* reserved */
2155 pbBuf[6] = 0; /* reserved */
2156 pbBuf[7] = 0; /* reserved */
2157 ataSCSIPadStr(pbBuf + 8, "VBOX", 8);
2158 ataSCSIPadStr(pbBuf + 16, "CD-ROM", 16);
2159 ataSCSIPadStr(pbBuf + 32, "1.0", 4);
2160 s->iSourceSink = ATAFN_SS_NULL;
2161 atapiCmdOK(s);
2162 return false;
2163}
2164
2165
2166static bool atapiModeSenseErrorRecoverySS(ATADevState *s)
2167{
2168 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2169
2170 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2171 Assert(s->cbElementaryTransfer <= 16);
2172 ataH2BE_U16(&pbBuf[0], 16 + 6);
2173 pbBuf[2] = 0x70;
2174 pbBuf[3] = 0;
2175 pbBuf[4] = 0;
2176 pbBuf[5] = 0;
2177 pbBuf[6] = 0;
2178 pbBuf[7] = 0;
2179
2180 pbBuf[8] = 0x01;
2181 pbBuf[9] = 0x06;
2182 pbBuf[10] = 0x00;
2183 pbBuf[11] = 0x05;
2184 pbBuf[12] = 0x00;
2185 pbBuf[13] = 0x00;
2186 pbBuf[14] = 0x00;
2187 pbBuf[15] = 0x00;
2188 s->iSourceSink = ATAFN_SS_NULL;
2189 atapiCmdOK(s);
2190 return false;
2191}
2192
2193
2194static bool atapiModeSenseCDStatusSS(ATADevState *s)
2195{
2196 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2197
2198 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2199 Assert(s->cbElementaryTransfer <= 40);
2200 ataH2BE_U16(&pbBuf[0], 38);
2201 pbBuf[2] = 0x70;
2202 pbBuf[3] = 0;
2203 pbBuf[4] = 0;
2204 pbBuf[5] = 0;
2205 pbBuf[6] = 0;
2206 pbBuf[7] = 0;
2207
2208 pbBuf[8] = 0x2a;
2209 pbBuf[9] = 30; /* page length */
2210 pbBuf[10] = 0x08; /* DVD-ROM read support */
2211 pbBuf[11] = 0x00; /* no write support */
2212 /* The following claims we support audio play. This is obviously false,
2213 * but the Linux generic CDROM support makes many features depend on this
2214 * capability. If it's not set, this causes many things to be disabled. */
2215 pbBuf[12] = 0x71; /* multisession support, mode 2 form 1/2 support, audio play */
2216 pbBuf[13] = 0x00; /* no subchannel reads supported */
2217 pbBuf[14] = (1 << 0) | (1 << 3) | (1 << 5); /* lock supported, eject supported, tray type loading mechanism */
2218 if (s->pDrvMount->pfnIsLocked(s->pDrvMount))
2219 pbBuf[14] |= 1 << 1; /* report lock state */
2220 pbBuf[15] = 0; /* no subchannel reads supported, no separate audio volume control, no changer etc. */
2221 ataH2BE_U16(&pbBuf[16], 5632); /* (obsolete) claim 32x speed support */
2222 ataH2BE_U16(&pbBuf[18], 2); /* number of audio volume levels */
2223 ataH2BE_U16(&pbBuf[20], s->cbIOBuffer / _1K); /* buffer size supported in Kbyte */
2224 ataH2BE_U16(&pbBuf[22], 5632); /* (obsolete) current read speed 32x */
2225 pbBuf[24] = 0; /* reserved */
2226 pbBuf[25] = 0; /* reserved for digital audio (see idx 15) */
2227 ataH2BE_U16(&pbBuf[26], 0); /* (obsolete) maximum write speed */
2228 ataH2BE_U16(&pbBuf[28], 0); /* (obsolete) current write speed */
2229 ataH2BE_U16(&pbBuf[30], 0); /* copy management revision supported 0=no CSS */
2230 pbBuf[32] = 0; /* reserved */
2231 pbBuf[33] = 0; /* reserved */
2232 pbBuf[34] = 0; /* reserved */
2233 pbBuf[35] = 1; /* rotation control CAV */
2234 ataH2BE_U16(&pbBuf[36], 0); /* current write speed */
2235 ataH2BE_U16(&pbBuf[38], 0); /* number of write speed performance descriptors */
2236 s->iSourceSink = ATAFN_SS_NULL;
2237 atapiCmdOK(s);
2238 return false;
2239}
2240
2241
2242static bool atapiRequestSenseSS(ATADevState *s)
2243{
2244 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2245
2246 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2247 memset(pbBuf, '\0', s->cbElementaryTransfer);
2248 memcpy(pbBuf, s->abATAPISense, RT_MIN(s->cbElementaryTransfer, sizeof(s->abATAPISense)));
2249 s->iSourceSink = ATAFN_SS_NULL;
2250 atapiCmdOK(s);
2251 return false;
2252}
2253
2254
2255static bool atapiMechanismStatusSS(ATADevState *s)
2256{
2257 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2258
2259 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2260 Assert(s->cbElementaryTransfer <= 8);
2261 ataH2BE_U16(pbBuf, 0);
2262 /* no current LBA */
2263 pbBuf[2] = 0;
2264 pbBuf[3] = 0;
2265 pbBuf[4] = 0;
2266 pbBuf[5] = 1;
2267 ataH2BE_U16(pbBuf + 6, 0);
2268 s->iSourceSink = ATAFN_SS_NULL;
2269 atapiCmdOK(s);
2270 return false;
2271}
2272
2273
2274static bool atapiReadTOCNormalSS(ATADevState *s)
2275{
2276 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer), *q, iStartTrack;
2277 bool fMSF;
2278 uint32_t cbSize;
2279
2280 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2281 fMSF = (s->aATAPICmd[1] >> 1) & 1;
2282 iStartTrack = s->aATAPICmd[6];
2283 if (iStartTrack > 1 && iStartTrack != 0xaa)
2284 {
2285 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_INV_FIELD_IN_CMD_PACKET);
2286 return false;
2287 }
2288 q = pbBuf + 2;
2289 *q++ = 1; /* first session */
2290 *q++ = 1; /* last session */
2291 if (iStartTrack <= 1)
2292 {
2293 *q++ = 0; /* reserved */
2294 *q++ = 0x14; /* ADR, control */
2295 *q++ = 1; /* track number */
2296 *q++ = 0; /* reserved */
2297 if (fMSF)
2298 {
2299 *q++ = 0; /* reserved */
2300 ataLBA2MSF(q, 0);
2301 q += 3;
2302 }
2303 else
2304 {
2305 /* sector 0 */
2306 ataH2BE_U32(q, 0);
2307 q += 4;
2308 }
2309 }
2310 /* lead out track */
2311 *q++ = 0; /* reserved */
2312 *q++ = 0x14; /* ADR, control */
2313 *q++ = 0xaa; /* track number */
2314 *q++ = 0; /* reserved */
2315 if (fMSF)
2316 {
2317 *q++ = 0; /* reserved */
2318 ataLBA2MSF(q, s->cTotalSectors);
2319 q += 3;
2320 }
2321 else
2322 {
2323 ataH2BE_U32(q, s->cTotalSectors);
2324 q += 4;
2325 }
2326 cbSize = q - pbBuf;
2327 ataH2BE_U16(pbBuf, cbSize - 2);
2328 if (cbSize < s->cbTotalTransfer)
2329 s->cbTotalTransfer = cbSize;
2330 s->iSourceSink = ATAFN_SS_NULL;
2331 atapiCmdOK(s);
2332 return false;
2333}
2334
2335
2336static bool atapiReadTOCMultiSS(ATADevState *s)
2337{
2338 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2339 bool fMSF;
2340
2341 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2342 Assert(s->cbElementaryTransfer <= 12);
2343 fMSF = (s->aATAPICmd[1] >> 1) & 1;
2344 /* multi session: only a single session defined */
2345/** @todo double-check this stuff against what a real drive says for a CD-ROM (not a CD-R) with only a single data session. Maybe solve the problem with "cdrdao read-toc" not being able to figure out whether numbers are in BCD or hex. */
2346 memset(pbBuf, 0, 12);
2347 pbBuf[1] = 0x0a;
2348 pbBuf[2] = 0x01;
2349 pbBuf[3] = 0x01;
2350 pbBuf[5] = 0x14; /* ADR, control */
2351 pbBuf[6] = 1; /* first track in last complete session */
2352 if (fMSF)
2353 {
2354 pbBuf[8] = 0; /* reserved */
2355 ataLBA2MSF(&pbBuf[9], 0);
2356 }
2357 else
2358 {
2359 /* sector 0 */
2360 ataH2BE_U32(pbBuf + 8, 0);
2361 }
2362 s->iSourceSink = ATAFN_SS_NULL;
2363 atapiCmdOK(s);
2364 return false;
2365}
2366
2367
2368static bool atapiReadTOCRawSS(ATADevState *s)
2369{
2370 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer), *q, iStartTrack;
2371 bool fMSF;
2372 uint32_t cbSize;
2373
2374 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2375 fMSF = (s->aATAPICmd[1] >> 1) & 1;
2376 iStartTrack = s->aATAPICmd[6];
2377
2378 q = pbBuf + 2;
2379 *q++ = 1; /* first session */
2380 *q++ = 1; /* last session */
2381
2382 *q++ = 1; /* session number */
2383 *q++ = 0x14; /* data track */
2384 *q++ = 0; /* track number */
2385 *q++ = 0xa0; /* first track in program area */
2386 *q++ = 0; /* min */
2387 *q++ = 0; /* sec */
2388 *q++ = 0; /* frame */
2389 *q++ = 0;
2390 *q++ = 1; /* first track */
2391 *q++ = 0x00; /* disk type CD-DA or CD data */
2392 *q++ = 0;
2393
2394 *q++ = 1; /* session number */
2395 *q++ = 0x14; /* data track */
2396 *q++ = 0; /* track number */
2397 *q++ = 0xa1; /* last track in program area */
2398 *q++ = 0; /* min */
2399 *q++ = 0; /* sec */
2400 *q++ = 0; /* frame */
2401 *q++ = 0;
2402 *q++ = 1; /* last track */
2403 *q++ = 0;
2404 *q++ = 0;
2405
2406 *q++ = 1; /* session number */
2407 *q++ = 0x14; /* data track */
2408 *q++ = 0; /* track number */
2409 *q++ = 0xa2; /* lead-out */
2410 *q++ = 0; /* min */
2411 *q++ = 0; /* sec */
2412 *q++ = 0; /* frame */
2413 if (fMSF)
2414 {
2415 *q++ = 0; /* reserved */
2416 ataLBA2MSF(q, s->cTotalSectors);
2417 q += 3;
2418 }
2419 else
2420 {
2421 ataH2BE_U32(q, s->cTotalSectors);
2422 q += 4;
2423 }
2424
2425 *q++ = 1; /* session number */
2426 *q++ = 0x14; /* ADR, control */
2427 *q++ = 0; /* track number */
2428 *q++ = 1; /* point */
2429 *q++ = 0; /* min */
2430 *q++ = 0; /* sec */
2431 *q++ = 0; /* frame */
2432 if (fMSF)
2433 {
2434 *q++ = 0; /* reserved */
2435 ataLBA2MSF(q, 0);
2436 q += 3;
2437 }
2438 else
2439 {
2440 /* sector 0 */
2441 ataH2BE_U32(q, 0);
2442 q += 4;
2443 }
2444
2445 cbSize = q - pbBuf;
2446 ataH2BE_U16(pbBuf, cbSize - 2);
2447 if (cbSize < s->cbTotalTransfer)
2448 s->cbTotalTransfer = cbSize;
2449 s->iSourceSink = ATAFN_SS_NULL;
2450 atapiCmdOK(s);
2451 return false;
2452}
2453
2454
2455static void atapiParseCmdVirtualATAPI(ATADevState *s)
2456{
2457 const uint8_t *pbPacket;
2458 uint8_t *pbBuf;
2459 uint32_t cbMax;
2460
2461 pbPacket = s->aATAPICmd;
2462 pbBuf = s->CTX_SUFF(pbIOBuffer);
2463 switch (pbPacket[0])
2464 {
2465 case SCSI_TEST_UNIT_READY:
2466 if (s->cNotifiedMediaChange > 0)
2467 {
2468 if (s->cNotifiedMediaChange-- > 2)
2469 atapiCmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIUM_NOT_PRESENT);
2470 else
2471 atapiCmdErrorSimple(s, SCSI_SENSE_UNIT_ATTENTION, SCSI_ASC_MEDIUM_MAY_HAVE_CHANGED); /* media changed */
2472 }
2473 else if (s->pDrvMount->pfnIsMounted(s->pDrvMount))
2474 atapiCmdOK(s);
2475 else
2476 atapiCmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIUM_NOT_PRESENT);
2477 break;
2478 case SCSI_GET_EVENT_STATUS_NOTIFICATION:
2479 cbMax = ataBE2H_U16(pbPacket + 7);
2480 ataStartTransfer(s, RT_MIN(cbMax, 8), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_GET_EVENT_STATUS_NOTIFICATION, true);
2481 break;
2482 case SCSI_MODE_SENSE_10:
2483 {
2484 uint8_t uPageControl, uPageCode;
2485 cbMax = ataBE2H_U16(pbPacket + 7);
2486 uPageControl = pbPacket[2] >> 6;
2487 uPageCode = pbPacket[2] & 0x3f;
2488 switch (uPageControl)
2489 {
2490 case SCSI_PAGECONTROL_CURRENT:
2491 switch (uPageCode)
2492 {
2493 case SCSI_MODEPAGE_ERROR_RECOVERY:
2494 ataStartTransfer(s, RT_MIN(cbMax, 16), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_MODE_SENSE_ERROR_RECOVERY, true);
2495 break;
2496 case SCSI_MODEPAGE_CD_STATUS:
2497 ataStartTransfer(s, RT_MIN(cbMax, 40), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_MODE_SENSE_CD_STATUS, true);
2498 break;
2499 default:
2500 goto error_cmd;
2501 }
2502 break;
2503 case SCSI_PAGECONTROL_CHANGEABLE:
2504 goto error_cmd;
2505 case SCSI_PAGECONTROL_DEFAULT:
2506 goto error_cmd;
2507 default:
2508 case SCSI_PAGECONTROL_SAVED:
2509 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_SAVING_PARAMETERS_NOT_SUPPORTED);
2510 break;
2511 }
2512 }
2513 break;
2514 case SCSI_REQUEST_SENSE:
2515 cbMax = pbPacket[4];
2516 ataStartTransfer(s, RT_MIN(cbMax, 18), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_REQUEST_SENSE, true);
2517 break;
2518 case SCSI_PREVENT_ALLOW_MEDIUM_REMOVAL:
2519 if (s->pDrvMount->pfnIsMounted(s->pDrvMount))
2520 {
2521 if (pbPacket[4] & 1)
2522 s->pDrvMount->pfnLock(s->pDrvMount);
2523 else
2524 s->pDrvMount->pfnUnlock(s->pDrvMount);
2525 atapiCmdOK(s);
2526 }
2527 else
2528 atapiCmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIUM_NOT_PRESENT);
2529 break;
2530 case SCSI_READ_10:
2531 case SCSI_READ_12:
2532 {
2533 uint32_t cSectors, iATAPILBA;
2534
2535 if (s->cNotifiedMediaChange > 0)
2536 {
2537 s->cNotifiedMediaChange-- ;
2538 atapiCmdErrorSimple(s, SCSI_SENSE_UNIT_ATTENTION, SCSI_ASC_MEDIUM_MAY_HAVE_CHANGED); /* media changed */
2539 break;
2540 }
2541 else if (!s->pDrvMount->pfnIsMounted(s->pDrvMount))
2542 {
2543 atapiCmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIUM_NOT_PRESENT);
2544 break;
2545 }
2546 if (pbPacket[0] == SCSI_READ_10)
2547 cSectors = ataBE2H_U16(pbPacket + 7);
2548 else
2549 cSectors = ataBE2H_U32(pbPacket + 6);
2550 iATAPILBA = ataBE2H_U32(pbPacket + 2);
2551 if (cSectors == 0)
2552 {
2553 atapiCmdOK(s);
2554 break;
2555 }
2556 if ((uint64_t)iATAPILBA + cSectors > s->cTotalSectors)
2557 {
2558 /* Rate limited logging, one log line per second. For
2559 * guests that insist on reading from places outside the
2560 * valid area this often generates too many release log
2561 * entries otherwise. */
2562 static uint64_t uLastLogTS = 0;
2563 if (RTTimeMilliTS() >= uLastLogTS + 1000)
2564 {
2565 LogRel(("PIIX3 ATA: LUN#%d: CD-ROM block number %Ld invalid (READ)\n", s->iLUN, (uint64_t)iATAPILBA + cSectors));
2566 uLastLogTS = RTTimeMilliTS();
2567 }
2568 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_LOGICAL_BLOCK_OOR);
2569 break;
2570 }
2571 atapiReadSectors(s, iATAPILBA, cSectors, 2048);
2572 }
2573 break;
2574 case SCSI_READ_CD:
2575 {
2576 uint32_t cSectors, iATAPILBA;
2577
2578 if (s->cNotifiedMediaChange > 0)
2579 {
2580 s->cNotifiedMediaChange-- ;
2581 atapiCmdErrorSimple(s, SCSI_SENSE_UNIT_ATTENTION, SCSI_ASC_MEDIUM_MAY_HAVE_CHANGED); /* media changed */
2582 break;
2583 }
2584 else if (!s->pDrvMount->pfnIsMounted(s->pDrvMount))
2585 {
2586 atapiCmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIUM_NOT_PRESENT);
2587 break;
2588 }
2589 cSectors = (pbPacket[6] << 16) | (pbPacket[7] << 8) | pbPacket[8];
2590 iATAPILBA = ataBE2H_U32(pbPacket + 2);
2591 if (cSectors == 0)
2592 {
2593 atapiCmdOK(s);
2594 break;
2595 }
2596 if ((uint64_t)iATAPILBA + cSectors > s->cTotalSectors)
2597 {
2598 /* Rate limited logging, one log line per second. For
2599 * guests that insist on reading from places outside the
2600 * valid area this often generates too many release log
2601 * entries otherwise. */
2602 static uint64_t uLastLogTS = 0;
2603 if (RTTimeMilliTS() >= uLastLogTS + 1000)
2604 {
2605 LogRel(("PIIX3 ATA: LUN#%d: CD-ROM block number %Ld invalid (READ CD)\n", s->iLUN, (uint64_t)iATAPILBA + cSectors));
2606 uLastLogTS = RTTimeMilliTS();
2607 }
2608 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_LOGICAL_BLOCK_OOR);
2609 break;
2610 }
2611 switch (pbPacket[9] & 0xf8)
2612 {
2613 case 0x00:
2614 /* nothing */
2615 atapiCmdOK(s);
2616 break;
2617 case 0x10:
2618 /* normal read */
2619 atapiReadSectors(s, iATAPILBA, cSectors, 2048);
2620 break;
2621 case 0xf8:
2622 /* read all data */
2623 atapiReadSectors(s, iATAPILBA, cSectors, 2352);
2624 break;
2625 default:
2626 LogRel(("PIIX3 ATA: LUN#%d: CD-ROM sector format not supported (%#x)\n", s->iLUN, pbPacket[9] & 0xf8));
2627 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_INV_FIELD_IN_CMD_PACKET);
2628 break;
2629 }
2630 }
2631 break;
2632 case SCSI_SEEK_10:
2633 {
2634 uint32_t iATAPILBA;
2635 if (s->cNotifiedMediaChange > 0)
2636 {
2637 s->cNotifiedMediaChange-- ;
2638 atapiCmdErrorSimple(s, SCSI_SENSE_UNIT_ATTENTION, SCSI_ASC_MEDIUM_MAY_HAVE_CHANGED); /* media changed */
2639 break;
2640 }
2641 else if (!s->pDrvMount->pfnIsMounted(s->pDrvMount))
2642 {
2643 atapiCmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIUM_NOT_PRESENT);
2644 break;
2645 }
2646 iATAPILBA = ataBE2H_U32(pbPacket + 2);
2647 if (iATAPILBA > s->cTotalSectors)
2648 {
2649 /* Rate limited logging, one log line per second. For
2650 * guests that insist on seeking to places outside the
2651 * valid area this often generates too many release log
2652 * entries otherwise. */
2653 static uint64_t uLastLogTS = 0;
2654 if (RTTimeMilliTS() >= uLastLogTS + 1000)
2655 {
2656 LogRel(("PIIX3 ATA: LUN#%d: CD-ROM block number %Ld invalid (SEEK)\n", s->iLUN, (uint64_t)iATAPILBA));
2657 uLastLogTS = RTTimeMilliTS();
2658 }
2659 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_LOGICAL_BLOCK_OOR);
2660 break;
2661 }
2662 atapiCmdOK(s);
2663 ataSetStatus(s, ATA_STAT_SEEK); /* Linux expects this. */
2664 }
2665 break;
2666 case SCSI_START_STOP_UNIT:
2667 {
2668 int rc = VINF_SUCCESS;
2669 switch (pbPacket[4] & 3)
2670 {
2671 case 0: /* 00 - Stop motor */
2672 case 1: /* 01 - Start motor */
2673 break;
2674 case 2: /* 10 - Eject media */
2675 /* This must be done from EMT. */
2676 {
2677 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
2678 PPDMDEVINS pDevIns = ATADEVSTATE_2_DEVINS(s);
2679 PVMREQ pReq;
2680
2681 PDMCritSectLeave(&pCtl->lock);
2682 rc = VMR3ReqCall(PDMDevHlpGetVM(pDevIns), VMREQDEST_ANY, &pReq, RT_INDEFINITE_WAIT,
2683 (PFNRT)s->pDrvMount->pfnUnmount, 2, s->pDrvMount, false);
2684 AssertReleaseRC(rc);
2685 VMR3ReqFree(pReq);
2686 {
2687 STAM_PROFILE_START(&pCtl->StatLockWait, a);
2688 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
2689 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
2690 }
2691 }
2692 break;
2693 case 3: /* 11 - Load media */
2694 /** @todo rc = s->pDrvMount->pfnLoadMedia(s->pDrvMount) */
2695 break;
2696 }
2697 if (RT_SUCCESS(rc))
2698 atapiCmdOK(s);
2699 else
2700 atapiCmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIA_LOAD_OR_EJECT_FAILED);
2701 }
2702 break;
2703 case SCSI_MECHANISM_STATUS:
2704 {
2705 cbMax = ataBE2H_U16(pbPacket + 8);
2706 ataStartTransfer(s, RT_MIN(cbMax, 8), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_MECHANISM_STATUS, true);
2707 }
2708 break;
2709 case SCSI_READ_TOC_PMA_ATIP:
2710 {
2711 uint8_t format;
2712
2713 if (s->cNotifiedMediaChange > 0)
2714 {
2715 s->cNotifiedMediaChange-- ;
2716 atapiCmdErrorSimple(s, SCSI_SENSE_UNIT_ATTENTION, SCSI_ASC_MEDIUM_MAY_HAVE_CHANGED); /* media changed */
2717 break;
2718 }
2719 else if (!s->pDrvMount->pfnIsMounted(s->pDrvMount))
2720 {
2721 atapiCmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIUM_NOT_PRESENT);
2722 break;
2723 }
2724 cbMax = ataBE2H_U16(pbPacket + 7);
2725 /* SCSI MMC-3 spec says format is at offset 2 (lower 4 bits),
2726 * but Linux kernel uses offset 9 (topmost 2 bits). Hope that
2727 * the other field is clear... */
2728 format = (pbPacket[2] & 0xf) | (pbPacket[9] >> 6);
2729 switch (format)
2730 {
2731 case 0:
2732 ataStartTransfer(s, cbMax, PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_READ_TOC_NORMAL, true);
2733 break;
2734 case 1:
2735 ataStartTransfer(s, RT_MIN(cbMax, 12), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_READ_TOC_MULTI, true);
2736 break;
2737 case 2:
2738 ataStartTransfer(s, cbMax, PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_READ_TOC_RAW, true);
2739 break;
2740 default:
2741 error_cmd:
2742 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_INV_FIELD_IN_CMD_PACKET);
2743 break;
2744 }
2745 }
2746 break;
2747 case SCSI_READ_CAPACITY:
2748 if (s->cNotifiedMediaChange > 0)
2749 {
2750 s->cNotifiedMediaChange-- ;
2751 atapiCmdErrorSimple(s, SCSI_SENSE_UNIT_ATTENTION, SCSI_ASC_MEDIUM_MAY_HAVE_CHANGED); /* media changed */
2752 break;
2753 }
2754 else if (!s->pDrvMount->pfnIsMounted(s->pDrvMount))
2755 {
2756 atapiCmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIUM_NOT_PRESENT);
2757 break;
2758 }
2759 ataStartTransfer(s, 8, PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_READ_CAPACITY, true);
2760 break;
2761 case SCSI_READ_DISC_INFORMATION:
2762 if (s->cNotifiedMediaChange > 0)
2763 {
2764 s->cNotifiedMediaChange-- ;
2765 atapiCmdErrorSimple(s, SCSI_SENSE_UNIT_ATTENTION, SCSI_ASC_MEDIUM_MAY_HAVE_CHANGED); /* media changed */
2766 break;
2767 }
2768 else if (!s->pDrvMount->pfnIsMounted(s->pDrvMount))
2769 {
2770 atapiCmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIUM_NOT_PRESENT);
2771 break;
2772 }
2773 cbMax = ataBE2H_U16(pbPacket + 7);
2774 ataStartTransfer(s, RT_MIN(cbMax, 34), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_READ_DISC_INFORMATION, true);
2775 break;
2776 case SCSI_READ_TRACK_INFORMATION:
2777 if (s->cNotifiedMediaChange > 0)
2778 {
2779 s->cNotifiedMediaChange-- ;
2780 atapiCmdErrorSimple(s, SCSI_SENSE_UNIT_ATTENTION, SCSI_ASC_MEDIUM_MAY_HAVE_CHANGED); /* media changed */
2781 break;
2782 }
2783 else if (!s->pDrvMount->pfnIsMounted(s->pDrvMount))
2784 {
2785 atapiCmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIUM_NOT_PRESENT);
2786 break;
2787 }
2788 cbMax = ataBE2H_U16(pbPacket + 7);
2789 ataStartTransfer(s, RT_MIN(cbMax, 36), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_READ_TRACK_INFORMATION, true);
2790 break;
2791 case SCSI_GET_CONFIGURATION:
2792 /* No media change stuff here, it can confuse Linux guests. */
2793 cbMax = ataBE2H_U16(pbPacket + 7);
2794 ataStartTransfer(s, RT_MIN(cbMax, 32), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_GET_CONFIGURATION, true);
2795 break;
2796 case SCSI_INQUIRY:
2797 cbMax = ataBE2H_U16(pbPacket + 3);
2798 ataStartTransfer(s, RT_MIN(cbMax, 36), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_INQUIRY, true);
2799 break;
2800 default:
2801 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_ILLEGAL_OPCODE);
2802 break;
2803 }
2804}
2805
2806
2807/*
2808 * Parse ATAPI commands, passing them directly to the CD/DVD drive.
2809 */
2810static void atapiParseCmdPassthrough(ATADevState *s)
2811{
2812 const uint8_t *pbPacket;
2813 uint8_t *pbBuf;
2814 uint32_t cSectors, iATAPILBA;
2815 uint32_t cbTransfer = 0;
2816 PDMBLOCKTXDIR uTxDir = PDMBLOCKTXDIR_NONE;
2817
2818 pbPacket = s->aATAPICmd;
2819 pbBuf = s->CTX_SUFF(pbIOBuffer);
2820 switch (pbPacket[0])
2821 {
2822 case SCSI_BLANK:
2823 goto sendcmd;
2824 case SCSI_CLOSE_TRACK_SESSION:
2825 goto sendcmd;
2826 case SCSI_ERASE_10:
2827 iATAPILBA = ataBE2H_U32(pbPacket + 2);
2828 cbTransfer = ataBE2H_U16(pbPacket + 7);
2829 Log2(("ATAPI PT: lba %d\n", iATAPILBA));
2830 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
2831 goto sendcmd;
2832 case SCSI_FORMAT_UNIT:
2833 cbTransfer = s->uATARegLCyl | (s->uATARegHCyl << 8); /* use ATAPI transfer length */
2834 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
2835 goto sendcmd;
2836 case SCSI_GET_CONFIGURATION:
2837 cbTransfer = ataBE2H_U16(pbPacket + 7);
2838 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
2839 goto sendcmd;
2840 case SCSI_GET_EVENT_STATUS_NOTIFICATION:
2841 cbTransfer = ataBE2H_U16(pbPacket + 7);
2842 if (ASMAtomicReadU32(&s->MediaEventStatus) != ATA_EVENT_STATUS_UNCHANGED)
2843 {
2844 ataStartTransfer(s, RT_MIN(cbTransfer, 8), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_GET_EVENT_STATUS_NOTIFICATION, true);
2845 break;
2846 }
2847 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
2848 goto sendcmd;
2849 case SCSI_GET_PERFORMANCE:
2850 cbTransfer = s->uATARegLCyl | (s->uATARegHCyl << 8); /* use ATAPI transfer length */
2851 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
2852 goto sendcmd;
2853 case SCSI_INQUIRY:
2854 cbTransfer = ataBE2H_U16(pbPacket + 3);
2855 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
2856 goto sendcmd;
2857 case SCSI_LOAD_UNLOAD_MEDIUM:
2858 goto sendcmd;
2859 case SCSI_MECHANISM_STATUS:
2860 cbTransfer = ataBE2H_U16(pbPacket + 8);
2861 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
2862 goto sendcmd;
2863 case SCSI_MODE_SELECT_10:
2864 cbTransfer = ataBE2H_U16(pbPacket + 7);
2865 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
2866 goto sendcmd;
2867 case SCSI_MODE_SENSE_10:
2868 cbTransfer = ataBE2H_U16(pbPacket + 7);
2869 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
2870 goto sendcmd;
2871 case SCSI_PAUSE_RESUME:
2872 goto sendcmd;
2873 case SCSI_PLAY_AUDIO_10:
2874 goto sendcmd;
2875 case SCSI_PLAY_AUDIO_12:
2876 goto sendcmd;
2877 case SCSI_PLAY_AUDIO_MSF:
2878 goto sendcmd;
2879 case SCSI_PREVENT_ALLOW_MEDIUM_REMOVAL:
2880 /** @todo do not forget to unlock when a VM is shut down */
2881 goto sendcmd;
2882 case SCSI_READ_10:
2883 iATAPILBA = ataBE2H_U32(pbPacket + 2);
2884 cSectors = ataBE2H_U16(pbPacket + 7);
2885 Log2(("ATAPI PT: lba %d sectors %d\n", iATAPILBA, cSectors));
2886 s->cbATAPISector = 2048; /**< @todo this size is not always correct */
2887 cbTransfer = cSectors * s->cbATAPISector;
2888 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
2889 goto sendcmd;
2890 case SCSI_READ_12:
2891 iATAPILBA = ataBE2H_U32(pbPacket + 2);
2892 cSectors = ataBE2H_U32(pbPacket + 6);
2893 Log2(("ATAPI PT: lba %d sectors %d\n", iATAPILBA, cSectors));
2894 s->cbATAPISector = 2048; /**< @todo this size is not always correct */
2895 cbTransfer = cSectors * s->cbATAPISector;
2896 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
2897 goto sendcmd;
2898 case SCSI_READ_BUFFER:
2899 cbTransfer = ataBE2H_U24(pbPacket + 6);
2900 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
2901 goto sendcmd;
2902 case SCSI_READ_BUFFER_CAPACITY:
2903 cbTransfer = ataBE2H_U16(pbPacket + 7);
2904 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
2905 goto sendcmd;
2906 case SCSI_READ_CAPACITY:
2907 cbTransfer = 8;
2908 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
2909 goto sendcmd;
2910 case SCSI_READ_CD:
2911 s->cbATAPISector = 2048; /**< @todo this size is not always correct */
2912 cbTransfer = ataBE2H_U24(pbPacket + 6) / s->cbATAPISector * s->cbATAPISector;
2913 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
2914 goto sendcmd;
2915 case SCSI_READ_CD_MSF:
2916 cSectors = ataMSF2LBA(pbPacket + 6) - ataMSF2LBA(pbPacket + 3);
2917 if (cSectors > 32)
2918 cSectors = 32; /* Limit transfer size to 64~74K. Safety first. In any case this can only harm software doing CDDA extraction. */
2919 s->cbATAPISector = 2048; /**< @todo this size is not always correct */
2920 cbTransfer = cSectors * s->cbATAPISector;
2921 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
2922 goto sendcmd;
2923 case SCSI_READ_DISC_INFORMATION:
2924 cbTransfer = ataBE2H_U16(pbPacket + 7);
2925 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
2926 goto sendcmd;
2927 case SCSI_READ_DVD_STRUCTURE:
2928 cbTransfer = ataBE2H_U16(pbPacket + 8);
2929 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
2930 goto sendcmd;
2931 case SCSI_READ_FORMAT_CAPACITIES:
2932 cbTransfer = ataBE2H_U16(pbPacket + 7);
2933 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
2934 goto sendcmd;
2935 case SCSI_READ_SUBCHANNEL:
2936 cbTransfer = ataBE2H_U16(pbPacket + 7);
2937 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
2938 goto sendcmd;
2939 case SCSI_READ_TOC_PMA_ATIP:
2940 cbTransfer = ataBE2H_U16(pbPacket + 7);
2941 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
2942 goto sendcmd;
2943 case SCSI_READ_TRACK_INFORMATION:
2944 cbTransfer = ataBE2H_U16(pbPacket + 7);
2945 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
2946 goto sendcmd;
2947 case SCSI_REPAIR_TRACK:
2948 goto sendcmd;
2949 case SCSI_REPORT_KEY:
2950 cbTransfer = ataBE2H_U16(pbPacket + 8);
2951 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
2952 goto sendcmd;
2953 case SCSI_REQUEST_SENSE:
2954 cbTransfer = pbPacket[4];
2955 if ((s->abATAPISense[2] & 0x0f) != SCSI_SENSE_NONE)
2956 {
2957 ataStartTransfer(s, RT_MIN(cbTransfer, 18), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_REQUEST_SENSE, true);
2958 break;
2959 }
2960 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
2961 goto sendcmd;
2962 case SCSI_RESERVE_TRACK:
2963 goto sendcmd;
2964 case SCSI_SCAN:
2965 goto sendcmd;
2966 case SCSI_SEEK_10:
2967 goto sendcmd;
2968 case SCSI_SEND_CUE_SHEET:
2969 cbTransfer = ataBE2H_U24(pbPacket + 6);
2970 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
2971 goto sendcmd;
2972 case SCSI_SEND_DVD_STRUCTURE:
2973 cbTransfer = ataBE2H_U16(pbPacket + 8);
2974 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
2975 goto sendcmd;
2976 case SCSI_SEND_EVENT:
2977 cbTransfer = ataBE2H_U16(pbPacket + 8);
2978 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
2979 goto sendcmd;
2980 case SCSI_SEND_KEY:
2981 cbTransfer = ataBE2H_U16(pbPacket + 8);
2982 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
2983 goto sendcmd;
2984 case SCSI_SEND_OPC_INFORMATION:
2985 cbTransfer = ataBE2H_U16(pbPacket + 7);
2986 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
2987 goto sendcmd;
2988 case SCSI_SET_CD_SPEED:
2989 goto sendcmd;
2990 case SCSI_SET_READ_AHEAD:
2991 goto sendcmd;
2992 case SCSI_SET_STREAMING:
2993 cbTransfer = ataBE2H_U16(pbPacket + 9);
2994 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
2995 goto sendcmd;
2996 case SCSI_START_STOP_UNIT:
2997 goto sendcmd;
2998 case SCSI_STOP_PLAY_SCAN:
2999 goto sendcmd;
3000 case SCSI_SYNCHRONIZE_CACHE:
3001 goto sendcmd;
3002 case SCSI_TEST_UNIT_READY:
3003 goto sendcmd;
3004 case SCSI_VERIFY_10:
3005 goto sendcmd;
3006 case SCSI_WRITE_10:
3007 iATAPILBA = ataBE2H_U32(pbPacket + 2);
3008 cSectors = ataBE2H_U16(pbPacket + 7);
3009 Log2(("ATAPI PT: lba %d sectors %d\n", iATAPILBA, cSectors));
3010#if 0
3011 /* The sector size is determined by the async I/O thread. */
3012 s->cbATAPISector = 0;
3013 /* Preliminary, will be corrected once the sector size is known. */
3014 cbTransfer = cSectors;
3015#else
3016 s->cbATAPISector = 2048; /**< @todo this size is not always correct */
3017 cbTransfer = cSectors * s->cbATAPISector;
3018#endif
3019 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
3020 goto sendcmd;
3021 case SCSI_WRITE_12:
3022 iATAPILBA = ataBE2H_U32(pbPacket + 2);
3023 cSectors = ataBE2H_U32(pbPacket + 6);
3024 Log2(("ATAPI PT: lba %d sectors %d\n", iATAPILBA, cSectors));
3025#if 0
3026 /* The sector size is determined by the async I/O thread. */
3027 s->cbATAPISector = 0;
3028 /* Preliminary, will be corrected once the sector size is known. */
3029 cbTransfer = cSectors;
3030#else
3031 s->cbATAPISector = 2048; /**< @todo this size is not always correct */
3032 cbTransfer = cSectors * s->cbATAPISector;
3033#endif
3034 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
3035 goto sendcmd;
3036 case SCSI_WRITE_AND_VERIFY_10:
3037 iATAPILBA = ataBE2H_U32(pbPacket + 2);
3038 cSectors = ataBE2H_U16(pbPacket + 7);
3039 Log2(("ATAPI PT: lba %d sectors %d\n", iATAPILBA, cSectors));
3040 /* The sector size is determined by the async I/O thread. */
3041 s->cbATAPISector = 0;
3042 /* Preliminary, will be corrected once the sector size is known. */
3043 cbTransfer = cSectors;
3044 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
3045 goto sendcmd;
3046 case SCSI_WRITE_BUFFER:
3047 switch (pbPacket[1] & 0x1f)
3048 {
3049 case 0x04: /* download microcode */
3050 case 0x05: /* download microcode and save */
3051 case 0x06: /* download microcode with offsets */
3052 case 0x07: /* download microcode with offsets and save */
3053 case 0x0e: /* download microcode with offsets and defer activation */
3054 case 0x0f: /* activate deferred microcode */
3055 LogRel(("PIIX3 ATA: LUN#%d: CD-ROM passthrough command attempted to update firmware, blocked\n", s->iLUN));
3056 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_INV_FIELD_IN_CMD_PACKET);
3057 break;
3058 default:
3059 cbTransfer = ataBE2H_U16(pbPacket + 6);
3060 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
3061 goto sendcmd;
3062 }
3063 break;
3064 case SCSI_REPORT_LUNS: /* Not part of MMC-3, but used by Windows. */
3065 cbTransfer = ataBE2H_U32(pbPacket + 6);
3066 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3067 goto sendcmd;
3068 case SCSI_REZERO_UNIT:
3069 /* Obsolete command used by cdrecord. What else would one expect?
3070 * This command is not sent to the drive, it is handled internally,
3071 * as the Linux kernel doesn't like it (message "scsi: unknown
3072 * opcode 0x01" in syslog) and replies with a sense code of 0,
3073 * which sends cdrecord to an endless loop. */
3074 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_ILLEGAL_OPCODE);
3075 break;
3076 default:
3077 LogRel(("PIIX3 ATA: LUN#%d: passthrough unimplemented for command %#x\n", s->iLUN, pbPacket[0]));
3078 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_ILLEGAL_OPCODE);
3079 break;
3080 sendcmd:
3081 /* Send a command to the drive, passing data in/out as required. */
3082 Log2(("ATAPI PT: max size %d\n", cbTransfer));
3083 Assert(cbTransfer <= s->cbIOBuffer);
3084 if (cbTransfer == 0)
3085 uTxDir = PDMBLOCKTXDIR_NONE;
3086 ataStartTransfer(s, cbTransfer, uTxDir, ATAFN_BT_ATAPI_PASSTHROUGH_CMD, ATAFN_SS_ATAPI_PASSTHROUGH, true);
3087 }
3088}
3089
3090
3091static void atapiParseCmd(ATADevState *s)
3092{
3093 const uint8_t *pbPacket;
3094
3095 pbPacket = s->aATAPICmd;
3096#ifdef DEBUG
3097 Log(("%s: LUN#%d DMA=%d CMD=%#04x \"%s\"\n", __FUNCTION__, s->iLUN, s->fDMA, pbPacket[0], SCSICmdText(pbPacket[0])));
3098#else /* !DEBUG */
3099 Log(("%s: LUN#%d DMA=%d CMD=%#04x\n", __FUNCTION__, s->iLUN, s->fDMA, pbPacket[0]));
3100#endif /* !DEBUG */
3101 Log2(("%s: limit=%#x packet: %.*Rhxs\n", __FUNCTION__, s->uATARegLCyl | (s->uATARegHCyl << 8), ATAPI_PACKET_SIZE, pbPacket));
3102
3103 if (s->fATAPIPassthrough)
3104 atapiParseCmdPassthrough(s);
3105 else
3106 atapiParseCmdVirtualATAPI(s);
3107}
3108
3109
3110static bool ataPacketSS(ATADevState *s)
3111{
3112 s->fDMA = !!(s->uATARegFeature & 1);
3113 memcpy(s->aATAPICmd, s->CTX_SUFF(pbIOBuffer), ATAPI_PACKET_SIZE);
3114 s->uTxDir = PDMBLOCKTXDIR_NONE;
3115 s->cbTotalTransfer = 0;
3116 s->cbElementaryTransfer = 0;
3117 atapiParseCmd(s);
3118 return false;
3119}
3120
3121
3122/**
3123 * SCSI_GET_EVENT_STATUS_NOTIFICATION should return "medium removed" event
3124 * from now on, regardless if there was a medium inserted or not.
3125 */
3126static void ataMediumRemoved(ATADevState *s)
3127{
3128 ASMAtomicWriteU32(&s->MediaEventStatus, ATA_EVENT_STATUS_MEDIA_REMOVED);
3129}
3130
3131
3132/**
3133 * SCSI_GET_EVENT_STATUS_NOTIFICATION should return "medium inserted". If
3134 * there was already a medium inserted, don't forget to send the "medium
3135 * removed" event first.
3136 */
3137static void ataMediumInserted(ATADevState *s)
3138{
3139 uint32_t OldStatus, NewStatus;
3140 do
3141 {
3142 OldStatus = ASMAtomicReadU32(&s->MediaEventStatus);
3143 switch (OldStatus)
3144 {
3145 case ATA_EVENT_STATUS_MEDIA_CHANGED:
3146 case ATA_EVENT_STATUS_MEDIA_REMOVED:
3147 /* no change, we will send "medium removed" + "medium inserted" */
3148 NewStatus = ATA_EVENT_STATUS_MEDIA_CHANGED;
3149 break;
3150 default:
3151 NewStatus = ATA_EVENT_STATUS_MEDIA_NEW;
3152 break;
3153 }
3154 } while (!ASMAtomicCmpXchgU32(&s->MediaEventStatus, NewStatus, OldStatus));
3155}
3156
3157
3158/**
3159 * Called when a media is mounted.
3160 *
3161 * @param pInterface Pointer to the interface structure containing the called function pointer.
3162 */
3163static DECLCALLBACK(void) ataMountNotify(PPDMIMOUNTNOTIFY pInterface)
3164{
3165 ATADevState *pIf = PDMIMOUNTNOTIFY_2_ATASTATE(pInterface);
3166 Log(("%s: changing LUN#%d\n", __FUNCTION__, pIf->iLUN));
3167
3168 /* Ignore the call if we're called while being attached. */
3169 if (!pIf->pDrvBlock)
3170 return;
3171
3172 if (pIf->fATAPI)
3173 pIf->cTotalSectors = pIf->pDrvBlock->pfnGetSize(pIf->pDrvBlock) / 2048;
3174 else
3175 pIf->cTotalSectors = pIf->pDrvBlock->pfnGetSize(pIf->pDrvBlock) / 512;
3176
3177 /* Report media changed in TEST UNIT and other (probably incorrect) places. */
3178 if (pIf->cNotifiedMediaChange < 2)
3179 pIf->cNotifiedMediaChange = 2;
3180 ataMediumInserted(pIf);
3181}
3182
3183/**
3184 * Called when a media is unmounted
3185 * @param pInterface Pointer to the interface structure containing the called function pointer.
3186 */
3187static DECLCALLBACK(void) ataUnmountNotify(PPDMIMOUNTNOTIFY pInterface)
3188{
3189 ATADevState *pIf = PDMIMOUNTNOTIFY_2_ATASTATE(pInterface);
3190 Log(("%s:\n", __FUNCTION__));
3191 pIf->cTotalSectors = 0;
3192
3193 /*
3194 * Whatever I do, XP will not use the GET MEDIA STATUS nor the EVENT stuff.
3195 * However, it will respond to TEST UNIT with a 0x6 0x28 (media changed) sense code.
3196 * So, we'll give it 4 TEST UNIT command to catch up, two which the media is not
3197 * present and 2 in which it is changed.
3198 */
3199 pIf->cNotifiedMediaChange = 4;
3200 ataMediumRemoved(pIf);
3201}
3202
3203static void ataPacketBT(ATADevState *s)
3204{
3205 s->cbElementaryTransfer = s->cbTotalTransfer;
3206 s->uATARegNSector = (s->uATARegNSector & ~7) | ATAPI_INT_REASON_CD;
3207 Log2(("%s: interrupt reason %#04x\n", __FUNCTION__, s->uATARegNSector));
3208 ataSetStatusValue(s, ATA_STAT_READY);
3209}
3210
3211
3212static void ataResetDevice(ATADevState *s)
3213{
3214 s->cMultSectors = ATA_MAX_MULT_SECTORS;
3215 s->cNotifiedMediaChange = 0;
3216 ASMAtomicWriteU32(&s->MediaEventStatus, ATA_EVENT_STATUS_UNCHANGED);
3217 ataUnsetIRQ(s);
3218
3219 s->uATARegSelect = 0x20;
3220 ataSetStatusValue(s, ATA_STAT_READY);
3221 ataSetSignature(s);
3222 s->cbTotalTransfer = 0;
3223 s->cbElementaryTransfer = 0;
3224 s->iIOBufferPIODataStart = 0;
3225 s->iIOBufferPIODataEnd = 0;
3226 s->iBeginTransfer = ATAFN_BT_NULL;
3227 s->iSourceSink = ATAFN_SS_NULL;
3228 s->fATAPITransfer = false;
3229 s->uATATransferMode = ATA_MODE_UDMA | 2; /* PIIX3 supports only up to UDMA2 */
3230
3231 s->uATARegFeature = 0;
3232}
3233
3234
3235static bool ataExecuteDeviceDiagnosticSS(ATADevState *s)
3236{
3237 ataSetSignature(s);
3238 if (s->fATAPI)
3239 ataSetStatusValue(s, 0); /* NOTE: READY is _not_ set */
3240 else
3241 ataSetStatusValue(s, ATA_STAT_READY);
3242 s->uATARegError = 0x01;
3243 return false;
3244}
3245
3246
3247static void ataParseCmd(ATADevState *s, uint8_t cmd)
3248{
3249#ifdef DEBUG
3250 Log(("%s: LUN#%d CMD=%#04x \"%s\"\n", __FUNCTION__, s->iLUN, cmd, ATACmdText(cmd)));
3251#else /* !DEBUG */
3252 Log(("%s: LUN#%d CMD=%#04x\n", __FUNCTION__, s->iLUN, cmd));
3253#endif /* !DEBUG */
3254 s->fLBA48 = false;
3255 s->fDMA = false;
3256 if (cmd == ATA_IDLE_IMMEDIATE)
3257 {
3258 /* Detect Linux timeout recovery, first tries IDLE IMMEDIATE (which
3259 * would overwrite the failing command unfortunately), then RESET. */
3260 int32_t uCmdWait = -1;
3261 uint64_t uNow = RTTimeNanoTS();
3262 if (s->u64CmdTS)
3263 uCmdWait = (uNow - s->u64CmdTS) / 1000;
3264 LogRel(("PIIX3 ATA: LUN#%d: IDLE IMMEDIATE, CmdIf=%#04x (%d usec ago)\n",
3265 s->iLUN, s->uATARegCommand, uCmdWait));
3266 }
3267 s->uATARegCommand = cmd;
3268 switch (cmd)
3269 {
3270 case ATA_IDENTIFY_DEVICE:
3271 if (s->pDrvBlock && !s->fATAPI)
3272 ataStartTransfer(s, 512, PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_NULL, ATAFN_SS_IDENTIFY, false);
3273 else
3274 {
3275 if (s->fATAPI)
3276 ataSetSignature(s);
3277 ataCmdError(s, ABRT_ERR);
3278 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3279 }
3280 break;
3281 case ATA_INITIALIZE_DEVICE_PARAMETERS:
3282 case ATA_RECALIBRATE:
3283 ataCmdOK(s, ATA_STAT_SEEK);
3284 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3285 break;
3286 case ATA_SET_MULTIPLE_MODE:
3287 if ( s->uATARegNSector != 0
3288 && ( s->uATARegNSector > ATA_MAX_MULT_SECTORS
3289 || (s->uATARegNSector & (s->uATARegNSector - 1)) != 0))
3290 {
3291 ataCmdError(s, ABRT_ERR);
3292 }
3293 else
3294 {
3295 Log2(("%s: set multi sector count to %d\n", __FUNCTION__, s->uATARegNSector));
3296 s->cMultSectors = s->uATARegNSector;
3297 ataCmdOK(s, 0);
3298 }
3299 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3300 break;
3301 case ATA_READ_VERIFY_SECTORS_EXT:
3302 s->fLBA48 = true;
3303 case ATA_READ_VERIFY_SECTORS:
3304 case ATA_READ_VERIFY_SECTORS_WITHOUT_RETRIES:
3305 /* do sector number check ? */
3306 ataCmdOK(s, 0);
3307 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3308 break;
3309 case ATA_READ_SECTORS_EXT:
3310 s->fLBA48 = true;
3311 case ATA_READ_SECTORS:
3312 case ATA_READ_SECTORS_WITHOUT_RETRIES:
3313 if (!s->pDrvBlock)
3314 goto abort_cmd;
3315 s->cSectorsPerIRQ = 1;
3316 ataStartTransfer(s, ataGetNSectors(s) * 512, PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_READ_WRITE_SECTORS, ATAFN_SS_READ_SECTORS, false);
3317 break;
3318 case ATA_WRITE_SECTORS_EXT:
3319 s->fLBA48 = true;
3320 case ATA_WRITE_SECTORS:
3321 case ATA_WRITE_SECTORS_WITHOUT_RETRIES:
3322 s->cSectorsPerIRQ = 1;
3323 ataStartTransfer(s, ataGetNSectors(s) * 512, PDMBLOCKTXDIR_TO_DEVICE, ATAFN_BT_READ_WRITE_SECTORS, ATAFN_SS_WRITE_SECTORS, false);
3324 break;
3325 case ATA_READ_MULTIPLE_EXT:
3326 s->fLBA48 = true;
3327 case ATA_READ_MULTIPLE:
3328 if (!s->cMultSectors)
3329 goto abort_cmd;
3330 s->cSectorsPerIRQ = s->cMultSectors;
3331 ataStartTransfer(s, ataGetNSectors(s) * 512, PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_READ_WRITE_SECTORS, ATAFN_SS_READ_SECTORS, false);
3332 break;
3333 case ATA_WRITE_MULTIPLE_EXT:
3334 s->fLBA48 = true;
3335 case ATA_WRITE_MULTIPLE:
3336 if (!s->cMultSectors)
3337 goto abort_cmd;
3338 s->cSectorsPerIRQ = s->cMultSectors;
3339 ataStartTransfer(s, ataGetNSectors(s) * 512, PDMBLOCKTXDIR_TO_DEVICE, ATAFN_BT_READ_WRITE_SECTORS, ATAFN_SS_WRITE_SECTORS, false);
3340 break;
3341 case ATA_READ_DMA_EXT:
3342 s->fLBA48 = true;
3343 case ATA_READ_DMA:
3344 case ATA_READ_DMA_WITHOUT_RETRIES:
3345 if (!s->pDrvBlock)
3346 goto abort_cmd;
3347 s->cSectorsPerIRQ = ATA_MAX_MULT_SECTORS;
3348 s->fDMA = true;
3349 ataStartTransfer(s, ataGetNSectors(s) * 512, PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_READ_WRITE_SECTORS, ATAFN_SS_READ_SECTORS, false);
3350 break;
3351 case ATA_WRITE_DMA_EXT:
3352 s->fLBA48 = true;
3353 case ATA_WRITE_DMA:
3354 case ATA_WRITE_DMA_WITHOUT_RETRIES:
3355 if (!s->pDrvBlock)
3356 goto abort_cmd;
3357 s->cSectorsPerIRQ = ATA_MAX_MULT_SECTORS;
3358 s->fDMA = true;
3359 ataStartTransfer(s, ataGetNSectors(s) * 512, PDMBLOCKTXDIR_TO_DEVICE, ATAFN_BT_READ_WRITE_SECTORS, ATAFN_SS_WRITE_SECTORS, false);
3360 break;
3361 case ATA_READ_NATIVE_MAX_ADDRESS_EXT:
3362 s->fLBA48 = true;
3363 ataSetSector(s, s->cTotalSectors - 1);
3364 ataCmdOK(s, 0);
3365 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3366 break;
3367 case ATA_SEEK: /* Used by the SCO OpenServer. Command is marked as obsolete */
3368 ataCmdOK(s, 0);
3369 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3370 break;
3371 case ATA_READ_NATIVE_MAX_ADDRESS:
3372 ataSetSector(s, RT_MIN(s->cTotalSectors, 1 << 28) - 1);
3373 ataCmdOK(s, 0);
3374 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3375 break;
3376 case ATA_CHECK_POWER_MODE:
3377 s->uATARegNSector = 0xff; /* drive active or idle */
3378 ataCmdOK(s, 0);
3379 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3380 break;
3381 case ATA_SET_FEATURES:
3382 Log2(("%s: feature=%#x\n", __FUNCTION__, s->uATARegFeature));
3383 if (!s->pDrvBlock)
3384 goto abort_cmd;
3385 switch (s->uATARegFeature)
3386 {
3387 case 0x02: /* write cache enable */
3388 Log2(("%s: write cache enable\n", __FUNCTION__));
3389 ataCmdOK(s, ATA_STAT_SEEK);
3390 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3391 break;
3392 case 0xaa: /* read look-ahead enable */
3393 Log2(("%s: read look-ahead enable\n", __FUNCTION__));
3394 ataCmdOK(s, ATA_STAT_SEEK);
3395 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3396 break;
3397 case 0x55: /* read look-ahead disable */
3398 Log2(("%s: read look-ahead disable\n", __FUNCTION__));
3399 ataCmdOK(s, ATA_STAT_SEEK);
3400 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3401 break;
3402 case 0xcc: /* reverting to power-on defaults enable */
3403 Log2(("%s: revert to power-on defaults enable\n", __FUNCTION__));
3404 ataCmdOK(s, ATA_STAT_SEEK);
3405 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3406 break;
3407 case 0x66: /* reverting to power-on defaults disable */
3408 Log2(("%s: revert to power-on defaults disable\n", __FUNCTION__));
3409 ataCmdOK(s, ATA_STAT_SEEK);
3410 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3411 break;
3412 case 0x82: /* write cache disable */
3413 Log2(("%s: write cache disable\n", __FUNCTION__));
3414 /* As per the ATA/ATAPI-6 specs, a write cache disable
3415 * command MUST flush the write buffers to disc. */
3416 ataStartTransfer(s, 0, PDMBLOCKTXDIR_NONE, ATAFN_BT_NULL, ATAFN_SS_FLUSH, false);
3417 break;
3418 case 0x03: { /* set transfer mode */
3419 Log2(("%s: transfer mode %#04x\n", __FUNCTION__, s->uATARegNSector));
3420 switch (s->uATARegNSector & 0xf8)
3421 {
3422 case 0x00: /* PIO default */
3423 case 0x08: /* PIO mode */
3424 break;
3425 case ATA_MODE_MDMA: /* MDMA mode */
3426 s->uATATransferMode = (s->uATARegNSector & 0xf8) | RT_MIN(s->uATARegNSector & 0x07, ATA_MDMA_MODE_MAX);
3427 break;
3428 case ATA_MODE_UDMA: /* UDMA mode */
3429 s->uATATransferMode = (s->uATARegNSector & 0xf8) | RT_MIN(s->uATARegNSector & 0x07, ATA_UDMA_MODE_MAX);
3430 break;
3431 default:
3432 goto abort_cmd;
3433 }
3434 ataCmdOK(s, ATA_STAT_SEEK);
3435 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3436 break;
3437 }
3438 default:
3439 goto abort_cmd;
3440 }
3441 /*
3442 * OS/2 workarond:
3443 * The OS/2 IDE driver from MCP2 appears to rely on the feature register being
3444 * reset here. According to the specification, this is a driver bug as the register
3445 * contents are undefined after the call. This means we can just as well reset it.
3446 */
3447 s->uATARegFeature = 0;
3448 break;
3449 case ATA_FLUSH_CACHE_EXT:
3450 case ATA_FLUSH_CACHE:
3451 if (!s->pDrvBlock || s->fATAPI)
3452 goto abort_cmd;
3453 ataStartTransfer(s, 0, PDMBLOCKTXDIR_NONE, ATAFN_BT_NULL, ATAFN_SS_FLUSH, false);
3454 break;
3455 case ATA_STANDBY_IMMEDIATE:
3456 ataCmdOK(s, 0);
3457 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3458 break;
3459 case ATA_IDLE_IMMEDIATE:
3460 LogRel(("PIIX3 ATA: LUN#%d: aborting current command\n", s->iLUN));
3461 ataAbortCurrentCommand(s, false);
3462 break;
3463 /* ATAPI commands */
3464 case ATA_IDENTIFY_PACKET_DEVICE:
3465 if (s->fATAPI)
3466 ataStartTransfer(s, 512, PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_NULL, ATAFN_SS_ATAPI_IDENTIFY, false);
3467 else
3468 {
3469 ataCmdError(s, ABRT_ERR);
3470 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3471 }
3472 break;
3473 case ATA_EXECUTE_DEVICE_DIAGNOSTIC:
3474 ataStartTransfer(s, 0, PDMBLOCKTXDIR_NONE, ATAFN_BT_NULL, ATAFN_SS_EXECUTE_DEVICE_DIAGNOSTIC, false);
3475 break;
3476 case ATA_DEVICE_RESET:
3477 if (!s->fATAPI)
3478 goto abort_cmd;
3479 LogRel(("PIIX3 ATA: LUN#%d: performing device RESET\n", s->iLUN));
3480 ataAbortCurrentCommand(s, true);
3481 break;
3482 case ATA_PACKET:
3483 if (!s->fATAPI)
3484 goto abort_cmd;
3485 /* overlapping commands not supported */
3486 if (s->uATARegFeature & 0x02)
3487 goto abort_cmd;
3488 ataStartTransfer(s, ATAPI_PACKET_SIZE, PDMBLOCKTXDIR_TO_DEVICE, ATAFN_BT_PACKET, ATAFN_SS_PACKET, false);
3489 break;
3490 default:
3491 abort_cmd:
3492 ataCmdError(s, ABRT_ERR);
3493 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3494 break;
3495 }
3496}
3497
3498
3499/**
3500 * Waits for a particular async I/O thread to complete whatever it
3501 * is doing at the moment.
3502 *
3503 * @returns true on success.
3504 * @returns false when the thread is still processing.
3505 * @param pThis Pointer to the controller data.
3506 * @param cMillies How long to wait (total).
3507 */
3508static bool ataWaitForAsyncIOIsIdle(PATACONTROLLER pCtl, unsigned cMillies)
3509{
3510 uint64_t u64Start;
3511
3512 /*
3513 * Wait for any pending async operation to finish
3514 */
3515 u64Start = RTTimeMilliTS();
3516 for (;;)
3517 {
3518 if (ataAsyncIOIsIdle(pCtl, false))
3519 return true;
3520 if (RTTimeMilliTS() - u64Start >= cMillies)
3521 break;
3522
3523 /* Sleep for a bit. */
3524 RTThreadSleep(100);
3525 }
3526
3527 return false;
3528}
3529
3530#endif /* IN_RING3 */
3531
3532static int ataIOPortWriteU8(PATACONTROLLER pCtl, uint32_t addr, uint32_t val)
3533{
3534 Log2(("%s: write addr=%#x val=%#04x\n", __FUNCTION__, addr, val));
3535 addr &= 7;
3536 switch (addr)
3537 {
3538 case 0:
3539 break;
3540 case 1: /* feature register */
3541 /* NOTE: data is written to the two drives */
3542 pCtl->aIfs[0].uATARegDevCtl &= ~ATA_DEVCTL_HOB;
3543 pCtl->aIfs[1].uATARegDevCtl &= ~ATA_DEVCTL_HOB;
3544 pCtl->aIfs[0].uATARegFeatureHOB = pCtl->aIfs[0].uATARegFeature;
3545 pCtl->aIfs[1].uATARegFeatureHOB = pCtl->aIfs[1].uATARegFeature;
3546 pCtl->aIfs[0].uATARegFeature = val;
3547 pCtl->aIfs[1].uATARegFeature = val;
3548 break;
3549 case 2: /* sector count */
3550 pCtl->aIfs[0].uATARegDevCtl &= ~ATA_DEVCTL_HOB;
3551 pCtl->aIfs[1].uATARegDevCtl &= ~ATA_DEVCTL_HOB;
3552 pCtl->aIfs[0].uATARegNSectorHOB = pCtl->aIfs[0].uATARegNSector;
3553 pCtl->aIfs[1].uATARegNSectorHOB = pCtl->aIfs[1].uATARegNSector;
3554 pCtl->aIfs[0].uATARegNSector = val;
3555 pCtl->aIfs[1].uATARegNSector = val;
3556 break;
3557 case 3: /* sector number */
3558 pCtl->aIfs[0].uATARegDevCtl &= ~ATA_DEVCTL_HOB;
3559 pCtl->aIfs[1].uATARegDevCtl &= ~ATA_DEVCTL_HOB;
3560 pCtl->aIfs[0].uATARegSectorHOB = pCtl->aIfs[0].uATARegSector;
3561 pCtl->aIfs[1].uATARegSectorHOB = pCtl->aIfs[1].uATARegSector;
3562 pCtl->aIfs[0].uATARegSector = val;
3563 pCtl->aIfs[1].uATARegSector = val;
3564 break;
3565 case 4: /* cylinder low */
3566 pCtl->aIfs[0].uATARegDevCtl &= ~ATA_DEVCTL_HOB;
3567 pCtl->aIfs[1].uATARegDevCtl &= ~ATA_DEVCTL_HOB;
3568 pCtl->aIfs[0].uATARegLCylHOB = pCtl->aIfs[0].uATARegLCyl;
3569 pCtl->aIfs[1].uATARegLCylHOB = pCtl->aIfs[1].uATARegLCyl;
3570 pCtl->aIfs[0].uATARegLCyl = val;
3571 pCtl->aIfs[1].uATARegLCyl = val;
3572 break;
3573 case 5: /* cylinder high */
3574 pCtl->aIfs[0].uATARegDevCtl &= ~ATA_DEVCTL_HOB;
3575 pCtl->aIfs[1].uATARegDevCtl &= ~ATA_DEVCTL_HOB;
3576 pCtl->aIfs[0].uATARegHCylHOB = pCtl->aIfs[0].uATARegHCyl;
3577 pCtl->aIfs[1].uATARegHCylHOB = pCtl->aIfs[1].uATARegHCyl;
3578 pCtl->aIfs[0].uATARegHCyl = val;
3579 pCtl->aIfs[1].uATARegHCyl = val;
3580 break;
3581 case 6: /* drive/head */
3582 pCtl->aIfs[0].uATARegSelect = (val & ~0x10) | 0xa0;
3583 pCtl->aIfs[1].uATARegSelect = (val | 0x10) | 0xa0;
3584 if (((val >> 4) & 1) != pCtl->iSelectedIf)
3585 {
3586 PPDMDEVINS pDevIns = CONTROLLER_2_DEVINS(pCtl);
3587
3588 /* select another drive */
3589 pCtl->iSelectedIf = (val >> 4) & 1;
3590 /* The IRQ line is multiplexed between the two drives, so
3591 * update the state when switching to another drive. Only need
3592 * to update interrupt line if it is enabled and there is a
3593 * state change. */
3594 if ( !(pCtl->aIfs[pCtl->iSelectedIf].uATARegDevCtl & ATA_DEVCTL_DISABLE_IRQ)
3595 && ( pCtl->aIfs[pCtl->iSelectedIf].fIrqPending
3596 != pCtl->aIfs[pCtl->iSelectedIf ^ 1].fIrqPending))
3597 {
3598 if (pCtl->aIfs[pCtl->iSelectedIf].fIrqPending)
3599 {
3600 Log2(("%s: LUN#%d asserting IRQ (drive select change)\n", __FUNCTION__, pCtl->aIfs[pCtl->iSelectedIf].iLUN));
3601 /* The BMDMA unit unconditionally sets BM_STATUS_INT if
3602 * the interrupt line is asserted. It monitors the line
3603 * for a rising edge. */
3604 pCtl->BmDma.u8Status |= BM_STATUS_INT;
3605 if (pCtl->irq == 16)
3606 PDMDevHlpPCISetIrqNoWait(pDevIns, 0, 1);
3607 else
3608 PDMDevHlpISASetIrqNoWait(pDevIns, pCtl->irq, 1);
3609 }
3610 else
3611 {
3612 Log2(("%s: LUN#%d deasserting IRQ (drive select change)\n", __FUNCTION__, pCtl->aIfs[pCtl->iSelectedIf].iLUN));
3613 if (pCtl->irq == 16)
3614 PDMDevHlpPCISetIrqNoWait(pDevIns, 0, 0);
3615 else
3616 PDMDevHlpISASetIrqNoWait(pDevIns, pCtl->irq, 0);
3617 }
3618 }
3619 }
3620 break;
3621 default:
3622 case 7: /* command */
3623 /* ignore commands to non existant slave */
3624 if (pCtl->iSelectedIf && !pCtl->aIfs[pCtl->iSelectedIf].pDrvBlock)
3625 break;
3626#ifndef IN_RING3
3627 /* Don't do anything complicated in GC */
3628 return VINF_IOM_HC_IOPORT_WRITE;
3629#else /* IN_RING3 */
3630 ataParseCmd(&pCtl->aIfs[pCtl->iSelectedIf], val);
3631#endif /* !IN_RING3 */
3632 }
3633 return VINF_SUCCESS;
3634}
3635
3636
3637static int ataIOPortReadU8(PATACONTROLLER pCtl, uint32_t addr, uint32_t *pu32)
3638{
3639 ATADevState *s = &pCtl->aIfs[pCtl->iSelectedIf];
3640 uint32_t val;
3641 bool fHOB;
3642
3643 fHOB = !!(s->uATARegDevCtl & (1 << 7));
3644 switch (addr & 7)
3645 {
3646 case 0: /* data register */
3647 val = 0xff;
3648 break;
3649 case 1: /* error register */
3650 /* The ATA specification is very terse when it comes to specifying
3651 * the precise effects of reading back the error/feature register.
3652 * The error register (read-only) shares the register number with
3653 * the feature register (write-only), so it seems that it's not
3654 * necessary to support the usual HOB readback here. */
3655 if (!s->pDrvBlock)
3656 val = 0;
3657 else
3658 val = s->uATARegError;
3659 break;
3660 case 2: /* sector count */
3661 if (!s->pDrvBlock)
3662 val = 0;
3663 else if (fHOB)
3664 val = s->uATARegNSectorHOB;
3665 else
3666 val = s->uATARegNSector;
3667 break;
3668 case 3: /* sector number */
3669 if (!s->pDrvBlock)
3670 val = 0;
3671 else if (fHOB)
3672 val = s->uATARegSectorHOB;
3673 else
3674 val = s->uATARegSector;
3675 break;
3676 case 4: /* cylinder low */
3677 if (!s->pDrvBlock)
3678 val = 0;
3679 else if (fHOB)
3680 val = s->uATARegLCylHOB;
3681 else
3682 val = s->uATARegLCyl;
3683 break;
3684 case 5: /* cylinder high */
3685 if (!s->pDrvBlock)
3686 val = 0;
3687 else if (fHOB)
3688 val = s->uATARegHCylHOB;
3689 else
3690 val = s->uATARegHCyl;
3691 break;
3692 case 6: /* drive/head */
3693 /* This register must always work as long as there is at least
3694 * one drive attached to the controller. It is common between
3695 * both drives anyway (completely identical content). */
3696 if (!pCtl->aIfs[0].pDrvBlock && !pCtl->aIfs[1].pDrvBlock)
3697 val = 0;
3698 else
3699 val = s->uATARegSelect;
3700 break;
3701 default:
3702 case 7: /* primary status */
3703 {
3704 /* Counter for number of busy status seen in GC in a row. */
3705 static unsigned cBusy = 0;
3706
3707 if (!s->pDrvBlock)
3708 val = 0;
3709 else
3710 val = s->uATARegStatus;
3711
3712 /* Give the async I/O thread an opportunity to make progress,
3713 * don't let it starve by guests polling frequently. EMT has a
3714 * lower priority than the async I/O thread, but sometimes the
3715 * host OS doesn't care. With some guests we are only allowed to
3716 * be busy for about 5 milliseconds in some situations. Note that
3717 * this is no guarantee for any other VBox thread getting
3718 * scheduled, so this just lowers the CPU load a bit when drives
3719 * are busy. It cannot help with timing problems. */
3720 if (val & ATA_STAT_BUSY)
3721 {
3722#ifdef IN_RING3
3723 cBusy = 0;
3724 PDMCritSectLeave(&pCtl->lock);
3725
3726 RTThreadYield();
3727
3728 {
3729 STAM_PROFILE_START(&pCtl->StatLockWait, a);
3730 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
3731 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
3732 }
3733
3734 val = s->uATARegStatus;
3735#else /* !IN_RING3 */
3736 /* Cannot yield CPU in guest context. And switching to host
3737 * context for each and every busy status is too costly,
3738 * especially on SMP systems where we don't gain much by
3739 * yielding the CPU to someone else. */
3740 if (++cBusy >= 20)
3741 {
3742 cBusy = 0;
3743 return VINF_IOM_HC_IOPORT_READ;
3744 }
3745#endif /* !IN_RING3 */
3746 }
3747 else
3748 cBusy = 0;
3749 ataUnsetIRQ(s);
3750 break;
3751 }
3752 }
3753 Log2(("%s: addr=%#x val=%#04x\n", __FUNCTION__, addr, val));
3754 *pu32 = val;
3755 return VINF_SUCCESS;
3756}
3757
3758
3759static uint32_t ataStatusRead(PATACONTROLLER pCtl, uint32_t addr)
3760{
3761 ATADevState *s = &pCtl->aIfs[pCtl->iSelectedIf];
3762 uint32_t val;
3763
3764 if ((!pCtl->aIfs[0].pDrvBlock && !pCtl->aIfs[1].pDrvBlock) ||
3765 (pCtl->iSelectedIf == 1 && !s->pDrvBlock))
3766 val = 0;
3767 else
3768 val = s->uATARegStatus;
3769 Log2(("%s: addr=%#x val=%#04x\n", __FUNCTION__, addr, val));
3770 return val;
3771}
3772
3773static int ataControlWrite(PATACONTROLLER pCtl, uint32_t addr, uint32_t val)
3774{
3775#ifndef IN_RING3
3776 if ((val ^ pCtl->aIfs[0].uATARegDevCtl) & ATA_DEVCTL_RESET)
3777 return VINF_IOM_HC_IOPORT_WRITE; /* The RESET stuff is too complicated for GC. */
3778#endif /* !IN_RING3 */
3779
3780 Log2(("%s: addr=%#x val=%#04x\n", __FUNCTION__, addr, val));
3781 /* RESET is common for both drives attached to a controller. */
3782 if (!(pCtl->aIfs[0].uATARegDevCtl & ATA_DEVCTL_RESET) &&
3783 (val & ATA_DEVCTL_RESET))
3784 {
3785#ifdef IN_RING3
3786 /* Software RESET low to high */
3787 int32_t uCmdWait0 = -1, uCmdWait1 = -1;
3788 uint64_t uNow = RTTimeNanoTS();
3789 if (pCtl->aIfs[0].u64CmdTS)
3790 uCmdWait0 = (uNow - pCtl->aIfs[0].u64CmdTS) / 1000;
3791 if (pCtl->aIfs[1].u64CmdTS)
3792 uCmdWait1 = (uNow - pCtl->aIfs[1].u64CmdTS) / 1000;
3793 LogRel(("PIIX3 ATA: Ctl#%d: RESET, DevSel=%d AIOIf=%d CmdIf0=%#04x (%d usec ago) CmdIf1=%#04x (%d usec ago)\n",
3794 ATACONTROLLER_IDX(pCtl), pCtl->iSelectedIf, pCtl->iAIOIf,
3795 pCtl->aIfs[0].uATARegCommand, uCmdWait0,
3796 pCtl->aIfs[1].uATARegCommand, uCmdWait1));
3797 pCtl->fReset = true;
3798 /* Everything must be done after the reset flag is set, otherwise
3799 * there are unavoidable races with the currently executing request
3800 * (which might just finish in the mean time). */
3801 pCtl->fChainedTransfer = false;
3802 for (uint32_t i = 0; i < RT_ELEMENTS(pCtl->aIfs); i++)
3803 {
3804 ataResetDevice(&pCtl->aIfs[i]);
3805 /* The following cannot be done using ataSetStatusValue() since the
3806 * reset flag is already set, which suppresses all status changes. */
3807 pCtl->aIfs[i].uATARegStatus = ATA_STAT_BUSY | ATA_STAT_SEEK;
3808 Log2(("%s: LUN#%d status %#04x\n", __FUNCTION__, pCtl->aIfs[i].iLUN, pCtl->aIfs[i].uATARegStatus));
3809 pCtl->aIfs[i].uATARegError = 0x01;
3810 }
3811 ataAsyncIOClearRequests(pCtl);
3812 Log2(("%s: Ctl#%d: message to async I/O thread, resetA\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
3813 if (val & ATA_DEVCTL_HOB)
3814 {
3815 val &= ~ATA_DEVCTL_HOB;
3816 Log2(("%s: ignored setting HOB\n", __FUNCTION__));
3817 }
3818 ataAsyncIOPutRequest(pCtl, &ataResetARequest);
3819#else /* !IN_RING3 */
3820 AssertMsgFailed(("RESET handling is too complicated for GC\n"));
3821#endif /* IN_RING3 */
3822 }
3823 else if ((pCtl->aIfs[0].uATARegDevCtl & ATA_DEVCTL_RESET) &&
3824 !(val & ATA_DEVCTL_RESET))
3825 {
3826#ifdef IN_RING3
3827 /* Software RESET high to low */
3828 Log(("%s: deasserting RESET\n", __FUNCTION__));
3829 Log2(("%s: Ctl#%d: message to async I/O thread, resetC\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
3830 if (val & ATA_DEVCTL_HOB)
3831 {
3832 val &= ~ATA_DEVCTL_HOB;
3833 Log2(("%s: ignored setting HOB\n", __FUNCTION__));
3834 }
3835 ataAsyncIOPutRequest(pCtl, &ataResetCRequest);
3836#else /* !IN_RING3 */
3837 AssertMsgFailed(("RESET handling is too complicated for GC\n"));
3838#endif /* IN_RING3 */
3839 }
3840
3841 /* Change of interrupt disable flag. Update interrupt line if interrupt
3842 * is pending on the current interface. */
3843 if ((val ^ pCtl->aIfs[0].uATARegDevCtl) & ATA_DEVCTL_DISABLE_IRQ
3844 && pCtl->aIfs[pCtl->iSelectedIf].fIrqPending)
3845 {
3846 if (!(val & ATA_DEVCTL_DISABLE_IRQ))
3847 {
3848 Log2(("%s: LUN#%d asserting IRQ (interrupt disable change)\n", __FUNCTION__, pCtl->aIfs[pCtl->iSelectedIf].iLUN));
3849 /* The BMDMA unit unconditionally sets BM_STATUS_INT if the
3850 * interrupt line is asserted. It monitors the line for a rising
3851 * edge. */
3852 pCtl->BmDma.u8Status |= BM_STATUS_INT;
3853 if (pCtl->irq == 16)
3854 PDMDevHlpPCISetIrqNoWait(CONTROLLER_2_DEVINS(pCtl), 0, 1);
3855 else
3856 PDMDevHlpISASetIrqNoWait(CONTROLLER_2_DEVINS(pCtl), pCtl->irq, 1);
3857 }
3858 else
3859 {
3860 Log2(("%s: LUN#%d deasserting IRQ (interrupt disable change)\n", __FUNCTION__, pCtl->aIfs[pCtl->iSelectedIf].iLUN));
3861 if (pCtl->irq == 16)
3862 PDMDevHlpPCISetIrqNoWait(CONTROLLER_2_DEVINS(pCtl), 0, 0);
3863 else
3864 PDMDevHlpISASetIrqNoWait(CONTROLLER_2_DEVINS(pCtl), pCtl->irq, 0);
3865 }
3866 }
3867
3868 if (val & ATA_DEVCTL_HOB)
3869 Log2(("%s: set HOB\n", __FUNCTION__));
3870
3871 pCtl->aIfs[0].uATARegDevCtl = val;
3872 pCtl->aIfs[1].uATARegDevCtl = val;
3873
3874 return VINF_SUCCESS;
3875}
3876
3877#ifdef IN_RING3
3878
3879static void ataPIOTransfer(PATACONTROLLER pCtl)
3880{
3881 ATADevState *s;
3882
3883 s = &pCtl->aIfs[pCtl->iAIOIf];
3884 Log3(("%s: if=%p\n", __FUNCTION__, s));
3885
3886 if (s->cbTotalTransfer && s->iIOBufferCur > s->iIOBufferEnd)
3887 {
3888 LogRel(("PIIX3 ATA: LUN#%d: %s data in the middle of a PIO transfer - VERY SLOW\n", s->iLUN, s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE ? "loading" : "storing"));
3889 /* Any guest OS that triggers this case has a pathetic ATA driver.
3890 * In a real system it would block the CPU via IORDY, here we do it
3891 * very similarly by not continuing with the current instruction
3892 * until the transfer to/from the storage medium is completed. */
3893 if (s->iSourceSink != ATAFN_SS_NULL)
3894 {
3895 bool fRedo;
3896 uint8_t status = s->uATARegStatus;
3897 ataSetStatusValue(s, ATA_STAT_BUSY);
3898 Log2(("%s: calling source/sink function\n", __FUNCTION__));
3899 fRedo = g_apfnSourceSinkFuncs[s->iSourceSink](s);
3900 pCtl->fRedo = fRedo;
3901 if (RT_UNLIKELY(fRedo))
3902 return;
3903 ataSetStatusValue(s, status);
3904 s->iIOBufferCur = 0;
3905 s->iIOBufferEnd = s->cbElementaryTransfer;
3906 }
3907 }
3908 if (s->cbTotalTransfer)
3909 {
3910 if (s->fATAPITransfer)
3911 ataPIOTransferLimitATAPI(s);
3912
3913 if (s->uTxDir == PDMBLOCKTXDIR_TO_DEVICE && s->cbElementaryTransfer > s->cbTotalTransfer)
3914 s->cbElementaryTransfer = s->cbTotalTransfer;
3915
3916 Log2(("%s: %s tx_size=%d elem_tx_size=%d index=%d end=%d\n",
3917 __FUNCTION__, s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE ? "T2I" : "I2T",
3918 s->cbTotalTransfer, s->cbElementaryTransfer,
3919 s->iIOBufferCur, s->iIOBufferEnd));
3920 ataPIOTransferStart(s, s->iIOBufferCur, s->cbElementaryTransfer);
3921 s->cbTotalTransfer -= s->cbElementaryTransfer;
3922 s->iIOBufferCur += s->cbElementaryTransfer;
3923
3924 if (s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE && s->cbElementaryTransfer > s->cbTotalTransfer)
3925 s->cbElementaryTransfer = s->cbTotalTransfer;
3926 }
3927 else
3928 ataPIOTransferStop(s);
3929}
3930
3931
3932DECLINLINE(void) ataPIOTransferFinish(PATACONTROLLER pCtl, ATADevState *s)
3933{
3934 /* Do not interfere with RESET processing if the PIO transfer finishes
3935 * while the RESET line is asserted. */
3936 if (pCtl->fReset)
3937 {
3938 Log2(("%s: Ctl#%d: suppressed continuing PIO transfer as RESET is active\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
3939 return;
3940 }
3941
3942 if ( s->uTxDir == PDMBLOCKTXDIR_TO_DEVICE
3943 || ( s->iSourceSink != ATAFN_SS_NULL
3944 && s->iIOBufferCur >= s->iIOBufferEnd))
3945 {
3946 /* Need to continue the transfer in the async I/O thread. This is
3947 * the case for write operations or generally for not yet finished
3948 * transfers (some data might need to be read). */
3949 ataUnsetStatus(s, ATA_STAT_READY | ATA_STAT_DRQ);
3950 ataSetStatus(s, ATA_STAT_BUSY);
3951
3952 Log2(("%s: Ctl#%d: message to async I/O thread, continuing PIO transfer\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
3953 ataAsyncIOPutRequest(pCtl, &ataPIORequest);
3954 }
3955 else
3956 {
3957 /* Either everything finished (though some data might still be pending)
3958 * or some data is pending before the next read is due. */
3959
3960 /* Continue a previously started transfer. */
3961 ataUnsetStatus(s, ATA_STAT_DRQ);
3962 ataSetStatus(s, ATA_STAT_READY);
3963
3964 if (s->cbTotalTransfer)
3965 {
3966 /* There is more to transfer, happens usually for large ATAPI
3967 * reads - the protocol limits the chunk size to 65534 bytes. */
3968 ataPIOTransfer(pCtl);
3969 ataSetIRQ(s);
3970 }
3971 else
3972 {
3973 Log2(("%s: Ctl#%d: skipping message to async I/O thread, ending PIO transfer\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
3974 /* Finish PIO transfer. */
3975 ataPIOTransfer(pCtl);
3976 Assert(!pCtl->fRedo);
3977 }
3978 }
3979}
3980
3981#endif /* IN_RING3 */
3982
3983static int ataDataWrite(PATACONTROLLER pCtl, uint32_t addr, uint32_t cbSize, const uint8_t *pbBuf)
3984{
3985 ATADevState *s = &pCtl->aIfs[pCtl->iSelectedIf];
3986 uint8_t *p;
3987
3988 if (s->iIOBufferPIODataStart < s->iIOBufferPIODataEnd)
3989 {
3990 Assert(s->uTxDir == PDMBLOCKTXDIR_TO_DEVICE);
3991 p = s->CTX_SUFF(pbIOBuffer) + s->iIOBufferPIODataStart;
3992#ifndef IN_RING3
3993 /* All but the last transfer unit is simple enough for GC, but
3994 * sending a request to the async IO thread is too complicated. */
3995 if (s->iIOBufferPIODataStart + cbSize < s->iIOBufferPIODataEnd)
3996 {
3997 memcpy(p, pbBuf, cbSize);
3998 s->iIOBufferPIODataStart += cbSize;
3999 }
4000 else
4001 return VINF_IOM_HC_IOPORT_WRITE;
4002#else /* IN_RING3 */
4003 memcpy(p, pbBuf, cbSize);
4004 s->iIOBufferPIODataStart += cbSize;
4005 if (s->iIOBufferPIODataStart >= s->iIOBufferPIODataEnd)
4006 ataPIOTransferFinish(pCtl, s);
4007#endif /* !IN_RING3 */
4008 }
4009 else
4010 Log2(("%s: DUMMY data\n", __FUNCTION__));
4011 Log3(("%s: addr=%#x val=%.*Rhxs\n", __FUNCTION__, addr, cbSize, pbBuf));
4012 return VINF_SUCCESS;
4013}
4014
4015static int ataDataRead(PATACONTROLLER pCtl, uint32_t addr, uint32_t cbSize, uint8_t *pbBuf)
4016{
4017 ATADevState *s = &pCtl->aIfs[pCtl->iSelectedIf];
4018 uint8_t *p;
4019
4020 if (s->iIOBufferPIODataStart < s->iIOBufferPIODataEnd)
4021 {
4022 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
4023 p = s->CTX_SUFF(pbIOBuffer) + s->iIOBufferPIODataStart;
4024#ifndef IN_RING3
4025 /* All but the last transfer unit is simple enough for GC, but
4026 * sending a request to the async IO thread is too complicated. */
4027 if (s->iIOBufferPIODataStart + cbSize < s->iIOBufferPIODataEnd)
4028 {
4029 memcpy(pbBuf, p, cbSize);
4030 s->iIOBufferPIODataStart += cbSize;
4031 }
4032 else
4033 return VINF_IOM_HC_IOPORT_READ;
4034#else /* IN_RING3 */
4035 memcpy(pbBuf, p, cbSize);
4036 s->iIOBufferPIODataStart += cbSize;
4037 if (s->iIOBufferPIODataStart >= s->iIOBufferPIODataEnd)
4038 ataPIOTransferFinish(pCtl, s);
4039#endif /* !IN_RING3 */
4040 }
4041 else
4042 {
4043 Log2(("%s: DUMMY data\n", __FUNCTION__));
4044 memset(pbBuf, '\xff', cbSize);
4045 }
4046 Log3(("%s: addr=%#x val=%.*Rhxs\n", __FUNCTION__, addr, cbSize, pbBuf));
4047 return VINF_SUCCESS;
4048}
4049
4050#ifdef IN_RING3
4051
4052static void ataDMATransferStop(ATADevState *s)
4053{
4054 s->cbTotalTransfer = 0;
4055 s->cbElementaryTransfer = 0;
4056 s->iBeginTransfer = ATAFN_BT_NULL;
4057 s->iSourceSink = ATAFN_SS_NULL;
4058}
4059
4060
4061/**
4062 * Perform the entire DMA transfer in one go (unless a source/sink operation
4063 * has to be redone or a RESET comes in between). Unlike the PIO counterpart
4064 * this function cannot handle empty transfers.
4065 *
4066 * @param pCtl Controller for which to perform the transfer.
4067 */
4068static void ataDMATransfer(PATACONTROLLER pCtl)
4069{
4070 PPDMDEVINS pDevIns = CONTROLLER_2_DEVINS(pCtl);
4071 ATADevState *s = &pCtl->aIfs[pCtl->iAIOIf];
4072 bool fRedo;
4073 RTGCPHYS32 pDesc;
4074 uint32_t cbTotalTransfer, cbElementaryTransfer;
4075 uint32_t iIOBufferCur, iIOBufferEnd;
4076 uint32_t dmalen;
4077 PDMBLOCKTXDIR uTxDir;
4078 bool fLastDesc = false;
4079
4080 Assert(sizeof(BMDMADesc) == 8);
4081
4082 fRedo = pCtl->fRedo;
4083 if (RT_LIKELY(!fRedo))
4084 Assert(s->cbTotalTransfer);
4085 uTxDir = (PDMBLOCKTXDIR)s->uTxDir;
4086 cbTotalTransfer = s->cbTotalTransfer;
4087 cbElementaryTransfer = s->cbElementaryTransfer;
4088 iIOBufferCur = s->iIOBufferCur;
4089 iIOBufferEnd = s->iIOBufferEnd;
4090
4091 /* The DMA loop is designed to hold the lock only when absolutely
4092 * necessary. This avoids long freezes should the guest access the
4093 * ATA registers etc. for some reason. */
4094 PDMCritSectLeave(&pCtl->lock);
4095
4096 Log2(("%s: %s tx_size=%d elem_tx_size=%d index=%d end=%d\n",
4097 __FUNCTION__, uTxDir == PDMBLOCKTXDIR_FROM_DEVICE ? "T2I" : "I2T",
4098 cbTotalTransfer, cbElementaryTransfer,
4099 iIOBufferCur, iIOBufferEnd));
4100 for (pDesc = pCtl->pFirstDMADesc; pDesc <= pCtl->pLastDMADesc; pDesc += sizeof(BMDMADesc))
4101 {
4102 BMDMADesc DMADesc;
4103 RTGCPHYS32 pBuffer;
4104 uint32_t cbBuffer;
4105
4106 if (RT_UNLIKELY(fRedo))
4107 {
4108 pBuffer = pCtl->pRedoDMABuffer;
4109 cbBuffer = pCtl->cbRedoDMABuffer;
4110 fLastDesc = pCtl->fRedoDMALastDesc;
4111 }
4112 else
4113 {
4114 PDMDevHlpPhysRead(pDevIns, pDesc, &DMADesc, sizeof(BMDMADesc));
4115 pBuffer = RT_LE2H_U32(DMADesc.pBuffer);
4116 cbBuffer = RT_LE2H_U32(DMADesc.cbBuffer);
4117 fLastDesc = !!(cbBuffer & 0x80000000);
4118 cbBuffer &= 0xfffe;
4119 if (cbBuffer == 0)
4120 cbBuffer = 0x10000;
4121 if (cbBuffer > cbTotalTransfer)
4122 cbBuffer = cbTotalTransfer;
4123 }
4124
4125 while (RT_UNLIKELY(fRedo) || (cbBuffer && cbTotalTransfer))
4126 {
4127 if (RT_LIKELY(!fRedo))
4128 {
4129 dmalen = RT_MIN(cbBuffer, iIOBufferEnd - iIOBufferCur);
4130 Log2(("%s: DMA desc %#010x: addr=%#010x size=%#010x\n", __FUNCTION__,
4131 (int)pDesc, pBuffer, cbBuffer));
4132 if (uTxDir == PDMBLOCKTXDIR_FROM_DEVICE)
4133 PDMDevHlpPhysWrite(pDevIns, pBuffer, s->CTX_SUFF(pbIOBuffer) + iIOBufferCur, dmalen);
4134 else
4135 PDMDevHlpPhysRead(pDevIns, pBuffer, s->CTX_SUFF(pbIOBuffer) + iIOBufferCur, dmalen);
4136 iIOBufferCur += dmalen;
4137 cbTotalTransfer -= dmalen;
4138 cbBuffer -= dmalen;
4139 pBuffer += dmalen;
4140 }
4141 if ( iIOBufferCur == iIOBufferEnd
4142 && (uTxDir == PDMBLOCKTXDIR_TO_DEVICE || cbTotalTransfer))
4143 {
4144 if (uTxDir == PDMBLOCKTXDIR_FROM_DEVICE && cbElementaryTransfer > cbTotalTransfer)
4145 cbElementaryTransfer = cbTotalTransfer;
4146
4147 {
4148 STAM_PROFILE_START(&pCtl->StatLockWait, a);
4149 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
4150 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
4151 }
4152
4153 /* The RESET handler could have cleared the DMA transfer
4154 * state (since we didn't hold the lock until just now
4155 * the guest can continue in parallel). If so, the state
4156 * is already set up so the loop is exited immediately. */
4157 if (s->iSourceSink != ATAFN_SS_NULL)
4158 {
4159 s->iIOBufferCur = iIOBufferCur;
4160 s->iIOBufferEnd = iIOBufferEnd;
4161 s->cbElementaryTransfer = cbElementaryTransfer;
4162 s->cbTotalTransfer = cbTotalTransfer;
4163 Log2(("%s: calling source/sink function\n", __FUNCTION__));
4164 fRedo = g_apfnSourceSinkFuncs[s->iSourceSink](s);
4165 if (RT_UNLIKELY(fRedo))
4166 {
4167 pCtl->pFirstDMADesc = pDesc;
4168 pCtl->pRedoDMABuffer = pBuffer;
4169 pCtl->cbRedoDMABuffer = cbBuffer;
4170 pCtl->fRedoDMALastDesc = fLastDesc;
4171 }
4172 else
4173 {
4174 cbTotalTransfer = s->cbTotalTransfer;
4175 cbElementaryTransfer = s->cbElementaryTransfer;
4176
4177 if (uTxDir == PDMBLOCKTXDIR_TO_DEVICE && cbElementaryTransfer > cbTotalTransfer)
4178 cbElementaryTransfer = cbTotalTransfer;
4179 iIOBufferCur = 0;
4180 iIOBufferEnd = cbElementaryTransfer;
4181 }
4182 pCtl->fRedo = fRedo;
4183 }
4184 else
4185 {
4186 /* This forces the loop to exit immediately. */
4187 pDesc = pCtl->pLastDMADesc + 1;
4188 }
4189
4190 PDMCritSectLeave(&pCtl->lock);
4191 if (RT_UNLIKELY(fRedo))
4192 break;
4193 }
4194 }
4195
4196 if (RT_UNLIKELY(fRedo))
4197 break;
4198
4199 /* end of transfer */
4200 if (!cbTotalTransfer || fLastDesc)
4201 break;
4202
4203 {
4204 STAM_PROFILE_START(&pCtl->StatLockWait, a);
4205 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
4206 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
4207 }
4208
4209 if (!(pCtl->BmDma.u8Cmd & BM_CMD_START) || pCtl->fReset)
4210 {
4211 LogRel(("PIIX3 ATA: Ctl#%d: ABORT DMA%s\n", ATACONTROLLER_IDX(pCtl), pCtl->fReset ? " due to RESET" : ""));
4212 if (!pCtl->fReset)
4213 ataDMATransferStop(s);
4214 /* This forces the loop to exit immediately. */
4215 pDesc = pCtl->pLastDMADesc + 1;
4216 }
4217
4218 PDMCritSectLeave(&pCtl->lock);
4219 }
4220
4221 {
4222 STAM_PROFILE_START(&pCtl->StatLockWait, a);
4223 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
4224 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
4225 }
4226
4227 if (RT_UNLIKELY(fRedo))
4228 return;
4229
4230 if (fLastDesc)
4231 pCtl->BmDma.u8Status &= ~BM_STATUS_DMAING;
4232 s->cbTotalTransfer = cbTotalTransfer;
4233 s->cbElementaryTransfer = cbElementaryTransfer;
4234 s->iIOBufferCur = iIOBufferCur;
4235 s->iIOBufferEnd = iIOBufferEnd;
4236}
4237
4238
4239/**
4240 * Suspend I/O operations on a controller. Also suspends EMT, because it's
4241 * waiting for I/O to make progress. The next attempt to perform an I/O
4242 * operation will be made when EMT is resumed up again (as the resume
4243 * callback below restarts I/O).
4244 *
4245 * @param pCtl Controller for which to suspend I/O.
4246 */
4247static void ataSuspendRedo(PATACONTROLLER pCtl)
4248{
4249 PPDMDEVINS pDevIns = CONTROLLER_2_DEVINS(pCtl);
4250 PVMREQ pReq;
4251 int rc;
4252
4253 pCtl->fRedoIdle = true;
4254 rc = VMR3ReqCall(PDMDevHlpGetVM(pDevIns), VMREQDEST_ANY, &pReq, RT_INDEFINITE_WAIT,
4255 (PFNRT)PDMDevHlpVMSuspend, 1, pDevIns);
4256 AssertReleaseRC(rc);
4257 VMR3ReqFree(pReq);
4258}
4259
4260/** Asynch I/O thread for an interface. Once upon a time this was readable
4261 * code with several loops and a different semaphore for each purpose. But
4262 * then came the "how can one save the state in the middle of a PIO transfer"
4263 * question. The solution was to use an ASM, which is what's there now. */
4264static DECLCALLBACK(int) ataAsyncIOLoop(RTTHREAD ThreadSelf, void *pvUser)
4265{
4266 const ATARequest *pReq;
4267 uint64_t u64TS = 0; /* shut up gcc */
4268 uint64_t uWait;
4269 int rc = VINF_SUCCESS;
4270 PATACONTROLLER pCtl = (PATACONTROLLER)pvUser;
4271 ATADevState *s;
4272
4273 pReq = NULL;
4274 pCtl->fChainedTransfer = false;
4275 while (!pCtl->fShutdown)
4276 {
4277 /* Keep this thread from doing anything as long as EMT is suspended. */
4278 while (pCtl->fRedoIdle)
4279 {
4280 rc = RTSemEventWait(pCtl->SuspendIOSem, RT_INDEFINITE_WAIT);
4281 if (RT_FAILURE(rc) || pCtl->fShutdown)
4282 break;
4283
4284 pCtl->fRedoIdle = false;
4285 }
4286
4287 /* Wait for work. */
4288 if (pReq == NULL)
4289 {
4290 LogBird(("ata: %x: going to sleep...\n", pCtl->IOPortBase1));
4291 rc = RTSemEventWait(pCtl->AsyncIOSem, RT_INDEFINITE_WAIT);
4292 LogBird(("ata: %x: waking up\n", pCtl->IOPortBase1));
4293 if (RT_FAILURE(rc) || pCtl->fShutdown)
4294 break;
4295
4296 pReq = ataAsyncIOGetCurrentRequest(pCtl);
4297 }
4298
4299 if (pReq == NULL)
4300 continue;
4301
4302 ATAAIO ReqType = pReq->ReqType;
4303
4304 Log2(("%s: Ctl#%d: state=%d, req=%d\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl), pCtl->uAsyncIOState, ReqType));
4305 if (pCtl->uAsyncIOState != ReqType)
4306 {
4307 /* The new state is not the state that was expected by the normal
4308 * state changes. This is either a RESET/ABORT or there's something
4309 * really strange going on. */
4310 if ( (pCtl->uAsyncIOState == ATA_AIO_PIO || pCtl->uAsyncIOState == ATA_AIO_DMA)
4311 && (ReqType == ATA_AIO_PIO || ReqType == ATA_AIO_DMA))
4312 {
4313 /* Incorrect sequence of PIO/DMA states. Dump request queue. */
4314 ataAsyncIODumpRequests(pCtl);
4315 }
4316 AssertReleaseMsg(ReqType == ATA_AIO_RESET_ASSERTED || ReqType == ATA_AIO_RESET_CLEARED || ReqType == ATA_AIO_ABORT || pCtl->uAsyncIOState == ReqType, ("I/O state inconsistent: state=%d request=%d\n", pCtl->uAsyncIOState, ReqType));
4317 }
4318
4319 /* Do our work. */
4320 {
4321 STAM_PROFILE_START(&pCtl->StatLockWait, a);
4322 LogBird(("ata: %x: entering critsect\n", pCtl->IOPortBase1));
4323 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
4324 LogBird(("ata: %x: entered\n", pCtl->IOPortBase1));
4325 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
4326 }
4327
4328 if (pCtl->uAsyncIOState == ATA_AIO_NEW && !pCtl->fChainedTransfer)
4329 {
4330 u64TS = RTTimeNanoTS();
4331#if defined(DEBUG) || defined(VBOX_WITH_STATISTICS)
4332 STAM_PROFILE_ADV_START(&pCtl->StatAsyncTime, a);
4333#endif /* DEBUG || VBOX_WITH_STATISTICS */
4334 }
4335
4336 switch (ReqType)
4337 {
4338 case ATA_AIO_NEW:
4339
4340 pCtl->iAIOIf = pReq->u.t.iIf;
4341 s = &pCtl->aIfs[pCtl->iAIOIf];
4342 s->cbTotalTransfer = pReq->u.t.cbTotalTransfer;
4343 s->uTxDir = pReq->u.t.uTxDir;
4344 s->iBeginTransfer = pReq->u.t.iBeginTransfer;
4345 s->iSourceSink = pReq->u.t.iSourceSink;
4346 s->iIOBufferEnd = 0;
4347 s->u64CmdTS = u64TS;
4348
4349 if (s->fATAPI)
4350 {
4351 if (pCtl->fChainedTransfer)
4352 {
4353 /* Only count the actual transfers, not the PIO
4354 * transfer of the ATAPI command bytes. */
4355 if (s->fDMA)
4356 STAM_REL_COUNTER_INC(&s->StatATAPIDMA);
4357 else
4358 STAM_REL_COUNTER_INC(&s->StatATAPIPIO);
4359 }
4360 }
4361 else
4362 {
4363 if (s->fDMA)
4364 STAM_REL_COUNTER_INC(&s->StatATADMA);
4365 else
4366 STAM_REL_COUNTER_INC(&s->StatATAPIO);
4367 }
4368
4369 pCtl->fChainedTransfer = false;
4370
4371 if (s->iBeginTransfer != ATAFN_BT_NULL)
4372 {
4373 Log2(("%s: Ctl#%d: calling begin transfer function\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
4374 g_apfnBeginTransFuncs[s->iBeginTransfer](s);
4375 s->iBeginTransfer = ATAFN_BT_NULL;
4376 if (s->uTxDir != PDMBLOCKTXDIR_FROM_DEVICE)
4377 s->iIOBufferEnd = s->cbElementaryTransfer;
4378 }
4379 else
4380 {
4381 s->cbElementaryTransfer = s->cbTotalTransfer;
4382 s->iIOBufferEnd = s->cbTotalTransfer;
4383 }
4384 s->iIOBufferCur = 0;
4385
4386 if (s->uTxDir != PDMBLOCKTXDIR_TO_DEVICE)
4387 {
4388 if (s->iSourceSink != ATAFN_SS_NULL)
4389 {
4390 bool fRedo;
4391 Log2(("%s: Ctl#%d: calling source/sink function\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
4392 fRedo = g_apfnSourceSinkFuncs[s->iSourceSink](s);
4393 pCtl->fRedo = fRedo;
4394 if (RT_UNLIKELY(fRedo))
4395 {
4396 /* Operation failed at the initial transfer, restart
4397 * everything from scratch by resending the current
4398 * request. Occurs very rarely, not worth optimizing. */
4399 LogRel(("%s: Ctl#%d: redo entire operation\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
4400 ataAsyncIOPutRequest(pCtl, pReq);
4401 ataSuspendRedo(pCtl);
4402 break;
4403 }
4404 }
4405 else
4406 ataCmdOK(s, 0);
4407 s->iIOBufferEnd = s->cbElementaryTransfer;
4408
4409 }
4410
4411 /* Do not go into the transfer phase if RESET is asserted.
4412 * The CritSect is released while waiting for the host OS
4413 * to finish the I/O, thus RESET is possible here. Most
4414 * important: do not change uAsyncIOState. */
4415 if (pCtl->fReset)
4416 break;
4417
4418 if (s->fDMA)
4419 {
4420 if (s->cbTotalTransfer)
4421 {
4422 ataSetStatus(s, ATA_STAT_DRQ);
4423
4424 pCtl->uAsyncIOState = ATA_AIO_DMA;
4425 /* If BMDMA is already started, do the transfer now. */
4426 if (pCtl->BmDma.u8Cmd & BM_CMD_START)
4427 {
4428 Log2(("%s: Ctl#%d: message to async I/O thread, continuing DMA transfer immediately\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
4429 ataAsyncIOPutRequest(pCtl, &ataDMARequest);
4430 }
4431 }
4432 else
4433 {
4434 Assert(s->uTxDir == PDMBLOCKTXDIR_NONE); /* Any transfer which has an initial transfer size of 0 must be marked as such. */
4435 /* Finish DMA transfer. */
4436 ataDMATransferStop(s);
4437 ataSetIRQ(s);
4438 pCtl->uAsyncIOState = ATA_AIO_NEW;
4439 }
4440 }
4441 else
4442 {
4443 if (s->cbTotalTransfer)
4444 {
4445 ataPIOTransfer(pCtl);
4446 Assert(!pCtl->fRedo);
4447 if (s->fATAPITransfer || s->uTxDir != PDMBLOCKTXDIR_TO_DEVICE)
4448 ataSetIRQ(s);
4449
4450 if (s->uTxDir == PDMBLOCKTXDIR_TO_DEVICE || s->iSourceSink != ATAFN_SS_NULL)
4451 {
4452 /* Write operations and not yet finished transfers
4453 * must be completed in the async I/O thread. */
4454 pCtl->uAsyncIOState = ATA_AIO_PIO;
4455 }
4456 else
4457 {
4458 /* Finished read operation can be handled inline
4459 * in the end of PIO transfer handling code. Linux
4460 * depends on this, as it waits only briefly for
4461 * devices to become ready after incoming data
4462 * transfer. Cannot find anything in the ATA spec
4463 * that backs this assumption, but as all kernels
4464 * are affected (though most of the time it does
4465 * not cause any harm) this must work. */
4466 pCtl->uAsyncIOState = ATA_AIO_NEW;
4467 }
4468 }
4469 else
4470 {
4471 Assert(s->uTxDir == PDMBLOCKTXDIR_NONE); /* Any transfer which has an initial transfer size of 0 must be marked as such. */
4472 /* Finish PIO transfer. */
4473 ataPIOTransfer(pCtl);
4474 Assert(!pCtl->fRedo);
4475 if (!s->fATAPITransfer)
4476 ataSetIRQ(s);
4477 pCtl->uAsyncIOState = ATA_AIO_NEW;
4478 }
4479 }
4480 break;
4481
4482 case ATA_AIO_DMA:
4483 {
4484 BMDMAState *bm = &pCtl->BmDma;
4485 s = &pCtl->aIfs[pCtl->iAIOIf]; /* Do not remove or there's an instant crash after loading the saved state */
4486 ATAFNSS iOriginalSourceSink = (ATAFNSS)s->iSourceSink; /* Used by the hack below, but gets reset by then. */
4487
4488 if (s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE)
4489 AssertRelease(bm->u8Cmd & BM_CMD_WRITE);
4490 else
4491 AssertRelease(!(bm->u8Cmd & BM_CMD_WRITE));
4492
4493 if (RT_LIKELY(!pCtl->fRedo))
4494 {
4495 /* The specs say that the descriptor table must not cross a
4496 * 4K boundary. */
4497 pCtl->pFirstDMADesc = bm->pvAddr;
4498 pCtl->pLastDMADesc = RT_ALIGN_32(bm->pvAddr + 1, _4K) - sizeof(BMDMADesc);
4499 }
4500 ataDMATransfer(pCtl);
4501
4502 if (RT_UNLIKELY(pCtl->fRedo))
4503 {
4504 LogRel(("PIIX3 ATA: Ctl#%d: redo DMA operation\n", ATACONTROLLER_IDX(pCtl)));
4505 ataAsyncIOPutRequest(pCtl, &ataDMARequest);
4506 ataSuspendRedo(pCtl);
4507 break;
4508 }
4509
4510 /* The infamous delay IRQ hack. */
4511 if ( iOriginalSourceSink == ATAFN_SS_WRITE_SECTORS
4512 && s->cbTotalTransfer == 0
4513 && pCtl->DelayIRQMillies)
4514 {
4515 /* Delay IRQ for writing. Required to get the Win2K
4516 * installation work reliably (otherwise it crashes,
4517 * usually during component install). So far no better
4518 * solution has been found. */
4519 Log(("%s: delay IRQ hack\n", __FUNCTION__));
4520 PDMCritSectLeave(&pCtl->lock);
4521 RTThreadSleep(pCtl->DelayIRQMillies);
4522 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
4523 }
4524
4525 ataUnsetStatus(s, ATA_STAT_DRQ);
4526 Assert(!pCtl->fChainedTransfer);
4527 Assert(s->iSourceSink == ATAFN_SS_NULL);
4528 if (s->fATAPITransfer)
4529 {
4530 s->uATARegNSector = (s->uATARegNSector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
4531 Log2(("%s: Ctl#%d: interrupt reason %#04x\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl), s->uATARegNSector));
4532 s->fATAPITransfer = false;
4533 }
4534 ataSetIRQ(s);
4535 pCtl->uAsyncIOState = ATA_AIO_NEW;
4536 break;
4537 }
4538
4539 case ATA_AIO_PIO:
4540 s = &pCtl->aIfs[pCtl->iAIOIf]; /* Do not remove or there's an instant crash after loading the saved state */
4541
4542 if (s->iSourceSink != ATAFN_SS_NULL)
4543 {
4544 bool fRedo;
4545 Log2(("%s: Ctl#%d: calling source/sink function\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
4546 fRedo = g_apfnSourceSinkFuncs[s->iSourceSink](s);
4547 pCtl->fRedo = fRedo;
4548 if (RT_UNLIKELY(fRedo))
4549 {
4550 LogRel(("PIIX3 ATA: Ctl#%d: redo PIO operation\n", ATACONTROLLER_IDX(pCtl)));
4551 ataAsyncIOPutRequest(pCtl, &ataPIORequest);
4552 ataSuspendRedo(pCtl);
4553 break;
4554 }
4555 s->iIOBufferCur = 0;
4556 s->iIOBufferEnd = s->cbElementaryTransfer;
4557 }
4558 else
4559 {
4560 /* Continue a previously started transfer. */
4561 ataUnsetStatus(s, ATA_STAT_BUSY);
4562 ataSetStatus(s, ATA_STAT_READY);
4563 }
4564
4565 /* It is possible that the drives on this controller get RESET
4566 * during the above call to the source/sink function. If that's
4567 * the case, don't restart the transfer and don't finish it the
4568 * usual way. RESET handling took care of all that already.
4569 * Most important: do not change uAsyncIOState. */
4570 if (pCtl->fReset)
4571 break;
4572
4573 if (s->cbTotalTransfer)
4574 {
4575 ataPIOTransfer(pCtl);
4576 ataSetIRQ(s);
4577
4578 if (s->uTxDir == PDMBLOCKTXDIR_TO_DEVICE || s->iSourceSink != ATAFN_SS_NULL)
4579 {
4580 /* Write operations and not yet finished transfers
4581 * must be completed in the async I/O thread. */
4582 pCtl->uAsyncIOState = ATA_AIO_PIO;
4583 }
4584 else
4585 {
4586 /* Finished read operation can be handled inline
4587 * in the end of PIO transfer handling code. Linux
4588 * depends on this, as it waits only briefly for
4589 * devices to become ready after incoming data
4590 * transfer. Cannot find anything in the ATA spec
4591 * that backs this assumption, but as all kernels
4592 * are affected (though most of the time it does
4593 * not cause any harm) this must work. */
4594 pCtl->uAsyncIOState = ATA_AIO_NEW;
4595 }
4596 }
4597 else
4598 {
4599 /* Finish PIO transfer. */
4600 ataPIOTransfer(pCtl);
4601 if ( !pCtl->fChainedTransfer
4602 && !s->fATAPITransfer
4603 && s->uTxDir != PDMBLOCKTXDIR_FROM_DEVICE)
4604 {
4605 ataSetIRQ(s);
4606 }
4607 pCtl->uAsyncIOState = ATA_AIO_NEW;
4608 }
4609 break;
4610
4611 case ATA_AIO_RESET_ASSERTED:
4612 pCtl->uAsyncIOState = ATA_AIO_RESET_CLEARED;
4613 ataPIOTransferStop(&pCtl->aIfs[0]);
4614 ataPIOTransferStop(&pCtl->aIfs[1]);
4615 /* Do not change the DMA registers, they are not affected by the
4616 * ATA controller reset logic. It should be sufficient to issue a
4617 * new command, which is now possible as the state is cleared. */
4618 break;
4619
4620 case ATA_AIO_RESET_CLEARED:
4621 pCtl->uAsyncIOState = ATA_AIO_NEW;
4622 pCtl->fReset = false;
4623 LogRel(("PIIX3 ATA: Ctl#%d: finished processing RESET\n",
4624 ATACONTROLLER_IDX(pCtl)));
4625 for (uint32_t i = 0; i < RT_ELEMENTS(pCtl->aIfs); i++)
4626 {
4627 if (pCtl->aIfs[i].fATAPI)
4628 ataSetStatusValue(&pCtl->aIfs[i], 0); /* NOTE: READY is _not_ set */
4629 else
4630 ataSetStatusValue(&pCtl->aIfs[i], ATA_STAT_READY | ATA_STAT_SEEK);
4631 ataSetSignature(&pCtl->aIfs[i]);
4632 }
4633 break;
4634
4635 case ATA_AIO_ABORT:
4636 /* Abort the current command only if it operates on the same interface. */
4637 if (pCtl->iAIOIf == pReq->u.a.iIf)
4638 {
4639 s = &pCtl->aIfs[pCtl->iAIOIf];
4640
4641 pCtl->uAsyncIOState = ATA_AIO_NEW;
4642 /* Do not change the DMA registers, they are not affected by the
4643 * ATA controller reset logic. It should be sufficient to issue a
4644 * new command, which is now possible as the state is cleared. */
4645 if (pReq->u.a.fResetDrive)
4646 {
4647 ataResetDevice(s);
4648 ataExecuteDeviceDiagnosticSS(s);
4649 }
4650 else
4651 {
4652 ataPIOTransferStop(s);
4653 ataUnsetStatus(s, ATA_STAT_BUSY | ATA_STAT_DRQ | ATA_STAT_SEEK | ATA_STAT_ERR);
4654 ataSetStatus(s, ATA_STAT_READY);
4655 ataSetIRQ(s);
4656 }
4657 }
4658 break;
4659
4660 default:
4661 AssertMsgFailed(("Undefined async I/O state %d\n", pCtl->uAsyncIOState));
4662 }
4663
4664 ataAsyncIORemoveCurrentRequest(pCtl, ReqType);
4665 pReq = ataAsyncIOGetCurrentRequest(pCtl);
4666
4667 if (pCtl->uAsyncIOState == ATA_AIO_NEW && !pCtl->fChainedTransfer)
4668 {
4669#if defined(DEBUG) || defined(VBOX_WITH_STATISTICS)
4670 STAM_PROFILE_ADV_STOP(&pCtl->StatAsyncTime, a);
4671#endif /* DEBUG || VBOX_WITH_STATISTICS */
4672
4673 u64TS = RTTimeNanoTS() - u64TS;
4674 uWait = u64TS / 1000;
4675 Log(("%s: Ctl#%d: LUN#%d finished I/O transaction in %d microseconds\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl), pCtl->aIfs[pCtl->iAIOIf].iLUN, (uint32_t)(uWait)));
4676 /* Mark command as finished. */
4677 pCtl->aIfs[pCtl->iAIOIf].u64CmdTS = 0;
4678
4679 /*
4680 * Release logging of command execution times depends on the
4681 * command type. ATAPI commands often take longer (due to CD/DVD
4682 * spin up time etc.) so the threshold is different.
4683 */
4684 if (pCtl->aIfs[pCtl->iAIOIf].uATARegCommand != ATA_PACKET)
4685 {
4686 if (uWait > 8 * 1000 * 1000)
4687 {
4688 /*
4689 * Command took longer than 8 seconds. This is close
4690 * enough or over the guest's command timeout, so place
4691 * an entry in the release log to allow tracking such
4692 * timing errors (which are often caused by the host).
4693 */
4694 LogRel(("PIIX3 ATA: execution time for ATA command %#04x was %d seconds\n", pCtl->aIfs[pCtl->iAIOIf].uATARegCommand, uWait / (1000 * 1000)));
4695 }
4696 }
4697 else
4698 {
4699 if (uWait > 20 * 1000 * 1000)
4700 {
4701 /*
4702 * Command took longer than 20 seconds. This is close
4703 * enough or over the guest's command timeout, so place
4704 * an entry in the release log to allow tracking such
4705 * timing errors (which are often caused by the host).
4706 */
4707 LogRel(("PIIX3 ATA: execution time for ATAPI command %#04x was %d seconds\n", pCtl->aIfs[pCtl->iAIOIf].aATAPICmd[0], uWait / (1000 * 1000)));
4708 }
4709 }
4710
4711#if defined(DEBUG) || defined(VBOX_WITH_STATISTICS)
4712 if (uWait < pCtl->StatAsyncMinWait || !pCtl->StatAsyncMinWait)
4713 pCtl->StatAsyncMinWait = uWait;
4714 if (uWait > pCtl->StatAsyncMaxWait)
4715 pCtl->StatAsyncMaxWait = uWait;
4716
4717 STAM_COUNTER_ADD(&pCtl->StatAsyncTimeUS, uWait);
4718 STAM_COUNTER_INC(&pCtl->StatAsyncOps);
4719#endif /* DEBUG || VBOX_WITH_STATISTICS */
4720 }
4721
4722 LogBird(("ata: %x: leaving critsect\n", pCtl->IOPortBase1));
4723 PDMCritSectLeave(&pCtl->lock);
4724 }
4725
4726 /* Cleanup the state. */
4727 if (pCtl->AsyncIOSem)
4728 {
4729 RTSemEventDestroy(pCtl->AsyncIOSem);
4730 pCtl->AsyncIOSem = NIL_RTSEMEVENT;
4731 }
4732 if (pCtl->SuspendIOSem)
4733 {
4734 RTSemEventDestroy(pCtl->SuspendIOSem);
4735 pCtl->SuspendIOSem = NIL_RTSEMEVENT;
4736 }
4737 /* Do not destroy request mutex yet, still needed for proper shutdown. */
4738 pCtl->fShutdown = false;
4739 /* This must be last, as it also signals thread exit to EMT. */
4740 pCtl->AsyncIOThread = NIL_RTTHREAD;
4741
4742 Log2(("%s: Ctl#%d: return %Rrc\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl), rc));
4743 return rc;
4744}
4745
4746#endif /* IN_RING3 */
4747
4748static uint32_t ataBMDMACmdReadB(PATACONTROLLER pCtl, uint32_t addr)
4749{
4750 uint32_t val = pCtl->BmDma.u8Cmd;
4751 Log2(("%s: addr=%#06x val=%#04x\n", __FUNCTION__, addr, val));
4752 return val;
4753}
4754
4755
4756static void ataBMDMACmdWriteB(PATACONTROLLER pCtl, uint32_t addr, uint32_t val)
4757{
4758 Log2(("%s: addr=%#06x val=%#04x\n", __FUNCTION__, addr, val));
4759 if (!(val & BM_CMD_START))
4760 {
4761 pCtl->BmDma.u8Status &= ~BM_STATUS_DMAING;
4762 pCtl->BmDma.u8Cmd = val & (BM_CMD_START | BM_CMD_WRITE);
4763 }
4764 else
4765 {
4766#ifdef IN_RING3
4767 /* Check whether the guest OS wants to change DMA direction in
4768 * mid-flight. Not allowed, according to the PIIX3 specs. */
4769 Assert(!(pCtl->BmDma.u8Status & BM_STATUS_DMAING) || !((val ^ pCtl->BmDma.u8Cmd) & 0x04));
4770 pCtl->BmDma.u8Status |= BM_STATUS_DMAING;
4771 pCtl->BmDma.u8Cmd = val & (BM_CMD_START | BM_CMD_WRITE);
4772
4773 /* Do not continue DMA transfers while the RESET line is asserted. */
4774 if (pCtl->fReset)
4775 {
4776 Log2(("%s: Ctl#%d: suppressed continuing DMA transfer as RESET is active\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
4777 return;
4778 }
4779
4780 /* Do not start DMA transfers if there's a PIO transfer going on. */
4781 if (!pCtl->aIfs[pCtl->iSelectedIf].fDMA)
4782 return;
4783
4784 if (pCtl->aIfs[pCtl->iAIOIf].uATARegStatus & ATA_STAT_DRQ)
4785 {
4786 Log2(("%s: Ctl#%d: message to async I/O thread, continuing DMA transfer\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
4787 ataAsyncIOPutRequest(pCtl, &ataDMARequest);
4788 }
4789#else /* !IN_RING3 */
4790 AssertMsgFailed(("DMA START handling is too complicated for GC\n"));
4791#endif /* IN_RING3 */
4792 }
4793}
4794
4795static uint32_t ataBMDMAStatusReadB(PATACONTROLLER pCtl, uint32_t addr)
4796{
4797 uint32_t val = pCtl->BmDma.u8Status;
4798 Log2(("%s: addr=%#06x val=%#04x\n", __FUNCTION__, addr, val));
4799 return val;
4800}
4801
4802static void ataBMDMAStatusWriteB(PATACONTROLLER pCtl, uint32_t addr, uint32_t val)
4803{
4804 Log2(("%s: addr=%#06x val=%#04x\n", __FUNCTION__, addr, val));
4805 pCtl->BmDma.u8Status = (val & (BM_STATUS_D0DMA | BM_STATUS_D1DMA))
4806 | (pCtl->BmDma.u8Status & BM_STATUS_DMAING)
4807 | (pCtl->BmDma.u8Status & ~val & (BM_STATUS_ERROR | BM_STATUS_INT));
4808}
4809
4810static uint32_t ataBMDMAAddrReadL(PATACONTROLLER pCtl, uint32_t addr)
4811{
4812 uint32_t val = (uint32_t)pCtl->BmDma.pvAddr;
4813 Log2(("%s: addr=%#06x val=%#010x\n", __FUNCTION__, addr, val));
4814 return val;
4815}
4816
4817static void ataBMDMAAddrWriteL(PATACONTROLLER pCtl, uint32_t addr, uint32_t val)
4818{
4819 Log2(("%s: addr=%#06x val=%#010x\n", __FUNCTION__, addr, val));
4820 pCtl->BmDma.pvAddr = val & ~3;
4821}
4822
4823static void ataBMDMAAddrWriteLowWord(PATACONTROLLER pCtl, uint32_t addr, uint32_t val)
4824{
4825 Log2(("%s: addr=%#06x val=%#010x\n", __FUNCTION__, addr, val));
4826 pCtl->BmDma.pvAddr = (pCtl->BmDma.pvAddr & 0xFFFF0000) | RT_LOWORD(val & ~3);
4827
4828}
4829
4830static void ataBMDMAAddrWriteHighWord(PATACONTROLLER pCtl, uint32_t addr, uint32_t val)
4831{
4832 Log2(("%s: addr=%#06x val=%#010x\n", __FUNCTION__, addr, val));
4833 pCtl->BmDma.pvAddr = (RT_LOWORD(val) << 16) | RT_LOWORD(pCtl->BmDma.pvAddr);
4834}
4835
4836#define VAL(port, size) ( ((port) & 7) | ((size) << 3) )
4837
4838/**
4839 * Port I/O Handler for bus master DMA IN operations.
4840 * @see FNIOMIOPORTIN for details.
4841 */
4842PDMBOTHCBDECL(int) ataBMDMAIOPortRead(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t *pu32, unsigned cb)
4843{
4844 uint32_t i = (uint32_t)(uintptr_t)pvUser;
4845 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
4846 PATACONTROLLER pCtl = &pThis->aCts[i];
4847 int rc;
4848
4849 rc = PDMCritSectEnter(&pCtl->lock, VINF_IOM_HC_IOPORT_READ);
4850 if (rc != VINF_SUCCESS)
4851 return rc;
4852 switch (VAL(Port, cb))
4853 {
4854 case VAL(0, 1): *pu32 = ataBMDMACmdReadB(pCtl, Port); break;
4855 case VAL(0, 2): *pu32 = ataBMDMACmdReadB(pCtl, Port); break;
4856 case VAL(2, 1): *pu32 = ataBMDMAStatusReadB(pCtl, Port); break;
4857 case VAL(2, 2): *pu32 = ataBMDMAStatusReadB(pCtl, Port); break;
4858 case VAL(4, 4): *pu32 = ataBMDMAAddrReadL(pCtl, Port); break;
4859 case VAL(0, 4):
4860 /* The SCO OpenServer tries to read 4 bytes starting from offset 0. */
4861 *pu32 = ataBMDMACmdReadB(pCtl, Port) | (ataBMDMAStatusReadB(pCtl, Port) << 16);
4862 break;
4863 default:
4864 AssertMsgFailed(("%s: Unsupported read from port %x size=%d\n", __FUNCTION__, Port, cb));
4865 PDMCritSectLeave(&pCtl->lock);
4866 return VERR_IOM_IOPORT_UNUSED;
4867 }
4868 PDMCritSectLeave(&pCtl->lock);
4869 return rc;
4870}
4871
4872/**
4873 * Port I/O Handler for bus master DMA OUT operations.
4874 * @see FNIOMIOPORTOUT for details.
4875 */
4876PDMBOTHCBDECL(int) ataBMDMAIOPortWrite(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t u32, unsigned cb)
4877{
4878 uint32_t i = (uint32_t)(uintptr_t)pvUser;
4879 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
4880 PATACONTROLLER pCtl = &pThis->aCts[i];
4881 int rc;
4882
4883 rc = PDMCritSectEnter(&pCtl->lock, VINF_IOM_HC_IOPORT_WRITE);
4884 if (rc != VINF_SUCCESS)
4885 return rc;
4886 switch (VAL(Port, cb))
4887 {
4888 case VAL(0, 1):
4889#ifndef IN_RING3
4890 if (u32 & BM_CMD_START)
4891 {
4892 rc = VINF_IOM_HC_IOPORT_WRITE;
4893 break;
4894 }
4895#endif /* !IN_RING3 */
4896 ataBMDMACmdWriteB(pCtl, Port, u32);
4897 break;
4898 case VAL(2, 1): ataBMDMAStatusWriteB(pCtl, Port, u32); break;
4899 case VAL(4, 4): ataBMDMAAddrWriteL(pCtl, Port, u32); break;
4900 case VAL(4, 2): ataBMDMAAddrWriteLowWord(pCtl, Port, u32); break;
4901 case VAL(6, 2): ataBMDMAAddrWriteHighWord(pCtl, Port, u32); break;
4902 default: AssertMsgFailed(("%s: Unsupported write to port %x size=%d val=%x\n", __FUNCTION__, Port, cb, u32)); break;
4903 }
4904 PDMCritSectLeave(&pCtl->lock);
4905 return rc;
4906}
4907
4908#undef VAL
4909
4910#ifdef IN_RING3
4911
4912/**
4913 * Callback function for mapping an PCI I/O region.
4914 *
4915 * @return VBox status code.
4916 * @param pPciDev Pointer to PCI device. Use pPciDev->pDevIns to get the device instance.
4917 * @param iRegion The region number.
4918 * @param GCPhysAddress Physical address of the region. If iType is PCI_ADDRESS_SPACE_IO, this is an
4919 * I/O port, else it's a physical address.
4920 * This address is *NOT* relative to pci_mem_base like earlier!
4921 * @param enmType One of the PCI_ADDRESS_SPACE_* values.
4922 */
4923static DECLCALLBACK(int) ataBMDMAIORangeMap(PPCIDEVICE pPciDev, /*unsigned*/ int iRegion, RTGCPHYS GCPhysAddress, uint32_t cb, PCIADDRESSSPACE enmType)
4924{
4925 PCIATAState *pThis = PCIDEV_2_PCIATASTATE(pPciDev);
4926 int rc = VINF_SUCCESS;
4927 Assert(enmType == PCI_ADDRESS_SPACE_IO);
4928 Assert(iRegion == 4);
4929 AssertMsg(RT_ALIGN(GCPhysAddress, 8) == GCPhysAddress, ("Expected 8 byte alignment. GCPhysAddress=%#x\n", GCPhysAddress));
4930
4931 /* Register the port range. */
4932 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
4933 {
4934 int rc2 = PDMDevHlpIOPortRegister(pPciDev->pDevIns, (RTIOPORT)GCPhysAddress + i * 8, 8,
4935 (RTHCPTR)i, ataBMDMAIOPortWrite, ataBMDMAIOPortRead, NULL, NULL, "ATA Bus Master DMA");
4936 AssertRC(rc2);
4937 if (rc2 < rc)
4938 rc = rc2;
4939
4940 if (pThis->fGCEnabled)
4941 {
4942 rc2 = PDMDevHlpIOPortRegisterGC(pPciDev->pDevIns, (RTIOPORT)GCPhysAddress + i * 8, 8,
4943 (RTGCPTR)i, "ataBMDMAIOPortWrite", "ataBMDMAIOPortRead", NULL, NULL, "ATA Bus Master DMA");
4944 AssertRC(rc2);
4945 if (rc2 < rc)
4946 rc = rc2;
4947 }
4948 if (pThis->fR0Enabled)
4949 {
4950 rc2 = PDMDevHlpIOPortRegisterR0(pPciDev->pDevIns, (RTIOPORT)GCPhysAddress + i * 8, 8,
4951 (RTR0PTR)i, "ataBMDMAIOPortWrite", "ataBMDMAIOPortRead", NULL, NULL, "ATA Bus Master DMA");
4952 AssertRC(rc2);
4953 if (rc2 < rc)
4954 rc = rc2;
4955 }
4956 }
4957 return rc;
4958}
4959
4960
4961/**
4962 * Reset notification.
4963 *
4964 * @returns VBox status.
4965 * @param pDevIns The device instance data.
4966 */
4967static DECLCALLBACK(void) ataReset(PPDMDEVINS pDevIns)
4968{
4969 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
4970
4971 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
4972 {
4973 pThis->aCts[i].iSelectedIf = 0;
4974 pThis->aCts[i].iAIOIf = 0;
4975 pThis->aCts[i].BmDma.u8Cmd = 0;
4976 /* Report that both drives present on the bus are in DMA mode. This
4977 * pretends that there is a BIOS that has set it up. Normal reset
4978 * default is 0x00. */
4979 pThis->aCts[i].BmDma.u8Status = (pThis->aCts[i].aIfs[0].pDrvBase != NULL ? BM_STATUS_D0DMA : 0)
4980 | (pThis->aCts[i].aIfs[1].pDrvBase != NULL ? BM_STATUS_D1DMA : 0);
4981 pThis->aCts[i].BmDma.pvAddr = 0;
4982
4983 pThis->aCts[i].fReset = true;
4984 pThis->aCts[i].fRedo = false;
4985 pThis->aCts[i].fRedoIdle = false;
4986 ataAsyncIOClearRequests(&pThis->aCts[i]);
4987 Log2(("%s: Ctl#%d: message to async I/O thread, reset controller\n", __FUNCTION__, i));
4988 ataAsyncIOPutRequest(&pThis->aCts[i], &ataResetARequest);
4989 ataAsyncIOPutRequest(&pThis->aCts[i], &ataResetCRequest);
4990 if (!ataWaitForAsyncIOIsIdle(&pThis->aCts[i], 30000))
4991 AssertReleaseMsgFailed(("Async I/O thread busy after reset\n"));
4992
4993 for (uint32_t j = 0; j < RT_ELEMENTS(pThis->aCts[i].aIfs); j++)
4994 ataResetDevice(&pThis->aCts[i].aIfs[j]);
4995 }
4996}
4997
4998
4999/* -=-=-=-=-=- PCIATAState::IBase -=-=-=-=-=- */
5000
5001/**
5002 * Queries an interface to the driver.
5003 *
5004 * @returns Pointer to interface.
5005 * @returns NULL if the interface was not supported by the device.
5006 * @param pInterface Pointer to ATADevState::IBase.
5007 * @param enmInterface The requested interface identification.
5008 */
5009static DECLCALLBACK(void *) ataStatus_QueryInterface(PPDMIBASE pInterface, PDMINTERFACE enmInterface)
5010{
5011 PCIATAState *pThis = PDMIBASE_2_PCIATASTATE(pInterface);
5012 switch (enmInterface)
5013 {
5014 case PDMINTERFACE_BASE:
5015 return &pThis->IBase;
5016 case PDMINTERFACE_LED_PORTS:
5017 return &pThis->ILeds;
5018 default:
5019 return NULL;
5020 }
5021}
5022
5023
5024/* -=-=-=-=-=- PCIATAState::ILeds -=-=-=-=-=- */
5025
5026/**
5027 * Gets the pointer to the status LED of a unit.
5028 *
5029 * @returns VBox status code.
5030 * @param pInterface Pointer to the interface structure containing the called function pointer.
5031 * @param iLUN The unit which status LED we desire.
5032 * @param ppLed Where to store the LED pointer.
5033 */
5034static DECLCALLBACK(int) ataStatus_QueryStatusLed(PPDMILEDPORTS pInterface, unsigned iLUN, PPDMLED *ppLed)
5035{
5036 PCIATAState *pThis = PDMILEDPORTS_2_PCIATASTATE(pInterface);
5037 if (iLUN < 4)
5038 {
5039 switch (iLUN)
5040 {
5041 case 0: *ppLed = &pThis->aCts[0].aIfs[0].Led; break;
5042 case 1: *ppLed = &pThis->aCts[0].aIfs[1].Led; break;
5043 case 2: *ppLed = &pThis->aCts[1].aIfs[0].Led; break;
5044 case 3: *ppLed = &pThis->aCts[1].aIfs[1].Led; break;
5045 }
5046 Assert((*ppLed)->u32Magic == PDMLED_MAGIC);
5047 return VINF_SUCCESS;
5048 }
5049 return VERR_PDM_LUN_NOT_FOUND;
5050}
5051
5052
5053/* -=-=-=-=-=- ATADevState::IBase -=-=-=-=-=- */
5054
5055/**
5056 * Queries an interface to the driver.
5057 *
5058 * @returns Pointer to interface.
5059 * @returns NULL if the interface was not supported by the device.
5060 * @param pInterface Pointer to ATADevState::IBase.
5061 * @param enmInterface The requested interface identification.
5062 */
5063static DECLCALLBACK(void *) ataQueryInterface(PPDMIBASE pInterface, PDMINTERFACE enmInterface)
5064{
5065 ATADevState *pIf = PDMIBASE_2_ATASTATE(pInterface);
5066 switch (enmInterface)
5067 {
5068 case PDMINTERFACE_BASE:
5069 return &pIf->IBase;
5070 case PDMINTERFACE_BLOCK_PORT:
5071 return &pIf->IPort;
5072 case PDMINTERFACE_MOUNT_NOTIFY:
5073 return &pIf->IMountNotify;
5074 default:
5075 return NULL;
5076 }
5077}
5078
5079#endif /* IN_RING3 */
5080
5081
5082/* -=-=-=-=-=- Wrappers -=-=-=-=-=- */
5083
5084/**
5085 * Port I/O Handler for primary port range OUT operations.
5086 * @see FNIOMIOPORTOUT for details.
5087 */
5088PDMBOTHCBDECL(int) ataIOPortWrite1(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t u32, unsigned cb)
5089{
5090 uint32_t i = (uint32_t)(uintptr_t)pvUser;
5091 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5092 PATACONTROLLER pCtl = &pThis->aCts[i];
5093 int rc = VINF_SUCCESS;
5094
5095 Assert(i < 2);
5096
5097 rc = PDMCritSectEnter(&pCtl->lock, VINF_IOM_HC_IOPORT_WRITE);
5098 if (rc != VINF_SUCCESS)
5099 return rc;
5100 if (cb == 1)
5101 rc = ataIOPortWriteU8(pCtl, Port, u32);
5102 else if (Port == pCtl->IOPortBase1)
5103 {
5104 Assert(cb == 2 || cb == 4);
5105 rc = ataDataWrite(pCtl, Port, cb, (const uint8_t *)&u32);
5106 }
5107 else
5108 AssertMsgFailed(("ataIOPortWrite1: unsupported write to port %x val=%x size=%d\n", Port, u32, cb));
5109 LogBird(("ata: leaving critsect\n"));
5110 PDMCritSectLeave(&pCtl->lock);
5111 LogBird(("ata: left critsect\n"));
5112 return rc;
5113}
5114
5115
5116/**
5117 * Port I/O Handler for primary port range IN operations.
5118 * @see FNIOMIOPORTIN for details.
5119 */
5120PDMBOTHCBDECL(int) ataIOPortRead1(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t *pu32, unsigned cb)
5121{
5122 uint32_t i = (uint32_t)(uintptr_t)pvUser;
5123 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5124 PATACONTROLLER pCtl = &pThis->aCts[i];
5125 int rc = VINF_SUCCESS;
5126
5127 Assert(i < 2);
5128
5129 rc = PDMCritSectEnter(&pCtl->lock, VINF_IOM_HC_IOPORT_READ);
5130 if (rc != VINF_SUCCESS)
5131 return rc;
5132 if (cb == 1)
5133 {
5134 rc = ataIOPortReadU8(pCtl, Port, pu32);
5135 }
5136 else if (Port == pCtl->IOPortBase1)
5137 {
5138 Assert(cb == 2 || cb == 4);
5139 rc = ataDataRead(pCtl, Port, cb, (uint8_t *)pu32);
5140 if (cb == 2)
5141 *pu32 &= 0xffff;
5142 }
5143 else
5144 {
5145 AssertMsgFailed(("ataIOPortRead1: unsupported read from port %x size=%d\n", Port, cb));
5146 rc = VERR_IOM_IOPORT_UNUSED;
5147 }
5148 PDMCritSectLeave(&pCtl->lock);
5149 return rc;
5150}
5151
5152#ifndef IN_RING0
5153/**
5154 * Port I/O Handler for primary port range IN string operations.
5155 * @see FNIOMIOPORTINSTRING for details.
5156 */
5157PDMBOTHCBDECL(int) ataIOPortReadStr1(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, RTGCPTR *pGCPtrDst, PRTGCUINTREG pcTransfer, unsigned cb)
5158{
5159 uint32_t i = (uint32_t)(uintptr_t)pvUser;
5160 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5161 PATACONTROLLER pCtl = &pThis->aCts[i];
5162 int rc = VINF_SUCCESS;
5163
5164 Assert(i < 2);
5165
5166 rc = PDMCritSectEnter(&pCtl->lock, VINF_IOM_HC_IOPORT_READ);
5167 if (rc != VINF_SUCCESS)
5168 return rc;
5169 if (Port == pCtl->IOPortBase1)
5170 {
5171 uint32_t cTransAvailable, cTransfer = *pcTransfer, cbTransfer;
5172 RTGCPTR GCDst = *pGCPtrDst;
5173 ATADevState *s = &pCtl->aIfs[pCtl->iSelectedIf];
5174 Assert(cb == 2 || cb == 4);
5175
5176 cTransAvailable = (s->iIOBufferPIODataEnd - s->iIOBufferPIODataStart) / cb;
5177#ifndef IN_RING3
5178 /* The last transfer unit cannot be handled in GC, as it involves thread communication. */
5179 cTransAvailable--;
5180#endif /* !IN_RING3 */
5181 /* Do not handle the dummy transfer stuff here, leave it to the single-word transfers.
5182 * They are not performance-critical and generally shouldn't occur at all. */
5183 if (cTransAvailable > cTransfer)
5184 cTransAvailable = cTransfer;
5185 cbTransfer = cTransAvailable * cb;
5186
5187#ifdef IN_RC
5188 for (uint32_t i = 0; i < cbTransfer; i += cb)
5189 MMGCRamWriteNoTrapHandler((char *)GCDst + i, s->CTX_SUFF(pbIOBuffer) + s->iIOBufferPIODataStart + i, cb);
5190#else /* !IN_RC */
5191 rc = PGMPhysSimpleDirtyWriteGCPtr(PDMDevHlpGetVM(pDevIns), GCDst, s->CTX_SUFF(pbIOBuffer) + s->iIOBufferPIODataStart, cbTransfer);
5192 Assert(rc == VINF_SUCCESS);
5193#endif /* IN_RC */
5194
5195 if (cbTransfer)
5196 Log3(("%s: addr=%#x val=%.*Rhxs\n", __FUNCTION__, Port, cbTransfer, s->CTX_SUFF(pbIOBuffer) + s->iIOBufferPIODataStart));
5197 s->iIOBufferPIODataStart += cbTransfer;
5198 *pGCPtrDst = (RTGCPTR)((RTGCUINTPTR)GCDst + cbTransfer);
5199 *pcTransfer = cTransfer - cTransAvailable;
5200#ifdef IN_RING3
5201 if (s->iIOBufferPIODataStart >= s->iIOBufferPIODataEnd)
5202 ataPIOTransferFinish(pCtl, s);
5203#endif /* IN_RING3 */
5204 }
5205 PDMCritSectLeave(&pCtl->lock);
5206 return rc;
5207}
5208
5209
5210/**
5211 * Port I/O Handler for primary port range OUT string operations.
5212 * @see FNIOMIOPORTOUTSTRING for details.
5213 */
5214PDMBOTHCBDECL(int) ataIOPortWriteStr1(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, RTGCPTR *pGCPtrSrc, PRTGCUINTREG pcTransfer, unsigned cb)
5215{
5216 uint32_t i = (uint32_t)(uintptr_t)pvUser;
5217 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5218 PATACONTROLLER pCtl = &pThis->aCts[i];
5219 int rc;
5220
5221 Assert(i < 2);
5222
5223 rc = PDMCritSectEnter(&pCtl->lock, VINF_IOM_HC_IOPORT_WRITE);
5224 if (rc != VINF_SUCCESS)
5225 return rc;
5226 if (Port == pCtl->IOPortBase1)
5227 {
5228 uint32_t cTransAvailable, cTransfer = *pcTransfer, cbTransfer;
5229 RTGCPTR GCSrc = *pGCPtrSrc;
5230 ATADevState *s = &pCtl->aIfs[pCtl->iSelectedIf];
5231 Assert(cb == 2 || cb == 4);
5232
5233 cTransAvailable = (s->iIOBufferPIODataEnd - s->iIOBufferPIODataStart) / cb;
5234#ifndef IN_RING3
5235 /* The last transfer unit cannot be handled in GC, as it involves thread communication. */
5236 cTransAvailable--;
5237#endif /* !IN_RING3 */
5238 /* Do not handle the dummy transfer stuff here, leave it to the single-word transfers.
5239 * They are not performance-critical and generally shouldn't occur at all. */
5240 if (cTransAvailable > cTransfer)
5241 cTransAvailable = cTransfer;
5242 cbTransfer = cTransAvailable * cb;
5243
5244#ifdef IN_RC
5245 for (uint32_t i = 0; i < cbTransfer; i += cb)
5246 MMGCRamReadNoTrapHandler(s->CTX_SUFF(pbIOBuffer) + s->iIOBufferPIODataStart + i, (char *)GCSrc + i, cb);
5247#else /* !IN_RC */
5248 rc = PGMPhysSimpleReadGCPtr(PDMDevHlpGetVM(pDevIns), s->CTX_SUFF(pbIOBuffer) + s->iIOBufferPIODataStart, GCSrc, cbTransfer);
5249 Assert(rc == VINF_SUCCESS);
5250#endif /* IN_RC */
5251
5252 if (cbTransfer)
5253 Log3(("%s: addr=%#x val=%.*Rhxs\n", __FUNCTION__, Port, cbTransfer, s->CTX_SUFF(pbIOBuffer) + s->iIOBufferPIODataStart));
5254 s->iIOBufferPIODataStart += cbTransfer;
5255 *pGCPtrSrc = (RTGCPTR)((RTGCUINTPTR)GCSrc + cbTransfer);
5256 *pcTransfer = cTransfer - cTransAvailable;
5257#ifdef IN_RING3
5258 if (s->iIOBufferPIODataStart >= s->iIOBufferPIODataEnd)
5259 ataPIOTransferFinish(pCtl, s);
5260#endif /* IN_RING3 */
5261 }
5262 PDMCritSectLeave(&pCtl->lock);
5263 return rc;
5264}
5265#endif /* !IN_RING0 */
5266
5267/**
5268 * Port I/O Handler for secondary port range OUT operations.
5269 * @see FNIOMIOPORTOUT for details.
5270 */
5271PDMBOTHCBDECL(int) ataIOPortWrite2(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t u32, unsigned cb)
5272{
5273 uint32_t i = (uint32_t)(uintptr_t)pvUser;
5274 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5275 PATACONTROLLER pCtl = &pThis->aCts[i];
5276 int rc;
5277
5278 Assert(i < 2);
5279
5280 if (cb != 1)
5281 return VINF_SUCCESS;
5282 rc = PDMCritSectEnter(&pCtl->lock, VINF_IOM_HC_IOPORT_WRITE);
5283 if (rc != VINF_SUCCESS)
5284 return rc;
5285 rc = ataControlWrite(pCtl, Port, u32);
5286 PDMCritSectLeave(&pCtl->lock);
5287 return rc;
5288}
5289
5290
5291/**
5292 * Port I/O Handler for secondary port range IN operations.
5293 * @see FNIOMIOPORTIN for details.
5294 */
5295PDMBOTHCBDECL(int) ataIOPortRead2(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t *pu32, unsigned cb)
5296{
5297 uint32_t i = (uint32_t)(uintptr_t)pvUser;
5298 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5299 PATACONTROLLER pCtl = &pThis->aCts[i];
5300 int rc;
5301
5302 Assert(i < 2);
5303
5304 if (cb != 1)
5305 return VERR_IOM_IOPORT_UNUSED;
5306
5307 rc = PDMCritSectEnter(&pCtl->lock, VINF_IOM_HC_IOPORT_READ);
5308 if (rc != VINF_SUCCESS)
5309 return rc;
5310 *pu32 = ataStatusRead(pCtl, Port);
5311 PDMCritSectLeave(&pCtl->lock);
5312 return VINF_SUCCESS;
5313}
5314
5315#ifdef IN_RING3
5316
5317/**
5318 * Waits for all async I/O threads to complete whatever they
5319 * are doing at the moment.
5320 *
5321 * @returns true on success.
5322 * @returns false when one or more threads is still processing.
5323 * @param pThis Pointer to the instance data.
5324 * @param cMillies How long to wait (total).
5325 */
5326static bool ataWaitForAllAsyncIOIsIdle(PPDMDEVINS pDevIns, unsigned cMillies)
5327{
5328 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5329 bool fVMLocked;
5330 uint64_t u64Start;
5331 PATACONTROLLER pCtl;
5332 bool fAllIdle = false;
5333
5334 /* The only way to deal cleanly with the VM lock is to check whether
5335 * it is owned now (it always is owned by EMT, which is the current
5336 * thread). Since this function is called several times during VM
5337 * shutdown, and the VM lock is only held for the first call (which
5338 * can be either from ataPowerOff or ataSuspend), there is no other
5339 * reasonable solution. */
5340 fVMLocked = VMMR3LockIsOwner(PDMDevHlpGetVM(pDevIns));
5341
5342 if (fVMLocked)
5343 pDevIns->pDevHlpR3->pfnUnlockVM(pDevIns);
5344 /*
5345 * Wait for any pending async operation to finish
5346 */
5347 u64Start = RTTimeMilliTS();
5348 for (;;)
5349 {
5350 /* Check all async I/O threads. */
5351 fAllIdle = true;
5352 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
5353 {
5354 pCtl = &pThis->aCts[i];
5355
5356 /*
5357 * Only check if the thread is idling if the request mutex is set up.
5358 * It is possible that the creation of the first controller failed and that
5359 * the request mutex is not initialized on the second one yet
5360 * But it would be called without the following check.
5361 */
5362 if (pCtl->AsyncIORequestMutex != NIL_RTSEMEVENT)
5363 {
5364 fAllIdle &= ataAsyncIOIsIdle(pCtl, false);
5365 if (!fAllIdle)
5366 break;
5367 }
5368 }
5369 if ( fAllIdle
5370 || RTTimeMilliTS() - u64Start >= cMillies)
5371 break;
5372
5373 /* Sleep for a bit. */
5374 RTThreadSleep(100);
5375 }
5376
5377 if (fVMLocked)
5378 pDevIns->pDevHlpR3->pfnLockVM(pDevIns);
5379
5380 if (!fAllIdle)
5381 LogRel(("PIIX3 ATA: Ctl#%d is still executing, DevSel=%d AIOIf=%d CmdIf0=%#04x CmdIf1=%#04x\n",
5382 ATACONTROLLER_IDX(pCtl), pCtl->iSelectedIf, pCtl->iAIOIf,
5383 pCtl->aIfs[0].uATARegCommand, pCtl->aIfs[1].uATARegCommand));
5384
5385 return fAllIdle;
5386}
5387
5388
5389DECLINLINE(void) ataRelocBuffer(PPDMDEVINS pDevIns, ATADevState *s)
5390{
5391 if (s->pbIOBufferR3)
5392 s->pbIOBufferRC = MMHyperR3ToRC(PDMDevHlpGetVM(pDevIns), s->pbIOBufferR3);
5393}
5394
5395
5396/**
5397 * @copydoc FNPDMDEVRELOCATE
5398 */
5399static DECLCALLBACK(void) ataRelocate(PPDMDEVINS pDevIns, RTGCINTPTR offDelta)
5400{
5401 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5402
5403 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
5404 {
5405 pThis->aCts[i].pDevInsRC += offDelta;
5406 pThis->aCts[i].aIfs[0].pDevInsRC += offDelta;
5407 pThis->aCts[i].aIfs[0].pControllerRC += offDelta;
5408 ataRelocBuffer(pDevIns, &pThis->aCts[i].aIfs[0]);
5409 pThis->aCts[i].aIfs[1].pDevInsRC += offDelta;
5410 pThis->aCts[i].aIfs[1].pControllerRC += offDelta;
5411 ataRelocBuffer(pDevIns, &pThis->aCts[i].aIfs[1]);
5412 }
5413}
5414
5415
5416/**
5417 * Destroy a driver instance.
5418 *
5419 * Most VM resources are freed by the VM. This callback is provided so that any non-VM
5420 * resources can be freed correctly.
5421 *
5422 * @param pDevIns The device instance data.
5423 */
5424static DECLCALLBACK(int) ataDestruct(PPDMDEVINS pDevIns)
5425{
5426 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5427 int rc;
5428
5429 Log(("%s:\n", __FUNCTION__));
5430
5431 /*
5432 * Terminate all async helper threads
5433 */
5434 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
5435 {
5436 if (pThis->aCts[i].AsyncIOThread != NIL_RTTHREAD)
5437 {
5438 ASMAtomicXchgU32(&pThis->aCts[i].fShutdown, true);
5439 rc = RTSemEventSignal(pThis->aCts[i].AsyncIOSem);
5440 AssertRC(rc);
5441 }
5442 }
5443
5444 /*
5445 * Wait for them to complete whatever they are doing and then
5446 * for them to terminate.
5447 */
5448 if (ataWaitForAllAsyncIOIsIdle(pDevIns, 20000))
5449 {
5450 for (unsigned i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
5451 {
5452 rc = RTThreadWait(pThis->aCts[i].AsyncIOThread, 30000 /* 30 s*/, NULL);
5453 AssertMsgRC(rc || rc == VERR_INVALID_HANDLE, ("rc=%Rrc i=%d\n", rc, i));
5454 }
5455 }
5456 else
5457 AssertMsgFailed(("Async I/O is still busy!\n"));
5458
5459 /*
5460 * Now the request mutexes are no longer needed. Free resources.
5461 */
5462 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
5463 {
5464 if (pThis->aCts[i].AsyncIORequestMutex != NIL_RTSEMEVENT)
5465 {
5466 RTSemMutexDestroy(pThis->aCts[i].AsyncIORequestMutex);
5467 pThis->aCts[i].AsyncIORequestMutex = NIL_RTSEMEVENT;
5468 }
5469 }
5470 return VINF_SUCCESS;
5471}
5472
5473
5474/**
5475 * Detach notification.
5476 *
5477 * The DVD drive has been unplugged.
5478 *
5479 * @param pDevIns The device instance.
5480 * @param iLUN The logical unit which is being detached.
5481 */
5482static DECLCALLBACK(void) ataDetach(PPDMDEVINS pDevIns, unsigned iLUN)
5483{
5484 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5485 PATACONTROLLER pCtl;
5486 ATADevState *pIf;
5487 unsigned iController;
5488 unsigned iInterface;
5489
5490 /*
5491 * Locate the controller and stuff.
5492 */
5493 iController = iLUN / RT_ELEMENTS(pThis->aCts[0].aIfs);
5494 AssertReleaseMsg(iController < RT_ELEMENTS(pThis->aCts), ("iController=%d iLUN=%d\n", iController, iLUN));
5495 pCtl = &pThis->aCts[iController];
5496
5497 iInterface = iLUN % RT_ELEMENTS(pThis->aCts[0].aIfs);
5498 pIf = &pCtl->aIfs[iInterface];
5499
5500 /*
5501 * Zero some important members.
5502 */
5503 pIf->pDrvBase = NULL;
5504 pIf->pDrvBlock = NULL;
5505 pIf->pDrvBlockBios = NULL;
5506 pIf->pDrvMount = NULL;
5507
5508 /*
5509 * In case there was a medium inserted.
5510 */
5511 ataMediumRemoved(pIf);
5512}
5513
5514
5515/**
5516 * Configure a LUN.
5517 *
5518 * @returns VBox status code.
5519 * @param pDevIns The device instance.
5520 * @param pIf The ATA unit state.
5521 */
5522static int ataConfigLun(PPDMDEVINS pDevIns, ATADevState *pIf)
5523{
5524 int rc;
5525 PDMBLOCKTYPE enmType;
5526
5527 /*
5528 * Query Block, Bios and Mount interfaces.
5529 */
5530 pIf->pDrvBlock = (PDMIBLOCK *)pIf->pDrvBase->pfnQueryInterface(pIf->pDrvBase, PDMINTERFACE_BLOCK);
5531 if (!pIf->pDrvBlock)
5532 {
5533 AssertMsgFailed(("Configuration error: LUN#%d hasn't a block interface!\n", pIf->iLUN));
5534 return VERR_PDM_MISSING_INTERFACE;
5535 }
5536
5537 /** @todo implement the BIOS invisible code path. */
5538 pIf->pDrvBlockBios = (PDMIBLOCKBIOS *)pIf->pDrvBase->pfnQueryInterface(pIf->pDrvBase, PDMINTERFACE_BLOCK_BIOS);
5539 if (!pIf->pDrvBlockBios)
5540 {
5541 AssertMsgFailed(("Configuration error: LUN#%d hasn't a block BIOS interface!\n", pIf->iLUN));
5542 return VERR_PDM_MISSING_INTERFACE;
5543 }
5544 pIf->pDrvMount = (PDMIMOUNT *)pIf->pDrvBase->pfnQueryInterface(pIf->pDrvBase, PDMINTERFACE_MOUNT);
5545
5546 /*
5547 * Validate type.
5548 */
5549 enmType = pIf->pDrvBlock->pfnGetType(pIf->pDrvBlock);
5550 if ( enmType != PDMBLOCKTYPE_CDROM
5551 && enmType != PDMBLOCKTYPE_DVD
5552 && enmType != PDMBLOCKTYPE_HARD_DISK)
5553 {
5554 AssertMsgFailed(("Configuration error: LUN#%d isn't a disk or cd/dvd-rom. enmType=%d\n", pIf->iLUN, enmType));
5555 return VERR_PDM_UNSUPPORTED_BLOCK_TYPE;
5556 }
5557 if ( ( enmType == PDMBLOCKTYPE_DVD
5558 || enmType == PDMBLOCKTYPE_CDROM)
5559 && !pIf->pDrvMount)
5560 {
5561 AssertMsgFailed(("Internal error: cdrom without a mountable interface, WTF???!\n"));
5562 return VERR_INTERNAL_ERROR;
5563 }
5564 pIf->fATAPI = enmType == PDMBLOCKTYPE_DVD || enmType == PDMBLOCKTYPE_CDROM;
5565 pIf->fATAPIPassthrough = pIf->fATAPI ? (pIf->pDrvBlock->pfnSendCmd != NULL) : false;
5566
5567 /*
5568 * Allocate I/O buffer.
5569 */
5570 PVM pVM = PDMDevHlpGetVM(pDevIns);
5571 if (pIf->cbIOBuffer)
5572 {
5573 /* Buffer is (probably) already allocated. Validate the fields,
5574 * because memory corruption can also overwrite pIf->cbIOBuffer. */
5575 if (pIf->fATAPI)
5576 AssertRelease(pIf->cbIOBuffer == _128K);
5577 else
5578 AssertRelease(pIf->cbIOBuffer == ATA_MAX_MULT_SECTORS * 512);
5579 Assert(pIf->pbIOBufferR3);
5580 Assert(pIf->pbIOBufferR0 == MMHyperR3ToR0(pVM, pIf->pbIOBufferR3));
5581 Assert(pIf->pbIOBufferRC == MMHyperR3ToRC(pVM, pIf->pbIOBufferR3));
5582 }
5583 else
5584 {
5585 if (pIf->fATAPI)
5586 pIf->cbIOBuffer = _128K;
5587 else
5588 pIf->cbIOBuffer = ATA_MAX_MULT_SECTORS * 512;
5589 Assert(!pIf->pbIOBufferR3);
5590 rc = MMR3HyperAllocOnceNoRel(pVM, pIf->cbIOBuffer, 0, MM_TAG_PDM_DEVICE_USER, (void **)&pIf->pbIOBufferR3);
5591 if (RT_FAILURE(rc))
5592 return VERR_NO_MEMORY;
5593 pIf->pbIOBufferR0 = MMHyperR3ToR0(pVM, pIf->pbIOBufferR3);
5594 pIf->pbIOBufferRC = MMHyperR3ToRC(pVM, pIf->pbIOBufferR3);
5595 }
5596
5597 /*
5598 * Init geometry (only for non-CD/DVD media).
5599 */
5600 if (pIf->fATAPI)
5601 {
5602 pIf->cTotalSectors = pIf->pDrvBlock->pfnGetSize(pIf->pDrvBlock) / 2048;
5603 pIf->PCHSGeometry.cCylinders = 0; /* dummy */
5604 pIf->PCHSGeometry.cHeads = 0; /* dummy */
5605 pIf->PCHSGeometry.cSectors = 0; /* dummy */
5606 LogRel(("PIIX3 ATA: LUN#%d: CD/DVD, total number of sectors %Ld, passthrough %s\n", pIf->iLUN, pIf->cTotalSectors, (pIf->fATAPIPassthrough ? "enabled" : "disabled")));
5607 }
5608 else
5609 {
5610 pIf->cTotalSectors = pIf->pDrvBlock->pfnGetSize(pIf->pDrvBlock) / 512;
5611 rc = pIf->pDrvBlockBios->pfnGetPCHSGeometry(pIf->pDrvBlockBios,
5612 &pIf->PCHSGeometry);
5613 if (rc == VERR_PDM_MEDIA_NOT_MOUNTED)
5614 {
5615 pIf->PCHSGeometry.cCylinders = 0;
5616 pIf->PCHSGeometry.cHeads = 16; /*??*/
5617 pIf->PCHSGeometry.cSectors = 63; /*??*/
5618 }
5619 else if (rc == VERR_PDM_GEOMETRY_NOT_SET)
5620 {
5621 pIf->PCHSGeometry.cCylinders = 0; /* autodetect marker */
5622 rc = VINF_SUCCESS;
5623 }
5624 AssertRC(rc);
5625
5626 if ( pIf->PCHSGeometry.cCylinders == 0
5627 || pIf->PCHSGeometry.cHeads == 0
5628 || pIf->PCHSGeometry.cSectors == 0
5629 )
5630 {
5631 uint64_t cCylinders = pIf->cTotalSectors / (16 * 63);
5632 pIf->PCHSGeometry.cCylinders = RT_MAX(RT_MIN(cCylinders, 16383), 1);
5633 pIf->PCHSGeometry.cHeads = 16;
5634 pIf->PCHSGeometry.cSectors = 63;
5635 /* Set the disk geometry information. */
5636 rc = pIf->pDrvBlockBios->pfnSetPCHSGeometry(pIf->pDrvBlockBios,
5637 &pIf->PCHSGeometry);
5638 }
5639 LogRel(("PIIX3 ATA: LUN#%d: disk, PCHS=%u/%u/%u, total number of sectors %Ld\n", pIf->iLUN, pIf->PCHSGeometry.cCylinders, pIf->PCHSGeometry.cHeads, pIf->PCHSGeometry.cSectors, pIf->cTotalSectors));
5640 }
5641 return VINF_SUCCESS;
5642}
5643
5644
5645/**
5646 * Attach command.
5647 *
5648 * This is called when we change block driver for the DVD drive.
5649 *
5650 * @returns VBox status code.
5651 * @param pDevIns The device instance.
5652 * @param iLUN The logical unit which is being detached.
5653 */
5654static DECLCALLBACK(int) ataAttach(PPDMDEVINS pDevIns, unsigned iLUN)
5655{
5656 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5657 PATACONTROLLER pCtl;
5658 ATADevState *pIf;
5659 int rc;
5660 unsigned iController;
5661 unsigned iInterface;
5662
5663 /*
5664 * Locate the controller and stuff.
5665 */
5666 iController = iLUN / RT_ELEMENTS(pThis->aCts[0].aIfs);
5667 AssertReleaseMsg(iController < RT_ELEMENTS(pThis->aCts), ("iController=%d iLUN=%d\n", iController, iLUN));
5668 pCtl = &pThis->aCts[iController];
5669
5670 iInterface = iLUN % RT_ELEMENTS(pThis->aCts[0].aIfs);
5671 pIf = &pCtl->aIfs[iInterface];
5672
5673 /* the usual paranoia */
5674 AssertRelease(!pIf->pDrvBase);
5675 AssertRelease(!pIf->pDrvBlock);
5676 Assert(ATADEVSTATE_2_CONTROLLER(pIf) == pCtl);
5677 Assert(pIf->iLUN == iLUN);
5678
5679 /*
5680 * Try attach the block device and get the interfaces,
5681 * required as well as optional.
5682 */
5683 rc = PDMDevHlpDriverAttach(pDevIns, pIf->iLUN, &pIf->IBase, &pIf->pDrvBase, NULL);
5684 if (RT_SUCCESS(rc))
5685 {
5686 rc = ataConfigLun(pDevIns, pIf);
5687 /*
5688 * In case there is a medium inserted.
5689 */
5690 ataMediumInserted(pIf);
5691 }
5692 else
5693 AssertMsgFailed(("Failed to attach LUN#%d. rc=%Rrc\n", pIf->iLUN, rc));
5694
5695 if (RT_FAILURE(rc))
5696 {
5697 pIf->pDrvBase = NULL;
5698 pIf->pDrvBlock = NULL;
5699 }
5700 return rc;
5701}
5702
5703
5704/**
5705 * Suspend notification.
5706 *
5707 * @returns VBox status.
5708 * @param pDevIns The device instance data.
5709 */
5710static DECLCALLBACK(void) ataSuspend(PPDMDEVINS pDevIns)
5711{
5712 Log(("%s:\n", __FUNCTION__));
5713 if (!ataWaitForAllAsyncIOIsIdle(pDevIns, 20000))
5714 AssertMsgFailed(("Async I/O didn't stop in 20 seconds!\n"));
5715 return;
5716}
5717
5718
5719/**
5720 * Resume notification.
5721 *
5722 * @returns VBox status.
5723 * @param pDevIns The device instance data.
5724 */
5725static DECLCALLBACK(void) ataResume(PPDMDEVINS pDevIns)
5726{
5727 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5728 int rc;
5729
5730 Log(("%s:\n", __FUNCTION__));
5731 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
5732 {
5733 if (pThis->aCts[i].fRedo && pThis->aCts[i].fRedoIdle)
5734 {
5735 rc = RTSemEventSignal(pThis->aCts[i].SuspendIOSem);
5736 AssertRC(rc);
5737 }
5738 }
5739 return;
5740}
5741
5742
5743/**
5744 * Power Off notification.
5745 *
5746 * @returns VBox status.
5747 * @param pDevIns The device instance data.
5748 */
5749static DECLCALLBACK(void) ataPowerOff(PPDMDEVINS pDevIns)
5750{
5751 Log(("%s:\n", __FUNCTION__));
5752 if (!ataWaitForAllAsyncIOIsIdle(pDevIns, 20000))
5753 AssertMsgFailed(("Async I/O didn't stop in 20 seconds!\n"));
5754 return;
5755}
5756
5757
5758/**
5759 * Prepare state save and load operation.
5760 *
5761 * @returns VBox status code.
5762 * @param pDevIns Device instance of the device which registered the data unit.
5763 * @param pSSM SSM operation handle.
5764 */
5765static DECLCALLBACK(int) ataSaveLoadPrep(PPDMDEVINS pDevIns, PSSMHANDLE pSSM)
5766{
5767 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5768
5769 /* sanity - the suspend notification will wait on the async stuff. */
5770 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
5771 {
5772 Assert(ataAsyncIOIsIdle(&pThis->aCts[i], false));
5773 if (!ataAsyncIOIsIdle(&pThis->aCts[i], false))
5774 return VERR_SSM_IDE_ASYNC_TIMEOUT;
5775 }
5776 return VINF_SUCCESS;
5777}
5778
5779
5780/**
5781 * Saves a state of the ATA device.
5782 *
5783 * @returns VBox status code.
5784 * @param pDevIns The device instance.
5785 * @param pSSMHandle The handle to save the state to.
5786 */
5787static DECLCALLBACK(int) ataSaveExec(PPDMDEVINS pDevIns, PSSMHANDLE pSSMHandle)
5788{
5789 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5790
5791 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
5792 {
5793 SSMR3PutU8(pSSMHandle, pThis->aCts[i].iSelectedIf);
5794 SSMR3PutU8(pSSMHandle, pThis->aCts[i].iAIOIf);
5795 SSMR3PutU8(pSSMHandle, pThis->aCts[i].uAsyncIOState);
5796 SSMR3PutBool(pSSMHandle, pThis->aCts[i].fChainedTransfer);
5797 SSMR3PutBool(pSSMHandle, pThis->aCts[i].fReset);
5798 SSMR3PutBool(pSSMHandle, pThis->aCts[i].fRedo);
5799 SSMR3PutBool(pSSMHandle, pThis->aCts[i].fRedoIdle);
5800 SSMR3PutBool(pSSMHandle, pThis->aCts[i].fRedoDMALastDesc);
5801 SSMR3PutMem(pSSMHandle, &pThis->aCts[i].BmDma, sizeof(pThis->aCts[i].BmDma));
5802 SSMR3PutGCPhys32(pSSMHandle, pThis->aCts[i].pFirstDMADesc);
5803 SSMR3PutGCPhys32(pSSMHandle, pThis->aCts[i].pLastDMADesc);
5804 SSMR3PutGCPhys32(pSSMHandle, pThis->aCts[i].pRedoDMABuffer);
5805 SSMR3PutU32(pSSMHandle, pThis->aCts[i].cbRedoDMABuffer);
5806
5807 for (uint32_t j = 0; j < RT_ELEMENTS(pThis->aCts[i].aIfs); j++)
5808 {
5809 SSMR3PutBool(pSSMHandle, pThis->aCts[i].aIfs[j].fLBA48);
5810 SSMR3PutBool(pSSMHandle, pThis->aCts[i].aIfs[j].fATAPI);
5811 SSMR3PutBool(pSSMHandle, pThis->aCts[i].aIfs[j].fIrqPending);
5812 SSMR3PutU8(pSSMHandle, pThis->aCts[i].aIfs[j].cMultSectors);
5813 SSMR3PutU32(pSSMHandle, pThis->aCts[i].aIfs[j].PCHSGeometry.cCylinders);
5814 SSMR3PutU32(pSSMHandle, pThis->aCts[i].aIfs[j].PCHSGeometry.cHeads);
5815 SSMR3PutU32(pSSMHandle, pThis->aCts[i].aIfs[j].PCHSGeometry.cSectors);
5816 SSMR3PutU32(pSSMHandle, pThis->aCts[i].aIfs[j].cSectorsPerIRQ);
5817 SSMR3PutU64(pSSMHandle, pThis->aCts[i].aIfs[j].cTotalSectors);
5818 SSMR3PutU8(pSSMHandle, pThis->aCts[i].aIfs[j].uATARegFeature);
5819 SSMR3PutU8(pSSMHandle, pThis->aCts[i].aIfs[j].uATARegFeatureHOB);
5820 SSMR3PutU8(pSSMHandle, pThis->aCts[i].aIfs[j].uATARegError);
5821 SSMR3PutU8(pSSMHandle, pThis->aCts[i].aIfs[j].uATARegNSector);
5822 SSMR3PutU8(pSSMHandle, pThis->aCts[i].aIfs[j].uATARegNSectorHOB);
5823 SSMR3PutU8(pSSMHandle, pThis->aCts[i].aIfs[j].uATARegSector);
5824 SSMR3PutU8(pSSMHandle, pThis->aCts[i].aIfs[j].uATARegSectorHOB);
5825 SSMR3PutU8(pSSMHandle, pThis->aCts[i].aIfs[j].uATARegLCyl);
5826 SSMR3PutU8(pSSMHandle, pThis->aCts[i].aIfs[j].uATARegLCylHOB);
5827 SSMR3PutU8(pSSMHandle, pThis->aCts[i].aIfs[j].uATARegHCyl);
5828 SSMR3PutU8(pSSMHandle, pThis->aCts[i].aIfs[j].uATARegHCylHOB);
5829 SSMR3PutU8(pSSMHandle, pThis->aCts[i].aIfs[j].uATARegSelect);
5830 SSMR3PutU8(pSSMHandle, pThis->aCts[i].aIfs[j].uATARegStatus);
5831 SSMR3PutU8(pSSMHandle, pThis->aCts[i].aIfs[j].uATARegCommand);
5832 SSMR3PutU8(pSSMHandle, pThis->aCts[i].aIfs[j].uATARegDevCtl);
5833 SSMR3PutU8(pSSMHandle, pThis->aCts[i].aIfs[j].uATATransferMode);
5834 SSMR3PutU8(pSSMHandle, pThis->aCts[i].aIfs[j].uTxDir);
5835 SSMR3PutU8(pSSMHandle, pThis->aCts[i].aIfs[j].iBeginTransfer);
5836 SSMR3PutU8(pSSMHandle, pThis->aCts[i].aIfs[j].iSourceSink);
5837 SSMR3PutBool(pSSMHandle, pThis->aCts[i].aIfs[j].fDMA);
5838 SSMR3PutBool(pSSMHandle, pThis->aCts[i].aIfs[j].fATAPITransfer);
5839 SSMR3PutU32(pSSMHandle, pThis->aCts[i].aIfs[j].cbTotalTransfer);
5840 SSMR3PutU32(pSSMHandle, pThis->aCts[i].aIfs[j].cbElementaryTransfer);
5841 SSMR3PutU32(pSSMHandle, pThis->aCts[i].aIfs[j].iIOBufferCur);
5842 SSMR3PutU32(pSSMHandle, pThis->aCts[i].aIfs[j].iIOBufferEnd);
5843 SSMR3PutU32(pSSMHandle, pThis->aCts[i].aIfs[j].iIOBufferPIODataStart);
5844 SSMR3PutU32(pSSMHandle, pThis->aCts[i].aIfs[j].iIOBufferPIODataEnd);
5845 SSMR3PutU32(pSSMHandle, pThis->aCts[i].aIfs[j].iATAPILBA);
5846 SSMR3PutU32(pSSMHandle, pThis->aCts[i].aIfs[j].cbATAPISector);
5847 SSMR3PutMem(pSSMHandle, &pThis->aCts[i].aIfs[j].aATAPICmd, sizeof(pThis->aCts[i].aIfs[j].aATAPICmd));
5848 SSMR3PutMem(pSSMHandle, &pThis->aCts[i].aIfs[j].abATAPISense, sizeof(pThis->aCts[i].aIfs[j].abATAPISense));
5849 SSMR3PutU8(pSSMHandle, pThis->aCts[i].aIfs[j].cNotifiedMediaChange);
5850 SSMR3PutU32(pSSMHandle, pThis->aCts[i].aIfs[j].MediaEventStatus);
5851 SSMR3PutMem(pSSMHandle, &pThis->aCts[i].aIfs[j].Led, sizeof(pThis->aCts[i].aIfs[j].Led));
5852 SSMR3PutU32(pSSMHandle, pThis->aCts[i].aIfs[j].cbIOBuffer);
5853 if (pThis->aCts[i].aIfs[j].cbIOBuffer)
5854 SSMR3PutMem(pSSMHandle, pThis->aCts[i].aIfs[j].CTX_SUFF(pbIOBuffer), pThis->aCts[i].aIfs[j].cbIOBuffer);
5855 else
5856 Assert(pThis->aCts[i].aIfs[j].CTX_SUFF(pbIOBuffer) == NULL);
5857 }
5858 }
5859 SSMR3PutBool(pSSMHandle, pThis->fPIIX4);
5860
5861 return SSMR3PutU32(pSSMHandle, ~0); /* sanity/terminator */
5862}
5863
5864
5865/**
5866 * Loads a saved ATA device state.
5867 *
5868 * @returns VBox status code.
5869 * @param pDevIns The device instance.
5870 * @param pSSMHandle The handle to the saved state.
5871 * @param u32Version The data unit version number.
5872 */
5873static DECLCALLBACK(int) ataLoadExec(PPDMDEVINS pDevIns, PSSMHANDLE pSSMHandle, uint32_t u32Version)
5874{
5875 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5876 int rc;
5877 uint32_t u32;
5878
5879 if ( u32Version != ATA_SAVED_STATE_VERSION
5880 && u32Version != ATA_SAVED_STATE_VERSION_WITHOUT_FULL_SENSE
5881 && u32Version != ATA_SAVED_STATE_VERSION_WITHOUT_EVENT_STATUS)
5882 {
5883 AssertMsgFailed(("u32Version=%d\n", u32Version));
5884 return VERR_SSM_UNSUPPORTED_DATA_UNIT_VERSION;
5885 }
5886
5887 /*
5888 * Restore valid parts of the PCIATAState structure
5889 */
5890 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
5891 {
5892 /* integrity check */
5893 if (!ataAsyncIOIsIdle(&pThis->aCts[i], false))
5894 {
5895 AssertMsgFailed(("Async I/O for controller %d is active\n", i));
5896 rc = VERR_SSM_DATA_UNIT_FORMAT_CHANGED;
5897 return rc;
5898 }
5899
5900 SSMR3GetU8(pSSMHandle, &pThis->aCts[i].iSelectedIf);
5901 SSMR3GetU8(pSSMHandle, &pThis->aCts[i].iAIOIf);
5902 SSMR3GetU8(pSSMHandle, &pThis->aCts[i].uAsyncIOState);
5903 SSMR3GetBool(pSSMHandle, &pThis->aCts[i].fChainedTransfer);
5904 SSMR3GetBool(pSSMHandle, (bool *)&pThis->aCts[i].fReset);
5905 SSMR3GetBool(pSSMHandle, (bool *)&pThis->aCts[i].fRedo);
5906 SSMR3GetBool(pSSMHandle, (bool *)&pThis->aCts[i].fRedoIdle);
5907 SSMR3GetBool(pSSMHandle, (bool *)&pThis->aCts[i].fRedoDMALastDesc);
5908 SSMR3GetMem(pSSMHandle, &pThis->aCts[i].BmDma, sizeof(pThis->aCts[i].BmDma));
5909 SSMR3GetGCPhys32(pSSMHandle, &pThis->aCts[i].pFirstDMADesc);
5910 SSMR3GetGCPhys32(pSSMHandle, &pThis->aCts[i].pLastDMADesc);
5911 SSMR3GetGCPhys32(pSSMHandle, &pThis->aCts[i].pRedoDMABuffer);
5912 SSMR3GetU32(pSSMHandle, &pThis->aCts[i].cbRedoDMABuffer);
5913
5914 for (uint32_t j = 0; j < RT_ELEMENTS(pThis->aCts[i].aIfs); j++)
5915 {
5916 SSMR3GetBool(pSSMHandle, &pThis->aCts[i].aIfs[j].fLBA48);
5917 SSMR3GetBool(pSSMHandle, &pThis->aCts[i].aIfs[j].fATAPI);
5918 SSMR3GetBool(pSSMHandle, &pThis->aCts[i].aIfs[j].fIrqPending);
5919 SSMR3GetU8(pSSMHandle, &pThis->aCts[i].aIfs[j].cMultSectors);
5920 SSMR3GetU32(pSSMHandle, &pThis->aCts[i].aIfs[j].PCHSGeometry.cCylinders);
5921 SSMR3GetU32(pSSMHandle, &pThis->aCts[i].aIfs[j].PCHSGeometry.cHeads);
5922 SSMR3GetU32(pSSMHandle, &pThis->aCts[i].aIfs[j].PCHSGeometry.cSectors);
5923 SSMR3GetU32(pSSMHandle, &pThis->aCts[i].aIfs[j].cSectorsPerIRQ);
5924 SSMR3GetU64(pSSMHandle, &pThis->aCts[i].aIfs[j].cTotalSectors);
5925 SSMR3GetU8(pSSMHandle, &pThis->aCts[i].aIfs[j].uATARegFeature);
5926 SSMR3GetU8(pSSMHandle, &pThis->aCts[i].aIfs[j].uATARegFeatureHOB);
5927 SSMR3GetU8(pSSMHandle, &pThis->aCts[i].aIfs[j].uATARegError);
5928 SSMR3GetU8(pSSMHandle, &pThis->aCts[i].aIfs[j].uATARegNSector);
5929 SSMR3GetU8(pSSMHandle, &pThis->aCts[i].aIfs[j].uATARegNSectorHOB);
5930 SSMR3GetU8(pSSMHandle, &pThis->aCts[i].aIfs[j].uATARegSector);
5931 SSMR3GetU8(pSSMHandle, &pThis->aCts[i].aIfs[j].uATARegSectorHOB);
5932 SSMR3GetU8(pSSMHandle, &pThis->aCts[i].aIfs[j].uATARegLCyl);
5933 SSMR3GetU8(pSSMHandle, &pThis->aCts[i].aIfs[j].uATARegLCylHOB);
5934 SSMR3GetU8(pSSMHandle, &pThis->aCts[i].aIfs[j].uATARegHCyl);
5935 SSMR3GetU8(pSSMHandle, &pThis->aCts[i].aIfs[j].uATARegHCylHOB);
5936 SSMR3GetU8(pSSMHandle, &pThis->aCts[i].aIfs[j].uATARegSelect);
5937 SSMR3GetU8(pSSMHandle, &pThis->aCts[i].aIfs[j].uATARegStatus);
5938 SSMR3GetU8(pSSMHandle, &pThis->aCts[i].aIfs[j].uATARegCommand);
5939 SSMR3GetU8(pSSMHandle, &pThis->aCts[i].aIfs[j].uATARegDevCtl);
5940 SSMR3GetU8(pSSMHandle, &pThis->aCts[i].aIfs[j].uATATransferMode);
5941 SSMR3GetU8(pSSMHandle, &pThis->aCts[i].aIfs[j].uTxDir);
5942 SSMR3GetU8(pSSMHandle, &pThis->aCts[i].aIfs[j].iBeginTransfer);
5943 SSMR3GetU8(pSSMHandle, &pThis->aCts[i].aIfs[j].iSourceSink);
5944 SSMR3GetBool(pSSMHandle, &pThis->aCts[i].aIfs[j].fDMA);
5945 SSMR3GetBool(pSSMHandle, &pThis->aCts[i].aIfs[j].fATAPITransfer);
5946 SSMR3GetU32(pSSMHandle, &pThis->aCts[i].aIfs[j].cbTotalTransfer);
5947 SSMR3GetU32(pSSMHandle, &pThis->aCts[i].aIfs[j].cbElementaryTransfer);
5948 SSMR3GetU32(pSSMHandle, &pThis->aCts[i].aIfs[j].iIOBufferCur);
5949 SSMR3GetU32(pSSMHandle, &pThis->aCts[i].aIfs[j].iIOBufferEnd);
5950 SSMR3GetU32(pSSMHandle, &pThis->aCts[i].aIfs[j].iIOBufferPIODataStart);
5951 SSMR3GetU32(pSSMHandle, &pThis->aCts[i].aIfs[j].iIOBufferPIODataEnd);
5952 SSMR3GetU32(pSSMHandle, &pThis->aCts[i].aIfs[j].iATAPILBA);
5953 SSMR3GetU32(pSSMHandle, &pThis->aCts[i].aIfs[j].cbATAPISector);
5954 SSMR3GetMem(pSSMHandle, &pThis->aCts[i].aIfs[j].aATAPICmd, sizeof(pThis->aCts[i].aIfs[j].aATAPICmd));
5955 if (u32Version > ATA_SAVED_STATE_VERSION_WITHOUT_FULL_SENSE)
5956 {
5957 SSMR3GetMem(pSSMHandle, pThis->aCts[i].aIfs[j].abATAPISense, sizeof(pThis->aCts[i].aIfs[j].abATAPISense));
5958 }
5959 else
5960 {
5961 uint8_t uATAPISenseKey, uATAPIASC;
5962 memset(pThis->aCts[i].aIfs[j].abATAPISense, '\0', sizeof(pThis->aCts[i].aIfs[j].abATAPISense));
5963 pThis->aCts[i].aIfs[j].abATAPISense[0] = 0x70 | (1 << 7);
5964 pThis->aCts[i].aIfs[j].abATAPISense[7] = 10;
5965 SSMR3GetU8(pSSMHandle, &uATAPISenseKey);
5966 SSMR3GetU8(pSSMHandle, &uATAPIASC);
5967 pThis->aCts[i].aIfs[j].abATAPISense[2] = uATAPISenseKey & 0x0f;
5968 pThis->aCts[i].aIfs[j].abATAPISense[12] = uATAPIASC;
5969 }
5970 /** @todo triple-check this hack after passthrough is working */
5971 SSMR3GetU8(pSSMHandle, &pThis->aCts[i].aIfs[j].cNotifiedMediaChange);
5972 if (u32Version > ATA_SAVED_STATE_VERSION_WITHOUT_EVENT_STATUS)
5973 SSMR3GetU32(pSSMHandle, (uint32_t*)&pThis->aCts[i].aIfs[j].MediaEventStatus);
5974 else
5975 pThis->aCts[i].aIfs[j].MediaEventStatus = ATA_EVENT_STATUS_UNCHANGED;
5976 SSMR3GetMem(pSSMHandle, &pThis->aCts[i].aIfs[j].Led, sizeof(pThis->aCts[i].aIfs[j].Led));
5977 SSMR3GetU32(pSSMHandle, &pThis->aCts[i].aIfs[j].cbIOBuffer);
5978 if (pThis->aCts[i].aIfs[j].cbIOBuffer)
5979 {
5980 if (pThis->aCts[i].aIfs[j].CTX_SUFF(pbIOBuffer))
5981 SSMR3GetMem(pSSMHandle, pThis->aCts[i].aIfs[j].CTX_SUFF(pbIOBuffer), pThis->aCts[i].aIfs[j].cbIOBuffer);
5982 else
5983 {
5984 LogRel(("ATA: No buffer for %d/%d\n", i, j));
5985 if (SSMR3HandleGetAfter(pSSMHandle) != SSMAFTER_DEBUG_IT)
5986 return VERR_SSM_LOAD_CONFIG_MISMATCH;
5987
5988 /* skip the buffer if we're loading for the debugger / animator. */
5989 uint8_t u8Ignored;
5990 size_t cbLeft = pThis->aCts[i].aIfs[j].cbIOBuffer;
5991 while (cbLeft-- > 0)
5992 SSMR3GetU8(pSSMHandle, &u8Ignored);
5993 }
5994 }
5995 else
5996 Assert(pThis->aCts[i].aIfs[j].CTX_SUFF(pbIOBuffer) == NULL);
5997 }
5998 }
5999 SSMR3GetBool(pSSMHandle, &pThis->fPIIX4);
6000
6001 rc = SSMR3GetU32(pSSMHandle, &u32);
6002 if (RT_FAILURE(rc))
6003 return rc;
6004 if (u32 != ~0U)
6005 {
6006 AssertMsgFailed(("u32=%#x expected ~0\n", u32));
6007 rc = VERR_SSM_DATA_UNIT_FORMAT_CHANGED;
6008 return rc;
6009 }
6010
6011 return VINF_SUCCESS;
6012}
6013
6014
6015/**
6016 * Construct a device instance for a VM.
6017 *
6018 * @returns VBox status.
6019 * @param pDevIns The device instance data.
6020 * If the registration structure is needed, pDevIns->pDevReg points to it.
6021 * @param iInstance Instance number. Use this to figure out which registers and such to use.
6022 * The device number is also found in pDevIns->iInstance, but since it's
6023 * likely to be freqently used PDM passes it as parameter.
6024 * @param pCfgHandle Configuration node handle for the device. Use this to obtain the configuration
6025 * of the device instance. It's also found in pDevIns->pCfgHandle, but like
6026 * iInstance it's expected to be used a bit in this function.
6027 */
6028static DECLCALLBACK(int) ataConstruct(PPDMDEVINS pDevIns, int iInstance, PCFGMNODE pCfgHandle)
6029{
6030 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
6031 PPDMIBASE pBase;
6032 int rc;
6033 bool fGCEnabled;
6034 bool fR0Enabled;
6035 uint32_t DelayIRQMillies;
6036
6037 Assert(iInstance == 0);
6038
6039 /*
6040 * Initialize NIL handle values (for the destructor).
6041 */
6042 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
6043 {
6044 pThis->aCts[i].AsyncIOSem = NIL_RTSEMEVENT;
6045 pThis->aCts[i].SuspendIOSem = NIL_RTSEMEVENT;
6046 pThis->aCts[i].AsyncIORequestMutex = NIL_RTSEMEVENT;
6047 }
6048
6049 /*
6050 * Validate and read configuration.
6051 */
6052 if (!CFGMR3AreValuesValid(pCfgHandle, "GCEnabled\0IRQDelay\0R0Enabled\0PIIX4\0"))
6053 return PDMDEV_SET_ERROR(pDevIns, VERR_PDM_DEVINS_UNKNOWN_CFG_VALUES,
6054 N_("PIIX3 configuration error: unknown option specified"));
6055
6056 rc = CFGMR3QueryBoolDef(pCfgHandle, "GCEnabled", &fGCEnabled, true);
6057 if (RT_FAILURE(rc))
6058 return PDMDEV_SET_ERROR(pDevIns, rc,
6059 N_("PIIX3 configuration error: failed to read GCEnabled as boolean"));
6060 Log(("%s: fGCEnabled=%d\n", __FUNCTION__, fGCEnabled));
6061
6062 rc = CFGMR3QueryBoolDef(pCfgHandle, "R0Enabled", &fR0Enabled, true);
6063 if (RT_FAILURE(rc))
6064 return PDMDEV_SET_ERROR(pDevIns, rc,
6065 N_("PIIX3 configuration error: failed to read R0Enabled as boolean"));
6066 Log(("%s: fR0Enabled=%d\n", __FUNCTION__, fR0Enabled));
6067
6068 rc = CFGMR3QueryU32Def(pCfgHandle, "IRQDelay", &DelayIRQMillies, 0);
6069 if (RT_FAILURE(rc))
6070 return PDMDEV_SET_ERROR(pDevIns, rc,
6071 N_("PIIX3 configuration error: failed to read IRQDelay as integer"));
6072 Log(("%s: DelayIRQMillies=%d\n", __FUNCTION__, DelayIRQMillies));
6073 Assert(DelayIRQMillies < 50);
6074
6075 rc = CFGMR3QueryBoolDef(pCfgHandle, "PIIX4", &pThis->fPIIX4, false);
6076 if (RT_FAILURE(rc))
6077 return PDMDEV_SET_ERROR(pDevIns, rc,
6078 N_("PIIX3 configuration error: failed to read PIIX4 as boolean"));
6079 Log(("%s: fPIIX4=%d\n", __FUNCTION__, pThis->fPIIX4));
6080
6081 /*
6082 * Initialize data (most of it anyway).
6083 */
6084 /* Status LUN. */
6085 pThis->IBase.pfnQueryInterface = ataStatus_QueryInterface;
6086 pThis->ILeds.pfnQueryStatusLed = ataStatus_QueryStatusLed;
6087
6088 /* PCI configuration space. */
6089 PCIDevSetVendorId(&pThis->dev, 0x8086); /* Intel */
6090 if (pThis->fPIIX4)
6091 {
6092 PCIDevSetDeviceId(&pThis->dev, 0x7111); /* PIIX4 IDE */
6093 PCIDevSetRevisionId(&pThis->dev, 0x01); /* PIIX4E */
6094 pThis->dev.config[0x48] = 0x00; /* UDMACTL */
6095 pThis->dev.config[0x4A] = 0x00; /* UDMATIM */
6096 pThis->dev.config[0x4B] = 0x00;
6097 }
6098 else
6099 PCIDevSetDeviceId(&pThis->dev, 0x7010); /* PIIX3 IDE */
6100 PCIDevSetCommand( &pThis->dev, PCI_COMMAND_IOACCESS | PCI_COMMAND_MEMACCESS | PCI_COMMAND_BUSMASTER);
6101 PCIDevSetClassProg( &pThis->dev, 0x8a); /* programming interface = PCI_IDE bus master is supported */
6102 PCIDevSetClassSub( &pThis->dev, 0x01); /* class_sub = PCI_IDE */
6103 PCIDevSetClassBase( &pThis->dev, 0x01); /* class_base = PCI_mass_storage */
6104 PCIDevSetHeaderType(&pThis->dev, 0x00);
6105
6106 pThis->pDevIns = pDevIns;
6107 pThis->fGCEnabled = fGCEnabled;
6108 pThis->fR0Enabled = fR0Enabled;
6109 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
6110 {
6111 pThis->aCts[i].pDevInsR3 = pDevIns;
6112 pThis->aCts[i].pDevInsR0 = PDMDEVINS_2_R0PTR(pDevIns);
6113 pThis->aCts[i].pDevInsRC = PDMDEVINS_2_RCPTR(pDevIns);
6114 pThis->aCts[i].DelayIRQMillies = (uint32_t)DelayIRQMillies;
6115 for (uint32_t j = 0; j < RT_ELEMENTS(pThis->aCts[i].aIfs); j++)
6116 {
6117 pThis->aCts[i].aIfs[j].iLUN = i * RT_ELEMENTS(pThis->aCts) + j;
6118 pThis->aCts[i].aIfs[j].pDevInsR3 = pDevIns;
6119 pThis->aCts[i].aIfs[j].pDevInsR0 = PDMDEVINS_2_R0PTR(pDevIns);
6120 pThis->aCts[i].aIfs[j].pDevInsRC = PDMDEVINS_2_RCPTR(pDevIns);
6121 pThis->aCts[i].aIfs[j].pControllerR3 = &pThis->aCts[i];
6122 pThis->aCts[i].aIfs[j].pControllerR0 = MMHyperR3ToR0(PDMDevHlpGetVM(pDevIns), &pThis->aCts[i]);
6123 pThis->aCts[i].aIfs[j].pControllerRC = MMHyperR3ToRC(PDMDevHlpGetVM(pDevIns), &pThis->aCts[i]);
6124 pThis->aCts[i].aIfs[j].IBase.pfnQueryInterface = ataQueryInterface;
6125 pThis->aCts[i].aIfs[j].IMountNotify.pfnMountNotify = ataMountNotify;
6126 pThis->aCts[i].aIfs[j].IMountNotify.pfnUnmountNotify = ataUnmountNotify;
6127 pThis->aCts[i].aIfs[j].Led.u32Magic = PDMLED_MAGIC;
6128 }
6129 }
6130
6131 Assert(RT_ELEMENTS(pThis->aCts) == 2);
6132 pThis->aCts[0].irq = 14;
6133 pThis->aCts[0].IOPortBase1 = 0x1f0;
6134 pThis->aCts[0].IOPortBase2 = 0x3f6;
6135 pThis->aCts[1].irq = 15;
6136 pThis->aCts[1].IOPortBase1 = 0x170;
6137 pThis->aCts[1].IOPortBase2 = 0x376;
6138
6139 /*
6140 * Register the PCI device.
6141 * N.B. There's a hack in the PIIX3 PCI bridge device to assign this
6142 * device the slot next to itself.
6143 */
6144 rc = PDMDevHlpPCIRegister(pDevIns, &pThis->dev);
6145 if (RT_FAILURE(rc))
6146 return PDMDEV_SET_ERROR(pDevIns, rc,
6147 N_("PIIX3 cannot register PCI device"));
6148 AssertMsg(pThis->dev.devfn == 9 || iInstance != 0, ("pThis->dev.devfn=%d\n", pThis->dev.devfn));
6149 rc = PDMDevHlpPCIIORegionRegister(pDevIns, 4, 0x10, PCI_ADDRESS_SPACE_IO, ataBMDMAIORangeMap);
6150 if (RT_FAILURE(rc))
6151 return PDMDEV_SET_ERROR(pDevIns, rc,
6152 N_("PIIX3 cannot register PCI I/O region for BMDMA"));
6153
6154 /*
6155 * Register the I/O ports.
6156 * The ports are all hardcoded and enforced by the PIIX3 host bridge controller.
6157 */
6158 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
6159 {
6160 rc = PDMDevHlpIOPortRegister(pDevIns, pThis->aCts[i].IOPortBase1, 8, (RTHCPTR)i,
6161 ataIOPortWrite1, ataIOPortRead1, ataIOPortWriteStr1, ataIOPortReadStr1, "ATA I/O Base 1");
6162 if (RT_FAILURE(rc))
6163 return PDMDEV_SET_ERROR(pDevIns, rc, N_("PIIX3 cannot register I/O handlers"));
6164
6165 if (fGCEnabled)
6166 {
6167 rc = PDMDevHlpIOPortRegisterGC(pDevIns, pThis->aCts[i].IOPortBase1, 8, (RTGCPTR)i,
6168 "ataIOPortWrite1", "ataIOPortRead1", "ataIOPortWriteStr1", "ataIOPortReadStr1", "ATA I/O Base 1");
6169 if (RT_FAILURE(rc))
6170 return PDMDEV_SET_ERROR(pDevIns, rc, N_("PIIX3 cannot register I/O handlers (GC)"));
6171 }
6172
6173 if (fR0Enabled)
6174 {
6175#if 1
6176 rc = PDMDevHlpIOPortRegisterR0(pDevIns, pThis->aCts[i].IOPortBase1, 8, (RTR0PTR)i,
6177 "ataIOPortWrite1", "ataIOPortRead1", NULL, NULL, "ATA I/O Base 1");
6178#else
6179 rc = PDMDevHlpIOPortRegisterR0(pDevIns, pThis->aCts[i].IOPortBase1, 8, (RTR0PTR)i,
6180 "ataIOPortWrite1", "ataIOPortRead1", "ataIOPortWriteStr1", "ataIOPortReadStr1", "ATA I/O Base 1");
6181#endif
6182 if (RT_FAILURE(rc))
6183 return PDMDEV_SET_ERROR(pDevIns, rc, "PIIX3 cannot register I/O handlers (R0).");
6184 }
6185
6186 rc = PDMDevHlpIOPortRegister(pDevIns, pThis->aCts[i].IOPortBase2, 1, (RTHCPTR)i,
6187 ataIOPortWrite2, ataIOPortRead2, NULL, NULL, "ATA I/O Base 2");
6188 if (RT_FAILURE(rc))
6189 return PDMDEV_SET_ERROR(pDevIns, rc, N_("PIIX3 cannot register base2 I/O handlers"));
6190
6191 if (fGCEnabled)
6192 {
6193 rc = PDMDevHlpIOPortRegisterGC(pDevIns, pThis->aCts[i].IOPortBase2, 1, (RTGCPTR)i,
6194 "ataIOPortWrite2", "ataIOPortRead2", NULL, NULL, "ATA I/O Base 2");
6195 if (RT_FAILURE(rc))
6196 return PDMDEV_SET_ERROR(pDevIns, rc, N_("PIIX3 cannot register base2 I/O handlers (GC)"));
6197 }
6198 if (fR0Enabled)
6199 {
6200 rc = PDMDevHlpIOPortRegisterR0(pDevIns, pThis->aCts[i].IOPortBase2, 1, (RTR0PTR)i,
6201 "ataIOPortWrite2", "ataIOPortRead2", NULL, NULL, "ATA I/O Base 2");
6202 if (RT_FAILURE(rc))
6203 return PDMDEV_SET_ERROR(pDevIns, rc, N_("PIIX3 cannot register base2 I/O handlers (R0)"));
6204 }
6205
6206 for (uint32_t j = 0; j < RT_ELEMENTS(pThis->aCts[i].aIfs); j++)
6207 {
6208 ATADevState *pIf = &pThis->aCts[i].aIfs[j];
6209 PDMDevHlpSTAMRegisterF(pDevIns, &pIf->StatATADMA, STAMTYPE_COUNTER, STAMVISIBILITY_ALWAYS, STAMUNIT_OCCURENCES, "Number of ATA DMA transfers.", "/Devices/ATA%d/Unit%d/DMA", i, j);
6210 PDMDevHlpSTAMRegisterF(pDevIns, &pIf->StatATAPIO, STAMTYPE_COUNTER, STAMVISIBILITY_ALWAYS, STAMUNIT_OCCURENCES, "Number of ATA PIO transfers.", "/Devices/ATA%d/Unit%d/PIO", i, j);
6211 PDMDevHlpSTAMRegisterF(pDevIns, &pIf->StatATAPIDMA, STAMTYPE_COUNTER, STAMVISIBILITY_ALWAYS, STAMUNIT_OCCURENCES, "Number of ATAPI DMA transfers.", "/Devices/ATA%d/Unit%d/AtapiDMA", i, j);
6212 PDMDevHlpSTAMRegisterF(pDevIns, &pIf->StatATAPIPIO, STAMTYPE_COUNTER, STAMVISIBILITY_ALWAYS, STAMUNIT_OCCURENCES, "Number of ATAPI PIO transfers.", "/Devices/ATA%d/Unit%d/AtapiPIO", i, j);
6213#ifdef VBOX_WITH_STATISTICS /** @todo release too. */
6214 PDMDevHlpSTAMRegisterF(pDevIns, &pIf->StatReads, STAMTYPE_PROFILE_ADV, STAMVISIBILITY_ALWAYS, STAMUNIT_TICKS_PER_CALL, "Profiling of the read operations.", "/Devices/ATA%d/Unit%d/Reads", i, j);
6215#endif
6216 PDMDevHlpSTAMRegisterF(pDevIns, &pIf->StatBytesRead, STAMTYPE_COUNTER, STAMVISIBILITY_ALWAYS, STAMUNIT_BYTES, "Amount of data read.", "/Devices/ATA%d/Unit%d/ReadBytes", i, j);
6217#ifdef VBOX_INSTRUMENT_DMA_WRITES
6218 PDMDevHlpSTAMRegisterF(pDevIns, &pIf->StatInstrVDWrites,STAMTYPE_PROFILE_ADV, STAMVISIBILITY_ALWAYS, STAMUNIT_TICKS_PER_CALL, "Profiling of the VD DMA write operations.","/Devices/ATA%d/Unit%d/InstrVDWrites", i, j);
6219#endif
6220#ifdef VBOX_WITH_STATISTICS
6221 PDMDevHlpSTAMRegisterF(pDevIns, &pIf->StatWrites, STAMTYPE_PROFILE_ADV, STAMVISIBILITY_ALWAYS, STAMUNIT_TICKS_PER_CALL, "Profiling of the write operations.","/Devices/ATA%d/Unit%d/Writes", i, j);
6222#endif
6223 PDMDevHlpSTAMRegisterF(pDevIns, &pIf->StatBytesWritten, STAMTYPE_COUNTER, STAMVISIBILITY_ALWAYS, STAMUNIT_BYTES, "Amount of data written.", "/Devices/ATA%d/Unit%d/WrittenBytes", i, j);
6224#ifdef VBOX_WITH_STATISTICS
6225 PDMDevHlpSTAMRegisterF(pDevIns, &pIf->StatFlushes, STAMTYPE_PROFILE, STAMVISIBILITY_ALWAYS, STAMUNIT_TICKS_PER_CALL, "Profiling of the flush operations.","/Devices/ATA%d/Unit%d/Flushes", i, j);
6226#endif
6227 }
6228#ifdef VBOX_WITH_STATISTICS /** @todo release too. */
6229 PDMDevHlpSTAMRegisterF(pDevIns, &pThis->aCts[i].StatAsyncOps, STAMTYPE_COUNTER, STAMVISIBILITY_ALWAYS, STAMUNIT_OCCURENCES, "The number of async operations.", "/Devices/ATA%d/Async/Operations", i);
6230 /** @todo STAMUNIT_MICROSECS */
6231 PDMDevHlpSTAMRegisterF(pDevIns, &pThis->aCts[i].StatAsyncMinWait, STAMTYPE_U64_RESET, STAMVISIBILITY_ALWAYS, STAMUNIT_NONE, "Minimum wait in microseconds.", "/Devices/ATA%d/Async/MinWait", i);
6232 PDMDevHlpSTAMRegisterF(pDevIns, &pThis->aCts[i].StatAsyncMaxWait, STAMTYPE_U64_RESET, STAMVISIBILITY_ALWAYS, STAMUNIT_NONE, "Maximum wait in microseconds.", "/Devices/ATA%d/Async/MaxWait", i);
6233 PDMDevHlpSTAMRegisterF(pDevIns, &pThis->aCts[i].StatAsyncTimeUS, STAMTYPE_COUNTER, STAMVISIBILITY_ALWAYS, STAMUNIT_NONE, "Total time spent in microseconds.","/Devices/ATA%d/Async/TotalTimeUS", i);
6234 PDMDevHlpSTAMRegisterF(pDevIns, &pThis->aCts[i].StatAsyncTime, STAMTYPE_PROFILE_ADV, STAMVISIBILITY_ALWAYS, STAMUNIT_TICKS_PER_CALL, "Profiling of async operations.", "/Devices/ATA%d/Async/Time", i);
6235 PDMDevHlpSTAMRegisterF(pDevIns, &pThis->aCts[i].StatLockWait, STAMTYPE_PROFILE, STAMVISIBILITY_ALWAYS, STAMUNIT_TICKS_PER_CALL, "Profiling of locks.", "/Devices/ATA%d/Async/LockWait", i);
6236#endif /* VBOX_WITH_STATISTICS */
6237
6238 /* Initialize per-controller critical section */
6239 char szName[24];
6240 RTStrPrintf(szName, sizeof(szName), "ATA%d", i);
6241 rc = PDMDevHlpCritSectInit(pDevIns, &pThis->aCts[i].lock, szName);
6242 if (RT_FAILURE(rc))
6243 return PDMDEV_SET_ERROR(pDevIns, rc, N_("PIIX3 cannot initialize critical section"));
6244 }
6245
6246 /*
6247 * Attach status driver (optional).
6248 */
6249 rc = PDMDevHlpDriverAttach(pDevIns, PDM_STATUS_LUN, &pThis->IBase, &pBase, "Status Port");
6250 if (RT_SUCCESS(rc))
6251 pThis->pLedsConnector = (PDMILEDCONNECTORS *)pBase->pfnQueryInterface(pBase, PDMINTERFACE_LED_CONNECTORS);
6252 else if (rc != VERR_PDM_NO_ATTACHED_DRIVER)
6253 {
6254 AssertMsgFailed(("Failed to attach to status driver. rc=%Rrc\n", rc));
6255 return PDMDEV_SET_ERROR(pDevIns, rc, N_("PIIX3 cannot attach to status driver"));
6256 }
6257
6258 /*
6259 * Attach the units.
6260 */
6261 uint32_t cbTotalBuffer = 0;
6262 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
6263 {
6264 PATACONTROLLER pCtl = &pThis->aCts[i];
6265
6266 /*
6267 * Start the worker thread.
6268 */
6269 pCtl->uAsyncIOState = ATA_AIO_NEW;
6270 rc = RTSemEventCreate(&pCtl->AsyncIOSem);
6271 AssertRC(rc);
6272 rc = RTSemEventCreate(&pCtl->SuspendIOSem);
6273 AssertRC(rc);
6274 rc = RTSemMutexCreate(&pCtl->AsyncIORequestMutex);
6275 AssertRC(rc);
6276 ataAsyncIOClearRequests(pCtl);
6277 rc = RTThreadCreate(&pCtl->AsyncIOThread, ataAsyncIOLoop, (void *)pCtl, 128*1024, RTTHREADTYPE_IO, RTTHREADFLAGS_WAITABLE, "ATA");
6278 AssertRC(rc);
6279 Assert(pCtl->AsyncIOThread != NIL_RTTHREAD && pCtl->AsyncIOSem != NIL_RTSEMEVENT && pCtl->SuspendIOSem != NIL_RTSEMEVENT && pCtl->AsyncIORequestMutex != NIL_RTSEMMUTEX);
6280 Log(("%s: controller %d AIO thread id %#x; sem %p susp_sem %p mutex %p\n", __FUNCTION__, i, pCtl->AsyncIOThread, pCtl->AsyncIOSem, pCtl->SuspendIOSem, pCtl->AsyncIORequestMutex));
6281
6282 for (uint32_t j = 0; j < RT_ELEMENTS(pCtl->aIfs); j++)
6283 {
6284 static const char *s_apszDescs[RT_ELEMENTS(pThis->aCts)][RT_ELEMENTS(pCtl->aIfs)] =
6285 {
6286 { "Primary Master", "Primary Slave" },
6287 { "Secondary Master", "Secondary Slave" }
6288 };
6289
6290 /*
6291 * Try attach the block device and get the interfaces,
6292 * required as well as optional.
6293 */
6294 ATADevState *pIf = &pCtl->aIfs[j];
6295
6296 rc = PDMDevHlpDriverAttach(pDevIns, pIf->iLUN, &pIf->IBase, &pIf->pDrvBase, s_apszDescs[i][j]);
6297 if (RT_SUCCESS(rc))
6298 rc = ataConfigLun(pDevIns, pIf);
6299 else if (rc == VERR_PDM_NO_ATTACHED_DRIVER)
6300 {
6301 pIf->pDrvBase = NULL;
6302 pIf->pDrvBlock = NULL;
6303 pIf->cbIOBuffer = 0;
6304 pIf->pbIOBufferR3 = NULL;
6305 pIf->pbIOBufferR0 = NIL_RTR0PTR;
6306 pIf->pbIOBufferRC = NIL_RTGCPTR;
6307 LogRel(("PIIX3 ATA: LUN#%d: no unit\n", pIf->iLUN));
6308 }
6309 else
6310 {
6311 switch (rc)
6312 {
6313 case VERR_ACCESS_DENIED:
6314 /* Error already catched by DrvHostBase */
6315 return rc;
6316 default:
6317 return PDMDevHlpVMSetError(pDevIns, rc, RT_SRC_POS,
6318 N_("PIIX3 cannot attach drive to the %s"),
6319 s_apszDescs[i][j]);
6320 }
6321 }
6322 cbTotalBuffer += pIf->cbIOBuffer;
6323 }
6324 }
6325
6326 rc = PDMDevHlpSSMRegister(pDevIns, pDevIns->pDevReg->szDeviceName, iInstance,
6327 ATA_SAVED_STATE_VERSION, sizeof(*pThis) + cbTotalBuffer,
6328 ataSaveLoadPrep, ataSaveExec, NULL,
6329 ataSaveLoadPrep, ataLoadExec, NULL);
6330 if (RT_FAILURE(rc))
6331 return PDMDEV_SET_ERROR(pDevIns, rc, N_("PIIX3 cannot register save state handlers"));
6332
6333 /*
6334 * Initialize the device state.
6335 */
6336 ataReset(pDevIns);
6337
6338 return VINF_SUCCESS;
6339}
6340
6341
6342/**
6343 * The device registration structure.
6344 */
6345const PDMDEVREG g_DevicePIIX3IDE =
6346{
6347 /* u32Version */
6348 PDM_DEVREG_VERSION,
6349 /* szDeviceName */
6350 "piix3ide",
6351 /* szRCMod */
6352 "VBoxDDGC.gc",
6353 /* szR0Mod */
6354 "VBoxDDR0.r0",
6355 /* pszDescription */
6356 "Intel PIIX3 ATA controller.\n"
6357 " LUN #0 is primary master.\n"
6358 " LUN #1 is primary slave.\n"
6359 " LUN #2 is secondary master.\n"
6360 " LUN #3 is secondary slave.\n"
6361 " LUN #999 is the LED/Status connector.",
6362 /* fFlags */
6363 PDM_DEVREG_FLAGS_DEFAULT_BITS | PDM_DEVREG_FLAGS_RC | PDM_DEVREG_FLAGS_R0,
6364 /* fClass */
6365 PDM_DEVREG_CLASS_STORAGE,
6366 /* cMaxInstances */
6367 1,
6368 /* cbInstance */
6369 sizeof(PCIATAState),
6370 /* pfnConstruct */
6371 ataConstruct,
6372 /* pfnDestruct */
6373 ataDestruct,
6374 /* pfnRelocate */
6375 ataRelocate,
6376 /* pfnIOCtl */
6377 NULL,
6378 /* pfnPowerOn */
6379 NULL,
6380 /* pfnReset */
6381 ataReset,
6382 /* pfnSuspend */
6383 ataSuspend,
6384 /* pfnResume */
6385 ataResume,
6386 /* pfnAttach */
6387 ataAttach,
6388 /* pfnDetach */
6389 ataDetach,
6390 /* pfnQueryInterface. */
6391 NULL,
6392 /* pfnInitComplete */
6393 NULL,
6394 /* pfnPowerOff */
6395 ataPowerOff,
6396 /* pfnSoftReset */
6397 NULL,
6398 /* u32VersionEnd */
6399 PDM_DEVREG_VERSION
6400};
6401#endif /* IN_RING3 */
6402#endif /* !VBOX_DEVICE_STRUCT_TESTCASE */
6403
Note: See TracBrowser for help on using the repository browser.

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette